;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : DD0C16EE19D8AE29DDC550EF5BC82E81
; File Name : u:\work\dd0c16ee19d8ae29ddc550ef5bc82e81_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00005BFE ( 23550.)
; Section size in file : 00005C00 ( 23552.)
; Offset to raw data for section: 00000400
; Flags 60000020: Text Executable Readable
; Alignment : default
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_401000(HWND hWnd,UINT hDC,WPARAM wParam,LPARAM ho)
sub_401000 proc near ; DATA XREF: sub_403542+17A�o
Paint = tagPAINTSTRUCT ptr -5Ch
rc = tagRECT ptr -1Ch
plbrush = LOGBRUSH ptr -0Ch
hWnd = dword ptr 8
hDC = dword ptr 0Ch
wParam = dword ptr 10h
ho = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 5Ch
cmp [ebp+hDC], 0Fh
jz short loc_401037
cmp [ebp+hDC], 46h
mov eax, [ebp+ho]
jnz short loc_401022
or dword ptr [eax+18h], 10h
mov ecx, dword_42F424
mov [eax+4], ecx
loc_401022: ; CODE XREF: sub_401000+13�j
push eax ; lParam
push [ebp+wParam] ; wParam
push [ebp+hDC] ; Msg
push [ebp+hWnd] ; hWnd
call ds:DefWindowProcA ; DefWindowProcA
jmp locret_401179
; ---------------------------------------------------------------------------
loc_401037: ; CODE XREF: sub_401000+A�j
push ebx
push esi
mov esi, dword_42F428
lea eax, [ebp+Paint]
push edi
push eax ; lpPaint
push [ebp+hWnd] ; hWnd
call ds:BeginPaint ; BeginPaint
and [ebp+plbrush.lbStyle], 0
mov [ebp+hDC], eax
lea eax, [ebp+rc]
push eax ; lpRect
push [ebp+hWnd] ; hWnd
call ds:GetClientRect ; GetClientRect
mov edi, [ebp+rc.bottom]
and [ebp+rc.bottom], 0
mov ebx, ds:DeleteObject
jmp loc_4010F3
; ---------------------------------------------------------------------------
loc_401073: ; CODE XREF: sub_401000+F6�j
movzx eax, byte ptr [esi+52h]
movzx edx, byte ptr [esi+56h]
imul edx, [ebp+rc.top]
mov ecx, edi
sub ecx, [ebp+rc.top]
imul eax, ecx
add eax, edx
mov [ebp+wParam], ecx
cdq
idiv edi
xor edx, edx
mov dh, al
movzx eax, byte ptr [esi+51h]
imul eax, ecx
movzx ecx, byte ptr [esi+55h]
imul ecx, [ebp+rc.top]
add eax, ecx
mov ecx, edx
cdq
idiv edi
movzx edx, byte ptr [esi+54h]
imul edx, [ebp+rc.top]
mov cl, al
movzx eax, byte ptr [esi+50h]
imul eax, [ebp+wParam]
add eax, edx
cdq
idiv edi
shl ecx, 8
movzx eax, al
or ecx, eax
lea eax, [ebp+plbrush]
push eax ; plbrush
mov [ebp+plbrush.lbColor], ecx
call ds:CreateBrushIndirect ; CreateBrushIndirect
add [ebp+rc.bottom], 4
mov [ebp+ho], eax
push eax ; hbr
lea eax, [ebp+rc]
push eax ; lprc
push [ebp+hDC] ; hDC
call ds:FillRect ; FillRect
push [ebp+ho] ; ho
call ebx ; DeleteObject
add [ebp+rc.top], 4
loc_4010F3: ; CODE XREF: sub_401000+6E�j
cmp [ebp+rc.top], edi
jl loc_401073
cmp dword ptr [esi+58h], 0FFFFFFFFh
jz short loc_401167
push dword ptr [esi+34h] ; lplf
call ds:CreateFontIndirectA ; CreateFontIndirectA
test eax, eax
mov [ebp+ho], eax
jz short loc_401167
mov edi, [ebp+hDC]
push 1 ; mode
push edi ; hdc
mov [ebp+rc.left], 10h
mov [ebp+rc.top], 8
call ds:SetBkMode ; SetBkMode
push dword ptr [esi+58h] ; color
push edi ; hdc
call ds:SetTextColor ; SetTextColor
push [ebp+ho] ; h
mov esi, ds:SelectObject
push edi ; hdc
call esi ; SelectObject
mov [ebp+hDC], eax
lea eax, [ebp+rc]
push 820h ; format
push eax ; lprc
push 0FFFFFFFFh ; cchText
push offset Caption ; lpchText
push edi ; hdc
call ds:DrawTextA ; DrawTextA
push [ebp+hDC] ; h
push edi ; hdc
call esi ; SelectObject
push [ebp+ho] ; ho
call ebx ; DeleteObject
loc_401167: ; CODE XREF: sub_401000+100�j
; sub_401000+110�j
lea eax, [ebp+Paint]
push eax ; lpPaint
push [ebp+hWnd] ; hWnd
call ds:EndPaint ; EndPaint
pop edi
pop esi
xor eax, eax
pop ebx
locret_401179: ; CODE XREF: sub_401000+32�j
leave
retn 10h
sub_401000 endp
; =============== S U B R O U T I N E =======================================
sub_40117D proc near ; CODE XREF: sub_401439+1464�p
; sub_4046C3+314�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
mov eax, dword_42F448
mov edx, ecx
push ebx
imul edx, 418h
push esi
push edi
mov edx, [edx+eax+8]
test dl, 2
jz short loc_4011E9
lea esi, [ecx+1]
xor edi, edi
cmp esi, dword_42F44C
jnb short loc_4011E9
mov ecx, esi
imul ecx, 418h
lea eax, [ecx+eax+8]
loc_4011B3: ; CODE XREF: sub_40117D+6A�j
mov ecx, [eax]
test cl, 2
jz short loc_4011BD
inc edi
jmp short loc_4011DB
; ---------------------------------------------------------------------------
loc_4011BD: ; CODE XREF: sub_40117D+3B�j
test cl, 4
jz short loc_4011CB
mov ecx, edi
dec edi
test ecx, ecx
jz short loc_4011E9
jmp short loc_4011DB
; ---------------------------------------------------------------------------
loc_4011CB: ; CODE XREF: sub_40117D+43�j
test cl, 10h
jnz short loc_4011DB
mov ebx, ecx
xor ebx, edx
and ebx, 1
xor ebx, ecx
mov [eax], ebx
loc_4011DB: ; CODE XREF: sub_40117D+3E�j
; sub_40117D+4C�j ...
inc esi
add eax, 418h
cmp esi, dword_42F44C
jb short loc_4011B3
loc_4011E9: ; CODE XREF: sub_40117D+1B�j
; sub_40117D+28�j ...
pop edi
pop esi
pop ebx
retn 4
sub_40117D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4011EF proc near ; CODE XREF: sub_4011EF+56�p
; sub_401439+148F�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
mov edx, [ebp+arg_0]
push ebx
push esi
mov esi, edx
imul esi, 418h
mov ebx, dword_42F448
xor ecx, ecx
add esi, ebx
push edi
mov [ebp+var_4], ecx
mov [ebp+var_8], ecx
mov eax, [esi+8]
test al, 2
jz short loc_401224
cmp [ebp+arg_4], ecx
jz short loc_401224
and al, 0BEh
inc edx
mov [esi+8], eax
loc_401224: ; CODE XREF: sub_4011EF+28�j
; sub_4011EF+2D�j
cmp edx, dword_42F44C
jnb short loc_401270
loc_40122C: ; CODE XREF: sub_4011EF+7F�j
mov eax, edx
imul eax, 418h
lea edi, [eax+ebx+8]
lea eax, [edx+1]
mov ecx, [edi]
test cl, 2
jz short loc_40124C
push 1
push edx
call sub_4011EF
mov ecx, [edi]
loc_40124C: ; CODE XREF: sub_4011EF+51�j
test cl, 4
jnz short loc_401279
test cl, 40h
jz short loc_401259
inc [ebp+var_4]
loc_401259: ; CODE XREF: sub_4011EF+65�j
test cl, 1
jz short loc_401263
inc [ebp+var_4]
jmp short loc_401266
; ---------------------------------------------------------------------------
loc_401263: ; CODE XREF: sub_4011EF+6D�j
inc [ebp+var_8]
loc_401266: ; CODE XREF: sub_4011EF+72�j
cmp eax, dword_42F44C
mov edx, eax
jb short loc_40122C
loc_401270: ; CODE XREF: sub_4011EF+3B�j
xor eax, eax
loc_401272: ; CODE XREF: sub_4011EF+8E�j
; sub_4011EF+9A�j ...
pop edi
pop esi
pop ebx
leave
retn 8
; ---------------------------------------------------------------------------
loc_401279: ; CODE XREF: sub_4011EF+60�j
cmp [ebp+var_4], 0
jz short loc_401272
cmp [ebp+var_8], 0
jz short loc_40128B
or dword ptr [esi+8], 40h
jmp short loc_401272
; ---------------------------------------------------------------------------
loc_40128B: ; CODE XREF: sub_4011EF+94�j
mov ecx, [esi+8]
and cl, 7Fh
or ecx, 1
mov [esi+8], ecx
jmp short loc_401272
sub_4011EF endp
; =============== S U B R O U T I N E =======================================
sub_401299 proc near ; CODE XREF: sub_401439+1488�p
; sub_4046C3+3E1�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
mov eax, dword_42F448
push esi
xor esi, esi
cmp ecx, 20h
jnb short loc_4012DE
cmp dword_42F44C, esi
jbe short loc_4012DE
lea edx, [eax+8]
push edi
loc_4012B6: ; CODE XREF: sub_401299+42�j
mov eax, [edx]
test al, 6
jnz short loc_4012CE
xor edi, edi
inc edi
shl edi, cl
test [edx-4], edi
jz short loc_4012CA
or al, 1
jmp short loc_4012CC
; ---------------------------------------------------------------------------
loc_4012CA: ; CODE XREF: sub_401299+2B�j
and al, 0FEh
loc_4012CC: ; CODE XREF: sub_401299+2F�j
mov [edx], eax
loc_4012CE: ; CODE XREF: sub_401299+21�j
inc esi
add edx, 418h
cmp esi, dword_42F44C
jb short loc_4012B6
pop edi
loc_4012DE: ; CODE XREF: sub_401299+F�j
; sub_401299+17�j
pop esi
retn 4
sub_401299 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4012E2 proc near ; CODE XREF: sub_401439+1497�p
; sub_4046C3+47E�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, dword_42F428
and [ebp+var_4], 0
push ebx
push esi
add eax, 94h
push edi
mov edi, dword_42F44C
mov [ebp+var_8], eax
loc_401302: ; CODE XREF: sub_4012E2+7F�j
mov eax, [ebp+var_8]
xor ebx, ebx
cmp [eax], ebx
jz short loc_401356
cmp ebx, edi
jnb short loc_401354
mov esi, dword_42F448
add esi, 8
loc_401318: ; CODE XREF: sub_4012E2+6E�j
mov edx, [esi]
test dl, 6
jnz short loc_401347
mov eax, [ebp+arg_0]
test eax, eax
jz short loc_40132C
cmp dword ptr [eax+ebx*4], 0
jz short loc_401347
loc_40132C: ; CODE XREF: sub_4012E2+42�j
mov ecx, [ebp+var_4]
xor eax, eax
inc eax
and edx, 1
shl eax, cl
mov ecx, [esi-4]
and ecx, eax
mov eax, ecx
mov ecx, [ebp+var_4]
shl edx, cl
cmp eax, edx
jnz short loc_401352
loc_401347: ; CODE XREF: sub_4012E2+3B�j
; sub_4012E2+48�j
inc ebx
add esi, 418h
cmp ebx, edi
jb short loc_401318
loc_401352: ; CODE XREF: sub_4012E2+63�j
cmp ebx, edi
loc_401354: ; CODE XREF: sub_4012E2+2B�j
jz short loc_401363
loc_401356: ; CODE XREF: sub_4012E2+27�j
inc [ebp+var_4]
add [ebp+var_8], 4
cmp [ebp+var_4], 20h
jb short loc_401302
loc_401363: ; CODE XREF: sub_4012E2:loc_401354�j
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn 4
sub_4012E2 endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_40136D(int,HWND hWnd)
sub_40136D proc near ; CODE XREF: sub_401410+10�p
; sub_401439+99�p ...
arg_0 = dword ptr 4
hWnd = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
jmp loc_4013FB
; ---------------------------------------------------------------------------
loc_401377: ; CODE XREF: sub_40136D+90�j
mov eax, esi
mov ecx, dword_42F450
imul eax, 1Ch
add eax, ecx
cmp dword ptr [eax], 1
jz short loc_401403
push eax ; FilePart
call sub_401439
cmp eax, 7FFFFFFFh
jz short loc_401409
test eax, eax
jge short loc_4013AD
inc eax
mov ecx, offset dword_430000
shl eax, 0Ah
sub ecx, eax
push ecx
call sub_405952
test eax, eax
loc_4013AD: ; CODE XREF: sub_40136D+2B�j
jnz short loc_4013B5
xor eax, eax
inc eax
inc esi
jmp short loc_4013BC
; ---------------------------------------------------------------------------
loc_4013B5: ; CODE XREF: sub_40136D:loc_4013AD�j
dec eax
mov ecx, esi
mov esi, eax
sub eax, ecx
loc_4013BC: ; CODE XREF: sub_40136D+46�j
cmp [esp+4+hWnd], 0
jz short loc_4013FB
add nNumber, eax
mov eax, dword_42EBF4
xor ecx, ecx
push 0 ; lParam
test eax, eax
setz cl
add ecx, eax
push ecx ; nDenominator
push 7530h ; nNumerator
push nNumber ; nNumber
call ds:MulDiv ; MulDiv
push eax ; wParam
push 402h ; Msg
push [esp+10h+hWnd] ; hWnd
call ds:SendMessageA ; SendMessageA
loc_4013FB: ; CODE XREF: sub_40136D+5�j
; sub_40136D+54�j
test esi, esi
jge loc_401377
loc_401403: ; CODE XREF: sub_40136D+1A�j
xor eax, eax
loc_401405: ; CODE XREF: sub_40136D+A1�j
pop esi
retn 8
; ---------------------------------------------------------------------------
loc_401409: ; CODE XREF: sub_40136D+27�j
mov eax, 7FFFFFFFh
jmp short loc_401405
sub_40136D endp
; =============== S U B R O U T I N E =======================================
sub_401410 proc near ; CODE XREF: start+39A�p
; sub_403542+1EC�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, dword_42F428
push 0 ; hWnd
push dword ptr [ecx+eax*4+6Ch] ; int
call sub_40136D
retn 4
sub_401410 endp
; =============== S U B R O U T I N E =======================================
sub_401428 proc near ; CODE XREF: sub_401439+1FE�p
; sub_401439+A2C�p ...
arg_0 = dword ptr 4
push offset String1 ; lpString2
push [esp+4+arg_0] ; int
call sub_404D7E
retn 4
sub_401428 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_401439(LPCSTR FilePart)
sub_401439 proc near ; CODE XREF: sub_40136D+1D�p
FindFileData = _WIN32_FIND_DATAA ptr -1A4h
FileOp = _SHFILEOPSTRUCTA ptr -64h
lpValueName = dword ptr -44h
ExitCode = tagRECT ptr -40h
lpMultiByteStr = dword ptr -30h
nNumberOfBytesToWrite= dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
dwFileAttributes= dword ptr -20h
nDenominator = dword ptr -1Ch
nShowCmd = FILETIME ptr -18h
lpString2 = dword ptr -10h
Buffer = byte ptr -9
lpString = dword ptr -8
var_4 = dword ptr -4
FilePart = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1A4h
mov eax, dword_42F424
push ebx
push esi
mov esi, [ebp+FilePart]
push edi
push 7
pop ecx
lea edi, [ebp+var_28]
mov [ebp+lpString], eax
xor ebx, ebx
rep movsd
mov eax, [ebp+var_24]
mov edi, [ebp+dwFileAttributes]
mov esi, eax
mov ecx, offset dword_430000
shl esi, 0Ah
shl edi, 0Ah
add esi, ecx
add edi, ecx
lea ecx, [ebp+var_24]
mov [ebp+var_4], ebx
mov dword_40943C, ecx
mov ecx, [ebp+var_28]
add ecx, 0FFFFFFFEh ; switch 66 cases
cmp ecx, 41h
ja loc_40292F ; default
; jumptable 0040148C cases 65,66
jmp ds:off_402941[ecx*4] ; switch jump
loc_401493: ; DATA XREF: .text:off_402941�o
push ebx ; jumptable 0040148C case 3
push eax ; int
loc_401495: ; CODE XREF: sub_401439+471�j
call sub_404D7E
jmp loc_402293
; ---------------------------------------------------------------------------
loc_40149F: ; CODE XREF: sub_401439+53�j
; DATA XREF: .text:off_402941�o
inc dword_42EBEC ; jumptable 0040148C case 4
cmp [ebp+lpString], ebx
jz loc_402293
push ebx ; nExitCode
call ds:PostQuitMessage ; PostQuitMessage
jmp loc_402293
; ---------------------------------------------------------------------------
loc_4014BA: ; CODE XREF: sub_401439+53�j
; DATA XREF: .text:off_402941�o
cmp eax, ebx ; jumptable 0040148C case 5
jge short loc_4014CF
inc eax
mov ecx, offset dword_430000
shl eax, 0Ah
sub ecx, eax
push ecx
call sub_405952
loc_4014CF: ; CODE XREF: sub_401439+83�j
dec eax
push ebx ; hWnd
push eax ; int
call sub_40136D
jmp loc_40293A ; jumptable 0040148C case 2
; ---------------------------------------------------------------------------
loc_4014DC: ; CODE XREF: sub_401439+53�j
; DATA XREF: .text:off_402941�o
mov ecx, [ebp+dwFileAttributes] ; jumptable 0040148C case 6
cmp ecx, ebx
jz short loc_40150C
test cl, 8
jz short loc_4014F7
mov eax, dword_40900C
mov dword_4092A0, eax
jmp loc_40292F ; default
; jumptable 0040148C cases 65,66
; ---------------------------------------------------------------------------
loc_4014F7: ; CODE XREF: sub_401439+AD�j
mov eax, dword_4092A0
mov dword_4092A0, ecx
mov dword_40900C, eax
jmp loc_40292F ; default
; jumptable 0040148C cases 65,66
; ---------------------------------------------------------------------------
loc_40150C: ; CODE XREF: sub_401439+A8�j
push ebx ; lpString2
push eax ; int
call sub_404D7E
jmp loc_40292F ; default
; jumptable 0040148C cases 65,66
; ---------------------------------------------------------------------------
loc_401518: ; CODE XREF: sub_401439+53�j
; DATA XREF: .text:off_402941�o
push ebx ; jumptable 0040148C case 7
call sub_402A7D
cmp eax, 1
jg short loc_401526
xor eax, eax
inc eax
loc_401526: ; CODE XREF: sub_401439+E8�j
push eax ; dwMilliseconds
call ds:Sleep ; Sleep
jmp loc_40292F ; default
; jumptable 0040148C cases 65,66
; ---------------------------------------------------------------------------
loc_401532: ; CODE XREF: sub_401439+53�j
; DATA XREF: .text:off_402941�o
push [ebp+lpString] ; jumptable 0040148C case 8
call ds:SetForegroundWindow ; SetForegroundWindow
jmp loc_40292F ; default
; jumptable 0040148C cases 65,66
; ---------------------------------------------------------------------------
loc_401540: ; CODE XREF: sub_401439+53�j
; DATA XREF: .text:off_402941�o
push 1 ; jumptable 0040148C case 13
call sub_402A7D
mov ecx, [ebp+var_24]
mov dword_42F4A0[ecx*4], eax
jmp loc_40292F ; default
; jumptable 0040148C cases 65,66
; ---------------------------------------------------------------------------
loc_401556: ; CODE XREF: sub_401439+53�j
; DATA XREF: .text:off_402941�o
mov eax, [ebp+nDenominator] ; jumptable 0040148C case 14
lea esi, ds:42F4A0h[eax*4]
xor eax, eax
mov ecx, [esi]
cmp ecx, ebx
setz al
and ecx, [ebp+nShowCmd.dwLowDateTime]
mov eax, [ebp+eax*4+var_24]
mov [esi], ecx
jmp loc_40293A ; jumptable 0040148C case 2
; ---------------------------------------------------------------------------
loc_401577: ; CODE XREF: sub_401439+53�j
; DATA XREF: .text:off_402941�o
mov eax, [ebp+dwFileAttributes] ; jumptable 0040148C case 15
push dword_42F4A0[eax*4]
loc_401581: ; CODE XREF: sub_401439+712�j
; sub_401439+89D�j ...
push esi
jmp loc_4028D7
; ---------------------------------------------------------------------------
loc_401587: ; CODE XREF: sub_401439+53�j
; DATA XREF: .text:off_402941�o
mov ecx, hWnd ; jumptable 0040148C case 9
mov esi, ds:ShowWindow
cmp ecx, ebx
jz short loc_4015A0
push [ebp+dwFileAttributes] ; nCmdShow
push ecx ; hWnd
call esi ; ShowWindow
mov eax, [ebp+var_24]
loc_4015A0: ; CODE XREF: sub_401439+15C�j
mov ecx, dword_42EC04
cmp ecx, ebx
jz loc_40292F ; default
; jumptable 0040148C cases 65,66
push eax ; nCmdShow
push ecx ; hWnd
call esi ; ShowWindow
jmp loc_40292F ; default
; jumptable 0040148C cases 65,66
; ---------------------------------------------------------------------------
loc_4015B7: ; CODE XREF: sub_401439+53�j
; DATA XREF: .text:off_402941�o
push 0FFFFFFF0h ; jumptable 0040148C case 10
call sub_402A9A
push [ebp+dwFileAttributes] ; dwFileAttributes
push eax ; lpFileName
call ds:SetFileAttributesA ; SetFileAttributesA
loc_4015C8: ; CODE XREF: sub_401439+35F�j
; sub_401439+EAC�j ...
test eax, eax
loc_4015CA: ; CODE XREF: sub_401439+484�j
; sub_401439+120B�j
jnz loc_40292F ; default
; jumptable 0040148C cases 65,66
jmp loc_4026DA
; ---------------------------------------------------------------------------
loc_4015D5: ; CODE XREF: sub_401439+53�j
; DATA XREF: .text:off_402941�o
push 0FFFFFFF0h ; jumptable 0040148C case 11
call sub_402A9A
mov edi, eax
push edi ; lpsz
call sub_40557B
cmp [edi], bl
mov esi, eax
jz short loc_401630
cmp esi, ebx
jz short loc_401630
loc_4015EE: ; CODE XREF: sub_401439+1F5�j
push 5Ch ; char
push esi ; lpsz
call sub_405513
mov esi, eax
push ebx ; lpSecurityAttributes
push edi ; lpPathName
mov al, [esi]
mov [esi], bl
mov byte ptr [ebp+FilePart+3], al
call ds:CreateDirectoryA ; CreateDirectoryA
test eax, eax
jnz short loc_401626
call ds:GetLastError
cmp eax, 0B7h
jnz short loc_401623
push edi ; lpFileName
call ds:GetFileAttributesA ; GetFileAttributesA
test al, 10h
jnz short loc_401626
loc_401623: ; CODE XREF: sub_401439+1DD�j
inc [ebp+var_4]
loc_401626: ; CODE XREF: sub_401439+1D0�j
; sub_401439+1E8�j
mov al, byte ptr [ebp+FilePart+3]
mov [esi], al
inc esi
cmp al, bl
jnz short loc_4015EE
loc_401630: ; CODE XREF: sub_401439+1AF�j
; sub_401439+1B3�j
cmp [ebp+dwFileAttributes], ebx
jz short loc_401653
push 0FFFFFFE6h
call sub_401428
push edi ; lpString2
push offset CurrentDirectory ; lpString1
call sub_4059DB
push edi ; lpPathName
call ds:SetCurrentDirectoryA ; SetCurrentDirectoryA
jmp loc_40292F ; default
; jumptable 0040148C cases 65,66
; ---------------------------------------------------------------------------
loc_401653: ; CODE XREF: sub_401439+1FA�j
push 0FFFFFFF5h
jmp loc_4021E8
; ---------------------------------------------------------------------------
loc_40165A: ; CODE XREF: sub_401439+53�j
; DATA XREF: .text:off_402941�o
push ebx ; jumptable 0040148C case 12
call sub_402A9A
push eax ; lpFileName
call sub_405CB0
jmp loc_401CE8
; ---------------------------------------------------------------------------
loc_40166B: ; CODE XREF: sub_401439+53�j
; DATA XREF: .text:off_402941�o
push 0FFFFFFD0h ; jumptable 0040148C case 16
call sub_402A9A
push 0FFFFFFDFh
mov [ebp+FilePart], eax
call sub_402A9A
push [ebp+FilePart] ; lpString2
mov esi, offset String1
mov [ebp+lpString], eax
push esi ; lpString1
call sub_4059DB
push [ebp+lpString] ; lpString
call lstrlenA ; lstrlenA
push [ebp+FilePart] ; lpString
mov edi, eax
call lstrlenA ; lstrlenA
add edi, eax
cmp edi, 3FDh
jge short loc_4016BD
push offset String2 ; "->"
push esi ; lpString1
call lstrcatA ; lstrcatA
push [ebp+lpString] ; lpString2
push esi ; lpString1
call lstrcatA ; lstrcatA
loc_4016BD: ; CODE XREF: sub_401439+26E�j
push [ebp+lpString] ; lpNewFileName
push [ebp+FilePart] ; lpExistingFileName
call ds:MoveFileA ; MoveFileA
test eax, eax
jz short loc_4016D4
push 0FFFFFFE3h
jmp loc_4021E8
; ---------------------------------------------------------------------------
loc_4016D4: ; CODE XREF: sub_401439+292�j
cmp [ebp+nDenominator], ebx
jz loc_4026DA
push [ebp+FilePart] ; lpFileName
call sub_405CB0
test eax, eax
jz loc_4026DA
push [ebp+lpString] ; NumberOfBytesRead
push [ebp+FilePart] ; int
call sub_405723
push 0FFFFFFE4h
jmp loc_4021E8
; ---------------------------------------------------------------------------
loc_4016FF: ; CODE XREF: sub_401439+53�j
; DATA XREF: .text:off_402941�o
push ebx ; jumptable 0040148C case 17
call sub_402A9A
mov esi, eax
lea eax, [ebp+FilePart]
push eax ; lpFilePart
push edi ; lpBuffer
push 400h ; nBufferLength
push esi ; lpFileName
call ds:GetFullPathNameA ; GetFullPathNameA
test eax, eax
jz short loc_40173F
mov eax, [ebp+FilePart]
cmp eax, esi
jbe short loc_401748
cmp [eax], bl
jz short loc_401748
push esi ; lpFileName
call sub_405CB0
cmp eax, ebx
jz short loc_40173F
add eax, 2Ch
push eax ; lpString2
push [ebp+FilePart] ; lpString1
call sub_4059DB
jmp short loc_401748
; ---------------------------------------------------------------------------
loc_40173F: ; CODE XREF: sub_401439+2E1�j
; sub_401439+2F6�j
mov [ebp+var_4], 1
mov [edi], bl
loc_401748: ; CODE XREF: sub_401439+2E8�j
; sub_401439+2EC�j ...
cmp [ebp+nDenominator], ebx
jnz loc_40292F ; default
; jumptable 0040148C cases 65,66
push 400h ; cchBuffer
push edi ; lpszShortPath
push edi ; lpszLongPath
call ds:GetShortPathNameA ; GetShortPathNameA
jmp loc_40292F ; default
; jumptable 0040148C cases 65,66
; ---------------------------------------------------------------------------
loc_401763: ; CODE XREF: sub_401439+53�j
; DATA XREF: .text:off_402941�o
push 0FFFFFFFFh ; jumptable 0040148C case 18
call sub_402A9A
lea ecx, [ebp+FilePart]
push ecx ; lpFilePart
push esi ; lpBuffer
push 400h ; nBufferLength
push ebx ; lpExtension
push eax ; lpFileName
push ebx ; lpPath
call ds:SearchPathA ; SearchPathA
test eax, eax
loc_40177F: ; CODE XREF: sub_401439+EEC�j
jnz loc_40292F ; default
; jumptable 0040148C cases 65,66
jmp loc_4026AE
; ---------------------------------------------------------------------------
loc_40178A: ; CODE XREF: sub_401439+53�j
; DATA XREF: .text:off_402941�o
push 0FFFFFFEFh ; jumptable 0040148C case 19
call sub_402A9A
push eax ; lpPathName
push esi ; lpTempFileName
call sub_4056DB
jmp loc_4015C8
; ---------------------------------------------------------------------------
loc_40179D: ; CODE XREF: sub_401439+53�j
; DATA XREF: .text:off_402941�o
push 31h ; jumptable 0040148C case 20
call sub_402A9A
mov esi, eax
mov eax, [ebp+var_24]
and eax, 7
push esi
mov [ebp+ExitCode.bottom], esi
mov [ebp+FilePart], eax
call sub_405554
push esi ; lpString2
mov esi, offset FileName
test eax, eax
jz short loc_4017CA
push esi ; lpString1
call sub_4059DB
jmp short loc_4017E1
; ---------------------------------------------------------------------------
loc_4017CA: ; CODE XREF: sub_401439+387�j
push offset CurrentDirectory ; lpString2
push esi ; lpString1
call sub_4059DB
push eax ; lpString1
call sub_4054E8
push eax ; lpString1
call lstrcatA ; lstrcatA
loc_4017E1: ; CODE XREF: sub_401439+38F�j
push esi ; lpszCurrent
call sub_405C17
mov edi, offset Data
loc_4017EC: ; CODE XREF: sub_401439+465�j
cmp [ebp+FilePart], 3
jl short loc_401823
push esi ; lpFileName
call sub_405CB0
xor ecx, ecx
cmp eax, ebx
jz short loc_40180E
lea ecx, [ebp+nShowCmd]
add eax, 14h
push ecx ; lpFileTime2
push eax ; lpFileTime1
call ds:CompareFileTime ; CompareFileTime
mov ecx, eax
loc_40180E: ; CODE XREF: sub_401439+3C3�j
mov eax, [ebp+FilePart]
add eax, 0FFFFFFFDh
or eax, 80000000h
and eax, ecx
neg eax
sbb eax, eax
inc eax
mov [ebp+FilePart], eax
loc_401823: ; CODE XREF: sub_401439+3B7�j
cmp [ebp+FilePart], ebx
jnz short loc_401839
push esi ; lpFileName
call ds:GetFileAttributesA ; GetFileAttributesA
and al, 0FEh
push eax ; dwFileAttributes
push esi ; lpFileName
call ds:SetFileAttributesA ; SetFileAttributesA
loc_401839: ; CODE XREF: sub_401439+3ED�j
xor eax, eax
cmp [ebp+FilePart], 1
setnz al
inc eax
push eax ; dwCreationDisposition
push 40000000h ; dwDesiredAccess
push esi ; lpFileName
call sub_4056AC
cmp eax, 0FFFFFFFFh
mov [ebp+lpString], eax
jnz short loc_4018CD
cmp [ebp+FilePart], ebx
jnz short loc_4018AF
push offset dword_430000 ; lpString2
push edi ; lpString1
call sub_4059DB
push esi ; lpString2
push offset dword_430000 ; lpString1
call sub_4059DB
push [ebp+lpString2] ; lpString2
push offset String1 ; lpString1
call sub_4059FD
push edi ; lpString2
push offset dword_430000 ; lpString1
call sub_4059DB
mov eax, [ebp+var_24]
sar eax, 3
push eax ; int
push offset String1 ; lpText
call sub_4052DB
sub eax, 4
jz loc_4017EC
dec eax
jz short loc_4018C2
push esi
push 0FFFFFFFAh
jmp loc_401495
; ---------------------------------------------------------------------------
loc_4018AF: ; CODE XREF: sub_401439+421�j
push [ebp+ExitCode.bottom] ; lpString2
push 0FFFFFFE2h ; int
call sub_404D7E
cmp [ebp+FilePart], 2
jmp loc_4015CA
; ---------------------------------------------------------------------------
loc_4018C2: ; CODE XREF: sub_401439+46C�j
inc dword_42F4A8
jmp loc_402938
; ---------------------------------------------------------------------------
loc_4018CD: ; CODE XREF: sub_401439+41C�j
push [ebp+ExitCode.bottom] ; lpString2
push 0FFFFFFEAh ; int
call sub_404D7E
inc dword_4092A0
push ebx ; Buffer
push ebx ; int
push [ebp+lpString] ; hFile
push [ebp+nDenominator] ; nDenominator
call sub_402EBD
dec dword_4092A0
cmp [ebp+nShowCmd.dwLowDateTime], 0FFFFFFFFh
mov edi, eax
jnz short loc_4018FE
cmp [ebp+nShowCmd.dwHighDateTime], 0FFFFFFFFh
jz short loc_401910
loc_4018FE: ; CODE XREF: sub_401439+4BD�j
lea eax, [ebp+nShowCmd]
push eax ; lpLastWriteTime
lea eax, [ebp+nShowCmd]
push ebx ; lpLastAccessTime
push eax ; lpCreationTime
push [ebp+lpString] ; hFile
call ds:SetFileTime ; SetFileTime
loc_401910: ; CODE XREF: sub_401439+4C3�j
push [ebp+lpString] ; hObject
call ds:CloseHandle ; CloseHandle
cmp edi, ebx
jge loc_40292F ; default
; jumptable 0040148C cases 65,66
cmp edi, 0FFFFFFFEh
jnz short loc_401939
push 0FFFFFFE9h ; lpString2
push esi ; lpString1
call sub_4059FD
push [ebp+ExitCode.bottom] ; lpString2
push esi ; lpString1
call lstrcatA ; lstrcatA
jmp short loc_401941
; ---------------------------------------------------------------------------
loc_401939: ; CODE XREF: sub_401439+4EB�j
push 0FFFFFFEEh ; lpString2
push esi ; lpString1
call sub_4059FD
loc_401941: ; CODE XREF: sub_401439+4FE�j
push 200010h
push esi
jmp loc_40228E
; ---------------------------------------------------------------------------
loc_40194C: ; CODE XREF: sub_401439+53�j
; DATA XREF: .text:off_402941�o
push ebx ; jumptable 0040148C case 21
jmp short loc_401983
; ---------------------------------------------------------------------------
loc_40194F: ; CODE XREF: sub_401439+53�j
; DATA XREF: .text:off_402941�o
push 31h ; jumptable 0040148C case 22
call sub_402A9A
push [ebp+var_24] ; int
push eax ; lpText
call sub_4052DB
cmp eax, ebx
jz loc_4026DA
cmp eax, [ebp+nDenominator]
jz loc_401AB1
cmp eax, [ebp+nShowCmd.dwHighDateTime]
jnz loc_40292F ; default
; jumptable 0040148C cases 65,66
mov eax, [ebp+lpString2]
jmp loc_40293A ; jumptable 0040148C case 2
; ---------------------------------------------------------------------------
loc_401981: ; CODE XREF: sub_401439+53�j
; DATA XREF: .text:off_402941�o
push 0FFFFFFF0h ; jumptable 0040148C case 23
loc_401983: ; CODE XREF: sub_401439+514�j
call sub_402A9A
push [ebp+dwFileAttributes] ; int
push eax ; lpString1
call sub_40531D
jmp loc_40292F ; default
; jumptable 0040148C cases 65,66
; ---------------------------------------------------------------------------
loc_401996: ; CODE XREF: sub_401439+53�j
; DATA XREF: .text:off_402941�o
push 1 ; jumptable 0040148C case 24
call sub_402A9A
push eax ; lpString
call lstrlenA ; lstrlenA
jmp loc_402536
; ---------------------------------------------------------------------------
loc_4019A8: ; CODE XREF: sub_401439+53�j
; DATA XREF: .text:off_402941�o
push 2 ; jumptable 0040148C case 25
call sub_402A7D
push 3
mov [ebp+FilePart], eax
call sub_402A7D
push 1
mov edi, eax
call sub_402A9A
cmp [ebp+nDenominator], ebx
mov [ebp+nNumberOfBytesToWrite], eax
mov [esi], bl
jz short loc_4019D5
cmp [ebp+FilePart], ebx
jz loc_40292F ; default
; jumptable 0040148C cases 65,66
loc_4019D5: ; CODE XREF: sub_401439+591�j
push eax ; lpString
call lstrlenA ; lstrlenA
cmp edi, ebx
jge short loc_4019E7
add edi, eax
js loc_40292F ; default
; jumptable 0040148C cases 65,66
loc_4019E7: ; CODE XREF: sub_401439+5A4�j
cmp edi, eax
jle short loc_4019ED
mov edi, eax
loc_4019ED: ; CODE XREF: sub_401439+5B0�j
mov eax, [ebp+nNumberOfBytesToWrite]
add eax, edi
push eax ; lpString2
push esi ; lpString1
call sub_4059DB
mov edi, [ebp+FilePart]
cmp edi, ebx
jz loc_40292F ; default
; jumptable 0040148C cases 65,66
jge short loc_401A15
push esi ; lpString
call lstrlenA ; lstrlenA
add edi, eax
jns short loc_401A15
mov [ebp+FilePart], ebx
mov edi, ebx
loc_401A15: ; CODE XREF: sub_401439+5CB�j
; sub_401439+5D5�j
cmp edi, 400h
jge loc_40292F ; default
; jumptable 0040148C cases 65,66
mov [edi+esi], bl
jmp loc_40292F ; default
; jumptable 0040148C cases 65,66
; ---------------------------------------------------------------------------
loc_401A29: ; CODE XREF: sub_401439+53�j
; DATA XREF: .text:off_402941�o
push 20h ; jumptable 0040148C case 26
call sub_402A9A
push 31h
mov esi, eax
call sub_402A9A
cmp [ebp+nShowCmd.dwHighDateTime], ebx
push eax ; lpString2
push esi ; lpString1
jnz short loc_401A52
call ds:lstrcmpiA ; lstrcmpiA
loc_401A46: ; CODE XREF: sub_401439+61F�j
test eax, eax
jnz short loc_401AB1
loc_401A4A: ; CODE XREF: sub_401439+670�j
; sub_401439:loc_401AB9�j ...
mov eax, [ebp+nDenominator]
jmp loc_40293A ; jumptable 0040148C case 2
; ---------------------------------------------------------------------------
loc_401A52: ; CODE XREF: sub_401439+605�j
call ds:lstrcmpA ; lstrcmpA
jmp short loc_401A46
; ---------------------------------------------------------------------------
loc_401A5A: ; CODE XREF: sub_401439+53�j
; DATA XREF: .text:off_402941�o
xor edi, edi ; jumptable 0040148C case 27
inc edi
push edi
call sub_402A9A
cmp [ebp+nDenominator], ebx
push 400h ; nSize
push esi ; lpBuffer
push eax ; lpName
jz short loc_401A77
call ds:GetEnvironmentVariableA ; GetEnvironmentVariableA
jmp short loc_401A7D
; ---------------------------------------------------------------------------
loc_401A77: ; CODE XREF: sub_401439+634�j
call ds:ExpandEnvironmentStringsA ; ExpandEnvironmentStringsA
loc_401A7D: ; CODE XREF: sub_401439+63C�j
test eax, eax
jnz short loc_401A86
mov [ebp+var_4], edi
mov [esi], bl
loc_401A86: ; CODE XREF: sub_401439+646�j
mov [esi+3FFh], bl
jmp loc_40292F ; default
; jumptable 0040148C cases 65,66
; ---------------------------------------------------------------------------
loc_401A91: ; CODE XREF: sub_401439+53�j
; DATA XREF: .text:off_402941�o
push ebx ; jumptable 0040148C case 28
call sub_402A7D
push 1
mov esi, eax
call sub_402A7D
cmp [ebp+lpString2], ebx
jnz short loc_401AAD
cmp esi, eax
jl short loc_401AB1
jle short loc_401A4A
jmp short loc_401ABB
; ---------------------------------------------------------------------------
loc_401AAD: ; CODE XREF: sub_401439+66A�j
cmp esi, eax
jnb short loc_401AB9
loc_401AB1: ; CODE XREF: sub_401439+531�j
; sub_401439+60F�j ...
mov eax, [ebp+nShowCmd.dwLowDateTime]
jmp loc_40293A ; jumptable 0040148C case 2
; ---------------------------------------------------------------------------
loc_401AB9: ; CODE XREF: sub_401439+676�j
jbe short loc_401A4A
loc_401ABB: ; CODE XREF: sub_401439+672�j
mov eax, [ebp+nShowCmd.dwHighDateTime]
jmp loc_40293A ; jumptable 0040148C case 2
; ---------------------------------------------------------------------------
loc_401AC3: ; CODE XREF: sub_401439+53�j
; DATA XREF: .text:off_402941�o
push 1 ; jumptable 0040148C case 29
call sub_402A7D
push 2
mov edi, eax
call sub_402A7D
mov ecx, eax
mov eax, [ebp+nShowCmd.dwLowDateTime]
cmp eax, 0Ch ; switch 13 cases
ja short loc_401B4A ; default
jmp ds:off_402A49[eax*4] ; switch jump
loc_401AE4: ; DATA XREF: .text:off_402A49�o
add edi, ecx ; jumptable 00401ADD case 0
jmp short loc_401B4A ; default
; ---------------------------------------------------------------------------
loc_401AE8: ; CODE XREF: sub_401439+6A4�j
; DATA XREF: .text:off_402A49�o
sub edi, ecx ; jumptable 00401ADD case 1
jmp short loc_401B4A ; default
; ---------------------------------------------------------------------------
loc_401AEC: ; CODE XREF: sub_401439+6A4�j
; DATA XREF: .text:off_402A49�o
imul ecx, edi ; jumptable 00401ADD case 2
mov edi, ecx
jmp short loc_401B4A ; default
; ---------------------------------------------------------------------------
loc_401AF3: ; CODE XREF: sub_401439+6A4�j
; DATA XREF: .text:off_402A49�o
cmp ecx, ebx ; jumptable 00401ADD case 3
jz short loc_401B39
mov eax, edi
cdq
idiv ecx
loc_401AFC: ; CODE XREF: sub_401439+6DA�j
mov edi, eax
jmp short loc_401B4A ; default
; ---------------------------------------------------------------------------
loc_401B00: ; CODE XREF: sub_401439+6A4�j
; DATA XREF: .text:off_402A49�o
or edi, ecx ; jumptable 00401ADD case 4
jmp short loc_401B4A ; default
; ---------------------------------------------------------------------------
loc_401B04: ; CODE XREF: sub_401439+6A4�j
; DATA XREF: .text:off_402A49�o
and edi, ecx ; jumptable 00401ADD case 5
jmp short loc_401B4A ; default
; ---------------------------------------------------------------------------
loc_401B08: ; CODE XREF: sub_401439+6A4�j
; DATA XREF: .text:off_402A49�o
xor edi, ecx ; jumptable 00401ADD case 6
jmp short loc_401B4A ; default
; ---------------------------------------------------------------------------
loc_401B0C: ; CODE XREF: sub_401439+6A4�j
; DATA XREF: .text:off_402A49�o
xor eax, eax ; jumptable 00401ADD case 7
cmp edi, ebx
setz al
jmp short loc_401AFC
; ---------------------------------------------------------------------------
loc_401B15: ; CODE XREF: sub_401439+6A4�j
; DATA XREF: .text:off_402A49�o
cmp edi, ebx ; jumptable 00401ADD case 8
jnz short loc_401B27
jmp short loc_401B23
; ---------------------------------------------------------------------------
loc_401B1B: ; CODE XREF: sub_401439+6E8�j
; sub_401439+6EC�j
xor edi, edi
jmp short loc_401B4A ; default
; ---------------------------------------------------------------------------
loc_401B1F: ; CODE XREF: sub_401439+6A4�j
; DATA XREF: .text:off_402A49�o
cmp edi, ebx ; jumptable 00401ADD case 9
jz short loc_401B1B
loc_401B23: ; CODE XREF: sub_401439+6E0�j
cmp ecx, ebx
jz short loc_401B1B
loc_401B27: ; CODE XREF: sub_401439+6DE�j
xor edi, edi
inc edi
jmp short loc_401B4A ; default
; ---------------------------------------------------------------------------
loc_401B2C: ; CODE XREF: sub_401439+6A4�j
; DATA XREF: .text:off_402A49�o
cmp ecx, ebx ; jumptable 00401ADD case 10
jz short loc_401B39
mov eax, edi
cdq
idiv ecx
mov edi, edx
jmp short loc_401B4A ; default
; ---------------------------------------------------------------------------
loc_401B39: ; CODE XREF: sub_401439+6BC�j
; sub_401439+6F5�j
xor edi, edi
mov [ebp+var_4], 1
jmp short loc_401B4A ; default
; ---------------------------------------------------------------------------
loc_401B44: ; CODE XREF: sub_401439+6A4�j
; DATA XREF: .text:off_402A49�o
shl edi, cl ; jumptable 00401ADD case 11
jmp short loc_401B4A ; default
; ---------------------------------------------------------------------------
loc_401B48: ; CODE XREF: sub_401439+6A4�j
; DATA XREF: .text:off_402A49�o
sar edi, cl ; jumptable 00401ADD case 12
loc_401B4A: ; CODE XREF: sub_401439+6A2�j
; sub_401439+6AD�j ...
push edi ; default
jmp loc_401581
; ---------------------------------------------------------------------------
loc_401B50: ; CODE XREF: sub_401439+53�j
; DATA XREF: .text:off_402941�o
push 1 ; jumptable 0040148C case 30
call sub_402A9A
push 2
mov edi, eax
call sub_402A7D
push eax
push edi ; LPCSTR
push esi ; LPSTR
call ds:wsprintfA ; wsprintfA
add esp, 0Ch
jmp loc_40292F ; default
; jumptable 0040148C cases 65,66
; ---------------------------------------------------------------------------
loc_401B71: ; CODE XREF: sub_401439+53�j
; DATA XREF: .text:off_402941�o
mov eax, [ebp+nDenominator] ; jumptable 0040148C case 31
mov edi, hMem
cmp eax, ebx
jz short loc_401BC2
loc_401B7E: ; CODE XREF: sub_401439+752�j
dec eax
cmp edi, ebx
jz loc_402280
mov edi, [edi]
cmp eax, ebx
jnz short loc_401B7E
cmp edi, ebx
jz loc_402280
add edi, 4
mov esi, offset FileName
push edi ; lpString2
push esi ; lpString1
call sub_4059DB
mov eax, hMem
add eax, 4
push eax ; lpString2
push edi ; lpString1
call sub_4059DB
mov eax, hMem
push esi
add eax, 4
push eax
jmp loc_402855
; ---------------------------------------------------------------------------
loc_401BC2: ; CODE XREF: sub_401439+743�j
cmp [ebp+dwFileAttributes], ebx
jz short loc_401BEC
cmp edi, ebx
jz loc_4026DA
lea eax, [edi+4]
push eax ; lpString2
push esi ; lpString1
call sub_4059DB
mov eax, [edi]
push edi ; hMem
mov hMem, eax
loc_401BE1: ; CODE XREF: sub_401439+B9E�j
call ds:GlobalFree ; GlobalFree
jmp loc_40292F ; default
; jumptable 0040148C cases 65,66
; ---------------------------------------------------------------------------
loc_401BEC: ; CODE XREF: sub_401439+78C�j
push 404h ; dwBytes
push 40h ; uFlags
call ds:GlobalAlloc ; GlobalAlloc
push [ebp+var_24] ; lpString2
mov esi, eax
lea eax, [esi+4]
push eax ; lpString1
call sub_4059FD
mov eax, hMem
mov [esi], eax
mov hMem, esi
jmp loc_40292F ; default
; jumptable 0040148C cases 65,66
; ---------------------------------------------------------------------------
loc_401C19: ; CODE XREF: sub_401439+53�j
; DATA XREF: .text:off_402941�o
push 33h ; jumptable 0040148C cases 32,33
call sub_402A9A
push 44h
mov [ebp+lpString], eax
call sub_402A9A
test byte ptr [ebp+lpString2], 1
mov [ebp+FilePart], eax
jnz short loc_401C3E
push [ebp+lpString]
call sub_405952
mov [ebp+lpString], eax
loc_401C3E: ; CODE XREF: sub_401439+7F8�j
test byte ptr [ebp+lpString2], 2
jnz short loc_401C4F
push [ebp+FilePart]
call sub_405952
mov [ebp+FilePart], eax
loc_401C4F: ; CODE XREF: sub_401439+809�j
cmp [ebp+var_28], 21h
push 1
jnz short loc_401C9B
call sub_402A7D
push 2
mov edi, eax
call sub_402A7D
mov ecx, [ebp+lpString2]
sar ecx, 2
jz short loc_401C8B
lea edx, [ebp+ExitCode.bottom]
push edx ; lpdwResult
push ecx ; uTimeout
push ebx ; fuFlags
push [ebp+FilePart] ; lParam
push [ebp+lpString] ; wParam
push eax ; Msg
push edi ; hWnd
call ds:SendMessageTimeoutA ; SendMessageTimeoutA
neg eax
sbb eax, eax
inc eax
mov [ebp+var_4], eax
jmp short loc_401CCA
; ---------------------------------------------------------------------------
loc_401C8B: ; CODE XREF: sub_401439+832�j
push [ebp+FilePart] ; lParam
push [ebp+lpString] ; wParam
push eax ; Msg
push edi ; hWnd
call ds:SendMessageA ; SendMessageA
jmp short loc_401CC7
; ---------------------------------------------------------------------------
loc_401C9B: ; CODE XREF: sub_401439+81C�j
call sub_402A9A
push 12h
mov edi, eax
call sub_402A9A
mov cl, [eax]
neg cl
sbb ecx, ecx
and ecx, eax
mov al, [edi]
neg al
sbb eax, eax
push ecx ; lpszWindow
and eax, edi
push eax ; lpszClass
push [ebp+FilePart] ; hWndChildAfter
push [ebp+lpString] ; hWndParent
call ds:FindWindowExA ; FindWindowExA
loc_401CC7: ; CODE XREF: sub_401439+860�j
mov [ebp+ExitCode.bottom], eax
loc_401CCA: ; CODE XREF: sub_401439+850�j
cmp [ebp+var_24], ebx
jl loc_40292F ; default
; jumptable 0040148C cases 65,66
push [ebp+ExitCode.bottom]
jmp loc_401581
; ---------------------------------------------------------------------------
loc_401CDB: ; CODE XREF: sub_401439+53�j
; DATA XREF: .text:off_402941�o
push ebx ; jumptable 0040148C case 34
call sub_402A7D
push eax ; hWnd
call ds:IsWindow ; IsWindow
loc_401CE8: ; CODE XREF: sub_401439+22D�j
test eax, eax
jz loc_401A4A
mov eax, [ebp+dwFileAttributes]
jmp loc_40293A ; jumptable 0040148C case 2
; ---------------------------------------------------------------------------
loc_401CF8: ; CODE XREF: sub_401439+53�j
; DATA XREF: .text:off_402941�o
push 2 ; jumptable 0040148C case 35
call sub_402A7D
push eax ; nIDDlgItem
push 1
call sub_402A7D
push eax ; hDlg
call ds:GetDlgItem ; GetDlgItem
jmp loc_402536
; ---------------------------------------------------------------------------
loc_401D13: ; CODE XREF: sub_401439+53�j
; DATA XREF: .text:off_402941�o
mov eax, dword_42F468 ; jumptable 0040148C case 36
mov ecx, [ebp+dwFileAttributes]
add eax, ecx
push eax ; dwNewLong
push 0FFFFFFEBh ; nIndex
push ebx
call sub_402A7D
push eax ; hWnd
call ds:SetWindowLongA ; SetWindowLongA
jmp loc_40292F ; default
; jumptable 0040148C cases 65,66
; ---------------------------------------------------------------------------
loc_401D32: ; CODE XREF: sub_401439+53�j
; DATA XREF: .text:off_402941�o
push [ebp+dwFileAttributes] ; jumptable 0040148C case 37
push [ebp+lpString] ; hDlg
call ds:GetDlgItem ; GetDlgItem
mov esi, eax
lea eax, [ebp+ExitCode]
push eax ; lpRect
push esi ; hWnd
call ds:GetClientRect ; GetClientRect
mov eax, [ebp+ExitCode.bottom]
push 10h ; fuLoad
imul eax, [ebp+nDenominator]
push eax ; cy
mov eax, [ebp+ExitCode.right]
imul eax, [ebp+nDenominator]
push eax ; cx
push ebx ; type
push ebx
call sub_402A9A
push eax ; name
push ebx ; hInst
call ds:LoadImageA ; LoadImageA
push eax ; lParam
push ebx ; wParam
push 172h ; Msg
push esi ; hWnd
call ds:SendMessageA ; SendMessageA
cmp eax, ebx
jz loc_40292F ; default
; jumptable 0040148C cases 65,66
push eax ; ho
call ds:DeleteObject ; DeleteObject
jmp loc_40292F ; default
; jumptable 0040148C cases 65,66
; ---------------------------------------------------------------------------
loc_401D8E: ; CODE XREF: sub_401439+53�j
; DATA XREF: .text:off_402941�o
push 48h ; jumptable 0040148C case 38
push 5Ah ; index
push [ebp+lpString] ; hWnd
call ds:GetDC ; GetDC
push eax ; hdc
call ds:GetDeviceCaps ; GetDeviceCaps
push eax ; nNumerator
push 2
call sub_402A7D
push eax ; nNumber
call ds:MulDiv ; MulDiv
neg eax
push 3
mov lf.lfHeight, eax
call sub_402A7D
mov lf.lfWeight, eax
mov al, byte ptr [ebp+nShowCmd.dwHighDateTime]
push [ebp+dwFileAttributes] ; lpString2
mov cl, al
and cl, 1
mov lf.lfCharSet, 1
mov lf.lfItalic, cl
mov cl, al
and cl, 2
and al, 4
push offset lf.lfFaceName ; lpString1
mov lf.lfUnderline, cl
mov lf.lfStrikeOut, al
call sub_4059FD
push offset lf ; lplf
call ds:CreateFontIndirectA ; CreateFontIndirectA
jmp loc_402536
; ---------------------------------------------------------------------------
loc_401E08: ; CODE XREF: sub_401439+53�j
; DATA XREF: .text:off_402941�o
push ebx ; jumptable 0040148C case 39
call sub_402A7D
push 1
mov esi, eax
call sub_402A7D
cmp [ebp+nShowCmd.dwLowDateTime], ebx
push eax ; nCmdShow
push esi ; hWnd
jnz short loc_401E29
call ds:ShowWindow ; ShowWindow
jmp loc_40292F ; default
; jumptable 0040148C cases 65,66
; ---------------------------------------------------------------------------
loc_401E29: ; CODE XREF: sub_401439+9E3�j
call ds:EnableWindow ; EnableWindow
jmp loc_40292F ; default
; jumptable 0040148C cases 65,66
; ---------------------------------------------------------------------------
loc_401E34: ; CODE XREF: sub_401439+53�j
; DATA XREF: .text:off_402941�o
push ebx ; jumptable 0040148C case 40
call sub_402A9A
push 31h
mov esi, eax
call sub_402A9A
push 22h
mov ebx, eax
call sub_402A9A
push ebx
push esi
push offset aSS ; "%s %s"
push offset String1 ; LPSTR
mov edi, eax
call ds:wsprintfA ; wsprintfA
add esp, 10h
push 0FFFFFFECh
call sub_401428
mov al, [edi]
push [ebp+nShowCmd.dwLowDateTime] ; nShowCmd
neg al
sbb eax, eax
push offset CurrentDirectory ; lpDirectory
and eax, edi
push eax ; lpParameters
mov al, [esi]
neg al
sbb eax, eax
push ebx ; lpFile
and eax, esi
push eax ; lpOperation
push [ebp+lpString] ; hwnd
call ds:ShellExecuteA ; ShellExecuteA
cmp eax, 21h
jge loc_40292F ; default
; jumptable 0040148C cases 65,66
jmp loc_4026DA
; ---------------------------------------------------------------------------
loc_401E9C: ; CODE XREF: sub_401439+53�j
; DATA XREF: .text:off_402941�o
push ebx ; jumptable 0040148C case 41
call sub_402A9A
mov esi, eax
push esi ; lpString2
push 0FFFFFFEBh ; int
call sub_404D7E
push offset CurrentDirectory ; lpCurrentDirectory
push esi ; lpCommandLine
call sub_405263
cmp eax, ebx
mov [ebp+FilePart], eax
jz loc_4026DA
cmp [ebp+nDenominator], ebx
jz short loc_401F0D
mov esi, ds:WaitForSingleObject
jmp short loc_401ED6
; ---------------------------------------------------------------------------
loc_401ECF: ; CODE XREF: sub_401439+AA9�j
push 0Fh ; wMsgFilterMax
call sub_405D18
loc_401ED6: ; CODE XREF: sub_401439+A94�j
push 64h ; dwMilliseconds
push [ebp+FilePart] ; hHandle
call esi ; WaitForSingleObject
cmp eax, 102h
jz short loc_401ECF
lea eax, [ebp+ExitCode.bottom]
push eax ; lpExitCode
push [ebp+FilePart] ; hProcess
call ds:GetExitCodeProcess ; GetExitCodeProcess
cmp [ebp+dwFileAttributes], ebx
jl short loc_401F01
push [ebp+ExitCode.bottom] ; int
push edi ; LPSTR
call sub_405939
jmp short loc_401F0D
; ---------------------------------------------------------------------------
loc_401F01: ; CODE XREF: sub_401439+ABB�j
cmp [ebp+ExitCode.bottom], ebx
jz short loc_401F0D
mov [ebp+var_4], 1
loc_401F0D: ; CODE XREF: sub_401439+A8C�j
; sub_401439+AC6�j ...
push [ebp+FilePart] ; hObject
loc_401F10: ; CODE XREF: sub_401439+10DC�j
call ds:CloseHandle ; CloseHandle
jmp loc_40292F ; default
; jumptable 0040148C cases 65,66
; ---------------------------------------------------------------------------
loc_401F1B: ; CODE XREF: sub_401439+53�j
; DATA XREF: .text:off_402941�o
push 2 ; jumptable 0040148C case 42
call sub_402A9A
push eax ; lpFileName
call sub_405CB0
cmp eax, ebx
mov [ebp+FilePart], eax
jz short loc_401F42
mov ebx, eax
push dword ptr [ebx+14h] ; int
push edi ; LPSTR
call sub_405939
push dword ptr [ebx+18h]
jmp loc_401581
; ---------------------------------------------------------------------------
loc_401F42: ; CODE XREF: sub_401439+AF4�j
mov [esi], bl
mov [edi], bl
jmp loc_4026DA
; ---------------------------------------------------------------------------
loc_401F4B: ; CODE XREF: sub_401439+53�j
; DATA XREF: .text:off_402941�o
lea eax, [ebp+FileOp.pTo] ; jumptable 0040148C case 43
push 0FFFFFFEEh
mov [ebp+FilePart], eax
call sub_402A9A
lea ecx, [ebp+lpMultiByteStr]
mov [ebp+nNumberOfBytesToWrite], eax
push ecx ; lpdwHandle
push eax ; lptstrFilename
call GetFileVersionInfoSizeA
mov [esi], bl
cmp eax, ebx
mov [ebp+lpString], eax
mov [edi], bl
mov [ebp+var_4], 1
jz loc_40292F ; default
; jumptable 0040148C cases 65,66
push eax ; dwBytes
push 40h ; uFlags
call ds:GlobalAlloc ; GlobalAlloc
cmp eax, ebx
mov [ebp+ExitCode.bottom], eax
jz loc_40292F ; default
; jumptable 0040148C cases 65,66
push eax ; lpData
push [ebp+lpString] ; dwLen
push ebx ; dwHandle
push [ebp+nNumberOfBytesToWrite] ; lptstrFilename
call GetFileVersionInfoA
test eax, eax
jz short loc_401FD4
lea eax, [ebp+lpValueName]
push eax ; puLen
lea eax, [ebp+FilePart]
push eax ; lplpBuffer
push offset SubBlock ; "\\"
push [ebp+ExitCode.bottom] ; pBlock
call VerQueryValueA
test eax, eax
jz short loc_401FD4
mov eax, [ebp+FilePart]
push dword ptr [eax+8] ; int
push esi ; LPSTR
call sub_405939
mov eax, [ebp+FilePart]
push dword ptr [eax+0Ch] ; int
push edi ; LPSTR
call sub_405939
mov [ebp+var_4], ebx
loc_401FD4: ; CODE XREF: sub_401439+B65�j
; sub_401439+B7E�j
push [ebp+ExitCode.bottom]
jmp loc_401BE1
; ---------------------------------------------------------------------------
loc_401FDC: ; CODE XREF: sub_401439+53�j
; DATA XREF: .text:off_402941�o
xor edi, edi ; jumptable 0040148C case 44
push 8001h ; uMode
inc edi
mov [ebp+var_4], edi
call ds:SetErrorMode ; SetErrorMode
cmp dword_42F4D0, ebx
jl loc_402093
push 0FFFFFFF0h
call sub_402A9A
push edi
mov esi, eax
call sub_402A9A
cmp [ebp+nShowCmd.dwHighDateTime], ebx
mov [ebp+FilePart], eax
jz short loc_40201D
push esi ; lpModuleName
call ds:GetModuleHandleA ; GetModuleHandleA
mov edi, eax
cmp edi, ebx
jnz short loc_40202A
loc_40201D: ; CODE XREF: sub_401439+BD5�j
push esi ; lpLibFileName
call ds:LoadLibraryA ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_40208F
loc_40202A: ; CODE XREF: sub_401439+BE2�j
push [ebp+FilePart] ; lpProcName
push edi ; hModule
call ds:GetProcAddress ; GetProcAddress
mov esi, eax
cmp esi, ebx
jz short loc_402077
cmp [ebp+nDenominator], ebx
mov [ebp+var_4], ebx
jz short loc_402059
push [ebp+nDenominator]
call sub_401428
call esi
test eax, eax
jz short loc_402081
mov [ebp+var_4], 1
jmp short loc_402081
; ---------------------------------------------------------------------------
loc_402059: ; CODE XREF: sub_401439+C07�j
push offset off_409000
push offset hMem
push offset dword_430000
push 400h
push [ebp+lpString]
call esi
add esp, 14h
jmp short loc_402081
; ---------------------------------------------------------------------------
loc_402077: ; CODE XREF: sub_401439+BFF�j
push [ebp+FilePart] ; lpString2
push 0FFFFFFF7h ; int
call sub_404D7E
loc_402081: ; CODE XREF: sub_401439+C15�j
; sub_401439+C1E�j ...
cmp [ebp+nShowCmd.dwLowDateTime], ebx
jnz short loc_40209A
push edi ; hLibModule
call ds:FreeLibrary ; FreeLibrary
jmp short loc_40209A
; ---------------------------------------------------------------------------
loc_40208F: ; CODE XREF: sub_401439+BEF�j
push 0FFFFFFF6h
jmp short loc_402095
; ---------------------------------------------------------------------------
loc_402093: ; CODE XREF: sub_401439+BBA�j
push 0FFFFFFE7h
loc_402095: ; CODE XREF: sub_401439+C58�j
call sub_401428
loc_40209A: ; CODE XREF: sub_401439+C4B�j
; sub_401439+C54�j
push ebx ; uMode
call ds:SetErrorMode ; SetErrorMode
jmp loc_40292F ; default
; jumptable 0040148C cases 65,66
; ---------------------------------------------------------------------------
loc_4020A6: ; CODE XREF: sub_401439+53�j
; DATA XREF: .text:off_402941�o
push 0FFFFFFF0h ; jumptable 0040148C case 45
call sub_402A9A
push 0FFFFFFDFh
mov [ebp+lpMultiByteStr], eax
call sub_402A9A
push 2
mov esi, eax
call sub_402A9A
push 0FFFFFFCDh
mov [ebp+nNumberOfBytesToWrite], eax
call sub_402A9A
push 45h
mov [ebp+ExitCode.bottom], eax
call sub_402A9A
push esi
mov [ebp+lpValueName], eax
call sub_405554
test eax, eax
jnz short loc_4020E8
push 21h
call sub_402A9A
loc_4020E8: ; CODE XREF: sub_401439+CA6�j
lea eax, [ebp+FilePart]
push eax ; ppv
push offset riid ; riid
push 1 ; dwClsContext
push ebx ; pUnkOuter
push offset rclsid ; rclsid
call ds:CoCreateInstance
cmp eax, ebx
jl loc_4021DF
mov eax, [ebp+FilePart]
lea edx, [ebp+lpString]
push edx
push offset dword_407440
mov ecx, [eax]
push eax
call dword ptr [ecx]
mov edi, eax
cmp edi, ebx
jl loc_4021D2
mov eax, [ebp+FilePart]
push esi
push eax
mov ecx, [eax]
call dword ptr [ecx+50h]
mov edi, eax
mov eax, [ebp+FilePart]
push offset CurrentDirectory
push eax
mov ecx, [eax]
call dword ptr [ecx+24h]
mov ecx, [ebp+nShowCmd.dwHighDateTime]
mov esi, 0FFh
mov eax, ecx
sar eax, 8
and eax, esi
jz short loc_40215A
mov ecx, [ebp+FilePart]
push eax
push ecx
mov edx, [ecx]
call dword ptr [edx+3Ch]
mov ecx, [ebp+nShowCmd.dwHighDateTime]
loc_40215A: ; CODE XREF: sub_401439+D12�j
mov eax, [ebp+FilePart]
sar ecx, 10h
mov edx, [eax]
push ecx
push eax
call dword ptr [edx+34h]
mov eax, [ebp+ExitCode.bottom]
cmp [eax], bl
jz short loc_402180
mov edx, [ebp+nShowCmd.dwHighDateTime]
mov eax, [ebp+FilePart]
and edx, esi
mov ecx, [eax]
push edx
push [ebp+ExitCode.bottom]
push eax
call dword ptr [ecx+44h]
loc_402180: ; CODE XREF: sub_401439+D33�j
mov eax, [ebp+FilePart]
push [ebp+nNumberOfBytesToWrite]
mov ecx, [eax]
push eax
call dword ptr [ecx+2Ch]
mov eax, [ebp+FilePart]
push [ebp+lpValueName]
mov ecx, [eax]
push eax
call dword ptr [ecx+1Ch]
cmp edi, ebx
jl short loc_4021C9
mov esi, offset WideCharStr
push 400h ; cchWideChar
push esi ; lpWideCharStr
push 0FFFFFFFFh ; cbMultiByte
push [ebp+lpMultiByteStr] ; lpMultiByteStr
mov WideCharStr, bx
push ebx ; dwFlags
push ebx ; CodePage
call ds:MultiByteToWideChar ; MultiByteToWideChar
mov eax, [ebp+lpString]
push 1
push esi
push eax
mov ecx, [eax]
call dword ptr [ecx+18h]
mov edi, eax
loc_4021C9: ; CODE XREF: sub_401439+D61�j
mov eax, [ebp+lpString]
push eax
mov ecx, [eax]
call dword ptr [ecx+8]
loc_4021D2: ; CODE XREF: sub_401439+CE3�j
mov eax, [ebp+FilePart]
push eax
mov ecx, [eax]
call dword ptr [ecx+8]
cmp edi, ebx
jge short loc_4021F2
loc_4021DF: ; CODE XREF: sub_401439+CC8�j
mov [ebp+var_4], 1
push 0FFFFFFF0h
loc_4021E8: ; CODE XREF: sub_401439+21C�j
; sub_401439+296�j ...
call sub_401428
jmp loc_40292F ; default
; jumptable 0040148C cases 65,66
; ---------------------------------------------------------------------------
loc_4021F2: ; CODE XREF: sub_401439+DA4�j
push 0FFFFFFF4h
jmp short loc_4021E8
; ---------------------------------------------------------------------------
loc_4021F6: ; CODE XREF: sub_401439+53�j
; DATA XREF: .text:off_402941�o
push ebx ; jumptable 0040148C case 46
call sub_402A9A
mov edi, eax
push 11h
mov [ebp+FilePart], edi
call sub_402A9A
mov esi, eax
mov eax, [ebp+lpString]
push edi ; lpString
mov [ebp+FileOp.hwnd], eax
mov [ebp+FileOp.wFunc], 2
call lstrlenA ; lstrlenA
push esi ; lpString
mov [eax+edi+1], bl
call lstrlenA ; lstrlenA
mov edi, offset Data
push 0FFFFFFF8h ; lpString2
push edi ; lpString1
mov [eax+esi+1], bl
call sub_4059FD
push esi ; lpString2
push edi ; lpString1
call lstrcatA ; lstrcatA
mov eax, [ebp+FilePart]
push edi ; lpString2
mov [ebp+FileOp.pFrom], eax
mov ax, word ptr [ebp+nDenominator]
push ebx ; int
mov [ebp+FileOp.pTo], esi
mov [ebp+FileOp.lpszProgressTitle], edi
mov [ebp+FileOp.fFlags], ax
call sub_404D7E
lea eax, [ebp+FileOp]
push eax ; lpFileOp
call ds:SHFileOperationA ; SHFileOperationA
test eax, eax
jz loc_40292F ; default
; jumptable 0040148C cases 65,66
push ebx ; lpString2
push 0FFFFFFF9h ; int
call sub_404D7E
jmp loc_4026DA
; ---------------------------------------------------------------------------
loc_402279: ; CODE XREF: sub_401439+53�j
; DATA XREF: .text:off_402941�o
cmp eax, 0BADF00Dh ; jumptable 0040148C case 47
jz short loc_40229D
loc_402280: ; CODE XREF: sub_401439+748�j
; sub_401439+756�j
push 200010h ; int
push 0FFFFFFE8h ; lpString2
push ebx ; lpString1
call sub_4059FD
push eax ; lpText
loc_40228E: ; CODE XREF: sub_401439+50E�j
call sub_4052DB
loc_402293: ; CODE XREF: sub_401439+61�j
; sub_401439+6F�j ...
mov eax, 7FFFFFFFh
jmp loc_40293A ; jumptable 0040148C case 2
; ---------------------------------------------------------------------------
loc_40229D: ; CODE XREF: sub_401439+E45�j
inc dword_42F4B4
jmp loc_40292F ; default
; jumptable 0040148C cases 65,66
; ---------------------------------------------------------------------------
loc_4022A8: ; CODE XREF: sub_401439+53�j
; DATA XREF: .text:off_402941�o
xor esi, esi ; jumptable 0040148C case 48
xor edi, edi
cmp eax, ebx
jz short loc_4022B8
push ebx
call sub_402A9A
mov esi, eax
loc_4022B8: ; CODE XREF: sub_401439+E75�j
cmp [ebp+dwFileAttributes], ebx
jz short loc_4022C6
push 11h
call sub_402A9A
mov edi, eax
loc_4022C6: ; CODE XREF: sub_401439+E82�j
cmp [ebp+nShowCmd.dwHighDateTime], ebx
jz short loc_4022D4
push 22h
call sub_402A9A
mov ebx, eax
loc_4022D4: ; CODE XREF: sub_401439+E90�j
push 0FFFFFFCDh
call sub_402A9A
push eax ; lpFileName
push ebx ; lpString
push edi ; lpKeyName
push esi ; lpAppName
call ds:WritePrivateProfileStringA ; WritePrivateProfileStringA
jmp loc_4015C8
; ---------------------------------------------------------------------------
loc_4022EA: ; CODE XREF: sub_401439+53�j
; DATA XREF: .text:off_402941�o
push 1 ; jumptable 0040148C case 49
mov [ebp+FilePart], 7E4E21h
call sub_402A9A
push 12h
mov edi, eax
call sub_402A9A
push 0FFFFFFDDh
mov [ebp+lpMultiByteStr], eax
call sub_402A9A
push eax ; lpFileName
push 3FFh ; nSize
lea eax, [ebp+FilePart]
push esi ; lpReturnedString
push eax ; lpDefault
push [ebp+lpMultiByteStr] ; lpKeyName
push edi ; lpAppName
call ds:GetPrivateProfileStringA ; GetPrivateProfileStringA
mov eax, [esi]
cmp eax, [ebp+FilePart]
jmp loc_40177F
; ---------------------------------------------------------------------------
loc_40232A: ; CODE XREF: sub_401439+53�j
; DATA XREF: .text:off_402941�o
cmp [ebp+nShowCmd.dwHighDateTime], ebx ; jumptable 0040148C case 50
jnz short loc_40235A
push 2 ; phkResult
call sub_402B76
mov esi, eax
cmp esi, ebx
jz loc_4026DA
push 33h
call sub_402A9A
push eax ; lpValueName
push esi ; hKey
call ds:RegDeleteValueA ; RegDeleteValueA
push esi ; hKey
mov edi, eax
call ds:RegCloseKey ; RegCloseKey
jmp short loc_402379
; ---------------------------------------------------------------------------
loc_40235A: ; CODE XREF: sub_401439+EF4�j
push 22h
call sub_402A9A
mov ecx, [ebp+nShowCmd.dwHighDateTime]
and ecx, 2
push ecx ; int
push eax ; lpSubKey
push [ebp+dwFileAttributes]
call sub_402B61
push eax ; hKey
call sub_402ADA
mov edi, eax
loc_402379: ; CODE XREF: sub_401439+F1F�j
cmp edi, ebx
jz loc_40292F ; default
; jumptable 0040148C cases 65,66
jmp loc_4026DA
; ---------------------------------------------------------------------------
loc_402386: ; CODE XREF: sub_401439+53�j
; DATA XREF: .text:off_402941�o
push eax ; jumptable 0040148C case 51
call sub_402B61
mov esi, [ebp+nShowCmd.dwHighDateTime]
mov edi, eax
mov eax, [ebp+lpString2]
push 2
mov [ebp+lpMultiByteStr], eax
call sub_402A9A
push 11h
mov [ebp+lpValueName], eax
call sub_402A9A
lea ecx, [ebp+FilePart]
push ebx ; lpdwDisposition
push ecx ; phkResult
push ebx ; lpSecurityAttributes
push 2 ; samDesired
push ebx ; dwOptions
push ebx ; lpClass
push ebx ; Reserved
push eax ; lpSubKey
push edi ; hKey
mov [ebp+var_4], 1
call ds:RegCreateKeyExA ; RegCreateKeyExA
test eax, eax
jnz loc_40292F ; default
; jumptable 0040148C cases 65,66
cmp esi, 1
mov edi, offset Data
jnz short loc_4023E2
push 23h
call sub_402A9A
push edi ; lpString
call lstrlenA ; lstrlenA
inc eax
loc_4023E2: ; CODE XREF: sub_401439+F99�j
cmp esi, 4
jnz short loc_4023F5
push 3
call sub_402A7D
push esi
mov Data, eax
pop eax
loc_4023F5: ; CODE XREF: sub_401439+FAC�j
cmp esi, 3
jnz short loc_402409
push 0C00h ; Buffer
push edi ; int
push ebx ; hFile
push [ebp+nShowCmd.dwLowDateTime] ; nDenominator
call sub_402EBD
loc_402409: ; CODE XREF: sub_401439+FBF�j
push eax ; cbData
push edi ; lpData
push [ebp+lpMultiByteStr] ; dwType
push ebx ; Reserved
push [ebp+lpValueName] ; lpValueName
push [ebp+FilePart] ; hKey
call ds:RegSetValueExA ; RegSetValueExA
test eax, eax
jnz short loc_402422
mov [ebp+var_4], ebx
loc_402422: ; CODE XREF: sub_401439+FE4�j
push [ebp+FilePart]
jmp loc_4024FB
; ---------------------------------------------------------------------------
loc_40242A: ; CODE XREF: sub_401439+53�j
; DATA XREF: .text:off_402941�o
push 20019h ; jumptable 0040148C case 52
call sub_402B76
push 33h
mov edi, eax
call sub_402A9A
cmp edi, ebx
mov [esi], bl
jz loc_4026DA
lea ecx, [ebp+ExitCode.bottom]
mov [ebp+ExitCode.bottom], 3FFh
push ecx ; lpcbData
lea ecx, [ebp+FilePart]
push esi ; lpData
push ecx ; lpType
push ebx ; lpReserved
push eax ; lpValueName
push edi ; hKey
call ds:RegQueryValueExA ; RegQueryValueExA
xor ecx, ecx
inc ecx
test eax, eax
jnz short loc_40249E
cmp [ebp+FilePart], 4
jz short loc_402488
cmp [ebp+FilePart], ecx
jz short loc_402478
cmp [ebp+FilePart], 2
jnz short loc_40249E
loc_402478: ; CODE XREF: sub_401439+1037�j
cmp [ebp+nShowCmd.dwHighDateTime], ebx
jz short loc_402480
mov [ebp+var_4], ecx
loc_402480: ; CODE XREF: sub_401439+1042�j
mov eax, [ebp+ExitCode.bottom]
mov [eax+esi], bl
jmp short loc_4024FA
; ---------------------------------------------------------------------------
loc_402488: ; CODE XREF: sub_401439+1032�j
cmp [ebp+nShowCmd.dwHighDateTime], ebx
jnz short loc_402494
mov [ebp+var_4], 1
loc_402494: ; CODE XREF: sub_401439+1052�j
push dword ptr [esi] ; int
push esi ; LPSTR
call sub_405939
jmp short loc_4024FA
; ---------------------------------------------------------------------------
loc_40249E: ; CODE XREF: sub_401439+102C�j
; sub_401439+103D�j
mov [esi], bl
mov [ebp+var_4], ecx
jmp short loc_4024FA
; ---------------------------------------------------------------------------
loc_4024A5: ; CODE XREF: sub_401439+53�j
; DATA XREF: .text:off_402941�o
push 20019h ; jumptable 0040148C case 53
call sub_402B76
push 3
mov edi, eax
call sub_402A7D
cmp edi, ebx
mov [esi], bl
jz loc_4026DA
cmp [ebp+nShowCmd.dwHighDateTime], ebx
mov ecx, 3FFh
mov [ebp+FilePart], ecx
jz short loc_4024DB
push ecx ; cchName
push esi ; lpName
push eax ; dwIndex
push edi ; hKey
call ds:RegEnumKeyA ; RegEnumKeyA
jmp short loc_4024F4
; ---------------------------------------------------------------------------
loc_4024DB: ; CODE XREF: sub_401439+1094�j
push ebx ; lpcbData
push ebx ; lpData
push ebx ; lpType
lea ecx, [ebp+FilePart]
push ebx ; lpReserved
push ecx ; lpcchValueName
push esi ; lpValueName
push eax ; dwIndex
push edi ; hKey
call ds:RegEnumValueA ; RegEnumValueA
test eax, eax
jnz loc_4026DA
loc_4024F4: ; CODE XREF: sub_401439+10A0�j
mov [esi+3FFh], bl
loc_4024FA: ; CODE XREF: sub_401439+104D�j
; sub_401439+1063�j ...
push edi ; hKey
loc_4024FB: ; CODE XREF: sub_401439+FEC�j
call ds:RegCloseKey ; RegCloseKey
jmp loc_40292F ; default
; jumptable 0040148C cases 65,66
; ---------------------------------------------------------------------------
loc_402506: ; CODE XREF: sub_401439+53�j
; DATA XREF: .text:off_402941�o
cmp [esi], bl ; jumptable 0040148C case 54
jz loc_40292F ; default
; jumptable 0040148C cases 65,66
push esi
call sub_405952
push eax
jmp loc_401F10
; ---------------------------------------------------------------------------
loc_40251A: ; CODE XREF: sub_401439+53�j
; DATA XREF: .text:off_402941�o
push 0FFFFFFEDh ; jumptable 0040148C case 55
call sub_402A9A
push [ebp+nDenominator] ; dwCreationDisposition
push [ebp+dwFileAttributes] ; dwDesiredAccess
push eax ; lpFileName
call sub_4056AC
cmp eax, 0FFFFFFFFh
jz loc_4026D8
loc_402536: ; CODE XREF: sub_401439+56A�j
; sub_401439+8D5�j ...
push eax
jmp loc_401581
; ---------------------------------------------------------------------------
loc_40253C: ; CODE XREF: sub_401439+53�j
; DATA XREF: .text:off_402941�o
cmp [ebp+nDenominator], ebx ; jumptable 0040148C case 56
jz short loc_402552
push 1
call sub_402A7D
mov String1, al
xor eax, eax
inc eax
jmp short loc_40255F
; ---------------------------------------------------------------------------
loc_402552: ; CODE XREF: sub_401439+1106�j
push 11h
call sub_402A9A
push eax ; lpString
call lstrlenA ; lstrlenA
loc_40255F: ; CODE XREF: sub_401439+1117�j
cmp [esi], bl
jz loc_4026DA
lea ecx, [ebp+FilePart]
push ebx ; lpOverlapped
push ecx ; lpNumberOfBytesWritten
push eax ; nNumberOfBytesToWrite
push offset String1 ; lpBuffer
push esi
call sub_405952
push eax ; hFile
call ds:WriteFile ; WriteFile
jmp loc_4015C8
; ---------------------------------------------------------------------------
loc_402584: ; CODE XREF: sub_401439+53�j
; DATA XREF: .text:off_402941�o
push 2 ; jumptable 0040148C case 57
mov [ebp+nNumberOfBytesToWrite], ebx
call sub_402A7D
cmp eax, 1
mov [ebp+lpString], eax
jl loc_40292F ; default
; jumptable 0040148C cases 65,66
mov ecx, 3FFh
cmp eax, ecx
jle short loc_4025A6
mov [ebp+lpString], ecx
loc_4025A6: ; CODE XREF: sub_401439+1168�j
cmp [esi], bl
jz loc_40263C
push esi
mov byte ptr [ebp+FilePart+3], bl
call sub_405952
cmp [ebp+lpString], ebx
mov [ebp+ExitCode.bottom], eax
jle short loc_40263C
mov esi, [ebp+nNumberOfBytesToWrite]
loc_4025C2: ; CODE XREF: sub_401439+11C9�j
lea eax, [ebp+lpMultiByteStr]
push ebx ; lpOverlapped
push eax ; lpNumberOfBytesRead
lea eax, [ebp+Buffer]
push 1 ; nNumberOfBytesToRead
push eax ; lpBuffer
push [ebp+ExitCode.bottom] ; hFile
call ds:ReadFile ; ReadFile
test eax, eax
jz short loc_40263F
cmp [ebp+lpMultiByteStr], 1
jnz short loc_40263F
cmp [ebp+nShowCmd.dwLowDateTime], ebx
jnz short loc_402606
cmp byte ptr [ebp+FilePart+3], 0Dh
jz short loc_402616
cmp byte ptr [ebp+FilePart+3], 0Ah
jz short loc_402616
mov al, [ebp+Buffer]
mov [esi+edi], al
inc esi
cmp al, bl
mov byte ptr [ebp+FilePart+3], al
jz short loc_40263F
cmp esi, [ebp+lpString]
jl short loc_4025C2
jmp short loc_40263F
; ---------------------------------------------------------------------------
loc_402606: ; CODE XREF: sub_401439+11AA�j
movzx eax, [ebp+Buffer]
push eax ; int
push edi ; LPSTR
call sub_405939
jmp loc_402938
; ---------------------------------------------------------------------------
loc_402616: ; CODE XREF: sub_401439+11B0�j
; sub_401439+11B6�j
mov al, [ebp+Buffer]
cmp byte ptr [ebp+FilePart+3], al
jz short loc_40262C
cmp al, 0Dh
jz short loc_402626
cmp al, 0Ah
jnz short loc_40262C
loc_402626: ; CODE XREF: sub_401439+11E7�j
mov [esi+edi], al
inc esi
jmp short loc_40263F
; ---------------------------------------------------------------------------
loc_40262C: ; CODE XREF: sub_401439+11E3�j
; sub_401439+11EB�j
push 1 ; dwMoveMethod
push ebx ; lpDistanceToMoveHigh
push 0FFFFFFFFh ; lDistanceToMove
push [ebp+ExitCode.bottom] ; hFile
call ds:SetFilePointer ; SetFilePointer
jmp short loc_40263F
; ---------------------------------------------------------------------------
loc_40263C: ; CODE XREF: sub_401439+116F�j
; sub_401439+1184�j
mov esi, [ebp+nNumberOfBytesToWrite]
loc_40263F: ; CODE XREF: sub_401439+119F�j
; sub_401439+11A5�j ...
mov [esi+edi], bl
cmp esi, ebx
jmp loc_4015CA
; ---------------------------------------------------------------------------
loc_402649: ; CODE XREF: sub_401439+53�j
; DATA XREF: .text:off_402941�o
cmp [esi], bl ; jumptable 0040148C case 58
jz loc_40292F ; default
; jumptable 0040148C cases 65,66
push [ebp+nShowCmd.dwLowDateTime] ; dwMoveMethod
push ebx ; lpDistanceToMoveHigh
push 2
call sub_402A7D
push eax ; lDistanceToMove
push esi
call sub_405952
push eax ; hFile
call ds:SetFilePointer ; SetFilePointer
cmp [ebp+dwFileAttributes], ebx
jl loc_40292F ; default
; jumptable 0040148C cases 65,66
jmp loc_4028D5
; ---------------------------------------------------------------------------
loc_402678: ; CODE XREF: sub_401439+53�j
; DATA XREF: .text:off_402941�o
cmp [esi], bl ; jumptable 0040148C case 59
jz loc_40292F ; default
; jumptable 0040148C cases 65,66
push esi
call sub_405952
push eax ; hFindFile
call ds:FindClose ; FindClose
jmp loc_40292F ; default
; jumptable 0040148C cases 65,66
; ---------------------------------------------------------------------------
loc_402692: ; CODE XREF: sub_401439+53�j
; DATA XREF: .text:off_402941�o
cmp [edi], bl ; jumptable 0040148C case 60
jz short loc_4026AE
lea eax, [ebp+FindFileData]
push eax ; lpFindFileData
push edi
call sub_405952
push eax ; hFindFile
call ds:FindNextFileA ; FindNextFileA
test eax, eax
jnz short loc_4026ED
loc_4026AE: ; CODE XREF: sub_401439+34C�j
; sub_401439+125B�j
mov [ebp+var_4], 1
mov [esi], bl
jmp loc_40292F ; default
; jumptable 0040148C cases 65,66
; ---------------------------------------------------------------------------
loc_4026BC: ; CODE XREF: sub_401439+53�j
; DATA XREF: .text:off_402941�o
push 2 ; jumptable 0040148C case 61
call sub_402A9A
lea ecx, [ebp+FindFileData]
push ecx ; lpFindFileData
push eax ; lpFileName
call ds:FindFirstFileA ; FindFirstFileA
cmp eax, 0FFFFFFFFh
jnz short loc_4026E6
mov [edi], bl
loc_4026D8: ; CODE XREF: sub_401439+10F7�j
mov [esi], bl
loc_4026DA: ; CODE XREF: sub_401439+197�j
; sub_401439+29E�j ...
mov [ebp+var_4], 1
jmp loc_40292F ; default
; jumptable 0040148C cases 65,66
; ---------------------------------------------------------------------------
loc_4026E6: ; CODE XREF: sub_401439+129B�j
push eax ; int
push edi ; LPSTR
call sub_405939
loc_4026ED: ; CODE XREF: sub_401439+1273�j
lea eax, [ebp+FindFileData.cFileName]
push eax
push esi
jmp loc_402855
; ---------------------------------------------------------------------------
loc_4026FA: ; CODE XREF: sub_401439+53�j
; DATA XREF: .text:off_402941�o
push ebx ; jumptable 0040148C case 62
mov [ebp+ExitCode.bottom], 0FFFFFD66h
call sub_402A9A
mov esi, eax
push esi
call sub_405554
test eax, eax
push esi ; lpString2
jz short loc_402721
mov esi, offset String1
push esi ; lpString1
call sub_4059DB
jmp short loc_402741
; ---------------------------------------------------------------------------
loc_402721: ; CODE XREF: sub_401439+12D9�j
push offset byte_435400 ; lpString2
push offset String1 ; lpString1
call sub_4059DB
push eax ; lpString1
call sub_4054E8
push eax ; lpString1
call lstrcatA ; lstrcatA
mov esi, offset String1
loc_402741: ; CODE XREF: sub_401439+12E6�j
push esi ; lpszCurrent
call sub_405C17
push 2 ; dwCreationDisposition
push 40000000h ; dwDesiredAccess
push esi ; lpFileName
call sub_4056AC
cmp eax, 0FFFFFFFFh
mov [ebp+FilePart], eax
jz loc_402802
mov eax, dwBytes
mov esi, ds:GlobalAlloc
push eax ; dwBytes
push 40h ; uFlags
mov [ebp+nNumberOfBytesToWrite], eax
call esi ; GlobalAlloc
mov edi, eax
cmp edi, ebx
jz short loc_4027F4
push ebx ; lDistanceToMove
call sub_40311B
push [ebp+nNumberOfBytesToWrite] ; NumberOfBytesRead
push edi ; lpBuffer
call sub_4030E9
push [ebp+nDenominator] ; dwBytes
push 40h ; uFlags
call esi ; GlobalAlloc
mov esi, eax
cmp esi, ebx
mov [ebp+lpMultiByteStr], esi
jz short loc_4027CC
push [ebp+nDenominator] ; Buffer
push esi ; int
push ebx ; hFile
push [ebp+dwFileAttributes] ; nDenominator
call sub_402EBD
jmp short loc_4027BF
; ---------------------------------------------------------------------------
loc_4027A7: ; CODE XREF: sub_401439+1388�j
mov ecx, [esi]
mov eax, [esi+4]
add esi, 8
push ecx
add eax, edi
push esi
push eax
mov [ebp+ExitCode.right], ecx
call sub_40568C
add esi, [ebp+ExitCode.right]
loc_4027BF: ; CODE XREF: sub_401439+136C�j
cmp [esi], bl
jnz short loc_4027A7
push [ebp+lpMultiByteStr] ; hMem
call ds:GlobalFree ; GlobalFree
loc_4027CC: ; CODE XREF: sub_401439+135D�j
lea eax, [ebp+lpValueName]
push ebx ; lpOverlapped
push eax ; lpNumberOfBytesWritten
push [ebp+nNumberOfBytesToWrite] ; nNumberOfBytesToWrite
push edi ; lpBuffer
push [ebp+FilePart] ; hFile
call ds:WriteFile ; WriteFile
push edi ; hMem
call ds:GlobalFree ; GlobalFree
push ebx ; Buffer
push ebx ; int
push [ebp+FilePart] ; hFile
push 0FFFFFFFFh ; nDenominator
call sub_402EBD
mov [ebp+ExitCode.bottom], eax
loc_4027F4: ; CODE XREF: sub_401439+133E�j
push [ebp+FilePart] ; hObject
call ds:CloseHandle ; CloseHandle
mov esi, offset String1
loc_402802: ; CODE XREF: sub_401439+1321�j
cmp [ebp+ExitCode.bottom], ebx
push 0FFFFFFF3h
pop edi
jge short loc_40281B
push 0FFFFFFEFh
pop edi
push esi ; lpFileName
call ds:DeleteFileA ; DeleteFileA
mov [ebp+var_4], 1
loc_40281B: ; CODE XREF: sub_401439+13CF�j
push edi
jmp loc_4021E8
; ---------------------------------------------------------------------------
loc_402821: ; CODE XREF: sub_401439+53�j
; DATA XREF: .text:off_402941�o
push ebx ; jumptable 0040148C case 63
call sub_402A7D
cmp eax, dword_42F44C
mov [ebp+FilePart], eax
jnb loc_4026DA
mov esi, eax
mov eax, [ebp+nDenominator]
imul esi, 418h
add esi, dword_42F448
cmp eax, ebx
jl short loc_402862
mov ecx, [esi+eax*4]
jnz short loc_40285F
add esi, 18h
push esi ; lpString2
push edi ; lpString1
loc_402855: ; CODE XREF: sub_401439+784�j
; sub_401439+12BC�j
call sub_4059DB
jmp loc_40292F ; default
; jumptable 0040148C cases 65,66
; ---------------------------------------------------------------------------
loc_40285F: ; CODE XREF: sub_401439+1415�j
push ecx
jmp short loc_4028D6
; ---------------------------------------------------------------------------
loc_402862: ; CODE XREF: sub_401439+1410�j
or ecx, 0FFFFFFFFh
sub ecx, eax
mov [ebp+nDenominator], ecx
jz short loc_402878
push 1
call sub_402A7D
mov [ebp+dwFileAttributes], eax
jmp short loc_402888
; ---------------------------------------------------------------------------
loc_402878: ; CODE XREF: sub_401439+1431�j
push [ebp+nShowCmd.dwHighDateTime] ; lpString2
lea eax, [esi+18h]
push eax ; lpString1
call sub_4059FD
or byte ptr [esi+9], 1
loc_402888: ; CODE XREF: sub_401439+143D�j
mov eax, [ebp+nDenominator]
mov ecx, [ebp+dwFileAttributes]
mov [esi+eax*4], ecx
cmp [ebp+nShowCmd.dwLowDateTime], ebx
jz loc_40292F ; default
; jumptable 0040148C cases 65,66
push [ebp+FilePart]
call sub_40117D
jmp loc_40292F ; default
; jumptable 0040148C cases 65,66
; ---------------------------------------------------------------------------
loc_4028A7: ; CODE XREF: sub_401439+53�j
; DATA XREF: .text:off_402941�o
push ebx ; jumptable 0040148C case 64
call sub_402A7D
cmp eax, 20h
jnb loc_4026DA
cmp [ebp+nShowCmd.dwLowDateTime], ebx
jz short loc_4028DE
cmp [ebp+nDenominator], ebx
jz short loc_4028CF
push eax
call sub_401299
push ebx
push ebx
call sub_4011EF
jmp short loc_40292F ; default
; jumptable 0040148C cases 65,66
; ---------------------------------------------------------------------------
loc_4028CF: ; CODE XREF: sub_401439+1485�j
push ebx
call sub_4012E2
loc_4028D5: ; CODE XREF: sub_401439+123A�j
push eax ; int
loc_4028D6: ; CODE XREF: sub_401439+1427�j
push edi ; LPSTR
loc_4028D7: ; CODE XREF: sub_401439+149�j
call sub_405939
jmp short loc_40292F ; default
; jumptable 0040148C cases 65,66
; ---------------------------------------------------------------------------
loc_4028DE: ; CODE XREF: sub_401439+1480�j
cmp [ebp+nDenominator], ebx
jz short loc_4028F5
mov edx, dword_42F428
mov ecx, [ebp+dwFileAttributes]
mov [edx+eax*4+94h], ecx
jmp short loc_40292F ; default
; jumptable 0040148C cases 65,66
; ---------------------------------------------------------------------------
loc_4028F5: ; CODE XREF: sub_401439+14A8�j
mov ecx, dword_42F428
push dword ptr [ecx+eax*4+94h] ; lpString2
push edi ; lpString1
call sub_4059FD
jmp short loc_40292F ; default
; jumptable 0040148C cases 65,66
; ---------------------------------------------------------------------------
loc_40290A: ; CODE XREF: sub_401439+53�j
; DATA XREF: .text:off_402941�o
mov ecx, dword_42B8A0 ; jumptable 0040148C case 67
push ebx ; lParam
and ecx, eax
push ecx ; wParam
push 0Bh ; Msg
push [ebp+lpString] ; hWnd
call ds:SendMessageA ; SendMessageA
cmp [ebp+var_24], ebx
jz short loc_40292F ; default
; jumptable 0040148C cases 65,66
push ebx ; bErase
push ebx ; lpRect
push [ebp+lpString] ; hWnd
call ds:InvalidateRect ; InvalidateRect
loc_40292F: ; CODE XREF: sub_401439+4D�j
; sub_401439+53�j ...
mov eax, [ebp+var_4] ; default
; jumptable 0040148C cases 65,66
add dword_42F4A8, eax
loc_402938: ; CODE XREF: sub_401439+48F�j
; sub_401439+11D8�j
xor eax, eax
loc_40293A: ; CODE XREF: sub_401439+53�j
; sub_401439+9E�j ...
pop edi ; jumptable 0040148C case 2
pop esi
pop ebx
leave
retn 4
sub_401439 endp
; ---------------------------------------------------------------------------
off_402941 dd offset loc_40293A, offset loc_401493, offset loc_40149F
; DATA XREF: sub_401439+53�r
dd offset loc_4014BA, offset loc_4014DC, offset loc_401518 ; jump table for switch statement
dd offset loc_401532, offset loc_401587, offset loc_4015B7
dd offset loc_4015D5, offset loc_40165A, offset loc_401540
dd offset loc_401556, offset loc_401577, offset loc_40166B
dd offset loc_4016FF, offset loc_401763, offset loc_40178A
dd offset loc_40179D, offset loc_40194C, offset loc_40194F
dd offset loc_401981, offset loc_401996, offset loc_4019A8
dd offset loc_401A29, offset loc_401A5A, offset loc_401A91
dd offset loc_401AC3, offset loc_401B50, offset loc_401B71
dd offset loc_401C19, offset loc_401C19, offset loc_401CDB
dd offset loc_401CF8, offset loc_401D13, offset loc_401D32
dd offset loc_401D8E, offset loc_401E08, offset loc_401E34
dd offset loc_401E9C, offset loc_401F1B, offset loc_401F4B
dd offset loc_401FDC, offset loc_4020A6, offset loc_4021F6
dd offset loc_402279, offset loc_4022A8, offset loc_4022EA
dd offset loc_40232A, offset loc_402386, offset loc_40242A
dd offset loc_4024A5, offset loc_402506, offset loc_40251A
dd offset loc_40253C, offset loc_402584, offset loc_402649
dd offset loc_402678, offset loc_402692, offset loc_4026BC
dd offset loc_4026FA, offset loc_402821, offset loc_4028A7
dd offset loc_40292F, offset loc_40292F, offset loc_40290A
off_402A49 dd offset loc_401AE4 ; DATA XREF: sub_401439+6A4�r
dd offset loc_401AE8 ; jump table for switch statement
dd offset loc_401AEC
dd offset loc_401AF3
dd offset loc_401B00
dd offset loc_401B04
dd offset loc_401B08
dd offset loc_401B0C
dd offset loc_401B15
dd offset loc_401B1F
dd offset loc_401B2C
dd offset loc_401B44
dd offset loc_401B48
; =============== S U B R O U T I N E =======================================
sub_402A7D proc near ; CODE XREF: sub_401439+E0�p
; sub_401439+109�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, dword_40943C
push dword ptr [ecx+eax*4] ; lpString2
push 0 ; lpString1
call sub_4059FD
push eax
call sub_405952
retn 4
sub_402A7D endp
; =============== S U B R O U T I N E =======================================
sub_402A9A proc near ; CODE XREF: sub_401439+180�p
; sub_401439+19E�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
push edi
mov eax, esi
jge short loc_402AA8
neg eax
loc_402AA8: ; CODE XREF: sub_402A9A+A�j
mov edx, dword_40943C
mov ecx, eax
and ecx, 0Fh
sar eax, 4
push dword ptr [edx+ecx*4] ; lpString2
shl eax, 0Ah
add eax, offset FileName
push eax ; lpString1
call sub_4059FD
test esi, esi
mov edi, eax
jge short loc_402AD3
push edi ; lpszCurrent
call sub_405C17
loc_402AD3: ; CODE XREF: sub_402A9A+31�j
mov eax, edi
pop edi
pop esi
retn 4
sub_402A9A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_402ADA(HKEY hKey,LPCSTR lpSubKey,int)
sub_402ADA proc near ; CODE XREF: sub_401439+F39�p
; sub_402ADA+42�p
SubKey = byte ptr -10Ch
phkResult = dword ptr -4
hKey = dword ptr 8
lpSubKey = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10Ch
push ebx
push esi
lea eax, [ebp+phkResult]
push edi
push eax ; phkResult
xor ebx, ebx
push 8 ; samDesired
push ebx ; ulOptions
push [ebp+lpSubKey] ; lpSubKey
push [ebp+hKey] ; hKey
call ds:RegOpenKeyExA ; RegOpenKeyExA
cmp eax, ebx
jnz short loc_402B4C
mov esi, ds:RegEnumKeyA
mov edi, 105h
jmp short loc_402B25
; ---------------------------------------------------------------------------
loc_402B0C: ; CODE XREF: sub_402ADA+5B�j
cmp [ebp+arg_8], ebx
jnz short loc_402B53
lea eax, [ebp+SubKey]
push ebx ; int
push eax ; lpSubKey
push [ebp+phkResult] ; hKey
call sub_402ADA
test eax, eax
jnz short loc_402B37
loc_402B25: ; CODE XREF: sub_402ADA+30�j
lea eax, [ebp+SubKey]
push edi ; cchName
push eax ; lpName
push ebx ; dwIndex
push [ebp+phkResult] ; hKey
call esi ; RegEnumKeyA
test eax, eax
jz short loc_402B0C
loc_402B37: ; CODE XREF: sub_402ADA+49�j
push [ebp+phkResult] ; hKey
call ds:RegCloseKey ; RegCloseKey
push [ebp+lpSubKey] ; lpSubKey
push [ebp+hKey] ; hKey
call ds:RegDeleteKeyA ; RegDeleteKeyA
loc_402B4C: ; CODE XREF: sub_402ADA+23�j
; sub_402ADA+85�j
pop edi
pop esi
pop ebx
leave
retn 0Ch
; ---------------------------------------------------------------------------
loc_402B53: ; CODE XREF: sub_402ADA+35�j
push [ebp+phkResult] ; hKey
call ds:RegCloseKey ; RegCloseKey
xor eax, eax
inc eax
jmp short loc_402B4C
sub_402ADA endp
; =============== S U B R O U T I N E =======================================
sub_402B61 proc near ; CODE XREF: sub_401439+F33�p
; sub_401439+F4E�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
test eax, eax
jnz short locret_402B73
mov eax, dword_42F4A4
add eax, 80000001h
locret_402B73: ; CODE XREF: sub_402B61+6�j
retn 4
sub_402B61 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_402B76(REGSAM phkResult)
sub_402B76 proc near ; CODE XREF: sub_401439+EF8�p
; sub_401439+FF6�p ...
phkResult = dword ptr 8
push ebp
mov ebp, esp
lea eax, [ebp+phkResult]
push eax ; phkResult
push [ebp+phkResult] ; samDesired
push 0 ; ulOptions
push 22h
call sub_402A9A
push eax ; lpSubKey
mov eax, dword_40943C
push dword ptr [eax+4]
call sub_402B61
push eax ; hKey
call ds:RegOpenKeyExA ; RegOpenKeyExA
neg eax
sbb eax, eax
not eax
and eax, [ebp+phkResult]
pop ebp
retn 4
sub_402B76 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; INT_PTR __stdcall DialogFunc(HWND,UINT,WPARAM,LPARAM)
DialogFunc proc near ; DATA XREF: sub_402C37+157�o
hWnd = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = dword ptr 14h
push ebp
mov ebp, esp
cmp [ebp+arg_4], 110h
push esi
push edi
mov edi, [ebp+hWnd]
mov esi, 113h
jnz short loc_402BDC
push 0 ; lpTimerFunc
push 0FAh ; uElapse
push 1 ; nIDEvent
push edi ; hWnd
call ds:SetTimer ; SetTimer
mov eax, [ebp+arg_C]
mov [ebp+arg_4], esi
mov dword_40B048, eax
loc_402BDC: ; CODE XREF: DialogFunc+14�j
cmp [ebp+arg_4], esi
jnz short loc_402C2F
mov ecx, lDistanceToMove
mov eax, nDenominator
cmp ecx, eax
jl short loc_402BF2
mov ecx, eax
loc_402BF2: ; CODE XREF: DialogFunc+43�j
push eax ; nDenominator
push 64h ; nNumerator
push ecx ; nNumber
call ds:MulDiv ; MulDiv
push eax
mov esi, offset String
push dword_40B048 ; LPCSTR
push esi ; LPSTR
call ds:wsprintfA ; wsprintfA
add esp, 0Ch
push esi ; lpString
push edi ; hWnd
call ds:SetWindowTextA ; SetWindowTextA
push esi ; lpString
push 406h ; nIDDlgItem
push edi ; hDlg
call SetDlgItemTextA ; SetDlgItemTextA
push 5 ; nCmdShow
push edi ; hWnd
call ds:ShowWindow ; ShowWindow
loc_402C2F: ; CODE XREF: DialogFunc+34�j
pop edi
xor eax, eax
pop esi
pop ebp
retn 10h
DialogFunc endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402C37 proc near ; CODE XREF: start+160�p
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
dwBytes = dword ptr -18h
var_14 = dword ptr -14h
hFile = dword ptr -10h
var_C = dword ptr -0Ch
Buffer = dword ptr -8
hWnd = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 2Ch
push ebx
push esi
xor esi, esi
push edi
mov [ebp+hWnd], esi
call ds:GetTickCount ; GetTickCount
mov [ebp+var_C], esi
mov [ebp+Buffer], esi
mov esi, offset szStart
push 400h ; nSize
push esi ; lpFilename
mov edi, eax
push hModule ; hModule
add edi, 3E8h
call ds:GetModuleFileNameA ; GetModuleFileNameA
push 3 ; dwCreationDisposition
push 80000000h ; dwDesiredAccess
push esi ; lpFileName
call sub_4056AC
mov ebx, eax
cmp ebx, 0FFFFFFFFh
mov [ebp+hFile], ebx
mov hFile, ebx
jnz short loc_402C97
mov eax, offset aErrorLaunching ; "Error launching installer"
jmp loc_402EB6
; ---------------------------------------------------------------------------
loc_402C97: ; CODE XREF: sub_402C37+54�j
push esi ; lpszStart
call sub_40552F
push 0 ; lpFileSizeHigh
push ebx ; hFile
call ds:GetFileSize ; GetFileSize
test eax, eax
mov nDenominator, eax
mov esi, eax
jle loc_402DDE
loc_402CB5: ; CODE XREF: sub_402C37+192�j
mov eax, dwBytes
mov ebx, esi
neg eax
sbb eax, eax
and eax, 7E00h
add eax, 200h
cmp esi, eax
jl short loc_402CD0
mov ebx, eax
loc_402CD0: ; CODE XREF: sub_402C37+95�j
push ebx ; NumberOfBytesRead
push offset dword_420C58 ; lpBuffer
call sub_4030E9
test eax, eax
jz loc_402E49
xor eax, eax
cmp dwBytes, eax
jnz short loc_402D6C
push 1Ch
lea eax, [ebp+var_2C]
push offset dword_420C58
push eax
call sub_40568C
mov ecx, [ebp+var_2C]
test ecx, 0FFFFFFF0h
jnz loc_402DA6
cmp [ebp+var_28], 0DEADBEEFh
jnz loc_402DA6
cmp [ebp+var_1C], 74736E49h
jnz loc_402DA6
cmp [ebp+var_20], 74666F73h
jnz short loc_402DA6
cmp [ebp+var_24], 6C6C754Eh
jnz short loc_402DA6
mov eax, [ebp+var_14]
cmp eax, esi
jg loc_402E42
or [ebp+arg_0], ecx
mov edx, lDistanceToMove
test byte ptr [ebp+arg_0], 8
mov dwBytes, edx
jnz short loc_402D5E
test byte ptr [ebp+arg_0], 4
jnz short loc_402DCF
loc_402D5E: ; CODE XREF: sub_402C37+11F�j
inc [ebp+Buffer]
lea esi, [eax-4]
cmp ebx, esi
jbe short loc_402DA6
mov ebx, esi
jmp short loc_402DA6
; ---------------------------------------------------------------------------
loc_402D6C: ; CODE XREF: sub_402C37+B4�j
test byte ptr [ebp+arg_0], 2
jnz short loc_402DA6
cmp [ebp+hWnd], eax
jz short loc_402D7F
push eax ; wMsgFilterMax
call sub_405D18
jmp short loc_402DA6
; ---------------------------------------------------------------------------
loc_402D7F: ; CODE XREF: sub_402C37+13E�j
call ds:GetTickCount ; GetTickCount
cmp eax, edi
jbe short loc_402DA6
push offset aVerifyingInsta ; "verifying installer: %d%%"
push offset DialogFunc ; lpDialogFunc
push 0 ; hWndParent
push 6Fh ; lpTemplateName
push hModule ; hInstance
call ds:CreateDialogParamA ; CreateDialogParamA
mov [ebp+hWnd], eax
loc_402DA6: ; CODE XREF: sub_402C37+CF�j
; sub_402C37+DC�j ...
cmp esi, nDenominator
jge short loc_402DBF
push ebx
push offset dword_420C58
push [ebp+var_C]
call sub_405D4B
mov [ebp+var_C], eax
loc_402DBF: ; CODE XREF: sub_402C37+175�j
add lDistanceToMove, ebx
sub esi, ebx
test esi, esi
jg loc_402CB5
loc_402DCF: ; CODE XREF: sub_402C37+125�j
cmp [ebp+hWnd], 0
jz short loc_402DDE
push [ebp+hWnd] ; hWnd
call ds:DestroyWindow ; DestroyWindow
loc_402DDE: ; CODE XREF: sub_402C37+78�j
; sub_402C37+19C�j
xor edi, edi
cmp dwBytes, edi
jz short loc_402E42
cmp [ebp+Buffer], edi
jz short loc_402E0F
push lDistanceToMove ; lDistanceToMove
call sub_40311B
lea eax, [ebp+Buffer]
push 4 ; NumberOfBytesRead
push eax ; lpBuffer
call sub_4030E9
test eax, eax
jz short loc_402E42
mov eax, [ebp+var_C]
cmp eax, [ebp+Buffer]
jnz short loc_402E42
loc_402E0F: ; CODE XREF: sub_402C37+1B4�j
push [ebp+dwBytes] ; dwBytes
push 40h ; uFlags
call ds:GlobalAlloc ; GlobalAlloc
mov esi, eax
mov eax, dwBytes
add eax, 1Ch
push eax ; lDistanceToMove
call sub_40311B
push [ebp+dwBytes] ; Buffer
push esi ; int
push edi ; hFile
push 0FFFFFFFFh ; nDenominator
call sub_402EBD
cmp eax, [ebp+dwBytes]
jz short loc_402E5A
push esi ; hMem
call ds:GlobalFree ; GlobalFree
loc_402E42: ; CODE XREF: sub_402C37+106�j
; sub_402C37+1AF�j ...
mov eax, offset aTheInstallerYo ; "The installer you are trying to use is "...
jmp short loc_402EB6
; ---------------------------------------------------------------------------
loc_402E49: ; CODE XREF: sub_402C37+A6�j
cmp [ebp+hWnd], 0
jz short loc_402E42
push [ebp+hWnd] ; hWnd
call ds:DestroyWindow ; DestroyWindow
jmp short loc_402E42
; ---------------------------------------------------------------------------
loc_402E5A: ; CODE XREF: sub_402C37+202�j
test byte ptr [ebp+arg_0], 2
mov dword_42F428, esi
jz short loc_402E69
or dword ptr [esi], 8
loc_402E69: ; CODE XREF: sub_402C37+22D�j
mov eax, [esi]
and eax, 18h
test byte ptr [ebp+var_2C], 1
mov dword_42F4C0, eax
mov eax, [esi]
mov dword_42F430, eax
jz short loc_402E86
inc dword_42F434
loc_402E86: ; CODE XREF: sub_402C37+247�j
push 8
lea eax, [esi+44h]
pop ecx
loc_402E8C: ; CODE XREF: sub_402C37+25B�j
sub eax, 8
add [eax], esi
dec ecx
jnz short loc_402E8C
push 1 ; dwMoveMethod
push edi ; lpDistanceToMoveHigh
push edi ; lDistanceToMove
push [ebp+hFile] ; hFile
call ds:SetFilePointer ; SetFilePointer
mov [esi+3Ch], eax
add esi, 4
push 40h
push esi
push offset dword_42F440
call sub_40568C
xor eax, eax
loc_402EB6: ; CODE XREF: sub_402C37+5B�j
; sub_402C37+210�j
pop edi
pop esi
pop ebx
leave
retn 4
sub_402C37 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_402EBD(int nDenominator,HANDLE hFile,int,int Buffer)
sub_402EBD proc near ; CODE XREF: sub_401439+4AC�p
; sub_401439+FCB�p ...
String2 = byte ptr -58h
var_18 = dword ptr -18h
NumberOfBytesWritten= dword ptr -14h
var_10 = dword ptr -10h
lpBuffer = dword ptr -0Ch
NumberOfBytesRead= dword ptr -8
var_4 = dword ptr -4
nDenominator = dword ptr 8
hFile = dword ptr 0Ch
arg_8 = dword ptr 10h
Buffer = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 58h
push ebx
push esi
mov esi, [ebp+Buffer]
push edi
mov edi, [ebp+arg_8]
mov [ebp+NumberOfBytesRead], esi
test edi, edi
jnz short loc_402EDA
mov [ebp+NumberOfBytesRead], 8000h
loc_402EDA: ; CODE XREF: sub_402EBD+14�j
and [ebp+var_4], 0
mov [ebp+lpBuffer], edi
test edi, edi
jnz short loc_402EEC
mov [ebp+lpBuffer], offset dword_418C58
loc_402EEC: ; CODE XREF: sub_402EBD+26�j
mov eax, [ebp+nDenominator]
test eax, eax
jl short loc_402F01
mov ecx, dword_42F478
add ecx, eax
push ecx ; lDistanceToMove
call sub_40311B
loc_402F01: ; CODE XREF: sub_402EBD+34�j
lea eax, [ebp+Buffer]
push 4 ; NumberOfBytesRead
push eax ; lpBuffer
call sub_4030E9
test eax, eax
jz loc_403094
test byte ptr [ebp+Buffer+3], 80h
jz loc_40307D
mov ebx, ds:GetTickCount
call ebx ; GetTickCount
and dword_40B57C, 0
and dword_40B578, 0
and [ebp+Buffer], 7FFFFFFFh
mov [ebp+var_10], eax
mov eax, offset dword_40CC00
mov dword_40B060, 8
mov dword_414C08, eax
mov dword_414C04, eax
mov eax, [ebp+Buffer]
mov dword_414C00, offset dword_414C00
mov [ebp+nDenominator], eax
jle loc_4030DF
loc_402F6D: ; CODE XREF: sub_402EBD+1B0�j
mov esi, 4000h
cmp [ebp+Buffer], esi
jge short loc_402F7A
mov esi, [ebp+Buffer]
loc_402F7A: ; CODE XREF: sub_402EBD+B8�j
mov edi, offset dword_414C58
push esi ; NumberOfBytesRead
push edi ; lpBuffer
call sub_4030E9
test eax, eax
jz loc_403094
sub [ebp+Buffer], esi
mov dword_40B050, edi
mov dword_40B054, esi
loc_402F9D: ; CODE XREF: sub_402EBD+1A5�j
mov edi, [ebp+lpBuffer]
mov eax, [ebp+NumberOfBytesRead]
push offset dword_40B050
mov dword_40B058, edi
mov dword_40B05C, eax
call sub_405DB9
test eax, eax
mov [ebp+var_18], eax
jl loc_403075
mov esi, dword_40B058
sub esi, edi
call ebx ; GetTickCount
test byte ptr dword_4092A0, 1
mov edi, eax
jz short loc_40301B
sub eax, [ebp+var_10]
cmp eax, 0C8h
ja short loc_402FE8
cmp [ebp+Buffer], 0
jnz short loc_40301B
loc_402FE8: ; CODE XREF: sub_402EBD+123�j
mov eax, [ebp+nDenominator]
push [ebp+nDenominator] ; nDenominator
sub eax, [ebp+Buffer]
push 64h ; nNumerator
push eax ; nNumber
call ds:MulDiv ; MulDiv
push eax
lea eax, [ebp+String2]
push offset a___D ; "... %d%%"
push eax ; LPSTR
call ds:wsprintfA ; wsprintfA
add esp, 0Ch
lea eax, [ebp+String2]
push eax ; lpString2
push 0 ; int
call sub_404D7E
mov [ebp+var_10], edi
loc_40301B: ; CODE XREF: sub_402EBD+119�j
; sub_402EBD+129�j
xor eax, eax
cmp esi, eax
jz short loc_40306A
cmp [ebp+arg_8], eax
jnz short loc_403046
push eax ; lpOverlapped
lea eax, [ebp+NumberOfBytesWritten]
push eax ; lpNumberOfBytesWritten
push esi ; nNumberOfBytesToWrite
push [ebp+lpBuffer] ; lpBuffer
push [ebp+hFile] ; hFile
call ds:WriteFile ; WriteFile
test eax, eax
jz short loc_403079
cmp [ebp+NumberOfBytesWritten], esi
jnz short loc_403079
add [ebp+var_4], esi
jmp short loc_40305E
; ---------------------------------------------------------------------------
loc_403046: ; CODE XREF: sub_402EBD+167�j
sub [ebp+NumberOfBytesRead], esi
add [ebp+var_4], esi
mov eax, dword_40B058
cmp [ebp+NumberOfBytesRead], 1
mov [ebp+lpBuffer], eax
jl loc_4030DF
loc_40305E: ; CODE XREF: sub_402EBD+187�j
cmp [ebp+var_18], 1
jnz loc_402F9D
jmp short loc_4030DF
; ---------------------------------------------------------------------------
loc_40306A: ; CODE XREF: sub_402EBD+162�j
cmp [ebp+Buffer], eax
jg loc_402F6D
jmp short loc_4030DF
; ---------------------------------------------------------------------------
loc_403075: ; CODE XREF: sub_402EBD+100�j
push 0FFFFFFFCh
jmp short loc_403096
; ---------------------------------------------------------------------------
loc_403079: ; CODE XREF: sub_402EBD+17D�j
; sub_402EBD+182�j ...
push 0FFFFFFFEh
jmp short loc_403096
; ---------------------------------------------------------------------------
loc_40307D: ; CODE XREF: sub_402EBD+5B�j
test edi, edi
jz short loc_4030D4
cmp [ebp+Buffer], esi
jge short loc_403089
mov esi, [ebp+Buffer]
loc_403089: ; CODE XREF: sub_402EBD+1C7�j
push esi ; NumberOfBytesRead
push edi ; lpBuffer
call sub_4030E9
test eax, eax
jnz short loc_4030DC
loc_403094: ; CODE XREF: sub_402EBD+51�j
; sub_402EBD+CB�j ...
push 0FFFFFFFDh
loc_403096: ; CODE XREF: sub_402EBD+1BA�j
; sub_402EBD+1BE�j
pop eax
jmp short loc_4030E2
; ---------------------------------------------------------------------------
loc_403099: ; CODE XREF: sub_402EBD+21B�j
mov esi, [ebp+NumberOfBytesRead]
cmp [ebp+Buffer], esi
jge short loc_4030A4
mov esi, [ebp+Buffer]
loc_4030A4: ; CODE XREF: sub_402EBD+1E2�j
mov edi, offset dword_414C58
push esi ; NumberOfBytesRead
push edi ; lpBuffer
call sub_4030E9
test eax, eax
jz short loc_403094
lea eax, [ebp+arg_8]
push 0 ; lpOverlapped
push eax ; lpNumberOfBytesWritten
push esi ; nNumberOfBytesToWrite
push edi ; lpBuffer
push [ebp+hFile] ; hFile
call ds:WriteFile ; WriteFile
test eax, eax
jz short loc_403079
cmp esi, [ebp+arg_8]
jnz short loc_403079
add [ebp+var_4], esi
sub [ebp+Buffer], esi
loc_4030D4: ; CODE XREF: sub_402EBD+1C2�j
cmp [ebp+Buffer], 0
jg short loc_403099
jmp short loc_4030DF
; ---------------------------------------------------------------------------
loc_4030DC: ; CODE XREF: sub_402EBD+1D5�j
mov [ebp+var_4], esi
loc_4030DF: ; CODE XREF: sub_402EBD+AA�j
; sub_402EBD+19B�j ...
mov eax, [ebp+var_4]
loc_4030E2: ; CODE XREF: sub_402EBD+1DA�j
pop edi
pop esi
pop ebx
leave
retn 10h
sub_402EBD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_4030E9(LPVOID lpBuffer,DWORD NumberOfBytesRead)
sub_4030E9 proc near ; CODE XREF: sub_401439+134A�p
; sub_402C37+9F�p ...
lpBuffer = dword ptr 8
NumberOfBytesRead= dword ptr 0Ch
push ebp
mov ebp, esp
push esi
mov esi, [ebp+NumberOfBytesRead]
lea eax, [ebp+NumberOfBytesRead]
push 0 ; lpOverlapped
push eax ; lpNumberOfBytesRead
push esi ; nNumberOfBytesToRead
push [ebp+lpBuffer] ; lpBuffer
push hFile ; hFile
call ds:ReadFile ; ReadFile
test eax, eax
jz short loc_403114
cmp [ebp+NumberOfBytesRead], esi
jnz short loc_403114
xor eax, eax
inc eax
jmp short loc_403116
; ---------------------------------------------------------------------------
loc_403114: ; CODE XREF: sub_4030E9+1F�j
; sub_4030E9+24�j
xor eax, eax
loc_403116: ; CODE XREF: sub_4030E9+29�j
pop esi
pop ebp
retn 8
sub_4030E9 endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_40311B(LONG lDistanceToMove)
sub_40311B proc near ; CODE XREF: sub_401439+1341�p
; sub_402C37+1BC�p ...
lDistanceToMove = dword ptr 4
push 0 ; dwMoveMethod
push 0 ; lpDistanceToMoveHigh
push [esp+8+lDistanceToMove] ; lDistanceToMove
push hFile ; hFile
call ds:SetFilePointer ; SetFilePointer
retn 4
sub_40311B endp
; =============== S U B R O U T I N E =======================================
sub_403132 proc near ; CODE XREF: start+63�p start+83�p
push esi
mov esi, offset PathName
push esi ; lpszCurrent
call sub_405C17
push esi
call sub_405554
test eax, eax
jnz short loc_40314A
pop esi
retn
; ---------------------------------------------------------------------------
loc_40314A: ; CODE XREF: sub_403132+14�j
push esi ; lpString1
call sub_4054E8
push 0 ; lpSecurityAttributes
push esi ; lpPathName
call ds:CreateDirectoryA ; CreateDirectoryA
push esi ; lpPathName
push offset byte_435000 ; lpTempFileName
call sub_4056DB
pop esi
retn
sub_403132 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
public start
start proc near
var_17C = byte ptr -17Ch
lpString2 = dword ptr -178h
uExitCode = dword ptr -174h
var_170 = dword ptr -170h
var_16C = byte ptr -16Ch
var_164 = dword ptr -164h
psfi = SHFILEINFOA ptr -160h
sub esp, 17Ch
push ebx
push ebp
push esi
xor esi, esi
push edi
mov [esp+18Ch+uExitCode], esi
mov ebp, offset Text ; "Error writing temporary file. Make sure"...
mov [esp+18Ch+var_17C], 20h
call ds:InitCommonControls ; InitCommonControls
push esi ; pvReserved
call ds:OleInitialize
mov dword_42F4D0, eax
push esi ; uFlags
lea eax, [esp+190h+psfi]
push 160h ; cbFileInfo
push eax ; psfi
push esi ; dwFileAttributes
push offset pszPath ; pszPath
call ds:SHGetFileInfoA ; SHGetFileInfoA
push offset aNsisError ; "NSIS Error"
push offset Caption ; lpString1
call sub_4059DB
mov ebx, offset PathName
push ebx ; lpBuffer
push 400h ; nBufferLength
call ds:GetTempPathA ; GetTempPathA
call sub_403132
test eax, eax
jnz short loc_4031F6
push 3FBh ; uSize
push ebx ; lpBuffer
call ds:GetWindowsDirectoryA ; GetWindowsDirectoryA
push offset aTemp ; "\\Temp"
push ebx ; lpString1
call lstrcatA ; lstrcatA
call sub_403132
test eax, eax
jz loc_403332
loc_4031F6: ; CODE XREF: start+6A�j
mov edi, offset byte_435000
push edi ; lpFileName
call ds:DeleteFileA ; DeleteFileA
call ds:GetCommandLineA ; GetCommandLineA
push eax ; lpString2
push edi ; lpString1
call sub_4059DB
push 0 ; lpModuleName
call ds:GetModuleHandleA ; GetModuleHandleA
cmp ds:byte_435000, 22h
mov hModule, eax
mov eax, edi
jnz short loc_403231
mov [esp+18Ch+var_17C], 22h
mov eax, offset byte_435001
loc_403231: ; CODE XREF: start+BF�j
push dword ptr [esp+18Ch+var_17C] ; char
push eax ; lpsz
call sub_405513
push eax ; lpsz
call ds:CharNextA ; CharNextA
mov [esp+18Ch+lpString2], eax
jmp short loc_4032AB
; ---------------------------------------------------------------------------
loc_403248: ; CODE XREF: start+149�j
cmp cl, 20h
jnz short loc_403253
loc_40324D: ; CODE XREF: start+EB�j
inc eax
cmp byte ptr [eax], 20h
jz short loc_40324D
loc_403253: ; CODE XREF: start+E5�j
cmp byte ptr [eax], 22h
mov [esp+18Ch+var_17C], 20h
jnz short loc_403263
inc eax
mov [esp+18Ch+var_17C], 22h
loc_403263: ; CODE XREF: start+F5�j
cmp byte ptr [eax], 2Fh
jnz short loc_40329B
inc eax
cmp byte ptr [eax], 53h
jnz short loc_40327C
mov cl, [eax+1]
or cl, 20h
cmp cl, 20h
jnz short loc_40327C
or esi, 2
loc_40327C: ; CODE XREF: start+106�j start+111�j
cmp dword ptr [eax], 4352434Eh
jnz short loc_403292
mov cl, [eax+4]
or cl, 20h
cmp cl, 20h
jnz short loc_403292
or esi, 4
loc_403292: ; CODE XREF: start+11C�j start+127�j
cmp dword ptr [eax-2], 3D442F20h
jz short loc_4032B3
loc_40329B: ; CODE XREF: start+100�j
push dword ptr [esp+18Ch+var_17C] ; char
push eax ; lpsz
call sub_405513
cmp byte ptr [eax], 22h
jnz short loc_4032AB
inc eax
loc_4032AB: ; CODE XREF: start+E0�j start+142�j
mov cl, [eax]
test cl, cl
jnz short loc_403248
jmp short loc_4032C5
; ---------------------------------------------------------------------------
loc_4032B3: ; CODE XREF: start+133�j
and byte ptr [eax-2], 0
add eax, 2
push eax ; lpString2
push offset byte_435400 ; lpString1
call sub_4059DB
loc_4032C5: ; CODE XREF: start+14B�j
push esi
call sub_402C37
mov ebp, eax
test ebp, ebp
jnz short loc_403332
cmp dword_42F434, eax
jz short loc_403322
push eax ; char
push edi ; lpsz
call sub_405513
mov esi, eax
jmp short loc_4032ED
; ---------------------------------------------------------------------------
loc_4032E4: ; CODE XREF: start+189�j
cmp dword ptr [esi], 3D3F5F20h
jz short loc_4032F1
dec esi
loc_4032ED: ; CODE XREF: start+17C�j
cmp esi, edi
jnb short loc_4032E4
loc_4032F1: ; CODE XREF: start+184�j
cmp esi, edi
mov ebp, offset aErrorLaunching ; "Error launching installer"
jb short loc_403358
and byte ptr [esi], 0
add esi, 4
push esi ; lpString2
call sub_4055C8
test eax, eax
jz short loc_403332
push esi ; lpString2
push offset byte_435400 ; lpString1
call sub_4059DB
push esi ; lpString2
push offset CurrentDirectory ; lpString1
call sub_4059DB
xor ebp, ebp
loc_403322: ; CODE XREF: start+171�j
or dword_42F4CC, 0FFFFFFFFh
call sub_403542
mov [esp+18Ch+uExitCode], eax
loc_403332: ; CODE XREF: start+8A�j start+169�j ...
call sub_40351D
call ds:OleUninitialize
test ebp, ebp
jz loc_40346A
push 200010h ; int
push ebp ; lpText
call sub_4052DB
push 2 ; uExitCode
call ds:ExitProcess ; ExitProcess
; ---------------------------------------------------------------------------
loc_403358: ; CODE XREF: start+192�j
push offset aNsu_tmp ; "~nsu.tmp\\"
push ebx ; lpString1
call lstrcatA ; lstrcatA
push 0 ; lpSecurityAttributes
push ebx ; lpPathName
call ds:CreateDirectoryA ; CreateDirectoryA
and dword ptr [esp+18Ch+var_17C], 0
mov esi, offset CommandLine
mov edi, offset ExistingFileName
loc_40337B: ; CODE XREF: start+2F9�j
push ebx ; lpString2
push esi ; lpString1
mov CommandLine, 22h
call lstrcatA ; lstrcatA
push offset aAu__exe ; "Au_.exe"
push esi ; lpString1
call lstrcatA ; lstrcatA
push (offset CommandLine+1) ; lpFileName
call ds:DeleteFileA ; DeleteFileA
test ebp, ebp
jz loc_403450
push 400h ; nSize
push edi ; lpFilename
push hModule ; hModule
call ds:GetModuleFileNameA ; GetModuleFileNameA
lea eax, dword_42945A[eax]
push (offset aAu__exe+1) ; lpString2
push eax ; lpString1
call ds:lstrcmpiA ; lstrcmpiA
test eax, eax
jz loc_403332
push 0 ; bFailIfExists
push (offset CommandLine+1) ; lpNewFileName
push edi ; lpExistingFileName
call ds:CopyFileA ; CopyFileA
test eax, eax
jz short loc_403450
push 0 ; NumberOfBytesRead
push 428C61h ; int
call sub_405723
cmp ds:byte_435400, 0
jz short loc_403409
push offset byte_435400 ; lpString2
push edi ; lpString1
call sub_4059DB
jmp short loc_40340F
; ---------------------------------------------------------------------------
loc_403409: ; CODE XREF: start+294�j
push edi ; lpszStart
call sub_40552F
loc_40340F: ; CODE XREF: start+2A1�j
push offset asc_409218 ; "\" "
push esi ; lpString1
call lstrcatA ; lstrcatA
push [esp+18Ch+lpString2] ; lpString2
push esi ; lpString1
call lstrcatA ; lstrcatA
push offset a_? ; " _?="
push esi ; lpString1
call lstrcatA ; lstrcatA
push edi ; lpString2
push esi ; lpString1
call lstrcatA ; lstrcatA
push esi ; lpString1
call sub_4054E8
push ebx ; lpCurrentDirectory
push esi ; lpCommandLine
call sub_405263
test eax, eax
jz short loc_403450
push eax ; hObject
call ds:CloseHandle ; CloseHandle
xor ebp, ebp
loc_403450: ; CODE XREF: start+23D�j start+27F�j ...
inc byte ptr aAu__exe ; "Au_.exe"
inc dword ptr [esp+18Ch+var_17C]
cmp dword ptr [esp+18Ch+var_17C], 1Ah
jl loc_40337B
jmp loc_403332
; ---------------------------------------------------------------------------
loc_40346A: ; CODE XREF: start+1D9�j
cmp dword_42F4B4, 0
jz loc_403505
mov esi, offset aAdvapi32_dll ; "ADVAPI32.dll"
push offset ProcName ; "OpenProcessToken"
push esi ; lpLibFileName
call sub_405CEE
push offset aLookupprivileg ; "LookupPrivilegeValueA"
push esi ; lpLibFileName
mov ebp, eax
call sub_405CEE
push offset aAdjusttokenpri ; "AdjustTokenPrivileges"
push esi ; lpLibFileName
mov edi, eax
call sub_405CEE
xor esi, esi
mov ebx, eax
cmp ebp, esi
jz short loc_4034F1
cmp edi, esi
jz short loc_4034F1
cmp ebx, esi
jz short loc_4034F1
lea eax, [esp+18Ch+lpString2]
push eax
push 28h
call ds:GetCurrentProcess ; GetCurrentProcess
push eax
call ebp
test eax, eax
jz short loc_4034F1
lea eax, [esp+18Ch+var_16C]
push eax
push offset aSeshutdownpriv ; "SeShutdownPrivilege"
push esi
call edi
push esi
push esi
lea eax, [esp+194h+var_170]
push esi
push eax
push esi
push [esp+1A0h+lpString2]
mov [esp+1A4h+var_170], 1
mov [esp+1A4h+var_164], 2
call ebx
loc_4034F1: ; CODE XREF: start+341�j start+345�j ...
push esi ; dwReason
push 2 ; uFlags
call ds:ExitWindowsEx ; ExitWindowsEx
test eax, eax
jnz short loc_403505
push 9
call sub_401410
loc_403505: ; CODE XREF: start+30B�j start+396�j
mov eax, dword_42F4CC
cmp eax, 0FFFFFFFFh
jz short loc_403513
mov [esp+18Ch+uExitCode], eax
loc_403513: ; CODE XREF: start+3A7�j
push [esp+18Ch+uExitCode] ; uExitCode
call ds:ExitProcess ; ExitProcess
start endp
; =============== S U B R O U T I N E =======================================
sub_40351D proc near ; CODE XREF: start:loc_403332�p
mov eax, hFile
cmp eax, 0FFFFFFFFh
jz short loc_403535
push eax ; hObject
call ds:CloseHandle ; CloseHandle
or hFile, 0FFFFFFFFh
loc_403535: ; CODE XREF: sub_40351D+8�j
push 7 ; int
push offset dword_436800 ; lpString1
call sub_40531D
retn
sub_40351D endp
; =============== S U B R O U T I N E =======================================
sub_403542 proc near ; CODE XREF: start+1C3�p
ClassName = byte ptr -14h
pvParam = dword ptr -10h
Y = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
sub esp, 14h
push ebx
push ebp
push esi
mov esi, dword_42F428
push edi
push offset aGetuserdefault ; "GetUserDefaultUILanguage"
push offset aKernel32_dll ; "KERNEL32.dll"
call sub_405CEE
xor ebx, ebx
cmp eax, ebx
jz short loc_403576
call eax
movzx eax, ax
push eax ; int
push offset dword_436000 ; LPSTR
call sub_405939
jmp short loc_4035BE
; ---------------------------------------------------------------------------
loc_403576: ; CODE XREF: sub_403542+20�j
mov edi, offset byte_42A8A0
mov ds:dword_436000, 7830h
push edi ; lpData
push ebx ; lpValueName
push offset phkResult ; "Control Panel\\Desktop\\ResourceLocale"
push 80000001h ; cbData
call sub_4058CF
cmp byte_42A8A0, bl
jnz short loc_4035B3
push edi ; lpData
push offset ValueName ; "Locale"
push offset a_defaultContro ; ".DEFAULT\\Control Panel\\International"
push 80000003h ; cbData
call sub_4058CF
loc_4035B3: ; CODE XREF: sub_403542+5A�j
push edi ; lpString2
push offset dword_436000 ; lpString1
call lstrcatA ; lstrcatA
loc_4035BE: ; CODE XREF: sub_403542+32�j
call sub_40380E
mov eax, dword_42F430
mov ebp, offset byte_435400
and eax, 20h
push ebp ; lpString2
mov dword_42F4A0, eax
call sub_4055C8
test eax, eax
jnz loc_403663
mov ecx, [esi+48h]
cmp ecx, ebx
jz short loc_403663
mov edx, [esi+4Ch]
mov eax, dword_42F458
mov edi, offset byte_42E3C0
add edx, eax
push edi ; lpData
add ecx, eax
push edx ; lpValueName
push ecx ; phkResult
push dword ptr [esi+44h] ; cbData
call sub_4058CF
mov al, byte_42E3C0
cmp al, bl
jz short loc_403663
cmp al, 22h
jnz short loc_403622
mov edi, offset sz
push 22h ; char
push edi ; lpsz
call sub_405513
mov [eax], bl
loc_403622: ; CODE XREF: sub_403542+CF�j
push edi ; lpString
call lstrlenA ; lstrlenA
lea eax, [eax+edi-4]
cmp eax, edi
jbe short loc_403656
push offset a_exe ; ".exe"
push eax ; lpString1
call ds:lstrcmpiA ; lstrcmpiA
test eax, eax
jnz short loc_403656
push edi ; lpFileName
call ds:GetFileAttributesA ; GetFileAttributesA
cmp eax, 0FFFFFFFFh
jz short loc_403650
test al, 10h
jnz short loc_403656
loc_403650: ; CODE XREF: sub_403542+108�j
push edi ; lpszStart
call sub_40552F
loc_403656: ; CODE XREF: sub_403542+EC�j
; sub_403542+FC�j ...
push edi ; lpString1
call sub_4054E8
push eax ; lpString2
push ebp ; lpString1
call sub_4059DB
loc_403663: ; CODE XREF: sub_403542+9B�j
; sub_403542+A6�j ...
push ebp ; lpString2
call sub_4055C8
test eax, eax
jnz short loc_403679
push dword ptr [esi+118h] ; lpString2
push ebp ; lpString1
call sub_4059FD
loc_403679: ; CODE XREF: sub_403542+129�j
push 8040h ; fuLoad
push ebx ; cy
push ebx ; cx
push 1 ; type
push 67h ; name
push hModule ; hInst
call ds:LoadImageA ; LoadImageA
mov dwNewLong, eax
cmp dword ptr [esi+50h], 0FFFFFFFFh
mov edi, offset WndClass
jz loc_40372D
mov ecx, hModule
mov WndClass.hIcon, eax
lea eax, [esp+24h+ClassName]
push edi ; lpWndClass
mov dword ptr [esp+28h+ClassName], 624E5Fh
mov WndClass.lpfnWndProc, offset sub_401000
mov WndClass.hInstance, ecx
mov WndClass.lpszClassName, eax
call ds:RegisterClassA ; RegisterClassA
test ax, ax
jz loc_403804
lea eax, [esp+24h+pvParam]
push ebx ; fWinIni
push eax ; pvParam
push ebx ; uiParam
push 30h ; uiAction
call ds:SystemParametersInfoA ; SystemParametersInfoA
push ebx ; lpParam
push hModule ; hInstance
mov eax, [esp+2Ch+var_4]
sub eax, [esp+2Ch+Y]
push ebx ; hMenu
push ebx ; hWndParent
push eax ; nHeight
mov eax, [esp+38h+var_8]
sub eax, [esp+38h+pvParam]
push eax ; nWidth
lea eax, [esp+3Ch+ClassName]
push [esp+3Ch+Y] ; Y
push [esp+40h+pvParam] ; X
push 80000000h ; dwStyle
push ebx ; lpWindowName
push eax ; lpClassName
push 80h ; dwExStyle
call ds:CreateWindowExA ; CreateWindowExA
mov dword_42A880, eax
loc_40372D: ; CODE XREF: sub_403542+15C�j
push ebx
call sub_401410
test eax, eax
jz short loc_40373F
loc_403737: ; CODE XREF: sub_403542+2A9�j
; sub_403542+2B6�j
push 2
pop eax
jmp loc_403806
; ---------------------------------------------------------------------------
loc_40373F: ; CODE XREF: sub_403542+1F3�j
call sub_40380E
cmp dword_42F4C0, ebx
jnz loc_4037DB
push 5 ; nCmdShow
push dword_42A880 ; hWnd
call ds:ShowWindow ; ShowWindow
mov esi, ds:LoadLibraryA
mov ebp, offset LibFileName ; "RichEd20.dll"
push ebp ; lpLibFileName
call esi ; LoadLibraryA
test eax, eax
jnz short loc_40377C
push ebp ; lpLibFileName
mov word ptr LibFileName+6, 3233h
call esi ; LoadLibraryA
loc_40377C: ; CODE XREF: sub_403542+22C�j
mov ebp, ds:GetClassInfoA
mov esi, offset ClassName ; "RichEdit20A"
push edi ; lpWndClass
push esi ; lpClassName
push ebx ; hInstance
call ebp ; GetClassInfoA
test eax, eax
jnz short loc_4037AF
push edi ; lpWndClass
push esi ; lpClassName
push ebx ; hInstance
mov byte ptr ClassName+8, bl
call ebp ; GetClassInfoA
push edi ; lpWndClass
mov WndClass.lpszClassName, esi
mov byte ptr ClassName+8, 32h
call ds:RegisterClassA ; RegisterClassA
loc_4037AF: ; CODE XREF: sub_403542+24C�j
mov eax, dword_42EC00
push ebx ; dwInitParam
add eax, 69h
push offset sub_4038DB ; lpDialogFunc
movzx eax, ax
push ebx ; hWndParent
push eax ; lpTemplateName
push hModule ; hInstance
call ds:DialogBoxParamA ; DialogBoxParamA
push 5
mov esi, eax
call sub_401410
mov eax, esi
jmp short loc_403806
; ---------------------------------------------------------------------------
loc_4037DB: ; CODE XREF: sub_403542+208�j
push ebx ; LPVOID
call StartAddress
test eax, eax
jz short loc_4037FD
cmp dword_42EBEC, ebx
jnz loc_403737
push 2
call sub_401410
jmp loc_403737
; ---------------------------------------------------------------------------
loc_4037FD: ; CODE XREF: sub_403542+2A1�j
push 1
call sub_401410
loc_403804: ; CODE XREF: sub_403542+198�j
xor eax, eax
loc_403806: ; CODE XREF: sub_403542+1F8�j
; sub_403542+297�j
pop edi
pop esi
pop ebp
pop ebx
add esp, 14h
retn
sub_403542 endp
; =============== S U B R O U T I N E =======================================
sub_40380E proc near ; CODE XREF: sub_403542:loc_4035BE�p
; sub_403542:loc_40373F�p
push ebx
push ebp
push esi
push edi
mov edi, offset dword_436000
mov ebx, 0FFFFh
push edi
call sub_405952
loc_403822: ; CODE XREF: sub_40380E+6F�j
; sub_40380E+73�j
mov esi, dword_42F464
test esi, esi
jz short loc_403871
mov ecx, dword_42F428
mov ecx, [ecx+64h]
mov edx, ecx
imul ecx, esi
neg edx
add ecx, dword_42F460
loc_403842: ; CODE XREF: sub_40380E+46�j
add ecx, edx
dec esi
mov bp, [ecx]
xor bp, ax
and ebp, ebx
test bp, bp
jz short loc_403858
test esi, esi
jnz short loc_403842
jmp short loc_403871
; ---------------------------------------------------------------------------
loc_403858: ; CODE XREF: sub_40380E+42�j
mov edx, [ecx+2]
mov dword_42EC00, edx
mov edx, [ecx+6]
mov dword_42F4C8, edx
lea edx, [ecx+0Ah]
test edx, edx
jnz short loc_403883
loc_403871: ; CODE XREF: sub_40380E+1C�j
; sub_40380E+48�j
cmp bx, 0FFFFh
jnz short loc_40387F
mov ebx, 3FFh
jmp short loc_403822
; ---------------------------------------------------------------------------
loc_40387F: ; CODE XREF: sub_40380E+68�j
xor ebx, ebx
jmp short loc_403822
; ---------------------------------------------------------------------------
loc_403883: ; CODE XREF: sub_40380E+61�j
mov dword_42EBFC, edx
movzx eax, word ptr [ecx]
push eax ; int
push edi ; LPSTR
call sub_405939
push 0FFFFFFFEh ; lpString2
push offset Caption ; lpString1
call sub_4059FD
push eax ; lpString
push dword_42A880 ; hWnd
call ds:SetWindowTextA ; SetWindowTextA
mov eax, dword_42F44C
mov esi, dword_42F448
test eax, eax
jz short loc_4038D6
mov edi, eax
loc_4038BD: ; CODE XREF: sub_40380E+C6�j
mov eax, [esi]
test eax, eax
jz short loc_4038CD
push eax ; lpString2
lea eax, [esi+18h]
push eax ; lpString1
call sub_4059FD
loc_4038CD: ; CODE XREF: sub_40380E+B3�j
add esi, 418h
dec edi
jnz short loc_4038BD
loc_4038D6: ; CODE XREF: sub_40380E+AB�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_40380E endp
; =============== S U B R O U T I N E =======================================
; INT_PTR __stdcall sub_4038DB(HWND,UINT,WPARAM,LPARAM)
sub_4038DB proc near ; DATA XREF: sub_403542+276�o
Point = tagRECT ptr -10h
hDlg = dword ptr 4
arg_4 = dword ptr 8
hdc = dword ptr 0Ch
hWnd = dword ptr 10h
sub esp, 10h
mov ecx, 110h
push ebx
push ebp
mov ebp, [esp+18h+arg_4]
push esi
cmp ebp, ecx
push edi
jz loc_403A66
cmp ebp, 408h
jz loc_403A66
mov ebx, [esp+20h+hDlg]
cmp ebp, 47h
jnz short loc_40391D
xor eax, eax
push 13h ; uFlags
push eax ; cy
push eax ; cx
push eax ; Y
push eax ; X
push ebx ; hWndInsertAfter
push dword_42A880 ; hWnd
call ds:SetWindowPos ; SetWindowPos
loc_40391D: ; CODE XREF: sub_4038DB+2B�j
cmp ebp, 5
jnz short loc_40393A
mov eax, [esp+20h+hdc]
dec eax
neg eax
sbb eax, eax
and eax, ebp
push eax ; nCmdShow
push dword_42A880 ; hWnd
call ds:ShowWindow ; ShowWindow
loc_40393A: ; CODE XREF: sub_4038DB+45�j
cmp ebp, 40Dh
jnz short loc_40395C
push dword_42EBF8 ; hWnd
call ds:DestroyWindow ; DestroyWindow
mov eax, [esp+20h+hdc]
mov dword_42EBF8, eax
jmp loc_403D6B
; ---------------------------------------------------------------------------
loc_40395C: ; CODE XREF: sub_4038DB+65�j
cmp ebp, 11h
jnz short loc_403974
push 0 ; dwNewLong
push 0 ; nIndex
push ebx ; hWnd
call ds:SetWindowLongA ; SetWindowLongA
xor eax, eax
inc eax
jmp loc_403D92
; ---------------------------------------------------------------------------
loc_403974: ; CODE XREF: sub_4038DB+84�j
cmp ebp, 10h
jnz short loc_4039AC
mov eax, dword_42F444
dec eax
cmp dword_409284, eax
jnz loc_403A53
push dword_429868 ; hWnd
call ds:IsWindowEnabled ; IsWindowEnabled
test eax, eax
jnz loc_403A53
mov ebp, 111h
mov [esp+20h+hdc], 1
loc_4039AC: ; CODE XREF: sub_4038DB+9C�j
cmp ebp, 111h
jnz loc_403A53
movzx esi, word ptr [esp+20h+hdc]
push esi ; nIDDlgItem
push ebx ; hDlg
call ds:GetDlgItem ; GetDlgItem
mov ebx, ds:SendMessageA
mov edi, eax
test edi, edi
jz short loc_4039EC
push 0 ; lParam
push 0 ; wParam
push 0F3h ; Msg
push edi ; hWnd
call ebx ; SendMessageA
push edi ; hWnd
call ds:IsWindowEnabled ; IsWindowEnabled
test eax, eax
jz loc_403D90
loc_4039EC: ; CODE XREF: sub_4038DB+F4�j
xor edi, edi
inc edi
cmp esi, edi
jnz short loc_4039F6
push edi
jmp short loc_403A24
; ---------------------------------------------------------------------------
loc_4039F6: ; CODE XREF: sub_4038DB+116�j
cmp esi, 3
jnz short loc_403A08
cmp dword_409284, 0
jle short loc_403A3E
push 0FFFFFFFFh
jmp short loc_403A24
; ---------------------------------------------------------------------------
loc_403A08: ; CODE XREF: sub_4038DB+11E�j
cmp esi, 2
jnz short loc_403A3E
cmp dword_42F4AC, 0
jz short loc_403A2B
push esi
call sub_401410
mov nResult, esi
loc_403A22: ; CODE XREF: sub_4038DB+161�j
push 78h ; wParam
loc_403A24: ; CODE XREF: sub_4038DB+119�j
; sub_4038DB+12B�j
call sub_403D9C
jmp short loc_403A53
; ---------------------------------------------------------------------------
loc_403A2B: ; CODE XREF: sub_4038DB+139�j
push 3
call sub_401410
test eax, eax
jnz short loc_403A53
mov nResult, edi
jmp short loc_403A22
; ---------------------------------------------------------------------------
loc_403A3E: ; CODE XREF: sub_4038DB+127�j
; sub_4038DB+130�j
push [esp+20h+hWnd] ; lParam
push [esp+24h+hdc] ; wParam
push 111h ; Msg
push dword_42EBF8 ; hWnd
call ebx ; SendMessageA
loc_403A53: ; CODE XREF: sub_4038DB+AA�j
; sub_4038DB+BE�j ...
push [esp+20h+hWnd] ; hWnd
push [esp+24h+hdc] ; hdc
push ebp ; int
call sub_403E2A
jmp loc_403D92
; ---------------------------------------------------------------------------
loc_403A66: ; CODE XREF: sub_4038DB+12�j
; sub_4038DB+1E�j
mov eax, [esp+20h+hdc]
mov ebx, [esp+20h+hDlg]
cmp ebp, ecx
mov dword_42A88C, eax
jnz short loc_403AC4
mov esi, ds:GetDlgItem
push 1 ; nIDDlgItem
push ebx ; hDlg
mov dword_42F424, ebx
call esi ; GetDlgItem
push 2 ; nIDDlgItem
push ebx ; hDlg
mov dword_42A89C, eax
call esi ; GetDlgItem
push 0FFFFFFFFh ; lpString2
push 1Ch ; int
push ebx ; hDlg
mov dword_429868, eax
call sub_403DC3
push dwNewLong ; dwNewLong
push 0FFFFFFF2h ; nIndex
push ebx ; hWnd
call ds:SetClassLongA ; SetClassLongA
push 4
call sub_401410
mov dword_42EBEC, eax
xor eax, eax
inc eax
mov dword_42A88C, eax
loc_403AC4: ; CODE XREF: sub_4038DB+19A�j
mov ecx, dword_409284
xor edi, edi
mov esi, ecx
shl esi, 6
add esi, dword_42F440
cmp ecx, edi
jl short loc_403B19
cmp eax, 1
jnz short loc_403B11
push edi ; hWnd
push dword ptr [esi+10h] ; int
call sub_40136D
test eax, eax
jz short loc_403B11
push 1 ; lParam
push edi ; wParam
push 40Fh ; Msg
push dword_42EBF8 ; hWnd
call ds:SendMessageA ; SendMessageA
xor eax, eax
cmp dword_42EBEC, edi
setz al
jmp loc_403D92
; ---------------------------------------------------------------------------
loc_403B11: ; CODE XREF: sub_4038DB+203�j
; sub_4038DB+210�j
cmp [esi], edi
jz loc_403D90
loc_403B19: ; CODE XREF: sub_4038DB+1FE�j
push 40Bh ; Msg
call sub_403E0F
loc_403B23: ; CODE XREF: sub_4038DB+384�j
; sub_4038DB+38C�j ...
mov eax, dword_42A88C
add dword_409284, eax
shl eax, 6
add esi, eax
mov eax, dword_409284
cmp eax, dword_42F444
jnz short loc_403B47
push 1
call sub_401410
loc_403B47: ; CODE XREF: sub_4038DB+263�j
cmp dword_42EBEC, 0
jnz loc_403D4B
mov eax, dword_42F444
cmp dword_409284, eax
jnb loc_403D4B
push dword ptr [esi+24h] ; lpString2
mov edi, [esi+14h]
push offset dword_437000 ; lpString1
call sub_4059FD
push dword ptr [esi+20h] ; lpString2
push 0FFFFFC19h ; int
push ebx ; hDlg
call sub_403DC3
push dword ptr [esi+1Ch] ; lpString2
push 0FFFFFC1Bh ; int
push ebx ; hDlg
call sub_403DC3
push dword ptr [esi+28h] ; lpString2
push 0FFFFFC1Ah ; int
push ebx ; hDlg
call sub_403DC3
push 3 ; nIDDlgItem
push ebx ; hDlg
call ds:GetDlgItem ; GetDlgItem
cmp dword_42F4AC, 0
mov ebp, eax
jz short loc_403BBB
and di, 0FEFDh
or edi, 4
loc_403BBB: ; CODE XREF: sub_4038DB+2D6�j
mov eax, edi
and eax, 8
push eax ; nCmdShow
push ebp ; hWnd
call ds:ShowWindow ; ShowWindow
mov eax, edi
and eax, 100h
push eax ; bEnable
push ebp ; hWnd
call ds:EnableWindow ; EnableWindow
mov eax, edi
and eax, 2
push eax ; bEnable
call sub_403DE5
and edi, 4
push edi ; bEnable
push dword_429868 ; hWnd
call ds:EnableWindow ; EnableWindow
xor edi, edi
push 1 ; lParam
push edi ; wParam
push 0F4h ; Msg
push ebp ; hWnd
mov ebp, ds:SendMessageA
call ebp ; SendMessageA
cmp dword_42F4AC, edi
jz short loc_403C20
push edi ; lParam
push 2 ; wParam
push 401h ; Msg
push ebx ; hWnd
call ebp ; SendMessageA
push dword_429868
jmp short loc_403C26
; ---------------------------------------------------------------------------
loc_403C20: ; CODE XREF: sub_4038DB+330�j
push dword_42A89C ; wParam
loc_403C26: ; CODE XREF: sub_4038DB+343�j
call sub_403DF8
mov ebp, offset byte_42A8A0
push offset Caption ; lpString2
push ebp ; lpString1
call sub_4059DB
push dword ptr [esi+18h] ; lpString2
push ebp ; lpString
call lstrlenA ; lstrlenA
add eax, ebp
push eax ; lpString1
call sub_4059FD
push ebp ; lpString
push ebx ; hWnd
call ds:SetWindowTextA ; SetWindowTextA
push edi ; hWnd
push dword ptr [esi+8] ; int
call sub_40136D
test eax, eax
jnz loc_403B23
cmp [esi], eax
jz loc_403B23
cmp dword ptr [esi+4], 5
jnz short loc_403C90
cmp dword_42F4AC, eax
jnz loc_403D90
cmp dword_42F4A0, eax
jnz loc_403B23
jmp loc_403D90
; ---------------------------------------------------------------------------
loc_403C90: ; CODE XREF: sub_4038DB+396�j
push dword_42EBF8 ; hWnd
call ds:DestroyWindow ; DestroyWindow
mov dword_42A078, esi
cmp dword ptr [esi], 0
jle loc_403D6B
mov eax, [esi+4]
push esi ; dwInitParam
push lpDialogFunc[eax*4] ; lpDialogFunc
mov ax, [esi]
add ax, word ptr dword_42EC00
push ebx ; hWndParent
movzx eax, ax
push eax ; lpTemplateName
push hModule ; hInstance
call ds:CreateDialogParamA ; CreateDialogParamA
test eax, eax
mov dword_42EBF8, eax
jz loc_403D6B
push dword ptr [esi+2Ch] ; lpString2
push 6 ; int
push eax ; hDlg
call sub_403DC3
lea eax, [esp+20h+Point]
push eax ; lpRect
push 3FAh ; nIDDlgItem
push ebx ; hDlg
call ds:GetDlgItem ; GetDlgItem
push eax ; hWnd
call ds:GetWindowRect ; GetWindowRect
lea eax, [esp+20h+Point]
push eax ; lpPoint
push ebx ; hWnd
call ds:ScreenToClient ; ScreenToClient
xor edi, edi
push 15h ; uFlags
push edi ; cy
push edi ; cx
push [esp+2Ch+Point.top] ; Y
push [esp+30h+Point.left] ; X
push edi ; hWndInsertAfter
push dword_42EBF8 ; hWnd
call ds:SetWindowPos ; SetWindowPos
push edi ; hWnd
push dword ptr [esi+0Ch] ; int
call sub_40136D
push 8 ; nCmdShow
push dword_42EBF8 ; hWnd
call ds:ShowWindow ; ShowWindow
push 405h ; Msg
call sub_403E0F
jmp short loc_403D6B
; ---------------------------------------------------------------------------
loc_403D4B: ; CODE XREF: sub_4038DB+273�j
; sub_4038DB+284�j
push dword_42EBF8 ; hWnd
call ds:DestroyWindow ; DestroyWindow
push nResult ; nResult
and dword_42F424, 0
push ebx ; hDlg
call ds:EndDialog ; EndDialog
loc_403D6B: ; CODE XREF: sub_4038DB+7C�j
; sub_4038DB+3CA�j ...
cmp dword_42B8A0, 0
jnz short loc_403D90
cmp dword_42EBF8, 0
jz short loc_403D90
push 0Ah ; nCmdShow
push ebx ; hWnd
call ds:ShowWindow ; ShowWindow
mov dword_42B8A0, 1
loc_403D90: ; CODE XREF: sub_4038DB+10B�j
; sub_4038DB+238�j ...
xor eax, eax
loc_403D92: ; CODE XREF: sub_4038DB+94�j
; sub_4038DB+186�j ...
pop edi
pop esi
pop ebp
pop ebx
add esp, 10h
retn 10h
sub_4038DB endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_403D9C(WPARAM wParam)
sub_403D9C proc near ; CODE XREF: sub_4038DB:loc_403A24�p
; sub_404EBC+219�p ...
wParam = dword ptr 4
cmp [esp+wParam], 78h
jnz short loc_403DA9
inc dword_42EBEC
loc_403DA9: ; CODE XREF: sub_403D9C+5�j
push 0 ; lParam
push [esp+4+wParam] ; wParam
push 408h ; Msg
push dword_42F424 ; hWnd
call ds:SendMessageA ; SendMessageA
retn 4
sub_403D9C endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_403DC3(HWND hDlg,int,LPCSTR lpString2)
sub_403DC3 proc near ; CODE XREF: sub_4038DB+1C1�p
; sub_4038DB+2A3�p ...
hDlg = dword ptr 4
arg_4 = dword ptr 8
lpString2 = dword ptr 0Ch
push [esp+lpString2] ; lpString2
push 0 ; lpString1
call sub_4059FD
push eax ; lpString
mov eax, [esp+4+arg_4]
add eax, 3E8h
push eax ; nIDDlgItem
push [esp+8+hDlg] ; hDlg
call SetDlgItemTextA ; SetDlgItemTextA
retn 0Ch
sub_403DC3 endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_403DE5(BOOL bEnable)
sub_403DE5 proc near ; CODE XREF: sub_4038DB+302�p
; sub_403F0B+92�p ...
bEnable = dword ptr 4
push [esp+bEnable] ; bEnable
push dword_42A89C ; hWnd
call ds:EnableWindow ; EnableWindow
retn 4
sub_403DE5 endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_403DF8(WPARAM wParam)
sub_403DF8 proc near ; CODE XREF: sub_4038DB:loc_403C26�p
; sub_403F0B+A8�p ...
wParam = dword ptr 4
push 1 ; lParam
push [esp+4+wParam] ; wParam
push 28h ; Msg
push dword_42F424 ; hWnd
call ds:SendMessageA ; SendMessageA
retn 4
sub_403DF8 endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_403E0F(UINT Msg)
sub_403E0F proc near ; CODE XREF: sub_4038DB+243�p
; sub_4038DB+469�p ...
Msg = dword ptr 4
mov eax, dword_42EBF8
test eax, eax
jz short locret_403E27
push 0 ; lParam
push 0 ; wParam
push [esp+8+Msg] ; Msg
push eax ; hWnd
call ds:SendMessageA ; SendMessageA
locret_403E27: ; CODE XREF: sub_403E0F+7�j
retn 4
sub_403E0F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_403E2A(int,HDC hdc,HWND hWnd)
sub_403E2A proc near ; CODE XREF: sub_4038DB+181�p
; sub_403F0B+27F�p ...
plbrush = LOGBRUSH ptr -0Ch
arg_0 = dword ptr 8
hdc = dword ptr 0Ch
hWnd = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_0]
push esi
add eax, 0FFFFFECDh
cmp eax, 5
ja loc_403ED0
push 0FFFFFFEBh ; nIndex
push [ebp+hWnd] ; hWnd
call ds:GetWindowLongA ; GetWindowLongA
mov esi, eax
test esi, esi
jz short loc_403ED0
test byte ptr [esi+14h], 2
mov eax, [esi]
push edi
mov edi, ds:GetSysColor
jz short loc_403E65
push eax ; nIndex
call edi ; GetSysColor
loc_403E65: ; CODE XREF: sub_403E2A+36�j
test byte ptr [esi+14h], 1
jz short loc_403E75
push eax ; color
push [ebp+hdc] ; hdc
call ds:SetTextColor ; SetTextColor
loc_403E75: ; CODE XREF: sub_403E2A+3F�j
push dword ptr [esi+10h] ; mode
push [ebp+hdc] ; hdc
call ds:SetBkMode ; SetBkMode
mov eax, [esi+4]
test byte ptr [esi+14h], 8
mov [ebp+plbrush.lbColor], eax
jz short loc_403E93
push eax ; nIndex
call edi ; GetSysColor
mov [ebp+plbrush.lbColor], eax
loc_403E93: ; CODE XREF: sub_403E2A+61�j
test byte ptr [esi+14h], 4
pop edi
jz short loc_403EA4
push eax ; color
push [ebp+hdc] ; hdc
call ds:SetBkColor ; SetBkColor
loc_403EA4: ; CODE XREF: sub_403E2A+6E�j
test byte ptr [esi+14h], 10h
jz short loc_403ECB
mov eax, [esi+8]
mov [ebp+plbrush.lbStyle], eax
mov eax, [esi+0Ch]
test eax, eax
jz short loc_403EBE
push eax ; ho
call ds:DeleteObject ; DeleteObject
loc_403EBE: ; CODE XREF: sub_403E2A+8B�j
lea eax, [ebp+plbrush]
push eax ; plbrush
call ds:CreateBrushIndirect ; CreateBrushIndirect
mov [esi+0Ch], eax
loc_403ECB: ; CODE XREF: sub_403E2A+7E�j
mov eax, [esi+0Ch]
jmp short loc_403ED2
; ---------------------------------------------------------------------------
loc_403ED0: ; CODE XREF: sub_403E2A+12�j
; sub_403E2A+27�j
xor eax, eax
loc_403ED2: ; CODE XREF: sub_403E2A+A4�j
pop esi
leave
retn 0Ch
sub_403E2A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_403ED7(int,LPSTR lpString,int iMaxLength,int)
sub_403ED7 proc near ; DATA XREF: sub_403F0B+5E�o
arg_0 = dword ptr 8
lpString = dword ptr 0Ch
iMaxLength = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
mov ecx, dword_42986C
push [ebp+iMaxLength] ; iMaxLength
add ecx, eax
push ecx ; lpString2
push [ebp+lpString] ; lpString1
call ds:lstrcpynA ; lstrcpynA
push [ebp+lpString] ; lpString
call lstrlenA ; lstrlenA
mov ecx, [ebp+arg_C]
mov [ecx], eax
add dword_42986C, eax
xor eax, eax
pop ebp
retn 10h
sub_403ED7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_403F0B(HWND hDlg,int,HDC hdc,WPARAM hWnd)
sub_403F0B proc near ; DATA XREF: .data:lpDialogFunc�o
lParam = dword ptr -0Ch
var_8 = dword ptr -8
lpFile = dword ptr -4
hDlg = dword ptr 8
arg_4 = dword ptr 0Ch
hdc = dword ptr 10h
hWnd = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 0Ch
cmp [ebp+arg_4], 110h
push ebx
push esi
push edi
jnz loc_40402E
mov ebx, [ebp+hWnd]
mov edi, [ebx+30h]
test edi, edi
jge short loc_403F3C
mov ecx, dword_42EBFC
lea eax, ds:4[edi*4]
sub ecx, eax
mov edi, [ecx]
loc_403F3C: ; CODE XREF: sub_403F0B+1E�j
mov eax, dword_42F458
push dword ptr [ebx+34h] ; lpString2
add edi, eax
push 22h ; int
movsx eax, byte ptr [edi]
mov [ebp+hWnd], eax
mov eax, [ebx+14h]
push [ebp+hDlg] ; hDlg
and [ebp+var_8], 0
mov esi, eax
inc edi
not esi
shr esi, 5
and esi, 1
and eax, 1
mov [ebp+lParam], edi
mov [ebp+lpFile], offset sub_403ED7
or esi, eax
call sub_403DC3
push dword ptr [ebx+38h] ; lpString2
push 23h ; int
push [ebp+hDlg] ; hDlg
call sub_403DC3
xor eax, eax
push 1 ; uCheck
test esi, esi
setz al
add eax, 40Ah
push eax ; nIDButton
push [ebp+hDlg] ; hDlg
call ds:CheckDlgButton ; CheckDlgButton
push esi ; bEnable
call sub_403DE5
push 3E8h ; nIDDlgItem
push [ebp+hDlg] ; hDlg
call ds:GetDlgItem ; GetDlgItem
mov ebx, eax
push ebx ; wParam
call sub_403DF8
mov esi, ds:SendMessageA
push 0 ; lParam
push 1 ; wParam
push 45Bh ; Msg
push ebx ; hWnd
call esi ; SendMessageA
mov eax, dword_42F428
mov eax, [eax+68h]
test eax, eax
jge short loc_403FDF
neg eax
push eax ; nIndex
call ds:GetSysColor ; GetSysColor
loc_403FDF: ; CODE XREF: sub_403F0B+C9�j
push eax ; lParam
push 0 ; wParam
push 443h ; Msg
push ebx ; hWnd
call esi ; SendMessageA
push 4010000h ; lParam
push 0 ; wParam
push 445h ; Msg
push ebx ; hWnd
call esi ; SendMessageA
and dword_42986C, 0
push edi ; lpString
call lstrlenA ; lstrlenA
push eax ; lParam
push 0 ; wParam
push 435h ; Msg
push ebx ; hWnd
call esi ; SendMessageA
lea eax, [ebp+lParam]
push eax ; lParam
push [ebp+hWnd] ; wParam
push 449h ; Msg
push ebx ; hWnd
call esi ; SendMessageA
and dword_42A888, 0
xor eax, eax
jmp loc_40418F
; ---------------------------------------------------------------------------
loc_40402E: ; CODE XREF: sub_403F0B+10�j
cmp [ebp+arg_4], 111h
mov ebx, ds:GetDlgItem
mov esi, ds:SendMessageA
jnz short loc_40409D
mov eax, [ebp+hdc]
shr eax, 10h
test ax, ax
jnz loc_404180
xor eax, eax
cmp dword_42A888, eax
jnz loc_404180
mov ecx, dword_42A078
lea edi, [ecx+14h]
test byte ptr [edi], 20h
jz loc_404180
push eax ; lParam
push eax ; wParam
push 0F0h ; Msg
push 40Ah ; nIDDlgItem
push [ebp+hDlg] ; hDlg
call ebx ; GetDlgItem
push eax ; hWnd
call esi ; SendMessageA
mov ecx, [edi]
and eax, 1
and ecx, 0FFFFFFFEh
push eax ; bEnable
or ecx, eax
mov [edi], ecx
call sub_403DE5
call sub_404196
loc_40409D: ; CODE XREF: sub_403F0B+136�j
cmp [ebp+arg_4], 4Eh
jnz loc_404171
push 3E8h ; nIDDlgItem
push [ebp+hDlg] ; hDlg
call ebx ; GetDlgItem
mov edi, [ebp+hWnd]
cmp dword ptr [edi+8], 70Bh
jnz short loc_40412F
cmp dword ptr [edi+0Ch], 201h
jnz short loc_40412F
mov ecx, [edi+1Ch]
mov edx, [edi+18h]
mov [ebp+var_8], ecx
sub ecx, edx
cmp ecx, 800h
mov [ebp+lParam], edx
mov [ebp+lpFile], offset byte_42E3C0
jnb short loc_40412F
lea ecx, [ebp+lParam]
push ecx ; lParam
push 0 ; wParam
push 44Bh ; Msg
push eax ; hWnd
call esi ; SendMessageA
mov edi, ds:LoadCursorA
push 7F02h ; lpCursorName
push 0 ; hInstance
call edi ; LoadCursorA
mov ebx, ds:SetCursor
push eax ; hCursor
call ebx ; SetCursor
push 1 ; nShowCmd
push 0 ; lpDirectory
push 0 ; lpParameters
push [ebp+lpFile] ; lpFile
push offset Operation ; "open"
push [ebp+hDlg] ; hwnd
call ds:ShellExecuteA ; ShellExecuteA
push 7F00h ; lpCursorName
push 0 ; hInstance
call edi ; LoadCursorA
push eax ; hCursor
call ebx ; SetCursor
mov edi, [ebp+hWnd]
loc_40412F: ; CODE XREF: sub_403F0B+1B0�j
; sub_403F0B+1B9�j ...
cmp dword ptr [edi+8], 700h
jnz short loc_404183
cmp dword ptr [edi+0Ch], 100h
jnz short loc_404183
cmp dword ptr [edi+10h], 0Dh
jnz short loc_404158
push 0 ; lParam
push 1 ; wParam
push 111h ; Msg
push dword_42F424 ; hWnd
call esi ; SendMessageA
loc_404158: ; CODE XREF: sub_403F0B+23A�j
cmp dword ptr [edi+10h], 1Bh
jnz short loc_40416C
push 0 ; lParam
push 0 ; wParam
push 10h ; Msg
push dword_42F424 ; hWnd
call esi ; SendMessageA
loc_40416C: ; CODE XREF: sub_403F0B+251�j
xor eax, eax
inc eax
jmp short loc_40418F
; ---------------------------------------------------------------------------
loc_404171: ; CODE XREF: sub_403F0B+196�j
cmp [ebp+arg_4], 40Bh
jnz short loc_404180
inc dword_42A888
loc_404180: ; CODE XREF: sub_403F0B+141�j
; sub_403F0B+14F�j ...
mov edi, [ebp+hWnd]
loc_404183: ; CODE XREF: sub_403F0B+22B�j
; sub_403F0B+234�j
push edi ; hWnd
push [ebp+hdc] ; hdc
push [ebp+arg_4] ; int
call sub_403E2A
loc_40418F: ; CODE XREF: sub_403F0B+11E�j
; sub_403F0B+264�j
pop edi
pop esi
pop ebx
leave
retn 10h
sub_403F0B endp
; =============== S U B R O U T I N E =======================================
sub_404196 proc near ; CODE XREF: sub_403F0B+18D�p
; sub_404201+2DA�p ...
cmp dword_42F4AC, 0
mov eax, dword_429868
jnz short loc_4041A9
mov eax, dword_42A89C
loc_4041A9: ; CODE XREF: sub_404196+C�j
push 1 ; lParam
push 1 ; wParam
push 0F4h ; Msg
push eax ; hWnd
call ds:SendMessageA ; SendMessageA
retn
sub_404196 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_4041BA(HWND hDlg,int,HDC hdc,HWND hWnd)
sub_4041BA proc near ; DATA XREF: .data:00409298�o
hDlg = dword ptr 8
arg_4 = dword ptr 0Ch
hdc = dword ptr 10h
hWnd = dword ptr 14h
push ebp
mov ebp, esp
cmp [ebp+arg_4], 110h
push esi
mov esi, [ebp+hWnd]
jnz short loc_4041F0
push dword ptr [esi+30h] ; lpString2
push 1Dh ; int
push [ebp+hDlg] ; hDlg
call sub_403DC3
mov eax, [esi+3Ch]
shl eax, 0Ah
add eax, offset dword_430000
push eax ; lpString
push 3E8h ; nIDDlgItem
push [ebp+hDlg] ; hDlg
call SetDlgItemTextA ; SetDlgItemTextA
loc_4041F0: ; CODE XREF: sub_4041BA+E�j
push esi ; hWnd
push [ebp+hdc] ; hdc
push [ebp+arg_4] ; int
call sub_403E2A
pop esi
pop ebp
retn 10h
sub_4041BA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_404201(HWND hDlg,int,HDC hdc,HWND hWnd)
sub_404201 proc near ; DATA XREF: .data:00409290�o
bi = _browseinfoA ptr -48h
var_28 = dword ptr -28h
TotalNumberOfClusters= dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
BytesPerSector = dword ptr -18h
var_14 = byte ptr -14h
SectorsPerCluster= dword ptr -10h
nNumerator = dword ptr -0Ch
lpString2 = dword ptr -8
var_4 = dword ptr -4
hDlg = dword ptr 8
arg_4 = dword ptr 0Ch
hdc = dword ptr 10h
hWnd = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 48h
mov eax, dword_42A078
push ebx
push esi
mov [ebp+var_20], eax
mov esi, [eax+3Ch]
mov eax, [eax+38h]
shl esi, 0Ah
add esi, offset dword_430000
cmp [ebp+arg_4], 40Bh
push edi
mov [ebp+lpString2], eax
mov ebx, 3FBh
jnz short loc_40423F
push esi ; lpString
push ebx ; nIDDlgItem
call sub_4052BF
push esi ; lpszCurrent
call sub_405C17
loc_40423F: ; CODE XREF: sub_404201+2F�j
cmp [ebp+arg_4], 110h
jnz short loc_4042C0
push ebx ; nIDDlgItem
push [ebp+hDlg] ; hDlg
call ds:GetDlgItem ; GetDlgItem
push esi
mov edi, eax
call sub_405554
test eax, eax
jz short loc_40426E
push esi ; lpsz
call sub_40557B
test eax, eax
jnz short loc_40426E
push esi ; lpString1
call sub_4054E8
loc_40426E: ; CODE XREF: sub_404201+5B�j
; sub_404201+65�j
mov eax, [ebp+hDlg]
push esi ; lpString
push edi ; hWnd
mov dword_42EBF8, eax
call ds:SetWindowTextA ; SetWindowTextA
mov eax, [ebp+hWnd]
push dword ptr [eax+34h] ; lpString2
push 1 ; int
push [ebp+hDlg] ; hDlg
call sub_403DC3
mov eax, [ebp+hWnd]
push dword ptr [eax+30h] ; lpString2
push 14h ; int
push [ebp+hDlg] ; hDlg
call sub_403DC3
push edi ; wParam
call sub_403DF8
push offset aShautocomplete ; "SHAutoComplete"
push offset aShlwapi_dll ; "shlwapi.dll"
call sub_405CEE
test eax, eax
jz loc_4044E6
push 1
push edi
call eax
loc_4042C0: ; CODE XREF: sub_404201+45�j
cmp [ebp+arg_4], 111h
jnz loc_404393
movzx eax, word ptr [ebp+hdc]
cmp eax, ebx
jnz short loc_4042ED
mov ecx, [ebp+hdc]
shr ecx, 10h
cmp cx, 300h
jnz loc_4044E6
mov [ebp+arg_4], 40Fh
loc_4042ED: ; CODE XREF: sub_404201+D2�j
cmp eax, 3E9h
jnz loc_404393
push 7
xor eax, eax
pop ecx
lea edi, [ebp+bi.pidlRoot]
push [ebp+lpString2] ; lpString2
rep stosd
mov eax, [ebp+hDlg]
mov edi, offset byte_42A8A0
push offset dword_429C78 ; lpString1
mov [ebp+bi.hwndOwner], eax
mov [ebp+bi.pszDisplayName], edi
mov [ebp+bi.lpfn], offset sub_4044FB
mov [ebp+bi.lParam], esi
call sub_4059FD
mov [ebp+bi.lpszTitle], eax
lea eax, [ebp+bi]
push eax ; lpbi
mov [ebp+bi.ulFlags], 41h
call ds:SHBrowseForFolderA ; SHBrowseForFolderA
test eax, eax
jz short loc_40438C
push eax
call sub_405238
push esi ; lpString1
call sub_4054E8
mov eax, dword_42F428
mov eax, [eax+11Ch]
test eax, eax
jz short loc_40437A
push eax ; lpString2
push 0 ; lpString1
call sub_4059FD
push edi ; lpString2
mov edi, offset byte_42E3C0
push edi ; lpString1
call ds:lstrcmpiA ; lstrcmpiA
test eax, eax
jz short loc_40437A
push edi ; lpString2
push esi ; lpString1
call lstrcatA ; lstrcatA
loc_40437A: ; CODE XREF: sub_404201+157�j
; sub_404201+170�j
inc dword_42A890
push esi ; lpString
push ebx ; nIDDlgItem
push [ebp+hDlg] ; hDlg
call SetDlgItemTextA ; SetDlgItemTextA
jmp short loc_404393
; ---------------------------------------------------------------------------
loc_40438C: ; CODE XREF: sub_404201+13C�j
mov [ebp+arg_4], 40Fh
loc_404393: ; CODE XREF: sub_404201+C6�j
; sub_404201+F1�j ...
cmp [ebp+arg_4], 40Fh
jz short loc_4043A9
cmp [ebp+arg_4], 405h
jnz loc_4044E6
loc_4043A9: ; CODE XREF: sub_404201+199�j
and [ebp+var_4], 0
and [ebp+lpString2], 0
push esi ; lpString
push ebx ; nIDDlgItem
or edi, 0FFFFFFFFh
call sub_4052BF
push esi ; lpString2
call sub_4055C8
test eax, eax
jnz short loc_4043CC
mov [ebp+var_4], 1
loc_4043CC: ; CODE XREF: sub_404201+1C2�j
push esi ; lpString2
mov esi, offset RootPathName
push esi ; lpString1
call sub_4059DB
push esi ; lpsz
call sub_40557B
test eax, eax
jz short loc_4043E5
and byte ptr [eax], 0
loc_4043E5: ; CODE XREF: sub_404201+1DF�j
push offset aGetdiskfreespa ; "GetDiskFreeSpaceExA"
push offset aKernel32_dll ; "KERNEL32.dll"
call sub_405CEE
test eax, eax
mov ebx, 400h
jz short loc_40441F
lea ecx, [ebp+var_1C]
push ecx
lea ecx, [ebp+var_14]
push ecx
lea ecx, [ebp+var_28]
push ecx
push esi
call eax
test eax, eax
jz short loc_40441F
mov edi, [ebp+var_28]
mov eax, [ebp+TotalNumberOfClusters]
shrd edi, eax, 0Ah
shr eax, 0Ah
jmp short loc_40444E
; ---------------------------------------------------------------------------
loc_40441F: ; CODE XREF: sub_404201+1FA�j
; sub_404201+20D�j
lea eax, [ebp+TotalNumberOfClusters]
push eax ; lpTotalNumberOfClusters
lea eax, [ebp+nNumerator]
push eax ; lpNumberOfFreeClusters
lea eax, [ebp+BytesPerSector]
push eax ; lpBytesPerSector
lea eax, [ebp+SectorsPerCluster]
push eax ; lpSectorsPerCluster
push esi ; lpRootPathName
call ds:GetDiskFreeSpaceA ; GetDiskFreeSpaceA
test eax, eax
jz short loc_404455
mov eax, [ebp+SectorsPerCluster]
push ebx ; nDenominator
imul eax, [ebp+BytesPerSector]
push [ebp+nNumerator] ; nNumerator
push eax ; nNumber
call ds:MulDiv ; MulDiv
mov edi, eax
loc_40444E: ; CODE XREF: sub_404201+21C�j
mov [ebp+lpString2], 1
loc_404455: ; CODE XREF: sub_404201+237�j
push 5
call sub_404616
cmp edi, eax
jnb short loc_404467
mov [ebp+var_4], 2
loc_404467: ; CODE XREF: sub_404201+25D�j
mov ecx, dword_42EBFC
xor esi, esi
cmp [ecx+10h], esi
jz short loc_40449F
push eax ; int
push 0FFFFFFFBh ; lpString2
push 3FFh ; nIDDlgItem
call sub_404561
cmp [ebp+lpString2], esi
jz short loc_404491
push edi ; int
push 0FFFFFFFCh ; lpString2
push ebx ; nIDDlgItem
call sub_404561
jmp short loc_40449F
; ---------------------------------------------------------------------------
loc_404491: ; CODE XREF: sub_404201+283�j
push offset pszPath ; lpString
push ebx ; nIDDlgItem
push [ebp+hDlg] ; hDlg
call SetDlgItemTextA ; SetDlgItemTextA
loc_40449F: ; CODE XREF: sub_404201+271�j
; sub_404201+28E�j
mov eax, [ebp+var_4]
cmp eax, esi
mov dword_42F4C4, eax
jnz short loc_4044B5
push 7
call sub_401410
mov [ebp+var_4], eax
loc_4044B5: ; CODE XREF: sub_404201+2A8�j
mov eax, [ebp+var_20]
test [eax+14h], ebx
jz short loc_4044C0
mov [ebp+var_4], esi
loc_4044C0: ; CODE XREF: sub_404201+2BA�j
xor eax, eax
cmp [ebp+var_4], esi
setz al
push eax ; bEnable
call sub_403DE5
cmp [ebp+var_4], esi
jnz short loc_4044E0
cmp dword_42A890, esi
jnz short loc_4044E0
call sub_404196
loc_4044E0: ; CODE XREF: sub_404201+2D0�j
; sub_404201+2D8�j
mov dword_42A890, esi
loc_4044E6: ; CODE XREF: sub_404201+B4�j
; sub_404201+DF�j ...
push [ebp+hWnd] ; hWnd
push [ebp+hdc] ; hdc
push [ebp+arg_4] ; int
call sub_403E2A
pop edi
pop esi
pop ebx
leave
retn 10h
sub_404201 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_4044FB(HWND hWnd,int,LPCITEMIDLIST pidl,LPARAM pszPath)
sub_4044FB proc near ; DATA XREF: sub_404201+117�o
hWnd = dword ptr 8
arg_4 = dword ptr 0Ch
pidl = dword ptr 10h
pszPath = dword ptr 14h
push ebp
mov ebp, esp
cmp [ebp+arg_4], 1
push esi
mov esi, ds:SendMessageA
jnz short loc_404527
push [ebp+pszPath] ; lpString
push 3FBh ; nIDDlgItem
call sub_4052BF
push [ebp+pszPath] ; lParam
push 1 ; wParam
push 466h ; Msg
push [ebp+hWnd] ; hWnd
call esi ; SendMessageA
loc_404527: ; CODE XREF: sub_4044FB+E�j
cmp [ebp+arg_4], 2
jnz short loc_40455A
push [ebp+pszPath] ; pszPath
push [ebp+pidl] ; pidl
call ds:SHGetPathFromIDListA ; SHGetPathFromIDListA
test eax, eax
jz short loc_40454B
push 7
call sub_401410
test eax, eax
jnz short loc_40454B
inc eax
jmp short loc_40454D
; ---------------------------------------------------------------------------
loc_40454B: ; CODE XREF: sub_4044FB+40�j
; sub_4044FB+4B�j
xor eax, eax
loc_40454D: ; CODE XREF: sub_4044FB+4E�j
push eax ; lParam
push 0 ; wParam
push 465h ; Msg
push [ebp+hWnd] ; hWnd
call esi ; SendMessageA
loc_40455A: ; CODE XREF: sub_4044FB+30�j
xor eax, eax
pop esi
pop ebp
retn 10h
sub_4044FB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_404561(int nIDDlgItem,LPCSTR lpString2,int)
sub_404561 proc near ; CODE XREF: sub_404201+27B�p
; sub_404201+289�p ...
var_40 = byte ptr -40h
String1 = byte ptr -20h
nIDDlgItem = dword ptr 8
lpString2 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 40h
push ebx
push esi
mov esi, [ebp+arg_8]
push edi
push 14h
cmp esi, 100000h
pop edi
push 0FFFFFFDCh
pop ebx
jnb short loc_404581
push 0Ah
pop edi
push 0FFFFFFDDh
pop ebx
loc_404581: ; CODE XREF: sub_404561+18�j
cmp esi, 400h
jnb short loc_40458E
push 0FFFFFFDEh
xor edi, edi
pop ebx
loc_40458E: ; CODE XREF: sub_404561+26�j
cmp esi, 0FFFF3333h
jnb short loc_4045A5
xor eax, eax
mov ecx, edi
inc eax
push 14h
shl eax, cl
pop ecx
cdq
idiv ecx
add esi, eax
loc_4045A5: ; CODE XREF: sub_404561+33�j
lea eax, [ebp+String1]
push 0FFFFFFDFh ; lpString2
push eax ; lpString1
call sub_4059FD
push eax
lea eax, [ebp+var_40]
push ebx ; lpString2
push eax ; lpString1
call sub_4059FD
push eax
mov eax, esi
and eax, 0FFFFFFh
mov ecx, edi
push 0Ah
xor edx, edx
lea eax, [eax+eax*4]
add eax, eax
shr eax, cl
pop ecx
div ecx
mov ecx, edi
shr esi, cl
push edx
push esi
push offset aU_USS ; "%u.%u%s%s"
mov esi, offset byte_42A8A0
push [ebp+lpString2] ; lpString2
push esi ; lpString1
call sub_4059FD
push esi ; lpString
mov edi, eax
call lstrlenA ; lstrlenA
add edi, eax
push edi ; LPSTR
call ds:wsprintfA ; wsprintfA
add esp, 18h
push esi ; lpString
push [ebp+nIDDlgItem] ; nIDDlgItem
push dword_42EBF8 ; hDlg
call SetDlgItemTextA ; SetDlgItemTextA
pop edi
pop esi
pop ebx
leave
retn 0Ch
sub_404561 endp
; =============== S U B R O U T I N E =======================================
sub_404616 proc near ; CODE XREF: sub_404201+256�p
; sub_4046C3+595�p ...
arg_0 = dword ptr 4
mov edx, dword_42F44C
mov ecx, dword_42F448
xor eax, eax
test edx, edx
jz short locret_404640
push esi
loc_404629: ; CODE XREF: sub_404616+27�j
test byte ptr [ecx+8], 1
jz short loc_404636
mov esi, [esp+4+arg_0]
add eax, [ecx+esi*4]
loc_404636: ; CODE XREF: sub_404616+17�j
add ecx, 418h
dec edx
jnz short loc_404629
pop esi
locret_404640: ; CODE XREF: sub_404616+10�j
retn 4
sub_404616 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_404643(HWND hWnd,int)
sub_404643 proc near ; CODE XREF: sub_4046C3+2D9�p
; sub_404CBD+56�p
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_14 = dword ptr -14h
lParam = tagPOINT ptr -10h
var_8 = byte ptr -8
var_4 = dword ptr -4
hWnd = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 38h
push esi
mov esi, ds:SendMessageA
push edi
mov edi, [ebp+hWnd]
push 0 ; lParam
push 9 ; wParam
push 110Ah ; Msg
push edi ; hWnd
call esi ; SendMessageA
cmp [ebp+arg_4], 0
jz short loc_4046A2
call ds:GetMessagePos ; GetMessagePos
movsx ecx, ax
shr eax, 10h
movsx eax, ax
mov [ebp+lParam.y], eax
lea eax, [ebp+lParam]
push eax ; lpPoint
push edi ; hWnd
mov [ebp+lParam.x], ecx
call ds:ScreenToClient ; ScreenToClient
lea eax, [ebp+lParam]
push eax ; lParam
push 0 ; wParam
push 1111h ; Msg
push edi ; hWnd
call esi ; SendMessageA
test [ebp+var_8], 66h
jnz short loc_40469F
or eax, 0FFFFFFFFh
jmp short loc_4046BD
; ---------------------------------------------------------------------------
loc_40469F: ; CODE XREF: sub_404643+55�j
mov eax, [ebp+var_4]
loc_4046A2: ; CODE XREF: sub_404643+21�j
mov [ebp+var_34], eax
lea eax, [ebp+var_38]
push eax ; lParam
push 0 ; wParam
push 110Ch ; Msg
push edi ; hWnd
mov [ebp+var_38], 4
call esi ; SendMessageA
mov eax, [ebp+var_14]
loc_4046BD: ; CODE XREF: sub_404643+5A�j
pop edi
pop esi
leave
retn 8
sub_404643 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_4046C3(HWND hDlg,int,HDC hdc,int)
sub_4046C3 proc near ; DATA XREF: .data:0040928C�o
lParam = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
ho = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
wParam = dword ptr -8
hWnd = dword ptr -4
hDlg = dword ptr 8
arg_4 = dword ptr 0Ch
hdc = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 50h
push ebx
push esi
mov esi, ds:GetDlgItem
push edi
push 3F9h ; nIDDlgItem
push [ebp+hDlg] ; hDlg
call esi ; GetDlgItem
push 408h ; nIDDlgItem
mov [ebp+wParam], eax
push [ebp+hDlg] ; hDlg
call esi ; GetDlgItem
mov ebx, dword_42F448
mov esi, ds:SendMessageA
mov [ebp+hWnd], eax
mov eax, dword_42F428
add eax, 94h
xor edi, edi
cmp [ebp+arg_4], 110h
mov [ebp+var_1C], ebx
mov [ebp+var_10], eax
jnz loc_404932
mov eax, [ebp+hDlg]
push 2
mov dword_42F480, eax
mov eax, dword_42F44C
pop ebx
mov [ebp+var_18], edi
shl eax, 2
push eax ; dwBytes
push 40h ; uFlags
mov [ebp+var_C], ebx
call ds:GlobalAlloc ; GlobalAlloc
push 6Eh ; lpBitmapName
mov dword_42A898, eax
push hModule ; hInstance
call ds:LoadBitmapA ; LoadBitmapA
push offset sub_404CBD ; dwNewLong
push 0FFFFFFFCh ; nIndex
push [ebp+hWnd] ; hWnd
mov [ebp+ho], eax
call ds:SetWindowLongA ; SetWindowLongA
push edi ; cGrow
push 6 ; cInitial
push 21h ; flags
push 10h ; cy
push 10h ; cx
mov lpPrevWndFunc, eax
call ds:ImageList_Create ; ImageList_Create
push 0FF00FFh ; crMask
mov lParam, eax
push [ebp+ho] ; hbmImage
push eax ; himl
call ds:ImageList_AddMasked ; ImageList_AddMasked
push lParam ; lParam
push ebx ; wParam
push 1109h ; Msg
push [ebp+hWnd] ; hWnd
call esi ; SendMessageA
push edi ; lParam
push edi ; wParam
push 111Ch ; Msg
push [ebp+hWnd] ; hWnd
call esi ; SendMessageA
cmp eax, 10h
jge short loc_4047B6
push edi ; lParam
push 10h ; wParam
push 111Bh ; Msg
push [ebp+hWnd] ; hWnd
call esi ; SendMessageA
loc_4047B6: ; CODE XREF: sub_4046C3+E4�j
push [ebp+ho] ; ho
call ds:DeleteObject ; DeleteObject
xor ebx, ebx
loc_4047C1: ; CODE XREF: sub_4046C3+133�j
mov eax, [ebp+var_10]
mov eax, [eax+ebx*4]
cmp eax, edi
jz short loc_4047F2
cmp ebx, 20h
jz short loc_4047D3
mov [ebp+var_C], edi
loc_4047D3: ; CODE XREF: sub_4046C3+10B�j
push eax ; lpString2
push edi ; lpString1
call sub_4059FD
push eax ; lParam
push edi ; wParam
push 143h ; Msg
push [ebp+wParam] ; hWnd
call esi ; SendMessageA
push ebx ; lParam
push eax ; wParam
push 151h ; Msg
push [ebp+wParam] ; hWnd
call esi ; SendMessageA
loc_4047F2: ; CODE XREF: sub_4046C3+106�j
inc ebx
cmp ebx, 21h
jl short loc_4047C1
mov edi, [ebp+arg_C]
mov ebx, [ebp+var_C]
push dword ptr [edi+ebx*4+30h] ; lpString2
push 15h ; int
push [ebp+hDlg] ; hDlg
call sub_403DC3
push dword ptr [edi+ebx*4+34h] ; lpString2
push 16h ; int
push [ebp+hDlg] ; hDlg
call sub_403DC3
xor edi, edi
xor ebx, ebx
cmp dword_42F44C, edi
jle loc_4048EE
mov eax, [ebp+var_1C]
lea edx, [eax+8]
mov [ebp+ho], edx
loc_404833: ; CODE XREF: sub_4046C3+21F�j
lea eax, [edx+10h]
cmp byte ptr [eax], 0
jz loc_4048CF
mov [ebp+var_38], eax
mov eax, [edx]
push 20h
mov edx, eax
pop ecx
mov [ebp+lParam], ebx
and edx, ecx
mov [ebp+var_4C], 0FFFF0002h
test al, 2
mov [ebp+var_48], 0Dh
mov [ebp+var_3C], ecx
mov [ebp+var_24], edi
mov [ebp+var_40], edx
jz short loc_4048A1
lea eax, [ebp+lParam]
mov [ebp+var_48], 4Dh
push eax ; lParam
push 0 ; wParam
push 1100h ; Msg
mov [ebp+var_28], 1
push [ebp+hWnd] ; hWnd
call esi ; SendMessageA
mov ecx, dword_42A898
mov [ebp+var_18], 1
mov [ecx+edi*4], eax
mov eax, dword_42A898
mov ebx, [eax+edi*4]
jmp short loc_4048CF
; ---------------------------------------------------------------------------
loc_4048A1: ; CODE XREF: sub_4046C3+1A4�j
test al, 4
jz short loc_4048B6
push ebx ; lParam
push 3 ; wParam
push 110Ah ; Msg
push [ebp+hWnd] ; hWnd
call esi ; SendMessageA
mov ebx, eax
jmp short loc_4048CF
; ---------------------------------------------------------------------------
loc_4048B6: ; CODE XREF: sub_4046C3+1E0�j
lea eax, [ebp+lParam]
push eax ; lParam
push 0 ; wParam
push 1100h ; Msg
push [ebp+hWnd] ; hWnd
call esi ; SendMessageA
mov ecx, dword_42A898
mov [ecx+edi*4], eax
loc_4048CF: ; CODE XREF: sub_4046C3+176�j
; sub_4046C3+1DC�j ...
mov edx, [ebp+ho]
inc edi
add edx, 418h
cmp edi, dword_42F44C
mov [ebp+ho], edx
jl loc_404833
cmp [ebp+var_18], 0
jnz short loc_404907
loc_4048EE: ; CODE XREF: sub_4046C3+161�j
push 0FFFFFFF0h ; nIndex
push [ebp+hWnd] ; hWnd
call ds:GetWindowLongA ; GetWindowLongA
and al, 0FBh
push eax ; dwNewLong
push 0FFFFFFF0h ; nIndex
push [ebp+hWnd] ; hWnd
call ds:SetWindowLongA ; SetWindowLongA
loc_404907: ; CODE XREF: sub_4046C3+229�j
cmp [ebp+var_C], 0
jnz short loc_404925
push 5 ; nCmdShow
push [ebp+wParam] ; hWnd
call ds:ShowWindow ; ShowWindow
push [ebp+wParam] ; wParam
call sub_403DF8
jmp loc_404CA8
; ---------------------------------------------------------------------------
loc_404925: ; CODE XREF: sub_4046C3+248�j
push [ebp+hWnd] ; wParam
call sub_403DF8
mov ebx, [ebp+var_1C]
xor edi, edi
loc_404932: ; CODE XREF: sub_4046C3+4E�j
cmp [ebp+arg_4], 405h
jnz short loc_40494D
xor ecx, ecx
mov [ebp+hdc], edi
inc ecx
mov [ebp+arg_4], 40Fh
mov [ebp+arg_C], ecx
jmp short loc_404950
; ---------------------------------------------------------------------------
loc_40494D: ; CODE XREF: sub_4046C3+276�j
mov ecx, [ebp+arg_C]
loc_404950: ; CODE XREF: sub_4046C3+288�j
cmp [ebp+arg_4], 4Eh
mov eax, 413h
jz short loc_404964
cmp [ebp+arg_4], eax
jnz loc_404A4B
loc_404964: ; CODE XREF: sub_4046C3+296�j
cmp [ebp+arg_4], eax
mov [ebp+var_C], ecx
jz short loc_404979
cmp dword ptr [ecx+4], 408h
jnz loc_404A4B
loc_404979: ; CODE XREF: sub_4046C3+2A7�j
test byte ptr dword_42F430+1, 2
jnz short loc_4049F8
cmp [ebp+arg_4], eax
jz short loc_404990
mov ecx, [ebp+arg_C]
cmp dword ptr [ecx+8], 0FFFFFFFEh
jnz short loc_4049F8
loc_404990: ; CODE XREF: sub_4046C3+2C2�j
xor ecx, ecx
cmp [ebp+arg_4], eax
setnz cl
push ecx ; int
push [ebp+hWnd] ; hWnd
call sub_404643
cmp eax, edi
jl short loc_4049F8
mov ecx, eax
imul ecx, 418h
lea edx, [ecx+ebx+8]
mov ecx, [edx]
test cl, 10h
jnz short loc_4049F8
test cl, 40h
jz short loc_4049D1
xor ecx, 80h
test cl, cl
jns short loc_4049CC
or ecx, 1
jmp short loc_4049D4
; ---------------------------------------------------------------------------
loc_4049CC: ; CODE XREF: sub_4046C3+302�j
and ecx, 0FFFFFFFEh
jmp short loc_4049D4
; ---------------------------------------------------------------------------
loc_4049D1: ; CODE XREF: sub_4046C3+2F8�j
xor ecx, 1
loc_4049D4: ; CODE XREF: sub_4046C3+307�j
; sub_4046C3+30C�j
push eax
mov [edx], ecx
call sub_40117D
mov eax, dword_42F430
xor ecx, ecx
not eax
inc ecx
mov [ebp+arg_4], 40Fh
shr eax, 8
and eax, ecx
mov [ebp+hdc], ecx
mov [ebp+arg_C], eax
loc_4049F8: ; CODE XREF: sub_4046C3+2BD�j
; sub_4046C3+2CB�j ...
cmp [ebp+var_C], edi
jz short loc_404A4B
mov eax, [ebp+var_C]
cmp dword ptr [eax+8], 0FFFFFE6Eh
jnz short loc_404A17
push dword ptr [eax+5Ch] ; lParam
push edi ; wParam
push 419h ; Msg
push [ebp+hWnd] ; hWnd
call esi ; SendMessageA
loc_404A17: ; CODE XREF: sub_4046C3+344�j
mov eax, [ebp+var_C]
cmp dword ptr [eax+8], 0FFFFFE6Ah
jnz short loc_404A4B
cmp dword ptr [eax+0Ch], 2
jnz short loc_404A3B
mov eax, [eax+5Ch]
imul eax, 418h
lea eax, [eax+ebx+8]
or dword ptr [eax], 20h
jmp short loc_404A4B
; ---------------------------------------------------------------------------
loc_404A3B: ; CODE XREF: sub_4046C3+364�j
mov eax, [eax+5Ch]
imul eax, 418h
lea ebx, [eax+ebx+8]
and dword ptr [ebx], 0FFFFFFDFh
loc_404A4B: ; CODE XREF: sub_4046C3+29B�j
; sub_4046C3+2B0�j ...
cmp [ebp+arg_4], 111h
jnz short loc_404AC6
cmp word ptr [ebp+hdc], 3F9h
jnz loc_404CA8
mov eax, [ebp+hdc]
shr eax, 10h
cmp ax, 1
jnz loc_404CA8
push edi ; lParam
push edi ; wParam
push 147h ; Msg
push [ebp+wParam] ; hWnd
call esi ; SendMessageA
cmp eax, 0FFFFFFFFh
jz loc_404CA8
push edi ; lParam
push eax ; wParam
push 150h ; Msg
push [ebp+wParam] ; hWnd
call esi ; SendMessageA
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz short loc_404AA0
mov eax, [ebp+var_10]
cmp [eax+ebx*4], edi
jnz short loc_404AA3
loc_404AA0: ; CODE XREF: sub_4046C3+3D3�j
push 20h
pop ebx
loc_404AA3: ; CODE XREF: sub_4046C3+3DB�j
push ebx
call sub_401299
push ebx ; lParam
push edi ; wParam
push 420h ; Msg
push [ebp+hDlg] ; hWnd
call esi ; SendMessageA
mov [ebp+hdc], 1
mov [ebp+arg_C], edi
mov [ebp+arg_4], 40Fh
loc_404AC6: ; CODE XREF: sub_4046C3+38F�j
cmp [ebp+arg_4], 200h
jnz short loc_404ADB
push edi ; lParam
push edi ; wParam
push 200h ; Msg
push [ebp+hWnd] ; hWnd
call esi ; SendMessageA
loc_404ADB: ; CODE XREF: sub_4046C3+40A�j
cmp [ebp+arg_4], 40Bh
jnz short loc_404B16
mov eax, lParam
cmp eax, edi
jz short loc_404AF4
push eax ; himl
call ds:ImageList_Destroy ; ImageList_Destroy
loc_404AF4: ; CODE XREF: sub_4046C3+428�j
mov eax, dword_42A898
cmp eax, edi
jz short loc_404B04
push eax ; hMem
call ds:GlobalFree ; GlobalFree
loc_404B04: ; CODE XREF: sub_4046C3+438�j
mov lParam, edi
mov dword_42A898, edi
mov dword_42F480, edi
loc_404B16: ; CODE XREF: sub_4046C3+41F�j
cmp [ebp+arg_4], 40Fh
jnz loc_404C6A
push edi
push edi
call sub_4011EF
cmp [ebp+hdc], edi
jz short loc_404B36
push 8
call sub_401410
loc_404B36: ; CODE XREF: sub_4046C3+46A�j
cmp [ebp+arg_C], edi
jz short loc_404B7A
push dword_42A898
call sub_4012E2
mov ebx, eax
push ebx
call sub_401299
xor eax, eax
xor ecx, ecx
cmp ebx, edi
jle short loc_404B64
loc_404B56: ; CODE XREF: sub_4046C3+49F�j
mov edx, [ebp+var_10]
cmp [edx+eax*4], edi
jz short loc_404B5F
inc ecx
loc_404B5F: ; CODE XREF: sub_4046C3+499�j
inc eax
cmp eax, ebx
jl short loc_404B56
loc_404B64: ; CODE XREF: sub_4046C3+491�j
push edi ; lParam
push ecx ; wParam
push 14Eh ; Msg
push [ebp+wParam] ; hWnd
call esi ; SendMessageA
mov [ebp+arg_C], ebx
mov [ebp+arg_4], 420h
loc_404B7A: ; CODE XREF: sub_4046C3+476�j
push edi
push edi
call sub_4011EF
mov eax, dword_42A898
cmp dword_42F44C, edi
mov [ebp+var_1C], eax
mov eax, dword_42F448
mov [ebp+var_38], 0F030h
mov [ebp+var_C], edi
jle loc_404C40
lea ebx, [eax+8]
loc_404BA7: ; CODE XREF: sub_4046C3+577�j
mov eax, [ebp+var_1C]
mov ecx, [ebp+var_C]
mov eax, [eax+ecx*4]
cmp eax, edi
jz short loc_404C28
mov ecx, [ebx]
mov [ebp+var_40], eax
test ch, 1
mov [ebp+var_44], 8
jz short loc_404BD6
lea eax, [ebx+10h]
mov [ebp+var_44], 9
mov [ebp+var_34], eax
and byte ptr [ebx+1], 0FEh
loc_404BD6: ; CODE XREF: sub_4046C3+500�j
test cl, 40h
jz short loc_404BE0
push 3
pop eax
jmp short loc_404BEE
; ---------------------------------------------------------------------------
loc_404BE0: ; CODE XREF: sub_4046C3+516�j
mov eax, ecx
and eax, 1
inc eax
test cl, 10h
jz short loc_404BEE
add eax, 3
loc_404BEE: ; CODE XREF: sub_4046C3+51B�j
; sub_4046C3+526�j
mov edx, ecx
push [ebp+var_40] ; lParam
shl eax, 0Bh
and edx, 8
or eax, edx
mov edx, ecx
sar ecx, 5
add eax, eax
and edx, 20h
and ecx, 1
or eax, edx
inc ecx
mov [ebp+var_3C], eax
push ecx ; wParam
push 1102h ; Msg
push [ebp+hWnd] ; hWnd
call esi ; SendMessageA
lea eax, [ebp+var_44]
push eax ; lParam
push edi ; wParam
push 110Dh ; Msg
push [ebp+hWnd] ; hWnd
call esi ; SendMessageA
loc_404C28: ; CODE XREF: sub_4046C3+4EF�j
inc [ebp+var_C]
add ebx, 418h
mov eax, [ebp+var_C]
cmp eax, dword_42F44C
jl loc_404BA7
loc_404C40: ; CODE XREF: sub_4046C3+4DB�j
push 1 ; bErase
push edi ; lpRect
push [ebp+hWnd] ; hWnd
call ds:InvalidateRect ; InvalidateRect
mov eax, dword_42EBFC
cmp [eax+10h], edi
jz short loc_404C6A
push 5
call sub_404616
push eax ; int
push 0FFFFFFFBh ; lpString2
push 3FFh ; nIDDlgItem
call sub_404561
loc_404C6A: ; CODE XREF: sub_4046C3+45A�j
; sub_4046C3+591�j
cmp [ebp+arg_4], 420h
jnz short loc_404CA8
test byte ptr dword_42F430+1, 1
jz short loc_404CA8
xor eax, eax
cmp [ebp+arg_C], 20h
mov esi, ds:ShowWindow
setz al
shl eax, 3
mov edi, eax
push edi ; nCmdShow
push [ebp+hWnd] ; hWnd
call esi ; ShowWindow
push edi ; nCmdShow
push 3FEh ; nIDDlgItem
push [ebp+hDlg] ; hDlg
call ds:GetDlgItem ; GetDlgItem
push eax ; hWnd
call esi ; ShowWindow
loc_404CA8: ; CODE XREF: sub_4046C3+25D�j
; sub_4046C3+397�j ...
push [ebp+arg_C] ; hWnd
push [ebp+hdc] ; hdc
push [ebp+arg_4] ; int
call sub_403E2A
pop edi
pop esi
pop ebx
leave
retn 10h
sub_4046C3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_404CBD(HWND hWnd,UINT Msg,WPARAM wParam,int)
sub_404CBD proc near ; DATA XREF: sub_4046C3+89�o
hWnd = dword ptr 8
Msg = dword ptr 0Ch
wParam = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
cmp [ebp+Msg], 102h
push ebx
push esi
jnz short loc_404CE6
cmp [ebp+wParam], 20h
jnz loc_404D5F
push 413h ; Msg
call sub_403E0F
xor eax, eax
jmp loc_404D78
; ---------------------------------------------------------------------------
loc_404CE6: ; CODE XREF: sub_404CBD+C�j
cmp [ebp+Msg], 2
jnz short loc_404CF3
or dword_40929C, 0FFFFFFFFh
loc_404CF3: ; CODE XREF: sub_404CBD+2D�j
cmp [ebp+Msg], 200h
mov esi, 419h
jnz short loc_404D1F
push [ebp+hWnd] ; hWnd
call ds:IsWindowVisible ; IsWindowVisible
test eax, eax
jz short loc_404D5F
push 1 ; int
push [ebp+hWnd] ; hWnd
call sub_404643
mov ebx, eax
mov [ebp+Msg], esi
jmp short loc_404D22
; ---------------------------------------------------------------------------
loc_404D1F: ; CODE XREF: sub_404CBD+42�j
mov ebx, [ebp+arg_C]
loc_404D22: ; CODE XREF: sub_404CBD+60�j
cmp [ebp+Msg], esi
jnz short loc_404D62
cmp dword_40929C, ebx
jz short loc_404D62
push edi
mov esi, offset dword_430000
mov edi, offset byte_42A8A0
push esi ; lpString2
push edi ; lpString1
mov dword_40929C, ebx
call sub_4059DB
push ebx ; int
push esi ; LPSTR
call sub_405939
push 6
call sub_401410
push edi ; lpString2
push esi ; lpString1
call sub_4059DB
pop edi
jmp short loc_404D62
; ---------------------------------------------------------------------------
loc_404D5F: ; CODE XREF: sub_404CBD+12�j
; sub_404CBD+4F�j
mov ebx, [ebp+arg_C]
loc_404D62: ; CODE XREF: sub_404CBD+68�j
; sub_404CBD+70�j ...
push ebx ; lParam
push [ebp+wParam] ; wParam
push [ebp+Msg] ; Msg
push [ebp+hWnd] ; hWnd
push lpPrevWndFunc ; lpPrevWndFunc
call ds:CallWindowProcA ; CallWindowProcA
loc_404D78: ; CODE XREF: sub_404CBD+24�j
pop esi
pop ebx
pop ebp
retn 10h
sub_404CBD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_404D7E(int,LPCSTR lpString2)
sub_404D7E proc near ; CODE XREF: sub_401428+9�p
; sub_401439:loc_401495�p ...
lParam = dword ptr -30h
wParam = dword ptr -2Ch
var_28 = dword ptr -28h
var_1C = dword ptr -1Ch
var_8 = dword ptr -8
hWnd = dword ptr -4
arg_0 = dword ptr 8
lpString2 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 30h
mov eax, dword_42EC04
push ebx
xor ebx, ebx
push esi
cmp eax, ebx
push edi
mov [ebp+hWnd], eax
jz loc_404E49
mov eax, dword_4092A0
mov esi, offset byte_42A080
mov edi, eax
mov [ebp+var_8], eax
and edi, 1
jnz short loc_404DB6
push [ebp+arg_0] ; lpString2
push esi ; lpString1
call sub_4059FD
loc_404DB6: ; CODE XREF: sub_404D7E+2D�j
push esi ; lpString
call lstrlenA ; lstrlenA
cmp [ebp+lpString2], ebx
mov [ebp+arg_0], eax
jz short loc_404DDF
push [ebp+lpString2] ; lpString
call lstrlenA ; lstrlenA
add eax, [ebp+arg_0]
cmp eax, 800h
jnb short loc_404E49
push [ebp+lpString2] ; lpString2
push esi ; lpString1
call lstrcatA ; lstrcatA
loc_404DDF: ; CODE XREF: sub_404D7E+44�j
test byte ptr [ebp+var_8], 4
jz short loc_404DF2
push esi ; lpString
push dword_42EBE8 ; hWnd
call ds:SetWindowTextA ; SetWindowTextA
loc_404DF2: ; CODE XREF: sub_404D7E+65�j
test byte ptr [ebp+var_8], 2
jz short loc_404E3C
push ebx ; lParam
push ebx ; wParam
push 1004h ; Msg
mov [ebp+var_1C], esi
push [ebp+hWnd] ; hWnd
mov esi, ds:SendMessageA
mov [ebp+lParam], 1
call esi ; SendMessageA
sub eax, edi
mov [ebp+var_28], ebx
mov [ebp+wParam], eax
lea eax, [ebp+lParam]
push eax ; lParam
mov eax, 1007h
sub eax, edi
push ebx ; wParam
push eax ; Msg
push [ebp+hWnd] ; hWnd
call esi ; SendMessageA
push ebx ; lParam
push [ebp+wParam] ; wParam
push 1013h ; Msg
push [ebp+hWnd] ; hWnd
call esi ; SendMessageA
loc_404E3C: ; CODE XREF: sub_404D7E+78�j
cmp edi, ebx
jz short loc_404E49
mov eax, [ebp+arg_0]
mov byte_42A080[eax], bl
loc_404E49: ; CODE XREF: sub_404D7E+15�j
; sub_404D7E+56�j ...
pop edi
pop esi
pop ebx
leave
retn 8
sub_404D7E endp
; =============== S U B R O U T I N E =======================================
; DWORD __stdcall StartAddress(LPVOID)
StartAddress proc near ; CODE XREF: sub_403542+29A�p
; DATA XREF: sub_404EBC+1BE�o
hWnd = dword ptr 4
push esi
mov esi, dword_42F448
push edi
mov edi, dword_42F44C
push 0 ; pvReserved
call ds:OleInitialize
or dword_42F4D0, eax
push 0 ; Msg
call sub_403E0F
test edi, edi
jz short loc_404EA2
add esi, 0Ch
loc_404E7A: ; CODE XREF: StartAddress+48�j
dec edi
test byte ptr [esi-4], 1
jz short loc_404E90
push [esp+8+hWnd] ; hWnd
push dword ptr [esi] ; int
call sub_40136D
test eax, eax
jnz short loc_404E9C
loc_404E90: ; CODE XREF: StartAddress+2F�j
add esi, 418h
test edi, edi
jnz short loc_404E7A
jmp short loc_404EA2
; ---------------------------------------------------------------------------
loc_404E9C: ; CODE XREF: StartAddress+3E�j
inc dword_42F4AC
loc_404EA2: ; CODE XREF: StartAddress+25�j
; StartAddress+4A�j
push 404h ; Msg
call sub_403E0F
call ds:OleUninitialize
mov eax, dword_42F4AC
pop edi
pop esi
retn 4
StartAddress endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_404EBC(HWND ThreadId,int,HDC hdc,int)
sub_404EBC proc near ; DATA XREF: .data:00409294�o
var_3C = byte ptr -3Ch
lParam = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
x = tagRECT ptr -14h
hWnd = dword ptr -4
ThreadId = dword ptr 8
arg_4 = dword ptr 0Ch
hdc = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 3Ch
push ebx
push esi
push edi
mov edi, dword_42EC04
xor ebx, ebx
cmp [ebp+arg_4], 110h
mov [ebp+hWnd], edi
jnz loc_40505D
or [ebp+var_2C], 0FFFFFFFFh
or [ebp+var_20], 0FFFFFFFFh
xor eax, eax
lea edi, [ebp+var_1C]
mov [ebp+lParam], 2
mov [ebp+var_30], ebx
mov [ebp+var_28], ebx
mov [ebp+var_24], ebx
stosd
stosd
mov eax, dword_42F428
mov edi, ds:GetDlgItem
push 403h ; nIDDlgItem
mov ecx, [eax+5Ch]
mov eax, [eax+60h]
push [ebp+ThreadId] ; hDlg
mov [ebp+arg_4], ecx
mov [ebp+hdc], eax
call edi ; GetDlgItem
push 3EEh ; nIDDlgItem
mov hWnd, eax
push [ebp+ThreadId] ; hDlg
call edi ; GetDlgItem
push 3F8h ; nIDDlgItem
mov dword_42EBE8, eax
push [ebp+ThreadId] ; hDlg
call edi ; GetDlgItem
push hWnd ; wParam
mov dword_42EC04, eax
mov [ebp+hWnd], eax
call sub_403DF8
push 4
call sub_404616
mov dword_42EBF4, eax
lea eax, [ebp+x]
push eax ; lpRect
mov nNumber, ebx
push [ebp+hWnd] ; hWnd
call ds:GetClientRect ; GetClientRect
push 15h ; nIndex
call ds:GetSystemMetrics ; GetSystemMetrics
mov ecx, [ebp+x.right]
mov esi, ds:SendMessageA
sub ecx, eax
lea eax, [ebp+lParam]
push eax ; lParam
push ebx ; wParam
push 101Bh ; Msg
mov [ebp+var_2C], ecx
push [ebp+hWnd] ; hWnd
call esi ; SendMessageA
mov eax, 4000h
push eax ; lParam
push eax ; wParam
push 1036h ; Msg
push [ebp+hWnd] ; hWnd
call esi ; SendMessageA
cmp [ebp+arg_4], ebx
jl short loc_404FC4
push [ebp+arg_4] ; lParam
push ebx ; wParam
push 1001h ; Msg
push [ebp+hWnd] ; hWnd
call esi ; SendMessageA
push [ebp+arg_4] ; lParam
push ebx ; wParam
push 1026h ; Msg
push [ebp+hWnd] ; hWnd
call esi ; SendMessageA
loc_404FC4: ; CODE XREF: sub_404EBC+EA�j
cmp [ebp+hdc], ebx
jl short loc_404FD7
push [ebp+hdc] ; lParam
push ebx ; wParam
push 1024h ; Msg
push [ebp+hWnd] ; hWnd
call esi ; SendMessageA
loc_404FD7: ; CODE XREF: sub_404EBC+10B�j
mov eax, [ebp+arg_C]
push dword ptr [eax+30h] ; lpString2
push 1Bh ; int
push [ebp+ThreadId] ; hDlg
call sub_403DC3
test byte ptr dword_42F430, 3
jz short loc_405019
push ebx ; nCmdShow
push hWnd ; hWnd
call ds:ShowWindow ; ShowWindow
test byte ptr dword_42F430, 2
jnz short loc_405013
push 8 ; nCmdShow
push [ebp+hWnd] ; hWnd
call ds:ShowWindow ; ShowWindow
jmp short loc_405019
; ---------------------------------------------------------------------------
loc_405013: ; CODE XREF: sub_404EBC+148�j
mov hWnd, ebx
loc_405019: ; CODE XREF: sub_404EBC+132�j
; sub_404EBC+155�j
push 3ECh ; nIDDlgItem
push [ebp+ThreadId] ; hDlg
call edi ; GetDlgItem
push 75300000h ; lParam
mov edi, eax
push ebx ; wParam
push 401h ; Msg
push edi ; hWnd
call esi ; SendMessageA
test byte ptr dword_42F430, 4
jz loc_405231
push [ebp+hdc] ; lParam
push ebx ; wParam
push 409h ; Msg
push edi ; hWnd
call esi ; SendMessageA
push [ebp+arg_4] ; lParam
push ebx ; wParam
push 2001h ; Msg
push edi ; hWnd
call esi ; SendMessageA
jmp loc_405231
; ---------------------------------------------------------------------------
loc_40505D: ; CODE XREF: sub_404EBC+1B�j
cmp [ebp+arg_4], 405h
jnz short loc_40508E
lea eax, [ebp+ThreadId]
push eax ; lpThreadId
push ebx ; dwCreationFlags
push 3ECh ; nIDDlgItem
push [ebp+ThreadId] ; hDlg
call ds:GetDlgItem ; GetDlgItem
push eax ; lpParameter
push offset StartAddress ; lpStartAddress
push ebx ; dwStackSize
push ebx ; lpThreadAttributes
call ds:CreateThread ; CreateThread
push eax ; hObject
call ds:CloseHandle ; CloseHandle
loc_40508E: ; CODE XREF: sub_404EBC+1A8�j
cmp [ebp+arg_4], 111h
mov esi, ds:ShowWindow
jnz short loc_4050B8
cmp word ptr [ebp+hdc], 403h
jnz short loc_4050DA
push ebx ; nCmdShow
push hWnd ; hWnd
call esi ; ShowWindow
push 8 ; nCmdShow
push edi ; hWnd
call esi ; ShowWindow
call sub_404196
loc_4050B8: ; CODE XREF: sub_404EBC+1DF�j
cmp [ebp+arg_4], 404h
jnz short loc_405116
cmp dword_42EBEC, ebx
jz short loc_4050EF
push 78h ; wParam
mov nResult, 2
call sub_403D9C
loc_4050DA: ; CODE XREF: sub_404EBC+1E7�j
; sub_404EBC+25E�j ...
push [ebp+arg_C] ; hWnd
push [ebp+hdc] ; hdc
push [ebp+arg_4] ; int
call sub_403E2A
loc_4050E8: ; CODE XREF: sub_404EBC+377�j
pop edi
pop esi
pop ebx
leave
retn 10h
; ---------------------------------------------------------------------------
loc_4050EF: ; CODE XREF: sub_404EBC+20B�j
push 8 ; nCmdShow
push dword_42F424 ; hWnd
call esi ; ShowWindow
cmp dword_42F4AC, ebx
jnz short loc_40510F
mov eax, dword_42A078
push ebx ; lpString2
push dword ptr [eax+34h] ; int
call sub_404D7E
loc_40510F: ; CODE XREF: sub_404EBC+243�j
push 1 ; wParam
call sub_403D9C
loc_405116: ; CODE XREF: sub_404EBC+203�j
cmp [ebp+arg_4], 7Bh
jnz short loc_4050DA
cmp [ebp+hdc], edi
jnz short loc_4050DA
push ebx ; lParam
push ebx ; wParam
push 1004h ; Msg
push edi ; hWnd
call ds:SendMessageA ; SendMessageA
cmp eax, ebx
mov [ebp+arg_4], eax
jle loc_405231
call ds:CreatePopupMenu ; CreatePopupMenu
push 0FFFFFFE1h ; lpString2
push ebx ; lpString1
mov esi, eax
call sub_4059FD
push eax ; lpNewItem
push 1 ; uIDNewItem
push ebx ; uFlags
push esi ; hMenu
call ds:AppendMenuA ; AppendMenuA
mov eax, [ebp+arg_C]
cmp eax, 0FFFFFFFFh
jnz short loc_405170
lea eax, [ebp+x]
push eax ; lpRect
push edi ; hWnd
call ds:GetWindowRect ; GetWindowRect
mov ecx, [ebp+x.left]
mov eax, [ebp+x.top]
jmp short loc_405179
; ---------------------------------------------------------------------------
loc_405170: ; CODE XREF: sub_404EBC+29F�j
movsx ecx, ax
shr eax, 10h
movsx eax, ax
loc_405179: ; CODE XREF: sub_404EBC+2B2�j
push ebx ; prcRect
push edi ; hWnd
push ebx ; nReserved
push eax ; y
push ecx ; x
push 180h ; uFlags
push esi ; hMenu
call ds:TrackPopupMenu ; TrackPopupMenu
xor esi, esi
inc esi
cmp eax, esi
jnz loc_405231
mov eax, [ebp+arg_4]
mov [ebp+lParam], ebx
mov [ebp+var_28], offset byte_42A8A0
mov [ebp+var_24], 0FFFh
mov [ebp+ThreadId], eax
mov edi, 102Dh
loc_4051B1: ; CODE XREF: sub_404EBC+310�j
dec [ebp+ThreadId]
lea eax, [ebp+var_3C]
push eax ; lParam
push [ebp+ThreadId] ; wParam
push edi ; Msg
push [ebp+hWnd] ; hWnd
call ds:SendMessageA ; SendMessageA
cmp [ebp+ThreadId], ebx
lea esi, [esi+eax+2]
jnz short loc_4051B1
push ebx ; hWndNewOwner
call ds:OpenClipboard ; OpenClipboard
call ds:EmptyClipboard ; EmptyClipboard
push esi ; dwBytes
push 42h ; uFlags
call ds:GlobalAlloc ; GlobalAlloc
push eax ; hMem
mov [ebp+ThreadId], eax
call ds:GlobalLock ; GlobalLock
mov esi, eax
loc_4051F0: ; CODE XREF: sub_404EBC+359�j
lea eax, [ebp+var_3C]
mov [ebp+var_28], esi
push eax ; lParam
push ebx ; wParam
push edi ; Msg
push [ebp+hWnd] ; hWnd
call ds:SendMessageA ; SendMessageA
push esi ; lpString
call lstrlenA ; lstrlenA
add esi, eax
mov word ptr [esi], 0A0Dh
inc esi
inc esi
inc ebx
cmp ebx, [ebp+arg_4]
jl short loc_4051F0
push [ebp+ThreadId] ; hMem
call ds:GlobalUnlock ; GlobalUnlock
push [ebp+ThreadId] ; hMem
push 1 ; uFormat
call ds:SetClipboardData ; SetClipboardData
call ds:CloseClipboard ; CloseClipboard
loc_405231: ; CODE XREF: sub_404EBC+17E�j
; sub_404EBC+19C�j ...
xor eax, eax
jmp loc_4050E8
sub_404EBC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405238 proc near ; CODE XREF: sub_404201+13F�p
; sub_4059FD+162�p
ppMalloc = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
lea eax, [ebp+ppMalloc]
push eax ; ppMalloc
call ds:SHGetMalloc ; SHGetMalloc
mov eax, [ebp+ppMalloc]
test eax, eax
jz short locret_40525F
push [ebp+arg_0]
mov ecx, [eax]
push eax
call dword ptr [ecx+14h]
mov eax, [ebp+ppMalloc]
push eax
mov ecx, [eax]
call dword ptr [ecx+8]
locret_40525F: ; CODE XREF: sub_405238+13�j
leave
retn 4
sub_405238 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_405263(LPSTR lpCommandLine,LPCSTR lpCurrentDirectory)
sub_405263 proc near ; CODE XREF: sub_401439+A79�p
; start+2D8�p
hObject = _PROCESS_INFORMATION ptr -10h
lpCommandLine = dword ptr 8
lpCurrentDirectory= dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push [ebp+lpCurrentDirectory] ; lpFileName
mov StartupInfo.cb, 44h
call ds:GetFileAttributesA ; GetFileAttributesA
xor ecx, ecx
cmp eax, 0FFFFFFFFh
jz short loc_405287
test al, 10h
jnz short loc_40528A
loc_405287: ; CODE XREF: sub_405263+1E�j
mov [ebp+lpCurrentDirectory], ecx
loc_40528A: ; CODE XREF: sub_405263+22�j
lea eax, [ebp+hObject]
push eax ; lpProcessInformation
push offset StartupInfo ; lpStartupInfo
push [ebp+lpCurrentDirectory] ; lpCurrentDirectory
push ecx ; lpEnvironment
push ecx ; dwCreationFlags
push ecx ; bInheritHandles
push ecx ; lpThreadAttributes
push ecx ; lpProcessAttributes
push [ebp+lpCommandLine] ; lpCommandLine
push ecx ; lpApplicationName
call ds:CreateProcessA ; CreateProcessA
test eax, eax
jz short locret_4052B5
push [ebp+hObject.hThread] ; hObject
call ds:CloseHandle ; CloseHandle
mov eax, [ebp+hObject.hProcess]
locret_4052B5: ; CODE XREF: sub_405263+44�j
leave
retn 8
sub_405263 endp
; [00000006 BYTES: COLLAPSED FUNCTION SetDlgItemTextA. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_4052BF(int nIDDlgItem,LPSTR lpString)
sub_4052BF proc near ; CODE XREF: sub_404201+33�p
; sub_404201+1B5�p ...
nIDDlgItem = dword ptr 4
lpString = dword ptr 8
push 400h ; cchMax
push [esp+4+lpString] ; lpString
push [esp+8+nIDDlgItem] ; nIDDlgItem
push dword_42EBF8 ; hDlg
call ds:GetDlgItemTextA ; GetDlgItemTextA
retn 8
sub_4052BF endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_4052DB(LPCSTR lpText,int)
sub_4052DB proc near ; CODE XREF: sub_401439+45D�p
; sub_401439+521�p ...
lpText = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
mov ecx, eax
and ecx, 1FFFFFh
cmp dword_42F4C0, 0
jz short loc_4052F5
shr eax, 15h
jnz short locret_40531A
loc_4052F5: ; CODE XREF: sub_4052DB+13�j
cmp dword_42F4C8, 0
jz short loc_405304
xor ecx, 180000h
loc_405304: ; CODE XREF: sub_4052DB+21�j
push ecx ; uType
push offset Caption ; lpCaption
push [esp+8+lpText] ; lpText
push dword_42F424 ; hWnd
call ds:MessageBoxA ; MessageBoxA
locret_40531A: ; CODE XREF: sub_4052DB+18�j
retn 8
sub_4052DB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_40531D(LPCSTR lpString1,int)
sub_40531D proc near ; CODE XREF: sub_401439+553�p
; sub_40351D+1F�p ...
sz = _WIN32_FIND_DATAA ptr -148h
var_8 = dword ptr -8
var_4 = dword ptr -4
lpString1 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 148h
push esi
push edi
mov edi, [ebp+lpString1]
push edi ; lpString2
call sub_4055C8
test byte ptr [ebp+arg_4], 8
mov [ebp+var_8], eax
jz short loc_405351
push edi ; lpFileName
call ds:DeleteFileA ; DeleteFileA
neg eax
sbb eax, eax
inc eax
add dword_42F4A8, eax
jmp loc_4054E2
; ---------------------------------------------------------------------------
loc_405351: ; CODE XREF: sub_40531D+1B�j
push ebx
mov ebx, [ebp+arg_4]
and ebx, 1
mov [ebp+var_4], ebx
jz short loc_40536F
test eax, eax
jz loc_405487
test byte ptr [ebp+arg_4], 2
jz loc_405487
loc_40536F: ; CODE XREF: sub_40531D+3E�j
mov esi, offset byte_42B8A8
push edi ; lpString2
push esi ; lpString1
call sub_4059DB
test ebx, ebx
jz short loc_40538C
push offset a_ ; "\\*.*"
push esi ; lpString1
call lstrcatA ; lstrcatA
jmp short loc_405392
; ---------------------------------------------------------------------------
loc_40538C: ; CODE XREF: sub_40531D+60�j
push edi ; lpszStart
call sub_40552F
loc_405392: ; CODE XREF: sub_40531D+6D�j
push offset SubBlock ; "\\"
push edi ; lpString1
call lstrcatA ; lstrcatA
push edi ; lpString
call lstrlenA ; lstrlenA
mov ebx, eax
lea eax, [ebp+sz]
push eax ; lpFindFileData
push esi ; lpFileName
add ebx, edi
call ds:FindFirstFileA ; FindFirstFileA
cmp eax, 0FFFFFFFFh
mov [ebp+lpString1], eax
jz loc_40547D
loc_4053C1: ; CODE XREF: sub_40531D+151�j
lea eax, [ebp+sz.cFileName]
push 3Fh ; char
push eax ; lpsz
lea esi, [ebp+sz.cFileName]
call sub_405513
cmp byte ptr [eax], 0
jz short loc_4053E3
cmp [ebp+sz.cAlternateFileName], 0
jz short loc_4053E3
lea esi, [ebp+sz.cAlternateFileName]
loc_4053E3: ; CODE XREF: sub_40531D+BB�j
; sub_40531D+C1�j
cmp byte ptr [esi], 2Eh
jnz short loc_4053F9
mov al, [esi+1]
test al, al
jz short loc_40545C
cmp al, 2Eh
jnz short loc_4053F9
cmp byte ptr [esi+2], 0
jz short loc_40545C
loc_4053F9: ; CODE XREF: sub_40531D+C9�j
; sub_40531D+D4�j
push esi ; lpString2
push ebx ; lpString1
call sub_4059DB
mov eax, [ebp+sz.dwFileAttributes]
test al, 10h
jz short loc_40541F
mov eax, [ebp+arg_4]
and eax, 3
cmp al, 3
jnz short loc_40545C
push [ebp+arg_4] ; int
push edi ; lpString1
call sub_40531D
jmp short loc_40545C
; ---------------------------------------------------------------------------
loc_40541F: ; CODE XREF: sub_40531D+EB�j
and al, 0FEh
push eax ; dwFileAttributes
push edi ; lpFileName
call ds:SetFileAttributesA ; SetFileAttributesA
push edi ; lpFileName
call ds:DeleteFileA ; DeleteFileA
test eax, eax
jnz short loc_405454
test byte ptr [ebp+arg_4], 4
jz short loc_40544C
push edi ; lpString2
push 0FFFFFFF1h ; int
call sub_404D7E
push 0 ; NumberOfBytesRead
push edi ; int
call sub_405723
jmp short loc_40545C
; ---------------------------------------------------------------------------
loc_40544C: ; CODE XREF: sub_40531D+11B�j
inc dword_42F4A8
jmp short loc_40545C
; ---------------------------------------------------------------------------
loc_405454: ; CODE XREF: sub_40531D+115�j
push edi ; lpString2
push 0FFFFFFF2h ; int
call sub_404D7E
loc_40545C: ; CODE XREF: sub_40531D+D0�j
; sub_40531D+DA�j ...
lea eax, [ebp+sz]
push eax ; lpFindFileData
push [ebp+lpString1] ; hFindFile
call ds:FindNextFileA ; FindNextFileA
test eax, eax
jnz loc_4053C1
push [ebp+lpString1] ; hFindFile
call ds:FindClose ; FindClose
loc_40547D: ; CODE XREF: sub_40531D+9E�j
cmp [ebp+var_4], 0
jz short loc_405487
and byte ptr [ebx-1], 0
loc_405487: ; CODE XREF: sub_40531D+42�j
; sub_40531D+4C�j ...
xor esi, esi
pop ebx
cmp [ebp+var_4], esi
jz short loc_4054E2
cmp [ebp+var_8], esi
jnz short loc_40549C
loc_405494: ; CODE XREF: sub_40531D+1AA�j
inc dword_42F4A8
jmp short loc_4054E2
; ---------------------------------------------------------------------------
loc_40549C: ; CODE XREF: sub_40531D+175�j
push edi ; lpFileName
call sub_405CB0
test eax, eax
jz short loc_4054E2
push edi ; lpString1
call sub_4054E8
push 80h ; dwFileAttributes
push edi ; lpFileName
call ds:SetFileAttributesA ; SetFileAttributesA
push edi ; lpPathName
call ds:RemoveDirectoryA ; RemoveDirectoryA
test eax, eax
jnz short loc_4054DA
test byte ptr [ebp+arg_4], 4
jz short loc_405494
push edi ; lpString2
push 0FFFFFFF1h ; int
call sub_404D7E
push esi ; NumberOfBytesRead
push edi ; int
call sub_405723
jmp short loc_4054E2
; ---------------------------------------------------------------------------
loc_4054DA: ; CODE XREF: sub_40531D+1A4�j
push edi ; lpString2
push 0FFFFFFE5h ; int
call sub_404D7E
loc_4054E2: ; CODE XREF: sub_40531D+2F�j
; sub_40531D+170�j ...
pop edi
pop esi
leave
retn 8
sub_40531D endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_4054E8(LPCSTR lpString1)
sub_4054E8 proc near ; CODE XREF: sub_401439+39D�p
; sub_401439+12F8�p ...
lpString1 = dword ptr 4
push esi
mov esi, [esp+4+lpString1]
push esi ; lpString
call lstrlenA ; lstrlenA
add eax, esi
push eax ; lpszCurrent
push esi ; lpszStart
call ds:CharPrevA ; CharPrevA
cmp byte ptr [eax], 5Ch
jz short loc_40550D
push offset SubBlock ; "\\"
push esi ; lpString1
call lstrcatA ; lstrcatA
loc_40550D: ; CODE XREF: sub_4054E8+18�j
mov eax, esi
pop esi
retn 4
sub_4054E8 endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_405513(LPCSTR lpsz,char)
sub_405513 proc near ; CODE XREF: sub_401439+1B8�p start+D0�p ...
lpsz = dword ptr 4
arg_4 = byte ptr 8
mov eax, [esp+lpsz]
jmp short loc_405526
; ---------------------------------------------------------------------------
loc_405519: ; CODE XREF: sub_405513+17�j
cmp cl, [esp+arg_4]
jz short locret_40552C
push eax ; lpsz
call ds:CharNextA ; CharNextA
loc_405526: ; CODE XREF: sub_405513+4�j
mov cl, [eax]
test cl, cl
jnz short loc_405519
locret_40552C: ; CODE XREF: sub_405513+A�j
retn 8
sub_405513 endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_40552F(LPCSTR lpszStart)
sub_40552F proc near ; CODE XREF: sub_402C37+61�p start+2A4�p ...
lpszStart = dword ptr 4
push esi
mov esi, [esp+4+lpszStart]
push esi ; lpString
call lstrlenA ; lstrlenA
add eax, esi
loc_40553C: ; CODE XREF: sub_40552F+1C�j
cmp byte ptr [eax], 5Ch
jz short loc_40554D
push eax ; lpszCurrent
push esi ; lpszStart
call ds:CharPrevA ; CharPrevA
cmp eax, esi
ja short loc_40553C
loc_40554D: ; CODE XREF: sub_40552F+10�j
and byte ptr [eax], 0
pop esi
retn 4
sub_40552F endp
; =============== S U B R O U T I N E =======================================
sub_405554 proc near ; CODE XREF: sub_401439+37A�p
; sub_401439+C9F�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
mov al, [ecx]
or al, 20h
cmp word ptr [ecx], 5C5Ch
jz short loc_405575
cmp al, 61h
jl short loc_405571
cmp al, 7Ah
jg short loc_405571
cmp byte ptr [ecx+1], 3Ah
jz short loc_405575
loc_405571: ; CODE XREF: sub_405554+11�j
; sub_405554+15�j
xor eax, eax
jmp short locret_405578
; ---------------------------------------------------------------------------
loc_405575: ; CODE XREF: sub_405554+D�j
; sub_405554+1B�j
xor eax, eax
inc eax
locret_405578: ; CODE XREF: sub_405554+1F�j
retn 4
sub_405554 endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_40557B(LPCSTR lpsz)
sub_40557B proc near ; CODE XREF: sub_401439+1A6�p
; sub_404201+5E�p ...
lpsz = dword ptr 4
push ebx
push esi
mov esi, ds:CharNextA
push edi
mov edi, [esp+0Ch+lpsz]
push edi ; lpsz
call esi ; CharNextA
mov ebx, eax
push ebx ; lpsz
call esi ; CharNextA
cmp byte ptr [edi], 0
jz short loc_4055A1
cmp word ptr [ebx], 5C3Ah
jnz short loc_4055A1
push eax ; lpsz
call esi ; CharNextA
jmp short loc_4055C2
; ---------------------------------------------------------------------------
loc_4055A1: ; CODE XREF: sub_40557B+18�j
; sub_40557B+1F�j
cmp word ptr [edi], 5C5Ch
jnz short loc_4055C0
push 2
pop esi
loc_4055AB: ; CODE XREF: sub_40557B+41�j
push 5Ch ; char
push eax ; lpsz
dec esi
call sub_405513
cmp byte ptr [eax], 0
jz short loc_4055C0
inc eax
test esi, esi
jnz short loc_4055AB
jmp short loc_4055C2
; ---------------------------------------------------------------------------
loc_4055C0: ; CODE XREF: sub_40557B+2B�j
; sub_40557B+3C�j
xor eax, eax
loc_4055C2: ; CODE XREF: sub_40557B+24�j
; sub_40557B+43�j
pop edi
pop esi
pop ebx
retn 4
sub_40557B endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_4055C8(LPCSTR lpString2)
sub_4055C8 proc near ; CODE XREF: start+19B�p sub_403542+94�p ...
lpString2 = dword ptr 4
push esi
push edi
push [esp+8+lpString2] ; lpString2
mov esi, offset byte_42BCA8
push esi ; lpString1
call sub_4059DB
push esi ; lpsz
call sub_40557B
mov edi, eax
test edi, edi
jnz short loc_4055E9
loc_4055E5: ; CODE XREF: sub_4055C8+34�j
; sub_4055C8+38�j ...
xor eax, eax
jmp short loc_40563B
; ---------------------------------------------------------------------------
loc_4055E9: ; CODE XREF: sub_4055C8+1B�j
push edi ; lpszCurrent
call sub_405C17
test byte ptr dword_42F430, 80h
jz short loc_405602
mov al, [edi]
test al, al
jz short loc_4055E5
cmp al, 5Ch
jz short loc_4055E5
loc_405602: ; CODE XREF: sub_4055C8+2E�j
sub edi, esi
jmp short loc_40561A
; ---------------------------------------------------------------------------
loc_405606: ; CODE XREF: sub_4055C8+5B�j
call sub_405CB0
test eax, eax
jz short loc_405614
test byte ptr [eax], 10h
jz short loc_4055E5
loc_405614: ; CODE XREF: sub_4055C8+45�j
push esi ; lpszStart
call sub_40552F
loc_40561A: ; CODE XREF: sub_4055C8+3C�j
push esi ; lpString
call lstrlenA ; lstrlenA
cmp eax, edi
push esi ; lpString1
jg short loc_405606
call sub_4054E8
push esi ; lpFileName
call ds:GetFileAttributesA ; GetFileAttributesA
xor ecx, ecx
cmp eax, 0FFFFFFFFh
setnz cl
mov eax, ecx
loc_40563B: ; CODE XREF: sub_4055C8+1F�j
pop edi
pop esi
retn 4
sub_4055C8 endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_405640(LPCSTR lpString,LPCSTR lpString2)
sub_405640 proc near ; CODE XREF: sub_405723+11C�p
; sub_405723+188�p
lpString = dword ptr 4
lpString2 = dword ptr 8
push ebx
push esi
push edi
push [esp+0Ch+lpString2] ; lpString
call lstrlenA ; lstrlenA
mov edi, eax
mov esi, [esp+0Ch+lpString]
jmp short loc_405676
; ---------------------------------------------------------------------------
loc_405654: ; CODE XREF: sub_405640+3E�j
push [esp+0Ch+lpString2] ; lpString2
mov bl, [edi+esi]
and byte ptr [edi+esi], 0
push esi ; lpString1
call ds:lstrcmpiA ; lstrcmpiA
test eax, eax
mov [edi+esi], bl
jz short loc_405688
push esi ; lpsz
call ds:CharNextA ; CharNextA
mov esi, eax
loc_405676: ; CODE XREF: sub_405640+12�j
push esi ; lpString
call lstrlenA ; lstrlenA
cmp eax, edi
jge short loc_405654
xor eax, eax
loc_405682: ; CODE XREF: sub_405640+4A�j
pop edi
pop esi
pop ebx
retn 8
; ---------------------------------------------------------------------------
loc_405688: ; CODE XREF: sub_405640+2B�j
mov eax, esi
jmp short loc_405682
sub_405640 endp
; =============== S U B R O U T I N E =======================================
sub_40568C proc near ; CODE XREF: sub_401439+137E�p
; sub_402C37+C1�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_0]
push esi
mov esi, [esp+4+arg_8]
test esi, esi
jle short loc_4056A8
mov eax, [esp+4+arg_4]
sub eax, ecx
loc_40569F: ; CODE XREF: sub_40568C+1A�j
mov dl, [eax+ecx]
mov [ecx], dl
inc ecx
dec esi
jnz short loc_40569F
loc_4056A8: ; CODE XREF: sub_40568C+B�j
pop esi
retn 0Ch
sub_40568C endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_4056AC(LPCSTR lpFileName,DWORD dwDesiredAccess,DWORD dwCreationDisposition)
sub_4056AC proc near ; CODE XREF: sub_401439+411�p
; sub_401439+10EF�p ...
lpFileName = dword ptr 4
dwDesiredAccess = dword ptr 8
dwCreationDisposition= dword ptr 0Ch
push [esp+lpFileName] ; lpFileName
call ds:GetFileAttributesA ; GetFileAttributesA
mov ecx, eax
push 0 ; hTemplateFile
inc ecx
neg ecx
sbb ecx, ecx
and ecx, eax
push ecx ; dwFlagsAndAttributes
push [esp+8+dwCreationDisposition] ; dwCreationDisposition
push 0 ; lpSecurityAttributes
push 1 ; dwShareMode
push [esp+14h+dwDesiredAccess] ; dwDesiredAccess
push [esp+18h+lpFileName] ; lpFileName
call ds:CreateFileA ; CreateFileA
retn 0Ch
sub_4056AC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_4056DB(const CHAR lpTempFileName,LPCSTR lpPathName)
sub_4056DB proc near ; CODE XREF: sub_401439+35A�p
; sub_403132+2D�p
lpTempFileName = byte ptr 8
lpPathName = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
mov esi, dword ptr [ebp+lpTempFileName]
push edi
push 64h
pop edi
loc_4056E6: ; CODE XREF: sub_4056DB+39�j
dec edi
mov dword ptr [ebp+lpTempFileName], 61736Eh
call ds:GetTickCount ; GetTickCount
push 1Ah
xor edx, edx
pop ecx
div ecx
push esi ; lpTempFileName
lea eax, [ebp+lpTempFileName]
push 0 ; uUnique
push eax ; lpPrefixString
push [ebp+lpPathName] ; lpPathName
add [ebp+0Ah], dl
call ds:GetTempFileNameA ; GetTempFileNameA
test eax, eax
jnz short loc_40571F
test edi, edi
jnz short loc_4056E6
and byte ptr [esi], 0
loc_405719: ; CODE XREF: sub_4056DB+46�j
pop edi
pop esi
pop ebp
retn 8
; ---------------------------------------------------------------------------
loc_40571F: ; CODE XREF: sub_4056DB+35�j
mov eax, esi
jmp short loc_405719
sub_4056DB endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_405723(int,LPCSTR NumberOfBytesRead)
sub_405723 proc near ; CODE XREF: sub_401439+2BA�p
; start+288�p ...
arg_0 = dword ptr 4
NumberOfBytesRead= dword ptr 8
push ebx
push ebp
push esi
push edi
push offset aMovefileexa ; "MoveFileExA"
push offset aKernel32_dll ; "KERNEL32.dll"
call sub_405CEE
test eax, eax
mov esi, [esp+10h+NumberOfBytesRead]
jz short loc_40574F
push 5
push esi
push [esp+18h+arg_0]
call eax
test eax, eax
jnz loc_405895
loc_40574F: ; CODE XREF: sub_405723+19�j
mov ebx, ds:GetShortPathNameA
mov szShortPath, 4C554Eh
test esi, esi
mov edi, 400h
mov ebp, offset szShortPath
jz short loc_405793
push 1 ; dwCreationDisposition
push 0 ; dwDesiredAccess
push esi ; lpFileName
call sub_4056AC
push eax ; hObject
call ds:CloseHandle ; CloseHandle
push edi ; cchBuffer
push ebp ; lpszShortPath
push esi ; lpszLongPath
call ebx ; GetShortPathNameA
test eax, eax
jz loc_40589B
cmp eax, edi
jg loc_40589B
loc_405793: ; CODE XREF: sub_405723+48�j
mov esi, offset Buffer
push edi ; cchBuffer
push esi ; lpszShortPath
push [esp+18h+arg_0] ; lpszLongPath
call ebx ; GetShortPathNameA
test eax, eax
jz loc_40589B
cmp eax, edi
jg loc_40589B
push esi
push ebp
push offset aSS_0 ; "%s=%s\r\n"
push offset byte_42C0A8 ; LPSTR
call ds:wsprintfA ; wsprintfA
add esp, 10h
mov ebx, eax
push 3F0h ; uSize
push esi ; lpBuffer
call ds:GetWindowsDirectoryA ; GetWindowsDirectoryA
push offset aWininit_ini ; "\\wininit.ini"
push esi ; lpString1
call lstrcatA ; lstrcatA
xor eax, eax
push eax ; hTemplateFile
push 8000080h ; dwFlagsAndAttributes
push 4 ; dwCreationDisposition
push eax ; lpSecurityAttributes
push eax ; dwShareMode
push 0C0000000h ; dwDesiredAccess
push esi ; lpFileName
call ds:CreateFileA ; CreateFileA
mov ebp, eax
cmp ebp, 0FFFFFFFFh
jz loc_405895
push 0 ; lpFileSizeHigh
push ebp ; hFile
call ds:GetFileSize ; GetFileSize
mov edi, eax
lea eax, [edi+ebx+0Ah]
push eax ; dwBytes
push 40h ; uFlags
call ds:GlobalAlloc ; GlobalAlloc
mov esi, eax
test esi, esi
jz short loc_40588E
lea eax, [esp+10h+NumberOfBytesRead]
push 0 ; lpOverlapped
push eax ; lpNumberOfBytesRead
push edi ; nNumberOfBytesToRead
push esi ; lpBuffer
push ebp ; hFile
call ds:ReadFile ; ReadFile
test eax, eax
jz short loc_40588E
cmp edi, [esp+10h+NumberOfBytesRead]
jnz short loc_40588E
push offset aRename ; "[Rename]\r\n"
push esi ; lpString
call sub_405640
test eax, eax
jnz short loc_4058A2
lea eax, [esi+edi]
push offset aRename ; "[Rename]\r\n"
push eax ; lpString1
call sub_4059DB
add edi, 0Ah
loc_405859: ; CODE XREF: sub_405723+18F�j
mov eax, edi
loc_40585B: ; CODE XREF: sub_405723+1AA�j
push ebx
add eax, esi
push offset byte_42C0A8
push eax
call sub_40568C
xor eax, eax
push eax ; dwMoveMethod
push eax ; lpDistanceToMoveHigh
push eax ; lDistanceToMove
push ebp ; hFile
call ds:SetFilePointer ; SetFilePointer
lea eax, [esp+10h+NumberOfBytesRead]
push 0 ; lpOverlapped
add edi, ebx
push eax ; lpNumberOfBytesWritten
push edi ; nNumberOfBytesToWrite
push esi ; lpBuffer
push ebp ; hFile
call ds:WriteFile ; WriteFile
push esi ; hMem
call ds:GlobalFree ; GlobalFree
loc_40588E: ; CODE XREF: sub_405723+FA�j
; sub_405723+10E�j ...
push ebp ; hObject
call ds:CloseHandle ; CloseHandle
loc_405895: ; CODE XREF: sub_405723+26�j
; sub_405723+D8�j
inc dword_42F4B0
loc_40589B: ; CODE XREF: sub_405723+62�j
; sub_405723+6A�j ...
pop edi
pop esi
pop ebp
pop ebx
retn 8
; ---------------------------------------------------------------------------
loc_4058A2: ; CODE XREF: sub_405723+123�j
add eax, 0Ah
push offset asc_409308 ; "\n["
push eax ; lpString
call sub_405640
test eax, eax
jz short loc_405859
inc eax
lea edx, [esi+edi]
cmp eax, edx
mov ecx, eax
jnb short loc_4058CB
loc_4058BE: ; CODE XREF: sub_405723+1A6�j
mov dl, [ecx]
mov [ecx+ebx], dl
inc ecx
lea edx, [esi+edi]
cmp ecx, edx
jb short loc_4058BE
loc_4058CB: ; CODE XREF: sub_405723+199�j
sub eax, esi
jmp short loc_40585B
sub_405723 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_4058CF(HKEY cbData,LPCSTR phkResult,LPCSTR lpValueName,DWORD lpData)
sub_4058CF proc near ; CODE XREF: sub_403542+4F�p
; sub_403542+6C�p ...
cbData = dword ptr 8
phkResult = dword ptr 0Ch
lpValueName = dword ptr 10h
lpData = dword ptr 14h
push ebp
mov ebp, esp
push ebx
lea eax, [ebp+phkResult]
push esi
mov esi, [ebp+lpData]
xor ebx, ebx
push eax ; phkResult
push 20019h ; samDesired
push ebx ; ulOptions
push [ebp+phkResult] ; lpSubKey
mov [esi], bl
push [ebp+cbData] ; hKey
call ds:RegOpenKeyExA ; RegOpenKeyExA
test eax, eax
jnz short loc_405933
lea eax, [ebp+cbData]
mov [ebp+cbData], 400h
push eax ; lpcbData
lea eax, [ebp+lpData]
push esi ; lpData
push eax ; lpType
push ebx ; lpReserved
push [ebp+lpValueName] ; lpValueName
push [ebp+phkResult] ; hKey
call ds:RegQueryValueExA ; RegQueryValueExA
test eax, eax
jnz short loc_405922
cmp [ebp+lpData], 1
jz short loc_405924
cmp [ebp+lpData], 2
jz short loc_405924
loc_405922: ; CODE XREF: sub_4058CF+45�j
mov [esi], bl
loc_405924: ; CODE XREF: sub_4058CF+4B�j
; sub_4058CF+51�j
push [ebp+phkResult] ; hKey
mov [esi+3FFh], bl
call ds:RegCloseKey ; RegCloseKey
loc_405933: ; CODE XREF: sub_4058CF+24�j
pop esi
pop ebx
pop ebp
retn 10h
sub_4058CF endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_405939(LPSTR,int)
sub_405939 proc near ; CODE XREF: sub_401439+AC1�p
; sub_401439+AFC�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push [esp+arg_4]
push offset aD ; "%d"
push [esp+8+arg_0] ; LPSTR
call ds:wsprintfA ; wsprintfA
add esp, 0Ch
retn 8
sub_405939 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405952 proc near ; CODE XREF: sub_40136D+39�p
; sub_401439+91�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov ecx, [ebp+arg_0]
push ebx
push esi
push edi
xor edi, edi
cmp byte ptr [ecx], 2Dh
mov [ebp+var_4], 1
mov al, 0Ah
mov bl, 39h
jnz short loc_405973
inc ecx
or [ebp+var_4], 0FFFFFFFFh
loc_405973: ; CODE XREF: sub_405952+1A�j
cmp byte ptr [ecx], 30h
jnz short loc_405994
inc ecx
mov dl, [ecx]
cmp dl, 30h
jl short loc_405989
cmp dl, 37h
jg short loc_405989
mov al, 8
mov bl, 37h
loc_405989: ; CODE XREF: sub_405952+2C�j
; sub_405952+31�j
and dl, 0DFh
cmp dl, 58h
jnz short loc_405994
mov al, 10h
inc ecx
loc_405994: ; CODE XREF: sub_405952+24�j
; sub_405952+3D�j ...
movsx edx, byte ptr [ecx]
inc ecx
cmp edx, 30h
jl short loc_4059A9
movsx esi, bl
cmp edx, esi
jg short loc_4059A9
sub edx, 30h
jmp short loc_4059C2
; ---------------------------------------------------------------------------
loc_4059A9: ; CODE XREF: sub_405952+49�j
; sub_405952+50�j
cmp al, 10h
jnz short loc_4059CE
mov esi, edx
and esi, 0FFFFFFDFh
cmp esi, 41h
jl short loc_4059CE
cmp esi, 46h
jg short loc_4059CE
and edx, 7
add edx, 9
loc_4059C2: ; CODE XREF: sub_405952+55�j
movsx esi, al
imul esi, edi
add esi, edx
mov edi, esi
jmp short loc_405994
; ---------------------------------------------------------------------------
loc_4059CE: ; CODE XREF: sub_405952+59�j
; sub_405952+63�j ...
mov eax, [ebp+var_4]
imul eax, edi
pop edi
pop esi
pop ebx
leave
retn 4
sub_405952 endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_4059DB(LPSTR lpString1,LPCSTR lpString2)
sub_4059DB proc near ; CODE XREF: sub_401439+209�p
; sub_401439+24F�p ...
lpString1 = dword ptr 4
lpString2 = dword ptr 8
push 400h ; iMaxLength
push [esp+4+lpString2] ; lpString2
push [esp+8+lpString1] ; lpString1
call ds:lstrcpynA ; lstrcpynA
retn 8
sub_4059DB endp
; [00000006 BYTES: COLLAPSED FUNCTION lstrlenA. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION lstrcatA. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_4059FD(LPSTR lpString1,LPCSTR lpString2)
sub_4059FD proc near ; CODE XREF: sub_401439+441�p
; sub_401439+4F0�p ...
csidl = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
pidl = dword ptr -4
lpString1 = dword ptr 8
lpString2 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 18h
push ebx
mov ebx, [ebp+lpString2]
push esi
push edi
test ebx, ebx
jge short loc_405A1E
mov ecx, dword_42EBFC
lea eax, ds:4[ebx*4]
sub ecx, eax
mov ebx, [ecx]
loc_405A1E: ; CODE XREF: sub_4059FD+E�j
mov eax, dword_42F458
mov ecx, [ebp+lpString1]
add ebx, eax
mov eax, offset byte_42E3C0
sub ecx, eax
mov edi, eax
cmp ecx, 800h
jnb loc_405BF1
mov edi, [ebp+lpString1]
and [ebp+lpString1], 0
jmp loc_405BF1
; ---------------------------------------------------------------------------
loc_405A49: ; CODE XREF: sub_4059FD+1FB�j
mov edx, edi
sub edx, eax
cmp edx, 400h
jge loc_405BFE
inc ebx
cmp cl, 0FCh
jbe loc_405BE4
movsx eax, byte ptr [ebx+1]
movsx ecx, byte ptr [ebx]
mov esi, eax
mov edx, ecx
and esi, 7Fh
and edx, 7Fh
shl esi, 7
or esi, edx
mov edx, 8000h
mov [ebp+csidl], ecx
mov [ebp+var_10], eax
or ecx, edx
or eax, edx
inc ebx
mov [ebp+var_14], ecx
inc ebx
cmp byte ptr [ebp+lpString2+3], 0FEh
mov [ebp+var_C], eax
jnz loc_405B8F
and [ebp+lpString2], 0
and byte ptr [edi], 0
push 4
pop esi
cmp [ebp+var_10], esi
jnz short loc_405AB2
mov [ebp+lpString2], offset aMicrosoftInter ; "\\Microsoft\\Internet Explorer\\Quick Laun"...
jmp short loc_405B2A
; ---------------------------------------------------------------------------
loc_405AB2: ; CODE XREF: sub_4059FD+AA�j
mov eax, [ebp+csidl]
cmp eax, 2Bh
jnz short loc_405AD1
push edi ; lpData
push offset aCommonfilesdir ; "CommonFilesDir"
push offset aSoftwareMicros ; "Software\\Microsoft\\Windows\\CurrentVersi"...
push 80000002h ; cbData
call sub_4058CF
jmp short loc_405B25
; ---------------------------------------------------------------------------
loc_405AD1: ; CODE XREF: sub_4059FD+BB�j
cmp eax, 26h
jnz short loc_405B01
push edi ; lpData
push offset aProgramfilesdi ; "ProgramFilesDir"
push offset aSoftwareMicros ; "Software\\Microsoft\\Windows\\CurrentVersi"...
push 80000002h ; cbData
call sub_4058CF
cmp byte ptr [edi], 0
jnz loc_405B87
push offset aCProgramFiles ; "C:\\Program Files"
push edi ; lpString1
call sub_4059DB
jmp short loc_405B25
; ---------------------------------------------------------------------------
loc_405B01: ; CODE XREF: sub_4059FD+D7�j
cmp eax, 25h
jnz short loc_405B14
push 400h ; uSize
push edi ; lpBuffer
call ds:GetSystemDirectoryA ; GetSystemDirectoryA
jmp short loc_405B25
; ---------------------------------------------------------------------------
loc_405B14: ; CODE XREF: sub_4059FD+107�j
cmp eax, 24h
jnz short loc_405B2A
push 400h ; uSize
push edi ; lpBuffer
call ds:GetWindowsDirectoryA ; GetWindowsDirectoryA
loc_405B25: ; CODE XREF: sub_4059FD+D2�j
; sub_4059FD+102�j ...
cmp byte ptr [edi], 0
jnz short loc_405B87
loc_405B2A: ; CODE XREF: sub_4059FD+B3�j
; sub_4059FD+11A�j
cmp dword_42F4A4, 0
jnz short loc_405B36
push 2
pop esi
loc_405B36: ; CODE XREF: sub_4059FD+134�j
; sub_4059FD+174�j
lea eax, [ebp+pidl]
dec esi
push eax ; ppidl
push [ebp+esi*4+csidl] ; csidl
push dword_42F424 ; hwnd
call ds:SHGetSpecialFolderLocation ; SHGetSpecialFolderLocation
test eax, eax
jnz short loc_405B6C
push edi ; pszPath
push [ebp+pidl] ; pidl
call ds:SHGetPathFromIDListA ; SHGetPathFromIDListA
push [ebp+pidl]
mov [ebp+var_8], eax
call sub_405238
cmp [ebp+var_8], 0
jnz short loc_405B73
jmp short loc_405B6F
; ---------------------------------------------------------------------------
loc_405B6C: ; CODE XREF: sub_4059FD+150�j
and byte ptr [edi], 0
loc_405B6F: ; CODE XREF: sub_4059FD+16D�j
test esi, esi
jnz short loc_405B36
loc_405B73: ; CODE XREF: sub_4059FD+16B�j
cmp byte ptr [edi], 0
jz short loc_405B87
cmp [ebp+lpString2], 0
jz short loc_405B87
push [ebp+lpString2] ; lpString2
push edi ; lpString1
call lstrcatA ; lstrcatA
loc_405B87: ; CODE XREF: sub_4059FD+F1�j
; sub_4059FD+12B�j ...
push edi ; lpszCurrent
call sub_405C17
jmp short loc_405BD5
; ---------------------------------------------------------------------------
loc_405B8F: ; CODE XREF: sub_4059FD+97�j
cmp byte ptr [ebp+lpString2+3], 0FDh
jnz short loc_405BC3
cmp esi, 1Bh
jnz short loc_405BA8
push dword_42F424 ; int
push edi ; LPSTR
call sub_405939
jmp short loc_405BB9
; ---------------------------------------------------------------------------
loc_405BA8: ; CODE XREF: sub_4059FD+19B�j
mov eax, esi
shl eax, 0Ah
add eax, offset dword_430000
push eax ; lpString2
push edi ; lpString1
call sub_4059DB
loc_405BB9: ; CODE XREF: sub_4059FD+1A9�j
add esi, 0FFFFFFEBh
cmp esi, 6
jnb short loc_405BD5
jmp short loc_405B87
; ---------------------------------------------------------------------------
loc_405BC3: ; CODE XREF: sub_4059FD+196�j
cmp byte ptr [ebp+lpString2+3], 0FFh
jnz short loc_405BD5
or eax, 0FFFFFFFFh
sub eax, esi
push eax ; lpString2
push edi ; lpString1
call sub_4059FD
loc_405BD5: ; CODE XREF: sub_4059FD+190�j
; sub_4059FD+1C2�j ...
push edi ; lpString
call lstrlenA ; lstrlenA
add edi, eax
mov eax, offset byte_42E3C0
jmp short loc_405BF1
; ---------------------------------------------------------------------------
loc_405BE4: ; CODE XREF: sub_4059FD+60�j
jnz short loc_405BEE
mov cl, [ebx]
mov [edi], cl
inc edi
inc ebx
jmp short loc_405BF1
; ---------------------------------------------------------------------------
loc_405BEE: ; CODE XREF: sub_4059FD:loc_405BE4�j
mov [edi], cl
inc edi
loc_405BF1: ; CODE XREF: sub_4059FD+3A�j
; sub_4059FD+47�j ...
mov cl, [ebx]
test cl, cl
mov byte ptr [ebp+lpString2+3], cl
jnz loc_405A49
loc_405BFE: ; CODE XREF: sub_4059FD+56�j
and byte ptr [edi], 0
cmp [ebp+lpString1], 0
pop edi
pop esi
pop ebx
jz short locret_405C13
push eax ; lpString2
push [ebp+lpString1] ; lpString1
call sub_4059DB
locret_405C13: ; CODE XREF: sub_4059FD+20B�j
leave
retn 8
sub_4059FD endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_405C17(LPCSTR lpszCurrent)
sub_405C17 proc near ; CODE XREF: sub_401439+3A9�p
; sub_401439+1309�p ...
lpszCurrent = dword ptr 4
push ebx
push esi
mov esi, [esp+8+lpszCurrent]
push edi
cmp byte ptr [esi], 5Ch
jnz short loc_405C38
cmp byte ptr [esi+1], 5Ch
jnz short loc_405C38
cmp byte ptr [esi+2], 3Fh
jnz short loc_405C38
cmp byte ptr [esi+3], 5Ch
jnz short loc_405C38
add esi, 4
loc_405C38: ; CODE XREF: sub_405C17+A�j
; sub_405C17+10�j ...
cmp byte ptr [esi], 0
jz short loc_405C49
push esi
call sub_405554
test eax, eax
jz short loc_405C49
inc esi
inc esi
loc_405C49: ; CODE XREF: sub_405C17+24�j
; sub_405C17+2E�j
mov al, [esi]
mov ebx, esi
test al, al
mov edi, esi
jz short loc_405C8C
push ebp
mov ebp, ds:CharNextA
loc_405C5A: ; CODE XREF: sub_405C17+72�j
cmp al, 1Fh
jbe short loc_405C80
push eax ; char
push offset a? ; "*?|<>/\":"
call sub_405513
cmp byte ptr [eax], 0
jnz short loc_405C80
push esi ; lpsz
call ebp ; CharNextA
sub eax, esi
push eax
push esi
push edi
call sub_40568C
push edi ; lpsz
call ebp ; CharNextA
mov edi, eax
loc_405C80: ; CODE XREF: sub_405C17+45�j
; sub_405C17+55�j
push esi ; lpsz
call ebp ; CharNextA
mov esi, eax
mov al, [esi]
test al, al
jnz short loc_405C5A
pop ebp
loc_405C8C: ; CODE XREF: sub_405C17+3A�j
and byte ptr [edi], 0
loc_405C8F: ; CODE XREF: sub_405C17+91�j
push edi ; lpszCurrent
push ebx ; lpszStart
call ds:CharPrevA ; CharPrevA
mov edi, eax
mov al, [edi]
cmp al, 20h
jz short loc_405CA3
cmp al, 5Ch
jnz short loc_405CAA
loc_405CA3: ; CODE XREF: sub_405C17+86�j
and byte ptr [edi], 0
cmp ebx, edi
jb short loc_405C8F
loc_405CAA: ; CODE XREF: sub_405C17+8A�j
pop edi
pop esi
pop ebx
retn 4
sub_405C17 endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_405CB0(LPCSTR lpFileName)
sub_405CB0 proc near ; CODE XREF: sub_401439+228�p
; sub_401439+2A7�p ...
lpFileName = dword ptr 4
push ebx
push esi
mov esi, ds:SetErrorMode
push edi
push 8001h ; uMode
call esi ; SetErrorMode
mov edi, offset FindFileData
push edi ; lpFindFileData
push [esp+10h+lpFileName] ; lpFileName
call ds:FindFirstFileA ; FindFirstFileA
push 0 ; uMode
mov ebx, eax
call esi ; SetErrorMode
cmp ebx, 0FFFFFFFFh
jz short loc_405CE6
push ebx ; hFindFile
call ds:FindClose ; FindClose
mov eax, edi
jmp short loc_405CE8
; ---------------------------------------------------------------------------
loc_405CE6: ; CODE XREF: sub_405CB0+29�j
xor eax, eax
loc_405CE8: ; CODE XREF: sub_405CB0+34�j
pop edi
pop esi
pop ebx
retn 4
sub_405CB0 endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_405CEE(LPCSTR lpLibFileName,LPCSTR lpProcName)
sub_405CEE proc near ; CODE XREF: start+31C�p start+329�p ...
lpLibFileName = dword ptr 4
lpProcName = dword ptr 8
push [esp+lpLibFileName] ; lpModuleName
call ds:GetModuleHandleA ; GetModuleHandleA
test eax, eax
jnz short loc_405D0A
push [esp+lpLibFileName] ; lpLibFileName
call ds:LoadLibraryA ; LoadLibraryA
test eax, eax
jz short locret_405D15
loc_405D0A: ; CODE XREF: sub_405CEE+C�j
push [esp+lpProcName] ; lpProcName
push eax ; hModule
call ds:GetProcAddress ; GetProcAddress
locret_405D15: ; CODE XREF: sub_405CEE+1A�j
retn 8
sub_405CEE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_405D18(UINT wMsgFilterMax)
sub_405D18 proc near ; CODE XREF: sub_401439+A98�p
; sub_402C37+141�p
Msg = MSG ptr -1Ch
wMsgFilterMax = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1Ch
push esi
mov esi, [ebp+wMsgFilterMax]
push edi
mov edi, ds:PeekMessageA
jmp short loc_405D35
; ---------------------------------------------------------------------------
loc_405D2B: ; CODE XREF: sub_405D18+2B�j
lea eax, [ebp+Msg]
push eax ; lpMsg
call ds:DispatchMessageA ; DispatchMessageA
loc_405D35: ; CODE XREF: sub_405D18+11�j
push 1 ; wRemoveMsg
push esi ; wMsgFilterMax
push esi ; wMsgFilterMin
lea eax, [ebp+Msg]
push 0 ; hWnd
push eax ; lpMsg
call edi ; PeekMessageA
test eax, eax
jnz short loc_405D2B
pop edi
pop esi
leave
retn 4
sub_405D18 endp
; =============== S U B R O U T I N E =======================================
sub_405D4B proc near ; CODE XREF: sub_402C37+180�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
cmp dword_42CE34, 0
push esi
jnz short loc_405D82
xor ecx, ecx
loc_405D57: ; CODE XREF: sub_405D4B+35�j
push 8
mov eax, ecx
pop esi
loc_405D5C: ; CODE XREF: sub_405D4B+25�j
mov edx, eax
and dl, 1
neg dl
sbb edx, edx
and edx, 0EDB88320h
shr eax, 1
xor eax, edx
dec esi
jnz short loc_405D5C
mov dword_42CE30[ecx*4], eax
inc ecx
cmp ecx, 100h
jl short loc_405D57
loc_405D82: ; CODE XREF: sub_405D4B+8�j
mov edx, [esp+4+arg_8]
mov eax, [esp+4+arg_0]
test edx, edx
not eax
jbe short loc_405DB3
mov ecx, [esp+4+arg_4]
push edi
loc_405D95: ; CODE XREF: sub_405D4B+65�j
movzx edi, byte ptr [ecx]
mov esi, eax
and esi, 0FFh
xor esi, edi
shr eax, 8
mov esi, dword_42CE30[esi*4]
xor eax, esi
inc ecx
dec edx
jnz short loc_405D95
pop edi
loc_405DB3: ; CODE XREF: sub_405D4B+43�j
not eax
pop esi
retn 0Ch
sub_405D4B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405DB9 proc near ; CODE XREF: sub_402EBD+F6�p
var_40 = dword ptr -40h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 44h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov ecx, [eax]
lea esi, [eax+10h]
mov eax, [eax+4]
mov [ebp+var_38], ecx
mov ecx, [esi+9BA8h]
mov ebx, [esi+518h]
mov [ebp+var_34], eax
mov eax, [esi+51Ch]
mov [ebp+var_40], eax
mov eax, [esi+9BA4h]
cmp ecx, eax
mov [ebp+var_30], ecx
jnb short loc_405DFA
sub eax, ecx
dec eax
jmp short loc_405E02
; ---------------------------------------------------------------------------
loc_405DFA: ; CODE XREF: sub_405DB9+3A�j
mov eax, [esi+9BA0h]
sub eax, ecx
loc_405E02: ; CODE XREF: sub_405DB9+3F�j
mov [ebp+var_2C], eax
jmp loc_4067CD
; ---------------------------------------------------------------------------
loc_405E0A: ; CODE XREF: sub_405DB9+A19�j
jmp ds:off_406808[eax*4]
; ---------------------------------------------------------------------------
loc_405E11: ; CODE XREF: sub_405DB9+7B�j
cmp [ebp+var_34], 0
jz loc_4067DD
mov eax, [ebp+var_38]
dec [ebp+var_34]
mov ecx, ebx
movzx eax, byte ptr [eax]
shl eax, cl
or [ebp+var_40], eax
inc [ebp+var_38]
add ebx, 8
loc_405E31: ; CODE XREF: sub_405DB9:loc_405E0A�j
; DATA XREF: .text:00406828�o
cmp ebx, 3
jb short loc_405E11
mov eax, [ebp+var_40]
sub ebx, 3
shr [ebp+var_40], 3
and eax, 7
mov ecx, eax
and cl, 1
neg cl
sbb ecx, ecx
and ecx, 7
shr eax, 1
add ecx, 8
sub eax, 0
mov [esi+514h], ecx
jz loc_405F91
dec eax
jz short loc_405EBC
dec eax
jz short loc_405EB1
dec eax
jnz loc_4067CD
loc_405E70: ; CODE XREF: sub_405DB9:loc_405E0A�j
; sub_405DB9+358�j ...
or edi, 0FFFFFFFFh
mov dword ptr [esi], 11h
loc_405E79: ; CODE XREF: sub_405DB9+A42�j
; sub_405DB9+A4A�j
mov eax, [ebp+var_40]
mov ecx, [ebp+arg_0]
mov [esi+51Ch], eax
mov eax, [ebp+var_34]
mov [esi+518h], ebx
mov [ecx+4], eax
loc_405E91: ; CODE XREF: sub_405DB9+A3B�j
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_38]
push eax
mov [eax], ecx
mov ecx, [ebp+var_30]
mov [esi+9BA8h], ecx
call sub_406848
mov eax, edi
pop edi
pop esi
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_405EB1: ; CODE XREF: sub_405DB9+AE�j
mov dword ptr [esi], 0Bh
jmp loc_4067CD
; ---------------------------------------------------------------------------
loc_405EBC: ; CODE XREF: sub_405DB9+AB�j
cmp byte_42E3B8, 0
jnz loc_405F69
and [ebp+var_8], 0
mov eax, offset dword_42D238
loc_405ED2: ; CODE XREF: sub_405DB9+143�j
cmp eax, offset dword_42D474
mov cl, 8
jle short loc_405EEF
cmp eax, offset dword_42D638
jge short loc_405EE6
inc cl
jmp short loc_405EEF
; ---------------------------------------------------------------------------
loc_405EE6: ; CODE XREF: sub_405DB9+127�j
cmp eax, offset dword_42D698
jge short loc_405EEF
mov cl, 7
loc_405EEF: ; CODE XREF: sub_405DB9+120�j
; sub_405DB9+12B�j ...
movsx ecx, cl
mov [eax], ecx
add eax, 4
cmp eax, offset dword_42D6B8
jl short loc_405ED2
lea eax, [ebp+var_8]
mov edi, offset dword_42D238
push eax
push offset dword_42DB38
push offset byte_4093F8
push offset dword_42D234
push offset dword_407368
push offset dword_407328
push 101h
push 120h
push edi
call sub_4068B0
push 1Eh
pop ecx
push 5
pop eax
rep stosd
lea eax, [ebp+var_8]
push eax
push offset dword_42DB38
push offset byte_4093FC
push offset dword_42D230
push offset dword_4073E4
push offset dword_4073A8
push 0
push 1Eh
push offset dword_42D238
call sub_4068B0
inc byte_42E3B8
loc_405F69: ; CODE XREF: sub_405DB9+10A�j
mov al, byte_4093F8
mov [esi+10h], al
mov al, byte_4093FC
mov [esi+11h], al
mov eax, dword_42D234
mov [esi+14h], eax
mov eax, dword_42D230
mov [esi+18h], eax
loc_405F89: ; CODE XREF: sub_405DB9+83A�j
; sub_405DB9+909�j ...
and dword ptr [esi], 0
jmp loc_4067CD
; ---------------------------------------------------------------------------
loc_405F91: ; CODE XREF: sub_405DB9+A4�j
mov ecx, ebx
mov dword ptr [esi], 9
and ecx, 7
shr [ebp+var_40], cl
sub ebx, ecx
jmp loc_4067CD
; ---------------------------------------------------------------------------
loc_405FA6: ; CODE XREF: sub_405DB9+210�j
cmp [ebp+var_34], 0
jz loc_4067DD
mov eax, [ebp+var_38]
dec [ebp+var_34]
mov ecx, ebx
movzx eax, byte ptr [eax]
shl eax, cl
or [ebp+var_40], eax
inc [ebp+var_38]
add ebx, 8
loc_405FC6: ; CODE XREF: sub_405DB9:loc_405E0A�j
; DATA XREF: .text:0040682C�o
cmp ebx, 10h
jb short loc_405FA6
mov eax, [ebp+var_40]
xor ebx, ebx
and eax, 0FFFFh
mov [ebp+var_40], ebx
cmp eax, ebx
mov [esi+4], eax
jz loc_4060CC
push 0Ah
pop eax
jmp loc_4060D2
; ---------------------------------------------------------------------------
loc_405FEB: ; CODE XREF: sub_405DB9:loc_405E0A�j
; DATA XREF: .text:00406830�o
cmp [ebp+var_34], 0
jz loc_4067DD
mov eax, [ebp+var_2C]
test eax, eax
jnz loc_406098
mov ecx, [esi+9BA0h]
mov edx, [ebp+var_30]
cmp edx, ecx
jnz short loc_406036
mov eax, [esi+9BA4h]
lea edi, [esi+1BA0h]
cmp eax, edi
jz short loc_406036
mov edx, edi
cmp edx, eax
mov [ebp+var_30], edx
jnb short loc_40602B
sub eax, edx
dec eax
jmp short loc_40602F
; ---------------------------------------------------------------------------
loc_40602B: ; CODE XREF: sub_405DB9+26B�j
sub ecx, edx
mov eax, ecx
loc_40602F: ; CODE XREF: sub_405DB9+270�j
test eax, eax
mov [ebp+var_2C], eax
jnz short loc_406098
loc_406036: ; CODE XREF: sub_405DB9+252�j
; sub_405DB9+262�j
push [ebp+arg_0]
mov [esi+9BA8h], edx
call sub_406848
mov edx, [esi+9BA8h]
mov ecx, [esi+9BA4h]
cmp edx, ecx
mov [ebp+var_30], edx
jnb short loc_40605E
mov eax, ecx
sub eax, edx
dec eax
jmp short loc_406066
; ---------------------------------------------------------------------------
loc_40605E: ; CODE XREF: sub_405DB9+29C�j
mov eax, [esi+9BA0h]
sub eax, edx
loc_406066: ; CODE XREF: sub_405DB9+2A3�j
mov edi, [esi+9BA0h]
mov [ebp+var_2C], eax
cmp edx, edi
jnz short loc_406090
lea edx, [esi+1BA0h]
cmp edx, ecx
jz short loc_406090
mov [ebp+var_30], edx
jnb short loc_406089
sub ecx, edx
dec ecx
mov eax, ecx
jmp short loc_40608D
; ---------------------------------------------------------------------------
loc_406089: ; CODE XREF: sub_405DB9+2C7�j
sub edi, edx
mov eax, edi
loc_40608D: ; CODE XREF: sub_405DB9+2CE�j
mov [ebp+var_2C], eax
loc_406090: ; CODE XREF: sub_405DB9+2B8�j
; sub_405DB9+2C2�j
test eax, eax
jz loc_4067F9
loc_406098: ; CODE XREF: sub_405DB9+241�j
; sub_405DB9+27B�j
cmp eax, [ebp+var_34]
jb short loc_4060A0
mov eax, [ebp+var_34]
loc_4060A0: ; CODE XREF: sub_405DB9+2E2�j
mov ecx, [esi+4]
cmp ecx, eax
mov edi, ecx
jb short loc_4060AB
mov edi, eax
loc_4060AB: ; CODE XREF: sub_405DB9+2EE�j
push edi
push [ebp+var_38]
push [ebp+var_30]
call sub_40568C
add [ebp+var_38], edi
sub [ebp+var_34], edi
add [ebp+var_30], edi
sub [ebp+var_2C], edi
sub [esi+4], edi
jnz loc_4067CD
loc_4060CC: ; CODE XREF: sub_405DB9+224�j
mov eax, [esi+514h]
loc_4060D2: ; CODE XREF: sub_405DB9+22D�j
mov [esi], eax
jmp loc_4067CD
; ---------------------------------------------------------------------------
loc_4060D9: ; CODE XREF: sub_405DB9+343�j
cmp [ebp+var_34], 0
jz loc_4067DD
mov eax, [ebp+var_38]
dec [ebp+var_34]
mov ecx, ebx
movzx eax, byte ptr [eax]
shl eax, cl
or [ebp+var_40], eax
inc [ebp+var_38]
add ebx, 8
loc_4060F9: ; CODE XREF: sub_405DB9:loc_405E0A�j
; DATA XREF: .text:00406834�o
cmp ebx, 0Eh
jb short loc_4060D9
mov eax, [ebp+var_40]
and eax, 3FFFh
mov ecx, eax
mov [esi+4], eax
and ecx, 1Fh
cmp cl, 1Dh
ja loc_405E70
and eax, 3E0h
cmp eax, 3A0h
ja loc_405E70
shr [ebp+var_40], 0Eh
sub ebx, 0Eh
and dword ptr [esi+8], 0
mov dword ptr [esi], 0Ch
loc_406138: ; CODE XREF: sub_405DB9:loc_405E0A�j
; DATA XREF: .text:00406838�o
mov eax, [esi+4]
shr eax, 0Ah
add eax, 4
cmp [esi+8], eax
jnb short loc_4061AF
jmp short loc_406168
; ---------------------------------------------------------------------------
loc_406148: ; CODE XREF: sub_405DB9+3B2�j
cmp [ebp+var_34], 0
jz loc_4067DD
mov eax, [ebp+var_38]
dec [ebp+var_34]
mov ecx, ebx
movzx eax, byte ptr [eax]
shl eax, cl
or [ebp+var_40], eax
inc [ebp+var_38]
add ebx, 8
loc_406168: ; CODE XREF: sub_405DB9+38D�j
; sub_405DB9+3E0�j
cmp ebx, 3
jb short loc_406148
mov ecx, [esi+8]
mov eax, [ebp+var_40]
and eax, 7
sub ebx, 3
movsx ecx, ds:byte_407314[ecx]
shr [ebp+var_40], 3
mov [esi+ecx*4+0Ch], eax
mov ecx, [esi+4]
inc dword ptr [esi+8]
mov eax, [esi+8]
shr ecx, 0Ah
add ecx, 4
cmp eax, ecx
jb short loc_406168
jmp short loc_4061AF
; ---------------------------------------------------------------------------
loc_40619D: ; CODE XREF: sub_405DB9+3FA�j
mov eax, [esi+8]
movsx eax, ds:byte_407314[eax]
and dword ptr [esi+eax*4+0Ch], 0
inc dword ptr [esi+8]
loc_4061AF: ; CODE XREF: sub_405DB9+38B�j
; sub_405DB9+3E2�j
cmp dword ptr [esi+8], 13h
jb short loc_40619D
lea ecx, [ebp+var_8]
lea edi, [esi+50Ch]
push ecx
lea ecx, [esi+520h]
push ecx
lea ecx, [esi+510h]
xor eax, eax
push edi
push ecx
push eax
mov [ebp+var_8], eax
push eax
push 13h
lea eax, [esi+0Ch]
push 13h
push eax
mov dword ptr [edi], 7
call sub_4068B0
test eax, eax
jnz short loc_4061FE
cmp [edi], eax
jz short loc_4061FE
and [esi+8], eax
mov dword ptr [esi], 0Dh
jmp loc_40631B
; ---------------------------------------------------------------------------
loc_4061FE: ; CODE XREF: sub_405DB9+431�j
; sub_405DB9+435�j
mov dword ptr [esi], 11h
jmp loc_4067CD
; ---------------------------------------------------------------------------
loc_406209: ; CODE XREF: sub_405DB9+57C�j
mov eax, [esi+50Ch]
jmp short loc_406231
; ---------------------------------------------------------------------------
loc_406211: ; CODE XREF: sub_405DB9+47A�j
cmp [ebp+var_34], 0
jz loc_4067DD
mov ecx, [ebp+var_38]
dec [ebp+var_34]
movzx edx, byte ptr [ecx]
mov ecx, ebx
shl edx, cl
or [ebp+var_40], edx
inc [ebp+var_38]
add ebx, 8
loc_406231: ; CODE XREF: sub_405DB9+456�j
cmp ebx, eax
jb short loc_406211
movzx eax, word_4093D4[eax*2]
and eax, [ebp+var_40]
mov ecx, [esi+510h]
lea eax, [ecx+eax*4]
movzx edx, byte ptr [eax+1]
movzx eax, word ptr [eax+2]
cmp eax, 10h
mov [ebp+var_14], eax
jnb short loc_40626F
mov ecx, edx
sub ebx, edx
shr [ebp+var_40], cl
mov ecx, [esi+8]
mov [esi+ecx*4+0Ch], eax
inc dword ptr [esi+8]
jmp loc_40631B
; ---------------------------------------------------------------------------
loc_40626F: ; CODE XREF: sub_405DB9+49E�j
cmp eax, 12h
jnz short loc_406280
push 7
mov [ebp+var_8], 0Bh
pop eax
jmp short loc_4062AC
; ---------------------------------------------------------------------------
loc_406280: ; CODE XREF: sub_405DB9+4B9�j
add eax, 0FFFFFFF2h
mov [ebp+var_8], 3
jmp short loc_4062AC
; ---------------------------------------------------------------------------
loc_40628C: ; CODE XREF: sub_405DB9+4F8�j
cmp [ebp+var_34], 0
jz loc_4067DD
mov ecx, [ebp+var_38]
dec [ebp+var_34]
movzx edi, byte ptr [ecx]
mov ecx, ebx
shl edi, cl
or [ebp+var_40], edi
inc [ebp+var_38]
add ebx, 8
loc_4062AC: ; CODE XREF: sub_405DB9+4C5�j
; sub_405DB9+4D1�j
lea ecx, [eax+edx]
cmp ebx, ecx
jb short loc_40628C
mov ecx, edx
sub ebx, edx
shr [ebp+var_40], cl
movzx ecx, word_4093D4[eax*2]
and ecx, [ebp+var_40]
mov edx, [ebp+var_8]
sub ebx, eax
add edx, ecx
mov ecx, eax
mov eax, [esi+4]
shr [ebp+var_40], cl
mov ecx, [esi+8]
mov edi, eax
shr edi, 5
and edi, 1Fh
and eax, 1Fh
lea eax, [edi+eax+102h]
lea edi, [edx+ecx]
cmp edi, eax
ja loc_405E70
cmp [ebp+var_14], 10h
jnz short loc_406309
cmp ecx, 1
jb loc_405E70
mov edi, [esi+ecx*4+8]
jmp short loc_40630B
; ---------------------------------------------------------------------------
loc_406309: ; CODE XREF: sub_405DB9+53F�j
xor edi, edi
loc_40630B: ; CODE XREF: sub_405DB9+54E�j
lea eax, [esi+ecx*4+0Ch]
loc_40630F: ; CODE XREF: sub_405DB9+55D�j
mov [eax], edi
inc ecx
add eax, 4
dec edx
jnz short loc_40630F
mov [esi+8], ecx
loc_40631B: ; CODE XREF: sub_405DB9:loc_405E0A�j
; sub_405DB9+440�j ...
mov eax, [esi+4]
mov ecx, [esi+8]
mov edx, eax
and eax, 1Fh
shr edx, 5
and edx, 1Fh
lea eax, [edx+eax+102h]
cmp ecx, eax
jb loc_406209
mov eax, [esi+4]
and dword ptr [esi+510h], 0
and [ebp+var_C], 0
mov edi, eax
shr eax, 5
and edi, 1Fh
mov ecx, 101h
and eax, 1Fh
add edi, ecx
inc eax
lea edx, [ebp+var_C]
mov [ebp+var_14], eax
lea eax, [esi+520h]
push edx
push eax
lea eax, [ebp+var_4]
mov [ebp+var_4], 9
push eax
lea eax, [ebp+var_18]
push eax
push offset dword_407368
push offset dword_407328
push ecx
lea eax, [esi+0Ch]
push edi
push eax
mov [ebp+var_10], 6
call sub_4068B0
cmp [ebp+var_4], 0
jnz short loc_40639E
or eax, 0FFFFFFFFh
loc_40639E: ; CODE XREF: sub_405DB9+5E0�j
test eax, eax
jnz loc_405E70
lea eax, [ebp+var_C]
push eax
lea eax, [esi+520h]
push eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_1C]
push eax
push offset dword_4073E4
push offset dword_4073A8
push 0
push [ebp+var_14]
lea eax, [esi+edi*4+0Ch]
push eax
call sub_4068B0
test eax, eax
jnz loc_405E70
mov eax, [ebp+var_10]
test eax, eax
jnz short loc_4063ED
cmp edi, 101h
jg loc_405E70
loc_4063ED: ; CODE XREF: sub_405DB9+626�j
mov cl, byte ptr [ebp+var_4]
and dword ptr [esi], 0
mov [esi+11h], al
mov eax, [ebp+var_18]
mov [esi+14h], eax
mov eax, [ebp+var_1C]
mov [esi+10h], cl
mov [esi+18h], eax
loc_406405: ; CODE XREF: sub_405DB9:loc_405E0A�j
; DATA XREF: .text:off_406808�o
movzx eax, byte ptr [esi+10h]
mov [esi+0Ch], eax
mov eax, [esi+14h]
mov [esi+8], eax
mov dword ptr [esi], 1
loc_406418: ; CODE XREF: sub_405DB9:loc_405E0A�j
; DATA XREF: .text:0040680C�o
mov eax, [esi+0Ch]
jmp short loc_40643D
; ---------------------------------------------------------------------------
loc_40641D: ; CODE XREF: sub_405DB9+686�j
cmp [ebp+var_34], 0
jz loc_4067DD
mov ecx, [ebp+var_38]
dec [ebp+var_34]
movzx edx, byte ptr [ecx]
mov ecx, ebx
shl edx, cl
or [ebp+var_40], edx
inc [ebp+var_38]
add ebx, 8
loc_40643D: ; CODE XREF: sub_405DB9+662�j
cmp ebx, eax
jb short loc_40641D
movzx eax, word_4093D4[eax*2]
and eax, [ebp+var_40]
mov ecx, [esi+8]
lea eax, [ecx+eax*4]
movzx ecx, byte ptr [eax+1]
shr [ebp+var_40], cl
sub ebx, ecx
movzx ecx, byte ptr [eax]
test ecx, ecx
jnz short loc_406474
movzx eax, word ptr [eax+2]
mov [esi+8], eax
mov dword ptr [esi], 6
jmp loc_4067CD
; ---------------------------------------------------------------------------
loc_406474: ; CODE XREF: sub_405DB9+6A7�j
test cl, 10h
jz short loc_406491
and ecx, 0Fh
mov [esi+8], ecx
movzx eax, word ptr [eax+2]
mov [esi+4], eax
mov dword ptr [esi], 2
jmp loc_4067CD
; ---------------------------------------------------------------------------
loc_406491: ; CODE XREF: sub_405DB9+6BE�j
test cl, 40h
jz loc_40656B
test cl, 20h
jz loc_405E70
mov dword ptr [esi], 7
jmp loc_4067CD
; ---------------------------------------------------------------------------
loc_4064AE: ; CODE XREF: sub_405DB9:loc_405E0A�j
; DATA XREF: .text:00406810�o
mov eax, [esi+8]
jmp short loc_4064D3
; ---------------------------------------------------------------------------
loc_4064B3: ; CODE XREF: sub_405DB9+71C�j
cmp [ebp+var_34], 0
jz loc_4067DD
mov ecx, [ebp+var_38]
dec [ebp+var_34]
movzx edx, byte ptr [ecx]
mov ecx, ebx
shl edx, cl
or [ebp+var_40], edx
inc [ebp+var_38]
add ebx, 8
loc_4064D3: ; CODE XREF: sub_405DB9+6F8�j
cmp ebx, eax
jb short loc_4064B3
movzx ecx, word_4093D4[eax*2]
and ecx, [ebp+var_40]
add [esi+4], ecx
mov ecx, eax
shr [ebp+var_40], cl
sub ebx, eax
movzx eax, byte ptr [esi+11h]
mov [esi+0Ch], eax
mov eax, [esi+18h]
mov [esi+8], eax
mov dword ptr [esi], 3
loc_4064FF: ; CODE XREF: sub_405DB9:loc_405E0A�j
; DATA XREF: .text:00406814�o
mov eax, [esi+0Ch]
jmp short loc_406524
; ---------------------------------------------------------------------------
loc_406504: ; CODE XREF: sub_405DB9+76D�j
cmp [ebp+var_34], 0
jz loc_4067DD
mov ecx, [ebp+var_38]
dec [ebp+var_34]
movzx edx, byte ptr [ecx]
mov ecx, ebx
shl edx, cl
or [ebp+var_40], edx
inc [ebp+var_38]
add ebx, 8
loc_406524: ; CODE XREF: sub_405DB9+749�j
cmp ebx, eax
jb short loc_406504
movzx eax, word_4093D4[eax*2]
and eax, [ebp+var_40]
mov ecx, [esi+8]
lea eax, [ecx+eax*4]
movzx ecx, byte ptr [eax+1]
shr [ebp+var_40], cl
sub ebx, ecx
movzx ecx, byte ptr [eax]
test cl, 10h
jz short loc_406562
and ecx, 0Fh
mov [esi+8], ecx
movzx eax, word ptr [eax+2]
mov [esi+0Ch], eax
mov dword ptr [esi], 4
jmp loc_4067CD
; ---------------------------------------------------------------------------
loc_406562: ; CODE XREF: sub_405DB9+78F�j
test cl, 40h
jnz loc_405E70
loc_40656B: ; CODE XREF: sub_405DB9+6DB�j
mov [esi+0Ch], ecx
movzx ecx, word ptr [eax+2]
lea eax, [eax+ecx*4]
mov [esi+8], eax
jmp loc_4067CD
; ---------------------------------------------------------------------------
loc_40657D: ; CODE XREF: sub_405DB9:loc_405E0A�j
; DATA XREF: .text:00406818�o
mov eax, [esi+8]
jmp short loc_4065A2
; ---------------------------------------------------------------------------
loc_406582: ; CODE XREF: sub_405DB9+7EB�j
cmp [ebp+var_34], 0
jz loc_4067DD
mov ecx, [ebp+var_38]
dec [ebp+var_34]
movzx edx, byte ptr [ecx]
mov ecx, ebx
shl edx, cl
or [ebp+var_40], edx
inc [ebp+var_38]
add ebx, 8
loc_4065A2: ; CODE XREF: sub_405DB9+7C7�j
cmp ebx, eax
jb short loc_406582
movzx ecx, word_4093D4[eax*2]
and ecx, [ebp+var_40]
add [esi+0Ch], ecx
mov ecx, eax
shr [ebp+var_40], cl
sub ebx, eax
mov dword ptr [esi], 5
loc_4065C1: ; CODE XREF: sub_405DB9:loc_405E0A�j
; DATA XREF: .text:0040681C�o
mov eax, [ebp+var_30]
mov edx, [esi+0Ch]
mov ecx, eax
sub ecx, esi
sub ecx, 1BA0h
cmp ecx, edx
jnb short loc_4065E8
mov ecx, [esi+9BA0h]
sub ecx, edx
sub ecx, esi
lea ecx, [ecx+eax-1BA0h]
jmp short loc_4065EC
; ---------------------------------------------------------------------------
loc_4065E8: ; CODE XREF: sub_405DB9+81A�j
mov ecx, eax
sub ecx, edx
loc_4065EC: ; CODE XREF: sub_405DB9+82D�j
cmp dword ptr [esi+4], 0
mov [ebp+var_20], ecx
jz loc_405F89
mov edi, [ebp+var_2C]
loc_4065FC: ; CODE XREF: sub_405DB9+903�j
test edi, edi
jnz loc_406695
mov edi, [esi+9BA0h]
cmp eax, edi
jnz short loc_406631
mov ecx, [esi+9BA4h]
lea edx, [esi+1BA0h]
cmp ecx, edx
jz short loc_406631
mov eax, edx
cmp eax, ecx
jnb short loc_40662B
sub ecx, eax
dec ecx
mov edi, ecx
jmp short loc_40662D
; ---------------------------------------------------------------------------
loc_40662B: ; CODE XREF: sub_405DB9+869�j
sub edi, eax
loc_40662D: ; CODE XREF: sub_405DB9+870�j
test edi, edi
jnz short loc_406695
loc_406631: ; CODE XREF: sub_405DB9+853�j
; sub_405DB9+863�j
push [ebp+arg_0]
mov [esi+9BA8h], eax
call sub_406848
mov eax, [esi+9BA8h]
mov ecx, [esi+9BA4h]
cmp eax, ecx
mov [ebp+var_30], eax
jnb short loc_406659
mov edi, ecx
sub edi, eax
dec edi
jmp short loc_406661
; ---------------------------------------------------------------------------
loc_406659: ; CODE XREF: sub_405DB9+897�j
mov edi, [esi+9BA0h]
sub edi, eax
loc_406661: ; CODE XREF: sub_405DB9+89E�j
mov edx, [esi+9BA0h]
cmp eax, edx
mov [ebp+var_8], edx
jnz short loc_40668D
lea edx, [esi+1BA0h]
cmp ecx, edx
jz short loc_40668D
mov eax, edx
cmp eax, ecx
mov [ebp+var_30], eax
jnb short loc_406688
sub ecx, eax
dec ecx
mov edi, ecx
jmp short loc_40668D
; ---------------------------------------------------------------------------
loc_406688: ; CODE XREF: sub_405DB9+8C6�j
mov edi, [ebp+var_8]
sub edi, eax
loc_40668D: ; CODE XREF: sub_405DB9+8B3�j
; sub_405DB9+8BD�j ...
test edi, edi
jz loc_4067F9
loc_406695: ; CODE XREF: sub_405DB9+845�j
; sub_405DB9+876�j
mov ecx, [ebp+var_20]
mov dl, [ecx]
mov [eax], dl
inc eax
inc ecx
dec edi
cmp ecx, [esi+9BA0h]
mov [ebp+var_30], eax
mov [ebp+var_20], ecx
mov [ebp+var_2C], edi
jnz short loc_4066B9
lea ecx, [esi+1BA0h]
mov [ebp+var_20], ecx
loc_4066B9: ; CODE XREF: sub_405DB9+8F5�j
dec dword ptr [esi+4]
jnz loc_4065FC
jmp loc_405F89
; ---------------------------------------------------------------------------
loc_4066C7: ; CODE XREF: sub_405DB9:loc_405E0A�j
; DATA XREF: .text:00406820�o
mov eax, [ebp+var_2C]
mov edi, [ebp+var_30]
test eax, eax
jnz loc_406766
mov ecx, [esi+9BA0h]
cmp edi, ecx
jnz short loc_406702
mov eax, [esi+9BA4h]
lea edx, [esi+1BA0h]
cmp eax, edx
jz short loc_406702
mov edi, edx
cmp edi, eax
jnb short loc_4066FA
sub eax, edi
dec eax
jmp short loc_4066FE
; ---------------------------------------------------------------------------
loc_4066FA: ; CODE XREF: sub_405DB9+93A�j
sub ecx, edi
mov eax, ecx
loc_4066FE: ; CODE XREF: sub_405DB9+93F�j
test eax, eax
jnz short loc_406766
loc_406702: ; CODE XREF: sub_405DB9+924�j
; sub_405DB9+934�j
push [ebp+arg_0]
mov [esi+9BA8h], edi
call sub_406848
mov edi, [esi+9BA8h]
mov ecx, [esi+9BA4h]
cmp edi, ecx
mov [ebp+var_30], edi
jnb short loc_40672A
mov eax, ecx
sub eax, edi
dec eax
jmp short loc_406732
; ---------------------------------------------------------------------------
loc_40672A: ; CODE XREF: sub_405DB9+968�j
mov eax, [esi+9BA0h]
sub eax, edi
loc_406732: ; CODE XREF: sub_405DB9+96F�j
mov edx, [esi+9BA0h]
cmp edi, edx
mov [ebp+var_8], edx
jnz short loc_40675E
lea edx, [esi+1BA0h]
cmp ecx, edx
jz short loc_40675E
mov edi, edx
cmp edi, ecx
mov [ebp+var_30], edi
jnb short loc_406759
sub ecx, edi
dec ecx
mov eax, ecx
jmp short loc_40675E
; ---------------------------------------------------------------------------
loc_406759: ; CODE XREF: sub_405DB9+997�j
mov eax, [ebp+var_8]
sub eax, edi
loc_40675E: ; CODE XREF: sub_405DB9+984�j
; sub_405DB9+98E�j ...
test eax, eax
jz loc_4067F9
loc_406766: ; CODE XREF: sub_405DB9+916�j
; sub_405DB9+947�j
mov cl, [esi+8]
mov [edi], cl
inc edi
dec eax
mov [ebp+var_30], edi
mov [ebp+var_2C], eax
jmp loc_405F89
; ---------------------------------------------------------------------------
loc_406778: ; CODE XREF: sub_405DB9:loc_405E0A�j
; DATA XREF: .text:00406824�o
cmp ebx, 7
jbe short loc_406786
sub ebx, 8
inc [ebp+var_34]
dec [ebp+var_38]
loc_406786: ; CODE XREF: sub_405DB9:loc_405E0A�j
; sub_405DB9+9C2�j
; DATA XREF: ...
mov eax, [ebp+var_30]
push [ebp+arg_0]
mov [esi+9BA8h], eax
call sub_406848
mov ecx, [esi+9BA8h]
mov edx, [esi+9BA4h]
cmp ecx, edx
mov [ebp+var_30], ecx
jnb short loc_4067B1
mov eax, edx
sub eax, ecx
dec eax
jmp short loc_4067B9
; ---------------------------------------------------------------------------
loc_4067B1: ; CODE XREF: sub_405DB9+9EF�j
mov eax, [esi+9BA0h]
sub eax, ecx
loc_4067B9: ; CODE XREF: sub_405DB9+9F6�j
cmp ecx, edx
mov [ebp+var_2C], eax
jnz short loc_4067F9
mov eax, [esi+514h]
cmp eax, 8
mov [esi], eax
jnz short loc_406800
loc_4067CD: ; CODE XREF: sub_405DB9+4C�j
; sub_405DB9+B1�j ...
mov eax, [esi]
cmp eax, 0Fh
jbe loc_405E0A
jmp loc_405E70
; ---------------------------------------------------------------------------
loc_4067DD: ; CODE XREF: sub_405DB9+5C�j
; sub_405DB9+1F1�j ...
mov eax, [ebp+var_40]
xor edi, edi
mov [esi+51Ch], eax
mov eax, [ebp+arg_0]
mov [esi+518h], ebx
mov [eax+4], edi
jmp loc_405E91
; ---------------------------------------------------------------------------
loc_4067F9: ; CODE XREF: sub_405DB9+2D9�j
; sub_405DB9+8D6�j ...
xor edi, edi
jmp loc_405E79
; ---------------------------------------------------------------------------
loc_406800: ; CODE XREF: sub_405DB9+A12�j
xor edi, edi
inc edi
jmp loc_405E79
sub_405DB9 endp
; ---------------------------------------------------------------------------
off_406808 dd offset loc_406405 ; DATA XREF: sub_405DB9:loc_405E0A�r
dd offset loc_406418
dd offset loc_4064AE
dd offset loc_4064FF
dd offset loc_40657D
dd offset loc_4065C1
dd offset loc_4066C7
dd offset loc_406778
dd offset loc_405E31
dd offset loc_405FC6
dd offset loc_405FEB
dd offset loc_4060F9
dd offset loc_406138
dd offset loc_40631B
dd offset loc_405E70
dd offset loc_406786
; =============== S U B R O U T I N E =======================================
sub_406848 proc near ; CODE XREF: sub_405DB9+EA�p
; sub_405DB9+286�p ...
arg_0 = dword ptr 4
push ebx
push esi
mov esi, [esp+8+arg_0]
push edi
mov edi, [esi+9BB4h]
loc_406855: ; CODE XREF: sub_406848+52�j
; sub_406848+5A�j
mov ebx, [esi+9BB8h]
cmp edi, ebx
jbe short loc_406865
mov ebx, [esi+9BB0h]
loc_406865: ; CODE XREF: sub_406848+15�j
mov eax, [esi+0Ch]
sub ebx, edi
cmp ebx, eax
jb short loc_406870
mov ebx, eax
loc_406870: ; CODE XREF: sub_406848+24�j
push ebx
push edi
push dword ptr [esi+8]
sub eax, ebx
mov [esi+0Ch], eax
call sub_40568C
add [esi+8], ebx
mov eax, [esi+9BB0h]
add edi, ebx
cmp edi, eax
jnz short loc_4068A4
cmp [esi+9BB8h], eax
lea edi, [esi+1BB0h]
jnz short loc_406855
mov [esi+9BB8h], edi
jmp short loc_406855
; ---------------------------------------------------------------------------
loc_4068A4: ; CODE XREF: sub_406848+44�j
mov [esi+9BB4h], edi
pop edi
pop esi
pop ebx
retn 4
sub_406848 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4068B0 proc near ; CODE XREF: sub_405DB9+172�p
; sub_405DB9+1A5�p ...
var_EC = dword ptr -0ECh
var_B0 = dword ptr -0B0h
var_AC = dword ptr -0ACh
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
sub esp, 0ECh
push ebx
push esi
mov esi, [ebp+arg_4]
push edi
push 10h
xor eax, eax
pop ecx
lea edi, [ebp+var_70]
rep stosd
mov ecx, [ebp+arg_0]
mov edx, esi
loc_4068CE: ; CODE XREF: sub_4068B0+2A�j
mov eax, [ecx]
add ecx, 4
lea eax, [ebp+eax*4+var_70]
inc dword ptr [eax]
dec edx
jnz short loc_4068CE
cmp [ebp+var_70], esi
jnz short loc_4068F4
mov eax, [ebp+arg_14]
and dword ptr [eax], 0
mov eax, [ebp+arg_18]
and dword ptr [eax], 0
xor eax, eax
jmp loc_406BE4
; ---------------------------------------------------------------------------
loc_4068F4: ; CODE XREF: sub_4068B0+2F�j
mov esi, [ebp+arg_18]
xor ebx, ebx
inc ebx
push 0Fh
mov edi, [esi]
mov ecx, ebx
mov [ebp+arg_18], edi
pop edx
loc_406904: ; CODE XREF: sub_4068B0+5F�j
xor eax, eax
cmp [ebp+ecx*4+var_70], eax
jnz short loc_406911
inc ecx
cmp ecx, edx
jbe short loc_406904
loc_406911: ; CODE XREF: sub_4068B0+5A�j
cmp edi, ecx
mov [ebp+var_4], ecx
jnb short loc_40691B
mov [ebp+arg_18], ecx
loc_40691B: ; CODE XREF: sub_4068B0+66�j
; sub_4068B0+72�j
cmp [ebp+edx*4+var_70], eax
jnz short loc_406924
dec edx
jnz short loc_40691B
loc_406924: ; CODE XREF: sub_4068B0+6F�j
cmp [ebp+arg_18], edx
mov [ebp+var_18], edx
jbe short loc_40692F
mov [ebp+arg_18], edx
loc_40692F: ; CODE XREF: sub_4068B0+7A�j
mov edi, [ebp+arg_18]
mov [esi], edi
shl ebx, cl
jmp short loc_406945
; ---------------------------------------------------------------------------
loc_406938: ; CODE XREF: sub_4068B0+97�j
sub ebx, [ebp+ecx*4+var_70]
js loc_406BE1
inc ecx
add ebx, ebx
loc_406945: ; CODE XREF: sub_4068B0+86�j
cmp ecx, edx
jb short loc_406938
mov esi, edx
shl esi, 2
lea ecx, [ebp+esi+var_70]
mov edi, [ecx]
sub ebx, edi
mov [ebp+var_30], ebx
js loc_406BE1
add edi, ebx
mov [ebp+var_AC], eax
mov [ecx], edi
xor ecx, ecx
dec edx
jz short loc_406981
xor edi, edi
loc_406970: ; CODE XREF: sub_4068B0+CF�j
add ecx, [ebp+edi+var_6C]
add edi, 4
dec edx
mov [ebp+edi+var_AC], ecx
jnz short loc_406970
loc_406981: ; CODE XREF: sub_4068B0+BC�j
mov ebx, [ebp+arg_0]
xor edi, edi
loc_406986: ; CODE XREF: sub_4068B0+F6�j
mov ecx, [ebx]
add ebx, 4
cmp ecx, eax
jz short loc_4069A2
lea ecx, [ebp+ecx*4+var_B0]
mov edx, [ecx]
mov dword_42D6B8[edx*4], edi
inc edx
mov [ecx], edx
loc_4069A2: ; CODE XREF: sub_4068B0+DD�j
inc edi
cmp edi, [ebp+arg_4]
jb short loc_406986
mov ecx, [ebp+esi+var_B0]
mov ebx, [ebp+arg_18]
or [ebp+var_C], 0FFFFFFFFh
and [ebp+var_24], 0
mov [ebp+arg_4], ecx
mov ecx, [ebp+var_4]
neg ebx
cmp ecx, [ebp+var_18]
mov [ebp+var_8], eax
mov [ebp+var_B0], eax
mov [ebp+var_20], offset dword_42D6B8
mov [ebp+var_EC], eax
jg loc_406BD4
lea edx, [ecx-1]
lea ecx, [ebp+ecx*4+var_70]
mov [ebp+var_28], edx
mov [ebp+var_1C], ecx
loc_4069EE: ; CODE XREF: sub_4068B0+31E�j
mov ecx, [ebp+var_1C]
mov esi, [ecx]
test esi, esi
jz loc_406BBE
jmp short loc_406A00
; ---------------------------------------------------------------------------
loc_4069FD: ; CODE XREF: sub_4068B0+308�j
mov esi, [ebp+var_2C]
loc_406A00: ; CODE XREF: sub_4068B0+14B�j
mov ecx, [ebp+arg_18]
dec esi
add ecx, ebx
mov [ebp+var_2C], esi
cmp [ebp+var_4], ecx
mov [ebp+var_14], ecx
jle loc_406AE1
inc esi
mov [ebp+var_10], esi
loc_406A19: ; CODE XREF: sub_4068B0+22B�j
mov esi, [ebp+var_18]
inc [ebp+var_C]
sub esi, [ebp+var_14]
cmp esi, [ebp+arg_18]
jbe short loc_406A2A
mov esi, [ebp+arg_18]
loc_406A2A: ; CODE XREF: sub_4068B0+175�j
mov ecx, [ebp+var_4]
xor edx, edx
sub ecx, [ebp+var_14]
inc edx
shl edx, cl
cmp edx, [ebp+var_10]
jbe short loc_406A5D
mov edi, [ebp+var_1C]
or eax, 0FFFFFFFFh
sub eax, [ebp+var_2C]
add edx, eax
cmp ecx, esi
jnb short loc_406A5D
jmp short loc_406A58
; ---------------------------------------------------------------------------
loc_406A4B: ; CODE XREF: sub_4068B0+1AB�j
add edi, 4
add edx, edx
mov eax, [edi]
cmp edx, eax
jbe short loc_406A5D
sub edx, eax
loc_406A58: ; CODE XREF: sub_4068B0+199�j
inc ecx
cmp ecx, esi
jb short loc_406A4B
loc_406A5D: ; CODE XREF: sub_4068B0+188�j
; sub_4068B0+197�j ...
mov edx, [ebp+arg_20]
xor eax, eax
inc eax
mov edx, [edx]
shl eax, cl
mov [ebp+var_24], eax
lea edi, [edx+eax]
cmp edi, 5A0h
ja loc_406BE1
mov eax, [ebp+arg_1C]
lea eax, [eax+edx*4]
mov edx, [ebp+var_C]
lea esi, [ebp+edx*4+var_EC]
mov edx, [ebp+arg_20]
mov [edx], edi
mov edx, [ebp+var_C]
test edx, edx
mov [esi], eax
jz short loc_406AC8
mov edi, [ebp+var_8]
mov esi, [esi-4]
mov [ebp+edx*4+var_B0], edi
mov dl, byte ptr [ebp+arg_18]
mov byte ptr [ebp+arg_0+1], dl
mov byte ptr [ebp+arg_0], cl
mov edx, edi
mov ecx, ebx
shr edx, cl
mov ecx, eax
sub ecx, esi
sar ecx, 2
sub ecx, edx
mov word ptr [ebp+arg_0+2], cx
mov ecx, [ebp+arg_0]
mov [esi+edx*4], ecx
jmp short loc_406ACD
; ---------------------------------------------------------------------------
loc_406AC8: ; CODE XREF: sub_4068B0+1E5�j
mov ecx, [ebp+arg_14]
mov [ecx], eax
loc_406ACD: ; CODE XREF: sub_4068B0+216�j
mov ecx, [ebp+var_14]
mov ebx, ecx
add ecx, [ebp+arg_18]
cmp [ebp+var_4], ecx
mov [ebp+var_14], ecx
jg loc_406A19
loc_406AE1: ; CODE XREF: sub_4068B0+15F�j
mov cl, byte ptr [ebp+var_4]
mov esi, [ebp+var_20]
sub cl, bl
mov byte ptr [ebp+arg_0+1], cl
mov ecx, [ebp+arg_4]
lea ecx, ds:42D6B8h[ecx*4]
cmp esi, ecx
jb short loc_406B00
mov byte ptr [ebp+arg_0], 0C0h
jmp short loc_406B43
; ---------------------------------------------------------------------------
loc_406B00: ; CODE XREF: sub_4068B0+248�j
mov ecx, [esi]
cmp ecx, [ebp+arg_8]
jnb short loc_406B23
cmp ecx, 100h
setb cl
dec cl
and ecx, 60h
mov byte ptr [ebp+arg_0], cl
mov cx, [esi]
add esi, 4
mov [ebp+var_20], esi
jmp short loc_406B3F
; ---------------------------------------------------------------------------
loc_406B23: ; CODE XREF: sub_4068B0+255�j
sub ecx, [ebp+arg_8]
mov edx, [ebp+arg_10]
add ecx, ecx
mov dl, [ecx+edx]
add dl, 50h
add [ebp+var_20], 4
mov byte ptr [ebp+arg_0], dl
mov edx, [ebp+arg_C]
mov cx, [ecx+edx]
loc_406B3F: ; CODE XREF: sub_4068B0+271�j
mov word ptr [ebp+arg_0+2], cx
loc_406B43: ; CODE XREF: sub_4068B0+24E�j
mov ecx, [ebp+var_4]
mov edx, [ebp+var_8]
xor edi, edi
sub ecx, ebx
inc edi
mov esi, edi
shl esi, cl
mov ecx, ebx
shr edx, cl
jmp short loc_406B60
; ---------------------------------------------------------------------------
loc_406B58: ; CODE XREF: sub_4068B0+2B3�j
mov ecx, [ebp+arg_0]
mov [eax+edx*4], ecx
add edx, esi
loc_406B60: ; CODE XREF: sub_4068B0+2A6�j
cmp edx, [ebp+var_24]
jb short loc_406B58
mov ecx, [ebp+var_28]
mov esi, [ebp+var_8]
mov edx, edi
shl edx, cl
jmp short loc_406B75
; ---------------------------------------------------------------------------
loc_406B71: ; CODE XREF: sub_4068B0+2C7�j
xor esi, edx
shr edx, 1
loc_406B75: ; CODE XREF: sub_4068B0+2BF�j
test edx, esi
jnz short loc_406B71
mov ecx, edi
xor esi, edx
mov [ebp+var_10], ecx
mov ecx, ebx
mov edx, edi
mov [ebp+var_8], esi
shl edx, cl
dec edx
and edx, esi
mov ecx, edx
mov edx, [ebp+var_C]
cmp ecx, [ebp+edx*4+var_B0]
jz short loc_406BB4
loc_406B9A: ; CODE XREF: sub_4068B0+2FF�j
sub ebx, [ebp+arg_18]
mov esi, edi
dec edx
mov ecx, ebx
shl esi, cl
dec esi
and esi, [ebp+var_8]
cmp esi, [ebp+edx*4+var_B0]
jnz short loc_406B9A
mov [ebp+var_C], edx
loc_406BB4: ; CODE XREF: sub_4068B0+2E8�j
cmp [ebp+var_2C], 0
jnz loc_4069FD
loc_406BBE: ; CODE XREF: sub_4068B0+145�j
inc [ebp+var_4]
add [ebp+var_1C], 4
mov ecx, [ebp+var_4]
inc [ebp+var_28]
cmp ecx, [ebp+var_18]
jle loc_4069EE
loc_406BD4: ; CODE XREF: sub_4068B0+12B�j
xor eax, eax
cmp [ebp+var_30], eax
jz short loc_406BE4
cmp [ebp+var_18], 1
jz short loc_406BE4
loc_406BE1: ; CODE XREF: sub_4068B0+8C�j
; sub_4068B0+A9�j ...
or eax, 0FFFFFFFFh
loc_406BE4: ; CODE XREF: sub_4068B0+3F�j
; sub_4068B0+329�j ...
pop edi
pop esi
pop ebx
leave
retn 24h
sub_4068B0 endp
; ---------------------------------------------------------------------------
align 4
; [00000006 BYTES: COLLAPSED FUNCTION VerQueryValueA. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION GetFileVersionInfoA. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION GetFileVersionInfoSizeA. PRESS KEYPAD "+" TO EXPAND]
align 10h
_text ends
; Section 2. (virtual address 00007000)
; Virtual size : 000011FE ( 4606.)
; Section size in file : 00001200 ( 4608.)
; Offset to raw data for section: 00006000
; Flags 40000040: Data Readable
; Alignment : default
;
; Imports from ADVAPI32.dll
;
; ===========================================================================
; Segment type: Externs
; _idata
; LSTATUS __stdcall RegQueryValueExA(HKEY hKey,LPCSTR lpValueName,LPDWORD lpReserved,LPDWORD lpType,LPBYTE lpData,LPDWORD lpcbData)
extrn RegQueryValueExA:dword ; CODE XREF: sub_401439+1021�p
; sub_4058CF+3D�p
; DATA XREF: ...
; LSTATUS __stdcall RegSetValueExA(HKEY hKey,LPCSTR lpValueName,DWORD Reserved,DWORD dwType,const BYTE *lpData,DWORD cbData)
extrn RegSetValueExA:dword ; CODE XREF: sub_401439+FDC�p
; DATA XREF: sub_401439+FDC�r
; LSTATUS __stdcall RegEnumKeyA(HKEY hKey,DWORD dwIndex,LPSTR lpName,DWORD cchName)
extrn RegEnumKeyA:dword ; CODE XREF: sub_401439+109A�p
; sub_402ADA+57�p
; DATA XREF: ...
; LSTATUS __stdcall RegEnumValueA(HKEY hKey,DWORD dwIndex,LPSTR lpValueName,LPDWORD lpcchValueName,LPDWORD lpReserved,LPDWORD lpType,LPBYTE lpData,LPDWORD lpcbData)
extrn RegEnumValueA:dword ; CODE XREF: sub_401439+10AD�p
; DATA XREF: sub_401439+10AD�r
; LSTATUS __stdcall RegOpenKeyExA(HKEY hKey,LPCSTR lpSubKey,DWORD ulOptions,REGSAM samDesired,PHKEY phkResult)
extrn RegOpenKeyExA:dword ; CODE XREF: sub_402ADA+1B�p
; sub_402B76+22�p ...
; LSTATUS __stdcall RegDeleteKeyA(HKEY hKey,LPCSTR lpSubKey)
extrn RegDeleteKeyA:dword ; CODE XREF: sub_402ADA+6C�p
; DATA XREF: sub_402ADA+6C�r
; LSTATUS __stdcall RegDeleteValueA(HKEY hKey,LPCSTR lpValueName)
extrn RegDeleteValueA:dword ; CODE XREF: sub_401439+F10�p
; DATA XREF: sub_401439+F10�r
; LSTATUS __stdcall RegCloseKey(HKEY hKey)
extrn RegCloseKey:dword ; CODE XREF: sub_401439+F19�p
; sub_401439:loc_4024FB�p ...
; LSTATUS __stdcall RegCreateKeyExA(HKEY hKey,LPCSTR lpSubKey,DWORD Reserved,LPSTR lpClass,DWORD dwOptions,REGSAM samDesired,const LPSECURITY_ATTRIBUTES lpSecurityAttributes,PHKEY phkResult,LPDWORD lpdwDisposition)
extrn RegCreateKeyExA:dword ; CODE XREF: sub_401439+F83�p
; DATA XREF: sub_401439+F83�r
;
; Imports from COMCTL32.dll
;
; int __stdcall ImageList_AddMasked(HIMAGELIST himl,HBITMAP hbmImage,COLORREF crMask)
extrn ImageList_AddMasked:dword ; CODE XREF: sub_4046C3+BE�p
; DATA XREF: sub_4046C3+BE�r
; BOOL __stdcall ImageList_Destroy(HIMAGELIST himl)
extrn ImageList_Destroy:dword ; CODE XREF: sub_4046C3+42B�p
; DATA XREF: sub_4046C3+42B�r
; void __stdcall InitCommonControls()
extrn InitCommonControls:dword ; CODE XREF: start+1A�p
; DATA XREF: start+1A�r
; HIMAGELIST __stdcall ImageList_Create(int cx,int cy,UINT flags,int cInitial,int cGrow)
extrn ImageList_Create:dword ; CODE XREF: sub_4046C3+AA�p
; DATA XREF: sub_4046C3+AA�r
;
; Imports from GDI32.dll
;
; COLORREF __stdcall SetBkColor(HDC hdc,COLORREF color)
extrn SetBkColor:dword ; CODE XREF: sub_403E2A+74�p
; DATA XREF: sub_403E2A+74�r
; int __stdcall GetDeviceCaps(HDC hdc,int index)
extrn GetDeviceCaps:dword ; CODE XREF: sub_401439+963�p
; DATA XREF: sub_401439+963�r
; BOOL __stdcall DeleteObject(HGDIOBJ ho)
extrn DeleteObject:dword ; CODE XREF: sub_401000+ED�p
; sub_401000+165�p ...
; HBRUSH __stdcall CreateBrushIndirect(const LOGBRUSH *plbrush)
extrn CreateBrushIndirect:dword ; CODE XREF: sub_401000+CF�p
; sub_403E2A+98�p
; DATA XREF: ...
; HFONT __stdcall CreateFontIndirectA(const LOGFONTA *lplf)
extrn CreateFontIndirectA:dword ; CODE XREF: sub_401000+105�p
; sub_401439+9C4�p
; DATA XREF: ...
; int __stdcall SetBkMode(HDC hdc,int mode)
extrn SetBkMode:dword ; CODE XREF: sub_401000+126�p
; sub_403E2A+51�p
; DATA XREF: ...
; COLORREF __stdcall SetTextColor(HDC hdc,COLORREF color)
extrn SetTextColor:dword ; CODE XREF: sub_401000+130�p
; sub_403E2A+45�p
; DATA XREF: ...
; HGDIOBJ __stdcall SelectObject(HDC hdc,HGDIOBJ h)
extrn SelectObject:dword ; CODE XREF: sub_401000+140�p
; sub_401000+160�p
; DATA XREF: ...
;
; Imports from KERNEL32.dll
;
; BOOL __stdcall CloseHandle(HANDLE hObject)
extrn CloseHandle:dword ; CODE XREF: sub_401439+4DA�p
; sub_401439:loc_401F10�p ...
; BOOL __stdcall SetFileTime(HANDLE hFile,const FILETIME *lpCreationTime,const FILETIME *lpLastAccessTime,const FILETIME *lpLastWriteTime)
extrn SetFileTime:dword ; CODE XREF: sub_401439+4D1�p
; DATA XREF: sub_401439+4D1�r
; LONG __stdcall CompareFileTime(const FILETIME *lpFileTime1,const FILETIME *lpFileTime2)
extrn CompareFileTime:dword ; CODE XREF: sub_401439+3CD�p
; DATA XREF: sub_401439+3CD�r
; DWORD __stdcall SearchPathA(LPCSTR lpPath,LPCSTR lpFileName,LPCSTR lpExtension,DWORD nBufferLength,LPSTR lpBuffer,LPSTR *lpFilePart)
extrn SearchPathA:dword ; CODE XREF: sub_401439+33E�p
; DATA XREF: sub_401439+33E�r
; DWORD __stdcall GetShortPathNameA(LPCSTR lpszLongPath,LPSTR lpszShortPath,DWORD cchBuffer)
extrn GetShortPathNameA:dword ; CODE XREF: sub_401439+31F�p
; sub_405723+5E�p ...
; DWORD __stdcall GetFullPathNameA(LPCSTR lpFileName,DWORD nBufferLength,LPSTR lpBuffer,LPSTR *lpFilePart)
extrn GetFullPathNameA:dword ; CODE XREF: sub_401439+2D9�p
; DATA XREF: sub_401439+2D9�r
; BOOL __stdcall MoveFileA(LPCSTR lpExistingFileName,LPCSTR lpNewFileName)
extrn MoveFileA:dword ; CODE XREF: sub_401439+28A�p
; DATA XREF: sub_401439+28A�r
; BOOL __stdcall SetCurrentDirectoryA(LPCSTR lpPathName)
extrn SetCurrentDirectoryA:dword ; CODE XREF: sub_401439+20F�p
; DATA XREF: sub_401439+20F�r
; DWORD __stdcall GetFileAttributesA(LPCSTR lpFileName)
extrn GetFileAttributesA:dword ; CODE XREF: sub_401439+1E0�p
; sub_401439+3F0�p ...
; DWORD __stdcall GetLastError()
extrn GetLastError:dword ; CODE XREF: sub_401439+1D2�p
; DATA XREF: sub_401439+1D2�r
; BOOL __stdcall CreateDirectoryA(LPCSTR lpPathName,LPSECURITY_ATTRIBUTES lpSecurityAttributes)
extrn CreateDirectoryA:dword ; CODE XREF: sub_401439+1C8�p
; sub_403132+21�p ...
; BOOL __stdcall SetFileAttributesA(LPCSTR lpFileName,DWORD dwFileAttributes)
extrn SetFileAttributesA:dword ; CODE XREF: sub_401439+189�p
; sub_401439+3FA�p ...
; void __stdcall Sleep(DWORD dwMilliseconds)
extrn Sleep:dword ; CODE XREF: sub_401439+EE�p
; DATA XREF: sub_401439+EE�r
; DWORD __stdcall GetFileSize(HANDLE hFile,LPDWORD lpFileSizeHigh)
extrn GetFileSize:dword ; CODE XREF: sub_402C37+69�p
; sub_405723+E1�p
; DATA XREF: ...
; DWORD __stdcall GetModuleFileNameA(HMODULE hModule,LPCH lpFilename,DWORD nSize)
extrn GetModuleFileNameA:dword ; CODE XREF: sub_402C37+33�p
; start+24F�p
; DATA XREF: ...
; DWORD __stdcall GetTickCount()
extrn GetTickCount:dword ; CODE XREF: sub_402C37+E�p
; sub_402C37:loc_402D7F�p ...
; HANDLE __stdcall GetCurrentProcess()
extrn GetCurrentProcess:dword ; CODE XREF: start+352�p
; DATA XREF: start+352�r
; int __stdcall lstrcmpiA(LPCSTR lpString1,LPCSTR lpString2)
extrn lstrcmpiA:dword ; CODE XREF: sub_401439+607�p
; start+261�p ...
; void __stdcall ExitProcess(UINT uExitCode)
extrn ExitProcess:dword ; CODE XREF: start+1EC�p start+3B1�p
; DATA XREF: ...
; LPSTR __stdcall GetCommandLineA()
extrn GetCommandLineA:dword ; CODE XREF: start+9C�p
; DATA XREF: start+9C�r
; UINT __stdcall GetWindowsDirectoryA(LPSTR lpBuffer,UINT uSize)
extrn GetWindowsDirectoryA:dword ; CODE XREF: start+72�p
; sub_405723+AA�p ...
; DWORD __stdcall GetTempPathA(DWORD nBufferLength,LPSTR lpBuffer)
extrn GetTempPathA:dword ; CODE XREF: start+5D�p
; DATA XREF: start+5D�r
; LPSTR __stdcall lstrcpynA(LPSTR lpString1,LPCSTR lpString2,int iMaxLength)
extrn lstrcpynA:dword ; CODE XREF: sub_403ED7+15�p
; sub_4059DB+D�p
; DATA XREF: ...
; BOOL __stdcall GetDiskFreeSpaceA(LPCSTR lpRootPathName,LPDWORD lpSectorsPerCluster,LPDWORD lpBytesPerSector,LPDWORD lpNumberOfFreeClusters,LPDWORD lpTotalNumberOfClusters)
extrn GetDiskFreeSpaceA:dword ; CODE XREF: sub_404201+22F�p
; DATA XREF: sub_404201+22F�r
; BOOL __stdcall GlobalUnlock(HGLOBAL hMem)
extrn GlobalUnlock:dword ; CODE XREF: sub_404EBC+35E�p
; DATA XREF: sub_404EBC+35E�r
; LPVOID __stdcall GlobalLock(HGLOBAL hMem)
extrn GlobalLock:dword ; CODE XREF: sub_404EBC+32C�p
; DATA XREF: sub_404EBC+32C�r
; HANDLE __stdcall CreateThread(LPSECURITY_ATTRIBUTES lpThreadAttributes,SIZE_T dwStackSize,LPTHREAD_START_ROUTINE lpStartAddress,LPVOID lpParameter,DWORD dwCreationFlags,LPDWORD lpThreadId)
extrn CreateThread:dword ; CODE XREF: sub_404EBC+1C5�p
; DATA XREF: sub_404EBC+1C5�r
; BOOL __stdcall CreateProcessA(LPCSTR lpApplicationName,LPSTR lpCommandLine,LPSECURITY_ATTRIBUTES lpProcessAttributes,LPSECURITY_ATTRIBUTES lpThreadAttributes,BOOL bInheritHandles,DWORD dwCreationFlags,LPVOID lpEnvironment,LPCSTR lpCurrentDirectory,LPSTARTUPINFOA lpStartupInfo,LPPROCESS_INFORMATION lpProcessInformation)
extrn CreateProcessA:dword ; CODE XREF: sub_405263+3C�p
; DATA XREF: sub_405263+3C�r
; BOOL __stdcall RemoveDirectoryA(LPCSTR lpPathName)
extrn RemoveDirectoryA:dword ; CODE XREF: sub_40531D+19C�p
; DATA XREF: sub_40531D+19C�r
; HANDLE __stdcall CreateFileA(LPCSTR lpFileName,DWORD dwDesiredAccess,DWORD dwShareMode,LPSECURITY_ATTRIBUTES lpSecurityAttributes,DWORD dwCreationDisposition,DWORD dwFlagsAndAttributes,HANDLE hTemplateFile)
extrn CreateFileA:dword ; CODE XREF: sub_4056AC+26�p
; sub_405723+CD�p
; DATA XREF: ...
; UINT __stdcall GetTempFileNameA(LPCSTR lpPathName,LPCSTR lpPrefixString,UINT uUnique,LPSTR lpTempFileName)
extrn GetTempFileNameA:dword ; CODE XREF: sub_4056DB+2D�p
; DATA XREF: sub_4056DB+2D�r
; int __stdcall lstrlenA(LPCSTR lpString)
extrn __imp_lstrlenA:dword ; DATA XREF: lstrlenA�r
; LPSTR __stdcall lstrcatA(LPSTR lpString1,LPCSTR lpString2)
extrn __imp_lstrcatA:dword ; DATA XREF: lstrcatA�r
; UINT __stdcall GetSystemDirectoryA(LPSTR lpBuffer,UINT uSize)
extrn GetSystemDirectoryA:dword ; CODE XREF: sub_4059FD+10F�p
; DATA XREF: sub_4059FD+10F�r
; int __stdcall lstrcmpA(LPCSTR lpString1,LPCSTR lpString2)
extrn lstrcmpA:dword ; CODE XREF: sub_401439:loc_401A52�p
; DATA XREF: sub_401439:loc_401A52�r
; DWORD __stdcall GetEnvironmentVariableA(LPCSTR lpName,LPSTR lpBuffer,DWORD nSize)
extrn GetEnvironmentVariableA:dword ; CODE XREF: sub_401439+636�p
; DATA XREF: sub_401439+636�r
; DWORD __stdcall ExpandEnvironmentStringsA(LPCSTR lpSrc,LPSTR lpDst,DWORD nSize)
extrn ExpandEnvironmentStringsA:dword ; CODE XREF: sub_401439:loc_401A77�p
; DATA XREF: sub_401439:loc_401A77�r
; HGLOBAL __stdcall GlobalFree(HGLOBAL hMem)
extrn GlobalFree:dword ; CODE XREF: sub_401439:loc_401BE1�p
; sub_401439+138D�p ...
; HGLOBAL __stdcall GlobalAlloc(UINT uFlags,SIZE_T dwBytes)
extrn GlobalAlloc:dword ; CODE XREF: sub_401439+7BA�p
; sub_401439+B45�p ...
; DWORD __stdcall WaitForSingleObject(HANDLE hHandle,DWORD dwMilliseconds)
extrn WaitForSingleObject:dword ; CODE XREF: sub_401439+AA2�p
; DATA XREF: sub_401439+A8E�r
; BOOL __stdcall GetExitCodeProcess(HANDLE hProcess,LPDWORD lpExitCode)
extrn GetExitCodeProcess:dword ; CODE XREF: sub_401439+AB2�p
; DATA XREF: sub_401439+AB2�r
; UINT __stdcall SetErrorMode(UINT uMode)
extrn SetErrorMode:dword ; CODE XREF: sub_401439+BAE�p
; sub_401439+C62�p ...
; HMODULE __stdcall GetModuleHandleA(LPCSTR lpModuleName)
extrn GetModuleHandleA:dword ; CODE XREF: sub_401439+BD8�p
; start+AB�p ...
; HMODULE __stdcall LoadLibraryA(LPCSTR lpLibFileName)
extrn LoadLibraryA:dword ; CODE XREF: sub_401439+BE5�p
; sub_403542+228�p ...
; FARPROC __stdcall GetProcAddress(HMODULE hModule,LPCSTR lpProcName)
extrn GetProcAddress:dword ; CODE XREF: sub_401439+BF5�p
; sub_405CEE+21�p
; DATA XREF: ...
; BOOL __stdcall FreeLibrary(HMODULE hLibModule)
extrn FreeLibrary:dword ; CODE XREF: sub_401439+C4E�p
; DATA XREF: sub_401439+C4E�r
; int __stdcall MultiByteToWideChar(UINT CodePage,DWORD dwFlags,LPCSTR lpMultiByteStr,int cbMultiByte,LPWSTR lpWideCharStr,int cchWideChar)
extrn MultiByteToWideChar:dword ; CODE XREF: sub_401439+D7C�p
; DATA XREF: sub_401439+D7C�r
; BOOL __stdcall WritePrivateProfileStringA(LPCSTR lpAppName,LPCSTR lpKeyName,LPCSTR lpString,LPCSTR lpFileName)
extrn WritePrivateProfileStringA:dword ; CODE XREF: sub_401439+EA6�p
; DATA XREF: sub_401439+EA6�r
; DWORD __stdcall GetPrivateProfileStringA(LPCSTR lpAppName,LPCSTR lpKeyName,LPCSTR lpDefault,LPSTR lpReturnedString,DWORD nSize,LPCSTR lpFileName)
extrn GetPrivateProfileStringA:dword ; CODE XREF: sub_401439+EE1�p
; DATA XREF: sub_401439+EE1�r
; BOOL __stdcall WriteFile(HANDLE hFile,LPCVOID lpBuffer,DWORD nNumberOfBytesToWrite,LPDWORD lpNumberOfBytesWritten,LPOVERLAPPED lpOverlapped)
extrn WriteFile:dword ; CODE XREF: sub_401439+1140�p
; sub_401439+139F�p ...
; BOOL __stdcall ReadFile(HANDLE hFile,LPVOID lpBuffer,DWORD nNumberOfBytesToRead,LPDWORD lpNumberOfBytesRead,LPOVERLAPPED lpOverlapped)
extrn ReadFile:dword ; CODE XREF: sub_401439+1197�p
; sub_4030E9+17�p ...
; int __stdcall MulDiv(int nNumber,int nNumerator,int nDenominator)
extrn MulDiv:dword ; CODE XREF: sub_40136D+78�p
; sub_401439+972�p ...
; DWORD __stdcall SetFilePointer(HANDLE hFile,LONG lDistanceToMove,PLONG lpDistanceToMoveHigh,DWORD dwMoveMethod)
extrn SetFilePointer:dword ; CODE XREF: sub_401439+11FB�p
; sub_401439+122B�p ...
; BOOL __stdcall FindClose(HANDLE hFindFile)
extrn FindClose:dword ; CODE XREF: sub_401439+124E�p
; sub_40531D+15A�p ...
; BOOL __stdcall FindNextFileA(HANDLE hFindFile,LPWIN32_FIND_DATAA lpFindFileData)
extrn FindNextFileA:dword ; CODE XREF: sub_401439+126B�p
; sub_40531D+149�p
; DATA XREF: ...
; HANDLE __stdcall FindFirstFileA(LPCSTR lpFileName,LPWIN32_FIND_DATAA lpFindFileData)
extrn FindFirstFileA:dword ; CODE XREF: sub_401439+1292�p
; sub_40531D+92�p ...
; BOOL __stdcall DeleteFileA(LPCSTR lpFileName)
extrn DeleteFileA:dword ; CODE XREF: sub_401439+13D5�p
; start+96�p ...
; BOOL __stdcall CopyFileA(LPCSTR lpExistingFileName,LPCSTR lpNewFileName,BOOL bFailIfExists)
extrn CopyFileA:dword ; CODE XREF: start+277�p
; DATA XREF: start+277�r
;
; Imports from SHELL32.dll
;
; HRESULT __stdcall SHGetMalloc(IMalloc **ppMalloc)
extrn SHGetMalloc:dword ; CODE XREF: sub_405238+8�p
; DATA XREF: sub_405238+8�r
; BOOL __stdcall SHGetPathFromIDListA(LPCITEMIDLIST pidl,LPSTR pszPath)
extrn SHGetPathFromIDListA:dword ; CODE XREF: sub_4044FB+38�p
; sub_4059FD+156�p
; DATA XREF: ...
; LPITEMIDLIST __stdcall SHBrowseForFolderA(LPBROWSEINFOA lpbi)
extrn SHBrowseForFolderA:dword ; CODE XREF: sub_404201+134�p
; DATA XREF: sub_404201+134�r
; DWORD_PTR __stdcall SHGetFileInfoA(LPCSTR pszPath,DWORD dwFileAttributes,SHFILEINFOA *psfi,UINT cbFileInfo,UINT uFlags)
extrn SHGetFileInfoA:dword ; CODE XREF: start+3D�p
; DATA XREF: start+3D�r
; HINSTANCE __stdcall ShellExecuteA(HWND hwnd,LPCSTR lpOperation,LPCSTR lpFile,LPCSTR lpParameters,LPCSTR lpDirectory,INT nShowCmd)
extrn ShellExecuteA:dword ; CODE XREF: sub_401439+A4F�p
; sub_403F0B+20F�p
; DATA XREF: ...
; int __stdcall SHFileOperationA(LPSHFILEOPSTRUCTA lpFileOp)
extrn SHFileOperationA:dword ; CODE XREF: sub_401439+E25�p
; DATA XREF: sub_401439+E25�r
; HRESULT __stdcall SHGetSpecialFolderLocation(HWND hwnd,int csidl,LPITEMIDLIST *ppidl)
extrn SHGetSpecialFolderLocation:dword ; CODE XREF: sub_4059FD+148�p
; DATA XREF: sub_4059FD+148�r
;
; Imports from USER32.dll
;
; BOOL __stdcall ScreenToClient(HWND hWnd,LPPOINT lpPoint)
extrn ScreenToClient:dword ; CODE XREF: sub_4038DB+42C�p
; sub_404643+3D�p
; DATA XREF: ...
; BOOL __stdcall GetWindowRect(HWND hWnd,LPRECT lpRect)
extrn GetWindowRect:dword ; CODE XREF: sub_4038DB+420�p
; sub_404EBC+2A6�p
; DATA XREF: ...
; DWORD __stdcall SetClassLongA(HWND hWnd,int nIndex,LONG dwNewLong)
extrn SetClassLongA:dword ; CODE XREF: sub_4038DB+1CF�p
; DATA XREF: sub_4038DB+1CF�r
; BOOL __stdcall IsWindowEnabled(HWND hWnd)
extrn IsWindowEnabled:dword ; CODE XREF: sub_4038DB+B6�p
; sub_4038DB+103�p
; DATA XREF: ...
; BOOL __stdcall SetWindowPos(HWND hWnd,HWND hWndInsertAfter,int X,int Y,int cx,int cy,UINT uFlags)
extrn SetWindowPos:dword ; CODE XREF: sub_4038DB+3C�p
; sub_4038DB+447�p
; DATA XREF: ...
; DWORD __stdcall GetSysColor(int nIndex)
extrn GetSysColor:dword ; CODE XREF: sub_403E2A+39�p
; sub_403E2A+64�p ...
; LONG __stdcall GetWindowLongA(HWND hWnd,int nIndex)
extrn GetWindowLongA:dword ; CODE XREF: sub_403E2A+1D�p
; sub_4046C3+230�p
; DATA XREF: ...
; HCURSOR __stdcall SetCursor(HCURSOR hCursor)
extrn SetCursor:dword ; CODE XREF: sub_403F0B+1FC�p
; sub_403F0B+21F�p
; DATA XREF: ...
; HCURSOR __stdcall LoadCursorA(HINSTANCE hInstance,LPCSTR lpCursorName)
extrn LoadCursorA:dword ; CODE XREF: sub_403F0B+1F3�p
; sub_403F0B+21C�p
; DATA XREF: ...
; BOOL __stdcall CheckDlgButton(HWND hDlg,int nIDButton,UINT uCheck)
extrn CheckDlgButton:dword ; CODE XREF: sub_403F0B+8B�p
; DATA XREF: sub_403F0B+8B�r
; DWORD __stdcall GetMessagePos()
extrn GetMessagePos:dword ; CODE XREF: sub_404643+23�p
; DATA XREF: sub_404643+23�r
; HBITMAP __stdcall LoadBitmapA(HINSTANCE hInstance,LPCSTR lpBitmapName)
extrn LoadBitmapA:dword ; CODE XREF: sub_4046C3+83�p
; DATA XREF: sub_4046C3+83�r
; LRESULT __stdcall CallWindowProcA(WNDPROC lpPrevWndFunc,HWND hWnd,UINT Msg,WPARAM wParam,LPARAM lParam)
extrn CallWindowProcA:dword ; CODE XREF: sub_404CBD+B5�p
; DATA XREF: sub_404CBD+B5�r
; BOOL __stdcall IsWindowVisible(HWND hWnd)
extrn IsWindowVisible:dword ; CODE XREF: sub_404CBD+47�p
; DATA XREF: sub_404CBD+47�r
; BOOL __stdcall CloseClipboard()
extrn CloseClipboard:dword ; CODE XREF: sub_404EBC+36F�p
; DATA XREF: sub_404EBC+36F�r
; HANDLE __stdcall SetClipboardData(UINT uFormat,HANDLE hMem)
extrn SetClipboardData:dword ; CODE XREF: sub_404EBC+369�p
; DATA XREF: sub_404EBC+369�r
; BOOL __stdcall EmptyClipboard()
extrn EmptyClipboard:dword ; CODE XREF: sub_404EBC+319�p
; DATA XREF: sub_404EBC+319�r
; BOOL __stdcall OpenClipboard(HWND hWndNewOwner)
extrn OpenClipboard:dword ; CODE XREF: sub_404EBC+313�p
; DATA XREF: sub_404EBC+313�r
; BOOL __stdcall EndDialog(HWND hDlg,INT_PTR nResult)
extrn EndDialog:dword ; CODE XREF: sub_4038DB+48A�p
; DATA XREF: sub_4038DB+48A�r
; BOOL __stdcall AppendMenuA(HMENU hMenu,UINT uFlags,UINT_PTR uIDNewItem,LPCSTR lpNewItem)
extrn AppendMenuA:dword ; CODE XREF: sub_404EBC+293�p
; DATA XREF: sub_404EBC+293�r
; HMENU __stdcall CreatePopupMenu()
extrn CreatePopupMenu:dword ; CODE XREF: sub_404EBC+27E�p
; DATA XREF: sub_404EBC+27E�r
; int __stdcall GetSystemMetrics(int nIndex)
extrn GetSystemMetrics:dword ; CODE XREF: sub_404EBC+B3�p
; DATA XREF: sub_404EBC+B3�r
; BOOL __stdcall SetDlgItemTextA(HWND hDlg,int nIDDlgItem,LPCSTR lpString)
extrn __imp_SetDlgItemTextA:dword ; DATA XREF: SetDlgItemTextA�r
; UINT __stdcall GetDlgItemTextA(HWND hDlg,int nIDDlgItem,LPSTR lpString,int cchMax)
extrn GetDlgItemTextA:dword ; CODE XREF: sub_4052BF+13�p
; DATA XREF: sub_4052BF+13�r
; int __stdcall MessageBoxA(HWND hWnd,LPCSTR lpText,LPCSTR lpCaption,UINT uType)
extrn MessageBoxA:dword ; CODE XREF: sub_4052DB+39�p
; DATA XREF: sub_4052DB+39�r
; LPSTR __stdcall CharPrevA(LPCSTR lpszStart,LPCSTR lpszCurrent)
extrn CharPrevA:dword ; CODE XREF: sub_4054E8+F�p
; sub_40552F+14�p ...
; LRESULT __stdcall DispatchMessageA(const MSG *lpMsg)
extrn DispatchMessageA:dword ; CODE XREF: sub_405D18+17�p
; DATA XREF: sub_405D18+17�r
; BOOL __stdcall PeekMessageA(LPMSG lpMsg,HWND hWnd,UINT wMsgFilterMin,UINT wMsgFilterMax,UINT wRemoveMsg)
extrn PeekMessageA:dword ; CODE XREF: sub_405D18+27�p
; DATA XREF: sub_405D18+B�r
; HWND __stdcall CreateDialogParamA(HINSTANCE hInstance,LPCSTR lpTemplateName,HWND hWndParent,DLGPROC lpDialogFunc,LPARAM dwInitParam)
extrn CreateDialogParamA:dword ; CODE XREF: sub_402C37+166�p
; sub_4038DB+3F0�p
; DATA XREF: ...
; BOOL __stdcall DestroyWindow(HWND hWnd)
extrn DestroyWindow:dword ; CODE XREF: sub_402C37+1A1�p
; sub_402C37+21B�p ...
; UINT_PTR __stdcall SetTimer(HWND hWnd,UINT_PTR nIDEvent,UINT uElapse,TIMERPROC lpTimerFunc)
extrn SetTimer:dword ; CODE XREF: DialogFunc+20�p
; DATA XREF: DialogFunc+20�r
; BOOL __stdcall SetWindowTextA(HWND hWnd,LPCSTR lpString)
extrn SetWindowTextA:dword ; CODE XREF: DialogFunc+69�p
; sub_40380E+98�p ...
; void __stdcall PostQuitMessage(int nExitCode)
extrn PostQuitMessage:dword ; CODE XREF: sub_401439+76�p
; DATA XREF: sub_401439+76�r
; BOOL __stdcall SetForegroundWindow(HWND hWnd)
extrn SetForegroundWindow:dword ; CODE XREF: sub_401439+FC�p
; DATA XREF: sub_401439+FC�r
; int wsprintfA(LPSTR,LPCSTR,...)
extrn wsprintfA:dword ; CODE XREF: sub_401439+72A�p
; sub_401439+A21�p ...
; LRESULT __stdcall SendMessageTimeoutA(HWND hWnd,UINT Msg,WPARAM wParam,LPARAM lParam,UINT fuFlags,UINT uTimeout,PDWORD_PTR lpdwResult)
extrn SendMessageTimeoutA:dword ; CODE XREF: sub_401439+842�p
; DATA XREF: sub_401439+842�r
; HWND __stdcall FindWindowExA(HWND hWndParent,HWND hWndChildAfter,LPCSTR lpszClass,LPCSTR lpszWindow)
extrn FindWindowExA:dword ; CODE XREF: sub_401439+888�p
; DATA XREF: sub_401439+888�r
; ATOM __stdcall RegisterClassA(const WNDCLASSA *lpWndClass)
extrn RegisterClassA:dword ; CODE XREF: sub_403542+18F�p
; sub_403542+267�p
; DATA XREF: ...
; BOOL __stdcall SystemParametersInfoA(UINT uiAction,UINT uiParam,PVOID pvParam,UINT fWinIni)
extrn SystemParametersInfoA:dword ; CODE XREF: sub_403542+1A7�p
; DATA XREF: sub_403542+1A7�r
; HWND __stdcall CreateWindowExA(DWORD dwExStyle,LPCSTR lpClassName,LPCSTR lpWindowName,DWORD dwStyle,int X,int Y,int nWidth,int nHeight,HWND hWndParent,HMENU hMenu,HINSTANCE hInstance,LPVOID lpParam)
extrn CreateWindowExA:dword ; CODE XREF: sub_403542+1E0�p
; DATA XREF: sub_403542+1E0�r
; BOOL __stdcall GetClassInfoA(HINSTANCE hInstance,LPCSTR lpClassName,LPWNDCLASSA lpWndClass)
extrn GetClassInfoA:dword ; CODE XREF: sub_403542+248�p
; sub_403542+257�p
; DATA XREF: ...
; INT_PTR __stdcall DialogBoxParamA(HINSTANCE hInstance,LPCSTR lpTemplateName,HWND hWndParent,DLGPROC lpDialogFunc,LPARAM dwInitParam)
extrn DialogBoxParamA:dword ; CODE XREF: sub_403542+286�p
; DATA XREF: sub_403542+286�r
; LPSTR __stdcall CharNextA(LPCSTR lpsz)
extrn CharNextA:dword ; CODE XREF: start+D6�p sub_405513+D�p ...
; BOOL __stdcall TrackPopupMenu(HMENU hMenu,UINT uFlags,int x,int y,int nReserved,HWND hWnd,const RECT *prcRect)
extrn TrackPopupMenu:dword ; CODE XREF: sub_404EBC+2C8�p
; DATA XREF: sub_404EBC+2C8�r
; BOOL __stdcall ExitWindowsEx(UINT uFlags,DWORD dwReason)
extrn ExitWindowsEx:dword ; CODE XREF: start+38E�p
; DATA XREF: start+38E�r
; BOOL __stdcall IsWindow(HWND hWnd)
extrn IsWindow:dword ; CODE XREF: sub_401439+8A9�p
; DATA XREF: sub_401439+8A9�r
; HWND __stdcall GetDlgItem(HWND hDlg,int nIDDlgItem)
extrn GetDlgItem:dword ; CODE XREF: sub_401439+8CF�p
; sub_401439+8FF�p ...
; LONG __stdcall SetWindowLongA(HWND hWnd,int nIndex,LONG dwNewLong)
extrn SetWindowLongA:dword ; CODE XREF: sub_401439+8EE�p
; sub_4038DB+8B�p ...
; HANDLE __stdcall LoadImageA(HINSTANCE hInst,LPCSTR name,UINT type,int cx,int cy,UINT fuLoad)
extrn LoadImageA:dword ; CODE XREF: sub_401439+92D�p
; sub_403542+148�p
; DATA XREF: ...
; HDC __stdcall GetDC(HWND hWnd)
extrn GetDC:dword ; CODE XREF: sub_401439+95C�p
; DATA XREF: sub_401439+95C�r
; BOOL __stdcall EnableWindow(HWND hWnd,BOOL bEnable)
extrn EnableWindow:dword ; CODE XREF: sub_401439:loc_401E29�p
; sub_4038DB+2F6�p ...
; BOOL __stdcall InvalidateRect(HWND hWnd,const RECT *lpRect,BOOL bErase)
extrn InvalidateRect:dword ; CODE XREF: sub_401439+14F0�p
; sub_4046C3+583�p
; DATA XREF: ...
; LRESULT __stdcall SendMessageA(HWND hWnd,UINT Msg,WPARAM wParam,LPARAM lParam)
extrn SendMessageA:dword ; CODE XREF: sub_40136D+88�p
; sub_401439+85A�p ...
; LRESULT __stdcall DefWindowProcA(HWND hWnd,UINT Msg,WPARAM wParam,LPARAM lParam)
extrn DefWindowProcA:dword ; CODE XREF: sub_401000+2C�p
; DATA XREF: sub_401000+2C�r
; HDC __stdcall BeginPaint(HWND hWnd,LPPAINTSTRUCT lpPaint)
extrn BeginPaint:dword ; CODE XREF: sub_401000+47�p
; DATA XREF: sub_401000+47�r
; BOOL __stdcall GetClientRect(HWND hWnd,LPRECT lpRect)
extrn GetClientRect:dword ; CODE XREF: sub_401000+5B�p
; sub_401439+90C�p ...
; int __stdcall FillRect(HDC hDC,const RECT *lprc,HBRUSH hbr)
extrn FillRect:dword ; CODE XREF: sub_401000+E4�p
; DATA XREF: sub_401000+E4�r
; int __stdcall DrawTextA(HDC hdc,LPCSTR lpchText,int cchText,LPRECT lprc,UINT format)
extrn DrawTextA:dword ; CODE XREF: sub_401000+156�p
; DATA XREF: sub_401000+156�r
; BOOL __stdcall EndPaint(HWND hWnd,const PAINTSTRUCT *lpPaint)
extrn EndPaint:dword ; CODE XREF: sub_401000+16E�p
; DATA XREF: sub_401000+16E�r
; BOOL __stdcall ShowWindow(HWND hWnd,int nCmdShow)
extrn ShowWindow:dword ; CODE XREF: sub_401439+162�p
; sub_401439+177�p ...
;
; Imports from VERSION.dll
;
; DWORD __stdcall GetFileVersionInfoSizeA(LPCSTR lptstrFilename,LPDWORD lpdwHandle)
extrn __imp_GetFileVersionInfoSizeA:dword
; DATA XREF: GetFileVersionInfoSizeA�r
; BOOL __stdcall GetFileVersionInfoA(LPCSTR lptstrFilename,DWORD dwHandle,DWORD dwLen,LPVOID lpData)
extrn __imp_GetFileVersionInfoA:dword ; DATA XREF: GetFileVersionInfoA�r
; BOOL __stdcall VerQueryValueA(LPCVOID pBlock,LPCSTR lpSubBlock,LPVOID *lplpBuffer,PUINT puLen)
extrn __imp_VerQueryValueA:dword ; DATA XREF: VerQueryValueA�r
;
; Imports from ole32.dll
;
; HRESULT __stdcall OleInitialize(LPVOID pvReserved)
extrn OleInitialize:dword ; CODE XREF: start+21�p
; StartAddress+10�p
; DATA XREF: ...
; void __stdcall OleUninitialize()
extrn OleUninitialize:dword ; CODE XREF: start+1D1�p
; StartAddress+5C�p
; DATA XREF: ...
; HRESULT __stdcall CoCreateInstance(const IID *const rclsid,LPUNKNOWN pUnkOuter,DWORD dwClsContext,const IID *const riid,LPVOID *ppv)
extrn CoCreateInstance:dword ; CODE XREF: sub_401439+CC0�p
; DATA XREF: sub_401439+CC0�r
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read
_rdata segment para public 'DATA' use32
assume cs:_rdata
;org 407280h
; char aShlwapi_dll[]
aShlwapi_dll db 'shlwapi.dll',0 ; DATA XREF: sub_404201+A8�o
; char aShautocomplete[]
aShautocomplete db 'SHAutoComplete',0 ; DATA XREF: sub_404201+A3�o
align 4
; char a_defaultContro[]
a_defaultContro db '.DEFAULT\Control Panel\International',0 ; DATA XREF: sub_403542+62�o
align 4
; char ValueName[]
ValueName db 'Locale',0 ; DATA XREF: sub_403542+5D�o
align 4
; char phkResult[]
phkResult db 'Control Panel\Desktop\ResourceLocale',0 ; DATA XREF: sub_403542+45�o
align 4
; char aGetuserdefault[]
aGetuserdefault db 'GetUserDefaultUILanguage',0 ; DATA XREF: sub_403542+D�o
align 10h
; char aD[]
aD db '%d',0 ; DATA XREF: sub_405939+4�o
align 4
byte_407314 db 10h ; DATA XREF: sub_405DB9+3C0�r
; sub_405DB9+3E7�r
db 11h, 12h, 0
dd 6090708h, 40B050Ah, 20D030Ch, 0F010Eh
dword_407328 dd 40003h, 60005h, 80007h, 0A0009h, 0D000Bh, 11000Fh, 170013h
; DATA XREF: sub_405DB9+162�o
; sub_405DB9+5C5�o
dd 1F001Bh, 2B0023h, 3B0033h, 530043h, 730063h, 0A30083h
dd 0E300C3h, 102h, 0
dword_407368 dd 4 dup(0) ; DATA XREF: sub_405DB9+15D�o
; sub_405DB9+5C0�o
dd 2 dup(10001h), 2 dup(20002h), 2 dup(30003h), 2 dup(40004h)
dd 2 dup(50005h), 700000h, 70h
dword_4073A8 dd 20001h, 40003h, 70005h, 0D0009h, 190011h, 310021h, 610041h
; DATA XREF: sub_405DB9+197�o
; sub_405DB9+605�o
dd 0C10081h, 1810101h, 3010201h, 6010401h, 0C010801h, 18011001h
dd 30012001h, 60014001h
dword_4073E4 dd 2 dup(0) ; DATA XREF: sub_405DB9+192�o
; sub_405DB9+600�o
dd 10001h, 20002h, 30003h, 40004h, 50005h, 60006h, 70007h
dd 80008h, 90009h, 0A000Ah, 0B000Bh, 0C000Ch, 0D000Dh
; IID riid
riid dd 214EEh ; Data1 ; DATA XREF: sub_401439+CB3�o
dw 0 ; Data2
dw 0 ; Data3
db 0C0h, 6 dup(0), 46h ; Data4
; IID rclsid
rclsid dd 21401h ; Data1 ; DATA XREF: sub_401439+CBB�o
dw 0 ; Data2
dw 0 ; Data3
db 0C0h, 6 dup(0), 46h ; Data4
dword_407440 dd 10Bh, 0 ; DATA XREF: sub_401439+CD5�o
dd 0C0h, 46000000h, 7564h, 2 dup(0)
dd 7B6Eh, 7060h, 7670h, 2 dup(0)
dd 7F48h, 716Ch, 7540h, 2 dup(0)
dd 7FDAh, 703Ch, 7650h, 2 dup(0)
dd 8074h, 714Ch, 7504h, 2 dup(0)
dd 8116h, 7000h, 752Ch, 2 dup(0)
dd 8162h, 7028h, 7774h, 2 dup(0)
dd 81A6h, 7270h, 7764h, 2 dup(0)
dd 81F2h, 7260h, 5 dup(0)
dd 809Eh, 80B2h, 8090h, 8080h, 8106h, 80F6h, 80E4h, 80D6h
dd 80C4h, 0
dd 8138h, 8124h, 80000011h, 814Eh, 0
dd 7FCCh, 7FBCh, 7FACh, 7F96h, 7F80h, 7F74h, 7F64h, 7F54h
dd 0
dd 792Eh, 793Ch, 794Ah, 795Ch, 796Ah, 797Eh, 7992h, 799Eh
dd 79B6h, 79CCh, 79DCh, 79F0h, 7A06h, 7A0Eh, 7A1Ch, 7A32h
dd 7A42h, 7922h, 7A62h, 7A70h, 7A82h, 7A9Ah, 7AAAh, 7AB6h
dd 7ACAh, 7ADAh, 7AE8h, 7AF8h, 7B0Ah, 7B1Eh, 7B2Ch, 7B40h
dd 7B4Ch, 7B58h, 7916h, 78FCh, 78E0h, 78D2h, 78C4h, 78AEh
dd 7898h, 7888h, 7874h, 7864h, 7852h, 7844h, 782Eh, 7810h
dd 77F4h, 77E8h, 77DCh, 7784h, 77CAh, 77BEh, 77AEh, 779Ch
dd 778Eh, 7A56h, 0
dd 8048h, 8030h, 801Ah, 8008h, 7FF8h, 7FE4h, 8056h, 0
dd 7D76h, 7D88h, 7D98h, 7DA8h, 7DBAh, 7DCAh, 7DD8h, 7DEAh
dd 7DF6h, 7E04h, 7E16h, 7E26h, 7E34h, 7E46h, 7E58h, 7E6Ah
dd 7E7Eh, 7E90h, 7D6Ah, 7EB2h, 7EC0h, 7ED2h, 7EE6h, 7EF8h
dd 7F0Ah, 7F18h, 7F24h, 7F38h, 7CDAh, 7CCAh, 7CBEh, 7CACh
dd 7C9Ah, 7C84h, 7C6Ah, 7C54h, 7C44h, 7D58h, 7D40h, 7D2Eh
dd 7D1Eh, 7D0Ch, 7D00h, 7EA0h, 7CF0h, 7C38h, 7C2Ah, 7C18h
dd 7C0Ah, 7C02h, 7BF2h, 7BE0h, 7BD0h, 7BBEh, 7BB0h, 7BA0h
dd 7B94h, 7B88h, 7B7Ch, 7C76h, 0
dd 81D8h, 81C2h, 81B0h, 0
dd 8196h, 8184h, 8170h, 0
db 6Ah ; j
db 2, 4Dh, 75h
aLdiv db 'lDiv',0
align 2
db '|',0
aDeletefilea db 'DeleteFileA',0
db 'É',0
aFindfirstfilea db 'FindFirstFileA',0
align 2
db 'Ó',0
aFindnextfilea db 'FindNextFileA',0
db 'Å',0
aFindclose db 'FindClose',0
dw 310h
aSetfilepointer db 'SetFilePointer',0
align 4
db 0ABh ; «
db 2, 52h, 65h
aAdfile db 'adFile',0
align 4
db 97h ; —
db 3, 57h, 72h
aItefile db 'iteFile',0
db 94h ; ”
db 1, 47h, 65h
aTprivateprofil db 'tPrivateProfileStringA',0
align 10h
db 9Ch ; œ
db 3, 57h, 72h
aIteprivateprof db 'itePrivateProfileStringA',0
align 2
dw 26Bh
aMultibytetowid db 'MultiByteToWideChar',0
aQ db 'ï',0
aFreelibrary db 'FreeLibrary',0
dw 198h
aGetprocaddress db 'GetProcAddress',0
align 4
db 48h ; H
db 2, 4Ch, 6Fh
aAdlibrarya db 'adLibraryA',0
align 4
db 77h ; w
db 1, 47h, 65h
aTmodulehandlea db 'tModuleHandleA',0
align 4
db 0Ah
db 3, 53h, 65h
aTerrormode db 'tErrorMode',0
align 4
db 52h ; R
db 1, 47h, 65h
aTexitcodeproce db 'tExitCodeProcess',0
align 2
dw 385h
aWaitforsingleo db 'WaitForSingleObject',0
db 0EEh ; î
db 1, 47h, 6Ch
aObalalloc db 'obalAlloc',0
dw 1F5h
aGlobalfree db 'GlobalFree',0
align 10h
db '²',0
aExpandenvironm db 'ExpandEnvironmentStringsA',0
db 50h ; P
db 1, 47h, 65h
aTenvironmentva db 'tEnvironmentVariableA',0
dw 3B3h
aLstrcmpa db 'lstrcmpA',0
align 2
dw 3B6h
aLstrcmpia db 'lstrcmpiA',0
a__0 db '.',0
aClosehandle db 'CloseHandle',0
dd 65530314h, 6C694674h, 6D695465h, 330065h, 706D6F43h
dd 46657261h, 54656C69h, 656D69h, 655302D0h, 68637261h
dd 68746150h, 1AD0041h
aGetshortpathna db 'GetShortPathNameA',0
dw 161h
aGetfullpathnam db 'GetFullPathNameA',0
align 2
dw 264h
aMovefilea db 'MoveFileA',0
dw 2FFh
aSetcurrentdire db 'SetCurrentDirectoryA',0
align 2
dw 156h
aGetfileattribu db 'GetFileAttributesA',0
align 4
dd 65470169h, 73614C74h, 72724574h, 726Fh, 72430045h, 65746165h
dd 65726944h, 726F7463h, 4179h, 6553030Eh, 6C694674h, 74744165h
dd 75626972h, 41736574h, 3490000h, 65656C53h, 15B0070h
dd 46746547h, 53656C69h, 657A69h, 65470175h, 646F4D74h
dd 46656C75h, 4E656C69h, 41656D61h, 1D50000h, 54746547h
dd 436B6369h, 746E756Fh, 13A0000h, 43746547h, 65727275h
dd 7250746Eh, 7365636Fh, 3D0073h, 79706F43h, 656C6946h
dd 0AF0041h, 74697845h, 636F7250h, 737365h, 65470108h
dd 6D6F4374h, 646E616Dh, 656E694Ch, 1E90041h, 57746547h
dd 6F646E69h, 69447377h, 74636572h, 4179726Fh, 1CB0000h
dd 54746547h, 50706D65h, 41687461h, 3BC0000h, 7274736Ch
dd 6E797063h, 1450041h, 44746547h, 466B7369h, 53656572h
dd 65636170h, 2000041h, 626F6C47h, 6E556C61h, 6B636F6Ch
dd 1F90000h, 626F6C47h, 6F4C6C61h, 6B63h, 72430069h, 65746165h
dd 65726854h, 6461h, 72430060h, 65746165h, 636F7250h, 41737365h
dd 2BA0000h, 6F6D6552h, 69446576h, 74636572h, 4179726Fh
dd 4D0000h, 61657243h, 69466574h, 41656Ch, 654701C9h, 6D655474h
dd 6C694670h, 6D614E65h, 4165h, 736C03BFh, 656C7274h, 416Eh
dd 736C03B0h, 61637274h, 4174h, 654701B9h, 73795374h, 446D6574h
dd 63657269h, 79726F74h, 454B0041h, 4C454E52h, 642E3233h
dd 6C6Ch, 6E4500C8h, 69615064h, 746Eh, 724400BCh, 65547761h
dd 417478h, 694600E2h, 65526C6Ch, 7463h, 654700FFh, 696C4374h
dd 52746E65h, 746365h, 6542000Dh, 506E6967h, 746E6961h
dd 8E0000h, 57666544h, 6F646E69h, 6F725077h, 4163h, 6553023Ah
dd 654D646Eh, 67617373h, 4165h, 6E490193h, 696C6176h, 65746164h
dd 74636552h, 0C40000h, 62616E45h, 6957656Ch, 776F646Eh
dd 10C0000h, 44746547h, 1BF0043h, 64616F4Ch, 67616D49h
dd 4165h, 6553027Fh, 6E695774h, 4C776F64h, 41676E6Fh, 1110000h
dd 44746547h, 7449676Ch, 6D65h, 734901ADh, 646E6957h, 776Fh
dd 694600E4h, 6957646Eh, 776F646Eh, 417845h, 6553023Dh
dd 654D646Eh, 67617373h, 6D695465h, 74756F65h, 2D50041h
dd 72707377h, 66746E69h, 2910041h, 776F6853h, 646E6957h
dd 776Fh, 65530256h, 726F4674h, 6F726765h, 57646E75h, 6F646E69h
dd 2030077h, 74736F50h, 74697551h, 7373654Dh, 656761h
dd 65530285h, 6E695774h, 54776F64h, 41747865h, 2790000h
dd 54746553h, 72656D69h, 990000h, 74736544h, 57796F72h
dd 6F646E69h, 550077h, 61657243h, 69446574h, 676F6C61h
dd 61726150h, 416Dh, 784500E1h, 69577469h, 776F646Eh, 784573h
dd 6843002Ah, 654E7261h, 417478h, 6944009Eh, 676F6C61h
dd 50786F42h, 6D617261h, 0F60041h, 43746547h, 7373616Ch
dd 6F666E49h, 600041h, 61657243h, 69576574h, 776F646Eh
dd 417845h, 79530298h, 6D657473h, 61726150h, 6574656Dh
dd 6E497372h, 416F66h, 65520215h, 74736967h, 6C437265h
dd 41737361h, 0C60000h, 44646E45h, 6F6C6169h, 2300067h
dd 65726353h, 6F546E65h, 65696C43h, 746Eh, 65470174h, 6E695774h
dd 52776F64h, 746365h, 65530246h, 616C4374h, 6F4C7373h
dd 41676Eh, 734901AEh, 646E6957h, 6E45776Fh, 656C6261h
dd 2820064h, 57746553h, 6F646E69h, 736F5077h, 15A0000h
dd 53746547h, 6F437379h, 726F6Ch, 6547016Eh, 6E695774h
dd 4C776F64h, 41676E6Fh, 24C0000h, 43746553h, 6F737275h
dd 1B90072h, 64616F4Ch, 73727543h, 41726Fh, 68430038h
dd 446B6365h, 7542676Ch, 6E6F7474h, 13C0000h, 4D746547h
dd 61737365h, 6F506567h, 1B70073h, 64616F4Ch, 6D746942h
dd 417061h, 6143001Bh, 69576C6Ch, 776F646Eh, 636F7250h
dd 1B10041h, 69577349h, 776F646Eh, 69736956h, 656C62h
dd 6C430042h, 4365736Fh, 6270696Ch, 6472616Fh, 2490000h
dd 43746553h, 6270696Ch, 6472616Fh, 61746144h, 0C10000h
dd 74706D45h, 696C4379h, 616F6270h, 6472h, 704F01F5h, 6C436E65h
dd 6F627069h, 647261h, 725402A3h, 506B6361h, 7075706Fh
dd 756E654Dh, 80000h, 65707041h, 654D646Eh, 41756Eh, 7243005Eh
dd 65746165h, 75706F50h, 6E654D70h, 15D0075h, 53746547h
dd 65747379h, 74654D6Dh, 73636972h, 2520000h, 44746553h
dd 7449676Ch, 65546D65h, 417478h, 65470113h, 676C4474h
dd 6D657449h, 74786554h, 1DE0041h, 7373654Dh, 42656761h
dd 41786Fh, 6843002Dh, 72507261h, 417665h, 694400A1h, 74617073h
dd 654D6863h, 67617373h, 4165h, 655001FFh, 654D6B65h, 67617373h
dd 4165h, 52455355h, 642E3233h, 6C6Ch, 6553020Eh, 7463656Ch
dd 656A624Fh, 7463h, 6553023Ch, 78655474h, 6C6F4374h, 726Fh
dd 65530216h, 4D6B4274h, 65646Fh, 7243003Ah, 65746165h
dd 746E6F46h, 69646E49h, 74636572h, 290041h, 61657243h
dd 72426574h, 49687375h, 7269646Eh, 746365h, 6544008Fh
dd 6574656Ch, 656A624Fh, 7463h, 6547016Bh, 76654474h, 43656369h
dd 737061h, 65530215h, 436B4274h, 726F6C6Fh, 44470000h
dd 2E323349h, 6C6C64h, 4853009Ah, 656C6946h, 7265704Fh
dd 6F697461h, 416Eh, 68530107h, 456C6C65h, 75636578h, 416574h
dd 485300ACh, 46746547h, 49656C69h, 416F666Eh, 790000h
dd 72424853h, 6573776Fh, 46726F46h, 65646C6Fh, 4172h, 485300BCh
dd 50746547h, 46687461h, 496D6F72h, 73694C44h, 4174h, 485300B7h
dd 4D746547h, 6F6C6C61h, 0C30063h, 65474853h, 65705374h
dd 6C616963h, 646C6F46h, 6F4C7265h, 69746163h, 6E6Fh, 4C454853h
dd 2E32334Ch, 6C6C64h, 655201D9h, 756E4567h, 6C61566Dh
dd 416575h, 655201D5h, 756E4567h, 79654B6Dh, 1EC0041h
dd 51676552h, 79726575h, 756C6156h, 41784565h, 1F90000h
dd 53676552h, 61567465h, 4565756Ch, 4178h, 655201CDh, 65724367h
dd 4B657461h, 78457965h, 1C90041h, 43676552h, 65736F6Ch
dd 79654Bh, 655201D2h, 6C654467h, 56657465h, 65756C61h
dd 1D00041h, 44676552h, 74656C65h, 79654B65h, 1E20041h
dd 4F676552h, 4B6E6570h, 78457965h, 44410041h, 49504156h
dd 642E3233h, 6C6Ch, 6D490038h, 4C656761h, 5F747369h, 74736544h
dd 796F72h, 6D490034h, 4C656761h, 5F747369h, 4D646441h
dd 656B7361h, 370064h, 67616D49h, 73694C65h, 72435F74h
dd 65746165h, 4F430000h, 4C54434Dh, 642E3233h, 6C6Ch, 6F430010h
dd 61657243h, 6E496574h, 6E617473h, 6563h, 6C4F0104h, 696E5565h
dd 6974696Eh, 7A696C61h, 0ED0065h, 49656C4Fh, 6974696Eh
dd 7A696C61h, 6C6F0065h, 2E323365h, 6C6C64h, 6556000Ah
dd 65755172h, 61567972h, 4165756Ch, 0
aGetfileversion db 'GetFileVersionInfoA',0
db 1
align 2
aGetfileversi_0 db 'GetFileVersionInfoSizeA',0
aVersion_dll db 'VERSION.dll',0
align 10h
_rdata ends
; Section 3. (virtual address 00009000)
; Virtual size : 000264D4 ( 156884.)
; Section size in file : 00000400 ( 1024.)
; Offset to raw data for section: 00007200
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_data segment para public 'DATA' use32
assume cs:_data
;org 409000h
off_409000 dd offset dword_42F4A0 ; DATA XREF: sub_401439:loc_402059�o
dd offset sub_40136D
dd offset sub_405C17
dword_40900C dd 6 ; DATA XREF: sub_401439+AF�r
; sub_401439+C9�w
; char SubBlock[]
SubBlock db '\',0 ; DATA XREF: sub_401439+B6F�o
; sub_40531D:loc_405392�o ...
align 4
; char aSS[]
aSS db '%s %s',0 ; DATA XREF: sub_401439+A15�o
align 4
; char String2[]
String2 db '->',0 ; DATA XREF: sub_401439+270�o
align 10h
; HANDLE hFile
hFile dd 0FFFFFFFFh ; DATA XREF: sub_402C37+4E�w
; sub_4030E9+11�r ...
align 8
aTheInstallerYo db 'The installer you are trying to use is corrupted or incomplete.',0Ah
; DATA XREF: sub_402C37:loc_402E42�o
db 'This could be the result of a damaged disk, a failed download or '
db 'a virus.',0Ah
db 0Ah
db 'You may want to contact the author of this installer to obtain a '
db 'new copy.',0Ah
db 0Ah
db 'It may be possible to skip this check using the /NCRC command lin'
db 'e switch',0Ah
db '(NOT RECOMMENDED).',0
aVerifyingInsta db 'verifying installer: %d%%',0 ; DATA XREF: sub_402C37+152�o
align 4
aErrorLaunching db 'Error launching installer',0 ; DATA XREF: sub_402C37+56�o
; start+18D�o
align 4
; char a___D[]
a___D db '... %d%%',0 ; DATA XREF: sub_402EBD+141�o
align 10h
; char aAu__exe[]
aAu__exe db 'Au_.exe',0 ; DATA XREF: start+225�o
; start:loc_403450�w ...
aSeshutdownpriv db 'SeShutdownPrivilege',0 ; DATA XREF: start+364�o
; char aAdjusttokenpri[]
aAdjusttokenpri db 'AdjustTokenPrivileges',0 ; DATA XREF: start+32E�o
align 4
; char aLookupprivileg[]
aLookupprivileg db 'LookupPrivilegeValueA',0 ; DATA XREF: start+321�o
align 4
; char ProcName[]
ProcName db 'OpenProcessToken',0 ; DATA XREF: start+316�o
align 10h
; char aAdvapi32_dll[]
aAdvapi32_dll db 'ADVAPI32.dll',0 ; DATA XREF: start+311�o
align 10h
; char a_?[]
a_? db ' _?=',0 ; DATA XREF: start+2BE�o
align 4
; char asc_409218[]
asc_409218 db '" ',0 ; DATA XREF: start:loc_40340F�o
align 4
; char aNsu_tmp[]
aNsu_tmp db '~nsu.tmp\',0 ; DATA XREF: start:loc_403358�o
align 4
; char aTemp[]
aTemp db '\Temp',0 ; DATA XREF: start+78�o
align 10h
; char aNsisError[]
aNsisError db 'NSIS Error',0 ; DATA XREF: start+43�o
align 10h
; char Text[]
Text db 'Error writing temporary file. Make sure your temp folder is valid'
; DATA XREF: start+10�o
db '.',0
align 4
dword_409284 dd 0FFFFFFFFh ; DATA XREF: sub_4038DB+A4�r
; sub_4038DB+120�r ...
; DLGPROC lpDialogFunc
lpDialogFunc dd offset sub_403F0B ; DATA XREF: sub_4038DB+3D4�r
dd offset sub_4046C3
dd offset sub_404201
dd offset sub_404EBC
dd offset sub_4041BA
dword_40929C dd 0FFFFFFFFh ; DATA XREF: sub_404CBD+2F�w
; sub_404CBD+6A�r ...
dword_4092A0 dd 6 ; DATA XREF: sub_401439+B4�w
; sub_401439:loc_4014F7�r ...
; char ClassName[]
ClassName db 'RichEdit20A',0 ; DATA XREF: sub_403542+240�o
; sub_403542+251�w ...
; char LibFileName[]
LibFileName db 'RichEd20.dll',0 ; DATA XREF: sub_403542+222�o
; sub_403542+22F�w
align 10h
; char a_exe[]
a_exe db '.exe',0 ; DATA XREF: sub_403542+EE�o
align 4
; char aKernel32_dll[]
aKernel32_dll db 'KERNEL32.dll',0 ; DATA XREF: sub_403542+12�o
; sub_404201+1E9�o ...
align 4
; char Operation[]
Operation db 'open',0 ; DATA XREF: sub_403F0B+207�o
align 10h
; char aGetdiskfreespa[]
aGetdiskfreespa db 'GetDiskFreeSpaceExA',0 ; DATA XREF: sub_404201:loc_4043E5�o
; char aU_USS[]
aU_USS db '%u.%u%s%s',0 ; DATA XREF: sub_404561+78�o
align 10h
; char a_[]
a_ db '\*.*',0 ; DATA XREF: sub_40531D+62�o
align 4
; char asc_409308[]
asc_409308 db 0Ah ; DATA XREF: sub_405723+182�o
db '[',0
align 4
; char aRename[]
aRename db '[Rename]',0Dh,0Ah,0 ; DATA XREF: sub_405723+116�o
; sub_405723+128�o
align 4
; char aWininit_ini[]
aWininit_ini db '\wininit.ini',0 ; DATA XREF: sub_405723+B0�o
align 4
; char aSS_0[]
aSS_0 db '%s=%s',0Dh,0Ah,0 ; DATA XREF: sub_405723+8F�o
; char aMovefileexa[]
aMovefileexa db 'MoveFileExA',0 ; DATA XREF: sub_405723+4�o
; char aCProgramFiles[]
aCProgramFiles db 'C:\Program Files',0 ; DATA XREF: sub_4059FD+F7�o
align 10h
; char aProgramfilesdi[]
aProgramfilesdi db 'ProgramFilesDir',0 ; DATA XREF: sub_4059FD+DA�o
; char aSoftwareMicros[]
aSoftwareMicros db 'Software\Microsoft\Windows\CurrentVersion',0 ; DATA XREF: sub_4059FD+C3�o
; sub_4059FD+DF�o
align 4
; char aCommonfilesdir[]
aCommonfilesdir db 'CommonFilesDir',0 ; DATA XREF: sub_4059FD+BE�o
align 4
aMicrosoftInter db '\Microsoft\Internet Explorer\Quick Launch',0 ; DATA XREF: sub_4059FD+AC�o
align 4
; char a?[]
a? db '*?|<>/":',0 ; DATA XREF: sub_405C17+48�o
align 4
word_4093D4 dw 0 ; DATA XREF: sub_405DB9+47C�r
; sub_405DB9+501�r ...
dw 1
dd 70003h, 1F000Fh, 7F003Fh, 1FF00FFh, 7FF03FFh, 1FFF0FFFh
dd 7FFF3FFFh, 0FFFFh
byte_4093F8 db 9 ; DATA XREF: sub_405DB9+153�o
; sub_405DB9:loc_405F69�r
align 4
byte_4093FC db 5 ; DATA XREF: sub_405DB9+188�o
; sub_405DB9+1B8�r
align 10h
; LOGFONTA lf
lf LOGFONTA <?> ; DATA XREF: sub_401439+97C�w
; sub_401439+9BF�o
dword_40943C dd ? ; DATA XREF: sub_401439+3E�w
; sub_402A7D+4�r ...
; WCHAR WideCharStr
WideCharStr dw ? ; DATA XREF: sub_401439+D63�o
; sub_401439+D73�w
align 4
dd 1FFh dup(?)
; char FileName[]
FileName db 400h dup(?) ; DATA XREF: sub_401439+380�o
; sub_401439+75F�o ...
; CHAR String1
String1 db ? ; DATA XREF: sub_401428�o
; sub_401439+246�o ...
align 4
dd 0FFh dup(?)
; BYTE Data
Data dd ? ; DATA XREF: sub_401439+3AE�o
; sub_401439+DEE�o ...
dd 2FFh dup(?)
; HGLOBAL hMem
hMem dd ? ; DATA XREF: sub_401439+73B�r
; sub_401439+76B�r ...
align 8
; LPCSTR dword_40B048
dword_40B048 dd ? ; DATA XREF: DialogFunc+2C�w
; DialogFunc+57�r
align 10h
dword_40B050 dd ? ; DATA XREF: sub_402EBD+D4�w
; sub_402EBD+E6�o
dword_40B054 dd ? ; DATA XREF: sub_402EBD+DA�w
dword_40B058 dd ? ; DATA XREF: sub_402EBD+EB�w
; sub_402EBD+106�r ...
dword_40B05C dd ? ; DATA XREF: sub_402EBD+F1�w
dword_40B060 dd ? ; DATA XREF: sub_402EBD+86�w
dd 145h dup(?)
dword_40B578 dd ? ; DATA XREF: sub_402EBD+70�w
dword_40B57C dd ? ; DATA XREF: sub_402EBD+69�w
dd 5A0h dup(?)
dword_40CC00 dd 2000h dup(?) ; DATA XREF: sub_402EBD+81�o
dword_414C00 dd ? ; DATA XREF: sub_402EBD+9D�w
dword_414C04 dd ? ; DATA XREF: sub_402EBD+95�w
dword_414C08 dd ? ; DATA XREF: sub_402EBD+90�w
align 10h
; char String[]
String db 40h dup(?) ; DATA XREF: DialogFunc+52�o
; LONG lDistanceToMove
lDistanceToMove dd ? ; DATA XREF: DialogFunc+36�r
; sub_402C37+10F�r ...
align 8
dword_414C58 dd 1000h dup(?) ; DATA XREF: sub_402EBD:loc_402F7A�o
; sub_402EBD:loc_4030A4�o
dword_418C58 dd 2000h dup(?) ; DATA XREF: sub_402EBD+28�o
dword_420C58 dd 2000h dup(?) ; DATA XREF: sub_402C37+9A�o
; sub_402C37+BB�o ...
; int nDenominator
nDenominator dd ? ; DATA XREF: DialogFunc+3C�r
; sub_402C37+71�w ...
align 10h
; char CommandLine[]
CommandLine dw ? ; DATA XREF: start+20B�o start+217�w ...
align 4
dd 1FDh dup(?)
db 2 dup(?)
dword_42945A dd ? ; DATA XREF: start+255�r
align 10h
; char ExistingFileName[]
ExistingFileName db 400h dup(?) ; DATA XREF: start+210�o
; char pszPath[]
pszPath db 8 dup(?) ; DATA XREF: start+38�o
; sub_404201:loc_404491�o
; HWND dword_429868
dword_429868 dd ? ; DATA XREF: sub_4038DB+B0�r
; sub_4038DB+1BC�w ...
dword_42986C dd ? ; DATA XREF: sub_403ED7+6�r
; sub_403ED7+28�w ...
; char RootPathName[]
RootPathName db 400h dup(?) ; DATA XREF: sub_404201+1CC�o
; INT_PTR nResult
nResult dd ? ; DATA XREF: sub_4038DB+141�w
; sub_4038DB+15B�w ...
align 8
; char dword_429C78[]
dword_429C78 dd 100h dup(?) ; DATA XREF: sub_404201+10C�o
dword_42A078 dd ? ; DATA XREF: sub_4038DB+3C1�w
; sub_403F0B+155�r ...
align 10h
; const CHAR byte_42A080
byte_42A080 db ? ; DATA XREF: sub_404D7E+20�o
; sub_404D7E+C5�w
align 4
dd 1FFh dup(?)
; HWND dword_42A880
dword_42A880 dd ? ; DATA XREF: sub_403542+1E6�w
; sub_403542+210�r ...
; LPARAM lParam
lParam dd ? ; DATA XREF: sub_4046C3+B5�w
; sub_4046C3+C4�r ...
dword_42A888 dd ? ; DATA XREF: sub_403F0B+115�w
; sub_403F0B+149�r ...
dword_42A88C dd ? ; DATA XREF: sub_4038DB+195�w
; sub_4038DB+1E4�w ...
dword_42A890 dd ? ; DATA XREF: sub_404201:loc_40437A�w
; sub_404201+2D2�r ...
; WNDPROC lpPrevWndFunc
lpPrevWndFunc dd ? ; DATA XREF: sub_4046C3+A5�w
; sub_404CBD+AF�r
; HGLOBAL dword_42A898
dword_42A898 dd ? ; DATA XREF: sub_4046C3+78�w
; sub_4046C3+1C4�r ...
; HWND dword_42A89C
dword_42A89C dd ? ; DATA XREF: sub_4038DB+1B0�w
; sub_4038DB:loc_403C20�r ...
; const CHAR byte_42A8A0
byte_42A8A0 db ? ; DATA XREF: sub_403542:loc_403576�o
; sub_403542+54�r ...
align 4
dd 3FFh dup(?)
dword_42B8A0 dd ? ; DATA XREF: sub_401439:loc_40290A�r
; sub_4038DB:loc_403D6B�r ...
align 8
; char byte_42B8A8[]
byte_42B8A8 db 400h dup(?) ; DATA XREF: sub_40531D:loc_40536F�o
; char byte_42BCA8[]
byte_42BCA8 db 400h dup(?) ; DATA XREF: sub_4055C8+6�o
; char byte_42C0A8[]
byte_42C0A8 db 400h dup(?) ; DATA XREF: sub_405723+94�o
; sub_405723+13B�o
; char Buffer[]
Buffer db 400h dup(?) ; DATA XREF: sub_405723:loc_405793�o
; struct _STARTUPINFOA StartupInfo
StartupInfo _STARTUPINFOA <?> ; DATA XREF: sub_405263+9�w
; sub_405263+2B�o
align 10h
; struct _WIN32_FIND_DATAA FindFileData
FindFileData _WIN32_FIND_DATAA <?> ; DATA XREF: sub_405CB0+10�o
; char szShortPath[]
szShortPath dd ? ; DATA XREF: sub_405723+32�w
; sub_405723+43�o
dd 0FFh dup(?)
dword_42CE30 dd ? ; DATA XREF: sub_405D4B+27�w
; sub_405D4B+5A�r
dword_42CE34 dd ? ; DATA XREF: sub_405D4B�r
dd 0FEh dup(?)
dword_42D230 dd ? ; DATA XREF: sub_405DB9+18D�o
; sub_405DB9+1C8�r
dword_42D234 dd ? ; DATA XREF: sub_405DB9+158�o
; sub_405DB9+1C0�r
dword_42D238 dd 8Fh dup(?) ; DATA XREF: sub_405DB9+114�o
; sub_405DB9+148�o ...
dword_42D474 dd 71h dup(?) ; DATA XREF: sub_405DB9:loc_405ED2�o
dword_42D638 dd 18h dup(?) ; DATA XREF: sub_405DB9+122�o
dword_42D698 dd 8 dup(?) ; DATA XREF: sub_405DB9:loc_405EE6�o
dword_42D6B8 dd ? ; DATA XREF: sub_405DB9+13E�o
; sub_4068B0+E8�w ...
dd 11Fh dup(?)
dword_42DB38 dd 220h dup(?) ; DATA XREF: sub_405DB9+14E�o
; sub_405DB9+183�o
byte_42E3B8 db ? ; DATA XREF: sub_405DB9:loc_405EBC�r
; sub_405DB9+1AA�w
align 10h
; const CHAR byte_42E3C0
byte_42E3C0 db ? ; DATA XREF: sub_403542+B0�o
; sub_403542+C4�r ...
; char sz[]
sz db 3 dup(?) ; DATA XREF: sub_403542+D1�o
dd 1FFh dup(?)
; WNDCLASSA WndClass
WndClass WNDCLASSA <?> ; DATA XREF: sub_403542+157�o
; sub_403542+17A�w
; HWND dword_42EBE8
dword_42EBE8 dd ? ; DATA XREF: sub_404D7E+68�r
; sub_404EBC+75�w
dword_42EBEC dd ? ; DATA XREF: sub_401439:loc_40149F�w
; sub_403542+2A3�r ...
; HWND hWnd
hWnd dd ? ; DATA XREF: sub_401439:loc_401587�r
; sub_404EBC+66�w ...
dword_42EBF4 dd ? ; DATA XREF: sub_40136D+5C�r
; sub_404EBC+99�w
; HWND dword_42EBF8
dword_42EBF8 dd ? ; DATA XREF: sub_4038DB+67�r
; sub_4038DB+77�w ...
dword_42EBFC dd ? ; DATA XREF: sub_40380E:loc_403883�w
; sub_403F0B+20�r ...
dword_42EC00 dd ? ; DATA XREF: sub_403542:loc_4037AF�r
; sub_40380E+4D�w ...
; HWND dword_42EC04
dword_42EC04 dd ? ; DATA XREF: sub_401439:loc_4015A0�r
; sub_404D7E+6�r ...
; LONG dwNewLong
dwNewLong dd ? ; DATA XREF: sub_403542+14E�w
; sub_4038DB+1C6�r
; int nNumber
nNumber dd ? ; DATA XREF: sub_40136D+56�w
; sub_40136D+72�r ...
dd 4 dup(?)
; char Caption[]
Caption db 800h dup(?) ; DATA XREF: sub_401000+150�o start+48�o ...
; HMODULE hModule
hModule dd ? ; DATA XREF: sub_402C37+27�r
; sub_402C37+160�r ...
; HWND dword_42F424
dword_42F424 dd ? ; DATA XREF: sub_401000+19�r
; sub_401439+9�r ...
dword_42F428 dd ? ; DATA XREF: sub_401000+39�r
; sub_4012E2+6�r ...
; SIZE_T dwBytes
dwBytes dd ? ; DATA XREF: sub_401439+1327�r
; sub_402C37:loc_402CB5�r ...
dword_42F430 dd ? ; DATA XREF: sub_402C37+242�w
; sub_403542+81�r ...
dword_42F434 dd ? ; DATA XREF: sub_402C37+249�w
; start+16B�r
align 10h
dword_42F440 dd ? ; DATA XREF: sub_402C37+273�o
; sub_4038DB+1F6�r
dword_42F444 dd ? ; DATA XREF: sub_4038DB+9E�r
; sub_4038DB+25D�r ...
dword_42F448 dd ? ; DATA XREF: sub_40117D+4�r
; sub_4011EF+12�r ...
dword_42F44C dd ? ; DATA XREF: sub_40117D+22�r
; sub_40117D+64�r ...
dword_42F450 dd ? ; DATA XREF: sub_40136D+C�r
align 8
dword_42F458 dd ? ; DATA XREF: sub_403542+AB�r
; sub_403F0B:loc_403F3C�r ...
align 10h
dword_42F460 dd ? ; DATA XREF: sub_40380E+2E�r
dword_42F464 dd ? ; DATA XREF: sub_40380E:loc_403822�r
dword_42F468 dd ? ; DATA XREF: sub_401439:loc_401D13�r
dd 3 dup(?)
dword_42F478 dd ? ; DATA XREF: sub_402EBD+36�r
align 10h
dword_42F480 dd ? ; DATA XREF: sub_4046C3+59�w
; sub_4046C3+44D�w
dd 7 dup(?)
dword_42F4A0 dd ? ; DATA XREF: sub_401439+111�w
; sub_401439+141�r ...
dword_42F4A4 dd ? ; DATA XREF: sub_402B61+8�r
; sub_4059FD:loc_405B2A�r
dword_42F4A8 dd ? ; DATA XREF: sub_401439:loc_4018C2�w
; sub_401439+14F9�w ...
dword_42F4AC dd ? ; DATA XREF: sub_4038DB+132�r
; sub_4038DB+2CD�r ...
dword_42F4B0 dd ? ; DATA XREF: sub_405723:loc_405895�w
dword_42F4B4 dd ? ; DATA XREF: sub_401439:loc_40229D�w
; start:loc_40346A�r
align 10h
dword_42F4C0 dd ? ; DATA XREF: sub_402C37+23B�w
; sub_403542+202�r ...
dword_42F4C4 dd ? ; DATA XREF: sub_404201+2A3�w
dword_42F4C8 dd ? ; DATA XREF: sub_40380E+56�w
; sub_4052DB:loc_4052F5�r
dword_42F4CC dd ? ; DATA XREF: start:loc_403322�w
; start:loc_403505�r
dword_42F4D0 dd ? ; DATA XREF: sub_401439+BB4�r start+27�w ...
_data ends
; Section 4. (virtual address 00030000)
; Virtual size : 00008000 ( 32768.)
; Section size in file : 00000000 ( 0.)
; Offset to raw data for section: 00000000
; Flags C0000080: Bss Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Uninitialized
; Segment permissions: Read/Write
_ndata segment para public 'BSS' use32
assume cs:_ndata
;org 430000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
; char dword_430000[]
dword_430000 dd 1400h dup(?) ; DATA XREF: sub_40136D+2E�o
; sub_401439+29�o ...
; const CHAR byte_435000
byte_435000 db ? ; DATA XREF: sub_403132+28�o
; start:loc_4031F6�o ...
byte_435001 db 3 dup(?) ; DATA XREF: start+C6�o
dd 0FFh dup(?)
; const CHAR byte_435400
byte_435400 db ? ; DATA XREF: sub_401439:loc_402721�o
; start+155�o ...
align 4
dd 0FFh dup(?)
; char CurrentDirectory[]
CurrentDirectory db 400h dup(?) ; DATA XREF: sub_401439+204�o
; sub_401439:loc_4017CA�o ...
; char szStart[]
szStart db 400h dup(?) ; DATA XREF: sub_402C37+1A�o
; char dword_436000[]
dword_436000 dd ? ; DATA XREF: sub_403542+28�o
; sub_403542+39�w ...
dd 0FFh dup(?)
; char PathName[]
PathName db 400h dup(?) ; DATA XREF: sub_403132+1�o start+52�o
; char dword_436800[]
dword_436800 dd 200h dup(?) ; DATA XREF: sub_40351D+1A�o
; char dword_437000[]
dword_437000 dd 400h dup(?) ; DATA XREF: sub_4038DB+290�o
_ndata ends
end start