;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : C2B860F940C2D7347ADFFA5C47C6B24C
; File Name : u:\work\c2b860f940c2d7347adffa5c47c6b24c_orig.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00007CAC ( 31916.)
; Section size in file : 00007E00 ( 32256.)
; Offset to raw data for section: 00000400
; Flags 60000020: Text Executable Readable
; Alignment : default
include uni.inc ; see unicode subdir of ida for info on unicode
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_401000(HWND hWnd, UINT hDC, WPARAM wParam, LPARAM lParam)
sub_401000 proc near ; DATA XREF: sub_4059CE+12B�o
Paint = tagPAINTSTRUCT ptr -5Ch
Rect = tagRECT ptr -1Ch
var_C = LOGBRUSH ptr -0Ch
hWnd = dword ptr 8
hDC = dword ptr 0Ch
wParam = dword ptr 10h
lParam = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 5Ch
cmp [ebp+hDC], 0Fh
jz short loc_401037
cmp [ebp+hDC], 46h
mov eax, [ebp+lParam]
jnz short loc_401022
or dword ptr [eax+18h], 10h
mov ecx, dword_434180
mov [eax+4], ecx
loc_401022: ; CODE XREF: sub_401000+13�j
push eax ; lParam
push [ebp+wParam] ; wParam
push [ebp+hDC] ; Msg
push [ebp+hWnd] ; hWnd
call ds:DefWindowProcA ; DefWindowProcA
jmp locret_401179
; ---------------------------------------------------------------------------
loc_401037: ; CODE XREF: sub_401000+A�j
push ebx
push esi
mov esi, dword_434188
push edi
lea eax, [ebp+Paint]
push eax ; lpPaint
push [ebp+hWnd] ; hWnd
call ds:BeginPaint ; BeginPaint
and [ebp+var_C.lbStyle], 0
mov [ebp+hDC], eax
lea eax, [ebp+Rect]
push eax ; lpRect
push [ebp+hWnd] ; hWnd
call ds:GetClientRect ; GetClientRect
mov edi, [ebp+Rect.bottom]
and [ebp+Rect.bottom], 0
mov ebx, ds:DeleteObject
jmp loc_4010F3
; ---------------------------------------------------------------------------
loc_401073: ; CODE XREF: sub_401000+F6�j
movzx eax, byte ptr [esi+52h]
movzx edx, byte ptr [esi+56h]
imul edx, [ebp+Rect.top]
mov ecx, edi
sub ecx, [ebp+Rect.top]
imul eax, ecx
add eax, edx
cdq
idiv edi
xor edx, edx
mov [ebp+wParam], ecx
mov dh, al
movzx eax, byte ptr [esi+51h]
imul eax, ecx
movzx ecx, byte ptr [esi+55h]
imul ecx, [ebp+Rect.top]
add eax, ecx
mov ecx, edx
cdq
idiv edi
movzx edx, byte ptr [esi+54h]
imul edx, [ebp+Rect.top]
mov cl, al
movzx eax, byte ptr [esi+50h]
imul eax, [ebp+wParam]
add eax, edx
cdq
idiv edi
shl ecx, 8
movzx eax, al
or ecx, eax
lea eax, [ebp+var_C]
push eax ; LOGBRUSH *
mov [ebp+var_C.lbColor], ecx
call ds:CreateBrushIndirect ; CreateBrushIndirect
add [ebp+Rect.bottom], 4
push eax ; hbr
mov [ebp+lParam], eax
lea eax, [ebp+Rect]
push eax ; lprc
push [ebp+hDC] ; hDC
call ds:FillRect ; FillRect
push [ebp+lParam] ; HGDIOBJ
call ebx ; DeleteObject
add [ebp+Rect.top], 4
loc_4010F3: ; CODE XREF: sub_401000+6E�j
cmp [ebp+Rect.top], edi
jl loc_401073
cmp dword ptr [esi+58h], 0FFFFFFFFh
jz short loc_401167
push dword ptr [esi+34h] ; LOGFONTA *
call ds:CreateFontIndirectA ; CreateFontIndirectA
test eax, eax
mov [ebp+lParam], eax
jz short loc_401167
mov edi, [ebp+hDC]
push 1 ; int
push edi ; HDC
mov [ebp+Rect.left], 10h
mov [ebp+Rect.top], 8
call ds:SetBkMode ; SetBkMode
push dword ptr [esi+58h] ; COLORREF
push edi ; HDC
call ds:SetTextColor ; SetTextColor
push [ebp+lParam] ; HGDIOBJ
mov esi, ds:SelectObject
push edi ; HDC
call esi ; SelectObject
push 820h ; uFormat
mov [ebp+hDC], eax
lea eax, [ebp+Rect]
push eax ; lpRect
push 0FFFFFFFFh ; nCount
push offset Caption ; lpString
push edi ; hDC
call ds:DrawTextA ; DrawTextA
push [ebp+hDC] ; HGDIOBJ
push edi ; HDC
call esi ; SelectObject
push [ebp+lParam] ; HGDIOBJ
call ebx ; DeleteObject
loc_401167: ; CODE XREF: sub_401000+100�j
; sub_401000+110�j
lea eax, [ebp+Paint]
push eax ; lpPaint
push [ebp+hWnd] ; hWnd
call ds:EndPaint ; EndPaint
pop edi
pop esi
xor eax, eax
pop ebx
locret_401179: ; CODE XREF: sub_401000+32�j
leave
retn 10h
sub_401000 endp
; =============== S U B R O U T I N E =======================================
sub_40117D proc near ; CODE XREF: sub_40161F+1B27�p
; sub_404A08+33D�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
mov eax, dword_4341A8
mov edx, ecx
imul edx, 418h
mov edx, [edx+eax+8]
test dl, 2
jz short locret_4011EC
push esi
push edi
lea esi, [ecx+1]
xor edi, edi
cmp esi, dword_4341AC
jnb short loc_4011EA
mov ecx, esi
imul ecx, 418h
lea eax, [ecx+eax+8]
push ebx
loc_4011B3: ; CODE XREF: sub_40117D+6A�j
mov ecx, [eax]
test cl, 2
jz short loc_4011BD
inc edi
jmp short loc_4011DB
; ---------------------------------------------------------------------------
loc_4011BD: ; CODE XREF: sub_40117D+3B�j
test cl, 4
jz short loc_4011CB
mov ecx, edi
dec edi
test ecx, ecx
jz short loc_4011E9
jmp short loc_4011DB
; ---------------------------------------------------------------------------
loc_4011CB: ; CODE XREF: sub_40117D+43�j
test cl, 10h
jnz short loc_4011DB
mov ebx, ecx
xor ebx, edx
and ebx, 1
xor ebx, ecx
mov [eax], ebx
loc_4011DB: ; CODE XREF: sub_40117D+3E�j
; sub_40117D+4C�j ...
inc esi
add eax, 418h
cmp esi, dword_4341AC
jb short loc_4011B3
loc_4011E9: ; CODE XREF: sub_40117D+4A�j
pop ebx
loc_4011EA: ; CODE XREF: sub_40117D+27�j
pop edi
pop esi
locret_4011EC: ; CODE XREF: sub_40117D+18�j
retn 4
sub_40117D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4011EF proc near ; CODE XREF: sub_4011EF+57�p
; sub_40129E+4�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
mov edx, [ebp+arg_0]
push ebx
push esi
mov esi, edx
imul esi, 418h
push edi
mov edi, dword_4341A8
mov eax, [esi+edi+8]
xor ecx, ecx
test al, 2
mov [ebp+var_4], ecx
mov [ebp+var_8], ecx
jz short loc_401225
cmp [ebp+arg_4], ecx
jnz short loc_401225
and eax, 0FFFFFFBEh
mov [esi+edi+8], eax
inc edx
loc_401225: ; CODE XREF: sub_4011EF+27�j
; sub_4011EF+2C�j
cmp edx, dword_4341AC
jnb short loc_401271
loc_40122D: ; CODE XREF: sub_4011EF+80�j
mov eax, edx
imul eax, 418h
lea ebx, [eax+edi+8]
mov ecx, [ebx]
test cl, 2
lea eax, [edx+1]
jz short loc_40124D
push 0
push edx
call sub_4011EF
mov ecx, [ebx]
loc_40124D: ; CODE XREF: sub_4011EF+52�j
test cl, 4
jnz short loc_40127A
test cl, 40h
jz short loc_40125A
inc [ebp+var_4]
loc_40125A: ; CODE XREF: sub_4011EF+66�j
test cl, 1
jz short loc_401264
inc [ebp+var_4]
jmp short loc_401267
; ---------------------------------------------------------------------------
loc_401264: ; CODE XREF: sub_4011EF+6E�j
inc [ebp+var_8]
loc_401267: ; CODE XREF: sub_4011EF+73�j
cmp eax, dword_4341AC
mov edx, eax
jb short loc_40122D
loc_401271: ; CODE XREF: sub_4011EF+3C�j
xor eax, eax
loc_401273: ; CODE XREF: sub_4011EF+8F�j
; sub_4011EF+9E�j ...
pop edi
pop esi
pop ebx
leave
retn 8
; ---------------------------------------------------------------------------
loc_40127A: ; CODE XREF: sub_4011EF+61�j
cmp [ebp+var_4], 0
jz short loc_401273
cmp [ebp+var_8], 0
lea ecx, [esi+edi+8]
jz short loc_40128F
or dword ptr [ecx], 40h
jmp short loc_401273
; ---------------------------------------------------------------------------
loc_40128F: ; CODE XREF: sub_4011EF+99�j
mov edx, [ecx]
and edx, 0FFFFFF7Fh
or edx, 1
mov [ecx], edx
jmp short loc_401273
sub_4011EF endp
; =============== S U B R O U T I N E =======================================
sub_40129E proc near ; CODE XREF: sub_40161F+1B53�p
; sub_404A08+478�p ...
push 1
push 0
call sub_4011EF
retn
sub_40129E endp
; =============== S U B R O U T I N E =======================================
sub_4012A8 proc near ; CODE XREF: sub_40161F+1B4E�p
; sub_404A08+3F9�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
mov eax, dword_4341A8
push esi
xor esi, esi
cmp ecx, 20h
jnb short loc_4012EF
cmp dword_4341AC, esi
jbe short loc_4012EF
lea edx, [eax+8]
push edi
loc_4012C5: ; CODE XREF: sub_4012A8+44�j
mov eax, [edx]
test al, 6
jnz short loc_4012DF
xor edi, edi
inc edi
shl edi, cl
test [edx-4], edi
jz short loc_4012DA
or eax, 1
jmp short loc_4012DD
; ---------------------------------------------------------------------------
loc_4012DA: ; CODE XREF: sub_4012A8+2B�j
and eax, 0FFFFFFFEh
loc_4012DD: ; CODE XREF: sub_4012A8+30�j
mov [edx], eax
loc_4012DF: ; CODE XREF: sub_4012A8+21�j
inc esi
add edx, 418h
cmp esi, dword_4341AC
jb short loc_4012C5
pop edi
loc_4012EF: ; CODE XREF: sub_4012A8+F�j
; sub_4012A8+17�j
pop esi
retn 4
sub_4012A8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4012F3 proc near ; CODE XREF: sub_40161F+1B5B�p
; sub_404A08+494�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, dword_434188
and [ebp+var_4], 0
push ebx
push esi
add eax, 94h
push edi
mov edi, dword_4341AC
mov [ebp+var_8], eax
loc_401313: ; CODE XREF: sub_4012F3+7F�j
mov eax, [ebp+var_8]
xor ebx, ebx
cmp [eax], ebx
jz short loc_401367
cmp ebx, edi
jnb short loc_401365
mov esi, dword_4341A8
add esi, 8
loc_401329: ; CODE XREF: sub_4012F3+6E�j
mov edx, [esi]
test dl, 6
jnz short loc_401358
mov eax, [ebp+arg_0]
test eax, eax
jz short loc_40133D
cmp dword ptr [eax+ebx*4], 0
jz short loc_401358
loc_40133D: ; CODE XREF: sub_4012F3+42�j
mov ecx, [ebp+var_4]
xor eax, eax
inc eax
shl eax, cl
mov ecx, [esi-4]
and edx, 1
and ecx, eax
mov eax, ecx
mov ecx, [ebp+var_4]
shl edx, cl
cmp eax, edx
jnz short loc_401363
loc_401358: ; CODE XREF: sub_4012F3+3B�j
; sub_4012F3+48�j
inc ebx
add esi, 418h
cmp ebx, edi
jb short loc_401329
loc_401363: ; CODE XREF: sub_4012F3+63�j
cmp ebx, edi
loc_401365: ; CODE XREF: sub_4012F3+2B�j
jz short loc_401374
loc_401367: ; CODE XREF: sub_4012F3+27�j
inc [ebp+var_4]
add [ebp+var_8], 4
cmp [ebp+var_4], 20h
jb short loc_401313
loc_401374: ; CODE XREF: sub_4012F3:loc_401365�j
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn 4
sub_4012F3 endp
; =============== S U B R O U T I N E =======================================
sub_40137E proc near ; CODE XREF: sub_403646+178�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
cmp dword_40D0A4, 0
push esi
jnz short loc_4013B5
xor ecx, ecx
loc_40138A: ; CODE XREF: sub_40137E+35�j
push 8
mov eax, ecx
pop esi
loc_40138F: ; CODE XREF: sub_40137E+25�j
mov edx, eax
and dl, 1
neg dl
sbb edx, edx
and edx, 0EDB88320h
shr eax, 1
xor eax, edx
dec esi
jnz short loc_40138F
mov dword_40D0A0[ecx*4], eax
inc ecx
cmp ecx, 100h
jl short loc_40138A
loc_4013B5: ; CODE XREF: sub_40137E+8�j
mov esi, [esp+4+arg_8]
test esi, esi
mov eax, [esp+4+arg_0]
not eax
jbe short loc_4013E1
mov ecx, [esp+4+arg_4]
loc_4013C7: ; CODE XREF: sub_40137E+61�j
xor edx, edx
mov dl, [ecx]
xor edx, eax
and edx, 0FFh
shr eax, 8
xor eax, dword_40D0A0[edx*4]
inc ecx
dec esi
jnz short loc_4013C7
loc_4013E1: ; CODE XREF: sub_40137E+43�j
not eax
pop esi
retn 0Ch
sub_40137E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_4013E7(int, HWND hWnd)
sub_4013E7 proc near ; CODE XREF: sub_4014C9+10�p
; sub_40161F+E4�p ...
arg_0 = dword ptr 8
hWnd = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
test edi, edi
jl loc_4014B9
mov esi, [ebp+hWnd]
mov ebx, 400h
loc_401400: ; CODE XREF: sub_4013E7+CC�j
mov ecx, dword_4341B0
mov eax, edi
shl eax, 5
add eax, ecx
mov ecx, [eax]
cmp ecx, 1
jz loc_4014B9
test dword_4341E4, ebx
jz short loc_40142A
cmp ecx, 14h
jz short loc_40142A
cmp ecx, 3Eh
jnz short loc_40145D
loc_40142A: ; CODE XREF: sub_4013E7+37�j
; sub_4013E7+3C�j
push eax ; FilePart
call sub_40161F
mov esi, eax
cmp esi, 7FFFFFFFh
jz loc_4014C2
test dword_4341E4, ebx
jnz short loc_40145D
test esi, esi
jge short loc_40145F
inc esi
shl esi, 0Ah
mov eax, offset dword_435000
sub eax, esi
push eax
call sub_405F99
mov esi, eax
loc_40145D: ; CODE XREF: sub_4013E7+41�j
; sub_4013E7+5D�j
test esi, esi
loc_40145F: ; CODE XREF: sub_4013E7+61�j
jz short loc_401472
test dword_4341E4, ebx
jnz short loc_401472
dec esi
mov eax, edi
mov edi, esi
sub esi, eax
jmp short loc_401474
; ---------------------------------------------------------------------------
loc_401472: ; CODE XREF: sub_4013E7:loc_40145F�j
; sub_4013E7+80�j
inc esi
inc edi
loc_401474: ; CODE XREF: sub_4013E7+89�j
cmp [ebp+hWnd], 0
jz short loc_4014B1
mov eax, dword_433964
add nNumber, esi
xor ecx, ecx
test eax, eax
setz cl
push 0 ; lParam
add ecx, eax
push ecx ; nDenominator
push 7530h ; nNumerator
push nNumber ; nNumber
call ds:MulDiv ; MulDiv
push eax ; wParam
push 402h ; Msg
push [ebp+hWnd] ; hWnd
call ds:SendMessageA ; SendMessageA
loc_4014B1: ; CODE XREF: sub_4013E7+91�j
test edi, edi
jge loc_401400
loc_4014B9: ; CODE XREF: sub_4013E7+B�j
; sub_4013E7+2B�j
xor eax, eax
loc_4014BB: ; CODE XREF: sub_4013E7+E0�j
pop edi
pop esi
pop ebx
pop ebp
retn 8
; ---------------------------------------------------------------------------
loc_4014C2: ; CODE XREF: sub_4013E7+51�j
mov eax, 7FFFFFFFh
jmp short loc_4014BB
sub_4013E7 endp
; =============== S U B R O U T I N E =======================================
sub_4014C9 proc near ; CODE XREF: start+490�p sub_404093+44�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, dword_434188
push 0 ; hWnd
push dword ptr [ecx+eax*4+6Ch] ; int
call sub_4013E7
retn 4
sub_4014C9 endp
; =============== S U B R O U T I N E =======================================
sub_4014E1 proc near ; CODE XREF: sub_40161F+26B�p
; sub_40161F+368�p ...
arg_0 = dword ptr 4
push offset byte_40D8A8 ; lpString2
push [esp+4+arg_0] ; int
call sub_405013
retn 4
sub_4014E1 endp
; =============== S U B R O U T I N E =======================================
sub_4014F2 proc near ; CODE XREF: sub_40161F+13F�p
; sub_40161F+183�p ...
mov eax, dword_40F0E4
push dword ptr [eax+ecx*4] ; lpString2
push 0 ; lpString1
call sub_4066B7
push eax
call sub_405F99
retn
sub_4014F2 endp
; =============== S U B R O U T I N E =======================================
sub_401508 proc near ; CODE XREF: sub_4015D6+2D�p
; sub_40161F+79�p ...
test esi, esi
mov eax, esi
jge short loc_401510
neg eax
loc_401510: ; CODE XREF: sub_401508+4�j
mov edx, dword_40F0E4
mov ecx, eax
sar eax, 4
push edi
and ecx, 0Fh
push dword ptr [edx+ecx*4] ; lpString2
shl eax, 0Ah
add eax, offset Text
push eax ; lpString1
call sub_4066B7
test esi, esi
mov edi, eax
jge short loc_40153C
push edi ; lpszCurrent
call sub_40602E
loc_40153C: ; CODE XREF: sub_401508+2C�j
mov eax, edi
pop edi
retn
sub_401508 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_401540(HKEY hKey, LPCSTR lpSubKey, int)
sub_401540 proc near ; CODE XREF: sub_401540+42�p
; sub_40161F+1386�p
SubKey = byte ptr -10Ch
phkResult = dword ptr -4
hKey = dword ptr 8
lpSubKey = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10Ch
push ebx
push esi
push edi
lea eax, [ebp+phkResult]
push eax ; phkResult
push 8 ; samDesired
xor ebx, ebx
push ebx ; ulOptions
push [ebp+lpSubKey] ; lpSubKey
push [ebp+hKey] ; hKey
call ds:RegOpenKeyExA ; RegOpenKeyExA
cmp eax, ebx
jnz short loc_4015B2
mov esi, ds:RegEnumKeyA
mov edi, 105h
jmp short loc_40158B
; ---------------------------------------------------------------------------
loc_401572: ; CODE XREF: sub_401540+5B�j
cmp [ebp+arg_8], ebx
jnz short loc_4015B9
push ebx ; int
lea eax, [ebp+SubKey]
push eax ; lpSubKey
push [ebp+phkResult] ; hKey
call sub_401540
test eax, eax
jnz short loc_40159D
loc_40158B: ; CODE XREF: sub_401540+30�j
push edi ; cbName
lea eax, [ebp+SubKey]
push eax ; lpName
push ebx ; dwIndex
push [ebp+phkResult] ; hKey
call esi ; RegEnumKeyA
test eax, eax
jz short loc_401572
loc_40159D: ; CODE XREF: sub_401540+49�j
push [ebp+phkResult] ; hKey
call ds:RegCloseKey ; RegCloseKey
push [ebp+lpSubKey] ; lpSubKey
push [ebp+hKey] ; hKey
call ds:RegDeleteKeyA ; RegDeleteKeyA
loc_4015B2: ; CODE XREF: sub_401540+23�j
; sub_401540+85�j
pop edi
pop esi
pop ebx
leave
retn 0Ch
; ---------------------------------------------------------------------------
loc_4015B9: ; CODE XREF: sub_401540+35�j
push [ebp+phkResult] ; hKey
call ds:RegCloseKey ; RegCloseKey
xor eax, eax
inc eax
jmp short loc_4015B2
sub_401540 endp
; ---------------------------------------------------------------------------
test eax, eax
jnz short locret_4015D5
mov eax, dword_434204
add eax, 80000001h
locret_4015D5: ; CODE XREF: .text:004015C9�j
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_4015D6(REGSAM phkResult)
sub_4015D6 proc near ; CODE XREF: sub_40161F+130F�p
; sub_40161F+14C6�p ...
phkResult = dword ptr 8
push ebp
mov ebp, esp
mov eax, dword_40F0E4
mov eax, [eax+4]
test eax, eax
push esi
push edi
jz short loc_4015EB
mov edi, eax
jmp short loc_4015F7
; ---------------------------------------------------------------------------
loc_4015EB: ; CODE XREF: sub_4015D6+F�j
mov edi, dword_434204
add edi, 80000001h
loc_4015F7: ; CODE XREF: sub_4015D6+13�j
lea eax, [ebp+phkResult]
push eax ; phkResult
push [ebp+phkResult] ; samDesired
push 0 ; ulOptions
push 22h
pop esi
call sub_401508
push eax ; lpSubKey
push edi ; hKey
call ds:RegOpenKeyExA ; RegOpenKeyExA
neg eax
sbb eax, eax
not eax
and eax, [ebp+phkResult]
pop edi
pop esi
pop ebp
retn 4
sub_4015D6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_40161F(LPCSTR FilePart)
sub_40161F proc near ; CODE XREF: sub_4013E7+44�p
FindFileData = _WIN32_FIND_DATAA ptr -1A4h
NumberOfBytesWritten= dword ptr -64h
Msg = MSG ptr -60h
lpAppName = dword ptr -40h
var_3C = dword ptr -3Ch
arglist = dword ptr -38h
dwFileAttributes= dword ptr -34h
nDenominator = dword ptr -30h
FileTime2 = FILETIME ptr -2Ch
var_24 = dword ptr -24h
Buffer = byte ptr -19h
pBlock = dword ptr -18h
puLen = dword ptr -14h
lpString2 = dword ptr -10h
hModule = dword ptr -0Ch
dwResult = dword ptr -8
var_4 = dword ptr -4
FilePart = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1A4h
mov eax, dword_434180
and [ebp+hModule], 0
and [ebp+var_4], 0
push ebx
push esi
mov esi, [ebp+FilePart]
push edi
push 8
pop ecx
lea edi, [ebp+var_3C]
rep movsd
mov edx, [ebp+dwFileAttributes]
mov esi, [ebp+arglist]
lea ecx, [ebp+arglist]
mov dword_40F0E4, ecx
mov ecx, [ebp+var_3C]
mov [ebp+lpString2], eax
mov ebx, edx
shl ebx, 0Ah
mov eax, esi
shl eax, 0Ah
add ecx, 0FFFFFFFEh
add ebx, offset dword_435000
cmp ecx, 42h ; switch 67 cases
lea edi, dword_435000[eax]
ja loc_4031EB ; default
; jumptable 0040167A cases 64,65
jmp ds:off_4031FD[ecx*4] ; switch jump
loc_401681: ; DATA XREF: .text:off_4031FD�o
push esi ; jumptable 0040167A case 0
push offset aJumpD ; "Jump: %d"
call sub_406171
mov eax, [ebp+arglist]
pop ecx
pop ecx
jmp loc_4031F6
; ---------------------------------------------------------------------------
loc_401696: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
xor esi, esi ; jumptable 0040167A case 1
call sub_401508
push eax ; arglist
push offset aAbortingS ; "Aborting: \"%s\""
call sub_406171
pop ecx
pop ecx
push esi ; lpString2
push [ebp+arglist] ; int
loc_4016AE: ; CODE XREF: sub_40161F+646�j
call sub_405013
jmp loc_402E66
; ---------------------------------------------------------------------------
loc_4016B8: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
inc dword_433954 ; jumptable 0040167A case 2
cmp [ebp+lpString2], 0
jz loc_402E66
push 0 ; nExitCode
call ds:PostQuitMessage ; PostQuitMessage
jmp loc_402E66
; ---------------------------------------------------------------------------
loc_4016D5: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
test esi, esi ; jumptable 0040167A case 3
jge short loc_4016EE
mov ecx, offset dword_435000
sub ecx, eax
sub ecx, 400h
push ecx
call sub_405F99
jmp short loc_4016F0
; ---------------------------------------------------------------------------
loc_4016EE: ; CODE XREF: sub_40161F+B8�j
mov eax, esi
loc_4016F0: ; CODE XREF: sub_40161F+CD�j
lea esi, [eax-1]
push esi ; arglist
push offset aCallD ; "Call: %d"
call sub_406171
pop ecx
pop ecx
push 0 ; hWnd
push esi ; int
call sub_4013E7
jmp loc_4031F6
; ---------------------------------------------------------------------------
loc_40170D: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
test edx, edx ; jumptable 0040167A case 4
jz short loc_40173A
test dl, 8
jz short loc_401725
mov eax, dword_40D008
mov dword_40D03C, eax
jmp loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_401725: ; CODE XREF: sub_40161F+F5�j
mov eax, dword_40D03C
mov dword_40D008, eax
mov dword_40D03C, edx
jmp loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_40173A: ; CODE XREF: sub_40161F+F0�j
xor esi, esi
call sub_401508
push eax ; arglist
push offset aDetailprintS ; "detailprint: %s"
call sub_406171
pop ecx
pop ecx
push esi ; lpString2
push [ebp+arglist] ; int
call sub_405013
jmp loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_40175C: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
xor ecx, ecx ; jumptable 0040167A case 5
call sub_4014F2
mov esi, eax
push esi ; arglist
push offset aSleepD ; "Sleep(%d)"
call sub_406171
cmp esi, 1
pop ecx
pop ecx
jg short loc_40177A
xor esi, esi
inc esi
loc_40177A: ; CODE XREF: sub_40161F+156�j
push esi ; dwMilliseconds
call ds:Sleep ; Sleep
jmp loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_401786: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
push offset aBringtofront ; jumptable 0040167A case 6
call sub_406171
pop ecx
push [ebp+lpString2] ; hWnd
call ds:SetForegroundWindow ; SetForegroundWindow
jmp loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_40179F: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
xor ecx, ecx ; jumptable 0040167A case 11
inc ecx
call sub_4014F2
mov ecx, [ebp+arglist]
mov dword_434200[ecx*4], eax
jmp loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_4017B6: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
mov ecx, [ebp+nDenominator] ; jumptable 0040167A case 12
mov edx, [ebp+FileTime2.dwLowDateTime]
xor eax, eax
lea ecx, ds:434200h[ecx*4]
cmp [ecx], eax
setz al
and [ecx], edx
mov eax, [ebp+eax*4+arglist]
jmp loc_4031F6
; ---------------------------------------------------------------------------
loc_4017D5: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
push dword_434200[edx*4] ; jumptable 0040167A case 13
loc_4017DC: ; CODE XREF: sub_40161F+7B8�j
; sub_40161F+962�j ...
push edi
jmp loc_403181
; ---------------------------------------------------------------------------
loc_4017E2: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
mov eax, hWnd ; jumptable 0040167A case 7
test eax, eax
mov edi, ds:ShowWindow
jz short loc_4017F8
push edx ; nCmdShow
push eax ; hWnd
call edi ; ShowWindow
mov esi, [ebp+arglist]
loc_4017F8: ; CODE XREF: sub_40161F+1D0�j
mov eax, dword_43394C
test eax, eax
jz loc_4031EB ; default
; jumptable 0040167A cases 64,65
push esi ; nCmdShow
push eax ; hWnd
call edi ; ShowWindow
jmp loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_40180E: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
push 0FFFFFFF0h ; jumptable 0040167A case 8
pop esi
call sub_401508
push [ebp+dwFileAttributes]
mov esi, eax
push esi ; arglist
push offset aSetfileattribu ; "SetFileAttributes: \"%s\":%08X"
call sub_406171
add esp, 0Ch
push [ebp+dwFileAttributes] ; dwFileAttributes
push esi ; lpFileName
call ds:SetFileAttributesA ; SetFileAttributesA
test eax, eax
jnz loc_4031EB ; default
; jumptable 0040167A cases 64,65
push offset aSetfileattri_0 ; "SetFileAttributes failed."
mov [ebp+var_4], 1
call sub_406171
jmp loc_4030C4
; ---------------------------------------------------------------------------
loc_401851: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
push 0FFFFFFF0h ; jumptable 0040167A case 9
pop esi
call sub_401508
push [ebp+dwFileAttributes]
mov esi, eax
push esi ; arglist
push offset aCreatedirector ; "CreateDirectory: \"%s\" (%d)"
call sub_406171
add esp, 0Ch
cmp byte ptr [esi], 0
jz short loc_401882
push esi ; lpFileName
call sub_4062D0
test eax, eax
jnz short loc_401882
mov [ebp+var_4], 1
loc_401882: ; CODE XREF: sub_40161F+250�j
; sub_40161F+25A�j
cmp [ebp+dwFileAttributes], 0
jz short loc_4018A6
push 0FFFFFFE6h
call sub_4014E1
push esi ; lpString2
push offset CurrentDirectory ; lpString1
call lstrcpyA ; lstrcpyA
push esi ; lpPathName
call ds:SetCurrentDirectoryA ; SetCurrentDirectoryA
jmp loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_4018A6: ; CODE XREF: sub_40161F+267�j
push 0FFFFFFF5h
jmp loc_402795
; ---------------------------------------------------------------------------
loc_4018AD: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
xor esi, esi ; jumptable 0040167A case 10
call sub_401508
push 10h
pop esi
mov edi, eax
call sub_401508
push edi ; lpFileName
mov esi, eax
call sub_40618D
test eax, eax
jz short loc_4018E0
push [ebp+dwFileAttributes]
push esi ; arglist
push offset aIffileexistsFi ; "IfFileExists: file \"%s\" exists, jumping"...
call sub_406171
add esp, 0Ch
jmp loc_40213D
; ---------------------------------------------------------------------------
loc_4018E0: ; CODE XREF: sub_40161F+2A9�j
push [ebp+nDenominator]
push esi ; arglist
push offset aIffileexists_0 ; "IfFileExists: file \"%s\" does not exist,"...
call sub_406171
add esp, 0Ch
loc_4018F1: ; CODE XREF: sub_40161F+861�j
; sub_40161F+8B9�j ...
mov eax, [ebp+nDenominator]
jmp loc_4031F6
; ---------------------------------------------------------------------------
loc_4018F9: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
push 0FFFFFFD0h ; jumptable 0040167A case 14
pop esi
call sub_401508
push 0FFFFFFDFh
pop esi
mov [ebp+FilePart], eax
call sub_401508
push [ebp+FilePart] ; lpString2
mov ebx, offset byte_40D8A8
push ebx ; lpString1
mov edi, eax
call lstrcpyA ; lstrcpyA
push edi ; lpString
call lstrlenA ; lstrlenA
push [ebp+FilePart] ; lpString
mov esi, eax
call lstrlenA ; lstrlenA
add esi, eax
cmp esi, 3FDh
jge short loc_401948
mov esi, ds:lstrcatA
push offset String2 ; "->"
push ebx ; lpString1
call esi ; lstrcatA
push edi ; lpString2
push ebx ; lpString1
call esi ; lstrcatA
loc_401948: ; CODE XREF: sub_40161F+315�j
push ebx ; arglist
push offset aRenameS ; "Rename: %s"
call sub_406171
pop ecx
pop ecx
push edi ; lpNewFileName
push [ebp+FilePart] ; lpExistingFileName
call ds:MoveFileA ; MoveFileA
test eax, eax
jz short loc_40196A
push 0FFFFFFE3h
jmp loc_402795
; ---------------------------------------------------------------------------
loc_40196A: ; CODE XREF: sub_40161F+342�j
cmp [ebp+nDenominator], 0
jz short loc_401997
push [ebp+FilePart] ; lpFileName
call sub_40618D
test eax, eax
jz short loc_401997
push edi ; lpFileName
push [ebp+FilePart] ; arglist
call sub_406326
push 0FFFFFFE4h
call sub_4014E1
push ebx
push offset aRenameOnReboot ; "Rename on reboot: %s"
jmp loc_4030BE
; ---------------------------------------------------------------------------
loc_401997: ; CODE XREF: sub_40161F+34F�j
; sub_40161F+35B�j
push ebx
mov [ebp+var_4], 1
push offset aRenameFailedS ; "Rename failed: %s"
jmp loc_4030BE
; ---------------------------------------------------------------------------
loc_4019A9: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
xor esi, esi ; jumptable 0040167A case 15
call sub_401508
mov esi, eax
lea eax, [ebp+FilePart]
push eax ; lpFilePart
push ebx ; lpBuffer
mov edi, 400h
push edi ; nBufferLength
push esi ; lpFileName
call ds:GetFullPathNameA ; GetFullPathNameA
test eax, eax
jz short loc_4019EC
mov eax, [ebp+FilePart]
cmp eax, esi
jbe short loc_4019F6
cmp byte ptr [eax], 0
jz short loc_4019F6
push esi ; lpFileName
call sub_40618D
test eax, eax
jz short loc_4019EC
add eax, 2Ch
push eax ; lpString2
push [ebp+FilePart] ; lpString1
call lstrcpyA ; lstrcpyA
jmp short loc_4019F6
; ---------------------------------------------------------------------------
loc_4019EC: ; CODE XREF: sub_40161F+3A7�j
; sub_40161F+3BD�j
mov [ebp+var_4], 1
mov byte ptr [ebx], 0
loc_4019F6: ; CODE XREF: sub_40161F+3AE�j
; sub_40161F+3B3�j ...
cmp [ebp+nDenominator], 0
jnz loc_4031EB ; default
; jumptable 0040167A cases 64,65
push edi ; cchBuffer
push ebx ; lpszShortPath
push ebx ; lpszLongPath
call ds:GetShortPathNameA ; GetShortPathNameA
jmp loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_401A0E: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
or esi, 0FFFFFFFFh ; jumptable 0040167A case 16
call sub_401508
lea ecx, [ebp+FilePart]
push ecx ; lpFilePart
push edi ; lpBuffer
push 400h ; nBufferLength
push 0 ; lpExtension
push eax ; lpFileName
push 0 ; lpPath
call ds:SearchPathA ; SearchPathA
test eax, eax
loc_401A2D: ; CODE XREF: sub_40161F+1302�j
jnz loc_4031EB ; default
; jumptable 0040167A cases 64,65
loc_401A33: ; CODE XREF: sub_40161F+1734�j
; sub_40161F+1750�j
mov [ebp+var_4], 1
mov byte ptr [edi], 0
jmp loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_401A42: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
push 0FFFFFFEFh ; jumptable 0040167A case 17
pop esi
call sub_401508
push eax ; lpPathName
push edi ; lpTempFileName
call sub_405E73
loc_401A51: ; CODE XREF: sub_40161F+12BF�j
; sub_40161F+161F�j
test eax, eax
loc_401A53: ; CODE XREF: sub_40161F+16DE�j
jnz loc_4031EB ; default
; jumptable 0040167A cases 64,65
loc_401A59: ; CODE XREF: sub_40161F+764�j
; sub_40161F+9F7�j ...
mov [ebp+var_4], 1
jmp loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_401A65: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
and esi, 7 ; jumptable 0040167A case 18
test byte ptr dword_4341E4+1, 4
mov [ebp+FilePart], esi
jnz short loc_401A8C
push 31h
pop esi
call sub_401508
mov ebx, eax
push ebx ; lpString
mov [ebp+lpString2], ebx
call lstrlenA ; lstrlenA
jmp loc_401B29
; ---------------------------------------------------------------------------
loc_401A8C: ; CODE XREF: sub_40161F+453�j
push 36h
pop esi
call sub_401508
mov ebx, eax
push ebx ; lpString
mov [ebp+lpString2], ebx
call lstrlenA ; lstrlenA
push lpString ; lpString
mov esi, eax
call lstrlenA ; lstrlenA
lea ecx, [eax+esi+1]
mov eax, 105h
cmp ecx, eax
jb short loc_401AC8
push lpString ; lpString
call lstrlenA ; lstrlenA
lea eax, [eax+esi+1]
loc_401AC8: ; CODE XREF: sub_40161F+498�j
push eax ; dwBytes
call sub_405D2F
mov edi, eax
test edi, edi
mov [ebp+hModule], edi
jz loc_402E66
push lpString ; lpString2
push edi ; lpString1
call lstrcpyA ; lstrcpyA
push ebx ; lpString2
push edi ; lpString1
call ds:lstrcatA ; lstrcatA
push edi ; lpString
call lstrlenA ; lstrlenA
lea esi, [eax+edi-1]
jmp short loc_401B0A
; ---------------------------------------------------------------------------
loc_401AFB: ; CODE XREF: sub_40161F+4ED�j
cmp byte ptr [esi], 5Ch
jz short loc_401B0E
push esi ; lpszCurrent
push edi ; lpszStart
call ds:CharPrevA ; CharPrevA
mov esi, eax
loc_401B0A: ; CODE XREF: sub_40161F+4DA�j
cmp esi, edi
ja short loc_401AFB
loc_401B0E: ; CODE XREF: sub_40161F+4DF�j
push edi ; lpFileName
mov byte ptr [esi], 0
call sub_4062D0
test eax, eax
jz loc_402E66
push edi ; lpString2
push ebx ; lpString1
mov byte ptr [esi], 5Ch
call lstrcpyA ; lstrcpyA
loc_401B29: ; CODE XREF: sub_40161F+468�j
mov eax, [ebp+arglist]
sar eax, 3
push ebx
and eax, 2
push eax
push [ebp+FilePart] ; arglist
push offset aFileOverwritef ; "File: overwriteflag=%d, allowskipfilesf"...
call sub_406171
add esp, 10h
push ebx
call sub_405D5A
test eax, eax
mov esi, offset Text
push ebx ; lpString2
jz short loc_401B5C
push esi ; lpString1
call lstrcpyA ; lstrcpyA
jmp short loc_401B74
; ---------------------------------------------------------------------------
loc_401B5C: ; CODE XREF: sub_40161F+533�j
push offset CurrentDirectory ; lpString2
push esi ; lpString1
call lstrcpyA ; lstrcpyA
push eax ; lpString1
call sub_4061CB
push eax ; lpString1
call ds:lstrcatA ; lstrcatA
loc_401B74: ; CODE XREF: sub_40161F+53B�j
push esi ; lpszCurrent
call sub_40602E
mov ebx, offset byte_40D8A8
mov edi, offset Data
loc_401B84: ; CODE XREF: sub_40161F+630�j
cmp [ebp+FilePart], 3
jl short loc_401BBB
push esi ; lpFileName
call sub_40618D
xor ecx, ecx
test eax, eax
jz short loc_401BA6
lea ecx, [ebp+FileTime2]
push ecx ; lpFileTime2
add eax, 14h
push eax ; lpFileTime1
call ds:CompareFileTime ; CompareFileTime
mov ecx, eax
loc_401BA6: ; CODE XREF: sub_40161F+575�j
mov eax, [ebp+FilePart]
add eax, 0FFFFFFFDh
or eax, 80000000h
and eax, ecx
neg eax
sbb eax, eax
inc eax
mov [ebp+FilePart], eax
loc_401BBB: ; CODE XREF: sub_40161F+569�j
cmp [ebp+FilePart], 0
jnz short loc_401BD3
push esi ; lpFileName
call ds:GetFileAttributesA ; GetFileAttributesA
and eax, 0FFFFFFFEh
push eax ; dwFileAttributes
push esi ; lpFileName
call ds:SetFileAttributesA ; SetFileAttributesA
loc_401BD3: ; CODE XREF: sub_40161F+5A0�j
xor eax, eax
cmp [ebp+FilePart], 1
setnz al
inc eax
push eax ; dwCreationDisposition
push 40000000h ; dwDesiredAccess
push esi ; lpFileName
call sub_405E44
cmp eax, 0FFFFFFFFh
mov [ebp+dwResult], eax
jnz loc_401CAC
cmp [ebp+FilePart], 0
jnz short loc_401C6A
push esi ; arglist
push offset aFileErrorCreat ; "File: error creating \"%s\""
call sub_406171
pop ecx
pop ecx
push offset dword_435000 ; lpString2
push edi ; lpString1
call lstrcpyA ; lstrcpyA
push esi ; lpString2
push offset dword_435000 ; lpString1
call lstrcpyA ; lstrcpyA
push [ebp+var_24] ; lpString2
push ebx ; lpString1
call sub_4066B7
push edi ; lpString2
push offset dword_435000 ; lpString1
call lstrcpyA ; lstrcpyA
mov eax, [ebp+arglist]
sar eax, 3
push eax ; int
push ebx ; lpText
call sub_405CED
sub eax, 4
jnz short loc_401C54
push offset aFileErrorUserR ; "File: error, user retry"
call sub_406171
pop ecx
jmp loc_401B84
; ---------------------------------------------------------------------------
loc_401C54: ; CODE XREF: sub_40161F+623�j
dec eax
jz short loc_401C96
push offset aFileErrorUserA ; "File: error, user abort"
call sub_406171
pop ecx
push esi
push 0FFFFFFFAh
jmp loc_4016AE
; ---------------------------------------------------------------------------
loc_401C6A: ; CODE XREF: sub_40161F+5DA�j
push [ebp+lpString2] ; lpString2
push 0FFFFFFE2h ; int
call sub_405013
cmp [ebp+FilePart], 2
jnz short loc_401C80
inc dword_434208
loc_401C80: ; CODE XREF: sub_40161F+659�j
push [ebp+FilePart]
push esi ; arglist
push offset aFileSkippedSOv ; "File: skipped: \"%s\" (overwriteflag=%d)"
call sub_406171
add esp, 0Ch
jmp loc_4031DC
; ---------------------------------------------------------------------------
loc_401C96: ; CODE XREF: sub_40161F+636�j
push offset aFileErrorUserC ; "File: error, user cancel"
call sub_406171
inc dword_434208
pop ecx
jmp loc_4031F4
; ---------------------------------------------------------------------------
loc_401CAC: ; CODE XREF: sub_40161F+5D0�j
push [ebp+lpString2] ; lpString2
push 0FFFFFFEAh ; int
call sub_405013
inc dword_40D03C
xor ebx, ebx
push ebx ; Buffer
push ebx ; int
push [ebp+dwResult] ; hFile
push [ebp+nDenominator] ; nDenominator
call sub_403412
dec dword_40D03C
mov edi, eax
push esi
push edi ; arglist
push offset aFileWroteDToS ; "File: wrote %d to \"%s\""
call sub_406171
add esp, 0Ch
cmp [ebp+FileTime2.dwLowDateTime], 0FFFFFFFFh
jnz short loc_401CEE
cmp [ebp+FileTime2.dwHighDateTime], 0FFFFFFFFh
jz short loc_401CFD
loc_401CEE: ; CODE XREF: sub_40161F+6C7�j
lea eax, [ebp+FileTime2]
push eax ; lpLastWriteTime
push ebx ; lpLastAccessTime
push eax ; lpCreationTime
push [ebp+dwResult] ; hFile
call ds:SetFileTime ; SetFileTime
loc_401CFD: ; CODE XREF: sub_40161F+6CD�j
push [ebp+dwResult] ; hObject
call ds:CloseHandle ; CloseHandle
cmp edi, ebx
jge loc_4031DC
cmp edi, 0FFFFFFFEh
jnz short loc_401D27
push 0FFFFFFE9h ; lpString2
push esi ; lpString1
call sub_4066B7
push [ebp+lpString2] ; lpString2
push esi ; lpString1
call ds:lstrcatA ; lstrcatA
jmp short loc_401D2F
; ---------------------------------------------------------------------------
loc_401D27: ; CODE XREF: sub_40161F+6F2�j
push 0FFFFFFEEh ; lpString2
push esi ; lpString1
call sub_4066B7
loc_401D2F: ; CODE XREF: sub_40161F+706�j
push esi ; arglist
push offset aS ; "%s"
call sub_406171
pop ecx
pop ecx
push 200010h ; int
push esi ; lpText
loc_401D42: ; CODE XREF: sub_40161F+122A�j
call sub_405CED
jmp loc_402E66
; ---------------------------------------------------------------------------
loc_401D4C: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
xor esi, esi ; jumptable 0040167A case 19
call sub_401508
mov esi, eax
push esi
push offset aDeleteS ; "Delete: \"%s\""
jmp short loc_401DB3
; ---------------------------------------------------------------------------
loc_401D5D: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
push 31h ; jumptable 0040167A case 20
pop esi
call sub_401508
mov esi, eax
push esi
push [ebp+arglist] ; arglist
push offset aMessageboxDS ; "MessageBox: %d,\"%s\""
call sub_406171
add esp, 0Ch
push [ebp+arglist] ; int
push esi ; lpText
call sub_405CED
test eax, eax
jz loc_401A59
cmp eax, [ebp+nDenominator]
jz loc_401EE4
cmp eax, [ebp+FileTime2.dwHighDateTime]
jnz loc_4031EB ; default
; jumptable 0040167A cases 64,65
mov eax, [ebp+var_24]
jmp loc_4031F6
; ---------------------------------------------------------------------------
loc_401DA3: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
push 0FFFFFFF0h ; jumptable 0040167A case 21
pop esi
call sub_401508
mov esi, eax
push esi ; arglist
push offset aRmdirS ; "RMDir: \"%s\""
loc_401DB3: ; CODE XREF: sub_40161F+73C�j
call sub_406171
pop ecx
pop ecx
push [ebp+dwFileAttributes] ; int
push esi ; lpString1
call sub_4068E6
jmp loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_401DC8: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
xor esi, esi ; jumptable 0040167A case 22
inc esi
call sub_401508
push eax ; lpString
call lstrlenA ; lstrlenA
loc_401DD6: ; CODE XREF: sub_40161F+B3E�j
; sub_40161F+C34�j ...
push eax
jmp loc_4017DC
; ---------------------------------------------------------------------------
loc_401DDC: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
push 2 ; jumptable 0040167A case 23
pop ecx
call sub_4014F2
push 3
pop ecx
mov [ebp+FilePart], eax
call sub_4014F2
xor esi, esi
inc esi
mov ebx, eax
call sub_401508
cmp [ebp+nDenominator], 0
mov esi, eax
mov byte ptr [edi], 0
jz short loc_401E0E
cmp [ebp+FilePart], 0
jz loc_4031EB ; default
; jumptable 0040167A cases 64,65
loc_401E0E: ; CODE XREF: sub_40161F+7E3�j
push esi ; lpString
call lstrlenA ; lstrlenA
test ebx, ebx
jge short loc_401E20
add ebx, eax
js loc_4031EB ; default
; jumptable 0040167A cases 64,65
loc_401E20: ; CODE XREF: sub_40161F+7F7�j
cmp ebx, eax
jle short loc_401E26
mov ebx, eax
loc_401E26: ; CODE XREF: sub_40161F+803�j
add esi, ebx
push esi ; lpString2
push edi ; lpString1
call lstrcpyA ; lstrcpyA
mov esi, [ebp+FilePart]
test esi, esi
jz loc_4031EB ; default
; jumptable 0040167A cases 64,65
jge short loc_401E4D
push edi ; lpString
call lstrlenA ; lstrlenA
add esi, eax
jns short loc_401E4D
and [ebp+FilePart], 0
mov esi, [ebp+FilePart]
loc_401E4D: ; CODE XREF: sub_40161F+81B�j
; sub_40161F+825�j
cmp esi, 400h
jge loc_4031EB ; default
; jumptable 0040167A cases 64,65
mov byte ptr [esi+edi], 0
jmp loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_401E62: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
push 20h ; jumptable 0040167A case 24
pop esi
call sub_401508
push 31h
pop esi
mov edi, eax
call sub_401508
push eax ; lpString2
push edi ; lpString1
call ds:lstrcmpiA ; lstrcmpiA
test eax, eax
jnz short loc_401EE4
jmp loc_4018F1
; ---------------------------------------------------------------------------
loc_401E85: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
xor esi, esi ; jumptable 0040167A case 25
inc esi
call sub_401508
cmp [ebp+nDenominator], 0
push 400h ; nSize
push edi ; lpBuffer
push eax ; lpName
jz short loc_401EAB
call ds:GetEnvironmentVariableA ; GetEnvironmentVariableA
test eax, eax
jnz short loc_401EB1
mov [ebp+var_4], esi
mov [edi], al
jmp short loc_401EB1
; ---------------------------------------------------------------------------
loc_401EAB: ; CODE XREF: sub_40161F+879�j
call ds:ExpandEnvironmentStringsA ; ExpandEnvironmentStringsA
loc_401EB1: ; CODE XREF: sub_40161F+883�j
; sub_40161F+88A�j
mov byte ptr [edi+3FFh], 0
jmp loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_401EBD: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
xor ecx, ecx ; jumptable 0040167A case 26
call sub_4014F2
xor ecx, ecx
inc ecx
mov esi, eax
call sub_4014F2
cmp [ebp+var_24], 0
jnz short loc_401EE0
cmp esi, eax
jl short loc_401EE4
jle loc_4018F1
jmp short loc_401EF2
; ---------------------------------------------------------------------------
loc_401EE0: ; CODE XREF: sub_40161F+8B3�j
cmp esi, eax
jnb short loc_401EEC
loc_401EE4: ; CODE XREF: sub_40161F+76D�j
; sub_40161F+85F�j ...
mov eax, [ebp+FileTime2.dwLowDateTime]
jmp loc_4031F6
; ---------------------------------------------------------------------------
loc_401EEC: ; CODE XREF: sub_40161F+8C3�j
jbe loc_4018F1
loc_401EF2: ; CODE XREF: sub_40161F+8BF�j
mov eax, [ebp+FileTime2.dwHighDateTime]
jmp loc_4031F6
; ---------------------------------------------------------------------------
loc_401EFA: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
xor ebx, ebx ; jumptable 0040167A case 27
inc ebx
mov ecx, ebx
call sub_4014F2
push 2
pop ecx
mov esi, eax
call sub_4014F2
mov ecx, eax
mov eax, [ebp+FileTime2.dwLowDateTime]
cmp eax, 0Ch ; switch 13 cases
ja short loc_401F80 ; default
jmp ds:off_403309[eax*4] ; switch jump
loc_401F1F: ; DATA XREF: .text:off_403309�o
add esi, ecx ; jumptable 00401F18 case 0
jmp short loc_401F80 ; default
; ---------------------------------------------------------------------------
loc_401F23: ; CODE XREF: sub_40161F+8F9�j
; DATA XREF: .text:off_403309�o
sub esi, ecx ; jumptable 00401F18 case 1
jmp short loc_401F80 ; default
; ---------------------------------------------------------------------------
loc_401F27: ; CODE XREF: sub_40161F+8F9�j
; DATA XREF: .text:off_403309�o
imul ecx, esi ; jumptable 00401F18 case 2
mov esi, ecx
jmp short loc_401F80 ; default
; ---------------------------------------------------------------------------
loc_401F2E: ; CODE XREF: sub_40161F+8F9�j
; DATA XREF: .text:off_403309�o
test ecx, ecx ; jumptable 00401F18 case 3
jz short loc_401F73
mov eax, esi
cdq
idiv ecx
loc_401F37: ; CODE XREF: sub_40161F+92F�j
mov esi, eax
jmp short loc_401F80 ; default
; ---------------------------------------------------------------------------
loc_401F3B: ; CODE XREF: sub_40161F+8F9�j
; DATA XREF: .text:off_403309�o
or esi, ecx ; jumptable 00401F18 case 4
jmp short loc_401F80 ; default
; ---------------------------------------------------------------------------
loc_401F3F: ; CODE XREF: sub_40161F+8F9�j
; DATA XREF: .text:off_403309�o
and esi, ecx ; jumptable 00401F18 case 5
jmp short loc_401F80 ; default
; ---------------------------------------------------------------------------
loc_401F43: ; CODE XREF: sub_40161F+8F9�j
; DATA XREF: .text:off_403309�o
xor esi, ecx ; jumptable 00401F18 case 6
jmp short loc_401F80 ; default
; ---------------------------------------------------------------------------
loc_401F47: ; CODE XREF: sub_40161F+8F9�j
; DATA XREF: .text:off_403309�o
xor eax, eax ; jumptable 00401F18 case 7
test esi, esi
setz al
jmp short loc_401F37
; ---------------------------------------------------------------------------
loc_401F50: ; CODE XREF: sub_40161F+8F9�j
; DATA XREF: .text:off_403309�o
test esi, esi ; jumptable 00401F18 case 8
jnz short loc_401F62
jmp short loc_401F5E
; ---------------------------------------------------------------------------
loc_401F56: ; CODE XREF: sub_40161F+93D�j
; sub_40161F+941�j
xor esi, esi
jmp short loc_401F80 ; default
; ---------------------------------------------------------------------------
loc_401F5A: ; CODE XREF: sub_40161F+8F9�j
; DATA XREF: .text:off_403309�o
test esi, esi ; jumptable 00401F18 case 9
jz short loc_401F56
loc_401F5E: ; CODE XREF: sub_40161F+935�j
test ecx, ecx
jz short loc_401F56
loc_401F62: ; CODE XREF: sub_40161F+933�j
mov esi, ebx
jmp short loc_401F80 ; default
; ---------------------------------------------------------------------------
loc_401F66: ; CODE XREF: sub_40161F+8F9�j
; DATA XREF: .text:off_403309�o
test ecx, ecx ; jumptable 00401F18 case 10
jz short loc_401F73
mov eax, esi
cdq
idiv ecx
mov esi, edx
jmp short loc_401F80 ; default
; ---------------------------------------------------------------------------
loc_401F73: ; CODE XREF: sub_40161F+911�j
; sub_40161F+949�j
xor esi, esi
mov [ebp+var_4], ebx
jmp short loc_401F80 ; default
; ---------------------------------------------------------------------------
loc_401F7A: ; CODE XREF: sub_40161F+8F9�j
; DATA XREF: .text:off_403309�o
shl esi, cl ; jumptable 00401F18 case 11
jmp short loc_401F80 ; default
; ---------------------------------------------------------------------------
loc_401F7E: ; CODE XREF: sub_40161F+8F9�j
; DATA XREF: .text:off_403309�o
sar esi, cl ; jumptable 00401F18 case 12
loc_401F80: ; CODE XREF: sub_40161F+8F7�j
; sub_40161F+902�j ...
push esi ; default
jmp loc_4017DC
; ---------------------------------------------------------------------------
loc_401F86: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
xor esi, esi ; jumptable 0040167A case 28
inc esi
call sub_401508
push 2
pop ecx
mov esi, eax
call sub_4014F2
push eax
push esi ; LPCSTR
push edi ; LPSTR
call ds:wsprintfA ; wsprintfA
jmp loc_402AD8
; ---------------------------------------------------------------------------
loc_401FA6: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
mov eax, [ebp+nDenominator] ; jumptable 0040167A case 29
test eax, eax
mov esi, dword_40D4A0
jz short loc_402003
loc_401FB3: ; CODE XREF: sub_40161F+99D�j
dec eax
test esi, esi
jz short loc_401FC2
test eax, eax
mov esi, [esi]
jnz short loc_401FB3
test esi, esi
jnz short loc_401FD6
loc_401FC2: ; CODE XREF: sub_40161F+997�j
push [ebp+nDenominator] ; arglist
push offset aExchStackDElem ; "Exch: stack < %d elements"
call sub_406171
pop ecx
pop ecx
jmp loc_40283A
; ---------------------------------------------------------------------------
loc_401FD6: ; CODE XREF: sub_40161F+9A1�j
lea edi, [esi+4]
push edi ; lpString2
mov esi, offset Text
push esi ; lpString1
call lstrcpyA ; lstrcpyA
mov eax, dword_40D4A0
add eax, 4
push eax ; lpString2
push edi ; lpString1
call lstrcpyA ; lstrcpyA
mov eax, dword_40D4A0
push esi
add eax, 4
push eax
jmp loc_4030FE
; ---------------------------------------------------------------------------
loc_402003: ; CODE XREF: sub_40161F+992�j
test edx, edx
jz short loc_402032
test esi, esi
jnz short loc_40201B
push offset aPopStackEmpty ; "Pop: stack empty"
call sub_406171
pop ecx
jmp loc_401A59
; ---------------------------------------------------------------------------
loc_40201B: ; CODE XREF: sub_40161F+9EA�j
lea eax, [esi+4]
push eax ; lpString2
push edi ; lpString1
call lstrcpyA ; lstrcpyA
mov eax, [esi]
mov dword_40D4A0, eax
push esi
jmp loc_4031E5
; ---------------------------------------------------------------------------
loc_402032: ; CODE XREF: sub_40161F+9E6�j
push 404h ; dwBytes
call sub_405D2F
push [ebp+arglist] ; lpString2
mov esi, eax
lea eax, [esi+4]
push eax ; lpString1
call sub_4066B7
mov eax, dword_40D4A0
mov [esi], eax
mov dword_40D4A0, esi
jmp loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_40205C: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
push 33h ; jumptable 0040167A cases 30,31
pop esi
call sub_401508
push 44h
pop esi
mov [ebp+hModule], eax
call sub_401508
xor esi, esi
inc esi
test byte ptr [ebp+var_24], 1
mov [ebp+FilePart], eax
jnz short loc_402086
push [ebp+hModule]
call sub_405F99
mov [ebp+hModule], eax
loc_402086: ; CODE XREF: sub_40161F+A5A�j
test byte ptr [ebp+var_24], 2
jnz short loc_402097
push [ebp+FilePart]
call sub_405F99
mov [ebp+FilePart], eax
loc_402097: ; CODE XREF: sub_40161F+A6B�j
cmp [ebp+var_3C], 21h
jnz short loc_4020E5
mov ecx, esi
call sub_4014F2
push 2
pop ecx
mov esi, eax
call sub_4014F2
mov ecx, [ebp+var_24]
sar ecx, 2
jz short loc_4020D5
lea edx, [ebp+dwResult]
push edx ; lpdwResult
push ecx ; uTimeout
push 0 ; fuFlags
push [ebp+FilePart] ; lParam
push [ebp+hModule] ; wParam
push eax ; Msg
push esi ; hWnd
call ds:SendMessageTimeoutA ; SendMessageTimeoutA
neg eax
sbb eax, eax
inc eax
mov [ebp+var_4], eax
jmp short loc_402115
; ---------------------------------------------------------------------------
loc_4020D5: ; CODE XREF: sub_40161F+A95�j
push [ebp+FilePart] ; lParam
push [ebp+hModule] ; wParam
push eax ; Msg
push esi ; hWnd
call ds:SendMessageA ; SendMessageA
jmp short loc_402112
; ---------------------------------------------------------------------------
loc_4020E5: ; CODE XREF: sub_40161F+A7C�j
call sub_401508
push 12h
pop esi
mov ebx, eax
call sub_401508
mov cl, [eax]
neg cl
sbb ecx, ecx
and ecx, eax
mov al, [ebx]
neg al
push ecx ; LPCSTR
sbb eax, eax
and eax, ebx
push eax ; LPCSTR
push [ebp+FilePart] ; HWND
push [ebp+hModule] ; HWND
call ds:FindWindowExA ; FindWindowExA
loc_402112: ; CODE XREF: sub_40161F+AC4�j
mov [ebp+dwResult], eax
loc_402115: ; CODE XREF: sub_40161F+AB4�j
cmp [ebp+arglist], 0
jl loc_4031EB ; default
; jumptable 0040167A cases 64,65
push [ebp+dwResult]
jmp loc_4017DC
; ---------------------------------------------------------------------------
loc_402127: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
xor ecx, ecx ; jumptable 0040167A case 32
call sub_4014F2
push eax ; hWnd
call ds:IsWindow ; IsWindow
test eax, eax
jz loc_4018F1
loc_40213D: ; CODE XREF: sub_40161F+2BC�j
mov eax, [ebp+dwFileAttributes]
jmp loc_4031F6
; ---------------------------------------------------------------------------
loc_402145: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
push 2 ; jumptable 0040167A case 33
pop ecx
call sub_4014F2
xor ecx, ecx
push eax ; nIDDlgItem
inc ecx
call sub_4014F2
push eax ; hDlg
call ds:GetDlgItem ; GetDlgItem
jmp loc_401DD6
; ---------------------------------------------------------------------------
loc_402162: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
mov eax, dword_4341C8 ; jumptable 0040167A case 34
add eax, edx
push eax ; dwNewLong
push 0FFFFFFEBh ; nIndex
xor ecx, ecx
call sub_4014F2
push eax ; hWnd
call ds:SetWindowLongA ; SetWindowLongA
jmp loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_40217F: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
push edx ; jumptable 0040167A case 35
push [ebp+lpString2] ; hDlg
call ds:GetDlgItem ; GetDlgItem
mov edi, eax
lea eax, [ebp+Msg.lParam]
push eax ; lpRect
push edi ; hWnd
call ds:GetClientRect ; GetClientRect
mov eax, [ebp+Msg.pt.y]
imul eax, [ebp+nDenominator]
push 10h ; UINT
push eax ; int
mov eax, [ebp+Msg.pt.x]
imul eax, [ebp+nDenominator]
push eax ; int
xor ebx, ebx
push ebx ; UINT
xor esi, esi
call sub_401508
push eax ; LPCSTR
push ebx ; HINSTANCE
call ds:LoadImageA ; LoadImageA
push eax ; lParam
push ebx ; wParam
push 172h ; Msg
push edi ; hWnd
call ds:SendMessageA ; SendMessageA
cmp eax, ebx
jz loc_4031EB ; default
; jumptable 0040167A cases 64,65
push eax ; HGDIOBJ
call ds:DeleteObject ; DeleteObject
jmp loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_4021DC: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
push 48h ; jumptable 0040167A case 36
push 5Ah ; int
push [ebp+lpString2] ; hWnd
call ds:GetDC ; GetDC
push eax ; HDC
call ds:GetDeviceCaps ; GetDeviceCaps
push eax ; nNumerator
push 2
pop ecx
call sub_4014F2
push eax ; nNumber
call ds:MulDiv ; MulDiv
push 3
neg eax
pop ecx
mov stru_40F0A8.lfHeight, eax
call sub_4014F2
push [ebp+dwFileAttributes] ; lpString2
mov stru_40F0A8.lfWeight, eax
mov al, byte ptr [ebp+FileTime2.dwHighDateTime]
mov cl, al
and cl, 1
mov stru_40F0A8.lfItalic, cl
mov cl, al
and cl, 2
and al, 4
push offset stru_40F0A8.lfFaceName ; lpString1
mov stru_40F0A8.lfUnderline, cl
mov stru_40F0A8.lfStrikeOut, al
mov stru_40F0A8.lfCharSet, 1
call sub_4066B7
push offset stru_40F0A8 ; LOGFONTA *
call ds:CreateFontIndirectA ; CreateFontIndirectA
jmp loc_401DD6
; ---------------------------------------------------------------------------
loc_402258: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
xor ecx, ecx ; jumptable 0040167A case 37
call sub_4014F2
xor ecx, ecx
inc ecx
mov esi, eax
call sub_4014F2
cmp [ebp+nDenominator], 0
mov edi, eax
jz short loc_40227C
push offset aHidewindow ; "HideWindow"
call sub_406171
pop ecx
loc_40227C: ; CODE XREF: sub_40161F+C50�j
cmp [ebp+FileTime2.dwLowDateTime], 0
push edi ; nCmdShow
push esi ; hWnd
jnz short loc_40228F
call ds:ShowWindow ; ShowWindow
jmp loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_40228F: ; CODE XREF: sub_40161F+C63�j
call ds:EnableWindow ; EnableWindow
jmp loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_40229A: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
xor esi, esi ; jumptable 0040167A case 38
call sub_401508
push 31h
pop esi
mov edi, eax
call sub_401508
push 22h
pop esi
mov ebx, eax
call sub_401508
push ebx
push edi
push offset aSS ; "%s %s"
push offset byte_40D8A8 ; LPSTR
mov esi, eax
call ds:wsprintfA ; wsprintfA
add esp, 10h
push 0FFFFFFECh
call sub_4014E1
mov al, [esi]
push [ebp+FileTime2.dwLowDateTime] ; nShowCmd
neg al
push offset CurrentDirectory ; lpDirectory
sbb eax, eax
and eax, esi
push eax ; lpParameters
mov al, [edi]
neg al
push ebx ; lpFile
sbb eax, eax
and eax, edi
push eax ; lpOperation
push [ebp+lpString2] ; hwnd
call ds:ShellExecuteA ; ShellExecuteA
cmp eax, 21h
jge short loc_402312
push eax
push esi
push ebx
push edi ; arglist
push offset aExecshellWarni ; "ExecShell: warning: error (\"%s\": file:\""...
call sub_406171
add esp, 14h
jmp loc_401A59
; ---------------------------------------------------------------------------
loc_402312: ; CODE XREF: sub_40161F+CDB�j
push esi
push ebx
push edi ; arglist
push offset aExecshellSucce ; "ExecShell: success (\"%s\": file:\"%s\" par"...
call sub_406171
add esp, 10h
jmp loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_402327: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
xor esi, esi ; jumptable 0040167A case 39
call sub_401508
mov esi, eax
push esi ; arglist
push offset aExecCommandS ; "Exec: command=\"%s\""
call sub_406171
pop ecx
pop ecx
push esi ; lpString2
push 0FFFFFFEBh ; int
call sub_405013
push offset CurrentDirectory ; lpCurrentDirectory
push esi ; lpCommandLine
call sub_405C75
test eax, eax
mov [ebp+FilePart], eax
push esi ; arglist
jz loc_4023E8
push offset aExecSuccessS ; "Exec: success (\"%s\")"
call sub_406171
cmp [ebp+nDenominator], 0
pop ecx
pop ecx
jz short loc_4023E0
push 64h ; dwMilliseconds
push [ebp+FilePart] ; hHandle
call ds:WaitForSingleObject ; WaitForSingleObject
mov esi, 102h
cmp eax, esi
jnz short loc_4023B5
mov edi, ds:PeekMessageA
jmp short loc_402394
; ---------------------------------------------------------------------------
loc_40238A: ; CODE XREF: sub_40161F+D85�j
lea eax, [ebp+Msg]
push eax ; lpMsg
call ds:DispatchMessageA ; DispatchMessageA
loc_402394: ; CODE XREF: sub_40161F+D69�j
; sub_40161F+D94�j
push 1 ; wRemoveMsg
push 0Fh ; wMsgFilterMax
push 0Fh ; wMsgFilterMin
lea eax, [ebp+Msg]
push 0 ; hWnd
push eax ; lpMsg
call edi ; PeekMessageA
test eax, eax
jnz short loc_40238A
push 64h ; dwMilliseconds
push [ebp+FilePart] ; hHandle
call ds:WaitForSingleObject ; WaitForSingleObject
cmp eax, esi
jz short loc_402394
loc_4023B5: ; CODE XREF: sub_40161F+D61�j
lea eax, [ebp+pBlock]
push eax ; lpExitCode
push [ebp+FilePart] ; hProcess
call ds:GetExitCodeProcess ; GetExitCodeProcess
cmp [ebp+dwFileAttributes], 0
jl short loc_4023D3
push [ebp+pBlock] ; int
push ebx ; LPSTR
call sub_405F80
jmp short loc_4023E0
; ---------------------------------------------------------------------------
loc_4023D3: ; CODE XREF: sub_40161F+DA7�j
cmp [ebp+pBlock], 0
jz short loc_4023E0
mov [ebp+var_4], 1
loc_4023E0: ; CODE XREF: sub_40161F+D4D�j
; sub_40161F+DB2�j ...
push [ebp+FilePart]
jmp loc_402BC6
; ---------------------------------------------------------------------------
loc_4023E8: ; CODE XREF: sub_40161F+D37�j
mov [ebp+var_4], 1
push offset aExecFailedCrea ; "Exec: failed createprocess (\"%s\")"
jmp loc_4030BE
; ---------------------------------------------------------------------------
loc_4023F9: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
push 2 ; jumptable 0040167A case 40
pop esi
call sub_401508
push eax ; lpFileName
call sub_40618D
mov esi, eax
test esi, esi
jz short loc_40241E
push dword ptr [esi+14h] ; int
push ebx ; LPSTR
call sub_405F80
push dword ptr [esi+18h]
jmp loc_4017DC
; ---------------------------------------------------------------------------
loc_40241E: ; CODE XREF: sub_40161F+DEC�j
mov byte ptr [edi], 0
mov byte ptr [ebx], 0
jmp loc_401A59
; ---------------------------------------------------------------------------
loc_402429: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
push 0FFFFFFEEh ; jumptable 0040167A case 41
lea eax, [ebp+Msg.lParam]
pop esi
mov [ebp+FilePart], eax
call sub_401508
lea ecx, [ebp+lpAppName]
push ecx ; lpdwHandle
push eax ; lptstrFilename
mov [ebp+puLen], eax
call GetFileVersionInfoSizeA
mov esi, eax
test esi, esi
mov byte ptr [edi], 0
mov byte ptr [ebx], 0
mov [ebp+var_4], 1
jz loc_4031EB ; default
; jumptable 0040167A cases 64,65
push esi ; dwBytes
call sub_405D2F
test eax, eax
mov [ebp+pBlock], eax
jz loc_4031EB ; default
; jumptable 0040167A cases 64,65
push eax ; lpData
push esi ; dwLen
push 0 ; dwHandle
push [ebp+puLen] ; lptstrFilename
call GetFileVersionInfoA
test eax, eax
jz short loc_4024B1
lea eax, [ebp+puLen]
push eax ; puLen
lea eax, [ebp+FilePart]
push eax ; lplpBuffer
push offset SubBlock ; "\\"
push [ebp+pBlock] ; pBlock
call VerQueryValueA
test eax, eax
jz short loc_4024B1
mov eax, [ebp+FilePart]
push dword ptr [eax+8] ; int
push edi ; LPSTR
call sub_405F80
mov eax, [ebp+FilePart]
push dword ptr [eax+0Ch] ; int
push ebx ; LPSTR
call sub_405F80
and [ebp+var_4], 0
loc_4024B1: ; CODE XREF: sub_40161F+E5B�j
; sub_40161F+E74�j
push [ebp+pBlock]
jmp loc_4031E5
; ---------------------------------------------------------------------------
loc_4024B9: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
xor edi, edi ; jumptable 0040167A case 42
inc edi
push 8001h ; uMode
mov [ebp+var_4], edi
call ds:SetErrorMode ; SetErrorMode
cmp dword_434230, 0
jl loc_402602
push 0FFFFFFF0h
pop esi
call sub_401508
mov esi, edi
mov [ebp+FilePart], eax
call sub_401508
cmp [ebp+FileTime2.dwHighDateTime], 0
mov [ebp+dwResult], eax
jz short loc_402502
push [ebp+FilePart] ; lpModuleName
call ds:GetModuleHandleA ; GetModuleHandleA
test eax, eax
mov [ebp+hModule], eax
jnz short loc_402557
loc_402502: ; CODE XREF: sub_40161F+ED1�j
mov esi, ds:GetLastError
xor edi, edi
push edi ; Arguments
push edi ; nSize
lea eax, [ebp+puLen]
push eax ; lpBuffer
push 400h ; dwLanguageId
call esi ; GetLastError
mov ebx, ds:FormatMessageA
push eax ; dwMessageId
push edi ; lpSource
mov edi, 1300h
push edi ; dwFlags
call ebx ; FormatMessageA
push [ebp+FilePart] ; lpString2
push 0FFFFFFF6h ; int
call sub_405013
push [ebp+puLen]
push [ebp+FilePart] ; arglist
push offset aRegdllCouldNot ; "RegDLL: Could not load '%s' -> '%s'"
call sub_406171
add esp, 0Ch
push [ebp+FilePart] ; lpLibFileName
call ds:LoadLibraryA ; LoadLibraryA
test eax, eax
mov [ebp+hModule], eax
jz short loc_4025D1
xor edi, edi
inc edi
loc_402557: ; CODE XREF: sub_40161F+EE1�j
push [ebp+dwResult] ; lpProcName
push [ebp+hModule] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov esi, eax
xor ebx, ebx
cmp esi, ebx
jz short loc_4025A4
cmp [ebp+nDenominator], ebx
mov [ebp+var_4], ebx
jz short loc_402586
push [ebp+nDenominator]
call sub_4014E1
call esi
test eax, eax
jz short loc_4025C1
mov [ebp+var_4], edi
jmp short loc_4025C1
; ---------------------------------------------------------------------------
loc_402586: ; CODE XREF: sub_40161F+F52�j
push offset off_40D000
push offset dword_40D4A0
push offset dword_435000
push 400h
push [ebp+lpString2]
call esi
add esp, 14h
jmp short loc_4025C1
; ---------------------------------------------------------------------------
loc_4025A4: ; CODE XREF: sub_40161F+F4A�j
push [ebp+dwResult] ; lpString2
push 0FFFFFFF7h ; int
call sub_405013
push [ebp+FilePart]
push [ebp+dwResult] ; arglist
push offset aErrorRegisteri ; "Error registering DLL: %s not found in "...
call sub_406171
add esp, 0Ch
loc_4025C1: ; CODE XREF: sub_40161F+F60�j
; sub_40161F+F65�j ...
cmp [ebp+FileTime2.dwLowDateTime], ebx
jnz short loc_402614
push [ebp+hModule] ; hLibModule
call ds:FreeLibrary ; FreeLibrary
jmp short loc_402614
; ---------------------------------------------------------------------------
loc_4025D1: ; CODE XREF: sub_40161F+F33�j
push 0 ; Arguments
push 0 ; nSize
lea eax, [ebp+puLen]
push eax ; lpBuffer
push 400h ; dwLanguageId
call esi ; GetLastError
push eax ; dwMessageId
push 0 ; lpSource
push edi ; dwFlags
call ebx ; FormatMessageA
push 0FFFFFFF6h
call sub_4014E1
push [ebp+puLen]
push [ebp+FilePart] ; arglist
push offset aErrorRegiste_0 ; "Error registering DLL: Could not load '"...
call sub_406171
add esp, 0Ch
jmp short loc_402614
; ---------------------------------------------------------------------------
loc_402602: ; CODE XREF: sub_40161F+EB2�j
push 0FFFFFFE7h
call sub_4014E1
push offset aErrorRegiste_1 ; "Error registering DLL: Could not initia"...
call sub_406171
pop ecx
loc_402614: ; CODE XREF: sub_40161F+FA5�j
; sub_40161F+FB0�j ...
push 0 ; uMode
call ds:SetErrorMode ; SetErrorMode
jmp loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_402621: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
push 0FFFFFFF0h ; jumptable 0040167A case 43
pop esi
call sub_401508
push 0FFFFFFDFh
pop esi
mov [ebp+dwResult], eax
call sub_401508
push 2
pop esi
mov edi, eax
call sub_401508
push 0FFFFFFCDh
pop esi
mov [ebp+lpAppName], eax
call sub_401508
push 45h
pop esi
mov [ebp+pBlock], eax
call sub_401508
push edi
mov [ebp+puLen], eax
call sub_405D5A
test eax, eax
jnz short loc_402669
push 21h
pop esi
call sub_401508
loc_402669: ; CODE XREF: sub_40161F+1040�j
mov eax, [ebp+FileTime2.dwHighDateTime]
mov ecx, eax
sar ecx, 10h
push ecx
movzx ecx, ah
push ecx
mov esi, 0FFh
and eax, esi
push eax
push [ebp+pBlock]
push [ebp+lpAppName]
push edi
push [ebp+dwResult] ; arglist
push offset aCreateshortcut ; "CreateShortCut: out: \"%s\", in: \"%s %s\","...
call sub_406171
add esp, 20h
lea eax, [ebp+FilePart]
push eax ; ppv
push offset riid ; riid
push 1 ; dwClsContext
push 0 ; pUnkOuter
push offset rclsid ; rclsid
call ds:CoCreateInstance
test eax, eax
jl loc_402788
mov eax, [ebp+FilePart]
mov ecx, [eax]
lea edx, [ebp+hModule]
push edx
push offset dword_40B3F0
push eax
call dword ptr [ecx]
mov ebx, eax
test ebx, ebx
jl loc_40277B
mov eax, [ebp+FilePart]
mov ecx, [eax]
push edi
push eax
call dword ptr [ecx+50h]
mov ebx, eax
mov eax, [ebp+FilePart]
mov ecx, [eax]
push offset CurrentDirectory
push eax
call dword ptr [ecx+24h]
mov ecx, [ebp+FileTime2.dwHighDateTime]
mov eax, ecx
sar eax, 8
and eax, esi
jz short loc_402703
mov ecx, [ebp+FilePart]
mov edx, [ecx]
push eax
push ecx
call dword ptr [edx+3Ch]
mov ecx, [ebp+FileTime2.dwHighDateTime]
loc_402703: ; CODE XREF: sub_40161F+10D5�j
mov eax, [ebp+FilePart]
mov edx, [eax]
sar ecx, 10h
push ecx
push eax
call dword ptr [edx+34h]
mov ecx, [ebp+pBlock]
cmp byte ptr [ecx], 0
jz short loc_402728
mov edi, [ebp+FileTime2.dwHighDateTime]
mov eax, [ebp+FilePart]
mov edx, [eax]
and edi, esi
push edi
push ecx
push eax
call dword ptr [edx+44h]
loc_402728: ; CODE XREF: sub_40161F+10F7�j
mov eax, [ebp+FilePart]
push [ebp+lpAppName]
mov ecx, [eax]
push eax
call dword ptr [ecx+2Ch]
mov eax, [ebp+FilePart]
push [ebp+puLen]
mov ecx, [eax]
push eax
call dword ptr [ecx+1Ch]
xor eax, eax
cmp ebx, eax
jl short loc_402772
push 400h ; cchWideChar
mov esi, offset WideCharStr
push esi ; lpWideCharStr
push 0FFFFFFFFh ; cchMultiByte
push [ebp+dwResult] ; lpMultiByteStr
mov WideCharStr, ax
push eax ; dwFlags
push eax ; CodePage
call ds:MultiByteToWideChar ; MultiByteToWideChar
mov eax, [ebp+hModule]
mov ecx, [eax]
push 1
push esi
push eax
call dword ptr [ecx+18h]
mov ebx, eax
loc_402772: ; CODE XREF: sub_40161F+1125�j
mov eax, [ebp+hModule]
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_40277B: ; CODE XREF: sub_40161F+10AB�j
mov eax, [ebp+FilePart]
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
test ebx, ebx
jge short loc_402793
loc_402788: ; CODE XREF: sub_40161F+1090�j
mov [ebp+var_4], 1
push 0FFFFFFF0h
jmp short loc_402795
; ---------------------------------------------------------------------------
loc_402793: ; CODE XREF: sub_40161F+1167�j
push 0FFFFFFF4h
loc_402795: ; CODE XREF: sub_40161F+289�j
; sub_40161F+346�j ...
call sub_4014E1
jmp loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_40279F: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
xor esi, esi ; jumptable 0040167A case 44
call sub_401508
push 11h
pop esi
mov ebx, eax
call sub_401508
mov esi, eax
push esi
push ebx ; arglist
push offset aCopyfilesSS ; "CopyFiles \"%s\"->\"%s\""
call sub_406171
mov eax, [ebp+lpString2]
add esp, 0Ch
push ebx ; lpString
mov [ebp+Msg.hwnd], eax
mov [ebp+Msg.message], 2
call lstrlenA ; lstrlenA
push esi ; lpString
mov byte ptr [eax+ebx+1], 0
call lstrlenA ; lstrlenA
push 0FFFFFFF8h ; lpString2
mov edi, offset Data
push edi ; lpString1
mov byte ptr [eax+esi+1], 0
call sub_4066B7
push esi ; lpString2
push edi ; lpString1
call ds:lstrcatA ; lstrcatA
mov ax, word ptr [ebp+nDenominator]
push edi ; lpString2
push 0 ; int
mov [ebp+Msg.wParam], ebx
mov [ebp+Msg.lParam], esi
mov [ebp+Msg.pt.y+2], edi
mov word ptr [ebp+Msg.time], ax
call sub_405013
lea eax, [ebp+Msg]
push eax ; lpFileOp
call ds:SHFileOperationA ; SHFileOperationA
test eax, eax
jz loc_4031EB ; default
; jumptable 0040167A cases 64,65
push 0 ; lpString2
push 0FFFFFFF9h ; int
call sub_405013
jmp loc_401A59
; ---------------------------------------------------------------------------
loc_402832: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
cmp esi, 0BADF00Dh ; jumptable 0040167A case 45
jz short loc_40284E
loc_40283A: ; CODE XREF: sub_40161F+9B2�j
push 200010h
push 0FFFFFFE8h ; lpString2
push 0 ; lpString1
call sub_4066B7
push eax
jmp loc_401D42
; ---------------------------------------------------------------------------
loc_40284E: ; CODE XREF: sub_40161F+1219�j
inc dword_434214
jmp loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_402859: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
xor esi, esi ; jumptable 0040167A case 46
push offset aRm ; "<RM>"
mov ebx, offset byte_40D8A8
push ebx ; lpString1
mov [ebp+lpAppName], esi
mov [ebp+pBlock], esi
mov [ebp+FilePart], esi
call lstrcpyA ; lstrcpyA
push ebx ; lpString2
mov edi, offset Data
push edi ; lpString1
call lstrcpyA ; lstrcpyA
cmp [ebp+arglist], esi
jz short loc_40288D
call sub_401508
mov [ebp+lpAppName], eax
loc_40288D: ; CODE XREF: sub_40161F+1264�j
cmp [ebp+dwFileAttributes], 0
jz short loc_40289E
push 11h
pop esi
call sub_401508
mov [ebp+pBlock], eax
loc_40289E: ; CODE XREF: sub_40161F+1272�j
cmp [ebp+FileTime2.dwHighDateTime], 0
jz short loc_4028AF
push 22h
pop esi
call sub_401508
mov [ebp+FilePart], eax
loc_4028AF: ; CODE XREF: sub_40161F+1283�j
push 0FFFFFFCDh
pop esi
call sub_401508
mov esi, eax
push esi
push edi
push ebx
push offset Text ; arglist
push offset aWriteinistrWro ; "WriteINIStr: wrote [%s] %s=%s in %s"
call sub_406171
add esp, 14h
push esi ; lpFileName
push [ebp+FilePart] ; lpString
push [ebp+pBlock] ; lpKeyName
push [ebp+lpAppName] ; lpAppName
call ds:WritePrivateProfileStringA ; WritePrivateProfileStringA
jmp loc_401A51
; ---------------------------------------------------------------------------
loc_4028E3: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
xor esi, esi ; jumptable 0040167A case 47
inc esi
mov [ebp+FilePart], 7E4E21h
call sub_401508
push 12h
pop esi
mov ebx, eax
call sub_401508
push 0FFFFFFDDh
pop esi
mov [ebp+puLen], eax
call sub_401508
push eax ; lpFileName
push 3FFh ; nSize
push edi ; lpReturnedString
lea eax, [ebp+FilePart]
push eax ; lpDefault
push [ebp+puLen] ; lpKeyName
push ebx ; lpAppName
call ds:GetPrivateProfileStringA ; GetPrivateProfileStringA
mov eax, [edi]
cmp eax, [ebp+FilePart]
jmp loc_401A2D
; ---------------------------------------------------------------------------
loc_402926: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
cmp [ebp+FileTime2.dwHighDateTime], 0 ; jumptable 0040167A case 48
jnz short loc_402970
push 2 ; phkResult
call sub_4015D6
mov edi, eax
test edi, edi
jz loc_401A59
push 33h
pop esi
call sub_401508
mov esi, eax
push esi ; lpValueName
push edi ; hKey
call ds:RegDeleteValueA ; RegDeleteValueA
push esi
push offset Data
push [ebp+dwFileAttributes] ; arglist
mov ebx, eax
push offset aDeleteregvalue ; "DeleteRegValue: %d\\%s\\%s"
call sub_406171
add esp, 10h
push edi ; hKey
call ds:RegCloseKey ; RegCloseKey
jmp short loc_4029AC
; ---------------------------------------------------------------------------
loc_402970: ; CODE XREF: sub_40161F+130B�j
push 22h
pop esi
call sub_401508
mov esi, eax
push esi
push [ebp+dwFileAttributes] ; arglist
push offset aDeleteregkeyDS ; "DeleteRegKey: %d\\%s"
call sub_406171
mov eax, [ebp+dwFileAttributes]
add esp, 0Ch
test eax, eax
jnz short loc_40299C
mov eax, dword_434204
add eax, 80000001h
loc_40299C: ; CODE XREF: sub_40161F+1371�j
mov ecx, [ebp+FileTime2.dwHighDateTime]
and ecx, 2
push ecx ; int
push esi ; lpSubKey
push eax ; hKey
call sub_401540
mov ebx, eax
loc_4029AC: ; CODE XREF: sub_40161F+134F�j
test ebx, ebx
jz loc_4031EB ; default
; jumptable 0040167A cases 64,65
jmp loc_401A59
; ---------------------------------------------------------------------------
loc_4029B9: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
xor ebx, ebx ; jumptable 0040167A case 49
cmp esi, ebx
jz short loc_4029C4
mov [ebp+FilePart], esi
jmp short loc_4029D1
; ---------------------------------------------------------------------------
loc_4029C4: ; CODE XREF: sub_40161F+139E�j
mov eax, dword_434204
add eax, 80000001h
mov [ebp+FilePart], eax
loc_4029D1: ; CODE XREF: sub_40161F+13A3�j
mov eax, [ebp+FileTime2.dwHighDateTime]
mov [ebp+dwResult], eax
mov eax, [ebp+var_24]
push 2
pop esi
mov [ebp+puLen], eax
call sub_401508
push 11h
pop esi
mov [ebp+hModule], eax
call sub_401508
push ebx ; lpdwDisposition
lea ecx, [ebp+pBlock]
push ecx ; phkResult
push ebx ; lpSecurityAttributes
push 2 ; samDesired
push ebx ; dwOptions
push ebx ; lpClass
push ebx ; Reserved
push eax ; lpSubKey
push [ebp+FilePart] ; hKey
mov [ebp+lpString2], eax
mov [ebp+var_4], 1
call ds:RegCreateKeyExA ; RegCreateKeyExA
test eax, eax
jnz loc_402AC8
xor esi, esi
cmp [ebp+dwResult], 1
mov edi, offset Data
jnz short loc_402A4C
push 23h
pop esi
call sub_401508
push edi ; lpString
call lstrlenA ; lstrlenA
push edi
push [ebp+hModule]
mov esi, eax
push [ebp+lpString2]
inc esi
push [ebp+FilePart] ; arglist
push offset aWriteregstrSet ; "WriteRegStr: set %d\\%s\\%s to %s"
call sub_406171
add esp, 14h
loc_402A4C: ; CODE XREF: sub_40161F+1403�j
cmp [ebp+dwResult], 4
jnz short loc_402A79
push 3
pop ecx
call sub_4014F2
push 4
pop esi
push eax
push [ebp+hModule]
mov Data, eax
push [ebp+lpString2]
push [ebp+FilePart] ; arglist
push offset aWriteregdwordS ; "WriteRegDWORD: set %d\\%s\\%s to %d"
call sub_406171
add esp, 14h
loc_402A79: ; CODE XREF: sub_40161F+1431�j
cmp [ebp+dwResult], 3
jnz short loc_402AA7
push 0C00h ; Buffer
push edi ; int
push ebx ; hFile
push [ebp+FileTime2.dwLowDateTime] ; nDenominator
call sub_403412
mov esi, eax
push esi
push [ebp+hModule]
push [ebp+lpString2]
push [ebp+FilePart] ; arglist
push offset aWriteregbinSet ; "WriteRegBin: set %d\\%s\\%s with %d bytes"...
call sub_406171
add esp, 14h
loc_402AA7: ; CODE XREF: sub_40161F+145E�j
push esi ; cbData
push edi ; lpData
push [ebp+puLen] ; dwType
push ebx ; Reserved
push [ebp+hModule] ; lpValueName
push [ebp+pBlock] ; hKey
call ds:RegSetValueExA ; RegSetValueExA
test eax, eax
jnz short loc_402AC0
mov [ebp+var_4], ebx
loc_402AC0: ; CODE XREF: sub_40161F+149C�j
push [ebp+pBlock]
jmp loc_402BAB
; ---------------------------------------------------------------------------
loc_402AC8: ; CODE XREF: sub_40161F+13F2�j
push [ebp+lpString2]
push [ebp+FilePart] ; arglist
push offset aWriteregErrorC ; "WriteReg: error creating key %d\\%s"
call sub_406171
loc_402AD8: ; CODE XREF: sub_40161F+982�j
add esp, 0Ch
jmp loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_402AE0: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
push 20019h ; jumptable 0040167A case 50
call sub_4015D6
push 33h
pop esi
mov ebx, eax
call sub_401508
xor esi, esi
cmp ebx, esi
mov byte ptr [edi], 0
jz loc_401A59
lea ecx, [ebp+puLen]
push ecx ; lpcbData
push edi ; lpData
lea ecx, [ebp+FilePart]
push ecx ; lpType
push esi ; lpReserved
push eax ; lpValueName
push ebx ; hKey
mov [ebp+puLen], 400h
call ds:RegQueryValueExA ; RegQueryValueExA
xor ecx, ecx
inc ecx
test eax, eax
jnz short loc_402B4F
cmp [ebp+FilePart], 4
jz short loc_402B39
cmp [ebp+FilePart], ecx
jz short loc_402B32
cmp [ebp+FilePart], 2
jnz short loc_402B4F
loc_402B32: ; CODE XREF: sub_40161F+150B�j
cmp [ebp+FileTime2.dwHighDateTime], esi
jz short loc_402B55
jmp short loc_402B52
; ---------------------------------------------------------------------------
loc_402B39: ; CODE XREF: sub_40161F+1506�j
cmp [ebp+FileTime2.dwHighDateTime], esi
jnz short loc_402B45
mov [ebp+var_4], 1
loc_402B45: ; CODE XREF: sub_40161F+151D�j
push dword ptr [edi] ; int
push edi ; LPSTR
call sub_405F80
jmp short loc_402B55
; ---------------------------------------------------------------------------
loc_402B4F: ; CODE XREF: sub_40161F+1500�j
; sub_40161F+1511�j
mov byte ptr [edi], 0
loc_402B52: ; CODE XREF: sub_40161F+1518�j
mov [ebp+var_4], ecx
loc_402B55: ; CODE XREF: sub_40161F+1516�j
; sub_40161F+152E�j
push ebx
jmp short loc_402BAB
; ---------------------------------------------------------------------------
loc_402B58: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
push 20019h ; jumptable 0040167A case 51
call sub_4015D6
push 3
pop ecx
mov esi, eax
call sub_4014F2
xor edx, edx
cmp esi, edx
mov byte ptr [edi], 0
jz loc_401A59
cmp [ebp+FileTime2.dwHighDateTime], edx
mov ecx, 3FFh
mov [ebp+FilePart], ecx
jz short loc_402B92
push ecx ; cbName
push edi ; lpName
push eax ; dwIndex
push esi ; hKey
call ds:RegEnumKeyA ; RegEnumKeyA
jmp short loc_402BA3
; ---------------------------------------------------------------------------
loc_402B92: ; CODE XREF: sub_40161F+1565�j
push edx ; lpcbData
push edx ; lpData
push edx ; lpType
push edx ; lpReserved
lea ecx, [ebp+FilePart]
push ecx ; lpcbValueName
push edi ; lpValueName
push eax ; dwIndex
push esi ; hKey
call ds:RegEnumValueA ; RegEnumValueA
loc_402BA3: ; CODE XREF: sub_40161F+1571�j
mov byte ptr [edi+3FFh], 0
push esi ; hKey
loc_402BAB: ; CODE XREF: sub_40161F+14A4�j
; sub_40161F+1537�j
call ds:RegCloseKey ; RegCloseKey
jmp loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_402BB6: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
cmp byte ptr [edi], 0 ; jumptable 0040167A case 52
jz loc_4031EB ; default
; jumptable 0040167A cases 64,65
push edi
call sub_405F99
push eax ; hObject
loc_402BC6: ; CODE XREF: sub_40161F+DC4�j
call ds:CloseHandle ; CloseHandle
jmp loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_402BD1: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
push 0FFFFFFEDh ; jumptable 0040167A case 53
pop esi
call sub_401508
push [ebp+nDenominator] ; dwCreationDisposition
push [ebp+dwFileAttributes] ; dwDesiredAccess
push eax ; lpFileName
call sub_405E44
cmp eax, 0FFFFFFFFh
jnz loc_401DD6
loc_402BEE: ; CODE XREF: sub_40161F+1781�j
mov byte ptr [edi], 0
jmp loc_401A59
; ---------------------------------------------------------------------------
loc_402BF6: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
cmp [ebp+nDenominator], 0 ; jumptable 0040167A case 54
jz short loc_402C0E
xor ecx, ecx
inc ecx
call sub_4014F2
mov byte_40D8A8, al
xor eax, eax
inc eax
jmp short loc_402C1C
; ---------------------------------------------------------------------------
loc_402C0E: ; CODE XREF: sub_40161F+15DB�j
push 11h
pop esi
call sub_401508
push eax ; lpString
call lstrlenA ; lstrlenA
loc_402C1C: ; CODE XREF: sub_40161F+15ED�j
cmp byte ptr [edi], 0
jz loc_401A59
push 0 ; lpOverlapped
lea ecx, [ebp+FilePart]
push ecx ; lpNumberOfBytesWritten
push eax ; nNumberOfBytesToWrite
push offset byte_40D8A8 ; lpBuffer
push edi
call sub_405F99
push eax ; hFile
call ds:WriteFile ; WriteFile
jmp loc_401A51
; ---------------------------------------------------------------------------
loc_402C43: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
push 2 ; jumptable 0040167A case 55
pop ecx
xor esi, esi
call sub_4014F2
cmp eax, 1
mov [ebp+dwResult], eax
jl loc_4031EB ; default
; jumptable 0040167A cases 64,65
mov ecx, 3FFh
cmp eax, ecx
jle short loc_402C65
mov [ebp+dwResult], ecx
loc_402C65: ; CODE XREF: sub_40161F+1641�j
cmp byte ptr [edi], 0
jz loc_402CF7
push edi
mov byte ptr [ebp+FilePart+3], 0
call sub_405F99
cmp [ebp+dwResult], 0
mov edi, eax
jle short loc_402CF7
loc_402C80: ; CODE XREF: sub_40161F+16A1�j
push 0 ; lpOverlapped
lea eax, [ebp+puLen]
push eax ; lpNumberOfBytesRead
push 1 ; nNumberOfBytesToRead
lea eax, [ebp+Buffer]
push eax ; lpBuffer
push edi ; hFile
call ds:ReadFile ; ReadFile
test eax, eax
jz short loc_402CF7
cmp [ebp+puLen], 1
jnz short loc_402CF7
cmp [ebp+FileTime2.dwLowDateTime], 0
jnz short loc_402CC4
cmp byte ptr [ebp+FilePart+3], 0Dh
jz short loc_402CD4
cmp byte ptr [ebp+FilePart+3], 0Ah
jz short loc_402CD4
mov al, [ebp+Buffer]
mov [esi+ebx], al
inc esi
test al, al
mov byte ptr [ebp+FilePart+3], al
jz short loc_402CF7
cmp esi, [ebp+dwResult]
jl short loc_402C80
jmp short loc_402CF7
; ---------------------------------------------------------------------------
loc_402CC4: ; CODE XREF: sub_40161F+1682�j
movzx eax, [ebp+Buffer]
push eax ; int
push ebx ; LPSTR
call sub_405F80
jmp loc_4031F4
; ---------------------------------------------------------------------------
loc_402CD4: ; CODE XREF: sub_40161F+1688�j
; sub_40161F+168E�j
mov al, [ebp+Buffer]
cmp byte ptr [ebp+FilePart+3], al
jz short loc_402CEA
cmp al, 0Dh
jz short loc_402CE4
cmp al, 0Ah
jnz short loc_402CEA
loc_402CE4: ; CODE XREF: sub_40161F+16BF�j
mov [esi+ebx], al
inc esi
jmp short loc_402CF7
; ---------------------------------------------------------------------------
loc_402CEA: ; CODE XREF: sub_40161F+16BB�j
; sub_40161F+16C3�j
push 1 ; dwMoveMethod
push 0 ; lpDistanceToMoveHigh
push 0FFFFFFFFh ; lDistanceToMove
push edi ; hFile
call ds:SetFilePointer ; SetFilePointer
loc_402CF7: ; CODE XREF: sub_40161F+1649�j
; sub_40161F+165F�j ...
mov byte ptr [esi+ebx], 0
test esi, esi
jmp loc_401A53
; ---------------------------------------------------------------------------
loc_402D02: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
cmp byte ptr [edi], 0 ; jumptable 0040167A case 56
jz loc_4031EB ; default
; jumptable 0040167A cases 64,65
push [ebp+FileTime2.dwLowDateTime] ; dwMoveMethod
push 0 ; lpDistanceToMoveHigh
push 2
pop ecx
call sub_4014F2
push eax ; lDistanceToMove
push edi
call sub_405F99
push eax ; hFile
call ds:SetFilePointer ; SetFilePointer
cmp [ebp+dwFileAttributes], 0
jl loc_4031EB ; default
; jumptable 0040167A cases 64,65
jmp loc_40317F
; ---------------------------------------------------------------------------
loc_402D35: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
cmp byte ptr [edi], 0 ; jumptable 0040167A case 57
jz loc_4031EB ; default
; jumptable 0040167A cases 64,65
push edi
call sub_405F99
push eax ; hFindFile
call ds:FindClose ; FindClose
jmp loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_402D50: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
cmp byte ptr [ebx], 0 ; jumptable 0040167A case 58
jz loc_401A33
lea eax, [ebp+FindFileData]
push eax ; lpFindFileData
push ebx
call sub_405F99
push eax ; hFindFile
call ds:FindNextFileA ; FindNextFileA
test eax, eax
jz loc_401A33
loc_402D75: ; CODE XREF: sub_40161F+178D�j
lea eax, [ebp+FindFileData.cFileName]
push eax
push edi
jmp loc_4030FE
; ---------------------------------------------------------------------------
loc_402D82: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
push 2 ; jumptable 0040167A case 59
pop esi
call sub_401508
lea ecx, [ebp+FindFileData]
push ecx ; lpFindFileData
push eax ; lpFileName
call ds:FindFirstFileA ; FindFirstFileA
cmp eax, 0FFFFFFFFh
jnz short loc_402DA5
mov byte ptr [ebx], 0
jmp loc_402BEE
; ---------------------------------------------------------------------------
loc_402DA5: ; CODE XREF: sub_40161F+177C�j
push eax ; int
push ebx ; LPSTR
call sub_405F80
jmp short loc_402D75
; ---------------------------------------------------------------------------
loc_402DAE: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
xor esi, esi ; jumptable 0040167A case 60
mov [ebp+lpAppName], 0FFFFFD66h
call sub_401508
and [ebp+pBlock], esi
test byte ptr dword_4341E4+1, 4
mov edi, ds:lstrcatA
mov [ebp+FilePart], eax
jz loc_402E7C
push eax ; lpString
call lstrlenA ; lstrlenA
push lpString ; lpString
mov esi, eax
call lstrlenA ; lstrlenA
lea ecx, [eax+esi+1]
mov eax, 105h
cmp ecx, eax
jb short loc_402E04
push lpString ; lpString
call lstrlenA ; lstrlenA
lea eax, [eax+esi+1]
loc_402E04: ; CODE XREF: sub_40161F+17D4�j
push eax ; dwBytes
call sub_405D2F
mov ebx, eax
test ebx, ebx
mov [ebp+hModule], ebx
jz short loc_402E66
push lpString ; lpString2
push ebx ; lpString1
call lstrcpyA ; lstrcpyA
push 5Ch ; char
push [ebp+FilePart] ; lpszStart
call sub_4061F8
test eax, eax
jz short loc_402E31
inc eax
push eax
jmp short loc_402E34
; ---------------------------------------------------------------------------
loc_402E31: ; CODE XREF: sub_40161F+180C�j
push [ebp+FilePart] ; lpString2
loc_402E34: ; CODE XREF: sub_40161F+1810�j
push ebx ; lpString1
call edi ; lstrcatA
push ebx ; lpString
call lstrlenA ; lstrlenA
lea esi, [eax+ebx-1]
jmp short loc_402E52
; ---------------------------------------------------------------------------
loc_402E43: ; CODE XREF: sub_40161F+1838�j
cmp byte ptr [esi], 5Ch
jz short loc_402E59
push esi ; lpszCurrent
push ebx ; lpszStart
call ds:CharPrevA ; CharPrevA
mov esi, eax
loc_402E52: ; CODE XREF: sub_40161F+1822�j
cmp esi, ebx
mov [ebp+pBlock], esi
ja short loc_402E43
loc_402E59: ; CODE XREF: sub_40161F+1827�j
push ebx ; lpFileName
mov byte ptr [esi], 0
call sub_4062D0
test eax, eax
jnz short loc_402E70
loc_402E66: ; CODE XREF: sub_40161F+94�j
; sub_40161F+A3�j ...
mov eax, 7FFFFFFFh
jmp loc_4031F6
; ---------------------------------------------------------------------------
loc_402E70: ; CODE XREF: sub_40161F+1845�j
push ebx ; lpString2
push [ebp+FilePart] ; lpString1
mov byte ptr [esi], 5Ch
call lstrcpyA ; lstrcpyA
loc_402E7C: ; CODE XREF: sub_40161F+17B0�j
push [ebp+FilePart]
call sub_405D5A
test eax, eax
push [ebp+FilePart] ; lpString2
mov ebx, offset byte_40D8A8
jz short loc_402E98
push ebx ; lpString1
call lstrcpyA ; lstrcpyA
jmp short loc_402EAC
; ---------------------------------------------------------------------------
loc_402E98: ; CODE XREF: sub_40161F+186F�j
push offset byte_43A400 ; lpString2
push ebx ; lpString1
call lstrcpyA ; lstrcpyA
push eax ; lpString1
call sub_4061CB
push eax ; lpString1
call edi ; lstrcatA
loc_402EAC: ; CODE XREF: sub_40161F+1877�j
push ebx ; lpszCurrent
call sub_40602E
push 2 ; dwCreationDisposition
push 40000000h ; dwDesiredAccess
push ebx ; lpFileName
call sub_405E44
cmp eax, 0FFFFFFFFh
mov [ebp+dwResult], eax
jz loc_402F77
mov eax, dwBytes
push eax ; dwBytes
mov [ebp+puLen], eax
call sub_405D2F
test eax, eax
mov [ebp+lpString2], eax
jz loc_402F6E
push 0 ; lDistanceToMove
call sub_4033FB
push [ebp+puLen] ; NumberOfBytesRead
push [ebp+lpString2] ; lpBuffer
call sub_4033C9
push [ebp+nDenominator] ; dwBytes
call sub_405D2F
mov esi, eax
test esi, esi
mov [ebp+lpAppName], esi
jz short loc_402F40
push [ebp+nDenominator] ; Buffer
push esi ; int
push 0 ; hFile
push [ebp+dwFileAttributes] ; nDenominator
call sub_403412
jmp short loc_402F32
; ---------------------------------------------------------------------------
loc_402F17: ; CODE XREF: sub_40161F+1916�j
mov ecx, [esi]
mov eax, [esi+4]
push ecx
mov [ebp+Msg.pt.x], ecx
mov ecx, [ebp+lpString2]
add esi, 8
push esi
add eax, ecx
push eax
call sub_405E24
add esi, [ebp+Msg.pt.x]
loc_402F32: ; CODE XREF: sub_40161F+18F6�j
cmp byte ptr [esi], 0
jnz short loc_402F17
push [ebp+lpAppName] ; hMem
call ds:GlobalFree ; GlobalFree
loc_402F40: ; CODE XREF: sub_40161F+18E6�j
xor esi, esi
push esi ; lpOverlapped
lea eax, [ebp+NumberOfBytesWritten]
push eax ; lpNumberOfBytesWritten
push [ebp+puLen] ; nNumberOfBytesToWrite
push [ebp+lpString2] ; lpBuffer
push [ebp+dwResult] ; hFile
call ds:WriteFile ; WriteFile
push [ebp+lpString2] ; hMem
call ds:GlobalFree ; GlobalFree
push esi ; Buffer
push esi ; int
push [ebp+dwResult] ; hFile
push 0FFFFFFFFh ; nDenominator
call sub_403412
mov [ebp+lpAppName], eax
loc_402F6E: ; CODE XREF: sub_40161F+18BF�j
push [ebp+dwResult] ; hObject
call ds:CloseHandle ; CloseHandle
loc_402F77: ; CODE XREF: sub_40161F+18A6�j
push ebx
push [ebp+lpAppName] ; arglist
push offset aCreatedUninsta ; "created uninstaller: %d, \"%s\""
call sub_406171
add esp, 0Ch
cmp [ebp+lpAppName], 0
push 0FFFFFFF3h
pop esi
jge short loc_402FA2
push 0FFFFFFEFh
pop esi
push ebx ; lpFileName
call ds:DeleteFileA ; DeleteFileA
mov [ebp+var_4], 1
loc_402FA2: ; CODE XREF: sub_40161F+1970�j
push esi
call sub_4014E1
test byte ptr dword_4341E4+1, 4
jz loc_4031DC
mov eax, [ebp+pBlock]
mov esi, [ebp+FilePart]
push offset asc_40935C ; " /x \""
push esi ; lpString1
mov byte ptr [eax], 0
call edi ; lstrcatA
push lpString ; lpString2
push esi ; lpString1
call edi ; lstrcatA
push offset a_? ; "\" _?="
push esi ; lpString1
call edi ; lstrcatA
push [ebp+hModule] ; lpString2
push esi ; lpString1
call edi ; lstrcatA
push [ebp+hModule] ; lpCurrentDirectory
push esi ; lpCommandLine
call sub_405C75
test eax, eax
mov [ebp+FilePart], eax
push esi ; arglist
jz short loc_403063
push offset aFileExtraction ; "File Extraction: success (\"%s\")"
call sub_406171
mov edi, ds:WaitForSingleObject
pop ecx
pop ecx
push 64h ; dwMilliseconds
push [ebp+FilePart] ; hHandle
call edi ; WaitForSingleObject
mov esi, 102h
cmp eax, esi
jnz short loc_40303F
mov ebx, ds:PeekMessageA
jmp short loc_403022
; ---------------------------------------------------------------------------
loc_403018: ; CODE XREF: sub_40161F+1A13�j
lea eax, [ebp+Msg]
push eax ; lpMsg
call ds:DispatchMessageA ; DispatchMessageA
loc_403022: ; CODE XREF: sub_40161F+19F7�j
; sub_40161F+1A1E�j
push 1 ; wRemoveMsg
push 0Fh ; wMsgFilterMax
push 0Fh ; wMsgFilterMin
lea eax, [ebp+Msg]
push 0 ; hWnd
push eax ; lpMsg
call ebx ; PeekMessageA
test eax, eax
jnz short loc_403018
push 64h ; dwMilliseconds
push [ebp+FilePart] ; hHandle
call edi ; WaitForSingleObject
cmp eax, esi
jz short loc_403022
loc_40303F: ; CODE XREF: sub_40161F+19EF�j
lea eax, [ebp+puLen]
push eax ; lpExitCode
push [ebp+FilePart] ; hProcess
call ds:GetExitCodeProcess ; GetExitCodeProcess
cmp [ebp+puLen], 0
jz short loc_403055
inc [ebp+var_4]
loc_403055: ; CODE XREF: sub_40161F+1A31�j
push [ebp+FilePart] ; hObject
call ds:CloseHandle ; CloseHandle
jmp loc_4031DC
; ---------------------------------------------------------------------------
loc_403063: ; CODE XREF: sub_40161F+19CD�j
inc [ebp+var_4]
push offset aFileExtracti_0 ; "File Extraction: failed createprocess o"...
call sub_406171
pop ecx
pop ecx
jmp loc_4031DC
; ---------------------------------------------------------------------------
loc_403077: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
test esi, esi ; jumptable 0040167A case 61
jz short loc_4030B0
push edx ; arglist
push offset aSettingsLoggin ; "settings logging to %d"
call sub_406171
mov eax, [ebp+dwFileAttributes]
push eax ; arglist
push offset aLoggingSetToD ; "logging set to %d"
mov dword_431D04, eax
call sub_406171
add esp, 10h
cmp [ebp+dwFileAttributes], 0
jz loc_4031EB ; default
; jumptable 0040167A cases 64,65
call sub_403F6C
jmp loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_4030B0: ; CODE XREF: sub_40161F+1A5A�j
xor esi, esi
inc esi
call sub_401508
push eax ; arglist
push offset aS ; "%s"
loc_4030BE: ; CODE XREF: sub_40161F+373�j
; sub_40161F+385�j ...
call sub_406171
pop ecx
loc_4030C4: ; CODE XREF: sub_40161F+22D�j
pop ecx
jmp loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_4030CA: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
xor ecx, ecx ; jumptable 0040167A case 62
call sub_4014F2
mov edi, eax
cmp edi, dword_4341AC
jnb loc_401A59
mov eax, [ebp+nDenominator]
mov esi, edi
imul esi, 418h
add esi, dword_4341A8
test eax, eax
jl short loc_40310B
mov ecx, [esi+eax*4]
jnz short loc_403108
add esi, 18h
push esi ; lpString2
push ebx ; lpString1
loc_4030FE: ; CODE XREF: sub_40161F+9DF�j
; sub_40161F+175E�j
call lstrcpyA ; lstrcpyA
jmp loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_403108: ; CODE XREF: sub_40161F+1AD8�j
push ecx
jmp short loc_403180
; ---------------------------------------------------------------------------
loc_40310B: ; CODE XREF: sub_40161F+1AD3�j
or ecx, 0FFFFFFFFh
sub ecx, eax
mov [ebp+nDenominator], ecx
jz short loc_403122
xor ecx, ecx
inc ecx
call sub_4014F2
mov [ebp+dwFileAttributes], eax
jmp short loc_403132
; ---------------------------------------------------------------------------
loc_403122: ; CODE XREF: sub_40161F+1AF4�j
push [ebp+FileTime2.dwHighDateTime] ; lpString2
lea eax, [esi+18h]
push eax ; lpString1
call sub_4066B7
or byte ptr [esi+9], 1
loc_403132: ; CODE XREF: sub_40161F+1B01�j
mov eax, [ebp+nDenominator]
mov ecx, [ebp+dwFileAttributes]
mov [esi+eax*4], ecx
cmp [ebp+FileTime2.dwLowDateTime], 0
jz loc_4031EB ; default
; jumptable 0040167A cases 64,65
push edi
call sub_40117D
jmp loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_403150: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
xor ecx, ecx ; jumptable 0040167A case 63
call sub_4014F2
cmp eax, 20h
jnb loc_401A59
xor ecx, ecx
cmp [ebp+FileTime2.dwLowDateTime], ecx
jz short loc_403188
cmp [ebp+nDenominator], ecx
jz short loc_403179
push eax
call sub_4012A8
call sub_40129E
jmp short loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_403179: ; CODE XREF: sub_40161F+1B4B�j
push ecx
call sub_4012F3
loc_40317F: ; CODE XREF: sub_40161F+1711�j
push eax ; int
loc_403180: ; CODE XREF: sub_40161F+1AEA�j
push ebx ; LPSTR
loc_403181: ; CODE XREF: sub_40161F+1BE�j
call sub_405F80
jmp short loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_403188: ; CODE XREF: sub_40161F+1B46�j
cmp [ebp+nDenominator], ecx
jz short loc_40319F
mov ecx, [ebp+dwFileAttributes]
mov edx, dword_434188
mov [edx+eax*4+94h], ecx
jmp short loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_40319F: ; CODE XREF: sub_40161F+1B6C�j
mov ecx, dword_434188
push dword ptr [ecx+eax*4+94h] ; lpString2
push ebx ; lpString1
call sub_4066B7
jmp short loc_4031EB ; default
; jumptable 0040167A cases 64,65
; ---------------------------------------------------------------------------
loc_4031B4: ; CODE XREF: sub_40161F+5B�j
; DATA XREF: .text:off_4031FD�o
mov eax, dword_42F528 ; jumptable 0040167A case 66
push 0 ; lParam
and eax, esi
push eax ; wParam
push 0Bh ; Msg
push [ebp+lpString2] ; hWnd
call ds:SendMessageA ; SendMessageA
cmp [ebp+arglist], 0
jz short loc_4031EB ; default
; jumptable 0040167A cases 64,65
push 0 ; bErase
push 0 ; lpRect
push [ebp+lpString2] ; hWnd
call ds:InvalidateRect ; InvalidateRect
loc_4031DC: ; CODE XREF: sub_40161F+672�j
; sub_40161F+6E9�j ...
cmp [ebp+hModule], 0
jz short loc_4031EB ; default
; jumptable 0040167A cases 64,65
push [ebp+hModule] ; hMem
loc_4031E5: ; CODE XREF: sub_40161F+A0E�j
; sub_40161F+E95�j
call ds:GlobalFree ; GlobalFree
loc_4031EB: ; CODE XREF: sub_40161F+55�j
; sub_40161F+5B�j ...
mov eax, [ebp+var_4] ; default
; jumptable 0040167A cases 64,65
add dword_434208, eax
loc_4031F4: ; CODE XREF: sub_40161F+688�j
; sub_40161F+16B0�j
xor eax, eax
loc_4031F6: ; CODE XREF: sub_40161F+72�j
; sub_40161F+E9�j ...
pop edi
pop esi
pop ebx
leave
retn 4
sub_40161F endp
; ---------------------------------------------------------------------------
off_4031FD dd offset loc_401681, offset loc_401696, offset loc_4016B8
; DATA XREF: sub_40161F+5B�r
dd offset loc_4016D5, offset loc_40170D, offset loc_40175C ; jump table for switch statement
dd offset loc_401786, offset loc_4017E2, offset loc_40180E
dd offset loc_401851, offset loc_4018AD, offset loc_40179F
dd offset loc_4017B6, offset loc_4017D5, offset loc_4018F9
dd offset loc_4019A9, offset loc_401A0E, offset loc_401A42
dd offset loc_401A65, offset loc_401D4C, offset loc_401D5D
dd offset loc_401DA3, offset loc_401DC8, offset loc_401DDC
dd offset loc_401E62, offset loc_401E85, offset loc_401EBD
dd offset loc_401EFA, offset loc_401F86, offset loc_401FA6
dd offset loc_40205C, offset loc_40205C, offset loc_402127
dd offset loc_402145, offset loc_402162, offset loc_40217F
dd offset loc_4021DC, offset loc_402258, offset loc_40229A
dd offset loc_402327, offset loc_4023F9, offset loc_402429
dd offset loc_4024B9, offset loc_402621, offset loc_40279F
dd offset loc_402832, offset loc_402859, offset loc_4028E3
dd offset loc_402926, offset loc_4029B9, offset loc_402AE0
dd offset loc_402B58, offset loc_402BB6, offset loc_402BD1
dd offset loc_402BF6, offset loc_402C43, offset loc_402D02
dd offset loc_402D35, offset loc_402D50, offset loc_402D82
dd offset loc_402DAE, offset loc_403077, offset loc_4030CA
dd offset loc_403150, offset loc_4031EB, offset loc_4031EB
dd offset loc_4031B4
off_403309 dd offset loc_401F1F ; DATA XREF: sub_40161F+8F9�r
dd offset loc_401F23 ; jump table for switch statement
dd offset loc_401F27
dd offset loc_401F2E
dd offset loc_401F3B
dd offset loc_401F3F
dd offset loc_401F43
dd offset loc_401F47
dd offset loc_401F50
dd offset loc_401F5A
dd offset loc_401F66
dd offset loc_401F7A
dd offset loc_401F7E
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; BOOL __stdcall DialogFunc(HWND, UINT, WPARAM, LPARAM)
DialogFunc proc near ; DATA XREF: sub_403646+14F�o
hWnd = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = dword ptr 14h
push ebp
mov ebp, esp
cmp [ebp+arg_4], 110h
push esi
push edi
mov edi, [ebp+hWnd]
mov esi, 113h
jnz short loc_40336E
push 0 ; lpTimerFunc
push 0FAh ; uElapse
push 1 ; nIDEvent
push edi ; hWnd
call ds:SetTimer ; SetTimer
mov eax, [ebp+arg_C]
mov dword_42CCEC, eax
mov [ebp+arg_4], esi
loc_40336E: ; CODE XREF: DialogFunc+14�j
cmp [ebp+arg_4], esi
jnz short loc_4033C1
mov ecx, lDistanceToMove
mov eax, nDenominator
cmp ecx, eax
jl short loc_403384
mov ecx, eax
loc_403384: ; CODE XREF: DialogFunc+43�j
push eax ; nDenominator
push 64h ; nNumerator
push ecx ; nNumber
call ds:MulDiv ; MulDiv
push eax
push dword_42CCEC ; LPCSTR
mov esi, offset byte_41B0E8
push esi ; LPSTR
call ds:wsprintfA ; wsprintfA
add esp, 0Ch
push esi ; lpString
push edi ; hWnd
call ds:SetWindowTextA ; SetWindowTextA
push esi ; lpString
push 406h ; nIDDlgItem
push edi ; hDlg
call SetDlgItemTextA ; SetDlgItemTextA
push 5 ; nCmdShow
push edi ; hWnd
call ds:ShowWindow ; ShowWindow
loc_4033C1: ; CODE XREF: DialogFunc+34�j
pop edi
xor eax, eax
pop esi
pop ebp
retn 10h
DialogFunc endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_4033C9(LPVOID lpBuffer, DWORD NumberOfBytesRead)
sub_4033C9 proc near ; CODE XREF: sub_40161F+18D2�p
; sub_403412+49�p ...
lpBuffer = dword ptr 8
NumberOfBytesRead= dword ptr 0Ch
push ebp
mov ebp, esp
push esi
mov esi, [ebp+NumberOfBytesRead]
push 0 ; lpOverlapped
lea eax, [ebp+NumberOfBytesRead]
push eax ; lpNumberOfBytesRead
push esi ; nNumberOfBytesToRead
push [ebp+lpBuffer] ; lpBuffer
push hFile ; hFile
call ds:ReadFile ; ReadFile
test eax, eax
jz short loc_4033F4
cmp [ebp+NumberOfBytesRead], esi
jnz short loc_4033F4
xor eax, eax
inc eax
jmp short loc_4033F6
; ---------------------------------------------------------------------------
loc_4033F4: ; CODE XREF: sub_4033C9+1F�j
; sub_4033C9+24�j
xor eax, eax
loc_4033F6: ; CODE XREF: sub_4033C9+29�j
pop esi
pop ebp
retn 8
sub_4033C9 endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_4033FB(LONG lDistanceToMove)
sub_4033FB proc near ; CODE XREF: sub_40161F+18C7�p
; sub_403412+3E�p ...
lDistanceToMove = dword ptr 4
push 0 ; dwMoveMethod
push 0 ; lpDistanceToMoveHigh
push [esp+8+lDistanceToMove] ; lDistanceToMove
push hFile ; hFile
call ds:SetFilePointer ; SetFilePointer
retn 4
sub_4033FB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_403412(int nDenominator, HANDLE hFile, int, int Buffer)
sub_403412 proc near ; CODE XREF: sub_40161F+6A7�p
; sub_40161F+146A�p ...
String2 = byte ptr -58h
var_18 = dword ptr -18h
NumberOfBytesWritten= dword ptr -14h
var_10 = dword ptr -10h
lpBuffer = dword ptr -0Ch
NumberOfBytesRead= dword ptr -8
var_4 = dword ptr -4
nDenominator = dword ptr 8
hFile = dword ptr 0Ch
arg_8 = dword ptr 10h
Buffer = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 58h
push esi
mov esi, [ebp+Buffer]
push edi
mov edi, [ebp+arg_8]
test edi, edi
mov [ebp+NumberOfBytesRead], esi
jnz short loc_40342E
mov [ebp+NumberOfBytesRead], 8000h
loc_40342E: ; CODE XREF: sub_403412+13�j
and [ebp+var_4], 0
test edi, edi
mov [ebp+lpBuffer], edi
jnz short loc_403440
mov [ebp+lpBuffer], offset dword_4130E8
loc_403440: ; CODE XREF: sub_403412+25�j
mov eax, [ebp+nDenominator]
test eax, eax
jl short loc_403455
mov ecx, dword_4341D8
add ecx, eax
push ecx ; lDistanceToMove
call sub_4033FB
loc_403455: ; CODE XREF: sub_403412+33�j
push 4 ; NumberOfBytesRead
lea eax, [ebp+Buffer]
push eax ; lpBuffer
call sub_4033C9
test eax, eax
jnz short loc_40346C
push 0FFFFFFFDh
pop eax
jmp loc_4035F9
; ---------------------------------------------------------------------------
loc_40346C: ; CODE XREF: sub_403412+50�j
test byte ptr [ebp+Buffer+3], 80h
push ebx
jz loc_4035DB
mov ebx, ds:GetTickCount
call ebx ; GetTickCount
and dword_423654, 0
and dword_423650, 0
and [ebp+Buffer], 7FFFFFFFh
mov [ebp+var_10], eax
mov eax, offset dword_424CD8
mov dword_42CCE0, eax
mov dword_42CCDC, eax
mov eax, [ebp+Buffer]
mov dword_423138, 8
mov dword_42CCD8, offset dword_42CCD8
mov [ebp+nDenominator], eax
jle loc_4035F5
loc_4034C6: ; CODE XREF: sub_403412+1B8�j
mov esi, 4000h
cmp [ebp+Buffer], esi
jge short loc_4034D3
mov esi, [ebp+Buffer]
loc_4034D3: ; CODE XREF: sub_403412+BC�j
push esi ; NumberOfBytesRead
mov edi, offset dword_40F0E8
push edi ; lpBuffer
call sub_4033C9
test eax, eax
jz loc_4035D2
sub [ebp+Buffer], esi
mov dword_423128, edi
mov dword_42312C, esi
loc_4034F6: ; CODE XREF: sub_403412+1AD�j
mov eax, [ebp+NumberOfBytesRead]
mov edi, [ebp+lpBuffer]
push offset dword_423128
mov dword_423130, edi
mov dword_423134, eax
call sub_406E81
test eax, eax
mov [ebp+var_18], eax
jl loc_4035D7
mov esi, dword_423130
sub esi, edi
call ebx ; GetTickCount
test byte ptr dword_40D03C, 1
mov edi, eax
jz short loc_403574
sub eax, [ebp+var_10]
cmp eax, 0C8h
ja short loc_403541
cmp [ebp+Buffer], 0
jnz short loc_403574
loc_403541: ; CODE XREF: sub_403412+127�j
push [ebp+nDenominator] ; nDenominator
mov eax, [ebp+nDenominator]
sub eax, [ebp+Buffer]
push 64h ; nNumerator
push eax ; nNumber
call ds:MulDiv ; MulDiv
push eax
lea eax, [ebp+String2]
push offset a___D ; "... %d%%"
push eax ; LPSTR
call ds:wsprintfA ; wsprintfA
add esp, 0Ch
lea eax, [ebp+String2]
push eax ; lpString2
push 0 ; int
call sub_405013
mov [ebp+var_10], edi
loc_403574: ; CODE XREF: sub_403412+11D�j
; sub_403412+12D�j
xor eax, eax
cmp esi, eax
jz short loc_4035C7
cmp [ebp+arg_8], eax
jnz short loc_4035A7
push eax ; lpOverlapped
lea eax, [ebp+NumberOfBytesWritten]
push eax ; lpNumberOfBytesWritten
push esi ; nNumberOfBytesToWrite
push [ebp+lpBuffer] ; lpBuffer
push [ebp+hFile] ; hFile
call ds:WriteFile ; WriteFile
test eax, eax
jz loc_403642
cmp [ebp+NumberOfBytesWritten], esi
jnz loc_403642
add [ebp+var_4], esi
jmp short loc_4035BB
; ---------------------------------------------------------------------------
loc_4035A7: ; CODE XREF: sub_403412+16B�j
sub [ebp+NumberOfBytesRead], esi
add [ebp+var_4], esi
cmp [ebp+NumberOfBytesRead], 1
mov eax, dword_423130
mov [ebp+lpBuffer], eax
jl short loc_4035F5
loc_4035BB: ; CODE XREF: sub_403412+193�j
cmp [ebp+var_18], 1
jnz loc_4034F6
jmp short loc_4035F5
; ---------------------------------------------------------------------------
loc_4035C7: ; CODE XREF: sub_403412+166�j
cmp [ebp+Buffer], eax
jg loc_4034C6
jmp short loc_4035F5
; ---------------------------------------------------------------------------
loc_4035D2: ; CODE XREF: sub_403412+CF�j
; sub_403412+1DE�j ...
push 0FFFFFFFDh
loc_4035D4: ; CODE XREF: sub_403412+1C7�j
; sub_403412+232�j
pop eax
jmp short loc_4035F8
; ---------------------------------------------------------------------------
loc_4035D7: ; CODE XREF: sub_403412+104�j
push 0FFFFFFFCh
jmp short loc_4035D4
; ---------------------------------------------------------------------------
loc_4035DB: ; CODE XREF: sub_403412+5F�j
test edi, edi
jz short loc_40363A
cmp [ebp+Buffer], esi
jge short loc_4035E7
mov esi, [ebp+Buffer]
loc_4035E7: ; CODE XREF: sub_403412+1D0�j
push esi ; NumberOfBytesRead
push edi ; lpBuffer
call sub_4033C9
test eax, eax
jz short loc_4035D2
mov [ebp+var_4], esi
loc_4035F5: ; CODE XREF: sub_403412+AE�j
; sub_403412+1A7�j ...
mov eax, [ebp+var_4]
loc_4035F8: ; CODE XREF: sub_403412+1C3�j
pop ebx
loc_4035F9: ; CODE XREF: sub_403412+55�j
pop edi
pop esi
leave
retn 10h
; ---------------------------------------------------------------------------
loc_4035FF: ; CODE XREF: sub_403412+22C�j
mov esi, [ebp+NumberOfBytesRead]
cmp [ebp+Buffer], esi
jge short loc_40360A
mov esi, [ebp+Buffer]
loc_40360A: ; CODE XREF: sub_403412+1F3�j
push esi ; NumberOfBytesRead
mov edi, offset dword_40F0E8
push edi ; lpBuffer
call sub_4033C9
test eax, eax
jz short loc_4035D2
push 0 ; lpOverlapped
lea eax, [ebp+arg_8]
push eax ; lpNumberOfBytesWritten
push esi ; nNumberOfBytesToWrite
push edi ; lpBuffer
push [ebp+hFile] ; hFile
call ds:WriteFile ; WriteFile
test eax, eax
jz short loc_403642
cmp esi, [ebp+arg_8]
jnz short loc_403642
add [ebp+var_4], esi
sub [ebp+Buffer], esi
loc_40363A: ; CODE XREF: sub_403412+1CB�j
cmp [ebp+Buffer], 0
jg short loc_4035FF
jmp short loc_4035F5
; ---------------------------------------------------------------------------
loc_403642: ; CODE XREF: sub_403412+181�j
; sub_403412+18A�j ...
push 0FFFFFFFEh
jmp short loc_4035D4
sub_403412 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403646 proc near ; CODE XREF: start+1F8�p
Msg = MSG ptr -48h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
dwBytes = dword ptr -18h
var_14 = dword ptr -14h
hFile = dword ptr -10h
var_C = dword ptr -0Ch
Buffer = dword ptr -8
hWnd = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 48h
push ebx
push esi
xor esi, esi
push edi
mov [ebp+hWnd], esi
call ds:GetTickCount ; GetTickCount
push 400h ; nSize
mov [ebp+var_C], esi
mov [ebp+Buffer], esi
mov esi, offset szStart
push esi ; lpFilename
push hModule ; hModule
mov edi, eax
add edi, 3E8h
call ds:GetModuleFileNameA ; GetModuleFileNameA
push 3 ; dwCreationDisposition
push 80000000h ; dwDesiredAccess
push esi ; lpFileName
call sub_405E44
mov ebx, eax
cmp ebx, 0FFFFFFFFh
mov [ebp+hFile], ebx
mov hFile, ebx
jnz short loc_4036A6
mov eax, offset aErrorLaunching ; "Error launching installer"
jmp loc_4038EB
; ---------------------------------------------------------------------------
loc_4036A6: ; CODE XREF: sub_403646+54�j
push esi ; lpszStart
call sub_40622C
push 0 ; lpFileSizeHigh
push ebx ; hFile
call ds:GetFileSize ; GetFileSize
test eax, eax
mov nDenominator, eax
mov esi, eax
jle loc_4037E5
loc_4036C4: ; CODE XREF: sub_403646+18A�j
mov eax, dwBytes
neg eax
sbb eax, eax
and eax, 7E00h
add eax, 200h
cmp esi, eax
mov ebx, esi
jl short loc_4036DF
mov ebx, eax
loc_4036DF: ; CODE XREF: sub_403646+95�j
push ebx ; NumberOfBytesRead
push offset dword_41B128 ; lpBuffer
call sub_4033C9
test eax, eax
jz loc_403874
xor eax, eax
cmp dwBytes, eax
jnz short loc_403777
push 1Ch
push offset dword_41B128
lea eax, [ebp+var_2C]
push eax
call sub_405E24
mov ecx, [ebp+var_2C]
test ecx, 0FFFFFFE0h
jnz loc_4037AD
cmp [ebp+var_28], 0DEADBEEFh
jnz loc_4037AD
cmp [ebp+var_1C], 74736E49h
jnz short loc_4037AD
cmp [ebp+var_20], 74666F73h
jnz short loc_4037AD
cmp [ebp+var_24], 6C6C754Eh
jnz short loc_4037AD
mov eax, [ebp+var_14]
cmp eax, esi
jg loc_403846
or [ebp+arg_0], ecx
test byte ptr [ebp+arg_0], 8
mov edx, lDistanceToMove
mov dwBytes, edx
jnz short loc_403769
test byte ptr [ebp+arg_0], 4
jnz short loc_4037D6
loc_403769: ; CODE XREF: sub_403646+11B�j
inc [ebp+Buffer]
lea esi, [eax-4]
cmp ebx, esi
jbe short loc_4037AD
mov ebx, esi
jmp short loc_4037AD
; ---------------------------------------------------------------------------
loc_403777: ; CODE XREF: sub_403646+B4�j
test byte ptr [ebp+arg_0], 2
jnz short loc_4037AD
cmp [ebp+hWnd], eax
jnz loc_40385C
call ds:GetTickCount ; GetTickCount
cmp eax, edi
jbe short loc_4037AD
push offset aVerifyingInsta ; "verifying installer: %d%%"
push offset DialogFunc ; lpDialogFunc
push 0 ; hWndParent
push 6Fh ; lpTemplateName
push hModule ; hInstance
call ds:CreateDialogParamA ; CreateDialogParamA
mov [ebp+hWnd], eax
loc_4037AD: ; CODE XREF: sub_403646+CF�j
; sub_403646+DC�j ...
cmp esi, nDenominator
jge short loc_4037C6
push ebx
push offset dword_41B128
push [ebp+var_C]
call sub_40137E
mov [ebp+var_C], eax
loc_4037C6: ; CODE XREF: sub_403646+16D�j
add lDistanceToMove, ebx
sub esi, ebx
test esi, esi
jg loc_4036C4
loc_4037D6: ; CODE XREF: sub_403646+121�j
cmp [ebp+hWnd], 0
jz short loc_4037E5
push [ebp+hWnd] ; hWnd
call ds:DestroyWindow ; DestroyWindow
loc_4037E5: ; CODE XREF: sub_403646+78�j
; sub_403646+194�j
xor edi, edi
cmp dwBytes, edi
jz short loc_403846
cmp [ebp+Buffer], edi
jz short loc_403816
push lDistanceToMove ; lDistanceToMove
call sub_4033FB
push 4 ; NumberOfBytesRead
lea eax, [ebp+Buffer]
push eax ; lpBuffer
call sub_4033C9
test eax, eax
jz short loc_403846
mov eax, [ebp+var_C]
cmp eax, [ebp+Buffer]
jnz short loc_403846
loc_403816: ; CODE XREF: sub_403646+1AC�j
push [ebp+dwBytes] ; dwBytes
call sub_405D2F
mov esi, eax
mov eax, dwBytes
add eax, 1Ch
push eax ; lDistanceToMove
call sub_4033FB
push [ebp+dwBytes] ; Buffer
push esi ; int
push edi ; hFile
push 0FFFFFFFFh ; nDenominator
call sub_403412
cmp eax, [ebp+dwBytes]
jz short loc_403885
push esi ; hMem
call ds:GlobalFree ; GlobalFree
loc_403846: ; CODE XREF: sub_403646+102�j
; sub_403646+1A7�j ...
mov eax, offset aTheInstallerYo ; "The installer you are trying to use is "...
jmp loc_4038EB
; ---------------------------------------------------------------------------
loc_403850: ; CODE XREF: sub_403646+227�j
lea eax, [ebp+Msg]
push eax ; lpMsg
call ds:DispatchMessageA ; DispatchMessageA
xor eax, eax
loc_40385C: ; CODE XREF: sub_403646+13A�j
push 1 ; wRemoveMsg
push eax ; wMsgFilterMax
push eax ; wMsgFilterMin
push eax ; hWnd
lea eax, [ebp+Msg]
push eax ; lpMsg
call ds:PeekMessageA ; PeekMessageA
test eax, eax
jnz short loc_403850
jmp loc_4037AD
; ---------------------------------------------------------------------------
loc_403874: ; CODE XREF: sub_403646+A6�j
cmp [ebp+hWnd], 0
jz short loc_403846
push [ebp+hWnd] ; hWnd
call ds:DestroyWindow ; DestroyWindow
jmp short loc_403846
; ---------------------------------------------------------------------------
loc_403885: ; CODE XREF: sub_403646+1F7�j
test byte ptr [ebp+arg_0], 2
mov dword_434188, esi
jz short loc_403894
or dword ptr [esi], 8
loc_403894: ; CODE XREF: sub_403646+249�j
mov eax, [esi]
and eax, 18h
test byte ptr [ebp+arg_0], 10h
mov dword_434220, eax
jz short loc_4038A8
or byte ptr [esi+1], 4
loc_4038A8: ; CODE XREF: sub_403646+25C�j
test byte ptr [ebp+var_2C], 1
mov eax, [esi]
mov dword_4341E4, eax
jz short loc_4038BB
inc dword_4341E0
loc_4038BB: ; CODE XREF: sub_403646+26D�j
push 8
lea eax, [esi+44h]
pop ecx
loc_4038C1: ; CODE XREF: sub_403646+281�j
sub eax, 8
add [eax], esi
dec ecx
jnz short loc_4038C1
push 1 ; dwMoveMethod
push edi ; lpDistanceToMoveHigh
push edi ; lDistanceToMove
push [ebp+hFile] ; hFile
call ds:SetFilePointer ; SetFilePointer
mov [esi+3Ch], eax
push 40h
add esi, 4
push esi
push offset dword_4341A0
call sub_405E24
xor eax, eax
loc_4038EB: ; CODE XREF: sub_403646+5B�j
; sub_403646+205�j
pop edi
pop esi
pop ebx
leave
retn 4
sub_403646 endp
; =============== S U B R O U T I N E =======================================
sub_4038F2 proc near ; CODE XREF: start+55�p start+76�p
push esi
mov esi, offset PathName
push esi ; lpszCurrent
call sub_40602E
push esi
call sub_405D5A
test eax, eax
jnz short loc_40390A
pop esi
retn
; ---------------------------------------------------------------------------
loc_40390A: ; CODE XREF: sub_4038F2+14�j
push esi ; lpString1
call sub_4061CB
push 0 ; lpSecurityAttributes
push esi ; lpPathName
call ds:CreateDirectoryA ; CreateDirectoryA
push esi ; lpPathName
push offset byte_43A000 ; lpTempFileName
call sub_405E73
pop esi
retn
sub_4038F2 endp
; =============== S U B R O U T I N E =======================================
sub_403926 proc near ; CODE XREF: start:loc_403C27�p
mov eax, hFile
cmp eax, 0FFFFFFFFh
jz short loc_40393E
push eax ; hObject
call ds:CloseHandle ; CloseHandle
or hFile, 0FFFFFFFFh
loc_40393E: ; CODE XREF: sub_403926+8�j
push 7 ; int
push offset dword_43B800 ; lpString1
call sub_4068E6
mov eax, lpString
test eax, eax
jz short locret_403961
push eax ; hMem
call ds:GlobalFree ; GlobalFree
and lpString, 0
locret_403961: ; CODE XREF: sub_403926+2B�j
retn
sub_403926 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
public start
start proc near
var_20 = byte ptr -20h
uExitCode = dword ptr -1Ch
lpsz = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_4 = dword ptr -4
sub esp, 20h
push ebx
push ebp
push esi
push edi
xor edi, edi
push offset aNsiszlib_bin ; "nsiszlib.bin"
mov [esp+34h+uExitCode], edi
mov ebx, offset aErrorWritingTe ; "Error writing temporary file. Make sure"...
mov [esp+34h+var_20], 20h
call sub_4088D7
pop ecx
call ds:InitCommonControls ; InitCommonControls
push edi ; pvReserved
call ds:OleInitialize
push offset aNsisError ; "NSIS Error"
push offset Caption ; lpString1
mov dword_434230, eax
call lstrcpyA ; lstrcpyA
mov esi, offset PathName
push esi ; lpBuffer
mov ebp, 400h
push ebp ; nBufferLength
call ds:GetTempPathA ; GetTempPathA
call sub_4038F2
test eax, eax
jnz short loc_4039E5
push 3FBh ; uSize
push esi ; lpBuffer
call ds:GetWindowsDirectoryA ; GetWindowsDirectoryA
push offset aTemp ; "\\Temp"
push esi ; lpString1
call ds:lstrcatA ; lstrcatA
call sub_4038F2
test eax, eax
jz loc_403C27
loc_4039E5: ; CODE XREF: start+5C�j
mov esi, offset byte_43A000
push esi ; lpFileName
call ds:DeleteFileA ; DeleteFileA
push ebp ; iMaxLength
call ds:GetCommandLineA ; GetCommandLineA
mov ebx, ds:lstrcpynA
push eax ; lpString2
push esi ; lpString1
call ebx ; lstrcpynA
push 0 ; lpModuleName
call ds:GetModuleHandleA ; GetModuleHandleA
cmp ds:byte_43A000, 22h
mov hModule, eax
jnz short loc_403A22
mov [esp+30h+var_20], 22h
mov esi, offset byte_43A001
loc_403A22: ; CODE XREF: start+B4�j
push dword ptr [esp+30h+var_20] ; char
push esi ; lpsz
call sub_405D3E
push eax ; lpsz
call ds:CharNextA ; CharNextA
mov esi, eax
mov [esp+30h+lpsz], esi
jmp loc_403B4F
; ---------------------------------------------------------------------------
loc_403A3E: ; CODE XREF: start+1F1�j
cmp al, 20h
jnz short loc_403A48
loc_403A42: ; CODE XREF: start+E4�j
inc esi
cmp byte ptr [esi], 20h
jz short loc_403A42
loc_403A48: ; CODE XREF: start+DE�j
cmp byte ptr [esi], 22h
mov [esp+30h+var_20], 20h
jnz short loc_403A58
inc esi
mov [esp+30h+var_20], 22h
loc_403A58: ; CODE XREF: start+EE�j
cmp byte ptr [esi], 2Fh
jnz loc_403B3D
inc esi
mov al, [esi]
cmp al, 53h
jnz short loc_403A76
mov cl, [esi+1]
or cl, 20h
cmp cl, 20h
jnz short loc_403A76
or edi, 2
loc_403A76: ; CODE XREF: start+104�j start+10F�j
cmp dword ptr [esi], 4352434Eh
jnz short loc_403A8C
mov cl, [esi+4]
or cl, 20h
cmp cl, 20h
jnz short loc_403A8C
or edi, 4
loc_403A8C: ; CODE XREF: start+11A�j start+125�j
cmp dword ptr [esi-2], 3D442F20h
jz loc_403BB0
cmp al, 58h
jz short loc_403AA5
cmp al, 78h
jnz loc_403B3D
loc_403AA5: ; CODE XREF: start+139�j
mov al, [esi+1]
or al, 20h
cmp al, 20h
jnz loc_403B3D
lea eax, [esi+2]
mov cl, [eax]
or edi, 12h
cmp cl, 22h
mov [esp+30h+var_14], edi
jnz short loc_403ACC
mov [esp+30h+var_20], cl
add esi, 3
jmp short loc_403AE4
; ---------------------------------------------------------------------------
loc_403ACC: ; CODE XREF: start+15F�j
cmp cl, 20h
jz loc_403B86
test cl, cl
jz loc_403B86
mov [esp+30h+var_20], 20h
mov esi, eax
loc_403AE4: ; CODE XREF: start+168�j
push dword ptr [esp+30h+var_20] ; char
push esi ; lpsz
call sub_405D3E
test eax, eax
jz loc_403BC4
sub eax, esi
inc eax
inc eax
push ebp ; dwBytes
mov edi, eax
call sub_405D2F
test eax, eax
mov lpString, eax
jz loc_403BCB
cmp edi, ebp
jbe short loc_403B15
mov edi, ebp
loc_403B15: ; CODE XREF: start+1AF�j
dec edi
push edi ; iMaxLength
push esi ; lpString2
push eax ; lpString1
call ebx ; lstrcpynA
push lpString ; lpString1
call sub_4061CB
push 0 ; lpSecurityAttributes
push lpString ; lpPathName
call ds:CreateDirectoryA ; CreateDirectoryA
mov edi, [esp+30h+var_14]
mov [esp+30h+var_20], 2Fh
loc_403B3D: ; CODE XREF: start+F9�j start+13D�j ...
push dword ptr [esp+30h+var_20] ; char
push esi ; lpsz
call sub_405D3E
mov esi, eax
cmp byte ptr [esi], 22h
jnz short loc_403B4F
inc esi
loc_403B4F: ; CODE XREF: start+D7�j start+1EA�j ...
mov al, [esi]
test al, al
jnz loc_403A3E
loc_403B59: ; CODE XREF: start+260�j
push edi
call sub_403646
mov ebx, eax
xor ebp, ebp
cmp ebx, ebp
jnz loc_403C27
cmp dword_4341E0, ebp
jz loc_403C10
mov edi, [esp+30h+lpsz]
push ebp ; char
push edi ; lpsz
call sub_405D3E
mov esi, eax
jmp short loc_403BDB
; ---------------------------------------------------------------------------
loc_403B86: ; CODE XREF: start+16D�j start+175�j
push ebp ; dwBytes
call sub_405D2F
test eax, eax
mov lpString, eax
jz short loc_403BA5
push offset aCNsis_extractf ; "C:\\NSIS_ExtractFiles\\"
push eax ; lpString1
call lstrcpyA ; lstrcpyA
mov eax, lpString
loc_403BA5: ; CODE XREF: start+231�j
push 0 ; lpSecurityAttributes
push eax ; lpPathName
call ds:CreateDirectoryA ; CreateDirectoryA
jmp short loc_403B4F
; ---------------------------------------------------------------------------
loc_403BB0: ; CODE XREF: start+131�j
mov byte ptr [esi-2], 0
add esi, 2
push esi ; lpString2
push offset byte_43A400 ; lpString1
call lstrcpyA ; lstrcpyA
jmp short loc_403B59
; ---------------------------------------------------------------------------
loc_403BC4: ; CODE XREF: start+18E�j
mov ebx, offset aExtractionPath ; "Extraction pathname not properly delimi"...
jmp short loc_403C27
; ---------------------------------------------------------------------------
loc_403BCB: ; CODE XREF: start+1A7�j
mov ebx, offset aOutOfMemory ; "Out of Memory"
jmp short loc_403C27
; ---------------------------------------------------------------------------
loc_403BD2: ; CODE XREF: start+27B�j
cmp dword ptr [esi], 3D3F5F20h
jz short loc_403BDF
dec esi
loc_403BDB: ; CODE XREF: start+222�j
cmp esi, edi
jnb short loc_403BD2
loc_403BDF: ; CODE XREF: start+276�j
cmp esi, edi
mov ebx, offset aErrorLaunching ; "Error launching installer"
jb short loc_403C4C
mov byte ptr [esi], 0
add esi, 4
push esi ; lpString2
call sub_406252
test eax, eax
jz short loc_403C27
push esi ; lpString2
push offset byte_43A400 ; lpString1
call lstrcpyA ; lstrcpyA
push esi ; lpString2
push offset CurrentDirectory ; lpString1
call lstrcpyA ; lstrcpyA
xor ebx, ebx
loc_403C10: ; CODE XREF: start+20F�j
or dword_43422C, 0FFFFFFFFh
call sub_4059CE
push 1 ; NumberOfBytesWritten
mov [esp+34h+uExitCode], eax
call sub_4060D2
loc_403C27: ; CODE XREF: start+7D�j start+203�j ...
call sub_403926
call ds:OleUninitialize
test ebx, ebx
jz loc_403D4D
push 200010h ; int
push ebx ; lpText
call sub_405CED
push 2
jmp loc_403E09
; ---------------------------------------------------------------------------
loc_403C4C: ; CODE XREF: start+284�j
mov dword ptr [esp+30h+var_20], ebp
mov edi, offset arglist
mov esi, offset byte_42CCF8
mov ebp, offset ExistingFileName
loc_403C5F: ; CODE XREF: start+3E0�j
push offset PathName ; lpString2
push edi ; lpString1
mov byte_42CCF8, 22h
call lstrcpyA ; lstrcpyA
push offset aANsisu__exe ; "A~NSISu_.exe"
push esi ; lpString1
call ds:lstrcatA ; lstrcatA
push edi ; lpFileName
call ds:DeleteFileA ; DeleteFileA
test ebx, ebx
jz loc_403D33
push 400h ; nSize
push ebp ; lpFilename
push hModule ; hModule
call ds:GetModuleFileNameA ; GetModuleFileNameA
push (offset aANsisu__exe+1) ; lpString2
lea eax, dword_42D4ED[eax]
push eax ; lpString1
call ds:lstrcmpiA ; lstrcmpiA
test eax, eax
jz loc_403C27
push 0 ; bFailIfExists
push edi ; lpNewFileName
push ebp ; lpExistingFileName
call ds:CopyFileA ; CopyFileA
test eax, eax
jz short loc_403D33
push 0 ; lpFileName
push edi ; arglist
call sub_406326
cmp ds:byte_43A400, 0
jz short loc_403CE4
push offset byte_43A400 ; lpString2
push ebp ; lpString1
call lstrcpyA ; lstrcpyA
jmp short loc_403CEA
; ---------------------------------------------------------------------------
loc_403CE4: ; CODE XREF: start+373�j
push ebp ; lpszStart
call sub_40622C
loc_403CEA: ; CODE XREF: start+380�j
push offset asc_409AD4 ; "\" "
push esi ; lpString1
call ds:lstrcatA ; lstrcatA
push [esp+30h+lpsz] ; lpString2
push esi ; lpString1
call ds:lstrcatA ; lstrcatA
push offset a_?_0 ; " _?="
push esi ; lpString1
call ds:lstrcatA ; lstrcatA
push ebp ; lpString2
push esi ; lpString1
call ds:lstrcatA ; lstrcatA
push esi ; lpString1
call sub_4061CB
push offset PathName ; lpCurrentDirectory
push esi ; lpCommandLine
call sub_405C75
test eax, eax
jz short loc_403D33
push eax ; hObject
call ds:CloseHandle ; CloseHandle
xor ebx, ebx
loc_403D33: ; CODE XREF: start+324�j start+362�j ...
inc byte ptr aANsisu__exe ; "A~NSISu_.exe"
inc dword ptr [esp+30h+var_20]
cmp dword ptr [esp+30h+var_20], 1Ah
jl loc_403C5F
jmp loc_403C27
; ---------------------------------------------------------------------------
loc_403D4D: ; CODE XREF: start+2D2�j
cmp dword_434214, 0
jz loc_403DF7
push offset ModuleName ; "ADVAPI32.dll"
call ds:GetModuleHandleA ; GetModuleHandleA
mov edi, eax
xor ebx, ebx
cmp edi, ebx
jz short loc_403DE3
mov esi, ds:GetProcAddress
push offset ProcName ; "OpenProcessToken"
push edi ; hModule
call esi ; GetProcAddress
push offset aLookupprivileg ; "LookupPrivilegeValueA"
push edi ; hModule
mov [esp+38h+lpsz], eax
call esi ; GetProcAddress
push offset aAdjusttokenpri ; "AdjustTokenPrivileges"
push edi ; hModule
mov ebp, eax
call esi ; GetProcAddress
cmp [esp+30h+lpsz], ebx
mov esi, eax
jz short loc_403DE3
cmp ebp, ebx
jz short loc_403DE3
cmp esi, ebx
jz short loc_403DE3
lea eax, [esp+30h+var_14]
push eax
push 28h
call ds:GetCurrentProcess ; GetCurrentProcess
push eax
call [esp+3Ch+lpsz]
test eax, eax
jz short loc_403DE3
lea eax, [esp+30h+var_C]
push eax
push offset aSeshutdownpriv ; "SeShutdownPrivilege"
push ebx
call ebp
push ebx
push ebx
push ebx
lea eax, [esp+3Ch+var_10]
push eax
push ebx
push [esp+44h+var_14]
mov [esp+48h+var_10], 1
mov [esp+48h+var_4], 2
call esi
loc_403DE3: ; CODE XREF: start+409�j start+435�j ...
push ebx ; dwReserved
push 2 ; uFlags
call ds:ExitWindowsEx ; ExitWindowsEx
test eax, eax
jnz short loc_403DF7
push 9
call sub_4014C9
loc_403DF7: ; CODE XREF: start+3F2�j start+48C�j
mov eax, dword_43422C
cmp eax, 0FFFFFFFFh
jz short loc_403E05
mov [esp+30h+uExitCode], eax
loc_403E05: ; CODE XREF: start+49D�j
push [esp+30h+uExitCode] ; uExitCode
loc_403E09: ; CODE XREF: start+2E5�j
call ds:ExitProcess ; ExitProcess
start endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_403E10(WPARAM wParam)
sub_403E10 proc near ; CODE XREF: sub_405176+234�p
; sub_405176+270�p ...
wParam = dword ptr 4
cmp [esp+wParam], 78h
jnz short loc_403E1D
inc dword_433954
loc_403E1D: ; CODE XREF: sub_403E10+5�j
push 0 ; lParam
push [esp+4+wParam] ; wParam
push 408h ; Msg
push dword_434180 ; hWnd
call ds:SendMessageA ; SendMessageA
retn 4
sub_403E10 endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_403E37(HWND hDlg, int, LPCSTR lpString2)
sub_403E37 proc near ; CODE XREF: sub_40412D+64�p
; sub_40412D+71�p ...
hDlg = dword ptr 4
arg_4 = dword ptr 8
lpString2 = dword ptr 0Ch
push [esp+lpString2] ; lpString2
push 0 ; lpString1
call sub_4066B7
push eax ; lpString
mov eax, [esp+4+arg_4]
add eax, 3E8h
push eax ; nIDDlgItem
push [esp+8+hDlg] ; hDlg
call SetDlgItemTextA ; SetDlgItemTextA
retn 0Ch
sub_403E37 endp
; =============== S U B R O U T I N E =======================================
sub_403E59 proc near ; CODE XREF: sub_40412D+18A�p
; sub_4044DD+305�p ...
cmp dword_43420C, 0
mov eax, dword_42DD08
jnz short loc_403E6C
mov eax, dword_42F518
loc_403E6C: ; CODE XREF: sub_403E59+C�j
push 1 ; lParam
push 1 ; wParam
push 0F4h ; Msg
push eax ; hWnd
call ds:SendMessageA ; SendMessageA
retn
sub_403E59 endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_403E7D(BOOL bEnable)
sub_403E7D proc near ; CODE XREF: sub_40412D+8F�p
; sub_40412D+185�p ...
bEnable = dword ptr 4
push [esp+bEnable] ; bEnable
push dword_42F518 ; hWnd
call ds:EnableWindow ; EnableWindow
retn 4
sub_403E7D endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_403E90(WPARAM wParam)
sub_403E90 proc near ; CODE XREF: sub_40412D+A5�p
; sub_4044DD+E4�p ...
wParam = dword ptr 4
push 1 ; lParam
push [esp+4+wParam] ; wParam
push 28h ; Msg
push dword_434180 ; hWnd
call ds:SendMessageA ; SendMessageA
retn 4
sub_403E90 endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_403EA7(UINT Msg)
sub_403EA7 proc near ; CODE XREF: sub_404921+20�p
; StartAddress+76�p ...
Msg = dword ptr 4
mov eax, dword_433948
test eax, eax
jz short locret_403EBF
push 0 ; lParam
push 0 ; wParam
push [esp+8+Msg] ; Msg
push eax ; hWnd
call ds:SendMessageA ; SendMessageA
locret_403EBF: ; CODE XREF: sub_403EA7+7�j
retn 4
sub_403EA7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_403EC2(HDC, HWND hWnd)
sub_403EC2 proc near ; CODE XREF: sub_40412D+299�p
; sub_4043D2+3D�p ...
var_C = LOGBRUSH ptr -0Ch
arg_0 = dword ptr 8
hWnd = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
add eax, 0FFFFFECDh
cmp eax, 5
push esi
ja loc_403F65
push 0FFFFFFEBh ; nIndex
push [ebp+hWnd] ; hWnd
call ds:GetWindowLongA ; GetWindowLongA
mov esi, eax
test esi, esi
jz short loc_403F65
test byte ptr [esi+14h], 2
mov eax, [esi]
push edi
mov edi, ds:GetSysColor
jz short loc_403EFA
push eax ; nIndex
call edi ; GetSysColor
loc_403EFA: ; CODE XREF: sub_403EC2+33�j
test byte ptr [esi+14h], 1
jz short loc_403F0A
push eax ; COLORREF
push [ebp+arg_0] ; HDC
call ds:SetTextColor ; SetTextColor
loc_403F0A: ; CODE XREF: sub_403EC2+3C�j
push dword ptr [esi+10h] ; int
push [ebp+arg_0] ; HDC
call ds:SetBkMode ; SetBkMode
test byte ptr [esi+14h], 8
mov eax, [esi+4]
mov [ebp+var_C.lbColor], eax
jz short loc_403F28
push eax ; nIndex
call edi ; GetSysColor
mov [ebp+var_C.lbColor], eax
loc_403F28: ; CODE XREF: sub_403EC2+5E�j
test byte ptr [esi+14h], 4
pop edi
jz short loc_403F39
push eax ; COLORREF
push [ebp+arg_0] ; HDC
call ds:SetBkColor ; SetBkColor
loc_403F39: ; CODE XREF: sub_403EC2+6B�j
test byte ptr [esi+14h], 10h
jz short loc_403F60
mov eax, [esi+8]
mov [ebp+var_C.lbStyle], eax
mov eax, [esi+0Ch]
test eax, eax
jz short loc_403F53
push eax ; HGDIOBJ
call ds:DeleteObject ; DeleteObject
loc_403F53: ; CODE XREF: sub_403EC2+88�j
lea eax, [ebp+var_C]
push eax ; LOGBRUSH *
call ds:CreateBrushIndirect ; CreateBrushIndirect
mov [esi+0Ch], eax
loc_403F60: ; CODE XREF: sub_403EC2+7B�j
mov eax, [esi+0Ch]
jmp short loc_403F67
; ---------------------------------------------------------------------------
loc_403F65: ; CODE XREF: sub_403EC2+F�j
; sub_403EC2+24�j
xor eax, eax
loc_403F67: ; CODE XREF: sub_403EC2+A1�j
pop esi
leave
retn 8
sub_403EC2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403F6C proc near ; CODE XREF: sub_40161F+1A87�p
; sub_4044DD+3E�p ...
String2 = byte ptr -400h
push ebp
mov ebp, esp
sub esp, 400h
push offset byte_43A400 ; lpString2
lea eax, [ebp+String2]
push eax ; lpString1
call ds:__imp_lstrcpyA
push offset aInstall_log ; "install.log"
lea eax, [ebp+String2]
push eax ; lpString2
push offset byte_433520 ; lpString1
call lstrcpyA ; lstrcpyA
push eax ; lpString1
call sub_4061CB
push eax ; lpString1
call ds:lstrcatA ; lstrcatA
leave
retn
sub_403F6C endp
; =============== S U B R O U T I N E =======================================
sub_403FAC proc near ; CODE XREF: sub_4059CE+1A�p
; sub_4059CE:loc_405B7C�p
cmp ds:byte_43B000, 0
push ebx
push ebp
push esi
push edi
mov edi, 0FFFFh
mov ebx, offset byte_43B000
jz short loc_403FCB
push ebx
call sub_405F99
jmp short loc_403FD1
; ---------------------------------------------------------------------------
loc_403FCB: ; CODE XREF: sub_403FAC+15�j
call ds:GetUserDefaultLangID ; GetUserDefaultLangID
loc_403FD1: ; CODE XREF: sub_403FAC+1D�j
xor ecx, ecx
loc_403FD3: ; CODE XREF: sub_403FAC+8F�j
; sub_403FAC+93�j
mov esi, dword_4341C4
test esi, esi
jz short loc_404026
mov ecx, dword_434188
mov ecx, [ecx+64h]
mov edx, ecx
imul ecx, esi
neg edx
add ecx, dword_4341C0
loc_403FF3: ; CODE XREF: sub_403FAC+5B�j
xor ebp, ebp
add ecx, edx
mov bp, [ecx]
xor bp, ax
dec esi
and ebp, edi
test bp, bp
jz short loc_40400B
test esi, esi
jnz short loc_403FF3
jmp short loc_404026
; ---------------------------------------------------------------------------
loc_40400B: ; CODE XREF: sub_403FAC+57�j
mov edx, [ecx+2]
mov dword_43395C, edx
mov edx, [ecx+6]
mov dword_434228, edx
lea edx, [ecx+0Ah]
mov dword_433968, edx
loc_404026: ; CODE XREF: sub_403FAC+2F�j
; sub_403FAC+5D�j
cmp dword_433968, 0
jnz short loc_404041
cmp di, 0FFFFh
jnz short loc_40403D
mov edi, 3FFh
jmp short loc_403FD3
; ---------------------------------------------------------------------------
loc_40403D: ; CODE XREF: sub_403FAC+88�j
xor edi, edi
jmp short loc_403FD3
; ---------------------------------------------------------------------------
loc_404041: ; CODE XREF: sub_403FAC+81�j
movzx eax, word ptr [ecx]
push eax ; int
push ebx ; LPSTR
call sub_405F80
push 0FFFFFFFEh ; lpString2
push offset Caption ; lpString1
call sub_4066B7
push eax ; lpString
push dword_42DD14 ; hWnd
call ds:SetWindowTextA ; SetWindowTextA
mov eax, dword_4341AC
test eax, eax
mov esi, dword_4341A8
jz short loc_40408E
mov edi, eax
loc_404075: ; CODE XREF: sub_403FAC+E0�j
mov eax, [esi]
test eax, eax
jz short loc_404085
push eax ; lpString2
lea eax, [esi+18h]
push eax ; lpString1
call sub_4066B7
loc_404085: ; CODE XREF: sub_403FAC+CD�j
add esi, 418h
dec edi
jnz short loc_404075
loc_40408E: ; CODE XREF: sub_403FAC+C5�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_403FAC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_404093(HWND hWnd, int, LPCITEMIDLIST pidl, LPARAM pszPath)
sub_404093 proc near ; DATA XREF: sub_4044DD+13E�o
hWnd = dword ptr 8
arg_4 = dword ptr 0Ch
pidl = dword ptr 10h
pszPath = dword ptr 14h
push ebp
mov ebp, esp
cmp [ebp+arg_4], 1
push esi
mov esi, ds:SendMessageA
jnz short loc_4040BF
push [ebp+pszPath] ; lpString
push 3FBh ; nIDDlgItem
call sub_405CD1
push [ebp+pszPath] ; lParam
push 1 ; wParam
push 466h ; Msg
push [ebp+hWnd] ; hWnd
call esi ; SendMessageA
loc_4040BF: ; CODE XREF: sub_404093+E�j
cmp [ebp+arg_4], 2
jnz short loc_4040F2
push [ebp+pszPath] ; pszPath
push [ebp+pidl] ; pidl
call ds:SHGetPathFromIDListA ; SHGetPathFromIDListA
test eax, eax
jz short loc_4040E3
push 7
call sub_4014C9
test eax, eax
jnz short loc_4040E3
inc eax
jmp short loc_4040E5
; ---------------------------------------------------------------------------
loc_4040E3: ; CODE XREF: sub_404093+40�j
; sub_404093+4B�j
xor eax, eax
loc_4040E5: ; CODE XREF: sub_404093+4E�j
push eax ; lParam
push 0 ; wParam
push 465h ; Msg
push [ebp+hWnd] ; hWnd
call esi ; SendMessageA
loc_4040F2: ; CODE XREF: sub_404093+30�j
xor eax, eax
pop esi
pop ebp
retn 10h
sub_404093 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_4040F9(int, LPSTR lpString, int iMaxLength, int)
sub_4040F9 proc near ; DATA XREF: sub_40412D+5A�o
arg_0 = dword ptr 8
lpString = dword ptr 0Ch
iMaxLength = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push [ebp+iMaxLength] ; iMaxLength
mov eax, [ebp+arg_0]
mov ecx, dword_42D8F8
add ecx, eax
push ecx ; lpString2
push [ebp+lpString] ; lpString1
call ds:lstrcpynA ; lstrcpynA
push [ebp+lpString] ; lpString
call lstrlenA ; lstrlenA
mov ecx, [ebp+arg_C]
add dword_42D8F8, eax
mov [ecx], eax
xor eax, eax
pop ebp
retn 10h
sub_4040F9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_40412D(HWND hDlg, int, HDC, WPARAM hWnd)
sub_40412D proc near ; DATA XREF: .data:lpDialogFunc�o
lParam = dword ptr -0Ch
var_8 = dword ptr -8
lpFile = dword ptr -4
hDlg = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
hWnd = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 0Ch
cmp [ebp+arg_4], 110h
push ebx
push esi
push edi
jnz loc_40424D
mov ebx, [ebp+hWnd]
mov edi, [ebx+30h]
test edi, edi
jge short loc_40415E
mov ecx, dword_433968
lea eax, ds:4[edi*4]
sub ecx, eax
mov edi, [ecx]
loc_40415E: ; CODE XREF: sub_40412D+1E�j
mov eax, dword_4341B8
push dword ptr [ebx+34h] ; lpString2
add edi, eax
movsx eax, byte ptr [edi]
and [ebp+var_8], 0
mov [ebp+hWnd], eax
mov eax, [ebx+14h]
mov esi, eax
shr esi, 5
not esi
push 22h ; int
push [ebp+hDlg] ; hDlg
or esi, eax
inc edi
mov [ebp+lParam], edi
mov [ebp+lpFile], offset sub_4040F9
and esi, 1
call sub_403E37
push dword ptr [ebx+38h] ; lpString2
push 23h ; int
push [ebp+hDlg] ; hDlg
call sub_403E37
xor eax, eax
test esi, esi
setz al
push 1 ; uCheck
add eax, 40Ah
push eax ; nIDButton
push [ebp+hDlg] ; hDlg
call ds:CheckDlgButton ; CheckDlgButton
push esi ; bEnable
call sub_403E7D
push 3E8h ; nIDDlgItem
push [ebp+hDlg] ; hDlg
call ds:GetDlgItem ; GetDlgItem
mov ebx, eax
push ebx ; wParam
call sub_403E90
mov esi, ds:SendMessageA
push 0 ; lParam
push 1 ; wParam
push 45Bh ; Msg
push ebx ; hWnd
call esi ; SendMessageA
mov eax, dword_434188
mov eax, [eax+68h]
test eax, eax
jge short loc_4041FE
neg eax
push eax ; nIndex
call ds:GetSysColor ; GetSysColor
loc_4041FE: ; CODE XREF: sub_40412D+C6�j
push eax ; lParam
push 0 ; wParam
push 443h ; Msg
push ebx ; hWnd
call esi ; SendMessageA
push 4010000h ; lParam
push 0 ; wParam
push 445h ; Msg
push ebx ; hWnd
call esi ; SendMessageA
and dword_42D8F8, 0
push edi ; lpString
call lstrlenA ; lstrlenA
push eax ; lParam
push 0 ; wParam
push 435h ; Msg
push ebx ; hWnd
call esi ; SendMessageA
lea eax, [ebp+lParam]
push eax ; lParam
push [ebp+hWnd] ; wParam
push 449h ; Msg
push ebx ; hWnd
call esi ; SendMessageA
and dword_42F524, 0
xor eax, eax
jmp loc_4043CB
; ---------------------------------------------------------------------------
loc_40424D: ; CODE XREF: sub_40412D+10�j
cmp [ebp+arg_4], 111h
mov edi, ds:GetDlgItem
mov ebx, ds:SendMessageA
jnz short loc_4042BC
mov eax, [ebp+arg_8]
shr eax, 10h
test ax, ax
jnz loc_4043BC
xor eax, eax
cmp dword_42F524, eax
jnz loc_4043BC
mov esi, dword_42F51C
add esi, 14h
test byte ptr [esi], 20h
jz loc_4043BC
push eax ; lParam
push eax ; wParam
push 0F0h ; Msg
push 40Ah ; nIDDlgItem
push [ebp+hDlg] ; hDlg
call edi ; GetDlgItem
push eax ; hWnd
call ebx ; SendMessageA
mov ecx, [esi]
and eax, 1
and ecx, 0FFFFFFFEh
or ecx, eax
push eax ; bEnable
mov [esi], ecx
call sub_403E7D
call sub_403E59
loc_4042BC: ; CODE XREF: sub_40412D+133�j
cmp [ebp+arg_4], 4Eh
jnz loc_4043AD
push 3E8h ; nIDDlgItem
push [ebp+hDlg] ; hDlg
call edi ; GetDlgItem
mov ecx, [ebp+hWnd]
cmp dword ptr [ecx+8], 70Bh
jnz loc_404368
cmp dword ptr [ecx+0Ch], 201h
mov esi, ds:SetCursor
mov edi, ds:LoadCursorA
jnz short loc_404353
mov edx, [ecx+18h]
mov [ebp+lParam], edx
mov edx, [ecx+1Ch]
mov [ebp+var_8], edx
sub edx, [ebp+lParam]
mov [ebp+lpFile], offset byte_432D20
cmp edx, 800h
jnb short loc_404353
lea ecx, [ebp+lParam]
push ecx ; lParam
push 0 ; wParam
push 44Bh ; Msg
push eax ; hWnd
call ebx ; SendMessageA
push 7F02h ; lpCursorName
push 0 ; hInstance
call edi ; LoadCursorA
push eax ; hCursor
call esi ; SetCursor
push 1 ; nShowCmd
push 0 ; lpDirectory
push 0 ; lpParameters
push [ebp+lpFile] ; lpFile
push offset Operation ; "open"
push [ebp+hDlg] ; hwnd
call ds:ShellExecuteA ; ShellExecuteA
push 7F00h ; lpCursorName
push 0 ; hInstance
call edi ; LoadCursorA
push eax ; hCursor
call esi ; SetCursor
mov ecx, [ebp+hWnd]
loc_404353: ; CODE XREF: sub_40412D+1C6�j
; sub_40412D+1E4�j
cmp dword ptr [ecx+0Ch], 20h
jnz short loc_404368
push 7F89h ; lpCursorName
push 0 ; hInstance
call edi ; LoadCursorA
push eax ; hCursor
call esi ; SetCursor
mov ecx, [ebp+hWnd]
loc_404368: ; CODE XREF: sub_40412D+1AD�j
; sub_40412D+22A�j
cmp dword ptr [ecx+8], 700h
jnz short loc_4043BF
cmp dword ptr [ecx+0Ch], 100h
jnz short loc_4043BF
cmp dword ptr [ecx+10h], 0Dh
jnz short loc_404394
push 0 ; lParam
push 1 ; wParam
push 111h ; Msg
push dword_434180 ; hWnd
call ebx ; SendMessageA
mov ecx, [ebp+hWnd]
loc_404394: ; CODE XREF: sub_40412D+251�j
cmp dword ptr [ecx+10h], 1Bh
jnz short loc_4043A8
push 0 ; lParam
push 0 ; wParam
push 10h ; Msg
push dword_434180 ; hWnd
call ebx ; SendMessageA
loc_4043A8: ; CODE XREF: sub_40412D+26B�j
xor eax, eax
inc eax
jmp short loc_4043CB
; ---------------------------------------------------------------------------
loc_4043AD: ; CODE XREF: sub_40412D+193�j
cmp [ebp+arg_4], 40Bh
jnz short loc_4043BC
inc dword_42F524
loc_4043BC: ; CODE XREF: sub_40412D+13E�j
; sub_40412D+14C�j ...
mov ecx, [ebp+hWnd]
loc_4043BF: ; CODE XREF: sub_40412D+242�j
; sub_40412D+24B�j
mov eax, [ebp+arg_4]
push ecx ; hWnd
push [ebp+arg_8] ; HDC
call sub_403EC2
loc_4043CB: ; CODE XREF: sub_40412D+11B�j
; sub_40412D+27E�j
pop edi
pop esi
pop ebx
leave
retn 10h
sub_40412D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_4043D2(HWND hDlg, int, HDC, HWND hWnd)
sub_4043D2 proc near ; DATA XREF: .data:0040D034�o
hDlg = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
hWnd = dword ptr 14h
push ebp
mov ebp, esp
cmp [ebp+arg_4], 110h
push esi
mov esi, [ebp+hWnd]
jnz short loc_404408
push dword ptr [esi+30h] ; lpString2
push 1Dh ; int
push [ebp+hDlg] ; hDlg
call sub_403E37
mov eax, [esi+3Ch]
shl eax, 0Ah
add eax, offset dword_435000
push eax ; lpString
push 3E8h ; nIDDlgItem
push [ebp+hDlg] ; hDlg
call SetDlgItemTextA ; SetDlgItemTextA
loc_404408: ; CODE XREF: sub_4043D2+E�j
mov eax, [ebp+arg_4]
push esi ; hWnd
push [ebp+arg_8] ; HDC
call sub_403EC2
pop esi
pop ebp
retn 10h
sub_4043D2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_404419(int nIDDlgItem, LPCSTR lpString2)
sub_404419 proc near ; CODE XREF: sub_4044DD+2A5�p
; sub_4044DD+2B4�p ...
var_40 = byte ptr -40h
String1 = byte ptr -20h
nIDDlgItem = dword ptr 8
lpString2 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 40h
push ebx
push esi
push edi
push 14h
pop edi
mov esi, eax
cmp esi, 400h
push 0FFFFFFDCh
pop ebx
jnb short loc_404438
xor edi, edi
push 0FFFFFFDEh
jmp short loc_404445
; ---------------------------------------------------------------------------
loc_404438: ; CODE XREF: sub_404419+17�j
cmp esi, 100000h
jnb short loc_404446
push 0Ah
pop edi
push 0FFFFFFDDh
loc_404445: ; CODE XREF: sub_404419+1D�j
pop ebx
loc_404446: ; CODE XREF: sub_404419+25�j
push 0FFFFFFDFh ; lpString2
lea eax, [ebp+String1]
push eax ; lpString1
call sub_4066B7
push eax
push ebx ; lpString2
lea eax, [ebp+var_40]
push eax ; lpString1
call sub_4066B7
push eax
lea eax, [esi+esi*4]
push 0Ah
shl eax, 1
mov ecx, edi
shr eax, cl
pop ecx
xor edx, edx
div ecx
mov ecx, edi
shr esi, cl
push edx
push esi
push offset aU_USS ; "%u.%u%s%s"
push [ebp+lpString2] ; lpString2
mov esi, offset String
push esi ; lpString1
call sub_4066B7
push esi ; lpString
mov edi, eax
call lstrlenA ; lstrlenA
add edi, eax
push edi ; LPSTR
call ds:wsprintfA ; wsprintfA
add esp, 18h
push esi ; lpString
push [ebp+nIDDlgItem] ; nIDDlgItem
push dword_433948 ; hDlg
call SetDlgItemTextA ; SetDlgItemTextA
pop edi
pop esi
pop ebx
leave
retn 8
sub_404419 endp
; =============== S U B R O U T I N E =======================================
sub_4044B0 proc near ; CODE XREF: sub_4044DD+281�p
; sub_404A08+5A7�p ...
arg_0 = dword ptr 4
mov edx, dword_4341AC
mov ecx, dword_4341A8
xor eax, eax
test edx, edx
jz short locret_4044DA
push esi
loc_4044C3: ; CODE XREF: sub_4044B0+27�j
test byte ptr [ecx+8], 1
jz short loc_4044D0
mov esi, [esp+4+arg_0]
add eax, [ecx+esi*4]
loc_4044D0: ; CODE XREF: sub_4044B0+17�j
add ecx, 418h
dec edx
jnz short loc_4044C3
pop esi
locret_4044DA: ; CODE XREF: sub_4044B0+10�j
retn 4
sub_4044B0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_4044DD(HWND hDlg, int, HDC, int)
sub_4044DD proc near ; DATA XREF: .data:0040D02C�o
bi = _browseinfoA ptr -48h
var_28 = dword ptr -28h
TotalNumberOfClusters= dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
BytesPerSector = dword ptr -18h
var_14 = byte ptr -14h
SectorsPerCluster= dword ptr -10h
nNumerator = dword ptr -0Ch
hWnd = dword ptr -8
lpString2 = dword ptr -4
hDlg = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 48h
mov eax, dword_42F51C
push ebx
push esi
mov esi, [eax+3Ch]
shl esi, 0Ah
mov [ebp+var_20], eax
mov eax, [eax+38h]
add esi, offset dword_435000
cmp [ebp+arg_4], 40Bh
push edi
mov [ebp+lpString2], eax
mov ebx, 3FBh
jnz short loc_404533
push esi ; lpString
push ebx ; nIDDlgItem
call sub_405CD1
push esi ; lpszCurrent
call sub_40602E
call sub_403F6C
push 3F0h ; nIDButton
push [ebp+hDlg] ; hDlg
call ds:IsDlgButtonChecked ; IsDlgButtonChecked
mov dword_431D04, eax
loc_404533: ; CODE XREF: sub_4044DD+2F�j
cmp [ebp+arg_4], 110h
jnz loc_4045C6
push 10h ; vKey
call ds:GetAsyncKeyState ; GetAsyncKeyState
test ah, ah
mov edi, ds:GetDlgItem
jns short loc_404576
push 3F0h ; nIDDlgItem
push [ebp+hDlg] ; hDlg
call edi ; GetDlgItem
push 0FFFFFFE0h ; lpString2
push 8 ; int
push [ebp+hDlg] ; hDlg
mov [ebp+hWnd], eax
call sub_403E37
push 8 ; nCmdShow
push [ebp+hWnd] ; hWnd
call ds:ShowWindow ; ShowWindow
loc_404576: ; CODE XREF: sub_4044DD+73�j
push esi
call sub_405D5A
test eax, eax
jz short loc_404590
push esi ; lpsz
call sub_405D81
test eax, eax
jnz short loc_404590
push esi ; lpString1
call sub_4061CB
loc_404590: ; CODE XREF: sub_4044DD+A1�j
; sub_4044DD+AB�j
push esi ; lpString
push ebx ; nIDDlgItem
push [ebp+hDlg] ; hDlg
call SetDlgItemTextA ; SetDlgItemTextA
mov eax, [ebp+arg_C]
push dword ptr [eax+34h] ; lpString2
push 1 ; int
push [ebp+hDlg] ; hDlg
call sub_403E37
mov eax, [ebp+arg_C]
push dword ptr [eax+30h] ; lpString2
push 14h ; int
push [ebp+hDlg] ; hDlg
call sub_403E37
push ebx ; nIDDlgItem
push [ebp+hDlg] ; hDlg
call edi ; GetDlgItem
push eax ; wParam
call sub_403E90
loc_4045C6: ; CODE XREF: sub_4044DD+5D�j
cmp [ebp+arg_4], 111h
jnz loc_40468E
movzx eax, word ptr [ebp+arg_8]
cmp eax, ebx
jnz short loc_4045F3
mov ecx, [ebp+arg_8]
shr ecx, 10h
cmp cx, 300h
jnz loc_4047ED
mov [ebp+arg_4], 40Fh
loc_4045F3: ; CODE XREF: sub_4044DD+FC�j
cmp eax, 3E9h
jnz loc_40468E
push 7
pop ecx
push [ebp+lpString2] ; lpString2
xor eax, eax
lea edi, [ebp+bi.pidlRoot]
rep stosd
mov eax, [ebp+hDlg]
mov edi, offset String
push 0 ; lpString1
mov [ebp+bi.hwndOwner], eax
mov [ebp+bi.pszDisplayName], edi
mov [ebp+bi.lpfn], offset sub_404093
mov [ebp+bi.lParam], esi
call sub_4066B7
mov [ebp+bi.lpszTitle], eax
lea eax, [ebp+bi]
push eax ; lpbi
mov [ebp+bi.ulFlags], 41h
call ds:SHBrowseForFolderA ; SHBrowseForFolderA
test eax, eax
jz short loc_40468E
push eax
call sub_405C4A
mov eax, dword_434188
mov eax, [eax+11Ch]
test eax, eax
jz short loc_40467E
push eax ; lpString2
push 0 ; lpString1
call sub_4066B7
push edi ; lpString2
mov edi, offset byte_432D20
push edi ; lpString1
call ds:lstrcmpiA ; lstrcmpiA
test eax, eax
jz short loc_40467E
push edi ; lpString2
push esi ; lpString1
call sub_4061CB
push eax ; lpString1
call ds:lstrcatA ; lstrcatA
loc_40467E: ; CODE XREF: sub_4044DD+178�j
; sub_4044DD+191�j
inc dword_42D904
push esi ; lpString
push ebx ; nIDDlgItem
push [ebp+hDlg] ; hDlg
call SetDlgItemTextA ; SetDlgItemTextA
loc_40468E: ; CODE XREF: sub_4044DD+F0�j
; sub_4044DD+11B�j ...
cmp [ebp+arg_4], 40Fh
jz short loc_4046A4
cmp [ebp+arg_4], 405h
jnz loc_4047ED
loc_4046A4: ; CODE XREF: sub_4044DD+1B8�j
and [ebp+lpString2], 0
and [ebp+hWnd], 0
push esi ; lpString
push ebx ; nIDDlgItem
or edi, 0FFFFFFFFh
call sub_405CD1
push esi ; lpString2
call sub_406252
test eax, eax
jnz short loc_4046C7
mov [ebp+lpString2], 1
loc_4046C7: ; CODE XREF: sub_4044DD+1E1�j
push esi ; lpString2
mov esi, offset RootPathName
push esi ; lpString1
call lstrcpyA ; lstrcpyA
push esi ; lpsz
call sub_405D81
test eax, eax
jz short loc_4046E0
mov byte ptr [eax], 0
loc_4046E0: ; CODE XREF: sub_4044DD+1FE�j
push offset aKernel32_dll ; "KERNEL32.dll"
call ds:GetModuleHandleA ; GetModuleHandleA
test eax, eax
mov ebx, 400h
jz short loc_404726
push offset aGetdiskfreespa ; "GetDiskFreeSpaceExA"
push eax ; hModule
call ds:GetProcAddress ; GetProcAddress
test eax, eax
jz short loc_404726
lea ecx, [ebp+var_1C]
push ecx
lea ecx, [ebp+var_14]
push ecx
lea ecx, [ebp+var_28]
push ecx
push esi
call eax
test eax, eax
jz short loc_404726
mov edi, [ebp+var_28]
mov eax, [ebp+TotalNumberOfClusters]
shrd edi, eax, 0Ah
shr eax, 0Ah
jmp short loc_404755
; ---------------------------------------------------------------------------
loc_404726: ; CODE XREF: sub_4044DD+215�j
; sub_4044DD+225�j ...
lea eax, [ebp+TotalNumberOfClusters]
push eax ; lpTotalNumberOfClusters
lea eax, [ebp+nNumerator]
push eax ; lpNumberOfFreeClusters
lea eax, [ebp+BytesPerSector]
push eax ; lpBytesPerSector
lea eax, [ebp+SectorsPerCluster]
push eax ; lpSectorsPerCluster
push esi ; lpRootPathName
call ds:GetDiskFreeSpaceA ; GetDiskFreeSpaceA
test eax, eax
jz short loc_40475C
mov eax, [ebp+SectorsPerCluster]
imul eax, [ebp+BytesPerSector]
push ebx ; nDenominator
push [ebp+nNumerator] ; nNumerator
push eax ; nNumber
call ds:MulDiv ; MulDiv
mov edi, eax
loc_404755: ; CODE XREF: sub_4044DD+247�j
mov [ebp+hWnd], 1
loc_40475C: ; CODE XREF: sub_4044DD+262�j
push 5
call sub_4044B0
cmp edi, eax
jnb short loc_40476E
mov [ebp+lpString2], 2
loc_40476E: ; CODE XREF: sub_4044DD+288�j
mov ecx, dword_433968
xor esi, esi
cmp [ecx+10h], esi
jz short loc_4047A6
push 0FFFFFFFBh ; lpString2
push 3FFh ; nIDDlgItem
call sub_404419
cmp [ebp+hWnd], esi
jz short loc_404798
push 0FFFFFFFCh ; lpString2
push ebx ; nIDDlgItem
mov eax, edi
call sub_404419
jmp short loc_4047A6
; ---------------------------------------------------------------------------
loc_404798: ; CODE XREF: sub_4044DD+2AD�j
push offset word_409BDA ; lpString
push ebx ; nIDDlgItem
push [ebp+hDlg] ; hDlg
call SetDlgItemTextA ; SetDlgItemTextA
loc_4047A6: ; CODE XREF: sub_4044DD+29C�j
; sub_4044DD+2B9�j
mov eax, [ebp+lpString2]
cmp eax, esi
mov dword_434224, eax
jnz short loc_4047BC
push 7
call sub_4014C9
mov [ebp+lpString2], eax
loc_4047BC: ; CODE XREF: sub_4044DD+2D3�j
mov eax, [ebp+var_20]
test [eax+14h], ebx
jz short loc_4047C7
mov [ebp+lpString2], esi
loc_4047C7: ; CODE XREF: sub_4044DD+2E5�j
xor eax, eax
cmp [ebp+lpString2], esi
setz al
push eax ; bEnable
call sub_403E7D
cmp [ebp+lpString2], esi
jnz short loc_4047E7
cmp dword_42D904, esi
jnz short loc_4047E7
call sub_403E59
loc_4047E7: ; CODE XREF: sub_4044DD+2FB�j
; sub_4044DD+303�j
mov dword_42D904, esi
loc_4047ED: ; CODE XREF: sub_4044DD+109�j
; sub_4044DD+1C1�j
push [ebp+arg_C] ; hWnd
mov eax, [ebp+arg_4]
push [ebp+arg_8] ; HDC
call sub_403EC2
pop edi
pop esi
pop ebx
leave
retn 10h
sub_4044DD endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 2Ch
mov eax, dword_4341A8
xor ecx, ecx
cmp dword_4341AC, ecx
mov dword ptr [ebp-20h], 0F030h
mov [ebp-4], ecx
jle locret_4048D1
push ebx
push esi
mov esi, ds:SendMessageA
push edi
lea edi, [eax+8]
loc_404831: ; CODE XREF: .text:004048C8�j
mov eax, [ebp+0Ch]
mov eax, [eax+ecx*4]
test eax, eax
jz short loc_4048B5
mov edx, [edi]
push 8
mov [ebp-28h], eax
pop eax
mov ecx, edx
and ecx, eax
mov ebx, edx
and ebx, 20h
shl ecx, 1
or ecx, ebx
test dh, 1
mov [ebp-2Ch], eax
mov [ebp-24h], ecx
jz short loc_40486F
lea eax, [edi+10h]
mov dword ptr [ebp-2Ch], 9
mov [ebp-1Ch], eax
and byte ptr [edi+1], 0FEh
mov ecx, [ebp-24h]
loc_40486F: ; CODE XREF: .text:00404859�j
test dl, 40h
jz short loc_404879
push 3
pop eax
jmp short loc_404887
; ---------------------------------------------------------------------------
loc_404879: ; CODE XREF: .text:00404872�j
mov eax, edx
and eax, 1
inc eax
test dl, 10h
jz short loc_404887
add eax, 3
loc_404887: ; CODE XREF: .text:00404877�j
; .text:00404882�j
push dword ptr [ebp-28h]
shl eax, 0Ch
or ecx, eax
xor eax, eax
test ebx, ebx
setnz al
mov [ebp-24h], ecx
inc eax
push eax
push 1102h
push dword ptr [ebp+8]
call esi ; SendMessageA
lea eax, [ebp-2Ch]
push eax
push 0
push 110Dh
push dword ptr [ebp+8]
call esi ; SendMessageA
loc_4048B5: ; CODE XREF: .text:00404839�j
mov ecx, [ebp-4]
inc ecx
add edi, 418h
cmp ecx, dword_4341AC
mov [ebp-4], ecx
jl loc_404831
pop edi
pop esi
pop ebx
locret_4048D1: ; CODE XREF: .text:0040481F�j
leave
retn 8
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_4048D5(HWND hWnd)
sub_4048D5 proc near ; CODE XREF: sub_404921+59�p
; sub_404A08+2D3�p
Point = tagPOINT ptr -10h
var_8 = byte ptr -8
var_4 = dword ptr -4
hWnd = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
call ds:GetMessagePos ; GetMessagePos
movsx ecx, ax
shr eax, 10h
movsx eax, ax
mov [ebp+Point.y], eax
lea eax, [ebp+Point]
push eax ; lpPoint
push [ebp+hWnd] ; hWnd
mov [ebp+Point.x], ecx
call ds:ScreenToClient ; ScreenToClient
lea eax, [ebp+Point]
push eax ; lParam
push 0 ; wParam
push 1111h ; Msg
push [ebp+hWnd] ; hWnd
call ds:SendMessageA ; SendMessageA
mov al, [ebp+var_8]
and al, 66h
neg al
sbb eax, eax
and eax, [ebp+var_4]
leave
retn 4
sub_4048D5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_404921(HWND hWnd, UINT Msg, WPARAM wParam, int)
sub_404921 proc near ; DATA XREF: sub_404A08+89�o
lParam = dword ptr -28h
var_24 = dword ptr -24h
var_4 = dword ptr -4
hWnd = dword ptr 8
Msg = dword ptr 0Ch
wParam = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 28h
cmp [ebp+Msg], 102h
push esi
push edi
jnz short loc_40494D
cmp [ebp+wParam], 20h
jnz loc_4049E9
push 413h ; Msg
call sub_403EA7
xor eax, eax
jmp loc_404A02
; ---------------------------------------------------------------------------
loc_40494D: ; CODE XREF: sub_404921+F�j
or edi, 0FFFFFFFFh
cmp [ebp+Msg], 2
jnz short loc_40495C
mov dword_40D038, edi
loc_40495C: ; CODE XREF: sub_404921+33�j
cmp [ebp+Msg], 200h
mov esi, 419h
jnz short loc_4049A9
push [ebp+hWnd] ; hWnd
call ds:IsWindowVisible ; IsWindowVisible
test eax, eax
jz short loc_4049E9
push [ebp+hWnd] ; hWnd
call sub_4048D5
test eax, eax
mov [ebp+var_24], eax
jz short loc_4049A4
lea eax, [ebp+lParam]
push eax ; lParam
push 0 ; wParam
push 110Ch ; Msg
push [ebp+hWnd] ; hWnd
mov [ebp+lParam], 4
call ds:SendMessageA ; SendMessageA
mov edi, [ebp+var_4]
loc_4049A4: ; CODE XREF: sub_404921+63�j
mov [ebp+Msg], esi
jmp short loc_4049AC
; ---------------------------------------------------------------------------
loc_4049A9: ; CODE XREF: sub_404921+47�j
mov edi, [ebp+arg_C]
loc_4049AC: ; CODE XREF: sub_404921+86�j
cmp [ebp+Msg], esi
jnz short loc_4049EC
cmp dword_40D038, edi
jz short loc_4049EC
push ebx
mov esi, offset dword_435000
push esi ; lpString2
mov ebx, offset String
push ebx ; lpString1
mov dword_40D038, edi
call lstrcpyA ; lstrcpyA
push edi ; int
push esi ; LPSTR
call sub_405F80
push 6
call sub_4014C9
push ebx ; lpString2
push esi ; lpString1
call lstrcpyA ; lstrcpyA
pop ebx
jmp short loc_4049EC
; ---------------------------------------------------------------------------
loc_4049E9: ; CODE XREF: sub_404921+15�j
; sub_404921+54�j
mov edi, [ebp+arg_C]
loc_4049EC: ; CODE XREF: sub_404921+8E�j
; sub_404921+96�j ...
push edi ; lParam
push [ebp+wParam] ; wParam
push [ebp+Msg] ; Msg
push [ebp+hWnd] ; hWnd
push lpPrevWndFunc ; lpPrevWndFunc
call ds:CallWindowProcA ; CallWindowProcA
loc_404A02: ; CODE XREF: sub_404921+27�j
pop edi
pop esi
leave
retn 10h
sub_404921 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_404A08(HWND hDlg, int, HDC, int)
sub_404A08 proc near ; DATA XREF: .data:0040D028�o
lParam = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
hbmImage = dword ptr -10h
var_C = dword ptr -0Ch
wParam = dword ptr -8
hWnd = dword ptr -4
hDlg = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 54h
push ebx
push esi
mov esi, ds:GetDlgItem
push edi
push 3F9h ; nIDDlgItem
push [ebp+hDlg] ; hDlg
call esi ; GetDlgItem
push 408h ; nIDDlgItem
push [ebp+hDlg] ; hDlg
mov [ebp+wParam], eax
call esi ; GetDlgItem
mov esi, ds:SendMessageA
mov [ebp+hWnd], eax
mov eax, dword_4341A8
mov [ebp+var_18], eax
mov eax, dword_434188
add eax, 94h
xor ebx, ebx
cmp [ebp+arg_4], 110h
push 10h
mov [ebp+var_1C], eax
pop edi
jnz loc_404C78
mov eax, [ebp+hDlg]
mov dword_4341EC, eax
mov eax, dword_4341AC
shl eax, 2
push eax ; dwBytes
mov [ebp+var_20], ebx
mov [ebp+var_14], 2
call sub_405D2F
push 6Eh ; lpBitmapName
push hModule ; hInstance
mov hMem, eax
call ds:LoadBitmapA ; LoadBitmapA
push offset sub_404921 ; dwNewLong
push 0FFFFFFFCh ; nIndex
push [ebp+hWnd] ; hWnd
mov [ebp+hbmImage], eax
call ds:SetWindowLongA ; SetWindowLongA
push ebx ; cGrow
push 6 ; cInitial
push 21h ; flags
push edi ; cy
push edi ; cx
mov lpPrevWndFunc, eax
call ds:ImageList_Create ; ImageList_Create
push 0FF00FFh ; crMask
push [ebp+hbmImage] ; hbmImage
mov lParam, eax
push eax ; himl
call ds:ImageList_AddMasked ; ImageList_AddMasked
push lParam ; lParam
push 2 ; wParam
push 1109h ; Msg
push [ebp+hWnd] ; hWnd
call esi ; SendMessageA
push ebx ; lParam
push ebx ; wParam
push 111Ch ; Msg
push [ebp+hWnd] ; hWnd
call esi ; SendMessageA
cmp eax, edi
jge short loc_404AF8
push ebx ; lParam
push edi ; wParam
push 111Bh ; Msg
push [ebp+hWnd] ; hWnd
call esi ; SendMessageA
loc_404AF8: ; CODE XREF: sub_404A08+E2�j
push [ebp+hbmImage] ; HGDIOBJ
call ds:DeleteObject ; DeleteObject
xor edi, edi
loc_404B03: ; CODE XREF: sub_404A08+130�j
mov eax, [ebp+var_1C]
mov eax, [eax+edi*4]
cmp eax, ebx
jz short loc_404B34
cmp edi, 20h
jz short loc_404B15
mov [ebp+var_14], ebx
loc_404B15: ; CODE XREF: sub_404A08+108�j
push eax ; lpString2
push ebx ; lpString1
call sub_4066B7
push eax ; lParam
push ebx ; wParam
push 143h ; Msg
push [ebp+wParam] ; hWnd
call esi ; SendMessageA
push edi ; lParam
push eax ; wParam
push 151h ; Msg
push [ebp+wParam] ; hWnd
call esi ; SendMessageA
loc_404B34: ; CODE XREF: sub_404A08+103�j
inc edi
cmp edi, 21h
jl short loc_404B03
mov eax, [ebp+var_14]
mov edi, [ebp+arg_C]
push dword ptr [edi+eax*4+30h] ; lpString2
push 15h ; int
push [ebp+hDlg] ; hDlg
call sub_403E37
mov eax, [ebp+var_14]
push dword ptr [edi+eax*4+34h] ; lpString2
push 16h ; int
push [ebp+hDlg] ; hDlg
call sub_403E37
xor edi, edi
cmp dword_4341AC, ebx
mov [ebp+var_C], ebx
jle loc_404C2C
mov eax, [ebp+var_18]
add eax, 8
mov [ebp+hbmImage], eax
mov ebx, 1100h
loc_404B7E: ; CODE XREF: sub_404A08+217�j
mov edx, [ebp+hbmImage]
lea eax, [edx+10h]
cmp byte ptr [eax], 0
jz loc_404C11
mov ecx, [ebp+var_C]
mov [ebp+var_3C], eax
mov eax, [edx]
push 20h
mov [ebp+lParam], ecx
pop ecx
mov edx, eax
and edx, ecx
test al, 2
mov [ebp+var_50], 0FFFF0002h
mov [ebp+var_4C], 0Dh
mov [ebp+var_40], ecx
mov [ebp+var_28], edi
mov [ebp+var_44], edx
jz short loc_404BE0
lea eax, [ebp+lParam]
push eax ; lParam
push 0 ; wParam
push ebx ; Msg
push [ebp+hWnd] ; hWnd
mov [ebp+var_4C], 4Dh
mov [ebp+var_2C], 1
call esi ; SendMessageA
mov [ebp+var_C], eax
mov [ebp+var_20], 1
jmp short loc_404C08
; ---------------------------------------------------------------------------
loc_404BE0: ; CODE XREF: sub_404A08+1B0�j
mov eax, [ebp+hbmImage]
test byte ptr [eax], 4
jz short loc_404BFC
push [ebp+var_C] ; lParam
push 3 ; wParam
push 110Ah ; Msg
push [ebp+hWnd] ; hWnd
call esi ; SendMessageA
mov [ebp+var_C], eax
jmp short loc_404C11
; ---------------------------------------------------------------------------
loc_404BFC: ; CODE XREF: sub_404A08+1DE�j
lea eax, [ebp+lParam]
push eax ; lParam
push 0 ; wParam
push ebx ; Msg
push [ebp+hWnd] ; hWnd
call esi ; SendMessageA
loc_404C08: ; CODE XREF: sub_404A08+1D6�j
mov ecx, hMem
mov [ecx+edi*4], eax
loc_404C11: ; CODE XREF: sub_404A08+17F�j
; sub_404A08+1F2�j
add [ebp+hbmImage], 418h
inc edi
cmp edi, dword_4341AC
jl loc_404B7E
xor ebx, ebx
cmp [ebp+var_20], ebx
jnz short loc_404C46
loc_404C2C: ; CODE XREF: sub_404A08+162�j
push 0FFFFFFF0h ; nIndex
push [ebp+hWnd] ; hWnd
call ds:GetWindowLongA ; GetWindowLongA
and eax, 0FFFFFFFBh
push eax ; dwNewLong
push 0FFFFFFF0h ; nIndex
push [ebp+hWnd] ; hWnd
call ds:SetWindowLongA ; SetWindowLongA
loc_404C46: ; CODE XREF: sub_404A08+222�j
push ebx ; lParam
push 6 ; wParam
push 115h ; Msg
push [ebp+hWnd] ; hWnd
call esi ; SendMessageA
cmp [ebp+var_14], ebx
jnz short loc_404C70
push 5 ; nCmdShow
push [ebp+wParam] ; hWnd
call ds:ShowWindow ; ShowWindow
push [ebp+wParam] ; wParam
call sub_403E90
jmp loc_404FFE
; ---------------------------------------------------------------------------
loc_404C70: ; CODE XREF: sub_404A08+24E�j
push [ebp+hWnd] ; wParam
call sub_403E90
loc_404C78: ; CODE XREF: sub_404A08+50�j
cmp [ebp+arg_4], 405h
jnz short loc_404C93
xor edi, edi
inc edi
mov [ebp+arg_8], ebx
mov [ebp+arg_C], edi
mov [ebp+arg_4], 40Fh
jmp short loc_404C96
; ---------------------------------------------------------------------------
loc_404C93: ; CODE XREF: sub_404A08+277�j
mov edi, [ebp+arg_C]
loc_404C96: ; CODE XREF: sub_404A08+289�j
cmp [ebp+arg_4], 4Eh
mov eax, 413h
jz short loc_404CAA
cmp [ebp+arg_4], eax
jnz loc_404DA8
loc_404CAA: ; CODE XREF: sub_404A08+297�j
cmp [ebp+arg_4], eax
jz short loc_404CBC
cmp dword ptr [edi+4], 408h
jnz loc_404DA8
loc_404CBC: ; CODE XREF: sub_404A08+2A5�j
test byte ptr dword_4341E4+1, 2
jnz loc_404D66
cmp [ebp+arg_4], eax
jz short loc_404CE2
cmp dword ptr [edi+8], 0FFFFFFFEh
jnz loc_404D66
push [ebp+hWnd] ; hWnd
call sub_4048D5
jmp short loc_404CEF
; ---------------------------------------------------------------------------
loc_404CE2: ; CODE XREF: sub_404A08+2C4�j
push ebx ; lParam
push 9 ; wParam
push 110Ah ; Msg
push [ebp+hWnd] ; hWnd
call esi ; SendMessageA
loc_404CEF: ; CODE XREF: sub_404A08+2D8�j
cmp eax, ebx
mov [ebp+var_44], eax
jz short loc_404D66
lea eax, [ebp+var_48]
push eax ; lParam
push ebx ; wParam
push 110Ch ; Msg
push [ebp+hWnd] ; hWnd
mov [ebp+var_48], 4
call esi ; SendMessageA
test eax, eax
jz short loc_404D66
mov eax, [ebp+var_24]
mov ecx, [ebp+var_18]
imul eax, 418h
lea ecx, [eax+ecx+8]
mov eax, [ecx]
test al, 10h
jnz short loc_404D66
test al, 40h
jz short loc_404D3D
xor eax, 80h
test al, al
jns short loc_404D38
or eax, 1
jmp short loc_404D40
; ---------------------------------------------------------------------------
loc_404D38: ; CODE XREF: sub_404A08+329�j
and eax, 0FFFFFFFEh
jmp short loc_404D40
; ---------------------------------------------------------------------------
loc_404D3D: ; CODE XREF: sub_404A08+320�j
xor eax, 1
loc_404D40: ; CODE XREF: sub_404A08+32E�j
; sub_404A08+333�j
mov [ecx], eax
push [ebp+var_24]
call sub_40117D
mov eax, dword_4341E4
xor ecx, ecx
shr eax, 8
inc ecx
not eax
and eax, ecx
mov [ebp+arg_8], ecx
mov [ebp+arg_C], eax
mov [ebp+arg_4], 40Fh
loc_404D66: ; CODE XREF: sub_404A08+2BB�j
; sub_404A08+2CA�j ...
cmp edi, ebx
jz short loc_404DA8
cmp dword ptr [edi+8], 0FFFFFE6Eh
jnz short loc_404D81
push dword ptr [edi+5Ch] ; lParam
push ebx ; wParam
push 419h ; Msg
push [ebp+hWnd] ; hWnd
call esi ; SendMessageA
loc_404D81: ; CODE XREF: sub_404A08+369�j
cmp dword ptr [edi+8], 0FFFFFE6Ah
jnz short loc_404DA8
mov eax, [edi+5Ch]
mov ecx, [ebp+var_18]
imul eax, 418h
cmp dword ptr [edi+0Ch], 2
lea eax, [eax+ecx+8]
jnz short loc_404DA5
or dword ptr [eax], 20h
jmp short loc_404DA8
; ---------------------------------------------------------------------------
loc_404DA5: ; CODE XREF: sub_404A08+396�j
and dword ptr [eax], 0FFFFFFDFh
loc_404DA8: ; CODE XREF: sub_404A08+29C�j
; sub_404A08+2AE�j ...
cmp [ebp+arg_4], 111h
jnz short loc_404E23
cmp word ptr [ebp+arg_8], 3F9h
jnz loc_404FFE
mov eax, [ebp+arg_8]
shr eax, 10h
cmp ax, 1
jnz loc_404FFE
push ebx ; lParam
push ebx ; wParam
push 147h ; Msg
push [ebp+wParam] ; hWnd
call esi ; SendMessageA
cmp eax, 0FFFFFFFFh
jz loc_404FFE
push ebx ; lParam
push eax ; wParam
push 150h ; Msg
push [ebp+wParam] ; hWnd
call esi ; SendMessageA
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_404DFD
mov eax, [ebp+var_1C]
cmp [eax+edi*4], ebx
jnz short loc_404E00
loc_404DFD: ; CODE XREF: sub_404A08+3EB�j
push 20h
pop edi
loc_404E00: ; CODE XREF: sub_404A08+3F3�j
push edi
call sub_4012A8
push edi ; lParam
push ebx ; wParam
push 420h ; Msg
push [ebp+hDlg] ; hWnd
call esi ; SendMessageA
mov [ebp+arg_8], 1
mov [ebp+arg_C], ebx
mov [ebp+arg_4], 40Fh
loc_404E23: ; CODE XREF: sub_404A08+3A7�j
cmp [ebp+arg_4], 200h
jnz short loc_404E38
push ebx ; lParam
push ebx ; wParam
push 200h ; Msg
push [ebp+hWnd] ; hWnd
call esi ; SendMessageA
loc_404E38: ; CODE XREF: sub_404A08+422�j
cmp [ebp+arg_4], 40Bh
jnz short loc_404E73
mov eax, lParam
cmp eax, ebx
jz short loc_404E51
push eax ; himl
call ds:ImageList_Destroy ; ImageList_Destroy
loc_404E51: ; CODE XREF: sub_404A08+440�j
mov eax, hMem
cmp eax, ebx
jz short loc_404E61
push eax ; hMem
call ds:GlobalFree ; GlobalFree
loc_404E61: ; CODE XREF: sub_404A08+450�j
mov lParam, ebx
mov hMem, ebx
mov dword_4341EC, ebx
loc_404E73: ; CODE XREF: sub_404A08+437�j
cmp [ebp+arg_4], 40Fh
jnz loc_404FC0
call sub_40129E
cmp [ebp+arg_8], ebx
jz short loc_404E91
push 8
call sub_4014C9
loc_404E91: ; CODE XREF: sub_404A08+480�j
cmp [ebp+arg_C], ebx
jz short loc_404ED5
push hMem
call sub_4012F3
mov edi, eax
push edi
call sub_4012A8
xor eax, eax
xor ecx, ecx
cmp edi, ebx
jle short loc_404EBF
loc_404EB1: ; CODE XREF: sub_404A08+4B5�j
mov edx, [ebp+var_1C]
cmp [edx+eax*4], ebx
jz short loc_404EBA
inc ecx
loc_404EBA: ; CODE XREF: sub_404A08+4AF�j
inc eax
cmp eax, edi
jl short loc_404EB1
loc_404EBF: ; CODE XREF: sub_404A08+4A7�j
push ebx ; lParam
push ecx ; wParam
push 14Eh ; Msg
push [ebp+wParam] ; hWnd
call esi ; SendMessageA
mov [ebp+arg_C], edi
mov [ebp+arg_4], 420h
loc_404ED5: ; CODE XREF: sub_404A08+48C�j
call sub_40129E
cmp dword_4341AC, ebx
mov eax, hMem
mov edi, dword_4341A8
mov [ebp+var_20], eax
mov [ebp+var_3C], 0F030h
mov [ebp+var_14], ebx
jle loc_404FA3
add edi, 8
loc_404F01: ; CODE XREF: sub_404A08+595�j
mov eax, [ebp+var_20]
mov ecx, [ebp+var_14]
mov eax, [eax+ecx*4]
cmp eax, ebx
jz short loc_404F8B
mov edx, [edi]
push 8
mov [ebp+var_44], eax
pop eax
mov ecx, edx
and ecx, eax
mov [ebp+var_18], edx
and [ebp+var_18], 20h
shl ecx, 1
or ecx, [ebp+var_18]
test dh, 1
mov [ebp+var_48], eax
mov [ebp+var_40], ecx
jz short loc_404F45
lea eax, [edi+10h]
mov [ebp+var_48], 9
mov [ebp+var_38], eax
and byte ptr [edi+1], 0FEh
mov ecx, [ebp+var_40]
loc_404F45: ; CODE XREF: sub_404A08+527�j
test dl, 40h
jz short loc_404F4F
push 3
pop eax
jmp short loc_404F5D
; ---------------------------------------------------------------------------
loc_404F4F: ; CODE XREF: sub_404A08+540�j
mov eax, edx
and eax, 1
inc eax
test dl, 10h
jz short loc_404F5D
add eax, 3
loc_404F5D: ; CODE XREF: sub_404A08+545�j
; sub_404A08+550�j
push [ebp+var_44] ; lParam
shl eax, 0Ch
or ecx, eax
xor eax, eax
cmp [ebp+var_18], ebx
mov [ebp+var_40], ecx
setnz al
inc eax
push eax ; wParam
push 1102h ; Msg
push [ebp+hWnd] ; hWnd
call esi ; SendMessageA
lea eax, [ebp+var_48]
push eax ; lParam
push ebx ; wParam
push 110Dh ; Msg
push [ebp+hWnd] ; hWnd
call esi ; SendMessageA
loc_404F8B: ; CODE XREF: sub_404A08+504�j
inc [ebp+var_14]
mov eax, [ebp+var_14]
add edi, 418h
cmp eax, dword_4341AC
jl loc_404F01
loc_404FA3: ; CODE XREF: sub_404A08+4F0�j
mov eax, dword_433968
cmp [eax+10h], ebx
jz short loc_404FC0
push 5
call sub_4044B0
push 0FFFFFFFBh ; lpString2
push 3FFh ; nIDDlgItem
call sub_404419
loc_404FC0: ; CODE XREF: sub_404A08+472�j
; sub_404A08+5A3�j
cmp [ebp+arg_4], 420h
jnz short loc_404FFE
test byte ptr dword_4341E4+1, 1
jz short loc_404FFE
mov esi, ds:ShowWindow
xor eax, eax
cmp [ebp+arg_C], 20h
setz al
shl eax, 3
mov edi, eax
push edi ; nCmdShow
push [ebp+hWnd] ; hWnd
call esi ; ShowWindow
push edi ; nCmdShow
push 3FEh ; nIDDlgItem
push [ebp+hDlg] ; hDlg
call ds:GetDlgItem ; GetDlgItem
push eax ; hWnd
call esi ; ShowWindow
loc_404FFE: ; CODE XREF: sub_404A08+263�j
; sub_404A08+3AF�j ...
push [ebp+arg_C] ; hWnd
mov eax, [ebp+arg_4]
push [ebp+arg_8] ; HDC
call sub_403EC2
pop edi
pop esi
pop ebx
leave
retn 10h
sub_404A08 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_405013(int, LPCSTR lpString2)
sub_405013 proc near ; CODE XREF: sub_4014E1+9�p
; sub_40161F:loc_4016AE�p ...
lParam = dword ptr -30h
wParam = dword ptr -2Ch
var_28 = dword ptr -28h
var_1C = dword ptr -1Ch
hWnd = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
lpString2 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 30h
mov eax, dword_43394C
push edi
xor edi, edi
cmp eax, edi
mov [ebp+hWnd], eax
jz loc_4050E6
push ebx
mov ebx, dword_40D03C
mov [ebp+var_4], ebx
and [ebp+var_4], 1
push esi
mov esi, offset byte_42DD18
jnz short loc_40504B
push [ebp+arg_0] ; lpString2
push esi ; lpString1
call sub_4066B7
loc_40504B: ; CODE XREF: sub_405013+2D�j
push esi ; lpString
call lstrlenA ; lstrlenA
cmp [ebp+lpString2], edi
mov [ebp+arg_0], eax
jz short loc_405075
push [ebp+lpString2] ; lpString
call lstrlenA ; lstrlenA
add eax, [ebp+arg_0]
cmp eax, 800h
jnb short loc_4050E4
push [ebp+lpString2] ; lpString2
push esi ; lpString1
call ds:lstrcatA ; lstrcatA
loc_405075: ; CODE XREF: sub_405013+44�j
test bl, 4
jz short loc_405087
push esi ; lpString
push dword_433958 ; hWnd
call ds:SetWindowTextA ; SetWindowTextA
loc_405087: ; CODE XREF: sub_405013+65�j
test bl, 2
jz short loc_4050D5
push edi ; lParam
push edi ; wParam
push 1004h ; Msg
push [ebp+hWnd] ; hWnd
mov [ebp+var_1C], esi
mov esi, ds:SendMessageA
mov [ebp+lParam], 1
call esi ; SendMessageA
sub eax, [ebp+var_4]
not ebx
mov [ebp+wParam], eax
lea eax, [ebp+lParam]
push eax ; lParam
push edi ; wParam
and ebx, 1
or ebx, 1006h
push ebx ; Msg
push [ebp+hWnd] ; hWnd
mov [ebp+var_28], edi
call esi ; SendMessageA
push edi ; lParam
push [ebp+wParam] ; wParam
push 1013h ; Msg
push [ebp+hWnd] ; hWnd
call esi ; SendMessageA
loc_4050D5: ; CODE XREF: sub_405013+77�j
cmp [ebp+var_4], edi
jz short loc_4050E4
mov eax, [ebp+arg_0]
mov byte_42DD18[eax], 0
loc_4050E4: ; CODE XREF: sub_405013+56�j
; sub_405013+C5�j
pop esi
pop ebx
loc_4050E6: ; CODE XREF: sub_405013+13�j
pop edi
leave
retn 8
sub_405013 endp
; =============== S U B R O U T I N E =======================================
; DWORD __stdcall StartAddress(LPVOID)
StartAddress proc near ; CODE XREF: sub_4059CE+24B�p
; DATA XREF: sub_405176+1D9�o
hWnd = dword ptr 4
push esi
mov esi, dword_4341A8
push edi
mov edi, dword_4341AC
push 0 ; pvReserved
call ds:OleInitialize
or dword_434230, eax
test edi, edi
jz short loc_40515C
add esi, 18h
loc_40510E: ; CODE XREF: StartAddress+67�j
dec edi
test byte ptr [esi-10h], 1
jnz short loc_40512D
test byte ptr dword_4341E4+1, 4
jnz short loc_40512D
push esi ; arglist
push offset aSkippingSectio ; "Skipping section: \"%s\""
call sub_406171
pop ecx
pop ecx
jmp short loc_40514A
; ---------------------------------------------------------------------------
loc_40512D: ; CODE XREF: StartAddress+28�j
; StartAddress+31�j
push esi ; arglist
push offset aSectionS ; "Section: \"%s\""
call sub_406171
pop ecx
pop ecx
push [esp+8+hWnd] ; hWnd
push dword ptr [esi-0Ch] ; int
call sub_4013E7
test eax, eax
jnz short loc_405156
loc_40514A: ; CODE XREF: StartAddress+40�j
add esi, 418h
test edi, edi
jnz short loc_40510E
jmp short loc_40515C
; ---------------------------------------------------------------------------
loc_405156: ; CODE XREF: StartAddress+5D�j
inc dword_43420C
loc_40515C: ; CODE XREF: StartAddress+1E�j
; StartAddress+69�j
push 404h ; Msg
call sub_403EA7
call ds:OleUninitialize
mov eax, dword_43420C
pop edi
pop esi
retn 4
StartAddress endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_405176(HWND ThreadId, HGLOBAL hMem, HDC, int)
sub_405176 proc near ; DATA XREF: .data:0040D030�o
var_3C = byte ptr -3Ch
lParam = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
Rect = tagRECT ptr -14h
hWnd = dword ptr -4
ThreadId = dword ptr 8
hMem = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 3Ch
push ebx
push esi
mov esi, dword_43394C
xor ebx, ebx
cmp [ebp+hMem], 110h
push edi
mov [ebp+hWnd], esi
jnz loc_405332
or [ebp+var_2C], 0FFFFFFFFh
or [ebp+var_20], 0FFFFFFFFh
mov [ebp+lParam], 2
mov [ebp+var_30], ebx
mov [ebp+var_28], ebx
mov [ebp+var_24], ebx
xor eax, eax
lea edi, [ebp+var_1C]
stosd
stosd
mov eax, dword_434188
mov ecx, [eax+5Ch]
mov eax, [eax+60h]
mov edi, ds:GetDlgItem
push 403h ; nIDDlgItem
push [ebp+ThreadId] ; hDlg
mov [ebp+hMem], ecx
mov [ebp+arg_8], eax
call edi ; GetDlgItem
push 3EEh ; nIDDlgItem
push [ebp+ThreadId] ; hDlg
mov hWnd, eax
call edi ; GetDlgItem
push 3F8h ; nIDDlgItem
push [ebp+ThreadId] ; hDlg
mov dword_433958, eax
call edi ; GetDlgItem
push hWnd ; wParam
mov dword_43394C, eax
mov [ebp+hWnd], eax
call sub_403E90
push 4
call sub_4044B0
push offset byte_43A400
push 0FFFFFFFDh ; lpString2
push ebx ; lpString1
mov dword_433964, eax
mov nNumber, ebx
call sub_4066B7
push eax ; arglist
push offset aNewInstallOfST ; "New install of \"%s\" to \"%s\""
call sub_406171
add esp, 0Ch
lea eax, [ebp+Rect]
push eax ; lpRect
push [ebp+hWnd] ; hWnd
call ds:GetClientRect ; GetClientRect
push 15h ; nIndex
call ds:GetSystemMetrics ; GetSystemMetrics
mov ecx, [ebp+Rect.right]
mov esi, ds:SendMessageA
sub ecx, eax
lea eax, [ebp+lParam]
push eax ; lParam
push ebx ; wParam
push 101Bh ; Msg
push [ebp+hWnd] ; hWnd
mov [ebp+var_2C], ecx
call esi ; SendMessageA
mov eax, 4000h
push eax ; lParam
push eax ; wParam
push 1036h ; Msg
push [ebp+hWnd] ; hWnd
call esi ; SendMessageA
cmp [ebp+hMem], ebx
jl short loc_405299
push [ebp+hMem] ; lParam
push ebx ; wParam
push 1001h ; Msg
push [ebp+hWnd] ; hWnd
call esi ; SendMessageA
push [ebp+hMem] ; lParam
push ebx ; wParam
push 1026h ; Msg
push [ebp+hWnd] ; hWnd
call esi ; SendMessageA
loc_405299: ; CODE XREF: sub_405176+105�j
cmp [ebp+arg_8], ebx
jl short loc_4052AC
push [ebp+arg_8] ; lParam
push ebx ; wParam
push 1024h ; Msg
push [ebp+hWnd] ; hWnd
call esi ; SendMessageA
loc_4052AC: ; CODE XREF: sub_405176+126�j
mov eax, [ebp+arg_C]
push dword ptr [eax+30h] ; lpString2
push 1Bh ; int
push [ebp+ThreadId] ; hDlg
call sub_403E37
test byte ptr dword_4341E4, 3
jz short loc_4052EE
push ebx ; nCmdShow
push hWnd ; hWnd
call ds:ShowWindow ; ShowWindow
test byte ptr dword_4341E4, 2
jnz short loc_4052E8
push 8 ; nCmdShow
push [ebp+hWnd] ; hWnd
call ds:ShowWindow ; ShowWindow
jmp short loc_4052EE
; ---------------------------------------------------------------------------
loc_4052E8: ; CODE XREF: sub_405176+163�j
mov hWnd, ebx
loc_4052EE: ; CODE XREF: sub_405176+14D�j
; sub_405176+170�j
push 3ECh ; nIDDlgItem
push [ebp+ThreadId] ; hDlg
call edi ; GetDlgItem
push 75300000h ; lParam
push ebx ; wParam
mov edi, eax
push 401h ; Msg
push edi ; hWnd
call esi ; SendMessageA
test byte ptr dword_4341E4, 4
jz loc_405504
push [ebp+arg_8] ; lParam
push ebx ; wParam
push 409h ; Msg
push edi ; hWnd
call esi ; SendMessageA
push [ebp+hMem] ; lParam
push ebx ; wParam
push 2001h ; Msg
push edi ; hWnd
call esi ; SendMessageA
jmp loc_405504
; ---------------------------------------------------------------------------
loc_405332: ; CODE XREF: sub_405176+1B�j
cmp [ebp+hMem], 405h
jnz short loc_405363
lea eax, [ebp+ThreadId]
push eax ; lpThreadId
push ebx ; dwCreationFlags
push 3ECh ; nIDDlgItem
push [ebp+ThreadId] ; hDlg
call ds:GetDlgItem ; GetDlgItem
push eax ; lpParameter
push offset StartAddress ; lpStartAddress
push ebx ; dwStackSize
push ebx ; lpThreadAttributes
call ds:CreateThread ; CreateThread
push eax ; hObject
call ds:CloseHandle ; CloseHandle
loc_405363: ; CODE XREF: sub_405176+1C3�j
cmp [ebp+hMem], 111h
mov edi, ds:ShowWindow
jnz short loc_40538D
cmp word ptr [ebp+arg_8], 403h
jnz short loc_4053AF
push ebx ; nCmdShow
push hWnd ; hWnd
call edi ; ShowWindow
push 8 ; nCmdShow
push esi ; hWnd
call edi ; ShowWindow
call sub_403E59
loc_40538D: ; CODE XREF: sub_405176+1FA�j
cmp [ebp+hMem], 404h
jnz short loc_4053EB
cmp dword_433954, ebx
jz short loc_4053C4
push 78h ; wParam
mov nResult, 2
call sub_403E10
loc_4053AF: ; CODE XREF: sub_405176+202�j
; sub_405176+279�j ...
push [ebp+arg_C] ; hWnd
mov eax, [ebp+hMem]
push [ebp+arg_8] ; HDC
call sub_403EC2
loc_4053BD: ; CODE XREF: sub_405176+390�j
pop edi
pop esi
pop ebx
leave
retn 10h
; ---------------------------------------------------------------------------
loc_4053C4: ; CODE XREF: sub_405176+226�j
push 8 ; nCmdShow
push dword_434180 ; hWnd
call edi ; ShowWindow
cmp dword_43420C, ebx
jnz short loc_4053E4
mov eax, dword_42F51C
push ebx ; lpString2
push dword ptr [eax+34h] ; int
call sub_405013
loc_4053E4: ; CODE XREF: sub_405176+25E�j
push 1 ; wParam
call sub_403E10
loc_4053EB: ; CODE XREF: sub_405176+21E�j
cmp [ebp+hMem], 7Bh
jnz short loc_4053AF
cmp [ebp+arg_8], esi
jnz short loc_4053AF
push ebx ; lParam
push ebx ; wParam
push 1004h ; Msg
push esi ; hWnd
call ds:SendMessageA ; SendMessageA
cmp eax, ebx
mov [ebp+ThreadId], eax
jle loc_405504
call ds:CreatePopupMenu ; CreatePopupMenu
push 0FFFFFFE1h ; lpString2
push ebx ; lpString1
mov edi, eax
call sub_4066B7
push eax ; lpNewItem
push 1 ; uIDNewItem
push ebx ; uFlags
push edi ; hMenu
call ds:AppendMenuA ; AppendMenuA
mov eax, [ebp+arg_C]
cmp eax, 0FFFFFFFFh
jnz short loc_405445
lea eax, [ebp+Rect]
push eax ; lpRect
push esi ; hWnd
call ds:GetWindowRect ; GetWindowRect
mov ecx, [ebp+Rect.left]
mov eax, [ebp+Rect.top]
jmp short loc_40544E
; ---------------------------------------------------------------------------
loc_405445: ; CODE XREF: sub_405176+2BA�j
movsx ecx, ax
shr eax, 10h
movsx eax, ax
loc_40544E: ; CODE XREF: sub_405176+2CD�j
push ebx ; prcRect
push esi ; hWnd
push ebx ; nReserved
push eax ; y
push ecx ; x
push 180h ; uFlags
push edi ; hMenu
call ds:TrackPopupMenu ; TrackPopupMenu
xor edi, edi
inc edi
cmp eax, edi
jnz loc_405504
mov esi, [ebp+ThreadId]
mov [ebp+lParam], ebx
mov [ebp+var_28], offset String
mov [ebp+var_24], 0FFFh
loc_40547E: ; CODE XREF: sub_405176+322�j
lea eax, [ebp+var_3C]
push eax ; lParam
dec esi
push esi ; wParam
push 102Dh ; Msg
push [ebp+hWnd] ; hWnd
call ds:SendMessageA ; SendMessageA
cmp esi, ebx
lea edi, [edi+eax+2]
jnz short loc_40547E
push ebx ; hWndNewOwner
call ds:OpenClipboard ; OpenClipboard
call ds:EmptyClipboard ; EmptyClipboard
push edi ; dwBytes
push 42h ; uFlags
call ds:GlobalAlloc ; GlobalAlloc
push eax ; hMem
mov [ebp+hMem], eax
call ds:GlobalLock ; GlobalLock
mov esi, eax
loc_4054BC: ; CODE XREF: sub_405176+372�j
lea eax, [ebp+var_3C]
push eax ; lParam
push ebx ; wParam
push 102Dh ; Msg
push [ebp+hWnd] ; hWnd
mov [ebp+var_28], esi
mov [ebp+var_24], edi
call ds:SendMessageA ; SendMessageA
push esi ; lpString
call lstrlenA ; lstrlenA
add esi, eax
mov word ptr [esi], 0A0Dh
inc esi
inc esi
inc ebx
cmp ebx, [ebp+ThreadId]
jl short loc_4054BC
push [ebp+hMem] ; hMem
call ds:GlobalUnlock ; GlobalUnlock
push [ebp+hMem] ; hMem
push 1 ; uFormat
call ds:SetClipboardData ; SetClipboardData
call ds:CloseClipboard ; CloseClipboard
loc_405504: ; CODE XREF: sub_405176+199�j
; sub_405176+1B7�j ...
xor eax, eax
jmp loc_4053BD
sub_405176 endp
; =============== S U B R O U T I N E =======================================
; BOOL __stdcall sub_40550B(HWND, UINT, WPARAM, LPARAM)
sub_40550B proc near ; DATA XREF: sub_4059CE+224�o
Rect = tagRECT ptr -10h
hDlg = dword ptr 4
arg_4 = dword ptr 8
wParam = dword ptr 0Ch
hWnd = dword ptr 10h
sub esp, 10h
push ebx
push ebp
mov ebp, [esp+18h+arg_4]
mov ecx, 110h
cmp ebp, ecx
push esi
push edi
jz loc_405697
cmp ebp, 408h
jz loc_405697
cmp ebp, 47h
mov ebx, [esp+20h+hDlg]
jnz short loc_40554D
push 13h ; uFlags
xor eax, eax
push eax ; cy
push eax ; cx
push eax ; Y
push eax ; X
push ebx ; hWndInsertAfter
push dword_42DD14 ; hWnd
call ds:SetWindowPos ; SetWindowPos
loc_40554D: ; CODE XREF: sub_40550B+2B�j
cmp ebp, 5
jnz short loc_40556A
mov eax, [esp+20h+wParam]
dec eax
neg eax
sbb eax, eax
and eax, ebp
push eax ; nCmdShow
push dword_42DD14 ; hWnd
call ds:ShowWindow ; ShowWindow
loc_40556A: ; CODE XREF: sub_40550B+45�j
cmp ebp, 40Dh
jnz short loc_40558C
push dword_433948 ; hWnd
call ds:DestroyWindow ; DestroyWindow
mov eax, [esp+20h+wParam]
mov dword_433948, eax
jmp loc_40599D
; ---------------------------------------------------------------------------
loc_40558C: ; CODE XREF: sub_40550B+65�j
cmp ebp, 11h
jnz short loc_4055A4
push 0 ; dwNewLong
push 0 ; nIndex
push ebx ; hWnd
call ds:SetWindowLongA ; SetWindowLongA
xor eax, eax
inc eax
jmp loc_4059C4
; ---------------------------------------------------------------------------
loc_4055A4: ; CODE XREF: sub_40550B+84�j
cmp ebp, 10h
jnz short loc_4055DC
mov eax, dword_4341A4
dec eax
cmp dword_40D020, eax
jnz loc_405683
push dword_42DD08 ; hWnd
call ds:IsWindowEnabled ; IsWindowEnabled
test eax, eax
jnz loc_405683
mov ebp, 111h
mov [esp+20h+wParam], 1
loc_4055DC: ; CODE XREF: sub_40550B+9C�j
cmp ebp, 111h
jnz loc_405683
movzx esi, word ptr [esp+20h+wParam]
push esi ; nIDDlgItem
push ebx ; hDlg
call ds:GetDlgItem ; GetDlgItem
mov ebx, ds:SendMessageA
mov edi, eax
test edi, edi
jz short loc_40561C
push 0 ; lParam
push 0 ; wParam
push 0F3h ; Msg
push edi ; hWnd
call ebx ; SendMessageA
push edi ; hWnd
call ds:IsWindowEnabled ; IsWindowEnabled
test eax, eax
jz loc_4059C2
loc_40561C: ; CODE XREF: sub_40550B+F4�j
xor edi, edi
inc edi
cmp esi, edi
jnz short loc_405626
push edi
jmp short loc_405667
; ---------------------------------------------------------------------------
loc_405626: ; CODE XREF: sub_40550B+116�j
cmp esi, 3
jnz short loc_405638
cmp dword_40D020, 0
jle short loc_40566E
push 0FFFFFFFFh
jmp short loc_405667
; ---------------------------------------------------------------------------
loc_405638: ; CODE XREF: sub_40550B+11E�j
cmp esi, 2
jnz short loc_40566E
cmp dword_43420C, 0
jz short loc_405654
push esi
call sub_4014C9
mov nResult, esi
jmp short loc_405665
; ---------------------------------------------------------------------------
loc_405654: ; CODE XREF: sub_40550B+139�j
push 3
call sub_4014C9
test eax, eax
jnz short loc_405683
mov nResult, edi
loc_405665: ; CODE XREF: sub_40550B+147�j
push 78h ; wParam
loc_405667: ; CODE XREF: sub_40550B+119�j
; sub_40550B+12B�j
call sub_403E10
jmp short loc_405683
; ---------------------------------------------------------------------------
loc_40566E: ; CODE XREF: sub_40550B+127�j
; sub_40550B+130�j
push [esp+20h+hWnd] ; lParam
push [esp+24h+wParam] ; wParam
push 111h ; Msg
push dword_433948 ; hWnd
call ebx ; SendMessageA
loc_405683: ; CODE XREF: sub_40550B+AA�j
; sub_40550B+BE�j ...
push [esp+20h+hWnd] ; hWnd
mov eax, ebp
push [esp+24h+wParam] ; HDC
call sub_403EC2
jmp loc_4059C4
; ---------------------------------------------------------------------------
loc_405697: ; CODE XREF: sub_40550B+12�j
; sub_40550B+1E�j
cmp ebp, ecx
mov eax, [esp+20h+wParam]
mov ebx, [esp+20h+hDlg]
mov dword_42D8FC, eax
jnz short loc_4056F5
mov esi, ds:GetDlgItem
push 1 ; nIDDlgItem
push ebx ; hDlg
mov dword_434180, ebx
call esi ; GetDlgItem
push 2 ; nIDDlgItem
push ebx ; hDlg
mov dword_42F518, eax
call esi ; GetDlgItem
push 0FFFFFFFFh ; lpString2
push 1Ch ; int
push ebx ; hDlg
mov dword_42DD08, eax
call sub_403E37
push dwNewLong ; dwNewLong
push 0FFFFFFF2h ; nIndex
push ebx ; hWnd
call ds:SetClassLongA ; SetClassLongA
push 4
call sub_4014C9
mov dword_433954, eax
xor eax, eax
inc eax
mov dword_42D8FC, eax
loc_4056F5: ; CODE XREF: sub_40550B+19B�j
mov ecx, dword_40D020
mov esi, ecx
shl esi, 6
add esi, dword_4341A0
xor edi, edi
cmp ecx, edi
jl short loc_40574A
cmp eax, 1
jnz short loc_405742
push edi ; hWnd
push dword ptr [esi+10h] ; int
call sub_4013E7
test eax, eax
jz short loc_405742
push 1 ; lParam
push edi ; wParam
push 40Fh ; Msg
push dword_433948 ; hWnd
call ds:SendMessageA ; SendMessageA
xor eax, eax
cmp dword_433954, edi
setz al
jmp loc_4059C4
; ---------------------------------------------------------------------------
loc_405742: ; CODE XREF: sub_40550B+204�j
; sub_40550B+211�j
cmp [esi], edi
jz loc_4059C2
loc_40574A: ; CODE XREF: sub_40550B+1FF�j
push 40Bh ; Msg
call sub_403EA7
loc_405754: ; CODE XREF: sub_40550B+386�j
; sub_40550B+38E�j ...
mov eax, dword_42D8FC
add dword_40D020, eax
shl eax, 6
add esi, eax
mov eax, dword_40D020
cmp eax, dword_4341A4
jnz short loc_405778
push 1
call sub_4014C9
loc_405778: ; CODE XREF: sub_40550B+264�j
cmp dword_433954, 0
jnz loc_40597D
mov eax, dword_4341A4
cmp dword_40D020, eax
jnb loc_40597D
push dword ptr [esi+24h] ; lpString2
mov edi, [esi+14h]
push offset dword_43C000 ; lpString1
call sub_4066B7
push dword ptr [esi+20h] ; lpString2
push 0FFFFFC19h ; int
push ebx ; hDlg
call sub_403E37
push dword ptr [esi+1Ch] ; lpString2
push 0FFFFFC1Bh ; int
push ebx ; hDlg
call sub_403E37
push dword ptr [esi+28h] ; lpString2
push 0FFFFFC1Ah ; int
push ebx ; hDlg
call sub_403E37
push 3 ; nIDDlgItem
push ebx ; hDlg
call ds:GetDlgItem ; GetDlgItem
cmp dword_43420C, 0
mov ebp, eax
jz short loc_4057ED
and edi, 0FFFFFEFDh
or edi, 4
loc_4057ED: ; CODE XREF: sub_40550B+2D7�j
mov eax, edi
and eax, 8
push eax ; nCmdShow
push ebp ; hWnd
call ds:ShowWindow ; ShowWindow
mov eax, edi
and eax, 100h
push eax ; bEnable
push ebp ; hWnd
call ds:EnableWindow ; EnableWindow
mov eax, edi
and eax, 2
push eax ; bEnable
call sub_403E7D
and edi, 4
push edi ; bEnable
push dword_42DD08 ; hWnd
call ds:EnableWindow ; EnableWindow
push 1 ; lParam
xor edi, edi
push edi ; wParam
push 0F4h ; Msg
push ebp ; hWnd
mov ebp, ds:SendMessageA
call ebp ; SendMessageA
cmp dword_43420C, edi
jz short loc_405852
push edi ; lParam
push 2 ; wParam
push 401h ; Msg
push ebx ; hWnd
call ebp ; SendMessageA
push dword_42DD08
jmp short loc_405858
; ---------------------------------------------------------------------------
loc_405852: ; CODE XREF: sub_40550B+332�j
push dword_42F518 ; wParam
loc_405858: ; CODE XREF: sub_40550B+345�j
call sub_403E90
push offset Caption ; lpString2
mov ebp, offset String
push ebp ; lpString1
call lstrcpyA ; lstrcpyA
push dword ptr [esi+18h] ; lpString2
push ebp ; lpString
call lstrlenA ; lstrlenA
add eax, ebp
push eax ; lpString1
call sub_4066B7
push ebp ; lpString
push ebx ; hWnd
call ds:SetWindowTextA ; SetWindowTextA
push edi ; hWnd
push dword ptr [esi+8] ; int
call sub_4013E7
test eax, eax
jnz loc_405754
cmp [esi], eax
jz loc_405754
cmp dword ptr [esi+4], 5
jnz short loc_4058C2
cmp dword_43420C, eax
jnz loc_4059C2
cmp dword_434200, eax
jnz loc_405754
jmp loc_4059C2
; ---------------------------------------------------------------------------
loc_4058C2: ; CODE XREF: sub_40550B+398�j
push dword_433948 ; hWnd
call ds:DestroyWindow ; DestroyWindow
cmp dword ptr [esi], 0
mov dword_42F51C, esi
jle loc_40599D
mov eax, [esi+4]
push esi ; dwInitParam
push lpDialogFunc[eax*4] ; lpDialogFunc
mov ax, [esi]
add ax, word ptr dword_43395C
push ebx ; hWndParent
movzx eax, ax
push eax ; lpTemplateName
push hModule ; hInstance
call ds:CreateDialogParamA ; CreateDialogParamA
test eax, eax
mov dword_433948, eax
jz loc_40599D
push dword ptr [esi+2Ch] ; lpString2
push 6 ; int
push eax ; hDlg
call sub_403E37
lea eax, [esp+20h+Rect]
push eax ; lpRect
push 3FAh ; nIDDlgItem
push ebx ; hDlg
call ds:GetDlgItem ; GetDlgItem
push eax ; hWnd
call ds:GetWindowRect ; GetWindowRect
lea eax, [esp+20h+Rect]
push eax ; lpPoint
push ebx ; hWnd
call ds:ScreenToClient ; ScreenToClient
push 15h ; uFlags
xor edi, edi
push edi ; cy
push edi ; cx
push [esp+2Ch+Rect.top] ; Y
push [esp+30h+Rect.left] ; X
push edi ; hWndInsertAfter
push dword_433948 ; hWnd
call ds:SetWindowPos ; SetWindowPos
push edi ; hWnd
push dword ptr [esi+0Ch] ; int
call sub_4013E7
push 8 ; nCmdShow
push dword_433948 ; hWnd
call ds:ShowWindow ; ShowWindow
push 405h ; Msg
call sub_403EA7
jmp short loc_40599D
; ---------------------------------------------------------------------------
loc_40597D: ; CODE XREF: sub_40550B+274�j
; sub_40550B+285�j
push dword_433948 ; hWnd
call ds:DestroyWindow ; DestroyWindow
push nResult ; nResult
and dword_434180, 0
push ebx ; hDlg
call ds:EndDialog ; EndDialog
loc_40599D: ; CODE XREF: sub_40550B+7C�j
; sub_40550B+3CC�j ...
cmp dword_42F528, 0
jnz short loc_4059C2
cmp dword_433948, 0
jz short loc_4059C2
push 0Ah ; nCmdShow
push ebx ; hWnd
call ds:ShowWindow ; ShowWindow
mov dword_42F528, 1
loc_4059C2: ; CODE XREF: sub_40550B+10B�j
; sub_40550B+239�j ...
xor eax, eax
loc_4059C4: ; CODE XREF: sub_40550B+94�j
; sub_40550B+187�j ...
pop edi
pop esi
pop ebp
pop ebx
add esp, 10h
retn 10h
sub_40550B endp
; =============== S U B R O U T I N E =======================================
sub_4059CE proc near ; CODE XREF: start+2B5�p
ClassName = byte ptr -14h
pvParam = dword ptr -10h
Y = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
mov eax, dword_4341E4
sub esp, 14h
push ebx
push ebp
push esi
mov esi, dword_434188
and eax, 20h
push edi
mov dword_434200, eax
call sub_403FAC
mov ebp, offset byte_43A400
push ebp ; lpString2
call sub_406252
xor ebx, ebx
test eax, eax
jnz loc_405A82
mov ecx, [esi+48h]
cmp ecx, ebx
jz short loc_405A82
mov eax, dword_4341B8
mov edx, [esi+4Ch]
mov edi, offset byte_432D20
push edi ; lpData
add edx, eax
push edx ; lpValueName
add ecx, eax
push ecx ; phkResult
push dword ptr [esi+44h] ; cbData
call sub_405EBB
mov al, byte_432D20
cmp al, bl
jz short loc_405A82
cmp al, 22h
jnz short loc_405A41
push 22h ; char
mov edi, offset sz
push edi ; lpsz
call sub_405D3E
mov [eax], bl
loc_405A41: ; CODE XREF: sub_4059CE+62�j
push edi ; lpString
call lstrlenA ; lstrlenA
lea eax, [eax+edi-4]
cmp eax, edi
jbe short loc_405A75
push offset a_exe ; ".exe"
push eax ; lpString1
call ds:lstrcmpiA ; lstrcmpiA
test eax, eax
jnz short loc_405A75
push edi ; lpFileName
call ds:GetFileAttributesA ; GetFileAttributesA
cmp eax, 0FFFFFFFFh
jz short loc_405A6F
test al, 10h
jnz short loc_405A75
loc_405A6F: ; CODE XREF: sub_4059CE+9B�j
push edi ; lpszStart
call sub_40622C
loc_405A75: ; CODE XREF: sub_4059CE+7F�j
; sub_4059CE+8F�j ...
push edi ; lpString1
call sub_4061CB
push eax ; lpString2
push ebp ; lpString1
call lstrcpyA ; lstrcpyA
loc_405A82: ; CODE XREF: sub_4059CE+2E�j
; sub_4059CE+39�j ...
push ebp ; lpString2
call sub_406252
test eax, eax
jnz short loc_405A98
push dword ptr [esi+118h] ; lpString2
push ebp ; lpString1
call sub_4066B7
loc_405A98: ; CODE XREF: sub_4059CE+BC�j
xor ebp, ebp
inc ebp
test byte ptr dword_4341E4, 10h
jz short loc_405AB7
cmp dword_4341E0, ebx
jnz short loc_405AB7
call sub_403F6C
mov dword_431D04, ebp
loc_405AB7: ; CODE XREF: sub_4059CE+D4�j
; sub_4059CE+DC�j
push 8040h ; UINT
push ebx ; int
push ebx ; int
push ebp ; UINT
push 67h ; LPCSTR
push hModule ; HINSTANCE
call ds:LoadImageA ; LoadImageA
mov dwNewLong, eax
cmp dword ptr [esi+50h], 0FFFFFFFFh
mov edi, offset WndClass
jz loc_405B6A
mov ecx, hModule
mov WndClass.hIcon, eax
lea eax, [esp+24h+ClassName]
push edi ; lpWndClass
mov dword ptr [esp+28h+ClassName], 624E5Fh
mov WndClass.lpfnWndProc, offset sub_401000
mov WndClass.hInstance, ecx
mov WndClass.lpszClassName, eax
call ds:RegisterClassA ; RegisterClassA
test ax, ax
jz loc_405C40
push ebx ; fWinIni
lea eax, [esp+28h+pvParam]
push eax ; pvParam
push ebx ; uiParam
push 30h ; uiAction
call ds:SystemParametersInfoA ; SystemParametersInfoA
mov eax, [esp+24h+var_4]
sub eax, [esp+24h+Y]
push ebx ; lpParam
push hModule ; hInstance
push ebx ; hMenu
push ebx ; hWndParent
push eax ; nHeight
mov eax, [esp+38h+var_8]
sub eax, [esp+38h+pvParam]
push eax ; nWidth
push [esp+3Ch+Y] ; Y
lea eax, [esp+40h+ClassName]
push [esp+40h+pvParam] ; X
push 80000000h ; dwStyle
push ebx ; lpWindowName
push eax ; lpClassName
push 80h ; dwExStyle
call ds:CreateWindowExA ; CreateWindowExA
mov dword_42DD14, eax
loc_405B6A: ; CODE XREF: sub_4059CE+10D�j
push ebx
call sub_4014C9
test eax, eax
jz short loc_405B7C
loc_405B74: ; CODE XREF: sub_4059CE+25A�j
; sub_4059CE+267�j
push 2
pop eax
jmp loc_405C42
; ---------------------------------------------------------------------------
loc_405B7C: ; CODE XREF: sub_4059CE+1A4�j
call sub_403FAC
cmp dword_434220, ebx
jnz loc_405C18
push 5 ; nCmdShow
push dword_42DD14 ; hWnd
call ds:ShowWindow ; ShowWindow
mov esi, ds:LoadLibraryA
mov ebp, offset LibFileName ; "RichEd20.dll"
push ebp ; lpLibFileName
call esi ; LoadLibraryA
test eax, eax
jnz short loc_405BB9
push ebp ; lpLibFileName
mov word ptr LibFileName+6, 3233h
call esi ; LoadLibraryA
loc_405BB9: ; CODE XREF: sub_4059CE+1DD�j
mov ebp, ds:GetClassInfoA
push edi ; lpWndClass
mov esi, offset ClassName ; "RichEdit20A"
push esi ; lpClassName
push ebx ; hInstance
call ebp ; GetClassInfoA
test eax, eax
jnz short loc_405BEC
push edi ; lpWndClass
push esi ; lpClassName
push ebx ; hInstance
mov byte ptr ClassName+8, bl
call ebp ; GetClassInfoA
push edi ; lpWndClass
mov WndClass.lpszClassName, esi
mov byte ptr ClassName+8, 32h
call ds:RegisterClassA ; RegisterClassA
loc_405BEC: ; CODE XREF: sub_4059CE+1FD�j
mov eax, dword_43395C
push ebx ; dwInitParam
push offset sub_40550B ; lpDialogFunc
add eax, 69h
movzx eax, ax
push ebx ; hWndParent
push eax ; lpTemplateName
push hModule ; hInstance
call ds:DialogBoxParamA ; DialogBoxParamA
push 5
mov esi, eax
call sub_4014C9
mov eax, esi
jmp short loc_405C42
; ---------------------------------------------------------------------------
loc_405C18: ; CODE XREF: sub_4059CE+1B9�j
push ebx ; LPVOID
call StartAddress
test eax, eax
jz short loc_405C3A
cmp dword_433954, ebx
jnz loc_405B74
push 2
call sub_4014C9
jmp loc_405B74
; ---------------------------------------------------------------------------
loc_405C3A: ; CODE XREF: sub_4059CE+252�j
push ebp
call sub_4014C9
loc_405C40: ; CODE XREF: sub_4059CE+149�j
xor eax, eax
loc_405C42: ; CODE XREF: sub_4059CE+1A9�j
; sub_4059CE+248�j
pop edi
pop esi
pop ebp
pop ebx
add esp, 14h
retn
sub_4059CE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405C4A proc near ; CODE XREF: sub_4044DD+166�p
; sub_4066B7+16C�p
ppMalloc = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
lea eax, [ebp+ppMalloc]
push eax ; ppMalloc
call ds:SHGetMalloc ; SHGetMalloc
mov eax, [ebp+ppMalloc]
test eax, eax
jz short locret_405C71
push [ebp+arg_0]
mov ecx, [eax]
push eax
call dword ptr [ecx+14h]
mov eax, [ebp+ppMalloc]
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
locret_405C71: ; CODE XREF: sub_405C4A+13�j
leave
retn 4
sub_405C4A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_405C75(LPSTR lpCommandLine, LPCSTR lpCurrentDirectory)
sub_405C75 proc near ; CODE XREF: sub_40161F+D2C�p
; sub_40161F+19C2�p ...
ProcessInformation= _PROCESS_INFORMATION ptr -10h
lpCommandLine = dword ptr 8
lpCurrentDirectory= dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push [ebp+lpCurrentDirectory] ; lpFileName
mov StartupInfo.cb, 44h
call ds:GetFileAttributesA ; GetFileAttributesA
xor ecx, ecx
cmp eax, 0FFFFFFFFh
jz short loc_405C99
test al, 10h
jnz short loc_405C9C
loc_405C99: ; CODE XREF: sub_405C75+1E�j
mov [ebp+lpCurrentDirectory], ecx
loc_405C9C: ; CODE XREF: sub_405C75+22�j
lea eax, [ebp+ProcessInformation]
push eax ; lpProcessInformation
push offset StartupInfo ; lpStartupInfo
push [ebp+lpCurrentDirectory] ; lpCurrentDirectory
push ecx ; lpEnvironment
push ecx ; dwCreationFlags
push ecx ; bInheritHandles
push ecx ; lpThreadAttributes
push ecx ; lpProcessAttributes
push [ebp+lpCommandLine] ; lpCommandLine
push ecx ; lpApplicationName
call ds:CreateProcessA ; CreateProcessA
test eax, eax
jz short locret_405CC7
push [ebp+ProcessInformation.hThread] ; hObject
call ds:CloseHandle ; CloseHandle
mov eax, [ebp+ProcessInformation.hProcess]
locret_405CC7: ; CODE XREF: sub_405C75+44�j
leave
retn 8
sub_405C75 endp
; [00000006 BYTES: COLLAPSED FUNCTION SetDlgItemTextA. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_405CD1(int nIDDlgItem, LPSTR lpString)
sub_405CD1 proc near ; CODE XREF: sub_404093+18�p
; sub_4044DD+33�p ...
nIDDlgItem = dword ptr 4
lpString = dword ptr 8
push 400h ; nMaxCount
push [esp+4+lpString] ; lpString
push [esp+8+nIDDlgItem] ; nIDDlgItem
push dword_433948 ; hDlg
call ds:GetDlgItemTextA ; GetDlgItemTextA
retn 8
sub_405CD1 endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_405CED(LPCSTR lpText, int)
sub_405CED proc near ; CODE XREF: sub_40161F+61B�p
; sub_40161F:loc_401D42�p ...
lpText = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
mov ecx, eax
and ecx, 1FFFFFh
cmp dword_434220, 0
jz short loc_405D07
shr eax, 15h
jnz short locret_405D2C
loc_405D07: ; CODE XREF: sub_405CED+13�j
cmp dword_434228, 0
jz short loc_405D16
xor ecx, 180000h
loc_405D16: ; CODE XREF: sub_405CED+21�j
push ecx ; uType
push offset Caption ; lpCaption
push [esp+8+lpText] ; lpText
push dword_434180 ; hWnd
call ds:MessageBoxA ; MessageBoxA
locret_405D2C: ; CODE XREF: sub_405CED+18�j
retn 8
sub_405CED endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_405D2F(DWORD dwBytes)
sub_405D2F proc near ; CODE XREF: sub_40161F+4AA�p
; sub_40161F+A18�p ...
dwBytes = dword ptr 4
push [esp+dwBytes] ; dwBytes
push 40h ; uFlags
call ds:GlobalAlloc ; GlobalAlloc
retn 4
sub_405D2F endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_405D3E(LPCSTR lpsz, char)
sub_405D3E proc near ; CODE XREF: start+C5�p start+187�p ...
lpsz = dword ptr 4
arg_4 = byte ptr 8
mov eax, [esp+lpsz]
jmp short loc_405D51
; ---------------------------------------------------------------------------
loc_405D44: ; CODE XREF: sub_405D3E+17�j
cmp cl, [esp+arg_4]
jz short locret_405D57
push eax ; lpsz
call ds:CharNextA ; CharNextA
loc_405D51: ; CODE XREF: sub_405D3E+4�j
mov cl, [eax]
test cl, cl
jnz short loc_405D44
locret_405D57: ; CODE XREF: sub_405D3E+A�j
retn 8
sub_405D3E endp
; =============== S U B R O U T I N E =======================================
sub_405D5A proc near ; CODE XREF: sub_40161F+526�p
; sub_40161F+1039�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
mov al, [ecx]
or al, 20h
cmp word ptr [ecx], 5C5Ch
jz short loc_405D7B
cmp al, 61h
jl short loc_405D77
cmp al, 7Ah
jg short loc_405D77
cmp byte ptr [ecx+1], 3Ah
jz short loc_405D7B
loc_405D77: ; CODE XREF: sub_405D5A+11�j
; sub_405D5A+15�j
xor eax, eax
jmp short locret_405D7E
; ---------------------------------------------------------------------------
loc_405D7B: ; CODE XREF: sub_405D5A+D�j
; sub_405D5A+1B�j
xor eax, eax
inc eax
locret_405D7E: ; CODE XREF: sub_405D5A+1F�j
retn 4
sub_405D5A endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_405D81(LPCSTR lpsz)
sub_405D81 proc near ; CODE XREF: sub_4044DD+A4�p
; sub_4044DD+1F7�p ...
lpsz = dword ptr 4
push ebx
push esi
mov esi, ds:CharNextA
push edi
mov edi, [esp+0Ch+lpsz]
push edi ; lpsz
call esi ; CharNextA
mov ebx, eax
push ebx ; lpsz
call esi ; CharNextA
cmp byte ptr [edi], 0
jz short loc_405DA7
cmp word ptr [ebx], 5C3Ah
jnz short loc_405DA7
push eax ; lpsz
call esi ; CharNextA
jmp short loc_405DC8
; ---------------------------------------------------------------------------
loc_405DA7: ; CODE XREF: sub_405D81+18�j
; sub_405D81+1F�j
cmp word ptr [edi], 5C5Ch
jnz short loc_405DC6
push 2
pop esi
loc_405DB1: ; CODE XREF: sub_405D81+41�j
push 5Ch ; char
push eax ; lpsz
dec esi
call sub_405D3E
cmp byte ptr [eax], 0
jz short loc_405DC6
inc eax
test esi, esi
jnz short loc_405DB1
jmp short loc_405DC8
; ---------------------------------------------------------------------------
loc_405DC6: ; CODE XREF: sub_405D81+2B�j
; sub_405D81+3C�j
xor eax, eax
loc_405DC8: ; CODE XREF: sub_405D81+24�j
; sub_405D81+43�j
pop edi
pop esi
pop ebx
retn 4
sub_405D81 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_405DCE(LPCSTR lpString, LPCSTR lpString2)
sub_405DCE proc near ; CODE XREF: sub_406326+289�p
; sub_406326+2C3�p
var_4 = dword ptr -4
lpString = dword ptr 8
lpString2 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
push [ebp+lpString2] ; lpString
mov edi, ds:__imp_lstrlenA
call edi ; __imp_lstrlenA
mov esi, [ebp+lpString]
mov [ebp+var_4], eax
jmp short loc_405E0F
; ---------------------------------------------------------------------------
loc_405DE8: ; CODE XREF: sub_405DCE+47�j
mov eax, [ebp+var_4]
push [ebp+lpString2] ; lpString2
mov bl, [eax+esi]
push esi ; lpString1
mov byte ptr [eax+esi], 0
call ds:lstrcmpiA ; lstrcmpiA
test eax, eax
mov eax, [ebp+var_4]
mov [eax+esi], bl
jz short loc_405E20
push esi ; lpsz
call ds:CharNextA ; CharNextA
mov esi, eax
loc_405E0F: ; CODE XREF: sub_405DCE+18�j
push esi ; lpString
call edi ; __imp_lstrlenA
cmp eax, [ebp+var_4]
jge short loc_405DE8
xor eax, eax
loc_405E19: ; CODE XREF: sub_405DCE+54�j
pop edi
pop esi
pop ebx
leave
retn 8
; ---------------------------------------------------------------------------
loc_405E20: ; CODE XREF: sub_405DCE+36�j
mov eax, esi
jmp short loc_405E19
sub_405DCE endp
; =============== S U B R O U T I N E =======================================
sub_405E24 proc near ; CODE XREF: sub_40161F+190B�p
; sub_403646+C1�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_0]
push esi
mov esi, [esp+4+arg_8]
test esi, esi
jle short loc_405E40
mov eax, [esp+4+arg_4]
sub eax, ecx
loc_405E37: ; CODE XREF: sub_405E24+1A�j
mov dl, [eax+ecx]
mov [ecx], dl
inc ecx
dec esi
jnz short loc_405E37
loc_405E40: ; CODE XREF: sub_405E24+B�j
pop esi
retn 0Ch
sub_405E24 endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_405E44(LPCSTR lpFileName, DWORD dwDesiredAccess, DWORD dwCreationDisposition)
sub_405E44 proc near ; CODE XREF: sub_40161F+5C5�p
; sub_40161F+15C1�p ...
lpFileName = dword ptr 4
dwDesiredAccess = dword ptr 8
dwCreationDisposition= dword ptr 0Ch
push [esp+lpFileName] ; lpFileName
call ds:GetFileAttributesA ; GetFileAttributesA
mov ecx, eax
inc ecx
push 0 ; hTemplateFile
neg ecx
sbb ecx, ecx
and ecx, eax
push ecx ; dwFlagsAndAttributes
push [esp+8+dwCreationDisposition] ; dwCreationDisposition
push 0 ; lpSecurityAttributes
push 1 ; dwShareMode
push [esp+14h+dwDesiredAccess] ; dwDesiredAccess
push [esp+18h+lpFileName] ; lpFileName
call ds:CreateFileA ; CreateFileA
retn 0Ch
sub_405E44 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_405E73(const CHAR lpTempFileName, LPCSTR lpPathName)
sub_405E73 proc near ; CODE XREF: sub_40161F+42D�p
; sub_4038F2+2D�p
lpTempFileName = byte ptr 8
lpPathName = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
mov esi, dword ptr [ebp+lpTempFileName]
push edi
push 64h
pop edi
loc_405E7E: ; CODE XREF: sub_405E73+39�j
dec edi
mov dword ptr [ebp+lpTempFileName], 61736Eh
call ds:GetTickCount ; GetTickCount
push 1Ah
pop ecx
xor edx, edx
div ecx
push esi ; lpTempFileName
push 0 ; uUnique
lea eax, [ebp+lpTempFileName]
push eax ; lpPrefixString
push [ebp+lpPathName] ; lpPathName
add [ebp+0Ah], dl
call ds:GetTempFileNameA ; GetTempFileNameA
test eax, eax
jnz short loc_405EB7
test edi, edi
jnz short loc_405E7E
mov byte ptr [esi], 0
loc_405EB1: ; CODE XREF: sub_405E73+46�j
pop edi
pop esi
pop ebp
retn 8
; ---------------------------------------------------------------------------
loc_405EB7: ; CODE XREF: sub_405E73+35�j
mov eax, esi
jmp short loc_405EB1
sub_405E73 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_405EBB(HKEY cbData, LPCSTR phkResult, LPCSTR lpValueName, DWORD lpData)
sub_405EBB proc near ; CODE XREF: sub_4059CE+52�p
; sub_4066B7+D9�p ...
cbData = dword ptr 8
phkResult = dword ptr 0Ch
lpValueName = dword ptr 10h
lpData = dword ptr 14h
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+lpData]
lea eax, [ebp+phkResult]
push eax ; phkResult
push 20019h ; samDesired
xor ebx, ebx
push ebx ; ulOptions
push [ebp+phkResult] ; lpSubKey
mov [esi], bl
push [ebp+cbData] ; hKey
call ds:RegOpenKeyExA ; RegOpenKeyExA
test eax, eax
jnz short loc_405F1F
lea eax, [ebp+cbData]
push eax ; lpcbData
push esi ; lpData
lea eax, [ebp+lpData]
push eax ; lpType
push ebx ; lpReserved
push [ebp+lpValueName] ; lpValueName
mov [ebp+cbData], 400h
push [ebp+phkResult] ; hKey
call ds:RegQueryValueExA ; RegQueryValueExA
test eax, eax
jnz short loc_405F0E
cmp [ebp+lpData], 1
jz short loc_405F10
cmp [ebp+lpData], 2
jz short loc_405F10
loc_405F0E: ; CODE XREF: sub_405EBB+45�j
mov [esi], bl
loc_405F10: ; CODE XREF: sub_405EBB+4B�j
; sub_405EBB+51�j
push [ebp+phkResult] ; hKey
mov [esi+3FFh], bl
call ds:RegCloseKey ; RegCloseKey
loc_405F1F: ; CODE XREF: sub_405EBB+24�j
pop esi
pop ebx
pop ebp
retn 10h
sub_405EBB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_405F25(HKEY hKey, LPCSTR lpSubKey, LPCSTR lpValueName, DWORD dwType, BYTE *lpData, DWORD cbData)
sub_405F25 proc near ; CODE XREF: sub_406326+145�p
; sub_406326+1CF�p
dwDisposition = dword ptr -8
phkResult = dword ptr -4
hKey = dword ptr 8
lpSubKey = dword ptr 0Ch
lpValueName = dword ptr 10h
dwType = dword ptr 14h
lpData = dword ptr 18h
cbData = dword ptr 1Ch
push ebp
mov ebp, esp
push ecx
push ecx
push esi
push edi
lea eax, [ebp+dwDisposition]
push eax ; lpdwDisposition
xor esi, esi
lea eax, [ebp+phkResult]
push eax ; phkResult
push esi ; lpSecurityAttributes
push 0F003Fh ; samDesired
push esi ; dwOptions
push esi ; lpClass
push esi ; Reserved
push [ebp+lpSubKey] ; lpSubKey
mov [ebp+phkResult], esi
push [ebp+hKey] ; hKey
mov [ebp+dwDisposition], esi
call ds:RegCreateKeyExA ; RegCreateKeyExA
mov edi, eax
cmp edi, esi
jnz short loc_405F78
push [ebp+cbData] ; cbData
push [ebp+lpData] ; lpData
push [ebp+dwType] ; dwType
push esi ; Reserved
push [ebp+lpValueName] ; lpValueName
push [ebp+phkResult] ; hKey
call ds:RegSetValueExA ; RegSetValueExA
push [ebp+phkResult] ; hKey
mov edi, eax
call ds:RegCloseKey ; RegCloseKey
loc_405F78: ; CODE XREF: sub_405F25+30�j
mov eax, edi
pop edi
pop esi
leave
retn 18h
sub_405F25 endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_405F80(LPSTR, int)
sub_405F80 proc near ; CODE XREF: sub_40161F+DAD�p
; sub_40161F+DF2�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push [esp+arg_4]
push offset aD ; "%d"
push [esp+8+arg_0] ; LPSTR
call ds:wsprintfA ; wsprintfA
add esp, 0Ch
retn 8
sub_405F80 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405F99 proc near ; CODE XREF: sub_4013E7+6F�p
; sub_4014F2+10�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov ecx, [ebp+arg_0]
push ebx
push esi
push edi
xor edi, edi
cmp byte ptr [ecx], 2Dh
mov [ebp+var_4], 1
mov al, 0Ah
mov bl, 39h
jnz short loc_405FBA
inc ecx
or [ebp+var_4], 0FFFFFFFFh
loc_405FBA: ; CODE XREF: sub_405F99+1A�j
cmp byte ptr [ecx], 30h
jnz short loc_405FDB
inc ecx
mov dl, [ecx]
cmp dl, 30h
jl short loc_405FD0
cmp dl, 37h
jg short loc_405FD0
mov al, 8
mov bl, 37h
loc_405FD0: ; CODE XREF: sub_405F99+2C�j
; sub_405F99+31�j
and dl, 0DFh
cmp dl, 58h
jnz short loc_405FDB
mov al, 10h
inc ecx
loc_405FDB: ; CODE XREF: sub_405F99+24�j
; sub_405F99+3D�j ...
movsx edx, byte ptr [ecx]
inc ecx
cmp edx, 30h
jl short loc_405FF0
movsx esi, bl
cmp edx, esi
jg short loc_405FF0
sub edx, 30h
jmp short loc_406009
; ---------------------------------------------------------------------------
loc_405FF0: ; CODE XREF: sub_405F99+49�j
; sub_405F99+50�j
cmp al, 10h
jnz short loc_406015
mov esi, edx
and esi, 0FFFFFFDFh
cmp esi, 41h
jl short loc_406015
cmp esi, 46h
jg short loc_406015
and edx, 7
add edx, 9
loc_406009: ; CODE XREF: sub_405F99+55�j
movsx esi, al
imul esi, edi
add esi, edx
mov edi, esi
jmp short loc_405FDB
; ---------------------------------------------------------------------------
loc_406015: ; CODE XREF: sub_405F99+59�j
; sub_405F99+63�j ...
mov eax, [ebp+var_4]
imul eax, edi
pop edi
pop esi
pop ebx
leave
retn 4
sub_405F99 endp
; [00000006 BYTES: COLLAPSED FUNCTION lstrcpyA. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION lstrlenA. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_40602E(LPCSTR lpszCurrent)
sub_40602E proc near ; CODE XREF: sub_401508+2F�p
; sub_40161F+556�p ...
lpszCurrent = dword ptr 4
push ebx
push ebp
mov ebp, ds:CharNextA
push esi
mov esi, [esp+0Ch+lpszCurrent]
push edi
jmp short loc_406043
; ---------------------------------------------------------------------------
loc_40603E: ; CODE XREF: sub_40602E+18�j
push esi ; lpsz
call ebp ; CharNextA
mov esi, eax
loc_406043: ; CODE XREF: sub_40602E+E�j
cmp byte ptr [esi], 20h
jz short loc_40603E
cmp byte ptr [esi], 5Ch
jnz short loc_406062
cmp byte ptr [esi+1], 5Ch
jnz short loc_406062
cmp byte ptr [esi+2], 3Fh
jnz short loc_406062
cmp byte ptr [esi+3], 5Ch
jnz short loc_406062
add esi, 4
loc_406062: ; CODE XREF: sub_40602E+1D�j
; sub_40602E+23�j ...
cmp byte ptr [esi], 0
jz short loc_406073
push esi
call sub_405D5A
test eax, eax
jz short loc_406073
inc esi
inc esi
loc_406073: ; CODE XREF: sub_40602E+37�j
; sub_40602E+41�j
mov ebx, esi
mov edi, esi
xor eax, eax
jmp short loc_4060A6
; ---------------------------------------------------------------------------
loc_40607B: ; CODE XREF: sub_40602E+7C�j
cmp al, 1Fh
jbe short loc_4060A1
push eax ; char
push offset a? ; "*?|<>/\":"
call sub_405D3E
cmp byte ptr [eax], 0
jnz short loc_4060A1
push esi ; lpsz
call ebp ; CharNextA
sub eax, esi
push eax
push esi
push edi
call sub_405E24
push edi ; lpsz
call ebp ; CharNextA
mov edi, eax
loc_4060A1: ; CODE XREF: sub_40602E+4F�j
; sub_40602E+5F�j
push esi ; lpsz
call ebp ; CharNextA
mov esi, eax
loc_4060A6: ; CODE XREF: sub_40602E+4B�j
mov al, [esi]
test al, al
jnz short loc_40607B
mov [edi], al
loc_4060AE: ; CODE XREF: sub_40602E+99�j
push edi ; lpszCurrent
push ebx ; lpszStart
call ds:CharPrevA ; CharPrevA
mov edi, eax
mov al, [edi]
cmp al, 20h
jz short loc_4060C2
cmp al, 5Ch
jnz short loc_4060C9
loc_4060C2: ; CODE XREF: sub_40602E+8E�j
cmp ebx, edi
mov byte ptr [edi], 0
jb short loc_4060AE
loc_4060C9: ; CODE XREF: sub_40602E+92�j
pop edi
pop esi
pop ebp
mov eax, ebx
pop ebx
retn 4
sub_40602E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_4060D2(DWORD NumberOfBytesWritten)
sub_4060D2 proc near ; CODE XREF: start+2C0�p sub_406171+16�p
NumberOfBytesWritten= dword ptr 8
push ebp
mov ebp, esp
push ebx
xor ebx, ebx
cmp [ebp+NumberOfBytesWritten], ebx
jz short loc_4060F7
mov eax, hObject
cmp eax, 0FFFFFFFFh
jz short loc_4060EE
push eax ; hObject
call ds:CloseHandle ; CloseHandle
loc_4060EE: ; CODE XREF: sub_4060D2+13�j
or hObject, 0FFFFFFFFh
jmp short loc_40616C
; ---------------------------------------------------------------------------
loc_4060F7: ; CODE XREF: sub_4060D2+9�j
cmp dword_431D04, ebx
jz short loc_40616C
cmp byte_433520, bl
jz short loc_406136
cmp hObject, 0FFFFFFFFh
jnz short loc_40613F
push 4 ; dwCreationDisposition
push 40000000h ; dwDesiredAccess
push offset byte_433520 ; lpFileName
call sub_405E44
cmp eax, 0FFFFFFFFh
mov hObject, eax
jz short loc_40616C
push 2 ; dwMoveMethod
push ebx ; lpDistanceToMoveHigh
push ebx ; lDistanceToMove
push eax ; hFile
call ds:SetFilePointer ; SetFilePointer
loc_406136: ; CODE XREF: sub_4060D2+33�j
cmp hObject, 0FFFFFFFFh
jz short loc_40616C
loc_40613F: ; CODE XREF: sub_4060D2+3C�j
push esi
push offset asc_409C60 ; "\r\n"
mov esi, offset String1
push esi ; lpString1
call ds:lstrcatA ; lstrcatA
push ebx ; lpOverlapped
lea eax, [ebp+NumberOfBytesWritten]
push eax ; lpNumberOfBytesWritten
push esi ; lpString
call ds:__imp_lstrlenA
push eax ; nNumberOfBytesToWrite
push esi ; lpBuffer
push hObject ; hFile
call ds:WriteFile ; WriteFile
pop esi
loc_40616C: ; CODE XREF: sub_4060D2+23�j
; sub_4060D2+2B�j ...
pop ebx
pop ebp
retn 4
sub_4060D2 endp
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_406171(LPCSTR, char arglist)
sub_406171 proc near ; CODE XREF: sub_40161F+68�p
; sub_40161F+84�p ...
arg_0 = dword ptr 4
arglist = byte ptr 8
lea eax, [esp+arglist]
push eax ; arglist
push [esp+4+arg_0] ; LPCSTR
push offset String1 ; LPSTR
call ds:wvsprintfA ; wvsprintfA
push 0 ; NumberOfBytesWritten
call sub_4060D2
retn
sub_406171 endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_40618D(LPCSTR lpFileName)
sub_40618D proc near ; CODE XREF: sub_40161F+2A2�p
; sub_40161F+354�p ...
lpFileName = dword ptr 4
push ebx
push esi
mov esi, ds:SetErrorMode
push edi
push 8001h ; uMode
call esi ; SetErrorMode
mov edi, offset FindFileData
push edi ; lpFindFileData
push [esp+10h+lpFileName] ; lpFileName
call ds:FindFirstFileA ; FindFirstFileA
push 0 ; uMode
mov ebx, eax
call esi ; SetErrorMode
cmp ebx, 0FFFFFFFFh
jz short loc_4061C3
push ebx ; hFindFile
call ds:FindClose ; FindClose
mov eax, edi
jmp short loc_4061C5
; ---------------------------------------------------------------------------
loc_4061C3: ; CODE XREF: sub_40618D+29�j
xor eax, eax
loc_4061C5: ; CODE XREF: sub_40618D+34�j
pop edi
pop esi
pop ebx
retn 4
sub_40618D endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_4061CB(LPCSTR lpString1)
sub_4061CB proc near ; CODE XREF: sub_40161F+549�p
; sub_40161F+1885�p ...
lpString1 = dword ptr 4
push esi
mov esi, [esp+4+lpString1]
push esi ; lpString
call ds:__imp_lstrlenA
add eax, esi
push eax ; lpszCurrent
push esi ; lpszStart
call ds:CharPrevA ; CharPrevA
cmp byte ptr [eax], 5Ch
jz short loc_4061F2
push offset SubBlock ; "\\"
push esi ; lpString1
call ds:lstrcatA ; lstrcatA
loc_4061F2: ; CODE XREF: sub_4061CB+19�j
mov eax, esi
pop esi
retn 4
sub_4061CB endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_4061F8(LPCSTR lpszStart, char)
sub_4061F8 proc near ; CODE XREF: sub_40161F+1805�p
lpszStart = dword ptr 4
arg_4 = byte ptr 8
push esi
push edi
mov edi, [esp+8+lpszStart]
push edi ; lpString
call ds:__imp_lstrlenA
mov esi, ds:CharPrevA
add eax, edi
push eax ; lpszCurrent
push edi ; lpszStart
call esi ; CharPrevA
test edi, edi
jz short loc_406227
loc_406215: ; CODE XREF: sub_4061F8+2D�j
cmp eax, edi
jbe short loc_406227
mov cl, [eax]
cmp cl, [esp+8+arg_4]
jz short loc_406227
push eax ; lpszCurrent
push edi ; lpszStart
call esi ; CharPrevA
jmp short loc_406215
; ---------------------------------------------------------------------------
loc_406227: ; CODE XREF: sub_4061F8+1B�j
; sub_4061F8+1F�j ...
pop edi
pop esi
retn 8
sub_4061F8 endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_40622C(LPCSTR lpszStart)
sub_40622C proc near ; CODE XREF: sub_403646+61�p start+383�p ...
lpszStart = dword ptr 4
push esi
mov esi, [esp+4+lpszStart]
push esi ; lpString
call ds:__imp_lstrlenA
add eax, esi
loc_40623A: ; CODE XREF: sub_40622C+1D�j
cmp byte ptr [eax], 5Ch
jz short loc_40624B
push eax ; lpszCurrent
push esi ; lpszStart
call ds:CharPrevA ; CharPrevA
cmp eax, esi
ja short loc_40623A
loc_40624B: ; CODE XREF: sub_40622C+11�j
mov byte ptr [eax], 0
pop esi
retn 4
sub_40622C endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_406252(LPCSTR lpString2)
sub_406252 proc near ; CODE XREF: start+28D�p
; sub_4044DD+1DA�p ...
lpString2 = dword ptr 4
push esi
push [esp+4+lpString2] ; lpString2
mov esi, offset FileName
push esi ; lpString1
call ds:__imp_lstrcpyA
push esi ; lpsz
call sub_405D81
test eax, eax
jnz short loc_406271
loc_40626D: ; CODE XREF: sub_406252+2C�j
; sub_406252+31�j
xor eax, eax
jmp short loc_4062C8
; ---------------------------------------------------------------------------
loc_406271: ; CODE XREF: sub_406252+19�j
test byte ptr dword_4341E4, 80h
jz short loc_406285
mov cl, [eax]
test cl, cl
jz short loc_40626D
cmp cl, 5Ch
jz short loc_40626D
loc_406285: ; CODE XREF: sub_406252+26�j
push ebx
mov ebx, ds:__imp_lstrlenA
push edi
mov edi, eax
sub edi, esi
jmp short loc_4062A8
; ---------------------------------------------------------------------------
loc_406293: ; CODE XREF: sub_406252+5B�j
push esi ; lpFileName
call sub_40618D
test eax, eax
jz short loc_4062A2
test byte ptr [eax], 10h
jz short loc_4062CC
loc_4062A2: ; CODE XREF: sub_406252+49�j
push esi ; lpszStart
call sub_40622C
loc_4062A8: ; CODE XREF: sub_406252+3F�j
push esi ; lpString
call ebx ; __imp_lstrlenA
cmp eax, edi
jg short loc_406293
push esi ; lpString1
call sub_4061CB
push esi ; lpFileName
call ds:GetFileAttributesA ; GetFileAttributesA
xor ecx, ecx
cmp eax, 0FFFFFFFFh
setnz cl
mov eax, ecx
loc_4062C6: ; CODE XREF: sub_406252+7C�j
pop edi
pop ebx
loc_4062C8: ; CODE XREF: sub_406252+1D�j
pop esi
retn 4
; ---------------------------------------------------------------------------
loc_4062CC: ; CODE XREF: sub_406252+4E�j
xor eax, eax
jmp short loc_4062C6
sub_406252 endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_4062D0(LPCSTR lpFileName)
sub_4062D0 proc near ; CODE XREF: sub_40161F+253�p
; sub_40161F+4F3�p ...
lpFileName = dword ptr 4
push ebp
push esi
push edi
mov edi, [esp+0Ch+lpFileName]
push edi ; lpsz
call sub_405D81
mov esi, eax
xor ebp, ebp
test esi, esi
jz short loc_406319
push ebx
loc_4062E6: ; CODE XREF: sub_4062D0+46�j
push 5Ch ; char
push esi ; lpsz
call sub_405D3E
mov esi, eax
mov bl, [esi]
push edi ; lpFileName
mov byte ptr [esi], 0
call sub_40618D
test eax, eax
jnz short loc_40630B
push eax ; lpSecurityAttributes
push edi ; lpPathName
call ds:CreateDirectoryA ; CreateDirectoryA
test eax, eax
jmp short loc_40630E
; ---------------------------------------------------------------------------
loc_40630B: ; CODE XREF: sub_4062D0+2D�j
test byte ptr [eax], 10h
loc_40630E: ; CODE XREF: sub_4062D0+39�j
jnz short loc_406311
inc ebp
loc_406311: ; CODE XREF: sub_4062D0:loc_40630E�j
mov [esi], bl
inc esi
test bl, bl
jnz short loc_4062E6
pop ebx
loc_406319: ; CODE XREF: sub_4062D0+13�j
pop edi
xor eax, eax
test ebp, ebp
pop esi
setz al
pop ebp
retn 4
sub_4062D0 endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_406326(LPCSTR arglist, LPCSTR lpFileName)
sub_406326 proc near ; CODE XREF: sub_40161F+361�p
; start+367�p ...
hObject = dword ptr -828h
var_824 = dword ptr -824h
var_820 = dword ptr -820h
dwBytes = dword ptr -81Ch
var_818 = dword ptr -818h
ValueName = byte ptr -814h
String = byte ptr -800h
Filename = byte ptr -400h
arglist = dword ptr 4
lpFileName = dword ptr 8
sub esp, 828h
and [esp+828h+hObject], 0
push ebx
push ebp
push edi
push offset aKernel32_dll ; "KERNEL32.dll"
call ds:GetModuleHandleA ; GetModuleHandleA
mov ebp, [esp+834h+lpFileName]
mov edi, [esp+834h+arglist]
cmp ebp, edi
mov ebx, eax
jz loc_4066AB
push edi ; lpString2
push ebp ; lpString1
call ds:lstrcmpiA ; lstrcmpiA
test eax, eax
jz loc_4066AB
push esi
mov esi, ds:__imp_lstrlenA
push edi ; lpString
call esi ; __imp_lstrlenA
cmp byte ptr [eax+edi-1], 5Ch
jnz short loc_40637F
mov [esp+838h+hObject], 1
loc_40637F: ; CODE XREF: sub_406326+4F�j
test ebp, ebp
jz short loc_406395
push ebp ; lpString
call esi ; __imp_lstrlenA
cmp byte ptr [eax+ebp-1], 5Ch
jnz short loc_406395
mov [esp+838h+hObject], 1
loc_406395: ; CODE XREF: sub_406326+5B�j
; sub_406326+65�j
test ebx, ebx
jz short loc_4063B7
push offset aMovefileexa ; "MoveFileExA"
push ebx ; hModule
call ds:GetProcAddress ; GetProcAddress
test eax, eax
jz short loc_4063B7
push 5
push ebp
push edi
call eax
test eax, eax
jnz loc_4066A4
loc_4063B7: ; CODE XREF: sub_406326+71�j
; sub_406326+81�j
mov ebx, 400h
push ebx ; cchBuffer
mov esi, offset szShortPath
push esi ; lpszShortPath
push edi ; lpszLongPath
mov dword_42F978, 4C554Eh
call ds:GetShortPathNameA ; GetShortPathNameA
test eax, eax
jz loc_4066AA
cmp eax, ebx
jg loc_4066AA
mov edi, ds:wsprintfA
push esi
mov ebx, offset dword_42F978
push ebx
push offset aSS_0 ; "%s=%s\r\n"
push offset byte_42FEB8 ; LPSTR
call edi ; wsprintfA
add esp, 10h
test ebp, ebp
mov [esp+838h+var_824], eax
jz short loc_40643C
push 1 ; dwCreationDisposition
push 0 ; dwDesiredAccess
push ebp ; lpFileName
call sub_405E44
push eax ; hObject
call ds:CloseHandle ; CloseHandle
mov edi, 400h
push edi ; cchBuffer
push ebx ; lpszShortPath
push ebp ; lpszLongPath
call ds:GetShortPathNameA ; GetShortPathNameA
test eax, eax
jz loc_4066AA
cmp eax, edi
jg loc_4066AA
jmp loc_40651F
; ---------------------------------------------------------------------------
loc_40643C: ; CODE XREF: sub_406326+E0�j
push offset aNul ; "NUL"
push ebx ; lpString1
call ds:__imp_lstrcpyA
cmp [esp+838h+hObject], 0
jz loc_40651F
push 4 ; cbData
push offset dword_409C4C ; lpData
push 4 ; dwType
push offset aFlags ; "Flags"
push offset aSoftwareMicros ; "Software\\Microsoft\\Windows\\CurrentVersi"...
push 80000002h ; hKey
call sub_405F25
test eax, eax
jnz loc_40650C
push 104h ; nSize
lea eax, [esp+83Ch+Filename]
push eax ; lpFilename
push 0 ; hModule
call ds:GetModuleFileNameA ; GetModuleFileNameA
mov ebp, ds:__imp_lstrlenA
mov ebx, esi
push esi ; lpString
dec ebx
call ebp ; __imp_lstrlenA
cmp byte ptr [eax+ebx], 5Ch
jnz short loc_4064A6
push esi ; lpString
call ebp ; __imp_lstrlenA
mov byte ptr [eax+ebx], 0
loc_4064A6: ; CODE XREF: sub_406326+177�j
mov eax, dword_430AB8
inc dword_430AB8
push eax
lea eax, [esp+83Ch+Filename]
push eax
lea eax, [esp+840h+ValueName]
push offset aS_08ld ; "%s_%08ld"
push eax ; LPSTR
call edi ; wsprintfA
push esi
lea eax, [esp+84Ch+String]
push offset aCommandCRmdirS ; "command /c rmdir \"%s\""
push eax ; LPSTR
call edi ; wsprintfA
add esp, 1Ch
lea eax, [esp+838h+String]
push eax ; lpString
call ebp ; __imp_lstrlenA
inc eax
push eax ; cbData
lea eax, [esp+83Ch+String]
push eax ; lpData
push 1 ; dwType
lea eax, [esp+844h+ValueName]
push eax ; lpValueName
push offset aSoftwareMicr_0 ; "Software\\Microsoft\\Windows\\CurrentVersi"...
push 80000002h ; hKey
call sub_405F25
test eax, eax
jz short loc_40651F
push [esp+838h+arglist]
push offset aErrorCouldNotC ; "ERROR: Could not create set up '%s' for"...
jmp short loc_406518
; ---------------------------------------------------------------------------
loc_40650C: ; CODE XREF: sub_406326+14C�j
push [esp+838h+arglist] ; arglist
push offset aErrorCouldNo_0 ; "ERROR: Could not create set up '%s' for"...
loc_406518: ; CODE XREF: sub_406326+1E4�j
call sub_406171
pop ecx
pop ecx
loc_40651F: ; CODE XREF: sub_406326+111�j
; sub_406326+127�j ...
push 3F0h ; uSize
push esi ; lpBuffer
call ds:GetWindowsDirectoryA ; GetWindowsDirectoryA
push offset aWininit_ini ; "\\wininit.ini"
push esi ; lpString1
call ds:lstrcatA ; lstrcatA
xor ebx, ebx
push ebx ; hTemplateFile
push 8000080h ; dwFlagsAndAttributes
push 4 ; dwCreationDisposition
push ebx ; lpSecurityAttributes
push ebx ; dwShareMode
push 0C0000000h ; dwDesiredAccess
push esi ; lpFileName
call ds:CreateFileA ; CreateFileA
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [esp+838h+var_820], edi
jz loc_4066A4
push ebx ; lpFileSizeHigh
push edi ; hFile
call ds:GetFileSize ; GetFileSize
mov ebp, [esp+838h+var_824]
mov esi, eax
xor ecx, ecx
push ecx ; lpName
lea ebx, [esi+ebp]
lea eax, [ebx+0Ah]
push eax ; dwMaximumSizeLow
push ecx ; dwMaximumSizeHigh
push 4 ; flProtect
push ecx ; lpFileMappingAttributes
push edi ; hFile
mov [esp+850h+dwBytes], eax
call ds:CreateFileMappingA ; CreateFileMappingA
xor ecx, ecx
cmp eax, ecx
mov [esp+838h+hObject], eax
jz loc_40668C
push ecx ; dwNumberOfBytesToMap
push ecx ; dwFileOffsetLow
push ecx ; dwFileOffsetHigh
push 2 ; dwDesiredAccess
push eax ; hFileMappingObject
call ds:MapViewOfFile ; MapViewOfFile
mov edi, eax
test edi, edi
jz loc_40667C
push offset aRename ; "[Rename]\r\n"
push edi ; lpString
call sub_405DCE
test eax, eax
jnz short loc_4065E0
push offset aRename ; "[Rename]\r\n"
lea eax, [edi+esi]
push eax ; lpString1
call ds:__imp_lstrcpyA
push ebp
add esi, 0Ah
push offset byte_42FEB8
lea eax, [edi+esi]
push eax
call sub_405E24
add esi, ebp
jmp loc_406675
; ---------------------------------------------------------------------------
loc_4065E0: ; CODE XREF: sub_406326+290�j
push offset asc_409C64 ; "\n["
add eax, 0Ah
push eax ; lpString
call sub_405DCE
test eax, eax
jz short loc_406664
push [esp+838h+dwBytes] ; dwBytes
inc eax
push 40h ; uFlags
mov [esp+840h+var_818], eax
mov ebx, eax
call ds:GlobalAlloc ; GlobalAlloc
mov ebp, eax
test ebp, ebp
jz short loc_406649
push offset byte_42FEB8 ; lpString2
push ebp ; lpString1
call ds:__imp_lstrcpyA
mov eax, [esp+838h+var_824]
add eax, ebp
add esi, edi
loc_40661F: ; CODE XREF: sub_406326+303�j
cmp ebx, esi
jnb short loc_40662B
mov cl, [ebx]
mov [eax], cl
inc eax
inc ebx
jmp short loc_40661F
; ---------------------------------------------------------------------------
loc_40662B: ; CODE XREF: sub_406326+2FB�j
sub eax, ebp
push eax
push ebp
push [esp+840h+var_818]
call sub_405E24
sub ebx, edi
add ebx, [esp+838h+var_824]
push ebp ; hMem
mov esi, ebx
call ds:GlobalFree ; GlobalFree
jmp short loc_406675
; ---------------------------------------------------------------------------
loc_406649: ; CODE XREF: sub_406326+2E3�j
push edi ; lpBaseAddress
call ds:UnmapViewOfFile ; UnmapViewOfFile
push [esp+838h+hObject] ; hObject
mov esi, ds:CloseHandle
call esi ; CloseHandle
push [esp+838h+var_820] ; hObject
call esi ; CloseHandle
jmp short loc_4066AA
; ---------------------------------------------------------------------------
loc_406664: ; CODE XREF: sub_406326+2CA�j
push ebp
push offset byte_42FEB8
lea eax, [edi+esi]
push eax
call sub_405E24
mov esi, ebx
loc_406675: ; CODE XREF: sub_406326+2B5�j
; sub_406326+321�j
push edi ; lpBaseAddress
call ds:UnmapViewOfFile ; UnmapViewOfFile
loc_40667C: ; CODE XREF: sub_406326+27D�j
push [esp+838h+hObject] ; hObject
call ds:CloseHandle ; CloseHandle
mov edi, [esp+838h+var_820]
xor ecx, ecx
loc_40668C: ; CODE XREF: sub_406326+267�j
push ecx ; dwMoveMethod
push ecx ; lpDistanceToMoveHigh
push esi ; lDistanceToMove
push edi ; hFile
call ds:SetFilePointer ; SetFilePointer
push edi ; hFile
call ds:SetEndOfFile ; SetEndOfFile
push edi ; hObject
call ds:CloseHandle ; CloseHandle
loc_4066A4: ; CODE XREF: sub_406326+8B�j
; sub_406326+232�j
inc dword_434210
loc_4066AA: ; CODE XREF: sub_406326+B0�j
; sub_406326+B8�j ...
pop esi
loc_4066AB: ; CODE XREF: sub_406326+2A�j
; sub_406326+3A�j
pop edi
pop ebp
pop ebx
add esp, 828h
retn 8
sub_406326 endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_4066B7(LPSTR lpString1, LPCSTR lpString2)
sub_4066B7 proc near ; CODE XREF: sub_4014F2+A�p
; sub_401508+23�p ...
ppidl = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
lpString1 = dword ptr 4
lpString2 = dword ptr 8
sub esp, 14h
push ebp
mov ebp, [esp+18h+lpString2]
test ebp, ebp
push esi
jge short loc_4066D5
mov ecx, dword_433968
lea eax, ds:4[ebp*4]
sub ecx, eax
mov ebp, [ecx]
loc_4066D5: ; CODE XREF: sub_4066B7+B�j
mov eax, dword_4341B8
mov ecx, [esp+1Ch+lpString1]
add ebp, eax
mov eax, offset byte_432D20
sub ecx, eax
cmp ecx, 800h
mov esi, eax
jnb short loc_4066FA
mov esi, [esp+1Ch+lpString1]
and [esp+1Ch+lpString1], 0
loc_4066FA: ; CODE XREF: sub_4066B7+38�j
mov dl, [ebp+0]
test dl, dl
jz loc_4068C4
push ebx
push edi
loc_406707: ; CODE XREF: sub_4066B7+205�j
mov ecx, esi
sub ecx, eax
cmp ecx, 400h
jge loc_4068C2
inc ebp
cmp dl, 0FCh
jbe loc_4068A4
movsx eax, byte ptr [ebp+1]
movsx ecx, byte ptr [ebp+0]
mov edi, eax
and edi, 7Fh
mov ebx, ecx
and ebx, 7Fh
shl edi, 7
or edi, ebx
mov ebx, 8000h
mov [esp+24h+var_10], ecx
or ecx, ebx
mov [esp+24h+var_8], eax
or eax, ebx
inc ebp
inc ebp
cmp dl, 0FEh
mov [esp+24h+var_C], ecx
mov [esp+24h+var_4], eax
jnz loc_40684E
xor edi, edi
cmp [esp+24h+var_8], 4
mov [esp+24h+lpString2], edi
mov byte ptr [esi], 0
jnz short loc_406777
push 2
mov [esp+28h+lpString2], offset aMicrosoftInter ; "\\Microsoft\\Internet Explorer\\Quick Laun"...
pop edi
loc_406777: ; CODE XREF: sub_4066B7+B3�j
mov ebx, [esp+24h+var_10]
cmp ebx, 2Bh
jnz short loc_406795
push esi ; lpData
push offset aCommonfilesdir ; "CommonFilesDir"
push offset phkResult ; "Software\\Microsoft\\Windows\\CurrentVersi"...
push 80000002h ; cbData
call sub_405EBB
loc_406795: ; CODE XREF: sub_4066B7+C7�j
cmp ebx, 26h
jnz short loc_4067C0
push esi ; lpData
push offset aProgramfilesdi ; "ProgramFilesDir"
push offset phkResult ; "Software\\Microsoft\\Windows\\CurrentVersi"...
push 80000002h ; cbData
call sub_405EBB
cmp byte ptr [esi], 0
jnz short loc_406831
push offset aCProgramFiles ; "C:\\Program Files"
push esi ; lpString1
call ds:__imp_lstrcpyA
loc_4067C0: ; CODE XREF: sub_4066B7+E1�j
cmp ebx, 25h
jnz short loc_4067D1
push 400h ; uSize
push esi ; lpBuffer
call ds:GetSystemDirectoryA ; GetSystemDirectoryA
loc_4067D1: ; CODE XREF: sub_4066B7+10C�j
cmp ebx, 24h
jnz short loc_4067E2
push 400h ; uSize
push esi ; lpBuffer
call ds:GetWindowsDirectoryA ; GetWindowsDirectoryA
loc_4067E2: ; CODE XREF: sub_4066B7+11D�j
cmp byte ptr [esi], 0
jnz short loc_406831
cmp dword_434204, 0
push 4
pop edi
jnz short loc_4067F8
push 2
pop edi
jmp short loc_406831
; ---------------------------------------------------------------------------
loc_4067F8: ; CODE XREF: sub_4066B7+13A�j
; sub_4066B7+17C�j
lea eax, [esp+24h+ppidl]
push eax ; ppidl
push [esp+edi*4+28h+ppidl] ; nFolder
dec edi
push dword_434180 ; hwndOwner
call ds:SHGetSpecialFolderLocation ; SHGetSpecialFolderLocation
test eax, eax
jnz short loc_40682E
push esi ; pszPath
push [esp+28h+ppidl] ; pidl
call ds:SHGetPathFromIDListA ; SHGetPathFromIDListA
push [esp+24h+ppidl]
mov ebx, eax
call sub_405C4A
test ebx, ebx
jnz short loc_406835
jmp short loc_406831
; ---------------------------------------------------------------------------
loc_40682E: ; CODE XREF: sub_4066B7+159�j
mov byte ptr [esi], 0
loc_406831: ; CODE XREF: sub_4066B7+FB�j
; sub_4066B7+12E�j ...
test edi, edi
jnz short loc_4067F8
loc_406835: ; CODE XREF: sub_4066B7+173�j
cmp byte ptr [esi], 0
jz short loc_406880
cmp [esp+24h+lpString2], 0
jz short loc_406880
push [esp+24h+lpString2] ; lpString2
push esi ; lpString1
call ds:lstrcatA ; lstrcatA
jmp short loc_406880
; ---------------------------------------------------------------------------
loc_40684E: ; CODE XREF: sub_4066B7+9F�j
cmp dl, 0FDh
jnz short loc_406891
cmp edi, 1Bh
jnz short loc_406866
push dword_434180 ; int
push esi ; LPSTR
call sub_405F80
jmp short loc_406878
; ---------------------------------------------------------------------------
loc_406866: ; CODE XREF: sub_4066B7+19F�j
mov eax, edi
shl eax, 0Ah
add eax, offset dword_435000
push eax ; lpString2
push esi ; lpString1
call ds:__imp_lstrcpyA
loc_406878: ; CODE XREF: sub_4066B7+1AD�j
add edi, 0FFFFFFEBh
cmp edi, 6
jnb short loc_406886
loc_406880: ; CODE XREF: sub_4066B7+181�j
; sub_4066B7+188�j ...
push esi ; lpszCurrent
call sub_40602E
loc_406886: ; CODE XREF: sub_4066B7+1C7�j
; sub_4066B7+1EB�j
push esi ; lpString
call ds:__imp_lstrlenA
add esi, eax
jmp short loc_4068B2
; ---------------------------------------------------------------------------
loc_406891: ; CODE XREF: sub_4066B7+19A�j
cmp dl, 0FFh
jnz short loc_4068B2
or eax, 0FFFFFFFFh
sub eax, edi
push eax ; lpString2
push esi ; lpString1
call sub_4066B7
jmp short loc_406886
; ---------------------------------------------------------------------------
loc_4068A4: ; CODE XREF: sub_4066B7+64�j
jnz short loc_4068AF
mov al, [ebp+0]
mov [esi], al
inc esi
inc ebp
jmp short loc_4068B2
; ---------------------------------------------------------------------------
loc_4068AF: ; CODE XREF: sub_4066B7:loc_4068A4�j
mov [esi], dl
inc esi
loc_4068B2: ; CODE XREF: sub_4066B7+1D8�j
; sub_4066B7+1DD�j ...
mov dl, [ebp+0]
test dl, dl
mov eax, offset byte_432D20
jnz loc_406707
loc_4068C2: ; CODE XREF: sub_4066B7+5A�j
pop edi
pop ebx
loc_4068C4: ; CODE XREF: sub_4066B7+48�j
cmp [esp+1Ch+lpString1], 0
mov byte ptr [esi], 0
pop esi
pop ebp
jz short loc_4068E0
push 400h ; iMaxLength
push eax ; lpString2
push [esp+1Ch+lpString1] ; lpString1
call ds:lstrcpynA ; lstrcpynA
loc_4068E0: ; CODE XREF: sub_4066B7+217�j
add esp, 14h
retn 8
sub_4066B7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_4068E6(LPCSTR lpString1, int)
sub_4068E6 proc near ; CODE XREF: sub_40161F+79F�p
; sub_403926+1F�p ...
FindFileData = _WIN32_FIND_DATAA ptr -144h
var_4 = dword ptr -4
lpString1 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 144h
push ebx
mov ebx, [ebp+lpString1]
push ebx ; lpString2
call sub_406252
push ebx ; lpFileName
mov [ebp+var_4], eax
call sub_40618D
test eax, eax
jnz short loc_406918
push ebx ; arglist
push offset aDeleteErrorSDo ; "Delete: ERROR -- \"%s\" does not exist. S"...
call sub_406171
pop ecx
pop ecx
jmp loc_406AF2
; ---------------------------------------------------------------------------
loc_406918: ; CODE XREF: sub_4068E6+1E�j
mov eax, [ebp+arg_4]
test al, 8
jz short loc_406936
push ebx ; lpFileName
call ds:DeleteFileA ; DeleteFileA
neg eax
sbb eax, eax
inc eax
add dword_434208, eax
jmp loc_406AF2
; ---------------------------------------------------------------------------
loc_406936: ; CODE XREF: sub_4068E6+37�j
mov [ebp+lpString1], eax
and [ebp+lpString1], 1
push esi
jz short loc_406952
cmp [ebp+var_4], 0
jz loc_406AF1
test al, 2
jz loc_406A88
loc_406952: ; CODE XREF: sub_4068E6+58�j
push edi
push ebx ; lpString2
mov esi, offset byte_4302B8
push esi ; lpString1
call ds:__imp_lstrcpyA
cmp [ebp+lpString1], 0
mov edi, ds:lstrcatA
jz short loc_406976
push offset a_ ; "\\*.*"
push esi ; lpString1
call edi ; lstrcatA
jmp short loc_40697C
; ---------------------------------------------------------------------------
loc_406976: ; CODE XREF: sub_4068E6+84�j
push ebx ; lpszStart
call sub_40622C
loc_40697C: ; CODE XREF: sub_4068E6+8E�j
push offset SubBlock ; "\\"
push ebx ; lpString1
call edi ; lstrcatA
push ebx ; lpString
call ds:__imp_lstrlenA
mov edi, eax
lea eax, [ebp+FindFileData]
push eax ; lpFindFileData
push esi ; lpFileName
add edi, ebx
call ds:FindFirstFileA ; FindFirstFileA
mov esi, eax
cmp esi, 0FFFFFFFFh
jz loc_406A7D
loc_4069A8: ; CODE XREF: sub_4068E6+18A�j
cmp [ebp+FindFileData.cFileName], 2Eh
jnz short loc_4069CB
cmp [ebp+FindFileData.cFileName+1], 2Eh
jz loc_406A60
cmp [ebp+FindFileData.cFileName+1], 0
jz loc_406A60
loc_4069CB: ; CODE XREF: sub_4068E6+C9�j
lea eax, [ebp+FindFileData.cFileName]
push eax ; lpString2
push edi ; lpString1
call ds:__imp_lstrcpyA
test byte ptr [ebp+FindFileData.dwFileAttributes], 10h
jz short loc_4069F7
mov eax, [ebp+arg_4]
and eax, 3
cmp al, 3
jnz short loc_406A60
push [ebp+arg_4] ; int
push ebx ; lpString1
call sub_4068E6
jmp short loc_406A60
; ---------------------------------------------------------------------------
loc_4069F7: ; CODE XREF: sub_4068E6+FA�j
push ebx ; arglist
push offset aDeleteDeletefi ; "Delete: DeleteFile(\"%s\")"
call sub_406171
mov eax, [ebp+FindFileData.dwFileAttributes]
pop ecx
pop ecx
and eax, 0FFFFFFFEh
push eax ; dwFileAttributes
push ebx ; lpFileName
call ds:SetFileAttributesA ; SetFileAttributesA
push ebx ; lpFileName
call ds:DeleteFileA ; DeleteFileA
test eax, eax
push ebx ; arglist
jnz short loc_406A59
test byte ptr [ebp+arg_4], 4
jz short loc_406A45
push offset aDeleteDelete_0 ; "Delete: DeleteFile on Reboot(\"%s\")"
call sub_406171
pop ecx
pop ecx
push ebx ; lpString2
push 0FFFFFFF1h ; int
call sub_405013
push 0 ; lpFileName
push ebx ; arglist
call sub_406326
jmp short loc_406A60
; ---------------------------------------------------------------------------
loc_406A45: ; CODE XREF: sub_4068E6+13F�j
push offset aDeleteDelete_1 ; "Delete: DeleteFile failed(\"%s\")"
call sub_406171
inc dword_434208
pop ecx
pop ecx
jmp short loc_406A60
; ---------------------------------------------------------------------------
loc_406A59: ; CODE XREF: sub_4068E6+139�j
push 0FFFFFFF2h ; int
call sub_405013
loc_406A60: ; CODE XREF: sub_4068E6+D2�j
; sub_4068E6+DF�j ...
lea eax, [ebp+FindFileData]
push eax ; lpFindFileData
push esi ; hFindFile
call ds:FindNextFileA ; FindNextFileA
test eax, eax
jnz loc_4069A8
push esi ; hFindFile
call ds:FindClose ; FindClose
loc_406A7D: ; CODE XREF: sub_4068E6+BC�j
cmp [ebp+lpString1], 0
jz short loc_406A87
mov byte ptr [edi-1], 0
loc_406A87: ; CODE XREF: sub_4068E6+19B�j
pop edi
loc_406A88: ; CODE XREF: sub_4068E6+66�j
xor esi, esi
cmp [ebp+var_4], esi
jz short loc_406AF1
cmp [ebp+lpString1], esi
jz short loc_406AF1
push ebx ; lpString1
call sub_4061CB
push ebx ; arglist
push offset aRmdirRemovedir ; "RMDir: RemoveDirectory(\"%s\")"
call sub_406171
pop ecx
pop ecx
push ebx ; lpPathName
call ds:RemoveDirectoryA ; RemoveDirectoryA
test eax, eax
push ebx ; arglist
jnz short loc_406AEA
test byte ptr [ebp+arg_4], 4
jz short loc_406AD6
push offset aRmdirRemoved_0 ; "RMDir: RemoveDirectory on Reboot(\"%s\")"
call sub_406171
pop ecx
pop ecx
push ebx ; lpString2
push 0FFFFFFF1h ; int
call sub_405013
push esi ; lpFileName
push ebx ; arglist
call sub_406326
jmp short loc_406AF1
; ---------------------------------------------------------------------------
loc_406AD6: ; CODE XREF: sub_4068E6+1D1�j
push offset aRmdirRemoved_1 ; "RMDir: RemoveDirectory failed(\"%s\")"
call sub_406171
inc dword_434208
pop ecx
pop ecx
jmp short loc_406AF1
; ---------------------------------------------------------------------------
loc_406AEA: ; CODE XREF: sub_4068E6+1CB�j
push 0FFFFFFE5h ; int
call sub_405013
loc_406AF1: ; CODE XREF: sub_4068E6+5E�j
; sub_4068E6+1A7�j ...
pop esi
loc_406AF2: ; CODE XREF: sub_4068E6+2D�j
; sub_4068E6+4B�j
pop ebx
leave
retn 8
sub_4068E6 endp
; =============== S U B R O U T I N E =======================================
sub_406AF7 proc near ; CODE XREF: sub_406E81+F8�p
; sub_406E81+296�p ...
push ebx
push edi
mov edi, [esi+9BB4h]
loc_406AFF: ; CODE XREF: sub_406AF7+4D�j
; sub_406AF7+55�j
mov ebx, [esi+9BB8h]
cmp edi, ebx
jbe short loc_406B0F
mov ebx, [esi+9BB0h]
loc_406B0F: ; CODE XREF: sub_406AF7+10�j
mov eax, [esi+0Ch]
sub ebx, edi
cmp ebx, eax
jb short loc_406B1A
mov ebx, eax
loc_406B1A: ; CODE XREF: sub_406AF7+1F�j
push ebx
push edi
push dword ptr [esi+8]
sub eax, ebx
mov [esi+0Ch], eax
call sub_405E24
add [esi+8], ebx
mov eax, [esi+9BB0h]
add edi, ebx
cmp edi, eax
jnz short loc_406B4E
cmp [esi+9BB8h], eax
lea edi, [esi+1BB0h]
jnz short loc_406AFF
mov [esi+9BB8h], edi
jmp short loc_406AFF
; ---------------------------------------------------------------------------
loc_406B4E: ; CODE XREF: sub_406AF7+3F�j
mov [esi+9BB4h], edi
pop edi
pop ebx
retn
sub_406AF7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=58h
sub_406B57 proc near ; CODE XREF: sub_406E81+17D�p
; sub_406E81+1AE�p ...
var_F0 = dword ptr -0F0h
var_B4 = dword ptr -0B4h
var_B0 = dword ptr -0B0h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
lea ebp, [esp-58h]
sub esp, 0F0h
push esi
push edi
push 10h
mov esi, eax
pop ecx
xor eax, eax
lea edi, [ebp+58h+var_74]
rep stosd
mov edi, [ebp+58h+arg_4]
mov ecx, [ebp+58h+arg_0]
mov edx, edi
loc_406B78: ; CODE XREF: sub_406B57+2D�j
mov eax, [ecx]
lea eax, [ebp+eax*4+58h+var_74]
inc dword ptr [eax]
add ecx, 4
dec edx
jnz short loc_406B78
cmp [ebp+58h+var_74], edi
jnz short loc_406B9B
mov eax, [ebp+58h+arg_14]
and dword ptr [eax], 0
and dword ptr [esi], 0
xor eax, eax
jmp loc_406E78
; ---------------------------------------------------------------------------
loc_406B9B: ; CODE XREF: sub_406B57+32�j
mov edx, [esi]
push 0Fh
xor edi, edi
inc edi
pop eax
mov [ebp+58h+var_4], edx
mov ecx, edi
push ebx
loc_406BA9: ; CODE XREF: sub_406B57+5D�j
xor ebx, ebx
cmp [ebp+ecx*4+58h+var_74], ebx
jnz short loc_406BB6
inc ecx
cmp ecx, eax
jbe short loc_406BA9
loc_406BB6: ; CODE XREF: sub_406B57+58�j
cmp edx, ecx
mov [ebp+58h+var_8], ecx
jnb short loc_406BC0
mov [ebp+58h+var_4], ecx
loc_406BC0: ; CODE XREF: sub_406B57+64�j
; sub_406B57+70�j
cmp [ebp+eax*4+58h+var_74], ebx
jnz short loc_406BC9
dec eax
jnz short loc_406BC0
loc_406BC9: ; CODE XREF: sub_406B57+6D�j
cmp [ebp+58h+var_4], eax
mov [ebp+58h+var_18], eax
jbe short loc_406BD4
mov [ebp+58h+var_4], eax
loc_406BD4: ; CODE XREF: sub_406B57+78�j
mov edx, [ebp+58h+var_4]
mov [esi], edx
shl edi, cl
jmp short loc_406BEA
; ---------------------------------------------------------------------------
loc_406BDD: ; CODE XREF: sub_406B57+95�j
sub edi, [ebp+ecx*4+58h+var_74]
js loc_406E70
inc ecx
shl edi, 1
loc_406BEA: ; CODE XREF: sub_406B57+84�j
cmp ecx, eax
jb short loc_406BDD
mov edx, eax
shl edx, 2
lea ecx, [ebp+edx+58h+var_74]
mov esi, [ecx]
sub edi, esi
mov [ebp+58h+var_34], edi
js loc_406E70
add esi, edi
mov [ecx], esi
xor ecx, ecx
dec eax
mov [ebp+58h+var_B0], ebx
jz short loc_406C20
xor esi, esi
loc_406C12: ; CODE XREF: sub_406B57+C7�j
add ecx, [ebp+esi+58h+var_70]
add esi, 4
dec eax
mov [ebp+esi+58h+var_B0], ecx
jnz short loc_406C12
loc_406C20: ; CODE XREF: sub_406B57+B7�j
mov ebx, [ebp+58h+arg_0]
xor esi, esi
loc_406C25: ; CODE XREF: sub_406B57+EB�j
mov eax, [ebx]
add ebx, 4
test eax, eax
jz short loc_406C3E
lea eax, [ebp+eax*4+58h+var_B4]
mov ecx, [eax]
mov dword_430AC8[ecx*4], esi
inc ecx
mov [eax], ecx
loc_406C3E: ; CODE XREF: sub_406B57+D5�j
inc esi
cmp esi, [ebp+58h+arg_4]
jb short loc_406C25
mov eax, [ebp+edx+58h+var_B4]
mov ecx, [ebp+58h+var_8]
or [ebp+58h+var_10], 0FFFFFFFFh
mov [ebp+58h+arg_4], eax
mov eax, [ebp+58h+var_4]
xor ebx, ebx
neg eax
cmp ecx, [ebp+58h+var_18]
mov [ebp+58h+var_C], ebx
mov [ebp+58h+var_B4], ebx
mov [ebp+58h+var_20], offset dword_430AC8
mov [ebp+58h+var_F0], ebx
mov [ebp+58h+var_30], ebx
jg loc_406E66
lea edx, [ecx-1]
lea ecx, [ebp+ecx*4+58h+var_74]
mov [ebp+58h+var_28], edx
mov [ebp+58h+var_24], ecx
loc_406C85: ; CODE XREF: sub_406B57+309�j
mov ecx, [ebp+58h+var_24]
mov esi, [ecx]
test esi, esi
jz loc_406E50
jmp short loc_406C97
; ---------------------------------------------------------------------------
loc_406C94: ; CODE XREF: sub_406B57+2F3�j
mov esi, [ebp+58h+var_2C]
loc_406C97: ; CODE XREF: sub_406B57+13B�j
mov ecx, [ebp+58h+var_4]
add ecx, eax
dec esi
cmp [ebp+58h+var_8], ecx
mov [ebp+58h+var_2C], esi
mov [ebp+58h+var_1C], ecx
jle loc_406D78
inc esi
mov [ebp+58h+var_14], esi
loc_406CB0: ; CODE XREF: sub_406B57+218�j
mov esi, [ebp+58h+var_18]
sub esi, [ebp+58h+var_1C]
inc [ebp+58h+var_10]
cmp esi, [ebp+58h+var_4]
jbe short loc_406CC1
mov esi, [ebp+58h+var_4]
loc_406CC1: ; CODE XREF: sub_406B57+165�j
mov ecx, [ebp+58h+var_8]
sub ecx, [ebp+58h+var_1C]
xor edx, edx
inc edx
shl edx, cl
cmp edx, [ebp+58h+var_14]
jbe short loc_406CF4
mov ebx, [ebp+58h+var_24]
or edi, 0FFFFFFFFh
sub edi, [ebp+58h+var_2C]
add edx, edi
cmp ecx, esi
jnb short loc_406CF4
jmp short loc_406CEF
; ---------------------------------------------------------------------------
loc_406CE2: ; CODE XREF: sub_406B57+19B�j
add ebx, 4
mov edi, [ebx]
shl edx, 1
cmp edx, edi
jbe short loc_406CF4
sub edx, edi
loc_406CEF: ; CODE XREF: sub_406B57+189�j
inc ecx
cmp ecx, esi
jb short loc_406CE2
loc_406CF4: ; CODE XREF: sub_406B57+178�j
; sub_406B57+187�j ...
mov edx, [ebp+58h+arg_1C]
mov edx, [edx]
xor esi, esi
inc esi
shl esi, cl
lea edi, [edx+esi]
cmp edi, 5A0h
mov [ebp+58h+var_30], esi
ja loc_406E70
mov esi, [ebp+58h+arg_18]
lea ebx, [esi+edx*4]
mov edx, [ebp+58h+arg_1C]
mov esi, [ebp+58h+var_10]
mov [edx], edi
mov edx, [ebp+58h+var_10]
test edx, edx
lea esi, [ebp+esi*4+58h+var_F0]
mov [esi], ebx
jz short loc_406D5C
mov edi, [ebp+58h+var_C]
mov esi, [esi-4]
mov [ebp+edx*4+58h+var_B4], edi
mov dl, byte ptr [ebp+58h+var_4]
mov byte ptr [ebp+58h+arg_0+1], dl
mov byte ptr [ebp+58h+arg_0], cl
mov ecx, eax
mov edx, edi
shr edx, cl
mov eax, ebx
sub eax, esi
sar eax, 2
sub eax, edx
mov word ptr [ebp+58h+arg_0+2], ax
mov eax, [ebp+58h+arg_0]
mov [esi+edx*4], eax
jmp short loc_406D61
; ---------------------------------------------------------------------------
loc_406D5C: ; CODE XREF: sub_406B57+1D5�j
mov eax, [ebp+58h+arg_14]
mov [eax], ebx
loc_406D61: ; CODE XREF: sub_406B57+203�j
mov ecx, [ebp+58h+var_1C]
mov eax, ecx
add ecx, [ebp+58h+var_4]
cmp [ebp+58h+var_8], ecx
mov [ebp+58h+var_1C], ecx
jg loc_406CB0
mov edi, [ebp+58h+var_34]
loc_406D78: ; CODE XREF: sub_406B57+14F�j
mov cl, byte ptr [ebp+58h+var_8]
mov esi, [ebp+58h+var_20]
sub cl, al
mov byte ptr [ebp+58h+arg_0+1], cl
mov ecx, [ebp+58h+arg_4]
lea ecx, ds:430AC8h[ecx*4]
cmp esi, ecx
jb short loc_406D97
mov byte ptr [ebp+58h+arg_0], 0C0h
jmp short loc_406DDD
; ---------------------------------------------------------------------------
loc_406D97: ; CODE XREF: sub_406B57+238�j
mov ecx, [esi]
cmp ecx, [ebp+58h+arg_8]
jnb short loc_406DBA
cmp ecx, 100h
setb cl
dec cl
and ecx, 60h
mov byte ptr [ebp+58h+arg_0], cl
mov cx, [esi]
add esi, 4
mov [ebp+58h+var_20], esi
jmp short loc_406DD9
; ---------------------------------------------------------------------------
loc_406DBA: ; CODE XREF: sub_406B57+245�j
sub ecx, [ebp+58h+arg_8]
mov edx, [ebp+58h+arg_10]
mov edi, [ebp+58h+var_34]
shl ecx, 1
mov dl, [ecx+edx]
add dl, 50h
add [ebp+58h+var_20], 4
mov byte ptr [ebp+58h+arg_0], dl
mov edx, [ebp+58h+arg_C]
mov cx, [ecx+edx]
loc_406DD9: ; CODE XREF: sub_406B57+261�j
mov word ptr [ebp+58h+arg_0+2], cx
loc_406DDD: ; CODE XREF: sub_406B57+23E�j
mov ecx, [ebp+58h+var_8]
mov edx, [ebp+58h+var_C]
xor esi, esi
sub ecx, eax
inc esi
shl esi, cl
mov ecx, eax
shr edx, cl
jmp short loc_406DF8
; ---------------------------------------------------------------------------
loc_406DF0: ; CODE XREF: sub_406B57+2A4�j
mov ecx, [ebp+58h+arg_0]
mov [ebx+edx*4], ecx
add edx, esi
loc_406DF8: ; CODE XREF: sub_406B57+297�j
cmp edx, [ebp+58h+var_30]
jb short loc_406DF0
mov ecx, [ebp+58h+var_28]
mov esi, [ebp+58h+var_C]
xor edx, edx
inc edx
shl edx, cl
jmp short loc_406E0E
; ---------------------------------------------------------------------------
loc_406E0A: ; CODE XREF: sub_406B57+2B9�j
xor esi, edx
shr edx, 1
loc_406E0E: ; CODE XREF: sub_406B57+2B1�j
test edx, esi
jnz short loc_406E0A
xor ecx, ecx
inc ecx
xor esi, edx
mov edx, ecx
mov ecx, eax
shl edx, cl
mov [ebp+58h+var_C], esi
dec edx
and edx, esi
mov ecx, edx
mov edx, [ebp+58h+var_10]
cmp ecx, [ebp+edx*4+58h+var_B4]
jz short loc_406E46
loc_406E2E: ; CODE XREF: sub_406B57+2EA�j
sub eax, [ebp+58h+var_4]
xor esi, esi
inc esi
mov ecx, eax
shl esi, cl
dec edx
dec esi
and esi, [ebp+58h+var_C]
cmp esi, [ebp+edx*4+58h+var_B4]
jnz short loc_406E2E
mov [ebp+58h+var_10], edx
loc_406E46: ; CODE XREF: sub_406B57+2D5�j
cmp [ebp+58h+var_2C], 0
jnz loc_406C94
loc_406E50: ; CODE XREF: sub_406B57+135�j
inc [ebp+58h+var_8]
add [ebp+58h+var_24], 4
mov ecx, [ebp+58h+var_8]
inc [ebp+58h+var_28]
cmp ecx, [ebp+58h+var_18]
jle loc_406C85
loc_406E66: ; CODE XREF: sub_406B57+11B�j
test edi, edi
jz short loc_406E75
cmp [ebp+58h+var_18], 1
jz short loc_406E75
loc_406E70: ; CODE XREF: sub_406B57+8A�j
; sub_406B57+A7�j ...
or eax, 0FFFFFFFFh
jmp short loc_406E77
; ---------------------------------------------------------------------------
loc_406E75: ; CODE XREF: sub_406B57+311�j
; sub_406B57+317�j
xor eax, eax
loc_406E77: ; CODE XREF: sub_406B57+31C�j
pop ebx
loc_406E78: ; CODE XREF: sub_406B57+3F�j
pop edi
pop esi
add ebp, 58h
leave
retn 20h
sub_406B57 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406E81 proc near ; CODE XREF: sub_403412+FA�p
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 40h
mov eax, [ebp+arg_0]
mov ecx, [eax]
push ebx
lea ebx, [eax+10h]
mov eax, [eax+4]
mov [ebp+var_30], eax
mov eax, [ebx+51Ch]
mov [ebp+var_3C], eax
mov eax, [ebx+518h]
mov [ebp+var_34], ecx
mov ecx, [ebx+9BA8h]
mov [ebp+var_38], eax
mov eax, [ebx+9BA4h]
cmp ecx, eax
push esi
push edi
mov [ebp+var_2C], ecx
jnb short loc_406EC5
sub eax, ecx
dec eax
jmp short loc_406ECD
; ---------------------------------------------------------------------------
loc_406EC5: ; CODE XREF: sub_406E81+3D�j
mov eax, [ebx+9BA0h]
sub eax, ecx
loc_406ECD: ; CODE XREF: sub_406E81+42�j
mov [ebp+var_28], eax
jmp loc_4078E2
; ---------------------------------------------------------------------------
loc_406ED5: ; CODE XREF: sub_406E81+A66�j
jmp ds:off_40793F[eax*4]
loc_406EDC: ; DATA XREF: .text:0040795F�o
mov esi, [ebp+var_38]
jmp short loc_406F02
; ---------------------------------------------------------------------------
loc_406EE1: ; CODE XREF: sub_406E81+84�j
xor edi, edi
cmp [ebp+var_30], edi
jz loc_40790E
mov eax, [ebp+var_34]
movzx eax, byte ptr [eax]
dec [ebp+var_30]
mov ecx, esi
shl eax, cl
or [ebp+var_3C], eax
inc [ebp+var_34]
add esi, 8
loc_406F02: ; CODE XREF: sub_406E81+5E�j
cmp esi, 3
jb short loc_406EE1
mov eax, [ebp+var_3C]
shr [ebp+var_3C], 3
and eax, 7
mov ecx, eax
and cl, 1
sub esi, 3
neg cl
mov [ebp+var_38], esi
sbb ecx, ecx
and ecx, 7
add ecx, 8
shr eax, 1
sub eax, 0
mov [ebx+514h], ecx
jz loc_407063
dec eax
jz short loc_406F92
dec eax
jz short loc_406F87
dec eax
jnz loc_4078E2
loc_406F44: ; CODE XREF: sub_406E81:loc_406ED5�j
; sub_406E81+374�j ...
or edi, 0FFFFFFFFh
mov dword ptr [ebx], 11h
loc_406F4D: ; CODE XREF: sub_406E81+AB1�j
; sub_406E81+AB9�j
mov eax, [ebp+var_3C]
mov ecx, [ebp+arg_0]
mov [ebx+51Ch], eax
mov eax, [ebp+var_38]
mov [ebx+518h], eax
mov eax, [ebp+var_30]
mov [ecx+4], eax
loc_406F68: ; CODE XREF: sub_406E81+AAA�j
mov eax, [ebp+var_34]
mov esi, [ebp+arg_0]
mov [esi], eax
mov eax, [ebp+var_2C]
mov [ebx+9BA8h], eax
call sub_406AF7
mov eax, edi
pop edi
pop esi
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_406F87: ; CODE XREF: sub_406E81+BA�j
mov dword ptr [ebx], 0Bh
jmp loc_4078E2
; ---------------------------------------------------------------------------
loc_406F92: ; CODE XREF: sub_406E81+B7�j
cmp byte_431C4C, 0
jnz loc_40703B
and [ebp+var_4], 0
mov esi, offset dword_430F48
mov eax, esi
loc_406FAA: ; CODE XREF: sub_406E81+153�j
cmp eax, offset dword_431184
mov cl, 8
jle short loc_406FC7
cmp eax, offset dword_431348
jge short loc_406FBE
inc cl
jmp short loc_406FC7
; ---------------------------------------------------------------------------
loc_406FBE: ; CODE XREF: sub_406E81+137�j
cmp eax, offset dword_4313A8
jge short loc_406FC7
mov cl, 7
loc_406FC7: ; CODE XREF: sub_406E81+130�j
; sub_406E81+13B�j ...
movsx ecx, cl
mov [eax], ecx
add eax, 4
cmp eax, offset dword_4313C8
jl short loc_406FAA
lea eax, [ebp+var_4]
push eax
push offset dword_4313C8
push offset dword_430AC0
push offset dword_409FA4
push offset dword_409F64
push 101h
push 120h
push esi
mov eax, offset byte_40D084
call sub_406B57
push 1Eh
pop ecx
push 5
pop eax
mov edi, esi
rep stosd
lea eax, [ebp+var_4]
push eax
push offset dword_4313C8
push offset dword_431C48
push offset dword_40A020
push offset dword_409FE4
push 0
push 1Eh
push esi
mov eax, offset byte_40D088
call sub_406B57
mov byte_431C4C, 1
loc_40703B: ; CODE XREF: sub_406E81+118�j
mov al, byte_40D084
mov [ebx+10h], al
mov al, byte_40D088
mov [ebx+11h], al
mov eax, dword_430AC0
mov [ebx+14h], eax
mov eax, dword_431C48
mov [ebx+18h], eax
loc_40705B: ; CODE XREF: sub_406E81+87E�j
; sub_406E81+950�j ...
and dword ptr [ebx], 0
jmp loc_4078E2
; ---------------------------------------------------------------------------
loc_407063: ; CODE XREF: sub_406E81+B0�j
mov ecx, esi
and ecx, 7
shr [ebp+var_3C], cl
sub esi, ecx
mov [ebp+var_38], esi
mov dword ptr [ebx], 9
jmp loc_4078E2
; ---------------------------------------------------------------------------
loc_40707B: ; CODE XREF: sub_406E81:loc_406ED5�j
; DATA XREF: .text:00407963�o
mov ecx, [ebp+var_38]
xor edi, edi
loc_407080: ; CODE XREF: sub_406E81+221�j
cmp ecx, 10h
jnb short loc_4070A4
cmp [ebp+var_30], edi
jz loc_4078F2
mov eax, [ebp+var_34]
movzx eax, byte ptr [eax]
dec [ebp+var_30]
shl eax, cl
or [ebp+var_3C], eax
inc [ebp+var_34]
add ecx, 8
jmp short loc_407080
; ---------------------------------------------------------------------------
loc_4070A4: ; CODE XREF: sub_406E81+202�j
mov eax, [ebp+var_3C]
and eax, 0FFFFh
cmp eax, edi
mov [ebx+4], eax
mov [ebp+var_38], edi
mov [ebp+var_3C], edi
jz loc_4071A7
push 0Ah
pop eax
jmp loc_4071AD
; ---------------------------------------------------------------------------
loc_4070C5: ; CODE XREF: sub_406E81:loc_406ED5�j
; DATA XREF: .text:00407967�o
xor edi, edi
cmp [ebp+var_30], edi
jz loc_4078FA
cmp [ebp+var_28], edi
jnz loc_407170
mov ecx, [ebx+9BA0h]
cmp [ebp+var_2C], ecx
jnz short loc_40710B
mov eax, [ebx+9BA4h]
lea edx, [ebx+1BA0h]
cmp edx, eax
jz short loc_40710B
mov [ebp+var_2C], edx
jnb short loc_407101
sub eax, edx
dec eax
mov [ebp+var_28], eax
jmp short loc_407106
; ---------------------------------------------------------------------------
loc_407101: ; CODE XREF: sub_406E81+276�j
sub ecx, edx
mov [ebp+var_28], ecx
loc_407106: ; CODE XREF: sub_406E81+27E�j
cmp [ebp+var_28], edi
jnz short loc_407170
loc_40710B: ; CODE XREF: sub_406E81+261�j
; sub_406E81+271�j
mov eax, [ebp+var_2C]
mov esi, [ebp+arg_0]
mov [ebx+9BA8h], eax
call sub_406AF7
mov esi, [ebx+9BA8h]
mov ecx, [ebx+9BA4h]
cmp esi, ecx
mov [ebp+var_2C], esi
jnb short loc_407136
mov eax, ecx
sub eax, esi
dec eax
jmp short loc_40713E
; ---------------------------------------------------------------------------
loc_407136: ; CODE XREF: sub_406E81+2AC�j
mov eax, [ebx+9BA0h]
sub eax, esi
loc_40713E: ; CODE XREF: sub_406E81+2B3�j
mov edx, [ebx+9BA0h]
cmp esi, edx
mov [ebp+var_28], eax
jnz short loc_407168
lea esi, [ebx+1BA0h]
cmp esi, ecx
jz short loc_407168
mov [ebp+var_2C], esi
jnb short loc_407161
sub ecx, esi
dec ecx
mov eax, ecx
jmp short loc_407165
; ---------------------------------------------------------------------------
loc_407161: ; CODE XREF: sub_406E81+2D7�j
sub edx, esi
mov eax, edx
loc_407165: ; CODE XREF: sub_406E81+2DE�j
mov [ebp+var_28], eax
loc_407168: ; CODE XREF: sub_406E81+2C8�j
; sub_406E81+2D2�j
test eax, eax
jz loc_407930
loc_407170: ; CODE XREF: sub_406E81+252�j
; sub_406E81+288�j
mov eax, [ebp+var_28]
cmp eax, [ebp+var_30]
mov esi, eax
jb short loc_40717D
mov esi, [ebp+var_30]
loc_40717D: ; CODE XREF: sub_406E81+2F7�j
mov eax, [ebx+4]
cmp eax, esi
jnb short loc_407186
mov esi, eax
loc_407186: ; CODE XREF: sub_406E81+301�j
push esi
push [ebp+var_34]
push [ebp+var_2C]
call sub_405E24
add [ebp+var_34], esi
sub [ebp+var_30], esi
add [ebp+var_2C], esi
sub [ebp+var_28], esi
sub [ebx+4], esi
jnz loc_4078E2
loc_4071A7: ; CODE XREF: sub_406E81+236�j
mov eax, [ebx+514h]
loc_4071AD: ; CODE XREF: sub_406E81+23F�j
mov [ebx], eax
jmp loc_4078E2
; ---------------------------------------------------------------------------
loc_4071B4: ; CODE XREF: sub_406E81:loc_406ED5�j
; DATA XREF: .text:0040796B�o
mov esi, [ebp+var_38]
jmp short loc_4071DD
; ---------------------------------------------------------------------------
loc_4071B9: ; CODE XREF: sub_406E81+35F�j
xor edi, edi
cmp [ebp+var_30], edi
jz loc_40790E
mov eax, [ebp+var_34]
movzx eax, byte ptr [eax]
dec [ebp+var_30]
mov ecx, esi
shl eax, cl
or [ebp+var_3C], eax
inc [ebp+var_34]
add esi, 8
mov [ebp+var_38], esi
loc_4071DD: ; CODE XREF: sub_406E81+336�j
cmp esi, 0Eh
jb short loc_4071B9
mov eax, [ebp+var_3C]
and eax, 3FFFh
mov ecx, eax
and ecx, 1Fh
cmp cl, 1Dh
mov [ebx+4], eax
ja loc_406F44
and eax, 3E0h
cmp eax, 3A0h
ja loc_406F44
shr [ebp+var_3C], 0Eh
sub esi, 0Eh
and dword ptr [ebx+8], 0
mov dword ptr [ebx], 0Ch
jmp short loc_407267
; ---------------------------------------------------------------------------
loc_40721E: ; CODE XREF: sub_406E81:loc_406ED5�j
; DATA XREF: .text:0040796F�o
mov esi, [ebp+var_38]
jmp short loc_40726A
; ---------------------------------------------------------------------------
loc_407223: ; CODE XREF: sub_406E81+3C6�j
xor edi, edi
cmp [ebp+var_30], edi
jz loc_40790E
mov eax, [ebp+var_34]
movzx eax, byte ptr [eax]
dec [ebp+var_30]
mov ecx, esi
shl eax, cl
or [ebp+var_3C], eax
inc [ebp+var_34]
add esi, 8
loc_407244: ; CODE XREF: sub_406E81+3F5�j
cmp esi, 3
jb short loc_407223
mov ecx, [ebx+8]
mov eax, [ebp+var_3C]
movsx ecx, ds:byte_409F50[ecx]
shr [ebp+var_3C], 3
and eax, 7
mov [ebx+ecx*4+0Ch], eax
inc dword ptr [ebx+8]
sub esi, 3
loc_407267: ; CODE XREF: sub_406E81+39B�j
mov [ebp+var_38], esi
loc_40726A: ; CODE XREF: sub_406E81+3A0�j
mov eax, [ebx+4]
shr eax, 0Ah
add eax, 4
cmp [ebx+8], eax
jb short loc_407244
push 13h
pop ecx
jmp short loc_40728F
; ---------------------------------------------------------------------------
loc_40727D: ; CODE XREF: sub_406E81+411�j
mov eax, [ebx+8]
movsx eax, ds:byte_409F50[eax]
and dword ptr [ebx+eax*4+0Ch], 0
inc dword ptr [ebx+8]
loc_40728F: ; CODE XREF: sub_406E81+3FA�j
cmp [ebx+8], ecx
jb short loc_40727D
lea edx, [ebp+var_C]
push edx
lea edx, [ebx+520h]
push edx
xor eax, eax
lea edx, [ebx+510h]
push edx
push eax
push eax
push ecx
mov [ebp+var_C], eax
push ecx
lea eax, [ebx+0Ch]
lea edi, [ebx+50Ch]
push eax
mov eax, edi
mov dword ptr [edi], 7
call sub_406B57
test eax, eax
jnz short loc_4072DC
cmp [edi], eax
jz short loc_4072DC
and [ebx+8], eax
mov dword ptr [ebx], 0Dh
jmp loc_407409
; ---------------------------------------------------------------------------
loc_4072DC: ; CODE XREF: sub_406E81+447�j
; sub_406E81+44B�j
mov dword ptr [ebx], 11h
jmp loc_4078E2
; ---------------------------------------------------------------------------
loc_4072E7: ; CODE XREF: sub_406E81:loc_406ED5�j
; DATA XREF: .text:00407973�o
mov esi, [ebp+var_38]
jmp loc_407409
; ---------------------------------------------------------------------------
loc_4072EF: ; CODE XREF: sub_406E81+5A0�j
mov eax, [ebx+50Ch]
jmp short loc_407318
; ---------------------------------------------------------------------------
loc_4072F7: ; CODE XREF: sub_406E81+499�j
xor edi, edi
cmp [ebp+var_30], edi
jz loc_40790E
mov ecx, [ebp+var_34]
movzx edx, byte ptr [ecx]
dec [ebp+var_30]
mov ecx, esi
shl edx, cl
or [ebp+var_3C], edx
inc [ebp+var_34]
add esi, 8
loc_407318: ; CODE XREF: sub_406E81+474�j
cmp esi, eax
jb short loc_4072F7
movzx eax, word_40D060[eax*2]
and eax, [ebp+var_3C]
mov ecx, [ebx+510h]
lea eax, [ecx+eax*4]
movzx edx, byte ptr [eax+1]
movzx eax, word ptr [eax+2]
cmp eax, 10h
mov [ebp+var_C], eax
jnb short loc_407359
mov ecx, edx
shr [ebp+var_3C], cl
mov ecx, [ebx+8]
sub esi, edx
mov [ebx+ecx*4+0Ch], eax
inc dword ptr [ebx+8]
mov [ebp+var_38], esi
jmp loc_407409
; ---------------------------------------------------------------------------
loc_407359: ; CODE XREF: sub_406E81+4BD�j
cmp eax, 12h
jnz short loc_40736A
push 7
pop eax
mov [ebp+var_4], 0Bh
jmp short loc_407397
; ---------------------------------------------------------------------------
loc_40736A: ; CODE XREF: sub_406E81+4DB�j
add eax, 0FFFFFFF2h
mov [ebp+var_4], 3
jmp short loc_407397
; ---------------------------------------------------------------------------
loc_407376: ; CODE XREF: sub_406E81+51B�j
xor edi, edi
cmp [ebp+var_30], edi
jz loc_40790E
mov ecx, [ebp+var_34]
movzx edi, byte ptr [ecx]
dec [ebp+var_30]
mov ecx, esi
shl edi, cl
or [ebp+var_3C], edi
inc [ebp+var_34]
add esi, 8
loc_407397: ; CODE XREF: sub_406E81+4E7�j
; sub_406E81+4F3�j
lea ecx, [eax+edx]
cmp esi, ecx
jb short loc_407376
mov ecx, edx
shr [ebp+var_3C], cl
movzx ecx, word_40D060[eax*2]
and ecx, [ebp+var_3C]
sub esi, edx
mov edx, [ebp+var_4]
add edx, ecx
mov ecx, eax
shr [ebp+var_3C], cl
mov ecx, [ebx+8]
sub esi, eax
mov eax, [ebx+4]
mov edi, eax
shr edi, 5
and edi, 1Fh
and eax, 1Fh
lea eax, [edi+eax+102h]
lea edi, [edx+ecx]
cmp edi, eax
mov [ebp+var_38], esi
ja loc_406F44
cmp [ebp+var_C], 10h
jnz short loc_4073F7
cmp ecx, 1
jb loc_406F44
mov edi, [ebx+ecx*4+8]
jmp short loc_4073F9
; ---------------------------------------------------------------------------
loc_4073F7: ; CODE XREF: sub_406E81+565�j
xor edi, edi
loc_4073F9: ; CODE XREF: sub_406E81+574�j
lea eax, [ebx+ecx*4+0Ch]
loc_4073FD: ; CODE XREF: sub_406E81+583�j
mov [eax], edi
inc ecx
add eax, 4
dec edx
jnz short loc_4073FD
mov [ebx+8], ecx
loc_407409: ; CODE XREF: sub_406E81+456�j
; sub_406E81+469�j ...
mov eax, [ebx+4]
mov ecx, eax
shr ecx, 5
and ecx, 1Fh
and eax, 1Fh
lea eax, [ecx+eax+102h]
cmp [ebx+8], eax
jb loc_4072EF
mov eax, [ebx+4]
and dword ptr [ebx+510h], 0
and [ebp+var_8], 0
mov edi, eax
shr eax, 5
and eax, 1Fh
mov ecx, 101h
and edi, 1Fh
add edi, ecx
inc eax
mov [ebp+var_10], eax
lea edx, [ebp+var_8]
push edx
lea eax, [ebx+520h]
push eax
lea eax, [ebp+var_14]
push eax
push offset dword_409FA4
push offset dword_409F64
push ecx
push edi
lea eax, [ebx+0Ch]
push eax
lea eax, [ebp+var_4]
mov [ebp+var_4], 9
mov [ebp+var_C], 6
call sub_406B57
cmp [ebp+var_4], 0
jnz short loc_407489
or eax, 0FFFFFFFFh
loc_407489: ; CODE XREF: sub_406E81+603�j
test eax, eax
jnz loc_406F44
lea eax, [ebp+var_8]
push eax
lea eax, [ebx+520h]
push eax
lea eax, [ebp+var_18]
push eax
push offset dword_40A020
push offset dword_409FE4
push 0
push [ebp+var_10]
lea eax, [ebx+edi*4+0Ch]
push eax
lea eax, [ebp+var_C]
call sub_406B57
test eax, eax
jnz loc_406F44
mov eax, [ebp+var_C]
test eax, eax
jnz short loc_4074D7
cmp edi, 101h
jg loc_406F44
loc_4074D7: ; CODE XREF: sub_406E81+648�j
mov cl, byte ptr [ebp+var_4]
and dword ptr [ebx], 0
mov [ebx+11h], al
mov eax, [ebp+var_14]
mov [ebx+14h], eax
mov eax, [ebp+var_18]
mov [ebx+10h], cl
mov [ebx+18h], eax
jmp short loc_4074F4
; ---------------------------------------------------------------------------
loc_4074F1: ; CODE XREF: sub_406E81:loc_406ED5�j
; DATA XREF: .text:off_40793F�o
mov esi, [ebp+var_38]
loc_4074F4: ; CODE XREF: sub_406E81+66E�j
movzx eax, byte ptr [ebx+10h]
mov [ebx+0Ch], eax
mov eax, [ebx+14h]
mov [ebx+8], eax
mov dword ptr [ebx], 1
jmp short loc_40750C
; ---------------------------------------------------------------------------
loc_407509: ; CODE XREF: sub_406E81:loc_406ED5�j
; DATA XREF: .text:00407943�o
mov esi, [ebp+var_38]
loc_40750C: ; CODE XREF: sub_406E81+686�j
mov eax, [ebx+0Ch]
jmp short loc_407532
; ---------------------------------------------------------------------------
loc_407511: ; CODE XREF: sub_406E81+6B3�j
xor edi, edi
cmp [ebp+var_30], edi
jz loc_40790E
mov ecx, [ebp+var_34]
movzx edx, byte ptr [ecx]
dec [ebp+var_30]
mov ecx, esi
shl edx, cl
or [ebp+var_3C], edx
inc [ebp+var_34]
add esi, 8
loc_407532: ; CODE XREF: sub_406E81+68E�j
cmp esi, eax
jb short loc_407511
movzx eax, word_40D060[eax*2]
and eax, [ebp+var_3C]
mov ecx, [ebx+8]
lea eax, [ecx+eax*4]
movzx ecx, byte ptr [eax+1]
shr [ebp+var_3C], cl
sub esi, ecx
movzx ecx, byte ptr [eax]
test ecx, ecx
mov [ebp+var_38], esi
jnz short loc_40756C
movzx eax, word ptr [eax+2]
mov [ebx+8], eax
mov dword ptr [ebx], 6
jmp loc_4078E2
; ---------------------------------------------------------------------------
loc_40756C: ; CODE XREF: sub_406E81+6D7�j
test cl, 10h
jz short loc_407589
and ecx, 0Fh
mov [ebx+8], ecx
movzx eax, word ptr [eax+2]
mov [ebx+4], eax
mov dword ptr [ebx], 2
jmp loc_4078E2
; ---------------------------------------------------------------------------
loc_407589: ; CODE XREF: sub_406E81+6EE�j
test cl, 40h
jz loc_407670
test cl, 20h
jz loc_406F44
mov dword ptr [ebx], 7
jmp loc_4078E2
; ---------------------------------------------------------------------------
loc_4075A6: ; CODE XREF: sub_406E81:loc_406ED5�j
; DATA XREF: .text:00407947�o
mov eax, [ebx+8]
mov edx, [ebp+var_38]
jmp short loc_4075CF
; ---------------------------------------------------------------------------
loc_4075AE: ; CODE XREF: sub_406E81+750�j
xor edi, edi
cmp [ebp+var_30], edi
jz loc_407916
mov ecx, [ebp+var_34]
movzx esi, byte ptr [ecx]
dec [ebp+var_30]
mov ecx, edx
shl esi, cl
or [ebp+var_3C], esi
inc [ebp+var_34]
add edx, 8
loc_4075CF: ; CODE XREF: sub_406E81+72B�j
cmp edx, eax
jb short loc_4075AE
movzx ecx, word_40D060[eax*2]
and ecx, [ebp+var_3C]
add [ebx+4], ecx
mov ecx, eax
shr [ebp+var_3C], cl
sub edx, eax
movzx eax, byte ptr [ebx+11h]
mov [ebx+0Ch], eax
mov eax, [ebx+18h]
mov [ebx+8], eax
mov dword ptr [ebx], 3
jmp short loc_407600
; ---------------------------------------------------------------------------
loc_4075FD: ; CODE XREF: sub_406E81:loc_406ED5�j
; DATA XREF: .text:0040794B�o
mov edx, [ebp+var_38]
loc_407600: ; CODE XREF: sub_406E81+77A�j
mov eax, [ebx+0Ch]
jmp short loc_407626
; ---------------------------------------------------------------------------
loc_407605: ; CODE XREF: sub_406E81+7A7�j
xor edi, edi
cmp [ebp+var_30], edi
jz loc_407916
mov ecx, [ebp+var_34]
movzx esi, byte ptr [ecx]
dec [ebp+var_30]
mov ecx, edx
shl esi, cl
or [ebp+var_3C], esi
inc [ebp+var_34]
add edx, 8
loc_407626: ; CODE XREF: sub_406E81+782�j
cmp edx, eax
jb short loc_407605
movzx eax, word_40D060[eax*2]
and eax, [ebp+var_3C]
mov ecx, [ebx+8]
lea eax, [ecx+eax*4]
movzx ecx, byte ptr [eax+1]
shr [ebp+var_3C], cl
sub edx, ecx
movzx ecx, byte ptr [eax]
test cl, 10h
mov [ebp+var_38], edx
jz short loc_407667
and ecx, 0Fh
mov [ebx+8], ecx
movzx eax, word ptr [eax+2]
mov [ebx+0Ch], eax
mov dword ptr [ebx], 4
jmp loc_4078E2
; ---------------------------------------------------------------------------
loc_407667: ; CODE XREF: sub_406E81+7CC�j
test cl, 40h
jnz loc_406F44
loc_407670: ; CODE XREF: sub_406E81+70B�j
mov [ebx+0Ch], ecx
movzx ecx, word ptr [eax+2]
lea eax, [eax+ecx*4]
mov [ebx+8], eax
jmp loc_4078E2
; ---------------------------------------------------------------------------
loc_407682: ; CODE XREF: sub_406E81:loc_406ED5�j
; DATA XREF: .text:0040794F�o
mov eax, [ebx+8]
mov edx, [ebp+var_38]
jmp short loc_4076AB
; ---------------------------------------------------------------------------
loc_40768A: ; CODE XREF: sub_406E81+82C�j
xor edi, edi
cmp [ebp+var_30], edi
jz loc_407916
mov ecx, [ebp+var_34]
movzx esi, byte ptr [ecx]
dec [ebp+var_30]
mov ecx, edx
shl esi, cl
or [ebp+var_3C], esi
inc [ebp+var_34]
add edx, 8
loc_4076AB: ; CODE XREF: sub_406E81+807�j
cmp edx, eax
jb short loc_40768A
movzx ecx, word_40D060[eax*2]
and ecx, [ebp+var_3C]
add [ebx+0Ch], ecx
mov ecx, eax
shr [ebp+var_3C], cl
sub edx, eax
mov [ebp+var_38], edx
mov dword ptr [ebx], 5
loc_4076CD: ; CODE XREF: sub_406E81:loc_406ED5�j
; DATA XREF: .text:00407953�o
mov ecx, [ebp+var_2C]
mov eax, [ebx+0Ch]
mov edx, ecx
sub edx, ebx
sub edx, 1BA0h
cmp edx, eax
jnb short loc_4076F4
mov edx, [ebx+9BA0h]
sub edx, eax
sub edx, ebx
lea edi, [edx+ecx-1BA0h]
jmp short loc_4076F8
; ---------------------------------------------------------------------------
loc_4076F4: ; CODE XREF: sub_406E81+85E�j
mov edi, ecx
sub edi, eax
loc_4076F8: ; CODE XREF: sub_406E81+871�j
cmp dword ptr [ebx+4], 0
mov [ebp+var_1C], edi
jz loc_40705B
mov esi, [ebp+var_28]
mov eax, [ebp+var_2C]
loc_40770B: ; CODE XREF: sub_406E81+94A�j
test esi, esi
jnz loc_4077A3
mov esi, [ebx+9BA0h]
cmp eax, esi
jnz short loc_407740
mov ecx, [ebx+9BA4h]
lea edx, [ebx+1BA0h]
cmp ecx, edx
jz short loc_407740
mov eax, edx
cmp eax, ecx
jnb short loc_40773A
sub ecx, eax
dec ecx
mov esi, ecx
jmp short loc_40773C
; ---------------------------------------------------------------------------
loc_40773A: ; CODE XREF: sub_406E81+8B0�j
sub esi, eax
loc_40773C: ; CODE XREF: sub_406E81+8B7�j
test esi, esi
jnz short loc_4077A3
loc_407740: ; CODE XREF: sub_406E81+89A�j
; sub_406E81+8AA�j
mov esi, [ebp+arg_0]
mov [ebx+9BA8h], eax
call sub_406AF7
mov eax, [ebx+9BA8h]
mov ecx, [ebx+9BA4h]
cmp eax, ecx
mov [ebp+var_2C], eax
jnb short loc_407768
mov esi, ecx
sub esi, eax
dec esi
jmp short loc_407770
; ---------------------------------------------------------------------------
loc_407768: ; CODE XREF: sub_406E81+8DE�j
mov esi, [ebx+9BA0h]
sub esi, eax
loc_407770: ; CODE XREF: sub_406E81+8E5�j
mov edx, [ebx+9BA0h]
cmp eax, edx
jnz short loc_407798
lea edi, [ebx+1BA0h]
cmp ecx, edi
jz short loc_407798
mov eax, edi
cmp eax, ecx
mov [ebp+var_2C], eax
jnb short loc_407794
sub ecx, eax
dec ecx
mov esi, ecx
jmp short loc_407798
; ---------------------------------------------------------------------------
loc_407794: ; CODE XREF: sub_406E81+90A�j
sub edx, eax
mov esi, edx
loc_407798: ; CODE XREF: sub_406E81+8F7�j
; sub_406E81+901�j ...
test esi, esi
jz loc_407930
mov edi, [ebp+var_1C]
loc_4077A3: ; CODE XREF: sub_406E81+88C�j
; sub_406E81+8BD�j
mov cl, [edi]
mov [eax], cl
inc eax
inc edi
dec esi
cmp edi, [ebx+9BA0h]
mov [ebp+var_2C], eax
mov [ebp+var_1C], edi
mov [ebp+var_28], esi
jnz short loc_4077C4
lea edi, [ebx+1BA0h]
mov [ebp+var_1C], edi
loc_4077C4: ; CODE XREF: sub_406E81+938�j
dec dword ptr [ebx+4]
cmp dword ptr [ebx+4], 0
jnz loc_40770B
jmp loc_40705B
; ---------------------------------------------------------------------------
loc_4077D6: ; CODE XREF: sub_406E81:loc_406ED5�j
; DATA XREF: .text:00407957�o
cmp [ebp+var_28], 0
jnz loc_407878
mov ecx, [ebx+9BA0h]
cmp [ebp+var_2C], ecx
jnz short loc_407813
mov eax, [ebx+9BA4h]
lea edx, [ebx+1BA0h]
cmp edx, eax
jz short loc_407813
mov [ebp+var_2C], edx
jnb short loc_407808
sub eax, edx
dec eax
mov [ebp+var_28], eax
jmp short loc_40780D
; ---------------------------------------------------------------------------
loc_407808: ; CODE XREF: sub_406E81+97D�j
sub ecx, edx
mov [ebp+var_28], ecx
loc_40780D: ; CODE XREF: sub_406E81+985�j
cmp [ebp+var_28], 0
jnz short loc_407878
loc_407813: ; CODE XREF: sub_406E81+968�j
; sub_406E81+978�j
mov eax, [ebp+var_2C]
mov esi, [ebp+arg_0]
mov [ebx+9BA8h], eax
call sub_406AF7
mov esi, [ebx+9BA8h]
mov ecx, [ebx+9BA4h]
cmp esi, ecx
mov [ebp+var_2C], esi
jnb short loc_40783E
mov eax, ecx
sub eax, esi
dec eax
jmp short loc_407846
; ---------------------------------------------------------------------------
loc_40783E: ; CODE XREF: sub_406E81+9B4�j
mov eax, [ebx+9BA0h]
sub eax, esi
loc_407846: ; CODE XREF: sub_406E81+9BB�j
mov edx, [ebx+9BA0h]
cmp esi, edx
mov [ebp+var_28], eax
jnz short loc_407870
lea esi, [ebx+1BA0h]
cmp esi, ecx
jz short loc_407870
mov [ebp+var_2C], esi
jnb short loc_407869
sub ecx, esi
dec ecx
mov eax, ecx
jmp short loc_40786D
; ---------------------------------------------------------------------------
loc_407869: ; CODE XREF: sub_406E81+9DF�j
sub edx, esi
mov eax, edx
loc_40786D: ; CODE XREF: sub_406E81+9E6�j
mov [ebp+var_28], eax
loc_407870: ; CODE XREF: sub_406E81+9D0�j
; sub_406E81+9DA�j
test eax, eax
jz loc_407930
loc_407878: ; CODE XREF: sub_406E81+959�j
; sub_406E81+990�j
mov ecx, [ebp+var_2C]
mov al, [ebx+8]
inc [ebp+var_2C]
dec [ebp+var_28]
mov [ecx], al
jmp loc_40705B
; ---------------------------------------------------------------------------
loc_40788B: ; CODE XREF: sub_406E81:loc_406ED5�j
; DATA XREF: .text:0040795B�o
cmp [ebp+var_38], 7
jbe short loc_40789B
sub [ebp+var_38], 8
inc [ebp+var_30]
dec [ebp+var_34]
loc_40789B: ; CODE XREF: sub_406E81:loc_406ED5�j
; sub_406E81+A0E�j
; DATA XREF: ...
mov eax, [ebp+var_2C]
mov esi, [ebp+arg_0]
mov [ebx+9BA8h], eax
call sub_406AF7
mov ecx, [ebx+9BA8h]
mov edx, [ebx+9BA4h]
cmp ecx, edx
mov [ebp+var_2C], ecx
jnb short loc_4078C6
mov eax, edx
sub eax, ecx
dec eax
jmp short loc_4078CE
; ---------------------------------------------------------------------------
loc_4078C6: ; CODE XREF: sub_406E81+A3C�j
mov eax, [ebx+9BA0h]
sub eax, ecx
loc_4078CE: ; CODE XREF: sub_406E81+A43�j
cmp ecx, edx
mov [ebp+var_28], eax
jnz short loc_407930
mov eax, [ebx+514h]
cmp eax, 8
mov [ebx], eax
jnz short loc_407937
loc_4078E2: ; CODE XREF: sub_406E81+4F�j
; sub_406E81+BD�j ...
mov eax, [ebx]
cmp eax, 0Fh
jbe loc_406ED5
jmp loc_406F44
; ---------------------------------------------------------------------------
loc_4078F2: ; CODE XREF: sub_406E81+207�j
mov [ebx+518h], ecx
jmp short loc_40791C
; ---------------------------------------------------------------------------
loc_4078FA: ; CODE XREF: sub_406E81+249�j
mov eax, [ebp+var_3C]
mov [ebx+51Ch], eax
mov eax, [ebp+var_38]
mov [ebx+518h], eax
jmp short loc_407925
; ---------------------------------------------------------------------------
loc_40790E: ; CODE XREF: sub_406E81+65�j
; sub_406E81+33D�j ...
mov [ebx+518h], esi
jmp short loc_40791C
; ---------------------------------------------------------------------------
loc_407916: ; CODE XREF: sub_406E81+732�j
; sub_406E81+789�j ...
mov [ebx+518h], edx
loc_40791C: ; CODE XREF: sub_406E81+A77�j
; sub_406E81+A93�j
mov eax, [ebp+var_3C]
mov [ebx+51Ch], eax
loc_407925: ; CODE XREF: sub_406E81+A8B�j
mov eax, [ebp+arg_0]
mov [eax+4], edi
jmp loc_406F68
; ---------------------------------------------------------------------------
loc_407930: ; CODE XREF: sub_406E81+2E9�j
; sub_406E81+919�j ...
xor edi, edi
jmp loc_406F4D
; ---------------------------------------------------------------------------
loc_407937: ; CODE XREF: sub_406E81+A5F�j
xor edi, edi
inc edi
jmp loc_406F4D
sub_406E81 endp
; ---------------------------------------------------------------------------
off_40793F dd offset loc_4074F1 ; DATA XREF: sub_406E81:loc_406ED5�r
dd offset loc_407509
dd offset loc_4075A6
dd offset loc_4075FD
dd offset loc_407682
dd offset loc_4076CD
dd offset loc_4077D6
dd offset loc_40788B
dd offset loc_406EDC
dd offset loc_40707B
dd offset loc_4070C5
dd offset loc_4071B4
dd offset loc_40721E
dd offset loc_4072E7
dd offset loc_406F44
dd offset loc_40789B
align 10h
jmp ds:InitCommonControls
; ---------------------------------------------------------------------------
jmp ds:ImageList_Destroy
; ---------------------------------------------------------------------------
jmp ds:ImageList_AddMasked
; ---------------------------------------------------------------------------
jmp ds:ImageList_Create
; [00000006 BYTES: COLLAPSED FUNCTION VerQueryValueA. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION GetFileVersionInfoA. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION GetFileVersionInfoSizeA. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4079AA proc near ; CODE XREF: sub_4083A3+30�p
; DATA XREF: sub_4079AA+D�o
Buffer = _MEMORY_BASIC_INFORMATION ptr -1Ch
push ebp
mov ebp, esp
sub esp, 1Ch
push esi
push 1Ch ; dwLength
lea eax, [ebp+Buffer]
push eax ; lpBuffer
push offset sub_4079AA ; lpAddress
xor esi, esi
call ds:VirtualQuery ; VirtualQuery
test eax, eax
jz short loc_4079CB
mov esi, [ebp+Buffer.AllocationBase]
loc_4079CB: ; CODE XREF: sub_4079AA+1C�j
mov eax, esi
pop esi
leave
retn
sub_4079AA endp
; =============== S U B R O U T I N E =======================================
sub_4079D0 proc near ; CODE XREF: sub_4083A3+1B6�p
push esi
mov esi, ds:GetProcAddress
push offset aFccreatekey ; "FCCreateKey"
push edi ; hModule
call esi ; GetProcAddress
push offset aFcsetkeyoption ; "FCSetKeyOptions"
push edi ; hModule
mov dword_431C50, eax
call esi ; GetProcAddress
push offset aFccreatepersis ; "FCCreatePersistentKey"
push edi ; hModule
mov dword_431C54, eax
call esi ; GetProcAddress
push offset aFccreatecounte ; "FCCreateCounter"
push edi ; hModule
mov dword_431C58, eax
call esi ; GetProcAddress
push offset aFccreatepers_0 ; "FCCreatePersistentCounter"
push edi ; hModule
mov dword_431C5C, eax
call esi ; GetProcAddress
push offset aFcflushnonshar ; "FCFlushNonSharedPersistentKeys"
push edi ; hModule
mov dword_431C60, eax
call esi ; GetProcAddress
push offset aFcadddatatokey ; "FCAddDataToKey"
push edi ; hModule
mov dword_431C64, eax
call esi ; GetProcAddress
push offset aFcdeletedatafr ; "FCDeleteDataFromKey"
push edi ; hModule
mov dword_431C68, eax
call esi ; GetProcAddress
push offset aFcaddinttokey ; "FCAddIntToKey"
push edi ; hModule
mov dword_431C6C, eax
call esi ; GetProcAddress
push offset aFcdeleteintfro ; "FCDeleteIntFromKey"
push edi ; hModule
mov dword_431C70, eax
call esi ; GetProcAddress
push offset aFcaddstringtok ; "FCAddStringToKey"
push edi ; hModule
mov dword_431C74, eax
call esi ; GetProcAddress
push offset aFcdeletestring ; "FCDeleteStringFromKey"
push edi ; hModule
mov dword_431C78, eax
call esi ; GetProcAddress
push offset aFcadddatetokey ; "FCAddDateToKey"
push edi ; hModule
mov dword_431C7C, eax
call esi ; GetProcAddress
push offset aFcdeletedatefr ; "FCDeleteDateFromKey"
push edi ; hModule
mov dword_431C80, eax
call esi ; GetProcAddress
push offset aFcsetcounter ; "FCSetCounter"
push edi ; hModule
mov dword_431C84, eax
call esi ; GetProcAddress
push offset aFcincrementcou ; "FCIncrementCounter"
push edi ; hModule
mov dword_431C88, eax
call esi ; GetProcAddress
push offset aFcdecrementcou ; "FCDecrementCounter"
push edi ; hModule
mov dword_431C8C, eax
call esi ; GetProcAddress
push offset aFcgetcounter ; "FCGetCounter"
push edi ; hModule
mov dword_431C90, eax
call esi ; GetProcAddress
push offset aFcregistermemo ; "FCRegisterMemory"
push edi ; hModule
mov dword_431C94, eax
call esi ; GetProcAddress
push offset aFcunregisterme ; "FCUnregisterMemory"
push edi ; hModule
mov dword_431C98, eax
call esi ; GetProcAddress
push offset aFcexceptionhan ; "FCExceptionHandler"
push edi ; hModule
mov dword_431C9C, eax
call esi ; GetProcAddress
push offset aFcsetminidump ; "FCSetMiniDump"
push edi ; hModule
mov dword_431CA0, eax
call esi ; GetProcAddress
push offset aFctraceinterna ; "FCTraceInternal"
push edi ; hModule
mov dword_431CF8, eax
call esi ; GetProcAddress
push offset aFcassertintern ; "FCAssertInternal1"
push edi ; hModule
mov dword_431CD0, eax
call esi ; GetProcAddress
push offset aFccleanup ; "FCCleanup"
push edi ; hModule
mov dword_431CD4, eax
call esi ; GetProcAddress
push offset aFcassertparami ; "FCAssertParamInternal1"
push edi ; hModule
mov dword_431CD8, eax
call esi ; GetProcAddress
push offset aFctraceparamin ; "FCTraceParamInternal"
push edi ; hModule
mov dword_431CDC, eax
call esi ; GetProcAddress
push offset aFclibraryversi ; "FCLibraryVersion"
push edi ; hModule
mov dword_431CE0, eax
call esi ; GetProcAddress
push offset aFcinitializewi ; "FCInitializeWithManifestInternal"
push edi ; hModule
mov dword_431CE4, eax
call esi ; GetProcAddress
push offset aFcinitialize_0 ; "FCInitializeWithManifestInternalEx"
push edi ; hModule
mov dword_431CE8, eax
call esi ; GetProcAddress
push offset aFctriggerinter ; "FCTriggerInternal1"
push edi ; hModule
mov dword_431CF4, eax
call esi ; GetProcAddress
push offset aFccreatesuppor ; "FCCreateSupportIncidentInternal"
push edi ; hModule
mov dword_431CEC, eax
call esi ; GetProcAddress
push offset aFcsetuistate ; "FCSetUIState"
push edi ; hModule
mov dword_431CF0, eax
call esi ; GetProcAddress
push offset aFcclearkeys ; "FCClearKeys"
push edi ; hModule
mov dword_431CA4, eax
call esi ; GetProcAddress
push offset aFcclearcounter ; "FCClearCounters"
push edi ; hModule
mov dword_431CA8, eax
call esi ; GetProcAddress
push offset aFcclearkey ; "FCClearKey"
push edi ; hModule
mov dword_431CAC, eax
call esi ; GetProcAddress
push offset aFcdeletekey ; "FCDeleteKey"
push edi ; hModule
mov dword_431CB0, eax
call esi ; GetProcAddress
push offset aFcstarttimer ; "FCStartTimer"
push edi ; hModule
mov dword_431CB4, eax
call esi ; GetProcAddress
push offset aFcheartbeattim ; "FCHeartbeatTimer"
push edi ; hModule
mov dword_431CB8, eax
call esi ; GetProcAddress
push offset aFcendtimer ; "FCEndTimer"
push edi ; hModule
mov dword_431CBC, eax
call esi ; GetProcAddress
mov dword_431CC0, eax
push offset aFcgetsessionun ; "FCGetSessionUniqueID"
push edi ; hModule
call esi ; GetProcAddress
push offset aFcsetlocale ; "FCSetLocale"
push edi ; hModule
mov dword_431CC4, eax
call esi ; GetProcAddress
push offset aFcrunmemtest ; "FCRunMemTest"
push edi ; hModule
mov dword_431CC8, eax
call esi ; GetProcAddress
mov dword_431CCC, eax
pop esi
retn
sub_4079D0 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, dword_431C50
test eax, eax
push esi
push 2
pop esi
jz short loc_407C3D
push eax
call ds:IsBadCodePtr ; IsBadCodePtr
test eax, eax
jnz short loc_407C3D
push dword ptr [ebp+18h]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call dword_431C50
add esp, 14h
mov esi, eax
loc_407C3D: ; CODE XREF: .text:00407C16�j
; .text:00407C21�j
mov eax, esi
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, dword_431C58
test eax, eax
push esi
push 2
pop esi
jz short loc_407C77
push eax
call ds:IsBadCodePtr ; IsBadCodePtr
test eax, eax
jnz short loc_407C77
push dword ptr [ebp+18h]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call dword_431C58
add esp, 14h
mov esi, eax
loc_407C77: ; CODE XREF: .text:00407C50�j
; .text:00407C5B�j
mov eax, esi
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, dword_431C5C
test eax, eax
push esi
push 2
pop esi
jz short loc_407CA3
push eax
call ds:IsBadCodePtr ; IsBadCodePtr
test eax, eax
jnz short loc_407CA3
push dword ptr [ebp+8]
call dword_431C5C
pop ecx
mov esi, eax
loc_407CA3: ; CODE XREF: .text:00407C8A�j
; .text:00407C95�j
mov eax, esi
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, dword_431C60
test eax, eax
push esi
push 2
pop esi
jz short loc_407CCF
push eax
call ds:IsBadCodePtr ; IsBadCodePtr
test eax, eax
jnz short loc_407CCF
push dword ptr [ebp+8]
call dword_431C60
pop ecx
mov esi, eax
loc_407CCF: ; CODE XREF: .text:00407CB6�j
; .text:00407CC1�j
mov eax, esi
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
mov eax, dword_431CA8
test eax, eax
push esi
push 2
pop esi
jz short loc_407CF4
push eax
call ds:IsBadCodePtr ; IsBadCodePtr
test eax, eax
jnz short loc_407CF4
call dword_431CA8
mov esi, eax
loc_407CF4: ; CODE XREF: .text:00407CDF�j
; .text:00407CEA�j
mov eax, esi
pop esi
retn
; ---------------------------------------------------------------------------
mov eax, dword_431CAC
test eax, eax
push esi
push 2
pop esi
jz short loc_407D18
push eax
call ds:IsBadCodePtr ; IsBadCodePtr
test eax, eax
jnz short loc_407D18
call dword_431CAC
mov esi, eax
loc_407D18: ; CODE XREF: .text:00407D03�j
; .text:00407D0E�j
mov eax, esi
pop esi
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, dword_431CB0
test eax, eax
push esi
push 2
pop esi
jz short loc_407D43
push eax
call ds:IsBadCodePtr ; IsBadCodePtr
test eax, eax
jnz short loc_407D43
push dword ptr [ebp+8]
call dword_431CB0
pop ecx
mov esi, eax
loc_407D43: ; CODE XREF: .text:00407D2A�j
; .text:00407D35�j
mov eax, esi
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, dword_431CB4
test eax, eax
push esi
push 2
pop esi
jz short loc_407D6F
push eax
call ds:IsBadCodePtr ; IsBadCodePtr
test eax, eax
jnz short loc_407D6F
push dword ptr [ebp+8]
call dword_431CB4
pop ecx
mov esi, eax
loc_407D6F: ; CODE XREF: .text:00407D56�j
; .text:00407D61�j
mov eax, esi
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, dword_431C68
test eax, eax
push esi
push 2
pop esi
jz short loc_407DA3
push eax
call ds:IsBadCodePtr ; IsBadCodePtr
test eax, eax
jnz short loc_407DA3
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call dword_431C68
add esp, 0Ch
mov esi, eax
loc_407DA3: ; CODE XREF: .text:00407D82�j
; .text:00407D8D�j
mov eax, esi
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, dword_431C70
test eax, eax
push esi
push 2
pop esi
jz short loc_407DD3
push eax
call ds:IsBadCodePtr ; IsBadCodePtr
test eax, eax
jnz short loc_407DD3
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call dword_431C70
pop ecx
pop ecx
mov esi, eax
loc_407DD3: ; CODE XREF: .text:00407DB6�j
; .text:00407DC1�j
mov eax, esi
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, dword_431C78
test eax, eax
push esi
push 2
pop esi
jz short loc_407E03
push eax
call ds:IsBadCodePtr ; IsBadCodePtr
test eax, eax
jnz short loc_407E03
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call dword_431C78
pop ecx
pop ecx
mov esi, eax
loc_407E03: ; CODE XREF: .text:00407DE6�j
; .text:00407DF1�j
mov eax, esi
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, dword_431C98
test eax, eax
push esi
push 2
pop esi
jz short loc_407E40
push eax
call ds:IsBadCodePtr ; IsBadCodePtr
test eax, eax
jnz short loc_407E40
push dword ptr [ebp+1Ch]
push dword ptr [ebp+18h]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call dword_431C98
add esp, 18h
mov esi, eax
loc_407E40: ; CODE XREF: .text:00407E16�j
; .text:00407E21�j
mov eax, esi
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, dword_431C9C
test eax, eax
push esi
push 2
pop esi
jz short loc_407E6C
push eax
call ds:IsBadCodePtr ; IsBadCodePtr
test eax, eax
jnz short loc_407E6C
push dword ptr [ebp+8]
call dword_431C9C
pop ecx
mov esi, eax
loc_407E6C: ; CODE XREF: .text:00407E53�j
; .text:00407E5E�j
mov eax, esi
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, dword_431C80
test eax, eax
push esi
push 2
pop esi
jz short loc_407E9C
push eax
call ds:IsBadCodePtr ; IsBadCodePtr
test eax, eax
jnz short loc_407E9C
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call dword_431C80
pop ecx
pop ecx
mov esi, eax
loc_407E9C: ; CODE XREF: .text:00407E7F�j
; .text:00407E8A�j
mov eax, esi
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, dword_431C88
test eax, eax
push esi
push 2
pop esi
jz short loc_407ECC
push eax
call ds:IsBadCodePtr ; IsBadCodePtr
test eax, eax
jnz short loc_407ECC
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call dword_431C88
pop ecx
pop ecx
mov esi, eax
loc_407ECC: ; CODE XREF: .text:00407EAF�j
; .text:00407EBA�j
mov eax, esi
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, dword_431C8C
test eax, eax
push esi
push 2
pop esi
jz short loc_407EFC
push eax
call ds:IsBadCodePtr ; IsBadCodePtr
test eax, eax
jnz short loc_407EFC
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call dword_431C8C
pop ecx
pop ecx
mov esi, eax
loc_407EFC: ; CODE XREF: .text:00407EDF�j
; .text:00407EEA�j
mov eax, esi
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, dword_431C90
test eax, eax
push esi
push 2
pop esi
jz short loc_407F2C
push eax
call ds:IsBadCodePtr ; IsBadCodePtr
test eax, eax
jnz short loc_407F2C
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call dword_431C90
pop ecx
pop ecx
mov esi, eax
loc_407F2C: ; CODE XREF: .text:00407F0F�j
; .text:00407F1A�j
mov eax, esi
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, dword_431C94
push esi
xor esi, esi
test eax, eax
jz short loc_407F57
push eax
call ds:IsBadCodePtr ; IsBadCodePtr
test eax, eax
jnz short loc_407F57
push dword ptr [ebp+8]
call dword_431C94
pop ecx
mov esi, eax
loc_407F57: ; CODE XREF: .text:00407F3E�j
; .text:00407F49�j
mov eax, esi
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, dword_431CD0
test eax, eax
jz short loc_407F82
push eax
call ds:IsBadCodePtr ; IsBadCodePtr
test eax, eax
jnz short loc_407F82
lea eax, [ebp+0Ch]
push eax
push dword ptr [ebp+8]
call dword_431CD0
pop ecx
pop ecx
loc_407F82: ; CODE XREF: .text:00407F66�j
; .text:00407F71�j
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, dword_431CA0
test eax, eax
jz short loc_407FA2
push eax
call ds:IsBadCodePtr ; IsBadCodePtr
test eax, eax
jnz short loc_407FA2
pop ebp
jmp dword_431CA0
; ---------------------------------------------------------------------------
loc_407FA2: ; CODE XREF: .text:00407F8E�j
; .text:00407F99�j
pop ebp
retn
; ---------------------------------------------------------------------------
mov eax, dword_431CD8
test eax, eax
push esi
push 2
pop esi
jz short loc_407FC4
push eax
call ds:IsBadCodePtr ; IsBadCodePtr
test eax, eax
jnz short loc_407FC4
call dword_431CD8
mov esi, eax
loc_407FC4: ; CODE XREF: .text:00407FAF�j
; .text:00407FBA�j
mov eax, esi
pop esi
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+0]
mov [ebp-4], eax
mov eax, [ebp+4]
mov [ebp-8], eax
mov [ebp-0Ch], ebp
mov eax, [ebp-0Ch]
add eax, 8
mov [ebp-0Ch], eax
cmp dword_431CD4, 0
jz short locret_408011
push dword_431CD4
call ds:IsBadCodePtr ; IsBadCodePtr
test eax, eax
jnz short locret_408011
push dword ptr [ebp-4]
push dword ptr [ebp-0Ch]
push dword ptr [ebp-8]
call dword_431CD4
add esp, 0Ch
locret_408011: ; CODE XREF: .text:00407FED�j
; .text:00407FFD�j
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
cmp dword_431CDC, 0
jz short locret_408062
push dword_431CDC
call ds:IsBadCodePtr ; IsBadCodePtr
test eax, eax
jnz short locret_408062
mov eax, [ebp+0]
mov [ebp-4], eax
mov eax, [ebp+4]
mov [ebp-8], eax
mov [ebp-0Ch], ebp
mov eax, [ebp-0Ch]
add eax, 8
mov [ebp-0Ch], eax
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
push dword ptr [ebp-4]
push dword ptr [ebp-0Ch]
push dword ptr [ebp-8]
call dword_431CDC
add esp, 14h
locret_408062: ; CODE XREF: .text:00408020�j
; .text:00408030�j
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
push edi
mov dword ptr [ebp-10h], 2
pusha
mov [ebp-0Ch], esp
mov eax, [ebp+0]
mov [ebp-4], eax
mov eax, [ebp+4]
mov [ebp-8], eax
mov [ebp-14h], ebp
mov eax, [ebp-14h]
add eax, 8
mov [ebp-14h], eax
cmp dword_431CEC, 0
jz short loc_4080C6
push dword_431CEC
call ds:IsBadCodePtr ; IsBadCodePtr
test eax, eax
jnz short loc_4080C6
push 0
push dword ptr [ebp-0Ch]
push dword ptr [ebp-4]
push dword ptr [ebp-14h]
push dword ptr [ebp-8]
push dword ptr [ebp+8]
call dword_431CEC
add esp, 18h
mov [ebp-10h], eax
loc_4080C6: ; CODE XREF: .text:00408097�j
; .text:004080A7�j
popa
mov eax, [ebp-10h]
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
push edi
mov dword ptr [ebp-10h], 2
pusha
mov [ebp-0Ch], esp
mov eax, [ebp+0]
mov [ebp-4], eax
mov eax, [ebp+4]
mov [ebp-8], eax
mov [ebp-14h], ebp
mov eax, [ebp-14h]
add eax, 8
mov [ebp-14h], eax
cmp dword_431CA4, 0
jz short loc_40811D
push dword_431CA4
call ds:IsBadCodePtr ; IsBadCodePtr
test eax, eax
jnz short loc_40811D
push 0
call dword_431CA4
pop ecx
loc_40811D: ; CODE XREF: .text:00408102�j
; .text:00408112�j
cmp dword_431CEC, 0
jz short loc_408153
push dword_431CEC
call ds:IsBadCodePtr ; IsBadCodePtr
test eax, eax
jnz short loc_408153
push 0
push dword ptr [ebp-0Ch]
push dword ptr [ebp-4]
push dword ptr [ebp-14h]
push dword ptr [ebp-8]
push dword ptr [ebp+8]
call dword_431CEC
add esp, 18h
mov [ebp-10h], eax
loc_408153: ; CODE XREF: .text:00408124�j
; .text:00408134�j
cmp dword_431CA4, 0
jz short loc_408175
push dword_431CA4
call ds:IsBadCodePtr ; IsBadCodePtr
test eax, eax
jnz short loc_408175
push 1
call dword_431CA4
pop ecx
loc_408175: ; CODE XREF: .text:0040815A�j
; .text:0040816A�j
popa
mov eax, [ebp-10h]
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
push edi
mov dword ptr [ebp-10h], 2
pusha
mov [ebp-0Ch], esp
mov eax, [ebp+0]
mov [ebp-4], eax
mov eax, [ebp+4]
mov [ebp-8], eax
mov [ebp-14h], ebp
mov eax, [ebp-14h]
add eax, 8
mov [ebp-14h], eax
cmp dword_431CF0, 0
jz short loc_4081DE
push dword_431CF0
call ds:IsBadCodePtr ; IsBadCodePtr
test eax, eax
jnz short loc_4081DE
push dword ptr [ebp-0Ch]
push dword ptr [ebp-4]
push dword ptr [ebp-14h]
push dword ptr [ebp-8]
push dword ptr [ebp+8]
call dword_431CF0
add esp, 14h
mov [ebp-10h], eax
loc_4081DE: ; CODE XREF: .text:004081B1�j
; .text:004081C1�j
popa
mov eax, [ebp-10h]
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
and dword ptr [ebp-4], 0
cmp dword_431CB8, 0
jz short loc_408215
push dword_431CB8
call ds:IsBadCodePtr ; IsBadCodePtr
test eax, eax
jnz short loc_408215
push dword ptr [ebp+8]
call dword_431CB8
pop ecx
mov [ebp-4], eax
loc_408215: ; CODE XREF: .text:004081F6�j
; .text:00408206�j
mov eax, [ebp-4]
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
mov dword ptr [ebp-4], 2
cmp dword_431CBC, 0
jz short loc_40824B
push dword_431CBC
call ds:IsBadCodePtr ; IsBadCodePtr
test eax, eax
jnz short loc_40824B
push dword ptr [ebp+8]
call dword_431CBC
pop ecx
mov [ebp-4], eax
loc_40824B: ; CODE XREF: .text:0040822C�j
; .text:0040823C�j
mov eax, [ebp-4]
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
mov dword ptr [ebp-4], 2
cmp dword_431CC0, 0
jz short loc_408281
push dword_431CC0
call ds:IsBadCodePtr ; IsBadCodePtr
test eax, eax
jnz short loc_408281
push dword ptr [ebp+8]
call dword_431CC0
pop ecx
mov [ebp-4], eax
loc_408281: ; CODE XREF: .text:00408262�j
; .text:00408272�j
mov eax, [ebp-4]
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
mov dword ptr [ebp-4], 2
cmp dword_431CC4, 0
jz short loc_4082B7
push dword_431CC4
call ds:IsBadCodePtr ; IsBadCodePtr
test eax, eax
jnz short loc_4082B7
push dword ptr [ebp+8]
call dword_431CC4
pop ecx
mov [ebp-4], eax
loc_4082B7: ; CODE XREF: .text:00408298�j
; .text:004082A8�j
mov eax, [ebp-4]
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
mov dword ptr [ebp-4], 2
cmp dword_431CC8, 0
jz short loc_4082ED
push dword_431CC8
call ds:IsBadCodePtr ; IsBadCodePtr
test eax, eax
jnz short loc_4082ED
push dword ptr [ebp+8]
call dword_431CC8
pop ecx
mov [ebp-4], eax
loc_4082ED: ; CODE XREF: .text:004082CE�j
; .text:004082DE�j
mov eax, [ebp-4]
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, dword_431CE0
test eax, eax
jz short loc_40831F
push eax
call ds:IsBadCodePtr ; IsBadCodePtr
test eax, eax
jnz short loc_40831F
lea eax, [ebp+14h]
push eax
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call dword_431CE0
add esp, 10h
loc_40831F: ; CODE XREF: .text:004082FC�j
; .text:00408307�j
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, dword_431CF8
test eax, eax
push esi
push 2
pop esi
jz short loc_40834C
push eax
call ds:IsBadCodePtr ; IsBadCodePtr
test eax, eax
jnz short loc_40834C
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call dword_431CF8
pop ecx
pop ecx
mov esi, eax
loc_40834C: ; CODE XREF: .text:0040832F�j
; .text:0040833A�j
mov eax, esi
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, dword_431CCC
test eax, eax
push esi
push 2
pop esi
jz short loc_408378
push eax
call ds:IsBadCodePtr ; IsBadCodePtr
test eax, eax
jnz short loc_408378
push dword ptr [ebp+8]
call dword_431CCC
pop ecx
mov esi, eax
loc_408378: ; CODE XREF: .text:0040835F�j
; .text:0040836A�j
mov eax, esi
pop esi
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40837D(LPCSTR lpString, char)
sub_40837D proc near ; CODE XREF: sub_4083A3+49�p
lpString = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
push esi
mov esi, [ebp+lpString]
push esi ; lpString
call ds:__imp_lstrlenA
test eax, eax
jl short loc_40839A
loc_40838F: ; CODE XREF: sub_40837D+1B�j
mov cl, [eax+esi]
cmp cl, [ebp+arg_4]
jz short loc_40839F
dec eax
jns short loc_40838F
loc_40839A: ; CODE XREF: sub_40837D+10�j
xor eax, eax
loc_40839C: ; CODE XREF: sub_40837D+24�j
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40839F: ; CODE XREF: sub_40837D+18�j
add eax, esi
jmp short loc_40839C
sub_40837D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4083A3 proc near ; CODE XREF: sub_40884C+6�p
FileName = byte ptr -118h
Type = dword ptr -14h
cbData = dword ptr -10h
lpString1 = dword ptr -0Ch
var_8 = dword ptr -8
hKey = dword ptr -4
push ebp
mov ebp, esp
sub esp, 118h
push ebx
push esi
push edi
mov edi, offset aTbdiag_dll ; "tbdiag.dll"
push edi ; lpModuleName
call ds:GetModuleHandleA ; GetModuleHandleA
test eax, eax
mov [ebp+var_8], eax
jnz loc_408547
mov ebx, 104h
lea eax, [ebp+FileName]
push ebx ; nSize
push eax ; lpFilename
call sub_4079AA
push eax ; hModule
call ds:GetModuleFileNameA ; GetModuleFileNameA
test eax, eax
jz short loc_40843D
lea eax, [ebp+FileName]
push 5Ch ; char
push eax ; lpString
call sub_40837D
test eax, eax
pop ecx
pop ecx
jz short loc_40843D
mov esi, ds:__imp_lstrcpyA
inc eax
push offset aTalkback_exe ; "talkback.exe"
push eax ; lpString1
mov [ebp+lpString1], eax
call esi ; __imp_lstrcpyA
lea eax, [ebp+FileName]
push eax ; lpFileName
call ds:GetFileAttributesA ; GetFileAttributesA
cmp eax, 0FFFFFFFFh
jz short loc_40843D
push edi ; lpString2
push [ebp+lpString1] ; lpString1
call esi ; __imp_lstrcpyA
push 8 ; dwFlags
push 0 ; hFile
lea eax, [ebp+FileName]
push eax ; lpLibFileName
call ds:LoadLibraryExA ; LoadLibraryExA
test eax, eax
mov [ebp+var_8], eax
jnz loc_408547
loc_40843D: ; CODE XREF: sub_4083A3+3E�j
; sub_4083A3+52�j ...
mov esi, ds:RegOpenKeyExA
and [ebp+lpString1], 0
lea eax, [ebp+hKey]
push eax ; phkResult
push 1 ; samDesired
push 0 ; ulOptions
mov [ebp+cbData], ebx
push offset SubKey ; "Software\\America Online\\Loader"
mov ebx, 80000002h
push ebx ; hKey
call esi ; RegOpenKeyExA
test eax, eax
jnz loc_408569
lea eax, [ebp+cbData]
push eax ; lpcbData
lea eax, [ebp+FileName]
push eax ; lpData
lea eax, [ebp+Type]
push eax ; lpType
push 0 ; lpReserved
push offset ValueName ; "LoaderPath"
push [ebp+hKey] ; hKey
call ds:RegQueryValueExA ; RegQueryValueExA
test eax, eax
jnz short loc_4084AE
cmp [ebp+cbData], eax
jz short loc_4084AE
cmp [ebp+Type], 1
jnz short loc_4084AE
lea eax, [ebp+FileName]
push eax ; lpFileName
call ds:GetFileAttributesA ; GetFileAttributesA
cmp eax, 0FFFFFFFFh
jz short loc_4084AE
mov [ebp+lpString1], 1
loc_4084AE: ; CODE XREF: sub_4083A3+E5�j
; sub_4083A3+EA�j ...
push [ebp+hKey] ; hKey
call ds:RegCloseKey ; RegCloseKey
cmp [ebp+lpString1], 0
jz loc_408569
lea eax, [ebp+hKey]
push eax ; phkResult
push 1 ; samDesired
push 0 ; ulOptions
push offset aSoftwareAmer_0 ; "Software\\America Online\\AOL Diagnostics"...
push ebx ; hKey
call esi ; RegOpenKeyExA
test eax, eax
jnz loc_408569
lea eax, [ebp+cbData]
push eax ; lpcbData
lea eax, [ebp+FileName]
push eax ; lpData
lea eax, [ebp+Type]
push eax ; lpType
xor ebx, ebx
push ebx ; lpReserved
push offset aInstalldir ; "InstallDir"
push [ebp+hKey] ; hKey
call ds:RegQueryValueExA ; RegQueryValueExA
test eax, eax
jnz short loc_408539
cmp [ebp+cbData], ebx
jz short loc_408539
cmp [ebp+Type], 1
jnz short loc_408539
mov esi, ds:lstrcatA
push offset SubBlock ; "\\"
lea eax, [ebp+FileName]
push eax ; lpString1
call esi ; lstrcatA
push edi ; lpString2
lea eax, [ebp+FileName]
push eax ; lpString1
call esi ; lstrcatA
push 8 ; dwFlags
push ebx ; hFile
lea eax, [ebp+FileName]
push eax ; lpLibFileName
call ds:LoadLibraryExA ; LoadLibraryExA
mov [ebp+var_8], eax
loc_408539: ; CODE XREF: sub_4083A3+158�j
; sub_4083A3+15D�j ...
push [ebp+hKey] ; hKey
call ds:RegCloseKey ; RegCloseKey
cmp [ebp+var_8], ebx
jz short loc_408569
loc_408547: ; CODE XREF: sub_4083A3+1D�j
; sub_4083A3+94�j
cmp hLibModule, 0
jnz short loc_40855E
mov edi, [ebp+var_8]
mov hLibModule, edi
call sub_4079D0
loc_40855E: ; CODE XREF: sub_4083A3+1AB�j
inc word_431D00
xor eax, eax
jmp short loc_40856C
; ---------------------------------------------------------------------------
loc_408569: ; CODE XREF: sub_4083A3+BE�j
; sub_4083A3+118�j ...
xor eax, eax
inc eax
loc_40856C: ; CODE XREF: sub_4083A3+1C4�j
pop edi
pop esi
pop ebx
leave
retn
sub_4083A3 endp
; =============== S U B R O U T I N E =======================================
sub_408571 proc near ; CODE XREF: .text:004085B4�p
; .text:004085FD�p ...
xor eax, eax
cmp hLibModule, eax
jz short locret_408585
cmp word_431D00, ax
jz short locret_408585
inc eax
locret_408585: ; CODE XREF: sub_408571+8�j
; sub_408571+11�j
retn
sub_408571 endp
; =============== S U B R O U T I N E =======================================
sub_408586 proc near ; CODE XREF: sub_40876F�p
mov eax, hLibModule
test eax, eax
jz short loc_4085AA
dec word_431D00
jnz short loc_4085AA
push eax ; hLibModule
call ds:FreeLibrary ; FreeLibrary
and hLibModule, 0
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_4085AA: ; CODE XREF: sub_408586+7�j
; sub_408586+10�j
xor eax, eax
retn
sub_408586 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push esi
push 2
pop esi
call sub_408571
test eax, eax
jz short loc_4085CB
cmp dword_431C54, 0
jnz short loc_4085D4
push 7
pop eax
jmp short loc_4085F6
; ---------------------------------------------------------------------------
loc_4085CB: ; CODE XREF: .text:004085BB�j
cmp dword_431C54, 0
jz short loc_4085F4
loc_4085D4: ; CODE XREF: .text:004085C4�j
push dword_431C54
call ds:IsBadCodePtr ; IsBadCodePtr
test eax, eax
jnz short loc_4085F4
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call dword_431C54
pop ecx
pop ecx
mov esi, eax
loc_4085F4: ; CODE XREF: .text:004085D2�j
; .text:004085E2�j
mov eax, esi
loc_4085F6: ; CODE XREF: .text:004085C9�j
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
push esi
push 2
pop esi
call sub_408571
test eax, eax
jz short loc_408614
cmp dword_431C64, 0
jnz short loc_40861D
push 7
pop eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_408614: ; CODE XREF: .text:00408604�j
cmp dword_431C64, 0
jz short loc_408635
loc_40861D: ; CODE XREF: .text:0040860D�j
push dword_431C64
call ds:IsBadCodePtr ; IsBadCodePtr
test eax, eax
jnz short loc_408635
call dword_431C64
mov esi, eax
loc_408635: ; CODE XREF: .text:0040861B�j
; .text:0040862B�j
mov eax, esi
pop esi
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push esi
push 2
pop esi
call sub_408571
test eax, eax
jz short loc_408657
cmp dword_431C6C, 0
jnz short loc_408660
push 7
pop eax
jmp short loc_408689
; ---------------------------------------------------------------------------
loc_408657: ; CODE XREF: .text:00408647�j
cmp dword_431C6C, 0
jz short loc_408687
loc_408660: ; CODE XREF: .text:00408650�j
push dword_431C6C
call ds:IsBadCodePtr ; IsBadCodePtr
test eax, eax
jnz short loc_408687
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call dword_431C6C
add esp, 10h
mov esi, eax
loc_408687: ; CODE XREF: .text:0040865E�j
; .text:0040866E�j
mov eax, esi
loc_408689: ; CODE XREF: .text:00408655�j
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push esi
push 2
pop esi
call sub_408571
test eax, eax
jz short loc_4086AA
cmp dword_431C74, 0
jnz short loc_4086B3
push 7
pop eax
jmp short loc_4086D5
; ---------------------------------------------------------------------------
loc_4086AA: ; CODE XREF: .text:0040869A�j
cmp dword_431C74, 0
jz short loc_4086D3
loc_4086B3: ; CODE XREF: .text:004086A3�j
push dword_431C74
call ds:IsBadCodePtr ; IsBadCodePtr
test eax, eax
jnz short loc_4086D3
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call dword_431C74
pop ecx
pop ecx
mov esi, eax
loc_4086D3: ; CODE XREF: .text:004086B1�j
; .text:004086C1�j
mov eax, esi
loc_4086D5: ; CODE XREF: .text:004086A8�j
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push esi
push 2
pop esi
call sub_408571
test eax, eax
jz short loc_4086F6
cmp dword_431C7C, 0
jnz short loc_4086FF
push 7
pop eax
jmp short loc_408725
; ---------------------------------------------------------------------------
loc_4086F6: ; CODE XREF: .text:004086E6�j
cmp dword_431C7C, 0
jz short loc_408723
loc_4086FF: ; CODE XREF: .text:004086EF�j
push dword_431C7C
call ds:IsBadCodePtr ; IsBadCodePtr
test eax, eax
jnz short loc_408723
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call dword_431C7C
add esp, 0Ch
mov esi, eax
loc_408723: ; CODE XREF: .text:004086FD�j
; .text:0040870D�j
mov eax, esi
loc_408725: ; CODE XREF: .text:004086F4�j
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push esi
push 2
pop esi
call sub_408571
test eax, eax
jz short loc_408746
cmp dword_431C7C, 0
jnz short loc_408746
push 7
pop eax
jmp short loc_40876C
; ---------------------------------------------------------------------------
loc_408746: ; CODE XREF: .text:00408736�j
; .text:0040873F�j
mov eax, dword_431C84
test eax, eax
jz short loc_40876A
push eax
call ds:IsBadCodePtr ; IsBadCodePtr
test eax, eax
jnz short loc_40876A
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call dword_431C84
pop ecx
pop ecx
mov esi, eax
loc_40876A: ; CODE XREF: .text:0040874D�j
; .text:00408758�j
mov eax, esi
loc_40876C: ; CODE XREF: .text:00408744�j
pop esi
pop ebp
retn
; =============== S U B R O U T I N E =======================================
sub_40876F proc near ; CODE XREF: sub_40884C+14�p
; sub_40884C+22�p ...
call sub_408586
test eax, eax
jz locret_40884B
xor eax, eax
mov dword_431C50, eax
mov dword_431C58, eax
mov dword_431C5C, eax
mov dword_431C60, eax
mov dword_431C68, eax
mov dword_431C6C, eax
mov dword_431C70, eax
mov dword_431C74, eax
mov dword_431C78, eax
mov dword_431C7C, eax
mov dword_431C80, eax
mov dword_431C84, eax
mov dword_431C88, eax
mov dword_431C8C, eax
mov dword_431C90, eax
mov dword_431C94, eax
mov dword_431C98, eax
mov dword_431C9C, eax
mov dword_431CA0, eax
mov dword_431CD0, eax
mov dword_431CD4, eax
mov dword_431CD8, eax
mov dword_431CDC, eax
mov dword_431CE0, eax
mov dword_431CE4, eax
mov dword_431CE8, eax
mov dword_431CF4, eax
mov dword_431CF8, eax
mov dword_431CEC, eax
mov dword_431CF0, eax
mov dword_431CA4, eax
mov dword_431CA8, eax
mov dword_431CAC, eax
mov dword_431CB0, eax
mov dword_431CB4, eax
mov dword_431CB8, eax
mov dword_431CBC, eax
mov dword_431CC0, eax
mov dword_431CC4, eax
mov dword_431CC8, eax
mov dword_431CCC, eax
locret_40884B: ; CODE XREF: sub_40876F+7�j
retn
sub_40876F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40884C proc near ; CODE XREF: sub_4088D7+9�p
; .text:004088F2�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
call sub_4083A3
test eax, eax
jz short loc_408865
cmp eax, 3
jz short loc_408865
call sub_40876F
loc_408865: ; CODE XREF: sub_40884C+D�j
; sub_40884C+12�j
mov eax, dword_431CE4
test eax, eax
jnz short loc_408878
call sub_40876F
xor eax, eax
inc eax
leave
retn
; ---------------------------------------------------------------------------
loc_408878: ; CODE XREF: sub_40884C+20�j
push esi
push 8
pop esi
push esi
call eax ; dword_431CE4
cmp eax, 6
pop ecx
jnb short loc_40888F
loc_408885: ; CODE XREF: sub_40884C+6E�j
call sub_40876F
xor eax, eax
inc eax
jmp short loc_4088D4
; ---------------------------------------------------------------------------
loc_40888F: ; CODE XREF: sub_40884C+37�j
mov eax, dword_431CF4
test eax, eax
jz short loc_4088B3
mov ecx, [ebp+arg_0]
mov [ebp+var_4], ecx
lea ecx, [ebp+var_10]
push ecx
mov [ebp+var_10], 1
mov [ebp+var_C], esi
mov [ebp+var_8], edi
call eax ; dword_431CF4
jmp short loc_4088C1
; ---------------------------------------------------------------------------
loc_4088B3: ; CODE XREF: sub_40884C+4A�j
mov eax, dword_431CE8
test eax, eax
jz short loc_408885
push edi
push esi
call eax ; dword_431CE8
pop ecx
loc_4088C1: ; CODE XREF: sub_40884C+65�j
mov esi, eax
test esi, esi
pop ecx
jz short loc_4088D2
cmp esi, 3
jz short loc_4088D2
call sub_40876F
loc_4088D2: ; CODE XREF: sub_40884C+7A�j
; sub_40884C+7F�j
mov eax, esi
loc_4088D4: ; CODE XREF: sub_40884C+41�j
pop esi
leave
retn
sub_40884C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4088D7 proc near ; CODE XREF: start+1C�p .text:004088FD�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push edi
mov edi, [ebp+arg_0]
push 0
call sub_40884C
pop ecx
pop edi
pop ebp
retn
sub_4088D7 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push edi
mov edi, [ebp+8]
push 1
call sub_40884C
pop ecx
pop edi
pop ebp
retn
; ---------------------------------------------------------------------------
push 0
call sub_4088D7
pop ecx
retn
; ---------------------------------------------------------------------------
jmp ds:MulDiv
; ---------------------------------------------------------------------------
jmp ds:DeleteFileA
; ---------------------------------------------------------------------------
jmp ds:GlobalFree
; ---------------------------------------------------------------------------
jmp ds:FindFirstFileA
; ---------------------------------------------------------------------------
jmp ds:FindNextFileA
; ---------------------------------------------------------------------------
jmp ds:FindClose
; ---------------------------------------------------------------------------
jmp ds:SetFilePointer
; ---------------------------------------------------------------------------
jmp ds:ReadFile
; ---------------------------------------------------------------------------
jmp ds:WriteFile
; ---------------------------------------------------------------------------
jmp ds:GetPrivateProfileStringA
; ---------------------------------------------------------------------------
jmp ds:WritePrivateProfileStringA
; ---------------------------------------------------------------------------
jmp ds:MultiByteToWideChar
; ---------------------------------------------------------------------------
jmp ds:FreeLibrary
; ---------------------------------------------------------------------------
jmp ds:GetProcAddress
; ---------------------------------------------------------------------------
jmp ds:LoadLibraryA
; ---------------------------------------------------------------------------
jmp ds:FormatMessageA
; ---------------------------------------------------------------------------
jmp ds:GetLastError
; ---------------------------------------------------------------------------
jmp ds:GetModuleHandleA
; ---------------------------------------------------------------------------
jmp ds:SetErrorMode
; ---------------------------------------------------------------------------
jmp ds:GetExitCodeProcess
; ---------------------------------------------------------------------------
jmp ds:WaitForSingleObject
; ---------------------------------------------------------------------------
jmp ds:ExpandEnvironmentStringsA
; ---------------------------------------------------------------------------
jmp ds:GetEnvironmentVariableA
; ---------------------------------------------------------------------------
jmp ds:lstrcmpiA
; ---------------------------------------------------------------------------
jmp ds:CloseHandle
; ---------------------------------------------------------------------------
jmp ds:SetFileTime
; ---------------------------------------------------------------------------
jmp ds:GetFileAttributesA
; ---------------------------------------------------------------------------
jmp ds:CompareFileTime
; ---------------------------------------------------------------------------
jmp ds:SearchPathA
; ---------------------------------------------------------------------------
jmp ds:GetShortPathNameA
; ---------------------------------------------------------------------------
jmp ds:GetFullPathNameA
; ---------------------------------------------------------------------------
jmp ds:MoveFileA
; ---------------------------------------------------------------------------
jmp ds:lstrcatA
; ---------------------------------------------------------------------------
jmp ds:SetCurrentDirectoryA
; ---------------------------------------------------------------------------
jmp ds:SetFileAttributesA
; ---------------------------------------------------------------------------
jmp ds:Sleep
; ---------------------------------------------------------------------------
jmp ds:GetTickCount
; ---------------------------------------------------------------------------
jmp ds:GetFileSize
; ---------------------------------------------------------------------------
jmp ds:GetModuleFileNameA
; ---------------------------------------------------------------------------
jmp ds:CreateDirectoryA
; ---------------------------------------------------------------------------
jmp ds:ExitProcess
; ---------------------------------------------------------------------------
jmp ds:GetCurrentProcess
; ---------------------------------------------------------------------------
jmp ds:CopyFileA
; ---------------------------------------------------------------------------
jmp ds:lstrcpynA
; ---------------------------------------------------------------------------
jmp ds:GetCommandLineA
; ---------------------------------------------------------------------------
jmp ds:GetWindowsDirectoryA
; ---------------------------------------------------------------------------
jmp ds:GetTempPathA
; ---------------------------------------------------------------------------
jmp ds:__imp_lstrcpyA
; ---------------------------------------------------------------------------
jmp ds:GetUserDefaultLangID
; ---------------------------------------------------------------------------
jmp ds:GetDiskFreeSpaceA
; ---------------------------------------------------------------------------
jmp ds:GlobalUnlock
; ---------------------------------------------------------------------------
jmp ds:GlobalLock
; ---------------------------------------------------------------------------
jmp ds:GlobalAlloc
; ---------------------------------------------------------------------------
jmp ds:CreateThread
; ---------------------------------------------------------------------------
jmp ds:CreateProcessA
; ---------------------------------------------------------------------------
jmp ds:__imp_lstrlenA
; ---------------------------------------------------------------------------
jmp ds:CreateFileA
; ---------------------------------------------------------------------------
jmp ds:GetTempFileNameA
; ---------------------------------------------------------------------------
jmp ds:SetEndOfFile
; ---------------------------------------------------------------------------
jmp ds:UnmapViewOfFile
; ---------------------------------------------------------------------------
jmp ds:MapViewOfFile
; ---------------------------------------------------------------------------
jmp ds:CreateFileMappingA
; ---------------------------------------------------------------------------
jmp ds:GetSystemDirectoryA
; ---------------------------------------------------------------------------
jmp ds:RemoveDirectoryA
; ---------------------------------------------------------------------------
jmp ds:VirtualQuery
; ---------------------------------------------------------------------------
jmp ds:IsBadCodePtr
; ---------------------------------------------------------------------------
jmp ds:LoadLibraryExA
; ---------------------------------------------------------------------------
jmp ds:EndPaint
; ---------------------------------------------------------------------------
jmp ds:DrawTextA
; ---------------------------------------------------------------------------
jmp ds:FillRect
; ---------------------------------------------------------------------------
jmp ds:GetClientRect
; ---------------------------------------------------------------------------
jmp ds:BeginPaint
; ---------------------------------------------------------------------------
jmp ds:DefWindowProcA
; ---------------------------------------------------------------------------
jmp ds:SendMessageA
; ---------------------------------------------------------------------------
jmp ds:InvalidateRect
; ---------------------------------------------------------------------------
jmp ds:DispatchMessageA
; ---------------------------------------------------------------------------
jmp ds:PeekMessageA
; ---------------------------------------------------------------------------
jmp ds:EnableWindow
; ---------------------------------------------------------------------------
jmp ds:GetDC
; ---------------------------------------------------------------------------
jmp ds:LoadImageA
; ---------------------------------------------------------------------------
jmp ds:SetWindowLongA
; ---------------------------------------------------------------------------
jmp ds:GetDlgItem
; ---------------------------------------------------------------------------
jmp ds:IsWindow
; ---------------------------------------------------------------------------
jmp ds:FindWindowExA
; ---------------------------------------------------------------------------
jmp ds:SendMessageTimeoutA
; ---------------------------------------------------------------------------
jmp ds:wsprintfA
; ---------------------------------------------------------------------------
jmp ds:CharPrevA
; ---------------------------------------------------------------------------
jmp ds:ShowWindow
; ---------------------------------------------------------------------------
jmp ds:SetForegroundWindow
; ---------------------------------------------------------------------------
jmp ds:PostQuitMessage
; ---------------------------------------------------------------------------
jmp ds:SetWindowTextA
; ---------------------------------------------------------------------------
jmp ds:SetTimer
; ---------------------------------------------------------------------------
jmp ds:DestroyWindow
; ---------------------------------------------------------------------------
jmp ds:CreateDialogParamA
; ---------------------------------------------------------------------------
jmp ds:ExitWindowsEx
; ---------------------------------------------------------------------------
jmp ds:CharNextA
; ---------------------------------------------------------------------------
jmp ds:GetSysColor
; ---------------------------------------------------------------------------
jmp ds:GetWindowLongA
; ---------------------------------------------------------------------------
jmp ds:LoadCursorA
; ---------------------------------------------------------------------------
jmp ds:SetCursor
; ---------------------------------------------------------------------------
jmp ds:CheckDlgButton
; ---------------------------------------------------------------------------
jmp ds:GetAsyncKeyState
; ---------------------------------------------------------------------------
jmp ds:IsDlgButtonChecked
; ---------------------------------------------------------------------------
jmp ds:ScreenToClient
; ---------------------------------------------------------------------------
jmp ds:GetMessagePos
; ---------------------------------------------------------------------------
jmp ds:CallWindowProcA
; ---------------------------------------------------------------------------
jmp ds:IsWindowVisible
; ---------------------------------------------------------------------------
jmp ds:LoadBitmapA
; ---------------------------------------------------------------------------
jmp ds:CloseClipboard
; ---------------------------------------------------------------------------
jmp ds:SetClipboardData
; ---------------------------------------------------------------------------
jmp ds:EmptyClipboard
; ---------------------------------------------------------------------------
jmp ds:OpenClipboard
; ---------------------------------------------------------------------------
jmp ds:TrackPopupMenu
; ---------------------------------------------------------------------------
jmp ds:GetWindowRect
; ---------------------------------------------------------------------------
jmp ds:AppendMenuA
; ---------------------------------------------------------------------------
jmp ds:CreatePopupMenu
; ---------------------------------------------------------------------------
jmp ds:GetSystemMetrics
; ---------------------------------------------------------------------------
jmp ds:EndDialog
; ---------------------------------------------------------------------------
jmp ds:SetClassLongA
; ---------------------------------------------------------------------------
jmp ds:IsWindowEnabled
; ---------------------------------------------------------------------------
jmp ds:SetWindowPos
; ---------------------------------------------------------------------------
jmp ds:DialogBoxParamA
; ---------------------------------------------------------------------------
jmp ds:GetClassInfoA
; ---------------------------------------------------------------------------
jmp ds:CreateWindowExA
; ---------------------------------------------------------------------------
jmp ds:SystemParametersInfoA
; ---------------------------------------------------------------------------
jmp ds:RegisterClassA
; ---------------------------------------------------------------------------
jmp ds:__imp_SetDlgItemTextA
; ---------------------------------------------------------------------------
jmp ds:GetDlgItemTextA
; ---------------------------------------------------------------------------
jmp ds:MessageBoxA
; ---------------------------------------------------------------------------
jmp ds:wvsprintfA
; ---------------------------------------------------------------------------
jmp ds:SelectObject
; ---------------------------------------------------------------------------
jmp ds:SetTextColor
; ---------------------------------------------------------------------------
jmp ds:SetBkMode
; ---------------------------------------------------------------------------
jmp ds:CreateFontIndirectA
; ---------------------------------------------------------------------------
jmp ds:CreateBrushIndirect
; ---------------------------------------------------------------------------
jmp ds:DeleteObject
; ---------------------------------------------------------------------------
jmp ds:GetDeviceCaps
; ---------------------------------------------------------------------------
jmp ds:SetBkColor
; ---------------------------------------------------------------------------
jmp ds:RegDeleteKeyA
; ---------------------------------------------------------------------------
jmp ds:RegCloseKey
; ---------------------------------------------------------------------------
jmp ds:RegEnumKeyA
; ---------------------------------------------------------------------------
jmp ds:RegOpenKeyExA
; ---------------------------------------------------------------------------
jmp ds:RegEnumValueA
; ---------------------------------------------------------------------------
jmp ds:RegQueryValueExA
; ---------------------------------------------------------------------------
jmp ds:RegSetValueExA
; ---------------------------------------------------------------------------
jmp ds:RegCreateKeyExA
; ---------------------------------------------------------------------------
jmp ds:RegDeleteValueA
; ---------------------------------------------------------------------------
jmp ds:SHFileOperationA
; ---------------------------------------------------------------------------
jmp ds:ShellExecuteA
; ---------------------------------------------------------------------------
jmp ds:SHGetPathFromIDListA
; ---------------------------------------------------------------------------
jmp ds:SHBrowseForFolderA
; ---------------------------------------------------------------------------
jmp ds:SHGetMalloc
; ---------------------------------------------------------------------------
jmp ds:SHGetSpecialFolderLocation
; ---------------------------------------------------------------------------
jmp ds:CoCreateInstance
; ---------------------------------------------------------------------------
jmp ds:OleUninitialize
; ---------------------------------------------------------------------------
jmp ds:OleInitialize
; ---------------------------------------------------------------------------
align 200h
_text ends
; Section 2. (virtual address 00009000)
; Virtual size : 00003498 ( 13464.)
; Section size in file : 00003600 ( 13824.)
; Offset to raw data for section: 00008200
; Flags 40000040: Data Readable
; Alignment : default
;
; Imports from ADVAPI32.dll
;
; ===========================================================================
; Segment type: Externs
; _idata
; LONG __stdcall RegDeleteKeyA(HKEY hKey, LPCSTR lpSubKey)
extrn RegDeleteKeyA:dword ; CODE XREF: sub_401540+6C�p
; DATA XREF: sub_401540+6C�r ...
; LONG __stdcall RegEnumKeyA(HKEY hKey, DWORD dwIndex, LPSTR lpName, DWORD cbName)
extrn RegEnumKeyA:dword ; CODE XREF: sub_401540+57�p
; sub_40161F+156B�p
; DATA XREF: ...
; LONG __stdcall RegOpenKeyExA(HKEY hKey, LPCSTR lpSubKey, DWORD ulOptions, REGSAM samDesired, PHKEY phkResult)
extrn RegOpenKeyExA:dword ; CODE XREF: sub_401540+1B�p
; sub_4015D6+34�p ...
; LONG __stdcall RegEnumValueA(HKEY hKey, DWORD dwIndex, LPSTR lpValueName, LPDWORD lpcbValueName, LPDWORD lpReserved, LPDWORD lpType, LPBYTE lpData, LPDWORD lpcbData)
extrn RegEnumValueA:dword ; CODE XREF: sub_40161F+157E�p
; DATA XREF: sub_40161F+157E�r ...
; LONG __stdcall RegDeleteValueA(HKEY hKey, LPCSTR lpValueName)
extrn RegDeleteValueA:dword ; CODE XREF: sub_40161F+132A�p
; DATA XREF: sub_40161F+132A�r ...
; LONG __stdcall RegCreateKeyExA(HKEY hKey, LPCSTR lpSubKey, DWORD Reserved, LPSTR lpClass, DWORD dwOptions, REGSAM samDesired, LPSECURITY_ATTRIBUTES lpSecurityAttributes, PHKEY phkResult, LPDWORD lpdwDisposition)
extrn RegCreateKeyExA:dword ; CODE XREF: sub_40161F+13EA�p
; sub_405F25+26�p
; DATA XREF: ...
; LONG __stdcall RegSetValueExA(HKEY hKey, LPCSTR lpValueName, DWORD Reserved, DWORD dwType, const BYTE *lpData, DWORD cbData)
extrn RegSetValueExA:dword ; CODE XREF: sub_40161F+1494�p
; sub_405F25+42�p
; DATA XREF: ...
; LONG __stdcall RegQueryValueExA(HKEY hKey, LPCSTR lpValueName, LPDWORD lpReserved, LPDWORD lpType, LPBYTE lpData, LPDWORD lpcbData)
extrn RegQueryValueExA:dword ; CODE XREF: sub_40161F+14F5�p
; sub_405EBB+3D�p ...
; LONG __stdcall RegCloseKey(HKEY hKey)
extrn RegCloseKey:dword ; CODE XREF: sub_401540+60�p
; sub_401540+7C�p ...
;
; Imports from COMCTL32.dll
;
; void __stdcall InitCommonControls()
extrn InitCommonControls:dword ; CODE XREF: start+22�p
; DATA XREF: start+22�r ...
; int __stdcall ImageList_AddMasked(HIMAGELIST himl, HBITMAP hbmImage, COLORREF crMask)
extrn ImageList_AddMasked:dword ; CODE XREF: sub_404A08+BC�p
; DATA XREF: sub_404A08+BC�r ...
; BOOL __stdcall ImageList_Destroy(HIMAGELIST himl)
extrn ImageList_Destroy:dword ; CODE XREF: sub_404A08+443�p
; DATA XREF: sub_404A08+443�r ...
; HIMAGELIST __stdcall ImageList_Create(int cx, int cy, UINT flags, int cInitial, int cGrow)
extrn ImageList_Create:dword ; CODE XREF: sub_404A08+A8�p
; DATA XREF: sub_404A08+A8�r ...
;
; Imports from GDI32.dll
;
; int __stdcall GetDeviceCaps(HDC, int)
extrn GetDeviceCaps:dword ; CODE XREF: sub_40161F+BCB�p
; DATA XREF: sub_40161F+BCB�r ...
; BOOL __stdcall DeleteObject(HGDIOBJ)
extrn DeleteObject:dword ; CODE XREF: sub_401000+ED�p
; sub_401000+165�p ...
; HBRUSH __stdcall CreateBrushIndirect(const LOGBRUSH *)
extrn CreateBrushIndirect:dword ; CODE XREF: sub_401000+CF�p
; sub_403EC2+95�p
; DATA XREF: ...
; HFONT __stdcall CreateFontIndirectA(const LOGFONTA *)
extrn CreateFontIndirectA:dword ; CODE XREF: sub_401000+105�p
; sub_40161F+C2E�p
; DATA XREF: ...
; int __stdcall SetBkMode(HDC, int)
extrn SetBkMode:dword ; CODE XREF: sub_401000+126�p
; sub_403EC2+4E�p
; DATA XREF: ...
; COLORREF __stdcall SetTextColor(HDC, COLORREF)
extrn SetTextColor:dword ; CODE XREF: sub_401000+130�p
; sub_403EC2+42�p
; DATA XREF: ...
; COLORREF __stdcall SetBkColor(HDC, COLORREF)
extrn SetBkColor:dword ; CODE XREF: sub_403EC2+71�p
; DATA XREF: sub_403EC2+71�r ...
; HGDIOBJ __stdcall SelectObject(HDC, HGDIOBJ)
extrn SelectObject:dword ; CODE XREF: sub_401000+140�p
; sub_401000+160�p
; DATA XREF: ...
;
; Imports from KERNEL32.dll
;
; DWORD __stdcall FormatMessageA(DWORD dwFlags, LPCVOID lpSource, DWORD dwMessageId, DWORD dwLanguageId, LPSTR lpBuffer, DWORD nSize, va_list *Arguments)
extrn FormatMessageA:dword ; CODE XREF: sub_40161F+F06�p
; sub_40161F+FC5�p
; DATA XREF: ...
; DWORD __stdcall GetLastError()
extrn GetLastError:dword ; CODE XREF: sub_40161F+EF6�p
; sub_40161F+FBF�p
; DATA XREF: ...
; HMODULE __stdcall GetModuleHandleA(LPCSTR lpModuleName)
extrn GetModuleHandleA:dword ; CODE XREF: sub_40161F+ED6�p
; start+A2�p ...
; UINT __stdcall SetErrorMode(UINT uMode)
extrn SetErrorMode:dword ; CODE XREF: sub_40161F+EA5�p
; sub_40161F+FF7�p ...
; BOOL __stdcall GetExitCodeProcess(HANDLE hProcess, LPDWORD lpExitCode)
extrn GetExitCodeProcess:dword ; CODE XREF: sub_40161F+D9D�p
; sub_40161F+1A27�p
; DATA XREF: ...
; DWORD __stdcall WaitForSingleObject(HANDLE hHandle, DWORD dwMilliseconds)
extrn WaitForSingleObject:dword ; CODE XREF: sub_40161F+D54�p
; sub_40161F+D8C�p ...
; DWORD __stdcall ExpandEnvironmentStringsA(LPCSTR lpSrc, LPSTR lpDst, DWORD nSize)
extrn ExpandEnvironmentStringsA:dword ; CODE XREF: sub_40161F:loc_401EAB�p
; DATA XREF: sub_40161F:loc_401EAB�r ...
; DWORD __stdcall GetEnvironmentVariableA(LPCSTR lpName, LPSTR lpBuffer, DWORD nSize)
extrn GetEnvironmentVariableA:dword ; CODE XREF: sub_40161F+87B�p
; DATA XREF: sub_40161F+87B�r ...
; int __stdcall lstrcmpiA(LPCSTR lpString1, LPCSTR lpString2)
extrn lstrcmpiA:dword ; CODE XREF: sub_40161F+857�p
; start+348�p ...
; BOOL __stdcall CloseHandle(HANDLE hObject)
extrn CloseHandle:dword ; CODE XREF: sub_40161F+6E1�p
; sub_40161F:loc_402BC6�p ...
; BOOL __stdcall SetFileTime(HANDLE hFile, const FILETIME *lpCreationTime, const FILETIME *lpLastAccessTime, const FILETIME *lpLastWriteTime)
extrn SetFileTime:dword ; CODE XREF: sub_40161F+6D8�p
; DATA XREF: sub_40161F+6D8�r ...
; DWORD __stdcall GetFileAttributesA(LPCSTR lpFileName)
extrn GetFileAttributesA:dword ; CODE XREF: sub_40161F+5A3�p
; sub_4059CE+92�p ...
; LONG __stdcall CompareFileTime(const FILETIME *lpFileTime1, const FILETIME *lpFileTime2)
extrn CompareFileTime:dword ; CODE XREF: sub_40161F+57F�p
; DATA XREF: sub_40161F+57F�r ...
; DWORD __stdcall SearchPathA(LPCSTR lpPath, LPCSTR lpFileName, LPCSTR lpExtension, DWORD nBufferLength, LPSTR lpBuffer, LPSTR *lpFilePart)
extrn SearchPathA:dword ; CODE XREF: sub_40161F+406�p
; DATA XREF: sub_40161F+406�r ...
; DWORD __stdcall GetShortPathNameA(LPCSTR lpszLongPath, LPSTR lpszShortPath, DWORD cchBuffer)
extrn GetShortPathNameA:dword ; CODE XREF: sub_40161F+3E4�p
; sub_406326+A8�p ...
; DWORD __stdcall GetFullPathNameA(LPCSTR lpFileName, DWORD nBufferLength, LPSTR lpBuffer, LPSTR *lpFilePart)
extrn GetFullPathNameA:dword ; CODE XREF: sub_40161F+39F�p
; DATA XREF: sub_40161F+39F�r ...
; BOOL __stdcall MoveFileA(LPCSTR lpExistingFileName, LPCSTR lpNewFileName)
extrn MoveFileA:dword ; CODE XREF: sub_40161F+33A�p
; DATA XREF: sub_40161F+33A�r ...
; LPSTR __stdcall lstrcatA(LPSTR lpString1, LPCSTR lpString2)
extrn lstrcatA:dword ; CODE XREF: sub_40161F+323�p
; sub_40161F+327�p ...
; BOOL __stdcall SetCurrentDirectoryA(LPCSTR lpPathName)
extrn SetCurrentDirectoryA:dword ; CODE XREF: sub_40161F+27C�p
; DATA XREF: sub_40161F+27C�r ...
; BOOL __stdcall SetFileAttributesA(LPCSTR lpFileName, DWORD dwFileAttributes)
extrn SetFileAttributesA:dword ; CODE XREF: sub_40161F+20E�p
; sub_40161F+5AE�p ...
; void __stdcall Sleep(DWORD dwMilliseconds)
extrn Sleep:dword ; CODE XREF: sub_40161F+15C�p
; DATA XREF: sub_40161F+15C�r ...
; DWORD __stdcall GetTickCount()
extrn GetTickCount:dword ; CODE XREF: sub_403412+6B�p
; sub_403412+112�p ...
; DWORD __stdcall GetFileSize(HANDLE hFile, LPDWORD lpFileSizeHigh)
extrn GetFileSize:dword ; CODE XREF: sub_403646+69�p
; sub_406326+23A�p
; DATA XREF: ...
; DWORD __stdcall GetModuleFileNameA(HMODULE hModule, LPSTR lpFilename, DWORD nSize)
extrn GetModuleFileNameA:dword ; CODE XREF: sub_403646+33�p
; start+336�p ...
; BOOL __stdcall CreateDirectoryA(LPCSTR lpPathName, LPSECURITY_ATTRIBUTES lpSecurityAttributes)
extrn CreateDirectoryA:dword ; CODE XREF: sub_4038F2+21�p
; start+1CC�p ...
; HMODULE __stdcall LoadLibraryA(LPCSTR lpLibFileName)
extrn LoadLibraryA:dword ; CODE XREF: sub_40161F+F28�p
; sub_4059CE+1D9�p ...
; HANDLE __stdcall GetCurrentProcess()
extrn GetCurrentProcess:dword ; CODE XREF: start+446�p
; DATA XREF: start+446�r ...
; BOOL __stdcall CopyFileA(LPCSTR lpExistingFileName, LPCSTR lpNewFileName, BOOL bFailIfExists)
extrn CopyFileA:dword ; CODE XREF: start+35A�p
; DATA XREF: start+35A�r ...
; LPSTR __stdcall lstrcpynA(LPSTR lpString1, LPCSTR lpString2, int iMaxLength)
extrn lstrcpynA:dword ; CODE XREF: start+9E�p start+1B7�p ...
; LPSTR __stdcall GetCommandLineA()
extrn GetCommandLineA:dword ; CODE XREF: start+90�p
; DATA XREF: start+90�r ...
; UINT __stdcall GetWindowsDirectoryA(LPSTR lpBuffer, UINT uSize)
extrn GetWindowsDirectoryA:dword ; CODE XREF: start+64�p
; sub_406326+1FF�p ...
; DWORD __stdcall GetTempPathA(DWORD nBufferLength, LPSTR lpBuffer)
extrn GetTempPathA:dword ; CODE XREF: start+4F�p
; DATA XREF: start+4F�r ...
; LPSTR __stdcall lstrcpyA(LPSTR lpString1, LPCSTR lpString2)
extrn __imp_lstrcpyA:dword ; CODE XREF: sub_403F6C+15�p
; sub_406252+B�p ...
; LANGID __stdcall GetUserDefaultLangID()
extrn GetUserDefaultLangID:dword ; CODE XREF: sub_403FAC:loc_403FCB�p
; DATA XREF: sub_403FAC:loc_403FCB�r ...
; BOOL __stdcall GetDiskFreeSpaceA(LPCSTR lpRootPathName, LPDWORD lpSectorsPerCluster, LPDWORD lpBytesPerSector, LPDWORD lpNumberOfFreeClusters, LPDWORD lpTotalNumberOfClusters)
extrn GetDiskFreeSpaceA:dword ; CODE XREF: sub_4044DD+25A�p
; DATA XREF: sub_4044DD+25A�r ...
; BOOL __stdcall GlobalUnlock(HGLOBAL hMem)
extrn GlobalUnlock:dword ; CODE XREF: sub_405176+377�p
; DATA XREF: sub_405176+377�r ...
; LPVOID __stdcall GlobalLock(HGLOBAL hMem)
extrn GlobalLock:dword ; CODE XREF: sub_405176+33E�p
; DATA XREF: sub_405176+33E�r ...
; HGLOBAL __stdcall GlobalAlloc(UINT uFlags, DWORD dwBytes)
extrn GlobalAlloc:dword ; CODE XREF: sub_405176+334�p
; sub_405D2F+6�p ...
; HANDLE __stdcall CreateThread(LPSECURITY_ATTRIBUTES lpThreadAttributes, DWORD dwStackSize, LPTHREAD_START_ROUTINE lpStartAddress, LPVOID lpParameter, DWORD dwCreationFlags, LPDWORD lpThreadId)
extrn CreateThread:dword ; CODE XREF: sub_405176+1E0�p
; DATA XREF: sub_405176+1E0�r ...
; BOOL __stdcall CreateProcessA(LPCSTR lpApplicationName, LPSTR lpCommandLine, LPSECURITY_ATTRIBUTES lpProcessAttributes, LPSECURITY_ATTRIBUTES lpThreadAttributes, BOOL bInheritHandles, DWORD dwCreationFlags, LPVOID lpEnvironment, LPCSTR lpCurrentDirectory, LPSTARTUPINFOA lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation)
extrn CreateProcessA:dword ; CODE XREF: sub_405C75+3C�p
; DATA XREF: sub_405C75+3C�r ...
; int __stdcall lstrlenA(LPCSTR lpString)
extrn __imp_lstrlenA:dword ; CODE XREF: sub_405DCE+10�p
; sub_405DCE+42�p ...
; HANDLE __stdcall CreateFileA(LPCSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile)
extrn CreateFileA:dword ; CODE XREF: sub_405E44+26�p
; sub_406326+223�p
; DATA XREF: ...
; UINT __stdcall GetTempFileNameA(LPCSTR lpPathName, LPCSTR lpPrefixString, UINT uUnique, LPSTR lpTempFileName)
extrn GetTempFileNameA:dword ; CODE XREF: sub_405E73+2D�p
; DATA XREF: sub_405E73+2D�r ...
; BOOL __stdcall SetEndOfFile(HANDLE hFile)
extrn SetEndOfFile:dword ; CODE XREF: sub_406326+371�p
; DATA XREF: sub_406326+371�r ...
; BOOL __stdcall UnmapViewOfFile(LPCVOID lpBaseAddress)
extrn UnmapViewOfFile:dword ; CODE XREF: sub_406326+324�p
; sub_406326+350�p
; DATA XREF: ...
; LPVOID __stdcall MapViewOfFile(HANDLE hFileMappingObject, DWORD dwDesiredAccess, DWORD dwFileOffsetHigh, DWORD dwFileOffsetLow, DWORD dwNumberOfBytesToMap)
extrn MapViewOfFile:dword ; CODE XREF: sub_406326+273�p
; DATA XREF: sub_406326+273�r ...
; HANDLE __stdcall CreateFileMappingA(HANDLE hFile, LPSECURITY_ATTRIBUTES lpFileMappingAttributes, DWORD flProtect, DWORD dwMaximumSizeHigh, DWORD dwMaximumSizeLow, LPCSTR lpName)
extrn CreateFileMappingA:dword ; CODE XREF: sub_406326+259�p
; DATA XREF: sub_406326+259�r ...
; UINT __stdcall GetSystemDirectoryA(LPSTR lpBuffer, UINT uSize)
extrn GetSystemDirectoryA:dword ; CODE XREF: sub_4066B7+114�p
; DATA XREF: sub_4066B7+114�r ...
; BOOL __stdcall RemoveDirectoryA(LPCSTR lpPathName)
extrn RemoveDirectoryA:dword ; CODE XREF: sub_4068E6+1C2�p
; DATA XREF: sub_4068E6+1C2�r ...
; DWORD __stdcall VirtualQuery(LPCVOID lpAddress, PMEMORY_BASIC_INFORMATION lpBuffer, DWORD dwLength)
extrn VirtualQuery:dword ; CODE XREF: sub_4079AA+14�p
; DATA XREF: sub_4079AA+14�r ...
; BOOL __stdcall IsBadCodePtr(FARPROC lpfn)
extrn IsBadCodePtr:dword ; CODE XREF: .text:00407C19�p
; .text:00407C53�p ...
; HMODULE __stdcall LoadLibraryExA(LPCSTR lpLibFileName, HANDLE hFile, DWORD dwFlags)
extrn LoadLibraryExA:dword ; CODE XREF: sub_4083A3+89�p
; sub_4083A3+18D�p
; DATA XREF: ...
; int __stdcall MulDiv(int nNumber, int nNumerator, int nDenominator)
extrn MulDiv:dword ; CODE XREF: sub_4013E7+B5�p
; sub_40161F+BDB�p ...
; BOOL __stdcall DeleteFileA(LPCSTR lpFileName)
extrn DeleteFileA:dword ; CODE XREF: sub_40161F+1976�p
; start+89�p ...
; FARPROC __stdcall GetProcAddress(HMODULE hModule, LPCSTR lpProcName)
extrn GetProcAddress:dword ; CODE XREF: sub_40161F+F3E�p
; start+417�p ...
; BOOL __stdcall FreeLibrary(HMODULE hLibModule)
extrn FreeLibrary:dword ; CODE XREF: sub_40161F+FAA�p
; sub_408586+13�p
; DATA XREF: ...
; HGLOBAL __stdcall GlobalFree(HGLOBAL hMem)
extrn GlobalFree:dword ; CODE XREF: sub_40161F+191B�p
; sub_40161F+193A�p ...
; int __stdcall MultiByteToWideChar(UINT CodePage, DWORD dwFlags, LPCSTR lpMultiByteStr, int cchMultiByte, LPWSTR lpWideCharStr, int cchWideChar)
extrn MultiByteToWideChar:dword ; CODE XREF: sub_40161F+113F�p
; DATA XREF: sub_40161F+113F�r ...
; BOOL __stdcall WritePrivateProfileStringA(LPCSTR lpAppName, LPCSTR lpKeyName, LPCSTR lpString, LPCSTR lpFileName)
extrn WritePrivateProfileStringA:dword ; CODE XREF: sub_40161F+12B9�p
; DATA XREF: sub_40161F+12B9�r ...
; DWORD __stdcall GetPrivateProfileStringA(LPCSTR lpAppName, LPCSTR lpKeyName, LPCSTR lpDefault, LPSTR lpReturnedString, DWORD nSize, LPCSTR lpFileName)
extrn GetPrivateProfileStringA:dword ; CODE XREF: sub_40161F+12F7�p
; DATA XREF: sub_40161F+12F7�r ...
; BOOL __stdcall WriteFile(HANDLE hFile, LPCVOID lpBuffer, DWORD nNumberOfBytesToWrite, LPDWORD lpNumberOfBytesWritten, LPOVERLAPPED lpOverlapped)
extrn WriteFile:dword ; CODE XREF: sub_40161F+1619�p
; sub_40161F+1931�p ...
; BOOL __stdcall ReadFile(HANDLE hFile, LPVOID lpBuffer, DWORD nNumberOfBytesToRead, LPDWORD lpNumberOfBytesRead, LPOVERLAPPED lpOverlapped)
extrn ReadFile:dword ; CODE XREF: sub_40161F+166E�p
; sub_4033C9+17�p
; DATA XREF: ...
; DWORD __stdcall SetFilePointer(HANDLE hFile, LONG lDistanceToMove, PLONG lpDistanceToMoveHigh, DWORD dwMoveMethod)
extrn SetFilePointer:dword ; CODE XREF: sub_40161F+16D2�p
; sub_40161F+1701�p ...
; BOOL __stdcall FindClose(HANDLE hFindFile)
extrn FindClose:dword ; CODE XREF: sub_40161F+1726�p
; sub_40618D+2C�p ...
; BOOL __stdcall FindNextFileA(HANDLE hFindFile, LPWIN32_FIND_DATAA lpFindFileData)
extrn FindNextFileA:dword ; CODE XREF: sub_40161F+1748�p
; sub_4068E6+182�p
; DATA XREF: ...
; HANDLE __stdcall FindFirstFileA(LPCSTR lpFileName, LPWIN32_FIND_DATAA lpFindFileData)
extrn FindFirstFileA:dword ; CODE XREF: sub_40161F+1773�p
; sub_40618D+1A�p ...
; void __stdcall ExitProcess(UINT uExitCode)
extrn ExitProcess:dword ; CODE XREF: start:loc_403E09�p
; DATA XREF: start:loc_403E09�r ...
;
; Imports from SHELL32.dll
;
; HINSTANCE __stdcall ShellExecuteA(HWND hwnd, LPCSTR lpOperation, LPCSTR lpFile, LPCSTR lpParameters, LPCSTR lpDirectory, INT nShowCmd)
extrn ShellExecuteA:dword ; CODE XREF: sub_40161F+CD2�p
; sub_40412D+211�p
; DATA XREF: ...
; LPITEMIDLIST __stdcall SHBrowseForFolderA(LPBROWSEINFOA lpbi)
extrn SHBrowseForFolderA:dword ; CODE XREF: sub_4044DD+15B�p
; DATA XREF: sub_4044DD+15B�r ...
; HRESULT __stdcall SHGetMalloc(LPMALLOC *ppMalloc)
extrn SHGetMalloc:dword ; CODE XREF: sub_405C4A+8�p
; DATA XREF: sub_405C4A+8�r ...
; HRESULT __stdcall SHGetSpecialFolderLocation(HWND hwndOwner, int nFolder, LPITEMIDLIST *ppidl)
extrn SHGetSpecialFolderLocation:dword ; CODE XREF: sub_4066B7+151�p
; DATA XREF: sub_4066B7+151�r ...
; int __stdcall SHFileOperationA(LPSHFILEOPSTRUCTA lpFileOp)
extrn SHFileOperationA:dword ; CODE XREF: sub_40161F+11F7�p
; DATA XREF: sub_40161F+11F7�r ...
; BOOL __stdcall SHGetPathFromIDListA(LPCITEMIDLIST pidl, LPSTR pszPath)
extrn SHGetPathFromIDListA:dword ; CODE XREF: sub_404093+38�p
; sub_4066B7+160�p
; DATA XREF: ...
;
; Imports from USER32.dll
;
; void __stdcall PostQuitMessage(int nExitCode)
extrn PostQuitMessage:dword ; CODE XREF: sub_40161F+AB�p
; DATA XREF: sub_40161F+AB�r ...
; BOOL __stdcall SetWindowTextA(HWND hWnd, LPCSTR lpString)
extrn SetWindowTextA:dword ; CODE XREF: DialogFunc+69�p
; sub_403FAC+B2�p ...
; UINT __stdcall SetTimer(HWND hWnd, UINT nIDEvent, UINT uElapse, TIMERPROC lpTimerFunc)
extrn SetTimer:dword ; CODE XREF: DialogFunc+20�p
; DATA XREF: DialogFunc+20�r ...
; BOOL __stdcall DestroyWindow(HWND hWnd)
extrn DestroyWindow:dword ; CODE XREF: sub_403646+199�p
; sub_403646+237�p ...
; HWND __stdcall CreateDialogParamA(HINSTANCE hInstance, LPCSTR lpTemplateName, HWND hWndParent, DLGPROC lpDialogFunc, LPARAM dwInitParam)
extrn CreateDialogParamA:dword ; CODE XREF: sub_403646+15E�p
; sub_40550B+3F2�p
; DATA XREF: ...
; BOOL __stdcall ExitWindowsEx(UINT uFlags, DWORD dwReserved)
extrn ExitWindowsEx:dword ; CODE XREF: start+484�p
; DATA XREF: start+484�r ...
; LPSTR __stdcall CharNextA(LPCSTR lpsz)
extrn CharNextA:dword ; CODE XREF: start+CB�p sub_405D3E+D�p ...
; DWORD __stdcall GetSysColor(int nIndex)
extrn GetSysColor:dword ; CODE XREF: sub_403EC2+36�p
; sub_403EC2+61�p ...
; LONG __stdcall GetWindowLongA(HWND hWnd, int nIndex)
extrn GetWindowLongA:dword ; CODE XREF: sub_403EC2+1A�p
; sub_404A08+229�p
; DATA XREF: ...
; HCURSOR __stdcall LoadCursorA(HINSTANCE hInstance, LPCSTR lpCursorName)
extrn LoadCursorA:dword ; CODE XREF: sub_40412D+1FB�p
; sub_40412D+21E�p ...
; HCURSOR __stdcall SetCursor(HCURSOR hCursor)
extrn SetCursor:dword ; CODE XREF: sub_40412D+1FE�p
; sub_40412D+221�p ...
; BOOL __stdcall CheckDlgButton(HWND hDlg, int nIDButton, UINT uCheck)
extrn CheckDlgButton:dword ; CODE XREF: sub_40412D+88�p
; DATA XREF: sub_40412D+88�r ...
; SHORT __stdcall GetAsyncKeyState(int vKey)
extrn GetAsyncKeyState:dword ; CODE XREF: sub_4044DD+65�p
; DATA XREF: sub_4044DD+65�r ...
; UINT __stdcall IsDlgButtonChecked(HWND hDlg, int nIDButton)
extrn IsDlgButtonChecked:dword ; CODE XREF: sub_4044DD+4B�p
; DATA XREF: sub_4044DD+4B�r ...
; BOOL __stdcall ScreenToClient(HWND hWnd, LPPOINT lpPoint)
extrn ScreenToClient:dword ; CODE XREF: sub_4048D5+22�p
; sub_40550B+42E�p
; DATA XREF: ...
; DWORD __stdcall GetMessagePos()
extrn GetMessagePos:dword ; CODE XREF: sub_4048D5+6�p
; DATA XREF: sub_4048D5+6�r ...
; LRESULT __stdcall CallWindowProcA(WNDPROC lpPrevWndFunc, HWND hWnd, UINT Msg, WPARAM wParam, LPARAM lParam)
extrn CallWindowProcA:dword ; CODE XREF: sub_404921+DB�p
; DATA XREF: sub_404921+DB�r ...
; BOOL __stdcall IsWindowVisible(HWND hWnd)
extrn IsWindowVisible:dword ; CODE XREF: sub_404921+4C�p
; DATA XREF: sub_404921+4C�r ...
; HBITMAP __stdcall LoadBitmapA(HINSTANCE hInstance, LPCSTR lpBitmapName)
extrn LoadBitmapA:dword ; CODE XREF: sub_404A08+83�p
; DATA XREF: sub_404A08+83�r ...
; BOOL __stdcall CloseClipboard()
extrn CloseClipboard:dword ; CODE XREF: sub_405176+388�p
; DATA XREF: sub_405176+388�r ...
; HANDLE __stdcall SetClipboardData(UINT uFormat, HANDLE hMem)
extrn SetClipboardData:dword ; CODE XREF: sub_405176+382�p
; DATA XREF: sub_405176+382�r ...
; BOOL __stdcall EmptyClipboard()
extrn EmptyClipboard:dword ; CODE XREF: sub_405176+32B�p
; DATA XREF: sub_405176+32B�r ...
; BOOL __stdcall OpenClipboard(HWND hWndNewOwner)
extrn OpenClipboard:dword ; CODE XREF: sub_405176+325�p
; DATA XREF: sub_405176+325�r ...
; BOOL __stdcall TrackPopupMenu(HMENU hMenu, UINT uFlags, int x, int y, int nReserved, HWND hWnd, const RECT *prcRect)
extrn TrackPopupMenu:dword ; CODE XREF: sub_405176+2E3�p
; DATA XREF: sub_405176+2E3�r ...
; BOOL __stdcall GetWindowRect(HWND hWnd, LPRECT lpRect)
extrn GetWindowRect:dword ; CODE XREF: sub_405176+2C1�p
; sub_40550B+422�p
; DATA XREF: ...
; BOOL __stdcall AppendMenuA(HMENU hMenu, UINT uFlags, UINT uIDNewItem, LPCSTR lpNewItem)
extrn AppendMenuA:dword ; CODE XREF: sub_405176+2AE�p
; DATA XREF: sub_405176+2AE�r ...
; HMENU __stdcall CreatePopupMenu()
extrn CreatePopupMenu:dword ; CODE XREF: sub_405176+299�p
; DATA XREF: sub_405176+299�r ...
; int __stdcall GetSystemMetrics(int nIndex)
extrn GetSystemMetrics:dword ; CODE XREF: sub_405176+CE�p
; DATA XREF: sub_405176+CE�r ...
; BOOL __stdcall EndDialog(HWND hDlg, int nResult)
extrn EndDialog:dword ; CODE XREF: sub_40550B+48C�p
; DATA XREF: sub_40550B+48C�r ...
; DWORD __stdcall SetClassLongA(HWND hWnd, int nIndex, LONG dwNewLong)
extrn SetClassLongA:dword ; CODE XREF: sub_40550B+1D0�p
; DATA XREF: sub_40550B+1D0�r ...
; BOOL __stdcall IsWindowEnabled(HWND hWnd)
extrn IsWindowEnabled:dword ; CODE XREF: sub_40550B+B6�p
; sub_40550B+103�p
; DATA XREF: ...
; BOOL __stdcall SetWindowPos(HWND hWnd, HWND hWndInsertAfter, int X, int Y, int cx, int cy, UINT uFlags)
extrn SetWindowPos:dword ; CODE XREF: sub_40550B+3C�p
; sub_40550B+449�p
; DATA XREF: ...
; int __stdcall DialogBoxParamA(HINSTANCE hInstance, LPCSTR lpTemplateName, HWND hWndParent, DLGPROC lpDialogFunc, LPARAM dwInitParam)
extrn DialogBoxParamA:dword ; CODE XREF: sub_4059CE+237�p
; DATA XREF: sub_4059CE+237�r ...
; BOOL __stdcall GetClassInfoA(HINSTANCE hInstance, LPCSTR lpClassName, LPWNDCLASSA lpWndClass)
extrn GetClassInfoA:dword ; CODE XREF: sub_4059CE+1F9�p
; sub_4059CE+208�p
; DATA XREF: ...
; HWND __stdcall CreateWindowExA(DWORD dwExStyle, LPCSTR lpClassName, LPCSTR lpWindowName, DWORD dwStyle, int X, int Y, int nWidth, int nHeight, HWND hWndParent, HMENU hMenu, HINSTANCE hInstance, LPVOID lpParam)
extrn CreateWindowExA:dword ; CODE XREF: sub_4059CE+191�p
; DATA XREF: sub_4059CE+191�r ...
; BOOL __stdcall SystemParametersInfoA(UINT uiAction, UINT uiParam, PVOID pvParam, UINT fWinIni)
extrn SystemParametersInfoA:dword ; CODE XREF: sub_4059CE+158�p
; DATA XREF: sub_4059CE+158�r ...
; ATOM __stdcall RegisterClassA(const WNDCLASSA *lpWndClass)
extrn RegisterClassA:dword ; CODE XREF: sub_4059CE+140�p
; sub_4059CE+218�p
; DATA XREF: ...
; BOOL __stdcall SetDlgItemTextA(HWND hDlg, int nIDDlgItem, LPCSTR lpString)
extrn __imp_SetDlgItemTextA:dword ; DATA XREF: SetDlgItemTextA�r
; .text:00408BF8�r
; UINT __stdcall GetDlgItemTextA(HWND hDlg, int nIDDlgItem, LPSTR lpString, int nMaxCount)
extrn GetDlgItemTextA:dword ; CODE XREF: sub_405CD1+13�p
; DATA XREF: sub_405CD1+13�r ...
; int __stdcall MessageBoxA(HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType)
extrn MessageBoxA:dword ; CODE XREF: sub_405CED+39�p
; DATA XREF: sub_405CED+39�r ...
; int __stdcall wvsprintfA(LPSTR, LPCSTR, va_list arglist)
extrn wvsprintfA:dword ; CODE XREF: sub_406171+E�p
; DATA XREF: sub_406171+E�r ...
; BOOL __stdcall SetForegroundWindow(HWND hWnd)
extrn SetForegroundWindow:dword ; CODE XREF: sub_40161F+175�p
; DATA XREF: sub_40161F+175�r ...
; BOOL __stdcall ShowWindow(HWND hWnd, int nCmdShow)
extrn ShowWindow:dword ; CODE XREF: sub_40161F+1D4�p
; sub_40161F+1E8�p ...
; LPSTR __stdcall CharPrevA(LPCSTR lpszStart, LPCSTR lpszCurrent)
extrn CharPrevA:dword ; CODE XREF: sub_40161F+4E3�p
; sub_40161F+182B�p ...
; int wsprintfA(LPSTR, LPCSTR, ...)
extrn wsprintfA:dword ; CODE XREF: sub_40161F+97C�p
; sub_40161F+CA4�p ...
; LRESULT __stdcall SendMessageTimeoutA(HWND hWnd, UINT Msg, WPARAM wParam, LPARAM lParam, UINT fuFlags, UINT uTimeout, LPDWORD lpdwResult)
extrn SendMessageTimeoutA:dword ; CODE XREF: sub_40161F+AA6�p
; DATA XREF: sub_40161F+AA6�r ...
; HWND __stdcall FindWindowExA(HWND, HWND, LPCSTR, LPCSTR)
extrn FindWindowExA:dword ; CODE XREF: sub_40161F+AED�p
; DATA XREF: sub_40161F+AED�r ...
; BOOL __stdcall IsWindow(HWND hWnd)
extrn IsWindow:dword ; CODE XREF: sub_40161F+B10�p
; DATA XREF: sub_40161F+B10�r ...
; HWND __stdcall GetDlgItem(HWND hDlg, int nIDDlgItem)
extrn GetDlgItem:dword ; CODE XREF: sub_40161F+B38�p
; sub_40161F+B64�p ...
; LONG __stdcall SetWindowLongA(HWND hWnd, int nIndex, LONG dwNewLong)
extrn SetWindowLongA:dword ; CODE XREF: sub_40161F+B55�p
; sub_404A08+96�p ...
; HANDLE __stdcall LoadImageA(HINSTANCE, LPCSTR, UINT, int, int, UINT)
extrn LoadImageA:dword ; CODE XREF: sub_40161F+B95�p
; sub_4059CE+F9�p
; DATA XREF: ...
; HDC __stdcall GetDC(HWND hWnd)
extrn GetDC:dword ; CODE XREF: sub_40161F+BC4�p
; DATA XREF: sub_40161F+BC4�r ...
; BOOL __stdcall EnableWindow(HWND hWnd, BOOL bEnable)
extrn EnableWindow:dword ; CODE XREF: sub_40161F:loc_40228F�p
; sub_403E7D+A�p ...
; BOOL __stdcall PeekMessageA(LPMSG lpMsg, HWND hWnd, UINT wMsgFilterMin, UINT wMsgFilterMax, UINT wRemoveMsg)
extrn PeekMessageA:dword ; CODE XREF: sub_40161F+D81�p
; sub_40161F+1A0F�p ...
; LONG __stdcall DispatchMessageA(const MSG *lpMsg)
extrn DispatchMessageA:dword ; CODE XREF: sub_40161F+D6F�p
; sub_40161F+19FD�p ...
; BOOL __stdcall InvalidateRect(HWND hWnd, const RECT *lpRect, BOOL bErase)
extrn InvalidateRect:dword ; CODE XREF: sub_40161F+1BB7�p
; DATA XREF: sub_40161F+1BB7�r ...
; LRESULT __stdcall SendMessageA(HWND hWnd, UINT Msg, WPARAM wParam, LPARAM lParam)
extrn SendMessageA:dword ; CODE XREF: sub_4013E7+C4�p
; sub_40161F+ABE�p ...
; LRESULT __stdcall DefWindowProcA(HWND hWnd, UINT Msg, WPARAM wParam, LPARAM lParam)
extrn DefWindowProcA:dword ; CODE XREF: sub_401000+2C�p
; DATA XREF: sub_401000+2C�r ...
; BOOL __stdcall GetClientRect(HWND hWnd, LPRECT lpRect)
extrn GetClientRect:dword ; CODE XREF: sub_401000+5B�p
; sub_40161F+B71�p ...
; int __stdcall FillRect(HDC hDC, const RECT *lprc, HBRUSH hbr)
extrn FillRect:dword ; CODE XREF: sub_401000+E4�p
; DATA XREF: sub_401000+E4�r ...
; int __stdcall DrawTextA(HDC hDC, LPCSTR lpString, int nCount, LPRECT lpRect, UINT uFormat)
extrn DrawTextA:dword ; CODE XREF: sub_401000+156�p
; DATA XREF: sub_401000+156�r ...
; BOOL __stdcall EndPaint(HWND hWnd, const PAINTSTRUCT *lpPaint)
extrn EndPaint:dword ; CODE XREF: sub_401000+16E�p
; DATA XREF: sub_401000+16E�r ...
; HDC __stdcall BeginPaint(HWND hWnd, LPPAINTSTRUCT lpPaint)
extrn BeginPaint:dword ; CODE XREF: sub_401000+47�p
; DATA XREF: sub_401000+47�r ...
;
; Imports from VERSION.dll
;
; DWORD __stdcall GetFileVersionInfoSizeA(LPSTR lptstrFilename, LPDWORD lpdwHandle)
extrn __imp_GetFileVersionInfoSizeA:dword
; DATA XREF: GetFileVersionInfoSizeA�r
; BOOL __stdcall GetFileVersionInfoA(LPSTR lptstrFilename, DWORD dwHandle, DWORD dwLen, LPVOID lpData)
extrn __imp_GetFileVersionInfoA:dword ; DATA XREF: GetFileVersionInfoA�r
; BOOL __stdcall VerQueryValueA(const LPVOID pBlock, LPSTR lpSubBlock, LPVOID *lplpBuffer, PUINT puLen)
extrn __imp_VerQueryValueA:dword ; DATA XREF: VerQueryValueA�r
;
; Imports from ole32.dll
;
; void __stdcall OleUninitialize()
extrn OleUninitialize:dword ; CODE XREF: start+2CA�p
; StartAddress+7B�p
; DATA XREF: ...
; HRESULT __stdcall OleInitialize(LPVOID pvReserved)
extrn OleInitialize:dword ; CODE XREF: start+29�p
; StartAddress+10�p
; DATA XREF: ...
; HRESULT __stdcall CoCreateInstance(const CLSID *const rclsid, LPUNKNOWN pUnkOuter, DWORD dwClsContext, const IID *const riid, LPVOID *ppv)
extrn CoCreateInstance:dword ; CODE XREF: sub_40161F+1088�p
; DATA XREF: sub_40161F+1088�r ...
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read
_rdata segment para public 'DATA' use32
assume cs:_rdata
;org 4092A8h
dd 3 dup(0)
a2k6d db '26D',0
align 4
dd 2, 84h, 0C414h, 0B614h
; char aLoggingSetToD[]
aLoggingSetToD db 'logging set to %d',0 ; DATA XREF: sub_40161F+1A6B�o
align 10h
; char aSettingsLoggin[]
aSettingsLoggin db 'settings logging to %d',0 ; DATA XREF: sub_40161F+1A5D�o
align 4
; char aFileExtracti_0[]
aFileExtracti_0 db 'File Extraction: failed createprocess on uninstaller ("%s")',0
; DATA XREF: sub_40161F+1A47�o
; char aFileExtraction[]
aFileExtraction db 'File Extraction: success ("%s")',0 ; DATA XREF: sub_40161F+19CF�o
; char a_?[]
a_? db '" _?=',0 ; DATA XREF: sub_40161F+19B0�o
align 4
; char asc_40935C[]
asc_40935C db ' /x "',0 ; DATA XREF: sub_40161F+199C�o
align 4
; char aCreatedUninsta[]
aCreatedUninsta db 'created uninstaller: %d, "%s"',0 ; DATA XREF: sub_40161F+195C�o
align 4
; char aWriteregErrorC[]
aWriteregErrorC db 'WriteReg: error creating key %d\%s',0 ; DATA XREF: sub_40161F+14AF�o
align 4
; char aWriteregbinSet[]
aWriteregbinSet db 'WriteRegBin: set %d\%s\%s with %d bytes',0 ; DATA XREF: sub_40161F+147B�o
; char aWriteregdwordS[]
aWriteregdwordS db 'WriteRegDWORD: set %d\%s\%s to %d',0 ; DATA XREF: sub_40161F+144D�o
align 4
; char aWriteregstrSet[]
aWriteregstrSet db 'WriteRegStr: set %d\%s\%s to %s',0 ; DATA XREF: sub_40161F+1420�o
; char aDeleteregkeyDS[]
aDeleteregkeyDS db 'DeleteRegKey: %d\%s',0 ; DATA XREF: sub_40161F+135F�o
; char aDeleteregvalue[]
aDeleteregvalue db 'DeleteRegValue: %d\%s\%s',0 ; DATA XREF: sub_40161F+133B�o
align 4
; char aWriteinistrWro[]
aWriteinistrWro db 'WriteINIStr: wrote [%s] %s=%s in %s',0 ; DATA XREF: sub_40161F+12A2�o
; char aRm[]
aRm db '<RM>',0 ; DATA XREF: sub_40161F+123C�o
align 10h
; char aCopyfilesSS[]
aCopyfilesSS db 'CopyFiles "%s"->"%s"',0 ; DATA XREF: sub_40161F+1195�o
align 4
; char aCreateshortcut[]
aCreateshortcut db 'CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d'
; DATA XREF: sub_40161F+1069�o
db 0
align 4
; char aErrorRegiste_1[]
aErrorRegiste_1 db 'Error registering DLL: Could not initialize OLE',0
; DATA XREF: sub_40161F+FEA�o
; char aErrorRegiste_0[]
aErrorRegiste_0 db 'Error registering DLL: Could not load ',27h,'%s',27h,' -> ',27h,'%s',27h,0
; DATA XREF: sub_40161F+FD4�o
align 10h
; char aErrorRegisteri[]
aErrorRegisteri db 'Error registering DLL: %s not found in %s',0
; DATA XREF: sub_40161F+F95�o
align 4
; char aRegdllCouldNot[]
aRegdllCouldNot db 'RegDLL: Could not load ',27h,'%s',27h,' -> ',27h,'%s',27h,0
; DATA XREF: sub_40161F+F18�o
; char SubBlock[]
SubBlock: ; DATA XREF: sub_40161F+E65�o
; sub_4061CB+1B�o ...
unicode 0, <\>,0
aExecFailedCrea db 'Exec: failed createprocess ("%s")',0 ; DATA XREF: sub_40161F+DD0�o
align 4
; char aExecSuccessS[]
aExecSuccessS db 'Exec: success ("%s")',0 ; DATA XREF: sub_40161F+D3D�o
align 10h
; char aExecCommandS[]
aExecCommandS db 'Exec: command="%s"',0 ; DATA XREF: sub_40161F+D12�o
align 4
; char aExecshellSucce[]
aExecshellSucce db 'ExecShell: success ("%s": file:"%s" params:"%s")',0
; DATA XREF: sub_40161F+CF6�o
align 4
; char aExecshellWarni[]
aExecshellWarni db 'ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d',0
; DATA XREF: sub_40161F+CE1�o
align 4
; char aSS[]
aSS db '%s %s',0 ; DATA XREF: sub_40161F+C98�o
align 4
; char aHidewindow[]
aHidewindow db 'HideWindow',0 ; DATA XREF: sub_40161F+C52�o
align 4
; char aPopStackEmpty[]
aPopStackEmpty db 'Pop: stack empty',0 ; DATA XREF: sub_40161F+9EC�o
align 4
; char aExchStackDElem[]
aExchStackDElem db 'Exch: stack < %d elements',0 ; DATA XREF: sub_40161F+9A6�o
align 4
; char aRmdirS[]
aRmdirS db 'RMDir: "%s"',0 ; DATA XREF: sub_40161F+78F�o
; char aMessageboxDS[]
aMessageboxDS db 'MessageBox: %d,"%s"',0 ; DATA XREF: sub_40161F+74C�o
aDeleteS db 'Delete: "%s"',0 ; DATA XREF: sub_40161F+737�o
align 4
; char aS[]
aS db '%s',0 ; DATA XREF: sub_40161F+711�o
; sub_40161F+1A9A�o
align 4
; char aFileWroteDToS[]
aFileWroteDToS db 'File: wrote %d to "%s"',0 ; DATA XREF: sub_40161F+6B6�o
align 4
; char aFileErrorUserC[]
aFileErrorUserC db 'File: error, user cancel',0 ; DATA XREF: sub_40161F:loc_401C96�o
align 10h
; char aFileSkippedSOv[]
aFileSkippedSOv db 'File: skipped: "%s" (overwriteflag=%d)',0 ; DATA XREF: sub_40161F+665�o
align 4
; char aFileErrorUserA[]
aFileErrorUserA db 'File: error, user abort',0 ; DATA XREF: sub_40161F+638�o
; char aFileErrorUserR[]
aFileErrorUserR db 'File: error, user retry',0 ; DATA XREF: sub_40161F+625�o
; char aFileErrorCreat[]
aFileErrorCreat db 'File: error creating "%s"',0 ; DATA XREF: sub_40161F+5DD�o
align 4
; char aFileOverwritef[]
aFileOverwritef db 'File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"',0
; DATA XREF: sub_40161F+518�o
align 10h
aRenameFailedS db 'Rename failed: %s',0 ; DATA XREF: sub_40161F+380�o
align 4
aRenameOnReboot db 'Rename on reboot: %s',0 ; DATA XREF: sub_40161F+36E�o
align 4
; char aRenameS[]
aRenameS db 'Rename: %s',0 ; DATA XREF: sub_40161F+32A�o
align 4
; char String2[]
String2 db '->',0 ; DATA XREF: sub_40161F+31D�o
align 4
; char aIffileexists_0[]
aIffileexists_0 db 'IfFileExists: file "%s" does not exist, jumping %d',0
; DATA XREF: sub_40161F+2C5�o
align 10h
; char aIffileexistsFi[]
aIffileexistsFi db 'IfFileExists: file "%s" exists, jumping %d',0
; DATA XREF: sub_40161F+2AF�o
align 4
; char aCreatedirector[]
aCreatedirector db 'CreateDirectory: "%s" (%d)',0 ; DATA XREF: sub_40161F+240�o
align 4
; char aSetfileattri_0[]
aSetfileattri_0 db 'SetFileAttributes failed.',0 ; DATA XREF: sub_40161F+21C�o
align 4
; char aSetfileattribu[]
aSetfileattribu db 'SetFileAttributes: "%s":%08X',0 ; DATA XREF: sub_40161F+1FD�o
align 4
; char aBringtofront[]
aBringtofront db 'BringToFront',0 ; DATA XREF: sub_40161F:loc_401786�o
align 4
; char aSleepD[]
aSleepD db 'Sleep(%d)',0 ; DATA XREF: sub_40161F+147�o
align 10h
; char aDetailprintS[]
aDetailprintS db 'detailprint: %s',0 ; DATA XREF: sub_40161F+123�o
; char aCallD[]
aCallD db 'Call: %d',0 ; DATA XREF: sub_40161F+D5�o
align 4
; char aAbortingS[]
aAbortingS db 'Aborting: "%s"',0 ; DATA XREF: sub_40161F+7F�o
align 4
; char aJumpD[]
aJumpD db 'Jump: %d',0 ; DATA XREF: sub_40161F+63�o
align 4
; char a___D[]
a___D db '... %d%%',0 ; DATA XREF: sub_403412+145�o
align 8
aTheInstallerYo db 'The installer you are trying to use is corrupted or incomplete.',0Ah
; DATA XREF: sub_403646:loc_403846�o
db 'This could be the result of a damaged disk, a failed download or '
db 'a virus.',0Ah
db 0Ah
db 'You may want to contact the author of this installer to obtain a '
db 'new copy.',0Ah
db 0Ah
db 'It may be possible to skip this check using the /NCRC command lin'
db 'e switch',0Ah
db '(NOT RECOMMENDED).',0
aVerifyingInsta db 'verifying installer: %d%%',0 ; DATA XREF: sub_403646+14A�o
align 4
aErrorLaunching db 'Error launching installer',0 ; DATA XREF: sub_403646+56�o
; start+27F�o
align 4
aSeshutdownpriv db 'SeShutdownPrivilege',0 ; DATA XREF: start+45A�o
; char aAdjusttokenpri[]
aAdjusttokenpri db 'AdjustTokenPrivileges',0 ; DATA XREF: start+425�o
align 10h
; char aLookupprivileg[]
aLookupprivileg db 'LookupPrivilegeValueA',0 ; DATA XREF: start+419�o
align 4
; char ProcName[]
ProcName db 'OpenProcessToken',0 ; DATA XREF: start+411�o
align 4
; char ModuleName[]
ModuleName db 'ADVAPI32.dll',0 ; DATA XREF: start+3F8�o
align 4
; char a_?_0[]
a_?_0 db ' _?=',0 ; DATA XREF: start+39F�o
align 4
; char asc_409AD4[]
asc_409AD4 db '" ',0 ; DATA XREF: start:loc_403CEA�o
align 4
aOutOfMemory db 'Out of Memory',0 ; DATA XREF: start:loc_403BCB�o
align 4
aExtractionPath db 'Extraction pathname not properly delimited.',0Ah
; DATA XREF: start:loc_403BC4�o
db 0Ah
db 'Try using quotes or a shorter path.',0
align 4
; char aCNsis_extractf[]
aCNsis_extractf db 'C:\NSIS_ExtractFiles\',0 ; DATA XREF: start+233�o
align 4
; char aTemp[]
aTemp db '\Temp',0 ; DATA XREF: start+6A�o
align 4
; char aNsisError[]
aNsisError db 'NSIS Error',0 ; DATA XREF: start+2F�o
align 4
; char aErrorWritingTe[]
aErrorWritingTe db 'Error writing temporary file. Make sure your temp folder is valid'
; DATA XREF: start+12�o
db '.',0
align 4
aNsiszlib_bin db 'nsiszlib.bin',0 ; DATA XREF: start+9�o
align 4
; char aInstall_log[]
aInstall_log db 'install.log',0 ; DATA XREF: sub_403F6C+1B�o
; char Operation[]
Operation db 'open',0 ; DATA XREF: sub_40412D+209�o
align 10h
; char aU_USS[]
aU_USS db '%u.%u%s%s',0 ; DATA XREF: sub_404419+5A�o
; char word_409BDA[]
word_409BDA dw 0 ; DATA XREF: sub_4044DD:loc_404798�o
; char aGetdiskfreespa[]
aGetdiskfreespa db 'GetDiskFreeSpaceExA',0 ; DATA XREF: sub_4044DD+217�o
; char aKernel32_dll[]
aKernel32_dll db 'KERNEL32.dll',0 ; DATA XREF: sub_4044DD:loc_4046E0�o
; sub_406326+D�o
align 10h
; char aSectionS[]
aSectionS db 'Section: "%s"',0 ; DATA XREF: StartAddress+43�o
align 10h
; char aSkippingSectio[]
aSkippingSectio db 'Skipping section: "%s"',0 ; DATA XREF: StartAddress+34�o
align 4
; char aNewInstallOfST[]
aNewInstallOfST db 'New install of "%s" to "%s"',0 ; DATA XREF: sub_405176+B2�o
; char a_exe[]
a_exe db '.exe',0 ; DATA XREF: sub_4059CE+81�o
align 4
; BYTE dword_409C4C
dword_409C4C dd 0FCh ; char aD[]
aD db '%d',0 ; DATA XREF: sub_405F80+4�o
align 4
; char a?[]
a? db '*?|<>/":',0 ; DATA XREF: sub_40602E+52�o
align 10h
; char asc_409C60[]
asc_409C60 db 0Dh,0Ah,0 ; DATA XREF: sub_4060D2+6E�o
align 4
; char asc_409C64[]
asc_409C64 db 0Ah ; DATA XREF: sub_406326:loc_4065E0�o
db '[',0
align 4
; char aRename[]
aRename db '[Rename]',0Dh,0Ah,0 ; DATA XREF: sub_406326+283�o
; sub_406326+292�o
align 4
; char aWininit_ini[]
aWininit_ini db '\wininit.ini',0 ; DATA XREF: sub_406326+205�o
align 4
; char aErrorCouldNo_0[]
aErrorCouldNo_0 db 'ERROR: Could not create set up ',27h,'%s',27h,' for delete on reboot (2'
; DATA XREF: sub_406326+1ED�o
db ')',0
align 4
aErrorCouldNotC db 'ERROR: Could not create set up ',27h,'%s',27h,' for delete on reboot (1'
; DATA XREF: sub_406326+1DF�o
db ')',0
align 4
; char aSoftwareMicr_0[]
aSoftwareMicr_0 db 'Software\Microsoft\Windows\CurrentVersion\RunOnceEx\NSIS',0
; DATA XREF: sub_406326+1C5�o
align 10h
; char aCommandCRmdirS[]
aCommandCRmdirS db 'command /c rmdir "%s"',0 ; DATA XREF: sub_406326+1A5�o
align 4
; char aS_08ld[]
aS_08ld db '%s_%08ld',0 ; DATA XREF: sub_406326+198�o
align 4
; char aSoftwareMicros[]
aSoftwareMicros db 'Software\Microsoft\Windows\CurrentVersion\RunOnceEx',0
; DATA XREF: sub_406326+13B�o
; char aFlags[]
aFlags db 'Flags',0 ; DATA XREF: sub_406326+136�o
align 10h
; char aNul[]
aNul db 'NUL',0 ; DATA XREF: sub_406326:loc_40643C�o
; char aSS_0[]
aSS_0 db '%s=%s',0Dh,0Ah,0 ; DATA XREF: sub_406326+CB�o
; char aMovefileexa[]
aMovefileexa db 'MoveFileExA',0 ; DATA XREF: sub_406326+73�o
; char aCProgramFiles[]
aCProgramFiles db 'C:\Program Files',0 ; DATA XREF: sub_4066B7+FD�o
align 4
; char aProgramfilesdi[]
aProgramfilesdi db 'ProgramFilesDir',0 ; DATA XREF: sub_4066B7+E4�o
; char phkResult[]
phkResult db 'Software\Microsoft\Windows\CurrentVersion',0 ; DATA XREF: sub_4066B7+CF�o
; sub_4066B7+E9�o
align 4
; char aCommonfilesdir[]
aCommonfilesdir db 'CommonFilesDir',0 ; DATA XREF: sub_4066B7+CA�o
align 4
aMicrosoftInter db '\Microsoft\Internet Explorer\Quick Launch',0 ; DATA XREF: sub_4066B7+B7�o
align 4
; char aRmdirRemoved_1[]
aRmdirRemoved_1 db 'RMDir: RemoveDirectory failed("%s")',0
; DATA XREF: sub_4068E6:loc_406AD6�o
; char aRmdirRemoved_0[]
aRmdirRemoved_0 db 'RMDir: RemoveDirectory on Reboot("%s")',0 ; DATA XREF: sub_4068E6+1D3�o
align 10h
; char aRmdirRemovedir[]
aRmdirRemovedir db 'RMDir: RemoveDirectory("%s")',0 ; DATA XREF: sub_4068E6+1B5�o
align 10h
; char aDeleteDelete_1[]
aDeleteDelete_1 db 'Delete: DeleteFile failed("%s")',0 ; DATA XREF: sub_4068E6:loc_406A45�o
; char aDeleteDelete_0[]
aDeleteDelete_0 db 'Delete: DeleteFile on Reboot("%s")',0 ; DATA XREF: sub_4068E6+141�o
align 4
; char aDeleteDeletefi[]
aDeleteDeletefi db 'Delete: DeleteFile("%s")',0 ; DATA XREF: sub_4068E6+112�o
align 10h
; char a_[]
a_ db '\*.*',0 ; DATA XREF: sub_4068E6+86�o
align 4
; char aDeleteErrorSDo[]
aDeleteErrorSDo db 'Delete: ERROR -- "%s" does not exist. Skipping delete.',0
; DATA XREF: sub_4068E6+21�o
align 10h
byte_409F50 db 10h ; DATA XREF: sub_406E81+3CE�r
; sub_406E81+3FF�r
db 11h, 12h, 0
dd 6090708h, 40B050Ah, 20D030Ch, 0F010Eh
dword_409F64 dd 40003h, 60005h, 80007h, 0A0009h, 0D000Bh, 11000Fh, 170013h
; DATA XREF: sub_406E81+168�o
; sub_406E81+5DE�o
dd 1F001Bh, 2B0023h, 3B0033h, 530043h, 730063h, 0A30083h
dd 0E300C3h, 102h, 0
dword_409FA4 dd 4 dup(0) ; sub_406E81+5D9�o
dd 2 dup(10001h), 2 dup(20002h), 2 dup(30003h), 2 dup(40004h)
dd 2 dup(50005h), 700000h, 70h
dword_409FE4 dd 20001h, 40003h, 70005h, 0D0009h, 190011h, 310021h, 610041h
; DATA XREF: sub_406E81+19F�o
; sub_406E81+624�o
dd 0C10081h, 1810101h, 3010201h, 6010401h, 0C010801h, 18011001h
dd 30012001h, 60014001h
dword_40A020 dd 2 dup(0) ; sub_406E81+61F�o
dd 10001h, 20002h, 30003h, 40004h, 50005h, 60006h, 70007h
dd 80008h, 90009h, 0A000Ah, 0B000Bh, 0C000Ch, 0D000Dh
; char aFccreatekey[]
aFccreatekey db 'FCCreateKey',0 ; DATA XREF: sub_4079D0+7�o
; char aFcsetkeyoption[]
aFcsetkeyoption db 'FCSetKeyOptions',0 ; DATA XREF: sub_4079D0+F�o
; char aFccreatepersis[]
aFccreatepersis db 'FCCreatePersistentKey',0 ; DATA XREF: sub_4079D0+1C�o
align 10h
; char aFccreatecounte[]
aFccreatecounte db 'FCCreateCounter',0 ; DATA XREF: sub_4079D0+29�o
; char aFccreatepers_0[]
aFccreatepers_0 db 'FCCreatePersistentCounter',0 ; DATA XREF: sub_4079D0+36�o
align 4
; char aFcflushnonshar[]
aFcflushnonshar db 'FCFlushNonSharedPersistentKeys',0 ; DATA XREF: sub_4079D0+43�o
align 4
; char aFcadddatatokey[]
aFcadddatatokey db 'FCAddDataToKey',0 ; DATA XREF: sub_4079D0+50�o
align 4
; char aFcdeletedatafr[]
aFcdeletedatafr db 'FCDeleteDataFromKey',0 ; DATA XREF: sub_4079D0+5D�o
; char aFcaddinttokey[]
aFcaddinttokey db 'FCAddIntToKey',0 ; DATA XREF: sub_4079D0+6A�o
align 10h
; char aFcdeleteintfro[]
aFcdeleteintfro db 'FCDeleteIntFromKey',0 ; DATA XREF: sub_4079D0+77�o
align 4
; char aFcaddstringtok[]
aFcaddstringtok db 'FCAddStringToKey',0 ; DATA XREF: sub_4079D0+84�o
align 4
; char aFcdeletestring[]
aFcdeletestring db 'FCDeleteStringFromKey',0 ; DATA XREF: sub_4079D0+91�o
align 10h
; char aFcregistermemo[]
aFcregistermemo db 'FCRegisterMemory',0 ; DATA XREF: sub_4079D0+EC�o
align 4
; char aFcunregisterme[]
aFcunregisterme db 'FCUnregisterMemory',0 ; DATA XREF: sub_4079D0+F9�o
align 4
; char aFcadddatetokey[]
aFcadddatetokey db 'FCAddDateToKey',0 ; DATA XREF: sub_4079D0+9E�o
align 4
; char aFcdeletedatefr[]
aFcdeletedatefr db 'FCDeleteDateFromKey',0 ; DATA XREF: sub_4079D0+AB�o
; char aFcsetcounter[]
aFcsetcounter db 'FCSetCounter',0 ; DATA XREF: sub_4079D0+B8�o
align 4
; char aFcincrementcou[]
aFcincrementcou db 'FCIncrementCounter',0 ; DATA XREF: sub_4079D0+C5�o
align 10h
; char aFcdecrementcou[]
aFcdecrementcou db 'FCDecrementCounter',0 ; DATA XREF: sub_4079D0+D2�o
align 4
; char aFcgetcounter[]
aFcgetcounter db 'FCGetCounter',0 ; DATA XREF: sub_4079D0+DF�o
align 4
; char aFctriggerinter[]
aFctriggerinter db 'FCTriggerInternal1',0 ; DATA XREF: sub_4079D0+188�o
align 4
; char aFccreatesuppor[]
aFccreatesuppor db 'FCCreateSupportIncidentInternal',0 ; DATA XREF: sub_4079D0+195�o
; char aFctraceinterna[]
aFctraceinterna db 'FCTraceInternal',0 ; DATA XREF: sub_4079D0+120�o
; char aFcassertintern[]
aFcassertintern db 'FCAssertInternal1',0 ; DATA XREF: sub_4079D0+12D�o
align 4
; char aFccleanup[]
aFccleanup db 'FCCleanup',0 ; DATA XREF: sub_4079D0+13A�o
align 4
aFcorphanloadco db 'FCOrphanLoadCount',0
align 4
; char aFcassertparami[]
aFcassertparami db 'FCAssertParamInternal1',0 ; DATA XREF: sub_4079D0+147�o
align 4
; char aFctraceparamin[]
aFctraceparamin db 'FCTraceParamInternal',0 ; DATA XREF: sub_4079D0+154�o
align 4
; char aFclibraryversi[]
aFclibraryversi db 'FCLibraryVersion',0 ; DATA XREF: sub_4079D0+161�o
align 10h
; char aFcinitializewi[]
aFcinitializewi db 'FCInitializeWithManifestInternal',0 ; DATA XREF: sub_4079D0+16E�o
align 4
; char aFcinitialize_0[]
aFcinitialize_0 db 'FCInitializeWithManifestInternalEx',0 ; DATA XREF: sub_4079D0+17B�o
align 4
; char aFcsetminidump[]
aFcsetminidump db 'FCSetMiniDump',0 ; DATA XREF: sub_4079D0+113�o
align 4
; char aFcexceptionhan[]
aFcexceptionhan db 'FCExceptionHandler',0 ; DATA XREF: sub_4079D0+106�o
align 4
; char aFcsetuistate[]
aFcsetuistate db 'FCSetUIState',0 ; DATA XREF: sub_4079D0+1A2�o
align 4
; char aFcclearkeys[]
aFcclearkeys db 'FCClearKeys',0 ; DATA XREF: sub_4079D0+1AF�o
; char aFcclearcounter[]
aFcclearcounter db 'FCClearCounters',0 ; DATA XREF: sub_4079D0+1BC�o
; char aFcclearkey[]
aFcclearkey db 'FCClearKey',0 ; DATA XREF: sub_4079D0+1C9�o
align 4
; char aFcdeletekey[]
aFcdeletekey db 'FCDeleteKey',0 ; DATA XREF: sub_4079D0+1D6�o
; char aFcstarttimer[]
aFcstarttimer db 'FCStartTimer',0 ; DATA XREF: sub_4079D0+1E3�o
align 10h
; char aFcheartbeattim[]
aFcheartbeattim db 'FCHeartbeatTimer',0 ; DATA XREF: sub_4079D0+1F0�o
align 4
; char aFcendtimer[]
aFcendtimer db 'FCEndTimer',0 ; DATA XREF: sub_4079D0+1FD�o
align 10h
; char aFcgetsessionun[]
aFcgetsessionun db 'FCGetSessionUniqueID',0 ; DATA XREF: sub_4079D0+20F�o
align 4
; char aFcsetlocale[]
aFcsetlocale db 'FCSetLocale',0 ; DATA XREF: sub_4079D0+217�o
; char aFcrunmemtest[]
aFcrunmemtest db 'FCRunMemTest',0 ; DATA XREF: sub_4079D0+224�o
align 4
; char aInstalldir[]
aInstalldir db 'InstallDir',0 ; DATA XREF: sub_4083A3+148�o
align 10h
; char aSoftwareAmer_0[]
aSoftwareAmer_0 db 'Software\America Online\AOL Diagnostics',0 ; DATA XREF: sub_4083A3+126�o
; char ValueName[]
ValueName db 'LoaderPath',0 ; DATA XREF: sub_4083A3+D5�o
align 4
; char SubKey[]
SubKey db 'Software\America Online\Loader',0 ; DATA XREF: sub_4083A3+AF�o
align 4
; char aTalkback_exe[]
aTalkback_exe db 'talkback.exe',0 ; DATA XREF: sub_4083A3+5B�o
align 4
; char aTbdiag_dll[]
aTbdiag_dll db 'tbdiag.dll',0 ; DATA XREF: sub_4083A3+C�o
align 10h
dd 80F30233h, 11D2B7DFh, 60003BA3h, 0D45BDF97h, 0E13EF4E4h
dd 11D0D2F2h, 0C0001698h, 7219D94Fh, 596A9A94h, 11D1013Eh
dd 0A000348Dh, 19270FC9h, 40B96610h, 11D1B522h, 0AA00B4B3h
dd 0E7FD6E00h, 9493A810h, 11D0EC38h, 0AA0046BCh, 0F5E26C00h
dd 5C9F0A12h, 11D0959Eh, 0A000A4A3h, 362608C9h, 0A6C17EB4h
dd 11D22D65h, 0C0008F83h, 0D018D94Fh, 743CA664h, 11D10DEBh
dd 0C0002598h, 7219D94Fh, 165EBAF4h, 11D26D51h, 0C000AD83h
dd 0D018D94Fh, 0D1E7AFEBh, 11D06A2Eh, 0C000788Ch, 0B418D94Fh
dd 8C278EECh, 11D13EABh, 0C000B08Ch, 0D018D94Fh, 0ED9CC020h
dd 11D108B9h, 0C0002398h, 7219D94Fh, 6D5313C0h, 11D18C62h
dd 6000CDB2h, 118CDF97h, 4434FF80h, 11CEEF4Ch, 865AEh
dd 62122E2Bh, 0D82BE2B0h, 11D05764h, 0C0006EA9h, 0A205D74Fh
dd 0E5CBF21h, 11D0D15Fh, 0AA000183h, 83435B00h, 87D605E0h
dd 11CFC511h, 0A000A989h, 294105C9h, 0FAADFC40h, 4B69B777h
dd 37781AAh, 0E8E6F05Eh, 4621A4E3h, 4773F0D6h, 0E7469C8Ah
dd 4048177Bh, 3981E228h, 11D3F559h, 0C0003A8Eh, 0D537684Fh
dd 1CEBB3ABh, 499A7C10h, 0CA9217A4h, 83CBC416h, 3981E227h
dd 11D3F559h, 0C0003A8Eh, 0D537684Fh, 3981E226h, 11D3F559h
dd 0C0003A8Eh, 0D537684Fh, 3981E225h, 11D3F559h, 0C0003A8Eh
dd 0D537684Fh, 3981E224h, 11D3F559h, 0C0003A8Eh, 0D537684Fh
dd 0D969A300h, 11D0E7FFh, 0A0003BA9h, 19270FC9h, 53C74826h
dd 4D33AB99h, 1731A4ACh, 88371DF5h, 0FEF10FA2h, 4E06355Eh
dd 249B8193h, 88CCF7D7h, 889A935Dh, 4B12971Eh, 0DF240CB9h
dd 0E8E5E1C9h, 49E1B500h, 11D34636h, 0C000F797h, 0B3D0454Fh
dd 1E18D10h, 11D24D8Bh, 60005D85h, 67930508h, 3050F3B4h
dd 11CF98B5h, 0AA0082BBh, 0BCEBD00h, 3050F3B3h, 11CF98B5h
dd 0AA0082BBh, 0BCEBD00h, 3050F3BBh, 11CF98B5h, 0AA0082BBh
dd 0BCEBD00h, 0DE5BF786h, 11D2477Ah, 0C0009D83h, 0D018D94Fh
dd 4657278Bh, 11D2411Bh, 0C0009A83h, 0D018D94Fh, 4657278Ah
dd 11D2411Bh, 0C0009A83h, 0D018D94Fh, 12518492h, 11D200B2h
dd 349EA59Fh, 53415220h, 0FFB8655Fh, 4FCE81B9h, 6B9A9CB8h
dd 0E7136DA7h, 12518493h, 11D200B2h, 349EA59Fh, 53415220h
dd 0E700BE1h, 11D19DB6h, 0C000CEA1h, 135DD74Fh, 49691C90h
dd 101A7E17h, 81CA9h, 0A9CD2E2Bh, 9B174B35h, 11D240FFh
dd 0C0007EA2h, 7108C34Fh, 0AEAC19E4h, 450889AEh, 86BBB7B9h
dd 0EDE2BE7Ah, 56A3372Eh, 11D2CE9Ch, 60000E9Fh, 0F686C697h
dd 0F2275480h, 4291F782h, 36F194BDh, 0EC3A5193h, 9B174B34h
dd 11D240FFh, 0C0007EA2h, 7108C34Fh, 328D8B21h, 4BFC7729h
dd 2B904C95h, 0B0569D32h, 9B174B33h, 11D240FFh, 0C0007EA2h
dd 7108C34Fh, 14B81DA1h, 4D310135h, 0BF6CD996h, 991A67C9h
dd 0B725F130h, 101A47EFh, 6002F1A5h, 0ACEB9E8Ch, 28636AA6h
dd 11D2953Dh, 0C000D6B5h, 0D018D94Fh, 93F2F68Ch, 11D31D1Bh
dd 0C0000EA3h, 0D1AB794Fh, 7057E952h, 11D1BD1Bh, 0C0001989h
dd 36C8C24Fh, 0CFCCC7A0h, 11D1A282h, 60008290h, 82930508h
dd 2CE4B5D8h, 11D2A28Fh, 0C000C586h, 99EA8E4Fh, 178F34B8h
dd 11D2A282h, 0C000C586h, 99EA8E4Fh, 1E796980h, 11D19CC5h
dd 0C0003FA8h, 619DC94Fh, 0FB700430h, 11D1952Ch, 6F94h
dd 0
dd 93A68750h, 11D1951Ah, 6F94h, 0
dd 0D2E74C4h, 11D23C34h, 0C0007EA2h, 7108C34Fh, 24F14F02h
dd 11D17B1Ch, 8F83h, 0CF6104F8h, 24F14F01h, 11D17B1Ch
dd 8F83h, 0CF6104F8h, 0E8025004h, 11D21C42h, 0A0002CBEh
dd 0A13DA8C9h, 0A07034FDh, 49546CAAh, 0A2973FACh, 8AF91672h
dd 0C46CA590h, 11D23C3Fh, 0E6BEh, 57CA05F8h, 0D2A105C0h
dd 11D187D5h, 9183h, 0CF6104F8h, 74C26041h, 11D170D1h
dd 0A0005AB7h, 0FE6405C9h, 0B22754E2h, 11D14574h, 60008898h
dd 0F9ACDE97h, 52502EE0h, 11D0EC80h, 0C000AB89h, 2D97C24Fh
dd 0F490EB00h, 11D11240h, 60008898h, 0F9ACDE97h, 75048700h
dd 11D0EF1Fh, 60008898h, 0F9ACDE97h, 0B091E540h, 11CF83E3h
dd 200013A7h, 6297D7AFh, 4C96BE40h, 11CF915Ch, 0AA00D399h
dd 37E84A00h, 0EBBC7C04h, 11D2315Eh, 60002FB6h, 0D45BDF97h
dd 0F8383852h, 11D1FCD3h, 6000B9A6h, 0D45BDF97h, 6935DB93h
dd 4CCC21E8h, 0E39FB9BEh, 7A297AC7h, 0BB2765h, 11D06A77h
dd 0C00035A5h, 62D0D74Fh, 6756A641h, 11D0DE71h, 0AA001B83h
dd 83435B00h, 3C036F1h, 11D0A186h, 0AA004A82h, 83435B00h
dd 0BB2764h, 11D06A77h, 0C00035A5h, 62D0D74Fh, 0BB2763h
dd 11D06A77h, 0C00035A5h, 62D0D74Fh, 91956D21h, 11D19276h
dd 60001A92h, 0D45BDF97h, 470141A0h, 11D25186h, 6000B6BBh
dd 4C467B97h, 77A130B0h, 11D094FDh, 0C00044A5h, 62D0D74Fh
dd 0BB2761h, 11D06A77h, 0C00035A5h, 62D0D74Fh, 0BB2760h
dd 11D06A77h, 0C00035A5h, 62D0D74Fh, 0CFBFAE00h, 11D017A6h
dd 0C000CB99h, 9744D64Fh, 3C374A40h, 11CFBAE4h, 0AA007DBFh
dd 0EE466900h, 0CABB0DA0h, 11CFDA57h, 20007499h, 6297D7AFh
dd 0FBF23B80h, 101BE3F0h, 0AA008884h, 0F8563E00h, 0FBF23B40h
dd 101BE3F0h, 0AA008884h, 0F8563E00h, 0D82BE2B1h, 11D05764h
dd 0C0006EA9h, 0A205D74Fh, 49C3DE7Ch, 11D0D329h, 0C00073ABh
dd 803EC34Fh, 8EEFA624h, 445BD1E9h, 0FB74B794h, 1AA12ECEh
dd 8BEBB290h, 11D052D0h, 0C000F4B7h, 0EC06D74Fh, 65F125E5h
dd 48107BE1h, 71D29DBAh, 0E32C43C8h, 137E7700h, 11CF3573h
dd 869AEh, 62122E2Bh, 0E1FA5E0h, 11CF3573h, 869AEh, 62122E2Bh
dd 89000C0h, 11CF3573h, 869AEh, 62122E2Bh, 57D0E0h, 11CF3573h
dd 869AEh, 62122E2Bh, 710EB7A0h, 11D045EDh, 20004A92h
dd 4DACC7AFh, 7FE80CC8h, 11D0C247h, 0A0003AB9h, 0E11203C9h
dd 5B4DAE26h, 11D0B807h, 0C0001598h, 7219D94Fh, 4AF07F10h
dd 11D0D231h, 0A00042B9h, 0E11203C9h, 6D12FE80h, 11CF7911h
dd 3495h, 0BAE5BC0h, 0BCFCE0A0h, 11D0EC17h, 0A000108Dh
dd 19270FC9h, 1EBDCF80h, 11D0A200h, 0C000A4A3h, 0EC06D74Fh
dd 6DFD582Bh, 11D192E3h, 0C000A398h, 0DA87B64Fh, 48C8118Ch
dd 11D1B924h, 0C000D598h, 0DA87B64Fh, 4EA39266h, 409F7211h
dd 3DF622B6h, 33C516BDh, 85788D00h, 11D06807h, 0C00010B8h
dd 0EC06D74Fh, 0F10B5E34h, 42A7DD3Bh, 4E2F7DAAh, 9BB04BC5h
dd 63B51F81h, 11D0C868h, 0C0009C99h, 0E155D64Fh, 0CEF04FDFh
dd 11D2FE72h, 0C000A587h, 0CF37684Fh, 2047E320h, 11CEF2A9h
dd 865AEh, 62122E2Bh, 10339516h, 11D22894h, 0C0003990h
dd 3EEB8E4Fh, 0C6C4200h, 11D0C589h, 0C0009A99h, 0E155D64Fh
dd 7D688A70h, 11D0C613h, 0C0009B99h, 0E155D64Fh, 47D2657Ah
dd 11D07B27h, 0A000A98Ch, 0E8BF2DC9h, 2A342FC2h, 11D07B26h
dd 0A000A98Ch, 0E8BF2DC9h, 0F1DB8392h, 11D07331h, 0A000998Ch
dd 0E8BF2DC9h, 68284FAAh, 11D06A48h, 0C000788Ch, 0B418D94Fh
dd 0E773F1AFh, 48663A65h, 6F847D85h, 8A59C4C9h, 0AFACED1h
dd 11D1E828h, 32B58791h, 5D57E9F1h, 985F64F0h, 4E02D410h
dd 7DA22BEh, 0E1C5B5F2h, 0ADD8BA80h, 11D0002Bh, 0C0000F8Fh
dd 62D0D74Fh, 5EE44DA4h, 46E36D32h, 5407BC86h, 0E0D0ED0Dh
dd 9F656A2h, 480C41AFh, 0CC16F788h, 1546160Dh, 0AC60F6A0h
dd 11D00FD9h, 0C000CB99h, 9744D64Fh, 5CD52983h, 11D29449h
dd 0C0003A96h, 0F0AD794Fh, 45E2B4AEh, 11D0B1C3h, 0A0002FB9h
dd 0E11203C9h, 88E39E80h, 11CF3578h, 869AEh, 62122E2Bh
dd 8BCE1FA1h, 101B0921h, 0DD00FFB1h, 48CC0C01h, 21500h
dd 0
dd 0C0h, 46000000h, 214FEh, 0
dd 0C0h, 46000000h, 214FCh, 0
dd 0C0h, 46000000h, 214FBh, 0
dd 0C0h, 46000000h, 214FAh, 0
dd 0C0h, 46000000h, 214F9h, 0
dd 0C0h, 46000000h, 214F8h, 0
dd 0C0h, 46000000h, 214F7h, 0
dd 0C0h, 46000000h, 214F6h, 0
dd 0C0h, 46000000h, 214F5h, 0
dd 0C0h, 46000000h, 214F4h, 0
dd 0C0h, 46000000h, 214F3h, 0
dd 0C0h, 46000000h, 214F2h, 0
dd 0C0h, 46000000h, 214F1h, 0
dd 0C0h, 46000000h, 214F0h, 0
dd 0C0h, 46000000h, 214EFh, 0
dd 0C0h, 46000000h
; IID riid
riid dd 214EEh ; Data1 ; DATA XREF: sub_40161F+107A�o
dw 0 ; Data2
dw 0 ; Data3
db 0C0h, 6 dup(0), 46h ; Data4
dd 214EDh, 0
dd 0C0h, 46000000h, 214ECh, 0
dd 0C0h, 46000000h, 214EBh, 0
dd 0C0h, 46000000h, 214EAh, 0
dd 0C0h, 46000000h, 214E9h, 0
dd 0C0h, 46000000h, 214E8h, 0
dd 0C0h, 46000000h, 214E6h, 0
dd 0C0h, 46000000h, 214E5h, 0
dd 0C0h, 46000000h, 214E4h, 0
dd 0C0h, 46000000h, 214E3h, 0
dd 0C0h, 46000000h, 214E2h, 0
dd 0C0h, 46000000h, 214E1h, 0
dd 0C0h, 46000000h, 214D3h, 0
dd 0C0h, 46000000h, 214D2h, 0
dd 0C0h, 46000000h, 214D1h, 0
dd 0C0h, 46000000h, 214D0h, 0
dd 0C0h, 46000000h, 214A1h, 0
dd 0C0h, 46000000h, 214A0h, 0
dd 0C0h, 46000000h, 21494h, 0
dd 0C0h, 46000000h, 21493h, 0
dd 0C0h, 46000000h, 21492h, 0
dd 0C0h, 46000000h, 21491h, 0
dd 0C0h, 46000000h, 21490h, 0
dd 0C0h, 46000000h, 450D8FBAh, 11D0AD25h, 8A898h, 3111B36h
dd 2227A280h, 10693AEAh, 8DEA2h, 9D30302Bh, 21EC2020h
dd 10693AEAh, 8DDA2h, 9D30302Bh, 645FF040h, 101B5081h
dd 0AA00089Fh, 4E952F00h, 0F3364BA0h, 11CE65B9h, 0AA00BAA9h
dd 37E84A00h, 871C5380h, 106942A0h, 8EAA2h, 9D30302Bh
dd 20D04FE0h, 10693AEAh, 8D8A2h, 9D30302Bh, 54A754C0h
dd 11D14BF0h, 0A000EE83h, 49C80DC9h, 0C0542A90h, 11D14BF0h
dd 0A000EE83h, 49C80DC9h, 46E06680h, 11D14BF0h, 0A000EE83h
dd 49C80DC9h, 208D2C60h, 10693AEAh, 8D7A2h, 9D30302Bh
; CLSID rclsid
rclsid dd 21401h ; Data1 ; DATA XREF: sub_40161F+1083�o
dw 0 ; Data2
dw 0 ; Data3
db 0C0h, 6 dup(0), 46h ; Data4
dd 21400h, 0
dd 0C0h, 46000000h, 34h, 0
dd 0C0h, 46000000h, 72380D55h, 43A38D2Bh, 6E2B1385h, 0E93414F3h
dd 1CEh, 0
dd 0C0h, 46000000h, 1D4h, 0
dd 0C0h, 46000000h, 1D5h, 0
dd 0C0h, 46000000h, 1C6h, 0
dd 0C0h, 46000000h, 1C0h, 0
dd 0C0h, 46000000h, 1C1h, 0
dd 0C0h, 46000000h, 947990DEh, 11D2CC28h, 8000F7A0h, 0B18F855Fh
dd 969DC708h, 11D15C76h, 868Dh, 57B004F8h, 0DB2F3ACFh
dd 11D12F86h, 0C000048Eh, 9A98B94Fh, 0DB2F3ACEh, 11D12F86h
dd 0C000048Eh, 9A98B94Fh, 0DB2F3ACDh, 11D12F86h, 0C000048Eh
dd 9A98B94Fh, 0DB2F3ACCh, 11D12F86h, 0C000048Eh, 9A98B94Fh
dd 0DB2F3ACBh, 11D12F86h, 0C000048Eh, 9A98B94Fh, 0DB2F3ACAh
dd 11D12F86h, 0C000048Eh, 9A98B94Fh, 148h, 0
dd 0C0h, 46000000h, 147h, 0
dd 0C0h, 46000000h, 145h, 0
dd 0C0h, 46000000h, 26h, 0
dd 0C0h, 46000000h, 2Bh, 0
dd 0C0h, 46000000h, 0EB0CB9E8h, 11D27996h, 2E87h, 590808F8h
dd 149h, 0
dd 0C0h, 46000000h, 1C733A30h, 11CE2A1Ch, 0AA00E5ADh, 3D774400h
dd 2Ah, 0
dd 0C0h, 46000000h, 29h, 0
dd 0C0h, 46000000h, 25h, 0
dd 0C0h, 46000000h, 33h, 0
dd 0C0h, 46000000h, 32h, 0
dd 0C0h, 46000000h, 31h, 0
dd 0C0h, 46000000h, 30h, 0
dd 0C0h, 46000000h, 0E6D4D92h, 11CF6738h, 0AA000896h, 0B40D6800h
dd 146h, 0
dd 0C0h, 46000000h, 22h, 0
dd 0C0h, 46000000h, 8D19C834h, 11D18879h, 0C000E983h, 0D4C6C24Fh
dd 0BC0BF6AEh, 11D18878h, 0C000E983h, 0D4C6C24Fh, 30F3D47Ah
dd 11D16447h, 0C0003C8Eh, 6D38B94Fh, 0E6D4D90h, 11CF6738h
dd 0AA000896h, 0B40D6800h, 0A9D758A0h, 11CF4617h, 0AA00FC95h
dd 0B40D6800h, 99CAF010h, 11CF415Eh, 0AA001488h, 0F569B500h
dd 144h, 0
dd 0C0h, 46000000h, 140h, 0
dd 0C0h, 46000000h, 13Eh, 0
dd 0C0h, 46000000h, 13Dh, 0
dd 0C0h, 46000000h, 1008C4A0h, 11CF7613h, 2000F19Ah, 0F4726EAFh
dd 0D5F569D0h, 101A593Bh, 869B5h, 7ABF2D2Bh, 0D5F56AFCh
dd 101A593Bh, 869B5h, 7ABF2D2Bh, 0D5F56A34h, 101A593Bh
dd 869B5h, 7ABF2D2Bh, 58A08519h, 493524C8h, 0D83F82B4h
dd 4F3A3323h, 25B15600h, 11D00115h, 0AA000DBFh, 0D2DFB800h
dd 0A5029FB6h, 11D13C34h, 0C000999Ch, 0AA98B94Fh, 594F31D0h
dd 11D07F19h, 0A00094B1h, 0BFC80DC9h, 0D5F56B60h, 101A593Bh
dd 869B5h, 7ABF2D2Bh, 16h, 0
dd 0C0h, 46000000h, 110h, 0
dd 0C0h, 46000000h, 10Eh, 0
dd 0C0h, 46000000h, 151h, 0
dd 0C0h, 46000000h, 125h, 0
dd 0C0h, 46000000h, 150h, 0
dd 0C0h, 46000000h, 10Fh, 0
dd 0C0h, 46000000h, 12h, 0
dd 0C0h, 46000000h, 105h, 0
dd 0C0h, 46000000h, 103h, 0
dd 0C0h, 46000000h, 0Ah, 0
dd 0C0h, 46000000h, 10Ah, 0
dd 0C0h, 46000000h
dword_40B3F0 dd 10Bh, 0 dd 0C0h, 46000000h, 0Bh, 0
dd 0C0h, 46000000h, 0Dh, 0
dd 0C0h, 46000000h, 0Ch, 0
dd 0C0h, 46000000h, 0C733A30h, 11CE2A1Ch, 0AA00E5ADh, 3D774400h
dd 101h, 0
dd 0C0h, 46000000h, 0F29F6BC0h, 11CE5021h, 15AAh, 3F290169h
dd 0Fh, 0
dd 0C0h, 46000000h, 109h, 0
dd 0C0h, 46000000h, 10Ch, 0
dd 0C0h, 46000000h, 10h, 0
dd 0C0h, 46000000h, 126h, 0
dd 0C0h, 46000000h, 102h, 0
dd 0C0h, 46000000h, 0Eh, 0
dd 0C0h, 46000000h, 100h, 0
dd 0C0h, 46000000h, 21h, 0
dd 0C0h, 46000000h, 0E0020h, 0
dd 0C0h, 46000000h, 20h, 0
dd 0C0h, 46000000h, 19h, 0
dd 0C0h, 46000000h, 18h, 0
dd 0C0h, 46000000h, 1Dh, 0
dd 0C0h, 46000000h, 2, 0
dd 0C0h, 46000000h, 1CFh, 0
dd 0C0h, 46000000h, 3, 0
dd 0C0h, 46000000h, 0B64Ch, 2 dup(0)
dd 0B90Eh, 9028h, 0B8B0h, 2 dup(0)
dd 0B95Eh, 928Ch, 0B684h, 2 dup(0)
dd 0BDF8h, 9060h, 0B7B0h, 2 dup(0)
dd 0C20Ah, 918Ch, 0B660h, 2 dup(0)
dd 0C29Ch, 903Ch, 0B624h, 2 dup(0)
dd 0C33Ch, 9000h, 0B794h, 2 dup(0)
dd 0C3C8h, 9170h, 0B8C0h, 2 dup(0)
dd 0C40Ah, 929Ch, 5 dup(0)
dd 0C2A6h, 0C2C4h, 0C2D2h, 0C2E2h, 0C32Ah, 0C318h, 0C306h
dd 0C2F2h, 0C2B6h, 0
dd 80000011h, 0B8E4h, 0B8D0h, 0B8FAh, 0
dd 0C27Eh, 0C26Eh, 0C258h, 0C242h, 0C236h, 0C226h, 0C28Eh
dd 0C216h, 0
dd 0BA68h, 0BA7Ah, 0BA8Ah, 0BA9Eh, 0BAAEh, 0BAC4h, 0BADAh
dd 0BAF6h, 0BB10h, 0BB1Ch, 0BB2Ah, 0BB38h, 0BB4Eh, 0BB60h
dd 0BB6Eh, 0BB82h, 0BB96h, 0BBA2h, 0BBAEh, 0BBC6h, 0BBDCh
dd 0BBE4h, 0BBF4h, 0BC02h, 0BC18h, 0BA58h, 0BC3Ah, 0BC4Eh
dd 0BC5Ah, 0BC66h, 0BC78h, 0BC90h, 0BCA0h, 0BCACh, 0BCC4h
dd 0BCD8h, 0BCE8h, 0BCF6h, 0BD04h, 0BD14h, 0BD26h, 0BD32h
dd 0BD40h, 0BD54h, 0BD64h, 0BD76h, 0BD86h, 0BD9Ch, 0BDB2h
dd 0BDC6h, 0BDD6h, 0BDE6h, 0B96Ah, 0B974h, 0BA46h, 0BA38h
dd 0B982h, 0BA22h, 0BA04h, 0B9E8h, 0B9DCh, 0B9D0h, 0B9BEh
dd 0B9B2h, 0B9A2h, 0B990h, 0BC2Ch, 0
dd 0C35Eh, 0C386h, 0C39Ch, 0C3AAh, 0C34Ah, 0C36Eh, 0
dd 0BF54h, 0BF66h, 0BF78h, 0BF84h, 0BF94h, 0BFAAh, 0BFBAh
dd 0BFC6h, 0BFD4h, 0BFE6h, 0BFF4h, 0C000h, 0C012h, 0C026h
dd 0C03Ch, 0C04Eh, 0C05Eh, 0C070h, 0C082h, 0C090h, 0C0A2h
dd 0C0B6h, 0C0C8h, 0C0D8h, 0C0EAh, 0C0FAh, 0C108h, 0C11Ah
dd 0C12Eh, 0C13Ah, 0C14Ah, 0C15Ch, 0C16Ch, 0C17Eh, 0C18Eh
dd 0C1A0h, 0C1B8h, 0C1CAh, 0C1DCh, 0C1EEh, 0C1FCh, 0BF3Eh
dd 0BF30h, 0BF24h, 0BF18h, 0BF02h, 0BEF2h, 0BEE6h, 0BED8h
dd 0BEC6h, 0BEB8h, 0BEB0h, 0BEA0h, 0BE90h, 0BE7Ch, 0BE6Ah
dd 0BE5Ah, 0BE48h, 0BE2Ah, 0BE1Eh, 0BE12h, 0BE06h, 0BE3Ah
dd 0
dd 0B944h, 0B92Eh, 0B91Ch, 0
dd 0C3E8h, 0C3FAh, 0C3D4h, 0
dd 6D490038h, 4C656761h, 5F747369h, 74736544h, 796F72h
dd 6D490034h, 4C656761h, 5F747369h, 4D646441h, 656B7361h
dd 370064h, 67616D49h, 73694C65h, 72435F74h, 65746165h
dd 4F430000h, 4C54434Dh, 642E3233h, 6C6Ch, 6556000Ah, 65755172h
dd 61567972h, 4165756Ch, 0
aGetfileversion db 'GetFileVersionInfoA',0
db 1
align 2
aGetfileversi_0 db 'GetFileVersionInfoSizeA',0
aVersion_dll db 'VERSION.dll',0
dw 26Ah
aMuldiv db 'MulDiv',0
align 4
db '|',0
aDeletefilea db 'DeleteFileA',0
dw 1F5h
aGlobalfree db 'GlobalFree',0
align 10h
db '',0
aFindfirstfilea db 'FindFirstFileA',0
align 2
db '',0
aFindnextfilea db 'FindNextFileA',0
db '',0
aFindclose db 'FindClose',0
dw 30Eh
aSetfilepointer db 'SetFilePointer',0
align 10h
db 0A9h ;
db 2, 52h, 65h
aAdfile db 'adFile',0
align 4
db 94h ;
db 3, 57h, 72h
aItefile db 'iteFile',0
db 94h ;
db 1, 47h, 65h
aTprivateprofil db 'tPrivateProfileStringA',0
align 4
db 99h ;
db 3, 57h, 72h
aIteprivateprof db 'itePrivateProfileStringA',0
align 2
dw 26Bh
aMultibytetowid db 'MultiByteToWideChar',0
aQ db '',0
aFreelibrary db 'FreeLibrary',0
dw 198h
aGetprocaddress db 'GetProcAddress',0
align 4
dd 6F4C0248h, 694C6461h, 72617262h, 4179h, 6F4600EAh, 74616D72h
dd 7373654Dh, 41656761h, 1690000h, 4C746547h, 45747361h
dd 726F7272h, 1770000h, 4D746547h, 6C75646Fh, 6E614865h
dd 41656C64h, 3080000h, 45746553h, 726F7272h, 65646F4Dh
dd 1520000h
aGetexitcodepro db 'GetExitCodeProcess',0
align 4
db 83h ;
db 3, 57h, 61h
aItforsingleobj db 'itForSingleObject',0
db '',0
aExpandenvironm db 'ExpandEnvironmentStringsA',0
dw 150h
aGetenvironment db 'GetEnvironmentVariableA',0
db 0B3h ;
db 3, 6Ch, 73h
aTrcmpia db 'trcmpiA',0
a__0 db '.',0
aClosehandle db 'CloseHandle',0
dw 312h
aSetfiletime db 'SetFileTime',0
db 56h ; V
db 1, 47h, 65h
aTfileattribute db 'tFileAttributesA',0
align 2
a3 db '3',0
aComparefiletim db 'CompareFileTime',0
dd 655302CEh, 68637261h, 68746150h, 1AD0041h
aGetshortpathna db 'GetShortPathNameA',0
dw 161h
aGetfullpathnam db 'GetFullPathNameA',0
align 2
dw 264h
aMovefilea db 'MoveFileA',0
dw 3ADh
aLstrcata db 'lstrcatA',0
align 2
dw 2FDh
aSetcurrentdire db 'SetCurrentDirectoryA',0
align 2
dw 30Ch
aSetfileattri_1 db 'SetFileAttributesA',0
align 4
dd 6C530347h, 706565h, 654701D5h, 63695474h, 756F436Bh
dd 746Eh, 6547015Bh, 6C694674h, 7A695365h, 1750065h
aGetmodulefilen db 'GetModuleFileNameA',0
align 4
aE db 'E',0
aCreatedirect_0 db 'CreateDirectoryA',0
align 4
aP db '',0
aExitprocess db 'ExitProcess',0
dw 13Ah
aGetcurrentproc db 'GetCurrentProcess',0
db '=',0
aCopyfilea db 'CopyFileA',0
dw 3B9h
aLstrcpyna db 'lstrcpynA',0
dw 108h
aGetcommandline db 'GetCommandLineA',0
db 0E9h ;
db 1, 47h, 65h
aTwindowsdirect db 'tWindowsDirectoryA',0
align 10h
db 0CBh ;
db 1, 47h, 65h
aTtemppatha db 'tTempPathA',0
align 10h
db 0B6h ;
db 3, 6Ch, 73h
aTrcpya db 'trcpyA',0
align 4
db 0DAh ;
db 1, 47h, 65h
aTuserdefaultla db 'tUserDefaultLangID',0
align 4
db 45h ; E
db 1, 47h, 65h
aTdiskfreespace db 'tDiskFreeSpaceA',0
dd 6C470200h, 6C61626Fh, 6F6C6E55h, 6B63h, 6C4701F9h, 6C61626Fh
dd 6B636F4Ch, 1EE0000h, 626F6C47h, 6C416C61h, 636F6Ch
dd 72430069h, 65746165h, 65726854h, 6461h, 72430060h, 65746165h
dd 636F7250h, 41737365h, 3BC0000h, 7274736Ch, 416E656Ch
dd 4D0000h, 61657243h, 69466574h, 41656Ch, 654701C9h, 6D655474h
dd 6C694670h, 6D614E65h, 4165h, 65530303h, 646E4574h, 6946664Fh
dd 656Ch, 6E550363h, 5670616Dh, 4F776569h, 6C694666h, 25E0065h
dd 5670614Dh, 4F776569h, 6C694666h, 4E0065h
aCreatefilemapp db 'CreateFileMappingA',0
align 4
db 0B9h ;
db 1, 47h, 65h
aTsystemdirecto db 'tSystemDirectoryA',0
dw 2B8h
aRemovedirector db 'RemoveDirectoryA',0
align 2
dw 37Bh
aVirtualquery db 'VirtualQuery',0
align 2
dw 226h
aIsbadcodeptr db 'IsBadCodePtr',0
align 2
dw 249h
aLoadlibraryexa db 'LoadLibraryExA',0
align 4
aKernel32_dll_0 db 'KERNEL32.dll',0
align 2
db '',0
aEndpaint db 'EndPaint',0
align 2
db '',0
aDrawtexta db 'DrawTextA',0
aT db '',0
aFillrect db 'FillRect',0
align 2
dw 0FFh
aGetclientrect db 'GetClientRect',0
db 0Dh,0
aBeginpaint db 'BeginPaint',0
align 4
aO db '',0
aDefwindowproca db 'DefWindowProcA',0
align 2
dw 23Bh
aSendmessagea db 'SendMessageA',0
align 2
dw 193h
aInvalidaterect db 'InvalidateRect',0
align 4
aB db '',0
aDispatchmessag db 'DispatchMessageA',0
align 10h
dd 655001FFh, 654D6B65h, 67617373h, 4165h, 6E4500C4h, 656C6261h
dd 646E6957h, 776Fh, 6547010Ch, 434474h, 6F4C01BFh, 6D496461h
dd 41656761h, 2800000h, 57746553h, 6F646E69h, 6E6F4C77h
dd 4167h, 65470111h, 676C4474h, 6D657449h, 1AD0000h, 69577349h
dd 776F646Eh, 0E40000h, 646E6946h, 646E6957h, 7845776Fh
dd 23E0041h
aSendmessagetim db 'SendMessageTimeoutA',0
dd 737702D6h, 6E697270h, 416674h, 6843002Dh, 72507261h
dd 417665h, 68530292h, 6957776Fh, 776F646Eh, 2570000h
aSetforegroundw db 'SetForegroundWindow',0
db 3
db 2, 50h, 6Fh
aStquitmessage db 'stQuitMessage',0
dw 286h
aSetwindowtexta db 'SetWindowTextA',0
align 4
db 7Ah ; z
db 2, 53h, 65h
aTtimer db 'tTimer',0
align 4
aS_0 db '',0
aDestroywindow db 'DestroyWindow',0
aU db 'U',0
aCreatedialogpa db 'CreateDialogParamA',0
align 2
aS_1 db '',0
aExitwindowsex db 'ExitWindowsEx',0
db '*',0
aCharnexta db 'CharNextA',0
dw 15Ah
aGetsyscolor db 'GetSysColor',0
dd 6547016Eh, 6E695774h, 4C776F64h, 41676E6Fh, 1B90000h
dd 64616F4Ch, 73727543h, 41726Fh, 6553024Dh, 72754374h
dd 726F73h, 68430038h, 446B6365h, 7542676Ch, 6E6F7474h
dd 0F20000h, 41746547h, 636E7973h, 5379654Bh, 65746174h
dd 1A30000h
aIsdlgbuttonche db 'IsDlgButtonChecked',0
align 4
db 31h ; 1
db 2, 53h, 63h
aReentoclient db 'reenToClient',0
align 2
dw 13Ch
aGetmessagepos db 'GetMessagePos',0
db 1Bh,0
aCallwindowproc db 'CallWindowProcA',0
db 0B1h ;
db 1, 49h, 73h
aWindowvisible db 'WindowVisible',0
dw 1B7h
aLoadbitmapa db 'LoadBitmapA',0
aB_0 db 'B',0
aCloseclipboard db 'CloseClipboard',0
align 2
dw 24Ah
aSetclipboardda db 'SetClipboardData',0
align 2
db '',0
aEmptyclipboard db 'EmptyClipboard',0
align 4
db 0F5h ;
db 1, 4Fh, 70h
aEnclipboard db 'enClipboard',0
db 0A4h ;
db 2, 54h, 72h
aAckpopupmenu db 'ackPopupMenu',0
align 2
dw 174h
aGetwindowrect db 'GetWindowRect',0
db 8,0
aAppendmenua db 'AppendMenuA',0
db '^',0
aCreatepopupmen db 'CreatePopupMenu',0
dw 15Dh
aGetsystemmetri db 'GetSystemMetrics',0
align 2
db '',0
aEnddialog db 'EndDialog',0
dw 247h
aSetclasslonga db 'SetClassLongA',0
dw 1AEh
aIswindowenable db 'IsWindowEnabled',0
db 83h ;
db 2, 53h, 65h
aTwindowpos db 'tWindowPos',0
align 4
aU_0 db '',0
aDialogboxparam db 'DialogBoxParamA',0
dw 0F6h
aGetclassinfoa db 'GetClassInfoA',0
db '`',0
aCreatewindowex db 'CreateWindowExA',0
db 99h ;
db 2, 53h, 79h
aStemparameters db 'stemParametersInfoA',0
dd 65520216h, 74736967h, 6C437265h, 41737361h, 2530000h
dd 44746553h, 7449676Ch, 65546D65h, 417478h, 65470113h
dd 676C4474h, 6D657449h, 74786554h, 1DE0041h, 7373654Dh
dd 42656761h, 41786Fh, 767702D8h, 69727073h, 4166746Eh
dd 53550000h, 32335245h, 6C6C642Eh, 20E0000h, 656C6553h
dd 624F7463h, 7463656Ah, 23C0000h, 54746553h, 43747865h
dd 726F6C6Fh, 2160000h, 42746553h, 646F4D6Bh, 3A0065h
aCreatefontindi db 'CreateFontIndirectA',0
db ')',0
aCreatebrushind db 'CreateBrushIndirect',0
aP_0 db '',0
aDeleteobject db 'DeleteObject',0
align 2
dw 16Bh
aGetdevicecaps db 'GetDeviceCaps',0
dw 215h
aSetbkcolor db 'SetBkColor',0
align 4
aGdi32_dll db 'GDI32.dll',0
dw 1D0h
aRegdeletekeya db 'RegDeleteKeyA',0
dw 1C9h
aRegclosekey db 'RegCloseKey',0
dd 655201D5h, 756E4567h, 79654B6Dh, 1E20041h, 4F676552h
dd 4B6E6570h, 78457965h, 1D90041h, 45676552h, 566D756Eh
dd 65756C61h, 1EC0041h, 51676552h, 79726575h, 756C6156h
dd 41784565h, 1F90000h, 53676552h, 61567465h, 4565756Ch
dd 4178h, 655201CDh, 65724367h, 4B657461h, 78457965h, 1D20041h
dd 44676552h, 74656C65h, 6C615665h, 416575h, 41564441h
dd 32334950h, 6C6C642Eh, 9A0000h, 69464853h, 704F656Ch
dd 74617265h, 416E6F69h, 1060000h, 6C656853h, 6578456Ch
dd 65747563h, 0BB0041h
aShgetpathfromi db 'SHGetPathFromIDListA',0
align 2
aY db 'y',0
aShbrowseforfol db 'SHBrowseForFolderA',0
align 4
db '',0
aShgetmalloc db 'SHGetMalloc',0
db '',0
aShgetspecialfo db 'SHGetSpecialFolderLocation',0
align 4
aShell32_dll db 'SHELL32.dll',0
dd 6F430010h, 61657243h, 6E496574h, 6E617473h, 6563h, 6C4F0104h
dd 696E5565h, 6974696Eh, 7A696C61h, 0ED0065h, 49656C4Fh
dd 6974696Eh, 7A696C61h, 6C6F0065h, 2E323365h, 6C6C64h
dd 53445352h, 2F6D8C65h, 4C098DECh, 0D6580793h, 8AF538A6h
dd 1
aDCmBuildPublic db 'd:\cm\build\public\NSIS.9d_GM_TB.060407\sdks\nullsoft\nsis\src\So'
db 'urce\exehead\Release-zlib\exehead_zlib.pdb',0
align 200h
_rdata ends
; Section 3. (virtual address 0000D000)
; Virtual size : 00027234 ( 160308.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 0000B800
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_data segment para public 'DATA' use32
assume cs:_data
;org 40D000h
off_40D000 dd offset dword_434200 ; DATA XREF: sub_40161F:loc_402586�o
dd offset sub_4013E7
dword_40D008 dd 6 ; sub_40161F+10B�w
; HANDLE hFile
hFile dd 0FFFFFFFFh ; DATA XREF: sub_4033C9+11�r
; sub_4033FB+8�r ...
; char aANsisu__exe[]
aANsisu__exe db 'A~NSISu_.exe',0 ; DATA XREF: start+30F�o
; start:loc_403D33�w ...
align 10h
dword_40D020 dd 0FFFFFFFFh ; sub_40550B+120�r ...
; DLGPROC lpDialogFunc
lpDialogFunc dd offset sub_40412D ; DATA XREF: sub_40550B+3D6�r
dd offset sub_404A08
dd offset sub_4044DD
dd offset sub_405176
dd offset sub_4043D2
dword_40D038 dd 0FFFFFFFFh ; sub_404921+90�r ...
dword_40D03C dd 6 ; sub_40161F:loc_401725�r ...
; char ClassName[]
ClassName db 'RichEdit20A',0 ; DATA XREF: sub_4059CE+1F2�o
; sub_4059CE+202�w ...
; char LibFileName[]
LibFileName db 'RichEd20.dll',0 ; DATA XREF: sub_4059CE+1D3�o
; sub_4059CE+1E0�w
align 4
; HANDLE hObject
hObject dd 0FFFFFFFFh ; DATA XREF: sub_4060D2+B�r
; sub_4060D2:loc_4060EE�w ...
word_40D060 dw 0 ; DATA XREF: sub_406E81+49B�r
; sub_406E81+522�r ...
dw 1
dd 70003h, 1F000Fh, 7F003Fh, 1FF00FFh, 7FF03FFh, 1FFF0FFFh
dd 7FFF3FFFh, 0FFFFh
byte_40D084 db 9 ; DATA XREF: sub_406E81+178�o
; sub_406E81:loc_40703B�r
align 4
byte_40D088 db 5 ; DATA XREF: sub_406E81+1A9�o
; sub_406E81+1C2�r
align 4
dd 5 dup(0)
dword_40D0A0 dd 0 ; sub_40137E+58�r
dword_40D0A4 dd 0 dd 56h dup(0)
dd 0A8h dup(?)
dword_40D4A0 dd ? ; sub_40161F+9C6�r ...
align 8
; char Text[]
Text db 400h dup(?) ; DATA XREF: sub_401508+1D�o
; sub_40161F+52D�o ...
; CHAR byte_40D8A8
byte_40D8A8 db ? ; DATA XREF: sub_4014E1�o
; sub_40161F+2F0�o ...
align 4
dd 0FFh dup(?)
; BYTE Data
Data dd ? ; DATA XREF: sub_40161F+560�o
; sub_40161F+11C2�o ...
dd 2FFh dup(?)
; WCHAR WideCharStr
WideCharStr dw ? ; DATA XREF: sub_40161F+112C�o
; sub_40161F+1137�w
align 4
dd 1FFh dup(?)
; LOGFONTA stru_40F0A8
stru_40F0A8 LOGFONTA <?> ; DATA XREF: sub_40161F+BE6�w
; sub_40161F+C29�o
dword_40F0E4 dd ? ; sub_401508:loc_401510�r ...
dword_40F0E8 dd 1000h dup(?) ; sub_403412+1F9�o
dword_4130E8 dd 2000h dup(?) ; char byte_41B0E8[]
byte_41B0E8 db 40h dup(?) ; DATA XREF: DialogFunc+58�o
dword_41B128 dd 2000h dup(?) ; sub_403646+B8�o ...
dword_423128 dd ? ; sub_403412+EA�o
dword_42312C dd ? dword_423130 dd ? ; sub_403412+10A�r ...
dword_423134 dd ? dword_423138 dd ? dd 145h dup(?)
dword_423650 dd ? dword_423654 dd ? dd 5A0h dup(?)
dword_424CD8 dd 2000h dup(?) dword_42CCD8 dd ? dword_42CCDC dd ? dword_42CCE0 dd ? align 8
; LONG lDistanceToMove
lDistanceToMove dd ? ; DATA XREF: DialogFunc+36�r
; sub_403646+10F�r ...
; LPCSTR dword_42CCEC
dword_42CCEC dd ? ; DialogFunc+52�r
; int nDenominator
nDenominator dd ? ; DATA XREF: DialogFunc+3C�r
; sub_403646+71�w ...
; LPCSTR lpString
lpString dd ? ; DATA XREF: sub_40161F+480�r
; sub_40161F+49A�r ...
; CHAR byte_42CCF8
byte_42CCF8 db ? ; DATA XREF: start+2F3�o start+303�w
; char arglist[]
arglist db 7F4h dup(?) ; DATA XREF: start+2EE�o
dword_42D4ED dd ? align 8
; char ExistingFileName[]
ExistingFileName db 400h dup(?) ; DATA XREF: start+2F8�o
dword_42D8F8 dd ? ; sub_4040F9+26�w ...
dword_42D8FC dd ? ; sub_40550B+1E5�w ...
; WNDPROC lpPrevWndFunc
lpPrevWndFunc dd ? ; DATA XREF: sub_404921+D5�r
; sub_404A08+A3�w
dword_42D904 dd ? ; sub_4044DD+2FD�r ...
; char RootPathName[]
RootPathName db 400h dup(?) ; DATA XREF: sub_4044DD+1EB�o
; HWND dword_42DD08
dword_42DD08 dd ? ; sub_40550B+B0�r ...
; LPARAM lParam
lParam dd ? ; DATA XREF: sub_404A08+B6�w
; sub_404A08+C2�r ...
; HGLOBAL hMem
hMem dd ? ; DATA XREF: sub_404A08+7E�w
; sub_404A08:loc_404C08�r ...
; HWND dword_42DD14
dword_42DD14 dd ? ; sub_40550B+36�r ...
; const CHAR byte_42DD18
byte_42DD18 db ? ; DATA XREF: sub_405013+28�o
; sub_405013+CA�w
align 4
dd 1FFh dup(?)
; char String[]
String db 1000h dup(?) ; DATA XREF: sub_404419+62�o
; sub_4044DD+131�o ...
; HWND dword_42F518
dword_42F518 dd ? ; sub_403E7D+4�r ...
dword_42F51C dd ? ; sub_4044DD+6�r ...
; int nResult
nResult dd ? ; DATA XREF: sub_405176+22A�w
; sub_40550B+141�w ...
dword_42F524 dd ? ; sub_40412D+146�r ...
dword_42F528 dd ? ; sub_40550B:loc_40599D�r ...
align 10h
; struct _STARTUPINFOA StartupInfo
StartupInfo _STARTUPINFOA <?> ; DATA XREF: sub_405C75+9�w
; sub_405C75+2B�o
align 8
; char FileName[]
FileName db 400h dup(?) ; DATA XREF: sub_406252+5�o
; char dword_42F978[]
dword_42F978 dd ? ; sub_406326+C5�o
dd 0FFh dup(?)
; struct _WIN32_FIND_DATAA FindFileData
FindFileData _WIN32_FIND_DATAA <?> ; DATA XREF: sub_40618D+10�o
; char byte_42FEB8[]
byte_42FEB8 db 400h dup(?) ; DATA XREF: sub_406326+D0�o
; sub_406326+2A5�o ...
; char byte_4302B8[]
byte_4302B8 db 400h dup(?) ; DATA XREF: sub_4068E6+6E�o
; char szShortPath[]
szShortPath db 400h dup(?) ; DATA XREF: sub_406326+97�o
dword_430AB8 dd ? ; sub_406326+185�w
align 10h
dword_430AC0 dd ? ; sub_406E81+1CA�r
align 8
dword_430AC8 dd ? ; sub_406B57+10B�o
dd 11Fh dup(?)
dword_430F48 dd 8Fh dup(?) dword_431184 dd 71h dup(?) dword_431348 dd 18h dup(?) dword_4313A8 dd 8 dup(?) dword_4313C8 dd 220h dup(?) ; sub_406E81+159�o ...
dword_431C48 dd ? ; sub_406E81+1D2�r
byte_431C4C db ? ; DATA XREF: sub_406E81:loc_406F92�r
; sub_406E81+1B3�w
align 10h
dword_431C50 dd ? ; .text:00407C0B�r ...
dword_431C54 dd ? ; .text:004085BD�r ...
dword_431C58 dd ? ; .text:00407C45�r ...
dword_431C5C dd ? ; .text:00407C7F�r ...
dword_431C60 dd ? ; .text:00407CAB�r ...
dword_431C64 dd ? ; .text:00408606�r ...
dword_431C68 dd ? ; .text:00407D77�r ...
dword_431C6C dd ? ; .text:00408649�r ...
dword_431C70 dd ? ; .text:00407DAB�r ...
dword_431C74 dd ? ; .text:0040869C�r ...
dword_431C78 dd ? ; .text:00407DDB�r ...
dword_431C7C dd ? ; .text:004086E8�r ...
dword_431C80 dd ? ; .text:00407E74�r ...
dword_431C84 dd ? ; .text:loc_408746�r ...
dword_431C88 dd ? ; .text:00407EA4�r ...
dword_431C8C dd ? ; .text:00407ED4�r ...
dword_431C90 dd ? ; .text:00407F04�r ...
dword_431C94 dd ? ; .text:00407F34�r ...
dword_431C98 dd ? ; .text:00407E0B�r ...
dword_431C9C dd ? ; .text:00407E48�r ...
dword_431CA0 dd ? ; .text:00407F87�r ...
dword_431CA4 dd ? ; .text:004080FB�r ...
dword_431CA8 dd ? ; .text:00407CD4�r ...
dword_431CAC dd ? ; .text:00407CF8�r ...
dword_431CB0 dd ? ; .text:00407D1F�r ...
dword_431CB4 dd ? ; .text:00407D4B�r ...
dword_431CB8 dd ? ; .text:004081EF�r ...
dword_431CBC dd ? ; .text:00408225�r ...
dword_431CC0 dd ? ; .text:0040825B�r ...
dword_431CC4 dd ? ; .text:00408291�r ...
dword_431CC8 dd ? ; .text:004082C7�r ...
dword_431CCC dd ? ; .text:00408354�r ...
dword_431CD0 dd ? ; .text:00407F5F�r ...
dword_431CD4 dd ? ; .text:00407FE6�r ...
dword_431CD8 dd ? ; .text:00407FA4�r ...
dword_431CDC dd ? ; .text:00408019�r ...
dword_431CE0 dd ? ; .text:004082F5�r ...
dword_431CE4 dd ? ; sub_40876F+87�w ...
dword_431CE8 dd ? ; sub_40876F+8C�w ...
dword_431CEC dd ? ; .text:00408090�r ...
dword_431CF0 dd ? ; .text:004081AA�r ...
dword_431CF4 dd ? ; sub_40876F+91�w ...
dword_431CF8 dd ? ; .text:00408324�r ...
; HMODULE hLibModule
hLibModule dd ? ; DATA XREF: sub_4083A3:loc_408547�r
; sub_4083A3+1B0�w ...
word_431D00 dw ? ; DATA XREF: sub_4083A3:loc_40855E�w
; sub_408571+A�r ...
align 4
dword_431D04 dd ? ; sub_4044DD+51�w ...
dd 6 dup(?)
; char String1[]
String1 db 1000h dup(?) ; DATA XREF: sub_4060D2+73�o
; sub_406171+9�o
; const CHAR byte_432D20
byte_432D20 db ? ; DATA XREF: sub_40412D+1D7�o
; sub_4044DD+183�o ...
; char sz[]
sz db 3 dup(?) ; DATA XREF: sub_4059CE+66�o
dd 1FFh dup(?)
; CHAR byte_433520
byte_433520 db ? ; DATA XREF: sub_403F6C+27�o
; sub_4060D2+2D�r ...
align 4
dd 0FFh dup(?)
; WNDCLASSA WndClass
WndClass WNDCLASSA <?> ; DATA XREF: sub_4059CE+108�o
; sub_4059CE+12B�w
; HWND dword_433948
dword_433948 dd ? ; sub_404419+85�r ...
; HWND dword_43394C
dword_43394C dd ? ; sub_405013+6�r ...
; LONG dwNewLong
dwNewLong dd ? ; DATA XREF: sub_40550B+1C7�r
; sub_4059CE+FF�w
dword_433954 dd ? ; sub_403E10+7�w ...
; HWND dword_433958
dword_433958 dd ? ; sub_405176+78�w
dword_43395C dd ? ; sub_40550B+3E0�r ...
; HWND hWnd
hWnd dd ? ; DATA XREF: sub_40161F:loc_4017E2�r
; sub_405176+69�w ...
dword_433964 dd ? ; sub_405176+A1�w
dword_433968 dd ? ; sub_403FAC:loc_404026�r ...
; int nNumber
nNumber dd ? ; DATA XREF: sub_4013E7+98�w
; sub_4013E7+AF�r ...
dd 4 dup(?)
; char Caption[]
Caption db 800h dup(?) ; DATA XREF: sub_401000+150�o start+34�o ...
; HWND dword_434180
dword_434180 dd ? ; sub_40161F+9�r ...
; HMODULE hModule
hModule dd ? ; DATA XREF: sub_403646+25�r
; sub_403646+158�r ...
dword_434188 dd ? ; sub_4012F3+6�r ...
dd 5 dup(?)
dword_4341A0 dd ? ; sub_40550B+1F5�r
dword_4341A4 dd ? ; sub_40550B+25E�r ...
dword_4341A8 dd ? ; sub_4011EF+13�r ...
dword_4341AC dd ? ; sub_40117D+64�r ...
dword_4341B0 dd ? align 8
dword_4341B8 dd ? ; sub_4059CE+3B�r ...
align 10h
dword_4341C0 dd ? dword_4341C4 dd ? dword_4341C8 dd ? dd 3 dup(?)
dword_4341D8 dd ? align 10h
dword_4341E0 dd ? ; start+209�r ...
dword_4341E4 dd ? ; sub_4013E7+57�r ...
; DWORD dwBytes
dwBytes dd ? ; DATA XREF: sub_40161F+18AC�r
; sub_403646:loc_4036C4�r ...
dword_4341EC dd ? ; sub_404A08+465�w
dd 4 dup(?)
dword_434200 dd ? ; sub_40161F:loc_4017D5�r ...
dword_434204 dd ? ; sub_4015D6:loc_4015EB�r ...
dword_434208 dd ? ; sub_40161F+681�w ...
dword_43420C dd ? ; StartAddress:loc_405156�w ...
dword_434210 dd ? dword_434214 dd ? ; start:loc_403D4D�r
align 10h
dword_434220 dd ? ; sub_4059CE+1B3�r ...
dword_434224 dd ? dword_434228 dd ? ; sub_405CED:loc_405D07�r
dword_43422C dd ? ; start:loc_403DF7�r
dword_434230 dd ? align 200h
_data ends
; Section 4. (virtual address 00035000)
; Virtual size : 00008000 ( 32768.)
; Section size in file : 00000000 ( 0.)
; Offset to raw data for section: 00000000
; Flags C0000080: Bss Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Uninitialized
; Segment permissions: Read/Write
_ndata segment para public 'BSS' use32
assume cs:_ndata
;org 435000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
; char dword_435000[]
dword_435000 dd ? ; sub_40161F+46�o ...
dd 13FFh dup(?)
; const CHAR byte_43A000
byte_43A000 db ? ; DATA XREF: sub_4038F2+28�o
; start:loc_4039E5�o ...
byte_43A001 db 3 dup(?) ; DATA XREF: start+BB�o
dd 0FFh dup(?)
; const CHAR byte_43A400
byte_43A400 db ? ; DATA XREF: sub_40161F:loc_402E98�o
; start+256�o ...
align 4
dd 0FFh dup(?)
; char CurrentDirectory[]
CurrentDirectory db 400h dup(?) ; DATA XREF: sub_40161F+271�o
; sub_40161F:loc_401B5C�o ...
; char szStart[]
szStart db 400h dup(?) ; DATA XREF: sub_403646+1F�o
; CHAR byte_43B000
byte_43B000 db ? ; DATA XREF: sub_403FAC�r
; sub_403FAC+10�o
align 4
dd 0FFh dup(?)
; char PathName[]
PathName db 400h dup(?) ; DATA XREF: sub_4038F2+1�o start+43�o ...
; char dword_43B800[]
dword_43B800 dd 200h dup(?) ; char dword_43C000[]
dword_43C000 dd 400h dup(?) _ndata ends
end start